Acl 与Dhcp
swi2#show startup-config!
hostname swi2
vlan 1
!
vlan 16
!
vlan 17
!
vlan 18
!
vlan 21
!
vlan 22
!
vlan 28
!
!
no service password-encryption
service dhcp
ip helper-address 192.168.8.211
!
!
ip access-list extended 120
10 permit ip any 192.168.8.0 0.0.0.255
20 permit ip any 192.168.5.0 0.0.0.255
30 permit ip any 192.168.0.0 0.0.0.255
40 permit ip 192.168.16.0 0.0.0.255 192.168.16.0 0.0.0.255
50 permit ip 192.168.17.0 0.0.0.255 192.168.17.0 0.0.0.255
60 permit ip 192.168.18.0 0.0.0.255 192.168.18.0 0.0.0.255
70 permit ip 192.168.21.0 0.0.0.255 192.168.21.0 0.0.0.255
80 permit ip 192.168.22.0 0.0.0.255 192.168.22.0 0.0.0.255
90 permit ip 192.168.24.0 0.0.0.255 192.168.24.0 0.0.0.255
100 permit ip 192.168.28.0 0.0.0.255 192.168.28.0 0.0.0.255
110 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
120 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
130 permit ip any any
!
ip access-list extended 139
20 permit ip any 192.168.0.0 0.0.0.255
30 permit ip any 192.168.8.0 0.0.0.255
40 permit ip any 192.168.5.0 0.0.0.255
50 permit ip 192.168.8.0 0.0.0.255 any
60 deny ip any any
!
enable secret level 1 5 $1$TBmn$sF7Fs80F02qADzvp
enable secret 5 $1$h23u$wx0Avrzxv21wtrFq
enable password pw10
enable service ssh-server
enable service web-server
!
interface FastEthernet 0/1
switchport access vlan 16
description 603
!
interface FastEthernet 0/2
switchport access vlan 16
description 603
!
interface FastEthernet 0/3
switchport access vlan 17
description 604
!
interface FastEthernet 0/4
switchport access vlan 17
description 604
!
interface FastEthernet 0/5
switchport access vlan 18
!
interface FastEthernet 0/6
switchport access vlan 18
!
interface FastEthernet 0/7
!
interface FastEthernet 0/8
!
interface FastEthernet 0/9
switchport access vlan 21
storm-control broadcast
storm-control multicast
!
interface FastEthernet 0/10
switchport access vlan 21
storm-control broadcast
storm-control multicast
!
interface FastEthernet 0/11
switchport access vlan 22
storm-control broadcast
storm-control multicast
description To704
!
interface FastEthernet 0/12
switchport access vlan 22
storm-control broadcast
storm-control multicast
description To705
!
interface FastEthernet 0/13
!
interface FastEthernet 0/14
!
interface FastEthernet 0/15
switchport access vlan 28
storm-control broadcast
storm-control multicast
description JS103
!
interface FastEthernet 0/16
switchport access vlan 28
storm-control broadcast
storm-control multicast
description Fiber-To-B201
!
interface FastEthernet 0/17
switchport access vlan 28
storm-control broadcast
storm-control multicast
description 606RJ1-Port24
!
interface FastEthernet 0/18
switchport access vlan 28
storm-control broadcast
storm-control multicast
description 201RJ-Port24
!
interface FastEthernet 0/19
!
interface FastEthernet 0/20
!
interface FastEthernet 0/21
switchport access vlan 22
!
interface FastEthernet 0/22
switchport access vlan 22
!
interface FastEthernet 0/23
switchport access vlan 22
!
interface FastEthernet 0/24
switchport access vlan 22
!
interface GigabitEthernet 0/25
description ZhMain-port26
!
interface GigabitEthernet 0/26
!
interface GigabitEthernet 0/27
!
interface GigabitEthernet 0/28
!
interface VLAN 1
ip address 192.168.0.9 255.255.255.0
!
interface VLAN 16
ip access-group 120 in
ip address 192.168.16.1 255.255.255.0
description ComputerLab
!
interface VLAN 17
ip access-group 120 in
ip address 192.168.17.1 255.255.255.0
description ComputerLab
!
interface VLAN 18
ip access-group 120 in
ip address 192.168.18.1 255.255.255.0
description ComputerLab
!
interface VLAN 21
ip access-group 120 in
ip address 192.168.21.1 255.255.255.0
description ComputerLab
!
interface VLAN 22
ip access-group 139 in
ip address 192.168.22.1 255.255.255.0
description ComputerLab
!
interface VLAN 28
ip access-group 120 in
ip address 192.168.28.1 255.255.255.0
description ClassRoom
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
end
swi2#
======================
大家帮忙看看是怎么回事?vlan 22应用了139号控制列表,导致Dhcp中继代理无法使用,无法得到IP地址,但是手动配置后可以ping同192.168.0.0
192.168.5.0 和192.168.8.0
我的DhCp服务器地址是:192.168.8.211 访问控制列表已经放行了8段网,而无法得到IP,
回复
该交换机上有7个Vlan,分别连接7个自网,而Dhcp服务器跨网段 DHCP所在网段和VLAN22在不同网段,需要DHCP中继:interface vlan 22
ip helper-address 192.168.8.211 我也不是很明白的呀
http://www.pplive4.cn/images/sigline.gif
十二之天2是赤着脚踩在水里扶你通过到您家后您倒头就睡我帮你打来井水穿越火线下载擦完脸洗过脚才依依不舍地拉门离开后您又三次到我家游说我的路尼亚战记官网
页:
[1]