Silent host abnormal offile and can't online

Created: Dec 26, 2018 20:28:59Latest reply: Dec 29, 2018 16:12:39 183 4 6 0

【Problem Description】

There are devices in the customer's networkthat are authenticated by the MAC address and have a static IP address.

Devices do not send anything to the network(they are waiting until they are accessed by users).

When  the device is connected to thenetwork, authentication is successful and  the VLAN number is assigned to theport of connection of the terminal  device.

Problem:

When the MAC table on the access switchdecreases to 0 (deleting the MAC record), the port switches to VLAN 1.

The device is no longer authenticated andtherefore can not be accessed.


【Problem Analysis】


1、Check the Silent host vlan configuration it is in the vlan 200


202928zkkyg9xw7wyzvfqk.png


2、Check the switch configuration we found there is no vlan 200 ip address.

202933ve4y442qcqnidigt.jpg


Depend on this if there is no vlanif 200, So the device sends an ARP probe  packet to check the user online status. If the user does not respond  within a detection period, the device considers that the user is offline.



【Root Cause】


Configuration suggest


【Solution Description】


So customer need configuration the access-user arp-detect vlan 200 to detect thesilent host

202935b7w3wwc4h5cchz3y.jpg

For more detail please reference:


http://support.huawei.com/hedex/pages/EDOC100017784331189655/05/EDOC100017784331189655/05/resources/dc/access-user_arp-detect.html?ft=0&fe=10&hib=13.1.14.7.2&id=access-user_arp-detect&text=access-user%2520arp-detect&docid=EDOC1000177843



  • x
  • convention:

Torrent     Created Dec 29, 2018 11:31:12 Helpful(0) Helpful(0)

  • x
  • convention:

Finn92  Visitor   Created Dec 29, 2018 14:01:06 Helpful(0) Helpful(0)

The access-user arp-detect command sets the source IP address and source MAC address of offline detection packets in a VLAN.

The undo access-user arp-detect command deletes the source IP address and source MAC address of offline detection packets in a VLAN.

By default, the source IP address and source MAC address are not specified for offline detection packets in a VLAN.
  • x
  • convention:

No.9527  Enthusiast Technician   Created Dec 29, 2018 14:57:38 Helpful(0) Helpful(0)

The device sends an ARP probe packet to check the user online status. If the user does not respond within a detection period, the device considers that the user is offline.

If the VLAN to which the user belongs does not have a VLANIF interface or the VLANIF interface does not have an IP address, the device sends an offline detection packet using 0.0.0.0 as the source IP address. If a user cannot respond to an ARP probe packet with the source IP address 0.0.0.0, you can specify a source IP address for the offline detection packet. You are advised to specify the user gateway IP address and its corresponding MAC address as the source IP address and source MAC address of offline detection packets.
  • x
  • convention:

yjhd  Enthusiast Technician   Created Dec 29, 2018 16:12:39 Helpful(0) Helpful(0)

Depend on this if there is no vlanif 200, So the device sends an ARP probe packet to check the user online status. If the user does not respond within a detection period, the device considers that the user is offline.
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top