[QUESTIONS] => Array
(
[FIO] => Array
(
[CAPTION] => Введите ваше имя
[IS_HTML_CAPTION] => N
[REQUIRED] => Y
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 198
[FIELD_ID] => 139
[QUESTION_ID] => 139
[TIMESTAMP_X] => 29.09.2022 18:14:54
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[CITY] => Array
(
[CAPTION] => Город
[IS_HTML_CAPTION] => N
[REQUIRED] => Y
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 199
[FIELD_ID] => 140
[QUESTION_ID] => 140
[TIMESTAMP_X] => 29.09.2022 18:14:54
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[COMPANY] => Array
(
[CAPTION] => Компания
[IS_HTML_CAPTION] => N
[REQUIRED] => Y
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 200
[FIELD_ID] => 141
[QUESTION_ID] => 141
[TIMESTAMP_X] => 29.09.2022 18:14:54
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[PHONE] => Array
(
[CAPTION] => Телефон
[IS_HTML_CAPTION] => N
[REQUIRED] => Y
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 201
[FIELD_ID] => 142
[QUESTION_ID] => 142
[TIMESTAMP_X] => 29.09.2022 18:14:54
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[EMAIL] => Array
(
[CAPTION] => E-mail
[IS_HTML_CAPTION] => N
[REQUIRED] => Y
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 202
[FIELD_ID] => 143
[QUESTION_ID] => 143
[TIMESTAMP_X] => 02.04.2025 11:15:18
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[THEME_EMAIL] => Array
(
[CAPTION] => Тема обращения
[IS_HTML_CAPTION] => N
[REQUIRED] => Y
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 205
[FIELD_ID] => 146
[QUESTION_ID] => 146
[TIMESTAMP_X] => 10.07.2023 16:31:28
[MESSAGE] => Входящая корреспонденция
[VALUE] => office@qtech.ru
[FIELD_TYPE] => dropdown
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
[1] => Array
(
[ID] => 206
[FIELD_ID] => 146
[QUESTION_ID] => 146
[TIMESTAMP_X] => 10.07.2023 16:31:28
[MESSAGE] => Подбор оборудования
[VALUE] => distr@qtech.ru
[FIELD_TYPE] => dropdown
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 200
[ACTIVE] => Y
)
[2] => Array
(
[ID] => 207
[FIELD_ID] => 146
[QUESTION_ID] => 146
[TIMESTAMP_X] => 10.07.2023 16:31:28
[MESSAGE] => Покупка оборудования
[VALUE] => distr@qtech.ru
[FIELD_TYPE] => dropdown
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 300
[ACTIVE] => Y
)
[3] => Array
(
[ID] => 208
[FIELD_ID] => 146
[QUESTION_ID] => 146
[TIMESTAMP_X] => 10.07.2023 16:31:28
[MESSAGE] => Взять оборудование в тест
[VALUE] => distr@qtech.ru
[FIELD_TYPE] => dropdown
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 400
[ACTIVE] => Y
)
[4] => Array
(
[ID] => 209
[FIELD_ID] => 146
[QUESTION_ID] => 146
[TIMESTAMP_X] => 10.07.2023 16:31:28
[MESSAGE] => Техническая поддержка
[VALUE] => qtech.intradesk.ru
[FIELD_TYPE] => dropdown
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 500
[ACTIVE] => Y
)
[5] => Array
(
[ID] => 210
[FIELD_ID] => 146
[QUESTION_ID] => 146
[TIMESTAMP_X] => 10.07.2023 16:31:28
[MESSAGE] => Гарантийное обслуживание
[VALUE] => guarantee@qtech.ru
[FIELD_TYPE] => dropdown
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 600
[ACTIVE] => Y
)
)
[VALUE] =>
)
[THEME_EMAIL_HIDDEN] => Array
(
[CAPTION] =>
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 211
[FIELD_ID] => 147
[QUESTION_ID] => 147
[TIMESTAMP_X] => 29.09.2022 19:39:49
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => hidden
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] =>
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[TEXT] => Array
(
[CAPTION] => Ваше сообщение...
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 203
[FIELD_ID] => 144
[QUESTION_ID] => 144
[TIMESTAMP_X] => 29.09.2022 18:14:54
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => textarea
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[check] => Array
(
[CAPTION] =>
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 204
[FIELD_ID] => 145
[QUESTION_ID] => 145
[TIMESTAMP_X] => 29.09.2022 18:14:54
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] =>
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[FILES] => Array
(
[CAPTION] =>
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 232
[FIELD_ID] => 158
[QUESTION_ID] => 158
[TIMESTAMP_X] => 10.11.2022 15:06:06
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] =>
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[INN] => Array
(
[CAPTION] => ИНН
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 238
[FIELD_ID] => 164
[QUESTION_ID] => 164
[TIMESTAMP_X] => 24.08.2023 09:01:39
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[MANAGER] => Array
(
[CAPTION] => Ваш менеджер QTECH
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 239
[FIELD_ID] => 165
[QUESTION_ID] => 165
[TIMESTAMP_X] => 24.08.2023 09:01:59
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[COOP_TYPE] => Array
(
[CAPTION] => Тип сотрудничества*
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 240
[FIELD_ID] => 166
[QUESTION_ID] => 166
[TIMESTAMP_X] => 24.08.2023 09:02:46
[MESSAGE] => Конечный заказчик
[VALUE] =>
[FIELD_TYPE] => dropdown
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
[1] => Array
(
[ID] => 241
[FIELD_ID] => 166
[QUESTION_ID] => 166
[TIMESTAMP_X] => 24.08.2023 09:02:46
[MESSAGE] => Партнер/Дистрибьютор
[VALUE] =>
[FIELD_TYPE] => dropdown
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 200
[ACTIVE] => Y
)
)
[VALUE] =>
)
[ADDRESS] => Array
(
[CAPTION] => Адрес объекта установки оборудования
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 242
[FIELD_ID] => 167
[QUESTION_ID] => 167
[TIMESTAMP_X] => 24.08.2023 09:03:21
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[NAME_OWNER] => Array
(
[CAPTION] => Наименование заказчика*
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 243
[FIELD_ID] => 168
[QUESTION_ID] => 168
[TIMESTAMP_X] => 24.08.2023 09:03:50
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[INN_OWNER] => Array
(
[CAPTION] => ИНН заказчика
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 244
[FIELD_ID] => 169
[QUESTION_ID] => 169
[TIMESTAMP_X] => 24.08.2023 09:04:16
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[OWNER_CITY] => Array
(
[CAPTION] => Город заказчика*
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 245
[FIELD_ID] => 170
[QUESTION_ID] => 170
[TIMESTAMP_X] => 24.08.2023 09:04:39
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] => class="form-control"
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
[TEMPLATE] => Array
(
[CAPTION] =>
[IS_HTML_CAPTION] => N
[REQUIRED] => N
[IS_INPUT_CAPTION_IMAGE] => N
[HTML_CODE] =>
[STRUCTURE] => Array
(
[0] => Array
(
[ID] => 246
[FIELD_ID] => 171
[QUESTION_ID] => 171
[TIMESTAMP_X] => 24.08.2023 09:05:04
[MESSAGE] =>
[VALUE] =>
[FIELD_TYPE] => text
[FIELD_WIDTH] => 0
[FIELD_HEIGHT] => 0
[FIELD_PARAM] =>
[C_SORT] => 100
[ACTIVE] => Y
)
)
[VALUE] =>
)
)
[SUBMIT_BUTTON] =>
[APPLY_BUTTON] =>
[RESET_BUTTON] =>
[REQUIRED_STAR] => *
[CAPTCHA_IMAGE] => 
[CAPTCHA_FIELD] =>
[CAPTCHA] =>
)
)
Настройка DHCP snooping в связке с ip-source-guard на QTECH QSW-2900
20 апреля 2010
Задача: настроить на коммутаторе QTECH QSW-2900 DHCP snooping в связке с ip-source-guard, для этого нам так же необходимо будет настроить на коммутаторе dhcp relay.
Оборудование:
- DHCP-сервер 192.168.200.11/24
- Коммутатор L2 ( QTECH QSW-2900 ) в роли агента DHCP Relay - IP 10.14.0.253/25
- DHCP – клиент, подсоединённые к 1-му порту коммутатора
- Vlan: 900
Итак, приступим, но для начала немного теории.
DHCP snooping — функция коммутаторах, предназначенная для защиты от атак с использованием протокола DHCP. Например, атаки с подменой DHCP-сервера в сети или атаки DHCP starvation, которая заставляет DHCP-сервер выдать все существующие на сервере адреса злоумышленнику.
DHCP snooping регулирует только сообщения DHCP. Некоторые функции коммутаторов, не имеющие непосредственного отношения к DHCP, могут выполнять проверки на основании таблицы привязок DHCP snooping (DHCP snooping binding database). В их числе:
- IP Source Guard — выполняет проверку IP-адреса отправителя на основании таблицы привязок DHCP snooping или статических соответствий, предназначенная для борьбы с IP-spoofingом.
Для правильной работы DHCP snooping необходимо указать, какие порты коммутатора будут доверенными, а какие — ненадёжными:
- Ненадёжные (Untrusted) — порты, к которым подключены клиенты. DHCP-ответы, приходящие с этих портов, отбрасываются коммутатором. Для ненадёжных портов выполняется ряд проверок сообщений DHCP и создаётся база данных привязки DHCP (DHCP snooping binding database).
- Доверенные (Trusted) — порты коммутатора, к которым подключен другой коммутатор или DHCP-сервер.
