When using vswitches and vrouters for DHCP settings, port configuration is very important. Here we will explain the case accordingly. Network Environment: A 3550EMI switch is divided into three VLANs. vlan2 is the network where the server is located, named server, IP address segment is 192.168.2.0, subnet mask: 255.255.255.0, Gateway: 192.168.2.1, the Domain server is windows 2000 advance server and serves as a DNS server. The IP address is 192.168.2.10, vlan3 is the network where client 1 is located, the IP address segment is 192.168.3.0, The subnet mask is 255.255.255.0, And the Gateway: 192.168.3.1 is named work01, vlan4 is the network where client 2 is located, named work02, IP address segment is 192.168.4.0, subnet mask: 255.255.255.0, Gateway: 192.168.4.1, 3550 as DHCP server, ports 1-8 are divided into VLAN 2, ports 9-16 are divided into VLAN 3, and ports 17-24 are divided into VLAN 4. DHCP server implementation function: each VLAN is retained 2-1 The IP address of 0 is not configured. For example, if the IP address range of 192.168.2.0 is retained, the IP address ranges from 192.168.2.2 to 192.168.2.10 are not allocated. security requirements: VLAN 3 and VLAN 4 do not allow mutual access, but both can access VLAN 2 where the server is located. By default, the access control list rules reject all packets.
Step 1: Create a VLAN:
Switch>en
Switch#Vlan Database
Switch(Vlan)>Vlan 2 Name server
Switch(Vlan)>Vlan 3 Name work01
Switch(vlan)>Vlan 4 Name work02
Step 2: Set the vlan ip Address:
Switch # Config T
Switch (Config)> Int Vlan 2
Switch (Config-vlan) Ip Address 192.168.2.1 255.255.255.0
Switch (Config-vlan) No Shut
Switch (Config-vlan)> Int Vlan 3
Switch (Config-vlan) Ip Address 192.168.3.1 255.255.255.0
Switch (Config-vlan) No Shut
Switch (Config-vlan)> Int Vlan 4
Switch (Config-vlan) Ip Address 192.168.4.1 255.255.255.0
Switch (Config-vlan) No Shut
Switch (Config-vlan) Exit
/* Note: Because the ports are not configured to VLAN2, 3, 4 at this time, each VLAN will be DOWN. After the ports are allocated to each VLAN, the VLAN will get up */
Step 3: Set port global Parameters
Switch(Config)Interface Range Fa 0/1 - 24
Switch(Config-if-range)Switchport Mode Access
Switch(Config-if-range)Spanning-tree Portfast
Step 4: add the port to VLAN2, 3, 4
/* Add Port 1-8 to VLAN 2 */
Switch (Config) Interface Range Fa 0/1-8
Switch (Config-if-range) Switchport Access Vlan 2
/* Add Port 9-16 to VLAN 3 */
Switch (Config) Interface Range Fa 0/9-16
Switch (Config-if-range) Switchport Access Vlan 3
/* Add Port 17-24 to VLAN 4 */
Switch (Config) Interface Range Fa 0/17-24
Switch (Config-if-range) Switchport Access Vlan 4
Switch (Config-if-range) Exit
/* After this step, each VLAN will get up */
Step 5: Configure 3550 as the DHCP server
/* Configure available address pools and corresponding parameters for VLAN 2. You need to set several address pools for several VLANs */
Switch (Config) Ip Dhcp Pool Test01
/* Set the allocable subnet */
Switch (Config-pool) Network 192.168.2.0 255.255.255.0
/* Set the DNS server */
Switch (Config-pool) Dns-server 192.168.2.10
/* Set the gateway for this subnet */
Switch (Config-pool) Default-router 192.168.2.1/* Configure the address pool used by VLAN 3 and corresponding parameters */
Switch (Config) Ip Dhcp Pool Test02
Switch (Config-pool) Network 192.168.3.0 255.255.255.0
Switch (Config-pool) Dns-server 192.168.2.10
Switch (Config-pool) Default-router 192.168.3.1
/* Configure the address pool and corresponding parameters used by VLAN 4 */
Switch (Config) Ip Dhcp Pool Test03
Switch (Config-pool) Network 192.168.4.0 255.255.255.0
Switch (Config-pool) Dns-server 192.168.2.10
Switch (Config-pool) Default-router 192.168.4.1
Step 6: Set DHCP to retain unassigned addresses
Switch(Config)Ip Dhcp Excluded-address 192.168.2.2 192.168.2.10
Switch(Config)Ip Dhcp Excluded-address 192.168.3.2 192.168.3.10
Switch(Config)Ip Dhcp Excluded-address 192.168.4.2 192.168.4.10
Step 7: Enable Routing
/* After a route is enabled, each VLAN host can access each other */
Switch (Config) Ip Routing
Step 8: configure the access control list
Switch(Config)access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
Switch(Config)access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
Switch(Config)access-list 103 permit udp any any eq bootpc
Switch(Config)access-list 103 permit udp any any eq tftp
Switch(Config)access-list 103 permit udp any eq bootpc any
Switch(Config)access-list 103 permit udp any eq tftp any
Switch(Config)access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
Switch(Config)access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
Switch(Config)access-list 104 permit udp any eq tftp any
Switch(Config)access-list 104 permit udp any eq bootpc any
Switch(Config)access-list 104 permit udp any eq bootpc any
Switch(Config)access-list 104 permit udp any eq tftp any
Step 9: Application access control list
/* Apply the access control list to VLAN 3 and VLAN 4. VLAN 2 is not required */
Switch (Config) Int Vlan 3
Switch (Config-vlan) ip access-group 103 out
Switch (Config-vlan) Int Vlan 4
Switch (Config-vlan) ip access-group 104 out
Step 10: end and save the configuration
Switch(Config-vlan)End
Switch#Copy Run Start