首页 科技问答 ss22S,防火墙+AC的报错信息

ss22S,防火墙+AC的报错信息

科技问答 235
1676095917,

问题描述:

H3C WA2620-AGN + netscren ssg204防火墙

情况是这样的

1.四个wa2620刷成了胖AP,然后上面做了基本的二层配置,发射SSId供终端连接,在默认vlan1接口上配置了管理地址

2.防火墙上开的dhcp,做策略,让经过AP的终端上网,


现在网络正常,但是防火墙的日志上,一直显示,如下错误信息


Date / Time Level Description

[zqst]display interface Vlan-interface 1

Vlan-interface1 current state: UP

Line protocol current state: UP

Description: Vlan-interface1 Interface

The Maximum Transmit Unit is 1500

Internet Address is 192.168.41.2/24 Primary

IP Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 3c8c-404a-f960

IPv6 Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 3c8c-404a-f960

 Last clearing of counters:  Never


看字面意思是,有ARP 请求 过程中发现了ip地址冲突,想了几天,不知道这个报错是不是误报,因为网络一直是通的,192.168.41.1是防火墙的接口地址,是终端电脑的网关。


组网及组网描述:

网络结构如下:

防火墙----交换机---ap1(2,3,4)  ---无线终端


AP的配置方法如下

<zqst>system-view

System View: return to User View with Ctrl+Z.

[zqst]dis

[zqst]display int

[zqst]display interface vl

[zqst]display interface Vlan-interface 1

Vlan-interface1 current state: UP

Line protocol current state: UP

Description: Vlan-interface1 Interface

The Maximum Transmit Unit is 1500

Internet Address is 192.168.41.2/24 Primary

IP Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 3c8c-404a-f960

IPv6 Packet Frame Type: PKTFMT_ETHNT_2,  Hardware Address: 3c8c-404a-f960

 Last clearing of counters:  Never


[zqst]dis

[zqst]display cu

[zqst]display current-configuration

#

 version 5.20, Release 1308P11

#

 sysname zqst

#

 domain default enable system

#

 telnet server enable

#

 port-security enable

#

 password-recovery enable

#

vlan 1

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

user-group system

 group-attribute allow-guest

#

local-user admin

 password cipher $c$3$6tSpAMAe2g2eYEx7+4oOmeYQlR2bO6u1cJH9qY0=

 authorization-attribute level 3

 service-type telnet

 service-type web

#

wlan rrm

 dot11a mandatory-rate 6 12 24

 dot11a supported-rate 9 18 36 48 54

 dot11b mandatory-rate 1 2

 dot11b supported-rate 5.5 11

 dot11g mandatory-rate 1 2 5.5 11

 dot11g supported-rate 6 9 12 18 24 36 48 54

#

wlan service-template 3 crypto

 ssid mei_nei05

 authentication-method shared-key

 cipher-suite wep40

 wep default-key 1 wep40 pass-phrase cipher $c$3$b0YYEL72Pupy63Z77W6WO+cSeOms2fDs

 service-template enable

#

cwmp

 undo cwmp enable

#

interface NULL0

#

interface Vlan-interface1

 ip address 192.168.41.2 255.255.255.0

#

interface GigabitEthernet1/0/1

#

interface WLAN-BSS10

 port link-type hybrid

 port hybrid vlan 1 untagged

#

interface WLAN-BSS20

 port link-type hybrid

 port hybrid vlan 1 untagged

#

interface WLAN-BSS50

 port link-type hybrid

 port hybrid vlan 1 untagged

#

interface WLAN-BSS51

 port link-type hybrid

 port hybrid vlan 1 untagged

#

interface WLAN-Radio1/0/1

 service-template 3 interface wlan-bss 10

#

interface WLAN-Radio1/0/2

 service-template 3 interface wlan-bss 20

#

 arp-snooping enable

#

 load xml-configuration

#

 load tr069-configuration

#

user-interface con 0

user-interface vty 0 4

 authentication-mode scheme

#

return

[zqst]


最佳答案

可以将网络缩小一点,看看到底有没有地址重复,没有的话估计就是防火墙的误报

因为192.168.41.1是网关,关键是这个报错信息 都是在基本上没人用的时候报的,白天上班时间段,都没有这 个报错信息,

zhiliao_ss22S 发表时间:

ip冲突,是不是192.168.41.1这个端地址重复了。

192.168.41.1是网关,他这个报错都是在非上班时间出现的,我观察了下,上班的时候,有人连无线,基本上是没有报错信息的,我另外还有一台电脑一直挂在这个网络里, 用的是有线,游戏一直没断,按说,应该网络一直是通的。

zhiliao_ss22S 发表时间:

这个和AP的 arp-snooping有关吗。我看报错信息 间隔时间 14-15分钟一次, 白天报的少,晚上无人用的时候,报的多,

   

,防火墙+AC的报错信息

ARP