Why cannot I access the online banking in multi-egress scenarios


For the sake of online banking system security, unreachable source IP addresses cannot exist. When performing load balancing, an AR may load balance the traffic for accessing the online banking system to different outbound interfaces using the Hash algorithm. As a result, when IP addresses are translated to different source IP addresses after NAT is implemented on these interfaces, the online banking system will reject the traffic, causing an access failure.
The online banking system of some banks does not support dual-egress access. In this scenario, you can implement load balancing based on source IP addresses to ensure that the incoming and outgoing traffic for accessing the online banking is from a fixed interface.
For example, configure load balancing based on a source IP address.
[Huawei]ip load-balance hash src-ip

Other related questions:
Why DHCP users go online through the S2700, but cannot access the Internet
When a large number of DHCP users go online through the S2700, the S2700 generates a large number of dynamic DHCP snooping binding entries. On the S2700 V1R6C00SPC800, the software provides incorrect priority settings for DHCP snooping binding entries and IP source guard and DAI ACL rules, and the ACL rules have a higher priority than DHCP snooping binding entries. As a result, the software delivers the ACL rules but not DHCP snooping binding entries. User packets cannot be forwarded because no binding entry is available. Solution: Install S2700SPH006, enable DHCP users to go online again, and reconfigure IP source guard and DAI on the physical interface from which DHCP users go online.

STAs are associated with other APs in multi-AP scenarios
In multi-AP scenarios, STAs may be associated with other APs when a long Beacon frame transmission interval is set. STAs obtain information about peripheral WLANs in either of the following ways: - Passive scan: STAs scan Beacon frames sent by surrounding APs to obtain WLAN information. - Active scan: STAs actively send Probe Request frames and receive Probe Response frames to obtain wireless signals. STA can actively or passively scan surrounding WLANs. When a STA passively scans WLANs and APs are densely deployed, the STA can receive Beacon frames from another AP but not the nearest AP, and perform association.

STAs cannot access some websites
Procedure for troubleshooting this problem 1. Access other websites on the STA. 2. Try to access the websites through the wired network. If these websites cannot be accessed through both wired and wireless networks, this problem is not related to the AC or AP. In this case, check the websites and egress devices.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top