2013ccnappt(2)
DESCRIPTION
ccnaTRANSCRIPT
![Page 1: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/1.jpg)
配置路由器IP地址
wg_ro_c#configure terminal
wg_ro_c(config)#interface ethernet 0
wg_ro_c(config-if)#ip address 192.168.1.1 255.255.255.0
wg_ro_c(config-if)#no shutdown
wg_ro_c(config-if)#exit
![Page 2: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/2.jpg)
show interfaces
Router#show interfaces
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 00e0.1e5d.ae2f (bia 00e0.1e5d.ae2f)
Internet address is 10.1.1.11/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:07, output 00:00:08, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
81833 packets input, 27556491 bytes, 0 no buffer
Received 42308 broadcasts, 0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored, 0 abort
0 input packets with dribble condition detected
55794 packets output, 3929696 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 4 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
![Page 3: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/3.jpg)
接口的几种状态-诊断的步骤
![Page 4: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/4.jpg)
检查串口
Router#show interface serial 0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 10.140.4.2/24
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input 00:00:09, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
(output omitted)
BW 64 Kbit,
![Page 5: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/5.jpg)
检查串行线是否连接好
Router#show controller serial 0
HD unit 0, idb = 0x121C04, driver structure at 0x127078
buffer size 1524 HD unit 0, V.35 DTE cable
.
.
.
• Shows the cable type of serial cables
V.35 DTE Cable
![Page 6: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/6.jpg)
第三章 使用CDP和Telnet管理网络
![Page 7: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/7.jpg)
CDP协议
• 是一个提供关于直接相连的交换机、路由器和其它Cisco设备的综合信息的专有PROTOCOL
• CDP 能够发现直接相邻的设备而不管这些设备所运行的是什么协议栈
• 物理介质必须能够支持Subnetwork Access Protocol (SNAP)
上层地址
Cisco专有的链路层
协议
介质必须能够支持SNAP
TCP/IP Novell IPX
CDP能 发现并显示关于直接相连的Cisco设备的
信息
ATM OthersLANs帧中继
AppleTalk Others
![Page 8: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/8.jpg)
CDP运行在使用10.3或更新版Cisco IOS的路由器以及Cisco 交换机和集线器上
能获取的信息包括:
• 设备名
• 对应各协议的地址
• 端口名
• 角色特征
• 平台CDP
show cdp
CDP
CDP
用CDP发现直接相邻的设备
![Page 9: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/9.jpg)
使用 CDP
Switch BRouter A Router BSwitch A
10.3.3.2 10.3.3.1 10.1.1.110.1.1.2
10.2.2.1 10.2.2.2
S0S1
RouterA#sh cdp ? entry Information for specific neighbor entryinterface CDP interface status and configurationneighbors CDP neighbor entriestraffic CDP statistics<cr>
RouterA(config)#no cdp run RouterA(config)#interface serial0 RouterA(config-if)#no cdp enable
![Page 10: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/10.jpg)
使用show cdp neighbor 命令
RouterA#sh cdp neighborsCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port IDRouterB Ser 0 148 R 2522 Ser 1SwitchA Eth 0 167 T S 1900 2
10.3.3.2 10.3.3.1 10.1.1.110.1.1.2
10.2.2.1 10.2.2.2
S0S1
Switch BRouter A Router BSwitch A
![Page 11: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/11.jpg)
使用show cdp entry 命令
RouterA#sh cdp entry *-------------------------Device ID: RouterB Entry address(es):
