一、实验拓扑
二、实验步骤
2.1 配置路由器
# 步骤1:配置路由器接口、配置DHCP地址池
Router>en
Router#conf t
Router(config)#int g0/0
Router(config-if)#ip add 10.0.0.2 255.255.255.0
Router(config-if)#no sh
Router(config-if)#exit
配置路由条目
Router(config)#ip route 10.0.1.0 255.255.255.0 10.0.0.1
配置路由条目:
Router(config)#ip route 192.168.0.0 255.255.0.0 10.0.0.1
配置vlan10地址池
Router(config)#ip dhcp pool vlan10
Router(dhcp-config)#net 192.168.10.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.10.1
Router(dhcp-config)#exit
配置vlan20地址池
Router(config)#ip dhcp pool vlan20
Router(dhcp-config)#net 192.168.20.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.20.1
Router(dhcp-config)#exit
配置vlan30地址池
Router(config)#ip dhcp pool vlan30
Router(dhcp-config)#net 192.168.30.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.30.1
Router(dhcp-config)#exit
Router(config)#
# 步骤2:配置NAT地址转换
Router>
Router>en
Router#conf t
设置内网
Router(config)#int g0/0
Router(config-if)#ip nat inside
配置外网
Router(config-if)#int g0/1
Router(config-if)#ip add 200.0.0.1 255.255.255.0
Router(config-if)#no sh
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#access-list 1 permit 192.168.0.0 0.0.255.255
Router(config)#ip nat pool kgc 200.0.0.11 200.0.0.20 netmask 255.255.255.0
Router(config)#ip nat inside source list 1 pool kgc overload
Router(config)#ip route 0.0.0.0 0.0.0.0 g0/1
Router(config)#end
Router#
Router#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.0.0.0/24 is directly connected, GigabitEthernet0/0
L 10.0.0.2/32 is directly connected, GigabitEthernet0/0
S 10.0.1.0/24 [1/0] via 10.0.0.1
S 192.168.0.0/16 [1/0] via 10.0.0.1
200.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.0.0.0/24 is directly connected, GigabitEthernet0/1
L 200.0.0.1/32 is directly connected, GigabitEthernet0/1
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/1
2.2 配置3层交换机
# 步骤1:配置SWA
Switch>
Switch>en
三层交换机不能配置vlan,使用该命令三层交换机可以配置vlan
Switch#vlan database
Switch(vlan)#vl 10
Switch(vlan)#exit
Switch#conf t
Switch(config)#int g0/1
三层交换机没有启用trunk功能,需要通过其命令启用trunk功能,将二层的trunk中继到三层
Switch(config-if)#sw tr encapsulation dot1q
Switch(config-if)#sw mo tr
Switch(config-if)#int g0/2
用该命令把交换机功能转换成路由器功能
Switch(config-if)#no switchport
配置的把交换机功能转换成路由器两边的ip
Switch(config-if)#ip add 10.0.1.1 255.255.255.0
Switch(config-if)#no sh
Switch(config-if)#int vlan 10
Switch(config-if)#ip add 192.168.10.1 255.255.255.0
Switch(config-if)#no sh
Switch(config-if)#exit
配置路由条目
Switch(config)#ip route 0.0.0.0 0.0.0.0 10.0.1.2
启动路由器,用其功能
Switch(config)#ip routing
Switch(config)#exit
查看route的ip
Switch#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 10.0.1.2 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.1.0 is directly connected, GigabitEthernet0/2
C 192.168.10.0/24 is directly connected, Vlan10
S* 0.0.0.0/0 [1/0] via 10.0.1.2
Switch#sh vl br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 VLAN0010 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#conf t
连接地址池,需要在vlan10里配置中继,能够通过DHCP获取pc机的ip
Switch(config)#int vlan 10
Switch(config-if)#ip helper-address 10.0.0.2
Switch(config-if)#end
Switch#
# 步骤2:配置SWB
Switch>
Switch>en
三层交换机不能配置vlan,使用该命令三层交换机可以配置两个vl
vl10和vl20
Switch#vl da
Switch(vlan)#vl 20
Switch(vlan)#vl 30
Switch(vlan)#exit
Switch#conf t
Switch(config)#int g0/1
三层交换机没有启用trunk功能,需要通过其命令启用trunk功能,将二层的trunk中继到三层
Switch(config-if)#sw tr en dot1q
Switch(config-if)#sw mo tr
用该命令把交换机功能转换成路由器功能
Switch(config-if)#int g0/2
Switch(config-if)#no switchport
Switch(config-if)#ip add 10.0.1.2 255.255.255.0
启动路由器其端口
Switch(config-if)#no sh
用该命令把交换机功能转换成路由器功能
Switch(config-if)#int f0/1
Switch(config-if)#no switchport
Switch(config-if)#ip add 10.0.0.1 255.255.255.0
启动路由器其端口
Switch(config-if)#no sh
在路由器中添加vl20和vl30的ip,使其路由器能够获取到vl20和vl30的ip
Switch(config-if)#int vlan 20
