三层交换机10-跨网段动态分配IP地址典型配置举例

1、H3CS5130-EI跨网段动态分配IP地址典型配置举例目录TOC o 1-5 h z HYPERLINK l bookmark2 1简介1 HYPERLINK l bookmark4 2配置前提1 HYPERLINK l bookmark6 3跨网段动态分配IP地址配置举例1 HYPERLINK l bookmark8 3.1组网需求1 HYPERLINK l bookmark16 3.2配置思路2 HYPERLINK l bookmark24 3.3使用版本2 HYPERLINK l bookmark28 3.4配置步骤2 HYPERLINK l bookmark96 3.5验证配置5 H

2、YPERLINK l bookmark104 3.6配置文件5 HYPERLINK l bookmark110 4相关资料71简介本文档介绍了通过DHCP服务器和DHCP中继为用户动态分配IP地址的配置举例。2配置前提本文档中的配置均是在实验室环境下进行的配置和验证，配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置，为了保证配置效果，请确认现有配置和以下举例中的配置不冲突。本文假设您已了解DHCP相关特性。3跨网段动态分配IP地址配置举例3.1组网需求如图1所示，公司总部和分支机构处于不同的网段，网关DeviceA充当DHCP服务器，要求：为总部分配00之间的IP地址；为

3、分支机构分配00之间的IP地址，其中8之间的IP地址分配给分支机构1,900之间的IP地址分配给分支机构2；指定DNS服务器的固定IP地址为/24,TFTP服务器的固定IP地址为/24；分配DNS服务器、TFTP服务器和网关等配置信息。网关DeviceB充当DHCP中继，要求：通过配置DHCP中继功能，使得DHCP服务器能够为分支机构分配IP地址、DNS服务器、TFTP服务器和网关等配置信息；防止分支机构中存在非法主机配置静态IP地址访问网络；为每个区域分配特定范围内的IP地址。图1跨网段动态分配IP地址配置组网图设备接口IP地址设备接口IP地址DeviceAVlan-int3/24Devic

4、eBVlan-int3/24Vian-int210121/24Vian-int210122/243.2配置思路DHCPServer分配IP地址时，不能将DNSServer和TFTPServer的IP地址分配出去，所以需要将这两台服务器的IP地址配置为不参与自动分配的IP地址。启用DHCP中继的用户地址表项记录功能，通过与IPSourceGuard配合，实现只允许匹配用户地址表项中绑定关系的报文通过DHCP中继。配置DHCP中继支持Option82功能，并在DHCP服务器上配置根据Option82的分配策略,从而实现为每个区域分配特定范围内的IP地址。3.3使用版本本举例是在S5130EI_E-

5、CMW710-R3106版本上进行配置和验证的软件版本。3.4配置步骤DeviceA的配置#配置VLAN接口2的IP地址。system-viewDeviceAvlan2DeviceA-vlan2portGigabitEthernet1/0/2DeviceA-vlan2quitDeviceAinterfaceVlan-interface2DeviceA-Vlan-interface2ipaddress24DeviceA-Vlan-interface2quit配置VLAN接口3的IP地址。DeviceAvlan3DeviceA-vlan3portGigabitEthernet1/0/1Device

6、A-vlan3quitDeviceAinterfaceVlan-interface3DeviceA-Vlan-interface3ipaddress24DeviceA-Vlan-interface3quit使能DHCP服务。DeviceAdhcpenable配置VLAN接口2工作在DHCP服务器模式。DeviceAinterfacevlan-interface2DeviceA-Vlan-interface2dhcpselectserverDeviceA-Vlan-interface2quit配置VLAN接口3工作在DHCP服务器模式。DeviceAinterfacevlan-interface

7、3DeviceA-Vlan-interface3dhcpselectserverDeviceA-Vlan-interface3quit#配置DHCP地址池1。DeviceAdhcpserverip-pool1#配置地址池动态分配的主网段和IP地址范围。DeviceA-dhcp-pool-1networkmaskDeviceA-dhcp-pool-1addressrange00#配置DHCP客户端使用的DNS服务器地址、TFTP服务器地址、域名后缀和网关地址。DeviceA-dhcp-pool-1dns-listDeviceA-dhcp-pool-1tftp-serverip-addressDe

8、viceA-dhcp-pool-1domain-namecomDeviceA-dhcp-pool-1gateway-list配置DHCP地址池中不参与自动分配的IP地址。DeviceA-dhcp-pool-1forbidden-ipDeviceA-dhcp-pool-1quit#配置VLAN接口3引用地址池1。DeviceAinterfaceVlan-interface3DeviceA-Vlan-interface3dhcpserverapplyip-pool1DeviceA-Vlan-interface3quit#为使Option82功能正常使用，需要在DHCP服务器和DHCP中继上都进行相

9、应配置。如下为DHCP服务器上的相关配置：#创建DHCP用户类aa,匹配请求报文中包含Option82选项，并且该选项的第5字节到第6字节为0 x0001（表示连接端口为GE1/0/1）的客户端。DeviceAdhcpclassaaDeviceA-dhcp-class-aaif-matchoption82hex0001offset4length2DeviceA-dhcp-class-aaquit#创建DHCP用户类bb,匹配请求报文中包含Option82选项，并且该选项的第5字节到第6字节为0 x0003（表示连接端口为GE1/0/3）的客户端。DeviceAdhcpclassbbDevice

