11-24-2021 10:07 AM
Hello ,
I have multiple firewall with running PAN-OS 9.1.11 and above version.
i am facing an issue to generate XML output command of ARP managment.
When i run the ARP managment command to set XML output on i am getting the below error:-
admin@PA-VM-Passive> set cli op-command-xml-output on
admin@PA-VM-Passive> show arp management
Server error : An error occured. See dagger.log for information.
when i checked the dagger.log and i got the below output:-
2021-11-24 09:21:29.968 +0300 OPCMD: handler "counter.show_global"
2021-11-24 09:24:32.350 +0300 OPCMD: handler "arp.show_completer"
2021-11-24 09:24:33.847 +0300 OPCMD: handler "arp"
Traceback (most recent call last):
File "/usr/share/dagger/arp.py", line 59, in __xml__
return self.mgmtif.show_arp_xml(*args, **kwargs)
File "/usr/share/dagger/mgmtif.py", line 579, in show_arp_xml
return self._show_arp(*args, **kwargs)
File "/usr/share/dagger/mgmtif.py", line 527, in _show_arp
arp_to_buf('/sbin/arp %s -i eth1' % dns, buf, header, fprint, "", "")
File "/usr/share/dagger/mgmtif.py", line 498, in arp_to_buf
pfunc(buf, o)
File "/usr/share/dagger/mgmtif.py", line 570, in print_entry
buf.append( { 'interface':e[-1], 'ip':e[0], 'mac':e[2], 'status':e[3] } )
IndexError: list index out of range
However when i run the show arp managment to off the XML output i got the result succesfully.
One more point i want to add if i run any command to get the XML output i got the result succesfully.
below is the example:-
admin@PA-VM-Passive> set cli op-command-xml-output on
admin@PA-VM-Passive> show arp all
<response status="success"><result>
<max>1500</max>
<total>11</total>
<timeout>1800</timeout>
<dp>dp0</dp>
<entries>
<entry>
<status> c </status>
<ip>192.168.30.101</ip>
<mac>00:0c:29:04:e0:aa</mac>
<ttl>761</ttl>
<interface>ethernet1/1</interface>
<port>ethernet1/1</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.6.16</ip>
<mac>00:0c:29:f1:38:4c</mac>
<ttl>1696</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.6.27</ip>
<mac>00:0c:29:9b:58:36</mac>
<ttl>308</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.6.36</ip>
<mac>00:0c:29:52:0b:77</mac>
<ttl>165</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.6.135</ip>
<mac>00:0c:29:0f:84:39</mac>
<ttl>576</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.6.225</ip>
<mac>00:0c:29:4b:7e:01</mac>
<ttl>639</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.6.234</ip>
<mac>00:0c:29:6d:75:61</mac>
<ttl>1096</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.6.235</ip>
<mac>00:0c:29:3c:82:91</mac>
<ttl>605</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.7.70</ip>
<mac>00:0c:29:22:27:55</mac>
<ttl>273</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.7.236</ip>
<mac>00:0c:29:a9:34:df</mac>
<ttl>1689</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
<entry>
<status> c </status>
<ip>172.16.7.254</ip>
<mac>00:1b:17:00:0a:11</mac>
<ttl>1792</ttl>
<interface>ethernet1/2</interface>
<port>ethernet1/2</port>
</entry>
</entries>
</result></response>
Has anyone suggest on this.
11-24-2021 02:53 PM
Hi @Joshan_Lakhani ,
It may be a bug in PAN-OS 9.1.11. I am running 10.1.3, and the comand works fine for me.
tyoung@fdsnsdfw01> show arp management
<response status="success"><result>
<total>2</total>
<entries>
<entry>
<interface>eth0</interface>
<ip>removed</ip>
<mac>removed</mac>
<status>C</status>
</entry>
<entry>
<interface>eth0</interface>
<ip>removed</ip>
<mac>removed</mac>
<status>C</status>
</entry>
</entries>
</result></response>
Thanks,
Tom
11-29-2021 10:17 PM
I am facing the same issue. i have tried with the different firewalls with the same version some firewalls show the error and some do not.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
