1. Уважаемые посетители форума! Прежде чем помещать в форум новое сообщение о возникшей у Вас проблеме, пожалуйста, поищите ее решение в ответах на часто задаваемые вопросы FAQ, или воспользуйтесь поиском по форуму.
  2. Форум не является системой моментального ответа на вопросы. Если Вам необходимо получить ответ на ваш вопрос в кратчайшие сроки - пожалуйста, позвоните в ближайший к Вам региональный офис D-Link.
faq обучение настройка
Текущее время: Вс июл 20, 2025 22:47

Сообщения без ответов | Активные темы


Список форумов » Коммутаторы

Часовой пояс: UTC + 3 часа




Начать новую тему Ответить на тему  Страница 1 из 1
  [ Сообщений: 3 ] 
  Предыдущая тема | Следующая тема 
Автор Сообщение
Prometej
СообщениеДобавлено: Пт янв 28, 2011 07:49 
Не в сети

Зарегистрирован: Ср янв 21, 2009 11:38
Сообщений: 10
Здравсвуйте.
Возникла потребность на DGS-3627G настроить ACL. попытался самостоятельно по мануалам его настроить.
Есть две сети:
10.0.0.16 255.255.255.240 и 172.26.208.0 255.255.255.240
прописывал в конфиг железки строки:
Скрытый текст: показать
# ACL

create access_profile profile_id 1 ip source_ip_mask 255.255.255.240 destination_ip_mask 255.255.255.240
config access_profile profile_id 1 add access_id 1 ip source_ip 10.0.0.16 destination_ip 172.26.208.0 port 1-2 deny
disable cpu_interface_filtering

# NLB

Замечу что в 1-2 портах живут несколько VLAN-ов. На портах 1-2 подключено кольцо свичей DES-3200. IP адресса управления 172.26.208.0/28. На 24 акцесном порту находится соседний маршрутизатор в котором живет подсеть 10.0.0.16/28. Вышенаписанным правилом я пытался запретить доступ к IP управления свечей из клиентской подсети.
После внесения в конфиг железки вышеуказанных строк эффект закрытия доступа не появился.
Ниже приведен конфиг ACL с Alcatel6850, подвешенный на порты с кольцами свичей в режиме "IN" (фильтрует только входящий трафик со свичей на порт). Аплинки соответсвенно не фильтруются.
Скрытый текст: показать
permit icmp any any
permit udp any any eq bootpc
permit udp any any eq domain
permit igmp any any
permit ip 10.0.0.0 0.255.255.255 host 194.154.82.43
permit ip 10.0.0.0 0.255.255.255 host 194.154.82.44
permit ip 10.0.252.0 0.255.3.255 host 172.27.176.67
permit ip 10.0.252.0 0.255.3.255 host 172.27.176.68
permit ip 10.0.252.0 0.255.3.255 host 195.239.77.44
permit ip 10.0.252.0 0.255.3.255 host 172.27.176.12
permit ip 10.0.252.0 0.255.3.255 host 172.27.176.100
permit ip 10.0.0.0 0.255.255.255 host 172.27.176.7
permit ip 10.0.0.0 0.255.255.255 host 172.27.176.8
permit ip 10.0.0.0 0.255.255.255 10.255.255.0 0.0.0.255
permit ip 10.0.0.0 0.255.127.255 10.255.0.0 0.0.255.255
permit ip 10.0.128.0 0.255.127.255 10.255.64.0 0.0.63.255
permit ip 10.0.0.0 0.255.255.255 host 195.16.62.75
permit ip 10.0.0.0 0.255.255.255 host 195.16.62.76
permit ip 10.0.0.0 0.255.255.255 host 195.16.62.86
permit ip 10.0.0.0 0.255.255.255 host 80.255.153.1
permit ip 10.0.0.0 0.255.255.255 217.118.84.0 0.0.0.255
permit ip 10.0.0.0 0.255.255.255 host 85.21.78.93
permit ip 10.0.0.0 0.255.255.255 host 89.179.135.73
permit ip 10.0.0.0 0.255.127.255 172.25.1.0 0.0.0.255
permit ip 10.0.0.0 0.255.127.255 10.0.0.0 0.0.0.255
permit ip 10.0.0.16 0.0.0.15 172.16.0.0 0.15.255.255
deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255
deny ip 10.0.0.0 0.255.255.255 10.0.0.1 0.255.248.0
deny tcp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq 2710
deny tcp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq 444
deny udp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq snmp
deny udp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq snmptrap
deny tcp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq 3128
deny tcp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq 1701
deny tcp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq 1723
deny gre 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
deny tcp any any eq 135
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 139
deny tcp any any eq 445
deny ipinip any any
deny nos any any
deny ip 10.0.0.0 0.255.255.255 10.0.128.0 0.255.127.255
deny ip 10.0.128.0 0.255.127.255 any
permit ip any any

Как я понял на DGS-3627G трафик файерволом на порту обрабатывается в стороны IN и OUT одновременно.
show switch
Скрытый текст: показать
show switch
Command: show switch

