ccna9交换机及交换技术

,编辑母版标题样式,*,*,交换机及交换技术,第二层交换机的交换功能,第二层交换机的交换功能,LAN,交换机的工作方式,基本交换原理,冗余拓扑,生成树协议,VLAN,9/16/2024,1,第二层交换机的交换功能,Address learning,Forward/filter decision,Loop avoidance,9/16/2024,2,LAN,交换机的工作方式,Cut-Through,Switch checks destination address and immediately begins forwarding frame.,Fragment-Free,（,碎片丢弃）,Switch checks the first 64 bytes, then immediately begins forwarding frame.,Store and Forward,Complete frame is received and checked before forwarding.,9/16/2024,3,基本交换原理-,MAC,地址表,Initial MAC address table is empty.,9/16/2024,4,基本交换原理-,地址学习,Station A sends a frame to station C.,Switch caches the MAC address of station A to port E0 by learning the source address of data frames.,The frame from station A to station C is flooded out to all ports except port E0 (unknown unicasts are flooded).,9/16/2024,5,基本交换原理-,地址学习（续）,Station D sends a frame to station C.,Switch caches the MAC address of station D to port E3 by learning the source address of data frames.,The frame from station D to station C is flooded out to all ports except port E3 (unknown unicasts are flooded).,9/16/2024,6,基本交换原理-,过滤,Station A sends a frame to station C.,Destination is known; frame is not flooded.,9/16/2024,7,基本交换原理-,过滤（续）,Station A sends a frame to station B.,The switch has the address for station B in the MAC address table.,9/16/2024,8,基本交换原理-,广播与多播,Station D sends a broadcast or multicast frame.,Broadcast and multicast frames are flooded to all ports other than the originating port.,9/16/2024,9,冗余拓扑,Redundant topology eliminates single points of failure.,Redundant topology causes broadcast storms, multiple frame copies, and MAC address table instability problems.,9/16/2024,10,冗余拓扑,-,广播风暴,Host X sends a broadcast.,Switches continue to propagate broadcast traffic over and over.,9/16/2024,11,冗余拓扑,-,多帧复制,Host X sends a unicast frame to router Y.,MAC address of router Y has not been learned by either switch yet.,Router Y will receive two copies of the same frame.,9/16/2024,12,冗余拓扑,-,MAC,地址表不稳定,Host X sends a unicast frame to router Y.,MAC address of router Y has not been learned by either switch.,Switches A and B learn the MAC address of host X on port 0.,The frame to router Y is flooded.,Switches A and B incorrectly learn the MAC address of host X on port 1.,9/16/2024,13,冗余拓扑-,总结,Bridged and switched networks are commonly