Вы находитесь на странице: 1из 293

QSW-2800

www.qtech.ru

1.
1.1.

11

1.1.1.

11

1.1.2

15

1.1.1.1. Telnet

15

1.1.1.2. HTTP

18

1.1.1.3. SNMP

21

1.2. CLI
1.2.1

21

22

1.2.1.1.

22

1.2.1.2.

22

1.2.1.3. .

23

1.2.2

24

1.2.3

25

1.2.4

26

1.2.5

27

1.2.5.1

: (successfull)

1.2.5.2 : (error)

1.2.6

11

(Fuzzy math)

27
27

27

28

2.1

28

2.2

Telnet

29

2.2.1

Telnet

29

2.2.1.1

Telnet

29

2.2.1.2

Telnet

30

2.2.2.

SSH

32

2.2.2.1

SSH

32

2.2.2.2

SSH

32

2.2.2.3

SSH

33

2.3
2.3.1

2.4

IP
IP

SNMP

33
34

35

2.4.1

SNMP

35

2.4.2

MIB

36

2.4.3

RMON

38

www.qtech.ru

2.4.4

SNMP

2.4.4.1

SNMP

SNMP

42

2.4.6

SNMP

44

44

2.5.1

44

2.5.2

BootROM

45

2.5.3

FTP/TFTP

48

2.5.3.1

FTP/TFTP

48

2.5.3.2

FTP/TFTP

50

2.5.3.3

FTP/TFTP

53

2.5.3.4 FTP/TFTP

38

2.4.5

2.5

38

56

58

3.1

58

3.2

58

3.3

63

3.4

63

64

4.1

64

4.2

64

4.3

67

4.4

68

69

5.1

69

5.2

69

5.3

70

71

6.1

6.2

71

6.3

74

6.4

74

ULDP

71

75

7.1

ULDP

75

7.2

ULDP

76

www.qtech.ru

7.3

ULDP

80

7.4

ULDP

81

LLDP

83

8.1

LLDP

83

8.2

LLDP

84

8.3

LLDP

89

8.4

LLDP

89

PORT CHANNEL

90

9.1

Port channel

90

9.2

LACP

91

9.2.1

LACP

92

9.2.2

LACP

92

9.3

Port channel

93

9.4

Port channel

96

9.5

Port channel

98

10 MTU

99

10.1

MTU

99

10.2

MTU

99

11 EFM OAM

100

11.1

EFM OAM

100

11.2

EFM

103

11.3

EFM OAM

106

11.4

EFM OAM

107

12

108

12.1

108

12.2

108

12.3

PORT SECURITY

109

12.4

PORT SECURITY

110

13 DDM
13.1

111
111

13.1.1

DDM

111

13.1.2

DDM

112

13.2

DDM

www.qtech.ru

113

13.3

DDM

116

13.4

DDM

120

14 LLDP-MED

121

14.1

LLDP-MED

121

14.2

LLDP-MED

121

14.3

LLDP-MED

123

14.4

LLDP-MED

126

15 BPDU-TUNNEL
15.1

127

bpdu-tunnel

127

15.1.1

bpdu-tunnel

127

15.1.2

bpdu-tunnel

127

15.2

bpdu-tunnel

128

15.3

bpdu-tunnel

129

15.4

bpdu-tunnel

130

16 - VLAN

131

16.1

VLAN

131

16.1.1

VLAN

131

16.1.2

VLAN

132

16.1.3

VLAN

137

16.1.4

139

16.2

Dot1Q

141

16.2.1

Dot1q

141

16.2.2

Dot1q

142

16.2.3

Dot1q

143

16.2.4

Dot1q

144

16.3

Selective QinQ

145

16.3.1

Selective QinQ

145

16.3.2

Selective QinQ

145

16.3.3

Selective QinQ

146

16.3.4

Selective QinQ

148

16.4

VLAN

148

16.4.1

VLAN

148

16.4.2

VLAN

148

16.4.3

VLN

149

16.4.4

VLAN

151

www.qtech.ru

16.5

Multi-to-One VLAN

151

16.5.1

Multi-to-One VLAN

151

16.5.2

Multi-to-One VLAN

151

16.5.3

Multi-to-One VLAN

152

16.5.4

Multi-to-One VLAN

154

16.6

VLAN

154

16.6.1

154

16.6.2

VLAN

155

16.6.3

VLAN

156

16.6.4

VLAN

157

16.7

GVRP

158

16.7.1

GVRP

158

16.7.2

GVRP

159

16.7.3

GVRP

161

16.7.4

GVRP

163

17 MAC
17.1

MAC

164
164

17.1.1

164

17.1.2

166

17.2

168

17.3

170

17.4

170

17.5

171

17.5.1

171

17.5.5.1

171

17.5.5.2

171

17.5.5.3

174

17.6

MAC-

174

17.6.1

MAC-

174

17.6.2

MAC-

174

17.6.3

MAC

176

17.6.4

MAC

176

18 MSTP
18.1

MSTP

18.1.1

MSTP

18.1.1.1

MSTP

www.qtech.ru

177
177
177
178

18.1.1.2

MST

179

18.1.2

179

18.1.3

MSTP

179

18.2

MSTP

179

18.3

MSTP

186

18.4

MSTP

191

19 QOS
19.1

QoS

192
192

19.1.1

QoS

192

19.1.2

QoS

193

19.1.3

QoS

194

19.2

QoS

199

19.3

QoS

204

19.4

QoS

206

20

207

20.1

207

20.2

207

20.3

208

20.4

208

21 QINQ
21.1

QinQ

209
209

21.1.1

QinQ

209

21.1.2

QinQ

209

21.1.3

QinQ

209

21.2

QinQ

209

21.3

QinQ

211

21.4

QinQ

213

22 3-

214

22.1

3-

214

22.1.1

3-

