No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

IP Addresses of Some Terminals Obtained from the S6720 Change Frequently

Publication Date:  2019-07-17 Views:  114 Downloads:  0

Issue Description

The IP addresses of wired terminals frequently change.

The attempt to bind an IP address in the address pool to an online PC failed, and an error message is displayed, indicating that the address state is incorrect. However, an IP address is successfully bound to another online PC.

 

Handling Process

Analyze the IP address conflict of wired network segments, and it is found the Detect Type is ARP. That is, when a terminal obtains an IP address, it detects an IP address conflict.

<xxxx-1> more  conflict.txt

Conflict file updated at 09/30/2018 16:38:32                                  

******************************************************************************

Pool name: Vlanif19                                                          

==============================================================================

IP                              Detect Time                     Detect Type  

10.64.29.8                      09/29/2018 10:21:46             arp          

10.64.29.13                     09/28/2018 11:21:05             arp          

10.64.29.14                     09/28/2018 11:32:37             arp          

10.64.29.20                     09/29/2018 03:00:08             arp          

10.64.29.32                     09/28/2018 10:55:08             arp          

10.64.29.39                     09/28/2018 10:02:57             arp     

10.64.30.164                    09/30/2018 04:11:12             arp  

The restart of the core switch results in the loss of address allocation logs, which may cause address conflicts. However, address conflict detection using ARP probe packets may also report false address conflicts. According to the customer, 802.1X authentication has been configured on the access switch, so a false conflict may be reported.

[xxx-1-POE]display current-configuration | inc arp       

access-user arp-detect default ip-address 0.0.0.0

 

[xxx-1-POE] display access-user mac-address  8c16-4582-faae

 

Basic:

User ID                         : 376

User name                       : HOBOT\lu.bai

Domain-name                     : hobot_dot1x.cc                 

User MAC                        : 8c16-4582-faae

User IP address                 : 192.168.1.119

User vpn-instance               : -

User IPv6 address               : -

User access Interface           : GigabitEthernet2/0/18

User vlan event                 : Success       

QinQVlan/UserVlan               : 0/19

User vlan source                : user request                 

User access time                : 2018/09/29 16:25:32

User accounting session ID      : nj-acc50201800000001949fbcd0000178

Option82 information            : -

User access type                : 802.1x

Terminal Device Type            : Data Terminal 

 

AAA:

User authentication type        : 802.1x authentication

Current authentication method   : RADIUS

Current authorization method    : -

Current accounting method       : None

 

[xxx-1-POE]display dhcp snooping statistics

DHCP Snooping Statistics:

 

Client Request:

Dhcp Discover:                  106

Dhcp Request:                   1310

Dhcp Decline:                   38

Dhcp Release:                   2

Dhcp Inform:                    15

Server Reply:

Dhcp Offer:                     1578

Dhcp Ack:                       5112

Dhcp Nak:                       152

Drop Packet:

Dropped by mac-address check:   0

Dropped by untrust reply:       0

Dropped by request conflict:    0

Dropped by untrust relay-forw:  0

Delete DHCP snooping table:

Receive release packet:         2

Receive decline packet:         38

Lease expired:                  0

User command:                   0

Client transfers:               4

Interface down:                 52

Arp detect:                     0      

Ucm notify:                     0

Root Cause

When a wired terminal attempts to obtain an IP address (triggered by inserting or removing a network cable), it receives an ARP probe packet from the access switch. An IP address conflict is falsely reported. As a result, the terminal address changes.

The IP address pool only allows idle (or expired) IP addresses to be bound to terminals. Therefore, online users cannot be bound to their own IP addresses.

An IP address is successfully bound to the other PC because the PC address allocation log was lost due to a device restart two days ago. The device does not respond to the PC request for going online in two steps, and the PC does not automatically switch to the four-step online mode. Instead, the PC directly uses the temporary IP address with a lease of 7 days. As a result, the IP address is still in the idle state on the device. Therefore, the binding is successful.

Solution

Change the source IP address and source MAC address of the ARP probe packet on the access switch to prevent the terminal from reporting address conflict incorrectly.

[HUAWEI] access-user arp-detect vlan 19 ip-address 10.64.28.1 mac-address 340a-9867-9765

In the command, 10.64.28.1 is the gateway address of VLAN 19, and 340a-9867-9765 is the MAC address of the gateway for VLAN 19.

 

Configure the function of saving IP address allocation logs on the core switch to prevent address allocation logs from being lost after restart.

[HUAWEI] dhcp server database enable

[HUAWEI] dhcp server database recover

END