The locale condition is USG9300-SW-OTN M920-M60.
The user feedback information is USG9300 can learn the ARP information of peer end M60 interface by passing vender switch(layer 2 accessing),but when the USG9300 connect wavelength division equipment direct ,it cannot learn the ARP information of peer end M60 interface.
We can ensure that under the situation of jumper swtich can connect peer end the working state of switch is direct connection by communication.There is no configuration on the switch.
Because there has the situation of they can connect each other ,we can make the problem of the wavelength division equipment cannot communicate each other focus negotiation and intensity.We can enter system to check information and have a test.
display int g1/0/11 this command can check the state of interface.we can find interface and protocol is UP.The incept intensity is about – 10 db.It is normal.
It can ping local interface ,but cannot ping the interface of peer end address.We can find the public network cannot ping peer end address if we shutdown the interface.After undoing the interface,it can ping pass.
Choose debug to check if the communication is normal:
Start debug and monitoring at first:
terminal debugging/terminal monitor.
Check the content of debug:
debugging ethernet packet arp interface g1/0/11
debugging ethernet packet ip interface g1/0/11
We can find that when we ping peer end equipment by passing firewall,it doesn’t send any message ,there is no arp request message.Basically we can affirm the problem of internal configuration,when we check the configuration ,we find user don’t add the interface to any security area.when we add the interface to any security ,there has arp learning message right now and it can ping peer end equipment.
Getting all the locale information at first,it is the configuration of correlation equipment and version,the state of interface.The correlation information of peer end equipment or concatenation equipment.The problem is :the intensity of optical fiber connection ,correlation interface negotiation parameter,system configuration and so on.
1、 USG9300 equipment must add the interface to security area ,it can learn the information of arp by communicating outside.
2、 For the testing result of user ,we can be doubtful of it.The information which is provided by user can be across-the-aboard：User network has used many security interface,They may forget to add the interface to security area when they expand a new interface.