Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why create a static entry in the Arp table?

    Scheduled Pinned Locked Moved DHCP and DNS
    13 Posts 5 Posters 30.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bgroper @madivad
      last edited by bgroper

      @madivad said in Why create a static entry in the Arp table?:

      In short, what are the benefits to choosing this option?

      Google found some info at https://www.juniper.net/documentation/en_US/junos/topics/concept/arp-static-qfx-series-understanding.html

      But yes, what are the pros and cons of having/not having static ARP table entries ??

      I'm not a complete idiot. There's still a few pieces missing.

      GertjanG 1 Reply Last reply Reply Quote 1
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        Can be used as a security measure. Can prevent spoofing and or poisoning, can allow for WOL (wake on lan), can shave a ms or so off from having to arp for the IP every 20 minutes or so - whatever your cache is set for. If your whole network is setup with static arps - would lower the amount of arp traffic on that L2 network.

        Generally speaking the typical user would have no reason to set static arp entries up..

        Can be used to limit who can talk to pfsense, via only allowing to talk to IPs that have static arp entries.

        Con's would be that IP is locked to that mac - another device would not be able to use that IP, or that device would not be able to use a different IP.. Arp spoofing can be used for legitimate reasons - so if you have static arp set, you would not be able to do that.

        But again most uses are outside the scope of day to day operation for a typical home network to be honest.. Its pretty safe to say if you don't understand its use case, you wouldn't have use of it ;)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        B 1 Reply Last reply Reply Quote 7
        • B
          bgroper @johnpoz
          last edited by

          @johnpoz

          Thanks for the good explanation.
          Oh, please any chance of a thumbs up ? I'm hoping to reach 5 so I can add a signature. ;-)

          I'm not a complete idiot. There's still a few pieces missing.

          1 Reply Last reply Reply Quote 1
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            What would you like in your signature? I can edit it until you reach 5.. With only 2 posts, and no help to others I wouldn't count on hitting 5 all that quickly ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            B 1 Reply Last reply Reply Quote 2
            • GertjanG
              Gertjan @bgroper
              last edited by

              @bgroper said in Why create a static entry in the Arp table?:

              what are the pros and cons of having/not having static ARP table entries ??

              Back, in the old days, when 10 Mbits / sec half duplex was a pure luxury, the collections of ARP packets on a big network segment wouldn't be zero.
              Remember, there were no switches, just hubs ...
              Setting static settings, ARP, IP (think of DHCP) etc would really help.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 1
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Yup back in the day this was very true!

                The most likely use case for your typical small network today would prob be for WOL support... You need to be able to send that magic packet to the correct mac.. If you don't know what the mac is then you can not send it.. So a static setting comes in handy there..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                JKnottJ 1 Reply Last reply Reply Quote 0
                • JKnottJ
                  JKnott @johnpoz
                  last edited by

                  @johnpoz

                  ????

                  I have used WoL and didn't need to use static ARP for it. I knew the MAC, so I used it. How would not knowing the MAC address help you set up a static ARP? The sole purpose of static ARP is to map an IP address to a MAC, without going through the ARP request & reply. As I mentioned earlier, the only time I had to use static ARP was so that I could configure security cameras. Even then, there was an app for doing that, without IP addresses assigned.

                  Also, one thing a lot of people don't realize is that ARP predates IP and was used because it already provided a needed function of mapping some name to the MAC.

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by johnpoz

                    @JKnott said in Why create a static entry in the Arp table?:

                    I have used WoL and didn't need to use static ARP for it. I knew the MAC

                    Very true!! Just saying this is one use case ;) Where having static would come in handy... If you know the mac you don't need a static entry in your arp table

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott @johnpoz
                      last edited by

                      @johnpoz said in Why create a static entry in the Arp table?:

                      If you know the mac you don't need a static entry in your arp table

                      How could you create the entry, if you didn't know the MAC?

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by johnpoz

                        hehehe - well dude you would have to have some pre-thought there ;) duh - hehehe!

                        But if the entry is in your arp table you could send the magic packet via just the IP address.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • B
                          bgroper @johnpoz
                          last edited by

                          @johnpoz
                          Yes, its been a quiet 5 years since I signed up for this forum, ;-)
                          My usual signature is :
                          "I'm not a complete idiot. There's still a few pieces missing."
                          TIA's

                          I'm not a complete idiot. There's still a few pieces missing.

                          1 Reply Last reply Reply Quote 3
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.