Packets are lost after A2A VPN is deployed on the AR


After A2A VPN is deployed, if the size of A2A VPN packets exceeds the interface MTU and the DF flag is not set to 0, the A2A VPN packets are discarded, causing packet loss. In this case, run the ipsec df-bit clear command to allow A2A VPN packets to be fragmented.

Will the configuration of an AR router be lost after the SRU is replaced
The configuration file of an AR router is stored in the storage medium of the SRU. For a single-control router, the configuration of a router is subject to the new SRU. For a dual-control router, the router automatically copies the configuration file to the standby SRU after the active SRU is switched over to the standby SRU.

Why is the DHCP configuration lost on an AR after a while
If Auto-Config is enabled, the AR will periodically clear all DHCP configurations, causing DHCP configuration loss. To solve the problem, perform the following steps: 1. Run the undo autoconfig enable command on the AR to disable Auto-Config. 2. Wait for 4 or 5 minutes and run the display autoconfig-status command to check the Auto-Config status. If the value of Running is NO, the Auto-Config function has been disabled. 3. Perform the configuration and run the save command.

The packets sent to an IP address in a configured NAT address pool are discarded
Q: The packets sent to an IP address in a configured NAT address pool are discarded. You can run the ip route-static command to configure a static route to the IP address. The default priority of a static route is 60, which is higher than that of the UNR. This prevents packets sent to an IP address in the address pool from being discarded. The causes are as follows: After a NAT address pool is configured on an interface, a 32-bit local user network route (UNR) is automatically generated, and its priority is 64. When a packet to be sent to an IP address in the address pool passes the router, it matches the 32-bit local UNR and is sent to the protocol stack. However, the router cannot forward the packet because it does not have the protocol stack of the IP address. The packet is discarded. Therefore, you need to configure a static route with the default priority higher than that of the UNR.

How to check ping packet loss on S series switches
For S series switches (except the S1700), you can run the ping command to check ping packet loss directly. For example: [HUAWEI] ping -c 100 PING 56 data bytes, press CTRL_C to break Reply from bytes=56 Sequence=1 ttl=124 time=1 ms ... --- ping statistics --- 100 packet(s) transmitted //Total number of sent packets 91 packet(s) received //Total number of received packets 9.00% packet loss //Packet loss ratio round-trip min/avg/max = 1/1/19 ms You can also perform the following steps to configure traffic statistics collection to check ping packet loss: Configure traffic statistics collection for packets received by a switch. 1. Configure an ACL rule. [HUAWEI] acl number 3000 [HUAWEI-acl-adv-3000] rule permit icmp source 0 destination 0 [HUAWEI-acl-adv-3000] quit 2. Configure a traffic classifier. [HUAWEI] traffic classifier 3000 [HUAWEI-classifier-3000] if-match acl 3000 [HUAWEI-classifier-3000] quit3. Configure a traffic behavior. [HUAWEI] traffic behavior 3000 [HUAWEI-behavior-3000] statistic enable [HUAWEI-behavior-3000] quit 4. Configure a traffic policy. [HUAWEI] traffic policy 3000 [HUAWEI-trafficpolicy-3000] classifier 3000 behavior 3000 [HUAWEI-trafficpolicy-3000] quit 5. Apply the traffic policy to an interface. [HUAWEI] interface gigabitethernet 0/0/2 [HUAWEI-GigabitEthernet0/0/2] traffic-policy 3000 inbound [HUAWEI-GigabitEthernet0/0/2] quit 6. Check traffic statistics of packets received by the switch. [HUAWEI] display traffic policy statistics interface gigabitethernet 0/0/2 inbound verbose rule-base //The output is omitted. For more information about ping packet loss, see "Ping Failure Troubleshooting" or "S Series Switches packet Loss Troubleshooting" in "Maintenance Topics" in the Huawei S Series Campus Switches Maintenance Guide.

