生成樹協(xié)議STP課件

信息安全產(chǎn)品配置與應(yīng)用Configurationand

ApplicationofInformationSecurityProducts重慶電子工程職業(yè)學(xué)院|路亞模塊八、路由交換安全配置信息安全產(chǎn)品配置與應(yīng)用模塊八、路由交換安全配置1生成樹協(xié)議

Spanning

TreeProtocol生成樹協(xié)議

SpanningTreeProtocol2教學(xué)目標(biāo)（Objectives

）1.IP地址概念（ConceptofIPAddress

）2.IP地址分類（ClassofIPAddress）3.保留和私有地址（ReservedandPrivateIPAddress）4.網(wǎng)絡(luò)掩碼和子網(wǎng)劃分（NetworkMaskandSubnetting

）

5.可變長(zhǎng)度子網(wǎng)掩碼（VLSM

）6.匯總和CIDR（Summarization

andCIDR）教學(xué)目標(biāo)（Objectives）1.IP地址概念（C3ObjectivesRedundanttopologiesSpanning

TreeProtocolObjectivesRedundanttopologies4冗余（Redundancy）冗余網(wǎng)絡(luò)拓?fù)浯_保網(wǎng)絡(luò)持續(xù)工作，避免單點(diǎn)故障Redundantnetworkingtopologiesaredesignedtoensurethatnetworkscontinuetofunctioninthepresenceofsinglepointsoffailure.冗余（Redundancy）冗余網(wǎng)絡(luò)拓?fù)浯_保網(wǎng)絡(luò)持續(xù)工作，避5冗余拓?fù)洌≧edundantTopologies）冗余拓?fù)洌≧edundantTopologies）6冗余拓?fù)洌≧edundantTopologies）1.冗余拓?fù)涞哪繕?biāo)是為了避免網(wǎng)絡(luò)出現(xiàn)單點(diǎn)故障Agoalofredundanttopologiesistoeliminatenetworkoutagescausedbyasinglepointoffailure.2.所有的網(wǎng)絡(luò)需要冗余來(lái)提高可靠性Allnetworksneedredundancyforenhancedreliability.冗余拓?fù)洌≧edundantTopologies）1.冗余7簡(jiǎn)單的冗余交換拓?fù)?/p>

（SimpleRedundantSwitchedTopology）簡(jiǎn)單的冗余交換拓?fù)?/p>

（SimpleRedundantSw8簡(jiǎn)單的冗余交換拓?fù)?/p>

（SimpleRedundantSwitchedTopology）1.冗余拓?fù)湎藛吸c(diǎn)故障Redundanttopologieseliminatesinglepointsoffailure.2.交換機(jī)對(duì)不知道地址的幀進(jìn)行泛洪Switcheswillfloodframesforunknowndestinations.

3.交換機(jī)對(duì)廣播和組播也進(jìn)行泛洪。

Broadcastsandmulticastsarealsoflooded.4.冗余交換拓?fù)浠蛟S會(huì)帶來(lái)廣播風(fēng)暴、多幀拷貝以及MAC地址表不穩(wěn)定的問(wèn)題Aredundantswitchedtopologymaycausebroadcaststorms,multipleframecopies,andMACaddresstableinstabilityproblems.簡(jiǎn)單的冗余交換拓?fù)?/p>

（SimpleRedundantSw9廣播風(fēng)暴（BroadcastStorm）廣播風(fēng)暴（BroadcastStorm）10多幀傳輸（MultipleFrameTransmissions）在冗余交換網(wǎng)絡(luò)中，對(duì)終端設(shè)備來(lái)講，收到多幀相同數(shù)據(jù)是可能的。Inaredundantswitchednetworkitispossibleforanenddevicetoreceivemultipleframes.多幀傳輸（MultipleFrameTransmissi11MAC地址表不穩(wěn)定（MACDatabaseInstability）交換機(jī)從錯(cuò)誤的接口學(xué)到MAC地址。AswitchcanlearnthataMACaddressisonaportwhenitisnot.MAC地址表不穩(wěn)定（MACDatabaseInstabi12創(chuàng)建邏輯無(wú)環(huán)路拓?fù)?/p>

（Creatingalogicalloopfreetopology）1.冗余增加了可靠性，但是同時(shí)將物理環(huán)路帶進(jìn)網(wǎng)絡(luò)。Reliabilityisincreasedbyredundancy.redundancyconnectionsintroducephysicalloopsintothenetwork.

