问

H3C交换机 Vlan sub 部分网段无法通信

VLAN

2023-12-19提问

0关注
0收藏，1047浏览

zhiliao_X6QydE

zhiliao_X6QydE 零段

粉丝：0人关注：0人

问题描述：

交换机一直正常运行在调试网络安全设备后突然Vlan sub间设备无法通信但是PCpingSUB网关都可以通，网段原来接的设备无法通讯。

系统发现人员定位基站全部离线（基站使用网段为 172.168.36.1/24和172.168.37.1/24）

操作员站（IP为172.168.167.240）ping172.168.36.2（前端某站IP）发现不通

操作员站ping172.168.36.1（网关地址）发现可以通信

外接一台笔记本地址设为172.168.36.2 发现可以ping通网关，可以ping通172.168.167.2（某台服务器地址）无法ping通操作员站

笔记本IP设为172.168.167.3可以ping通操作员站和服务器并且所有网关都能ping通

故障之前所有地址能互通，故障后设备无法跨网段访问设备，但是能跨网段ping通设备网关。

现在运行的安全设备为病毒网关和防火墙

安全设备是接在串接在核心和出口对端路由器直接

核心至防病毒网关至防火墙至对方路由器防病毒网关和防火墙不处理内部本身数据只防护对端与内网的通信

组网及组网描述：

核心交换机配置如下

<SWA>display current-configuration

version 7.1.070, Release 6312P01

sysname SWA

clock timezone Beijing add 08:00:00

clock protocol ntp

telnet server enable

irf mac-address persistent timer

irf auto-update enable

undo irf link-delay

irf member 1 priority 32

irf member 2 priority 31

irf member 3 priority 30

irf member 1 description SWA

irf member 2 description SWB

irf member 3 description SWC

dhcp enable

dhcp relay client-information record

dhcp snooping enable

mirroring-group 1 local

lldp global enable

loopback-detection global enable vlan 1 to 4094

loopback-detection interval-time 60

password-recovery enable

vlan 1

vlan 166#设备互联vlan

description

vlan 2000#设备业务vlan

irf-port 1/1

port group interface Ten-GigabitEthernet1/0/27

irf-port 1/2

port group interface Ten-GigabitEthernet1/0/28

irf-port 2/1

port group interface Ten-GigabitEthernet2/0/27

irf-port 2/2

port group interface Ten-GigabitEthernet2/0/28

irf-port 3/1

port group interface Ten-GigabitEthernet3/0/27

irf-port 3/2

port group interface Ten-GigabitEthernet3/0/28

stp bpdu-protection

stp global enable

interface Bridge-Aggregation1

description DS-AS80624S 172.168.167.10

port access vlan 2000

link-aggregation mode dynamic

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface Bridge-Aggregation2

description DS-A72024R 172.168.167.14

port access vlan 2000

interface Bridge-Aggregation3

description DS-A80648S 172.168.167.11

port access vlan 2000

mirroring-group 1 mirroring-port both

interface Bridge-Aggregation5

description TO IPC-FW

port access vlan 166

mirroring-group 1 mirroring-port both

interface Bridge-Aggregation166

port link-type trunk

port trunk permit vlan all

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface NULL0

interface Vlan-interface166

ip address 172.168.166.1 255.255.255.0

undo dhcp select server

interface Vlan-interface2000

ip address 172.168.167.1 255.255.255.0

ip address 172.168.36.1 255.255.255.0 sub

ip address 172.168.37.1 255.255.255.0 sub

ip address 172.168.38.1 255.255.255.0 sub

ip address 172.168.39.1 255.255.255.0 sub

ip address 172.168.40.1 255.255.255.0 sub

ip address 172.168.41.1 255.255.255.0 sub

ip address 172.168.42.1 255.255.255.0 sub

ip address 172.168.43.1 255.255.255.0 sub

ip address 172.168.44.1 255.255.255.0 sub

ip address 172.168.45.1 255.255.255.0 sub

ip address 172.168.46.1 255.255.255.0 sub

ip address 172.168.47.1 255.255.255.0 sub

ip address 172.168.168.1 255.255.255.0 sub

ip address 172.168.169.1 255.255.255.0 sub

ip address 172.168.170.1 255.255.255.0 sub

ip address 172.168.171.1 255.255.255.0 sub

ip address 172.168.172.1 255.255.255.0 sub

ip address 172.168.173.1 255.255.255.0 sub

ip address 172.168.174.1 255.255.255.0 sub

ip address 172.168.175.1 255.255.255.0 sub

ip address 172.168.176.1 255.255.255.0 sub

ip address 172.168.177.1 255.255.255.0 sub

ip address 172.168.178.1 255.255.255.0 sub

ip address 172.168.179.1 255.255.255.0 sub

ip address 172.168.180.1 255.255.255.0 sub

interface GigabitEthernet1/0/1

port link-mode bridge

description DS-AS80624S 172.168.167.10 LAN1

port access vlan 2000

mirroring-group 1 mirroring-port both

port link-aggregation group 1

dhcp snooping binding record

interface GigabitEthernet1/0/2

port link-mode bridge

description DS-A72024R 172.168.167.14

port access vlan 2000

mirroring-group 1 mirroring-port both

port link-aggregation group 3

dhcp snooping binding record

interface GigabitEthernet1/0/3

port link-mode bridge

port access vlan 166

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/4

port link-mode bridge

port access vlan 166

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/5

port link-mode bridge

description HIK-CVR-48-LAN1

port access vlan 166

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/6

port link-mode bridge

port access vlan 166

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/7

port link-mode bridge

port access vlan 166

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/8

port link-mode bridge

port access vlan 166

