Jump to content
Калькуляторы

SNR-S2950-24G+MikroTuk Настройка SNR

Добрый день! Только начал изучать конфигурирование SNR-S2950-24G.

Схема следующая. На доступе SNR-S2950-24G, в качестве NAS-MikroTik, на VLAN'е 1-управление SNR'ами, на VLAN'е 1001-клиенты(все на одном, или лучше разделить?).

Опция 82 не особо нужна.

Активация клиентов происходит по MAC адресу биллингом.

Прикручен QOS(насколько он в данном случае эффективен?).

"Взлетит" или "на взлетит" следующий конфиг, что можно бы добавить, а что лишнее?:

!
no service password-encryption
!
hostname Switch
sysLocation p.ignatev
sysContact p.ignatev
!
username admin privilege 15 password 0 xxxxxxxx
!
!
!
ssh-server enable
!
!
access-list 110 permit ip any-source any-destination
access-list 111 permit tcp any-source s-port 80 any-destination
access-list 111 permit tcp any-source any-destination d-port 80
access-list 111 permit tcp any-source s-port 8080 any-destination
access-list 111 permit tcp any-source any-destination d-port 8080
access-list 111 permit tcp any-source s-port 143 any-destination
access-list 111 permit tcp any-source any-destination d-port 143
access-list 111 permit tcp any-source s-port 220 any-destination
access-list 111 permit tcp any-source any-destination d-port 220
access-list 111 permit tcp any-source s-port 585 any-destination
access-list 111 permit tcp any-source any-destination d-port 585
access-list 111 permit tcp any-source s-port 993 any-destination
access-list 111 permit tcp any-source any-destination d-port 993
access-list 111 permit tcp any-source s-port 25 any-destination
access-list 111 permit tcp any-source any-destination d-port 25
access-list 111 permit tcp any-source s-port 110 any-destination
access-list 111 permit tcp any-source any-destination d-port 110
access-list 111 permit tcp any-source s-port 4590 any-destination
access-list 111 permit tcp any-source any-destination d-port 4590
access-list 111 permit tcp any-source s-port 1723 any-destination
access-list 111 permit tcp any-source any-destination d-port 1723
access-list 111 permit tcp any-source s-port 5190 any-destination
access-list 111 permit tcp any-source any-destination d-port 5190
access-list 111 permit tcp any-source s-port 5222 any-destination
access-list 111 permit tcp any-source any-destination d-port 5222
access-list 111 permit tcp any-source s-port 443 any-destination
access-list 111 permit tcp any-source any-destination d-port 443
access-list 111 permit tcp any-source s-port 5223 any-destination
access-list 111 permit tcp any-source any-destination d-port 5223
access-list 112 permit tcp any-source s-port 5800 any-destination
access-list 112 permit tcp any-source any-destination d-port 5800
access-list 112 permit tcp any-source s-port 5801 any-destination
access-list 112 permit tcp any-source any-destination d-port 5801
access-list 112 permit tcp any-source s-port 5900 any-destination
access-list 112 permit tcp any-source any-destination d-port 5900
access-list 112 permit tcp any-source s-port 5901 any-destination
access-list 112 permit tcp any-source any-destination d-port 5901
access-list 112 permit tcp any-source s-port 5902 any-destination
access-list 112 permit tcp any-source any-destination d-port 5902
access-list 112 permit tcp any-source s-port 3389 any-destination
access-list 112 permit tcp any-source any-destination d-port 3389
access-list 112 permit tcp any-source s-port 516 any-destination
access-list 112 permit tcp any-source any-destination d-port 516
access-list 112 permit tcp any-source s-port 583 any-destination
access-list 112 permit tcp any-source any-destination d-port 583
access-list 112 permit tcp any-source s-port 1398 any-destination
access-list 112 permit tcp any-source any-destination d-port 1398
access-list 112 permit tcp any-source s-port 1518 any-destination
access-list 112 permit tcp any-source any-destination d-port 1518
access-list 112 permit tcp any-source s-port 1519 any-destination
access-list 112 permit tcp any-source any-destination d-port 1519
access-list 112 permit tcp any-source s-port 1566 any-destination
access-list 112 permit tcp any-source any-destination d-port 1566
access-list 112 permit tcp any-source s-port 2232 any-destination
access-list 112 permit tcp any-source any-destination d-port 2232
access-list 112 permit tcp any-source s-port 4444 any-destination
access-list 112 permit tcp any-source any-destination d-port 4444
access-list 112 permit tcp any-source s-port 5714 any-destination
access-list 112 permit tcp any-source any-destination d-port 5714
access-list 112 permit tcp any-source s-port 7648 any-destination
access-list 112 permit tcp any-source any-destination d-port 7648
access-list 112 permit tcp any-source s-port 7649 any-destination
access-list 112 permit tcp any-source any-destination d-port 7649
access-list 112 permit tcp any-source s-port 7650 any-destination
access-list 112 permit tcp any-source any-destination d-port 7650
access-list 112 permit tcp any-source s-port 7651 any-destination
access-list 112 permit tcp any-source any-destination d-port 7651
access-list 112 permit tcp any-source s-port 22 any-destination
access-list 112 permit tcp any-source any-destination d-port 22
access-list 112 permit tcp any-source s-port 23 any-destination
access-list 112 permit tcp any-source any-destination d-port 23
access-list 112 permit tcp any-source s-port 21 any-destination
access-list 112 permit tcp any-source any-destination d-port 21
access-list 112 permit tcp any-source s-port 2000 any-destination
access-list 112 permit tcp any-source any-destination d-port 2000
access-list 112 permit tcp any-source s-port 2003 any-destination
access-list 112 permit tcp any-source any-destination d-port 2003
access-list 112 permit tcp any-source s-port 2106 any-destination
access-list 112 permit tcp any-source any-destination d-port 2106
access-list 112 permit tcp any-source s-port 2009 any-destination
access-list 112 permit tcp any-source any-destination d-port 2009
access-list 112 permit tcp any-source s-port 7777 any-destination
access-list 112 permit tcp any-source any-destination d-port 7777
access-list 112 permit tcp any-source s-port 1119 any-destination
access-list 112 permit tcp any-source any-destination d-port 1119
access-list 112 permit tcp any-source s-port 3724 any-destination
access-list 112 permit tcp any-source any-destination d-port 3724
access-list 112 permit tcp any-source s-port 4000 any-destination
access-list 112 permit tcp any-source any-destination d-port 4000
access-list 112 permit tcp any-source s-port 6112 any-destination
access-list 112 permit tcp any-source any-destination d-port 6112
access-list 112 permit tcp any-source s-port 6113 any-destination
access-list 112 permit tcp any-source any-destination d-port 6113
access-list 112 permit tcp any-source s-port 6114 any-destination
access-list 112 permit tcp any-source any-destination d-port 6114
access-list 112 permit tcp any-source s-port 3074 any-destination
access-list 112 permit tcp any-source any-destination d-port 3074
access-list 112 permit tcp any-source s-port 28960 any-destination
access-list 112 permit tcp any-source any-destination d-port 28960
access-list 114 permit udp any-source 239.255.2.0 0.0.1.255
access-list 115 permit tcp any-source s-port 1025 any-destination
access-list 115 permit tcp any-source s-port 1720 any-destination
access-list 115 permit tcp any-source any-destination d-port 1025
access-list 115 permit tcp any-source any-destination d-port 1720
access-list 115 permit tcp any-source s-port 1045 any-destination
access-list 115 permit tcp any-source s-port 1027 any-destination
access-list 115 permit tcp any-source any-destination d-port 1045
access-list 115 permit tcp any-source any-destination d-port 1027
access-list 115 permit udp any-source s-port 1024 any-destination
access-list 115 permit udp any-source any-destination d-port 1024
access-list 116 permit tcp any-source s-port 37 any-destination
access-list 116 permit tcp any-source any-destination d-port 37
access-list 116 permit udp any-source s-port 68 any-destination
access-list 116 permit udp any-source any-destination d-port 67
access-list 116 permit udp any-source s-port 53 any-destination
access-list 116 permit udp any-source any-destination d-port 53
access-list 116 permit icmp any-source any-destination
access-list 116 permit tcp any-source s-port 161 any-destination
access-list 116 permit tcp any-source s-port 162 any-destination
access-list 116 permit tcp any-source any-destination d-port 161
access-list 116 permit tcp any-source any-destination d-port 162
access-list 116 permit udp any-source s-port 161 any-destination
access-list 116 permit udp any-source s-port 162 any-destination
access-list 116 permit udp any-source any-destination d-port 161
access-list 116 permit udp any-source any-destination d-port 162
access-list 116 permit tcp any-source s-port 179 any-destination
access-list 116 permit udp any-source s-port 179 any-destination
access-list 116 permit tcp any-source any-destination d-port 179
access-list 116 permit udp any-source any-destination d-port 179
access-list 116 permit tcp any-source s-port 1812 any-destination
access-list 116 permit tcp any-source s-port 1813 any-destination
access-list 116 permit tcp any-source any-destination d-port 1812
access-list 116 permit tcp any-source any-destination d-port 1813
access-list 116 permit udp any-source s-port 1812 any-destination
access-list 116 permit udp any-source s-port 1813 any-destination
access-list 116 permit udp any-source any-destination d-port 1812
access-list 116 permit udp any-source any-destination d-port 1813
!
!
mls qos
wrr-queue bandwidth 1 4 32 0
wrr-queue cos-map 1 7
wrr-queue cos-map 2 1
wrr-queue cos-map 4 5
!
!
class-map cl_0
match access-group 110
!
class-map cl_1
match access-group 111
!
class-map cl_2
match access-group 112
!
class-map cl_4
match access-group 114
!
class-map cl_5
match access-group 115
!
class-map cl_6
match access-group 116
!
!
policy-map dscp_map
class cl_6
set ip dscp 48
exit
class cl_5
set ip dscp 40
exit
class cl_4
set ip dscp 32
exit
class cl_2
set ip dscp 16
exit
class cl_1
set ip dscp 8
exit
class cl_0
set ip dscp 0
exit
!
!
ip forward-protocol udp bootps
!
ip dhcp snooping enable
ip dhcp snooping vlan 1001
ip dhcp snooping binding enable
!
ip dhcp snooping information enable
ip dhcp snooping information option subscriber-id format hex
!         
!
!
!
!
!
sflow version 0
!
!
vlan 1;1000-1001 
!
Interface Ethernet1/1
switchport access vlan 1001
service-policy input dscp_map
ip dhcp snooping binding user-control
ip dhcp snooping binding user-control max-user 50

....................
....................
....................
!
Interface Ethernet1/24
switchport access vlan 1001
service-policy input dscp_map
ip dhcp snooping binding user-control
ip dhcp snooping binding user-control max-user 50
!
Interface Ethernet1/25
switchport mode trunk
switchport trunk allowed vlan 1;1001 
switchport trunk native vlan 1000
ip dhcp snooping trust vlan 1001
!
Interface Ethernet1/26
switchport mode trunk
switchport trunk allowed vlan 1;1001 
switchport trunk native vlan 1000
ip dhcp snooping trust vlan 1001
!
interface Vlan1
ip address 10.20.0.10 255.255.255.0
!
interface Vlan1001
!         
!
no login
!
!
end

 

Спасибо.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this