In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
1/74
Routing and switching
OSI Open system Interconnection Network layer 7 (from high level to low layer):
Application layer: generally refers to all kinds of application software.
Presentation layer: data representation (format), data encoding and decoding. Common formats are text, voice, video, pictures, images and so on.
Session layer: the establishment and closure of session sessions. It includes the establishment of the network service process and the data processing method after the client accesses the server.
Transport layer: the port number is used to identify the source and destination address of the data.
Network layer: IP addressing and routing. The source and destination addresses of the data are identified by IP addresses.
Data link layer: identifies the source and destination address of the data by MAC address.
Physical layer: usually refers to the electronic and electrical standards of physical hardware. Such as network cable, crystal head, network card interface, optical fiber interface and so on.
Coding: write a set of code. (numeric or alphabetical code for code)
Decode: explain a set of codes. (translate the code into something meaningful)
Encryption: the process of converting plaintext into ciphertext.
Decryption: the process of converting ciphertext into plaintext.
Plaintext: a text that human beings can read.
Ciphertext: text that humans cannot read.
Q: what is IP addressing in the network layer? What is routing?
A:IP addressing is to find the destination IP address (that is, the recipient address) in the packet.
Routing refers to the route that the router chooses to deliver the data to the destination according to the destination IP address and then goes to its own routing table.
Cheng.
A router is equivalent to a courier in real life or a road sign at a crossroads.
View the routing table in the system:
Win7/10 system: Win+R--- > cmd--- > route print
Linux system: route-n or netstat-r
Router IOS system: show ip route
The contents of the information recorded in the routing table:
Destination network address destination subnet mask (netmask) next-hop IP address (that is, gateway gateway)
192.168.11.0 255.255.255.0 192.168.11.2
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1 255.255.255.255 127.0.0.1
127.255.255.255 255.255.255.255 127.0.0.1
What are two parts of an Q:IP address? What is the basis for classifying IP addresses? What is the value range of A, B, C IP respectively?
The A:IP address consists of a network number and a host number.
IP addresses are classified according to the range of values of the first number in the network number.
Category A: 1-127
Category B: 128 / 191
Category C: 192 / 223
What is a network address in an Q:IP address? What is a broadcast address? What is the range of reserved IP addresses for DHCP? Local loopback test IP
What's the address? What does the local loopback test address represent?
A: network address, where the host bit (bit) in the IP address is all zero IP address, such as 192.168.11.0
Broadcast address, an IP address where the host bit (bit) is an all-1 IP address, such as 192.168.11.255
2/74
The reserved IP address of DHCP is in the range of 169.254.0.0" 169.254.255.255.
The local loopback test IP address is 127.0.0.1 range 127.0.0.1 "127.255.255.255
The local loopback test address represents the local machine itself
What are the default subnet masks for class A, B, and C IP addresses? What is the purpose of the subnet mask? What can the subnet mask do?
A: subnet mask
Class A: 255.0.0.0 subnet mask prefix: / 8
Class B: 255.255.0.0 subnet mask prefix: / 16
Class C: 255.255.255.0 subnet mask prefix: / 24
The function of the subnet mask: clearly identify the network bits and host bits in the IP address.
The subnet mask can be used for subnetting.
Q: how is subnetting achieved through a subnet mask? How is the supernet realized?
A: subnetting-borrows the host bit bit in the IP address to act as the network bit bit.
Supernet-borrow the network bit bit in the IP address to act as the host bit bit.
What are the possible subnet masks for subnetting of class C IP?
A:
The power of 2 7 6 5 4 3 2 1 0
Decimal 128 64 32 16 8 4 2 1
The possible subnet masks for subnetting of Class C IP are as follows:
/ 24:255.255.255.0
/ 25:255.255.255.128
/ 26:255.255.255.192
/ 27:255.255.255.224
/ 28:255.255.255.240
/ 29:255.255.255.248
/ 30:255.255.255.252
/ 31:255.255.255.254
/ 32virtual 255.255.255.255 network terminology:
Network topology: a logical diagram used to describe the connections of network devices.
The network topology diagram of home broadband is as follows:
Personal computer-> Network Cable-> ADSL Router / Optical Cat-> Optical Fiber-> ISP operator
ISP: Internet Service provider (Internet service Provider)
ADSL: asymmetric Digital subscriber Line (Asymmetric Digital Subscriber Line). Because of the data upload and download speed of this broadband
Is different, so it's called asymmetry.
ISDN: integrated service digital network.
DDN: digital data network.
POE: active Ethernet. The POE switch can directly power the network surveillance camera in the network through the network line.
3/74
PTN: (packet Transport Network, Packet Transport Network) refers to such an optical transport network architecture and specific technology: in IP services
A layer is set up between the underlying optical transmission medium and the underlying optical transmission medium, which is designed to meet the requirements of the burst of packet traffic and statistical multiplexing transmission.
Packet service is the core and supports multi-service provision, with lower overall cost of use (TCO), while adhering to the traditional advantages of optical transmission, packet
It includes high availability and reliability, efficient bandwidth management mechanism and traffic engineering, convenient OAM and network management, scalability, high security and so on.
Packet switching network:?
LAN: local area network. Switches are usually used to form a local area network.
WAN: wide area network. Routers are usually used to connect two or more Lans.
Vlan: virtual local area network. Using layer 2 network technology, the ports of the switch are logically divided into different groups (virtual local area networks), each vlan
There is a separate vlan number (that is, group number). It is impossible to communicate between vlan by default. If you want to communicate, you must use the router to forward the data.
Physical address of the host: that is, the MAC address of the host network card (that is, the physical address). Use ifconfig in linux to look up the mac address of the network card, win7/10
Use ipconfig / all or getmac to check.
The logical address of the host: the IP address.
The host is on the same physical network: the physical network cable of the host is connected to the same switch, or even if the switches are cascaded.
The host is on the same logical network: the host IP address has the same network number. Which of the following five IP addresses are on the same logical network?
Collaterals.
192.168.11.11 192.168.11.12 192.168.15.11 192.168.16.8 192.168.20.5
× ×: virtual private network
WiFi: what is the maximum transmission distance of an ordinary wifi wireless network?
The maximum transmission distance of twisted pair network cable is 100 meters. If the distance is more than 100 meters, a signal amplifier (that is, a repeater, which can be a switch,
HUB device). The maximum number of repeaters in the network is no more than 4. When the transmission distance is longer than? We have to consider the use of optical fiber for signal transmission.
Bluetooth Bluetooth: the maximum distance of theoretical transmission is 10 meters. How many bytes per second can Bluetooth 1.0 transmit at? Transmission speed of Bluetooth 2.0
How many bytes per second can be reached?
AP: wireless access Point (WirelessAccessPoint)
Fat AP: wireless router belongs to fat AP. It has its own hypervisor and can be managed on its own.
Thin AP: compared with fat AP, there is no wifi hypervisor. You must manage this AP device through AC in order to use AP properly.
Thin AP wireless network topology: AC controller-> one or more thin AP
Router Foundation:
The router works at layer 3 (the network layer) of the OSI open systems interconnection model, and its main functions are IP addressing and routing. Actually, IP addressing
And routing forwarding is a packet forwarding (forward) process.
Q: (must) if the host of the linux system is to be used as a router, how can the routing and forwarding function be implemented in the linux system?
A: method 1 (preferred): temporarily turn on the route forwarding function and execute the following command.
4/74
Cat / proc/sys/net/ipv4/ip_forward
Echo 1 > / proc/sys/net/ipv4/ip_forward
Method 2 (alternative): temporarily turn on the routing forwarding function and execute the following command.
Sysctl-a | grep ip_forward
Sysctl-w net.ipv4.ip_forward=1
Sysctl-a | grep ip_forward
Method 3 (alternative): temporarily turn on the route forwarding function and execute the following command.
First, vim / etc/sysctl.conf adds the following
Net.ipv4.ip_forward=1
Then, execute sysctl-p to make the settings in the sysctl.conf configuration file take effect immediately.
Finally, check and accept. Sysctl-a | grep ip_forward or cat / proc/sys/net/ipv4/ip_forward.
Note: the / etc/sysctl.conf configuration file is a configuration file controlled by the kernel of the linux system and is usually used for kernel tuning. / etc/sysctl.d
The directory is used to store the subconfiguration files of sysctl.conf.
Activity: be familiar with the directly connected routing usage of the Cisco PT Simulator. Design the network topology diagram shown in the following figure in the PT simulator, and give the host and route
The interface of the device is set to the correct IP address, subnet mask, and gateway. And use ping to test the network communication status between hosts.
Directly connected routing: that is, the router is directly connected to two Lans with different network numbers.
How to configure directly connected routes: configuring IP addresses on the interfaces of routers will automatically generate directly connected routing notes in the routing table (route table).
Record. Use do show ip route to look up routing table records. The result of the routing table record of the query is as follows.
C 192.168.11.0/24 is directly connected, FastEthernet0/0
C 192.168.12.0 is directly connected 24 is directly connected, the mode of operation of the FastEthernet0/1 router:
User mode: the command prompt is router >. The main thing is to enter privileged mode with enable.
Privileged mode: the command prompt is router#. Mainly query, save and delete the configuration file information of the router, and also execute ping
Test the command. You can use config t to enter the global configuration file.
Global configuration mode: the command prompt is router (config) #. It mainly sets up the router, such as login password, interface IP address,
Static routing, dynamic routing, welcome words, system time, etc. You can use exit to return to the previous action prompt and end to return to special
Power mode.
Interface (interface) configuration mode: the command prompt is router (config-if) # It is mainly used to set parameters such as interface IP.
Tip: you can use the do command to execute commands in privileged mode in global configuration mode. For example, do show ip route, and for example
Do ping 192.168.11.1 . Exercise: save a copy of the topology diagram of the above exercise by ctrl+S, and the file name is "directly connected routing". Once confirmed, ctrl+shift+s saves the topology diagram.
A file called static static Route. Then modify the topology diagram directly as shown below. Then, add one to each router
The correct static static route records, and show ip route look up the routing table records, and finally use 192.168.11.11 this host ping the most
The interface IP address of the router on the right and the IP address of the rightmost computer ensure that the network is open.
Router management commands:
Look up routing table records: show ip route
Add a static route record: ip route destination network address destination subnet mask next-hop IP address (i.e. gateway IP)
Example: ip route 192.168.13.0 255.255.255.0 192.168.12.2
Additional exercise: continue to expand the network above to the right, design the new network topology diagram shown in the following figure, and set up the relevant IP address, static
Route record, and finally do the ping test.
Static route: a routing record manually added by a network engineer in the router's IOS system using the ip route command.
Advantages: it takes up less CPU and memory resources, so it is suitable for small networks with fixed network topology.
Disadvantages: if the size of the network expands or changes, the network engineer has to re-modify the routing settings for each router.
Dynamic routing: routers use dynamic routing protocols to automatically learn the routing records in the routing table of neighboring routers, which can be connected with the network.
Changes in status, automatically update the routing table.
Common dynamic routing protocols are as follows:
RIP:Routing Information Protocol, routing information protocol. A protocol that belongs to a distance vector routing algorithm. The maximum is 15 hops. Exceed
15 hops will make the route unreachable. The default refresh period for RIP is 30 seconds.
OSPF:Open Shortest Path First Open shortest path first.
BGP:Border Gateway Protocol, Border Gateway Protocol
IGP:Interior Gateway Protocol, Interior Gateway Protocol
EGRP:exterior gateway routing protocol external Gateway routing Protocol
Clear the routing table record in privileged mode:
Configuration commands for RIP protocol: setting in global configuration mode
Router > enable switch (enter) to privileged mode
Router# config terminal switches (enters) to global configuration mode
Router (config) # no ip domain-lookup turns off domain name resolution (required), otherwise it will get stuck and prompt when the command is entered incorrectly
255.255.255.255 (press ctrl+shift+6 to force exit this stutter).
Router (config) # router rip enters the rip routing configuration
Router (config) # version 2 enables version 2 of rip protocol
Router (config) # network 192.168.11.0 issues rip route advertisements for this segment (the network address of the directly connected segment)
Router (config) # network 192.168.12.0 issues rip route advertisements for this segment (the network address of the directly connected segment)
Router (config) # do show ip route or end before performing show ip route
Security configuration of router: three login passwords
Password 1. Login password configuration for privileged mode (required):
Router > user mode
Router > enable switch to privileged mode
Router# config terminal switches (enters) to global configuration mode
Router (config) # enable password mingwen set plaintext password (low priority)
Router (config) # enable secret miwen sets ciphertext password (high priority)
Router (config) # do write or end before performing write
Router (config) # end returns to privileged mode
Router# show running views the running configuration and status information of the router
Login Verification Test:
Router (config) # end
Router# exit exit
When you enter router > enable, you will be prompted to enter a password, and you can only log in with a ciphertext password for the test.
6/74
Password 2. Login password configuration of console control interface (required):
Router > user mode
Router > enable switch to privileged mode
Router# config terminal switches (enters) to global configuration mode
Router (config) # line console 0 configure console 0 interface
Router (config-line) # password conpass set login password to conpass
Router (config-line) # login for login authentication
Router (config) # do write or end before performing write
Router (config) # end returns to privileged mode
Router# show running views the running configuration and status information of the router
Login Verification Test:
Router (config) # end
After router# exit exits, you will be prompted to enter your password by pressing enter key. You can log in with the password conpass at this time.
Password 3. Telnet remote login password configuration (required):
Router > user mode
Router > enable switch to privileged mode
Router# config terminal switches (enters) to global configuration mode
Router (config) # line vty 0 4 configures vty virtual terminal interface 0q4, which allows 5 users to telnet to the router at the same time
Router (config-line) # password vtypass set login password to vtypass
Router (config-line) # login for login authentication
Router (config) # do write or end before performing write
Router (config) # end returns to privileged mode
Router# show running views the running configuration and status information of the router
Login Verification Test:
The cmd interface on the 192.168.11.11 host uses telnet 192.168.11.1 to remotely log in to the 192.168.11.1 router
And enter the correct telnet login password.
Router console configuration line:
Vlan technology
7/74
VLAN: virtual local area network. It is the second layer (data link layer) technology in the seven layers of the network.
The function of vlan is to logically divide the ports (physical interfaces) of the switch into different groups (i.e. vlan). Each group has its own group number (i.e.
Vlan). It is impossible to communicate between vlan by default. If you want to communicate, you must use the router to forward the data.
The advantage of vlan: it can reduce the broadcast domain (that is, the broadcast range of data) in the local area network.
Note: all ports on a normal switch are in the same broadcast domain.
Exercise: find out the following concepts on Baidu and reinterpret them according to your own understanding.
Unicast (unicast) refers to a transmission mode in which the packet is transmitted in the computer network and the destination address is a single destination. There are only two facts at a time
Bodies communicate with each other, and both the sender and the receiver are uniquely determined.
In IPv4 networks, 0.0.0.0 to 223.255.255.255 are unicast addresses.
Multicast refers to the transmission of information to a set of destination addresses at the same time.
Multicast addresses range from 224.0.0.0 to 239.255.255.255.
Broadcast is a kind of transmission mode in which the destination address of the packet is all the devices in the network when the packet is transmitted in the computer network. Actual situation
The "all devices" mentioned here are also limited to a range, called "broadcast domain".
Both Ethernet and IPv4 networks use all-one addresses to represent broadcasts, which are ff:ff:ff:ff:ff:ff and 255.255.255.255, respectively
Exercise: use PT software to design the network topology diagram shown in the following figure, and set the correct IP address and subnet mask for the computer. There is no need to set up a gateway
IP address. Use 192.168.11.3 to go to the IP addresses of all computers in the ping network to see which ping can be connected.