2.解決辦法就是創(chuàng)建邏輯無(wú)環(huán)路拓?fù)?，同時(shí)保留物理環(huán)存在Thesolutionistoallowphysicalloops,butcreatealoopfreelogicaltopology.3.無(wú)環(huán)路拓?fù)浞Q為樹，并且是可擴(kuò)展的樹。Theloopfreelogicaltopologycreatediscalledatree.Itisaspanningtreebecausealldevicesinthenetworkarereachableorspanned.

4.創(chuàng)建無(wú)環(huán)路拓?fù)涞乃惴ǚQ為生成樹算法。Thealgorithmusedtocreatethisloopfreelogicaltopologyisthespanning-treealgorithm.創(chuàng)建邏輯無(wú)環(huán)路拓?fù)?/p>

（Creatingalogical13STP術(shù)語(yǔ)（STPTerms）1.橋ID(BridgeID)2.開銷（Cost）3.橋協(xié)議數(shù)據(jù)單元（BPDU）STP術(shù)語(yǔ)（STPTerms）1.橋ID(Bridge14橋ID(BridgeID)1.BID用來(lái)識(shí)別每一個(gè)交換機(jī)/網(wǎng)橋。2.BID用來(lái)確定網(wǎng)絡(luò)的中心，在STP中稱為根橋。3.優(yōu)先級(jí)默認(rèn)為32768TheBIDconsistsofabridgeprioritythatdefaultsto32768橋ID(BridgeID)1.BID用來(lái)識(shí)別每一個(gè)交換機(jī)15開銷（Cost）最短路徑是cost累加，而cost是基于鏈路的速率的。Shortestpathisbasedoncumulativelinkcosts.Linkcostsarebasedonthespeedofthelink.開銷（Cost）16橋協(xié)議數(shù)據(jù)單元（BPDU）1.交換機(jī)發(fā)送的創(chuàng)建邏輯無(wú)環(huán)路的數(shù)據(jù)包稱為BPDUThemessagethataswitchsends,allowingtheformationofaloopfreelogicaltopology,iscalledaBridgeProtocolDataUnit(BPDU).2.BPDU在阻塞的接口上也可以接收，這確保如果鏈路或設(shè)備出現(xiàn)問(wèn)題，新的生成樹會(huì)被計(jì)算

BPDUscontinuetobereceivedonblockedports.Thisensuresthatifanactivepathordevicefails,anewspanningtreecanbecalculated.3.默認(rèn)，BPDU2秒發(fā)送一次BydefaultBPDUsaresenteverytwoseconds.橋協(xié)議數(shù)據(jù)單元（BPDU）1.交換機(jī)發(fā)送的創(chuàng)建邏輯無(wú)環(huán)路的數(shù)17Spanning-TreeProtocolSpanning-TreeProtocol18生成樹操作（Spanning-TreeOperation）生成樹操作（Spanning-TreeOperation）19Spanning-TreeOperation(cont.)1.選舉根橋，BID最小即是Selectasingleswitchthatwillactastherootofthespanningtree2.計(jì)算自己到根橋距離Calculatetheshortestpathfromitselftotherootswitch3.選擇根端口，距離根橋最近的接口Chooseoneofitsportsasitsrootport,foreachnon-rootswitch.Thisistheinterfacethatgivesthebestpathtotherootswitch.4.選指定端口和非指定端口，非指定端口被阻塞。Selectportsthatarepartofthespanningtree,thedesignatedports.Non-designatedportsareblocked.Spanning-TreeOperation(cont.)20生成樹操作規(guī)則（Spanning-TreeOperationRules）1.每個(gè)網(wǎng)絡(luò)只有一個(gè)根橋Onerootbridgepernetwork.

