《高级路由与交换技术》考试大纲

1、高级路由与交换技术考试大纲一、 VLAN和中继1.创建vlanS1(config)#vlan 10S1(config-vlan)#name fatherS1(config-vlan)#exitS1(config)#vlan 20S1(config-vlan)#name motherS1(config)#exitS1(config)#vlan 30S1(config-vlan)#name babyS1(config)#exit2. 配置中继链路 (1)带封装的中继链络S1(config)#interface fa0/0S1(config-if)#switchportS1(config-if)#s

2、witchport trunk encasulation dot1qS1(config-if)#switchport mode trunkS2(config)#interface range fa0/0 3S2(config -if-range)# switchportS2(config -if-range)#switchport trunk encasulation dot1qS2(config -if-range)#switchport mode trunk（2）不带封装的中继链络S1(config)#interface fa0/0S1(config-if)#switchport mode

3、 trunkS2(config)#interface range fa0/0 S2(config-if)#switchport mode trunk 二、 VTP和修剪1. 配置vtp服务器、vtp客户端及vtp域名、vtp版本S1(config)#vtp domain 管理域的名字（JHW）（配置vtp管理域）S1(config)#vtp mode server(服务器模式)S1(config)#vtp password cisco（配置vtp密码）S2(config)#vtp mode client（客户模式）S1(config)#vtp domain syhS3(config)#vtp

4、mode transparent（透明模式）S1(config)#vtp version 2 (vtp版本配置)S1#show vtp status(现实管理域中vtp参数)S1#show vtp counters（查看vtp消息和错误计数）2.vtp修剪S1(config)#vtp pruning(启用vtp修剪)S1(config)#interface fa0/0S1(config-if)#switchport trunk pruning vlan remove/add/except/ 10S1#show vtp statusS1# show interface interface-id

5、switchport(显示中继线状态，包括受制于修剪得VLAN)三、 聚合交换机链路1. 聚合的配置配置Pagp:S2(config)interface range fa0/1 , fa0/4S2(config -if-range)channel-protocol pagpS2(config -if-range)channel-group 1（信息号） mode onS1(config -if-range)interface range fa0/1 , fa0/6S1(config -if-range)channel-protocol pagpS1(config -if-range)chann

6、el-group 1 mode on配置lacp 以太信道:S3(config)#lacp system-priority 100S3(config)#interface range fa0/0 2, fa1/0 2S3(config -if-range)#channel-protocol lacpS3(config -if-range #channl-group 1 mode activeS3(config -if-range)#lacp port-priority 100(配置优先级)S3(config -if-range)#exit2.验证信道1S1#show etherchannel

7、summary四、 冗余链路会聚1.根桥定制（性能好的分布层交换机）S2为VLAN 1 10的根桥（直接修改）S2(config)#SPANNING-TREE VLAN 1 primary 4096 优先级S2(config)#SPANNING-TREE VLAN 10 primary 4096 优先级S3为VLAN 20 30的根桥（间接修改）S3 config)#SPANNING-TREE VLAN 20 root primaryS3(config)#SPANNING-TREE VLAN 30 root primary2.STP的会聚（1）调整STP定时器（只在根桥上配置） hello-t

8、ime 根桥定期发送BPDU的时间间隔1-10s 2s forward-time STP端口状态变化时间间隔4-30s 15s max-age 存储从邻接交换机接收的BPDU的时间6-40s 20s命令：S2(config)#spanning-tree vlan 1 hello-time 3S2(config)#spanning-tree vlan 1 forward-time 10S2(config)#spanning-tree vlan 1 max-age 30S2(config)#spanning-tree vlan 10 hello-time 3S2(config)#spanning-

9、tree vlan 10 forward-time 10S2(config)#spanning-tree vlan 10 max-age 303.冗余链路会聚portfast接单个主机的交换机端口上启用不会把端口的变化状态通知根桥，而且端口的状态直接变为转发S1(config)#INTERFACE RANGE FA0/3 - 5S1(config -if-range)#SWITCHPORT MODE ACCESSS1(config -if-range)#SPANNING-TREE PORTFASTuplinkfast有两条上行链路的接入层交换机上启用快速完成上行链路故障切换S1(config)

10、#spanning-tree uplinkfastbackbonefast在所有骨干层的交换机上启用快速查询备份链路S4(config)#spanning-tree backbonefastS5(config)#spanning-tree backbonefast五、 保护生成树协议拓扑1. 启用根防护switch(config)#interface fa0/0switch(config-if)#spanning-tree guard root2. 默认禁用BPDU保护，在启用portfast的端口上来启用switch(config-if)#spanning-tree portfastswit

