思科交换机DHCP配置

Configuring DHCPThis chapter describes how to configure Dynamic Host Configuration Protocol(DHCP).For a completedescription of the DHCP commands listed in this chapter, refer to the “DHCP Commands” chapter ofthe Cisco IOS IP and IP Routing Command Reference publication. To locate documentation of othercommands that appear in this chapter, use the command reference master index or search online.As explained in RFC2131,Dynamic Host Configuration Protocol, DHCP provides configurationparameters to Internet hosts.DHCP consists of two components:a protocol for delivering host-specificconfiguration parameters from a DHCP server to a host and a mechanism for allocating networkaddresses to hosts.DHCP is built on a client/server model,where designated DHCP server hosts allocatenetwork addresses and deliver configuration parameters to dynamically configured hosts.DHCP supports three mechanisms for IP address allocation:•Automatic allocation—DHCP assigns a permanent IP address to a client.•Dynamic allocation—DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address).•Manual allocation—The network administrator assigns an IP address to a client and DHCP is used simply to convey the assigned address to the client.The format of DHCP messages is based on the format of Bootstrap Protocol(BOOTP)messages,whichensures support for BOOTP relay agent functionality and interoperability between BOOTP clients andDHCP servers. BOOTP relay agents eliminate the need for deploying a DHCP server on each physicalnetwork segment. BOOTP is explained in RFC951,Bootstrap Protocol (BOOTP), and RFC1542,Clarifications and Extensions for the Bootstrap Protocol.DHCP Server OverviewThe Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages IPaddresses from specified address pools within the router to DHCP clients.If the Cisco IOS DHCP servercannot satisfy a DHCP request from its own database, it can forward the request to one or moresecondary DHCP servers defined by the network administrator.Figure14 shows the basic steps that occur when a DHCP client requests an IP address from a DHCPserver. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a Cisco IOS DHCPserver.A DHCP server offers configuration parameters(such as an IP address,a MAC address,a domainname, and a lease for the IP address) to the client in a DHCPOFFER unicast message.Configuring DHCPDHCP Server Overview Figure 14DHCP Request for an IP Address from a DHCP Server Note A DHCP client may receive offers from multiple DHCP servers and can accept any one ofthe offers; however, the client usually accepts the first offer it receives. Additionally, theoffer from the DHCP server is not a guarantee that the IP address will be allocated to theclient;however,the server usually reserves the address until the client has had a chance toformally request the address.The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUESTbroadcast message. The DHCP server confirms that the IP address has been allocated to the client byreturning a DHCPACK unicast message to the client.Note The formal request for the offered IP address (the DHCPREQUEST message) that is sentby the client is broadcast so that all other DHCP servers that received theDHCPDISCOVER broadcast message from the client can reclaim the IP addresses that theyoffered to the client.If the configuration parameters sent to the client in the DHCPOFFER unicast message bythe DHCP server are invalid (a misconfiguration error exists), the client returns aDHCPDECLINE broadcast message to the DHCP server.The DHCP server will send to the client a DHCPNAK denial broadcast message, whichmeans the offered configuration parameters have not been assigned,if an error has occurredduring the negotiation of the parameters or the client has been slow in responding to theDHCPOFFER message (the DHCP server assigned the parameters to another client)of theDHCP server.The Cisco IOS DHCP server feature offers the following benefits:•Reduced Internet access costsUsing automatic IP address assignment at each remote site substantially reduces Internet accesscosts. Static IP addresses are considerably more expensive to purchase than are automaticallyallocated IP addresses.•Reduced client configuration tasks and cost sBecause DHCP is easy to configure, it minimizes operational overhead and costs associated withdevice configuration tasks and eases deployment by nontechnical users.•Centralized managementBecause the DHCP server maintains configurations for several subnets,an administrator only needsto update a single, central server when configuration parameters change.Host A DHCP ACK (unicast)DHCPREQUEST (broadcast)DHCPOFFER (unicast)DHCPDISCOVER (broadcast)Cisco IOS DHCP server 32369Configuring DHCPDHCP Configuration Task ListBefore you configure the Cisco IOS DHCP server feature, complete the following tasks:•Identify an external File Transport Protocol(FTP),Trivial File Transfer Protocol(TFTP),or remote copy protocol (rcp) server that you will use to store the DHCP bindings database.•Identify the IP addresses that you will enable the DHCP server to assign,and the IP addresses that you will exclude.•Identify DHCP options for devices where necessary, including:–Default boot image name–Default router(s)–Domain Name System (DNS) server(s)–NetBIOS name server•Decide on a NetBIOS node type (b, p, m, or h).•Decide on a DNS domain name.DHCP Configuration Task ListThe DHCP server database is organized as a tree. The root of the tree is the address pool for naturalnetworks, branches are subnetwork address pools, and leaves are manual bindings to clients.Subnetworks inherit network parameters and clients inherit subnetwork parameters.Therefore,commonparameters,for example the domain name,should be configured at the highest(network or subnetwork)level of the tree.Note Inherited parameters can be overridden.For example,if a parameter is defined in both thenatural network and a subnetwork, the definition of the subnetwork is used.Address leases are not inherited.If a lease is not specified for an IP address,by default,theDHCP server assigns a one-day lease for the address.To configure the Cisco IOS DHCP server feature, first configure a database agent or disable conflictlogging, then configure IP addresses that the DHCP server should not assign (excluded addresses) andshould assign (a pool of available IP addresses) to requesting clients. These configuration tasks areexplained in the following sections. Each task in the following list is identified as required or optional.•Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging (Required)•Excluding IP Addresses (Required)•Configuring a DHCP Address Pool (Required)•Configuring Manual Bindings (Optional)•Configuring a DHCP Server Boot File (Optional)•Configuring the Number of Ping Packets (Optional)•Configuring the Timeout Value for Ping Packets (Optional)•Enabling the Cisco IOS DHCP Server and Relay Agent Features (Optional)Configuring DHCPDHCP Configuration Task List Configuring a DHCP Database Agent or Disabling DHCP Conflict LoggingA DHCP database agent is any host, for example, an FTP, TFTP, or RCP server that stores the DHCPbindings database.You can configure multiple DHCP database agents and you can configure the intervalbetween database updates and transfers for each agent.To configure a database agent and database agentparameters, use the following command in global configuration mode:If you choose not to configure a DHCP database agent,disable the recording of DHCP address conflictson the DHCP server. To disable DHCP address conflict logging, use the following command in globalconfiguration mode:Excluding IP AddressesThe DHCP server assumes that all IP addresses in a DHCP address pool subnet are available forassigning to DHCP clients. You must specify the IP address that the DHCP server should not assign toclients. To do so, use the following command in global configuration mode:Configuring a DHCP Address PoolYou can configure a DHCP address pool with a name that is a symbolic string (such as “engineering”)or an integer (such as 0).Configuring a DHCP address pool also places you in DHCP pool configurationmode—identified by the (config-dhcp)# prompt—from which you can configure pool parameters (forexample,the IP subnet number and default router list).To configure a DHCP address pool,complete therequired tasks in the following sections.Configuring the DHCP Address Pool Name and Entering DHCP Pool Configuration ModeTo configure the DHCP address pool name and enter DHCP pool configuration mode,use the followingcommand in global configuration mode:CommandPurpose Router(config)#ip dhcp database url[timeout seconds | write-delay seconds ]Configures the database agent and the interval between database updates and database transfers.CommandPurpose Router(config)#no ip dhcp conflict logging Disables DHCP address conflict logging.CommandPurpose Router(config)#ip dhcp excluded-addresslow-address [high-address ]Specifies the IP addresses that the DHCP server should not assign to DHCP clients.CommandPurpose Router(config)# ip dhcp pool name Creates a name for the DHCP server address pool and places you in DHCPpool configuration mode (identified by the config-dhcp# prompt).Configuring DHCPDHCP Configuration Task List Configuring the DHCP Address Pool Subnet and MaskTo configure a subnet and mask for the newly created DHCP address pool,which contains the range of available IP addresses that the DHCP server may assign to clients,use the following command in DHCP pool configuration mode:Note You can not configure manual bindings within the same pool that is configured with thenetwork command.To configure manual bindings,see the “Configuring Manual Bindings”section.Configuring the Domain Name for the ClientThe domain name for a DHCP client places the client in the general grouping of networks that make up the domain.To configure a domain name string for the client,use the following command in DHCP pool configuration mode:Configuring the Domain Name System IP Servers for the ClientDHCP clients query DNS IP servers when they need to correlate host names to IP addresses. Toconfigure the DNS IP servers that are available to a DHCP client,use the following command in DHCP pool configuration mode:Configuring the NetBIOS Windows Internet Naming Service IP Servers for the ClientWindows Internet Naming Service (WINS)is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks.To configure the NetBIOS WINS servers that are available to a Microsoft DHCP client,use the following command in DHCP pool configuration mode:CommandPurpose Router(config-dhcp)#network network-number[mask |/prefix-length ]Specifies the subnet network number and mask of the DHCP address pool.The prefix length specifies the number of bits that comprise theaddress prefix. The prefix is an alternative way of specifying thenetwork mask of the client.The prefix length must be preceded bya forward slash (/).CommandPurpose Router(config-dhcp)#domain-name domain Specifies the domain name for the client.CommandPurpose Router(config-dhcp)#dns-server address[address2...address8]Specifies the IP address of a DNS server that is available to a DHCP client.One IP address is required; however, you can specify up to eight IPaddresses in one command line.Configuring DHCPDHCP Configuration Task List Configuring the NetBIOS Node Type for the ClientThe NetBIOS node type for Microsoft DHCP clients can be one of four settings:broadcast,peer-to-peer,mixed, or hybrid. To configure the NetBIOS node type for a Microsoft DHCP, use the followingcommand in DHCP pool configuration mode:Configuring the Default Router for the ClientAfter a DHCP client has booted, the client begins sending packets to its default router. The IP address of the default router should be on the same subnet as the client.To configure a default router for a DHCP client, use the following command in DHCP pool configuration mode:Configuring the Address Lease TimeBy default,each IP address assigned by a DHCP server comes with a one-day lease,which is the amount of time that the address is valid.To change the lease value for an IP address,use the following command in DHCP pool configuration mode:Configuring Manual BindingsAn address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by aDHCP server.Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database.Manual bindings are stored in NVRAM on the DHCP server.Manual bindings are just special address pools.There is no limit on the number of manual bindings but you can only configure one manual binding per host pool.CommandPurpose Router(config-dhcp)#netbios-name-serveraddress [address2...address8]Specifies the NetBIOS WINS server that is available to a Microsoft DHCP client. One address is required; however, you can specify up toeight addresses in one command line.CommandPurpose Router(config-dhcp)#netbios-node-type type Specifies the NetBIOS node type for a Microsoft DHCP mandPurpose Router(config-dhcp)#default-routeraddress [address2... address8]Specifies the IP address of the default router for a DHCP client. One IP address is required,although you can specify up to eight addresses in onecommand line.CommandPurpose Router(config-dhcp)# lease {days[hours ][minutes ]| infinite }Specifies the duration of the lease. The default is a one-day lease.Configuring DHCPDHCP Configuration Task List Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hoststhat are found in the DHCP database.Automatic bindings are stored on a remote host called a databaseagent. The bindings are saved as text records for easy maintenance.To configure a manual binding, first create a host pool, then specify the IP address of the client andhardware address or client identifier. The hardware address is the MAC address. The client identifier,which is required for Microsoft clients(instead of hardware addresses),is formed by concatenating themedia type and the MAC address of the client. Refer to the “Address Resolution Protocol Parameters”section of RFC1700,Assigned Numbers, for a list of media type codes.To configure manual bindings, use the following commands beginning in global configuration mode:Command PurposeStep1Router(config)# ip dhcp pool name Creates a name for the a DHCP server address pool and places youin DHCP pool configuration mode—identified by the(config-dhcp)# prompt.Step2Router(config-dhcp)#host address [mask| /prefix-length]Specifies the IP address and subnet mask of the client.The prefix length specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client.The prefix length must be preceded by a forward slash(/).Step3Router(config-dhcp)# hardware-address hardware-address typeorRouter(config-dhcp)#client-identifierunique-identifier Specifies a hardware address for the client.The type value:•Indicates the protocol of the hardware platform. Strings and values are acceptable. The string options are:–ethernet–ieee802•The value options are:– 1 10Mb Ethernet– 6 IEEE 802If no type is specified, the default protocol is Ethernet.orSpecifies the distinct identification of the client in dotted hexadecimal notation, for example, 01b7.0813.8811.66, where 01 represents the Ethernet media type.Step4Router(config-dhcp)# client-name name(Optional) Specifies the name of the client using any standardASCII character. The client name should not include the domainname. For example, the name mars should not be specified as.Configuring DHCP DHCP Configuration Task ListConfiguring a DHCP Server Boot FileThe boot file is used to store the boot image for the client. The boot image is generally the operatingsystem the client uses to load.To specify a boot file for the DHCP client,use the following command inDHCP pool configuration mode:Command PurposeRouter(config-dhcp)# bootfile filename Specifies the name of the file that is used as a boot image. Configuring the Number of Ping PacketsBy default, the DHCP server pings a pool address twice before assigning the address to a requestingclient.If the ping is unanswered,the DHCP server assumes(with a high probability)that the address isnot in use and assigns the address to the requesting client. To change the number of ping packets theDHCP server should send to the pool address before assigning the address,use the following commandin global configuration mode:Command PurposeRouter(config)#ip dhcp ping packets number Specifies the number of ping packets the DHCP server sends to a pooladdress before assigning the address to a requesting client.The defaultis two packets.Configuring the Timeout Value for Ping PacketsBy default, the DHCP server waits 500milliseconds before timing out a ping packet. To change theamount of time the server waits, use the following command in global configuration mode:Command PurposeRouter(config)# ip dhcp ping timeout milliseconds Specifies the amount of time the DHCP server must wait beforetiming out a ping packet. The default 500 milliseconds. Enabling the Cisco IOS DHCP Server and Relay Agent FeaturesBy default,the Cisco IOS DHCP server and relay agent features are enabled on your router.To reenablethese features if they are disabled, use the following command in global configuration mode:Command PurposeRouter(config)#service dhcp Enables the Cisco IOS DHCP server and relay features on your router.Use the no form of this command to disable the Cisco IOS DHCP server and relayfeatures.Configuring DHCPMonitoring and Maintaining the DHCP ServerMonitoring and Maintaining the DHCP ServerTo clear DHCP server variables, use the following commands in privileged EXEC mode, as needed:Command PurposeRouter#clear ip dhcp binding address |*Deletes an automatic address binding from the DHCP database.Specifying address clears the automatic binding for a specific(client)IPaddress, whereas specifying asterisk (*) clears all automatic bindings. Router#clear ip dhcp conflict address |*Clears an address conflict from the DHCP database.Specifying addressclears the conflict for a specific IP address whereas specifying an asterisk(*) clears conflicts for all addresses.Router#clear ip dhcp server statistics Resets all DHCP server counters to 0.To enable DHCP server debugging, use the following command in privileged EXEC mode:Command PurposeRouter# debug ip dhcp server{events | packets | linkage}Enables debugging on the DHCP server.To display DHCP server information, use the following commands in EXEC mode, as needed:Command PurposeRouter> show ip dhcp binding[address]Displays a list of all bindings created on a specific DHCP server. Router> show ip dhcp conflict[address]Displays a list of all address conflicts recorded by a specific DHCP server. Router#show ip dhcp database[url]Displays recent activity on the DHCP database.Note Use this command in privileged EXEC mode.Router> show ip dhcp server statistics Displays count information about server statistics and messages sent andreceived.Configuration ExamplesThis section provides the following configuration examples:•DHCP Database Agent Configuration Example•DHCP Address Pool Configuration Example•Manual Bindings Configuration ExampleConfiguring DHCPConfiguration Examples DHCP Database Agent Configuration ExampleThe following example stores bindings on host 172.16.4.253. The file transfer protocol is FTP. Theserver should wait 2 minutes (120 seconds) before writing database changes.ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120DHCP Address Pool Configuration ExampleIn the following example, three DHCP address pools are created: one in network 172.16.0.0, one insubnetwork 172.16.1.0,and one in subnetwork 172.16.2.0.Attributes from network 172.16.0.0,such as the domain name, DNS server, NetBIOS name server, and NetBIOS node type, are inherited insubnetworks 172.16.1.0and 172.16.2.0.In each pool,clients are granted 30-day leases and all addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for assigning toclients. Table 5 lists the IP addresses for the devices in three DHCP address pools.ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120ip dhcp excluded-address 172.16.1.100 172.16.1.103ip dhcp excluded-address 172.16.2.100 172.16.2.103!ip dhcp pool 0network 172.16.0.0 /16domain-name dns-server 172.16.1.102 172.16.2.102netbios-name-server 172.16.1.103 172.16.2.103netbios-node-type h-node!ip dhcp pool 1network 172.16.1.0 /24default-router 172.16.1.100 172.16.1.101lease 30!ip dhcp pool 2network 172.16.2.0 /24default-router 172.16.2.100 172.16.2.101lease 30T able 5DHCP Address Pool DevicesPool 0 (Network 172.16.0.0)Pool 1 (Subnetwork 172.16.1.0)Pool 2 (Subnetwork 172.16.2.0)DeviceIP Address Device IP Address Device IP Address Default routers–Default routers 172.16.1.100172.16.1.101Default routers 172.16.2.100172.16.2.101DNS server 172.16.1.102—172.16.2.102————NetBIOS name server 172.16.1.103—172.16.2.103————NetBIOS node type h-node ————Configuring DHCPConfiguration ExamplesManual Bindings Configuration ExampleThe following example creates a manual binding for a client named .The MAC addressof the client is 02c7.f800.0422 and the IP address of the client is 172.16.2.254.ip dhcp pool Marshost 172.16.2.254hardware-address 02c7.f800.0422 ieee802client-name MarsBecause attributes are inherited, the previous configuration is equivalent to the following:ip dhcp pool Marshost 172.16.2.254 mask 255.255.255.0hardware-address 02c7.f800.0422 ieee802client-name Marsdefault-router 172.16.2.100 172.16.2.101domain-name dns-server 172.16.1.102 172.16.2.102netbios-name-server 172.16.1.103 172.16.2.103netbios-node-type h-nodeCisco IOS IP and IP Routing Configuration GuideP1C-73Configuring DHCP Configuration ExamplesCisco IOS IP and IP Routing Configuration GuideP1C-74。