2.每個(gè)非根橋只有一個(gè)根端口Onerootportpernonrootbridge.3.每個(gè)段只有一個(gè)指定端口Onedesignatedportpersegment.4.非指定端口不被使用Nondesignatedportsareunused.生成樹操作規(guī)則（Spanning-TreeOperatio21STP實(shí)例（STPExample）STP實(shí)例（STPExample）22生成樹端口狀態(tài)（Spanning-TreePortStates）生成樹端口狀態(tài)（Spanning-TreePortSta23生成樹端口狀態(tài)（Spanning-TreePortStates）1.在阻塞狀態(tài)，端口僅能接收BPDU,需要20秒改變這種狀態(tài)Intheblockingstate,portscanonlyreceiveBPDUs.Itmaytakeupto20secondstochangefromthisstate.

2.在偵聽狀態(tài)，交換機(jī)確定是否有到根橋的其它路徑。該狀態(tài)持續(xù)15秒。在該狀態(tài)，用戶的數(shù)據(jù)不能轉(zhuǎn)發(fā)，也不能學(xué)習(xí)MAC地址。Inlisteningstate,switchesdetermineifthereareanyotherpathstotherootbridge.theforwarddelayandlastsfor15seconds.Inthelisteningstate,userdataisnotbeingforwardedandMACaddressesarenotbeinglearned.生成樹端口狀態(tài)（Spanning-TreePortSta24生成樹端口狀態(tài)（Spanning-TreePortStates）3.在學(xué)習(xí)狀態(tài)，用戶的數(shù)據(jù)不能轉(zhuǎn)發(fā)，但是可以學(xué)習(xí)MAC地址，該狀態(tài)持續(xù)15秒。Inlearningstateuserdataisnotforwarded,butMACaddressesarelearnedfromanytrafficthatisseen.Thelearningstatelastsfor15secondsandisalsocalledtheforwarddelay.4.在轉(zhuǎn)發(fā)狀態(tài)，用戶數(shù)據(jù)被轉(zhuǎn)發(fā)，MAC地址繼續(xù)學(xué)習(xí)，BPDU仍然工作。InforwardingstateuserdataisforwardedandMACaddressescontinuetobelearned.BPDUsarestillprocessed.生成樹端口狀態(tài)（Spanning-TreePortSta25CaseStudyRefertotheexhibit.AllswitcheshavethedefaultSTPconfigurationandalllinksareFastEthernet.WhichportonwhichswitchwillSpanningTreeplaceinblockingmode?CaseStudy26思考題（Questions）1.環(huán)路的存在，會(huì)導(dǎo)致

、

和

問(wèn)題。2.交換機(jī)的ID由

和

組成。3.選舉根橋時(shí)，具有較

值的橋ID的交換機(jī)會(huì)成為根橋。4.100M鏈路的新STPCost為

。5.STP收斂后

口和

口是處于轉(zhuǎn)發(fā)狀態(tài)的。6.決定指定口時(shí)，會(huì)按順序考慮

、

、

和

因素。7.缺省時(shí)，轉(zhuǎn)發(fā)延時(shí)為

秒，Hello時(shí)間為

秒，BPDU的存活時(shí)間為

秒。8.STP中，交換機(jī)的端口有

、

、

和

狀態(tài)。思考題（Questions）1.環(huán)路的存在，會(huì)導(dǎo)致27信息安全產(chǎn)品配置與應(yīng)用Configurationand

ApplicationofInformationSecurityProducts重慶電子工程職業(yè)學(xué)院|路亞模塊八、路由交換安全配置信息安全產(chǎn)品配置與應(yīng)用模塊八、路由交換安全配置28生成樹協(xié)議

Spanning

TreeProtocol生成樹協(xié)議

SpanningTreeProtocol29教學(xué)目標(biāo)（Objectives

）1.IP地址概念（ConceptofIPAddress

）2.IP地址分類（ClassofIPAddress）3.保留和私有地址（ReservedandPrivateIPAddress）4.網(wǎng)絡(luò)掩碼和子網(wǎng)劃分（NetworkMaskandSubnetting

）

5.可變長(zhǎng)度子網(wǎng)掩碼（VLSM

）6.匯總和CIDR（Summarization

andCIDR）教學(xué)目標(biāo)（Objectives）1.IP地址概念（C30ObjectivesRedundanttopologiesSpanning

