版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡介
PAGEPAGE2YesLabCCNP交換實(shí)驗(yàn)手實(shí)驗(yàn)第一部分交換機(jī)基本配 實(shí)驗(yàn)1.1交換機(jī)的基本配 實(shí)驗(yàn)1.2交換機(jī)端口安 實(shí)驗(yàn)1.3交換機(jī)的恢 實(shí)驗(yàn)1.4交換機(jī)IOS恢 實(shí)驗(yàn)第二部分VLAN、VTP和 實(shí)驗(yàn)2.1劃分 實(shí)驗(yàn)2.2私有 實(shí)驗(yàn)2.3私有VLAN與普通VLAN之間的通 實(shí)驗(yàn)2.4 實(shí)驗(yàn)2.5VTP配 實(shí)驗(yàn)第三部分 實(shí)驗(yàn)3.1STP和 實(shí)驗(yàn)3.2 實(shí)驗(yàn)3.3 實(shí)驗(yàn)3.4 實(shí)驗(yàn) STP保 實(shí)驗(yàn)第四部分VLAN間通 實(shí)驗(yàn)4.1單臂路由實(shí)現(xiàn)VLAN間通信 實(shí)驗(yàn) 3層交換實(shí)現(xiàn)VLAN間通 實(shí)驗(yàn)第五部分網(wǎng)關(guān)熱備冗 實(shí)驗(yàn)5.1網(wǎng)關(guān)冗余熱備份協(xié)議HSRP(CISCO私有 實(shí)驗(yàn)5.2: 實(shí)驗(yàn)5.3: 本部分實(shí)驗(yàn)命令匯總 實(shí)驗(yàn)第六部分 實(shí)驗(yàn)6.1使用NTP服務(wù)器的CISCO路由 實(shí)驗(yàn)6.2配置NTP的對(duì)等 實(shí)驗(yàn)6.3NTP的認(rèn) 實(shí)驗(yàn)第7部分 實(shí)驗(yàn)7.1靜態(tài) 實(shí)驗(yàn)7.2動(dòng)態(tài) 實(shí)驗(yàn)7.3復(fù)用內(nèi)部全局地址的 實(shí)驗(yàn)第一部分實(shí)驗(yàn)1.1交換機(jī)的基本配switch#configswitch#configswitch(config)#hostnameSW1SW1(config)#enablesecret 為SW1(config)#lineconsoleconsoleSW1(config-line)#passwordcisco(2)配 接口基本配置SW1(config)#interfacefastEthernet0/1SW1(config-if)#duplexSW1(config-if)#speed{10|100|1000|auto}配置管理地址SW1(config)#interfacevlanSW1(config-if)#ipaddress00SW1(config-if)#noshutdownSW1(config)#ipdefault-gateway//以上是在VLAN1接口上配置了管理地址,接在VLAN1上的計(jì)算機(jī)可以直接net該SW1#copyrunning-cionfigstartup-SW1#copyrunning-cionfigstartup-Buildingconfiguration...理解交換機(jī)的CAM表;交換機(jī)端口安全特性,可以讓我們配置交換機(jī)端口,使得的MAC地址的設(shè)備接入時(shí),交換機(jī)自動(dòng)關(guān)閉接口或者設(shè)備接入,也可以限制某個(gè)端口上最大的MAC地址數(shù)。本實(shí)驗(yàn)限制f0/10接口只允許R1接入。R1(config)#interfaceethernetR1(config-if)#ipR1(config)#interfaceethernetR1(config-if)#ipaddressR1(config-if)#noshutdownR1#showinterfacesethernetEthernet0/0isup,lineprotocolisHardwareisAmdP2,addressis0006.28d8.c460(bia0006.28d8.c460)Internetaddressis/24(此處省略步驟2:配置交換機(jī)端口安全SW1(config)#interfacefastEthernet0/10SW1(config-if)#switchmodeSW1(config-if)#switchport-SW1(config-if)#switchport-securitiy um1//以上命令只允許該端口下的MAC1SW1(config-if)#switchport-securitiyviolation{protect|shutdown|restrictshutdown:當(dāng)新的計(jì)算機(jī)接入時(shí),如果該接口的MACSW1(config-if)#switchportport-securitymac-address0006.28d8.c460SW1(config-if)#noshutdownSW1(config)#intvlan1SW1(config-if)#noSW1(config-if)#ipaddress0步驟3:檢查MACSW1#showmacaddress-tableMacAddressMac1步驟4:模 接這時(shí)從 TypeescapesequencetoSending5,100-byteICMPEchosto0,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=4/4/4R1(config)#interfaceethernetR1(config-if)#mac-addressFa0/10inerr-disable*Mar100:31:05.875:%PORT_SECURITY-2-PSECURE_VIOLATION:Securityviolationoccurred,causedbyMACaddress0001.0001.0001onportFastEthernet0/10.