交换和 vlan switching and vlan

© 2006, Shenzhen Polytechnic, All rights reserved. 1

交换和 VLANSwitching and VLAN

深圳职业技术学院计算机系网络专业

© 2006, By Shenzhen Polytechnic. All rights reserved. 2

教学目标（ Objectives ）

1. 交换机学习主机地址（ Switche Learn Host Address ）2. 两种交换方法（ Two Switching Methods ）

3. 配置端口安全（ Configuring Port Security ） 4. 密码破解（ Password Recovery ） 5. VLAN 操作（ VLAN Operations ）

6. 配置和验证静态 VLAN

(Configuring and Verifying Static VLANs)


• 地址学习（ Address learning ）• 决定转发或过滤（ Forward/filter decision

）• 避免环路（ Loop avoidance ）

交换机三种功能（ Three Switch Functions ）


交换机学习主机地址（ Switche Learn Host Address ）

• 初始 MAC 地址表是空的• Initial MAC address table is empty

MAC address table

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0 E1

E2 E3

A B

C D



• A 向 C 发送帧（ Station A sends a frame to Station C ）• 交换机将 A 的 MAC 地址和其对应的接口 E0 放入 MAC 地址表• Switch caches station A MAC address to port E0 by learning

the source address of data frames

• 该帧向除了 E0 接口的所有接口泛洪• The frame from station A to station C is flooded out to all

ports except port E0

MAC address table

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0: 0260.8c01.1111

E0 E1

E2 E3DC

BA



• D 向 C 发送帧 (Station D sends a frame to station C)

• 交换机将 D 的 MAC 地址和其对应的接口 E3 放入 MAC 地址表• Switch caches station D MAC address to port E3 by learning the

source Address of data frames

• 该帧向除了 E3 接口的所有接口泛洪• The frame from station D to station C is flooded out to all ports

except port E3 (unknown unicasts are flooded)

MAC address table

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0: 0260.8c01.1111E3: 0260.8c01.4444

E0 E1

E2 E3 DC

A B


交换机过滤帧（ Switches Filter Frames ）

• A向C发送帧• Station A sends a frame to station C

• 目的地址已知，帧不被泛洪• Destination is known, frame is not flooded

E0: 0260.8c01.1111

E2: 0260.8c01.2222E1: 0260.8c01.3333E3: 0260.8c01.4444

0260.8c01.1111

0260.8c01.2222

0260.8c01.3333

0260.8c01.4444

E0 E1

E2 E3

XXXX DC

A B

MAC address table


两种交换方法（ Two Switching Methods ）


存储转发特征（ Store-and-forward Feature）

1. 在转发之前整个帧被接收 The entire frame is received before any forwarding takes place.

2. 由于交换开始之前要接收完整帧，较大的数据帧延迟较大 Latency is greater with larger frames because the entire frame must be received before the switching process begins.


直通特征（ Cut-through Feature ）

1. 在接收完整帧之前，帧就被转发。The frame is forwarded through the switch before the entire frame is received.

2. 最快的是只要读到目的地址就转发。At a minimum the frame destination address must be read before the frame can be forwarded.

3. 这种模式降低了延迟，但是不进行检错 This mode decreases the latency of the transmission, but also reduces error detection.


直通分类（ Cut-through Class ）

一、快速转发（ Fast-forward ）1. 快速转发提供了最低的延迟 Fast-forward switching offers the lowest level of latency.

2. 只要读到目的地址，就立刻转发Fast-forward switching immediately forwards a packet after reading the destination address.


直通分类（ Cut-through Class ）

二、 Fragment-free （无碎片方式）1. 无碎片方式在转发之前过滤掉碰撞碎片Fragment-free switching filters out collision fragments before forwarding begins.

