Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX interface affects local VLAN traffic

Hi,

I have a problem, in that servers on vlan 111 are intermitent in communicating them selve.

This vlan 111 is trunked with vlan 100 to pix gB-ethr3. Th server gateways are the vlan111 on the pix. (v100 physical, v111 logical, only one switch 4948 is connecting to the two failover pix GB-ether3.

Why is the local communication intermittent.

Note: The server team thinks that the pix trying to do ARP for evrything. What to look for to reason this.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX interface affects local VLAN traffic

disabling proxyarp just on the inside interface should do the job for you ( sysopt noproxyarp inside - stops PIX answering for the ARP requests coming from the inside interface ), as that's the network where you have got intermittent connectivity.

but it's worth trying , if the issue persists.

5 REPLIES

Re: PIX interface affects local VLAN traffic

what version of code are you running ?

pasting your code might help .

Community Member

Re: PIX interface affects local VLAN traffic

Hi Vikram,

Thank you.

PIX Version 6.3 is used.

and I stopped the proxy-arp function on the pix interface and it looks like it is working.

Re: PIX interface affects local VLAN traffic

that's what i was guessing too.

I think you will have to disable the proxy-arp thing - If I am not wrong.

"The fix is to turn off proxy-arp for this interface. "sysopt noproxyarp inside" stops PIX answering for the ARP requests coming from the inside interface "

I read this in a book

appreciate you replying to the thread :)

Community Member

Re: PIX interface affects local VLAN traffic

Thanks for that.

When i fied the inside by stopping proxy arp, suddenly the outside interface is trying to assist with it's proxy arp.

I'm planning to stop proxy-arp on the ouside. i do not know if this will affect any other interfaces as there is a lot of other interfaces on this pix.

Should i go for no-proxing on the outside/

Re: PIX interface affects local VLAN traffic

disabling proxyarp just on the inside interface should do the job for you ( sysopt noproxyarp inside - stops PIX answering for the ARP requests coming from the inside interface ), as that's the network where you have got intermittent connectivity.

but it's worth trying , if the issue persists.

122
Views
0
Helpful
5
Replies
CreatePlease to create content