interface FastEthernet0/20 switchport access vlan 10 ! interface FastEthernet0/21 switchport access vlan 10 ! interface FastEthernet0/22 switchport access vlan 10 ! interface FastEthernet0/23 switchport access vlan 10 ! interface FastEthernet0/24 desc to-sw1 duplex full speed 100 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk ! ! interface VLAN10 ip address 192.168.10.10 255.255.255.0 ! ip default-gateway 192.168.10.1 snmp-server engineID local 000000090200000142B1E200 snmp-server community private RW snmp-server community public RO snmp-server chassis-id 0x0E ! line con 0 password 7 03174C0605417 transport input none stopbits 1 line vty 0 4 password 7 03174C0605417 login line vty 5 14 password 7 03174C06054171 login line vty 15 password 7 141F070A1B01 login !
二、三层交换机 SW1
sw1#show run Building configuration...
Current configuration : 1284 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname sw1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ! ! ip cef ! ! ! interface FastEthernet1/0 ! interface FastEthernet1/1 no switchport ip address 192.168.0.2 255.255.255.0 ! interface FastEthernet1/2 ! interface FastEthernet1/3 desc to_sw2 speed 100 duplex full switchport mode trunk switchport trunk allowed vlan 10
! ! interface FastEthernet1/4 desc to_sw3 speed 100
duplex full switchport mode trunk switchport trunk allowed vlan 20
! interface FastEthernet1/5 ! interface FastEthernet1/6 ! interface FastEthernet1/7 ! interface FastEthernet1/8 ! interface FastEthernet1/9 ! interface FastEthernet1/10 ! interface FastEthernet1/11 ! interface FastEthernet1/12 ! interface FastEthernet1/13 ! interface FastEthernet1/14 ! interface FastEthernet1/15 ! interface Vlan1 no ip address ! interface Vlan10 ip address 192.168.10.1 255.255.255.0 ip access-group 101 in ! interface Vlan20 ip address 192.168.20.1 255.255.255.0 ! no ip http server ip route 0.0.0.0 0.0.0.0 192.168.0.1 ! ! ! access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 access-list 101 permit ip any any
中小企业网络结构设计2(思科版） 2008-02-21 15:14:41 标签：结构设计 企业 路由器 交换机 思科 原创作品，允许转载，转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。 否则将追究法律责任。/23357/62658
! ! ! control-plane ! line con 0 line aux 0 line vty 0 4 ! ! End
三、二层交换机 SW2 SW2#show run Building configuration...
Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname sw2 ! enable secr password 7 130D02131C09 ! ! ! interface FastEthernet0/1 switchport access vlan 10 ! interface FastEthernet0/2 switchport access vlan 10 ! interface FastEthernet0/3 switchport access vlan 10 ! interface FastEthernet0/4 switchport access vlan 10 ! interface FastEthernet0/5
要求： 1、使用思科路由器与 ISP 相连，专线接入。 2、内部网络使用三层交换机，下接若干 VLAN； 3、VLAN 间不能互访，VLAN 通过路由 NAT 上网 设计思路： 1、 路由器上配置 NAT 转换，默认路由至 ISP，静态路由至三层交换机 2、 三层交换机上划 VLAN，实现 VLAN 间路由，至路由器默认路由； 3、 三层交换机上做 ACL 列表演，写实现 VLAN 间互相隔离技术。
Current configuration : 989 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname router2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ! ! ip cef ! ! ! ! interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 ip nat inside ip virtual-reassembly speed 100 full-duplex ! interface Serial1/0 ip address 172.16.0.1 255.255.255.0 ip nat outside ip virtual-reassembly serial restart-delay 0
! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ip http server ip route 192.168.0.0 255.255.0.0 192.168.0.2 ! ! ip nat inside source list 101 interface Serial1/0 overload ! access-list 101 permit ip 192.168.0.0 0.0.255.255 any ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! End
switchport access vlan 10 ! interface FastEthernet0/6 switchport access vlan 10 ! interface FastEthernet0/7 switchport access vlan 10 ! interface FastEthernet0/8 switchport access vlan 10 ! interface FastEthernet0/9 switchport access vlan 10 ! interface FastEthernet0/10 switchport access vlan 10 ! interface FastEthernet0/11 switchport access vlan 10 ! interface FastEthernet0/12 switchport access vlan 10 ! interface FastEthernet0/13 switchport access vlan 10 ! interface FastEthernet0/14 switchport access vlan 10 ! interface FastEthernet0/15 switchport access vlan 10 ! interface FastEthernet0/16 switchport access vlan 10 ! interface FastEthernet0/17 switchport access vlan 10 ! interface FastEthernet0/18 switchport access vlan 10 ! interface FastEthernet0/19 switchport access vlan 10