A WiMAX Client Can Obtain an IP Address from the S3700/S3300, But Cannot Ping the Gateway

, Issue Description

A WiMAX client is connected to an Huawei S3700/S3300. The client can obtain an IP address from the S3700/S3300, but cannot ping the gateway. After the S3700/S3300 is replaced with a Cisco device, the client can ping the gateway.

Figure 5-1 WiMAX client cannot ping the gateway

QQ图片20170317103432

Handling Process

Capture packets on the switch’s interface connected to the WiMAX client and on the WiMAX client. You can find that the ARP packet sent by the S3700/S3300 to request for the WiMAX client’s IP address is discarded by the WiMAX client.

Replace the S3700/S3300 with a Cisco device. The problem is resolved. Capture packets on the Cisco device. You can find that the ARP request packet is still discarded by the WiMAX client, but the Cisco device still learns the ARP entry of the client.

Check the configuration on the S3700/S3300. You can find that the arp learning strict function is enabled on the S3700/S3300 by default. With the strict ARP learning function enabled, the switch learns ARP entries from only the ARP reply packets sent in response to the ARP request packets sent by itself. Run the undo arp learning strict command in the system view to disable strict ARP learning. The ARP learning on the switch is normal.

Root Cause

As the arp learning strict function is enabled on the S3700/S3300 by default, the switch learns ARP entries from only the ARP reply packets sent in response to the ARP request packets sent by itself.

Solution

Run the undo arp learning strict command in the system view to disable strict ARP learning.

Suggestions

The strict ARP learning function can prevent most ARP attacks. However, when the switch is connected to WiMAX clients, you need to disable strict ARP learning on the switch, so that the switch can learn the ARP entries of WiMAX clients.

The most popular S3300/S3700 Series Switch:

S3328TP-EI-24S-AC

S3328TP-PWR-EI

S3700-28TP-SI-AC

S3700-28TP-EI-AC

Limitations of the Smooth Upgrade on Huawei OptiXOSN3500&7500

l   When using an extended subrack, an NE cannot be smoothly upgraded to V200R013C10.

l   After being upgraded to V200R013C10, an NE does not support an extended subrack.

l   NEs of the following source versions support a smooth upgrade: V100R003C02B030SP04, V100R003C02B032SP01, V100R003C02B032SP02, V100R003C02B061, V100R006C02B012, V100R006C02B012SP02, V100R006C02B012SP04, V100R006C02B014, V100R006C02SPC100, V100R007C01B01b, V100R007C02B017SP01, V100R008C02B01L, V100R008C02SPC200, V100R008C02SPC200SPH201, V100R008C02SPC200SPH202, V100R008C02SPC200SPH203, V100R008C02SPC300, V100R008C02SPC500, V100R008C02SPC500SPH503, V100R008C02SPH501, V100R009C02B01cSPC010, V100R009C04SPC011, V100R009C04SPC200+SPH202, V100R010C03SPC200+V100R010C03SPH206, V100R010C03SPC202, V100R010C03SPC203+V100R010C03SPH205/V100R010C03SPH207, V100R010C03SPC203SPH209, V100R010C03SPC208, and V100R010C03SPC208SPH211.

l   After being smoothly upgraded to V200R013C10, an NE does not support a single-domain cross-connect board SSN1GXCSA/SSN1GXCSB, SSN1EXCSA/SSN1EXCSB, SSN1UXCSA/SSN1UXCSB, SSN1SXCSB, SSN2SXCSA/SSN2SXCSB, or SSN1IXCSA/SSN1IXCSB.

l   An NE using the SSN1GSCC, SSN3GSCC, SSN2GSCC, SSN1GSCC-B2, or SSN3GSCC-B2 board cannot be smoothly upgraded to V200R013C10. The NE can be smoothly upgraded only after the SSN4GSCC or SSN6GSCC (recommended) board substitutes for the SSN1GSCC, SSN3GSCC, SSN2GSCC, SSN1GSCC-B2, or SSN3GSCC-B2 board.

l   When using the SSN1IXCSA or SST1IXCSA board, an NE cannot be smoothly upgraded to V200R013C10.

l   When using the SSN1IDQ1A or SSN1IDL4A board, an NE of V100R009C04SPC200 cannot be smoothly upgraded to V200R013C10. The NE can be smoothly upgraded only after the SSN1IDQ1A or SSN1IDL4A board is removed.

l   When using the SSN1EFP0 board, an NE of V100R010C03SPC200, V100R010C03SPC202 or V100R010C03SPC203 cannot be smoothly upgraded to V200R013C10. The NE can be smoothly upgraded only after the SSN1EFP0 board is removed.

