• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

F100-c-g2 重启后无法上网

2018-08-10提问
  • 0关注
  • 1收藏,1542浏览
粉丝:0人 关注:0人

问题描述:

F100-c-g2 重启后无法上网 ,必须重新配一遍命令才可以上网, 命令也已经保存但是重启就是上不去网,在外网一直ping着 这防火墙的地址,重启后就ping不通


组网及组网描述:


<H3C>display cu # version 7.1.064, Release 9510P05 # sysname H3C # context Admin id 1 # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # password-recovery enable # vlan 1 # vlan 2 to 4 # interface NULL0 # interface Vlan-interface1 ip address 10.214.193.129 255.255.255.192 # interface Vlan-interface2 ip address 10.214.195.65 255.255.255.192 # interface Vlan-interface3 ip address 10.214.198.65 255.255.255.192 # interface Vlan-interface4 ip address 10.214.199.193 255.255.255.192 # interface GigabitEthernet1/0/0 port link-mode route combo enable copper ip address 223.99.18.100 255.255.255.240 tcp mss 1024 ipsec apply policy 1 # interface GigabitEthernet1/0/1 port link-mode route combo enable fiber # interface GigabitEthernet1/0/6 port link-mode route # interface GigabitEthernet1/0/7 port link-mode route # interface GigabitEthernet1/0/8 port link-mode route # interface GigabitEthernet1/0/9 port link-mode route # interface GigabitEthernet1/0/10 port link-mode route # interface GigabitEthernet1/0/11 port link-mode route # interface GigabitEthernet1/0/2 port link-mode bridge # interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 2 # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 4 # object-policy ip 1 rule 0 pass # security-zone name Local # security-zone name Trust import interface Vlan-interface1 import interface Vlan-interface2 import interface Vlan-interface3 import interface Vlan-interface4 import interface GigabitEthernet1/0/2 vlan 1 to 4094 import interface GigabitEthernet1/0/3 vlan 1 to 4094 import interface GigabitEthernet1/0/4 vlan 1 to 4094 import interface GigabitEthernet1/0/5 vlan 1 to 4094 # security-zone name DMZ # security-zone name Untrust # security-zone name Management import interface GigabitEthernet1/0/0 # zone-pair security source Any destination Any object-policy apply ip 1 # zone-pair security source Local destination Trust object-policy apply ip 1 # zone-pair security source Local destination Untrust object-policy apply ip 1 # zone-pair security source Trust destination Local object-policy apply ip 1 # zone-pair security source Trust destination Trust object-policy apply ip 1 # zone-pair security source Trust destination Untrust object-policy apply ip 1 # zone-pair security source Untrust destination Trust object-policy apply ip 1 # zone-pair security source Untrust destination Untrust object-policy apply ip 1 # scheduler logfile size 16 # line class aux user-role network-operator # line class console user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line con 0 authentication-mode scheme user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-admin # ip route-static 0.0.0.0 0 223.99.18.97 ip route-static 10.19.80.0 24 211.137.182.6 ip route-static 10.19.89.0 24 211.137.182.6 ip route-static 10.19.90.0 24 211.137.182.6 ip route-static 10.19.98.0 24 211.137.182.6 ip route-static 10.19.181.0 24 211.137.182.6 ip route-static 10.19.188.0 24 211.137.182.6 ip route-static 10.19.190.0 24 211.137.182.6 ip route-static 10.19.191.0 24 211.137.182.6 ip route-static 10.19.194.0 24 211.137.182.6 ip route-static 10.19.222.0 24 211.137.182.6 ip route-static 10.19.251.0 24 211.137.182.6 ip route-static 10.213.51.0 24 211.137.182.6 ip route-static 10.213.53.0 24 211.137.182.6 ip route-static 172.20.120.0 24 211.137.182.6 ip route-static 172.20.124.0 24 211.137.182.6 ip route-static 211.137.182.0 24 211.137.182.6 ip route-static 218.206.83.0 24 211.137.182.6 # ssh server enable # acl advanced 3000 rule 5 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.80.0 