思科交换机DHCP配置

Configuring DHCPThis chapter describes how to configure Dynamic Host Configuration Protocol(DHCP).For a completedescription of the DHCP commands listed in this chapter, refer to the “DHCP Commands” chapter ofthe Cisco IOS IP and IP Routing Command Reference publication. To locate documentation of othercommands that appear in this chapter, use the command reference master index or search online.As explained in RFC2131,Dynamic Host Configuration Protocol, DHCP provides configurationparameters to Internet hosts.DHCP consists of two components:a protocol for delivering host-specificconfiguration parameters from a DHCP server to a host and a mechanism for allocating networkaddresses to hosts.DHCP is built on a client/server model,where designated DHCP server hosts allocatenetwork addresses and deliver configuration parameters to dynamically configured hosts.DHCP supports three mechanisms for IP address allocation:•Automatic allocation—DHCP assigns a permanent IP address to a client.•Dynamic allocation—DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address).•Manual allocation—The network administrator assigns an IP address to a client and DHCP is used simply to convey the assigned address to the client.The format of DHCP messages is based on the format of Bootstrap Protocol(BOOTP)messages,whichensures support for BOOTP relay agent functionality and interoperability between BOOTP clients andDHCP servers. BOOTP relay agents eliminate the need for deploying a DHCP server on each physicalnetwork segment. BOOTP is explained in RFC951,Bootstrap Protocol (BOOTP), and RFC1542,Clarifications and Extensions for the Bootstrap Protocol.DHCP Server OverviewThe Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages IPaddresses from specified address pools within the router to DHCP clients.If the Cisco IOS DHCP servercannot satisfy a DHCP request from its own database, it can forward the request to one or moresecondary DHCP servers defined by the network administrator.Figure14 shows the basic steps that occur when a DHCP client requests an IP address from a DHCPserver. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a Cisco IOS DHCPserver.A DHCP server offers configuration parameters(such as an IP address,a MAC address,a domainname, and a lease for the IP address) to the client in a DHCPOFFER unicast message.Configuring DHCPDHCP Server Overview Figure 14DHCP Request for an IP Address from a DHCP Server Note A DHCP client may receive offers from multiple DHCP servers and can accept any one ofthe offers; however, the client usually accepts the first offer it receives. Additionally, theoffer from the DHCP server is not a guarantee that the IP address will be allocated to theclient;however,the server usually reserves the address until the client has had a chance toformally request the address.The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUESTbroadcast message. The DHCP server confirms that the IP address has been allocated to the client byreturning a DHCPACK unicast message to the client.Note The formal request for the offered IP address (the DHCPREQUEST message) that is sentby the client is broadcast so that all other DHCP servers that received theDHCPDISCOVER broadcast message from the client can reclaim the IP addresses that theyoffered to the client.If the configuration parameters sent to the client in the DHCPOFFER unicast message bythe DHCP server are invalid (a misconfiguration error exists), the client returns aDHCPDECLINE broadcast message to the DHCP server.The DHCP server will send to the client a DHCPNAK denial broadcast message, whichmeans the offered configuration parameters have not been assigned,if an error has occurredduring the negotiation of the parameters or the client has been slow in responding to theDHCPOFFER message (the DHCP server assigned the parameters to another client)of theDHCP server.The Cisco IOS DHCP server feature offers the following benefits:•Reduced Internet access costsUsing automatic IP address assignment at each remote site substantially reduces Internet accesscosts. Static IP addresses are considerably more expensive to purchase than are automaticallyallocated IP addresses.•Reduced client configuration tasks and cost sBecause DHCP is easy to configure, it minimizes operational overhead and costs associated withdevice configuration tasks and eases deployment by nontechnical users.•Centralized managementBecause the DHCP server maintains configurations for several subnets,an administrator only needsto update a single, central server when configuration parameters change.Host A DHCP ACK (unicast)DHCPREQUEST (broadcast)DHCPOFFER (unicast)DHCPDISCOVER (broadcast)Cisco IOS DHCP server 32369Configuring DHCPDHCP Configuration Task ListBefore you configure the Cisco IOS DHCP server feature, complete the following tasks:•Identify an external File Transport Protocol(FTP),Trivial File Transfer Protocol(TFTP),or remote copy protocol (rcp) server that you will use to store the DHCP bindings database.•Identify the IP addresses that you will enable the DHCP server to assign,and the IP addresses that you will exclude.•Identify DHCP options for devices where necessary, including:–Default boot image name–Default router(s)–Domain Name System (DNS) server(s)–NetBIOS name server•Decide on a NetBIOS node type (b, p, m, or h).•Decide on a DNS domain name.DHCP Configuration Task ListThe DHCP server database is organized as a tree. The root of the tree is the address pool for naturalnetworks, branches are subnetwork address pools, and leaves are manual bindings to clients.Subnetworks inherit network parameters and clients inherit subnetwork parameters.Therefore,commonparameters,for example the domain name,should be configured at the highest(network or subnetwork)level of the tree.Note Inherited parameters can be overridden.For example,if a parameter is defined in both thenatural network and a subnetwork, the definition of the subnetwork is used.Address leases are not inherited.If a lease is not specified for an IP address,by default,theDHCP server assigns a one-day lease for the address.To configure the Cisco IOS DHCP server feature, first configure a database agent or disable conflictlogging, then configure IP addresses that the DHCP server should not assign (excluded addresses) andshould assign (a pool of available IP addresses) to requesting clients. These configuration tasks areexplained in the following sections. Each task in the following list is identified as required or optional.•Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging (Required)•Excluding IP Addresses (Required)•Configuring a DHCP Address Pool (Required)•Configuring Manual Bindings (Optional)•Configuring a DHCP Server Boot File (Optional)•Configuring the Number of Ping Packets (Optional)•Configuring the Timeout Value for Ping Packets (Optional)•Enabling the Cisco IOS DHCP Server and Relay Agent Features (Optional)Configuring DHCPDHCP Configuration Task List Configuring a DHCP Database Agent or Disabling DHCP Conflict LoggingA DHCP database agent is any host, for example, an FTP, TFTP, or RCP server that stores the DHCPbindings database.You can configure multiple DHCP database agents and you can configure the intervalbetween database updates and transfers for each agent.To configure a database agent and database agentparameters, use the following command in global configuration mode:If you choose not to configure a DHCP database agent,disable the recording of DHCP address conflictson the DHCP server. To disable DHCP address conflict logging, use the following command in globalconfiguration mode:Excluding IP AddressesThe DHCP server assumes that all IP addresses in a DHCP address pool subnet are available forassigning to DHCP clients. You must specify the IP address that the DHCP server should not assign toclients. To do so, use the following command in global configuration mode:Configuring a DHCP Address PoolYou can configure a DHCP address pool with a name that is a symbolic string (such as “engineering”)or an integer (such as 0).Configuring a DHCP address pool also places you in DHCP pool configurationmode—identified by the (config-dhcp)# prompt—from which you can configure pool parameters (forexample,the IP subnet number and default router list).To configure a DHCP address pool,complete therequired tasks in the following sections.Configuring the DHCP Address Pool Name and Entering DHCP Pool Configuration ModeTo configure the DHCP address pool name and enter DHCP pool configuration mode,use the followingcommand in global configuration mode:CommandPurpose Router(config)#ip dhcp database url[timeout seconds | write-delay seconds ]Configures the database agent and the interval between database updates and database transfers.CommandPurpose Router(config)#no ip dhcp conflict logging Disables DHCP address conflict logging.CommandPurpose Router(config)#ip dhcp excluded-addresslow-address [high-address ]Specifies the IP addresses that the DHCP server should not assign to DHCP clients.CommandPurpose Router(config)# ip dhcp pool name Creates a name for the DHCP server address pool and places you in DHCPpool configuration mode (identified by the config-dhcp# prompt).Configuring DHCPDHCP Configuration Task List Configuring the DHCP Address Pool Subnet and MaskTo configure a subnet and mask for the newly created DHCP address pool,which contains the range of available IP addresses that the DHCP server may assign to clients,use the following command in DHCP pool configuration mode:Note You can not configure manual bindings within the same pool that is configured with thenetwork command.To configure manual bindings,see the “Configuring Manual Bindings”section.Configuring the Domain Name for the ClientThe domain name for a DHCP client places the client in the general grouping of networks that make up the domain.To configure a domain name string for the client,use the following command in DHCP pool configuration mode:Configuring the Domain Name System IP Servers for the ClientDHCP clients query DNS IP servers when they need to correlate host names to IP addresses. Toconfigure the DNS IP servers that are available to a DHCP client,use the following command in DHCP pool configuration mode:Configuring the NetBIOS Windows Internet Naming Service IP Servers for the ClientWindows Internet Naming Service (WINS)is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks.To configure the NetBIOS WINS servers that are available to a Microsoft DHCP client,use the following command in DHCP pool configuration mode:CommandPurpose Router(config-dhcp)#network network-number[mask |/prefix-length ]Specifies the subnet network number and mask of the DHCP address pool.The prefix length specifies the number of bits that comprise theaddress prefix. The prefix is an alternative way of specifying thenetwork mask of the client.The prefix length must be preceded bya forward slash (/).CommandPurpose Router(config-dhcp)#domain-name domain Specifies the domain name for the client.CommandPurpose Router(config-dhcp)#dns-server address[address2...address8]Specifies the IP address of a DNS server that is available to a DHCP client.One IP address is required; however, you can specify up to eight IPaddresses in one command line.Configuring DHCPDHCP Configuration Task List Configuring the NetBIOS Node Type for the ClientThe NetBIOS node type for Microsoft DHCP clients can be one of four settings:broadcast,peer-to-peer,mixed, or hybrid. To configure the NetBIOS node type for a Microsoft DHCP, use the followingcommand in DHCP pool configuration mode:Configuring the Default Router for the ClientAfter a DHCP client has booted, the client begins sending packets to its default router. The IP address of the default router should be on the same subnet as the client.To configure a default router for a DHCP client, use the following command in DHCP pool configuration mode:Configuring the Address Lease TimeBy default,each IP address assigned by a DHCP server comes with a one-day lease,which is the amount of time that the address is valid.To change the lease value for an IP address,use the following command in DHCP pool configuration mode:Configuring Manual BindingsAn address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by aDHCP server.Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database.Manual bindings are stored in NVRAM on the DHCP server.Manual bindings are just special address pools.There is no limit on the number of manual bindings but you can only configure one manual binding per host pool.CommandPurpose Router(config-dhcp)#netbios-name-serveraddress [address2...address8]Specifies the NetBIOS WINS server that is available to a Microsoft DHCP client. One address is required; however, you can specify up toeight addresses in one command line.CommandPurpose Router(config-dhcp)#netbios-node-type type Specifies the NetBIOS node type for a Microsoft DHCP mandPurpose Router(config-dhcp)#default-routeraddress [address2... address8]Specifies the IP address of the default router for a DHCP client. One IP address is required,although you can specify up to eight addresses in onecommand line.CommandPurpose Router(config-dhcp)# lease {days[hours ][minutes ]| infinite }Specifies the duration of the lease. The default is a one-day lease.Configuring DHCPDHCP Configuration Task List Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hoststhat are found in the DHCP database.Automatic bindings are stored on a remote host called a databaseagent. The bindings are saved as text records for easy maintenance.To configure a manual binding, first create a host pool, then specify the IP address of the client andhardware address or client identifier. The hardware address is the MAC address. The client identifier,which is required for Microsoft clients(instead of hardware addresses),is formed by concatenating themedia type and the MAC address of the client. Refer to the “Address Resolution Protocol Parameters”section of RFC1700,Assigned Numbers, for a list of media type codes.To configure manual bindings, use the following commands beginning in global configuration mode:Command PurposeStep1Router(config)# ip dhcp pool name Creates a name for the a DHCP server address pool and places youin DHCP pool configuration mode—identified by the(config-dhcp)# prompt.Step2Router(config-dhcp)#host address [mask| /prefix-length]Specifies the IP address and