拓撲
在三層交換機SW1下的局域網中有vlan10、vlan20、vlan30,網關分別爲192.168.10.1/24、192.168.20.1/24和192.168.218.10/24,都配置在三層交換機的vlanif上;
PC1和PC2的IP地址分別爲192.168.10.10/24、192.168.20.20/24
web服務器地址爲192.168.218.19;
三層交換機的vlan40用來和路由器R3連接,地址段爲11.0.0.0/24;
R3和R4之間的地址段爲12.0.0.0/24,模擬公網;
R4g0/0/1口下是網段爲172.16.0.0/24的局域網,用於訪問192.168.218.0/24網段的web服務器;
最後實現vlan間通信,並向外提供web服務。
配置
配置IP地址
R3
sys
sysname R3
in g0/0/0
un sh
ip add 11.0.0.1 24
q
in g0/0/1
un sh
ip add 12.0.0.1 24
q
R4
sys
sysname R4
in g0/0/0
un sh
ip add 12.0.0.2 24
q
in g0/0/1
un sh
ip add 172.16.0.1 24
q
配置三層交換機、vlan
sys
sysname SW1
vlan bat 10 20 30
int g0/0/1
port link-type access
port default vlan 10
q
int g0/0/2
port link-type access
port default vlan 20
q
int g0/0/3
port link-type access
port default vlan 30
q
int g0/0/4
port link-type access
port default vlan 40
q
int Vlanif 10
ip add 192.168.10.1 24
q
int Vlanif 20
ip add 192.168.20.1 24
q
int Vlanif 30
ip add 192.168.218.10 24
q
int Vlanif 40
ip add 11.0.0.2 24
q
ip route-static 0.0.0.0 0.0.0.0 11.0.0.1
PC1 ping PC2
R3 ping SW1
配置路由
R3
ip route-static 0.0.0.0 0.0.0.0 12.0.0.2
ip route-static 192.168.218.0 255.255.255.0 11.0.0.2
ip route-static 192.168.20.0 255.255.255.0 11.0.0.2
ip route-static 192.168.10.0 255.255.255.0 11.0.0.2
R4
ip route-static 0.0.0.0 0.0.0.0 12.0.0.2
R3 ping PC1、PC2、web server
R4 ping R3
配置NAT
R3
把公網接口的8080端口映射到web server的80端口
acl 3000
rule permit ip source 192.168.10.0 0.0.0.255
rule permit ip source 192.168.20.0 0.0.0.255
q
in g0/0/1
nat server protocol tcp global current-interface 8080 inside 192.168.218.19 80
nat outbound 3000
R4
acl 3000
rule permit ip source 172.16.0.0 0.0.0.255
q
int g0/0/0
nat outbound 3000
配置web服務器
安裝nginx
[root@localhost ~]# tar -xf nginx-1.16.1.tar.gz
[root@localhost ~]# cd nginx-1.16.1/
[root@localhost nginx-1.16.1]# ./configure --prefix=/usr/local/nginx
[root@localhost nginx-1.16.1]# make && make install
開啓nginx服務
[root@localhost nginx-1.16.1]# cd /usr/local/nginx/sbin/
[root@localhost sbin]# ./nginx
可以使用命令ln -s /usr/local/nginx/sbin/* /usr/local/sbin/創建命令的軟鏈接
驗證
使用cloud3中的172.16.0.100測試機訪問web server
