Filter
Top Products
Appendix G Command Interpreter
ZyWALL 2 Plus User’s Guide
642
Figure 463 Routing Command Example
ARP Behavior and the ARP ackGratuitous Commands
The ZyWALL does not accept ARP reply information if the ZyWALL did not send out a
corresponding request. This helps prevent the ZyWALL from updating its ARP table with an
incorrect IP address to MAC address mapping due to a spoofed ARP. An incorrect IP to MAC
address mapping in the ZyWALL’s ARP table could cause the ZyWALL to send packets to
the wrong device.
Commands for Using or Ignoring Gratuitous ARP Requests
A host can send an ARP request to resolve its own IP address. This is called a gratuitous ARP
request. The packet uses the host’s own IP address as the source and destination IP address.
The packet uses the Ethernet broadcast address (FF:FF:FF:FF:FF:FF) as the destination MAC
address. This is used to determine if any other hosts on the network are using the same IP
address as the sending host. The other hosts in the network can also update their ARP table IP
address to MAC address mappings with this host’s MAC address.
The
ip arp ackGratuitous commands set how the ZyWALL handles gratuitous ARP
requests.
•Use
ip arp ackGratuitous active no to have the ZyWALL ignore gratuitous ARP
requests.
•Use
ip arp ackGratuitous active yes to have the ZyWALL respond to gratuitous
ARP requests.
For example, say the regular gateway goes down and a backup gateway sends a gratuitous
ARP request. If the request is for an IP address that is not already in the ZyWALL’s ARP
table, the ZyWALL sends an ARP request to ask which host is using the IP address. After
the ZyWALL receives a reply from the backup gateway, it adds an ARP table entry.
If the ZyWALL’s ARP table already has an entry for the IP address, the ZyWALL’s
response depends on how you configure the
ip arp ackGratuitous forceUpdate
command.
•Use
ip arp ackGratuitous forceUpdate on to have the ZyWALL update the
MAC address in the ARP entry.
•Use
ip arp ackGratuitous forceUpdate off to have the ZyWALL not
update the MAC address in the ARP entry.
A backup gateway (as in the following graphic) is an example of when you might want to turn
on the forced update for gratuitous ARP requests. One day gateway A shuts down and the
backup gateway (B) comes online using the same static IP address as gateway A. Gateway B
broadcasts a gratuitous ARP request to ask which host is using its IP address. If ackGratuitous
ras> ip nat routing 2 1
Routing can work in NAT when no NAT rule match.
-----------------------------------------------
LAN: no
DMZ: yes
WLAN: yes