Introduction to gratuitous ARP
In a gratuitous ARP packet, the sender IP address and the target IP address are both the IP address of the sending switch.
A switch sends gratuitous ARP packets for the following purposes:
To determine whether its IP address is already used by another device. If the IP address is already used, the device issuing the gratuitous ARP packet will be informed by an ARP reply of the conflict.
To inform other devices about the change of its MAC address so that they can update their ARP entries.
Enabling learning of gratuitous ARP packets
With this feature enabled, a switch receiving a gratuitous ARP packet adds the sender IP and MAC addresses carried in the packet to its ARP table if no corresponding ARP entry exists. If a corresponding ARP entry is found, the switch updates the ARP entry.
After this feature is disabled, the switch will use the address information in the received gratuitous ARP packets to update the existing ARP entries only, but not to create new ARP entries.
Configuring periodic sending of gratuitous ARP packets
Enabling a switch to periodically send gratuitous ARP packets helps downstream devices update their corresponding ARP entries or MAC entries in time. This feature can be used to prevent gateway spoofing, and prevent ARP entries from aging out.
Prevent gateway spoofing
When an attacker sends forged gratuitous ARP packets to the hosts on a network, the traffic destined for the gateway from the hosts is sent to the attacker instead. As a result, the hosts cannot access the external network.
To prevent such gateway spoofing attacks, enable the gateway to send gratuitous ARP packets containing its primary IP address and manually configured secondary IP addresses at a specific interval. In this way, each host can learn correct gateway address information.
Prevent ARP entries from aging out
If network traffic is heavy or a host's CPU usage is high, received ARP packets may be discarded or not processed in time. Eventually, the dynamic ARP entries on the receiving host will age out, and the traffic between the host and the corresponding devices will be interrupted until the host re-creates the ARP entries.
To prevent this problem, enable the gateway to send gratuitous ARP packets periodically. The gratuitous ARP packets contain the gateway's primary IP address or one of its manually configured secondary IP addresses. In this way, the receiving host can update ARP entries in time and thus ensure traffic continuity.