评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置DHCP策略VLAN示例
组网需求
如图4-2所示,企业部署多个部门分支,其中SwitchA部署为DHCP Server,部门A的主机通过SwitchB与DHCP Server相连,部门B的主机通过SwitchC与DHCP Server相连。企业内各部门基于子网划分VLAN,部门A内有2台新加入网络的主机,HostA和HostB;部门B内所有主机均为新加入网络的主机。
用户希望实现MAC地址为0018-1111-2123的主机HostA申请10.1.1.1/28网段的IP地址并加入VLAN10,与SwitchB接口GE0/0/3相连的主机HostB申请10.2.2.1/28网段的IP地址并加入VLAN30;部门B内的所有主机,包括主机HostC和HostD都申请到10.3.3.1/28网段的IP地址并加入VLAN50。
配置思路
配置DHCP策略VLAN的思路如下:
在SwitchA上配置接口地址池,实现为主机分配IP地址。
在SwitchB和SwitchC上与新加入网络主机相连的接口配置基于子网划分VLAN功能,使主机在申请到IP地址后加入相应的VLAN。
在SwitchB上配置基于MAC地址的DHCP策略VLAN功能,实现根据HostA的MAC地址申请到10.1.1.1/28网段的IP地址。
在SwitchB上配置基于接口的DHCP策略VLAN功能,实现与SwitchB的接口GE0/0/3相连的主机HostB能申请到10.2.2.1/28网段的IP地址。
在SwitchC上配置普通的DHCP策略VLAN功能,实现部门B内的主机都能申请到10.3.3.1/28网段的IP地址。
操作步骤
- 在SwitchA上配置接口地址池功能
# 在SwitchA上创建VLAN,并配置VLANIF接口的IP地址。
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] dhcp enable [SwitchA] vlan batch 10 30 50 [SwitchA] interface vlanif 10 [SwitchA-Vlanif10] ip address 10.1.1.1 28 [SwitchA-Vlanif10] quit [SwitchA] interface vlanif 30 [SwitchA-Vlanif30] ip address 10.2.2.1 28 [SwitchA-Vlanif30] quit [SwitchA] interface vlanif 50 [SwitchA-Vlanif50] ip address 10.3.3.1 28 [SwitchA-Vlanif50] quit
# 在SwitchA上使能VLANIF接口地址池。
[SwitchA] interface vlanif 10 [SwitchA-Vlanif10] dhcp select interface [SwitchA-Vlanif10] quit [SwitchA] interface vlanif 30 [SwitchA-Vlanif30] dhcp select interface [SwitchA-Vlanif30] quit [SwitchA] interface vlanif 50 [SwitchA-Vlanif50] dhcp select interface [SwitchA-Vlanif50] quit
# 在SwitchA上配置接口加入相应VLAN。
[SwitchA] interface gigabitethernet 0/0/1 [SwitchA-GigabitEthernet0/0/1] port link-type trunk [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 30 [SwitchA-GigabitEthernet0/0/1] quit [SwitchA] interface gigabitethernet 0/0/2 [SwitchA-GigabitEthernet0/0/2] port link-type trunk [SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 50 [SwitchA-GigabitEthernet0/0/2] quit
- 在SwitchB和SwitchC上与新加入网络主机相连的接口配置基于子网划分VLAN功能
# 在SwitchB上与主机HostA和HostB相连的接口GE0/0/2和接口GE0/0/3配置基于子网划分VLAN功能,并配置接口为Hybrid Untagged类型。
<HUAWEI> system-view [HUAWEI] sysname SwitchB [SwitchB] dhcp enable [SwitchB] vlan batch 10 30 [SwitchB] interface gigabitethernet 0/0/1 [SwitchB-GigabitEthernet0/0/1] port link-type trunk [SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 30 [SwitchB-GigabitEthernet0/0/1] quit [SwitchB] interface gigabitethernet 0/0/2 [SwitchB-GigabitEthernet0/0/2] ip-subnet-vlan enable [SwitchB-GigabitEthernet0/0/2] port hybrid untagged vlan 10 [SwitchB-GigabitEthernet0/0/2] quit [SwitchB] interface gigabitethernet 0/0/3 [SwitchB-GigabitEthernet0/0/3] ip-subnet-vlan enable [SwitchB-GigabitEthernet0/0/3] port hybrid untagged vlan 30 [SwitchB-GigabitEthernet0/0/3] quit
