Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Arp Cache out time- Can be changed need to confirm

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Arp Cache out time- Can be changed need to confirm

Cyber Elite
Cyber Elite

 

I was able to change the default arp cache timeout from 1800 to 3600.

 

as shown below

 

 

set system setting arp-cache-timeout
<value> <60-65535> ARP cache timeout interval, in seconds

> set system setting arp-cache-timeout 3600

ARP cache timeout:3600

mparmar2@BMS> show arp all

maximum of entries supported : 1500
default timeout: 3600 seconds
total ARP entries in table : 12
total ARP entries shown : 12
status: s - static, c - complete, e - expiring, i - incomplete

interface ip address hw address port status ttl
--------------------------------------------------------------------------------
ethernet1/1 184.71.194.133 00:01:5c:97:f8:46 ethernet1/1 c 1038
ethernet1/2 10.1.10.2 bc:16:65:ed:e7:48 ethernet1/2 c 103
ethernet1/2 10.1.10.3 bc:16:65:ed:e7:48 ethernet1/2 c 266
ethernet1/2 10.1.10.6 bc:16:65:ed:e7:48 ethernet1/2 c 1093
ethernet1/2 10.1.10.7 bc:16:65:ed:e7:48 ethernet1/2 c 878
ethernet1/2 10.1.10.8 bc:16:65:ed:e7:48 ethernet1/2 c 36
ethernet1/2 10.1.10.9 bc:16:65:ed:e7:48 ethernet1/2 c 1737
ethernet1/2 10.1.10.10 bc:16:65:ed:e7:48 ethernet1/2 c 1680
ethernet1/2 10.1.10.11 bc:16:65:ed:e7:48 ethernet1/2 c 1051
ethernet1/2 10.1.10.40 bc:16:65:ed:e7:48 ethernet1/2 c 100
ethernet1/2 10.1.20.2 bc:16:65:ed:e7:48 ethernet1/2 c 43
ethernet1/7 10.23.104.20 00:11:bb:5e:a0:c1 ethernet1/7 c 42

 

 

But below knowledgebase says you can not ??

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldWCAS

MP

Help the community: Like helpful comments and mark solutions.
1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@MP18,

This was a new feature added in PAN-OS 8.1 and is now fully supported, so feel free to modify it to whatever you need within your environment. 

 

View solution in original post

5 REPLIES 5

Cyber Elite
Cyber Elite

@MP18,

This was a new feature added in PAN-OS 8.1 and is now fully supported, so feel free to modify it to whatever you need within your environment. 

 

Is this setting visible anywhere in the GUI?

 

Other than the "show arp" command, where is this visible in the system config?

 

From my testing, it appears this setting is not stored in the config, and restoring a config to a replacement unit does not preserve this setting.

L2 Linker
> show system setting arp-cache-timeout

Server error : You need superuser privileges to do that

The cli superreader level access should be sufficient to display this setting, and not require cli superuser.    The value can be found in a "show arp loopback" anyway.

L2 Linker

Also, the default state should still return a value.  It does not:

> show system setting arp-cache-timeout

Server error : Command succeeded with no output

Not visible in GUI

 

CLI --- show arp all   shows the value 

MP

Help the community: Like helpful comments and mark solutions.
  • 1 accepted solution
  • 7649 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!