Cisco 3640交换机配置DHCP服务器实验报告
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://dongwei.blog.51cto.com/319848/61929 |
Cisco 3640交换机配置DHCP服务器实验报告
1.实验拓扑  2.实验环境 完成标准 一台交换机,划分三个vlan,vlan2 为服务器所在网络,命名为server,ip地址 段为192.168.2.0,子网掩码:255.255.255.0,网关:192.168.2.1,ip地址为192.168.2.10,vlan3为客户机1所在网络,ip地址段为192.168.3.0,子网掩码:255.255.255.0,网关:192.168.3.1命名为work01,vlan4为客户机2所在网络,命名为work02,ip地址段为192.168.4.0,子网掩码:255.255.255.0,网关:192.168.4.1,3550作dhcp服务器,端口0-5划到vlan 2,端口6-10划分到vlan 3,端口11-15划分到vlan 4. dhcp服务器实现功能: 各vlan保留2-10的ip地址不分配置,例如:192.168.2.0的网段,保留192.168.2.2至192.168.2.10的ip地 址段不分配. 安全要求: vlan 3和vlan 4 不允许互相访问,但都可以访问服务器所在的vlan 2, 默认访问控制列表的规则是拒绝所有包。 配置命令及步骤如下: setp 1:创建vlan: sw(config)#int range f0/0 - 15 sw(config-if-range)#no shut sw(config-if-range)#end sw#v da sw(vlan)#vlan 2 name server VLAN 2 added: Name: server sw(vlan)#vlan 3 name work01 VLAN 3 added: Name: work01 sw(vlan)#vlan 4 name work02 VLAN 4 added: Name: work02 sw(vlan)#exit APPLY completed. Exiting.... Setp 2:设置vlan ip地址: sw#config t sw(config)#int vlan 2 sw(config-if)#ip add 192.168.2.1 255.255.255.0 sw(config-if)#no shut sw(config-if)#int vlan 3 sw(config-if)#ip add 192.168.3.1 255.255.255.0 sw(config-if)#no shut sw(config-if)#int vlan 4 sw(config-if)#ip add 192.168.4.1 255.255.255.0 sw(config-if)#no shut sw(config-if)#exit Setp 3:设置端口全局参数 sw(config)#int range f0/0 - 15 sw(config-if-range)#switchport mode access sw(config-if-range)#spanning-tree portfast sw(config-if-range)#exit Setp 4:将端口添加到vlan2,3,4中 sw(config)#int range f0/0 - 5 sw(config-if-range)#sw ac vlan 2 /*将端口0-5添加到vlan 2*/ sw(config-if-range)#exit /*将端口6-10添加到vlan 3*/ sw(config)#int range f0/6 - 10 sw(config-if-range)#switchport access vlan 3 sw(config-if-range)#exit /*将端口11-15添加到vlan 4*/ sw(config)#int range f0/11 - 15 sw(config-if-range)#switchport access vlan 4 sw(config-if-range)#exit Setp 5:配置3550作为dhcp服务器 /*vlan 2可用地址池和相应参数的配置,有几个vlan要设几个地址池*/ sw(config)#ip dhcp pool test01 sw(dhcp-config)#exit /*设置可分配的子网*/ sw(dhcp-config)#network 192.168.2.0 255.255.255.0 /*设置dns服务器*/ sw(dhcp-config)#dns-server 192.168.2.10 /*设置该子网的网关*/ sw(dhcp-config)#default-router 192.168.2.1 /*配置vlan 3所用的地址池和相应参数*/ sw(config)#ip dhcp pool test02 sw(dhcp-config)#network 192.168.3.0 255.255.255.0 sw(dhcp-config)#dns-server 192.168.2.10 sw(dhcp-config)#default-router 192.168.3.1 sw(dhcp-config)#exit /*配置vlan 4所用的地址池和相应参数*/ sw(config)#ip dhcp pool test03 sw(dhcp-config)#network 192.168.4.0 255.255.255.0 sw(dhcp-config)#dns-server 192.168.2.10 sw(dhcp-config)#default-router 192.168.4.1 sw(dhcp-config)#exit setp 6:设置dhcp保留不分配的地址 sw(config)#ip dhcp excluded-address 192.168.2.2 192.168.2.10 sw(config)#ip dhcp excluded-address 192.168.3.2 192.168.3.10 sw(config)#ip dhcp excluded-address 192.168.4.2 192.168.4.10 setp 7:启用路由 sw(config)#ip routing setp 8:配置访问控制列表 sw(config)#$ 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 sw(config)#$ 103 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 sw(config)#access-list 103 permit udp any any eq bootpc sw(config)#access-list 103 permit udp any any eq tftp sw(config)#access-list 103 permit udp any eq bootpc