Материал из EPIRB Wiki
WAN, LAN, сервер DHCP и NAT на одном физическом порту (с разделением на VLAN)
Понадобилось для одного проекта, маршрутизатор подключается к свичу всего одним кабелем, на свиче порты в разных виланах оказываются в разных сетях, соединенных через NAT.
version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! aaa new-model ! aaa session-id common ! dot11 syslog no ip source-route no ip dhcp use vrf connected ip dhcp excluded-address 10.0.0.1 10.0.0.99 ! ip dhcp pool LAN network 10.0.0.0 255.255.255.0 dns-server 10.0.0.1 default-router 10.0.0.1 ! ip cef ip inspect name INSPECT_OUT icmp router-traffic ip inspect name INSPECT_OUT dns ip inspect name INSPECT_OUT ntp ip inspect name INSPECT_OUT tcp router-traffic ip inspect name INSPECT_OUT udp router-traffic no ip bootp server ip name-server 8.8.8.8 ! archive log config hidekeys ! interface FastEthernet0 interface FastEthernet1 interface FastEthernet2 interface FastEthernet3 ! interface FastEthernet4 description ============================== WAN ===================== no ip address ip virtual-reassembly duplex auto speed auto no cdp enable ! interface FastEthernet4.1 encapsulation dot1Q 100 ip address 10.10.10.123 255.255.255.0 ip access-group FastEth4_in in ip inspect INSPECT_OUT out ip nat outside ip virtual-reassembly no cdp enable ! interface Vlan1 description LAN ip address 10.0.0.1 255.255.255.0 ip nat inside ip virtual-reassembly ! no ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 FastEthernet4.1 10.10.10.1 permanent ! no ip http server no ip http secure-server ip dns server ip nat inside source list NatTag interface FastEthernet4.1 overload ! ip access-list extended FastEth4_in permit tcp any any eq telnet deny ip any any ip access-list extended NatTag permit ip 10.0.0.0 0.0.0.255 any ! no cdp run ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 ! scheduler max-task-time 5000 end