# 在SwitchC上与主机HostC和HostD相连的接口GE0/0/2和接口GE0/0/3配置基于子网划分VLAN功能,并配置接口为Hybrid Untagged类型。
<HUAWEI> system-view [HUAWEI] sysname SwitchC [SwitchC] dhcp enable [SwitchC] vlan batch 50 [SwitchC] interface gigabitethernet 0/0/1 [SwitchC-GigabitEthernet0/0/1] port link-type trunk [SwitchC-GigabitEthernet0/0/1] port trunk allow-pass vlan 50 [SwitchC-GigabitEthernet0/0/1] quit [SwitchC] interface gigabitethernet 0/0/2 [SwitchC-GigabitEthernet0/0/2] ip-subnet-vlan enable [SwitchC-GigabitEthernet0/0/2] port hybrid untagged vlan 50 [SwitchC-GigabitEthernet0/0/2] quit [SwitchC] interface gigabitethernet 0/0/3 [SwitchC-GigabitEthernet0/0/3] ip-subnet-vlan enable [SwitchC-GigabitEthernet0/0/3] port hybrid untagged vlan 50 [SwitchC-GigabitEthernet0/0/3] quit
- 在SwitchB上配置基于MAC地址的DHCP策略VLAN功能,实现根据HostA的MAC地址申请到10.1.1.1/28网段的IP地址
[SwitchB] vlan 10 [SwitchB-vlan10] ip-subnet-vlan ip 10.1.1.1 28 [SwitchB-vlan10] dhcp policy-vlan mac-address 0018-1111-2123 [SwitchB-vlan10] quit
- 在SwitchB上配置基于接口的DHCP策略VLAN功能,实现与SwitchB的接口GE0/0/3相连的主机HostB能申请到10.2.2.1/28网段的IP地址
[SwitchB] vlan 30 [SwitchB-vlan30] ip-subnet-vlan ip 10.2.2.1 28 [SwitchB-vlan30] dhcp policy-vlan port gigabitethernet 0/0/3 [SwitchB-vlan30] quit
- 在SwitchC上配置普通的DHCP策略VLAN功能,实现部门B内的主机都能申请到10.3.3.1/28网段的IP地址
[SwitchC] vlan 50 [SwitchC-vlan50] ip-subnet-vlan ip 10.3.3.1 28 [SwitchC-vlan50] dhcp policy-vlan generic [SwitchC-vlan50] quit
- 验证配置结果
# HostA成功申请到10.1.1.1/28网段的IP地址10.1.1.14/28,在SwitchA上查看接口地址池vlanif10的地址分配情况,并且SwitchA与HostA可以互相ping通。
[SwitchA] display ip pool interface vlanif10 Pool-name : Vlanif10 Pool-No : 0 Lease : 1 Days 0 Hours 0 Minutes Domain-name : - DNS-server0 : - NBNS-server0 : - Netbios-type : - Position : Interface Status : Unlocked Gateway-0 : 10.1.1.1 Mask : 255.255.255.240 VPN instance : -- ----------------------------------------------------------------------------- Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------- 10.1.1.1 10.1.1.14 13 1 12(0) 0 0 ----------------------------------------------------------------------------- [SwitchA] ping 10.1.1.14 PING 10.1.1.14: 56 data bytes, press CTRL_C to break Reply from 10.1.1.14: bytes=56 Sequence=1 ttl=254 time=1 ms Reply from 10.1.1.14: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 10.1.1.14: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 10.1.1.14: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 10.1.1.14: bytes=56 Sequence=5 ttl=254 time=1 ms --- 10.1.1.14 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms# HostB成功申请到10.2.2.1/28网段的IP地址10.2.2.14/28,在SwitchA上查看接口地址池vlanif30的地址分配情况,并且SwitchA与HostB可以互相ping通。
[SwitchA] display ip pool interface vlanif30 Pool-name : Vlanif30 Pool-No : 1 Lease : 1 Days 0 Hours 0 Minutes Domain-name : - DNS-server0 : - NBNS-server0 : - Netbios-type : - Position : Interface Status : Unlocked Gateway-0 : 10.2.2.1 Mask : 255.255.255.240 VPN instance : -- ----------------------------------------------------------------------------- Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------- 10.2.2.1 10.2.2.14 13 1 12(0) 0 0 ----------------------------------------------------------------------------- [SwitchA] ping 10.2.2.14 PING 10.2.2.14: 56 data bytes, press CTRL_C to break Reply from 10.2.2.14: bytes=56 Sequence=1 ttl=254 time=1 ms Reply from 10.2.2.14: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 10.2.2.14: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 10.2.2.14: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 10.2.2.14: bytes=56 Sequence=5 ttl=254 time=1 ms --- 10.2.2.14 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms# HostC和HostD成功申请到10.3.3.1/28网段的IP地址,10.3.3.14/28和10.3.3.13/28,在SwitchA上查看接口地址池vlanif50的地址分配情况,并且在SwitchA上可以ping通HostC和HostD,在HostC和HostD也可以ping通SwitchA。