*Mar100:31:06.867:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet0/10,changedstatetodown*Mar100:31:06.867:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceVlan1,changedstatetodown*Mar100:31:07.875:%LINK-3-UPDOWN:InterfaceFastEthernet0/10,changedstateto//SW1上的輸出顯示,交換機(jī)已經(jīng)將接口f0/10shutdown,其原因是端口安全機(jī)制檢測到 SW1#showinterfacesfastEthernetSW1#showinterfacesfastEthernetFastEthernet0/10isdown,lineprotocolisdown(err-HardwareisFastEthernet,addressis000b.5f85.138a(biaSW1#showport-SecurePortMaxSecureAddrCurrentAddrSecurityViolationSecurityAction TotalAddressesinSystem(excludingonemacperport) :0MaxAddresseslimitinSystem(excludingonemacperport):5120實(shí)驗(yàn)1.3交換機(jī)的恢BaseethernetMACAddress:00:18:ba:11:f5:00Xmodemfilesystemisavailable.Thepassword-recoverymechanismisThesystemhasbeeninterruptedpriortoinitializingtheFlashfilesystem.ThefollowingcommandswillinitializeTheflashfilesystem,andfinishloadingtheoperatingSystemsoftware:BaseethernetMACAddress:00:18:ba:11:f5:00Xmodemfilesystemisavailable.Thepassword-recoverymechanismisThesystemhasbeeninterruptedpriortoinitializingtheFlashfilesystem.ThefollowingcommandswillinitializeTheflashfilesystem,andfinishloadingtheoperatingSystemsoftware:Initializingflashfs[0]:3files,1flashfs[0]:0orphanedfiles,0orphaneddirectoriesflashfs[0]:Totalbytes:flashfs[0]:Bytesflashfs[0]:Bytesflashfs[0]:flashfsfscktook12...doneInitializingBootSectorFilesystem(bs)installed,fsid:3Settingconsolebaudrateto9600...(3)在提示符下輸入loadhelper(4)在提示符下輸入dirflash:--――注:查看flashDirectoryof2- <date>c3560-ipbasek9-mz.122-3-rwx1455<date>5-rwx24<date>private-bytesavailable bytesContinuewitchtheconfigurationswitch#renameflash:config.oldconfig-text文件。switch#copyflash:config.textsystem:running-(10)修改enable:SW1(config)#enablesecretciscoSW#copyrunning-configstartup-Destinationfilename[startup-config]?Buildingconfiguration...1.4交換機(jī)IOS恢如果交換機(jī)能夠正常開IOS可以TFTP服務(wù)器上恢復(fù)體步驟可參見路由器的IOS恢復(fù)步驟。然而如果交換機(jī)無法正常開啟,IOS的恢復(fù)過程會(huì)比較復(fù)雜了,需要使用Xmodem方式,該方式是通過Console口從計(jì)算機(jī)IOS,速度為9600bps,因此速度很慢。Switch:copyxmodem:flash:c3550-ipservices-mz.122-44.SE6.binSwitch:copyxmodem:flash:c3550-ipservices-mz.122-44.SE6.bin該命令的含義是通過xmodem方式拷貝文件,保存在FLASH,文件名為BegintheXmodemorXmodem-IKtransfer4.ipdefault-SwitchmodeSwitchport-Switchport- umMACSwitchport-securitiy作Switchport-securitiymac-addressShowmac-address-Mac-addressRenameflash:config.textCopyxmodem:3560-advipservicesk9-mz.122-通過Xmodem協(xié)議將文件flash實(shí)驗(yàn)第二部VLAN、VTPCisco交換機(jī)不僅僅具有2層交換功能,它還具有VLAN等功能。VLAN技術(shù)可以使我們很容易地控制廣播域的大小。有了VLAN,交換機(jī)之間的級(jí)聯(lián)鏈路就需要Trunk技術(shù)來保證2.1步驟1:在SW1上創(chuàng)建VLANsw1#vlan// sw1(vlan)#vlanVLAN2Name:sw1(vlan)#vlanVLAN3Name:APPLYcompleted.除交換機(jī)的配置,除了使用“erasestarting-config”命令外,還要使用“deleteflash:vlan.dat”命令把VLAN數(shù)據(jù)刪除。SW1(config)#vlan2SW1(config)#vlan3r1(config-if)#interfacefastEthernet0/0r1(config-if)#ipaddressr1(config-if)#noshutdownsw1(config)#interfacefastEthernet0/1sw1(config-if)#switchportmodeaccesssw1(config-if)#switchportaccessvlansw1(config-if)#interfacefastEthernet0/2sw1(config-if)#switchportmodeaccesssw1(config-if)#switchportaccessvlanr2(config-if)#interfacefastEthernet0/0r2(config-if)#ipaddressr2(config-if)#no查看vlan信息。