问题描述:
1、在同一台MER8300上vlan1网段能上互联网,为啥vlan10网段无法上互联网。且vlan1和vlan10网段下的终端只能ping通对方vlan网关,终端间无法ping通和互访。
2、该设备上的三层接口GigabitEthernet0/2使用了拨号方式上网。
3、二层接口GigabitEthernet2/0默认属于vlan1,二层接口GigabitEthernet2/3属于vlan10。
现在的需求是:让vlan10的终端电脑也能上互联网,而vlan1和vlan10网段的终端可以互通互访。附上该设备的配置信息,请网友帮忙排查下原因,是否有配置不当,现在除了有ip分组和分组限速,也没有其他多余的设置了。
组网及组网描述:
#
version 7.1.064, Release 0809P20
#
sysname H3C
#
clock timezone Beijing add 08:00:00
clock protocol ntp
#
telnet server enable
#
qos carl 1 source-ip-address object-group WIFI组 per-address shared-bandwidth
qos carl 2 destination-ip-address object-group WIFI组 per-address shared-bandwidth
qos carl 3 source-ip-address object-group 财务 per-address shared-bandwidth
qos carl 4 destination-ip-address object-group 财务 per-address shared-bandwidth
qos carl 5 source-ip-address object-group 产品管理 per-address shared-bandwidth
qos carl 6 destination-ip-address object-group 产品管理 per-address shared-bandwidth
qos carl 7 source-ip-address object-group 电气研发 per-address shared-bandwidth
qos carl 8 destination-ip-address object-group 电气研发 per-address shared-bandwidth
qos carl 9 source-ip-address object-group 高管组 per-address shared-bandwidth
qos carl 10 destination-ip-address object-group 高管组 per-address shared-bandwidth
qos carl 11 source-ip-address object-group 核价 per-address shared-bandwidth
qos carl 12 destination-ip-address object-group 核价 per-address shared-bandwidth
qos carl 13 source-ip-address object-group 设备研发 per-address shared-bandwidth
qos carl 14 destination-ip-address object-group 设备研发 per-address shared-bandwidth
qos carl 15 source-ip-address object-group 模具 per-address shared-bandwidth
qos carl 16 destination-ip-address object-group 模具 per-address shared-bandwidth
qos carl 17 source-ip-address object-group 企管 per-address shared-bandwidth
qos carl 18 destination-ip-address object-group 企管 per-address shared-bandwidth
qos carl 19 source-ip-address object-group 生产中心 per-address shared-bandwidth
qos carl 20 destination-ip-address object-group 生产中心 per-address shared-bandwidth
qos carl 21 source-ip-address object-group 营销 per-address shared-bandwidth
qos carl 22 destination-ip-address object-group 营销 per-address shared-bandwidth
qos carl 23 source-ip-address object-group 部门助理 per-address shared-bandwidth
qos carl 24 destination-ip-address object-group 部门助理 per-address shared-bandwidth
#
security-zone intra-zone default permit
#
dialer-group 3 rule ip permit
#
ip load-sharing mode per-flow src-ip global
#
dhcp enable
dhcp server always-broadcast
#
dns proxy enable
#
password-recovery enable
#
vlan 1
#
vlan 2
#
vlan 10
#
object-group ip address WIFI组
description 营销办公室178\营销会议室94\胡志测试用(187、195、241)\1楼大会议室126\原杨总办公室208
0 network host address 192.168.1.178
10 network host address 192.168.1.94
20 network host address 192.168.1.187
30 network host address 192.168.1.195
40 network host address 192.168.1.126
50 network host address 192.168.1.208
60 network host address 192.168.1.241
#
object-group ip address 部门助理
0 network host address 192.168.1.60
10 network host address 192.168.1.120
#
object-group ip address 财务
description 财务\仓库
0 network host address 192.168.1.141
10 network host address 192.168.1.82
20 network host address 192.168.1.20
30 network host address 192.168.1.176
40 network host address 192.168.1.65
50 network host address 192.168.1.140
60 network host address 192.168.1.61
70 network host address 192.168.1.186
80 network host address 192.168.1.92
90 network host address 192.168.1.123
100 network host address 192.168.1.36
110 network host address 192.168.1.17
120 network host address 192.168.1.199
130 network host address 192.168.1.192
140 network host address 192.168.1.98
#
object-group ip address 产品管理
0 network host address 192.168.1.193
10 network host address 192.168.1.238
20 network host address 192.168.1.30
30 network host address 192.168.1.63
40 network host address 192.168.1.38
50 network host address 192.168.1.226
60 network host address 192.168.1.91
70 network host address 192.168.1.77
80 network host address 192.168.1.117
90 network host address 192.168.1.105
100 network host address 192.168.1.224
#
object-group ip address 电气研发
0 network host address 192.168.1.154
10 network host address 192.168.1.148
20 network host address 192.168.1.57
30 network host address 192.168.1.118
40 network host address 192.168.1.133
50 network host address 192.168.1.130
#
object-group ip address 高管组
0 network host address 192.168.1.167
10 network host address 192.168.1.122
20 network host address 192.168.1.56
30 network host address 192.168.1.55
40 network host address 192.168.1.158
50 network host address 192.168.1.166
#
object-group ip address 核价
0 network host address 192.168.1.24
10 network host address 192.168.1.72
20 network host address 192.168.1.132
30 network host address 192.168.1.181
#
object-group ip address 模具
description 模具研发\模具制造
0 network host address 192.168.1.115
10 network host address 192.168.1.165
20 network host address 192.168.1.191
30 network host address 192.168.1.89