any sw(config)#access-list 103 permit udp any eq tftp any sw(config)#$ 104 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255 sw(config)#access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255 sw(config)#access-list 104 permit udp any eq bootpc any sw(config)#access-list 104 permit udp any eq tftp any Setp 9:应用访问控制列表 /*将访问控制列表应用到vlan 3和vlan 4,vlan 2不需要*/ sw(config)#int vlan 2 sw(config-if)#int vlan 3 sw(config-if)#ip access-group 103 out sw(config-if)#int vlan 4 sw(config-if)#ip access-group 104 out sw(config-if)#end sw# Setp 10 验证 Pc vlan2 配置如下 vlan2(config)#no ip routing vlan2(config)#int f0/0 vlan2(config-if)#no shut vlan2(config-if)#ip address dhcp //DHCP动态获取地址 vlan2(config-if)# *Mar 1 00:36:45.867: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 192.168.2.11, mask 255.255.255.0, hostname vlan2 ipvlan2(config-if)#end vlan2#ping 192.168.4.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.11, timeout is 2 seconds: !!!!! //vlan2可以与vlan4 通信 Success rate is 100 percent (5/5), round-trip min/avg/max = 84/131/176 ms vlan2#ping 192.168.3.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.11, timeout is 2 seconds: .!!!! //vlan2可以与vlan3 通信 Success rate is 80 percent (4/5), round-trip min/avg/max = 68/130/212 ms vlan2# Pc vlan3 配置如下 vlan3(config)#no ip routing vlan3(config)#int f0/0 vlan3(config-if)#ip address dhcp //DHCP动态获取地址 vlan3(config-if)#no shut vlan3(config-if)# *Mar 1 00:36:21.199: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t o up *Mar 1 00:36:22.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern et0/0, changed state to up *Mar 1 00:36:32.391: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 192.168.3.11, mask 255.255.255.0, hostname vlan3 vlan3(config-if)#end vlan3# vlan3#ping 192.168.2.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.11, timeout is 2 seconds: !!!!! //vlan3可以与vlan2通信 Success rate is 100 percent (5/5), round-trip min/avg/max = 120/153/188 ms vlan3#ping 192.168.4.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.11, timeout is 2 seconds: U.U.U //vlan3不可以与vlan4 通信 Success rate is 0 percent (0/5) vlan3# Pc vlan4 配置如下 vlan4(config)#no ip routing vlan4(config)#int f0/0 vlan4(config-if)#no shut vlan4(config-if)# *Mar 1 00:35:15.915: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t o up *Mar 1 00:35:16.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern et0/0, changed state to up vlan4(config-if)#ip address dhcp //DHCP动态获取地址 vlan4(config-if)# *Mar 1 00:35:58.447: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned
DHCP address 192.168.4.11, mask 255.255.255.0, hostname vlan4 vlan4(config-if)#end
vlan4# vlan4#ping 192.168.2.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.11, timeout is 2 seconds: .!!!! //vlan4可以与vlan2 通信 Success rate is 80 percent (4/5), round-trip min/avg/max = 80/139/176 ms vlan4#ping 192.168.3.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.11, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) //vlan4不可以与vlan3 通信 本文出自 “Dongwei→工作室” 博客,请务必保留此出处http://dongwei.blog.51cto.com/319848/61929 本文出自 51CTO.COM技术博客 |
Dongwei
博客统计信息
热门文章
最新评论
友情链接