Description
This article describes how to interpret the output of command diagnose ip arp list.
While troubleshooting certain connectivity issues, it is required to run the command ‘diagnose ip arp list’ which will provide an output as shown below:
diagnose ip arp list
index=34 ifname=root x.x.x.x 00:00:00:00:00:00 state=00000040 use=181994 confirm=187994 update=181994 ref=2
index=7 ifname=wan2 x.x.x.x 00:00:00:00:00:00 state=00000008 use=3 confirm=2480 update=179 ref=583
index=36 ifname=switch x.x.x.x 00:00:00:00:00:00state=00000002 use=0 confirm=0 update=3159 ref=125
index=5 ifname=wan1 x.x.x.x 00:00:00:00:00:00 state=00000002 use=32 confirm=670 update=212 ref=6
Related document:
The ARP state machine - Clemson Edu
Scope
FortiGate.
Solution
The explanation of each field from the above output is as follows:
index <----- This is the interface index of the corresponding FortiGate interface.
ifname <----- This is the name of the FortiGate interface.
x.x.x.x <----- This is the IP address of the neighbor device connected to the corresponding interface.
00:00:00:00:00:00 <----- This is the MAC address corresponding to the above IP address.
state <----- This is a hexadecimal value of the 8 bit field defining the current state of the ARP entry as shown below. (refer to table below)
use <----- Time in seconds, since the ARP entry was last used to add the MAC address to an egress packet.
confirm <----- Time in seconds, since the ARP entry entered the state REACHABLE/NOARP/PERMANENT.
update <----- Time in seconds, since the ARP entry was last updated with a ARP response.
ref <----- Number of time the ARP entry was used to forward an egress packet.
State mapping:
Related article:
