Код: Выделить всё
no spanning-tree
!
bridge multicast filtering
!
vlan database
vlan 8,14,107
exit
!
loopback-detection enable
loopback-detection mode multicast-mac-addr
loopback-detection vlan-based
loopback-detection vlan-based recovery-time 300
!
ip dhcp relay address 10.156.10.1
ip dhcp relay address 10.156.10.2
ip dhcp relay enable
ip dhcp relay information option suboption-type custom
ip dhcp snooping
ip dhcp snooping information option allowed-untrusted
ip dhcp information option format-type option pv
ip dhcp snooping vlan 14
!
multicast snooping profile iptv_group238
match ip 238.1.1.1 238.1.1.254
exit
!
multicast snooping profile hdtv_group237
match ip 237.1.1.1 237.1.1.50
exit
!
multicast snooping profile prem_group237
match ip 237.1.2.1 237.1.2.100
exit
!
!
ip igmp snooping
ip igmp snooping vlan 14
ip igmp snooping vlan 107 mrouter interface te1/0/1
ip igmp snooping vlan 107 immediate-leave host-based
!
ip arp inspection
ip arp inspection vlan 14
!
ip source-guard
!
qos advanced ports-trusted
qos advanced-mode trust dscp
!
ip access-list extended acl_video
permit ip any any 192.168.1.248 0.0.0.0 any ace-priority 20
permit ip any any 192.168.1.240 0.0.0.0 any ace-priority 21
exit
!
mac access-list extended acl_tv
permit any any vlan 107 ace-priority 20
exit
!
ip access-list extended block_client_dhcp
deny udp any any any bootpc ace-priority 20
permit ip any any any any ace-priority 40
exit
!
!
class-map class_tv
match access-group acl_tv
exit
!
class-map class_video
match access-group acl_video
exit
!
policy-map pol_tv
class class_tv
set dscp 48
exit
class class_video
set dscp 40
exit
exit
!
!
hostname k75-1
!
management access-list ip_trust
permit ip-source 10.156.10.1
permit ip-source 10.156.10.2
permit ip-source 10.156.10.10
exit
!
logging host 10.156.10.1
!
username sa password encrypted 775ad44a2f5c9569143f1b3352fee888f64ec01a privilege 15
!
snmp-server server
encrypted snmp-server community hXKI/nU2kUzqKGixTrnUEJk2X9/GnPd4ihiuEf9vIco= ro view Default
encrypted snmp-server community 5O2f0coreE59RGZehVQFBLTUClcrZ1HxxBXSx3yu8I0= rw view Default
!
clock timezone AMK +10
clock source sntp
!
sntp unicast client enable
sntp server 10.156.10.1 poll
!
backup server tftp://10.156.10.1
backup path swcontrol/mes2324/cfg10.8.7.1
backup time-period 1440
backup auto
!
interface gigabitethernet1/0/1
loopback-detection enable
ip source-guard
rate-limit 100000 burst 1500000
storm-control broadcast kbps 5000
storm-control unicast level 5 trap
spanning-tree bpdu filtering
traffic-shape 100000 1500000
service-acl input block_client_dhcp
switchport mode general
switchport general allowed vlan add 14 untagged
switchport general multicast-tv vlan 107
switchport general pvid 14
switchport forbidden default-vlan
multicast snooping add iptv_group238
multicast snooping add hdtv_group237
multicast snooping add prem_group237
multicast snooping max-groups 6
exit
!
Остальные gi порты по аналогии
!
interface tengigabitethernet1/0/1
ip arp inspection trust
ip dhcp snooping trust
ip dhcp relay enable
service-policy input pol_tv default-action permit-any
switchport mode general
switchport general allowed vlan add 8,14,107 tagged
switchport general acceptable-frame-type tagged-only
switchport forbidden default-vlan
exit
!
interface tengigabitethernet1/0/2
ip arp inspection trust
ip dhcp snooping trust
ip dhcp relay enable
service-policy input pol_tv default-action permit-any
switchport mode general
switchport general allowed vlan add 8,14,107 tagged
switchport general acceptable-frame-type tagged-only
switchport forbidden default-vlan
exit
!
interface tengigabitethernet1/0/3
ip arp inspection trust
ip dhcp snooping trust
ip dhcp relay enable
service-policy input pol_tv default-action permit-any
switchport mode general
switchport general allowed vlan add 8,14,107 tagged
switchport general acceptable-frame-type tagged-only
switchport forbidden default-vlan
exit
!
interface tengigabitethernet1/0/4
ip arp inspection trust
ip dhcp snooping trust
ip dhcp relay enable
service-policy input pol_tv default-action permit-any
switchport mode general
switchport general allowed vlan add 8,14,107 tagged
switchport general acceptable-frame-type tagged-only
switchport forbidden default-vlan
exit
!
interface vlan 8
ip address 10.8.7.1 255.255.0.0
exit
!
interface vlan 14
ip dhcp relay enable
exit
!
!
ip default-gateway 10.8.10.1
!
end