rcnp routing and switching v3 0认证学习一本通

考试地点：PearsonVUE考试中心考试时长：110分钟模块分值知识点模块分值知识点与端口策略锐捷口综用

——园区网交换

生成树与1、 VLAN：VirtualLocalArea/24 利用VLAN技术将这台接入交换机VLAN：VirtualLocalArea主管办公室VLANVLAN

VLAN VLAN 主管办公室VLAN VLAN

VLAN1。注，VLAN1无法删除RG-S2652G(config)#vlanRG-S2652G(config)#vlan10创建VLANRG-S2652G(config)#vlan20RG-S2652G(config-if)#switchportaccessvlan20//将该接口分配进VLAN20RG-S2652G(config)#interfacef0/1RG-S2652G(config-if)#switchportaccessvlan10//将该接口分配进VLAN10RG-S2652G(config)#interfacef0/2主管办公室VLAN VLAN VLAN 1

Fa0/8,Fa0/9,Fa0/10,Fa0/11Fa0/12,Fa0/13,Fa0/14,Fa0/15Fa0/16,Fa0/17,Fa0/18,Fa0/19Fa0/20,Fa0/21,Fa0/22,Fa0/23Fa0/24,Gi0/25,Gi0/261020

主管办公室VLAN VLAN DYNAMICFastEthernetDYNAMICFastEthernetDYNAMICFastEthernet… VLAN

VLAN A

B VLAN

VLAN

accessvlan›这是最佳的解决办法，因为实际项目中接入交换机上可能会存在很多VLAN，不可 switchportswitchportmodeswitchportmodeswitchportmode switchportaccessvlanswitchportmodeVLAN1212出去的802.1Q帧的VLANID是不同的

令指定的VLANID

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk VLAN VLAN PC VLAN

»广播报文除了向本VLAN内的其他端口转发，也会从Trunk接口转发出去，在据帧会变成不同的802.1Q数据帧（Tag字段的VLANID部分不同））switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

PC VLAN

»switchportaccessvlan10switchportaccessvlan switchportmode VLAN VLAN PC VLAN

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk VLAN

VLAN

VLAN20 PCB switchportaccessvlan10switchportaccessvlan20switchportmodetrunk VLAN VLAN PC VLAN

1PC12PCB4PC34switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

4VLAN20 VLAN PC

VLAN

»»从access接口接收的标准以太网帧，会从同一VLAN的其他access接口转发出VLANVLAN20Switch(config)#vlanSwitch(config)#vlanSwitch(config)#interfacefastethernet0/1Switch(config-if)#switchportaccessvlan20Switch(config)#interfacerangefastethernet0/2-3Switch(config-if)#switchportaccessvlan10Switch(config)#interfacefastethernet0/4Switch(config-if)#switchportmodetrunk »1.VLAN1是默认存在的，并且无法删除，所有接口缺省情况下都属于VLAN 1

Fa0/4,Fa0/5,Fa0/6,Fa0/7Fa0/8,Fa0/9,Fa0/10,Fa0/11Fa0/24,Gi0/25,Gi0/261020

Fa0/1,Fa0/4 Trunk802.1Q帧，会从相应的Access接口（802.1Q帧中TAG字段所对应的VLANID）转发出去，同时剥离TAG标记转变成标准以太网帧»如果交换机上没有配置access接口，只配置了Trunk接口（即汇聚交换机），交换机已经创建了所接收的802.1Q数据帧中包含的VLANID对应的VLAN，否则将丢弃接收到的802.1Q帧 »如果相应的输出Trunk接口上配置了VLAN修剪功能，将特定的VLANID在该接口上修剪掉，那么当接收到了包含相应VLANID的802.1QSwitch(config)#interfacefastethernetSwitch(config-if)#Switch(config)#interfacefastethernetSwitch(config-if)#switchporttrunkallowedvlanremoveVLANName 1 10 20 switchportaccessvlan10switchportaccessvlan20switchportmodetrunkintererfacevlan100

intererfacevlan

VLAN

vlan10,也没有创建vlan10，的802.1Q数据帧（vlan10） »

switchportaccessvlan10switchportaccessvlan20switchportmodetrunkintererfacevlan100

intererfacevlan

VLANNativeVLAN›Trunk接口上传输数据帧都为802.1Q数据帧，但有一种例外，就是nativevlan。默认情况下，交换机的所有接口的nativevlan为vlan1。可以对trunk接口上的native»2.当从trunk接口上接收到一不携带TAG的标准以太网帧（untagged）时，会从nativevlan所包含的接口转发出去switchportaccessvlan1switchportmodetrunk

VLAN1

VLAN PCNativeVLAN›Trunk接口上传输数据帧都为802.1Q数据帧，但有一种例外，就是nativevlan。默认情况下，交换机的所有接口的nativevlan为vlan1。可以对trunk接口上的native»将trunk接口的natvievlan修改为vlan

switchportaccessvlan10switchportmodetrunk 1VLAN PCSwitch(config)#interfacefastethernet0/2Switch(config-if)#Switch(config)#interfacefastethernet0/2Switch(config-if)#switchporttrunknativevlan10FastEthernet1FastEthernetFastEthernet1FastEthernet1… PC1PC1PC1.

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk PC1 »广播报文在二层网络中不断泛洪, »主机网卡接收到大量的广播报文,操作系统调用大量的CPU进程资源来识别这些 »大量二层协议广播报文需要二层交换机CPU处理,浪费大量资源,对正常的请求无 »对网关IP地址的ARP请求报文,经过环路的复制转发,不断地发送到网关设备,网关 PC1

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk ARPG

按照产生时间先后顺序分别是STP、RSTP、STP(SpanningTree IEEERSTP(Rapid IEEEMSTP(Multiinstance IEEE每个非根交换机选择一个根端口（RootPortPortDP）（topologychangenotification）配置BPDU中主要携带（根网桥IDID端口ID）这四个参数和（Hellotimer、Forwardingdelay、MAXage）网桥端口（RootPathCost），根路径开销反映了某端口到根交换机的“远442210M100M1G10G00HelloForwaring计算到根桥的最短路径开销(RootPath选择根网桥:最优BPDU的RootRootRoot10Bridge1PortRoot2RootPath0Bridge2PortRoot1Root1Root0Bridge1Port1RootRoot3RootPath0Bridge3Port

RootRoot3RootPath0Bridge3PortRoot2RootPath0Bridge2Port1Root1Root10Bridge1PortRoot1Root10Bridge1Port1

Root2RootPath0Bridge2PortRootRoot3RootPath0Bridge3Port

RootRootPathPtID1

RootRootBridgePortRoot1RootPathBridge2Port1Root2RootPath0BridgePort21Root3RootPath0Bridge3Port Root1RootPath0Bridge2PortRoot1Root0BridgeRoot1RootPath0Bridge2PortRoot1Root0Bridge1Port

Root1RootPathBridge2Port1 RootRoot1RootPath0Bridge2PortIDRoot1RootPath0Bridge1Port1RootRoot3RootPath0Bridge3Port

RootRoot1Root0Bridge1Port

RootRoot3RootPath0Bridge3Port

Root1RootPathBridge2Port1 交换机处于listening和learning状态的时间由forwardingdelay

G0/40/48Bloking

拓扑稳定后只有根网桥才会每隔Hellotimer发送配置

机Root1机Root1RootRoot10Bridge1PortID1

RootRootPathcostBridgeIDPortRoot

1

BridgePortID

21

RootRoot1RootPathBridge3Port

触发转发PC2PC3

MAC地址表老化时间由300S变为Forwarding

11Root1RootPath01

RPort

RootPathRootPathBridge

Port

从根端口发送TCNBPDU

直接拓扑变化数据转发延迟2倍Forwarding

PortPortBridgeRootPathRoot

RootPathRootPathRootBridget

BridgeBridgeRootPathRoot

50g

（30s））——52s（MAXage（20s）+2倍forwardingdelay（30s）+helloRoot1RootPathBridge2 Port

Root1Root1RootPathBridge3Port

变化后需要至少两倍的ForwardDelay时间（30-52s），才能恢复连通性 »把堵塞的端口细分为Alternate端口和BackupRootRootatedPort

