AR2200 (V2R5)出現大(dà)量arp 沖突的告警
2015/3/3 17:17:55點擊:
問題描述
AR2200 (V2R5)出現大(dà)量arp 沖突的告警 導緻部分業務不能正常上(shàng)網
告警信息
告警信息
告警如下:
查看trapbuffer,發現有(yǒu)ARP沖突
#Dec 9 2014 10:09:34+00:00 253_HW_AR2240 ARP/4/ARP_IPCONFLICT_TRAP:OID 1.3.6.1.4.1.2011.5.25.123.2.6 ARP detects IP conflict. (IP address=190.131.3.131, Local interface=GigabitEthernet0/0/1, Local MAC=0017-59de-b688, Local vlan=0, Local CE vlan=0, Receive interface=GigabitEthernet0/0/1, Receive MAC=78a1-067c-7dc1, Receive vlan=0, Receive CE vlan=0, IP conflict type=Remote IP conflict).
#Dec 9 2014 10:01:44+00:00 253_HW_AR2240 ARP/4/ARP_IPCONFLICT_TRAP:OID 1.3.6.1.4.1.2011.5.25.123.2.6 ARP detects IP conflict. (IP address=190.131.3.130, Local interface=GigabitEthernet0/0/1, Local MAC=0017-59de-b688, Local vlan=0, Local CE vlan=0, Receive interface=GigabitEthernet0/0/1, Receive MAC=78a1-067c-7dbb, Receive vlan=0, Receive CE vlan=0, IP conflict type=Remote IP conflict).
#Dec 9 2014 09:49:28+00:00 253_HW_AR2240 ARP/4/ARP_IPCONFLICT_TRAP:OID 1.3.6.1.4.1.2011.5.25.123.2.6 ARP detects IP conflict. (IP address=190.131.3.131, Local interface=GigabitEthernet0/0/1, Local MAC=0017-59de-b688, Local vlan=0, Local CE vlan=0, Receive interface=GigabitEthernet0/0/1, Receive MAC=78a1-067c-7dc1, Receive vlan=0, Receive CE vlan=0, IP conflict type=Remote IP conflict).
查看trapbuffer,發現有(yǒu)ARP沖突
#Dec 9 2014 10:09:34+00:00 253_HW_AR2240 ARP/4/ARP_IPCONFLICT_TRAP:OID 1.3.6.1.4.1.2011.5.25.123.2.6 ARP detects IP conflict. (IP address=190.131.3.131, Local interface=GigabitEthernet0/0/1, Local MAC=0017-59de-b688, Local vlan=0, Local CE vlan=0, Receive interface=GigabitEthernet0/0/1, Receive MAC=78a1-067c-7dc1, Receive vlan=0, Receive CE vlan=0, IP conflict type=Remote IP conflict).
#Dec 9 2014 10:01:44+00:00 253_HW_AR2240 ARP/4/ARP_IPCONFLICT_TRAP:OID 1.3.6.1.4.1.2011.5.25.123.2.6 ARP detects IP conflict. (IP address=190.131.3.130, Local interface=GigabitEthernet0/0/1, Local MAC=0017-59de-b688, Local vlan=0, Local CE vlan=0, Receive interface=GigabitEthernet0/0/1, Receive MAC=78a1-067c-7dbb, Receive vlan=0, Receive CE vlan=0, IP conflict type=Remote IP conflict).
#Dec 9 2014 09:49:28+00:00 253_HW_AR2240 ARP/4/ARP_IPCONFLICT_TRAP:OID 1.3.6.1.4.1.2011.5.25.123.2.6 ARP detects IP conflict. (IP address=190.131.3.131, Local interface=GigabitEthernet0/0/1, Local MAC=0017-59de-b688, Local vlan=0, Local CE vlan=0, Receive interface=GigabitEthernet0/0/1, Receive MAC=78a1-067c-7dc1, Receive vlan=0, Receive CE vlan=0, IP conflict type=Remote IP conflict).
