业务需求:
- 按照部门划分Vlan,部门之间的通信通过核心交换的VLANIF三层通信。
- 核心交换作为DHCP服务器,分别为不同的Vlan分配IP地址。
- 在每个接入交换机上配置DHCP Snooping功能,防止内网用户私自接入路由器分配IP地址;同时配置IPSG功能,防止内网用户私自更改IP地址。
- 接入交换机与核心交换机通过Eth-Trunk组网保证可靠性。
网络拓扑如下:
数据规划
|
操作 |
准备项 |
数据 |
说明 |
|
配置接口和VLAN |
Eth-Trunk类型 |
静态LACP |
Eth-Trunk链路有手工负载分担和静态LACP两种工作模式 |
|
端口类型 |
连接交换机的端口用trunk,连接PC端口的设置为access |
Trunk类型端口一般用于连接交换机。 Access类型端口一般用于连接PC。 Hybird类型端口是通用端口,可以用来连接交换机或者PC。 |
|
|
VLAN ID |
Bitetaige_market: VLAN10 Bitetaige_teck: VLAN 20 Bitetaige_core: VLAN 100,10,20 |
|
|
|
配置DHCP |
DHCP Server |
|
在核心交换bitetaige_core上配置DHCP Server |
|
地址池 |
VLAN 10: ip pool 10 VLAN 20:ip pool 20 |
市场部从ip pool 10中获取ip地址 技术部从ip pool 20中获取ip地址 |
|
|
地址分配方式 |
基于全局地址池 |
|
配置接口和VLAN
市场部接入交换机:
<HUAWEI>system-view
[HUAWEI]sysname bitetaige_market
[bitetaige_market]vlan batch 10
[bitetaige_market]interface Eth-Trunk 1
//配置为trunk模式,用于透传VLAN
[bitetaige_market-Eth-Trunk1]port link-type trunk
[bitetaige_market-Eth-Trunk1]port trunk allow-pass vlan 10
[bitetaige_market-Eth-Trunk1]mode lacp-static
[bitetaige_market-Eth-Trunk1]quit
//将成员口加入Eth-Trunk 1
[bitetaige_market]interface GigabitEthernet 0/0/1
[bitetaige_market-GigabitEthernet0/0/1]eth-trunk 1
[bitetaige_market-GigabitEthernet0/0/1]quit
[bitetaige_market]interface GigabitEthernet 0/0/2
[bitetaige_market-GigabitEthernet0/0/2]eth-trunk 1
[bitetaige_market-GigabitEthernet0/0/2]quit
//配置用户端口,使用户加入VLAN 10
[bitetaige_market]interface Ethernet 0/0/2
[bitetaige_market-Ethernet0/0/2]port link-type access
[bitetaige_market-Ethernet0/0/2]port default vlan 10
[bitetaige_market-Ethernet0/0/2]stp edged-port enable
[bitetaige_market-Ethernet0/0/2]quit
[bitetaige_market]interface Ethernet 0/0/3
[bitetaige_market-Ethernet0/0/3]port link-type access
[bitetaige_market-Ethernet0/0/3]port default vlan 10
[bitetaige_market-Ethernet0/0/3]stp edged-port enable
[bitetaige_market-Ethernet0/0/3]quit
[bitetaige_market]interface Ethernet 0/0/4
[bitetaige_market-Ethernet0/0/4]port link-type access
[bitetaige_market-Ethernet0/0/4]port default vlan 10
[bitetaige_market-Ethernet0/0/4]stp edged-port enable
[bitetaige_market-Ethernet0/0/4]quit
//配置BPDU保护功能,加强网络的稳定性
[bitetaige_market]stp bpdu-protection
技术部接入交换机:
[HUAWEI]sysname bitetaige_tech
[bitetaige_tech]vlan batch 20
[bitetaige_tech]interface Eth-Trunk 2
//配置为trunk模式,用于透传VLAN
[bitetaige_tech-Eth-Trunk2]port link-type trunk
[bitetaige_tech-Eth-Trunk2]port trunk allow-pass vlan 20
[bitetaige_tech-Eth-Trunk2]mode lacp-static
[bitetaige_tech-Eth-Trunk2]quit
