1.在接入層交換機上劃分vlan,核心交換機設置vlanif網關
[SW2]vlan batch 10 20
[SW2-Ethernet0/0/2]port link-type access
[SW2-Ethernet0/0/2]port default vlan 10
[SW2-Ethernet0/0/3]port link-type access
[SW2-Ethernet0/0/3]port default vlan 20
[SW2-Ethernet0/0/1]port link-type trunk
[SW2-Ethernet0/0/1]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1]vlan batch 10 20
[SW1]int Vlanif 10
[SW1-Vlanif10]ip add 172.16.10.254 24
[SW1-Vlanif10]int Vlanif 20
[SW1-Vlanif20]ip add 172.16.20.254 24
2.使用OSPF協議連通核心交換機和出口路由器
[SW1]vlan 100
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 100
[SW1]int Vlanif 100
[SW1-Vlanif100]ip add 10.1.1.2 24
[SW1-ospf-1-area-0.0.0.0]network 10.1.1.2 0.0.0.0
[AR1-GigabitEthernet0/0/1]ip add 10.1.1.1 24
[AR1-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0
3.出口路由器使用默認路由連接Internet
[AR1-GigabitEthernet0/0/0]ip add 200.1.1.1 24
[AR1]ip route-static 0.0.0.0 0.0.0.0 200.1.1.2
[Internet-GigabitEthernet0/0/0]ip add 200.1.1.2 24
[Internet]ip route-static 172.16.0.0 255.255.0.0 200.1.1.1
4.核心交換機配置默認路由和出口路由器配置回包路由
[SW1]ip route-static 0.0.0.0 0.0.0.0 10.1.1.1
[AR1]ip route-static 172.16.0.0 255.255.0.0 10.1.1.2
5.配置基於地址池的NAT轉換
[AR1]nat address-group 1 200.1.1.10 200.1.1.50 //配置地址池
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255 //通過ACL抓取外出路由
[AR1-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat //在接口應用NAT轉換(加NO-PAT表示不轉換接口)
[AR1]display nat address-group //查看NAT地址池
[AR1]display nat outbound //查看地址轉換
- PC可以ping通外網,在AR1的G0/0/0口抓包也看不到內網IP,配置成功。
![小於500人且有vlan劃分、分層和使用路由協議的網絡設計與配置]()