Switch(config-if)#ip add 192.168.20.1 255.255.255.0
Switch(config-if)#no sh
Switch(config-if)#int vl 30
Switch(config-if)#ip add 192.168.30.1 255.255.255.0
Switch(config-if)#no sh
Switch(config-if)#exit
在其路由器上配置两端的静态路由条目
Switch(config)#ip route 192.168.10.0 255.255.255.0 10.0.1.1
Switch(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2
启动路由器
Switch(config)#ip routing
配置两台vl20和vl30的中继
Switch(config)#int vl 20
Switch(config-if)#int vl 20
Switch(config-if)#ip helper-address 10.0.0.2
Switch(config-if)#int vl 30
Switch(config-if)#ip helper-address 10.0.0.2
Switch(config-if)#end
Switch#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, FastEthernet0/1
C 10.0.1.0 is directly connected, GigabitEthernet0/2
S 192.168.10.0/24 [1/0] via 10.0.1.1
C 192.168.20.0/24 is directly connected, Vlan20
C 192.168.30.0/24 is directly connected, Vlan30
2.3 配置2层交换机
# 步骤1:配置SW1
Switch>en
Switch#conf t
两层交换机创建vl10
Switch(config)#vl 10
Switch(config-vlan)#exit
创建两层交换机的vl10
Switch(config)#int f0/1
Switch(config-if)#sw mo ac
Switch(config-if)#sw ac vl 10
进入g0/1,配置trunk
Switch(config-if)#int g0/1
Switch(config-if)#sw mo tr
Switch(config-if)#end
Switch#sh vl br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig0/2
10 VLAN0010 active Fa0/1
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
# 步骤2:配置SW2
Switch>
Switch>en
Switch#conf t
两层交换机创建两个vl,vl20和vl30
Switch(config)#vl 20
Switch(config-vlan)#vl 30
Switch(config-vlan)#
创建两层交换机的vl20和vl30
Switch(config-vlan)#int f0/2
Switch(config-if)#sw mo ac
Switch(config-if)#sw ac vl 20
Switch(config-if)#int f0/3
Switch(config-if)#sw mo ac
Switch(config-if)#sw ac vl 30
进入g0/1,配置trunk
Switch(config-if)#int g0/1
Switch(config-if)#sw mo tr
2.4 测试全网连通
# 步骤1:在PC2上ping其他PC和外网服务器
C:\>ipconfig
FastEthernet0 Connection:(default port)
Connection-specific DNS Suffix..:
Link-local IPv6 Address.........: FE80::2D0:BCFF:FE33:403B
IPv6 Address....................: ::
IPv4 Address....................: 192.168.30.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: ::
192.168.30.1
C:\>ping 192.168.20.2
Pinging 192.168.20.2 with 32 bytes of data:
Request timed out.
Reply from 192.168.20.2: bytes=32 time<1ms TTL=127
Reply from 192.168.20.2: bytes=32 time=6ms TTL=127
Reply from 192.168.20.2: bytes=32 time<1ms TTL=127
C:\>ping 192.168.10.2
Pinging 192.168.10.2 with 32 bytes of data:
Request timed out.
Reply from 192.168.10.2: bytes=32 time<1ms TTL=126
Reply from 192.168.10.2: bytes=32 time<1ms TTL=126
Reply from 192.168.10.2: bytes=32 time<1ms TTL=126
C:\>ping 200.0.0.200
Pinging 200.0.0.200 with 32 bytes of data:
Reply from 200.0.0.200: bytes=32 time=1ms TTL=126
Reply from 200.0.0.200: bytes=32 time=11ms TTL=126
Reply from 200.0.0.200: bytes=32 time<1ms TTL=126
Reply from 200.0.0.200: bytes=32 time<1ms TTL=126
Ping statistics for 200.0.0.200:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 11ms, Average = 3ms
# 步骤2:在路由器上查看NAT地址映射
Router#sh ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 200.0.0.11:10 192.168.30.2:10 200.0.0.200:10 200.0.0.200:10
icmp 200.0.0.11:11 192.168.30.2:11 200.0.0.200:11 200.0.0.200:11
icmp 200.0.0.11:12 192.168.30.2:12 200.0.0.200:12 200.0.0.200:12
icmp 200.0.0.11:1 192.168.20.2:1 200.0.0.200:1 200.0.0.200:1
icmp 200.0.0.11:2 192.168.20.2:2 200.0.0.200:2 200.0.0.200:2
icmp 200.0.0.11:3 192.168.20.2:3 200.0.0.200:3 200.0.0.200:3
icmp 200.0.0.11:4 192.168.20.2:4 200.0.0.200:4 200.0.0.200:4
icmp 200.0.0.11:5 192.168.10.2:5 200.0.0.200:5 200.0.0.200:5
icmp 200.0.0.11:6 192.168.10.2:6 200.0.0.200:6 200.0.0.200:6
icmp 200.0.0.11:7 192.168.10.2:7 200.0.0.200:7 200.0.0.200:7
icmp 200.0.0.11:8 192.168.10.2:8 200.0.0.200:8 200.0.0.200:8
icmp 200.0.0.11:9 192.168.30.2:9 200.0.0.200:9 200.0.0.200:9
浙公网安备 33010602011771号