MER5200路由器反复莫名其妙的ping不通DNS,重启后恢复,前面说要看配置的大佬来这里看一下
- 1关注
- 0收藏,1551浏览
问题描述:
#
version 7.1.064, Release 0809P33
#
memory-threshold usage 85
#
sysname JY
#
clock timezone Beijing add 08:00:00
clock protocol ntp
#
telnet server port ****
telnet server ipv6 port ****
#
qos carl 1 source-ip-address object-group 全局流量 per-address shared-bandwidth
qos carl 2 destination-ip-address object-group 全局流量 per-address shared-bandwidth
qos carl 3 source-ip-address object-group 全局流量 per-address shared-bandwidth
qos carl 4 destination-ip-address object-group 全局流量 per-address shared-bandwidth
#
security-zone intra-zone default permit
#
track 1022 nqa entry ge0/1 1 reaction 1
#
track 1023 nqa entry ge0/0 1 reaction 1
#
ip load-sharing mode per-flow src-ip global
#
bandwidth-based-sharing
#
nat alg h323
nat alg ils
nat alg mgcp
nat alg nbt
nat alg rsh
nat alg sccp
nat alg sip
nat alg sqlnet
nat alg tftp
nat alg xdmcp
#
dhcp enable
dhcp server always-broadcast
dhcp server mini-ap ip-pool Vlan-interface2
#
dns proxy enable
#
password-recovery enable
#
vlan 1
#
vlan 2
#
object-group ip address ****系统
0 network range 192.168.17.210 192.168.17.216
#
object-group ip address 全局流量
0 network range 192.168.16.0 192.168.17.254
0 network exclude 192.168.17.1
#
object-group ip address 限速组
description 除****及****以外的其他终端
0 network range 192.168.16.1 192.168.16.255
10 network range 192.168.17.2 192.168.17.209
20 network range 192.168.17.217 192.168.17.232
30 network range 192.168.17.234 192.168.17.255
#
object-group ip address ****
0 network host address 192.168.17.233
#
traffic classifier greenclassFilter_18929 operator and
if-match acl name greenChannelAcl_18929
#
traffic behavior greenChannelBehavior_18929
queue ef bandwidth 10000 cbs 25000
#
qos policy greenChannelPolicy_18929
classifier greenclassFilter_18929 behavior greenChannelBehavior_18929
#
dhcp server ip-pool 2
#
dhcp server ip-pool Vlan-interface2
gateway-list 192.168.17.1
network 192.168.16.0 mask 255.255.254.0
address range 192.168.16.0 192.168.17.255
dns-list 211.138.240.100 192.168.17.1
expired day 0 hour 8
forbidden-ip-range 192.168.16.255 192.168.16.255
forbidden-ip-range 192.168.17.1 192.168.17.1
forbidden-ip-range 192.168.17.210 192.168.17.216
forbidden-ip-range 192.168.17.220 192.168.17.220
forbidden-ip-range 192.168.17.233 192.168.17.233
option 43 hex 8007000001c0a81101
option 60 ascii H3C
static-bind ip-address 192.168.17.13 mask 255.255.254.0 hardware-address 0030-1859-ffc7
static-bind ip-address 192.168.17.62 mask 255.255.254.0 hardware-address 18cf-243c-f68b description ****
static-bind ip-address 192.168.17.80 mask 255.255.254.0 hardware-address e0be-032b-2127 description ****
static-bind ip-address 192.168.17.101 mask 255.255.255.0 hardware-address 3863-bb02-2a9c
static-bind ip-address 192.168.17.110 mask 255.255.254.0 hardware-address b496-9188-2873 description ****
static-bind ip-address 192.168.17.188 mask 255.255.254.0 hardware-address f481-3948-330e
static-bind ip-address 192.168.17.233 mask 255.255.254.0 hardware-address 2004-0ff9-1ddc
static-bind ip-address 192.168.17.240 mask 255.255.254.0 hardware-address f8b4-6ade-8edc
static-bind ip-address 192.168.17.241 mask 255.255.254.0 hardware-address 3c2a-f477-fba2
static-bind ip-address 192.168.17.242 mask 255.255.254.0 hardware-address 3c2a-f481-e052
static-bind ip-address 192.168.17.243 mask 255.255.254.0 hardware-address 3c2a-f460-e99b
#
dhcp server ip-pool lan1
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
address range 192.168.10.0 192.168.10.255
dns-list 192.168.10.1
forbidden-ip-range 192.168.10.1 192.168.10.1
#
nqa entry ge0/0 1
type icmp-echo
destination ip 111.59.***.***
frequency 10000
out interface GigabitEthernet0/0
probe timeout 1000
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
nqa entry ge0/0 2
#
nqa entry ge0/1 1
type icmp-echo
destination ip 192.168.248.254
frequency 10000
out interface GigabitEthernet0/1
probe timeout 1000
