Find out what is causing an ARP?
-
I am getting:
kernel: arplookup 10.118.125.16 failed: host is not on local network under the system logs.
I do not have anything either local or remote on that subnet so how can I find out what is trying to make that request so I can take any needed actions?
I looked at firewall logs but dont see that address listed… I get a lot of these every day and it just adds more overhead.
Thx!
-
Check for incorrect static routes, dhcp interfaces that lost the lease, situations where the default gateway dies and/or for systems on your local subnet with different subnetranges. There is always the option to silence arp errors by ticking the option at system>advanced.
-
I rather try to resolve it than just silance the arp. :)
But not using DHCP on pfsense, no static routes and do have another subnet that our phones are on but the pfsense also has a 2nd nic for that… Both subnets are 10.10.100.x and 10.10.200.x...
-
Are both subnets running on the same Layer2 network? Did you check for incorrectly configured clients on your network?
-
Both on same network. All clients are setup correct, as are all the phones.
I have the option on so that the two subnets cant arp eachother but just not sure what this one comes from. No way to get a MAC addy of whats doing it or anything?
-
Run a tcpdump. When I've seen this, it has been due to an incorrectly configured machine on the network.
-
You can download a packet capture from diagnostcs>packet capture for further analysis with wireshark.
-
Well I found what it is.
The 2nd WAN modem has its own public IP as its the gateway for pfsense, but it seems it also has that IP… Found if I give my PC an IP on that subnet and plug into the modem I can ping it. Cant get any other prot. to talk though... It seems the modem arps from that local subnet as well as its public...
This normally would not be allowed as the WAN has that options to block local networks on the wan port but this is a 2nd WAN and does not have that option..