ss22S,防火墙+AC的报错信息
问题描述:
H3C WA2620-AGN + netscren ssg204防火墙
情况是这样的
1.四个wa2620刷成了胖AP,然后上面做了基本的二层配置,发射SSId供终端连接,在默认vlan1接口上配置了管理地址
2.防火墙上开的dhcp,做策略,让经过AP的终端上网,
现在网络正常,但是防火墙的日志上,一直显示,如下错误信息
Date / Time Level Description
[zqst]display interface Vlan-interface 1
Vlan-interface1 current state: UP
Line protocol current state: UP
Description: Vlan-interface1 Interface
The Maximum Transmit Unit is 1500
Internet Address is 192.168.41.2/24 Primary
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 3c8c-404a-f960
IPv6 Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 3c8c-404a-f960
Last clearing of counters: Never
看字面意思是,有ARP 请求 过程中发现了ip地址冲突,想了几天,不知道这个报错是不是误报,因为网络一直是通的,192.168.41.1是防火墙的接口地址,是终端电脑的网关。
组网及组网描述:
网络结构如下:
防火墙----交换机---ap1(2,3,4) ---无线终端
AP的配置方法如下
<zqst>system-view
System View: return to User View with Ctrl+Z.
[zqst]dis
[zqst]display int
[zqst]display interface vl
[zqst]display interface Vlan-interface 1
Vlan-interface1 current state: UP
Line protocol current state: UP
Description: Vlan-interface1 Interface
The Maximum Transmit Unit is 1500
Internet Address is 192.168.41.2/24 Primary
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 3c8c-404a-f960
IPv6 Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 3c8c-404a-f960
Last clearing of counters: Never
[zqst]dis
[zqst]display cu
[zqst]display current-configuration
#
version 5.20, Release 1308P11
#
sysname zqst
#
domain default enable system
#
telnet server enable
#
port-security enable
#
password-recovery enable
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$6tSpAMAe2g2eYEx7+4oOmeYQlR2bO6u1cJH9qY0=
authorization-attribute level 3
service-type telnet
service-type web
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 3 crypto
ssid mei_nei05
authentication-method shared-key
cipher-suite wep40
wep default-key 1 wep40 pass-phrase cipher $c$3$b0YYEL72Pupy63Z77W6WO+cSeOms2fDs
service-template enable
#
cwmp
undo cwmp enable
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.41.2 255.255.255.0
#
interface GigabitEthernet1/0/1
#
interface WLAN-BSS10
port link-type hybrid
port hybrid vlan 1 untagged
#
interface WLAN-BSS20
port link-type hybrid
port hybrid vlan 1 untagged
#
interface WLAN-BSS50
port link-type hybrid
port hybrid vlan 1 untagged
#
interface WLAN-BSS51
port link-type hybrid
port hybrid vlan 1 untagged
#
interface WLAN-Radio1/0/1
service-template 3 interface wlan-bss 10
#
interface WLAN-Radio1/0/2
service-template 3 interface wlan-bss 20
#
arp-snooping enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return
[zqst]
最佳答案
可以将网络缩小一点,看看到底有没有地址重复,没有的话估计就是防火墙的误报
因为192.168.41.1是网关,关键是这个报错信息 都是在基本上没人用的时候报的,白天上班时间段,都没有这 个报错信息,
zhiliao_ss22S 发表时间:ip冲突,是不是192.168.41.1这个端地址重复了。
192.168.41.1是网关,他这个报错都是在非上班时间出现的,我观察了下,上班的时候,有人连无线,基本上是没有报错信息的,我另外还有一台电脑一直挂在这个网络里, 用的是有线,游戏一直没断,按说,应该网络一直是通的。
zhiliao_ss22S 发表时间:这个和AP的 arp-snooping有关吗。我看报错信息 间隔时间 14-15分钟一次, 白天报的少,晚上无人用的时候,报的多,