Tweet
Mô hình: Draytek 3900 --> 3750 ---> Zyxel ---> Users
Anh em cho mình hỏi với cấu hình như bên dưới, sao vlan 98 của minh không cấp DHCP ? Các vlan khác vẫn cấp DHCP bình thường. Xin được chỉ giáo ạ
S3750-TT-1#sh run
Building configuration...
Current configuration : 8084 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname S3750-TT-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$33qF$HaJiJYs7WJMhkTBvSECkP0
enable password 7 060506324F41
!
!
!
no aaa new-model
switch 1 provision ws-c3750-48p
system mtu routing 1500
ip routing
no ip domain-lookup
ip dhcp excluded-address 192.168.10.150
ip dhcp excluded-address 192.168.20.1 192.168.20.63
ip dhcp excluded-address 192.168.30.1 192.168.30.63
ip dhcp excluded-address 192.168.40.1 192.168.40.63
ip dhcp excluded-address 192.168.10.1 192.168.10.63
ip dhcp excluded-address 192.168.98.1 192.168.98.63
!
ip dhcp pool TRUNG-TAM
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 203.162.4.191 8.8.8.8
!
ip dhcp pool KHU-A
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 203.162.4.191 8.8.8.8
!
ip dhcp pool KHU-B
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 203.162.4.191 8.8.8.8
!
ip dhcp pool KHU-C
network 192.168.40.0 255.255.255.0
default-router 192.168.40.1
dns-server 203.162.4.191 8.8.8.8
!
ip dhcp pool GUEST-TT
network 192.168.98.0 255.255.255.0
default-router 192.168.98.1
dns-server 203.162.4.191 8.8.8.8
!
!
!
!
crypto pki trustpoint TP-self-signed-1789556224
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1789556224
revocation-check none
rsakeypair TP-self-signed-1789556224
!
!
crypto pki certificate chain TP-self-signed-1789556224
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373839 35353632 3234301E 170D3933 30333031 30303032
33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37383935
35363232 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C598 E987DCF0 5CF25100 36A8273C 6F4E778B 27BB94E7 F0F86AED 04D25D40
F5E6E68B 8664F0F0 F1BBF8E5 3AE09275 03FCC0C6 B86D9886 1596D67D 982AD4F4
3EAB1B29 6FE59DF0 7911CF2D 38317EED B8A99642 C2233912 74686E07 4C244192
0EE64332 162E367E C1C362B6 9F5E5068 27D8188A EE63DB38 56DD4D93 E4DD1D7B
12910203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B533337 35302D54 542D312E 301F0603 551D2304 18301680
140093C6 0D694C26 F28344F7 F1A298CE DC3A836B A5301D06 03551D0E 04160414
0093C60D 694C26F2 8344F7F1 A298CEDC 3A836BA5 300D0609 2A864886 F70D0101
04050003 81810045 64FD3E00 1EEE83B0 72051781 0F08391D FC4D1908 06D9836A
8E9EC18D F43A0044 53BACABC 8680CFD3 0C1BA57D 1BC4148C 7249FC8B 62DE8822
5F0A9566 C599F6FE 097706DF FB1B8405 F177B526 072C460B 3A73F485 D0E73128
45D5DB53 1C98C825 F9C36899 5768FC3D C11B981F 6E0CC973 7ABBFB85 82C7142D
CBC8B7E2 679AC0
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet1/0/1
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
!
interface FastEthernet1/0/25
!
interface FastEthernet1/0/26
!
interface FastEthernet1/0/27
!
interface FastEthernet1/0/28
!
interface FastEthernet1/0/29
!
interface FastEthernet1/0/30
!
interface FastEthernet1/0/31
!
interface FastEthernet1/0/32
!
interface FastEthernet1/0/33
!
interface FastEthernet1/0/34
!
interface FastEthernet1/0/35
!
interface FastEthernet1/0/36
!
interface FastEthernet1/0/37
!
interface FastEthernet1/0/38
!
interface FastEthernet1/0/39
!
interface FastEthernet1/0/40
!
interface FastEthernet1/0/41
!
interface FastEthernet1/0/42
!
interface FastEthernet1/0/43
!
interface FastEthernet1/0/44
!
interface FastEthernet1/0/45
!
interface FastEthernet1/0/46
!
interface FastEthernet1/0/47
description Ket noi SW2960
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/48
description Ket noi Vigor 2910
no switchport
ip address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet1/0/1
description Ket noi Khu-A-2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
description Ket noi Khu-A-5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/3
description Ket noi Zyxel-1524-TT port 22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/4
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
!
interface Vlan2
ip address 192.168.20.1 255.255.255.0
ip access-group ACL-KHU-A in
!
interface Vlan3
ip address 192.168.30.1 255.255.255.0
ip access-group ACL-KHU-B in
!
interface Vlan4
ip address 192.168.40.1 255.255.255.0
ip access-group ACL-KHU-C in
!
interface Vlan98
ip address 192.168.98.1 255.255.255.0
ip access-group ACL-Guest-TT in
!
interface Vlan99
no ip address
!
interface Vlan100
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http secure-server
!
