The NM Address of MA5300 can Access the Network but Fails to be PINGed when Being Regarded as a Static User

Publication Date:  2012-07-27 Views:  111 Downloads:  0
Issue Description
MA5200F connects MA5300. The NM address of the MA5300 can access the network but cannot be PINGed when being regarded as the static user of MA5200.
Alarm Information
none
Handling Process
1) Check the MA5200 configuration to ensure that it is normal. 2) Open the debug ARP packet to see the ARP packet from MA520 and receive the ARP response packet from the MA5300. 3) Check the MA5300 configuration and find that the MA5300 is configured with an acl, which only permits to be accessed by the gateway address of MA5300. The MA5200 is configured with the loopback0 address, which is the original address when the MA5200 pinging users and is not allowed to access the MA5300, so the MA5300 cannot be pinged. 4) To solve the problem, add the loopback0 address of MA5200 into the acl of MA5300.
Root Cause
The reason for the above problem is that the MA5300 is configured with an acl, which can only be accessed by the gateway address of MA5300. The MA5200 is configured with the loopback0 address, which is the source address when the MA5200 pings users, and this address is not allowed to access the MA5300, so the MA5300 cannot be pinged. But why the ARP packet can still be sent and received? After switching on the debug switch, we find that the source address of the ARP packet sent from MA5200F is the right interface address (gateway address of MA5300), which is permitted by acl.

END