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/9

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/10

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/11

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/12

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/13

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/14

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/15

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/16

port link-mode bridge

port access vlan 2000

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/17

port link-mode bridge

description TO ¥

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/18

port link-mode bridge

description TO 4

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/19

port link-mode bridge

description TO

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/20

port link-mode bridge

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/21

port link-mode bridge

port link-type trunk

port trunk permit vlan 1

port trunk pvid vlan 166

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet1/0/22

port link-mode bridge

combo enable auto

mirroring-group 1 monitor-port

dhcp snooping binding record

interface GigabitEthernet1/0/23

port link-mode bridge

description TO ShuMeiPiDai

combo enable auto

mirroring-group 1 mirroring-port both

interface GigabitEthernet1/0/24

port link-mode bridge

description TO ǽ22

port access vlan 166

combo enable auto

mirroring-group 1 mirroring-port both

port link-aggregation group 5

dhcp snooping binding record

interface GigabitEthernet2/0/1

port link-mode bridge

description DS-AS80624S 172.168.167.10 LAN2

port access vlan 2000

mirroring-group 1 mirroring-port both

port link-aggregation group 1

dhcp snooping binding record

interface GigabitEthernet2/0/2

port link-mode bridge

description TO DS-A72024R 172.168.167.14

port access vlan 2000

mirroring-group 1 mirroring-port both

port link-aggregation group 3

dhcp snooping binding record

interface GigabitEthernet2/0/3

port link-mode bridge

description DS-A80648S 172.168.167.11

port access vlan 2000

mirroring-group 1 mirroring-port both

port link-aggregation group 2

interface GigabitEthernet2/0/4

port link-mode bridge

description DS-A80648S 172.168.167.11

port access vlan 2000

mirroring-group 1 mirroring-port both

port link-aggregation group 2

interface GigabitEthernet2/0/5

port link-mode bridge

description HIK-CVR-48-LAN2

port access vlan 2000

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/6

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/7

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/8

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/9

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/10

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/11

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/12

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/13

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/14

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/15

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/16

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/17

port link-mode bridge

description TO 4-2

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/18

port link-mode bridge

description TO 4

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/19

port link-mode bridge

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/20

port link-mode bridge

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/21

port link-mode bridge

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/22

port link-mode bridge

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/23

port link-mode bridge

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet2/0/24

port link-mode bridge

description TOǽ23

port access vlan 166

combo enable auto

mirroring-group 1 mirroring-port both

port link-aggregation group 5

dhcp snooping binding record

interface GigabitEthernet3/0/1

port link-mode bridge

description DS-AS80624S 172.168.167.10 LAN3

port access vlan 2000

mirroring-group 1 mirroring-port both

port link-aggregation group 1

dhcp snooping binding record

interface GigabitEthernet3/0/2

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/3

port link-mode bridge

description to shipingxunjian

port access vlan 2000

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/4

port link-mode bridge

description to shipingxunjian

port access vlan 166

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/5

port link-mode bridge

port access vlan 166

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/6

port link-mode bridge

port access vlan 2000

