H3C S5150-EI Series Troubleshooting Manual page 29

T511.xe1
T1023.xe1
T1518.xe1
TPOK.xe1
TPKT.xe1
TUCA.xe1
TBCA.xe1
TBYT.xe1
PERQ_PKT(7).xe1
PERQ_BYTE(7).xe1
DROP_PKT_ING(0).xe1 :
2. Verify that packets are not mistakenly filtered out by ACLs:
a. Examine the ACL and QoS policy configurations for packet filtering on the port, on the VLAN
of the port, or globally. If packets are mistakenly filtered out, modify the ACL or QoS policy
configuration.
− To display the ACL configuration on the port for packet filtering, execute the display
packet-filter command.
− To display the QoS policy configuration on the port, execute the display qos policy
command.
− To display the QoS policy configuration on the VLAN of the port, execute the display
qos vlan-policy command.
− To display the global QoS policy configuration, execute the display qos policy global
command.
b. Verify that packets are not filtered out by automatically created ACLs.
− The IP source guard feature creates ACLs automatically.
Execute the display this command in Ethernet interface view to verify that the ip
source guard command is configured on the port. To display source guard binding
entries, execute the display ip source binding or display ipv6 source binding
command. If the ip source binding command or ip verify source command is
configured but the packets match no entry, further troubleshoot the problem based on
the way the binding entries are created.
− The portal authentication creates ACLs automatically.
If a user does not pass portal authentication, packets are discarded.
Execute the display portal interface command to display portal configuration on a
VLAN interface or Layer 2 Ethernet interface. Determine whether to disable portal
authentication as required. To disable portal authentication on a Layer 2 Ethernet
interface, execute the undo portal command in Layer 2 Ethernet interface view. To
disable portal authentication on a VLAN interface, execute the undo portal server
server-name command in VLAN interface view.
− The EAD assistant feature creates ACLs automatically.
The EAD assistant feature discards packets for a user that fails authentication when the
user accesses an IP address not in the free IP segment.
Execute the display dot1x command to verify that the EAD assistant feature is enabled.
If the EAD assistant feature is enabled, identify whether the user fails the authentication
and accesses an IP address not in the free IP segment.
− MFF creates ACLs automatically.
Execute the display mac-forced-forwarding vlan command to display MFF
information for a VLAN. If no gateway information is displayed, verify that the ARP
snooping or DHCP snooping is configured correctly based on the MFF mode.
3. Verify that the port is not blocked:
:
:
:
: 8,512
: 8,512
: 8,510
:
: 628,832
: 8,512
: 628,832
445,869
26
41 +41
16 +16
13 +13
+8,512
+8,512
+8,510
2
+628,832
+8,512
+628,832
+445,869
+2
43/s