Procedure
Step 1 Run the display cpu-usage command on the AR2200-S to check the CPU usage of the board.
In the command output, ARP indicates the ARP packet processing task.
Step 2 Run the display arp command to view the learned ARP entries.
If the MAC address in an ARP entry is in Incomplete state, the AR2200-S fails to learn the ARP
entry.
<Huawei> display arp
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN
---------------------------------------------------------------------
10.10.10.12 0018-82d2-0e08 I - Vlanif10
10.10.10.13 Incomplete 0 D-0 Vlanif20
3004/-
10.10.10.14 Incomplete 0 D-0 Eth2/0/0
3004/-
20.20.20.33 000c-76bd-43d6 I - Eth2/0/00
20.20.20.55 0013-7227-842f 17 D-0 Eth2/0/0
... 3003/-
Generally, the possible causes are: the AR2200-S fails to send ARP requests, the ARP requests
are discarded during transmission, or no ARP reply is received. If the CPU usage of the ARP
task is high, the AR2200-S fails to send ARP requests and generates ARP Miss messages. Go
to step 3.
Step 3 Capture packets on the user-side interface and check the source addresses of IP packets.
Step 4 Run the display arp anti-attack configuration arpmiss-speed-limit command to view the
configuration of ARP Miss suppression.
l If a source IP address is specified in the ARP Miss suppression command, the AR2200-S
checks whether the specified IP address is the source address of the received IP packets. If
so, the AR2200-S limits the rate of ARP Miss messages based on the rate limit configured
in this command. If not, the AR2200-S limits the rate of the ARP Miss messages based on
the limit set in the command without a source IP address specified.
l By default, ARP Miss suppression is enabled, and the maximum rate of ARP Miss messages
is limited to 5 pps. When the rate of ARP Miss messages triggered by packets from the
specified IP address exceeds the limit, the AR2200-S discards the packets sent from the IP
address. You can change the rate limit for ARP Miss messages by running the arp-miss
speed-limit source-ip command in the system view.
Step 5 Run the display arp anti-attack configuration arpmiss-rate-limit command on the AR2200-
S to view the configuration of ARP Miss suppression.
l If a large number of ARP Miss packets are triggered on an interface, in a VLAN, or on the
entire device within a certain period, the AR2200-S is busy broadcasting ARP request packets
and its performance deteriorates. After ARP Miss suppression is configured, the AR2200-
S counts ARP Miss packets generated within a specified period and discards excess ARP
Miss packets.
l By default, the maximum rate of ARP Miss packets is 100 packets per second. To change
the rate limit of ARP Miss packets, run the arp-miss anti-attack rate-limit command in the
system view, VLAN view, or interface view.
Step 6 If the fault persists, collect the following information and contact Huawei technical support
personnel:
Huawei AR2200-S Series Enterprise Routers
Troubleshooting 10 Security
Issue 01 (2012-01-06) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
293
To Next Page
Loading...
