
Cisco network devices create a static [ARP](/arp) entry in the [ARP table](/arp-table) for their own [IPv4](/ipv4) addresses on their interfaces. 

Here is an example:

```
SW1#show ip arp | include .254
Internet  10.65.10.254            -   08f3.fb39.e346  ARPA   Vlan10
```

```
SW1#show run interface Vlan 10

interface Vlan10
 description SERVERS
 ip address 10.65.10.254 255.255.255.0
end
```

This is not standard ARP behavior as defined by the protocol itself.  This is a device/vendor-specific behavior.

There are several reasons why Cisco has chosen to implement ARP in this way, and all of them have to do with the role and functionality of the Cisco device, as an intermediary device and not an end host. The reasons include:

- Avoid ARP [Broadcasts](/broadcast-traffic) for Local Communication: Network devices need to communicate with themselves in certain situations (i.e. when implementing dynamic [routing](/routing) protocols, validating [routing table](/routing-table) updates, and performing self-checks with [control plane traffic](/network-control-plane)). Having a static ARP entry for its own IP address means it doesn’t need to broadcast an ARP request to resolve its own IP address to a [MAC address](/mac-address). This reduces unnecessary ARP traffic on the network and ensures quicker local communication.
- Prevent ARP [Spoofing](/security-spoofing) and Security Attacks: Static ARP entries can protect against certain types of security attacks, such as ARP spoofing or ARP poisoning. By having a static ARP entry for its own IP address, the Cisco device can avoid being tricked into sending traffic to an attacker’s device.
- Maintain Stability in Critical Network Functions: Some network protocols and features, such as high availability configurations ([HSRP](/hot-standby-router-protocol-hsrp), [VRRP](/virtual-router-redundancy-protocol-vrrp), [GLBP)](/gateway-load-balancing-protocol-glbp) and certain [routing protocols](/routing-dynamic-routing-protocols), rely on the device consistently knowing its own MAC and IP address without relying on dynamic ARP resolutions. Static ARP entries ensure that these critical functions operate without interruption.

## Links

https://networklessons.com/ip-services/arp-address-resolution-protocol-explained

Static ARP entry for own IP address

Security - Cisco VPN client software

Security - Diffie-Hellman groups

Security - Extensible Authentication Protocol over LAN (EAPOL)

Security - GETVPN

Security - IEEE 802.1X

Security - IOS Usernames and Passwords

Security - IPsec nonce

Security - Kerberos

Security - MAC Authentication Bypass

Security - Network Access Control (NAC)

Security - Next Generation Firewall

Security - Secure Unique Device Identifier (SUDI)

Security - WPA 4-way handshake

Security - WebVPN

Security - accessing VTY from another VRF

Security - assigning privilege levels, syntax and behavior

Security - bogons

Security - broadcast-multicast storm

Security - configuring TACACS from another VRF

Security - privilege levels and command output

Security - privilege levels and enable keyword

Security - public key exchange

Security - root CAs and private keys

Security - spoofing

Security - storm control algorithm

Security IKE policy hash command

Security Trusted Platform Module (TPM)

Security aaa new-model

Security authentication on VTY lines

Security keyrings

Segment Routing

Serial - Data Communication Equipment (DCE)

Serial - Data Terminal Equipment(DTE)

Serial - Link between two routers

Serial Interface - Clock Rate

Serial Interface default broadcast address

Session Border Controller

Session Initiation Protocol

Show open TCP-UDP ports on Cisco router

Spanning Tree Protocol (STP)

Spine and leaf architecture - connections to leaf switches

Spine and leaf architecture - connections to spine switches

Spine and leaf architecture - reducing latency

Split-horizon

StackWise - IOS upgrade switch reboot sequence

StackWise Virtual

Stackwise - IOS install mode vs bundle mode

Stackwise election process

Stackwise user priority

Subscriber templating

Summarization

Supernetting

Switch High Availability and the Control Plane

Switch configuring a routed port

Switch high availability options

Switch protected port limitations

Switch protected port

Switching -  CEF Adjacency Table

Switching - CEF

Switching - Media Access Control (MAC) addresses

Switching - Process switching

Switching - backplane

Switching - cut through

Switching - fast switching

Switching - show cable-diagnostics

Switching - store and forward

Switching - switch fabric

Switching - switched virtual interface (SVI)

Switching - switchport autostate command

Switching

Switchport - IEEE 802.1q

Switchport - ISL

Switchport - show vlan internal usage

Switchport access

Switchport modes

Switchport trunk configuration ignores access commands

Switchport trunk encapsulation

Switchport trunk

Symmetric Digital Subscriber Line (SDSL)

Syslog - Logging buffered command

Syslog - logging discriminator

Syslog - terminal monitor

Syslog relay or proxy

Syslog severity levels

Syslog

TCP - Congestion control

TCP - Determining the MSS

TCP - Header

TCP - SEQ and ACK values

TCP - Slow start

TCP - Three-way handshake

TCP - Urgent pointer field

TCP - Window Size Scaling

TCP - factors affecting segment size

TCP - role of checksum field

TCP IP Model

TCP MSS and window size

TCP RST flag

TCP SYN timeout