Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Diagnose your network topology with SonicWall built-in Packet Monitor (layer 2 loops)

03/26/2020 108 People found this article helpful 98,635 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Diagnose your network topology with SonicWall built-in Packet Monitor (layer 2 loops)

    Resolution

    Having the same subnets connected to two physical interfaces is not supported, unless the following Mode / IP assigment options are used on the interface:

    • Transparent IP Mode
    • Layer 2 Bridged Mode
    • Wire Mode

    The following problems may show up with layer 2 loops:

    • Unit becomes unstable due to high CPU usage:
      • tWebMain
      • tWebListen
      • tDataPlaneTask
      • dpCore(X)
    • Unit becomes unreachable due to missing ARP entry
    • Unit crashes randomly
    • Unit has a suspicious number of active connections
    • IP spoof messages are reported by the Intrusion Prevention module
    • Some devices connected to the SonicWall become unreachable randomly

    Please note that ARP timeout is 10 minutes (by default).


    Procedure for checking your network:

    Step 1: Set up a packet capture: System | Packet Monitor | Configure
    Image
    Under Monitor Filter:
    Clear all the fields, set 'Ether Type' to 'ARP', Enable Bidirectional Address and Port Matching.
    Image
    Under Display filter:
    Clear all the fields, Enable Bidirectional Address and Port Matching, Enable 'Forwarded', 'Generated', 'Consumed' and 'Dropped''.
    Image
    Under Advanced Monitor filter:
    Enable all options.

    Accept your Packet Capture settings.

    Step 2: Start the packet capture using the 'Start Capture' option and wait for it to get some data.
    Image
    Depending on the size of your network, it may take more than 20 minutes to get a full picture of what is going on. Usually it should be much faster.
    (If you are a experienced SonicWall user, you may use the 'Send Gratitious ARP' diagnostic option to generate some ARP traffic on demand)
    Stop the packet capture using the 'Stop Capture' option and hit the 'Refresh' button.

    Step 3: At this point you should be able to see the ARP traffic captured, similiarly to:
    Image
    In general (to verify if a loop is present) we will be looking for:

    • Packets with the 'Source IP' from a subnet different than the subnet configured on the 'Ingress' interface.
    • Identical packets arriving on two different 'Ingress' interfaces at the same time.

    Additionally, you may be able to see:

    • Packets with the 'Source IP' 169.254.1.0 to 169.254.254.255 (inclusive). These are hosts not able to reach a DHCP server - trying auto configuration.
    • Packets with the 'Source IP' 0.0.0.0 (ARP generated by some network stacks).


    Step 4: In order to get a clear view, use Configure | Display Filter to show dropped packets only:
    Image
    Filtered the packet capture:
    Image
    Step 5: Compare captured traffic with your network settings (Network | Interfaces):
    Image
    As per example, we may see the following networks:
    1.1.1.0 connected to X2
    2.2.2.0 connected to X3
    3.3.3.0 connected to X6

    Filtered packet capture (Step 4) shows:
    1.1.1.1 (X2 subnet) arriving on X3 (#89) and X6 (#90)
    2.2.2.2 (X3 subnet) arriving on X2 (#96) and X6 (#98)
    3.3.3.3 (X6 subnet) arriving on X1 (#108) and X2 (#110)

    which indicates that X2, X3 and X6 are bridged.

    Please note, that packets from a VLAN tagged interfaces should also be limited to their VLAN interfaces.
    F.i.: 11.11.11.15 host on X2:V11 should not be visible on X2:V16.
    Vlan tagged packets should not show up on non-vlan interfaces.


    Resolution steps are listed below:

    • Check if your switches are connected properly.
    • Check if VLAN tagging is set up properly in your network.
    • Check NAT policies on the SonicWall, specify inbound and outbound interfaces for each policy, if possible.
    • Check if servers connected to multiple subnets are not bridging ARP traffic.
    • Check if PCs/laptops connected to multiples subnets are not bridging ARP traffic (especially users connected simultaneously via WiFi and Cable).
    • Check if there is any source of multicast traffic in the network.

    Related Articles

    • ‘Error sending one-time password’ encountered when connecting to NetExtender
    • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSsp series
    • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSA series

    Categories

    • Firewalls > TZ Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall NSA Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:bc25ceab620983726ed9b9f9e3bc8474-80