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/7

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/8

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/9

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/10

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/11

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/12

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/13

port link-mode bridge

port access vlan 2000

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/14

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/15

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/16

port link-mode bridge

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/17

port link-mode bridge

description TO 3690V-2

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/18

port link-mode bridge

description TO GIS

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/19

port link-mode bridge

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/20

port link-mode bridge

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 2 to 4094

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/21

port link-mode bridge

description TO HIK-DS-SAC100-A2

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/22

port link-mode bridge

description TO 3Fruodianjifang

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/23

port link-mode bridge

description TO 10

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface GigabitEthernet3/0/24

port link-mode bridge

description TO TEG1118P-SFP1

port access vlan 2000

combo enable auto

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface M-GigabitEthernet0/0/0

ip address 192.168.168.1 255.255.255.0

undo dhcp select server

interface Ten-GigabitEthernet1/0/25

port link-mode bridge

port access vlan 2000

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface Ten-GigabitEthernet1/0/26

port link-mode bridge

port access vlan 2000

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface Ten-GigabitEthernet2/0/25

port link-mode bridge

port access vlan 2000

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface Ten-GigabitEthernet2/0/26

port link-mode bridge

port access vlan 2000

mirroring-group 1 mirroring-port both

dhcp snooping binding record

interface Ten-GigabitEthernet3/0/25

port link-mode bridge

description To HIK-23

port link-type trunk

port trunk permit vlan all

mirroring-group 1 mirroring-port both

port link-aggregation group 166

dhcp snooping binding record

interface Ten-GigabitEthernet3/0/26

port link-mode bridge

description To HIK-24

port link-type trunk

port trunk permit vlan all

mirroring-group 1 mirroring-port both

port link-aggregation group 166

dhcp snooping binding record

interface Ten-GigabitEthernet1/0/27

description TO H3C-2-28

interface Ten-GigabitEthernet1/0/28

description TO H3C-3-27

interface Ten-GigabitEthernet2/0/27

description TO H3C-3-28

interface Ten-GigabitEthernet2/0/28

description TO H3C-1-27

interface Ten-GigabitEthernet3/0/27

description TO H3C-1-28

interface Ten-GigabitEthernet3/0/28

description TO H3C-2-27

scheduler logfile size 16

line class aux

user-role network-admin

line class usb

user-role network-admin

line class vty

user-role network-operator

line aux 0 2

authentication-mode scheme

user-role network-admin

line vty 0 4

authentication-mode scheme

user-role network-operator

line vty 5 63

user-role network-operator

ip route-static 0.0.0.0 0 172.168.166.5

ntp-service enable

ntp-service unicast-server 172.168.167.2

sntp unicast-server 172.168.167.2

radius scheme system

user-name-format without-domain

domain system

domain default enable system

role name level-0

description Predefined level-0 role

role name level-1

description Predefined level-1 role

role name level-2

description Predefined level-2 role

role name level-3

description Predefined level-3 role

role name level-4

description Predefined level-4 role

role name level-5

description Predefined level-5 role

role name level-6

description Predefined level-6 role

role name level-7

description Predefined level-7 role

role name level-8

description Predefined level-8 role

role name level-9

description Predefined level-9 role

role name level-10

description Predefined level-10 role

role name level-11

description Predefined level-11 role

role name level-12

description Predefined level-12 role

role name level-13

description Predefined level-13 role

role name level-14

description Predefined level-14 role

user-group system

local-user admin class manage

password hash $h$6$gtqWP3PHPwXoh9r/$sBV6z1n9LFM/+PGGNFZwJm63jhSAU+pcFCkxSDM71coXixpXGRqXvfDCd+uCvGxpP+MVVtTIF/KeKPbnNMI9wg==

