How to clear arp cache on schedule
-
You have a good point…I'll review the logs the next time the problem occurs...thanks!
-
On cable, that kind of sounds like someone might be ARP poisoning the subnet. Could just be a problem on the ISP's network. ARP cache is very short lived, in the worst case scenario with defaults it'd take 20 minutes to switch over, if your ISP changed their router's hardware address at the exact time your machine did an ARP query.
Next time it happens, check what's in the ARP cache, then clear it, and compare afterwards. Can post back the ARP table both before and after if you're not sure what it's showing/telling.
-
thanks cmb!
-
Well, we lost internet access just after noon today, and according to our ISP they couldn't find anything wrong. I checked the logs and found the following entry just before we lost our connection: apinger: ALARM: WANGW(xxx.xxx.xxx.xxx) *** down ***
I found some references to the Gateway Monitoring feature in PFsense and how ISPs are known to ignore the requests at the gateway, resulting in the PFsense box "timing out" after not seeing any responses, and shutting down the WAN port.
I checked the Disable Gateway Monitoring box to keep the PFsense box from timing out…now it's time to wait and see if the problem comes back or goes away once and for all. Thanks everyone for your help...this is a great product and an awesome community! -
The gateway going down is a symptom, not a cause, of the problem.
-
And when this went down did you look at your arp cache? What did you have for your isp gateway?? Did you flush your cache, what did you have then.
Pretty sure this was clearly stated to look in the arp cache, since you say flushing it fixes your issue. But now when it goes down you don't even look there??
-
CMB…agreed
JOHNPOZ...I just realized that my last post was incomplete...yes, I looked at the arp cache and yes it was showing the ISP gateway. Flushing the arp cache didn't do anything so I had to reboot the pfsense box to get back online. Remember, this happened in the middle of the day, with several critical services depending on our internet connection, so I didn't have the luxury of time on my side. So far so good with our internet connectivity...keeping my fingers crossed that disabling the gateway monitoring feature works, at least for now.
-
I have seen this problem before.
1. check the cables first.
2. Next is your box is connected directly to the cable modem and not into a switch then the cable modem. If it is connected to a switch connect it directly and see if it happens cheap switches will do this and higher end switches will do this also if they are not set up correctly.
3. what cable modem and service are you using? If it is comcast go into the modem and disable smart packet inspection or call them and have them do it as this will cause the problem you are seeing as well.
4. are you using running snort on the box if so make sure it is not blocking you wan connection. -
Thanks for the additional info mschiek01.
Cables are good.
Pfsense box is connected directly to cable modem.
Using Cox cable service and I already spoke with them about using spi or anything else that might hinder traffic…nothing is set up in the cable modem at this time.
Not running snort on the pfsense box.By the way, so far so good...no hiccups since I disabled gateway monitoring...fingers crossed!
-
Try to setting up a "Cron Job" (the easy way is to just choose option 8 shell and type "arp -d -a"
Thats it.. -
Wiz – nice to have you on the forums, but you might want to actually read a thread before you post ;)
