CISCO3550 Open the DHCP service and automatically assigns IP addresses to the VLAN on it

Network environment: A 3550EMI switch, divided into three vlan,vlan2 for the server network, named SERVER,IP address segment is 192.168.2.0, Subnet mask: 255.255.255.0, Gateway: 192.168.2.1, domain Server for Windows Advance Server, concurrently as a DNS server, IP address is 192.168.2.10,vlan3 for client 1 network, IP address segment is 192.168.3.0, Subnet mask: 255.255.255.0, Gateway: 192.168.3.1 named WORK01,VLAN4 for Client 2 network, named Work02,ip Address segment 192.168.4.0, subnet mask: 255.255.255.0, Gateway: 192.168.4.1,3550 for DHCP server, port 1-8 to VLAN 2, Port 9-16 to VLAN 3, Port 17-24 to VLAN 4.
DHCP Server implementation features:
Each VLAN retains 2-10 of the IP address configuration, such as: 192.168.2.0 network segment, keep 192.168.2.2 To 192.168.2.10 IP address segment is not allocated.
Security Requirements:
VLAN 3 and VLAN 4 do not allow access to each other, but all can access the server's VLAN 2,
The rule for the default Access control list is to reject all packages.
The configuration commands and steps are as follows:
First step: Create VLAN:
switch>en
Switch#vlan Database
Switch (Vlan) >vlan 2 Name Server
Switch (Vlan) >vlan 3 Name work01
Switch (VLAN) >vlan 4 Name work02
Step two: Set VLAN IP address:
Switch#config T
Switch (Config) >int Vlan 2
Switch (Config-vlan) Ip address 192.168.2.1 255.255.255.0
Switch (Config-vlan) No shut
Switch (Config-vlan) >int VLAN 3
Switch (Config-vlan) Ip address 192.168.3.1 255.255.255.0
Switch (Config-vlan) No shut
Switch (Config-vlan) >int VLAN 4
Switch (Config-vlan) Ip address 192.168.4.1 255.255.255.0
Switch (Config-vlan) No shut
Switch (Config-vlan) Exit
/* Note: Because the port is not configured to vlan2,3,4 at this time, so the VLAN will be down, the port will be assigned to each VLAN, the VLAN will rise * * *
Step three: Set port global parameters
Switch (Config) Interface Range Fa 0/1-24
Switch (config-if-range) switchport Mode Access
Switch (config-if-range) Spanning-tree Portfast
Step Fourth: Add the port to the vlan2,3,4
/* Add Port 1-8 to the VLAN 2*/
Switch (Config) Interface Range Fa 0/1-8
Switch (config-if-range) switchport Access Vlan 2
/* Add Port 9-16 to the VLAN 3*/
Switch (Config) Interface Range Fa 0/9-16
Switch (config-if-range) switchport Access Vlan 3
/* Add Port 17-24 to the VLAN 4*/
Switch (Config) Interface Range Fa 0/17-24
Switch (config-if-range) switchport Access Vlan 4
Switch (Config-if-range) Exit
* * After this step, the VLAN will rise * * *
Step Fifth: Configure 3550 as a DHCP server
/*vlan 2 The available address pool and the corresponding parameters of the configuration, there are several VLANs to set up a few address pool * *
Switch (Config) Ip Dhcp Pool Test01
/* Set the available subnet/
Switch (config-pool) network 192.168.2.0 255.255.255.0
/* Set up a DNS server * *
Switch (config-pool) dns-server 192.168.2.10
/* Set the gateway for this subnet * *
Switch (config-pool) default-router 192.168.2.1
/* Configure the address pool and corresponding parameters for VLAN 3 * *
Switch (Config) Ip Dhcp Pool Test02
Switch (config-pool) network 192.168.3.0 255.255.255.0
Switch (config-pool) dns-server 192.168.2.10
Switch (config-pool) Default-router 192.168.3.1
/* Configure the address pool and corresponding parameters for VLAN 4 * *
Switch (Config) Ip Dhcp Pool Test03
Switch (config-pool) network 192.168.4.0 255.255.255.0
Switch (config-pool) dns-server 192.168.2.10
Switch (config-pool) Default-router 192.168.4.1
Step Sixth: Set DHCP reserved addresses that are not assigned
Switch (Config) Ip Dhcp excluded-address 192.168.2.2 192.168.2.10
Switch (Config) Ip Dhcp excluded-address 192.168.3.2 192.168.3.10
Switch (Config) Ip Dhcp excluded-address 192.168.4.2 192.168.4.10
Step Seventh: Enable routing
/* routing enabled, each VLAN host can access each other *
Switch (Config) Ip Routing
Step Eighth: Configure the Access control list
Switch (Config) access-list permit IP 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
Switch (Config) access-list permit IP 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
Switch (Config) access-list permit UDP Any any of the EQ BOOTPC
Switch (Config) access-list permit udp any or EQ tftp
Switch (Config) access-list permit udp any EQ bootpc any
Switch (Config) access-list permit UDP any EQ
Switch (Config) access-list permit IP 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
Switch (Config) access-list permit IP 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
Switch (Config) access-list permit UDP any EQ
Switch (Config) access-list permit udp any EQ bootpc any
Switch (Config) access-list permit udp any EQ bootpc any
Switch (Config) access-list permit UDP any EQ
Step nineth: Apply access Control Lists
/* Apply access Control list to VLAN 3 and VLAN 4,vlan 2 do not require * *
Switch (Config) Int Vlan 3
Switch (Config-vlan) IP access-group
Switch (Config-vlan) Int VLAN 4
Switch (Config-vlan) IP access-group
Step Tenth: End and save the configuration
Switch (Config-vlan) End
Switch#copy Run Start

Start the DHCP service ........ ...

Service DHCP

Start the DHCP service.

IP dhcp exclude-add 10.30.70.2 10.30.70.100

Two IP addresses are reserved, that is, these two IP addresses are not automatically allocated through DHCP. In this case, the server retains the two IP addresses, which are implemented by the above command.

IP DHCP Ping packets 3

Before assigning an IP address, ping the address, that is, after assigning to a computer IP address to test connectivity, if connectivity is not a problem, the IP address is completely allocated to the corresponding computer, the use of this method to effectively ensure the normal network connection.

IP DHCP Pool 1

NET 10.30.70.0 255.255.255.0

Sets the scope of DHCP, including the IP range and subnet mask.

Default-router 10.30.70.1

Sets the gateway address.

Lease 8

Set the lease for IP addresses obtained by DHCP to 8 days.