网络工程师-9-交换机原理及配置

Chapter9交换机原理及配置,地址（MAC）学习转发/筛选环路避免,Switch的三个功能,Switches地址学习,初始MAC地址表为空学习源地址,MACaddresstable,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,A,B,C,D,Switches地址学习,StationAsendsaframetoStationCSwitchcachesstationAMACaddresstoportE0bylearningthesourceaddressofdataframesTheframefromstationAtostationCisfloodedouttoallportsexceptportE0(unknownunicastsareflooded),MACaddresstable,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0:0260.8c01.1111,E0,E1,E2,E3,D,C,B,A,Switches地址学习,StationDsendsaframetostationCSwitchcachesstationDMACaddresstoportE3bylearningthesourceAddressofdataframesTheframefromstationDtostationCisfloodedouttoallportsexceptportE3(unknownunicastsareflooded),MACaddresstable,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0:0260.8c01.1111,E3:0260.8c01.4444,E0,E1,E2,E3,D,C,A,B,Switches转发/过滤,StationAsendsaframetostationCDestinationisknown,frameisnotflooded,E0:0260.8c01.1111,E2:0260.8c01.2222,E1:0260.8c01.3333,E3:0260.8c01.4444,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,X,X,D,C,A,B,MACaddresstable,StationDsendsabroadcastormulticastframeBroadcastandmulticastframesarefloodedtoallportsotherthantheoriginatingport,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,D,C,A,B,E0:0260.8c01.1111,E2:0260.8c01.2222,E1:0260.8c01.3333,E3:0260.8c01.4444,MACaddresstable,广播与多播Frame,冗余路径,冗余路径消除了单故障点冗余路径的不利后果：广播风暴,多个Frame副本,MAC地址表不稳定,Segment1,Segment2,Server/hostX,RouterY,Segment1,Segment2,Server/hostX,RouterY,Broadcast,SwitchA,SwitchB,HostXsendsaBroadcast,广播风暴,Segment1,Segment2,Server/hostX,RouterY,Broadcast,SwitchA,SwitchB,HostXsendsaBroadcast,广播风暴,Segment1,Segment2,Server/hostX,RouterY,Broadcast,Switchescontinuetopropagatebroadcasttrafficoverandover,SwitchA,SwitchB,广播风暴,多个Frame副本,Segment1,Segment2,Server/hostX,RouterY,Unicast,SwitchA,SwitchB,HostXsendsanunicastframetorouterYRouterYMACaddresshasnotbeenlearnedbyeitherswitchyet,Segment1,Segment2,Server/hostX,RouterY,SwitchA,SwitchB,HostXsendsanunicastframetoRouterYRouterYMACAddresshasnotbeenlearnedbyeitherSwitchyetRouterYwillreceivetwocopiesofthesameframe,多个Frame副本,Segment1,Segment2,Server/hostX,RouterY,Unicast,Unicast,SwitchA,SwitchB,HostXsendsanunicastframetoRouterYRouterYMACAddresshasnotbeenlearnedbyeitherSwitchyetSwitchAandBlearnHostXMACaddressonport0,Port0,Port1,Port0,Port1,多个Frame副本,Segment1,Segment2,Server/hostX,RouterY,Unicast,Unicast,SwitchA,SwitchB,HostXsendsanunicastframetoRouterYRouterYMACAddresshasnotbeenlearnedbyeitherSwitchyetSwitchAandBlearnHostXMACaddressonport0FrametoRouterYisfloodedSwitchAandBincorrectlylearnHostXMACaddressonport1,Port0,Port1,Port0,Port1,多个Frame副本,ComplextopologycancausemultipleloopstooccurLayer2hasnomechanismtostoptheloop,Server/host,Workstations,Loop,Loop,Loop,多个环路问题,解决办法:Spanning-TreeProtocol,将一些Port置为Block状态，避免环路的产生,Block,x,OnerootbridgepernetworkOnerootportpernonrootbridgeOnedesignatedportpersegment,x,Designatedport(F),Rootport(F),Designatedport(F),Nondesignatedport(B),Rootbridge,Nonrootbridge,SWX,SWY,100baseT,10baseT,生成树协议STPSpanning-TreeOperations,SwitchYDefaultpriority32768(8000hex)MAC0c0022222222,SwitchXDefaultpriority32768(8000hex)MAC0c0011111111,BPDU,BPDU=Bridgeprotocoldataunit桥协议数据单元(2秒)Rootbridge：bridgeID最小的桥NonRootbridge：其它的桥BridgeID=Bridgepriority+bridgeMACaddress,生成树协议根桥选择,SwitchYDefaultpriority32768MAC0c0022222222,SwitchXDefaultpriority32768MAC0c0011111111,Rootbridge,x,Port0,Port1,Port0,Port1,100baseT,10baseT,Designatedport(F),Rootport(F),Nondesignatedport(B),Designatedport(F),生成树协议端口选择,非根桥rootport：非根桥上到根桥cost最小的端口designatedport：每一Segment上到根桥cost最小端口根桥的所有端口都是designatedportnondesignatedport：剩余的所有端口,生成树协议端口最终状态,最终状态根桥的所有端口：Forwarding非根桥rootport：Forwardingdesignatedport：Forwardingnondesignatedport：Blocking,注意：Blocking状态不能转发数据，但可收发BPDU消息,LinkSpeedCost(reratifyIEEEspec)Cost(previousIEEEspec)-10Gbps211Gbps41100Mbps191010Mbps100100,生成树协议路径成本,SwitchYMAC0c0022222222Defaultpriority32768,SwitchXMAC0c0011111111Defaultpriority32768,Port0,Port1,Port0,Port1,SwitchZMac0c0011110000Defaultpriority32768,Port0,Canyoufigureout:Whatistherootbridge?Whatarethedesignated,nondesignated,androotparts?Whicharetheforwardingandblockingports?,100baseT,100baseT,生成树：实例,SwitchYMAC0c0022222222Defaultpriority32768,SwitchXMAC0c0011111111Defaultpriority32768,Port0,Port1,Port0,Port1,SwitchZMac0c0011110000Defaultpriority32768,Port0,Canyoufigureout:Whatistherootbridge?Whatarethedesignated,nondesignated,androotparts?Whicharetheforwardingandblockingports?,100baseT,100baseT,Designatedport(F),Rootport(F),Nondesignatedport(BLK),Designatedport(F),Rootport(F),生成树：实例,Spanning-treetransitionseachportthroughseveraldifferentstate:,生成树协议端口状态变化,生成树协议重新计算,生成树协议重新计算,生成树协议汇聚,汇聚发生在switchesports,当网络拓扑发生变化,switches必须重新计算生成树,这会暂时中断用户访问,blocking,forwarding,VerifyingSpanningTree,wg_sw_a#showspantreevlannumber,VerifyingSpanningTree,wg_sw_a#showspantree1VLAN1isexecutingtheIEEEcompatibleSpanningTreeProtocolBridgeIdentifierhaspriority32768,address0050.F037.DA00Configuredhellotime2,maxage20,forwarddelay15Currentroothaspriority0,address00D0.588F.B600RootportisFastEthernet0/26,costofrootpathis10Topologychangeflagnotset,detectedflagnotsetTopologychanges53,lasttopologychangeoccured0d00h17m14sagoTimes:hold1,topologychange8960hello2,maxage20,forwarddelay15Timers:hello2,topologychange35,notification2PortEthernet0/1ofVLAN1isForwardingPortpathcost100,Portpriority128Designatedroothaspriority0,address00D0.588F.B600Designatedbridgehaspriority32768,address0050.F037.DA00DesignatedportisEthernet0/1,pathcost10Timers:messageage20,forwarddelay15,hold1,wg_sw_a#showspantreevlannumber,基于软件实现只有一个生成树实例最多16Ports,Bridging,基于硬件实现(ASIC)多个生成数实例更多的Ports,LANSwitching,BridgingLANSwitching,Switch转发数据Frame的方式,Cut-throughSwitchchecksdestinationaddressandimmediatelybeginsforwardingframe,Frame,Switch转发数据Frame的方式,StoreandforwardCompleteframeisreceivedandcheckedbeforeforwarding,Cut-throughSwitchchecksdestinationaddressandimmediatelybeginsforwardingframe,Frame,Frame,Frame,Frame,Cut-throughSwitchchecksdestinationaddressandimmediatelybeginsforwardingframe,Frame,Fragmentfree(modifiedcut-through)Cat1900DefaultSwitchchecksthefirst64bytesthenimmediatelybeginsforwardingframe,Frame,StoreandforwardCompleteframeisreceivedandcheckedbeforeforwarding,Frame,Frame,Frame,Switch转发数据Frame的方式,Halfduplex(CSMA/CD)UnidirectionaldataflowHigherpotentialforcollisonHubsconnectivity,Switch,Hub,全双工半双工,Halfduplex(CSMA/CD)UnidirectionaldataflowHigherpotentialforcollisonHubsconnectivity,Switch,Hub,FullduplexPoint-to-pointonlyAttachedtodedicatedswitchedportRequiresfull-duplexsupportonbothendsCollisionfreeCollisiondetectcircuitdisabled,全双工半双工,配置Switch,Catalyst1900MenudriveninterfaceWeb-basedVSM(VisualSwitchManager)IOSCLI(command-lineinterface),系统启动例程会初始化交换机初始启动利用缺省配置参数,1.启动前确认正确连接线缆和控制线2.接入电源3.观察启动顺序面板上的指示灯LEDsCiscoIOS输出到控制台上的内容,交换机的初始启动,检查交换机指示灯(LEDs),交换机自检期间的端口指示灯,1.启动时，所有端口指示灯变绿.2.每个端口自检完毕，对应的指示灯熄灭.3.如果端口自检失败,对应指示灯呈黄色.4.如果有任何自检失败情况，系统指示灯呈现黄色.5.如果没有自检失败,自检过程完成.6.随着自检过程的完成,指示灯闪亮后熄灭.,IPaddress:CDP:EnabledSwitchingmode:fragmentfree100baseTport:Auto-negotiateduplexmode10baseTport:HalfduplexSpanningTree:EnabledConsolepassword:none,Catalyst1900的缺省配置,Cat1912,Cat1924,10baseTportsAUIport100baseTuplinkports,e0/1toe0/12,e0/1toe0/24,e0/25,e0/25,fa0/26(portA)fa0/27(portB),fa0/26(portA)fa0/27(portB),Catalyst1900的Ports,ConfigurationModesGlobalconfigurationmodewg_sw_a#conftermwg_sw_a(config)#Interfaceconfigurationmodewg_sw_a(config)#interfacee0/1wg_sw_a(config-if)#,配置Switch,配置SwitchIP地址,wg_sw_a(config)#ipaddressipaddressmask,wg_sw_a(config)#ipaddress1,wg_sw_a(config)#ipaddressipaddressmask,配置SwitchIP地址,wg_sw_a(config)#ipdefault-gatewayipaddress,配置Switch缺省网关,wg_sw_a(config)#ipdefault-gateway,wg_sw_a(config)#ipdefault-gatewayipaddress,配置Switch缺省网关,wg_sw_a#showipIPaddress:1Subnetmask:Defaultgateway:ManagementVLAN:1Domainname:Nameserver1:Nameserver2:HTTPserver:EnabledHTTPport:80RIP:Enabledwg_sw_a#,显示SwitchIP配置,双工模式,wg_sw_a(config)#interfacee0/1wg_sw_a(config-if)#duplexauto|full|full-flow-control|half,wg_sw_a(config-if)#duplexhalf,wg_sw_a(config)#interfacee0/1wg_sw_a(config-if)#duplexauto|full|full-flow-control|half,设置双工模式,查看双工模式,管理Mac地址表,wg_sw_a#showmac-address-table,wg_sw_a#shmac-address-tableNumberofpermanentaddresses:0Numberofrestrictedstaticaddresses:0Numberofdynamicaddresses:6AddressDestInterfaceTypeSourceInterfaceList-00E0.1E5D.AE2FEthernet0/2DynamicAll00D0.588F.B604FastEthernet0/26DynamicAll00E0.1E5D.AE2BFastEthernet0/26DynamicAll0090.273B.87A4FastEthernet0/26DynamicAll00D0.588F.B600FastEthernet0/26DynamicAll00D0.5892.38C4FastEthernet0/27DynamicAll,wg_sw_a#showmac-address-table,管理Mac地址表,wg_sw_a(config)#,设置永久MAC地址,wg_sw_a(config)#,wg_sw_a(config)#mac-address-tablepermanent2222.2222.2222ethernet0/3,设置永久MAC地址,wg_sw_a#shmac-address-tableNumberofpermanentaddresses:1Numberofrestrictedstaticaddresses:0Numberofdynamicaddresses:4AddressDestInterfaceTypeSourceInterfaceList-00E0.1E5D.AE2FEthernet0/2DynamicAll2222.2222.2222Ethernet0/3PermanentAll00D0.588F.B604FastEthernet0/26DynamicAll00E0.1E5D.AE2BFastEthernet0/26DynamicAll00D0.5892.38C4FastEthernet0/27DynamicAll,wg_sw_a(config)#,wg_sw_a(config)#mac-address-tablepermanent2222.2222.2222ethernet0/3,设置永久MAC地址,wg_sw_a(config)#,mac-address-tablerestrictedstaticmac-addresstypemodule/portsrc-if-list,设置受限MAC地址,wg_sw_a(config)#mac-address-tablerestrictedstatic1111.1111.1111e0/4e0/1,wg_sw_a(config)#,mac-address-tablerestrictedstaticmac-addresstypemodule/portsrc-if-list,设置受限MAC地址,wg_sw_a#shmac-address-tableNumberofpermanentaddresses:1Numberofrestrictedstaticaddresses:1Numberofdynamicaddresses:4AddressDestInterfaceTypeSourceInterfaceList-1111.1111.1111Ethernet0/4StaticEt0/100E0.1E5D.AE2FEthernet0/2DynamicAll2222.2222.2222Ethernet0/3PermanentAll00D0.588F.B604FastEthernet0/26DynamicAll00E0.1E5D.AE2BFastEthernet0/26DynamicAll00D0.5892.38C4FastEthernet0/27DynamicAll,wg_sw_a(config)#mac-address-tablerestrictedstatic1111.1111.1111e0/4e0/1,wg_sw_a(config)#,mac-address-tablerestrictedstaticmac-addresstypemodule/portsrc-if-list,设置受限MAC地址,配置端口安全性,wg_sw_a(config-if)#,ConfiguresaninterfacetobeasecuredportDefineamaximumnumberofmacaddressesallowedintheaddresstableforthisportCountcanbefrom1to132Defaultis132,portsecuremax-mac-countcount,wg_sw_a(config-if)#,ConfiguresaninterfacetobeasecuredportDefineamaximumnumberofmacaddressesallowedintheaddresstableforthisportCountcanbefrom1to132Defaultis132,wg_sw_a(config)#interfacee0/4wg_sw_a(config-if)#portsecuremax-mac-count1,portsecuremax-mac-countcount,配置端口安全性,配置端口安全性,wg_sw_a#showmac-address-tablesecurity,wg_sw_a#showmac-address-tablesecurityActionuponaddressviolation:SuspendInterfaceAddressingSecurityAddressTableSize-Ethernet0/1DisabledN/AEthernet0/2DisabledN/AEthernet0/3DisabledN/AEthernet0/4Enabled1Ethernet0/5DisabledN/AEthernet0/6DisabledN/AEthernet0/7DisabledN/AEthernet0/8DisabledN/AEthernet0/9DisabledN/AEthern