网络工程师-9-交换机原理及配置.ppt

Chapter 9交换机原理及配置,地址（MAC）学习转发/筛选环路避免,Switch 的三个功能,Switches 地址学习,初始 MAC 地址表为空学习源地址,MAC address table,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,A,B,C,D,Switches地址学习,Station A sends a frame to Station CSwitch caches station A MAC address to port E0 by learning the source address of data frames The frame from station A to station C is flooded out to all ports except port E0(unknown unicasts are flooded),MAC address table,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,D,C,B,A,Switches地址学习,Station D sends a frame to station CSwitch caches station D MAC address to port E3 by learning the source Address of data framesThe frame from station D to station C is flooded out to all ports except port E3(unknown unicasts are flooded),MAC address table,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,D,C,A,B,Switches 转发/过滤,Station A sends a frame to station CDestination is known,frame is not flooded,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,X,X,D,C,A,B,MAC address table,Station D sends a broadcast or multicast frameBroadcast and multicast frames are flooded to all ports other than the originating port,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,D,C,A,B,MAC address table,广播与多播Frame,冗余路径,冗余路径消除了单故障点冗余路径的不利后果：广播风暴,多个Frame副本,MAC地址表不稳定,Segment 1,Segment 2,Server/host X,Router Y,Segment 1,Segment 2,Server/host X,Router Y,Broadcast,Switch A,Switch B,Host X sends a Broadcast,广播风暴,Segment 1,Segment 2,Server/host X,Router Y,Broadcast,Switch A,Switch B,Host X sends a Broadcast,广播风暴,Segment 1,Segment 2,Server/host X,Router Y,Broadcast,Switches continue to propagate broadcast traffic over and over,Switch A,Switch B,广播风暴,多个Frame副本,Segment 1,Segment 2,Server/host X,Router Y,Unicast,Switch A,Switch B,Host X sends an unicast frame to router YRouter Y MAC address has not been learned by either switch yet,Segment 1,Segment 2,Server/host X,Router Y,Switch A,Switch B,Host X sends an unicast frame to Router YRouter Y MAC Address has not been learned by either Switch yetRouter Y will receive two copies of the same frame,多个Frame副本,Segment 1,Segment 2,Server/host X,Router Y,Unicast,Unicast,Switch A,Switch B,Host X sends an unicast frame to Router YRouter Y MAC Address has not been learned by either Switch yetSwitch A and B learn Host X MAC address on port 0,Port 0,Port 1,Port 0,Port 1,多个Frame副本,Segment 1,Segment 2,Server/host X,Router Y,Unicast,Unicast,Switch A,Switch B,Host X sends an unicast frame to Router YRouter Y MAC Address has not been learned by either Switch yetSwitch A and B learn Host X MAC address on port 0Frame to Router Y is floodedSwitch A and B incorrectly learn Host X MAC address on port 1,Port 0,Port 1,Port 0,Port 1,多个Frame副本,Complex topology can cause multiple loops to occurLayer 2 has no mechanism to stop the loop,Server/host,Workstations,Loop,Loop,Loop,多个环路问题,解决办法:Spanning-Tree Protocol,将一些Port置为Block状态，避免环路的产生,Block,x,One root bridge per networkOne root port per nonroot bridgeOne designated port per segment,x,Designated port(F),Root port(F),Designated port(F),Nondesignated port(B),Root bridge,Nonroot