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
nqa schedule ge0/0 1 start-time now lifetime forever
nqa schedule ge0/1 1 start-time now lifetime forever
#
controller Cellular0/0
#
interface Dialer0
mtu 1492
#
interface Dialer1
mtu 1492
#
interface NULL0
#
interface Vlan-interface1
description LAN-interface
ip address 192.168.10.1 255.255.255.0
tcp mss 1280
packet-filter name WebHttpHttps17413 inbound
nat hairpin enable
ip subscriber l2-connected enable
ip subscriber initiator dhcp enable
ip subscriber initiator unclassified-ip enable
ip subscriber dhcp domain ipoeenabledomain
ip subscriber unclassified-ip domain ipoeenabledomain
#
interface Vlan-interface2
description LAN-interface
ip address 192.168.17.1 255.255.254.0
tcp mss 1280
packet-filter name WebHttpHttps17415 inbound
nat hairpin enable
ip subscriber l2-connected enable
ip subscriber initiator dhcp enable
ip subscriber initiator unclassified-ip enable
ip subscriber dhcp domain ipoeenabledomain
ip subscriber unclassified-ip domain ipoeenabledomain
#
interface GigabitEthernet0/0
port link-mode route
description Double_Line1
bandwidth 100000
combo enable copper
ip address ***.***.***.*** 255.255.255.192 -------公网IP
dns server 211.138.240.100
dns server 211.138.245.180
tcp mss 1330
ip last-hop hold
packet-filter name WebHttpHttps3 inbound
qos apply policy greenChannelPolicy_18929 outbound
qos car inbound carl 2 cir 102400 cbs 6400000 ebs 0 green pass red discard yellow pass
qos car outbound carl 1 cir 102400 cbs 6400000 ebs 0 green pass red discard yellow pass
nat outbound
nat server protocol tcp global current-interface **** inside 192.168.17.220 21 description FTP
nat server protocol tcp global current-interface **** inside 192.168.17.220 22 description SSH
#
interface GigabitEthernet0/1
port link-mode route
description Double_Line2
bandwidth 20000
ip address 192.168.248.42 255.255.255.0
dns server 211.138.240.100
dns server 211.138.245.180
tcp mss 1280
ip last-hop hold
packet-filter name WebHttpHttps4 inbound
qos car inbound carl 4 cir 20480 cbs 1280000 ebs 0 green pass red discard yellow pass
qos car outbound carl 3 cir 20480 cbs 1280000 ebs 0 green pass red discard yellow pass
nat outbound
#
interface GigabitEthernet0/2
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet0/3
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet0/4
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet0/5
port link-mode bridge
port access vlan 2
#
object-policy ip Any-Any
rule 0 pass source-ip 限速组 app-group p2p_13 logging
rule 1 pass source-ip 限速组 app-group p2p_17 logging
rule 2 pass source-ip 限速组 app-group p2p_120 logging
rule 3 inspect p2p source-ip 限速组
rule 65533 inspect 8048_url_profile_global disable
rule 65534 pass
#
security-zone name Local
#
security-zone name Trust
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
zone-pair security source Any destination Any
object-policy apply ip Any-Any
#
zone-pair security source Local destination Trust
packet-filter name SWXWSGL
#
zone-pair security source Local destination Untrust
packet-filter name SWXWSGL
#
zone-pair security source Trust destination Local
packet-filter name SWXWSGL
#
zone-pair security source Untrust destination Local
packet-filter name SWXWSGL
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 ***.***.***.***
ip route-static 0.0.0.0 0 GigabitEthernet0/1 192.168.248.254 track 1022
ip route-static 192.168.2.0 24 GigabitEthernet0/1 192.168.248.254 preference 58
ip route-static 192.168.251.0 24 GigabitEthernet0/1 192.168.248.254 preference 58
ip route-static 192.168.255.0 24 192.168.248.254 preference 58
#
ssh server enable
ssh server port ****
#
arp static 192.168.17.80 e0be-032b-2127 description xin guan qu dibang
arp static 192.168.17.220 f474-88bc-71e6 description fanghuoqiang
#
ntp-service enable
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
#
acl number 2999
rule 0 permit source 192.168.16.0 0.0.1.255
#
acl advanced name SWXWSGL
rule 1 permit ip
