Cisco三層vlan與路由配置

要求整個網絡能夠訪問互聯網，使用NAT轉換

2017年6月30日

14:13

 

 

1、用Internet路由器模仿公網路由，配置以下

      

Router>enable

Router#config t

Enter configurationcommands, one per line. End with CNTL/Z.

Router(config)#inters1/0

Router(config-if)#ipadd 1.1.1.1 255.255.255.0

Router(config-if)#clockrate 6400

Router(config-if)#noshutdown

模擬公網路由器配置完成

 

2、配置企業路由器

 

配置鏈接公網的接口IP地址把接口定義爲outside   

Router>enable

Router#config t

Enter configurationcommands, one per line. End with CNTL/Z.

Router(config)#inters1/1

Router(config-if)#ipadd 1.1.1.2 255.255.255.0

Router(config-if)#noshutdown

 

Router(config-if)#

%LINK-5-CHANGED:Interface Serial1/1, changed state to up

 

%LINEPROTO-5-UPDOWN:Line protocol on Interface Serial1/1, changed state to up

 

Router(config-if)#ip nat outside

 

配置鏈接三層交換機接口IP地址把接口定義爲inside

Router(config)#interf0/0

Router(config-if)#ipadd 172.16.1.2 255.255.255.0

Router(config-if)#noshutdown

 

Router(config-if)#

%LINK-5-CHANGED:Interface FastEthernet0/0, changed state to up

 

%LINEPROTO-5-UPDOWN:Line protocol on Interface FastEthernet0/0, changed state to up

 

Router(config-if)#ip nat inside

 

配置acl訪問控制列表，不配置沒法訪問經過路由訪問公網（這裏特別重要）若是不把全部要

容許訪問公網的網段配置成容許訪問的狀態，路由器就會阻止這些網段訪問公網

Router(config)#access-list10 permit 192.168.1.0 0.0.0.255

Router(config)#access-list10 permit 192.168.2.0 0.0.0.255

Router(config)#access-list10 permit 192.168.3.0 0.0.0.255

 

配置NAT地址轉換

Router(config)#ip natinside source list 10 interface s1/1 overload

 

3、配置三層交換機

  

      建立一個vlan5用來配置與路由鏈接的地址，並把f0/1劃入vlan5

     Switch(config)#vlan 5

    

Switch(config)#interf0/1

Switch(config-if)#swit

Switch(config-if)#switchportmo

Switch(config-if)#switchportmode acc

Switch(config-if)#switchportmode access

Switch(config-if)#swac

Switch(config-if)#swaccess vlan 5

 

配置vlan地址

Switch(config-if)#intervlan 5

Switch(config-if)#

%LINK-5-CHANGED:Interface Vlan5, changed state to up

 

%LINEPROTO-5-UPDOWN:Line protocol on Interface Vlan5, changed state to up

 

Switch(config-if)#ipadd 172.16.1.1 255.255.255.0

Switch(config-if)#noshutdown

 

把其它vlan也配置好

配置Vlan2

Switch(config)#interf0/2

Switch(config-if)#swmo acc

Switch(config-if)#swacc vlan 2

Switch(config-if)#intervlan 2

Switch(config-if)#

%LINK-5-CHANGED:Interface Vlan2, changed state to up

 

%LINEPROTO-5-UPDOWN:Line protocol on Interface Vlan2, changed state to up

 

Switch(config-if)#ipadd 192.168.1.254 255.255.255.0

Switch(config-if)#noshut

Switch(config-if)#

 

配置Vlan3

Switch(config-if)#noshut

Switch(config-if)#interf0/3

Switch(config-if)#swmo acc

Switch(config-if)#swacc vlan 3

Switch(config-if)#intervlan 3

Switch(config-if)#

%LINK-5-CHANGED:Interface Vlan3, changed state to up

 

%LINEPROTO-5-UPDOWN:Line protocol on Interface Vlan3, changed state to up

 

Switch(config-if)#ipadd 192.168.2.254 255.255.255.0

 

配置Vlan4

 

Switch(config-if)#interf0/4

Switch(config-if)#swmo acc

Switch(config-if)#swacc vlan 4

Switch(config-if)#intervlan 4

Switch(config-if)#

%LINK-5-CHANGED:Interface Vlan4, changed state to up

 

%LINEPROTO-5-UPDOWN:Line protocol on Interface Vlan4, changed state to up

 

Switch(config-if)#ipadd 192.168.3.254 255.255.255.0

 

配置DHCP服務器

 

配置vlan2DHCP服務器

Switch(config)#ipdhcp pool vlan2

Switch(dhcp-config)#default-router192.168.1.254

Switch(dhcp-config)#dns-server1.1.1.1

Switch(dhcp-config)#network192.168.1.0 255.255.255.0

Switch(dhcp-config)#exit

 

配置vlan3DHCP服務器

Switch(config)#ipdhcp pool vlan3

Switch(dhcp-config)#default-router192.168.2.254

Switch(dhcp-config)#dns-server2.2.2.2

Switch(dhcp-config)#network192.168.2.0 255.255.255.0

Switch(dhcp-config)#exit

 

配置vlan4DHCP服務器

Switch(config)#ipdhcp pool vlan4

Switch(dhcp-config)#default-router192.168.3.254

Switch(dhcp-config)#dns-server3.3.3.3

Switch(dhcp-config)#network192.168.3.0 255.255.255.0

Switch(dhcp-config)#exit

 

開啓三層交換機路由功能

 ip routing

 

到這裏全部的vlan間的電腦已經可以相互ping通了，可是仍是不能訪問互聯網，由於路由尚未

配置完成