一、项目基本情况
某企业需要建设一个综合的企业网,公司有4个部门,从内网的安全考虑,使用VLAN技术将各门划分到不同的VLAN中,部署防环、防攻击、数据负载均衡等相关策略,确保局域网业务安全、可靠。为了提高公司的业务能力和增强企业的知名度,将公司的Web网站以及FTP服务发布到互联网上;为了便于网络管理,公司内部的网络需要使用OSPF路由协议使全网互通;公司需要能够访问互联网,并从ISP那里申请了一段公网IP地址99.1.1.0/28。
二、网络拓扑说明
信息化建设方案拓扑图如下图1所示,相关说明如下:
1.一台RG-RSR20编号为R1,作为分公司出口设备;
2.两台RG-3760编号为S3和S4,作为公司核心交换机;
3.两台RG-S2328编号为S1和S2,作为公司接入交换机;
4. 一台RG-RSR20编号为R2,作为运营商接入设备。
5. 计算机(可使用虚拟机)5台,服务器操作系统为windows server 2008。
三、实验拓扑
四、拓扑连线与地址规划
本项目的网络物理连接表如表1所示,网络设备名称表如2所示,IP地址分配表如表3所示。
五、网络设备部署
1.路由器配置
(1)路由器R1
配置接口//描述接口
R7_RSR10_1(config)#hostname RSR20-R1
RSR20-R1(config)#int f0/0
RSR20-R1(config-if)#ip address 10.1.1.1 255.255.255.240
RSR20-R1(config-if)#no shutdown
RSR20-R1(config-if)#ip address 10.1.1.1 255.255.255.252
RSR20-R1(config-if)#description Con_To_S3_F0/24
RSR20-R1(config-if)#int f0/1
RSR20-R1(config-if)#ip address 10.1.1.5 255.255.255.252
RSR20-R1(config-if)#no shutdown
RSR20-R1(config-if)#description Con_To_S4_F0/24
RSR20-R1(config-if)#int s1/0
RSR20-R1(config-if)#ip address 99.1.1.1 255.255.255.240
RSR20-R1(config-if)#no shutdown
RSR20-R1(config-if)#description Con_To_R2_S1/0
RSR20-R1(config-if)#ex
RSR20-R1(config)#int loopback 0
RSR20-R1(config-if)#ip address 192.168.99.1 255.255.255.0
DHCP地址池
RSR20-R1(config)# ip dhcp pool vlan100
RSR20-R1(dhcp-config)#network 192.168.100.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.100.254
RSR20-R1(dhcp-config)#ip dhcp pool vlan101
RSR20-R1(dhcp-config)#network 192.168.101.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.101.254
RSR20-R1(dhcp-config)#ip dhcp pool vlan102
RSR20-R1(dhcp-config)#network 192.168.102.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.102.254
RSR20-R1(dhcp-config)#ip dhcp pool vlan103
RSR20-R1(dhcp-config)#network 192.168.103.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.103.254
不分配DHCP地址
RSR20-R1(config)#ip dhcp excluded-address 192.168.100.1
RSR20-R1(config)#ip dhcp excluded-address 192.168.100.2
RSR20-R1(config)#ip dhcp excluded-address 192.168.100.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.101.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.101.2
RSR20-R1(config)#ip dhcp excluded-address 192.168.101.1
RSR20-R1(config)#ip dhcp excluded-address 192.168.102.1
RSR20-R1(config)#ip dhcp excluded-address 192.168.102.2
RSR20-R1(config)#ip dhcp excluded-address 192.168.102.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.103.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.103.2
RSR20-R1(config)#ip dhcp excluded-address 192.168.103.1
内外网
RSR20-R1(config)#int f0/0
RSR20-R1(config-if)#ip nat inside
RSR20-R1(config-if)#int f0/1
RSR20-R1(config-if)#ip nat inside
RSR20-R1(config-if)#int s1/0
RSR20-R1(config-if)#ip nat outside
配置ospf及默认路由
RSR20-R1(config)#route ospf 10
RSR20-R1(config-router)#network 10.1.0.1 0.0.0.0 area 0
RSR20-R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
RSR20-R1(config-router)#network 10.1.1.4 0.0.0.3 area 0