subnet mask of the client.The prefix length specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client.The prefix length must be preceded by a forward slash(/).Step3Router(config-dhcp)# hardware-address hardware-address typeorRouter(config-dhcp)#client-identifierunique-identifier Specifies a hardware address for the client.The type value:•Indicates the protocol of the hardware platform. Strings and values are acceptable. The string options are:–ethernet–ieee802•The value options are:– 1 10Mb Ethernet– 6 IEEE 802If no type is specified, the default protocol is Ethernet.orSpecifies the distinct identification of the client in dotted hexadecimal notation, for example, 01b7.0813.8811.66, where 01 represents the Ethernet media type.Step4Router(config-dhcp)# client-name name(Optional) Specifies the name of the client using any standardASCII character. The client name should not include the domainname. For example, the name mars should not be specified as.Configuring DHCP DHCP Configuration Task ListConfiguring a DHCP Server Boot FileThe boot file is used to store the boot image for the client. The boot image is generally the operatingsystem the client uses to load.To specify a boot file for the DHCP client,use the following command inDHCP pool configuration mode:Command PurposeRouter(config-dhcp)# bootfile filename Specifies the name of the file that is used as a boot image. Configuring the Number of Ping PacketsBy default, the DHCP server pings a pool address twice before assigning the address to a requestingclient.If the ping is unanswered,the DHCP server assumes(with a high probability)that the address isnot in use and assigns the address to the requesting client. To change the number of ping packets theDHCP server should send to the pool address before assigning the address,use the following commandin global configuration mode:Command PurposeRouter(config)#ip dhcp ping packets number Specifies the number of ping packets the DHCP server sends to a pooladdress before assigning the address to a requesting client.The defaultis two packets.Configuring the Timeout Value for Ping PacketsBy default, the DHCP server waits 500milliseconds before timing out a ping packet. To change theamount of time the server waits, use the following command in global configuration mode:Command PurposeRouter(config)# ip dhcp ping timeout milliseconds Specifies the amount of time the DHCP server must wait beforetiming out a ping packet. The default 500 milliseconds. Enabling the Cisco IOS DHCP Server and Relay Agent FeaturesBy default,the Cisco IOS DHCP server and relay agent features are enabled on your router.To reenablethese features if they are disabled, use the following command in global configuration mode:Command PurposeRouter(config)#service dhcp Enables the Cisco IOS DHCP server and relay features on your router.Use the no form of this command to disable the Cisco IOS DHCP server and relayfeatures.Configuring DHCPMonitoring and Maintaining the DHCP ServerMonitoring and Maintaining the DHCP ServerTo clear DHCP server variables, use the following commands in privileged EXEC mode, as needed:Command PurposeRouter#clear ip dhcp binding address |*Deletes an automatic address binding from the DHCP database.Specifying address clears the automatic binding for a specific(client)IPaddress, whereas specifying asterisk (*) clears all automatic bindings. Router#clear ip dhcp conflict address |*Clears an address conflict from the DHCP database.Specifying addressclears the conflict for a specific IP address whereas specifying an asterisk(*) clears conflicts for all addresses.Router#clear ip dhcp server statistics Resets all DHCP server counters to 0.To enable DHCP server debugging, use the following command in privileged EXEC mode:Command PurposeRouter# debug ip dhcp server{events | packets | linkage}Enables debugging on the DHCP server.To display DHCP server information, use the following commands in EXEC mode, as needed:Command PurposeRouter> show ip dhcp binding[address]Displays a list of all bindings created on a specific DHCP server. Router> show ip dhcp conflict[address]Displays a list of all address conflicts recorded by a specific DHCP server. Router#show ip dhcp database[url]Displays recent activity on the DHCP database.Note Use this command in privileged EXEC mode.Router> show ip dhcp server statistics Displays count information about server statistics and messages sent andreceived.Configuration ExamplesThis section provides the following configuration examples:•DHCP Database Agent Configuration Example•DHCP Address Pool Configuration Example•Manual Bindings Configuration ExampleConfiguring DHCPConfiguration Examples DHCP Database Agent Configuration ExampleThe following example stores bindings on host 172.16.4.253. The file transfer protocol is FTP. Theserver should wait 2 minutes (120 seconds) before writing database changes.ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120DHCP Address Pool Configuration ExampleIn the following example, three DHCP address pools are created: one in network 172.16.0.0, one insubnetwork 172.16.1.0,and one in subnetwork 172.16.2.0.Attributes from network 172.16.0.0,such as the domain name, DNS server, NetBIOS name server, and NetBIOS node type, are inherited insubnetworks 172.16.1.0and 172.16.2.0.In each pool,clients are granted 30-day leases and all addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for assigning toclients. Table 5 lists the IP addresses for the devices in three DHCP address pools.ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120ip dhcp excluded-address 172.16.1.100 172.16.1.103ip dhcp excluded-address 172.16.2.100 172.16.2.103!ip dhcp pool 0network 172.16.0.0 /16domain-name dns-server 172.16.1.102 172.16.2.102netbios-name-server 172.16.1.103 172.16.2.103netbios-node-type h-node!ip dhcp pool 1network 172.16.1.0 /24default-router 172.16.1.100 172.16.1.101lease 30!ip dhcp pool 2network 172.16.2.0 /24default-router 172.16.2.100 172.16.2.101lease 30T able 5DHCP Address Pool DevicesPool 0 (Network 172.16.0.0)Pool 1 (Subnetwork 172.16.1.0)Pool 2 (Subnetwork 172.16.2.0)DeviceIP Address Device IP Address Device IP Address Default routers–Default routers 172.16.1.100172.16.1.101Default routers 172.16.2.100172.16.2.101DNS server 172.16.1.102—172.16.2.102————NetBIOS name server 172.16.1.103—172.16.2.103————NetBIOS node type h-node ————Configuring DHCPConfiguration ExamplesManual Bindings Configuration ExampleThe following example creates a manual binding for a client named .The MAC addressof the client is 02c7.f800.0422 and the IP address of the client is 172.16.2.254.ip dhcp pool Marshost 172.16.2.254hardware-address 02c7.f800.0422 ieee802client-name MarsBecause attributes are inherited, the previous configuration is equivalent to the following:ip dhcp pool Marshost 172.16.2.254 mask 255.255.255.0hardware-address 02c7.f800.0422 ieee802client-name Marsdefault-router 172.16.2.100 172.16.2.101domain-name dns-server 172.16.1.102 172.16.2.102netbios-name-server 172.16.1.103 172.16.2.103netbios-node-type h-nodeCisco IOS IP and IP Routing Configuration GuideP1C-73Configuring DHCP Configuration ExamplesCisco IOS IP and IP Routing Configuration GuideP1C-74。

