Gratuitous ARP on S series switches

2

An S series switch (except the S1700 switch�? sends an ARP Request packet with the destination address being its own IP address. This operation is called gratuitous ARP. Gratuitous ARP provides the following functions:
1. Checks the repetitious IP addresses. Normally, the device should not receive an ARP Reply after it sends an ARP Request with the destination address being its own IP address. If the device receives a reply, another device on the network is configured with the same IP address.
2. Declares a new MAC address. If the device has replaced its NIC and the MAC address changes, the device sends a gratuitous ARP packet to declare the change to all hosts before the aging of ARP entries.

Other related questions:
Gratuitous ARP on S series switches
An S series switch (except the S1700 switch�? sends an ARP Request packet with the destination address being its own IP address. This operation is called gratuitous ARP. Gratuitous ARP provides the following functions: 1. Checks the repetitious IP addresses. Normally, the device should not receive an ARP Reply after it sends an ARP Request with the destination address being its own IP address. If the device receives a reply, another device on the network is configured with the same IP address. 2. Declares a new MAC address. If the device has replaced its NIC and the MAC address changes, the device sends a gratuitous ARP packet to declare the change to all hosts before the aging of ARP entries.

What are the functions of gratuitous ARP
Gratuitous ARP means that a host sends an ARP request by using its own IP address as the destination address. Gratuitous ARP provides the following functions: Checks repeated IP addresses. Normally, the host should not receive an ARP reply. If the host receives an ARP reply, it indicates that another host is configured with the same IP address. Declares a new MAC address. If the host replaces its network card and hence the MAC address changes, the host sends a gratuitous ARP packet to declare the change to all hosts before the aging of ARP entries.

ARP anti-spoofing configuration on S series switch
The S series switch, except S1700, provides various methods to prevent ARP spoofing attacks. Dynamic ARP inspection (DAI) This function applies to the network where DHCP snooping is configured. It is recommended to configure DAI on the access switches.DAI can prevent man-in-the-middle attacks. # Enable DAI on GE 1/0/1. [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] arp anti-attack check user-bind enable # Enable DAI in VLAN 100. [HUAWEI] vlan 100 [HUAWEI-vlan100] arp anti-attack check user-bind enable - Configure fixed ARP. To prevent ARP spoofing attacks, configure fixed ARP on the gateway. # Enable fixed ARP in fixed MAC mode. [HUAWEI] arp anti-attack entry-check fixed-mac enable - Configure ARP gateway anti-collision (available on only S5720SI/S5720S-SI, S5720EI, S5720HI, S6720EI, and modular switches). When user hosts are directly connected to the gateway, configure this function on the gateway. # Enable ARP gateway anti-collision. [HUAWEI] arp anti-attack gateway-duplicate enable - Configure the switch to actively discard gratuitous ARP packets (only available on modular switches). If you confirm that the gratuitous ARP packets are from attackers, enable the gateway to actively discard gratuitous ARP packets. # Enable the switch to actively discard gratuitous ARP packets globally. [HUAWEI] arp anti-attack gratuitous-arp drop

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top