PVLAN（ENSP真实还原小型公司组网）

组网需求

如下图所示，接入交换机是二层交换机，使用汇聚交换机（三层交换机）作为用户的网关。PC1和PC2分别属于VLAN 2和VLAN 3，通过接入交换机SW2接入汇聚交换机。PC3和PC4属于VLAN 4，通过SW3接入汇聚交换机。汇聚交换机作为PC1、PC2、PC3和PC4的网关，实现用户PC间的互访以及Internet访问。内网VLAN 2的网段为192.168.2.0/24，VLAN 3的网段为192.168.3.0/24，VLAN 4的网段为192.168.4.0/24。

配置思路

配置接入交换机，基于接口划分VLAN，实现二层互通。配置汇聚交换机作为用户的网关并启用DHCP功能，实现三层互通并为用户自动分配IP。配置汇聚交换机与AR相连的接口及默认路由，实现与AR的对接。配置AR与汇聚交换机相连的接口及到内网网段的路由，实现与汇聚交换机的对接。配置AR的上网功能。配置NAT实现内网访问互联网

操作步骤

一、配置接入交换机

将接口加入相应VLAN

<SW2> system-view [SW2] vlan batch 2 3 [SW2] interface gigabitethernet 0/0/1 [SW2-GigabitEthernet0/0/1] port link-type access [SW2-GigabitEthernet0/0/1] port default vlan 2 [SW2-GigabitEthernet0/0/1] quit [SW2] interface gigabitethernet 0/0/3 [SW2-GigabitEthernet0/0/3] port link-type access [SW2-GigabitEthernet0/0/3] port default vlan 3 [SW2-GigabitEthernet0/0/3] quit [SW2] interface gigabitethernet 0/0/2 [SW2-GigabitEthernet0/0/2] port link-type trunk [SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3

SW3也类似，这里就不贴脚本啦

二、配置汇聚交换机

1. 将互联接口加入相应VLAN

<SW1> system-view [SW1] vlan batch 2 3 4 [SW1] interface gigabitethernet 0/0/2 [SW1-GigabitEthernet0/0/2] port link-type trunk [SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3 [SW1-GigabitEthernet0/0/2] quit [SW1] interface gigabitethernet 0/0/3 [SW1-GigabitEthernet0/0/3] port link-type access [SW1-GigabitEthernet0/0/3] port default vlan 4 [SW1-GigabitEthernet0/0/3] quit

2、配置VLANIF接口和DHCP服务器

[SW1] dhcp enable [SW1] interface vlanif 2 [SW1-Vlanif2] ip address 192.168.2.1 255.255.255.0 [SW1-Vlanif2] dhcp select interface [SW1-Vlanif2] dhcp server dns-list 114.114.114.114 [SW1-Vlanif2] quit [SW1] interface vlanif 3 [SW1-Vlanif3] ip address 192.168.3.1 255.255.255.0 [SW1-Vlanif3] dhcp select interface [SW1-Vlanif3] dhcp server dns-list 114.114.114.114 [SW1-Vlanif3] quit [SW1] interface vlanif 4 [SW1-Vlanif4] ip address 192.168.4.1 255.255.255.0 [SW1-Vlanif4] dhcp select interface [SW1-Vlanif4] dhcp server dns-list 114.114.114.114 [SW1-Vlanif4] quit

3、配置与AR对接

[SW1] vlan batch 100 [SW1] interface gigabitethernet 0/0/01 [SW1-GigabitEthernet0/0/1] port link-type access [SW1-GigabitEthernet0/0/1] port default vlan 100 [SW1-GigabitEthernet0/0/1] quit [SW1] interface vlanif 100 [SW1-Vlanif100] ip address 192.168.1.2 255.255.255.0 [SW1-Vlanif100] quit [SW1] ip route-static 0.0.0.0 0.0.0.0 192.168.1.1

三、配置AR

1、配置接口IP

<AR> system-view [AR] interface gigabitethernet 0/0/2 [AR-GigabitEthernet0/0/2] ip address 192.168.1.1 255.255.255.0 [AR-GigabitEthernet0/0/2] quit

2、配置到内网网段的路由

[AR] ip route-static 192.168.2.0 255.255.255.0 192.168.1.2 [AR] ip route-static 192.168.3.0 255.255.255.0 192.168.1.2 [AR] ip route-static 192.168.4.0 255.255.255.0 192.168.1.2 [AR] return

四、配置AR的上网功能。

1、配置ISP(这里使用ENSP云配置模拟ISP),具体配置如下

2、配置AR的路由器GE0/0/1端口动态获取IP

[AR2]dhcp enable [AR2]interface GigabitEthernet 0/0/1 [AR2-GigabitEthernet0/0/1]ip address dhcp-alloc

五、配置NAT实现内网访问互联网

在AR路由器上配置动态NAT实现内网访问互联网

[AR2]nat address-group 1 192.168.35.100 192.168.35.101 [AR2]acl 2000 [AR2-acl-basic-2000]rule 5 permit source 192.168.0.0 0.0.255.255 [AR2-acl-basic-2000]q [AR2]interface GigabitEthernet 0/0/1 [AR2-GigabitEthernet0/0/1]nat outbound 2000 address-group 1

六、验证内网是否能访问互联网

欢迎添加我头条号。欢迎关注、转发、评论、收藏。或者私信我一起讨论学习。