====== VyOS mit OmniSwitch verbinden ======
[[https://vyos.io/|VyOS]] ist ein sehr umfangreicher, auf Debian Linux basierender, Softwarerouter. Unter normalen Nutzungsumständen bekommt man vom ursprünglichen Debian Linux aber nicht mehr viel mit. Es wird davon abgeraten die Konfiguration des darunterliegenden Systems manuell zu verändern, da die Einstellungen bei jedem Neustart neu aus der Textkonfiguration erzeugt werden (und dadurch überschrieben werden).
===== LLDP Interoperabilität =====
==== VyOS ====
vyos@vyos:~$ show lldp neighbors
Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station
D - Docsis, T - Telephone, O - Other
Device ID Local Proto Cap Platform Port ID
--------- ----- ----- --- -------- -------
OS6450-P10 eth1 LLDP BR Alcatel-Lucent OS645 Alcatel-Lucent 1/8
vyos@vyos:~$ show lldp neighbors detail
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface: eth1, via: LLDP, RID: 1, Time: 0 day, 00:11:16
Chassis:
ChassisID: mac e8:e7:32:3f:de:e6
SysName: OS6450-P10
SysDescr: Alcatel-Lucent OS6450-P10 6.7.1.108.R04 Service Release, January 04, 2017.
MgmtIP: 192.168.10.2
Capability: Bridge, on
Capability: Router, on
Port:
PortID: mac e8:e7:32:3f:de:ef
PortDescr: Alcatel-Lucent 1/8
PMD autoneg: supported: yes, enabled: yes
Adv: 1000Base-X, HD: yes, FD: yes
Adv: 1000Base-T, HD: yes, FD: yes
MAU oper type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode
VLAN: 1, pvid: yes VLAN 1
PPVID: supported: no, enabled: no
PI: 88 cc
LLDP-MED:
Device Type: Network Connectivity Device
Capability: Capabilities
Capability: Policy
Capability: MDI/PSE
-------------------------------------------------------------------------------
==== OmniSwitch ====
OS6450-P10-> show lldp remote-system
Remote LLDP Agents on Local Slot/Port 1/8:
Chassis 52:54:00:3b:af:9e, Port 00:25:90:XX:XX:XX:
Remote ID = 4,
Chassis Subtype = 4 (MAC Address),
Port Subtype = 3 (MAC address),
Port Description = VyOS-Lab eth1,
System Name = VyOS-Lab,
System Description = VyOS unknown,
Capabilities Supported = Bridge WLAN AP Router Station Only,
Capabilities Enabled = Router Station Only,
Management IP Address = 192.168.0.229,
MED Device Type = Network Connectivity,
MED Capabilities = Capabilities | Location Identification| Power via MDI-PSE| Power via MDI-PD(3f),
MED Extension TLVs Present = Network Policy| Inventory,
Vlan ID = 20,
Vlan Name = eth1.20,
Remote port MAC/PHY AutoNeg = Supported Enabled Capability 0x8136,
Mau Type = 1000BaseTFD - Four-pair Category 5 UTP full duplex mode
===== VyOS Konfiguration =====
vyos@VyOS-Lab# run show config
interfaces {
ethernet eth0 {
/* dhcp */
address dhcp
description WAN
duplex auto
hw-id 52:54:00:3b:af:9e
smp-affinity auto
speed auto
}
ethernet eth1 {
description "VyOS-Lab eth1"
duplex auto
hw-id 00:25:90:XX:XX:XX
smp-affinity auto
speed auto
vif 20 {
address 192.168.20.1/24
description "VyOS-Lab eth1.20"
}
}
loopback lo {
}
}
nat {
source {
rule 100 {
log disable
outbound-interface eth0
source {
address 192.168.20.0/24
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name VyOS-Lab {
authoritative disable
subnet 192.168.20.0/24 {
default-router 192.168.20.1
dns-server 192.168.0.1
domain-name vlan20.home
lease 86400
start 192.168.20.10 {
stop 192.168.20.50
}
}
}
}
dns {
}
lldp {
management-address 192.168.0.229
}
ssh {
/* 192.168.0.229 */
listen-address 192.168.0.229
port 22
}
}
system {
config-management {
commit-revisions 20
}
host-name VyOS-Lab
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
options {
ctrl-alt-del-action ignore
reboot-on-panic true
}
package {
auto-sync 1
repository community {
components main
distribution helium
password ****************
url http://packages.vyos.net/vyos
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 192.168.0.177 {
facility all {
/* info */
level info
}
}
}
time-zone Europe/Berlin
}
===== OmniSwitch Konfiguration =====
! Stack Manager :
! Chassis :
system name OS6450-P10
system contact "Benny Eggerstedt"
system location "Benny's Lab"
