Jump to content

SNR-S2950-24G+MikroTuk Настройка SNR

Добрый день! Только начал изучать конфигурирование SNR-S2950-24G.

Схема следующая. На доступе SNR-S2950-24G, в качестве NAS-MikroTik, на VLAN'е 1-управление SNR'ами, на VLAN'е 1001-клиенты(все на одном, или лучше разделить?).

Опция 82 не особо нужна.

Активация клиентов происходит по MAC адресу биллингом.

Прикручен QOS(насколько он в данном случае эффективен?).

"Взлетит" или "на взлетит" следующий конфиг, что можно бы добавить, а что лишнее?:

!
no service password-encryption
!
hostname Switch
sysLocation p.ignatev
sysContact p.ignatev
!
username admin privilege 15 password 0 xxxxxxxx
!
!
!
ssh-server enable
!
!
access-list 110 permit ip any-source any-destination
access-list 111 permit tcp any-source s-port 80 any-destination
access-list 111 permit tcp any-source any-destination d-port 80
access-list 111 permit tcp any-source s-port 8080 any-destination
access-list 111 permit tcp any-source any-destination d-port 8080
access-list 111 permit tcp any-source s-port 143 any-destination
access-list 111 permit tcp any-source any-destination d-port 143
access-list 111 permit tcp any-source s-port 220 any-destination
access-list 111 permit tcp any-source any-destination d-port 220
access-list 111 permit tcp any-source s-port 585 any-destination
access-list 111 permit tcp any-source any-destination d-port 585
access-list 111 permit tcp any-source s-port 993 any-destination
access-list 111 permit tcp any-source any-destination d-port 993
access-list 111 permit tcp any-source s-port 25 any-destination
access-list 111 permit tcp any-source any-destination d-port 25
access-list 111 permit tcp any-source s-port 110 any-destination
access-list 111 permit tcp any-source any-destination d-port 110
access-list 111 permit tcp any-source s-port 4590 any-destination
access-list 111 permit tcp any-source any-destination d-port 4590
access-list 111 permit tcp any-source s-port 1723 any-destination
access-list 111 permit tcp any-source any-destination d-port 1723
access-list 111 permit tcp any-source s-port 5190 any-destination
access-list 111 permit tcp any-source any-destination d-port 5190
access-list 111 permit tcp any-source s-port 5222 any-destination
access-list 111 permit tcp any-source any-destination d-port 5222
access-list 111 permit tcp any-source s-port 443 any-destination
access-list 111 permit tcp any-source any-destination d-port 443
access-list 111 permit tcp any-source s-port 5223 any-destination
access-list 111 permit tcp any-source any-destination d-port 5223
access-list 112 permit tcp any-source s-port 5800 any-destination
access-list 112 permit tcp any-source any-destination d-port 5800
access-list 112 permit tcp any-source s-port 5801 any-destination
access-list 112 permit tcp any-source any-destination d-port 5801
access-list 112 permit tcp any-source s-port 5900 any-destination
access-list 112 permit tcp any-source any-destination d-port 5900
access-list 112 permit tcp any-source s-port 5901 any-destination
access-list 112 permit tcp any-source any-destination d-port 5901
access-list 112 permit tcp any-source s-port 5902 any-destination
access-list 112 permit tcp any-source any-destination d-port 5902
access-list 112 permit tcp any-source s-port 3389 any-destination
access-list 112 permit tcp any-source any-destination d-port 3389
access-list 112 permit tcp any-source s-port 516 any-destination
access-list 112 permit tcp any-source any-destination d-port 516
access-list 112 permit tcp any-source s-port 583 any-destination
access-list 112 permit tcp any-source any-destination d-port 583
access-list 112 permit tcp any-source s-port 1398 any-destination
access-list 112 permit tcp any-source any-destination d-port 1398
access-list 112 permit tcp any-source s-port 1518 any-destination
access-list 112 permit tcp any-source any-destination d-port 1518
access-list 112 permit tcp any-source s-port 1519 any-destination
access-list 112 permit tcp any-source any-destination d-port 1519
access-list 112 permit tcp any-source s-port 1566 any-destination
access-list 112 permit tcp any-source any-destination d-port 1566
access-list 112 permit tcp any-source s-port 2232 any-destination
access-list 112 permit tcp any-source any-destination d-port 2232
access-list 112 permit tcp any-source s-port 4444 any-destination
access-list 112 permit tcp any-source any-destination d-port 4444
access-list 112 permit tcp any-source s-port 5714 any-destination
access-list 112 permit tcp any-source any-destination d-port 5714
access-list 112 permit tcp any-source s-port 7648 any-destination
access-list 112 permit tcp any-source any-destination d-port 7648
access-list 112 permit tcp any-source s-port 7649 any-destination
access-list 112 permit tcp any-source any-destination d-port 7649
access-list 112 permit tcp any-source s-port 7650 any-destination
access-list 112 permit tcp any-source any-destination d-port 7650
access-list 112 permit tcp any-source s-port 7651 any-destination
access-list 112 permit tcp any-source any-destination d-port 7651
access-list 112 permit tcp any-source s-port 22 any-destination
access-list 112 permit tcp any-source any-destination d-port 22
access-list 112 permit tcp any-source s-port 23 any-destination
access-list 112 permit tcp any-source any-destination d-port 23
access-list 112 permit tcp any-source s-port 21 any-destination
access-list 112 permit tcp any-source any-destination d-port 21
access-list 112 permit tcp any-source s-port 2000 any-destination
access-list 112 permit tcp any-source any-destination d-port 2000
access-list 112 permit tcp any-source s-port 2003 any-destination
