Hello, team!
Good day to you!
Issue Description
networking information please see the attachment. MCU version is V100R007C02. public ip can ping GE1 ip, but GE1 ip can not ping public ip.
Handling Process
According to the judgment, if GE1 port uses the firewall mode, MCU will use GE0 port to ping other IPs by default, so it gives us an illusion that network is a problem, we waste a lot of time to check the network.we can try to adjust the GE0 and GE1 port(you can refer to the attachment) and configuration. now both sides can ping each other.
Root Cause
According to the MCU8650C Guidance, config step by step in firewall mode instruction as following:
1. Config MCU GE1 port firewall mode.
2. Config MCU GE1 port IP. Make sure GE1 port and GE0 port are in the different network segments.
3. Config routing. after you config GE1 port IP, MCU will automatically add an IP routing for GE1 port. But in the actual networking, the terminal GE1 port connected may be in the different network segment. so we need to config another IP routing for GE1 port in order to make the terminal and the GE1 port are in the same network segment.
After configuration, remember to save.
then we test the network connectivity. I find the terminal public IP can ping GE1 port, but GE1 port can not ping that public IP.
Analysis: if public IP can ping GE1 port, so the network is ok, but why GE1 port can not ping public IP. we can use the command tracert to see the IP transfer path. we can see the MCU uses GE0 port by default.
Suggestions
Usually, the guidance tells us to use GE0 port for internal connection, GE1 port for another network connection in firewall mode. in order to avoid the illusion, we use GE1 port for internal use.
This is all, thanks for reading!
