01-08-2013 11:59 PM
I was wondering if a PAN firewall performs Duplicate Address Detection (DAD) by sending ARP Request packets for IP addresses on an interface once it is connected to a switch? does it do it only for the primary address on an interface or does it do it for all the IP addresses that are configured as aliases on an interface?
we have noticed that if we replace a malfunctioning firewall with an on-site spare unit, that has the exact same configuration but a different MAC address on the internet interface, we are unable to use all the addresses that are configured as aliases on that interface. once the ARP cache on the provider router times out (by default on a Cisco device it takes 4 hours) and the binding between MAC and IP addresses is refreshed, all the connectivity problems are resolved.
01-09-2013 03:41 AM
Nothing special is sent when an interface comes up.
Gartuitous Arp will be sent over every interfaces (including subint) but only in HA mode and only during a commit or a failover.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!