Wired

last person joined: 8 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

AOS-CX DAI

  • 1.  AOS-CX DAI

    Posted Jun 17, 2020 09:48 AM

    Hello,

     

    currently i am testing with a R0X24A 6405 chassis/OS version FL.10.04.2000 and ARP inspection.

     

    When i configure ARP inspection on a vlan and i ping a device within that vlan, then we experience packet loss.

     

    I can't figure out what's going wrong.
    Is this a known issue or does anyone have tips to troublehoot this issue further?
     
     
    the config is very simple:
     
    interface 1/3/3
      no shutdown
      no routing
      vlan access 252
      exit
    interface lag 1
      description UPLINK
      no shutdown
      no routing
      vlan trunk native 1
      vlan trunk allowed all
      lacp mode active
      arp inspection trust
      dhcpv4-snooping trust
    vlan 252
      dhcpv4-snooping
      arp inspection
     

    #6400


  • 2.  RE: AOS-CX DAI

    Posted Jun 18, 2020 01:10 AM

    Good day!

    If possible, upgrade to latest 4.3000.

    After upgrade if you still see packet loss, please check show arp inspection statistics output.

    Please collect following output: 

     

    show arp inspection vlan 252
    show arp inspection statistics
    show tech arp-security

    Thank you,

    Yash

     



  • 3.  RE: AOS-CX DAI

    Posted Jun 18, 2020 05:01 AM

    Yash,

     

    upgrade to FL.10.04.3000 doesn't solve the problem.

     

    ping -c 100 -q xxx.xxx.252.12
    PING xxx.xxx..252.12 (xxx.xxx.252.12) 56(84) bytes of data.

    --- xxx.xxx.252.12 ping statistics ---
    100 packets transmitted, 84 received, 16% packet loss, time 101334ms
    rtt min/avg/max/mdev = 0.390/0.587/0.736/0.048 ms

     

    and when i disable arp inspection on the vlan:

    cx64-test(config)# vlan 252
    cx64-test(config-vlan-252)# no arp inspection

     

    ping -c 100 -q xxx.xxx.252.12
    PING xxx.xxx.252.12 (xxx.xxx.252.12) 56(84) bytes of data.

    --- xxx.xxx.252.12 ping statistics ---
    100 packets transmitted, 100 received, 0% packet loss, time 101380ms
    rtt min/avg/max/mdev = 0.378/0.569/0.647/0.051 ms

     

     

     

    See below the show arp command output:

     

    show arp inspection vlan 252

    -----------------------------------------------------------------
    VLAN Name ARP Inspection
    -----------------------------------------------------------------
    252 Default Enabled
    -----------------------------------------------------------------

     

     

    show arp inspection statistics vlan 252

    -----------------------------------------------------------------
    VLAN Name Forwarded Dropped
    -----------------------------------------------------------------
    252 Default 4730 2
    -----------------------------------------------------------------

     

    show tech arp-security
    ====================================================
    Show Tech executed on Thu Jun 18 10:47:46 2020
    ====================================================
    ====================================================
    [Begin] Feature arp-security
    ====================================================


    *********************************
    Command : show arp inspection statistics vlan
    *********************************

    -----------------------------------------------------------------
    VLAN Name Forwarded Dropped
    -----------------------------------------------------------------
    1 DEFAULT_VLAN_1 0 0
    252 Default 4777 2
    256 Access-Point 0 0
    257 Devices 0 0
    258 Fixed-IP 0 0
    261 TDS-TEST 0 0
    300 Voice 33 0
    301 Untrusted 0 0
    302 dead-end 0 0
    303 Employee 12854 0
    -----------------------------------------------------------------

    *********************************
    Command : show arp inspection vlan
    *********************************

    -----------------------------------------------------------------
    VLAN Name ARP Inspection
    -----------------------------------------------------------------
    1 DEFAULT_VLAN_1 -
    252 Default Enabled
    256 Access-Point -
    257 Devices Enabled
    258 Fixed-IP Enabled
    261 TDS-TEST -
    300 Voice Enabled
    301 Untrusted Enabled
    302 dead-end -
    303 Employee Enabled
    -----------------------------------------------------------------

    *********************************
    Command : show arp inspection interface
    *********************************

    ---------------------------------------------------------------------------
    Interface Trust-State
    ---------------------------------------------------------------------------
    1/3/1 Untrusted
    1/3/2 Untrusted
    1/3/3 Untrusted
    1/3/4 Untrusted
    1/3/5 Untrusted
    1/3/6 Untrusted
    1/3/7 Untrusted
    1/3/8 Untrusted
    1/3/9 Untrusted
    1/3/10 Untrusted
    1/3/11 Untrusted
    1/3/12 Untrusted
    1/3/13 Untrusted
    1/3/14 Untrusted
    1/3/15 Untrusted
    1/3/16 Untrusted
    1/3/17 Untrusted
    1/3/18 Untrusted
    1/3/19 Untrusted
    1/3/20 Untrusted
    1/3/21 Untrusted
    1/3/22 Untrusted
    1/3/23 Untrusted
    1/3/24 Untrusted
    1/3/25 Untrusted
    1/3/26 Untrusted
    1/3/27 Untrusted
    1/3/28 Untrusted
    1/3/29 Untrusted
    1/3/30 Untrusted
    1/3/31 Untrusted
    1/3/32 Untrusted
    1/3/33 Untrusted
    1/3/34 Untrusted
    1/3/37 Untrusted
    1/3/38 Untrusted
    1/3/39 Untrusted
    1/3/40 Untrusted
    1/3/41 Untrusted
    1/3/42 Untrusted
    1/3/43 Untrusted
    1/3/44 Untrusted
    1/3/45 Untrusted
    1/3/46 Untrusted
    1/3/47 Untrusted
    1/3/48 Trusted
    1/3/49 Untrusted
    1/3/50 Untrusted
    1/3/51 Untrusted
    1/3/52 Untrusted
    lag1 Trusted
    ---------------------------------------------------------------------------
    ====================================================
    [End] Feature arp-security
    ====================================================


    ====================================================
    Show Tech commands executed successfully
    ====================================================

     

     

     



  • 4.  RE: AOS-CX DAI

    Posted Jun 19, 2020 06:25 AM

    Did you also enabled DHCP snooping and forces a dhcp renew on the machine?