根据上一篇的配置,进行测试和一些调整
查看isp路由器的状态
<ISP>dis interface brief PHY: Physical *down: administratively down (l): loopback (s): spoofing (b): BFD down ^down: standby (e): ETHOAM down (d): Dampening Suppressed InUti/OutUti: input utility/output utility Interface PHY Protocol InUti OutUti inErrors outErrors GigabitEthernet0/0/0 up down 0% 0% 0 0 GigabitEthernet0/0/1 up up 0% 0% 0 0 GigabitEthernet0/0/2 down down 0% 0% 0 0 NULL0 up up(s) 0% 0% 0 0 Virtual-Template1 up up 0% 0% 0 0 <ISP>display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.100.100.0/24 Direct 0 0 D 100.100.100.254 GigabitEthernet 0/0/1 100.100.100.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 100.100.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.200.200.0/24 Direct 0 0 D 200.200.200.1 Virtual-Templat e1 200.200.200.1/32 Direct 0 0 D 127.0.0.1 Virtual-Templat e1 200.200.200.2/32 Direct 0 0 D 200.200.200.2 Virtual-Templat e1 200.200.200.255/32 Direct 0 0 D 127.0.0.1 Virtual-Templat e1 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <BORDER>display interface Dialer 1 Dialer1 current state : UP Line protocol current state : UP (spoofing) Description:HUAWEI, AR Series, Dialer1 Interface Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is negotiated, 200.200.200.2/32 Link layer protocol is PPP LCP initial Physical is Dialer Current system time: 2020-06-15 16:37:57-08:00 <ISP>ping 200.200.200.2 PING 200.200.200.2: 56 data bytes, press CTRL_C to break Reply from 200.200.200.2: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 200.200.200.2: bytes=56 Sequence=2 ttl=255 time=30 ms <ISP>ping 10.1.100.254 PING 10.1.100.254: 56 data bytes, press CTRL_C to break Request time out Request time out
边界路由器的状态
<BORDER>display interface brief PHY: Physical *down: administratively down (l): loopback (s): spoofing (b): BFD down ^down: standby (e): ETHOAM down (d): Dampening Suppressed InUti/OutUti: input utility/output utility Interface PHY Protocol InUti OutUti inErrors outErrors Dialer1 up up(s) 0% 0% 0 0 GigabitEthernet0/0/0 up down 0% 0% 0 0 GigabitEthernet0/0/1 up down 0% 0% 0 0 GigabitEthernet0/0/1.100 up up 0% 0% 0 0 GigabitEthernet0/0/1.200 up up 0% 0% 0 0 GigabitEthernet0/0/2 down down 0% 0% 0 0 NULL0 up up(s) 0% 0% 0 0 <BORDER>display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 13 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Static 60 0 D 200.200.200.2 Dialer1 Static 60 0 D 200.200.200.1 Dialer1 10.1.100.0/24 Direct 0 0 D 10.1.100.254 GigabitEthernet 0/0/1.100 10.1.100.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1.100 10.1.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1.100 10.1.200.0/24 Direct 0 0 D 10.1.200.254 GigabitEthernet 0/0/1.200 10.1.200.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1.200 10.1.200.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1.200 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.200.200.1/32 Direct 0 0 D 200.200.200.1 Dialer1 200.200.200.2/32 Direct 0 0 D 127.0.0.1 Dialer1 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <BORDER>ping 200.200.200.1 PING 200.200.200.1: 56 data bytes, press CTRL_C to break Reply from 200.200.200.1: bytes=56 Sequence=1 ttl=255 time=50 ms Reply from 200.200.200.1: bytes=56 Sequence=2 ttl=255 time=20 ms <BORDER>ping 100.100.100.254 PING 100.100.100.254: 56 data bytes, press CTRL_C to break Reply from 100.100.100.254: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 100.100.100.254: bytes=56 Sequence=2 ttl=255 time=30 ms <BORDER>ping 100.100.100.100 PING 100.100.100.100: 56 data bytes, press CTRL_C to break Request time out Request time out [BORDER]dis nat outbound NAT Outbound Information: -------------------------------------------------------------------------- Interface Acl Address-group/IP/Interface Type -------------------------------------------------------------------------- Dialer1 3001 200.200.200.2 easyip -------------------------------------------------------------------------- Total : 1 [BORDER]dis acl all
给isp路由器添加一条静态路由,这里border路由器ping不同100.100.100.100
[ISP]ip route-static 0.0.0.0 0.0.0.0 200.200.200.2 [ISP]ping 10.1.100.254 PING 10.1.100.254: 56 data bytes, press CTRL_C to break Reply from 10.1.100.254: bytes=56 Sequence=1 ttl=255 time=20 ms Reply from 10.1.100.254: bytes=56 Sequence=2 ttl=255 time=20 ms
边界路由器能ping通100.100.100.100
<BORDER>ping 100.100.100.100 PING 100.100.100.100: 56 data bytes, press CTRL_C to break Reply from 100.100.100.100: bytes=56 Sequence=1 ttl=254 time=40 ms Reply from 100.100.100.100: bytes=56 Sequence=2 ttl=254 time=30 ms [BORDER]dis nat server Nat Server Information: Total : 0 #rule 0 permit ip source 10.1.100.0 0.0.0.255 但是pc1 仍然ping 不通100.100.100.100
找了些资料,但配置是正确的,就是pc1 不能ping通100.100.100.100
第二天;重启了ensp软件,然后就可以ping通了 ???
