網絡部分教案6-交換

數據交換微軟認證講師：韓立剛

hanligang@

MSN:onesthan@目標通過本章的學習，你將能夠完成下列任務:描述2層交換操作配置交換機使用show命令查看交換機的配置和操作MAC地址學習轉發(fā)/避免沖突避免環(huán)路交換機的三個作用

交換機如何學習主機位置初始MAC地址表是空的MACaddresstable0260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0E1E2E3ABCD交換機如何學習計算機位置計算機A發(fā)送一個數據frame到計算機C通過查看fame的源地址，交換機緩存計算機A的MAC地址到端口來自計算機A要到達計算機Cframe被傳到所有的端口除了E0MACaddresstable0260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0:0260.8c01.1111E0E1E2E3DCBA交換機如何過濾Frames計算機A傳輸一個frame到計算機C知道該目標地址,Frame被轉發(fā)到指定端口E0:0260.8c01.1111E2:0260.8c01.2222E1:0260.8c01.3333E3:0260.8c01.44440260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0E1E2E3XXDCABMACaddresstable廣播和多播Frames計算機D發(fā)送一個多播或廣播frame多播或廣播

frames被轉發(fā)到所有端口除了E30260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0E1E2E3DCABE0:0260.8c01.1111E2:0260.8c01.2222E1:0260.8c01.3333E3:0260.8c01.4444MACaddresstable冗余拓撲

冗余拓撲避免單點失敗冗余拓撲產生廣播風暴冗余拓撲產生MAC地址表混亂Segment1Segment2Server/hostXRouterY廣播風暴Segment1Segment2Server/hostXRouterYBroadcastSwitchASwitchBHostXsendsaBroadcast廣播風暴Segment1Segment2Server/hostXRouterYBroadcastSwitchASwitchBHostXsendsaBroadcast解決辦法:Spanning-TreeProtocol通過將一些端口設置成阻斷狀態(tài)避免環(huán)路Blockx生成樹協(xié)議STPSTP協(xié)議工作方式：通過在交換機之間傳遞BPDU（bridgeprotocoldataunit,橋接協(xié)議數據單元）來互相告知諸如交換機的鏈路性質，根橋信息等，以便確定根橋，決定哪些端口處于轉發(fā)狀態(tài)，哪些端口處于阻止狀態(tài)，以免引起網絡環(huán)路。生成樹協(xié)議STP功能:允許在網絡中存在容錯的交換路徑,并且不產生回路;即在之中有多個鏈路,但是只有一條是激活的,其他的備份線路都于備用狀態(tài)以防止主鏈路出現故障.也可避免在兩臺已有的交換機中偶然地連接了一條鏈路,生成樹是一項優(yōu)秀的保護措施,它能確保產生上述錯誤時,網絡也不至于….配置生成樹C1900:spantree1或nospantree1(全局模式)Showspantree1C2900/3500:Spanning-tree(啟動);Showspanning-treeC5000:Setspantreedisable1-1005 關閉生成樹Setspantreeenable1-1005啟動生成樹Showspantree思科建議在交換機上啟動生成樹,特別是在可能出現回環(huán)的鏈路上.確認生成樹wg_sw_a#showspantree{vlannumber}15Spanning-Tree操作每個網段選擇一個根交換機每個非跟交換機選擇一個根端口每個網線的兩個端選擇一個指定端口SwitchXDefaultpriority32768

(8000hex)MAC0c0011111111SwitchYDefaultpriority32768

(8000hex)MAC0c0022222222xxxRootBridge根端口根端口根端口根端口根端口BPDU指定端口指定端口指定端口指定端口阻斷端口選擇根網橋

BPDU=Bridgeprotocoldataunit

(default=sentevery2seconds)Rootbridge=具有最低bridgeIDBridgeID=網橋優(yōu)先級+網橋MAC地址BPDUSwitchXDefaultpriority32768

(8000hex)MAC0c0011111111

SwitchYDefaultpriority32768

(8000hex)MAC0c0022222222根交換機選擇根端口每個交換機到達跟交換機具有最低COST的端口成為這個交換機的根端口根交換機BPDUSwitchXDefaultpriority32768

