Jump to content
Калькуляторы

Проблема с SNR-2995G, Vlan termination, dhcp relay, routing.

Добрый день.

Имеется несколько коммутаторов SNR-2995G. Выступают в роли узла агрегации, на котором терминируются вланы доступа. На этих вланах включен dhcp-релей. Узел агрегации включен в сеть ядра, где работает ospf.

До вчерашнего дня всё работало прекрасно. Потом начались глюки - пользователи перестали получать адреса, часть линков вообще упала. Думали перегрев (как раз сильная жара началась), но после установки дополнительного охлаждения ситуация не изменилась.

На других узлах агрегации всё работает прекрасно с аналогичными настройками. Конфиги генерируются скриптом, так что различия только в адресах и номерах вланов.

При этом каких-то ошибок на портах я не вижу.

SNR-S2995G-24FX-6#sh ver
  SNR-S2995G-24FX Device, Compiled on Jun 10 19:02:28 2019
  sysLocation 
  CPU Mac f8:f0:82:78:7b:71
  Vlan MAC f8:f0:82:78:7b:70
  SoftWare Package Version 7.5.3.2(R0004.0186)
  BootRom Version 7.5.21
  HardWare Version 1.0.1
  CPLD Version 1.03
  Serial No.:SW075010I325000923
  Copyright (C) 2019 NAG LLC
  All rights reserved
  Last reboot is cold reset.
  Uptime is 0 weeks, 0 days, 2 hours, 40 minutes

Конфиг:

