ARP table
An ARP table stores dynamic and static ARP entries.
Dynamic ARP entry
ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging timer expires or the output interface goes down, and it can be overwritten by a static ARP entry.
Static ARP entry
A static ARP entry is manually configured and maintained. It does not age out, and cannot be overwritten by a dynamic ARP entry.
Static ARP entries protect communication between devices, because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry.
Static ARP entries can be classified into long, short, and multi-port ARP entries.
To configure a long static ARP entry, specify the IP address, MAC address, VLAN, and output interface. A long static ARP entry is directly used for forwarding matching packets. To allow communication with a host using a fixed IP-to-MAC mapping through a specific interface in a specific VLAN, configure a long static ARP entry for it.
To configure a short static ARP entry, you only need to specify the IP address and MAC address.
If the output interface is a Layer 3 Ethernet port, the short ARP entry can be directly used for forwarding matching packets.
If the output interface is a VLAN interface, the device first sends an ARP request whose target IP address is the IP address of the short entry. If the sender IP and MAC addresses in the received ARP reply match the IP and MAC addresses of the short static ARP entry, the device adds the interface receiving the ARP reply to the short static ARP entry, and then uses the resolved entry to forward the matching IP packets.
To communicate with a host by using a fixed IP-to-MAC mapping, configure a short static ARP entry for it.
A multiport ARP entry is generated when the MAC address in a short static ARP entry is the same as that in a multicast MAC address entry. A device can use the multiport ARP entry to send IP packets throughout multiple ports.