网络工程 - 尝试让 DHCP 跨三个 VLAN 工作 - 吾爱随笔录

尝试让 DHCP 跨三个 VLAN 工作

网络工程思科 VLAN dhcp 数据包追踪器

2021-07-26 10:15:31

我有一个包含 3 个交换机和 3 个 VLAN 的数据包跟踪器文件用于学校。分为VLAN 10、11、12。VLAN 10为1、2教室，VLAN 11为3、4教室，VLAN 12为校长室和秘书室。

我正处于为每个 VLAN 中的每台 PC 提供 IP 地址的阶段，但它似乎对我不起作用，因为它一直告诉我正在使用 APIPA。我可以显示每个交换机的配置，如果需要，我也可以附加数据包跟踪器文件。我认为我离让它正常工作不远了。我只需要有人告诉我我做错了什么。

我已经为 DHCP 服务器中的每个 VLAN 包含了 DHCP 池。这是我的每个 LAN 交换机的交换机配置。

hostname Lan-Switch1
!
!
!
enable secret 5 $1$mERr$nXufIEw80DqfKWVQo3J4O.
enable password 7 080C557E080A16001D1908
!
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
ip ssh version 1
ip domain-name man.inishtrahill.ie
ip name-server 192.168.10.254
!
!
spanning-tree mode rapid-pvst
spanning-tree vlan 1-4094 priority 24576
!
!
!
!
!
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/4
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/13
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/14
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/15
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/16
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/17
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/18
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/19
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/20
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/21
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/22
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/23
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/24
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface GigabitEthernet0/1
 switchport trunk native vlan 999
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport trunk native vlan 999
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description classroom 1 and classroom 2
 ip address 192.168.10.1 255.255.255.0
 ip helper-address 192.168.10.254
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
logging 192.168.10.254
line con 0
 exec-timeout 6 50
 password 7 080C556D061716181E0E
 logging synchronous
 login
!
line aux 0
!
line vty 0 4
 exec-timeout 5 30
 password 7 080C557A0C150B1206
 logging synchronous
 login
line vty 5 15
 exec-timeout 5 30
 password 7 080C557E080A16001D1908
 logging synchronous
 login
!
!
ntp authentication-key 1 md5 0832494D1B1C112713181F13253920 7
ntp server 192.168.10.254 key 0
!
end

Lan-Switch2 配置

hostname Lan-Switch2
!
enable secret 5 $1$mERr$nXufIEw80DqfKWVQo3J4O.
!
!
!
!
!
spanning-tree mode rapid-pvst
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/4
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/5
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/6
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/7
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/8
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/9
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/10
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/11
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/12
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/13
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/14
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/15
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/16
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/17
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/18
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/19
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/20
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/21
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/22
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/23
 switchport access vlan 11
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface FastEthernet0/24
 switchport access vlan 11
 switchport mode access
 spanning-tree portfast
 spanning-tree guard root
!
interface GigabitEthernet0/1
 switchport trunk native vlan 999
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport trunk native vlan 999
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description Interface to Netman
 ip address 192.168.10.2 255.255.255.0
!
interface Vlan11
 description classroom 3 and classroom 4
 ip address 192.168.10.2 255.255.255.0
 ip helper-address 192.168.10.254
!
logging 192.168.10.254
!
!
!
line con 0
 password 7 080C556D061716181E0E
 logging synchronous
 login
 exec-timeout 6 50
!
line vty 0 4
 login
line vty 5 15
 login
!
!
end

Lan-Switch3 配置

hostname Lan-Switch3
!
enable secret 5 $1$mERr$nXufIEw80DqfKWVQo3J4O.
!
!
!
!
!
spanning-tree mode rapid-pvst
!
interface FastEthernet0/1
 switchport access vlan 12
 switchport mode trunk
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 12
 switchport mode trunk
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 12
 switchport mode trunk
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 12
 switchport mode trunk
 spanning-tree portfast
!
interface FastEthernet0/5
 spanning-tree portfast
!
interface FastEthernet0/6
 spanning-tree portfast
!
interface FastEthernet0/7
 spanning-tree portfast
!
interface FastEthernet0/8
 spanning-tree portfast
!
interface FastEthernet0/9
 spanning-tree portfast
!
interface FastEthernet0/10
 spanning-tree portfast
!
interface FastEthernet0/11
 spanning-tree portfast
!
interface FastEthernet0/12
 spanning-tree portfast
!
interface FastEthernet0/13
 spanning-tree portfast
!
interface FastEthernet0/14
 spanning-tree portfast
!
interface FastEthernet0/15
 spanning-tree portfast
!
interface FastEthernet0/16
 spanning-tree portfast
!
interface FastEthernet0/17
 spanning-tree portfast
!
interface FastEthernet0/18
 spanning-tree portfast
!
interface FastEthernet0/19
 spanning-tree portfast
!
interface FastEthernet0/20
 spanning-tree portfast
!
interface FastEthernet0/21
 spanning-tree portfast
!
interface FastEthernet0/22
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport access vlan 12
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport access vlan 12
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport trunk native vlan 999
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport trunk native vlan 999
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description Interface to Netman
 ip address 192.168.10.3 255.255.255.0
!
interface Vlan12
 description secretary and principal
 ip address 192.168.10.3 255.255.255.0
 ip helper-address 192.168.10.254
!
logging 192.168.10.254
!
!
!
line con 0
 password 7 080C556D061716181E0E
 logging synchronous
 login
 exec-timeout 6 50
!
line vty 0 4
 login
line vty 5 15
 login
!
!
end

