VLAN,DHCP实验访问物理机
目标
- 三层交换机完成DHCP自动分配IP地址
- 不同vlan间完成通信
- DNS服务器能够解析www.baidu.com,使PC机能够访问
- 连接真实物理机,PC机与物理机能够互相访问
步骤
一、创建VLAN,配置好PC机和交换机的IP地址
LSW1
[LSW1]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW1]int vlan 10
[LSW1-Vlanif10]ip address 10.10.10.1 255.255.255.0
[LSW1-Vlanif10]q
[LSW1]int vlan 20
[LSW1-Vlanif20]ip address 10.10.20.1 255.255.255.0
[LSW1-Vlanif20]q
[LSW1]int g0/0/4
[LSW1-GigabitEthernet0/0/4]port link-type trunk
[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 10
[LSW1-GigabitEthernet0/0/4]q
[LSW1]int g0/0/5
[LSW1-GigabitEthernet0/0/5]port link-type trunk
[LSW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 20
[LSW1-GigabitEthernet0/0/5]q
[LSW1]LSW2和LSW配置相同,这里仅以LSW2配置为例
[LSW2]vlan batch 10
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW2]int g0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type trunk
[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
[LSW2-GigabitEthernet0/0/1]q
[LSW2]int g0/0/2
[LSW2-GigabitEthernet0/0/2]port link-type access
[LSW2-GigabitEthernet0/0/2]port default vlan 10
[LSW2-GigabitEthernet0/0/2]q
[LSW2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type access
[LSW2-GigabitEthernet0/0/3]port default vlan 10
[LSW2-GigabitEthernet0/0/3]q
[LSW2]
(其实,在这里不想弄DHCP自动分配地址的话,可以直接在PC机上手动配置相应的IP地址,然后就可以ping通网关和另一个VLAN的主机)
二、创建DHCP地址池,分配IP地址
LSW1
[LSW1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW1]ip pool vlan10
Info:It's successful to create an IP address pool.
[LSW1-ip-pool-vlan10]network 10.10.10.0 mask 255.255.255.0
[LSW1-ip-pool-vlan10]gateway-list 10.10.10.1
[LSW1-ip-pool-vlan10]q
[LSW1]int vlan 10
[LSW1-Vlanif10]dhcp select global
[LSW1-Vlanif10]q
[LSW1]
[LSW1]ip pool vlan20
Info:It's successful to create an IP address pool.
[LSW1-ip-pool-vlan20]network 10.10.20.0 mask 255.255.255.0
[LSW1-ip-pool-vlan20]gateway-list 10.10.20.1
[LSW1-ip-pool-vlan20]q
[LSW1]int vlan 20
[LSW1-Vlanif20]dhcp select global
[LSW1-Vlanif20]q
[LSW1]
这样就设置好DHCP了,各个PC机能够自动获得IP地址
三、配置两个服务器,使得PC机能够直接访问www.baidu.com服务器
LSW1
[LSW1]vlan batch 4 5
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW1]int vlan 4
[LSW1-Vlanif4]ip address 4.4.4.1 255.255.255.0
[LSW1-Vlanif4]q
[LSW1]int vlan 5
[LSW1-Vlanif5]ip address 5.5.5.1 255.255.255.0
[LSW1-Vlanif5]q
[LSW1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 4
[LSW1-GigabitEthernet0/0/2]q
[LSW1]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type access
[LSW1-GigabitEthernet0/0/3]port default vlan 5
[LSW1-GigabitEthernet0/0/3]q
[LSW1]ip pool vlan10
[LSW1-ip-pool-vlan10]dns-list 4.4.4.4
[LSW1-ip-pool-vlan10]q
[LSW1]ip pool vlan20
[LSW1-ip-pool-vlan20]dns-list 4.4.4.4
[LSW1-ip-pool-vlan20]q
[LSW1]LSW1需要创建两个VLAN分别作为两个服务器的网关,同时需要在DHCP的地址池上增加DNS服务器的IP地址(配置好,最好重新启动一个PC机让它重新获取IP地址,才能出现DNS服务器地址)
以DNS Server服务器为例,www.baidu.com服务器也是一样的配置
同时作为DNS服务器需要增加一条域名解析
结果
四、连接真实物理机
我们这里是没有连接好,想连连不了云,这是我们没有给接口网卡给它
就可以连接了
现在我们开始配置
AR1
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip address 192.168.88.2 24
[AR1-GigabitEthernet0/0/1]q
[AR1]其实配置好了这个,有些电脑还是ping不通,这可能是物理机的防火墙在阻止ICMP请求。可以到控制面板找到防火墙设置,暂时关闭公用网络设置,就可以ping通了
这里只是实现了路由器与物理机的ping通,我们想要的是PC机与物理机的ping通,我们还需要一些操作
AR1
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip address 10.1.1.1 24
[AR1-GigabitEthernet0/0/0]q
[AR1]ip route-static 10.10.0.0 255.255.0.0 10.1.1.2LSW1
[LSW1]vlan batch 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW1]int vlan 100
[LSW1-Vlanif100]ip address 10.1.1.2 24
[LSW1-Vlanif100]q
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 100
[LSW1-GigabitEthernet0/0/1]q
[LSW1]ip route-static 0.0.0.0 0.0.0.0 10.1.1.1
[LSW1]LSW1是需要配置一条默认路由,帮助PC机访问物理机
当然到了这里还是差了一点东西,PC机可以发请求包给物理机了,而物理机却没有路径回应应答包回来,所以我们需要以管理员的权限打开物理机的命令行,增加一条默认路由
这样两个既可以互相访问了
