Arp table, Dynamic arp entry, Static arp entry – H3C Technologies H3C SecBlade NetStream Cards User Manual
Page 130: Configuring arp, Configuring a static arp entry
115
3.
If the gateway maintains the ARP entry of Host B, it forwards the packet to Host B directly; if not,
it broadcasts an ARP request, in which the target IP address is the IP address of Host B.
4.
After obtaining the MAC address of Host B, the gateway sends the packet to Host B.
ARP table
After obtaining a host’s MAC address, the device adds the IP-to-MAC mapping into its own ARP table.
This mapping is used for forwarding packets with the same destination in future.
An ARP table contains dynamic and static ARP entries.
Dynamic ARP entry
A dynamic entry is automatically created and maintained by ARP. It can age out, be updated by a new
ARP packet, or be overwritten by a static ARP entry. A dynamic ARP entry is removed when its age timer
expires or the interface goes down.
Static ARP entry
A static ARP entry is manually configured and maintained. It does not age out or cannot be overwritten
by any dynamic ARP entry.
Static ARP entries protect communication between devices, because attack packets cannot modify the
IP-to-MAC mapping in a static ARP entry.
Static ARP entries can be classified into long and short ARP entries.
•
A long static ARP entry can be used to forward packets directly, because it includes not only the IP
address and MAC address, but also a configured VLAN and outbound interface.
•
A short static ARP entry includes only an IP address and a MAC address configured. If the outbound
interface is a Layer 3 Ethernet interface, the short ARP entry can be directly used for forwarding
data; if the outbound interface is a VLAN interface, it cannot be directly used for forwarding data.
If a short static ARP entry matches an IP packet to be forwarded, the device sends an ARP request
first. If the sender IP and MAC addresses in the received ARP reply are the same as those in the short
static ARP entry, the device adds the interface receiving the ARP reply to the short static ARP entry.
Then the entry can be used for forwarding IP packets.
NOTE:
•
Usually ARP dynamically generates ARP entries without manual intervention.
•
To allow communication with a device by using a fixed IP-to-MAC mapping, configure a short static ARP
entry for it. To allow communication with a device through a specific interface in a specific VLAN by
using a fixed IP-to-MAC mapping, configure a long static ARP entry for it.
Configuring ARP
Configuring a static ARP entry
A static ARP entry is effective when the device it corresponds to works normally. However, when a VLAN
or VLAN interface is deleted, any static ARP entry corresponding to it will also be deleted (if it is a long
static ARP entry) or will become unresolved (if it is a short and resolved static ARP entry).