Alcatel Unleashed

Hello,

please help me. I install a alcatel omniswitch 6400-p24 with vlan port mobile config with mac rules. I used this for my ip touch phones. Every thing works fine. All at once one port lost its config. So I must add this line again. Is there a reason for this problem and how can i resolve it?

Hi Christian,

Very likely you received a BPDU (STP frame) on that port and that removes the configuration of "mobile" immediately.

I remember that there was also a bug years ago, but since you didn't provide any AOS release number - I can't tell you if you could still have it.

I recommend to upgrade to the latest AOS 6.4.3.R01 maintenance release.

P.S. There is a way to avoid that the "mobile" configuration is removed on reception of a BPDU -> vlan port mobile slot/port [bpdu ignore {enable | disable}]

B

Yes thats it. Someone put a cisco switch behind the phone. Thanks for helping.

Hi Christian,

You might also want to look into the following feature to learn how to defend the network against "external threats":
qos user-port {filter | shutdown} {spoof | bgp | bpdu | rip | ospf | vrrp | dvmrp | pim | isis | dhcpserver | dns-reply}

bpdu should always be "shutdown" - as it is not the BPDU which harms your network but the looped user traffic.

B

Hi Benny...
I did this on my OS6850: "qos user-port shutdown bpdu"

I trying to shutdown any port where users connect another kind of switch.
After the previous command, the FastEthernet 1/47 where previously I attached a Intellinet switch still "UP" and "Forwarding". And all computer behind the Intellinet switch, has fully connectivity.

Some help?? Please....
Thanks in advanced...
Peter...

You specified your Userports?

qos no user-port filter user-port shutdown bpdu
policy port group UserPorts 1/10-24
qos apply

Does the intellinet switch support Spanningtree (is it sending out bpdus?)
From the website only the Websmart Switches support STP, so a dumb office switches will not be shutdown because of bpdus.

Hi devnull and thank you for time.
Yes, I specified the UserPorts. I did this:

qos user-port shutdown bpdu
policy port group "Building H" 1/5-48
qos apply

The problem like you said: the Intellinet switch not supported SpanningTree.
Above commands working well ´cause I connected a Catalyst switch 2960 with this results:
-> show vlan port 1/5
vlan type status
--------+---------+--------------
1 default inactive
And never passed to forwarding state.

However, the same switch on 1/4
-> show vlan port 1/5
vlan type status
--------+---------+--------------
1 default forwarding
Around 30 seconds...

2 questions:
Although the action is shutdown, the link status led, always will be flashing???
Do you have any suggestion to avoid the Intellinet switch scenario???

Regards... and thanks again...

I thought you always had to name the group UserPorts ( with exactly this writing)
so it should be
policy port group UserPorts 1/5-48

At least manual states:
"This command only applies to ports that are members of the UserPorts group. Use the policy port
groupcommand to create and assign members to the UserPorts group."

"To prevent IP source address spoofing, add ports to the port group called UserPorts. This port group
does not need to be used in a condition or rule to be effected on flows and only applies to routed traf-fic. Ports added to the UserPorts group will block spoofed traffic while still allowing normal traffic on
the port. Refer to the OmniSwitch 6250/6450 Network Configuration Guidefor more information about ACL security enhancements."


You need to have them in the port Group UserPorts (exactly spelled that way) i don't think you can block a intellinet switch with this command, you may look at LPS to limit the maximum of MacAdresses per Port, but i never did that.

Understood.
Let me try with UserPorts group.

And Thanks for LPS Tip.

Happy Holidays devnull.