环境介绍
交换机名牌:H3C
交换机类型:三层交换机
dis version #执行 命令查看系统版本#
系统版本低于图上的,请点击下面连接更新固件
一、首先需要给交换机创建VLAN,由于vlan1是默认存在,只需要创建vlan2和vlan100:
<H3C>sys #进入系统视图#
[H3C]vlan 2 #创建vlan2#
[H3C-vlan2]quit #退出vlan2#
[H3C]vlan 100 #创建vlan100#
[H3C-vlan100]quit #退出vlan100#
二、给各个vlan分配网口,默认全部端口在vlan1,所以只需把其他端口从vlan1 分派到 vlan100 即可,我们将G1/0/16作为主干端口与上级路由通信:
[H3C]vl 2 #进入vlan2#
[H3C-vlan2]port g1/0/9 to g1/0/15 #把网口 9-15分配到vlan2#
[H3C-vlan2]quit
[H3C]vl 100
[H3C-vlan100]port g1/0/16 #这里博主喜欢将16网口分为vlan100做主干口#
[H3C-vlan100]quit
三、给vlan1、vlan2、vlan100分配ip地址:
[H3C]int vl 1 #配置vlan1#
[H3C-Vlan-interface1]ip add 192.168.3.1 255.255.255.0 #分配vlan1单独管理ip#
[H3C-Vlan-interface1]quit
[H3C] int vl 2
[H3C-Vlan-interface2]ip add 192.168.4.1 255.255.255.0 #分配vlan2管理ip#
[H3C-Vlan-interface2]quit
[H3C] int vl 100
[H3C-Vlan-interface100]ip add 192.168.2.2 255.255.255.0 #分配vlan100管理ip,注意vlan100作为主干端口连接上级路由lan 口(也叫做互联vlan),其管理IP一定要和上级路由同网段#
[H3C-Vlan-interface100]quit
四、配置vlan1和vlan2的DHCP IP池、网关、dns等:
配置vlan 1:
[H3C]int vl 1
[H3C-Vlan-interface1]dhcp enable #该交换机已默认启用了DHCP功能#
[H3C-Vlan-interface1]dhcp server ip-pool vlan1 #创建dhcp地址池,这里的"vlan1"只是表示这个地址池的名称#
[H3C-dhcp-pool-vlan1]network 192.168.3.0 mask 255.255.255.0 #指定dhcp网络,这里的网络段一定要和你当前vlan管理ip相同网段,不然会出现不分配ip的情况!#
[H3C-dhcp-pool-vlan1]gateway-list 192.168.3.1 #配置网关,设为和当前vlan管理地址一样#
[H3C-dhcp-pool-vlan1]dns-list 114.114.114.114 8.8.8.8 #配置dns#
[H3C-dhcp-pool-vlan1]dhcp server forbidden-ip 192.168.3.240 192.168.3.250 #排除的IP段,可在系统试图下配置,也可不配置#
[H3C]
配置vlan2:
[H3C]int vl 2
[H3C-Vlan-interface2]dhcp enable #该交换机已默认启用了DHCP功能#
[H3C-Vlan-interface2]dhcp server ip-pool vlan2 #创建dhcp地址池,这里的"vlan2"只是表示这个地址池的名称#
[H3C-dhcp-pool-vlan2]network 192.168.4.0 mask 255.255.255.0 #指定dhcp网络,这里的网络duan段一定要和你当前vlan管理ip相同网段,不然会出现不分配ip的情况!#
[H3C-dhcp-pool-vlan1]gateway-list 192.168.4.1 #配置网关,设为和当前vlan管理地址一样#
[H3C-dhcp-pool-vlan1]dns-list 114.114.114.114 8.8.8.8 #配置dns#
[H3C-dhcp-pool-vlan1]dhcp server forbidden-ip 192.168.4.240 192.168.4.250 #排除的IP段,可在系统试图下配置,也可不配置#
[H3C]
五、接下来就是配置默认路由了,配置默认路由比较简单,可以在系统视图下执行一条命令:
[H3C]ip route-static 0.0.0.0 0.0.0.0 192.168.2.1 #0.0.0.0 0.0.0.0代表所有网络到所有网络的路径都通过192.168.2.1转发,192.168.2.1是指上级路由网关#
[H3C]save
六、一个简单的网络就搭建好了,但需要特别注意的是,交换机这边虽然配置了默认路由
但真正要能连接Internet的话,还得在上级路由器上分别配置到交换机下各个网段的静态路由,即数据包回来的路由,如下所示:
三层划分后的各个vlan是相通的,如需要限制要用上ACL策略!
最后贴下配置:
[H3C]dis current
#
sysname H3C
#
radius scheme system
#
domain system
#
dhcp server ip-pool vlan1
network 192.168.3.0 mask 255.255.255.0
gateway-list 192.168.3.1
dns-list 114.114.114.114 202.98.96.68
#
dhcp server ip-pool vlan2
network 192.168.4.0 mask 255.255.255.0
gateway-list 192.168.4.1
dns-list 114.114.114.114 8.8.8.8
#
vlan 1 to 2
#
vlan 100
#
interface Vlan-interface1
ip address 192.168.3.1 255.255.255.0
#
interface Vlan-interface2
ip address 192.168.4.1 255.255.255.0
#
interface Vlan-interface100
ip address 192.168.2.2 255.255.255.0
#
interface Aux1/0/0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
port access vlan 2
#
interface GigabitEthernet1/0/10
port access vlan 2
#
interface GigabitEthernet1/0/11
port access vlan 2
#
interface GigabitEthernet1/0/12
port access vlan 2
#
interface GigabitEthernet1/0/13
port access vlan 2
#
interface GigabitEthernet1/0/14
port access vlan 2
#
interface GigabitEthernet1/0/15
port access vlan 2
#
interface GigabitEthernet1/0/16
port access vlan 100
#
interface GigabitEthernet1/0/17
shutdown
port access vlan 2
#
interface GigabitEthernet1/0/18
shutdown
port access vlan 100
#
interface GigabitEthernet1/0/19
shutdown
port access vlan 2
#
interface GigabitEthernet1/0/20
shutdown
port access vlan 2
#
interface NULL0
#
dhcp server forbidden-ip 192.168.3.1
dhcp server forbidden-ip 192.168.4.1
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.1 preference 60
#
user-interface aux 0
user-interface vty 0 4
#
return
完!