1Fa0/0,Fa0/3,Fa0/4,Fa0/6,Fa0/7,Fa0/8,Fa0/10,Fa0/11,Fa0/12,Fa0/14,23sw1#showvlan-switch交換機(jī)3550或者交換機(jī)3560上,采用 令showvlanbriefVLAN 1002fddi-sw1#showvlan-switch交換機(jī)3550或者交換機(jī)3560上,采用 令showvlanbriefVLAN 1002fddi-1003token-ring-PC1PC2PC3PC4PC2PC3PC4PC3PC4我們用路由器和交換機(jī)來模擬PC,先模擬好PC:R2-PC1(config-if)#ipaddressR2-PC1(config-if)#nosw3(config)#hostnameSW3-PC2SW3-PC2(config)#interfacevlan1SW3-PC2(config-if)#ipaddressSW1(config)#hostnameSW1-PC3SW1-PC3(config-if)#ipaddressSW4-PC4(config-if)#ipaddress R2-PC1R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/2/4R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/2/4R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2SW4-PC4#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/3/4SW4-PC4#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/3/4SW2-3750(config)#vtpmode分別為VLAN10 VLAN11 (團(tuán)體VLAN)VLAN 同屬于一個(gè)獨(dú)立VLAN下的接口都不能通信。SW2-3750#showvlanprivate-vlanPrimarySecondary //以上表明我們的VLAN10(孤立VLAN)和VLAN11(團(tuán)體VLAN)都關(guān)聯(lián)到屬于SW2-3750(config-if)#switchportprivate-vlanmap1210-11//PC1PCF0/10口應(yīng)該屬于雜耍模式,并且關(guān)聯(lián)所有VLAN。SW2-3750(config-if-range)#switchportmodeprivate-vlanhostPrimarySecondary Fa1/0/2, 步驟5:測試R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4在SW3-PC2上:SW3-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/3/4SW3-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentSW3-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentSW1-PC3#TypeescapesequencetoSendingSW1-PC3#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4 TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4 TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2實(shí)驗(yàn)要求Vlan10 (主VLAN)PC2的接口F1/0/10Vlan (獨(dú)立VLAN)PC3的接口Vlan (團(tuán)體 PC4的接口SW1PVLANSW1F0/10VLAN10,101,102.觀察與PVLAN的通信情況: Vlan10vlan101 Vlan10vlan102 Vlan101vlan101 Vlan101vlan102 Vlan102vlan101 Vlan102vlan102 記,如果是主機(jī)接口都會(huì)帶上次VLAN的標(biāo)記。由此了一些有趣的現(xiàn)象:做實(shí)驗(yàn)驗(yàn)證并講解:步驟1:先模擬各個(gè)PC:R1-PC1(config-if)#ipaddressR1-PC1(config-if)#noshutdownR2-PC2(config-if)#ipaddresssw3(config)#hostnameSW3-PC3SW3-PC3(config-if)#ipaddresssw4(config)#hostnameSW4-PC4SW4-PC4(config-if)#ipaddressSW1sw1-3550(config-if)#switchporttrunkencapsulationdot1qsw1-3550(config-if)#switchportmodetrunkSW2sw2-3750(config-if)#switchporttrunkencapsulationdot1qsw2-3750(config-if)#switchportmodetrunkR1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/2/4R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis60percent(3/5),round-tripmin/avg/max=1/3/4R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis60percent(3/5),round-tripmin/avg/max=1/3/4Vlan10 (主VLAN)PC2的接口F1/0/10Vlan10 (主VLAN)PC2的接口F1/0/10Vlan (獨(dú)立VLAN)PC3的接口Vlan (團(tuán)體 PC4的接口sw2-3750(config-vlan)#vlan102sw2-3750(config-vlan)#vlan10SW2-3750(config-if)#switchportmodeprivate-vlanpromiscuousSW2-3750(config-if)#switchportprivate-vlanmap10 R2-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4R2-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4SW3-PC3#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentSW1-3550#showvlanVLAN11005trbrf- SW1-3550(config)#interfacefastEthernet0/10SW1-3550(config-if)#switchportmodeaccessSW1-3550(config-if)#spanning-treeportfastR1-PC1 正常通 Vlan10vlan101單向 Vlan10vlan102單向 R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4VLANVLAN通信,所以包會(huì)到達(dá)R2-PC2?;匕臅r(shí)候,SW2VLANVLAN10,SW1VLAN10標(biāo)記的包當(dāng)然會(huì)轉(zhuǎn)給自己的VLAN10R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentPC3SW2收到一VLAN10PVLAN通信的,但是當(dāng)從R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentSW1VLAN10PC1 單向 Vlan101vlan101不 Vlan101vlan102不 SW1-3550(config)#interfacefastEthernet0/10R1-PC1R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentR1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percent//SW2VLAN101VLAN101下的任何一個(gè)R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percent 單向 Vlan102vlan101不 Vlan102vlan102正常通 SW1-3550(config)#interfacefastEthernet0/10R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percent//SW2VLAN102VLAN10的R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentR1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4的時(shí)候也是帶的VLAN102的標(biāo)記,所以是通的。當(dāng)一個(gè)VLAN不同的交換機(jī)時(shí),在同一VLAN上但是連接在不同的交換機(jī)上的計(jì)信息,交換機(jī)從屬于某一VLAN(例如VLAN3)的端口接收到數(shù)據(jù),在Trunk鏈進(jìn)行傳輸前,會(huì)加上一個(gè)vlan標(biāo)記3,表明該數(shù)據(jù)來自VLAN3去掉,只發(fā)送到屬于VLAN3的端口上。有兩種常見的幀標(biāo)記技術(shù):ISL802.1Q。ISLCisco同時(shí)用新的FCS字段替代了原有的FCS字段,該技術(shù)是國際標(biāo)準(zhǔn),得到所有廠家的支持。Cisco交換機(jī)之間的鏈路是否形成Trunk可以自動(dòng)協(xié)商,這個(gè)協(xié)議稱為DTP(DynamicTrunkProtocol),DTP還可以協(xié)商Trunk鏈路的封裝類型。理解DTP的協(xié)商規(guī)律。SW1(config-if)#interfaceSW1(config-if)#interfaceSW1(config-if)#switchporttrunkencapsulation//指定trunk的封裝類型為dot1q,同一鏈路的兩端封裝要相同。有的交換機(jī),例如2950只能封裝dot1q,因此無需執(zhí)行該命令。SW1(config-if)#switchportmode先配置好VLANSW1(vlan)#vlan2VLAN2modified:SW1(config)#interfacefastEthernet0/1SW1(config-if)#switchportmodeaccessSW1(config-if)#switchaccessvlanSW2#vlanSW2(vlan)#vlanVLAN2APPLYAPPLYSW2(config)#interfacefastEthernetSW2(config-if)#switchportmodeSW2(config-if)#switchportaccessvlanSW2(config)#interfacefastEthernetSW2(config-if)#switchporttrunkencapsulationSW2(config-if)#switchportmodeR2(config)#interfaceR2(config)#interfaceR2(config-if)#ipaddressR1(config)#interfaceR1(config-if)#ipaddressTypeTypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2seconds:PacketsentwithasourceaddressofSuccessrateis80percent(4/5),round-tripmin/avg/max=16/33/60msSW1(config)#interfacefastEthernet0/5SW1(config-if)#switchtrunkencapsulation? Interfaceusesonly802.1qtrunkingencapsulationwhentrunking InterfaceusesonlyISLtrunkingencapsulationwhentrunkingnegotiateDevicewillnegotiatetrunkingencapsulationwithpeeron注意:如果你用的模擬器,采用的是路由器的交換模塊,只支持dot1q.一般情況下我們switchportmodetrunktrunk,不用協(xié)商。如果你想讓協(xié)商類型有ISL和dot1q,請(qǐng)?jiān)谡鎸?shí)交換機(jī)上進(jìn)行//negotiate:trunkSW1(config-if)#switchtrunkencapsulation和DTP配置有關(guān)的有以下一些命令,這些命令不能任意組合:“switchporttrunkencapsulation{negotiate|isl|dot1q}”配置Trunk鏈上的封裝類型,上面己經(jīng)詳細(xì)介紹過了?!皊witchportnonegotiate”:Trunk鏈 “switchmode{trunk|dynamicdesirable|dynamicauto}”:desirable、dynamicauto都將成功協(xié)商為trunkdynamicauto: 協(xié)商,如果另一端為negotiate、dynamicdesirable下面的表格表示哪些組合可以讓交換機(jī)之間的鏈路協(xié)商成為trunk。