Why traffic forwarding fails if the NAT or QoS configuration on a physical interface is modified after dialup succeeds

0

This problem occurs in the following situations:
-In RS-DCC, the dialer_bundle-member command is used to specify a dialer bundle for the physical interface.
-In C-DCC, the dialer circular-group command is used to specify a dialer circular group for the physical interface.
To resume traffic forwarding, terminate the dialup connection and redial to establish a link. After dialup succeeds, do not modify the NAT or QoS configuration on the physical interface.

Other related questions:
How to handle the problem that traffic cannot be transmitted when the NAT or QoS configuration is modified on the physical interface after the dial-up is successful
When the dialer_bundle-member command is run in the resource-shared DCC method to set the Dialer bundle that a physical interface belongs to or the dialer circular-group command is run in the circular DCC method to set the dial-up circulation group, traffic cannot be transmitted when the NAT or QoS configuration is modified on the physical interface after the dial-up is successful. In this case, the dial-up connection must be disconnected first and established again to transmit traffic normally. In addition, users must not modify the NAT or QoS configuration on the physical interface after the dial-up is successful.

Reason why devices on two private networks cannot communicate after IPSec is configured on the AR
Devices on two private networks fail to communicate with each other after IPSec is configured. The possible causes are as follows: -The public addresses of two IPSec-enabled devices cannot be pinged. -There is an error in the data flow to be encapsulated with the IPSec header or both IPSec and NAT are performed for the same data flow. You can run the display acl all command to check ACL matching. If both IPSec and NAT are performed for the same data flow, use either of the following method to prevent data flow overlapping: -Ensure that the destination IP address denied in the ACL rule referenced by NAT is the destination IP address in the ACL rule referenced by IPSec. By doing so, the device does not perform NAT on the data flow protected by IPSec. -The ACL rule referenced by IPSec matches the NAT-translated IP address. -The AR incorrectly learns private routes. The outbound interface of the route to the destination private network is not the public network interface with enabled IPSec.

Possible causes for failures to forward Layer 3 traffic between directly connected interfaces on CE series switches
In V100R002 and later versions, the interface can be switched to the Layer 3 mode through the undo portswitch command. The possible causes for a Layer 3 traffic forwarding failure between interfaces are as follows:
- The interface is connected incorrectly.
- The physical layer status of the interface is Down.
- The interface is not assigned an IP address.
- The IP addresses of interfaces are on different network segments.
You can run the display interface command to check the physical layer status and IP address of an interface.
display interface 10ge 1/0/1
10GE1/0/1 current state : UP (ifindex: 16)
Line protocol current state : UP
Last line protocol up time : 2013-12-26 03:20:13
Description:
Route Port,The Maximum Frame Length is 9216
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0025-9e01-0205
Port Mode: COMMON FIBER, Port Split: -
Speed : 10000, Loopback: NONE
Duplex: FULL, Negotiation: DISABLE
Mdi : -
Last physical up time : 2013-12-26 03:20:13
Last physical down time : 2013-12-26 03:20:02
Current system time: 2013-12-27 01:58:44
………�?br>

Why does dialup often fail on a 3G cellular interface

The possible causes are as follows:

  • The 3G data card cannot be identified on the current network or is not supported on the AR.
  • The 3G data card does not match the current network. For example, authentication or service required on the current network is not enabled on the data card or USIM/SIM card. As a result, authentication or negotiation fails in dialup.
  • The 3G data card is not registered with available networks, due to weak signal strength or other reasons. Run the display cellular command to check information about 3G signals. The Current Service Status field must be displayed as "Service available", and the signal strength must be in the allowed range.
  • An incorrect connection mode is configured on the 3G data card. For example, the 3G data card has a SIM card installed but its connection mode is set to WCDMA-only.
  • The USIM/SIM card is not properly installed.
  • The 2G/3G services are not enabled on the USIM/SIM card.
  • The account balance of the USIM/SIM card is insufficient.
  • The USIM/SIM card works incorrectly. Run the display cellular command to check whether the USIM/SIM card is in correct state. The status of the USIM/SIM card must be Ok not Not insert.
  • Check whether 3G configurations, including the dialer number are correct. Check whether PPP authentication is required when the 3G cellular interface accesses a CDMA2000 network.
  • No profile is configured or a profile is incorrectly configured.
  • The 3G cellular interface is shut down using the shutdown command.

Why cannot VRRP traffic be forwarded after MFF is enabled
If MFF is enabled on a device for Layer 2 isolation, an MFF entry is generated after a DHCP user gets online. The Gateway IP field in the MFF entry is the real gateway address. VRRP has been enabled on the device, so the Layer 3 gateway is a virtual VRRP gateway address. The destination MAC address and gateway IP address of the outgoing user packet are the virtual MAC address and virtual gateway address, which are different from those in the MFF entry. Therefore, VRRP traffic cannot be forwarded. To solve this problem, change the gateway list of the DHCP server as the VRRP virtual gateway address. After a DHCP user re-logs in, its MFF entry is updated. The gateway IP address and MAC address in the MFF entry are the virtual gateway address and virtual MAC address, so VRRP traffic can be forwarded.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top