!
ip access-list extended ACL-Guest-TT
deny ip 192.168.98.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.98.0 0.0.0.255 192.168.20.0 0.0.0.255
deny ip 192.168.98.0 0.0.0.255 192.168.30.0 0.0.0.255
deny ip 192.168.98.0 0.0.0.255 192.168.40.0 0.0.0.255
permit ip 192.168.98.0 0.0.0.255 any
permit ip any any
ip access-list extended ACL-KHU-A
permit ip 192.168.20.0 0.0.0.63 192.168.10.0 0.0.0.255
permit ip 192.168.20.0 0.0.0.63 192.168.30.0 0.0.0.63
permit ip 192.168.20.0 0.0.0.63 192.168.40.0 0.0.0.63
deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
deny ip 192.168.20.0 0.0.0.255 192.168.40.0 0.0.0.255
deny ip 192.168.20.0 0.0.0.255 192.168.98.0 0.0.0.255
permit ip any any
ip access-list extended ACL-KHU-B
permit ip 192.168.30.0 0.0.0.63 192.168.10.0 0.0.0.255
permit ip 192.168.30.0 0.0.0.63 192.168.20.0 0.0.0.63
permit ip 192.168.30.0 0.0.0.63 192.168.40.0 0.0.0.63
deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.40.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.98.0 0.0.0.255
permit ip any any
ip access-list extended ACL-KHU-C
permit ip 192.168.40.0 0.0.0.63 192.168.10.0 0.0.0.255
permit ip 192.168.40.0 0.0.0.63 192.168.20.0 0.0.0.63
permit ip 192.168.40.0 0.0.0.63 192.168.30.0 0.0.0.63
deny ip 192.168.40.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.40.0 0.0.0.255 192.168.20.0 0.0.0.255
deny ip 192.168.40.0 0.0.0.255 192.168.30.0 0.0.0.255
deny ip 192.168.40.0 0.0.0.255 192.168.98.0 0.0.0.255
permit ip any any
!
ip sla enable reaction-alerts
!
!
banner login ^C
************************************************** *******************
****** Day la Switch 3750 *******
****** khong duoc phep truy cap bat hop phap *******
************************************************** *******************
^C
banner motd ^C
************************************************** *********
****** SWITCH 3750 ********
************************************************** *********
^C
!
line con 0
password 7 132C23370F090A392E217A63647A
logging synchronous
login
line vty 0 4
password 7 0503131631445B0A405446
login
line vty 5 15
no login
!
end
Anh em cho mình hỏi với cấu hình như bên dưới, sao vlan 98 của minh không cấp DHCP ? Các vlan khác vẫn cấp DHCP bình thường. Xin được chỉ giáo ạ
S3750-TT-1#sh run
Building configuration...
Current configuration : 8084 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname S3750-TT-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$33qF$HaJiJYs7WJMhkTBvSECkP0
enable password 7 060506324F41
!
!
!
no aaa new-model
switch 1 provision ws-c3750-48p
system mtu routing 1500
ip routing
no ip domain-lookup
ip dhcp excluded-address 192.168.10.150
ip dhcp excluded-address 192.168.20.1 192.168.20.63
ip dhcp excluded-address 192.168.30.1 192.168.30.63
ip dhcp excluded-address 192.168.40.1 192.168.40.63
ip dhcp excluded-address 192.168.10.1 192.168.10.63
ip dhcp excluded-address 192.168.98.1 192.168.98.63
!
ip dhcp pool TRUNG-TAM
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 203.162.4.191 8.8.8.8
!
ip dhcp pool KHU-A
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 203.162.4.191 8.8.8.8
!
ip dhcp pool KHU-B
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 203.162.4.191 8.8.8.8
!
ip dhcp pool KHU-C
network 192.168.40.0 255.255.255.0
default-router 192.168.40.1
dns-server 203.162.4.191 8.8.8.8
!
ip dhcp pool GUEST-TT
network 192.168.98.0 255.255.255.0
default-router 192.168.98.1
dns-server 203.162.4.191 8.8.8.8
!
!
!
!
crypto pki trustpoint TP-self-signed-1789556224
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1789556224
revocation-check none
rsakeypair TP-self-signed-1789556224
!
