AR is able to ping the destination ip ieSNMP Server ( 10.2.9.11 & 10.1.9.11 ), but SNMPServer are not able to ping our router ip .
Customer wants the network is reachable.
【ProblemAnalysis】
About this ticket , the issue is AR settinga interzone Policy to block the traffic from Untrust (SNMP Server) toLocal (10.50.62.97 )
But the trafficfrom Local(10.50.62.97) to Untrust (SNMP Server ) is allowed , so AR is ableto ping SNMP Server , and the server is not.
IF you want theSNMP Server be able to ping the AR , you can add an Advanced ACL to permit the traffic from SNMP Server(10.2.9.11 & 10.1.9.11) to AR.
Please referbelow commands:
<Huawei>system-view
[Huawei]acl 3001
[Huawei-acl-adv-3001]rule 5 permit ip source 10.1.9.11 0 destination 10.50.62.97 0
[Huawei-acl-adv-3001]rule 10 permit ip source 10.2.9.11 0 destination 10.50.62.97 0
[Huawei]firewall interzone local untrus
[Huawei-interzone– local - untrust] packet-filter 3001 inbound
Configure ACLand apply it , please refer below link:
http://support.huawei.com/hedex/pages/EDOC1000085855AEG05127/13/EDOC1000085855AEG05127/13/resources/dc/dc_cfg_acl_1032.html?ft=0&fe=10&hib=7.3.17.6.7.2.2&id=dc_cfg_acl_1032&text=Configuring an Advanced ACL&docid=EDOC1000085855
http://support.huawei.com/hedex/pages/EDOC1000085855AEG05127/13/EDOC1000085855AEG05127/13/resources/dc/dc_cfg_fw_0015.html?ft=0&fe=10&hib=7.3.17.7.7.2&id=dc_cfg_fw_0015&text=Configuring ACL-based Packet Filtering in an Interzone&docid=EDOC1000085855
P.s
Aboutto tracert of the AR Router, it’s default unreachable , if you need it beable to tracert , you should configure it like below:
http://support.huawei.com/hedex/pages/EDOC1000085855AEG05127/13/EDOC1000085855AEG05127/13/resources/dc/dc_ar_troubleshooting_0069.html?ft=0&fe=10&hib=9.2.13.3&id=dc_ar_troubleshooting_0069&text=Ping and Tracert&docid=EDOC1000085855
thankyou !
【Root Cause】
The AR router has been enabled Firewall function , but not permit the traffic .
【SolutionDescription】
Remote to customer's AR router add ACL for permiting traffic ,then solve the issue
