обновил прошивку с 1.20 до 2.60
к этому свичу подключены еще 3 длинка (каждый в своем валане). клиенты из валанов не могут достучаться до dhcp сервера подключенно к 3450.
подозреваю что косяк в конфиге, вставляю его
#-------------------------------------------------------------------------------
# DGS-3450 Gigabit Ethernet Switch
# Configuration
#
# Firmware: Build 2.60.B26
# Copyright(C) 2009 D-Link Corporation. All rights reserved.
#-------------------------------------------------------------------------------
# STACK
# DOUBLE_VLAN
disable double_vlan
# BASIC
# ACCOUNT LIST
create account admin admin
-----
-----
# ACCOUNT END
# PASSWORD ENCRYPTION
disable password encryption
config serial_port auto_logout 10_minutes
disable telnet
enable web 80
enable clipaging
# STORM
config traffic trap none
config traffic control 1-50 broadcast disable multicast disable unicast disable action drop threshold 131072 countdown 0 time_interval 5
# LOOP_DETECT
# GM
config sim candidate
disable sim
config sim dp_interval 30
config sim hold_time 100
# GM_H
# SYSLOG
disable syslog
config system_severity log information
config system_severity trap information
config log_save_timing on_demand
# QOS
config scheduling_mechanism strict
config scheduling 0 max_packet 1
config scheduling 1 max_packet 2
config scheduling 2 max_packet 3
config scheduling 3 max_packet 4
config scheduling 4 max_packet 5
config scheduling 5 max_packet 6
config scheduling 6 max_packet 7
config 802.1p user_priority 0 2
config 802.1p user_priority 1 0
config 802.1p user_priority 2 1
config 802.1p user_priority 3 3
config 802.1p user_priority 4 4
config 802.1p user_priority 5 5
config 802.1p user_priority 6 6
config 802.1p user_priority 7 6
enable hol_prevention
config 802.1p default_priority 1-50 0
config bandwidth_control 1-50 rx_rate no_limit tx_rate no_limit
# MIRROR
disable mirror
# TRAF-SEGMENTATION
config traffic_segmentation 1-50 forward_list all
# SSL
disable ssl
enable ssl ciphersuite RSA_with_RC4_128_MD5
enable ssl ciphersuite RSA_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite DHE_DSS_with_3DES_EDE_CBC_SHA
enable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
config ssl cachetimeout 600
# PORT
disable jumbo_frame
config ports 1-44 speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full flow_control disable learning enable state enable
config ports 45-48 medium_type copper speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full flow_control disable learning enable state enable
config ports 45-48 medium_type fiber speed auto capability_advertised 1000_full flow_control disable learning enable state enable
config ports 49-50 speed auto flow_control disable learning enable state enable
# PORT_LOCK
config port_security ports 1-50 admin_state disable max_learning_addr 1 lock_address_mode DeleteOnReset
# SNMPv3
delete snmp community public
delete snmp community private
delete snmp user initial
delete snmp group initial
delete snmp group ReadGroup
delete snmp group WriteGroup
delete snmp view restricted all
delete snmp view CommunityView all
config snmp engineID 800000ab0300179a104165
create snmp view restricted 1.3.6.1.2.1.1 view_type included
create snmp view restricted 1.3.6.1.2.1.11 view_type included
create snmp view restricted 1.3.6.1.6.3.10.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.11.2.1 view_type included
create snmp view restricted 1.3.6.1.6.3.15.1.1 view_type included
create snmp view CommunityView 1 view_type included
create snmp view CommunityView 1.3.6.1.6.3 view_type excluded
create snmp view CommunityView 1.3.6.1.6.3.1 view_type included
create snmp group public v1 read_view CommunityView notify_view CommunityView
create snmp group public v2c read_view CommunityView notify_view CommunityView
create snmp group initial v3 noauth_nopriv read_view restricted notify_view restricted
create snmp group private v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group private v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group ReadGroup v1 read_view CommunityView notify_view CommunityView
create snmp group ReadGroup v2c read_view CommunityView notify_view CommunityView
create snmp group WriteGroup v1 read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp group WriteGroup v2c read_view CommunityView write_view CommunityView notify_view CommunityView
create snmp community private view CommunityView read_write
create snmp community public view CommunityView read_only
create snmp user initial initial
# MANAGEMENT
enable snmp traps
enable snmp authenticate_traps
disable snmp
enable snmp linkchange_traps
disable rmon
config snmp linkchange_traps ports 1-50 enable
# VLAN
enable pvid auto_assign
config vlan default delete 1-50
config vlan default add tagged 46-50
config vlan default add untagged 1-41,45
config vlan default advertisement enable
create vlan hav tag 2
config vlan hav add tagged 46-50
config vlan hav add untagged 42 advertisement disable
create vlan dvo tag 3
config vlan dvo add tagged 39,46-50
config vlan dvo add untagged 44 advertisement disable
create vlan tr tag 6
config vlan tr add tagged 46-50
config vlan tr add untagged 43 advertisement disable
create vlan pr tag 7
config vlan pr add tagged 46-48 advertisement disable
create vlan ats tag 20
config vlan ats add tagged 46-50 advertisement disable
create vlan sw tag 172
config vlan sw add tagged 46-50 advertisement disable
disable qinq
disable gvrp