Приступаем к настройке коммутатора:
Создадим vlan 900 назначим его на порт 1/1, как тегированный, а на абонентский порт 0/1 как акцесный. Уберем vlan 1 с этих портов, создадим ip интерфейс, включим dhcp-relay. Более подробно описано в статье Настройка DHCP Relay Option 82 на коммутаторах Qtech QSW-2900.
|
QTECH_2900> en QTECH_2900# conf t QTECH_2900(config)# vlan 900 QTECH_2900(config-if-vlan)# exit QTECH_2900(config)# interface ethernet 1/1 QTECH_2900(config-if-ethernet-1/1)# switchport mode trunk QTECH_2900(config-if-ethernet-1/1)# switchport trunk allowed vlan 900 QTECH_2900(config-if-ethernet-1/1)# switchport trunk native vlan 900 QTECH_2900(config-if-ethernet-1/1)# exit QTECH_2900(config)# interface ethernet 0/1 QTECH_2900(config-if-ethernet-0/1)# switchport mode access QTECH_2900(config-if-ethernet-0/1)# switchport access vlan 900 QTECH_2900(config-if-ethernet-0/1)# exit QTECH_2900(config)# vlan 1 QTECH(config-if-vlan)# no switchport ethernet 0/1 ethernet 1/1 QTECH(config-if-vlan)# exit QTECH_2900(config)# ipaddress vlan 900 QTECH_2900(config)# ipaddress 10.14.0.253 255.255.255.128 10.14.0.254 QTECH_2900(config)# no ipaddress vlan 1 QTECH_2900(config)# interface range ethernet 1/1 QTECH_2900(config-if-ethernet-1/1)# speed 1000 QTECH_2900(config-if-ethernet-1/1)# exit QTECH_2900(config)# dhcp-relay QTECH_2900(config)# dhcp option82 QTECH_2900(config)# dhcp option82 format normal QTECH_2900(config)# dhcp option82 remote-id string qtech QTECH_2900(config)# dhcp max-hops 16 QTECH_2900(config)# vlan 900 QTECH_2900(config-if-vlan)# dhcpserver ip 192.168.200.11 QTECH_2900(config-if-vlan)# dhcpserver backupip 192.168.200.10 QTECH_2900(config-if-vlan)# interface ip 10.14.0.253 255.255.255.128 10.14.0.254 QTECH_2900(config-if-vlan)# exit |
Теперь переходим к настройке DHCP snooping.
Включаем DHCP snooping
|
QTECH_2900(config)# dhcp-snooping |
Укажем vlan для dhcp-snooping
|
QTECH_2900(config)# dhcp-snooping vlan 900 |
Посмотрим, что у нас вышло:
QTECH(config)# sh dhcp-snooping vlan 900
Config information of DHCP Snooping:
DHCP Snooping allowed vlans:
900
DHCP Snooping status:Enable
VLAN information:
VLAN maxclients clients
900 2048 0
Теперь добавим порт 1/1 в доверенные (trusted)
|
QTECH_2900(config)# interface ethernet 1/1 QTECH(config-if-ethernet-1/1)# dhcp-snooping trust QTECH(config-if-ethernet-1/1)# exit |
C DHCP snooping закончили, переходим к настройке ip-source-guard.
Включаем ip-source-guard на абонентских портах:
|
QTECH_2900(config)# interface range ethernet 0/1 to ethernet 0/24 QTECH_2900(config-if-range)# ip-source-guard QTECH_2900(config-if-range)# exit |
Посмотрим, что из этого вышло:
QTECH_2900(config)# sh ip-source-guard
Port Status
e0/1 enable
e0/2 enable
e0/3 enable
e0/4 enable
e0/5 enable
e0/6 enable
e0/7 enable
e0/8 enable
e0/9 enable
e0/10 enable
e0/11 enable
e0/12 enable
e0/13 enable
e0/14 enable
e0/15 enable
e0/16 enable
e0/17 enable
e0/18 enable
e0/19 enable
e0/20 enable
e0/21 enable
e0/22 enable
e0/23 enable
e0/24 enable
e1/1 disable
e2/1 disable
Total entries: 26 .
Собственно вот и вся настройка, для проверки подключим абонента, скажем к 1-му порту и проверим:
QTECH_29009(config)# sh dhcp-snooping clients
DHCP client information:
IPAddress mac vlan port
10.14.0.136 00:24:21:6d:ce:b6 900 e0/1
P.S
Есди хотите в ручную привязать мак и ip-адрес к порту, необходимо выполнить команду:
|
QTECH_2900(config)# ip-source-guard bind ip 10.14.0.136 mac 00:24:21:6d:ce:b6 interface ethernet 0/1 |
Где 10.14.0.136 – ip-адрес, 00:24:21:6d:ce:b6 – mac адрес абонента, а interface ethernet 0/1 – номер порта.
