MER5200路由器反复莫名其妙的ping不通DNS，重启后恢复，前面说要看配置的大佬来这里看一下

#

 version 7.1.064, Release 0809P33

#

 memory-threshold  usage 85

#

 sysname JY

#

 clock timezone Beijing add 08:00:00

 clock protocol ntp

#

 telnet server port ****

 telnet server ipv6 port ****

#

 qos carl 1 source-ip-address object-group 全局流量 per-address shared-bandwidth

 qos carl 2 destination-ip-address object-group 全局流量 per-address shared-bandwidth

 qos carl 3 source-ip-address object-group 全局流量 per-address shared-bandwidth

 qos carl 4 destination-ip-address object-group 全局流量 per-address shared-bandwidth

#

 security-zone intra-zone default permit

#

track 1022 nqa entry ge0/1 1 reaction 1

#

track 1023 nqa entry ge0/0 1 reaction 1

#              

 ip load-sharing mode per-flow src-ip global

#

 bandwidth-based-sharing

#

 nat alg h323

 nat alg ils

 nat alg mgcp

 nat alg nbt

 nat alg rsh

 nat alg sccp

 nat alg sip

 nat alg sqlnet

 nat alg tftp

 nat alg xdmcp

#

 dhcp enable

 dhcp server always-broadcast

 dhcp server mini-ap ip-pool Vlan-interface2

#

 dns proxy enable

#

 password-recovery enable

#              

vlan 1

#

vlan 2

#

object-group ip address ****系统

 0 network range 192.168.17.210 192.168.17.216

#

object-group ip address 全局流量

 0 network range 192.168.16.0 192.168.17.254

 0 network exclude 192.168.17.1

#

object-group ip address 限速组

 description 除****及****以外的其他终端

 0 network range 192.168.16.1 192.168.16.255

 10 network range 192.168.17.2 192.168.17.209

 20 network range 192.168.17.217 192.168.17.232

 30 network range 192.168.17.234 192.168.17.255

#

object-group ip address ****

 0 network host address 192.168.17.233

#

traffic classifier greenclassFilter_18929 operator and

 if-match acl name greenChannelAcl_18929

#

traffic behavior greenChannelBehavior_18929

 queue ef bandwidth 10000 cbs 25000

#

qos policy greenChannelPolicy_18929

 classifier greenclassFilter_18929 behavior greenChannelBehavior_18929

#

dhcp server ip-pool 2

#

dhcp server ip-pool Vlan-interface2

 gateway-list 192.168.17.1

 network 192.168.16.0 mask 255.255.254.0

 address range 192.168.16.0 192.168.17.255

 dns-list 211.138.240.100 192.168.17.1

 expired day 0 hour 8

 forbidden-ip-range 192.168.16.255 192.168.16.255

 forbidden-ip-range 192.168.17.1 192.168.17.1

 forbidden-ip-range 192.168.17.210 192.168.17.216

 forbidden-ip-range 192.168.17.220 192.168.17.220

 forbidden-ip-range 192.168.17.233 192.168.17.233

 option 43 hex 8007000001c0a81101

 option 60 ascii H3C

 static-bind ip-address 192.168.17.13 mask 255.255.254.0 hardware-address 0030-1859-ffc7

 static-bind ip-address 192.168.17.62 mask 255.255.254.0 hardware-address 18cf-243c-f68b description ****

 static-bind ip-address 192.168.17.80 mask 255.255.254.0 hardware-address e0be-032b-2127 description ****

 static-bind ip-address 192.168.17.101 mask 255.255.255.0 hardware-address 3863-bb02-2a9c

 static-bind ip-address 192.168.17.110 mask 255.255.254.0 hardware-address b496-9188-2873 description ****

 static-bind ip-address 192.168.17.188 mask 255.255.254.0 hardware-address f481-3948-330e

 static-bind ip-address 192.168.17.233 mask 255.255.254.0 hardware-address 2004-0ff9-1ddc

 static-bind ip-address 192.168.17.240 mask 255.255.254.0 hardware-address f8b4-6ade-8edc

 static-bind ip-address 192.168.17.241 mask 255.255.254.0 hardware-address 3c2a-f477-fba2

 static-bind ip-address 192.168.17.242 mask 255.255.254.0 hardware-address 3c2a-f481-e052

 static-bind ip-address 192.168.17.243 mask 255.255.254.0 hardware-address 3c2a-f460-e99b