8/74
Exercise: manage the switch interface in the above figure with vlan
The switch queries and clears the mac address table:
Show mac-address-table
Clear mac-address-table
Vlan configuration commands:
Switch >
Switch > enable
Switch# conf t
Switch (config) # vlan 11
Switch (config) # name v11
Switch (config) # vlan 12
Switch (config) # name v12
Switch (config) # int range f0amp 1-2
Switch (config-if) # switchport access vlan 11 adds the current port to the vlan 11 group
Switch (config) # int range f0amp 3-5
Switch (config-if) # switchport access vlan 12 adds the current port to the vlan 11 group
Switch (config-if) # do show vlan to view vlan setting information
Switch (config-if) # do show run to view the running status
Switch (config-if) # end
Switch# write
Use 192.168.11.3 to access the computer IP address of 192.168.11.1 in the ping network.
Router-on-a-stick for communication between vlan:
Exercise: add a 1841 router to the network topology diagram of the previous exercise, and use the f0cane0 interface of the router and the f0can6 interface of the switch.
The network cables are connected. Then configure the switch and router as follows.
Switch:
Switch >
Switch > en
Switch#conf t
Int f0/6
Switchport mode trunk sets the switch interface operation mode to trunk (trunk) trunking function.
Do write
Router:
Router >
Router > en
Router#conf t
Int f0/0
No shut
Int f0ap0.11 configure 11 logical subinterfaces of f0ap0 interface
Encap dot1Q 11 this subinterface transmits data from vlan 11
Ip add 192.168.11.254 255.255.255.0
Int f0ap0.12 configure the 12 logical subinterfaces of the f0ap0 interface
Encap dot1Q 12 this subinterface transmits data from vlan 12
Ip add 192.168.12.254 255.255.255.0
End
Write
Ping 192.168.11.1
Ping 192.168.12.1
-
Q: what's the difference between layer 2 switch and layer 3 switch?
A: the answer is as follows:
Layer 2 switch: only MAC address management is supported in the switch.
Layer 3 switch: supports some layer 3 routing functions on the basis of layer 2 switch. That is, the layer 3 switch includes layer 2 interchange.
The function of changing the machine.
10/74
Layer 3 switch for routing between vlan:
Vlan configuration of layer 3 switch:
Switch >
Enable
Conf t
Hostname SWA
No ip domain-lookup
Vlan 21 create vlan 21
Name v21 sets the name of the current vlan to v21
Vlan 22 create vlan 22
Name v22 sets the name of the current vlan to v22
Int range f0swap 1-10 sets the 11 interfaces of f0/1~f0/10
Switchport access vlan 21 sets the current interface to access the data of vlan 21
Int range f0ax 11-23 sets the 13 interfaces of f0/11~f0/23
Switchport access vlan 22 sets the current interface to access the data of vlan 22
Exit
Int vlan 21 enters the vlan 21 setup interface
Ip add 192.168.21.254 255.255.255.0 set the ip address and subnet mask
No shutdown activates this interface
Int vlan 22
Ip add 192.168.22.254 255.255.255.0
No shutdown
Do write Save Settings
Exit
Ip routing enables routing and forwarding function
Do show vlan View vlan Information
Do show run
End or ctrl+z returns to privileged mode
Write Save Settings
Show mac address-table View mac address tabl
Ping 192.168.21.1
Ping 192.168.22.1
Additional test: use 192.168.21.1 to ping 192.168.22.1 to see if you can ping. Being able to communicate with ping means that between vlan
Route OK up.
11/74
Activity: configure the layer 3 switch with a telnet Telnet password and a privileged mode password.
Switch# conf t
Line vty 0 4 set up telnet remote login
Password vtypass sets the login password to vtypass
Login allows password authentication
Exit exit Settings
Enable password mingwen sets the privileged mode plaintext password to mingwen
Enable secret miwen sets the privileged mode ciphertext password to miwen
Do write
End
Show running
Then, on the cmd interface of the 192.168.21.1 host, telnet 192.168.21.254, test whether you can log in to the layer 3 switch remotely.
VTP protocol of Vlan:
What is Q:VTP? What is the main role of VTP?
A:VTP is the vlan Relay Protocol (vlan trunk protocol). The main function of VTP is to centralize management on the vtp server side through vtp protocol.
Add, delete, change and check vlan. The vtp client client automatically updates vlan information synchronously.
Activity: configure the layer 3 switch as vtp server and the layer 2 switch as vtp client, as shown in the following figure. On the layer 3 switch
Create vlan 23 and vlan 24, and look up vlan information on layer 3 and layer 2 switches, respectively.
VTP configuration:
Layer 3 switch configuration vtp:
Switch#
Conf t
Vtp domain qf sets the domain name of vtp zone to qf
Vtp mode server sets vtp working mode to server server side
Vtp password qf007 sets the vtp authentication password to qf007
Int f0swap 24 sets f0ram 24 interface
Switchport mode trunk sets the switch port operation mode to trunk trunk mode
End returns to privileged mode
Write Save Settings
12/74
Show running to view the running status
Show vtp status to check the working status of vtp
Layer 2 switch configuration vtp:
Switch >
Enable
Show vtp status
Show vlan
Conf t
Vtp domain qf
Vtp mode client
Vtp password qf007
Int f0/24
Switchport mode trunk
End
Write
Show running
Show vlan
Show vtp status
Icmp and arp
13/74
Arp: address translation protocol. Its function is to realize the translation between IP address and MAC address.
Icmp: (Internet Control Message Protocol) Internet control message protocol. It is a subprotocol of the TCP/IP protocol suite.
Used to transmit control messages between IP hosts and routers. The ping command is the icmp message sent.
In the local area network formed by the switch, when the two hosts communicate with each other for the first time, they must broadcast and send an arp packet to obtain each other's MAC.
Address.
Protocol: the abbreviation of network protocol, which is a set of agreements that must be followed by both sides of the communication computer. Such as how to establish a connection, how
The samples recognize each other, etc. Only by abiding by this agreement can computers communicate with each other. Its three elements are grammar, semantics and timing.
Simulation activities for icmp and arp protocols:
The process of the first communication between the two hosts:
ICMP data message:
14/74
Practice
Exercise: use the PT software to design the network topology diagram shown below, set three login passwords for the two routers, and do the login test.
RA router configuration:
Router >
Router > enable switch to privileged mode
Router# conf t switches to global configuration mode
Router (config) # hostname RA sets the hostname of the router to RA
RA (config) # int f0gam0 enters the configuration interface of the f0amp0 interface
RA (config-if) # ip add 172.16.1.1 255.255.0.0 set the IP address to the current interface
RA (config-if) # no shutdown activate (enable) the current interface
RA (config-if) # int f0gam1 enters the configuration interface of the f0amp1 interface
RA (config-if) # ip add 172.17.1.1 255.255.0.0 set the IP address to the current interface
RA (config-if) # no shutdown activate (enable) the current interface
RA (config-if) # exit exits the current setting
RA (config) # enable password mingwen sets the plaintext login password for privileged mode
RA (config) # enable secret miwen sets the ciphertext login password for privileged mode
RA (config) # line console 0 enters the setting interface of console 0 interface
RA (config-line) # password conpass set login password to conpass
RA (config-line) # login allows password verification
RA (config-line) # exit exits the current setting
RA (config) # line vty 0 4 enters the setting interface of vty 0 4 interface
RA (config-line) # password conpass set login password to vtypass
RA (config-line) # login allows password verification
RA (config-line) # end or ctrl+z exits the current interface and returns to privileged mode
Router# conf t switches to global configuration mode
RA (config) # ip route 172.18.0.0 255.255.0.0 172.17.1.2 add a static route record
RA (config) # do show ip route to view routing table records
RA (config) # do write saves the relevant settings of the router
RA (config-line) # end or ctrl+z
Router# show running to view the running status
RB router configuration script (allows direct copy and paste of the following commands):
Enable
Conf t
Hostname RB
Int f0/0
16/74
Ip add 172.17.1.2 255.255.0.0
No shutdown
Int f0/1
Ip add 172.18.1.1 255.255.0.0
No shutdown
Exit
Enable password mingwen
Enable secret miwen
Line console 0
Password conpass
Login
Exit
Line vty 0 4
Password conpass
Login
End
Conf t
Ip route 172.16.0.0 255.255.0.0 172.17.1.1
Do show ip route
Do write
End
Show running
Network knowledge 1
OSPF of dynamic routing
Overview of OSPF
OSPF: an abbreviation for Open shortest path first (Open Shortest Path First). Is an internal gateway protocol (Interior
Gateway Protocol, or IGP for short, is used to make routing decisions within a single autonomous system (autonomous system,AS).
OSPF is an implementation of the link-state routing protocol, which belongs to the Internal Gateway Protocol (IGP), so it operates within the autonomous system. The famous Dee
The Coska algorithm (Dijkstra) is used to calculate the shortest path tree. OSPF is divided into two versions: OSPFv2 and OSPFv3, in which OSPFv2 is used in IPv4
Network, OSPFv3 is used in IPv6 network. OSPFv2 is defined by RFC 2328 and OSPFv3 is defined by RFC 5340. Phase with RIP
OSPF is a link-state protocol, while RIP is a distance vector protocol.
OSPF was developed by IETF in the late 1980s, and OSPF is an open version of SPF-like routing protocols.
OSPF establishes a link-state database by advertising the status of network interfaces between routers to generate the shortest path tree. Each OSPF router makes
Use these shortest paths to construct routing tables.
Summary of OSPF characteristics:
OSPF sends regular updates at a low frequency (every 30 minutes). In order to ensure the synchronization of lsdb, this value should be checked by people.
A more reasonable value. This is or can be said to be a manifestation of reliability.
OSPF's HELL0 message timer is sent every 10 seconds, and the holding time is 40 seconds, that is, if the hello is not received within 40 seconds, it is considered to be inhabited.
Exist. In a non-broadcast network (frame Relay), it is sent every 30 seconds, with a hold time of 120 seconds.
[technical principle]
OSPF (Open Shortest Path First) is a link-state-based internal gateway routing protocol developed for the IETF OSPF working group. When
When the OSPF routing domain is large, it generally adopts a hierarchical structure, that is, the OSPF routing domain is divided into several regions (Area).
A backbone area is interconnected, and each non-backbone area needs to be directly connected to the backbone area, and each area has an identification number, where the identification of the backbone area is 0 (0.0.0.0). The following figure shows a single area network for OSPF.
Exercise: design the network topology diagram shown below through the PT simulator, set the IP address to the router in the network, and then configure the OSPF dynamic path
By the protocol, the realization of Netcom.
OSPF route advertisement command:
Command format: network this API network address anti-subnet mask area area number
Example: network 192.168.1.0 0.0.255 area 0
Note: the value of area area number ranges from 0 to 4294967295.
R1 configures the OSPF routing protocol:
Routera (config) # do show ip route / / View the routing table
Routera (config) # router ospf 1 / / enable ospf
Routera (config-router) # network 192.168.1.0 0.0.0.255 area 0 / / publish route advertisement
Routera (config-router) # network 192.168.5.0 0.0.0.255 area 0 / / issue route advertisement
Routera (config-router) # end / / exit the current configuration and return to privileged mode
Routera#write / / Save configuration
Routera (config) # show ip route / / View the routing table
Traceroute Route tracking Test
18/74
Requirement: use traceroute from the R1 router to trace to R3 and verify that it takes several hops to reach the destination router. See if you are taking the shortest path to OSPF.
Path.
OSI (Open Systems Interconnection Open System Interconnection) network layer 7
Click here
Layer number name function protocol
7 the application layer Application provides the application program interface port that interacts with the user. Add requirements to the message for the communication of each application
The information you want. Such as QQ, browser, KuGou, etc.
HTTP
SNMP
Unit:
6 presentation layer Description defines the representation of data, data compression and encryption, so that data can be sent and read in an understandable format
Take it. Such as text, pictures, sound, video and so on.
Session layer Session establishes, manages and terminates network sessions, and provides sequential control of network sessions. Explain the user and machine name
It is also said to be done on this floor.
4 the transport layer Transfer establishes an end-to-end connection and provides port address addressing (TCP/UDP). Establish, maintain and dismantle a company
Answer it. To achieve flow control, error retransmission, data segments and other functions. Unit: segment segment
3 Network layer Network provides IP address addressing and routing forwarding. All functions of interconnection between subnets are supported. Devices have routers,
Layer 3 switch. Unit: packet package
2 data layer DataLink provides link layer address (such as MAC address) addressing. Media access control (such as bus contention over Ethernet)
Technology). Error detection. Control the sending and receiving of data. The equipment includes network card, bridge and switch.
Unit: Frame Fram
CSMA/CD
1 physical layer
Physical
The hardware circuit and transmission medium necessary to establish communication between the computer and the network are provided. Such as network cable,
HUB hub, optical fiber, network interface, etc.
Unit: bit bitstream
IEEE 802.11
IEEE 802.11a
IEEE 802.11g
Note: TCP-- transmission control protocol is a connection-oriented protocol. Before data transmission, three handshakes are used to confirm whether the other party is online, and
It will detect whether the other party has received the data, and will resend it if it is not received.
UDP-- user Datagram protocol is a connectionless protocol. It will not confirm whether the other party is online, nor will it confirm the other party before data transmission.
Is to receive data. Data is transmitted in a form similar to a broadcast. Such as cable TV, watching video online, sending e-mail and so on.
TCP/IP four-layer model
Application layer: provides app application program interface. Corresponding to the OSI application layer + presentation layer + session layer.
Transport layer: the transport layer equivalent to OSI.
Network layer: the network layer equivalent to OSI.
Link layer: data link layer + physical layer equivalent to OSI.
19/74
Click here
Schematic diagram of encapsulation and unencapsulation of network data packets
The process of data encapsulation when A sends data to B:
1. Raw data data
2. TCP/UDP+ raw data data
3. Source IP/ destination IP + data (fill in the express form)
4. Source MAC/ destination MAC + data (express objects are loaded into the car)
5. Bit streams are transmitted over communication lines (road: land and sea [cable network, optical fiber], air [radio waves])
B the unencapsulation process of received data:
Bit stream transmits (road: land and sea [cable network, optical fiber], air [radio wave]) source MAC/ destination MAC + data (express object pick-up) source IP/ destination IP + data (open express package) raw data data
20/74
Communication mode of each layer
Layer 1 communication (physical layer):
The physical layer uses the same communication channel to transmit data. Using CSMA/CD (Carrier Sense Multiple Access with Collision)
Detection) Carrier sense multiple access Technology (Carrier sense multiple access / collision Detection) Mechanism for Baseband collision Detection to avoid data transmission
The blocking problem in the process. It belongs to half-duplex communication mode.
A device that sets up a layer of communication network: a HUB hub (network performance is very low and has been phased out).
Click here
Schematic diagram of CSMA/CD protocol
Layer 2 communication (data link layer):
A plurality of communication channels are used to transmit data. The device has a switch. The MAC address of each network card connected is recorded on the switch.
The aging time of the MAC address table is 300 seconds, that is, the time starts after an address record is added to the address table.
If the port does not receive a frame with the source address of that MAC address, these addresses will be forwarded from the dynamic address table (from the source MAC address, the destination MAC address to
The address and the port number of their corresponding switch are deleted.
The working process of the switch:
1. Initialize, the MAC address table is empty.
2. Automatically learn the MAC address of the connected network card through broadcast, using ARP protocol.
3. Update the MAC address regularly.
Note: the switch learns the MAC address of the Nic device based on the source MAC address in the layer 2 packet. When packets enter the switch
After the port of the machine, the switch analyzes the source MAC address of the packet and saves the mapping between the source MAC address and the switch port to the MAC.
Address table (mac-address-table).
How the ARP protocol works:
Example: use PT software to design the following network topology diagram, set the correct IP address to PC, and then PC0 to ping PC1 to understand the process of ARP.
