The solution to the problem of USG9100 firewall IP MAC binding

Publication Date:  2012-09-17 Views:  116 Downloads:  0
Issue Description
The IP MAC binding configuration is relatively simple, mainly because manual configuration is distributed by the main control board. The problem is not a particularly large number. Typical error is found after master board configured IP MAC-binding and not delivered to the business board.
Look up if the main control board has established IP MAC binding pairs through display fire MAC-binding item.
Alarm Information
Handling Process
When Hot-swappable recovery, modify that issuing the message to all business board, take each IPMAC binding peer according to the number of cycles in IPMAC packaged.
Pick out the sequence firewall index number where the binding peer in when configuring and issuing. This is the general problem, you can know it is the main control board problem or the business board problem by the command of display fire MAC-binding item.
Root Cause
There are these reasons according to that appeared.

1. Issue the configuration to all LPU main CPU when hot-swappable was recovered.
2. When hot-swappable recovery, due to the need to batch backup all IPMAC binding packaged in units of 30, but when access to remove only the beginning one.
3. When configure IPMAC of binding to a virtual firewall, because there is no index number virtual firewall judge issued that all IPMAC binding were configured to root firewall.
4. Bind IPMAC peer, and enable it, delete all IPMAC peers in the case of playing stream. It is found that IPC channel blockage in deleting process, and issuing delete command will fail.