Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1874
Views
0
Helpful
4
Replies

ASA 5505 / HP 1910 ARP Issues

v0r73x117
Level 1
Level 1

‎06-06-2013 07:56 AM - edited ‎03-07-2019 01:45 PM

Not sure how to best phrase this question as it's proving difficult to pinpoint the root cause!

In brief we have an ASA 5505 device (cleaned config attached) with a 48 port gigabit HP ProCurve v1910. The HP is running the latest firmware available and the ASA is on 9.1(1).

We are finding random internet drops occuring for client workstations whereby the only way to resolve is to clear arp on the ASA. We've lowered the ARP timeout to 60 seconds as having it higher seems to cause the issue more frequently. The HP switch is all pretty plug and play with no VLANs or anything out of the ordinary configured - very much a simple setup so far. The sympoms experienced are below:

Random client workstations drop connection and connect connect to the internet.

ASA cannot ping workstations that have dropped connection.

Client workstations can sometimes ping the ASA which does resume internet connectivity.

Clearing ARP cache on the ASA always resumes internet connectivity for clients when it drops.

The HP switch shows a populated MAC table and has the default timeout of 300 seconds

One workstation refuses to be learned by the ASA where ARP debugs show the ASA waiting for a response but nothing happens. Hardcoding the ARP entry then allows access to the internet along with NAT port redirects to the PC from external sources.

General ARP debugs look fine as far as I can tell, the last drop we had showed the workstations IP and ARP entry still in the table so it hadn't timed out yet but communcation still stopped so we're starting to think the switch is at fault.

These issues were present on the original HP firmware so have since updated. The ASA was on 9.1(2) so we tried downgrading to 9.1(1) as we have this version deployed in other locations without problems.

We've also tired enabling/disabling some of the arp proxy settings but nothing seems to make a difference so barring faulty kit/cabling we've hit a brickwall! Any help or suggestions much appreciated!

TIA

Labels:
15361676-asa-03.cfg.zip
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎06-06-2013 09:04 AM

When the problem happens what do you get on the ASA in the output of show arp looking for the address and mac of the client that is having problems?

HTH

Rick

HTH

Rick
0 Helpful

v0r73x117
Level 1
Level 1
In response to Richard Burts

‎06-06-2013 09:29 AM

For the clients that drop it appears to be mixed. Sometimes we'll see their IP/MAC when we issue a show arp other times we won't see them at all.

One instance we saw the entry for the client, could not ping the client, removed the individual arp entry and manually added back as a static but still couldn't ping the workstation from the ASA.

As soon as we issued a clear arp it seemed to resolve and we could again ping the workstation and the workstation was able to access the internet.

Very confused!

0 Helpful

lamanaryp
Level 1
Level 1

‎07-16-2013 11:52 AM

make sure your Inside Hosts licence is unlimited. Issue a "show version" command to verify

0 Helpful

Gabriel Hill
Level 1
Level 1

‎07-16-2013 12:49 PM

Hello Martyn,

I agree with lamanaryp. 5505's base license have 10 inside-hosts, this can be upgraded to 50, or unlimited I believe. The behavior you describe seem to point to this.

-Gabriel

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card