思科三层交换环境的管理VLAN+NAT

接入层交换机配置

!
version 15.0
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname AS
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/2
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet0/3
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan255
 ip address 192.168.255.1 255.255.255.0
!
ip default-gateway 192.168.255.254
!
!
line con 0
!
line vty 0 4
 password 1234
 login
line vty 5 15
 login
!
!
end

汇聚层交换机配置

!
version 12.2(37)SE1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname CO
!
ip routing
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/2
 no switchport
 ip address 192.168.99.1 255.255.255.0
 duplex auto
 speed auto
!
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 mac-address 0060.3e9c.dc01
 ip address 192.168.10.254 255.255.255.0
!
interface Vlan20
 mac-address 0060.3e9c.dc02
 ip address 192.168.20.254 255.255.255.0
!
interface Vlan255
 mac-address 0060.3e9c.dc03
 ip address 192.168.255.254 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.99.2 
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
end

出口网关路由器

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
ip cef
no ipv6 cef
!
spanning-tree mode pvst
!
interface FastEthernet0/0
 ip address 192.168.99.2 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 202.101.100.1 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip classless
ip route 192.168.0.0 255.255.0.0 192.168.99.1 
ip route 0.0.0.0 0.0.0.0 202.101.100.2 
!
ip flow-export version 9
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end

ISP路由器

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ISP
!
ip cef
no ipv6 cef
!
spanning-tree mode pvst
!
interface Loopback0
 ip address 8.8.8.8 255.255.255.255
!
interface FastEthernet0/0
 ip address 202.101.100.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end

PC配置

静态配置IP和网关

注意事项

二层接入交换机记得配网关，不然无法回包；

三层交换机与出口网关之间启用三层链路，隔绝广播；

三层交换机记得开启路由功能，学习直连网段，否则VLAN间无法互访；