214

22.1.2

3-

214

22.2

IP

215

22.2.1

IPv4, IPv6

215

22.2.2

IP

217

22.2.2.1

IPv4

www.qtech.ru

217

22.2.2.2

22.2.3

22.3

IPv6

IPv6

ARP

218

220

220

22.3.1

ARP

220

22.3.2

ARP

220

22.3.3

ARP

221

23 ARP

222

23.1

ARP

23.2

ARP 222

23.3

ARP

225

23.4

ARP

226

24 ARP
24.1

222

227
227

24.1.1

ARP (Address Resolution Protocol)

227

24.1.2

ARP

227

24.1.3

ARP

227

24.2

ARP

228

24.3

ARP, ND

229

25 ARP GUARD

231

25.1

ARP GUARD

231

25.2

ARP GUARD

232

26 ARP (GRATUITOUS ARP)

233

26.1

ARP

233

26.2

ARP

233

26.3

ARP

234

26.4

ARP

235

27 DHCP

236

27.1

DHCP

236

27.2

DHCP Server Configuration

237

27.3

DHCP

241

27.4

DHCP

243

27.5

DHCP

247

28 DHCPV6
28.1

DHCPv6

www.qtech.ru

248
248

28.2

DHCPv6

249

28.3

DHCPv6

251

28.4

DHCPV6

252

28.5

DHCPv6

254

28.6

DHCPv6

255

28.7

DHCPv6

258

29 82 DHCP
29.1

82 DHCP

259
259

29.1.1

82 DHCP

259

29.1.2

82

260

29.2

82 DHCP

261

29.3

82 DHCP

264

29.4

82 DHCP

266

30 60 43 DHCP

267

30.1

60 43 DHCP

267

30.2

60 43 DHCP

267

30.3

60 43 DHCPv6

268

30.4

60 43 DHCP

268

31 37, 38 DHCPV6

269

31.1

37, 38 DHCPv6

269

31.2

37, 38 DHCPv6

269

31.3

37, 38 DHCPv6

274

31.3.1

37, 38 DHCPv6 Snooping

274

31.3.2

37, 38 DHCPv6

276

37, 38 DHCPv6

278

31.4

32 DHCP SNOOPING

279

32.1

DHCP Snooping

279

32.2

DHCP Snooping

280

32.3

DHCP Snooping

286

32.4

DHCP Snooping

287

32.4.1

287

32.4.2

287

www.qtech.ru

33 82 DHCP
33.1

82 DHCP

288
288

33.1.1

82 DHCP

288

33.1.2

82

289

33.2

82 DHCP

290

33.3

82 DHCP

291

33.4

82 DHCP

293

www.qtech.ru


1.

11

1.
1.1.
.
: (out-of-band) (in-band).
1.1.1.
.
, ,
. ,
IP- Telnet.
, :
1: ()

, (RS-232)
. .

www.qtech.ru


1.

12

(PC)

RS-232,
, HyperTerminal,
Windows 9x/NT/2000/XP.

RS-232,
.

2: HyperTerminal.
, HyperTerminal, Windows.
HyperTerminal Windows .
1. (Start menu) (All Programs)
(Accessories) (Communication) HyperTerminal

HyperTerminal.

www.qtech.ru


1.

13

2. HyperTerminal, Switch.

HyperTerminal.

3. , RS-232
PC, , COM1 OK

HyperTerminal

www.qtech.ru


1.

14

4. COM1 : 9600 Baud


rate ; 8 Data bits ; none Parity checksum ; 1 stop bit ; none
traffic control ; Restore default , OK .

1-5. HyperTerminal.

3: (CLI) .
, HyperTerminal
.
Testing RAM...
0x077C0000 RAM OK
Loading MiniBootROM...
Attaching to file system...
Loading nos.img ... done.
Booting......
Starting at 0x10000...

www.qtech.ru


1.

15

Attaching to file system...

--- Performing Power-On Self Tests (POST) --DRAM Test....................PASS!


PCI Device 1 Test............PASS!
FLASH Test...................PASS!
FAN Test.....................PASS!
Done All Pass.
------------------ DONE --------------------Current time is SUN JAN 01 00:00:00 2006

Switch>

.
.
1.1.2 .

Telnet, HTTP, SNMP.
,
. , - ,
,
.
1.1.1.1. Telnet
Telnet, :
1. IPv4/IPv6 ;
2. IP (Telnet ) VLAN , IPv4/IPv6
;
3. , Telnet
IPv4/IPv6 , .

IPv4/IPv6
, .
,
VLAN1.

Telnet
VLAN1 Telnet ( IPv4):

www.qtech.ru


1.

16

Telnet

1: IP Telnet Server
.

IP .
, IP VLAN1 . IP
VLAN1 10.1.128.251/24. IP
10.1.128.252/24. ping 192.168.0.10 ,
.
IP VLAN1 .
, IP-
(, Console).
( ,
switch ,
):
Switch>
Switch>enable
Switch#config
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 10.1.128.251 255.255.255.0
Switch(Config-if-Vlan1)#no shutdown

Telnet
, :
Switch>enable
Switch#config
Switch(config)# telnet-server enable

www.qtech.ru


1.

17

2: Telnet Client
Telnet Windows .

Telnet Windows.

3: .
Telnet
(login) (password).
. .
, Telnet ,
(username) (password)
: username <username> privilege
<privilege> [password (0|7) <password>] .

authentifcation line vty login local.

15.
, test test ,
Telnet:
Switch>enable
Switch#config
Switch(config)#username test privilege 15 password 0 test
Switch(config)#authentication line vty login local

Telnet,
CLI . ,
Telnet CLI,
,

www.qtech.ru


1.

18

Telnet

1.1.1.2. HTTP
Web-
:
1. IPv4/IPv6 .
2. IP (HTTP ) VLAN , IPv4/IPv6
.
3. , HTTP
IPv4/IPv6 , , .
, Telnet, ping/ping6
IPv4/IPv6 ,
HTTP. :
1: IP HTTP .
IP- ,
Telnet .
Web , ip http server
:
Switch>enable
Switch#config
Switch(config)#ip http server

www.qtech.ru


1.

19

2: Web- .
Web- IP ,
HTTP Windows. , IP
10.1.128.251 ;

HTTP

IPv6 Firefox
1.5 . , 3ffe:506:1:2::3.
IPv6 http:// [3ffe: 506:1:2:: 3],
.
3: .
WEB ,
(login) (password),
. .
, Telnet ,
(username) (password)
:
username <username> privilege <privilege> [password (0|7) <password>].

: authentication
line vty login local..

15., admin admin ,
:
Switch>enable
Switch#config
Switch(config)#username admin privilege 15 password 0 admin
Switch(config)#authentication line web login local

www.qtech.ru


1.

20

Web :

Web .

,
Web , :

Web .

: ,
.

www.qtech.ru


1.

21

1.1.1.3. SNMP
:
1. IPv4/IPv6 .
2. IP (HTTP ) VLAN , IPv4/IPv6
.
3. , HTTP
IPv4/IPv6 , .
SNMP
IP , SNMP,
/ . ,
SNMP, ,
Snmp network management software user manual (
SNMP).

1.2. CLI
: CLI (Command
Line Interface) , -,
SNMP. CLI(), -
, SNMP . CLI
. ,
Telnet
(CLI).
CLI Shell, .
. , ,
.
Shell :

;
;
;
;
;

(Fuzzy math).

www.qtech.ru


1.

22

1.2.1

User Mode

Admin Mode

ACL configuration
Mode

Route configuration
Mode

DHCP address pool


Configuration Mode

Vlan Mode

Interface Mode

Global Mode

Shell

1.2.1.1.

. ,
, Switch> , >
.
, .
, ,
, .

1.2.1.2.
()
: "Admin";
"enable" () ,
( ).

"Switch#". "Ctrl + Z",

( ).

,
.

www.qtech.ru


1.

23

. ,


.
1.2.1.3. .
Switch#config
.
, , , VLAN ,
.
, MAC-,
, VLAN, IGMP Snooping STP, . .

.


.
: 1.VLAN; 2.Ethernet ; 3. -,
.

VLAN

IP

interface vlan <Vlan-id> ..


exit

.
.

Ethernet

interface
ethernet
<interface-list>

interface
port-channel :
exit
<port-channel-number> , ..
.

www.qtech.ru

exit

, .
Ethernet
..


1.

24

VLAN
<vlan-id> ,
VLAN.
VLAN.
, VLAN .
DHCP Address Pool
ip dhcp pool <name>
DHCP Address Pool. Switch(Config-<name>dhcp)# . DHCP Address Pool.
, DHCP Address Pool
.
ACL

ACL

IP ACL

ip
access-list standard
exit
.
IP ACL
.

IP ACL

ip
access-list extended
exit
.
IP ACL
.

1.2.2
. ,
, .
:
cmdtxt <variable> {enum1 | | enumN } [option1 | | optionN]

: cmdtxt ;
<variable> ; {enum1 | | enumN}

www.qtech.ru


1.

25

,
enum1~enumN, [] [option1 | | optionN]
.
"<>", "{}" "[]" : [<variable>], {enum1 <variable>| enum2}, [option1 [option2]],
.
:
. ,
;
show version,

vlan <vlan-id>,


, .
firewall {enable | disable},

snmp-server community {ro | rw} <string>, :


snmp-server community ro <string>
snmp-server community rw <string>

1.2.3

. ,
Ctrl + P Ctrl + N .

()

Back Space

. .

.
.

.
, ,
,
.


.

.

.

www.qtech.ru


1.

26

Ctrl +p

Ctrl +n

Ctrl +b

Ctrl +f

Ctrl +z


( )

Ctrl +c

, ..

Tab

Tab
, .

1.2.4
: help
? .

Help

"help" Enter,
.

1. "?",

.
2. "?" . ,
, .., ,
,
, "<cr > ",
, Enter, .
3. "?" . ,
.

www.qtech.ru


1.

27

1.2.5
1.2.5.1 : (successfull)
, Shell.
,
.
1.2.5.2 : (error)


Unrecognized
parameter!

command

or

illegal
, .

Ambiguous command

Invalid command or parameter

(),
.

This command is not exist in current (),


mode
.
Please configure precursor command (),
"*" at first!
.
syntax error : missing '"' before the end
:
of command line!
.

1.2.6 (Fuzzy math)


Shell
. Shell ,
.
:
1. show interface ethernet status , ,
sh in ethernet status .
2. , show running-config show r
> Ambiguous command! , .. Shell
show radius show running-config . , Shell
sh ru .

www.qtech.ru


2.

28

2
2.1

,
, ,
.

/
Enable [<1-15>]
disable

enable
. disable .


config [terminal]


exit

,

, ,
( )
.

show privilege

/
end


,
/ .


clock set <HH:MM:SS> .
[YYYY.MM.DD]
show version

set default

write

Flash-.

www.qtech.ru


2.

reload

show cpu usage

CPU.

show cpu utilization

show memory usage

29


banner motd <LINE>
no banner motd


Telnet
.

2.2 Telnet
2.2.1 Telnet
2.2.1.1

Telnet

Telnet .
Telnet, IP .
Telnet
TCP. , ,
.
Telnet - , Telnet
, - Telnet . Telnet ,
Telnet .
Telnet ,
Telnet , Windows
,
. Telnet 5
Telnet TCP.
Telnet ,
. TCP-
.
, TCP .

www.qtech.ru


2.

2.2.1.2

30

Telnet

1. Telnet ;
2. Telnet .

1. Telnet


telnet-server enable

Telnet
,

no
.

no telnet-server enable

username <user-name> [privilege <privilege>]


[password [0 | 7] <password>]
Telnet . no

no username <username>
.
authentication securityip <ip-addr>

IP
Telnet:
no .

no authentication securityip <ip-addr>


authentication securityipv6 <ipv6-addr>
no authentication securityipv6 <ipv6-addr>

authentication
std>|<name>}

ip

access-class

no authentication ip access-class
authentication
std>|<name>}

ipv6

access-class

no authentication ipv6 access-class

IPv6
Telnet:
no
.

{<num- IP ACL Telnet /


SSH /Web; no
.
{<num- IPv6 ACL Telnet / SSH /Web;
no
.

authentication line {console | vty | web} login


{local | radius | tacacs }
Telnet.

www.qtech.ru


2.

31

no authentication line {console | vty | web}


login
authentication enable method1 [method2 ]
no authentication enable

authorization line {console | vty | web} exec Telnet.


{local | radius | tacacs}
no authorization line {console | vty | web} exec
accounting line {console | vty} command <1- .
15> {start-stop | stop-only | none} method1
[method2]
no accounting line {console | vty} command <115>

terminal monitor
terminal no monitor


Telnet
; no
.

2. Telnet

telnet [vrf <vrf-name>] {<ip-addr> | <ipv6- Telnet


addr> | host <hostname>} [<port>]
,
.

www.qtech.ru


2.

32

2.2.2. SSH
2.2.2.1 SSH
SSH (. Secure SHell ) ,
.
TCP/IP .
, SSH SSH-,
. ,
.
SSH2.0, SSH2.0 , ,
SSH Secure Client Putty.
.
RSA, 3DES SSH
, ..
2.2.2.2 SSH

ssh-server enable
no ssh-server enable

;
no .

username
<username>
[privilege
<privilege>] [password [0 | 7] SSH .
<password>]
no
.
no username <username>
ssh-server timeout <timeout>
no ssh-server timeout

SSH;
no
SSH.

ssh-server
authentication-retires SSH
<authentication-retires>
; no
.
no ssh-server authentication-retries
ssh-server host-key create rsa modulus RSA SSH .
<moduls>

www.qtech.ru


2.

33


terminal monitor
terminal no monitor

SSH
; no
.

2.2.2.3 SSH
1:
:

SSH SSH2.0
, SSH Secure Client Putty .
, .
IP-, SSH SSH
. SSH2.0 ,
.

Switch(config)#ssh-server enable
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 100.100.100.200 255.255.255.0
Switch(Config-if-Vlan1)#exit
Switch(config)#username test privilege 15 password 0 test

IPv6 , SSH- ,
IPv6, putty6.
, IPv6-
.

2.3

IP

Ethernet-
. VLAN
, IP, IP- . VLAN,
,
VLAN. IP :

www.qtech.ru


2.

34

BOOTP

DHCP
IP- IP- .
BOOTP / DHCP , BOOTP/DHCP ,
BOOTP BOOTP/DHCP- BOOTP/DHCP
, ,
DHCP , , IP-,
DNS- DHCP ,
.
2.3.1 IP
1. VLAN ;
2. ;
3. BOOTP ;
4. DHCP .
1. VLAN


interface vlan <vlan-id>
no interface vlan <vlan-id>

VLAN (
); no
VLAN .

2.

VLAN

ip address <ip_address> <mask> [secondary] IP VLAN ;


no ip address <ip_address> <mask> no IP
[secondary]
VLAN.
ipv6 address <ipv6-address / prefix-length> IPv6 . no
[eui-64]
IPv6 .
no ipv6 address <ipv6-address / prefixlength>

www.qtech.ru


2.

35

3. BOOTP

VLAN

ip bootp-client enable
no ip bootp-client enable

BOOTP
IP-
BOOTP. no
BOOTP .

4. DHCP

VLAN

ip dhcp-client enable
no ip dhcp-client enable

2.4

DHCP
IP-
DHCP. no
DHCP .

SNMP

2.4.1 SNMP
SNMP (Simple Network Management Protocol)
, . SNMP
. SNMP v1 [RFC1157]
SNMP,
; SNMP v2c SNMP v1;
SNMP v3 , USM VACM (View-Based Access Control
Model).
SNMP-
. SNMP
UDP ( ),
.
SNMP- -.
: NMS (Network Management Station) . NMS
, SNMP. SNMP-

www.qtech.ru


2.

36

. ,
. NMS .
.
NMS -,
. NMS .
SNMP :

Get-Request
Get-Response
Get-Next-Request
Get-Bulk-Request

Set-Request
Trap
Inform-Request

NMS : Get-Request, Get-Next-Request, Get-BulkRequest and Set-Request, , , GetResponse. , ,


,
. , NMS
, RMON .
,
.
USM ,
. USM .
,
. USM ,
. USM DES-CBC . HMAC-MD5 HMACSHA .
VACM .
.
.
2.4.2 MIB
NMS
(MIB). MIB ,
,
.
. ISO ASN.1
MID, MIB

www.qtech.ru


2.

37

. OID
( ) . OID
,
MID, :

Root

Node(1)

Node(1)

Object(1)

Node(2)

Node(2)

Node(1)
Object(2)

Object(1)

ASN.1

OID 1.2.1.1. NMS


OID . MIB
, .
MIB ,
MIB NMS. MIB
MIB MIB. MIB
, NMS, MIB
,
.
MIB-I [RFC1156] MIB SNMP, MIB-II
[RFC1213]. MIB-II MIB-I OID MIB MIB-I. MIB-II,
, .
. NMS
MIB SNMP .
SNMP , SNMP v1/v2c
SNMP v3. MIB-II, RMON MIB
MID, Bridge MIB. ,
MIB.

www.qtech.ru


2.

38

2.4.3 RMON
RMON SNMP .
RMON MIB
,
SNMP
. RMON
.
MID RMON 10 .
1, 2, 3 9:

Statistics:

.
History: ,
.
Alarm:

RMON .
Event: , RMON .
Alarm Event. Statistics History
. Alarm Event

( Trap ).
2.4.4 SNMP
2.4.4.1 SNMP
1. SNMP ;
2. SNMP;
3. IP- SNMP;
4. engine ID;
5. ;
6. ;
7. ;
8. TRAP;
9. / RMON.

www.qtech.ru


2.

39

1. SNMP


snmp-server enabled

SNMP
. no
.

no snmp-server enabled

2. SNMP


snmp-server community {ro|rw} {0 | 7} SNMP
<string> [access {<num-std>|<name>}] [ipv6- . no
access {<ipv6-num-std>|<ipv6-name>}] [read .
<read-view-name>]
[write
<write-viewname>]
no snmp-server community <string> [access
{<num-std>|<name>}] [ipv6-access {<ipv6num-std>|<ipv6-name>}]

3. IP- SNMP


snmp-server securityip { <ipv4-address> | IPv4/IPv6 ,
<ipv6-address> }

no snmp-server securityip { <ipv4-address> | . no


<ipv6-address> }

snmp-server securityip enable


snmp-server securityip disable

www.qtech.ru

IP.


2.

40

4. engine ID


snmp-server engineid <engine-string>
no snmp-server engineid

engine ID
.
SNMP v3.

5.


snmp-server user <use-string> <group- SNMP .
string> [{authPriv | authNoPriv} auth {md5 |
sha} <word>] [access {<num-std>|<name>}] USM SNMP v3.
[ipv6-access {<ipv6-num-std>|<ipv6-name>}]
no snmp-server user <user-string> [access
{<num-std>|<name>}] [ipv6-access {<ipv6num-std>|<ipv6-name>}]

6.


snmp-server
group
<group-string>
{noauthnopriv|authnopriv|authpriv} [[read .
<read-string>] [write <write-string>] [notify VACM SNMP v3.
<notify-string>]]
[access
{<numstd>|<name>}] [ipv6-access {<ipv6-numstd>|<ipv6-name>}]
no snmp-server group <group-string>
{noauthnopriv|authnopriv|authpriv} [access
{<num-std>|<name>}] [ipv6-access {<ipv6num-std>|<ipv6-name>}]

www.qtech.ru


2.

41

7.


snmp-server view <view-string> <oid-string> .
{include|exclude}
SNMP v3.

no snmp-server view <view-string> [<oidstring>]

8. TRAP

snmp-server enable traps


no snmp-server enable traps

Trap .
SNMP v1/v2/v3.

snmp-server host { <hostipv4-address> | <host-ipv6address> } {v1 | v2c | {v3


{noauthnopriv | authnopriv
| authpriv}}} <user-string>
no snmp-server host { <hostipv4-address> | <host-ipv6address> } {v1 | v2c | {v3
{noauthnopriv | authnopriv
| authpriv}}} <user-string>

IPv4/IPv6 ,
SNMP Trap. SNMP v1/v2,
Trap;
SNMP v3 ,
Trap. "no",
IPv4 IPv6 .

snmp-server
trap-source IPv4 IPv6 ,
{<ipv4-address> | <ipv6- trap , "no"
address>}
.
no snmp-server trap-source
{<ipv4-address> | <ipv6address>}

www.qtech.ru


2.

42

9. / RMON


rmon enable

/ RMON

no rmon enable

2.4.5 SNMP
IP- NMS 1.1.1.5, IP- () 1.1.1.9.
1: NMS SNMP
.
, :
Switch(config)#snmp-server enable
Switch(config)#snmp-server community rw private
Switch(config)#snmp-server community ro public
Switch(config)#snmp-server securityip 1.1.1.5

NMS

.
2: NMS Trap (: NMS,
, Trap .
NMS usertrap).
, :
Switch(config)#snmp-server enable
Switch(config)#snmp-server host 1.1.1.5 v1 usertrap
Switch(config)#snmp-server enable traps

www.qtech.ru


2.

43

3: NMS SNMP v3, .


