R1是公司出口路由器(私網),R2是運營商的路由器(公網)
SW1配置:
[Huawei]sysname SW1
[SW1]vlan batch 10 20
[SW1]int e0/0/1
[SW1-Ethernet0/0/1]port hybrid pvid vlan 10
[SW1-Ethernet0/0/1]port hybrid untagged vlan 10
[SW1-Ethernet0/0/1]int e0/0/2
[SW1-Ethernet0/0/2]port hybrid pvid vlan 10
[SW1-Ethernet0/0/2]port hybrid untagged vlan 10
[SW1-Ethernet0/0/2]int e0/0/3
[SW1-Ethernet0/0/3]port hybrid pvid vlan 20
[SW1-Ethernet0/0/3]port hybrid untagged vlan 20
[SW1-Ethernet0/0/3]int e0/0/4
[SW1-Ethernet0/0/4]port hybrid pvid vlan 20
[SW1-Ethernet0/0/4]port hybrid untagged vlan 20
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port hybrid tagged vlan 10 20
R1配置:(做單臂路由)
[Huawei]sysname R1
[R1]int g0/0/0.10
[R1-GigabitEthernet0/0/0.10]dot1q termination vid 10
[R1-GigabitEthernet0/0/0.10]ip add 192.168.10.1 24
[R1]dhcp enable
[R1]int g0/0/0.10
[R1-GigabitEthernet0/0/0.10]dhcp select interface
[R1-GigabitEthernet0/0/0.10]arp broadcast enable
[R1-GigabitEthernet0/0/0.10]int g0/0/0.20
[R1-GigabitEthernet0/0/0.20]dot1q termination vid 20
[R1-GigabitEthernet0/0/0.20]ip add 192.168.20.1 24
[R1-GigabitEthernet0/0/0.20]arp broadcast enable
[R1-GigabitEthernet0/0/0.20]dhcp select interface
給R1另一個接口配IP地址
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[R1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2
NAT(靜態,動態,PAT)
靜態是指一對一
一個私網地址需要一個公網來映射它
R2配置:(要全網互通,R2不可能知道私網的地址)
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.0.0.2 24
在R1上配置NAT
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 12.0.0.1 255.255.255.0
[R1-GigabitEthernet0/0/1]nat static global 8.8.8.8 inside 192.168.10.254 netmask 255.255.255.255(在出口處做一條靜態NAT使內部地址192.168.10.254轉換爲8.8.8.8)
[R2]ip route-static 8.8.8.8 32 12.0.0.1(在公網設備上指一條到達NAT轉換後的內部全局地址12.0.0.1的路由)
這樣就可以實現全網互通了。