《构建中小型网络实训》实训课程

一、项目基本情况

某企业需要建设一个综合的企业网,公司有4个部门,从内网的安全考虑,使用VLAN技术将各门划分到不同的VLAN中,部署防环、防攻击、数据负载均衡等相关策略,确保局域网业务安全、可靠。为了提高公司的业务能力和增强企业的知名度,将公司的Web网站以及FTP服务发布到互联网上;为了便于网络管理,公司内部的网络需要使用OSPF路由协议使全网互通;公司需要能够访问互联网,并从ISP那里申请了一段公网IP地址99.1.1.0/28。

二、网络拓扑说明

信息化建设方案拓扑图如下图1所示,相关说明如下:
1.一台RG-RSR20编号为R1,作为分公司出口设备;
2.两台RG-3760编号为S3和S4,作为公司核心交换机;
3.两台RG-S2328编号为S1和S2,作为公司接入交换机;
4. 一台RG-RSR20编号为R2,作为运营商接入设备。
5. 计算机(可使用虚拟机)5台,服务器操作系统为windows server 2008。

三、实验拓扑

《构建中小型网络实训》实训课程

四、拓扑连线与地址规划

本项目的网络物理连接表如表1所示,网络设备名称表如2所示,IP地址分配表如表3所示。
《构建中小型网络实训》实训课程
《构建中小型网络实训》实训课程
《构建中小型网络实训》实训课程

五、网络设备部署

1.路由器配置
(1)路由器R1

配置接口//描述接口
R7_RSR10_1(config)#hostname RSR20-R1
RSR20-R1(config)#int f0/0
RSR20-R1(config-if)#ip address 10.1.1.1 255.255.255.240
RSR20-R1(config-if)#no shutdown
RSR20-R1(config-if)#ip address 10.1.1.1 255.255.255.252
RSR20-R1(config-if)#description Con_To_S3_F0/24
RSR20-R1(config-if)#int f0/1
RSR20-R1(config-if)#ip address 10.1.1.5 255.255.255.252
RSR20-R1(config-if)#no shutdown 
RSR20-R1(config-if)#description Con_To_S4_F0/24
RSR20-R1(config-if)#int s1/0
RSR20-R1(config-if)#ip address 99.1.1.1 255.255.255.240 
RSR20-R1(config-if)#no shutdown 
RSR20-R1(config-if)#description Con_To_R2_S1/0
RSR20-R1(config-if)#ex
RSR20-R1(config)#int loopback 0
RSR20-R1(config-if)#ip address 192.168.99.1 255.255.255.0

DHCP地址池
RSR20-R1(config)# ip dhcp pool vlan100
RSR20-R1(dhcp-config)#network 192.168.100.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.100.254
RSR20-R1(dhcp-config)#ip dhcp pool vlan101
RSR20-R1(dhcp-config)#network 192.168.101.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.101.254     
RSR20-R1(dhcp-config)#ip dhcp pool vlan102
RSR20-R1(dhcp-config)#network 192.168.102.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.102.254
RSR20-R1(dhcp-config)#ip dhcp pool vlan103
RSR20-R1(dhcp-config)#network 192.168.103.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.103.254

不分配DHCP地址
RSR20-R1(config)#ip dhcp excluded-address 192.168.100.1
RSR20-R1(config)#ip dhcp excluded-address 192.168.100.2
RSR20-R1(config)#ip dhcp excluded-address 192.168.100.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.101.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.101.2  
RSR20-R1(config)#ip dhcp excluded-address 192.168.101.1
RSR20-R1(config)#ip dhcp excluded-address 192.168.102.1
RSR20-R1(config)#ip dhcp excluded-address 192.168.102.2
RSR20-R1(config)#ip dhcp excluded-address 192.168.102.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.103.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.103.2  
RSR20-R1(config)#ip dhcp excluded-address 192.168.103.1 

