Got it
Enterprise
Community Forums Switches
NAC ARP detect fail

NAC ARP detect fail

Latest reply: Nov 27, 2018 13:37:26 1799 4 5 0
display all floors #1

【Problem Description】

Our users are facing disconnections to the applications connected when NAC is applied and also observed gateway is also not reachable during the issue.


【Problem Analysis】

As today remotesession, we can see all the terminals offline reason is “ARP detect fail” asfollow

<CTS_CHN_T-NAGAR_SW2_4TH_F>disp aaa offline-record all
 ------------------------------------------------------------------------------
  Username             :141877b3cae7
  Domainname           : default
  UserMAC             : 1418-77b3-cae7
  User accesstype      : MAC
  User accessinterface : GigabitEthernet0/0/20
  Qinqvlan/User vlan   : 0/10
  User IPaddress       : 192.168.228.48
  User IPV6address     : FE80::137:70C4:B95B:906C
  UserID              : 550
  User logintime       : 2018/09/28 13:56:41
  Useroffline time     : 2018/09/28 14:43:53
  User offline reason  : ARP detect fail

According to thereason, so we configure the below command

access-userarp-detect vlan 10 ip-address 192.168.228.6 mac-address 0000-0c07-ac0a

Then the terminal disconnect(plug-out cable) and connect again, observe more than 10 minutes, didn’t disconnect again, seems fine.

Another thing, please note: once any fault terminal,please disconnect(plug-out cable) and connect again, then that command can beeffective and issue can be solved.


【Root Cause】

Once the ip-phonedon’t use for a period of time, the gateway will detect the terminal failed,then make terminal offline, so we can see the offline reason is “ARP detectfail


【Solution Description】

Once the ip-phone don’t use for a period of time, the gateway will detect the terminal failed,then make terminal offline. After the period of time, if want to use theip-phone again, then it will re-authenticateagain. So occurred previous issue.

 

So we need configure the below command to detect the terminal all the time, then it will not beoffline.

access-userarp-detect vlan 10 ip-address 192.168.228.6 mac-address 0000-0c07-ac0a

  • x
  • convention:

Helpful (5) Favorite(0) Share Report
Previous: Differences between loop-protection, root-protection and bpdu-protection
Next: Two modes about configure LAG
Mark.hu
Created Nov 13, 2018 01:31:21 Helpful(0) Helpful(0)

In a local area network, when a host or other network device has data to send to another host or device, it must know the logical address (ie, IP address) of the other party. However, only logical addresses are not enough, because IP data messages must be encapsulated into frames to be sent over the physical network. Therefore, the transmitting station must also have the physical address of the receiving station, so a mapping from logical address to physical address is required. The Address Resolution Protocol ARP is used to map an IP address to an Ethernet MAC address (or physical address).
View more
  • x
  • convention:
Torrent
Created Nov 13, 2018 01:53:43 Helpful(0) Helpful(0)

once any fault terminal,please disconnect(plug-out cable) and connect again, then that command can beeffective and issue can be solved.
thanks for sharing us such a good example, I learned a lot.NAC ARP detect fail-2799803-1
View more
  • x
  • convention:
Skay
Created Nov 27, 2018 07:32:55 Helpful(0) Helpful(0)

thanks for your sharing .

i want to know protocol car value how to adjust ? i mean the value how to discern ?for example , arp-request threshold 1000 , this value whether effect the really arp-request packets ? if the arp-request discard by device , i think customer services will be impact .

Thanks a lot .
View more
  • x
  • convention:
littlestone
Created Nov 27, 2018 13:37:26 Helpful(0) Helpful(0)

At any time, when a host or router has a datagram to send to another host or router, it must have the logical (IP) address of the receiving station. But IP datagrams must be encapsulated in frames to pass through physical networks. This means that the sending station must have the physical address of the receiving station. Therefore, a mapping from logical address to physical address is needed.
As we mentioned earlier, both static and dynamic mappings can do this. The association between logical address and physical address can be stored in a table statically, and the sending station can find the physical address corresponding to the logical address in the table, but as we discussed earlier, this is not a good solution. This table must be updated whenever the physical address changes. Frequently updating tables on all machines is a very cumbersome task.
But this mapping can be made dynamic, that is, the sending station can request the receiving station to announce its physical address when needed. ARP is designed for this purpose
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.

APP

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.