CCNA 認(rèn)證培訓(xùn) 06 VLAN and STPppt課件

1、Lesson 6VLAN和生成樹協(xié)議學(xué)習(xí)提綱6.1VLAN操作引見6.2VTPVLAN Trunk Protocol6.3配置VLAN6.4在VLAN中運用生成樹協(xié)議 2004 Cisco Systems, Inc. All rights reserved.ICND v2.22-306 VLAN和生成樹協(xié)議6.1VLAN操作引見VLAN = Broadcast Domain = Logical Network (Subnet) 6.1.1VLAN概述SegmentationFlexibilitySecurity每個VLAN向物理網(wǎng)橋一樣獨立任務(wù)；通訊只能在同一VLAN中進(jìn)展限制單播、組播和廣播

2、；VLAN可以跨越多個交換機(jī)時；中繼鏈路Trunk可以攜帶多個VLAN的流量；Trunk運用特定的封裝去區(qū)分不同的VLAN.交換機(jī)為每一個不同的VLAN維護(hù)一張不同的MAC地址表當(dāng)交換機(jī)收到一個幀無法在MAC地址表中尋址的時候,交換機(jī)將把幀F(xiàn)lood洪泛到一切與源MAC地址所在同一VLAN端口和Trunk端口，除源端口。6.1.2VLAN操作6.1.3VLAN成員方式靜態(tài)VLAN：基于端口手工配置動態(tài)VLAN：運用VLAN管理戰(zhàn)略效力器VMPS6.1.4中繼/主干鏈路Trunk Link訪問鏈路(Access Link)：VLAN內(nèi)部的鏈路，它只假定是廣播域的一部分,幀在發(fā)到一個訪問鏈路之前要

3、刪除一切的VLAN信息。中繼鏈路(Trunk Link)：可以是單個端口也可以是多個VLAN的一部分,可承載多個VLAN信息。Trunk端口帶寬必需是100Mbps以上。IEEE 802.1Q Trunk802.1Q幀本征VLAN Native VLANISL是Cisco公用協(xié)議，用于封裝和中繼VLAN的流量ISL接口必需至少支持100M bit/s速率，引薦運用全雙工方式ISL由ASIC硬件完成，擁有更高的性能ISL任務(wù)在OSI模型的第二層上，封裝時添加新的數(shù)據(jù)頭和CRCISL trunk可以使VLAN穿越主干backboneISL TrunkISL封裝 2004 Cisco Systems

4、, Inc. All rights reserved.ICND v2.22-1606 VLAN和生成樹協(xié)議6.2VLAN Trunk ProtocolVTPVTP是一個二層協(xié)議，用于在網(wǎng)絡(luò)中維護(hù)VLAN的配置信息添加、刪除和更改；運用VTP，可以堅持VLAN配置的一致性；一個以上共享VTP域名的相互銜接的交換機(jī)構(gòu)成一個VTP域；僅在干道上傳送VTP通告信息。6.2.1VTP特點6.2.2VTP的任務(wù)方式VTP通告以組播方式發(fā)送VTP效力器和客戶機(jī)經(jīng)過VTP修訂號進(jìn)展信息同步每5分鐘或者當(dāng)VLAN配置變化時發(fā)送VTP通告Note: VTP透明方式交換機(jī)的通告的修訂號總是06.2.3VTP操作6.

5、2.4VTP修剪Pruning 2004 Cisco Systems, Inc. All rights reserved.ICND v2.22-2106 VLAN和生成樹協(xié)議6.3配置VLAN6.3.1VLAN配置指南支持的VLAN數(shù)量取決于交換機(jī)型號大部分Catalyst桌面交換機(jī)支持64個VLANCDP和VTP通告在VLAN 1上傳輸交換機(jī)的IP地址設(shè)置在管理VLAN上默以為VLAN 1只需處于效力器和透明方式的交換機(jī)可以添加、刪除VLAN2950交換機(jī)可以支持250個VLAN1添加一個VLANCatalyst 2950 SeriesSwitch#configure terminalSwi

6、tch(config)#vlan 2Switch(config-vlan)#name VLAN2wg_sw_a(config-vlan)#name vlan-namewg_sw_a#configure terminal wg_sw_a(config)#vlan 2wg_sw_a(config-vlan)#name switchlab22劃分交換機(jī)的端口到VLANCatalyst 2950 Serieswg_sw_2950(config-if)#switchport access vlan vlan# | dynamicwg-sw_2950#configure terminalwg_sw_295

7、0(config)#interface fastethernet 0/2wg_sw_2950(config-if)#switchport access vlan 2 wg_sw_2950#sh vlanVLAN Name Status Ports- - - - default active Fa0/1, Fa0/3, Fa0/4 . . . . .2 vlan2 active Fa0/23執(zhí)行添加、挪動、和改動VLANwg_sw_a(config)#vlan vlan-idwg_sw_a(config-vlan)#Enters the privileged EXEC VLAN configur

