地址下发(DHCP) 定义:DHCP动态主机配置协议是通过C/S框架构成,无需主机配置IP地址,动态分配IP地址,掩码,网关,DNS。 1.需求: 1.基础配置pc1和pc3使用静态ip地址 —————— p
地址下发(DHCP)
定义:DHCP动态主机配置协议是通过C/S框架构成,无需主机配置IP地址,动态分配IP地址,掩码,网关,DNS。
1.需求:
1.基础配置
pc1和pc3使用静态ip地址 —————— pc2和pc4使用DHCP获取地址
pc1=192.47.10.1
pc3=192.47.20.3
pc1、pc3属于vlan10 pc2、pc4属于vlan20
根据上述要求使得pc1-2能够与pc3-4实现不同网段进行通信
2.DHCP配置
pc2 = DHCP = 192.47.10.66 通过接口进行分配指定
pc4 = DHCP = 192.47.20.88 通过地址池进行分配指定拓扑图:
二层交换机配置【SW2】
<Huawei>system-view
[Huawei]sysname SW2
[SW2]vlan 10
[SW2-vlan10]q
[SW2]port-group group-member Ethernet 0/0/2 e0/0/3
[SW2-port-group]port link-type access
[SW2-Ethernet0/0/2]port link-type access
[SW2-Ethernet0/0/3]port link-type access
[SW2-port-group]
[SW2-port-group]port default vlan 10
[SW2-Ethernet0/0/2]port default vlan 10
[SW2-Ethernet0/0/3]port default vlan 10
[SW2-port-group]
[SW2-port-group]q
[SW2]interface Eth0/0/1
[SW2-Ethernet0/0/1]port link-type trunk //设置trunk接口
[SW2-Ethernet0/0/1]port trunk allow-pass vlan all //允许全部通信
[SW2-Ethernet0/0/1]q
[SW2]display port vlan active //进行查看接口状态
T=TAG U=UNTAG
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
Eth0/0/1 trunk 1 U: 1
T: 10
Eth0/0/2 access 10 U: 10
Eth0/0/3 access 10 U: 10
Eth0/0/4 hybrid 1 U: 1二层交换机配置【SW3】
<Huawei>system-view
[Huawei]sysname SW3
[SW3]vlan 20
[SW3-vlan20]q
[SW3]port-group group-member e0/0/2 e0/0/3
[SW3-port-group]
[SW3-port-group]port link-type access
[SW3-Ethernet0/0/2]port link-type access
[SW3-Ethernet0/0/3]port link-type access
[SW3-port-group]
[SW3-port-group]port default vlan 20
[SW3-Ethernet0/0/2]port default vlan 20
[SW3-Ethernet0/0/3]port default vlan 20
[SW3-port-group]
[SW3-port-group]q
[SW3]interface Eth0/0/1
[SW3-Ethernet0/0/1]port link-type trunk //设置trunk接口
[SW3-Ethernet0/0/1]port trunk allow-pass vlan all //允许全部通信
[SW2-Ethernet0/0/1]q
[SW3]display port vlan active //进行查看接口状态
T=TAG U=UNTAG
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
Eth0/0/1 trunk 1 U: 1
T: 20
Eth0/0/2 access 20 U: 20
Eth0/0/3 access 20 U: 20
Eth0/0/4 hybrid 1 U: 1三层交换机配置【SW1】
<Huawei>system-view
[Huawei]sysname SW1
[SW1]vlan batch 10 20 //创建vlan10和vlan20
[SW1]interface Vlanif 10 //进入vlanif10的虚拟接口进行配置网关
[SW1-Vlanif10]ip address 192.47.10.254 24
[SW1-Vlanif10]q
[SW1]
[SW1]interface Vlanif 20 //进入vlanif20的虚拟接口进行配置网关
[SW1-Vlanif20]ip address 192.47.20.254 24
[SW1-Vlanif20]q
[SW1]
[SW1]display ip interface brief //进行查看接口状态
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 4
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.47.10.254/24 down down
Vlanif20 192.47.20.254/24 down down
//从上述接口状态可以看出vlanif的10和20接口为down状态表示还没有生效使用,这是因为在二层交换机sw2和sw3上面均配置了trunk口来进行放行流量,但是三层交换机上的sw1并没有配置trunk所以不能接受来自sw2-3的流量。即设置自身接口所有vlan全部接受即可接收传递流量进行通信。
[SW1]
[SW1]interface GigabitEthernet 0/0/1 //进入接口
[SW1-GigabitEthernet0/0/1]port link-type trunk //设置trunk连接
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all //允许接收流量
[SW1-GigabitEthernet0/0/1]q
[SW1]
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]q
[SW1]
[SW1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.47.10.254/24 up up
Vlanif20 192.47.20.254/24 up up
[SW1]
//上述接口均UP即可接收流量进行传递通信pc1对pc3进行测试通信:
2.DHCP分配
2.1【接口的随机分配】
[SW1]
[SW1]dhcp enable //开启DHCP服务
Info: The operation may take a few seconds. Please wait for a moment.done.
