Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
0
Helpful
11
Replies

PIX 515e MAC to IP

muhammadaliraja
Level 1
Level 1

‎10-06-2012 11:41 PM - edited ‎03-11-2019 05:05 PM

Hi,

I have the following network.

2 WAN links termination on my PIX 515e and all internal users connected to third interface.

Problem I am facing is that I have assign manual IP to users with some have full access to Internet while others have limited.

The users are changing their IP address while others are offline and I want to restrict them.

The only way I can think off is by binding IP to MAC as e.g ( Active wall software). But can it be done on PIX 515e and if so how ???

Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
11 Replies 11

Harish Balakrishnan
Spotlight
Spotlight

‎10-07-2012 12:02 AM

Hello Ali,

I am not sure the OS version you running on your PIX515E, but this can be done with the following command

arp interface_name ip_address mac_address

example :

arp inside 1.1.1.1 abcd.0001.1111

Hope this helps

Harish

Please rate all helpful posts!

0 Helpful

muhammadaliraja
Level 1
Level 1
In response to Harish Balakrishnan

‎10-07-2012 02:43 AM

Thanks for the reply.

I will try this tomorrow.

Sent from Cisco Technical Support iPad App

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Harish Balakrishnan

‎10-07-2012 11:13 AM

Hi,

you have to to enable arp inspection before: arp-inspection inside enable

But you'll have to do this for all users so it's not very scalable.Why not simply put a GPO that refrains users from changing their TCP/IP setting from DHCP to static ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

muhammadaliraja
Level 1
Level 1
In response to cadet alain

‎10-07-2012 10:27 PM

Dear Alain

I am in routed mode of PIX not in Transparent mode so  ARP-INSPECTION will not work.

any other suggestion !!

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to muhammadaliraja

‎10-08-2012 01:06 AM

Hi,

What type of switches have you got inside ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

muhammadaliraja
Level 1
Level 1
In response to cadet alain

‎10-08-2012 03:14 AM

Dear Mr. Alain

I got 8 WIFI linksys E4200 bridge mode terminating on 3Com 3250 switch.

But the 3250 doesnot support IP to MAC binding. only port security which is useless as I hav users connecting through Wifi rather than individually connected to physical ports of the switches.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to muhammadaliraja

‎10-08-2012 03:26 AM

Hi,

ok so are the hosts Windows hosts or linux hosts?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

muhammadaliraja
Level 1
Level 1
In response to cadet alain

‎10-08-2012 03:30 AM

Hi,

Windows Hosts and no AD.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to muhammadaliraja

‎10-08-2012 04:02 AM

Hi,

ok so you could add a local GPO policy on each hosts.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

muhammadaliraja
Level 1
Level 1
In response to cadet alain

‎10-08-2012 08:47 AM

I could but I want to do this via PIX if possible.

Sent from Cisco Technical Support iPad App

0 Helpful

muhammadaliraja
Level 1
Level 1
In response to Harish Balakrishnan

‎10-07-2012 10:26 PM

Dear Harish,

As per your tip, it adds another ARP of same MAC and now their are two ARP of same MAC.

The concept was to stop dynamic updation of ARP and allow only static or defined ARP table or IP to MAC binding.

Issue remains unsloved.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card