Здравствуйте. Есть такая проблема, имеется коммутатор 3200-26 А1, на него подключены абоненты и от одного абонента идет мультикаст причем без запросов просто вещается в сеть помогите пожалуйста как нибудь заблокировать этот флуд, а то уже все перепробовал.
вот конфиг
Код:
#-------------------------------------------------------------------
# DES-3200-26 Configuration
#
# Firmware: Build 1.85.B008
# Copyright(C) 2010 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------
# BASIC
config serial_port baud_rate 9600 auto_logout 10_minutes
# STORM
config traffic control auto_recover_time 0
config traffic control_trap both
config traffic control 1-24 broadcast enable multicast enable unicast disable action drop threshold 64 countdown 0 time_interval 5
config traffic control 25-26 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5
# LOOP_DETECT
enable loopdetect
config loopdetect recover_timer 600
config loopdetect interval 10
config loopdetect mode port-based
config loopdetect trap both
config loopdetect ports 1-24 state enabled
config loopdetect ports 25-26 state disabled
# QOS
config scheduling_mechanism strict
config scheduling 0 strict
config scheduling 0 weight 1
config scheduling 1 weight 2
config scheduling 2 weight 4
config scheduling 3 weight 8
config 802.1p user_priority 0 1
config 802.1p user_priority 1 0
config 802.1p user_priority 2 0
config 802.1p user_priority 3 1
config 802.1p user_priority 4 2
config 802.1p user_priority 5 2
config 802.1p user_priority 6 3
config 802.1p user_priority 7 3
config cos tos value 0 class 0
config cos tos value 1 class 0
config cos tos value 2 class 0
config cos tos value 3 class 0
config cos tos value 4 class 0
config cos tos value 5 class 0
config cos tos value 6 class 0
config cos tos value 7 class 0
config dscp_mapping dscp_value 0 class 0
config dscp_mapping dscp_value 1 class 0
config dscp_mapping dscp_value 2 class 0
config dscp_mapping dscp_value 3 class 0
config dscp_mapping dscp_value 4 class 0
config dscp_mapping dscp_value 5 class 0
config dscp_mapping dscp_value 6 class 0
config dscp_mapping dscp_value 7 class 0
config dscp_mapping dscp_value 8 class 0
config dscp_mapping dscp_value 9 class 0
config dscp_mapping dscp_value 10 class 0
config dscp_mapping dscp_value 11 class 0
config dscp_mapping dscp_value 12 class 0
config dscp_mapping dscp_value 13 class 0
config dscp_mapping dscp_value 14 class 0
config dscp_mapping dscp_value 15 class 0
config dscp_mapping dscp_value 16 class 0
config dscp_mapping dscp_value 17 class 0
config dscp_mapping dscp_value 18 class 0
config dscp_mapping dscp_value 19 class 0
config dscp_mapping dscp_value 20 class 0
config dscp_mapping dscp_value 21 class 0
config dscp_mapping dscp_value 22 class 0
config dscp_mapping dscp_value 23 class 0
config dscp_mapping dscp_value 24 class 0
config dscp_mapping dscp_value 25 class 0
config dscp_mapping dscp_value 26 class 0
config dscp_mapping dscp_value 27 class 0
config dscp_mapping dscp_value 28 class 0
config dscp_mapping dscp_value 29 class 0
config dscp_mapping dscp_value 30 class 0
config dscp_mapping dscp_value 31 class 0
config dscp_mapping dscp_value 32 class 0
config dscp_mapping dscp_value 33 class 0
config dscp_mapping dscp_value 34 class 0
config dscp_mapping dscp_value 35 class 0
config dscp_mapping dscp_value 36 class 0
config dscp_mapping dscp_value 37 class 0
config dscp_mapping dscp_value 38 class 0
config dscp_mapping dscp_value 39 class 0
config dscp_mapping dscp_value 40 class 0
config dscp_mapping dscp_value 41 class 0
config dscp_mapping dscp_value 42 class 0
config dscp_mapping dscp_value 43 class 0
config dscp_mapping dscp_value 44 class 0
config dscp_mapping dscp_value 45 class 0
config dscp_mapping dscp_value 46 class 0