Device Type : DGS-3627G Gigabit Ethernet Switch
MAC Address : 00-21-91-A1-07-00
IP Address : 192.168.0.1 (Manual) - отключен и не используется
VLAN Name : deletes
Subnet Mask : 255.255.255.0
Default Gateway : 0.0.0.0
Boot PROM Version : Build 1.10-B09
Firmware Version : Build 2.82.B13
Hardware Version : A1
Serial Number : P1JJ188000114
System Name :
System Location : "pr. Mira 4"
System Contact :
Spanning Tree : Enabled
GVRP : Disabled
IGMP Snooping : Disabled
MLD Snooping : Disabled
RIP : Disabled
DVMRP : Disabled
PIM : Disabled
OSPF : Enabled
OSPFv3 : Disabled
BGP : Disabled
RIPng : Disabled
TELNET : Enabled (TCP 23)
WEB : Enabled (TCP 80)
SNMP : Disabled
RMON : Disabled
SSL status : Disabled
SSH status : Disabled
802.1x : Disabled
Jumbo Frame : On
Clipaging : Enabled
MAC Notification : Disabled
Port Mirror : Disabled
SNTP : Enabled
DHCP Relay : Enabled
DNSR Status : Disabled
VRRP : Disabled
HOL Prevention State : Enabled
Syslog Global State : Enabled
Single IP Management : Disabled
Password Encryption Status : Disabled
DNS Resolver : Disabled

Листинг конфига:
Скрытый текст: показать
show config active
Command: show config active

#-------------------------------------------------------------------------------
# DGS-3627G Gigabit Ethernet Switch
# Configuration
#
# Firmware: Build 2.82.B13
# Copyright(C) 2010 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------------------

# STACK

config stacking force_master_role state disable

# DOUBLE_VLAN

disable double_vlan

# ACCOUNT END
# PASSWORD ENCRYPTION
disable password encryption
config serial_port auto_logout 10_minutes
enable telnet 23
enable web 80
enable clipaging

# STORM

config traffic control auto_recover_time 0
config traffic trap none
config traffic control 1-27 broadcast disable multicast disable unicast disable action drop threshold 128 countdown 0 time_interval 5

# SYSLOG

enable syslog
config system_severity log information
config system_severity trap information
create syslog host 1 severity all facility local0 udp_port 514 ipaddress 172.31.240.13 state enable
config log_save_timing on_demand

# QOS

enable hol_prevention
config 802.1p default_priority 1-27 0
config bandwidth_control 1-27 rx_rate no_limit tx_rate no_limit
config per_queue bandwidth_control ports 1-27 0 min_rate no_limit max_rate no_limit
config per_queue bandwidth_control ports 1-27 1 min_rate no_limit max_rate no_limit
config per_queue bandwidth_control ports 1-27 2 min_rate no_limit max_rate no_limit
config per_queue bandwidth_control ports 1-27 3 min_rate no_limit max_rate no_limit
config per_queue bandwidth_control ports 1-27 4 min_rate no_limit max_rate no_limit
config per_queue bandwidth_control ports 1-27 5 min_rate no_limit max_rate no_limit
config per_queue bandwidth_control ports 1-27 6 min_rate no_limit max_rate no_limit
config scheduling_mechanism ports 1-27 strict
config scheduling ports 1-27 0 max_packet 1
config scheduling ports 1-27 1 max_packet 2
config scheduling ports 1-27 2 max_packet 3
config scheduling ports 1-27 3 max_packet 4
config scheduling ports 1-27 4 max_packet 5
config scheduling ports 1-27 5 max_packet 6
config scheduling ports 1-27 6 max_packet 7
config 802.1p user_priority ports 1-27 0 2
config 802.1p user_priority ports 1-27 1 0
config 802.1p user_priority ports 1-27 2 1
config 802.1p user_priority ports 1-27 3 3
config 802.1p user_priority ports 1-27 4 4
config 802.1p user_priority ports 1-27 5 5
config 802.1p user_priority ports 1-27 6 6
config 802.1p user_priority ports 1-27 7 6

# TRAF-SEGMENTATION

config traffic_segmentation 1-27 forward_list all

# MANAGEMENT

enable snmp traps
enable snmp authenticate_traps
disable snmp
enable snmp linkchange_traps
disable rmon
config snmp linkchange_traps ports 1-27 enable

