• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

MSR830-6EI VLAN无法互访

2023-12-22提问
  • 0关注
  • 0收藏,393浏览
守丶护
守丶护 零段
粉丝:0人 关注:0人

问题描述:

路由器的2个LAN口配置了2个vlan 但是VLAN之间不能互访

组网及组网描述:

  1. #
  2. version 7.1.064, Release 6728P25
  3. #
  4. sysname H3C
  5. #
  6. clock timezone Beijing add 08:00:00
  7. clock protocol ntp
  8. #
  9. wlan global-configuration
  10. #
  11. undo resource-monitor output syslog snmp-notification netconf-event
  12. #
  13. qos carl 1 source-ip-address object-group connlimitObjGrp_47106 per-address shared-bandwidth
  14. qos carl 2 destination-ip-address object-group connlimitObjGrp_47106 per-address shared-bandwidth
  15. #
  16. security-zone intra-zone default permit
  17. #
  18. security-policy disable
  19. #
  20. ip pool l2tp1 192.168.10.10 192.168.10.15 
  21. #
  22. dialer-group 89 rule ip permit
  23. #
  24. ip load-sharing mode per-flow src-ip global
  25. #
  26. dhcp enable
  27. dhcp server always-broadcast
  28. #
  29. dns proxy enable
  30. #
  31. system-working-mode standard
  32. password-recovery enable
  33. #
  34. vlan 1
  35. #
  36. vlan 10
  37. #
  38. object-group ip address 192.168.0.120
  39. 0 network host address 192.168.0.120
  40. #
  41. object-group ip address connlimitObjGrp_47106
  42. 0 network range 192.168.0.2 192.168.0.255
  43. 0 network exclude 192.168.0.130
  44. 0 network exclude 192.168.0.102
  45. #
  46. dhcp server ip-pool lan1
  47. gateway-list 192.168.0.1
  48. network 192.168.0.0 mask 255.255.255.0
  49. address range 192.168.0.100 192.168.0.254
  50. dns-list 192.168.0.1
  51. forbidden-ip-range 192.168.0.1 192.168.0.1
  52. #
  53. dhcp server ip-pool vlan-interface10
  54. gateway-list 192.168.100.1
  55. network 192.168.100.0 mask 255.255.255.0
  56. address range 192.168.100.100 192.168.100.254
  57. dns-list 202.98.0.68 202.98.5.68
  58. forbidden-ip-range 192.168.100.1 192.168.100.1
  59. #
  60. ddns policy WAN0(GE0)
  61. url ***.***
  62. username needle
  63. password cipher $c$3$ZOEm9qJBY/7H4/DW05cvarNmFs2oPDVQiX6M
  64. interval 0 0 1
  65. #
  66. nqa entry ge0/1 1
  67. type icmp-echo
  68.   destination ip 8.8.8.8
  69.   frequency 10000
  70.   out interface GigabitEthernet0/1 
  71.   probe timeout 1000
  72.   reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
  73. #
  74. nqa schedule ge0/1 1 start-time now lifetime forever
  75. #
  76. apn-profile profile69
  77. apn dynamic
  78. #
  79. interface Dialer0
  80. #
  81. interface Dialer2
  82. #
  83. interface Dialer3
  84. #
  85. interface Dialer4
  86. #
  87. interface Dialer5
  88. #
  89. interface Dialer6
  90. #
  91. interface Dialer7
  92. #
  93. interface Dialer8
  94. #
  95. interface Dialer1023
  96. #
  97. interface Virtual-Template1
  98. ppp authentication-mode chap 
  99. remote address pool l2tp1 
  100. ppp account-statistics enable
  101. ip address 192.168.10.1 255.255.255.0
  102. #
  103. interface NULL0
  104. #
  105. interface Vlan-interface1
  106. description LAN-interface
  107. ip address 192.168.0.1 255.255.255.0
  108. tcp mss 1280
  109. ip subscriber l2-connected enable
  110. ip subscriber initiator dhcp enable
  111. ip subscriber initiator unclassified-ip enable
  112. ip subscriber dhcp domain ipoeenabledomain
  113. ip subscriber unclassified-ip domain ipoeenabledomain
  114. #
  115. interface Vlan-interface10
  116. description LAN-interface
  117. ip address 192.168.100.1 255.255.255.0
  118. tcp mss 1280
  119. #
  120. interface GigabitEthernet0/0
  121. port link-mode route
  122. description Single_Line1
  123. ip address 192.168.1.200 255.255.255.0
  124. dns server 114.114.114.114
  125. dns server 202.98.0.68
  126. tcp mss 1280
  127. qos car inbound carl 2 cir 400000 cbs 25000000 ebs 0 green pass red discard yellow pass
  128. qos car outbound carl 1 cir 400000 cbs 25000000 ebs 0 green pass red discard yellow pass
  129. nat outbound
  130. nat server protocol tcp global current-interface 1935 inside 192.168.0.253 1935 description RTMP
  131. nat server protocol udp global current-interface 5000 5005 inside 192.168.0.102 5000 5005 description SRT2
  132. nat server protocol udp global current-interface 9000 9005 inside 192.168.0.199 9000 9005 description SRT
  133. attack-defense apply policy AtkInterface2
  134. ddns apply policy WAN0(GE0) fqdn ***.***
  135. #
  136. interface GigabitEthernet0/1
  137. port link-mode route
  138. #
  139. interface GigabitEthernet0/2
  140. port link-mode bridge
  141. port link-type trunk
  142. port trunk permit vlan 1
  143. #
  144. interface GigabitEthernet0/3
  145. port link-mode bridge
  146. port link-type trunk
  147. port trunk permit vlan 1
  148. #
  149. interface GigabitEthernet0/4
  150. port link-mode bridge
  151. port link-type trunk
  152. undo port trunk permit vlan 1
  153. port trunk permit vlan 10
  154. port trunk pvid vlan 10
  155. #
  156. interface GigabitEthernet0/5
  157. port link-mode bridge
  158. port link-type trunk
  159. undo port trunk permit vlan 1
  160. port trunk permit vlan 10
  161. port trunk pvid vlan 10
  162. #
  163. object-policy ip Any-Any
  164. rule 65533 inspect 8048_url_profile_global disable
  165. rule 65534 pass
  166. #
  167. security-zone name Local
  168. #
  169. security-zone name Trust
  170. #
  171. security-zone name DMZ
  172. #
  173. security-zone name Untrust
  174. #
  175. security-zone name Management
  176. #
  177. zone-pair security source Any destination Any
  178. object-policy apply ip Any-Any
  179. #
  180. zone-pair security source Local destination Trust
  181. packet-filter name SWXWSGL
  182. #
  183. zone-pair security source Local destination Untrust
  184. packet-filter name SWXWSGL
  185. #
  186. zone-pair security source Trust destination Local
  187. packet-filter name SWXWSGL
  188. #
  189. zone-pair security source Untrust destination Local
  190. packet-filter name SWXWSGL
  191. #
  192. scheduler logfile size 16
  193. #
