404
Fixed ARP allows the device to change the existing dynamic ARP entries (including those generated
through ARP automatic scanning) into static ARP entries. The fixed ARP feature effectively prevents
ARP entries from being modified by attackers.
Use both ARP automatic scanning and fixed ARP in small-scale networks such as a cybercafe.
Configuration guidelines
When you configure ARP automatic scanning and fixed ARP, follow these guidelines:
• IP addresses existing in ARP entries are not scanned.
• ARP automatic scanning might take some time. To stop an ongoing scan, press Ctrl + C.
Dynamic ARP entries are created based on ARP replies received before the scan is terminated.
• The static ARP entries changed from dynamic ARP entries have the same attributes as the
manually configured static ARP entries.
• Use the arp fixup command to change the existing dynamic ARP entries into static ARP entries.
You can use this command again to change the dynamic ARP entries learned later into static
ARP entries.
• The number of static ARP entries changed from dynamic ARP entries is restricted by the
number of static ARP entries that the device supports. As a result, the device might fail to
change all dynamic ARP entries into static ARP entries.
• To delete a specific static ARP entry changed from a dynamic one, use the undo arp ip-address
[ vpn-instance-name ] command. To delete all such static ARP entries, use the reset arp all or
reset arp static command.
Configuration procedure
To configure ARP automatic scanning and fixed ARP:
Step Command
1. Enter system view.
system-view
2. Enter interface view.
interface
interface-type interface-number
3. Enable ARP automatic scanning.
arp scan
[ start-ip-address
to
end-ip-address ]
4. Return to system view.
quit
5. Enable fixed ARP.
arp fixup
To Next Page
Loading...
Need help?
General
