CCNA--LAB-11:配置單臂路由(企業經典案例)

版權聲明：原創作品，允許轉載，轉載時請務必以超鏈接形式標明文章 原始出處 、作者信息和本聲明。否則將追究法律責任。http://justim.blog.51cto.com/740099/243083

什麼是單臂路由: 爲什麼要用到單臂路由。VLAN（虛擬局域網）技術是路由交換中非常基礎的技術。在網絡管理實踐中，通過在交換機上劃分適當數目的vlan，不僅能有效隔離廣播風暴，還能提高網絡安全係數及網絡帶寬的利用效率。劃分vlan之後，vlan與vlan之間是不能通信的， 要想使不同VLAN裏的主機互訪就得使用VLAN間路由技術。在考慮成本的情況下我們一般選擇單臂路由，單臂路由需要一臺交換機和一臺路由器來共同實現。

 

 

拓撲如下：

 

實驗目的：接口信息以及IP地址規劃如拓撲所示，PC1——PC3分別屬於VLAN1——VLAN3，

運用單臂路由與NAT的結合，最終使得用戶之間能夠互相訪問，使企業內部全部能夠訪問因特網。

 

 

具體配置：

 

R1：
 
Router>
Router>en
Router#conf t
Router(config)#hostname R1
R1(config)#interface f0/0
R1(config-if)#no sh     --首先把物理接口激活，其它子接口就不用再激活
R1(config)#interface f0/0.1    --進入子接口模式
R1(config-subif)#encapsulation dot1Q 1     --對VLAN1進行封裝DOT1Q
R1(config-subif)#ip address 192.168.1.254 255.255.255.0
R1(config-subif)#exit
R1(config)#interface f0/0.2     --進入子接口模式
R1(config-subif)#encapsulation dot1Q 2     --對VLAN2進行封裝DOT1Q
R1(config-subif)#ip address 192.168.2.254 255.255.255.0
R1(config-subif)#exit
R1(config)#interface f0/0.3     --進入子接口模式
R1(config-subif)#encapsulation dot1Q 3     --對VLAN3進行封裝DOT1Q
R1(config-subif)#ip address 192.168.3.254 255.255.255.0
R1(config-subif)#exit
R1(config)#interface f0/1
R1(config-if)#ip address 218.87.18.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255     --定義允許的流量
R1(config)#access-list 1 permit 192.168.2.0 0.0.0.255
R1(config)#access-list 1 permit 192.168.3.0 0.0.0.255
R1(config)#ip nat inside source list 1 interface f0/1 overload
--定義符合訪問控制列表1的流量向F0/1口轉發
R1(config)#interface f0/0.1
R1(config-subif)#ip nat inside   --定義內部接口
R1(config-subif)#interface f0/0.2
R1(config-subif)#ip nat inside
R1(config-subif)#interface f0/0.3
R1(config-subif)#ip nat inside
R1(config-subif)#exit
R1(config-if)#interface f0/1
R1(config-if)#ip nat outside    --定義外部接口
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 218.87.18.2    --默認路由指向ISP
R1(config-if)#end
R1#
 
 
 
 
SW1：
 
Switch>
Switch>en
Switch#conf t
Switch(config)#hostname SW1
SW1(config)#vlan 2     --創建VLAN2
SW1(config-vlan)#exit
SW1(config)#vlan 3     --創建VLAN3
SW1(config-vlan)#exit
SW1(config)#interface f0/2
SW1(config-if)#switchport mode access     --端口模式爲ACCESS
SW1(config-if)#switchport access vlan 2    --把當前端口加入到VLAN2
SW1(config-if)#no sh
SW1(config-if)#exit
SW1(config)#interface f0/3
SW1(config-if)#switchport mode access     --端口模式爲ACCESS
SW1(config-if)#switchport access vlan 3    --把當前端口加入到VLAN3
SW1(config-if)#exit
SW1(config)#interface f0/24
SW1(config)#switchport trunk encapsulation dot1q    --把接口封裝爲DOT1Q
SW1(config-if)#switchport mode trunk      --接口模式爲TRUNK（中繼）
SW1(config-if)#no sh
SW1(config-if)#end
SW1#
 
 

ISP:
 
Router>
Router>en
Router#conf t
Router(config)#hostname ISP
ISP(config)#interface f0/1
ISP(config-if)#ip address 218.87.18.2 255.255.255.0
ISP(config-if)#no sh
ISP(config-if)#end
ISP#
 
 
 
3臺PC上分別做驗證：
 
PC1:
 
PC>ipconfig
 
IP Address......................: 192.168.1.1
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.254
 
 
PC>ping 218.87.18.2
 
Pinging 218.87.18.2 with 32 bytes of data:
 
Reply from 218.87.18.2: bytes=32 time=73ms TTL=254
Reply from 218.87.18.2: bytes=32 time=112ms TTL=254
Reply from 218.87.18.2: bytes=32 time=52ms TTL=254
Reply from 218.87.18.2: bytes=32 time=70ms TTL=254
 
Ping statistics for 218.87.18.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 52ms, Maximum = 112ms, Average = 76ms
 
PC>
 

PC>ping 192.168.2.1

Pinging 192.168.2.1 with 32 bytes of data:
 
Reply from 192.168.2.1: bytes=32 time=73ms TTL=254
Reply from 192.168.2.1: bytes=32 time=112ms TTL=254
Reply from 192.168.2.1: bytes=32 time=52ms TTL=254
Reply from 192.168.2.1: bytes=32 time=70ms TTL=254
 
Ping statistics for 192.168.2.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 52ms, Maximum = 112ms, Average = 76ms
 
PC>

PC>ping 192.168.3.1
 
Pinging 192.1683.1 with 32 bytes of data:
 
Reply from 192.168.3.1: bytes=32 time=73ms TTL=254
Reply from 192.168.3.1: bytes=32 time=112ms TTL=254
Reply from 192.168.3.1: bytes=32 time=52ms TTL=254
Reply from 192.168.3.1: bytes=32 time=70ms TTL=254
 
Ping statistics for 192.168.3.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 52ms, Maximum = 112ms, Average = 76ms
 
PC>

-------------------------------------------------------------------------------------

 

PC2:
 
PC>ipconfig
 
IP Address......................: 192.168.2.1
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.254
 
PC>ping 218.87.18.2
 
Pinging 218.87.18.2 with 32 bytes of data:
 
Reply from 218.87.18.2: bytes=32 time=39ms TTL=254
Reply from 218.87.18.2: bytes=32 time=44ms TTL=254
Reply from 218.87.18.2: bytes=32 time=58ms TTL=254
Reply from 218.87.18.2: bytes=32 time=29ms TTL=254
 
Ping statistics for 218.87.18.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 58ms, Average = 42ms
 
PC>
 

 

-------------------------------------------------------------------------------------
 
PC3:
 
PC>ipconfig
 
IP Address......................: 192.168.3.1
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.3.254
 
PC>ping 218.87.18.2
 
Pinging 218.87.18.2 with 32 bytes of data:
 
Reply from 218.87.18.2: bytes=32 time=83ms TTL=254
Reply from 218.87.18.2: bytes=32 time=71ms TTL=254
Reply from 218.87.18.2: bytes=32 time=42ms TTL=254
Reply from 218.87.18.2: bytes=32 time=44ms TTL=254
 
Ping statistics for 218.87.18.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 83ms, Average = 60ms
 
PC>
 
 
總結：
 
本實驗與實際中小企業網絡非常相似，部署單臂路由既節省了成本，又提高了工作效率.