How to add or remove a static ARP entry on Linux
Last updated on December 2, 2020 by Dan Nanni
ARP (short for "Address Resolution Protocol") is a network protocol used to map an IP network address to a corresponding hardware MAC address. When host X wants to communicate host Y, X first broadcasts an ARP request on its local network to obtain Y's MAC address. Once X receives ARP reply containing Y's MAC address, X uses the information to construct Ethernet frames destined for Y.
The IP/MAC address mapping information so obtained is cached in local ARP table, so that ARP query process can be omitted subsequently.
Problems can arise when for whatever reason, host X does not receive ARP replies for a destination host Y with which it wishes to communicate. In other cases, ARP replies come in, but contain a MAC address associated with an incorrect host Z. Such corrupted ARP replies will result in traffic hijacking, where traffic that should have been sent to Y ends up arriving at host Z.
When dealing with these kinds of ARP-induced abnormal situations, it's useful to be able to add static ARP entries manually on locally cached ARP table. When a MAC address of a destination host Y is found in local ARP table, there is no need to send out ARP requests.
Add a Static ARP Entry to Local ARP Table
$ sudo arp -s 10.0.0.2 00:0c:29:c0:94:bf
The above commands tells local ARP table that the host with IP address 10.0.0.2 has MAC address 00:0c:29:c0:94:bf. Once you have configured a static ARP entry, you can verify that.
$ arp -a -n
? (192.168.10.47) at e0:db:55:ce:13:f1 [ether] on eth0 ? (192.168.10.1) at 00:e0:b1:cb:07:30 [ether] on eth0 ? (10.0.0.2) at 00:0c:29:c0:94:bf [ether] PERM on eth1
As you can see above, the statically configured ARP entry correctly shows up, marked as PERM in the ARP table.
Delete a Static ARP Entry from Local ARP Table
$ sudo arp -d 10.0.0.2
$ arp -a -n ? (135.112.29.47) at e0:db:55:ce:13:f1 [ether] on eth0 ? (135.112.29.1) at 00:e0:b1:cb:07:30 [ether] on eth0 ? (10.0.0.2) at <incomplete> on eth1
Add Static ARP Entries Permanently on Linux
Note that any ARP entry added by arp command at run time like above does not remain persistently across reboots. In order to add a static ARP entry permanently, what you can do is to load ARP entries from an external file automatically when a network interface is up. For that, first create a file that contains static ARP entries.
$ sudo vi /etc/ethers
00:0c:29:c0:94:bf 10.0.0.2 00:0c:59:44:f0:a0 10.0.0.5 . . . .
The arp command allows you to load any external file using -f option.
$ sudo arp -f /etc/ethers
Now you need to set the above command to be run automatically when a given network interface (e.g., eth0) is up. There are distribution-specific ways to run a startup command for network interfaces. Following are distribution-specific examples.
Here I assume that you are not using Network Manager on your Linux system. So if you are using Network Manager, you will have to disable it first.
On Ubuntu, Debian or Mint, add the following entry in /etc/network/interfaces:
iface wlan0 inet dhcp . . . post-up arp -f /etc/ethers
On CentOS, RHEL or Fedora, create the following executable script, as described in this tutorial:
$ sudo vi /sbin/ifup-local
#!/bin/sh
if [[ "$1" == "eth0" ]]
then
arp -f /etc/ethers
else
#DO_NOTHING
fi
Make the script executable:
$ sudo chmod +x /sbin/ifup-local
Support Xmodulo
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.
Xmodulo © 2021 ‒ About ‒ Write for Us ‒ Feed ‒ Powered by DigitalOcean