rcnp routing and switching v3 0認證學習一本通

考試地點：PearsonVUE考試中心考試時長：110分鐘模塊分值知識點模塊分值知識點與端口策略銳捷口綜用

——園區(qū)網(wǎng)交換

生成樹與1、 VLAN：VirtualLocalArea/24 利用VLAN技術將這臺接入交換機VLAN：VirtualLocalArea主管辦公室VLANVLAN

VLAN VLAN 主管辦公室VLAN VLAN

VLAN1。注，VLAN1無法刪除RG-S2652G(config)#vlanRG-S2652G(config)#vlan10創(chuàng)建VLANRG-S2652G(config)#vlan20RG-S2652G(config-if)#switchportaccessvlan20//將該接口分配進VLAN20RG-S2652G(config)#interfacef0/1RG-S2652G(config-if)#switchportaccessvlan10//將該接口分配進VLAN10RG-S2652G(config)#interfacef0/2主管辦公室VLAN VLAN VLAN 1

Fa0/8,Fa0/9,Fa0/10,Fa0/11Fa0/12,Fa0/13,Fa0/14,Fa0/15Fa0/16,Fa0/17,Fa0/18,Fa0/19Fa0/20,Fa0/21,Fa0/22,Fa0/23Fa0/24,Gi0/25,Gi0/261020

主管辦公室VLAN VLAN DYNAMICFastEthernetDYNAMICFastEthernetDYNAMICFastEthernet… VLAN

VLAN A

B VLAN

VLAN

accessvlan?這是最佳的解決辦法，因為實際項目中接入交換機上可能會存在很多VLAN，不可 switchportswitchportmodeswitchportmodeswitchportmode switchportaccessvlanswitchportmodeVLAN1212出去的802.1Q幀的VLANID是不同的

令指定的VLANID

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk VLAN VLAN PC VLAN

?廣播報文除了向本VLAN內的其他端口轉發(fā)，也會從Trunk接口轉發(fā)出去，在據(jù)幀會變成不同的802.1Q數(shù)據(jù)幀（Tag字段的VLANID部分不同））switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

PC VLAN

?switchportaccessvlan10switchportaccessvlan switchportmode VLAN VLAN PC VLAN

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk VLAN

VLAN

VLAN20 PCB switchportaccessvlan10switchportaccessvlan20switchportmodetrunk VLAN VLAN PC VLAN

1PC12PCB4PC34switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

4VLAN20 VLAN PC

VLAN

??從access接口接收的標準以太網(wǎng)幀，會從同一VLAN的其他access接口轉發(fā)出VLANVLAN20Switch(config)#vlanSwitch(config)#vlanSwitch(config)#interfacefastethernet0/1Switch(config-if)#switchportaccessvlan20Switch(config)#interfacerangefastethernet0/2-3Switch(config-if)#switchportaccessvlan10Switch(config)#interfacefastethernet0/4Switch(config-if)#switchportmodetrunk ?1.VLAN1是默認存在的，并且無法刪除，所有接口缺省情況下都屬于VLAN 1

Fa0/4,Fa0/5,Fa0/6,Fa0/7Fa0/8,Fa0/9,Fa0/10,Fa0/11Fa0/24,Gi0/25,Gi0/261020

Fa0/1,Fa0/4 Trunk802.1Q幀，會從相應的Access接口（802.1Q幀中TAG字段所對應的VLANID）轉發(fā)出去，同時剝離TAG標記轉變成標準以太網(wǎng)幀?如果交換機上沒有配置access接口，只配置了Trunk接口（即匯聚交換機），交換機已經(jīng)創(chuàng)建了所接收的802.1Q數(shù)據(jù)幀中包含的VLANID對應的VLAN，否則將丟棄接收到的802.1Q幀 ?如果相應的輸出Trunk接口上配置了VLAN修剪功能，將特定的VLANID在該接口上修剪掉，那么當接收到了包含相應VLANID的802.1QSwitch(config)#interfacefastethernetSwitch(config-if)#Switch(config)#interfacefastethernetSwitch(config-if)#switchporttrunkallowedvlanremoveVLANName 1 10 20 switchportaccessvlan10switchportaccessvlan20switchportmodetrunkintererfacevlan100

intererfacevlan

VLAN

vlan10,也沒有創(chuàng)建vlan10，的802.1Q數(shù)據(jù)幀（vlan10） ?