The process by which PC0 obtains the MAC address of PC1 through the ARP protocol:
The communication process between PC0 and PC:
Ping: the first communication
Layer 3 packets:
Source IP:192.168.1.1
Target IP:192.168.1.2
Layer 2 data:
Source MAC: 0000.0CA7.D268
Target MAC: unknown
22/74
ARP concept:
ARP is an abbreviation for address Translation Protocol (Address Resolution Protocol). It is to realize the function of parsing MAC through IP address.
ARP communication process analysis:
Since A does not know the MAC of the target, it broadcasts an ARP packet to all computers. After the computer electrifies the packet, it finds the target IP at layer 3.
If the address is yourself, unicast reply an ARP packet to A Magi An after receiving it, the corresponding relationship between B's MAC address and IP address is saved in the cache.
The communication process between PC0 and PC:
Ping: the second communication
Layer 3 packets:
Source IP:192.168.1.1
Target IP:192.168.1.2
Layer 2 data:
Source MAC: 0000.0CA7.D268
Target MAC: 000D.BD8C.4B8B
The process by which a switch learns MAC addresses:
The switch learns the MAC address information of the connected device through the source MAC address in the layer 2 packet and caches it to the MAC of the switch.
In the address table. The information in the switch MAC address table includes the port number of the switch and the MAC address mapping (corresponding) relationship of the connected device.
MAC address table recorded in the computer operating system: the information includes the mapping (correspondence) relationship between IP address and MAC address. Use the arp-a command to check
Inquire.
View the MAC address table of the switch: show mac-address-table
Clear the MAC address table: clear mac-address-table
Check the computer's MAC address table: arp-a [first ping the other party's IP, and then use arp-a to check]
Clear the MAC address table on the computer on the PT simulator: arp-d or arp-d *
The difference between a HUB hub and a switch switch:
The MAC address and port mapping of each connected device is recorded on the switch, while HUB does not. Each unit in the local area formed by the switch
When the device communicates for the first time, it generates an ARP broadcast to obtain the MAC address of the other party, and the subsequent communication is unicast (that is, point-to-point communication).
Each host in the local area formed by HUB produces a broadcast every time it communicates, which takes up a lot of network bandwidth and the performance is very poor. Has now been eliminated.
Schematic diagram of the MAC address table of the switch:
VLAN virtual LAN
Overview of VLAN
23/74
The Chinese name of VLAN (Virtual Local Area Network) is "virtual local area network". It logically divides the ports of the switch into different ones.
Virtual local area network. They can be organized according to functions, departments, applications and other factors, and the communication between them seems to be in the same local area.
It's the same in the net.
Why use VLAN:
To narrow the scope of the broadcast. Because in the local area network formed by the switch, any two hosts will communicate for the first time through the ARP protocol.
Broadcast to get each other's MAC, if there are too many hosts in the network, it will take up a lot of bandwidth.
VLAN works at layers 2 and 3 of the OSI reference model, a VLAN is a broadcast domain, and communication between VLAN is done through a layer 3 router.
Click here
Logical Diagram of VLAN packet structure of VLAN
IEEE (Institute of Electrical and Electronic Engineers, Institute of Electrical and Electronics Engineers) was promulgated in 1999.
The draft 802.1Q protocol standard used to standardize the implementation of VLAN is presented. The emergence of VLAN technology makes administrators according to the actual application requirements.
Different users in the same physical local area network are logically divided into different broadcast domains, and each VLAN contains a set of calculations with the same requirements.
The computer workstation has the same properties as the physically formed LAN.
24/74
Configuration commands for VLAN
Command:
View vlan information: show vlan
Create VLAN: vlan 11 with number 11
Set the interface f0ax 1: int f0ap0
Set the f0/1~f0/5 interface: int range f0amp 1-5
Set the port mode to access access: switchport mode access
Add ports to the vlan 11 group: switchport access vlan 11
Set the port mode to trunk trunk (trunk): switchport mode trunk (all vlan data is allowed to be transferred on trunk)
Allow all vlan data to be transferred on the trunk trunk road: switchport trunk allowed vlan all
Allow vlan 11, 12 data to be transmitted on trunk trunk roads: switchport trunk allowed vlan 11jue 12
Exercise: use the PT simulator software to design the network topology diagram shown in the following figure. Then, set the correct IP address for each computer. Test host
The status of communication between An and other hosts. Create VLAN11 and VLAN12 on the switch and divide the ports of the switch according to the identity of the topology diagram
To different VLAN. Test the communication status between host An and other hosts again.
VLAN configuration of the switch:
Switch > en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch (config) # vlan 11 / / create a VLAN numbered 11
Switch (config) # name tech / / set the vlan name to tech
Switch (config-vlan) # vlan 12 / / create a VLAN numbered 12
Switch (config) # name sales / / set the vlan name to sales
Switch (config-vlan) # do sh vlan / / View VLAN information
Switch (config-vlan) # int range f0bind 1-2 / / set the port of f0/1~f0/2
Switch (config-if) # switchport access vlan11 / / add ports to vlan11
Switch (config-if) # int f0swap 3 / / set the port of f0lap3
Switch (config-if) # switchport access vlan12 / / add ports to vlan12
Switch (config-if) # do sh vlan
Switch (config-if) # do write
Exercise: use the PT simulator software to design the network topology diagram shown in the following figure. Press the figure below to set the correct IP address for all PC, and set the switch
The ports are divided into VLAN11 and VLAN12 respectively as shown in the figure, and then trunk mode is configured on the f0lap24 interface of each switch to implement the
The host in the VLAN11 on the left can access the host in the VLAN11 on the right.
Trunk configuration for port f0apace 24:
Int f0/24
Switchport mode trunk / / sets the port mode to trunk Trunk Road
Switchport trunk allowed vlan11, 12 / / [do as needed] allow vlan11 and vlan12 data to be transmitted on trunk trunk roads
VTP protocol
VTP: is the abbreviation of virtual local area network transport protocol. Used to realize the centralized management of VLAN.
The role of VTP: the ability to create VLAN on one Server master switch and automatically receive VLAN messages on other Client customer switches.
Cisco's VTP protocol is incompatible with Huawei's VTP protocol.
VTP configuration:
VTP server-side configuration:
Do show vtp status / / View VTP status
Vtp domain qf / / set the domain name of vtp to qf
Version 2 / / enable version 2
Vtp mode server / / sets the working mode to the server side
Vtp password jin / / set the access password to jin
VTP client configuration:
Do show vtp status / / View VTP status
Vtp domain qf / / set the domain name of vtp to qf
Version 2 / / enable version 2
Vtp mode client / / set the working mode to client
Vtp password jin / / set the access password to jin
26/74
Trunk configuration:
Int f0/1
Switchport mode trunk
Exercise: use the PT simulator software to design the network topology diagram shown in the following figure. Follow the figure below to configure VTP, trunk, and create a VLAN for the switch. Query vlan information.
VTP Server configuration:
VTP Client configuration:
Routing between VLAN
Overview
If the hosts between different VLAN want to communicate normally, it must be realized by routing technology. Can be routed through the router's one-arm, layer 3 switch
These two ways to achieve. This section introduces single-arm routing and layer 3 switch to realize the communication between VLAN.
One-arm routing
Single-arm routing is realized by using the logical subinterface function of the router, so it is necessary to set multiple IP to the logical subinterface of the router, each of which is subinterface.
Be responsible for forwarding the VLAN data you are responsible for. The routing packet protocol is encapsulated by 802.1Q protocol. Let's learn about one arm through a case.
Routing function.
Exercise: use the PT simulator software to design the network topology diagram shown in the following figure. Set the correct IP address and gateway to each PC in turn. Create
VLAN 11 and VLAN 12. The names of VLAN are tech and sales respectively. The ports of the switch are divided into VLAN 11 and
In VLAN 12, and set the trunk trunk mode for the trunk ports connected to the router. Then configure the logical subinterface with IP on the router
The address and data encapsulation type is 802.1Q to implement single-arm routing. Finally, the communication status of PC in VLAN is tested. And use the simulation mode of PT
To view the flow animation of the packet.
Note: in this example, the commands created by VLAN are not written, only the configuration commands for single-arm routing and switch trunk are written. If you are not familiar with VLAN Tron
To build the command, please refer to the exercise case created by VLAN.
Router router on a stick configuration:
Router > en
Router#conf t
Router (config) # int f0swap 0 / / set the F0Lex0 port
Router (config) # no shutdown / / activate the port
Router (config-if) # int f0ap0.1 / / set logical subinterface 2 of port F0ap0
Router (config-subif) # encapsulation dot1Q 11 / / encapsulates the data of VLAN 11 in this interface
Router (config-subif) # ip add 192.168.1.254 255.255.255.0 / / set IP to the subinterface
Router (config-if) # int f0swap 0.2 / / sets the logical subinterface of port F0ap0
Router (config-subif) # encapsulation dot1Q 12 / / encapsulates the data of No. 12 VLAN in this interface
Router (config-subif) # ip add 192.168.2.254 255.255.255.0 / / set IP to the subinterface
Router (config-subif) # do ping 192.168.1.1 (not available because there is no trunk trunk on the switch)
Router (config-subif) # do ping 192.168.2.3 (not available because there is no trunk trunk on the switch)
Router (config-subif) # do write
The switch is equipped with the trunk trunk road:
Switch > en
Switch#conf t
Switch (config) # int f0bin23
Switch (config-if) # sw
Switch (config-if) # switchport mode trunk
Switch (config) # do write
Layer 3 switch
Layer 3 switch can realize the communication between VLAN, which can work at layer 2 or layer 3, and support partial layer 3 routing.
Agreement.
As long as VLAN technology is used in medium and large local area networks, layer 3 switches will be used to realize the communication between VLAN.
The method of realizing inter-VLAN communication in layer 3 switch:
Enable routing Route forwarding (forward) directly on the layer 3 switch and set the IP address to the VLAN.
Layer 3 switch configuration: create a VLAN and set an IP address for the VLAN
Switch > en
Switch#conf t
Switch (config) # ip routing / / enable route forwarding
Switch (config) # vlan 11
Switch (config-vlan) # name tech
Switch (config-vlan) # vlan 12
Switch (config-vlan) # name design
Switch (config-vlan) # int vlan 11 / / set VLAN 11
Switch (config-if) # ip add 192.168.1.254 255.255.255.0
Switch (config-if) # int vlan 12 / / set VLAN 12
Switch (config-if) # ip add 192.168.2.254 255.255.255.0
Switch (config-if) # do write
Switch (config-if) # ping 192.168.1.1
Switch (config-if) # ping 192.168.2.3
Telnet remote login settings for the switch
Exercise: use PT to design the network topology diagram shown in the following figure, first set the correct IP address to PC, and then set the IP address to vlan 1 of the switch
And activate VLAN 1, then configure the switch with telnet remote login, and finally use PC's cmd interface to test telnet remote login to the switch.
Set IP to the VLAN of the switch:
Switch > enable
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch (config) # int vlan 1
Switch (config-if) # ip add 192.168.3.254 255.255.255.0
Switch (config-if) # no shutdown
Switch (config-if) # do ping 192.168.3.1
Switch (config-if) # do show run
Switch (config-if) # do wr
Set up telnet remote login for the switch:
Switch (config-if) # line vty 0 4
Switch (config-line) # pass
Switch (config-line) # password jin
Switch (config-line) # login
Switch (config-line) # do write
Subnetting
The purpose of the subnet mask is to clearly identify the network number (network bit) and host number (host bit) in the IP address. The consecutive 1 in the binary number of the subnet mask.
It is used to correspond to the network number in the IP address, and consecutive zeros are used to correspond to the host number in the IP address.
IP address 192.168.5.8 (Class C) 192.168.5.8
Subnet mask 255.255.255.0 (Class C) 1111 1111. 1111 1111. 1111 1111.0000 0000
The first three groups of the network number are 192.168.5
Number of host number group 4 (value range 0,255) 8
The network address is the IP address 192.168.5.0 with host number all 0.
The broadcast address is the IP address 192.168.5.255 with host number full 1.
Available host number available host number = 28-2 "256-2" 254 254
Available IP address 192.168.5.1 → 192.168.5.254
The functions that can be achieved by the subnet mask:
Subnetting: by using host bits to act as network bits, a large network can be divided into many small networks. This subnet mask is called VLSM change.
Long subnet mask (Variable Length Subnetwork Mask). It can be understood as dividing a large group into many groups.
Supernet: by using network bits to act as host bits, small networks can be merged into one large network.
Description: when the binary number of the network number increases, the binary number of the host number decreases.
For example: borrow a bit from the host number (8-bit binary) in the class C IP address as the network number, and the host number leaves seven bits in binary.
Subnet mask: 255.255.255.128 128 [1000 0000]
Host number range of subnet 1: 001270 [0000 0000] ~ 127 [0111 1111]
Host number range of Subnet 2: 128 "255128 [1000 0000] ~ 255 [1111 1111]
Note: the 0 and 1 of the scarlet letter in the above host number range are borrowed from the host number to be used as the network number.
Click here click here click here
The power (index) of 2 7 6 5 4 3 2 1 0
Decimal value 128 64 32 16 8 4 2 1
Subnetting questions:
1. If the class C IP address 192.168.8.0 is divided into 2 subnets, what should be the subnet mask? The number of IP per subnet? For each subnet
What is the value range of the host number? What is the network address and broadcast address for each subnet?
Subnetting problem solving analysis:
In step 1, the default subnet mask for class C IP addresses is 255.255.255.0 (that is, / 24). According to the requirement of dividing into 2 subnets, it is concluded that the host needs to
Borrow one of the number as the network number. As a result, the subnet mask is 255.255.255.128 (that is, / 25).
In step 2, the total number of IP for each subnet is 256 divided by the number of subnets, which is 256 Universe 128.
In step 3, the host number range of the following subnets is obtained based on the total number of IP of each subnet:
Subnet 1: 192.168.8.0mm 192.168.8.127
31/74
Subnet 2: 192.168.8.128, 192.168.8.255
Step 4, the network address and broadcast address of each subnet are as follows:
Network address: the address with the host number of all 0 in the IP address.
Broadcast address: the address with the host number of all 1 in the IP address
Note: network addresses and broadcast addresses cannot be assigned to hosts, network addresses are recorded in the routing table, and broadcast addresses are in DHCP
It will be used when broadcasting in the service.
Subnet 1: network address 192.168.8.0 (0000 0000) broadcast address: 192.168.127 (0111 1111)
Subnet 2: network address 192.168.8.128 (1000 0000) broadcast address: 192.168.8.255 (1111 1111)
The power (index) of 2 7 6 5 4 3 2 1 0
Decimal value 128 64 32 16 8 4 2 1
Subnetting activity:
1. If the class C IP address 192.168.15.0 is divided into 4 subnets, what should be the subnet mask? The number of IP per subnet? Each subnet
What is the value range of the host number? What is the network address and broadcast address for each subnet? What is the range of available IP?
Problem-solving analysis:
Default subnet mask for Class C IP: 255.255.255.0 (/ 24)
32/74
Divide 4 subnets: borrow 2-bit 224s from the host number
Subnet mask: 255.255.255.192 (/ 26) 192 (11 00 0000)
The total number of IP per subnet: 256 / subnets = 256. 4x64, that is to say, the number of 256 is divided into 4 parts, 64 per copy.
The range of host number for each subnet is as follows:
Subnet 1: 0 ~ 63 192.168.15.0mm 192.168.15.63
Subnet 2: 64-64-63-127 192.168.15.64-192.168.15.127
Subnet 3: 128-128-63-191 192.168.15.128-192.168.15.191
Subnet 4: 192 + 6355 192.168.15.192 192.168.15.255
The network address and broadcast address for each subnet are as follows:
Network address broadcast address available IP address
Subnet 1: 192.168.15.0 192.168.15.63 192.168.15.1192.168.15.62
Subnet 2: 192.168.15.64 192.168.15.127 192.168.15.65 192.168.15.126
Subnet 3: 192.168.15.128 192.168.15.191 192.168.15.129192.168.15.190
Subnet 4: 192.168.15.192 192.168.15.255 192.168.15.193192.168.15.254
Subnetting activity:
1. If the class C IP address 192.168.15.0 is divided into 8 subnets, what should be the subnet mask? The number of IP per subnet? Each subnet
What is the value range of the host number? What is the network address and broadcast address for each subnet? What is the range of available IP?
