Palo Alto Networks Knowledgebase: Trigger a Gratuitous ARP (GARP) from a Palo Alto Networks Device

Trigger a Gratuitous ARP (GARP) from a Palo Alto Networks Device

19988
Created On 08/05/19 20:24 PM - Last Updated 08/05/19 20:36 PM
Content Release Deployment
Resolution

Overview

Gratuitous ARP (GARP) is used to update an ARP table of the hosts in a Broadcast Domain when the sender's IP address or MAC address has changed. Other usages of GARP include detecting IP conflicts and during HA fail-overs.

Note: The contents of this document describes capabilities introduced in PAN-OS 4.0.

Details

In situations where there is no control over the upstream devices, the a command from the CLI can be used to update the ARP table of connected Layer3 devices that are unable to auto-update their ARP table. The following command will send gratuitous ARP for an IP address from a specific interface:

> test arp gratuitous ip <ip/netmask> interface <interface name>


Example

The following is an example of an interface details listing:

> show interface ethernet1/3

---------------------------------------------------------------------------

Name: ethernet1/3, ID: 18

Link status:

  Runtime link speed/duplex/state: 1000/full/up

  Configured link speed/duplex/state: auto/auto/auto

MAC address:

  Port MAC address 00:1b:17:09:21:12

Operation mode: layer3

Untagged sub-interface support: no

---------------------------------------------------------------------------

Name: ethernet1/3, ID: 18

Operation mode: layer3

Virtual router default

Interface MTU 1500

Interface IP address: 10.66.24.67/23

To update the ARP table of connected hosts for the ethernet1/3 IP Subnet (10.66.24.67/23  with MAC address of 00:1b:17:09:21:12), run the following CLI command:

> test arp gratuitous ip 10.66.24.67 interface ethernet1/3

1 ARPs were sent

PCAP details:

Ethernet II, Src: PaloAlto_09:21:12 (00:1b:17:09:21:12), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

    Destination: Broadcast (ff:ff:ff:ff:ff:ff)

    Source: PaloAlto_09:21:12 (00:1b:17:09:21:12)

    Type: ARP (0x0806)

Address Resolution Protocol (request/gratuitous ARP)

    Hardware type: Ethernet (1)

    Protocol type: IP (0x0800)

    Hardware size: 6

    Protocol size: 4

    Opcode: request (1)

   [Is gratuitous: True]

    Sender MAC address: PaloAlto_09:21:12 (00:1b:17:09:21:12)

    Sender IP address: 10.66.24.67 (10.66.24.67)

    Target MAC address: Broadcast (ff:ff:ff:ff:ff:ff)

    Target IP address: 10.66.24.67 (10.66.24.67)

NAT Scenario Example

Any IP address in subnet 10.66.24.67/23 can be used with the test arp gratuitous command to forcefully refresh the IP-MAC address mapping on connected Layer-3 devices. An example scenario for the use of the command is for an inbound NAT configuration on a Palo Alto Networks firewall.

The following is the destination NAT rule configured to translate traffic for IP 10.66.24.139, received on interface ethernet1/3, to an internal IP of 192.168.67.5:

> show running nat-policy

Inbound-NAT  {

        from untrust-L3;

        source any;

        to untrust-L3;

        to-interface  ;

        destination 10.66.24.139;

        service any/any/any;

        translate-to "dst: 192.168.67.5";

}

To update the ARP table of connected hosts with IP address 10.66.24.139  (used in above NAT rule) with the ethernet1/3 MAC address 00:1b:17:09:21:12, run the CLI command as follows:

> test arp gratuitous ip 10.66.24.139 interface ethernet1/3

ARPs were sent

PCAP details:

Ethernet II, Src: PaloAlto_09:21:12 (00:1b:17:09:21:12), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

    Destination: Broadcast (ff:ff:ff:ff:ff:ff)

    Source: PaloAlto_09:21:12 (00:1b:17:09:21:12)

    Type: ARP (0x0806)

Address Resolution Protocol (request/gratuitous ARP)

    Hardware type: Ethernet (1)

    Protocol type: IP (0x0800)

    Hardware size: 6

    Protocol size: 4

    Opcode: request (1)

   [Is gratuitous: True]

    Sender MAC address: PaloAlto_09:21:12 (00:1b:17:09:21:12)

    Sender IP address: 10.66.24.139 (10.66.24.139)

    Target MAC address: Broadcast (ff:ff:ff:ff:ff:ff)

    Target IP address: 10.66.24.139 (10.66.24.139)

owner: akawimandan



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clu9CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language