H3C MER8300 在MER8300上vlan1网段能上互联网，vlan10网段无法上互联网

1、在同一台MER8300上vlan1网段能上互联网，为啥vlan10网段无法上互联网。且vlan1和vlan10网段下的终端只能ping通对方vlan网关，终端间无法ping通和互访。

2、该设备上的三层接口GigabitEthernet0/2使用了拨号方式上网。

3、二层接口GigabitEthernet2/0默认属于vlan1，二层接口GigabitEthernet2/3属于vlan10。

现在的需求是：让vlan10的终端电脑也能上互联网，而vlan1和vlan10网段的终端可以互通互访。附上该设备的配置信息，请网友帮忙排查下原因，是否有配置不当，现在除了有ip分组和分组限速，也没有其他多余的设置了。

#

version 7.1.064, Release 0809P20

#

sysname H3C

#

clock timezone Beijing add 08:00:00

clock protocol ntp

#

telnet server enable

#

qos carl 1 source-ip-address object-group WIFI组 per-address shared-bandwidth

qos carl 2 destination-ip-address object-group WIFI组 per-address shared-bandwidth

qos carl 3 source-ip-address object-group 财务 per-address shared-bandwidth

qos carl 4 destination-ip-address object-group 财务 per-address shared-bandwidth

qos carl 5 source-ip-address object-group 产品管理 per-address shared-bandwidth

qos carl 6 destination-ip-address object-group 产品管理 per-address shared-bandwidth

qos carl 7 source-ip-address object-group 电气研发 per-address shared-bandwidth

qos carl 8 destination-ip-address object-group 电气研发 per-address shared-bandwidth

qos carl 9 source-ip-address object-group 高管组 per-address shared-bandwidth

qos carl 10 destination-ip-address object-group 高管组 per-address shared-bandwidth

qos carl 11 source-ip-address object-group 核价 per-address shared-bandwidth

qos carl 12 destination-ip-address object-group 核价 per-address shared-bandwidth

qos carl 13 source-ip-address object-group 设备研发 per-address shared-bandwidth

qos carl 14 destination-ip-address object-group 设备研发 per-address shared-bandwidth

qos carl 15 source-ip-address object-group 模具 per-address shared-bandwidth

qos carl 16 destination-ip-address object-group 模具 per-address shared-bandwidth

qos carl 17 source-ip-address object-group 企管 per-address shared-bandwidth

qos carl 18 destination-ip-address object-group 企管 per-address shared-bandwidth

qos carl 19 source-ip-address object-group 生产中心 per-address shared-bandwidth

qos carl 20 destination-ip-address object-group 生产中心 per-address shared-bandwidth

qos carl 21 source-ip-address object-group 营销 per-address shared-bandwidth

qos carl 22 destination-ip-address object-group 营销 per-address shared-bandwidth

qos carl 23 source-ip-address object-group 部门助理 per-address shared-bandwidth

qos carl 24 destination-ip-address object-group 部门助理 per-address shared-bandwidth

#

security-zone intra-zone default permit

#

dialer-group 3 rule ip permit

#

ip load-sharing mode per-flow src-ip global

#

dhcp enable

dhcp server always-broadcast

#

dns proxy enable

#

password-recovery enable

#

vlan 1

#

vlan 2

#

vlan 10

#

object-group ip address WIFI组

description 营销办公室178\营销会议室94\胡志测试用(187、195、241)\1楼大会议室126\原杨总办公室208

0 network host address 192.168.1.178

10 network host address 192.168.1.94

20 network host address 192.168.1.187

30 network host address 192.168.1.195

40 network host address 192.168.1.126

50 network host address 192.168.1.208

60 network host address 192.168.1.241

#

object-group ip address 部门助理

0 network host address 192.168.1.60

10 network host address 192.168.1.120

#

object-group ip address 财务

description 财务\仓库

0 network host address 192.168.1.141

10 network host address 192.168.1.82

20 network host address 192.168.1.20

30 network host address 192.168.1.176

40 network host address 192.168.1.65

50 network host address 192.168.1.140

60 network host address 192.168.1.61

70 network host address 192.168.1.186

80 network host address 192.168.1.92

90 network host address 192.168.1.123

100 network host address 192.168.1.36

110 network host address 192.168.1.17

120 network host address 192.168.1.199

130 network host address 192.168.1.192

140 network host address 192.168.1.98

#

object-group ip address 产品管理

0 network host address 192.168.1.193

10 network host address 192.168.1.238

20 network host address 192.168.1.30

30 network host address 192.168.1.63

40 network host address 192.168.1.38

50 network host address 192.168.1.226

60 network host address 192.168.1.91

70 network host address 192.168.1.77

80 network host address 192.168.1.117

90 network host address 192.168.1.105

100 network host address 192.168.1.224

#

object-group ip address 电气研发

0 network host address 192.168.1.154

10 network host address 192.168.1.148

20 network host address 192.168.1.57

30 network host address 192.168.1.118

40 network host address 192.168.1.133

50 network host address 192.168.1.130

#

object-group ip address 高管组

0 network host address 192.168.1.167

10 network host address 192.168.1.122

20 network host address 192.168.1.56

30 network host address 192.168.1.55

40 network host address 192.168.1.158

50 network host address 192.168.1.166

#

object-group ip address 核价

0 network host address 192.168.1.24

10 network host address 192.168.1.72

20 network host address 192.168.1.132

30 network host address 192.168.1.181

#

object-group ip address 模具

description 模具研发\模具制造

0 network host address 192.168.1.115

10 network host address 192.168.1.165

20 network host address 192.168.1.191

30 network host address 192.168.1.89

40 network host address 192.168.1.139

50 network host address 192.168.1.25

60 network host address 192.168.1.184

70 network host address 192.168.1.136

80 network host address 192.168.1.86

90 network host address 192.168.1.109

100 network host address 192.168.1.26

110 network host address 192.168.1.11

#

object-group ip address 企管

description 企管\会议室

0 network host address 192.168.1.71

10 network host address 192.168.1.143

20 network host address 192.168.1.180

30 network host address 192.168.1.32

40 network host address 192.168.1.28

50 network host address 192.168.1.169

60 network host address 192.168.1.185

70 network host address 192.168.1.175

80 network host address 192.168.1.106

90 network host address 192.168.1.240

100 network host address 192.168.1.138

#

object-group ip address 设备研发

10 network host address 192.168.1.43

20 network host address 192.168.1.46

30 network host address 192.168.1.70

50 network host address 192.168.1.42

60 network host address 192.168.1.85

#

object-group ip address 生产中心

description 机械制造\电气制造\生产工艺\PMC

0 network host address 192.168.1.48

10 network host address 192.168.1.145

20 network host address 192.168.1.146

30 network host address 192.168.1.170

40 network host address 192.168.1.160

50 network host address 192.168.1.95

60 network host address 192.168.1.156

70 network host address 192.168.1.108

80 network host address 192.168.1.23

90 network host address 192.168.1.222

100 network host address 192.168.1.171

110 network host address 192.168.1.172

120 network host address 192.168.1.127

130 network host address 192.168.1.227

140 network host address 192.168.1.16

150 network host address 192.168.1.225

160 network host address 192.168.1.114

170 network host address 192.168.1.116

180 network host address 192.168.1.21

190 network host address 192.168.1.209

200 network host address 192.168.1.239

210 network host address 192.168.1.33

220 network host address 192.168.1.104

230 network host address 192.168.1.76

240 network host address 192.168.1.40

260 network host address 192.168.1.233

270 network host address 192.168.1.3

280 network host address 192.168.1.96

#

object-group ip address 营销

description 销售1部\销售2部\客服部

0 network host address 192.168.1.150

10 network host address 192.168.1.110

20 network host address 192.168.1.111

30 network host address 192.168.1.93

40 network host address 192.168.1.68

50 network host address 192.168.1.152

60 network host address 192.168.1.79

70 network host address 192.168.1.144

80 network host address 192.168.1.119

90 network host address 192.168.1.81

100 network host address 192.168.1.80

110 network host address 192.168.1.129

120 network host address 192.168.1.107

130 network host address 192.168.1.161

140 network host address 192.168.1.159

150 network host address 192.168.1.103

160 network host address 192.168.1.53

170 network host address 192.168.1.34

180 network host address 192.168.1.45

190 network host address 192.168.1.41

200 network host address 192.168.1.163

210 network host address 192.168.1.162

220 network host address 192.168.1.50

230 network host address 192.168.1.37

#

controller Cellular0/0

#

interface Dialer0

mtu 1492

#

interface Dialer2

mtu 1492

ppp chap password cipher **************

ppp chap user ***************

ppp ipcp dns admit-any

ppp ipcp dns request

ppp pap local-user ************** password cipher ******************

dialer bundle enable

dialer-group 3

dialer timer idle 0

dialer timer autodial 5

ip address ppp-negotiate

tcp mss 1280

packet-filter name GigabitEthernet0/2 inbound

qos car inbound carl 2 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass

qos car inbound carl 4 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass

qos car inbound carl 6 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass

qos car inbound carl 8 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass

qos car inbound carl 10 cir 50000 cbs 3125000 ebs 0 green pass red discard yellow pass

qos car inbound carl 12 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass

qos car inbound carl 14 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass

qos car inbound carl 16 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass

qos car inbound carl 18 cir 50000 cbs 3125000 ebs 0 green pass red discard yellow pass

qos car inbound carl 20 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass

qos car inbound carl 22 cir 100000 cbs 6250000 ebs 0 green pass red discard yellow pass

qos car inbound carl 24 cir 10000 cbs 625000 ebs 0 green pass red discard yellow pass

qos car outbound carl 1 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass

qos car outbound carl 3 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass

qos car outbound carl 5 cir 10000 cbs 625000 ebs 0 green pass red discard yellow pass

qos car outbound carl 7 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass

qos car outbound carl 9 cir 5000 cbs 312500 ebs 0 green pass red discard yellow pass

qos car outbound carl 11 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass

qos car outbound carl 13 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass

qos car outbound carl 15 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass

qos car outbound carl 17 cir 5000 cbs 312500 ebs 0 green pass red discard yellow pass

qos car outbound carl 19 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass

qos car outbound carl 21 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass

qos car outbound carl 23 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass

nat outbound

#

interface NULL0

#

interface Vlan-interface1

description LAN-interface

ip address 192.168.1.1 255.255.255.0

tcp mss 1280

undo dhcp select server

#

interface Vlan-interface2

description LAN-interface

ip address 192.168.3.1 255.255.255.0

tcp mss 1280

undo dhcp select server

#

interface Vlan-interface10

description LAN-interface

ip address 192.168.10.1 255.255.255.0

tcp mss 1280

undo dhcp select server

#

interface GigabitEthernet0/0

port link-mode route

description Multiple_Line1

packet-filter name GigabitEthernet0/0 inbound

#

interface GigabitEthernet0/1

port link-mode route

description Multiple_Line2

packet-filter name GigabitEthernet0/1 inbound

#

interface GigabitEthernet0/2

port link-mode route

description Multiple_Line3

combo enable copper

pppoe-client dial-bundle-number 2

#

interface GigabitEthernet0/3

port link-mode route

combo enable copper

#

interface GigabitEthernet0/4

port link-mode route

#

interface GigabitEthernet0/5

port link-mode route

#

interface GigabitEthernet2/0

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

#

interface GigabitEthernet2/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

#

interface GigabitEthernet2/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

#

interface GigabitEthernet2/3

port link-mode bridge

port access vlan 10

#

object-policy ip Any-Any

rule 65533 inspect 8048_url_profile_global

rule 65534 pass

#

security-zone name Local

#

security-zone name Trust

import interface Vlan-interface1

#

security-zone name DMZ

#

security-zone name Untrust

import interface Dialer2

import interface GigabitEthernet0/0

import interface GigabitEthernet0/1

#

security-zone name Management

#

zone-pair security source Any destination Any

object-policy apply ip Any-Any

#

zone-pair security source Local destination Trust

packet-filter name SWXWSGL

#

zone-pair security source Local destination Untrust

packet-filter name SWXWSGL

#

zone-pair security source Trust destination Local

packet-filter name SWXWSGL

#

zone-pair security source Untrust destination Local

packet-filter name SWXWSGL

#

scheduler logfile size 16

#

line class console

user-role network-admin

#

line class tty

user-role network-operator

#

line class usb

user-role network-admin

#

line class vty

user-role network-operator

#

line con 0

user-role network-admin

#

line vty 0 63

authentication-mode scheme

user-role network-operator

#

ip route-static 0.0.0.0 0 Dialer2

#

ntp-service enable

ntp-service unicast-server ***.***

ntp-service unicast-server ***.***

ntp-service unicast-server ***.***

ntp-service unicast-server ***.***

ntp-service unicast-server ***.***

ntp-service unicast-server ***.***

ntp-service unicast-server ***.***

#

acl advanced name GigabitEthernet0/0

rule 15 deny ip source 23.11.202.41 0

rule 15 comment **********联网目标IP01

rule 20 deny ip source 209.235.73.62 0

rule 20 comment **********联网目标IP02

rule 25 deny ip source 69.147.191.222 0

rule 25 comment **********联网目标IP03

rule 30 deny ip source 52.109.76.33 0

rule 30 comment **********联网IP01

#

acl advanced name GigabitEthernet0/1

rule 15 deny ip source 23.11.202.41 0

rule 15 comment **********联网目标IP01

rule 20 deny ip source 209.235.73.62 0

rule 20 comment **********联网目标IP02

rule 25 deny ip source 69.147.191.222 0

rule 25 comment **********联网目标IP03

rule 30 deny ip source 52.109.76.33 0

rule 30 comment **********联网IP01

#

acl advanced name GigabitEthernet0/2

rule 15 deny ip source 23.11.202.41 0

rule 15 comment **********联网目标IP01

rule 20 deny ip source 209.235.73.62 0

rule 20 comment **********联网目标IP02

rule 25 deny ip source 69.147.191.222 0

rule 25 comment **********联网目标IP03

rule 30 deny ip source 52.109.76.33 0

rule 30 comment **********联网IP01

#

acl advanced name SWXWSGL

rule 1 permit ip

#

password-control enable

undo password-control aging enable

undo password-control history enable

password-control length 6

password-control login-attempt 3 exceed lock-time 10

password-control update-interval 0

password-control login idle-time 0

password-control complexity user-name check

#

domain system

#

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

service-type telnet http https

authorization-attribute user-role network-admin

#

session statistics enable

#

ip http enable

ip https enable

#

url-filter policy 8048_url_profile_global

default-action permit

add blacklist 2 host regex ***.****

add blacklist 3 host regex ***.****

add blacklist 4 host regex ***.****

#

url-filter category custom severity 65535

#

app-profile 8048_url_profile_global

url-filter apply policy 8048_url_profile_global

#

dac storage service traffic limit hold-time 1

#

cloud-management server domain oasis.h3c.com

#

return