来源:蜘蛛抓取(WebSpider)
时间:2018-08-20 12:52
标签:
外网访问交换机加路由内网服务器
S5720划分了vlan学不到路由,ping不通外网为什么?
最新回复: 17:41:45
求助帖:&(未解决)
路由器IP:192.168.1.254交换机上联vlan1:192.168.1.252交换机vlan10:192.168.20.1公司S5720划分vlan后主机无法ping通路由器,可以ping通vlan1:192.168.1.252。想问下这是什么原因,静态路由和路由器上的回程路由都写了的。同样的配置我在模拟器上完全能通,就是在机器上跑不通。这问题困扰我几天了。今天突然想起看哈路由表,结果发现交换机根本没学到到下面vlan10的路由,这是为什么?交换机路由表:[HUAWEI]dis ip routing-table Route Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public
Destinations : 5
Routes : 5
Destination/Mask
Flags NextHop
192.168.1.254
127.0.0.0/8
InLoopBack0
127.0.0.1/32
InLoopBack0
192.168.1.0/24
192.168.1.252
192.168.1.252/32
Vlanif1模拟器交换机路由表:[Huawei]dis ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public
Destinations : 9
Routes : 9
Destination/Mask
Flags NextHop
192.168.1.254
127.0.0.0/8
InLoopBack0
127.0.0.1/32
InLoopBack0
192.168.1.0/24
192.168.1.252
192.168.1.252/32
192.168.10.0/24
192.168.10.1
192.168.10.1/32
192.168.20.0/24
192.168.20.1
192.168.20.1/32
Vlanif20这应该是交换机这边的问题了吧?请问为啥学不到路由?
请帖出你的配置!!!
天地生人,生一人应有一人之业
人生在世,在一日当尽一日之勤
[HUAWEI]dis cu
!Software Version V200R008C00SPC500 # sysname HUAWEI # vlan batch 10 # dhcp enable # ip pool vlan10-pool gateway-list 192.168.20.1 network 192.168.20.0 mask 255.255.255.0 dns-list 192.168.1.254 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password irreversible-cipher %^%#~WZ7Z3~3b'o#h)=}kPy"&pFzWF!.dGxD/&1{/"(J9vY`X8vna&3wAs";%nRP%^%# local-user admin service-type http # interface Vlanif1 ip address 192.168.1.252 255.255.255.0 #
interface Vlanif10 ip address 192.168.20.1 255.255.255.0 dhcp select global # interface MEth0/0/1 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 port link-type access port default vlan 10 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 #
interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 #
interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 port link-type access # interface GigabitEthernet0/0/25 # interface GigabitEthernet0/0/26 # interface GigabitEthernet0/0/27 # interface GigabitEthernet0/0/28 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 192.168.1.254 # user-interface con 0 authentication-mode password set authentication password cipher $1a$h_oF&c-VO9$E=S&!&2Asnd*.$X^r!1dA]AGMw06PgsdCotr:8$ user-interface vty 0 4 user-interface vty 16 20 # return [HUAWEI]路由器路由配置: 序号 目的地址 子网掩码 下一跳 出接口 状态 备注 设置1 192.168.10.0 255.255.255.0 192.168.1.252 LAN 已启用 --- 2 192.168.20.0 255.255.255.0 192.168.1.252 LAN 已启用 --- 3 192.168.30.0 255.255.255.0 192.168.1.252 LAN 已启用 --- 4 192.168.40.0 255.255.255.0 192.168.1.252 LAN 已启用 ---
请帖出你的配置!!!
贴了,配置应该没毛病
把与路由器互联接口,更改为trunk 模式
把与路由器互联接口,更改为trunk 模式
兄弟,感觉不是这个原因。我还是改成TRUNK了。还是不行啊,ping不通254
对了,这个路由表我接设备看了,是学到了的。。那是什么原因导致不能上网啊?各位大神帮帮忙啊,谢谢!
* 是否包含第三方商业秘密:
第三方商业秘密
第三方商业秘密是指第三方不为公众所知悉、具有商业价值并经权利人采取保密措施的技术信息和经营信息,包括但不限于:产品的价格信息、路标规划、商务授权、核心算法和源代码等。如有疑问,请联系:e.(各社区公共邮箱)。
如果附件按钮无法使用,请将Adobe Flash Player 更新到最新版本!
`@trans`drinking_poetry`~trans`
`@trans`drinking_poetry_des`~trans`
`@trans`skilled_person`~trans`
`@trans`skilled_person_des`~trans`
`@trans`future_star`~trans`
`@trans`future_star_des`~trans`ping服务器的ip不通是怎么回事
[问题点数:80分]
本版专家分:0
CSDN今日推荐
本版专家分:0
本版专家分:0
本版专家分:0
匿名用户不能发表回复!
