Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4775
Views
0
Helpful
8
Replies

WLC Proxy ARP Fail

timsilverline
Level 4
Level 4

‎06-10-2013 07:29 AM - edited ‎07-04-2021 12:12 AM

I have a lab network setup at my house with similar equipment to our office that I use for testing different features and functionality.  Since I have had this installed (~ 2 years) I've had an intermittent but recurring problem with connectivity to various wireless devices that I have never been able to fully resolve.

I have a 5508 Wireless controller with a handful of 3502i APs spread throughout my house.  The controller is connected to a 3560X switch.  And I have an ASA 5510 firewall as my Firewall/Internet Gateway.

When I work from home I most often work from a desktop computer in my office and have a Windows RDP session to a laptop located in another room in my house on one of my monitors as a working space (I know this is weird but there is a good reason).  This laptop is connected via WiFi at all times.

Occasionally, I will lose connectivity to this laptop (or not be able to connect back to my desktop from it) and have to start an extended ping from the laptop to the desktop to re-establish connectivity.  A while ago I performed some deeper analysis on what was happening and what I found is that when the connectivity breaks the problem is that the desktop is unable to resolve the MAC address of the laptop.  It sends out ARP requests but never receives any reply back.

Why would the controller stop replying to ARP requests for the IP address of the laptop?

If I log into the controller while this is happening it shows the laptop as a connected client, and has its IP address and MAC address listed fine in the clients section.  In order to avoid getting up every time I need to reconnect, I normally hop to a system I control across one of my VPN tunnels via RDP, then connect BACK to the laptop and start the ping to re-establish connectivity back to my main desktop machine.  This works because the firewalls ARP cache hasn't cleared yet.  And then everything works fine again... unless I manually clear my ARP cache.  Sometimes clearing the ARP cache will result in the exact same problem again and I will lose connection.  Other times it seems to repopulate almost immediately and the connection doesn't drop.

A wireshark debug from the desktop reveals that ARP requests simply go out with no reply, confirming what is happening.

As a note, I have set both the User Idle Timeout and the ARP timeout to 24 hours to try and help but this has not had any effect.

This problem seems to go away and then come back.  In fact, I havent been experiencing this issue for probably a couple months recently and then it just started again in the last few days which is why I am back to posting here.  No changes to the network were made in the meantime that could account for this change in behavior.  I am currently running version 7.2.111.3 but this behavior has persisted through at least four software upgrades so I don't think it's an issue with a specific version but I don't really know.

I occasionally epxerience connectivity issues in my house to other devices as well that I use less often like a printer, network camera, apple tv so I now feel like these issues are likely all related.

Does anyone have any advice for things I could try next in the troubleshooting process to pinpoint what is breaking?

2 people had this problem
Labels:
0 Helpful
8 Replies 8

Scott Fella
Hall of Fame
Hall of Fame

‎06-10-2013 10:26 AM

I really don't think that setting the idle or the arp timers high will fix it. If when the issue happens you look at the arp table in the router, see if the router has an arp entry. If not, then the router is clearing the entry when the timer expires. If the PC has a static entry, maybe configure a static arp entry in the router.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

timsilverline
Level 4
Level 4
In response to Scott Fella

‎06-10-2013 10:33 AM

There are no static ARP entries anywhere. 

The router (ASA firewall in this case) does not lose its ARP entry.  It works fine.

The problem is with other devices on my LAN such as my desktop.

I didnt think that setting the idle or arp entries high would help either but I thought it could at least rule out that being the case.  Since the WLC shows the client it isn't responding for in its clients table though it clearly knows the MAC of the client.  It just doesnt reply to the ARP request and that is what baffles me.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to timsilverline

‎06-10-2013 10:38 AM

If the client is in the run state everything on the WLC is fine. Typically it's on the network that looses the arp entry.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

timsilverline
Level 4
Level 4
In response to Scott Fella

‎06-10-2013 10:42 AM

I have one 3560X switch with one internal VLAN on it so I don't know how it could be losing the ARP entry.

I have also done wireshark captures at the client and on the WLC switchport and I can see the ARP request leaving the client and hitting the WLC port and then just no response coming back.

For testing purposes to ensure port-channeling was not the issue, I tried disabling LAG on the WLC and ran just on one port but still experienced the problem.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to timsilverline

‎06-10-2013 11:13 AM

I have been running a WLC at home for my lab/prduction and never have issues with any arp issues as long as my client isn't in sleep mode.  As long as I see the client in the run state, then I have no issues at all. 

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Ascotlc2006
Level 1
Level 1

‎04-06-2014 01:55 AM

 

 

Hello,

I have exactly the same problem you've described in your post. 

I've also tried to enable/disable the "passive client" feature in the wlan (if  you enable passive client, the wlc forward broadcast directly to wireless client).

But nothing changed. 

Did you find a solution ?

 

Thanks

 

 

 

 

0 Helpful

timsilverline
Level 4
Level 4
In response to Ascotlc2006

‎12-16-2014 07:57 AM

I just got a notice that someone else has this  problem.

 

I actually did solve my problem eventually.

 

It turns out that during some testing I had enabled the H-REAP (or now FlexConnect) mode on my APs for some reason and had completely forgotten about this.  Not entirely sure why this behavior caused the ARP issue but switching everything back to local mode completely resolved the problem for me.

0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎04-06-2014 06:41 AM

7.2 is an old code, try with latest 7.4 code.

when the issue seen run below debug:

wlc>debug arp all enable.

check the request received and response sent, may be it is using incorrect mac address to send the response.

issue seen on - management vlan, dynamic vlan, tag/untag?

does mgmt and dyn mac on wlc look similar?

workaround: add mac filters for all the clients and see issue goes away.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card