问
h3c-s5500v3防火墙路由问题(无法走优先级为60的路由上网)
2023-05-18提问
- 0关注
- 0收藏,1021浏览
dongkingsoft
零段
问题描述:
- #
- version 7.1.070, ESS 1105P01
- #
- sysname H3C S5500V3-28PS-SI
- #
- clock timezone Beijing add 08:00:00
- clock protocol ntp
- #
- telnet server enable
- #
- irf mac-address persistent timer
- irf auto-update enable
- undo irf link-delay
- irf member 1 priority 1
- #
- track 1 nqa entry admin test reaction 1
- #
- dhcp enable
- dhcp server forbidden-ip 192.168.13.2 192.168.13.100
- #
- lldp global enable
- #
- password-recovery enable
- #
- vlan 1
- #
- vlan 10
- #
- vlan 12
- description VLAN12-AnFangLan
- #
- vlan 13
- description VLAN13-OpenWIFI
- #
- dhcp server ip-pool vlan13OpenWifi
- gateway-list 192.168.13.1
- network 192.168.13.0 mask 255.255.255.0
- dns-list 61.134.1.4 218.30.19.40
- forbidden-ip 192.168.13.101
- #
- policy-based-route OpenWifi-To-Interne permit node 13
- if-match acl 3013
- apply next-hop 10.10.0.252 direct
- #
- nqa entry admin test
- type icmp-echo
- destination ip 114.114.114.114
- frequency 100
- next-hop ip 10.10.0.251
- reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
- #
- nqa schedule admin test start-time now lifetime forever
- #
- interface NULL0
- #
- interface Vlan-interface10
- ip address 10.10.0.1 255.255.255.0
- undo dhcp select server
- #
- interface Vlan-interface12
- ip address 10.10.12.1 255.255.255.0
- undo dhcp select server
- #
- interface Vlan-interface13
- ip address 192.168.13.1 255.255.255.0
- packet-filter 3000 inbound
- ip policy-based-route OpenWifi-To-Interne
- #
- interface GigabitEthernet1/0/1
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/2
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/3
- port link-mode bridge
- port access vlan 10
- speed 1000
- duplex full
- #
- interface GigabitEthernet1/0/4
- port link-mode bridge
- port access vlan 10
- speed 1000
- duplex full
- #
- interface GigabitEthernet1/0/5
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/6
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/7
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/8
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/9
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/10
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/11
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/12
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/13
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/14
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/15
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/16
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/17
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/18
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/19
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/20
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/21
- port link-mode bridge
- port access vlan 13
- #
- interface GigabitEthernet1/0/22
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/23
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/24
- port link-mode bridge
- port access vlan 10
- #
- interface GigabitEthernet1/0/25
- port link-mode bridge
- port link-type trunk
- undo port trunk permit vlan 1
- port trunk permit vlan 10 12 to 13
- port trunk pvid vlan 10
- #
- interface GigabitEthernet1/0/26
- port link-mode bridge
- port link-type trunk
- port trunk permit vlan 1 to 2 8 11 to 13 99
- port trunk pvid vlan 11
- #
- interface Ten-GigabitEthernet1/0/27
- port link-mode bridge
- #
- interface Ten-GigabitEthernet1/0/28
- port link-mode bridge
- port link-type trunk
- port trunk permit vlan 1 to 2 8 10 99
- duplex full
- jumboframe enable 9216
