Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

46-6

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 46 Configuring Bridging Policies on Firewall Devices

Managing the IPv6 Neighbor Cache

Add/Edit ARP Inspection Dialog Box

Use the Add/Edit ARP Inspection dialog box to enable or disable ARP inspection for a transparent

firewall interface.

Navigation Path

You can access the Add/Edit ARP Inspection dialog box from the ARP Inspection page. For more

information about the ARP Inspection page, see ARP Inspection Page, page 46-5.

Related Topics

• About Bridging on Firewall Devices, page 46-1

• ARP Inspection Page, page 46-5

Field Reference

Managing the IPv6 Neighbor Cache

Use the IPv6 Neighbor Cache page to manage static IPv6 neighbor entries that map a MAC address to

an IPv6 address, and identify the interface through which the neighbor host is reached, to provide

address-resolution functions for IPv6. This is available on ASA 7.0+ devices only.

Flood Enabled Indicates whether packets that do not match any element of a static

ARP entry should be flooded out all interfaces except the originating

interface. If there is a mismatch between the MAC address, the IP

address, or the interface, the security appliance drops the packet. If you

do not select this check box, all non-matching packets are dropped.

Note The dedicated management interface, if present, never floods

packets even if this parameter is set to flood.

Table 46-3 ARP Inspection Page (Continued)

Element Description

Table 46-4 Add/Edit ARP Inspection dialog box

Element Description

Interface The name of the interface for which you are enabling or disabling ARP

inspection.

Enable ARP Inspection on

this interface

When selected, enables ARP inspection on the specified interface.

Flood ARP packets When selected, packets that do not match any element of a static ARP

entry are flooded out all interfaces except the originating interface. If

there is a mismatch between the MAC address, the IP address, or the

interface, the security appliance drops the packet. If you do not select

this check box, all non-matching packets are dropped.

Note The dedicated management interface, if present, never floods

packets even if this parameter is set to flood.

previous next