网络拓扑配置(内网-外网)
配置流程
内网二层交换机的配置
- 改名
switch(config)#hostname s2
- 建立vlan
s2(config)#vlan 100
s2(config)#vlan 200
s2(config)#vlan 1
- 设置互联地址
int vlan 1
ip address 172.16.1.1 255.255.255.0
no shutdown
- 设置接口类型
int fa0/1
switchport mode trunk
switchport trunk allowed vlan all
int fa0/2
switchport access vlan 100
int fa0/3
switchport access vlan 200
- 设置默认网关
ip default-gatway 172.16.1.2 !默认网关不需要掩码
- 保存配置
s2#write
内网三层交换机的配置
- 改名
switch(config)#hostname s1
- 建立vlan
vlan 100
vlan 200
vlan 300
vlan 1
vlan 2
- 设置互联地址
int vlan 1
ip address 172.16.1.2 255.255.255.0
no shutdown
- 设置接口类型
int fa0/2
switchport mode trunk
switchport trunk allowed vlan all
int fa0/1
switchport access vlan 2
int fa0/3
switchport access vlan 300
int fa0/4
switchport access vlan 300
- 设置用户网关
int vlan 100
ip address 192.168.1.10 255.255.255.0
no shutdown
int vlan 200
ip address 192.168.2.10 255.255.255.0
no shutdown
int vlan 300
ip address 10.1.1.126 255.255.255.128
no shutdown
- 设置默认路由
ip route 0.0.0.0 0.0.0.0 172.16.2.1
- 保存配置
s2#write
路由器R1的配置(内网路由器)
使用静态路由协议
- 设置接口地址 C
int fa0/0
ip address 172.16.2.1 255.255.255.0
int fa0/1
ip address 172.16.3.1 255.255.255.0
- 设置静态路由(指向内网)
ip route 192.168.1.0 255.255.255.0 172.16.2.2
ip route 192.168.2.0 255.255.255.0 172.16.2.2
ip route 10.1.1.0 255.255.255.128 172.16.2.2
ip route 0.0.0.0 0.0.0.0 172.16.3.2 (指向外网)
1. 建立nat 地址池
- 建立nat 地址池
ip nat pool abc 10.1.1.128 10.1.1.254 netmask 255.255.255.128
2.建立 ACL
access-list 10 permit 192.168.2.0 0.0.0.255
3.建立 NAT 和 ACL 关联
ip nat inside source list 10 pool abc
4.应用到端口
int fa0/1
ip nat outside
int fa0/0
ip nat inside
2.设置 ACL
- 建立规则
access-list 101 deny tcp 192.168.2.0 0.0.0.255 host 10.10.10.1 eq 21
access-list 101 deny tcp 192.168.2.0 0.0.0.255 any eq 8000
access-list 101 deny udp 192.168.2.0 0.0.0.255 any eq 4000
access-list 101 permit ip any any
- 应用规则到端口
int fa0/0
ip access-group 101 in
路由器R2的配置(外网路由器)
- 配置接口地址
int fa0/0
ip address 172.16.3.2 255.255.255.0
no shutdown
int fa0/1
ip address 10.10.10.254 255.255.255.0
no shutdown
2.静态路由
ip route 10.1.1.0 255.255.255.0 172.16.3.1
255.255.255.0 包括公网服务器地址和nat地址池地址
- 保存配置
write