MER5200
- 0关注
- 0收藏,1223浏览
问题描述:
最外层路由器是MER5200。机器1.2是服务器,交换机1.2是傻瓜
所有设备都能通路由器
但3.4.5和1.2不能互访问是什么问题
组网及组网描述:
#
version 7.1.064, Release 0821P10
#
sysname H3C
#
clock timezone Lisbon add 00:00:00
clock protocol ntp
#
telnet server enable
#
security-zone intra-zone default permit
#
dialer-group 1 rule ip permit
#
ip load-sharing mode per-flow src-ip global
#
nat alg rsh
#
dhcp enable
dhcp server always-broadcast
#
dns proxy enable
#
lldp global enable
#
password-recovery enable
#
vlan 1
#
object-group ip address group1
#
dhcp server ip-pool lan1
gateway-list 10.10.10.1
network 10.10.10.0 mask 255.255.255.0
address range 10.10.10.0 10.10.10.255
dns-list 223.5.5.5 202.101.172.47
forbidden-ip-range 10.10.10.1 10.10.10.1
forbidden-ip-range 10.10.10.10 10.10.10.11
forbidden-ip-range 10.10.10.19 10.10.10.29
forbidden-ip-range 10.10.10.191 10.10.10.198
#
controller Cellular0/0
#
interface Dialer0
mtu 1492
ppp chap password cipher $c$3$yfm2SD2iPdK9116zu0LkNUMfjJLhEDQF
ppp chap user 057108697861
ppp ipcp dns admit-any
ppp ipcp dns request
ppp pap local-user 057108697861 password cipher $c$3$7W7r5DRWHyUaXtnGnVL2g/69UL8eMgDu
dialer bundle enable
dialer-group 1
dialer timer idle 0
dialer timer autodial 5
ip address ppp-negotiate
tcp mss 1280
packet-filter name GigabitEthernet0/0 inbound
packet-filter name WebHttpHttps17414 inbound
nat outbound
nat server protocol tcp global current-interface 1723 inside 10.10.10.10 1723
nat server protocol tcp global current-interface 10132 inside 10.10.10.132 22
nat server protocol tcp global current-interface 10140 inside 10.10.10.140 22
nat server protocol tcp global current-interface 10141 inside 10.10.10.141 22
nat server protocol tcp global current-interface 10142 inside 10.10.10.142 22
nat server protocol tcp global current-interface 10143 inside 10.10.10.143 22
nat server protocol tcp global current-interface 10168 inside 10.10.10.168 22
nat server protocol tcp global current-interface 10169 inside 10.10.10.169 22
nat server protocol tcp global current-interface 10201 inside 10.10.10.201 22
nat server protocol tcp global current-interface 10202 inside 10.10.10.202 22
nat server protocol tcp global current-interface 11132 inside 10.10.10.132 80
nat server protocol tcp global current-interface 11142 inside 10.10.10.142 80
nat server protocol tcp global current-interface 11143 inside 10.10.10.143 81
nat server protocol tcp global current-interface 11144 inside 10.10.10.143 80
nat server protocol tcp global current-interface 11161 inside 10.10.10.161 3000
nat server protocol tcp global current-interface 11200 inside 10.10.10.200 80
nat server protocol tcp global current-interface 11201 inside 10.10.10.201 80
nat server protocol tcp global current-interface 11202 inside 10.10.10.202 80
nat server protocol tcp global current-interface 17010 inside 10.10.10.200 22
nat server protocol tcp global current-interface 17020 inside 10.10.10.145 22
nat server protocol tcp global current-interface 17320 17333 inside 10.10.10.168 3320 3333
nat server protocol tcp global current-interface 17627 inside 10.10.10.108 22
nat server protocol tcp global current-interface 23306 inside 10.10.10.142 3306
nat server protocol tcp global current-interface 25672 inside 10.10.10.142 5672
nat server protocol tcp global current-interface 26379 inside 10.10.10.142 6379
nat server protocol tcp global current-interface 29200 inside 10.10.10.142 9200
nat server protocol tcp global current-interface 29906 inside 10.10.10.166 9906
nat server protocol tcp global current-interface 30880 inside 10.10.10.157 30880
nat server protocol tcp global current-interface 31766 inside 10.10.10.159 31766
nat server protocol tcp global current-interface 57762 inside 10.10.10.108 80
#
interface NULL0
#
interface Vlan-interface1
description LAN-interface
ip address 10.10.10.1 255.255.255.0
tcp mss 1280
packet-filter name WebTelnet17413 inbound
packet-filter name Vlan-interface1 inbound
nat hairpin enable
#
interface GigabitEthernet0/0
port link-mode route
description Single_Line1
combo enable copper
arp max-learning-num 0
packet-filter name WebTelnet3 inbound
pppoe-client dial-bundle-number 0
#
interface GigabitEthernet0/1
port link-mode route
#
interface GigabitEthernet0/2
port link-mode bridge
#
interface GigabitEthernet0/3
port link-mode bridge
#
interface GigabitEthernet0/4
port link-mode bridge
#
interface GigabitEthernet0/5
port link-mode bridge
#
security-zone name Local
#
security-zone name Trust
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 Dialer0
#
info-center loghost 127.0.0.1 port 3301
info-center source CFGLOG loghost level informational
#
time-range all111 00:00 to 24:00 daily
#
ntp-service enable
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
#
acl advanced name GigabitEthernet0/0
rule 0 permit ip time-range all111
#
acl advanced name Vlan-interface1
rule 0 permit ip time-range all111
#
acl advanced name WebHttpHttps17414
rule 65533 deny tcp destination-port eq www
rule 65534 deny tcp destination-port eq 443
#
acl advanced name WebTelnet3
rule 0 permit tcp source 10.10.10.10 0 destination-port eq telnet
rule 65533 permit tcp destination-port eq telnet
#
acl advanced name WebTelnet17413
rule 0 permit tcp source 10.10.10.10 0 destination-port eq telnet
rule 65533 permit tcp destination-port eq telnet
#
password-control enable
undo password-control aging enable
undo password-control history enable
password-control length 6
password-control login-attempt 3 exceed lock-time 10
password-control update-interval 0
password-control login idle-time 0
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
service-type ftp
service-type ssh telnet terminal http https
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
session statistics enable
#
ip http enable
ip https enable
#
url-filter category custom severity 65535
#
dac log-collect service dpi traffic enable
#
dac storage service dpi traffic limit hold-time 1
dac storage service traffic limit hold-time 1
#
cloud-management server domain cloudnet.h3c.com
#
return
- 2022-10-13提问
- 举报
-
(0)
最佳答案
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论