, :
Switch(config)#snmp-server
Switch(config)#snmp-server user tester UserGroup authPriv auth md5 hellotst
Switch(config)#snmp-server
notify max

group

UserGroup

AuthPriv

read

max

write

max

Switch(config)#snmp-server view max 1 include

4: NMS v3Trap , .
, :
Switch(config)#snmp-server enable
Switch(config)#snmp-server host 10.1.1.2 v3 authpriv tester
Switch(config)#snmp-server enable traps

5: IPv6 NMS 2004:1:2:3::2; IPv6 ()


2004:1:2:3::1. NMS SNMP
.
, :
Switch(config)#snmp-server enable
Switch(config)#snmp-server community rw private
Switch(config)#snmp-server community ro public
Switch(config)#snmp-server securityip 2004:1:2:3::2

NMS

.
6: NMS Trap (: NMS,
, Trap .
NMS usertrap).
, :
Switch(config)#snmp-server host 2004:1:2:3::2 v1 dcstrap
Switch(config)#snmp-server enable traps

www.qtech.ru


2.

44

2.4.6 SNMP
SNMP, SNMP
- ..
, , :

2.5

.
,
up ( "Show interface"),
(
"ping").
, SNMP . ( "snmpserver ")
, IP NMS ( "snmp-server
securityip") ( "snmp-server
community") . - , SNMP
NMS .
Trap , Trap (
"snmp-server enable traps"). IP Trap ( "snmp-server
host"), Trap .
RMON , (
"rmon enable").
"show snmp" ,
SNMP; "show snmp status",
SNMP; "debug
snmp packet", SNMP.
- SNMP,
.

: BootROM TFTP/FTP
Shell.
2.5.1
(image) (boot)
.
.

www.qtech.ru


2.

45

,
. ., IMG file . IMG
FLASH nos.img.
(boot) , ,
ROM file ( IMG ,
).
ROM.
flash:/boot.rom
flash:/config.rom.
: 1. BootROM ; 2.
TFTP FTP Shell.
.
2.5.2 BootROM
BootROM : TFTP FTP,
BootROM.

BootROM

:
1:
,
. FTP / TFTP
, image .

www.qtech.ru


2.

46

2:
"Ctrl + B" BootROM
. :
[Boot]:
3:
BootROM , "setconfig", IP-
BootROM, IP- , TFTP
FTP . , 192.168.1.2,
192.168.1.66 TFTP . :
[Boot]: setconfig
Host IP Address: [10.1.1.1] 192.168.1.2
Server IP Address: [10.1.1.2] 192.168.1.66
FTP(1) or TFTP(2): [1] 2
Network interface configure OK.
[Boot]

4:
FTP / TFTP . TFTP TFTP, FTP
FTP-. ,
,
. , "load" BootROM .
, .
:
[Boot]: load nos.img
Loading...
Loading file ok!

www.qtech.ru


2.

47

5:
nos.img BootROM.
:
[Boot]: write nos.img
File nos.img exists, overwrite? (Y/N)?[N] y
Writing nos.img.....................................................
Write nos.img OK.
[Boot]:

6:
boot.rom , , ,
4.
[Boot]: load boot.rom
Loading
Loading file ok!

7:
boot.rom BootROM.
.
[Boot]: write boot.rom
File boot.rom exists, overwrite? (Y/N)?[N] y
Writing boot.rom
Write boot.rom OK.
[Boot]:

8:
run reboot BootROM
CLI.
[Boot]:run (or reboot)

BootROM .
DIR - FLASH.

www.qtech.ru


2.

48

1. DIR command
Used to list existing files in the FLASH.
[Boot]: dir
boot.rom 327,440 1900-01-01 00:00:00 --SH
boot.conf83 1900-01-01 00:00:00 --SH
nos.img 2,431,631 1980-01-01 00:21:34 ---startup-config2,922 1980-01-01 00:09:14 ---temp.img2,431,631 1980-01-01 00:00:32 ----

2. CONFIG RUN command


Used to set the IMAGE file to run upon system
configuration file to run upon configuration recovery.

start-up,

and

the

[Boot]: config run


Boot File: [nos.img] nos.img
Config File: [boot.conf]

2.5.3 FTP/TFTP
2.5.3.1 FTP/TFTP
FTP (File Transfer Protocol) / TFTP (Trivial File Transfer Protocol)
, ( ) TCP
/ IP , ,
. - .
.
FTP TCP
. ,
(
).
FTP ,
: .
FTP- 21

.
: .

,
. , , ,
20 ( ) , 20
, .

www.qtech.ru


2.

49

,
.
,
.
TFTP UDP,
.

- . TFTP FTP ,
.
FTP / TFTP .
FTP / TFTP ,
FTP / TFTP ( ,
) .
FTP . ,
FTP /
TFTP ( , ).
FTP / TFTP ,
FTP / TFTP .
FTP/TFTP.
ROM: EPROM, . EPROM FLASH .
SDRAM: ,
.
FLASH: .
System file: .
System image file:
, , IMG
file . IMG FLASH.
FTP Shell
nos.img, IMG .
Boot file: , ,
ROM file ( IMG ,
). ROM.
flash:/boot.rom
flash:/config.rom.
Configuration file:
.

www.qtech.ru


2.

50

Start up configuration file: ,


.
. CF,
FLASH, CF, FLASH-
CF. ,
.cfg, - startup.cfg.
,
startup-config.
Running configuration file: (running)
, .
. running-config
RAM FLASH write copy running-config
startup-config .
Factory configuration file: . ,
factory-config. ,
set default
write , .

2.5.3.2 FTP/TFTP
FTP TFTP ,
FTP TFTP .
1. FTP/TFTP
(1) FTP/TFTP

copy <source-url> <destination-url> [ascii | FTP/TFTP


binary]

(2) FTP

ftp-dir <ftpServerUrl>

www.qtech.ru

FTP .

