HPE Community
Aruba & ProVision-based
1753437 Members
5076 Online
108794 Solutions
New Discussion юеВ

Re: 2610 drops connection to device

 
AndersMa
Occasional Visitor

тАО08-06-2016 12:25 PM

тАО08-06-2016 12:25 PM

2610 drops connection to device

Hi

I connected a ZyWall to my network, in parallell with other firewall solution, the intended use at the moment is to have an easy VPN tunnel into our network.

Now, the problem is that since the ZyWall does not say much (well most of the time nothing at all), as soon as the timeout in the mac-address table occurs, my Procurve 2610 stops forwarding packets (unicasts) to my ZyWall. After this happens the switch never resumes sening packets to it again, until I make the ZyWall send some packets first.

I've tried adding it as a static mac (with the static-mac CLI command), but same thing still happens, packets are not being delivered to my ZyWall. I have been in contact with Zyxell also and their support did packet dumps on the ZyWall and saw that the traffic never reached it.

My network knowledge says that when a switch get a packet where the mac-address is unknown it should broadcast it on all ports except for the incomming port, but this does not seem to be happening. I turned off eavesdroping prevention, that seemed to have somehting to do with it, but it didn't solve the problem.

Does anyone have a suggestion or solution?

The ZyWall ip-address i dynamicly assigned, so a static ip-route is not possible to create.

0 Kudos
2 REPLIES 2
Ian Vaughan
Honored Contributor

тАО08-20-2016 04:56 AM

тАО08-20-2016 04:56 AM

Re: 2610 drops connection to device

Howdy,

TL;DR - Consider using a scripted ping as a keepalive.

Is it possible to set up / script a regular, say every 60 seconds, short ping to a well know internet IP address (Google's web servers at 8.8.8.8 or 8.8.4.4 are usually a good bet) from a device on the inside of your network. 

Even if the Zywall gets it's external IP from an ISP dynamically it should have an internal (LAN) IP address as either a static IP or a dynamic DHCP address that you can use as a next-hop in your specific route that you put in for 8.8.4.4 for your ping test.

This will act as a poor man's keepalive and hopefully keep the zywall in the mac table.  There are plenty forum posts and blogs, articles etc on keeping various types of tunnels (GRE IP-Sec etc) "alive" by use of a regular short ping. Run a search and do a bit of background reading.

Hope that helps (kudos button is there if it does) :-)

Cheers

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
Ian Vaughan
Honored Contributor

тАО08-20-2016 05:03 AM

тАО08-20-2016 05:03 AM

Re: 2610 drops connection to device

Howdy,

Just to clarify - even if the LAN address of the Zywall is DHCP ie dynamically allocated you should be able to reserve an IP address within your LAN such that the Zywall LAN port always gets the same IP from the DHCP service.

It is also entirely possible that you could use a dynamicDNS provider (I use a free waterfowl themed one for just this purpose) to identify the dynamic WAN address that you get from your ISP for the outside of the Zywall.

Hope that helps

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.