As shown in Figure 1, the intranet of an organization communicates
with the Internet through the gateway PE. To prevent network attackers
from obtaining private information by modifying ARP entries on the
PE, deploy static ARP.
Figure 1 Static ARP networking
- Before static ARP is deployed, the PE dynamically learns and updates
ARP entries using ARP messages. However, dynamic ARP entries can be
aged and overwritten by new dynamic ARP entries. Therefore, network
attackers can send fake ARP messages to modify ARP entries on the
PE to obtain the private information of the organization.
- After static ARP is deployed, ARP entries on the PE are manually
configured and maintained by a network administrator. Static ARP entries
are neither aged nor overwritten by dynamic ARP entries. Therefore,
deploying static ARP can prevent network attackers from sending fake
ARP messages to modify ARP entries on the PE, and information security
Deploy static ARP on the PE to set up fixed mapping between IP
and MAC addresses of hosts on the intranet. This can prevent network
attackers from sending fake ARP messages to modify ARP entries on
the PE, ensuring the stability and security of network communication
and minimizing the risk of private information being stolen.