Есть свитч DGS-1100-06/ME
Код:
System Boot Version : 1.00.000
System Protocol Version : 2.001.004
System Firmware Version : 1.05.B021
System Hardware Version : A1
используется для того чтобы запаковать несколько вланов в один внешний QinQ vlan и передать это через транзитного оператора через один vlan
аплинк порт 6 (nni)
даунлинк порт 5 (uni)
Для того чтобы управлять самим свитчом, между портами 1 и 2 сделана физическая петля. Всё работает, свитч управляется по snmp и telnet, но не работает ping (ни со свитча, ни до свитча - хоть со шлюза, хоть с любого хоста). Судя по всему, icmp трафик к/от свитча не работает через физическую петлю
Порт 3 и 4 не используются (использовались только для настройки самого свитча)
Конфиг:
Код:
# Reset Button
enable reset button
# User Account
create account admin xxx
xxx
xxx
disable password encryption
# Basic
config snmp system_name "xxx"
config syslogintimeout 5
config sysgroupinterval 0 //уже добавил, но это не помогло
enable web 80
disable web
enable clipaging
config command_prompt "xxx"
# Arp Aging Time
config arp_aging time 5
# FDB Aging Time
config fdb aging_time 300
# Telnet Setting
enable telnet 23
# Vlan
disable asymmetric_vlan
config vlan vlanid 1 delete 1-6
create vlan 35 tag 35
config vlan vlanid 35 add tagged 1,4
config vlan vlanid 35 add untagged 3
create vlan 1252 tag 1252
config vlan vlanid 1252 add tagged 6
config vlan vlanid 1252 add untagged 2,5
config port_vlan 1 pvid 1
config port_vlan 2 pvid 1252
config port_vlan 3 pvid 35
config port_vlan 4 pvid 1
config port_vlan 5 pvid 1252
config port_vlan 6 pvid 1
config ipif System vlan 35
enable pvid auto_assign
# Multicast Filter
config multicast filter disable
# IP
config ipif System state enable
config dhcp_client retry_time 7
config ipif System ipaddress 172.16.3.146/255.255.255.240
create iproute default 172.16.3.145 1
disable jumbo_frame
config ipif System dhcp_option12 state disable
config ipif System dhcp_option12 hostname DGS-1100-06/ME
config ipif System dhcpv6_client disable
config ipv6 nd ns ipif System retrans_time 1
disable ipif_ipv6_link_local_auto System
config ipif System ipv6 state disable
disable autoconfig
disable autoimage
# traffic segmentation
config traffic_segmentation 1-6 forward_list 1-6
# LLDP
disable lldp
config lldp forward_message enable
config lldp message_tx_hold_multiplier 4
config lldp message_tx_interval 30
config lldp reinit_delay 2
config lldp tx_delay 2
config lldp ports 1-6 mgt_addr ipv4 172.16.3.146 disable
config lldp ports 1-6 admin_status tx_and_rx
config lldp ports 1-6 notification disable
config lldp ports 1-6 basic_tlvs all disable
config lldp ports 1-6 dot1_tlv_pvid disable
config lldp ports 1-6 dot1_tlv_vlan_name vlanid 1-4094 disable
config lldp ports 1-6 dot1_tlv_protocol_identity eapol disable
config lldp ports 1-6 dot1_tlv_protocol_identity lacp disable
config lldp ports 1-6 dot1_tlv_protocol_identity gvrp disable
config lldp ports 1-6 dot1_tlv_protocol_identity stp disable
config lldp ports 1-6 dot3_tlvs all disable
# QoS
config qos mode 802.1p
config scheduling_mechanism strict
config port_priority 1 priority medium
config port_priority 2 priority medium
config port_priority 3 priority medium
config port_priority 4 priority medium
config port_priority 5 priority medium
config port_priority 6 priority medium
config dscp_mapping dscp_value 0 priority low
config dscp_mapping dscp_value 1 priority low
config dscp_mapping dscp_value 2 priority low
config dscp_mapping dscp_value 3 priority low
config dscp_mapping dscp_value 4 priority low
config dscp_mapping dscp_value 5 priority low
config dscp_mapping dscp_value 6 priority low
config dscp_mapping dscp_value 7 priority low
