问

MSR36-40 PAT故障

2018-05-18提问

0关注
1收藏，1654浏览

zhiliao_TObWO

zhiliao_TObWO 零段

粉丝：0人关注：0人

问题描述：

两台36-40（版本H3C Comware Software, Version 7.1.064, Release 0605P25）做了ifr。内网机子通过PAT ping对方的服务器（10.87.0.72），部分能通，部分不能通。专线互联地址为10.100.152.254（本端），10.100.152.1（对端）

PAT配置：

# acl advanced 3003

rule 0 permit ip destination 10.87.0.72 0

#nat address-group 2

address 10.100.152.254 10.100.152.254

# interface Route-Aggregation4.152

ip address 10.100.152.254 255.255.255.0

nat outbound 3003 address-group 2

vlan-type dot1q vid 152

debug信息：

Advanced IPv4 ACL 3005, 2 rules,

ACL's step is 5

rule 0 permit ip destination 10.87.0.72 0 (4 times matched)

rule 5 permit ip source 10.87.0.72 0 (6 times matched)

下面是不通的debug信息

<MSR3640>debugging ip packet acl 3005

<MSR3640>*May 18 09:53:05:868 2018 MSR3640 IPFW/7/IPFW_PACKET: -Slot=2; Receiving, interface = Route-Aggregation1.771 version = 4, headlen = 20, tos = 0 pktlen = 60, pktid = 24605, offset = 0, ttl = 128, protocol = 1 checksum = 47722, s = 10.100.11.55, d = 10.87.0.72 channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0. prompt: Receiving IP packet from interface Route-Aggregation1.771. Payload: ICMP type = 8, code = 0, checksum = 0x4d2a.

*May 18 09:53:05:868 2018 MSR3640 IPFW/7/IPFW_PACKET: -Slot=2; Sending, interface = Route-Aggregation4.152 version = 4, headlen = 20, tos = 0 pktlen = 60, pktid = 24605, offset = 0, ttl = 127, protocol = 1 checksum = 11683, s = 10.100.152.254, d = 10.87.0.72 channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0. prompt: Sending IP packet received from interface Route-Aggregation1.771 at interface Route-Aggregation4.152. Payload: ICMP type = 8, code = 0, checksum = 0x4d25.

*May 18 09:53:05:760 2018 MSR3640 IPFW/7/IPFW_PACKET: Receiving, interface = Route-Aggregation4.152 version = 4, headlen = 20, tos = 0 pktlen = 60, pktid = 31366, offset = 0, ttl = 249, protocol = 1 checksum = 22841, s = 10.87.0.72, d = 10.100.152.254 channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0. prompt: Receiving IP packet from interface Route-Aggregation4.152. Payload: ICMP type = 0, code = 0, checksum = 0x5525.

*May 18 09:53:05:760 2018 MSR3640 IPFW/7/IPFW_PACKET: Delivering, interface = Route-Aggregation4.152 version = 4, headlen = 20, tos = 0 pktlen = 60, pktid = 31366, offset = 0, ttl = 249, protocol = 1 checksum = 22841, s = 10.87.0.72, d = 10.100.152.254 channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0. prompt: Forwarding IP packet to upper layer. Payload: ICMP type = 0, code = 0, checksum = 0x5525.

下面是通的debug信息：

<MSR3640>*May 18 09:56:31:513 2018 MSR3640 IPFW/7/IPFW_PACKET: Receiving, interface = Route-Aggregation2 version = 4, headlen = 20, tos = 0 pktlen = 84, pktid = 0, offset = 0, ttl = 61, protocol = 1 checksum = 7334, s = 10.100.12.1, d = 10.87.0.72 channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0. prompt: Receiving IP packet from interface Route-Aggregation2. Payload: ICMP type = 8, code = 0, checksum = 0xb9ed.

*May 18 09:56:31:513 2018 MSR3640 IPFW/7/IPFW_PACKET: Sending, interface = Route-Aggregation4.152 version = 4, headlen = 20, tos = 0 pktlen = 84, pktid = 0, offset = 0, ttl = 60, protocol = 1 checksum = 37032, s = 10.100.152.254, d = 10.87.0.72 channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0. prompt: Sending IP packet received from interface Route-Aggregation2 at interface Route-Aggregation4.152. Payload: ICMP type = 8, code = 0, checksum = 0xff65.

*May 18 09:56:31:519 2018 MSR3640 IPFW/7/IPFW_PACKET: Receiving, interface = Route-Aggregation4.152 version = 4, headlen = 20, tos = 0 pktlen = 84, pktid = 50943, offset = 0, ttl = 249, protocol = 1 checksum = 3240, s = 10.87.0.72, d = 10.100.152.254 channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0. prompt: Receiving IP packet from interface Route-Aggregation4.152. Payload: ICMP type = 0, code = 0, checksum = 0x0766.

*May 18 09:56:31:519 2018 MSR3640 IPFW/7/IPFW_PACKET: Sending, interface = Route-Aggregation2 version = 4, headlen = 20, tos = 0 pktlen = 84, pktid = 50943, offset = 0, ttl = 248, protocol = 1 checksum = 39589, s = 10.87.0.72, d = 10.100.12.1 channelID = 0, vpn-InstanceIn = 0, vpn-InstanceOut = 0. prompt: Sending IP packet received from interface Route-Aggregation4.152 at interface Route-Aggregation2. Payload: ICMP type = 0, code = 0, checksum = 0xc1ed.

希望哪位网友能帮下，谢谢！