思科交换机配置教程首先，我们需要登录到交换机的控制台界面。

可以通过串口连接，或者通过网络连接，例如通过SSH协议进行连接。

登录后，我们进入到交换机的命令行界面。

接下来，我们需要进行基本的配置。

思科交换机的配置是通过命令行界面进行的，配置的命令是不同的，但是有一些通用的配置信息，我们可以先进行配置。

首先，我们要为交换机设置一个主机名。

可以使用如下命令进行配置：```Switch(config)# hostname Switch1```这样就为交换机设置了一个名字为"Switch1"的主机名。

接下来，我们可以配置交换机的管理IP地址。

可以使用如下命令进行配置：```Switch(config)# interface vlan 1Switch(config-if)# ip address 192.168.1.1 255.255.255.0Switch(config-if)# no shutdown```这样就为交换机的VLAN1接口配置了一个IP地址为192.168.1.1，子网掩码为255.255.255.0，并且启用了这个接口。

除了基本配置信息，我们还需要进行一些其他的配置，例如VLAN的配置。

VLAN是虚拟局域网的意思，可以将交换机的端口划分到不同的VLAN中，实现不同VLAN之间的隔离。

可以使用如下命令进行VLAN的配置：```Switch(config)# vlan 10Switch(config-vlan)# name VLAN10Switch(config-vlan)# exitSwitch(config)# interface fastEthernet 0/1Switch(config-if)# switchport access vlan 10Switch(config-if)# exit```这样就创建了一个编号为10的VLAN，名称为"VLAN10"。

网络拓扑图如下：根据图示连接设备。

在本次试验中，具体端口情况如上图数字标出。

核心交换机（core ）设置为s1或者SW1，汇聚层交换机（access）设置为s2或者SW2。

IP 地址分配：Router：e0：192.168.1.1Core：f0/1: 192.168.1.2Svi接口：Core vlan10: 172.16.10.254Vlan20: 172.16.20.254Vlan30: 172.16.30.254Access vlan10: 172.16.10.253Vlan20: 172.16.20.253Vlan30: 172.16.30.253服务器IP地址：192.168.30.1Office区域网段地址：PC1：192.168.10.1PC2：192.168.10.2路由器清空配置命令：enerase startup-configReload交换机清空配置命令：enerase startup-configdelete vlan.datReload加速命令：enconf tno ip domain lookupline con 0exec-timeout 0 0logging synhostname一、OFFICE 区域地址静态分配，防止OFFICE 网络发生ARP 攻击，不允许OFFICE 网段PC 互访；STUDENTS 区域主机输入正确的学号和密码后接入网络，自动获取地址，阻止STUDENTS网段地址发生ARP攻击；1、基本配置SW1的配置：SW1(config)#vtp domain cisco //SW1配置vtp，模式为server，SW2模式为client SW1(config)#vtp password sovandSW1(config)#vtp mode serverSW1(config)#vlan 10SW1(config)#int range f0/3,f0/4 //链路捆绑SW1(config-if-range)#Channel-protocol pagpSW1(config-if-range)#Channel-group 10 mode onSW1(config)#int port-channel 10 //链路设置为trunk模式，封装802.1q协议，三层交换机默认没有封装该协议SW1(config-if)#switchport trunk encapsulation dot1qSW1(config-if)#switchport mode trunkSW2配置：SW2(config)#vtp domain ciscoSW2(config)#vtp password sovandSW2(config)#vtp mode clientSW2(config)#int range f0/3,f0/4SW2(config-if-range)#Channel-protocol pagpSW2(config-if-range)#Channel-group 10 mode onCreating a port-channel interface Port-channel 10SW2(config)#int port-channel 10SW2(config-if)#switchport trunk encapsulation dot1qSW2(config-if)#switchport mode trunkSW2(config)#int f0/1 //把f0/1,f0/2划入vlan10SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 10SW2(config-if)#int f0/2SW2(config-if)#switchport mode accessSW2(config-if)#switchport access vlan 102、vlan aclOffice区域禁止PC机互访：使用show int e0/0命令查看mac地址SW2(config)#mac access-list extended macaclSW2(config-ext-macl)#permit host 0007.8562.9de0 host 0007.8562.9c20 //要禁止双向通信SW2(config-ext-macl)#permit host 0007.8562.9c20 host 0007.8562.9de0SW2(config)#vlan access-map vmap 10 //禁止pc间的通信SW2(config-access-map)#match mac add macaclSW2(config-access-map)#action dropSW2(config)#vlan access-map vmap 20 //对其他数据放行，不然pc机无法ping通svi口、网关SW2(config-access-map)#action forwardSW2(config)#vlan filter vmap vlan-list 10未使用VLAN ACL时pc1可以ping通pc2，如下图：使用VLAN ACL时pc1可以无法ping通pc2，如下图：3、Office区域静态配置ip地址时采用的ARP防护：配置如下：SW2(config)#ip arp inspection vlan 10SW2(config)#arp access-list arplistSW2(config-arp-nacl)#permit ip host 192.168.10.1 mac host 0007.8562.9de0 //ip地址与mac地址对应表SW2(config-arp-nacl)#permit ip host 192.168.10.2 mac host 0007.8562.9c20SW2(config-arp-nacl)#ip arp inspection filter arplist vlan 10SW2(config)#int port-channel 10SW2(config-if)#ip arp inspection trust注意：配置静态arp防护（用户主机静态配置地址，不是通过DHCP获取地址），需要新建ip与mac映射表，不然pc1无法ping通svi口4、OSPF与DHCP全网起OSPF协议，使pc1可以ping通路由器。

思科cisco路由器dhcp动态分配ip地址实现⽅法本⽂实例讲述了思科cisco路由器dhcp动态分配ip地址实现⽅法。

分享给⼤家供⼤家参考，具体如下：⼀、拓扑图Router1 F0/0 <----> Switch5 F0/0Router1 E1/0 <----> VPCS V0/5Switch5 F0/1 <----> Switch1 F0/0Switch5 F0/2 <----> Switch2 F0/0Switch5 F0/3 <----> Switch3 F0/0Switch5 F0/4 <----> Switch4 F0/0Switch1 F0/1 <----> VPCS V0/1Switch2 F0/1 <----> VPCS V0/2Switch3 F0/1 <----> VPCS V0/3⼆、dhcp服务器就是通过主机分配ip的⼀项服务。

