网络工程师-9-交换机原理及配置.ppt

《网络工程师-9-交换机原理及配置.ppt》由会员分享，可在线阅读，更多相关《网络工程师-9-交换机原理及配置.ppt（68页珍藏版）》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。

1、 1999,Cisco Systems,IICND6-1Chapter 9交换机原理及配置交换机原理及配置 1999,Cisco Systems,IICND6-2地址（地址（MAC）学习学习转发转发/筛选筛选环路避免环路避免Switch 的三个功能的三个功能 1999,Cisco Systems,IICND6-3Switches 地址学习地址学习初始初始 MAC 地址表为空地址表为空学习源地址学习源地址MAC address table0260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0E1E2E3ABCD 1999,Cisco

2、Systems,IICND6-4Switches地址学习地址学习Station A sends a frame to Station CSwitch caches station A MAC address to port E0 by learning the source address of data frames The frame from station A to station C is flooded out to all ports except port E0(unknown unicasts are flooded)MAC address table0260.8c01.11

3、110260.8c01.22220260.8c01.33330260.8c01.4444E0E1E2E3DCBA 1999,Cisco Systems,IICND6-5Switches地址学习地址学习Station D sends a frame to station CSwitch caches station D MAC address to port E3 by learning the source Address of data framesThe frame from station D to station C is flooded out to all ports except

4、 port E3(unknown unicasts are flooded)MAC address table0260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0E1E2E3DCAB 1999,Cisco Systems,IICND6-6Switches 转发转发/过滤过滤Station A sends a frame to station CDestination is known,frame is not flooded 0260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4

5、444E0E1E2E3X XX XDCABMAC address table 1999,Cisco Systems,IICND6-7Station D sends a broadcast or multicast frameBroadcast and multicast frames are flooded to all ports other than the originating port0260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0E1E2E3DCABMAC address table广播与多播广播与多播Frame

6、1999,Cisco Systems,IICND6-8冗余路径冗余路径 冗余路径消除了单故障点冗余路径消除了单故障点冗余路径的不利后果：冗余路径的不利后果：广播风暴广播风暴,多个多个Frame副本副本,MAC地址表不稳定地址表不稳定Segment 1Segment 2Server/host XRouter Y 1999,Cisco Systems,IICND6-9Segment 1Segment 2Server/host XRouter Y BroadcastSwitch ASwitch BHost X sends a Broadcast广播风暴广播风暴 1999,Cisco Systems,

7、IICND6-10Segment 1Segment 2Server/host XRouter Y BroadcastSwitch ASwitch BHost X sends a Broadcast广播风暴广播风暴 1999,Cisco Systems,IICND6-11Segment 1Segment 2Server/host XRouter Y BroadcastSwitches continue to propagate broadcast traffic over and overSwitch ASwitch B广播风暴广播风暴 1999,Cisco Systems,IICND6-12多

8、个多个Frame副本副本Segment 1Segment 2Server/host XRouter Y UnicastSwitch ASwitch BHost X sends an unicast frame to router YRouter Y MAC address has not been learned by either switch yet 1999,Cisco Systems,IICND6-13Segment 1Segment 2Server/host XRouter Y UnicastSwitch ASwitch BHost X sends an unicast frame

9、to Router YRouter Y MAC Address has not been learned by either Switch yetRouter Y will receive two copies of the same frame Unicast Unicast多个多个Frame副本副本 1999,Cisco Systems,IICND6-14Segment 1Segment 2Server/host XRouter Y Unicast UnicastSwitch A Switch BHost X sends an unicast frame to Router YRouter

10、 Y MAC Address has not been learned by either Switch yetSwitch A and B learn Host X MAC address on port 0Port 0Port 1Port 0Port 1多个多个Frame副本副本 1999,Cisco Systems,IICND6-15Segment 1Segment 2Server/host XRouter Y Unicast UnicastSwitch ASwitch BHost X sends an unicast frame to Router YRouter Y MAC Addr

11、ess has not been learned by either Switch yetSwitch A and B learn Host X MAC address on port 0Frame to Router Y is floodedSwitch A and B incorrectly learn Host X MAC address on port 1Port 0Port 1Port 0Port 1多个多个Frame副本副本 1999,Cisco Systems,IICND6-16Complex topology can cause multiple loops to occurL

12、ayer 2 has no mechanism to stop the loopServer/hostWorkstationsLoopLoopLoop多个环路问题多个环路问题 Broadcast 1999,Cisco Systems,IICND6-17解决办法解决办法:Spanning-Tree Protocol将一些将一些Port置为置为Block状态，避免环路的产生状态，避免环路的产生Blockx 1999,Cisco Systems,IICND6-18One root bridge per networkOne root port per nonroot bridgeOne design

13、ated port per segmentxDesignated port(F)Root port(F)Designated port(F)Nondesignated port(B)Root bridgeNonroot bridgeSW XSW Y100baseT 10baseT生成树协议生成树协议 STPSpanning-Tree Operations 1999,Cisco Systems,IICND6-19Switch YDefault priority 32768(8000 hex)MAC 0c0022222222Switch XDefault priority 32768(8000 h

14、ex)MAC 0c0011111111 BPDUBPDU=Bridge protocol data unit 桥协议数据单元桥协议数据单元(2 秒秒)Root bridge：bridge ID 最小的桥最小的桥Non Root bridge：其它的桥其它的桥Bridge ID=Bridge priority+bridge MAC address生成树协议生成树协议根桥选择根桥选择 1999,Cisco Systems,IICND6-20Switch YDefault priority 32768MAC 0c0022222222Switch XDefault priority 32768 MAC

15、 0c0011111111Root bridgexPort 0Port 1Port 0Port 1100baseT10baseT Designated port(F)Root port(F)Nondesignated port(B)Designated port(F)生成树协议生成树协议端口选择端口选择非根桥非根桥root port：非根桥上到根桥非根桥上到根桥cost最小的端口最小的端口designated port：每一每一Segment上到根桥上到根桥cost最小端口最小端口根桥的所有端口都是根桥的所有端口都是designated portnondesignated port：剩余的所有

16、端口剩余的所有端口 1999,Cisco Systems,IICND6-21生成树协议生成树协议端口最终状态端口最终状态最终状态最终状态根桥的所有端口：根桥的所有端口：Forwarding非根桥非根桥root port：Forwardingdesignated port：Forwardingnondesignated port：Blocking注意：注意：Blocking状态不能转发数据，状态不能转发数据，但可收发但可收发BPDU消息消息 1999,Cisco Systems,IICND6-22Link SpeedCost(reratify IEEE spec)Cost(previous IE

17、EE spec)-10 Gbps 211 Gbps41100 Mbps191010 Mbps100100生成树协议生成树协议路径成本路径成本 1999,Cisco Systems,IICND6-23Switch YMAC 0c0022222222Default priority 32768Switch XMAC 0c0011111111Default priority 32768 Port 0Port 1Port 0Port 1Switch ZMac 0c0011110000Default priority 32768Port 0Can you figure out:What is the r

18、oot bridge?What are the designated,nondesignated,and root parts?Which are the forwarding and blocking ports?100baseT100baseT生成树：实例生成树：实例 1999,Cisco Systems,IICND6-24Switch YMAC 0c0022222222Default priority 32768Switch XMAC 0c0011111111Default priority 32768 Port 0Port 1Port 0Port 1Switch ZMac 0c0011

19、110000Default priority 32768Port 0Can you figure out:What is the root bridge?What are the designated,nondesignated,and root parts?Which are the forwarding and blocking ports?100baseT100baseTDesignated port(F)Root port(F)Nondesignated port(BLK)Designated port(F)Root port(F)生成树：实例生成树：实例 1999,Cisco Sys

20、tems,IICND6-25BlockingListeningLearningForwardingSpanning-tree transitions each port through several different state:生成树协议生成树协议端口状态变化端口状态变化 1999,Cisco Systems,IICND6-26Switch YMAC 0c0022222222Default priority 32768Switch XMAC 0c0011111111Default priority 32768 Port 0Port 1Port 0Port 110baseTx x100ba

21、seTRoot BridgeDesignated portRoot port(F)Nondesignated port(BLK)Designated port生成树协议生成树协议重新计算重新计算 1999,Cisco Systems,IICND6-27Switch YMAC 0c0022222222Default priority 32768Switch XMAC 0c0011111111Default priority 32768 Port 0Port 1Port 0Port 110baseTx x100baseTRoot BridgeDesignated portRoot port(F)N

22、ondesignated port(BLK)Designated portBPDUx xMAXAGEx x生成树协议生成树协议重新计算重新计算 1999,Cisco Systems,IICND6-28生成树协议生成树协议汇聚汇聚汇聚发生在汇聚发生在 switches ports当网络拓扑发生变化当网络拓扑发生变化,switches 必须重新计必须重新计算算 生成树生成树,这会暂时中断用户访问这会暂时中断用户访问blockingforwarding 1999,Cisco Systems,IICND6-29Verifying Spanning TreeVerifying Spanning Tree

23、wg_sw_a#show spantree vlan number 1999,Cisco Systems,IICND6-30Verifying Spanning TreeVerifying Spanning Treewg_sw_a#show spantree 1VLAN1 is executing the IEEE compatible Spanning Tree Protocol Configured hello time 2,max age 20,forward delay 15 Root port is FastEthernet 0/26,cost of root path is 10

24、Topology change flag not set,detected flag not set Topology changes 53,last topology change occured 0d00h17m14s ago Times:hold 1,topology change 8960 hello 2,max age 20,forward delay 15 Timers:hello 2,topology change 35,notification 2Port Ethernet 0/1 of VLAN1 is Forwarding Port path cost 100,Port p

25、riority 128 Designated port is Ethernet 0/1,path cost 10 Timers:message age 20,forward delay 15,hold 1wg_sw_a#show spantree vlan number 1999,Cisco Systems,IICND6-31基于软件实现基于软件实现只有一个生成树实例只有一个生成树实例最多最多16PortsBridging基于硬件实现基于硬件实现(ASIC)多个生成数实例多个生成数实例更多的更多的PortsLAN SwitchingBridging LAN Switching 1999,Cis

26、co Systems,IICND6-32Switch 转发数据转发数据Frame的方式的方式Cut-throughSwitch checks destination address and immediately begins forwarding frameFrame 1999,Cisco Systems,IICND6-33Switch 转发数据转发数据Frame的方式的方式Store and forwardComplete frame is received and checked before forwardingCut-throughSwitch checks destination

27、address and immediately begins forwarding frameFrameFrameFrameFrame 1999,Cisco Systems,IICND6-34Cut-throughSwitch checks destination address and immediately begins forwarding frameFrameFragment free(modified cut-through)Cat1900 DefaultSwitch checks the first 64 bytes then immediately begins forwardi

28、ng frameFrameStore and forwardComplete frame is received and checked before forwardingFrameFrameFrameSwitch 转发数据转发数据Frame的方式的方式 1999,Cisco Systems,IICND6-35Half duplex(CSMA/CD)Unidirectional data flowHigher potential for collisonHubs connectivity SwitchHub全双工全双工半双工半双工 1999,Cisco Systems,IICND6-36Hal

29、f duplex(CSMA/CD)Unidirectional data flowHigher potential for collisonHubs connectivity SwitchHubFull duplex Point-to-point onlyAttached to dedicated switched portRequires full-duplex support on both endsCollision free Collision detect circuit disabled全双工全双工半双工半双工 1999,Cisco Systems,IICND6-37配置配置 Sw

30、itchCatalyst 1900Menu driven interfaceWeb-based VSM(Visual Switch Manager)IOS CLI(command-line interface)1999,Cisco Systems,IICND6-38系统启动例程会初始化交换机系统启动例程会初始化交换机初始启动利用缺省配置参数初始启动利用缺省配置参数1.启动前确认正确连接线缆和控制线启动前确认正确连接线缆和控制线2.接入电源接入电源3.观察启动顺序观察启动顺序面板上的指示灯面板上的指示灯LEDsCisco IOS输出到控制台上的内容输出到控制台上的内容交换机的初始启动交换机的初始