- #
- scheduler logfile size 16
- #
- line class aux
- user-role network-admin
- #
- line class vty
- user-role network-operator
- #
- line aux 0
- user-role network-admin
- #
- line vty 0 4
- authentication-mode scheme
- user-role network-operator
- protocol inbound ssh
- #
- line vty 5 63
- user-role network-operator
- #
- ip route-static 0.0.0.0 0 10.10.0.251 track 1
- ip route-static 0.0.0.0 0 10.10.0.252 preference 80 description 备用链路ADSL出口
- #
- ssh server enable
- ssh server authentication-retries 5
- ssh user admin service-type stelnet authentication-type password
- #
- ntp-service enable
- #
- acl advanced 3000
- rule 0 permit ip source 192.168.13.0 0.0.0.255 destination 10.10.0.252 0
- rule 5 deny ip source 192.168.13.0 0.0.0.255 destination 10.10.0.0 0.0.0.255
- rule 6 deny ip source 192.168.13.0 0.0.0.255 destination 10.10.12.0 0.0.0.255
- rule 10 permit ip
- #
- acl advanced 3013
- description 开放WIFI互联网ADSL出口限制规则
- rule 0 permit ip source 192.168.13.0 0.0.0.255
- #
- radius scheme system
- user-name-format without-domain
- #
- domain system
- #
- domain default enable system
- #
- role name level-0
- description Predefined level-0 role
- #
- role name level-1
- description Predefined level-1 role
- #
- role name level-2
- description Predefined level-2 role
- #
- role name level-3
- description Predefined level-3 role
- #
- role name level-4
- description Predefined level-4 role
- #
- role name level-5
- description Predefined level-5 role
- #
- role name level-6
- description Predefined level-6 role
- #
- role name level-7
- description Predefined level-7 role
- #
- role name level-8
- description Predefined level-8 role
- #
- role name level-9
- description Predefined level-9 role
- #
- role name level-10
- description Predefined level-10 role
- #
- role name level-11
- description Predefined level-11 role
- #
- role name level-12
- description Predefined level-12 role
- #
- role name level-13
- description Predefined level-13 role
- #
- role name level-14
- description Predefined level-14 role
- #
- user-group system
- #
- local-user admin class manage
- password hash $h$6$Cqd2+7FTtC2kP/CU$6nAHxonSIRKCVd3Qv/Y5S4wmTroABwK5nv0FUPJST74BkOBDift3aNosCYj0uShMbrA5lLPLFrcQKWMimpsrAw==
- service-type telnet http https ssh
- authorization-attribute user-role level-4
- authorization-attribute user-role natewor-admin
- authorization-attribute user-role network-admin
- authorization-attribute user-role network-operator
- #
- ip http enable
- ip https enable
- #
- cloud-management server domain oasis.h3c.com
- #
- return
组网及组网描述:
s5500v3的IP地址为10.10.0.1;有两条出口线路,一条是光纤专线,IP地址为10.10.0.251,另一条为备用的ADSL链路,IP地址10.10.252。
之前一直使用正常,最近发现无法用优先选择的10.10.0.251上网了。帮我看看什么原因。
在5500v3上面ping10.10.0.251能ping通,ping其他设备也没问题,但下联的设备无法转发到10.10.0.251
- 2023-05-18提问
- 举报
-
(0)
最佳答案
已采纳
track1失效了吧,114禁ping了
- 2023-05-18回答
- 评论(2)
- 举报
-
(0)
哦
dongkingsoft
发表时间:2023-05-18
了解了,我这里换一个IP
dongkingsoft
发表时间:2023-05-18
测试终端是哪个网段ip?vlan 13吗?
- 2023-05-18回答
- 评论(1)
- 举报
-
(0)
vlan13应该是设置策略不允许访问专网链路;只能通过ADSL访问互联网
dongkingsoft
发表时间:2023-05-18
更多>>
vlan13应该是设置策略不允许访问专网链路;只能通过ADSL访问互联网
dongkingsoft
发表时间:2023-05-18
编辑答案
➤
✖
亲~登录后才可以操作哦!
确定
✖
✖
你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
✖
举报
×
侵犯我的权益
>
对根叔社区有害的内容
>
辱骂、歧视、挑衅等(不友善)
侵犯我的权益
×
侵犯了我企业的权益
>
抄袭了我的内容
>
诽谤我
>
辱骂、歧视、挑衅等(不友善)
骚扰我
侵犯了我企业的权益
×
您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。
抄袭了我的内容
×
原文链接或出处
诽谤我
×
您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。
对根叔社区有害的内容
×
垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载
>
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票
不规范转载
×
举报说明
了解了,我这里换一个IP