Примеры настроек коммутаторов SNR

alish13 · August 28, 2022

Коллеги, здравствуйте!

При подключении к свичу по com, ssh, telnet, сразу предлагает ввести enable password, минуя user/pass. Подскажите пожалуйста команду для исправления.

Evgeny Mirhasanov · August 29, 2022

@alish13 Добрый день. Какая модель коммутатора?

alish13 · August 31, 2022

@Evgeny Mirhasanov, здравствуйте! Модели 2995 и 2982.

Edited August 31, 2022 by alish13

Kozubsky Vladimir · September 1, 2022

@alish13, можем посмотреть конфигурацию с коммутатора и вывод sh ver?

rentphoto · September 8, 2022

Здравствуйте. Коммутатор SNR-S2965-48T. В Cisco есть команда "errdisable recovery cause psecure-violation". Есть ли в коммутаторах SNR возможность автоматически вернуть отключенный порт в результате port-security во включенное состояние через определенный промежуток времени?

Aleksey Sonkin · September 8, 2022

@rentphoto

SNR-S2995G-24FX(config-if-ethernet1/0/1)#switchport port-security violation shutdown ?
recovery Auto recovery

rentphoto · September 8, 2022

В инструкции написано "recovery - изучить новый MAC". Не совсем понятно, что это значит.. Воткну другое устройство и port-security выучит новый мак?

Aleksey Sonkin · September 8, 2022

@rentphoto в зависимости от режима коммутатор после времени, указанного в recovery, или начнет изучать мак-адреса, или включит порт и начнет изучать мак-адреса.

andpuxa · November 7, 2022

здравствуйте, настройка на порту:

switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 0
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60

при смене мака на этом порту устройство все равно получает из пула Ip адрес, хотя у него Flag: DO

это нормальное поведение? хотелось бы, что бы не авторизованный мак вообще не получал адрес

Edited November 7, 2022 by andpuxa

Vladimir Efimtsev · November 7, 2022

@andpuxa, добрый день.

Что вы имеете в виду под "не авторизованный мак"?

Флаг DO - автоматическая привязка и получение реквизитов с опцией 82. Почему тогда устройство не должно получать реквизиты?

И что вы хотели настроить строкой "switchport port-security maximum 0"?

andpuxa · November 7, 2022

switchport port-security maximum 0 это не используется

на порту одно устройство, с привязкой по мак и ip, требовалось при смене мас блокировать его,

возможно тут есть недопонимание механизма работы. буду благодарен за напрвление в правильное русло

Vladimir Efimtsev · November 7, 2022

@andpuxa

то есть правильно понимаю, что задача стоит в том, чтобы на порту было устройство только с одним мак-адресом, а при смене мак-адреса доступ для устройства на порту должен блокироваться?

Если так, то можно просто статически задать мак-адрес на порту: switchport port-security mac-address <mac-address>

andpuxa · November 7, 2022

да с одним, но дело в том, что это офисная сеть и там постоянная миграция устройств, и в идеале это должно выглядит так, приходит человек, цепляет компьютер в розетку, если бинда на мак у порта нет, устройство получает статикой ip из назначенного пула через хелпер на другом устройстве и биндится мак, если бинда нет у человека сеть не работает и он обращается в соответствующую службу. Параллельно хотел видеть где и на каком порту коммутатора был выдан адрес, поэтому используется opt 82. Очень не хотелось бы это делать ручками. Текущая схема уже сделана, но мне не понятно поведение, которое я написал выше, хотелось бы что бы выдавался один ip на один мак, а дальнейшие запросы блокировались до сброса привязки на коммутаторе

Edited November 7, 2022 by andpuxa

andpuxa · November 8, 2022

мб я как-то сумбурно написал, мне всего то надо на порту с включенным user-control max-user 1

предотвратить выдачу ip адреса для мака, который не забинден через снупинг, а то получается, что ip адрес выдается, а сеть не работает

Edited November 8, 2022 by andpuxa

Vladimir Efimtsev · November 8, 2022

@andpuxa это именно так и реализовано в случае dhcp snooping binding: до сброса биндинга адрес будет выдаваться, но сеть работать не будет.
Правильно ли понял, что вас это не устраивает, вам нужно, чтобы даже ip-адрес не выдавался, пока не сбросить биндинг?

andpuxa · November 8, 2022

да, все верно, можно ли это реализовать?

Vladimir Efimtsev · November 8, 2022

@andpuxa в таком случае это возможно сделать только через функционал port-security.

Например, можно применить следующую команду: "switchport port-security mac-address sticky <mac-address>", тогда первый изученный мак-адрес на данном порту коммутатора будет назначен как статический.
Также применить команду "switchport port-security violation restrict" - если превышено заданное максимальное число адресов, не изучать новый MAC, отправить уведомление trap и запись в syslog.

В данном случае реквизиты не будут выдаваться.

andpuxa · November 9, 2022

PS будет корректно работать на гибридных портах с opt 82?

Vladimir Efimtsev · November 9, 2022

@andpuxa, да, функция Port-security никак не связана с выбором режимом порта и опцией 82.

Более подробно с Port-security вы можете ознакомиться в нашей базе знаний:

https://nag.wiki/pages/viewpage.action?pageId=25107728

andpuxa · November 11, 2022

подскажите критерий, по которому истекает время привязки мака, на порту сделанного через снуп. периодически наблюдаю ситуацию, что на порту возникает заблокированный мак, но через какое-то время запись пропадает и у него появляется флаг L, соответственно коммутатор начинает пропускать на него трафик

Edited November 11, 2022 by andpuxa

Vladimir Efimtsev · November 14, 2022

@andpuxa, добрый день. Мак блокируете с помощью port-security?
Можете показать вывод, где видите заблокированный мак? Пропадает запись мак-адреса на порту или запись в таблице биндинга?
Появляется флаг L, больше никаких флагов в записи нет? DOL, например.
Можете также показать конфигурацию коммутатора?

andpuxa · November 14, 2022

В 07.11.2022 в 10:05, andpuxa сказал:

здравствуйте, настройка на порту:

switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 0
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60

такие настройки, флаг DOL

Vladimir Efimtsev · November 17, 2022

@andpuxa можете сказать модель коммутатора ("sh ver") и приложить полный его конфиг ("sh run")?

andpuxa · November 17, 2022

Цитата

sh ver
SNR-S2985G-48T Device, Compiled on Sep 20 16:46:56 2022
sysLocation gorsky
CPU Mac f8:f0:82:11:1c:dd
Vlan MAC f8:f0:82:11:1c:dc
SoftWare Version 7.0.3.5(R0241.0549)
BootRom Version 7.2.40
HardWare Version 1.0.1
CPLD Version N/A
Serial No.:SW052510F929000302
Copyright (C) 2022 NAG LLC
All rights reserved
Last reboot is cold reset.
Uptime is 4 weeks, 6 days, 2 hours, 54 minutes

Цитата

sh run
!
no service password-encryption
!
hostname 2f-oz
sysLocation
sysContact
!
username admin privilege 15 password 0
!
authentication line console login local
!
!
clock timezone 6 add 7 0
!
logging executed-commands enable
!
ssh-server enable
ssh-server timeout 600
!
ip http secure-server
!
snmp-server enable
snmp-server securityip disable
snmp-server community rw 0 private
snmp-server community ro 0 public
!
!
ip dhcp snooping enable
ip dhcp snooping vlan 10-14
ip dhcp snooping binding enable
ip dhcp snooping blocked record enable
!
ip dhcp snooping information enable
ip dhcp snooping information option self-defined remote-id hostname
ip dhcp snooping broadcast suppress
!
!
!
!
!
!
!
loopback-detection control-recovery timeout 30
!
!
!
!
ip gratuitous-arp 5
vlan 1;9;11-16;101;201;4088;4090-4091
!
vlan 10
isolate-port group v10 switchport interface Ethernet1/0/49
isolate-port group v10 switchport interface Ethernet1/0/47
isolate-port group v10 switchport interface Ethernet1/0/46
isolate-port group v10 switchport interface Ethernet1/0/45
isolate-port group v10 switchport interface Ethernet1/0/44
isolate-port group v10 switchport interface Ethernet1/0/43
isolate-port group v10 switchport interface Ethernet1/0/42
isolate-port group v10 switchport interface Ethernet1/0/41
isolate-port group v10 switchport interface Ethernet1/0/40
isolate-port group v10 switchport interface Ethernet1/0/34
isolate-port group v10 switchport interface Ethernet1/0/33
isolate-port group v10 switchport interface Ethernet1/0/32
isolate-port group v10 switchport interface Ethernet1/0/31
isolate-port group v10 switchport interface Ethernet1/0/29
isolate-port group v10 switchport interface Ethernet1/0/26
isolate-port group v10 switchport interface Ethernet1/0/25
isolate-port group v10 switchport interface Ethernet1/0/24
isolate-port group v10 switchport interface Ethernet1/0/23
isolate-port group v10 switchport interface Ethernet1/0/22
isolate-port group v10 switchport interface Ethernet1/0/20
isolate-port group v10 switchport interface Ethernet1/0/19
isolate-port group v10 switchport interface Ethernet1/0/18
isolate-port group v10 switchport interface Ethernet1/0/17
isolate-port group v10 switchport interface Ethernet1/0/16
isolate-port group v10 switchport interface Ethernet1/0/15
isolate-port group v10 switchport interface Ethernet1/0/14
isolate-port group v10 switchport interface Ethernet1/0/13
isolate-port group v10 switchport interface Ethernet1/0/12
isolate-port group v10 switchport interface Ethernet1/0/11
isolate-port group v10 switchport interface Ethernet1/0/10
isolate-port group v10 switchport interface Ethernet1/0/9
isolate-port group v10 switchport interface Ethernet1/0/7
isolate-port group v10 switchport interface Ethernet1/0/5
isolate-port group v10 switchport interface Ethernet1/0/4
isolate-port group v10 switchport interface Ethernet1/0/3
isolate-port group v10 switchport interface Ethernet1/0/2
isolate-port group v10 switchport interface Ethernet1/0/1
!
access-list 110 deny tcp any-source any-destination d-port 135
access-list 110 deny tcp any-source any-destination d-port 136
access-list 110 deny tcp any-source any-destination d-port 137
access-list 110 deny tcp any-source any-destination d-port 138
access-list 110 deny tcp any-source any-destination d-port 139
access-list 110 deny tcp any-source any-destination d-port 445
access-list 110 deny tcp any-source any-destination d-port 1900
access-list 110 deny tcp any-source any-destination d-port 2869
access-list 110 deny udp any-source any-destination d-port 135
access-list 110 deny udp any-source any-destination d-port 136
access-list 110 deny udp any-source any-destination d-port 137
access-list 110 deny udp any-source any-destination d-port 138
access-list 110 deny udp any-source any-destination d-port 139
access-list 110 deny udp any-source any-destination d-port 445
access-list 110 deny udp any-source any-destination d-port 1900
access-list 110 deny udp any-source any-destination d-port 2869
access-list 110 permit ip any-source any-destination
!
vacl ip access-group 110 in vlan 13
!
Interface Ethernet1/0/1
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/2
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/3
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/4
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/5
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/6
switchport mode hybrid
switchport hybrid allowed vlan 11-14;201 tag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/7
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/8
switchport mode hybrid
switchport hybrid allowed vlan 11-14;201 tag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/9
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/10
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/11
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/12
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/13
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/14
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/15
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/16
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/17
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/18
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/19
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/20
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/21
switchport mode hybrid
switchport hybrid allowed vlan 9;11-14;16;201 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
!
Interface Ethernet1/0/22
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/23
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/24
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/25
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/26
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/27
switchport mode hybrid
switchport hybrid allowed vlan 11-14;201 tag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/28
switchport access vlan 15
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/29
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/30
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 201 untag
switchport hybrid native vlan 201
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/31
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/32
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/33
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/34
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/35
switchport access vlan 15
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/36
switchport access vlan 15
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/37
switchport access vlan 15
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/38
switchport mode hybrid
switchport hybrid allowed vlan 11-14;201 tag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/39
no switchport voice-vlan enable
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 0
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/40
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/41
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/42
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/43
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/44
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/45
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/46
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/47
switchport mode hybrid
switchport hybrid allowed vlan 14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
loopback-detection specified-vlan 10-11;14
loopback-detection control shutdown
switchport port-security maximum 2
ip dhcp snooping binding user-control vlan 10
ip dhcp snooping binding user-control max-user 1
ip dhcp snooping action shutdown recovery 60
!
Interface Ethernet1/0/48
switchport mode trunk
switchport trunk allowed vlan 2-4094
switchport trunk native vlan 4088
ip dhcp snooping trust
!
Interface Ethernet1/0/49
switchport mode trunk
switchport trunk allowed vlan 2-4094
switchport trunk native vlan 4091
ip dhcp snooping trust
!
Interface Ethernet1/0/50
switchport mode hybrid
switchport hybrid allowed vlan 11-14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
!
Interface Ethernet1/0/51
switchport mode hybrid
switchport hybrid allowed vlan 11-14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
!
Interface Ethernet1/0/52
switchport mode hybrid
switchport hybrid allowed vlan 11-14 tag
switchport hybrid allowed vlan 10 untag
switchport hybrid native vlan 10
!
interface Vlan10
ip gratuitous-arp 5
!
interface Vlan11
ip gratuitous-arp 5
!
interface Vlan12
ip gratuitous-arp 5
!
interface Vlan13
ip gratuitous-arp 5
!
interface Vlan14
!
interface Vlan15
ip gratuitous-arp 5
!
interface Vlan201
ip address 192.168.201.11 255.255.255.0
!
ip igmp snooping
ip igmp snooping vlan 10
ip igmp snooping vlan 10 immediately-leave
ip igmp snooping vlan 10 mrouter-port interface Ethernet1/0/48
!
ip default-gateway 192.168.201.1
!
sntp server 192.168.0.1
!
no login
!
!
isolate-port group v10
captive-portal
!
end

Edited November 17, 2022 by andpuxa

Kozubsky Vladimir · November 21, 2022

Добрый день, @andruxa проверим на стенде, по результатам отпишем вам здесь.

Sign In

Примеры настроек коммутаторов SNR

Recommended Posts

alish13

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Evgeny Mirhasanov

alish13

Kozubsky Vladimir

rentphoto

Aleksey Sonkin

rentphoto

Aleksey Sonkin

andpuxa

Vladimir Efimtsev

andpuxa

Vladimir Efimtsev

andpuxa

andpuxa

Vladimir Efimtsev

andpuxa

Vladimir Efimtsev

andpuxa

Vladimir Efimtsev

andpuxa

Vladimir Efimtsev

andpuxa

Vladimir Efimtsev

andpuxa

Kozubsky Vladimir

Join the conversation