beautypg.com

Figure 528 routing command example, Arp behavior and the arp ackgratuitous commands – ZyXEL Communications 5 Series User Manual

Page 802

background image

ZyWALL 5/35/70 Series User’s Guide

802

Appendix K Command Interpreter

Figure 528 Routing Command Example

ARP Behavior and the ARP ackGratuitous Commands

The ZyWALL does not accept ARP reply information if the ZyWALL did not send out a
corresponding request. This helps prevent the ZyWALL from updating its ARP table with an
incorrect IP address to MAC address mapping due to a spoofed ARP. An incorrect IP to MAC
address mapping in the ZyWALL’s ARP table could cause the ZyWALL to send packets to
the wrong device.

Commands for Using or Ignoring Gratuitous ARP Requests

A host can send an ARP request to resolve its own IP address. This is called a gratuitous ARP
request. The packet uses the host’s own IP address as the source and destination IP address.
The packet uses the Ethernet broadcast address (FF:FF:FF:FF:FF:FF) as the destination MAC
address. This is used to determine if any other hosts on the network are using the same IP
address as the sending host. The other hosts in the network can also update their ARP table IP
address to MAC address mappings with this host’s MAC address.

The

ip arp ackGratuitous

commands set how the ZyWALL handles gratuitous ARP

requests.

• Use

ip arp ackGratuitous active no

to have the ZyWALL ignore gratuitous

ARP requests.

• Use

ip arp ackGratuitous active yes

to have the ZyWALL respond to

gratuitous ARP requests.

For example, say the regular gateway goes down and a backup gateway sends a
gratuitous ARP request. If the request is for an IP address that is not already in the
ZyWALL’s ARP table, the ZyWALL sends an ARP request to ask which host is using
the IP address. After the ZyWALL receives a reply from the backup gateway, it adds an
ARP table entry.

If the ZyWALL’s ARP table already has an entry for the IP address, the ZyWALL’s
response depends on how you configure the

ip arp ackGratuitous forceUpdate

command.

Use

ip arp ackGratuitous forceUpdate on

to have the

ZyWALL update the MAC address in the ARP entry.

Use

ip arp ackGratuitous forceUpdate off

to have the

ZyWALL not update the MAC address in the ARP entry.

ras> ip nat routing 2 1

Routing can work in NAT when no NAT rule match.

-----------------------------------------------

LAN: no

DMZ: yes

WLAN: yes

See also other documents in the category ZyXEL Communications Hardware: