This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

virtual-wire ARP issue

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

virtual-wire ARP issue

Go to solution
bsimunko@recro-net.hr
L2 Linker

‎07-30-2013 03:29 AM

hi!

i have a topology of 2 cisco routers connected to e1/1 and e1/2 in a virtual-wire deployment. there is only 1 policy on the PA, permitting all traffic, and all VLANs are permitted through the v-wire.

the problem is that when i try to ping from R1 to R2 through the PA, the ping fails, and i do not get the MAC address of the destination interface. it looks like the PA is not passing the ARP requests through the virtual-wire.

looking at the monitor tab, i see absolutely no traffic traversing the box. when i connect the routers directly, the ping and ARP work perfectly. i did a packet capture, but all i got were LOOP packets and a couple of CDPs.

one thing to point out, the routers have subinterfaces (L3), vlan 100 and 200, and in this configuration the things do not work.

when i reconfigured the routers to be in the native vlan 1 (IP addresses directly on the interfaces) then it works.

the box is PA-2020 running 5.0.3

could this be a bug, or is something neccesary to configure additionaly on the PA?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
UhMayYeah
L5 Sessionator

‎07-30-2013 05:16 AM

"all VLANs are permitted through the v-wire."

Just to confirm, have you configured allowed all the Tags (0-4094) in the Vwire config ?

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
UhMayYeah
L5 Sessionator

‎07-30-2013 05:16 AM

"all VLANs are permitted through the v-wire."

Just to confirm, have you configured allowed all the Tags (0-4094) in the Vwire config ?

0 Likes Likes

Go to solution
bsimunko@recro-net.hr
L2 Linker

‎07-30-2013 05:25 AM

i feel like an idiot now... the setting was still at default! i configured now the 0-4094, and everything works fine!

thanks!

0 Likes Likes

Go to solution
UhMayYeah
L5 Sessionator
In response to bsimunko@recro-net.hr

‎07-30-2013 05:28 AM

This one is a major  gotcha in Vwire that I know of Smiley Happy

0 Likes Likes

Go to solution
bsimunko@recro-net.hr
L2 Linker
In response to UhMayYeah

‎07-30-2013 05:33 AM

yes, and i'm afraid it's not the first time it happened to me Smiley Happy

i think that all vlans should be permitted by default, in the factory config, and if you want to filter anything out - you can use this feature, but in any other case you should not have to think about it

0 Likes Likes
  • 1 accepted solution
  • 4712 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks