TE主要协议技术注意事项.doc_第1页
TE主要协议技术注意事项.doc_第2页
TE主要协议技术注意事项.doc_第3页
TE主要协议技术注意事项.doc_第4页
TE主要协议技术注意事项.doc_第5页
已阅读5页,还剩16页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

TE 考点整理一 . 排错方法1. 分层2. 分块3. 分段4. 替换二 . 考点整理1. PPP (CHAP认证) + Mp捆绑R1display interface Serial 0/2/2Serial0/2/2 current state: UP Line protocol current state: UPDescription: Serial0/2/2 InterfaceThe Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.1.12.10/24 PrimaryLink layer protocol is PPP LCP opened, IPCP openedOutput queue : (Urgent queuing : Size/Length/Discards) 0/50/0Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0Interface is V35display interface s0/2/2Serial0/2/2 current state: UP Line protocol current state: UPDescription: Serial0/2/2 InterfaceThe Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet protocol processing : disabledLink layer protocol is PPP LCP opened, MP openedOutput queue : (Urgent queuing : Size/Length/Discards) 0/50/0Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0Interface is V35display interface Mp-group 1Mp-group1 current state: UP Line protocol current state: UPDescription: Mp-group1 InterfaceThe Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.1.12.1/30 PrimaryLink layer protocol is PPP LCP opened, MP opened, IPCP openedPhysical is MP, baudrate: 128000 bpsOutput queue : (Urgent queuing : Size/Length/Discards) 0/50/0Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0图为PPP协商过程LCPAUTHNCPCHAP:1. 被验证方使用本地用户及密码进行验证2. 被验证方使用默认CHAP密码进行验证R1display current-configuration configuration luser local-user R2 pass sim h3cte12345 service-type ppp2. VLAN (access trunk)Access:只允许缺省VLAN通过,仅接收和发送一个VLAN的数据帧一般用于连接用户设备Trunk:允许多个VLAN通过,可以接收和发送多个VLAN的数据帧缺省VLAN的以太网帧不带标签一般用于交换机之间连接单台交换机 不同vlan 不能够直接通讯:Vlan 间路由(1.单臂路由(路由器+L2SW) 2. Vlan路由(L3SW+L2SW)1. 单臂路由L2SW:1. 创建vlan信息2. 将用户接口加入vlan3. SW上行接口放行相应vlan业务 R:1. 创建子接口,封装802.1Q(dot1q)trunk协议,并且子接口配置所属vlan2. 配置IP地址2. Vlan路由1. L2 SW 和 L3 SW 保证vlan信息同步 (注意事项)2. L2 SW:1. 创建vlan信息2. 将用户接口加入vlan3. SW上行接口放行相应vlan业务 L3 SW:1. 创建vlan信息2. 在连接L2SW的接口上封装trunk协议,放行相关vlan信息3. 创建SVI接口(vlan接口-配置ip地址:vlan用户网关地址)SW1display port trunk Interface PVID VLAN passingEth0/4/1 1 1, 10, 20SW2display current-configuration interface Vlan-interface #interface Vlan-interface10 ip address 192.168.1.100 255.255.255.0#interface Vlan-interface20 ip address 172.16.1.100 255.255.255.03. MSTPSTP: (Spanning Tree Protocol,生成树协议)是用于在局域网中消除数据链路层物理环路的协议。STP是指IEEE 802.1DRSTP是指IEEE 802.1WMSTP是指IEEE 802.1S作用:. 通过阻断冗余链路来消除桥接网络中可能存在的路径回环当前路径发生故障时,激活冗余备份链路,恢复网络连通性工作原理: 通过在桥之间交换BPDU(Bridge Protocol Data Unit,桥协议数据单元),来保证设备完成生成树的计算过程 。1. 根桥的选举对比 桥ID(优先级+MAC) 优先级: 0-61440 手动修改:4096的倍数修改桥ID小者 为 根桥!2. 