首页>问答区>求高手指点,H3C部分VLAN无法访问外网

求高手指点,H3C部分VLAN无法访问外网

  • 8回答
  • 1165浏览
办公室网络已经做好配置,目前有VLAN1、3、40、100、103、105,其中VLAN3、103可以访问外网,其他的只能访问内网,现在想将VLAN105设置为可以访问外网,请教一下应该如何操作?比较纠结的是我设置的VLAN105和VLAN103是一样的,为什么VLAN105无法访问外网? 路由器只做了VLAN的设置,如图: 交换机的配置如下: display current-configuration # version 7.1.070, Release 1119P11 # sysname A3 Office # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # dhcp enable dhcp server forbidden-ip 192.168.3.200 192.168.3.254 # lldp global enable # password-recovery enable # vlan 1 # vlan 3 # vlan 40 description BGM-music # vlan 100 description shehuitingchechang # vlan 103 # vlan 105 description LED # stp global enable # dhcp server ip-pool office gateway-list 192.168.3.254 network 192.168.3.0 mask 255.255.255.0 dns-list 202.103.224.68 114.114.114.114 # interface NULL0 # interface Vlan-interface1 ip address 192.168.1.254 255.255.255.0 # interface Vlan-interface3 description office ip address 192.168.3.254 255.255.255.0 dhcp server apply ip-pool office # interface Vlan-interface40 description BGM-music ip address 192.168.40.252 255.255.255.0 # interface Vlan-interface100 ip address 192.168.100.252 255.255.255.0 # interface Vlan-interface103 ip address 192.168.103.252 255.255.255.0 # interface Vlan-interface105 description LED ip address 192.168.105.253 255.255.255.0 # interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/2 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/6 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/7 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/8 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/9 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/10 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/11 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/12 port link-mode bridge description to XXZX port access vlan 103 # interface GigabitEthernet1/0/13 port link-mode bridge port access vlan 105 # interface GigabitEthernet1/0/14 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/15 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/16 port link-mode bridge port access vlan 3 # interface GigabitEthernet1/0/17 port link-mode bridge port access vlan 3 combo enable copper # interface GigabitEthernet1/0/18 port link-mode bridge port access vlan 3 combo enable copper # interface GigabitEthernet1/0/19 port link-mode bridge port access vlan 3 combo enable copper # interface GigabitEthernet1/0/20 port link-mode bridge port access vlan 3 combo enable copper # interface GigabitEthernet1/0/21 port link-mode bridge description to jinrong-office port access vlan 3 combo enable copper # interface GigabitEthernet1/0/22 port link-mode bridge description to xiaokongshi port link-type trunk port trunk permit vlan 1 3 40 100 103 to 106 combo enable copper # interface GigabitEthernet1/0/23 port link-mode bridge description to XXZX port link-type trunk port trunk permit vlan 1 3 103 105 combo enable copper # interface GigabitEthernet1/0/24 port link-mode bridge description to Route port access vlan 3 combo enable copper # interface M-GigabitEthernet0/0/0 # interface Ten-GigabitEthernet1/0/25 port link-mode bridge # interface Ten-GigabitEthernet1/0/26 port link-mode bridge # interface Ten-GigabitEthernet1/0/27 port link-mode bridge # interface Ten-GigabitEthernet1/0/28 port link-mode bridge # scheduler logfile size 16 # line class aux user-role network-admin # line class usb user-role network-admin # line class vty user-role network-operator # line aux 0 user-role network-admin # line vty 0 4 authentication-mode scheme user-role level-15 user-role network-operator set authentication password hash $h$6$7CRs1EmwBUpu/oOu$O8BS6Do3/9sl+nG6k+Fu6sdisIksQFuNBKr4eSbSf6osO6GWei94fxtNeGV2flC7a6ksP9QB3Y6lbfrPWOxNkg== # line vty 5 63 user-role network-operator # ip route-static 0.0.0.0 0 192.168.3.253 ip route-static 192.168.2.201 32 192.168.3.202 ip route-static 192.168.40.0 24 192.168.40.254 ip route-static 192.168.100.0 24 192.168.100.1 ip route-static 192.168.103.0 24 192.168.103.254 ip route-static 192.168.105.0 24 192.168.105.254 # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$MSzkEHyIi9JMntGj$b663ppKkDBmQgCNgYEBYkgCE6ZHqoWVtSL0NZZ2u2slHim+HMzw3JoPaO+Lcu1ULCIDig6flBp0NX8OLtd6p5Q== service-type telnet http https authorization-attribute user-role 0 authorization-attribute user-role 1 authorization-attribute user-role level-3 authorization-attribute user-role guest-manager authorization-attribute user-role network-admin authorization-attribute user-role network-operator # ip http enable webui log enable # return
展开
收起
wx60b754b7624802021-06-02

