SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Unable to receive ARP

    Posted 01-19-2022 15:55
    Hi, I have a weird problem on an SRX device where an ARP is lost when a specific interface is transitioned from one zone to another. Meaning the initial configuration of the interface was part of the "trust" zone, a cable was plugged in (at his point ARP was learned just fine) but when the interface is moved to a different zone (in this case "untrust") I am no longer able to receive ARP.  Things to note:

    - The other side (which is Mikrotik in this case) is able to receive the ARP just fine, but I've had this issue with other vendors on the other side.
    - LLDP works fine on the interface (meaning I can send and receive LLDP).
    - I've tried "arp-resp unrestricted" but it's not helping.
    - I've tried setting a static arp entry for the other side but it was not working.
    - The interface has no ACL, no sampling, just a single IP setup as Primary.
    - I tried creating a new zone and moving the said interface in the new zone but has the same problem.
    - The ARP policer is reporting 0.
    - This is on SRX380 running 20.1R1-S1.2 but I've ran into this issue on different SRX3xx flavors.
    - The routing table is showing the /30 as active, but the forwarding table is not showing the other side.

    Has anyone run into this scenario ? Resetting the device obviously fixes the problem but I am trying to avoid that for now.


    thanks!