The S9312 switch user surf the Internet ,and frequent off-line, off-line about 3 minutes recovery, intermittent service; when off-line the network adapter prompt can not obtain the gateway MAC address.
1. Binding the PC network adapter and gateway MAC address then test, users surf the Internet normally. Locate the problem as ARP attack, but the user network is complex, user requires circumvent from the device side.
2. The client PC off-line for 3 minutes, then could be on-line, device configured the detection function to prevent the Gateway conflict,for post-conflict ARP packets discarded within three minutes, but the network ARP attack is not resolved, the function can not be closed .
3. The device open strict ARP entry learning function leads to the problems of the PC network card can not learn the MAC address of the gateway, VLANIF interface of user is enabled send free ARP packets, used to send ARP packets to all hosts regularly. Make the host to get to the correct network management MAC address, and eventually solve the problem.
1. The user's PC off-line the network adapter prompt can not obtain the gateway MAC address. Initial judge it is caused by ARP attack.
2.Check the device configuration, the core switch S9312 configured “arp anti-attack gateway-duplicate enable” command, enabled the command，if found the gateway address conflict ARP packet then in the follow-up period of time (3 minutes by default) direct discard the packet. This is the reason why the user off-line about 3 minutes to recover.
3. The device also open a strict ARP entry learning , the device only learning the reply packets of that they send ARP request packets, no respond to the client host was attacked by ARP sent the request NMS MAC address ARP packets, the PC can not obtain the MAC address of the gateway.