其他相关推荐为什么不同网段从DHCP获取的可以ping通,静态设置的ping不通
Released on :
Latest reply: 23:07:29
Help Card:&(problem unresolve)
本帖最后由 wzgeda 于
19:17 编辑
比如两个机子不同网段都是通过DHCP分配的地址为:A:192.168.1.5
B:192.168.2.10这两台电脑可以互相ping的通,但是一旦我把其中一台的IP手动设置就ping不通了,比如我把A手动设置成192.168.1.5那么B就ping不通A了这两个网段是从华为路由器的两个LAN口下来的
convention:
direct elevator
Released on
你是否没有设置网关,不然不会的
convention:
Released on
你是否没有设置网关,不然不会的
设置了网关 不知是不是BUG
convention:
Released on
是不是做了dhcp动态绑定表,到自己的网关是否ping通
convention:
Released on
是不是做了dhcp动态绑定表,到自己的网关是否ping通
跨网段访问互访只要是DHCP分配的电脑都OK,但是只要是手动设置了IP的都不行了,也不是IP冲突。DHCP的绑定表我只做了几个 不过不是那台手动的设置了IP的电脑,包括打印机也是。同网段没这种问题。我在想是不是BUG,因为华三的路由同样的设置可以。
convention:
Released on
设置了网关 不知是不是BUG
模拟器的话是有可能的
convention:
* Including Third Party’s Trade Secret or No:
Third Party’s Trade Secret
Third Party’s Trade Secret refers to Third Party’s (other than Huawei’s) technical or commercial information which is unknown to the public, with commercial value, and kept confidential by Third Party. It may include without limitation Price Information, Roadmap, Commercial Authorization, Core Algorithm and Source Code. Should you have any questions, please contact e..
If the attachment button is not available, update the Adobe Flash Player to the latest version!
`@trans`bright_future`~trans`
`@trans`bright_future_des`~trans`从外网ping联通公网地址不通。内网出站出不行。
Released on :
Latest reply: 14:01:15
如图。。默认安全策略也已经放行。
注!!用家用路由器试过公网地址没有问题。具体配置, dns
transparent-proxy
GigabitEthernet1/0/5
58.20.127.170
GigabitEthernet1/0/3
58.20.127.170
58.20.127.238
transparent-proxy
58.20.127.170
transparent-proxy
58.20.127.238#pki
certificate
access-control-policy
license-server
sdplsp.huawei.com#
user-manage
web-authentication
user-manage
single-sign-on
user-manage
portal-template
portalpassword-policy
highpage-setting
user-manage
packet-filter
basic-protocol
web-manager
cipher-suit
high-strength
web-manager
web-manager
web-manager
factory-configuration
rbl-filter
time-range
period-range
working-day#interface
GigabitEthernet0/0/0
192.168.0.1
255.255.255.0
192.168.0.1
192.168.0.254
service-manage
service-manage
service-manage
service-manage
service-manage
service-manage
flow-statistic
source-detect
alert-rate
100#interface
GigabitEthernet1/0/0
service-manage
enable#interface
GigabitEthernet1/0/1
218.77.83.38
255.255.255.0
service-manage
enable#interface
GigabitEthernet1/0/2
255.255.255.248
service-manage
service-manage
service-manage
service-manage
service-manage
permit#interface
GigabitEthernet1/0/3
192.168.99.101
255.255.255.0
service-manage
192.168.99.1#interface
GigabitEthernet1/0/4#interface
GigabitEthernet1/0/5
10010 联通
42.49.84.93
255.255.255.0
service-manage
service-manage
service-manage
service-manage
service-manage
service-manage
ip gateway 42.49.84.1#interface
NULL0#firewall
100#firewall
GigabitEthernet0/0/0
GigabitEthernet1/0/0
GigabitEthernet1/0/1
GigabitEthernet1/0/2
GigabitEthernet1/0/3
GigabitEthernet1/0/5#firewall
5#firewall
authentication-scheme
authentication-scheme
admin_local
authentication-scheme
admin_radius_local
authentication-scheme
admin_hwtacacs_local
authentication-scheme
admin_ad_local
authentication-scheme
admin_ldap_local
authentication-scheme
admin_radius
authentication-scheme
admin_hwtacacs
authentication-scheme
authentication-scheme
admin_ldap
authentication-scheme
admin_securid
authentication-scheme
admin_securid_local
authorization-scheme
accounting-scheme
manager-user
password-modify
manager-user
audit-admin
%@%@UxmN6,xRWNB=J|WHg#V%\B90SU&!~YBu,-)IZmK#3}D"4H~:%@%@
service-type
authentication-type
service-type
manager-user
%@%@zQ|K0u_:~~.OH-DPzL{+KG&5K,5:VE0q|7|k9W-jv,t/qMD~%@%@
service-type
ftp-directory
authentication-type
service-type
service-type
internet-access
current-domain
deny-authentication
system-admin
description
system-adminrole
device-admin
description
device-adminrole
device-admin(monitor)
description
device-admin(monitor)role
audit-admin
description
audit-admin
manager-user
audit-admin
audit-admin#nqa-jitter
tag-version
route-static
GigabitEthernet1/0/1
218.77.83.1
route-static
255.255.0.0
GigabitEthernet1/0/2
china-mobile.csv
china-unicom.csv
china-telecom.csv
educationnet"
educationnet"
china-educationnet.csv#user-interface
authentication-mode
aaauser-interface
authentication-mode
slb#right-manager
server-group#sa#
address-group
10.10.0.0#location#agile-network#api#device-classification
device-group
device-group
mobile-terminal
device-group
undefined-group#security-policy
logging#auth-policy#traffic-policy#policy-based-route#nat-policy
destination-zone
destination-zone
easy-ip#proxy-policy#quota-policy#
multi-interface#return
convention:
direct elevator
Released on
顶,请版主帮忙答复
convention:
Released on
你得外网地址没有开启ping功能吧
convention:
&Moderator
Released on
dis ip rout 看下有没有默认路由!
