CCNA--LAB-11:配置單臂路由(企業經典案例)

版權聲明：原創做品，容許轉載，轉載時請務必以超連接形式標明文章 原始出處 、做者信息和本聲明。不然將追究法律責任。 http://justim.blog.51cto.com/740099/243083

什麼是單臂路由 : 爲何要用到單臂路由。 VLAN （虛擬局域網）技術是路由交換中很是基礎的技術。在網絡管理實踐中，經過在交換機上劃分適當數目的 vlan ，不只能有效隔離廣播風暴，還能提升網絡安全係數及網絡帶寬的利用效率。劃分 vlan 以後， vlan 與 vlan 之間是不能通訊的， 要想使不一樣 VLAN 裏的主機互訪就得使用 VLAN 間路由技術。在考慮成本的狀況下咱們通常選擇單臂路由，單臂路由須要一臺交換機和一臺路由器來共同實現。     拓撲以下：   實驗目的：接口信息以及IP地址規劃如拓撲所示，PC1——PC3分別屬於VLAN1——VLAN3， 運用單臂路由與NAT的結合，最終使得用戶之間可以互相訪問，使企業內部所有可以訪問因特網。     具體配置：   R1：   Router> Router>en Router#conf t Router(config)#hostname R1 R1(config)#interface f0/0 R1(config-if)#no sh      --首先把物理接口激活，其它子接口就不用再激活 R1(config)#interface f0/0.1    --進入子接口模式 R1(config-subif)#encapsulation dot1Q 1     --對VLAN1進行封裝DOT1Q R1(config-subif)#ip address 192.168.1.254 255.255.255.0 R1(config-subif)#exit R1(config)#interface f0/0.2     --進入子接口模式 R1(config-subif)#encapsulation dot1Q 2     --對VLAN2進行封裝DOT1Q R1(config-subif)#ip address 192.168.2.254 255.255.255.0 R1(config-subif)#exit R1(config)#interface f0/0.3     --進入子接口模式 R1(config-subif)#encapsulation dot1Q 3     --對VLAN3進行封裝DOT1Q R1(config-subif)#ip address 192.168.3.254 255.255.255.0 R1(config-subif)#exit R1(config)#interface f0/1 R1(config-if)#ip address 218.87.18.1 255.255.255.0 R1(config-if)#no sh R1(config-if)#exit R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255     --定義容許的流量 R1(config)#access-list 1 permit 192.168.2.0 0.0.0.255 R1(config)#access-list 1 permit 192.168.3.0 0.0.0.255 R1(config)#ip nat inside source list 1 interface f0/1 overload --定義符合訪問控制列表1的流量向F0/1口轉發 R1(config)#interface f0/0.1 R1(config-subif)#ip nat inside   --定義內部接口 R1(config-subif)#interface f0/0.2 R1(config-subif)#ip nat inside R1(config-subif)#interface f0/0.3 R1(config-subif)#ip nat inside R1(config-subif)#exit R1(config-if)#interface f0/1 R1(config-if)#ip nat outside    --定義外部接口 R1(config-if)#exit R1(config)#ip route 0.0.0.0 0.0.0.0 218.87.18.2    --默認路由指向ISP R1(config-if)#end R1#         SW1：   Switch> Switch>en Switch#conf t Switch(config)#hostname SW1 SW1(config)#vlan 2     --建立VLAN2 SW1(config-vlan)#exit SW1(config)#vlan 3     --建立VLAN3 SW1(config-vlan)#exit SW1(config)#interface f0/2 SW1(config-if)#switchport mode access     --端口模式爲ACCESS SW1(config-if)#switchport access vlan 2    --把當前端口加入到VLAN2 SW1(config-if)#no sh SW1(config-if)#exit SW1(config)#interface f0/3 SW1(config-if)#switchport mode access     --端口模式爲ACCESS SW1(config-if)#switchport access vlan 3    --把當前端口加入到VLAN3 SW1(config-if)#exit SW1(config)#interface f0/24 SW1(config)#switchport trunk encapsulation dot1q    --把接口封裝爲DOT1Q SW1(config-if)#switchport mode trunk      --接口模式爲TRUNK（中繼） SW1(config-if)#no sh SW1(config-if)#end SW1#     ISP:   Router> Router>en Router#conf t Router(config)#hostname ISP ISP(config)#interface f0/1 ISP(config-if)#ip address 218.87.18.2 255.255.255.0 ISP(config-if)#no sh ISP(config-if)#end ISP#       3臺PC上分別作驗證：   PC1:   PC>ipconfig   IP Address......................: 192.168.1.1 Subnet Mask.....................: 255.255.255.0 Default Gateway.................: 192.168.1.254     PC>ping 218.87.18.2   Pinging 218.87.18.2 with 32 bytes of data:   Reply from 218.87.18.2: bytes=32 time=73ms TTL=254 Reply from 218.87.18.2: bytes=32 time=112ms TTL=254 Reply from 218.87.18.2: bytes=32 time=52ms TTL=254 Reply from 218.87.18.2: bytes=32 time=70ms TTL=254   Ping statistics for 218.87.18.2:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 52ms, Maximum = 112ms, Average = 76ms   PC>   PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data:   Reply from 192.168.2.1: bytes=32 time=73ms TTL=254 Reply from 192.168.2.1: bytes=32 time=112ms TTL=254 Reply from 192.168.2.1: bytes=32 time=52ms TTL=254 Reply from 192.168.2.1: bytes=32 time=70ms TTL=254   Ping statistics for 192.168.2.1:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 52ms, Maximum = 112ms, Average = 76ms   PC> PC>ping 192.168.3.1   Pinging 192.1683.1 with 32 bytes of data:   Reply from 192.168.3.1: bytes=32 time=73ms TTL=254 Reply from 192.168.3.1: bytes=32 time=112ms TTL=254 Reply from 192.168.3.1: bytes=32 time=52ms TTL=254 Reply from 192.168.3.1: bytes=32 time=70ms TTL=254   Ping statistics for 192.168.3.1:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 52ms, Maximum = 112ms, Average = 76ms   PC> -------------------------------------------------------------------------------------   PC2:   PC>ipconfig   IP Address......................: 192.168.2.1 Subnet Mask.....................: 255.255.255.0 Default Gateway.................: 192.168.2.254   PC>ping 218.87.18.2   Pinging 218.87.18.2 with 32 bytes of data:   Reply from 218.87.18.2: bytes=32 time=39ms TTL=254 Reply from 218.87.18.2: bytes=32 time=44ms TTL=254 Reply from 218.87.18.2: bytes=32 time=58ms TTL=254 Reply from 218.87.18.2: bytes=32 time=29ms TTL=254   Ping statistics for 218.87.18.2:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 29ms, Maximum = 58ms, Average = 42ms   PC>     -------------------------------------------------------------------------------------   PC3:   PC>ipconfig   IP Address......................: 192.168.3.1 Subnet Mask.....................: 255.255.255.0 Default Gateway.................: 192.168.3.254   PC>ping 218.87.18.2   Pinging 218.87.18.2 with 32 bytes of data:   Reply from 218.87.18.2: bytes=32 time=83ms TTL=254 Reply from 218.87.18.2: bytes=32 time=71ms TTL=254 Reply from 218.87.18.2: bytes=32 time=42ms TTL=254 Reply from 218.87.18.2: bytes=32 time=44ms TTL=254   Ping statistics for 218.87.18.2:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 42ms, Maximum = 83ms, Average = 60ms   PC>     總結：   本實驗與實際中小企業網絡很是類似，部署單臂路由既節省了成本，又提升了工做效率.