config gvrp 1-41,45-50 state disable ingress_checking enable acceptable_frame admit_all pvid 1
config gvrp 42 state disable ingress_checking enable acceptable_frame admit_all pvid 2
config gvrp 43 state disable ingress_checking enable acceptable_frame admit_all pvid 6
config gvrp 44 state disable ingress_checking enable acceptable_frame admit_all pvid 3
# PROTOCOL_VLAN
# QINQ
config qinq ports 1-50 missdrop disable tpid 0x8100
# RSPAN
disable rspan
# 8021X
disable 802.1x
config 802.1x auth_mode port_based
config 802.1x auth_protocol radius_eap
config 802.1x fwd_pdu system disable
config 802.1x max_users 4000
config 802.1x authorization network radius enable
config 802.1x capability ports 1-50 none
config 802.1x auth_parameter ports 1-50 direction both port_control auto quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
config 802.1x auth_parameter ports 1-50 max_users 16
# guestvlan
# TR
# ACL
disable cpu_interface_filtering
# LIMITED_MULTICAST_RANGE
# MULTICAST_VLAN
# FDB
config fdb aging_time 300
# ADDRBIND
config address_binding ip_mac ports 1-50 forward_dhcppkt enable
disable address_binding dhcp_snoop
disable address_binding trap_log
config address_binding dhcp_snoop max_entry ports 1-50 limit no_limit
# DhcpServerScreening
config filter dhcp_server port all state disable
config filter dhcp_server illegal_server_log_suppress_duration 5min
config filter dhcp_server trap_log disable
# MAC_ADDRESS_TABLE_NOTIFICATION
disable mac_notification
config mac_notification interval 1 historysize 1
config mac_notification ports 1-50 disable
# STP
config stp version rstp
config stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 3 fbpdu enable hellotime 2 lbd enable lbd_recover_timer 60 nni_bpdu_addr dot1ad
config stp priority 0 instance_id 0
config stp mst_config_id name 00:17:9A:10:41:65 revision_level 0
enable stp
config stp ports 1-48 externalCost auto edge true p2p auto state disable restricted_role false restricted_tcn false lbd disable
config stp mst_ports 1-50 instance_id 0 internalCost auto priority 128
config stp ports 1-50 fbpdu disable
config stp ports 49-50 externalCost auto edge false p2p auto state enable restricted_role false restricted_tcn false lbd disable
# BPDU_TUNNEL
config bpdu_tunnel ports all type none
disable bpdu_tunnel
# SAFEGUARD_ENGINE
config safeguard_engine state disable utilization rising 30 falling 20 trap_log disable mode fuzzy
# BANNER_PROMP
config command_prompt default
config greeting_message default
# SSH
config ssh algorithm 3DES enable
config ssh algorithm AES128 enable
config ssh algorithm AES192 enable
config ssh algorithm AES256 enable
config ssh algorithm arcfour enable
config ssh algorithm blowfish enable
config ssh algorithm cast128 enable
config ssh algorithm twofish128 enable
config ssh algorithm twofish192 enable
config ssh algorithm twofish256 enable
config ssh algorithm MD5 enable
config ssh algorithm SHA1 enable
config ssh algorithm RSA enable
config ssh algorithm DSA enable
config ssh authmode password enable
config ssh authmode publickey enable
config ssh authmode hostbased enable
config ssh server maxsession 8
config ssh server contimeout 120
config ssh server authfail 2
config ssh server rekey never
config ssh server port 22
config ssh user admin authmode password
enable ssh
# SNTP
disable sntp
config time_zone operator + hour 0 min 0
config sntp primary 0.0.0.0 secondary 0.0.0.0 poll-interval 720
config dst disable
# LACP
config link_aggregation algorithm mac_source
config lacp_port 1-50 mode passive
# IP
config ipif System ipaddress 172.16.0.10/24 vlan default
disable autoconfig
# IPMCREP
# DHCP_SERVER
config dhcp ping_packets 2
config dhcp ping_timeout 500
disable dhcp_server
# WAC
config wac switch_http_port 80
config wac method local
config wac authorization network local enable
config wac authorization network radius enable
disable wac
config wac ports 1-50 aging_time 1440 idle_time infinite block_time 60
# JWAC
config jwac switch_http_port 80
config jwac clear_quarantine_server_url
config jwac radius_protocol pap
disable jwac quarantine_server_monitor
config jwac quarantine_server_error_timeout 60
enable jwac forcible_logout
enable jwac udp_filtering
enable jwac redirect
config jwac redirect destination quarantine_server delay_time 1
disable jwac
config jwac authenticate_page english
config jwac auth_failover disable
config jwac authorization network radius enable
config jwac authorization network local enable
config jwac ports 1-50 auth_mode host_based max_authenticating_host 50 aging_time 1440 idle_time infinite block_time 60
# SFLOW
# LLDP
disable lldp
config lldp message_tx_interval 30
config lldp tx_delay 2
config lldp message_tx_hold_multiplier 4
config lldp reinit_delay 2
config lldp notification_interval 5
config lldp ports 1-50 notification disable
config lldp ports 1-50 admin_status tx_and_rx
# MBA
disable mac_based_access_control
config mac_based_access_control auth_failover disable
config mac_based_access_control authorization network radius enable local enable
config mac_based_access_control ports 1-50 state disable
config mac_based_access_control ports 1-50 mode host_based
config mac_based_access_control method local
config mac_based_access_control password default
config mac_based_access_control max_users 128
# MCFILTER
config multicast filtering_mode default forward_unregistered_groups
config multicast filtering_mode hav forward_unregistered_groups
config multicast filtering_mode dvo forward_unregistered_groups