# VLAN

enable pvid auto_assign
config vlan default delete 1-27
config vlan default add forbidden 1-27
config vlan default advertisement disable
create vlan deletes tag 10
config vlan deletes add forbidden 1-27 advertisement disable
create vlan Ring1-mgmt tag 201
config vlan Ring1-mgmt add tagged 1-2
config vlan Ring1-mgmt add forbidden 3-20 advertisement disable
create vlan Ring2-mgmt tag 202
config vlan Ring2-mgmt add tagged 3-4
config vlan Ring2-mgmt add forbidden 1-2,5-20 advertisement disable
create vlan Ring3-mgmt tag 203
config vlan Ring3-mgmt add tagged 5-6
config vlan Ring3-mgmt add forbidden 1-4,7-20 advertisement disable
create vlan Ring4-mgmt tag 204
config vlan Ring4-mgmt add tagged 7-8
config vlan Ring4-mgmt add forbidden 1-6,9-20 advertisement disable
create vlan Ring5-mgmt tag 205
config vlan Ring5-mgmt add tagged 9-10
config vlan Ring5-mgmt add forbidden 1-8,11-20 advertisement disable
create vlan Ring6-mgmt tag 206
config vlan Ring6-mgmt add tagged 11-12
config vlan Ring6-mgmt add forbidden 1-10,13-20 advertisement disable
create vlan Ring7-mgmt tag 207
config vlan Ring7-mgmt add tagged 13-14
config vlan Ring7-mgmt add forbidden 1-12,15-20 advertisement disable
create vlan Ring8-mgmt tag 208
config vlan Ring8-mgmt add tagged 15-16
config vlan Ring8-mgmt add forbidden 1-14,17-20 advertisement disable
create vlan Ring9-mgmt tag 209
config vlan Ring9-mgmt add tagged 17-18
config vlan Ring9-mgmt add forbidden 1-16,19-20 advertisement disable
create vlan Ring10-mgmt tag 210
config vlan Ring10-mgmt add tagged 19-20
config vlan Ring10-mgmt add forbidden 1-18 advertisement disable
create vlan Ring11-mgmt tag 211
config vlan Ring11-mgmt add forbidden 1-20 advertisement disable
create vlan P2P-BB1-Ag56 tag 240
config vlan P2P-BB1-Ag56 add untagged 23
config vlan P2P-BB1-Ag56 add forbidden 1-20 advertisement disable
create vlan Ring1-Internet tag 301
config vlan Ring1-Internet add tagged 1-2
config vlan Ring1-Internet add forbidden 3-20 advertisement disable
create vlan Ring2-Internet tag 302
config vlan Ring2-Internet add tagged 3-4
config vlan Ring2-Internet add forbidden 1-2,5-20 advertisement disable
create vlan Ring3-Internet tag 303
config vlan Ring3-Internet add tagged 5-6
config vlan Ring3-Internet add forbidden 1-4,7-20 advertisement disable
create vlan Ring4-Internet tag 304
config vlan Ring4-Internet add tagged 7-8
config vlan Ring4-Internet add forbidden 1-6,9-20 advertisement disable
create vlan Ring5-Internet tag 305
config vlan Ring5-Internet add tagged 9-10
config vlan Ring5-Internet add forbidden 1-8,11-20 advertisement disable
create vlan Ring6-Internet tag 306
config vlan Ring6-Internet add tagged 11-12
config vlan Ring6-Internet add forbidden 1-10,13-20 advertisement disable
create vlan Ring7-Internet tag 307
config vlan Ring7-Internet add tagged 13-14
config vlan Ring7-Internet add forbidden 1-12,15-20 advertisement disable
create vlan Ring8-Internet tag 308
config vlan Ring8-Internet add tagged 15-16
config vlan Ring8-Internet add forbidden 1-14,17-20 advertisement disable
create vlan Ring9-Internet tag 309
config vlan Ring9-Internet add tagged 17-18
config vlan Ring9-Internet add forbidden 1-16,19-20 advertisement disable
create vlan Ring10-Internet tag 310
config vlan Ring10-Internet add tagged 19-20
config vlan Ring10-Internet add forbidden 1-18 advertisement disable
create vlan Ring11-Internet tag 311
config vlan Ring11-Internet add forbidden 1-20 advertisement disable
create vlan Ring1-Yurlica tag 601
config vlan Ring1-Yurlica add tagged 1-2
config vlan Ring1-Yurlica add forbidden 3-20 advertisement disable
create vlan Ring2-Yurlica tag 602
config vlan Ring2-Yurlica add tagged 3-4
config vlan Ring2-Yurlica add forbidden 1-2,5-20 advertisement disable
create vlan Ring3-Yurlica tag 603
config vlan Ring3-Yurlica add tagged 5-6
config vlan Ring3-Yurlica add forbidden 1-4,7-20 advertisement disable
create vlan Ring4-Yurlica tag 604
config vlan Ring4-Yurlica add tagged 7-8
config vlan Ring4-Yurlica add forbidden 1-6,9-20 advertisement disable
create vlan Ring5-Yurlica tag 605
config vlan Ring5-Yurlica add tagged 9-10
config vlan Ring5-Yurlica add forbidden 1-8,11-20 advertisement disable
create vlan Ring6-Yurlica tag 606
config vlan Ring6-Yurlica add tagged 11-12
config vlan Ring6-Yurlica add forbidden 1-10,13-20 advertisement disable
create vlan Ring7-Yurlica tag 607
config vlan Ring7-Yurlica add tagged 13-14
config vlan Ring7-Yurlica add forbidden 1-12,15-20 advertisement disable
create vlan Ring8-Yurlica tag 608
config vlan Ring8-Yurlica add tagged 15-16
config vlan Ring8-Yurlica add forbidden 1-14,17-20 advertisement disable
create vlan Ring9-Yurlica tag 609
config vlan Ring9-Yurlica add tagged 17-18
config vlan Ring9-Yurlica add forbidden 1-16,19-20 advertisement disable
create vlan Ring10-Yurlica tag 610
config vlan Ring10-Yurlica add tagged 19-20 advertisement disable
create vlan Ring11-Yurlica tag 611
config vlan Ring11-Yurlica add forbidden 1-20 advertisement disable
create vlan Ring1-Black tag 701
config vlan Ring1-Black add tagged 1-2
config vlan Ring1-Black add forbidden 3-20 advertisement disable
create vlan Ring2-Black tag 702
config vlan Ring2-Black add tagged 3-4
config vlan Ring2-Black add forbidden 1-2,5-20 advertisement disable
create vlan Ring3-Black tag 703
config vlan Ring3-Black add tagged 5-6
config vlan Ring3-Black add forbidden 1-4,7-20 advertisement disable
create vlan Ring4-Black tag 704
config vlan Ring4-Black add tagged 7-8
config vlan Ring4-Black add forbidden 1-6,9-20 advertisement disable
create vlan Ring5-Black tag 705
config vlan Ring5-Black add tagged 9-10
config vlan Ring5-Black add forbidden 1-8,11-20 advertisement disable
create vlan Ring6-Black tag 706
config vlan Ring6-Black add tagged 11-12
config vlan Ring6-Black add forbidden 1-10,13-20 advertisement disable
create vlan Ring7-Black tag 707
config vlan Ring7-Black add tagged 13-14
config vlan Ring7-Black add forbidden 1-12,15-20 advertisement disable
create vlan Ring8-Black tag 708
config vlan Ring8-Black add tagged 15-16
config vlan Ring8-Black add forbidden 1-14,17-20 advertisement disable
create vlan Ring9-Black tag 709
config vlan Ring9-Black add tagged 17-18
config vlan Ring9-Black add forbidden 1-16,19-20 advertisement disable
create vlan Ring10-Black tag 710
config vlan Ring10-Black add tagged 19-20
config vlan Ring10-Black add forbidden 1-18 advertisement disable
create vlan Ring11-Black tag 711
config vlan Ring11-Black add forbidden 1-20 advertisement disable
create vlan UPS-AGG56 tag 1000
config vlan UPS-AGG56 add untagged 21
config vlan UPS-AGG56 add forbidden 1-20,22-27 advertisement disable
disable qinq
disable gvrp
disable vlan_trunk
config gvrp 1-20,22,24-27 state disable ingress_checking enable acceptable_frame admit_all pvid 1
config gvrp 21 state disable ingress_checking enable acceptable_frame admit_all pvid 1000
config gvrp 23 state disable ingress_checking enable acceptable_frame admit_all pvid 240