!
crypto pki certificate chain TP-self-signed-1789556224
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373839 35353632 3234301E 170D3933 30333031 30303032
33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37383935
35363232 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C598 E987DCF0 5CF25100 36A8273C 6F4E778B 27BB94E7 F0F86AED 04D25D40
F5E6E68B 8664F0F0 F1BBF8E5 3AE09275 03FCC0C6 B86D9886 1596D67D 982AD4F4
3EAB1B29 6FE59DF0 7911CF2D 38317EED B8A99642 C2233912 74686E07 4C244192
0EE64332 162E367E C1C362B6 9F5E5068 27D8188A EE63DB38 56DD4D93 E4DD1D7B
12910203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B533337 35302D54 542D312E 301F0603 551D2304 18301680
140093C6 0D694C26 F28344F7 F1A298CE DC3A836B A5301D06 03551D0E 04160414
0093C60D 694C26F2 8344F7F1 A298CEDC 3A836BA5 300D0609 2A864886 F70D0101
04050003 81810045 64FD3E00 1EEE83B0 72051781 0F08391D FC4D1908 06D9836A
8E9EC18D F43A0044 53BACABC 8680CFD3 0C1BA57D 1BC4148C 7249FC8B 62DE8822
5F0A9566 C599F6FE 097706DF FB1B8405 F177B526 072C460B 3A73F485 D0E73128
45D5DB53 1C98C825 F9C36899 5768FC3D C11B981F 6E0CC973 7ABBFB85 82C7142D
CBC8B7E2 679AC0
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet1/0/1
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
!
interface FastEthernet1/0/25
!
interface FastEthernet1/0/26
!
interface FastEthernet1/0/27
!
interface FastEthernet1/0/28
!
interface FastEthernet1/0/29
!
interface FastEthernet1/0/30
!
interface FastEthernet1/0/31
!
interface FastEthernet1/0/32
!
interface FastEthernet1/0/33
!
interface FastEthernet1/0/34
!
interface FastEthernet1/0/35
!
interface FastEthernet1/0/36
!
interface FastEthernet1/0/37
!
interface FastEthernet1/0/38
!
interface FastEthernet1/0/39
!
interface FastEthernet1/0/40
!
interface FastEthernet1/0/41
!
interface FastEthernet1/0/42
!
interface FastEthernet1/0/43
!
interface FastEthernet1/0/44
!
interface FastEthernet1/0/45
!
interface FastEthernet1/0/46
!
interface FastEthernet1/0/47
description Ket noi SW2960
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/48
description Ket noi Vigor 2910
no switchport
ip address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet1/0/1
description Ket noi Khu-A-2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
description Ket noi Khu-A-5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/3
description Ket noi Zyxel-1524-TT port 22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/4
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
!
interface Vlan2
ip address 192.168.20.1 255.255.255.0
ip access-group ACL-KHU-A in
!
interface Vlan3
ip address 192.168.30.1 255.255.255.0
ip access-group ACL-KHU-B in
!
interface Vlan4
ip address 192.168.40.1 255.255.255.0
ip access-group ACL-KHU-C in
!
interface Vlan98
ip address 192.168.98.1 255.255.255.0
ip access-group ACL-Guest-TT in
!
interface Vlan99
no ip address
!
interface Vlan100
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http secure-server
!
!
ip access-list extended ACL-Guest-TT
deny ip 192.168.98.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.98.0 0.0.0.255 192.168.20.0 0.0.0.255
deny ip 192.168.98.0 0.0.0.255 192.168.30.0 0.0.0.255
deny ip 192.168.98.0 0.0.0.255 192.168.40.0 0.0.0.255
permit ip 192.168.98.0 0.0.0.255 any
permit ip any any
ip access-list extended ACL-KHU-A
permit ip 192.168.20.0 0.0.0.63 192.168.10.0 0.0.0.255
permit ip 192.168.20.0 0.0.0.63 192.168.30.0 0.0.0.63
permit ip 192.168.20.0 0.0.0.63 192.168.40.0 0.0.0.63
deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
deny ip 192.168.20.0 0.0.0.255 192.168.40.0 0.0.0.255
deny ip 192.168.20.0 0.0.0.255 192.168.98.0 0.0.0.255
permit ip any any
ip access-list extended ACL-KHU-B
permit ip 192.168.30.0 0.0.0.63 192.168.10.0 0.0.0.255
permit ip 192.168.30.0 0.0.0.63 192.168.20.0 0.0.0.63
permit ip 192.168.30.0 0.0.0.63 192.168.40.0 0.0.0.63
deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.40.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.98.0 0.0.0.255
permit ip any any
ip access-list extended ACL-KHU-C
permit ip 192.168.40.0 0.0.0.63 192.168.10.0 0.0.0.255
permit ip 192.168.40.0 0.0.0.63 192.168.20.0 0.0.0.63
permit ip 192.168.40.0 0.0.0.63 192.168.30.0 0.0.0.63
deny ip 192.168.40.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.40.0 0.0.0.255 192.168.20.0 0.0.0.255
deny ip 192.168.40.0 0.0.0.255 192.168.30.0 0.0.0.255
deny ip 192.168.40.0 0.0.0.255 192.168.98.0 0.0.0.255
permit ip any any
!
ip sla enable reaction-alerts
!
!
banner login ^C
************************************************** *******************
****** Day la Switch 3750 *******
****** khong duoc phep truy cap bat hop phap *******
************************************************** *******************
^C
banner motd ^C
************************************************** *********
****** SWITCH 3750 ********
************************************************** *********
^C
!
line con 0
password 7 132C23370F090A392E217A63647A
logging synchronous
login
line vty 0 4
password 7 0503131631445B0A405446
login
line vty 5 15
no login
!
end