!!
switch convert mode stand-alone
!!
!
no service password-encryption
!
hostname SNR-S2995G-24FX-6
no info-center enable
no info-center source debug channel 0
no info-center source debug channel 1
no ip http server
!
snmp-server enable
snmp-server securityip disable
snmp-server community rw 0 private
snmp-server community ro 0 public
no rmon enable
snmp-server packet delay 0
!
service dhcp
!
ip forward-protocol udp bootps
ip dhcp relay information option
ip dhcp relay share-vlan 4000 sub-vlan 141-166
!
ip dhcp snooping enable
ip dhcp snooping vlan 141-166
 ip dhcp snooping binding enable
!
 ip dhcp snooping information enable
!
!
!
!
!         
!
Interface Ethernet0
 ip address 192.168.88.7 255.255.255.0
!
!
!
vlan 1;141-166 
!
vlan 2
 name multicast
!
vlan 3
 name white
!
vlan 10
 name core
!
vlan 4000
 name management
!
ip access-list extended mgmt
  deny tcp 172.16.0.0 0.15.255.255 172.16.0.0 0.15.255.255 d-port 23
  deny udp 172.16.0.0 0.15.255.255 172.16.0.0 0.15.255.255 d-port 161
  deny tcp 172.16.0.0 0.15.255.255 host-destination 192.168.16.9 d-port 23
  deny tcp 172.16.0.0 0.15.255.255 host-destination 192.168.16.9 d-port 80
  deny udp 172.16.0.0 0.15.255.255 host-destination 192.168.16.9 d-port 161
  deny ip 172.16.0.0 0.15.255.255 192.168.16.0 0.0.3.255
  exit
!
Interface Ethernet1/0/1
 switchport mode trunk
 switchport trunk allowed vlan 2-3;141;4000 
 switchport trunk native vlan 141
 ip access-group mgmt in
!
Interface Ethernet1/0/2
 switchport mode trunk
 switchport trunk allowed vlan 2-3;142;4000 
 switchport trunk native vlan 142
 ip access-group mgmt in
!
Interface Ethernet1/0/3
 switchport mode trunk
 switchport trunk allowed vlan 2-3;143;4000 
 switchport trunk native vlan 143
 ip access-group mgmt in
!
Interface Ethernet1/0/4
 switchport mode trunk
 switchport trunk allowed vlan 2-3;144;4000 
 switchport trunk native vlan 144
 ip access-group mgmt in
!
Interface Ethernet1/0/5
 switchport mode trunk
 switchport trunk allowed vlan 2-3;145;4000 
 switchport trunk native vlan 145
 ip access-group mgmt in
!
Interface Ethernet1/0/6
 switchport mode trunk
 switchport trunk allowed vlan 2-3;146;4000 
 switchport trunk native vlan 146
 ip access-group mgmt in
!
Interface Ethernet1/0/7
 switchport mode trunk
 switchport trunk allowed vlan 2-3;147;4000 
 switchport trunk native vlan 147
 ip access-group mgmt in
!
Interface Ethernet1/0/8
 switchport mode trunk
 switchport trunk allowed vlan 2-3;148;4000 
 switchport trunk native vlan 148
 ip access-group mgmt in
!
Interface Ethernet1/0/9
 switchport mode trunk
 switchport trunk allowed vlan 2-3;149;4000 
 switchport trunk native vlan 149
 ip access-group mgmt in
!
Interface Ethernet1/0/10
 switchport mode trunk
 switchport trunk allowed vlan 2-3;150;4000 
 switchport trunk native vlan 150
 ip access-group mgmt in
!
Interface Ethernet1/0/11
 switchport mode trunk
 switchport trunk allowed vlan 2-3;151;4000 
 switchport trunk native vlan 151
 ip access-group mgmt in
!
Interface Ethernet1/0/12
 switchport mode trunk
 switchport trunk allowed vlan 2-3;152;4000 
 switchport trunk native vlan 152
 ip access-group mgmt in
!
Interface Ethernet1/0/13
 switchport mode trunk
 switchport trunk allowed vlan 2-3;153;4000 
 switchport trunk native vlan 153
 ip access-group mgmt in
!
Interface Ethernet1/0/14
 switchport mode trunk
 switchport trunk allowed vlan 2-3;154;4000 
 switchport trunk native vlan 154
 ip access-group mgmt in
!
Interface Ethernet1/0/15
 switchport mode trunk
 switchport trunk allowed vlan 2-3;155;4000 
 switchport trunk native vlan 155
 ip access-group mgmt in
!
Interface Ethernet1/0/16
 switchport mode trunk
 switchport trunk allowed vlan 2-3;156;4000 
 switchport trunk native vlan 156
 ip access-group mgmt in
!
Interface Ethernet1/0/17
 switchport mode trunk
 switchport trunk allowed vlan 2-3;157;4000 
 switchport trunk native vlan 157
 ip access-group mgmt in
!
Interface Ethernet1/0/18
 switchport mode trunk
 switchport trunk allowed vlan 2-3;158;4000 
 switchport trunk native vlan 158
 ip access-group mgmt in
!
Interface Ethernet1/0/19
 switchport mode trunk
 switchport trunk allowed vlan 2-3;159;4000 
 switchport trunk native vlan 159
 ip access-group mgmt in
!
Interface Ethernet1/0/20
 switchport mode trunk
 switchport trunk allowed vlan 2-3;160;4000 
 switchport trunk native vlan 160
 ip access-group mgmt in
!
Interface Ethernet1/0/21
 switchport mode trunk
 switchport trunk allowed vlan 2-3;161;4000 
 switchport trunk native vlan 161
 ip access-group mgmt in
!
Interface Ethernet1/0/22
 switchport mode trunk
 switchport trunk allowed vlan 2-3;162;4000 
 switchport trunk native vlan 162
 ip access-group mgmt in
!
Interface Ethernet1/0/23
 switchport mode trunk
 switchport trunk allowed vlan 2-3;163;4000 
 switchport trunk native vlan 163
 ip access-group mgmt in
!
Interface Ethernet1/0/24
 switchport mode trunk
 switchport trunk allowed vlan 2-3;164;4000 
 switchport trunk native vlan 164
 ip access-group mgmt in
!
Interface Ethernet1/0/25
 switchport mode trunk
 switchport trunk allowed vlan 2-3;165;4000 
 switchport trunk native vlan 165
 ip access-group mgmt in
!
Interface Ethernet1/0/26
 switchport mode trunk
 switchport trunk allowed vlan 2-3;166;4000 
 switchport trunk native vlan 166
 ip access-group mgmt in
!
Interface Ethernet1/0/27
 switchport mode trunk
 switchport trunk allowed vlan 2-3;10;4000 
 ip access-group mgmt in
!
Interface Ethernet1/0/28
 description uplink
 switchport mode trunk
 switchport trunk allowed vlan 2-3;10;4000 
 ip access-group mgmt in
!
interface Vlan10
 ip address 172.16.0.7 255.255.255.0
!
interface Vlan141
 ip address 172.16.141.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan142
 ip address 172.16.142.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan143
 ip address 172.16.143.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan144
 ip address 172.16.144.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan145
 ip address 172.16.145.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan146
 ip address 172.16.146.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan147
 ip address 172.16.147.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan148
 ip address 172.16.148.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan149
 ip address 172.16.149.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan150
 ip address 172.16.150.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan151
 ip address 172.16.151.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan152
 ip address 172.16.152.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan153
 ip address 172.16.153.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan154
 ip address 172.16.154.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan155
 ip address 172.16.155.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan156
 ip address 172.16.156.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan157
 ip address 172.16.157.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan158
 ip address 172.16.158.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan159
 ip address 172.16.159.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan160
 ip address 172.16.160.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan161
 ip address 172.16.161.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan162
 ip address 172.16.162.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan163
 ip address 172.16.163.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan164
 ip address 172.16.164.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan165
 ip address 172.16.165.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan166
 ip address 172.16.166.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!
interface Vlan4000
 ip address 192.168.16.9 255.255.252.0
!
ip igmp snooping
ip igmp snooping vlan 2
ip igmp snooping vlan 2 limit group 200
ip igmp snooping vlan 2 immediately-leave
ip igmp snooping vlan 2 l2-general-querier
ip igmp snooping vlan 2 l2-general-querier-version 2
ip igmp snooping vlan 2 mrouter-port interface Ethernet1/0/28
!
router ospf
 ospf router-id 172.16.0.7
 network 172.16.0.0/24 area 0.0.0.0
 redistribute connected
!
sntp server 192.168.16.1
!
no login
!
!
captive-portal
!
end

В пользовательский влан 150 включен SNR-2985G-24TC:
 

SNR-S2985G-24TC#sh run
!
no service password-encryption
!
hostname SNR-S2985G-24TC
sysLocation 
sysContact 
no ip http server
!
snmp-server enable
snmp-server securityip disable
snmp-server community ro 0 public
snmp-server community rw 0 private
snmp-server packet delay 0
!
!
ip dhcp snooping enable
!
!
!
!
!
!
!
dosattack-check srcip-equal-dstip enable
dosattack-check tcp-flags enable
dosattack-check srcport-equal-dstport enable
dosattack-check icmp-attacking enable
loopback-detection interval-time 35 15
!
loopback-detection control-recovery timeout 600
!
!
vlan 1 
!
vlan 4000
 name mgmt
!
Interface Ethernet1/0/1
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/2
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/3
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/4
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/5
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/6
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/7
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/8
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/9
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/10
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!         
Interface Ethernet1/0/11
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/12
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/13
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/14
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/15
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/16
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/17
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/18
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/19
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/20
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/21
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/22
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/23
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/24
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/25
 media-type copper
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/26
 media-type copper
 loopback-detection specified-vlan 1
 loopback-detection control block
 ip dhcp snooping action shutdown recovery 600
!
Interface Ethernet1/0/27
 switchport mode trunk
 switchport trunk allowed vlan 1;4000 
 ip dhcp snooping trust
!
Interface Ethernet1/0/28
 switchport mode trunk
 switchport trunk allowed vlan 1;4000 
 ip dhcp snooping trust
!
interface Vlan4000
 ip dhcp-client enable
!
sntp server 192.168.16.1
!
no login
!
!
captive-portal
!
end

И вот в этом 150-м влане (и нескольких других) пользователи не получают адреса.

