技术忠诚于每个人

现阶段学习web基础,主要关注点在web安全方向,如果文章发现错误或有疑议,欢迎讨论...

WEB学习第十二天
一、交换相关知识点
1,VLAN(虚拟局域网)
奥义:一个VLAN = 一个逻辑子网 = 一个广播域
1)未实施VLAN
a,大量的广播流量消耗网络资源
b,不利于管理和维护
c,可能因为某一终端设备的故障把威胁蔓延整个网络
d,不方便策略的实施

2)实施VLAN
a,把大的广播域划分成若干个小的广播(减少了广播流量 减少对网络资源的消耗)
b,有利于网管人员对网络进行管理和维护
c,把威胁控制在一定范围内
d,有利于各种策略的实施
e,有限的安全保障(默认不同VLAN-ID之间的流量是不能够互相通讯的)

3)VLAN的配置方式

a,VLAN数据直接定义
show VLAN brief --------查看VLAN表
任何思科IOS交换机都有一个系统默认的VLAN-ID(VLAN 1)
VLAN1是不能够被删除和修改的并且默认情况下交换机所有的接口皆处于VLAN1中
#vlan datebase --------在特权模式下进入VLAN数据库
(vlan)#vlan 2 name CCIE ------配置VLAN-ID并为VLAN命名
exit -------退出并保存
#



b,全局配置
(config)#vlan 3 ------定义 vlan-id
(config-vlan)#name ccie ------给VLAN3命名
exit ------退出并保存(vlan数据库下)

4)交换机接口指派到VLAN-ID中
独立处理:
interface Ethernet0/1
switchport mode access -----第一步,设置接口模式为访问接口
switchport access vlan 2 ------第二步,把接口指派到对应的VLAN-ID
批量处理:
(config) #interface range e0/1 - 2
(config - if -)#switchport mode access
(config - if -)#switchport access vlan 2

补:
创建vlan的个数是要看交换机平台(IOS/平台)
5)实验
拓扑
 
 
 
配置:
**************************SW1*********************
interface Ethernet0/1
 switchport access vlan 2
 switchport mode access
interface Ethernet0/2
 switchport access vlan 2
 switchport mode access
 
SW1#show mac address-table dynamic
          Mac Address Table
-------------------------------------------
 
Vlan     Mac Address       Type        Ports
----         -----------         --------    -----
   2    aabb.cc00.3100    DYNAMIC     Et0/1
   2    aabb.cc00.4100    DYNAMIC     Et0/2
Total Mac Addresses for this criterion: 2
 
SW1#show vlan brief
 
VLAN Name                        Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Et0/0, Et0/3
2    test                                active    Et0/1, Et0/2
 
 
SW1#show interfaces e0/1 switchport
Name: Et0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 2 (test)
 
2trunk 链路
作用:承载所有的VLAN
vlan的个数:4096个 (2^12---VLAN-ID字段就有12bit
其中:04095被保留
可用:1--4094
以太网:1-1001  1006-4094
FDDI/token-ring:1002-1005
 
 
 
 
 
 
1)封装
aISL(交换机间链路---思科私有)
b802.1Qdot1q
 
 
 
2)配置trunk链路
拓扑:
 
 
 
 
SW1(config-if)#switchport trunk encapsulation ?  --第一步,定义封装类型
  dot1q      Interface uses only 802.1q trunking encapsulation when trunking
  isl             Interface uses only ISL trunking encapsulation when trunking
  negotiate  Device will negotiate trunking encapsulation with peer on
             interface
SW1(config-if)#switchport mode trunk  ---第二步,定义接口模式trunk
 
查看trunk链路(接口)状态:
SW1#show interfaces e0/3 trunk
 
Port        Mode         Encapsulation     Status        Native vlan
Et0/3       on               802.1q              trunking      1
 
Port        Vlans allowed on trunk
Et0/3       1-4094
 
Port        Vlans allowed and active in management domain
Et0/3       1-2
 
Port        Vlans in spanning tree forwarding state and not pruned
Et0/3       1-2
 
SW2#show interfaces trunk
 
Port        Mode             Encapsulation  Status        Native vlan
Et0/3       auto             n-802.1q       trunking      1
 
Port        Vlans allowed on trunk
Et0/3       1-4094
 
Port        Vlans allowed and active in management domain
Et0/3       1-2
 
Port        Vlans in spanning tree forwarding state and not pruned
Et0/3       1-2
 
SW2#sh int e0/3 switchport
Name: Et0/3
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
 
3native vlan(本征VLAN
作用:传递必须的2层协议---CDP/BPDU/STP等等
思科的IOS交换设备默认的NATIVE-VLANVLAN 1
默认,native vlan 穿越trunk链路是不打tag(标签)的!
安全角度考虑,强烈建议修改native vlanIDNative vlan 一定要一致)
 
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (1), with Switch FastEthernet0/1 (999).
Vlan 999
!
interface Ethernet0/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 999 ---修改默认的native vlan
 switchport mode trunk
 
SW1#sh int e0/3 switchport
Name: Et0/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 999 (native)
 
SW2#sh int e0/3 switchport
Name: Et0/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
 
42层环路
当考虑到2层冗余的时候,可能会出现桥接环路
 
 
 
影响:
a,广播风暴
b,多帧的复制
cMAC地址表的翻滚(不稳定)
 
解决方案:
STP(生成树协议)
作用:保障2层冗余的前提下抑制环路的产生!
 
 
 
行为:把“次优”路径上的某个接口置为block(阻塞)状态
 
 
 
 
作业:
1VLAN
a,概念
b,配置
2trunk
a,作用
b,配置
Native vlan
32层桥接环路的产生以及解决方案


作业实现需求:
R2放置在vlan3中被隔离
R1-R3-R4能ping通





阅读更多
个人分类: web.5网络学习
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

不良信息举报

WEB学习第十二天

最多只允许输入30个字

加入CSDN,享受更精准的内容推荐,与500万程序员共同成长!
关闭
关闭