07/11/2024 136 People found this article helpful 449,386 Views
Diagnose your network topology with SonicWall built-in Packet Monitor (layer 2 loops)
Having the same subnets connected to two physical interfaces is not supported, unless the following Mode / IP assigment options are used on the interface:
The following problems may show up with layer 2 loops:
Please note that ARP timeout is 10 minutes (by default).
Procedure for checking your network:
Step 1: Set up a packet capture: System | Packet Monitor | Configure
Under Monitor Filter:
Clear all the fields, set 'Ether Type' to 'ARP', Enable Bidirectional Address and Port Matching.
Under Display filter:
Clear all the fields, Enable Bidirectional Address and Port Matching, Enable 'Forwarded', 'Generated', 'Consumed' and 'Dropped''.
Under Advanced Monitor filter:
Enable all options.
Accept your Packet Capture settings.
Step 2: Start the packet capture using the 'Start Capture' option and wait for it to get some data.
Depending on the size of your network, it may take more than 20 minutes to get a full picture of what is going on. Usually it should be much faster.
(If you are a experienced SonicWall user, you may use the 'Send Gratitious ARP' diagnostic option to generate some ARP traffic on demand)
Stop the packet capture using the 'Stop Capture' option and hit the 'Refresh' button.
Step 3: At this point you should be able to see the ARP traffic captured, similiarly to:
In general (to verify if a loop is present) we will be looking for:
Additionally, you may be able to see:
Step 4: In order to get a clear view, use Configure | Display Filter to show dropped packets only:
Filtered the packet capture:
Step 5: Compare captured traffic with your network settings (Network | Interfaces):
As per example, we may see the following networks:
1.1.1.0 connected to X2
2.2.2.0 connected to X3
3.3.3.0 connected to X6
Filtered packet capture (Step 4) shows:
1.1.1.1 (X2 subnet) arriving on X3 (#89) and X6 (#90)
2.2.2.2 (X3 subnet) arriving on X2 (#96) and X6 (#98)
3.3.3.3 (X6 subnet) arriving on X1 (#108) and X2 (#110)
which indicates that X2, X3 and X6 are bridged.
Please note, that packets from a VLAN tagged interfaces should also be limited to their VLAN interfaces.
F.i.: 11.11.11.15 host on X2:V11 should not be visible on X2:V16.
Vlan tagged packets should not show up on non-vlan interfaces.
Resolution steps are listed below: