问

SecPath F100-S-G 不能连接internet

2018-05-21提问

0关注
1收藏，1113浏览

zhiliao_Cgc5P

zhiliao_Cgc5P 零段

粉丝：0人关注：0人

问题描述：

PC连接到G0/0-3口可获取IP地址，ping通G0/4，但是无法连接internet，请高人指点，是否NAT设置有问题。谢谢。下附配置文件，

# undo voice vlan mac-address 00e0-bb00-0000

# nat address-group 11 122.204.206.170 122.204.206.170

# domain default enable system

# port-security enable

# session synchronization enable

# password-recovery enable

# acl number 2018 rule 0 permit source 192.168.0.0 0.0.7.255 rule 5 permit source 172.16.16.0 0.0.3.255

# vlan 1 # vlan 2

# domain system access-limit disable state active idle-cut disable self-service-url disable

# pki domain default crl check disable

dhcp server ip-pool bangong

network 192.168.0.0 mask 255.255.248.0

gateway-list 192.168.0.1 dns-list 202.101.172.35

expired unlimited

# dhcp server ip-pool wifi network 172.16.16.0 mask 255.255.252.0 gateway-list 172.16.16.1 dns-list 202.101.172.35 expired unlimited

# user-group system group-attribute allow-guest

# local-user admin password cipher $c$3$7+J7tiz5VyWIjj+hTa4XH1NAmiw1KFaF authorization-attribute level 3 service-type telnet service-type web local-user super password cipher $c$3$S+wP58mkgRkatsXu/wgq17QmJ5X0S88FDexl authorization-attribute level 3 service-type web # cwmp undo cwmp enable

# interface NULL0

# interface Vlan-interface1 ip address 192.168.0.1 255.255.248.0

# interface Vlan-interface2 ip address 172.16.16.1 255.255.252.0

# interface GigabitEthernet0/4 port link-mode route nat outbound 2018 address-group 11 ip address 122.204.206.170 255.255.255.252 undo dhcp select server global-pool # interface GigabitEthernet0/0 port link-mode bridge

# interface GigabitEthernet0/1 port link-mode bridge # interface GigabitEthernet0/2 port link-mode bridge

# interface GigabitEthernet0/3 port link-mode bridge port access vlan 2

vd Root id 1

# zone name Management id 0

priority 100

import interface Vlan-interface1

import interface Vlan-interface2

zone name Local id 1 priority 100 zone name Trust id 2 priority 85 zone name DMZ id 3 priority 50 zone name Untrust id 4 priority 5 switchto vd Root zone name Management id 0 ip virtual-reassembly zone name Local id 1 ip virtual-reassembly zone name Trust id 2 ip virtual-reassembly zone name DMZ id 3 ip virtual-reassembly zone name Untrust id 4 ip virtual-reassembly

# ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/4 122.204.170.169 preference 1 # dhcp enable

组网及组网描述：

外网配置静态IP接在0/4接口，

内网0/0至0/2口为同一VLAN1，192.168.0.1/21

内网0/3接口为VLAN2，172.16.16.1/22

最佳答案

小呆的肉夹馍

小呆的肉夹馍六段

粉丝：13人关注：4人

192和172网段的内网用户都没有办法上外网吗？首先确认下是否在4口上有配置nat outbound，然后在测试上网的过程中针对某一个源ip用户查看下设备上的会话信息，dis session table ipv4 soure-ip x.x.x.x ver 看下有没有会话，如果没有会话的话注意一下是不是有把接口放在安全域下并放通了相应的域间策略