Здравствуйте.
Проблемы с коммутатором DGS-1210-28XS/ME Firmware Version: 7.02.B028
При схеме dhcp_local_relay + dhcp snooping + address binding arp inspection некоторые абоненты не могут получить айпи. Постоянно попадают в лог с
Aug 17 16:54:15:IMPB-4: Unathenticated IP-MAC address and discarded by ip mac port binding (IP: 169.254.36.137, MAC: 00-30-67-56-F8-02, Port: 9)
При этом в show address_binding blocked all пусто. Получается что мака абонента нет нигде, хотя запросы от него на DHCP сервер приходят исправно.
На портах с включенным snooping + arp inspection команда sh fdb показывает маки с пометкой static. С чего они статик-то?
Если отключить snooping + arp inspection тогда абоны айпи получают и пингуются но show fdb показывает что на порту нет маков совсем.
Команда clear fdb вообще не работает.
Актуально и для прошивки 7.02.B029
Настройка dhcp_local_relay + dhcp snooping +address binding + arp inspection как-то изменилась в сравнении с DES-3200 C1?
Что дает команда address_binding vlan_checking enable?
конфиг:
Код:
Command: show config modified
#------------------------------------------------------------------------
# DGS-1210-28XS/ME Gigabit Ethernet Switch Configuration
#
# Firmware: Build 7.02.B028
# Copyright(C) 2010 D-Link Corporation. All rights reserved.
#------------------------------------------------------------------------
# User Account
# Basic
config snmp system_name "hostname"
disable web
# Vlan
config vlan default delete 1-28
create vlan vlan1600 tag 1600
create vlan vlan3436 tag 3436
create vlan vlan4000 tag 4000
create vlan vlan4005 tag 4005
create vlan vlan4014 tag 4014
config vlan vlan1600 add tagged 25-28 advertisement disable
config vlan vlan3436 add tagged 25-28 advertisement disable
config vlan vlan3436 add untagged 1-9,11-24 advertisement disable
config vlan vlan4000 add tagged 6,9,12,25-28 advertisement disable
config vlan vlan4005 add tagged 25-28 advertisement disable
config vlan vlan4005 add untagged 10 advertisement disable
config vlan vlan4014 add tagged 25-28 advertisement disable
# IMPBv2
enable address_binding dhcp_snoop ports 1-8,10-24
disable address_binding dhcp_snoop ports 1-8,10-24 ipv6
config address_binding ip_mac ports 1-8,10-24 arp_inspection strict nd_inspection disable ip_inspection disable protocol ipv4 state enable allow_zeroip enable forward_dhcppkt enable
config address_binding ip_mac ports 9 arp_inspection disable nd_inspection disable ip_inspection disable protocol ipv4 state disable allow_zeroip enable forward_dhcppkt enable
enable address_binding trap_log
config filter dhcp_server ports 1-24 state enable
# IP
config ipif System ipaddress 172.26.0.148/255.255.252.0
# Multi Interface
config ipif System vlan vlan1600
# Static Route
create iproute default 172.26.0.1 1 primary
# STP
enable stp
config stp ports 1-26 externalcost auto edge auto restricted_tcn false restricted_role false p2p auto state disable priority 128 fbpdu disable
config stp mst_config_id name 00:01:02:03:04:05 revision_level 0
# traffic segmentation
config traffic_segmentation 1-26 forward_list 27-28
# LLDP
config lldp ports 1-28 mgt_addr ipv4 172.26.0.148 disable
# Syslog
enable syslog
create syslog host 1 ipaddress 192.168.100.50 severity informational facility local0 udp_port 514 state enable
# SNMP
create snmp host 192.168.100.50 v2c public
config snmp engineID 4447532d313231302d323858532f4d45000102030405
enable snmp authenticate_traps
config snmp coldstart_traps enable
config snmp warmstart_traps enable
enable snmp linkchange_traps
config snmp linkchange_traps ports 1-28 enable
