Cho sơ đồ như sau: Hãy cấu hình 2 VLAN và định tuyến cho các VLAN dùng SVI trên switch

Lưu ý: Thay IOS cho Switch L2 bằng

Bước 1: Cấu hình IP cho Router

int F0/0

no shut

ip add dhcp

exit

int F0/1

no sh

ip add 192.168.1.254 255.255.255.0

exit

Bước 2: Cấu hình DHCP Server trên Router, tạo ra 2 pools, mỗi pool cấp cho 1 VLAN

ip dhcp pool VLAN10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.254

dns 8.8.8.8

exit

ip dhcp excluded-address 192.168.10.1 192.168.10.100

ip dhcp pool VLAN20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.254

dns 8.8.8.8

exit

ip dhcp excluded-address 192.168.20.1 192.168.20.100

ip dhcp pool VLAN1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.254

dns 8.8.8.8

exit

ip dhcp excluded-address 192.168.1.1 192.168.1.100

Bước 3: Cấu hình NAT trên Router

//Tạo access-list

Gateway(config)#access-list 1 permit 192.168.1.0 0.0.0.255

Gateway(config)#access-list 1 permit 192.168.10.0 0.0.0.255

Gateway(config)#access-list 1 permit 192.168.20.0 0.0.0.255

Gateway(config)#ip nat inside source list 1 interface f0/0 overload

Gateway(config)#int f0/0

Gateway(config-if)#ip nat outside

Gateway(config-if)# exit

//Nhớ cấu hình Nat Inside

Gateway(config)#int f0/1

Gateway(config-if)#ip nat inside

Gateway(config-if)#ex

//Lưu ý: Tắt tính năng CEF trên Router

Gateway(config)# no ip cef

Bước 4: Cấu hình VLAN trên Switch và gán ports vào các VLAN tương ứng

Switch(config)#vlan 10

Switch(config-vlan)#name TaiChinh

Switch(config-vlan)#exit

Switch(config)#vlan 20

Switch(config-vlan)#name KeToan

Switch(config-vlan)#exit

Switch(config)#

//Cấu hình IP cho interface VLAN 1

Switch(config)#int vlan 1

Switch(config-if)#no shut

Switch(config-if)#ip add 192.168.1.253 255.255.255.0

Switch(config-if)#exit

Switch(config)#

//Cấu hình IP cho interface VLAN 10

Switch(config)#int vlan 10

Switch(config-if)#no shut

Switch(config-if)#ip add 192.168.10.254 255.255.255.0

Switch(config-if)#exit

Switch(config)#

//Cấu hình IP cho interface VLAN 20

Switch(config)#int vlan 20

Switch(config-if)#no shut

Switch(config-if)#ip add 192.168.20.254 255.255.255.0

Switch(config-if)#exit

Switch(config)#

//Cấu hình Trunking cho cổng E0/0

Switch(config)#int e0/0

Switch(config-if)#switchport trunk encapsulation dot1q

Switch(config-if)#switchport mode trunk

Switch(config-if)#exit

Switch(config)#

//Lưu ý: Bật routing trên Switch

Switch(config)#ip routing

//Cấu hình DHCP Relay Agent trên các interface VLAN

Switch(config)#int vlan 1

Switch(config-if)#ip helper-address 192.168.1.254

Switch(config-if)#exit

Switch(config)#int vlan 10

Switch(config-if)#ip helper-address 192.168.1.254

Switch(config-if)#exit

Switch(config)#int vlan 20

Switch(config-if)#ip helper-address 192.168.1.254

Switch(config-if)#exit

//Định tuyến mặc định cho Switch trỏ về Gateway 192.168.1.254

Switch(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.254

//Định tuyến tĩnh từ Router ngược về các VLAN 10 & 20

Gateway(config)#ip route 192.168.10.0 255.255.255.0 F0/1

Gateway(config)#ip route 192.168.20.0 255.255.255.0 F0/1

//Gán port cho các VLAN tương ứng

Switch(config)#int e0/1

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 10

Switch(config-if)#exit

Switch(config)#int e0/2

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 20

Switch(config-if)#exit

Bước 5: Qua các PC-VLAN xin IP & test thông mạng

VPCS> set pcname VLAN10

VLAN10> ip dhcp

DDORA IP 192.168.10.101/24 GW 192.168.10.254

VLAN10> show ip

NAME : VLAN10[1]

IP/MASK : 192.168.10.101/24

GATEWAY : 192.168.10.254

DNS : 8.8.8.8

DHCP SERVER : 192.168.10.254

DHCP LEASE : 86397, 86400/43200/75600

MAC : 00:50:79:66:68:03

LPORT : 20000

RHOST:PORT : 127.0.0.1:30000

MTU : 1500

VLAN10>

Trên PCVLAN20:

Một số câu lệnh kiểm tra thông tin cấu hình:

show running-config

show ip interface brief

show vlan //trên switch

show interfaces trunk //trên switch

show ip nat translations

show ip //trên VPCS

Switch#show running-config

Building configuration...

Current configuration : 1341 bytes

!

! Last configuration change at 15:38:45 EET Thu Sep 11 2025

!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

clock timezone EET 2 0

!

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

!

no cdp run

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Ethernet0/0

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Ethernet0/1

switchport access vlan 10

switchport mode access

!

interface Ethernet0/2

switchport access vlan 20

switchport mode access

!

interface Ethernet0/3

!

interface Vlan1

ip address 192.168.1.253 255.255.255.0

ip helper-address 192.168.1.254

!

interface Vlan10

ip address 192.168.10.254 255.255.255.0

ip helper-address 192.168.1.254

!

interface Vlan20

ip address 192.168.20.254 255.255.255.0

ip helper-address 192.168.1.254

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.1.254

ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr

ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr

!

!

!

!

!

control-plane

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

!

!

!

end

Switch#

Gateway#sh running-config

Building configuration...

Current configuration : 1617 bytes

!

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Gateway

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

no ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.10.1 192.168.10.100

ip dhcp excluded-address 192.168.20.1 192.168.20.100

ip dhcp excluded-address 192.168.1.1 192.168.1.100

!

ip dhcp pool VLAN10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.254

dns-server 8.8.8.8

!

ip dhcp pool VLAN20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.254

dns-server 8.8.8.8

!

ip dhcp pool VLAN1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.254

dns-server 8.8.8.8

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

archive

log config

hidekeys

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

ip route 192.168.10.0 255.255.255.0 FastEthernet0/1

ip route 192.168.20.0 255.255.255.0 FastEthernet0/1

!

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 192.168.20.0 0.0.0.255

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

!

end

Gateway#