處理(lǐ)過程
此告警原因 ARP檢測到以太網絡中存在IP地址沖突。
可(kě)能原因
原因1:ARP報文中的源IP地址與本設備的接口IP地址相同,但(dàn)是MAC地址不相同。
原因2:ARP報文中的源IP地址和(hé)本設備上(shàng)已經存在的ARP表項的IP地址相同,但(dàn)是源MAC地址和(hé)對應的ARP表項的MAC地址不相同。
<253_HW_AR2240>
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
192.168.111.253 200b-c723-8910 I - GE0/0/0
192.168.111.254 0019-c600-18ed 18 D-0 GE0/0/0
192.168.111.239 0014-5edc-d306 14 D-0 GE0/0/0
190.131.1.253 200b-c723-8911 I - GE0/0/1
190.131.1.78 5c63-bfd1-7231 20 D-0 GE0/0/1
190.131.1.132 8c21-0a37-ca3d 20 D-0 GE0/0/1
190.131.1.11 78a1-067c-7dc7 9 D-0 GE0/0/1
190.131.1.103 001a-6468-72d9 16 D-0 GE0/0/1
190.131.1.10 78a1-067d-3d4f 9 D-0 GE0/0/1
190.131.1.217 eca8-6b64-e390 20 D-0 GE0/0/1
190.131.1.107 0014-5e7a-75b4 20 D-0 GE0/0/1
190.131.3.121 0017-59de-b688 2 D-0 GE0/0/1
190.131.1.112 cc34-2999-9bbf 17 D-0 GE0/0/1
190.131.3.120 7427-eae4-275b 20 D-0 GE0/0/1
190.131.1.109 0014-5e19-a483 13 D-0 GE0/0/1
190.131.1.199 d815-0d38-3d3d 3 D-0 GE0/0/1
190.131.1.101 0014-5e7a-7574 19 D-0 GE0/0/1
190.131.1.206 0022-3fa5-b237 4 D-0 GE0/0/1
190.131.3.6 0017-59de-b688 18 D-0 GE0/0/1
通(tōng)過display arp 可(kě)以看出 0017-59de-b688這個(gè)mac對應的多(duō)個(gè)ip,問題應該就是出在這個(gè)mac上(shàng)
但(dàn)是反饋這個(gè)mac并不是下面設備的mac,下面挂的都是傻瓜交換機,也無法查看
因此不能找到此mac的設備情況下,我們想到了另外一個(gè)辦法,禁止此mac
可(kě)能原因
原因1:ARP報文中的源IP地址與本設備的接口IP地址相同,但(dàn)是MAC地址不相同。
原因2:ARP報文中的源IP地址和(hé)本設備上(shàng)已經存在的ARP表項的IP地址相同,但(dàn)是源MAC地址和(hé)對應的ARP表項的MAC地址不相同。
<253_HW_AR2240>
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
192.168.111.253 200b-c723-8910 I - GE0/0/0
192.168.111.254 0019-c600-18ed 18 D-0 GE0/0/0
192.168.111.239 0014-5edc-d306 14 D-0 GE0/0/0
190.131.1.253 200b-c723-8911 I - GE0/0/1
190.131.1.78 5c63-bfd1-7231 20 D-0 GE0/0/1
190.131.1.132 8c21-0a37-ca3d 20 D-0 GE0/0/1
190.131.1.11 78a1-067c-7dc7 9 D-0 GE0/0/1
190.131.1.103 001a-6468-72d9 16 D-0 GE0/0/1
190.131.1.10 78a1-067d-3d4f 9 D-0 GE0/0/1
190.131.1.217 eca8-6b64-e390 20 D-0 GE0/0/1
190.131.1.107 0014-5e7a-75b4 20 D-0 GE0/0/1
190.131.3.121 0017-59de-b688 2 D-0 GE0/0/1
190.131.1.112 cc34-2999-9bbf 17 D-0 GE0/0/1
190.131.3.120 7427-eae4-275b 20 D-0 GE0/0/1
190.131.1.109 0014-5e19-a483 13 D-0 GE0/0/1
190.131.1.199 d815-0d38-3d3d 3 D-0 GE0/0/1
190.131.1.101 0014-5e7a-7574 19 D-0 GE0/0/1
190.131.1.206 0022-3fa5-b237 4 D-0 GE0/0/1
190.131.3.6 0017-59de-b688 18 D-0 GE0/0/1
通(tōng)過display arp 可(kě)以看出 0017-59de-b688這個(gè)mac對應的多(duō)個(gè)ip,問題應該就是出在這個(gè)mac上(shàng)
但(dàn)是反饋這個(gè)mac并不是下面設備的mac,下面挂的都是傻瓜交換機,也無法查看
因此不能找到此mac的設備情況下,我們想到了另外一個(gè)辦法,禁止此mac
解決方案
[Huawei]acl number 4444
[Huawei-acl-L2-4444]rule 5 deny l2-protocol arp
source-mac 0017-59de-b688
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]traffic-filter
inbound acl 4000
通(tōng)過把這個(gè)問題mac 過濾後,網絡恢複正常
[Huawei-acl-L2-4444]rule 5 deny l2-protocol arp
source-mac 0017-59de-b688
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]traffic-filter
inbound acl 4000
通(tōng)過把這個(gè)問題mac 過濾後,網絡恢複正常
建議與總結
如果我們無法找到內(nèi)網中出現問題的設備,我們可(kě)以通(tōng)過上(shàng)面的方法将其禁止
- 上(shàng)一篇:AR2200 V200R005 如何修改等價默認路由負載分擔 2015/3/3
- 下一篇:AR3260,nat server配置報地址沖突錯誤 2015/3/3