Cisco 3640交换机配置DHCP服务器实验报告
1.实验拓扑

 
2.实验环境 完成标准
 一台交换机,划分三个vlan,vlan2 为服务器所在网络,命名为server,ip地址
段为192.168.2.0,子网掩码:255.255.255.0,网关:192.168.2.1,ip地址为192.168.2.10,vlan3为客户机1所在网络,ip地址段为192.168.3.0,子网掩码:255.255.255.0,网关:192.168.3.1命名为work01,vlan4为客户机2所在网络,命名为work02,ip地址段为192.168.4.0,子网掩码:255.255.255.0,网关:192.168.4.1,3550作dhcp服务器,端口0-5划到vlan 2,端口6-10划分到vlan 3,端口11-15划分到vlan 4.
  
  dhcp服务器实现功能:
  各vlan保留2-10的ip地址不分配置,例如:192.168.2.0的网段,保留192.168.2.2至192.168.2.10的ip地
  址段不分配.
  
  安全要求:
  vlan 3和vlan 4 不允许互相访问,但都可以访问服务器所在的vlan 2,
  默认访问控制列表的规则是拒绝所有包。
配置命令及步骤如下:
  
setp 1:创建vlan:
sw(config)#int range f0/0 - 15
sw(config-if-range)#no shut
sw(config-if-range)#end
sw#v da
sw(vlan)#vlan 2 name server
VLAN 2 added:
    Name: server
sw(vlan)#vlan 3 name work01
VLAN 3 added:
    Name: work01
sw(vlan)#vlan 4 name work02
VLAN 4 added:
    Name: work02
sw(vlan)#exit
APPLY completed.
Exiting....
Setp 2:设置vlan ip地址:
sw#config t
sw(config)#int vlan 2
sw(config-if)#ip add 192.168.2.1 255.255.255.0
sw(config-if)#no shut
sw(config-if)#int vlan 3
sw(config-if)#ip add 192.168.3.1 255.255.255.0
sw(config-if)#no shut
sw(config-if)#int vlan 4
sw(config-if)#ip add 192.168.4.1 255.255.255.0
sw(config-if)#no shut
sw(config-if)#exit
Setp 3:设置端口全局参数
sw(config)#int range f0/0 - 15
sw(config-if-range)#switchport mode access
sw(config-if-range)#spanning-tree portfast
sw(config-if-range)#exit
Setp 4:将端口添加到vlan2,3,4中
sw(config)#int range f0/0 - 5
sw(config-if-range)#sw ac vlan 2
/*将端口0-5添加到vlan 2*/
sw(config-if-range)#exit
/*将端口6-10添加到vlan 3*/
sw(config)#int range f0/6 - 10
sw(config-if-range)#switchport access vlan 3
sw(config-if-range)#exit
/*将端口11-15添加到vlan 4*/
sw(config)#int range f0/11 - 15
sw(config-if-range)#switchport access vlan 4
sw(config-if-range)#exit
Setp 5:配置3550作为dhcp服务器
/*vlan 2可用地址池和相应参数的配置,有几个vlan要设几个地址池*/
sw(config)#ip dhcp pool test01
sw(dhcp-config)#exit
/*设置可分配的子网*/
sw(dhcp-config)#network 192.168.2.0 255.255.255.0
/*设置dns服务器*/
sw(dhcp-config)#dns-server 192.168.2.10
/*设置该子网的网关*/
sw(dhcp-config)#default-router 192.168.2.1
/*配置vlan 3所用的地址池和相应参数*/
sw(config)#ip dhcp pool test02
sw(dhcp-config)#network 192.168.3.0 255.255.255.0
sw(dhcp-config)#dns-server 192.168.2.10
sw(dhcp-config)#default-router 192.168.3.1
sw(dhcp-config)#exit
/*配置vlan 4所用的地址池和相应参数*/
sw(config)#ip dhcp pool test03
sw(dhcp-config)#network 192.168.4.0 255.255.255.0
sw(dhcp-config)#dns-server 192.168.2.10
sw(dhcp-config)#default-router 192.168.4.1
sw(dhcp-config)#exit
setp 6:设置dhcp保留不分配的地址
sw(config)#ip dhcp excluded-address 192.168.2.2 192.168.2.10
sw(config)#ip dhcp excluded-address 192.168.3.2 192.168.3.10
sw(config)#ip dhcp excluded-address 192.168.4.2 192.168.4.10
setp 7:启用路由
sw(config)#ip routing
setp 8:配置访问控制列表
sw(config)#$ 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
sw(config)#$ 103 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
sw(config)#access-list 103 permit udp any any eq bootpc
sw(config)#access-list 103 permit udp any any eq tftp
sw(config)#access-list 103 permit udp any eq bootpc any
sw(config)#access-list 103 permit udp any eq tftp any
