Problem Description
When 802.1x Authentication Is Configured on an S5700 Access Switch and a PC Passes 802.1x Authentication, There Is a Possibility that the PC Cannot Ping the Gateway of the Core Switch.
Handling Process
- According to the debug information, the access switch periodically sends ARP probe packets with the source IP address 255.255.255.255 to the terminal. Still, the terminal does not respond to the ARP probe packets with the source IP address 255.255.255.255. As a result, the access switch is waiting for the ARP probe response.
- If the access switch receives the ARP request packet from the terminal, the access switch responds to the ARP request packet. As a result, the terminal incorrectly updates the ARP entry of the gateway, causing temporary communication failure.
Root Cause
The terminal does not respond to the ARP request with the source IP address 255.255.255.255.
Solution
Using the command access-user arp-detect vlan vlan-id ip-address ip-address mac-address mac-address Configure the source IP address and source MAC address of offline detection packets sent by users in a specified VLAN.
The source IP address and source MAC address are the IP address and MAC address of the user gateway. Change the detection source address to an all-0 address.
Comments are closed