Problem-solving analysis:
Default subnet mask for Class C IP: 255.255.255.0 (/ 24)
Divide 8 subnets: borrow 3 digits 238from the host number
Subnet mask: 255.255.255.224 (/ 27) 224 (111 0000 "27" 26" 25" 128" 64" 32" 224)
The total number of IP per subnet: 256 / subnet = 256. 832. That is to say, the number of 256 is divided into 8 equal parts, each with 32.
The range of host number for each subnet is as follows:
Subnet 1: 0 ~ 31 192.168.15.0mm 192.168.15.31
Subnet 2: 32-32-31-63-192.168.15.32-192.168.15.63
Subnet 3: 64-64 31-95 192.168.15.64-192.168.15.95
Subnet 4: 96-96 31-127 192.168.15.96-192.168.15.127
Subnet 5: 128-12831-159 192.168.15.128-192.168.15.159
Subnet 6: 160 ~ 160mm 31mm 191 192.168.15.160U 192.168.15.191
Subnet 7: 192 in 192 + 31 in 223 192.168.15.192 in 192.168.15.223
Subnet 7: 224-224-31-255 192.168.15.224-192.168.15.255
The network address and broadcast address for each subnet are as follows:
Network address broadcast address available IP address
Subnet 1: 192.168.15.0 192.168.15.31
Subnet 2: 192.168.15.32 192.168.15.63
Not finished, to be continued.
Question: do the following two IP addresses belong to the same network segment?
192.168.15.8/27 192.168.15.230/27
33/74
Problem-solving analysis:
According to the subnet mask / 27 given by the IP address in the question, we can see that the two IP addresses are subnetted and borrowed 3 bits from the host number.
As a network number. In other words, it is divided into 23-8 subnets. The total number of IP per subnet is 256 Universe 832. Therefore, the above two IP addresses do not belong to the same
A network segment.
Supernet exercise:
Requirements: let class C IP address more than 256hosts in each subnet, so that they can communicate normally, how to achieve. If you want to let
192.168.11.5 and 192.168.12.8 these two hosts can communicate normally, and routing is not allowed.
Method: set the subnet mask of 192.168.11.5 and 192.168.12.8 to the subnet mask of Class B, 255.255.0.0.
Cannot communicate when the subnet mask is default
Because the network numbers of the two hosts are 192.168.11 and 192.168.12 respectively.
With a Class B subnet mask, the two hosts can communicate normally.
Because the network number of both hosts is 192.168, that is, the network address is
1111 1110. 0000 0000
290512
Supernet exercise:
It is required that the total number of IP in the subnet of 192.168.0.1 is 512. What should the subnet mask be set to? The IP of this subnet
What is the range of addresses?
Problem-solving analysis:
In the first step, according to the meaning of the question, the total number of IP in each subnet is 512, and the binary number of the host number is 9 digits (290512). That is, to
Borrow 1 bit from the network number to act as the host number. That is, the subnet mask is 255.255.254.0 [1111 1110]
In step 2, the value range of the IP address is 192.168.0.0192.168.1.255.
34/74
The binary of the subnet mask: 254 (1111 1110.)
IP address: 0. 0-1.255 (1.1111 1111)
Note: the 0 and 1 of the scarlet letter in the above IP address and subnet mask are borrowed from the network number to act as the host number.
Supernet exercise:
The IP address 192.168.0.5 Compact 24 requires borrowing 2 digits from the network number as the host number. What is the subnet mask at this time? IP of this subnet
What is the range of addresses?
In the first step, if you borrow two digits according to the meaning of the question, the host number is 10 digits and the subnet mask is 255.255.252.0 (/ 22).
1111 1100.252
In step 2, the value range of IP address is 192.168.0.0192.168.3.255.
00.0000 00000.00
11.1111 1111 3.255
Question: are the following two IP addresses on the same network segment?
192.168.0.5/22 192.168.3.8/22
Supernet exercise:
The IP address 192.168.8.5Universe 24 requires borrowing 2 digits from the network number as the host number. What is the subnet mask at this time? IP of this subnet
What is the range of addresses? What is the total number of IP in this subnet?
In the first step, according to the meaning of the question, it is concluded that the default network number of 192.168.8.5 hand 24 is 192.168.8, and the subnet mask is 255.255.255.0.
In the second step, if you borrow 2 bits as the host number from the network incomprehension, the subnet mask becomes 24-2' 22, that is, 255.255.252.0 (/ 22).
The subnet network number of the IP address 192.168.8.5 is 192.168.8 (880000 1000).
In step 3, the value range of IP address is:
Minimum: 192.168.8.0 (8 = 0000 1000. 0000 0000)
Maximum: 192.168.11.255 (110.000 1011. 1111 1111)
Network address of the subnet: 192.168.8.0
Broadcast address of the subnet: 192.168.11.255
Total number of IP in the subnet: 210 to 1024
Available IP address: 192.168.8.1, 192.168.11.254
ACL access Control Table (brief introduction)
Overview
ACL is an abbreviation for access control list (access control list). Its function is to define various access policies and apply access rules to the specified
The security control function is realized on the port, IP and protocol of. The ACL function is usually implemented on a router or switch.
The difference between firewalls and antivirus software:
The essential difference is that the content of monitoring is different. IP address, protocol, MAC address, port incomprehension and other headers in network packets monitored by firewall
information. The antivirus software monitors the body content of the file (data data).
35/74
The principle of access control list
There are two directions for router interfaces:
Outgoing out: packets that have been processed by the router and are leaving the interface of the router
Incoming in: packets that have arrived at the router interface will be processed by the router.
The matching order is: "from top to bottom, match in turn". The default is deny (deny)
Type of access control list
Standard access control list: commonly used in out outbound interfaces. It is recommended that it be configured on the route closest to the destination side
Extended access control list: configured on the route closest to the source side, generally applied in the inbound in direction
Named access control lists: allows names to be used instead of table numbers in standard and extended access lists
ACL configuration command
ACL configuration ideas:
Create an access control table rule, which can define parameters such as source IP, destination IP, protocol, port number, and so on. Apply the rule to the port of the router (for example, f0gam0, f0ap1).
Common network protocols and port numbers:
Click here
The port number of the meaning function in the protocol (used to identify the service)
Implementation of web website 80 with http Hypertext transfer Protocol
Ftp File transfer Protocol File sharing (upload and download) 21 (control port)
20 (data port)
Smtp simple Mail transfer Protocol to send mail 25
Pop3 Post Office Protocol Mail, Mailbox Management
Dns domain name system domain name resolution, conversion between domain name and IP 53
Dhcp dynamic Host configuration Protocol dynamically assigns IP addresses 67 68
Tftp simple File transfer Protocol Mini ftp protocol, distributes boot startup files to clients in PXE 69
Ntp Network time Protocol Network time synchronization 123
Let's first take a look at the basic categories of ACL:
R1 (config) # access-list? / / We will find that access control lists are actually distinguished by serial numbers.
IP standard access list / / IP standard access control list (basic, only IP can be restricted)
IP extended access list / / IP extended access control list (enhanced, can limit IP, protocol, port number and other detailed parameters
)
The characteristics of the ACL table: there can be multiple access control rules in the ACL table of each number.
Only one numbered ACL table policy can be applied on each port of the 36Ted 74 router.
Features supported by standard ACL:
Router (config) # access-list 1 deny? / / View standard ACL command help
A.B.C.D Address to match
Any Any source host
Host A single host address
Extend the features supported by ACL:
Router (config) # access-list 100 deny? / / View extended ACL Command help
Ahp Authentication Header Protocol
Eigrp Cisco's EIGRP routing protocol
Esp Encapsulation Security Payload
Gre Cisco's GRE tunneling
Icmp Internet Control Message Protocol
Ip Any Internet Protocol
Ospf OSPF routing protocol
Tcp Transmission Control Protocol
Udp User Datagram Protocol
ACL project actual combat
Exercise: use PT software to design the network topology diagram shown in the following figure and complete the project tasks as required.
Request:
1. The network topology diagram is designed.
two。 Set the correct IP address and gateway to PC, router, and server.
3. Test the communication status to the server with two PC ping respectively.
And access the server's http and ftp services respectively. (all can be accessed normally at this time)
3. Set up ACL access control lists on the router.
ACL requirements:
1. Allow 192.168.1.11 to access the server using ping (icmp) and ftp.
two。 Allow 192.168.1.12 to access the server's http site service.
Note: once the ACL feature is used on a Cisco router, the default rule is automatically added to deny access to everyone by deny.
Word: deny denies permit permission
ACL configuration of R1:
R1 > enable
R1#conf t
R1 (config) # do show access-list / / View the contents of access control list
R1 (config) # access-list 100 permit icmp host 192.168.1.11 host 192.168.2.254 echo
R1 (config) # access-list 100 permit tcp host 192.168.1.11 host 192.168.2.254 eq 21
R1 (config) # access-list 100 permit tcp host 192.168.1.12 host 192.168.2.254 eq 80
R1 (config) # int f0bin0
Router (config-if) # ip access-group 100in / / apply 100this ACL to the interface entry
Router (config-if) # do write
Router (config-if) # do show run / / View the running status and display the ACL information and the ACL table applied on the port
Access authentication:
1. Use 192.168.1.11 and 192.168.1.12 to ping the server 192.168.2.254, and the result is 192.168.1.11.
It is possible to ping, while 192.168.1.12 is not ping.
2. Enter ftp 192.168.2.254 in the CMD interface of 192.168.1.11 to access the ftp share to see if it can be accessed. (have access to
Is the correct result)
3. Visit 192.168.2.254 in the browser on 192.168.1.12 to see if the web page can be displayed. (to be able to access is
Correct result).
Router implements DHCP service
Case study: using PT
DHCP configuration method:
Router (config) # ip dhcp?
Excluded-address Prevent DHCP from assigning certain addresses sets the excluded IP address
Pool Configure DHCP address pools sets DHCP scope (IP address pool)
Relay DHCP relay agent parameters sets DHCP relay function (that is, DHCP forwarding function)
Router (config) # ip dhcp pool net1 creates a pool of IP addresses named net1
Router (dhcp-config) #? Show command help
Default-router Default routers
Dns-server Set name server
Exit Exit from DHCP pool configuration mode
38/74
Network Network number and mask
Router (dhcp-config) # network 192.168.1.0 255.255.255.0
Router (dhcp-config) # default-router 192.168.1.1
Router (dhcp-config) # dns-server 8.8.8.8
Router (dhcp-config) # ip dhcp excluded-address 192.168.1.2 192.168.1.5 excluding IP between 1.2 and 1.5
Address
Router (dhcp-config) # do write
Router (dhcp-config) # do show run
Router (config) # ip dhcp pool net2 creates a pool of IP addresses named net2
Router (dhcp-config) # network 192.168.2.0 255.255.255.0
Router (dhcp-config) # default-router 192.168.2.1
Router (dhcp-config) # dns-server 8.8.8.8
Router (dhcp-config) # do write
Router (dhcp-config) # do show run
Additional Task 1:
Router (config) # int f0bin1
Router (config-if) # ip add 192.168.2.1 255.255.255.0
Router (config-if) # no shutdown
Router (config-if) # do write
Additional Task 2: add a switch and 2 computers to the right of the topology diagram above, and connect them. Set the IP address of the computer to DHCP automatic acquisition
Take it. What is the IP address obtained by the two computers?
Additional task 3: modify the right side of the above network topology diagram to get the topology shown in the following figure, that is, add one router, switch, and two
Computer. Then set up the DHCP Relay (ip helper-address) function.
Configure the interface with an IP address on the rightmost router1:
The step is omitted.
Create an IP address pool of 192.168.3.0 on router 0
Router > en
39/74
Router#conf t
Router (config) # ip dhcp pool net3
Router (dhcp-config) # network 192.168.3.0 255.255.255.0
Router (dhcp-config) # default-router 192.168.3.1
Router (dhcp-config) # do write
Configure rip routing on router0 and router1, respectively:
Rip configuration for router0:
Enable
Conf t
Router rip
Network 192.168.1.0
Network 192.168.2.0
Rip configuration for router1:
Enable
Conf t
Router rip
Network 192.168.2.0
Network 192.168.3.0
Configure DHCP Relay trunking (ip helper-address) on router 1:
Router (config) # int f0bin1
Router (config-if) # ip helper-address 192.168.2.1 (send received DHCP request packets to 192.168.2.1)
Verification: how much IP is automatically obtained by looking at the two rightmost computers through DHCP?
Integrated project activity:
A company purchased the following equipment:
Router: 1
Layer 3 switch: 1
Layer 2 switch: 2
Server: 1
Desktop: 3
Laptop: 3 sets
Network design and configuration requirements:
1. Design the network topology diagram in PT as shown in the following figure.
The 2.IP address is subnetted using the 192.168.1.0 Universe 24 network, which is divided into 2 subnets.
3. DHCP service is configured on the router to dynamically assign IP addresses to computers in the network.
4. VLAN and VTP technology are used in the network to divide notebook computers into VLAN11 named tech, and to divide desktops and servers.
To vlan 12 named sales. The host IP in VLAN 11 and VLAN12 uses the subnetted IP address, respectively. All desktops
And notebook computers use DHCP to automatically obtain IP addresses.
5. Hosts in VLAN 11 and VLAN 12 are required to communicate with each other (ping).
6. Configure ACL on the router to require that the first computer in VLAN 11 and VLAN 12 can normally access various services of the service, while other computers do not
Access is allowed.
Refer to the design topology diagram for subnetting
Number of subnets: 2
Subnet mask: 255.255.255.128 (/ 25)
Available IP for subnet 1: 192.168.1.1' 192.168.1.126 network address: 192.168.1.0 broadcast address:
192.168.1.127
Available IP of subnet 2: 192.168.1.129192.168.1.254 network address: 192.168.1.128 broadcast address:
192.168.1.255 omit VLAN configuration
VLAN configuration of layer 3 switch:
Enable
Conf t
Ip routing
Vlan 11
Name tech
Vlan 12
Name sales
Int f0/4
Switchport access vlan 12
Do show vtp status
Vtp domain qf
Vtp mode server
Vtp password qf
Int vlan 11
Ip add 192.168.1.1 255.255.255.128
No shutdown
Int vlan 12
Ip add 192.168.1.129 255.255.255.128
41/74
No shutdown
Do show vlan
Do write
DHCP configuration of layer 3 switch:
Ip dhcp pool net1
Network 192.168.1.0 255.255.255.128
Default-router 192.168.1.1
Dns-server 8.8.8.8
Exit
Ip dhcp pool net2
Network 192.168.1.128 255.255.255.128
Default-router 192.168.1.1
Dns-server 8.8.8.8
Do write
Do show run
Layer 2 switch configuration (SW1)
Enable
Conf t
Vtp domain qf
Vtp mode client
Vtp password qf
Int f0/1
Switchport mode trunk
Do show vlan
Int range f0ax 2-3
Switchport access vlan 12
Int f0/4
Switchport access vlan 11
Do write
Do show vlan
Layer 2 switch configuration (SW2)
Enable
Conf t
Vtp domain qf
Vtp mode client
Vtp password qf
Int f0/1
Switchport mode trunk
Do show vlan
Int range f0ax 2-3
Switchport access vlan 11
Int f0/4
Switchport access vlan 12
The computer IP is configured as DHCP:
Check to see if the acquired IP address is the IP address of the VLAN where it is located.
Layer 3 switch configuration ACL:
ACL configuration details
42/74
What is ACL?
The access control list is called ACL for short. The access control list uses packet filtering technology to read the information in the layer 3 and layer 4 packet headers on the router.
