Users configure the IP and MAC binding, configuration is complete, the PC bound cannot ping the gateway, if unbind, it can ping the gateway. There is a layer switch forwarding between the PC and firewall.
Firewall configuration is as follows:
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall mac-binding enable
firewall mac-binding 172.16.12.1 78e7-d181-072e
ip address 172.16.12.254 255.255.255.0
firewall zone trust
set priority 85
add interface Vlanif1
1.check the configuration, ip address and mac address binding is correct.
2.It can see the mac address of the pc by disp arp when it is unbound. It cannot see the mac address of the pc when it is bound, but It can see the mac address of the pc by disp mac-address.
3. the PC bound cannot ping the gateway, but there is the session came from the PC in the firewall. It explains that the pc correctly learn the mac address of the gateway, but not back to the package, suspect firewall discarded.
4. Confirm the configuration again, if finds that the gateway is configured in vlanif interface, add the vlan id behind the bind command by switch port, modify the firewall configuration plus the vid, the problem is dealt.
1. Configuration problem.
2. ARP learning problem.
3. Other problem.
VID parameters need to be configured when switch port established sub interface through the VLANIF virtual routing port or in the routing port.