Issues with PCs moving to a new port on MS250 switch

Nolan
Getting noticed

Issues with PCs moving to a new port on MS250 switch

So I just opened a case with Meraki but thought I would post here as well. Here is what I sent in for the case...

 

We recently started having an issue at our corporate office when users move from one location to another they have network connectivity problems. We have a stack of MS250's for our access switches connected to a stack of Cisco Catalyst 3650 for our core switches that are acting as the default gateway for the access vlan. When a computer is connected to one port on the Meraki stack and then moves to another port on the Meraki stack the computer is no longer able to reach the default gateway (the Catalyst stack). The Meraki switch sees the computer with the proper mac address on the new switch port but when I do a packet capture the PC is repeatedly sending out an ARP request for the default gateway but never receives the response back to it. After a period of time (I haven't been able to figure out the precise time frame) the PC can connect to any switch port on the Meraki stack and work properly. So it seems like something is clearing out of a table somewhere in the Meraki stack that allows the connection to start working properly. I also can move from a port on the Meraki switch to a port on the catalyst in the access vlan and have no issues. The issue only seems to happen when moving between ports on the Meraki stack.

 

I feel bad opening a case when I don't feel 100% confident the issue is in the Meraki switches but my troubleshooting steps seem to point that the break down is in the MS250 stack. 

 

Anyone else seen anything like this or have any troubleshooting advice you would take in a scenario like that?

 

One of those things that isn't THAT big of a deal but of course it would happen to the CEO when he is moving his laptop from his office to the board room...

14 Replies 14
ww
Kind of a big deal
Kind of a big deal

do you have dynamic arp inspection enabled?

Nolan
Getting noticed

No, I saw an article on that. I don't even see that option in my dashboard but it could be because the Meraki stack isn't doing L3 routing.

DouDoun44
Conversationalist

eroreor

Dudleydogg
A model citizen

This got me the other Day, Dynamic Arp slowley cut off access to PC's and other devices on my network.  I had to Trust ports connected to Uplinks or anything other than endpoints to get my network flowing again.

 

Nolan
Getting noticed

Blast from the past. I forgot about this post. I did a packet capture back then and saw that the ARP reply never got back to the host, I ended up rebooting the switch stack and the issue went away so I never completely figured out what the issue was.

redsector
Head in the Cloud

I had the same issues.

After updating firmware to 10.45 the error didn´t appear again.

PhilipDAth
Kind of a big deal
Kind of a big deal

I have [rarely] seen similar issues. What firmware version are you using?
Nolan
Getting noticed

Best I can tell I can't see the firmware version can I?

Nolan
Getting noticed

Guess the answer would be the latest...whatever the version number of that is.

PhilipDAth
Kind of a big deal
Kind of a big deal

The firmware version is on the switch status page.
PhilipDAth
Kind of a big deal
Kind of a big deal

I would upgrade to 25.9 of you are using something earlier.
Nolan
Getting noticed

ah! thanks completely missed that! I was looking at where you set the upgrade schedule. 

 

Current version: MS 9.36

PhilipDAth
Kind of a big deal
Kind of a big deal

Sorry, I was thinking of a different product. 9.36 is a good firmware version for the switches.

 

This is going to sound bad, but the only other thing I can think of is to reboot the entire switch stack at the same time (or give it a power cycle).

 

I have seen an issue where I think the switches don't properly synchronise their mac forwarding table.  It is not very common.

Dudleydogg
A model citizen

In your Dashboard if you click on switch, Monitor, DHCP servers & ARP scroll down if you have 

Dynamic ARP Inspection BETA

 

you can see blocked Events and Whitelist them, and or Trust the Ports that the Mystery blockage is taking place on.

so if the suspect PC is not connecting to the network correctly, on the PORT that pc is on mark it as "Trusted" 

see if the end point comes to life again.

My firmware for switch MS250 is 

MS 10.45

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels