No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Configuration Guide - IP Service
S1720, S2700, S5700, and S6720 V200R011C10

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DHCP policy VLAN, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel, and IPv4 over IPv6 tunnel.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Static ARP

Static ARP

Definition

Static ARP allows a network administrator to create fixed mapping between IP and MAC addresses. Static ARP entries cannot be aged or overwritten by dynamic ARP entries, ensuring system security.

Purpose

Dynamic ARP can leave networks vulnerable to ARP spoofs or attacks (when malicious devices send falsified ARP messages to link an attacker's MAC address with the IP address of a legitimate device). As a result, ARP entries may be incorrectly learned. However, if a static ARP entry is configured on a device, the device can communicate with the peer device using only the specified MAC address. Network attackers cannot modify the mapping between the IP and MAC addresses using ARP packets, ensuring communication between the two devices.

Category

Static ARP entries are classified into short and long entries.
  • Short static ARP entries

    A network administrator creates the mapping between IP and MAC addresses without specifying any VLAN and outbound interface.

    If the outbound interface is a Layer 2 Ethernet interface, short static ARP entries cannot be directly used to forward packets. To send a packet, the device has to send an ARP Request packet first.

    If the source IP and MAC addresses in the received ARP Reply packet are the same as those in the configured static ARP entry, the device adds the VLAN and interface that receive the ARP Reply packet to this static ARP entry. The device can use this static ARP entry to forward subsequent packets.

  • Long static ARP entries

    A network administrator creates mapping between IP and MAC addresses, and also specifies VLANs and outbound interfaces through which the device sends packets.

    Long static ARP entries can be directly used to forward packets and are therefore recommended.

Usage Scenario

Static ARP entries are applicable when:
  • Networks contain critical devices such as servers. Network attackers cannot update the ARP entries containing IP addresses of the critical devices on the switch using ARP attack packets, ensuring communication between users and the critical devices.
  • Networks contain user devices with multicast MAC addresses. By default, a device does not learn ARP entries when the source MAC addresses of received ARP packets are multicast MAC addresses.
  • A network administrator wants to prevent an IP address from accessing devices. The network administrator binds the IP address to an unavailable MAC address.
Translation
Download
Updated: 2020-02-26

Document ID: EDOC1000178170

Views: 275191

Downloads: 1029

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next