Configuring Static ARP

Static ARP entries record the fixed mapping between IP and MAC addresses. They are configured manually.

Prerequisites

Before configuring ARP, complete the following tasks:

Configuring the link layer protocol parameters for the interface and ensuring that the status of the link layer protocol on the interface is Up
Configuring the network layer protocol for the interface

Context

A static ARP entry is manually added. It does not age and cannot be overwritten by a dynamic ARP entry. Static ARP entries are valid provided that the device works properly.

Static ARP entries improve communication security. Static ARP entries ensure communication between a local device and a specified device using the specified MAC address. Attack packets cannot modify the mapping between IP and MAC addresses in static ARP entries.

Static ARP is used in the following situations:

For the packets whose destination IP address is on another network segment, static ARP can help these packets traverse a gateway of the local network segment so that the gateway can forward the packets to their destination.
When you need to filter out some packets with illegitimate destination IP addresses, static ARP can bind these illegitimate addresses to a nonexistent MAC address.

If static ARP and the Virtual Router Redundancy Protocol (VRRP) are enabled on a device simultaneously, the virtual IP address of the VRRP backup group configured on the VLANIF interface cannot be the IP address contained in the static ARP entries; otherwise, incorrect host routes are generated and packets cannot be normally forwarded.

Static ARP entries keep valid when a device works normally.

Configuring Common Static ARP Entries

Access the system view.
```
system-view
```
Configure common static ARP entries.
```
arp static ip-address mac-address 
```

Configuring Static ARP Entries in a VLAN

Access the system view.
```
system-view
```
Configure static ARP entries in a Virtual Local Area Network (VLAN).
Configure static ARP entries in a VLAN:
- Run the arp static ip-address mac-address [ vid vlan-id interface interface-type interface-number ] command.
  
  It is required to set parameters vid vlan-id and interface interface-type interface-number when you configure static ARP entries in the VLAN.
  
  If the interface corresponding to the VLAN is bound to a Virtual Private Network (VPN), the device can automatically associate the configured static ARP entry with the VPN. This command is applicable to port-based VLANs.
- Run the arp static ip-address mac-address [ vpn-instance vpn-instance-name ] vid vlan-id command.

Configuring Static ARP Entries in a VPN Instance

Access the system view.
```
system-view
```

Configure static ARP entries in a VPN instance.

arp static ip-address mac-address vpn-instance vpn-instance-name

Checking the Configurations

Run the display arp vpn-instance vpn-instance-name slot slot-id [ dynamic | static ] command to check information about ARP mapping tables based on VPN instances.
Run the display arp statistics { all | interface interface-type interface-number } command to check the statistics for ARP entries.