# ACL

create access_profile profile_id 1 ip source_ip_mask 255.255.255.240 destination_ip_mask 255.255.255.240
config access_profile profile_id 1 add access_id 1 ip source_ip 10.0.0.16 destination_ip 172.26.208.0 port 1-8 deny
disable cpu_interface_filtering


# FDB

config fdb aging_time 300

# ADDRBIND

config address_binding ip_mac ports 1-27 forward_dhcppkt enable
disable address_binding dhcp_snoop
disable address_binding dhcp_snoop ipv6
disable address_binding nd_snoop
disable address_binding trap_log
config address_binding dhcp_snoop max_entry ports 1-27 limit no_limit

# STP

config stp version rstp
config stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 3 fbpdu disable hellotime 2 lbd enable lbd_recover_timer 60 nni_bpdu_addr dot1ad
config stp priority 4096 instance_id 0
create stp instance_id 1
config stp instance_id 1 add_vlan 201
config stp instance_id 1 add_vlan 301
config stp instance_id 1 add_vlan 601
config stp instance_id 1 add_vlan 701
config stp priority 4096 instance_id 1
create stp instance_id 2
config stp instance_id 2 add_vlan 202
config stp instance_id 2 add_vlan 302
config stp instance_id 2 add_vlan 602
config stp instance_id 2 add_vlan 702
config stp priority 4096 instance_id 2
create stp instance_id 3
config stp instance_id 3 add_vlan 203
config stp instance_id 3 add_vlan 303
config stp instance_id 3 add_vlan 603
config stp instance_id 3 add_vlan 703
config stp priority 4096 instance_id 3
create stp instance_id 4
config stp instance_id 4 add_vlan 204
config stp instance_id 4 add_vlan 304
config stp instance_id 4 add_vlan 604
config stp instance_id 4 add_vlan 704
config stp priority 4096 instance_id 4
create stp instance_id 5
config stp instance_id 5 add_vlan 205
config stp instance_id 5 add_vlan 305
config stp instance_id 5 add_vlan 605
config stp instance_id 5 add_vlan 705
config stp priority 4096 instance_id 5
create stp instance_id 6
config stp instance_id 6 add_vlan 206
config stp instance_id 6 add_vlan 306
config stp instance_id 6 add_vlan 606
config stp instance_id 6 add_vlan 706
config stp priority 4096 instance_id 6
create stp instance_id 7
config stp instance_id 7 add_vlan 207
config stp instance_id 7 add_vlan 307
config stp instance_id 7 add_vlan 607
config stp instance_id 7 add_vlan 707
config stp priority 4096 instance_id 7
create stp instance_id 8
config stp instance_id 8 add_vlan 208
config stp instance_id 8 add_vlan 308
config stp instance_id 8 add_vlan 608
config stp instance_id 8 add_vlan 708
config stp priority 4096 instance_id 8
create stp instance_id 9
config stp instance_id 9 add_vlan 209
config stp instance_id 9 add_vlan 309
config stp instance_id 9 add_vlan 609
config stp instance_id 9 add_vlan 709
config stp priority 4096 instance_id 9
create stp instance_id 10
config stp instance_id 10 add_vlan 210
config stp instance_id 10 add_vlan 310
config stp instance_id 10 add_vlan 610
config stp instance_id 10 add_vlan 710
config stp priority 4096 instance_id 10
create stp instance_id 11
config stp instance_id 11 add_vlan 211
config stp instance_id 11 add_vlan 311
config stp instance_id 11 add_vlan 611
config stp instance_id 11 add_vlan 711
config stp priority 4096 instance_id 11
config stp mst_config_id name 00:21:91:A1:07:00 revision_level 0
enable stp
config stp ports 1-27 externalCost auto edge false p2p auto state enable restricted_role false restricted_tcn false lbd disable
config stp mst_ports 1-27 instance_id 0 internalCost auto priority 128
config stp ports 1-27 fbpdu disable
config stp mst_ports 1-27 instance_id 1 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 2 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 3 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 4 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 5 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 6 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 7 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 8 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 9 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 10 internalCost auto priority 128
config stp mst_ports 1-27 instance_id 11 internalCost auto priority 128

# BPDU_PROTECTION

config bpdu_protection ports 1-27 mode shutdown

# SAFEGUARD_ENGINE

config safeguard_engine state disable utilization rising 30 falling 20 trap_log disable mode fuzzy