#
acl advanced name WebHttpHttps3
rule 65533 permit tcp destination-port eq www
rule 65534 permit tcp destination-port eq 443
#
acl advanced name WebHttpHttps4
rule 65533 permit tcp destination-port eq www
rule 65534 permit tcp destination-port eq 8888
#
acl advanced name WebHttpHttps17413
rule 65533 permit tcp destination-port eq www
rule 65534 permit tcp destination-port eq 443
#
acl advanced name WebHttpHttps17415
rule 65533 permit tcp destination-port eq www
rule 65534 permit tcp destination-port eq 8888
#
acl advanced name greenChannelAcl_18929
rule 0 permit tcp destination-port eq ***
rule 0 comment ***
rule 1 permit tcp destination-port eq ***
rule 1 comment ***1
rule 2 permit tcp destination-port eq ***
rule 2 comment ***2
rule 3 permit tcp destination-port eq ***
rule 3 comment ***3
rule 4 permit tcp destination-port eq ***
rule 4 comment ***4
rule 5 permit tcp destination-port eq ***
rule 5 comment ***5
rule 65534 deny ip
#
password-control enable
undo password-control aging enable
undo password-control history enable
password-control length 6
password-control update-interval 0
password-control login idle-time 0
#
domain ipoeenabledomain
authentication ipoe none
authorization ipoe none
accounting ipoe none
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user **** class manage
service-type ftp
service-type ssh telnet terminal http https
authorization-attribute user-role network-admin
#
session statistics enable
#
connection-limit policy 32
#
app-group p2p_13
description "User-defined application group"
include application BitTorrent
include application iQiYiPPS
include application Letv
include application TencentVideo
include application Thunder
include application XunLeiKanKan
#
app-group p2p_17
description "User-defined application group"
include application 56Video
include application Bilibili
include application CTCCMusicMenHu
include application KGeDaRen
include application MeiLeFM
include application MiGuMusic
include application NetEaseVideo
include application PPTV
include application QQMusic
include application SinaVideo
include application SoHuVideo
include application SouGouMusic
include application TuDou
include application XiaMi
include application YinYueTai
include application YouKu
#
app-group p2p_120
description "User-defined application group"
include application AndroidMarket
include application AnZhiMarket
include application BaiduWenKu
include application JiFengMarket
include application OnlineDown
include application WanDouJia
#
ip http acl 2999
ip https port ******
ip https acl 2999
ip https enable
#
url-filter policy p2p
default-action permit logging
#
url-filter category custom severity 65535
#
app-profile p2p
url-filter apply policy p2p
#
traffic-policy
rule 1 name p2p_13
action qos profile p2p_13
source-address address-set 限速组
source-zone Trust
destination-zone Untrust
application app-group p2p_13
rule 2 name p2p_17
action qos profile p2p_17
source-address address-set 限速组
source-zone Trust
destination-zone Untrust
application app-group p2p_17
rule 3 name p2p_120
action qos profile p2p_120
source-address address-set 限速组
source-zone Trust
destination-zone Untrust
application app-group p2p_120
profile name p2p_13
bandwidth downstream maximum 200
bandwidth upstream maximum 200
profile name p2p_17
bandwidth downstream maximum 200
bandwidth upstream maximum 200
profile name p2p_120
bandwidth downstream maximum 100
bandwidth upstream maximum 100
#
dac storage service traffic limit hold-time 1
dac storage service traffic limit usage 85
#
return
组网及组网描述:
- 2022-10-10提问
- 举报
-
(0)
DNS用的是公网DNS还是内网DNS,DNS不通就是网络不通了。。检查一下网络
- 2022-10-10回答
- 评论(2)
- 举报
-
(0)
公网的DNS,过路由就不通,不过就通的,重启路由器也能通
MSR开启了web 的流量排行功能,从而生成了非必要的ipoe会话,造成下一跳指向错误。
现场可以关闭流量排行,并清空ipoe会话。如果不能关闭,建议升级版本到 R0809P34或者R67系列,并且web上选择流量排行的接口范围为内网口,从而在内网口生成一条限制未知源用户的命令。
- 2023-02-07回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
dns-list 192.168.10.1 Dhcp里DNS配置的是内网地址,DNS不通的时候外网也不通了吧。。