《構建中小型網絡實訓》實訓課程

原創 Long_UP 2020-04-16 23:00

一、項目基本情況

某企業需要建設一個綜合的企業網,公司有4個部門,從內網的安全考慮,使用VLAN技術將各門劃分到不同的VLAN中,部署防環、防攻擊、數據負載均衡等相關策略,確保局域網業務安全、可靠。爲了提高公司的業務能力和增強企業的知名度,將公司的Web網站以及FTP服務發佈到互聯網上;爲了便於網絡管理,公司內部的網絡需要使用OSPF路由協議使全網互通;公司需要能夠訪問互聯網,並從ISP那裏申請了一段公網IP地址99.1.1.0/28。

二、網絡拓撲說明

信息化建設方案拓撲圖如下圖1所示,相關說明如下:
1.一臺RG-RSR20編號爲R1,作爲分公司出口設備;
2.兩臺RG-3760編號爲S3和S4,作爲公司核心交換機;
3.兩臺RG-S2328編號爲S1和S2,作爲公司接入交換機;
4. 一臺RG-RSR20編號爲R2,作爲運營商接入設備。
5. 計算機(可使用虛擬機)5臺,服務器操作系統爲windows server 2008。

三、實驗拓撲

在這裏插入圖片描述

四、拓撲連線與地址規劃

本項目的網絡物理連接表如表1所示,網絡設備名稱表如2所示,IP地址分配表如表3所示。
在這裏插入圖片描述
在這裏插入圖片描述
在這裏插入圖片描述

五、網絡設備部署

1.路由器配置
(1)路由器R1

配置接口//描述接口
R7_RSR10_1(config)#hostname RSR20-R1
RSR20-R1(config)#int f0/0
RSR20-R1(config-if)#ip address 10.1.1.1 255.255.255.240
RSR20-R1(config-if)#no shutdown
RSR20-R1(config-if)#ip address 10.1.1.1 255.255.255.252
RSR20-R1(config-if)#description Con_To_S3_F0/24
RSR20-R1(config-if)#int f0/1
RSR20-R1(config-if)#ip address 10.1.1.5 255.255.255.252
RSR20-R1(config-if)#no shutdown 
RSR20-R1(config-if)#description Con_To_S4_F0/24
RSR20-R1(config-if)#int s1/0
RSR20-R1(config-if)#ip address 99.1.1.1 255.255.255.240 
RSR20-R1(config-if)#no shutdown 
RSR20-R1(config-if)#description Con_To_R2_S1/0
RSR20-R1(config-if)#ex
RSR20-R1(config)#int loopback 0
RSR20-R1(config-if)#ip address 192.168.99.1 255.255.255.0

DHCP地址池
RSR20-R1(config)# ip dhcp pool vlan100
RSR20-R1(dhcp-config)#network 192.168.100.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.100.254
RSR20-R1(dhcp-config)#ip dhcp pool vlan101
RSR20-R1(dhcp-config)#network 192.168.101.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.101.254     
RSR20-R1(dhcp-config)#ip dhcp pool vlan102
RSR20-R1(dhcp-config)#network 192.168.102.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.102.254
RSR20-R1(dhcp-config)#ip dhcp pool vlan103
RSR20-R1(dhcp-config)#network 192.168.103.0 255.255.255.0
RSR20-R1(dhcp-config)#lease 0 0 1
RSR20-R1(dhcp-config)#default-router 192.168.103.254

不分配DHCP地址
RSR20-R1(config)#ip dhcp excluded-address 192.168.100.1
RSR20-R1(config)#ip dhcp excluded-address 192.168.100.2
RSR20-R1(config)#ip dhcp excluded-address 192.168.100.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.101.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.101.2  
RSR20-R1(config)#ip dhcp excluded-address 192.168.101.1
RSR20-R1(config)#ip dhcp excluded-address 192.168.102.1
RSR20-R1(config)#ip dhcp excluded-address 192.168.102.2
RSR20-R1(config)#ip dhcp excluded-address 192.168.102.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.103.254
RSR20-R1(config)#ip dhcp excluded-address 192.168.103.2  
RSR20-R1(config)#ip dhcp excluded-address 192.168.103.1 

內外網
RSR20-R1(config)#int f0/0
RSR20-R1(config-if)#ip nat inside 
RSR20-R1(config-if)#int f0/1
RSR20-R1(config-if)#ip nat inside 
RSR20-R1(config-if)#int s1/0
RSR20-R1(config-if)#ip nat outside