RSR20-R1(config-router)#default-information originate always
RSR20-R1(config)#ip route 0.0.0.0 0.0.0.0 99.1.1.2
配置ACL
RSR20-R1(config)#access-list 1 permit 192.168.100.0 0.0.0.255
RSR20-R1(config)#access-list 1 permit 192.168.101.0 0.0.0.255
RSR20-R1(config)#access-list 2 permit 192.168.102.0 0.0.0.255
RSR20-R1(config)#access-list 2 permit 192.168.103.0 0.0.0.255
地址转换
RSR20-R1(config)#ip nat pool a1 99.1.1.3 99.1.1.5 netmask 255.255.255.240
RSR20-R1(config)#ip nat pool a2 99.1.1.6 99.1.1.8 net
RSR20-R1(config)#ip nat pool a2 99.1.1.6 99.1.1.8 netmask 255.255.255.240
RSR20-R1(config)#$ tcp 192.168.104.252 20 99.1.1.11 20
RSR20-R1(config)#$ tcp 192.168.104.252 21 99.1.1.11 21
RSR20-R1(config)#$ tcp 192.168.104.254 80 99.1.1.9 80
RSR20-R1(config)#ip nat inside source list 1 pool a1 overload
RSR20-R1(config)#ip nat inside source list 2 pool a2 overload
(2)路由器R2
配置接口//描述接口
ISP-RSR20-R2(config)#hostname ISP-RSR20-R2
ISP-RSR20-R2(config)#interface FastEthernet 0/0
ISP-RSR20-R2(config-if)#ip address 192.168.88.1 255.255.255.0
ISP-RSR20-R2(config)#no shutdown
ISP-RSR20-R2(config)#interface Loopback 0
ISP-RSR20-R2(config-if)#ip address 192.168.99.1 255.255.255.0
ISP-RSR20-R2(config)#no shutdown
ISP-RSR20-R2(config)#interface Serial 1/0
ISP-RSR20-R2(config-if)#ip address 99.1.1.2 255.255.255.240
ISP-RSR20-R2(config-if)#description Con_To_R1_S1/0
ISP-RSR20-R2(config)#no shutdown
2.交换机配置
(1)三层交换机S3
接口描述
R6_S3760_1(config)#hostname S3760-S3
S3760-S3(config)#int fastEthernet 0/2
S3760-S3(config-if-FastEthernet 0/2)#description Con_To_S2_F0/1
S3760-S3(config-if-FastEthernet 0/2)#exit
S3760-S3(config)#int f0/1
S3760-S3(config-if-FastEthernet 0/1)#description Con_To_S1_F0/1
S3760-S3(config-if-FastEthernet 0/1)#exit
S3760-S3(config)#int f0/5
S3760-S3(config-if-FastEthernet 0/5)#description Con_To_S4_F0/5
S3760-S3(config-if-FastEthernet 0/5)#exit
S3760-S3(config)#int f0/6
S3760-S3(config-if-FastEthernet 0/6)#description Con_To_S4_F0/6
S3760-S3(config-if-FastEthernet 0/6)#exit
S3760-S3(config)#int f0/24
S3760-S3(config-if-FastEthernet 0/24)#description Con_To_R1_F0/0
S3760-S3(config-if-FastEthernet 0/24)#exit
S3760-S3(config)#int f0/4
S3760-S3(config-if-FastEthernet 0/4)#description Con_To_server
S3760-S3(config-if-FastEthernet 0/4)#exit
S3760-S3(config)#vlan 100
S3760-S3(config-vlan)#vlan 101
S3760-S3(config-vlan)#vlan 102
S3760-S3(config-vlan)#vlan 103
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 100
S3760-S3(config-vlan)#name Office
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 101
S3760-S3(config-vlan)#name HRD
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 102
S3760-S3(config-vlan)#name TD
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 103
S3760-S3(config-vlan)#name MD
配置trunk
S3760-S3(config)#interface fastEthernet 0/1
S3760-S3(config-if-FastEthernet 0/1)#switchport mode trunk