思科交换机配置教程首先，我们需要登录到交换机的控制台界面。

可以通过串口连接，或者通过网络连接，例如通过SSH协议进行连接。

登录后，我们进入到交换机的命令行界面。

接下来，我们需要进行基本的配置。

思科交换机的配置是通过命令行界面进行的，配置的命令是不同的，但是有一些通用的配置信息，我们可以先进行配置。

首先，我们要为交换机设置一个主机名。

可以使用如下命令进行配置：```Switch(config)# hostname Switch1```这样就为交换机设置了一个名字为"Switch1"的主机名。

接下来，我们可以配置交换机的管理IP地址。

可以使用如下命令进行配置：```Switch(config)# interface vlan 1Switch(config-if)# ip address 192.168.1.1 255.255.255.0Switch(config-if)# no shutdown```这样就为交换机的VLAN1接口配置了一个IP地址为192.168.1.1，子网掩码为255.255.255.0，并且启用了这个接口。

除了基本配置信息，我们还需要进行一些其他的配置，例如VLAN的配置。

VLAN是虚拟局域网的意思，可以将交换机的端口划分到不同的VLAN中，实现不同VLAN之间的隔离。

可以使用如下命令进行VLAN的配置：```Switch(config)# vlan 10Switch(config-vlan)# name VLAN10Switch(config-vlan)# exitSwitch(config)# interface fastEthernet 0/1Switch(config-if)# switchport access vlan 10Switch(config-if)# exit```这样就创建了一个编号为10的VLAN，名称为"VLAN10"。

网络拓扑图如下：根据图示连接设备。

在本次试验中，具体端口情况如上图数字标出。

核心交换机（core ）设置为s1或者SW1，汇聚层交换机（access）设置为s2或者SW2。

IP 地址分配：Router：e0：192.168.1.1Core：f0/1: 192.168.1.2Svi接口：Core vlan10: 172.16.10.254Vlan20: 172.16.20.254Vlan30: 172.16.30.254Access vlan10: 172.16.10.253Vlan20: 172.16.20.253Vlan30: 172.16.30.253服务器IP地址：192.168.30.1Office区域网段地址：PC1：192.168.10.1PC2：192.168.10.2路由器清空配置命令：enerase startup-configReload交换机清空配置命令：enerase startup-configdelete vlan.datReload加速命令：enconf tno ip domain lookupline con 0exec-timeout 0 0logging synhostname一、OFFICE 区域地址静态分配，防止OFFICE 网络发生ARP 攻击，不允许OFFICE 网段PC 互访；STUDENTS 区域主机输入正确的学号和密码后接入网络，自动获取地址，阻止STUDENTS网段地址发生ARP攻击；1、基本配置SW1的配置：SW1(config)#vtp domain cisco //SW1配置vtp，模式为server，SW2模式为client SW1(config)#vtp password sovandSW1(config)#vtp mode serverSW1(config)#vlan 10SW1(config)#int range f0/3,f0/4 //链路捆绑SW1(config-if-range)#Channel-protocol pagpSW1(config-if-range)#Channel-group 10 mode onSW1(config)#int port-channel 10 //链路设置为trunk模式，封装802.1q协议，三层交换机默认没有封装该协议SW1(config-if)#switchport trunk encapsulation dot1qSW1(config-if)#switchport mode trunkSW2配置：SW2(config)#vtp domain ciscoSW2(config)#vtp password sovandSW2(config)#vtp mode clientSW2(config)#int range f0/3,f0/4SW2(config-if-range)#Channel-protocol pagpSW2(config-if-range)#Channel-group 10 mode onCreating a port-channel interface Port-channel 10SW2(config)#int port-channel 10SW2(config-if)#switchport trunk encapsulation dot1qSW2(config-if)#switchport mode trunkSW2(config)#int f0/1 //把f0/1,f0/2划入vlan10SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 10SW2(config-if)#int f0/2SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 102、vlan aclOffice区域禁止PC机互访：使用show int e0/0命令查看mac地址SW2(config)#mac access-list extended macaclSW2(config-ext-macl)#permit host 0007.8562.9de0 host 0007.8562.9c20 //要禁止双向通信SW2(config-ext-macl)#permit host 0007.8562.9c20 host 0007.8562.9de0SW2(config)#vlan access-map vmap 10 //禁止pc间的通信SW2(config-access-map)#match mac add macaclSW2(config-access-map)#action dropSW2(config)#vlan access-map vmap 20 //对其他数据放行，不然pc机无法ping通svi口、网关SW2(config-access-map)#action forwardSW2(config)#vlan filter vmap vlan-list 10未使用VLAN ACL时pc1可以ping通pc2，如下图：使用VLAN ACL时pc1可以无法ping通pc2，如下图：3、Office区域静态配置ip地址时采用的ARP防护：配置如下：SW2(config)#ip arp inspection vlan 10SW2(config)#arp access-list arplistSW2(config-arp-nacl)#permit ip host 192.168.10.1 mac host 0007.8562.9de0 //ip地址与mac地址对应表SW2(config-arp-nacl)#permit ip host 192.168.10.2 mac host 0007.8562.9c20SW2(config-arp-nacl)#ip arp inspection filter arplist vlan 10SW2(config)#int port-channel 10SW2(config-if)#ip arp inspection trust注意：配置静态arp防护（用户主机静态配置地址，不是通过DHCP获取地址），需要新建ip与mac映射表，不然pc1无法ping通svi口4、OSPF与DHCP全网起OSPF协议，使pc1可以ping通路由器。

