rcnp routing and switching v3 0認(rèn)證學(xué)習(xí)一本通

考試地點(diǎn)：PearsonVUE考試中心考試時(shí)長：110分鐘模塊分值知識(shí)點(diǎn)模塊分值知識(shí)點(diǎn)與端口策略銳捷口綜用

——園區(qū)網(wǎng)交換

生成樹與1、 VLAN：VirtualLocalArea/24 利用VLAN技術(shù)將這臺(tái)接入交換機(jī)VLAN：VirtualLocalArea主管辦公室VLANVLAN

VLAN VLAN 主管辦公室VLAN VLAN

VLAN1。注，VLAN1無法刪除RG-S2652G(config)#vlanRG-S2652G(config)#vlan10創(chuàng)建VLANRG-S2652G(config)#vlan20RG-S2652G(config-if)#switchportaccessvlan20//將該接口分配進(jìn)VLAN20RG-S2652G(config)#interfacef0/1RG-S2652G(config-if)#switchportaccessvlan10//將該接口分配進(jìn)VLAN10RG-S2652G(config)#interfacef0/2主管辦公室VLAN VLAN VLAN 1

Fa0/8,Fa0/9,Fa0/10,Fa0/11Fa0/12,Fa0/13,Fa0/14,Fa0/15Fa0/16,Fa0/17,Fa0/18,Fa0/19Fa0/20,Fa0/21,Fa0/22,Fa0/23Fa0/24,Gi0/25,Gi0/261020

主管辦公室VLAN VLAN DYNAMICFastEthernetDYNAMICFastEthernetDYNAMICFastEthernet… VLAN

VLAN A

B VLAN

VLAN

accessvlan?這是最佳的解決辦法，因?yàn)閷?shí)際項(xiàng)目中接入交換機(jī)上可能會(huì)存在很多VLAN，不可 switchportswitchportmodeswitchportmodeswitchportmode switchportaccessvlanswitchportmodeVLAN1212出去的802.1Q幀的VLANID是不同的

令指定的VLANID

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk VLAN VLAN PC VLAN

?廣播報(bào)文除了向本VLAN內(nèi)的其他端口轉(zhuǎn)發(fā)，也會(huì)從Trunk接口轉(zhuǎn)發(fā)出去，在據(jù)幀會(huì)變成不同的802.1Q數(shù)據(jù)幀（Tag字段的VLANID部分不同））switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

PC VLAN

?switchportaccessvlan10switchportaccessvlan switchportmode VLAN VLAN PC VLAN

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk VLAN

VLAN

VLAN20 PCB switchportaccessvlan10switchportaccessvlan20switchportmodetrunk VLAN VLAN PC VLAN

1PC12PCB4PC34switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

4VLAN20 VLAN PC

VLAN

??從access接口接收的標(biāo)準(zhǔn)以太網(wǎng)幀，會(huì)從同一VLAN的其他access接口轉(zhuǎn)發(fā)出VLANVLAN20Switch(config)#vlanSwitch(config)#vlanSwitch(config)#interfacefastethernet0/1Switch(config-if)#switchportaccessvlan20Switch(config)#interfacerangefastethernet0/2-3Switch(config-if)#switchportaccessvlan10Switch(config)#interfacefastethernet0/4Switch(config-if)#switchportmodetrunk ?1.VLAN1是默認(rèn)存在的，并且無法刪除，所有接口缺省情況下都屬于VLAN 1

Fa0/4,Fa0/5,Fa0/6,Fa0/7Fa0/8,Fa0/9,Fa0/10,Fa0/11Fa0/24,Gi0/25,Gi0/261020

Fa0/1,Fa0/4 Trunk802.1Q幀，會(huì)從相應(yīng)的Access接口（802.1Q幀中TAG字段所對(duì)應(yīng)的VLANID）轉(zhuǎn)發(fā)出去，同時(shí)剝離TAG標(biāo)記轉(zhuǎn)變成標(biāo)準(zhǔn)以太網(wǎng)幀?如果交換機(jī)上沒有配置access接口，只配置了Trunk接口（即匯聚交換機(jī)），交換機(jī)已經(jīng)創(chuàng)建了所接收的802.1Q數(shù)據(jù)幀中包含的VLANID對(duì)應(yīng)的VLAN，否則將丟棄接收到的802.1Q幀 ?如果相應(yīng)的輸出Trunk接口上配置了VLAN修剪功能，將特定的VLANID在該接口上修剪掉，那么當(dāng)接收到了包含相應(yīng)VLANID的802.1QSwitch(config)#interfacefastethernetSwitch(config-if)#Switch(config)#interfacefastethernetSwitch(config-if)#switchporttrunkallowedvlanremoveVLANName 1 10 20 switchportaccessvlan10switchportaccessvlan20switchportmodetrunkintererfacevlan100

intererfacevlan

VLAN

vlan10,也沒有創(chuàng)建vlan10，的802.1Q數(shù)據(jù)幀（vlan10） ?