# BANNER_PROMP

config command_prompt 56ee
config greeting_message default

# BCPING

enable broadcast_ping_reply

# LACP

config link_aggregation algorithm ip_source
config lacp_port 1-27 mode passive

# IP

config ipif_mac_mapping ipif System mac_offset 0
config ipif System ipaddress 192.168.0.1/24 vlan deletes
config ipif System dhcpv6_client disable
config ipif System ip_directed_broadcast disable
config ipif System proxy_arp disable local disable
disable ipif System
config ipif_mac_mapping ipif UPS-AGG56 mac_offset 6
create ipif UPS-AGG56 172.26.211.241/28 UPS-AGG56 state enable
config ipif UPS-AGG56 proxy_arp disable local disable
config ipif_mac_mapping ipif Ring1-Corp mac_offset 29
create ipif Ring1-Corp 10.56.252.1/26 Ring1-Yurlica state enable
config ipif Ring1-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring1-mgmt mac_offset 2
create ipif Ring1-mgmt 172.26.208.1/28 Ring1-mgmt state enable
config ipif Ring1-mgmt proxy_arp disable local disable
config ipif_mac_mapping ipif Ring2-Corp mac_offset 30
create ipif Ring2-Corp 10.56.252.65/26 Ring2-Yurlica state enable
config ipif Ring2-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring2-mgmt mac_offset 3
create ipif Ring2-mgmt 172.26.208.65/28 Ring2-mgmt state enable
config ipif Ring2-mgmt proxy_arp disable local disable
config ipif_mac_mapping ipif Ring3-Corp mac_offset 31
create ipif Ring3-Corp 10.56.252.129/26 Ring3-Yurlica state enable
config ipif Ring3-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring3-mgmt mac_offset 4
create ipif Ring3-mgmt 172.26.208.129/28 Ring3-mgmt state enable
config ipif Ring3-mgmt proxy_arp disable local disable
config ipif_mac_mapping ipif Ring4-Corp mac_offset 32
create ipif Ring4-Corp 10.56.252.193/26 Ring4-Yurlica state enable
config ipif Ring4-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring4-mgmt mac_offset 5
create ipif Ring4-mgmt 172.26.208.193/28 Ring4-mgmt state enable
config ipif Ring4-mgmt proxy_arp disable local disable
config ipif_mac_mapping ipif Ring5-Corp mac_offset 33
create ipif Ring5-Corp 10.56.253.1/26 Ring5-Yurlica state enable
config ipif Ring5-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring6-Corp mac_offset 34
create ipif Ring6-Corp 10.56.253.65/26 Ring6-Yurlica state enable
config ipif Ring6-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring7-Corp mac_offset 35
create ipif Ring7-Corp 10.56.253.129/26 Ring7-Yurlica state enable
config ipif Ring7-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring8-Corp mac_offset 36
create ipif Ring8-Corp 10.56.253.193/26 Ring8-Yurlica state enable
config ipif Ring8-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring9-Corp mac_offset 37
create ipif Ring9-Corp 10.56.254.1/26 Ring9-Yurlica state enable
config ipif Ring9-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring1-Black mac_offset 18
create ipif Ring1-Black 10.56.128.1/21 Ring1-Black state enable
config ipif Ring1-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring1-Intet mac_offset 7
create ipif Ring1-Intet 10.56.0.1/21 Ring1-Internet state enable
config ipif Ring1-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif Ring10-Corp mac_offset 38
create ipif Ring10-Corp 10.56.254.65/26 Ring10-Yurlica state enable
config ipif Ring10-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring11-Corp mac_offset 39
create ipif Ring11-Corp 10.56.254.129/26 Ring11-Yurlica state enable
config ipif Ring11-Corp proxy_arp disable local disable
config ipif_mac_mapping ipif Ring2-Black mac_offset 19
create ipif Ring2-Black 10.56.136.1/21 Ring2-Black state enable
config ipif Ring2-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring2-Intet mac_offset 8
create ipif Ring2-Intet 10.56.8.1/21 Ring2-Internet state enable
config ipif Ring2-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif Ring3-Black mac_offset 20
create ipif Ring3-Black 10.56.144.1/21 Ring3-Black state enable
config ipif Ring3-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring3-Intet mac_offset 9
create ipif Ring3-Intet 10.56.16.1/21 Ring3-Internet state enable
config ipif Ring3-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif Ring4-Black mac_offset 21
create ipif Ring4-Black 10.56.152.1/21 Ring4-Black state enable
config ipif Ring4-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring4-Intet mac_offset 10
create ipif Ring4-Intet 10.56.24.1/21 Ring4-Internet state enable
config ipif Ring4-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif Ring5-Black mac_offset 22
create ipif Ring5-Black 10.56.160.1/21 Ring5-Black state enable
config ipif Ring5-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring5-Intet mac_offset 11
create ipif Ring5-Intet 10.56.32.1/21 Ring5-Internet state enable
config ipif Ring5-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif Ring6-Black mac_offset 23
create ipif Ring6-Black 10.56.168.1/21 Ring6-Black state enable
config ipif Ring6-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring6-Intet mac_offset 12
create ipif Ring6-Intet 10.56.40.1/21 Ring6-Internet state enable
config ipif Ring6-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif Ring7-Black mac_offset 24
create ipif Ring7-Black 10.56.176.1/21 Ring7-Black state enable
config ipif Ring7-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring7-Intet mac_offset 13
create ipif Ring7-Intet 10.56.48.1/21 Ring7-Internet state enable
config ipif Ring7-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif Ring8-Black mac_offset 25
create ipif Ring8-Black 10.56.184.1/21 Ring8-Black state enable
config ipif Ring8-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring8-Intet mac_offset 14
create ipif Ring8-Intet 10.56.56.1/21 Ring8-Internet state enable
config ipif Ring8-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif Ring9-Black mac_offset 26
create ipif Ring9-Black 10.56.192.1/21 Ring9-Black state enable
config ipif Ring9-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring9-Intet mac_offset 15
create ipif Ring9-Intet 10.56.64.1/21 Ring9-Internet state enable
config ipif Ring9-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif P2P-BB1-Ag56 mac_offset 1
create ipif P2P-BB1-Ag56 172.27.177.82/30 P2P-BB1-Ag56 state enable
config ipif P2P-BB1-Ag56 proxy_arp disable local disable
config ipif_mac_mapping ipif Ring10-Black mac_offset 27
create ipif Ring10-Black 10.56.200.1/21 Ring10-Black state enable
config ipif Ring10-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring10-Intet mac_offset 16
create ipif Ring10-Intet 10.56.72.1/21 Ring10-Internet state enable
config ipif Ring10-Intet proxy_arp disable local disable
config ipif_mac_mapping ipif Ring11-Black mac_offset 28
create ipif Ring11-Black 10.56.208.1/21 Ring11-Black state enable
config ipif Ring11-Black proxy_arp disable local disable
config ipif_mac_mapping ipif Ring11-Intet mac_offset 17
create ipif Ring11-Intet 10.56.80.1/21 Ring11-Internet state enable
config ipif Ring11-Intet proxy_arp disable local disable
config ipif System ip_mtu 1500
config ipif UPS-AGG56 ip_mtu 1500
config ipif Ring1-Corp ip_mtu 1500
config ipif Ring1-mgmt ip_mtu 1500
config ipif Ring2-Corp ip_mtu 1500
config ipif Ring2-mgmt ip_mtu 1500
config ipif Ring3-Corp ip_mtu 1500
config ipif Ring3-mgmt ip_mtu 1500
config ipif Ring4-Corp ip_mtu 1500
config ipif Ring4-mgmt ip_mtu 1500
config ipif Ring5-Corp ip_mtu 1500
config ipif Ring6-Corp ip_mtu 1500
config ipif Ring7-Corp ip_mtu 1500
config ipif Ring8-Corp ip_mtu 1500
config ipif Ring9-Corp ip_mtu 1500
config ipif Ring1-Black ip_mtu 1500
config ipif Ring1-Intet ip_mtu 1500
config ipif Ring10-Corp ip_mtu 1500
config ipif Ring11-Corp ip_mtu 1500
config ipif Ring2-Black ip_mtu 1500
config ipif Ring2-Intet ip_mtu 1500
config ipif Ring3-Black ip_mtu 1500
config ipif Ring3-Intet ip_mtu 1500
config ipif Ring4-Black ip_mtu 1500
config ipif Ring4-Intet ip_mtu 1500
config ipif Ring5-Black ip_mtu 1500
config ipif Ring5-Intet ip_mtu 1500
config ipif Ring6-Black ip_mtu 1500
config ipif Ring6-Intet ip_mtu 1500
config ipif Ring7-Black ip_mtu 1500
config ipif Ring7-Intet ip_mtu 1500
config ipif Ring8-Black ip_mtu 1500
config ipif Ring8-Intet ip_mtu 1500
config ipif Ring9-Black ip_mtu 1500
config ipif Ring9-Intet ip_mtu 1500
config ipif P2P-BB1-Ag56 ip_mtu 1500
config ipif Ring10-Black ip_mtu 1500
config ipif Ring10-Intet ip_mtu 1500
config ipif Ring11-Black ip_mtu 1500
config ipif Ring11-Intet ip_mtu 1500
create loopback ipif loopback0 172.27.176.237/32 state enable
config ipif System dhcpv6_client disable
config ipif UPS-AGG56 dhcpv6_client disable
config ipif Ring1-Corp dhcpv6_client disable
config ipif Ring1-mgmt dhcpv6_client disable
config ipif Ring2-Corp dhcpv6_client disable
config ipif Ring2-mgmt dhcpv6_client disable
config ipif Ring3-Corp dhcpv6_client disable
config ipif Ring3-mgmt dhcpv6_client disable
config ipif Ring4-Corp dhcpv6_client disable
config ipif Ring4-mgmt dhcpv6_client disable
config ipif Ring5-Corp dhcpv6_client disable
config ipif Ring6-Corp dhcpv6_client disable
config ipif Ring7-Corp dhcpv6_client disable
config ipif Ring8-Corp dhcpv6_client disable
config ipif Ring9-Corp dhcpv6_client disable
config ipif Ring1-Black dhcpv6_client disable
config ipif Ring1-Intet dhcpv6_client disable
config ipif Ring10-Corp dhcpv6_client disable
config ipif Ring11-Corp dhcpv6_client disable
config ipif Ring2-Black dhcpv6_client disable
config ipif Ring2-Intet dhcpv6_client disable
config ipif Ring3-Black dhcpv6_client disable
config ipif Ring3-Intet dhcpv6_client disable
config ipif Ring4-Black dhcpv6_client disable
config ipif Ring4-Intet dhcpv6_client disable
config ipif Ring5-Black dhcpv6_client disable
config ipif Ring5-Intet dhcpv6_client disable
config ipif Ring6-Black dhcpv6_client disable
config ipif Ring6-Intet dhcpv6_client disable
config ipif Ring7-Black dhcpv6_client disable
config ipif Ring7-Intet dhcpv6_client disable
config ipif Ring8-Black dhcpv6_client disable
config ipif Ring8-Intet dhcpv6_client disable
config ipif Ring9-Black dhcpv6_client disable
config ipif Ring9-Intet dhcpv6_client disable
config ipif P2P-BB1-Ag56 dhcpv6_client disable
config ipif Ring10-Black dhcpv6_client disable
config ipif Ring10-Intet dhcpv6_client disable
config ipif Ring11-Black dhcpv6_client disable
config ipif Ring11-Intet dhcpv6_client disable
config ipif System ip_directed_broadcast disable
config ipif UPS-AGG56 ip_directed_broadcast disable
config ipif Ring1-Corp ip_directed_broadcast disable
config ipif Ring1-mgmt ip_directed_broadcast disable
config ipif Ring2-Corp ip_directed_broadcast disable
config ipif Ring2-mgmt ip_directed_broadcast disable
config ipif Ring3-Corp ip_directed_broadcast disable
config ipif Ring3-mgmt ip_directed_broadcast disable
config ipif Ring4-Corp ip_directed_broadcast disable
config ipif Ring4-mgmt ip_directed_broadcast disable
config ipif Ring5-Corp ip_directed_broadcast disable
config ipif Ring6-Corp ip_directed_broadcast disable
config ipif Ring7-Corp ip_directed_broadcast disable
config ipif Ring8-Corp ip_directed_broadcast disable
config ipif Ring9-Corp ip_directed_broadcast disable
config ipif Ring1-Black ip_directed_broadcast disable
config ipif Ring1-Intet ip_directed_broadcast disable
config ipif Ring10-Corp ip_directed_broadcast disable
config ipif Ring11-Corp ip_directed_broadcast disable
config ipif Ring2-Black ip_directed_broadcast disable
config ipif Ring2-Intet ip_directed_broadcast disable
config ipif Ring3-Black ip_directed_broadcast disable
config ipif Ring3-Intet ip_directed_broadcast disable
config ipif Ring4-Black ip_directed_broadcast disable
config ipif Ring4-Intet ip_directed_broadcast disable
config ipif Ring5-Black ip_directed_broadcast disable
config ipif Ring5-Intet ip_directed_broadcast disable
config ipif Ring6-Black ip_directed_broadcast disable
config ipif Ring6-Intet ip_directed_broadcast disable
config ipif Ring7-Black ip_directed_broadcast disable
config ipif Ring7-Intet ip_directed_broadcast disable
config ipif Ring8-Black ip_directed_broadcast disable
config ipif Ring8-Intet ip_directed_broadcast disable
config ipif Ring9-Black ip_directed_broadcast disable
config ipif Ring9-Intet ip_directed_broadcast disable
config ipif P2P-BB1-Ag56 ip_directed_broadcast disable
config ipif Ring10-Black ip_directed_broadcast disable
config ipif Ring10-Intet ip_directed_broadcast disable
config ipif Ring11-Black ip_directed_broadcast disable
config ipif Ring11-Intet ip_directed_broadcast disable
disable autoconfig