路由是通过那个⼝来分配的。

接⼏个分配⼏个。

要使客户机能从⽤作DHCP Server的路由器中⾃动获得IP地址。

三、实验要求：1、vlan之间的通信通过三层交换机来实现2、路由器为4个vlan来分配ip地址3、pc1 - 4分别属于4个部门，能够⾃动得到ip地址4、pc1 - 5直接可以ping通四、实验思路：1、⾸先配置⼆层交换机上的vlan、trunk并把接⼝加⼊vlan2、三层交换中配置vlan、trunk并启⽤ip routing路由功能3、三层交换中配置vlan ip地址，三层交换机是带有三层路由功能的交换机，也就是这台交换机的端⼝既有三层路由功能，也具有⼆层交换功能。

三层交换机端⼝默认为⼆层⼝，如果需要启⽤三层功能就需要在此端⼝输⼊no switchport命令。

运⾏router rip协议（其他协议也⾏）查看路由表 show ip router4、配置路由器dhcp服务建⽴地址持ip dhcp pool apple（apple为地址池名称可以随便起）运⾏router rip协议5、保存设置：在全局配置模式下 Router#copy running-config startup-config //保存当前的配置或 Router#write 也⾏6、查看！五、实验过程：1、配置⼆层交换机valn trunk 并将接⼝加⼊vlansw1#vlan datasw1#vlan databasesw1(vlan)#vlan 10VLAN 10 added:Name: VLAN0010sw1(vlan)#exitAPPLY completed.Exiting....sw1#conf tEnter configuration commansw1(config)#interface f0/0sw1(config-if)#sw m tsw1(config-if)#interface f0/1sw1(config-if)#sw ac vlan 10sw1(config-if)#exitsw1(config)#exitsw1#show vlan-switchsw2 - 4相同配置2、配置三层交换（vlan、trunk、vlan ip）sw3-1#vlan dasw3-1(vlan)#vlan 10VLAN 10 added:Name: VLAN0010sw3-1(vlan)#vlan 20VLAN 20 added:Name: VLAN0020sw3-1(vlan)#vlan 30VLAN 30 added:Name: VLAN0030sw3-1(vlan)#vlan 40VLAN 40 added:Name: VLAN0040sw3-1(config)#ip routing 在三层交换中启动路由功能sw3-1(config)#interface vlan 10sw3-1(config-if)#ip ad 192.168.1.1 255.255.255.0 配置vlan ipsw3-1(config-if)#no shutsw3-1(config-if)#exitsw3-1(config)#interface vlan 20sw3-1(config-if)#ip ad 192.168.2.1 255.255.255.0sw3-1(config-if)#no shutsw3-1(config-if)#exitsw3-1(config)#interface vlan 30sw3-1(config-if)#ip address 192.168.3.1 255.255.255.0sw3-1(config-if)#no shutsw3-1(config-if)#interface vlan 40sw3-1(config-if)#ip ad 192.168.4.1 255.255.255.0sw3-1(config-if)#no shutsw3-1(config-if)#exitsw3-1(config)#interface rang f0/1 - 4 配置trunksw3-1(config-if-range)#sw m tsw3-1(config-if-range)#exitsw3-1(config)#interface f0/0sw3-1(config-if)#no switchport 启动三层接⼝sw3-1(config)#interface f0/0sw3-1(config-if)#ip address 10.0.0.1 255.0.0.0 配置接⼝ipsw3-1(config-if)#no shutsw3-1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.3 配置默认路由sw3-1(config)#router rip 启⽤rip协议sw3-1(config-router)#network 192.168.1.0sw3-1(config-router)#network 192.168.2.0sw3-1(config-router)#network 192.168.3.0sw3-1(config-router)#network 192.168.4.0sw3-1(config-router)#network 10.0.0.0查看路由表3、配置dhcp路由器dhcp(config)#interface f0/0dhcp(config-if)#ip addressdhcp(config-if)#ip address 10.0.0.3 255.0.0.0dhcp(config-if)#interface 192.168.237.1 255.255.255.0dhcp(config)#inte e1/0dhcp(config-if)#ip add 192.168.237.1 255.255.255.0dhcp(config-if)#no shutdhcp(config-if)#exitdhcp(config)#router ripdhcp(config-router)#network 10.0.0.0dhcp(config-router)#network 192.168.237.0show ip route 同上dhcp(config)#ip dhcp pool apple 建⽴地址池dhcp(dhcp-config)#network 192.168.0.0 255.255.0.04、在三层交换指定dhcp服务器即路由器的ip 地址。

思科模拟器——DHCP服务器中继实验2017-7-9基于思科模拟器ZKY正品体育思科模拟器DHCP服务器中继实验【DHCP服务器中继案例1】只有⼀个⽹段的DHCP中继其中路由器作为DHCP服务器，交换机作为中继⼀、交换机配置过程Switch>Switch>enSwitch#confSwitch(config)#vlan 10 创建VLAN 10Switch(config-vlan)#exitSwitch(config)#int vlan 10Switch(config-if)#ip address 192.168.10.254 255.255.255.0 为VLAN 10配置地址Switch(config-if)#no shut 开启虚拟接⼝Switch(config-if)#exitSwitch(config)#int fa0/1Switch(config-if)#switchport access vlan 10 将fa0/1加⼊vlan 10Switch(config-if)#exitSwitch(config)#int fa0/24Switch(config-if)#no switchport 将交换⼝转换为路由⼝Switch(config-if)#ip adSwitch(config-if)#ip address 172.16.1.1 255.255.255.0Switch(config-if)#no shutSwitch(config-if)#exSwitch(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2Switch(config-if)#Switch(config-if)#exitSwitch(config)#int vlan 10Switch(config-if)#ip ?access-group Specify access control for packetsaddress Set the IP address of an interfacehello-interval Configures IP-EIGRP hello intervalhelper-address Specify a destination address for UDP broadcasts nat NAT interface commandsospf OSPF interface commandsproxy-arp Enable proxy ARPsplit-horizon Perform split horizonsummary-address Perform address summarizationSwitch(config-if)#ip helpSwitch(config-if)#ip helper-address 172.16.1.2Switch(config-if)#endSwitch#%SYS-5-CONFIG_I: Configured from console by consoleSwitch#sh ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 172.16.1.2 to network 0.0.0.0172.16.0.0/24 is subnetted, 1 subnetsC 172.16.1.0 is directly connected, FastEthernet0/24C 192.168.10.0/24 is directly connected, Vlan10S* 0.0.0.0/0 [1/0] via 172.16.1.2Switch#confConfiguring from terminal, memory, or network [terminal]?Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#ip routingSwitch(config)#endSwitch#%SYS-5-CONFIG_I: Configured from console by consoleSwitch#wrBuilding configuration...⼆、路由器配置过程Router>enRouter#confRouter(config)#int f0/0Router(config-if)#ip address 172.16.1.2 255.255.255.0Router(config-if)#exitRouter(config)#ip dhcp ?excluded-address Prevent DHCP from assigning certain addressespool Configure DHCP address poolsRouter(config)#ip dhcp excluded-address 192.168.10.254 排除地址，避免客户端获得此IP地址产⽣冲突Router(config)#ip dhcp pool vlan10 （创建地址池vlan10）Router(dhcp-config)#? (通过？可以知道DHCP服务器可以配置哪些选项)default-router Default routersdns-server Set name serverexit Exit from DHCP pool configuration modenetwork Network number and maskno Negate a command or set its defaultsoption Raw DHCP optionsRouter(dhcp-config)#default-router 192.168.10.254 （为客户端配置默认⽹关）Router(dhcp-config)#dns-server 192.168.10.254 （为客户端配置DNS）Router(dhcp-config)#netRouter(dhcp-config)#network 192.168.10.0 255.255.255.0 （客户端所在⽹络及掩码）Router(dhcp-config)#end Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1Router(config)#int fa0/0Router(config-if)#no shut【DHCP服务器中继案例2】有多个⽹段的DHCP中继⼀、交换机配置过程Switch>enSwitch#conf tEnter configuration commands, one per line. End with CNTL/Z.1.创建vlan 10，vlan20，vlan 30Switch(config)#vlan 10Switch(config-vlan)#vlan 20Switch(config-vlan)#vlan 30Switch(config-vlan)#2.为3个vlan创建相应的IP地址，并在vlan中创建中继，指向DHCP服务器地址Switch(config)#interface vlan 10Switch(config-if)#ip address 192.168.10.254 255.255.255.0Switch(config-if)#ip helper-address 172.16.1.2Switch(config)#interface vlan 20Switch(config-if)#ip address 192.168.20.254 255.255.255.0Switch(config-if)#ip helper-address 172.16.1.2Switch(config-if)#exitSwitch(config)#interface vlan 30Switch(config-if)#ip address 10.0.0.1 255.0.0.0Switch(config-if)#ip helper-address 172.16.1.23.将fa0/1，fa0/11，fa0/21分别加⼊vlan 10，vlan 20，vlan 30 Switch(config)#interface fastEthernet 0/1Switch(config-if)#switchport access vlan 10Switch(config)#interface fastEthernet 0/11Switch(config-if)#switchport access vlan 20Switch(config-if)#exitSwitch(config)#interface fastEthernet 0/21Switch(config-if)#switchport access vlan 30Switch(config-if)#Switch(config-if)#4.将fa0/24设置为路由⼝，并设置IP地址Switch(config)#interface fastEthernet 0/24Switch(config-if)#no switchportSwitch(config-if)#ip address 172.16.1.1 255.255.255.252 Switch(config-if)#5.设置默认路由，指向下⼀跳地址（即路由器接⼝地址）Switch(config-if)#exitSwitch(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2Switch(config)#6.交换机开启路由功能（总是会忘记这个，忘记了N次了）Switch(config)#ip routing7.保存配置Switch(config)#exitSwitch#%SYS-5-CONFIG_I: Configured from console by console Switch#wrBuilding configuration...[OK]Switch#⼆、路由器配置过程1.为路由器接⼝fa0/0配置IP地址，并开启接⼝Router>enRouter#conf tRouter(config)#interface fastEthernet 0/0Router(config-if)#ip address 172.16.1.2 255.255.255.252Router(config-if)#no shutdown （路由器默认情况下端⼝是禁⽤的，所以要开启，⽽交换机默认情况下端⼝是开启的，所以不需要敲此条命令）Router(config-if)#2.添加排除地址，避免客户端获得如下地址，产⽣IP地址冲突。