switchportaccessvlan10switchportaccessvlan20switchportmodetrunkintererfacevlan100

intererfacevlan

VLANNativeVLAN?Trunk接口上傳輸數(shù)據(jù)幀都為802.1Q數(shù)據(jù)幀，但有一種例外，就是nativevlan。默認(rèn)情況下，交換機(jī)的所有接口的nativevlan為vlan1?？梢詫?duì)trunk接口上的native?2.當(dāng)從trunk接口上接收到一不攜帶TAG的標(biāo)準(zhǔn)以太網(wǎng)幀（untagged）時(shí)，會(huì)從nativevlan所包含的接口轉(zhuǎn)發(fā)出去switchportaccessvlan1switchportmodetrunk

VLAN1

VLAN PCNativeVLAN?Trunk接口上傳輸數(shù)據(jù)幀都為802.1Q數(shù)據(jù)幀，但有一種例外，就是nativevlan。默認(rèn)情況下，交換機(jī)的所有接口的nativevlan為vlan1?？梢詫?duì)trunk接口上的native?將trunk接口的natvievlan修改為vlan

switchportaccessvlan10switchportmodetrunk 1VLAN PCSwitch(config)#interfacefastethernet0/2Switch(config-if)#Switch(config)#interfacefastethernet0/2Switch(config-if)#switchporttrunknativevlan10FastEthernet1FastEthernetFastEthernet1FastEthernet1… PC1PC1PC1.

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk PC1 ?廣播報(bào)文在二層網(wǎng)絡(luò)中不斷泛洪, ?主機(jī)網(wǎng)卡接收到大量的廣播報(bào)文,操作系統(tǒng)調(diào)用大量的CPU進(jìn)程資源來識(shí)別這些 ?大量二層協(xié)議廣播報(bào)文需要二層交換機(jī)CPU處理,浪費(fèi)大量資源,對(duì)正常的請(qǐng)求無 ?對(duì)網(wǎng)關(guān)IP地址的ARP請(qǐng)求報(bào)文,經(jīng)過環(huán)路的復(fù)制轉(zhuǎn)發(fā),不斷地發(fā)送到網(wǎng)關(guān)設(shè)備,網(wǎng)關(guān) PC1

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk ARPG

按照產(chǎn)生時(shí)間先后順序分別是STP、RSTP、STP(SpanningTree IEEERSTP(Rapid IEEEMSTP(Multiinstance IEEE每個(gè)非根交換機(jī)選擇一個(gè)根端口（RootPortPortDP）（topologychangenotification）配置BPDU中主要攜帶（根網(wǎng)橋IDID端口ID）這四個(gè)參數(shù)和（Hellotimer、Forwardingdelay、MAXage）網(wǎng)橋端口（RootPathCost），根路徑開銷反映了某端口到根交換機(jī)的“遠(yuǎn)442210M100M1G10G00HelloForwaring計(jì)算到根橋的最短路徑開銷(RootPath選擇根網(wǎng)橋:最優(yōu)BPDU的RootRootRoot10Bridge1PortRoot2RootPath0Bridge2PortRoot1Root1Root0Bridge1Port1RootRoot3RootPath0Bridge3Port

RootRoot3RootPath0Bridge3PortRoot2RootPath0Bridge2Port1Root1Root10Bridge1PortRoot1Root10Bridge1Port1

Root2RootPath0Bridge2PortRootRoot3RootPath0Bridge3Port

RootRootPathPtID1

RootRootBridgePortRoot1RootPathBridge2Port1Root2RootPath0BridgePort21Root3RootPath0Bridge3Port Root1RootPath0Bridge2PortRoot1Root0BridgeRoot1RootPath0Bridge2PortRoot1Root0Bridge1Port

Root1RootPathBridge2Port1 RootRoot1RootPath0Bridge2PortIDRoot1RootPath0Bridge1Port1RootRoot3RootPath0Bridge3Port

RootRoot1Root0Bridge1Port

RootRoot3RootPath0Bridge3Port

Root1RootPathBridge2Port1 交換機(jī)處于listening和learning狀態(tài)的時(shí)間由forwardingdelay

G0/40/48Bloking

拓?fù)浞€(wěn)定后只有根網(wǎng)橋才會(huì)每隔Hellotimer發(fā)送配置

機(jī)Root1機(jī)Root1RootRoot10Bridge1PortID1

RootRootPathcostBridgeIDPortRoot

1

BridgePortID

21

RootRoot1RootPathBridge3Port

觸發(fā)轉(zhuǎn)發(fā)PC2PC3

MAC地址表老化時(shí)間由300S變?yōu)镕orwarding

11Root1RootPath01

RPort

RootPathRootPathBridge

Port

從根端口發(fā)送TCNBPDU

直接拓?fù)渥兓瘮?shù)據(jù)轉(zhuǎn)發(fā)延遲2倍Forwarding

PortPortBridgeRootPathRoot

RootPathRootPathRootBridget

BridgeBridgeRootPathRoot

50g

（30s））——52s（MAXage（20s）+2倍forwardingdelay（30s）+helloRoot1RootPathBridge2 Port

Root1Root1RootPathBridge3Port

變化后需要至少兩倍的ForwardDelay時(shí)間（30-52s），才能恢復(fù)連通性 ?把堵塞的端口細(xì)分為Alternate端口和BackupRootRootatedPort

