[IAG] After switching devices, intranet users cannot access the Internet due to delays in MAC learning by the operator
Problem Description
In IAG routing mode deployment, after replacing the old IAG with a new one, intranet users cannot access the Internet, but the IAG configuration is the same;
Process——
-
Through packet capture and troubleshooting of a new IAG device, it is found that when the IAG's WAN port forwards data, the source MAC is the IAG's WAN port MAC, but the destination MAC of the carrier's reply data packet is not the IAG's WAN port MAC, so the IAG will not forward the data; as shown in the figure: the IAG's WAN port MAC is 00-e0-70-28-ea-c7, but when the peer public network returns the packet to the IAG, the destination MAC is 28-51-32-02-76-f6;
462285d5fcf2bb0f57.png (79.71 KB)
617965d5fcf966f738.png (77.09 KB) -
Log in to the old device and find that the WAN port MAC of the old device is 28-51-32-02-76-f6;
Root cause
After switching devices, the MAC learned by the operator is not updated in time.
solution
After waiting for a while, when the operator has learned the MAC of the new IAG device, the network will return to normal; if the network still does not recover after waiting for a long time, you can call the operator and ask them to refresh the MAC cache.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=7103&isOpen=true