config dscp_mapping dscp_value 8 priority low
config dscp_mapping dscp_value 9 priority low
config dscp_mapping dscp_value 10 priority low
config dscp_mapping dscp_value 11 priority low
config dscp_mapping dscp_value 12 priority low
config dscp_mapping dscp_value 13 priority low
config dscp_mapping dscp_value 14 priority low
config dscp_mapping dscp_value 15 priority low
config dscp_mapping dscp_value 16 priority low
config dscp_mapping dscp_value 17 priority low
config dscp_mapping dscp_value 18 priority low
config dscp_mapping dscp_value 19 priority low
config dscp_mapping dscp_value 20 priority low
config dscp_mapping dscp_value 21 priority low
config dscp_mapping dscp_value 22 priority low
config dscp_mapping dscp_value 23 priority low
config dscp_mapping dscp_value 24 priority low
config dscp_mapping dscp_value 25 priority low
config dscp_mapping dscp_value 26 priority low
config dscp_mapping dscp_value 27 priority low
config dscp_mapping dscp_value 28 priority low
config dscp_mapping dscp_value 29 priority low
config dscp_mapping dscp_value 30 priority low
config dscp_mapping dscp_value 31 priority low
config dscp_mapping dscp_value 32 priority low
config dscp_mapping dscp_value 33 priority low
config dscp_mapping dscp_value 34 priority low
config dscp_mapping dscp_value 35 priority low
config dscp_mapping dscp_value 36 priority low
config dscp_mapping dscp_value 37 priority low
config dscp_mapping dscp_value 38 priority low
config dscp_mapping dscp_value 39 priority low
config dscp_mapping dscp_value 40 priority low
config dscp_mapping dscp_value 41 priority low
config dscp_mapping dscp_value 42 priority low
config dscp_mapping dscp_value 43 priority low
config dscp_mapping dscp_value 44 priority low
config dscp_mapping dscp_value 45 priority low
config dscp_mapping dscp_value 46 priority low
config dscp_mapping dscp_value 47 priority low
config dscp_mapping dscp_value 48 priority low
config dscp_mapping dscp_value 49 priority low
config dscp_mapping dscp_value 50 priority low
config dscp_mapping dscp_value 51 priority low
config dscp_mapping dscp_value 52 priority low
config dscp_mapping dscp_value 53 priority low
config dscp_mapping dscp_value 54 priority low
config dscp_mapping dscp_value 55 priority low
config dscp_mapping dscp_value 56 priority low
config dscp_mapping dscp_value 57 priority low
config dscp_mapping dscp_value 58 priority low
config dscp_mapping dscp_value 59 priority low
config dscp_mapping dscp_value 60 priority low
config dscp_mapping dscp_value 61 priority low
config dscp_mapping dscp_value 62 priority low
config dscp_mapping dscp_value 63 priority low
config bandwidth_control 1-6 rx_rate no_limit tx_rate no_limit
# Syslog
disable syslog
config log_save_timing on_demand
config log_save_timing on_demand
config log_save_timing on_demand
config log_save_timing on_demand
# ACL
disable cpu_interface_filtering
# SNMP
enable snmp
disable community_encryption
create snmp user ReadOnly ReadOnly v1
create snmp user ReadOnly ReadOnly v2c
create snmp user ReadWrite ReadWrite v1
create snmp user ReadWrite ReadWrite v2c
create snmp group ReadOnly v1 read_view ReadWrite notify_view ReadWrite
create snmp group ReadOnly v2c read_view ReadWrite notify_view ReadWrite
create snmp group ReadWrite v1 read_view ReadWrite write_view ReadWrite notify_view ReadWrite
create snmp group ReadWrite v2c read_view ReadWrite write_view ReadWrite notify_view ReadWrite
create snmp view ReadWrite 1 1 view_type included
create snmp community xxx ReadOnly
create snmp community yyy ReadWrite
config snmp engineID zzz
disable snmp authenticate_traps
config snmp coldstart_traps disable
config snmp warmstart_traps disable
disable snmp linkchange_traps