0.0.0.255 rule 15 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.90.0 0.0.0.255 rule 20 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.98.0 0.0.0.255 rule 25 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.181.0 0.0.0.255 rule 30 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.188.0 0.0.0.255 rule 35 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.190.0 0.0.0.255 rule 40 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.194.0 0.0.0.255 rule 45 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.222.0 0.0.0.255 rule 50 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.251.0 0.0.0.255 rule 55 permit ip source 10.214.193.128 0.0.0.63 destination 10.213.51.0 0.0.0.255 rule 60 permit ip source 10.214.193.128 0.0.0.63 destination 10.213.53.0 0.0.0.255 rule 65 permit ip source 10.214.193.128 0.0.0.63 destination 117.156.53.0 0.0.0.255 rule 70 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.191.228 0 rule 75 permit ip source 10.214.193.128 0.0.0.63 destination 10.19.89.0 0.0.0.255 rule 80 permit ip source 10.214.193.128 0.0.0.63 destination 172.20.120.9 0 rule 90 permit ip source 10.214.193.128 0.0.0.63 destination 172.20.120.10 0 rule 95 permit ip source 10.214.193.128 0.0.0.63 destination 218.206.83.167 0 rule 96 permit ip source 10.214.193.128 0.0.0.63 destination 172.20.124.0 0.0.0.255 rule 100 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.80.0 0.0.0.255 rule 105 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.90.0 0.0.0.255 rule 110 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.98.0 0.0.0.255 rule 115 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.181.0 0.0.0.255 rule 120 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.188.0 0.0.0.255 rule 125 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.190.0 0.0.0.255 rule 130 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.194.0 0.0.0.255 rule 135 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.222.0 0.0.0.255 rule 140 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.251.0 0.0.0.255 rule 145 permit ip source 10.214.195.64 0.0.0.63 destination 10.213.51.0 0.0.0.255 rule 150 permit ip source 10.214.195.64 0.0.0.63 destination 10.213.53.0 0.0.0.255 rule 155 permit ip source 10.214.195.64 0.0.0.63 destination 117.156.53.0 0.0.0.255 rule 160 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.191.228 0 rule 165 permit ip source 10.214.195.64 0.0.0.63 destination 10.19.89.0 0.0.0.255 rule 170 permit ip source 10.214.195.64 0.0.0.63 destination 172.20.120.9 0 rule 175 permit ip source 10.214.195.64 0.0.0.63 destination 172.20.120.10 0 rule 185 permit ip source 10.214.195.64 0.0.0.63 destination 218.206.83.167 0 rule 190 permit ip source 10.214.195.64 0.0.0.63 destination 172.20.120.18 0 rule 195 permit ip source 10.214.193.128 0.0.0.63 destination 172.20.120.18 0 rule 200 permit ip source 10.214.195.64 0.0.0.63 destination 172.20.124.0 0.0.0.255 rule 300 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.80.0 0.0.0.255 rule 301 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.90.0 0.0.0.255 rule 302 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.98.0 0.0.0.255 rule 303 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.181.0 0.0.0.255 rule 304 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.188.0 0.0.0.255 rule 305 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.190.0 0.0.0.255 rule 306 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.194.0 0.0.0.255 rule 307 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.222.0 0.0.0.255 rule 308 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.251.0 0.0.0.255 rule 309 permit ip source 10.214.198.64 0.0.0.63 destination 10.213.51.0 0.0.0.255 rule 310 permit ip source 