8、ation modeWrites VLAN adds, moves, and changes to the vlan.dat filewg_sw_a(config-if)#switchport access vlan vlan# Statically assigns a VLAN to a specific port4檢查VLANCatalyst 2950 Serieswg_sw_2950#sh vlan id 2VLAN Name Status Ports- - - -2 switchlab99 active Fa0/2, Fa0/12VLAN Type SAID MTU Parent Ri

9、ngNo BridgeNo Stp BrdgMode Trans1 Trans2- - - - - - - - - - -2 enet 100002 1500 - - - - - 0 0. . .wg_sw_2950#wg_sw_2950#show vlan brief | id vlan-id | name vlan-namewg_sw_2950#show vlan briefVLAN Name Status Ports- - - -1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 2 vlan2 active3 vlan3 active4 vlan4

10、active1002 fddi-default act/unsup1003 token-ring-default act/unsupVLAN Name Status Ports- - - -1004 fddinet-default act/unsup1005 trnet-default act/unsupwg_sw_2950#show vlan brief檢查VLAN的成員關(guān)系wg_sw_2950#show interfaces interface switchport6.3.2配置Trunk Link1配置802.1Q Trunkwg_sw_a(config-if)#switchport m

11、ode trunk Configures the port as a VLAN trunk Note: 2950交換機(jī)只支持802.1Q封裝類型wg_sw_a(config-if)#switchport trunk encapsulation dot1q 2配置ISL Trunkwg_sw_4000(config)# interface fastethernet | gigabitethernet slot/port 選擇一個將要被配置為Trunk的端口wg_sw_4000(config-if)# shutdown可選項封鎖端口，阻止流量經(jīng)過，直到配置完成wg_sw_4000(config-i

12、f)# switchport trunk encapsulation isl | dot1q | negotiate 可選項配置特定的封裝。wg_sw_4000(config-if)# switchport mode dynamic auto | desirable | trunk配置接口作為第二層Trunk配置ISL Trunk實例wg_sw_4000#configure terminalwg_sw_4000(config-if)#interface gigabitEthernet 2/24wg_sw_4000(config-if)#shutdownwg_sw_4000(config-if)

13、#switchport trunk encapsulation islwg_sw_4000(config-if)#switchport mode trunkwg_sw_4000(config-if)#no shutdown Note: 不是一切的Catalyst系列交換機(jī)都支持ISL3檢查Trunkwg_sw_2950#show interfaces interface switchport | trunk wg_sw_2950#show interfaces fa0/11 switchportName: Fa0/11Switchport: EnabledAdministrative Mode

14、: trunkOperational Mode: downAdministrative Trunking Encapsulation: dot1qNegotiation of Trunking: OnAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default) . . .wg_sw_2950#show interfaces fa0/11 trunkPort Mode Encapsulation Status Native vlanFa0/11 desirable 802.1q trunking 1Port Vlans a

15、llowed on trunkFa0/11 1-4094Port Vlans allowed and active in management domainFa0/11 1-136.3.3 VLAN之間的路由經(jīng)過三層設(shè)備如路由器，三層交換機(jī)可以實現(xiàn)VLAN之間的路由單臂路由Router on a stick將一個物理接口劃分成多個邏輯子接口Sub-interface來實現(xiàn)VLAN之間的路由叫單臂路由 Router on a stick 1運用ISL Trunk實現(xiàn)VLAN之間的路由2運用802.1Q實現(xiàn)VLAN之間的路由VLAN之間路由配置 實例12950#config t2950(confi

16、g)#int f0/12950(config-if)#switchport mode trunk2950(config-if)#int f0/22950(config-if)#switchport access vlan 12950(config-if)#int f0/32950(config-if)#switchport access vlan 22950(config)#int vlan 12950(config-if)#ip address 172.16.10.2 255.255.255.1282950(config-if)#no shutdownRouter#config tRoute

17、r(config)#int f0/0Router(config-if)#no ip addressRouter(config-if)#no shutdownRouter(config-if)#int f0/0.1Router(config-subif)#encapsulation dot1q 1Router(config-subif)#ip address 172.16.10.1 255.255.255.128Router(config-subif)#int f0/0.2Router(config-subif)#encapsulation dot1q 2Router(config-subif)

18、#ip address 172.16.10.254 255.255.255.128VLAN之間路由配置 實例22950#config t2950(config)#int f0/12950(config-if)#switchport mode trunk2950(config-if)#int f0/22950(config-if)#switchport access vlan 12950(config-if)#int f0/32950(config-if)#switchport access vlan 12950(config-if)#int f0/42950(config-if)#switch