//将成员口加入Eth-Trunk 2
[bitetaige_tech]interface GigabitEthernet 0/
[bitetaige_tech-GigabitEthernet0/0/1]eth-trunk 2
[bitetaige_tech-GigabitEthernet0/0/1]quit
[bitetaige_tech]interface GigabitEthernet 0/0/2
[bitetaige_tech-GigabitEthernet0/0/2]eth-trunk 2
[bitetaige_tech-GigabitEthernet0/0/2]quit
//配置用户端口,使用户加入VLAN 20
[bitetaige_tech]interface Ethernet 0/0/2
[bitetaige_tech-Ethernet0/0/2]port link-type access
[bitetaige_tech-Ethernet0/0/2]port default vlan 20
[bitetaige_tech-Ethernet0/0/2]stp edged-port enable
[bitetaige_tech-Ethernet0/0/2]quit
[bitetaige_tech]interface Ethernet 0/0/3
[bitetaige_tech-Ethernet0/0/3]port link-type access
[bitetaige_tech-Ethernet0/0/3]port default vlan 20
[bitetaige_tech-Ethernet0/0/3]stp edged-port enable
[bitetaige_tech-Ethernet0/0/3]quit
[bitetaige_tech]interface Ethernet 0/0/4
[bitetaige_tech-Ethernet0/0/4]port link-type access
[bitetaige_tech-Ethernet0/0/4]port default vlan 20
[bitetaige_tech-Ethernet0/0/4]stp edged-port enable
[bitetaige_tech-Ethernet0/0/4]quit
//配置BPDU保护功能,加强网络的稳定性
[bitetaige_market]stp bpdu-protection
配置核心交换机
[HUAWEI]sysname bitetaige_tech
[bitetaige_core]vlan batch 10 20 100
//配置trunk模式,透传VLAN 10
[bitetaige_core]interface Eth-Trunk 1
[bitetaige_core-Eth-Trunk1]port link-type trunk
[bitetaige_core-Eth-Trunk1]port trunk allow-pass vlan 10
[bitetaige_core-Eth-Trunk1]mode lacp-static
[bitetaige_core-Eth-Trunk1]quit
//将成员口加入eth-trunk 1
[bitetaige_core]interface GigabitEthernet 0/0/24
[bitetaige_core-GigabitEthernet0/0/24]eth-trunk 1
[bitetaige_core-GigabitEthernet0/0/24]quit
[bitetaige_core]interface GigabitEthernet 0/0/23
[bitetaige_core-GigabitEthernet0/0/23]eth-trunk 1
[bitetaige_core-GigabitEthernet0/0/23]quit
//配置trunk模式,透传VLAN 20
[bitetaige_core]interface Eth-Trunk 2
[bitetaige_core-Eth-Trunk2]port link-type trunk
[bitetaige_core-Eth-Trunk2]port trunk allow-pass vlan 20
[bitetaige_core-Eth-Trunk2]mode lacp-static
[bitetaige_core-Eth-Trunk2]quit
//将成员口加入eth-trunk 1
[bitetaige_core]interface GigabitEthernet 0/0/22
[bitetaige_core-GigabitEthernet0/0/24]eth-trunk 2
[bitetaige_core-GigabitEthernet0/0/24]quit
[bitetaige_core]interface GigabitEthernet 0/0/21
[bitetaige_core-GigabitEthernet0/0/23]eth-trunk 2
[bitetaige_core-GigabitEthernet0/0/23]quit
//查看eth-trunk1 和eth-trunk2的配置信息
//查看vlan信息
//VLANif,使部门间三层互通
[bitetaige_core]interface Vlanif 10
[bitetaige_core-Vlanif10]ip address 10.10.10.1 24
[bitetaige_core-Vlanif10]quit
[bitetaige_core]interface Vlanif 20
