@flipper
Tu as du activer le static router port sur le switch pour que ca marche ?

Merci pour l'info.

Remplacer les X de dhcp-client-identifier par l'adresse MAC de ta livebox
Remplacer les X de rfc3118-auth par ton identifant internet sans le fti/ transformé en hexadécimal pour ce faire voir ici

Patcher le fichier /opt/vyatta/sbin/vyatta-interfaces.pl pour l'option 90 voir ici en bas de  page

Ajouter le patch  rfc3442-classless-routes pour la TV

	Config pour un Ubiquiti Edge Router lite 3
	------------------------------------------
	autheur: zoc, common et la communauté sur lafibre.info
	forum: https://lafibre.info/remplacer-livebox/en-cours-remplacer-sa-livebox-par-un-routeur-ubiquiti-edgemax/msg279881/#msg279881
	La configuration du routeur est dans le fichier "boot.config". Ajuster le avec vos parametres (@mac, login fti, user, etc).
	Pour que la TV fonctionne, il faut également ajouter le script joint (rfc3442-classless-routes) dans /etc/dhcp3/dhclient-exit-hooks.d/ puis faire un "chmod 755 /etc/dhcp3/dhclient-exit-hooks.d/rfc3442-classless-routes". C'est le seul script nécessaire.
	Avec cette config, sans installer le moindre autre package, j'ai Internet + TV + VOD + Telephonie (avec asterisk + siproxd + siproxd_orange sur un raspberry PI, il manque juste les règles de firewall car elles font apparaitre l'IP de ma machine sur le LAN).
	LAN sur eth0 (attention, plage 192.168.66.0/24 chez moi, à adapter selon le besoin).
	ONT sur eth1
	"Réseau dédié TV" sur eth2 (plage 192.168.2.0/24)

view raw readme.txt hosted with ❤ by GitHub

	firewall {
	all-ping enable
	broadcast-ping disable
	ipv6-receive-redirects disable
	ipv6-src-route disable
	ip-src-route disable
	log-martians enable
	name WAN_IN {
	default-action drop
	description "Packets from Internet to LAN"
	rule 1 {
	action accept
	description "Allow Established Sessions"
	log disable
	protocol all
	state {
	established enable
	invalid disable
	new disable
	related enable
	}
	}
	rule 2 {
	action drop
	description "Drop invalid states"
	log disable
	protocol all
	state {
	established disable
	invalid enable
	new disable
	related disable
	}
	}
	}
	name WAN_LOCAL {
	default-action drop
	description "Packets from Internet to the Router"
	rule 1 {
	action accept
	description "Allow established sessions to the router"
	log disable
	protocol all
	state {
	established enable
	invalid disable
	new disable
	related enable
	}
	}
	rule 2 {
	action drop
	description "Drop invalid state"
	log disable
	protocol all
	state {
	established disable
	invalid enable
	new disable
	related disable
	}
	}
	}
	options {
	mss-clamp {
	interface-type pppoe
	interface-type pptp
	interface-type tun
	mss 1452
	}
	}
	receive-redirects disable
	send-redirects enable
	source-validation disable
	syn-cookies enable
	}
	interfaces {
	bridge br0 {
	address dhcp
	aging 300
	bridged-conntrack disable
	description "TV - VOD"
	dhcp-options {
	client-option "send vendor-class-identifier "sagem";"
	client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox3";"
	client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
	client-option "send dhcp-client-identifier 1:XX:XX:XX:XX:XX:XX;"
	}
	hello-time 2
	max-age 20
	priority 32768
	promiscuous disable
	stp false
	}
	ethernet eth0 {
	address 192.168.66.1/24
	description "Local Network"
	duplex auto
	speed auto
	}
	ethernet eth1 {
	description ONT
	duplex auto
	speed auto
	vif 835 {
	address dhcp
	description "VLAN Internet"
	pppoe 0 {
	default-route auto
	description "FTTH Orange"
	firewall {
	in {
	name WAN_IN
	}
	local {
	name WAN_LOCAL
	}
	}
	mtu 1492
	name-server auto
	password xxxxxxx
	user-id xxxxxxx
	}
	}
	vif 838 {
	bridge-group {
	bridge br0
	}
	description "VLAN TV VOD"
	egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
	}
	vif 840 {
	bridge-group {
	bridge br0
	}
	description "VLAN TV Canal 1 - Zap"
	egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
	}
	}
	ethernet eth2 {
	address 192.168.2.1/24
	description "Livebox Network"
	duplex auto
	speed auto
	}
	loopback lo {
	}
	}
	protocols {
	igmp-proxy {
	disable-quickleave
	interface br0 {
	alt-subnet 0.0.0.0/0
	role upstream
	threshold 1
	}
	interface eth0 {
	role disabled
	threshold 1
	}
	interface eth2 {
	alt-subnet 0.0.0.0/0
	role downstream
	threshold 1
	}
	}
	}
	service {
	dhcp-server {
	disabled false
	hostfile-update disable
	shared-network-name LOCAL_NETWORK {
	authoritative enable
	subnet 192.168.66.0/24 {
	default-router 192.168.66.1
	dns-server 192.168.66.1
	lease 86400
	start 192.168.66.100 {
	stop 192.168.66.200
	}
	}
	}
	shared-network-name Livebox {
	authoritative enable
	subnet 192.168.2.0/24 {
	default-router 192.168.2.1
	dns-server 192.168.2.1
	lease 86400
	start 192.168.2.21 {
	stop 192.168.2.200
	}
	}
	}
	}
	dns {
	forwarding {
	cache-size 1000
	listen-on eth2
	listen-on eth0
	}
	}
	gui {
	https-port 443
	}
	nat {
	rule 5010 {
	description "Masquerading outgoing connections"
	log disable
	outbound-interface pppoe0
	protocol all
	type masquerade
	}
	rule 5011 {
	description "Masquerading Livebox network"
	log disable
	outbound-interface br0
	protocol all
	type masquerade
	}
	}
	ssh {
	port 22
	protocol-version v2
	}
	upnp2 {
	listen-on eth0
	listen-on eth2
	nat-pmp enable
	secure-mode disable
	wan pppoe0
	}
	}
	system {
	config-management {
	commit-revisions 5
	}
	conntrack {
	expect-table-size 4096
	hash-size 4096
	table-size 32768
	tcp {
	half-open-connections 512
	loose disable
	max-retrans 3
	}
	}
	login {
	user xxxxxxxx {
	authentication {
	encrypted-password xxxxxxxxxxxxxxxx
	plaintext-password ""
	}
	full-name "administrator"
	level admin
	}
	}
	ntp {
	server 0.ubnt.pool.ntp.org {
	}
	server 1.ubnt.pool.ntp.org {
	}
	server 2.ubnt.pool.ntp.org {
	}
	server 3.ubnt.pool.ntp.org {
	}
	}
	offload {
	ipsec enable
	ipv4 {
	forwarding enable
	pppoe enable
	vlan enable
	}
	ipv6 {
	forwarding enable
	}
	}
	syslog {
	global {
	facility all {
	level notice
	}
	facility protocols {
	level warning
	}
	}
	}
	time-zone Europe/Paris
	traffic-analysis {
	dpi disable
	export disable
	}
	}
	/* Warning: Do not remove the following line. */
	/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
	/* Release version: v1.7.0.4783374.150622.1534 */