config multicast filtering_mode tr forward_unregistered_groups
config multicast filtering_mode pr forward_unregistered_groups
config multicast filtering_mode ats forward_unregistered_groups
config multicast filtering_mode sw forward_unregistered_groups
# MULTI_AUTHEN
config authentication ports 1-50 auth_mode host_based
config authentication ports 1-50 multi_authen_methods none
enable authorization network
# SNOOP
config igmp_snooping vlan default report_suppression disable
config igmp_snooping vlan default state disable fast_leave disable
config igmp_snooping querier vlan default query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable version 3
config igmp_snooping vlan hav report_suppression disable
config igmp_snooping vlan hav state disable fast_leave disable
config igmp_snooping querier vlan hav query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable version 3
config igmp_snooping vlan dvo report_suppression disable
config igmp_snooping vlan dvo state disable fast_leave disable
config igmp_snooping querier vlan dvo query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable version 3
config igmp_snooping vlan tr report_suppression disable
config igmp_snooping vlan tr state disable fast_leave disable
config igmp_snooping querier vlan tr query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable version 3
config igmp_snooping vlan pr report_suppression disable
config igmp_snooping vlan pr state disable fast_leave disable
config igmp_snooping querier vlan pr query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable version 3
config igmp_snooping vlan ats report_suppression disable
config igmp_snooping vlan ats state disable fast_leave disable
config igmp_snooping querier vlan ats query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable version 3
config igmp_snooping vlan sw report_suppression disable
config igmp_snooping vlan sw state disable fast_leave disable
config igmp_snooping querier vlan sw query_interval 125 max_response_time 10 robustness_variable 2 last_member_query_interval 1 state disable version 3
config limited multicast address 1-50 from 0.0.0.0 to 0.0.0.0 state disable
# MLDSNP
config mld_snooping vlan default state disable fast_done disable
config mld_snooping querier vlan default query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 state disable version 2
config mld_snooping vlan hav state disable fast_done disable
config mld_snooping querier vlan hav query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 state disable version 2
config mld_snooping vlan dvo state disable fast_done disable
config mld_snooping querier vlan dvo query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 state disable version 2
config mld_snooping vlan tr state disable fast_done disable
config mld_snooping querier vlan tr query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 state disable version 2
config mld_snooping vlan pr state disable fast_done disable
config mld_snooping querier vlan pr query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 state disable version 2
config mld_snooping vlan ats state disable fast_done disable
config mld_snooping querier vlan ats query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 state disable version 2
config mld_snooping vlan sw state disable fast_done disable
config mld_snooping querier vlan sw query_interval 125 max_response_time 10 robustness_variable 2 last_listener_query_interval 1 state disable version 2
# ACCESS_AUTHENTICATION_CONTROL
config authen_login default method local
config authen_enable default method local_enable
config authen application console login default
config authen application console enable default
config authen application telnet login default
config authen application telnet enable default
config authen application ssh login default
config authen application ssh enable default
config authen application http login default
config authen application http enable default
config authen parameter response_timeout 30
config authen parameter attempt 3
disable authen_policy
config accounting service network state disable
config accounting service shell state disable
config accounting service system state disable
# AAA_LOCAL_ENABLE_PASSWORD
# AAA ADMIN PWD LIST
config admin local_enable
# AAA ADMIN PWD END
# DHCP_RELAY
disable dhcp_relay
config dhcp_relay hops 4 time 0
config dhcp_relay option_82 state disable
config dhcp_relay option_82 check disable
config dhcp_relay option_82 policy replace
config dhcp_relay option_60 state disable
config dhcp_relay option_61 state disable
config dhcp_relay option_60 default mode drop
config dhcp_relay option_61 default drop
# NDP
config ipv6 nd ns ipif System retrans_time 0
config ipv6 nd ra ipif System state disable life_time 1800 reachable_time 1200000 retrans_time 0 hop_limit 64 managed_flag disable other_config_flag disable min_rtr_adv_interval 198 max_rtr_adv_interval 600
# ARP
config arp_aging time 20
config gratuitous_arp send ipif_status_up disable
config gratuitous_arp send dup_ip_detected disable
config gratuitous_arp learning disable
# ROUTE
create iproute default 172.16.0.1 1 primary
#-------------------------------------------------------------------
# End of configuration file for DGS-3450
#-------------------------------------------------------------------
судя по логам на сервере dhcp запросы клиентов из не default валанов не приходят
Вход
Регистрация
FAQ
Поиск
