This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
NAC ARP detect fail

NAC ARP detect fail

Latest reply: Nov 27, 2018 13:37:26 1454 4 5 0
display all floors #1

【Problem Description】

Our users are facing disconnections to the applications connected when NAC is applied and also observed gateway is also not reachable during the issue.


【Problem Analysis】

As today remotesession, we can see all the terminals offline reason is “ARP detect fail” asfollow

<CTS_CHN_T-NAGAR_SW2_4TH_F>disp aaa offline-record all
 ------------------------------------------------------------------------------
  Username             :141877b3cae7
  Domainname           : default
  UserMAC             : 1418-77b3-cae7
  User accesstype      : MAC
  User accessinterface : GigabitEthernet0/0/20
  Qinqvlan/User vlan   : 0/10
  User IPaddress       : 192.168.228.48
  User IPV6address     : FE80::137:70C4:B95B:906C
  UserID              : 550
  User logintime       : 2018/09/28 13:56:41
  Useroffline time     : 2018/09/28 14:43:53
  User offline reason  : ARP detect fail

According to thereason, so we configure the below command

access-userarp-detect vlan 10 ip-address 192.168.228.6 mac-address 0000-0c07-ac0a

Then the terminal disconnect(plug-out cable) and connect again, observe more than 10 minutes, didn’t disconnect again, seems fine.

Another thing, please note: once any fault terminal,please disconnect(plug-out cable) and connect again, then that command can beeffective and issue can be solved.


【Root Cause】

Once the ip-phonedon’t use for a period of time, the gateway will detect the terminal failed,then make terminal offline, so we can see the offline reason is “ARP detectfail


【Solution Description】

Once the ip-phone don’t use for a period of time, the gateway will detect the terminal failed,then make terminal offline. After the period of time, if want to use theip-phone again, then it will re-authenticateagain. So occurred previous issue.

 

So we need configure the below command to detect the terminal all the time, then it will not beoffline.

access-userarp-detect vlan 10 ip-address 192.168.228.6 mac-address 0000-0c07-ac0a

  • x
  • convention:

Helpful (5) Favorite(0) Share Report
Mark.hu
Created Nov 13, 2018 01:31:21 Helpful(0) Helpful(0)

In a local area network, when a host or other network device has data to send to another host or device, it must know the logical address (ie, IP address) of the other party. However, only logical addresses are not enough, because IP data messages must be encapsulated into frames to be sent over the physical network. Therefore, the transmitting station must also have the physical address of the receiving station, so a mapping from logical address to physical address is required. The Address Resolution Protocol ARP is used to map an IP address to an Ethernet MAC address (or physical address).
  • x
  • convention:
Torrent
Created Nov 13, 2018 01:53:43 Helpful(0) Helpful(0)

once any fault terminal,please disconnect(plug-out cable) and connect again, then that command can beeffective and issue can be solved.
thanks for sharing us such a good example, I learned a lot.NAC ARP detect fail-2799803-1
  • x
  • convention:
Skay
Created Nov 27, 2018 07:32:55 Helpful(0) Helpful(0)

thanks for your sharing .

i want to know protocol car value how to adjust ? i mean the value how to discern ?for example , arp-request threshold 1000 , this value whether effect the really arp-request packets ? if the arp-request discard by device , i think customer services will be impact .

Thanks a lot .
  • x
  • convention:
littlestone
Created Nov 27, 2018 13:37:26 Helpful(0) Helpful(0)

At any time, when a host or router has a datagram to send to another host or router, it must have the logical (IP) address of the receiving station. But IP datagrams must be encapsulated in frames to pass through physical networks. This means that the sending station must have the physical address of the receiving station. Therefore, a mapping from logical address to physical address is needed.
As we mentioned earlier, both static and dynamic mappings can do this. The association between logical address and physical address can be stored in a table statically, and the sending station can find the physical address corresponding to the logical address in the table, but as we discussed earlier, this is not a good solution. This table must be updated whenever the physical address changes. Frequently updating tables on all machines is a very cumbersome task.
But this mapping can be made dynamic, that is, the sending station can request the receiving station to announce its physical address when needed. ARP is designed for this purpose
  • x
  • convention:
Back to list

Comment

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

APP