Endspiel

Здравствуйте. Испытываю некоторые проблемы при настройки VLANов на HP Office Connect 1920S, JL381A. Имеется 1 cisco router, 1 core switch 5406rzl2, 2 mobility controller 7205, 22 штуки 2930F JL259A и около 100 штук этих 1920S. Суть проблемы заключается в следующем: Я пробросил вланы на 1920S транком, на самом свитче настроил пару партов транком с натив вланом 101 для AP305 и влан 202 для раздачи сети под wifi, и попытался настроить остальные порты под access vlan 202. Wi-Fi аппараты получили свои айпи и раздают сеть нормально. Access же не работает, оборудование не получает ip по dhcp (телики, компы, и т.д.). При этом на тестовом свитче у меня все отлично работает. Прилагаю startup-conf. !Current Configuration: ! !System Description "HPE OfficeConnect Switch 1920S 24G 2SFP JL381A, PD.01.05, Linux 3.6.5-ac96795c, U-Boot 2012.10-00118-g3773021 (Oct 11 2016 - 15:39:54)" !System Software Version "PD.01.05" !System Up Time "0 days 0 hrs 34 mins 12 secs" !Additional Packages HPE QOS,HPE IPv6 Management,HPE Routing !Current SNTP Synchronized Time: SNTP Client Mode Is Disabled ! network protocol none network parms 172.30.0.216 255.255.255.0 172.30.0.1 vlan database vlan 100-101,202 vlan name 100 "management" exit network mgmt_vlan 100 ip telnet server enable configure sntp server "46.19.96.19" !clock timezone 4 minutes 0 clock timezone id 57 time-range Schedule-1 exit time-range Schedule-2 exit username "admin" password 888 level 15 encrypted no username guest line console exit line telnet exit line ssh exit snmp-server sysname "SW3502" snmp-server location "28 Floor, apartment 02" snmp-server contact "Endspiel" ! interface 1 vlan participation include 100-101,202 vlan tagging 100-101,202 exit interface 2 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 3 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 4 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 5 vlan pvid 202 vlan participation exclude 1,100 vlan participation include 202 exit interface 6 vlan pvid 202 vlan participation exclude 1,100 vlan participation include 202 exit interface 7 vlan pvid 202 vlan participation exclude 1,100 vlan participation include 202 exit interface 8 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 9 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 10 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 11 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 12 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 13 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 14 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 15 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 16 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 17 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 18 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 19 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 20 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 21 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 22 vlan pvid 202 vlan participation exclude 1 vlan participation include 202 exit interface 23 vlan pvid 101 vlan participation exclude 1 vlan participation include 101,202 vlan tagging 202 exit interface 24 vlan pvid 101 vlan participation exclude 1 vlan participation include 101,202 vlan tagging 202 exit exit Не понимаю в чем может быть проблема при идентичных настройках на тестовом свитче и на этом.

Так я уже создавал, но сделал еще раз. #vlan 3120 #exit #! #int vlan 3120 #bridge-group 1 #! #int fastEthernet 0.3120 #no ip address #bridge-group 1 #exit #! #int fa6 #switchport access vlan 3120 % Warning: port will be inactive in non-ethernet VLAN # Так надо?

#sh ver Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(15)T17, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2012 by Cisco Systems, Inc. Compiled Tue 24-Jan-12 12:46 by prod_rel_team ROM: System Bootstrap, Version 12.3(8r)YH13, RELEASE SOFTWARE (fc1) kz.alke-group.com uptime is 1 day, 21 hours, 5 minutes System returned to ROM by Reload Command at 00:01:46 UTC Fri Apr 4 2003 System image file is "flash:/c181x-advipservicesk9-mz.124-15.T17.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 1811 (MPC8500) processor (revision 0x400) with 118784K/12288K bytes of memory. Processor board ID FHK133972PF, with hardware revision 0000 10 FastEthernet interfaces 1 Serial interface 1 terminal line 63808K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102

Если не в режиме vlan database создавать, то можно. К сожалению с провайдером все глухо. #interface vlan ? <1-4094> Vlan interface number А если натить? Я сейчас подумываю натить мою вланку через айпи, который получил от их влана по дхсп, но все равно странно как-то. Соседний со мной айпишник пингуется, а нужный для регистрации воип-транка нет.

#vlan database #vlan 3120 ^ % Invalid input detected at '^' marker. #vlan ? <1-1005> ISL VLAN index У меня vtp 2 версии.

