The AR3260 fails to access the private network. Consequently, the entire private network is faulty.
A connection timeout occurs.
1. Use a PC to replace the router and configure the router interface address to perform a ping test. The test result shows that the carrier's private network is normal. Therefore, the carrier's line or configuration faults are ruled out.
2. Check the routing log. There is only one ARP alarm in the log.
3. Collect statistics on traffic from the router to the private network gateway. It is found that there are incoming and outgoing packets, but other private network addresses cannot be pinged. (It has been confirmed that other private network addresses can be pinged.)
4. Enable STP on the private network port to eliminate loops. The problem persists.
5. Check session records on the router. A large number of sessions of port 445 are found. Then check the memory usage of the router. The memory usage exceeds 95%.
6. Disable port 445 on the router. The network becomes normal.
Public IP addresses are used to frequently attack the router, resulting in a large number of sessions on the router. As a result, the memory usage is excessively high, and other sessions cannot be processed quickly, causing the network fault.
Configure ACL filtering rules on the external network interface to deny sessions of port 445 (both TCP and UDP sessions need to be rejected).
If the memory usage of Huawei routers is excessively high, network faults may be caused. Therefore, both logs and sessions need to be analyzed to quickly rectify faults.