forella Posted August 11, 2022 · Report post имеется схема(прикрепил) с которой удалось заставить выдать ip по option 82, но как мне показалось очень с большими странностями vlan2201 - dhcp server (физически оттдельно) vlan1701 - абонентский vlan. нужно чтобы на абонентском vlan перенаправить dhcp запросы на vlan dhcp сервера (ip helper 172.16.22.1) происходит такая картина, первый запрос прилетает на роутер в vlan на 1701 броадкастом, на 2201 запрос от 172.17.1.254. на dhcp сервере пришлось поднять тоже vlan1701 со своим ip чтоб ответить на первый пакет, затем перезапросы ip идут на vlan2201. но первый запрос когда абонент без ip приходит в оба vlan. как избаиться от всех ip в схеме с подсети 172.17.1.0 кроме шлюза? вот так это выглядит на dhcp server: Aug 8 15:50:33 dds2 dhcpd[47478]: DHCPDISCOVER from d4:ca:6d:f4:5c:9c via 172.17.1.254 Aug 8 15:50:33 dds2 dhcpd[47478]: DHCPOFFER on 172.17.1.232 to d4:ca:6d:f4:5c:9c via 172.17.1.254 Aug 8 15:50:33 dds2 dhcpd[47478]: DHCPREQUEST for 172.17.1.232 (172.16.22.1) from d4:ca:6d:f4:5c:9c via 172.17.1.254 Aug 8 15:50:33 dds2 dhcpd[47478]: DHCPACK on 172.17.1.232 to d4:ca:6d:f4:5c:9c via 172.17.1.254 Aug 8 15:58:03 dds2 dhcpd[47478]: DHCPREQUEST for 172.17.1.232 from d4:ca:6d:f4:5c:9c via vlan2201 Aug 8 15:58:03 dds2 dhcpd[47478]: DHCPACK on 172.17.1.232 to d4:ca:6d:f4:5c:9c via vlan2201 а вот так на router 17:50:12.989476 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from d4:ca:6d:f4:5c:9c (oui Unknown), length 300 конфиг olt: !version 10.3.0D build 75260 service timestamps log date service timestamps debug date logging buffered 100000 ! port-protected 1 ! spanning-tree mode rstp ! username admin password 0 admin ! gpon profile onu-rate-limit ratelimit-default id 1 gpon-profile pir 1244160 cir 1244160 ! gpon profile onu-uni MTU id 2 gpon-profile max-frame-size 1900 ! gpon profile onu-uni test id 3 ! gpon profile onu-tcont tcont-default id 1 gpon-profile tcont-type 3 pir 1024000 cir 512 ! gpon profile onu-virtual-port virtual-port-default id 1 gpon-profile encryption disable gpon-profile upstream queue 8 gpon-profile downstream queue 8 ! gpon profile onu-tcont-virtual-port-bind tvbind-default id 1 gpon-profile virtual-port 1 profile virtual-port-default tcont 1 profile tcont-default ! gpon profile onu-flow-mapping flow-mapping-default id 1 gpon-profile entry 1 uni type eth-uni all gpon-profile entry 1 virtual-port 1 ! gpon profile onu-flow-mapping flow-mapping-default-hgu id 2 gpon-profile entry 1 uni type veip all gpon-profile entry 1 virtual-port 1 ! gpon profile onu-flow-mapping vlan1701 id 3 gpon-profile entry 1 uni type eth-uni 1 gpon-profile entry 1 virtual-port 1 ! gpon profile onu-vlan vlan1701 id 3 gpon-profile vlan mode trunk gpon-profile vlan pvid 1701 0 gpon-profile vlan trunk vlan-allowed 1701 ! gpon profile onu-vlan vlan1701_test id 4 gpon-profile vlan mode tag gpon-profile vlan pvid 1701 0 ! ! gpon onutype-template onutype-default-hgu gpon-onutype match ctc-onu-type HGU gpon-onutype config tcont-virtual-port-bind-profile tvbind-default gpon-onutype config flow-mapping-profile flow-mapping-default-hgu ! gpon onutype-template onutype-default gpon-onutype config tcont-virtual-port-bind-profile tvbind-default gpon-onutype config flow-mapping-profile flow-mapping-default ! gpon onu-config-template port1_1 cmd-sequence 001 gpon onu tcont-virtual-port-bind-profile tvbind-default cmd-sequence 002 gpon onu uni 1 vlan-profile vlan1701_test cmd-sequence 003 gpon onu uni 1 uni-profile MTU cmd-sequence 004 gpon onu loopback-detect protocol private cmd-sequence 005 gpon onu uni 1 loopback-detect enable cmd-sequence 006 gpon profile onu-flow-mapping flow-mapping-default ! gpon onu-config-template port1 cmd-sequence 001 gpon onu uni 1 vlan-profile vlan1701 cmd-sequence 002 gpon onu uni 1 uni-profile MTU cmd-sequence 003 gpon onu loopback-detect protocol private cmd-sequence 004 gpon onu uni 1 loopback-detect enable cmd-sequence 005 gpon onu tcont-virtual-port-bind-profile tvbind-default ! ! interface Null0 ! ! interface TGigaEthernet0/1 switchport trunk vlan-allowed 1601,1700-1701,2201 switchport trunk vlan-untagged none switchport mode dot1q-tunnel-uplink dhcp snooping trust storm-control broadcast threshold 5 storm-control multicast threshold 5 storm-control unicast threshold 5 ! interface GPON0/1 gpon pre-config-template port1_1 bind-onuid 1-5 gpon bind-onutype onutype-default-hgu precedence 127 gpon bind-onutype onutype-default precedence 128 gpon bind-onu sn 48575443F8AB4A35 1 gpon bind-onu sn 5A544547C69C26CC 2 filter dhcp switchport trunk vlan-allowed 1701,2201 switchport trunk vlan-untagged none switchport mode trunk switchport protected 1 storm-control broadcast threshold 1000 storm-control multicast threshold 1000 storm-control unicast threshold 5 ! !!slot end ! interface VLAN1 ip address dhcp no ip directed-broadcast ! interface VLAN1601 ip address 172.16.1.10 255.255.255.0 ip directed-broadcast ! interface VLAN1700 ip address 172.17.0.11 255.255.255.0 no ip directed-broadcast ! interface VLAN1701 ip address 172.17.1.254 255.255.255.0 no ip directed-broadcast ip helper-address 172.16.22.1 ! interface VLAN2201 ip address 172.16.22.11 255.255.255.0 no ip directed-broadcast ! vlan 1700 ! vlan 1701 name abon_port1 ! vlan 2201 name dhcp_server ! vlan 1,1601,1700-1701,2201 ! ip dhcpd enable ! ip dhcp-relay snooping ip dhcp-relay snooping vlan 1701,2201 ip dhcp-relay snooping rapid-refresh-bind ! ip route default 172.16.1.1 ip exf ! ipv6 exf ! ip telnet attack-defense ! ip http server ! ip dhcp-relay snooping information option format fixed-type ! Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...