Home | Mirror | Search |
Switch#vlan database % Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode. Switch(vlan)#vlan 2 name development VLAN 2 modified: Name: development Switch(vlan)#vlan 3 name market VLAN 3 modified: Name: market Switch(vlan)#exit APPLY completed. Exiting.... Switch#conf terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int vlan 2 Switch(config-if)#ip address 192.168.8.1 255.255.255.0 Switch(config-if)#exit Switch(config)#int vlan 3 Switch(config-if)#ip address 192.168.9.1 255.255.255.0 Switch(config-if)#exit Switch(config)#ip dhcp pool vlan2 Switch(dhcp-config)#network 192.168.8.0 255.255.255.0 Switch(dhcp-config)#default-router 192.168.8.254 Switch(dhcp-config)#dns-server 208.67.222.222 208.67.220.220 Switch(dhcp-config)#lease 7 Switch(dhcp-config)#exit Switch(config)#ip dhcp pool vlan3 Switch(dhcp-config)#network 192.168.9.0 255.255.255.0 Switch(dhcp-config)#default-router 192.168.9.254 Switch(dhcp-config)#dns-server 208.67.222.222 208.67.220.220 Switch(dhcp-config)#lease 7 Switch(dhcp-config)#exit Switch(config)#ip dhcp excluded 192.168.8.1 192.168.8.254 Switch(config)#ip dhcp excluded 192.168.9.1 192.168.9.254 Switch(config)#ip dhcp snooping Switch(config)#ip dhcp snooping vlan 2-3 Switch(config)#interface range f0/1 - 10 Switch(config-if-range)#switchport access vlan 2 Switch(config-if-range)#switchport mode access Switch(config-if-range)#spanning-tree portfast Switch(config-if-range)#ip dhcp snooping trust Switch(config-if-range)#exit Switch(config)#interface range f0/11 - 20 Switch(config-if-range)#switchport access vlan 3 Switch(config-if-range)#switchport mode access Switch(config-if-range)#spanning-tree portfast Switch(config-if-range)#ip dhcp snooping trust Switch(config-if-range)#exit Switch(config)#interface GigabitEthernet0/1 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan all Switch(config-if)#end
例 9.1. VLAN間DHCP實例
Cisco Catalyst 2960 Series Switches
Switch#show running-config Building configuration... Current configuration : 4716 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Switch ! boot-start-marker boot-end-marker ! enable secret 5 $1$zQct$RlZjEVk3PV//OrS4KYm46. enable password 123456 ! no aaa new-model system mtu routing 1500 ip subnet-zero ! ip dhcp pool vlan2 network 192.168.8.0 255.255.255.0 default-router 192.168.8.254 dns-server 208.67.222.222 208.67.220.220 lease 7 ! ip dhcp pool vlan3 network 192.168.9.0 255.255.255.0 default-router 192.168.9.254 dns-server 208.67.222.222 208.67.220.220 lease 7 ! ip dhcp snooping vlan 2-3 no ip dhcp snooping information option ip dhcp snooping ! ! crypto pki trustpoint TP-self-signed-2135278336 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2135278336 revocation-check none rsakeypair TP-self-signed-2135278336 ! ! crypto pki certificate chain TP-self-signed-2135278336 certificate self-signed 01 3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32313335 32373833 3336301E 170D3933 30333031 30303030 35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31333532 37383333 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B628 478437A6 397971B0 B3A62590 C505A465 D7D1E604 DC5F92E2 68868536 286DA2A2 3C782BCC 47625B33 5CC22974 04B26BDF F353FEFB DE2A2F27 2964BC40 5CDEE5DE 7D9EB86F A32118E6 9345B5C4 8632832E 397D2F58 41F70394 EB49DCE9 633DABDF 140E6ECD BA8927B4 8EF18AAB 700C9063 2C571D79 04341253 08507FA4 5FB30203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603 551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 1419F564 86C05FAB 617613B5 943AF70D 6754DF2C A3301D06 03551D0E 04160414 19F56486 C05FAB61 7613B594 3AF70D67 54DF2CA3 300D0609 2A864886 F70D0101 04050003 818100A2 3658FCD0 2E373F72 05DB683D 9EDD2244 0439DB83 AA6A65BE 14309A5C 9B317329 2E5B4275 0FA7A78C 7681F7EC 8DAD3CC8 85B315F1 DA43BFB4 B4D92F6F 0C983A7A 0C8030EE F0AE34DB 81C18F45 A2F2B98A 232430D5 EF2C3667 E9C2C1EF C6457E0A 1EA81332 E7691037 6A2AFF97 DBCAFECB CB673797 7D2D0547 C1D742F0 F99208 quit ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! interface FastEthernet0/1 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/2 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/3 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/4 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/5 