f100-c-g2 设置俩VLAN上网 一个能上一个不能上
- 0关注
- 1收藏,971浏览
问题描述:
f100-c-g2 设置VLAN1可以上外网 可是设置VLAN2上不去 因为什么 内网还通 能拼通运行商给的外网IP 却ping不通广域网IP
组网及组网描述:
- 2020-12-01提问
- 举报
-
(0)
您好,请知:
关于一个VLAN能上一个VLAN不能上网,以下是排查要点,请参考:
1、检查VLAN是否已正确划分到了端口。
2、检查物理端口和VLAN是否已加入了安全域并放通了安全策略或域间策略。
3、检查路由是否已发布或指向到位。
4、检查NAT的策略中是否有将VLAN2加入进来参与了地址转换。
5、更多的排查还需要查看配置和现场的组网情况。
- 2020-12-01回答
- 评论(1)
- 举报
-
(1)
看下配置才能知道
- 2020-12-01回答
- 评论(3)
- 举报
-
(1)
我明天把配置信息发给你 帮我看下
<H3C>dis cu # version 7.1.064, Release 9510P06 # sysname H3C # clock timezone beijing add 08:00:00 clock protocol ntp context 1 # context Admin id 1 # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # security-zone intra-zone default permit # ip pool l2vpn 192.168.199.10 192.168.199.254 # dhcp enable # dns server 180.76.76.76 # password-recovery enable # vlan 1 # vlan 2 to 3 # dhcp server ip-pool 待发区卡口 gateway-list 192.168.100.1 network 192.168.100.0 mask 255.255.255.0 dns-list 202.99.224.8 # dhcp server ip-pool 监控链路 gateway-list 188.188.188.1 network 188.188.188.0 mask 255.255.255.0 # interface Virtual-Template1 ppp authentication-mode chap pap remote address pool l2vpn ip address 192.168.199.1 255.255.255.0 # interface NULL0 # interface Vlan-interface1 ip address 192.168.100.1 255.255.255.0 # interface Vlan-interface2 ip address 188.188.188.1 255.255.255.0 # interface Vlan-interface3 ip address 192.168.2.254 255.255.255.0 # interface GigabitEthernet1/0/0 port link-mode route combo enable copper ip address 192.168.0.1 255.255.255.0 undo dhcp select server # interface GigabitEthernet1/0/1 port link-mode route combo enable copper ip address 124.67.72.126 255.255.255.240 nat outbound 2000 nat server protocol tcp global 124.67.72.126 54489 inside 192.168.100.10 3389 nat server protocol tcp global current-interface 1234 inside 192.168.100.12 1234 nat server protocol tcp global current-interface 4321 inside 192.168.100.10 4321 nat server protocol tcp global current-interface 5835 inside 192.168.100.12 3306 nat server protocol tcp global current-interface 8008 inside 192.168.100.10 8008 nat server protocol tcp global current-interface 8088 inside 192.168.100.10 8088 nat server protocol tcp global current-interface 9876 inside 192.168.100.10 9876 nat server protocol tcp global current-interface 10018 inside 192.168.100.12 10018 nat server protocol tcp global current-interface 27017 inside 192.168.100.12 27017 nat server protocol tcp global current-interface 30022 inside 192.168.100.12 22 nat server protocol tcp global current-interface 61618 inside 192.168.100.10 61618 # interface GigabitEthernet1/0/2 port link-mode bridge port access vlan 2 # interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 2 # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 2 # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/6 port link-mode bridge # interface GigabitEthernet1/0/7 port link-mode bridge # interface GigabitEthernet1/0/8 port link-mode bridge # interface GigabitEthernet1/0/9 port link-mode bridge # interface GigabitEthernet1/0/10 port link-mode bridge # interface GigabitEthernet1/0/11 port link-mode bridge # object-policy ip Local-Trust rule 0 pass # object-policy ip Local-Untrust rule 0 pass # object-policy ip Trust-Local rule 0 pass # object-policy ip Trust-Untrust rule 0 pass # object-policy ip Untrust-Local rule 0 pass # object-policy ip Untrust-Trust rule 0 pass # security-zone name Local # security-zone name Trust import interface Virtual-Template1 import interface Vlan-interface1 import interface Vlan-interface2 import interface Vlan-interface3 import interface GigabitEthernet1/0/2 vlan 2 import interface GigabitEthernet1/0/3 vlan 2 import interface GigabitEthernet1/0/4 