dynamicdynamicsw1(config-if)#switchmodedynamicSW2(config-if)#interfacefastEthernet0/5SW2(config-if)#SW2(config-if)#interfacefastEthernet0/5SW2(config-if)#switchtrunkencapsulationnegotiateSW2(config-if)#switchmodedynamicautoSW1#showinterfacesfastEthernet0/5SW1#showinterfacesfastEthernet0/5EncapsulationNative Vlansallowedon 1- Vlansallowedandactiveinmanagement Vlansinspanningtreeforwardingstateandnotpruned //可以看到trunkdesirable,雙方協(xié)商成為了trunk.封裝的類類型為ISL還是802.1Q。注意,需要在兩端都進(jìn)行檢查,確認(rèn)兩端都形成Trunk才行。有vlan都打;但是如果封裝為802.1q則本征vlan是不打,其他vlan都要打;默sw2#showinterfacesf0/5EncapsulationNative Vlansallowedon 1- Vlansallowedandactiveinmanagement Vlansinspanningtreeforwardingstateandnotpruned 2.5VTP配VTP(VLANTrunkProtocol)提供了一種用于在交換機(jī)上管理VLAN相同的VLAN信息。VTP被組織成管理域(VTP),相同域中的交換機(jī)能共享VLAN信息。根據(jù)交換機(jī)在VTP域中的作用不同,VTP可以分為三種模式:通告給域中的其他交換機(jī)。默認(rèn)情況下,交換機(jī)是服務(wù)器模式。每個(gè)VTP域必須至少有一臺(tái)服務(wù)器,域中的VTP來自其他交換機(jī)的VTPVLANVTPTrunk鏈向其他交換機(jī)轉(zhuǎn)發(fā),因此這種交換機(jī)還能充當(dāng)VTP中繼。上創(chuàng)建、修改、刪除VLAN,但是這些VLAN信息并不會(huì)通告給其他交換機(jī),它也不TrunkVTPVTP初始值為0。只要在VTPServer上創(chuàng)建、修改、刪除VLAN,通告的Revision就增加1,通告中還包含了VLANRevisionRevision通告,而不管誰是ServerClient。交換機(jī)只接受比本地保存的Resivison告;如果交換機(jī)收到Resivison號(hào)更低的通告,會(huì)用自己的VLAN信息反向覆蓋。掌握VTP配置。配置實(shí)例SW1(vlan)#vlan2VLAN2Name:SW1(vlan)#vlanVLAN3Name:SW1(vlan)#vtpDevicemodealreadyVTPAPPLYAPPLYmodeserver命令SW1(vlan)#vtppasswordciscoPasswordalreadysettocisco.//配置vtp 為 namealreadysetto APPLYcompleted.APPLYcompleted.SW2#vlandatabaseSW2(vlan)#vtpclientSettingdevicetoVTPCLIENTvtp namealreadysettoSW2(vlan)#vtppasswordPasswordalreadysetto然然后再在SW3上做如下配置:SW3#vlandatabase namealreadysettoyeslab.SW3(vlan)#vtppasswordciscoPasswordalreadysettocisco.SW3(vlan)#vtpSettingdevicetoVTPTRANSPARENTSW2#showvlan-switchVLAN SW2#showvlan-switchVLAN 1Fa0/3,Fa0/4,Fa0/5,Fa0/7,Fa0/8,Fa0/9,Fa0/10Fa0/11,Fa0/12231 002 003 00 00 00 ieee00 ibm001002fddi-1003token-ring-1002fddi-1003token-ring-1004fddinet-VLANTypeSAIDMTUParentRingNoBridgeNoStpBrdgModeTrans1RemoteSPANPrimarySecondaryEtherChann(以太通路將倍EtherChannel鏈整個(gè)過程在幾毫秒內(nèi)完成,從而起到冗余的作用,增強(qiáng)了網(wǎng)絡(luò)的穩(wěn)定性和安全性。EtherChannel鏈IPI地址、源MA地址、目的MACIPIPMACMACEhrChannelPLACCISCOLACP掌握etherchannel的配置。SW1(config-if)#SW1(config-if)#interfacerangefastEthernet0/5-//range命令可以讓我們同時(shí)對(duì)多個(gè)接口做相同的配置SW1(config-ifswitchporttrunkencapsulationdot1qSW1(config-if)#switchportmodetrunkSW1(config-if)#channel-group1modeEhernetChannelonEhernetChannelCreatingaport-channelinterfacePort-channel1這時(shí)我們?cè)偃ゲ榭醋詣?dòng)生成的Port-channel口下的配置:SW1(config)#doshowrunning-configinterfaceport-channel1Buildingconfiguration...Currentconfiguration:92bytesinterfacePort-channel1switchporttrunkencapsulationdot1qswitchportmodetrunkSW2SW2(config)#interfacerangefastEthernet0/5-SW2(config-if)#switchporttrunkencapsulationSW2(config-if)#switchportmodetrunkSW2(config-if)#channel-group1modeonSW1(config-if)#interfacerangefastEthernet0/5