19、port access vlan 32950(config-if)#int f0/52950(config-if)#switchport access vlan 32950(config-if)#int f0/62950(config-if)#switchport access vlan 2VLAN之間路由配置 實例2續(xù)VLAN 1: 192.168.10.16/28VLAN 2: 192.168.10.32/28VLAN 3: 192.168.10.48/28Router#config tRouter(config)#int f0/0Router(config-if)#no ip addre

20、ssRouter(config-if)#no shutdownRouter(config-if)#int f0/0.1Router(config-subif)#encapsulation dot1q 1Router(config-subif)#ip address 192.168.10.17 255.255.255.240Router(config-subif)#int f0/0.2Router(config-subif)#encapsulation dot1q 2Router(config-subif)#ip address 192.168.10.33 255.255.255.240Rout

21、er(config-subif)#int f0/0.3Router(config-subif)#encapsulation dot1q 3Router(config-subif)#ip address 192.168.10.49 255.255.255.240VTP domain name VTP mode (server, client, or transparent); server mode is defaultVTP pruningVTP passwordVTP version當(dāng)添加一個新的交換機(jī)到當(dāng)前域中時要小心。為阻止一個新添加的交換機(jī)去通告一個錯誤的VLAN信息。應(yīng)該將新添加的交

22、換機(jī)的任務(wù)方式改動為透明方式Transparent Mode，使其VTP修訂號 revision number 重置為06.3.4VTP配置指南1創(chuàng)建一個VTP DomainCatalyst 2950 Serieswg_sw_2950#config terminalwg_sw_2950(config)#vtp mode server | client | transparent wg_sw_2950(config)#vtp domain domain-name wg_sw_2950(config)#vtp password passwordwg_sw_2950(config)#vtp prun

23、ingwg_sw_2950(config)#endVTP配置實例Switch(config)#vtp domain ICNDChanging VTP domain name to ICNDSwitch(config)#vtp mode transparentSetting device to VTP TRANSPARENT mode.Switch(config)#endSwitch#show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 64Number of exist

24、ing VLANs : 17VTP Operating Mode : TransparentVTP Domain Name : ICNDVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0 x7D 0 x6E 0 x5E 0 x3D 0 xAF 0 xA0 0 x2F 0 xAAConfiguration last modified by 10.1.1.4 at 3-3-93 20:08:05Switch#2檢查VTP配置wg_sw_2950#show vtp

25、 statuswg_sw_2950#show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 64Number of existing VLANs : 17VTP Operating Mode : ServerVTP Domain Name : ICND_labVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0 x7D 0 x6E 0 x

26、5E 0 x3D 0 xAF 0 xA0 0 x2F 0 xAAConfiguration last modified by 10.10.10.40 at 3-3-93 20:08:056.3.5交換機(jī)VLAN排錯Problem:兩個設(shè)備不能通訊檢查IP地址、子網(wǎng)掩碼以及VLAN成員資歷等設(shè)置能否正確；假設(shè)主機(jī)與交換機(jī)接口在同一子網(wǎng)，檢查交換機(jī)接口和主機(jī)所銜接的端口能否在同一個VLAN中；假設(shè)主機(jī)在不同子網(wǎng)，檢查交換機(jī)的默許網(wǎng)關(guān)設(shè)置；假設(shè)端口處于監(jiān)聽和學(xué)習(xí)形狀，等端口轉(zhuǎn)為轉(zhuǎn)發(fā)形狀再次嘗試；檢查主機(jī)和交換機(jī)相應(yīng)端口的雙工和速率設(shè)置；假設(shè)端口銜接的設(shè)備是終端用戶，啟用portfast并禁用trun

27、k；檢查交換機(jī)能否學(xué)習(xí)到了主機(jī)的MAC地址。Problem:設(shè)備不能經(jīng)過Trunk建立銜接保證鏈路兩端的Trunk設(shè)置是正確的保證鏈路兩端的封裝類型一致在802.1Q Trunk上，保證兩端的本地VLAN是同一個Problem: VTP不能正常更新配置保證交換機(jī)之間的銜接是在Trunk線路上；保證交換機(jī)的VTP域名配置是一致的；檢查交換機(jī)VTP的方式；假設(shè)設(shè)置了VTP密碼，保證密碼一致。 2004 Cisco Systems, Inc. All rights reserved.ICND v2.22-4806 VLAN和生成樹協(xié)議6.4在VLAN中運用生成樹協(xié)議6.4.1生成樹協(xié)議類型引見Spa

28、nning Tree ProtocolSTPPer VLAN Spanning TreePVST Per VLAN Spanning Tree+ (PVST+) Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP)MSTP is also known as Multi-Instance Spanning Tree Protocol (MISTP) on Cisco Catalyst 6500 switches and above Per VLAN Rapid Spanning Tree (PVRST

