ZyXEL Communications ZYWALL P1 User Manual page 470
Internet security appliance
Hide thumbs
Also See for ZYWALL P1:
- Quick start manual (72 pages) ,
- Quick start manual (64 pages) ,
- User manual (369 pages)
Table of Contents
Advertisement
Appendix H Command Interpreter
ARP Behavior and the ARP ackGratuitous Commands
The ZyWALL does not accept ARP reply information if the ZyWALL did not send out a
corresponding request. This helps prevent the ZyWALL from updating its ARP table with an
incorrect IP address to MAC address mapping due to a spoofed ARP. An incorrect IP to MAC
address mapping in the ZyWALL's ARP table could cause the ZyWALL to send packets to
the wrong device.
Commands for Using or Ignoring Gratuitous ARP Requests
A host can send an ARP request to resolve its own IP address. This is called a gratuitous ARP
request. The packet uses the host's own IP address as the source and destination IP address.
The packet uses the Ethernet broadcast address (FF:FF:FF:FF:FF:FF) as the destination MAC
address. This is used to determine if any other hosts on the network are using the same IP
address as the sending host. The other hosts in the network can also update their ARP table IP
address to MAC address mappings with this host's MAC address.
The
ip arp ackGratuitous
requests.
• Use
ip arp ackGratuitous active no
requests.
• Use
ip arp ackGratuitous active yes
ARP requests.
For example, say the regular gateway goes down and a backup gateway sends a gratuitous
ARP request. If the request is for an IP address that is not already in the ZyWALL's ARP
table, the ZyWALL sends an ARP request to ask which host is using the IP address. After
the ZyWALL receives a reply from the backup gateway, it adds an ARP table entry.
If the ZyWALL's ARP table already has an entry for the IP address, the ZyWALL's
response depends on how you configure the
command.
• Use
MAC address in the ARP entry.
• Use
update the MAC address in the ARP entry.
A backup gateway (as in the following graphic) is an example of when you might want to turn
on the forced update for gratuitous ARP requests. One day gateway A shuts down and the
backup gateway (B) comes online using the same static IP address as gateway A. Gateway B
broadcasts a gratuitous ARP request to ask which host is using its IP address. If ackGratuitous
is on and set to force updates, the ZyWALL receives the gratuitous ARP request and updates
its ARP table. This way the ZyWALL has a correct gateway ARP entry to forward packets
through the backup gateway. If ackGratuitous is off or not set to force updates, the ZyWALL
will not update the gateway ARP entry and cannot forward packets through gateway B.
470
commands set how the ZyWALL handles gratuitous ARP
ip arp ackGratuitous forceUpdate on
ip arp ackGratuitous forceUpdate off
to have the ZyWALL ignore gratuitous ARP
to have the ZyWALL respond to gratuitous
ip arp ackGratuitous forceUpdate
to have the ZyWALL update the
to have the ZyWALL not
ZyWALL P1 User's Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