内外网
RSR20-R1(config)#int f0/0
RSR20-R1(config-if)#ip nat inside 
RSR20-R1(config-if)#int f0/1
RSR20-R1(config-if)#ip nat inside 
RSR20-R1(config-if)#int s1/0
RSR20-R1(config-if)#ip nat outside

配置ospf及默认路由
RSR20-R1(config)#route ospf 10
RSR20-R1(config-router)#network 10.1.0.1 0.0.0.0 area 0
RSR20-R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
RSR20-R1(config-router)#network 10.1.1.4 0.0.0.3 area 0
RSR20-R1(config-router)#default-information originate always 
RSR20-R1(config)#ip route 0.0.0.0 0.0.0.0 99.1.1.2

配置ACL
RSR20-R1(config)#access-list 1 permit 192.168.100.0 0.0.0.255
RSR20-R1(config)#access-list 1 permit 192.168.101.0 0.0.0.255
RSR20-R1(config)#access-list 2 permit 192.168.102.0 0.0.0.255
RSR20-R1(config)#access-list 2 permit 192.168.103.0 0.0.0.255

地址转换
RSR20-R1(config)#ip nat pool a1 99.1.1.3 99.1.1.5 netmask 255.255.255.240
RSR20-R1(config)#ip nat pool a2 99.1.1.6 99.1.1.8 net
RSR20-R1(config)#ip nat pool a2 99.1.1.6 99.1.1.8 netmask 255.255.255.240
RSR20-R1(config)#$ tcp 192.168.104.252 20 99.1.1.11 20                       
RSR20-R1(config)#$ tcp 192.168.104.252 21 99.1.1.11 21                         
RSR20-R1(config)#$ tcp 192.168.104.254 80 99.1.1.9 80   
RSR20-R1(config)#ip nat inside source list 1 pool a1 overload 
RSR20-R1(config)#ip nat inside source list 2 pool a2 overload        

(2)路由器R2

配置接口//描述接口
ISP-RSR20-R2(config)#hostname ISP-RSR20-R2  
ISP-RSR20-R2(config)#interface FastEthernet 0/0
ISP-RSR20-R2(config-if)#ip address 192.168.88.1 255.255.255.0
ISP-RSR20-R2(config)#no shutdown
ISP-RSR20-R2(config)#interface Loopback 0
ISP-RSR20-R2(config-if)#ip address 192.168.99.1 255.255.255.0
ISP-RSR20-R2(config)#no shutdown
ISP-RSR20-R2(config)#interface Serial 1/0
ISP-RSR20-R2(config-if)#ip address 99.1.1.2 255.255.255.240
ISP-RSR20-R2(config-if)#description Con_To_R1_S1/0
ISP-RSR20-R2(config)#no shutdown

2.交换机配置
(1)三层交换机S3

接口描述
R6_S3760_1(config)#hostname S3760-S3
S3760-S3(config)#int fastEthernet 0/2              
S3760-S3(config-if-FastEthernet 0/2)#description Con_To_S2_F0/1
S3760-S3(config-if-FastEthernet 0/2)#exit
S3760-S3(config)#int f0/1
S3760-S3(config-if-FastEthernet 0/1)#description Con_To_S1_F0/1
S3760-S3(config-if-FastEthernet 0/1)#exit
S3760-S3(config)#int f0/5
S3760-S3(config-if-FastEthernet 0/5)#description Con_To_S4_F0/5
S3760-S3(config-if-FastEthernet 0/5)#exit
S3760-S3(config)#int f0/6
S3760-S3(config-if-FastEthernet 0/6)#description Con_To_S4_F0/6
S3760-S3(config-if-FastEthernet 0/6)#exit
S3760-S3(config)#int f0/24
S3760-S3(config-if-FastEthernet 0/24)#description Con_To_R1_F0/0
S3760-S3(config-if-FastEthernet 0/24)#exit
S3760-S3(config)#int f0/4
S3760-S3(config-if-FastEthernet 0/4)#description Con_To_server
S3760-S3(config-if-FastEthernet 0/4)#exit
S3760-S3(config)#vlan 100
S3760-S3(config-vlan)#vlan 101
S3760-S3(config-vlan)#vlan 102
S3760-S3(config-vlan)#vlan 103
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 100
S3760-S3(config-vlan)#name Office
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 101
S3760-S3(config-vlan)#name HRD
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 102
S3760-S3(config-vlan)#name TD
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 103
S3760-S3(config-vlan)#name MD

