USG is connected to a ONT in layer 2 so in this way USG can obtain an IP address from customer network to provide Internet access.
USG provides Internet access to the different VLANs by making a nat with the IP address obtained in the interface connected to the ONT.
Vlan2 is used for AP management, Vlan 3 for users connected to a wireless hide network, vlan 4 for users connected to a wireless public network and Vlan 5 for users connected to the 5 service ports of USG.
USG6310 is observing from NMS located in central site through VPN tunnel established between USG6310 and USG6660.
Fault: While only Vlan 3 and 5 are working (AP6510 is disconnected), the USG can provide the Internet service normally, however when the AP6510 is connected, the users begin to increase (as the wireless network is free and public) and the Internet access becomes intermittent.
Alarm displayed in NMS: Communication Between NMS And NE Is Abnormal
1. Verify if USG reboots while the fault occurs do discard hardware issue: USG is working normally
2. Verify CPU usage of USG6310 when the fault occurs to discard software issue or capability: The CPU is under 60% and it is common for the version used (V100R001C20SPC700)
3. Verify the connectivity between USG and next hops: USG cannot reach his gateway, however OLT can reach USG, so USG continues working and answering petitions.
4. Make a packet copy tested at USG port connected to ONT while USG send a continuous ping to gateway at the time of the fault: The capture displays that USG doesn't receive an answer from gateway.
5. Ask customer to check the link that is connected to USG.
Workaround: Change the ONT connected to USG to level 3 operation. (Router mode)
In the original topology, the ONT was working in switch mode, so USG get an IP address from customer network and the gateway received directly the service requests from the USG and after several requests, the service was denied because customer security rules.
So after change the ONT to router mode, USG obtained a local IP address form ONT and in this way the requests form USG are handled by the ONT first, so the ONT makes the communication with the Gateway to avoid the denial of services.