HP VPN Firewall Appliances Network Management Configuration Guide
245
Dynamic ARP entry
ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging
timer expires or the output interface goes down, and it can be overwritten by a static ARP entry.
Static ARP entry
A static ARP entry is manually configured and maintained. It does not age out, and cannot be overwritten
by a dynamic ARP entry.
Static ARP entries protect communication between devices, because attack packets cannot modify the
IP-to-MAC mapping in a static ARP entry.
Static ARP entries include long and short ARP entries.
• To configure a long static ARP entry, specify the IP address, MAC address, VLAN, and output
interface. A long static ARP entry is directly used for forwarding matching packets. To communicate
with a host by using a fixed IP-to-MAC mapping through a specific interface in a specific VLAN,
configure a long static ARP entry on the device.
• To configure a short static ARP entry, you only need to specify the IP address and MAC address.
{ If the output interface is a Layer 3 Ethernet interface, the short ARP entry can be directly used to
forward matching packets.
{ If the output interface is a VLAN interface, the device first sends an ARP request whose target IP
address is the IP address of the short entry. If the sender IP and MAC addresses in the received
ARP reply match the IP and MAC addresses of the short static ARP entry, the device adds the
interface receiving the ARP reply to the short static ARP entry, and then uses the resolved entry
to forward the matching IP packets.
To communicate with a host by using a fixed IP-to-MAC mapping, configure a short static ARP
entry on the device.
Configuring ARP in the Web interface
Displaying ARP entries
From the navigation tree, select Firewall > ARP Management > ARP Table to enter the page shown
in Figure 160.
This page displays all ARP entri
es.
Figure 160 ARP Table configuration page