Funny problem

[paultaylor04]

hey there

I am having a funny problem connecting my PIX device to my alcatel switch/router(layer3 switch) The pix loses connectivity with the alcatel switch every 15 minutes or so and stays that way. I cannot ping the pix from the alcatel and vice versa. If i reboot the pix, everything starts to work fine for a short period again.

The pix is being used as an overload NAT for accessing the internet. It has been locked down and only

http://www access

from the inside has been allowed; nothing from the outside.

The pix interfaces do not show any errors and i doubt a duplex/speed problem because if it was one, the problem would show up every 2 minutes instead of every 15 minutes

The alcatel works fine when connected to a router using the same switch port.

anybody got a clue? anything i could check up on?

 

[routerman]

15 minutes, isnt that a time period associated with ARP, I wonder if the arp cache is losing its entry and failing to be refreshed?

Check ARP entries on both the PIX and the switch, may be a pointer.

 

[dtabera]

Hi, just a remark:

arp timeout at PIX is 14400 seconds (4 hours) by default, you can check it at:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/ab.htm#1026066

(no matter the version, it is the same for 6.1, 6.2 and 6.3)

And timeout for dynamic NAT entries is three hours.

Though you do not think this is a duplex/speed issue, did you try to force speed? I do not have more ideas up to now.

Diego.

 

[baddos]

IP conflict... Look at the mac address table on your switch before and after the PIX goes down. See if the mac address changes for the PIX.