[SwitchA] display ip pool interface vlanif50 Pool-name : Vlanif50 Pool-No : 2 Lease : 1 Days 0 Hours 0 Minutes Domain-name : - DNS-server0 : - NBNS-server0 : - Netbios-type : - Position : Interface Status : Unlocked Gateway-0 : 10.3.3.1 Mask : 255.255.255.240 VPN instance : -- ----------------------------------------------------------------------------- Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------- 10.3.3.1 10.3.3.14 13 2 11(0) 0 0 ----------------------------------------------------------------------------- [SwitchA] ping 10.3.3.14 PING 10.3.3.14: 56 data bytes, press CTRL_C to break Reply from 10.3.3.14: bytes=56 Sequence=1 ttl=254 time=1 ms Reply from 10.3.3.14: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 10.3.3.14: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 10.3.3.14: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 10.3.3.14: bytes=56 Sequence=5 ttl=254 time=1 ms --- 10.3.3.14 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms [SwitchA] ping 10.3.3.13 PING 10.3.3.13: 56 data bytes, press CTRL_C to break Reply from 10.3.3.13: bytes=56 Sequence=1 ttl=255 time=11 ms Reply from 10.3.3.13: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 10.3.3.13: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 10.3.3.13: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 10.3.3.13: bytes=56 Sequence=5 ttl=254 time=1 ms --- 10.3.3.13 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/3/11 ms
配置文件
# SwitchA的配置文件
# sysname SwitchA # vlan batch 10 30 50 # dhcp enable # interface Vlanif10 ip address 10.1.1.1 255.255.255.240 dhcp select interface # interface Vlanif30 ip address 10.2.2.1 255.255.255.240 dhcp select interface # interface Vlanif50 ip address 10.3.3.1 255.255.255.240 dhcp select interface # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 30 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 50 # return
# SwitchB的配置文件
# sysname SwitchB # vlan batch 10 30 # dhcp enable # vlan 10 ip-subnet-vlan 1 ip 10.1.1.1 255.255.255.240 dhcp policy-vlan mac-address 0018-1111-2123 vlan 30 ip-subnet-vlan 1 ip 10.2.2.1 255.255.255.240 dhcp policy-vlan port GigabitEthernet 0/0/3 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 30 # interface GigabitEthernet0/0/2 port hybrid untagged vlan 10 ip-subnet-vlan enable # interface GigabitEthernet0/0/3 port hybrid untagged vlan 30 ip-subnet-vlan enable # return
# SwitchC的配置文件
# sysname SwitchC # vlan batch 50 # dhcp enable # vlan 50 ip-subnet-vlan 1 ip 10.3.3.1 255.255.255.240 dhcp policy-vlan generic # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 50 # interface GigabitEthernet0/0/2 port hybrid untagged vlan 50 ip-subnet-vlan enable # interface GigabitEthernet0/0/3 port hybrid untagged vlan 50 ip-subnet-vlan enable # return
