我有一个问题,当将服务器连接到 Stratix 5400 时,Stratix 会失去连接几秒钟,这会导致线路出现安全故障,因为我们有安全 PLC 的帮助。
,Software verison is 15.2 (non crypto)
,STP setting: MSTP
,VTP mode:Transparent
,Vlan Management: Default and all of the used posrts are in
,Port type: I tried both Trunk and Dynamic auto but same issue
在我的交换机上我有这个配置
!
! Last configuration change at 06:19:25 UTC Tue Apr 13 2021 by admin
! NVRAM config last updated at 06:19:25 UTC Tue Apr 13 2021 by admin
!
version 15.2
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service unsupported-transceiver
no service dhcp
!
hostname L04_BLISS
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16384
no logging console
enable secret level 1 5 $1$lyxC$gX/xJyzgZZbvAto5ghwZw/
enable secret 5 $1$49To$3.3hDvkcE7/S6NcFp7IU..
!
username admin privilege 15 secret 5 $1$g.1c$hMMHErqIqYrad3FxxZuDh/
no aaa new-model
system mtu routing 1500
no ip source-route
!
!
!
no ip domain-lookup
ip igmp snooping querier
vtp mode transparent
!
!
!
!
!
udld aggressive
ptp mode forward
!
!
spanning-tree mode mst
spanning-tree extend system-id
cip security password 143206030916242E30
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause link-monitor-failure
errdisable recovery cause oam-remote-failure
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery cause psp
errdisable recovery interval 30
!
alarm profile defaultPort
alarm not-operating
syslog not-operating
notifies not-operating
!
alarm profile ab-alarm
alarm link-fault not-forwarding not-operating fcs-error
syslog link-fault not-forwarding not-operating fcs-error
notifies link-fault not-forwarding not-operating fcs-error
relay-major not-forwarding
!
alarm facility power-supply rps disable
alarm facility power-supply rps notifies
alarm facility power-supply rps relay major
alarm facility temperature secondary notifies
alarm facility temperature secondary syslog
alarm facility temperature secondary high 90
alarm facility temperature secondary low 0
!
!
vlan internal allocation policy ascending
!
vlan 999
name VLAN0999
!
vlan 1000
!
!
class-map match-all 1588-PTP-General
match access-group 107
class-map match-all 1588-PTP-Event
match access-group 106
class-map match-all qos-group-2
match qos-group 2
class-map match-all qos-group-0
match qos-group 0
class-map match-all qos-group-1
match qos-group 1
class-map match-all CIP-Implicit_dscp_any
match access-group 104
class-map match-all CIP-Other
match access-group 105
class-map match-all voip-data
match ip dscp ef
class-map match-any voip-control
match ip dscp cs3 af31
class-map match-all CIP-Implicit_dscp_43
match access-group 103
class-map match-all CIP-Implicit_dscp_55
match access-group 101
class-map match-all CIP-Implicit_dscp_47
match access-group 102
!
policy-map Policymap-Output-Wireless
class qos-group-0
priority
police 4000000
class qos-group-1
bandwidth percent 40
class qos-group-2
bandwidth percent 40
class class-default
bandwidth percent 16
policy-map Voice-Map
class voip-data
police 320000 8000 conform-action set-qos-transmit 1 exceed-action set-qos-transmit 3
class voip-control
police 32000 8000 conform-action set-qos-transmit 2 exceed-action set-qos-transmit 3
policy-map Output-accesspoint
class qos-group-0
priority
police 4000000
class qos-group-1
bandwidth percent 19
class qos-group-2
bandwidth percent 40
class class-default
bandwidth percent 40
policy-map Policymap-Output-Default
class qos-group-0
priority
police 4000000
class qos-group-1
bandwidth percent 25
class qos-group-2
bandwidth percent 25
class class-default
bandwidth percent 25
policy-map PTP-Event-Priority
class qos-group-0
priority
class qos-group-1
bandwidth remaining percent 40
class qos-group-2
bandwidth remaining percent 40
class class-default
bandwidth remaining percent 20
policy-map CIP-PTP-Traffic
class CIP-Implicit_dscp_55
set qos-group 1
class CIP-Implicit_dscp_47
set qos-group 1
class CIP-Implicit_dscp_43
set qos-group 1
class CIP-Implicit_dscp_any
set qos-group 2
class CIP-Other
set qos-group 2
class 1588-PTP-Event
set qos-group 0
class 1588-PTP-General
set qos-group 1
policy-map Policymap-Output-Phone
class qos-group-0
priority
police 4000000
class qos-group-1
bandwidth percent 60
class qos-group-2
bandwidth percent 20
class class-default
bandwidth percent 10
!
!
!
!
!
!
macro global description ab-global | ab-password
!
interface GigabitEthernet1/1
description BLISS
macro description switch-automation
alarm profile ab-alarm
spanning-tree link-type point-to-point
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/2
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/3
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/4
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/5
description PLC_PNL
switchport mode trunk
macro description switch-automation
alarm profile ab-alarm
spanning-tree link-type point-to-point
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/6
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/7
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/8
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/9
description Geo_A
switchport mode trunk
macro description switch-automation
alarm profile ab-alarm
spanning-tree link-type point-to-point
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/10
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/11
description Geo_B
switchport mode trunk
macro description switch-automation
alarm profile ab-alarm
spanning-tree link-type point-to-point
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/12
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/13
description Geo_C
switchport mode trunk
macro description switch-automation
alarm profile ab-alarm
spanning-tree link-type point-to-point
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/14
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/15
description Geo_D
switchport mode trunk
macro description switch-automation
alarm profile ab-alarm
spanning-tree link-type point-to-point
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/16
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/17
description Geo_E
switchport mode trunk
macro description switch-automation
alarm profile ab-alarm
spanning-tree link-type point-to-point
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/18
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/19
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface GigabitEthernet1/20
alarm profile ab-alarm
service-policy input CIP-PTP-Traffic
service-policy output Policymap-Output-Default
!
interface Vlan1
ip address 192.168.0.5 255.255.0.0
cip enable
!
interface Vlan999
no ip address
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http session-idle-timeout 1200
!
!
access-list 101 permit udp any eq 2222 any dscp 55
access-list 102 permit udp any eq 2222 any dscp 47
access-list 103 permit udp any eq 2222 any dscp 43
access-list 104 permit udp any eq 2222 any
access-list 105 permit udp any eq 44818 any
access-list 105 permit tcp any eq 44818 any
access-list 106 permit udp any eq 319 any
access-list 107 permit udp any eq 320 any
!
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps bgp cbgp2
snmp-server enable traps ether-oam
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps cluster
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps trustsec-sxp conn-srcaddr-err msg-parse-err conn-config-err binding-err conn-up conn-down binding-expn-fail oper-nodeid-change binding-conflict
snmp-server enable traps energywise
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps power-ethernet police
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps cpu threshold
snmp-server enable traps rep
snmp-server enable traps ipsla
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps stackwise
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps alarms informational
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server enable traps errdisable
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
!
!
line con 0
login local
line vty 0 4
login local
transport input none
line vty 5 15
login local
transport input none
!
!
end