Aruba & ProVision-based
1748181 Members
4158 Online
108759 Solutions
New Discussion юеВ

Re: Need to keep resetting port for device to work

 
EwongSPM
Occasional Advisor

Need to keep resetting port for device to work

Hello.

I have a procurve 5406zl. For some strange reason my internet connection keeps dying intermittenly. it is connected to port a2. seems like the firewall and my switch is not playing nicely. the firewall is a sonic wall nsa 2400.

the switch ip is x.x.x.1
the firewall ip is x.x.x.5 (on port a2)

i can ping the firewall once and then afterwards i get a request timed out. its always after the first ping reply, then it stops working. sometimes my internet is still up but i cannot access the firewall. the switch itself can ping the firewall. any ideas? i am thinking its the STP but i am not sure. here is my config

; J8697A Configuration Editor; Created on release #K.13.09

hostname "spm5406"
time timezone -5
time daylight-time-rule Continental-US-and-Canada
console baud-rate 115200
module 1 type J8702A
module 2 type J8702A
interface A2
name "WAN"
speed-duplex auto-1000
exit
ip routing
timesync sntp
sntp unicast
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
ip address 192.168.x.x 255.255.255.0
no untagged A1-A24,B1-B24
exit
vlan 3
name "xxx"
untagged A1-A24,B1-B24
ip address 192.168.200.1 255.255.255.0
exit
banner motd "xxx"
sntp server priority 1 192.168.x.x
ip dns domain-name "xxx.com"
ip dns server-address priority 1 198.6.1.2
no ip ssh
ip route 0.0.0.0 0.0.0.0 192.168.x.5
ip route 10.0.0.0 255.255.255.0 192.168.x.x
ip route x.x.x.0 255.255.0.0 192.168.x.x
ip route x.x.x.0 255.255.255.0 192.168.x.x
ip route x.x.x.0 255.255.254.0 192.168.x.x
ip route x.x.x.0 255.255.255.0 192.168.x.x
ip route x.x.x.0 255.255.255.0 192.168.x.x
spanning-tree force-version RSTP-operation
password manager

 

 

P.S. This thread has been moved from Switches, Hubs, Modems (Legacy ITRC forum) to ProCurve / ProVision-Based. -HP Forum Moderator

8 REPLIES 8
cenk sasmaztin
Honored Contributor

Re: Need to keep resetting port for device to work

please send me

#sh log -a

command print

cenk
cenk

RicN
Valued Contributor

Re: Need to keep resetting port for device to work


>i can ping the firewall once and then
>afterwards i get a request timed out. its
>always after the first ping reply, then it
>stops working

It is not some kind of very hard IDS rule that is blocking the connection when ICMP directed to the fw interface is detected?
EwongSPM
Occasional Advisor

Re: Need to keep resetting port for device to work

how do i output the show logs to a file? is there anyway besides copy and pasting?
EwongSPM
Occasional Advisor

Re: Need to keep resetting port for device to work

here is some of the log, let me know if you need more.
EwongSPM
Occasional Advisor

Re: Need to keep resetting port for device to work

ok doing a bunch of research, i have figured out one thing.

the firewall mac address and the switch arp table is correct.

now the client pc is getting the wrong mac address. i deleted the arp entry and let it re-add itself, but it keeps adding the wrong mac address. any ideas?
EwongSPM
Occasional Advisor

Re: Need to keep resetting port for device to work

Andr├й Beck
Honored Contributor

Re: Need to keep resetting port for device to work

Hi,

> now the client pc is getting the wrong mac
> address. i deleted the arp entry and let it
> re-add itself, but it keeps adding the wrong
> mac address. any ideas?

The client PC is in vlan 3 too, like the firewall, and catches the wrong ARP resolution after a first successful one when resolving 192.168.200.5?

Sounds like a duplicate IP in this broadcast domain. Just find out where the MAC is coming from (something like "show mac-address-table", can't remember the exact syntax, I did too much Cisco IOS the last weeks). As in the other thread mentioned, there is a chance that it isn't really a dupe but some defective hardware (NIC, switch module) or software (NIC driver, switch firmware).

Keep in mind that false ARP resolutions can be introduced by unexpectedly activated proxy ARP on routers that think they have a route to the requested destination which isn't (as they wrongly assume) a connected route in the source network. Typically happens when plugging routed interfaces into the wrong broadcast domain (with devastating results, disrupting an arbitrary and ever-changing subset of the ARP transactions in this broadcast domain).

HTH,
Andre.
EwongSPM
Occasional Advisor

Re: Need to keep resetting port for device to work

there was a ip conflict. going from the last thread as well as more research, i was able to find out that the mac address i was getting was a device on the network. there is a website you can look at to see what device it is, well at least the manufacturer. from there just run a nmap scan of the network and then i matched the mac to the device.

thanks for any help.