A PC Cannot Access the Internet Through the AR151-S

Publication Date:  2015-10-30 Views:  425 Downloads:  0
Issue Description


The intranet PC can successfully ping internal and external interfaces of the AR151-S. When the intranet source address is specified in the ping command, the AR151-S can ping the Internet. The PC fails to ping the IP address of the connected carrier's device.
Handling Process
1. The PC can ping the external interface's address of the AR151-S, indicating that the gateway address configuration of the PC is incorrect.

2. Run the display current-configuration | include Ethernet0/0/4 command to check the configuration of Eth0/0/4.

<Huawei> display current-configuration | include Ethernet0/0/4
#
interface Ethernet0/0/4 
  tcp adjust-mss 1200 
  nat outbound 2000 
  ip address dhcp-alloc
  ip route-static 0.0.0.0 0.0.0.0 Ethernet0/0/4
#

3. Run the display nat session all verbose command to check NAT entries of the AR151-S.

<Huawei> display nat session all verbose
  NAT Session Table Information:  

  Protocol          : TCP(6)
  SrcAddr  Port Vpn : 192.168.1.254 65532
  DestAddr Port Vpn : 114.128.10.1 1024
  Time To Live      : 60 s
  NAT-Info
  New SrcAddr     :----
  New SrcPort     : 1024
  New DestAddr    : 114.128.10.10
  New DestPort    : 21

  Protocol          : UDP(6)
  SrcAddr  Port Vpn : 192.168.1.253 65532
  DestAddr Port Vpn : 114.128.10.1 1024
  Time To Live      : 60 s
  NAT-Info
  New SrcAddr     :----
  New SrcPort     : 1024
  New DestAddr    : 114.128.10.10
  New DestPort    : 21

  Total : 2     

The value 192.168.1.254 is the IP address of the internal interface on the AR151-S, and the value 192.168.1.253 is the IP address of the PC. There are NAT session entries for the two IP addresses.

4. Change the static route to ip route-static 0.0.0.0 0.0.0.0 Ethernet0/0/4 114.128.10.1. Then the PC can access the Internet.
Root Cause
When receiving an Internet access packet from the intranet, the AR151-S sends the packet out through the local outbound interface Ethernet0/0/4. The Ethernet is the multi-access network where the router cannot determine the gateway address. The next hop IP address should be configured so that the router can determine the gateway address.
Solution
Configure the next hop IP address or next hop IP address plus the local outbound interface in the static route.

ip route-static 0.0.0.0 0.0.0.0 Ethernet0/0/4 114.128.10.1
Suggestions
On a multi-access network, specify the next hop IP address in the static route.

END