S3760-S3(config-if-FastEthernet 0/1)#switchport trunk allowed vlan remove 1-99,104-4094
S3760-S3(config-if-FastEthernet 0/1)#exit
S3760-S3(config)#interface fastEthernet 0/2
S3760-S3(config-if-FastEthernet 0/2)#switchport mode trunk
S3760-S3(config-if-FastEthernet 0/2)#switchport trunk allowed vlan remove 1-99,104-4094
添加IP地址
S3760-S3(config)# interface vlan 100
S3760-S3(config-if-VLAN 100)#ip address 192.168.100.1 255.255.255.0
S3760-S3(config-if-VLAN 100)#exit
S3760-S3(config)# interface vlan 101
S3760-S3(config-if-VLAN 101)#ip address 192.168.101.1 255.255.255.0
S3760-S3(config-if-VLAN 101)#exit
S3760-S3(config)# interface vlan 102
S3760-S3(config-if-VLAN 102)#ip address 192.168.102.1 255.255.255.0
S3760-S3(config-if-VLAN 102)#exit
S3760-S3(config)# interface vlan 103
S3760-S3(config-if-VLAN 103)#ip add 192.168.103.1 255.255.255.0
S3760-S3(config-if-VLAN 103)#exit
S3760-S3(config)#int fastEthernet 0/4
S3760-S3(config-if-FastEthernet 0/4)#no switchport
S3760-S3(config-if-FastEthernet 0/4)#ip address 192.168.104.1 255.255.255.0
S3760-S3(config-if-FastEthernet 0/4)#exit
S3760-S3(config)#int f0/24
S3760-S3(config-if-FastEthernet 0/24)#no switchport
S3760-S3(config-if-FastEthernet 0/24)#ip address 10.1.1.2 255.255.255.252
S3760-S3(config-if-FastEthernet 0/24)#exit
S3760-S3(config)# interface loopback 0
S3760-S3(config-if-Loopback 0)#ip address 10.1.0.3 255.255.255.255
配置聚合口
S3760-S3(config)#interface range fastEthernet 0/5-6
S3760-S3(config-if-range)#port-group 1
S3760-S3(config-if-range)#exit
S3760-S3(config)#int aggregateport 1
S3760-S3(config-if-AggregatePort 1)#switchport mode trunk
配置多生成树
S3760-S3(config)#spanning-tree
S3760-S3(config)#spanning-tree mode mstp
S3760-S3(config)#spanning-tree mst configuration
S3760-S3(config-mst)#name ruijie
S3760-S4(config-mst)#revision 1
S3760-S4(config-mst)#instance 0 vlan 1-99, 104-4094
S3760-S3(config-mst)#instance 1 vlan 100,101
S3760-S3(config-mst)#instance 2 vlan 102,103
S3760-S3(config-mst)#exit
S3760-S3(config)#spanning-tree mst 1 priority 4096
S3760-S3(config)#spanning-tree mst 2 priority 8192
添加vrrp
S3760-S3(config)#interface vlan 100
S3760-S3(config-if-VLAN 100)#vrrp 10 ip 192.168.100.254
S3760-S3(config-if-VLAN 100)#vrrp 10 priority 150
S3760-S3(config-if-VLAN 100)#exit
S3760-S3(config-if-VLAN 101)#interface vlan 101
S3760-S3(config-if-VLAN 101)#vrrp 20 ip 192.168.101.254
S3760-S3(config-if-VLAN 101)#vrrp 20 priority 150
S3760-S3(config-if-VLAN 101)#exit
S3760-S3(config)#interface vlan 102
S3760-S3(config-if-VLAN 102)#vrrp 30 ip 192.168.102.254
S3760-S3(config-if-VLAN 102)#vrrp 30 priority 120
S3760-S3(config-if-VLAN 102)#exit
S3760-S3(config)#interface vlan 103
S3760-S3(config-if-VLAN 103)#vrrp 40 ip 192.168.103.254
S3760-S3(config-if-VLAN 103)#vrrp 40 priority 120
配置ospf
S3760-S3(config)#route ospf 10