  194. line class console
  195. user-role network-admin
  196. #
  197. line class tty
  198. user-role network-operator
  199. #
  200. line class vty
  201. user-role network-operator
  202. #
  203. line con 0
  204. user-role network-admin
  205. #
  206. line vty 0 63
  207. authentication-mode scheme
  208. user-role network-operator
  209. #
  210. ip route-static 0.0.0.0 0 GigabitEthernet0/0 192.168.1.1
  211. ip route-static 8.8.8.8 32 GigabitEthernet0/0 192.168.1.1
  212. #
  213. info-center loghost 127.0.0.1 port 3301
  214. info-center source CFGLOG loghost level informational
  215. #
  216. performance-management
  217. #
  218. ntp-service enable
  219. ntp-service unicast-server ***.***
  220. ntp-service unicast-server ***.***
  221. ntp-service unicast-server ***.***
  222. ntp-service unicast-server ***.***
  223. ntp-service unicast-server ***.***
  224. ntp-service unicast-server ***.***
  225. ntp-service unicast-server ***.***
  226. #
  227. acl basic name connlimitAcl_47106_ip
  228. rule 65534 permit source object-group connlimitObjGrp_47106
  229. #
  230. acl advanced name SWXWSGL
  231. rule 1 permit ip
  232. #
  233. acl advanced name connlimitAcl_47106_tcp
  234. rule 65534 permit tcp source object-group connlimitObjGrp_47106
  235. #
  236. acl advanced name connlimitAcl_47106_udp
  237. rule 65534 permit udp source object-group connlimitObjGrp_47106
  238. #
  239. acl mac 4999
  240. rule 5 permit
  241. #
  242. password-control enable 
  243. undo password-control aging enable 
  244. undo password-control history enable 
  245. password-control length 6
  246. password-control login-attempt 3 exceed lock-time 10
  247. password-control update-interval 0
  248. password-control login idle-time 0
  249. #
  250. domain ipoeenabledomain
  251. authorization-attribute idle-cut 5 1
  252. authentication ipoe none
  253. authorization ipoe none
  254. accounting ipoe none
  255. #
  256. domain system
  257. #
  258. domain default enable system
  259. #
  260. role name level-0
  261. description Predefined level-0 role
  262. #
  263. role name level-1
  264. description Predefined level-1 role
  265. #
  266. role name level-2
  267. description Predefined level-2 role
  268. #
  269. role name level-3
  270. description Predefined level-3 role
  271. #
  272. role name level-4
  273. description Predefined level-4 role
  274. #
  275. role name level-5
  276. description Predefined level-5 role
  277. #
  278. role name level-6
  279. description Predefined level-6 role
  280. #
  281. role name level-7
  282. description Predefined level-7 role
  283. #
  284. role name level-8
  285. description Predefined level-8 role
  286. #
  287. role name level-9
  288. description Predefined level-9 role
  289. #
  290. role name level-10
  291. description Predefined level-10 role
  292. #
  293. role name level-11
  294. description Predefined level-11 role
  295. #
  296. role name level-12
  297. description Predefined level-12 role
  298. #
  299. role name level-13
  300. description Predefined level-13 role
  301. #
  302. role name level-14
  303. description Predefined level-14 role
  304. #
  305. user-group system
  306. #
  307. local-user admin class manage
  308. service-type telnet http https
  309. authorization-attribute user-role network-admin
  310. #
  311. local-user tmrm class network
  312. password cipher $c$3$v6zu1KLMFWUNZWOUY2EODWPA7h7PO5UqtSx+6gg5Hg==
  313. service-type ppp
  314. authorization-attribute user-role network-operator
  315. #
  316. security-enhanced level 1
  317. #
  318. session statistics enable
  319. #
  320. connection-limit apply global policy 32
  321. #
  322. connection-limit policy 32
  323. limit 1 acl name connlimitAcl_47106_tcp per-source amount 2000 1999 
  324. limit 2 acl name connlimitAcl_47106_udp per-source amount 2000 1999 
  325. limit 3 acl name connlimitAcl_47106_ip per-source amount 2000 1999 
  326. #
  327. l2tp-group 1 mode lns
  328. allow l2tp virtual-template 1
  329. tunnel name TMRM
  330. tunnel password cipher $c$3$Zhh/8kXs9i1WSqDSXk7RUPQiR0HCjbQwa01N
  331. #
  332. l2tp enable
  333. #
  334. ip http enable
  335. ip https enable
  336. web new-style
  337. #
  338. attack-defense policy AtkInterface2
  339. scan detect level high action logging
  340. syn-flood detect non-specific
  341. syn-flood action logging drop 
  342. udp-flood detect non-specific
  343. udp-flood action logging drop 
  344. icmp-flood detect non-specific
  345. icmp-flood action logging drop 
  346. signature detect smurf action drop logging
  347. signature detect large-icmp action drop logging
  348. signature detect large-icmpv6 action drop logging
  349. signature detect tcp-invalid-flags action drop logging
  350. signature detect tcp-null-flag action drop logging
  351. signature detect tcp-all-flags action drop logging
  352. signature detect tcp-syn-fin action drop logging
  353. signature detect tcp-fin-only action drop logging
  354. signature detect land action drop logging
  355. signature detect winnuke action drop logging
  356. signature detect fraggle action drop logging
  357. signature detect ip-option record-route action drop logging
  358. signature detect ip-option strict-source-routing action drop logging
  359. signature detect icmp-type destination-unreachable action drop logging
  360. signature detect icmp-type redirect action drop logging
  361. #
  362. url-filter category custom severity 65535
  363. #
  364. wlan ap-group default-group
  365. vlan 1
  366. #
  367. traffic-policy 
  368. rule 1 name web_AppTraffRank 
  369.   application app http 
  370. #
  371. dac log-collect service dpi traffic enable
  372. dac traffic-statistic application enable
  373. #
  374. dac storage service dpi traffic limit hold-time 1
  375. dac storage service traffic limit hold-time 1
  376. #
  377. cloud-management server domain cloudnet.h3c.com
  378. #
  379. return
  380.  