配置ospf及默認路由
RSR20-R1(config)#route ospf 10
RSR20-R1(config-router)#network 10.1.0.1 0.0.0.0 area 0
RSR20-R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
RSR20-R1(config-router)#network 10.1.1.4 0.0.0.3 area 0
RSR20-R1(config-router)#default-information originate always 
RSR20-R1(config)#ip route 0.0.0.0 0.0.0.0 99.1.1.2

配置ACL
RSR20-R1(config)#access-list 1 permit 192.168.100.0 0.0.0.255
RSR20-R1(config)#access-list 1 permit 192.168.101.0 0.0.0.255
RSR20-R1(config)#access-list 2 permit 192.168.102.0 0.0.0.255
RSR20-R1(config)#access-list 2 permit 192.168.103.0 0.0.0.255

地址轉換
RSR20-R1(config)#ip nat pool a1 99.1.1.3 99.1.1.5 netmask 255.255.255.240
RSR20-R1(config)#ip nat pool a2 99.1.1.6 99.1.1.8 net
RSR20-R1(config)#ip nat pool a2 99.1.1.6 99.1.1.8 netmask 255.255.255.240
RSR20-R1(config)#$ tcp 192.168.104.252 20 99.1.1.11 20                       
RSR20-R1(config)#$ tcp 192.168.104.252 21 99.1.1.11 21                         
RSR20-R1(config)#$ tcp 192.168.104.254 80 99.1.1.9 80   
RSR20-R1(config)#ip nat inside source list 1 pool a1 overload 
RSR20-R1(config)#ip nat inside source list 2 pool a2 overload

(2)路由器R2

配置接口//描述接口
ISP-RSR20-R2(config)#hostname ISP-RSR20-R2  
ISP-RSR20-R2(config)#interface FastEthernet 0/0
ISP-RSR20-R2(config-if)#ip address 192.168.88.1 255.255.255.0
ISP-RSR20-R2(config)#no shutdown
ISP-RSR20-R2(config)#interface Loopback 0
ISP-RSR20-R2(config-if)#ip address 192.168.99.1 255.255.255.0
ISP-RSR20-R2(config)#no shutdown
ISP-RSR20-R2(config)#interface Serial 1/0
ISP-RSR20-R2(config-if)#ip address 99.1.1.2 255.255.255.240
ISP-RSR20-R2(config-if)#description Con_To_R1_S1/0
ISP-RSR20-R2(config)#no shutdown

2.交換機配置
(1)三層交換機S3

接口描述
R6_S3760_1(config)#hostname S3760-S3
S3760-S3(config)#int fastEthernet 0/2              
S3760-S3(config-if-FastEthernet 0/2)#description Con_To_S2_F0/1
S3760-S3(config-if-FastEthernet 0/2)#exit
S3760-S3(config)#int f0/1
S3760-S3(config-if-FastEthernet 0/1)#description Con_To_S1_F0/1
S3760-S3(config-if-FastEthernet 0/1)#exit
S3760-S3(config)#int f0/5
S3760-S3(config-if-FastEthernet 0/5)#description Con_To_S4_F0/5
S3760-S3(config-if-FastEthernet 0/5)#exit
S3760-S3(config)#int f0/6
S3760-S3(config-if-FastEthernet 0/6)#description Con_To_S4_F0/6
S3760-S3(config-if-FastEthernet 0/6)#exit
S3760-S3(config)#int f0/24
S3760-S3(config-if-FastEthernet 0/24)#description Con_To_R1_F0/0
S3760-S3(config-if-FastEthernet 0/24)#exit
S3760-S3(config)#int f0/4
S3760-S3(config-if-FastEthernet 0/4)#description Con_To_server
S3760-S3(config-if-FastEthernet 0/4)#exit
S3760-S3(config)#vlan 100
S3760-S3(config-vlan)#vlan 101
S3760-S3(config-vlan)#vlan 102
S3760-S3(config-vlan)#vlan 103
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 100
S3760-S3(config-vlan)#name Office
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 101
S3760-S3(config-vlan)#name HRD
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 102
S3760-S3(config-vlan)#name TD
S3760-S3(config-vlan)#exit
S3760-S3(config)#vlan 103
S3760-S3(config-vlan)#name MD