配置trunk
S3760-S3(config)#interface fastEthernet 0/1
S3760-S3(config-if-FastEthernet 0/1)#switchport mode trunk
S3760-S3(config-if-FastEthernet 0/1)#switchport trunk allowed vlan remove 1-99,104-4094
S3760-S3(config-if-FastEthernet 0/1)#exit
S3760-S3(config)#interface fastEthernet 0/2
S3760-S3(config-if-FastEthernet 0/2)#switchport mode trunk
S3760-S3(config-if-FastEthernet 0/2)#switchport trunk allowed vlan remove 1-99,104-4094

添加IP地址
S3760-S3(config)# interface vlan 100
S3760-S3(config-if-VLAN 100)#ip address 192.168.100.1 255.255.255.0
S3760-S3(config-if-VLAN 100)#exit
S3760-S3(config)# interface vlan 101
S3760-S3(config-if-VLAN 101)#ip address 192.168.101.1 255.255.255.0
S3760-S3(config-if-VLAN 101)#exit
S3760-S3(config)# interface vlan 102
S3760-S3(config-if-VLAN 102)#ip address 192.168.102.1 255.255.255.0
S3760-S3(config-if-VLAN 102)#exit
S3760-S3(config)# interface vlan 103
S3760-S3(config-if-VLAN 103)#ip add 192.168.103.1 255.255.255.0
S3760-S3(config-if-VLAN 103)#exit
S3760-S3(config)#int fastEthernet 0/4
S3760-S3(config-if-FastEthernet 0/4)#no switchport 
S3760-S3(config-if-FastEthernet 0/4)#ip address 192.168.104.1 255.255.255.0
S3760-S3(config-if-FastEthernet 0/4)#exit
S3760-S3(config)#int f0/24
S3760-S3(config-if-FastEthernet 0/24)#no switchport 
S3760-S3(config-if-FastEthernet 0/24)#ip address 10.1.1.2 255.255.255.252
S3760-S3(config-if-FastEthernet 0/24)#exit
S3760-S3(config)# interface loopback 0
S3760-S3(config-if-Loopback 0)#ip address 10.1.0.3 255.255.255.255

配置聚合口
S3760-S3(config)#interface range fastEthernet 0/5-6
S3760-S3(config-if-range)#port-group 1
S3760-S3(config-if-range)#exit
S3760-S3(config)#int aggregateport 1
S3760-S3(config-if-AggregatePort 1)#switchport mode trunk

配置多生成树
S3760-S3(config)#spanning-tree
S3760-S3(config)#spanning-tree mode mstp
S3760-S3(config)#spanning-tree mst configuration
S3760-S3(config-mst)#name ruijie
S3760-S4(config-mst)#revision 1
S3760-S4(config-mst)#instance 0 vlan 1-99, 104-4094
S3760-S3(config-mst)#instance 1 vlan 100,101
S3760-S3(config-mst)#instance 2 vlan 102,103
S3760-S3(config-mst)#exit
S3760-S3(config)#spanning-tree mst 1 priority 4096
S3760-S3(config)#spanning-tree mst 2 priority 8192

