[MrLir]

Исследую SNR-S2940-8G-v2 на предмет использования в качестве домового свитча.

SoftWare Version 6.2.138.103

Настраиваю DHCP Relay, вот кусок конфига.

service dhcp
!
ip forward-protocol udp bootps
ip dhcp server relay information enable
ip dhcp relay information option
ip dhcp relay information option subscriber-id format hex
ip dhcp relay information option self-defined subscriber-id format hex
ip dhcp relay share-vlan 120 sub-vlan 20
!

!
vlan 20
name Users
!
vlan 86
name PPPoE
!
vlan 120
name Management
!
!
Interface Ethernet1/1
switchport mode hybrid
switchport hybrid allowed vlan 20;86 untag
switchport hybrid native vlan 20

!
Interface Ethernet1/2
switchport mode hybrid
switchport hybrid allowed vlan 20;86 untag
switchport hybrid native vlan 20
!
.........


!
Interface Ethernet1/9
switchport mode trunk
!
Interface Ethernet1/10
switchport mode trunk
!

!
interface Vlan120
ip address 192.168.42.133 255.255.255.252
 !forward protocol udp 67(active)!
ip helper-address 192.168.22.21
!
ip default-gateway 192.168.42.134
!
protocol-vlan etype 34915 vlan 86 priority 0
protocol-vlan etype 34916 vlan 86 priority 0
isolate-port group test switchport interface Ethernet1/8
isolate-port group test switchport interface Ethernet1/7
isolate-port group test switchport interface Ethernet1/6
isolate-port group test switchport interface Ethernet1/5
isolate-port group test switchport interface Ethernet1/4
isolate-port group test switchport interface Ethernet1/3
isolate-port group test switchport interface Ethernet1/2
isolate-port group test switchport interface Ethernet1/1

 

Всё хорошо, адрес получаю, но

на Uplink порту идут броадкастом DHCP Discover от абонента.

Собственно можно-ли как-то это побороть?

[Andrey Savenkov]

Как вариант - заблокировать весь трафик кроме PPPoE на портах, или конкретно запросы к DHCP-серверам с помощью ACL

[D^2]

ip dhcp broadcast suppress