一道关于园区网排错,请求下华为的高手帮忙解答

zhangjieqiong · 发表于 2008-11-30 23:26:41

这是一道关于园区网的TOP排错题,是我的一个朋友的给我的,小弟对于华为的设备不懂,请求华为的高手们帮忙解答下,请一定要帮下,这是一道面试的题.下面是题的配置和TOP图, 请将答案写在下面,或发到我的邮箱zjq751157@163.com.麻烦各位!谢谢.

请参考拓扑和配置文档查看此网络有什么问题？
TOP图:

配置如下:
#
sysname cur
#
firewall enable
#
nat address-group 1 124.205.132.194 124.205.132.205
nat address-group 2 124.42.57.162 124.42.57.190
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
local-user liuchao
password cipher DM%"KQ,a8\17+966@BJ-6A!!
service-type telnet
level 3
#
acl number 2000
rule 0 permit source 172.16.10.0 0.0.0.255
rule 1 permit source 172.16.20.0 0.0.0.255
rule 2 permit source 172.16.30.0 0.0.0.255
rule 3 permit source 172.16.40.0 0.0.0.255
acl number 2001
rule 0 permit source 172.16.60.0 0.0.0.255
rule 1 permit source 172.16.110.0 0.0.0.255
acl number 2010
rule 0 permit source 172.16.0.0 0.0.255.255
rule 1 deny
#
acl number 3010
rule 0 deny tcp source-port eq 3127
rule 1 deny tcp source-port eq 1025
rule 2 deny tcp source-port eq 5554
rule 3 deny tcp source-port eq 9996
rule 4 deny tcp source-port eq 1068
rule 5 deny tcp source-port eq 135
rule 6 deny udp source-port eq 135
rule 7 deny tcp source-port eq 137
rule 8 deny udp source-port eq netbios-ns
rule 9 deny tcp source-port eq 138
rule 10 deny udp source-port eq netbios-dgm
rule 11 deny tcp source-port eq 139
rule 12 deny udp source-port eq netbios-ssn
rule 13 deny tcp source-port eq 593
rule 14 deny tcp source-port eq 4444
rule 15 deny tcp source-port eq 5800
rule 16 deny tcp source-port eq 5900
rule 18 deny tcp source-port eq 8998
rule 19 deny tcp source-port eq 445
rule 20 deny udp source-port eq 445
rule 21 deny udp source-port eq 1434
rule 30 deny tcp destination-port eq 3127
rule 31 deny tcp destination-port eq 1025
rule 32 deny tcp destination-port eq 5554
rule 33 deny tcp destination-port eq 9996
rule 34 deny tcp destination-port eq 1068
rule 35 deny tcp destination-port eq 135
rule 36 deny udp destination-port eq 135
rule 37 deny tcp destination-port eq 137
rule 38 deny udp destination-port eq netbios-ns
rule 39 deny tcp destination-port eq 138
rule 40 deny udp destination-port eq netbios-dgm
rule 41 deny tcp destination-port eq 139
rule 42 deny udp destination-port eq netbios-ssn
rule 43 deny tcp destination-port eq 593
rule 44 deny tcp destination-port eq 4444
rule 45 deny tcp destination-port eq 5800
rule 46 deny tcp destination-port eq 5900
rule 48 deny tcp destination-port eq 8998
rule 49 deny tcp destination-port eq 445
rule 50 deny udp destination-port eq 445
rule 51 deny udp destination-port eq 1434
#
interface Aux0
async mode flow
#
interface GigabitEthernet0/0/0
duplex full
ip address 172.30.161.14 255.255.255.252
firewall packet-filter 3010 inbound
nat outbound 2010 address-group 1
#
interface GigabitEthernet0/0/1
ip address 172.16.100.254 255.255.255.0
ip address 124.205.132.193 255.255.255.224 sub
ip policy route-policy huawei
firewall packet-filter 3010 inbound
#
interface GigabitEthernet0/0/2
ip address 172.26.1.20 255.255.255.0
nat outbound 2010 address-group 2
#
interface NULL0
#
route-policy huawei permit node 1
if-match acl 2000
apply output-interface GigabitEthernet 0/0/0
apply default output-interface GigabitEthernet 0/0/2
route-policy huawei permit node 2
if-match acl 2001
apply output-interface GigabitEthernet 0/0/2
apply default output-interface GigabitEthernet 0/0/0
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 172.30.161.13 preference 60
ip route-static 0.0.0.0 0.0.0.0 172.26.1.1 preference 60
ip route-static 172.16.10.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.20.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.30.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.40.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.60.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.110.0 255.255.255.0 172.16.100.252 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme

[ 本帖最后由 zhangjieqiong 于 2008-12-1 23:34 编辑 ]

sjah113 · 发表于 2008-11-30 23:30:44

这个我不太懂啊。还是等高手来为您解答吧。

guzhuxiaoyue · 发表于 2008-12-1 09:51:41

这个还是太有难度了对我，还是把帖子顶起来等待高手回答吧
另外楼主可以发布悬赏贴这样可以吸引更多人的关注

占占 · 发表于 2008-12-1 11:36:53

图没发好我这里看不到你的图

zhangjieqiong · 发表于 2008-12-1 23:35:39

图我重新发了一下,麻烦管理员帮帮我解答下,谢谢

why181470137 · 发表于 2008-12-2 11:23:11

ip route-static 172.16.10.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.20.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.30.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.40.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.60.0 255.255.255.0 172.16.100.252 preference 60
ip route-static 172.16.110.0 255.255.255.0 172.16.100.252 preference 60 172.16.100.252网关怎么是这个啊应该是124.42.57.162

zhangjieqiong · 发表于 2008-12-2 23:26:01

那麻烦看看还有其他的错误吗?麻烦把正解发一下给我.

zhangjieqiong · 发表于 2008-12-3 19:49:35

高手们请进来看看啊。顶一个

zhangjieqiong · 发表于 2008-12-5 11:53:08

zhangjieqiong · 发表于 2008-12-22 12:10:59

难道没有人知道啊.

3992608 · 发表于 2009-4-3 16:29:10

好多啊。。我菜鸟，飘过

		自动登录	找回密码
密码			建立账号

[求助] 一道关于园区网排错,请求下华为的高手帮忙解答

浏览过的版块