1 / 25

交换和 VLAN Switching and VLAN

交换和 VLAN Switching and VLAN. 深圳职业技术学院计算机系网络专业. 教学目标( Objectives ). 1. 交换机学习主机地址 ( Switche Learn Host Address ) 2. 两种交换方法( Two Switching Methods ) 3. 配置端口安全( Configuring Port Security ) 4. 密码破解( Password Recovery ) 5. VLAN 操作( VLAN Operations ) 6. 配置和验证静态 VLAN

lester-melendez
Télécharger la présentation

交换和 VLAN Switching and VLAN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 交换和VLANSwitching and VLAN 深圳职业技术学院计算机系网络专业

  2. 教学目标( Objectives) • 1. 交换机学习主机地址 (Switche Learn Host Address) • 2. 两种交换方法(Two Switching Methods) • 3. 配置端口安全(Configuring Port Security) • 4.密码破解(Password Recovery) 5. VLAN操作(VLAN Operations) • 6.配置和验证静态VLAN • (Configuring and Verifying Static VLANs)

  3. 地址学习(Address learning) 决定转发或过滤(Forward/filter decision) 避免环路(Loop avoidance) 交换机三种功能(Three Switch Functions)

  4. 交换机学习主机地址 (Switche Learn Host Address) MAC address table A B 0260.8c01.1111 0260.8c01.3333 E0 E1 E2 E3 C D 0260.8c01.2222 0260.8c01.4444 • 初始MAC地址表是空的 • Initial MAC address table is empty

  5. 交换机学习主机地址 (Switche Learn Host Address) MAC address table E0: 0260.8c01.1111 A B 0260.8c01.1111 0260.8c01.3333 E0 E1 C D E2 E3 0260.8c01.2222 0260.8c01.4444 • A向C发送帧(Station A sends a frame to Station C) • 交换机将A的MAC地址和其对应的接口E0放入MAC地址表 • Switch caches station A MAC address to port E0 by learning the source address of data frames • 该帧向除了E0接口的所有接口泛洪 • The frame from station A to station C is flooded out to all ports except port E0

  6. 交换机学习主机地址 (Switche Learn Host Address) MAC address table E0: 0260.8c01.1111 E3: 0260.8c01.4444 A B 0260.8c01.1111 0260.8c01.3333 E0 E1 E2 E3 C D 0260.8c01.2222 0260.8c01.4444 • D向C发送帧(Station D sends a frame to station C) • 交换机将D的MAC地址和其对应的接口E3放入MAC地址表 • Switch caches station D MAC address to port E3 by learning the source Address of data frames • 该帧向除了E3接口的所有接口泛洪 • The frame from station D to station C is flooded out to all ports except port E3 (unknown unicasts are flooded)

  7. 交换机过滤帧( Switches Filter Frames) MAC address table E0: 0260.8c01.1111 E2: 0260.8c01.2222 E1: 0260.8c01.3333 A B E3: 0260.8c01.4444 0260.8c01.1111 0260.8c01.3333 E0 E1 X X D C E2 E3 0260.8c01.2222 0260.8c01.4444 • A向C发送帧 • Station A sends a frame to station C • 目的地址已知,帧不被泛洪 • Destination is known, frame is not flooded

  8. 两种交换方法(Two Switching Methods)

  9. 存储转发特征(Store-and-forwardFeature) • 1. 在转发之前整个帧被接收 • The entire frame is received before any forwarding takes place. • 2.由于交换开始之前要接收完整帧,较大的数据帧延迟较大 • Latency is greater with larger frames because the entire frame must be received before the switching process begins.

  10. 直通特征(Cut-throughFeature) • 1.在接收完整帧之前,帧就被转发。 • The frame is forwarded through the switch before the entire frame is received. • 2.最快的是只要读到目的地址就转发。 • At a minimum the frame destination address must be read before the frame can be forwarded. • 3.这种模式降低了延迟,但是不进行检错 • This mode decreases the latency of the transmission, but also reduces error detection.

  11. 直通分类(Cut-through Class) • 一、快速转发(Fast-forward) • 1.快速转发提供了最低的延迟 • Fast-forward switching offers the lowest level of latency. • 2.只要读到目的地址,就立刻转发 • Fast-forward switching immediately forwards a packet after reading the destination address.

  12. 直通分类(Cut-through Class) • 二、Fragment-free  (无碎片方式) • 1.无碎片方式在转发之前过滤掉碰撞碎片Fragment-free switching filters out collision fragments before forwarding begins. • 2.无碎片方式在转发之前要读到帧的前64字节 • Fragment-free switching waits until the packet is determined not to be a collision fragment(>64bytes) before forwarding

  13. 配置SVI地址(Configuring SVI Address) • Switch(config)#interface vlan 1 • Switch(config-if)#ip address 10.1.1.1 255.255.255.0 • Switch(config-if)#no shutdown

  14. 配置端口安全(Configuring Port Security) • Switch(config)#int f0/1 • Switch(config-if)#switchport mode access • Switch(config-if)#switchport port-security • Switch(config-if)#switchport port-security mac-address 0060.6700.dd5b • Switch(config-if)#switchport port-security violation restrict • Switch#sh port-security • Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action • (Count) (Count) (Count) • ------------------------------------------------------------------------------- • Fa0/1 132 1 0 Restrict

  15. 密码破解(Password Recovery) • 1. 拔掉电源(Unplug the power cable) • 2.按下mode按钮(hold down the mode button) • 3.输入flash_init (type flash_init) • 4.执行dir flash: (type dir flash:) • 5.重命名配置文件 • (rename flash:config.text flash:config.old) • 6.启动(Boot) • 7.在进入setup模式提示下输入N • (enter N at the prompt to start the setup program.)

  16. 密码破解(Password Recovery) • 8. 进入特权模式(switch>enable) • 9. 重命名配置文件 • (rename flash:config.old flash:config.text) • 10. 将配置文件拷贝到RAM中运行 • (copy flash:config.text system:running-config) • 11.修改密码 (enable password cisco) • 12.存盘(write) • 13.重启(reload)

  17. VLAN预览(VLAN Overview) • 分段Segmentation • 灵活 • Flexibility • 安全 • Security 3rd floor 2nd floor 1st floor SALES HR ENG 1 VLAN =1广播域=1逻辑子网 A VLAN = A broadcast domain = Logical network (subnet)

  18. Switch A Red VLAN Black VLAN Green VLAN VLAN操作(VLAN Operations) • 每一个逻辑的VLAN就像一个独立的物理网桥 • Each logical VLAN is like a separate physical bridge

  19. Switch A Red VLAN Black VLAN Green VLAN VLAN操作(VLAN Operations) Switch B Red VLAN Black VLAN Green VLAN • 同一个VLAN可以跨越多个交换机 • VLANs can span across multiple switches

  20. Switch A Red VLAN Black VLAN Green VLAN VLAN操作(VLAN Operations) Switch B Trunk Fast Ethernet Red VLAN Black VLAN Green VLAN • TRUNK链路携带多个VLAN的数据 • Trunks carries traffic for multiple VLANs • Trunks利用特定的封装来识别不同的VLAN • Trunks use special encapsulation to distinguish between different VLANs

  21. VLAN成员模式(VLAN Membership Modes) 静态VLAN (Static VLAN) 动态VLAN(Dynamic VLAN) Trunk Port e0/4 Port e0/9 VLAN5 VLAN10 VMPS 1111.1111.1111 = vlan 10 MAC = 1111.1111.1111

  22. 配置静态VLAN (Configuring Static VLANs) • 1.创建VLAN (create the VLAN) • Switch#vlan databaseSwitch(vlan)#vlan vlan_numberSwitch(vlan)#exit • 2.将接口指定到VLAN中 • assign the VLAN to one or more interfaces : • Switch(config)#interface fastethernet 0/9Switch(config-if)#switchport access vlan vlan_number

  23. 配置静态VLAN实例(Configuring Static VLANs Example) • Switch(config)#int f0/2 • Switch(config-if)#switchport mode access • Switch(config-if)#switchport access vlan 2 • Switch(config-if)#int f0/3 • Switch(config-if)#switchport mode access • Switch(config-if)#switchport access vlan 3 • Switch(config-if)#end • Switch#vlan database • Switch(vlan)#vlan 2 name v2 • VLAN 2 added: • Name: v2 • Switch(vlan)#vlan 3 name v3 • VLAN 3 added: • Name: v3 • Switch(vlan)#vlan 4 name v4 • VLAN 4 modified: • Name: v4 • Switch(vlan)#no vlan 4 • Deleting VLAN 4... • Switch(vlan)#exit • APPLY completed. • Exiting....

  24. 验证静态VLAN配置(Verifying Static VLANs Configuration) • Switch#sh vlan brie • VLAN Name Status Ports • ---- -------------------------------- --------- ------------------------------- • 1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6 • Fa0/7, Fa0/8, Fa0/9, Fa0/10 • Fa0/11, Fa0/12 • 2 v2 active Fa0/2 • 3 v3 active Fa0/3 • 1002 fddi-default active • 1003 token-ring-default active • 1004 fddinet-default active • 1005 trnet-default active • Switch#

  25. 思考题(Questions) • 1. 交换机三种主要的功能是什么? • 2. 交换机怎样学习主机地址? • 3. 什么是存储转发? • 4. 什么是快速转发? • 5. 什么是无碎片方式转发? • 6. 简述交换机密码破解的步骤? • 7. 什么是VLAN?

More Related