config snmp linkchange_traps ports 1-6 disable
disable snmp port_security_violation traps
disable snmp LBD traps
# IPv6 Neighbor_cache
# MAC address table notification
disable mac_notification
config mac_notification interval 1
config mac_notification historysize 1
config mac_notification ports 1-6 disable
# SNTP
config sntp primary 0.0.0.0 secondary 0.0.0.0 poll-interval 30
disable sntp
config time_zone operator + hour 0 minute 0
config dst disable
# DHCP_RELAY
disable dhcp_relay
config dhcp_relay hops 4
config dhcp_relay time 0
config dhcp_relay port 1-6 state disable
config dhcp_relay port 1-6 state enable
config dhcp_relay vlan vlanid 1 state enable
config dhcp_relay vlan vlanid 35,1252 state disable
config dhcp_relay option_82 state enable
config dhcp_relay option_82 check disable
config dhcp_relay option_82 policy replace
config dhcp_relay option_82 remote_id default
disable dhcp_local_relay
disable dhcpv6_relay
config dhcpv6_relay hop_count 4
config dhcpv6_relay port 1-6 state disable
config dhcpv6_relay port 1-6 state enable
config dhcpv6_relay option_37 state enable
config dhcpv6_relay option_37 check enable
config dhcpv6_relay option_37 remote_id default
# Loopback Detection
disable loopdetect
# Power Saving
config power_saving mode led disable
config power_saving mode port disable
config power_saving mode hibernation disable
config power_saving mode length_detection enable
# traffic control
config traffic trap none
config traffic control 1-6 broadcast disable multicast disable unicast disable action drop
config traffic control auto_recover_time 0
# RMON
disable rmon
# ISM vlan
disable igmp_snooping multicast_vlan
# IGMP snooping
disable igmp_snooping
config igmp_snooping all router_timeout 125
config igmp_snooping all host_timeout 260
config igmp_snooping all leave_timer 1
config igmp_snooping querier vlanid 1 state disable robustness_variable 2
config igmp_snooping querier vlanid 1 state disable query_interval 125
config igmp_snooping querier vlanid 1 state disable max_response_time 10
disable igmp_snooping forward_mcrouter_only
config igmp_snooping vlan_name default state disable fast_leave disable
config igmp_snooping querier vlan_name default state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name 35 state disable fast_leave disable
config igmp_snooping querier vlan_name 35 state disable querier_version 2 last_member_query_interval 1
config igmp_snooping vlan_name 1252 state disable fast_leave disable
config igmp_snooping querier vlan_name 1252 state disable querier_version 2 last_member_query_interval 1
config igmp access_authentication ports 1-6 state disable
# MLD Snooping
disable mld_snooping
config mld_snooping all router_timeout 125
config mld_snooping all host_timeout 260
config mld_snooping all leave_timer 1
config mld_snooping querier all robustness_variable 2
config mld_snooping querier all query_interval 125
config mld_snooping querier all max_response_time 10
disable mld_snooping forward_mcrouter_only
config mld_snooping vlan_name default state disable fast_done disable
config mld_snooping querier vlan_name default state disable
config mld_snooping vlan_name 35 state disable fast_done disable
config mld_snooping querier vlan_name 35 state disable
config mld_snooping vlan_name 1252 state disable fast_done disable
config mld_snooping querier vlan_name 1252 state disable
# 8021X
disable 802.1x
config 802.1x auth_mode port_based
config 802.1x auth_protocol local
config 802.1x fwd_pdu system enable
config 802.1x capability ports 1-6 none
config 802.1x auth_parameter ports 1-6 port_control force_auth
config 802.1x auth_parameter ports 1-6 direction both quiet_period 60 tx_period 30 supp_timeout 30 server_timeout 30 max_req 2 reauth_period 3600 enable_reauth disable
