No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Standby E200 firewall send free arp lead to business interrupted

Publication Date:  2012-10-18 Views:  158 Downloads:  0

Issue Description

2 sets of E200 firewall run VRRP and backup each other, when the standby E200 firewall’s network side upstream port is up, always will send free arp message, lead to upper layer routers learnt the standby IP and MAC address, make the downstream link business is interrupted.

Alarm Information


Handling Process

Add “vrrp VID” in E200’s NAT “nat address-group ”,
NAT address - group 1 VRRP VID.
Problem solving.

Root Cause

Through analysis the message, found when the standby E200 network side port up, the sending interface is real IP’s free arp, at the same time the nat address pool which is in the same network segment with the interface sends free arp, the address in the configured nat address pool is consistent with virtual IP, lead to upper equipment learnt the virtual IP’s free arp. So check the spare E200 configuration, found that it hasn’t brought VRRP parameters when configure NAT addres-group, the nat address pool in two-node cluster hot backup network need to bring the corresponding VRRP id, address pool in the VRRP only the main firewall will send free arp, otherwise the standby firewall will also send arp.