l   SSN4GSCC supports the smooth upgrade to V200R013C10 only when its PCB version is VER.D and it has no CF card. (If the PCB version of SSN4GSCC is VER.D and the board has a CF card, remove the CF card for the smooth upgrade to V200R013C10.)

l   SSN2SLQ16 does not support the smooth upgrade to V200R013C10 when it functions as SSN1SLQ16.

l   The OptiX OSN 3500 does not support the smooth upgrade to V200R013C10 when there is service board in slot 17.

l   When being configured with packet services, an NE of a V100R009C03 or V100R009C05 version cannot be smoothly upgraded to V200R013C10.

l   For a V200R013C10 NE, the packet protocols run on the SCC board and need to be backed up. To ensure reliability of the packet protocols, dual SCC boards need to be configured.

l   When using the SSN4SL16A or SSN3SL64 board, an NE of V100R008C02, V100R009C02, V100R009C04, or V100R010C03 cannot be smoothly upgraded to V200R013C10. If the NE needs to be upgraded to V200R013C10, delete the SSN4SL16A or SSN3SL64 board first.

l   An MSTP NE enabled with ASON features cannot be smoothly upgraded to V200R013C10. Before upgrading such an NE, migrate ASON services on the NE to traditional static services. After the NE is upgraded to V200R013C10, migrate the traditional static services to ASON services.

l   After an NE is upgraded to V200R013C10, the NE does not support the 1+1 linear MSP lower order broadcast optimization function or lower order optimization function. Therefore, you need to manually disable the 1+1 linear MSP lower order broadcast optimization function and lower order optimization function before upgrading the NE.

l   To upgrade an NE from V100R008C02SPC200SPH203, V100R008C02SPC200SPH202 or V100R008C02SPC200SPH201 to V200R013C10, downgrade the NE to V100R008C02SPC200 and then upgrade the NE from V100R008C02SPC200 to V200R013C10.

l   An NE cannot be smoothly upgraded to V200R013C10 if it houses SSN1IFSD1, SSN1SLH1B boards.

l   If an NE houses SSN1GSCC boards on which DCCs work in mode 4, 5, or 6, the NE cannot be smoothly upgraded to V200R013C10. Before upgrading such an NE, change DCCs to work in mode 1.

l   If a V100R009C04 NE provides troubleshooting functions for its SSN1EFT8A, SSN2PQ1, or SSR1PL1 boards, the NE cannot be smoothly upgraded to V200R013C10.

l   If an NE uses the function that service-related alarms and performance events triggered by tributary protection switching (TPS) or MSP switching are always reported by working paths, the NE cannot be smoothly upgraded to V200R013C10.

l   If an NE provides board protection switching (BPS) for electrical ports on SSN1EGS4, SSN2EGS4A, SSN3EGS4, or SSN4EGS4 boards, the NE cannot be smoothly upgraded to V200R013C10.

l   An NE cannot be smoothly upgraded to V200R013C10 if it houses SSN1EFT8A boards and the following new features are enabled:

−       Discards frames with less than 64 bytes.

−       Transparently transmits port-side and VCTRUNK-side frames with check sequence (FCS) errors.

l   An NE on which VLAN filtering tables have been configured cannot be smoothly upgraded to V200R013C10.

In the case of a live network, check its configurations and features by using the inspection tool (V200R003C00SPC003 or a later version) and then determine whether a smooth upgrade can be performed.

How to solve network problem caused by default vlan case

Issue Description

The network is that three AccessPoint devices connect to switch in ports GE0/0/18, GE0/0/19 and GE1/0/19, and configure different VLANs, then connect these devices to firewall who will send through his own DHCP server IP address to APs. But when the customer connects a computer in any VLAN1 ports membership, the device receives an IP from DHCP server and this shouldn’t happen.

Network topology:

QQ图片20170315105628

Alarm Information

None

Handling Process

Check the customer’s switch configuration, I find that all the interfaces which customer used have been configured as hybrid type and allow the VLANs which he wants, as following:

interface GigabitEthernet0/0/20
port link-type hybrid
port hybrid tagged vlan 22 to 24 52 to 54
port hybrid untagged vlan 21

interface GigabitEthernet1/0/20
port link-type hybrid
port hybrid tagged vlan 22 to 24 52 to 54
port hybrid untagged vlan 21
As the above configuration, these interfaces still allow the VLAN 1, because vlan 1 is the default vlan for all of interfaces, if you want to the interface doesn’t allow VLAN 1, you should delete it from vlan 1. The commands like below:

interface GigabitEthernet0/0/20
port link-type hybrid
undo port hybrid vlan 1    //Need to add this command under interface
port hybrid tagged vlan 22 to 24 52 to 54
port hybrid untagged vlan 21

interface GigabitEthernet1/0/20
port link-type hybrid
undo port hybrid vlan 1
port hybrid tagged vlan 22 to 24 52 to 54
port hybrid untagged vlan 21

After do the above change, the problem is resolved.