端口角色的确定 (1) 根桥上的端口-指定端口(转发状态)(2) 每台非根桥必须存在一个(根端口)(:非根桥上 根路径开销最小的接口)E:200 2E:180 G:202G:18(3) 每个物理链路必须存在一台 (指定桥)(:根路径开销最小的桥),指定桥上的接口 为指定接口(转发状态)(4) 不是指定接口和根接口的端口为阻塞接口MSTP:l MSTP(Multiple Spanning Tree Protocol,多生成树协议)l 将多个VLAN捆绑到一个实例,每个实例生成独立的生成树l 在多条Trunk链路上实现VLAN级负载分担MSTP 配置步骤:1. 保证SW vlan信息同步2. SW之间物理链路封装trunk,放行相关vlan业务3. 启用STP技术(MSTP模式)配置MST域(1)域名(2)修正级别 0 (3) 实例对应vlan关系(4)激活4. 指定哪台设备为对应实例的主根和被根SW2display stp region-configuration Oper configuration Format selector :0 Region name :h3c Revision level :0 Instance Vlans Mapped 0 1 to 9, 11 to 19, 21 to 4094 1 10 2 20SW1display stp brief MSTID Port Role STP State Protection 0 Ethernet0/4/1 DESI FORWARDING NONE 0 Ethernet0/4/2 DESI FORWARDING NONE 1 Ethernet0/4/1 ROOT FORWARDING NONE 1 Ethernet0/4/2 ALTE DISCARDING NONE 2 Ethernet0/4/1 ALTE DISCARDING NONE 2 Ethernet0/4/2 ROOT FORWARDING NONESW1display stp instance 1-MSTI 1 Global Info-MSTI Bridge ID :32768.00e0-fc00-0600MSTI RegRoot/IRPC :0.00e0-fc00-0700 / 200MSTI RootPortId :128.2Master Bridge :32768.00e0-fc00-0600Cost to Master :0TC received :14 -Port2(Ethernet0/4/1)FORWARDING- Port Role :Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200 Desg. Bridge/Port :0.00e0-fc00-0700 / 128.2 Num of Vlans Mapped :1 Port Times :RemHops 20 -Port3(Ethernet0/4/2)DISCARDING- Port Role :Alternate Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200 Desg. Bridge/Port :4096.00e0-fc00-0800 / 128.3 Num of Vlans Mapped :1 Port Times :RemHops 19STP : BPDU-Protection 接入端口设置为边缘端口后,如果接收到配置消息,系统自动将这些端口设置为非边缘端口,重新计算生成树,导致网络震荡。 交换机开启了BPDU保护功能后,如果接收到BPDU,则交换机关闭此端口,以防止可能产生的网络震荡。而被关闭的端口只能由网络管理人员恢复。S3600-01dis stp down-port Down Port ReasonEthernet1/0/2 BPDU-Protection3.5 smart-linkn Smart Link是一种针对双上行组网的解决方案,实现了高效可靠的链路冗余备份和故障后的快速收敛。n 一个Smart Link组,端口分别为主端口和副端口n 发送控制VLAN和接收控制VLAN :当链路出现故障时,用来发送flush消息报文的vlan,用来刷新网络设备的MAC和ARP表信息。n 保护VLAN :用户的业务vlan 。l Smart Link组的保护VLAN是通过引用MSTP实例来实现的 注意事项:接收和发送flush消息报文的所有接口 STP特性必须关系配置步骤:1. 交换设备 保证vlan信息同步2. 配置链路聚合 (两三层SW)3. 接口封装trunk协议,放行相关业务vlan 和 控制vlan4. 在trunk类型的接口下关闭STP特性 5. 在trunk类型的接口下配置接口允许接收和发送flush消息报文的所有控制vlan6. 在接入层交换机上 创建MST域(配置实例与vlan映射关系)7. 在接入层交换机上启用smart link 组(1:保护vlan与实例的对应关系2: 配置针对保护vlan对应的控制vlan3: 将上行接口加入smart-link组,说明主备关系4: 开启smart-link组抢占功能)SW1display stp region-configuration Oper configuration Format selector :0 Region name :000fe2000100 Revision level :0 Configuration digest :0x9357ebb7a8d74dd5fef4f2bab50531aa Instance Vlans Mapped 0 1 to 9, 11 to 19, 21 to 4094 1 10 2 20SW1display smart-link group 1 Smart link group 1 information: Device ID: 000f-e200-0100 Preemption mode: ROLE Preemption delay: 1(s) Control VLAN: 100 Protected VLAN: Reference Instance 1 Member Role State Flush-count Last-flush-time - Ethernet0/4/0 MASTER ACTIVE 3 10:48:42 2013/12/18 Ethernet0/4/1 SLAVE STANDBY 1 10:48:02 2013/12/184.