【实验】DHCP snooping 多交换机(多VLAN+接入层+汇聚层)实例

【实验】DHCP snooping 多交换机(多VLAN+接入层+汇聚层)实例
【实验】DHCP snooping 多交换机(多VLAN+接入层+汇聚层)实例

实验环境:

操作系统:Mac OS X 10.11.5 beta 3(当时最新测试版),模拟器:GNS3 for Mac 1.4.6(当时最新版本)
注:当然,只要有思科模拟器都可以做这个实验

实验需求:

注:本实验由《DHCP snooping 多交换机(接入层+汇聚层)实例》扩展而来。

PC1/2/3分别位于VLAN 10/20/30,而DHCPServer位于VLAN 100;IOU2上有VLAN 10/20/30的SVI接口,IOU2和IOU3之间是Trunk链路。

接入层IOU3上做DHCP snooping,PC1/2/3要能通过DHCPServer获取到IP地址,DHCPServer接到了汇聚层IOU2上。

实验步骤:

DHCPServer:

conf t
no ip routing

ip default-gateway 192.168.100.254

ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254

ip dhcp pool VLAN20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254

ip dhcp pool VLAN30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.254

int e 0/0
ip add 192.168.100.1 255.255.255.0
no sh

IOU2:

conf t
no ip routing

vlan 10,20,30,100

int e 0/0
sw mo ac
sw ac v 100
spanning-tree portfast

int e 0/1
sw trunk en dot1q
sw mo trunk

int vlan 10
ip add 192.168.10.254 255.255.255.0
! 注意
ip helper-address 192.168.100.1
! 注意
ip dhcp relay information trusted
no sh

int vlan 20
ip add 192.168.20.254 255.255.255.0
! 注意
ip helper-address 192.168.100.1
! 注意
ip dhcp relay information trusted
no sh

int vlan 30
ip add 192.168.30.254 255.255.255.0
! 注意
ip helper-address 192.168.100.1
! 注意
ip dhcp relay information trusted
no sh

int vlan 100
ip add 192.168.100.254 255.255.255.0
no sh

IOU3:

conf t
no ip routing

vlan 10,20,30,100

! 注意
ip dhcp snooping vlan 10,20,30
ip dhcp snooping

int e 0/0
sw mo ac
sw ac v 10
spanning-tree portfast

int e 1/0
sw mo ac
sw ac v 20
spanning-tree portfast

int e 1/1
sw mo ac
sw ac v 30
spanning-tree portfast

int e 0/1
sw trunk en dot1q
sw mo trunk
! 注意
ip dhcp snooping trust

测试:

PC1:

VPCS> ip dh -r
DDORA IP 192.168.10.1/24 GW 192.168.10.254

VPCS> ping 192.168.10.254

84 bytes from 192.168.10.254 icmp_seq=1 ttl=255 time=0.672 ms
84 bytes from 192.168.10.254 icmp_seq=2 ttl=255 time=0.518 ms
84 bytes from 192.168.10.254 icmp_seq=3 ttl=255 time=0.573 ms
84 bytes from 192.168.10.254 icmp_seq=4 ttl=255 time=0.556 ms
84 bytes from 192.168.10.254 icmp_seq=5 ttl=255 time=0.558 ms

PC2:

VPCS> ip dhcp -r
DDORA IP 192.168.20.1/24 GW 192.168.20.254

VPCS> ping 192.168.20.254

84 bytes from 192.168.20.254 icmp_seq=1 ttl=255 time=0.525 ms
84 bytes from 192.168.20.254 icmp_seq=2 ttl=255 time=0.516 ms
84 bytes from 192.168.20.254 icmp_seq=3 ttl=255 time=0.642 ms
84 bytes from 192.168.20.254 icmp_seq=4 ttl=255 time=0.793 ms
84 bytes from 192.168.20.254 icmp_seq=5 ttl=255 time=0.518 ms

PC3:

VPCS> ip dhcp -r
DDORA IP 192.168.30.1/24 GW 192.168.30.254

VPCS> ping 192.168.30.254

84 bytes from 192.168.30.254 icmp_seq=1 ttl=255 time=0.546 ms
84 bytes from 192.168.30.254 icmp_seq=2 ttl=255 time=0.594 ms
84 bytes from 192.168.30.254 icmp_seq=3 ttl=255 time=0.733 ms
84 bytes from 192.168.30.254 icmp_seq=4 ttl=255 time=0.523 ms
84 bytes from 192.168.30.254 icmp_seq=5 ttl=255 time=0.630 ms

说明:

  1. 本例中IOU2没有开启DHCP监听功能,IOU3开启了该功能。需要注意的是int vlan 10需要配置“ip dhcp relay information trusted”命令,否则客户端将无法得到IP地址。这是因为交换机配置了(默认情况)“ip dhcp snooping information option”命令, 此时交换机会在客户端发出的DHCP请求报文中插入选项82信息。另一方面由于数据包从IOU3传到IOU2,没有经过中继代理,所以giaddr is zero。

相关链接:

【实验】DHCPv4
【实验】DHCPv6
【转】DHCP snooping详解
【实验】DHCP snooping 单交换机实例
【实验】DHCP snooping 多交换机(接入层+汇聚层)实例

打赏 赞(0)
比特币钱包
以太坊钱包
比特币钱包二维码图片

比特币钱包扫描二维码打赏

以太坊钱包二维码图片

以太坊钱包扫描二维码打赏

Was this article helpful?

Related Articles

Leave A Comment?

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据