vlan batch 10 20
int e0/0/2
port link-type access
port default vlan 10
int e0/0/1
port link-type access
port default vlan 20
int e0/0/3
port link-type trunk
port trunk allow-pass vlan all
int g0/0/0
ip add 192.168.200.1 24
ip route 0.0.0.0 0 192.168.200.2
三层交换机(路由转发默认关闭)
复制代码
vlan batch 10 20 100 200
int vlan 10
ip add 192.168.10.254 24
int vlan 20
ip add 192.168.20.254 24
int vlan 100
ip add 192.168.100.254 24
int vlan 200
ip add 192.168.200.254 24
port-group group-member g0/0/3 g0/0/1 g0/0/2
port link-type trunk
port trunk allow-pass vlan all
dhcp enable
int vlan 10
dhcp select relay
dhcp relay server-ip 192.168.100.1
IP route 0.0.0.0 0 192.168.201.2
DHCP路由器
复制代码
int g0/0/0
ip add 192.168.100.1 24
dhcp enable
ip pool vlan10
network 192.168.10.0 mask 24
gateway-list 192.168.10.254
dns-list 192.168.100.2
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254
int ga0/0/0
dhcp select global (在 ga0/0/0上启用 DHCP 服务,并指定使用 "全局地址池" 为客户端分配 IP 地址)
外网设备
边缘路由(华为不加东西为PAT与Cisco相反)
复制代码
配接口地址
ip route 0.0.0.0 0 55.0.0.2
ip route 192.168.10.0 24 192.168.201.1
ip route 192.168.20.0 24 192.168.201.1
ip route 192.168.100.0 24 192.168.201.1
ip route 192.168.200.0 24 192.168.201.1
acl 2000
acl number 2000
rule 10 permit source 192.168.10.0 0.0.0.255
rule 20 permit source 192.168.20.0 0.0.0.255
int g0/0/1
nat outbound 2000 (出接口配置,因为先ACL过滤) -->第一种动态方法
nat address-group 1 55.0.0.5 55.0.0.8 (地址族1) 、
int g0/0/1
nat outbound 2000 address-group 1 (最后若加no-pat,则为nat) -->第二种动态方法
int g0/0/1
nat static global 55.0.0.9 inside 192.168.100.3 -->第三种方法,这样浏览不需要带上端口
int g0/0/1
nat static protocol tcp global 55.0.0.9 80 inside 192.168.100.3 80 -->第四种方法,但公网端口必须和内网端口一样,不然nat转换不了端口,需要带端口
dis nat session protocol icmp
然后ping,就可以看到nat的转换
最后一个路由
复制代码
配接口地址
公网交换机
复制代码
vlan 56
port-group group-member e0/0/2 e0/0/3 e0/0/1
port link-type access
port default vlan 56
