Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
1
Replies

Lock Down IP-MAC-Physical Interface binding on ASA 5505?

luke.o'hare
Level 1
Level 1

‎04-18-2009 02:42 AM

Hi,

Is it possible to lock down an IP-MAC-Physical Interface binding similar to using port security or IP source guard on the physical ports of the ASA 5505? This is to prevent spoofing, man in the middle attacks and the connection of unauthorised devices.

I have tried making static MAC entries however this does not seem to be supported on the ASA 5505. I have also looked into the IP spoofing feature however this seems to be more for spoofing between VLANs (zones) than per physical interface.

Any suggestions will be greatly appreciated.

Cheers

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎04-20-2009 10:15 AM

AFAIK - this is not available, but you could configure Unicast Reverse Path Filtering, to mitigate spoofing etc.

HTH>

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents