Jump to content
Калькуляторы

После настройки multicast стал пропадать доступ к абонентскому VLAN

Доброго времени суток. Есть множество коммутаторов S2940 и их аналоги от QTECH. На каждом коммутаторе 2 VLAN с ip-адресами - один абонентский, другой для управления. Работали хорошо, но после настройки multicast появилась проблема - стал отваливаться абонентский VLAN (до сервера не доходит абонентский трафик через абонентский VLAN, коммутатор через абонентский VLAN так же не пингуется). После перезагрузки коммутатора всё снова работает как надо. Пример конфига:

tkd_95#sho running-config
!
no service password-encryption
!
hostname tkd_95
sysLocation Ak.Vonsovskogo str. 1-118, Ekaterinburg, Russia
sysContact support@nag.ru
!
username admin privilege 15 password 0 admin
!
authentication line console login local
authentication securityip 192.168.7.200
!
!
!
!
snmp-server enable
snmp-server securityip 192.168.7.200
snmp-server community rw 0 private
snmp-server community ro 0 public
!
service dhcp
!
ip forward-protocol udp bootps
ip dhcp server relay information enable
ip dhcp relay information option
ip dhcp relay information option subscriber-id format hex
!
!
!
!
!
am enable
!
!
!
!
vlan 1;95
!
vlan 100
multicast-vlan
multicast-vlan association 95
!
access-list 6000 permit ip any-source 239.195.0.0 0.0.255.255
access-list 100 permit ip any-source 10.0.0.0 0.0.0.255
access-list 101 permit ip any-source any-destination
!
multicast destination-control
!
class-map c100
match access-group 100
!
class-map c101
match access-group 101
!
policy-map p101
class c100
policy 100000 12500 conform-action transmit exceed-action drop
exit
class c101
policy 25600 3200 conform-action transmit exceed-action drop
exit
!
policy-map p102
class c100
policy 100000 12500 conform-action transmit exceed-action drop
exit
class c101
policy 20480 2560 conform-action transmit exceed-action drop
exit
!
policy-map p103
class c100
policy 100000 12500 conform-action transmit exceed-action drop
exit
class c101
policy 5120 640 conform-action transmit exceed-action drop
exit
!
policy-map p104
class c100
policy 100000 12500 conform-action transmit exceed-action drop
exit
class c101
policy 5120 640 conform-action transmit exceed-action drop
exit
!
Interface Ethernet1/1
ip multicast destination-control access-group 6000
service-policy input p101
switchport access vlan 95
switchport association multicast-vlan 100
igmp snooping drop query
am port
am ip-pool 10.0.95.3 1
!
Interface Ethernet1/2
ip multicast destination-control access-group 6000
service-policy input p102
switchport access vlan 95
switchport association multicast-vlan 100
igmp snooping drop query
am port
am ip-pool 10.0.95.20 1
!
Interface Ethernet1/3
ip multicast destination-control access-group 6000
service-policy input p103
switchport access vlan 95
switchport association multicast-vlan 100
igmp snooping drop query
am port
am ip-pool 10.0.95.5 1
!
Interface Ethernet1/4
ip multicast destination-control access-group 6000
service-policy input p104
switchport access vlan 95
switchport association multicast-vlan 100
igmp snooping drop query
am port
am ip-pool 10.0.95.9 1
!
Interface Ethernet1/5
shutdown
ip multicast destination-control access-group 6000
switchport access vlan 95
switchport association multicast-vlan 100
igmp snooping drop query
!
Interface Ethernet1/6
shutdown
ip multicast destination-control access-group 6000
switchport access vlan 95
switchport association multicast-vlan 100
igmp snooping drop query
!
Interface Ethernet1/7
shutdown
ip multicast destination-control access-group 6000
switchport access vlan 95
switchport association multicast-vlan 100
igmp snooping drop query
!
Interface Ethernet1/8
shutdown
ip multicast destination-control access-group 6000
switchport access vlan 95
switchport association multicast-vlan 100
igmp snooping drop query
!
Interface Ethernet1/9
ip multicast destination-control access-group 6000
switchport mode trunk
igmp snooping drop query
!
Interface Ethernet1/10
ip multicast destination-control access-group 6000
switchport mode trunk
switchport trunk allowed vlan 95;100;1000
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0
!
interface Vlan95
ip address 10.0.95.253 255.255.255.0
 !forward protocol udp 67(active)!
ip helper-address 192.168.7.200
!
interface Vlan100
ip address 192.168.7.95 255.255.255.0
!
ip igmp snooping
no ip igmp snooping proxy
ip igmp snooping vlan 100
ip igmp snooping vlan 100 immediately-leave
ip igmp snooping vlan 100 mrouter-port interface Ethernet1/10
!
ip default-gateway 192.168.7.200
!
no login
!
isolate-port group client switchport interface Ethernet1/9
isolate-port group client switchport interface Ethernet1/8
isolate-port group client switchport interface Ethernet1/7
isolate-port group client switchport interface Ethernet1/6
isolate-port group client switchport interface Ethernet1/5
isolate-port group client switchport interface Ethernet1/4
isolate-port group client switchport interface Ethernet1/3
isolate-port group client switchport interface Ethernet1/2
isolate-port group client switchport interface Ethernet1/1
end

 

Здесь влан 95 - абоненты, влан 100 - управление, в нём же запущен мультикаст.

Проблема возникает где-то на 2 коммутаторах из 180 в день.

Подскажите, в чём может быть проблема?

Share this post


Link to post
Share on other sites

В дизайне проблема. Выносите мультикаст в отдельный вилан.

Share this post


Link to post
Share on other sites

В дизайне проблема. Выносите мультикаст в отдельный вилан.

3 дня - полёт нормальный. Спасибо за совет!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this