Manualshelf

R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
33
Table 17 Configuration items of periodic sending of gratuitous ARP packets
Item Descri
p
tion
Sending Interface
Specify an interface and interval for periodically sending gratuitous ARP packets.
Select an interface from the Standby Interface list, set its sending interval, and then
click << to add it to the Sending Interface list box.
To delete the combination of an interface and its sending interval, select it from the
Sending Interface list and click >>.
IMPORTANT:
The firewall supports up to 1024 interfaces to send gratuitous ARP packets
periodically.
With this feature enabled, an interface can periodically send gratuitous ARP
packets only after it is assigned with an IP address and the link comes up.
If a sending interval is modified, the setting takes effect at the next interval.
If a number of interfaces are enabled with this feature, or each interface has a large
amount of secondary IP addresses, or the sending intervals are very short in the
scenario where the above two conditions exist at the same time, the frequency at
which gratuitous ARP packets are sent may be far lower than your expectation.
The feature is mutually exclusive with VRRP backup group configuration.
Configuring ARP automatic scanning
Introduction to ARP automatic scanning
With this feature enabled, the firewall scans the LAN for neighbors by sending requests for their MAC
addresses, and thereby obtaining the MAC addresses and creating dynamic ARP entries.
ARP automatic scanning allows you to specify the address range for scanning.
If you specify neither the start IP address nor the end IP address, the firewall scans the network
segment of the primary IP address of the current interface for neighbors, using the primary IP
address of the interface as the source IP address of the ARP requests.
To reduce the scanning time, you can specify the IP address range for scanning if you know the IP
address range assigned to the neighbors in a LAN. The specified start and end IP addresses must
be in the same network segment as the primary IP address or manually configured secondary IP
address of the interface. If the specified address range covers multiple network segments of the
interface, the source IP address in the ARP request is the interface address on the smallest network
segment.
ARP automatic scanning is usually used together with the fixed ARP feature. After creating dynamic ARP
entries for all the neighbors on a LAN, the firewall can convert these dynamic ARP entries into static ones.
For more information about fixed ARP, see “Configuring fixed ARP.”
Configuring ARP automatic scanning in the web interface
NOTE:
It is not recommended to perform other operations when ARP automatic scanning is in progress.
ARP automatic scanning may take a long time. You can abort the scanning by clicking Interrupt on the
ARP scan page.