三层交换机与路由器对接上网配置案例

三层交换机是具有路由功能的交换机，由于路由属于OSI模型中第三层网络层的功能，所以称为三层交换机。

三层交换机既可以工作在二层也可以工作在三层，可以部署在接入层，也可以部署在汇聚层，作为用户的网关。

组网需求

如图所示，某学校拥有多个部门且位于不同网段，各部门均有访问Internet的需求。现要求用户通过三层交换机和路由器访问外部网络，且要求三层交换机作为用户的网关。

三层交换机与路由器对接上网组网图如下

注：（括朴图说明稍有不匹配，请大家仔细理解观看，如有不懂请直接私信博主，博主会为大家答疑解惑！）

（设备是锐捷和神州数码两款产品混合制做而成，大家仅供参考！）

路由器配置结果如下。

Router_config#show run 
Building configuration...

Current configuration:
!
hostname NAT
!
!
!
!
!
!
!
!
!
!
syslog buffer 64 level DEBUG class ALL 
!
!
!
!
!
isdn switch-type basic-5ess
!
!
!
aaa authentication login default local
aaa authentication enable default none
aaa authentication ppp default local
aaa authorization exec default local
!
username admin password 0 admin
!
!
!
crypto key load-keyconf end
!
!
!
interface GigaEthernet0/0
 ip address 192.168.100.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 ip http firewalltype 0
!
interface GigaEthernet0/1
 ip address 172.16.1.1 255.255.255.0
 no ip directed-broadcast
 ip nat outside
 ip http firewalltype 0
!
interface GigaEthernet0/2
 no ip address
 no ip directed-broadcast
 ip http firewalltype 0
!
interface GigaEthernet0/3
 ip address 192.168.2.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 ip http firewalltype 0
!
interface Serial1/0
 no ip address
 no ip directed-broadcast
!
interface Serial1/1
 no ip address
 no ip directed-broadcast
!
ip dhcp-server 192.168.100.1
!
!
!
!         
!
!
!
!
ip route cache 
ip route default 172.16.1.254 
ip route 192.168.0.0 255.255.0.0 192.168.100.2 
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!         
!
!
!
!
!
!
ip access-list extended NAT
 permit ip any any sequence 10
!
!
!
!
!
ip dhcpd pool dpool
 network 192.168.2.0 255.255.255.0
 range 192.168.2.10 192.168.2.255
 default-router 192.168.2.1 
 dns-server 192.168.2.1 
 lease infinite 
!
ip dhcpd enable
!
!         
ip telnet attack-defense
!
ip http ispmode 1
ip http wizard enable
ip http server
ip http language chinese
ip http timeout 10
ip http set-name-value 0
!
!
no ip proxy enable
ip proxy aaa-authen enable
!
!
!
gbsc app-ctrl priority onlinegames all
no gbsc app-ctrl drop onlinegames all
gbsc group default
!
gbsc pushto mode text
no gbsc filter-url enable
gbsc filter-url mode forbid
no gbsc filter-key enable
!
!
ip nat service privateservice
ip nat inside source list NAT interface GigaEthernet0/1
!
!
!
!

连接云平台的交换机配置结果如下

Swintch(config)#  show run 
!!
switch convert mode stand-alone
!!
!
no service password-encryption
!
hostname YPT
sysLocation China
sysContact 400-810-9119
!
authentication logging enable
!
username admin privilege 15 password 0 admin
!
!
!
!
info-center logfile 4 config count 40960 nandflash logfile.log
info-center logfile 4 output-enable
info-center logfile 4 match level warnings 
ip dhcp pool 1
 network-address 192.168.100.0 255.255.255.0
 lease 0 2 0 
 default-router 192.168.100.2
!
ip dhcp pool 24
 network-address 172.16.1.0 255.255.255.0
 lease 0 9 0 
 default-router 172.16.1.254
 dns-server 114.114.114.114
!
!
!
!
!
!
Interface Ethernet0
!
!
!
dns-server 114.114.114.114
!
!
vlan 1;20;70;80;90;100;110;120;170;180 
!
vlan 190;200 
!
Interface Ethernet1/0/1
 switchport access vlan 100
!
Interface Ethernet1/0/2
 switchport mode trunk
!
Interface Ethernet1/0/3
 switchport access vlan 100
!
Interface Ethernet1/0/4
 switchport access vlan 100
!
Interface Ethernet1/0/5
 switchport access vlan 100
!
Interface Ethernet1/0/6
!
Interface Ethernet1/0/7
!
Interface Ethernet1/0/8
!
Interface Ethernet1/0/9
!
Interface Ethernet1/0/10
!         
Interface Ethernet1/0/11
!
Interface Ethernet1/0/12
!
Interface Ethernet1/0/13
!
Interface Ethernet1/0/14
!
Interface Ethernet1/0/15
!
Interface Ethernet1/0/16
!
Interface Ethernet1/0/17
!
Interface Ethernet1/0/18
!
Interface Ethernet1/0/19
!
Interface Ethernet1/0/20
!
Interface Ethernet1/0/21
!
Interface Ethernet1/0/22
!         
Interface Ethernet1/0/23
!
Interface Ethernet1/0/24
 switchport access vlan 100
!
Interface Ethernet1/0/25
!
Interface Ethernet1/0/26
!
Interface Ethernet1/0/27
!
Interface Ethernet1/0/28
!
interface Vlan20
!
interface Vlan70
 ip address 10.10.70.254 255.255.255.0
!
interface Vlan80
 ip address 10.10.80.254 255.255.255.0
!
interface Vlan90
 ip address 10.10.90.254 255.255.255.0
!         
interface Vlan100
 ip address 192.168.100.2 255.255.255.0
!
interface Vlan110
 ip address 10.10.110.254 255.255.255.0
!
interface Vlan120
 ip address 10.10.120.254 255.255.255.0
!
interface Vlan170
 ip address 10.10.170.254 255.255.255.0
!
interface Vlan180
 ip address 10.10.180.254 255.255.255.0
!
interface Vlan190
 ip address 10.10.190.254 255.255.255.0
!
interface Vlan200
 ip address 172.168.100.1 255.255.255.0
!
!
no login
!         
captive-portal
!
end

注：（命令没有按照步骤一步一步来，而是截取整个部分来的，如有不懂、不理解，请私信博主，博主会为大家答疑解惑！）

配置结果

配置PC1的IP地址为192.168.100.0/24，网关为192.168.100.2；PC2的IP地址192.168.100.0/24，网关为192.168.100.2。

配置外网PC的IP地址为192.168.2.0/24，网关为192.168.2.1。

配置完成后，PC1和PC2都可以Ping通外网的IP 192.168.100.1/24，PC1和PC2都可以访问Internet。

注：标注红色字体的地址意指，最后那一位数只要是在地址范围内并和网关最后一位地址不冲突都可以使用，博主在这里就不详细写明地址，大家仅供参考!