In the below topology, CPE interface g0/0/1.100 with ip address 10.1.0.1 is not reachable to any device on the network. All devices with vlanif100 can communicate with one another, but they cannot communicate with the CPE. Please note, vlan 100 is the management vlan and the default vlan for trunk links. Please see CPE and CR1 configuration below.

CPE configuration:
#
sysname cpe
header shell information "
Property of xxxxxxxxxxxxxxx. Please do not distribute,
unless for the purpose of education and training."
header login information "
Please do not attempt unauthorized access to this system."
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
vlan batch 100 to 105 201 to 204
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
ip pool store-data
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.0
#
ip pool store-pos
gateway-list 10.1.2.1
network 10.1.2.0 mask 255.255.255.0
#
ip pool store-voice
gateway-list 10.1.3.1
network 10.1.3.0 mask 255.255.255.0
#
ip pool wireless-store-data
gateway-list 10.2.1.1
network 10.2.1.0 mask 255.255.255.0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Vlanif100
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.100
dot1q termination vid 100
ip address 10.1.0.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.101
dot1q termination vid 101
ip address 10.1.1.1 255.255.255.0
arp broadcast enable
dhcp select global
#
interface GigabitEthernet0/0/1.102
dot1q termination vid 102
ip address 10.1.2.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.103
dot1q termination vid 103
ip address 10.1.3.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.201
dot1q termination vid 201
ip address 10.2.1.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.202
dot1q termination vid 202
ip address 10.2.2.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.203
dot1q termination vid 203
ip address 10.2.3.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.10 255.255.255.255
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.10.10.10 0.0.0.0
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$J0|@:TufgUCR:yJF4;rB,2M0A#-cOz=l(&G)Za%-
l%i12M3,%$%$
idle-timeout 4 50
user-interface vty 0
authentication-mode password
set authentication password cipher %$%$J0|@:TufgUCR:yJF4;rB,2M0A#-cOz=l(&G)Za%-
l%i12M3,%$%$
idle-timeout 4 50
user-interface vty 1 4
user-interface vty 16 20
#
wlan ac
#
return
CR1 configuration:
#
sysname cr1
#
vlan batch 100 to 105 201 to 204
#
stp mode rstp
stp instance 0 priority 0
#
cluster enable
ntdp enable
ndp enable
#
undo nap slave enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif100
ip address 10.1.0.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 103 201 to 203
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 105 201 to 204
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 105 201 to 204
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
header shell information "Property of xxxxxxxxxxxx. Please do not distribute,
unless for the purpose of education and training."
header login information "Please do not attempt unauthorized access to this syst
em."
#
user-interface con 0
authentication-mode password
set authentication password cipher ;47lQe!z999P4p;tsqP+YI/#
idle-timeout 4 50
user-interface vty 0
set authentication password cipher 6xQp'QM0J/9P4p;tsqP+'I/#
idle-timeout 4 50
user-interface vty 1 4
#
port-group cr->ds
group-member GigabitEthernet0/0/10
group-member GigabitEthernet0/0/11
#
return