Cisco 3750交换机配置DHCP2009-02-27 14:53Cisco 3750交换机配置DHCP服务器实例网络环境：一台3750交换机，划分三个vlan, vlan2 为服务器所在网络，命名为server,IP地址段为192.168.2.0,子网掩码:255.255.255.0,网关:192.168.2.1,域服务器为windows 2003 advance server,同时兼作DNS服务器，IP地址为192.168.2.10,vlan3为客户机1所在网络，IP地址段为192.168.3.0,子网掩码:255.255.255.0,网关:192.168.3.1命名为work01,vlan4为客户机2所在网络,命名为work02,IP地址段为192.168.4.0,子网掩码:255.255.255.0,网关:192.168.4.1,3750作DHCP服务器,端口1-8划到VLAN 2，端口9-16划分到VLAN 3,端口17-24划分到VLAN 4.DHCP服务器实现功能:各VLAN保留2-10的IP地址不分配置,例如:192.168.2.0的网段,保留192.168.2.2至192.168.2.10的IP地址段不分配.安全要求:VLAN 3和VLAN 4 不允许互相访问,但都可以访问服务器所在的VLAN 2, 默认访问控制列表的规则是拒绝所有包。

配置命令及步骤如下：第一步：创建VLAN：Switch>enSwitch#Vlan DatabaseSwitch(Vlan)>Vlan 2 Name serverSwitch(Vlan)>Vlan 3 Name work01Switch(vlan)>Vlan 4 Name work02第二步：设置VLAN IP地址：Switch#Config TSwitch(Config)>Int Vlan 2Switch(Config-vlan)Ip Address 192.168.2.1 255.255.255.0Switch(Config-vlan)No ShutSwitch(Config-vlan)>Int Vlan 3Switch(Config-vlan)Ip Address 192.168.3.1 255.255.255.0Switch(Config-vlan)No ShutSwitch(Config-vlan)>Int Vlan 4Switch(Config-vlan)Ip Address 192.168.4.1 255.255.255.0Switch(Config-vlan)No ShutSwitch(Config-vlan)Exit/*注意：由于此时没有将端口分配置到VLAN2，3，4，所以各VLAN会DOWN 掉，待将端口分配到各VLAN后，VLAN会起来*/第三步：设置端口全局参数Switch(Config)Interface Range Fa 0/1 - 24Switch(Config-if-range)Switchport Mode AccessSwitch(Config-if-range)Spanning-tree Portfast第四步：将端口添加到VLAN2，3，4中/*将端口1-8添加到VLAN 2*/Switch(Config)Interface Range Fa 0/1 - 8Switch(Config-if-range)Switchport Access Vlan 2/*将端口9-16添加到VLAN 3*/Switch(Config)Interface Range Fa 0/9 - 16Switch(Config-if-range)Switchport Access Vlan 3/*将端口17-24添加到VLAN 4*/Switch(Config)Interface Range Fa 0/17 - 24Switch(Config-if-range)Switchport Access Vlan 4Switch(Config-if-range)Exit/*经过这一步后，各VLAN会起来*/第五步：配置3750作为DHCP服务器/*VLAN 2可用地址池和相应参数的配置,有几个VLAN要设几个地址池*/ Switch(Config)Ip Dhcp Pool Test01/*设置可分配的子网*/Switch(Config-pool)Network 192.168.2.0 255.255.255.0/*设置DNS服务器*/Switch(Config-pool)Dns-server 192.168.2.10/*设置该子网的网关*/Switch(Config-pool)Default-router 192.168.2.1/*配置VLAN 3所用的地址池和相应参数*/Switch(Config)Ip Dhcp Pool Test02Switch(Config-pool)Network 192.168.3.0 255.255.255.0Switch(Config-pool)Dns-server 192.168.2.10Switch(Config-pool)Default-router 192.168.3.1/*配置VLAN 4所用的地址池和相应参数*/Switch(Config)Ip Dhcp Pool Test03Switch(Config-pool)Network 192.168.4.0 255.255.255.0Switch(Config-pool)Dns-server 192.168.2.10Switch(Config-pool)Default-router 192.168.4.1第六步:设置DHCP保留不分配的地址Switch(Config)Ip Dhcp Excluded-address 192.168.2.2 192.168.2.10 Switch(Config)Ip Dhcp Excluded-address 192.168.3.2 192.168.3.10 Switch(Config)Ip Dhcp Excluded-address 192.168.4.2 192.168.4.10第七步:启用路由/*路由启用后,各VLAN间主机可互相访问*/Switch(Config)Ip Routing第八步:配置访问控制列表Switch(Config)access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255Switch(Config)access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255Switch(Config)access-list 103 permit udp any any eq bootpcSwitch(Config)access-list 103 permit udp any any eq tftpSwitch(Config)access-list 103 permit udp any eq bootpc anySwitch(Config)access-list 103 permit udp any eq tftp anySwitch(Config)access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255Switch(Config)access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255Switch(Config)access-list 104 permit udp any eq tftp anySwitch(Config)access-list 104 permit udp any eq bootpc anySwitch(Config)access-list 104 permit udp any eq bootpc anySwitch(Config)access-list 104 permit udp any eq tftp any第九步:应用访问控制列表/*将访问控制列表应用到VLAN 3和VLAN 4,VLAN 2不需要*/Switch(Config)Int Vlan 3Switch(Config-vlan)ip access-group 103 outSwitch(Config-vlan)Int Vlan 4Switch(Config-vlan)ip access-group 104 out第十步：结束并保存配置Switch(Config-vlan)EndSwitch#write memory。