bridge,SW X,SW Y,100baseT,10baseT,生成树协议 STPSpanning-Tree Operations,Switch YDefault priority 32768(8000 hex)MAC 0c0022222222,Switch XDefault priority 32768(8000 hex)MAC 0c0011111111,BPDU,BPDU=Bridge protocol data unit 桥协议数据单元(2 秒)Root bridge：bridge ID 最小的桥Non Root bridge：其它的桥Bridge ID=Bridge priority+bridge MAC address,生成树协议根桥选择,Switch YDefault priority 32768MAC 0c0022222222,Switch XDefault priority 32768 MAC 0c0011111111,Root bridge,x,Port 0,Port 1,Port 0,Port 1,100baseT,10baseT,Designated port(F),Root port(F),Nondesignated port(B),Designated port(F),生成树协议端口选择,非根桥root port：非根桥上到根桥cost最小的端口designated port：每一Segment上到根桥cost最小端口根桥的所有端口都是designated portnondesignated port：剩余的所有端口,生成树协议端口最终状态,最终状态根桥的所有端口：Forwarding非根桥root port：Forwardingdesignated port：Forwardingnondesignated port：Blocking,注意：Blocking状态不能转发数据，但可收发BPDU消息,Link SpeedCost(reratify IEEE spec)Cost(previous IEEE spec)-10 Gbps 211 Gbps41100 Mbps191010 Mbps100100,生成树协议路径成本,Switch YMAC 0c0022222222Default priority 32768,Switch XMAC 0c0011111111Default priority 32768,Port 0,Port 1,Port 0,Port 1,Switch ZMac 0c0011110000Default priority 32768,Port 0,Can you figure out:What is the root bridge?What are the designated,nondesignated,and root parts?Which are the forwarding and blocking ports?,100baseT,100baseT,生成树：实例,Switch YMAC 0c0022222222Default priority 32768,Switch XMAC 0c0011111111Default priority 32768,Port 0,Port 1,Port 0,Port 1,Switch ZMac 0c0011110000Default priority 32768,Port 0,Can you figure out:What is the root bridge?What are the designated,nondesignated,and root parts?Which are the forwarding and blocking ports?,100baseT,100baseT,Designated port(F),Root port(F),Nondesignated port(BLK),Designated port(F),Root port(F),生成树：实例,Spanning-tree transitions each port through several different state:,生成树协议端口状态变化,生成树协议重新计算,生成树协议重新计算,生成树协议汇聚,汇聚发生在 switches ports,当网络拓扑发生变化,switches 必须重新计算 生成树,这会暂时中断用户访问,blocking,forwarding,Verifying Spanning Tree,wg_sw_a#show spantree vlan number,Verifying Spanning Tree,wg_sw_a#show spantree 1VLAN1 is executing the IEEE compatible Spanning Tree Protocol Configured hello time 2,max age 20,forward delay 15 Root port is FastEthernet 0/26,cost of root path is 10 Topology change flag not set,detected flag not set Topology changes 53,last topology change occured 0d00h17m14s ago Times:hold 1,topology change 8960 hello 2,max age 20,forward delay 15 Timers:hello 2,topology change 35,notification 2Port Ethernet 0/1 of VLAN1 is Forwarding Port path cost 100,Port priority 128 Designated port is Ethernet 0/1,path cost 10 Timers:message age 20,forward delay 15,hold 1,wg_sw_a#show spantree vlan number,基于软件实现只有一个生成树实例最多16Ports,Bridging,基于硬件实现(ASIC)多个生成数实例更多的Ports,LAN Switching,Bridging LAN Switching,Switch 转发数据Frame的方式,Cut-throughSwitch checks destination address and immediately begins forwarding frame,Frame,Switch 转发数据Frame的方式,Store and forwardComplete frame is received and checked before forwarding,Cut-throughSwitch checks destination address and immediately begins forwarding frame,Frame,Frame,Frame,Frame,Cut-throughSwitch checks destination address and immediately begins forwarding