service-type ftp

service-type telnet http https pad ssh terminal

authorization-attribute user-role level-15

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

ip http enable

cloud-management server domain oasis.h3c.com

return

接入交换机配置

[HIK]display current-configuration

version 7.1.070, Release 6328

sysname HIK

clock timezone Beijing add 08:00:00

clock protocol ntp

telnet server enable

irf mac-address persistent timer

irf auto-update enable

undo irf link-delay

irf member 1 priority 1

lldp global enable

loopback-detection global enable vlan 1 to 4094

loopback-detection interval-time 60

flow-interval 5

password-recovery enable

vlan 1

vlan 166

vlan 2000

stp global enable

interface Bridge-Aggregation166

port link-type trunk

port trunk permit vlan all

interface NULL0

interface Vlan-interface166

ip address 172.168.166.3 255.255.255.0

interface FortyGigE1/0/25

port link-mode bridge

interface FortyGigE1/0/26

port link-mode bridge

interface M-GigabitEthernet0/0/0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

description TOȼ

port access vlan 2000

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/3

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/4

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/5

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/6

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/7

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/8

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/9

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/10

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/11

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/12

port link-mode bridge

description TO 5FK

port access vlan 2000

interface Ten-GigabitEthernet1/0/13

port link-mode bridge

description TO 3690V

port access vlan 2000

interface Ten-GigabitEthernet1/0/14

port link-mode bridge

description TO 3690V

port access vlan 2000

interface Ten-GigabitEthernet1/0/15

port link-mode bridge

description TO 3

port access vlan 2000

interface Ten-GigabitEthernet1/0/16

port link-mode bridge

description TO

port access vlan 2000

interface Ten-GigabitEthernet1/0/17

port link-mode bridge

description TO 3MCC¥

port access vlan 2000

interface Ten-GigabitEthernet1/0/18

port link-mode bridge

port access vlan 2000

interface Ten-GigabitEthernet1/0/19

port link-mode bridge

description To ͨ6

port access vlan 2000

interface Ten-GigabitEthernet1/0/20

port link-mode bridge

description TO4¥

port access vlan 2000

interface Ten-GigabitEthernet1/0/21

port link-mode bridge

description TO 3׽ port access vlan 2000

interface Ten-GigabitEthernet1/0/22

port link-mode bridge

description TO 3¯

port access vlan 2000

interface Ten-GigabitEthernet1/0/23

port link-mode bridge

description TO H3C-3-25

port link-type trunk

port trunk permit vlan all

port link-aggregation group 166

interface Ten-GigabitEthernet1/0/24

port link-mode bridge

description TO H3C-3-26

port link-type trunk

port trunk permit vlan all

port link-aggregation group 166

scheduler logfile size 16

line class aux

user-role network-admin

line class usb

user-role network-admin

line class vty

user-role network-operator

line aux 0

authentication-mode scheme

user-role network-admin

line vty 0 4

authentication-mode scheme

user-role network-operator

line vty 5 63

user-role network-operator

ip route-static 0.0.0.0 0 172.168.166.1

ntp-service enable

ntp-service source Vlan-interface166

ntp-service unicast-peer 172.168.167.2

radius scheme system

user-name-format without-domain

domain system

domain default enable system

role name level-0

description Predefined level-0 role

role name level-1

description Predefined level-1 role

role name level-2

description Predefined level-2 role

role name level-3

description Predefined level-3 role

role name level-4

description Predefined level-4 role

role name level-5

description Predefined level-5 role

role name level-6

description Predefined level-6 role

role name level-7

description Predefined level-7 role

role name level-8

description Predefined level-8 role

role name level-9

description Predefined level-9 role

role name level-10

description Predefined level-10 role

role name level-11

description Predefined level-11 role

role name level-12

description Predefined level-12 role

role name level-13

description Predefined level-13 role

role name level-14

description Predefined level-14 role

user-group system

local-user admin class manage

password hash $h$6$71hbGxLzrjcRXBXq$QvSJOUsVBhFITnw620oqjSU1+8PilekSDUUl7aRr6FpcgEFWD4+p0suGvHiw9fTF1JefTadvEmDDMaVZecuk4g==