»端口状态由5种状态减少到3Forwarding、Learning、 »无论是否收到根交换机发送的BPDU，其他交换机每Hellotimer（2s）»3倍Hellotimer没有收到BPDU »在BPDU的Flag字段，把原来保留的中间6»P/A机制要求端口类型必须是点对点（point-to-Bit7Bit6Bit5Bit4Bit3Bit2Bit1Bit0

11

引入边缘端口（Edge

PortAdminPortFast:DisabledPortOperPortFast:DisabledPortAdminAutoEdge:EnabledPortOperAutoEdge:DisabledPortAdminLinkType:autoPortBPDUGuard:DisabledPortBPDUFilter:DisabledPortGuardmode:NonePortState:forwardingPortPriority:128PortDesignatedRoot:1000.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:8019PortOperPathCost:20000Inconsistentstates:normalPortRole:rootPortPortAdminPortFast:DisabledPortOperPortFast:DisabledPortAdminAutoEdge:EnabledPortOperAutoEdge:DisabledPortAdminLinkType:autoPortBPDUGuard:DisabledPortBPDUFilter:DisabledPortGuardmode:NonePortState:discardingPortPriority:128PortDesignatedRoot:1000.001a.a97e.9dc7PortDesignatedCost:20000PortDesignatedPort:8019PortOperPathCost:20000Inconsistentstates:normalPortRole:alternatePor

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk MSTPMultipleSpanningTreeProtocol多生成树协议实例

Instance Instance

Region 通过IST（Internalspanning-tree内部生成树）保证连通性 MSTPBPDU里面包含MSTMSTrevisionnumber（修订版本号）、Instance和vlan的映射，如果在一个端口上收到的ISTInternalSpanningTree（域内）CSTCommonSpanningTree（域间）CISTCommonandInternalSpanningMSTIMultipleSpanning-TreeInstanceMSTP Ruijie(config)#spanning-treemstconfigurationRuijie(config-mst)#instance10vlan?LINEVlanrangeex:1-65,72,300- 57-2；VLAN20的主根是57-2，备份根是57-1

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

5750-1#sh5750-1#shspanning-treemstconfigurationMultispanningtreeprotocol:Enable InstanceVlans0:1-9,11-19,21-::5750-1#shspanning-tree5750-1#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:######MST10vlansmapped:BridgeAddr:001a.a97e.9dc7Priority:4096TimeSinceTopologyChange:TopologyChanges:2DesignatedRoot:RootCost:0RootPort:5750-1#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:801aPortForwardTransitions:2PortAdminPathCost:PortRole:5750-2#shspanning-tree5750-2#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:######MST10vlansmapped:BridgeAddr:001a.a97e.9d8bPriority:8192TimeSinceTopologyChange:TopologyChanges:7DesignatedRoot:RootCost:20000RootPort:5750-2#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:801aPortForwardTransitions:2PortAdminPathCost:PortRole:rootPort2628G-3#shspanning-tree2628G-3#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:rootPort######MST10vlansmapped:10BridgeAddr:001a.a94a.8261Priority:32768TimeSinceTopologyChange:TopologyChanges:3DesignatedRoot:RootCost:20000RootPort:2628G-3#shspanning-treemst10interface######MST10vlansmapped:10PortState:discardingPortPriority:PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:alternatePort »在接入层设备上直连PC的端口上配置，相当于RSTP（Edge»配置了该命令的端口可以直接从blocking/discarding状态进入转发状态， »在接入层设备上直连PC的端口上配置，防止可能存在的环路和STP协议»配置了该命令的端口如果收到BPDU报文则进入errordisable» 配置了该命令的端口不会发送BPDU，丢弃接收到的

VLAN

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

VirtualRouterRedundancyProtocolIntIntvlanIpaddIntvlanIpadd

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

IntvlanIntvlanIpadd

IntvlanIntvlanIpadd

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

»由一个master和若干backup »虚拟路由器的IP »虚拟路由器拥有的虚拟MAC，格式为0000-5E00-01XX(XX对应VRID），虚拟路由 现故障，BACKUP路由器就开始接替工作 IPadd：虚拟 »»默认为 » »设备初始化时进入此状态，路由器不会对VRRP»当收到接口startup的消息，将转入Backup（优先级不为255时）或Master状态（优先 »定期发送VRRP»响应对虚拟IP地址的ARP请求，并且用虚拟MAC地址应答，接收目的MAC»在Master状态中只有接收到比自己的优先级大的VRRP报文时，才会转为Backup »接收Master发送的VRRP»对虚拟IP地址的ARP请求不做响应、丢弃目的MAC地址为虚拟MAC地址的IP报文、丢 <1-255>VRRPadvertise<1-255>Priorityvrrp10priorityvrrp10ip

interfaceVLANvrrp10ip

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

Grp Own MasterGroupVLAN 5750-1#sh5750-1#shvrrpinterfacevlan10VLAN10-Group10StateisVirtualIPaddressis54configuredVirtualMACaddressis0000.5e00.010aAdvertisementintervalis1secPreemptionisenabledmindelayis0secPriorityisMasterRouteris53(local),priorityis105MasterAdvertisementintervalis1secMasterDownintervalis3

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

通过修改网桥优先级把汇聚交换机设备设置为根网桥，和VRRP如果因环境原因可能产生收帧延迟，导致VRRP震荡，或者VRRP组比较多，例如双核心应用环境中有30个左右的VRRP组，且都把同一台设备设置为Master。为了避免同一个时刻大量收发VRRPCPU的冲击，建议修改不同VRRP间隔，比如50％VRRP组的通告发送间隔设置成1秒，50％设置成2秒vrrp1priorityvrrp1ipVrrp1trackgigabitEthernetvrrp2ipvrrp3priorityvrrp3ipVrrp3trackgigabitEthernetvrrp4ipinstance0vlan5-4094instance1vlan1,instance2vlan2,Switchmodetrunkport-group1port-group1switchportmodetrunkvrrp1ipvrrp2priorityvrrp2ipVrrp2trackgigabitEthernetvrrp3ipvrrp4priorityvrrp4ipVrrp4trackgigabitEthernetinstance0vlan5-4094instance1vlan1,instance2vlan2,Switchmodetrunkport-group1port-group1switchportmodetrunkinstance0vlan5-4094instance1vlan1,instance2vlan2,switchportmodeswitchportmodetrunkspanning-treeportfastspanning-treeportfast######MST1vlansmapped:1,3BridgeAddr:001a.a97e.9dc7Priority:4096TopologyChanges:8RootCost:RootPort:######MST2vlansmapped:2,4BridgeAddr:001a.a97e.9dc7Priority:8192TopologyChanges:8RootCost:19000RootPort:######MST1vlansmapped:1,3BridgeAddr:001a.a97e.9d8bPriority:8192TopologyChanges:5RootCost:RootPort:######MST2vlansmapped:2,4BridgeAddr:001a.a97e.9d8bPriority:4096TopologyChanges:5RootCost:0RootPort:OwnVLAN13 VLAN23 VLAN33 VLAN43 OwnVLAN13 VLAN23 VLAN33 VLAN43

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

»»所有物理端口必须属于同一个»最多支持8个物理端口聚合为一个 »通过LACP » Ruijie(config)#intrangeg0/25-26Ruijie(config)#intrangeg0/25-26 Ruijie(config)#intRuijie(config)#intaggregateportRuijie(config-AggregatePort1)#switchportmodeRuijie#shaggregatePort1summaryAggregatePortMaxPortsSwitchPort Ruijie#shaggregatePort1summaryAggregatePortMaxPortsSwitchPort 8Gi0/25Ruijie#shintg0/25Ruijie#shintg0/25GigabitEthernet0/25isadministrativelydown,lineprotocolisDOWNHardwareisBroadcom5464GigabitEthernetInterfaceaddressis:noipaddressMTU1500bytes,BW1000000KbitRuijie#shintaggregateport1Index(dec):27(hex):1bAggregatePort1isUP,lineprotocolisUPHardwareisAggregateLinkAggregatePortInterfaceaddressis:noipaddressMTU1500bytes,BW20000004、

2121 »广播报文在二层网络中不断泛洪, »主机网卡接收到大量的广播报文,操作系统调用大量的CPU进程资源来识别这些 »大量二层协议广播报文需要二层交换机CPU处理,浪费大量资源,对正常的请求无 »对网关IP地址的ARP请求报文,经过环路的复制转发,不断地发送到网关设备,网关

