Hi All!
Есть свитчь ES3510, используется сие чудо для пиринга с некой конторой, проброски некого влана дальше на более тупые свитчи и т.д.
Но тут сталаст одна не увязка. Контора с которой происходит пиринг, поменяла оборудование со своей стороны и к нам в сеть посыпался их GVRP трафик.
Как можно заблокировать этот трафик на Edge-Core ES3510? Ломаю уже второй день голову.
hostname ES3510SW
SNTP server 10.1.1.1 0.0.0.0 0.0.0.0
!
SNTP client
clock timezone EET hours 2 minute 0 after-UTC
!
broadcast byte-rate 10 level 13
!
snmp-server community public ro
snmp-server community private rw
!
no SNMP-server enable traps authentication
SNMP-server host 10.1.1.15 public version 1 udp-port 162
!
username admin access-level 15
username admin password 7 084e0343a0486ff05530df6c705c8bb4
username guest access-level 0
username guest password 7 084e0343a0486ff05530df6c705c8bb4
enable password level 15 7 084e0343a0486ff05530df6c705c8bb4
!
logging host 10.1.1.15
logging trap
!
VLAN database
VLAN 1 name DefaultVlan media ethernet state active
VLAN 102 name ml_clients media ethernet state active
VLAN 103 name switch_ml media ethernet state active
VLAN 361 name peer361 media ethernet state active
VLAN 362 name peer362 media ethernet state active
VLAN 363 name peer363 media ethernet state active
VLAN 364 name peer364 media ethernet state active
VLAN 4093 media ethernet state active
!
spanning-tree MST configuration
!
no ip dhcp snooping verify mac-address
!
no lldp
!
interface ethernet 1/1
broadcast byte-rate 10 level 13
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface ethernet 1/2
broadcast byte-rate 10 level 13
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface ethernet 1/3
description IbPeeringPort
broadcast byte-rate 10 level 13
rate-limit input scale 1M level 15
rate-limit output scale 1M level 15
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 361-364,4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface ethernet 1/4
description ClientPort
broadcast byte-rate 10 level 13
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface ethernet 1/5
description ClientPort
broadcast byte-rate 10 level 13
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface ethernet 1/6
description PrivatClientPort6
broadcast byte-rate 10 level 13
rate-limit input scale 1M level 10
rate-limit output scale 1M level 10
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface ethernet 1/7
description ClientPort7
broadcast byte-rate 10 level 13
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface ethernet 1/8
description ClientPort8
broadcast byte-rate 10 level 13
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface ethernet 1/9
description AsotelVector1908
no capabilities 1000full
broadcast byte-rate 10 level 13
no switchport broadcast
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 102,103,4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface ethernet 1/10
description Uplink
no capabilities 1000full
broadcast byte-rate 10 level 13
no switchport broadcast
switchport allowed vlan add 1 untagged
switchport native vlan 1
switchport allowed vlan add 102,103,361-364,4093 tagged
no spanning-tree port-bpdu-flooding
spanning-tree spanning-disabled
!
interface VLAN 1
IP address 10.1.1.105 255.255.255.0
!
no IP HTTP secure-server
!
IP default-gateway 10.1.1.1
!
no spanning-tree
!
no IP IGMP snooping
!
line console
silent-time 0
!
line VTY
!
end
!