添加vrrp
S3760-S3(config)#interface vlan 100
S3760-S3(config-if-VLAN 100)#vrrp 10 ip 192.168.100.254
S3760-S3(config-if-VLAN 100)#vrrp 10 priority 150
S3760-S3(config-if-VLAN 100)#exit
S3760-S3(config-if-VLAN 101)#interface vlan 101
S3760-S3(config-if-VLAN 101)#vrrp 20 ip 192.168.101.254
S3760-S3(config-if-VLAN 101)#vrrp 20 priority 150
S3760-S3(config-if-VLAN 101)#exit
S3760-S3(config)#interface vlan 102
S3760-S3(config-if-VLAN 102)#vrrp 30 ip 192.168.102.254
S3760-S3(config-if-VLAN 102)#vrrp 30 priority 120
S3760-S3(config-if-VLAN 102)#exit
S3760-S3(config)#interface vlan 103
S3760-S3(config-if-VLAN 103)#vrrp 40 ip 192.168.103.254
S3760-S3(config-if-VLAN 103)#vrrp 40 priority 120

配置ospf
S3760-S3(config)#route ospf 10
S3760-S3(config-router)#network 192.168.100.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.101.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.102.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.103.0 0.0.0.255 area 0 
S3760-S3(config-router)#network 192.168.104.0 0.0.0.255 area 0
S3760-S3(config-router)#network 10.1.1.0 0.0.0.3 area 0       
S3760-S3(config-router)#network 10.1.0.3 0.0.0.0 area 0

开启DHCP服务
S3760-S3(config)#service dhcp
S3760-S3(config)#ip helper-address 10.1.0.1                

(2)三层交换机S4

R6_S3760_2#config terface
R6_S3760_2(config)#hostname S3760-S4

接口描述
S3760-S4(config)#interface fastEthernet 0/1
S3760-S4(config-if-FastEthernet 0/1)#description Con_To_S1_F0/2
S3760-S4(config-if-FastEthernet 0/1)#exit
S3760-S4(config)#interface fastEthernet 0/2
S3760-S4(config-if-FastEthernet 0/2)#description Con_To_S2_F0/2
S3760-S4(config-if-FastEthernet 0/2)#exit
S3760-S4(config)#interface fastEthernet 0/5
S3760-S4(config-if-FastEthernet 0/5)#description Con_To_S3_F0/5
S3760-S4(config-if-FastEthernet 0/5)#exit
S3760-S4(config)#interface fastEthernet 0/6
S3760-S4(config-if-FastEthernet 0/6)#description Con_To_S3_F0/6
S3760-S4(config-if-FastEthernet 0/6)#exit
S3760-S4(config)#interface fastEthernet 0/24
S3760-S4(config-if-FastEthernet 0/24)#description Con_To_R1_F0/1
S3760-S4(config-if-FastEthernet 0/24)#exit
S3760-S4(config)#vlan 100
S3760-S4(config-vlan)#vlan 101
S3760-S4(config-vlan)#vlan 102
S3760-S4(config-vlan)#vlan 103
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 100
S3760-S4(config-vlan)#name Office
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 101
S3760-S4(config-vlan)#name HRD
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 102
S3760-S4(config-vlan)#name TD
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 103
S3760-S4(config-vlan)#name MD
S3760-S4(config-vlan)#exit

S3760-S4(config)#interface fastEthernet 0/1
S3760-S4(config-if-FastEthernet 0/1)#switchport mode trunk
S3760-S4(config-if-FastEthernet 0/1)#switchport trunk allowed vlan remove 1-99,104-4094
S3760-S4(config-if-FastEthernet 0/1)#exit
S3760-S4(config)#interface fastEthernet 0/2
S3760-S4(config-if-FastEthernet 0/2)#switchport mode trunk
S3760-S4(config-if-FastEthernet 0/2)#switchport trunk allowed vlan remove 1-99,104-4094
S3760-S4(config-if-FastEthernet 0/2)#exit