Such as source address, destination address, source port, destination port, etc., filter packets according to pre-defined rules to achieve access control
Purpose. Initially, the technology is only supported on routers, but in recent years it has been extended to layer 3 switches, and some of the latest layer 2 switches have also begun to be mentioned.
For the support of ACL.
The principle of access control list
There are two directions for router interfaces:
Outgoing out: packets that have been processed by the router and are leaving the interface of the router
Incoming in: packets that have arrived at the router interface will be processed by the router.
The matching order is: "from top to bottom, match in turn". The default is deny (deny)
Type of access control list
Standard access control list: commonly used in out outbound interfaces. It is recommended that it be configured on the route closest to the destination side
Extended access control list: configured on the route closest to the source side, generally applied in the inbound in direction
Named access control lists: allows names to be used instead of table numbers in standard and extended access lists
Principles for the use of access control lists
1. The principle of least privilege
Only the minimum permissions necessary for the controlled object to complete the task are given. In other words, the general rule to be controlled is the intersection of various rules, which only satisfies part of the rules.
The rules are not allowed to be passed.
2. The principle of being closest to the controlled object
All network layer access control. That is to say, the rules are checked one by one in the ACL from top to bottom, as long as the characters are found.
Forward as soon as the condition is met, without continuing to detect the following ACL statement.
3. Default discard principle (deny)
The default last sentence in CISCO routing switching equipment is that DENY ANY ANY is added to ACL, that is, all non-eligible numbers are discarded.
According to the bag. Special attention should be paid to this point. Although we can change this default, we must pay attention to it before we change it.
Because ACL is implemented using packet filtering technology, the filtering is based on only part of the information in the third and fourth layers of the header.
The technique has some inherent limitations, such as unable to identify specific people, unable to identify the level of permissions within the application, and so on. Therefore, to reach the end
The purpose of end-to-end access control needs to be used in conjunction with system-level and application-level access control.
1. Standard standard access list
There are many kinds of access control lists, and different kinds of ACL are used in different situations. The simplest of them are standard access control lists and standard visits.
The question control list is filtered using the source IP address in the IP package and the corresponding ACL is created using the access control list numbers 1 to 99.
Standard ACL format:
Access-list access-list-number [permit | deny] [sourceaddress] [wildcard-mask]
Access-list-number is a number between 1-99 or 1300-1999, which is the access list number. Multiple accesses can be contained in a table number
Rules.
For example, the command access-list 10 deny host 192.168.1.1 discards all packets from the 192.168.1.1 address.
Of course, we can also use the network segment to represent, filter a certain network segment. The command is as follows: access-list 10 deny 192.168.1.0
0.0.0.255
All computer packets from 192.168.1.0 Compact 24 are filtered and discarded by the above configuration. Why is the subnet mask behind it?
Is it 0.0.0.255? This is because CISCO stipulates that the reverse mask is used to represent the subnet mask in ACL, and the reverse mask of 0.0.0.255 represents his.
The subnet mask is 255.255.255.0.
Tip: for standard access control lists, the default command is HOST, which means access-list 10 deny 192.168.1.1 table
It shows that the host data packet communication of 192.168.1.1 is denied, which saves us from entering the host command.
43/74
Standard access list configuration example:
R1 (config) # access-list 10 deny 192.168.2.0 0.0.0.255
R1 (config) # access-list 10 permit any
R1 (config) # int fa0/0.1
R1 (config-subif) # ip access-group 10 out
The meaning of the above configuration is to prevent machines from the network segment 192.168.2.0 from leaving the int fa0/0.1 port. After the access list is configured,
It should be applied on the port, otherwise the configuration will not be valid.
Note:
1. Standard access list. Generally speaking, the configuration is as close to the destination as possible.
2. The any in the second command configured is equivalent to 0.0.0.0 255.255.255.255
3. Be sure to add pemint any to make other networks accessible.
4. The access list is matched from top to next, so pay attention to the order when setting the access list. If you start from the first rule
If you don't know what to do when you match the last entry, the router will discard the packet, which is why the example above must
Add permit any.
5. If only one host is blocked, you can use host 192.168.1.12 or 192.168.1.12 0.0.0.0.
The price.
Delete established standard ACL
R1 (config) # no access-list number
For standard ACL, you cannot delete a single acl statement, you can only delete the entire ACL
Summary: standard ACL takes up very little router resources and is the most basic and simplest access control list format. It is widely used, often in
It is used when a low level of control is required. If you want to control the transmission of packets more complex, you need to use extended access control lists.
He can meet our requirements to the port level.
II. Extend extended access control list
The standard access control lists we mentioned above are filtered based on IP addresses and are the simplest ACL. So if we want to filter
What should I do if it is so small as to the port? Or you want to filter the destination address of the packet. At this point, you need to use an extended access control list. Make
Using an extended IP access list can effectively allow a user to access a physical LAN without allowing him to use a particular service (such as WWW,FTP
Etc.). Extended access control lists use ACL numbers from 100 to 199.
Extended ACL format:
Access-list access-list number {permit/deny} protocol + source address + anti-code + destination address + anti-code + operator
Operan (It less than, gt greater, eq equal, neq not equal. Can you be specific?) + Port number
1. The range of extended access control list numbers is 100199 or 2000-2699.
2. Because deny all is implied at the end of each access control list by default, it must be included in each extended access control list:
Access-list 110 permit ip any any .
3. Different services use different protocols. For example, TFTP uses UDP protocol.
4. For more information, please refer to the above standard access control list section.
For example: access-list 101deny tcp any host 192.168.1.1 eq www / / all hosts access the address 192.168.1.1
Packets for Web Services (WWW) TCP connections are dropped.
Tip: you can also define and filter a network segment in the extended access control list. Of course, like the standard access control list, we need to make
The subnet mask after the IP address is defined with a reverse mask.
Extended ACL configuration example 1:
R2 (config) # access-list 110 deny tcp any host 192.168.1.12 eq www
R2 (config) # access-list 110 deny tcp any host 192.168.1.12 eq ftp
R2 (config) # int fa0/0
44/74
R2 (config-if) # ip access-group 110 out
The above configuration means denying access to the www and ftp services of 192.168.1.12
Expand ACL instance 2:
The router is connected to two network segments, 172.16.4.0 swap 24172.16.3.0 apperance 24. There is a server in the 172.16.4.0Universe 24 network segment.
For WWW services, the IP address is 172.16.4.13.
Requirement: 172.16.3.0 computers are prohibited from accessing 172.16.4.0 computers, including that server, but only access is allowed.
The WWW service on 172.16.4.13, while other services are not accessible.
Router configuration commands:
Access-list 101permit tcp any 172.16.4.13 0.0.0.0 eq www / / set ACL101, allow source address to be any IP, destination
Port 80 of the 172.16.4.13 host is the WWW service. Because CISCO adds DENY ANY commands by default, ACL only writes
This sentence is fine.
Enter the appropriate port
Ip access-group 101out / / apply ACL101 to port
After setting up, the computer of 172.16.3.0 cannot access the computer of 172.16.4.0, even if the server 172.16.4.13 turns on FTP
The service is also inaccessible, and the only one that can access is the WWW service of 172.16.4.13.
Delete the established extended standard ACL
Deletion is the same as the standard, it cannot be deleted individually, only the entire acl can be deleted.
Summary: extended ACL is very powerful, it can control source IP, destination IP, source port, destination port, etc., and can achieve quite fine control and expansion.
ACL reads not only the source / destination address of the IP header, but also the IP of the source port and destination port in the layer 4 header. But he exists.
One disadvantage is that extending ACL consumes a lot of router CPU resources without hardware ACL acceleration. So when using medium to low
The most effective way is to reduce the number of entries of extended ACL to a standard ACL or to integrate multiple extended ACL into one.
III. Named access control list
Both standard access control lists and extended access control lists have a drawback, that is, when the rules of ACL are set, it is found that the
If there is a problem with an item, if you want to modify or delete it, you can only delete all the ACL information. That is to say, it will be shadowed if one is modified or deleted.
Ring to the entire ACL list. This disadvantage affects our work and brings us a heavy burden. But we can use name-based
Access control list to solve this problem.
Named access control list format:
Ip access-list {standard/extended} access-list-name (a string that can have a combination of letters and numbers)
For example: ip access-list standard softer / / establish a standard access control list called softer.
Named access control list configuration method:
Router (config) # ip access-list standard + Custom name
Router (config-std-nac1) # 11 permit host + ip / / by default, the first is 10 and the second is 20. If you do not specify a sequence
The newly added ACL is added to the end of the list
Router (config-std-nac1) # deny any
For a named ACL, you can insert an acl into the previous acl, delete or delete a single acl
For example: router (config) # ip access-list standard benet
Router (config-std-nasl) # no 11
Use show access-lists to view configured acl information
45/74
Summary: if there are many rules for setting ACL, you should use name-based access control lists to manage them, which can be reduced a lot.
After the maintenance work, it is convenient for us to adjust the ACL rules at any time.
Fourth, reverse access control list
Reverse access control list is an advanced application of ACL. He can effectively prevent the virus. Two AB can be guaranteed by configuring reverse ACL.
The computers in the network segment can PING,An each other to PING B, but B cannot PING A.
To put it more colloquially, data transmission can be divided into two processes: first, the source host sends the connection request and data to the destination host, and then
The destination host sends data to the source host after the connection is established between the two parties. The reverse ACL controls the connection requests mentioned above.
Format of reverse access control list:
The format of the reverse access control list is very simple, as long as you add established at the end of the configured extended access list.
Reverse access control list configuration example:
The router is connected to two network segments, 172.16.4.0 swap 24172.16.3.0 apperance 24. In 172.16.4.0, the computers in the 24 network segment are all servers.
Server, we protect these servers from viruses from the network segment 172.16.3.0 by reverse ACL settings.
Requirement: prohibit the virus from spreading from 172.16.3.0 to 172.16.4.0 to 172.16.4.0 on the server.
Configuration commands:
Access-list 101 permit tcp 172.16.3.0 0.0.255 172.16.4.0 0.0.0.255 established / / definition
ACL101, which allows all computers from the 172.16.3.0 network segment to access the computers in the 172.16.4.0 network segment, provided the TCP connection is established
It's standing. 172.16.3.0 is not allowed to access 172.16.4.0 when a TCP connection is not established.
Apply rules to the routed port
Ip access-group 101out / / apply ACL101 to port
After setting up, the virus will not easily spread from 172.16.3.0 to the server area of 172.16.4.0. Because if the virus wants to spread, it is always active.
For TCP connection, the TCP active connection of the 172.16.3.0 network segment is prohibited by reverse ACL on the router, so the virus cannot be transmitted smoothly.
Play it.
Tip: an easy way to check whether the reverse ACL is configured smoothly is to take a server in 172.16.4.0 PING in 172.16.3.0
If you can PING, then use the PING172.16.4.0 server of 172.16.3.0 that computer. If you can't connect with PING, you can say that.
Ming ACL configuration is successful.
There is a problem with the reverse ACL configured above, that is, the 172.16.3.0 computer cannot access the server's services, if the figure
If the WWW service is provided in 172.16.4.13, it cannot be accessed normally. The solution is to add another before the sentence "ESTABLISHED".
Extended ACL rules, for example: access-list 101 permit tcp 172.16.3.0 0.0.0.255 172.16.4.13 0.0.0.0 eq www
In this way, according to the "principle of being closest to the controlled object", when checking the ACL rules, the ACL rules are checked from top to bottom, as long as they are found to be in accordance with the
Forward the condition as soon as possible without continuing to detect the following ACL statement. The computer of 172.16.3.0 can access the server's
The WWW service is available, and the following ESTABLISHED antivirus command works normally.
Timed access control list
Setup steps:
1. Define the time period and time range.
2. The configuration of ACL itself, that is, adding detailed rules to ACL.
3. Declare ACL and add the set ACL to the corresponding port.
Define the name of the time range:
Router (config) # time-range time-range-name
46/74
Define a time period
Router (config-time-range) # periodic (cycle) days-of-the-week hh:mm to [days-of-the-week] hh:mm
The values of days-of-the-week are
Monday Tuesday Wednesday Thursday Friday Saturday Sunday {Monday to Sunday}
Daily (daily) weekdays (on weekdays) weekend (weekends)
Define an absolute time
Router (config) # time-range time-range-name
Router (config-time-range) # absolute [start hh:mm day month year] [end hh:mm day month year]
Introducing time range in extended ACL
Router (config) # access-list access-list-number {permit | deny} protocol {source ip + Anti-destination ip
+ Anti-Code + operator+time-range+time-range-name}
Timed access control list instance:
The router is connected to two network segments, 172.16.4.0 swap 24172.16.3.0 apperance 24. There is a server in the 172.16.4.0Universe 24 network segment.
For FTP services, the IP address is 172.16.4.13.
Requirement: only users of the 172.16.3.0 network segment are allowed to access the FTP resources on 172.16.4.13 on weekends, and the FTP cannot be downloaded during working hours.
Source.
Configuration commands:
Time-range softer / / define the time period name as softer
Periodic weekend 00:00 to 23:59 / / defines a specific time range, from 0 to 23:59 on weekends (6, days). That's for sure
You can use periodic weekdays to define a working day or day of the week to define a specific day of the week.
Access-list 101deny tcp any 172.16.4.13 0.0.0.0 eq ftp time-range softer / / set ACL, forbid during the time period
Access the FTP service of 172.16.4.13 within the scope of softer.
Access-list 101permit ip any any / / sets ACL to allow normal access for other time periods and other conditions.
Enter the appropriate port.
Ip access-group 101out / / apply to Port
Time-based ACL is more suitable for time period management. Users with the above setting of 172.16.3.0 can only visit the server on weekends.
For the FTP resources, usually can not access.
6. Access control list traffic record
The network administrator is to be able to manage the company's network reasonably. As the saying goes, only when you know yourself and your opponent can you win a hundred battles, so effectively record ACL traffic.
Information can be the first time to understand network traffic and the spread of the virus. The following article will give you a brief introduction to how to save access control.
To control the traffic information of the list, you can add the LOG command at the end of the extended ACL rule.
Implementation method:
Log 192.168.1.1 / / specifies a log server address for the router, which is 192.168.1.1
Access-list 101permit tcp any 172.16.4.13 0.0.0.0 eq www log / / add LOG at the end of the extended ACL you want to monitor
Extended ACL configuration example 1:
R2 (config) # access-list 110 deny tcp any host 192.168.1.12 eq www
R2 (config) # access-list 110 deny tcp any host 192.168.1.12 eq ftp
R2 (config) # int fa0/0
R2 (config-if) # ip access-group 110 out
The above configuration means denying access to the www and ftp services of 192.168.1.12
Expand ACL instance 2:
47/74
The router is connected to two network segments, 172.16.4.0 swap 24172.16.3.0 apperance 24. There is a server in the 172.16.4.0Universe 24 network segment.
For WWW services, the IP address is 172.16.4.13.
Requirement: 172.16.3.0 computers are prohibited from accessing 172.16.4.0 computers, including that server, but only access is allowed.
The WWW service on 172.16.4.13, while other services are not accessible.
Router configuration commands:
Access-list 101permit tcp any 172.16.4.13 0.0.0.0 eq www / / set ACL101, allow source address to be any IP, destination
Port 80 of the 172.16.4.13 host is the WWW service. Because CISCO adds DENY ANY commands by default, ACL only writes
This sentence is fine.
Enter the appropriate port
Ip access-group 101out / / apply ACL101 to port
After setting up, the computer of 172.16.3.0 cannot access the computer of 172.16.4.0, even if the server 172.16.4.13 turns on FTP
The service is also inaccessible, and the only one that can access is the WWW service of 172.16.4.13.
Delete the established extended standard ACL
Deletion is the same as the standard, it cannot be deleted individually, only the entire acl can be deleted.
Summary: extended ACL is very powerful, it can control source IP, destination IP, source port, destination port, etc., and can achieve quite fine control and expansion.
