【ProblemDescription】
AR is able to ping the destination ip ieSNMP Server ( 10.2.9.11 & 10.1.9.11 ), but SNMPServer are not able to ping our router ip .
Customer wants the network is reachable.
【ProblemAnalysis】
About this ticket , the issue is AR settinga interzone Policy to block the traffic from Untrust (SNMP Server) toLocal (10.50.62.97 )
But the trafficfrom Local(10.50.62.97) to Untrust (SNMP Server ) is allowed , so AR is ableto ping SNMP Server , and the server is not.
IF you want theSNMP Server be able to ping the AR , you can add an Advanced ACL to permit the traffic from SNMP Server(10.2.9.11 & 10.1.9.11) to AR.
Please referbelow commands:
<Huawei>system-view
[Huawei]acl 3001
[Huawei-acl-adv-3001]rule 5 permit ip source 10.1.9.11 0 destination 10.50.62.97 0
[Huawei-acl-adv-3001]rule 10 permit ip source 10.2.9.11 0 destination 10.50.62.97 0
[Huawei]firewall interzone local untrus
[Huawei-interzone– local - untrust] packet-filter 3001 inbound
Configure ACLand apply it , please refer below link:
P.s
Aboutto tracert of the AR Router, it’s default unreachable , if you need it beable to tracert , you should configure it like below:
【Root Cause】
The AR router has been enabled Firewall function , but not permit the traffic .
【SolutionDescription】
Remote to customer's AR router add ACL for permiting traffic ,then solve the issue