?端口狀態(tài)由5種狀態(tài)減少到3Forwarding、Learning、 ?無論是否收到根交換機(jī)發(fā)送的BPDU，其他交換機(jī)每Hellotimer（2s）?3倍Hellotimer沒有收到BPDU ?在BPDU的Flag字段，把原來保留的中間6?P/A機(jī)制要求端口類型必須是點(diǎn)對(duì)點(diǎn)（point-to-Bit7Bit6Bit5Bit4Bit3Bit2Bit1Bit0

11

引入邊緣端口（Edge

PortAdminPortFast:DisabledPortOperPortFast:DisabledPortAdminAutoEdge:EnabledPortOperAutoEdge:DisabledPortAdminLinkType:autoPortBPDUGuard:DisabledPortBPDUFilter:DisabledPortGuardmode:NonePortState:forwardingPortPriority:128PortDesignatedRoot:1000.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:8019PortOperPathCost:20000Inconsistentstates:normalPortRole:rootPortPortAdminPortFast:DisabledPortOperPortFast:DisabledPortAdminAutoEdge:EnabledPortOperAutoEdge:DisabledPortAdminLinkType:autoPortBPDUGuard:DisabledPortBPDUFilter:DisabledPortGuardmode:NonePortState:discardingPortPriority:128PortDesignatedRoot:1000.001a.a97e.9dc7PortDesignatedCost:20000PortDesignatedPort:8019PortOperPathCost:20000Inconsistentstates:normalPortRole:alternatePor

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk MSTPMultipleSpanningTreeProtocol多生成樹協(xié)議實(shí)例

Instance Instance

Region 通過IST（Internalspanning-tree內(nèi)部生成樹）保證連通性 MSTPBPDU里面包含MSTMSTrevisionnumber（修訂版本號(hào)）、Instance和vlan的映射，如果在一個(gè)端口上收到的ISTInternalSpanningTree（域內(nèi)）CSTCommonSpanningTree（域間）CISTCommonandInternalSpanningMSTIMultipleSpanning-TreeInstanceMSTP Ruijie(config)#spanning-treemstconfigurationRuijie(config-mst)#instance10vlan?LINEVlanrangeex:1-65,72,300- 57-2；VLAN20的主根是57-2，備份根是57-1

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

5750-1#sh5750-1#shspanning-treemstconfigurationMultispanningtreeprotocol:Enable InstanceVlans0:1-9,11-19,21-::5750-1#shspanning-tree5750-1#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:######MST10vlansmapped:BridgeAddr:001a.a97e.9dc7Priority:4096TimeSinceTopologyChange:TopologyChanges:2DesignatedRoot:RootCost:0RootPort:5750-1#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:801aPortForwardTransitions:2PortAdminPathCost:PortRole:5750-2#shspanning-tree5750-2#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:######MST10vlansmapped:BridgeAddr:001a.a97e.9d8bPriority:8192TimeSinceTopologyChange:TopologyChanges:7DesignatedRoot:RootCost:20000RootPort:5750-2#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:801aPortForwardTransitions:2PortAdminPathCost:PortRole:rootPort2628G-3#shspanning-tree2628G-3#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:rootPort######MST10vlansmapped:10BridgeAddr:001a.a94a.8261Priority:32768TimeSinceTopologyChange:TopologyChanges:3DesignatedRoot:RootCost:20000RootPort:2628G-3#shspanning-treemst10interface######MST10vlansmapped:10PortState:discardingPortPriority:PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:alternatePort ?在接入層設(shè)備上直連PC的端口上配置，相當(dāng)于RSTP（Edge?配置了該命令的端口可以直接從blocking/discarding狀態(tài)進(jìn)入轉(zhuǎn)發(fā)狀態(tài)， ?在接入層設(shè)備上直連PC的端口上配置，防止可能存在的環(huán)路和STP協(xié)議?配置了該命令的端口如果收到BPDU報(bào)文則進(jìn)入errordisable? 配置了該命令的端口不會(huì)發(fā)送BPDU，丟棄接收到的