Ошибок по портам не видно, коммутатор доступа достпен в 4000 влане:
 

SNR-S2985G-24TC# sh interface ethernet counter packet 
Interface      Unicast(pkts)       BroadCast(pkts)     MultiCast(pkts)     Err(pkts)
1/0/1     IN   0                   266                 0                   0
          OUT  170                 4640                172                 0
1/0/2     IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/3     IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/4     IN   0                   460                 0                   0
          OUT  170                 4446                172                 0
1/0/5     IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/6     IN   0                   460                 0                   0
          OUT  170                 4446                172                 0
1/0/7     IN   0                   267                 0                   0
          OUT  170                 4639                172                 0
1/0/8     IN   0                   460                 0                   0
          OUT  170                 4436                172                 0
1/0/9     IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/10    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/11    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/12    IN   0                   267                 0                   0
          OUT  170                 4639                172                 0
1/0/13    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/14    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/15    IN   166                 3                   0                   0
          OUT  396                 4903                172                 0
1/0/16    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/17    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/18    IN   0                   267                 0                   0
          OUT  170                 4639                172                 0
1/0/19    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/20    IN   0                   460                 0                   0
          OUT  170                 4446                172                 0
1/0/21    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/22    IN   0                   267                 0                   0
          OUT  170                 4639                172                 0
1/0/23    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/24    IN   0                   267                 0                   0
          OUT  170                 4639                172                 0
1/0/25    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/26    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/27    IN   0                   0                   0                   0
          OUT  0                   0                   0                   0
1/0/28    IN   8268                8737                189                 0
          OUT  7717                3447                2                   0

При этом в статистике дхцп-релея 150-го влана (и некоторых других) почему-то нет DHCPREQUEST, да и вообще значения как-то подозрительно выглядят:
 

SNR-S2995G-24FX-6#show ip dhcp relay packet statistics 
Message                   Receive Total
DHCPDISCOVER              60138
DHCPREQUEST               32
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   Receive Detail
Message                   From Vlan141
DHCPDISCOVER              14813
DHCPREQUEST               0
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan143
DHCPDISCOVER              759
DHCPREQUEST               0
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan144
DHCPDISCOVER              5051
DHCPREQUEST               15
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan145
DHCPDISCOVER              1028
DHCPREQUEST               0
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan147
DHCPDISCOVER              2373
DHCPREQUEST               17
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan148
DHCPDISCOVER              7140
DHCPREQUEST               0
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan149
DHCPDISCOVER              1355
DHCPREQUEST               0
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan150
DHCPDISCOVER              13381
DHCPREQUEST               0
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan151
DHCPDISCOVER              3586
DHCPREQUEST               0
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan154
DHCPDISCOVER              5
DHCPREQUEST               0
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   From Vlan156
DHCPDISCOVER              5375
DHCPREQUEST               0
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0


Message                   Forward Total
DHCPDISCOVER              60138
DHCPREQUEST               32
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0
          
Message                   Discard Total
DHCPDISCOVER              334
DHCPREQUEST               2
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 83
DHCPACK                   379
DHCPNAK                   0
ERROR                     0

Для сравнения статистика с другого коммутатора, на котором всё работает:

SNR-S2995G-24FX-2#sh ip dhcp relay packet statistics 
Message                   Receive Total
DHCPDISCOVER              25
DHCPREQUEST               61
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 38
DHCPACK                   122
DHCPNAK                   0
ERROR                     0

Message                   Receive Detail
Message                   From Vlan38
DHCPDISCOVER              0
DHCPREQUEST               1
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   2
DHCPNAK                   0
ERROR                     0

Message                   From Vlan40
DHCPDISCOVER              0
DHCPREQUEST               1
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   2
DHCPNAK                   0
ERROR                     0

Message                   From Vlan43
DHCPDISCOVER              6
DHCPREQUEST               10
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 12
DHCPACK                   20
DHCPNAK                   0
ERROR                     0

Message                   From Vlan44
DHCPDISCOVER              0
DHCPREQUEST               2
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   4
DHCPNAK                   0
ERROR                     0

Message                   From Vlan45
DHCPDISCOVER              7
DHCPREQUEST               7
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 14
DHCPACK                   14
DHCPNAK                   0
ERROR                     0

Message                   From Vlan47
DHCPDISCOVER              0
DHCPREQUEST               2
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   4
DHCPNAK                   0
ERROR                     0

