Configuring Arp Automatic Scanning And Fixed Arp; Configuration Guidelines; Configuration Procedure - HP VSR1000 Security Configuration Manual

Configuring ARP automatic scanning and fixed ARP

ARP automatic scanning is usually used together with the fixed ARP feature in small-scale networks such
as a cybercafe.
With ARP automatic scanning enabled on an interface, the device automatically scans neighbors on the
interface, sends ARP requests to the neighbors, obtains their MAC addresses, and creates dynamic ARP
entries.
Fixed ARP allows the device to convert existing dynamic ARP entries (including those generated through
ARP automatic scanning) to static ARP entries. The fixed ARP feature prevents ARP entries from being
modified by attackers. Static ARP entries can also be manually configured by the arp static command.

Configuration guidelines

When you configure ARP automatic scanning and fixed ARP, follow these guidelines:
IP addresses existing in ARP entries are not scanned.
•
• ARP automatic scanning might take some time. To stop an ongoing scan, press Ctrl + C. Dynamic
ARP entries are created based on ARP replies received before the scan is terminated.
The arp fixup command is a one-time operation and converts existing dynamic ARP entries to static
•
ones.
The device has a limit on the total number of static ARP entries, including the manually configured
•
and the converted. As a result, some dynamic ARP entries might fail the conversion.
To delete a specific static ARP entry converted from a dynamic one, use the undo arp ip-address
•
command. Use the reset arp all command to delete all ARP entries or the reset arp static command
to delete all static ARP entries.

Configuration procedure

To configure ARP automatic scanning and fixed ARP:
Step
1. Enter system view.
2. Enter interface view.
3. Enable ARP automatic scanning.
4. Return to system view.
5. Enable fixed ARP.
Command
system-view
interface interface-type interface-number
arp scan [ start-ip-address to end-ip-address ]
quit
arp fixup
321