思科cisco路由器dhcp动态分配ip地址实现⽅法本⽂实例讲述了思科cisco路由器dhcp动态分配ip地址实现⽅法。

分享给⼤家供⼤家参考，具体如下：⼀、拓扑图Router1 F0/0 <----> Switch5 F0/0Router1 E1/0 <----> VPCS V0/5Switch5 F0/1 <----> Switch1 F0/0Switch5 F0/2 <----> Switch2 F0/0Switch5 F0/3 <----> Switch3 F0/0Switch5 F0/4 <----> Switch4 F0/0Switch1 F0/1 <----> VPCS V0/1Switch2 F0/1 <----> VPCS V0/2Switch3 F0/1 <----> VPCS V0/3⼆、dhcp服务器就是通过主机分配ip的⼀项服务。

路由是通过那个⼝来分配的。

接⼏个分配⼏个。

要使客户机能从⽤作DHCP Server的路由器中⾃动获得IP地址。

三、实验要求：1、vlan之间的通信通过三层交换机来实现2、路由器为4个vlan来分配ip地址3、pc1 - 4分别属于4个部门，能够⾃动得到ip地址4、pc1 - 5直接可以ping通四、实验思路：1、⾸先配置⼆层交换机上的vlan、trunk并把接⼝加⼊vlan2、三层交换中配置vlan、trunk并启⽤ip routing路由功能3、三层交换中配置vlan ip地址，三层交换机是带有三层路由功能的交换机，也就是这台交换机的端⼝既有三层路由功能，也具有⼆层交换功能。

三层交换机端⼝默认为⼆层⼝，如果需要启⽤三层功能就需要在此端⼝输⼊no switchport命令。

运⾏router rip协议（其他协议也⾏）查看路由表 show ip router4、配置路由器dhcp服务建⽴地址持ip dhcp pool apple（apple为地址池名称可以随便起）运⾏router rip协议5、保存设置：在全局配置模式下 Router#copy running-config startup-config //保存当前的配置或 Router#write 也⾏6、查看！五、实验过程：1、配置⼆层交换机valn trunk 并将接⼝加⼊vlansw1#vlan datasw1#vlan databasesw1(vlan)#vlan 10VLAN 10 added:Name: VLAN0010sw1(vlan)#exitAPPLY completed.Exiting....sw1#conf tEnter configuration commansw1(config)#interface f0/0sw1(config-if)#sw m tsw1(config-if)#interface f0/1sw1(config-if)#sw ac vlan 10sw1(config-if)#exitsw1(config)#exitsw1#show vlan-switchsw2 - 4相同配置2、配置三层交换（vlan、trunk、vlan ip）sw3-1#vlan dasw3-1(vlan)#vlan 10VLAN 10 added:Name: VLAN0010sw3-1(vlan)#vlan 20VLAN 20 added:Name: VLAN0020sw3-1(vlan)#vlan 30VLAN 30 added:Name: VLAN0030sw3-1(vlan)#vlan 40VLAN 40 added:Name: VLAN0040sw3-1(config)#ip routing 在三层交换中启动路由功能sw3-1(config)#interface vlan 10sw3-1(config-if)#ip ad 192.168.1.1 255.255.255.0 配置vlan ipsw3-1(config-if)#no shutsw3-1(config-if)#exitsw3-1(config)#interface vlan 20sw3-1(config-if)#ip ad 192.168.2.1 255.255.255.0sw3-1(config-if)#no shutsw3-1(config-if)#exitsw3-1(config)#interface vlan 30sw3-1(config-if)#ip address 192.168.3.1 255.255.255.0sw3-1(config-if)#no shutsw3-1(config-if)#interface vlan 40sw3-1(config-if)#ip ad 192.168.4.1 255.255.255.0sw3-1(config-if)#no shutsw3-1(config-if)#exitsw3-1(config)#interface rang f0/1 - 4 配置trunksw3-1(config-if-range)#sw m tsw3-1(config-if-range)#exitsw3-1(config)#interface f0/0sw3-1(config-if)#no switchport 启动三层接⼝sw3-1(config)#interface f0/0sw3-1(config-if)#ip address 10.0.0.1 255.0.0.0 配置接⼝ipsw3-1(config-if)#no shutsw3-1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.3 配置默认路由sw3-1(config)#router rip 启⽤rip协议sw3-1(config-router)#network 192.168.1.0sw3-1(config-router)#network 192.168.2.0sw3-1(config-router)#network 192.168.3.0sw3-1(config-router)#network 192.168.4.0sw3-1(config-router)#network 10.0.0.0查看路由表3、配置dhcp路由器dhcp(config)#interface f0/0dhcp(config-if)#ip addressdhcp(config-if)#ip address 10.0.0.3 255.0.0.0dhcp(config-if)#interface 192.168.237.1 255.255.255.0dhcp(config)#inte e1/0dhcp(config-if)#ip add 192.168.237.1 255.255.255.0dhcp(config-if)#no shutdhcp(config-if)#exitdhcp(config)#router ripdhcp(config-router)#network 10.0.0.0dhcp(config-router)#network 192.168.237.0show ip route 同上dhcp(config)#ip dhcp pool apple 建⽴地址池dhcp(dhcp-config)#network 192.168.0.0 255.255.0.04、在三层交换指定dhcp服务器即路由器的ip 地址。

