Shulou(Shulou.com)06/01 Report--

Basic switching technology

This paper will show the key knowledge points in the basic switching technology through experiments, which are mainly based on the actual configuration & key points of attention, and the basic concepts will not be explained.

Experimental environment:

GNS3, layer 3 switch uses C3640 + switching interface simulation, layer 2 switch uses C3640 + switching interface + turn off routing function simulation, DHCP server & host uses C7200 + turn off routing function simulation

Contains technology:

Switching technology: VTP creates synchronous VLAN, divides VLAN, and configures trunk

Switching redundancy Technology: Etherchannel

Exchange guard ring & diversion technology: STP

Switching Security Technology: port-security

Switched communication technology: layer 3 switched communication, DHCP

The final realization:

The DHCP sends the corresponding VLAN network segment, and the VLAN can communicate with each other; the VLAN10 traffic takes the SW2-SW1 main route, the backup route SW2-SW3-SW1,VLAN20 traffic takes the SW2-SW3-SW1 main route, and the backup route SW2-SW1, which can automatically switch the backup route in case of link failure; link redundancy is done between SW2 and SW3.

The VLAN10 segment is 192.168.1.X gateway is 1.254 VLAN20 segment is 192.168.2.X gateway is 2.254 VLAN30 segment is 192.168.3.X gateway is 3.254, and the gateways are all SW1.

Related key configurations:

VTP configuration and create synchronous vlan

SW1 is configured as server, and other SW synchronizes with it

SW1#vlan database

SW1 (vlan) # vtp server # configure the VTP role

SW1 (vlan) # vtp domain rex # can be synchronized only if the domain name is consistent

SW1 (vlan) # vtp password 123 # password is the same before synchronization

SW1 (vlan) # exit

APPLY completed.

Exiting....

SW2#vlan database

SW2 (vlan) # vtp client

SW2 (vlan) # vtp domain rex

SW2 (vlan) # vtp password 123

SW2 (vlan) # exit

APPLY completed.

Exiting....

SW3 is the same as SW2

View VTP

SW1#show vtp status

VTP Version: 2

Configuration Revision: those with lower version numbers learn from those with higher version numbers.

Maximum VLANs supported locally: 256

Number of existing VLANs: 9

VTP Operating Mode: Server

VTP Domain Name: rex

VTP Pruning Mode: Disabled

VTP V2 Mode: Disabled

VTP Traps Generation: Disabled

MD5 digest: 0xA6 0x66 0x1F 0x39 0x33 0x80 0x2F 0x7B

Configuration last modified by 0.0.0.0 at 3-1-02 00:57:51

Local updater ID is 0.0.0.0 (no valid interface found)

VTP clipping

SW (config) # vtp pruning

Create a partition VLAN

Create vlan other SW automatic synchronization in SW1

SW1#vlan database

SW1 (vlan) # vlan 10

VLAN 10 added:

Name: VLAN0010

SW1 (vlan) # vlan 20

VLAN 20 added:

Name: VLAN0020

SW1 (vlan) # vlan 30

VLAN 30 added:

Name: VLAN0030

SW1 (vlan) # exit

APPLY completed.

Exiting....

View the vlan library

SW1#show vlan-sw

VLAN Name Status Ports

1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3

Fa0/4, Fa0/5, Fa0/6, Fa0/7

Fa0/8, Fa0/9, Fa0/10, Fa0/11

Fa0/12, Fa0/13, Fa0/14, Fa0/15

Fa1/0, Fa1/1, Fa1/2, Fa1/3

Fa1/4, Fa1/5, Fa1/6, Fa1/7

Fa1/8, Fa1/9, Fa1/10, Fa1/11

Fa1/12, Fa1/13, Fa1/14, Fa1/15

10 VLAN0010 active

20 VLAN0020 active

30 VLAN0030 active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

Partition VLAN

SW2 (config) # interface fastEthernet 0amp 3

SW2 (config-if) # sw access vlan 10

SW2 (config-if) # exit

Other SW is divided according to the architecture diagram

Check the partition status

SW2 (config) # do show vlan-sw

VLAN Name Status Ports

1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa1/0

Fa1/1, Fa1/2, Fa1/3, Fa1/4

Fa1/5, Fa1/6, Fa1/7, Fa1/8

Fa1/9, Fa1/10, Fa1/11, Fa1/12

Fa1/13, Fa1/14, Fa1/15

10 VLAN0010 active Fa0/3

Configure trunk

SW1 (config) # interface f0and0

SW1 (config-if) # sw trunk encapsulation do

SW1 (config-if) # sw trunk encapsulation dot1q

SW1 (config-if) # sw mode trunk

SW1 (config-if) # do show int trun

Port Mode Encapsulation Status Native vlan

Fa0/0 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/0 1-1005

Port Vlans allowed and active in management domain

Fa0/0 1,10,20,30

Port Vlans in spanning tree forwarding state and not pruned

Fa0/0 none

Other SW equivalents configure trunk in the same way

Trunk flow Control Technology-allowed

SW2 (config-if) # int f0and0

SW2 (config-if) # sw trunk allowed vlan all

Other SW equivalents configure trunk in the same way

Trunk Traffic Optimization Technology-native-vlan

Native-vlan traffic is not tagged. For direct forwarding with original tags different from local vlan, setting vlan with large data volume to local vlan can save data packet space and reduce link bandwidth pressure.

