- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-20-2019 06:45 PM
I was able to change the default arp cache timeout from 1800 to 3600.
as shown below
set system setting arp-cache-timeout
<value> <60-65535> ARP cache timeout interval, in seconds
> set system setting arp-cache-timeout 3600
ARP cache timeout:3600
mparmar2@BMS> show arp all
maximum of entries supported : 1500
default timeout: 3600 seconds
total ARP entries in table : 12
total ARP entries shown : 12
status: s - static, c - complete, e - expiring, i - incomplete
interface ip address hw address port status ttl
--------------------------------------------------------------------------------
ethernet1/1 184.71.194.133 00:01:5c:97:f8:46 ethernet1/1 c 1038
ethernet1/2 10.1.10.2 bc:16:65:ed:e7:48 ethernet1/2 c 103
ethernet1/2 10.1.10.3 bc:16:65:ed:e7:48 ethernet1/2 c 266
ethernet1/2 10.1.10.6 bc:16:65:ed:e7:48 ethernet1/2 c 1093
ethernet1/2 10.1.10.7 bc:16:65:ed:e7:48 ethernet1/2 c 878
ethernet1/2 10.1.10.8 bc:16:65:ed:e7:48 ethernet1/2 c 36
ethernet1/2 10.1.10.9 bc:16:65:ed:e7:48 ethernet1/2 c 1737
ethernet1/2 10.1.10.10 bc:16:65:ed:e7:48 ethernet1/2 c 1680
ethernet1/2 10.1.10.11 bc:16:65:ed:e7:48 ethernet1/2 c 1051
ethernet1/2 10.1.10.40 bc:16:65:ed:e7:48 ethernet1/2 c 100
ethernet1/2 10.1.20.2 bc:16:65:ed:e7:48 ethernet1/2 c 43
ethernet1/7 10.23.104.20 00:11:bb:5e:a0:c1 ethernet1/7 c 42
But below knowledgebase says you can not ??
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldWCAS
04-21-2019 08:25 PM
This was a new feature added in PAN-OS 8.1 and is now fully supported, so feel free to modify it to whatever you need within your environment.
04-21-2019 08:25 PM
This was a new feature added in PAN-OS 8.1 and is now fully supported, so feel free to modify it to whatever you need within your environment.
08-11-2023 08:42 AM
Is this setting visible anywhere in the GUI?
Other than the "show arp" command, where is this visible in the system config?
From my testing, it appears this setting is not stored in the config, and restoring a config to a replacement unit does not preserve this setting.
08-11-2023 09:01 AM - edited 08-11-2023 10:17 AM
> show system setting arp-cache-timeout Server error : You need superuser privileges to do that
The cli superreader level access should be sufficient to display this setting, and not require cli superuser. The value can be found in a "show arp loopback" anyway.
08-11-2023 09:04 AM
Also, the default state should still return a value. It does not:
> show system setting arp-cache-timeout
Server error : Command succeeded with no output
08-11-2023 09:51 AM
Not visible in GUI
CLI --- show arp all shows the value
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!