问

F1000-E-SI

其他

2020-06-24提问

0关注
1收藏，916浏览

zhiliao_SC2UPm

zhiliao_SC2UPm 零段

粉丝：0人关注：0人

问题描述：

2个外网端口电信和联通，光猫近端无丢包，单独插上联通无丢包，插上电信丢包，单独插上电信也丢包，配置如下 [F1000-E-SI]dis cur # version 5.20, Release 3733 # sysname F1000-E-SI # undo voice vlan mac-address 00e0-bb00-0000 # interzone policy default by-priority # domain default enable system # telnet server enable # ip ttl-expires enable ip unreachables enable # undo alg dns undo alg rtsp undo alg h323 undo alg sip undo alg sqlnet undo alg pptp undo alg ils undo alg nbt undo alg msn undo alg qq undo alg tftp undo alg sccp undo alg gtp # session synchronization enable # password-recovery enable # acl number 2000 rule 1 permit source 10.32.2.0 0.0.0.255 rule 3 permit source 10.34.101.0 0.0.0.255 rule 4 permit source 10.34.112.0 0.0.7.255 rule 5 permit source 10.34.102.0 0.0.0.255 rule 6 permit source 10.34.105.0 0.0.0.255 rule 7 permit source 10.34.103.0 0.0.0.255 rule 8 permit source 192.168.0.0 0.0.31.255 acl number 2102 rule 1 permit source 10.32.2.0 0.0.0.255 rule 4 permit source 10.34.112.0 0.0.7.255 rule 5 permit source 10.34.102.0 0.0.0.255 rule 7 permit source 10.34.103.0 0.0.0.255 rule 8 permit source 192.168.0.0 0.0.31.255 acl number 2202 rule 3 permit source 10.34.101.0 0.0.0.255 rule 6 permit source 10.34.105.0 0.0.0.255 # vlan 1 # domain system access-limit disable state active idle-cut disable self-service-url disable # pki domain default crl check disable # policy-based-route dianxin permit node 1 if-match acl 2102 apply ip-address next-hop 121.18.106.129 policy-based-route dianxin permit node 2 if-match acl 2202 apply ip-address next-hop 222.222.177.193 # user-group system group-attribute allow-guest # local-user ad password cipher $c$3$bAe9ChYGQUrFEuEZr+mZ68lbG1nz7wgMvI13vyQ= local-user admin password cipher $c$3$INrQX/bs18iuIT2fGGe+IS/D8q/oDv59FicfApA= authorization-attribute level 3 service-type telnet service-type ftp service-type web # interface NULL0 # interface GigabitEthernet0/0 port link-mode route ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet0/1 port link-mode route description link-7503-g0/0/28 ip address 10.34.109.253 255.255.255.0 ip policy-based-route dianxin # interface GigabitEthernet0/2 port link-mode route description link-liantong nat outbound 2000 ip address 121.18.106.130 255.255.255.248 ip address 121.18.106.131 255.255.255.248 sub # interface GigabitEthernet0/3 port link-mode route nat outbound 2000 ip address 222.222.177.219 255.255.255.192 # interface GigabitEthernet0/4 port link-mode route # interface GigabitEthernet0/5 port link-mode route # interface GigabitEthernet0/6 port link-mode route # interface GigabitEthernet0/7 port link-mode route # interface GigabitEthernet0/8 port link-mode route # interface GigabitEthernet0/9 port link-mode route # interface GigabitEthernet0/10 port link-mode route # interface GigabitEthernet0/11 port link-mode route # vd Root id 1 # zone name Management id 0 priority 100 import interface GigabitEthernet0/0 zone name Local id 1 priority 100 zone name Trust id 2 priority 85 import interface GigabitEthernet0/1 zone name DMZ id 3 priority 50 zone name Untrust id 4 priority 5 import interface GigabitEthernet0/2 import interface GigabitEthernet0/3 switchto vd Root zone name Management id 0 ip virtual-reassembly zone name Local id 1 ip virtual-reassembly zone name Trust id 2 ip virtual-reassembly zone name DMZ id 3 ip virtual-reassembly zone name Untrust id 4 ip virtual-reassembly # ip route-static 0.0.0.0 0.0.0.0 222.222.177.193 ip route-static 0.0.0.0 0.0.0.0 121.18.106.129 ip route-static 10.32.2.0 255.255.255.0 10.34.109.254 ip route-static 10.34.101.0 255.255.255.0 10.34.109.254 ip route-static 10.34.102.0 255.255.255.0 10.34.109.254 ip route-static 10.34.103.0 255.255.255.0 10.34.109.254 ip route-static 10.34.112.0 255.255.248.0 10.34.109.254 ip route-static 192.168.0.0 255.255.224.0 10.34.109.254 # load xml-configuration # load tr069-configuration # user-interface con 0 user-interface vty 0 4 authentication-mode scheme protocol inbound telnet # return [F1000-E-SI]