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/6 switchport access vlan 2 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/7 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/8 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/9 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/10 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/11 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/12 switchport access vlan 3 switchport mode access spanning-tree portfast ip dhcp snooping trust ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 switchport mode trunk ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan2 ip address 192.168.8.1 255.255.255.0 no ip route-cache ! interface Vlan3 ip address 192.168.9.1 255.255.255.0 no ip route-cache ! no ip http server no ip http secure-server ! control-plane ! ! line con 0 line vty 0 4 password 123456 login line vty 5 15 password 123456 login ! end Switch#
Cisco 2811 Router
Router#show running-config Building configuration... Current configuration : 1103 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$d51C$qZVGfyDQJHQZ/W4muxjo4/ enable password chen ! no aaa new-model ! resource policy ! no network-clock-participate wic 0 ip subnet-zero ! ! ip cef ! ! ! ! ! controller E1 0/0/0 ! ! interface FastEthernet0/0 ip address 192.168.3.39 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 duplex auto speed auto ! interface FastEthernet0/1.1 encapsulation dot1Q 2 ip address 192.168.8.254 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/1.2 encapsulation dot1Q 3 ip address 192.168.9.254 255.255.255.0 no snmp trap link-status ! router rip network 192.168.3.0 network 192.168.8.0 network 192.168.9.0 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.3.1 ! no ip http server ! snmp-server community public RO ! control-plane ! ! line con 0 line aux 0 line vty 0 4 password 3655927 login ! scheduler allocate 20000 1000 ! end Router#
Cisco 2811 Router + 2960 Switch
Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ip dhcp excluded 192.168.8.1 Router(config)#ip dhcp excluded 192.168.8.254 Router(config)#ip dhcp excluded 192.168.9.1 Router(config)#ip dhcp excluded 192.168.9.254 Router(config)#ip dhcp pool vlan2 Router(dhcp-config)#network 192.168.8.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.8.254 Router(dhcp-config)#dns-server 208.67.222.222 208.67.220.220 Router(dhcp-config)#lease 7 Router(dhcp-config)#exit Router(config)#ip dhcp pool vlan3 Router(dhcp-config)#network 192.168.9.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.9.254 Router(dhcp-config)#dns-server 208.67.222.222 208.67.220.220 Router(dhcp-config)#lease 7 Router(dhcp-config)#exit Router(config)#interface f0/0 Router(config-if)#ip address 172.16.0.1 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit Router(config)#interface f0/1 Router(config-if)#description Connect to 2960_f0/24 Router(config-if)#no shut Router(config-if)#exit Router(config)#interface f0/1.1 Router(config-subif)#ip address 192.168.8.254 255.255.255.0 % Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN. Router(config-subif)#encapsulation dot1q 2 Router(config-subif)#no shut Router(config-subif)#exit Router(config)#interface f0/1.2 Router(config-subif)#ip address 192.168.9.254 255.255.255.0 % Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN. Router(config-subif)#encapsulation dot1q 3 Router(config-subif)#no shut Router(config-subif)#exit Router(config)#ip routing Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.0.254 Router(config)#router rip Router(config-router)#network 172.16.0.0 Router(config-router)#network 192.168.8.0 Router(config-router)#network 192.168.9.0 Router(config-router)#exit Router(config)#exit Router#wr Building configuration... [OK]