[bitetaige_core-Vlanif20]ip address 10.10.20.1 24
[bitetaige_core-Vlanif20]quit
在核心交换上配置DHCP服务
//开启DHCP服务
[bitetaige_core]dhcp enable
//创建vlan 10的地址池
[bitetaige_core]ip pool 10
[bitetaige_core-ip-pool-10]network 10.10.10.0 mask 24
[bitetaige_core-ip-pool-10]gateway-list 10.10.10.1
[bitetaige_core-ip-pool-10]quit
//创建vlan20的地址池
[bitetaige_core]ip pool 20
[bitetaige_core-ip-pool-20]network 10.10.20.0 mask 24
[bitetaige_core-ip-pool-20]gateway-list 10.10.20.1
[bitetaige_core-ip-pool-20]quit
//配置vlan 10 和vlan 20从各自全局地址池中获取Ip地址
[bitetaige_core]interface Vlanif 10
[bitetaige_core-Vlanif10]dhcp select global
[bitetaige_core-Vlanif10]quit
[bitetaige_core]interface Vlanif 20
[bitetaige_core-Vlanif20]dhcp select global
[bitetaige_core-Vlanif20]quit
//查看地址池使用信息
配置DHCP Snooping和 IPSG
市场部接入交换机:
[bitetaige_market]dhcp enable
[bitetaige_market]dhcp snooping enable
[bitetaige_market]interface Eth-Trunk 1
[bitetaige_market-Eth-Trunk1]dhcp snooping enable
//配置为信任端口
[bitetaige_market-Eth-Trunk1]dhcp snooping trusted
[bitetaige_market-Eth-Trunk1]quit
//在连接终端的接口上使能DHCP Snooping功能
[bitetaige_market]interface Ethernet 0/0/2
[bitetaige_market-Ethernet0/0/2]dhcp snooping enable
[bitetaige_market-Ethernet0/0/2]quit
[bitetaige_market]interface Ethernet 0/0/3
[bitetaige_market-Ethernet0/0/3]dhcp snooping enable
[bitetaige_market-Ethernet0/0/3]quit
[bitetaige_market]interface Ethernet 0/0/4
[bitetaige_market-Ethernet0/0/4]dhcp snooping enable
[bitetaige_market-Ethernet0/0/4]quit
//开启Ip报文检查功能,防止私自更改ip地址
[bitetaige_market]vlan 10
[bitetaige_market-vlan10]ip source check user-bind enable
[bitetaige_market-vlan10]quit
技术部接入交换机:
[bitetaige_tech]dhcp enable
[bitetaige_tech]dhcp snooping enable
[bitetaige_tech]interface Eth-Trunk 2
[bitetaige_tech-Eth-Trunk2]dhcp snooping enable
//配置为信任端口
[bitetaige_tech-Eth-Trunk2]dhcp snooping trusted
[bitetaige_tech-Eth-Trunk2]quit
//在连接终端的接口上使能DHCP Snooping功能
[bitetaige_tech]interface Ethernet 0/0/2
[bitetaige_tech-Ethernet0/0/2]dhcp snooping enable
[bitetaige_tech-Ethernet0/0/2]quit
[bitetaige_tech]interface Ethernet 0/0/3
[bitetaige_tech-Ethernet0/0/3]dhcp snooping enable
[bitetaige_tech-Ethernet0/0/3]quit
[bitetaige_tech]interface Ethernet 0/0/4
[bitetaige_tech-Ethernet0/0/4]dhcp snooping enable
[bitetaige_tech-Ethernet0/0/4]quit
//开启Ip报文检查功能,防止私自更改ip地址
[bitetaige_tech]vlan 20
[bitetaige_tech-vlan20]ip source check user-bind enable
[bitetaige_tech-vlan20]quit
测试结果
- 客户端用dhcp方式获取ip地址
- 分别ping自己的和对方的网关
- 把ip改成手动方式后,网络不通