40 network host address 192.168.1.139
50 network host address 192.168.1.25
60 network host address 192.168.1.184
70 network host address 192.168.1.136
80 network host address 192.168.1.86
90 network host address 192.168.1.109
100 network host address 192.168.1.26
110 network host address 192.168.1.11
#
object-group ip address 企管
description 企管\会议室
0 network host address 192.168.1.71
10 network host address 192.168.1.143
20 network host address 192.168.1.180
30 network host address 192.168.1.32
40 network host address 192.168.1.28
50 network host address 192.168.1.169
60 network host address 192.168.1.185
70 network host address 192.168.1.175
80 network host address 192.168.1.106
90 network host address 192.168.1.240
100 network host address 192.168.1.138
#
object-group ip address 设备研发
10 network host address 192.168.1.43
20 network host address 192.168.1.46
30 network host address 192.168.1.70
50 network host address 192.168.1.42
60 network host address 192.168.1.85
#
object-group ip address 生产中心
description 机械制造\电气制造\生产工艺\PMC
0 network host address 192.168.1.48
10 network host address 192.168.1.145
20 network host address 192.168.1.146
30 network host address 192.168.1.170
40 network host address 192.168.1.160
50 network host address 192.168.1.95
60 network host address 192.168.1.156
70 network host address 192.168.1.108
80 network host address 192.168.1.23
90 network host address 192.168.1.222
100 network host address 192.168.1.171
110 network host address 192.168.1.172
120 network host address 192.168.1.127
130 network host address 192.168.1.227
140 network host address 192.168.1.16
150 network host address 192.168.1.225
160 network host address 192.168.1.114
170 network host address 192.168.1.116
180 network host address 192.168.1.21
190 network host address 192.168.1.209
200 network host address 192.168.1.239
210 network host address 192.168.1.33
220 network host address 192.168.1.104
230 network host address 192.168.1.76
240 network host address 192.168.1.40
260 network host address 192.168.1.233
270 network host address 192.168.1.3
280 network host address 192.168.1.96
#
object-group ip address 营销
description 销售1部\销售2部\客服部
0 network host address 192.168.1.150
10 network host address 192.168.1.110
20 network host address 192.168.1.111
30 network host address 192.168.1.93
40 network host address 192.168.1.68
50 network host address 192.168.1.152
60 network host address 192.168.1.79
70 network host address 192.168.1.144
80 network host address 192.168.1.119
90 network host address 192.168.1.81
100 network host address 192.168.1.80
110 network host address 192.168.1.129
120 network host address 192.168.1.107
130 network host address 192.168.1.161
140 network host address 192.168.1.159
150 network host address 192.168.1.103
160 network host address 192.168.1.53
170 network host address 192.168.1.34
180 network host address 192.168.1.45
190 network host address 192.168.1.41
200 network host address 192.168.1.163
210 network host address 192.168.1.162
220 network host address 192.168.1.50
230 network host address 192.168.1.37
#
controller Cellular0/0
#
interface Dialer0
mtu 1492
#
interface Dialer2
mtu 1492
ppp chap password cipher **************
ppp chap user ***************
ppp ipcp dns admit-any
ppp ipcp dns request
ppp pap local-user ************** password cipher ******************
dialer bundle enable
dialer-group 3
dialer timer idle 0
dialer timer autodial 5
ip address ppp-negotiate
tcp mss 1280
packet-filter name GigabitEthernet0/2 inbound
qos car inbound carl 2 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass
qos car inbound carl 4 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass
qos car inbound carl 6 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass
qos car inbound carl 8 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass
qos car inbound carl 10 cir 50000 cbs 3125000 ebs 0 green pass red discard yellow pass
qos car inbound carl 12 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass
qos car inbound carl 14 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass
qos car inbound carl 16 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass
qos car inbound carl 18 cir 50000 cbs 3125000 ebs 0 green pass red discard yellow pass
qos car inbound carl 20 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass
qos car inbound carl 22 cir 100000 cbs 6250000 ebs 0 green pass red discard yellow pass
qos car inbound carl 24 cir 10000 cbs 625000 ebs 0 green pass red discard yellow pass
qos car outbound carl 1 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass
qos car outbound carl 3 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass
qos car outbound carl 5 cir 10000 cbs 625000 ebs 0 green pass red discard yellow pass
qos car outbound carl 7 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass
qos car outbound carl 9 cir 5000 cbs 312500 ebs 0 green pass red discard yellow pass
qos car outbound carl 11 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass
qos car outbound carl 13 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass
qos car outbound carl 15 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass
qos car outbound carl 17 cir 5000 cbs 312500 ebs 0 green pass red discard yellow pass
qos car outbound carl 19 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass
qos car outbound carl 21 cir 25000 cbs 1562500 ebs 0 green pass red discard yellow pass
qos car outbound carl 23 cir 2500 cbs 156250 ebs 0 green pass red discard yellow pass
nat outbound
#
interface NULL0
#
interface Vlan-interface1
description LAN-interface
ip address 192.168.1.1 255.255.255.0
tcp mss 1280
undo dhcp select server
#
interface Vlan-interface2
description LAN-interface
ip address 192.168.3.1 255.255.255.0
tcp mss 1280
undo dhcp select server
#
interface Vlan-interface10
description LAN-interface
ip address 192.168.10.1 255.255.255.0
tcp mss 1280
undo dhcp select server
#
interface GigabitEthernet0/0
port link-mode route
description Multiple_Line1
packet-filter name GigabitEthernet0/0 inbound
#
interface GigabitEthernet0/1
port link-mode route
description Multiple_Line2
packet-filter name GigabitEthernet0/1 inbound
#
interface GigabitEthernet0/2
port link-mode route
description Multiple_Line3
combo enable copper
pppoe-client dial-bundle-number 2
#
interface GigabitEthernet0/3
port link-mode route
combo enable copper
#
interface GigabitEthernet0/4
port link-mode route
#
interface GigabitEthernet0/5
port link-mode route
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 to 2
#
interface GigabitEthernet2/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 to 2
#
interface GigabitEthernet2/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 to 2
#
interface GigabitEthernet2/3
port link-mode bridge
port access vlan 10
#
object-policy ip Any-Any
rule 65533 inspect 8048_url_profile_global
rule 65534 pass
#
security-zone name Local
#
security-zone name Trust
import interface Vlan-interface1
#
security-zone name DMZ
#
security-zone name Untrust
import interface Dialer2
import interface GigabitEthernet0/0
import interface GigabitEthernet0/1
#
security-zone name Management
#
zone-pair security source Any destination Any
object-policy apply ip Any-Any
#
zone-pair security source Local destination Trust
packet-filter name SWXWSGL
#
zone-pair security source Local destination Untrust
packet-filter name SWXWSGL
#
zone-pair security source Trust destination Local
packet-filter name SWXWSGL
#
zone-pair security source Untrust destination Local
packet-filter name SWXWSGL
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class usb
user-role network-admin
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 Dialer2
#
ntp-service enable
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
ntp-service unicast-server ***.***
#
acl advanced name GigabitEthernet0/0
rule 15 deny ip source 23.11.202.41 0
rule 15 comment **********联网目标IP01
rule 20 deny ip source 209.235.73.62 0
rule 20 comment **********联网目标IP02
rule 25 deny ip source 69.147.191.222 0
rule 25 comment **********联网目标IP03
rule 30 deny ip source 52.109.76.33 0
rule 30 comment **********联网IP01
#
acl advanced name GigabitEthernet0/1
rule 15 deny ip source 23.11.202.41 0
rule 15 comment **********联网目标IP01
rule 20 deny ip source 209.235.73.62 0
rule 20 comment **********联网目标IP02
rule 25 deny ip source 69.147.191.222 0
rule 25 comment **********联网目标IP03
rule 30 deny ip source 52.109.76.33 0
rule 30 comment **********联网IP01
#
acl advanced name GigabitEthernet0/2
rule 15 deny ip source 23.11.202.41 0
rule 15 comment **********联网目标IP01
rule 20 deny ip source 209.235.73.62 0
rule 20 comment **********联网目标IP02
rule 25 deny ip source 69.147.191.222 0
rule 25 comment **********联网目标IP03
rule 30 deny ip source 52.109.76.33 0
rule 30 comment **********联网IP01
#
acl advanced name SWXWSGL
rule 1 permit ip
#
password-control enable
undo password-control aging enable
undo password-control history enable
password-control length 6
password-control login-attempt 3 exceed lock-time 10
password-control update-interval 0
password-control login idle-time 0
password-control complexity user-name check
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
service-type telnet http https
authorization-attribute user-role network-admin
#
session statistics enable
#
ip http enable
ip https enable
#
url-filter policy 8048_url_profile_global
default-action permit
add blacklist 2 host regex ***.****
add blacklist 3 host regex ***.****
add blacklist 4 host regex ***.****
#
url-filter category custom severity 65535
#
app-profile 8048_url_profile_global
url-filter apply policy 8048_url_profile_global
#
dac storage service traffic limit hold-time 1
#
cloud-management server domain oasis.h3c.com
#
return
- 2022-11-02提问
- 举报
-
(0)
您好,请知:
无法上网,以下是排查要点,请参考:
1、检查路由是否可达。
2、检查NAT转换的ACL中是否包含了所有需要上网的网段。
3、检查终端填写的IP地址、子网掩码、默认网关、DNS是否正确。
- 2022-11-03回答
- 评论(1)
- 举报
-
(0)
但vlan1无做任何nat也可以上互联网了
但vlan1无做任何nat也可以上互联网了
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
vlan10的不能,vlan1的可以