1-6
Configuration Gratuitous ARP
Introduction to Gratuitous ARP
In a gratuitous ARP packet, the sender IP address and the target IP address are both the IP address of
the device issuing the packet, the sender MAC address is the MAC address of the device, and the
target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.
A device sends a gratuitous ARP packet to:
z
Determine whether its IP address is already used by another device. If the IP address is already
used, the device is informed of the conflict by an ARP reply, or
z
Inform other devices of its new MAC address so they can update their ARP entries.
Enabling Learning of Gratuitous ARP Packets
With this feature enabled, a device receiving a gratuitous ARP packet adds the sender IP and MAC
addresses carried in the packet to its ARP table if no corresponding ARP entry exists. If a
corresponding ARP entry is found, the device updates the ARP entry.
After this feature is disabled, the device will use the address information in the received gratuitous
ARP packets to update the existing ARP entries only, but not to create new ARP entries.
Configuring Periodic Sending of Gratuitous ARP Packets
Enabling a device to periodically send gratuitous ARP packets helps downstream devices update their
corresponding ARP entries or MAC entries in time. This feature can be used to:
z
Prevent gateway spoofing
If an attacker sends forged gratuitous ARP packets to the hosts on a network, the traffic destined for
the gateway from the hosts is sent to the attacker instead. As a result, the hosts cannot access the
external network.
To prevent such gateway spoofing attacks, you can enable the gateway to send gratuitous ARP
packets containing its primary IP address or one of its manually configured secondary IP addresses at
a specific interval. In this way, each host can learn correct gateway address information.
z
Prevent ARP entries from being aged out
Heavy network traffic or high CPU utility on a host may cause received ARP packets to be discarded
or processed too late. Eventually, the dynamic ARP entries on the receiving host will be aged out, and
the traffic between the host and the corresponding devices will be interrupted until the host creates the
ARP entries again.
To prevent such a problem, you can enable the gateway to send gratuitous ARP packets periodically.
The gratuitous ARP packets contain the gateway's primary IP address or one of its manually
configured secondary IP addresses. Thus, the receiving host can update ARP entries in time and thus
ensure traffic continuity.
z
Prevent the virtual IP address of a VRRP group from being used by a host
The master router of a VRRP group can periodically send gratuitous ARP packets to the local hosts,
so that the hosts can update local ARP entries and avoid using the virtual IP address of the VRRP
group.
If the virtual IP address of the VRRP group is associated with a virtual MAC address, the sender MAC
address in the gratuitous ARP packet is the virtual MAC address of the virtual router. If the virtual IP