!guide_close_btn!

AD9430-12+R240D pppoe拨号能ping通域名无法打开网页

新人帖[复制链接]
发表于 : 2020-4-8 11:38:32 最新回复:2020-04-18 16:58:08
176 6
lionkg  

  求助帖: (未解决)
        AD9430+4个R240D 组网,按照官网配置中心AP进行电信pppoe拨号。目前状况如下:
1、测试官网系统版本目前只有V200R008C10SPCe00可以正常上网等操作,但是间歇性丢包(扫地机器人在房间穿梭导致整个无线连接丢包,猜测漫游导致)
2、从版本
V200R008C10SPCe00升级到官网其他版本例如V200R010C00SPCe00 AD9430有线口可以正常上网,但是无线AP连接的无线客户端无法打开网页,但是ping域名一切正常,尝试改过各种TCP MSS 都无效。

        总结,同样的config 。目前测试只有固件
V200R008C10SPCe00 可以正常上网,其他都是无法打开网页,
有时候等待很久,浏览器出现网站头信息。



#
 sysname XJAP
#
 autosave interval on
 autosave interval configuration 5
#
 http secure-server ssl-policy default_policy
 http server enable
#
 undo clock timezone
#
vlan batch 3 61
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
authentication-profile name authentication
#
dns resolve 
#
dhcp enable
#
radius-server template default
#
pki realm default
 certificate-check none
 rsa local-key-pair default
 enrollment self-signed
#
ssl policy default_policy type server
 pki-realm default
 version tls1.0 tls1.1 tls1.2 
 ciphersuite rsa_aes_128_cbc_sha rsa_aes_128_sha256 rsa_aes_256_sha256 
ssl policy https type client
 pki-realm default
 version tls1.2 
 server-verify enable
 prefer-ciphersuite rsa_aes_128_sha256 rsa_aes_256_sha256 
#
acl number 3002  
 rule 5 permit ip source 192.168.60.0 0.0.0.255 
 rule 10 permit ip source 192.168.61.0 0.0.0.255 
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
ip pool mangpool
 network 169.254.2.0 mask 255.255.255.0 
#
ip pool ippools
 gateway-list 192.168.60.1 
 network 192.168.60.0 mask 255.255.255.0 
#
ip pool wireless-client
 gateway-list 192.168.61.1 
 network 192.168.61.0 mask 255.255.255.0 
 static-bind ip-address 192.168.61.109 mac-address 5cea-1d0e-da22 
 dns-list 221.228.255.1 
#
aaa
 authentication-scheme default
 authentication-scheme radius
  authentication-mode radius
 authorization-scheme default
 accounting-scheme default
 domain default
  authentication-scheme default
 domain default_admin
  authentication-scheme default
 local-user admin password irreversible-cipher $1a$U(I+0*/uQK$*Q[kLsYW^b98Ov(>@;O8<Yk;~5,-n=i%$
 local-user admin privilege level 15
 local-user admin service-type ssh http
 local-user chengc password irreversible-cipher $1a$U(I+0*/uQK$*Q[kLsYW^b98Ov(>@;O8<Yk;~5,-n=i%$
 local-user chengc privilege level 15
 local-user chengc ftp-directory flash:
 local-user chengc service-type telnet terminal ssh ftp http
#
interface Dialer1
 link-protocol ppp
 ppp chap user 133884473
 ppp chap password cipher $1a$U(I+0*/uQK$*Q[kLsYW^b98Ov(>@;O8<Yk;~5,-n=i%$
 ip address ppp-negotiate
 dialer-rule ip permit
 nat server protocol tcp global current-interface 32400 inside 192.168.61.73 3200
 nat outbound 3002 
#
interface Dialer2
 link-protocol ppp
#
interface Vlanif1
 pppoe-client dial-bundle-number 1 
 mtu 1492
 tcp adjust-mss 1200
 ip address 192.168.60.1 255.255.255.0
 dhcp select global
#
interface Vlanif61
 mtu 1492
 tcp adjust-mss 1200
 ip address 192.168.61.1 255.255.255.0
 dhcp select global
#
interface Ethernet1/0/0
 undo dhcp trust port
#
interface Ethernet1/0/1
 undo dhcp trust port
#
interface Ethernet1/0/2
 undo dhcp trust port
#
interface Ethernet1/0/3
 undo dhcp trust port
#
interface Ethernet2/0/0
 undo dhcp trust port
#
interface Ethernet2/0/1
 undo dhcp trust port
#
interface Ethernet2/0/2
 undo dhcp trust port
#
interface Ethernet2/0/3
 undo dhcp trust port
#
interface Ethernet3/0/0
 undo dhcp trust port
#
interface Ethernet3/0/1
 undo dhcp trust port
#
interface Ethernet3/0/2
 undo dhcp trust port
#
interface Ethernet3/0/3
 undo dhcp trust port
#
interface Ethernet4/0/0
 undo dhcp trust port
#
interface Ethernet4/0/1
 undo dhcp trust port
#
interface Ethernet4/0/2
 undo dhcp trust port
#
interface Ethernet4/0/3
 undo dhcp trust port
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 description APGigabitEthernet0/0/2 Interface
 port link-type trunk
#
interface GigabitEthernet0/0/3
 description AP GigabitEthernet0/0/3 Interface
 port link-type trunk
#
interface GigabitEthernet0/0/4
 description NAS GigabitEthernet0/0/4 Interface
 tcp adjust-mss 1320
 port link-type trunk
 port trunk pvid vlan 61
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 61
#
interface GigabitEthernet0/0/5
 description ROUTE, GigabitEthernet0/0/5 Interface
 port link-type trunk
 port trunk pvid vlan 61
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 61
#
interface GigabitEthernet0/0/6
 description AP GigabitEthernet0/0/6 Interface
 port link-type trunk
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
 undo poe enable
#
interface GigabitEthernet0/0/13
 description WAN  GigabitEthernet0/0/13 Interface
 port link-type trunk
 undo poe enable
#
interface NULL0
#
 info-center timestamp log date precision-time millisecond
 info-center timestamp trap date precision-time millisecond
#
 undo snmp-agent 
#
 stelnet server enable 
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server secure-algorithms hmac sha2_256
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1
#
user-interface con 0
 authentication-mode password
 set authentication password cipher $1a$U(I+0*/uQK$*Q[kLsYW^b98Ov(>@;O8<Yk;~5,-n=i%$
user-interface vty 0
 authentication-mode aaa
 screen-length 36
 protocol inbound all
user-interface vty 1
 authentication-mode aaa
 screen-length 71
 protocol inbound all
user-interface vty 2 4
 authentication-mode aaa
 protocol inbound all
user-interface vty 16 20
 protocol inbound all
#
wlan
 traffic-profile name default
  rate-limit client dynamic disable
 security-profile name default
 security-profile name killthemsb
  security wpa-wpa2 psk pass-phrase $1a$U(I+0*/uQK$*Q[kLsYW^b98Ov(>@;O8<Yk;~5,-n=i%$ aes-tkip
 security-profile name killthemall-5g
  security wpa-wpa2 psk pass-phrase $1a$U(I+0*/uQK$*Q[kLsYW^b98Ov(>@;O8<Yk;~5,-n=i%$ aes-tkip
 security-profile name Killthemall-XKL
  security wpa-wpa2 psk pass-phrase $1a$U(I+0*/uQK$*Q[kLsYW^b98Ov(>@;O8<Yk;~5,-n=i%$ aes-tkip
 ssid-profile name default
 ssid-profile name killthemsb
  ssid killthemsb
 ssid-profile name killthemall-5g
  ssid killthemall-5g
 ssid-profile name Killthemall-XKL
  ssid Killthemall-hw
 vap-profile name default
 vap-profile name killthemsb
  service-vlan vlan-id 61
  ssid-profile killthemsb
  security-profile killthemsb
 vap-profile name killthemall-5g
  service-vlan vlan-id 61
  ssid-profile killthemall-5g
  security-profile killthemall-5g
 vap-profile name Killthemall-XKL
  service-vlan vlan-id 61
  ssid-profile Killthemall-XKL
  security-profile Killthemall-XKL
 regulatory-domain-profile name default
  dca-channel 5g channel-set 36,40,44,48,52,56,60,64,149,153,157,161
  dca-channel 5g bandwidth 80mhz
  channel-load-mode indoor
 air-scan-profile name default
 rrm-profile name default
  dynamic-edca enable
 radio-2g-profile name default
 radio-5g-profile name default
  interference detect-enable
 wids-profile name default
 ap-system-profile name default
 port-link-profile name default
 wired-port-profile name default
 ap-group name default
  radio 0
   vap-profile Killthemall-XKL wlan 1
   vap-profile killthemsb wlan 2
  radio 1
   vap-profile Killthemall-XKL wlan 1
   vap-profile killthemall-5g wlan 2
 ap-id 1 type-id 55 ap-mac 488e-ef63- ap-sn 
 ap-id 2 type-id 55 ap-mac 488e-ef63- ap-sn 
 ap-id 3 type-id 55 ap-mac 488e-ef63- ap-sn 
 ap-id 4 type-id 55 ap-mac 488e-ef63- ap-sn 
 provision-ap
 ap update update-filename FitR240D_V200R008C10SPCe00.bin ap-type 55
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
 undo ntp-service enable
#
return
  • x
  • 常规:

点评 回复

跳转到指定楼层
MinM
MinM  版主 发表于 2020-4-8 14:32:58 已赞(0) 赞(0)

帮楼主顶一下~
  • x
  • 常规:

点评 回复

lionkg   发表于 2020-4-8 14:40:23 已赞(0) 赞(0)

感谢版主,这个看似疑难杂症
  • x
  • 常规:

点评 回复

TACwlan加油站  精英 发表于 2020-4-9 09:16:01 已赞(0) 赞(0)

流量模板下的tcp-mss改成1200再试试,一般pppoe都跟这个有关系
  • x
  • 常规:

点评 回复

lionkg   发表于 2020-4-9 12:33:27 已赞(0) 赞(0)

TACwlan加油站 发表于 2020-04-09 09:16 流量模板下的tcp-mss改成1200再试试,一般pppoe都跟这个有关系
已经改过了 。
目前情况就是有个固件是可以上网的,其他固件不行。
  • x
  • 常规:

点评 回复

lionkg   发表于 2020-4-12 07:37:40 已赞(0) 赞(0)

版主 能让技术把关看下么?
  • x
  • 常规:

点评 回复

lionkg   发表于 2020-4-18 16:58:08 已赞(0) 赞(0)

麻烦版主再顶下
  • x
  • 常规:

点评 回复

发表回复
您需要登录后才可以回帖 登录 | 注册

警告 内容安全提示:尊敬的用户您好,为了保障您、社区及第三方的合法权益,请勿发布可能给各方带来法律风险的内容,包括但不限于政治敏感内容,涉黄赌毒内容,泄露、侵犯他人商业秘密的内容,侵犯他人商标、版本、专利等知识产权的内容,侵犯个人隐私的内容等。也请勿向他人共享您的账号及密码,通过您的账号执行的所有操作,将视同您本人的行为,由您本人承担操作后果。详情请参看“隐私声明
如果附件按钮无法使用,请将Adobe Flash Player 更新到最新版本!

登录参与交流分享

登录

华为企业互动社区
华为企业互动社区
屏蔽
!block_confirm_cont!