TreeProtocolObjectivesRedundanttopologies31冗余（Redundancy）冗余網(wǎng)絡(luò)拓?fù)浯_保網(wǎng)絡(luò)持續(xù)工作，避免單點(diǎn)故障Redundantnetworkingtopologiesaredesignedtoensurethatnetworkscontinuetofunctioninthepresenceofsinglepointsoffailure.冗余（Redundancy）冗余網(wǎng)絡(luò)拓?fù)浯_保網(wǎng)絡(luò)持續(xù)工作，避32冗余拓?fù)洌≧edundantTopologies）冗余拓?fù)洌≧edundantTopologies）33冗余拓?fù)洌≧edundantTopologies）1.冗余拓?fù)涞哪繕?biāo)是為了避免網(wǎng)絡(luò)出現(xiàn)單點(diǎn)故障Agoalofredundanttopologiesistoeliminatenetworkoutagescausedbyasinglepointoffailure.2.所有的網(wǎng)絡(luò)需要冗余來(lái)提高可靠性Allnetworksneedredundancyforenhancedreliability.冗余拓?fù)洌≧edundantTopologies）1.冗余34簡(jiǎn)單的冗余交換拓?fù)?/p>

（SimpleRedundantSwitchedTopology）簡(jiǎn)單的冗余交換拓?fù)?/p>

（SimpleRedundantSw35簡(jiǎn)單的冗余交換拓?fù)?/p>

（SimpleRedundantSwitchedTopology）1.冗余拓?fù)湎藛吸c(diǎn)故障Redundanttopologieseliminatesinglepointsoffailure.2.交換機(jī)對(duì)不知道地址的幀進(jìn)行泛洪Switcheswillfloodframesforunknowndestinations.

3.交換機(jī)對(duì)廣播和組播也進(jìn)行泛洪。

Broadcastsandmulticastsarealsoflooded.4.冗余交換拓?fù)浠蛟S會(huì)帶來(lái)廣播風(fēng)暴、多幀拷貝以及MAC地址表不穩(wěn)定的問(wèn)題Aredundantswitchedtopologymaycausebroadcaststorms,multipleframecopies,andMACaddresstableinstabilityproblems.簡(jiǎn)單的冗余交換拓?fù)?/p>

（SimpleRedundantSw36廣播風(fēng)暴（BroadcastStorm）廣播風(fēng)暴（BroadcastStorm）37多幀傳輸（MultipleFrameTransmissions）在冗余交換網(wǎng)絡(luò)中，對(duì)終端設(shè)備來(lái)講，收到多幀相同數(shù)據(jù)是可能的。Inaredundantswitchednetworkitispossibleforanenddevicetoreceivemultipleframes.多幀傳輸（MultipleFrameTransmissi38MAC地址表不穩(wěn)定（MACDatabaseInstability）交換機(jī)從錯(cuò)誤的接口學(xué)到MAC地址。AswitchcanlearnthataMACaddressisonaportwhenitisnot.MAC地址表不穩(wěn)定（MACDatabaseInstabi39創(chuàng)建邏輯無(wú)環(huán)路拓?fù)?/p>

（Creatingalogicalloopfreetopology）1.冗余增加了可靠性，但是同時(shí)將物理環(huán)路帶進(jìn)網(wǎng)絡(luò)。Reliabilityisincreasedbyredundancy.redundancyconnectionsintroducephysicalloopsintothenetwork.

2.解決辦法就是創(chuàng)建邏輯無(wú)環(huán)路拓?fù)洌瑫r(shí)保留物理環(huán)存在Thesolutionistoallowphysicalloops,butcreatealoopfreelogicaltopology.3.無(wú)環(huán)路拓?fù)浞Q為樹，并且是可擴(kuò)展的樹。Theloopfreelogicaltopologycreatediscalledatree.Itisaspanningtreebecausealldevicesinthenetworkarereachableorspanned.