VLAN

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

VirtualRouterRedundancyProtocolIntIntvlanIpaddIntvlanIpadd

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

IntvlanIntvlanIpadd

IntvlanIntvlanIpadd

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

?由一個(gè)master和若干backup ?虛擬路由器的IP ?虛擬路由器擁有的虛擬MAC，格式為0000-5E00-01XX(XX對(duì)應(yīng)VRID），虛擬路由 現(xiàn)故障，BACKUP路由器就開始接替工作 IPadd：虛擬 ??默認(rèn)為 ? ?設(shè)備初始化時(shí)進(jìn)入此狀態(tài)，路由器不會(huì)對(duì)VRRP?當(dāng)收到接口startup的消息，將轉(zhuǎn)入Backup（優(yōu)先級(jí)不為255時(shí)）或Master狀態(tài)（優(yōu)先 ?定期發(fā)送VRRP?響應(yīng)對(duì)虛擬IP地址的ARP請(qǐng)求，并且用虛擬MAC地址應(yīng)答，接收目的MAC?在Master狀態(tài)中只有接收到比自己的優(yōu)先級(jí)大的VRRP報(bào)文時(shí)，才會(huì)轉(zhuǎn)為Backup ?接收Master發(fā)送的VRRP?對(duì)虛擬IP地址的ARP請(qǐng)求不做響應(yīng)、丟棄目的MAC地址為虛擬MAC地址的IP報(bào)文、丟 <1-255>VRRPadvertise<1-255>Priorityvrrp10priorityvrrp10ip

interfaceVLANvrrp10ip

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

Grp Own MasterGroupVLAN 5750-1#sh5750-1#shvrrpinterfacevlan10VLAN10-Group10StateisVirtualIPaddressis54configuredVirtualMACaddressis0000.5e00.010aAdvertisementintervalis1secPreemptionisenabledmindelayis0secPriorityisMasterRouteris53(local),priorityis105MasterAdvertisementintervalis1secMasterDownintervalis3

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

通過修改網(wǎng)橋優(yōu)先級(jí)把匯聚交換機(jī)設(shè)備設(shè)置為根網(wǎng)橋，和VRRP如果因環(huán)境原因可能產(chǎn)生收幀延遲，導(dǎo)致VRRP震蕩，或者VRRP組比較多，例如雙核心應(yīng)用環(huán)境中有30個(gè)左右的VRRP組，且都把同一臺(tái)設(shè)備設(shè)置為Master。為了避免同一個(gè)時(shí)刻大量收發(fā)VRRPCPU的沖擊，建議修改不同VRRP間隔，比如50％VRRP組的通告發(fā)送間隔設(shè)置成1秒，50％設(shè)置成2秒vrrp1priorityvrrp1ipVrrp1trackgigabitEthernetvrrp2ipvrrp3priorityvrrp3ipVrrp3trackgigabitEthernetvrrp4ipinstance0vlan5-4094instance1vlan1,instance2vlan2,Switchmodetrunkport-group1port-group1switchportmodetrunkvrrp1ipvrrp2priorityvrrp2ipVrrp2trackgigabitEthernetvrrp3ipvrrp4priorityvrrp4ipVrrp4trackgigabitEthernetinstance0vlan5-4094instance1vlan1,instance2vlan2,Switchmodetrunkport-group1port-group1switchportmodetrunkinstance0vlan5-4094instance1vlan1,instance2vlan2,switchportmodeswitchportmodetrunkspanning-treeportfastspanning-treeportfast######MST1vlansmapped:1,3BridgeAddr:001a.a97e.9dc7Priority:4096TopologyChanges:8RootCost:RootPort:######MST2vlansmapped:2,4BridgeAddr:001a.a97e.9dc7Priority:8192TopologyChanges:8RootCost:19000RootPort:######MST1vlansmapped:1,3BridgeAddr:001a.a97e.9d8bPriority:8192TopologyChanges:5RootCost:RootPort:######MST2vlansmapped:2,4BridgeAddr:001a.a97e.9d8bPriority:4096TopologyChanges:5RootCost:0RootPort:OwnVLAN13 VLAN23 VLAN33 VLAN43 OwnVLAN13 VLAN23 VLAN33 VLAN43

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

??所有物理端口必須屬于同一個(gè)?最多支持8個(gè)物理端口聚合為一個(gè) ?通過LACP ? Ruijie(config)#intrangeg0/25-26Ruijie(config)#intrangeg0/25-26 Ruijie(config)#intRuijie(config)#intaggregateportRuijie(config-AggregatePort1)#switchportmodeRuijie#shaggregatePort1summaryAggregatePortMaxPortsSwitchPort Ruijie#shaggregatePort1summaryAggregatePortMaxPortsSwitchPort 8Gi0/25Ruijie#shintg0/25Ruijie#shintg0/25GigabitEthernet0/25isadministrativelydown,lineprotocolisDOWNHardwareisBroadcom5464GigabitEthernetInterfaceaddressis:noipaddressMTU1500bytes,BW1000000KbitRuijie#shintaggregateport1Index(dec):27(hex):1bAggregatePort1isUP,lineprotocolisUPHardwareisAggregateLinkAggregatePortInterfaceaddressis:noipaddressMTU1500bytes,BW20000004、