ACL reads not only the source / destination address of the IP header, but also the IP of the source port and destination port in the layer 4 header. But he exists.
One disadvantage is that extending ACL consumes a lot of router CPU resources without hardware ACL acceleration. So when using medium to low
The most effective way is to reduce the number of entries of extended ACL to a standard ACL or to integrate multiple extended ACL into one.
III. Named access control list
Both standard access control lists and extended access control lists have a drawback, that is, when the rules of ACL are set, it is found that the
If there is a problem with an item, if you want to modify or delete it, you can only delete all the ACL information. That is to say, it will be shadowed if one is modified or deleted.
Ring to the entire ACL list. This disadvantage affects our work and brings us a heavy burden. But we can use name-based
Access control list to solve this problem.
Named access control list format:
Ip access-list {standard/extended} access-list-name (a string that can have a combination of letters and numbers)
For example: ip access-list standard softer / / establish a standard access control list called softer.
Named access control list configuration method:
Router (config) # ip access-list standard + Custom name
Router (config-std-nac1) # 11 permit host + ip / / by default, the first is 10 and the second is 20. If you do not specify a sequence
The newly added ACL is added to the end of the list
Router (config-std-nac1) # deny any
For a named ACL, you can insert an acl into the previous acl, delete or delete a single acl
For example: router (config) # ip access-list standard benet
Router (config-std-nasl) # no 11
Use show access-lists to view configured acl information
Summary: if there are many rules for setting ACL, you should use name-based access control lists to manage them, which can be reduced a lot.
After the maintenance work, it is convenient for us to adjust the ACL rules at any time.
48/74
Fourth, reverse access control list
Reverse access control list is an advanced application of ACL. He can effectively prevent the virus. Two AB can be guaranteed by configuring reverse ACL.
The computers in the network segment can PING,An each other to PING B, but B cannot PING A.
To put it more colloquially, data transmission can be divided into two processes: first, the source host sends the connection request and data to the destination host, and then
The destination host sends data to the source host after the connection is established between the two parties. The reverse ACL controls the connection requests mentioned above.
Format of reverse access control list:
The format of the reverse access control list is very simple, as long as you add established at the end of the configured extended access list.
Reverse access control list configuration example:
The router is connected to two network segments, 172.16.4.0 swap 24172.16.3.0 apperance 24. In 172.16.4.0, the computers in the 24 network segment are all servers.
Server, we protect these servers from viruses from the network segment 172.16.3.0 by reverse ACL settings.
Requirement: prohibit the virus from spreading from 172.16.3.0 to 172.16.4.0 to 172.16.4.0 on the server.
Configuration commands:
Access-list 101 permit tcp 172.16.3.0 0.0.255 172.16.4.0 0.0.0.255 established / / definition
ACL101, which allows all computers from the 172.16.3.0 network segment to access the computers in the 172.16.4.0 network segment, provided the TCP connection is established
It's standing. 172.16.3.0 is not allowed to access 172.16.4.0 when a TCP connection is not established.
Apply rules to the routed port
Ip access-group 101out / / apply ACL101 to port
After setting up, the virus will not easily spread from 172.16.3.0 to the server area of 172.16.4.0. Because if the virus wants to spread, it is always active.
For TCP connection, the TCP active connection of the 172.16.3.0 network segment is prohibited by reverse ACL on the router, so the virus cannot be transmitted smoothly.
Play it.
Tip: an easy way to check whether the reverse ACL is configured smoothly is to take a server in 172.16.4.0 PING in 172.16.3.0
If you can PING, then use the PING172.16.4.0 server of 172.16.3.0 that computer. If you can't connect with PING, you can say that.
Ming ACL configuration is successful.
There is a problem with the reverse ACL configured above, that is, the 172.16.3.0 computer cannot access the server's services, if the figure
If the WWW service is provided in 172.16.4.13, it cannot be accessed normally. The solution is to add another before the sentence "ESTABLISHED".
Extended ACL rules, for example: access-list 101 permit tcp 172.16.3.0 0.0.0.255 172.16.4.13 0.0.0.0 eq www
In this way, according to the "principle of being closest to the controlled object", when checking the ACL rules, the ACL rules are checked from top to bottom, as long as they are found to be in accordance with the
Forward the condition as soon as possible without continuing to detect the following ACL statement. The computer of 172.16.3.0 can access the server's
The WWW service is available, and the following ESTABLISHED antivirus command works normally.
Timed access control list
Setup steps:
1. Define the time period and time range.
2. The configuration of ACL itself, that is, adding detailed rules to ACL.
3. Declare ACL and add the set ACL to the corresponding port.
Define the name of the time range:
Router (config) # time-range time-range-name
Define a time period
Router (config-time-range) # periodic (cycle) days-of-the-week hh:mm to [days-of-the-week] hh:mm
49/74
The values of days-of-the-week are
Monday Tuesday Wednesday Thursday Friday Saturday Sunday {Monday to Sunday}
Daily (daily) weekdays (on weekdays) weekend (weekends)
Define an absolute time
Router (config) # time-range time-range-name
Router (config-time-range) # absolute [start hh:mm day month year] [end hh:mm day month year]
Introducing time range in extended ACL
Router (config) # access-list access-list-number {permit | deny} protocol {source ip + Anti-destination ip
+ Anti-Code + operator+time-range+time-range-name}
Timed access control list instance:
The router is connected to two network segments, 172.16.4.0 swap 24172.16.3.0 apperance 24. There is a server in the 172.16.4.0Universe 24 network segment.
For FTP services, the IP address is 172.16.4.13.
Requirement: only users of the 172.16.3.0 network segment are allowed to access the FTP resources on 172.16.4.13 on weekends, and the FTP cannot be downloaded during working hours.
Source.
Configuration commands:
Time-range softer / / define the time period name as softer
Periodic weekend 00:00 to 23:59 / / defines a specific time range, from 0 to 23:59 on weekends (6, days). That's for sure
You can use periodic weekdays to define a working day or day of the week to define a specific day of the week.
Access-list 101deny tcp any 172.16.4.13 0.0.0.0 eq ftp time-range softer / / set ACL, forbid during the time period
Access the FTP service of 172.16.4.13 within the scope of softer.
Access-list 101permit ip any any / / sets ACL to allow normal access for other time periods and other conditions.
Enter the appropriate port.
Ip access-group 101out / / apply to Port
Time-based ACL is more suitable for time period management. Users with the above setting of 172.16.3.0 can only visit the server on weekends.
For the FTP resources, usually can not access.
6. Access control list traffic record
The network administrator is to be able to manage the company's network reasonably. As the saying goes, only when you know yourself and your opponent can you win a hundred battles, so effectively record ACL traffic.
Information can be the first time to understand network traffic and the spread of the virus. The following article will give you a brief introduction to how to save access control.
To control the traffic information of the list, you can add the LOG command at the end of the extended ACL rule.
Implementation method:
Log 192.168.1.1 / / specifies a log server address for the router, which is 192.168.1.1
Access-list 101permit tcp any 172.16.4.13 0.0.0.0 eq www log / / add LOG at the end of the extended ACL you want to monitor
Command, which saves the information that meets the condition to the specified log server 192.168.1.1.
Tip: if log-input is added at the end of the extended ACL, not only the traffic information will be saved, but also the port information of the packet will be added.
OK, save it. If you use LOG to record the data traffic that meets the access control list rules, you can completely query where the traffic is heavy in the company network.
There's a virus somewhere. A simple command does a lot of work that professional tools can do.
50/74
Network knowledge 2
Catalogue
Basic concept of Cloud Computing 1
The five major components of a computer 1
Computer hardware knowledge 2
Corporate and home broadband network topologies and devices 3
Network cable standard, network communication mode 4
Binary conversion of numbers 4
IPv4 address Base (Classification) 5
PT Simulator LAN Foundation 6
Basic concepts of cloud computing
Cloud computing, IaaS, PaaS, SaaS
Cloud computing: there are many explanations and explanations for its definition. What is widely accepted at this stage is the definition of the National Institute of Standards and Technology (NIST): cloud.
Computing is a pay-per-use model that provides available, convenient, on-demand network access to configurable computing resources.
Source shared pool (resources include networks, servers, storage, applications, services, etc.). Ali, Tencent, Baidu, JD.com, Huawei and other companies
All provide cloud computing services.
Nowadays, in an era of Internet information and intelligence, almost everyone is inseparable from the Internet and intelligence, and the country is also speeding up information and intelligence.
With the speed of the construction of Huicheng City, various national institutions need to build government cloud platforms, and these Internet companies that provide cloud computing services also need to build.
The platform environment of cloud computing requires a large number of cloud computing engineers and cloud architects to provide enterprises with technical solutions and operations for project construction.
Dimensional solution. Informationization is an industry that will never be out of date. Whoever has mastered the information resources will win the market. We learn Linux cloud computing
It is to let oneself walk in the forefront of the emerging informatization, to keep pace with the times, so that one's career can develop in the long run with the development of informatization.
down.
IaaS: infrastructure as a service. Provide consumers with CPU, memory, storage, network and other basic computing resources through Internet
Users can deploy and run any software, including operating systems and applications. IaaS solutions of both Internet enterprises and governments need to be applied.
To the computer, network virtualization technology to achieve.
PaaS: platform as a service. Consumers originally deployed Java, Python, .net, PHP and other development environments locally on personal computers to open the software.
While PaaS service providers deploy the development platform directly on the Internet, users only need to access what they need through Internet
Development environment to realize the online development and testing of the software. It saves time and management costs for users in the deployment of the development environment.
SaaS: software as a service. The services provided by cloud service operators to customers are applications on cloud computing infrastructure, and users can set up a variety of
Be prepared to access it through a client interface, such as a browser. For example, office online office platform, PC version of OA system, mobile OA system, online ERP system
Tong et al.
The five major components of a computer
Arithmetic unit, controller, memory, input device, output device
Description: CPU, the central processing unit (CPU), is the core of the computer. It is mainly composed of arithmetic unit and controller.
Arithmetic unit: a part that performs arithmetic and logical operations.
Controller: the command and control component of a computer (similar to a military command center). The controller accesses the memory through the address and removes it from the memory.
The instruction is analyzed by the decoder, and the corresponding operation control signal is generated according to the result of the instruction analysis to act on other parts. Make all the parts in
Coordinate work methodically under the control of the controller.
Memory: a memory unit used in a computer to store all data and programs. Its basic function is to deposit (write) at the specified address or
Fetch (read) the information. [memory is divided into internal memory (i.e. memory or main memory, responsible for temporary storage of data) and external memory (i.e. external memory or auxiliary memory)
51/74
Memory, auxiliary memory, responsible for the permanent storage of data) two categories. The capacity units of memory are Byte bytes, KB kilobytes, MB megabytes,
GB gigabytes, TB, EB, ZB]
Input device: a device that inputs information (programs, data, sounds, text, graphics, images, etc.) into a computer. Common input devices are
Keyboard, mouse, scanner, touch screen, bar code input, camera, microphone, stylus and so on.
Output device: a device that outputs computer information to an external device. Common output devices are monitors, printers, plotters and projectors.
Computer hardware knowledge
CPU, motherboard, memory, hard drive, video card, monitor
Description: the higher the performance parameter value of most hardware, the better the performance and the higher the price. Only common performance parameters are described below.
CPU: central processing unit. The mainstream CPU brands of computing machines are Intel and AMD.
Performance parameter: working frequency-is a parameter that measures the speed of CPU operation. The units are Hz, KHz, MHz, GHz (mainstream). At 1000
Conversion, that is, 1GHz, 1000MHz, 1000MHz, 1000kHz, 1000kHz, 1000Hz.
Number of cores-that is, the number of computing cores. A single core has only one computing core, while a dual core has two computing cores.
Number of threads-that is, the number of threads. It can be understood as the number of production lines in a factory.
Cache-there are first-level cache, second-level cache and third-level cache.
Instruction set, such as supporting MMX instructions, can realize the operation and processing of sound, image and other information.
Motherboard: the main circuit board in a computer that provides a connection interface to each hardware. Common brands are Asustek, gigabyte, Seven Caihong and other brands.
Performance parameters: chipset model-chipset is the component responsible for managing the coordination between the hardware. There are North Bridge and South Bridge chips. Bei Qiao is responsible for
Manage the communication among CPU, memory and graphics cards. South Bridge is responsible for managing the communication between external memory, input and output devices.
Interfaces-the more interfaces you provide, the better. Common interfaces include CPU interface, memory strip interface, SATA hard disk data cable interface, PS/2 mouse button.
Disk interface, USB, PCI, PCI-E, etc.
RAM: commonly referred to as running memory (running memory). The unit of capacity is Byte bytes and the unit of operating frequency is Hz. The interface standard is DDR4
(2400MHz), DDR3 (1333MHz, 1600MHz). Brands are Samsung, Kingston, Hynix and other brands.
Hard disk: HD (Hard Disk), a component that realizes permanent storage of data and information. The unit of capacity is Byte bytes. Mechanical (magnetic storage), solid state
(chip storage) there are two kinds of hard drives. Brands include Seagate ST (Seagate), Western Digital WD (WestDigital), Hitachi HT (Hitach), Samsung
(Samsung).
Performance parameter: capacity-mainstream storage capacity includes 2TB, 1TB, and 500GB. The unit of capacity is converted in 1024. 1TB=1024GB .
Cache-the mainstream caches are 64MB, 32MB, 16MB, and 8MB.
Data line interface-SATA serial port, SAS (server only), SCSI, IDE (obsolete).
Speed per minute-the speed of a mechanical hard disk is usually 10,000 rpm, 7200 rpm (desktop), 5400 rpm (laptop)
Graphics card: a part that processes graphics and images. It can be divided into motherboard integrated graphics card and independent graphics card. Doing 3D design, graphic design, and playing games are all about graphics cards.
Performance is required. There are two manufacturers of graphics card processing chip (GPU), AMD (former ATI) and Nvidia.
Performance parameters: processing chip model-GT2080, GT1050Ti
Video memory-2GB, 1GB, 512MB
Bit width-128bit, 64bit
Working frequency-DDR5, DDR4, DDR3
Monitor: standard output device. Responsible for outputting the signal of the video card to the screen, so that the user can see the processing status of the information intuitively. Common
The displays include Samsung, TPV AOC, Philips Philips and so on.
Performance parameters: screen size-diagonal length, 32 inches, 23 inches, 20 inches, 19 inches, 17 inches, 15 inches and so on.
Resolution-A parameter that measures the sharpness of the monitor. Such as 1024768, 20481024, etc.
View of hardware information:
Run: win+R
Enter the CMD command line: cmd
View system information: systeminfo
52/74
Output the results of the command to a c:\ a.txt file:
Systeminfo > c:\ a.txt
Keyboard shortcuts:
Task Manager: Ctrl+Shift+Esc Ctrl+Alt+Del
Run: Win+R
Display Desktop: Win+D
Computer (my computer): Win+E
Refresh: F5
Full screen screenshot: prt Sc or ctrl+prt sc
Enterprise and home broadband network topologies and equipment
Network structure?
Network topology: a logical diagram showing the connection between network devices, usually used in network scheme design and fault analysis.
Common network topologies: star, bus, tree, ring, mesh.
Star shape
Bus shape
Tree shape
53/74
Corporate and home broadband network topologies:
Terminal devices such as PC and mobile phones-- > switch-- > ADSL router-- > modem (modem cat)-- > ISP operation
Business line.
Description: broadband gateway-also known as broadband integrated equipment, the equipment integrates the functions of switches, routers, modems, telecommunications
Operators usually provide this kind of equipment to home broadband users for broadband access. Advantages: convenient installation and debugging, energy saving and environmental protection.
Network cable standard and network communication mode
568A, 568B simplex, half duplex, full duplex
Twisted pair: consists of 8 (4 pairs of twisted pair) copper wires.