switchportaccessvlan10switchportaccessvlan20switchportmodetrunkintererfacevlan100

intererfacevlan

VLANNativeVLAN?Trunk接口上傳輸數(shù)據(jù)幀都為802.1Q數(shù)據(jù)幀，但有一種例外，就是nativevlan。默認情況下，交換機的所有接口的nativevlan為vlan1?？梢詫runk接口上的native?2.當從trunk接口上接收到一不攜帶TAG的標準以太網(wǎng)幀（untagged）時，會從nativevlan所包含的接口轉發(fā)出去switchportaccessvlan1switchportmodetrunk

VLAN1

VLAN PCNativeVLAN?Trunk接口上傳輸數(shù)據(jù)幀都為802.1Q數(shù)據(jù)幀，但有一種例外，就是nativevlan。默認情況下，交換機的所有接口的nativevlan為vlan1?？梢詫runk接口上的native?將trunk接口的natvievlan修改為vlan

switchportaccessvlan10switchportmodetrunk 1VLAN PCSwitch(config)#interfacefastethernet0/2Switch(config-if)#Switch(config)#interfacefastethernet0/2Switch(config-if)#switchporttrunknativevlan10FastEthernet1FastEthernetFastEthernet1FastEthernet1… PC1PC1PC1.

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk PC1 ?廣播報文在二層網(wǎng)絡中不斷泛洪, ?主機網(wǎng)卡接收到大量的廣播報文,操作系統(tǒng)調用大量的CPU進程資源來識別這些 ?大量二層協(xié)議廣播報文需要二層交換機CPU處理,浪費大量資源,對正常的請求無 ?對網(wǎng)關IP地址的ARP請求報文,經(jīng)過環(huán)路的復制轉發(fā),不斷地發(fā)送到網(wǎng)關設備,網(wǎng)關 PC1

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk ARPG

按照產(chǎn)生時間先后順序分別是STP、RSTP、STP(SpanningTree IEEERSTP(Rapid IEEEMSTP(Multiinstance IEEE每個非根交換機選擇一個根端口（RootPortPortDP）（topologychangenotification）配置BPDU中主要攜帶（根網(wǎng)橋IDID端口ID）這四個參數(shù)和（Hellotimer、Forwardingdelay、MAXage）網(wǎng)橋端口（RootPathCost），根路徑開銷反映了某端口到根交換機的“遠442210M100M1G10G00HelloForwaring計算到根橋的最短路徑開銷(RootPath選擇根網(wǎng)橋:最優(yōu)BPDU的RootRootRoot10Bridge1PortRoot2RootPath0Bridge2PortRoot1Root1Root0Bridge1Port1RootRoot3RootPath0Bridge3Port

RootRoot3RootPath0Bridge3PortRoot2RootPath0Bridge2Port1Root1Root10Bridge1PortRoot1Root10Bridge1Port1

Root2RootPath0Bridge2PortRootRoot3RootPath0Bridge3Port

RootRootPathPtID1

RootRootBridgePortRoot1RootPathBridge2Port1Root2RootPath0BridgePort21Root3RootPath0Bridge3Port Root1RootPath0Bridge2PortRoot1Root0BridgeRoot1RootPath0Bridge2PortRoot1Root0Bridge1Port

Root1RootPathBridge2Port1 RootRoot1RootPath0Bridge2PortIDRoot1RootPath0Bridge1Port1RootRoot3RootPath0Bridge3Port

RootRoot1Root0Bridge1Port

RootRoot3RootPath0Bridge3Port

Root1RootPathBridge2Port1 交換機處于listening和learning狀態(tài)的時間由forwardingdelay

G0/40/48Bloking

拓撲穩(wěn)定后只有根網(wǎng)橋才會每隔Hellotimer發(fā)送配置

機Root1機Root1RootRoot10Bridge1PortID1

RootRootPathcostBridgeIDPortRoot

1

BridgePortID

21

RootRoot1RootPathBridge3Port

觸發(fā)轉發(fā)PC2PC3

MAC地址表老化時間由300S變?yōu)镕orwarding

11Root1RootPath01

RPort

RootPathRootPathBridge

Port

從根端口發(fā)送TCNBPDU

直接拓撲變化數(shù)據(jù)轉發(fā)延遲2倍Forwarding

PortPortBridgeRootPathRoot

RootPathRootPathRootBridget

BridgeBridgeRootPathRoot

50g

（30s））——52s（MAXage（20s）+2倍forwardingdelay（30s）+helloRoot1RootPathBridge2 Port

Root1Root1RootPathBridge3Port

變化后需要至少兩倍的ForwardDelay時間（30-52s），才能恢復連通性 ?把堵塞的端口細分為Alternate端口和BackupRootRootatedPort

?端口狀態(tài)由5種狀態(tài)減少到3Forwarding、Learning、 ?無論是否收到根交換機發(fā)送的BPDU，其他交換機每Hellotimer（2s）?3倍Hellotimer沒有收到BPDU ?在BPDU的Flag字段，把原來保留的中間6?P/A機制要求端口類型必須是點對點（point-to-Bit7Bit6Bit5Bit4Bit3Bit2Bit1Bit0

11

引入邊緣端口（Edge

PortAdminPortFast:DisabledPortOperPortFast:DisabledPortAdminAutoEdge:EnabledPortOperAutoEdge:DisabledPortAdminLinkType:autoPortBPDUGuard:DisabledPortBPDUFilter:DisabledPortGuardmode:NonePortState:forwardingPortPriority:128PortDesignatedRoot:1000.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:8019PortOperPathCost:20000Inconsistentstates:normalPortRole:rootPortPortAdminPortFast:DisabledPortOperPortFast:DisabledPortAdminAutoEdge:EnabledPortOperAutoEdge:DisabledPortAdminLinkType:autoPortBPDUGuard:DisabledPortBPDUFilter:DisabledPortGuardmode:NonePortState:discardingPortPriority:128PortDesignatedRoot:1000.001a.a97e.9dc7PortDesignatedCost:20000PortDesignatedPort:8019PortOperPathCost:20000Inconsistentstates:normalPortRole:alternatePor

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk MSTPMultipleSpanningTreeProtocol多生成樹協(xié)議實例

Instance Instance

Region 通過IST（Internalspanning-tree內部生成樹）保證連通性 MSTPBPDU里面包含MSTMSTrevisionnumber（修訂版本號）、Instance和vlan的映射，如果在一個端口上收到的ISTInternalSpanningTree（域內）CSTCommonSpanningTree（域間）CISTCommonandInternalSpanningMSTIMultipleSpanning-TreeInstanceMSTP Ruijie(config)#spanning-treemstconfigurationRuijie(config-mst)#instance10vlan?LINEVlanrangeex:1-65,72,300- 57-2；VLAN20的主根是57-2，備份根是57-1

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

5750-1#sh5750-1#shspanning-treemstconfigurationMultispanningtreeprotocol:Enable InstanceVlans0:1-9,11-19,21-::5750-1#shspanning-tree5750-1#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:######MST10vlansmapped:BridgeAddr:001a.a97e.9dc7Priority:4096TimeSinceTopologyChange:TopologyChanges:2DesignatedRoot:RootCost:0RootPort:5750-1#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:801aPortForwardTransitions:2PortAdminPathCost:PortRole:5750-2#shspanning-tree5750-2#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:######MST10vlansmapped:BridgeAddr:001a.a97e.9d8bPriority:8192TimeSinceTopologyChange:TopologyChanges:7DesignatedRoot:RootCost:20000RootPort:5750-2#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:801aPortForwardTransitions:2PortAdminPathCost:PortRole:rootPort2628G-3#shspanning-tree2628G-3#shspanning-treemst10interface######MST10vlansmapped:10PortState:forwardingPortPriority:PortDesignatedRoot:100a.001a.a97e.9dc7PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:rootPort######MST10vlansmapped:10BridgeAddr:001a.a94a.8261Priority:32768TimeSinceTopologyChange:TopologyChanges:3DesignatedRoot:RootCost:20000RootPort:2628G-3#shspanning-treemst10interface######MST10vlansmapped:10PortState:discardingPortPriority:PortDesignatedCost:0PortDesignatedPort:8019PortAdminPathCost:PortRole:alternatePort ?在接入層設備上直連PC的端口上配置，相當于RSTP（Edge?配置了該命令的端口可以直接從blocking/discarding狀態(tài)進入轉發(fā)狀態(tài)， ?在接入層設備上直連PC的端口上配置，防止可能存在的環(huán)路和STP協(xié)議?配置了該命令的端口如果收到BPDU報文則進入errordisable? 配置了該命令的端口不會發(fā)送BPDU，丟棄接收到的