S3760-S3(config-router)#network 192.168.100.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.101.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.102.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.103.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.104.0 0.0.0.255 area 0
S3760-S3(config-router)#network 10.1.1.0 0.0.0.3 area 0
S3760-S3(config-router)#network 10.1.0.3 0.0.0.0 area 0
开启DHCP服务
S3760-S3(config)#service dhcp
S3760-S3(config)#ip helper-address 10.1.0.1
(2)三层交换机S4
R6_S3760_2#config terface
R6_S3760_2(config)#hostname S3760-S4
接口描述
S3760-S4(config)#interface fastEthernet 0/1
S3760-S4(config-if-FastEthernet 0/1)#description Con_To_S1_F0/2
S3760-S4(config-if-FastEthernet 0/1)#exit
S3760-S4(config)#interface fastEthernet 0/2
S3760-S4(config-if-FastEthernet 0/2)#description Con_To_S2_F0/2
S3760-S4(config-if-FastEthernet 0/2)#exit
S3760-S4(config)#interface fastEthernet 0/5
S3760-S4(config-if-FastEthernet 0/5)#description Con_To_S3_F0/5
S3760-S4(config-if-FastEthernet 0/5)#exit
S3760-S4(config)#interface fastEthernet 0/6
S3760-S4(config-if-FastEthernet 0/6)#description Con_To_S3_F0/6
S3760-S4(config-if-FastEthernet 0/6)#exit
S3760-S4(config)#interface fastEthernet 0/24
S3760-S4(config-if-FastEthernet 0/24)#description Con_To_R1_F0/1
S3760-S4(config-if-FastEthernet 0/24)#exit
S3760-S4(config)#vlan 100
S3760-S4(config-vlan)#vlan 101
S3760-S4(config-vlan)#vlan 102
S3760-S4(config-vlan)#vlan 103
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 100
S3760-S4(config-vlan)#name Office
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 101
S3760-S4(config-vlan)#name HRD
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 102
S3760-S4(config-vlan)#name TD
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 103
S3760-S4(config-vlan)#name MD
S3760-S4(config-vlan)#exit
S3760-S4(config)#interface fastEthernet 0/1
S3760-S4(config-if-FastEthernet 0/1)#switchport mode trunk
S3760-S4(config-if-FastEthernet 0/1)#switchport trunk allowed vlan remove 1-99,104-4094
S3760-S4(config-if-FastEthernet 0/1)#exit
S3760-S4(config)#interface fastEthernet 0/2
S3760-S4(config-if-FastEthernet 0/2)#switchport mode trunk
S3760-S4(config-if-FastEthernet 0/2)#switchport trunk allowed vlan remove 1-99,104-4094
S3760-S4(config-if-FastEthernet 0/2)#exit
添加IP
S3760-S4(config)#interface vlan 100
S3760-S4(config-if-VLAN 100)#ip address 192.168.100.2 255.255.255.0
S3760-S4(config-if-VLAN 100)#exit
S3760-S4(config)#interface vlan 101
S3760-S4(config-if-VLAN 101)#ip address 192.168.101.2 255.255.255.0
S3760-S4(config-if-VLAN 101)#exit
S3760-S4(config)#interface vlan 102
S3760-S4(config-if-VLAN 102)#ip address 192.168.102.2 255.255.255.0
S3760-S4(config-if-VLAN 102)#exit
S3760-S4(config)#interface vlan 103
S3760-S4(config-if-VLAN 103)#ip address 192.168.103.2 255.255.255.0
S3760-S4(config-if-VLAN 103)#exit
S3760-S4(config)#interface fastEthernet 0/24
S3760-S4(config-if-FastEthernet 0/24)#no switchport
S3760-S4(config-if-FastEthernet 0/24)#ip address 10.1.1.6 255.255.255.252
