I. Description
The Release 31XX series support AM user-bind function, which may allow the administrator bind the port, IP address and MAC address together. However, when we use the AM function, the hosts connecting to the relevant port cannot learn the ARP of gateway. Therefore, they can not access the network.
II. Analysis
This issue is caused by two ACL that is configured by the system after AM function is used. The first ACL is to deny all the packets passing through the port. The other ACL is to permit certain packets to pass through. However, the ARP packet is not permitted. Therefore, the hosts connected to the port cannot get the ARP of the gateway.
III. Resolution
To resolve the issue, we may add one more ACL to permit ARP packets passing through the port.
[7506]display acl config 4001
Link ACL 4001, 1 rule,
rule 0 permit arp ingress any egress any
After define the ACL rule, apply it in the relevant port.
[7506]dis cu int g6/0/1
#
interface GigabitEthernet6/0/1
am user-bind ip-addr 1.1.1.1 mac-addr 0000-0000-0001
qos
packet-filter inbound user-group 4001 rule 0 system-index 3
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作