Switch(config)#interface range f0/1 - 10 Switch(config-if-range)#switchport access vlan 1 Switch(config-if-range)#switchport mode access Switch(config-if-range)#spanning-tree portfast Switch(config-if-range)#no shut Switch(config-if-range)#exit Switch(config)#interface range f0/11 - 20 Switch(config-if-range)#switchport access vlan 2 Switch(config-if-range)#switchport mode access Switch(config-if-range)#spanning-tree portfast Switch(config-if-range)#no shut Switch(config-if-range)#exit Switch(config)#interface f0/24 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk allowed vlan all Switch(config-if)#no shut Switch(config-if)#exit Switch(config)#interface vlan 2 Switch(config-if)#ip add 192.168.8.1 255.255.255.0 192.168.8.0 overlaps with Vlan2 Switch(config-if)#ip helper-address 192.168.8.254 Switch(config-if)#no shut Switch(config-if)#exit Switch(config)#interface vlan 3 Switch(config-if)#ip add 192.168.9.1 255.255.255.0 Switch(config-if)#ip helper-address 192.168.9.254 Switch(config-if)#no shut Switch(config-if)#exit Switch(config)#end Switch#wr Building configuration... [OK]
例 9.2. 配置實例參考
Router: Cisco 2811 Series Routers
Router#show running-config Building configuration... Current configuration : 1592 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$d51C$qZVGfyDQJHQZ/W4muxjo4/ enable password chen ! no aaa new-model ! resource policy ! no network-clock-participate wic 0 ip subnet-zero ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.8.1 ip dhcp excluded-address 192.168.8.254 ip dhcp excluded-address 192.168.9.1 ip dhcp excluded-address 192.168.9.254 ip dhcp excluded-address 192.168.8.253 ! ip dhcp pool vlan2 network 192.168.8.0 255.255.255.0 default-router 192.168.8.254 dns-server 208.67.222.222 208.67.220.220 lease 7 ! ip dhcp pool vlan3 network 192.168.9.0 255.255.255.0 default-router 192.168.9.254 dns-server 208.67.222.222 208.67.220.220 lease 7 ! ! ! ! ! controller E1 0/0/0 ! ! interface FastEthernet0/0 ip address 192.168.3.39 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto ! interface FastEthernet0/1.1 encapsulation dot1Q 2 ip address 192.168.8.254 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/1.2 encapsulation dot1Q 3 ip address 192.168.9.254 255.255.255.0 no snmp trap link-status ! router rip network 192.168.3.0 network 192.168.8.0 network 192.168.9.0 ! Router#
Switch: Cisco Catalyst 2960 Series Switches
Switch#show running-config Building configuration... Current configuration : 3502 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Switch ! boot-start-marker boot-end-marker ! enable secret 5 $1$zQct$RlZjEVk3PV//OrS4KYm46. enable password 123456 ! username neo password 0 chen no aaa new-model system mtu routing 1500 ip subnet-zero ! no ip dhcp snooping information option ! ! crypto pki trustpoint TP-self-signed-2135278336 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2135278336 revocation-check none rsakeypair TP-self-signed-2135278336 ! ! crypto pki certificate chain TP-self-signed-2135278336 certificate self-signed 01 3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32313335 32373833 3336301E 170D3933 30333031 30303030 35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31333532 37383333 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B628 478437A6 397971B0 B3A62590 C505A465 D7D1E604 DC5F92E2 68868536 286DA2A2 3C782BCC 47625B33 5CC22974 04B26BDF F353FEFB DE2A2F27 2964BC40 5CDEE5DE 7D9EB86F A32118E6 9345B5C4 8632832E 397D2F58 41F70394 EB49DCE9 633DABDF 140E6ECD BA8927B4 8EF18AAB 700C9063 2C571D79 04341253 08507FA4 5FB30203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603 551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 1419F564 86C05FAB 617613B5 943AF70D 6754DF2C A3301D06 03551D0E 04160414 19F56486 C05FAB61 7613B594 3AF70D67 54DF2CA3 300D0609 2A864886 F70D0101 04050003 818100A2 3658FCD0 2E373F72 05DB683D 9EDD2244 0439DB83 AA6A65BE 14309A5C 9B317329 2E5B4275 0FA7A78C 7681F7EC 8DAD3CC8 85B315F1 DA43BFB4 B4D92F6F 0C983A7A 0C8030EE F0AE34DB 81C18F45 A2F2B98A 232430D5 EF2C3667 E9C2C1EF C6457E0A 1EA81332 E7691037 6A2AFF97 DBCAFECB CB673797 7D2D0547 C1D742F0 F99208 quit ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! interface FastEthernet0/1 ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 3 switchport mode access spanning-tree portfast ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 switchport mode trunk ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan2 ip address 192.168.8.1 255.255.255.0 ip helper-address 192.168.8.254 no ip route-cache ! interface Vlan3 ip address 192.168.9.1 255.255.255.0 ip helper-address 192.168.9.254 no ip route-cache ! no ip http server no ip http secure-server ! control-plane ! ! line con 0 line vty 0 4 password 123456 login line vty 5 15 password 123456 login ! end Switch#