bonjour
je ne suis pas expert, donc pas capable de dégoguer, par contre je peux repréciser ma config, qui fonctionne.
Pour la TV via un switch, comme expliqué par pinomat, il faut un switch managé pour faire la CoS:
https://lafibre.info/remplacer-livebox/tuto-er-6p-v2-0-6-cisco-sg350-28p-nettv-sans-livebox/
sinon cela ne fonctionne pas.
Comme je n'ai pas de switch managé, j'ai branché la TV directement sur l'ERx:
"eth0 - Livebox"
"eth1 - ONT"
"eth2 - LAN"
"eth3 - TV"
A noter les mises à jour effectuées sur l'ER
Update release: v2.0.8-hotfix
Update the bootloader version: e55_002_4c817
La config non nettoyée correspondante se trouve là:
https://lafibre.info/remplacer-livebox/tutot-er4-v2-0-8-ipv6-tv-et-tel-derriere-livebox/msg808001/#msg808001
(il faut enlever toutes les spécificités avant import ou juste regarder les commandes à reprendre)
Ma config actuelle a le LAN sur le switch0, ce qui permet d'avoir plusieurs ports avec le LAN comme sur un switch
Bon courage
Bonjour,
Je viens de me lancer dans une démarche de remplacer ma LiveBox 5 Fibre par un router ER4. Voici ma config actuellement :
ONT ===> (SFP-ONT + TP Link MC220L) ====> eth1 | ER4 |
| | eth2 =====> LAN + vlan 840 ==> (P1)-(GS108Ev3)-(P8) ===> décodeur TV UHD
| | eth0 =====> (eth4) Livebox (vlan 832) ** J'aimerais bien ne pas garder ce lien**
Mon fichier config.boot est très inspiré de celui de @pascal9 avec comme différence l'utilisation eth3 pour la TV chez lui et moi je suis resté avec la TV et le LAN sur eth2.
- Internet est OK ( ipv4 et ipv6), mon dernier souci c'est la TV qui est tout le temps en Erreur G03 quand je connecte sur ER4. j'ai activé IGMP Snooping, crée le VLAN 840 et tagger le P1 du switch.
- Quand je connecte le décodeur TV sur la Livebox, J'ai la VOD,REPLAY,ZAPPING mais pour la télé j'ai l'erreur L11-06
J'ai révu ma config plusieurs fois pour voir ou je me suis trompé notamment dans les interfaces, les services DHCP et Igmp-proxy je ne trouve rien d'anormale. J'ai grillé toutes mes pistes d'investigation, je sollicite votre expertise pour trouver le coupable
. En vérité c'est moi mais...
Mon fichier de config:
firewall {
all-ping enable
broadcast-ping disable
ipv6-name WANv6_IN {
default-action drop
description "WANv6 inbound traffic forwarded to LAN"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow ICMPv6"
log disable
protocol icmpv6
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WANv6 inbound traffic to the router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow ICMPv6"
log disable
protocol icmpv6
}
rule 40 {
action accept
description "Allow DHCPv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-name WANv6_OUT {
default-action accept
description "WANv6 outbound traffic"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action reject
description "Reject invalid state"
state {
invalid enable
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action accept
description "Allow Ping"
destination {
group {
address-group ADDRv4_eth2
}
}
log enable
protocol icmp
}
rule 30 {
action accept
description "Allow IGMP"
log disable
protocol igmp
}
rule 40 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
}
name WAN_OUT {
default-action accept
description "WAN outbound traffic"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action reject
description "Reject invalid state"
state {
invalid enable
}
}
}
options {
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description "eth0 - Livebox"
duplex auto
speed auto
vif 832 {
address 192.168.30.1/24
description "eth0.832 - Internet + VoIP"
}
}
ethernet eth1 {
description "eth1 - ONT"
duplex auto
speed auto
vif 832 {
address dhcp
description "eth1.832 - Internet + VoIP"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox4";"
client-option "send dhcp-client-identifier 01:XX:70;"
client-option "request subnet-mask, routers, domain-name-servers, domain-name, broadcast-address, dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, rfc3118-authentication, domain-search, SIP-servers, Vendor-Specific-Information;"
client-option "send rfc3118-authentication 00:YY:28;"
default-route update
default-route-distance 210
global-option "option rfc3118-authentication code 90 = string;"
global-option "option SIP-servers code 120 = string;"
global-option "option Vendor-Specific-Information code 125 = string;"
name-server no-update
}
egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0"
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
out {
ipv6-name WANv6_OUT
name WAN_OUT
}
}
ipv6 {
address {
autoconf
}
dup-addr-detect-transmits 1
}
}
vif 840 {
address 192.168.40.1/24
description "eth1.840 - TV"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth2 {
address 192.168.10.1/24
description "eth2 - LAN"
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
preferred-lifetime 14400
valid-lifetime 18000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
speed auto
vif 840 {
address 192.168.20.1/24
description "eth2.840 - TV"
mtu 1500
}
}
ethernet eth3 {
disable
duplex auto
speed auto
}
loopback lo {
}
}
protocols {
igmp-proxy {
interface eth1.840 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth2.840 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
}
}
service {
dhcp-server {
disabled false
global-parameters "option rfc3118-auth code 90 = string;"
global-parameters "option SIP code 120 = string;"
global-parameters "option Vendor-specific code 125 = string;"
hostfile-update enable
shared-network-name LAN {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
domain-name local
lease 86400
start 192.168.10.3 {
stop 192.168.10.254
}
}
}
shared-network-name Livebox {
authoritative enable
subnet 192.168.30.0/24 {
default-router 192.168.30.1
dns-server 81.253.149.6
dns-server 80.10.246.136
lease 86400
start 192.168.30.30 {
stop 192.168.30.50
}
subnet-parameters "option rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:64:68:63:70:6c:69:76:65:62:6f:78:66:72:32:35:30;"
subnet-parameters "option SIP 00:06:73:62:63:74:33:67:03:41:55:42:06:61:63:63:65:73:73:11:6f:72:61:6e:67:65:2d:6d:75:6c:74:69:6d:65:64:69:61:03:6e:65:74:00;"
subnet-parameters "option Vendor-specific 00:00:05:58:0c:01:0a:00:00:00:00:00:ff:ff:ff:ff:ff;"
}
}
shared-network-name TV {
authoritative disable
subnet 192.168.20.0/24 {
default-router 192.168.20.1
dns-server 80.10.246.136
dns-server 81.253.149.6
lease 86400
start 192.168.20.30 {
stop 192.168.20.50
}
subnet-parameters "option Vendor-specific 00:00:0d:e9:28:04:06:XX:XX:XX:XX:XX:XX:05:0f:44:4d:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:06:0d:4c:69:76:65:62:6f:78:20:46:69:62:72:65;"
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 200
listen-on eth2
name-server 1.1.1.1
name-server 1.0.0.1
name-server 8.8.8.8
name-server 8.8.4.4
options expand-hosts
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
log disable
outbound-interface eth1.832
protocol all
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
unms {
disable
}
upnp2 {
listen-on eth0.832
listen-on eth2
nat-pmp enable
secure-mode enable
wan eth1.832
}
}
system {
analytics-handler {
send-analytics-report true
}
config-management {
commit-revisions 50
}
crash-handler {
send-crash-report true
}
domain-name local
host-name EdgeRouter
login {
user ubnt {
authentication {
encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
}
level admin
}
}
name-server 1.1.1.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
vlan enable
}
ipv6 {
forwarding enable
vlan enable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Paris
traffic-analysis {
dpi disable
export disable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v2.0.9.5346345.201028.1647 */