Network Environment: A 3550EMI switch is divided into three VLANs. vlan2 is the network where the server is located and is named server. The IP address segment t-[/[Xm1S3 is 192.168.2.0, subnet mask: 255.255.255.0, Gateway: 192.168.2.1 the Domain Server is windows 2000 advanceserver and serves as a DNS server. The IP address is 192.168.2.10, vlan3 is the network where client 1 is located, the IP address segment is 192.168.3.0, The subnet mask is 255.255.255.0, And the Gateway: 192.168.3.1 is named work01, vlan4 is the network where client 2 is located, named work02, IP address segment is 192.168.4.0, subnet mask: 255.255.255.0, Gateway: 192.168.4.1, 3550 as DHCP server, ports 1-8 are allocated to VLAN2, ports 9-16 are divided into VLAN 3, and ports 17-24 are allocated to VLAN 4. Q p g yTH * @/F ~ Q j www.2cto.com DHCP server implementation function: I c} ^ Jz0 & m1 ^ U 7 m each VLAN retains 2-10 IP addresses regardless of configuration, such as: 192.168.2.0 network segment, the IP address ranges from 192.168.2.2 to 192.168.2.10 are not allocated. HL, O + Pi ~ W hs $ ^ f j 63 security requirements: f +> _ e, B ;"
D ^ k'vyxyo VLAN 3 and VLAN 4 are not allowed to access each other, but both can access VLAN 2, n] = 2 ~ ZrJL9K>) E? P The default access control list rule is to reject all packages. P 7 j} U) L73n] e (www.2cto.com) configuration command and steps are as follows: (+ D0 ~ VR 7] IW \ W ~ F, Step 1: Create a VLAN: $ V % z4xx #? I (qBb Switch> en/<P] 8> XA Switch # Vlan Database #8 // ^ KP Switch (Vlan)> Vlan 2 Name server krZ &; 0. switch (Vlan)> Vlan 3 Name work01 ^: 1k \ Dt_H Switch (vlan)> Vlan 4 Name work02 dHL $-e G _ n j> FR> N
Step 2: Set the vlan ip Address: P 16x & fu T "VSY {| Switch # Config T) 8c! JV> k Switch (Config)> Int Vlan 2: 9} h: z3 [Switch (Config-vlan) Ip Address 192.168.2.1 255.255.255.0 cam5C tS0 Switch (Config-vlan) no Shut {D ~ O JklAN Switch (Config-vlan)> Int Vlan 3! MA l wm Switch (Config-vlan) Ip Address 192.168.3.1 255.255.255.0 us "; q z * R Switch (Config-vlan) No Shut 7'2r \/N) switch (Config-vlan)> Int Vlan 4 1! #] Nlv] W Switch (Config-vlan) Ip Address 192.168.4.1 255.255.255.0 * Z ", o7z! H Switch (Config-vlan) No Shut =! | Y: z] Switch (Config-vlan) Exit {! ] '8, nM u C +/* Note: Because the port is not configured to VLAN2, 3, 4 at this time, each VLAN is DOWN. After the port is allocated to each VLAN, VLAN starts up */"t. E 9U B Kw86 ": 8 www.2cto.com
Step 3: Set the port global parameter {tsf-cx kE w _ 0] T-% 0 Switch (Config) interface Range Fa 0/1-24 _ | dT % ZI1 Switch (Config-if-range) Switchport Mode Access <^ 'y9d *] Switch (Config-if-range) spanning-tree Portfast BBcZ <us. 1 \~ 2 UF 3 Step 4: add the port to VLAN2, 3, 4, I uRCP s O J ^ p [/* add Port 1-8 to VLAN 2 */SV ~! I (h) 6 Switch (Config) Interface Range Fa 0/1-8 LO/, g _ C Switch (Config-if-range) switchport Access Vlan 2 4 at hIw]-L @ g} 8F
/* Add Port 9-16 to VLAN 3 */fq tFe % t Switch (Config) Interface Range Fa 0/9-16 7O [2 # & 7n) Switch (Config-if-range) switchport Access Vlan 3 [Tu) _ $ Rci @?! ) K9 ~ M3/* add Port 17-24 to VLAN 4 */sPtDg} T [4 Switch (Config) Interface Range Fa 0/17-24 p mdt4CZ3 (Switch (Config-if-range) switchport Access Vlan 4 E zze = WP # Switch (Config-if-range) Exit w7'/E l pPFR $ A/* after this step, each VLAN will get up */6 "s sxhk o8L: u RC2 Step 5: Configure 3550 as a DHCP server & P14HfW @. (^ Y] K/c ~ 64N www.2cto.com
/* VLAN 2 available address Pool and corresponding parameter configuration. Several VLANs need to be configured with address pools */f k rvk Switch (Config) Ip Dhcp Pool Test01 ~ @ Ou8 | B =/* set the allocable subnet */| T x $ _ I Switch (Config-pool) Network 192.168.2.0 255.255.255.0 ~ # {['R {yF/* Set DNS server */y = ep rt4 Switch (Config-pool) Dns-server 192.168.2.10 r$ ko ~ QT} 2 =/* set the gateway for this subnet */y,>/at1 'Switch (Config-pool) Default-router 192.168.2.1? PTx I 7 hP + $ m-
/* Address Pool used to configure VLAN 3 and corresponding parameters */-7AW p l Switch (Config) Ip Dhcp pool Test02 bS KG, C8 Switch (Config-Pool) network 192.168.3.0 255.255.255.0] k n p L Switch (Config-pool) Dns-server 192.168.2.10 \ D "w @ 7Nr Switch (Config-pool) Default-router 192.168.3.1 3 '"#. ho m 0; v> B/* address pool used to configure VLAN 4 and corresponding parameters */[d = g ~ Jnqc Switch (Config) Ip Dhcp Pool Test03 "Od % &? Switch (Config-pool) Network 192.168.4.0 255.255.255.0 c q x v j Switch (Config-pool) Dns-server 192.168.2.10 = z, R _ 3I Switch (Config-pool) default-router 192.168.4.1 (C % C. h9 zKcrA # Q
Step 6: Set DHCP to retain unassigned address R g0 [s5lm "! U v7 Uq Switch (Config) Ip Dhcp Excluded-address 192.168.2.2 192.168.2.10 k 0Ato TtJSwitch (Config) Ip Dhcp Excluded-address 192.168.3.2 192.168.3.10 Mzc *> & % Switch (Config) ip Dhcp Excluded-address 192.168.4.2 192.168.4.10 Z = [Oc Xoek 1f www.2cto.com Step 7: enable routing RL? <I8y * gT F >}| aV} after the ts/* route is enabled, hosts in different VLANs can access each other */E hJD @ cz R Switch (Config) ip Routing E lmn L ^: tz qq # | l
Step 8: configure the access control list m ufN k 1 P/N M_H1o, W Switch (Config) access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.255 [Y z @ _ Switch (Config) access-list 103 permit ip 192.168.3.0 0.0.255 192.168.2.0 0.0.0.255 tU1D? B3Dt Switch (Config) access-list 103 permit udp any eq bootpc [$ x v'7 Switch (Config) access-list 103 permit udp any eq tftp (BL] fR $ ^ Switch (Config) access-list 103 permit udp any eq bootpc any 8bD] '$
Switch (Config) access-list 103 permit udp any eq tftp any t ~ Ta {A Switch (Config) access-list 104 permit ip 192.168.2.0 0.0.255 192.168.4.0 0.0.0.255 0 q S ^ Wk F Switch (Config) access-list 104 permit ip 192.168.4.0 0.0.255 192.168.2.0 0.0.0.255 k iz (~ 8 Switch (Config) access-list 104 permit udp any eq tftp any G5d & | _ 2o ~ # Switch (Config) access-list 104 permit udp any eq bootpc any 1r NtPr C' Switch (Config) access-list 104 permit udp any eq bootpc any Q k \ DKG + |] c I C [Dl www.2cto.com Switch (Config) access-list 104 permit udp any eq tftp any uj? LRP =} Y z. m {& NN
Step 9: Application access control list k # wLa: q Wkw ~ V,/* apply the access control list to VLAN 3 and VLAN 4. VLAN 2 does not need */huT 'ylvp5l Switch (Config) int Vlan 3 oc} e & E {R Switch (Config-vlan) ip access-group 103 out FIDdBBJ $ Switch (Config-vlan) Int Vlan 4; _ '& \ 9 0 Switch (Config-vlan) ip access-group 104 out 4ebS9 _ xU w t =] z
Step 10: end and save the configuration J '@ U ~ F28I % 0Db> g/cP Switch (Config-vlan) End gO6! Aq9. Switch # Copy Run Start
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
