Arp table, Dynamic arp entry, Static arp entry – H3C Technologies H3C SecPath F1000-E User Manual

3

ARP Table

After obtaining the MAC address of a host, the device puts the IP-to-MAC mapping into its own ARP table.

This mapping is used for forwarding packets with the same destination in future.
An ARP table contains ARP entries, which fall into one of two categories: dynamic or static.

Dynamic ARP entry

A dynamic entry is automatically created and maintained by ARP. It can get aged, be updated by a new

ARP packet, or be overwritten by a static ARP entry. When the aging timer expires or the interface goes
down, the corresponding dynamic ARP entry will be removed.

Static ARP entry

A static ARP entry is manually configured and maintained. It cannot get aged or be overwritten by a

dynamic ARP entry.
Using static ARP entries enhances communication security. After a static ARP entry is specified, only a

specific MAC address is associated with the specified IP address. Attack packets cannot modify the

IP-to-MAC mapping. Thus, communications between devices are protected.
Static ARP entries can be classified into long and short.

•

A long static ARP entry can be directly used to forward packets. When configuring a long static
ARP entry, you must configure a VLAN and an outbound interface for the entry besides the IP

address and the MAC address.

•

A short static ARP entry has only an IP address and a MAC address configured. If the outbound
interface is a Layer 3 Ethernet interface, the short ARP entry can be directly used for forwarding

data; if the outbound interface is a VLAN interface, it cannot be directly used for forwarding data.

If a short static ARP entry matches an IP packet to be forwarded, the device sends an ARP request

first. If the sender IP and MAC addresses in the received ARP reply are the same as those in the short

static ARP entry, the device adds the interface receiving the ARP reply to the short static ARP entry.
Then the entry can be used for forwarding IP packets.

NOTE:
•

Usually ARP dynamically resolves IP addresses to MAC addresses, without manual intervention.

•

To allow communication with a device using a fixed IP-to-MAC mapping, configure a short static ARP
entry for it. To allow communication with a device through a specific interface in a specific VLAN and

using a fixed IP-to-MAC mapping, configure a long static ARP entry for it.

Configuring ARP

Configuring a Static ARP Entry

A static ARP entry is effective when the device works normally. However, when a VLAN or VLAN

interface to which a static ARP entry corresponds is deleted, the entry, if long, will be deleted, and if short

and resolved, will become unresolved.
Follow these steps to configure a static ARP entry:

To do…

Use the command…

Remarks

Enter system view

system-view

—