4.創(chuàng)建無(wú)環(huán)路拓?fù)涞乃惴ǚQ為生成樹算法。Thealgorithmusedtocreatethisloopfreelogicaltopologyisthespanning-treealgorithm.創(chuàng)建邏輯無(wú)環(huán)路拓?fù)?/p>

（Creatingalogical40STP術(shù)語(yǔ)（STPTerms）1.橋ID(BridgeID)2.開銷（Cost）3.橋協(xié)議數(shù)據(jù)單元（BPDU）STP術(shù)語(yǔ)（STPTerms）1.橋ID(Bridge41橋ID(BridgeID)1.BID用來(lái)識(shí)別每一個(gè)交換機(jī)/網(wǎng)橋。2.BID用來(lái)確定網(wǎng)絡(luò)的中心，在STP中稱為根橋。3.優(yōu)先級(jí)默認(rèn)為32768TheBIDconsistsofabridgeprioritythatdefaultsto32768橋ID(BridgeID)1.BID用來(lái)識(shí)別每一個(gè)交換機(jī)42開銷（Cost）最短路徑是cost累加，而cost是基于鏈路的速率的。Shortestpathisbasedoncumulativelinkcosts.Linkcostsarebasedonthespeedofthelink.開銷（Cost）43橋協(xié)議數(shù)據(jù)單元（BPDU）1.交換機(jī)發(fā)送的創(chuàng)建邏輯無(wú)環(huán)路的數(shù)據(jù)包稱為BPDUThemessagethataswitchsends,allowingtheformationofaloopfreelogicaltopology,iscalledaBridgeProtocolDataUnit(BPDU).2.BPDU在阻塞的接口上也可以接收，這確保如果鏈路或設(shè)備出現(xiàn)問(wèn)題，新的生成樹會(huì)被計(jì)算

BPDUscontinuetobereceivedonblockedports.Thisensuresthatifanactivepathordevicefails,anewspanningtreecanbecalculated.3.默認(rèn)，BPDU2秒發(fā)送一次BydefaultBPDUsaresenteverytwoseconds.橋協(xié)議數(shù)據(jù)單元（BPDU）1.交換機(jī)發(fā)送的創(chuàng)建邏輯無(wú)環(huán)路的數(shù)44Spanning-TreeProtocolSpanning-TreeProtocol45生成樹操作（Spanning-TreeOperation）生成樹操作（Spanning-TreeOperation）46Spanning-TreeOperation(cont.)1.選舉根橋，BID最小即是Selectasingleswitchthatwillactastherootofthespanningtree2.計(jì)算自己到根橋距離Calculatetheshortestpathfromitselftotherootswitch3.選擇根端口，距離根橋最近的接口Chooseoneofitsportsasitsrootport,foreachnon-rootswitch.Thisistheinterfacethatgivesthebestpathtotherootswitch.4.選指定端口和非指定端口，非指定端口被阻塞。Selectportsthatarepartofthespanningtree,thedesignatedports.Non-designatedportsareblocked.Spanning-TreeOperation(cont.)47生成樹操作規(guī)則（Spanning-TreeOperationRules）1.每個(gè)網(wǎng)絡(luò)只有一個(gè)根橋Onerootbridgepernetwork.

2.每個(gè)非根橋只有一個(gè)根端口Onerootportpernonrootbridge.3.每個(gè)段只有一個(gè)指定端口Onedesignatedportpersegment.4.非指定端口不被使用Nondesignatedportsareunused.生成樹操作規(guī)則（Spanning-TreeOperatio48STP實(shí)例（STPExample）STP實(shí)例（STPExample）49生成樹端口狀態(tài)（Spanning-TreePortStates）生成樹端口狀態(tài)（Spanning-TreePortSta50生成樹端口狀態(tài)（Spanning-TreePortStates）1.在阻塞狀態(tài)，端口僅能接收BPDU,需要20秒改變這種狀態(tài)Intheblockingstate,portscanonlyreceiveBPDUs.Itmaytakeupto20secondstochangefromthisstate.

2.在偵聽狀態(tài)，交換機(jī)確定是否有到根橋的其它路徑。該狀態(tài)持續(xù)15秒。在該狀態(tài)，用戶的數(shù)據(jù)不能轉(zhuǎn)發(fā)，也不能學(xué)習(xí)MAC地址。Inlisteningstate,switchesdetermineifthereareanyotherpathstotherootbridge.theforwarddelayandlastsfor15