Static ARP allows a network administrator to manually create the fixed mappings between IP and MAC addresses. Static ARP entries cannot be aged or overwritten by dynamic ARP entries, ensuring system security.
Short static ARP entries
A network administrator manually creates the mappings between IP and MAC addresses without specifying any VLAN and outbound interface.
If the outbound interface is a Layer 2 Ethernet interface, short static ARP entries cannot be directly used to forward packets.
To forward a packet, the device has to send an ARP Request packet first. If the source IP and MAC addresses in the received ARP Reply packet are the same as those in the configured static ARP entry, the device adds the VLAN and interface that receive the ARP Reply packet to this static ARP entry. The device can use this static ARP entry to forward subsequent packets.
Long static ARP entries
A network administrator manually creates the mappings between IP and MAC addresses, and also specifies VLANs and outbound interfaces through which the device sends packets.
Long static ARP entries can be directly used to forward packets and are therefore recommended.
In most cases, devices on a network can use ARP to dynamically learn ARP entries and age or update the generated dynamic ARP entries. However, when a network encounters an ARP attack, the dynamic ARP entries may be incorrectly updated or aged. As a result, the communication between authorized users becomes abnormal.
Static ARP entries can be neither aged nor overwritten by dynamic ARP entries, ensuring communication security. If a static ARP entry is configured on a device, the device can communicate with the peer device using only the specified MAC address. Network attackers cannot modify the mapping between the IP and MAC addresses using ARP packets, ensuring communication between the two devices. Static ARP entries are generally configured on gateways.