雏鹰部落

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
查看: 2458|回复: 4

[讨论/求助] Acl 与Dhcp

[复制链接]
发表于 2009-4-24 17:44:41 | 显示全部楼层 |阅读模式
swi2#show startup-config
!
hostname swi2
vlan 1
!
vlan 16
!
vlan 17
!
vlan 18
!
vlan 21
!
vlan 22
!
vlan 28
!
!
no service password-encryption
service dhcp
ip helper-address 192.168.8.211
!
!
ip access-list extended 120
10 permit ip any 192.168.8.0 0.0.0.255
20 permit ip any 192.168.5.0 0.0.0.255
30 permit ip any 192.168.0.0 0.0.0.255
40 permit ip 192.168.16.0 0.0.0.255 192.168.16.0 0.0.0.255
50 permit ip 192.168.17.0 0.0.0.255 192.168.17.0 0.0.0.255
60 permit ip 192.168.18.0 0.0.0.255 192.168.18.0 0.0.0.255
70 permit ip 192.168.21.0 0.0.0.255 192.168.21.0 0.0.0.255
80 permit ip 192.168.22.0 0.0.0.255 192.168.22.0 0.0.0.255
90 permit ip 192.168.24.0 0.0.0.255 192.168.24.0 0.0.0.255
100 permit ip 192.168.28.0 0.0.0.255 192.168.28.0 0.0.0.255
110 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
120 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
130 permit ip any any
!
ip access-list extended 139
20 permit ip any 192.168.0.0 0.0.0.255
30 permit ip any 192.168.8.0 0.0.0.255
40 permit ip any 192.168.5.0 0.0.0.255
50 permit ip 192.168.8.0 0.0.0.255 any
60 deny ip any any
!
enable secret level 1 5 $1$TBmn$sF7Fs80F02qADzvp
enable secret 5 $1$h23u$wx0Avrzxv21wtrFq
enable password pw10
enable service ssh-server
enable service web-server
!
interface FastEthernet 0/1
switchport access vlan 16
description 603
!
interface FastEthernet 0/2
switchport access vlan 16
description 603
!
interface FastEthernet 0/3
switchport access vlan 17
description 604
!
interface FastEthernet 0/4
switchport access vlan 17
description 604
!
interface FastEthernet 0/5
switchport access vlan 18
!
interface FastEthernet 0/6
switchport access vlan 18
!
interface FastEthernet 0/7
!
interface FastEthernet 0/8
!
interface FastEthernet 0/9
switchport access vlan 21
storm-control broadcast
storm-control multicast
!
interface FastEthernet 0/10
switchport access vlan 21
storm-control broadcast
storm-control multicast
!
interface FastEthernet 0/11
switchport access vlan 22
storm-control broadcast
storm-control multicast
description To704
!
interface FastEthernet 0/12
switchport access vlan 22
storm-control broadcast
storm-control multicast
description To705
!
interface FastEthernet 0/13
!
interface FastEthernet 0/14
!
interface FastEthernet 0/15
switchport access vlan 28
storm-control broadcast
storm-control multicast
description JS103
!
interface FastEthernet 0/16
switchport access vlan 28
storm-control broadcast
storm-control multicast
description Fiber-To-B201
!
interface FastEthernet 0/17
switchport access vlan 28
storm-control broadcast
storm-control multicast
description 606RJ1-Port24
!
interface FastEthernet 0/18
switchport access vlan 28
storm-control broadcast
storm-control multicast
description 201RJ-Port24
!
interface FastEthernet 0/19
!
interface FastEthernet 0/20
!
interface FastEthernet 0/21
switchport access vlan 22
!
interface FastEthernet 0/22
switchport access vlan 22
!
interface FastEthernet 0/23
switchport access vlan 22
!
interface FastEthernet 0/24
switchport access vlan 22
!
interface GigabitEthernet 0/25
description ZhMain-port26
!
interface GigabitEthernet 0/26
!
interface GigabitEthernet 0/27
!
interface GigabitEthernet 0/28
!
interface VLAN 1
ip address 192.168.0.9 255.255.255.0
!
interface VLAN 16
ip access-group 120 in
ip address 192.168.16.1 255.255.255.0
description ComputerLab
!
interface VLAN 17
ip access-group 120 in
ip address 192.168.17.1 255.255.255.0
description ComputerLab
!
interface VLAN 18
ip access-group 120 in
ip address 192.168.18.1 255.255.255.0
description ComputerLab
!
interface VLAN 21
ip access-group 120 in
ip address 192.168.21.1 255.255.255.0
description ComputerLab
!
interface VLAN 22
ip access-group 139 in
ip address 192.168.22.1 255.255.255.0
description ComputerLab
!
interface VLAN 28
ip access-group 120 in
ip address 192.168.28.1 255.255.255.0
description ClassRoom
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
end
swi2#

======================
大家帮忙看看是怎么回事?vlan 22应用了139号控制列表,导致Dhcp中继代理无法使用,无法得到IP地址,但是手动配置后可以ping同192.168.0.0
192.168.5.0 和192.168.8.0
我的DhCp服务器地址是:192.168.8.211 访问控制列表已经放行了8段网,而无法得到IP,
xiao8206 该用户已被删除
发表于 2009-4-24 17:51:31 | 显示全部楼层
提示: 作者被禁止或删除 内容自动屏蔽
 楼主| 发表于 2009-4-24 17:55:50 | 显示全部楼层

回复

 该交换机上有7个Vlan,分别连接7个自网,而Dhcp服务器跨网段
发表于 2009-4-24 21:14:15 | 显示全部楼层
DHCP所在网段和VLAN22在不同网段,需要DHCP中继:
interface vlan 22
ip helper-address 192.168.8.211
发表于 2009-4-25 13:19:35 | 显示全部楼层
我也不是很明白的呀















十二之天2是赤着脚踩在水里扶你通过到您家后您倒头就睡我帮你打来井水穿越火线下载擦完脸洗过脚才依依不舍地拉门离开后您又三次到我家游说我的路尼亚战记官网
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|熊猫同学技术论坛|小黑屋| 网络工程师论坛 ( 沪ICP备09076391 )

GMT+8, 2024-12-24 01:53 , Processed in 0.087633 second(s), 19 queries , Gzip On.

快速回复 返回顶部 返回列表