小於200人且有vlan劃分的網絡設計與配置

1.劃分vlan
[sw2]vlan 10
[sw2-Ethernet0/0/1]port link-type access
[sw2-Ethernet0/0/1]port default vlan 10
[sw2-Ethernet0/0/2]port link-type trunk
[sw2-Ethernet0/0/2]port trunk allow-pass vlan all
[sw3]vlan 20
[sw3-Ethernet0/0/1]port link-type access
[sw3-Ethernet0/0/1]port default vlan 20
[sw3-Ethernet0/0/3]port link-type trunk
[sw3-Ethernet0/0/3]port trunk allow-pass vlan all
[sw1]vlan 10
[sw1]vlan 20
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/3]port link-type trunk
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/1]port link-type trunk
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
2.配置IP地址和綁定vlan
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 200.1.1.1 24
[AR1-GigabitEthernet0/0/0]int g0/0/1.1
[AR1-GigabitEthernet0/0/1.1]ip add 192.168.10.254 24
[AR1-GigabitEthernet0/0/1.1]int g0/0/1.2
[AR1-GigabitEthernet0/0/1.2]ip add 192.168.20.254 24
[AR1-GigabitEthernet0/0/1.1]dot1q termination vid 10 //子接口綁定vlan
[AR1-GigabitEthernet0/0/1.1]arp broadcast enable //打開ARP廣播
[AR1-GigabitEthernet0/0/1.2]dot1q termination vid 20
[AR1-GigabitEthernet0/0/1.2]arp broadcast enable
3.配置靜態路由
[AR1]ip route-static 0.0.0.0 0.0.0.0 200.1.1.2
[Internet]ip route-static 0.0.0.0 0.0.0.0 200.1.1.1
4.配置NAT轉換
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255
[AR1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[AR1-GigabitEthernet0/0/0]nat outbound 2000 //採用Easy IP技術使多個內部地址映射到網關出接口的不一樣端口
[AR1]display nat outbound //查看NAT轉換表

5.PC能夠ping通外網，在AR1的G0/0/0口抓包也看不到內網IP，配置成功。