Configuration procedure, Configuring arp automatic scanning and fixed arp, Introduction – H3C Technologies H3C SecPath F1000-E User Manual

Page 55

•

Periodic sending of gratuitous ARP packets takes effect only when the link of the enabled interface

goes up and an IP address has been assigned to the interface.

•

If you change the interval for sending gratuitous ARP packets, the configuration is effective at the
next sending interval.

•

The frequency of sending gratuitous ARP packets may be much lower than is expected if this
function is enabled on multiple interfaces, if each interface is configured with multiple secondary IP

addresses, or if a small sending interval is configured in such cases.

Configuration procedure

To configure gratuitous ARP:

Step Command

Remarks

Enter system view.

system-view

N/A

Enable learning of gratuitous
ARP packets.

gratuitous-arp-learning enable

Optional.
Enabled by default.

Enable the firewall to send

gratuitous ARP packets upon
receiving ARP requests from

another subnet.

gratuitous-arp-sending enable

By default, the firewall does not
send gratuitous ARP packets upon

receiving ARP requests from
another subnet.

Enter interface view.

interface interface-type

interface-number

N/A

Enable periodic sending of
gratuitous ARP packets and

set the sending interval.

arp send-gratuitous-arp [ interval
milliseconds ]

Disabled by default.

Configuring ARP automatic scanning and fixed ARP

Introduction

ARP automatic scanning is usually used together with the fixed ARP feature.

•

With the ARP automatic scanning feature enabled, the firewall scans the LAN for neighbors by
sending ARP requests, and thereby obtains the MAC addresses of the neighbors and adds dynamic

ARP entries.

•

With the fixed ARP feature, the device can convert dynamic ARP entries (including those added by
ARP automatic scanning) into static ones, thus preventing attackers from modifying ARP entries

effectively.

NOTE:

H3C recommends that you use these two features in small-sized and stable networks, such as an Internet
café.

Configuring ARP automatic scanning in the web interface

Do not perform other operations when ARP automatic scanning is in progress.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS