|
|
本帖最后由 kingair 于 2010-10-21 19:17 编辑
1.客户现场环境:
客户是cisco2651路由器有两个网口f0/0(接外网),f0/1(接内网)用R表示
三台cisco2950交换机A,B,C,A直接与R相连接,B,C连接到A上,
2.客户现在的配置是:
在路由器上配置了一个DHCP地址池,下面所有的交换机的端口自动获得192.168.0.1/24的地址上网。
3.客户现在有的问题:
由于是酒店客人的电脑可能中毒,如果中了ARP,就会影响全部网内用户不能上网。
4.客户的需求:
要划分不同的vlan来防止ARP,建立不同的DHCP地址池,不同的vlan自动获得到不同的地址来上网。
例如路由器上建立192.168.1.1--100,192.168.2.1--100,........192.168.10.1---100这10个DHCP地址池。
在路由器上建立10个vlan,vlan2,vlan2---vlan11,给交换机某个端口分配一个vlan2,能自动从192.168.1.1---100这个地址池中获得IP地址,不用手动指派。
-----------------
我在公司做的实验,由于没有公网地址,我就用192.168.10.53/24 代替了公网IP,
其他的都是按照真实环境搭建。
我的配置如下:
Router#show run
Router#show running-config
Building configuration...
Current configuration : 2112 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$uPOI$memYJgM.26TRqyKuplXDq1
!
no aaa new-model
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool One
network 192.168.40.0 255.255.255.0
dns-server 202.106.0.20
default-router 192.168.40.1
lease 0 0 1
!
ip dhcp pool Two
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 202.106.0.20 202.106.46.151
lease 0 0 1
!
ip dhcp pool Three
network 192.168.30.0 255.255.255.0
dns-server 202.106.0.20
default-router 192.168.30.1
lease 0 0 1
!
!
multilink bundle-name authenticated
!
!
!
username longtel secret 5 $1$aD3L$5Gaw8bGXy66a5FSDul5eF0
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.53 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description To-Switch_A
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.5
description MGMT
encapsulation dot1Q 5
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.40
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!
!
no ip http server
ip nat source list neiwang interface FastEthernet0/0 overload
!
ip access-list standard neiwang
permit 192.168.0.0 0.0.255.255
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login local
!
scheduler allocate 20000 1000
!
end
Router#
=================
===========================
交换机配置:
Switch_A#show running-config
Building configuration...
Current configuration : 1921 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch_A
!
enable secret 5 $1$wK12$S3s7hdzyE7bDJDSgjFoKN/
!
username longtel secret 5 $1$lJfb$2pWhZGFZsRAod4hK..8J./
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
vtp domain mode
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 5
name MGMT
!
vlan 10,20,30,40,50,60,101
!
vlan 111
name admin
!
vlan 403-404
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
description DHCP-One
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/10
description DHCP-Two
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/11
description DHCP-Three
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
switchport mode trunk
!
interface FastEthernet0/24
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan5
ip address 10.0.0.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.0.1
ip http server
!
line con 0
login local
line vty 0 4
login local
line vty 5 15
login
!
!
end
Switch_A#
-------------------------
通过实验可以证明 在不同的vlan下 能自动获得不同网段的IP地址,
现在存在的问题是,获得到IP地址之后不能上网。。
我不知道哪里配置的不对。请高手指正下。。。。。。。
感谢!!!! |
|
|熊猫同学技术论坛|小黑屋|
网络工程师论坛
( 沪ICP备09076391 )
发表于 2010-10-21 18:57:24
提升卡
置顶卡
变色卡
显身卡
楼主