-6SW1(config-if)#channel-group1modeonSW1(config)#interfaceport-channelSW1(config-if)#switchporttrunkencapsulationdot1qSW1(config-if)#switchportmodetrunkSW1#showrunning-configinterfacefastEthernetinterfaceswitchporttrunkencapsulationdot1qswitchportmodetrunkchannel-group1modeonSW2(config)#interfacerangefastEthernet0/5-6SW2(config-if)#channel-group1modeonSW2(config)#interfaceport-channelSW2(config-if)#switchporttrunkencapsulationdot1qSW2(config-if)#switchportmodetrunk SW1(config)#interfacePort-//創(chuàng)建一個(gè)以太網(wǎng)的channel,他的接口標(biāo)識(shí)號(hào)碼是1SW1(config-if)#switchporttrunkencapsulationdot1qSW1(confi-if)#switchportmodetrunkSW1(config)#interfaceFastEthernet0/5SW1(config-if)#switchporttrunkencapsulationdot1qSW1(config-if)#switchportmodetrunkSW1(config-if)#channel-group1modechannel-group1SW1(config)#interfaceSW1(config-if)#switchporttrunkencapsulationdot1qSW1(config-if)#switchportmodetrunkSW1(config-if)#channel-group1modeSW2(config)#interfacePort-SW2(config-if)#switchporttrunkencapsulationdot1qSW2(confi-if)#switchportmodetrunkSW2(config)#interfaceFastEthernet0/5SW2(config-if)#switchporttrunkencapsulationdot1qSW2(config-if)#switchportmodetrunkSW2(config-if)#channel-group1modeonSW2(config)#interfaceSW2(config-if)#switchporttrunkencapsulationdot1qSW2(config-if)#switchportmodetrunkSW2(config-if)#channel-group1modesw3560#showetherchannel//etherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators: GroupPort-channel etherchanneldownshutdownnoshutdown,再查看狀態(tài)。(3)配置自動(dòng)協(xié)商建EtherChannel。SW1(config)#interfacerangefastEthernet0/5-6SW1(config-if-range)#channel-group1mode? EnableLACP EnablePAgPonlyifaPAgPdeviceisdetecteddesirableEnablePAgPunconditionally EnableEtherchannel EnableLACPonlyifaLACPdeviceis把接口配置為PAGPdesirable:channel-group1mode把接口配置為PAGP的auto:channel-group1mode把接口配置為LACP的active:channel-group1modeLACPpassivechannel-group1modepassiveSW1(config-if-range)#channel-group1modedesirablechannel-group1disirablesw3560然后再切換到SW2上做同樣的配置:SW2(config)#interfacerangefastEthernet0/5-6SW2(config-if-range)#channel-group1modedesirable監(jiān)測和測試sw3560#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel 注意:只有鏈路兩端都配置使用相同的協(xié)議才可成功協(xié)商建立EthernetChannel(不關(guān)心SW1(config)#port-channelload-balancedst-mac1:SW1(config)#interfacerangeFastEthernet0/5-6SW1(config-if)#channel-group1modedesirableSW2(config)#interfacerangeSW1(config)#interfacerangeFastEthernet0/5-6SW1(config-if)#channel-group1modedesirableSW2(config)#interfacerangeFastEthernet0/5-6SW2(config-if)#channel-group1modeactiveSW1#showetherchannelFlags:D-down PSW1#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-in f-failedtoallocateM-notinuse,minimumlinksnotu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel1++1+ //“SD”表明要重新開啟//f0/6端口上協(xié)商已經(jīng)終止,“[I]”的意思為:Istand-alonesSW2#SW2#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel 1+ SW1(config-if)#interfacerangeSW1(config-if)#interfacerangeFastEthernet0/5-6SW1(config-if)#channel-group1modeautoSW2(config-if)#SW2(config-if)#interfacerangeFastEthernet0/5-6SW2(config-if)#channel-group1modedesirableSW1#showetherchannelFlags:SW1#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel1++1+ SW2#showSW2#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel 1+ Etherchannel并不是一個(gè)特定的二層協(xié)議。