2121 ?廣播報(bào)文在二層網(wǎng)絡(luò)中不斷泛洪, ?主機(jī)網(wǎng)卡接收到大量的廣播報(bào)文,操作系統(tǒng)調(diào)用大量的CPU進(jìn)程資源來識(shí)別這些 ?大量二層協(xié)議廣播報(bào)文需要二層交換機(jī)CPU處理,浪費(fèi)大量資源,對(duì)正常的請(qǐng)求無 ?對(duì)網(wǎng)關(guān)IP地址的ARP請(qǐng)求報(bào)文,經(jīng)過環(huán)路的復(fù)制轉(zhuǎn)發(fā),不斷地發(fā)送到網(wǎng)關(guān)設(shè)備,網(wǎng)關(guān)

2

??接入層交換機(jī)單鏈路上聯(lián)，匯聚層交換機(jī)沒有必要開啟 ? ?接入交換機(jī)上行口開啟 ?

1

errdisablerecoveryerrdisablerecoveryinterval120intrangefa0/1-24int

Ruijie#shRuijie#shint ----------------------------------------------------- FastEthernet Ruijie(config)#intRuijie(config)#intrangeFastEthernet0/1-Ruijie(config-if-range)#rldpportloop-detectshutdown-Ruijie(config)#errdisableRuijie(config)#errdisablerecoveryinterval rldpportloop-detectblock/shutdown-port/shutdown-?block?shutdown-port：將端口置于err-disable?shutdown-svi：將端口對(duì)應(yīng)svi置于shutdown?warning：不對(duì)端口作任何處理，僅將事件生成log日志 rldpdetect-interval rldp show 2 2 %RLDP-3-LINK_DETECT_ERROR:loop%RLDP-3-LINK_DETECT_ERROR:loopdetectionerrordetectoninterfaceFastEthernet0/1.setthisinterfaceerrordisable!%LINK-3-UPDOWN:InterfaceFastEthernet0/1,changedstateto%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet0/1,changedstatetoRuijie#shint Vlan---------------------------------------------------------FastEthernet0/1FastEthernet0/2FastEthernetFastEthernetdisable1UnknownUnknowncopperdown1UnknownUnknowncopperdown1UnknownUnknowncopperdown1UnknownUnknowncopperRuijie#shrldpRuijie#shrldpinterfaceport :localbridge :001a.a976.9c0aneighborbridge:0000.0000.0000neighborport loopdetectinformation action:shutdown-portstate:errorRLDP 使用shutdown-porterrdisablerecoveryinterval自動(dòng)

3 VLAN

5、端口鏡像monitorsession1sourceinterfacemonitorsession1destinationinterfacemonitorsession1destinationinterfacexx根據(jù)交換芯片的不同，部分交換機(jī)在應(yīng)用SPANCPUS861Addr北京海淀區(qū)復(fù)興路29號(hào)中意鵬奧大廈東塔A座11100036——園區(qū)網(wǎng)路由

Ruijie 棄該數(shù)據(jù)包,以PCA去pingPCB為例 據(jù)轉(zhuǎn)發(fā)給PCB。并且SWB將PCB返回的數(shù)據(jù)轉(zhuǎn)發(fā)給SWA PC vlanvlaninterfacevlanipaddressinterfacegi0/24vlaninterfacevlanipaddressinterfacegi0/24 VLAN VLAN VLAN

?在三層設(shè)備之間使用這種方式進(jìn)行互聯(lián)，一定要在互連接口上配置trunk修剪,即只將互聯(lián)SVI的VLANID放行vlanvlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremovevlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremove vlanvlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremovevlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremove ?兩邊使用相同的VLANvlanvlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800vlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800 ?同第1種trunk互連方式中所描述的，也建議在三層交換機(jī)的下聯(lián)trunk接口進(jìn)行將互聯(lián)SVI的VLANID修建掉(即只放行用戶VLANID)vlanvlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800interfacegi0/1switchportmodetrunkswitchporttrunkallowedvlanremovevlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800interfacegi0/1swtichportmodetrunkswitchporttrunkallowedvlanremove ?兩邊使用不同的VLANvlanvlaninterfacevlanipaddressinterfacegiswitchportaccessvlanvlaninterfacevlanipaddressinterfacegiswitchportaccessvlan ?使用noswitchport命令將一個(gè)接口變?yōu)槿龑勇酚山涌冢ㄍ酚善鞯慕涌谝粯?，interfaceinterfacegi0/24noswitchportipaddressinterfacegi0/24noswitchportipaddress SWA(config)#ipSWA(config)#iprouteSWA(config)#iproute SWB(config)#ipSWB(config)#iprouteSWB(config)#iproute SWA#shSWA#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWB#shSWB#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWA#shSWA#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWB#shSWB#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWA#SWA#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /24isdirectlyconnected,GigabitEthernet0/24 /32islocalhost. /24[1/0]via /24[1/0]via SWB#SWB#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /24isdirectlyconnected,GigabitEthernet0/24 /32islocalhost. /24[1/0]via /24[1/0]via ?PCA判斷PCB的IP與本地IP不在同一網(wǎng)段，在進(jìn)行TCP/IP封裝時(shí)，二層目的 ICMPEcho ?SWC從VLAN10的access接口接收到報(bào)文，查找MAC地址表將其從上聯(lián)口轉(zhuǎn)TAG:VLAN10ICMPEcho 2ICMPEcho VLAN1 PC ?TAG:VLANTAG:VLAN10ICMPEcho

