電腦接在 Core Switch VLAN上,可以上網卻無法 ping 到 VLAN interface,也無法 ping 到防火牆
電腦接在 Core Switch VLAN上,可以上網卻無法 ping 到 VLAN interface,也無法 ping 到防火牆
防火牆 Fortigate 60D 192.168.12.1/24
GSM4352S VLAN 12 Interface 192.168.12.254/24
PC 由 GSM4352S DHCP 服務取得 IP(假設 192.168.12.9/24),預設閘道 192.168.12.254
因為 GSM4352S 的預設閘道是 192.168.13.1/24
所以使用 route-map 去指定下一跳
access-list 113 permit ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 113 deny ip 192.168.12.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 113 deny ip 192.168.12.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 113 deny ip 192.168.12.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 113 permit ip 192.168.12.0 0.0.0.255 any
access-list 115 deny ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 115 permit ip 192.168.12.0 0.0.0.255 192.168.13.0 0.0.0.255
access-list 115 permit ip 192.168.12.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 115 permit ip 192.168.12.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 115 permit ip 192.168.12.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 115 permit ip 192.168.12.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 115 permit ip 192.168.12.0 0.0.0.255 192.168.18.0 0.0.0.255
route-map 113 permit 10
match ip address 115
exit
route-map 113 permit 20
match ip address 113
set ip next-hop 192.168.12.1
exit
PC 可以 上網,但是 ping 不到 GSM4352S VLAN 12 Interface IP 192.168.12.254,也 ping 不到 FG60D Internal Interface IP 192.168.12.1
請問有可能是甚麼原因嗎?