# LLDP
enable lldp
config lldp message_tx_interval 30
config lldp tx_delay 2
config lldp message_tx_hold_multiplier 4
config lldp reinit_delay 2
config lldp notification_interval 5
config lldp ports 1-27 notification disable
config lldp ports 1-27 admin_status tx_and_rx
config lldp ports 1-27 basic_tlvs port_description system_name system_description system_capabilities enable

# COMPOUND_AUTHENTICATION

config authentication ports 1-27 auth_mode host_based
config authentication ports 1-27 multi_authen_methods none
enable authorization attributes
config authentication server failover block

# SNOOP

config limited_multicast_addr ports 1-27 state disable

# ROUTE

config route preference static 60
config route preference default 1
config route preference rip 100
config route preference ospfIntra 80
config route preference ospfInter 90
config route preference ospfExt1 110
config route preference ospfExt2 115
config route preference ebgp 70
config route preference ibgp 130
create route redistribute dst ospf src local mettype 2 metric 20
config ecmp algorithm ip_destination crc_low
enable ecmp ospf

# IGMP

config igmp ipif System version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif System last_member_query_interval 1
config igmp check_subscriber_source_network ipif System enable
config igmp ipif UPS-AGG56 version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif UPS-AGG56 last_member_query_interval 1
config igmp check_subscriber_source_network ipif UPS-AGG56 enable
config igmp ipif Ring1-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring1-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring1-Corp enable
config igmp ipif Ring1-mgmt version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring1-mgmt last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring1-mgmt enable
config igmp ipif Ring2-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring2-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring2-Corp enable
config igmp ipif Ring2-mgmt version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring2-mgmt last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring2-mgmt enable
config igmp ipif Ring3-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring3-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring3-Corp enable
config igmp ipif Ring3-mgmt version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring3-mgmt last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring3-mgmt enable
config igmp ipif Ring4-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring4-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring4-Corp enable
config igmp ipif Ring4-mgmt version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring4-mgmt last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring4-mgmt enable
config igmp ipif Ring5-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring5-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring5-Corp enable
config igmp ipif Ring6-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring6-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring6-Corp enable
config igmp ipif Ring7-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring7-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring7-Corp enable
config igmp ipif Ring8-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring8-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring8-Corp enable
config igmp ipif Ring9-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring9-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring9-Corp enable
config igmp ipif Ring1-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring1-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring1-Black enable
config igmp ipif Ring1-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring1-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring1-Intet enable
config igmp ipif Ring10-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring10-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring10-Corp enable
config igmp ipif Ring11-Corp version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring11-Corp last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring11-Corp enable
config igmp ipif Ring2-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring2-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring2-Black enable
config igmp ipif Ring2-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring2-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring2-Intet enable
config igmp ipif Ring3-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring3-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring3-Black enable
config igmp ipif Ring3-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring3-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring3-Intet enable
config igmp ipif Ring4-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring4-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring4-Black enable
config igmp ipif Ring4-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring4-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring4-Intet enable
config igmp ipif Ring5-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring5-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring5-Black enable
config igmp ipif Ring5-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring5-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring5-Intet enable
config igmp ipif Ring6-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring6-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring6-Black enable
config igmp ipif Ring6-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring6-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring6-Intet enable
config igmp ipif Ring7-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring7-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring7-Black enable
config igmp ipif Ring7-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring7-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring7-Intet enable
config igmp ipif Ring8-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring8-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring8-Black enable
config igmp ipif Ring8-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring8-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring8-Intet enable
config igmp ipif Ring9-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring9-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring9-Black enable
config igmp ipif Ring9-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring9-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring9-Intet enable
config igmp ipif P2P-BB1-Ag56 version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif P2P-BB1-Ag56 last_member_query_interval 1
config igmp check_subscriber_source_network ipif P2P-BB1-Ag56 enable
config igmp ipif Ring10-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring10-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring10-Black enable
config igmp ipif Ring10-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring10-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring10-Intet enable
config igmp ipif Ring11-Black version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring11-Black last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring11-Black enable
config igmp ipif Ring11-Intet version 3 query_interval 125 max_response_time 10 robustness_variable 2 state disable
config igmp ipif Ring11-Intet last_member_query_interval 1
config igmp check_subscriber_source_network ipif Ring11-Intet enable