ICMPEcho TAG:VLAN10TAG:VLAN10ICMPEcho

ICMPEcho ?–SWA和SWB之間使用不同的接口進(jìn)行互聯(lián)時(shí)，所形成的MAC地址表及ARP表會(huì)有800MACVlanPCAVlan800MACVlan800MACPCA800MAC

?–當(dāng)SWA與SWB之間使用路由接口進(jìn)行互連時(shí)形成的表項(xiàng)（只有ARP表項(xiàng)）PCAVlan

?SWA和SWB使用不同形式接口互連時(shí)，由于SWA和SWB上面形成的ARP表TAG:VLAN10ICMPEcho

VLAN1 PC TAG:VLAN10ICMPTAG:VLAN10ICMPEchoSS：SWASVI800D：SWBSVI800800MACVlan

3

VLAN1 PC TAG:VLAN10TAG:VLAN10ICMPEchoSS：SWASVI800D：SWBSVI800MACTAG:VLAN800 800MAC （2）SWA查找MAC地址表根據(jù)替換目的MAC地址后的報(bào)文從哪個(gè)接口轉(zhuǎn)發(fā) –（1）首先查找路由表，目的IP在本地直連接口網(wǎng)段內(nèi)，接著查找ARP表，找到目的S：SWASVI800D：SWBSVI800TAG:vlan800S：SWASVI800D：SWBSVI800TAG:vlan800ICMPEcho800MACVlanPCBVlanSS：SWASVI800D：SWBSVI800

44獲取PCB的MAC地址信息–（2）完成二層MACSWB查找MAC地址表以確定將報(bào)文從哪個(gè)接口轉(zhuǎn)發(fā)記（VLAN40），如果是access接口，則不添加TAG標(biāo)記。S：S：SWBSVI40MACD：PCBMACSS：SWASVI800D：SWBSVI800TAG:vlan800ICMPEcho

800MACPCB44–（2）完成二層MACSWB查找MAC地址表以確定將報(bào)文從哪個(gè)接口轉(zhuǎn)發(fā)記（VLAN40），如果是access接口，則不添加TAG標(biāo)記。

S：SWASVI800MACD：SWBSVI800TAG:vlanS：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoICMPEcho 44 –SWD查找MAC地址表，將其從連接PCB的接口轉(zhuǎn)發(fā)出去，同時(shí)剝離TAG

S：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWBSVI40D：PCBICMPEcho VLAN PC 3 VLAN PC TAG:VLAN10ICMPEchoTAG:VLAN10ICMPEchoSS：SWASVI800D：SWBSVI800800MACVlan

3 VLAN PC （2）SWA查找MAC地址表根據(jù)替換目的MAC地址后的報(bào)文從哪個(gè)接口轉(zhuǎn)發(fā)出

TAG:VLAN10S：0D：ICMPEcho 800MAC

S：SWASVI800MACD：SWBSVI800MAC無 3

SS：SWASVI800D：SWBSVI800ICMPEcho VLAN PC –（1）首先查找路由表，目的IP在本地直連接口網(wǎng)段內(nèi)，接著查找ARP表，找到目的（0）對(duì)應(yīng)的MAC地址即PCB的MAC地址，使用PCBMAC地址替換原目的MAC地址，使用SVI40的MAC地址替換之前的源MAC地址。SS：SWASVI800D：SWBSVI800ICMPEchoS：SWASVI40D：PCB

44800MACVlanPCBVlan獲取PCB的MAC地址信息?–（2）完成二層MACSWB查找MAC地址表以確定將報(bào)文從哪個(gè)接口轉(zhuǎn)發(fā)記（VLAN40），如果是access接口，則不添加TAG標(biāo)記。SS：SWASVI800D：SWBSVI800ICMPEchoS：SWBSVI40MACD：PCBMAC

800MACPCB44?S：SWBSVI40D：PCBTAG:vlan40S：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWASVI800D：SWBSVI800ICMPEcho

44 –SWD查找MAC地址表，將其從連接PCB的接口轉(zhuǎn)發(fā)出去，同時(shí)剝離TAG

S：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWBSVI40D：PCBICMPEcho VLAN PC –首先在路由表中查找目的IP對(duì)應(yīng)的下一跳IP（），接著查找ARP表項(xiàng)找到D：SWBGi0/24無 800MAC 1

