LTE-8X функция свитча и pppoe

[dragomir]

Добрый день, коллеги.
Подскажите пожалуйста, установили OLT, и решили его использовать так же как свитч L2 внутри сети нашего провайдера.
Воткнули кабели в FrontPort 6 (upstream) FrontPort 7 (downstream)
Прокинул через оба интерфейса vlan-ы тегом нужные.
Включил на 6-ом порту бриджинг на 7-ой порт, а на 7 порту включил бриджинг на 6-ой порт.

вот вырезка из конфига:

Код: Выделить всё

interface front-port 6
  bridging to front-port 7
exit

interface front-port 7
  bridging to front-port 6
exit

vlan 213
  name mostootryad
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 6 , front-port 7 , 10G-front-port 0
exit

vlan 400
  name iptv
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged pon-port 0 , pon-port 1 , pon-port 2 , pon-port 3 , pon-port 4 , pon-port 5 , pon-port 6 , pon-port 7 , front-port 6 , front-port 7 , 10G-front-port 0
  ip igmp snooping enable
  ip igmp snooping querier enable
exit


В 213-ом влане идет Интернет через pppoe
В 400-ом мультикаст.

Проблема в том, что через элтекс не проходят насколько я понял ни pppoe запросы ни dhcp.

Пождскажите пожалуйста в чем может быть проблема.

[alexmasz]

есть возможность показать полный конфиг switch?

[dragomir]

да, конечно.

Код: Выделить всё

LTE-8X-KUZBASS(switch)# show running-config
management ip 10.5.0.220 255.255.255.0
management gateway 10.5.0.1
management vlan 5

mirror rx analyzer front-port 0
mirror tx analyzer front-port 0

mac-address-table aging-time 60

port-channel load-balance mac

qos type 0

interface pon-port 0
  pvid 7
exit

interface pon-port 1
  pvid 7
exit

interface pon-port 2
  pvid 7
exit

interface pon-port 3
  pvid 7
exit

interface pon-port 4
  pvid 7
exit

interface pon-port 5
  pvid 7
exit

interface pon-port 6
  pvid 7
exit

interface pon-port 7
  pvid 7
exit

interface mgmt-pon-port 0
  pvid 5
exit

interface mgmt-pon-port 1
  pvid 5
exit

interface mgmt-pon-port 2
  pvid 5
exit

interface mgmt-pon-port 3
  pvid 5
exit

interface front-port 6 
  bridging to front-port 7
exit

interface front-port 7 
  bridging to front-port 6
exit

interface 10G-front-port 0
  speed 1000 full
exit

no vlan 1
vlan 3
  name commutators
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 6 , front-port 7 , 10G-front-port 0
exit

vlan 5
  name mng
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 0 , front-port 1 , front-port 2 , front-port 3 , front-port 4 , front-port 5 , front-port 6 , front-port 7 , 10G-front-port 0 , 10G-front-port 1
  untagged mgmt-pon-port 0 , mgmt-pon-port 1 , mgmt-pon-port 2 , mgmt-pon-port 3
exit

vlan 7
  name onu
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 6 , front-port 7 , 10G-front-port 0
  untagged pon-port 0 , pon-port 1 , pon-port 2 , pon-port 3 , pon-port 4 , pon-port 5 , pon-port 6 , pon-port 7
exit

vlan 213
  name mostootryad
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 6 , front-port 7 , 10G-front-port 0
exit

vlan 224
  name mostootryad_new 
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 6 , front-port 7 , 10G-front-port 0
exit

vlan 235
  name stachnovskiy1
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 6 , front-port 7 , 10G-front-port 0
exit

vlan 240
  name stachnovskiy2
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 6 , front-port 7 , 10G-front-port 0
exit

vlan 241
  name stachnovskiy3
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 6 , front-port 7 , 10G-front-port 0
exit

vlan 242
  name stachnovskiy4
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged front-port 6 , front-port 7 , 10G-front-port 0
exit

vlan 310
  name voip
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged pon-port 0 , pon-port 1 , pon-port 2 , pon-port 3 , pon-port 4 , pon-port 5 , pon-port 6 , pon-port 7 , front-port 6 , front-port 7 , 10G-front-port 0
exit

vlan 400
  name iptv
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  tagged pon-port 0 , pon-port 1 , pon-port 2 , pon-port 3 , pon-port 4 , pon-port 5 , pon-port 6 , pon-port 7 , front-port 6 , front-port 7 , 10G-front-port 0
  ip igmp snooping enable
  ip igmp snooping querier enable
exit

vlan 501
  name ups
  isolation assign group 0 to pon-port 0
  isolation assign group 0 to pon-port 1
  isolation assign group 0 to pon-port 2
  isolation assign group 0 to pon-port 3
  isolation assign group 0 to pon-port 4
  isolation assign group 0 to pon-port 5
  isolation assign group 0 to pon-port 6
  isolation assign group 0 to pon-port 7
  untagged front-port 3
exit


[alexmasz]

а так:

Код: Выделить всё

interface front-port 6
  bridging to front-port 7
  pvid 5
exit

interface front-port 7
  bridging to front-port 6
  pvid 5
exit


у вас трафик на pon ходит же без проблем(и dhcp и voip и тп.)?

[dragomir]

pon вообще пока что не работает, мы пока что врезали этот элтекс в магистраль как транзитный L2 свитч.
позже будем pon настраивать.
pvid 5 не уверен конечно что поможет но попробую

[dragomir]

какая то мистика.
сделал на этих двух интерфейсах pvid 5
пустил vlan 242, pppoe у клиентов осталось работать (до этого они на резервном канале работали)
пустил vlan 240,241 pppoe отвалилось у народа и больше не заработало, а в 242 влане работает

[alexmasz]

эм, насколько я понял, вам надо наоборот убрать управляющий vlan с front-port 0 - 1, и назначить pvid какой-нибудь другой(например 3?)

[alexmasz]

теперь про себя, - собрал на столе такую схему:

[dhcp-server]--trunk--[edge-core]--trunk--[lte-8x]--trunk--[mes1124]

vlan38 - pon dhcp_opt82 абонент - (доходит до lte-8x и уходит в pon-порты)
vlan110 - dhcp_opt82 абонент - (проходит через lte-8x к абоненстким портам mes1124)
vlan64 - mgmt pon (доходит до lte-8x)
vlan252 mgmt switch (доходит до mes1124)

конфиг lte-8x(switch)

Код: Выделить всё

LTE-8X(switch)# show run
management ip 192.168.64.40 255.255.255.0
management vlan 64

mirror rx analyzer front-port 0
mirror tx analyzer front-port 0

mac-address-table aging-time 60

ip dhcp trusted-server-ip 192.168.111.2 primary
ip dhcp trusted-server-ip 192.168.110.2 secondary

port-channel load-balance mac

qos type 0

interface mgmt-pon-port 0
  pvid 64
exit

interface mgmt-pon-port 1
  pvid 64
exit

interface mgmt-pon-port 2
  pvid 64
exit

interface mgmt-pon-port 3
  pvid 64
exit

interface front-port 0
  bridging to front-port 1
  pvid 252
exit

interface front-port 1
  bridging to front-port 0
  pvid 252
exit

vlan 1
exit

vlan 38
  name VLAN0038
  isolation assign group 0 to pon-port 0-7
  tagged pon-port 0 , pon-port 1 , front-port 0
exit

vlan 64
  name VLAN0064
  isolation assign group 0 to pon-port 0-7
  tagged front-port 0
  untagged mgmt-pon-port 0 , mgmt-pon-port 1 , mgmt-pon-port 2 , mgmt-pon-port 3
exit

vlan 110
  name VLAN0110
  isolation assign group 0 to pon-port 0-7
  tagged front-port 0 , front-port 1
exit

vlan 111
  name VLAN0111
  isolation assign group 0 to pon-port 0-7
  tagged front-port 0 , front-port 1
exit

vlan 252
  name VLAN0252
  isolation assign group 0 to pon-port 0-7
  tagged front-port 0 , front-port 1
exit