system timezone CET
system daylight savings time enable
! Configuration:
! VLAN :
vlan 1 disable name "VLAN 1"
vlan 10 enable name "SW Mgmt"
vlan 10 port default 1/1
vlan 10 port default 1/3
vlan 10 port default 1/5
vlan 10 port default 1/10
vlan 10 port default 1/11
vlan 10 port default 1/12
vlan 11 enable name "Client Network V11"
vlan 12 enable name "Client Network V12"
vlan 20 enable name "VyOS Lab"
vlan 20 port default 1/7
! VLAN SL:
! IP :
ip service all
ip interface "vlan-10" address 192.168.10.2 mask 255.255.255.0 vlan 10 ifindex 1
ip interface "vlan-20" address 192.168.20.2 mask 255.255.255.0 vlan 20 ifindex 2
! IPMS :
! AAA :
aaa authentication default "local"
user password-size min 9
user password-policy min-uppercase 1
user password-policy min-lowercase 1
user password-policy min-digit 1
user password-policy min-nonalpha 1
aaa switch-access mode enhanced
! PARTM :
! 802.1x :
! QOS :
! Policy manager :
! Session manager :
session timeout cli 999
session prompt default "OS6450-P10->"
! SNMP :
snmp security no security
snmp authentication trap enable
snmp community map "public" user "snmp" on
snmp station 192.168.0.61 162 "snmp" v2 enable
snmp trap filter 192.168.0.61 47
! RIP :
! IPv6 :
! IP multicast :
! IPRM :
ip static-route 0.0.0.0/0 gateway 192.168.10.1 metric 1
! RIPng :
! Health monitor :
! Interface :
interfaces 1/1 alias "AP1101 00:12:70"
interfaces 1/3 alias "AP1101 00:10:50"
interfaces 1/5 alias "AP1101 00:18:e0"
interfaces 1/8 alias "Uplink to VyOS-Lab"
interfaces 1/9 alias "Uplink to Watchtux"
! Udld :
! Port Mapping :
! Link Aggregate :
! VLAN AGG:
! 802.1Q :
vlan 11 802.1q 1/1 "TAG PORT 1/1 VLAN 11"
vlan 12 802.1q 1/1 "TAG PORT 1/1 VLAN 12"
vlan 11 802.1q 1/3 "TAG PORT 1/3 VLAN 11"
vlan 12 802.1q 1/3 "TAG PORT 1/3 VLAN 12"
vlan 11 802.1q 1/5 "TAG PORT 1/5 VLAN 11"
vlan 12 802.1q 1/5 "TAG PORT 1/5 VLAN 12"
vlan 20 802.1q 1/8 "TAG PORT 1/8 VLAN 20"
vlan 10 802.1q 1/9 "TAG PORT 1/9 VLAN 10"
vlan 11 802.1q 1/9 "TAG PORT 1/9 VLAN 11"
vlan 12 802.1q 1/9 "TAG PORT 1/9 VLAN 12"
! Spanning tree :
bridge mode 1x1
! Bridging :
! Bridging :
! Port mirroring :
sflow receiver 1 name ovAnalyticService address 192.168.0.61 udp-port 6343 packet-size 1400 version 5 timeout 0
sflow sampler 1 1/1 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/2 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/3 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/4 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/5 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/6 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/7 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/8 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/9 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/10 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/11 receiver 1 rate 128 sample-hdr-size 128
sflow sampler 1 1/12 receiver 1 rate 128 sample-hdr-size 128
! UDP Relay :
! System service :
ip name-server 192.168.10.1
ip domain-lookup
swlog output socket 192.168.10.1
swlog console level info
! SSH :
! VRRP :
! Web :
! AMAP :
! Lan Power :
lanpower stop 1/7
lanpower stop 1/8
lanpower start 1
! NTP :
ntp server 192.168.10.1 key 0 version 4 minpoll 6 prefer
ntp client enable
! RDP :
! VLAN STACKING:
! Ethernet-OAM :
! EFM-OAM :
! SAA :
! Loopback-detection :
! ERP :
! TEST-OAM :
! PPPOE-IA :
! DHL :
! LLDP :
lldp chassis tlv management port-description enable system-name enable system-description enable system-capabilities enable
lldp chassis tlv management management-address enable
lldp chassis tlv dot1 vlan-name enable port-vlan enable
lldp chassis tlv dot3 mac-phy enable
lldp chassis tlv med capability enable
! DHCP Server :
! Stack Split-Protection Helper :
! Openflow :
! DHCPv6 :
! TWAMP :
====== PPPoE Server mit VyOS ======
Hiermit habe ich derzeit noch einige Herausforderungen. Heute baue ich parallel mal ein Debian mit rp-pppoe v3.12 aus den Quellen und dann mal schauen ob die Themen dort auch auftreten.
===== read (syncReadFromPPP): Session 1: Value too large for defined data type =====
Mar 12 03:27:38 VyOS-Lab ntpd[2124]: Listen normally on 11 ppp0 192.168.30.1 UDP 123
Mar 12 03:27:38 VyOS-Lab ntpd[2124]: peers refreshed
Mar 12 03:27:45 VyOS-Lab kernel: [ 1936.887280] [NAT-SRC-110-MASQ] IN= OUT=eth0 SRC=192.168.30.100 DST=192.168.0.1 LEN=54 TOS=0x00 PREC=0x00 TTL=63 ID=53622 DF PROTO=UDP SPT=46470 DPT=53 LEN=34
Mar 12 03:27:45 VyOS-Lab kernel: [ 1936.899477] [NAT-SRC-110-MASQ] IN= OUT=eth0 SRC=192.168.30.100 DST=193.99.144.80 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=1106 DF PROTO=ICMP TYPE=8 CODE=0 ID=7200 SEQ=1
Mar 12 03:27:45 VyOS-Lab kernel: [ 1936.922763] [NAT-SRC-110-MASQ] IN= OUT=eth0 SRC=192.168.30.100 DST=192.168.0.1 LEN=72 TOS=0x00 PREC=0x00 TTL=63 ID=53629 DF PROTO=UDP SPT=47212 DPT=53 LEN=52
Mar 12 03:28:47 VyOS-Lab kernel: [ 1999.640790] [NAT-SRC-110-MASQ] IN= OUT=eth0 SRC=192.168.30.100 DST=192.168.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55889 DF PROTO=UDP SPT=56942 DPT=53 LEN=40
Mar 12 03:28:47 VyOS-Lab kernel: [ 1999.640952] [NAT-SRC-110-MASQ] IN= OUT=eth0 SRC=192.168.30.100 DST=192.168.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55891 DF PROTO=UDP SPT=56201 DPT=53 LEN=40
Mar 12 03:28:47 VyOS-Lab kernel: [ 1999.655310] [NAT-SRC-110-MASQ] IN= OUT=eth0 SRC=192.168.30.100 DST=62.138.116.25 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43642 DF PROTO=TCP SPT=54567 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0
Mar 12 03:28:47 VyOS-Lab pppoe[4542]: read (syncReadFromPPP): Session 1: Value too large for defined data type
Mar 12 03:28:48 VyOS-Lab pppd[4539]: Modem hangup
Mar 12 03:28:48 VyOS-Lab pppd[4539]: Connect time 1.2 minutes.
Mar 12 03:28:48 VyOS-Lab pppd[4539]: Sent 15391 bytes, received 1035 bytes.
Mar 12 03:28:48 VyOS-Lab zebra[1556]: interface ppp0 index 10 changed .
Mar 12 03:28:48 VyOS-Lab charon: 11[KNL] interface ppp0 deactivated
Mar 12 03:28:48 VyOS-Lab charon: 13[KNL] 192.168.30.1 disappeared from ppp0
Mar 12 03:28:48 VyOS-Lab pppd[4539]: Connection terminated.
Mar 12 03:28:48 VyOS-Lab zebra[1556]: interface ppp0 index 10 deleted.
Mar 12 03:28:48 VyOS-Lab ripd[1558]: interface delete ppp0 index 10 flags 0x1090 metric 1 mtu 1492
Mar 12 03:28:48 VyOS-Lab ripngd[1560]: interface delete ppp0 index 10 flags 0x1090 metric 1 mtu 1492
Mar 12 03:28:48 VyOS-Lab charon: 16[KNL] interface ppp0 deleted
Mar 12 03:28:48 VyOS-Lab pppd[4539]: Exit.
