VLAN间路由与NAT实验，包教包会 / 开普饭

一、实验拓扑图.

二、基本配置

根本拓扑配置SW1、SW2、SW3的基本配置，包括VLAN、Trunk、管理地址与网关，确保VLAN间可以通信。

1、配置SW1

1）配置VLAN与命名VLANvlan 10name Connect.To.R1vlan 11name ITvlan 12name Salesvlan 13name HR

2）配置所有access接口为快速接口

spanning-tree portfast default

3）配置SW1为生成对的根

spanning-tree vlan 1,10-13 root primary

4）配置access接口，添加到VLAN11

interface FastEthernet0/1switchport access vlan 11switchport mode access

5）配置Trunk接口

interface FastEthernet0/2switchport trunk encapsulation dot1qswitchport mode trunk

interface FastEthernet0/4switchport trunk encapsulation dot1qswitchport mode trunk

interface FastEthernet0/24description ##Connect To R1##switchport access vlan 10switchport mode access

6）配置VLAN间路由

配置核心交换机SW1三层接口地址，作为每个VLAN的网关，实现VLAN间路由。

interface Vlan1 ip address 10.1.1.254 255.255.255.0interface Vlan10 ip address 10.1.10.254 255.255.255.0interface Vlan11 ip address 10.1.11.254 255.255.255.0interface Vlan12 ip address 10.1.12.254 255.255.255.0interface Vlan13ip address 10.1.13.254 255.255.255.0

7）配置SW1默认路由

ip route 0.0.0.0 0.0.0.0 10.1.10.253

2、配置SW2

vlan 11name ITvlan 12name Salesvlan 13name HRspanning-tree portfast defaultinterface FastEthernet0/1switchport access vlan 12switchport mode accessinterface FastEthernet0/2switchport mode trunkinterface FastEthernet0/12switchport mode trunkinterface vlan 1ip address 10.1.1.12 255.255.255.0no shutip default-gateway 10.1.1.254

3、配置SW3

vlan 11name ITvlan 12name Salesvlan 13name HRspanning-tree portfast defaultinterface FastEthernet0/1switchport access vlan 13 switchport mode accessinterface FastEthernet0/4 switchport mode trunkinterface FastEthernet0/12 switchport mode trunkinterface vlan 1ip address 10.1.1.13 255.255.255.0no shutip default-gateway 10.1.1.254

三、配置R1

interface FastEthernet0/0  description ##Connect To SW1##  ip address 10.1.10.253 255.255.255.0  no shutinterface serial0/1/0  description ##Connect To Internet##  ip address 12.1.1.1 255.255.255.0  no shutip route 10.1.0.0 255.255.0.0 10.1.10.254    //R1回内部VLAN的回程路由ip route 0.0.0.0 0.0.0.0 12.1.1.2  //到Internet的默认路由

1、配置PAT-方法1

目标：所有VLAN用户地址转换为外网口Serial0/1/0 IP地址

1）配置ACL

access-list 100 permit ip 10.1.1.0 0.0.0.255 anyaccess-list 100 permit ip 10.1.10.0 0.0.0.255 anyaccess-list 100 permit ip 10.1.11.0 0.0.0.255 anyaccess-list 100 permit ip 10.1.12.0 0.0.0.255 anyaccess-list 100 permit ip 10.1.13.0 0.0.0.255 any

2）配置ACL关联外网口，关键字overload

ip nat inside source list 100 interface serial0/1/0 overload

3）配置inside和outside接口

interface FastEthernet0/0ip nat insideinterface serial0/1/0ip nat outside

2、配置PAT-方法2

目标：不同VLAN用户地址转换为不同地址池地址

1）配置ACL

access-list 110 permit ip 10.1.1.0 0.0.0.255 anyaccess-list 110 permit ip 10.1.10.0 0.0.0.255 anyaccess-list 111 permit ip 10.1.11.0 0.0.0.255 anyaccess-list 112 permit ip 10.1.12.0 0.0.0.255 anyaccess-list 113 permit ip 10.1.13.0 0.0.0.255 any

2）配置地址池

ip nat pool vlan1and10pool 12.1.1.110 12.1.1.110 netmask 255.255.255.0ip nat pool vlan11pool 12.1.1.111 12.1.1.111 netmask 255.255.255.0ip nat pool vlan12pool 12.1.1.112 12.1.1.112 netmask 255.255.255.0ip nat pool vlan13pool 12.1.1.113 12.1.1.113 netmask 255.255.255.03）配置ACL与地址池关联ip nat inside source list 110 pool vlan1andpool overloadip nat inside source list 111 pool vlan11pool overloadip nat inside source list 112 pool vlan12pool overloadip nat inside source list 113 pool vlan13pool overload

3、配置PAT-方法3

目标：所有VLAN用户地址转换为同一个地址池地址

1）配置ACLaccess-list 100 permit ip 10.1.0.0 0.0.255.255 any2）配置地址池ip nat pool natpool 12.1.1.110 12.1.1.113 netmask 255.255.255.03）配置ACL和地址池关联ip nat inside source list 100 pool natpool overload

四、配置R2和PCA 作为Internet

1、配置R2

interface serial0/0 ip address 12.1.1.2 255.255.255.0no shutinterface e0/0 ip address 100.1.1.254 255.255.255.0no shutinterface loopback0 ip address 2.2.2.2 255.255.255.255

2、配置PCA的IP地址和网关

[cisco@pca ~]$ ifconfig eth0 100.1.1.1 netmask 255.255.255.0 up[cisco@pca ~]$ route add default gw 100.1.1.254

五、测试

1、在PC1上Ping测试到PC2 PC3 VLAN间的通信2、在PC1上Ping 测试到Internet 2.2.2.2通信

end

VLAN间路由与NAT实验，包教包会

相关推荐