frame,Frame,Fragment free(modified cut-through)Cat1900 DefaultSwitch checks the first 64 bytes then immediately begins forwarding frame,Frame,Store and forwardComplete frame is received and checked before forwarding,Frame,Frame,Frame,Switch 转发数据Frame的方式,Half duplex(CSMA/CD)Unidirectional data flowHigher potential for collisonHubs connectivity,Switch,Hub,全双工半双工,Half duplex(CSMA/CD)Unidirectional data flowHigher potential for collisonHubs connectivity,Switch,Hub,Full duplex Point-to-point onlyAttached to dedicated switched portRequires full-duplex support on both endsCollision free Collision detect circuit disabled,全双工半双工,配置 Switch,Catalyst 1900Menu driven interfaceWeb-based VSM(Visual Switch Manager)IOS CLI(command-line interface),系统启动例程会初始化交换机初始启动利用缺省配置参数,1.启动前确认正确连接线缆和控制线2.接入电源3.观察启动顺序面板上的指示灯LEDsCisco IOS输出到控制台上的内容,交换机的初始启动,检查交换机指示灯(LEDs),交换机自检期间的端口指示灯,1.启动时，所有端口指示灯变绿.2.每个端口自检完毕，对应的指示灯熄灭.3.如果端口自检失败,对应指示灯呈黄色.4.如果有任何自检失败情况，系统指示灯呈现黄色.5.如果没有自检失败,自检过程完成.6.随着自检过程的完成,指示灯闪亮后熄灭.,CDP:EnabledSwitching mode:fragment free100baseT port:Auto-negotiate duplex mode10baseT port:Half duplexSpanning Tree:EnabledConsole password:none,Catalyst 1900 的缺省配置,Cat1912,Cat1924,10baseT portsAUI port100baseT uplink ports,e0/1 to e0/12,e0/1 to e0/24,e0/25,e0/25,fa0/26(port A)fa0/27(port B),fa0/26(port A)fa0/27(port B),Catalyst 1900 的Ports,Configuration ModesGlobal configuration mode wg_sw_a#conf termwg_sw_a(config)#Interface configuration modewg_sw_a(config)#interface e0/1wg_sw_a(config-if)#,配置 Switch,配置Switch IP地址,wg_sw_a(config)#ip address ip address mask,wg_sw_a(config,wg_sw_a(config)#ip address ip address mask,配置Switch IP地址,wg_sw_a(config)#ip default-gateway ip address,配置Switch 缺省网关,wg_sw_a(config,wg_sw_a(config)#ip default-gateway ip address,配置Switch 缺省网关,wg_sw_a#show ip Management VLAN:1Domain name:HTTP server:EnabledHTTP port:80RIP:Enabledwg_sw_a#,显示Switch IP配置,双工模式,wg_sw_a(config)#interface e0/1wg_sw_a(config-if)#duplex auto|full|full-flow-control|half,wg_sw_a(config-if)#duplex half,wg_sw_a(config)#interface e0/1wg_sw_a(config-if)#duplex auto|full|full-flow-control|half,设置双工模式,查看双工模式,管理Mac 地址表,wg_sw_a#show mac-address-table,wg_sw_a#sh mac-address-tableNumber of permanent addresses:0Number of restricted static addresses:0Number of dynamic addresses:6Address Dest Interface Type Source Interface List-00E0.1E5D.AE2F Ethernet 0/2 Dynamic All FastEthernet 0/26 Dynamic All FastEthernet 0/26 Dynamic All FastEthernet 0/26 Dynamic All FastEthernet 0/26 Dynamic All FastEthernet 0/27 Dynamic All,wg_sw_a#show mac-address-table,管理Mac 地址表,wg_sw_a(config)#,设置永久MAC地址,wg_sw_a(config)#,wg_sw_a(config)#mac-address-table permanent 2222.2222.2222 ethernet 0/3,设置永久MAC地址,wg_sw_a#sh mac-address-tableNumber of permanent addresses:1Number of restricted static addresses:0Number of dynamic addresses:4Address Dest Interface Type Source Interface List-00E0.1E5D.AE2FEthernet 0/2DynamicAll2222.2222.2222Ethernet 0/3Permanent AllFastEthernet 0/26 Dynamic AllFastEthernet 0/26 Dynamic AllFastEthernet 0/27 Dynamic All,wg_sw_a(config)#,wg_sw_a(config)#mac-address-table permanent 2222.2222.2222 ethernet 