Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Windows Client dont respo...

Windows Client dont respond ARP probe packet Highlighted

Latest reply: Oct 30, 2020 13:50:13 3740 14 11 0 0
View the author 1#

Problem Description

After login 802.1x authentication, PC lost connection several minutes later.

【Device Version

S5720 V200R008C00SPC500

Windows 7

 Root Cause

The device send an ARP probe packet to check the user online status. If the user does not respond within a detection period, the device consider that the user is offline.

If the Service VLAN on the switch does not have a VLANIF interface or the VLANIF interface does not have an IP address, the device will send an offline detection packet 255.255.255.255 as the source IP address. If a user cannot respond the ARP probe packet with the source IP address 255.255.255.255, you can run the access-user arp-detect default ip-address command to specify a default source IP address for the offline detection packet. When window 7 or windows 10, the PC cannot respond to an ARP probe packet with the source IP address 255.255.255.255, it must change it to 0.0.0.0.

 Solution

 Check the issue user offline reason. It display “ARP detect fail”.

Display offline-record mac xxxx-xxxx-xxxx

User name : xxxx

Domain name : radius

User MAC:xxxx-xxxx-xxxx

User access type :802.1x

User access interface :GigabitEthernet 0/0/4

Qinq vlan/User vlan:0/100

User IP address :1.1.1.1

User ID :219

User offline reason : ARP detect fail

 

Configure “access-user arp-detect default ip-address 0.0.0.0”on S5700.

Access-user arp-detect default ip-address 0.0.0.0

 

 

Like (11) Dislike (0) Favorite(0) Share Report
Previous: DHCP Option
Next: Interoperation Between Huawei Switches and Cisco ISE
(0) (0)
2#
Torrent
Created Oct 12, 2018 06:25:30

After login 802.1x authentication, PC lost connection several minutes later.we usually meet this issue in our daily work, I do not know how to deal with it before, this is what I am looking for.
I am very interested for this post, which is very helpful to our daily troubleshooting. I always have similar problems in my daily work, but I do not know how to deal with them. Now I have a clear idea. Thank you very much for your sharing. Hope you can update continue like this This post was last edited by Torrent at 2018-10-22 05:47.
View more
  • x
  • convention:
(0) (0)
3#
SupperRobin
Created Oct 12, 2018 07:33:43

The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses.
ARP entries include dynamic and static ARP entries according to the mode in which they are generated.
    Dynamic ARP entries: are automatically generated and maintained through ARP. Each dynamic ARP entry has a lifetime. Dynamic ARP entries can be updated or overwritten by static ARP entries.
    Static ARP entries: are configured manually to record mappings between IP addresses and MAC addresses. Mappings cannot be changed dynamically.


This post was last edited by SupperRobin at 2018-10-31 07:03.
View more
  • x
  • convention:
(0) (0)
4#
No.9527
Created Oct 15, 2018 00:55:21

You can configure ARP attack defense and static ARP entries on the ARP page. In addition, you can update, search, or delete static and dynamic ARP entries. Dynamic entries are automatically generated and can be cleared.

In ARP attack defense settings, you can enable or disable ARP anti-spoofing, strict ARP learning, and ARP packet rate limiting.

To defend against ARP address spoofing attacks, configure ARP anti-spoofing.

This post was last edited by No.9527 at 2018-10-31 07:00.
View more
  • x
  • convention:
(0) (0)
5#
Mark.hu
Created Oct 15, 2018 07:31:05

The firewall rejects the ARP reply packet. It is not clear how to debug on the system. If you want him to have a selective response, it should be done like a firewall. If you don't make it completely different, I guess it might be troublesome.
But in doing so, there are also many drawbacks, such as easy IP conflict, because there is no detection mechanism?
This post was last edited by Mark.hu at 2018-10-31 07:10.
View more
  • x
  • convention:
(0) (0)
6#
yjhd
Created Oct 15, 2018 07:31:39

if need to install U2000 client, whether useful? and what i need to occurre? This post was last edited by yjhd at 2018-10-31 09:15.
View more
  • x
  • convention:
(0) (0)
7#
GongXiaochuan
Created Oct 15, 2018 08:43:04

this will be happen on other windows system?

 

When window 7 or windows 10, the PC cannot respond to an ARP probe packet with the source IP address 255.255.255.255, it must change it to 0.0.0.0

This post was last edited by GongXiaochuan at 2018-10-30 04:45.
View more
  • x
  • convention:
(0) (0)
8#
lizhi94
Created Oct 16, 2018 03:59:54

It is you who let my heart rekindle the fire of hope. It is you who have revived my heart. You saved me a cool and cool heart!
Originally, I decided not to return any posts in the community, but after reading your post, I told myself that this post must be returned! This is a rare sticker that has been rare for a hundred years!
View more
  • x
  • convention:
(0) (0)
9#
No.9527
Created Oct 19, 2018 03:29:01

You can configure ARP attack defense and static ARP entries on the ARP page. In addition, you can update, search, or delete static and dynamic ARP entries. Dynamic entries are automatically generated and can be cleared.

In ARP attack defense settings, you can enable or disable ARP anti-spoofing, strict ARP learning, and ARP packet rate limiting.

To defend against ARP address spoofing attacks, configure ARP anti-spoofing.

This post was last edited by No.9527 at 2018-10-31 07:00.
View more
  • x
  • convention:
(0) (0)
10#
lizhi94
Created Oct 19, 2018 09:25:59

I have required a lot of knowledge,which encourages me to gohead for excellent level .
The post also is useful and practical to me and then take the knowledge of Network technology to us .
AT same time,this post offers a nice reference of the Windows Client dont respond ARP probe packet
This is a rare sticker that has been rare for a hundred years! Heaven has eyes, let me see such a wonderful post in the eugenic year.
Thank you very much for your sharing. Hope you can update continue like this
View more
  • x
  • convention:
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.