2. 无碎片方式在转发之前要读到帧的前 64 字节Fragment-free switching waits until the packet is determined not to be a collision fragment(>64bytes) before forwarding


配置 SVI 地址（ Configuring SVI Address ）

Switch(config)#interface vlan 1

Switch(config-if)#ip address 10.1.1.1 255.255.255.0

Switch(config-if)#no shutdown


配置端口安全（ Configuring Port Security ）

Switch(config)#int f0/1Switch(config-if)#switchport mode accessSwitch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-address 0060.6700.dd5bSwitch(config-if)#switchport port-security violation restrict Switch#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count)------------------------------------------------------------------------------- Fa0/1 132 1 0 Restrict


密码破解（ Password Recovery ）

1. 拔掉电源（ Unplug the power cable ） 2. 按下 mode 按钮（ hold down the mode button ）3. 输入 flash_init （ type flash_init ）4. 执行 dir flash: （ type dir flash: ）5. 重命名配置文件（ rename flash:config.text flash:config.old ）6. 启动（ Boot ）7. 在进入 setup 模式提示下输入 N

（ enter N at the prompt to start the setup program.）


密码破解（ Password Recovery ）

8. 进入特权模式（ switch>enable ）9. 重命名配置文件（ rename flash:config.old flash:config.text ）10. 将配置文件拷贝到 RAM 中运行（ copy flash:config.text system:running-config ）11. 修改密码（ enable password cisco ）12. 存盘（ write ）13. 重启（ reload ）


VLAN 预览（ VLAN Overview ）VLAN 预览（ VLAN Overview ）

•分段Segmentation

•灵活• Flexibility

•安全• Security

3rd floor

2nd floor

1st floor

SALES HR ENG

1 VLAN =1 广播域＝ 1 逻辑子网A VLAN = A broadcast domain = Logical network (subnet)


VLAN 操作（ VLAN Operations ）VLAN 操作（ VLAN Operations ）

Switch A

GreenVLAN

BlackVLAN

RedVLAN

• 每一个逻辑的 VLAN 就像一个独立的物理网桥• Each logical VLAN is like a separate physical bridge



Switch A

GreenVLAN

BlackVLAN

RedVLAN

Switch B

GreenVLAN

BlackVLAN

RedVLAN

• 同一个 VLAN 可以跨越多个交换机• VLANs can span across multiple switches



Switch A

GreenVLAN

BlackVLAN

RedVLAN

Switch B

GreenVLAN

BlackVLAN

RedVLAN

Trunk

• TRUNK 链路携带多个 VLAN 的数据• Trunks carries traffic for multiple VLANs• Trunks 利用特定的封装来识别不同的 VLAN• Trunks use special encapsulation to distinguish

between different VLANs

Fast Ethernet


VLAN 成员模式（ VLAN Membership Modes ）VLAN 成员模式（ VLAN Membership Modes ）

VLAN5

静态 VLAN (Static VLAN) 动态 VLAN （ Dynamic VLAN ）

MAC = 1111.1111.1111

Trunk

VMPS

1111.1111.1111 = vlan 10

VLAN10

Port e0/9Port e0/4


配置静态 VLAN (Configuring Static VLANs)

1. 创建 VLAN （ create the VLAN ）Switch#vlan databaseSwitch(vlan)#vlan vlan_numberSwitch(vlan)#exit

2. 将接口指定到 VLAN 中assign the VLAN to one or more interfaces :

Switch(config)#interface fastethernet 0/9Switch(config-if)#switchport access vlan vlan_number


配置静态 VLAN 实例 (Configuring Static VLANs Example)

Switch#vlan database Switch(vlan)#vlan 2 name v2 VLAN 2 added: Name: v2Switch(vlan)#vlan 3 name v3VLAN 3 added: Name: v3Switch(vlan)#vlan 4 name v4VLAN 4 modified: Name: v4Switch(vlan)#no vlan 4Deleting VLAN 4...Switch(vlan)#exitAPPLY completed.Exiting....

Switch(config)#int f0/2

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 2

Switch(config-if)#int f0/3

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 3

Switch(config-if)#end


验证静态 VLAN 配置(Verifying Static VLANs Configuration)

Switch#sh vlan brie

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/122 v2 active Fa0/23 v3 active Fa0/31002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Switch#


思考题（ Questions ）

1. 交换机三种主要的功能是什么？2. 交换机怎样学习主机地址？3. 什么是存储转发？4. 什么是快速转发？5. 什么是无碎片方式转发？6. 简述交换机密码破解的步骤？7. 什么是 VLAN?

交换和 vlan switching and vlan

Documents