《构建中小型网络实训》实训课程总结_工程实训心得体会

博客小编 (46) 2024-07-21 16:01:01

一、项目基本情况

某企业需要建设一个综合的企业网，公司有4个部门，从内网的安全考虑，使用VLAN技术将各门划分到不同的VLAN中，部署防环、防攻击、数据负载均衡等相关策略，确保局域网业务安全、可靠。为了提高公司的业务能力和增强企业的知名度，将公司的Web网站以及FTP服务发布到互联网上；为了便于网络管理，公司内部的网络需要使用OSPF路由协议使全网互通；公司需要能够访问互联网，并从ISP那里申请了一段公网IP地址99.1.1.0/28。

二、网络拓扑说明

信息化建设方案拓扑图如下图1所示，相关说明如下：
1.一台RG-RSR20编号为R1，作为分公司出口设备；
2.两台RG-3760编号为S3和S4，作为公司核心交换机；
3.两台RG-S2328编号为S1和S2，作为公司接入交换机；
4. 一台RG-RSR20编号为R2，作为运营商接入设备。
5. 计算机（可使用虚拟机）5台，服务器操作系统为windows server 2008。

三、实验拓扑

《构建中小型网络实训》实训课程总结_工程实训心得体会 (https://mushiming.com/) 第1张

四、拓扑连线与地址规划

本项目的网络物理连接表如表1所示，网络设备名称表如2所示，IP地址分配表如表3所示。
《构建中小型网络实训》实训课程总结_工程实训心得体会 (https://mushiming.com/) 第2张

