路由器交换机配置

2024年2月21日发(作者：)

要求：

1、使用思科路由器与ISP相连，专线接入。

2、内部网络使用三层交换机，下接若干VLAN；

3、VLAN间不能互访，VLAN通过路由NAT上网

设计思路：

1、

路由器上配置NAT转换，默认路由至ISP，静态路由至三层交换机

2、

三层交换机上划VLAN，实现VLAN间路由，至路由器默认路由；

3、

三层交换机上做ACL列表演，写实现VLAN间互相隔离技术。

PS：

笔者原做过一个华为的中小企业网络结构设计， 有网友许多问题是否可以提供一个思科版式的，因此在参照原来下载的资料中的脚本和拓扑，编写了本文。

本例中基实也可以不要三层交换机，直接在路由器上做单臂也可以。只是不适合复杂的网络和发展。单臂路由的应用以后再起文讨论。

接ISP的可以是电口也可以是串口，本例以串口为例。

不同的二层支持的封装方式不同，我这里使用dot11，可以兼容华为的产品。

在二层配置中也列出了SNMP的配置（其实是我原有的配置中就有，懒得删），可供参考，三层中配置方式基本上一样。

因上传仓促配置出了些错误，在此谢谢“lu_ning78、daocaoren0311 ”的提醒。本文旨在抛砖引玉，

配置文件如下：

一、路由器配置 ROUTER1

Router1#show run

Current configuration : 989 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname router2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

!

!

interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

speed 100

full-duplex

!

interface Serial1/0

ip address 172.16.0.1 255.255.255.0

ip nat outside

ip virtual-reassembly

serial restart-delay 0

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

ip http server

ip route 192.168.0.0 255.255.0.0 192.168.0.2

!

!

ip nat inside source list 101 interface Serial1/0 overload

!

access-list 101 permit ip 192.168.0.0 0.0.255.255 any

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

!

!

End

二、三层交换机SW1

sw1#show run

Current configuration : 1284 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname sw1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

!

interface FastEthernet1/0

!

interface FastEthernet1/1

no switchport

ip address 192.168.0.2 255.255.255.0

!

interface FastEthernet1/2

!

interface FastEthernet1/3

desc to_sw2

speed 100

duplex full

switchport mode trunk

switchport trunk allowed vlan 10

!

!

interface FastEthernet1/4

desc to_sw3

speed 100

duplex full

switchport mode trunk

switchport trunk allowed vlan 20

!

interface FastEthernet1/5

!

interface FastEthernet1/6

!

interface FastEthernet1/7

!

interface FastEthernet1/8

!

interface FastEthernet1/9

!

interface FastEthernet1/10

!

interface FastEthernet1/11

!

interface FastEthernet1/12

!

interface FastEthernet1/13

!

interface FastEthernet1/14

!

interface FastEthernet1/15

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 192.168.10.1 255.255.255.0

ip access-group 101 in

!

interface Vlan20

ip address 192.168.20.1 255.255.255.0

!

no ip http server

ip route 0.0.0.0 0.0.0.0 192.168.0.1

!

!

!

access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 101 permit ip any any

!

!

!

control-plane

!

line con 0

line aux 0

line vty 0 4

!

!

End

三、二层交换机SW2

SW2#show run

Current configuration:

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname sw2

!

enable secret 5 $1$VNwo$L6oFFQa3

enable password 7 130D02131C09

!

!

!

interface FastEthernet0/1

switchport access vlan 10

!

interface FastEthernet0/2

switchport access vlan 10

!

interface FastEthernet0/3

switchport access vlan 10

!

interface FastEthernet0/4

switchport access vlan 10

!

interface FastEthernet0/5

switchport access vlan 10

!

interface FastEthernet0/6

switchport access vlan 10

!

interface FastEthernet0/7

switchport access vlan 10

!

interface FastEthernet0/8

switchport access vlan 10

!

interface FastEthernet0/9

switchport access vlan 10

!

interface FastEthernet0/10

switchport access vlan 10

!

interface FastEthernet0/11

switchport access vlan 10

!

interface FastEthernet0/12

switchport access vlan 10

!

interface FastEthernet0/13

switchport access vlan 10

!

interface FastEthernet0/14

switchport access vlan 10

!

interface FastEthernet0/15

switchport access vlan 10

!

interface FastEthernet0/16

switchport access vlan 10

!

interface FastEthernet0/17

switchport access vlan 10

!

interface FastEthernet0/18

switchport access vlan 10

!

interface FastEthernet0/19

switchport access vlan 10

interface FastEthernet0/20

switchport access vlan 10

!

interface FastEthernet0/21

switchport access vlan 10

!

interface FastEthernet0/22

switchport access vlan 10

!

interface FastEthernet0/23

switchport access vlan 10

!

interface FastEthernet0/24

desc to-sw1

duplex full

speed 100

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10

switchport mode trunk

!

!

interface VLAN10

ip address 192.168.10.10 255.255.255.0

!

ip default-gateway 192.168.10.1

snmp-server engineID local 000142B1E200

snmp-server community private RW

snmp-server community public RO

snmp-server chassis-id 0x0E

!

line con 0

password 7 03174C0605417

transport input none

stopbits 1

line vty 0 4

password 7 03174C0605417

login

line vty 5 14

password 7 03174C06054171

login

line vty 15

password 7 141F070A1B01

login

!

end

四、二层交换机SW3

SW3#show run

Current configuration:

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname sw3

!

enable secret 5 $1$VNwo$L6oFFQa3

enable password 7 130D02131C09

!

!

!

interface FastEthernet0/1

switchport access vlan 20

!

interface FastEthernet0/2

switchport access vlan 20

!

interface FastEthernet0/3

switchport access vlan 20

!

interface FastEthernet0/4

switchport access vlan 20

!

interface FastEthernet0/5

switchport access vlan 20

!

interface FastEthernet0/6

switchport access vlan 20

!

interface FastEthernet0/7

switchport access vlan 20

!

interface FastEthernet0/8

switchport access vlan 20

!

interface FastEthernet0/9

switchport access vlan 20

!

interface FastEthernet0/10

switchport access vlan 20

!

interface FastEthernet0/11

switchport access vlan 20

!

interface FastEthernet0/12

switchport access vlan 20

!

interface FastEthernet0/13

switchport access vlan 20

!

interface FastEthernet0/14

switchport access vlan 20

!

interface FastEthernet0/15

switchport access vlan 20

!

interface FastEthernet0/16

switchport access vlan 20

!

interface FastEthernet0/17

switchport access vlan 20

!

interface FastEthernet0/18

switchport access vlan 20

!

interface FastEthernet0/19

switchport access vlan 20

interface FastEthernet0/20

switchport access vlan 20

!

interface FastEthernet0/21

switchport access vlan 20

!

interface FastEthernet0/22

switchport access vlan 20

!

interface FastEthernet0/23

switchport access vlan 20

!

interface FastEthernet0/24

desc to-sw1

duplex full

speed 100

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 20

switchport mode trunk

!

interface VLAN20

ip address 192.168.20.10 255.255.255.0

!

ip default-gateway 192.168.20.1

snmp-server engineID local 000142B1E200

snmp-server community private RW

snmp-server community public RO

snmp-server chassis-id 0x0E

!

line con 0

password 7 03174C0605417

transport input none

stopbits 1

line vty 0 4

password 7 03174C0605417

login

line vty 5 14

password 7 03174C06054171

login

line vty 15

password 7 141F070A1B01

login

!

end