Add a Static ARP Entry

By default, all ARP packets are allowed between bridge group members. You can control the flow of ARP packets by enabling ARP inspection (see ARP Inspection). ARP inspection compares ARP packets with static ARP entries in the ARP table.

For routed interfaces, you can enter static ARP entries, but normally dynamic entries are sufficient. For routed interfaces, the ARP table is used to deliver packets to directly-connected hosts. Although senders identify a packet destination by an IP address, the actual delivery of the packet on Ethernet relies on the Ethernet MAC address. When a router or host wants to deliver a packet on a directly connected network, it sends an ARP request asking for the MAC address associated with the IP address, and then delivers the packet to the MAC address according to the ARP response. The host or router keeps an ARP table so it does not have to send ARP requests for every packet it needs to deliver. The ARP table is dynamically updated whenever ARP responses are sent on the network, and if an entry is not used for a period of time, it times out. If an entry is incorrect (for example, the MAC address changes for a given IP address), the entry needs to time out before it can be updated with the new information.

For transparent mode, the threat defense only uses dynamic ARP entries in the ARP table for traffic to and from the threat defense device, such as management traffic.

Before you begin

This screen is only available for named interfaces.

Procedure


Step 1

Select Devices > Device Management and click Edit (edit icon) for your threat defense device. The Interfaces page is selected by default.

Step 2

Click Edit (edit icon) for the interface you want to edit.

Step 3

Click the Advanced tab, and then click the ARP tab (called ARP and MAC for transparent mode).

Step 4

Click (add icon)Add ARP Config.

The Add ARP Config dialog box appears.

Step 5

In the IP Address field, enter the IP address of the host.

Step 6

In the MAC Address field, enter the MAC address of the host; for example, 00e0.1e4e.3d8b.

Step 7

To perform proxy ARP for this address, check the Enable Alias check box.

If the threat defense device receives an ARP request for the specified IP address, then it responds with the specified MAC address.

Step 8

Click OK, and then click OK again to exit the Advanced settings.

Step 9

Click Save.

You can now go to Deploy > Deployment and deploy the policy to assigned devices. The changes are not active until you deploy them.