Jump to content

DHCP Snooping на SNR S3750-24S-E

SokolovS
 Share

Recommended Posts

SokolovS

SokolovS

Posted
Posted (edited)

У кого-то получилось заставить работать?

Имеется следующий тестовый конфиг:

service password-encryption
!
username admin privilege 15 password 7 *****
!
authentication line console login local
!
!
clock timezone MSK add 3 0
!
!
snmp-server enable
snmp-server community ro 7 *****
!
service dhcp
!
ip forward-protocol udp bootps
ip dhcp relay information option
!
!
ip dhcp snooping enable
ip dhcp snooping vlan 19-21
ip dhcp snooping binding enable
ip dhcp snooping binding arp
!
ip dhcp snooping information enable
ip dhcp snooping information option allow-untrusted
ip dhcp snooping information option subscriber-id format hex
!
!
!
!
spanning-tree
!
!
!
!
!
dns-server 192.168.50.249 priority 1
dns-server 192.168.50.250
!
!         
vlan 1 
!
vlan 10
name Management
!
vlan 19
name Users1
!
vlan 20
name Users2
!
vlan 21
name Users3
!
vlan 36
name SNR-S3750-uplink
!
vlan 2
name Users
supervlan
subvlan 19-21
!
Interface Ethernet1/0/1
!         
Interface Ethernet1/0/2
!
Interface Ethernet1/0/3
!
Interface Ethernet1/0/4
!
Interface Ethernet1/0/5
!
Interface Ethernet1/0/6
!
Interface Ethernet1/0/7
!
Interface Ethernet1/0/8
!
Interface Ethernet1/0/9
!
Interface Ethernet1/0/10
!
Interface Ethernet1/0/11
!
Interface Ethernet1/0/12
!
Interface Ethernet1/0/13
!         
Interface Ethernet1/0/14
!
Interface Ethernet1/0/15
!
Interface Ethernet1/0/16
!
Interface Ethernet1/0/17
!
Interface Ethernet1/0/18
!
Interface Ethernet1/0/19
media-type copper
switchport mode trunk
switchport trunk allowed vlan 19 
switchport trunk native vlan 19
ip dhcp snooping binding user-control
ip dhcp snooping binding user-control max-user 30
ip dhcp snooping action blackhole recovery 30
!
Interface Ethernet1/0/20
media-type copper
switchport mode trunk
switchport trunk allowed vlan 20 
switchport trunk native vlan 20
ip dhcp snooping binding user-control
ip dhcp snooping binding user-control max-user 30
ip dhcp snooping action blackhole recovery 30
!
Interface Ethernet1/0/21
media-type copper
switchport mode trunk
switchport trunk allowed vlan 21 
switchport trunk native vlan 21
ip dhcp snooping binding user-control
ip dhcp snooping binding user-control max-user 30
ip dhcp snooping action blackhole recovery 30
!
Interface Ethernet1/0/22
media-type copper
description UpLink
switchport mode trunk
switchport trunk allowed vlan 10;36 
ip dhcp snooping trust
!
Interface Ethernet1/0/23
!
Interface Ethernet1/0/24
!         
Interface Ethernet1/0/25
!
Interface Ethernet1/0/26
!
Interface Ethernet1/0/27
!
Interface Ethernet1/0/28
!
interface Vlan2
ip pim sparse-mode
ip local proxy-arp
ip address 192.168.254.1 255.255.255.0
 !forward protocol udp 67(active)!
ip helper-address 192.168.50.250
ip helper-address 192.168.50.249
!
interface Vlan10
ip address 10.244.11.1 255.255.0.0
!
interface Vlan36
ip ospf mtu-ignore
ip pim sparse-mode
ip address 192.168.2.194 255.255.255.252
!         
ip pim multicast-routing
!
router ospf 100
ospf router-id 10.244.11.1
log-adjacency-changes detail 
network 192.168.2.0 0.0.0.255 area 100
redistribute connected
redistribute static
summary-address 192.168.254.0/24
!
ntp enable
ntp server 192.168.50.249
!
!
no login
!
!
end

 

Версия прошивки последняя доступная на data.nag.ru 7.0.3.5(B207.0008).

av151-snr-3750G-24s#sh ver
 SNR-S3750G-24S-E Device, Compiled on May 19 09:16:44 2014
 sysLocation Test location
 CPU Mac f8:f0:82:10:1a:ed
 Vlan MAC f8:f0:82:10:1a:ec
 SoftWare Version 7.0.3.5(B0207.0008)
 BootRom Version 7.1.4
 HardWare Version 1.0.2
 CPLD Version N/A
 Serial No.:SW032710D608000027
 Copyright (C) 2014 NAG LLC
 All rights reserved
 Last reboot is warm reset.
 Uptime is 0 weeks, 0 days, 0 hours, 13 minutes

 

Проблемы такие:

1. После получения адреса по DHCP шлюз не пингуется по причине того, что он не отвечает на APR запросы. Иногда отвечает и после этого пинг идет и все начинает работать.

# arping -I eth1 192.168.254.1
ARPING 192.168.254.1 from 192.168.254.128 eth1
^CSent 16 probes (16 broadcast(s))
Received 0 response(s)

 

#sh mac-address-table | inc 00-14-d1-16-8c-c6
21   00-14-d1-16-8c-c6           STATIC  App      Ethernet1/0/21
av151-snr-3750G-24s#sh arp | inc 00-14-d1-16-8c-c6              
192.168.254.128  00-14-d1-16-8c-c6  Vlan2         Ethernet1/0/21  Dynamic   298                 21

 

2. После релиза адреса полученного по DHCP, запись из биндингов иногда пропадает, а иногда так и остается висеть и никакой последующий релиз это уже не изменит.

# dhclient eth1
# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:14:d1:16:8c:c6  
         inet addr:192.168.254.128  Bcast:192.168.254.255  Mask:255.255.255.0
         inet6 addr: fe80::214:d1ff:fe16:8cc6/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:150609 errors:0 dropped:0 overruns:0 frame:0
         TX packets:87703 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000 
         RX bytes:63035649 (63.0 MB)  TX bytes:40125910 (40.1 MB)
         Interrupt:16 Base address:0xb000

 

# dhclient -r eth1
# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:14:d1:16:8c:c6  
         inet6 addr: fe80::214:d1ff:fe16:8cc6/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:150609 errors:0 dropped:0 overruns:0 frame:0
         TX packets:87704 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000 
         RX bytes:63035649 (63.0 MB)  TX bytes:40125970 (40.1 MB)
         Interrupt:16 Base address:0xb000

 

av151-snr-3750G-24s#sh ip dhcp snooping binding all
ip dhcp snooping static binding count:0, dynamic binding count:1

MAC                 IP address          Interface           Vlan ID   Flag      
----------------------------------------------------------------------------
00-14-d1-16-8c-c6   192.168.254.128     Ethernet1/0/21      21        DL        
----------------------------------------------------------------------------

 

3. Команда ip dhcp snooping binding arp не играет никакой роли. Запись в FDB таблице всегда создается статическая, а в ARP таблице динамическая.

av151-snr-3750G-24s#sh mac-address-table | inc 00-14-d1-16-8c-c6
21   00-14-d1-16-8c-c6           STATIC  App      Ethernet1/0/21
av151-snr-3750G-24s#sh arp | inc 00-14-d1-16-8c-c6              
192.168.254.128  00-14-d1-16-8c-c6  Vlan2         Ethernet1/0/21  Dynamic   885                 21

Edited by SokolovS

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.