最佳答案

wx60b754b762480 2021-06-04回答
路由器的配置: ? reboot Reboot device restore Restore configuration ip Display the IP configuration display Display current information ping Ping function quit Exit from the device admin Admin the LAN interface ip ? address Display IP addresses ip ad ip address ? ip address The LAN interface information: IP address: 192.168.1.254 Mask: 255.255.255.0 The VLAN3 information: IP address: 192.168.3.253 Mask: 255.255.255.0 dis display ? sysinfo CPU and memory information device Device information version Version information display sy display sysinfo ? display sysinfo CPU Used Rate: 3% Memory Used Rate: 8.4% dis display de display device ? manuinfo Manufacture information display device ma display device manuinfo ? display device manuinfo DEVICE_NAME: ER8300G2-X DEVICE_SERIAL_NUMBER: 219801A0P59189Q000KD MAC_ADDRESS: 7485-C4CD-2BDA MANUFACTURING_DATE: 2018-9 VENDOR_NAME: H3C dis display ve display version ? display version Hardware: VER.A Bootrom: 0.0.0.7 Software: ERHMG2-MNW100-R1117 admin ? acl Access control list admin acl ? info Display the administrator access information in LAN default Restore the access control to default, no restricted admin acl in admin acl info ? admin acl info By default,permit all hosts to access the LAN interface

其他回答

wx60b754b762480 2021-06-08回答
问题已经解决了,局域网内还有另外一台路由器,连接了另外一个外网,导致VLAN103可以通过那台路由器访问外网。我在那台路由器设置VLAN105,就可以访问外网了,感谢
wx60b754b762480 2021-06-07回答
没有VLAN30,只有交换机设置了以下静态路由: ip route-static 0.0.0.0 0 192.168.3.253 ip route-static 192.168.2.201 32 192.168.3.202 ip route-static 192.168.40.0 24 192.168.40.254 ip route-static 192.168.100.0 24 192.168.100.1 ip route-static 192.168.103.0 24 192.168.103.254 ip route-static 192.168.105.0 24 192.168.105.254 路由器没设置路由
wx60b754b762480 2021-06-07回答
路由器的设置有:LAN口IP是192.168.1.254,设置一个VLAN3(192.168.3.254),允许所有VLAN通过LAN5
wx60b754b762480 2021-06-07回答
5227990,我的QQ,麻烦加一下
jasion55 2021-06-06回答
建议看下路由器的静态路由,有没有到  vlan30得静态路由
woshi_1001 2021-06-06回答
静态路由写错了吧,路由器的lan口ip是多少,交换机与路由器互联的ip和vlan是多少。
sdmz012 2021-06-05回答
加个联系方式给你一下

