HP MSR2004路由器没有通过nat处理udp。
HP MSR2004路由器没有通过nat处理udp。
提问于 2018-05-28 16:30:40
我为公司网络建立了一个新的HP MSR2004路由器。该网络使用内部专用网络,并具有一个静态公共ip地址。上网和所有与tcp相关的事情似乎都很好。通过udp的dns也是如此。
但是,所有基于UDP的服务都不能正常工作。我们使用的是外部SIP提供商和内部网络中的ip电话,它们的注册不断松动,无法拨打出站电话。
下面是(净化)配置文件:
#
version 7.1.064, Release 0605P20
#
sysname gw-1
#
ip icmp source 192.168.100.1
#
nat address-group 0
address xxx.91.227.170 xxx.91.227.170
#
nat mapping-behavior endpoint-independent
#
dhcp enable
#
dns proxy enable
dns server 8.8.8.8
dns server 8.8.4.4
#
password-recovery enable
#
vlan 1
#
vlan 10
name Management VLAN
#
vlan 11
name Internal VLAN
#
vlan 12
name Guest Wifi VLAN
#
vlan 20
name Sublet 1 VLAN
#
qos map-table dscp-lp
import 6 export 6
#
traffic classifier highprio operator and
if-match acl name sip
#
traffic behavior communication
#
traffic behavior highprio
remark local-precedence 7
#
qos policy communication
classifier highprio behavior highprio
#
stp mode rstp
stp global enable
#
dhcp server ip-pool guest
gateway-list 192.168.210.1
network 192.168.210.0 mask 255.255.255.0
address range 192.168.210.10 192.168.210.200
dns-list 192.168.210.1
expired day 0 hour 4
#
dhcp server ip-pool internal
gateway-list 192.168.200.1
network 192.168.200.0 mask 255.255.254.0
address range 192.168.200.10 192.168.201.200
dns-list 192.168.200.1
expired day 0 hour 8
#
controller Cellular0/0
#
interface Aux0
#
interface NULL0
#
interface Vlan-interface10
ip address 192.168.100.1 255.255.255.0
#
interface Vlan-interface11
ip address 192.168.200.1 255.255.254.0
packet-filter 3000 inbound
qos apply policy communication inbound
#
interface Vlan-interface12
ip address 192.168.210.1 255.255.255.0
packet-filter 3000 inbound
packet-filter 3001 inbound
qos apply policy communication inbound
#
interface Vlan-interface20
packet-filter 3000 inbound
#
interface GigabitEthernet0/0
port link-mode route
ip address xxx.91.227.170 255.255.255.248
tcp mss 1460
packet-filter name external inbound
nat outbound address-group 0 port-preserved
#
interface GigabitEthernet0/1
port link-mode route
#
interface GigabitEthernet0/2
port link-mode route
#
interface GigabitEthernet0/27
port link-mode route
#
interface GigabitEthernet0/3
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 12 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/4
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 12 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/5
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 12 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/6
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 12 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/7
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 12 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/8
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 12 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/9
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 12 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/10
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 12 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/11
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/12
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/13
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/14
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/15
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/16
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/17
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/18
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
port hybrid pvid vlan 10
#
interface GigabitEthernet0/19
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/20
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 12 tagged
port hybrid vlan 1 untagged
port hybrid pvid vlan 10
#
interface GigabitEthernet0/21
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
port hybrid pvid vlan 10
#
interface GigabitEthernet0/22
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/23
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/24
port link-mode bridge
port link-type hybrid
port hybrid vlan 10 to 11 tagged
port hybrid vlan 1 untagged
#
interface GigabitEthernet0/25
port link-mode bridge
port access vlan 11
#
interface GigabitEthernet0/26
port link-mode bridge
port access vlan 10
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0
user-role network-operator
#
line vty 1
authentication-mode scheme
user-role network-operator
#
line vty 2 63
user-role network-operator
#
ip route-static 0.0.0.0 0 xxx.91.227.169
#
ssh server enable
ssh user admin service-type all authentication-type password
#
ssh2 algorithm cipher aes256-cbc
#
ntp-service unicast-server ptbtime1.ptb.de
#
acl advanced 3000
rule 0 deny tcp destination 192.168.100.0 0.0.0.255
rule 1 deny udp destination 192.168.100.0 0.0.0.255
#
acl advanced 3001
rule 0 deny ip destination 192.168.100.0 0.0.0.255
rule 1 deny ip destination 192.168.200.0 0.0.0.255
#
acl advanced name external
rule 0 permit icmp
rule 5 permit tcp established
rule 15 permit udp source-port eq dns
rule 20 permit udp destination-port gt 1024
rule 21 permit udp
rule 25 permit 115
rule 9999 deny ip
#
acl advanced name sip
rule 0 permit tcp destination-port range 5060 5061
rule 5 permit udp destination-port range 5060 5061
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash xxx
service-type ssh telnet terminal http
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
cwmp
cwmp enable
#
return更新:该设备支持多种协议的NAT ALG,SIP就是其中之一。不管有没有ALG,都没有区别。然而,看看星号服务器接收到的sip数据包,SBC正确地重写了主体。来电正常,包括音频。这使我得出这样的结论:传出的udp数据包不被正确跟踪/PAT‘’ed一定有问题。不过,我可能已经完全离开了!
如何调试/解决此问题?
回答 1
Network Engineering用户
回答已采纳
发布于 2018-06-21 11:36:51
原来那口酒从来不是问题所在。ip电话(Snom D710)发送dns请求,以确定该域是否有用于sip的SRV记录。路由器放弃dns请求,而不是使用domain not found进行应答。所以在打电话之前,电话一直打了一分钟。
页面原文内容由Network Engineering提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://networkengineering.stackexchange.com/questions/50772
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号