Question

When would you *not* want to enable gratuitous ARP protection?

  • 27 February 2019
  • 1 reply
  • 1129 views

Userlevel 2
We have a collapsed core, with two x-460's using VRRP and MLAG for redundancy. All edge switches are trunked to these redundantly. We have several VLAN's, including one for VOIP. Wouldn't it make sense to turn on gratuitous arp protection for our VLAN's? In what case/situation would you *not* want to enable this protection?

1 reply

Userlevel 3
Badge
You should validate before enable gratuitous ARP protection for Servers, Routers, Firewall etc. especially if they use some kind of HA mechanism.

In VLANs where only clients reside it's mostly a a good idea to enable it to prevent spoofing.

Regards
Christoph

Reply