最佳答案

zhiliao_sEUyB
zhiliao_sEUyB 九段
粉丝:119人 关注:8人

都UP,不通的话 那就是不支持二层,用子接口的方式试试


暂无评论

2 个回答
按时间 按赞数
jaceyjc
jaceyjc 七段
粉丝:12人 关注:1人

是固定二层口还是 三层口切成二层口?后者不支持

暂无评论

得闲饮酒725
得闲饮酒725 九段
粉丝:19人 关注:9人

您好,请知:

VLAN间无法互访,以下是排查要点,请参考:

1、检查VLAN是否已划分到端口,且端口是否UP。

2、检查终端是否填写了正确的IP地址、子网掩码、默认网管。

3、检查终端是否关闭了系统防火墙。

4、如果还不行,可尝试使用子接口的方式来实现看下。


暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +
网站相关
关于我们
服务条款
帮助中心
经验与权限
积分规则
联系我们
联系我们
建议反馈
常用链接
标杆的神器下载
关注我们
H3C官网
新华三服务公众号
安仔远程运维服务
新华三商城
内容许可
除特别说明外,用户内容均可采用知识共享署名-相同方式共享3.0中国大陆许可协议进行许可

Copyright©2024新华三集团保留一切权利 当前呈现版本 NO.1

本图标版权归新华三集团所有,仅限本社区使用,切勿用做商业目的,违者必究

浙ICP备09064986号-1   浙公网安备 33010802004416号

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明