config dscp_mapping dscp_value 47 class 0
config dscp_mapping dscp_value 48 class 0
config dscp_mapping dscp_value 49 class 0
config dscp_mapping dscp_value 50 class 0
config dscp_mapping dscp_value 51 class 0
config dscp_mapping dscp_value 52 class 0
config dscp_mapping dscp_value 53 class 0
config dscp_mapping dscp_value 54 class 0
config dscp_mapping dscp_value 55 class 0
config dscp_mapping dscp_value 56 class 0
config dscp_mapping dscp_value 57 class 0
config dscp_mapping dscp_value 58 class 0
config dscp_mapping dscp_value 59 class 0
config dscp_mapping dscp_value 60 class 0
config dscp_mapping dscp_value 61 class 0
config dscp_mapping dscp_value 62 class 0
config dscp_mapping dscp_value 63 class 0
config 802.1p default_priority 1-26 0
config cos mapping port 1-26 ethernet 802.1p
# MIRROR
disable mirror
config mirror port 1 delete source ports 1 both
# BANDWIDTH
config bandwidth_control 1-26 rx_rate no_limit tx_rate no_limit
config per_queue bandwidth_control ports 1-26 0 max_rate no_limit
config per_queue bandwidth_control ports 1-26 1 max_rate no_limit
config per_queue bandwidth_control ports 1-26 2 max_rate no_limit
config per_queue bandwidth_control ports 1-26 3 max_rate no_limit
# TRAF-SEGMENTATION
config traffic_segmentation 1-26 forward_list 1-26
# PACKET_FROM_CPU
config mgmt_pkt_priority default
# SSL
disable ssl
enable ssl ciphersuite RSA_with_RC4_128_MD5
enable ssl ciphersuite RSA_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite DHE_DSS_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
config ssl cachetimeout 600
# PORT
enable jumbo_frame
config ports 1-26 speed auto flow_control disable state enable clear_description
config ports 1-26 learning enable
config ports 1-26 mdix auto
config autocable_diag ports 1-26 state disable
config ports 25-26 medium_type fiber speed auto flow_control disable state enable clear_description
config ports 25-26 medium_type fiber learning enable
# OAM
# DDM
config ddm trap disable
config ddm log enable
config ddm ports 25-26 state enable shutdown none
# TIME_RANGE
# GM
config sim candidate
enable sim
config sim dp_interval 30
config sim hold_time 100
# MANAGEMENT
enable snmp traps
enable snmp authenticate_traps
enable snmp linkchange_traps
config snmp linkchange_traps ports 25-26 enable
config snmp linkchange_traps ports 1-24 disable
config snmp system_name Romantikov_16
config snmp system_location Romantikov_16
enable rmon
# DEBUG_HANDLER
debug config error_reboot enable
# VLAN
disable asymmetric_vlan
enable pvid auto_assign
config vlan default delete 1-26
config vlan default advertisement disable
config vlan default add tagged 25-26
create vlan vlan2 tag 200
config vlan vlan2 add tagged 25-26
config vlan vlan2 add untagged 1-24
create vlan manage tag 1000
config vlan manage add tagged 25-26
disable qinq
disable gvrp
config gvrp nni_bpdu_addr dot1d
config qinq ports 1-26 role nni outer_tpid 0x88A8 trust_cvid disable vlan_translation disable
config gvrp 1-24 state disable ingress_checking enable acceptable_frame admit_all pvid 200
config gvrp 25-26 state disable ingress_checking enable acceptable_frame admit_all pvid 1
# PROTOCOL_VLAN
# 8021X
disable 802.1x
config 802.1x auth_protocol radius_eap
config radius parameter timeout 5 retransmit 2
config 802.1x capability ports 1-26 none
config 802.1x auth_parameter ports 1-26 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
# PORT_LOCK
disable port_security trap_log
config port_security ports 1-26 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnTimeout
# PPPOE
config pppoe circuit_id_insertion state disable
config pppoe circuit_id_insertion ports 1-26 state enable circuit_id ip remote_id default
# MAC_ADDRESS_TABLE_NOTIFICATION
config mac_notification interval 1 historysize 1
