Re: PIX ARP entries...

mowtnman · ‎02-19-2004

I need to know how to permanently enter in an IP-to-MAC address in the PIX's ARP table. I know that I can change the amount of time that the entry stays in the table from the default, but I need to know how to make it stay in there until manually removed...

Any ideas?

mostiguy · ‎02-19-2004

arp interfacename ipaddress macaddress

i.e, :

arp inside 1.1.1.1 aaaa.aaaa.aaaa

mowtnman · ‎02-19-2004

Thanks for the reply but that is not a permanent entry. The entry will on remain in there until the ARP table times out...

A member of TAC gave me a handle or option that would allow the entry to bypass the ARP table timeout.

Does anyone know how to do this?

d-garnett · ‎02-19-2004

are you sure? a static arp entry should stick. once you save it, it should be stored in nvram as part of the startup config. as far as i am aware only dynamically learned arp entries will time out. i have never had a problem with this as i have used this with on pix firewalls that are connected to the Internet in which this customer wants no external to internal access (not even icmp echo packets)

there was once a problem with that. it was fixed in like FOS 4.4

bug ID CSCds77371

mowtnman · ‎02-20-2004

Yes , I am sure... I think the default is like 14440 seconds (not positive thought). About every 4 hours the static arp entry disappears ..

I had an issue similar to this a couple years ago and there was this advanced option that the TAC rep recommended (which did work)...