Duplicate Address Detection (DAD)/Gratuitous ARP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Duplicate Address Detection (DAD)/Gratuitous ARP

L6 Presenter

hi!

I was wondering if a PAN firewall performs Duplicate Address Detection (DAD) by sending ARP Request packets for IP addresses on an interface once it is connected to a switch? does it do it only for the primary address on an interface or does it do it for all the IP addresses that are configured as aliases on an interface?

we have noticed that if we replace a malfunctioning firewall with an on-site spare unit, that has the exact same configuration but a different MAC address on the internet interface, we are unable to use all the addresses that are configured as aliases on that interface. once the ARP cache on the provider router times out (by default on a Cisco device it takes 4 hours) and the binding between MAC and IP addresses is refreshed, all the connectivity problems are resolved.

cheers,

Andrej

1 REPLY 1

L2 Linker

Hi Andrej,

Nothing special is sent when an interface comes up.

Gartuitous Arp will be sent over every interfaces (including subint) but only in HA mode and only during a commit or a failover.

Best Regards

-Nicolas

  • 4645 Views
  • 1 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!