Cisco 3750 VLAN DHCP ACL requirements configuration

I. Demand
1, divide three VLAN

VLAN2 Server 1-8 Port Network

VLAN3 work01 9-16-Port

Vlan4 work02 17-24-Port

2. Gateway Configuration

192.168.2.1/24

192.168.3.1/24

192.168.4.1/24

3, DHCP and reservation

Each section to open DHCP, each reserved xx.2-xx.10 segment IP for reserved use 192.168.2.10/24 for AD domain server, concurrently as a DNS server, plus two additional alternate DNS 114.114.114.114 8.8.8.8

4, routing

Specifies that the next hop route for all hosts in Intranet is 192.168.1.2, which is Juniper firewall IP.

5. ACL rules

VLAN 3 and VLAN 4 do not allow access to each other, but all have access to the server's VLAN 2, and the default Access control list rule is to deny all packages.

II. Configuration commands and procedures
First step: Create VLAN:

The code is as follows	Copy Code
switch>en Switch#vlan Database Switch (Vlan) >vlan 2 Name Server Switch (Vlan) >vlan 3 Name work01 Switch (VLAN) >vlan 4 Name work02

Step two: Set VLAN IP address:

The code is as follows	Copy Code
Switch#config T Switch (Config) >int Vlan 2 Switch (Config-vlan) Ip address 192.168.2.1 255.255.255.0 Switch (Config-vlan) No shut Switch (Config-vlan) >int VLAN 3 Switch (Config-vlan) Ip address 192.168.3.1 255.255.255.0 Switch (Config-vlan) No shut Switch (Config-vlan) >int VLAN 4 Switch (Config-vlan) Ip address 192.168.4.1 255.255.255.0 Switch (Config-vlan) No shut Switch (Config-vlan) Exit

Note: Because the ports are not configured to vlan2,3,4 at this time, each VLAN will be down, and the VLAN will rise after the port is assigned to each VLAN

Step three: Set port global parameters

The code is as follows	Copy Code
Switch (Config) interface Range gigabitethernet1/0/1-24 Switch (config-if-range) switchport Mode Access Switch (config-if-range) Spanning-tree Portfast

Note: The use of Mode access this section can be removed, because access mode is mainly used for PC, server, etc., that is used in the Access Layer mode can refer to the relevant documents on the Baidu library.

Step Fourth: Add ports to the VLAN

The code is as follows

Copy Code

/* Add Port 1-8 to the VLAN 2*/ Switch (Config) interface Range gigabitethernet1/0/1-8 Switch (config-if-range) switchport Access Vlan 2 /* Add Port 9-16 to the VLAN 3*/ Switch (Config) interface Range gigabitethernet1/0/9-16 Switch (config-if-range) switchport Access Vlan 3 /* Add Port 17-24 to the VLAN 4*/ Switch (Config) interface Range gigabitethernet1/0/17-24 Switch (config-if-range) switchport Access Vlan 4 Switch (Config-if-range) Exit * * After this step, the VLAN will rise * * *

Step Fifth: Configure the DHCP server and address pool

code is as follows

copy code

/*vlan 2 available address pool and configuration of corresponding parameters, there are several VLANs to set several address pools */ Switch (Config) Ip Dhcp pool Test01 /* Set the available subnet */ switch (config-pool) Network 192.168.2.0 255.255.255.0 /* Set DNS server */ Switch (config-pool) dns-server 192.168.2.10 114.114.114.1148.8.8.8 /* Set gateway for this subnet */ Switch (config-pool) default-router 192.168.2.1 /* Configure the address pool and corresponding parameters for VLAN 3 */ Switch (Config) Ip Dhcp Pool Test02 Switch (config-pool) network 192.168.3.0 255.255.255.0 Switch ( Config-pool) dns-server 192.168.2.10 114.114.114.1148.8.8.8 Switch (config-pool) default-router 192.168.3.1 /* Configure the address pool used for VLAN 4 and the corresponding parameters */ Switch (Config) Ip Dhcp pool Test03 Switch (config-pool) network 192.168.4.0 255.255.255.0 Switch (config-pool) dns-server 192.168.2.10 114.114.114.1148.8.8.8 Switch (config-pool) default-router 192.168.4.1

Note: The DHCP and VLAN are connected by IP, the VLAN gateway address and the DHCP pool's default network address and the gateway address, you can know the specific plug into a physical port, whether the address can be obtained through DHCP.

Step Sixth: Set DHCP reserved addresses that are not assigned

The code is as follows	Copy Code
Switch (Config) Ip Dhcp excluded-address 192.168.2.2 192.168.2.10 Switch (Config) Ip Dhcp excluded-address 192.168.3.2 192.168.3.10 Switch (Config) Ip Dhcp excluded-address 192.168.4.2 192.168.4.10

Seventh step: Routing and Static routing

/

The code is as follows	Copy Code
* After this step is configured, each VLAN can exchange visits * * Switch (config) #ip routing /* Increase static routing, all the machine's extranet request to the Juniper firewall * * Switch (config) #ip Route 0.0.0.0 0.0.0.0 192.168.1.2

Step Eighth: Configure the Access control list

The code is as follows

Copy Code

Switch (Config) access-list permit IP 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 Switch (Config) access-list permit IP 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 Switch (Config) access-list permit UDP Any any of the EQ BOOTPC Switch (Config) access-list permit udp any or EQ tftp Switch (Config) access-list permit udp any EQ bootpc any Switch (Config) access-list permit UDP any EQ Switch (Config) access-list permit IP 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255 Switch (Config) access-list permit IP 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255 Switch (Config) access-list permit UDP any EQ Switch (Config) access-list permit udp any EQ bootpc any Switch (Config) access-list permit udp any EQ bootpc any Switch (Config) access-list permit UDP any EQ

Step nineth: Apply access Control Lists

The code is as follows	Copy Code
/* Apply access Control list to VLAN 3 and VLAN 4,vlan 2 do not require * * Switch (Config) int Vlan 3 Switch (Config-vlan) IP access-group Switch (config-vlan) int VLAN 4 Switch (Config-vlan) IP access-group

Tenth step: Save the configuration and confirm

The code is as follows	Copy Code
Switch#write Memory Switch#show Run-config

/* will output all the configuration information above * *
Third, testing
When you are done with the above configuration, you can exchange visits between different VLANs by connecting the PC to the appropriate port to see if you can get the address, two PCs, respectively.

Original from: 361way.com