25
−
The IP source guard feature creates ACLs automatically.
Execute the
display this
command in Ethernet interface view to verify that the
ip
source binding
or
ip verify source
command is configured on the port. To display
source guard binding entries, execute the
display ip source binding
or
display ipv6
source binding
command. If the
ip source binding
command or
ip verify source
command is configured but the packets match no entry, further troubleshoot the problem
based on the way the binding entries are created.
−
The portal authentication creates ACLs automatically.
If a user does not pass portal authentication, packets are discarded.
Execute the
display portal interface
command to display portal configuration on a
VLAN interface. Determine whether to disable portal authentication as required. To
disable portal authentication, execute the
undo portal enable
command in VLAN
interface view.
−
The EAD assistant feature creates ACLs automatically.
The EAD assistant feature discards packets for a user who fails authentication when the
user accesses an IP address not in the free IP segment.
Execute the
display dot1x
command to verify that the EAD assistant feature is enabled.
If the EAD assistant feature is enabled, identify whether the user fails the authentication
and accesses an IP address not in the free IP segment.
−
MFF creates ACLs automatically.
Execute the
display mac-forced-forwarding vlan
command to display MFF
information for a VLAN. If no gateway information is displayed, verify that the ARP
snooping or DHCP snooping is configured correctly based on the MFF mode.
3.
Verify that the port is not blocked:
{
Execute the
display stp brief
command to verify that STP does not set the state of the port
to
discarding
. When the port is in
discarding
state, it cannot forward traffic. As a best
practice, disable STP on the port, or configure the port as an edge port if the port is
connected to a terminal device.
{
If the port belongs to an aggregation group, execute the
display link-aggregation verbose
command to identify the port status. When the port is an Unselected port, it cannot forward
traffic. Locate the reasons why the port is in Unselected state. For example, the attribute
configurations of the port are different from the configurations of the reference port.
{
If the port belongs to a smart link group, execute the
display smart-link group
command to
verify the port status. The port cannot forward packets if its state is standby or down. If the
port is standby, configure the port as a primary port. If the port is down, verify the causes and
resolve the problem as required. A port might go down if the uplink device is configured with
the monitor link function, the port is shut down, or the link fails.
4.
Examine the following configurations that might cause packet loss:
{
VLAN configuration
—Execute the
display this
command in Ethernet interface view to
verify that the port is in the VLAN of the packets. If it is not, add the port to the VLAN.
{
Blackhole MAC address entries
—Execute the
display mac-address blackhole
command to display blackhole MAC address entries. If the packets are discarded because
they match a blackhole MAC address entry, delete the entry. To delete the blackhole MAC
address entry, execute the
undo mac-address blackhole mac
-
address
vlan
vlan
-
id
command.
{
Rate limit
—Execute the
display qos lr interface
command to display the rate limit
configuration on the port. If rate limit is configured on the port, make sure the committed
information rate (CIR) and the committed burst size (CBS) are appropriate. To adjust the
CIR and CBS values, execute the
qos lr
{
inbound
|
outbound
}
cir
committed-information-rate
[
cbs
committed-burst-size
] command.
{
Storm suppression
—Execute the
display this
command in Ethernet interface view to
display the configuration of storm suppression. Storm suppression includes broadcast