在接口配置了DHCP后直连PC获取IP失败

发布时间:  2012-07-19 浏览次数:  199 下载次数:  0
问题描述

USG2200-------PC

PC直连USG2200获取IP失败

配置如下:

#
sysname LSJJCY-Inter-1
#
super password level 3 cipher N`C55QK<`=/Q=^Q`MAF4<1!!
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
#
nat address-group 10 58.46.64.16 58.46.64.16
nat server protocol tcp global 58.46.64.17 www inside 192.168.1.5 www
undo nat alg enable esp
nat alg enable ftp
nat alg enable dns
nat alg enable icmp
nat alg enable netbios
undo nat alg enable h323
undo nat alg enable hwcc
undo nat alg enable ils
undo nat alg enable pptp
undo nat alg enable qq
undo nat alg enable msn
undo nat alg enable user-define
undo nat alg enable sip
undo nat alg enable mgcp
undo nat alg enable mms
undo nat alg enable sqlnet
undo nat alg enable rtsp
firewall permit sub-ip
#
dhcp server forbidden-ip 192.168.1.1 192.169.1.10
dhcp enable
dhcp server detect
#
firewall statistic system enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
description inside
ip address 192.168.1.1 255.255.255.0
dhcp select interface
dhcp server dns-list 59.51.78.210 218.76.138.66
dhcp server domain-name huawei.com
#
interface Ethernet0/0/1
description outside
ip address 58.46.64.17 255.255.255.0
#
interface NULL0
#
right-manager server-group
#
acl number 2001
rule 0 permit source 192.168.1.0 0.0.0.255
#
acl number 3000
rule 0 permit ip destination 192.168.1.5 0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface Ethernet0/0/0
#
firewall zone untrust
set priority 5
add interface Ethernet0/0/1
#
firewall zone dmz
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local dmz
#
firewall interzone trust untrust
packet-filter 3000 inbound
packet-filter 2001 outbound
nat outbound 2001 address-group 10
#
#
#
firewall interzone dmz untrust
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
slb
#
ip route-static 0.0.0.0 0.0.0.0 58.46.64.1
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return

告警信息
处理过程

更换PC后故障依旧,该PC在别处可以正常获取地址。

通过命令:dis dhcp ser sta

Global Pool:
Pool Number: 0
Binding
Auto: 0
Manual: 0
Expire: 0
Interface Pool:
Pool Number: 1
Binding
Auto: 0
Manual: 0
Expire: 0
Boot Request: 123
Dhcp Discover: 123
Dhcp Request: 0
Dhcp Decline: 0
Dhcp Release: 0
Dhcp Inform: 0
Boot Reply: 0
Dhcp Offer: 0
Dhcp Ack: 0
Dhcp Nak: 0
Bad Messages: 0
 
HA Message:
BatchBackup send msg: 0
BatchBackup recv msg: 0
BatchBackup send lease: 0
BatchBackup recv lease: 0
 
发现PC一只在申请DHCP资源
 
通过debug发现:
DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15198233 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15198416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted
*0.15220150 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
*0.15220283 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15220416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15220600 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted
*0.15223150 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15223416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15223600 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted
*0.15231150 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
*0.15231283 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15231416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15231600 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted
*0.15246150 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: receive DHCPDISCOVER from 0011-4342-44D2
*0.15246283 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServerFindFreeIP: start get ip from DHCP free ip
*0.15246416 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer: Can not get free ip for 0011-4342-44D2 received from interface Ether
net0/0/0
*0.15246600 LSJJCY-Inter-E200-1 DHCPS/8/DHCPS_DEBUG_COMMON:
DhcpServer:Lease exhausted
 
DHCP资源池耗尽
 
通过display dhcp server ip-in-use all 发现没有分配任何IP地址出去
通过 display dhcp server free-ip 发现问题,free-ip 只有192.168.1.1一个IP地址
 
重新查配置发现:在dhcp server forbidden-ip 192.168.1.1 192.169.1.10 中,客户错写了结束IP地址,将整个192.168网段全部屏蔽掉了
 
修改配置后,问题解决。
根因

DHCP没有生效

PC网卡故障

建议与总结
今后在写dhcp server forbidden-ip时一定要仔细谨慎,避免后期投入大量资源排错

END