Kroys Posted October 11, 2021 Posted October 11, 2021 Доброго времени суток. Наблюдается проблема с DHCP Snooping(ом) на свитче 2962-24Т и 2965-24T. В рандомный момент люди перестают получать IP адрес, причём это происходит в хаотичном порядке. Возникает вопрос, может я что-то не так настроил? ! service password-encryption ! hostname SNR-S2962-24T sysContact support@nag.ru ! ! authentication line console login local ! ! ! logging *.*.*.* ! ssh-server enable ! snmp-server enable snmp-server securityip *.*.*.* snmp-server securityip *.*.*.* snmp-server community ro 7 *.*.*.* snmp-server user initial initial snmp-server group *.*.*.* noauthnopriv read Community snmp-server view CommunityView 1. include snmp-server view CommunityView 1.3.6.1.6.3. exclude snmp-server enable traps ! ip forward-protocol udp bootps ! ! ip dhcp snooping enable ! ! ! ! ! ! ! loopback-detection interval-time 10 3 ! loopback-detection control-recovery timeout 30 ! loopback-detection trap enable ! storm-control pps vlan 1 ! vlan 250 name manager ! access-list 110 deny tcp any-source any-destination d-port 135 access-list 110 deny tcp any-source any-destination d-port 136 access-list 110 deny tcp any-source any-destination d-port 137 access-list 110 deny tcp any-source any-destination d-port 138 access-list 110 deny tcp any-source any-destination d-port 139 access-list 110 deny tcp any-source any-destination d-port 445 access-list 110 deny tcp any-source any-destination d-port 1900 access-list 110 deny tcp any-source any-destination d-port 2869 access-list 110 deny udp any-source any-destination d-port 135 access-list 110 deny udp any-source any-destination d-port 136 access-list 110 deny udp any-source any-destination d-port 137 access-list 110 deny udp any-source any-destination d-port 138 access-list 110 deny udp any-source any-destination d-port 139 access-list 110 deny udp any-source any-destination d-port 445 access-list 110 deny udp any-source any-destination d-port 1900 access-list 110 deny udp any-source any-destination d-port 2869 access-list 110 permit ip any-source any-destination access-list 110 deny tcp any-source s-port 135 any-destination access-list 110 deny udp any-source s-port 135 any-destination access-list 110 deny tcp any-source s-port 136 any-destination access-list 110 deny udp any-source s-port 136 any-destination access-list 110 deny tcp any-source s-port 137 any-destination access-list 110 deny udp any-source s-port 137 any-destination access-list 110 deny tcp any-source s-port 138 any-destination access-list 110 deny udp any-source s-port 138 any-destination access-list 110 deny tcp any-source s-port 139 any-destination access-list 110 deny udp any-source s-port 139 any-destination access-list 110 deny tcp any-source s-port 445 any-destination access-list 110 deny udp any-source s-port 445 any-destination access-list 110 deny tcp any-source s-port 1900 any-destination access-list 110 deny udp any-source s-port 1900 any-destination access-list 110 deny tcp any-source s-port 2869 any-destination access-list 110 deny udp any-source s-port 2869 any-destination ! userdefined-access-list standard offset window1 l4start 0 window2 l4start 2 ip multicast source-control ! Interface Ethernet1/0/1 //Абоненский порт storm-control broadcast 16 storm-control multicast 16 ip access-group 110 in traffic-statistic loopback-detection specified-vlan 1 loopback-detection control shutdown ip dhcp snooping action blackhole recovery 3600 ! ...................................................................... ! Interface Ethernet1/0/24 //Uplink порт switchport mode trunk switchport trunk allowed vlan 250 ip dhcp snooping trust ! ! interface Vlan250 ip address *.*.*.* 255.0.0.0 ! sntp server *.*.*.* version 2 ! no login ! ! captive-portal ! end В логах пусто, не на что не ругается. Заметил что, помогает ребут свитча либо отключение dhcp snooping - "no ip dhcp snooping" . Пока ответа не нашёл на данный вопрос...Заранее благодарю за ответ. Вставить ник Quote
Aleksey Sonkin Posted October 11, 2021 Posted October 11, 2021 @Kroys Добрый день! Покажите 'sh ver'. Вставить ник Quote
Kroys Posted October 11, 2021 Author Posted October 11, 2021 9 минут назад, Aleksey Sonkin сказал: @Kroys Добрый день! Покажите 'sh ver'. CPU Mac f8:f0:82:7b:9a:8c Vlan MAC f8:f0:82:7b:9a:8b SoftWare Version 7.0.3.5(R0241.0465) BootRom Version 7.2.40 HardWare Version 1.0.1 CPLD Version N/A Serial No.:SW077510KA14000539 Copyright (C) 2021 NAG LLC All rights reserved Last reboot is warm reset. Uptime is 1 weeks, 4 days, 17 hours, 34 minutes Вставить ник Quote
Aleksey Sonkin Posted October 11, 2021 Posted October 11, 2021 @Kroys отключите: ! ip forward-protocol udp bootps ! Если проблема сохранится - составьте обращение на support.nag.ru Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.