boot system flash:/c181x-advipservicesk9-mz.124-15.T17.bin ip dhcp pool local network 192.168.30.0 255.255.255.0 default-router 192.168.30.1 dns-server 172.17.1.30 8.8.8.8 ! ip dhcp pool ats network 192.168.90.0 255.255.255.0 default-router 192.168.90.1 dns-server 8.8.8.8 vtp mode transparent ! crypto keyring D-VTI pre-shared-key address 0.0.0.0 0.0.0.0 key xxx ! crypto isakmp policy 113 encr 3des hash md5 authentication pre-share group 2 ! ! crypto ipsec transform-set D-VTY esp-aes esp-sha-hmac ! crypto ipsec profile D-VTY set transform-set D-VTY ! ! archive log config hidekeys ! ! vlan 90,99-100,3120 ! ip ssh maxstartups 2 ! ! ! interface Loopback0 ip address 10.2.2.30 255.255.255.255 ! interface Tunnel2 bandwidth 90 ip unnumbered Loopback0 ip tcp adjust-mss 1448 tunnel source FastEthernet0.1433 tunnel destination xxx tunnel mode ipsec ipv4 tunnel protection ipsec profile D-VTY ! interface FastEthernet0 no ip address speed 100 full-duplex ! interface FastEthernet0.1433 description WAN-INTERNET encapsulation dot1Q 1433 ip address nnn ip nat outside ip virtual-reassembly ! interface FastEthernet0.3120 encapsulation dot1Q 3120 ip address dhcp ip nat outside ip virtual-reassembly ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 switchport access vlan 100 ! interface FastEthernet3 switchport access vlan 100 ! interface FastEthernet4 switchport access vlan 100 ! interface FastEthernet5 switchport access vlan 100 ! interface FastEthernet6 switchport access vlan 99 ! interface FastEthernet7 switchport access vlan 100 ! interface FastEthernet8 switchport access vlan 100 ! interface FastEthernet9 switchport access vlan 100 ! interface Vlan99 ip address 192.168.90.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Vlan100 ip address 192.168.30.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Async1 no ip address encapsulation slip ! router eigrp 1 passive-interface default no passive-interface Tunnel2 network 10.2.2.30 0.0.0.0 network 192.168.30.0 auto-summary ! no ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 nnn ip route 10.0.0.0 255.255.255.0 FastEthernet0.3120 ! ! ip http server no ip http secure-server ip nat inside source list 3 interface FastEthernet0.1433 overload ip nat inside source list 100 interface FastEthernet0.3120 overload ! access-list 1 permit nnn access-list 3 deny 192.168.90.0 0.0.0.255 access-list 3 permit 192.168.30.0 0.0.0.255 access-list 100 permit ip 192.168.90.0 0.0.0.255 any ! ! Провайдер подаёт мне две услуги по транку. Влан 1433 интернет и влан 3120 воип. На рутере грубо говоря 10 инт. Cisco 1811 Принимаю на рутер: int fa0.1433 encapsulation dot1Q 1433 IP address xxx IP Nat outside Int fa0.3120 encapsulation dot1Q 3120 no IP address vtp version 2 vtp mode transparent Инет настроил по 1433. Робит. int fa6 switchport access vlan 3120 Порт смотрит в Ван порт АТС, который должен по dhcp словить айпи от провайдера и подсоединить воип транки. По dhcp он ничего не получает. Но когда я прописываю на 6 интерфейса акссесс, то выдаёт ошибку. #switchport access vlan 3120 % Warning: port will be inactive in non-ethernet VLAN Не знаю то ли из-за нее не ловит, то ли по какой другой причине. На TP-Link все отлично работает. Не знаю уже куда копать и что делать. После выдачи ошибки: sh int fa6 switchport Name: Fa6 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Disabled Access Mode VLAN: 3120 ((Inactive)) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Trunking VLANs Active: 3120 Protected: false Priority for untagged frames: 0 Override vlan tag priority: FALSE Voice VLAN: none Appliance trust: none А если сделать так, то: #shut #no shut #do sh int fa6 switchport Name: Fa6 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Disabled Access Mode VLAN: 3120 (VLAN3120) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Trunking VLANs Active: 3120 Protected: false Priority for untagged frames: 0 Override vlan tag priority: FALSE Voice VLAN: none Appliance trust: none # Access mode vlan в первом случае Disabled, а во втором случае уже нет, но от этого ни холодно ни жарко. После этого я попробовал по другому. Словил по DHCP адрес на влане 3120, поставил АТС в свой влан и попытался сделать трансляцию. Не знаю правильно или нет. Номера телефонов должны регистрироваться по воип-транку на айпи 10.0.0.20, но не регистрируются. Я получаю от провайдера айпи 10.4.52.9 . Пинг с АТСки на 10.4.52.10 идёт. На 10.0.0.20 не идёт, хотя они вполне могли исмп заблочить. Собственно вопрос в том правильно ли я настроил или где-то накосячил? sh ip nat translations | include 192.168.90 udp 10.4.52.9:1024 192.168.90.2:5060 10.0.0.20:5060 10.0.0.20:5060 udp 10.4.52.9:35404 192.168.90.2:35404 8.8.8.8:53 8.8.8.8:53 udp 10.4.52.9:52984 192.168.90.2:52984 8.8.8.8:53 8.8.8.8:53 udp 10.4.52.9:53759 192.168.90.2:53759 8.8.8.8:53 8.8.8.8:53 udp 10.4.52.9:55475 192.168.90.2:55475 8.8.8.8:53 8.8.8.8:53 sh ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.0.0.20 0 Incomplete ARPA Internet 10.4.52.1 35 001e.f7f7.11c0 ARPA FastEthernet0.3120 Internet 10.4.52.9 - 0026.cb26.7bb0 ARPA FastEthernet0.3120 Internet 10.4.52.10 11 000b.82c4.a660 ARPA FastEthernet0.3120