配置静态VLAN

Download Report

Transcript 配置静态VLAN 

交换和VLAN
Switching and VLAN
深圳职业技术学院计算机系网络专业
© 2006, Shenzhen Polytechnic, All rights reserved.
1
教学目标( Objectives )
1. 交换机学习主机地址
(Switche Learn Host Address)
2. 两种交换方法(Two Switching Methods)
3. 配置端口安全(Configuring Port Security)
4.密码破解(Password Recovery)
5. VLAN操作(VLAN Operations)
6.配置和验证静态VLAN
(Configuring and Verifying Static VLANs)
© 2006, By Shenzhen Polytechnic. All rights reserved.
2
交换机三种功能
(Three Switch Functions )
• 地址学习(Address learning)
• 决定转发或过滤(Forward/filter decision)
• 避免环路(Loop avoidance)
© 2006, By Shenzhen Polytechnic. All rights reserved.
3
交换机学习主机地址
(Switche Learn Host Address)
MAC address table
A
0260.8c01.1111
C
B
E0
E1
E2
E3
0260.8c01.2222
0260.8c01.3333
D
0260.8c01.4444
• 初始MAC地址表是空的
• Initial MAC address table is empty
© 2006, By Shenzhen Polytechnic. All rights reserved.
4
交换机学习主机地址
(Switche Learn Host Address)
MAC address table
E0: 0260.8c01.1111
A
0260.8c01.1111
C
B
E0
E1
E2
E3
0260.8c01.2222
0260.8c01.3333
D
0260.8c01.4444
• A向C发送帧(Station A sends a frame to Station C)
• 交换机将A的MAC地址和其对应的接口E0放入MAC地址表
• Switch caches station A MAC address to port E0 by learning
the source address of data frames
• 该帧向除了E0接口的所有接口泛洪
• The frame from station A to station C is flooded out to all
ports except port E0
© 2006, By Shenzhen Polytechnic. All rights reserved.
5
交换机学习主机地址
(Switche Learn Host Address)
MAC address table
E0: 0260.8c01.1111
E3: 0260.8c01.4444
A
B
0260.8c01.1111
E0
E2
C
0260.8c01.2222
E1
E3
0260.8c01.3333
D
0260.8c01.4444
• D向C发送帧(Station D sends a frame to station C)
• 交换机将D的MAC地址和其对应的接口E3放入MAC地址表
• Switch caches station D MAC address to port E3 by learning the
source Address of data frames
• 该帧向除了E3接口的所有接口泛洪
• The frame from station D to station C is flooded out to all ports
© 2006, By Shenzhen Polytechnic. All rights reserved
except port E3 (unknown unicasts are flooded)
.
6
交换机过滤帧( Switches Filter Frames)
MAC address table
A
0260.8c01.1111
C
E0:
E2:
E1:
E3:
E0
E2
0260.8c01.1111
0260.8c01.2222
0260.8c01.3333
0260.8c01.4444
B
E1
X
X
0260.8c01.2222
0260.8c01.3333
D
E3
0260.8c01.4444
• A向C发送帧
• Station A sends a frame to station C
• 目的地址已知,帧不被泛洪
• Destination is known, frame is not flooded
© 2006, By Shenzhen Polytechnic. All rights reserved.
7
两种交换方法(Two Switching Methods)
© 2006, By Shenzhen Polytechnic. All rights reserved.
8
存储转发特征(Store-and-forward Feature)
1. 在转发之前整个帧被接收
The entire frame is received before any
forwarding takes place.
2.由于交换开始之前要接收完整帧,较大的数据
帧延迟较大
Latency is greater with larger frames
because the entire frame must be received
before the switching process begins.
© 2006, By Shenzhen Polytechnic. All rights reserved.
9
直通特征(Cut-through Feature)
1.在接收完整帧之前,帧就被转发。
The frame is forwarded through the switch before
the entire frame is received.
2.最快的是只要读到目的地址就转发。
At a minimum the frame destination address must
be read before the frame can be forwarded.
3.这种模式降低了延迟,但是不进行检错
This mode decreases the latency of the
transmission, but also reduces error detection.
© 2006, By Shenzhen Polytechnic. All rights reserved.
10
直通分类(Cut-through Class)
一、快速转发(Fast-forward )
1.快速转发提供了最低的延迟
Fast-forward switching offers the lowest
level of latency.
2.只要读到目的地址,就立刻转发
Fast-forward switching immediately
forwards a packet after reading the
destination address.
© 2006, By Shenzhen Polytechnic. All rights reserved.
11
直通分类(Cut-through Class)
二、Fragment-free (无碎片方式)
1.无碎片方式在转发之前过滤掉碰撞碎片
Fragment-free switching filters out collision
fragments before forwarding begins.
2.无碎片方式在转发之前要读到帧的前64字节
Fragment-free switching waits until the
packet is determined not to be a collision
fragment(>64bytes) before forwarding
© 2006, By Shenzhen Polytechnic. All rights reserved.
12
配置SVI地址(Configuring SVI Address)
Switch(config)#interface vlan 1
Switch(config-if)#ip address 10.1.1.1
255.255.255.0
Switch(config-if)#no shutdown
© 2006, By Shenzhen Polytechnic. All rights reserved.
