S7700 V200R007C00SPC500 arp表项不刷新

发布时间:  2016-10-24 浏览次数:  182 下载次数:  0
问题描述

版本信息

S7700 V200R007C00SPC500

组网概述

FW1FW2为友商防火墙,配置了VRRP双机热备,FW1VRRP的主,FW2VRRP备,VRRP虚拟地址为192.168.0.254;主备防火墙分别与华为S7706交换机相连

组网拓扑图


配置信息

S7700

arp learning strict

#

interface GigabitEthernet0/0/2

 port link-type access

 port default vlan 2

#

interface GigabitEthernet0/0/3

 port link-type access

 port default vlan 2

#

interface vlanif 2

ip address 192.168.0.3 24

故障现象

shutdown FW1GE0/0/2,主备发切换,S7700 ping 192.168.0.254能通;使FW2GE0/0/2 up后,主设备发生抢占,S7700 ping 192.168.0.254不通

处理过程

1.     查看arp表项,arp从接备防火墙的接口上学习到

<Huawei>display arp

IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE INTERFACE      VPN-INSTANCE     

                                          VLAN

------------------------------------------------------------------------------

192.168.0.3     4c1f-ccfc-7019            I -  Vlanif1

192.168.0.254   0000-5e00-0101  20        D-0  GE0/0/2

                                          1

------------------------------------------------------------------------------

Total:2         Dynamic:1       Static:0     Interface:1   

 

2.查看mac地址表,mac地址从主设备的接口上学习到

<Huawei>display mac-address

MAC address table of slot 0:

-------------------------------------------------------------------------------

MAC Address    VLAN/       PEVLAN CEVLAN Port            Type      LSP/LSR-ID 

               VSI/SI                                              MAC-Tunnel 

-------------------------------------------------------------------------------

0000-5e00-0101 1           -      -      GE0/0/3         dynamic   0/-        

-------------------------------------------------------------------------------

Total matching items on slot 0 displayed = 3

根因

由于交换机配置了arp严格学习,FW1抢占成为主发送免费arp,交换机的mac地址表会刷新,但arp表项不会刷新,导致三层转发的出接口不正确

解决方案

方案一:

关闭arp严格学习

[S7700]undo arp learning strict

方案二:

开启mac刷新arp功能,

[S7700] mac-address update arp

END