< Home

Configuring Gratuitous ARP Packet Sending

Context

If an attacker forges the gateway address to send ARP packets to other user hosts, ARP entries on the hosts record the incorrect gateway address. As a result, the gateway cannot receive data sent from the hosts. You can enable gratuitous ARP packet sending on the gateway. Then the gateway sends gratuitous ARP packets at intervals to update the ARP entries of authorized users so that the ARP entries contain the correct MAC address of the gateway.

You can configure gratuitous ARP packet sending globally or on a VLANIF interface.
  • If gratuitous ARP packet sending is enabled globally, all interfaces have this function enabled by default.
  • If gratuitous ARP packet sending is enabled globally and on a VLANIF interface simultaneously, the configuration on the VLANIF interface takes precedence over the global configuration.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run interface vlanif interface-number

    The VLANIF interface view is displayed.

    If you intend to configure gratuitous ARP packet sending in the system view, skip this step.

  3. Run arp gratuitous-arp send enable

    Gratuitous ARP packet sending is enabled.

    By default, gratuitous ARP packet sending is disabled.

  4. (Optional) Run arp gratuitous-arp send interval interval-time

    The interval for sending gratuitous ARP packets is set.

    By default, the interval for sending gratuitous ARP packets is 60 seconds.

Parent Topic: Configuring Defense Against ARP Spoofing Attacks
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >