Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1078
Views
0
Helpful
1
Replies

SG300 Arp inspection hangs till reboot

degtyarev_ilya
Level 1
Level 1

‎12-08-2013 03:11 PM

We found a bug.

In some places of our network after changing SPS2024 to SG300 switches we hear about problem every one-two weeks.

When problem arrives, switch seems to be working as usual, nothing strange in log, but users havent connectivity with bras untill somebody reboots switch.

Now i select one building to define symptom. There SG300-52 is used with fw 1.3.0.62. Our commonly used configuration:

ports 1-48 - untagged users (ip source-guard, storm-control, port security, service-acl with 7 rules), 1 vlan per building

port 49-51 - downlinks to other switch (trunk, dhcp snoop trust and DAI trust)

port 52 uplink, configured same as downlinks.

DHCP Snoop, DAI, IP source guard configured globally and on users vlan.

After problem arrives i attach notebook  to user port and see  no arp packet from core in wireshark dump, only packets from other users.

From core side i see arp request only from hosts from ports on right half of switch (13-24,37-52)

If i move uplink cable from  port 52 to port 50 - connectivity arrives!!!

I think this is a big problem with DAI code.

Now i set real ip to switch, disables DAI on users VLAN and return uplink to 52 port.

I can give ip and password to cisco stuff to debug it before reboot.

Labels:
0 Helpful
1 Reply 1

Tom Watts
VIP Alumni
VIP Alumni

‎01-13-2014 05:31 PM

Hello Ilya,

Can you advise to the following points?

Can you please provide your switch config

Please provide show tech

Do you notice anything else not working such as no connectivity to the switch or connectivity to stations that already have ARP information

Can you provide the show output for DHCP snooping, ARP inspection and IP source guard

Do you see ARP from ports on both sides of the switch or only ports on the same side as the capture port?

If you're uncomfortable posting config and show tech, please email to me at tmw0402@hotmail.com

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents