Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2132
Views
0
Helpful
4
Replies

Strange ARP issue - (incomplete) on bce1 expired [ethernet]

rajebalab
Level 1
Level 1

‎01-08-2016 02:44 PM

Current Version
===============
Product: Cisco IronPort C370 Messaging Gateway(tm) Appliance
Model: C370
Version: 8.5.6-092
Build Date: 2014-09-02
Install Date: 2014-12-13 05:08:42
Serial #: D4AE529FF094-JVTDC5J
BIOS: 2.2.17C
RAID: 1.21.02-0528, 2.01.00, 1.02-014B
RAID Status: Optimal
RAID Type: 1

The arp table shows following entry for the virtual cluster ip (AsynOS)

(xxx.xxx.103.254) at (incomplete) on em1 expired [ethernet]

 

Explantation:

xx.103.254 with mac  01:00:5e:19:67:fe = virtual cluster ip
xx.103.128 with mac  00:e0:ed:37:05:1a = physical interface ip

Ping from "xxx.103.254 Cluster IP" as source  to xxx.103.135 (cisco Ironport) as destination


The ICMP Packet went from the virtual Cluster Interface (xxx.25.103.254) with mac-adress 05:1a (physical interface) to the ironport.
The ironport makes an arp request...who is xxx.25.103.254?..and receives as answer the OTHER mac-address (virtual Clusterinterface) 67:fe.
I think, the ironport with the new asyncOS has some troubles with this 2 different mac-addresses.

 

No.     Time        Source                Destination           Protocol Length Info
     10 4.115231    xxx.25.103.254        xxx.25.103.135        ICMP     98     Echo (ping) request  id=0xaa26, seq=0/0, ttl=64 (no response found!)

Frame 10: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Ethernet II, Src: Silicom_37:05:1a (00:e0:ed:37:05:1a), Dst: Cisco_9c:ba:3a (50:3d:e5:9c:ba:3a)
Internet Protocol Version 4, Src: xxx.25.103.254 (xxx.25.103.254), Dst: xxx.25.103.135 (xxx.25.103.135)
Internet Control Message Protocol

No.     Time        Source                Destination           Protocol Length Info
     11 4.115251    Cisco_9c:ba:3a        Broadcast             ARP      42     Who has xxx.25.103.254?  Tell xxx.25.103.135

Frame 11: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: Cisco_9c:ba:3a (50:3d:e5:9c:ba:3a), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

No.     Time        Source                Destination           Protocol Length Info
     12 4.115365    Silicom_37:05:1a      Cisco_9c:ba:3a        ARP      60     xxx.25.103.254 is at 01:00:5e:19:67:fe

Frame 12: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Silicom_37:05:1a (00:e0:ed:37:05:1a), Dst: Cisco_9c:ba:3a (50:3d:e5:9c:ba:3a)

Kindly let us know if any solution for this as we know we are facing this issue once we upgrade to 9.0 but we are still using 8.5.6 version.

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Mathew Huynh
Cisco Employee
Cisco Employee

‎01-08-2016 10:43 PM

Hey Rajebalab,

It will be a bit difficult to troubleshoot this without access to see if there may be something acting up on the port negotiation ends or logs on the ESA itself.


I would strongly advise to open a case with TAC and allow tunnel access if at all possible for review.

The ARP multicast issue (as per other thread posted on) will only affect version 9.0 i believe.

9.1 and 9.7 adds a feature to accept multicast ARPs.

This may be something unrelated afoot.

Thanks,

Matthew

0 Helpful

rajebalab
Level 1
Level 1
In response to Mathew Huynh

‎01-11-2016 02:34 PM

Hi Matthew,

I have already raised a TAC case with Cisco and waiting for update from there end.

Please let me know if there is any other fix as we have multiple IronPort appliances it works for one and not working for another.

Thanks & Regards

Rajender.B

0 Helpful

CarlosQ
Level 1
Level 1
In response to Mathew Huynh

‎07-12-2018 08:44 AM

Hi Mathew,

 

I have the same problem with a version 11


Current Version
===============
Product: Cisco C600V Email Security Virtual Appliance
Model: C600V
Version: 11.0.0-272
Build Date: 2017-09-18
Install Date: 2018-06-12 11:29:01
BIOS: 6.00
CPUs: 8 expected, 8 allocated
Memory: 8192 MB expected, 8192 MB allocated
RAID: NA
RAID Status: Unknown
RAID Type: NA
BMC: NA

 

Initially version 10 was installed and we had that same problem. the Cisco TAC suggested updating to version 11 and they indicated that this would be solved, but a year has passed and we still have the same problems.

 

Please your help with the solution.

 

 

Preview file
24 KB
0 Helpful

CarlosQ
Level 1
Level 1

‎07-11-2018 02:21 PM

I have the same problem


Current Version
===============
Product: Cisco C600V Email Security Virtual Appliance
Model: C600V
Version: 11.0.0-272
Build Date: 2017-09-18
Install Date: 2018-06-12 11:29:01
BIOS: 6.00
CPUs: 8 expected, 8 allocated
Memory: 8192 MB expected, 8192 MB allocated
RAID: NA
RAID Status: Unknown
RAID Type: NA
BMC: NA

 

Please your help with the solutions.

 

 

 

Preview file
24 KB
0 Helpful
Customers Also Viewed These Support Documents