1 633 !

, . Cisco ASA DHCP .

, .

Cisco ASA ( 5500, 5500-X). VLAN-

ASA . , ASA DHCP , IP , DHCP . , ASA (inside1,inside2,inside3). - , . - .

Dot1Q, , .

:

, security-plus.
    :
  • GE1 ASA 100.1.1.1
  • GE0 ASA , . -, VLAN.
    • - GE0.1 - VLAN10 ( 10.1.1.254) inside 1
    • - GE0.2 - VLAN10 ( 10.2.2.254) inside 2
    • - GE0.3 - VLAN10 ( 10.3.3.254) inside 3
  • Eth0/1, Eth0/2, Eth 0/3 VLAN- (10, 20, 30)
  • VLAN 10 ASA DHCP (10.1.1.0/24) inside1
  • VLAN 20 - ASA DHCP (10.2.2.0/24) inside2
  • VLAN 30 ASA DHCP (10.3.3.0/24) inside3
  • ASA PAT (NAT Overload)
, -VLAN .

Cisco ASA

!       - (     )
interface GigabitEthernet0
no nameif
no security-level
no ip address
!
!  - GE0.1  VLAN10
interface GigabitEthernet0.1
vlan 10
nameif inside1
security-level 100
ip address 10.1.1.254 255.255.255.0
!  - GE0.2  VLAN20
interface GigabitEthernet0.2
vlan 20
nameif inside2
security-level 90
ip address 10.2.2.254 255.255.255.0
!  - GE0.3  VLAN30
interface GigabitEthernet0.3
vlan 30
nameif inside3
security-level 80
ip address 10.3.3.254 255.255.255.0
! This is the WAN interface connected to ISP  WAN ,   ISP
interface GigabitEthernet1
nameif outside
security-level 0
ip address 100.1.1.1 255.255.255.0
!      
object network inside1_LAN
subnet 10.1.1.0 255.255.255.0
object network inside2_LAN
subnet 10.2.2.0 255.255.255.0
object network inside3_LAN
subnet 10.3.3.0 255.255.255.0
!   ACL  ,    ICMP  (   )
access-list OUT extended permit icmp any any
access-group OUT in interface outside
!         PAT (NAT Overload)   
object network inside1_LAN
nat (inside1,outside) dynamic interface
object network inside2_LAN
nat (inside2,outside) dynamic interface
object network inside3_LAN
nat (inside3,outside) dynamic interface
access-group OUT in interface outside
route outside 0.0.0.0 0.0.0.0 100.1.1.2
!    DHCP c 
! DHCP   VLAN10  inside1
dhcpd address 10.1.1.1-10.1.1.100 inside1
dhcpd enable inside1
! DHCP   VLAN20  inside2
dhcpd address 10.2.2.1-10.2.2.100 inside2
dhcpd enable inside2
! DHCP   VLAN30  inside3
dhcpd address 10.3.3.1-10.3.3.100 inside3
dhcpd enable inside3
!  DNS c   
dhcpd dns 200.1.1.1

, .


, VLAN.

!  ,    GE0
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!    VLAN10
interface Ethernet0/1
switchport access vlan 10
switchport mode access
duplex auto
!    VLAN20
interface Ethernet0/2
switchport access vlan 20
switchport mode access
duplex auto
!    VLAN30
interface Ethernet0/3
switchport access vlan 30
switchport mode access
duplex auto

?


: