高级路由与交换技术考试大纲2

1、高级路由与交换技术考试大纲（2）高级路由与交换技术考试大纲一、VLAN和中继1 .创建vlanSI (config)#vlan 10S1 (config-vlan) #name fatherS1 (conf ig-vlan) # exitSI (config)#vlan 20S1 (config-vlan) #name motherSI (config)#exitS1 (config)#vlan 30S1 (config-vlan) #name babySI (config)#exit2.配置中继链路(1)带封装的中继链络S1 (config)#interface faO/OS1 (confi

2、g-if)#switchportS1 (config-if)#switchport trunk encasulation dotlq51 (config-if)#switchport mode trunk52 (config)#interface range faO/O - 3S2 (config -if-range)# switchportS2(config -if-range)#switchport trunk encasulation dotlqS2(config -if-range)#switchport mode trunk(2)不带封装的中继链络S1 (config)#interf

3、ace faO/O51 (config-if)#switchport mode trunk52 (config) #interface range faO/O53 (config-if)#switchport mode trunk二、VTP和修剪1 .配置Vtp服务器、Vtp客户端与vtp域名、Vtp版本SI (config) #rtp domain管理域的名字(JHW)(配置vtp管理域)SI (config)#vtp mode server(服务器模式)SI (config)#vtp password cisco (配置 vtp 密码)S2(config)#rtp mode client

4、(客户模式)SI (config)#vtp domain syhS3 (config) #vtp mode transparent (透明模式)SI (config)#vtp version 2 (vtp 版本配置)Sl#show vtp status(现实管理域中vtp参数)Sl#show vtp counters (查看vtp消息和错误计数)2 .vtp修剪SI (config)#vtp pruning(启用 vtp 修剪)S1 (config) #int erf ace faO/OS1 (config-if)#switchport trunk pruning vlan remove/ad

5、d/ except/10Sl#show vtp statusSI# show interface interface-id switchport(显示中继线状态，包括受制于修剪得VLAN)三、聚合交换机链路1 .聚合的配置配置Pagp:S2(config)interface range faO/1 , faO/4S2 (config -if-range)channel-protocol pagpS2 (config -if-range)channel-group l (信息号) mode onSI (config -if-range)interface range faO/1 , faO/GS

6、I (config -if-range)channel-protocol pagpSI (config -if-range)channel-group 1 mode on配置lacp以太信道：S3 (config) #lacp system-priority 100S3 (config) #interface range faO/O - 2, fal/O - 2S3 (config -if-range) #channel-protocol lacpS3 (config -if-range #channl-group 1 mode activeS3 (config -if-range) #lac

7、p port-priority 100(配置优先级)S3 (config -if-range)#exit2 .验证信道1Sl#show etherchannel summary四、冗余链路会聚1 .根桥定制（性能好的分布层交换机）高级路由与交换技术考试大纲（2）S2为VLAN 1 10的根桥(直接修改)S2(config)#SPANNING-TREE VLAN 1 p2mary4096 优先级S2(config)#SPANNING-TREE VLAN 10 primary4096 优先级S3为VLAN 20 30的根桥(间接修改)S3 config)#SPANNING-TREE VLAN 20

8、 root primaryS3(config)#SPANNING-TREE VLAN 30 root primary2.STP的会聚(1)调整STP定时器(只在根桥上配置)hello-time根桥定期发送BPDU的时间间隔l-10s 2sforward-time STP端口状态变化时间间隔4-30s 15smax-age存储从邻接交换机接收的BPDU的时间6-40s 20s命令：S2 (config)#spanning-tree vlanhello-time 3S2 (config)#spanning-tree vlanforward-time 10S2 (config)#spanning-t

9、ree vlanmax-age 30S2 (config)#spanning-tree vlan10 hello-time 3S2 (config)#spanning-tree vlan10 forward-time 10S2 (config)#spanning-tree vlan10 max-age 303 .冗余链路会聚portfast接单个主机的交换机端口上启用不会把端口的变化状态通知根桥，而且端口的状态直接变为转发注意：根防护和BPDU保护不要同时在一个端口启用防止突然丢失BPDU3 .环路防护在全局启用sw(config)#spanning-tree loopguard defaul

10、t4 .UDLD在全局启用sw(config)#udld enable5 .启用BPDU过滤在全局启用Sw(config)#spanning-tree bpdufilter default在端口启用Sw(config-if)#spanning-tree bpdufilter enable六、MST(多生成树协议)Sw(config)#spanning-treemst 1 root primary(设置根网桥(宏命令)Sw(config)#spanning-tree mstl priority 150 (设置网桥优先级)Sw(config)#spanning-tree mst 1 cost 10

11、0 (设置端口 成本)Sw(config)#spanning-tree mst 1 port-priority 80 (设置端口优先级)设置Stp定时器Sw(config)#spanning-tree mst hello-time 3Sw(config)#spanning-tree mst forward-time 10Sw(config)#spanning-tree mst max-age 30Sw(config)#spanning-tree mode mst (启用 mst)Sw(config)#spanning-tree mst configuration (进入 mst 配置模式)Sw

12、(config-mst)#name syh (指定区域配置名)Sw(config-mst)#revision 2 (指定区域配置修订号)Sw(config-mst)#intance 2 vlan 10,20,30 (将 vlan 映射到 mst 实例)Sw(config-mst)#show pending (显示还未提交的修改)Sw(config-mst)#exit (退出mst配置模式，向活动mst区域配置提交修 改)七、VLAN间路由1 .接口类型和转换switchport /把三层接口转换为二层接口no switchport 把二层接口转换为三层接口S2 (config) #interf

13、ace faO/2S2 (config-if) #no switchportS2(config-if)#ip address 192.168.24.1 255.255.255.252S2 (config-if)#interface faO/3S2(config-if)#no switchportS2(config-if)#ip address 192.168.25.1 255.255.255.252S3 (config) #interface faO/2S3(config-if)#no switchportS3(config-if)#ip address 192.168.34.1 255.25

14、5.255.252S3(config-if)#interface faO/3S3(config-if)#no switchportS3(config-if)#ip address 192.168.35.1 255.255.255.2522.VLAN之间的通信前提S2:interface range faO/1 , faO/4switchport trunk allowed vlan allinterface port-channel 1switchport trunk allowed vlan allSI:interface range faO/1-2,faO/ 6switchport tru

15、nk allowed vlan allinterface port-channel 1switchport trunk allowed vlan allS3:interface faO/1switchport trunk allowed vlan all实现不同VLAN的通信S2(config)#interface vlan 10S2(config-if)#ip address 192.168.10.254 255.255.255.0S2 (config-if) # exiS2(config)#interface vlan 20S2(config-if)#ip address 192.168.

16、20.254 255.255.255.0S2 (config-if) #int erf ace vlan 30S2(config-if)#ip address 192.168.30.254 255.255.255.0S3 (config) #interface vlan 10S3(config-if)#ip address 192.168.10.253 255.255.255.0S3(config-if)#interface vlan 20S3(config-if)#ip address 192.168.20.253 255.255.255.0S3 (config-if) #int erf a

17、ce vlan 30S3(config-if)#ip address 192.168.30.253 255.255.255.0S2(config)#ip routing /开启路由功能S3 (config) #ip routing查看FIB表S2#show ip cef vlan 10八、DHCP和DHCP中继l.DHCPS3 (config) #ipdhcp exclude-address 192.168.34.20192.168.34.30(预留地址，不被分配)S3 (config) #ip dhcp pool jhwS3(config-dhcp)#network 192.168.34.0

18、 255.255.255.252S3 (config-dhcp) #def ault-rout er 192.168.34.2S3(config-dhcp)#lease 30(地址租期)查看命令：S3 (config) #show ip dhcp binding2.DHCP中继S3 (config) #int erf ace faO/2S3(config-if)#no switchportS3(config-if)#ip address 192.168.34.1 255.255.255.252S3(config-if)#ip helper-address 192.168.199.1/*指定 d

19、hcp 服务器的地址，表示通过faO/2向该服务器发送DHCP请求包*/S3 (config)# exit九、路由器冗余1) HSRP(热备份路由器协议)2) .优先级的更改：(config-if) #standby group priority XXXXX3) .规划VLAN 1和VLAN 10的主网关为S2,备份网关为S3S2 (config)#interface vlan 10ip address 192.168.10.254 255.255.255.0standby priority 248(10 表示缜号)standby 10 ip 192.168.10.252 vlan 10 的网

20、关S3 (config)#interface vlan 10ip address 192.168.10.253 255.255.255.0standby ) priority 150standby 10 ip 192.168.10.252S2 (config)#interface vlan 1ip address 192.168.1.254 255.255.255.0standby 1 priority 248standby 1 ip 192.168.1.252S3 (config)#interface vlan 1ip address 192.168.1.253 255.255.255.0s

21、tandby 1 priority 150standby 1 ip 192.168.1.252VLAN 20和30的主网关为S3,备份网关为S2S2 (config)#interface vlan 20ip address 192.108.20.254 255.255.255.0standby 20 priority 150standby 20 ip 192.168.20.252S3 (config)#interface vlan 20ip address 192.168.20.253 255.255.255.0standby 20 priority 248standby 20 ip 192.

22、168.20.252S2 (config)#interface vlan 30ip address 192.168.30.254 255.255.255.0standby 30 priority 150standby 30 ip 192.168.30.252S3 (config)#interface vlan 30ip address 192.168.30.253 255.255.255.0standby 30 priority 248standby 30 ip 192.168.30.252查看命令：Show standby stye-number group briefShow standb

23、y briefShow standby2.VRRP4) .配置VRRPinterfcae vlan 10vrrp 10(主号)priority XXX (优先级)vrrp 10 (vlan 10) ip 192.168.10.252no vrrp 10 preempt去掉抢占功能5) .实例S2是VLAN 1 10的主网关，S3是VLAN 1 10的备用网关S2 (config) #int erf ace vlan 10S2(config-if)#vrrp 10 priority 248S2(config-if)#vrrp 10 ip 192.168.10.252S3 (config) #in

24、terface vlan 10S3(config-if)#vrrp 10 priority 150S3(config-if)#vrrp 10 ip 192.168.10.252S3是VLAN 20 30的主网关，S2是VLAN 20 30的备用网关S3 (config) #interface vlan 20S3(config-if)#vrrp 20 priority 248S3(config-if)#vrrp 20 ip 192.168.20.252S3 (config) #interface vlan 30S3 (conf ig-if) #vrrp 30 priority 248S3(con

25、fig-if)#vrrp 30 ip 192.168.30.252S2 (config) #int erf ace vlan 20S2(config-if)#vrrp 20 priority 150S2(config-if)#vrrp 20 ip 192.168.20.252S2(config)#interface vlan 30高级路由与交换技术考试大纲（2）S2 (config-if)#vrrp 30 priority 150S2(config-if)#vrrp 30 ip 192.168.20.2523.GLBP(网关负载均衡协议)配置S2 是 VLAN 10 的 AVG, S2, S3

26、 是 AVFS2 (config)#interface vlan 10S2(config-if)#glbp 10 priority 248S2(config-if)#glbp 10 ip 192.168.10.252S2 (config-if) #glbp 10 preemptS3 (config) #interface vlan 10S3 (config-if) #glbp 10 priority 150S3(config-if)#glbp 10 ip 192.168.10.252S3 (config-if) #glbp 10 preemptS3 是 VLAN 20 30 的 AVG, S2

27、, S3 是 AVFS3 (config) #interface vlan 20S3(config-if)#glbp 20 priority 248S3(config-if)#glbp 20 ip 192.168.20.252S3 (conf ig-if) #glbp 20 preemptS3 (config) #int erf ace vlan 30S3 (conf ig-if) #glbp 30 priority 248S3(config-if)#glbp 30 ip 192.168.30.252S3 (config-if) #glbp 30 preempt高级路由与交换技术考试大纲(2)

28、S2(config)#interface vlan 20S2(config-if)#glbp 20 priority 150S2(config-if)#glbp 20 ip 192.168.20.252S2(config-if)#glbp 20 preemptS2 (config) #int erf ace vlan 30S2 (config-if)#glbp 30 priority 150S2(config-if)#glbp 30 ip 192.168.30.252S2 (config-if)#glbp 30 preempt4.GLBP的接口追踪目的：跟踪AVF的状态现状：S2s3都是VLA

29、N 1 10的AVF,其中S2是AVGS3 (config) #track 1 INterface faO/2 line-protocolS3 (config) #track 2 INterface faO/3 line-protocolS3 (config) #interface vlan 10S3(config-if)#glbp 10 weighting 154 lower 80 upper 100S3(config-if)#glbp 10 weighting track 1 decrement 40S3 (config-if) #glbp 10 weighting track 2 dec

30、rement 40 154-x100 x100 y54 154-x-y74在AVG上操作S2(config)#interface vlan 10S2 (config-if)#glbp 10 load-balancing host-dependentS3 (config) #interface VLAN 20S3(config-if)#glbp 20 Load-balancing WEightedS3 (config) #interface VLAN 30S3(config-if)#glbp 20 Load-balancing WEighted十、DHCP探测和源IP地址防护1 . DHCP探测

31、Sw(config)#ip dhcp snoopingSw(config)#ip dhcp snooping vlan 10,20,30Sw(config-if)#ip dhcp snooping limit rate 3*/DHCP包的转发速率，超过就Shutdown端口，默认不限制cSw(config-if)#ip dhcp snooping trust 可信端口2 .源IP地址防护配置静态的源IP地址绑定Sw(config)#ip source binding0009.3452.3ea4. vlan 10192.168.10.3 interface eO/2在交换机接口上启用源IP地址防

32、护Sw(config)#interface faO/1Sw(conig-if)#ip verify source port-security十一、交换机伪造和VLAN跨越1 .交换机伪造Sw(config)#interface faO/OSw(config-if)#switchport access vlan 10Sw(config-if)#switchport mode access2 . vlan跨越配置802. IQ中继链路使其只传输vlan 10和20的数据Sw(config)#vlan 800Sw(config-vlan)#name ssSw(config-vlan)# exitSw

33、(config)#interface fal/1Sw(config-if)#switchport trunk encapsulation dotlqSw(config-if)#switchport trunk native vlan 800Sw(config-if)#switchport trunk allowed vlan remove 800Sw(config-if)#switchport mode trunk强制标记本帧vlanSw(config)#vlan dotlq tag native十二、OSPF多区域Ospf多区域Sw(config)#router ospf 7Sw(confi

34、g-router)#network 192.1G8.1.0 0.0.0.3 area 0Sw(config-router)#network 192.168.1.4 0.0.0.3 area 0Sw(config-router)#network 192.168.10.0 0.0.0.255 area 1Ospf虚链路Sw 18(config)#router ospf 18高级路由与交换技术考试大纲（2）Swl 8 (config-router) #router-id 18.18.18.18 area 2 virtual-link 13.13.13.13Sw 13(config)#router o

35、spf 13Swl 3 (config-rout er) #router-id 13.13.13.13 area 2 virtual-link 18.18.18.18十三、 OSPF中的路由过滤1、LSA的过滤1类LSA：本路由器的接口信息2 类 LSA:DR BDR3类LSA：区域之间的LSA4类：汇总5类LSA：外部网络信息ABR处过滤3类LSAASBR过滤5类LSAQP前缀列表)ip prefix-list name seq deny | permit prefix ge learea number filter-list prefix name in | out LSA 的泛洪in：拒

36、绝将3类LSA泛洪到配置的区域out:来自配置区域的3类LSA过滤过滤192.168.10.0/24进入区域0在S7和S8上做LSA过滤ip prefix-list syh seq 5 deny 192.168.10.0/24 ge 24 le 24ip prefix-list syh seq 10 permit 0.0.0.0/0 le 32router ospf 718area 0 filter-list prefix syh in2、路由过滤distribute-list 9 in十四、OSPF和EIGRP的路由重分发Router 1 (config) #router ripRouter

37、 1 (config-rout er)#network 192.168.90.0Router 1 (config-router)#no auto-summaryRouter2 (config) #router ripRout er2 (config-rout er)#network 192.168.90.0Rout er2 (config-router) #network 192.168.100.0Router2 (config-router)#no auto-summaryRouter3 (config) #router eigrp 9Rout er3 (config-router) #ne

38、twork 192.168.110.0Router3(config-router)#no auto-summaryRouter4 (config) #router eigrp 9Rout er 4 (config-router) #network 192.168.110.0Rout er 4 (config-router) #network 192.168.120.0Router4 (config-router)#no auto-summaryl.RIP和OSPF路由重分发S9的配置interface faO/6no swiip add 192.168.130.2 255.255.255.252exit配置OSPF路由在S9上写router ospf 99network 192.168.130.0 0.0.0.3 area 0Routeri的配置interface faO/1no shuip add 192.168.130.1 255.255.255.252exirouter ospf 99network 192.168.130.0 0.0.0.