PC>ping 200.200.200.2 Ping 200.200.200.2: 32 data bytes, Press Ctrl_C to break From 200.200.200.2: bytes=32 seq=1 ttl=255 time=78 ms From 200.200.200.2: bytes=32 seq=2 ttl=255 time=46 ms --- 200.200.200.2 ping statistics --- 2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 46/62/78 ms PC>ping 200.200.200.1 Ping 200.200.200.1: 32 data bytes, Press Ctrl_C to break From 200.200.200.1: bytes=32 seq=1 ttl=254 time=110 ms From 200.200.200.1: bytes=32 seq=2 ttl=254 time=62 ms --- 200.200.200.1 ping statistics --- 2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/86/110 ms PC>ping 100.100.100.100 Ping 100.100.100.100: 32 data bytes, Press Ctrl_C to break Request timeout! From 100.100.100.100: bytes=32 seq=2 ttl=253 time=78 ms From 100.100.100.100: bytes=32 seq=3 ttl=253 time=47 ms From 100.100.100.100: bytes=32 seq=4 ttl=253 time=78 ms --- 100.100.100.100 ping statistics --- 4 packet(s) transmitted 3 packet(s) received 25.00% packet loss round-trip min/avg/max = 0/67/78 ms
pc1的配置
pc2的配置
附上 border边界路由器的配置
[BORDER]dis current-configuration [V200R003C00] # sysname BORDER # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # dhcp enable # acl number 3001 rule 0 permit ip source 10.1.100.0 0.0.0.255 rule 5 permit icmp source 10.1.100.0 0.0.0.255 rule 6 permit icmp source 10.1.200.0 0.0.0.255 rule 10 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq www rule 15 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq domain rule 20 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq ftp rule 25 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq smtp rule 30 permit tcp source 10.1.100.0 0.0.0.255 destination-port eq pop3 # ip pool vlan100 gateway-list 10.1.100.254 network 10.1.100.0 mask 255.255.255.0 static-bind ip-address 10.1.100.100 mac-address 5489-98e5-8064 excluded-ip-address 10.1.100.200 10.1.100.253 dns-list 100.100.100.100 domain-name yhq.com # ip pool vlan200 gateway-list 10.1.200.254 network 10.1.200.0 mask 255.255.255.0 dns-list 100.100.100.100 domain-name huawei.com # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface Dialer1 link-protocol ppp ppp chap user yhq ppp chap password cipher %$%$xD5~,BzH$<QO(&>j2SNP,#ag%$%$ ip address ppp-negotiate dialer user yhq dialer bundle 1 dialer-group 1 nat outbound 3001 # interface GigabitEthernet0/0/0 pppoe-client dial-bundle-number 1 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/1.100 dot1q termination vid 100 ip address 10.1.100.254 255.255.255.0 arp broadcast enable dhcp select global # interface GigabitEthernet0/0/1.200 dot1q termination vid 200 ip address 10.1.200.254 255.255.255.0 arp broadcast enable dhcp select global # interface GigabitEthernet0/0/2 # interface NULL0 # dialer-rule dialer-rule 1 ip permit # ip route-static 0.0.0.0 0.0.0.0 Dialer1 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return