No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


The Network Works Improperly After an Interface Switchover Because the Firewall Address Mask Configuration Is Incorrect

Publication Date:  2012-07-17 Views:  99 Downloads:  0

Issue Description

At an office site, the customer assigns the public IP address of Gi0/0/3 to Gi2/0/1. Then the carrier gateway can be pinged through, but intranet users cannot access the public network by using NAT.

Alarm Information


Handling Process

  1. Run the nat arp-gratuitous send command for Gi2/0/1 to send gratuitous ARP information. The network is still abnormal.
  2. According to the DEBBGE information, the peer end fails to learn the local ARP information. This indicates the gratuitous ARP information fails to be sent.
  3. Check the interface address and the NAT address pool. The two are not on the same network segment, so the at arp-gratuitous send command execution fails.
  4. Check the local IP address and mask configuration with the carrier. The configuration is incorrect. The network recovers after the configuration is rectified.
The network works normally before the interface switchover because the peer device proactively initiates ARP requests and Huawei Symantec firewall just responds.
After the interface switchover, the ARP on the peer device has not aged, so the peer device does not initiate ARP requests. Moreover, due to the incorrect firewall interface address mask, gratuitous ARP information cannot be sent. As a result, the network becomes abnormal.

Root Cause

The carrier device fails to learn the ARP information of the NAT address pool on Huawei Symantec firewall.