31、启动 1999,Cisco Systems,IICND6-39检查交换机指示灯检查交换机指示灯(LEDs)1999,Cisco Systems,IICND6-40交换机自检期间的端口指示灯交换机自检期间的端口指示灯 1.启动时，所有端口指示灯变绿启动时，所有端口指示灯变绿.2.每个端口自检完毕，对应的指示灯熄灭每个端口自检完毕，对应的指示灯熄灭.3.如果端口自检失败如果端口自检失败,对应指示灯呈黄色对应指示灯呈黄色.4.如果有任何自检失败情况，系统指示灯呈现黄色如果有任何自检失败情况，系统指示灯呈现黄色.5.如果没有自检失败如果没有自检失败,自检过程完成自检过程完成.6.随着自检过程的完成随着

32、自检过程的完成,指示灯闪亮后熄灭指示灯闪亮后熄灭.1999,Cisco Systems,IICND6-41CDP:EnabledSwitching mode:fragment free100baseT port:Auto-negotiate duplex mode10baseT port:Half duplexSpanning Tree:EnabledConsole password:noneCatalyst 1900 的缺省配置的缺省配置 1999,Cisco Systems,IICND6-42Cat1912 Cat192410baseT portsAUI port100baseT upli

33、nk portse0/1 to e0/12e0/1 to e0/24e0/25e0/25fa0/26(port A)fa0/27(port B)fa0/26(port A)fa0/27(port B)Catalyst 1900 的的Ports 1999,Cisco Systems,IICND6-43Configuration ModesGlobal configuration mode wg_sw_a#conf termwg_sw_a(config)#Interface configuration modewg_sw_a(config)#interface e0/1wg_sw_a(config

34、-if)#配置配置 Switch 1999,Cisco Systems,IICND6-44配置配置Switch IP地址地址wg_sw_a(config)#ip address ip address mask 1999,Cisco Systems,IICND6-45wg_sw_a(configwg_sw_a(config)#ip address ip address mask配置配置Switch IP地址地址 1999,Cisco Systems,IICND6-46wg_sw_a(config)#ip default-gateway ip address配置配置Switch 缺省网关缺省网关

35、1999,Cisco Systems,IICND6-47wg_sw_a(configwg_sw_a(config)#ip default-gateway ip address配置配置Switch 缺省网关缺省网关 1999,Cisco Systems,IICND6-48wg_sw_a#show ip Management VLAN:1Domain name:HTTP server:EnabledHTTP port:80RIP:Enabledwg_sw_a#显示显示Switch IP配置配置 1999,Cisco Systems,IICND6-49双工模式双工模式双工模式双工模式wg_sw_a(

36、config)#interface e0/1wg_sw_a(config-if)#duplex auto|full|full-flow-control|half 1999,Cisco Systems,IICND6-50wg_sw_a(config-if)#duplex halfwg_sw_a(config)#interface e0/1wg_sw_a(config-if)#duplex auto|full|full-flow-control|half设置双工模式设置双工模式 1999,Cisco Systems,IICND6-51查看双工模式查看双工模式 1999,Cisco Systems,

37、IICND6-52管理管理管理管理Mac Mac 地址表地址表地址表地址表wg_sw_a#show mac-address-table 1999,Cisco Systems,IICND6-53wg_sw_a#sh mac-address-tableNumber of permanent addresses:0Number of restricted static addresses:0Number of dynamic addresses:6Address Dest Interface Type Source Interface List-00E0.1E5D.AE2F Ethernet 0/2

38、 Dynamic All FastEthernet 0/26 Dynamic All FastEthernet 0/26 Dynamic All FastEthernet 0/26 Dynamic All FastEthernet 0/26 Dynamic All FastEthernet 0/27 Dynamic Allwg_sw_a#show mac-address-table管理管理Mac 地址表地址表 1999,Cisco Systems,IICND6-54wg_sw_a(config)#mac-address-table permanent mac-address type modu

39、le/port设置永久设置永久MAC地址地址 1999,Cisco Systems,IICND6-55wg_sw_a(config)#wg_sw_a(config)#mac-address-table permanent 2222.2222.2222 ethernet 0/3mac-address-table permanent mac-address type module/port设置永久设置永久MAC地址地址 1999,Cisco Systems,IICND6-56wg_sw_a#sh mac-address-tableNumber of permanent addresses:1Num

