After receiving the ARP reply, Host A adds the MAC address of Host B to its ARP table. Meanwhile,
Host A encapsulates the IP packet and sends it out.
Figure 1-2 ARP address resolution process
If Host A is not on the same subnet with Host B, Host A first sends an ARP request to the gateway. The
target IP address in the ARP request is the IP address of the gateway. After obtaining the MAC address
of the gateway from an ARP reply, Host A sends the packet to the gateway. If the gateway maintains the
ARP entry of Host B, it forwards the packet to Host B directly; if not, it broadcasts an ARP request, in
which the target IP address is the IP address of Host B. After obtaining the MAC address of Host B, the
gateway sends the packet to Host B.
After obtaining the MAC address for the destination host, the device puts the IP-to-MAC mapping into its
own ARP table. This mapping is used for forwarding packets with the same destination in future.
An ARP table contains ARP entries, which fall into one of two categories: dynamic or static.
Dynamic ARP entry
A dynamic entry is automatically created and maintained by ARP. It can get aged, be updated by a new
ARP packet, or be overwritten by a static ARP entry. When the aging timer expires or the interface goes
down, the corresponding dynamic ARP entry will be removed.
Static ARP entry
A static ARP entry is manually configured and maintained. It cannot get aged or be overwritten by a
dynamic ARP entry.
Using static ARP entries enhances communication security. You can configure a static ARP entry to
restrict an IP address to communicate with the specified MAC address only. After that, attack packets
cannot modify the IP-to-MAC mapping specified in the static ARP entry. Thus, communications
between the protected device and the specified device are ensured.
Static ARP entries can be classified into permanent or non-permanent.
A permanent static ARP entry can be directly used to forward packets. When configuring a
permanent static ARP entry, you must configure a VLAN and an outbound interface for the entry
besides the IP address and the MAC address.
A non-permanent static ARP entry has only an IP address and a MAC address configured. If a
non-permanent static ARP entry matches an IP packet to be forwarded, the device sends an ARP
request first. If the sender IP and MAC addresses in the received ARP reply are the same as those