VLAN

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

VirtualRouterRedundancyProtocolIntIntvlanIpaddIntvlanIpadd

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

IntvlanIntvlanIpadd

IntvlanIntvlanIpadd

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

?由一個master和若干backup ?虛擬路由器的IP ?虛擬路由器擁有的虛擬MAC，格式為0000-5E00-01XX(XX對應VRID），虛擬路由 現(xiàn)故障，BACKUP路由器就開始接替工作 IPadd：虛擬 ??默認為 ? ?設備初始化時進入此狀態(tài)，路由器不會對VRRP?當收到接口startup的消息，將轉入Backup（優(yōu)先級不為255時）或Master狀態(tài)（優(yōu)先 ?定期發(fā)送VRRP?響應對虛擬IP地址的ARP請求，并且用虛擬MAC地址應答，接收目的MAC?在Master狀態(tài)中只有接收到比自己的優(yōu)先級大的VRRP報文時，才會轉為Backup ?接收Master發(fā)送的VRRP?對虛擬IP地址的ARP請求不做響應、丟棄目的MAC地址為虛擬MAC地址的IP報文、丟 <1-255>VRRPadvertise<1-255>Priorityvrrp10priorityvrrp10ip

interfaceVLANvrrp10ip

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

Grp Own MasterGroupVLAN 5750-1#sh5750-1#shvrrpinterfacevlan10VLAN10-Group10StateisVirtualIPaddressis54configuredVirtualMACaddressis0000.5e00.010aAdvertisementintervalis1secPreemptionisenabledmindelayis0secPriorityisMasterRouteris53(local),priorityis105MasterAdvertisementintervalis1secMasterDownintervalis3

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

通過修改網(wǎng)橋優(yōu)先級把匯聚交換機設備設置為根網(wǎng)橋，和VRRP如果因環(huán)境原因可能產(chǎn)生收幀延遲，導致VRRP震蕩，或者VRRP組比較多，例如雙核心應用環(huán)境中有30個左右的VRRP組，且都把同一臺設備設置為Master。為了避免同一個時刻大量收發(fā)VRRPCPU的沖擊，建議修改不同VRRP間隔，比如50％VRRP組的通告發(fā)送間隔設置成1秒，50％設置成2秒vrrp1priorityvrrp1ipVrrp1trackgigabitEthernetvrrp2ipvrrp3priorityvrrp3ipVrrp3trackgigabitEthernetvrrp4ipinstance0vlan5-4094instance1vlan1,instance2vlan2,Switchmodetrunkport-group1port-group1switchportmodetrunkvrrp1ipvrrp2priorityvrrp2ipVrrp2trackgigabitEthernetvrrp3ipvrrp4priorityvrrp4ipVrrp4trackgigabitEthernetinstance0vlan5-4094instance1vlan1,instance2vlan2,Switchmodetrunkport-group1port-group1switchportmodetrunkinstance0vlan5-4094instance1vlan1,instance2vlan2,switchportmodeswitchportmodetrunkspanning-treeportfastspanning-treeportfast######MST1vlansmapped:1,3BridgeAddr:001a.a97e.9dc7Priority:4096TopologyChanges:8RootCost:RootPort:######MST2vlansmapped:2,4BridgeAddr:001a.a97e.9dc7Priority:8192TopologyChanges:8RootCost:19000RootPort:######MST1vlansmapped:1,3BridgeAddr:001a.a97e.9d8bPriority:8192TopologyChanges:5RootCost:RootPort:######MST2vlansmapped:2,4BridgeAddr:001a.a97e.9d8bPriority:4096TopologyChanges:5RootCost:0RootPort:OwnVLAN13 VLAN23 VLAN33 VLAN43 OwnVLAN13 VLAN23 VLAN33 VLAN43

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan1switchportaccessvlan2switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

switchportaccessvlan10switchportaccessvlan20switchportmodetrunk

??所有物理端口必須屬于同一個?最多支持8個物理端口聚合為一個 ?通過LACP ? Ruijie(config)#intrangeg0/25-26Ruijie(config)#intrangeg0/25-26 Ruijie(config)#intRuijie(config)#intaggregateportRuijie(config-AggregatePort1)#switchportmodeRuijie#shaggregatePort1summaryAggregatePortMaxPortsSwitchPort Ruijie#shaggregatePort1summaryAggregatePortMaxPortsSwitchPort 8Gi0/25Ruijie#shintg0/25Ruijie#shintg0/25GigabitEthernet0/25isadministrativelydown,lineprotocolisDOWNHardwareisBroadcom5464GigabitEthernetInterfaceaddressis:noipaddressMTU1500bytes,BW1000000KbitRuijie#shintaggregateport1Index(dec):27(hex):1bAggregatePort1isUP,lineprotocolisUPHardwareisAggregateLinkAggregatePortInterfaceaddressis:noipaddressMTU1500bytes,BW20000004、

2121 ?廣播報文在二層網(wǎng)絡中不斷泛洪, ?主機網(wǎng)卡接收到大量的廣播報文,操作系統(tǒng)調用大量的CPU進程資源來識別這些 ?大量二層協(xié)議廣播報文需要二層交換機CPU處理,浪費大量資源,對正常的請求無 ?對網(wǎng)關IP地址的ARP請求報文,經(jīng)過環(huán)路的復制轉發(fā),不斷地發(fā)送到網(wǎng)關設備,網(wǎng)關

2

??接入層交換機單鏈路上聯(lián)，匯聚層交換機沒有必要開啟 ? ?接入交換機上行口開啟 ?

