home       basis       routing       switching       advanced       security       overig       testen      

DHCP ROS oplossing per deelprobleem

1. subnetten
    
   We herberekenen de noden van elk subnet op machten van 2 ...
    
   • administration vlan100 100 hosts -> 128 adressen (incl netID en broadcast) -> /25
   • accounting vlan10 20 hosts -> 32 adressen -> /27
   • sales vlan20 20 hosts -> 32 adressen -> /27
   • support vlan30 10 hosts -> 16 adressen -> /28
   • management vlan40 10 hosts -> 16 adressen -> /28
   • vlan88 -- voor beheer van network devices -- nu 6 devices, maar veiligheids marge voor uitbreiding -> /28

     vlan 100   | 10.45.106.0/25
     vlan  10   | 10.45.106.128/27
     vlan  20   | 10.45.106.160/27
     vlan 30    | 10.45.106.192/28
     vlan 40    | 10.45.106.208/28
     empty      |  10.45.106.224/28
     vlan 88    | 10.45.106.240/28

2. adressering (minstens 1 static adres op 1 PC per subnet)
    
3. vlans
   • definitie vlans op switches

     #conf t
     Enter configuration commands, one per line.  End with CNTL/Z.
     S5(config)#vlan 10
     S5(config-vlan)#name administration
     S5(config-vlan)#vlan 20
     S5(config-vlan)#name accounting
     ... etc ...

   • config vlans op interface: switchport mode access / switchport access vlan xy

     interface FastEthernet0/11
     switchport access vlan 100
     switchport mode access
     !
     interface FastEthernet0/12
     switchport access vlan 100
     switchport mode access
     !
     interface FastEthernet0/13
     switchport access vlan 100
     switchport mode access
     ... etc ...

   • show vlan ...

     SW-0>sh vlan br
     VLAN Name                             Status    Ports
     ---- -------------------------------- --------- -------------------------------
     1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                             Fa0/9, Fa0/10, Fa0/21, Fa0/22
                                             Fa0/23, Fa0/24, Gig0/2
     10   accounting                       active    
     20   sales                            active    
     30   support                          active    
     40   management                       active    
     88   vty-telnet-ssh                   active    
     100  administration                   active    Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                             Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                             Fa0/19, Fa0/20
     1002 fddi-default                     active    
     1003 token-ring-default               active    
     1004 fddinet-default                  active    
     1005 trnet-default                    active    

   • kan elke PC een andere PC pingen in dezelfde VLAN.
   • configure trunk lines op interface: switchport mode trunk

     interface FastEthernet0/1
     switchport trunk native vlan 88
     switchport mode trunk
     !
     interface FastEthernet0/2
     switchport trunk native vlan 88
     switchport mode trunk
     !
     interface FastEthernet0/3
     switchport trunk native vlan 88
     switchport mode trunk
     !
     interface FastEthernet0/4
     switchport trunk native vlan 88
     switchport mode trunk
     !
     !
     !
     interface GigabitEthernet0/1
     switchport mode trunk

   • configure vlan 88

     !
     interface Vlan88
     mac-address 0001.c7bd.2501
     ip address 10.45.106.241 255.255.255.240
     !

      

4. router on a stick
   • subinterfaces met ip adres in juiste subnet
   • dot1Q op interfaces

     interface GigabitEthernet0/0
     no ip address
     duplex auto
     speed auto
     !
     interface GigabitEthernet0/0.10
     encapsulation dot1Q 10
     ip address 10.45.106.158 255.255.255.224
     !
     interface GigabitEthernet0/0.20
     encapsulation dot1Q 20
     ip address 10.45.106.190 255.255.255.224
     !
     interface GigabitEthernet0/0.30
     encapsulation dot1Q 30
     ip address 10.45.106.206 255.255.255.240
     !
     interface GigabitEthernet0/0.40
     encapsulation dot1Q 40
     ip address 10.45.106.222 255.255.255.240
     !
     interface GigabitEthernet0/0.88
     encapsulation dot1Q 88
     ip address 10.45.106.254 255.255.255.240
     !
     interface GigabitEthernet0/0.100
     encapsulation dot1Q 100
     ip address 10.45.106.126 255.255.255.128
     !

   • test routing: kan elke PC elke andere PC pingen
      
5. dhcp
   • pools (1 pool per subnet)
   • exclude ranges

     !
     ip dhcp excluded-address 10.45.106.1 10.45.106.20
     ip dhcp excluded-address 10.45.106.101 10.45.106.126
     !
     ip dhcp pool vlan100
     network 10.45.106.0 255.255.255.128
     default-router 10.45.106.126
     !
     ip dhcp excluded-address 10.45.106.129 10.45.106.130
     ip dhcp excluded-address 10.45.106.151 10.45.106.158
     !
     ip dhcp pool vlan10
     network 10.45.106.128 255.255.255.224
     default-router 10.45.106.158
     !

   • vervang static routing op PCs door DHCP
   • test of elke PC elke andere PC kan pingen
      
6. vlan88
   • int vlan 88 op alle devices met ip adres in subnet 88
   • default gateway op switches

     ! op switch 0
     !
     ip default-gateway 10.45.106.254
     !

   • configure vty met paswoord op elk device

     !
     line vty 0 4
     password sdf12345
     login
     line vty 5 15
     password sdf12345
     login
     !

   • kun je vanop elke pc telnetten naar elke vty
   • telnet vervangen door ssh op elk device
   • ssh testen vanaf elke pc naar elk device