[IAG] Bypass mode deployment, no online users – protocol encapsulation

PostedJune 20, 2024

UpdatedJune 20, 2024

Byadmin

Problem Description

In bypass deployment, there is no online user and the traffic is unidirectional at first. However, after adjustment, there are still 0 online users.

212195b532e237206e.png (15.08 KB)

Process——

1: Use the interface packet capture tool to capture the data packet and analyze it, and find that the traffic is indeed bidirectional

31765b532f459b8b6.png (49.48 KB)
2: However, it is found that the data packet is divided into multiple layers of protocols, including Q-in-Q and PPPoE protocols

374765b532f7b9fc18.png (28.43 KB)
3: Enable protocol stripping in Network Configuration-Network Protocol Extension, check the corresponding protocol option, and test whether users can go online normally

561585b533075d1f32.png (34.97 KB)

915545b5330911cfae.png (98.32 KB)

Root cause

The data packet has protocol encapsulation, which causes the device to be unable to recognize the data normally

solution

On the device interface, turn on the protocol stripping solution

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6047&isOpen=true