Warm Tip: only 1, 2, 3, 6 wires (orange-white, orange, green-white, green) are used in 100-megabit network communication.
A straight line (very commonly used. Jumper, that is, the finished network cable sold online): the crystal heads at both ends of the network cable are made according to the 568B standard. Used to connect no
Network devices of the same type, such as computers and switches, are directly connected.
Crossover cable (rarely used): one end of the network cable uses the 568B standard and the other end uses the 568A standard to connect the same type of equipment, such as switch connection.
The switch, the router is connected with the router, the computer is connected with the computer. Note: since network devices now provide port flipping technology (automatic identification
). Normal communication can also be achieved by using a straight-through line connection between the same devices.
Communication mode (working mode):
Simplex: party An and Party B in data communication, Party A can always send data, and Party B can only receive data. For example, the setting of cable TV and TV stations.
Prepare to send data, the TV set at home is only responsible for receiving data.
Half-duplex: party An and B in data communication, which can temporarily switch between sending and receiving functions. Like walkie-talkies.
Full-duplex: both An and B can send and receive data at the same time. Such as network card, telephone.
Simplex, half duplex, full duplex:
Simplex data transmission only supports data transmission in one direction; only one party can accept or send information at the same time, and two-way communication cannot be realized.
Letter, for example: television, radio. Half-duplex data transmission allows data to be transmitted in both directions, but at some point, data is allowed to travel in only one direction, and it is actually
A simplex communication of switching direction; only one party can receive or send information at the same time, and two-way communication can be realized. Example: intercom
Machine. Full-duplex data communication allows data to be transmitted in both directions at the same time. Therefore, full-duplex communication is a combination of two simplex communication modes, which requires transmission.
54/74
Both sending equipment and receiving equipment have independent receiving and sending capabilities; they can receive and send messages at the same time to achieve two-way communication.
Ex.: telephone communication. The full duplex (Full Duplex) of the network card means that the network card can receive data while sending data, and the two can be carried out at the same time, which seems to be flat.
When talking on the phone, you can also hear each other's voice while you are talking. Current network cards generally support full duplex.
Extended data:
Simplex, half-duplex and full-duplex are three kinds of communication channels in telecommunication computer network. These communication channels can provide a way to convey information. Pass
The signal channel may be a physical transmission medium or a logical connection through a multiplexing medium. Physical transmission medium refers to the material that can propagate energy waves.
Quality, such as wires in data communications. And logical connections usually refer to circuit switched connections or packet mode virtual circuit connections, such as wireless telecommunications
Aisle. With the help of communication channels, information can be transmitted without obstacles.
Simplex mode is generally used in situations where data is transmitted in only one direction. For example, the communication between the computer and the printer is simplex, because only
The computer transmits data to the printer, but not in the opposite direction. And in some communication channels, such as simplex wireless transmission and so on.
Simplex, half duplex, full duplex
Simplex data transmission only supports data transmission in one direction.
Half-duplex data transmission allows data to be transmitted in both directions, but at some point, data is only allowed to be transmitted in one direction.
It is a kind of simplex communication with switching direction.
Full-duplex data communication allows data to be transmitted in both directions at the same time, so full-duplex communication is a combination of two simplex communication modes, which requires
Both the sending device and the receiving device have independent receiving and transmitting capabilities.
The full duplex (Full Duplex) of the network card means that the network card can receive data while sending data, and the two can be carried out at the same time, which seems to be flat.
When talking on the phone, you can also hear each other's voice while you are talking. Current network cards generally support full-duplex.
When it comes to full-duplex, we have to mention another concept that closely corresponds to it, that is, "Half Duplex". The so-called half-duplex is
It means that only one action takes place in a period of time, for example, a narrow road, and only one car can pass through at the same time.
The two cars are opposite to each other. In this case, one can only pass first, and then the other one will be driven after the boss. This example vividly illustrates the origin of half-duplex.
Li. Devices such as early walkie-talkies and early hubs were based on half-duplex products. With the continuous progress of technology, half a pair of trade unions gradually
Withdraw from the stage of history.
Binary conversion of numbers
Decimal, binary, octal, hexadecimal
Decimal: every decimal. It is composed of 10 elements, 09.
Binary: one for every binary. It is composed of two elements: 0 and 1.
Octal: one octal for every octal. It is composed of the eight elements of 07s.
Hexadecimal: one for every hexadecimal. It is composed of 16 elements, 0,9 and AUBF. The MAC physical address of the network card is the hexadecimal number.
Check the physical address of the network card: Win+R-- > cmd-- > ipconfig / all
Decimal to binary: the method of dividing two to take the remainder. Write 0 where there is no remainder, and write one where there is a remainder. Example (9) 10 = (1001) 2
(17) 10 = (10001) 2
Binary to decimal: using a weighted algorithm.
(10001) 2 "241" 230 "220" 210 "201 = (17) 10
(1010) 2 "231" 220 "211" 20 "8" 2 = (10) 10
55/74
Click here click here click here
The power (index) of 2 7 6 5 4 3 2 1 0
Decimal value 128 64 32 16 8 4 2 1
255 1 1 1
13 1 1 0 1
16 1 0 0 0
172 1 0 1 0 1 1 0 0
168 1 0 1 0 1 0 0 0
Exercise: convert the following decimal to binary.
127111 1111
191 =
One hundred and twenty-two thousand six hundred and one hundred 0000
128 "32" 8 "1010 1000
172 = 128 "32" 8 "4
16 = 1 000 0
Exercise: convert the following binary to decimal.
IPv4 address Base (Classification)
IP address function, classification
IP address function: used to identify the number of the computer in the network.
The format of the IPv4 address: consists of four groups of numbers separated by dots, each with a range of values of 0,255. For example, 192.168.1.5.
The composition of IP address: by the network number and host number of two parts. The hosts in the local area network set up by the same switch can only be correct if the network number is the same.
Write to each other frequently. Communication between hosts with different network numbers must pass through the router.
The classification of IP addresses is determined by the value of the first set of numbers in the IP address. Class An is for large networks, Class B is for medium-sized networks, and Class C is for
Small network.
Class A: the value range of the first group number is 1: 127. That is, 1.0.0.00127.255.255.255. The network number (group number) of the class An address is the first group number, followed by
The number of three groups is the host number. The default subnet mask is 255.0.0.0.
Class B: 128-191. That is, 128.0.0.05191.255.255.255. The network number (group number) of the class B address is the first two groups, and the last two groups are hosts.
No. The recognition subnet mask is 255.255.0.0.
Class C: 192-223. That is 192.0.0.05223.255.255.255. The network number (group number) of a class C address is the first three groups, and the last group is the host.
No. The default subnet mask is 255.255.255.0.
Category D:
Category E:
10.5.5.3
255.0.0.0
56/74
Subnet mask (Netmask): used to clearly identify the network number and host number. Subnetting and supernetting can be realized (explained later). 255 (1111)
1111) is used to indicate the network number and 0 indicates the host number.
Exercise: write down the following IP address category, network number, host number information.
Click here
IP address category network number host number
101.5.5.3 Class A 101 5.5.3
172.18.3.6 Class B 172.18 3.6
10.0.0.5 Class A 10 0.0.5
180.2.2.1 Class B 180.2 2.1
198.3.2.5 Class C 198.3.25
192.168.10.5 Class C 192.168.10 5
PT Simulator Local area Network Foundation
Cisco package tracer simulator: software used to simulate Cisco router and switch equipment, as well as PC, server and other functions
Yes. Can do network experiments, network topology design.
English words:
Router: router
Switch: switch
Connections: connect the line. Such as automatic connection, straight-through line, exchange line, console line, optical fiber and so on.
End Device: terminal equipment. Such as computers, servers, network printers and so on.
Exercise: use the PT simulator to design the following network topology diagram, and set the IP address to the computers in the network, and finally use the host ping of PC0
The other two hosts test the communication status.
Exercise: use PT simulator to design the following network topology diagram, and set IP addresses to computers and routers in the network, and set them to computers.
Gateway IP, finally, use the host PC0 to ping the other two hosts to test the communication status.
Exercise: use the PT simulator to design the following network topology diagram, set the IP address to the server, and then set up the DHCP service on the server
The functional options of.
Concept:
DHCP: abbreviation for dynamic Host configuration Protocol (Dynamic Host Control Protocol).
Function: through the DHCP protocol to achieve the server to dynamically assign TCP/IP settings to the client. Including IP address, subnet mask, gateway, DNS and other parameters
Count. Widely used in the company's office network, WiFi wireless network. Routers are usually used to implement DHCP server functions in enterprises.
DHCP parameter setting: set to the server as shown in the following figure.
58/74
Exercise: do ftp file sharing with Serv_U software on a personal computer. Allows other users on the network to access ftp shares anonymously or under specified accounts.
59/74
FTP: file transfer Protocol (File Tranfer Protocol). The working mode is Cramp S architecture (server Server/ client Client).
Function: through the FTP protocol can achieve file upload (upload) and download (download) function.
Anonymous access: ftp://10.31.165.62/ user account access: ftp://jin:123@10.31.165.62/br/> user account access: ftp://jin:123@10.31.165.62/
Router
Router (router): also known as gateway device (Gateway), used to connect multiple logically separate networks, is to connect the local areas in the Internet
Network, wide area network equipment.
The role of a router is to
A logical network (that is, a network with a different network number) represents a single network or a subnet. When data is transferred from one subnet to another
Network, can be done through the router routing (that is, IP addressing and routing) function.
Case: class C IP addresses 192.168.10.5 and 192.168.11.8 are on two different logical networks. Because of their logical network number.
192.168.10 and 192.168.11 respectively. For normal communication between them, data must be forwarded through the router.
Function: to achieve packet forwarding (forward, that is, IP addressing and routing). It will automatically select and set the path according to the network connection.
By, with the best path, send signals in order. Routers are the hub of the Internet, equivalent to "traffic police" (or road signs).
Widely used in various industries, it can realize internal connection of backbone network, interconnection between backbone network and backbone network and Internet according to different grades of products.
Connect.
The main difference between a router and a switch is that the switch operates at the second layer of the OSI reference model (the data link layer), while the router works.
Work in the third layer (network layer).
Network Datagram format: source IP (outgoing address) + destination IP (pickup address) + data body
Warm Tip: it is easy to understand if you think of the express form you filled in when you sent the express delivery.
60/74
Router operating system:
IOS: the abbreviation of Internet operating system (Internet Operation System). Is a set based on Unix system development for routers,
The system program managed by the switch.
CLI: command line interface (command Linner Interface). Such as the command line interface of Windows and Linux.
GUI: graphical user interface (graphic User Interface). Such as the windows desktop interface.
Routing configuration
Static routing: manually configured by the administrator himself, saving network bandwidth and reducing additional expenses.
Dynamic routing: routers use predetermined dynamic routing protocols, send routing updates regularly, and calculate the new best path according to the new information.
By. Dynamic routing is used in large networks, hundreds or even thousands of routers. Dynamic routing protocols include RIP, OSPF and so on.
Routing Table:
Click here
Destination IP subnet mask gateway (that is, next hop) interface
127.0.0.0 255.0.0.0 127.0.0.1 lo
192.168.11.0 255.255.255.0 192.168.11.1 f0/0
192.168.12.0 255.255.255.0 192.168.12.1 f0/1
0.0.0.0 0.0.0.0 192.168.11.1 f0/2
61/74
The process of routing and forwarding packets by a router: first detect the destination IP address of the received packet, detect whether there is a route record of reaching the destination IP address in the routing table, if so, forward it, otherwise it will be discarded.
Router basic configuration:
Requirements: use PT simulator to design the network topology diagram shown in the following figure, and then configure IP addresses for each interface in the CLI command line interface of the router.
Finally, view the routing table information.
Warm reminder: when the command input error will prompt 255.255.255.255 and stuck here can not operate, press Ctrl+Shift+6 to force unlock at this time
That's it.
Configure the router R1 port:
Normal mode of Router > / / initialization (for basic viewing functions only, prompt is > greater than sign)
Router >? Or help / / Show help
Router > enable / / enter privileged mode (used to view more settings related to the router)
Router#config terminal / / enters configuration mode (i.e. global mode, which is used to set parameters such as interface IP, routing table, etc.) of the router
Configuring from terminal, memory, or network [terminal]? T
Enter configuration commands, one per line. End with CNTL/Z.
Router (config) # no ip domain-lookup / / disable domain name resolution
Router (config) # hostname R1 / / change hostname to R1
R1 (config) # interface f0swap 0 / / configure port f0ap0. Note: f0plet0 refers to the first port of the first slot.
R1 (config-if) # ip add 192.168.1.1 255.255.255.0 / / set port ip and subnet mask
R1 (config-if) # no shutdown / / Open port (activate port)
% LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
% SYS-5-CONFIG_I: Configured from console by console
R1 (config) # exit / / exit the current setting (you don't have to do it)
R1 (config) # int f0swap 1 / / configure f0lap1 port
R1 (config-if) # ip add 192.168.2.1 255.255.255.0 / / set port ip
R1 (config-if) # no shut / / Open Port
R1 (config-if) # ctrl+z or end / / return to privileged mode
Ringing show ip route / / View the routing table
62/74
Save settings by ringing write or copy run start / /. Save the settings running in memory to the startup configuration file
R1#ping 192.168.1.1 / / Communication status test (can ping)
R1#ping 192.168.2.1 / Communication status test (temporarily ping is not available because the other port is not activated and does not have power)
Configure router R2 port
Router > en / / enter privileged mode
Router#config t / / enters configuration mode
Router (config) # hostname R2amp / change hostname to R2
R2 (config) # int f0swap 0 / / configure port f0lap0
R2 (config-if) # ip add 192.168.2.2 255.255.255.0 / / set port ip
R2config-if) # no shut / / Open Port
R2 (config) # int f0swap 1 / / configure port f0lap1
R2 (config-if) # ip add 192.168.3.1 255.255.255.0 / / set port ip
R2 (config-if) # no shut// Open Port
R2 (config-if) # ip add 192.168.3.1 255.255.255.0 / / set port ip
R2 (config-if) # no shut / / Open Port
R2 (config-if) # ctrl+z / / return to privileged mode
Ringing show ip route / / View the routing table
Ringing write or copy run start / / Save Settings
R2#ping 192.168.2.2 / / Communication status test
R2#ping 192.168.3.1 / Communication status test
Configure router R3 port
Router > en / / enter privileged mode
Router#config t / / enters configuration mode
Router (config) # hostname R3 / / change hostname to R3
R3 (config) # int f0lap0 / / configure port f0lap0
R3 (config-if) # ip add 192.168.3.2 255.255.255.0Universe / set port ip
R3config-if) # no shut// Open Port
R3 (config) # int f0swap 0 / / configure port f1max 0
R3 (config-if) # ip add 192.168.4.1 255.255.255.0Universe / set port ip
R3config-if) # no shut// Open Port
R3 (config-if) # ctrl+z / / return to privileged mode
Ringing show ip route / / View the routing table
Ringing write or copy run start / / Save Settings
R3#ping 192.168.3.2 / / Communication status test
R3#ping 192.168.4.1 / / Communication status test
PC0 computer IP settings:
IP address: 192.168.1.2
Subnet mask (netmask): 255.255.255.0
Gateway (gateway): 192.168.1.1
PC1 computer IP settings:
IP address: 192.168.4.2
Subnet mask (netmask): 255.255.255.0
Gateway (gateway): 192.168.4.1
63/74
Static routes:
Exercise: use the PT simulator to design the network topology diagram shown in the following figure, and then configure IP addresses for each interface in the CLI command line interface of the router
Then view the routing table information. Add static routing records to the three routers to achieve normal communication across the network (that is, ping communication).
Activity: add static routing records to routers R1 and R3 in the above exercise.
