No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Huawei AR3260 Fails to Access the Private Network

Publication Date:  2019-04-15 Views:  17 Downloads:  0
Issue Description

The AR3260 fails to access the private network. Consequently, the entire private network is faulty.

Alarm Information

A connection timeout occurs.

Handling Process

1. Use a PC to replace the router and configure the router interface address to perform a ping test. The test result shows that the carrier's private network is normal. Therefore, the carrier's line or configuration faults are ruled out.

2. Check the routing log. There is only one ARP alarm in the log.

3. Collect statistics on traffic from the router to the private network gateway. It is found that there are incoming and outgoing packets, but other private network addresses cannot be pinged. (It has been confirmed that other private network addresses can be pinged.)

4. Enable STP on the private network port to eliminate loops. The problem persists.

5. Check session records on the router. A large number of sessions of port 445 are found. Then check the memory usage of the router. The memory usage exceeds 95%.

6. Disable port 445 on the router. The network becomes normal.

Root Cause

Public IP addresses are used to frequently attack the router, resulting in a large number of sessions on the router. As a result, the memory usage is excessively high, and other sessions cannot be processed quickly, causing the network fault.

Solution

Configure ACL filtering rules on the external network interface to deny sessions of port 445 (both TCP and UDP sessions need to be rejected).

Suggestions

If the memory usage of Huawei routers is excessively high, network faults may be caused. Therefore, both logs and sessions need to be analyzed to quickly rectify faults.

END