13
配置端口安全(Configuring Port Security)
Switch(config)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security macaddress 0060.6700.dd5b
Switch(config-if)#switchport port-security violation
restrict
Switch#sh port-security
Secure Port
MaxSecureAddr CurrentAddr SecurityViolation
Security Action
(Count)
(Count)
(Count)
------------------------------------------------------------------------------Fa0/1
132
1
0
Restrict
© 2006, By Shenzhen Polytechnic. All rights reserved.
14
密码破解(Password Recovery)
1. 拔掉电源(Unplug the power cable)
2.按下mode按钮(hold down the mode button)
3.输入flash_init (type flash_init)
4.执行dir flash: (type dir flash:)
5.重命名配置文件
(rename flash:config.text flash:config.old)
6.启动(Boot)
7.在进入setup模式提示下输入N
(enter N at the prompt to start the setup program.)
© 2006, By Shenzhen Polytechnic. All rights reserved.
15
密码破解(Password Recovery)
8. 进入特权模式(switch>enable)
9. 重命名配置文件
(rename flash:config.old flash:config.text)
10. 将配置文件拷贝到RAM中运行
(copy flash:config.text system:runningconfig)
11.修改密码 (enable password cisco)
12.存盘(write)
13.重启(reload)
© 2006, By Shenzhen Polytechnic. All rights reserved.
16
VLAN预览(VLAN Overview)
• 分段
Segmentation
3rd floor
• 灵活
• Flexibility
2nd floor
1st floor
SALES
HR
ENG
• 安全
• Security
1 VLAN =1广播域=1逻辑子网
A VLAN = A broadcast domain = Logical network (subnet)
© 2006, By Shenzhen Polytechnic. All rights reserved.
17
VLAN操作(VLAN Operations)
Switch A
Red
VLAN
Black
VLAN
Green
VLAN
• 每一个逻辑的VLAN就像一个独立的物理网桥
• Each logical VLAN is like a separate physical bridge
© 2006, By Shenzhen Polytechnic. All rights reserved.
18
VLAN操作(VLAN Operations)
Switch A
Red
VLAN
Black
VLAN
Switch B
Green
VLAN
Red
VLAN
Black
VLAN
Green
VLAN
• 同一个VLAN可以跨越多个交换机
• VLANs can span across multiple switches
© 2006, By Shenzhen Polytechnic. All rights reserved.
19
VLAN操作(VLAN Operations)
Switch A
Switch B
Trunk
Fast Ethernet
Red
VLAN
•
•
•
•
Black
VLAN
Green
VLAN
Red
VLAN
Black
VLAN
Green
VLAN
TRUNK链路携带多个VLAN的数据
Trunks carries traffic for multiple VLANs
Trunks利用特定的封装来识别不同的VLAN
Trunks use special encapsulation to distinguish
between different VLANs
© 2006, By Shenzhen Polytechnic. All rights reserved.
20
VLAN成员模式(VLAN Membership Modes)
静态VLAN (Static VLAN)
动态VLAN(Dynamic VLAN)
Trunk
Port e0/4
VLAN5
Port e0/9
VLAN10
VMPS
1111.1111.1111 = vlan 10
MAC = 1111.1111.1111
© 2006, By Shenzhen Polytechnic. All rights reserved.
21
配置静态VLAN (Configuring Static VLANs)
1.创建VLAN (create the VLAN )
Switch#vlan database
Switch(vlan)#vlan vlan_number
Switch(vlan)#exit
2.将接口指定到VLAN中
assign the VLAN to one or more interfaces :
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport access vlan
vlan_number
© 2006, By Shenzhen Polytechnic. All rights reserved.
22
配置静态VLAN实例
(Configuring Static VLANs Example)
Switch#vlan database
Switch(vlan)#vlan 2 name v2
VLAN 2 added:
Name: v2
Switch(vlan)#vlan 3 name v3
VLAN 3 added:
Name: v3
Switch(vlan)#vlan 4 name v4
VLAN 4 modified:
Name: v4
Switch(vlan)#no vlan 4
Deleting VLAN 4...
Switch(vlan)#exit
APPLY completed.
Exiting....
© 2006, By Shenzhen Polytechnic. All rights reserved.
Switch(config)#int f0/2
Switch(config-if)#switchport mode
access
Switch(config-if)#switchport access
vlan 2
Switch(config-if)#int f0/3
Switch(config-if)#switchport mode
access
Switch(config-if)#switchport access
vlan 3
Switch(config-if)#end
23
验证静态VLAN配置
(Verifying Static VLANs Configuration)
Switch#sh vlan brie
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1 default
active Fa0/1, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12
2 v2
active Fa0/2
3 v3
active Fa0/3
1002 fddi-default
active
1003 token-ring-default
active
1004 fddinet-default
active
1005 trnet-default
active
Switch#
© 2006, By Shenzhen Polytechnic. All rights reserved.
24
思考题(Questions)
1. 交换机三种主要的功能是什么?
2. 交换机怎样学习主机地址?
3. 什么是存储转发?
4. 什么是快速转发?
5. 什么是无碎片方式转发?
6. 简述交换机密码破解的步骤?
7. 什么是VLAN?
© 2006, By Shenzhen Polytechnic. All rights reserved.
25