disable mac_notification
config mac_notification ports 1-26 disable
# LACP
config lacp_ports 1-26 mode passive
config link_aggregation algorithm mac_source
# ERPS
config erps log disable
config erps trap disable
disable erps
# MULTI FILTER
create mcast_filter_profile profile_id 1 profile_name 1
create mcast_filter_profile profile_id 2 profile_name Child
create mcast_filter_profile profile_id 3 profile_name Sport
create mcast_filter_profile profile_id 4 profile_name Nauk
create mcast_filter_profile profile_id 5 profile_name Cinema
create mcast_filter_profile profile_id 6 profile_name Adult
config mcast_filter_profile profile_id 1 add 224.2.127.254
config mcast_filter_profile profile_id 1 add 225.1.1.0-225.1.1.255
config mcast_filter_profile profile_id 1 add 225.1.2.0-225.1.2.255
config mcast_filter_profile profile_id 2 add 226.12.1.0-226.12.1.255
config mcast_filter_profile profile_id 3 add 226.123.1.0-226.123.1.255
config mcast_filter_profile profile_id 4 add 227.234.1.0-227.234.1.255
config mcast_filter_profile profile_id 5 add 228.45.1.0-228.45.1.255
config mcast_filter_profile profile_id 6 add 229.34.1.0-229.34.1.255
config control_pkt ipv4 igmp replace priority none dscp none
config control_pkt ipv4 vrrp replace priority none dscp none
config control_pkt ipv4 rip replace priority none dscp none
config control_pkt ipv4 pim replace priority none dscp none
config control_pkt ipv4 dvmrp replace priority none dscp none
config control_pkt ipv4 ospf replace priority none dscp none
config control_pkt ipv6 mld replace priority none dscp none
config control_pkt ipv6 pim replace priority none dscp none
config control_pkt ipv6 ospf replace priority none dscp none
config control_pkt ipv6 ripng replace priority none dscp none
config control_pkt ipv6 nd replace priority none dscp none
config max_mcast_group ports 1-26 max_group 1024
config limited_multicast_addr ports 1-26 add profile_id 1
config limited_multicast_addr ports 25-26 add profile_id 2
config limited_multicast_addr ports 25-26 add profile_id 3
config limited_multicast_addr ports 25-26 add profile_id 4
config limited_multicast_addr ports 25-26 add profile_id 5
config limited_multicast_addr ports 25-26 add profile_id 6
config max_mcast_group ports 1-26 ipv6 max_group 1024
# BPDU_TUNNEL
config bpdu_tunnel ports all type none
disable bpdu_tunnel
# BPDU_PROTECTION
enable bpdu_protection
config bpdu_protection trap both
config bpdu_protection ports 1-24 state enable
config bpdu_protection ports 1-26 mode shutdown
# SAFEGUARD_ENGINE
config safeguard_engine state enable utilization rising 80 falling 60 trap_log enable mode strict
# BANNER_PROMP
config command_prompt default
config greeting_message default
# SNOOP
enable igmp_snooping
config igmp_snooping data_driven_learning max_learned_entry 56
enable igmp_snooping multicast_vlan
create igmp_snooping multicast_vlan ismvlan 247
config igmp_snooping multicast_vlan ismvlan state enable
config igmp_snooping multicast_vlan ismvlan replace_source_ip 192.168.247.100
config igmp_snooping multicast_vlan ismvlan add member_port 1-24
config igmp_snooping multicast_vlan ismvlan add source_port 25-26
config igmp_snooping vlan_name default state enable fast_leave disable report_suppression disable
config igmp_snooping data_driven_learning vlan_name default aged_out disable
config igmp_snooping querier all query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable version 2
config igmp_snooping vlan_name vlan2 state enable fast_leave disable report_suppression disable
config igmp_snooping data_driven_learning vlan_name vlan2 aged_out disable
config igmp_snooping vlan_name ismvlan fast_leave enable report_suppression disable
config igmp_snooping data_driven_learning vlan_name ismvlan aged_out enable