view raw boot.config hosted with ❤ by GitHub

	# set classless routes based on the format specified in RFC3442
	# e.g.:
	# new_rfc3442_classless_static_routes='24 192 168 10 192 168 1 1 8 10 10 17 66 41'
	# specifies the routes:
	# 192.168.10.0/24 via 192.168.1.1
	# 10.0.0.0/8 via 10.10.17.66.41
	RUN="yes"
	if [ "$RUN" = "yes" ]; then
	if [ -n "$new_rfc3442_classless_static_routes" ]; then
	if [ "$reason" = "BOUND" ] || [ "$reason" = "REBOOT" ]; then
	set -- $new_rfc3442_classless_static_routes
	while [ $# -gt 0 ]; do
	net_length=$1
	via_arg=''
	case $net_length in
	32|31|30|29|28|27|26|25)
	net_address="${2}.${3}.${4}.${5}"
	gateway="${6}.${7}.${8}.${9}"
	shift 9
	;;
	24|23|22|21|20|19|18|17)
	net_address="${2}.${3}.${4}.0"
	gateway="${5}.${6}.${7}.${8}"
	shift 8
	;;
	16|15|14|13|12|11|10|9)
	net_address="${2}.${3}.0.0"
	gateway="${4}.${5}.${6}.${7}"
	shift 7
	;;
	8|7|6|5|4|3|2|1)
	net_address="${2}.0.0.0"
	gateway="${3}.${4}.${5}.${6}"
	shift 6
	;;
	0) # default route
	net_address="0.0.0.0"
	gateway="${2}.${3}.${4}.${5}"
	shift 5
	;;
	*) # error
	return 1
	;;
	esac
	# take care of link-local routes
	if [ "${gateway}" != '0.0.0.0' ]; then
	via_arg="via ${gateway}"
	fi
	# set route (ip detects host routes automatically)
	ip -4 route add "${net_address}/${net_length}" \
	${via_arg} dev "${interface}" >/dev/null 2>&1
	done
	fi
	fi
	fi

view raw rfc3442-classless-routes hosted with ❤ by GitHub

en bas de page.