конфиг lte-8x(olt-0-layer3)

Код: Выделить всё

LTE-8X(OLT0)# show config layer3
OLT0 Layer3 parameters
DHCP Snooping / SW Learning enable: yes
DHCP Autonomous Bind / Unbind Reporting enable: no
DHCP Relay Agent (insert Option 82 if provided): yes
DHCP Relay Agent Set giaddr: no
Insert Opt 82 for Unicast DHCP Requests also: no
Trust Other DHCP Relay Agent: no
ARP Snooping Enable (Requires DHCP SW Learning): no
ARP Mode (0 = Directed ARP, 1 = ARP Proxy): directed_arp
RARP Snooping Enable: no
RARP Mode (0 = Directed RARP, 1 = RARP Proxy): directed_rarp
Disable Upstream ARP Request validation: no
Disable Downstream ARP Reply validation: no
Disable Upstream ARP Reply validation: no
Exclude UDP multicast IP fragments: no
Validate IP Checksum on received frames: no
Validate UDP Checksum on received frames: no
Disable Downstream INFORM ACK Reply validation: no
Disable Upstream RELEASE validation: no
Disable Upstream DECLINE validation: no
Overwrite Client's Option 82: no
Use MAC address based HW forwarding rules: no
Use IPv4 address based HW forwarding rules: no
Maximum Number of Bound Clients / IPs: 256
DHCP Timer Update Interval: 2
DHCP Server Response Timeout: 30
Maximum DHCP Lease Time: 0
Option 82 Format: text


конфиг mes1124

Код: Выделить всё

252-222#show run
ip dhcp relay enable
ip dhcp information option
ip dhcp snooping
ip dhcp snooping vlan 110
ip dhcp snooping vlan 111
!
vlan database
 vlan 110-111,252
exit
!
loopback-detection enable
!
hostname 252-222
!
username admin password encrypted fd90aba17423d86e70362d7befd36b8d1c75adf3 privilege 15
!
no ip http server
!
interface fastethernet 1/0/4
 loopback-detection enable
 switchport access vlan 111
 switchport forbidden default-vlan
 ip dhcp information option format-type circuit-id Vlan111+Ethernet1/0/4
 ip dhcp information option format-type remote-id 252-222
exit
!
interface fastethernet 1/0/5
 loopback-detection enable
 switchport access vlan 110
 switchport forbidden default-vlan
 ip dhcp information option format-type circuit-id Vlan110+Ethernet1/0/5
 ip dhcp information option format-type remote-id 252-222
exit
!
interface gigabitethernet 1/0/4
 ip dhcp snooping trust
 switchport mode trunk
 switchport trunk allowed vlan add 110-111
 switchport trunk native vlan 252
 switchport forbidden default-vlan
exit
!
interface vlan 252
 ip address 192.168.252.222 255.255.255.0
exit


итог:
- трафик ходит куда надо, управление работает и на lte-8x и на mes1124
- pon-абонет работает, получает ip по dhcp c помощью opt82
- абоненты на mes1124 - трафик есть, но dhcp_opt82 не работает проблема на lte-8x, если его(lte-8x) убрать - все работает. как починить? функий отвечающаих на lte-8x(switch) не нашел но ведь он и не должен ничего блокировать, так как снупинга нет..

[Dirks G]

Добрый день.

Переведите front-port lte в который подключен mes в downlink.
LTE-8X# switch
LTE-8X(switch)# configure
LTE-8X(switch)(config)# interface front-port 1
LTE-8X(switch)(config-if)#no uplink
LTE-8X(switch)(config-if)# ex
LTE-8X(switch)(config)# reconfig

[dragomir]

да, спасибо последний пункт помог.