Message                   From Vlan50
DHCPDISCOVER              0
DHCPREQUEST               1
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   2
DHCPNAK                   0
ERROR                     0

Message                   From Vlan52
DHCPDISCOVER              0
DHCPREQUEST               2
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   4
DHCPNAK                   0
ERROR                     0

Message                   From Vlan54
DHCPDISCOVER              0
DHCPREQUEST               4
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   8
DHCPNAK                   0
ERROR                     0

Message                   From Vlan55
DHCPDISCOVER              1
DHCPREQUEST               1
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 2
DHCPACK                   2
DHCPNAK                   0
ERROR                     0

Message                   From Vlan57
DHCPDISCOVER              7
DHCPREQUEST               15
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 2
DHCPACK                   30
DHCPNAK                   0
ERROR                     0

Message                   From Vlan58
DHCPDISCOVER              0
DHCPREQUEST               4
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   8
DHCPNAK                   0
ERROR                     0

Message                   From Vlan60
DHCPDISCOVER              2
DHCPREQUEST               6
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 4
DHCPACK                   12
DHCPNAK                   0
ERROR                     0

Message                   From Vlan62
DHCPDISCOVER              0
DHCPREQUEST               2
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   4
DHCPNAK                   0
ERROR                     0


Message                   Forward Total
DHCPDISCOVER              25
DHCPREQUEST               61
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 0
DHCPACK                   0
DHCPNAK                   0
ERROR                     0

Message                   Discard Total
DHCPDISCOVER              2999
DHCPREQUEST               29
DHCPDECLINE               0
DHCPRELEASE               0
DHCPINFORM                0
DHCPOFFER                 761
DHCPACK                   1727
DHCPNAK                   0
ERROR                     0

Подозреваю, что сломался dhcp-релей, но как починить - не знаю. Прошивки на всех коммутаторах одинаковые, обновлены до последней рекомендуемой.
PS. Извините за простыню, но под спойлер вставлять код очень неудобно.

Share this post


Link to post
Share on other sites

@televid 
Добрый день!

Проблема на нескольких коммутаторах доступа? Можете перезагрузить SNR-2985G-24TC?

Share this post


Link to post
Share on other sites

@Aleksey Sonkin 

Нет, с коммутаторами доступа проблем нету. Перезагружались неоднократно. И на коммутаторах доступа нет dhcp-релея, только включен dhcp-снупинг.

Share this post


Link to post
Share on other sites

Такая проблема только на одном коммутаторе агрегации. На узлах их два-три, включены по схеме без стекирования:

свитч 1
  порты 1-26 - клиентские вланы
  порт 27    - свитч 2
  порт 28    - аплинк до ядра
свитч 2
  порты 1-26 - клиентские вланы  
  порт 28    - свитч 1

Вот на втором и не проходят dhcp-запросы от клиентов. Поменяли второй коммутатор, ничего не изменилось, то есть проблема где-то в конфигурации. Но на других узлах аналогичная конфигурация работает без проблем.

Share this post


Link to post
Share on other sites

Если же клиенту прописать адрес статикой, то он может работать. Правда, только во внутренней сети, так как при выдаче адреса создаются разрешающие правила на файерволле.

Share this post


Link to post
Share on other sites

Проблема обнаружилась на первом коммутаторе. Была залита старая версия конфига после обновления прошивки.

Share this post


Link to post
Share on other sites

Хотя нет. При заливке конфига какая-то опция срабатывает, и в этот момент проскакивают dhcp-пакеты. А в дальнейшем пакеты опять не проходят.

 

Проблема именно на вторых коммутаторах, которые включены в первые. Будто dhcp relay на первом перехватывает пакеты, идущие со второго. Оставил в конфиге только:

service dhcp
!
ip forward-protocol udp bootps
!
interface VlanXX
 ip address 172.16.XX.1 255.255.255.0
  !forward protocol udp 67(active)!
 ip helper-address 192.168.16.1
!

Там, где коммутаторы доступа включены в первый коммутатор агрегации, всё работает. А вот на вторых - нет.

Share this post


Link to post
Share on other sites

Проблема оказалась в лишнем access-list на транковом порту.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now