局域网三层网络结构实例

• 网络拓扑图：

 

 

配置：

1. 配置过程：
   1. 创建vlan；
   2. 配置stp生成树协议；
   3. 配置dhcp协议；
   4. 接入PC和网关到vlan；
   5. 配置动态路由；
   6. 配置nat访问外网；
2. LSW5：

1. #
2. vlan batch 10 20
3. #
4. stp instance 1 priority 0    #此节点为实例1的主节点，实例2的备用节点；
5. stp instance 2 priority 4096
6. #
7. stp region-configuration          #配置stp
   1. region-name region1
   2. revision-level 1
   3. instance 1 vlan 10
   4. instance 2 vlan 20
   5. active region-configuration
8. #
9. interface GigabitEthernet0/0/1
   1. port link-type access
   2. port default vlan 10             #接入vlan10的网关
10. #
11. interface GigabitEthernet0/0/2
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20
12. #
13. interface GigabitEthernet0/0/3
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20
14. #
15. interface GigabitEthernet0/0/4
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20

1. LSW6：

1. #
2. vlan batch 10 20
3. #
4. stp instance 1 priority 4096 #此节点为实例1的备用节点，实例2的主节点
5. stp instance 2 priority 0
6. #
7. stp region-configuration    #配置stp
   1. region-name region1
   2. revision-level 1
   3. instance 1 vlan 10
   4. instance 2 vlan 20
   5. active region-configuration
8. #
9. interface GigabitEthernet0/0/1
   1. port link-type access
   2. port default vlan 20        #接入vlan20的网关
10. #
11. interface GigabitEthernet0/0/2
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20
12. #
13. interface GigabitEthernet0/0/3
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20
14. #
15. interface GigabitEthernet0/0/4
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20

1. LSW7：

1. #
2. vlan batch 10 20
3. #
4. dhcp enable                      #启动dhcp
5. #
6. stp region-configuration         #配置stp
   1. region-name region1
   2. revision-level 1
   3. instance 1 vlan 10
   4. instance 2 vlan 20
   5. active region-configuration
7. #
8. ip pool pool1                     #创建ip池
   1. gateway-list 192.168.10.254
   2. network 192.168.10.0 mask 255.255.255.0
   3. lease unlimited
   4. dns-list 8.8.8.8
9. #
10. interface Vlanif10
    1. ip address 192.168.10.1 255.255.255.0
    2. dhcp select global              #vlan10使用dhcp pool1
11. #
12. interface Ethernet0/0/1
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20
13. #
14. interface Ethernet0/0/2
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20
15. #
16. interface Ethernet0/0/3
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20

1. LSW8：

1. #
2. vlan batch 10 20
3. #
4. dhcp enable                  #启动dhcp
5. #
6. stp region-configuration     #配置生成树
   1. region-name region1
   2. revision-level 1
   3. instance 1 vlan 10
   4. instance 2 vlan 20
   5. active region-configuration
7. #
8. ip pool pool2                 #配置ip池
   1. gateway-list 192.168.20.254
   2. network 192.168.20.0 mask 255.255.255.0
   3. lease unlimited
   4. dns-list 8.8.8.8
9. #
10. interface Vlanif20
    1. ip address 192.168.20.1 255.255.255.0
    2. dhcp select global           #vlan20使用dhcp pool2
11. #
12. interface Ethernet0/0/1
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20
13. #
14. interface Ethernet0/0/2
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20
15. #
16. interface Ethernet0/0/3
    1. port link-type trunk
    2. port trunk allow-pass vlan 10 20

1. LSW9：

1. vlan batch 10 20
2. #
3. interface Ethernet0/0/1
   1.  port link-type trunk
   2.  port trunk allow-pass vlan 10 20
4. #
5. interface Ethernet0/0/2
   1.  port link-type access        #将PC3的接口接入vlan10
   2.  port default vlan 10

1. LSW10：

1. vlan batch 10 20
2. #
3. interface Ethernet0/0/1
   1.  port link-type trunk
   2.  port trunk allow-pass vlan 10 20
4. #
5. interface Ethernet0/0/2
   1.  port link-type access           #将PC4的接口接入vlan20
   2.  port default vlan 20

1. AR7：

1. #
2. acl number 2000  
   1.  rule 1 permit source 192.168.10.0 0.0.0.255  
3. #
4.  nat address-group 1 192.168.1.3 192.168.1.9
5. #
6. interface GigabitEthernet0/0/0
   1.  ip address 192.168.1.1 255.255.255.0
   2.  nat outbound 2000 address-group 1  #配置nat让内网访问外网；
7. #
8. interface GigabitEthernet0/0/1
   1.  ip address 192.168.10.254 255.255.255.0
9. #
10. interface GigabitEthernet0/0/2
    1.  ip address 192.168.20.254 255.255.255.0
11. #
12. rip 1                              #配置动态路由
    1.  network 192.168.1.0

1. AR8：

1. #
2. interface GigabitEthernet0/0/0
   1.  ip address 192.168.1.2 255.255.255.0
3. #
4. interface GigabitEthernet0/0/1
   1.  ip address 192.168.4.254 255.255.255.0
5. #
6. rip 1                             #配置动态路由
   1.  network 192.168.1.0
   2.  network 192.168.4.0