MA5680T 下用户由于ACL规则反掩码配置错误导致无法上网

发布时间:  2017-05-10 浏览次数:  213 下载次数:  0
问题描述
MA5680T下的用户是固定ip地址方式上网,前期上网正常,突然无法上网,且只有一个网段的地址无法上网。故障用户不固定在某一pon口和pon板下。
处理过程

1、查看MA5680T上数据配置,数据配置正确。

2、针对无法上网的用户进行检查光功率,光路质量统计均正常。

3、更换ont设备后测试故障依旧。

4、更换上网ip后发现用户上网正常。

6、再次查看设备上数据,发现针对故障网段用户配置了acl规则,删除acl规则后用户上网正常。

acl number 2001
 rule 10 permit source 192.168.7.0 0.0.0.128
 rule 15 deny

7、根据需求,想要实现该网段的前半个C地址实现上网,该反掩码应该为0.0.0.127,修改后正常。

acl number 2001
 rule 10 permit source 192.168.7.0 0.0.0.127
 rule 15 deny

根因
由于ACL规则中反掩码配置错误导致无法正常上网
解决方案
将acl规则中反掩码0.0.0.128修改为0.0.0.127后正常。
建议与总结

以下是子网掩码-掩码位-反掩码 对照表

反掩码-----掩码位-------子网掩码

127.255.255.255 = 1 = 128.0.0.0

63.255.255.255 = 2 = 192.0.0.0

31.255.255.255 = 3 = 224.0.0.0

15.255.255.255 = 4 = 240.0.0.0

7.255.255.255 = 5 = 248.0.0.0

3.255.255.255 = 6 = 252.0.0.0

1.255.255.255 = 7 = 254.0.0.0

0.255.255.255 = 8 = 255.0.0.0

0.127.255.255 = 9 = 255.128.0.0

0.63.255.255 = 10 = 255.192.0.0

0.31.255.255 = 11 = 255.224.0.0

0.15.255.255 = 12 = 255.240.0.0

0.7.255.255 = 13 = 255.248.0.0

0.3.255.255 = 14 = 255.252.0.0

0.1.255.255 = 15 = 255.254.0.0

0.0.255.255 = 16 = 255.255.0.0

0.0.127.255 = 17 = 255.255.128.0

0.0.63.255 = 18 = 255.255.192.0

0.0.31.255 = 19 = 255.255.224.0

0.0.15.255 = 20 = 255.255.240.0

0.0.7.255 = 21 = 255.255.248.0

0.0.3.255 = 22 = 255.255.252.0

0.0.1.255 = 23 = 255.255.254.0

0.0.0.255 = 24 = 255.255.255.0

0.0.0.127 = 25 = 255.255.255.128

0.0.0.63 = 26 = 255.255.255.192

0.0.0.31 = 27 = 255.255.255.224

0.0.0.15 = 28 = 255.255.255.240

0.0.0.7 = 29 = 255.255.255.248

0.0.0.3 = 30 = 255.255.255.252

0.0.0.1 = 31 = 255.255.255.254

0.0.0.0 = 32 = 255.255.255.255


 

END