实验拓扑:
需求:
1. PC9与PC10分别在VLAN10、20网段中,两网段能互通,并且使用dhcp获取地址
2. 设置SW6、SW7的管理VLAN为255段(192.168.255.0/24),并且VLAN10、20能Telnet 到两台交换机
3. VLAN30的用户能与总部的用户互相访问
4. 3台PC通过NAT访问Internet外部网络
5. R1与R2设置为PPP拨号模式上网
6. 在R1外部网络上能Telnet到公司内部dhcp服务器的80端口
配置如下:
Ser_DHCP:
Ser_DHCP#conf t
Ser_DHCP(config)#no ip routing
Ser_DHCP(config)#int e0/0
Ser_DHCP(config-if)#ip add 192.168.200.1 255.255.255.0
Ser_DHCP(config-if)#no sh
Ser_DHCP(config-if)#ex
Ser_DHCP(config)#ip dhcp pool vlan10
Ser_DHCP(dhcp-config)#network 192.168.10.0 255.255.255.0
Ser_DHCP(dhcp-config)#default-router 192.168.10.254
Ser_DHCP(dhcp-config)#ex
Ser_DHCP(config)#ip dhcp pool vlan20
Ser_DHCP(dhcp-config)#network 192.168.20.0 255.255.255.0
Ser_DHCP(dhcp-config)#default-router 192.168.20.254
Ser_DHCP(dhcp-config)#ex
Ser_DHCP(config)#ip default-gateway 192.168.200.254
Ser_DHCP(config)#ip dhcp excluded-address 192.168.10.200 192.168.10.254
Ser_DHCP(config)#ip dhcp excluded-address 192.168.20.200 192.168.20.254
SW1_2960:
SW1_2960(config)#no ip routing
SW1_2960(config)#vlan 10,20,200,255
SW1_2960(config-vlan)#ex
SW1_2960(config)#int vlan 255
SW1_2960(config-if)#ip add 192.168.255.252 255.255.255.0
SW1_2960(config-if)#no sh
SW1_2960(config-if)#ex
SW1_2960(config)#int e0/1
SW1_2960(config-if)#switchport access vlan 10
SW1_2960(config-if)#switchport mode access
SW1_2960(config-if)#int e0/2
SW1_2960(config-if)#switchport access vlan 200
SW1_2960(config-if)#switchport mode access
SW1_2960(config-if)#ex
SW1_2960(config)#interface e0/0
SW1_2960(config-if)#switchport trunk encapsulation dot1q
SW1_2960(config-if)#switchport mode trunk
SW1_2960(config-if)#ex
SW1_2960(config)#username admin password 123456
SW1_2960(config)#ip default-gateway 192.168.255.254
SW1_2960(config)#enable password 123456
SW1_2960(config)#line vty 0 2
SW1_2960(config-line)#password 456789
SW1_2960(config-line)#login local
SW1_2960(config)#service password-encryption
SW2_2960:
SW2_2960#conf t
SW2_2960(config)#no ip routing
SW2_2960(config)#vlan 10,20,200,255
SW2_2960(config-vlan)#ex
SW2_2960(config)#int vlan 255
SW2_2960(config-if)#ip add 192.168.255.253 255.255.255.0
SW2_2960(config-if)#no sh
SW2_2960(config-if)#ex
SW2_2960(config)#
SW2_2960(config)#int e0/0
SW2_2960(config-if)#switchport trunk encapsulation dot1q
SW2_2960(config-if)#switchport mode trunk
SW2_2960(config-if)#int e0/1
SW2_2960(config-if)#switchport access vlan 20
SW2_2960(config-if)#switchport mode access
SW2_2960(config-if)#ex
SW2_2960(config)#int e0/2
SW2_2960(config-if)#switchport trunk encapsulation dot1q
SW2_2960(config-if)#switchport mode trunk
SW2_2960(config-if)#ex
SW2_2960(config)#enable password 123456
SW2_2960(config)#line vty 0 2
SW2_2960(config-line)#password 456789
SW2_2960(config-line)#login local
SW2_2960(config-line)#exit
SW1_2960(config)#username admin password 123456
SW2_2960(config)#service password-encryption
SW2_2960(config)#ip default-gateway 192.168.255.254
SW2_2960(config)#
OR_ZB:
OR_ZB#conf t
OR_ZB(config)#int e0/2
OR_ZB(config-if)#no sh
OR_ZB(config-if)#ex
OR_ZB(config)#int e0/2.10
OR_ZB(config-subif)#encapsulation dot1Q 10
OR_ZB(config-subif)#ip add 192.168.10.254 255.255.255.0
OR_ZB(config-subif)# ip helper-address 192.168.200.1 #DHCP中继,不然10段网络用户无法获取ip
OR_ZB(config-subif)#no sh
OR_ZB(config-subif)#ex
OR_ZB(config)#int e0/2.20
OR_ZB(config-subif)#encapsulation dot1Q 20
OR_ZB(config-subif)#ip add 192.168.20.254 255.255.255.0
OR_ZB(config-subif)# ip helper-address 192.168.200.1 #DHCP中继,不然20段网络用户无法获取ip
OR_ZB(config-subif)#no sh
OR_ZB(config-subif)#ex
OR_ZB(config)#int e0/2.200
OR_ZB(config-subif)#encapsulation dot1Q 200
OR_ZB(config-subif)#ip add 192.168.200.254 255.255.255.0
OR_ZB(config-subif)#no sh
OR_ZB(config-subif)#ex
OR_ZB(config)#int e0/2.255
OR_ZB(config-subif)#encapsulation dot1Q 255
OR_ZB(config-subif)#ip add 192.168.255.254 255.255.255.0
OR_ZB(config-subif)#no sh
OR_ZB(config-subif)#ex
OR_ZB(config)#int s2/0
OR_ZB(config-if)#ip add 59.39.177.2 255.255.255.252
OR_ZB(config-if)#no sh
OR_ZB(config-if)#ex
OR_ZB(config)#int s2/1
OR_ZB(config-if)#no sh
