Switches, Hubs, and Modems
1748019 Members
4589 Online
108757 Solutions
New Discussion юеВ

5406zl VLAN ARP/Routing Issue

 
adurotec_1
Advisor

5406zl VLAN ARP/Routing Issue

I am having what appears to be either a ARP or routing issue with my 5406zl configuration.

Some of my HP Proliant hosts running CentOS 5.4 have 2 interfaces, one assigned to a service vlan and one assigned to an administrative vlan. I assigned the default GW to the interface that is in the service vlan. When I ping a IP of a host assigned to the administration VLAN from my default GW (my Firewall, which is in its own VLAN between itself and the 5406 VRRP pair) the ping fails. If I then ping the IP assigned to the service VLAN of this same host the ping to the admin VLAN starts to work.

What I discovered is that once I get a ping to the admin VLAN IP to respond, the response leaves the interface that is in the services VLAN, which is the default GW/default route of the server.

I suspect that since the 5406 has an interface IP in the admin VLAN, my ping to the host creates an arp request to the host and this request is delivered, however since the default route is out the other interface and no arp entry exists in the switch, the response fails. Once I ping the IP in the service VLAN of this host and arp entry is created and subsequent pings to the originally failing admin VLAN IP begin to work.

In addition when a ping to a host in this admin VLAN fails from my GW (FW VLAN) I can log into a host in any VLAN and ping the exact same admin VLAN IP with no problem, but this does not correct the failing ping from the GW.

I am not sure what the problem is, and what I can do to correct the issue. Is there some configuration or change I can make on the switch to fix this issue? I have attached a diagram that might help with understanding my network configuration.

Thanks,
David
6 REPLIES 6
Patrick Terlisten
Honored Contributor

Re: 5406zl VLAN ARP/Routing Issue

Hello David,

have you tried proxy-arp on the interfaces?

Can you provide us a "show running-config" from the switch?

Regards,
Patrick
Best regards,
Patrick
adurotec_1
Advisor

Re: 5406zl VLAN ARP/Routing Issue

Patrick,

Haven't tried proxy-arp, not that familiar with the concept, could you elaborate?

Attached is a copy of my running config.

Thanks,
David
Patrick Terlisten
Honored Contributor

Re: 5406zl VLAN ARP/Routing Issue

Hello David,

with "ip local-proxy-arp" enabled, the switch answers to ARP requests in a VLAN with it's own mac-address. Give it a try.

Regards,
Patrick
Best regards,
Patrick
adurotec_1
Advisor

Re: 5406zl VLAN ARP/Routing Issue

Patrick,

I enabled ip local-proxy-arp but am still seeing the same results.

Looks like the MAC addresses of the target hosts are in the mac table of the switch when I run show mac, but I do not get a ICMP response when I ping them.

David
Patrick Terlisten
Honored Contributor

Re: 5406zl VLAN ARP/Routing Issue

Hello David,

can you ping the device from the switch command line? After that, can you successful ping from the client device?

Regards,
Patrick
Best regards,
Patrick
adurotec_1
Advisor

Re: 5406zl VLAN ARP/Routing Issue

Patrick,

I am able to successfully ping any host in my VLAN10 MGMT VLAN from the switch CLI or from any other host in any other VLAN except VLAN500. VLAN500 is the vlan between my FW and my switch pair, however being that I can ping from the switch which has an IP in VLAN500 but not from the FW (or from my laptop while vpn'd in)which is also in VLAN500 is what is confusing me.

I found a work-around to my issue but I would still like to understand why my switching network is behaving the way that it is. I classified this issue as an asymmetrical routing issue so I enabled policy based routing on my Linux hosts in VLAN10. Once I did this the issue went away for those hosts.

Basically the policy forces requests that arrive at one interface to be responded to out of the same interface. Again, while this works it doesn't answer why I had to compensate like I did and I am still trying to understand what is incorrect with my switching configuration.

David