添加IP
S3760-S4(config)#interface vlan 100
S3760-S4(config-if-VLAN 100)#ip address 192.168.100.2 255.255.255.0
S3760-S4(config-if-VLAN 100)#exit
S3760-S4(config)#interface vlan 101
S3760-S4(config-if-VLAN 101)#ip address 192.168.101.2 255.255.255.0
S3760-S4(config-if-VLAN 101)#exit
S3760-S4(config)#interface vlan 102
S3760-S4(config-if-VLAN 102)#ip address 192.168.102.2 255.255.255.0
S3760-S4(config-if-VLAN 102)#exit
S3760-S4(config)#interface vlan 103
S3760-S4(config-if-VLAN 103)#ip address 192.168.103.2 255.255.255.0
S3760-S4(config-if-VLAN 103)#exit
S3760-S4(config)#interface fastEthernet 0/24
S3760-S4(config-if-FastEthernet 0/24)#no switchport
S3760-S4(config-if-FastEthernet 0/24)#ip address 10.1.1.6 255.255.255.252
S3760-S4(config-if-FastEthernet 0/24)#exit
S3760-S4(config)#interface loopback 0
S3760-S4(config-if-Loopback 0)#ip address 10.1.0.4 255.255.255.255

开启DHCP服务
S3760-S4(config)#service dhcp
S3760-S4(config)#ip helper-address 10.1.0.1

配置OSPF
S3760-S4(config)#router ospf 10
S3760-S4(config)# network 10.1.0.4 0.0.0.0 area 0
S3760-S4(config)#network 10.1.1.4 0.0.0.3 area 0
S3760-S4(config)#network 192.168.100.0 0.0.0.255 area 0
S3760-S4(config)#network 192.168.101.0 0.0.0.255 area 0
S3760-S4(config)#network 192.168.102.0 0.0.0.255 area 0
S3760-S4(config)#network 192.168.103.0 0.0.0.255 area 0

配置聚合口
S3760-S4(config)#interface range fastEthernet 0/5-6
S3760-S4(config-if-range)#port-group 1
S3760-S4(config-if-range)#exit
S3760-S4(config)#int aggregateport 1
S3760-S4(config-if-AggregatePort 1)#switchport mode trunk

配置多生成树
S3760-S4(config)#spanning-tree
S3760-S4(config)#spanning-tree mode mstp
S3760-S4(config)#spanning-tree mst configuration
S3760-S4(config-mst)#name ruijie
S3760-S4(config-mst)#revision 1
S3760-S4(config-mst)#instance 0 vlan 1-99, 104-4094
S3760-S4(config-mst)#instance 1 vlan 100,101
S3760-S4(config-mst)#instance 2 vlan 102,103
S3760-S4(config)#spanning-tree mst 1 priority 8192
S3760-S4(config)#spanning-tree mst 2 priority 4096

配置vrrp
S3760-S4(config)#interface vlan 100
S3760-S4(config-if-VLAN 100)#vrrp 10 ip 192.168.100.254
S3760-S4(config-if-VLAN 100)#vrrp 10 priority 120
S3760-S4(config-if-VLAN 100)#exit
S3760-S4(config)#interface vlan 101
S3760-S4(config-if-VLAN 101)#vrrp 20 ip 192.168.101.254
S3760-S4(config-if-VLAN 101)#vrrp 20 priority 120
S3760-S4(config-if-VLAN 101)#exit
S3760-S4(config)#interface vlan 102
S3760-S4(config-if-VLAN 102)#vrrp 30 ip 192.168.102.254
S3760-S4(config-if-VLAN 102)#vrrp 30 priority 150
S3760-S4(config-if-VLAN 102)#exit
S3760-S4(config)#interface vlan 103
S3760-S4(config-if-VLAN 103)#vrrp 40 ip 192.168.103.254
S3760-S4(config-if-VLAN 103)#vrrp 40 priority 150

(3)二层交换机S1

修改主机名 
R7_S2328_1#configure 
R7_S2328_1(config)#hostname S2328-S1
S2328-S1(config)#vlan 100