Root Cause

According to the following problem information,Seems like there are some wrong configuration on the swicth devices.

Suggestions

For the switch network, please pay attention to the default VLAN 1. For all interfaces, because it is default VALN, and there is no command under the interface, sometimes, it is possible to forget it.

More related:

Different VLAN with the same IP address segment communicate through the layer three switches

Realize communication between VLAN through layer 3 switches.

Contact information:

Telephone: 852-30623083
Email: Sales@Thunder-link.com
Supports@Thunder-link.com
Website: http://www.thunder-link.com

 

Which VLAN Assignment Methods Do S Series Switches Support

Issue Description

Which VLAN Assignment Methods Do S Series Switches Support?

Solution

Table 1 lists the VLAN assignment methods supported by different switch models of different versions.

Table 1 VLAN assignment methods

QQ图片20170314172509

The most popular Huawei switch:

Huawei S2300 Switch

Huawei S2700 Switch

Huawei S3300 Switch

Huawei S5700 Switch

new OSN 3500 doesn’t show all its boards

A new Huawei OSN 3500 equipment just created, generated after the upload operation the NE error: Invalid parameters error code: 38722; and some boards didn’t appear or turned grey (picture).

The troubleshooting developed was:

1. Run in Navigator the commands :)ver, :hbu-get-backup-info, :cfg-get-nestate, :alm-get –curdata)

2. Try to create the NE with only one SCC board.

3. Downgrade the NE to a pure SDH version.

There was two troubles, first the NE had two SCC boards that didn’t synchronize because each one had a different ID, and the second issue was a mistake made by the person that upgrade the element on site; he put on the equipment the version V2R11C00SPH303 which is a version for Huawei MSTP equipments, and the customer network only managed SDH elements.

The solution was remove one SCC board, and after that the configured the ID belong to the board that was outside of the equipment in the board that kept inside. The next step was insert again the SCC board and wait until those boards turned synchronized. Once the Navigator command :hbu-get-backup-info, showed the result: “Backup-Info : 0x00000003”; I proceed to ask the partner on site to downgrade the NE from the firmware V2R11C00SPH303 to V100R010C03SPH211.

Finally when the NE get the target version V100R010C03SPH211, all the boards belong to the equipment appeared in the layout, and began to work properly.

The key to create on the NM a new NE without problems is; to demand a good commissioning on site with a complete report whenbuy Huawei OSN 3500.

Abnormal Traffic Generated on MPUs of the USG9100 firewall

Issue Description

An MPU of the USG9100 has two LAN interfaces: LAN0 and LAN1. The two interfaces are in initial state. They are not modified or configured and have no link connected. Currently, LAN0 is in normal state, and LAN1 is not connected to a network cable but has data traffic generated sometimes.

Alarm Information

Current configuration of LAN1:
interface GigabitEthernet1/0/0
undo shutdown
interface GigabitEthernet1/0/1
undo shutdown
Brief status of LAN1:
<USG9110-B>dis interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(b): BFD down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface Physical Protocol InUti OutUti inErrors outErrors
Eth-Trunk1 up up 0.01% 0.01% 0 0
GigabitEthernet3/1/5 up up 0.01% 0.01% 0 0
GigabitEthernet3/1/6 up up 0% 0% 0 0
GigabitEthernet1/0/0 down down 0% 0% 0 0
GigabitEthernet1/0/1 down down 22% 11% 1 0
GigabitEthernet3/1/0 up up 0.01% 0.01% 0 0
Detailed status of LAN1:
USG9110-B>dis interface GigabitEthernet 1/0/1
GigabitEthernet1/0/1 current state : DOWN
Line protocol current state : DOWN
Description : Huawei Symantec, USG9100 Series, GigabitEthernet1/0/1 Interface
Route Port
The Maximum Transmit Unit is 1500 bytes
Internet protocol processing : disabled
IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0022-a105-e6bc
Media type is twisted pair, loopback not set, promiscuous mode not set
1000M-speed mode, full-duplex mode, link type is auto negotiation
Output flow-control is unsupported, input flow-control is unsupported
300 seconds input rate 28643275 bytes/sec, 38 packets/sec
300 seconds output rate 14322314 bytes/sec, 21 packets/sec
Input: 37790886 total, 37790885 good, 10080668008 total bytes
15 broadcasts(0%), 0 multicasts(0%)
0 Drops.
0 Runt error, 0 Oversize error, 0 CRC error
0 Length error, 0 Code error, 0 Jabber error
Output:20614667 packets total, 5658349540 total bytes
0 Drops.
0 collision error, 0 late col.error
0 ex col error, 0 FCS error
0 abort error, 0 runt error
0 over size error

Handling Process

Contact Huawei experts for analysis. It is know that the USG9100 of SPC700 has solved this fault. LAN1 on the MPU is used for testing during the production and cannot function as a service interface. The rate of LAN1 is not zero, which does not affect services. Some traffic is generated during the test, which does not affect services. You can solve this problem by upgrading the USG9100 version to SPC700.

