My router connect to firewall via switch Layer 2, sometime my application have lost connection to server when i checked connection between my router and firewall i found it could not ping (timeout). I checked interface the status still up/up. I used show arp, i found it can solve MAC-address of firewall but sometime arp age-time is zero, i'm sure ip not conflict . How can i solve this problem ?
Pls see the Switch acting doing L2 functionality as well as HUB functionality.
Verify if something is bonded with the Switch port.
Guru Prasad R
Everytime to solve problem, i clear arp-cache, my router can ping firewall and my application will work again but 20-30 min the problem still happen
HI, [Pls Rate if HELPS]
Do you have some Log in the Switch for this problem.
Based on the Log we can suspect whether this is related to IOS or Hardware of Switch.
I suspect the Arp table is flooded and can you check some Arp flooding attack is getting initiated on some ports of the same switch.
PLS RATE if HELPS
Guru Prasad R
Which ARP cache are you clearing, the router, the PC and/or server, or the firewall?
It does look like an IP conflict, or perhaps a malicious gratuitous ARP.
Have a look at the ARP cache while it is working correctly, and again after it has stoppped working, and compare the two. You should be able to work out what is going on from the MAC addresses.
what is settings for the ARP age and MAC age on router and switch?
just an idea, if your application is running on the serevr with 2 NICs and one NIC is used very seldom or used only for incoming traffic (the server gets the traffic via this NIC and nothing send out), then switch where this NIC is connected, remove the MAC address from its MAC table afte MAC age, (unknown flood take the place then) but after expiration of ARP age on the router, router send ARP and server answers and then switch get the MAC information for its MAC table.
Compare the Arp Cache entries before reboot and after reboot.
ie., when everything works well and once it hangs.
DO RATE ALL HELPFUL POSTS.
Guru Prasad R
What about the MAC address before you clear the ARP ache - is it the same?
Which side is the problem on? I mean, when you are having the problem, cand you not ping the server from the router, or can you not ping the client?
I am presuming that the server and the client are on different VLANs and different subnets, and that each has a default gateway correctly configured for its own VLAN.
Yes, MAC-address of gateway before reload the router is the same as after reload. The problem is my application can't talk with the server, the network device between have one router, one switch (unmanaged) and one firewall. I setup default route to firewall when application have problem, i can't ping the firewall, gateway, from my router or client pc. I found my router still have MAC-address of firewall with age-time zero but i can't ping. I try to solve this problem by clear arp-cache, it work!! . I don't know why? , i think the Layer2 switch may be something wrong but it's normal unmanage switch. Please suggest me to solve this problem ( the problem will happen every 20 mins and i have to clear arp-cache every time)