IP address: 10.1.1.2Platform: cisco 2522, Capabilities: Router Interface: Serial0, Port ID (outgoing port): Serial1Holdtime : 168 secVersion :Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(3), RELEASE SOFTWARE (fci)Copyright (c) 1986-1999 by cisco Systems, Inc.Compiled Mon 08-Feb-99 18:18 by phanguye
10.3.3.2 10.3.3.1 10.1.1.110.1.1.2
10.2.2.1 10.2.2.2
S0S1
Switch BRouter A Router BSwitch A
![Page 12: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/12.jpg)
其它CDP命令
RouterA#sh cdp trafficCDP counters :
Packets output: 56, Input: 38Hdr syntax: 0, Chksum error: 0, Encaps failed: 3No memory: 0, Invalid packet: 0, Fragmented: 0
RouterA#sh cdp interface BRI0 is administratively down, line protocol is downEncapsulation HDLCSending CDP packets every 60 secondsHoldtime is 180 seconds
10.3.3.2 10.3.3.1 10.1.1.110.1.1.2
10.2.2.1 10.2.2.2
S0S1
Switch BRouter A Router BSwitch A
![Page 13: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/13.jpg)
用Telnet 连接到远端设备
远端设备
10.3.3.2 10.3.3.1 10.1.1.110.1.1.2
10.2.2.1 10.2.2.2
S0S1
RouterA#telnet 10.2.2.2 Trying 10.2.2.2 ... Open-------------------------------------------------Catalyst 1900 Management ConsoleCopyright (c) Cisco Systems, Inc. 1993-1998All rights reserved.Enterprise Edition SoftwareEthernet Address: 00-90-86-73-33-40PCA Number: 73-2239-06PCA Serial Number: FAA02359H8KModel Number: WS-C1924-ENSystem Serial Number: FAA0237X0FQ.SwitchB>
Switch BRouter A Router BSwitch A
![Page 14: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/14.jpg)
查看Telnet连接
10.3.3.2 10.3.3.1 10.1.1.110.1.1.2
10.2.2.1 10.2.2.2
S0S1
RouterA#sh sessionConn Host Address Byte Idle Conn Name
1 10.1.1.2 10.1.1.2 0 1 10.1.1.2* 2 10.3.3.2 10.3.3.2 0 0 10.3.3.2
RouterA#sh userLine User Host(s) Idle Location
* 0 con 0 10.1.1.2 3 10.3.3.2 2
11 vty 0 idle 1 10.1.1.2
Switch BRouter A Router BSwitch A
![Page 15: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/15.jpg)
挂起一个Telnet会话
10.3.3.2 10.3.3.1 10.1.1.110.1.1.2
10.2.2.1 10.2.2.2
S0S1
RouterB#<Ctrl-Shift-6>xRouterA#sh sessionConn Host Address Byte Idle Conn Name
1 10.1.1.2 10.1.1.2 0 1 10.1.1.2RouterA#resume 1RouterB#
Switch BRouter A Router BSwitch A
![Page 16: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/16.jpg)
RouterA#disconnect Closing connection to 10.3.3.2 [confirm]
RouterA#clear line 11[confirm][OK]
断开一个Telnet会话
清除由远端设备建立的会话
断开由自己建立的当前会话
10.3.3.2 10.3.3.1 10.1.1.110.1.1.2
10.2.2.1 10.2.2.2
S0S1
Switch BRouter A Router BSwitch A
![Page 17: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/17.jpg)
使用ping 和trace 命令
测试对远端设备的连接性和路径
Router#ping 10.1.1.10
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Router#trace 10.1.1.10
Type escape sequence to abort.Tracing the route to 10.1.1.10
1 10.1.1.10 4 msec 4 msec 4 msecRouter#
![Page 18: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/18.jpg)
重要提示:
Show session和show user的区别
Disconnect 和Clear line的区别
Ctrl+shift+6 x 和resume
![Page 19: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/19.jpg)
© 2002, Cisco Systems, Inc. All rights reserved. 99
第四章 路由器组件和启动
![Page 20: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/20.jpg)
Router Internal Components