29、)Root for Green VLANRoot for Red VLANISL Tagged TrunkAllows control of forwarding paths on a subnet basisCreates flexible design tools for traffic managementProvides simple techniques for Layer 2 redundancyForwarding Port for Red VLANForwarding Port for Green VLANBlocking Port for Green VLANBlocking

30、 Port for Red VLAN1PVST Per VLAN Spanning Tree，每VLAN生成樹Per VLAN Spanning Tree (Cont.)2PVST+PVST+是Cisco交換機(jī)默許生成樹類型；PVST+ 是 CISCO 處理在VLAN上處置生成樹問題的另一個方案。PVST+ 允許 CST 信息傳給 PVST，以便與其他廠商在 VLAN 上運轉(zhuǎn)生成樹的實現(xiàn)方法進(jìn)展操作STP ZoneIEEE文檔IEEE 802.1D - Media Access Control (MAC) bridgesIEEE 802.1Q- Virtual Bridged Local Ar

31、ea NetworksIEEE 802.1w- Rapid Reconfiguration (Supp. to 802.1D) IEEE 802.1s- Multiple Spanning Tree (Supp. to 802.1Q)6.4.2Cisco生成樹協(xié)議的加強(qiáng)型特征端口快速PortFast上行鏈路快速UplinkFast主干快速BackboneFast1端口快速PortFast配置PortFast在接口配置方式中配置PortFast：Switchconfig-if# spanning-tree portfast 在全局方式下將一切非Trunk端口配置成PortFast：Switchc

32、onfig#spanning-tree portfast default檢查配置：Switch#show running-config Switch#show interface 接口UplinkFast最小化網(wǎng)絡(luò)停工時間Minimize network downtime交換機(jī)之間的銜接小于5s收斂UplinkFast is for fast spanning-tree uplink convergence in 5 seconds for inter-switch connectionsNew Forwarding Path forVLAN RedNormalForwardingLinkEn

33、d-User PC2上行鏈路快速UplinkFast?UplinkFastEnabling UplinkFastSwitch(config)#spanning-tree uplinkfast max-update-rate max_update_rate Enables UplinkFastVerifying UplinkFastSwitch# show spanning-tree uplinkfast UplinkFast is enabledStation update rate set to 150 packets/sec.UplinkFast statistics-Number of

34、transitions via uplinkFast (all VLANs) :9Number of proxy multicast addresses transmitted (all VLANs) :5308Name Interface List- -VLAN1 Fa6/9(fwd), Gi5/7VLAN2 Gi5/7(fwd)VLAN3 Gi5/7(fwd)VLAN4VLAN5VLAN1002 Gi5/7(fwd)VLAN1003 Gi5/7(fwd)VLAN1004 Gi5/7(fwd)VLAN1005 Gi5/7(fwd)Switch# show spanning-tree upli

35、nkfast Displays UplinkFast configuration information3BackboneFast主干快速開啟和檢查BackboneFastSwitch#show spanning-tree backbonefast BackboneFast is enabled BackboneFast statistics-Number of transition via backboneFast (all VLANs) : 0Number of inferior BPDUs received (all VLANs) : 0Number of RLQ request PDU

36、s received (all VLANs) : 0Number of RLQ response PDUs received (all VLANs) : 0Number of RLQ request PDUs sent (all VLANs) : 0Number of RLQ response PDUs sent (all VLANs) : 0Switch(config)#spanning-tree backbonefastEnables BackboneFastSwitch#show spanning-tree backbonefastDisplays BackboneFast config

37、uration information 2004 Cisco Systems, Inc. All rights reserved.07Configuring Catalyst Switch Operations6.4.3RSTP快速生成樹協(xié)議1RSTPRapid Spanning Tree Protocol，快速生成樹協(xié)議概述2RSTP 端口形狀3RSTP端口角色4Edge Ports邊緣端口 永遠(yuǎn)不會是交換機(jī)銜接到它；馬上轉(zhuǎn)變成轉(zhuǎn)發(fā)形狀；功能類似于PortFast經(jīng)過spanning-tree portfast命令配置5RSTP鏈路類型RSTP的鏈路類型分為共享鏈路和點到點鏈路；鏈路類型是從

38、端口的雙工方式duplex mode自動獲取的。默許時，操作在全雙工方式的端口被以為是點對點的，而操作在半雙工方式的端口被以為是共享端口。6RSTP BPDU中的Flag字段7PVRST命令Cisco不支持純粹的RSTP,支持PVRSTPer VLAN Rapid-Spanning-tree，每VLAN快速生成樹Configuringspanning-tree mode rapid-pvstVerifying show spanning-tree vlan 101Debuggingdebug spanning-tree如何實現(xiàn)PVRST 檢查PVRST Display spanning tree mod