F100-c-g2 重启后无法上网
- 0关注
- 1收藏,1393浏览
问题描述:
F100-c-g2 重启后无法上网 ,必须重新配一遍命令才可以上网, 命令也已经保存但是重启就是上不去网,在外网一直ping着 这防火墙的地址,重启后就ping不通
组网及组网描述:
<H3C>display cu # version 7.1.064, Release 9510P05 # sysname H3C # context Admin id 1 # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # password-recovery enable # vlan 1 # vlan 2 to 4 # interface NULL0 # interface Vlan-interface1 ip address 10.214.193.129 255.255.255.192 # interface Vlan-interface2 ip address 10.214.195.65 255.255.255.192 # interface Vlan-interface3 ip address 10.214.198.65 255.255.255.192 # interface Vlan-interface4 ip address 10.214.199.193 255.255.255.192 # interface GigabitEthernet1/0/0 port link-mode route combo enable copper ip address 223.99.18.100 255.255.255.240 tcp mss 1024 ipsec apply policy 1 # interface GigabitEthernet1/0/1 port link-mode route combo enable fiber # interface GigabitEthernet1/0/6 port link-mode route # interface GigabitEthernet1/0/7 port link-mode route # interface GigabitEthernet1/0/8 port link-mode route # interface GigabitEthernet1/0/9 port link-mode route # interface GigabitEthernet1/0/10 port link-mode route # interface GigabitEthernet1/0/11 port link-mode route # interface GigabitEthernet1/0/2 port link-mode bridge # interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 2 # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 4 # object-policy ip 1 rule 0 pass # security-zone name Local # security-zone name Trust import interface Vlan-interface1 import interface Vlan-interface2 import interface Vlan-interface3 import interface Vlan-interface4 import interface GigabitEthernet1/0/2 vlan 1 to 4094 import interface GigabitEthernet1/0/3 vlan 1 to 4094 import interface GigabitEthernet1/0/4 vlan 1 to 4094 import interface GigabitEthernet1/0/5 vlan 1 to 4094 # security-zone name DMZ # security-zone name Untrust # security-zone name Management import interface GigabitEthernet1/0/0 # zone-pair security source Any destination Any object-policy apply ip 1 # zone-pair security source Local destination Trust object-policy apply ip 1 # zone-pair security source Local destination Untrust object-policy apply ip 1 # zone-pair security source Trust destination Local object-policy apply ip 1 # zone-pair security source Trust destination Trust object-policy apply ip 1 # zone-pair security source Trust destination Untrust object-policy apply ip 1 # zone-pair security source Untrust destination Trust object-policy apply ip 1 # zone-pair security source Untrust destination Untrust object-policy apply ip 1 # scheduler logfile size 16 # line class aux user-role network-operator # line class console user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line con 0 authentication-mode scheme user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-admin # ip route-static 0.0.0.0 0 223.99.18.97 ip route-static 10.19.80.0 24 211.137.182.6 ip route-static 10.19.89.0 24 211.137.182.6 ip route-static 10.19.90.0 24 211.137.182.6 ip route-static 10.19.98.0 24 211.137.182.6 ip route-static 10.19.181.0 24 211.137.182.6 ip route-static 10.19.188.0 24 211.137.182.6 ip route-static 10.19.190.0 24 211.137.182.6 ip route-static 10.19.191.0 24 211.137.182.6 ip route-static 10.19.194.0 24 211.137.182.6 ip route-static 10.19.222.0 24 211.137.182.6 ip route-static 10.19.251.0 24 211.137.182.6 ip route-static 10.213.51.0 24 211.137.182.6 ip route-static 10.213.53.0 24 211.137.182.6 ip route-static 172.20.120.0 24 211.137.182.6 ip route-static 172.20.124.0 24 211.137.182.6 ip route-static 211.137.182.0 24 211.137.182.6 ip route-static 218.206.83.0 24 211.137.182.6 # ssh server enable # acl advanced 3000 rule 5 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.80.0 0.0.0.255 rule 15 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.90.0 0.0.0.255 rule 20 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.98.0 0.0.0.255 rule 25 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.181.0 0.0.0.255 rule 30 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.188.0 0.0.0.255 rule 35 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.190.0 0.0.0.255 rule 40 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.194.0 0.0.0.255 rule 45 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.222.0 0.0.0.255 rule 50 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.251.0 0.0.0.255 rule 55 permit ip source 10.214.193.128 0.0.0.63 destination 10.213.51.0 0.0.0.255 rule 60 permit ip source 10.214.193.128 0.0.0.63 destination 10.213.53.0 0.0.0.255 rule 65 permit ip source 10.214.193.128 0.0.0.63 destination 117.156.53.0 0.0.0.255 rule 70 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.191.228 0 rule 75 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.89.0 0.0.0.255 rule 80 permit ip source 10.214.193.128 0.0.0.63 destination 172.20.120.9 0 rule 90 permit ip source 10.214.193.128 0.0.0.63 destination 172.20.120.10 0 rule 95 permit ip source 10.214.193.128 0.0.0.63 destination 218.206.83.167 0 rule 96 permit ip source 10.214.193.128 0.0.0.63 destination 172.20.124.0 0.0.0.255 rule 100 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.80.0 0.0.0.255 rule 105 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.90.0 0.0.0.255 rule 110 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.98.0 0.0.0.255 rule 115 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.181.0 0.0.0.255 rule 120 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.188.0 0.0.0.255 rule 125 