十五交换基础和VLAN.ppt

1、交换和VLANSwitching and VLAN,深圳职业技术学院计算机系网络专业,教学目标（ Objectives ）,1. 交换机学习主机地址 （Switche Learn Host Address） 2. 两种交换方法（Two Switching Methods） 3. 配置端口安全（Configuring Port Security） 4.密码破解（Password Recovery） 5. VLAN操作（VLAN Operations） 6.配置和验证静态VLAN (Configuring and Verifying Static VLANs),地址学习（Address learn

2、ing） 决定转发或过滤（Forward/filter decision） 避免环路（Loop avoidance）,交换机三种功能（Three Switch Functions ）,交换机学习主机地址 （Switche Learn Host Address）,初始MAC地址表是空的 Initial MAC address table is empty,MAC address table,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,A,B,C,D,交换机学习主机地址 （Switche Learn

3、 Host Address）,A向C发送帧（Station A sends a frame to Station C） 交换机将A的MAC地址和其对应的接口E0放入MAC地址表 Switch caches station A MAC address to port E0 by learning the source address of data frames 该帧向除了E0接口的所有接口泛洪 The frame from station A to station C is flooded out to all ports except port E0,MAC address table,02

4、60.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0: 0260.8c01.1111,E0,E1,E2,E3,D,C,B,A,交换机学习主机地址 （Switche Learn Host Address）,D向C发送帧(Station D sends a frame to station C) 交换机将D的MAC地址和其对应的接口E3放入MAC地址表 Switch caches station D MAC address to port E3 by learning the source Address of data fram

5、es 该帧向除了E3接口的所有接口泛洪 The frame from station D to station C is flooded out to all ports except port E3 (unknown unicasts are flooded),MAC address table,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0: 0260.8c01.1111,E3: 0260.8c01.4444,E0,E1,E2,E3,D,C,A,B,交换机过滤帧（ Switches Filter Frames）,

6、A向C发送帧 Station A sends a frame to station C 目的地址已知，帧不被泛洪 Destination is known, frame is not flooded,E0: 0260.8c01.1111,E2: 0260.8c01.2222,E1: 0260.8c01.3333,E3: 0260.8c01.4444,0260.8c01.1111,0260.8c01.2222,0260.8c01.3333,0260.8c01.4444,E0,E1,E2,E3,X,X,D,C,A,B,MAC address table,两种交换方法（Two Switching M

7、ethods）,存储转发特征（Store-and-forward Feature）,1. 在转发之前整个帧被接收 The entire frame is received before any forwarding takes place. 2.由于交换开始之前要接收完整帧，较大的数据帧延迟较大 Latency is greater with larger frames because the entire frame must be received before the switching process begins.,直通特征（Cut-through Feature）,1.在接收完整帧

8、之前，帧就被转发。 The frame is forwarded through the switch before the entire frame is received. 2.最快的是只要读到目的地址就转发。 At a minimum the frame destination address must be read before the frame can be forwarded. 3.这种模式降低了延迟，但是不进行检错 This mode decreases the latency of the transmission, but also reduces error detec

9、tion.,直通分类（Cut-through Class）,一、快速转发（Fast-forward ） 1.快速转发提供了最低的延迟 Fast-forward switching offers the lowest level of latency. 2.只要读到目的地址，就立刻转发 Fast-forward switching immediately forwards a packet after reading the destination address.,直通分类（Cut-through Class）,二、Fragment-free （无碎片方式） 1.无碎片方式在转发之前过滤掉碰撞

10、碎片Fragment-free switching filters out collision fragments before forwarding begins. 2.无碎片方式在转发之前要读到帧的前64字节 Fragment-free switching waits until the packet is determined not to be a collision fragment(64bytes) before forwarding,配置SVI地址（Configuring SVI Address）,Switch(config)#interface vlan 1 Switch(co

11、nfig-if)#ip address 10.1.1.1 255.255.255.0 Switch(config-if)#no shutdown,配置端口安全（Configuring Port Security）,Switch(config)#int f0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-address 0060.6700.dd5b Switch(config-i

12、f)#switchport port-security violation restrict Switch#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) - Fa0/1 132 1 0 Restrict,密码破解（Password Recovery）,1. 拔掉电源（Unplug the power cable） 2.按下mode按钮（hold down the mode button） 3.输入flash_init

13、 （type flash_init） 4.执行dir flash: （type dir flash:） 5.重命名配置文件 （rename flash:config.text flash:config.old） 6.启动（Boot） 7.在进入setup模式提示下输入N （enter N at the prompt to start the setup program.）,密码破解（Password Recovery）,8. 进入特权模式（switchenable） 9. 重命名配置文件 （rename flash:config.old flash:config.text） 10. 将配置文件

14、拷贝到RAM中运行 （copy flash:config.text system:running-config） 11.修改密码 （enable password cisco） 12.存盘（write） 13.重启（reload）,VLAN预览（VLAN Overview）,分段Segmentation 灵活 Flexibility 安全 Security,3rd floor,2nd floor,1st floor,SALES,HR,ENG,1 VLAN =1广播域1逻辑子网 A VLAN = A broadcast domain = Logical network (subnet),VLAN

15、操作（VLAN Operations）,每一个逻辑的VLAN就像一个独立的物理网桥 Each logical VLAN is like a separate physical bridge,VLAN操作（VLAN Operations）,Switch B,Green VLAN,Black VLAN,Red VLAN,同一个VLAN可以跨越多个交换机 VLANs can span across multiple switches,VLAN操作（VLAN Operations）,Switch B,Green VLAN,Black VLAN,Red VLAN,Trunk,TRUNK链路携带多个VLA

16、N的数据 Trunks carries traffic for multiple VLANs Trunks利用特定的封装来识别不同的VLAN Trunks use special encapsulation to distinguish between different VLANs,Fast Ethernet,VLAN成员模式（VLAN Membership Modes）,VLAN5,静态VLAN (Static VLAN),动态VLAN（Dynamic VLAN）,MAC = 1111.1111.1111,Trunk,VMPS 1111.1111.1111 = vlan 10,VLAN10

17、,Port e0/9,Port e0/4,配置静态VLAN (Configuring Static VLANs),1.创建VLAN （create the VLAN ） Switch#vlan databaseSwitch(vlan)#vlan vlan_numberSwitch(vlan)#exit 2.将接口指定到VLAN中 assign the VLAN to one or more interfaces : Switch(config)#interface fastethernet 0/9Switch(config-if)#switchport access vlan vlan_num

18、ber,配置静态VLAN实例 (Configuring Static VLANs Example),Switch#vlan database Switch(vlan)#vlan 2 name v2 VLAN 2 added: Name: v2 Switch(vlan)#vlan 3 name v3 VLAN 3 added: Name: v3 Switch(vlan)#vlan 4 name v4 VLAN 4 modified: Name: v4 Switch(vlan)#no vlan 4 Deleting VLAN 4. Switch(vlan)#exit APPLY completed. Exiting.,Switch(config)#int f0/2 Switch(config-if)#switchport mode access Switch(config-if)#switc