SonicWALL 3 Benutzerhandbuch
94
S
ONIC
WALL S
ONIC
OS S
TANDARD
3.0 A
DMINISTRATOR
’
S
G
UIDE
C
HAPTER
14: Configuring Address Resolution Protocol Settings
Static ARP Entries
The Static ARP feature allows for static mappings to be created between layer 2 MAC addresses and
layer 3 IP addresses, but also provides the following capabilities:
layer 3 IP addresses, but also provides the following capabilities:
•
Publish Entry - Enabling the Publish Entry option in the Add Static ARP window causes the
SonicWALL device to respond to ARP queries for the specified IP address with the specified MAC
address. This can be used, for example, to have the SonicWALL device reply for a secondary IP
address on a particular interface by adding the MAC address of the SonicWALL. See the Second-
ary Subnet section that follows.
SonicWALL device to respond to ARP queries for the specified IP address with the specified MAC
address. This can be used, for example, to have the SonicWALL device reply for a secondary IP
address on a particular interface by adding the MAC address of the SonicWALL. See the Second-
ary Subnet section that follows.
•
Bind MAC Address - Enabling the Bind MAC Address option in the Add Static ARP window
binds the MAC address specified to the designated IP address and interface. This can be used to
ensure that a particular workstation (as recognized by the network card's unique MAC address)
can only the used on a specified interface on the SonicWALL. Once the MAC address is bound to
an interface, the SonicWALL will not respond to that MAC address on any other interface. It will
also remove any dynamically cached references to that MAC address that might have been
present, and it will prohibit additional (non-unique) static mappings of that MAC address.
binds the MAC address specified to the designated IP address and interface. This can be used to
ensure that a particular workstation (as recognized by the network card's unique MAC address)
can only the used on a specified interface on the SonicWALL. Once the MAC address is bound to
an interface, the SonicWALL will not respond to that MAC address on any other interface. It will
also remove any dynamically cached references to that MAC address that might have been
present, and it will prohibit additional (non-unique) static mappings of that MAC address.
•
Update IP Address Dynamically - The Update IP Address Dynamically setting in the Add Static
ARP window is a sub-feature of the Bind MAC Address option. This allows for a MAC address to
be bound to an interface when DHCP is being used to dynamically allocate IP addressing. Ena-
bling this option will blur the IP Address field, and will populate the ARP Cache with the IP Address
allocated by the SonicWALL's internal DHCP server, or by the external DHCP server if IP Helper is
in use.
ARP window is a sub-feature of the Bind MAC Address option. This allows for a MAC address to
be bound to an interface when DHCP is being used to dynamically allocate IP addressing. Ena-
bling this option will blur the IP Address field, and will populate the ARP Cache with the IP Address
allocated by the SonicWALL's internal DHCP server, or by the external DHCP server if IP Helper is
in use.
Secondary Subnets with Static ARP
SonicOS Standard already supports secondary subnets on the LAN using the Network Gateway
feature on LAN Properties window from the Network > Settings page, but the Static ARP feature
allows for secondary subnets to be added on other interfaces, and without the addition of automatic
NAT rules.
feature on LAN Properties window from the Network > Settings page, but the Static ARP feature
allows for secondary subnets to be added on other interfaces, and without the addition of automatic
NAT rules.
Note: It is not possible to create firewall access rules between primary and secondary subnets, when
they are created using the static ARP method.
they are created using the static ARP method.
Adding a Secondary Subnet using the Static ARP Method
1 Add a 'published' static ARP entry for the gateway address that will be used for the secondary
subnet, assigning it the MAC address of the SonicWALL interface to which it will be connected.
2 Add a static route for that subnet, so that the SonicWALL regards it as valid traffic, and knows to
which interface to route that subnet's traffic.
3 Add Access Rules to allow traffic destined for that subnet to traverse the correct network interface.
4 Optional: Add a static route on upstream device(s) so that they know which gateway IP to use to
reach the secondary subnet.