No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

USG2130 transmit mode access in results communication abnormal

Publication Date:  2012-09-26 Views:  40 Downloads:  0
Issue Description

as fig H3C router as MPLS area PE equipment,manage ip:1.1.1.126,H3C switch as CE equipment manage ip:1.1.1.124,USG2130 access these through transmit mode,set manage ip:1.1.1.125

The ip of :1.1.1.124 PE equipment H3C router access CE equipment H3C switch is normal,and the ip of :1.1.1.124 CE equipment H3C switch access PE equipment H3C router is normal. But after USG2130 transmit mode access in these two,communication of PE and CE is abnormal,PE can not access in ip of CE,except USG2130 access CE successful first,or CE access PE successful first,PE can access manage ip of CE 
Alarm Information
none
Handling Process
As can not Telnet equipment,we direct customer gathering corresponding information,base feed back information analyze,found USG2130 just learnt mac address of PE,not learnt mac address of CE. Found customer set interzone policy in USG2130,and set l2fwdfast enable. Try to close fast forward function,after test found pe can access ce normally 
Root Cause
Firstly,doubt transmit mode of USG2130 did not transparent broadcast message arp-request which sent by PE,or USG2130 flood arp-request,but CE did not receive or request arp-replay. After ensure by research staff,layer 2 fast forward impact interzone policy,caused passed if have mac,not pass if no mac,actually,no mac is denny by interzone policy. Layer2 fast forward just depend on mac list,and dispose unicast,in other words,after transmit mode USG2130 received arp-request broadcast message by PE,because of open layer2 forward,this arp-reques has been drop,not flood to CE,so PE can not get mac address of CE,so PE can not ping CE 
Suggestions
We need be familiar with 2 layer switch forward flow,and must mastery difference transmit mode USG firewall character and simple 2 layer switch character. Recommend read technology document  TPDC1205031913

END