链路聚合目的:增加带宽、提高链路可靠性、负载分担l 静态聚合 双方系统间不使用聚合协议来协商链路信息SW2display link-aggregation summary Aggregation Interface Type:BAGG - Bridge-Aggregation, RAGG - Route-AggregationAggregation Mode: S - Static, D - DynamicLoadsharing Type: Shar - Loadsharing, NonS - Non-LoadsharingActor System ID: 0x8000, 000f-e200-0200AGG AGG Partner ID Select Unselect ShareInterface Mode Ports Ports Type-BAGG1 S none 2 0 NonSSW2display link-aggregation verbose Loadsharing Type: Shar - Loadsharing, NonS - Non-LoadsharingPort Status: S - Selected, U - UnselectedFlags: A - LACP_Activity, B - LACP_Timeout, C - Aggregation, D - Synchronization, E - Collecting, F - Distributing, G - Defaulted, H - ExpiredAggregation Interface: Bridge-Aggregation1Aggregation Mode: StaticLoadsharing Type: NonS Port Status Priority Oper-Key- Eth0/4/0 S 32768 1 Eth0/4/1 S 32768 1SW2display link-aggregation summary Aggregation Interface Type:BAGG - Bridge-Aggregation, RAGG - Route-AggregationAggregation Mode: S - Static, D - DynamicLoadsharing Type: Shar - Loadsharing, NonS - Non-LoadsharingActor System ID: 0x8000, 000f-e200-0200AGG AGG Partner ID Select Unselect ShareInterface Mode Ports Ports Type-BAGG1 S none 1 1 NonS SW2display link-aggregation verbose Loadsharing Type: Shar - Loadsharing, NonS - Non-LoadsharingPort Status: S - Selected, U - UnselectedFlags: A - LACP_Activity, B - LACP_Timeout, C - Aggregation, D - Synchronization, E - Collecting, F - Distributing, G - Defaulted, H - ExpiredAggregation Interface: Bridge-Aggregation1Aggregation Mode: StaticLoadsharing Type: NonS Port Status Priority Oper-Key- Eth0/4/0 U 32768 1 Eth0/4/1 S 32768 1SW2display interface briefThe brief information of interface(s) under route mode:Link: ADM - administratively down; Stby - standbyProtocol: (s) - spoofingInterface Link Protocol Main IP DescriptionGE0/0/3 DOWN DOWN -NULL0 UP UP(s) -The brief information of interface(s) under bridge mode:Link: ADM - administratively down; Stby - standbySpeed or Duplex: (a)/A - auto; H - half; F - fullType: A - access; T - trunk; H - hybridInterface Link Speed Duplex Type PVID DescriptionBAGG1 UP 100M(a) F(a) A 1Eth0/4/0 ADM 100M A A 1Eth0/4/1 UP 100M F(a) A 1Eth0/4/2 DOWN 100M A A 1Eth0/4/3 DOWN 100M A A 15.VRRPl VRRP(Virtual Router Redundancy Protocol , 虚拟路由器冗余协议)是一种容错协议,是由一台以上的路由器或三层交换机虚拟成一台路由器,而增加网关可靠性的协议。l 设备Log日志里出现VRRP配置错误的信息l 同一个VRRP组内出现多个主设备;配置步骤:1.创建 vlan接口 配置ip地址 2.将相同vlan接口加入同一VRRP备份组 配置虚拟ip地址(用来左右用户网关地址)3.通过在vlan接口下配置vrrp优先级确定主备网关4.主网关处配置侦测上行链路5.