Introduction To Gratuitous Arp; Introduction To Arp Source Mac Address Consistency Check - 3Com 4500 Configuration Manual

mode, all hosts on this subnet can receive the request, but only the requested host (namely, Host B)
will process the request.
3) Host B compares its own IP address with the destination IP address in the ARP request. If they are
the same, Host B saves the source IP address and source MAC address into its ARP mapping
table, encapsulates its MAC address into an ARP reply, and unicasts the reply to Host A.
4) After receiving the ARP reply, Host A adds the MAC address of Host B into its ARP mapping table
for subsequent packet forwarding. Meanwhile, Host A encapsulates the IP packet and sends it out.
Usually ARP dynamically implements and automatically seeks mappings from IP addresses to MAC
addresses, without manual intervention.

Introduction to Gratuitous ARP

The following are the characteristics of gratuitous ARP packets:
Both source and destination IP addresses carried in a gratuitous ARP packet are the local
addresses, and the source MAC address carried in it is the local MAC addresses.
If a device finds that the IP addresses carried in a received gratuitous packet conflict with those of
its own, it returns an ARP response to the sending device to notify of the IP address conflict.
By sending gratuitous ARP packets, a network device can:
Determine whether or not IP address conflicts exist between it and other network devices.
Trigger other network devices to update its hardware address stored in their caches.
With the gratuitous ARP packet learning function enabled:
A device receiving a gratuitous ARP packet adds the information carried in the packet to its own
dynamic ARP table if it finds no corresponding ARP entry for the ARP packet exists in the cache.
Periodical sending of gratuitous ARP packets
In an actual network, when the network load or the CPU occupancy of the receiving host is high, ARP
packets may be lost or the host may be unable to timely process the ARP packets received. In such a
case, the dynamic ARP entries on the receiving host may age out, and the traffic between the host and
the sending device will get interrupted before the host learns the MAC address of the sending device
again and installs a corresponding entry in the ARP table.
To address this issue, by default, the S4500 series allow VLAN interfaces to send gratuitous ARP
packets periodically. That is, as long as a VLAN interface is in the Up state, it sends gratuitous ARP
packets at an interval of 30 seconds so that the receiving host can refresh the MAC address of the
switch in the ARP table timely, thereby preventing traffic interruption mentioned above.

Introduction to ARP Source MAC Address Consistency Check

An attacker may use the IP or MAC address of another host as the sender IP or MAC address of ARP
packets. These ARP packets can cause other network devices to update the corresponding ARP
entries incorrectly, thus interrupting network traffic.
To prevent such attacks, you can configure ARP source MAC address consistency check on S4500
series Ethernet switches (operating as gateways). With this function, the device can verify whether an
ARP packet is valid by checking the sender MAC address of the ARP packet against the source MAC
address in the Ethernet header.
If they are consistent, the packet passes the check and the switch learns the ARP entry.
1-4