【ProblemDescription】
AR is able to ping the destination IP ieSNMP Server ( 10.2.9.11 & 10.1.9.11 ), but SNMPServer is not able to ping our router IP.
The customer wants the network to be reachable.
【ProblemAnalysis】
About this ticket, the issue is AR setting Interzone Policy to block the traffic from Untrust (SNMP Server) toLocal (10.50.62.97 ).
But the traffic from Local(10.50.62.97) to Untrust (SNMP Server ) is allowed, so AR is able to ping SNMP Server, and the server is not.
IF you want the SNMP Server to be able to ping the AR, you can add an Advanced ACL to permit the traffic from SNMP Server(10.2.9.11 & 10.1.9.11) to AR.
Please refer to the below commands:
<Huawei>system-view
[Huawei]acl 3001
[Huawei-acl-adv-3001]rule 5 permit ip source 10.1.9.11 0 destination 10.50.62.97 0
[Huawei-acl-adv-3001]rule 10 permit ip source 10.2.9.11 0 destination 10.50.62.97 0
[Huawei]firewall interzone local untrus
[Huawei-interzone– local - untrust] packet-filter 3001 inbound
Configure ACL and apply it, please refer to the below link:
P.s
About to tracert of the AR Router, it’s default unreachable, if you need it to be able to tracers, you should configure it like below:
【Root Cause】
The AR router has been enabled Firewall function, but not permit the traffic.
【SolutionDescription】
Remote to customer's AR router add ACL for permitting traffic, then solve the issue.