https://community.cisco.com/t5/network-security/lock-down-ip-mac-physical-interface-binding-on-asa-5505/m-p/1237382#M860727 <HTML><HEAD></HEAD><BODY><P>Luke, beside Vikran suggestions, Im not aware you can lock down macs for the builtin switch in asa5505 as you would with switches at the port level for 802.1x port security, there are however other strategies to prevent ip spoofing by using uRPF.</P><P></P><P>have a look here </P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml</A></P><P></P><P>HTH</P></BODY></HTML> Sat, 18 Apr 2009 15:41:13 GMT JORGE RODRIGUEZ 2009-04-18T15:41:13Z https://community.cisco.com/t5/network-security/lock-down-ip-mac-physical-interface-binding-on-asa-5505/m-p/1237380#M860725 <P>Hi,</P><P></P><P>Is it possible to lock down an IP-MAC-Physical Interface binding similar to using port security or IP source guard on the physical ports of the ASA 5505? This is to prevent spoofing, man in the middle attacks and the connection of unauthorised devices on physical interfaces that will be patched to publicly accessible wall jacks.</P><P></P><P>I have tried making static MAC entries however this does not seem to be supported on the ASA 5505. I have also looked into the IP spoofing feature however this seems to be more for spoofing between VLANs (zones) than per physical interface.</P><P></P><P>Any suggestions will be greatly appreciated. </P><P></P><P>Cheers</P> Mon, 11 Mar 2019 15:20:17 GMT https://community.cisco.com/t5/network-security/lock-down-ip-mac-physical-interface-binding-on-asa-5505/m-p/1237380#M860725 luke.o'hare 2019-03-11T15:20:17Z https://community.cisco.com/t5/network-security/lock-down-ip-mac-physical-interface-binding-on-asa-5505/m-p/1237381#M860726 <HTML><HEAD></HEAD><BODY><P>IP-MAC mappings are possible in transparent mode but not in routed mode.</P><P></P><P>You might have move mac-ip bindings to your switches I suppose</P></BODY></HTML> Sat, 18 Apr 2009 13:17:29 GMT https://community.cisco.com/t5/network-security/lock-down-ip-mac-physical-interface-binding-on-asa-5505/m-p/1237381#M860726 vikram_anumukonda 2009-04-18T13:17:29Z https://community.cisco.com/t5/network-security/lock-down-ip-mac-physical-interface-binding-on-asa-5505/m-p/1237382#M860727 <HTML><HEAD></HEAD><BODY><P>Luke, beside Vikran suggestions, Im not aware you can lock down macs for the builtin switch in asa5505 as you would with switches at the port level for 802.1x port security, there are however other strategies to prevent ip spoofing by using uRPF.</P><P></P><P>have a look here </P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml</A></P><P></P><P>HTH</P></BODY></HTML> Sat, 18 Apr 2009 15:41:13 GMT https://community.cisco.com/t5/network-security/lock-down-ip-mac-physical-interface-binding-on-asa-5505/m-p/1237382#M860727 JORGE RODRIGUEZ 2009-04-18T15:41:13Z