S3760-S4(config-if-FastEthernet 0/24)#exit
S3760-S4(config)#interface loopback 0
S3760-S4(config-if-Loopback 0)#ip address 10.1.0.4 255.255.255.255
开启DHCP服务
S3760-S4(config)#service dhcp
S3760-S4(config)#ip helper-address 10.1.0.1
配置OSPF
S3760-S4(config)#router ospf 10
S3760-S4(config)# network 10.1.0.4 0.0.0.0 area 0
S3760-S4(config)#network 10.1.1.4 0.0.0.3 area 0
S3760-S4(config)#network 192.168.100.0 0.0.0.255 area 0
S3760-S4(config)#network 192.168.101.0 0.0.0.255 area 0
S3760-S4(config)#network 192.168.102.0 0.0.0.255 area 0
S3760-S4(config)#network 192.168.103.0 0.0.0.255 area 0
配置聚合口
S3760-S4(config)#interface range fastEthernet 0/5-6
S3760-S4(config-if-range)#port-group 1
S3760-S4(config-if-range)#exit
S3760-S4(config)#int aggregateport 1
S3760-S4(config-if-AggregatePort 1)#switchport mode trunk
配置多生成树
S3760-S4(config)#spanning-tree
S3760-S4(config)#spanning-tree mode mstp
S3760-S4(config)#spanning-tree mst configuration
S3760-S4(config-mst)#name ruijie
S3760-S4(config-mst)#revision 1
S3760-S4(config-mst)#instance 0 vlan 1-99, 104-4094
S3760-S4(config-mst)#instance 1 vlan 100,101
S3760-S4(config-mst)#instance 2 vlan 102,103
S3760-S4(config)#spanning-tree mst 1 priority 8192
S3760-S4(config)#spanning-tree mst 2 priority 4096
配置vrrp
S3760-S4(config)#interface vlan 100
S3760-S4(config-if-VLAN 100)#vrrp 10 ip 192.168.100.254
S3760-S4(config-if-VLAN 100)#vrrp 10 priority 120
S3760-S4(config-if-VLAN 100)#exit
S3760-S4(config)#interface vlan 101
S3760-S4(config-if-VLAN 101)#vrrp 20 ip 192.168.101.254
S3760-S4(config-if-VLAN 101)#vrrp 20 priority 120
S3760-S4(config-if-VLAN 101)#exit
S3760-S4(config)#interface vlan 102
S3760-S4(config-if-VLAN 102)#vrrp 30 ip 192.168.102.254
S3760-S4(config-if-VLAN 102)#vrrp 30 priority 150
S3760-S4(config-if-VLAN 102)#exit
S3760-S4(config)#interface vlan 103
S3760-S4(config-if-VLAN 103)#vrrp 40 ip 192.168.103.254
S3760-S4(config-if-VLAN 103)#vrrp 40 priority 150
(3)二层交换机S1
修改主机名
R7_S2328_1#configure
R7_S2328_1(config)#hostname S2328-S1
S2328-S1(config)#vlan 100
WLAN名称
S2328-S1(config-vlan)#name office
S2328-S1(config-vlan)#exit
S2328-S1(config)#vlan 101
S2328-S1(config-vlan)#name HRD
S2328-S1(config-vlan)#exit
S2328-S1(config)#vlan 102
S2328-S1(config-vlan)#name TD
S2328-S1(config-vlan)#exit
S2328-S1(config)#vlan 103
S2328-S1(config-vlan)#name MD
S2328-S1(config-vlan)#exit
接口描述
S2328-S1(config)#interface f0/1
S2328-S1(config-if)#description Con_To_S3_F0/1
S2328-S1(config-if)#exit
S2328-S1(config)#interface f0/2
S2328-S1(config-if)#description
S2328-S1(config-if)#description Con_To_S4_F0/1
S2328-S1#configure
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#switchport access vlan 100
S2328-S1(config-if-range)#exit
S2328-S1(config)#interface range f0/11-15
S2328-S1(config-if-range)#switchport access vlan 101
S2328-S1(config-if-range)#exit
S2328-S1(config)#interface range f0/16-20