3个回答

正确的做法是将 SVI 放在执行路由的第 3 层交换机上，并将ip helper-address命令放在没有 DHCP 服务器的 VLAN 的 SVI 上。

您还有一个问题，即所有三个 VLAN 都使用相同的第 3 层网络 ( 192.168.10.0.0/24)。每个 VLAN 应该有不同的网络，例如 VLAN 10 192.168.10.0/24、 VLAN 11192.168.11.0/24和 VLAN 12 192.168.12.0/24。

我将假设上述 IP/VLAN 寻址，并且您的 DHCP 服务器位于 VLAN 10 上192.168.10.254。我还将假设您要管理 VLAN 10 上的交换机，并且交换机 1G0/1连接到交换机 2 G0/1，交换机 1G0/2连接到交换机 3G0/1. 交换机 1 的所有 FastEthernet 接口都配置在 VLAN 10 中，交换机 2 的所有 FastEthernet 接口都配置在 VLAN 11 中，而交换机 3 的所有 FastEthernet 接口都配置在 VLAN 12 中。任何交换机 FastEthernet 接口上的 VLAN，但我正在简化它以开始，因为我实际上没有图表。）全局启用 portfast 和 bpduguard 将在所有访问接口上启用它们，但不会在中继接口上启用它们（通常是您想要的））。您还应该在第 2 层定义 VLAN，而不仅仅是在 SVI 和交换机接口上。

您需要配置 DHCP 范围，以便每个 VLAN 都有一个网关，指向该 VLAN 的交换机 1 SVI 地址。VLAN 10 192.168.10.1、VLAN 11192.168.11.1和 VLAN 12 192.168.12.1。

交换机 1 配置更改：

spanning-tree portfast default
spanning-tree portfast bpduguard default
!
Vlan10
 name Classroom_1_and_2
!
Vlan11
 name Classroom_3_and_4
!
Vlan12
 name Secretary_and_Principal
!
interface range FastEthernet0/1 - 24
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/1
 description Connection to Switch 2 GigabitEthernet0/1
 switchport trunk native vlan 999
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 description Connection to Switch 3 GigabitEthernet0/1
 switchport trunk native vlan 999
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan10
 description classroom 1 and classroom 2
 ip address 192.168.10.1 255.255.255.0
 no ip helper-address 192.168.10.254
!
interface Vlan11
 description classroom 3 and classroom 4
 ip address 192.168.11.1 255.255.255.0
 ip helper-address 192.168.10.254
!
interface Vlan12
 description secretary and principal
 ip address 192.168.12.1 255.255.255.0
 ip helper-address 192.168.10.254
!

交换机 2 配置更改：

spanning-tree portfast default
spanning-tree portfast bpduguard default
!
Vlan10
 name Classroom_1_and_2
!
Vlan11
 name Classroom_3_and_4
!
Vlan12
 name Secretary_and_Principal
!
interface range FastEthernet0/1 - 24
 switchport access vlan 11
 switchport mode access
!
interface GigabitEthernet0/1
 description Connection to Switch 1 GigabitEthernet0/1
 switchport trunk native vlan 999
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 description UNUSED
 shutdown
!
interface Vlan10
 description classroom 1 and classroom 2
 ip address 192.168.10.2 255.255.255.0
 no ip helper-address 192.168.10.254
!
no interface Vlan11
!

交换机 3 配置更改：

spanning-tree portfast default
spanning-tree portfast bpduguard default
!
Vlan10
 name Classroom_1_and_2
!
Vlan11
 name Classroom_3_and_4
!
Vlan12
 name Secretary_and_Principal
!
interface range FastEthernet0/1 - 24
 switchport access vlan 12
 switchport mode access
!
interface GigabitEthernet0/1
 description Connection to Switch 1 GigabitEthernet0/2
 switchport trunk native vlan 999
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 description UNUSED
 shutdown
!
interface Vlan10
 description classroom 1 and classroom 2
 ip address 192.168.10.3 255.255.255.0
 no ip helper-address 192.168.10.254
!
no interface Vlan12
!

您需要在每个 VLAN 上都有一个 DHCP 服务器才能使动态地址工作。所有 VLAN 都必须通过路由器连接才能在它们之间进行通信。

除了将中央 DHCP 服务器连接到每个 VLAN，许多交换机还支持DHCP 中继，其中交换机通过将 DHCP 流量转发到服务器并返回来帮助 VLAN 客户端。确切的设置过程取决于您使用的开关类型。

随意添加交换机和路由器配置、网络图表以及与您的问题类似的内容，我将扩展答案。

为了在接入交换机（第 2 层）Vlan 10 配置的接口上连接的 PC 上动态分配 IP 地址。在配置了 SVI 的核心交换机上需要配置 DHCP 范围。

在三层交换机（核心交换机）

核心交换机需要配置DHCP，动态分配IP地址给客户端

Switch(config)#ip DHCP pool Vlan10 Switch(config#network 192 .168.10.0 255.255.255.0 Switch(config)# default-gateway 192 .168.10.1 Switch(config)# dns server 8.8.8 8 Switch(config) # 租用时间 XX XX Switch(config)# 不关机

其它你可能感兴趣的问题

上一篇在 2 个不同的 vlan 但相同的子网之间路由下一篇通过 TCL 自动配置 VLAN