在三層鏈,也是可以起在SW1上:SW1(config)#interfacerangefastEthernet0/5-SW1(config-if-range)#noSW1(config-if-range)#channel-group1modeCreatingaport-channelinterfacePort-channelSW1(config-if-range)#noSW2(config)#interfaceport-channelSW2(config-if)#ipaddress在SW2上:SW2(config)#interfacerangefastEthernet0/5-6SW2(config-if-range)#noswitchportSW2(config-if-range)#channel-group1modeonSW2(config-if-range)#noshutdownSW2(config)#interfaceport-channel1SW2(config-if)#ipaddressSW1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/3/4SW1#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators: GroupPort-channel 本部分實(shí)驗(yàn)相關(guān)命令vlanvlan2namevlanswitchaccessvlaninterfacerangeF0/2–showswitchporttrunkswitchportmodeshowinterfaceF0/3switchportvtpmodevtpvtpvtpmodevtpmodeshowvtpvtpvtpversion設(shè)定Vtpinterfaceport-channelchannel-groupmodeport-channelload-balancedst-showetherchannelshowetherchannelport-實(shí)驗(yàn)第三部在故障時(shí)自動(dòng)調(diào)整網(wǎng)絡(luò)的數(shù)據(jù)轉(zhuǎn)發(fā)路徑。STP30—50基本環(huán)路。交換環(huán)路會(huì)帶來三個(gè)問題:廣播風(fēng)暴、同一幀的多個(gè)拷貝、交換機(jī)CAM表不穩(wěn)定。STP(SpanningTreeProtocol)可以解決這些問題,STP接口,構(gòu)建一棵沒有環(huán)路的轉(zhuǎn)發(fā)樹。STPBPDU(BridgeProtocolDataUnit)和其他交橋ID、路徑代價(jià)、端口ID當(dāng)網(wǎng)絡(luò)上有多個(gè)VLAN,PVST(PerVlanSTP)會(huì)為每個(gè)VLANSTP樹。此時(shí)端重的負(fù)擔(dān)。Cisco交換機(jī)默認(rèn)的模式就是PVST+。到VLAN2先手先手動(dòng)配置三條鏈路為sw1(config)#interfacerangefastEthernet0/1,fastEthernet0/5sw1(config-if-range)#switchporttrunkencapsulationdot1qsw1(config-if-range)#switchportmodetrunk切換到sw2上做配sw2(config)#interfacerangefastEthernet0/2,fastEthernet0/5sw2(config-if-range)#switchporttrunkencapsulationdot1qsw2(config-if-range)#switchportmodetrunksw3(config)#interfacerangefastEthernet0/1,fastEthernet0/2sw3(config-if-range)#switchporttrunkencapsulationdot1qsw3(config-if-range)#switchportmodetrunk配置步驟2:增加VLAN2并在三臺(tái)交換機(jī)上配置VTPSW1#vlandatabaseSW1(vlan)#vlan2SW1(vlan)#vtpserverSW1(vlan)#vtppasswordcisco SW1配置完畢,然后在SW2上做如下配置SW2#vlandatabaseSW2(vlan)#vtpclient SW2(vlan)#vtppasswordcisco接著在SW3上做配置:SW3#vlandatabaseSW3(vlan)#vtpclient SW3(vlan)#vtppasswordciscoSW1#showspanning-SpanningtreeenabledprotocolSW1#showspanning-SpanningtreeenabledprotocolieeeRootID Thisbridgeistheroot32769vlan1VLANIDvlan2232770。//Address:MACDesgFWDDesgFWDSpanningtreeenabledprotocolRootDesgFWDDesgFWDSW1(config)#spanning-treevlan1priorityspanning-treevlan1SW1(config)#spanning-treevlan1priorityspanning-treevlan1rootprimarySW2(config)#spanning-treevlan2priorityspanning-treevlan2rootprimary//Thisbridgeistherootvlan1 2secMaxAge20secForwardDelay15BridgeID 32769(priority32768sys-id-ext 2secMaxAge20secForwardDelay15secAgingTime300 RoleSts Prio.NbrThisbridgeisthe//SW1vlan1vlan2 2secMaxAge20secForwardDelay15secBridgeIDPriority 