一、交换相关知识点
1,VLAN(虚拟局域网)
奥义:一个VLAN = 一个逻辑子网 = 一个广播域
1)未实施VLAN
a,大量的广播流量消耗网络资源
b,不利于管理和维护
c,可能因为某一终端设备的故障把威胁蔓延整个网络
d,不方便策略的实施
2)实施VLAN
a,把大的广播域划分成若干个小的广播(减少了广播流量 减少对网络资源的消耗)
b,有利于网管人员对网络进行管理和维护
c,把威胁控制在一定范围内
d,有利于各种策略的实施
e,有限的安全保障(默认不同VLAN-ID之间的流量是不能够互相通讯的)
3)VLAN的配置方式
a,VLAN数据直接定义
show VLAN brief --------查看VLAN表
任何思科IOS交换机都有一个系统默认的VLAN-ID(VLAN 1)
VLAN1是不能够被删除和修改的并且默认情况下交换机所有的接口皆处于VLAN1中
#vlan datebase --------在特权模式下进入VLAN数据库
(vlan)#vlan 2 name CCIE ------配置VLAN-ID并为VLAN命名
exit -------退出并保存
#
b,全局配置
(config)#vlan 3 ------定义 vlan-id
(config-vlan)#name ccie ------给VLAN3命名
exit ------退出并保存(vlan数据库下)
4)交换机接口指派到VLAN-ID中
独立处理:
interface Ethernet0/1
switchport mode access -----第一步,设置接口模式为访问接口
switchport access vlan 2 ------第二步,把接口指派到对应的VLAN-ID
批量处理:
(config) #interface range e0/1 - 2
(config - if -)#switchport mode access
(config - if -)#switchport access vlan 2
补:
创建vlan的个数是要看交换机平台(IOS/平台)
5
)实验
拓扑
配置:
**************************SW1*********************
!
interface Ethernet0/1
switchport access vlan 2
switchport mode access
!
interface Ethernet0/2
switchport access vlan 2
switchport mode access
!
SW1#
show mac address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
2 aabb.cc00.3100 DYNAMIC Et0/1
2 aabb.cc00.4100 DYNAMIC Et0/2
Total Mac Addresses for this criterion: 2
SW1#
show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/0, Et0/3
2 test active Et0/1, Et0/2
SW1#
show interfaces e0/1
switchport
Name: Et0/1
Switchport:
Enabled
Administrative Mode:
static access
Operational Mode:
static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN:
2 (test)
2
,
trunk
链路
作用:承载所有的
VLAN
vlan的个数:4096个 (
2^12---VLAN-ID字段就有12bit
)
其中:
0
和
4095
被保留
可用:
1--4094
以太网:
1-1001 1006-4094
FDDI/token-ring:1002-1005
1)封装
a
,
ISL
(交换机间链路
---思科私有)
b
,
802.1Q
(
dot1q
)
2
)配置
trunk
链路
拓扑:
SW1(config-if)#
switchport trunk encapsulation
? --
第一步,定义封装类型
dot1q
Interface uses only 802.1q trunking encapsulation when trunking
isl
Interface uses only ISL trunking encapsulation when trunking
negotiate
Device will negotiate trunking encapsulation with peer on
interface
SW1(config-if)#
switchport mode trunk ---第二步,定义接口模式trunk
查看
trunk
链路(接口)状态:
SW1#
show interfaces e0/3 trunk
Port Mode Encapsulation Status
Native vlan
Et0/3
on
802.1q
trunking
1
Port Vlans allowed on trunk
Et0/3 1-4094
Port Vlans allowed and active in management domain
Et0/3 1-2
Port Vlans in spanning tree forwarding state and not pruned
Et0/3 1-2
SW2#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Et0/3
auto
n-802.1q
trunking 1
Port Vlans allowed on trunk
Et0/3 1-4094
Port Vlans allowed and active in management domain
Et0/3 1-2
Port Vlans in spanning tree forwarding state and not pruned
Et0/3 1-2
SW2#sh int e0/3 switchport
Name: Et0/3
Switchport: Enabled
Administrative Mode:
dynamic auto
Operational Mode:
trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
3
)
native vlan
(本征
VLAN
)
作用:传递必须的
2
层协议
---CDP/BPDU/STP等等
思科的
IOS
交换设备默认的
NATIVE-VLAN
是
VLAN 1
默认,
native vlan 穿越trunk链路是不打tag(标签)的!
安全角度考虑,强烈建议修改
native vlan
的
ID
(
Native vlan
一定要一致)
%CDP-4-NATIVE_VLAN_
MISMATCH
: Native VLAN mismatch discovered on FastEthernet0/1 (1), with Switch FastEthernet0/1 (999).
!
Vlan 999
!
interface Ethernet0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan
999
---修改默认的native vlan
switchport mode trunk
!
SW1
#sh int e0/3 switchport
Name: Et0/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN:
999 (native)
SW2
#sh int e0/3 switchport
Name: Et0/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (
default
)
4
)
2
层环路
当考虑到
2
层冗余的时候,可能会出现桥接环路
影响:
a
,广播风暴
b
,多帧的复制
c
,
MAC
地址表的翻滚(不稳定)
解决方案:
STP
(生成树协议)
作用:保障
2
层冗余的前提下抑制环路的产生!
行为:把
“次优”路径上的某个接口置为block
(阻塞)
状态
作业:
1
,
VLAN
a
,概念
b
,配置
2
,
trunk
a
,作用
b
,配置
Native vlan
3
,
2
层桥接环路的产生以及解决方案
作业实现需求:
R2放置在vlan3中被隔离
R1-R3-R4能ping通