配置vrrp验证Authentication failed in IPv4 virtual router 1 (configured on Vlan-interface10): authentication type mismatchIPv4 virtual router 1 (configured on Vlan-interface10) detected a VRRP configuration error: VIRTUAL IP ADDRESS ERRORThe IPv4 virtual router 1 (configured on Vlan-interface10) detected a VRRP configuration error: VIRTUAL IP ADDRESS COUNT ERROR.The IPv4 virtual router 1 (configured on Vlan-interface10) detected a VRRP configuration error: ADVERTISEMENT INTERVAL ERROR.SW3display vrrp IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 2 Interface VRID State Run Adver Auth Virtual Pri Timer Type IP - Vlan10 1 Backup 100 50 Simple 192.168.1.254 Vlan20 2 Master 120 50 None 172.16.1.254SW3-Vlan-interface10display vrrp IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 2 Interface VRID State Run Adver Auth Virtual Pri Timer Type IP - Vlan10 1 Backup 100 50 Simple 192.168.1.254 Vlan20 2 Master 120 50 None 172.16.1.254 SW3display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 2 Interface Vlan-interface10 VRID : 1 Adver Timer : 50 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Auth Type : Simple Key : h3c Virtual IP : 192.168.1.254 Master IP : 192.168.1.252 Interface Vlan-interface20 VRID : 2 Adver Timer : 50 Admin Status : Up State : Master Config Pri : 120 Running Pri : 120 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 172.16.1.254 Virtual MAC : 0000-5e00-0102 Master IP : 172.16.1.2536.静态路由l 配置时须注意: 所有路由器上都必须配置到所有网段的路由 下一跳地址须为直连链路上可达的地址l 静态黑洞路由:可以消除环路7.RIP静默端口: 使用在rip协议中-接口只收不发rip消息报文l 接口是否正确启动RIP协议 Network命令包含两层含义- 在接口地址包含在network主网络内的三层接口上使能RIP- 在RIP更新中发布相应的路由l Filter-policy是否设置正确 Filter-policy命令设置不当,拒绝了相应路由加入路由表注意事项:过滤策略在调用 访问控制列表和地址前缀列表时 默认拒绝所有!l ACL配置是否拒绝了路由更新报文l 包过滤防火墙l RIP版本1不连续子网问题 RIPv1是有类路由协议,在不连续子网的情况下,会导致子网路由缺失。 RT1display rip 1 Public VPN-instance name : RIP process : 1 RIP version : 2 Preference : 100 Checkzero : Enabled Default-cost : 0 Summary : Disabled Hostroutes : Enabled Maximum number of balanced paths : 6 Update time : 30 sec(s) Timeout time : 180 sec(s) Suppress time : 120 sec(s) Garbage-collect time : 120 sec(s) update output delay : 20(ms) output count : 3 TRIP retransmit time : 5 sec(s) TRIP response packets retransmit count : 36 Silent interfaces : None Default routes : Disabled Verify-source : Enabled Networks : 192.168.1.0 10.0.0.0 Configured peers : None Triggered updates sent : 2 Number of routes changes : 4 Number of replies to queries : 9RT1display cu conf rip #rip 1 undo summary version 2 network 10.0.0.0 network 192.168.1.0*Dec 18 16:11:39:703 2013 RT2 RM/6/RMDEBUG: RIP 1 : Receive response from 10.1.12.1 on GigabitEthernet0/0/0*Dec 18 16:11:39:703 2013 RT2 RM/6/RMDEBUG: Packet : vers 2, cmd response, length 64*Dec 18 16:11:39:703 2013 RT2 RM/6/RMDEBUG: authentication-mode simple: h3c*Dec 18 16:11:39:703 2013 RT2 RM/6/RMDEBUG: AFI 2, dest 192.168.1.253/255.255.255.255, nexthop 0.0.0.0, cost 1, tag 0*Dec 18 16:11:39:703 2013 RT2 RM/6/RMDEBUG: AFI 2, dest 192.168.1.254/255.255.255.255, nexthop 0.0.0.0, cost 1, tag 0*Dec 18 16:11:39:703 2013 RT2 RM/3/RMDEBUG: RIP 1 : Ignoring this packet. Authentication validation failed.