Gratuitous arp configuration, Introduction to gratuitous arp, Enabling learning of gratuitous arp packets – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 19
8
Gratuitous ARP configuration
This chapter includes these sections:
•
Introduction to gratuitous ARP
•
NOTE:
The term "switch" or "device" in this chapter refers to the switching engine on a WX3000E wireless switch.
Introduction to gratuitous ARP
In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the
sending device, the sender MAC address is the MAC address of the sending device, and the target MAC
address is the broadcast address ff:ff:ff:ff:ff:ff.
A device sends a gratuitous ARP packet for either of the following purposes:
•
Determine whether its IP address is already used by another device. If the IP address is already used,
the device will be informed of the conflict by an ARP reply;
•
Inform other devices of the change of its MAC address.
Enabling learning of gratuitous ARP packets
With this feature enabled, a device, upon receiving a gratuitous ARP packet, adds an ARP entry that
contains the sender IP and MAC addresses in the packet to its ARP table. If the corresponding ARP entry
exists, the device updates the ARP entry.
With this feature disabled, the device uses the received gratuitous ARP packets to update existing ARP
entries, but not to create new ARP entries.
Configuring periodic sending of gratuitous ARP packets
Enabling a device to periodically send gratuitous ARP packets helps downstream devices update their
corresponding ARP entries or MAC entries in time. This feature can be used to prevent gateway spoofing,
prevent ARP entries from aging out, and prevent the virtual IP address of a VRRP group from being used
by a host.
•
Prevent gateway spoofing
When an attacker sends forged gratuitous ARP packets to the hosts on a network, the traffic destined for
the gateway from the hosts is sent to the attacker instead. As a result, the hosts cannot access the external
network.
To prevent such gateway spoofing attacks, enable the gateway to send gratuitous ARP packets
containing its primary IP address and manually configured secondary IP addresses at a specific interval.
In this way, each host can learn correct gateway address information.
•
Prevent ARP entries from aging out
If network traffic is heavy or a host’s CPU usage is high on a host, received ARP packets may be
discarded or not be processed in time. Eventually, the dynamic ARP entries on the receiving host will age
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points