五、网络设备部署

1.路由器配置
（1）路由器R1

配置接口//描述接口 R7_RSR10_1(config)#hostname RSR20-R1 RSR20-R1(config)#int f0/0 RSR20-R1(config-if)#ip address 10.1.1.1 255.255.255.240 RSR20-R1(config-if)#no shutdown RSR20-R1(config-if)#ip address 10.1.1.1 255.255.255.252 RSR20-R1(config-if)#description Con_To_S3_F0/24 RSR20-R1(config-if)#int f0/1 RSR20-R1(config-if)#ip address 10.1.1.5 255.255.255.252 RSR20-R1(config-if)#no shutdown RSR20-R1(config-if)#description Con_To_S4_F0/24 RSR20-R1(config-if)#int s1/0 RSR20-R1(config-if)#ip address 99.1.1.1 255.255.255.240 RSR20-R1(config-if)#no shutdown RSR20-R1(config-if)#description Con_To_R2_S1/0 RSR20-R1(config-if)#ex RSR20-R1(config)#int loopback 0 RSR20-R1(config-if)#ip address 192.168.99.1 255.255.255.0 DHCP地址池 RSR20-R1(config)# ip dhcp pool vlan100 RSR20-R1(dhcp-config)#network 192.168.100.0 255.255.255.0 RSR20-R1(dhcp-config)#lease 0 0 1 RSR20-R1(dhcp-config)#default-router 192.168.100.254 RSR20-R1(dhcp-config)#ip dhcp pool vlan101 RSR20-R1(dhcp-config)#network 192.168.101.0 255.255.255.0 RSR20-R1(dhcp-config)#lease 0 0 1 RSR20-R1(dhcp-config)#default-router 192.168.101.254 RSR20-R1(dhcp-config)#ip dhcp pool vlan102 RSR20-R1(dhcp-config)#network 192.168.102.0 255.255.255.0 RSR20-R1(dhcp-config)#lease 0 0 1 RSR20-R1(dhcp-config)#default-router 192.168.102.254 RSR20-R1(dhcp-config)#ip dhcp pool vlan103 RSR20-R1(dhcp-config)#network 192.168.103.0 255.255.255.0 RSR20-R1(dhcp-config)#lease 0 0 1 RSR20-R1(dhcp-config)#default-router 192.168.103.254 不分配DHCP地址 RSR20-R1(config)#ip dhcp excluded-address 192.168.100.1 RSR20-R1(config)#ip dhcp excluded-address 192.168.100.2 RSR20-R1(config)#ip dhcp excluded-address 192.168.100.254 RSR20-R1(config)#ip dhcp excluded-address 192.168.101.254 RSR20-R1(config)#ip dhcp excluded-address 192.168.101.2 RSR20-R1(config)#ip dhcp excluded-address 192.168.101.1 RSR20-R1(config)#ip dhcp excluded-address 192.168.102.1 RSR20-R1(config)#ip dhcp excluded-address 192.168.102.2 RSR20-R1(config)#ip dhcp excluded-address 192.168.102.254 RSR20-R1(config)#ip dhcp excluded-address 192.168.103.254 RSR20-R1(config)#ip dhcp excluded-address 192.168.103.2 RSR20-R1(config)#ip dhcp excluded-address 192.168.103.1 内外网 RSR20-R1(config)#int f0/0 RSR20-R1(config-if)#ip nat inside RSR20-R1(config-if)#int f0/1 RSR20-R1(config-if)#ip nat inside RSR20-R1(config-if)#int s1/0 RSR20-R1(config-if)#ip nat outside 配置ospf及默认路由 RSR20-R1(config)#route ospf 10 RSR20-R1(config-router)#network 10.1.0.1 0.0.0.0 area 0 RSR20-R1(config-router)#network 10.1.1.0 0.0.0.3 area 0 RSR20-R1(config-router)#network 10.1.1.4 0.0.0.3 area 0 RSR20-R1(config-router)#default-information originate always RSR20-R1(config)#ip route 0.0.0.0 0.0.0.0 99.1.1.2 配置ACL RSR20-R1(config)#access-list 1 permit 192.168.100.0 0.0.0.255 RSR20-R1(config)#access-list 1 permit 192.168.101.0 0.0.0.255 RSR20-R1(config)#access-list 2 permit 192.168.102.0 0.0.0.255 RSR20-R1(config)#access-list 2 permit 192.168.103.0 0.0.0.255 地址转换 RSR20-R1(config)#ip nat pool a1 99.1.1.3 99.1.1.5 netmask 255.255.255.240 RSR20-R1(config)#ip nat pool a2 99.1.1.6 99.1.1.8 net RSR20-R1(config)#ip nat pool a2 99.1.1.6 99.1.1.8 netmask 255.255.255.240 RSR20-R1(config)#$ tcp 192.168.104.252 20 99.1.1.11 20 RSR20-R1(config)#$ tcp 192.168.104.252 21 99.1.1.11 21 RSR20-R1(config)#$ tcp 192.168.104.254 80 99.1.1.9 80 RSR20-R1(config)#ip nat inside source list 1 pool a1 overload RSR20-R1(config)#ip nat inside source list 2 pool a2 overload

（2）路由器R2

配置接口//描述接口 ISP-RSR20-R2(config)#hostname ISP-RSR20-R2 ISP-RSR20-R2(config)#interface FastEthernet 0/0 ISP-RSR20-R2(config-if)#ip address 192.168.88.1 255.255.255.0 ISP-RSR20-R2(config)#no shutdown ISP-RSR20-R2(config)#interface Loopback 0 ISP-RSR20-R2(config-if)#ip address 192.168.99.1 255.255.255.0 ISP-RSR20-R2(config)#no shutdown ISP-RSR20-R2(config)#interface Serial 1/0 ISP-RSR20-R2(config-if)#ip address 99.1.1.2 255.255.255.240 ISP-RSR20-R2(config-if)#description Con_To_R1_S1/0 ISP-RSR20-R2(config)#no shutdown