WLAN名称
S2328-S1(config-vlan)#name office
S2328-S1(config-vlan)#exit 
S2328-S1(config)#vlan 101 
S2328-S1(config-vlan)#name HRD
S2328-S1(config-vlan)#exit 
S2328-S1(config)#vlan 102
S2328-S1(config-vlan)#name TD
S2328-S1(config-vlan)#exit 
S2328-S1(config)#vlan 103
S2328-S1(config-vlan)#name MD
S2328-S1(config-vlan)#exit 

接口描述
S2328-S1(config)#interface f0/1
S2328-S1(config-if)#description Con_To_S3_F0/1    
S2328-S1(config-if)#exit 
S2328-S1(config)#interface f0/2
S2328-S1(config-if)#description 
S2328-S1(config-if)#description Con_To_S4_F0/1
S2328-S1#configure 
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#switchport access vlan 100
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/11-15
S2328-S1(config-if-range)#switchport access vlan 101
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/16-20
S2328-S1(config-if-range)#switchport access vlan 102
S2328-S1(config)#interface range f0/21-24
S2328-S1(config-if-range)#switchport access vlan 103
S2328-S1(config-if-range)#exit 

开启portfast和bduuguard防护功能
S2328-S1(config)#spanning-tree 
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#spanning-tree bpduguard enable 
S2328-S1(config-if-range)#spanning-tree portfast 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/11-15
S2328-S1(config-if-range)#spanning-tree bpduguard enable 
S2328-S1(config-if-range)#spanning-tree portfast 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/16-20     
S2328-S1(config-if-range)#spanning-tree bpduguard enable 
S2328-S1(config-if-range)#spanning-tree portfast 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/21-24
S2328-S1(config-if-range)#spanning-tree bpduguard enable 
S2328-S1(config-if-range)#spanning-tree portfast 
S2328-S1(config-if-range)#exit 

启用rldp协议
S2328-S1(config)#rldp enable 
S2328-S1(config)#interface range f0/3-10 
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/11-15
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S1(config-if-range)#
S2328-S1(config)#interface range f0/16-20
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range fastEthernet 0/21-24
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S1(config-if-range)#exit 

300秒之后自动恢复//开启多生成树
S2328-S1(config)#errdisable recovery interval 300
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#switchport trunk mode
S2328-S1(config-if-range)#exit 
S2328-S1(config)#spanning-tree mode mstp 

配置生成树
S2328-S1(config)#spanning-tree mst configuration 

配置实例
S2328-S1(config-mst)#instance 1 vlan 100,101
S2328-S1(config-mst)#instance 2 vlan 102,103
S2328-S1(config-mst)#name ruijie

配置版本
S2328-S1(config-mst)#revision 1
S2328-S1(config-mst)#exit 
S2328-S1(config)#spanning-tree mst 1 priority 4096
S2328-S1(config)#interface range f0/1-2
S2328-S1(config-if-range)#switchport mode trunk 
S2328-S1(config-if-range)#switchport trunk allowed vlan remove 1-99,104-4094

(4)二层交换机S2

更改主机名//vlan接口
R7_S2328_2#configure 
R7_S2328_2(config)#hostname S2328-S2
S2328-S1(config)#vlan 100

Vlan名称
S2328-S2 (config-vlan)#name office
S2328-S2(config-vlan)#exit 
S2328-S2(config)#vlan 101 
S2328-S2(config-vlan)#name HRD
S2328-S2(config-vlan)#exit 
S2328-S2(config)#vlan 102
S2328-S2(config-vlan)#name TD
S2328-S2(config-vlan)#exit 
S2328-S2(config)#vlan 103
S2328-S2(config-vlan)#name MD
S2328-S2(config-vlan)#exit 

接口描述
S2328-S2(config)#interface f0/1
S2328-S2(config-if)#description Con_To_S3_F0/2    
S2328-S2(config-if)#exit 
S2328-S2(config)#interface f0/2
S2328-S2(config-if)#description 
S2328-S2(config-if)#description Con_To_S4_F0/2
S2328-S2#configure 