Mar 12 03:28:48 VyOS-Lab pppoe-server[4499]: Session 1 closed for client 00:25:90:5d:e1:7e (192.168.30.100) on eth1.30
Mar 12 03:28:48 VyOS-Lab pppoe-server[4499]: Sent PADT
Mar 12 03:28:49 VyOS-Lab ntpd[2124]: Deleting interface #11 ppp0, 192.168.30.1#123, interface stats: received=0, sent=0, dropped=0, active_time=71 secs
Mar 12 03:28:49 VyOS-Lab ntpd[2124]: peers refreshed
===== (syncReadFromPPP): Session 2: Input/output error =====
Mar 12 02:56:49 VyOS-Lab rsyslogd-2359: action 'action 2' resumed (module 'builtin:omfwd') [try http://www.rsyslog.com/e/2359 ]
Mar 12 02:56:52 VyOS-Lab sshd[2307]: Accepted password for vyos from 192.168.0.138 port 56250 ssh2
Mar 12 02:56:52 VyOS-Lab sshd[2307]: pam_unix(sshd:session): session opened for user vyos by (uid=0)
Mar 12 02:57:02 VyOS-Lab pppoe-server[2385]: Session 1 created for client 00:25:90:5d:e1:7e (192.168.30.100) on eth1.30 using Service-Name ''
Mar 12 02:57:02 VyOS-Lab pppd[2385]: Plugin rp-pppoe.so loaded.
Mar 12 02:57:02 VyOS-Lab kernel: [ 93.954435] PPP generic driver version 2.4.2
Mar 12 02:57:02 VyOS-Lab pppd[2385]: pppd 2.4.6 started by root, uid 0
Mar 12 02:57:02 VyOS-Lab pppd[2385]: Using interface ppp0
Mar 12 02:57:02 VyOS-Lab pppd[2385]: Connect: ppp0 <--> /dev/pts/1
Mar 12 02:57:02 VyOS-Lab zebra[1556]: interface ppp0 index 6 added.
Mar 12 02:57:02 VyOS-Lab systemd-sysctl[2397]: Overwriting earlier assignment of net/core/rmem_max in file '/etc/sysctl.d/99-sysctl.conf'.
Mar 12 02:57:02 VyOS-Lab pppoe[2392]: Changed pty line discipline to N_HDLC for synchronous mode
Mar 12 02:57:02 VyOS-Lab kernel: [ 94.015973] HDLC line discipline maxframe=4096
Mar 12 02:57:02 VyOS-Lab kernel: [ 94.015977] N_HDLC line discipline registered.
Mar 12 02:57:33 VyOS-Lab pppd[2385]: LCP: timeout sending Config-Requests
Mar 12 02:57:33 VyOS-Lab pppd[2385]: Connection terminated.
Mar 12 02:57:33 VyOS-Lab zebra[1556]: interface ppp0 index 6 deleted.
Mar 12 02:57:33 VyOS-Lab ripngd[1560]: interface delete ppp0 index 6 flags 0x1090 metric 1 mtu 1500
Mar 12 02:57:33 VyOS-Lab charon: 08[KNL] interface ppp0 deleted
Mar 12 02:57:33 VyOS-Lab ripd[1558]: interface delete ppp0 index 6 flags 0x1090 metric 1 mtu 1500
Mar 12 02:57:33 VyOS-Lab pppd[2385]: Modem hangup
Mar 12 02:57:33 VyOS-Lab pppoe[2392]: read (syncReadFromPPP): Session 1: Input/output error
Mar 12 02:57:33 VyOS-Lab pppd[2385]: Exit.
Mar 12 02:57:33 VyOS-Lab pppoe-server[2198]: Session 1 closed for client 00:25:90:5d:e1:7e (192.168.30.100) on eth1.30
Mar 12 02:57:33 VyOS-Lab pppoe-server[2198]: Sent PADT
Mar 12 02:58:03 VyOS-Lab newgrp[2458]: user 'vyos' (login 'vyos' on pts/0) switched to group 'vyattacfg'
Mar 12 02:58:26 VyOS-Lab pppoe-server[2563]: Session 2 created for client 00:25:90:5d:e1:7e (192.168.30.101) on eth1.30 using Service-Name ''
Mar 12 02:58:26 VyOS-Lab pppd[2563]: Plugin rp-pppoe.so loaded.
Mar 12 02:58:26 VyOS-Lab pppd[2563]: pppd 2.4.6 started by root, uid 0
Mar 12 02:58:26 VyOS-Lab pppd[2563]: Using interface ppp0
Mar 12 02:58:26 VyOS-Lab zebra[1556]: interface ppp0 index 7 added.
Mar 12 02:58:26 VyOS-Lab pppd[2563]: Connect: ppp0 <--> /dev/pts/1
Mar 12 02:58:26 VyOS-Lab pppoe[2566]: Changed pty line discipline to N_HDLC for synchronous mode
Mar 12 02:58:26 VyOS-Lab systemd-sysctl[2571]: Overwriting earlier assignment of net/core/rmem_max in file '/etc/sysctl.d/99-sysctl.conf'.
Mar 12 02:58:57 VyOS-Lab pppd[2563]: LCP: timeout sending Config-Requests
Mar 12 02:58:57 VyOS-Lab pppd[2563]: Connection terminated.
Mar 12 02:58:57 VyOS-Lab zebra[1556]: interface ppp0 index 7 deleted.
Mar 12 02:58:57 VyOS-Lab ripngd[1560]: interface delete ppp0 index 7 flags 0x1090 metric 1 mtu 1500
Mar 12 02:58:57 VyOS-Lab charon: 13[KNL] interface ppp0 deleted
Mar 12 02:58:57 VyOS-Lab ripd[1558]: interface delete ppp0 index 7 flags 0x1090 metric 1 mtu 1500
Mar 12 02:58:57 VyOS-Lab pppd[2563]: Modem hangup
Mar 12 02:58:57 VyOS-Lab pppoe[2566]: read (syncReadFromPPP): Session 2: Input/output error
Mar 12 02:58:57 VyOS-Lab pppd[2563]: Exit.
Auch anschauen:
LCP: timeout sending Config-Requests
vyos@VyOS-Lab# show
interfaces {
ethernet eth0 {
/* dhcp */
address dhcp
description WAN
duplex auto
hw-id 52:54:00:3b:af:9e
policy {
route mss
}
smp-affinity auto
speed auto
}
ethernet eth1 {
description "VyOS-Lab eth1"
duplex auto
hw-id 00:25:90:5d:e1:7d
smp-affinity auto
speed auto
vif 20 {
address 192.168.20.1/24
description "VyOS-Lab eth1.20"
}
vif 30 {
description "VyOS PPPoE-Server eth1.30"
policy {
route mss
}
}
}
loopback lo {
}
}
nat {
source {
rule 100 {
log disable
outbound-interface eth0
source {
address 192.168.20.0/24
}
translation {
address masquerade
}
}
rule 110 {
description "NAT for PPPoE"
log enable
outbound-interface eth0
source {
address 192.168.30.0/24
}
translation {
address masquerade
}
}
}
}
policy {
route mss {
rule 5 {
protocol tcp
set {
tcp-mss 1452
}
tcp {
flags SYN
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name VyOS-Lab {
authoritative disable
subnet 192.168.20.0/24 {
default-router 192.168.20.1
dns-server 192.168.0.1
domain-name vlan20.home
lease 86400
start 192.168.20.10 {
stop 192.168.20.50
}
}
}
}
dns {
}
lldp {
management-address 192.168.0.229
}
pppoe-server {
access-concentrator VyOSLabAC
authentication {
local-users {
username benny {
password ********
}
+ username blub {
+ password ********
+ }
}
mode local
}
client-ip-pool {
start 192.168.30.100
stop 192.168.30.150
}
dns-servers {
server-1 192.168.0.1
}
interface eth1.30
mtu 1492
service-name VyOSLabSN
}
ssh {
/* 192.168.0.229 */
listen-address 192.168.0.229
port 22
}
}
system {
config-management {
commit-revisions 20
}
host-name VyOS-Lab
login {
user vyos {
authentication {
encrypted-password ********************
plaintext-password ""
}
level admin
}
}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
options {
ctrl-alt-del-action ignore
reboot-on-panic true
}
package {
auto-sync 1
repository community {
components main
distribution helium
password ""
url http://packages.vyos.net/vyos
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 192.168.0.177 {
facility all {
/* info */
level info
}
}
}
time-zone Europe/Berlin
}