#

dhcp server ip-pool lan1

 gateway-list 192.168.10.1

 network 192.168.10.0 mask 255.255.255.0

 address range 192.168.10.0 192.168.10.255

 dns-list 192.168.10.1

 forbidden-ip-range 192.168.10.1 192.168.10.1

#

nqa entry ge0/0 1

 type icmp-echo

  destination ip 111.59.***.***

  frequency 10000

  out interface GigabitEthernet0/0

  probe timeout 1000

  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

#

nqa entry ge0/0 2

#

nqa entry ge0/1 1

 type icmp-echo

  destination ip 192.168.248.254

  frequency 10000

  out interface GigabitEthernet0/1

  probe timeout 1000

  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

#

 nqa schedule ge0/0 1 start-time now lifetime forever

 nqa schedule ge0/1 1 start-time now lifetime forever

#

controller Cellular0/0

#

interface Dialer0

 mtu 1492

#

interface Dialer1

 mtu 1492      

#

interface NULL0

#

interface Vlan-interface1

 description LAN-interface

 ip address 192.168.10.1 255.255.255.0

 tcp mss 1280

 packet-filter name WebHttpHttps17413 inbound

 nat hairpin enable

 ip subscriber l2-connected enable

 ip subscriber initiator dhcp enable

 ip subscriber initiator unclassified-ip enable

 ip subscriber dhcp domain ipoeenabledomain

 ip subscriber unclassified-ip domain ipoeenabledomain

#

interface Vlan-interface2

 description LAN-interface

 ip address 192.168.17.1 255.255.254.0

 tcp mss 1280

 packet-filter name WebHttpHttps17415 inbound

 nat hairpin enable

 ip subscriber l2-connected enable

 ip subscriber initiator dhcp enable

 ip subscriber initiator unclassified-ip enable

 ip subscriber dhcp domain ipoeenabledomain

 ip subscriber unclassified-ip domain ipoeenabledomain

#

interface GigabitEthernet0/0

 port link-mode route

 description Double_Line1

 bandwidth 100000

 combo enable copper

 ip address ***.***.***.*** 255.255.255.192 -------公网IP

 dns server 211.138.240.100

 dns server 211.138.245.180

 tcp mss 1330

 ip last-hop hold

 packet-filter name WebHttpHttps3 inbound

 qos apply policy greenChannelPolicy_18929 outbound

 qos car inbound carl 2 cir 102400 cbs 6400000 ebs 0 green pass red discard yellow pass

 qos car outbound carl 1 cir 102400 cbs 6400000 ebs 0 green pass red discard yellow pass

 nat outbound

 nat server protocol tcp global current-interface **** inside 192.168.17.220 21 description FTP

 nat server protocol tcp global current-interface **** inside 192.168.17.220 22 description SSH

#

interface GigabitEthernet0/1

 port link-mode route

 description Double_Line2

 bandwidth 20000

 ip address 192.168.248.42 255.255.255.0

 dns server 211.138.240.100

 dns server 211.138.245.180

 tcp mss 1280

 ip last-hop hold

 packet-filter name WebHttpHttps4 inbound

 qos car inbound carl 4 cir 20480 cbs 1280000 ebs 0 green pass red discard yellow pass

 qos car outbound carl 3 cir 20480 cbs 1280000 ebs 0 green pass red discard yellow pass

 nat outbound

#

interface GigabitEthernet0/2

 port link-mode bridge

 port access vlan 2

#

interface GigabitEthernet0/3

 port link-mode bridge

 port access vlan 2

#

interface GigabitEthernet0/4

 port link-mode bridge

 port access vlan 2

#

interface GigabitEthernet0/5

 port link-mode bridge

 port access vlan 2

#

object-policy ip Any-Any

 rule 0 pass source-ip 限速组 app-group p2p_13 logging

 rule 1 pass source-ip 限速组 app-group p2p_17 logging

 rule 2 pass source-ip 限速组 app-group p2p_120 logging

 rule 3 inspect p2p source-ip 限速组

 rule 65533 inspect 8048_url_profile_global disable

 rule 65534 pass

#

security-zone name Local

#

security-zone name Trust

#

security-zone name DMZ

#

security-zone name Untrust

#

security-zone name Management

#

zone-pair security source Any destination Any

 object-policy apply ip Any-Any

#

zone-pair security source Local destination Trust

 packet-filter name SWXWSGL

#

zone-pair security source Local destination Untrust

 packet-filter name SWXWSGL

#              

zone-pair security source Trust destination Local

 packet-filter name SWXWSGL

#

zone-pair security source Untrust destination Local

 packet-filter name SWXWSGL

#

 scheduler logfile size 16

#

line class console

 user-role network-admin

#

line class tty

 user-role network-operator

#

line class vty

 user-role network-operator

#

line con 0

 user-role network-admin

#

line vty 0 63

 authentication-mode scheme

 user-role network-operator

#

 ip route-static 0.0.0.0 0 ***.***.***.***

 ip route-static 0.0.0.0 0 GigabitEthernet0/1 192.168.248.254 track 1022

 ip route-static 192.168.2.0 24 GigabitEthernet0/1 192.168.248.254 preference 58

 ip route-static 192.168.251.0 24 GigabitEthernet0/1 192.168.248.254 preference 58

