No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Troubleshooting Guide

CloudEngine 16800, 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
A Loop Occurs Between CE12800 and ME60 Due to a Redirection Policy

A Loop Occurs Between CE12800 and ME60 Due to a Redirection Policy

Networking Diagram

Figure 16-13 Networking diagram

Scenario

The client is authenticated through ME60's layer 3 subinterface, and accesses the Internet through ME60's physical interface. In normal situations, the process should be as follows:

1. The CE12800 redirects the packets from client to the ME60's layer 3 subinterface GE1/0/4.10.

2. After the ME60 authenticates the client, it returns response packets to the CE12800.

3. The client accesses the Internet through ME60's physical interface GE1/0/4.

Symptom

A loop is generated between the ME60 and CE12800.

Root Cause

A global redirection policy is configured for the inbound direction of the CE12800. When the packets from the client reach CE12800's GE1/0/1, they are redirected to the ME60's layer 3 subinterface GE1/0/4.10. After the ME60 completes authentication, response packets are returned to CE12800's GE1/0/2. However, GE1/0/2 redirects the packets to the ME60's layer 3 subinterface GE1/0/4.10 again according to the redirection policy. Therefore, a loop occurs between the ME60 and CE12800, and packets cannot reach the Internet through ME60's GE1/0/4.

Solution

Disable the global redirection policy on the CE12800, and configure a redirection policy for the inbound direction on only the CE12800's GE1/0/1. When the ME60 completes authentication, the response packets are returned to the CE12800's GE1/0/2 and will not be redirected to the ME60's GE1/0/4.10. In this situation, the loop will not occur. The configuration procedure is as follows:

  1. Configure an ACL rule.

    #
    acl 3000
    rule 5 permit ip source 10.10.254.0 0.0.0.255
    #
  2. Configure a traffic classifier.

    #
    traffic classifier c1
    if-match acl 3000
    #
  3. Configure a traffic behavior.

    #
    traffic behavior b1
    redirect nexthop 10.150.100.1
    #
  4. Configure a traffic policy.

    #
    classifier c1 behavior b1
    #
  5. Apply the traffic policy.

    #
    Interface GE1/0/1
    traffic-policy p1 inbound
    #

Conclusion and Suggestion

  • After a global redirection policy is configured on a device, all the interfaces on the device will redirect received packets to the specified interface.
  • After a redirection policy is configured on an interface, only this interface will redirect received packets to the specified interface.
  • In this case, the redirection policy can only be applied to an interface of the CE12800.
Translation
Download
Updated: 2020-01-07

Document ID: EDOC1000060766

Views: 606175

Downloads: 2941

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next