Network Management

 View Only
last person joined: 15 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

No Switchport at ARP Entries

This thread has been viewed 15 times

  • 1.  No Switchport at ARP Entries

    Posted Dec 14, 2022 04:50 AM

    Hey Airheads,

    in the past month I have some trouble with our 5406Rzl2 switches.

    Sometimes the arp entry does not contain a port int the arp table. Her an example:

    IP Address MAC Address Type Port
    --------------- ----------------- ------- ----
    1.2.3.4 123456-abcdef dynamic Mesh
    1.2.3.5 654321-abcdef dynamic 
    1.2.3.6 567890-fedcba dynamic A3

    When I start a ping to 1.2.3.5 the request gets a timeoute even if I set the timeout to 10 seconds.

    After this ping the switchport for is 1.2.3.5 is displayed in the arp table and the ping and other requests which get switched over this switch works. No matter if its a ping or a sftp request, the first try will get a timeout. The second try works perfecly fine.

    I had this issue on some hosts not just this (example) one. I saw this on all our 5406Rzl2 switches. There are four deviced cross connected via mesh.

    Could this be a case with the dynamic arp protection?


    thanks!
    Best regards

    Finn



  • 2.  RE: No Switchport at ARP Entries

    EMPLOYEE
    Posted Dec 14, 2022 09:32 AM
    If you have that situation, can you check if 'show mac-address' shows the MAC address that is listed for 1.2.3.5?

    What I can imagine is that if the switch has an arp entry but no port in the the mac-address table, that it doesn't know where to send the packet. In that case it should either send it to all ports in the VLANs, or it should do an ARP first and then send it to the right destination (but it knows the mac already).

    And yes, the thought that this may be related to dynamic arp protection or other protection features sounds reasonable. However, unless you can't quickly test by disabling arp protection and see if that resolves the issue, I would open a support case for this to have it be investigated because this sounds like something really undesirable which needs to be addressed.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: No Switchport at ARP Entries

    Posted Dec 14, 2022 10:28 AM
    Hey Herman,

    thanks for your reply! :)

    I've checked the switch again. There were multiple arp entries, which had no switchport. Then I searched for the mac-addresses with sh mac-address | i [mac]. None of them had mac-addresses entry.

    Im not an expert at this point. But I think an arp entry without an matching mac-address entry for the mac-address is pretty much useless right?


    regards
    Finn
    Original Message


  • 4.  RE: No Switchport at ARP Entries

    EMPLOYEE
    Posted Dec 15, 2022 03:23 AM
    ARP and the mac address table are two separate things, but it looks weird to have an ARP entry without mac table entry because an arp cannot get in without the mac address being recorded. What could be is that timers are different, but then still that would only apply if the device with that MAC address is extremely quiet (not sending any traffic).

    I would recommend to open a TAC case to get this further investigated. It may be normal, but the behavior you see is not desired. And if this would be common behavior, many more people should have noticed, which means that it probably is something specific for your environment. ARP protection may be one thing to look at.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message