 ip route-static 192.168.255.0 24 192.168.248.254 preference 58

#

 ssh server enable

 ssh server port ****

#

 arp static 192.168.17.80 e0be-032b-2127 description xin guan qu dibang

 arp static 192.168.17.220 f474-88bc-71e6 description fanghuoqiang

#

 ntp-service enable

 ntp-service unicast-server ***.***

 ntp-service unicast-server ***.***

 ntp-service unicast-server ***.***

 ntp-service unicast-server ***.***

 ntp-service unicast-server ***.***

 ntp-service unicast-server ***.***

 ntp-service unicast-server ***.***

#

acl number 2999

 rule 0 permit source 192.168.16.0 0.0.1.255

#

acl advanced name SWXWSGL

 rule 1 permit ip

#

acl advanced name WebHttpHttps3

 rule 65533 permit tcp destination-port eq www

 rule 65534 permit tcp destination-port eq 443

#

acl advanced name WebHttpHttps4

 rule 65533 permit tcp destination-port eq www

 rule 65534 permit tcp destination-port eq 8888

#

acl advanced name WebHttpHttps17413

 rule 65533 permit tcp destination-port eq www

 rule 65534 permit tcp destination-port eq 443

#

acl advanced name WebHttpHttps17415

 rule 65533 permit tcp destination-port eq www

 rule 65534 permit tcp destination-port eq 8888

#

acl advanced name greenChannelAcl_18929

 rule 0 permit tcp destination-port eq ***

 rule 0 comment ***

 rule 1 permit tcp destination-port eq ***

 rule 1 comment ***1

 rule 2 permit tcp destination-port eq ***

 rule 2 comment ***2

 rule 3 permit tcp destination-port eq ***

 rule 3 comment ***3

 rule 4 permit tcp destination-port eq ***

 rule 4 comment ***4

 rule 5 permit tcp destination-port eq ***

 rule 5 comment ***5

 rule 65534 deny ip

#

 password-control enable

 undo password-control aging enable

 undo password-control history enable

 password-control length 6

 password-control update-interval 0

 password-control login idle-time 0

#

domain ipoeenabledomain

 authentication ipoe none

 authorization ipoe none

 accounting ipoe none

#

domain system

#

 domain default enable system

#

role name level-0

 description Predefined level-0 role

#

role name level-1

 description Predefined level-1 role

#

role name level-2

 description Predefined level-2 role

#

role name level-3

 description Predefined level-3 role

#

role name level-4

 description Predefined level-4 role

#

role name level-5

 description Predefined level-5 role

#

role name level-6

 description Predefined level-6 role

#

role name level-7

 description Predefined level-7 role

#

role name level-8

 description Predefined level-8 role

#

role name level-9

 description Predefined level-9 role

#

role name level-10

 description Predefined level-10 role

#

role name level-11

 description Predefined level-11 role

#

role name level-12

 description Predefined level-12 role

#

role name level-13

 description Predefined level-13 role

#

role name level-14

 description Predefined level-14 role

#

user-group system

#

local-user **** class manage

 service-type ftp

 service-type ssh telnet terminal http https

 authorization-attribute user-role network-admin

#

 session statistics enable

#

connection-limit policy 32

#

app-group p2p_13

 description "User-defined application group"

 include application BitTorrent

 include application iQiYiPPS

 include application Letv

 include application TencentVideo

 include application Thunder

 include application XunLeiKanKan

#

app-group p2p_17

 description "User-defined application group"

 include application 56Video

 include application Bilibili

 include application CTCCMusicMenHu

 include application KGeDaRen

 include application MeiLeFM

 include application MiGuMusic

 include application NetEaseVideo

 include application PPTV

 include application QQMusic

 include application SinaVideo

 include application SoHuVideo

 include application SouGouMusic

 include application TuDou

 include application XiaMi

 include application YinYueTai

 include application YouKu

#

app-group p2p_120

 description "User-defined application group"

 include application AndroidMarket

 include application AnZhiMarket

 include application BaiduWenKu

 include application JiFengMarket

 include application OnlineDown

 include application WanDouJia

#

 ip http acl 2999

 ip https port ******

 ip https acl 2999

 ip https enable

#

url-filter policy p2p

 default-action permit logging

#

url-filter category custom severity 65535

#

app-profile p2p

 url-filter apply policy p2p

#

traffic-policy

 rule 1 name p2p_13

  action qos profile p2p_13

  source-address address-set 限速组

  source-zone Trust

  destination-zone Untrust

  application app-group p2p_13

 rule 2 name p2p_17

  action qos profile p2p_17

  source-address address-set 限速组

  source-zone Trust

  destination-zone Untrust

  application app-group p2p_17

 rule 3 name p2p_120

  action qos profile p2p_120

  source-address address-set 限速组

  source-zone Trust

  destination-zone Untrust

  application app-group p2p_120

 profile name p2p_13

  bandwidth downstream maximum 200

  bandwidth upstream maximum 200

 profile name p2p_17

  bandwidth downstream maximum 200

  bandwidth upstream maximum 200

 profile name p2p_120

  bandwidth downstream maximum 100

  bandwidth upstream maximum 100

#

dac storage service traffic limit hold-time 1

dac storage service traffic limit usage 85

#

return