Root Cause

Run the following command:
<USG>reset counters GigabitEthernet 1/0/1
Then observe the interface status. After a short period of time, check the interface status. Data traffic is still generated.
This is probably related to the processing mechanism of the USG9100, which is a software fault.

The most popular switch:

Huawei S2700

Huawei S3700

Huawei S5700

Contact information:

Telephone:852-30623083

Email: Sales@thunder-link.com

Suports@thunder-link.com

 

Voice Service Network Application

The Huawei MA5600T/MA5603T supports the voice service network application. The MA5600T/
MA5603T can function as an AG (Access Gateway) in the softswitch network to provide the
voice service and transmit the voice service to the IMS network. In addition, the MA5600T/
MA5603T supports the TDM SHDSL access, which is applicable to reconstruction of the
traditional voice network.

Service Description
In addition to the diversified and flexible broadband service network applications, the
MA5600T/MA5603T can also function as an AG in the softswitch network:
l Supports H.248, providing the VoIP service by working with the softswitch

Service Description
In addition to the diversified and flexible broadband service network applications, the
MA5600T/MA5603T can also function as an AG in the softswitch network:
l Supports H.248, providing the VoIP service by working with the softswitchThe MA5600T/MA5603T can also function as a voice over IP gateway (VGW) component in
the IMS architecture. In the downstream direction, it provides the access for voice users or R2
users; in the upstream direction, it is connected to the IMS system, providing the VoIP service
by working with the IMS core.
The MA5600T/MA5603T supports the TDM SHDSL access and provides service access
through the V.35 and E1 ports, thereby implementing reconstruction of the traditional voice
network. Compared with the V.35 cable and E1 cable, the SHDSL cable features longer
transmission distance.
l E1 distance extension: Convert the ISDN PRI PBX to work the IP upstream transmission
mode, connected to the softswitch.
l V.35 distance extension: Connect the N*64K private line to the digital data network (DDN)
through the SDH network.

Voice service Network Application (Softswitch Network)
Figure 5-8 shows the voice service network application when the MA5600T/MA5603T
functions as an AG in the softswitch network.

QQ图片20170307143416

In the softswitch network, the MA5600T/MA5603T is controlled by the softswitch. On the one
hand, the MA5600T/MA5603T implements the communication between VoIP users in the
softswitch network. On the other hand, under the control of the softswitch, the traffic stream
(also called media stream) implements the interconnection with the PLMN/PSTN users through
the MG. In this manner, the call processing of the voice user is implemented.
l The upstream signaling stream is connected to the softswitch network through the
softswitch, and the traffic stream (also called media stream) is interconnected to the PLMN/
PSTN network through the MG.
l In the downstream direction, the user terminals such as voice terminal, fax, and narrowband
modem are supported.
l When H.248 or SIP is used as the control protocol, the MA5600T/MA5603T supports the
ISDN BRA access and PRA access.

Voice service Network Application (IMS Network)
Figure 5-9 shows the voice service network application when the MA5600T/MA5603T works
in the IMS network.

1

Under the control of the CSCF device in the IMS, on the one hand, the MA5600T/MA5603T
implements the communication between IMS voice users. On the other hand, the MA5600T/
MA5603T implements the interconnection with the PLMN/PSTN users through the MGCF/MG.
In this manner, the call processing of the voice user is implemented.
l The upstream signaling stream is connected to the IMS core through the P-CSCF device,
and the traffic stream (also called media stream) is interconnected to the PLMN/PSTN
network through the MG.
l In the downstream direction, the user terminals such as voice terminal, fax, and narrowband
modem are supported.

Reconstruction of Traditional Voice Network (TDM SHDSL Access)
Figure 5-10 shows the application of the MA5600T/MA5603T for reconstruction of the
traditional voice network through TDM SHDSL access.

2

E1 distance extension: On the user side, the TDM SHDSL modem is connected to the PBX
through the E1 (ISDN PRI) port, then the modem is connected to the MA5600T/MA5603T
through TDM SHDSL access, and finally the IP network transmits the signaling stream and the
MG communicates with other voice devices through the voice traffic stream.
V.35 distance extension: On the user side, the TDM SHDSL modem is connected to the user
device through the V.35 (N*64K private line) port, then the modem is connected to the
MA5600T/MA5603T through TDM SHDSL access, and finally the MA5600T/MA5603T is
connected to the DDN network through the SDH network to implement the N*64K DDN private
line access.