Add a Static MAC Address and Disable MAC Learning for a Bridge Group
Normally, MAC addresses are added to the MAC address table dynamically as traffic from a particular MAC address enters an interface. You can disable MAC address learning; however, unless you statically add MAC addresses to the table, no traffic can pass through the threat defense device. You can also add static MAC addresses to the MAC address table. One benefit to adding static entries is to guard against MAC spoofing. If a client with the same MAC address as a static entry attempts to send traffic to an interface that does not match the static entry, then the threat defense device drops the traffic and generates a system message. When you add a static ARP entry (see Add a Static ARP Entry), a static MAC address entry is automatically added to the MAC address table.
Before you begin
This screen is only available for named BVIs in transparent mode.
Procedure
Step 1 | Select Edit () for your threat defense device. The Interfaces page is selected by default. and click |
Step 2 | Click Edit () for the interface you want to edit. |
Step 3 | Click the Advanced tab, and then click the ARP and MAC tab. |
Step 4 | (Optional) Disable MAC learning by unchecking the Enable MAC Learning check box. |
Step 5 | To add a static MAC address, click Add MAC Config. The
Add MAC
Config dialog box appears.
|
Step 6 | In the MAC Address field, enter the MAC address of the host; for example, 00e0.1e4e.3d8b. Click OK. |
Step 7 | Click OK to exit the Advanced settings. |
Step 8 | Click Save. You can now go to and deploy the policy to assigned devices. The changes are not active until you deploy them. |