交换与路由基本知识课件.ppt

OSI七层协议,OSI(OpenSysteminterconnection)开放系统互连参考模型1、物理层数据单位是位(BIT)，典型设备是集线器HUB。2、链路层数据单位是帧，实现对MAC地址的访问，典型设备是交换机Switch。3、网络层数据单位是包，使用的是IP地址，典型设备是路由器Router。4、传输层提供端到端的服务。可以实现流量控制、负载均衡。传输层信息包含端口、控制字和校验和。传输层协议主要是TCP和UDP。5、会话层主要内容是通过会话进行身份验证、会话管理和确定通讯方式6、表示层主要是解释通讯数据的意义，如代码转换、格式变换等，使不同的终端可以表示。还包括加密与解密、压缩与解压缩等。7、应用层应用层应该是直接面向用户的程序或服务，包括系统程序和用户程序，例如www、FTP、DNS、POP3和SMTP等都是应用层服务。,数据包封装与解封装,数据在发送时是数据从应用层至物理层的一个打包的过程接收时是数据从物理层至应用层的一个解包的过程,交换机,交换机是根据网桥的原理发展起来的，学习交换机先认识两个概念：(1)冲突域：冲突域是数据必然发送到的区域。HUB是无智能的信号驱动器，有入必出，整个由HUB组成的网络是一个冲突域。交换机的一个接口下的网络是一个冲突域，所以交换机可以隔离冲突域。(2)广播域：广播数据时可以发送到的区域是一个广播域。交换机和集线器对广播帧是透明的，所以用交换机和HUB组成的网络是一个广播域。路由器的一个接口下的网络是一个广播域。所以路由器可以隔离广播域。,STP,交换网络中的环以太网是总线或星型结构，不能构成环路，否则会产两个严重后果：(1)产生广播风暴，造成网络堵塞。(2)克隆帧会在各个口出现，造成地址学习(记录帧源地址)混乱。解决环路问题方案:(1)网络在设计时，人为的避免产生环路。(2)使用生成树STP(SpanningTreeProtocol)功能，将有环的网络剪成无环网络。STP被IEEE802规范为802.1d标准。,生成树协议术语(1)网桥协议数据单元：BPDU(BridgeProtocolDataUnit)BPDU是生成树协议交换机间通讯的数据单元，用于确定角色。(2)网桥号：BridgeID交换机的标识号，它由优先级和MAC地址组成，优先级16位，MAC地址48位。(3)根网桥：Rootbridge根网桥定义为网桥号最小的交换机，根网桥所有的端口都不会阻塞。(4)根端口：Rootport非根网桥到根网桥累计路径花费最小的端口，负责本网桥与根网桥通讯的接口。(5)指定网桥：Designatedbridge网络中到根网桥累计路径花费最小交换机，负责收发本网段数据。(6)指定端口：Designatedport网络中到根网桥累计路径花费最小的交换机端口，根网桥每个端口都是指定端口。(7)非指定端口：NonDesignatedport余下的端口是非指定端口，它们不参与数据的转发，也就是被阻塞的端口。(根端口是从非根网桥选出，指定端口是网段中选出)。,STP,生成树协议的状态：生成树协议工作时，所有端口都要经过一个端口状态的建立过程。生成树协议通过BPDU广播，确定各交换机及其端口的工作状态和角色，交换机上的端口状态分别为：关闭、阻塞、侦听、学习和转发状态。(1)关闭状态：Disabled不收发任何报文，当接口空连接或人为关闭时处于关闭状态。(2)阻塞状态：Blocking在机器刚启动时，端口是阻塞状态(20秒)，但接收BPDU信息。(3)侦听状态：listening不接收用户数据(15秒)，收发BPDU，确定网桥及接口角色。(4)学习状态：learning不接收用户数据(15秒)，收发BPDU，进行地址学习。(5)转发状态：Forwarding开始收发用户数据，继续收发BPDU和地址学习,维护STP。,VLAN,VLAN(VirtualLan)是虚拟逻辑网络交换机通过VLAN设置，可以划分为多个逻辑网络，从而隔离广播域。具有三层模块的交换机可以实现VLAN间的路由。,VLAN,(1)端口模式交换机端口有两种模式，access和trunk。access口用于与计算机相连，而交换机之间的连接，应该是trunk。交换机端口默认VLAN是VLAN1，工作在access模式。具有相同VLAN号的端口在同一个广播域中。Trunk又称为干线，可以设置允许多个VLAN通过。(2)VLAN中继协议：VLAN中继协议有两种：ISL(Inter-SwitchLink)：ISL是Cisco专用的VLAN中继协议。802.1q(dot1q)：802.1q是标准化的，应用较为普遍。,WhatIsanEnd-to-EndVLAN?,UsersaregroupedintoVLANsindependentofphysicallocation.Ifusersaremovedwithinthecampus,theirVLANmembershipremainsthesame.,VLANConfigurationModes,GlobalMode,Switch#configureterminalSwitch(config)#vlan3Switch(config-vlan)#nameVlan3Switch(config-vlan)#exitSwitch(config)#end,VLANConfigurationModes,DatabaseMode,Switch#vlandatabaseSwitch(vlan)#vlan3VLAN3added:Name:VLAN0003Switch(vlan)#exitAPPLYcompleted.Exiting.,VLANAccessPorts,TheaccessswitchportassociatedwithasingledataVLAN,VLANImplementationCommands,ConfiguringVLANsvlan101switchportmodeaccessswitchportaccessvlan101VerifyingVLANsshowinterfacesshowvlan,ConfiguringanAccessVLAN,Switch(config)#vlanvlan_id,CreateaVLAN.,Switch(config-vlan)#namevlan_name,ProvideaVLANname.,Switch(config-if)#switchportmodeaccess,Placetheswitchportintoaccessmode.,Switch(config-if)#switchportaccessvlanvlan_id,AssociatetheaccessswitchportwithaVLAN.,VerifyingtheAccessVLANConfiguration,Switch#showvlanVLANNameStatusPorts-1defaultactiveFa0/1,Fa0/2,Fa0/3,Fa0/4Fa0/5,Fa0/7,Fa0/911asw11_dataactive12asw12_dataactive95VLAN0095activeFa0/899Trunk_Nativeactive100Internal_Accessactive111voice-for-group-11active112voice-for-group-12active1002fddi-defaultact/unsup1003token-ring-defaultact/unsup1004fddinet-defaultact/unsup1005trnet-defaultact/unsupVLANTypeSAIDMTUParentRingNoBridgeNoStpBrdgModeTrans1-1enet1000011500-0enet1000111500-0.,DefiningVLANs,ImplementingTrunks,MaintainingSpecificVLANIdentification,Specificallydevelopedformulti-VLANinterswitchcommunicationsPlacesauniqueidentifierineachframeFunctionsatLayer2,VLANTrunking,ComparingISLand802.1Q,TrunkingwithISL,IsaCiscoproprietary专利protocolSupportsPVSTUsesanencapsulationprocessDoesnotmodifytheoriginalframe,ISLEncapsulation,Trunkingwith802.1Q,AnIEEEstandardAddsa4-bytetagtotheoriginalframeAdditionaltagincludesapriorityfieldDoesnottagframesthatbelongtothenativeVLANSupportsCiscoIPtelephony,The802.1QTaggingProcess,802.1QNativeVLAN,NativeVLANframesarecarriedoverthetrunklinkuntagged.,VLANRanges,TrunkingConfigurationCommands,ConfiguringaTrunkswitchporttrunkswitchportmodeswitchportnonegotiate,TrunkscanbeconfiguredstaticallyorviaDTP.DTPprovidestheabilitytonegotiatethetrunkingmethod.,2019/12/14,27,可编辑,SwitchportModeInteractions,Note:TableassumesDTPisenabledatbothends.,showdtpinterfacetodeterminecurrentsetting,2019/12/14,29,可编辑,HowtoConfigureTrunking,Enterinterfaceconfigurationmode.Shutdowninterface.Selecttheencapsulation(802.1QorISL).ConfiguretheinterfaceasaLayer2trunk.SpecifythetrunkingnativeVLAN(for802.1Q).ConfiguretheallowableVLANsforthistrunk.Usethenoshutdowncommandontheinterfacetoactivatethetrunkingprocess.Verifythetrunkconfiguration.,802.1QTrunkConfiguration,Switch(config)#interfacefastethernet5/8Switch(config-if)#shutdownSwitch(config-if)#switchporttrunkencapsulationdot1qSwitch(config-if)#switchporttrunkallowedvlan1,5,11,1002-1005Switch(config-if)#switchportmodetrunkSwitch(config-if)#switchporttrunknativevlan99Switch(config-if)#switchportnonegotiateSwitch(config-if)#noshutdown,Verifyingthe802.1QConfiguration,Switch#showrunning-configinterfacefastethernet|gigabitethernetslot/port,Switch#showinterfacesfastethernet|gigabitethernetslot/portswitchport|trunk,Switch#showinterfacesfastEthernet5/8switchportName:fa5/8Switchport:EnabledAdministrativeMode:trunkOperationalMode:trunkAdministrativeTrunkingEncapsulation:dot1qOperationalTrunkingEncapsulation:dot1qNegotiationofTrunking:OffAccessModeVLAN:1(default)TrunkingNativeModeVLAN:99(trunk_only)TrunkingVLANsEnabled:1,5,11,1002-1005PruningVLANsEnabled:2-1001.,Verifyinga802.1QDynamicTrunkLink,Switch#showrunning-configinterfacefastethernet5/8Buildingconfiguration.Currentconfiguration:!interfaceFastEthernet5/8switchportmodedynamicdesirableswitchporttrunkencapsulationdot1qSwitch#showinterfacesfastethernet5/8trunkPortModeEncapsulationStatusNativevlanFa5/8desirable802.1qtrunking99PortVlansallowedontrunkFa5/81,5,11,1002-1005PortVlansallowedandactiveinmanagementdomainFa5/81,5,1002-1005PortVlansinspanningtreeforwardingstateandnotprunedFa5/81,5,1002-1005,ISLTrunkConfiguration,Switch(config)#interfacefastethernet2/1Switch(config-if)#shutdownSwitch(config-if)#switchporttrunkencapsulationislSwitch(config-if)#switchporttrunkallowedvlan1-5,1002-1005Switch(config-if)#switchportmodetrunkSwitch(config-if)#switchportnonegotiateSwitch(config-if)#noshutdown,VerifyingISLTrunking,Switch#showrunning-configinterfacefastethernet|gigabitethernetslot/port,Switch#showinterfacesfastethernet|gigabitethernetslot/portswitchport|trunk,Switch#showinterfacesfastethernet2/1trunkPortModeEncapsulationStatusNativeVLANFa2/1trunkisltrunking99PortVLANsallowedontrunkFa2/11-5,1002-1005PortVLANsallowedandactiveinmanagementdomainFa2/11-2,1002-1005PortVLANsinspanningtreeforwardingstateandnotprunedFa2/11-2,1002-1005,Summary,TrunklinkscarrytrafficfrommultipleVLANs.ISLisCiscoproprietaryandencapsulatestheLayer2frames.802.1QisanIEEEstandardfortrunking,whichimplementsa4-bytetag.The802.1QnativeVLANsforwardframeswithoutthetag.VLANnumbershavespecificrangesandpurposes.VariouscommandsareusedtoconfigureandverifyISLand802.1Qtrunklinks.AllowonlyrequiredVLANsoverthetrunk.,DefiningVLANs,PropagatingVLANConfigurationswithVTP,TheVTPDomain,GroupofswitchesthatexchangeVLANinformationVLANsadministeredcentrallyatachosenswitch,TheVTPProtocol,AdvertisesVLANconfigurationinformationMaintainsVLANconfigurationconsistencythroughoutacommonadministrativedomainSendsadvertisementsontrunkportsonly,VTPModes,ClientCannotcreate,change,ordeleteVLANsForwardsadvertisementsSynchronizesVLANconfigurationsDoesnotsaveinNVRAM,TransparentCreates,modifies,anddeleteslocalVLANsForwardsadvertisementsDoesnotsynchronizeVLANconfigurationsSavesconfigurationinNVRAM,Server(defaultmode)Creates,modifies,anddeletesVLANsSendsandforwardsadvertisementsSynchronizesVLANconfigurationsSavesconfigurationinNVRAM,PruningDisabled,PruningEnabled,VTPPruning,UsesbandwidthmoreefficientlybyreducingunnecessaryfloodedtrafficExample:StationAsendsbroadcast;broadcastfloodedonlytowardanyswitchwithportsassignedtotheredVLAN,VTPOperation,VTPadvertisementsaresentasmulticastframes.VTPserversandclientsaresynchronizedtothelatestrevisionnumber.VTPadvertisementsaresentevery5minutesorwhenthereisachange.,VTPConfigurationCommands,ConfiguringVTPvtpdomainvtpmodevtppasswordVerifyingVTPshowvtpstatusshowvtpcounters,ConfiguringaVTPManagementDomain,Configureeachswitchinthefollowingordertoavoiddynamiclearningofthedomainname:VTPpasswordVTPdomainname(casesensitive)VTPmode(servermodeisthedefault),ConfiguringandVerifyingVTP,VerifyingtheVTPConfiguration,Switch#showvtpstatusVTPVersion:2ConfigurationRevision:28MaximumVLANssupportedlocally:1005NumberofexistingVLANs:17VTPOperatingMode:ClientVTPDomainName:BCMSNVTPPruningMode:EnabledVTPV2Mode:DisabledVTPTrapsGeneration:DisabledMD5digest:0 x450 x520 xB60 xFD0 x630 xC80 x490 x80Configurationlastmodifiedbyat8-12-0515:04:49Switch#,Switch#showvtpstatus,VerifyingtheVTPConfiguration(Cont.),Switch#showvtpcountersVTPstatistics:Summaryadvertisementsreceived:7Subsetadvertisementsreceived:5Requestadvertisementsreceived:0Summaryadvertisementstransmitted:997Subsetadvertisementstransmitted:13Requestadverti