No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Correct MAC Address Entries Cannot Be Generated

Correct MAC Address Entries Cannot Be Generated

This section describes the troubleshooting flowchart and provides a step-by-step troubleshooting procedure for the MAC address table fault.

Common Causes

This fault is commonly caused by one of the following:

  • The device fails to learn correct MAC address entries because of incorrect configuration.
  • The learned MAC addresses are updated frequently because of a loop on the network.
  • The MAC address learning function on the interface is disabled.
  • Blackhole MAC address entries and MAC address learning limit are configured on the interface.
  • The number of learned MAC addresses exceeds the maximum.

Troubleshooting Flowchart

MAC address entries cannot be generated on the device, so Layer 2 forwarding fails.

The troubleshooting roadmap is as follows:
  • Check the binding relationship between the outbound interface and the VLAN.
  • Check whether a loop occurs on the network.
  • Check whether the configurations on the interface conflict or MAC address learning limit is configured on the interface.
  • Check whether the number of learned MAC addresses exceeds the limit.

Figure 16-2 shows the troubleshooting flowchart.

Figure 16-2  Troubleshooting flowchart

Troubleshooting Procedure

Context

NOTE:

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Procedure

  1. Check that the configurations on the interface are correct.

    Run the display mac-address command in the system view to check whether the binding relationships between the MAC address, VLAN, and interface are correct.

    <Huawei> display mac-address 000f-e207-f2e0 
    ------------------------------------------------------------------------------- 
    MAC Address    VLAN/Bridge                       Learned-From        Type       
    ------------------------------------------------------------------------------- 
    0025-9e80-2494  1/-                               Eth 2/0/1            dynamic    
                                                                                    
    ------------------------------------------------------------------------------- 
    Total items displayed = 1                                                       

    If not, re-configure the binding relationships between the MAC address, VLAN, and interface.

    If so, go to Step 2.

  2. Check whether a loop on the network causes MAC address flapping.

    If a loop exists on the network, use either of the following methods to prevent MAC address flapping:

    • Remove the loop from the network.
    • Run the loop-detect eth-loop command in the VLAN view to enable the MAC flapping detection function. The AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 checks whether a MAC address moves from one interface to another in the VLAN. If MAC address flapping occurs, the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 blocks the interface or MAC address.

    If no loop exists, go to Step 3.

  3. Check that MAC address learning is enabled.

    Check whether MAC address learning is enabled in the interface view and the VLAN view.

    [Huawei-Ethernet2/0/1] display this      
    #                                                                               
    interface Ethernet2/0/1                              
     mac-address learning disable                                                   
     port hybrid tagged vlan 10                                                     
     undo negotiation auto 
    #                                                                               
    return                                                                                              
    [Huawei-vlan10] display this                                      
     #                                                                               
    vlan 10                                                                       
     mac-address learning disable                                                   
    #                                                                               
    return                                                                                                         

    If the command output contains mac-address learning disable, MAC address learning is disabled on the interface or VLAN.

    • If MAC address learning is disabled, run the undo mac-address learning disable command in the interface view or VLAN view to enable MAC address learning.
    • If MAC address learning is enabled on the interface, go to Step 4.
  4. Check whether any blackhole MAC address entry or MAC address limiting is configured.

    If a blackhole MAC address entry or MAC address limiting is configured, the interface discards packets.

    1. Run the display mac-address blackhole command to check whether any blackhole MAC address entry is configured.

      [Huawei] display mac-address blackhole                                           
      M------------------------------------------------------------------------------- 
      MAC Address    VLAN/Bridge                       Learned-From        Type       
      ------------------------------------------------------------------------------- 
      0001-0001-0001 3333/-                            -                   blackhole  
                                                                                      
      ------------------------------------------------------------------------------- 
      Total items displayed = 1                                                       

      If a blackhole MAC address entry is displayed, run the undo mac-address blackhole command to delete it.

    2. Run the display this command in the interface view or VLAN view.

      • If the command output contains mac-limit maximum, the number of learned MAC addresses is limited. Run either of the following commands:
        • Run the undo mac-limit command in the interface or VLAN view to disable MAC address limiting.
        • Run the mac-limit command in the interface or VLAN view to increase the maximum number of learned MAC addresses.
      • Run the display this command in the interface view. If the command output contains port-security max-mac-num or port-security enable, the number of secure dynamic MAC addresses is limited on the interface. Run either of the following commands:
        NOTE:
        By default, the limit on the number of secure dynamic MAC addresses is 1 after port security is enabled.
        • Run the undo port-security enable command in the interface view to disable port security.
        • Run the port-security max-mac-num command in the interface view to increase the maximum number of secure dynamic MAC addresses on the interface.

    If the fault persists, go to Step 5.

  5. Check whether the number of learned MAC addresses has reached the maximum supported by the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600.

    Run the display mac-address summary command to check the number of MAC addresses in the MAC address table.

    • If the number of learned MAC addresses has reached the maximum, no MAC address entry can be created. Run the display mac-address command to view MAC address entries.
      • If the number of MAC addresses learned on an interface is much more than devices on the network connected to the interface, the MAC address table may be maliciously updated by an attacker. Check the device connected to the interface:
        • If the interface is connected to a device, run the display mac-address command on the device to view its MAC address table. Locate the interface connected to the malicious user according to the displayed MAC address entries. If the interface that you find is connected to another device, repeat this step until you find the user of the malicious user.
        • If the interface is connected to a computer, perform either of the following operations after obtaining permission of the administrator:
          • Disconnect the computer. When the attack stops, connect the computer to the network again.
          • Run the port-security enable command on the interface to enable port security or run the mac-limit command to set the maximum number of MAC addresses that the interface can learn to 1.
        • If the interface is connected to a hub, perform either of the following operations:
          • Configure port mirroring and use a packet capture tool to observe packets received by the interface. Analyze the packet types to locate the attacking computer. Disconnect the computer after obtaining permission of the administrator. When the attack stops, connect the computer to the hub again.
          • Disconnect computers connected to the hub one by one after obtaining permission of the administrator. If the fault is rectified after a computer is disconnected, the computer is the attacker. After it stops the attack, connect it to the hub again.
      • If the number of MAC addresses on the interface is smaller than or equal to the number of devices connected to the interface, the number of devices connected to the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 has exceeded the maximum supported by the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600. Adjust network deployment.
    • If the number of MAC addresses has not reached the maximum supported by the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600, go to Step 6.
  6. Collect the following information and contact technical support personnel.
    • Results of the preceding troubleshooting procedure

    • Configuration file, log file, and alarm file of the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600

Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 447540

Downloads: 4305

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next