OR_ZB(config-if)#encapsulation frame-relay #启用帧中继
OR_ZB(config-if)#ip add 192.168.250.1 255.255.255.252
OR_ZB(config-if)#frame-relay map ip 192.168.250.2 101 BRoadcast #设置静态映射条目
OR_ZB(config)#ip route 192.168.30.0 255.255.255.0 192.168.250.2
OR_ZB(config)#ip route 0.0.0.0 0.0.0.0 59.39.177.1
OR_ZB(config)#access-list 10 permit 192.168.10.0 0.0.0.255
OR_ZB(config)#access-list 10 permit 192.168.20.0 0.0.0.255
OR_ZB(config)#access-list 10 permit 192.168.30.0 0.0.0.255
OR_ZB(config)#ip nat inside source list 10 interface serial 2/0 overload #设置NAT上网
OR_ZB(config)#int e0/2.10
OR_ZB(config-subif)#ip nat inside
OR_ZB(config-subif)#int e0/2.20
OR_ZB(config-subif)#ip nat inside
OR_ZB(config-subif)#int e0/2.200
OR_ZB(config-subif)#ip nat inside
OR_ZB(config-subif)#ex
OR_ZB(config)#int s2/0
OR_ZB(config-if)#ip nat outside
OR_ZB(config)#int s2/0
OR_ZB(config-if)#encapsulation ppp #启用PPP拨号
OR_ZB(config-if)#ppp pap sent-username internetzb password test3389
OR_ZB(config-if)#
OR_ZB(config)#ip nat inside source static tcp 192.168.200.1 80 59.39.177.4 8080 #nat端口映射
Frame_SW:
Frame_SW#conf t
Frame_SW(config)#no ip routing
Frame_SW(config)#frame-relay switching
Frame_SW(config)#int s2/1
Frame_SW(config-if)#encapsulation frame-relay
Frame_SW(config-if)#no sh
Frame_SW(config-if)#clock rate threshold 64000
Frame_SW(config-if)#frame-relay intf-type dce
Frame_SW(config-if)#frame-relay route 101 interface serial 2/2 201 #设置dlci映射条目
Frame_SW(config-if)#ex
Frame_SW(config)#int s2/2
Frame_SW(config-if)#encapsulation frame-relay
Frame_SW(config-if)#clock rate th 64000
Frame_SW(config-if)#frame-relay intf-type dce
Frame_SW(config-if)#no sh
Frame_SW(config-if)#frame-relay route 201 interface serial 2/1 101 #设置dlci映射条目
Frame_SW(config-if)#ex
OR_GZ:
OR_GZ#conf t
OR_GZ(config)#int s2/1
OR_GZ(config-if)#no sh
OR_GZ(config-if)#ip add 192.168.250.2 255.255.255.252
OR_GZ(config-if)#encapsulation frame-relay
OR_GZ(config-if)#no frame-relay inverse-arp
OR_GZ(config-if)#frame-relay map ip 192.168.250.1 201 broadcast #设置dlci映射条目
OR_GZ(config-if)#ex
SW3_2960:
SW3_2960(config)#no ip routing
W3_2960(config)#int vlan 1
SW3_2960(config-if)#ip add 192.168.30.251 255.255.255.0
PC3:
PC3(config)#no ip routing
PC3(config)#int e0/0
PC3(config-if)#ip add 192.168.30.100 255.255.255.0
PC3(config)#IP DEFAult-GAteway 192.168.30.254
PC1:
PC1#conf t
PC1(config)#no ip routing
PC1(config)#int e0/0
PC1(config-if)#no sh
PC1(config-if)#ip add dhcp
PC1(config-if)#
*Jun 10 01:30:09.713: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.10.3, mask 255.255.255.0, hostname PC1
PC2:
PC2#conf t
PC2(config-if)#int e0/0
PC2(config-if)#no shut
PC2(config-if)#ip add dhcp
PC2(config-if)#ex
PC2(config)#no ip routing
*Jun 10 01:40:46.835: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.20.1, mask 255.255.255.0, hostname PC2
Internet:
Internet#conf t
Internet(config)#int s2/0
Internet(config-if)#no shut
Internet(config-if)#ip add 59.39.177.1 255.255.255.253
Internet(config-if)#ip add 59.39.177.1 255.255.255.252
Internet(config-if)#int lo 1
Internet(config-if)#ip add 114.114.114.114 255.255.255.255
Internet(config-if)#no shut
Internet(config-if)#ex
Internet(config)#username internetzb password test3389
Internet(config)#int s2/0
Internet(config-if)#encapsulation ppp
Internet(config-if)#clock rate threshold 64000
Internet(config-if)#ppp authentication pap
结果:
Internet#telnet 59.39.177.4 8080
Trying 59.39.177.4, 8080 ... Open
PC3#ping 114.114.114.114
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 114.114.114.114, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 26/31/40 ms
PC3#ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/26 ms
PC3#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/22/28 ms
PC2#ping 114.114.114.114
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 114.114.114.114, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/12 ms
PC1#ping 114.114.114.114
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 114.114.114.114, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/15/21 ms
原文地址:http://blog.51cto.com/wangkj/2126882