2.交换机配置
（1）三层交换机S3

接口描述 R6_S3760_1(config)#hostname S3760-S3 S3760-S3(config)#int fastEthernet 0/2 S3760-S3(config-if-FastEthernet 0/2)#description Con_To_S2_F0/1 S3760-S3(config-if-FastEthernet 0/2)#exit S3760-S3(config)#int f0/1 S3760-S3(config-if-FastEthernet 0/1)#description Con_To_S1_F0/1 S3760-S3(config-if-FastEthernet 0/1)#exit S3760-S3(config)#int f0/5 S3760-S3(config-if-FastEthernet 0/5)#description Con_To_S4_F0/5 S3760-S3(config-if-FastEthernet 0/5)#exit S3760-S3(config)#int f0/6 S3760-S3(config-if-FastEthernet 0/6)#description Con_To_S4_F0/6 S3760-S3(config-if-FastEthernet 0/6)#exit S3760-S3(config)#int f0/24 S3760-S3(config-if-FastEthernet 0/24)#description Con_To_R1_F0/0 S3760-S3(config-if-FastEthernet 0/24)#exit S3760-S3(config)#int f0/4 S3760-S3(config-if-FastEthernet 0/4)#description Con_To_server S3760-S3(config-if-FastEthernet 0/4)#exit S3760-S3(config)#vlan 100 S3760-S3(config-vlan)#vlan 101 S3760-S3(config-vlan)#vlan 102 S3760-S3(config-vlan)#vlan 103 S3760-S3(config-vlan)#exit S3760-S3(config)#vlan 100 S3760-S3(config-vlan)#name Office S3760-S3(config-vlan)#exit S3760-S3(config)#vlan 101 S3760-S3(config-vlan)#name HRD S3760-S3(config-vlan)#exit S3760-S3(config)#vlan 102 S3760-S3(config-vlan)#name TD S3760-S3(config-vlan)#exit S3760-S3(config)#vlan 103 S3760-S3(config-vlan)#name MD 配置trunk S3760-S3(config)#interface fastEthernet 0/1 S3760-S3(config-if-FastEthernet 0/1)#switchport mode trunk S3760-S3(config-if-FastEthernet 0/1)#switchport trunk allowed vlan remove 1-99,104-4094 S3760-S3(config-if-FastEthernet 0/1)#exit S3760-S3(config)#interface fastEthernet 0/2 S3760-S3(config-if-FastEthernet 0/2)#switchport mode trunk S3760-S3(config-if-FastEthernet 0/2)#switchport trunk allowed vlan remove 1-99,104-4094 添加IP地址 S3760-S3(config)# interface vlan 100 S3760-S3(config-if-VLAN 100)#ip address 192.168.100.1 255.255.255.0 S3760-S3(config-if-VLAN 100)#exit S3760-S3(config)# interface vlan 101 S3760-S3(config-if-VLAN 101)#ip address 192.168.101.1 255.255.255.0 S3760-S3(config-if-VLAN 101)#exit S3760-S3(config)# interface vlan 102 S3760-S3(config-if-VLAN 102)#ip address 192.168.102.1 255.255.255.0 S3760-S3(config-if-VLAN 102)#exit S3760-S3(config)# interface vlan 103 S3760-S3(config-if-VLAN 103)#ip add 192.168.103.1 255.255.255.0 S3760-S3(config-if-VLAN 103)#exit S3760-S3(config)#int fastEthernet 0/4 S3760-S3(config-if-FastEthernet 0/4)#no switchport S3760-S3(config-if-FastEthernet 0/4)#ip address 192.168.104.1 255.255.255.0 S3760-S3(config-if-FastEthernet 0/4)#exit S3760-S3(config)#int f0/24 S3760-S3(config-if-FastEthernet 0/24)#no switchport S3760-S3(config-if-FastEthernet 0/24)#ip address 10.1.1.2 255.255.255.252 S3760-S3(config-if-FastEthernet 0/24)#exit S3760-S3(config)# interface loopback 0 S3760-S3(config-if-Loopback 0)#ip address 10.1.0.3 255.255.255.255 配置聚合口 S3760-S3(config)#interface range fastEthernet 0/5-6 S3760-S3(config-if-range)#port-group 1 S3760-S3(config-if-range)#exit S3760-S3(config)#int aggregateport 1 S3760-S3(config-if-AggregatePort 1)#switchport mode trunk 配置多生成树 S3760-S3(config)#spanning-tree S3760-S3(config)#spanning-tree mode mstp S3760-S3(config)#spanning-tree mst configuration S3760-S3(config-mst)#name ruijie S3760-S4(config-mst)#revision 1 S3760-S4(config-mst)#instance 0 vlan 1-99, 104-4094 S3760-S3(config-mst)#instance 1 vlan 100,101 S3760-S3(config-mst)#instance 2 vlan 102,103 S3760-S3(config-mst)#exit S3760-S3(config)#spanning-tree mst 1 priority 4096 S3760-S3(config)#spanning-tree mst 2 priority 8192 添加vrrp S3760-S3(config)#interface vlan 100 S3760-S3(config-if-VLAN 100)#vrrp 10 ip 192.168.100.254 S3760-S3(config-if-VLAN 100)#vrrp 10 priority 150 S3760-S3(config-if-VLAN 100)#exit S3760-S3(config-if-VLAN 101)#interface vlan 101 S3760-S3(config-if-VLAN 101)#vrrp 20 ip 192.168.101.254 S3760-S3(config-if-VLAN 101)#vrrp 20 priority 150 S3760-S3(config-if-VLAN 101)#exit S3760-S3(config)#interface vlan 102 S3760-S3(config-if-VLAN 102)#vrrp 30 ip 192.168.102.254 S3760-S3(config-if-VLAN 102)#vrrp 30 priority 120 S3760-S3(config-if-VLAN 102)#exit S3760-S3(config)#interface vlan 103 S3760-S3(config-if-VLAN 103)#vrrp 40 ip 192.168.103.254 S3760-S3(config-if-VLAN 103)#vrrp 40 priority 120 配置ospf S3760-S3(config)#route ospf 10 S3760-S3(config-router)#network 192.168.100.0 0.0.0.255 area 0 S3760-S3(config-router)#network 192.168.101.0 0.0.0.255 area 0 S3760-S3(config-router)#network 192.168.102.0 0.0.0.255 area 0 S3760-S3(config-router)#network 192.168.103.0 0.0.0.255 area 0 S3760-S3(config-router)#network 192.168.104.0 0.0.0.255 area 0 S3760-S3(config-router)#network 10.1.1.0 0.0.0.3 area 0 S3760-S3(config-router)#network 10.1.0.3 0.0.0.0 area 0 开启DHCP服务 S3760-S3(config)#service dhcp S3760-S3(config)#ip helper-address 10.1.0.1