1

errdisablerecoveryerrdisablerecoveryinterval120intrangefa0/1-24int

Ruijie#shRuijie#shint ----------------------------------------------------- FastEthernet Ruijie(config)#intRuijie(config)#intrangeFastEthernet0/1-Ruijie(config-if-range)#rldpportloop-detectshutdown-Ruijie(config)#errdisableRuijie(config)#errdisablerecoveryinterval rldpportloop-detectblock/shutdown-port/shutdown-?block?shutdown-port：將端口置于err-disable?shutdown-svi：將端口對應svi置于shutdown?warning：不對端口作任何處理，僅將事件生成log日志 rldpdetect-interval rldp show 2 2 %RLDP-3-LINK_DETECT_ERROR:loop%RLDP-3-LINK_DETECT_ERROR:loopdetectionerrordetectoninterfaceFastEthernet0/1.setthisinterfaceerrordisable!%LINK-3-UPDOWN:InterfaceFastEthernet0/1,changedstateto%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet0/1,changedstatetoRuijie#shint Vlan---------------------------------------------------------FastEthernet0/1FastEthernet0/2FastEthernetFastEthernetdisable1UnknownUnknowncopperdown1UnknownUnknowncopperdown1UnknownUnknowncopperdown1UnknownUnknowncopperRuijie#shrldpRuijie#shrldpinterfaceport :localbridge :001a.a976.9c0aneighborbridge:0000.0000.0000neighborport loopdetectinformation action:shutdown-portstate:errorRLDP 使用shutdown-porterrdisablerecoveryinterval自動

3 VLAN

5、端口鏡像monitorsession1sourceinterfacemonitorsession1destinationinterfacemonitorsession1destinationinterfacexx根據(jù)交換芯片的不同，部分交換機在應用SPANCPUS861Addr北京海淀區(qū)復興路29號中意鵬奧大廈東塔A座11100036——園區(qū)網(wǎng)路由

Ruijie 棄該數(shù)據(jù)包,以PCA去pingPCB為例 據(jù)轉發(fā)給PCB。并且SWB將PCB返回的數(shù)據(jù)轉發(fā)給SWA PC vlanvlaninterfacevlanipaddressinterfacegi0/24vlaninterfacevlanipaddressinterfacegi0/24 VLAN VLAN VLAN

?在三層設備之間使用這種方式進行互聯(lián)，一定要在互連接口上配置trunk修剪,即只將互聯(lián)SVI的VLANID放行vlanvlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremovevlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremove vlanvlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremovevlaninterfacevlanipaddressinterfacegi0/24switchporttrunkallowedvlanremove ?兩邊使用相同的VLANvlanvlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800vlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800 ?同第1種trunk互連方式中所描述的，也建議在三層交換機的下聯(lián)trunk接口進行將互聯(lián)SVI的VLANID修建掉(即只放行用戶VLANID)vlanvlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800interfacegi0/1switchportmodetrunkswitchporttrunkallowedvlanremovevlaninterfacevlanipaddressinterfacegi0/24switchportaccessvlan800interfacegi0/1swtichportmodetrunkswitchporttrunkallowedvlanremove ?兩邊使用不同的VLANvlanvlaninterfacevlanipaddressinterfacegiswitchportaccessvlanvlaninterfacevlanipaddressinterfacegiswitchportaccessvlan ?使用noswitchport命令將一個接口變?yōu)槿龑勇酚山涌冢ㄍ酚善鞯慕涌谝粯樱琲nterfaceinterfacegi0/24noswitchportipaddressinterfacegi0/24noswitchportipaddress SWA(config)#ipSWA(config)#iprouteSWA(config)#iproute SWB(config)#ipSWB(config)#iprouteSWB(config)#iproute SWA#shSWA#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWB#shSWB#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWA#shSWA#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWB#shSWB#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /30isdirectlyconnected,VLAN800 /32islocalhost. /24[1/0]via /24[1/0]via SWA#SWA#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /24isdirectlyconnected,GigabitEthernet0/24 /32islocalhost. /24[1/0]via /24[1/0]via SWB#SWB#shipCodes:C-connected,S-static,R-RIP,B-BGPO-OSPF,IA-OSPFinterareaN1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2E1-OSPFexternaltype1,E2-OSPFexternaltype2i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-ia-IS-ISinterarea,*-candidateGatewayoflastresortisno /24isdirectlyconnected,GigabitEthernet0/24 /32islocalhost. /24[1/0]via /24[1/0]via ?PCA判斷PCB的IP與本地IP不在同一網(wǎng)段，在進行TCP/IP封裝時，二層目的 ICMPEcho ?SWC從VLAN10的access接口接收到報文，查找MAC地址表將其從上聯(lián)口轉TAG:VLAN10ICMPEcho 2ICMPEcho VLAN1 PC ?TAG:VLANTAG:VLAN10ICMPEcho

ICMPEcho TAG:VLAN10TAG:VLAN10ICMPEcho

ICMPEcho ?–SWA和SWB之間使用不同的接口進行互聯(lián)時，所形成的MAC地址表及ARP表會有800MACVlanPCAVlan800MACVlan800MACPCA800MAC

?–當SWA與SWB之間使用路由接口進行互連時形成的表項（只有ARP表項）PCAVlan

?SWA和SWB使用不同形式接口互連時，由于SWA和SWB上面形成的ARP表TAG:VLAN10ICMPEcho

VLAN1 PC TAG:VLAN10ICMPTAG:VLAN10ICMPEchoSS：SWASVI800D：SWBSVI800800MACVlan

3

VLAN1 PC TAG:VLAN10TAG:VLAN10ICMPEchoSS：SWASVI800D：SWBSVI800MACTAG:VLAN800 800MAC （2）SWA查找MAC地址表根據(jù)替換目的MAC地址后的報文從哪個接口轉發(fā) –（1）首先查找路由表，目的IP在本地直連接口網(wǎng)段內，接著查找ARP表，找到目的S：SWASVI800D：SWBSVI800TAG:vlan800S：SWASVI800D：SWBSVI800TAG:vlan800ICMPEcho800MACVlanPCBVlanSS：SWASVI800D：SWBSVI800

44獲取PCB的MAC地址信息–（2）完成二層MACSWB查找MAC地址表以確定將報文從哪個接口轉發(fā)記（VLAN40），如果是access接口，則不添加TAG標記。S：S：SWBSVI40MACD：PCBMACSS：SWASVI800D：SWBSVI800TAG:vlan800ICMPEcho

800MACPCB44–（2）完成二層MACSWB查找MAC地址表以確定將報文從哪個接口轉發(fā)記（VLAN40），如果是access接口，則不添加TAG標記。

S：SWASVI800MACD：SWBSVI800TAG:vlanS：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoICMPEcho 44 –SWD查找MAC地址表，將其從連接PCB的接口轉發(fā)出去，同時剝離TAG

S：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWBSVI40D：PCBICMPEcho VLAN PC 3 VLAN PC TAG:VLAN10ICMPEchoTAG:VLAN10ICMPEchoSS：SWASVI800D：SWBSVI800800MACVlan

3 VLAN PC （2）SWA查找MAC地址表根據(jù)替換目的MAC地址后的報文從哪個接口轉發(fā)出

TAG:VLAN10S：0D：ICMPEcho 800MAC

S：SWASVI800MACD：SWBSVI800MAC無 3

SS：SWASVI800D：SWBSVI800ICMPEcho VLAN PC –（1）首先查找路由表，目的IP在本地直連接口網(wǎng)段內，接著查找ARP表，找到目的（0）對應的MAC地址即PCB的MAC地址，使用PCBMAC地址替換原目的MAC地址，使用SVI40的MAC地址替換之前的源MAC地址。SS：SWASVI800D：SWBSVI800ICMPEchoS：SWASVI40D：PCB

44800MACVlanPCBVlan獲取PCB的MAC地址信息?–（2）完成二層MACSWB查找MAC地址表以確定將報文從哪個接口轉發(fā)記（VLAN40），如果是access接口，則不添加TAG標記。SS：SWASVI800D：SWBSVI800ICMPEchoS：SWBSVI40MACD：PCBMAC

800MACPCB44?S：SWBSVI40D：PCBTAG:vlan40S：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWASVI800D：SWBSVI800ICMPEcho

44 –SWD查找MAC地址表，將其從連接PCB的接口轉發(fā)出去，同時剝離TAG

S：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWBSVI40D：PCBICMPEcho VLAN PC –首先在路由表中查找目的IP對應的下一跳IP（），接著查找ARP表項找到D：SWBGi0/24無 800MAC 1

PC –（1）首先查找路由表，目的IP在本地直連接口網(wǎng)段內，接著查找ARP表，找到目的（0）對應的MAC地址即PCB的MAC地址，使用PCBMAC地址替換原目的MAC地址，使用SVI40的MAC地址替換之前的源MAC地址。D：SWBGi0/24ICMPEchoS：SWBSVI40D：PCB

44PCBVlan獲取PCB的MAC地址信息–（2）完成二層MACSWB查找MAC地址表以確定將報文從哪個接口轉發(fā)記（VLAN40），如果是access接口，則不添加TAG標記。D：SWBGi0/24ICMPEchoS：SWBSVI40MACD：PCBMAC

PCB44S：SWBSVI40D：PCBTAG:vlan40S：SWBSVI40D：PCBTAG:vlan40ICMPEchoD：SWBGi0/24ICMPEcho

44 –SWD查找MAC地址表，將其從連接PCB的接口轉發(fā)出去，同時剝離TAG

S：SWBSVIS：SWBSVI40D：PCBTAG:vlan40ICMPEchoS：SWBSVI40D：PCBICMPEcho VLAN PC ?1.PC的TCP/IP?2.?決定輸出報文是否攜帶TAG標記以及TAG標記中的VLANID是多少2 34VLANVLAN1PC5 2、

李 VLAN

VLAN

? ? 每個運行OSPF的路由器都必須有一個RouterID。?鄰居（Neighbor）：設備啟動OSPF路由協(xié)議后，便會通過接口向外發(fā)送Hello報文。收到Hello報文的其它啟動OSPF路由協(xié)議的設備會檢查報文中所定義的一些 OSPFIPPacketOSPFPacketOSPFProtocol OSPF ? ?鄰接路由器之間通過LSU洪泛LSA，通告拓撲信息，最終同一個區(qū)域內所有路 ?? ??OSPF ?? ? ?OSPF接口是否啟動有 RouterRouter InitRouter TwoTwoWay RouterRouter RouterExchangeALoadingALoadingBFullFullOSPF

2- 路由器之

OSPF ?廣播(Broadcast)?點到點(P2P)PPP、?? ?OSPFOSPF

routerospfrouterospfnetwork55areanetworkarearouterospfnetwork55areanetworkareaS5750-A#shS5750-A#shipCodes:C-connected,S-static,R-RIP,M-mobile,B- isdirectlyconnected,FastEthernet0/0/24issubnetted,3subnets [110/2]via,00:01:44, [110/2]via,00:01:44, [110/2]via,00:01:44,OSPF 查看OSPF協(xié)議狀態(tài)：showipospfS5750-A#shipS5750-A#shipprotocolsRoutingProtocolis"ospf100"OutgoingupdatefilterlistforallinterfacesisnotsetIncomingupdatefilterlistforallinterfacesisnotsetRouterIDNumberofareasinthisrouteris1.1normal0stub0nssaMaximumpath:4Routingfor55area55areaRoutingInformationSources:GatewayDistance LastUpdateDistance:(defaultis S5750-A#shipS5750-A#shipospf Dead OSPF R01#shipospfinterfacefastEthernet0/0.12FastEthernet0/0.12isup,lineprotocolisupInternetAddress/30,Area0ProcessID100,RouterID,NetworkTypeBROADCAST,Cost:1TransmitDelayis1sec,StateDR,Priority1DesignatedRouter(ID),InterfaceaddressBackupDesignatedrouter(ID),InterfaceaddressTimerintervalsconfigured,Hello10,Dead40,Wait40,Retransmitoob-resynctimeout40Helloduein00:00:01Index1/1,floodqueuelength0Next0x0(0)/0x0(0)Lastfloodscanlengthis0,maximumisLastfloodscantimeis0msec,maximumis0msecNeighborCountis1,Adjacentneighborcountis1Adjacentwithneighbor(BackupDesignatedRouter)Suppresshellofor0neighbor(s)OSPFHELLOHELLO報文中影響OSPF OSPFMTU

李 VLAN 紅VLAN

routerospfrouterospfnetworkareanetwork55area

routerrouterospfnetworkareanetwork55arearouterospfrouterospfnetworkareanetworkareanetworkarearouterospfnetworkareanetworkareanetworkarearouterospfnetworkarearouterospfnetworkareanetworkareanetworkarearouterrouterospfnetworkareanetworkareanetworkareaOSPF

routerospfrouterospfnetwork55areanetworkareainterfaceipaddressipospfcostrouterospfnetwork55areanetworkareaS5750-A#shS5750-A#shipCodes:C-connected,S-static,R-RIP,M-mobile,B- [110/11]via,00:01:44, [110/11]via,00:01:44, [110/11]via,00:01:44,

李 VLAN

VLAN

?控制LSA只在區(qū)域內洪泛，有效地把拓撲變化控制在區(qū)域內，拓撲的變化影響? OSPF多區(qū)域設計雙層層次化（2-layer Area Area AreaAreaAreaAreaArea0為骨干區(qū)域，所有其口屬于Area0 內部路由器IR（InternalArea所有接口在同一個Area ??? ??區(qū)域之間的行為特性是D-V，為了解決區(qū)域之間可能發(fā)生的路由循環(huán),引入一個特殊的區(qū)域Area0,其它區(qū)域之間要通信，必須通過Area0骨干區(qū)域 ?OSPFAreaAreaAreaOSPF多區(qū)域環(huán)境下LSA類型1LSARouterLSA類型2LSANetworkLSA類型3LSANetworkSummaryLSA類型4ASBR匯總LSAASBRSummaryLSA類型5LSAASExternalLSA類型7NSSA外部LSANSSAExternalLSAOLSAOLSAOLSALSAOE2/OLSAON2/O TypeType=RouterID=NumberofLinksLink1Link2Type=NumberofLinksLink1Link2Link3Type=RouterID=NumberofLinksLink1Link2Link3 Type=SubnetMaskType=SubnetMask=AttachedRouter=AttachedRouter= Type=Mask=Metric=LSA7---NSSAExternal LSA類型7只能在NSSA區(qū)域中洪泛，到達NSSA區(qū)域ABR后，NSSAABR將其轉 OSPF Ruijie(config)#routerospf Ruijie(config)#routerospfOSPF OSPF ruijie（config-router）#arearangenot-advertiseruijie（config-router）summary-addressnot-dvertiseOSPF ?? ??OSPF ?? ?? ??OSPF區(qū)域類型與LSAArea

AreaLSA1/2/3

Area

Area

Area 3457骨干區(qū)域(AreaOSPF ABR:Ruijie(config-router)#networkip-addresswildcard-maskarea0stubno- ???路由（LSA）LSA3

External

??? ?OSPF default-informationoriginate?產(chǎn)生的LSA是TYPE5DefaultDefaultrouteDefaultrouteDefaultrouteOSPF ?產(chǎn)生的LSA是TYPE3?STUBorTOTALOSPF ??產(chǎn)生的LSA是TYPE7OSPF ??產(chǎn)生的LSA是TYPE3nssano-nssano-型√55√3√3area*nssadefault-information-7area*nssadefault-information-√7√3 AreaAreaR2/16interfacefipaddressinterfacefipaddressinterfacef3/1ipaddressinterfacefipaddressinterfacefipaddressiprouteiproute!OSPF的配置routerospfOSPFnetwork55areanetwork55areanetwork55areanetwork55areaRouterospfredistributeconnected[subnets][metric-type{1,2}][metricmetric]redistributestatic[subnets][metric-type{1,2}][metricmetric]Routerospfredistributerip[subnets][metricmetric]redistributeconnected[subnets][metricmetric]redistributestatic[subnets][metricmetric]routerredistributeconnected[subnets][metricmetric][metric-type1/2]redistributestatic[subnets][metricmetric][metric-type1/2]略Router(config-route-map)#Router(config-route-map)#matchipaddress{access-list-numbername}[...access-list-number|Router(config-route-map)#Router(config-route-map)#matchlengthminsetipnexthop——setinterfacesetdefaultinterfacesetipdefaultnext-hopsetipnext-hopip-add和setipdefaultnext-matchxyzmatchasetmatchdenyall(If(xoryorz)andthenset(bandc)elseifqthensetelsesetRoute#ShowipRoute#debugip

問題：負載均衡，無法控制數(shù)據(jù)走R2或Access-list1permitRoute-maptestpermit10Matchipaddress1SetmetricRoute-maptestpermitRouterospfredistributestaticsubnetsroute-mapAccess-list1permitRoute-maptestpermit10Matchipaddress1SetmetricRoute-maptestpermitRouterospfredistributestaticsubnetsroute-mapAddr北京海淀區(qū)復興路29號中意鵬奧大廈東塔A座11100036——園區(qū)網(wǎng)出口

它是一個IETF(InternetEngineeringTaskForce,Internet工程任務組)標IPv4的空間已經(jīng)嚴重不足，NAT可以大量節(jié)省公網(wǎng)分配給內部網(wǎng)絡中的主機的IP地址，通常這種地址來自RFC1918指定的私有(config-if)#ipnat{inside|outsideglobal-ip}(config-if)#ipnat{inside|outside(config)#ipnatinsidesourcestatic{tcp|udp}local-iplocal-port(config-if)#ipnat(config-if)#ipnat(config)#ipnatinsidesourcesta