Cisco三层vlan与路由配置

要求整个网络可以访问互联网，使用NAT转换

2017年6月30日

14:13

1、用Internet路由器模仿公网路由，配置如下

Router>enable

Router#config t

Enter configurationcommands, one per line. End with CNTL/Z.

Router(config)#inters1/0

Router(config-if)#ipadd 1.1.1.1 255.255.255.0

Router(config-if)#clockrate 6400

Router(config-if)#noshutdown

模拟公网路由器配置完成

2、配置企业路由器

配置连接公网的接口IP地址把接口定义为outside

Router>enable

Router#config t

Enter configurationcommands, one per line. End with CNTL/Z.

Router(config)#inters1/1

Router(config-if)#ipadd 1.1.1.2 255.255.255.0

Router(config-if)#noshutdown

Router(config-if)#

%LINK-5-CHANGED:Interface Serial1/1, changed state to up

%LINEPROTO-5-UPDOWN:Line protocol on Interface Serial1/1, changed state to up

Router(config-if)#ip nat outside

配置连接三层交换机接口IP地址把接口定义为inside

Router(config)#interf0/0

Router(config-if)#ipadd 172.16.1.2 255.255.255.0

Router(config-if)#noshutdown

Router(config-if)#

%LINK-5-CHANGED:Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN:Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#ip nat inside

配置acl访问控制列表，不配置无法访问通过路由访问公网（这里特别重要）如果不把所有要

允许访问公网的网段配置成允许访问的状态，路由器就会阻止这些网段访问公网

Router(config)#access-list10 permit 192.168.1.0 0.0.0.255

Router(config)#access-list10 permit 192.168.2.0 0.0.0.255

Router(config)#access-list10 permit 192.168.3.0 0.0.0.255

配置NAT地址转换

Router(config)#ip natinside source list 10 interface s1/1 overload

3、配置三层交换机

创建一个vlan5用来配置与路由连接的地址，并把f0/1划入vlan5

Switch(config)#vlan 5

Switch(config)#interf0/1

Switch(config-if)#swit

Switch(config-if)#switchportmo

Switch(config-if)#switchportmode acc

Switch(config-if)#switchportmode access

Switch(config-if)#swac

Switch(config-if)#swaccess vlan 5

配置vlan地址

Switch(config-if)#intervlan 5

Switch(config-if)#

%LINK-5-CHANGED:Interface Vlan5, changed state to up

%LINEPROTO-5-UPDOWN:Line protocol on Interface Vlan5, changed state to up

Switch(config-if)#ipadd 172.16.1.1 255.255.255.0

Switch(config-if)#noshutdown

把其它vlan也配置好

配置Vlan2

Switch(config)#interf0/2

Switch(config-if)#swmo acc

Switch(config-if)#swacc vlan 2

Switch(config-if)#intervlan 2

Switch(config-if)#

%LINK-5-CHANGED:Interface Vlan2, changed state to up

%LINEPROTO-5-UPDOWN:Line protocol on Interface Vlan2, changed state to up

Switch(config-if)#ipadd 192.168.1.254 255.255.255.0

Switch(config-if)#noshut

Switch(config-if)#

配置Vlan3

Switch(config-if)#noshut

Switch(config-if)#interf0/3

Switch(config-if)#swmo acc

Switch(config-if)#swacc vlan 3

Switch(config-if)#intervlan 3

Switch(config-if)#

%LINK-5-CHANGED:Interface Vlan3, changed state to up

%LINEPROTO-5-UPDOWN:Line protocol on Interface Vlan3, changed state to up

Switch(config-if)#ipadd 192.168.2.254 255.255.255.0

配置Vlan4

Switch(config-if)#interf0/4

Switch(config-if)#swmo acc

Switch(config-if)#swacc vlan 4

Switch(config-if)#intervlan 4

Switch(config-if)#

%LINK-5-CHANGED:Interface Vlan4, changed state to up

%LINEPROTO-5-UPDOWN:Line protocol on Interface Vlan4, changed state to up

Switch(config-if)#ipadd 192.168.3.254 255.255.255.0

配置DHCP服务器

配置vlan2DHCP服务器

Switch(config)#ipdhcp pool vlan2

Switch(dhcp-config)#default-router192.168.1.254

Switch(dhcp-config)#dns-server1.1.1.1

Switch(dhcp-config)#network192.168.1.0 255.255.255.0

Switch(dhcp-config)#exit

配置vlan3DHCP服务器

Switch(config)#ipdhcp pool vlan3

Switch(dhcp-config)#default-router192.168.2.254

Switch(dhcp-config)#dns-server2.2.2.2

Switch(dhcp-config)#network192.168.2.0 255.255.255.0

Switch(dhcp-config)#exit

配置vlan4DHCP服务器

Switch(config)#ipdhcp pool vlan4

Switch(dhcp-config)#default-router192.168.3.254

Switch(dhcp-config)#dns-server3.3.3.3

Switch(dhcp-config)#network192.168.3.0 255.255.255.0

Switch(dhcp-config)#exit

开启三层交换机路由功能

ip routing

到这里所有的vlan间的电脑已经能够相互ping通了，但是还是不能访问互联网，因为路由还没有

配置完成