: ftp: //: @IPv4|IPv6
.


2.

51

2. FTP
(1) FTP

ftp-server enable
no ftp-server enable

, no

(2) FTP .

ip ftp username <username> password


[0 | 7] <password>
FTP . no

no ip ftp username<username>

(3) FTP

ftp-server timeout <seconds>

www.qtech.ru


2.

52

3. TFTP
(1) TFTP

tftp-server enable
no tftp-server enable

, no

(2) TFTP

tftp-server
<seconds>

retransmission-timeout

(3)

tftp-server
<number>

retransmission-number

www.qtech.ru


2.

53

2.5.3.3 FTP/TFTP
IPv4 IPv6 . IPv4 .

10.1.1.

10.1.1.

nos.img FTP/TFTP

1: FTP/TFTP .
, FTP/TFTP
IP- 10.1.1.1, FTP/TFTP , IP-
VLAN1 10.1.1.2. "nos.img"
.
FTP
:
FTP
"Switch" "superuser". "12_30_nos.img"
FTP .
:
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch(Config-if-Vlan1)#no shut
Switch(Config-if-Vlan1)#exit
Switch(config)#exit
Switch#copy ftp: //Switch:switch@10.1.1.1/12_30_nos.img nos.img

www.qtech.ru


2.

54

2: FTP .
,
. nos.img
12_25_nos.img .
:
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch(Config-if-Vlan1)#no shut
Switch(Config-if-Vlan1)#exit
Switch(config)#ftp-server enable
Switch(config)# username Admin password 0 superuser

:
FTP Switch
superuser , get nos.img 12_25_nos.img
nos.img .
3: TFTP .
TFTP ,
TFTP . nos.img
:
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch(Config-if-Vlan1)#no shut
Switch(Config-if-Vlan1)#exit
Switch(config)#tftp-server enable

:
TFTP , tftp
nos.img .
4: FTP FTP
. : Ethernet
, FTP IP 10.1.1.1;
FTP IP VLAN1 10.1.1.2.

www.qtech.ru


2.

55

FTP:
:
FTP Switch ,
superuser
:
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 10.1.1.2 255.255.255.0
Switch(Config-if-Vlan1)#no shut
Switch(Config-if-Vlan1)#exit
Switch#copy ftp: //Switch: superuser@10.1.1.1
220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...
331 User name okay, need password.
230 User logged in, proceed.
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
recv total = 480
nos.img
nos.rom
parsecommandline.cpp
position.doc
qmdict.zip
(some display omitted here)
show.txt
snmp.TXT
226

ansfer complete.

www.qtech.ru


2.

56

2.5.3.4 FTP/TFTP
FTP
/
FTP ,
ping . - ,
.
, .
, , " copy"
.
220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...
331 User name okay, need password.
230 User logged in, proceed.
200 PORT Command successful.
nos.img file length = 1526021
read file ok
send file
150 Opening ASCII mode data connection for nos.img.
226 Transfer complete.
close ftp client.

, .
, , " copy"
.
220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...
331 User name okay, need password.
230 User logged in, proceed.
200 PORT Command successful.
recv total = 1526037
************************
write ok
150 Opening ASCII mode data connection for nos.img (1526037 bytes).
226 Transfer complete.


FTP, "close ftp client" "226
Transfer complete ,
.
FTP , BootROM
.

www.qtech.ru


2.

57

TFTP
/
TFTP ,
ping . - ,
.
, .
, , " copy"
.
nos.img file length = 1526021
read file ok
begin to send file, wait...
file transfers complete.
close tftp client.

, .
, , " copy"
.
begin to receive file, wait...
recv 1526037
************************
write ok
transfer complete
close tftp client.


TFTP, "close tftp client"
"226 Transfer complete ,
.
TFTP , BootROM
.

www.qtech.ru


3.

58

3
3.1

. CLI, SNMP -,

,
(-) (
).
. IP ,
, IP-
. IP-,
.
(-)
- ,
. ,
.
(, ),
,
.
:

IP-;
;

;
;

;

- .

3.2 :
1.
2.
1) IP- - ;
2) ;
3) -;
3.

www.qtech.ru


3.

59

1)
;
2) ;
3)
(keep-alive) .
4) Keep-Alive
;
5) -, .
4. -
1) Keep-Alive ;
2) Keep-Alive ,
;
5.
1)
2) -
3) -
6. Web
1) Enable http
7. snmp
1) Enable snmp server
1.


cluster run [key <WORD>] [vid <VID>]
no cluster run

www.qtech.ru


3.

60

2. .


cluster ip-pool <commander-ip>
no cluster ip-pool

IP-
.

cluster commander [<cluster_name>]

no cluster commander
cluster member {candidate-sn <candidate-sn>
| mac-address <mac-addr> [id <member-id> ]} .
no cluster member {id <member-id> | macaddress <mac-addr>}

3.


cluster auto-add
no cluster auto-add

cluster member auto-to-user

cluster keepalive interval <second>


no cluster keepalive interval

cluster keepalive loss-count <int>


no cluster keepalive loss-count

Keep-Alive ,
.

clear cluster nodes [nodes-sn <candidate- -,


sn-list> | mac-address <mac-addr>]
.

www.qtech.ru


3.

61

4.

cluster keepalive interval <second>


no cluster keepalive interval
cluster keepalive loss-count <int>

Keep-Alive ,
.

no cluster keepalive loss-count

5.

rcommand member <member-id>

,

-.

rcommand commander

,

.

cluster reset member [id <member-id> | ,


mac-address <mac-addr>]

.
cluster update member <member-id> <src- ,
url> <dst-filename>[ascii | binary]

-
nos.img.

www.qtech.ru


3.