Vlan名称//端口划分
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#switchport access vlan 100
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/11-15
S2328-S2(config-if-range)#switchport access vlan 101
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/16-20
S2328-S2(config-if-range)#switchport access vlan 102
S2328-S2(config)#interface range f0/21-24
S2328-S2(config-if-range)#switchport access vlan 103
S2328-S2(config-if-range)#exit 

开启portfast和bpduguard防护功能
S2328-S2(config)#spanning-tree 
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#spanning-tree bpduguard enable 
S2328-S2(config-if-range)#spanning-tree portfast 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/11-15
S2328-S2(config-if-range)#spanning-tree bpduguard enable 
S2328-S2(config-if-range)#spanning-tree portfast 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/16-20     
S2328-S2(config-if-range)#spanning-tree bpduguard enable 
S2328-S2(config-if-range)#spanning-tree portfast 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/21-24
S2328-S2(config-if-range)#spanning-tree bpduguard enable 
S2328-S2(config-if-range)#spanning-tree portfast 

开启rldp功能//方式为shutdown
S2328-S2(config-if-range)#exit 
S2328-S2(config)#rldp enable 
S2328-S2(config)#interface range f0/3-10 
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/11-15
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S2(config-if-range)#
S2328-S2(config)#interface range f0/16-20
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range fastEthernet 0/21-24
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S2(config-if-range)#exit 

300秒后开启自动恢复//配置多生成树
S2328-S2(config)#errdisable recovery interval 300
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#switchport trunk mode
S2328-S2(config-if-range)#exit 
S2328-S2(config)#spanning-tree mode mstp 
S2328-S2(config)#spanning-tree mst configuration 

配置实例 
S2328-S2(config-mst)#instance 1 vlan 100,101
S2328-S2(config-mst)#instance 2 vlan 102,103
S2328-S2(config-mst)#name ruijie

配置版本
S2328-S2(config-mst)#revision 1
S2328-S2(config-mst)#exit 
S2328-S2(config)#spanning-tree mst 1 priority 4096
S2328-S2(config)#interface range f0/1-2
S2328-S2(config-if-range)#switchport mode trunk 
S2328-S2(config-if-range)#switchport trunk allowed vlan remove 1-99,104-4094

六、功能测试

  1. vlan100 用户PC ping vlan101 PC(截图)
    《构建中小型网络实训》实训课程
  2. vlan100用户PC ping vlan102 用户PC(截图)《构建中小型网络实训》实训课程
  3. vlan100用户PC ping vlan103 用户PC(截图)《构建中小型网络实训》实训课程
  4. vlan101用户PC ping vlan102 用户PC(截图)《构建中小型网络实训》实训课程
  5. vlan101用户PC ping vlan103 用户PC(截图)《构建中小型网络实训》实训课程
  6. vlan102用户PC ping vlan103 用户PC(截图)《构建中小型网络实训》实训课程
  7. vlan100 PC ping R2 loopback接口(截图)《构建中小型网络实训》实训课程
  8. vlan101 PC ping R2 loopback接口(截图)《构建中小型网络实训》实训课程
  9. vlan102 PC ping R2 loopback接口(截图)《构建中小型网络实训》实训课程
  10. vlan103 PC ping R2 loopback接口(截图)《构建中小型网络实训》实训课程
  11. R1#show ip nat translations(截图)
    《构建中小型网络实训》实训课程
    《构建中小型网络实训》实训课程
  12. 公网PC浏览器IE访问http:// 99.1.1.9(截图)《构建中小型网络实训》实训课程
  13. 公网PC浏览器IE访问ftp:// 99.1.1.11(截图)《构建中小型网络实训》实训课程
  14. 服务器web功能本机测试(截图)《构建中小型网络实训》实训课程
  15. 服务器FTP功能本机测试(截图)《构建中小型网络实训》实训课程
上一篇:R手册(Common)--R6 and S4


下一篇:21201225-肖思学-2021.9.23-学习笔记