1，internet是ospf区域，不能通过OSPF边缘路由器来增加到各企业网络的静态路由，通告所有的本地直连的网络。

2，R1-R3 FR-DLCI任意。

3，分公司和总部都需NA T转换上网4，SW1-SW2两交换机间实现跨交换机互通，并通过端口聚合增加带宽，5，总部与分部都通过一条默认路由通达INTERNET。

6，分部出口路由器与INTERNET之间是PPP封装，7，R1与R2之间PPP，PAP认证。

8，vlan 10只能ping通vlan 20 的www服务9，W3交换机为了局域网安全需要做相应的端口安全设置，并绑定相应的网与IP10,因为vlan 10需要PC62台，vlan 20需要280多台PC，需要对172.16.0.0/16 进行VLSM划分，以最省IP地址的形式划分VLAN。

11，server 0 充当DNS与web 服务器，并且总部与分部都能访问web资源。

总部配置如下：SW1：Building configuration...hostname Switchip routing!interface FastEthernet0/1no switchportip address 202.103.100.1 255.255.255.252 ip nat outsideduplex autospeed auto!interface FastEthernet0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface FastEthernet0/3channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface FastEthernet0/4switchport access vlan 10!interface FastEthernet0/5!iinterface Port-channel 1switchport trunk encapsulation dot1qswitchport mode trunk!interface Vlan1no ip addressshutdown!interface Vlan10ip address 172.16.0.254 255.255.254.0ip access-group 101 inip nat inside!interface Vlan20ip address 172.16.2.254 255.255.254.0ip access-group 101 outip nat insideip nat inside source list 100 interface FastEthernet0/1 overloadip classlessip route 0.0.0.0 0.0.0.0 202.103.100.2!access-list 100 permit ip 172.16.0.0 0.0.1.255 anyaccess-list 100 permit ip 172.16.2.0 0.0.0.127 anyaccess-list 101 permit tcp 172.16.0.0 0.0.1.255 172.16.2.0 0.0.0.127 eq www access-list 101 deny ip 172.16.0.0 0.0.1.255 172.16.2.0 0.0.0.127access-list 101 permit ip any any!line con 0line vty 0 4login!endSW2：Building configuration...hostname Switch!interface FastEthernet0/1!interface FastEthernet0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface FastEthernet0/3channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface FastEthernet0/4switchport access vlan 20switchport mode access!interface FastEthernet0/5!interface FastEthernet0/6!interface Port-channel 1switchport trunk encapsulation dot1qswitchport mode trunkinterface Vlan1no ip addressshutdown!ip classless!!line con 0line vty 0 4loginend-------------------------------------------------------------------------分部----------------------》》》SW3：Building configuration...hostname Switch!!!interface FastEthernet0/1switchport mode trunk!interface FastEthernet0/2switchport access vlan 100switchport mode accessswitchport port-security!interface FastEthernet0/3switchport access vlan 200switchport mode accessswitchport port-security!interface FastEthernet0/4!interface Vlan1no ip addressshutdown!line con 0!line vty 0 4loginline vty 5 15login!endrouter 3:Building configuration...-encryption!hostname Router!interface FastEthernet0/0no ip addressduplex autospeed auto!interface FastEthernet0/0.100encapsulation dot1Q 100ip address 192.168.1.254 255.255.255.0ip nat inside!interface FastEthernet0/0.200encapsulation dot1Q 200ip address 192.168.2.254 255.255.255.0ip nat inside!interface FastEthernet0/1no ip addressduplex autospeed autoshutdown!interface Serial1/0ip address 202.103.100.18 255.255.255.252 ip nat outside!interface Serial1/1no ip addressshutdown!!interface Vlan1no ip addressshutdown!ip nat inside source list 100 interface Serial1/0 overloadip nat inside source static tcp 192.168.1.2 80 202.103.100.18 80 ip nat inside source static udp 192.168.1.2 53 202.103.100.18 53 ip classlessip route 0.0.0.0 0.0.0.0 202.103.100.17!access-list 100 permit ip 192.168.2.0 0.0.0.255 any!line con 0line vty 0 4login!end_________________________________________________internet配置_____________________R3:Building configuration...hostname Router!interface Serial1/0ip address 202.103.100.14 255.255.255.252encapsulation frame-relayframe-relay interface-dlci 301!interface Serial1/1ip address 202.103.100.6 255.255.255.252!interface Serial1/2ip address 202.103.100.17 255.255.255.252clock rate 64000!router ospf 100log-adjacency-changesnetwork 202.103.100.16 0.0.0.3 area 0network 202.103.100.12 0.0.0.3 area 0network 202.103.100.4 0.0.0.3 area 0!ip classless!no cdp run!line con 0line vty 0 4login!endR2:Building configuration...hostname Router!interface FastEthernet0/0ip address 202.103.100.2 255.255.255.252 duplex autospeed auto!interface FastEthernet0/1no ip addressduplex autospeed autoshutdown!interface Serial1/0ip address 202.103.100.9 255.255.255.252 clock rate 64000!interface Serial1/1ip address 202.103.100.5 255.255.255.252 clock rate 64000!router ospf 100log-adjacency-changesnetwork 202.103.100.8 0.0.0.3 area 0network 202.103.100.4 0.0.0.3 area 0network 202.103.100.0 0.0.0.3 area 0!ip classless!line con 0line vty 0 4login!endR1:Building configuration...hostname Router!interface Serial1/0ip address 202.103.100.10 255.255.255.252 !interface Serial1/1ip address 202.103.100.13 255.255.255.252 encapsulation frame-relayframe-relay interface-dlci 103clock rate 64000!router ospf 100log-adjacency-changesnetwork 202.103.100.12 0.0.0.3 area 0network 202.103.100.8 0.0.0.3 area 0!ip classless!no cdp run!line con 0line vty 0 4login!end接下来就来看一下测试结果吧，1,测试总部与INTERNET连通性：2，测试分部与INTERNE连通性：3，测试总部与分部是否能够访问WEB服务器：4，测试NAT是否生效：测试语句：结果：。