designed with redundant links and devices, which can introduce problems, such as broadcast storms, multiple frame transmission, and MAC database instability.,A broadcast storm is when each switch on a redundant network floods broadcast frames endlessly.,In a redundant topology, multiple copies of the same frame can arrive at the intended host, potentially causing problems with the receiving protocol.,MAC database instability results when multiple copies of a frame arrive on different ports of a switch.,9/16/2024,14,生成树协议-,原理,生成树协议(,Spanning Tree Protocol-STP) ，,两个标准：,802.1,D、802.1w。,生成树协议(802.1,D),的目的是在保证提供冗余链路的前提下避免产生环路。,如何实现？,交换机必须能够相互了解它们之间的连接情况，为了让其他的交换机知道它的存在，每台交换机向网络中,BPDU(Bridge protocol data unit),的数据帧，如果某台交换机能够从两条或多条链路上收到同一台交换机的,BPDU，,则说明它们之间存在着冗余路径，就会产生环路。当存在环路时，交换机则使用生成树算法选择一条链路传递数据，并把某些相关的端口置于阻塞(,Blocking),状态以将其他的链路虚拟地断开，一旦当前正在使用的链路出现故障，就会把某个阻塞的端口打开以接替原来的链路工作。,9/16/2024,15,生成树协议-,术语,根桥：,桥,ID,最低。网络中，所有决定（如哪一个端口要被阻塞，哪一个端口要被置为转发模式）都是根据根桥的判断来做出选择。,BPDU：,交换机之间交换的信息，利用这些信息选出根交换机以及进行网络的后续配置。,桥,ID：,利用它来跟踪网络中的所有交换机。由桥优先级(在所有的,Cisco,交换机上，默认的优先级为32768)和基本,MAC,地址的结合来决定的。在网络中，桥,ID,最低的为根桥。,根端口：指直接连到根桥的链路所在的端口，或者到根桥的路径最短的端口。如果有多条链路连接到根桥，就通过检查每条链路的带宽来决定端口的开销，开销最低的端口就成为根端口。,指定端口：根端口或者有最低开销的端口就是指定端口，指定端口被标记为转发端口，能够转发帧。,端口开销：取决于链路的带宽。,非指定端口：将被置为阻塞状态，不能转发帧,9/16/2024,16,生成树协议-,生成树端口状态,阻塞：,被阻塞的端口将不能转发帧，它只是监听,BPDU。,默认情况下所有的端口都处于阻塞状态。,监听：端口都监听,BPDU，,以确信在传送数据帧之前，网络上没有环路产牛。处在监听状态的瑞口在没有形成,MAC,地址表时就准备转发数据帧。,学习：交换机端口监听,BPDU，,并学习交换式网络中的所有路径。处在学习状态的端口形成了,MAC,地址表但不能转发数据帧。,转发：处在转发状态的端口发送或接收所有数据帧。如果学习状态纳束时，端口仍处在指正端口或根瑞口，它就进入转发状态。,禁用：不工作,9/16/2024,17,生成树协议-,执行过程,在,同一网络内（广播域范围内）选举一台交换机为根桥（,Root),在每个非根桥的交换机上选举根端口(,Root Port),在,每个网段上选举指定端口,落选的端口进入阻塞状态,9/16/2024,18,生成树协议-,执行过程-,选举根桥,Root bridge = Bridge with the lowest bridge ID,Bridge ID =,In the example, which switch has the lowest bridge ID?,9/16/2024,19,生成树协议-,执行过程-,选举根端口、指定端口,选举根端口：比较从各端口到达根桥的路径花费，最小的为根端口,选举指定端口：比较网段中各端口到达根桥的路径花费，最小的为,指定端口,路径花费相同则比较转发根桥,BPDU,的,交换机,ID；,如,ID,同，比较端口优先级，如端口优先级同，比较端口,ID,9/16/2024,20,生成树协议-,例,选举根桥,选举根端口,选举指定端口,9/16/2024,21,VLAN,虚拟网络建立在局域网交换机之上;,VLAN,是一个广播域，,是,由一些局域网网段构成的与物理位置无关的逻辑组;,以软件方式实现对逻辑工作组的划分与管理;,一个逻辑工作组的结点可以分布在不同的物理网段上，但它们之间的通信就像在同一个物理网段上一样;,一个,VLAN,就好像是一个孤立的网段，,VLAN,间不能直接通信，实现,VLAN,间互联必须借助于路由器(或具有三层交换功能的交换机）。,9/16/2024,22,VLAN,Segmentation,Flexibility,Security,A VLAN = A Broadcast Domain = Logical Network (Subnet),9/16/2024,23,VLAN,分类,根据使用和管理,VLAN,的不同情况，,VLAN,分为两种：,静态,VLAN,和动态,VLAN。,9/16/2024,24,VLAN,分类（续）,静态,VLAN，,基于瑞口的,VLAN，,因为用户的主机属于哪个,VLAN,是根据交换机的端口属于哪个,VLAN,而定的。网络管理员首先把端口分配到不同的,VLAN,内，根据规划把用户的主机与相应的端口相连，这样就把用户分配到了对应的,VLAN,内。,动态,VLAN。,动态,VLAN,的实现方法有多种，最普通的实现方法是基于,MAC,地址的动态,VLAN。,基于,MAC,地址的动态,VLAN,需要一台,VMPS(VLAN Membership Policy Server)， VMPS,可以是一台具有该功能的交换机(如,catdyst,5000,交换机)或是一台外部服务器，,VMPS,中维护着,MAC,地址与,VLAN,的对应关系表。,需要把交换机的端口设置为支持动态,VLAN,属性的端口。,当交换机的支持动态,VLAN,的端口接收到数据帧时，通过使用该数据帧的源,MAC,地址查询,VMPS，,从而建立起端口与,VLANN,的对应关系。,9/16/2024,25,VLAN,标记技术,VLAN,可以跨越多台交换机，？两个问题，物理通道的问题、区分不同,VLAN,数据的问题。,一个物理通道，但对来自不同,VLAN,的数据进行标记。这条通道上就承载看多个,VLAN,的数据，这样的链路称为,trunk(,干道).,Trunk,链路是通过在交换机上设置,trunk,端口，并把它们连起来。,以太网中两种标记技术：,CISCO,的,ISL(inter-switch link),和,IEEE802.1Q,9/16/2024,26,VLAN,标记技术-,802.1,Q,Trunking,9/16/2024,27,VLAN,标记技术-,802.1,Q Frame,9/16/2024,28,VLAN1-,负责管理的,VLAN,9/16/2024,29,VLAN,标记技术-,ISL,封装,9/16/2024,30,VLAN,标记技术-,ISL,封装,Performed with ASIC,Not intrusive to client stations; ISL header not seen by client,Effective between switches, and between routers and switches,9/16/2024,31,VLAN,中继协议,VLAN,技术独立于地理位置根据工作组或业务类型组织网络资源。,？管理的不便（如,VLAN,跨交换机，则该交换机须配置,VLAN），,易生成网络网络规划的不一致。,解决办法：,Cisco,的,VLAN,中继协议(,VLAN Trunk Protocol),VTP:,A messaging system that advertises VLAN configuration information,Maintains VLAN configuration consistency throughout a common,administrative domain,Sends advertisements on trunk ports only,9/16/2024,32,VLAN,中继协议-,VTP,模式,Forwards advertisements,Synchronizes,Not saved in NVRAM,Creates VLANs,Modifies VLANs,Deletes VLANs,Sends/forwards advertisements,Synchronizes,Saved in NVRAM,Creates VLANs,Modifies VLANs,Deletes VLANs,Forwards advertisements,Does not synchronize,Saved in NVRAM,9/16/2024,33,VLAN,中继协议-,VTP,操作,VTP advertisements are sent as multicast frames.,VTP servers and clients are synchronized to the latest revision number.,VTP advertisements are sent every 5 minutes or when there is a change.,（revision number:,修订号，越高则通告的,VLAN,信息越新，通告通过,VLAN1,传输）,9/16/2024,34,VLAN,中继协议-,VTP,修剪,Increases available bandwidth by reducing unnecessary flooded traffic,Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN,9/16/2024,35,跨,VLAN,通信,VLAN,间的通信需要路由器作为中间设备,如何通信，路由器作为缺省网关，两种办法：外部路由器、使用具有三层交换功能的交换机,9/16/2024,36,跨,VLAN,通信-,子接口,物理接口,FastEthernet,0/0,可被划分成多个子接口。,9/16/2024,37,跨,VLAN,通信-,ISL TRUNK,9/16/2024,38,跨,VLAN,通信-,802.1,Q TRUNK,9/16/2024,39,跨,VLAN,通信-,内部路由方法,使用一台具有三层交换功能的交换机。,2层和三层的功能集成在一起，无需外部路由器,虚拟的具有第三层功能的接口与每一个,VLAN,相连，为跨,VLAN,的通信提供服务,10个,VLAN，3550,承担,VLAN,间通信,3550和路由器相连,Valn1vlan10,的地址为：10.10.1.010.10.10.0/24,3550的,f0/1,端口地址：10.10.11.2/24,路由器的,f0/1,端口地址：10.10.11.2/24,Internet,F0/1,F0/1,trunk,trunk,trunk,3550,VLAN110,9/16/2024,40,跨,VLAN,通信-,内部路由方法,Internet,F0/1,F0/1,trunk,trunk,trunk,3550,VLAN110,3550配置,打开,IP,路由,Switch3550(,config,)#,ip,routing,Show,vlan,命令，确认3550有110号,vlan,为每个,vlan,设置虚拟接口，并配置,IP,地址,Switch3550(,config,)#interface Vlan2,Switch3550(,config,-if)#,ip,address 10.10.2.1 255.255.255.0,Switch3550(,config,-if)#no shut,把,f0/1,接口设为路由器接口并配置,IP,地址,Switch3550(,config,)#interface,Fa,0/1,Switch3550(,config,-if)#no,switchport,Switch3550(,config,-if)#,ip,address 10.10.11.2 255.255.255.0,Switch3550(,config,-if)#no shut,为访问,Internet,设置默认路由,Switch3550(,config,)#,ip,route 0.0.0.0 0.0.0.0 10.10.11.1,9/16/2024,41,配置示例互联网络中的交换,Host 1,F0/27,F0/26,F0/2,F0/3,F0/0,s0/0,DCE,s0/0,F0/0,192.168.40. 0,F0/2,F0/3,F0/4,F0/5,F0/4,F0/5,Lab A,Lab B,Lab C,192.168.50. 0,192.168.30. 0,192.168.20. 0,192.168.10. 0,s0/1,DCE,s0/0,F0/0,F0/1,路由,器 网络地址 接口 地址,Lab_A 192.168.10.0 fa0/0 192.168.10.1,Lab_A 192.168.10.0,s0/0 192.168.20.1,Lab_B 192.168.20.0 s0/0 192.168.20.2,Lab_B 192.168.40.0 s0/1 192.168.40.1,Lab_B 192.168.30.0 fa0/0 192.168.30.1,Lab_C 192.168.40.0 s0/0 192.168.40.2,Lab_C 192.168.50.0 fa0/0 192.168.50.1,1900,2900B,2900C,9/16/2024,42,配置示例互联网络中的交换,VLAN1，,使用网络号172.16.10.0/24，它连接到路由器,Lab_B,的,fa0/0,接口上，在此接口上配置,VLAN,间的路由。为实现,VLAN,间的通信，在172.16.10.0子网中的每台交换机须有一个,IP,地址,创建2个,VLAN：VLAN2,的子网号为172.16.20.0/24，,VLAN3,的子网号为172.16.30.0/24,Host 1,F0/27,F0/26,F0/2,F0/3,F0/0,s0/0,DCE,s0/0,F0/0,192.168.40. 0,F0/2,F0/3,F0/4,F0/5,F0/4,F0/5,Lab A,Lab B,Lab C,192.168.50. 0,192.168.30. 0,192.168.20. 0,192.168.10. 0,s0/1,DCE,s0/0,F0/0,F0/1,1900,2900B,2900C,9/16/2024,43,配置示例互联网络中的交换,在交换机的端口上设置中继,创建,VLAN,将接口设置到,VLAN,成员中,Host 1,F0/27,F0/26,F0/2,F0/3,F0/0,s0/0,DCE,s0/0,F0/0,192.168.40. 0,F0/2,F0/3,F0/4,F0/5,F0/4,F0/5,Lab A,Lab B,Lab C,192.168.50. 0,192.168.30. 0,192.168.20. 0,s0/1,DCE,s0/0,F0/0,F0/1,1900,2900B,2900C,9/16/2024,44,配置示例互联网络中的交换,跨,VLAN,间通信,Host 1,F0/27,F0/26,F0/2,F0/3,F0/0,s0/0,DCE,s0/0,F0/0,192.168.40. 0,F0/2,F0/3,F0/4,F0/5,F0/4,F0/5,Lab A,Lab B,Lab C,192.168.50. 0,192.168.30. 0,192.168.20. 0,s0/1,DCE,s0/0,F0/0,F0/1,1900,2900B,2900C,9/16/2024,45,