热门问答

关于华为S5720S交换机配置管理IP问题
  • 11回答
  • 13763浏览
//首先配置一个管理登陆账号 aaa local-user 123 password cipher 123456 privilege level 15 state active local-user manage service-type http telnet //该账号启用http.telnet登陆访问 然后楼上的命令把aaa组放在vty 0 4上生效 //配置管理地址 sy vlan99 description guanli int vlanif 99 ip address 192.168.100.1 24 //配置管理地址 然后退出就可以telnet 192.168.100.1 用你配置的账号密码登陆了
求大神们指点,怎么配置新H3C交换机接联通专线上网!
  • 9回答
  • 13560浏览
一般企业用,出口都是用防火墙,下挂三层交换机接内网。这样比较安全。直接交换机接外网,与外网连的口设成route模式,设成联通给的固定ip。设置缺省路由指定下一跳为联通对端公网ip。
zabbix监控化为6360防火墙教程谁有,谢谢。
  • 6回答
  • 12150浏览
来这里查看具体的MIB号: 然后利用snmpwalk查看具体的信息: snmpwalk -v 2c -c [团队名] [防火墙IP] [OID号] 正常的话会列出具体iso.xxx.xxx然后后面跟着数据的信息, zabbix添加的OID号就是这一串iso.xxx.xxx
华为AR1220E-S路由器忘记密码
  • 3回答
  • 11828浏览
自行去华为找对应的官方配置手册,我这里只有2700,5700的配置手册,,不过相信清除密码步骤应该是一致的, 思路是这样,由bootrom菜单清除 Console 密码,登陆Console后创建自己的web用户和密码,提升权限,赋予web登陆权限,,打完收工,保存退出. 这里默认你有console线和超级终端. 清除 Console 登录密码 [attach]373365[/attach] 清除完按1进系统,,, 配置Web用户执行命令system-view,进入系统视图。 执行命令aaa,进入AAA视图。 执行命令local-user user-name password irreversible-cipher password,配置本地用户名和密码。缺省情况下,系统中存在一个用户名为admin的本地用户,该用户的密码为[email]admin@huawei.com[/email]。 执行命令local-user user-name service-type http,配置本地用户的接入类型为HTTP。缺省情况下,本地用户关闭所有的接入类型。 执行命令local-user user-name privilege level level,配置本地用户的级别。 缺省情况下,本地用户admin的级别为0,为监控用户。 当用户级别配置在3级或3级以上,具有管理级权限,为管理用户。3级以下的用户为监控用户。管理用户有所有Web页面的操作权限,监控用户只有ping和tracert的操作权限。 这里以创建用户cto,密码是[email]cto@cto.com[/email] 为例 local-user cto password irreversible-cipher [email]cto@cto.com[/email] local-user cto service-type http local-user cto privilege level 15 记得退出aaa之后,save,不然重启之后什么都没了.或者做完之后马上登陆web界面,,,,在web端保存一次配置.
华为5720交换机配置主备链路
  • 17回答
  • 11637浏览
咨询过400的技术,说这样写配置没问题,可是网络不通,有给分析下哪里出问题的吗?或者是还少配置?
H3C 6520X使用万兆模块不亮,千兆模块亮!!
  • 1回答
  • 11557浏览
如果怀疑光纤问题的话,测一下光衰,
想考HCNA HCNP看这来,分享视频和资料给你
  • 8回答
  • 11282浏览
247625935@qq.com,谢谢啊
更换思科防火墙怎么查看原防火墙拨号账号密码
  • 2回答
  • 11056浏览
看不了的,直接给运营商打电话即可,他们会告诉你拨号信息的,忘记了就直接让他们重置即可
求大神-华为模拟器-5700 IP配置的迷惑
  • 13回答
  • 10865浏览
华为模拟器不支持三层交换机下undo  portswitch  然后设置IP地址!华为真实设备才会支持,但是必须是高端三层交换机!华为模拟器并没有给你开放这功能!思科模拟器给你开放了 ,所以不要纠结!还有告诉我你的S5700与路由器相连的接口是怎么配置的?
一台防火墙能否设置两个公网ip?
  • 4回答
  • 10857浏览
防火墙设置同运营商分配的多个静态ip起什么作用?可以尝试在路由器下加个交换机使用多个静态ip