2

»»接入层交换机单链路上联，汇聚层交换机没有必要开启 » »接入交换机上行口开启 »

1

errdisablerecoveryerrdisablerecoveryinterval120intrangefa0/1-24int

Ruijie#shRuijie#shint ----------------------------------------------------- FastEthernet Ruijie(config)#intRuijie(config)#intrangeFastEthernet0/1-Ruijie(config-if-range)#rldpportloop-detectshutdown-Ruijie(config)#errdisableRuijie(config)#errdisablerecoveryinterval rldpportloop-detectblock/shutdown-port/shutdown-»block»shutdown-port：将端口置于err-disable»shutdown-svi：将端口对应svi置于shutdown»warning：不对端口作任何处理，仅将事件生成log日志 rldpdetect-interval rldp show 2 2 %RLDP-3-LINK_DETECT_ERROR:loop%RLDP-3-LINK_DETECT_ERROR:loopdetectionerrordetectoninterfaceFastEthernet0/1.setthisinterfaceerrordisable!%LINK-3-UPDOWN:InterfaceFastEthernet0/1,changedstateto%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet0/1,changedstatetoRuijie#shint Vlan---------------------------------------------------------FastEthernet0/1FastEthernet0/2FastEthernetFastEthernetdisable1UnknownUnknowncopperdown1UnknownUnknowncopperdown1UnknownUnknowncopperdown1UnknownUnknowncopperRuijie#shrldpRuijie#shrldpinterfaceport :localbridge :001a.a976.9c0aneighborbridge:0000.0000.0000neighborport loopdetectinformation action:shutdown-portstate:errorRLDP 使用shutdown-porterrdisablerecoveryinterval自动

3 VLAN

5、端口镜像monitorsession1sourceinterfacemonitorsession1destinationinterfacemonitorsession1destinationinterfacexx根据交换芯片的不同，部分交换机在应用SPANCPUS861Addr北京海淀区复兴路29号中意鹏奥大厦东塔A座11100036——园区网路由

Ruijie 弃该数据包,以PCA去pingPCB为例 据转发给PCB。并且SWB将PCB返回的数据转发给SWA PC vlanvlaninterfacevlanipaddressinterfacegi0/24vlaninterfacevlanipaddressinterfacegi0/24 VLAN VLAN VLAN

»在三层设备之间使用这种方式进行互联，一定要在互连接口上配置trunk修剪,即只将互联SVI的VLANID放行vlanvlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremovevlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremove vlanvlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremovevlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremove »两边使用相同的VLANvlanvlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800vlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800 »同第1种trunk互连方式中所描述的，也建议在三层交换机的下联trunk接口进行将互联SVI的VLANID修建掉(即只放行用户VLANID)vlanvlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800interfacegi0/1switchportmodetrunkswitchporttrunkallowedvlanremovevlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800interfacegi0/1swtichportmodetrunkswitchporttrunkallowedvlanremove »两边使用不同的VLANvlanvlaninterfacevlanipaddressinterfacegiswitchportaccessvlanvlaninterfacevlanipaddressinterfacegiswitchportaccessvlan »使用noswitchport命令将一个接口变为三层路由接口（同路由器的接口一样，interfaceinterfacegi0/24noswitchportipaddressinterfacegi0/24noswitchportipaddress SWA(config)#ipSWA(config)#iprouteSWA(config)#iproute SWB(config)#ipSWB(config)#iprouteSWB(config)#iproute SWA#shSWA#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWB#shSWB#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWA#shSWA#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWB#shSWB#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWA#SWA#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /24isdirectlyconnected,GigabitEthernet0/24 /32islocalhost. /24[1/0]via /24[1/0]via SWB#SWB#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /24isdirectlyconnected,GigabitEthernet0/24 /32islocalhost. /24[1/0]via /24[1/0]via »PCA判断PCB的IP与本地IP不在同一网段，在进行TCP/IP封装时，二层目的 ICMPEcho »SWC从VLAN10的access接口接收到报文，查找MAC地址表将其从上联口转TAG:VLAN10ICMPEcho 2ICMPEcho VLAN1 PC »TAG:VLANTAG:VLAN10ICMPEcho

