switch（config）#hostname s2

s2（config）#vlan 100 s2（config）#vlan 200 s2（config）#vlan 1

int vlan 1 ip address 172.16.1.1 255.255.255.0 no shutdown

int fa0/1 switchport mode trunk switchport trunk allowed vlan all int fa0/2 switchport access vlan 100 int fa0/3 switchport access vlan 200

ip default-gatway 172.16.1.2 !默认网关不需要掩码

s2#write

switch（config）#hostname s1

vlan 100 vlan 200 vlan 300 vlan 1 vlan 2

int vlan 1 ip address 172.16.1.2 255.255.255.0 no shutdown

int fa0/2 switchport mode trunk switchport trunk allowed vlan all int fa0/1 switchport access vlan 2 int fa0/3 switchport access vlan 300 int fa0/4 switchport access vlan 300

int vlan 100 ip address 192.168.1.10 255.255.255.0 no shutdown int vlan 200 ip address 192.168.2.10 255.255.255.0 no shutdown int vlan 300 ip address 10.1.1.126 255.255.255.128 no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.2.1

s2#write

使用静态路由协议

int fa0/0 ip address 172.16.2.1 255.255.255.0 int fa0/1 ip address 172.16.3.1 255.255.255.0

ip route 192.168.1.0 255.255.255.0 172.16.2.2 ip route 192.168.2.0 255.255.255.0 172.16.2.2 ip route 10.1.1.0 255.255.255.128 172.16.2.2 ip route 0.0.0.0 0.0.0.0 172.16.3.2 (指向外网)

1. 建立nat 地址池

ip nat pool abc 10.1.1.128 10.1.1.254 netmask 255.255.255.128 2.建立 ACL access-list 10 permit 192.168.2.0 0.0.0.255 3.建立 NAT 和 ACL 关联 ip nat inside source list 10 pool abc 4.应用到端口 int fa0/1 ip nat outside int fa0/0 ip nat inside

2.设置 ACL

access-list 101 deny tcp 192.168.2.0 0.0.0.255 host 10.10.10.1 eq 21 access-list 101 deny tcp 192.168.2.0 0.0.0.255 any eq 8000 access-list 101 deny udp 192.168.2.0 0.0.0.255 any eq 4000 access-list 101 permit ip any any

int fa0/0 ip access-group 101 in

int fa0/0 ip address 172.16.3.2 255.255.255.0 no shutdown int fa0/1 ip address 10.10.10.254 255.255.255.0 no shutdown 2.静态路由 ip route 10.1.1.0 255.255.255.0 172.16.3.1 255.255.255.0 包括公网服务器地址和nat地址池地址

write