H3C AR18631路由器双网不能成功
- 0关注
- 1收藏,1765浏览
问题描述:
两条线路接入,第一条是专线,第二条是家庭宽带,用宽带路由器连光猫,现在正常情况下连接专线没问题,但一旦专线断开,家庭宽带也不能使用,主要现象就是:能进入宽带路由器,但不能上网。而手机无线连接到宽带路由器后可以连网。
组网及组网描述:
两条线路连接进入H3C AR18631两个端口,AR18631还有一个端口连接H3C S5600交换机,5600交换机再连接各电脑。H3C 路由器配置见附件
- 2019-01-24提问
- 举报
-
(0)
是的,附件内容:
# sysname H3C # local-server nas-ip 127.0.0.1 key huawei # firewall packet-filter enable # radius scheme system # domain system # local-user h3c # detect-group 1 detect-list 1 ip address 218.201.4.3 nexthop 183.230.2.1 timer loop 5 # detect-group 2 detect-list 1 ip address 198.168.20.1 nexthop 198.168.20.1 timer loop 5 # acl number 2000 rule 0 permit source 192.168.0.0 0.0.255.255 # acl number 3000 rule 0 deny tcp source-port eq 3127 rule 1 deny tcp source-port eq 1025 rule 2 deny tcp source-port eq 5554 rule 3 deny tcp source-port eq 9996 rule 4 deny tcp source-port eq 1068 rule 5 deny tcp source-port eq 135 rule 6 deny udp source-port eq 135 rule 7 deny tcp source-port eq 137 rule 8 deny udp source-port eq netbios-ns rule 9 deny tcp source-port eq 138 rule 10 deny udp source-port eq netbios-dgm rule 11 deny tcp source-port eq 139 rule 12 deny udp source-port eq netbios-ssn rule 13 deny tcp source-port eq 593 rule 14 deny tcp source-port eq 4444 rule 15 deny tcp source-port eq 5800 rule 16 deny tcp source-port eq 5900 rule 18 deny tcp source-port eq 8998 rule 19 deny tcp source-port eq 445 rule 20 deny udp source-port eq 445 rule 21 deny udp source-port eq 1434 rule 30 deny tcp destination-port eq 3127 rule 31 deny tcp destination-port eq 1025 rule 32 deny tcp destination-port eq 5554 rule 33 deny tcp destination-port eq 9996 rule 34 deny tcp destination-port eq 1068 rule 35 deny tcp destination-port eq 135 rule 36 deny udp destination-port eq 135 rule 37 deny tcp destination-port eq 137 rule 38 deny udp destination-port eq netbios-ns rule 39 deny tcp destination-port eq 138 rule 40 deny udp destination-port eq netbios-dgm rule 41 deny tcp destination-port eq 139 rule 42 deny udp destination-port eq netbios-ssn rule 43 deny tcp destination-port eq 593 rule 44 deny tcp destination-port eq 4444 rule 45 deny tcp destination-port eq 5800 rule 46 deny tcp destination-port eq 5900 rule 48 deny tcp destination-port eq 8998 rule 49 deny tcp destination-port eq 445 rule 50 deny udp destination-port eq 445 rule 51 deny udp destination-port eq 1434 acl number 3001 rule 0 permit ip source 192.168.0.0 0.0.255.255 rule 1 permit ip destination 192.168.0.0 0.0.255.255 # interface Aux0 async mode flow # interface GigabitEthernet1/0 ip address 183.230.2.21 255.255.255.0 firewall packet-filter 3000 inbound firewall packet-filter 3000 outbound nat outbound 2000 # interface GigabitEthernet2/0 ip address 192.168.100.1 255.255.255.0 firewall packet-filter 3000 inbound firewall packet-filter 3000 outbound # interface GigabitEthernet3/0 standby detect-group 1 ip address 198.168.20.2 255.255.255.0 firewall packet-filter 3000 inbound firewall packet-filter 3000 outbound nat outbound 2000 # interface GigabitEthernet4/0 # interface NULL0 # firewall zone local set priority 100 # firewall zone trust add interface GigabitEthernet2/0 set priority 85 # firewall zone untrust add interface GigabitEthernet1/0 add interface GigabitEthernet3/0 set priority 5 # firewall zone DMZ set priority 50 # ip route-static 0.0.0.0 0.0.0.0 183.230.2.1 preference 60 detect-group 1 ip route-static 0.0.0.0 0.0.0.0 198.168.20.1 preference 60 detect-group 2 ip route-static 192.168.0.0 255.255.0.0 192.168.100.2 preference 60 # user-interface con 0 user-interface aux 0 user-interface vty 0 4 user privilege level 3 # return
- 2019-01-24回答
- 评论(1)
- 举报
-
(0)
上传一下txt文档吧,这个看着太费劲
上传一下txt文档吧,这个看着太费劲
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
是的