ShyLion Posted September 28, 2016 Posted September 28, 2016 (edited) SNR 2960,2980,2990,2965 Правильно ли я понимаю, что глобальная команда "ip multicast source-control" не ограничивает мультикаст с порта, если он mrouter ? По крайней мере на 2960 на стенде получилось именно так. Правда еще настроен "multicast destination-control", возможно это разрешает нужный траффик? Edited September 28, 2016 by ShyLion Вставить ник Quote
ShyLion Posted September 28, 2016 Author Posted September 28, 2016 на 2960 7.0.3.5(R0217.0142) source-control вообще не работает. Вставить ник Quote
ShyLion Posted September 30, 2016 Author Posted September 30, 2016 Обновил прошивку, не помогло. ЧЯНТ? service password-encryption ! authentication logging enable ! ! authentication line console login local authentication ip access-class vty in ! ! ! clock timezone TMN add 5 0 ! logging 10.0.7.11 level informational logging loghost sequence-number logging executed-commands enable ! ssh-server enable ! no ip http server ! no telnet-server enable ! snmp-server enable snmp-server community ro 7 xxxx access snmp_ro ! ! ip dhcp snooping enable ! ! ! ! ! lldp enable ! ! ! loopback-detection interval-time 30 15 ! loopback-detection control-recovery timeout 60 ! loopback-detection trap enable ! vlan 1 ! vlan 7 name mgmt ! vlan 12 name TV_Converter ! vlan 79 name VideoCams ! vlan 300 name VOICE ! vlan 405 name IPTV_STB ! vlan 400 name IPTV multicast-vlan multicast-vlan association 405 ! access-list 5000 deny ip any-source any-destination access-list 5002 deny ip any-source any-destination access-list 6000 permit ip any-source 239.185.46.0 0.0.0.255 ! ip access-list standard snmp_ro permit host-source 10.0.7.11 exit ! ip access-list extended vty permit ip 10.0.1.0 0.0.0.255 any-destination permit ip 10.0.2.0 0.0.0.255 any-destination permit ip 10.0.3.0 0.0.0.255 any-destination permit ip 10.0.4.0 0.0.0.255 any-destination permit ip 10.0.6.0 0.0.0.255 any-destination permit ip 10.0.7.0 0.0.0.255 any-destination exit ! ip multicast source-control multicast destination-control ip multicast policy 10.1.1.18/32 224.0.0.0/4 cos 3 ip multicast policy 10.1.1.32/28 224.0.0.0/4 cos 3 mls qos queue algorithm sp ! Interface Ethernet1/1 rate-violation broadcast 1000 rate-violation multicast 1000 ip multicast destination-control access-group 6000 no mls qos trust cos lldp transmit optional tlv sysName sysCap switchport access vlan 12 pppoe intermediate-agent loopback-detection specified-vlan 12 loopback-detection control shutdown loopback-detection send packet number 5 igmp snooping drop query switchport mac-address dynamic maximum 20 ! ! аналогично до 1/24 ! Interface Ethernet1/25 description Uplink ip multicast source-control access-group 5002 no mls qos trust cos lldp transmit optional tlv portDesc sysName sysDesc sysCap switchport mode trunk pppoe intermediate-agent pppoe intermediate-agent trust igmp snooping drop report ip dhcp snooping trust ! Interface Ethernet1/26 shutdown ! Interface Ethernet1/27 shutdown ! Interface Ethernet1/28 description Downlink ip multicast destination-control access-group 6000 no mls qos trust cos lldp transmit optional tlv portDesc sysName sysDesc sysCap switchport access vlan 405 igmp snooping drop query ! interface Vlan1 shutdown ! interface Vlan7 ip address 10.0.7.112 255.255.255.0 ! ip igmp snooping ip igmp snooping vlan 400 ip igmp snooping vlan 400 limit group 255 ip igmp snooping vlan 400 immediately-leave ip igmp snooping vlan 400 mrouter-port interface Ethernet1/25 ip igmp snooping vlan 400 interface Ethernet1/1 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/2 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/3 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/4 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/5 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/6 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/7 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/8 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/9 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/10 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/11 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/12 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/13 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/14 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/15 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/16 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/17 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/18 