No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Intranet users Fail to Access Public Networks

Intranet users Fail to Access Public Networks

Fault Description

This fault is commonly caused by one of the following:
  • Outbound NAT is not properly configured on the outbound interface connected to the public network.
  • The configuration of the ACL bound to outbound NAT is incorrect.

Procedure

  1. Check whether packets are received on interfaces of device.

    Run the display interface interface-type interface-number command on the device to display the value of the Input field.

    • If the value of the Input field is 0, the device does not receive any packets. Check the interface configuration to ensure that the interface can receive packets.
    • If the value of the Input field is not 0, go to step 2.
    NOTE:

    The device supports GE, FE, Eth-Trunk, and sub-interfaces. If an Eth-Trunk sub-interface is used, run the display interface eth-trunk [ trunk-id [.subnumber ] ] command to check whether the Eth-Trunk sub-interface receives packets.

  2. Check whether the ACL rule bound to outbound NAT allows NAT service packets to pass through.

    Run the display nat outbound command on the device to check whether outbound NAT is correctly configured.

    [Huawei]display nat outbound 
      NAT Outbound Information:
     ---------------------------------------------------------------------------
     Interface                     Acl      Address-group/IP/Interface      Type
     ---------------------------------------------------------------------------
     GigabitEthernet0/0/0         2000                               1    no-pat
     ---------------------------------------------------------------------------
      Total : 1                                                                
    

    The preceding information indicates that ACL 2000 is bound to outbound NAT on GigabitEthernet0/0/0.

    Check whether the rule of ACL 2000 is configured correctly. If the IP address, interface number, or protocol type in the rule of ACL 2000 is configured incorrectly, packets cannot be transmitted correctly.

    Run the display acl 2000 command to check the configuration of outbound NAT bound to ACL 2000.
    [Huawei] display acl 2000 
    Basic ACL2000, 1 rule 
    Acl's step is 5 
    rule 5 permit source 192.168.1.100 0 
    

    The rule of ACL 2000 matches packets with the source address 192.168.1.100.

    • If the ACL rule is configured incorrectly, reconfigure the ACL rule.
    • If the ACL rule is configured correctly but the fault persists, go to step 3.

  3. Check that the address pool configuration is correct.

    Run the display nat address-group command on the device to check whether the address pool bound to outbound NAT on the outbound interface is correct.
    [Huawei] display nat address-group 1 
    NAT Address-Group Information: 
    -------------------------------------- 
    Index   Start-address      End-address 
    -------------------------------------- 
    1       10.0.0.100         10.0.0.110 
    -------------------------------------- 
    Total : 1     
    
    
    To check Easy IP information on the outbound port, run the display nat outbound command on the device. For example:
    [Huawei] display nat outbound 
     NAT Outbound Information: 
     -------------------------------------------------------------------------- 
     Interface                    Acl      Address-group/IP/Interface      Type 
     -------------------------------------------------------------------------- 
     GigabitEthernet0/0/1        2000                         1.1.1.1    easyip 
     -------------------------------------------------------------------------- 
      Total : 1        
    
    The preceding information indicates that Easy IP is configured on GigabitEthernet0/0/1 and the address pool 1.1.1.1 bound to the interface is the address pool advertised on the interface. If NAT is disabled, you perform the following steps:
    • If the bound IP address is the interface address, ensure that the interface address is valid.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034231

Views: 82457

Downloads: 54

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next