配置trunk
S3760-S3(config)#interface fastEthernet 0/1
S3760-S3(config-if-FastEthernet 0/1)#switchport mode trunk
S3760-S3(config-if-FastEthernet 0/1)#switchport trunk allowed vlan remove 1-99,104-4094
S3760-S3(config-if-FastEthernet 0/1)#exit
S3760-S3(config)#interface fastEthernet 0/2
S3760-S3(config-if-FastEthernet 0/2)#switchport mode trunk
S3760-S3(config-if-FastEthernet 0/2)#switchport trunk allowed vlan remove 1-99,104-4094

添加IP地址
S3760-S3(config)# interface vlan 100
S3760-S3(config-if-VLAN 100)#ip address 192.168.100.1 255.255.255.0
S3760-S3(config-if-VLAN 100)#exit
S3760-S3(config)# interface vlan 101
S3760-S3(config-if-VLAN 101)#ip address 192.168.101.1 255.255.255.0
S3760-S3(config-if-VLAN 101)#exit
S3760-S3(config)# interface vlan 102
S3760-S3(config-if-VLAN 102)#ip address 192.168.102.1 255.255.255.0
S3760-S3(config-if-VLAN 102)#exit
S3760-S3(config)# interface vlan 103
S3760-S3(config-if-VLAN 103)#ip add 192.168.103.1 255.255.255.0
S3760-S3(config-if-VLAN 103)#exit
S3760-S3(config)#int fastEthernet 0/4
S3760-S3(config-if-FastEthernet 0/4)#no switchport 
S3760-S3(config-if-FastEthernet 0/4)#ip address 192.168.104.1 255.255.255.0
S3760-S3(config-if-FastEthernet 0/4)#exit
S3760-S3(config)#int f0/24
S3760-S3(config-if-FastEthernet 0/24)#no switchport 
S3760-S3(config-if-FastEthernet 0/24)#ip address 10.1.1.2 255.255.255.252
S3760-S3(config-if-FastEthernet 0/24)#exit
S3760-S3(config)# interface loopback 0
S3760-S3(config-if-Loopback 0)#ip address 10.1.0.3 255.255.255.255

配置聚合口
S3760-S3(config)#interface range fastEthernet 0/5-6
S3760-S3(config-if-range)#port-group 1
S3760-S3(config-if-range)#exit
S3760-S3(config)#int aggregateport 1
S3760-S3(config-if-AggregatePort 1)#switchport mode trunk

配置多生成樹
S3760-S3(config)#spanning-tree
S3760-S3(config)#spanning-tree mode mstp
S3760-S3(config)#spanning-tree mst configuration
S3760-S3(config-mst)#name ruijie
S3760-S4(config-mst)#revision 1
S3760-S4(config-mst)#instance 0 vlan 1-99, 104-4094
S3760-S3(config-mst)#instance 1 vlan 100,101
S3760-S3(config-mst)#instance 2 vlan 102,103
S3760-S3(config-mst)#exit
S3760-S3(config)#spanning-tree mst 1 priority 4096
S3760-S3(config)#spanning-tree mst 2 priority 8192

添加vrrp
S3760-S3(config)#interface vlan 100
S3760-S3(config-if-VLAN 100)#vrrp 10 ip 192.168.100.254
S3760-S3(config-if-VLAN 100)#vrrp 10 priority 150
S3760-S3(config-if-VLAN 100)#exit
S3760-S3(config-if-VLAN 101)#interface vlan 101
S3760-S3(config-if-VLAN 101)#vrrp 20 ip 192.168.101.254
S3760-S3(config-if-VLAN 101)#vrrp 20 priority 150
S3760-S3(config-if-VLAN 101)#exit
S3760-S3(config)#interface vlan 102
S3760-S3(config-if-VLAN 102)#vrrp 30 ip 192.168.102.254
S3760-S3(config-if-VLAN 102)#vrrp 30 priority 120
S3760-S3(config-if-VLAN 102)#exit
S3760-S3(config)#interface vlan 103
S3760-S3(config-if-VLAN 103)#vrrp 40 ip 192.168.103.254
S3760-S3(config-if-VLAN 103)#vrrp 40 priority 120

配置ospf
S3760-S3(config)#route ospf 10
S3760-S3(config-router)#network 192.168.100.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.101.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.102.0 0.0.0.255 area 0
S3760-S3(config-router)#network 192.168.103.0 0.0.0.255 area 0 
S3760-S3(config-router)#network 192.168.104.0 0.0.0.255 area 0
S3760-S3(config-router)#network 10.1.1.0 0.0.0.3 area 0       
S3760-S3(config-router)#network 10.1.0.3 0.0.0.0 area 0