enable snmp Login_Logout traps
enable snmp rstpport_state_change traps
enable snmp firmware_upgrade_state traps
enable snmp port_security_violation traps
enable snmp IMPB_violation traps
enable snmp LBD traps
enable snmp DHCP_screening traps
enable snmp duplicate_IP_detected traps
enable snmp DHCPv6_screening traps
enable snmp ICMPv6_RA_all_node traps
enable snmp DULD traps
# SNTP
config sntp primary 192.168.100.51 secondary 0.0.0.0 poll-interval 30
enable sntp
config time_zone operator + hour 3 minute 0
config dst disable
# DHCP_RELAY
config dhcp_relay vlan vlanid 1600,3436,4000,4005,4014 state disable
enable dhcp_local_relay
config dhcp_local_relay vlan vlanid 3436 state enable
config dhcp_local_relay vlan vlanid 4000 state enable
config dhcp_local_relay vlan vlanid 4005 state enable
config dhcp_local_relay port 1-24 state enable
# GVRP
config gvrp 1-9,11-24 pvid 3436
config gvrp 10 pvid 4005
# Loopback Detection
enable loopdetect
config loopdetect ports 1 state enable
config loopdetect ports 2 state enable
config loopdetect ports 3 state enable
config loopdetect ports 4 state enable
config loopdetect ports 5 state enable
config loopdetect ports 6 state enable
config loopdetect ports 7 state enable
config loopdetect ports 8 state enable
config loopdetect ports 9 state enable
config loopdetect ports 10 state enable
config loopdetect ports 11 state enable
config loopdetect ports 12 state enable
config loopdetect ports 13 state enable
config loopdetect ports 14 state enable
config loopdetect ports 15 state enable
config loopdetect ports 16 state enable
config loopdetect ports 17 state enable
config loopdetect ports 18 state enable
config loopdetect ports 19 state enable
config loopdetect ports 20 state enable
config loopdetect ports 21 state enable
config loopdetect ports 22 state enable
config loopdetect ports 23 state enable
config loopdetect ports 24 state enable
# IGMP snooping
config igmp_snooping vlanid 1600,3436,4000,4005,4014 state disable fast_leave disable report_suppression enable
config igmp_snooping vlanid 1600,3436,4000,4005,4014 proxy_reporting state disable
config igmp_snooping vlanid 1600,3436,4000,4005,4014 proxy_reporting source_ip 0.0.0.0
config igmp_snooping data_driven_learning vlanid 1600,3436,4000,4005,4014 state disable
config igmp_snooping data_driven_learning vlanid 1600,3436,4000,4005,4014 aged_out disable
config igmp_snooping querier vlanid 1600,3436,4000,4005,4014 state disable querier_version 2 last_member_query_interval 1 max_response_time 10 query_interval 125 robustness_variable 2
# MLD Snooping
config mld_snooping vlanid 1600,3436,4000,4005,4014 state disable fast_done disable
config mld_snooping data_driven_learning vlanid 1600,3436,4000,4005,4014 state disable
config mld_snooping querier vlanid 1600,3436,4000,4005,4014 state disable version 2 last_listener_query_interval 1 max_response_time 10 query_interval 125 robustness_variable 2
# Multicast Filter
config multicast vlan_filtering_mode vlan vlan1600 forward_unregistered_groups
config multicast vlan_filtering_mode vlan vlan3436 forward_unregistered_groups
config multicast vlan_filtering_mode vlan vlan4000 forward_unregistered_groups
config multicast vlan_filtering_mode vlan vlan4005 forward_unregistered_groups
config multicast vlan_filtering_mode vlan vlan4014 forward_unregistered_groups
# Flood FDB
config flood_fdb log enable
# port
config ports 27 speed 1000_full state enable flow_control disable learning enable description ""
config ports 28 speed auto state enable flow_control disable learning enable description "Uplink"