Static routing command: ip route destination network number subnet mask gateway IP (that is, next-hop IP address)
Example: ip route 192.168.3.0 255.255.255.0 192.168.2.2
R1 configures a static route:
R1 > en
R1#conf t
R1 (config) # ip route 192.168.3.0 255.255.255.0 192.168.2.2
R1 (config) # ip route 192.168.4.0 255.255.255.0 192.168.2.2
R1 (config) # do write / / Executes write commands in privileged mode with do in configuration mode
R1 (config) # do show ip route / / View the routing table with do Exec privileged mode show ip route in configuration mode
R1 (config) # do ping 192.168.2.1 / can ping
R1 (config) # do ping 192.168.3.1 / / cannot ping
R2 configures static routes:
R2 > en
R2#conf t
R2 (config) # ip route 192.168.1.0 255.255.255.0 192.168.3.2
R2 (config) # ip route 192.168.4.0 255.255.255.0 192.168.3.2
R2 (config) # do write
R1 (config) # do show ip route / / View the routing table with do Exec privileged mode show ip route in configuration mode
R2 (config) # do ping 192.168.2.2 / can ping
64/74
R3 configure static routes:
R3 > en
R3#conf t
R3 (config) # ip route 192.168.2.0 255.255.255.0 192.168.3.1
R3 (config) # ip route 192.168.1.0 255.255.255.0 192.168.3.1
R3 (config) # do write
R1 (config) # do show ip route / / View the routing table with do Exec privileged mode show ip route in configuration mode
R3 (config) # do ping 192.168.4.1 / can ping
R3 (config) # do ping 192.168.1.2 / can ping
--
Dynamic routing:
Features: routers regularly learn routing records on neighboring routers. Common dynamic routing protocols include RIP, OSPF and so on.
RIP: routing Information Protocol (route Information Protocol). Belongs to the distance vector routing protocol. No more than 15 hops, that is, 16 routes
The device. By default, it refreshes every 30 seconds.
OSPF: open shortest path first.
Exercise: use the PT simulator to design the network topology diagram shown in the following figure, and then configure IP addresses for each interface in the CLI command line interface of the router
Then view the routing table information. Add static routing records to the three routers to achieve normal communication across the network (that is, ping communication).
How to configure RIP:
R1 > en
R1#conf t
R1 (config) # do show ip route / / View the routing table
R1 (config) # router rip / / enable RIP protocol
R1 (config) # version 2 / / enable RIP Protocol version 2
R1 (config) # network 192.168.1.0 / / issue a route advertisement for this network number
R1 (config) # network 192.168.2.0 / / issue a route advertisement for this network number
R1 (config) # do show ip route / / View the routing table
R1 (config) # do show run / / View the running configuration information of the router
Description: C is a directly connected route record R is a RIP route record
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/1
R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:28
FastEthernet0/1
R 192.168.4.0/24 [120/2] via 192.168.2.2, 00:00:28
FastEthernet0/1
Router password settin
Password type:
1. Privileged mode password: that is, the password that switches from normal mode to privileged mode with enable.
2. Console port management password: the password when using console port (control port) to manage routing.
3. Telnet remote login password: the password for remote login to the router with the telnet command.
65/74
Privileged mode password configuration:
R1 > en
R1#conf t
R1 (config) # enable?
Password Assign the privileged level password
Secret Assign the privileged level secret
R1 (config) # enable password mingwen / / set plaintext password (low priority)
R1 (config) # enable secret miwen / / set ciphertext password (high priority)
R1 (config) # end / / exits configuration mode and returns to privileged mode
R1#write / / Save Settings
R1#sh run / / View running configuration information
Additional task: start the password encryption service.
Service password-encryption
Console port management password:
Function: it is the password that needs to be entered when entering normal mode.
R1 > enable
R1#conf t
R1 (config) # line console 0 / / set console 0 port
R1 (config-line) # password jin / / set password to jin
R1 (config-line) # login / / allow password verification
R1 (config-line) # end
R1#write
R1#show run
Telnet Telnet password:
Function: use the telnet command to remotely log in to the router password.
R1 > enable
R1#conf t
R1 (config) # line vty 0 4 / / set the vty virtual terminal line 0x4pm 0 is the starting number and 4 is the cut-off number
R1 (config-line) # password jinvty / / set password to jinvty
R1 (config-line) # login / / allow password verification
R1 (config-line) # end
R1#write
R1#show run
Test the telnet login password:
1. Set the correct IP address for the computer. That is, it can communicate normally with the router.
two。 Enter telnet 192.168.1.1 in the cmd interface of the computer, and you can see the remote login interface and wait for the user to enter the password.
Note: if you want to use telnet to remotely manage Cisco routers and switches, you must set the telnet password and privileged mode login password.
IP address
IP: abbreviation for Internet Protocol (Internet Protocol). Computers, switches and routers in the Internet all use IP protocol to communicate.
66/74
Letter.
IP address: the ID number used to uniquely identify network devices in the IP protocol. For example, the IP address of a computer is 192.168.11.11.
The format of mobile phone number: for example 13100705318, 131is the number of Unicom operator (network number), 0070 (Wuhan) is the area code, 5318 is
Personal number.
The format of IPv4 address: it consists of two parts: network number (network bit) and host number (host bit). It is composed of 4 groups. Composed of dotted decimal numbers, each group
The value range of the number is 00255. The underlying network program recognizes the IP address as binary (0000 0000 ~ 1111 1111).
Example: the left three sets of numbers 192.168.11 in the class C IP address 192.168.11.11 are the network number, and the rightmost 11 is the host number.
7 6 5 4 3 2 1 0
128 "64" 32 "16" 8 "4" 2 "1" 255
Classification of IP addresses: the classification is determined according to the range of values of the first number on the left in the IP address.
Category range binary
Category A: 1-127 0 000 000 1-0 111 1111
Category B: 128, 191, 100, 000, 000, 10, 11, 1111 (25564)
Category C: 192, 223, 110, 000, 000, 110, 1, 1111
Category D: 224, 239, 1110, 000, 000, 1110, 1111 (25516)
Category E: 240,247 11110 000,000 11110 111 (2558)
Practice questions: please state which of the following IP addresses belong to A, B, C, D, and E.
130.8.9.1
10.8.3.2
172.16.5.3
230.1.1.2
241.8.9.5
192.168.5.3
202.103.24.68
114.114.114.114
8.8.8.8
300.5.3.8 is not an IP address, wrong IP address
Network number and host number of the IP address:
Category network number host number
Class A (1-127): the last three groups of the first group number 1.0.0.0 ~ 127.255.255.255
Category B (128 to 191): the number of the first and second groups and the last two groups are 128.0.0.0,191.255.255.255
Category C (192,223): the first, second and third groups are followed by 192.0.0.0,223.255.255.255.
Note: in the local area network formed by layer 2 switches, only hosts with the same network number can communicate normally (that is, ping).
Practice question: in the LAN formed by the layer 2 switch, which of the following IP hosts can communicate normally?
The idea of solving the problem: first look at which category the IP address belongs to, and then analyze the network number of the IP address according to the category. Finally, as long as the network number
Those who are the same can communicate normally. 192.168.11.5192.168.12.8192.168.11.9192.168.12.11192.168.3.510.1.1.810.5.3.211.7.8.911.8.9.12
67/7410.9.8.7
Special IP address:
Loopback address: the first number to the left of the IP address is the IP address of 127s. For example, 127.0.0.1 / 127.255.255.254 represents the machine itself. Commonly used
Do internal tests (local tests). Any loopback address of ping can be reached.
Network address: an IP address in which the host number has a binary of all zero in the IP address. For example, the network address of this IP is 192.168.11.11.
192.168.11.0 . Another example is 172.16.88.168, the network address of this IP is 172.16.0.0.
Broadcast address: the IP address of the host number's binary bit 1 in the IP address. For example, the network address of this IP is 192.168.11.11.
192.168.11.255 . Another example is 172.16.88.168, the network address of this IP is 172.16.255.255.
Multicast address: 224.0.1.0 ~ 238.255.255.255
Multicast transmission: a point-to-multipoint network connection between the sender and each receiver. If a sender transmits a phase to multiple receivers at the same time
For the same data, you only need to copy the same data packet. It improves the efficiency of data transmission and reduces the possibility of congestion in the backbone network.
Private address (reserved address): used only within the local area network or for experimental purposes. Private addresses can no longer be used in the Internet Internet.
Value range of category
Category A: 10.0.0.1mm 10.255.255.255
Category B: 172.16.0.05172.31.255.255
Class C: 192.168.0.05192.168.255.255
DHCP reserved address: when the DHCP client (that is, the computer network card TCP/IP is set to automatically obtain the IP address) cannot obtain the IP address automatically through DHCP
The host is automatically randomly assigned to the DHCP reserved address. The range of values is 169.254.0.00169.254.255.255.
Subnet mask (sub netmask or prefix): a bit used to clearly indicate the network number (network bit) and host number (host bit) in the IP address
Buy. The subnet mask declares the location of the network number in the IP address with the binary all-1 and the bits of the host number in the IP address with all-binary all-zero.
Buy.
Ex.: what are the network numbers and host numbers of the following IP addresses?
IP:192.168.11.8
Subnet mask: 255.255.255.0
IP:172.16.9.8
Subnet mask: 255.255.0.0
IP:10.5.8.7
Subnet mask: 255.0.0.0
IP:10.9.8.7
Subnet mask: 255.255.0.0
IP:11.8.9.7
Subnet mask: 255.255.255.0
Ex.: what are the network numbers of the following two IP addresses, and whether they belong to the same network segment (that is, the same network number).
172.16.9.8
255.255.255.0
172.16.8.8
255.255.255.0
68/74
Subnetting
Decimal number: composed of the ten elements of 09, the decimal system is used in human daily life. It is characterized by one out of ten.
Binary number: composed of 0 and 1, the data is processed by computer using binary number. It is characterized by a full two into one.
Hexadecimal number: composed of sixteen elements 0,9 and AUBF, the physical MAC address of the network card of the computer uses hexadecimal. The characteristic is over 16.
Take one. Use ifconfig or ip a to check the MAC address of the network card
Appendix: power of 2
Power of 2: 10 9 8 7 6 5 4 3 2 10
Decimal: 1024 512 256 128 64 32 16 8 4 2 1
Binary conversion of numbers:
Convert decimal to binary: divide the decimal number by 2, take the remainder, and finally write the remainder from the bottom up.
Example: convert the decimal 9 into a binary number.
Ex.: convert decimal 11, 63, 17, 15, 7 into binary numbers, respectively.
(11) 10 = (1011) 2
(63) 10 = (111 111) 2
(15) 10 = (1111) 2
(7) 10 = (111) 2
(126) 10 = (1111110) 2
(60) 10 = (111100) 2
[1111]-27 [16, 8, 2, 1] = (1100 1111) 2
Convert binary to decimal: calculate using a weighted algorithm.
69/74
Ex.: binary 11010 is converted to decimal.
(11010) 2 "241" 231 "220" 211 "20" 0 "16" 8 "0" 2 "0 = (26) 10
Appendix: power of 2
Power of 2: 10 9 8 7 6 5 4 3 2 10
Decimal: 1024 512 256 128 64 32 16 8 4 2 1
Example: binary 110,101,1011 and 1011101 are converted to decimal.
(110) 2 = (6) 10
(101) 2 = (5) 10
(1011) 2 = (11) 10
(1011101) 2 = (93) 10
Special role of subnet mask:
1. Subnetting: by using the host bit (binary bit) in the IP address to act as the network bit, the large local area network is divided into several small ones.
Common subnet mask values for class C subnetting:
For example: IP address 192.168.11.0 take 24 this IP network is subnetted, divided into two subnets
The net.
Default subnet mask for class C IP: 255.255.255.0 host bit 0 (0000 0000) ~ 255 (1111 1111) subnet mask prefix
(VLSM): / 24
Borrowing of subnets: formula 2n = number of subnets n is the number of binary digits borrowed from the host number
There are 256 numbers in total. 256 numbers are divided into two groups. Each group has 256 numbers.
The range of the first group of numbers is 0-127 and the range of the second group is 128-255. So what is the subnet mask?
0 (0000 0000) ~ 127 (0111 1111) 1001 1002 1003 2001 2002 2003
128 (1000 0000) ~ 255 (1111 1111)
255.255.255.0 0 (0000 0000) 255.255.255.128
two。 Supernetting: using the network bits (binary bits) in the IP address to act as host bits, merging multiple small Lans into a large local area
The net.
For example, there are 256 IP addresses in the range of 192.168.11.0 and 192.168.11.255, of which 192.168.11.0 (network)
(address), 192.168.11.255 (broadcast address) these two IP addresses cannot be assigned to hosts. The number of IP addresses that can be used is 256-22000.
There are 256 numbers in 0255network.
Appendix: power of 2
Power of 2: 10 9 8 7 6 5 4 3 2 10
Decimal: 1024 512 256 128 64 32 16 8 4 2 1
128 "64" 32 "16" 8 "4" 2 "1" 255
256 numbers are divided into two groups, each group has 256 Universe 2128numbers.
1 group range 0127 0000 00000 0111 1111 (255128)
2 groups range from 128 to 255
256 numbers are divided into 4 groups, and each group has 256 picks and 64 numbers.
1 group range 063
2 groups range 64-127
3 groups range from 128 to 191
4 groups range from 192 to 255
256 numbers are divided into 8 groups, each group has 256 Universe 832 numbers.
1 group range 031
2 groups range from 32 to 63
3 groups range from 64 to 95
4 groups range 96-127
5 groups range from 128 to 159
6 groups range from 160 to 191
7 groups range from 192 to 223
8 groups range 2240255
256 numbers are divided into 16 groups, each group has 256 Universe 16 numbers.
1 group range: 015
Range of 2 groups: 16-31
3 groups range: 32-47
71/74
4 groups range: 48-63
5 groups range: 64 to 79
6 groups range: 80-95
7 groups range: 9600111
8 groups range: 1125127
9 groups range: 128-143
10 groups range: 144 to 159
11 groups range: 160,175
12 groups range: 176mm 191
13 groups range: 192-207
14 groups range: 208223
15 groups range: 2240239
16 groups range: 240,255
256 numbers are divided into 32 groups, and each group has 256 Universe 32 numbers.
Calculate the value range of each group by yourself.
256 numbers are divided into 64 groups, and each group has 256 Universe 64 numbers.
Calculate the value range of each group by yourself.
256 numbers are divided into 128 groups, each group has 256 Universe 128 numbers.
Calculate the value range of each group by yourself.
Subnetting activity
Question:
Q: do you need to borrow n bits from the host number to divide m subnets? How many digits are left in the host number? What is the default subnet mask? Subnetting (that is, borrowing
What is the new subnet mask after the host bit)?
Answer: the formula 2n=m that is borrowed from the host number
The formula of the remaining digits used to represent the host number in the host bit: 8murn
The subnet mask can be written according to the first result in the answer.
Q: after dividing m subnets, how many IP addresses are there in each subnet? How many IP addresses are available?
Answer: the total number of IP for each subnet is 256. The formula for the number of available IP per subnet (256g)-2
Activity: subnetting the IP address of the 192.168.8.0tic24 network into 4 subnets, please answer the following questions in turn:
1. What is the default (unsubnetted) subnet mask? 255.255.255.0
two。 How many bits do I need to borrow from the host number to act as the network number? 2
3. How many IP addresses are there in each subnet? 256x4x64
4. How many IP addresses are available in each subnet? sixty-two
5. What is the network address and broadcast address of each subnet?
6. How many bits are left in the binary used to represent the host number in the host number? 8-2-6
7. What is the new subnet mask after subnetting? 255.255.255.192
72/74
192.168.8.0/26
Borrow two, leaving six.
There are 64 IP addresses per subnet, and 62 are available.
Network address broadcast address
192.168.8.0-192.168.8.63
192.168.8.64-192.168.8.127
192.168.8.128-192.168.8.191
192.168.8.192-192.168.8.255
128 64 32 16 8 4 2 1
255.255.255.192
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.