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/19 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/20 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/21 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/22 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/23 limit group 5 strategy replace ip igmp snooping vlan 400 interface Ethernet1/24 limit group 5 strategy replace ! ip default-gateway 10.0.7.1 ! ntp enable ntp server 10.0.7.11 ! exec-timeout 60 0 no login ! ! voice-vlan vlan 300 voice-vlan mac 02-01-02-03-04-05 ff-ff-ff-ff-ff-ff priority 5 name Example isolate-port group 1 switchport interface Ethernet1/28 isolate-port group 1 switchport interface Ethernet1/27 isolate-port group 1 switchport interface Ethernet1/26 isolate-port group 1 switchport interface Ethernet1/24 isolate-port group 1 switchport interface Ethernet1/23 isolate-port group 1 switchport interface Ethernet1/22 isolate-port group 1 switchport interface Ethernet1/21 isolate-port group 1 switchport interface Ethernet1/20 isolate-port group 1 switchport interface Ethernet1/19 isolate-port group 1 switchport interface Ethernet1/18 isolate-port group 1 switchport interface Ethernet1/17 isolate-port group 1 switchport interface Ethernet1/16 isolate-port group 1 switchport interface Ethernet1/15 isolate-port group 1 switchport interface Ethernet1/14 isolate-port group 1 switchport interface Ethernet1/13 isolate-port group 1 switchport interface Ethernet1/12 isolate-port group 1 switchport interface Ethernet1/11 isolate-port group 1 switchport interface Ethernet1/10 isolate-port group 1 switchport interface Ethernet1/9 isolate-port group 1 switchport interface Ethernet1/8 isolate-port group 1 switchport interface Ethernet1/7 isolate-port group 1 switchport interface Ethernet1/6 isolate-port group 1 switchport interface Ethernet1/5 isolate-port group 1 switchport interface Ethernet1/4 isolate-port group 1 switchport interface Ethernet1/3 isolate-port group 1 switchport interface Ethernet1/2 isolate-port group 1 switchport interface Ethernet1/1 end Источник мультика 239.185.46.0/24 на Eth1/25 в 400 вилане ss-pe-7112#show int eth1/25 | inc multicast 15364 unicast packets, 336424 multicast packets, 3508 broadcast packets 14968 unicast packets, 39 multicast packets, 2 broadcast packets через несколько секунд: ss-pe-7112#show int eth1/25 | inc multicast 15458 unicast packets, 338832 multicast packets, 3528 broadcast packets 15061 unicast packets, 39 multicast packets, 2 broadcast packets Видно как мультик прилетает Получатель на Eth1/28. ss-pe-7112#show int eth1/28 | inc multicast 0 unicast packets, 43 multicast packets, 0 broadcast packets 29 unicast packets, 381208 multicast packets, 1 broadcast packets ss-pe-7112#show int eth1/28 | inc multicast 0 unicast packets, 43 multicast packets, 0 broadcast packets 29 unicast packets, 389649 multicast packets, 1 broadcast packets и улетает. [root@net-console-01 /var/home/lion]# astra --analyze 'udp://eth4@239.185.46.120' Sep 30 16:59:43: INFO: Starting Astra 4.4.98 Sep 30 16:59:43: INFO: PAT: tsid: 5 Sep 30 16:59:43: INFO: PAT: pid: 400 PMT pnr: 504 Sep 30 16:59:43: INFO: PAT: crc32: 0x569EB386 Sep 30 16:59:43: INFO: PMT: pnr: 504 Sep 30 16:59:43: INFO: PMT: pid: 401 PCR Sep 30 16:59:43: INFO: VIDEO: pid: 401 type: 0x1B Sep 30 16:59:43: INFO: AUDIO: pid: 402 type: 0x04 Sep 30 16:59:43: INFO: AUDIO: Language: rus Sep 30 16:59:43: INFO: AUDIO: pid: 403 type: 0x0F Sep 30 16:59:43: INFO: AUDIO: descriptor: 0x6A028F00 Sep 30 16:59:43: INFO: AUDIO: Language: AC3 Sep 30 16:59:43: INFO: AUDIO: descriptor: 0x2B03010200 Sep 30 16:59:43: INFO: PMT: crc32: 0x5A004BA6 Sep 30 16:59:44: INFO: Bitrate: 16737 Kbit/s Sep 30 16:59:45: INFO: Bitrate: 16168 Kbit/s Sep 30 16:59:46: INFO: Bitrate: 16054 Kbit/s ^CSep 30 16:59:46: INFO: [main] exit ss-pe-7112#show ip igmp snooping vlan 400 Igmp snooping information for vlan 400 Igmp snooping L2 general querier :NO Igmp snooping query-interval :125(s) Igmp snooping max response time :10(s) Igmp snooping specific-query max response time :1(s) Igmp snooping robustness :2 Igmp snooping mrouter port keep-alive time :255(s) IGMP Snooping Connect Group Membership Note:*-All Source, (S)- Include Source, [s]-Exclude Source Groups Sources Ports Exptime SrcMac System Level 239.185.46.120 * Ethernet1/28 00:04:19 60:E3:27:01:05:48 V3 Igmp snooping vlan 400 mrouter port Note:"!"-static mrouter port !Ethernet1/25 Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.