3Com 3C13636 Configuration Manual page 414

3Com Router 3000 Ethernet Family
Configuration Guide
During ARP translation, the ARP cache is searched at first. If no match is found, the
ARP table is searched.
ARP table
An ARP table keeps the mappings between IP addresses and physical addresses. A
mapping can be generated dynamically, statically, or by any other way. Each device
maintains an ARP table.
The fields of the ARP table are IF index, physical address, IP address, and type.
ARP ping
The aging of authorized ARP is implemented by a mechanism called ARP ping. By
periodically sending an ARP request to the IP address of a client recorded in an
authorized ARP entry, ARP ping can detect whether the client is down. Whenever
receiving an ARP response, whether the response is triggered by ARP ping or not,
authorized ARP refreshes the aging time of the entry. ARP ping provides the DHCP
server an initiative client status inquiry mechanism, enabling the DHCP server to detect
offline clients in a shorter period of time and release the resources assigned to them.
Authorized ARP entry
Authorized ARP entry is a kind of special entry. An authorized ARP entry is also added
into the ARP table of the device, and has the features of the static ARP entry and the
dynamic ARP entry. An authorized ARP entry has a higher priority than a dynamic ARP
entry for the same mapping; a new authorized ARP entry overrides a dynamic ARP
entry, while a new dynamic ARP entry cannot override an authorized ARP entry. At the
same time, an authorized ARP entry has a lower priority than a static ARP entry for the
same mapping; a new authorized ARP entry cannot override a static ARP entry, while a
new static ARP entry overrides an authorized ARP entry.
The aging mechanism of authorized ARP is similar to that of dynamic ARP; they
determine whether an entry needs to be aged by recording and refreshing the aging
time of the entry. The aging of an authorized ARP entry is implemented by ARP ping,
which is independent of the aging of a dynamic ARP entry.
The default aging time of an authorized ARP entry is the time that three ARP ping
operations takes when no responses are received. Since the ARP ping interval is 30
seconds, the default aging time of an authorized ARP entry is 90 seconds. If no
response is received for an authorized ARP entry or if the DHCP server fails to update
the entry by re-adding the entry for example, after 90 seconds elapse, the entry ages
out. The DHCP server is then notified of this.
An authorized ARP entry can be removed manually or automatically by the DHCP
server.
ARP security
For the sake of security, authorized ARP provides the ARP security function to disable
dynamic ARP learning. When you enable this function, only static ARP entries and
3Com Corporation
2-8
Chapter 2 ARP Configuration