Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
AR interzone policy

AR interzone policy

946 0 0 0 0
display all floors 1#

【ProblemDescription】


AR is able to ping the destination IP ieSNMP Server ( 10.2.9.11 & 10.1.9.11 ), but SNMPServer is not able to ping our router IP.

The customer wants the network to be reachable.

【ProblemAnalysis】

About this ticket, the issue is AR setting  Interzone Policy to block the traffic from Untrust (SNMP Server) toLocal (10.50.62.97 ).     

But the traffic from Local(10.50.62.97) to Untrust (SNMP Server ) is allowed, so AR is able to ping SNMP Server, and the server is not.

 IF you want the SNMP Server to be able to ping the AR, you can add an Advanced ACL to permit the traffic from SNMP Server(10.2.9.11 & 10.1.9.11) to AR.


Please refer to the below commands:


<Huawei>system-view


[Huawei]acl 3001


[Huawei-acl-adv-3001]rule 5 permit ip source 10.1.9.11  0 destination 10.50.62.97 0


[Huawei-acl-adv-3001]rule 10 permit ip source 10.2.9.11  0 destination 10.50.62.97 0


[Huawei]firewall interzone local untrus


[Huawei-interzone– local - untrust] packet-filter 3001 inbound


 Configure ACL and apply it, please refer to the below link:


http://support.huawei.com/hedex/pages/EDOC1000085855AEG05127/13/EDOC1000085855AEG05127/13/resources/dc/dc_cfg_acl_1032.html?ft=0&fe=10&hib=7.3.17.6.7.2.2&id=dc_cfg_acl_1032&text=Configuring an Advanced ACL&docid=EDOC1000085855


http://support.huawei.com/hedex/pages/EDOC1000085855AEG05127/13/EDOC1000085855AEG05127/13/resources/dc/dc_cfg_fw_0015.html?ft=0&fe=10&hib=7.3.17.7.7.2&id=dc_cfg_fw_0015&text=Configuring ACL-based Packet Filtering in an Interzone&docid=EDOC1000085855


 

P.s

About to tracert of the AR Router,  it’s default unreachable, if you need it to be able to tracers, you should configure it like below:



http://support.huawei.com/hedex/pages/EDOC1000085855AEG05127/13/EDOC1000085855AEG05127/13/resources/dc/dc_ar_troubleshooting_0069.html?ft=0&fe=10&hib=9.2.13.3&id=dc_ar_troubleshooting_0069&text=Ping and Tracert&docid=EDOC1000085855


【Root Cause】

The AR router has been enabled Firewall function, but not permit the traffic.


【SolutionDescription】

Remote to customer's AR router add ACL for permitting traffic, then solve the issue.

  • x
  • convention:

Like (0) Dislike (0) Favorite(0) Share Report
Previous: eNSP error code 45 cannot start AR
Next: CE6870 port usage get high randomly when receives TC BPDU
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.