開啓DHCP服務
S3760-S3(config)#service dhcp
S3760-S3(config)#ip helper-address 10.1.0.1

(2)三層交換機S4

R6_S3760_2#config terface
R6_S3760_2(config)#hostname S3760-S4

接口描述
S3760-S4(config)#interface fastEthernet 0/1
S3760-S4(config-if-FastEthernet 0/1)#description Con_To_S1_F0/2
S3760-S4(config-if-FastEthernet 0/1)#exit
S3760-S4(config)#interface fastEthernet 0/2
S3760-S4(config-if-FastEthernet 0/2)#description Con_To_S2_F0/2
S3760-S4(config-if-FastEthernet 0/2)#exit
S3760-S4(config)#interface fastEthernet 0/5
S3760-S4(config-if-FastEthernet 0/5)#description Con_To_S3_F0/5
S3760-S4(config-if-FastEthernet 0/5)#exit
S3760-S4(config)#interface fastEthernet 0/6
S3760-S4(config-if-FastEthernet 0/6)#description Con_To_S3_F0/6
S3760-S4(config-if-FastEthernet 0/6)#exit
S3760-S4(config)#interface fastEthernet 0/24
S3760-S4(config-if-FastEthernet 0/24)#description Con_To_R1_F0/1
S3760-S4(config-if-FastEthernet 0/24)#exit
S3760-S4(config)#vlan 100
S3760-S4(config-vlan)#vlan 101
S3760-S4(config-vlan)#vlan 102
S3760-S4(config-vlan)#vlan 103
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 100
S3760-S4(config-vlan)#name Office
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 101
S3760-S4(config-vlan)#name HRD
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 102
S3760-S4(config-vlan)#name TD
S3760-S4(config-vlan)#exit
S3760-S4(config)#vlan 103
S3760-S4(config-vlan)#name MD
S3760-S4(config-vlan)#exit

S3760-S4(config)#interface fastEthernet 0/1
S3760-S4(config-if-FastEthernet 0/1)#switchport mode trunk
S3760-S4(config-if-FastEthernet 0/1)#switchport trunk allowed vlan remove 1-99,104-4094
S3760-S4(config-if-FastEthernet 0/1)#exit
S3760-S4(config)#interface fastEthernet 0/2
S3760-S4(config-if-FastEthernet 0/2)#switchport mode trunk
S3760-S4(config-if-FastEthernet 0/2)#switchport trunk allowed vlan remove 1-99,104-4094
S3760-S4(config-if-FastEthernet 0/2)#exit

添加IP
S3760-S4(config)#interface vlan 100
S3760-S4(config-if-VLAN 100)#ip address 192.168.100.2 255.255.255.0
S3760-S4(config-if-VLAN 100)#exit
S3760-S4(config)#interface vlan 101
S3760-S4(config-if-VLAN 101)#ip address 192.168.101.2 255.255.255.0
S3760-S4(config-if-VLAN 101)#exit
S3760-S4(config)#interface vlan 102
S3760-S4(config-if-VLAN 102)#ip address 192.168.102.2 255.255.255.0
S3760-S4(config-if-VLAN 102)#exit
S3760-S4(config)#interface vlan 103
S3760-S4(config-if-VLAN 103)#ip address 192.168.103.2 255.255.255.0
S3760-S4(config-if-VLAN 103)#exit
S3760-S4(config)#interface fastEthernet 0/24
S3760-S4(config-if-FastEthernet 0/24)#no switchport
S3760-S4(config-if-FastEthernet 0/24)#ip address 10.1.1.6 255.255.255.252
S3760-S4(config-if-FastEthernet 0/24)#exit
S3760-S4(config)#interface loopback 0
S3760-S4(config-if-Loopback 0)#ip address 10.1.0.4 255.255.255.255

開啓DHCP服務
S3760-S4(config)#service dhcp
S3760-S4(config)#ip helper-address 10.1.0.1

配置OSPF
S3760-S4(config)#router ospf 10
S3760-S4(config)# network 10.1.0.4 0.0.0.0 area 0
S3760-S4(config)#network 10.1.1.4 0.0.0.3 area 0
S3760-S4(config)#network 192.168.100.0 0.0.0.255 area 0
S3760-S4(config)#network 192.168.101.0 0.0.0.255 area 0
S3760-S4(config)#network 192.168.102.0 0.0.0.255 area 0
S3760-S4(config)#network 192.168.103.0 0.0.0.255 area 0

配置聚合口
S3760-S4(config)#interface range fastEthernet 0/5-6
S3760-S4(config-if-range)#port-group 1
S3760-S4(config-if-range)#exit
S3760-S4(config)#int aggregateport 1
S3760-S4(config-if-AggregatePort 1)#switchport mode trunk

配置多生成樹
S3760-S4(config)#spanning-tree
S3760-S4(config)#spanning-tree mode mstp
S3760-S4(config)#spanning-tree mst configuration
S3760-S4(config-mst)#name ruijie
S3760-S4(config-mst)#revision 1
S3760-S4(config-mst)#instance 0 vlan 1-99, 104-4094
S3760-S4(config-mst)#instance 1 vlan 100,101
S3760-S4(config-mst)#instance 2 vlan 102,103
S3760-S4(config)#spanning-tree mst 1 priority 8192
S3760-S4(config)#spanning-tree mst 2 priority 4096

配置vrrp
S3760-S4(config)#interface vlan 100
S3760-S4(config-if-VLAN 100)#vrrp 10 ip 192.168.100.254
S3760-S4(config-if-VLAN 100)#vrrp 10 priority 120
S3760-S4(config-if-VLAN 100)#exit
S3760-S4(config)#interface vlan 101
S3760-S4(config-if-VLAN 101)#vrrp 20 ip 192.168.101.254
S3760-S4(config-if-VLAN 101)#vrrp 20 priority 120
S3760-S4(config-if-VLAN 101)#exit
S3760-S4(config)#interface vlan 102
S3760-S4(config-if-VLAN 102)#vrrp 30 ip 192.168.102.254
S3760-S4(config-if-VLAN 102)#vrrp 30 priority 150
S3760-S4(config-if-VLAN 102)#exit
S3760-S4(config)#interface vlan 103
S3760-S4(config-if-VLAN 103)#vrrp 40 ip 192.168.103.254
S3760-S4(config-if-VLAN 103)#vrrp 40 priority 150

(3)二層交換機S1

修改主機名 
R7_S2328_1#configure 
R7_S2328_1(config)#hostname S2328-S1
S2328-S1(config)#vlan 100

WLAN名稱
S2328-S1(config-vlan)#name office
S2328-S1(config-vlan)#exit 
S2328-S1(config)#vlan 101 
S2328-S1(config-vlan)#name HRD
S2328-S1(config-vlan)#exit 
S2328-S1(config)#vlan 102
S2328-S1(config-vlan)#name TD
S2328-S1(config-vlan)#exit 
S2328-S1(config)#vlan 103
S2328-S1(config-vlan)#name MD
S2328-S1(config-vlan)#exit 

接口描述
S2328-S1(config)#interface f0/1
S2328-S1(config-if)#description Con_To_S3_F0/1    
S2328-S1(config-if)#exit 
S2328-S1(config)#interface f0/2
S2328-S1(config-if)#description 
S2328-S1(config-if)#description Con_To_S4_F0/1
S2328-S1#configure 
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#switchport access vlan 100
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/11-15
S2328-S1(config-if-range)#switchport access vlan 101
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/16-20
S2328-S1(config-if-range)#switchport access vlan 102
S2328-S1(config)#interface range f0/21-24
S2328-S1(config-if-range)#switchport access vlan 103
S2328-S1(config-if-range)#exit 

開啓portfast和bduuguard防護功能
S2328-S1(config)#spanning-tree 
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#spanning-tree bpduguard enable 
S2328-S1(config-if-range)#spanning-tree portfast 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/11-15
S2328-S1(config-if-range)#spanning-tree bpduguard enable 
S2328-S1(config-if-range)#spanning-tree portfast 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/16-20     
S2328-S1(config-if-range)#spanning-tree bpduguard enable 
S2328-S1(config-if-range)#spanning-tree portfast 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/21-24
S2328-S1(config-if-range)#spanning-tree bpduguard enable 
S2328-S1(config-if-range)#spanning-tree portfast 
S2328-S1(config-if-range)#exit 

