Why cannot an AR router be configured with IP packet check options

10

The IP packet check options can be configured only on the Layer 2 interface of an AR router by running the IP source check command. On the Layer 3 interface, the interface must be converted to a Layer 2 interface before IP packet check options can be configured.

Other related questions:
Why cannot an AR router filter packets it sends
The forwarding mechanism of an AR router is separate from the control mechanism. The control security policies set on the AR router do not apply to packets the AR router sends.

Duplicate option check in DHCP packets on S series switch
As specified in RFC, duplicate Options are not recommended in a DHCP packet if the length of the Option field in the DHCP packet does not exceed 255 bytes. However, different vendors process the Option field differently. DHCP response packets sent from some servers may contain duplicate options, such as Option 3 and Option 51. In some versions, after DHCP is enabled using the dhcp enable command, the switch drops received DHCP packets with duplicate options. In V100R003 and earlier versions, the switch checks for duplicate options in DHCP packets by default. In V100R006 and later versions, the switch does not check for duplicate options in DHCP packets by default. You can run the dhcp anti-attack check duplicate option command in the system view to enable the switch to check for duplicate options in DHCP packets.

Can the switch check for DHCP packets with duplicate options
In V100R006 and later versions, you can run the dhcp anti-attack check duplicate option command in the system view to enable the switch to check for DHCP packets with duplicate options.

Why cannot an AR router send trap messages

SNMP provides the trap function to control the output of trap messages. An AR router generates trap messages only when the trap function has been enabled on the AR router.

Perform the following operations to enable the trap function on an AR router:

  1. Run the system-view command to enter the system view.
  2. Run the snmp-agent trap enable command to enable the AR router to send trap messages to the NMS.
  3. Run the snmp-agent target-host trap-paramsname paramsname v1 securityname securityname [ binding-private-value ] [ trap-filterprofilename filterprofilename ] [ private-netmanager ] command to set parameters for sending trap messages.
    NOTE:
    • V200R001C01 and later versions support binding-private-value.
    • V200R002C00 and later versions support private-netmanager.
  4. Run the snmp-agent target-host trap-hostname hostname address ipv4-addr [ udp-port udp-portid ] [ public-net | vpn-instance vpn-instance-name ] trap-paramsname paramsname command to specify the destination host for receiving trap messages and error codes.
    NOTE:

    The default destination UDP port number is 162. To ensure secure communication between the NMS and managed devices, run the udp-port command to change the UDP port number to a non-well-known port number.


How do I view the broadband account of the AR router
Run the display current-configuration command to check the configuration file of the AR router. 1. When the AR router functions as the PPPoE server and "local-user user1@system service-type ppp" is queried, user1@system is the user name of the local account. 2. When the AR router functions as the PPPoE client and "ppp chap user user1@system" or "ppp pap local-user user1@system password" is queried, user1@system is the user name of the local account.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top