ANTI DDoS 8080 ping不通互联交换机

发布时间:  2016-12-07 浏览次数:  94 下载次数:  0
问题描述

在部署过程中,设备ANTI DDoS 8080与交换机设备S12712互联ping不通。

——————————————————————————————————

涉及设备 ANTI DDoS8080一台 S12712两台(堆叠成一台)

软件版本 ANTI DDoS8080 V500R001C20SPC200

         S12712 V200R008C00SPC500

拓扑图



设备相关配置

DDos 8080 相关配置

interface Eth-Trunk1

#

interface Eth-Trunk1.3090

 vlan-type dot1q 3090

 ip address 192.168.194.2 255.255.255.252

 anti-ddos clean enable

 anti-ddos flow-statistic enable

 service-manage ping permit

 service-manage telnet permit

#

interface Eth-Trunk1.3091

 vlan-type dot1q 3091

 ip address 192.168.194.6 255.255.255.252

 service-manage ping permit

#

interface GigabitEthernet4/0/10

 undo shutdown

 eth-trunk 1

#

interface GigabitEthernet4/1/10

 undo shutdown

 eth-trunk 1

#

firewall zone trust

 set priority 85

 add interface Eth-Trunk1

 add interface Eth-Trunk1.3090

 add interface Eth-Trunk1.3091

security-policy

 default action permit

 

 

S12712相关配置

int vlanif 3090

ip address 192.168.194.1 255.255.255.252

 

int vlanif 3091

ip address 192.168.194.5 255.255.255.252

 

interface Eth-Trunk1

 port link-type trunk

 port trunk allow-pass vlan 3090 3091

 

interface 10GE1/2/0/8

 eth-trunk 1

 

interface 10GE2/2/0/8

 eth-trunk 1

 

告警信息

处理过程

1、        检查三层配置 display ip int br

2、        检查链路捆绑配置 display int eth-trunk 1

3、        检查DDoS 策略放行 display cur | be security-policy

4、        上述检查状态正常,尝试激活license后再测试ping功能。

5、        激活license激活与清洗功能后,并指定清洗引擎板卡,检测引擎板卡。

license active cfcard:/LICSecospaceAntiDDoS8080V500R001_201610193FDS60.dat

 firewall ddos detect-spu slot 1 card 0

 firewall ddos detect-spu slot 1 card 1

 firewall ddos detect-spu slot 2 card 0

 firewall ddos detect-spu slot 2 card 1

 firewall ddos clean-spu slot 3 card 0

 firewall ddos clean-spu slot 3 card 1

6、         ping功能正常可ping

根因

未激活license功能无法正常使用业务板卡ping功能。

解决方案

先激活license,并指定清洗引擎板卡、检测引擎板卡再做对接测试。

license active cfcard:/LICSecospaceAntiDDoS8080V500R001_201610193FDS60.dat

 firewall ddos detect-spu slot 1 card 0

 firewall ddos detect-spu slot 1 card 1

 firewall ddos detect-spu slot 2 card 0

 firewall ddos detect-spu slot 2 card 1

 firewall ddos clean-spu slot 3 card 0

 firewall ddos clean-spu slot 3 card 1

建议与总结

END