S5700LI device lost packets

Issue Description

Customer find there are many packets lost on S5700LI device , if they replaced a new device in the same network , there is no packets loss.

Alarm Information

Customer services take effected , because packets lost , some voice service cannot be up.

Handling Process

【Problem Analysis】:checked diag information , there is no any abnormal information , so I let customer make traffic statistics .

Please make a traffic statistics .
Acl 3333
 Rule 5  permit icmp source PC_IP 0 destination Gateway_IP 0
 Rule 10 permit icmp source Gateway_IP 0 destination PC_IP 0
Traffic classifier icmp
 If-match acl 3333
Traffic behavior icmp
 Statistics enable
Traffic policy icmp
 C icmp b icmp
Interface eth-trunk 0 ----connect to gateway
 Traffic-policy icmp inbound
 Traffic-policy icmp outbound
Interface gx/x/x   -----------connect to test PC
Traffic-policy icmp inbound
Traffic-policy icmp outbound
Then ping form PC to Gateway number 1000 ICMP packets . after finish ping feedback below information .
Display traffic policy statistics interface eth-trunk 0 inbound v r
Display traffic policy statistics interface eth-trunk 0 outbound v r
Display traffic policy statistics interface gx/x/x inbound v r
Display traffic policy statistics interface gx/x/x outbound v r

Customer feedback if the client ping 10000 packets , will lost 78 packets , but when checked the traffic statistics , connected to client interface only received 9922 packets .
So we need to prove the physical interface can receive all packets . we arrange customer make capture via wireshark .
S5720LI
Until now , physical interface received 164 packets , but the traffic only statistics 162 packets, so I think there are two packets lost on device.
After checked the configuration and aaa offline reason again , we found the client will be re-authentication again , so at that time packets will be lost.
fd456406745d816a45cae554c788e754 50

Root Cause

Customer configured authentication on the interface , so device will generated arp detect every five minutes , and device no L3 ip address , so the device will send all zero source address to client . but client don’t reply all zero source address arp detect , device cannot receive arp reply packets , so the online user will be offline and re-authentication again.

Solution

We have two solutions.
1. shutdown the arp detect function , use command undo authentication handshake .
2. We can configure the arp detect packet source IP address . access-user arp-detect vlan 110 ip-address 172.16.110.x mac-address e89a-8f6d-966a