SW1 (config) # interface f0and0

SW1 (config-if) # sw trunk native vlan 10

So between SW1 and SW2, native vlan 10 between SW2 and SW3, native vlan 20.

Configure enterchannel

Between SW2 and SW3

Interface FastEthernet0/1

Switchport trunk native vlan 20

Switchport mode trunk

Channel-group 1 mode on

Interface FastEthernet0/2

Switchport trunk native vlan 20

Switchport mode trunk

Channel-group 1 mode on

Interface Port-channel1

Switchport trunk native vlan 20

Switchport mode trunk

Turn it off before configuration, and the vlan configuration of the channel should be consistent with the included port! Otherwise, if there is a protocol error, it will down.

STP configuration

STP is enabled by default

Modify the corresponding priority and set the blocking port internally to control the direction of the corresponding VLAN traffic.

Coordinated modification is adopted here to make SW1 the root switch of VLAN10, SW3 the root switch of VLAN20, blocking SW2-SW3 for VLAN10 and SW2-SW1 for VLAN20, thus controlling the flow direction.

SW1:spanning-tree vlan 10 priority 4096

SW3:spanning-tree vlan 20 priority 4096

Layer 3 communication configuration

SW1 (config) # ip routing # enables routing

SW1 (config) # int vlan 10

SW1 (config-if) # ip address 192.168.1.254 255.255.255.0

SW1 (config-if) # no shut

SW1 (config-if) # exit

VLAN20,30 refers to the configuration

DHCP configuration

DHCP (config) # int f0and0

DHCP (config-if) # ip add 192.168.3.1 255.255.255.0

DHCP (config-if) # no shut

DHCP (config-if) # exi

DHCP (config) # ip default-gateway 192.168.3.254

DHCP (config) # ip dhcp pool A# configure VLAN10 address pool

DHCP (dhcp-config) # network 192.168.1.0 255.255.255.0

DHCP (dhcp-config) # default-router 192.168.1.254

DHCP (dhcp-config) # dns-server 8.8.8.8

DHCP (dhcp-config) # lease 33

DHCP (dhcp-config) # exit

DHCP (config) # ip dhcp pool B # # configure VLAN20 address Pool

DHCP (dhcp-config) # network 192.168.2.0 255.255.255.0

DHCP (dhcp-config) # default-router 192.168.2.254

DHCP (dhcp-config) # dns-server 8.8.8.8

DHCP (dhcp-config) # lease 33

DHCP (dhcp-config) # exit

DHCP Relay configuration

SW1 (config) # int vlan 10

SW1 (config-if) # ip helper-address 192.168.3.1

SW1 (config-if) # exit

SW1 (config) # int vlan 20

SW1 (config-if) # ip helper-address 192.168.3.1

SW1 (config-if) # exit

When the DHCP request packet arrives at the SW1 gateway, it is directed to the corresponding address pool according to its VLAN

Port-security configuration

Configure at the entrance! For example, the 0max 3 interface of SW3

(config) # in f0bin1

(config-if) # switchport mode access

(config-if) # switchport port-security / / enable port security

(config-if) # switchport port-security mac-address? / / define how to learn secure MAC tables

H.H.H 48 bit mac address / / static binding

Sticky Configure dynamic secure addresses as sticky / / dynamic learning

(config-if) # switchport port-security maximum 1 / / defines the number of entries stored in the secure MAC table as 1

(config-if) # switchport port-security violation? / / define punishment mode

Protect Security violation protect mode / / discard illegal traffic

Restrict Security violation restrict mode / / discard illegal traffic and send alarm messages

Shutdown Security violation shutdown mode / / discard illegal traffic and softly shut down this interface

Automatic recovery

Choose bpduguard in errdisable recovery cause (reason)

Err recovery interval 30max / default 300 seconds after the interface is automatically restored

View commands:

Show port-security address

Show port-security interface f0/1

Due to the limited time and space, there is not much description of the concepts related to knowledge, and there is a little omission of the relevant configuration. If the reader has any questions during the simulation experiment, please leave a message!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.