S2328-S1(config-if-range)#switchport access vlan 102
S2328-S1(config)#interface range f0/21-24
S2328-S1(config-if-range)#switchport access vlan 103
S2328-S1(config-if-range)#exit
开启portfast和bduuguard防护功能
S2328-S1(config)#spanning-tree
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#spanning-tree bpduguard enable
S2328-S1(config-if-range)#spanning-tree portfast
S2328-S1(config-if-range)#exit
S2328-S1(config)#interface range f0/11-15
S2328-S1(config-if-range)#spanning-tree bpduguard enable
S2328-S1(config-if-range)#spanning-tree portfast
S2328-S1(config-if-range)#exit
S2328-S1(config)#interface range f0/16-20
S2328-S1(config-if-range)#spanning-tree bpduguard enable
S2328-S1(config-if-range)#spanning-tree portfast
S2328-S1(config-if-range)#exit
S2328-S1(config)#interface range f0/21-24
S2328-S1(config-if-range)#spanning-tree bpduguard enable
S2328-S1(config-if-range)#spanning-tree portfast
S2328-S1(config-if-range)#exit
启用rldp协议
S2328-S1(config)#rldp enable
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port
S2328-S1(config-if-range)#exit
S2328-S1(config)#interface range f0/11-15
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port
S2328-S1(config-if-range)#
S2328-S1(config)#interface range f0/16-20
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port
S2328-S1(config-if-range)#exit
S2328-S1(config)#interface range fastEthernet 0/21-24
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port
S2328-S1(config-if-range)#exit
300秒之后自动恢复//开启多生成树
S2328-S1(config)#errdisable recovery interval 300
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#switchport trunk mode
S2328-S1(config-if-range)#exit
S2328-S1(config)#spanning-tree mode mstp
配置生成树
S2328-S1(config)#spanning-tree mst configuration
配置实例
S2328-S1(config-mst)#instance 1 vlan 100,101
S2328-S1(config-mst)#instance 2 vlan 102,103
S2328-S1(config-mst)#name ruijie
配置版本
S2328-S1(config-mst)#revision 1
S2328-S1(config-mst)#exit
S2328-S1(config)#spanning-tree mst 1 priority 4096
S2328-S1(config)#interface range f0/1-2
S2328-S1(config-if-range)#switchport mode trunk
S2328-S1(config-if-range)#switchport trunk allowed vlan remove 1-99,104-4094
(4)二层交换机S2
更改主机名//vlan接口
R7_S2328_2#configure
R7_S2328_2(config)#hostname S2328-S2
S2328-S1(config)#vlan 100
Vlan名称
S2328-S2 (config-vlan)#name office
S2328-S2(config-vlan)#exit
S2328-S2(config)#vlan 101
S2328-S2(config-vlan)#name HRD
S2328-S2(config-vlan)#exit
S2328-S2(config)#vlan 102
S2328-S2(config-vlan)#name TD
S2328-S2(config-vlan)#exit
S2328-S2(config)#vlan 103
S2328-S2(config-vlan)#name MD
S2328-S2(config-vlan)#exit
接口描述
S2328-S2(config)#interface f0/1
S2328-S2(config-if)#description Con_To_S3_F0/2
S2328-S2(config-if)#exit
S2328-S2(config)#interface f0/2
S2328-S2(config-if)#description
S2328-S2(config-if)#description Con_To_S4_F0/2
S2328-S2#configure
Vlan名称//端口划分
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#switchport access vlan 100