access-list 112 permit tcp any-source any-destination d-port 2003
access-list 112 permit tcp any-source s-port 2106 any-destination
access-list 112 permit tcp any-source any-destination d-port 2106
access-list 112 permit tcp any-source s-port 2009 any-destination
access-list 112 permit tcp any-source any-destination d-port 2009
access-list 112 permit tcp any-source s-port 7777 any-destination
access-list 112 permit tcp any-source any-destination d-port 7777
access-list 112 permit tcp any-source s-port 1119 any-destination
access-list 112 permit tcp any-source any-destination d-port 1119
access-list 112 permit tcp any-source s-port 3724 any-destination
access-list 112 permit tcp any-source any-destination d-port 3724
access-list 112 permit tcp any-source s-port 4000 any-destination
access-list 112 permit tcp any-source any-destination d-port 4000
access-list 112 permit tcp any-source s-port 6112 any-destination
access-list 112 permit tcp any-source any-destination d-port 6112
access-list 112 permit tcp any-source s-port 6113 any-destination
access-list 112 permit tcp any-source any-destination d-port 6113
access-list 112 permit tcp any-source s-port 6114 any-destination
access-list 112 permit tcp any-source any-destination d-port 6114
access-list 112 permit tcp any-source s-port 3074 any-destination
access-list 112 permit tcp any-source any-destination d-port 3074
access-list 112 permit tcp any-source s-port 28960 any-destination
access-list 112 permit tcp any-source any-destination d-port 28960
access-list 114 permit udp any-source 239.255.2.0 0.0.1.255
access-list 115 permit tcp any-source s-port 1025 any-destination
access-list 115 permit tcp any-source s-port 1720 any-destination
access-list 115 permit tcp any-source any-destination d-port 1025
access-list 115 permit tcp any-source any-destination d-port 1720
access-list 115 permit tcp any-source s-port 1045 any-destination
access-list 115 permit tcp any-source s-port 1027 any-destination
access-list 115 permit tcp any-source any-destination d-port 1045
access-list 115 permit tcp any-source any-destination d-port 1027
access-list 115 permit udp any-source s-port 1024 any-destination
access-list 115 permit udp any-source any-destination d-port 1024
access-list 116 permit tcp any-source s-port 37 any-destination
access-list 116 permit tcp any-source any-destination d-port 37
access-list 116 permit udp any-source s-port 68 any-destination
access-list 116 permit udp any-source any-destination d-port 67
access-list 116 permit udp any-source s-port 53 any-destination
access-list 116 permit udp any-source any-destination d-port 53
access-list 116 permit icmp any-source any-destination
access-list 116 permit tcp any-source s-port 161 any-destination
access-list 116 permit tcp any-source s-port 162 any-destination
access-list 116 permit tcp any-source any-destination d-port 161
access-list 116 permit tcp any-source any-destination d-port 162
access-list 116 permit udp any-source s-port 161 any-destination
access-list 116 permit udp any-source s-port 162 any-destination
access-list 116 permit udp any-source any-destination d-port 161
access-list 116 permit udp any-source any-destination d-port 162
access-list 116 permit tcp any-source s-port 179 any-destination
access-list 116 permit udp any-source s-port 179 any-destination
access-list 116 permit tcp any-source any-destination d-port 179
access-list 116 permit udp any-source any-destination d-port 179
access-list 116 permit tcp any-source s-port 1812 any-destination
access-list 116 permit tcp any-source s-port 1813 any-destination
access-list 116 permit tcp any-source any-destination d-port 1812
access-list 116 permit tcp any-source any-destination d-port 1813
access-list 116 permit udp any-source s-port 1812 any-destination
access-list 116 permit udp any-source s-port 1813 any-destination
access-list 116 permit udp any-source any-destination d-port 1812
access-list 116 permit udp any-source any-destination d-port 1813
!
!
mls qos
wrr-queue bandwidth 1 4 32 0
wrr-queue cos-map 1 7
wrr-queue cos-map 2 1
wrr-queue cos-map 4 5
!
!
class-map cl_0
match access-group 110
!
class-map cl_1
match access-group 111
!
class-map cl_2
match access-group 112
!
class-map cl_4
match access-group 114
!
class-map cl_5
match access-group 115
!
class-map cl_6
match access-group 116
!
!
policy-map dscp_map
class cl_6
set ip dscp 48
exit
class cl_5
set ip dscp 40
exit
class cl_4
set ip dscp 32
exit
class cl_2
set ip dscp 16
exit
class cl_1
set ip dscp 8
exit
class cl_0
set ip dscp 0
exit
!
!
ip forward-protocol udp bootps
!
ip dhcp snooping enable
ip dhcp snooping vlan 1001
ip dhcp snooping binding enable
!
ip dhcp snooping information enable
ip dhcp snooping information option subscriber-id format hex
!         
!
!
!
!
!
sflow version 0
!
!
vlan 1;1000-1001 
!
Interface Ethernet1/1
switchport access vlan 1001
service-policy input dscp_map
ip dhcp snooping binding user-control
ip dhcp snooping binding user-control max-user 50

....................
....................
....................
!
Interface Ethernet1/24
switchport access vlan 1001
service-policy input dscp_map
ip dhcp snooping binding user-control
ip dhcp snooping binding user-control max-user 50
!
Interface Ethernet1/25
switchport mode trunk
switchport trunk allowed vlan 1;1001 
switchport trunk native vlan 1000
ip dhcp snooping trust vlan 1001
!
Interface Ethernet1/26
switchport mode trunk
switchport trunk allowed vlan 1;1001 
switchport trunk native vlan 1000
ip dhcp snooping trust vlan 1001
!
interface Vlan1
ip address 10.20.0.10 255.255.255.0
!
interface Vlan1001
!         
!
no login
!
!
end

 

Спасибо.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.