![Page 21: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/21.jpg)
ROM Functions
• Contains microcode for basic functions
![Page 22: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/22.jpg)
查找IOS
Flash
showversion
show startup-config
IOS
搜索顺序:
1. 检查配置寄存器
2. 检查NVRAM中的配置文件
3. 缺省是使用Flash中的第一个文件
4. 尝试从网络启动
5. RXBOOT
6. ROMMON
控制台
配置寄存器
NVRAM
![Page 23: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/23.jpg)
启动流程图
0
![Page 24: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/24.jpg)
• 配置寄存器的3, 2, 1和0位是启动选项位
设定配置寄存器的值
配置寄存器启动选项部分的值
0x0
0x2 to 0xF
0x1
含义
进入ROM monitor模式
检查NVRAM之 boot system 命令(如果路由器配有Flash则缺省值为 0x2)
自动从ROM启动(提供完整IOS的一个子集)
两种方式:
1。启动前60秒向路由器发Breack信号,使用o/r 0xxxxx命令
2。在全局配置模式里使用config-register 0xxxxx命令
![Page 25: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/25.jpg)
常用的几条命令:
show version !检查配置寄存器的值
• show flash !检查Flash中的IOS
• show startup-config !检查NVRAM中的启动配置文件
• show running-config !检查RAM中的文件
![Page 26: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/26.jpg)
2600、3600等新系列路由器步骤:
1、启动路由器,60秒内按下ctrl+break键
2、rommon>confreg 0x2142
3、rommon>reset
4、router#copy startup-config running-config
5、router(config)#no enable secrect
6、router(config-line)#no enable password
7、router#copy running-config startup
8、router(config)#config-register 0x2102
2500系列路由器步骤:
1、启动路由器,60秒内按下ctrl+break键
2、>o/r 0x2142
3、>i
其余步骤跟2600一样
路由器密码恢复
![Page 27: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/27.jpg)
Cisco IOS File System and Devices
![Page 28: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/28.jpg)
Managing Cisco IOS Images
![Page 29: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/29.jpg)
wg_ro_a#show flash
System flash directory:
File Length Name/status
1 10084696 c2500-js-l_120-3.bin
[10084760 bytes used, 6692456 available, 16777216 total]
16384K bytes of processor board System flash (Read ONLY)
检查IOS文件
![Page 30: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/30.jpg)
备份IOS文件
![Page 31: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/31.jpg)
升级IOS文件
![Page 32: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/32.jpg)
![Page 33: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/33.jpg)
第五章 配置交换机
![Page 34: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/34.jpg)
交换机功能
• 学习MAC地址
• 转发/过滤Frame
• 防止回路
![Page 35: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/35.jpg)
交换机学习主机地址
• 开机时MAC地址表是空的
MAC地址表
0260.8c01.1111
0260.8c01.2222
0260.8c01.3333
0260.8c01.4444
E0 E1
E2 E3
A B
C D
![Page 36: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/36.jpg)
交换机学习主机地址
• 主机A发送数据帧给主机C
• 交换机记录下主机A的MAC地址 对应端口E0
• 帧被转发到除端口E0以外的其它所有端口
0260.8c01.1111
0260.8c01.2222
0260.8c01.3333
0260.8c01.4444
E0: 0260.8c01.1111
E0 E1
E2 E3DC
BA
MAC地址表
![Page 37: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/37.jpg)
交换机学习主机地址
• 主机D发送数据帧给主机C
• 交换机记录下主机D的MAC地址对应端口E03
• 帧被转发到除端口E3以外的其它所有端口
0260.8c01.1111
0260.8c01.2222
0260.8c01.3333
0260.8c01.4444
E0: 0260.8c01.1111
E3: 0260.8c01.4444
E0 E1
E2 E3 DC
A B
MAC地址表
![Page 38: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/38.jpg)
交换机确定转发/过滤帧
• host A发送数据帧给主机C
• 在地址表中有目标主机,数据帧不再泛洪而直接转发
E0: 0260.8c01.1111
E2: 0260.8c01.2222
E1: 0260.8c01.3333E3: 0260.8c01.4444
0260.8c01.1111
