This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mac address not showing up in ARP table

war
New Contributor

‎07-15-2024 01:56 PM

Good Everyone,

I am new to Ruckus so maybe I am not looking at this correctly but here it goes  I have 2 Ruckus ICX 7850 stack switches that have physical connections to a Checkpoint Firewall (primary and secondary). I am running VRRP on the firewalls so the ICX switches connect to a virtual IP address.  I can see that both ICX switches is learning  a MAC from the directly connected interfaces

 
ICX-Stack1#sh mac-addr ethe 1/1/29
Total active entries from port 1/1/29 = 1
MAC-Address Port Type VLAN
001c.7fa5.089c 1/1/29 Dynamic 7  
 
ICX-Stack2#sh mac-addr ethe 1/1/29
Total active entries from port 1/1/29 = 1
MAC-Address Port Type VLAN
001c.7fa5.0934 1/1/29 Dynamic 7
 
I find it weird that when I am on FW1 which connects directly to Stack1 that the ARP table doesn't see that MAC address as it is directly connected to FW1
 
ICX-Stack1#sh arp
Total number of ARP entries: 2
Entries in default routing instance:
No. IP Address MAC Address Type Age Port Status
1 10.1.7.1 None Dynamic 4 mgmt1 Pend
2 10.1.7.36 0050.568f.f3ec Dynamic 0 mgmt1 Valid
 
But Stack2 sees it 
 
ICX-Stack2#sh arp
Total number of ARP entries: 3
Entries in default routing instance:
No. IP Address MAC Address Type Age Port Status
1 10.1.7.1 001c.7fa5.089c Dynamic 2 mgmt1 Valid
2 10.1.7.2 001c.7fa5.089c Dynamic 1 mgmt1 Valid
3 10.1.7.36 0050.568f.f3ec Dynamic 1 mgmt1 Valid
 
When I fail over to FW2 both show the same thing
 
Total number of ARP entries: 2
Entries in default routing instance:
No. IP Address MAC Address Type Age Port Status
1 10.1.7.1 None Dynamic 4 mgmt1 Pend
2 10.1.7.36 0050.568f.f3ec Dynamic 0 mgmt1 Valid
 
I checked the FW and they are configured the same, also check the ICX switches and they are configured the same so not sure what I am missing here.
 
Also we are using the management port to get to these switches remotely, not sure why this was configured as I hear that is a bad idea. 
 
Thank you in advance!!!
 
Warren
 
 
0 Kudos
4 REPLIES 4

Chandini
RUCKUS Team Member

‎07-16-2024 08:55 AM

Hi War 

Thank you for reaching us

Could you please help me with below details from both ICX Stack 1 and ICX Stack 2

  • ping <ip address of the firewall> 
  • show arp 
  • show ip interface
  • show version

Thanks 

 

0 Kudos

jdryan
Moderator
Moderator

‎07-20-2024 05:27 AM

Hi War, 

Adding to the above, could you also help with a network diagram detailing the connections?
As that could help us understand the behavior better. 

As the management connection [ OOBM/Mgmt ports ] is usually used as dedicated connection, 
For the connection layout, with one currently in place with firewalls running VRRP over the Mgmt connections to the switches, would suggest using in-band network management, as that could streamline things a bit. 

Thanks !! 

0 Kudos

war
New Contributor

‎07-22-2024 12:14 PM - edited ‎07-22-2024 12:23 PM

Hello All;

Just wanted to give an update on this, looks like this is working now.  I am now able to get to both switches with no issues.

SSH@Stack1_LO41#
SSH@Stack1_LO41#sh arp
Total number of ARP entries: 3
Entries in default routing instance:
No. IP Address MAC Address Type Age Port Status
1 10.1.7.1 001c.7fa5.089c Dynamic 2 mgmt1 Valid
2 10.1.7.2 001c.7fa5.089c Dynamic 0 mgmt1 Valid
3 10.1.7.36 0050.568f.f3ec Dynamic 0 mgmt1 Valid
SSH@Stack1_LO41#

 

SSH@Stack2_LO38#sh arp
Total number of ARP entries: 3
Entries in default routing instance:
No. IP Address MAC Address Type Age Port Status
1 10.1.7.1 001c.7fa5.089c Dynamic 1 mgmt1 Valid
2 10.1.7.2 001c.7fa5.089c Dynamic 0 mgmt1 Valid
3 10.1.7.36 0050.568f.f3ec Dynamic 1 mgmt1 Valid
SSH@Stack2_LO38#

Just a quick background so you don't have to go back to the top to reread everything....I am using the management interface to access these 2 ICX 7850 switches.  I normally don't like using the management interfaces but that's how these where set up before I got here.  Both stacks( stack1 and stack2) are being used as a layer 2 switch, these have direct connects into the both firewall (FW1 and FW2). When FW1 is on line Stack1 is the active switch and I am able to get to stack2 remotely but not stack1 which is directly connected to FW1. When FW2 is on line Stack2 is the active switch and I cannot get to neither switches.  When I do a show arp on either swtiches I get 

1 10.1.7.1 None Dynamic 4 mgmt1 Pend

There are multiple vlans on these stacks which have direct connects into the firewall.  The firewall we are using as a layer 3 device to do the routing/switching. From the multiple VLANs, an IP on  vlan 7 was used as the management IP.  Not to bore you with details but long story short the way the issue was resolved was that I accidently created VE7, once that was done the mac address for 10.1.7.1 went from pending to valid and now I am able to connect to both switches remotely without having to be on the same subnet or use the console server. But that is what happened.  As a test to verify this I am planning to failover to FW2 , I shouldn't be able to connect to either switch, will test that first and then create the VE7 interface and see if I am able to connect.  But for now that is how I am able to get to both switches remotely now.

@Chandini sorry I saw your message after it was "fixed" but everything works now, will post my findings once I am able to failover to FW2 where nothing works.

Thank you all!!

Chandini
RUCKUS Team Member

‎07-25-2024 09:30 AM

Hi War

Sure and Thanks 

0 Kudos
Copyright © 2024 Khoros, LLC