Windows Client dont respond ARP probe packet Highlighted

Latest reply: Oct 31, 2018 09:25:12 1028 13 11 0

Problem Description

After login 802.1x authentication, PC lost connection several minutes later.

【Device Version

S5720 V200R008C00SPC500

Windows 7

 Root Cause

The device send an ARP probe packet to check the user online status. If the user does not respond within a detection period, the device consider that the user is offline.

If the Service VLAN on the switch does not have a VLANIF interface or the VLANIF interface does not have an IP address, the device will send an offline detection packet 255.255.255.255 as the source IP address. If a user cannot respond the ARP probe packet with the source IP address 255.255.255.255, you can run the access-user arp-detect default ip-address command to specify a default source IP address for the offline detection packet. When window 7 or windows 10, the PC cannot respond to an ARP probe packet with the source IP address 255.255.255.255, it must change it to 0.0.0.0.

 Solution

 Check the issue user offline reason. It display “ARP detect fail”.

Display offline-record mac xxxx-xxxx-xxxx

User name : xxxx

Domain name : radius

User MAC:xxxx-xxxx-xxxx

User access type :802.1x

User access interface :GigabitEthernet 0/0/4

Qinq vlan/User vlan:0/100

User IP address :1.1.1.1

User ID :219

User offline reason : ARP detect fail

 

Configure “access-user arp-detect default ip-address 0.0.0.0”on S5700.

Access-user arp-detect default ip-address 0.0.0.0

 

 

  • x
  • convention:

Created Oct 12, 2018 14:25:30 Helpful(0) Helpful(0)

After login 802.1x authentication, PC lost connection several minutes later.we usually meet this issue in our daily work, I do not know how to deal with it before, this is what I am looking for.
I am very interested for this post, which is very helpful to our daily troubleshooting. I always have similar problems in my daily work, but I do not know how to deal with them. Now I have a clear idea. Thank you very much for your sharing. Hope you can update continue like this This post was last edited by Torrent at 2018-10-22 13:47.
  • x
  • convention:

Created Oct 12, 2018 15:33:43 Helpful(0) Helpful(0)

The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses.
ARP entries include dynamic and static ARP entries according to the mode in which they are generated.
    Dynamic ARP entries: are automatically generated and maintained through ARP. Each dynamic ARP entry has a lifetime. Dynamic ARP entries can be updated or overwritten by static ARP entries.
    Static ARP entries: are configured manually to record mappings between IP addresses and MAC addresses. Mappings cannot be changed dynamically.


This post was last edited by SupperRobin at 2018-10-31 15:03.
  • x
  • convention:

Created Oct 15, 2018 08:55:21 Helpful(0) Helpful(0)

You can configure ARP attack defense and static ARP entries on the ARP page. In addition, you can update, search, or delete static and dynamic ARP entries. Dynamic entries are automatically generated and can be cleared.

In ARP attack defense settings, you can enable or disable ARP anti-spoofing, strict ARP learning, and ARP packet rate limiting.

To defend against ARP address spoofing attacks, configure ARP anti-spoofing.

This post was last edited by No.9527 at 2018-10-31 15:00.
  • x
  • convention:

Created Oct 15, 2018 15:31:05 Helpful(0) Helpful(0)

The firewall rejects the ARP reply packet. It is not clear how to debug on the system. If you want him to have a selective response, it should be done like a firewall. If you don't make it completely different, I guess it might be troublesome.
But in doing so, there are also many drawbacks, such as easy IP conflict, because there is no detection mechanism?
This post was last edited by Mark.hu at 2018-10-31 15:10.
  • x
  • convention:

Created Oct 15, 2018 15:31:39 Helpful(0) Helpful(0)

if need to install U2000 client, whether useful? and what i need to occurre? This post was last edited by yjhd at 2018-10-31 17:15.
  • x
  • convention:

Created Oct 15, 2018 16:43:04 Helpful(0) Helpful(0)

this will be happen on other windows system?

 

When window 7 or windows 10, the PC cannot respond to an ARP probe packet with the source IP address 255.255.255.255, it must change it to 0.0.0.0

This post was last edited by GongXiaochuan at 2018-10-30 12:45.
  • x
  • convention:

Good Good Study Day Day Up
Created Oct 16, 2018 11:59:54 Helpful(0) Helpful(0)

It is you who let my heart rekindle the fire of hope. It is you who have revived my heart. You saved me a cool and cool heart!
Originally, I decided not to return any posts in the community, but after reading your post, I told myself that this post must be returned! This is a rare sticker that has been rare for a hundred years!
  • x
  • convention:

Created Oct 19, 2018 11:29:01 Helpful(0) Helpful(0)

You can configure ARP attack defense and static ARP entries on the ARP page. In addition, you can update, search, or delete static and dynamic ARP entries. Dynamic entries are automatically generated and can be cleared.

In ARP attack defense settings, you can enable or disable ARP anti-spoofing, strict ARP learning, and ARP packet rate limiting.

To defend against ARP address spoofing attacks, configure ARP anti-spoofing.

This post was last edited by No.9527 at 2018-10-31 15:00.
  • x
  • convention:

Created Oct 19, 2018 17:25:59 Helpful(0) Helpful(0)

I have required a lot of knowledge,which encourages me to gohead for excellent level .
The post also is useful and practical to me and then take the knowledge of Network technology to us .
AT same time,this post offers a nice reference of the Windows Client dont respond ARP probe packet
This is a rare sticker that has been rare for a hundred years! Heaven has eyes, let me see such a wonderful post in the eugenic year.
Thank you very much for your sharing. Hope you can update continue like this
  • x
  • convention:

12
Back to list

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top