公司有三个部门,财务部,市场部,技术部,为了内网安全,给每个部门单独划分一个VLAN-财务部:vlan10、市场部:vlan20、技术部:vlan30。
所有VLAN内的主机都通过DHCP服务器分发IP地址
-每个部门,每个VLAN的网关地址都为,192.168.xx.254
SW5中每个vlanif 虚接口地址都为 192.168.xx.251
SW5通过vlanif50 与DHCP进行通信,DHCP服务器管理IP:192.168.50.1
所有的PC都通过SW5与DHCP服务器进行通信,获取IP地址,所以SW5是DHCP中继
第一步:配置SW1/SW2/SW3
3台交换机创建vlan10/vlan20/vlan30/vlan50
-与PC互联的接口配置为access,并接入指定的vlan
-与SW5交换机互联的接口配置为trunk,允许所有vlan通过
第二步:配置SW5-基础配置
创建vlan10/vlan20/vlan30/vlan50
-与SW1/SW2/SW3互联的接口配置trunk,允许所有vlan通过
-配置vlanif虚接口地址:192.168.xx.251
-与R3-DHCP 服务器互联的接口配置access ,加入vlan50
第三步:配置DHCP服务器
在R3-DHCP系统视图下开启dhcp 功能
-R3-DHCP中创建IP地址池(网段、网关、dns)
-R3-DHCP中配置默认路由,下一跳为192.168.50.251 (配置回程路由,回应DHCP请求)
-在R3-DHCP-g0/0/1接口下配置IP地址:192.168.50.1
-在R3-DHCP-g0/0/1接口下开启基于全局的DHCP
第四步:配置SW5-DHCP中继
在系统视图下,开启dhcp 功能
在每个vlanif虚接口下开启dhcp中继,并配置DHCP服务器IP:192.168.50.1
第一步:配置SW1/SW2/SW3
SW1的配置:
[SW1]vlan batch 10 20 30 50
[SW1]int g0/0/1
[SW1-G0/0/1]port link-type access
[SW1-G0/0/1]port default vlan 10
[SW1-G0/0/1]quit
[SW1]int g0/0/2
[SW1-G0/0/2]port link-type trunk
[SW1-G0/0/2]port trunk allow-pass vlan all
SW2的配置:
[SW2]vlan batch 10 20 30 50
[SW2]int g0/0/1
[SW2-G0/0/1]port link-type access
[SW2-G0/0/1]port default vlan 20
[SW2-G0/0/1]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-G0/0/2]port trunk allow-pass vlan all
SW3的配置:
[SW3]vlan batch 10 20 30 50
[SW3]interface GigabitEthernet0/0/1
[SW3-G0/0/1]port link-type access
[SW3-G0/0/1]port default vlan 30
[SW3-G0/0/1]quit
[SW3-G0/0/1]interface GigabitEthernet0/0/2
[SW3-G0/0/2]port link-type trunk
[SW3-G0/0/2]port trunk allow-pass vlan 2 to 4094
第二步:配置HX_SW5-基础配置
[HX_SW5]vlan batch 10 20 30 50
[HX_SW5]port-group group-member g0/0/1 to g0/0/3
[HX_SW5-port-group]port link-type trunk
[HX_SW5-port-group]port trunk allow-pass vlan al
[HX_SW5]int g0/0/5
[HX_SW5-G0/0/5]port link-type access
[HX_SW5-G0/0/5]port default vlan 50
[HX_SW5]int vlan 10
[HX_SW5-Vlanif10]ip add 192.168.10.251 24
[HX_SW5-Vlanif10]int vlan 20
[HX_SW5-Vlanif20]ip add 192.168.20.251 24
[HX_SW5-Vlanif20]int vlan 30
[HX_SW5-Vlanif30]ip add 192.168.30.251 24
[HX_SW5]int vlan 50
[HX_SW5-Vlanif50]ip add 192.168.50.251 24
第三步:配置DHCP服务器
1)开启dhcp功能,创建IP地址池
[R3-DHCP]dhcp enable
[R3-DHCP]ip pool vlan10
[R3-DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24
[R3-DHCP-ip-pool-vlan10]gateway-list 192.168.10.254
[R3-DHCP-ip-pool-vlan10]dns-list 8.8.8.8
[R3-DHCP-ip-pool-vlan10]ip pool vlan20
[R3-DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
[R3-DHCP-ip-pool-vlan20]gateway-list 192.168.20.254
[R3-DHCP-ip-pool-vlan20]dns-list 8.8.8.8
[R3-DHCP-ip-pool-vlan20]ip pool vlan30
[R3-DHCP-ip-pool-vlan30]network 192.168.30.0 mask 24
[R3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254
[R3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8
[R3-DHCP-ip-pool-vlan30]quit
2)在接口下开启基于全局的dhcp
[R3-DHCP]int g0/0/1
[R3-DHCP-G0/0/1]dhcp select global
3)dhcp服务器配置回程的默认路由
[R3-DHCP]ip route-static 0.0.0.0 0.0.0.0 192.168.50.251
第四步:配置SW5-DHCP中继
[HX_SW5]dhcp enable
[HX_SW5]int vlan 10
[HX_SW5-Vlanif10]dhcp select relay
[HX_SW5-Vlanif10]dhcp relay server-ip 192.168.50.1
[HX_SW5-Vlanif10]int vlan 20
[HX_SW5-Vlanif20]dhcp select relay
[HX_SW5-Vlanif20]dhcp relay server-ip 192.168.50.1
[HX_SW5-Vlanif20]int vlan 30
[HX_SW5-Vlanif30]dhcp select relay
[HX_SW5-Vlanif30]dhcp relay server-ip 192.168.50.1
第五步;验证方式
仅需要:PC获取IP地址即可
不同的VLAN之间的PC不可以互通,因为没有网关,为啥没有网关呢?因为没有部署vrrp
如果没有网关如何获取的IP地址呢? 那是通过中继获取的。
868
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
