NDP Table¶

IPv6 Hosts use NDP (Neighbor Discovery Protocol) to locate IPv6 neighbors by MAC address on a directly connected network.

The NDP table in pfSense® software displays a list of IPv6 hosts on the network which have attempted to talk to or through the firewall within the past few minutes. If a host is up but has not talked to or through the firewall it will not appear in the NDP table.

See also

For IPv4 hosts, see ARP Table.

To view the contents of the NDP table in pfSense software, navigate to Diagnostics > NDP Table.

The page contains the following items for each NDP table entry:

IPv6 Address

The IPv6 address of the host.

MAC Address

The MAC address of the host.

A MAC address listed as (Incomplete) indicates that the firewall has attempted to discover the host via NDP but it has not yet received a valid response.

Tip

Installing the NMAP package activates a feature which allows the page to also display the manufacturer associated with the MAC address, if it is known. Note that this is not effective in some cases, such as for virtual machines which use randomly generated MAC addresses or for wireless clients which utilize privacy features that alter their MAC addresses.

Hostname

The fully qualified domain name, or at least the hostname portion, of the host. This can be discovered using reverse lookup of the IPv6 address via DNS.

Interface

The interface where the firewall observed the host. If the interface is assigned, this field contains the given name of the interface in pfSense software. Otherwise, the page displays the operating system interface name.

Expiration

The expiration status of the entry, typically one of two types:

Permanent: A static entry either located on the firewall itself (e.g. interface address, VIP) or a static NDP entry.
<time>: A dynamic NDP entry which will expire in <time> unless the host communicates to or through the firewall again.

Actions

Contains the fa-trash icon that, if clicked and confirmed, will remove this NDP table entry. This can nudge the firewall to discover a new MAC address for a host if it changes.

The fa-trash Clear NDP Table button purges the entire contents of the NDP table. Clearing the NDP table is not typically necessary but can help the firewall in situations where multiple hosts have changed MAC addresses and the firewall is still attempting to communicate with the old addresses.