No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

After the Server get virus lead to could not normally receive arp message, so direct connection is impassability

Publication Date:  2012-10-29 Views:  51 Downloads:  0
Issue Description
The networking:


Our device usg5320 is as export device, upstream connect to the Internet network, downstream connect to SW and then connect Server.
Server address is 192.168.1.3, usg5320 intranet interface address and intranet gateway is: 192.168.1.2;
Problem phenomenon:
A intranet Server ping impassability to gateway, our device also ping impassability to intranet Server.
Our device ping 192.168.1.3 impassability:
Alarm Information
none
Handling Process
1.need close the firewall and anti-virus software on the server;
2. Inspect our device configuration, and the configuration is without problem, the user directly connect the server to our device;
3. Arp table, find that our device can learn the server MAC, ask the user to check the server arp table, find that cannot learn device MAC;
the arp table of the Server:
C:\Documents and Settings\tt>arp –a
Interface:192.168.1.3 --- 0X10005
Interface  Address          Physical  Address       Type
192.168.1.1                00-18-82-3a-78-7a        dynamic
192.168.1.6               00-19-6a-71-9b             dynamic
device arp table:
[USG2130]dis  arp
16:22:25  2012/05/17
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE 
192.168.1.108   00e0-4db1-5f84  20        D           Eth1/0/2
                                             1/-
192.168.1.97    0024-1db7-6371  20        D           Eth1/0/2
                                             1/-
192.168.1.3     0025-11e6-8515  20        D           Eth1/0/0
                                             1/-
------------------------------------------------------------------------------
Total:56        Dynamic:55      Static:0    Interface:1
4.Open debugging arp in our device, find arp message is normal; explains the problem is at the Server;
debugging  arp  packet 
16:22:49  2012/05/17

*0.2285550 USG2130 ARP/7/arp_rcv:Receive an ARP Packet, operation : 1, sender_eth_addr : 0025-11e6-8515, sender_ip_addr : 192.168.1.3, target_eth_addr : 0000-0000-0000, target_ip_addr : 192.168.1.2
*0.2285550 USG2130 ARP/7/arp_send:Send an ARP Packet, operation : 2, sender_eth_addr : 0022-a109-bedb,sender_ip_addr : 1.168.1.2, target_eth_addr : 0025-11e6-8515, target_ip_addr : 192.168.1.3
5. Through capture packet and check the Server task manager, find the Server has virus; After kill virus, the problem solved.
After kill the Server Antivirus, the arp table become normal:
C:\Documents and Settings\tt>arp –a
Interface:192.168.1.3 --- 0X10005
Interface  Address          Physical  Address       Type
192.168.1.1                00-18-82-3a-78-7a        dynamic
192.168.1.6               00-19-6a-71-9b             dynamic
192.168.1.2              6c-f0-49-4e-15-53          dynamic

Root Cause
After the Server get virus lead to could not normally receive arp message, so direct connection is impassability
Suggestions
none

END