32770(priority32768sys-id-ext2) 2secMaxAge20secForwardDelay15AgingTime RoleSts Prio.NbrSW1#showSW1#showspanning-SpanningtreeenabledprotocolieeeRootID Thisbridgeistheroot DesgFWDRootFWDAgingTime RoleSts Prio.Nbr52secMaxAge20secForwardDelay15sec32770(priority32768sys-id-ext2)2secMaxAge20secForwardDelay15BridgeIDoSpanningtreeenabledprotocolieeeRootID oAgingTime2secMaxAge20secForwardDelay15(priority4096sys-id-ext2secMaxAge20secForwardDelay15oBridgeIDoSW2#showspanning-SpanningtreeenabledprotocolieeeRootID 5o 2secMaxAge20secForwardDelay15BridgeID 32769(priority32768sys-id-ext oTime 2secMaxAge20secForwardDelay15secAgingTime300 RoleSts Prio.NbrSpanningtreeenabledprotocolRoleStsDesgFWDDesgFWDDesgFWDRootFWDDesgFWDDesgFWDRoot ThisbridgeistheRoot ThisbridgeistheBridgeID2secMaxAge20secForwardDelay15(priority4096sys-id-ext2secMaxAge20secForwardDelay15AgingTime RoleSts Prio.Nbr1)理解Portfast的工作原理;2)理解Uplinkfast的工作原理;(1)配置PC1我們可以用一個(gè)路由器來模擬:Router(config)#hostnamePC1PC1(config)#noiproutingPC1(config-if)#ipaddressPC1我們可以用一個(gè)路由器來模擬:Router(config)#hostnamePC1PC1(config)#noiproutingPC1(config-if)#ipaddressPC1(config-if)#ipdefault-gateway再回到SW1上添加如下配置:再回到SW1上添加如下配置:SW1(config)#interfaceFastEthernet0/9SW1(config-if)#switchportmodeaccessSW1(config-if)#switchportaccessvlan1SW1(config)#interfaceSW1(config-if)#ipaddress0SW1(config-if)#no監(jiān)測和測試SW1(3560)#showspanning-treeSW1(3560)#showspanning-treevlanSpanningtreeenabledprotocolieeeRootID ThisbridgeistheBridge2secMaxAge20secForwardDelay15(priority4096sys-id-ext2secMaxAge20secForwardDelay15AgingTime RoleSts Prio.NbrDesgFWDDesgFWDSW1SW1#debugspanning-treeSW1config)#interfacefastEthernet0/9SW1(config-if)#noshutdown*Mar101:42:03.519:%LINK-3-UPDOWN:InterfaceFastEthernet0/9,changedstatetodown*Mar101:42:03.627:setportid:VLAN0001Fa0/9:newportid*Mar101:42:03.627:STP:VLAN0001Fa0/9->listening*Mar101:42:05.623:%LINK-3-UPDOWN:InterfaceFastEthernet0/9,changedstateto 101:42:06.623:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet0/9,changedstatetoupsw1(config-*Mar101:42:18.627:STP:VLAN0001Fa0/9->sw1(config-*Mar101:42:33.627:STP:VLAN0001Fa0/9->SW1(config)#interfacefastEthernet0/9SW1(config-if)#spanning-treeportfast%Warning:portfastshouldonlybe
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。
最新文檔
- 二手房協(xié)議購房
- 分家協(xié)議范本2025
- 2024版二手房房屋買賣合同協(xié)議15篇
- 工作領(lǐng)域2 新居住項(xiàng)目產(chǎn)品與價(jià)格策70課件講解
- 2023年酒店、廚房設(shè)備用品項(xiàng)目融資計(jì)劃書
- 2023年消化系統(tǒng)用藥項(xiàng)目融資計(jì)劃書
- 2023年全自動(dòng)金屬帶鋸床超精密加工機(jī)床項(xiàng)目融資計(jì)劃書
- 【虎嘯】2024年虎嘯年度洞察報(bào)告-3C家電行業(yè)
- 機(jī)械制圖考試題+答案
- 廣東省茂名市高州市2023-2024學(xué)年八年級(jí)上學(xué)期期末考試數(shù)學(xué)試卷(含答案)
- QCT265-2023汽車零部件編號(hào)規(guī)則
- 新時(shí)代高職英語(基礎(chǔ)模塊)Unit3-1
- 2024年達(dá)州市中考數(shù)學(xué)真題試卷
- (高清版)JTGT 3365-01-2020 公路斜拉橋設(shè)計(jì)規(guī)范
- 業(yè)務(wù)連續(xù)性工作計(jì)劃
- 微機(jī)原理與接口技術(shù)智慧樹知到期末考試答案章節(jié)答案2024年西安工商學(xué)院
- “口腔種植修復(fù)臨床護(hù)理”的專家共識(shí)
- 火電項(xiàng)目管理手冊(cè)
- 2023年浙江省統(tǒng)招專升本考試英語真題及答案解析
- 食堂油鍋起火演練方案及流程
- 急性胰腺炎治療指南2024
評(píng)論
0/150
提交評(píng)論