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.190.0 0.0.0.255 rule 130 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.194.0 0.0.0.255 rule 135 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.222.0 0.0.0.255 rule 140 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.251.0 0.0.0.255 rule 145 permit ip source 10.214.195.64 0.0.0.63 destination 10.213.51.0 0.0.0.255 rule 150 permit ip source 10.214.195.64 0.0.0.63 destination 10.213.53.0 0.0.0.255 rule 155 permit ip source 10.214.195.64 0.0.0.63 destination 117.156.53.0 0.0.0.255 rule 160 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.191.228 0 rule 165 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.89.0 0.0.0.255 rule 170 permit ip source 10.214.195.64 0.0.0.63 destination 172.20.120.9 0 rule 175 permit ip source 10.214.195.64 0.0.0.63 destination 172.20.120.10 0 rule 185 permit ip source 10.214.195.64 0.0.0.63 destination 218.206.83.167 0 rule 190 permit ip source 10.214.195.64 0.0.0.63 destination 172.20.120.18 0 rule 195 permit ip source 10.214.193.128 0.0.0.63 destination 172.20.120.18 0 rule 200 permit ip source 10.214.195.64 0.0.0.63 destination 172.20.124.0 0.0.0.255 rule 300 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.80.0 0.0.0.255 rule 301 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.90.0 0.0.0.255 rule 302 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.98.0 0.0.0.255 rule 303 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.181.0 0.0.0.255 rule 304 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.188.0 0.0.0.255 rule 305 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.190.0 0.0.0.255 rule 306 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.194.0 0.0.0.255 rule 307 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.222.0 0.0.0.255 rule 308 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.251.0 0.0.0.255 rule 309 permit ip source 10.214.198.64 0.0.0.63 destination 10.213.51.0 0.0.0.255 rule 310 permit ip source 10.214.198.64 0.0.0.63 destination 10.213.53.0 0.0.0.255 rule 311 permit ip source 10.214.198.64 0.0.0.63 destination 117.156.53.0 0.0.0.255 rule 312 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.191.228 0 rule 313 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.89.0 0.0.0.255 rule 314 permit ip source 10.214.198.64 0.0.0.63 destination 172.20.120.9 0 rule 315 permit ip source 10.214.198.64 0.0.0.63 destination 172.20.120.10 0 rule 316 permit ip source 10.214.198.64 0.0.0.63 destination 218.206.83.167 0 rule 317 permit ip source 10.214.198.64 0.0.0.63 destination 172.20.124.0 0.0.0.255 rule 318 permit ip source 10.214.198.64 0.0.0.63 destination 172.20.120.18 0 rule 400 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.80.0 0.0.0.255 rule 401 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.90.0 0.0.0.255 rule 402 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.98.0 0.0.0.255 rule 403 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.181.0 0.0.0.255 rule 404 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.188.0 0.0.0.255 rule 405 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.190.0 0.0.0.255 rule 406 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.194.0 0.0.0.255 rule 407 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.222.0 0.0.0.255 rule 408 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.251.0 0.0.0.255 rule 409 permit ip source 10.214.199.192 0.0.0.63 destination 10.213.51.0 0.0.0.255 rule 410 permit ip source 10.214.199.192 0.0.0.63 destination 10.213.53.0 0.0.0.255 rule 411 permit ip source 10.214.199.192 0.0.0.63 destination 117.156.53.0 0.0.0.255 rule 412 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.191.228 0 rule 413 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.89.0 0.0.0.255 rule 414 permit ip source 10.214.199.192 0.0.0.63 destination 172.20.120.9 0 rule 415 permit ip source 10.214.199.192 0.0.0.63 destination 172.20.120.10 0 rule 416 permit ip source 10.214.199.192 0.0.0.63 destination 218.206.83.167 0 rule 417 permit ip source 10.214.199.192 0.0.0.63 destination 172.20.124.0 0.0.0.255 rule 418 permit ip source 10.214.199.192 0.0.0.63 destination 172.20.120.18 0 # domain system # aaa session-limit ftp 16 aaa session-limit telnet 16 aaa session-limit ssh 16 domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$UbIhNnPevyKUwfpm$LqR3+yg1IjNct39MkOR0H0iQXLkYB3jMqM4vbAeoXOhbabIIFnjJPEGR00YiYA1Sz4LiY3FmEdru2fOLMb1shQ== service-type ssh terminal https authorization-attribute user-role level-3 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # ipsec transform-set 1 esp encryption-algorithm 3des-cbc esp authentication-algorithm md5 # ipsec policy 1 10 isakmp transform-set 1 security acl 3000 local-address 223.99.18.100 remote-address 211.137.182.6 ike-profile 1 # ike profile 1 keychain 1 local-identity address 223.99.18.100 match remote identity address 211.137.182.6 255.255.255.255 # ike proposal 10 encryption-algorithm 3des-cbc dh group2 authentication-algorithm md5 # ike keychain 1 pre-shared-key address 211.137.182.6 255.255.255.255 key cipher $c$3$NXu6up4qoYZq3TwNWtMrXkC2Bzr1RkjLM4BQEH7qi68= # ip http enable ip https enable # return <H3C>
- 2018-08-10提问
- 举报
-
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
一致啊,,,叹气~,好几遍了
这个就有点奇怪了哈。建议您做一下几个方面的检查 1、接口是否加入安全域,以及放通相应的域间策略 2、是否配置了默认路由 3、是否配置了nat地址转换。 如果上面三个确认无问题,可以分段ping测试,分别ping内网网关地址、外网地址、外网网关地址、114.114.114.114.看一下测试结果到哪段不通了