多Vlan下IP地址分配与上网行为管理 - IT技术分享

硬件：

ikuai软路由
H3C S5560，
H3C S5120V2，
PC1 PC2
PC1：172.16.0.3 16 172.16.0.2
PC2：172.17.0.3 16 172.17.0.2

配置ikuai：
Lan1 :172.15.0.1 16
添加vlan16 vlan17，
vlan16:172.16.0.1 16 线路：Lan1
vlan17:172.17.0.1 16 线路：Lan1
DHCP1 :172.16.0.10-172.16.0.254 服务接口：vlan16 网关：172.16.0.2
DHCP2 :172.17.0.10-172.17.0.254 服务接口：vlan17 网关：172.17.0.2

配置S5120V2：
划分vlan16、vlan17，
并将端口16 17分别加入vlan16、vlan17
<H3C>system-view
[H3C]vlan 16
[H3C-vlan16]port GigabitEthernet 1/0/16
[H3C]vlan 17
[H3C-vlan17]port GigabitEthernet 1/0/17
[H3C-vlan17]quit

开启DHCP snooping，添加信任端口，阻止非法的路由DHCP信息

并配置trunk口，允许vlan通过
[H3C]dhcp snooping enable
[H3C]interface GigabitEthernet 1/0/2
[H3C-GigabitEthernet1/0/2]dhcp snooping trust

[H3C-GigabitEthernet1/0/2]port link-type trunk
[H3C-GigabitEthernet1/0/2]port trunk permit vlan all

PC1、PC2分别接入S5120V2 G1/0/16 G1/0/17

配置S5560：
划分vlan16、vlan17，
<H3C>system-view
[H3C]vlan 16
[H3C-vlan16]
[H3C]vlan 17
[H3C-vlan17]
[H3C]exit

配置vlan 16 17的IP，也就是PC的网关
[H3C]interface Vlan-interface 16
[H3C-Vlan-interface16]ip address 172.16.0.2 16
[H3C-Vlan-interface16]exit
[H3C]interface Vlan-interface 17
[H3C-Vlan-interface17]ip address 172.17.0.2 16

[H3C-Vlan-interface17]exit

设置trunk口，并允许vlan通过,用来连接ikuai及S5120V2
[H3C]interface GigabitEthernet 1/0/1
[H3C-GigabitEthernet1/0/1]port link-type trunk
[H3C-GigabitEthernet1/0/1]port trunk permit vlan all
[H3C-GigabitEthernet1/0/1]exit
[H3C]interface GigabitEthernet 1/0/2
[H3C-GigabitEthernet1/0/2]port link-type trunk
[H3C-GigabitEthernet1/0/2]port trunk permit vlan all
[H3C-GigabitEthernet1/0/2]exit

配置默认路由
[H3C]ip route-static 0.0.0.0 0.0.0.0 172.15.0.1

开启DHCP snooping，添加信任端口，阻止非法的路由DHCP信息
[H3C]dhcp snooping enable
[H3C]interface GigabitEthernet 1/0/1
[H3C-GigabitEthernet1/0/1]dhcp snooping trust

实验结果
主机可正常获取相应网段IP地址，并互通
不同vlan下主机可获取相应vlan下DHCP下发的IP地址，并在三层交换机进行数据交换，
由ikuai路由器进行上网行为管理.