ICMPEcho TAG:VLAN10TAG:VLAN10ICMPEcho

ICMPEcho »–SWA和SWB之间使用不同的接口进行互联时，所形成的MAC地址表及ARP表会有800MACVlanPCAVlan800MACVlan800MACPCA800MAC

»–当SWA与SWB之间使用路由接口进行互连时形成的表项（只有ARP表项）PCAVlan

»SWA和SWB使用不同形式接口互连时，由于SWA和SWB上面形成的ARP表TAG:VLAN10ICMPEcho

VLAN1 PC TAG:VLAN10ICMPTAG:VLAN10ICMPEchoSS：SWASVI800D：SWBSVI800800MACVlan

3

VLAN1 PC TAG:VLAN10TAG:VLAN10ICMPEchoSS：SWASVI800D：SWBSVI800MACTAG:VLAN800 800MAC （2）SWA查找MAC地址表根据替换目的MAC地址后的报文从哪个接口转发 –（1）首先查找路由表，目的IP在本地直连接口网段内，接着查找ARP表，找到目的S：SWASVI800D：SWBSVI800TAG:vlan800S：SWASVI800D：SWBSVI800TAG:vlan800ICMPEcho800MACVlanPCBVlanSS：SWASVI800D：SWBSVI800

44获取PCB的MAC地址信息–（2）完成二层MACSWB查找MAC地址表以确定将报文从哪个接口转发记（VLAN40），如果是access接口，则不添加TAG标记。S：S：SWBSVI40MACD：PCBMACSS：SWASVI800D：SWBSVI800TAG:vlan800ICMPEcho

800MACPCB44–（2）完成二层MACSWB查找MAC地址表以确定将报文从哪个接口转发记（VLAN40），如果是access接口，则不添加TAG标记。

S：SWASVI800MACD：SWBSVI800TAG:vlanS：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoICMPEcho 44 –SWD查找MAC地址表，将其从连接PCB的接口转发出去，同时剥离TAG

S：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWBSVI40D：PCBICMPEcho VLAN PC 3 VLAN PC TAG:VLAN10ICMPEchoTAG:VLAN10ICMPEchoSS：SWASVI800D：SWBSVI800800MACVlan

3 VLAN PC （2）SWA查找MAC地址表根据替换目的MAC地址后的报文从哪个接口转发出

TAG:VLAN10S：0D：ICMPEcho 800MAC

S：SWASVI800MACD：SWBSVI800MAC无 3

SS：SWASVI800D：SWBSVI800ICMPEcho VLAN PC –（1）首先查找路由表，目的IP在本地直连接口网段内，接着查找ARP表，找到目的（0）对应的MAC地址即PCB的MAC地址，使用PCBMAC地址替换原目的MAC地址，使用SVI40的MAC地址替换之前的源MAC地址。SS：SWASVI800D：SWBSVI800ICMPEchoS：SWASVI40D：PCB

44800MACVlanPCBVlan获取PCB的MAC地址信息›–（2）完成二层MACSWB查找MAC地址表以确定将报文从哪个接口转发记（VLAN40），如果是access接口，则不添加TAG标记。SS：SWASVI800D：SWBSVI800ICMPEchoS：SWBSVI40MACD：PCBMAC

800MACPCB44›S：SWBSVI40D：PCBTAG:vlan40S：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWASVI800D：SWBSVI800ICMPEcho

44 –SWD查找MAC地址表，将其从连接PCB的接口转发出去，同时剥离TAG

S：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWBSVI40D：PCBICMPEcho VLAN PC –首先在路由表中查找目的IP对应的下一跳IP（），接着查找ARP表项找到D：SWBGi0/24无 800MAC 1

PC –（1）首先查找路由表，目的IP在本地直连接口网段内，接着查找ARP表，找到目的（0）对应的MAC地址即PCB的MAC地址，使用PCBMAC地址替换原目的MAC地址，使用SVI40的MAC地址替换之前的源MAC地址。D：SWBGi0/24ICMPEchoS：SWBSVI40D：PCB

44PCBVlan获取PCB的MAC地址信息–（2）完成二层MACSWB查找MAC地址表以确定将报文从哪个接口转发记（VLAN40），如果是access接口，则不添加TAG标记。D：SWBGi0/24ICMPEchoS：SWBSVI40MACD：PCBMAC

PCB44S：SWBSVI40D：PCBTAG:vlan40S：SWBSVI40D：PCBTAG:vlan40ICMPEchoD：SWBGi0/24ICMPEcho

44 –SWD查找MAC地址表，将其从连接PCB的接口转发出去，同时剥离TAG

S：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWBSVI40D：PCBICMPEcho VLAN PC »1.PC的TCP/IP»2.»决定输出报文是否携带TAG标记以及TAG标记中的VLANID是多少2 34VLANVLAN1PC5 2、

李 VLAN

VLAN

» » 每个运行OSPF的路由器都必须有一个RouterID。›邻居（Neighbor）：设备启动OSPF路由协议后，便会通过接口向外发送Hello报文。收到Hello报文的其它启动OSPF路由协议的设备会检查报文中所定义的一些 OSPFIPPacketOSPFPacketOSPFProtocol OSPF » »邻接路由器之间通过LSU洪泛LSA，通告拓扑信息，最终同一个区域内所有路 »» »»OSPF »» » »OSPF接口是否启动有 RouterRouter InitRouter TwoTwoWay RouterRouter RouterExchangeALoadingALoadingBFullFullOSPF

2- 路由器之

OSPF »广播(Broadcast)»点到点(P2P)PPP、»» »OSPFOSPF

routerospfrouterospfnetwork55areanetworkarearouterospfnetwork55areanetworkareaS5750-A#shS5750-A#shipCodes:C-connected,S-static,R-RIP,M-mobile,B- isdirectlyconnected,FastEthernet0/0/24issubnetted,3subnets [110/2]via,00:01:44, [110/2]via,00:01:44, [110/2]via,00:01:44,OSPF 查看OSPF协议状态：showipospfS5750-A#shipS5750-A#shipprotocolsRoutingProtocolis"ospf100"OutgoingupdatefilterlistforallinterfacesisnotsetIncomingupdatefilterlistforallinterfacesisnotsetRouterIDNumberofareasinthisrouteris1.1normal0stub0nssaMaximumpath:4Routingfor55area55areaRoutingInformationSources:GatewayDistance LastUpdateDistance:(defaultis S5750-A#shipS5750-A#shipospf Dead OSPF R01#shipospfinterfacefastEthernet0/0.12FastEthernet0/0.12isup,lineprotocolisupInternetAddress/30,Area0ProcessID100,RouterID,NetworkTypeBROADCAST,Cost:1TransmitDelayis1sec,StateDR,Priority1DesignatedRouter(ID),InterfaceaddressBackupDesignatedrouter(ID),InterfaceaddressTimerintervalsconfigured,Hello10,Dead40,Wait40,Retransmitoob-resynctimeout40Helloduein00:00:01Index1/1,floodqueuelength0Next0x0(0)/0x0(0)Lastfloodscanlengthis0,maximumisLastfloodscantimeis0msec,maximumis0msecNeighborCountis1,Adjacentneighborcountis1Adjacentwithneighbor(BackupDesignatedRouter)Suppresshellofor0neighbor(s)OSPFHELLOHELLO报文中影响OSPF OSPFMTU

李 VLAN 红VLAN

routerospfrouterospfnetworkareanetwork55area

routerrouterospfnetworkareanetwork55arearouterospfrouterospfnetworkareanetworkareanetworkarearouterospfnetworkareanetworkareanetworkarearouterospfnetworkarearouterospfnetworkareanetworkareanetworkarearouterrouterospfnetworkareanetworkareanetworkareaOSPF

routerospfrouterospfnetwork55areanetworkareainterfaceipaddressipospfcostrouterospfnetwork55areanetworkareaS5750-A#shS5750-A#shipCodes:C-connected,S-static,R-RIP,M-mobile,B- [110/11]via,00:01:44, [110/11]via,00:01:44, [110/11]via,00:01:44,

