Filter
Top Products
Chapter 15 IP Commands
ZyWALL (ZyNOS) CLI Reference Guide
99
For example, say the regular gateway goes down and a backup gateway sends a gratuitous
ARP request. If the request is for an IP address that is not already in the ZyWALL’s ARP
table, the ZyWALL sends an ARP request to ask which host is using the IP address. After
the ZyWALL receives a reply from the backup gateway, it adds an ARP table entry.
If the ZyWALL’s ARP table already has an entry for the IP address, the ZyWALL’s
response depends on how you configure the
ip arp ackGratuitous forceUpdate
command.
•Use
ip arp ackGratuitous forceUpdate on to have the ZyWALL update the
MAC address in the ARP entry.
•Use
ip arp ackGratuitous forceUpdate off to have the ZyWALL not update
the MAC address in the ARP entry.
A backup gateway (as in the following graphic) is an example of when you might want to turn
on the forced update for gratuitous ARP requests. One day gateway A shuts down and the
backup gateway (B) comes online using the same static IP address as gateway A. Gateway B
broadcasts a gratuitous ARP request to ask which host is using its IP address. If ackGratuitous
is on and set to force updates, the ZyWALL receives the gratuitous ARP request and updates
its ARP table. This way the ZyWALL has a correct gateway ARP entry to forward packets
through the backup gateway. If ackGratuitous is off or not set to force updates, the ZyWALL
will not update the gateway ARP entry and cannot forward packets through gateway B.
Figure 3 Backup Gateway
Updating the ARP entries could increase the danger of spoofing attacks. It is only
recommended that you turn on ackGratuitous and force update if you need it like in the
previous backup gateway example. Turning on the force updates option is more dangerous
than leaving it off because the ZyWALL updates the ARP table even when there is an existing
entry.