At an office site, the customer assigns the public IP address of Gi0/0/3 to Gi2/0/1. Then the carrier gateway can be pinged through, but intranet users cannot access the public network by using NAT.
Run the nat arp-gratuitous send command for Gi2/0/1 to send gratuitous ARP information. The network is still abnormal.
According to the DEBBGE information, the peer end fails to learn the local ARP information. This indicates the gratuitous ARP information fails to be sent.
Check the interface address and the NAT address pool. The two are not on the same network segment, so the at arp-gratuitous send command execution fails.
Check the local IP address and mask configuration with the carrier. The configuration is incorrect. The network recovers after the configuration is rectified.
The network works normally before the interface switchover because the peer device proactively initiates ARP requests and Huawei Symantec firewall just responds.
After the interface switchover, the ARP on the peer device has not aged, so the peer device does not initiate ARP requests. Moreover, due to the incorrect firewall interface address mask, gratuitous ARP information cannot be sent. As a result, the network becomes abnormal.
The carrier device fails to learn the ARP information of the NAT address pool on Huawei Symantec firewall.