PC –（1）首先查找路由表，目的IP在本地直連接口網(wǎng)段內(nèi)，接著查找ARP表，找到目的（0）對(duì)應(yīng)的MAC地址即PCB的MAC地址，使用PCBMAC地址替換原目的MAC地址，使用SVI40的MAC地址替換之前的源MAC地址。D：SWBGi0/24ICMPEchoS：SWBSVI40D：PCB

44PCBVlan獲取PCB的MAC地址信息–（2）完成二層MACSWB查找MAC地址表以確定將報(bào)文從哪個(gè)接口轉(zhuǎn)發(fā)記（VLAN40），如果是access接口，則不添加TAG標(biāo)記。D：SWBGi0/24ICMPEchoS：SWBSVI40MACD：PCBMAC

PCB44S：SWBSVI40D：PCBTAG:vlan40S：SWBSVI40D：PCBTAG:vlan40ICMPEchoD：SWBGi0/24ICMPEcho

44 –SWD查找MAC地址表，將其從連接PCB的接口轉(zhuǎn)發(fā)出去，同時(shí)剝離TAG

S：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWBSVI40D：PCBICMPEcho VLAN PC ?1.PC的TCP/IP?2.?決定輸出報(bào)文是否攜帶TAG標(biāo)記以及TAG標(biāo)記中的VLANID是多少2 34VLANVLAN1PC5 2、

李 VLAN

VLAN

? ? 每個(gè)運(yùn)行OSPF的路由器都必須有一個(gè)RouterID。?鄰居（Neighbor）：設(shè)備啟動(dòng)OSPF路由協(xié)議后，便會(huì)通過接口向外發(fā)送Hello報(bào)文。收到Hello報(bào)文的其它啟動(dòng)OSPF路由協(xié)議的設(shè)備會(huì)檢查報(bào)文中所定義的一些 OSPFIPPacketOSPFPacketOSPFProtocol OSPF ? ?鄰接路由器之間通過LSU洪泛LSA，通告拓?fù)湫畔?，最終同一個(gè)區(qū)域內(nèi)所有路 ?? ??OSPF ?? ? ?OSPF接口是否啟動(dòng)有 RouterRouter InitRouter TwoTwoWay RouterRouter RouterExchangeALoadingALoadingBFullFullOSPF

2- 路由器之

OSPF ?廣播(Broadcast)?點(diǎn)到點(diǎn)(P2P)PPP、?? ?OSPFOSPF

routerospfrouterospfnetwork55areanetworkarearouterospfnetwork55areanetworkareaS5750-A#shS5750-A#shipCodes:C-connected,S-static,R-RIP,M-mobile,B- isdirectlyconnected,FastEthernet0/0/24issubnetted,3subnets [110/2]via,00:01:44, [110/2]via,00:01:44, [110/2]via,00:01:44,OSPF 查看OSPF協(xié)議狀態(tài)：showipospfS5750-A#shipS5750-A#shipprotocolsRoutingProtocolis"ospf100"OutgoingupdatefilterlistforallinterfacesisnotsetIncomingupdatefilterlistforallinterfacesisnotsetRouterIDNumberofareasinthisrouteris1.1normal0stub0nssaMaximumpath:4Routingfor55area55areaRoutingInformationSources:GatewayDistance LastUpdateDistance:(defaultis S5750-A#shipS5750-A#shipospf Dead OSPF R01#shipospfinterfacefastEthernet0/0.12FastEthernet0/0.12isup,lineprotocolisupInternetAddress/30,Area0ProcessID100,RouterID,NetworkTypeBROADCAST,Cost:1TransmitDelayis1sec,StateDR,Priority1DesignatedRouter(ID),InterfaceaddressBackupDesignatedrouter(ID),InterfaceaddressTimerintervalsconfigured,Hello10,Dead40,Wait40,Retransmitoob-resynctimeout40Helloduein00:00:01Index1/1,floodqueuelength0Next0x0(0)/0x0(0)Lastfloodscanlengthis0,maximumisLastfloodscantimeis0msec,maximumis0msecNeighborCountis1,Adjacentneighborcountis1Adjacentwithneighbor(BackupDesignatedRouter)Suppresshellofor0neighbor(s)OSPFHELLOHELLO報(bào)文中影響OSPF OSPFMTU

李 VLAN 紅VLAN

routerospfrouterospfnetworkareanetwork55area

routerrouterospfnetworkareanetwork55arearouterospfrouterospfnetworkareanetworkareanetworkarearouterospfnetworkareanetworkareanetworkarearouterospfnetworkarearouterospfnetworkareanetworkareanetworkarearouterrouterospfnetworkareanetworkareanetworkareaOSPF

routerospfrouterospfnetwork55areanetworkareainterfaceipaddressipospfcostrouterospfnetwork55areanetworkareaS5750-A#shS5750-A#shipCodes:C-connected,S-static,R-RIP,M-mobile,B- [110/11]via,00:01:44, [110/11]via,00:01:44, [110/11]via,00:01:44,