11、ch(config-if)#spanning-tree bpduguard enableswitch(config)#spanning-tree portfast bpduguard default(全局启用bpdu防护)注意：根防护和BPDU保护不要同时在一个端口启用防止突然丢失BPDU3.环路防护在全局启用sw(config)#spanning-tree loopguard default4.UDLD在全局启用sw(config)#udld enable5.启用BPDU过滤在全局启用Sw(config)#spanning-tree bpdufilter default在端口启用Sw(con

12、fig-if)#spanning-tree bpdufilter enable六、 MST(多生成树协议)Sw(config)#spanning-tree mst 1 root primary(设置根网桥（宏命令）)Sw(config)#spanning-tree mst 1 priority 150（设置网桥优先级）Sw(config)#spanning-tree mst 1 cost 100（设置端口成本）Sw(config)#spanning-tree mst 1 port-priority 80（设置端口优先级）设置stp定时器Sw(config)#spanning-tree mst

13、hello-time 3Sw(config)#spanning-tree mst forward-time 10Sw(config)#spanning-tree mst max-age 30Sw(config)#spanning-tree mode mst（启用mst）Sw(config)#spanning-tree mst configuration（进入mst配置模式）Sw(config-mst)#name syh（指定区域配置名）Sw(config-mst)#revision 2（指定区域配置修订号）Sw(config-mst)#intance 2 vlan 10 , 20 , 30（将

14、vlan映射到mst实例）Sw(config-mst)#show pending（显示还未提交的修改）Sw(config-mst)#exit （退出mst配置模式，向活动mst区域配置提交修改）七、 VLAN间路由1.接口类型和转换switchport /把三层接口转换为二层接口no switchport /把二层接口转换为三层接口S2(config)#interface fa0/2S2(config-if)#no switchportS2(config-if)#ip address 192.168.24.1 255.255.255.252S2(config-if)#interface fa0

15、/3S2(config-if)#no switchportS2(config-if)#ip address 192.168.25.1 255.255.255.252S3(config)#interface fa0/2S3(config-if)#no switchportS3(config-if)#ip address 192.168.34.1 255.255.255.252S3(config-if)#interface fa0/3S3(config-if)#no switchportS3(config-if)#ip address 192.168.35.1 255.255.255.2522.V

16、LAN之间的通信前提S2:interface range fa0/1 , fa0/4switchport trunk allowed vlan allinterface port-channel 1switchport trunk allowed vlan allS1:interface range fa0/1-2,fa0/ 6switchport trunk allowed vlan allinterface port-channel 1switchport trunk allowed vlan allS3:interface fa0/1switchport trunk allowed vl

17、an all实现不同VLAN的通信S2(config)#interface vlan 10S2(config-if)#ip address 192.168.10.254 255.255.255.0S2(config-if)#exiS2(config)#interface vlan 20S2(config-if)#ip address 192.168.20.254 255.255.255.0S2(config-if)#interface vlan 30S2(config-if)#ip address 192.168.30.254 255.255.255.0S3(config)#interface

18、 vlan 10S3(config-if)#ip address 192.168.10.253 255.255.255.0S3(config-if)#interface vlan 20S3(config-if)#ip address 192.168.20.253 255.255.255.0S3(config-if)#interface vlan 30S3(config-if)#ip address 192.168.30.253 255.255.255.0S2(config)#ip routing /开启路由功能S3(config)#ip routing查看FIB表S2#show ip cef

19、vlan 10八、 DHCP和DHCP中继1.DHCPS3(config)#ip dhcp exclude-address 192.168.34.20 192.168.34.30(预留地址，不被分配)S3(config)#ip dhcp pool jhwS3(config-dhcp)#network 192.168.34.0 255.255.255.252S3(config-dhcp)#default-router 192.168.34.2 S3(config-dhcp)#lease 30(地址租期)查看命令：S3(config)#show ip dhcp binding2.DHCP中继S3(

20、config)#interface fa0/2S3(config-if)#no switchportS3(config-if)#ip address 192.168.34.1 255.255.255.252S3(config-if)#ip helper-address 192.168.199.1 /*指定dhcp服务器的地址，表示通过fa0/2向该服务器发送DHCP请求包*/S3(config)#exit 九、 路由器冗余1.HSRP(热备份路由器协议)1）.优先级的更改：（config-if）#standby group priority XXXXX2）.规划VLAN 1和VLAN 10的主

21、网关为S2，备份网关为S3S2(config)#interface vlan 10ip address 192.168.10.254 255.255.255.0standby priority 248 (10表示组号)standby 10 ip 192.168.10.252 vlan 10的网关S3(config)#interface vlan 10ip address 192.168.10.253 255.255.255.0standby priority 150standby 10 ip 192.168.10.252S2(config)#interface vlan 1ip address

22、 192.168.1.254 255.255.255.0standby 1 priority 248standby 1 ip 192.168.1.252S3(config)#interface vlan 1ip address 192.168.1.253 255.255.255.0standby 1 priority 150standby 1 ip 192.168.1.252VLAN 20和30的主网关为S3，备份网关为S2S2(config)#interface vlan 20ip address 192.168.20.254 255.255.255.0standby 20 priority

23、 150standby 20 ip 192.168.20.252S3(config)#interface vlan 20ip address 192.168.20.253 255.255.255.0standby 20 priority 248standby 20 ip 192.168.20.252S2(config)#interface vlan 30ip address 192.168.30.254 255.255.255.0standby 30 priority 150standby 30 ip 192.168.30.252S3(config)#interface vlan 30ip a

24、ddress 192.168.30.253 255.255.255.0standby 30 priority 248standby 30 ip 192.168.30.252查看命令： Show standby stye-number group brief Show standby brief Show standby 2.VRRP1）.配置VRRPinterfcae vlan 10vrrp 10(主号) priority XXX（优先级）vrrp 10（vlan 10） ip 192.168.10.252no vrrp 10 preempt 去掉抢占功能2).实例S2是VLAN 1 10的主

25、网关，S3是VLAN 1 10的备用网关S2(config)#interface vlan 10S2(config-if)#vrrp 10 priority 248S2(config-if)#vrrp 10 ip 192.168.10.252S3(config)#interface vlan 10S3(config-if)#vrrp 10 priority 150S3(config-if)#vrrp 10 ip 192.168.10.252S3是VLAN 20 30的主网关，S2是VLAN 20 30的备用网关S3(config)#interface vlan 20S3(config-if)#

26、vrrp 20 priority 248S3(config-if)#vrrp 20 ip 192.168.20.252S3(config)#interface vlan 30S3(config-if)#vrrp 30 priority 248S3(config-if)#vrrp 30 ip 192.168.30.252S2(config)#interface vlan 20S2(config-if)#vrrp 20 priority 150S2(config-if)#vrrp 20 ip 192.168.20.252S2(config)#interface vlan 30S2(config-i

27、f)#vrrp 30 priority 150S2(config-if)#vrrp 30 ip 192.168.20.2523.GLBP(网关负载均衡协议)配置S2是VLAN 10的AVG，S2，S3是AVFS2(config)#interface vlan 10S2(config-if)#glbp 10 priority 248S2(config-if)#glbp 10 ip 192.168.10.252S2(config-if)#glbp 10 preemptS3(config)#interface vlan 10S3(config-if)#glbp 10 priority 150S3(c

28、onfig-if)#glbp 10 ip 192.168.10.252S3(config-if)#glbp 10 preemptS3是VLAN 20 30的AVG，S2，S3是AVFS3(config)#interface vlan 20S3(config-if)#glbp 20 priority 248S3(config-if)#glbp 20 ip 192.168.20.252S3(config-if)#glbp 20 preemptS3(config)#interface vlan 30S3(config-if)#glbp 30 priority 248S3(config-if)#glb

29、p 30 ip 192.168.30.252S3(config-if)#glbp 30 preemptS2(config)#interface vlan 20S2(config-if)#glbp 20 priority 150S2(config-if)#glbp 20 ip 192.168.20.252S2(config-if)#glbp 20 preemptS2(config)#interface vlan 30S2(config-if)#glbp 30 priority 150S2(config-if)#glbp 30 ip 192.168.30.252S2(config-if)#glbp

30、 30 preempt4. GLBP的接口追踪目的：跟踪AVF的状态现状：S2S3都是VLAN 1 10的AVF，其中S2是AVGS3(config)#track 1 INterface fa0/2 line-protocolS3(config)#track 2 INterface fa0/3 line-protocolS3(config)#interface vlan 10S3(config-if)#glbp 10 weighting 154 lower 80 upper 100S3(config-if)#glbp 10 weighting track 1 decrement 40S3(co

