Configuring Gratuitous ARP Packet Sending
Context
If an attacker forges the gateway address to send ARP packets to other user hosts, ARP entries on the hosts record the incorrect gateway address. As a result, the gateway cannot receive data sent from the hosts. You can enable gratuitous ARP packet sending on the gateway. Then the gateway sends gratuitous ARP packets at intervals to update the ARP entries of authorized users so that the ARP entries contain the correct MAC address of the gateway.
- If gratuitous ARP packet sending is enabled globally, all interfaces have this function enabled by default.
- If gratuitous ARP packet sending is enabled globally and on an interface simultaneously, the configuration on the interface takes precedence over the global configuration.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
If you intend to configure gratuitous ARP packet sending in the system view, skip this step.
- Run arp gratuitous-arp send enable
Gratuitous ARP packet sending is enabled.
By default, gratuitous ARP packet sending is disabled.
- (Optional) Run arp gratuitous-arp send interval interval-time
The interval for sending gratuitous ARP packets is set.
By default, the interval for sending gratuitous ARP packets is 60 seconds.
- Run commit
The configuration is committed.