啓用rldp協議
S2328-S1(config)#rldp enable 
S2328-S1(config)#interface range f0/3-10 
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range f0/11-15
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S1(config-if-range)#
S2328-S1(config)#interface range f0/16-20
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S1(config-if-range)#exit 
S2328-S1(config)#interface range fastEthernet 0/21-24
S2328-S1(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S1(config-if-range)#exit 

300秒之後自動恢復//開啓多生成樹
S2328-S1(config)#errdisable recovery interval 300
S2328-S1(config)#interface range f0/3-10
S2328-S1(config-if-range)#switchport trunk mode
S2328-S1(config-if-range)#exit 
S2328-S1(config)#spanning-tree mode mstp 

配置生成樹
S2328-S1(config)#spanning-tree mst configuration 

配置實例
S2328-S1(config-mst)#instance 1 vlan 100,101
S2328-S1(config-mst)#instance 2 vlan 102,103
S2328-S1(config-mst)#name ruijie

配置版本
S2328-S1(config-mst)#revision 1
S2328-S1(config-mst)#exit 
S2328-S1(config)#spanning-tree mst 1 priority 4096
S2328-S1(config)#interface range f0/1-2
S2328-S1(config-if-range)#switchport mode trunk 
S2328-S1(config-if-range)#switchport trunk allowed vlan remove 1-99,104-4094

(4)二層交換機S2

更改主機名//vlan接口
R7_S2328_2#configure 
R7_S2328_2(config)#hostname S2328-S2
S2328-S1(config)#vlan 100

Vlan名稱
S2328-S2 (config-vlan)#name office
S2328-S2(config-vlan)#exit 
S2328-S2(config)#vlan 101 
S2328-S2(config-vlan)#name HRD
S2328-S2(config-vlan)#exit 
S2328-S2(config)#vlan 102
S2328-S2(config-vlan)#name TD
S2328-S2(config-vlan)#exit 
S2328-S2(config)#vlan 103
S2328-S2(config-vlan)#name MD
S2328-S2(config-vlan)#exit 

接口描述
S2328-S2(config)#interface f0/1
S2328-S2(config-if)#description Con_To_S3_F0/2    
S2328-S2(config-if)#exit 
S2328-S2(config)#interface f0/2
S2328-S2(config-if)#description 
S2328-S2(config-if)#description Con_To_S4_F0/2
S2328-S2#configure 

Vlan名稱//端口劃分
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#switchport access vlan 100
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/11-15
S2328-S2(config-if-range)#switchport access vlan 101
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/16-20
S2328-S2(config-if-range)#switchport access vlan 102
S2328-S2(config)#interface range f0/21-24
S2328-S2(config-if-range)#switchport access vlan 103
S2328-S2(config-if-range)#exit 

開啓portfast和bpduguard防護功能
S2328-S2(config)#spanning-tree 
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#spanning-tree bpduguard enable 
S2328-S2(config-if-range)#spanning-tree portfast 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/11-15
S2328-S2(config-if-range)#spanning-tree bpduguard enable 
S2328-S2(config-if-range)#spanning-tree portfast 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/16-20     
S2328-S2(config-if-range)#spanning-tree bpduguard enable 
S2328-S2(config-if-range)#spanning-tree portfast 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/21-24
S2328-S2(config-if-range)#spanning-tree bpduguard enable 
S2328-S2(config-if-range)#spanning-tree portfast 

開啓rldp功能//方式爲shutdown
S2328-S2(config-if-range)#exit 
S2328-S2(config)#rldp enable 
S2328-S2(config)#interface range f0/3-10 
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range f0/11-15
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S2(config-if-range)#
S2328-S2(config)#interface range f0/16-20
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S2(config-if-range)#exit 
S2328-S2(config)#interface range fastEthernet 0/21-24
S2328-S2(config-if-range)#rldp port loop-detect shutdown-port 
S2328-S2(config-if-range)#exit 

300秒後開啓自動恢復//配置多生成樹
S2328-S2(config)#errdisable recovery interval 300
S2328-S2(config)#interface range f0/3-10
S2328-S2(config-if-range)#switchport trunk mode
S2328-S2(config-if-range)#exit 
S2328-S2(config)#spanning-tree mode mstp 
S2328-S2(config)#spanning-tree mst configuration 

配置實例 
S2328-S2(config-mst)#instance 1 vlan 100,101
S2328-S2(config-mst)#instance 2 vlan 102,103
S2328-S2(config-mst)#name ruijie