# port mirroring
# trusted host
disable trusted_host
# access authentication control
disable authen_policy
config authen parameter response_timeout 30
config authen parameter attempt 3
create authen server_group tacacs+
create authen server_group radius
create authen_login method_list_name default
config authen_login default method local
create authen_enable method_list_name default
config authen_enable default method local
config authen application telnet login method_list_name default
config authen application http login method_list_name default
config authen application telnet enable method_list_name default
config authen application http enable method_list_name default
# PPPoE
config pppoe circuit_id_insertion state disable
config pppoe circuit_id_insertion ports 1-6 circuit_id ip state disable
config pppoe circuit_id_insertion ports 1-6 remote_id default
# safeguard_engine
config safeguard_engine state disable
disable command logging
# Discover Trap setting
# QinQ
enable qinq
config qinq ports 1,3-4,6 role nni outer_tpid 0x8100
config qinq ports 2,5 role uni outer_tpid 0x8100
# Ethernet OAM
config ethernet_oam ports 1-6 state disable mode active remote_loopback stop received_remote_loopback ignore
config ethernet_oam ports 1-6 critical_link_event dying_gasp notify_state enable
config ethernet_oam ports 1-6 critical_link_event critical_event notify_state enable
config ethernet_oam ports 1-6 link_monitor error_symbol threshold 1 window 1000 notify_state enable
config ethernet_oam ports 1-6 link_monitor error_frame threshold 1 window 1000 notify_state enable
config ethernet_oam ports 1-6 link_monitor error_frame_seconds threshold 1 window 60000 notify_state enable
config ethernet_oam ports 1-6 link_monitor error_frame_period threshold 1 window 1488100 notify_state enable
# DULD
config duld ports 1-6 state disable mode normal discovery_time 5
# port
config ports 1 speed auto state enable flow_control disable mdix auto learning enable description "mgmt-tagged-for-qinq-loop"
config ports 2 speed auto state enable flow_control disable mdix auto learning enable description "mgmt-doubletagged-for-qinq-loop"
config ports 3 speed auto state enable flow_control disable mdix auto learning enable description "mgmt-port-untagged"
config ports 4 speed auto state enable flow_control disable mdix auto learning enable description "mgmt-port-tagged"
config ports 5 speed auto state enable flow_control disable mdix auto learning enable description "DOWNLINK"
config ports 6 speed auto state enable flow_control disable learning enable description "UPLINK"
config ports 1-5 capability_advertised 10_half 10_full 100_half 100_full 1000_full
# port security
config port_security 1-6 admin_state disable max_learning_addr 0 lock_address_mode DeleteOnTimeout
# Limited IP Multicast
config max_mcast_group ports 1-6 ipv4 max_group 64 action drop
config max_mcast_group ports 1-6 ipv6 max_group 64 action drop
config limited_multicast_addr ports 1-6 ipv4 access permit
config limited_multicast_addr ports 1-6 ipv6 access permit
# Flood FDB
enable flood_fdb
На сервер, куда приходит канал от транзитного оператора настроен интерейс eth0.1252.35 с адресом 172.16.3.145/28
Если делать пинг с сервера, то не приходит ответ от свитча (по tcpdump). Если пинговать со свитча, то свитч шлет icmp-запрос, сервер возрващает ответ, но свитч его не видит.
telnet и snmp до этого свитча работают с сервера
ICMP-трафик до других хостов через этот канал ходить, так что дело не в блокировке ICMP-трафика транзитным оператором. Если подключаться к свитчу через порт 3 или 4 напрямую, то ICMP работает.
Вход
Регистрация
FAQ
Поиск
