valid for.
For example, the first entry has an expiry value of 45 which means that this entry will be rendered
invalid and removed from the ARP Cache in 45 seconds. If traffic is going to be sent to the
192.168.0.10 IP address after the expiration, NetDefendOS will issue a new ARP request.
The default expiration time for dynamic ARP entries is 900 seconds (15 minutes). This can be
changed by modifying the advanced setting ARP Expire.
The advanced setting ARP Expire Unknown specifies how long NetDefendOS will remember
addresses that cannot be reached. This limit is needed to ensure that NetDefendOS does not
continuously request such addresses. The default value for this setting is 3 seconds.
Example 3.13. Displaying the ARP Cache
The contents of the ARP Cache can be displayed from within the CLI.
Command-Line Interface
gw-world:/> arp -show
ARP cache of iface lan
Dynamic 10.4.0.1
= 1000:0000:4009
Expire=196
Dynamic 10.4.0.165
= 0002:a529:1f65
Expire=506
Flushing the ARP Cache
If a host in a network is replaced with new hardware and retains the same IP address then it will
probably have a new MAC address. If NetDefendOS has an old ARP entry for the host in its ARP
cache then that entry will become invalid because of the changed MAC address and this will cause
data to be sent to the host over Ethernet which will never reach its destination.
After the ARP entry expiration time, NetDefendOS will learn the new MAC address of the host but
sometimes it may be necessary to manually force the update. The easiest way to achieve this is by
flushing the ARP cache. This deletes all dynamic ARP entries from the cache and forces
NetDefendOS to issue new ARP queries to discover the MAC/IP address mappings for connected
hosts.
Flushing can be done with the CLI command arp -flush.
Example 3.14. Flushing the ARP Cache
This example shows how to flush the ARP Cache from within the CLI.
Command-Line Interface
gw-world:/> arp -flush
ARP cache of all interfaces flushed.
The Size of the ARP Cache
By default, the ARP Cache is able to hold 4096 ARP entries at the same time. This is adequate for
most scenarios but on rare occasions, such as when there are several very large LANs directly
connected to the firewall, it may be necessary to adjust this value upwards. This can be done by
modifying the ARP advanced setting ARP Cache Size.
3.4.2. The NetDefendOS ARP Cache
Chapter 3. Fundamentals
113
Summary of Contents for NetDefend DFL-260E
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Page 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...