0260.8c01.2222
0260.8c01.3333
0260.8c01.4444
E0 E1
E2 E3
XX DC
A B
MAC地址表
![Page 39: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/39.jpg)
• 主机D发送广播帧或多点帧
• 广播帧或多点帧泛洪到除源端口外的所有端口
0260.8c01.1111
0260.8c01.2222
0260.8c01.3333
0260.8c01.4444
E0 E1
E2 E3 DC
A B
E0: 0260.8c01.1111
E2: 0260.8c01.2222
E1: 0260.8c01.3333E3: 0260.8c01.4444
广播帧和多播帧(生存期300秒)
MAC地址表
![Page 40: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/40.jpg)
冗余网络拓扑
• 冗余拓扑消除了由于单点故障所引起的网络问题
• 冗余拓扑却带来了广播风暴、重复帧和MAC地址表不稳定的问题
服务器/主机 X
路由器 Y
![Page 41: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/41.jpg)
广播
交换机 A 交换机 B
主机 X 发送一广播信息
广播风暴
服务器/主机 X 路由器 Y
![Page 42: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/42.jpg)
广播
交换机 A 交换机 B
主机 X 发送一广播信息
广播风暴
服务器/主机 X 路由器 Y
![Page 43: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/43.jpg)
广播
交换机不停地发出广播信息
广播风暴
交换机 A 交换机 B
服务器/主机 X 路由器 Y
![Page 44: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/44.jpg)
重复帧
单点帧
• 主机X发送一单点帧给路由器Y
• 路由器Y的MAC地址还没有被Switch A和B学习到
交换机 A 交换机 B
主机 X 路由器 Y
![Page 45: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/45.jpg)
单点帧
• 主机X发送一单点帧给路由器Y
• 路由器Y的MAC地址还没有被Switch A和B学习到• 路由器Y会收到同一帧的两个拷贝
单点帧
单点帧
重复帧
交换机 A 交换机 B
服务器/主机 X路由器 Y
![Page 46: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/46.jpg)
单点帧 单点帧
• 主机X发送一单点帧给路由器Y
• 路由器Y的MAC地址还没有被Switch A和B学习到
端口 0
端口1
端口0
端口1
MAC地址表不稳定
交换机 A 交换机 B
主机 X
路由器 Y
![Page 47: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/47.jpg)
Unicast
• X发送一单点帧给Y
• A和B没有Y的MAC地址• A和B都学习到X的MAC地址对应E0
• 到Y的帧在A和B上被扩散
MAC地址表不稳定
单点帧
端口 0
端口1
端口0
端口1
交换机 A 交换机 B
主机 X路由器 Y
![Page 48: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/48.jpg)
• 每个网络只能有一个根网桥• 每个非根网桥只能有一个根端口• 每段只能有一个指定端口• 根端口和指定端口都是Forwarding
• 其他端口为Blocking
生成树协议的规则
![Page 49: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/49.jpg)
Switch Y
MAC 0c0022222222
Default priority 32768
Switch X
MAC 0c0011111111
Default priority 32768
Port 1
Port 2
Port 2
Port 1
Switch Z
Mac 0c0011110000
Default priority 32768Port 2
100base T
Port 1
d d
r r
d
生成树协议的计算
![Page 50: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/50.jpg)
连接速率 代价(NEW IEEE 规范) 代价( OLD IEEE 规范)
------------------------------------------------------------------------------------
10 Gbps 2 1
1 Gbps 4 1
100 Mbps 19 10
10 Mbps 100 100
COST值
![Page 51: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/51.jpg)
阻 塞
侦 听
学 习
转 发
生成树会将每个端口的状态作以下改变:
生成树端口状态
20秒
15秒
15秒
![Page 52: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/52.jpg)
收敛时间
• 当所有交换机的端口都改变到转发或阻塞状态时发生收敛
• 收敛时间内,所有用户数据不能通过收敛的端口
![Page 53: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/53.jpg)
配置IP地址
wg_sw_2950(config)#interface vlan 1
wg_sw_2950(config-if)#ip address 10.5.5.11 255.255.255.0
wg_sw_2950(config)#interface vlan 1wg_sw_2950(config-if)#ip address {ip_address} {mask}
• Configures an IP address and subnet mask for the switch VLAN1 interface
Catalyst 2950
![Page 54: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/54.jpg)
Showing the Switch IP Address
Catalyst 2950
wg_sw_2950#show interface vlan 1
Vlan1 is up, line protocol is up
Hardware is Cat5k Virtual Ethernet, address is 0010.f6a9.9800 (bia 0010.f6a9.9800)
Internet address is 172.16.80.79/24
. . .
