Supressing "arp moved" messages on system logs



  • Hi again,
    My pfsense server is taking form, soon I'll capable of saying "its working!".  ;D

    I have some central servers working with interface bonding. They have several services, specially DNS and FreeRadius. After configuring them, I see several messages like those in my system log:

    May 20 15:05:40 kernel: arp: 10.4.0.17 moved from 00:2b:2b:fd:47:b6 to 00:2b:2b:fd:47:b4 on hn0
    May 20 15:05:42 kernel: arp: 10.4.0.17 moved from 00:2b:2b:fd:47:b4 to 00:2b:2b:fd:47:b6 on hn0
    May 20 15:05:49 kernel: arp: 10.4.0.17 moved from 00:2b:2b:fd:47:b6 to 00:2b:2b:fd:47:b4 on hn0
    May 20 15:05:51 kernel: arp: 10.4.0.17 moved from 00:2b:2b:fd:47:b4 to 00:2b:2b:fd:47:b6 on hn0

    I saw that in "System > Advanced > Networking" I can "Supress ARP Messages", which I believe will disable the messages. But, can I disable it just for this server?

    The case is that I expect this to happen, as this is a multi-interface server with bonding enabled. But I still wanted to know if this happens with a normal server…



  • This is often seen with Apple products that attempt to "save" an IP address for a device that's hibernating.

    There was a thread with similar issues: https://forum.pfsense.org/index.php?topic=57837.msg309137#msg309137.

    This is all assuming you don't actually have something nasty on your network trying to use an existing address…...



  • Thanks for the reply.

    Although the same messages appear, the case isn't similar; here, I have a Linux server with bonding interfaces (equivalent to NIC Teaming on Windows). It is expected (and somewhat desired) that it alternates on the bound interfaces to achieve load balance. So, I want that this server don't get logged.

    But I don't want to entirely disable this checking; if two workstations start conflicting their IP address, I'll want them logged.


  • Banned

    Well no such option exists. Either you get it logged or not.



  • Bonding interfaces that share the same IP but different MAC addresses is a hack. It may work, but it's undefined operations. There are proper MAC layer protocols that can do this sort of stuff. SMB3.1 supports bonding multiple interfaces with different IP addresses.



  • @doktornotor:

    Well no such option exists. Either you get it logged or not.

    Well, "no solution" is a a solution. I'll check if I can reconfigure the server to always use the same physical interface to serve the same machine; this may stop the MAC flapping to pfsense.



  • I often encounter this problem arp,Finally I use forced dhcp resolved.

    client must re get new ip and obtain IP via DHCP,Secretly setting is can't use Internet.packets will not be sent to pfsense

    cisco switch–>Try cisco DAI+DHCP Snooping

    ruckus controller-->enable option:"Enable Force DHCP,disconnect client if client does not obtain valid IP in XX seconds"


Log in to reply