Hi, I have a weird problem on an SRX device where an ARP is lost when a specific interface is transitioned from one zone to another. Meaning the initial configuration of the interface was part of the "trust" zone, a cable was plugged in (at his point ARP was learned just fine) but when the interface is moved to a different zone (in this case "untrust") I am no longer able to receive ARP. Things to note:
- The other side (which is Mikrotik in this case) is able to receive the ARP just fine, but I've had this issue with other vendors on the other side.
- LLDP works fine on the interface (meaning I can send and receive LLDP).
- I've tried "arp-resp unrestricted" but it's not helping.
- I've tried setting a static arp entry for the other side but it was not working.
- The interface has no ACL, no sampling, just a single IP setup as Primary.
- I tried creating a new zone and moving the said interface in the new zone but has the same problem.
- The ARP policer is reporting 0.
- This is on SRX380 running 20.1R1-S1.2 but I've ran into this issue on different SRX3xx flavors.
- The routing table is showing the /30 as active, but the forwarding table is not showing the other side.
Has anyone run into this scenario ? Resetting the device obviously fixes the problem but I am trying to avoid that for now.
thanks!