本案例使用Cisco三层交换机结合Mikrotik Routeros配置OSPF动态路由及多Vlan Dhcp服务器中继配置。

使用设备如下三层交换机：Cisco 3550 EMI接入层交换机：HUAWEI Quidway S2008Mikrotik RouterOs 3.13配置目的：验证Routeros OSPF动态路由及DHCP中继配置文档：ip routing#开启路由功能#ip dhcp excluded-address 10.100.0.100#设置dhcp服务器ip地址#interface FastEthernet0/2switchport trunk encapsulation dot1qswitchport mode trunk#设置与2层交换机互联的trunk端口#interface FastEthernet0/23switchport access vlan 2switchport mode accessspanning-tree portfast#设置与ros连接的端口的vlan#interface Vlan2description serverip address 10.100.0.1 255.255.255.0#设置3层交换机vlan接口ip#!interface Vlan3description officeip address 10.100.3.1 255.255.255.0ip helper-address 10.100.0.100!#设置3层交换机vlan接口ip及配置dhcp中继#interface Vlan4description salesip address 10.100.4.1 255.255.255.0ip helper-address 10.100.0.100!#设置3层交换机vlan接口ip及配置dhcp中继#interface Vlan5description usersip address 10.100.5.1 255.255.255.0ip helper-address 10.100.0.100!#设置3层交换机vlan接口ip及配置dhcp中继#router ospf 10router-id 10.100.0.1log-adjacency-changesnetwork 10.100.0.0 0.0.255.255 area 10.100.0.0#配置ospf进程及area信息#HUAWEI Quidway S2008 配置：interface Ethernet0/6switchport access vlan 5!#配置用户端口#interface Ethernet0/7switchport access vlan 3!#配置用户端口#interface Ethernet0/8switchport access vlan 4#配置用户端口#interface Ethernet0/9switchport mode trunkswitchport trunk allowed vlan all!#设置与3层交换机互联的trunk端口#Mikrotik Routeros:/ip pooladd name="vlan3" ranges=10.100.3.2-10.100.3.254add name="vlan4" ranges=10.100.4.2-10.100.4.254add name="vlan5" ranges=10.100.5.2-10.100.5.254#设置不同Vlan的地址池#/ip dhcp-serveradd address-pool=vlan3 authoritative=after-2sec-delay bootp-support=static \ disabled=no interface=in lease-time=3d name="vlan3" relay=10.100.3.1 add address-pool=vlan4 authoritative=after-2sec-delay bootp-support=static \ disabled=no interface=in lease-time=3d name="vlan4" relay=10.100.4.1 add address-pool=vlan5 authoritative=after-2sec-delay bootp-support=static \ disabled=no interface=in lease-time=3d name="vlan5" relay=10.100.5.1#设置Dhcp-server 使之支持Dhcp中继#/routing ospf areaadd area-id=0.0.0.0 authentication=none disabled=no name="backbone" \type=defaultadd area-id=10.100.0.0 authentication=none disabled=no name="area1" \type=default#配置ospf area#/ip addressadd address=10.100.0.100/24 broadcast=10.100.0.255 comment="" disabled=no \ interface=in network=10.100.0.0#配置内部IP地址#/ip dnsset allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \max-udp-packet-size=512 primary-dns=192.168.100.208 \#配置dns#/ip firewall natadd action=masquerade chain=srcnat comment="" disabled=no \src-address=10.100.0.0/16#配置NAT#/routing ospfset distribute-default=always-as-type-2 metric-bgp=20 metric-connected=20 \metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified \mpls-te-router-id=unspecified redistribute-bgp=no \redistribute-connected=no redistribute-rip=no redistribute-static=no \router-id=10.100.100.2/routing ospf interfaceadd authentication=none authentication-key="" cost=10 dead-interval=40s \disabled=no hello-interval=10s interface=in network-type=broadcast \passive=no priority=1 retransmit-interval=5s transmit-delay=1s/routing ospf networkadd area=area1 disabled=no network=10.100.0.0/16#配置OSPF路由协议#cisco3550#show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static routeGateway of last resort is 10.100.0.100 to network 0.0.0.010.0.0.0/24 is subnetted, 4 subnetsC 10.100.4.0 is directly connected, Vlan4C 10.100.5.0 is directly connected, Vlan5C 10.100.3.0 is directly connected, Vlan3C 10.100.0.0 is directly connected, Vlan2O*E2 0.0.0.0/0 [110/1] via 10.100.0.100, 01:09:52, Vlan2[admin@MikroTik] /ip route> printFlags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit# DST-ADDRESS PREF-SRC GATEWAY-STATEGATEWAY DISTANCE INTERFACEADS 0.0.0.0/0 reachable 192.168.18.1 0 o ut1ADC 10.100.0.0/24 10.100.0.100 0 in2ADo 10.100.3.0/24 reachable 10.100.0.1 110 in3ADo 10.100.4.0/24 reachable 10.100.0.1 110 in4ADo 10.100.5.0/24 reachable 10.100.0.1 110 in5ADC 192.168.18.0/24 192.168.18.158 0 out。

cisco思科路由器设置思科cisco是全球领先且顶尖的通讯厂商，出产的路由器功能也是很出色的，那么你知道cisco路由器详细知识吗?下面是小编收集整理的cisco思科路由器设置范文，欢迎借鉴参考。

cisco思科路由器设置(一)1. Cisco交换机支持的命令：交换机基本状态：switch: ;ROM状态，路由器是rommon>hostname> ;用户模式hostname# ;特权模式hostname(config)# ;全局配置模式hostname(config-if)# ;接口状态交换机口令设置：switch>enable ;进入特权模式switch#config terminal ;进入全局配置模式switch(config)#hostname ;设置交换机的主机名switch(config)#enable secret xxx ;设置特权加密口令switch(config)#enable password xxa ;设置特权非密口令switch(config)#line console 0 ;进入控制台口switch(config-line)#line vty 0 4 ;进入虚拟终端switch(config-line)#login ;允许登录switch(config-line)#password xx ;设置登录口令xxswitch#exit ;返回命令交换机VLAN设置：switch#vlan database ;进入VLAN设置switch(vlan)#vlan 2 ;建VLAN 2switch(vlan)#no vlan 2 ;删vlan 2switch(config)#int f0/1 ;进入端口1switch(config-if)#switchport access vlan 2 ;当前端口加入vlan2switch(config-if)#switchport mode trunk ;设置为干线switch(config-if)#switchport trunk allowed vlan 1，2 ;设置允许的vlanswitch(config-if)#switchport trunk encap dot1q ;设置vlan 中继switch(config)#vtp domain ;设置发vtp域名switch(config)#vtp password ;设置发vtp密码switch(config)#vtp mode server ;设置发vtp模式switch(config)#vtp mode client ;设置发vtp模式交换机设置IP地址：switch(config)#interface vlan 1 ;进入vlan 1switch(config-if)#ip address ;设置IP地址switch(config)#ip default-gateway ;设置默认网关switch#dir flash: ;查看闪存交换机显示命令：switch#write ;保存配置信息switch#show vtp ;查看vtp配置信息switch#show run ;查看当前配置信息switch#show vlan ;查看vlan配置信息switch#show interface ;查看端口信息switch#show int f0/0 ;查看指定端口信息2. 路由器支持的命令：路由器显示命令：router#show run ;显示配置信息router#show interface ;显示接口信息router#show ip route ;显示路由信息router#show cdp nei ;显示邻居信息router#reload ;重新起动路由器口令设置：router>enable ;进入特权模式router#config terminal ;进入全局配置模式router(config)#hostname ;设置交换机的主机名router(config)#enable secret xxx ;设置特权加密口令router(config)#enable password xxb ;设置特权非密口令router(config)#line console 0 ;进入控制台口router(config-line)#line vty 0 4 ;进入虚拟终端router(config-line)#login ;要求口令验证router(config-line)#password xx ;设置登录口令xxrouter(config)#(Ctrl+z) ;返回特权模式router#exit ;返回命令路由器配置：router(config)#int s0/0 ;进入Serail接口router(config-if)#no shutdown ;激活当前接口router(config-if)#clock rate 64000 ;设置同步时钟router(config-if)#ip address ;设置IP地址router(config-if)#ip address second ;设置第二个IProuter(config-if)#int f0/0.1 ;进入子接口router(config-subif.1)#ip address ;设置子接口IProuter(config-subif.1)#encapsulation dot1q ;绑定vlan中继协议router(config)#config-register 0x2142 ;跳过配置文件router(config)#config-register 0x2102 ;正常使用配置文件router#reload ;重新引导路由器文件操作：router#copy running-config startup-config ;保存配置router#copy running-config tftp ;保存配置到tftprouter#copy startup-config tftp ;开机配置存到tftprouter#copy tftp flash: ;下传文件到flashrouter#copy tftp startup-config;下载配置文件ROM状态：Ctrl+Break ;进入ROM监控状态rommon>confreg 0x2142 ;跳过配置文件rommon>confreg 0x2102 ;恢复配置文件rommon>reset ;重新引导rommon>copy xmodem: flash: ;从console传输文件rommon>IP_ADDRESS=10.65.1.2 ;设置路由器IP rommon>IP_SUBNET_MASK=255.255.0.0 ;设置路由器掩码rommon>TFTP_SERVER=10.65.1.1 ;指定TFTP服务器IP rommon>TFTP_FILE=c2600.bin ;指定下载的文件rommon>tftpdnld ;从tftp下载rommon>dir flash: ;查看闪存内容rommon>boot ;引导IOS静态路由：ip route ;命令格式router(config)#ip route 2.0.0.0 255.0.0.0 1.1.1.2 ;静态路由举例router(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.2 ;默认路由举例动态路由：router(config)#ip routing ;启动路由转发router(config)#router rip ;启动RIP路由协议。