*Dec 4 20:03:55:484 2008 RTB RM/6/RMDEBUG: RIP 1 : Receive response from 10.10.10.1 on Ethernet0/1/0*Dec 4 20:03:55:500 2008 RTB RM/3/RMDEBUG: RIP 1 : Ignoring this packet. Version is not configured.*Dec 18 16:36:46:547 2013 RT1 RM/6/RMDEBUG: RIP 1 : Receive response from 10.1.12.2 on GigabitEthernet0/0/0*Dec 18 16:36:46:547 2013 RT1 RM/6/RMDEBUG: Packet : vers 2, cmd response, length 64*Dec 18 16:36:46:547 2013 RT1 RM/6/RMDEBUG: AFI 2, dest 10.1.23.0/255.255.255.252, nexthop 0.0.0.0, cost 1, tag 0*Dec 18 16:36:46:547 2013 RT1 RM/6/RMDEBUG: AFI 2, dest 172.16.0.0/255.255.0.0, nexthop 0.0.0.0, cost 15, tag 0*Dec 18 16:36:46:547 2013 RT1 RM/6/RMDEBUG: AFI 2, dest 192.168.1.0/255.255.255.0, nexthop 0.0.0.0, cost 1, tag 0*Dec 18 16:36:46:547 2013 RT1 RM/3/RMDEBUG: RIP 1 : Ignoring route 192.168.1.0/255.255.255.0. Its major net addr is same as the local interfaces.8.OSPF静默端口: 使用在ospf协议中-接口不收不发ospf消息报文l Router ID的选择 人为手动指定 如无手动指定,系统优选最大的loopback,无loopback,其次为最大的接口地址 Router id 相同,则邻居关系无法建立RT1display ospf error OSPF Process 1 with Router ID 1.1.1.1 OSPF Packet Error Statistics 34 : OSPF Router ID confusion 0 : OSPF bad packet 0 : OSPF bad version 0 : OSPF bad checksum 0 : OSPF bad area ID 0 : OSPF drop on unnumbered interface 0 : OSPF bad virtual link 0 : OSPF bad authentication type 0 : OSPF bad authentication key 0 : OSPF packet too small 0 : OSPF Neighbor state low 0 : OSPF transmit error 3 : OSPF interface down 0 : OSPF unknown neighbor 0 : HELLO: Netmask mismatch 0 : HELLO: Hello timer mismatch 0 : HELLO: Dead timer mismatch 0 : HELLO: Extern option mismatch 0 : HELLO: Neighbor unknown 38 : DD: MTU option mismatch 0 : DD: Unknown LSA type 0 : DD: Extern option mismatch 0 : LS ACK: Bad ack 0 : LS ACK: Unknown LSA type 0 : LS REQ: Empty request 0 : LS REQ: Bad request 0 : LS UPD: LSA checksum bad 0 : LS UPD: Received less recent LSA 0 : LS UPD: Unknown LSA type 如子网掩码不同,则邻居建立失败 (物理直连 广播类型的链路 配置地址需要在同一网段中)*Dec 19 10:05:24:094 2013 RT2 RM/6/RMDEBUG: OSPF 1: RECV Packet.*Dec 19 10:05:24:094 2013 RT2 RM/6/RMDEBUG: Source Address: 10.1.12.1 *Dec 19 10:05:24:094 2013 RT2 RM/6/RMDEBUG: Destination Address: 224.0.0.5 *Dec 19 10:05:24:094 2013 RT2 RM/6/RMDEBUG: Ver# 2, Type: 1, Length: 44.*Dec 19 10:05:24:094 2013 RT2 RM/6/RMDEBUG: Router: 1.1.1.1, Area: 0.0.0.0, Checksum: 58522.*Dec 19 10:05:24:094 2013 RT2 RM/6/RMDEBUG: AuType: 00, Key(ascii): 0 0 0 0
人人文库> 全部分类> 应用文书 > 规章制度

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论