Figure 471 routing command example, Arp behavior and the arp ackgratuitous commands – ZyXEL Communications ZyXEL ZyWALL 2WG User Manual
Page 704
Appendix I Command Interpreter
ZyWALL 2WG User’s Guide
704
Figure 471 Routing Command Example
ARP Behavior and the ARP ackGratuitous Commands
The ZyWALL does not accept ARP reply information if the ZyWALL did not send out a
corresponding request. This helps prevent the ZyWALL from updating its ARP table with an
incorrect IP address to MAC address mapping due to a spoofed ARP. An incorrect IP to MAC
address mapping in the ZyWALL’s ARP table could cause the ZyWALL to send packets to
the wrong device.
Commands for Using or Ignoring Gratuitous ARP Requests
A host can send an ARP request to resolve its own IP address. This is called a gratuitous ARP
request. The packet uses the host’s own IP address as the source and destination IP address.
The packet uses the Ethernet broadcast address (FF:FF:FF:FF:FF:FF) as the destination MAC
address. This is used to determine if any other hosts on the network are using the same IP
address as the sending host. The other hosts in the network can also update their ARP table IP
address to MAC address mappings with this host’s MAC address.
The
ip arp ackGratuitous
commands set how the ZyWALL handles gratuitous ARP
requests.
• Use
ip arp ackGratuitous active no
to have the ZyWALL ignore gratuitous ARP
requests.
• Use
ip arp ackGratuitous active yes
to have the ZyWALL respond to gratuitous
ARP requests.
For example, say the regular gateway goes down and a backup gateway sends a gratuitous
ARP request. If the request is for an IP address that is not already in the ZyWALL’s ARP
table, the ZyWALL sends an ARP request to ask which host is using the IP address. After
the ZyWALL receives a reply from the backup gateway, it adds an ARP table entry.
If the ZyWALL’s ARP table already has an entry for the IP address, the ZyWALL’s
response depends on how you configure the
ip arp ackGratuitous forceUpdate
command.
• Use
ip arp ackGratuitous forceUpdate on
to have the ZyWALL update the
MAC address in the ARP entry.
• Use
ip arp ackGratuitous forceUpdate off
to have the ZyWALL not
update the MAC address in the ARP entry.
A backup gateway (as in the following graphic) is an example of when you might want to turn
on the forced update for gratuitous ARP requests. One day gateway A shuts down and the
backup gateway (B) comes online using the same static IP address as gateway A. Gateway B
broadcasts a gratuitous ARP request to ask which host is using its IP address. If ackGratuitous
ras> ip nat routing 2 1
Routing can work in NAT when no NAT rule match.
-----------------------------------------------
LAN: no
DMZ: yes
WLAN: yes