（2）三层交换机S4

R6_S3760_2#config terface R6_S3760_2(config)#hostname S3760-S4 接口描述 S3760-S4(config)#interface fastEthernet 0/1 S3760-S4(config-if-FastEthernet 0/1)#description Con_To_S1_F0/2 S3760-S4(config-if-FastEthernet 0/1)#exit S3760-S4(config)#interface fastEthernet 0/2 S3760-S4(config-if-FastEthernet 0/2)#description Con_To_S2_F0/2 S3760-S4(config-if-FastEthernet 0/2)#exit S3760-S4(config)#interface fastEthernet 0/5 S3760-S4(config-if-FastEthernet 0/5)#description Con_To_S3_F0/5 S3760-S4(config-if-FastEthernet 0/5)#exit S3760-S4(config)#interface fastEthernet 0/6 S3760-S4(config-if-FastEthernet 0/6)#description Con_To_S3_F0/6 S3760-S4(config-if-FastEthernet 0/6)#exit S3760-S4(config)#interface fastEthernet 0/24 S3760-S4(config-if-FastEthernet 0/24)#description Con_To_R1_F0/1 S3760-S4(config-if-FastEthernet 0/24)#exit S3760-S4(config)#vlan 100 S3760-S4(config-vlan)#vlan 101 S3760-S4(config-vlan)#vlan 102 S3760-S4(config-vlan)#vlan 103 S3760-S4(config-vlan)#exit S3760-S4(config)#vlan 100 S3760-S4(config-vlan)#name Office S3760-S4(config-vlan)#exit S3760-S4(config)#vlan 101 S3760-S4(config-vlan)#name HRD S3760-S4(config-vlan)#exit S3760-S4(config)#vlan 102 S3760-S4(config-vlan)#name TD S3760-S4(config-vlan)#exit S3760-S4(config)#vlan 103 S3760-S4(config-vlan)#name MD S3760-S4(config-vlan)#exit S3760-S4(config)#interface fastEthernet 0/1 S3760-S4(config-if-FastEthernet 0/1)#switchport mode trunk S3760-S4(config-if-FastEthernet 0/1)#switchport trunk allowed vlan remove 1-99,104-4094 S3760-S4(config-if-FastEthernet 0/1)#exit S3760-S4(config)#interface fastEthernet 0/2 S3760-S4(config-if-FastEthernet 0/2)#switchport mode trunk S3760-S4(config-if-FastEthernet 0/2)#switchport trunk allowed vlan remove 1-99,104-4094 S3760-S4(config-if-FastEthernet 0/2)#exit 添加IP S3760-S4(config)#interface vlan 100 S3760-S4(config-if-VLAN 100)#ip address 192.168.100.2 255.255.255.0 S3760-S4(config-if-VLAN 100)#exit S3760-S4(config)#interface vlan 101 S3760-S4(config-if-VLAN 101)#ip address 192.168.101.2 255.255.255.0 S3760-S4(config-if-VLAN 101)#exit S3760-S4(config)#interface vlan 102 S3760-S4(config-if-VLAN 102)#ip address 192.168.102.2 255.255.255.0 S3760-S4(config-if-VLAN 102)#exit S3760-S4(config)#interface vlan 103 S3760-S4(config-if-VLAN 103)#ip address 192.168.103.2 255.255.255.0 S3760-S4(config-if-VLAN 103)#exit S3760-S4(config)#interface fastEthernet 0/24 S3760-S4(config-if-FastEthernet 0/24)#no switchport S3760-S4(config-if-FastEthernet 0/24)#ip address 10.1.1.6 255.255.255.252 S3760-S4(config-if-FastEthernet 0/24)#exit S3760-S4(config)#interface loopback 0 S3760-S4(config-if-Loopback 0)#ip address 10.1.0.4 255.255.255.255 开启DHCP服务 S3760-S4(config)#service dhcp S3760-S4(config)#ip helper-address 10.1.0.1 配置OSPF S3760-S4(config)#router ospf 10 S3760-S4(config)# network 10.1.0.4 0.0.0.0 area 0 S3760-S4(config)#network 10.1.1.4 0.0.0.3 area 0 S3760-S4(config)#network 192.168.100.0 0.0.0.255 area 0 S3760-S4(config)#network 192.168.101.0 0.0.0.255 area 0 S3760-S4(config)#network 192.168.102.0 0.0.0.255 area 0 S3760-S4(config)#network 192.168.103.0 0.0.0.255 area 0 配置聚合口 S3760-S4(config)#interface range fastEthernet 0/5-6 S3760-S4(config-if-range)#port-group 1 S3760-S4(config-if-range)#exit S3760-S4(config)#int aggregateport 1 S3760-S4(config-if-AggregatePort 1)#switchport mode trunk 配置多生成树 S3760-S4(config)#spanning-tree S3760-S4(config)#spanning-tree mode mstp S3760-S4(config)#spanning-tree mst configuration S3760-S4(config-mst)#name ruijie S3760-S4(config-mst)#revision 1 S3760-S4(config-mst)#instance 0 vlan 1-99, 104-4094 S3760-S4(config-mst)#instance 1 vlan 100,101 S3760-S4(config-mst)#instance 2 vlan 102,103 S3760-S4(config)#spanning-tree mst 1 priority 8192 S3760-S4(config)#spanning-tree mst 2 priority 4096 配置vrrp S3760-S4(config)#interface vlan 100 S3760-S4(config-if-VLAN 100)#vrrp 10 ip 192.168.100.254 S3760-S4(config-if-VLAN 100)#vrrp 10 priority 120 S3760-S4(config-if-VLAN 100)#exit S3760-S4(config)#interface vlan 101 S3760-S4(config-if-VLAN 101)#vrrp 20 ip 192.168.101.254 S3760-S4(config-if-VLAN 101)#vrrp 20 priority 120 S3760-S4(config-if-VLAN 101)#exit S3760-S4(config)#interface vlan 102 S3760-S4(config-if-VLAN 102)#vrrp 30 ip 192.168.102.254 S3760-S4(config-if-VLAN 102)#vrrp 30 priority 150 S3760-S4(config-if-VLAN 102)#exit S3760-S4(config)#interface vlan 103 S3760-S4(config-if-VLAN 103)#vrrp 40 ip 192.168.103.254 S3760-S4(config-if-VLAN 103)#vrrp 40 priority 150