交换机配置（七）DHCP配置1，交换机作DHCP Server『配置环境参数』1. PC1、PC2的网卡均采用动态获取IP地址的方式2. PC1连接到交换机的以太网端口0/1，属于VLAN10；PC2连接到交换机的以太网端口0/2，属于VLAN203. 三层交换机SwitchA的VLAN接口10地址为10.1.1.1/24，VLAN接口20地址为10.1.2.1/24『组网需求』1. PC1可以动态获取10.1.1.0/24网段地址，并且网关地址为10.1.1.1；PC2可以动态获取10.1.2.0/24网段地址，并且网关地址为10.1.2.1『DHCP Server配置流程流程』可以完成对直接连接到三层交换机的PC机分配IP地址，也可以对通过DHCP中继设备连接到三层交换机的PC机分配IP地址。

分配地址的方式可以采用接口方式，或者全局地址池方式。

【SwitchA采用接口方式分配地址相关配置】1. 创建（进入）VLAN10[SwitchA]vlan 102. 将E0/1加入到VLAN10[SwitchA-vlan10]port Ethernet 0/13. 创建（进入）VLAN接口10[SwitchA]interface Vlan-interface 104. 为VLAN接口10配置IP地址[SwitchA-Vlan-interface10]ip address 10.1.1.1 255.255.255.05. 在VLAN接口10上选择接口方式分配IP地址[SwitchA-Vlan-interface10]dhcp select interface6. 禁止将PC机的网关地址分配给用户[SwitchA]dhcp server forbidden-ip 10.1.1.1【SwitchA采用全局地址池方式分配地址相关配置】1. 创建（进入）VLAN10[SwitchA]vlan 102. 将E0/1加入到VLAN10[SwitchA-vlan10]port Ethernet 0/13. 创建（进入）VLAN接口10[SwitchA]interface Vlan-interface 104. 为VLAN接口10配置IP地址[SwitchA-Vlan-interface10]ip address 10.1.1.1 255.255.255.05. 在VLAN接口10上选择全局地址池方式分配IP地址[SwitchA-Vlan-interface10]dhcp select global6. 创建全局地址池，并命名为”vlan10”[SwitchA]dhcp server ip-pool vlan107. 配置vlan10地址池给用户分配的地址范围以及用户的网关地址[SwitchA-dhcp-vlan10]network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-vlan10]gateway-list 10.1.1.18. 禁止将PC机的网关地址分配给用户[SwitchA]dhcp server forbidden-ip 10.1.1.1【补充说明】以上配置以VLAN10的为例，VLAN20的配置参照VLAN10的配置即可。

Cisco交换机DHCP Snooping功能详述一、采用DHCP服务的常见问题架设DHCP服务器可以为客户端自动分配IP地址、掩码、默认网关、DNS服务器等网络参数，简化了网络配置，提高了管理效率。

但在DHCP服务的管理上存在一些问题，常见的有：●DHCP Server的冒充& 被过滤广告nbsp; ●DHCP Server的DOS攻击，如DHCP耗竭攻击●某些用户随便指定IP地址，造成IP地址冲突1、DHCP Server的冒充由于DHCP服务器和客户端之间没有认证机制，所以如果在网络上随意添加一台DHCP服务器，它就可以为客户端分配IP地址以及其他网络参数。

只要让该DHCP服务器分配错误的IP 地址和其他网络参数，那就会对网络造成非常大的危害。

2、DHCP Server的拒绝服务攻击通常DHCP服务器通过检查客户端发送的DHCP请求报文中的CHADDR（也就是Client MAC address）字段来判断客户端的MAC地址。

正常情况下该CHADDR字段和发送请求报文的客户端真实的MAC地址是相同的。

攻击者可以利用伪造MAC的方式发送DHCP请求，但这种攻击可以使用Cisco 交换机的端口安全特性来防止。

端口安全特性（Port Security）可以限制每个端口只使用唯一的MAC地址。

但是如果攻击者不修改DHCP请求报文的源MAC地址，而是修改DHCP报文中的CHADDR字段来实施攻击，那端口安全就不起作用了。

由于DHCP服务器认为不同的CHADDR值表示请求来自不同的客户端，所以攻击者可以通过大量发送伪造CHADDR的DHCP请求，导致DHCP服务器上的地址池被耗尽，从而无法为其他正常用户提供网络地址，这是一种DHCP耗竭攻击。

DHCP耗竭攻击可以是纯粹的DOS攻击，也可以与伪造的DHCP服务器配合使用。

当正常的DHCP服务器瘫痪时，攻击者就可以建立伪造的DHCP 服务器来为局域网中的客户端提供地址，使它们将信息转发给准备截取的恶意计算机。

cisco2960交换机的dhcp服务配置 (2011-02-17 10:39)/space.php?uid=24946452&do=blog&id=125299标签: 交换机style分类：Network首先，cisco2960交换机是支持dhcp server功能的。

网上有人说不支持，那是错误的。

配置过程中参考了/art/200805/74377.htm这篇文章，写的非常好。

只不过这篇文章中配置的是路由器，我配置的是交换机。

配置时参考介绍选择自己需要的操作即可。

向作者表示感谢！参考文章：/art/200805/74377.htm第一步：查看设备是否支持IOS DHCP Server功能一般的Cisco路由器或访问服务器，以及少部分安装有路由交换模块或多层交换功能卡的交换机都具有IOS DHCP Server功能。

如果还没有确认你的设备是否具备这一功能，那么，你可以按如下方法在命令行界面（CLI）下进行快速检测，步骤如下：2960>enablePassWord?2960#config t'进入配置模式Enter configuration commands? one per line.End with CNTL/Z.2960?config?#ip dhcp ?如果出现的是下面的信息，那么很遗憾，你的设备不支持IOS DHCP Server功能：% Unrecognized command如果支持DHCP Server功能，应该显示如下：anzhenoffice(config)#ip dhcp?dhcp dhcp-client dhcp-server第二步：在交换机上进行配置1.设置DHCP数据库代理DHCP数据库代理是用于存储DHCP绑定信息的一台主机，它可以是FTP、TFTP或者是RCP服务器。

