При вот такой конфигурации
create access_profile profile_id 1 profile_name Allow_legal_PPPoE_servers ethernet source_mac FF-FF-FF-FF-FF-FF destination_mac FF-FF-FF-FF-FF-FF ethernet_type
### Allow ARP and IP Protocol
config access_profile profile_id 1 add access_id auto_assign ethernet ethernet_type 0x0806 port 1-52 permit priority 1 replace_priority replace_dscp_with 8
### Block clients with server MAC
config access_profile profile_id 1 add access_id auto_assign ethernet source_mac XX-XX-XX-XX-XX-XX port 1-48 deny
### Allow PPPoE-session-packets from the hub to clients
### Allow broadcast PPPoE-session PADI packets from clients (RSTP: UpLink ports 49-52)
config access_profile profile_id 1 add access_id auto_assign ethernet destination_mac FF-FF-FF-FF-FF-FF ethernet_type 0x8863 port 1-52 permit priority 3 replace_priority replace_dscp_with 24
### Allow PPPoE-session packets from clients to hub (RSTP: UpLink ports 49-52)
config access_profile profile_id 1 add access_id auto_assign ethernet destination_mac XX-XX-XX-XX-XX-XX ethernet_type 0x8863 port 1-52 permit priority 3 replace_priority replace_dscp_with 24
config access_profile profile_id 1 add access_id auto_assign ethernet destination_mac XX-XX-XX-XX-XX-XX ethernet_type 0x8864 port 1-52 permit priority 3 replace_priority replace_dscp_with 24
### Allow PPPoE-data-packets from the hub to clients (RSTP: UpLink ports 49-52)
config access_profile profile_id 1 add access_id auto_assign ethernet source_mac XX-XX-XX-XX-XX-XX ethernet_type 0x8863 port 49-52 permit priority 3 replace_priority replace_dscp_with 24
config access_profile profile_id 1 add access_id auto_assign ethernet source_mac XX-XX-XX-XX-XX-XX ethernet_type 0x8864 port 49-52 permit priority 3 replace_priority replace_dscp_with 24
##############
### QoS IP ###
##############
create access_profile profile_id 2 profile_name QoS ip source_ip_mask 255.255.0.0 destination_ip_mask 255.255.0.0 udp src_port_mask 0xFFFF dst_port_mask 0xFFFF
config access_profile profile_id 2 add access_id auto_assign ip source_ip 0.0.0.0 port 1-52 permit priority 1 replace_priority replace_dscp_with 8
config access_profile profile_id 2 add access_id auto_assign ip source_ip 172.17.0.0 port 1-52 permit priority 1 replace_priority replace_dscp_with 8
config access_profile profile_id 2 add access_id auto_assign ip source_ip 172.23.0.0 udp src_port 5060 dst_port 5060 port 1-52 permit priority 5 replace_priority replace_dscp_with 40
config access_profile profile_id 2 add access_id auto_assign ip source_ip 172.23.0.0 udp src_port 49512 dst_port 49512 port 1-52 permit priority 5 replace_priority replace_dscp_with 40
config access_profile profile_id 2 add access_id auto_assign ip source_ip 172.31.0.0 destination_ip 172.31.0.0 port 49-52 permit priority 7 replace_priority replace_dscp_with 56
###############
## Deny all ###
###############
create access_profile profile_id 99 profile_name Deny_all ethernet source_mac 00-00-00-00-00-00
config access_profile profile_id 99 add access_id auto_assign ethernet source_mac 00-00-00-00-00-00 port 1-48 deny
#CPU Interface Filter
create cpu access_profile profile_id 1 ethernet ethernet_type
config cpu access_profile profile_id 1 add access_id 1 ethernet ethernet_type 0x86DD port 1-52 deny
enable cpu_interface_filtering
enable cpu_interface_filtering
на абонентских портах перестают ходить арпы. Что я делаю не так?
Код:
DES-3200-52 Fast Ethernet Switch
Command Line Interface
Firmware: Build 4.37.B007
Copyright(C) 2012 D-Link Corporation. All rights reserved.