A WiMAX Client Can Obtain an IP Address from the S3700/S3300, But Cannot Ping the Gateway

Publication Date:  2015-10-13 Views:  340 Downloads:  0
Issue Description
A WiMAX client is connected to an S3700/S3300. The client can obtain an IP address from the S3700/S3300, but cannot ping the gateway. After the S3700/S3300 is replaced with a Cisco device, the client can ping the gateway.

Figure 5-1 WiMAX client cannot ping the gateway

Handling Process
1. Capture packets on the switch's interface connected to the WiMAX client and on the WiMAX client. You can find that the ARP packet sent by the S3700/S3300 to request for the WiMAX client's IP address is discarded by the WiMAX client.

2. Replace the S3700/S3300 with a Cisco device. The problem is resolved. Capture packets on the Cisco device. You can find that the ARP request packet is still discarded by the WiMAX client, but the Cisco device still learns the ARP entry of the client.

3. Check the configuration on the S3700/S3300. You can find that the arp learning strict function is enabled on the S3700/S3300 by default. With the strict ARP learning function enabled, the switch learns ARP entries from only the ARP reply packets sent in response to the ARP request packets sent by itself. Run the undo arp learning strict command in the system view to disable strict ARP learning. The ARP learning on the switch is normal.
Root Cause
As the arp learning strict function is enabled on the S3700/S3300 by default, the switch learns ARP entries from only the ARP reply packets sent in response to the ARP request packets sent by itself.
Solution
Run the undo arp learning strict command in the system view to disable strict ARP learning.
Suggestions
The strict ARP learning function can prevent most ARP attacks. However, when the switch is connected to WiMAX clients, you need to disable strict ARP learning on the switch, so that the switch can learn the ARP entries of WiMAX clients.

END