# OSPF
create ospf area 1.1.1.1 type normal
config ospf ipif Ring1-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring1-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring2-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring2-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring3-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring3-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring4-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring4-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring5-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring5-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring6-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring6-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring7-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring7-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring8-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring8-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring9-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring9-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring10-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring10-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring11-Intet area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring11-Intet authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring1-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring1-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring2-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring2-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring3-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring3-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring4-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring4-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring5-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring5-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring6-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring6-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring7-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring7-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring8-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring8-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring9-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring9-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring10-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring10-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring11-Black area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring11-Black authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring1-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring1-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring2-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring2-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring3-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring3-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring4-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring4-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring5-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring5-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring6-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring6-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring7-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring7-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring8-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring8-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring9-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring9-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring10-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring10-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring11-Corp area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring11-Corp authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring1-mgmt area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring1-mgmt authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring2-mgmt area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring2-mgmt authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring3-mgmt area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring3-mgmt authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif Ring4-mgmt area 1.1.1.1 priority 1 hello_interval 10 dead_interval 40
config ospf ipif Ring4-mgmt authentication simple ospfcrpt metric 1 state enable passive enable
config ospf ipif UPS-AGG56 area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif UPS-AGG56 authentication none metric 1 state disable passive disable
config ospf ipif loopback0 area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif loopback0 authentication none metric 1 state disable passive disable
config ospf ipif P2P-BB1-Ag56 area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif P2P-BB1-Ag56 authentication none metric 1 state enable passive disable
config ospf ipif System area 0.0.0.0 priority 1 hello_interval 10 dead_interval 40
config ospf ipif System authentication none metric 1 state disable passive disable
create ospf aggregation 1.1.1.1 10.56.0.0/16 lsdb_type summary advertise enable
create ospf aggregation 1.1.1.1 172.26.208.0/22 lsdb_type summary advertise enable
config ospf router_id 172.27.176.237
enable ospf

Прошу помощи в переделывании моего конфига из Alcatel6850 для DGS-3627G.
И объясните почему у меня несрабатывает тестовый блок между подсетями.
Вернуться наверх
 Профиль  
 
terrible
СообщениеДобавлено: Пт янв 28, 2011 09:40 
Не в сети

Зарегистрирован: Пт май 05, 2006 16:52
Сообщений: 4181
Откуда: default
вместо port 1-2 deny укажите port 1-2 perm count en и вы увидите (sh access), попадают ли пакетики в вашу подсеть или нет.
Так-же, если вы проверяете пингом управляющего IP интерфейса этого-же свича - то работать не будет, т.к. пакет будет направлен напрямую в CPU свича, а не на комутацию.
Вернуться наверх
 Профиль  
 
Prometej
СообщениеДобавлено: Пт янв 28, 2011 10:04 
Не в сети

Зарегистрирован: Ср янв 21, 2009 11:38
Сообщений: 10
уже разобрался. спасибо. Я проверял пингом удаленный сувитч находяшийся за настраиваемой мной железкой. Потому если я прирезал весь трафик то и пингать не мог бы. Моя проблема заключается в том что с портов файервол собирается только IN трафик и правило не должно было срабатывать. 1-2 порты это удаленное кольцо свичей. на 21 порту куда неповешен акцесс лист живет другая сетка. Вот с этой то сети я и пингал сетку живущую на портах 1-2. Естественно правило не сработает так как трафик OUT
вместо port 1-2 deny укажите port 1-2 perm count en и вы увидите (sh access), попадают ли пакетики в вашу подсеть или нет.
Спасибо буду знать что так можно проверить правило.
Вернуться наверх
 Профиль  
 
Показать сообщения за:  Сортировать по:  
Начать новую тему Ответить на тему  Страница 1 из 1
  [ Сообщений: 3 ] 

Список форумов » Коммутаторы

Часовой пояс: UTC + 3 часа


Кто сейчас на форуме

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 203

Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете добавлять вложения

Найти:
Перейти:  
Создано на основе phpBB® Forum Software © phpBB Group
Русская поддержка phpBB