Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

AOS-CX DAI

This thread has been viewed 14 times
  • 1.  AOS-CX DAI

    Posted Jun 17, 2020 09:48 AM

    Hello,

     

    currently i am testing with a R0X24A 6405 chassis/OS version FL.10.04.2000 and ARP inspection.

     

    When i configure ARP inspection on a vlan and i ping a device within that vlan, then we experience packet loss.

     

    I can't figure out what's going wrong.
    Is this a known issue or does anyone have tips to troublehoot this issue further?
     
     
    the config is very simple:
     
    interface 1/3/3
      no shutdown
      no routing
      vlan access 252
      exit
    interface lag 1
      description UPLINK
      no shutdown
      no routing
      vlan trunk native 1
      vlan trunk allowed all
      lacp mode active
      arp inspection trust
      dhcpv4-snooping trust
    vlan 252
      dhcpv4-snooping
      arp inspection
     

    #6400


  • 2.  RE: AOS-CX DAI

    EMPLOYEE
    Posted Jun 18, 2020 01:10 AM

    Good day!

    If possible, upgrade to latest 4.3000.

    After upgrade if you still see packet loss, please check show arp inspection statistics output.

    Please collect following output: 

     

    show arp inspection vlan 252
    show arp inspection statistics
    show tech arp-security

    Thank you,

    Yash

     



  • 3.  RE: AOS-CX DAI

    Posted Jun 18, 2020 05:01 AM

    Yash,

     

    upgrade to FL.10.04.3000 doesn't solve the problem.

     

    ping -c 100 -q xxx.xxx.252.12
    PING xxx.xxx..252.12 (xxx.xxx.252.12) 56(84) bytes of data.

    --- xxx.xxx.252.12 ping statistics ---
    100 packets transmitted, 84 received, 16% packet loss, time 101334ms
    rtt min/avg/max/mdev = 0.390/0.587/0.736/0.048 ms

     

    and when i disable arp inspection on the vlan:

    cx64-test(config)# vlan 252
    cx64-test(config-vlan-252)# no arp inspection

     

    ping -c 100 -q xxx.xxx.252.12
    PING xxx.xxx.252.12 (xxx.xxx.252.12) 56(84) bytes of data.

    --- xxx.xxx.252.12 ping statistics ---
    100 packets transmitted, 100 received, 0% packet loss, time 101380ms
    rtt min/avg/max/mdev = 0.378/0.569/0.647/0.051 ms

     

     

     

    See below the show arp command output:

     

    show arp inspection vlan 252

    -----------------------------------------------------------------
    VLAN Name ARP Inspection
    -----------------------------------------------------------------
    252 Default Enabled
    -----------------------------------------------------------------

     

     

    show arp inspection statistics vlan 252

    -----------------------------------------------------------------
    VLAN Name Forwarded Dropped
    -----------------------------------------------------------------
    252 Default 4730 2
    -----------------------------------------------------------------

     

    show tech arp-security
    ====================================================
    Show Tech executed on Thu Jun 18 10:47:46 2020
    ====================================================
    ====================================================
    [Begin] Feature arp-security
    ====================================================


    *********************************
    Command : show arp inspection statistics vlan
    *********************************

    -----------------------------------------------------------------
    VLAN Name Forwarded Dropped
    -----------------------------------------------------------------
    1 DEFAULT_VLAN_1 0 0
    252 Default 4777 2
    256 Access-Point 0 0
    257 Devices 0 0
    258 Fixed-IP 0 0
    261 TDS-TEST 0 0
    300 Voice 33 0
    301 Untrusted 0 0
    302 dead-end 0 0
    303 Employee 12854 0
    -----------------------------------------------------------------

    *********************************
    Command : show arp inspection vlan
    *********************************

    -----------------------------------------------------------------
    VLAN Name ARP Inspection
    -----------------------------------------------------------------
    1 DEFAULT_VLAN_1 -
    252 Default Enabled
    256 Access-Point -
    257 Devices Enabled
    258 Fixed-IP Enabled
    261 TDS-TEST -
    300 Voice Enabled
    301 Untrusted Enabled
    302 dead-end -
    303 Employee Enabled
    -----------------------------------------------------------------

    *********************************
    Command : show arp inspection interface
    *********************************

    ---------------------------------------------------------------------------
    Interface Trust-State
    ---------------------------------------------------------------------------
    1/3/1 Untrusted
    1/3/2 Untrusted
    1/3/3 Untrusted
    1/3/4 Untrusted
    1/3/5 Untrusted
    1/3/6 Untrusted
    1/3/7 Untrusted
    1/3/8 Untrusted
    1/3/9 Untrusted
    1/3/10 Untrusted
    1/3/11 Untrusted
    1/3/12 Untrusted
    1/3/13 Untrusted
    1/3/14 Untrusted
    1/3/15 Untrusted
    1/3/16 Untrusted
    1/3/17 Untrusted
    1/3/18 Untrusted
    1/3/19 Untrusted
    1/3/20 Untrusted
    1/3/21 Untrusted
    1/3/22 Untrusted
    1/3/23 Untrusted
    1/3/24 Untrusted
    1/3/25 Untrusted
    1/3/26 Untrusted
    1/3/27 Untrusted
    1/3/28 Untrusted
    1/3/29 Untrusted
    1/3/30 Untrusted
    1/3/31 Untrusted
    1/3/32 Untrusted
    1/3/33 Untrusted
    1/3/34 Untrusted
    1/3/37 Untrusted
    1/3/38 Untrusted
    1/3/39 Untrusted
    1/3/40 Untrusted
    1/3/41 Untrusted
    1/3/42 Untrusted
    1/3/43 Untrusted
    1/3/44 Untrusted
    1/3/45 Untrusted
    1/3/46 Untrusted
    1/3/47 Untrusted
    1/3/48 Trusted
    1/3/49 Untrusted
    1/3/50 Untrusted
    1/3/51 Untrusted
    1/3/52 Untrusted
    lag1 Trusted
    ---------------------------------------------------------------------------
    ====================================================
    [End] Feature arp-security
    ====================================================


    ====================================================
    Show Tech commands executed successfully
    ====================================================

     

     

     



  • 4.  RE: AOS-CX DAI

    Posted Jun 19, 2020 06:25 AM

    Did you also enabled DHCP snooping and forces a dhcp renew on the machine?