Firewalls

arp

Overview

Change or view the ARP cache, and set the timeout value.

[no] arp if_name ip_address mac_address [alias]
clear arp
show arp [if_name] [ip_address mac_address alias]
[no] arp timeout seconds
show arp timeout

Description

if_name Internal or external interface name specified by nameif.

ip_address Host IP address for the ARP table entry.

mac_address Hardware MAC address for the ARP table entry; for example, 00e0.1e4e.3d8b.

alias Make this entry permanent. Alias entries do not time out and are automatically stored in the configuration when you use the write command to store the configuration.

seconds Duration that an ARP entry can exist in the ARP table before being cleared.

Usage

Add an entry to the firewall ARP cache.
ARP is a low-level TCP/IP protocol that resolves a node's physical address from its IP address through an ARP request asking the node with a particular IP address to send back its physical address. The presence of entries in the ARP cache indicates that the firewall has network connectivity.
The clear arp command clears the ARP table but not the alias (permanent) entries. Use the no arp command to remove these entries.
The show arp command lists the entries in the ARP table.
You can use the sysopt noproxyarp command to disable proxy-arps on an interface.
Use the arp command to add an entry for new hosts you add on the network or when you swap an existing host for another. Alternatively, you can wait for the duration specified with the arp timeout command to expire and the ARP table rebuilds itself automatically with the new host information.
The arp timeout command sets the duration that an ARP entry can stay in the firewall ARP table before expiring. The timer is known as the ARP persistence timer. The default value is
14,400 seconds (4 hours).
The no arp timeout command sets the timer to its default value. The show arp timeout command displays its current value.
Configuration mode.

Examples

The following examples illustrate use of the arp and arp timeout commands:
arp inside 192.168.0.42 00e0.1e4e.2a7c arp outside 192.168.0.43 00e0.1e4e.3d8b alias show arp outside 192.168.0.43 00e0.1e4e.3d8b alias inside 192.168.0.42 00e0.1e4e.2a7c clear arp inside 192.168.0.42 arp timeout 42 show arp timeout arp timeout 42 seconds no arp timeout show arp timeout arp timeout 14400 seconds

if_name	Internal or external interface name specified by nameif.
ip_address	Host IP address for the ARP table entry.
mac_address	Hardware MAC address for the ARP table entry; for example, 00e0.1e4e.3d8b.
alias	Make this entry permanent. Alias entries do not time out and are automatically stored in the configuration when you use the write command to store the configuration.
seconds	Duration that an ARP entry can exist in the ARP table before being cleared.