NOTE
Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct
the fault, you will have a record of your actions to provide Huawei technical support personnel.
Procedure
Step 1
Run the
display arp anti-attack configuration entry-check
command on the AR2200-S to
check that ARP anti-spoofing is enabled.
l
If the following information is displayed, ARP anti-spoofing is not enabled.
ARP anti-attack entry-check mode: disabled
Run the
arp anti-attack entry-check
{
fixed-mac
|
fixed-all
|
send-ack
}
enable
command
to enable ARP anti-spoofing.
NOTE
Before enabling ARP anti-spoofing, run the
reset arp
interface
interface-type interface-number
command to delete the ARP entries learned by the user-side interface.
l
If the mode of ARP anti-spoofing is set to
send-ack
, go to step 2.
l
If the mode of ARP anti-spoofing is set to
fixed-mac
, go to step 3.
l
If the mode of ARP anti-spoofing is set to
fixed-all
, go to step 4.
Step 2
Perform the following steps to locate the fault in
send-ack
mode.
1.
Capture packets on the user-side interface by configuring port mirroring. If the AR2200-
S does not send an ARP request, go to step 4.
2.
If the AR2200-S sends ARP requests but does not receive an ARP reply, check that the
network connection between the AR2200-S and the user is normal.
3.
If the AR2200-S receives ARP reply packets from the user, run the
display cpu-defend
statistics
packet-type
arp-reply
command to check statistics about ARP reply packets. If
the number of dropped ARP reply packets keeps increasing, the possible cause is that the
rate of ARP reply packets exceeds the CPCAR. In this case, increase the rate limit value
by using the
packet-type
command.
4.
If the fault persists, go to step 4.
Step 3
Run the
display arp
all | include
ip-address
command to check the modified information in the
ARP entry.
If the interface number or VLAN ID is changed, you do not need to take any action because it
is normal in
fixed-mac
mode. If the MAC address is changed, go to step 4.
Step 4
Collect the following information and contact Huawei technical support personnel:
l
Results of the preceding troubleshooting procedure
l
Configuration file, log file, and alarm file of the AR2200-S
----End
Relevant Alarms and Logs
Relevant Alarms
l
1.3.6.1.4.1.2011.5.25.165.2.2.2.2
Huawei AR2200-S Series Enterprise Routers
Troubleshooting
10 Security
Issue 01 (2012-01-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
286