目標:
讓VLAN100與VLAN200的電腦透過L3 Swtich做VLAN的Routing,並且可以互相存取資源與上網,另外再使用Windows Server 2012配發VLAN100,VLAN200的IP
Firewall:
使用ASUS AP當Firewall,並設兩條Static Route
Switch:
Core Switch為Cisco 3750切VLAN 10,VLAN100,VLAN200,VLAN10為預設的VLAN,VLAN100為Sales,VLAN200為RDEdge Switch為Cisco 3750與2950,其中2950為VLAN100,3750為VLAN200,如果要By Port切VLAN也可以,這裡只是為了方便說明,所以Edge Switch都直接設為單一VLAN
Core Switch的設定
原本我只想Show Running-config其中比較重要的設定,後來想想還是全部列出,用紅色標記重要的設定Gi 1/0/1接2950
Gi 1/0/2接3750
Gi 1/0/24接Router
Core-3750#show running-config
Building configuration...
Current configuration : 2436 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core-3750
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c3750g-24t
system mtu routing 1546
ip routing
no ip domain-lookup
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport access vlan 10
!
interface GigabitEthernet1/0/4
switchport access vlan 10
!
interface GigabitEthernet1/0/5
switchport access vlan 10
!
interface GigabitEthernet1/0/6
switchport access vlan 10
!
interface GigabitEthernet1/0/7
switchport access vlan 10
!
interface GigabitEthernet1/0/8
switchport access vlan 10
!
interface GigabitEthernet1/0/9
switchport access vlan 10
!
interface GigabitEthernet1/0/10
switchport access vlan 10
!
interface GigabitEthernet1/0/11
switchport access vlan 10
!
interface GigabitEthernet1/0/12
switchport access vlan 10
!
interface GigabitEthernet1/0/13
switchport access vlan 10
!
interface GigabitEthernet1/0/14
switchport access vlan 10
!
interface GigabitEthernet1/0/15
switchport access vlan 10
!
interface GigabitEthernet1/0/16
switchport access vlan 10
!
interface GigabitEthernet1/0/17
switchport access vlan 10
!
interface GigabitEthernet1/0/18
switchport access vlan 10
!
interface GigabitEthernet1/0/19
switchport access vlan 10
!
interface GigabitEthernet1/0/20
switchport access vlan 10
!
interface GigabitEthernet1/0/21
switchport access vlan 10
!
interface GigabitEthernet1/0/22
switchport access vlan 10
!
interface GigabitEthernet1/0/23
switchport access vlan 10
!
interface GigabitEthernet1/0/24
switchport access vlan 10
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 172.16.1.254 255.255.255.0
!
interface Vlan100
ip address 172.16.2.254 255.255.255.0
ip helper-address 172.16.1.200 (DHCP Server的IP)
!
interface Vlan200
ip address 192.168.1.254 255.255.255.0
ip helper-address 172.16.1.200
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.1.253
ip http server
ip http secure-server
!
!
!
!
!
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end
Edge 2950的設定
Edge的設定比較簡單,只有把Port改到相對應的VLAN
Building configuration...
Current configuration : 1801 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Edge-2950
!
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
spanning-tree portfast default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 100
!
interface FastEthernet0/2
switchport access vlan 100
!
interface FastEthernet0/3
switchport access vlan 100
!
interface FastEthernet0/4
switchport access vlan 100
!
interface FastEthernet0/5
switchport access vlan 100
!
interface FastEthernet0/6
switchport access vlan 100
!
interface FastEthernet0/7
switchport access vlan 100
!
interface FastEthernet0/8
switchport access vlan 100
!
interface FastEthernet0/9
switchport access vlan 100
!
interface FastEthernet0/10
switchport access vlan 100
!
interface FastEthernet0/11
switchport access vlan 100
!
interface FastEthernet0/12
switchport access vlan 100
!
interface FastEthernet0/13
switchport access vlan 100
!
interface FastEthernet0/14
switchport access vlan 100
!
interface FastEthernet0/15
switchport access vlan 100
!
interface FastEthernet0/16
switchport access vlan 100
!
interface FastEthernet0/17
switchport access vlan 100
!
interface FastEthernet0/18
switchport access vlan 100
!
interface FastEthernet0/19
switchport access vlan 100
!
interface FastEthernet0/20
switchport access vlan 100
!
interface FastEthernet0/21
switchport access vlan 100
!
interface FastEthernet0/22
switchport access vlan 100
!
interface FastEthernet0/23
switchport access vlan 100
!
interface FastEthernet0/24
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 5 15
!
