The subinterface address from the S9300 on pingSACG device can not ping.
1, Address on S9300 can ping NE40-E address. It proved that between s9300 and NE40-E is no problem;
2, NE40-E cannot ping SACG subinterface address. Check the route on NE40, the S9300, sacg, there was no problem; it proved that the problem is on NE40-E sacg.
3, View arp learning on NE40-E and sacg, it can learn, it proved that the link between the two devices is no problem.
4, Delete the subinterface configuration on NE40-E and sacg, directly use the main interface configuration. who can communicate with each other.
5, Checks the configuration found sub-eth-trunk interface on SACG is not added to the security domain, leading to the problem.
6, Add the handle interface to the security domain, the problem is solved.
1 Link problem;
2, The routing problem;
3, Device problems;
4, The configuration problem;
When the firewall is enabled subinterface, Do not forget add the interface that actual participation packet forwarding to the security domain.