思科模拟器——DHCP服务器中继实验2017-7-9基于思科模拟器ZKY正品体育思科模拟器DHCP服务器中继实验【DHCP服务器中继案例1】只有⼀个⽹段的DHCP中继其中路由器作为DHCP服务器，交换机作为中继⼀、交换机配置过程Switch>Switch>enSwitch#confSwitch(config)#vlan 10 创建VLAN 10Switch(config-vlan)#exitSwitch(config)#int vlan 10Switch(config-if)#ip address 192.168.10.254 255.255.255.0 为VLAN 10配置地址Switch(config-if)#no shut 开启虚拟接⼝Switch(config-if)#exitSwitch(config)#int fa0/1Switch(config-if)#switchport access vlan 10 将fa0/1加⼊vlan 10Switch(config-if)#exitSwitch(config)#int fa0/24Switch(config-if)#no switchport 将交换⼝转换为路由⼝Switch(config-if)#ip adSwitch(config-if)#ip address 172.16.1.1 255.255.255.0Switch(config-if)#no shutSwitch(config-if)#exSwitch(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2Switch(config-if)#Switch(config-if)#exitSwitch(config)#int vlan 10Switch(config-if)#ip ?access-group Specify access control for packetsaddress Set the IP address of an interfacehello-interval Configures IP-EIGRP hello intervalhelper-address Specify a destination address for UDP broadcasts nat NAT interface commandsospf OSPF interface commandsproxy-arp Enable proxy ARPsplit-horizon Perform split horizonsummary-address Perform address summarizationSwitch(config-if)#ip helpSwitch(config-if)#ip helper-address 172.16.1.2Switch(config-if)#endSwitch#%SYS-5-CONFIG_I: Configured from console by consoleSwitch#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 172.16.1.2 to network 0.0.0.0172.16.0.0/24 is subnetted, 1 subnetsC 172.16.1.0 is directly connected, FastEthernet0/24C 192.168.10.0/24 is directly connected, Vlan10S* 0.0.0.0/0 [1/0] via 172.16.1.2Switch#confConfiguring from terminal, memory, or network [terminal]?Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#ip routingSwitch(config)#endSwitch#%SYS-5-CONFIG_I: Configured from console by consoleSwitch#wrBuilding configuration...⼆、路由器配置过程Router>enRouter#confRouter(config)#int f0/0Router(config-if)#ip address 172.16.1.2 255.255.255.0Router(config-if)#exitRouter(config)#ip dhcp ?excluded-address Prevent DHCP from assigning certain addressespool Configure DHCP address poolsRouter(config)#ip dhcp excluded-address 192.168.10.254 排除地址，避免客户端获得此IP地址产⽣冲突Router(config)#ip dhcp pool vlan10 （创建地址池vlan10）Router(dhcp-config)#? (通过？可以知道DHCP服务器可以配置哪些选项)default-router Default routersdns-server Set name serverexit Exit from DHCP pool configuration modenetwork Network number and maskno Negate a command or set its defaultsoption Raw DHCP optionsRouter(dhcp-config)#default-router 192.168.10.254 （为客户端配置默认⽹关）Router(dhcp-config)#dns-server 192.168.10.254 （为客户端配置DNS）Router(dhcp-config)#netRouter(dhcp-config)#network 192.168.10.0 255.255.255.0 （客户端所在⽹络及掩码）Router(dhcp-config)#end Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1Router(config)#int fa0/0Router(config-if)#no shut【DHCP服务器中继案例2】有多个⽹段的DHCP中继⼀、交换机配置过程Switch>enSwitch#conf tEnter configuration commands, one per line. End with CNTL/Z.1.创建vlan 10，vlan20，vlan 30Switch(config)#vlan 10Switch(config-vlan)#vlan 20Switch(config-vlan)#vlan 30Switch(config-vlan)#2.为3个vlan创建相应的IP地址，并在vlan中创建中继，指向DHCP服务器地址Switch(config)#interface vlan 10Switch(config-if)#ip address 192.168.10.254 255.255.255.0Switch(config-if)#ip helper-address 172.16.1.2Switch(config)#interface vlan 20Switch(config-if)#ip address 192.168.20.254 255.255.255.0Switch(config-if)#ip helper-address 172.16.1.2Switch(config-if)#exitSwitch(config)#interface vlan 30Switch(config-if)#ip address 10.0.0.1 255.0.0.0Switch(config-if)#ip helper-address 172.16.1.23.将fa0/1，fa0/11，fa0/21分别加⼊vlan 10，vlan 20，vlan 30 Switch(config)#interface fastEthernet 0/1Switch(config-if)#switchport access vlan 10Switch(config)#interface fastEthernet 0/11Switch(config-if)#switchport access vlan 20Switch(config-if)#exitSwitch(config)#interface fastEthernet 0/21Switch(config-if)#switchport access vlan 30Switch(config-if)#Switch(config-if)#4.将fa0/24设置为路由⼝，并设置IP地址Switch(config)#interface fastEthernet 0/24Switch(config-if)#no switchportSwitch(config-if)#ip address 172.16.1.1 255.255.255.252 Switch(config-if)#5.设置默认路由，指向下⼀跳地址（即路由器接⼝地址）Switch(config-if)#exitSwitch(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2Switch(config)#6.交换机开启路由功能（总是会忘记这个，忘记了N次了）Switch(config)#ip routing7.保存配置Switch(config)#exitSwitch#%SYS-5-CONFIG_I: Configured from console by console Switch#wrBuilding configuration...[OK]Switch#⼆、路由器配置过程1.为路由器接⼝fa0/0配置IP地址，并开启接⼝Router>enRouter#conf tRouter(config)#interface fastEthernet 0/0Router(config-if)#ip address 172.16.1.2 255.255.255.252Router(config-if)#no shutdown （路由器默认情况下端⼝是禁⽤的，所以要开启，⽽交换机默认情况下端⼝是开启的，所以不需要敲此条命令）Router(config-if)#2.添加排除地址，避免客户端获得如下地址，产⽣IP地址冲突。