!
end
Edge 3750的設定
Edge-3750#show running-config
Building configuration...
Current configuration : 1912 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Edge-3750
!
!
switch 1 provision ws-c3750-24ts
ip subnet-zero
!
!
spanning-tree mode pvst
spanning-tree portfast default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
!
interface FastEthernet1/0/1
switchport access vlan 200
!
interface FastEthernet1/0/2
switchport access vlan 200
!
interface FastEthernet1/0/3
switchport access vlan 200
!
interface FastEthernet1/0/4
switchport access vlan 200
!
interface FastEthernet1/0/5
switchport access vlan 200
!
interface FastEthernet1/0/6
switchport access vlan 200
!
interface FastEthernet1/0/7
switchport access vlan 200
!
interface FastEthernet1/0/8
switchport access vlan 200
!
interface FastEthernet1/0/9
switchport access vlan 200
!
interface FastEthernet1/0/10
switchport access vlan 200
!
interface FastEthernet1/0/11
switchport access vlan 200
!
interface FastEthernet1/0/12
switchport access vlan 200
!
interface FastEthernet1/0/13
switchport access vlan 200
!
interface FastEthernet1/0/14
switchport access vlan 200
!
interface FastEthernet1/0/15
switchport access vlan 200
!
interface FastEthernet1/0/16
switchport access vlan 200
!
interface FastEthernet1/0/17
switchport access vlan 200
!
interface FastEthernet1/0/18
switchport access vlan 200
!
interface FastEthernet1/0/19
switchport access vlan 200
!
interface FastEthernet1/0/20
switchport access vlan 200
!
interface FastEthernet1/0/21
switchport access vlan 200
!
interface FastEthernet1/0/22
switchport access vlan 200
!
interface FastEthernet1/0/23
switchport access vlan 200
!
interface FastEthernet1/0/24
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip http server
!
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Windows Server 2012架DHCP
Server的IP為172.16.1.200
若不使用Windows配發IP,使用Switch內建的也可以,說明如下:
先移掉ip helper-address
Core-3750(config)#interface vlan 100
Core-3750(config-if)#no ip helper-address
Core-3750(config-if)#exit
Core-3750(config)#interface vlan 200
Core-3750(config-if)#no ip helper-address
DHCP設定
Core-3750(config)#ip dhcp pool vlan100
Core-3750(dhcp-config)#network 172.16.2.0 255.255.255.0
Core-3750(dhcp-config)#default-router 172.16.2.254
Core-3750(dhcp-config)#dns-server 8.8.8.8 168.95.1.1
Core-3750(dhcp-config)#exit
Core-3750(config)#ip dhcp pool vlan200
Core-3750(dhcp-config)#network 192.168.1.0 255.255.255.0
Core-3750(dhcp-config)#default-router 192.168.1.254
Core-3750(dhcp-config)#dns-server 8.8.8.8 168.95.1.1
Core-3750(dhcp-config)#exit
Core-3750(config)#ip dhcp excluded-address 172.16.2.254
Core-3750(config)#ip dhcp excluded-address 192.168.1.254
Core-3750#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
172.16.2.1 0100.262d.xxxx.1a Mar 02 1993 01:07 AM Automatic
192.168.1.1 0100.262d.xxxx.1a Mar 02 1993 01:06 AM Automatic
192.168.1.2 0100.1018.xxxx.ec Mar 02 1993 01:07 AM Automatic
留言
張貼留言