convention:
Released on
dis ip rout 看下有没有默认路由!
Destination/Mask
Flags NextHop
42.49.84.1
GigabitEthernet1/0/5
10.0.0.0/29
GigabitEthernet1/0/2
convention:
Released on
Destination/Mask
Flags NextHop
随便换一个私网地址都能够上网。 就好像接口就是不认这个地址一样。。
convention:
* Including Third Party’s Trade Secret or No:
Third Party’s Trade Secret
Third Party’s Trade Secret refers to Third Party’s (other than Huawei’s) technical or commercial information which is unknown to the public, with commercial value, and kept confidential by Third Party. It may include without limitation Price Information, Roadmap, Commercial Authorization, Core Algorithm and Source Code. Should you have any questions, please contact e..
If the attachment button is not available, update the Adobe Flash Player to the latest version!
`@trans`drinking_poetry`~trans`
`@trans`drinking_poetry_des`~trans`
`@trans`bright_future`~trans`
`@trans`bright_future_des`~trans`
`@trans`universal_genius`~trans`
`@trans`universal_genius_des`~trans`NAT后,外网ping不通内网
最新回复: 09:02:58
如上图所示,RT1路由器模拟外网,如果在RT2上做源地址转换,那么RT1就ping不通RT3的192.168.100.200;如果不在RT2上做源地址转换,RT1就可以ping通RT3的192.168.100.200。这是为什么?
(补充 :做nat outbound之后,虽然icmp回复报文的源地址被转换了,但是RT1同样是可以收到回复报文的,而且它不会关注回复报文的源地址啊)
你好,因为回包的时候在出接口做了NAT转换,源地址变了,就算你PC收到报文,但源地址不一样了。
做个跳转就行了
高手怎么做跳转?
我也想看看,高手怎么做,不能配置nat server哦。
其实,你R1不写静态都可以的,因为你R1模拟外网,理论上不应该知道用户的内网地址,你只需要知道用户出口的地址就可以了。
而且你做的是源NAT,是内网主动访问外网,如果你要外网主动访问内网,应该用目的NAT。
RT1在发出报文的时候,源是192.168.99.1目地是192.168.100.200,数据包到达RT3后,RT3回包的时候,将对端的源变成目地,源为自己的192.168.100.200发出,数据包到了RT2,做NAT,将源变成RT2出接口的192.168.99.2发给RT1,RT1看到收到包源地址不是自己刚才发出的目地地址,不是合法的ICMP回复,遂将此数据包丢弃
你原理没搞清楚
上图中的icmp request的目的地址和icmp echo的源地址就不同,但是它却能通,还有,你描述的那个过程我是清楚的
我所阐述的拓扑是出口路由器下面接一个内网路由器(二级路由器),所以都是内网
* 是否包含第三方商业秘密:
第三方商业秘密
第三方商业秘密是指第三方不为公众所知悉、具有商业价值并经权利人采取保密措施的技术信息和经营信息,包括但不限于:产品的价格信息、路标规划、商务授权、核心算法和源代码等。如有疑问,请联系:e.(各社区公共邮箱)。
如果附件按钮无法使用,请将Adobe Flash Player 更新到最新版本!
`@trans`drinking_poetry`~trans`
`@trans`drinking_poetry_des`~trans`
`@trans`skilled_person`~trans`
`@trans`skilled_person_des`~trans`
`@trans`future_star`~trans`
`@trans`future_star_des`~trans`
