Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
924
Views
0
Helpful
2
Replies

Problems with ARP on 871W

jocovarr
Cisco Employee
Cisco Employee

‎07-29-2012 10:10 PM - edited ‎07-03-2021 10:28 PM

Hello,

I have an 871 set up at home with 2 VLANs, both of these vlans present a strange behavior where an user is unable to ping/contact another user on the same subnet, however if users are on different subnet it seems to work

According to the troubleshooting that I have done, the issue seems to be with the broadcast traffic, ARP request/reply do not reach another host on the same subnet (wireless to wireless or wired to wireless) however if the wireless device iniciates the connection  to wired,  it works fine.

This is a section of the config I have.

dot11 ssid office

vlan 1

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa

!

dot11 ssid home

vlan 2

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 03510E5E5456711C1E5F4F

!

bridge irb

interface FastEthernet0

description  Corporate office

spanning-tree portfast

!

interface FastEthernet1

description Corporate office

spanning-tree portfast

!

interface FastEthernet2

description home

switchport access vlan 2

no cdp enable

spanning-tree portfast

!

interface FastEthernet3

description home

switchport access vlan 2

no cdp enable

interface Dot11Radio0

no ip address

!

encryption vlan 1 mode ciphers tkip

!

encryption mode ciphers tkip

!

encryption vlan 2 mode ciphers tkip

!

broadcast-key vlan 1 change 50

!

!

ssid office

!

ssid home

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

packet retries 32

channel 2462

station-role root

rts threshold 2312

rts retries 50

antenna receive right

antenna transmit left

antenna gain 128

no cdp enable

!

interface Dot11Radio0.1

description office

encapsulation dot1Q 1 native

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0.2

description Home

encapsulation dot1Q 2

no cdp enable

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 spanning-disabled

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

!

interface Vlan1

description office

no ip address

ip nat inside

ip virtual-reassembly

load-interval 30

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Vlan2

description Home

no ip address

bridge-group 2

bridge-group 2 spanning-disabled

I have tried to enable proxy arp on the different VLANs and BVI and different combinations but no sucess in order to get traffic across 2 wireless devices on the same subnet or a connection that is iniciated for a wired client to a wireless one.

Play with the native vlan but no luck either

Finally I tried enabling and disabling dot11 arp-cache but no luck

Any ideas?

Jorge

Labels:
0 Helpful
2 Replies 2

jocovarr
Cisco Employee
Cisco Employee

‎07-29-2012 10:15 PM

Forgot to add bvi config

interface BVI1

description office

ip address xx.yy.117.1 255.255.255.240

ip access-group FIREALL_inside_inbound_1 in

ip admission Office_access

ip nbar protocol-discovery

ip flow ingress

ip flow egress

ip inspect  one in

ip tcp adjust-mss 1260

load-interval 30

service-policy input QoS_Inband

!

interface BVI2

description home

ip address 10.0.2.1 255.255.255.0

ip access-group 157 in

ip flow ingress

ip flow egress

ip nat inside

ip inspect one in

no ip virtual-reassembly

ip route-cache policy

ip policy route-map ROUTEMAP_1

load-interval 30

0 Helpful

Joseph Martini
Cisco Employee
Cisco Employee
In response to jocovarr

‎08-24-2012 04:04 PM

Have you had any luck with this?  I'm having a problem with my 871 where traffic stops being fowarded, out the LAN ports fa0-3.  If I look at the arp entries, I can see them aging:

871#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  70.64.168.129           0   0001.5c32.e781  ARPA   FastEthernet4

Internet  70.64.168.179           -   001d.a2c2.f93d  ARPA   FastEthernet4

Internet  192.168.1.100           6   78a3.e4a1.3625  ARPA   BVI1     <--------- This device is trying to ping the router

Internet  192.168.1.113           1   78a3.e4a1.3625  ARPA   BVI1

Internet  192.168.1.114           7   7c6d.628d.73bd  ARPA   BVI1

Internet  192.168.1.115           7   9027.e4e9.390b  ARPA   BVI1

Internet  192.168.1.116          52   d023.db13.7be2  ARPA   BVI1

Internet  192.168.1.117           8   0026.08ea.628a  ARPA   BVI1

Internet  192.168.1.254           -   001e.1344.64a0  ARPA   BVI1

Even trying to send traffic to the router from a directly connected device isn't updating the arp table.  I can fix it with a shut/no shut on the port but it goes down again in a few days.  Also is it normal to see everything from BVI1, I only have one bridge group to allow traffic between the wired and wireless interfaces.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card