Network topology configuration (network - extranet)
Configuration process
Network configuration switcher
- Renamed
switch(config)#hostname s2
- Establish vlan
s2(config)#vlan 100
s2(config)#vlan 200
s2(config)#vlan 1
- Set Internet Address
int vlan 1
ip address 172.16.1.1 255.255.255.0
no shutdown
- Set Interface Type
int fa0/1
switchport mode trunk
switchport trunk allowed vlan all
int fa0/2
switchport access vlan 100
int fa0/3
switchport access vlan 200
- Set the default gateway
ip default-gatway 172.16.1.2! default gateway does not require a mask
- Save arrangement
s2#write
Three switches within the network configuration
- Renamed
switch(config)#hostname s1
- Establish vlan
vlan 100
vlan 200
vlan 300
vlan 1
vlan 2
- Set Internet Address
int vlan 1
ip address 172.16.1.2 255.255.255.0
no shutdown
- Set Interface Type
int fa0/2
switchport mode trunk
switchport trunk allowed vlan all
int fa0/1
switchport access vlan 2
int fa0/3
switchport access vlan 300
int fa0/4
switchport access vlan 300
- 设置用户网关
int vlan 100
ip address 192.168.1.10 255.255.255.0
no shutdown
int vlan 200
ip address 192.168.2.10 255.255.255.0
no shutdown
int vlan 300
ip address 10.1.1.126 255.255.255.128
no shutdown
- 设置默认路由
ip route 0.0.0.0 0.0.0.0 172.16.2.1
- 保存配置
s2#write
路由器R1的配置(内网路由器)
使用静态路由协议
- 设置接口地址 C
int fa0/0
ip address 172.16.2.1 255.255.255.0
int fa0/1
ip address 172.16.3.1 255.255.255.0
- 设置静态路由(指向内网)
ip route 192.168.1.0 255.255.255.0 172.16.2.2
ip route 192.168.2.0 255.255.255.0 172.16.2.2
ip route 10.1.1.0 255.255.255.128 172.16.2.2
ip route 0.0.0.0 0.0.0.0 172.16.3.2 (指向外网)
1. 建立nat 地址池
- 建立nat 地址池
ip nat pool abc 10.1.1.128 10.1.1.254 netmask 255.255.255.128
2.建立 ACL
access-list 10 permit 192.168.2.0 0.0.0.255
3.建立 NAT 和 ACL 关联
ip nat inside source list 10 pool abc
4.应用到端口
int fa0/1
ip nat outside
int fa0/0
ip nat inside
2.设置 ACL
- 建立规则
access-list 101 deny tcp 192.168.2.0 0.0.0.255 host 10.10.10.1 eq 21
access-list 101 deny tcp 192.168.2.0 0.0.0.255 any eq 8000
access-list 101 deny udp 192.168.2.0 0.0.0.255 any eq 4000
access-list 101 permit ip any any
- The rule is applied to port
int fa0/0
ip access-group 101 in
Router R2 configuration (outer Router)
- Configure the interface address
Fa0 int / 0
IP address 172.16.3.2 255.255.255.0
NO the shutdown
int Fa0 /. 1
IP address 255.255.255.0 10.10.10.254
NO the shutdown
2. static route
IP 10.1.1.0 255.255.255.0 route 172.16.3.1
255.255.255.0 includes a public server and nat address pool address
- Save arrangement
write
