No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

After the Server get virus lead to could not normally receive arp message, so direct connection is impassability

Publication Date:  2019-07-18  |   Views:  270  |   Downloads:  0  |   Author:  SU1001429751  |   Document ID:  EKB1000018576

Contents

Issue Description

The networking:


Our device usg5320 is as export device, upstream connect to the Internet network, downstream connect to SW and then connect Server.
Server address is 192.168.1.3, usg5320 intranet interface address and intranet gateway is: 192.168.1.2;
Problem phenomenon:
A intranet Server ping impassability to gateway, our device also ping impassability to intranet Server.
Our device ping 192.168.1.3 impassability:

Alarm Information

none

Handling Process

1.need close the firewall and anti-virus software on the server;
2. Inspect our device configuration, and the configuration is without problem, the user directly connect the server to our device;
3. Arp table, find that our device can learn the server MAC, ask the user to check the server arp table, find that cannot learn device MAC;
the arp table of the Server:
C:\Documents and Settings\tt>arp –a
Interface:192.168.1.3 --- 0X10005
Interface  Address          Physical  Address       Type
192.168.1.1                XXXX-XXXX-XXXX        dynamic
192.168.1.6               XXXX-XXXX-XXXX             dynamic
device arp table:
[USG2130]dis  arp
16:22:25  2012/05/17
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE 
192.168.1.108   XXXX-XXXX-XXXX  20        D           Eth1/0/2
                                             1/-
192.168.1.97    XXXX-XXXX-XXXX  20        D           Eth1/0/2
                                             1/-
192.168.1.3     XXXX-XXXX-XXXX  20        D           Eth1/0/0
                                             1/-
------------------------------------------------------------------------------
Total:56        Dynamic:55      Static:0    Interface:1
4.Open debugging arp in our device, find arp message is normal; explains the problem is at the Server;
debugging  arp  packet 
16:22:49  2012/05/17

*0.2285550 USG2130 ARP/7/arp_rcv:Receive an ARP Packet, operation : 1, sender_eth_addr : XXXX-XXXX-XXXX, sender_ip_addr : 192.168.1.3, target_eth_addr : 0000-0000-0000, target_ip_addr : 192.168.1.2
*0.2285550 USG2130 ARP/7/arp_send:Send an ARP Packet, operation : 2, sender_eth_addr : XXXX-XXXX-XXXX,sender_ip_addr : 1.168.1.2, target_eth_addr : XXXX-XXXX-XXXX, target_ip_addr : 192.168.1.3
5. Through obtaining packet and check the Server task manager, find the Server has virus; After kill virus, the problem solved.
After kill the Server Antivirus, the arp table become normal:
C:\Documents and Settings\tt>arp –a
Interface:192.168.1.3 --- 0X10005
Interface  Address          Physical  Address       Type
192.168.1.1                XXXX-XXXX-XXXX        dynamic
192.168.1.6               XXXX-XXXX-XXXX             dynamic
192.168.1.2              XXXX-XXXX-XXXX          dynamic

Root Cause

After the Server get virus lead to could not normally receive arp message, so direct connection is impassability

Suggestions

none