40、ber of restricted static addresses:0Number of dynamic addresses:4Address Dest Interface Type Source Interface List-00E0.1E5D.AE2FEthernet 0/2DynamicAll2222.2222.2222Ethernet 0/3Permanent AllFastEthernet 0/26 Dynamic AllFastEthernet 0/26 Dynamic AllFastEthernet 0/27 Dynamic Allwg_sw_a(config)#wg_sw_a

41、(config)#mac-address-table permanent 2222.2222.2222 ethernet 0/3mac-address-table permanent mac-address type module/port设置永久设置永久MAC地址地址 1999,Cisco Systems,IICND6-57wg_sw_a(config)#mac-address-table restricted static mac-address type module/port src-if-list设置受限设置受限MAC地址地址 1999,Cisco Systems,IICND6-58

42、wg_sw_a(config)#mac-address-table restricted static 1111.1111.1111 e0/4 e0/1wg_sw_a(config)#mac-address-table restricted static mac-address type module/port src-if-list设置受限设置受限MAC地址地址 1999,Cisco Systems,IICND6-59wg_sw_a#sh mac-address-tableNumber of permanent addresses:1Number of restricted static a

43、ddresses:1Number of dynamic addresses:4Address Dest Interface Type Source Interface List-1111.1111.1111Ethernet 0/4StaticEt0/100E0.1E5D.AE2FEthernet 0/2 DynamicAll2222.2222.2222Ethernet 0/3Permanent AllFastEthernet 0/26 Dynamic AllFastEthernet 0/26 Dynamic AllFastEthernet 0/27 Dynamic Allwg_sw_a(con

44、fig)#mac-address-table restricted static 1111.1111.1111 e0/4 e0/1wg_sw_a(config)#mac-address-table restricted static mac-address type module/port src-if-list设置受限设置受限MAC地址地址 1999,Cisco Systems,IICND6-60配置端口安全性配置端口安全性配置端口安全性配置端口安全性wg_sw_a(config-if)#Configures an interface to be a secured port Define

45、a maximum number of mac addresses allowed in the address table for this portCount can be from 1 to 132Default is 132port secure max-mac-count count 1999,Cisco Systems,IICND6-61wg_sw_a(config-if)#Configures an interface to be a secured port Define a maximum number of mac addresses allowed in the addr

46、ess table for this portCount can be from 1 to 132Default is 132wg_sw_a(config)#interface e0/4wg_sw_a(config-if)#port secure max-mac-count 1port secure max-mac-count count配置端口安全性配置端口安全性 1999,Cisco Systems,IICND6-62配置端口安全性配置端口安全性配置端口安全性配置端口安全性wg_sw_a#show mac-address-table securitywg_sw_a#show mac-add

47、ress-table securityAction upon address violation:SuspendInterface Addressing Security Address Table Size-Ethernet 0/1 Disabled N/AEthernet 0/2 Disabled N/AEthernet 0/3 Disabled N/AEthernet 0/4 Enabled 1Ethernet 0/5 Disabled N/AEthernet 0/6 Disabled N/AEthernet 0/7 Disabled N/AEthernet 0/8 Disabled N

48、/AEthernet 0/9 Disabled N/AEthernet 0/10 Disabled N/AEthernet 0/11 Disabled N/AEthernet 0/12 Disabled N/A 1999,Cisco Systems,IICND6-63wg_sw_a#show mac-address-table securitywg_sw_a(config)#address-violation suspend|disable|ignorewg_sw_a#show mac-address-table securityAction upon address violation:Su

49、spendInterface Addressing Security Address Table Size-Ethernet 0/1 Disabled N/AEthernet 0/2 Disabled N/AEthernet 0/3 Disabled N/AEthernet 0/4 Enabled 1Ethernet 0/5 Disabled N/AEthernet 0/6 Disabled N/AEthernet 0/7 Disabled N/AEthernet 0/8 Disabled N/AEthernet 0/9 Disabled N/AEthernet 0/10 Disabled N

50、/AEthernet 0/11 Disabled N/AEthernet 0/12 Disabled N/A配置端口安全性配置端口安全性 1999,Cisco Systems,IICND6-64Show Version 1999,Cisco Systems,IICND6-65copy nvram tftp:/host/dst_filewg_sw_a#To send the configuration to a TFTP server:管理配置文件管理配置文件 1999,Cisco Systems,IICND6-66copy tftp:/host/src_file nvramcopy nvram