(8000hex)MAC0c0011111111SwitchYDefaultpriority32768

(8000hex)MAC0c0022222222根端口根端口根端口根端口根端口LinkSpeed Cost(reratifyIEEEspec)Cost(previousIEEEspec)----------------------------------------------------------------------------------------------------10Gbps 2 1 1Gbps 4 1100Mbps 19 1010Mbps 100 100 100BaseT選擇指定端口BPDUSwitchXDefaultpriority32768

(8000hex)MAC0c0011111111SwitchYDefaultpriority32768

(8000hex)MAC0c0022222222根交換機根端口根端口根端口根端口根端口指定端口指定端口指定端口指定端口AB每個網線的兩個頭，要選一個指定端口，比如A點比B點到根交換機的Cost低，那么A點就是指定端口。根端口和指定端口都處于轉發(fā)狀態(tài)，其他端口處于阻斷狀態(tài)XXXBlockingListeningLearningForwarding生成樹端口狀態(tài)生成樹端口狀態(tài):收斂時間:所有的端口都處于轉發(fā)或阻斷狀態(tài)時所用的時間稱為收斂時間，大約30秒。當網絡拓撲發(fā)生改變，所有的交換機都將重新計算生成樹協(xié)議，這將中斷用戶的數據通信。LAN交換類型

存儲轉發(fā)交換機將所有frame全部受到后，檢查沒有錯誤后轉發(fā)Frame快速轉發(fā)交換機檢查目標MAC地址，迅速轉發(fā)frameFrameFrameFrame改進的存儲轉發(fā)交換機檢查Frame前64個字節(jié)，檢查沒有錯誤后轉發(fā)FrameDuplexOverview半雙工(CSMA/CD)單項的數據流更多的沖突可能集線器連接SwitchHub全雙工點到點連接直接連接到交換機的端口需要兩端連接都是全雙工不必鏈路上的沖突檢測配置交換機Catalyst1900MenudriveninterfaceWeb-basedVSM

(VisualSwitchManager)IOSCLI

(command-lineinterface)Catalyst1900默認配置IPaddress:CDP:EnabledSwitchingmode:fragmentfree100baseTport:Auto-negotiateduplexmode10baseTport:HalfduplexSpanningTree:EnabledConsolepassword:nonePortsontheCatalyst1900Cat1912Cat192410baseTportsAUIport100baseTuplinkportse0/1toe0/12e0/1toe0/24e0/25e0/25fa0/26(portA)fa0/27(portB)fa0/26(portA)fa0/27(portB)PortsontheCatalyst1900wg_sw_d#shrunBuildingconfiguration...Currentconfiguration:!!interfaceEthernet0/1!interfaceEthernet0/2

wg_sw_d#shspanPortEthernet0/1ofVLAN1isForwardingPortpathcost100,Portpriority128Designatedroothaspriority32768,address0090.8673.3340Designatedbridgehaspriority32768,address0090.8673.3340DesignatedportisEthernet0/1,pathcost0Timers:messageage20,forwarddelay15,hold1wg_sw_a#showvlan-membershipPortVLANMembershipType PortVLANMembershipType------------------------------------------------------------------1

5Static 131 Static21Static 141 Static31Static 151 Static

ConfiguringtheSwitchConfigurationModesGlobalconfigurationmodewg_sw_a#conftermwg_sw_a(config)#Interfaceconfigurationmodewg_sw_a(config)#interfacee0/1wg_sw_a(config-if)#wg_sw_a(config)#ipaddress1配置交換機的IP地址和默認網關wg_sw_a(config)#