S2328-S2(config-if-range)#exit
S2328-S2(config)#interface range f0/11-15
S2328-S2(config-if-range)#switchport access vlan 101
S2328-S2(config-if-range)#exit
S2328-S2(config)#interface range f0/16-20
S2328-S2(config-if-range)#switchport access vlan 102
S2328-S2(config)#interface range f0/21-24
S2328-S2(config-if-range)#switchport access vlan 103
S2328-S2(config-if-range)#exit
开启portfast和bpduguard防护功能
S2328-S2(config)#spanning-tree
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#spanning-tree bpduguard enable
S2328-S2(config-if-range)#spanning-tree portfast
S2328-S2(config-if-range)#exit
S2328-S2(config)#interface range f0/11-15
S2328-S2(config-if-range)#spanning-tree bpduguard enable
S2328-S2(config-if-range)#spanning-tree portfast
S2328-S2(config-if-range)#exit
S2328-S2(config)#interface range f0/16-20
S2328-S2(config-if-range)#spanning-tree bpduguard enable
S2328-S2(config-if-range)#spanning-tree portfast
S2328-S2(config-if-range)#exit
S2328-S2(config)#interface range f0/21-24
S2328-S2(config-if-range)#spanning-tree bpduguard enable
S2328-S2(config-if-range)#spanning-tree portfast
开启rldp功能//方式为shutdown
S2328-S2(config-if-range)#exit
S2328-S2(config)#rldp enable
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port
S2328-S2(config-if-range)#exit
S2328-S2(config)#interface range f0/11-15
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port
S2328-S2(config-if-range)#
S2328-S2(config)#interface range f0/16-20
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port
S2328-S2(config-if-range)#exit
S2328-S2(config)#interface range fastEthernet 0/21-24
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port
S2328-S2(config-if-range)#exit
300秒后开启自动恢复//配置多生成树
S2328-S2(config)#errdisable recovery interval 300
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#switchport trunk mode
S2328-S2(config-if-range)#exit
S2328-S2(config)#spanning-tree mode mstp
S2328-S2(config)#spanning-tree mst configuration
配置实例
S2328-S2(config-mst)#instance 1 vlan 100,101
S2328-S2(config-mst)#instance 2 vlan 102,103
S2328-S2(config-mst)#name ruijie
配置版本
S2328-S2(config-mst)#revision 1
S2328-S2(config-mst)#exit
S2328-S2(config)#spanning-tree mst 1 priority 4096
S2328-S2(config)#interface range f0/1-2
S2328-S2(config-if-range)#switchport mode trunk
S2328-S2(config-if-range)#switchport trunk allowed vlan remove 1-99,104-4094
六、功能测试
- vlan100 用户PC ping vlan101 PC(截图)
- vlan100用户PC ping vlan102 用户PC(截图)
- vlan100用户PC ping vlan103 用户PC(截图)
- vlan101用户PC ping vlan102 用户PC(截图)
- vlan101用户PC ping vlan103 用户PC(截图)
- vlan102用户PC ping vlan103 用户PC(截图)
- vlan100 PC ping R2 loopback接口(截图)
- vlan101 PC ping R2 loopback接口(截图)
- vlan102 PC ping R2 loopback接口(截图)
- vlan103 PC ping R2 loopback接口(截图)
- R1#show ip nat translations(截图)
- 公网PC浏览器IE访问http:// 99.1.1.9(截图)
- 公网PC浏览器IE访问ftp:// 99.1.1.11(截图)
- 服务器web功能本机测试(截图)
- 服务器FTP功能本机测试(截图)