ARP detect fail

Created: Oct 23, 2019 08:25:17Latest reply: Oct 23, 2019 08:27:56 90 1 1 1
  Rewarded Hi-coins: 0 (problem resolved)

Mac address authentication is performed on the switch. After the authentication succeeds, the user goes offline every 5 minutes.

The command output shows that the user goes offline because the ARP probe is offline.


[XXX]display aaa offline-record all

  ------------------------------------------------------------------------------

  Username             :121d7t32rea5

  Domainname           : mac_authen

  UserMAC             : 121d-XXXX-XXXX

  User accesstype      : MAC

  User accessinterface : GigabitEthernet0/0/1

  Qinq vlan/Uservlan   : 0/110

  User IPaddress       : x.x.x.x

  UserID              : 314

  User logintime       : 2019/10/19 19:07:39

  User offlinetime     : 2019/10/19 19:12:39

  User offline reason  : ARP detect fail

  ------------------------------------------------------------------------------


  • x
  • convention:

Featured Answers
Popeye_Wang
Admin Created Oct 23, 2019 08:27:56 Helpful(0) Helpful(0)

Hi,

The device sends an ARP probe packet to check the user online status. If the user does not respond within a detection period, the device considers that the user is offline.

If the VLAN to which the user belongs does not have a VLANIF interface or the VLANIF interface does not have an IP address, the device sends an offline detection packet using 0.0.0.0 as the source IP address. Some terminals cannot respond to an ARP probe packet with the source IP address 0.0.0.0. Therefore, the device logs them out unexpectedly after the default detection period (5 minutes).

 To resolve this problem, use either of the following methods:

  • Run the access-user arp-detect vlan vlan-id ip-address ip-address mac-address mac-address command to specify a VLAN ID, source IP address, and source MAC address for ARP probe packets.

//In this case access-user arp-detect vlan 110 ip-address x.x.x.x(gateway) mac-address 121d-XXXX-XXXX

  • Run the authentication timer handshake-period handshake-period command to increase the handshake period so that the device can detect gratuitous ARP packets that these clients send at an irregular period. Once the device detects such packets, it does not log them out.

Refer to https://support.huawei.com/hedex/hdx.do?docid=EDOC1100101074&id=EN-US_TASK_0176368884&text=Setting%252520the%252520Source%252520Address%252520of%252520Offline%252520Detection%252520Packets&lang=en

Hope this can help you.

  • x
  • convention:

All Answers
Popeye_Wang
Popeye_Wang Admin Created Oct 23, 2019 08:27:56 Helpful(0) Helpful(0)

Hi,

The device sends an ARP probe packet to check the user online status. If the user does not respond within a detection period, the device considers that the user is offline.

If the VLAN to which the user belongs does not have a VLANIF interface or the VLANIF interface does not have an IP address, the device sends an offline detection packet using 0.0.0.0 as the source IP address. Some terminals cannot respond to an ARP probe packet with the source IP address 0.0.0.0. Therefore, the device logs them out unexpectedly after the default detection period (5 minutes).

 To resolve this problem, use either of the following methods:

  • Run the access-user arp-detect vlan vlan-id ip-address ip-address mac-address mac-address command to specify a VLAN ID, source IP address, and source MAC address for ARP probe packets.

//In this case access-user arp-detect vlan 110 ip-address x.x.x.x(gateway) mac-address 121d-XXXX-XXXX

  • Run the authentication timer handshake-period handshake-period command to increase the handshake period so that the device can detect gratuitous ARP packets that these clients send at an irregular period. Once the device detects such packets, it does not log them out.

Refer to https://support.huawei.com/hedex/hdx.do?docid=EDOC1100101074&id=EN-US_TASK_0176368884&text=Setting%252520the%252520Source%252520Address%252520of%252520Offline%252520Detection%252520Packets&lang=en

Hope this can help you.

  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login