31、nfig-if)#glbp 10 weighting track 2 decrement 40154-x100 x100 y54154-x-y74在AVG上操作S2(config)#interface vlan 10S2(config-if)#glbp 10 load-balancing host-dependentS3(config)#interface VLAN 20S3(config-if)#glbp 20 Load-balancing WEightedS3(config)#interface VLAN 30S3(config-if)#glbp 20 Load-balancing WEi

32、ghted十、 DHCP探测和源IP地址防护1. DHCP探测Sw(config)#ip dhcp snoopingSw(config)#ip dhcp snooping vlan 10 , 20 , 30Sw(config-if)#ip dhcp snooping limit rate 3*/DHCP包的转发速率，超过就Shutdown 端口，默认不限制。Sw(config-if)#ip dhcp snooping trust 可信端口2. 源IP地址防护配置静态的源IP地址绑定Sw(config)#ip source binding 0009.3452.3ea4. vlan 10 192.

33、168.10.3 interface e0/2在交换机接口上启用源IP地址防护Sw(config)#interface fa0/1Sw(conig-if)#ip verify source port-security十一、 交换机伪造和VLAN跨越1. 交换机伪造Sw(config)#interface fa0/0Sw(config-if)#switchport access vlan 10Sw(config-if)#switchport mode access2. vlan跨越配置802.1Q中继链路使其只传输vlan10和20的数据Sw(config)#vlan 800Sw(config-

34、vlan)#name ssSw(config-vlan)#exitSw(config)#interface fa1/1Sw(config-if)#switchport trunk encapsulation dot1qSw(config-if)#switchport trunk native vlan 800Sw(config-if)#switchport trunk allowed vlan remove 800Sw(config-if)#switchport mode trunk强制标记本帧vlanSw(config)#vlan dot1q tag native十二、 OSPF多区域Osp

35、f多区域Sw(config)#router ospf 7Sw(config-router)#network 192.168.1.0 0.0.0.3 area 0Sw(config-router)#network 192.168.1.4 0.0.0.3 area 0Sw(config-router)#network 192.168.10.0 0.0.0.255 area 1Ospf虚链路Sw18(config)#router ospf 18Sw18(config-router)#router-id 18.18.18.18 area 2 virtual-link 13.13.13.13Sw13(c

36、onfig)#router ospf 13Sw13(config-router)#router-id 13.13.13.13 area 2 virtual-link 18.18.18.18十三、 OSPF中的路由过滤1、 LSA的过滤1类LSA：本路由器的接口信息2类LSA:DR BDR3类LSA：区域之间的LSA4类：汇总5类LSA：外部网络信息ABR处过滤3类LSAASBR过滤5类LSA(IP前缀列表)ip prefix-list name seq deny|permit prefix ge learea number filter-list prefix name in|out LSA的

37、泛洪in：拒绝将3类LSA泛洪到配置的区域out：来自配置区域的3类LSA过滤过滤192.168.10.0/24进入区域0在S7和S8上做LSA过滤ip prefix-list syh seq 5 deny 192.168.10.0/24 ge 24 le 24ip prefix-list syh seq 10 permit 0.0.0.0/0 le 32router ospf 7|8area 0 filter-list prefix syh in2、路由过滤distribute-list 9 in十四、 OSPF和EIGRP的路由重分发Router1(config)#router rip R

38、outer1(config-router)#network 192.168.90.0Router1(config-router)#no auto-summary Router2(config)#router rip Router2(config-router)#network 192.168.90.0Router2(config-router)#network 192.168.100.0Router2(config-router)#no auto-summaryRouter3(config)#router eigrp 9Router3(config-router)#network 192.16

39、8.110.0Router3(config-router)#no auto-summaryRouter4(config)#router eigrp 9Router4(config-router)#network 192.168.110.0Router4(config-router)#network 192.168.120.0Router4(config-router)#no auto-summary 1.RIP和OSPF路由重分发S9的配置interface fa0/6no swiip add 192.168.130.2 255.255.255.252exit配置OSPF路由在S9上写rout

40、er ospf 99network 192.168.130.0 0.0.0.3 area 0Router1的配置interface fa0/1no shuip add 192.168.130.1 255.255.255.252exirouter ospf 99network 192.168.130.0 0.0.0.3 area 0exi配置RIP和OSPF路由重分发router ripredistribute ospf 99 metric 5exitrouter ospf 99redistribute rip metric 3exi检验Router2#show ip routeS9#show ip route2.EIGRP和OSPF路由重分发S10的配置interface fa0/6no swiip add 192.168.140.2 255.255.255.252exit配置OSPF路由router ospf 99network 192.168.140.0 0.0.0