Hello Joel, Our 6500's had arp timeouts set to 300 seconds and the Nexus 7K's were set to 1500 seconds. After going back and forth with Cisco, they recommended setting the arp timeout to 300 seconds since we weren't having the problems with this before our 7K's went in. After making the change, mind you I'm not the primary engineer for the 7k, the problems seemed to have resolved themselves.
We did have to clear the arp table after the changes were made on each Vlan. What was strange was that it appeared to only affect IOS devices at first, but then we had MS Surfaces, Windows 10 PC's and tablets starting to exhibit problems. AVC wasn't ever enabled on our 8540's because of other posts in the thread. Cisco also recommended to disable DHCP profiling as a troubleshooting step on our 802.1x wireless network, but that didn't seem to have any impact on the problem. Since shortening the timer on the 7K's, we haven’t had any issues. September 2016 through November 2016 we upgraded our core to the 7K's, upgraded our wireless controllers from redundant 5508's to 8540 HA pairs, added nearly 800 1810W APs in our dorms and replaced all our 100Mbps switches (in dorms) with the Cisco 3850 10G model. We have an additional 850 3802 APs going into our Academic buildings as well as replacing all switches with the 3850 48port 10G model. With such a massive undertaking, we were bound to run into some issues, but our Cisco team, as well as our VAR (Sentinel) helped us expedite and get quite a few bugs resolved in record time. We've had only 16 network related tickets since January 5th, 2017 which is down from 80-100 when the students return from Winter Break. Considering I'm the only wireless engineer at the University, this upgrade has made things manageable and students very happy. Thanks for checking back on this thread. Take care, and have a great weekend! Shayne -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Spaans, Joel H Sent: Friday, March 17, 2017 2:41 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] MAC OSX Duplicate IP's Just finally got around to catching up on the Listserv. Shane, have you found a resolution to this issue? The default ARP timers on Cisco 6500 are actually 14400 seconds(4 hours). The default MAC address timers are 5 minutes. These were both Cisco standard up until Nexus(to my knowledge). Nexus uses a default ARP timer of 1500 seconds(25 minutes). The MAC address timer in Nexus is 1800 seconds(30 minutes). You'll notice that the ARP timer used to be longer than the MAC timers. Cisco has rightfully moved to a default that keeps the ARP timers lower than the MAC timers in order to reduce flooding of unicast frames. Did you change the ARP or MAC timers and what value did you set? Do any network devices in your environment have "ip device tracking" turned on? There is plenty of reading on Google about the problems this can cause. We saw this previous to our Nexus deployment with a some 3750X switches running 15.2 IOS. -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Shayne Ghere Sent: Tuesday, February 28, 2017 11:38 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] MAC OSX Duplicate IP's Hello Bruce, Thanks for the info. I read the info about the ARP Caching in FlexConnect mode and didn't never enabled it due to some issues others were having before we set everything up in September 2016. The second link was the bug on the 5500's I read about. The mac add count is only 10660, which isn't that high so we're leaning to the ARP Timeout in the Nexus switches being set at 1500 by default to 300 like they were in the 6500's before the upgrade. We made the timeout change a little over an hour ago, and so far so good, but there's still 13 hours to go. Ha ha Thanks again Shayne -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bruce Curtis Sent: Tuesday, February 28, 2017 11:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] MAC OSX Duplicate IP's Importance: High Are your APs in Flexconnect mode and if so do you have flex connect arp cache enabled? If so you might want to try disabling ARP caching. http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-2/config-guide/b_cg82/b_cg82_chapter_010010101.html https://quickview.cloudapps.cisco.com/quickview/bug/CSCuy29143 What model of card are the devices connected to on the Nexus 7ks? And how many MAC addresses are in the MAC address table (the layer 2 table, not the ARP table)? (check with "show mac address count”) We saw different symptoms when the MAC MAC address table was exceeded but it is still worth checking to eliminate as a possible problem. > On Feb 27, 2017, at 9:10 PM, Shayne Ghere <sgh...@fsmail.bradley.edu> > wrote: > > I’m reaching out since we just started having problems with users > complaining about getting messages on their Mac’s about a duplicate IP > address on the network. > > When looking in the ARP table of the Cisco Nexus switches, the mac > address of their computer isn’t in there, however the IP address their > machine has is owned by another mac address even though both the > Controller and Prime doesn’t see that machine associated. > > I came across an article that the Arp Cache Timeout on the 6509’s was 300 > seconds, but the Nexus (7K) has bumped it to 1500-1800 seconds now. That > jives with what I’m seeing as the disassociation time of the original > machine, and the duplicate message (within 20-25 minutes). > > The Arp-Cache timeout on the Controller is set for 1800 seconds, and > was configured that way since September 2016 (Cisco WLC 8540) with no > problems. > > This problem just cropped up within the past two weeks and is gaining > steam. Out of the 30 or so devices, 38 are Mac’s and the other two > are Windows 10 or Microsoft Surface tablets. > > This is only happening on our Secure 802.1x wireless network. > > We use Microsoft NPS for Radius and Linux DHCP/DNS. > > If anyone else is experiencing these issues, or could point us in the > right direction, I would greatly appreciate it. Our Server/Radius > team is fairly sure it’s not on their end, yet after talking with > Cisco, I’m fairly positive it’s not the Controller/Wireless. Not > finger pointing, just asking for some advice. > > Thanks in advance! > Shayne > > ---------------------------------- > T. Shayne Ghere > Bradley University > Wireless/Lan Network Engineer > 1501 W. Bradley Ave, Jobst 224A > (309) 677-3094 > sgh...@fsmail.bradley.edu > ---------------------------------- > UPCOMING OUT OF OFFICE > > > ********** Participation and subscription information for this > EDUCAUSE Constituent Group discussion list can be found at > http://www.educause.edu/discuss. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II 701-231-8527 North Dakota State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