（3）二层交换机S1

修改主机名 R7_S2328_1#configure R7_S2328_1(config)#hostname S2328-S1 S2328-S1(config)#vlan 100 WLAN名称 S2328-S1(config-vlan)#name office S2328-S1(config-vlan)#exit S2328-S1(config)#vlan 101 S2328-S1(config-vlan)#name HRD S2328-S1(config-vlan)#exit S2328-S1(config)#vlan 102 S2328-S1(config-vlan)#name TD S2328-S1(config-vlan)#exit S2328-S1(config)#vlan 103 S2328-S1(config-vlan)#name MD S2328-S1(config-vlan)#exit 接口描述 S2328-S1(config)#interface f0/1 S2328-S1(config-if)#description Con_To_S3_F0/1 S2328-S1(config-if)#exit S2328-S1(config)#interface f0/2 S2328-S1(config-if)#description S2328-S1(config-if)#description Con_To_S4_F0/1 S2328-S1#configure S2328-S1(config)#interface range f0/3-10 S2328-S1(config-if-range)#switchport access vlan 100 S2328-S1(config-if-range)#exit S2328-S1(config)#interface range f0/11-15 S2328-S1(config-if-range)#switchport access vlan 101 S2328-S1(config-if-range)#exit S2328-S1(config)#interface range f0/16-20 S2328-S1(config-if-range)#switchport access vlan 102 S2328-S1(config)#interface range f0/21-24 S2328-S1(config-if-range)#switchport access vlan 103 S2328-S1(config-if-range)#exit 开启portfast和bduuguard防护功能 S2328-S1(config)#spanning-tree S2328-S1(config)#interface range f0/3-10 S2328-S1(config-if-range)#spanning-tree bpduguard enable S2328-S1(config-if-range)#spanning-tree portfast S2328-S1(config-if-range)#exit S2328-S1(config)#interface range f0/11-15 S2328-S1(config-if-range)#spanning-tree bpduguard enable S2328-S1(config-if-range)#spanning-tree portfast S2328-S1(config-if-range)#exit S2328-S1(config)#interface range f0/16-20 S2328-S1(config-if-range)#spanning-tree bpduguard enable S2328-S1(config-if-range)#spanning-tree portfast S2328-S1(config-if-range)#exit S2328-S1(config)#interface range f0/21-24 S2328-S1(config-if-range)#spanning-tree bpduguard enable S2328-S1(config-if-range)#spanning-tree portfast S2328-S1(config-if-range)#exit 启用rldp协议 S2328-S1(config)#rldp enable S2328-S1(config)#interface range f0/3-10 S2328-S1(config-if-range)#rldp port loop-detect shutdown-port S2328-S1(config-if-range)#exit S2328-S1(config)#interface range f0/11-15 S2328-S1(config-if-range)#rldp port loop-detect shutdown-port S2328-S1(config-if-range)# S2328-S1(config)#interface range f0/16-20 S2328-S1(config-if-range)#rldp port loop-detect shutdown-port S2328-S1(config-if-range)#exit S2328-S1(config)#interface range fastEthernet 0/21-24 S2328-S1(config-if-range)#rldp port loop-detect shutdown-port S2328-S1(config-if-range)#exit 300秒之后自动恢复//开启多生成树 S2328-S1(config)#errdisable recovery interval 300 S2328-S1(config)#interface range f0/3-10 S2328-S1(config-if-range)#switchport trunk mode S2328-S1(config-if-range)#exit S2328-S1(config)#spanning-tree mode mstp 配置生成树 S2328-S1(config)#spanning-tree mst configuration 配置实例 S2328-S1(config-mst)#instance 1 vlan 100,101 S2328-S1(config-mst)#instance 2 vlan 102,103 S2328-S1(config-mst)#name ruijie 配置版本 S2328-S1(config-mst)#revision 1 S2328-S1(config-mst)#exit S2328-S1(config)#spanning-tree mst 1 priority 4096 S2328-S1(config)#interface range f0/1-2 S2328-S1(config-if-range)#switchport mode trunk S2328-S1(config-if-range)#switchport trunk allowed vlan remove 1-99,104-4094

