Cisco Systems OL-16647-01 ARP Static Table

30-3

Cisco ASDM User Guide

OL-16647-01

Chapter 30 Configuring ARP Inspection and Bridging Parameters

Configuring ARP Inspection

Modes

The following table shows the modes in which this feature is available:

ARP Static Table

Although hosts identify a packet destination by an IP address, the actual delivery of the packet on

Ethernet relies on the Ethernet MAC address. When a router or host wants to deliver a packet on a

directly connected network, it sends an ARP request asking for the MAC address associated with the

IP address, and then delivers the packet to the MAC address according to the ARP response. The host or

router keeps an ARP table so it does not have to send ARP requests for every packet it needs to deliver.

The ARP table is dynamically updated whenever ARP responses are sent on the network, and if an entry

is not used for a period of time, it times out. If an entry is incorrect (for example, the MAC address

changes for a given IP address), the entry times out before it can be updated.

Note The transparent firewall uses dynamic ARP entries in the ARP table for traffic to and from the security

appliance, such as management traffic.

The ARP Static Table panel lets you add static ARP entries that map a MAC address to an IP address for

a given interface. Static ARP entries do not time out, and might help you solve a networking problem.

Fields

• Interface—Shows the interface attached to the host network.

• IP Address—Shows the host IP address.

• MAC Address—Shows the host MAC address.

• Proxy ARP—Shows whether the security appliance performs proxy ARP for this address. If the

security appliance receives an ARP request for the specified IP address, then it responds with the

specified MAC address.

• Add—Adds a static ARP entry.

• Edit—Edits a static ARP entry.

• Delete—Deletes a static ARP entry.

• ARP Timeout—Sets the amount of time before the security appliance rebuilds the ARP table,

between 60 to 4294967 seconds. The default is 14400 seconds. Rebuilding the ARP table

automatically updates new host information and removes old host information. You might want to

reduce the timeout because the host information changes frequently. Although this parameter

appears on the ARP Static Table panel, the timeout applies to the dynamic ARP table.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

— • • •—