wg_sw_2950#
![Page 55: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/55.jpg)
双工模式
Half Duplex (CSMA/CD)
• HUB工作在半双工模式
• 同时只有一个方向传输数据
Full Duplex
• 交换机工作在全双工
• 100M的交换机在全双工的模式可以在
每个方向达到100M的带宽
![Page 56: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/56.jpg)
设置双工
Catalyst 2950
wg_sw_2950(config)#interface fa0/1
wg_sw_2950(config-if)#duplex {auto | full | half}
![Page 57: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/57.jpg)
管理MAC地址表
Catalyst 2950
sw2950#sh mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 000f.72db.4ec0 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 0000.0c3f.0b05 DYNAMIC Fa0/12
1 0030.94e6.391d DYNAMIC Fa0/11
1 00e0.b05a.5bfe DYNAMIC Fa0/10
Total Mac Addresses for this criterion: 7
sw2950#
![Page 58: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/58.jpg)
设置永久MAC地址—不过期
wg_sw_2950(config)#mac-address-table static
mac_addr {vlan vlan_id} [interface int1 [int2 ... int15]]
sw2950(config)#mac-address-table static 1111.1111.1111 vlan 1 interface f0/1
Catalyst 2950 only
![Page 59: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/59.jpg)
配置Port Security
sw2950(config-if)#switchport mode access
sw2950(config-if)#switchport port-security
sw2950(config-if)# switchport port-security maximum 2 (1-132)
sw2950(config-if)# switchport port-security mac-address 0030.94e6.04c2
sw2950(config-if)# switchport port-security mac-address 0030.94e6.04c3
sw2950(config-if)# switchport port-security violation shutdown/protect/restrict
sw2950#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa0/12 1 1 10 Restrict
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
sw2950#
![Page 60: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/60.jpg)
清除NVRAM(注:交换机和路由器所用命令一样)
• Resets the system configuration to factory defaults
wg_sw_2950#erase startup-config
Catalyst 2950
![Page 61: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/61.jpg)
A B C D
物理层
• 所有设备在同一冲突域
• 所有设备在同一广播域
• 所有设备共享相同的带宽
集线器和交换机的区别
![Page 62: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/62.jpg)
集线器:同一个冲突域
• 接入设备越多冲突机率越大
• 用CSMA/CD技术• Carrier Sense, Multiple Access with
Collision Detection
A
B
C
![Page 63: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/63.jpg)
• 每port有自己的冲突域
• 所有的port都在同一广播域
数据链路层
或1 2 3 1 24
交换机和网桥运行在链路层
![Page 64: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/64.jpg)
交换机
• 每个端口有自己的冲突域
• 广播包向所有port转发
缓冲区
交换
![Page 65: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/65.jpg)
![Page 66: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/66.jpg)
第六章 配置VLAN
![Page 67: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/67.jpg)
• Each logical VLAN is like a separate physical bridge.
• VLANs can span across multiple switches.
• Trunks carry traffic for multiple VLANs.
• Trunks use special encapsulation to distinguish between
different VLANs.
