No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S9300 user loop caused AP off-line

Publication Date:  2012-11-21 Views:  69 Downloads:  0
Issue Description
S9300 connecting WLAN AP off-line, S9300 PING AP management address and packet lost
Alarm Information
Check on WLAN AC found that AP state banormal.
Handling Process
1、Check by the command disp cpu-defend  arp-request statistics  slot 5 ,found that ARP packet not much, belong to nomal range;
Check by the command display interface brief, the port traffic is about 5%, exclude ARP attack.
2、Check DHCP SERVER address pool taken situation, 254 address, only 110 be used, remain much, exclude address pool exhausting.
3、It doubt that loop caused MAC flapping. open MAC flapping detection.
System view:[Quidway]loop-detect eth-loop alarm-only
VLAN view:[Quidway -vlan36]loop-detect eth-loop alarm-only
It reported following alarm:L2IFPPI/4/MFLPVLANALARM:OID 1.3.6.1.4.1.2012.3.22.160.3.7 Loop exist in vlan 36, for  mac-flapping.
It verified that loop caused mac flapping.
Someone wrong connected the reticle 2 hours before, break the loop and solve the problem.
Root Cause
Off-line AP convergence in one management VLAN, it maybe:
1、User ARP attack caused AP learn arp abnormal in management VLAN and off-line;
2、VLAN address pool exhaust;
3、Loop caused MAC address flapping and AP off-line.
Suggestions
When AP be off-line cosmically, specially in some specific VLAN, besides loop detection configuration, open mac flapping detection function.
Configure on system view:[Quidway]loop-detect eth-loop alarm-only
Configure on VLAN view:[Quidway -vlan36]loop-detect eth-loop alarm-only
It detected flapping alarm, judge that it caused by loop.

END