（4）二层交换机S2

更改主机名//vlan接口 R7_S2328_2#configure R7_S2328_2(config)#hostname S2328-S2 S2328-S1(config)#vlan 100 Vlan名称 S2328-S2 (config-vlan)#name office S2328-S2(config-vlan)#exit S2328-S2(config)#vlan 101 S2328-S2(config-vlan)#name HRD S2328-S2(config-vlan)#exit S2328-S2(config)#vlan 102 S2328-S2(config-vlan)#name TD S2328-S2(config-vlan)#exit S2328-S2(config)#vlan 103 S2328-S2(config-vlan)#name MD S2328-S2(config-vlan)#exit 接口描述 S2328-S2(config)#interface f0/1 S2328-S2(config-if)#description Con_To_S3_F0/2 S2328-S2(config-if)#exit S2328-S2(config)#interface f0/2 S2328-S2(config-if)#description S2328-S2(config-if)#description Con_To_S4_F0/2 S2328-S2#configure Vlan名称//端口划分 S2328-S2(config)#interface range f0/3-10 S2328-S2(config-if-range)#switchport access vlan 100 S2328-S2(config-if-range)#exit S2328-S2(config)#interface range f0/11-15 S2328-S2(config-if-range)#switchport access vlan 101 S2328-S2(config-if-range)#exit S2328-S2(config)#interface range f0/16-20 S2328-S2(config-if-range)#switchport access vlan 102 S2328-S2(config)#interface range f0/21-24 S2328-S2(config-if-range)#switchport access vlan 103 S2328-S2(config-if-range)#exit 开启portfast和bpduguard防护功能 S2328-S2(config)#spanning-tree S2328-S2(config)#interface range f0/3-10 S2328-S2(config-if-range)#spanning-tree bpduguard enable S2328-S2(config-if-range)#spanning-tree portfast S2328-S2(config-if-range)#exit S2328-S2(config)#interface range f0/11-15 S2328-S2(config-if-range)#spanning-tree bpduguard enable S2328-S2(config-if-range)#spanning-tree portfast S2328-S2(config-if-range)#exit S2328-S2(config)#interface range f0/16-20 S2328-S2(config-if-range)#spanning-tree bpduguard enable S2328-S2(config-if-range)#spanning-tree portfast S2328-S2(config-if-range)#exit S2328-S2(config)#interface range f0/21-24 S2328-S2(config-if-range)#spanning-tree bpduguard enable S2328-S2(config-if-range)#spanning-tree portfast 开启rldp功能//方式为shutdown S2328-S2(config-if-range)#exit S2328-S2(config)#rldp enable S2328-S2(config)#interface range f0/3-10 S2328-S2(config-if-range)#rldp port loop-detect shutdown-port S2328-S2(config-if-range)#exit S2328-S2(config)#interface range f0/11-15 S2328-S2(config-if-range)#rldp port loop-detect shutdown-port S2328-S2(config-if-range)# S2328-S2(config)#interface range f0/16-20 S2328-S2(config-if-range)#rldp port loop-detect shutdown-port S2328-S2(config-if-range)#exit S2328-S2(config)#interface range fastEthernet 0/21-24 S2328-S2(config-if-range)#rldp port loop-detect shutdown-port S2328-S2(config-if-range)#exit 300秒后开启自动恢复//配置多生成树 S2328-S2(config)#errdisable recovery interval 300 S2328-S2(config)#interface range f0/3-10 S2328-S2(config-if-range)#switchport trunk mode S2328-S2(config-if-range)#exit S2328-S2(config)#spanning-tree mode mstp S2328-S2(config)#spanning-tree mst configuration 配置实例 S2328-S2(config-mst)#instance 1 vlan 100,101 S2328-S2(config-mst)#instance 2 vlan 102,103 S2328-S2(config-mst)#name ruijie 配置版本 S2328-S2(config-mst)#revision 1 S2328-S2(config-mst)#exit S2328-S2(config)#spanning-tree mst 1 priority 4096 S2328-S2(config)#interface range f0/1-2 S2328-S2(config-if-range)#switchport mode trunk S2328-S2(config-if-range)#switchport trunk allowed vlan remove 1-99,104-4094