Cisco 3750交换机配置DHCP2009-02-27 14:53Cisco 3750交换机配置DHCP服务器实例网络环境：一台3750交换机，划分三个vlan, vlan2 为服务器所在网络，命名为server,IP地址段为192.168.2.0,子网掩码:255.255.255.0,网关:192.168.2.1,域服务器为windows 2003 advance server,同时兼作DNS服务器，IP地址为192.168.2.10,vlan3为客户机1所在网络，IP地址段为192.168.3.0,子网掩码:255.255.255.0,网关:192.168.3.1命名为work01,vlan4为客户机2所在网络,命名为work02,IP地址段为192.168.4.0,子网掩码:255.255.255.0,网关:192.168.4.1,3750作DHCP服务器,端口1-8划到VLAN 2，端口9-16划分到VLAN 3,端口17-24划分到VLAN 4.DHCP服务器实现功能:各VLAN保留2-10的IP地址不分配置,例如:192.168.2.0的网段,保留192.168.2.2至192.168.2.10的IP地址段不分配.安全要求:VLAN 3和VLAN 4 不允许互相访问,但都可以访问服务器所在的VLAN 2, 默认访问控制列表的规则是拒绝所有包。

配置命令及步骤如下：第一步：创建VLAN：Switch>enSwitch#Vlan DatabaseSwitch(Vlan)>Vlan 2 Name serverSwitch(Vlan)>Vlan 3 Name work01Switch(vlan)>Vlan 4 Name work02第二步：设置VLAN IP地址：Switch#Config TSwitch(Config)>Int Vlan 2Switch(Config-vlan)Ip Address 192.168.2.1 255.255.255.0Switch(Config-vlan)No ShutSwitch(Config-vlan)>Int Vlan 3Switch(Config-vlan)Ip Address 192.168.3.1 255.255.255.0Switch(Config-vlan)No ShutSwitch(Config-vlan)>Int Vlan 4Switch(Config-vlan)Ip Address 192.168.4.1 255.255.255.0Switch(Config-vlan)No ShutSwitch(Config-vlan)Exit/*注意：由于此时没有将端口分配置到VLAN2，3，4，所以各VLAN会DOWN 掉，待将端口分配到各VLAN后，VLAN会起来*/第三步：设置端口全局参数Switch(Config)Interface Range Fa 0/1 - 24Switch(Config-if-range)Switchport Mode AccessSwitch(Config-if-range)Spanning-tree Portfast第四步：将端口添加到VLAN2，3，4中/*将端口1-8添加到VLAN 2*/Switch(Config)Interface Range Fa 0/1 - 8Switch(Config-if-range)Switchport Access Vlan 2/*将端口9-16添加到VLAN 3*/Switch(Config)Interface Range Fa 0/9 - 16Switch(Config-if-range)Switchport Access Vlan 3/*将端口17-24添加到VLAN 4*/Switch(Config)Interface Range Fa 0/17 - 24Switch(Config-if-range)Switchport Access Vlan 4Switch(Config-if-range)Exit/*经过这一步后，各VLAN会起来*/第五步：配置3750作为DHCP服务器/*VLAN 2可用地址池和相应参数的配置,有几个VLAN要设几个地址池*/ Switch(Config)Ip Dhcp Pool Test01/*设置可分配的子网*/Switch(Config-pool)Network 192.168.2.0 255.255.255.0/*设置DNS服务器*/Switch(Config-pool)Dns-server 192.168.2.10/*设置该子网的网关*/Switch(Config-pool)Default-router 192.168.2.1/*配置VLAN 3所用的地址池和相应参数*/Switch(Config)Ip Dhcp Pool Test02Switch(Config-pool)Network 192.168.3.0 255.255.255.0Switch(Config-pool)Dns-server 192.168.2.10Switch(Config-pool)Default-router 192.168.3.1/*配置VLAN 4所用的地址池和相应参数*/Switch(Config)Ip Dhcp Pool Test03Switch(Config-pool)Network 192.168.4.0 255.255.255.0Switch(Config-pool)Dns-server 192.168.2.10Switch(Config-pool)Default-router 192.168.4.1第六步:设置DHCP保留不分配的地址Switch(Config)Ip Dhcp Excluded-address 192.168.2.2 192.168.2.10 Switch(Config)Ip Dhcp Excluded-address 192.168.3.2 192.168.3.10 Switch(Config)Ip Dhcp Excluded-address 192.168.4.2 192.168.4.10第七步:启用路由/*路由启用后,各VLAN间主机可互相访问*/Switch(Config)Ip Routing第八步:配置访问控制列表Switch(Config)access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255Switch(Config)access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255Switch(Config)access-list 103 permit udp any any eq bootpcSwitch(Config)access-list 103 permit udp any any eq tftpSwitch(Config)access-list 103 permit udp any eq bootpc anySwitch(Config)access-list 103 permit udp any eq tftp anySwitch(Config)access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255Switch(Config)access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255Switch(Config)access-list 104 permit udp any eq tftp anySwitch(Config)access-list 104 permit udp any eq bootpc anySwitch(Config)access-list 104 permit udp any eq bootpc anySwitch(Config)access-list 104 permit udp any eq tftp any第九步:应用访问控制列表/*将访问控制列表应用到VLAN 3和VLAN 4,VLAN 2不需要*/Switch(Config)Int Vlan 3Switch(Config-vlan)ip access-group 103 outSwitch(Config-vlan)Int Vlan 4Switch(Config-vlan)ip access-group 104 out第十步：结束并保存配置Switch(Config-vlan)EndSwitch#write memory。

