DHCP服务可配置在DHCP服务器上或核心交换机上,若在核心交换机上配置,则建议两台设备上划分同一网段的不同地址池以防止地址冲突(如POOL1:192.168.2.2-128,POOL2:192.168.2-254)。
DHCP地址池划分:
[DHCP-Server]dhcp enable
[DHCP-Server]ip pool vlan2
//命名可随意
[DHCP-Server-ip-pool-vlan2]network 192.168.2.0 mask 24
[DHCP-Server-ip-pool-vlan2]gateway-list 192.168.2.1
[DHCP-Server-ip-pool-vlan2]dns-list 114.114.114.114 8.8.8.8
[DHCP-Server-ip-pool-vlan2]excluded-ip-address 192.168.2.249 192.168.2.254
//2.254与2.253已经被用作于SVI接口,且预留少数地址用于静态地址
(eNSP中DHCP地址由大至小下发,如优先下发192.168.2.248)
[DHCP-Server-ip-pool-vlan2]qu
[DHCP-Server]ip pool vlan3
[DHCP-Server-ip-pool-vlan3]network 192.168.3.0 mask 24
[DHCP-Server-ip-pool-vlan3]gateway-list 192.168.3.1
[DHCP-Server-ip-pool-vlan3]dns-list 114.114.114.114 8.8.8.8
[DHCP-Server-ip-pool-vlan3]excluded-ip-address 192.168.3.249 192.168.3.254
[DHCP-Server-ip-pool-vlan3]qu
[DHCP-Server]ip pool vlan4
[DHCP-Server-ip-pool-vlan4]network 192.168.4.0 mask 24
[DHCP-Server-ip-pool-vlan4]gateway-list 192.168.4.1
[DHCP-Server-ip-pool-vlan4]dns-list 114.114.114.114 8.8.8.8
[DHCP-Server-ip-pool-vlan4]excluded-ip-address 192.168.4.249 192.168.4.254
[DHCP-Server-ip-pool-vlan4]qu
[DHCP-Server]ip pool vlan5
[DHCP-Server-ip-pool-vlan5]network 192.168.5.0 mask 24
[DHCP-Server-ip-pool-vlan5]gateway-list 192.168.5.1
[DHCP-Server-ip-pool-vlan5]dns-list 114.114.114.114 8.8.8.8
[DHCP-Server-ip-pool-vlan5]excluded-ip-address 192.168.5.249 192.168.5.254
[DHCP-Server-ip-pool-vlan5]qu
[DHCP-Server]int GigabitEthernet 0/0/0
[DHCP-Server-GigabitEthernet0/0/0]dhcp select global
由于DHCP的广播报文被vlan隔离(如处于vlan2的PC1获取不到地址)(三层设备隔离广播报文)
附:
该命令可以重置DHCP地址池
<DHCP-Server>reset ip pool name xx [选项]
该命令可以查看DHCP地址分配情况
[DHCP-Server]dis ip pool name xx used
主机释放DHCP地址及重新获取
PC>ipconfig /release
PC>ipconfig /renew
DHCP中继配置:
SW1(核心):
[HeXin-SW1]dhcp enable
[HeXin-SW1]int vlanif 2
[HeXin-SW1-Vlanif2]dhcp select relay
[HeXin-SW1-Vlanif2]dhcp relay server-ip 192.168.200.3
[HeXin-SW1-Vlanif2]qu
[HeXin-SW1]int vlanif 3
[HeXin-SW1-Vlanif3] dhcp select relay
[HeXin-SW1-Vlanif3] dhcp relay server-ip 192.168.200.3
[HeXin-SW1-Vlanif3]qu
[HeXin-SW1]int vlanif 4
[HeXin-SW1-Vlanif4] dhcp select relay
[HeXin-SW1-Vlanif4] dhcp relay server-ip 192.168.200.3
[HeXin-SW1-Vlanif4]qu
[HeXin-SW1]int vlanif 5
[HeXin-SW1-Vlanif5] dhcp select relay
[HeXin-SW1-Vlanif5] dhcp relay server-ip 192.168.200.3
[HeXin-SW1-Vlanif5]qu
SW2(核心):
[HeXin-SW2]dhcp enable
[HeXin-SW2]int vlanif 2
[HeXin-SW2-Vlanif2] dhcp select relay
[HeXin-SW2-Vlanif2] dhcp relay server-ip 192.168.200.3
[HeXin-SW2-Vlanif2]qu
[HeXin-SW2]int vlanif 3
