The vrrp gratuitous-arp timeout disable command disables the master device in a Virtual Router Redundancy Protocol for IPv4 (VRRP4) backup group from sending gratuitous ARP packets or the master device in a Virtual Router Redundancy Protocol for IPv6 (VRRP6) backup group from sending ND packets.
By default, the master device in a VRRP4 (or VRRP6) backup group sends gratuitous ARP (or ND) packets every 120 seconds.
Usage Scenario
The master device in a VRRP4 (or VRRP6) backup group sends gratuitous ARP (or ND) packets to its connected downstream switch to update the MAC entries on the downstream switch. Because ARP and NDP do not provide any security mechanisms, attackers can send spoofed ARP or ND packets to attack network devices. If high network security is required, run the vrrp gratuitous-arp timeout disable command to disable the master device in a VRRP4 backup group from sending gratuitous ARP packets or the master device in a VRRP6 backup group from sending ND packets.
PrecautionsAfter the vrrp gratuitous-arp timeout disable command is run, the master device in a VRRP4 (or VRRP6) backup group no longer periodically sends gratuitous ARP (or ND) packets to its connected downstream switch. If a master/backup switchover occurs, the MAC entries on the downstream switch cannot be promptly updated. As a result, traffic is interrupted.