VLAN Operation
![Page 68: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/68.jpg)
VLAN 成员模式
CAT5000
ciscowork2000
![Page 69: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/69.jpg)
802.1Q Trunking
![Page 70: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/70.jpg)
802.1Q Frame
![Page 71: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/71.jpg)
Per-VLAN Spanning Tree
![Page 72: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/72.jpg)
ISL标识
• 通过硬件(ASIC)实现
• ISL标识不会出现在工作站,客户端并不知道ISL的封装信息
• 在交换机或路由器与交换机之间,在交换机与具有ISL网卡的服务器之间可以实现
ISL的主干功能使得VLAN信息可以穿越主干线
进入主干线前加上VLAN标识
离开主干线后去掉VLAN标识
ISL支持VLAN的标识
![Page 73: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/73.jpg)
ISL封装
• 用ISL头与CRC进行帧封装
• 可以支持多个VLAN
• VLAN号
• BPDU控制位
![Page 74: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/74.jpg)
VTP协议(VLAN Trunking Protocol )
• 一个能够宣告VLAN配置信息的协议
• 通过一个共有的管理域,维持VLAN配置信息的一致性
• VTP只能在Trunk端口发送要宣告的信息
• 支持混合的介质主干连接(快速以太网, FDDI, ATM)
1.“新增一个vlan”
3.同步最新的vlan信息
2
VTP 域 “ICND”
![Page 75: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/75.jpg)
VTP模式
透明模式
• 发送/转发信息宣告
• 同步• 会存贮于flash
• 创建vlan
• 修改vlan
• 删除vlan
• 发送/转发信息宣告
• 同步• 存贮于flash
• 创建vlan
• 修改vlan
• 删除vlan
• 转发信息宣告
• 不同步• 存贮于flash
![Page 76: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/76.jpg)
• VTP信息宣告以多播的方式来进行
• VTP服务器和客户模式下会同步最新版本的宣告信息
• VTP信息宣告每隔5分钟或者有变化时发生
1.新增VLAN
2.版本3 -->版本4
服务器
客户 客户
4.版本3 -->版本4
5.同步新的VLAN信息
3 3
4.版本3 -->版本4
5.同步新的VLAN信息
VTP是如何工作的
![Page 77: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/77.jpg)
• 通过阻止不必要数据的泛洪传送来增加可用的带宽
• 例如: 主机A发出广播,广播仅仅泛洪到已有端口被分配到红色VLAN的所有交换机
交换机4
交换机2
交换机6 交换机3 交换机 1
端口 2
被泛洪的数据在
这些地方被阻止
VLAN2
端口 1
交换机5
A
B
VTP裁剪
![Page 78: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/78.jpg)
1.创建VLAN
sw(config)#vlan 2
Sw(config)#name VLAN2
2.将端口加入VLAN
sw(config-if)#switchport mode access
sw(config-if)#switchport access vlan 2
3.检查的命令
Switch#show vlan
在单台交换机上配置VLAN
![Page 79: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/79.jpg)
VLAN Configuration Modes
Global ModeSwitch# configure terminal
Switch(config)# vlan 3
Switch(config-vlan)# name Vlan3
Switch(config-vlan)# exit
Switch(config)# end
可同时创建或删除多VLAN:
Wisdom#Wisdom#conf tEnter configuration commands, one per line. End with CNTL/Z.Wisdom(config)#vlan 2-10 //同时创建2到10的VLANWisdom(config-vlan)#endWisdom#conf tWisdom(config)#no vlan 2-10 //同时删除2到10的VLAN
注:只可以同时对一个VLAN进行命名
![Page 80: 2013CCNAPPT(2)](https://reader033.vdocuments.net/reader033/viewer/2022051117/5695d0141a28ab9b0290dfed/html5/thumbnails/80.jpg)
VLAN Configuration Modes
Database Mode(老的交换机技术,新的交换机也支持)
Switch# vlan database
Switch(vlan)# vlan 3
VLAN 3 added:
Name: VLAN0003
Switch(vlan)# exit //退出后所创建的VLAN才会生效APPLY completed.
Exiting....