本案例使用Cisco三层交换机结合Mikrotik Routeros配置OSPF动态路由及多Vlan Dhcp服务器中继配置。

使用设备如下三层交换机：Cisco 3550 EMI接入层交换机：HUAWEI Quidway S2008Mikrotik RouterOs 3.13配置目的：验证Routeros OSPF动态路由及DHCP中继配置文档：ip routing#开启路由功能#ip dhcp excluded-address 10.100.0.100#设置dhcp服务器ip地址#interface FastEthernet0/2switchport trunk encapsulation dot1qswitchport mode trunk#设置与2层交换机互联的trunk端口#interface FastEthernet0/23switchport access vlan 2switchport mode accessspanning-tree portfast#设置与ros连接的端口的vlan#interface Vlan2description serverip address 10.100.0.1 255.255.255.0#设置3层交换机vlan接口ip#!interface Vlan3description officeip address 10.100.3.1 255.255.255.0ip helper-address 10.100.0.100!#设置3层交换机vlan接口ip及配置dhcp中继#interface Vlan4description salesip address 10.100.4.1 255.255.255.0ip helper-address 10.100.0.100!#设置3层交换机vlan接口ip及配置dhcp中继#interface Vlan5description usersip address 10.100.5.1 255.255.255.0ip helper-address 10.100.0.100!#设置3层交换机vlan接口ip及配置dhcp中继#router ospf 10router-id 10.100.0.1log-adjacency-changesnetwork 10.100.0.0 0.0.255.255 area 10.100.0.0#配置ospf进程及area信息#HUAWEI Quidway S2008 配置：interface Ethernet0/6switchport access vlan 5!#配置用户端口#interface Ethernet0/7switchport access vlan 3!#配置用户端口#interface Ethernet0/8switchport access vlan 4#配置用户端口#interface Ethernet0/9switchport mode trunkswitchport trunk allowed vlan all!#设置与3层交换机互联的trunk端口#Mikrotik Routeros:/ip pooladd name="vlan3" ranges=10.100.3.2-10.100.3.254add name="vlan4" ranges=10.100.4.2-10.100.4.254add name="vlan5" ranges=10.100.5.2-10.100.5.254#设置不同Vlan的地址池#/ip dhcp-serveradd address-pool=vlan3 authoritative=after-2sec-delay bootp-support=static \ disabled=no interface=in lease-time=3d name="vlan3" relay=10.100.3.1 add address-pool=vlan4 authoritative=after-2sec-delay bootp-support=static \ disabled=no interface=in lease-time=3d name="vlan4" relay=10.100.4.1 add address-pool=vlan5 authoritative=after-2sec-delay bootp-support=static \ disabled=no interface=in lease-time=3d name="vlan5" relay=10.100.5.1#设置Dhcp-server 使之支持Dhcp中继#/routing ospf areaadd area-id=0.0.0.0 authentication=none disabled=no name="backbone" \type=defaultadd area-id=10.100.0.0 authentication=none disabled=no name="area1" \type=default#配置ospf area#/ip addressadd address=10.100.0.100/24 broadcast=10.100.0.255 comment="" disabled=no \ interface=in network=10.100.0.0#配置内部IP地址#/ip dnsset allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \max-udp-packet-size=512 primary-dns=192.168.100.208 \#配置dns#/ip firewall natadd action=masquerade chain=srcnat comment="" disabled=no \src-address=10.100.0.0/16#配置NAT#/routing ospfset distribute-default=always-as-type-2 metric-bgp=20 metric-connected=20 \metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified \mpls-te-router-id=unspecified redistribute-bgp=no \redistribute-connected=no redistribute-rip=no redistribute-static=no \router-id=10.100.100.2/routing ospf interfaceadd authentication=none authentication-key="" cost=10 dead-interval=40s \disabled=no hello-interval=10s interface=in network-type=broadcast \passive=no priority=1 retransmit-interval=5s transmit-delay=1s/routing ospf networkadd area=area1 disabled=no network=10.100.0.0/16#配置OSPF路由协议#cisco3550#show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static routeGateway of last resort is 10.100.0.100 to network 0.0.0.010.0.0.0/24 is subnetted, 4 subnetsC 10.100.4.0 is directly connected, Vlan4C 10.100.5.0 is directly connected, Vlan5C 10.100.3.0 is directly connected, Vlan3C 10.100.0.0 is directly connected, Vlan2O*E2 0.0.0.0/0 [110/1] via 10.100.0.100, 01:09:52, Vlan2[admin@MikroTik] /ip route> printFlags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit# DST-ADDRESS PREF-SRC GATEWAY-STATEGATEWAY DISTANCE INTERFACEADS 0.0.0.0/0 reachable 192.168.18.1 0 o ut1ADC 10.100.0.0/24 10.100.0.100 0 in2ADo 10.100.3.0/24 reachable 10.100.0.1 110 in3ADo 10.100.4.0/24 reachable 10.100.0.1 110 in4ADo 10.100.5.0/24 reachable 10.100.0.1 110 in5ADC 192.168.18.0/24 192.168.18.158 0 out。