Why am I seeing MAC addresses starting with BA:BE in my LAN's ARP tables?
- Datto Network Manager
Our mesh technology uses a Bridge Loop Avoidance scheme that relies on the access points sending out Gratuitous ARP packets across the local network. Some of these ARP packets may have a source address that starts with BA:BE. Others may use the access point MAC address, but have a different sender address.
Keep in mind these Gratuitous ARP packets do not reference actual devices on the network, so network devices should not try to learn from these packets. Most network devices ignore Gratuitous ARP packets. In some cases network devices, such as managed switches or routers, do try to learn from these Gratuitous ARP packets. This may result in their internal MAC/ARP/CAM tables becoming filled with these entries. If these tables become filled the device may stop functioning correctly.
If you notice internal MAC/ARP/CAM tables are being filled on your network device, check what features it has that could cause it to try to learn from Gratuitous ARP packets. Check your network device manual specifically for any mention of "Gratuitous ARP", or ask the manufacturer how the device handles Gratuitous ARP packets. Alternatively you can decrease the "age out" time on your MAC/ARP/CAM tables to approximately 5 minutes, which is typically short enough to expire these entries before the table is full.