[SW1]interface Vlanif 10 //进入虚拟接口
[SW1-Vlanif10]
[SW1-Vlanif10]dhcp select interface //开启接口下发地址
[SW1-Vlanif10]display this //进行查看
#
interface Vlanif10
ip address 192.47.10.254 255.255.255.0
dhcp select interface
#
return
[SW1-Vlanif10]
[SW1-Vlanif10]dhcp server dns-list 114.114.114.114 //给pc2下发DNS默认下发24小时
[SW1-Vlanif10]
[SW1-Vlanif10]dhcp server lease day 2 //设置租期为2天pc2获取地址查看:
2.2【地址池的随机分配】
[SW1]ip pool v20 //创建一个名称为v20的地址池然后自动进入
[SW1-ip-pool-v20]gateway-list 192.47.20.254 //设置地址池网关
[SW1-ip-pool-v20]network 192.47.20.0 mask 24 //设置地址池分配网段和掩码
[SW1-ip-pool-v20]dns-list 8.8.8.8 //设置分配统一dns为8.8.8.8
[SW1-ip-pool-v20]lease day 3 //设置租期为3天默认为24小时
[SW1-ip-pool-v20]di th //查看配置情况
#
ip pool v20
gateway-list 192.47.20.254
network 192.47.20.0 mask 255.255.255.0
lease day 3 hour 0 minute 0
dns-list 8.8.8.8
#
return
[SW1-ip-pool-v20]q
[SW1]interface Vlanif 20 //进入虚拟网口
[SW1-Vlanif20]dhcp select global //开启接口采用全局地址池的DHCP Server功能
[SW1-Vlanif20]q
[SW1]
[SW1]display ip pool name v20 used //查看地址池配置详情
Pool-name : v20
Pool-No : 1
Lease : 3 Days 0 Hours 0 Minutes
Domain-name : -
DNS-server0 : 8.8.8.8
NBNS-server0 : -
Netbios-type : -
Position : Local Status : Unlocked
Gateway-0 : 192.47.20.254
Mask : 255.255.255.0
VPN instance : --
-----------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disable
-----------------------------------------------------------------------------
192.47.20.1 192.47.20.254 253 1 251(0) 1 0
-----------------------------------------------------------------------------
Network section :
--------------------------------------------------------------------------
Index IP MAC Lease Status
--------------------------------------------------------------------------
251 192.47.20.252 5489-98a1-5673 73 Used
--------------------------------------------------------------------------
[SW1]
// Start == 起始值 End == 结束值
// Total == 显示有253个地址可用
// Used == 显示有一个地址被占用
// Network section == 获取全部下方的地址详情
3.DHCP静态绑定
3.1接口方式绑定PC2:
[SW1]interface Vlanif 10 //进入vlan10的虚拟接口
[SW1-Vlanif10]display this
#
interface Vlanif10
ip address 192.47.10.254 255.255.255.0
dhcp select interface
dhcp server lease day 2 hour 0 minute 0
dhcp server dns-list 114.114.114.114
#
return
[SW1-Vlanif10]dhcp server static-bind ip-address 192.47.10.66 mac-address 5489-98B7-4AF9
// 分配地址192.47.10.66给mac地址为5489-98B7-4AF9的PC
[SW1-Vlanif10]q
[SW1]查看pc2通过mac地址绑定的ip-192.47.10.66
3.2地址池方式绑定PC4:
[SW1]ip pool v20 //进入地址池
[SW1-ip-pool-v20]dis th
#
ip pool v20
gateway-list 192.47.20.254
network 192.47.20.0 mask 255.255.255.0
lease day 3 hour 0 minute 0
dns-list 8.8.8.8
#
return
[SW1-ip-pool-v20]static-bind ip-address 192.47.20.88 mac-address 5489-98A1-5673
// 分配地址192.47.20.88给mac地址为5489-98A1-5673的PC
[SW1-ip-pool-v20]q
[SW1]查看pc4通过mac地址绑定的ip-192.47.20.88
端口安全(switch)
针对交换机收到的MAC地址数量进行审核,默认只能收到一MAC地址,当超出上限时触发惩罚机制。
[SW3]interface Eth0/0/3
[SW3-Ethernet0/0/3]port-security enable
[SW3-Ethernet0/0/3]port-security mac-address sticky
[SW3-Ethernet0/0/3]q
[SW3]
[SW3]display mac-address //进行查看
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
-------------------------------------------------------------------------------
5489-98a1-5673 20 - - Eth0/0/3 dynamic 0/-
4c1f-cc2f-2cb2 20 - - Eth0/0/1 dynamic 0/-
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 2
[SW3]
[SW3-Ethernet0/0/3]port-security protect-action shutdown //针对外来接入者如果MAC地址不同则直接down掉
[SW3-Ethernet0/0/3]port-security max-mac-num 2可以看出已经触发惩罚机制e0/0/3在pc6获取地址时被二层交换机SW3监控到外来入侵机器所以触发监控自动断线。