Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SG300 Arp inspection hangs till reboot

We found a bug.

In some places of our network after changing SPS2024 to SG300 switches we hear about problem every one-two weeks.

When problem arrives, switch seems to be working as usual, nothing strange in log, but users havent connectivity with bras untill somebody reboots switch.

Now i select one building to define symptom. There SG300-52 is used with fw 1.3.0.62. Our commonly used configuration:

ports 1-48 - untagged users (ip source-guard, storm-control, port security, service-acl with 7 rules), 1 vlan per building

port 49-51 - downlinks to other switch (trunk, dhcp snoop trust and DAI trust)

port 52 uplink, configured same as downlinks.

DHCP Snoop, DAI, IP source guard configured globally and on users vlan.

After problem arrives i attach notebook  to user port and see  no arp packet from core in wireshark dump, only packets from other users.

From core side i see arp request only from hosts from ports on right half of switch (13-24,37-52)

If i move uplink cable from  port 52 to port 50 - connectivity arrives!!!

I think this is a big problem with DAI code.

Now i set real ip to switch, disables DAI on users VLAN and return uplink to 52 port.

I can give ip and password to cisco stuff to debug it before reboot.

1 REPLY
Green

SG300 Arp inspection hangs till reboot

Hello Ilya,

Can you advise to the following points?

Can you please provide your switch config

Please provide show tech

Do you notice anything else not working such as no connectivity to the switch or connectivity to stations that already have ARP information

Can you provide the show output for DHCP snooping, ARP inspection and IP source guard

Do you see ARP from ports on both sides of the switch or only ports on the same side as the capture port?

If you're uncomfortable posting config and show tech, please email to me at tmw0402@hotmail.com

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
601
Views
0
Helpful
1
Replies
CreatePlease to create content