| 一个规模较小的单位,用的是D-Link的设备,结构图如下:
其思路主要是在设置好路由器DI-602HB+,这个路由器有3个端口,我把其中的一个千兆端口G2连接了外网,把其他的2个端口G1(千兆),FA1(100M)连接了三层交换机,路由情况配置如下:
R1#sh run
Building configuration...
Current configuration:
!
service timestamps log date
service timestamps debug date
no service password-encryption
!
hostname R1
!
!
ip domain name-server address 219.150.32.132
ip domain name-server address 218.30.64.97
!
!
isdn switch-type basic-5ess
!
aaa authentication login default line
aaa authentication enable default enable line
!
enable password 0 ********** level 15
interface FastEthernet0/0
ip address 172.168.13.2 255.255.255.0 //连接三层交换机器的一个端口IP
no ip directed-broadcast
ip nat inside
!
interface GigaEthernet0/1
ip address 192.168.10.2 255.255.255.0 //连接三层交换机的一个端口IP
no ip directed-broadcast
ip nat inside
!
interface GigaEthernet0/2
ip address 202.96.64.51 255.255.255.0 //电信给我们的一个IP
no ip directed-broadcast
ip nat outside
!
interface Async0/0
no ip address
no ip directed-broadcast
!
!
!
line vty 0
password 0 **********
!
line vty 1
password 0 **********
!
line vty 2
password 0 **********
!
line vty 3
password 0 **********
!
line vty 4
password 0 **********
!
line vty 5
password 0 **********
!
!
!
!
ip route default 202.96.64.49
ip route 192.168.0.0 255.255.255.0 172.168.13.1
ip route 192.168.1.0 255.255.255.0 172.168.13.1
ip route 192.168.2.0 255.255.255.0 172.168.13.1
ip route 192.168.4.0 255.255.255.0 172.168.13.1
ip route 192.168.5.0 255.255.255.0 172.168.13.1
ip route 192.168.6.0 255.255.255.0 172.168.13.1
ip route 192.168.30.0 255.255.255.0 192.168.10.1
ip route 192.168.50.0 255.255.255.0 192.168.10.1
ip route 192.168.100.0 255.255.255.0 192.168.10.1
ip route 192.168.150.0 255.255.255.0 192.168.10.1
ip route 192.168.170.0 255.255.255.0 192.168.10.1
ip route 192.168.200.0 255.255.255.0 192.168.10.1
!
!
!
ip access-list extended NAT_2008
permit ip any any
!
!
!
!
ip nat service privateservice
ip nat outside destination static tcp 202.96.64.51 80 192.168.100.254 80
ip nat outside destination static tcp 202.96.64.51 21 192.168.100.254 21
ip nat inside source static tcp 192.168.100.254 80 202.96.64.51 80
ip nat inside source static tcp 192.168.100.254 21 202.96.64.51 21
ip nat inside source static tcp 192.168.100.254 5631 202.96.64.51 5631
ip nat inside source static tcp 192.168.100.254 5632 202.96.64.51 5632
ip nat inside source list NAT_2008 interface GigaEthernet0/2
!
需要注意的是这段代码:
ip route default 202.96.64.49 //这个电信给你的网关
ip route 192.168.0.0 255.255.255.0 172.168.13.1
//192.168.0.0是你三层交换机下连接的网段,172.168.13.1是交换机上的一个虚端口的IP
ip route 192.168.1.0 255.255.255.0 172.168.13.1
ip route 192.168.2.0 255.255.255.0 172.168.13.1
ip route 192.168.4.0 255.255.255.0 172.168.13.1
ip route 192.168.5.0 255.255.255.0 172.168.13.1
ip route 192.168.6.0 255.255.255.0 172.168.13.1
ip route 192.168.30.0 255.255.255.0 192.168.10.1
ip route 192.168.50.0 255.255.255.0 192.168.10.1
//192.168.50.0也是你三层交换机连接的的一个网段,192.168.10.1也是交换机上的一个虚端口IP.
ip route 192.168.100.0 255.255.255.0 192.168.10.1
ip route 192.168.150.0 255.255.255.0 192.168.10.1
ip route 192.168.170.0 255.255.255.0 192.168.10.1
ip route 192.168.200.0 255.255.255.0 192.168.10.1
而最后的是代码:
ip nat service privateservice //开启回流,否则内网不可以用域名访问自己的主机。
ip nat outside destination static tcp 202.96.64.51 80 192.168.100.254 80
ip nat outside destination static tcp 202.96.64.51 21 192.168.100.254 21
ip nat inside source static tcp 192.168.100.254 80 202.96.64.51 80
ip nat inside source static tcp 192.168.100.254 21 202.96.64.51 21
ip nat inside source static tcp 192.168.100.254 5631 202.96.64.51 5631
ip nat inside source static tcp 192.168.100.254 5632 202.96.64.51 5632
是你要对外发布的服务。
以上是路由器的配置,交换机上我只做了简单内容:
划分VLAN,并且在交换机上也要指定路由,其实就是在交换机和路由器上要互相指定路由,
比如我的是:
ip route default 192.168.10.2 //192.168.10.2正好要对应路由器上的端口IP 。
查找更多思科认证考试复习资料请登陆:考资网(www.kaozi.com) |