config igmp_snooping vlan_name manage state enable fast_leave disable report_suppression disable
config igmp_snooping data_driven_learning vlan_name manage aged_out disable
config router_ports_forbidden vlan2 add 11
config router_ports ismvlan add 25-26
config router_ports_forbidden ismvlan add 1-24
config igmp access_authentication ports 1-10,12-26 state disable
config igmp access_authentication ports 11 state enable
# MLDSNP
# FDB
config fdb aging_time 300
config multicast port_filtering_mode 1-26 filter_unregistered_groups
disable flood_fdb
config flood_fdb log disable trap disable
config block tx ports 1-26 unicast disable
# VLAN_TRUNK
disable vlan_trunk
# SMTP
disable smtp
# ACL
create cpu access_profile profile_id 1 ip destination_ip 248.0.0.0
config cpu access_profile profile_id 1 add access_id 1 ip destination_ip 224.0.0.0 port 1-24 permit
create cpu access_profile profile_id 3 ip destination_ip 240.0.0.0
config cpu access_profile profile_id 3 add access_id 1 ip destination_ip 224.0.0.0 port 1-24 deny
enable cpu_interface_filtering
# RebootSchedule
# DHCP_SERVER_SCREENING
config filter dhcp_server ports 1-26 state disable
config filter dhcp_server illegal_server_log_suppress_duration 5min
config filter dhcp_server trap disable
config filter dhcp_server log disable
# COMPOUND_AUTHENTICATION
config authentication ports 1-26 auth_mode host_based
config authentication ports 1-26 multi_authen_methods none
# ADDRBIND
config address_binding ip_mac ports 1-24 state enable strict allow_zeroip enable forward_dhcppkt enable
config address_binding ip_mac ports 1-26 mode arp stop_learning_threshold 500
config address_binding dhcp_snoop max_entry ports 1-26 limit 5
config address_binding dhcp_snoop max_entry ports 1-26 limit no_limit ipv6
config address_binding ip_mac ports 25-26 state disable allow_zeroip disable forward_dhcppkt enable
enable address_binding dhcp_snoop
enable address_binding trap_log
disable address_binding dhcp_snoop ipv6
# ARPSPOOF
# CFM
# MBA
disable mac_based_access_control
enable authorization attributes
config mac_based_access_control authorization attributes radius enable
config mac_based_access_control authorization attributes local enable
config mac_based_access_control trap state enable
config mac_based_access_control log state enable
config mac_based_access_control ports 1-26 state disable
config mac_based_access_control ports 1-26 mode host_based
config mac_based_access_control method local
config mac_based_access_control auth_failover disable
config mac_based_access_control password default
config mac_based_access_control max_users 128
# LLDP
disable lldp
config lldp message_tx_interval 30
config lldp tx_delay 2
config lldp message_tx_hold_multiplier 4
config lldp reinit_delay 2
config lldp notification_interval 5
config lldp ports 1-26 notification disable
config lldp ports 1-26 admin_status tx_and_rx
# ARP
config arp_aging time 20
config gratuitous_arp send ipif_status_up enable
config gratuitous_arp send dup_ip_detected enable
config gratuitous_arp learning enable
disable gratuitous_arp ipif System trap
enable gratuitous_arp ipif System log
# DHCPV6_LOCAL_RELAY
disable dhcpv6_local_relay
# RELAY6
config dhcpv6_relay hop_count 4
disable dhcpv6_relay
config dhcpv6_relay option_37 state disable check disable
config dhcpv6_relay option_37 remote_id default
config dhcpv6_relay option_18 state enable check disable
config dhcpv6_relay option_18 interface_id default
config dhcpv6_relay port 1-26 state enable
#-------------------------------------------------------------------
# End of configuration file for DES-3200-26
#-------------------------------------------------------------------
Вход
Регистрация
FAQ
Поиск