service-type telnet http https terminal

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

ip http enable

return

最佳答案

奥德彪

奥德彪五段

粉丝：1人关注：1人

看配置应该没有什么问题，正常内网互访的流量会经过网络安全设备吗，如果经过的话可以看下网络安全设备是否有限制阻拦

正常内网之间的数据流量不过防火墙和防病毒网关，内网旁路部署过一台准入设备，怀疑是准入的问题，但是把准入的网线全部断开问题依旧。现在想知道到底是交换机配置的提还是网络安全设备在阻拦数据包

zhiliao_X6QydE 发表时间：2023-12-19

可以镜像抓包看下有没有交换机有没有转发出去，目前看配置就基本的配置

奥德彪发表时间：2023-12-19

我在两台交换机上查了设备的mac 两台设备都查不到设备的mac

zhiliao_X6QydE 发表时间：2023-12-19

在电脑上Tracert对端地址第一跳都无法到达网关

zhiliao_X6QydE 发表时间：2023-12-19

你自己都说了“交换机一直正常运行在调试网络安全设备后突然Vlan sub间设备无法通信 ” 实在不行做个流量统计看下交换机本身有没有转发出去

奥德彪发表时间：2023-12-19

1 个回答

按时间按赞数

zhiliao_2vo4OE

zhiliao_2vo4OE 二段

粉丝：0人关注：0人

终端有没有防火墙，有的话关一下试试

编辑答案

分享扩散:

➤

网站相关: 关于我们; 服务条款; 帮助中心; 经验与权限; 积分规则

联系我们: 联系我们; 建议反馈

常用链接: 标杆的神器下载

关注我们: H3C官网; 新华三服务公众号; 安仔远程运维服务; 新华三商城

内容许可: 除特别说明外，用户内容均可采用知识共享署名-相同方式共享3.0中国大陆许可协议进行许可

本图标版权归新华三集团所有，仅限本社区使用，切勿用做商业目的，违者必究

浙ICP备09064986号-1 浙公网安备 33010802004416号

✖

亲~登录后才可以操作哦!

确定

✖

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

✖

你的邮箱还未认证，请认证邮箱或绑定手机后进行当前操作

✖

侵犯我的权益 >

对根叔社区有害的内容 >

辱骂、歧视、挑衅等（不友善）

侵犯我的权益

泄露了我的隐私 >

侵犯了我企业的权益 >

抄袭了我的内容 >

诽谤我 >

辱骂、歧视、挑衅等（不友善）

骚扰我

泄露了我的隐私

您好，当您发现根叔知了上有泄漏您隐私的内容时，您可以向根叔知了进行举报。请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱，我们会尽快处理。

1. 您认为哪些内容泄露了您的隐私？（请在邮件中列出您举报的内容、链接地址，并给出简短的说明）
2. 您是谁？（身份证明材料，可以是身份证或护照等证件）

侵犯了我企业的权益

您好，当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时，您可以向根叔知了进行举报。请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱，我们会在审核后尽快给您答复。

1. 您举报的内容是什么？（请在邮件中列出您举报的内容和链接地址）
2. 您是谁？（身份证明材料，可以是身份证或护照等证件）
3. 是哪家企业？（营业执照，单位登记证明等证件）
4. 您与该企业的关系是？（您是企业法人或被授权人，需提供企业委托授权书）

我们认为知名企业应该坦然接受公众讨论，对于答案中不准确的部分，我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

原文链接或出处

诽谤我

您好，当您发现根叔知了上有诽谤您的内容时，您可以向根叔知了进行举报。请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱，我们会尽快处理。

1. 您举报的内容以及侵犯了您什么权益？（请在邮件中列出您举报的内容、链接地址，并给出简短的说明）
2. 您是谁？（身份证明材料，可以是身份证或护照等证件）

我们认为知名企业应该坦然接受公众讨论，对于答案中不准确的部分，我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

垃圾广告信息

色情、暴力、血腥等违反法律法规的内容

政治敏感

不规范转载 >

辱骂、歧视、挑衅等（不友善）

骚扰我

诱导投票

不规范转载

举报说明

产品线		搜索取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式	默认策略匹配全词匹配整句

H3C交换机 Vlan sub 部分网段无法通信

问题描述：

组网及组网描述：

编辑答案

提出建议