sw(config)#$ 104 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
sw(config)#access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
sw(config)#access-list 104 permit udp any eq bootpc any
sw(config)#access-list 104 permit udp any eq tftp any
Setp 9:应用访问控制列表
/*将访问控制列表应用到vlan 3和vlan 4,vlan 2不需要*/
sw(config)#int vlan 2
sw(config-if)#int vlan 3
sw(config-if)#ip access-group 103 out
sw(config-if)#int vlan 4
sw(config-if)#ip access-group 104 out
sw(config-if)#end
sw#
Setp 10 验证
Pc vlan2 配置如下
vlan2(config)#no ip routing
vlan2(config)#int f0/0
vlan2(config-if)#no shut
vlan2(config-if)#ip address dhcp     //DHCP动态获取地址
vlan2(config-if)#
*Mar  1 00:36:45.867: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned
 DHCP address 192.168.2.11, mask 255.255.255.0, hostname vlan2
ipvlan2(config-if)#end
vlan2#ping 192.168.4.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.11, timeout is 2 seconds:
!!!!!                         //vlan2可以与vlan4 通信
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/131/176 ms
vlan2#ping 192.168.3.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.11, timeout is 2 seconds:
.!!!!             //vlan2可以与vlan3 通信
Success rate is 80 percent (4/5), round-trip min/avg/max = 68/130/212 ms
vlan2#
Pc vlan3 配置如下
vlan3(config)#no ip routing
vlan3(config)#int f0/0
vlan3(config-if)#ip address dhcp   //DHCP动态获取地
vlan3(config-if)#no shut
vlan3(config-if)#
*Mar  1 00:36:21.199: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t
o up
*Mar  1 00:36:22.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to up
*Mar  1 00:36:32.391: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned
 DHCP address 192.168.3.11, mask 255.255.255.0, hostname vlan3
vlan3(config-if)#end
vlan3#
vlan3#ping 192.168.2.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.11, timeout is 2 seconds:
!!!!!                //vlan3可以与vlan2通信
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/153/188 ms
vlan3#ping 192.168.4.11
Type escape sequence to abort.  
Sending 5, 100-byte ICMP Echos to 192.168.4.11, timeout is 2 seconds:
U.U.U                  //vlan3不可以与vlan4 通信
Success rate is 0 percent (0/5)
vlan3#
Pc vlan4 配置如下
vlan4(config)#no ip routing
vlan4(config)#int f0/0
vlan4(config-if)#no shut
vlan4(config-if)#
*Mar  1 00:35:15.915: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t
o up
*Mar  1 00:35:16.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to up  
vlan4(config-if)#ip address dhcp       //DHCP动态获取地址
vlan4(config-if)#
*Mar  1 00:35:58.447: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned
 DHCP address 192.168.4.11, mask 255.255.255.0, hostname vlan4
vlan4(config-if)#end
vlan4#
vlan4#ping 192.168.2.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.11, timeout is 2 seconds:
.!!!!            //vlan4可以与vlan2 通信
Success rate is 80 percent (4/5), round-trip min/avg/max = 80/139/176 ms
vlan4#ping 192.168.3.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.11, timeout is 2 seconds:
U.U.U               
Success rate is 0 percent (0/5) //vlan4不可以与vlan3 通信