李 VLAN

VLAN

?控制LSA只在區(qū)域內(nèi)洪泛，有效地把拓?fù)渥兓刂圃趨^(qū)域內(nèi)，拓?fù)涞淖兓绊? OSPF多區(qū)域設(shè)計(jì)雙層層次化（2-layer Area Area AreaAreaAreaAreaArea0為骨干區(qū)域，所有其口屬于Area0 內(nèi)部路由器IR（InternalArea所有接口在同一個(gè)Area ??? ??區(qū)域之間的行為特性是D-V，為了解決區(qū)域之間可能發(fā)生的路由循環(huán),引入一個(gè)特殊的區(qū)域Area0,其它區(qū)域之間要通信，必須通過Area0骨干區(qū)域 ?OSPFAreaAreaAreaOSPF多區(qū)域環(huán)境下LSA類型1LSARouterLSA類型2LSANetworkLSA類型3LSANetworkSummaryLSA類型4ASBR匯總LSAASBRSummaryLSA類型5LSAASExternalLSA類型7NSSA外部LSANSSAExternalLSAOLSAOLSAOLSALSAOE2/OLSAON2/O TypeType=RouterID=NumberofLinksLink1Link2Type=NumberofLinksLink1Link2Link3Type=RouterID=NumberofLinksLink1Link2Link3 Type=SubnetMaskType=SubnetMask=AttachedRouter=AttachedRouter= Type=Mask=Metric=LSA7---NSSAExternal LSA類型7只能在NSSA區(qū)域中洪泛，到達(dá)NSSA區(qū)域ABR后，NSSAABR將其轉(zhuǎn) OSPF Ruijie(config)#routerospf Ruijie(config)#routerospfOSPF OSPF ruijie（config-router）#arearangenot-advertiseruijie（config-router）summary-addressnot-dvertiseOSPF ?? ??OSPF ?? ?? ??OSPF區(qū)域類型與LSAArea

AreaLSA1/2/3

Area

Area

Area 3457骨干區(qū)域(AreaOSPF ABR:Ruijie(config-router)#networkip-addresswildcard-maskarea0stubno- ???路由（LSA）LSA3

External

??? ?OSPF default-informationoriginate?產(chǎn)生的LSA是TYPE5DefaultDefaultrouteDefaultrouteDefaultrouteOSPF ?產(chǎn)生的LSA是TYPE3?STUBorTOTALOSPF ??產(chǎn)生的LSA是TYPE7OSPF ??產(chǎn)生的LSA是TYPE3nssano-nssano-型√55√3√3area*nssadefault-information-7area*nssadefault-information-√7√3 AreaAreaR2/16interfacefipaddressinterfacefipaddressinterfacef3/1ipaddressinterfacefipaddressinterfacefipaddressiprouteiproute!OSPF的配置routerospfOSPFnetwork55areanetwork55areanetwork55areanetwork55areaRouterospfredistributeconnected[subnets][metric-type{1,2}][metricmetric]redistributestatic[subnets][metric-type{1,2}][metricmetric]Routerospfredistributerip[subnets][metricmetric]redistributeconnected[subnets][metricmetric]redistributestatic[subnets][metricmetric]routerredistributeconnected[subnets][metricmetric][metric-type1/2]redistributestatic[subnets][metricmetric][metric-type1/2]略Router(config-route-map)#Router(config-route-map)#matchipaddress{access-list-numbername}[...access-list-number|Router(config-route-map)#Router(config-route-map)#matchlengthminsetipnexthop——setinterfacesetdefaultinterfacesetipdefaultnext-hopsetipnext-hopip-add和setipdefaultnext-matchxyzmatchasetmatchdenyall(If(xoryorz)andthenset(bandc)elseifqthensetelsesetRoute#ShowipRoute#debugip

問題：負(fù)載均衡，無法控制數(shù)據(jù)走R2或Access-list1permitRoute-maptestpermit10Matchipaddress1SetmetricRoute-maptestpermitRouterospfredistributestaticsubnetsroute-mapAccess-list1permitRoute-maptestpermit10Matchipaddress1SetmetricRoute-maptestpermitRouterospfredistributestaticsubnetsroute-mapAddr北京海淀區(qū)復(fù)興路29號(hào)中意鵬奧大廈東塔A座11100036——園區(qū)網(wǎng)出口

它是一個(gè)IETF(InternetEngineeringTaskForce,Internet工程任務(wù)組)標(biāo)IPv4的空間已經(jīng)嚴(yán)重不足，NAT可以大量節(jié)省公網(wǎng)分配給內(nèi)部網(wǎng)絡(luò)中的主機(jī)的IP地址，通常這種地址來自RFC1918指定的私有(config-if)#ipnat{inside|outsideglobal-ip}(config-if)#ipnat{inside|outside(config)#ipnatinsidesourcestatic{tcp|udp}local-iplocal-port(config-if)#ipnat(config-if)#ipnat(config)#ipnatinsidesourcesta