Router: SRG3200 G0/.two survivors 192.168.88.9/24 G0/0/3 192.168.12.1/24
Switch: h3c 5120 v2
Server IP 192.168.88.6/24

The topology of simple picture, make do see,
The existing problem is every 24 hours, probably switches under 5120 v2 terminal will not be able to ping the server (192.168.88.6) but access to the Internet and other hosts are no problem, need to restart the switch 5120 v2 to restore the communication with the server,
Give everyone a great god to a solution or a screening, thank you

CodePudding user response:

Switch configuration of the post to see, is through the DHCP IP address? The Internet and from where?

CodePudding user response:

When can't caught analysis

CodePudding user response:

Switch is no configuration, just use function on the second floor, DHCP IP is SRG3200 to distribution, core out of the Internet is through gathering,

With the server of the same network segment other computer can access the server, but SRG3200 the computer will not be able to access below, under SRG3200 took 20 several ESPACE7910 IP phone, use TCP, even 192.168.88.6/24 this IP address, now this problem again, don't know where to start,
Terminal can connect all the IP address of the server, but just can't access the server, I Ping from the SRG3200 all IP addresses, but Ping server IP address,

CodePudding user response:

reference yangzheng_k reply: 3/f

switch configuration, just use function on the second floor, DHCP IP is SRG3200 to distribution, the Internet is through gathering to core out,

With the server of the same network segment other computer can access the server, but SRG3200 the computer will not be able to access below, under SRG3200 took 20 several ESPACE7910 IP phone, use TCP, even 192.168.88.6/24 this IP address, now this problem again, don't know where to start,
Terminal can connect all the IP address of the server, but just can't access the server, I Ping from the SRG3200 all IP addresses, but Ping server IP address impassability,

"Gathered by core" refers to a switch? First to look at the configuration of srg3200, may also need to see the "gathered by the core configuration,

CodePudding user response:

Core 9306 - together - srg3200-5120 v2, under the convergence layer by other switch terminal access server is no problem, but the terminal under the srg3200 cannot access server, srg3200 ping server directly also not line,

CodePudding user response:

reference 5 floor yangzheng_k reply:

core 9306 - together - srg3200-5120 v2, under the convergence layer by other switch terminal access server is no problem, but the terminal under the srg3200 cannot access server, srg3200 ping server directly also not line,

Preliminary considered srg3200 problem

CodePudding user response:

[SRG3200] dis cur
17:22:10 2019/09/30
#
Sysname SRG3200
#
L2tp enable
L2tp domain suffix - the separator @
#
The info - center loghost source GigabitEthernet0/.two survivors
#
Undo is firewall ipv6 session link - state check
#
DNS resolve
The DNS server 202.99.224.8
The DNS server 202.99.224.68
#
Vlan batch 1, 80 to 81
#
Firewall MAC - binding enable
#
Undo is firewall session link - state check
#
Firewall defend udp - flood base - session Max - rate 1000
Firewall defend icmp - flood interface GigabitEthernet0/.two survivors Max - rate 50000
Firewall defend arp - flood interface GigabitEthernet0/.two survivors Max - rate 15
#
Firewall statistic system enable
#
DNS proxy enable
#
License server domain - lic.huawei.com
#
Web - manager enable
#
The acl number 3000
Rule 5 permit service - set the TCP
#
The acl number 3001
Rule 5 permit service - set the TCP
#
The acl number 3002
Rule 5 permit service - set the TCP
#
The acl number 3003
Rule 5 permit IP
#
The acl number 3004
Rule 5 permit udp source - port eq 1701
Rule 10 permit udp destination port eq - 1701
#
Ike proposal 1
Encryption algorithm aes - CBC
Dh group2
#
Ike peer ike29919216634
The pre - Shared - key admin @ 123
Ike - proposal 1
NAT traversal
#
Ipsec proposal prop29919216634
Esp authentication - algorithm sha1
Esp encryption algorithm aes -
#
Ipsec policy - the template tpl29919216634 1
Security acl 3004
Ike - peer ike29919216634
Proposal prop29919216634
#
Ipsec policy ipsec2991921663 1 isakmp template tpl29919216634
#
Interface Cellular0/1/0
The link - protocol PPP
#
Interface of Virtual - Template0
The PPP authentication - mode chap pap
IP address unnumbered interface GigabitEthernet0/0/1
Remote address pool
#
Interface GigabitEthernet0/0/0
IP address 192.168.0.1 255.255.255.0
DHCP select interface
#
Interface GigabitEthernet0/0/1
IP address 192.168.88.6 255.255.255.0
NAT enable
Detect the FTP
#
Interface GigabitEthernet0/.two survivors
Combo enable base - 1000 x
Speed 1000
Duplex full
IP address 192.168.12.1 255.255.255.0
DHCP select interface
The DHCP server IP - range 192.168.12.2 192.168.12.199
The DHCP server DNS - list 192.168.12.1
Qos WFQ queue queue length 64 - number 256
#
Interface GigabitEthernet0/0/3
Speed 1000
Duplex full
IP address 192.168.11.1 255.255.255.0
NAT enable
Detect the FTP
#
Interface NULL0
#
Firewall zone local
Set the priority of 100
#
Firewall zone trust
Set the priority of 85
Detect the FTP
The add interface GigabitEthernet0/.two survivors
The add interface GigabitEthernet0/0/3
The add interface Virtual - Template0
#
Firewall zone untrust
Set the priority 5
Detect the FTP
The add interface GigabitEthernet0/0/1
#
Firewall zone DMZ
Set the priority of 50
Detect the FTP
#
Firewall interzone local trust
Detect the FTP
#
Firewall interzone local untrust
Detect the FTP
#
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull