An AR router does not respond to a Tracert command, but can be pinged


By default, the function of responding to a Tracert request is not enabled on the AR router. Run the icmp port-unreachable command in the system view.
Run a send command to enable the packet transmission function for the ICMP interfaces.

Other related questions:
What does the information displayed on an AR router mean after the Tracert command is run
The Tracert command is used to test gateways through which a test packet passes from the transmission host to a destination. For details, choose Troubleshooting > Ping and Tracert through the URL: Product Documentation.

How does the USG firewall use the tracert command?
USG2000 & 5000 & 6000 Use the tracert command as follows: Run the tracert command on the client to detect where the network has failed. E.g: The following is an example of applying tracert to analyze the network. Tracert Traceroute to (, 30 hops max, 56 byte packet 1 19 ms 19 ms 0 ms 2 39 ms 39 ms 19 ms 3 39 ms 40 ms 39 ms 4 39 ms 39 ms 39 ms 5 40 ms 59 ms 59 ms 6 59 ms 59 ms 59 ms 7 99 ms 99 ms 80 ms 8 139 ms 239 ms 319 ms 9 220 ms 199 ms 199 ms 10 239 ms 239 ms 239 ms From the above results can be seen from the source to reach the destination through the gateway IP address. If the middle of a gateway timeout, it will return "***" information, according to this information to locate the location of the failure.

Can the USG firewall be traversed by the tracert command?
1. Tracert firewall itself Need to release the ICMP or UDP packet filtering to the local area of the firewall. If Tracert uses ICMP packets, you need to run the ip unreachables enable command to enable sending of ICU destination unreachable packets. 2. Tracert is forwarded through the firewall A. Release the ICMP or UDP packet filtering through the firewall. B. Configure the ICMP timeout packet function (command: ip ttl-expires enable). C. Disable the Tracert packet attack defense function (command: undo firewall defend tracert enable). Description: The UDP port used by the Tracert protocol is: first hop 33434, second hop 33435, third jump 33436 ... and so on (the algorithm is 33434 + N-1 where N is the hop count).

What is the meaning of the tracert command output on an S series switch
For S series switches (except the S1700), the tracert command displays information about the path on which packets are sent from the source to the destination and checks network connectivity. When a fault occurs on the network, you can run this command to locate the fault. This command is used as follows: [HUAWEI] tracert traceroute to,max hops: 30 ,packet length: 40,press CTRL_C to break 1 23 ms 12 ms 6 ms 2 * * * 3 5 ms !<10> 5ms !<10> 6ms !<10> The command output is described as follows: 1 indicates the first-hop gateway. The sequence number increases by each hop. By default, the maximum number of hops is 30. indicates the gateway address of the first hop. The IPv4 address following the serial number of each hop is the gateway address of the hop. 23 ms 12 ms 6 ms indicates the time difference between the three sent UDP packets and the received ICMP Time Exceeded or ICMP Destination Unreachable packets. * * * indicates that no ICMP Time Exceeded packet or ICMP Destination Unreachable packet is received on the second-hop device within a specified period. ! indicates an ICMP Destination Unreachable packet. <10> indicates that the value of the Code field in the ICMP packet is 10, which means that the Destination host is administratively prohibited. There are no reachable routes between the destination host and the source address. This packet is sent by the default gateway of the destination host. For the meanings of other values of the Type and Code fields in an ICMP packet, see Chapter 6 in TCP/IP Illustration Volume I.