配置版本
S2328-S2(config-mst)#revision 1
S2328-S2(config-mst)#exit 
S2328-S2(config)#spanning-tree mst 1 priority 4096
S2328-S2(config)#interface range f0/1-2
S2328-S2(config-if-range)#switchport mode trunk 
S2328-S2(config-if-range)#switchport trunk allowed vlan remove 1-99,104-4094

六、功能測試

  1. vlan100 用戶PC ping vlan101 PC(截圖)
    在這裏插入圖片描述
  2. vlan100用戶PC ping vlan102 用戶PC(截圖)在這裏插入圖片描述
  3. vlan100用戶PC ping vlan103 用戶PC(截圖)在這裏插入圖片描述
  4. vlan101用戶PC ping vlan102 用戶PC(截圖)在這裏插入圖片描述
  5. vlan101用戶PC ping vlan103 用戶PC(截圖)在這裏插入圖片描述
  6. vlan102用戶PC ping vlan103 用戶PC(截圖)在這裏插入圖片描述
  7. vlan100 PC ping R2 loopback接口(截圖)在這裏插入圖片描述
  8. vlan101 PC ping R2 loopback接口(截圖)在這裏插入圖片描述
  9. vlan102 PC ping R2 loopback接口(截圖)在這裏插入圖片描述
  10. vlan103 PC ping R2 loopback接口(截圖)在這裏插入圖片描述
  11. R1#show ip nat translations(截圖)
    在這裏插入圖片描述
    在這裏插入圖片描述
  12. 公網PC瀏覽器IE訪問http:// 99.1.1.9(截圖)在這裏插入圖片描述
  13. 公網PC瀏覽器IE訪問ftp:// 99.1.1.11(截圖)在這裏插入圖片描述
  14. 服務器web功能本機測試(截圖)在這裏插入圖片描述
  15. 服務器FTP功能本機測試(截圖)在這裏插入圖片描述
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

爲什麼Netflix“永不宕機”?

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

核子可乐 2021-11-25 15:48:52

解開 IP 的“窄腰”:名稱和 Web 服務的尋址敏捷性

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Marwan Fayed 2021-11-12 10:48:58

6 個多雲架構設計,實現有效的雲策略

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Jignesh Solanki 2021-10-15 15:03:50

定位你的到底是App,還是手機廠商的操作系統?

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Tina 2021-10-14 19:08:57

團隊管理之如何成爲核心員工

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"核心員工的三個階段"

小诚信驿站 2021-10-13 14:03:53

富途證券因數據中心故障導致交易中斷,創始人發文道歉

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Tina 2021-10-12 17:13:56

完全低估黑客的攻擊手段,這家新遊還沒開服就遭受有預謀的攻擊

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragr

罗燕珊 2021-09-14 16:14:01

黑客過於強勢,谷歌微軟已承諾投入數十億美元做網絡安全

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

闫园园 2021-09-03 17:59:05

安全界的“奧斯卡”獎揭曉,微軟系統漏洞被列爲“史詩般的失敗”

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null

施尧 2021-08-18 13:44:01

ExpressVPN 宣佈開源 Lightway 協議,VPN 市場將有大變化?

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockq

辛晓亮 2021-08-12 18:18:51

七牛雲產品發佈會 | 以“PISA”之名開啓智能運維新時代

PISA,即Pandora Intelligent Service Analysis,是基於七牛雲的機器數據分析平臺Pandora開發的智能服務分析工具,七牛雲將PISA定義爲Pandora上的全新應用,通過平臺和AI算法能力共同提供探索數

InfoQ 中文站 2021-07-14 10:04:58

阿里雲視頻雲全景創新峯會

本次峯會由阿里雲聯合Intel主辦,與優酷戰略技術合作,天池平臺及阿里雲視頻雲承辦,並聯動學術界、藝術界、創投界,及開發者與音視頻技術領域,展開多維探索,全景化開啓對視頻化課題、視頻雲賽道的觀察、思考與創新。

InfoQ 中文站 2021-07-14 10:04:58

InfoQ 小編探班 | 2021阿里雲峯會

InfoQ 中文站 2021-06-04 22:28:55

繼進入緊急狀態後,美國再次提升優先級,將黑客攻擊與恐怖襲擊並列

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockq

Tina 2021-06-04 17:13:56

教你用5步檢測出企業網絡中的惡意爬蟲

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Avidan Avraham 2021-03-22 18:35:42