10.214.198.64 0.0.0.63 destination 10.213.53.0 0.0.0.255 rule 311 permit ip source 10.214.198.64 0.0.0.63 destination 117.156.53.0 0.0.0.255 rule 312 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.191.228 0 rule 313 permit ip source 10.214.198.64 0.0.0.63 destination 10.19.89.0 0.0.0.255 rule 314 permit ip source 10.214.198.64 0.0.0.63 destination 172.20.120.9 0 rule 315 permit ip source 10.214.198.64 0.0.0.63 destination 172.20.120.10 0 rule 316 permit ip source 10.214.198.64 0.0.0.63 destination 218.206.83.167 0 rule 317 permit ip source 10.214.198.64 0.0.0.63 destination 172.20.124.0 0.0.0.255 rule 318 permit ip source 10.214.198.64 0.0.0.63 destination 172.20.120.18 0 rule 400 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.80.0 0.0.0.255 rule 401 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.90.0 0.0.0.255 rule 402 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.98.0 0.0.0.255 rule 403 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.181.0 0.0.0.255 rule 404 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.188.0 0.0.0.255 rule 405 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.190.0 0.0.0.255 rule 406 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.194.0 0.0.0.255 rule 407 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.222.0 0.0.0.255 rule 408 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.251.0 0.0.0.255 rule 409 permit ip source 10.214.199.192 0.0.0.63 destination 10.213.51.0 0.0.0.255 rule 410 permit ip source 10.214.199.192 0.0.0.63 destination 10.213.53.0 0.0.0.255 rule 411 permit ip source 10.214.199.192 0.0.0.63 destination 117.156.53.0 0.0.0.255 rule 412 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.191.228 0 rule 413 permit ip source 10.214.199.192 0.0.0.63 destination 10.19.89.0 0.0.0.255 rule 414 permit ip source 10.214.199.192 0.0.0.63 destination 172.20.120.9 0 rule 415 permit ip source 10.214.199.192 0.0.0.63 destination 172.20.120.10 0 rule 416 permit ip source 10.214.199.192 0.0.0.63 destination 218.206.83.167 0 rule 417 permit ip source 10.214.199.192 0.0.0.63 destination 172.20.124.0 0.0.0.255 rule 418 permit ip source 10.214.199.192 0.0.0.63 destination 172.20.120.18 0 # domain system # aaa session-limit ftp 16 aaa session-limit telnet 16 aaa session-limit ssh 16 domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$UbIhNnPevyKUwfpm$LqR3+yg1IjNct39MkOR0H0iQXLkYB3jMqM4vbAeoXOhbabIIFnjJPEGR00YiYA1Sz4LiY3FmEdru2fOLMb1shQ== service-type ssh terminal https authorization-attribute user-role level-3 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # ipsec transform-set 1 esp encryption-algorithm 3des-cbc esp authentication-algorithm md5 # ipsec policy 1 10 isakmp transform-set 1 security acl 3000 local-address 223.99.18.100 remote-address 211.137.182.6 ike-profile 1 # ike profile 1 keychain 1 local-identity address 223.99.18.100 match remote identity address 211.137.182.6 255.255.255.255 # ike proposal 10 encryption-algorithm 3des-cbc dh group2 authentication-algorithm md5 # ike keychain 1 pre-shared-key address 211.137.182.6 255.255.255.255 key cipher $c$3$NXu6up4qoYZq3TwNWtMrXkC2Bzr1RkjLM4BQEH7qi68= # ip http enable ip https enable # return <H3C>

最佳答案

yuren 九段
粉丝:16人 关注:3人

可以对比一下重启前的配置后重启后的配置是否一致。正常情况的话您这边保存了配置信息的话,重启设备不会造成您这种情况的。

这个就有点奇怪了哈。建议您做一下几个方面的检查 1、接口是否加入安全域,以及放通相应的域间策略 2、是否配置了默认路由 3、是否配置了nat地址转换。 如果上面三个确认无问题,可以分段ping测试,分别ping内网网关地址、外网地址、外网网关地址、114.114.114.114.看一下测试结果到哪段不通了

yuren 发表时间:2018-08-10 更多>>

一致啊,,,叹气~,好几遍了

zhiliao_64040 发表时间:2018-08-10

这个就有点奇怪了哈。建议您做一下几个方面的检查 1、接口是否加入安全域,以及放通相应的域间策略 2、是否配置了默认路由 3、是否配置了nat地址转换。 如果上面三个确认无问题,可以分段ping测试,分别ping内网网关地址、外网地址、外网网关地址、114.114.114.114.看一下测试结果到哪段不通了

yuren 发表时间:2018-08-10
0 个回答

该问题暂时没有网友解答

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明