View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Unable to receive ARP

    Posted 01-19-2022 15:55
    Hi, I have a weird problem on an SRX device where an ARP is lost when a specific interface is transitioned from one zone to another. Meaning the initial configuration of the interface was part of the "trust" zone, a cable was plugged in (at his point ARP was learned just fine) but when the interface is moved to a different zone (in this case "untrust") I am no longer able to receive ARP.  Things to note:

    - The other side (which is Mikrotik in this case) is able to receive the ARP just fine, but I've had this issue with other vendors on the other side.
    - LLDP works fine on the interface (meaning I can send and receive LLDP).
    - I've tried "arp-resp unrestricted" but it's not helping.
    - I've tried setting a static arp entry for the other side but it was not working.
    - The interface has no ACL, no sampling, just a single IP setup as Primary.
    - I tried creating a new zone and moving the said interface in the new zone but has the same problem.
    - The ARP policer is reporting 0.
    - This is on SRX380 running 20.1R1-S1.2 but I've ran into this issue on different SRX3xx flavors.
    - The routing table is showing the /30 as active, but the forwarding table is not showing the other side.

    Has anyone run into this scenario ? Resetting the device obviously fixes the problem but I am trying to avoid that for now.