Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Interzone policy in AR

Interzone policy in AR

Latest reply: Oct 13, 2018 10:02:51 746 2 2 0 0
display all floors 1#

ProblemDescription

    AR is able to ping the destination ip ieSNMP Server ( 10.2.9.11 & 10.1.9.11 ), but SNMPServer are not able to ping our router ip .

    Customer wants the network is reachable.

    【ProblemAnalysis






   About this ticket , the issue  is AR settinga  interzone Policy to block the traffic from Untrust (SNMP Server) toLocal (10.50.62.97 )


        


         But the trafficfrom Local(10.50.62.97) to Untrust (SNMP Server ) is allowed  , so AR is ableto ping SNMP Server , and the server is not.


 


         IF you want theSNMP Server be able to ping the AR , you can add an Advanced ACL to permit the traffic from SNMP Server(10.2.9.11 & 10.1.9.11) to AR.


        


         Please referbelow commands:


        


<Huawei>system-view


[Huawei]acl 3001


[Huawei-acl-adv-3001]rule 5 permit ip source 10.1.9.11  0 destination 10.50.62.97 0


[Huawei-acl-adv-3001]rule 10 permit ip source 10.2.9.11  0 destination 10.50.62.97 0


         [Huawei]firewall interzone local untrus


[Huawei-interzone– local - untrust] packet-filter 3001 inbound


 


         Configure ACLand apply it , please refer below link:


        


http://support.huawei.com/hedex/pages/EDOC1000085855AEG05127/13/EDOC1000085855AEG05127/13/resources/dc/dc_cfg_acl_1032.html?ft=0&fe=10&hib=7.3.17.6.7.2.2&id=dc_cfg_acl_1032&text=Configuring an Advanced ACL&docid=EDOC1000085855


 


http://support.huawei.com/hedex/pages/EDOC1000085855AEG05127/13/EDOC1000085855AEG05127/13/resources/dc/dc_cfg_fw_0015.html?ft=0&fe=10&hib=7.3.17.7.7.2&id=dc_cfg_fw_0015&text=Configuring ACL-based Packet Filtering in an Interzone&docid=EDOC1000085855


 


P.s


Aboutto tracert of the AR Router,  it’s default unreachable , if you need it beable to tracert , you should configure it like below:


 



 


http://support.huawei.com/hedex/pages/EDOC1000085855AEG05127/13/EDOC1000085855AEG05127/13/resources/dc/dc_ar_troubleshooting_0069.html?ft=0&fe=10&hib=9.2.13.3&id=dc_ar_troubleshooting_0069&text=Ping and Tracert&docid=EDOC1000085855

 



Root Cause

      The AR router has been enabled Firewall function , but not permit the traffic .


SolutionDescription

Remote to customer's AR router add ACL for permiting traffic ,then solve the issue

  • x
  • convention:

Like (2) Dislike (0) Favorite(0) Share Report
Previous: [HUAWEI CONNECT 2018] Latest Highlights
Next: Block all DHCP packets to exit an interface S5720S-28X-LI-24S-AC
Mark.hu
Created Sep 30, 2018 01:57:14

I have encountered this question about you. I have checked a lot of information, but I still have not answered this question clearly. Thank you for sharing this knowledge and solving my doubts. I hope that you can continue to update such knowledge points. Thank you. !
View more
  • x
  • convention:
faysalji
Author Created Oct 13, 2018 10:02:51

Good case. sharing the case is appreciated !
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.