S7706 VRRP状态正常，实地址之间互ping不通

两台S7706配置两组VRRP，上联防火墙为vlanif 100的VRRP100，下联S57为vlanif 200的VRRP200，防火墙之间为主备模式
当前vrrp状态正常，两台S77之间使用vlanif200的接口实地址互ping正常，vlanif100的接口实地址互ping不通
大致配置及VRRP状态如下：
S7706-1：
#
interface GigabitEthernet1/0/0
 description TO-JNTXD-S7706-02
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet2/0/0
 description TO-JNTXZX-USG6650-01
 port link-type access
 port default vlan 200
#
interface Vlanif100
 ip address 10.146.202.2 255.255.255.192
 vrrp vrid 100 virtual-ip 10.146.202.1
 vrrp vrid 100 priority 200
#
interface Vlanif200
 description TO-JNTXZX-USG6650-01
 ip address 10.146.202.133 255.255.255.248
 vrrp vrid 200 virtual-ip 10.146.202.132
 vrrp vrid 200 priority 200
# 
===============display vrrp===============
================================================
  Vlanif100 | Virtual Router 100
    State : Master
    Virtual IP : 10.146.202.1
    Master IP : 10.146.202.2
    PriorityRun : 200
    PriorityConfig : 200
    MasterPriority : 200
    Preempt : YES   Delay Time : 0 s
    TimerRun : 1 s
    TimerConfig : 1 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-0164
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Create time : 2017-02-15 15:32:55
    Last change time : 2017-02-15 15:33:36

  Vlanif200 | Virtual Router 200
    State : Master
    Virtual IP : 10.146.202.132
    Master IP : 10.146.202.133
    PriorityRun : 200
    PriorityConfig : 200
    MasterPriority : 200
    Preempt : YES   Delay Time : 0 s
    TimerRun : 1 s
    TimerConfig : 1 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-01c8
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Create time : 2017-02-15 15:32:55
    Last change time : 2017-02-15 15:33:36
S7706-2：
#
interface Vlanif100
 ip address 10.146.202.3 255.255.255.192
 vrrp vrid 100 virtual-ip 10.146.202.1
 vrrp vrid 100 priority 150
#
interface Vlanif200
 description TO-JNTXD-USG6650-02
 ip address 10.146.202.134 255.255.255.248
 vrrp vrid 200 virtual-ip 10.146.202.132
#
 ===============display vrrp===============
================================================
  Vlanif100 | Virtual Router 100
    State : Backup
    Virtual IP : 10.146.202.1
    Master IP : 10.146.202.2
    PriorityRun : 150
    PriorityConfig : 150
    MasterPriority : 200
    Preempt : YES   Delay Time : 0 s
    TimerRun : 1 s
    TimerConfig : 1 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-0164
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Create time : 2017-02-16 10:09:16
    Last change time : 2017-02-16 10:09:16

  Vlanif200 | Virtual Router 200
    State : Backup
    Virtual IP : 10.146.202.132
    Master IP : 10.146.202.133
    PriorityRun : 100
    PriorityConfig : 100
    MasterPriority : 200
    Preempt : YES   Delay Time : 0 s
    TimerRun : 1 s
    TimerConfig : 1 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-01c8
    Check TTL : YES
    Config type : normal-vrrp
    Backup-forward : disabled
    Create time : 2017-02-15 17:27:37
    Last change time : 2017-02-15 17:28:19

1、VRRP状态正常，说明两台S77之间心跳报文能正常交互，也说两台设备之间有链路可正常通信，但是互ping不通，首先确认是否arp学习问题：
S77-1：
D  10.146.202.3    487b-6b94-3f5b 100  GE1/0/0                   02-16 08:43:12
S77-2：
D  10.146.202.2    487b-6b94-3beb 100  GE1/0/1                   02-16 08:44:10
可以看到arp都是从彼此心跳口学习到的，理论上是可以互通的，需要进一步排查；
2、目前ping不通，肯定其中某台设备回包或者发包问题，流统确认故障点：
[JN-JNTXZX-S7706-01]dis tra po st in g 1/0/0 in

 Interface: GigabitEthernet1/0/0
 Traffic policy inbound: 3000
 Rule number: 2
 Current status: success
 Statistics interval: 300
---------------------------------------------------------------------
 Board : 1
---------------------------------------------------------------------
 Matched          |      Packets:                             5
                  |      Bytes:                             530
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Passed         |      Packets:                             5
                  |      Bytes:                             530
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
[JN-JNTXZX-S7706-01]dis tra po st in g 1/0/0 out

 Interface: GigabitEthernet1/0/0
 Traffic policy outbound: 3000
 Rule number: 2
 Current status: success
 Statistics interval: 300
---------------------------------------------------------------------
 Board : 1
---------------------------------------------------------------------
 Matched          |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Passed         |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
通过流统可以看到S7706-01设备有收包，无回包，确认问题出在S7706-01上，进一步排查设备上异常告警发现：
#Feb 16 2017 10:33:48 JN-JNTXZX-S7706-01 L2IFPPI/4/MAC_FLAPPING_ALARM:OID 1.3.6.1.4.1.2011.5.25.42.2.1.7.12 The MAC address has flap value. (L2IfPort=0, entPhysicalIndex=0, BaseTrapSeverity=4, BaseTrapProbableCause=549, BaseTrapEventType=1, MacAddr=0000-5e00-010a, VLANID=200, FormerIfDescName=GigabitEthernet1/0/0, CurrentIfDescName=GigabitEthernet2/0/0, DeviceName=JN-JNTXZX-S7706-01)
S7706-01上大量mac飘移，飘移端口为上联防火墙接口G1/0/0和与S7706-02互联端口G2/0/0，怀疑链路成环导致
3、核实防火墙设置，确认防火墙当前为主备状态，不支持透传bpdu报文，S77无法通过bpdu检测到环路，导致业务成环，mac飘移，无法正常互访，由于防火墙不支持类似交换机的堆叠特性，建议S77交换机双上行分别上联两台防火墙，并允许bpdu报文透传
更改为双上行后问题解决

S77上行链路更改为分别双上行到两台防火墙上，问题解决