[HeXin-SW2-Vlanif3] dhcp select relay
[HeXin-SW2-Vlanif3] dhcp relay server-ip 192.168.200.3
[HeXin-SW2-Vlanif3]qu
[HeXin-SW2]int vlanif 4
[HeXin-SW2-Vlanif4] dhcp select relay
[HeXin-SW2-Vlanif4] dhcp relay server-ip 192.168.200.3
[HeXin-SW2-Vlanif4]qu
[HeXin-SW2]int vlanif 5
[HeXin-SW2-Vlanif5] dhcp select relay
[HeXin-SW2-Vlanif5] dhcp relay server-ip 192.168.200.3
[HeXin-SW2-Vlanif5]qu
此时,PC1至PC4均可以正常获取到地址。
接入设备DHCP Snooping配置:
SW5(接入):
[JieRu-SW5]dhcp enable
[JieRu-SW5]dhcp snooping enable
[JieRu-SW5]vlan 2
[JieRu-SW5-vlan2]dhcp snooping enable
[JieRu-SW5-vlan2]qu
[JieRu-SW5]int GigabitEthernet 0/0/1
[JieRu-SW5-GigabitEthernet0/0/1]dhcp snooping trusted
SW6(接入):
[JieRu-SW6]dhcp enable
[JieRu-SW6]dhcp snooping enable
[JieRu-SW6]vlan 3
[JieRu-SW6-vlan3]dhcp snooping enable
[JieRu-SW6-vlan3]qu
[JieRu-SW6]int Eth-Trunk 1
[JieRu-SW6-Eth-Trunk1]dhcp snooping trusted
SW7(接入):
[JieRu-SW7]dhcp enable
[JieRu-SW7]dhcp snooping enable
[JieRu-SW7]vlan 4
[JieRu-SW7-vlan4]dhcp snooping enable
[JieRu-SW7-vlan4]qu
[JieRu-SW7]vlan 5
[JieRu-SW7-vlan5]dhcp snooping enable
[JieRu-SW7-vlan5]qu
[JieRu-SW7]int GigabitEthernet 0/0/1
[JieRu-SW7-GigabitEthernet0/0/1]dhcp snooping trusted
PPPOE配置:
由R1担任客户端,R2担任服务端。
acl匹配内网地址段
R2(运营商,PPPOE客户端)
[China-Telecom]ip pool pool-pppoe //名称随意
[China-Telecom-ip-pool-pool-pppoe]network 12.1.1.0 mask 24
[China-Telecom-ip-pool-pool-pppoe]gateway-list 12.1.1.2
//该接口为稍后配置的虚模版地址
[China-Telecom-ip-pool-pool-pppoe]qu
[China-Telecom]aaa
[China-Telecom-aaa]local-user admin password cipher 88888888
//运营商设置的拨号账户及密码(密码为密文)
[China-Telecom-aaa]local-user admin service-type ppp
[China-Telecom-aaa]qu
[China-Telecom]interface Virtual-Template 1
[China-Telecom-Virtual-Template1]ppp authentication-mode pap
[China-Telecom-Virtual-Template1]remote address pool pool-pppoe
[China-Telecom-Virtual-Template1]ip add 12.1.1.2 255.255.255.0
[China-Telecom-Virtual-Template1]qu
[China-Telecom]int GigabitEthernet 0/0/0
[China-Telecom-GigabitEthernet0/0/0]pppoe bind virtual-template 1
R1(出口路由器,PPPOE客户端)
[R1]acl 2001
[R1-acl-basic-2001]rule permit source 192.168.0.0 0.0.255.255
[R1-acl-basic-2001]qu
[R1]int dialer 1
[R1-Dialer1]link-protocol ppp
[R1-Dialer1]ip add ppp-negotiate
//采用ppp方式获得地址
[R1-Dialer1]ppp pap local-user admin password simple 88888888
[R1-Dialer1]dialer user admin
[R1-Dialer1]dialer bundle 2
[R1-Dialer1]nat outbound 2001
[R1-Dialer1]mtu 1492
[R1-Dialer1]qu
[R1]int GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]pppoe-client dial-bundle-number 2
//将该接口与dialer 1绑定
[R1-GigabitEthernet0/0/2]qu