vlan 2 import interface GigabitEthernet1/0/5 vlan 3 import interface GigabitEthernet1/0/6 vlan 1 import interface GigabitEthernet1/0/7 vlan 1 import interface GigabitEthernet1/0/8 vlan 1 import interface GigabitEthernet1/0/9 vlan 1 import interface GigabitEthernet1/0/10 vlan 1 import interface GigabitEthernet1/0/11 vlan 1 # security-zone name DMZ # security-zone name Untrust import interface GigabitEthernet1/0/1 attack-defense apply policy scan # security-zone name Management import interface GigabitEthernet1/0/0 # zone-pair security source Local destination Trust object-policy apply ip Local-Trust # zone-pair security source Local destination Untrust object-policy apply ip Local-Untrust # zone-pair security source Trust destination Local object-policy apply ip Trust-Local # zone-pair security source Trust destination Untrust object-policy apply ip Trust-Untrust # zone-pair security source Untrust destination Local object-policy apply ip Untrust-Local # zone-pair security source Untrust destination Trust object-policy apply ip Untrust-Trust # scheduler logfile size 16 # line class aux user-role network-operator # line class console user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line con 0 authentication-mode scheme user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-admin # ip route-static 0.0.0.0 0 GigabitEthernet1/0/1 124.67.72.113 # ssh server enable # ntp-service enable ntp-service unicast-server ***.*** # acl basic 2000 rule 5 deny source 192.168.100.104 0 rule 1000 permit source 192.168.100.0 0.0.0.255 rule 1001 permit source 192.168.199.0 0.0.0.255 # domain system # aaa session-limit ftp 16 aaa session-limit telnet 16 aaa session-limit ssh 16 domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$eut0u0+F6yAriJzY$IQuqxNBJrhFF3p+W5fhnlLmAwmfjlzAIXHeGp0rvIZ3x8ehBFRlkLXK81kX7dkxqz7ywUkCXD0swDG4NPYlcrg== service-type ssh telnet terminal http https authorization-attribute user-role level-3 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # local-user test class network password cipher $c$3$nbJBYe6rhF6a3f3bSHnWaT7mkUIGzsMFA3D/VA== service-type ppp authorization-attribute user-role network-operator # l2tp-group 1 mode lns allow l2tp virtual-template 1 undo tunnel authentication tunnel name lns # l2tp enable # ip http enable ip https enable # client-verify tcp protected ip 124.67.72.126 # attack-defense policy scan scan detect level high action drop logging syn-ack-flood action client-verify http-flood detect ip 124.67.72.126 signature detect fragment action drop logging signature detect impossible action drop logging signature detect teardrop action drop logging signature detect tiny-fragment action drop logging signature detect ip-option-abnormal action drop logging signature detect smurf action drop logging signature detect traceroute action drop logging signature detect ping-of-death action drop logging signature detect large-icmp action drop logging signature detect large-icmpv6 action drop logging signature detect tcp-invalid-flags action drop logging signature detect tcp-null-flag action drop logging signature detect tcp-all-flags action drop logging signature detect tcp-syn-fin action drop logging signature detect tcp-fin-only action drop logging signature detect land action drop logging signature detect winnuke action drop logging signature detect udp-bomb action drop logging signature detect snork action drop logging signature detect fraggle action drop logging # inspect block-source parameter-profile ips_block_default_parameter # inspect block-source parameter-profile url_block_default_parameter # return
能加QQ吗
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
好的 谢谢