Hello everyone,
Today, I will show you how to handle the problem that two or three packets are discarded every minute after 802.1X authentication succeeds.
Issue Description
There are 2-3 packets dropped every 1 minute after 802.1X authentication successfully.
If no 802.1X authentication, there is no packet dropped.
Authentication point is on access switch and the gateway is on core switch as below:
Handling Process
1. Check the configuration, it is fine.
2. Check the authentication state and logs, it is fine.
3. Disable 802.1X on S5700, there is no any packet dropped.
Solution
The device sends an ARP probe packet to check the user's online status. If the user does not respond the device sends an ARP probe packet to check the user online status. If the user does not respond within a detection period, the device considers that the user is offline.
If the VLAN to which the user belongs does not have a VLANIF interface or the VLANIF interface does not have an IP address, the device sends an offline detection packet using 255.255.255.255 as the source IP address. If a user cannot respond to an ARP probe packet with the source IP address 255.255.255.255, you can specify a source IP address for the offline detection packet. You are advised to specify the user gateway IP address and its corresponding MAC address as the source IP address and source MAC address of offline detection packets.
Configure ARP detection:
[huawei]access-user arp-detect default ip-address 0.0.0.0
For more details , please refer below: http://support.huawei.com/hedex/pages/EDOC1000135317AEG0221R/04/EDOC1000135317AEG0221R/04/resources/dc/access-user_arp-detect_p.html?ft=0&fe=10&hib=14.1.14.4.6&id=access-user_arp-detect_u&text=access-user arp-detect&docid=EDOC1000135317
That is all I want to share with you! Thank you!