Dynamic arp entry, Static arp entry, Configuring arp in the web interface – H3C Technologies H3C SecPath F1000-E User Manual

244

Dynamic ARP entry

ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging

timer expires or the output interface goes down, and it can be overwritten by a static ARP entry.

Static ARP entry

A static ARP entry is manually configured and maintained. It does not age out, and cannot be overwritten

by a dynamic ARP entry.
Static ARP entries protect communication between devices, because attack packets cannot modify the
IP-to-MAC mapping in a static ARP entry.
Static ARP entries can be classified into long and short ARP entries.

•

To configure a long static ARP entry, specify the IP address, MAC address, VLAN, and output
interface. A long static ARP entry is directly used for forwarding matching packets.

•

To configure a short static ARP entry, you only need to specify the IP address and MAC address.

{

If the outbound interface is a Layer 3 Ethernet interface, the short ARP entry can be directly used
for forwarding data.

{

If the outbound interface is a VLAN interface, the firewall first sends an ARP request whose
target IP address is the IP address of the short entry. If the sender IP and MAC addresses in the

received ARP reply match the IP and MAC addresses of the short static ARP entry, the firewall
adds the interface receiving the ARP reply to the short static ARP entry, and then uses the

resolved entry to forward the matching IP packets.

NOTE:

Usually ARP dynamically resolves IP addresses to MAC addresses, without manual intervention.

Configuring ARP in the web interface

Displaying ARP entries

Select Firewall > ARP Management > ARP Table from the navigation tree to enter the page shown

in

Figure 152

. All ARP entries are displayed on the page.

Figure 152 ARP table configuration page