0/3,设置永久MAC地址,wg_sw_a(config)#,mac-address-table restricted static mac-address type module/port src-if-list,设置受限MAC地址,wg_sw_a(config)#mac-address-table restricted static 1111.1111.1111 e0/4 e0/1,wg_sw_a(config)#,mac-address-table restricted static mac-address type module/port src-if-list,设置受限MAC地址,wg_sw_a#sh mac-address-tableNumber of permanent addresses:1Number of restricted static addresses:1Number of dynamic addresses:4Address Dest Interface Type Source Interface List-1111.1111.1111Ethernet 0/4StaticEt0/100E0.1E5D.AE2FEthernet 0/2 DynamicAll2222.2222.2222Ethernet 0/3Permanent AllFastEthernet 0/26 Dynamic AllFastEthernet 0/26 Dynamic AllFastEthernet 0/27 Dynamic All,wg_sw_a(config)#mac-address-table restricted static 1111.1111.1111 e0/4 e0/1,wg_sw_a(config)#,mac-address-table restricted static mac-address type module/port src-if-list,设置受限MAC地址,配置端口安全性,wg_sw_a(config-if)#,Configures an interface to be a secured port Define a maximum number of mac addresses allowed in the address table for this portCount can be from 1 to 132Default is 132,port secure max-mac-count count,wg_sw_a(config-if)#,Configures an interface to be a secured port Define a maximum number of mac addresses allowed in the address table for this portCount can be from 1 to 132Default is 132,wg_sw_a(config)#interface e0/4wg_sw_a(config-if)#port secure max-mac-count 1,port secure max-mac-count count,配置端口安全性,配置端口安全性,wg_sw_a#show mac-address-table security,wg_sw_a#show mac-address-table securityAction upon address violation:SuspendInterface Addressing Security Address Table Size-Ethernet 0/1 Disabled N/AEthernet 0/2 Disabled N/AEthernet 0/3 Disabled N/AEthernet 0/4 Enabled 1Ethernet 0/5 Disabled N/AEthernet 0/6 Disabled N/AEthernet 0/7 Disabled N/AEthernet 0/8 Disabled N/AEthernet 0/9 Disabled N/AEthernet 0/10 Disabled N/AEthernet 0/11 Disabled N/AEthernet 0/12 Disabled N/A,wg_sw_a#show mac-address-table security,wg_sw_a(config)#address-violation suspend|disable|ignore,wg_sw_a#show mac-address-table securityAction upon address violation:SuspendInterface Addressing Security Address Table Size-Ethernet 0/1 Disabled N/AEthernet 0/2 Disabled N/AEthernet 0/3 Disabled N/AEthernet 0/4 Enabled 1Ethernet 0/5 Disabled N/AEthernet 0/6 Disabled N/AEthernet 0/7 Disabled N/AEthernet 0/8 Disabled N/AEthernet 0/9 Disabled N/AEthernet 0/10 Disabled N/AEthernet 0/11 Disabled N/AEthernet 0/12 Disabled N/A,配置端口安全性,Show Version,copy nvram tftp:/host/dst_file,wg_sw_a#,To send the configuration to a TFTP server:,管理配置文件,copy tftp:/host/src_file nvram,copy nvram tftp:/host/dst_file,wg_sw_a#,To send the configuration to a TFTP server:,wg_sw_a#,To download the configuration from a TFTP server:,管理配置文件,copy tftp:/host/src_file nvram,wg_sw_a#copy nvram tftpwgswd.cfgConfiguration upload is successfully completedwg_sw_a#copy tftpwgswd.cfg nvramTFTP successfully downloaded configuration file,copy nvram tftp:/host/dst_file,wg_sw_a#,wg_sw_a#,To send the configuration to a TFTP server:,To download the configuration from a TFTP server:,管理配置文件,wg_sw_d#delete nvram,Resets the system configuration to factory defaults.,清除NVRAM,