Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- raspberry-pi-aufsetzen [2016/08/19 16:43] – benny
+++ raspberry-pi-aufsetzen [2024/06/09 10:29] (aktuell) – Externe Bearbeitung 127.0.0.1
@@ Zeile 105: / Zeile 105: @@
 </code>
-Im nächsten Schritt wollen wir dem Raspberry Pi das korrekte Tastaturlayout verpassen, die Zeitzone auf Berlin einstellen und optional (wenn vorhanden) die Wi-Fi/Wireless Schnittstelle auf Deutschland einrichten.
+Im nächsten Schritt wollen wir dem Raspberry Pi das korrekte Tastaturlayout verpassen, die Zeitzone auf Berlin einstellen, den Hostname setzen und optional (wenn vorhanden) die Wi-Fi/Wireless Schnittstelle auf Deutschland einrichten.
 <code>
@@ Zeile 138: / Zeile 138: @@
 >>>> "Berlin"
+**Den Hostname des Raspberry Pi festlegen:**
+> "Advanced Options" ->
+>> "Hostname" ->
+>>> "OK" ->
+>>>> "pi1" (wahlweise was ihr wollt)
 **Für deutsche regulatorische Domäne Wi-Fi/Wireless:**
@@ Zeile 154: / Zeile 164: @@
 <code>
-sudo apt-get update && sudo apt-get dist-upgrade
+pi@raspberrypi:~ $ sudo apt-get update && sudo apt-get dist-upgrade
 </code>
@@ Zeile 185: / Zeile 195: @@
   * VIM
+  * tcpdump
+  * iperf3
+  * tshark
+  * smcroute
 <code>
-sudo apt-get install -y vim
+pi@raspberrypi:~ $ sudo apt-get install -y vim tcpdump iperf3
 </code>
+Optional
+(smcroute)
+===== IPv6 deaktivieren (wahlweise) =====
+<code bash>
+echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
+</code>
+bzw. in der sysctl.conf
+<code bash>
+net.ipv6.conf.all.disable_ipv6 = 1
+</code>
+===== iptables für NAT zwischen wlan0 und eth0 =====
+<code bash>
+sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
+sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
+# In /etc/network/interfaces o.ae. irgendwo unten
+up iptables-restore < /etc/iptables.ipv4.nat
+</code>
+===== Multicast am OmniSwitch 6450 (6.7.1.86.R03) + Raspberry Pi =====
+Der Linux Kernel des Raspberry Pi macht von Haus aus Multicast, daher muss man hier nicht groß rumsuchen:
+<code>
+pi@pi1:~ $ ifconfig eth0
+eth0      Link encap:Ethernet  HWaddr b8:27:eb:82:26:a8
+          inet addr:192.168.5.155  Bcast:192.168.5.255  Mask:255.255.255.0
+          inet6 addr: fe80::e72a:7f1b:ac2c:ca62/64 Scope:Link
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:123 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:126 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000
+          RX bytes:12051 (11.7 KiB)  TX bytes:16815 (16.4 KiB)
+pi@pi1:~ $ ip maddr show dev eth0
+:	eth0
+	link  33:33:00:00:00:01
+	link  33:33:ff:2c:ca:62
+	link  01:00:5e:00:00:01
+	link  33:33:00:00:00:fb
+	link  01:00:5e:00:00:fb
+	inet  224.0.0.251
+	inet  224.0.0.1
+	inet6 ff02::fb
+	inet6 ff02::1:ff2c:ca62
+	inet6 ff02::1
+	inet6 ff01::1
+pi@pi1:~ $ ping 239.0.10.1
+PING 239.0.10.1 (239.0.10.1) 56(84) bytes of data.
+^C
+--- 239.0.10.1 ping statistics ---
+packets transmitted, 0 received, 100% packet loss, time 5004ms
+</code>
+Am Pi2 kann man diese Pakete auch sehen (aber es wird nicht darauf geantwortet)
+<code>
+pi@pi2:~ $ sudo tcpdump -lvvvni eth0 host 239.0.10.1
+tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
+:43:11.536867 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 828, seq 1, length 64
+:43:12.544589 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 828, seq 2, length 64
+:43:13.544467 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 828, seq 3, length 64
+:43:14.544464 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 828, seq 4, length 64
+:43:15.544456 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 828, seq 5, length 64
+</code>
+Soweit so gut, nur wollen wir die Pakete erst erhalten nachdem wir diese Gruppe per IGMP gejoined haben.
+Dafür müssen wir erstmal dem OmniSwitch etwas mehr Intelligenz einhauchen, damit der nicht alles einfach vervielfältigt.
+<code>
+-> show ip multicast
+Status                                          = disabled,
+Querying                                        = disabled,
+Proxying                                        = disabled,
+Spoofing                                        = disabled,
+Zapping                                         = disabled,
+Querier Forwarding                              = disabled,
+Flood Unknown                                   = disabled,
+Dynamic control drop-all status                 = disabled,
+Version                                         = 2,
+Robustness                                      = 2,
+Query Interval (seconds)                        = 125,
+Query Response Interval (tenths of seconds)     = 100,
+Last Member Query Interval (tenths of seconds)  = 10,
+Unsolicited Report Interval (seconds)           = 1,
+Router Timeout (seconds)                        = 90,
+Source Timeout (seconds)                        = 30,
+Max-group                                       = 0,
+Max-group action                                = none
+-> ip multicast status enable
+-> show ip multicast
+Status                                          = enabled,
+Querying                                        = disabled,
+Proxying                                        = disabled,
+Spoofing                                        = disabled,
+Zapping                                         = disabled,
+Querier Forwarding                              = disabled,
+Flood Unknown                                   = disabled,
+Dynamic control drop-all status                 = disabled,
+Version                                         = 2,
+Robustness                                      = 2,
+Query Interval (seconds)                        = 125,
+Query Response Interval (tenths of seconds)     = 100,
+Last Member Query Interval (tenths of seconds)  = 10,
+Unsolicited Report Interval (seconds)           = 1,
+Router Timeout (seconds)                        = 90,
+Source Timeout (seconds)                        = 30,
+Max-group                                       = 0,
+Max-group action                                = none
+</code>
+Wiederholt man nun den ping auf dem Pi1, empfängt man auf Pi2 nichts mehr - dafür sieht der Switch den Pi1 als Source
+<code>
+pi@pi1:~ $ ping 239.0.10.1
+PING 239.0.10.1 (239.0.10.1) 56(84) bytes of data.
+^C
+--- 239.0.10.1 ping statistics ---
+packets transmitted, 0 received, 100% packet loss, time 4004ms
+</code>
+<code>
+-> show ip multicast source
+Total 1 Sources
+Group Address   Host Address    Tunnel Address  VLAN  Port
+---------------+---------------+---------------+-----+-----
+.0.10.1      192.168.5.155   0.0.0.0          1    1/7
+</code>
+<code>
+pi@pi2:~ $ sudo tcpdump -lvvvni eth0 host 239.0.10.1
+tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
+^C
+packets captured
+packets received by filter
+packets dropped by kernel
+</code>
+Zum Zeitpunkt zu dem dieser Artikel geschrieben wurde, beherrschen die iproute2 Werkzeuge zwar die Anzeige von Multicast-Einstellungen, man kann aber keine neuen Gruppen manuell registrieren.
+**Pi2 SSH Session 1**
+<code>
+pi@pi2:~ $ sudo smcroute -d
+pi@pi2:~ $ sudo smcroute -j eth0 239.0.10.1
+</code>
+> Startet den Prozess als Daemon (Superuser Rechte sind Muss!)
+>> sudo smcroute -d
+> Sendet einen "IGMP-Join" über die angegebene Schnittstelle und registriert dies lokal auch im Kernel
+>> sudo smcroute -j eth0 239.0.10.1
+> Sendet einen IGMP-Leave" über die angegebene Schnittstele
+>> sudo smcroute -l eth0 239.0.10.1
+> Beendet den Prozess
+>> sudo smcroute -k
+Alternativ kann man das Paket "socat" verwenden (mir gefällt smcroute derzeit besser):
+> Registriert die Adresse 239.0.10.1 auf der Schnittstelle eth0
+>> pi@pi2:~ $ socat STDIO UDP4-RECV:1234,ip-add-membership=239.0.10.1:eth0
+**Pi2 SSH Session 2**
+<code>
+pi@pi2:~ $ sudo tcpdump -lvvvnni eth0 igmp or host 239.0.10.1
+tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
+:25:04.000098 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA))
+.168.5.156 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.0.10.1 to_ex { }]
+:25:04.750039 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA))
+.168.5.156 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 239.0.10.1 to_ex { }]
+</code>
+**Pi1, mal lospingen**
+<code>
+pi@pi1:~ $ ping 239.0.10.1
+PING 239.0.10.1 (239.0.10.1) 56(84) bytes of data.
+^C
+--- 239.0.10.1 ping statistics ---
+packets transmitted, 0 received, 100% packet loss, time 9003ms
+</code>
+**Der OmniSwitch 6450 sieht die Pakete und vermittelt sie auch weiter**
+<code>
+-> show ip multicast source
+Total 1 Sources
+Group Address   Host Address    Tunnel Address  VLAN  Port
+---------------+---------------+---------------+-----+-----
+.0.10.1      192.168.5.155   0.0.0.0          1    1/7
+-> show ip multicast group
+Total 1 Groups
+Group Address   Source Address  VLAN  Port  Mode     Static  Count  Life  RVLAN
+---------------+---------------+-----+-----+--------+-------+------+-----+------
+.0.10.1      0.0.0.0          1    1/3   exclude  no      2      133   -
+</code>
+**Pi2 SSH Session 2**
+<code>
+pi@pi2:~ $ sudo tcpdump -lvvvnni eth0 igmp or host 239.0.10.1
+tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
+:25:25.919115 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 873, seq 2, length 64
+:25:26.919035 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 873, seq 3, length 64
+:25:27.919029 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 873, seq 4, length 64
+:27:06.528880 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 874, seq 2, length 64
+:27:07.528765 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 874, seq 3, length 64
+:27:08.528766 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 874, seq 4, length 64
+:27:09.528757 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 874, seq 5, length 64
+:27:10.528758 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 874, seq 6, length 64
+:27:11.528757 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 874, seq 7, length 64
+:27:12.528759 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 874, seq 8, length 64
+:27:13.528761 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 874, seq 9, length 64
+:27:14.528757 IP (tos 0x0, ttl 1, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
+.168.5.155 > 239.0.10.1: ICMP echo request, id 874, seq 10, length 64
+</code>
+Es fällt auf dass der Eintrag der 239er Multicast Gruppe immer wieder "vergessen" wird vom Switch. Dies liegt daran dass der smcroute Daemon nicht selbstständig die Registrierung aktiv hält, sondern darum gebeten werden muss.
+**Wir aktivieren dafür "ip multicast querying" auf dem OmniSwitch 6450**
+<code>
+-> show ip multicast
+Status                                          = enabled,
+Querying                                        = disabled,
+Proxying                                        = disabled,
+Spoofing                                        = disabled,
+Zapping                                         = disabled,
+Querier Forwarding                              = disabled,
+Flood Unknown                                   = disabled,
+Dynamic control drop-all status                 = disabled,
+Version                                         = 2,
+Robustness                                      = 2,
+Query Interval (seconds)                        = 125,
+Query Response Interval (tenths of seconds)     = 100,
+Last Member Query Interval (tenths of seconds)  = 10,
+Unsolicited Report Interval (seconds)           = 1,
+Router Timeout (seconds)                        = 90,
+Source Timeout (seconds)                        = 30,
+Max-group                                       = 0,
+Max-group action                                = none
+-> ip multicast querying enable
+-> show ip multicast
+Status                                          = enabled,
+Querying                                        = enabled,
+Proxying                                        = disabled,
+Spoofing                                        = disabled,
+Zapping                                         = disabled,
+Querier Forwarding                              = disabled,
+Flood Unknown                                   = disabled,
+Dynamic control drop-all status                 = disabled,
+Version                                         = 2,
+Robustness                                      = 2,
+Query Interval (seconds)                        = 125,
+Query Response Interval (tenths of seconds)     = 100,
+Last Member Query Interval (tenths of seconds)  = 10,
+Unsolicited Report Interval (seconds)           = 1,
+Router Timeout (seconds)                        = 90,
+Source Timeout (seconds)                        = 30,
+Max-group                                       = 0,
+Max-group action                                = none
+-> show ip multicast querier
+Total 1 Queriers
+Host Address    VLAN  Port  Static  Count  Life
+---------------+-----+-----+-------+------+-----
+.168.5.104    1    CPU   no      0      24
+</code>
+Diese Konfiguration sorgt dafür dass der Switch regelmäßig fragt wer für welche Gruppen registriert ist und darauf reagiert der smcroute Daemon dann auch und der Eintrag wird aktiv gehalten.
+<code>
+-> show ip multicast group
+Total 1 Groups
+Group Address   Source Address  VLAN  Port  Mode     Static  Count  Life  RVLAN
+---------------+---------------+-----+-----+--------+-------+------+-----+------
+.0.10.1      0.0.0.0          1    1/3   exclude  no      5      257   -
+-> show ip multicast group
+Total 1 Groups
+Group Address   Source Address  VLAN  Port  Mode     Static  Count  Life  RVLAN
+---------------+---------------+-----+-----+--------+-------+------+-----+------
+.0.10.1      0.0.0.0          1    1/3   exclude  no      7      173   -
+-> show ip multicast group
+Total 1 Groups
+Group Address   Source Address  VLAN  Port  Mode     Static  Count  Life  RVLAN
+---------------+---------------+-----+-----+--------+-------+------+-----+------
+.0.10.1      0.0.0.0          1    1/3   exclude  no      5      259   -
+->
+->
+</code>
+**So sieht dies auf Seite des Pi2 aus**
+<code>
+pi@pi2:~ $ sudo tshark -i eth0 -Y igmp
+tshark: Lua: Error during loading:
+ [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
+Running as user "root" and group "root". This could be dangerous.
+Capturing on 'eth0'
+  16.914403 192.168.5.156 -> 239.0.10.1   IGMPv2 46 Membership Report group 239.0.10.1
+  24.554366 192.168.5.156 -> 239.0.10.1   IGMPv2 46 Membership Report group 239.0.10.1
+  30.954357 192.168.5.156 -> 239.0.10.1   IGMPv2 46 Membership Report group 239.0.10.1
+  41.338705 192.168.5.104 -> 224.0.0.1    IGMPv2 60 Membership Query, general             <---------
+  48.614361 192.168.5.156 -> 224.0.0.251  IGMPv2 46 Membership Report group 224.0.0.251
+  50.834353 192.168.5.156 -> 239.0.10.1   IGMPv2 46 Membership Report group 239.0.10.1    <- !!!!
+^C6 packets captured
+</code>
+Nun fällt auf dass der Pi2 nicht auf den ICMP Echo Request antwortet, obwohl er ihn erhält (geht ja an eine Multicast Adresse).
+**Dies aktivieren wir für diesen Test wie folgt:**
+<code>
+pi@pi2:~ $ cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+pi@pi2:~ $ sudo sysctl net.ipv4.icmp_echo_ignore_broadcasts=0
+net.ipv4.icmp_echo_ignore_broadcasts = 0
+</code>
+**Hier nun das finale Ergebnis (Multicast Echo Request, Unicast Echo Response)**
+<code>
+pi@pi2:~ $ sudo tshark -i eth0 -Y "igmp or ip.dst==239.0.10.1 or ip.dst == 192.168.5.155"
+tshark: Lua: Error during loading:
+ [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
+Running as user "root" and group "root". This could be dangerous.
+Capturing on 'eth0'
+   4.793110 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=2/512, ttl=1
+   4.793220 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=2/512, ttl=64
+   5.793032 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=3/768, ttl=1
+   5.793124 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=3/768, ttl=64
+   6.793028 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=4/1024, ttl=1
+   6.793128 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=4/1024, ttl=64
+   7.793004 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=5/1280, ttl=1
+   7.793078 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=5/1280, ttl=64
+   8.793011 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=6/1536, ttl=1
+   8.793096 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=6/1536, ttl=64
+   9.793004 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=7/1792, ttl=1
+   9.793076 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=7/1792, ttl=64
+  10.793052 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=8/2048, ttl=1
+  10.793149 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=8/2048, ttl=64
+  11.793021 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=9/2304, ttl=1
+  11.793093 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=9/2304, ttl=64
+  12.793017 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=10/2560, ttl=1
+  12.793100 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=10/2560, ttl=64
+  13.149535 192.168.5.104 -> 224.0.0.1    IGMPv2 60 Membership Query, general
+  13.793005 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=11/2816, ttl=1
+  13.793076 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=11/2816, ttl=64
+  14.793031 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=12/3072, ttl=1
+  14.793119 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=12/3072, ttl=64
+  15.793022 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=13/3328, ttl=1
+  15.793091 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=13/3328, ttl=64
+  16.793035 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=14/3584, ttl=1
+  16.793121 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=14/3584, ttl=64
+  17.135066 192.168.5.156 -> 239.0.10.1   IGMPv2 46 Membership Report group 239.0.10.1
+  17.793027 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=15/3840, ttl=1
+  17.793098 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=15/3840, ttl=64
+  18.793047 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=16/4096, ttl=1
+  18.793144 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=16/4096, ttl=64
+  19.793026 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=17/4352, ttl=1
+  19.793099 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=17/4352, ttl=64
+  20.793037 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=18/4608, ttl=1
+  20.793124 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=18/4608, ttl=64
+  21.793024 192.168.5.155 -> 239.0.10.1   ICMP 98 Echo (ping) request  id=0x0699, seq=19/4864, ttl=1
+  21.793100 192.168.5.156 -> 192.168.5.155 ICMP 98 Echo (ping) reply    id=0x0699, seq=19/4864, ttl=64
+  22.765096 192.168.5.156 -> 224.0.0.251  IGMPv2 46 Membership Report group 224.0.0.251
+^C39 packets captured
+</code>
+Nun wurde mir seitens eines geschätzten Business Partners berichtet dass es eine Herausforderung gibt, wenn der Client der den Multicast erhalten soll per "User-Network-Profile" (UNP) angebunden und per non-supplicant Authentifizierung ist. (Dann sollte kein Eintrag in der Ausgabe von "ip multicast group" auftauchen)
+**Authentifizierung auf dem OmniSwitch einrichten**
+<code>
+-> aaa radius-server rad01 host 192.168.5.1 key verysecret
+->
+-> aaa test-radius-server rad01 type authentication user alcatel password alcatel method pap
+Testing Radius Server <192.168.5.1/rad01>
+Access-Accept from 192.168.5.1 Port 1812 Time: 2 ms
+Returned Attributes
+-> vlan port mobile 1/3
+-> vlan port 1/3 802.1x enable
+-> ! Durch folgendes Kommando halten wir uns nicht mit 802.1x auf sondern machen direkt "non-supplicant"
+-> 802.1x 1/3 supp-polling retry 0
+->
+-> 802.1x 1/3 non-supplicant policy authentication pass default-vlan fail block
+->
+-> aaa authentication mac rad01
+->
+-> ! Der häufigste Fehler ist die folgende Zeile nicht zu haben, also daher los!
+-> aaa authentication 802.1x rad01
+->
+-> ! Gleich mal probieren, Pi2 abgezogen und aufgesteckt ...
+-> show 802.1x non-supplicant
+Slot  MAC               MAC Authent      Classification      Vlan
+Port  Address           Status           Policy              Learned
+-----+-----------------+----------------+-------------------+--------
+/03 b8:27:eb:61:78:ec Authenticated    Basic-Dft VLAN      1
+-> ! Aber es ging ja um das UNP, daher ..
+-> aaa user-network-profile name "mcasttest" vlan 1
+-> show 802.1x non-supplicant
+Slot  MAC               MAC Authent      Classification      Vlan
+Port  Address           Status           Policy              Learned
+-----+-----------------+----------------+-------------------+--------
+/03 b8:27:eb:61:78:ec Authenticated    Basic-UNP-Auth Svr  1
+-> show 802.1x non-supplicant unp
+Slot  MAC               Vlan  HIC             Dynamic
+Port  Address                 Status          UNP
+-----+-----------------+-----+---------------+-----------------
+/03 b8:27:eb:61:78:ec     1 Not Started     mcasttest
+-> show ip multicast group
+Total 1 Groups
+Group Address   Source Address  VLAN  Port  Mode     Static  Count  Life  RVLAN
+---------------+---------------+-----+-----+--------+-------+------+-----+------
+.0.10.1      0.0.0.0          1    1/3   exclude  no      2      155   -
+</code>
+Der Ping läuft auch wie zuvor. Da scheint der Aufbau beim Partner doch irgendwie anders zu sein. :(
+**Das sagt der Freeradius (v2)**
+<code>
+rad_recv: Access-Request packet from host 192.168.5.104 port 1030, id=4, length=98
+	User-Name = "B827EB6178EC"
+	User-Password = "B827EB6178EC"
+	NAS-IP-Address = 192.168.5.104
+	NAS-Port = 77
+	NAS-Port-Type = Ethernet
+	Calling-Station-Id = "b827eb6178ec"
+	Service-Type = Call-Check
+# Executing section authorize from file /etc/freeradius/sites-enabled/default
++group authorize {
+++[preprocess] = ok
+++[chap] = noop
+++[mschap] = noop
+++[digest] = noop
+[suffix] No '@' in User-Name = "B827EB6178EC", looking up realm NULL
+[suffix] No such realm "NULL"
+++[suffix] = noop
+[eap] No EAP-Message, not doing EAP
+++[eap] = noop
+[files] users: Matched entry B827EB6178EC at line 98
+++[files] = ok
+++[expiration] = noop
+++[logintime] = noop
+++[pap] = updated
++} # group authorize = updated
+Found Auth-Type = PAP
+# Executing group from file /etc/freeradius/sites-enabled/default
++group PAP {
+[pap] login attempt with password "B827EB6178EC"
+[pap] Using clear text password "B827EB6178EC"
+[pap] User authenticated successfully
+++[pap] = ok
++} # group PAP = ok
+# Executing section post-auth from file /etc/freeradius/sites-enabled/default
++group post-auth {
+++[exec] = noop
++} # group post-auth = noop
+Sending Access-Accept of id 4 to 192.168.5.104 port 1030
+	Framed-Filter-Id = "mcasttest"
+Finished request 0.
+Going to the next request
+Waking up in 4.9 seconds.
+Cleaning up request 0 ID 4 with timestamp +23
+</code>