ipaddress{ipaddress}{mask}wg_sw_a(config)#ipdefault-gatewaywg_sw_a(config)#

ipdefault-gateway{ipaddress}查看交換機的IP地址wg_sw_a#showipIPaddress:1Subnetmask:Defaultgateway:ManagementVLAN:1Domainname:Nameserver1:Nameserver2:HTTPserver:EnabledHTTPport:80RIP:Enabledwg_sw_a#設置雙工模式wg_sw_a(config-if)#duplexhalfwg_sw_a(config)#interfacee0/1wg_sw_a(config-if)#duplex{auto|full|full-flow-control|half}查看雙工模式雙工模式不匹配人工設置連接兩端的雙工模式交換機端口雙工模式默認自動協(xié)商，如果連接的端口設置不一致將導致通信失敗管理Mac地址表wg_sw_a#shmac-address-tableNumberofpermanentaddresses:0Numberofrestrictedstaticaddresses:0Numberofdynamicaddresses:6Address DestInterface TypeSourceInterfaceList-------------------------------------------------------------------------------------------------00E0.1E5D.AE2FEthernet0/2 DynamicAll00D0.588F.B604FastEthernet0/26 DynamicAll00E0.1E5D.AE2BFastEthernet0/26 DynamicAll0090.273B.87A4FastEthernet0/26 DynamicAll00D0.588F.B600FastEthernet0/26 DynamicAll00D0.5892.38C4FastEthernet0/27 DynamicAllwg_sw_a#showmac-address-table設置永久的MAC地址wg_sw_a#shmac-address-tableNumberofpermanentaddresses:1Numberofrestrictedstaticaddresses:0Numberofdynamicaddresses:4Address DestInterface Type SourceInterfaceList--------------------------------------------------------------------------------------------------------------00E0.1E5D.AE2F Ethernet0/2 Dynamic All2222.2222.2222 Ethernet0/3 Permanent All00D0.588F.B604 FastEthernet0/26 Dynamic All00E0.1E5D.AE2B FastEthernet0/26 Dynamic All00D0.5892.38C4 FastEthernet0/27 Dynamic Allwg_sw_a(config)#wg_sw_a(config)#mac-address-tablepermanent2222.2222.2222ethernet0/3mac-address-tablepermanent{mac-addresstypemodule/port}設置限制的MAC地址wg_sw_a#shmac-address-tableNumberofpermanentaddresses:1Numberofrestrictedstaticaddresses:1Numberofdynamicaddresses:4Address DestInterface Type SourceInterfaceList-----------------------------------------------------------------------------------------------1111.1111.1111 Ethernet0/4 Static Et0/100E0.1E5D.AE2F Ethernet0/2 Dynamic All2222.2222.2222 Ethernet0/3 Permanent All00D0.588F.B604 FastEthernet0/26 Dynamic All00E0.1E5D.AE2B FastEthernet0/26 Dynamic All00D0.5892.38C4 FastEthernet0/27 Dynamic Allwg_sw_a(config)#mac-address-tablerestrictedstatic1111.1111.1111e0/4e0/1wg_sw_a(config)#

mac-address-tablerestrictedstatic{mac-addresstypemodule/portsrc-if-list}下面的設置允許來自Et0/1訪問E0/4，并且只能在Ethernet0/4接MAC地址1111.1111.1111的網卡配置端口安全wg_sw_a(config-if)#ConfiguresaninterfacetobeasecuredportDefineamaximumnumberofmacaddressesallowedintheaddresstableforthisportCountcanbefrom1to132Defaultis132wg_sw_a(config)#interfacee0/4wg_sw_a(config-if)#portsecuremax-mac-count1portsecure[max-mac-countcount]配置端口安全wg_sw_a#showmac-address-tablesecuritywg_sw_a#showmac-address-tablesecurityActionuponaddressviolation:SuspendInterfaceAddressingSecurityAddressTableSize------------------------------------------------------------------------------------Ethernet0/1Disabled N/AEthernet0/2Disabled N/AEthernet0/3Disabled N/AEthernet0/4Enabled 1Ethernet0/5Disabled N/AEthernet0/6Disabled N/AEthernet0/7Disabled N/AEthernet0/8Disabled N/AEthernet0/9Disabled N/AEthernet0/10Disabled N/AEthernet0/11Disabled N/AEthernet0/12Disabled N/A配置端口安全wg_sw_a#showmac-address-tablesecuritywg_sw_a(config)#address-violation{suspend|disable|ignore}wg_sw_a#showmac-address-tablesecurityActionuponaddressviolation:SuspendInterfaceAddressingSec