1.划分vlan
[sw2]vlan 10
[sw2-Ethernet0/0/1]port link-type access
[sw2-Ethernet0/0/1]port default vlan 10
[sw2-Ethernet0/0/2]port link-type trunk
[sw2-Ethernet0/0/2]port trunk allow-pass vlan all
[sw3]vlan 20
[sw3-Ethernet0/0/1]port link-type access
[sw3-Ethernet0/0/1]port default vlan 20
[sw3-Ethernet0/0/3]port link-type trunk
[sw3-Ethernet0/0/3]port trunk allow-pass vlan all
[sw1]vlan 10
[sw1]vlan 20
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/3]port link-type trunk
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/1]port link-type trunk
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
2.配置IP地址和绑定vlan
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 200.1.1.1 24
[AR1-GigabitEthernet0/0/0]int g0/0/1.1
[AR1-GigabitEthernet0/0/1.1]ip add 192.168.10.254 24
[AR1-GigabitEthernet0/0/1.1]int g0/0/1.2
[AR1-GigabitEthernet0/0/1.2]ip add 192.168.20.254 24
[AR1-GigabitEthernet0/0/1.1]dot1q termination vid 10 //子接口绑定vlan
[AR1-GigabitEthernet0/0/1.1]arp broadcast enable //打开ARP广播
[AR1-GigabitEthernet0/0/1.2]dot1q termination vid 20
[AR1-GigabitEthernet0/0/1.2]arp broadcast enable
3.配置静态路由
[AR1]ip route-static 0.0.0.0 0.0.0.0 200.1.1.2
[Internet]ip route-static 0.0.0.0 0.0.0.0 200.1.1.1
4.配置NAT转换
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255
[AR1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[AR1-GigabitEthernet0/0/0]nat outbound 2000 //采用Easy IP技术使多个内部地址映射到网关出接口的不同端口
[AR1]display nat outbound //查看NAT转换表
5.PC可以ping通外网,在AR1的G0/0/0口抓包也看不到内网IP,配置成功。