当然，如有必要，你可以配置多个DHCP数据库代理。

同样，不配置DHCP数据库代理也是允许的，但这是以不能在DHCP数据库代理上存储地址冲突日志为代价的。

分配地址的配置：TOPO:SERVER----g1/0-----------------g1/0--Relay---g2/0---------g2/0--ClientSERVER端配置:1R1#SHO RUN23hostname R14!5boot-start-marker6boot-end-marker78ipv6 unicast-routing---------------使能IPv6转发（这种问题不再赘述，接口同）9ipv6 cef10ipv6 dhcp pool cisco---------------创建DHCPv6地址池11address prefix 23::/64------------添加要进行分配的前缀1213interface GigabitEthernet1/014no ip address15negotiation auto16ipv6 address 12::1/6417ipv6 enable18ipv6 dhcp server cisco------------在接口使能DHCPv6 Server功能，并绑定地址池19ipv6 ospf 110 area 0--------------为了保证DHCPv6报文穿越Relay设备，要在server 上配置路由20!2122ipv6 router ospf 11023router-id 1.1.1.1-----------------配置OSPFv3路由（据说RFC规定ospfv3不会自己选择router-id，所以要手工配置喽）RELAY端配置:24R2#sho run25*Apr 6 22:29:31.247: %SYS-5-CONFIG_I: Configured from console by console26R2#sho run2728!29hostname R230!31no ip domain lookup32ipv6 unicast-routing--------------同server33ipv6 cef343536interface GigabitEthernet1/0------接口正常配置即可（relay与server相连的接口）37no ip address38negotiation auto39ipv6 address 12::1/6440ipv6 enable41ipv6 ospf 110 area 042!43!44interface GigabitEthernet2/045no ip address46negotiation auto47ipv6 address 23::/6448ipv6 address 23::2/6449ipv6 enable50ipv6 dhcp relay destination 12::1-----在relay与client相连的接口上使能relay，并指定server地址51ipv6 ospf 110 area 05253ipv6 router ospf 11054router-id 2.2.2.2CLIENT端配置:55R3#sho run5657ip source-route58ip cef59!60!61!62!63no ip domain lookup64ipv6 unicast-routing65ipv6 cef66!6768interface GigabitEthernet1/069no ip address70negotiation auto71ipv6 address dhcp----------------------Client上使用此命令获取地址，同v4雷同72ipv6 enable73ipv6 ospf 110 area 0-------------------为了安全起见，我client上也使能了ospfv3（这里要提示一下ospfv3是利用链路本地地址建立的，而非ip地址）7475!76!77!78ipv6 router ospf 11079router-id 3.3.3.380log-adjacency-changes查看客户端状态：81R3(config-if)#do sh ipv dh int g1/0------------------查看dhcpv6接口G1/082GigabitEthernet1/0 is in client mode83Prefix State is IDLE84Address State is OPEN--------------------------------open即为申请到地址或委托前缀85Renew for address will be sent in 11:59:3986List of known servers:87Reachable via address: FE80::C801:15FF:FEE8:38--relay的链路本地地址,此值取于分配给客户端地址的server链路本地地址（这里有relay设备，relay填充了这个值）88DUID: 00030001CA0015E80000-------------------------同上，这里填充的是relay设备的duid，若客户端与server直连，则是server的duid89Preference: 0-------------------------------------------------server优先级，RFC规定默认值为0，可以手工修改90Configuration parameters:91IA NA: IA ID 0x00040001, T1 43200, T2 69120------IAID与T1、T2的值92Address: 23::C832:BFBD:F4F:DD55/128---------申请到的地址93preferred lifetime 86400, valid lifetime 172800---首选寿命与有效寿命94expires at Apr 08 2011 10:19 PM (172780 seconds)--release的时间点95Information refresh time: 0-----------------------------------------信息刷新时间，可以在客户端配置96Prefix Rapid-Commit: disabled-----------------------------------------DHCPv6获取前缀快速交换选项未使能97Address Rapid-Commit: disabled--------------------------------------DHCPv6获取地址快速交换选项未使能DHCPv6分配前缀的配置R1#sho runhostname R1!no ip domain lookupipv6 unicast-routingipv6 cefipv6 dhcp pool cisco--------------------------指定地址池ciscoprefix-delegation pool ciscopress------------地址池绑定创建的前缀池ciscopress(下面有配置前缀池ciscopress)dns-server 1985::1---------------------------指定DNS Server地址domain-name -------------------指定域名sip address 1985::1--------------------------指定sip Serversip domain-name --------------------指定sip域名注：还有些information的选项，在这就不一一列出了（根据各个厂商的支持情况决定，可以？看喽）interface GigabitEthernet1/0no ip addressnegotiation autoipv6 address 12::1/64ipv6 enableipv6 dhcp server cisco----------------------这里同分配地址一样，接口使能server绑定地址池ipv6 ospf 110 area 0ipv6 local pool ciscopress 23::/60 64------------指定要分配的前缀池ciscopressipv6 router ospf 110router-id 1.1.1.1relay:R2#sho runhostname R2!no ip domain lookupipv6 unicast-routingipv6 cef!!interface GigabitEthernet1/0no ip addressnegotiation autoipv6 address 12::2/64ipv6 enableipv6 ospf 110 area 0!!interface GigabitEthernet2/0no ip addressnegotiation autoipv6 address 23::2/64ipv6 enableipv6 dhcp relay destination 12::1----------------relay配置只要指定server地址就可以了这里要说明的是CISCO的destination可以指定组播地址，但要另配置组播路由ipv6 ospf 110 area 0!6 router ospf 110router-id 2.2.2.2log-adjacency-changes!client:R3#sho runhostname R3!no ip domain lookupipv6 unicast-routingipv6 cef!interface GigabitEthernet1/0no ip addressnegotiation autoipv6 enableipv6 dhcp client pd prefix------------------------客户端用此命令获取server分配的前缀ipv6 ospf 110 area 0!ipv6 router ospf 110router-id 3.3.3.3log-adjacency-changes客户端查看获取前缀结果：R3(config-if)#do sho ipv dh int g1/0GigabitEthernet1/0 is in client modePrefix State is OPENRenew will be sent in 3d11hAddress State is REQUEST (0)Retransmission timer expires in 00:00:00List of known servers:Reachable via address: FE80::C801:DFF:FED4:38DUID: 00030001CA000DD40000Preference: 0Configuration parameters:IA PD: IA ID 0x00040001, T1 302400, T2 483840Prefix: 23::/64-------------------------------客户端获取的前缀preferred lifetime 604800, valid lifetime 2592000expires at May 08 2011 11:38 PM (2591977 seconds)IA NA: IA ID 0x00040001, T1 0, T2 0DNS server: 1985::1Domain name: SIP DNS server: 1985::1SIP Domain name: ----------------------客户端获得的一些informationInformation refresh time: 0Prefix name: prefixPrefix Rapid-Commit: disabledAddress Rapid-Commit: disabledInformation Request:思科上的InformationRequest需在Server接口上配置ipv6 nd other-config-flag客户端接口需配置ipv6 address autoconfig获取information由于relay暂不支持传递Information Request，所以我就在R2上实验了，现在它是一个申请dns等信息的客户端R2(config-if)#do sho ipv dh int g1/0GigabitEthernet1/0 is in client modePrefix State is IDLE (0)Information refresh timer expires in 23:59:53-----在申请地址时提到过，默认Information refresh为24hAddress State is IDLE-----------------------------若只申请dns等信息，地址状态为ldleList of known servers:Reachable via address: FE80::C800:DFF:FED4:1CDUID: 00030001CA000DD40000Preference: 0Configuration parameters:DNS server: 1985::1Domain name: SIP DNS server: 1985::1SIP Domain name: --------------------客户端申请的一些information Information refresh time: 0Prefix Rapid-Commit: disabledAddress Rapid-Commit: disabled最后补充一句，思科客户端申请地址状态的变化为idle---------solicit------------request-------------open通过debug可以看到后三个状态变化其它还有renew、rebind状态。

思科模拟器：3560交换机实现DHCP功能思科模拟器：交换机实现DHCP功能1、打开Cisco Packet Tracer，点击【交换机】，选择第六个图标3560交换机，按住鼠标左键拖动到工作区。

只有这个交换机及以上级别的才具备DHCP功能，我们之前讲的2960只可以划分Vlan，不支持DHCP服务2、在工作区内拖入3台电脑，用直通线和交换机连接3、打开交换机属性界面，在命令行中输入代码，划分Vlan 10和Vlan 20两个Vlan代码如下：【Switch>enableSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode,as VLAN database mode is being deprecated. Please consult userdocumentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 10 name v10VLAN 10 modified:Name: v10Switch(vlan)#vlan 20 name v20VLAN 20 modified:Name: v20Switch(vlan)#exit4、设置vlan10和Vlan20的默认地址池和网关dns，代码如下：【Switch(config)#ip dhcp pool vlan10 *设置相应的VLANSwitch(dhcp-config)#default-router 192.168.1.254 *设置该地址池的默认网关Switch(dhcp-config)#network 192.168.1.0 255.255.255.0 *设置分配的地址池Switch(dhcp-config)#dns-server 202.1.1.1 *设置该地址池的默认DNS地址。