After you enable the ARP attack detection function, the device will check the following items of an ARP packet: the source MAC address, source IP address, port number of the port receiving the ARP packet, and the ID of the VLAN the port resides. If these items match the entries of the DHCP snooping table or the manual configured IP binding table, the device will forward the ARP packet; if not, the device discards the ARP packet.

z

z

With trusted ports configured, ARP packets coming from the trusted ports will not be checked, while those from other ports will be checked through the DHCP snooping table or the manually configured IP binding table.

With the ARP restricted forwarding function enabled, ARP request packets are forwarded through trusted ports only; ARP response packets are forwarded according to the MAC addresses in the packets, or through trusted ports if the MAC address table contains no such destination MAC addresses.

Introduction to Gratuitous ARP

The following are the characteristics of gratuitous ARP packets:

z

z

Both source and destination IP addresses carried in a gratuitous ARP packet are the local addresses, and the source MAC address carried in it is the local MAC addresses.

If a device finds that the IP addresses carried in a received gratuitous packet conflict with those of its own, it returns an ARP response to the sending device to notify of the IP address conflict.

By sending gratuitous ARP packets, a network device can:

z

z

Determine whether or not IP address conflicts exist between it and other network devices. Trigger other network devices to update its hardware address stored in their caches.

The gratuitous ARP packet learning function:

When the gratuitous ARP packet learning function is enabled on a device and the device receives a gratuitous ARP packet, the device updates the existing ARP entry (contained in the cache of the device) that matches the received gratuitous ARP packet using the hardware address of the sender carried in the gratuitous ARP packet.

Configuring ARP

Configuring ARP Basic Functions

Follow these steps to configure ARP basic functions:

 

To do…

Use the command…

Remarks

 

Enter system view

system-view

 

 

 

 

 

 

 

Optional

 

 

arp static ip-address

By default, the ARP mapping table is

 

Add a static ARP entry

mac-address [ vlan-id

empty, and the address mapping

 

 

interface-type interface-number ]

entries are created dynamically by

 

 

 

ARP.

 

 

 

 

 

Configure the ARP

 

Optional

 

arp timer aging aging-time

By default, the ARP aging timer is

 

aging timer

 

 

set to 20 minutes.

 

 

 

 

 

 

 

1-5

Page 420
Image 420
3Com WX3000 operation manual Introduction to Gratuitous ARP, Configuring ARP Basic Functions, Arp static ip-address