Why am I seeing MACs starting with BA:BE in my LAN ARP tables?

Follow

Our mesh technology uses a Bridge Loop Avoidance scheme that relies on the access points sending out Gratuitous ARP packets across the local network. Some of these ARP packets may have a source address that starts with BA:BE. Others may use the access point MAC address, but have a different sender address.

Keep in mind these Gratuitous ARP packets do not reference actual devices on the network, so network devices should not try to learn from these packets. Most network devices ignore Gratuitous ARP packets. In some cases network devices, such as manged switches or routers, do try to learn from these Gratuitous ARP packets. This may result in their internal MAC/ARP/CAM tables becoming filled with these entries. If these tables become filled the device may stop functioning correctly.

If you notice internal MAC/ARP/CAM tables are being filled on your network device, check what features it has that could cause it to try to learn from Gratuitous ARP packets. Check your network device manual specifically for any mention of "Gratuitous ARP", or ask the manufacturer how the device handles Gratuitous ARP packets. Alternatively you can decrease the "age out" time on your MAC/ARP/CAM tables to approximately 5 minutes, which is typically short enough to expire these entries before the table is full.

 

Have more questions? Submit a request!

Powered by Zendesk