10、A-dhcp-class-bbif-matchoption82hex0003offset4length2DeviceA-dhcp-class-bbquit#配置DHCP地址池2。DeviceAdhcpserverip-pool2配置地址池动态分配的主网段。DeviceA-dhcp-pool-2networkmask#配置DHCP地址池为DHCP用户类aa动态分配的IP地址范围。DeviceA-dhcp-pool-2classaarange8#配置DHCP地址池为DHCP用户类bb动态分配的IP地址范围。DeviceA-dhcp-pool-2classbbrange900#配置DHCP客户端使用

11、的DNS服务器地址、TFTP服务器地址、域名后缀和网关地址。DeviceA-dhcp-pool-2tftp-serverip-addressDeviceA-dhcp-pool-2dns-listDeviceA-dhcp-pool-2domain-namecomDeviceA-dhcp-pool-2gateway-listDeviceA-dhcp-pool-2quit#配置VLAN接口2引用地址池2。DeviceAinterfaceVlan-interface2DeviceA-Vlan-interface2dhcpserverapplyip-pool2DeviceA-Vlan-interface

12、2quit#配置到网段的静态路由。DeviceAiproute-static24DeviceB的配置#配置VLAN接口2的IP地址。system-viewDeviceBvlan2DeviceB-vlan2portGigabitEthernet1/0/2DeviceB-vlan2quitDeviceBinterfaceVlan-interface2DeviceB-Vlan-interface2ipaddress24DeviceB-Vlan-interface2quit#配置VLAN接口3的IP地址。DeviceBvlan3DeviceB-vlan3portGigabitEthernet1/0/1

13、DeviceB-vlan3portGigabitEthernet1/0/3DeviceB-vlan3quitDeviceBinterfaceVlan-interface3DeviceB-Vlan-interface3ipaddress24DeviceB-Vlan-interface3quit#使能DHCP服务。DeviceBdhcpenable配置VLAN接口3工作在DHCP中继模式。DeviceBinterfacevlan-interface3DeviceB-Vlan-interface3dhcpselectrelay指定DHCP服务器的地址。DeviceB-Vlan-interface3d

14、hcprelayserver-address#为使Option82功能正常使用，需要在DHCP服务器和DHCP中继上都进行相应配置。如下为DHCP中继上的相关配置：#使能DHCP中继支持Option82功能。DeviceB-Vlan-interface3dhcprelayinformationenableDeviceB-Vlan-interface3quit#开启DHCP中继用户地址表项记录功能。DeviceBdhcprelayclient-informationrecord#配置IPv4动态绑定功能。DeviceBinterfacevlan-interface3DeviceB-Vlan-in

15、terface3ipverifysourceip-addressmac-addressDeviceB-Vlan-interface3quit配置到网段的静态路由。DeviceBiproute-static243.5验证配置显示IP地址的DHCP地址绑定信息，可以查看到该地址已经被分配出去。displaydhcpserverip-in-useipIPaddressClientidentifier/LeaseexpirationTypeHardwareaddress0033-6365-352e-6136-Jan200:34:022011Auto(C)6466-2e65-3133-392d-5465

16、-6e2d-4769-6761-6269-7445-7468-6572-6e65-7431-2f30-2f35-31在分支机构1中的某一用户PC上输入如下命令，可查看申请到的IP地址。按照同样的方式可以确认分支机构2中的用户也得到指定范围内的地址。C:DocumentsandSettingsaaipconfigWindowsIPConfigurationEthernetadapteraa:Connection-specificDNSSuffix.:domain-namecomIPAddress:SubnetMask:IPAddress:fe80:20f:3dff:fe80:2b38%4Defa

17、ultGateway:#假设分支机构2里的非法用户配置了一个10.1387的IP地址，会发现无法访问TFTP服务器。3.6配置文件(1)DeviceA#dhcpenable#vlan2to3#length2length2dhcpclassaaif-matchoption82hex0001offset4#dhcpclassbbif-matchoption82hex0003offset4#dhcpserverip-pool1networkmaskaddressrange00dns-listdomain-namecomforbidden-ipforbidden-ipgateway-listtftp-

18、serverip-address#dhcpserverip-pool2networkmaskclassaarange8classbbrange900dns-listdomain-namecomgateway-listtftp-serverip-address#interfaceVlan-interface2ipaddressdhcpserverapplyip-pool2#interfaceVlan-interface3ipaddressdhcpserverapplyip-pool1#interfaceGigabitEthernet1/0/1portaccessvlan3#interfaceGigabitEthernet1/0/2portaccessvlan2#iproute-static24#(2)DeviceB#dhcpenabledhcprelayclient-informationrecord#vlan2to3interfaceVlan-interface2ipaddress#interfaceVlan-interface3ipaddressdhcpselectrelaydhcprelayinformationenabledhcprela