R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
46
• If you change the interval for sending gratuitous ARP packets, the configuration is effective at the
next sending interval.
• The frequency of sending gratuitous ARP packets may be much lower than is expected if this
function is enabled on multiple interfaces, if each interface is configured with multiple secondary IP
addresses, or if a small sending interval is configured in such cases.
Configuration procedure
To configure gratuitous ARP:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable learning of gratuitous
ARP packets.
gratuitous-arp-learning enable
Optional.
Enabled by default.
3. Enable the firewall to send
gratuitous ARP packets upon
receiving ARP requests from
another subnet.
gratuitous-arp-sending enable
By default, the firewall does not
send gratuitous ARP packets upon
receiving ARP requests from
another subnet.
4. Enter interface view.
interface interface-type
interface-number
N/A
5. Enable periodic sending of
gratuitous ARP packets and
set the sending interval.
arp send-gratuitous-arp [ interval
milliseconds ]
Disabled by default.
Configuring ARP automatic scanning and fixed ARP
Introduction
ARP automatic scanning is usually used together with the fixed ARP feature.
• With the ARP automatic scanning feature enabled, the firewall scans the LAN for neighbors by
sending ARP requests, and thereby obtains the MAC addresses of the neighbors and adds dynamic
ARP entries.
• With the fixed ARP feature, the device can convert dynamic ARP entries (including those added by
ARP automatic scanning) into static ones, thus preventing attackers from modifying ARP entries
effectively.
NOTE:
HP recommends that you use these two features in small-sized and stable networks, such as an Internet
café.