OLT Fails to Ping the IP Addresses of Its Users Because Anti-IP Attack Is Enabled on the Terminals
Issue Description
The MA5683T cannot ping the IP addresses of users connected to the ONU.
Handling Process
1. Check the ARP entries on MA5683T. The ARP entries of users can be learned.
2. There is a redundant service virtual port on the ONU. After the service virtual port is deleted, the fault persists.
3. Check whether the data configurations (such as GEM, GEM port, and VLAN) are correct.
4. The user IP addresses can be pinged from the switch.
5. Check the status of the device security functions. The anti-IP attack function is enabled.
6. After the anti-IP attack function is disabled, the fault is rectified.
2. There is a redundant service virtual port on the ONU. After the service virtual port is deleted, the fault persists.
3. Check whether the data configurations (such as GEM, GEM port, and VLAN) are correct.
4. The user IP addresses can be pinged from the switch.
5. Check the status of the device security functions. The anti-IP attack function is enabled.
6. After the anti-IP attack function is disabled, the fault is rectified.
Root Cause
After the anti-IP attack function is enabled, the device discards the IP packets sent from the user side. As a result, the MA5683T cannot ping the IP addresses of users connected to the ONU.
Solution
Disable the anti-IP attack function. The problem is solved after the security anti-ipattack disable command is executed.
Suggestions
Using the security anti-ipattack enable/disable command, you can enable or disable the anti-IP attack function. To prevent malicious users from attack the device by forging IP packets with the destination IP address as the device IP address,
use security anti-ipattack enable to enable the anti-IP attack function of the device. After the anti-IP attack function is enabled, the device discards the IP packets sent from the user side.
If the network which the device runs in is trustworthy, you can run security anti-ipattack disable to disable the anti-IP attack function. By default, the anti IP attack function is disabled.
use security anti-ipattack enable to enable the anti-IP attack function of the device. After the anti-IP attack function is enabled, the device discards the IP packets sent from the user side.
If the network which the device runs in is trustworthy, you can run security anti-ipattack disable to disable the anti-IP attack function. By default, the anti IP attack function is disabled.