李 VLAN

VLAN

»控制LSA只在区域内洪泛，有效地把拓扑变化控制在区域内，拓扑的变化影响» OSPF多区域设计双层层次化（2-layer Area Area AreaAreaAreaAreaArea0为骨干区域，所有其口属于Area0 内部路由器IR（InternalArea所有接口在同一个Area »»» »»区域之间的行为特性是D-V，为了解决区域之间可能发生的路由循环,引入一个特殊的区域Area0,其它区域之间要通信，必须通过Area0骨干区域 »OSPFAreaAreaAreaOSPF多区域环境下LSA类型1LSARouterLSA类型2LSANetworkLSA类型3LSANetworkSummaryLSA类型4ASBR汇总LSAASBRSummaryLSA类型5LSAASExternalLSA类型7NSSA外部LSANSSAExternalLSAOLSAOLSAOLSALSAOE2/OLSAON2/O TypeType=RouterID=NumberofLinksLink1Link2Type=NumberofLinksLink1Link2Link3Type=RouterID=NumberofLinksLink1Link2Link3 Type=SubnetMaskType=SubnetMask=AttachedRouter=AttachedRouter= Type=Mask=Metric=LSA7---NSSAExternal LSA类型7只能在NSSA区域中洪泛，到达NSSA区域ABR后，NSSAABR将其转 OSPF Ruijie(config)#routerospf Ruijie(config)#routerospfOSPF OSPF ruijie（config-router）#arearangenot-advertiseruijie（config-router）summary-addressnot-dvertiseOSPF »» »»OSPF »» »» »»OSPF区域类型与LSAArea

AreaLSA1/2/3

Area

Area

Area 3457骨干区域(AreaOSPF ABR:Ruijie(config-router)#networkip-addresswildcard-maskarea0stubno- »»»路由（LSA）LSA3

External

»»» »OSPF default-informationoriginate»产生的LSA是TYPE5DefaultDefaultrouteDefaultrouteDefaultrouteOSPF »产生的LSA是TYPE3»STUBorTOTALOSPF »»产生的LSA是TYPE7OSPF »»产生的LSA是TYPE3nssano-nssano-型√55√3√3area*nssadefault-information-7area*nssadefault-information-√7√3 AreaAreaR2/16interfacefipaddressinterfacefipaddressinterfacef3/1ipaddressinterfacefipaddressinterfacefipaddressiprouteiproute!OSPF的配置routerospfOSPFnetwork55areanetwork55areanetwork55areanetwork55areaRouterospfredistributeconnected[subnets][metric-type{1,2}][metricmetric]redistributestatic[subnets][metric-type{1,2}][metricmetric]Routerospfredistributerip[subnets][metricmetric]redistributeconnected[subnets][metricmetric]redistributestatic[subnets][metricmetric]routerredistributeconnected[subnets][metricmetric][metric-type1/2]redistributestatic[subnets][metricmetric][metric-type1/2]略Router(config-route-map)#Router(config-route-map)#matchipaddress{access-list-numbername}[...access-list-number|Router(config-route-map)#Router(config-route-map)#matchlengthminsetipnexthop——setinterfacesetdefaultinterfacesetipdefaultnext-hopsetipnext-hopip-add和setipdefaultnext-matchxyzmatchasetmatchdenyall(If(xoryorz)andthenset(bandc)elseifqthensetelsesetRoute#ShowipRoute#debugip

问题：负载均衡，无法控制数据走R2或Access-list1permitRoute-maptestpermit10Matchipaddress1SetmetricRoute-maptestpermitRouterospfredistributestaticsubnetsroute-mapAccess-list1permitRoute-maptestpermit10Matchipaddress1SetmetricRoute-maptestpermitRouterospfredistributestaticsubnetsroute-mapAddr北京海淀区复兴路29号中意鹏奥大厦东塔A座11100036——园区网出口

它是一个IETF(InternetEngineeringTaskForce,Internet工程任务组)标IPv4的空间已经严重不足，NAT可以大量节省公网分配给内部网络中的主机的IP地址，通常这种地址来自RFC1918指定的私有(config-if)#ipnat{inside|outsideglobal-ip}(config-if)#ipnat{inside|outside(config)#ipnatinsidesourcestatic{tcp|udp}local-iplocal-port(config-if)#ipnat(config-if)#ipnat(config)#ipnatinsidesourcesta