问

F1000-AK115

二层转发

2019-09-29提问

1关注
1收藏，1698浏览

周智斌

周智斌零段

粉丝：0人关注：0人

问题描述：

VLAN之间都是正常，1/0/4和1/0/2，端口同段IP不能访问，防火墙到两个端口都正常,端口是不是没有开放不同端口访问？

组网及组网描述：

version 7.1.064, Ess 9514P08
#
sysname H3C
#
context Admin id 1
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
ip unreachables enable
ip ttl-expires enable
#
password-recovery enable
#
vlan 1
#
vlan 6
#
vlan 10
#
interface NULL0
#
interface Vlan-interface6
ip address 172.16.1.254 255.255.255.0
#
interface Vlan-interface10
ip address 192.168.1.254 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-mode route
combo enable fiber
ip address 172.20.140.6 255.255.255.248
nat outbound 2000
nat server global 172.20.140.3 inside 192.168.1.249
nat server global 172.20.140.4 inside 192.168.1.244
nat server global 172.20.140.5 inside 192.168.1.245
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable fiber
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 10
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 6
#
interface GigabitEthernet1/0/4
port link-mode bridge
port access vlan 10
#
interface GigabitEthernet1/0/5
port link-mode bridge
port access vlan 10
#
interface GigabitEthernet1/0/6
port link-mode bridge
port access vlan 10
#
interface GigabitEthernet1/0/7
port link-mode bridge
port access vlan 10
shutdown
#
interface GigabitEthernet1/0/8
port link-mode bridge
#
interface GigabitEthernet1/0/9
port link-mode bridge
#
security-zone name Local
#
security-zone name Trust
import interface Vlan-interface6
import interface Vlan-interface10
#
security-zone name DMZ
#
security-zone name Untrust
import interface GigabitEthernet1/0/0
#
security-zone name Management
#
zone-pair security source Any destination Any
packet-filter 2000
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
authentication-mode scheme
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line con 0
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-admin
#
ip route-static 0.0.0.0 0 172.20.140.1
ip route-static 192.168.0.14 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.0.66 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.0.123 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.0.184 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.0.211 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.0.212 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.0.213 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.0.214 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.0.215 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.14 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.15 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.31 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.61 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.71 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.84 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.97 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.103 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.151 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.165 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.181 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.190 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.233 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.237 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.241 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.242 32 GigabitEthernet1/0/0 172.20.140.1
ip route-static 192.168.1.252 32 GigabitEthernet1/0/0 172.20.140.1
#
ssh server enable
#
acl basic 2000
rule 0 permit
#
domain system
#
aaa session-limit ftp 16
aaa session-limit telnet 16
aaa session-limit ssh 16
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$UbIhNnPevyKUwfpm$LqR3+yg1IjNct39MkOR0H0iQXLkYB3jMqM4vbAeoXOh
babIIFnjJPEGR00YiYA1Sz4LiY3FmEdru2fOLMb1shQ==
service-type ssh telnet terminal https
authorization-attribute user-role level-3
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user legendary class manage
password hash $h$6$Xo+gY1QbiDIDnuOs$jU0ZWrdHsoWTBFkrBhxsyz7d3oAa/3JCJdxwzf+sjJ7
cqjXsUQa94vkGFzf0CftzNbSrb34Ydxt7BS8Drx6pJw==
service-type ssh telnet terminal http https
authorization-attribute work-directory slot1#flash:
authorization-attribute user-role security-audit
#
ip https enable
webui log enable
#
uapp-control
#
security-policy ip
rule 0 name 访问控制
action pass
counting enable
source-zone Local
source-zone Trust
source-zone DMZ
source-zone Untrust
source-zone Management
destination-zone Local
destination-zone Trust
destination-zone DMZ
destination-zone Untrust
destination-zone Management
#
return
<H3C>