62

6. web

ip http server

HTTP
- .
: , HTTP
-,
- web.

7. snmp

snmp-server enable

SNMP
-.
: , SNMP
-,
SNMP.
-
<commander-community>@sw<member id>

www.qtech.ru


3.

63

3.3
:
SW1-SW4, SW1 ,
- SW2 SW4 , SW3
SW2.

SW1

SW2

SW3

SW4

:
1.
SW1:
Switch(config)#cluster
Switch(config)#cluster
Switch(config)#cluster
Switch(config)#cluster

run
ip-pool 10.2.3.4
commander 5526
auto-add

2. -
SW2-SW4
Switch(config)#cluster run

3.4
, , :

,
.
VLAN.
VLAN
(RIP, OSPF, BGP) VLAN ,
.
, , .
- ,
.

www.qtech.ru


4.

64

4
4.1
.
1000GX-TX , SFP Gigabit .
,
interface ethernet <interface-list>
, <interface-list> . <interface-list>
, ,
-, , , - -
. , 2,3,4,5.
interface ethernet 1/2-5 .
, ,

.

4.2
1.
2.
(1) combo combo
(2) /
(3)
(4)
(5)
(6)
(7)
(8) /
(9)
(10)
(11)
(12)
3.

www.qtech.ru


4.

65

1. Ethernet


interface ethernet <interface-list>

Ethernet .

2.

media-type {copper | copper-preferred- combo (


auto | fiber | sfp-preferred-auto}
combo).
shutdown
no shutdown

/ .

description <string>
no description

mdi { auto | across | normal }


no mdi

.
combo
.

speed-duplex {auto [10 [100 [1000]]


[auto | full | half |]] | force10-half |
force10-full | force100-half | force100full | force100-fx [module-type {autodetected | no-phy-integrated | phyintegrated}] | {{force1g-half | force1gfull} [nonegotiate [master | slave]]}|
force10g-full}
no speed-duplex


100/1000Base-TX 100Base-FX ports.

NO

,
.

negotiation {on|off}


1000Base-FX.

bandwidth control <bandwidth> [both |


receive | transmit]
,

no bandwidth control
/
.

www.qtech.ru


4.

66

flow control
no flow control

/
.

loopback
no loopback

/
.

storm-control {unicast | broadcast |


multicast} <Kbits>
,

)
; NO

.
Switchport
flood-control
bcast|mcast|ucast }
no
switchport
flood-control
bcast|mcast|ucast }
port-scan-mode {interrupt | poll}
no port-scan-mode

{
,
{ ,
no .

. NO
.

rate-violation <200-2000000> [recovery


<0-86400>|]
.
no rate-violation
,

( 300).
NO .

port-rate-statistics interval [<interval -
value>]
.

3.

virtual-cable-test interface ethernet

www.qtech.ru


4.

67

4.3

Switch 1

1/7

1/12

1/9

1/8

1/10

Switch 2

Switch 3

VLAN . VLAN1.

Switch1

1/7

: 50 M

Switch2

1/8

1/9

100Mbps full,

1/10

1000Mbps full,

1/12

100Mbps full

Switch3

www.qtech.ru


4.

68

:
Switch1:
Switch1(config)#interface ethernet 1/7
Switch1(Config-If-Ethernet1/7)#bandwidth control 50000 both
Switch2:
Switch2(config)#interface ethernet 1/9
Switch2(Config-If-Ethernet1/9)#speed-duplex force100-full
Switch2(Config-If-Ethernet1/9)#exit
Switch2(config)#interface ethernet 1/10
Switch2(Config-If-Ethernet1/10)#speed-duplex force1g-full
Switch2(Config-If-Ethernet1/10)#exit
Switch2(config)#monitor session 1 source interface ethernet1/8;1/9
Switch2(config)#monitor session 1 destination interface ethernet 1/10
Switch3:
Switch3(config)#interface ethernet 1/12
Switch3(Config-If-Ethernet1/12)#speed-duplex force100-full
Switch3(Config-If-Ethernet1/12)#exit

4.4
,
:

, .
IEEE 802.3.

:

;

,

. ,
.

www.qtech.ru


5.

69

5
5.1
- ,
, .
VLAN
VLAN . ,
,
,
.
16 .

5.2
1.
2. Ethernet
3.
1.


isolate-port group <WORD>
no isolate-port group <WORD>

.
NO
.

2. Ethernet


isolate-port group <WORD> switchport
interface
[ethernet
|
port-channel]
<IFNAME>
no isolate-port group <WORD> switchport
interface
[ethernet
|
port-channel]
<IFNAME>

www.qtech.ru


,

. NO


5.

70

3.

,
show isolate-port group [ <WORD> ]

Ethernet
.

5.3

e1/15

Vlan
e1/1

e1/10

S1

S2

S3

. e1/1, e1/10
e1/15 VLAN 100. ,
switch1 1/1 1/10

1/15, . ,
.
.
S1:
Switch(config)#isolate-port group test
Switch(config)#isolate-port
1/1;1/10

www.qtech.ru

group

test

switchport

interface

ethernet


6.

71

6.1

Ethernet-.
2- ,
, .
2- ,
.
MAC , MAC
MAC
, , .
MAC
. ..
, ,
, MAC ,
MAC . ,
- ,
, ( MAC
),
2- .
. ,

, ,
.

,
( MAC )
,
, .

6.2

1.

2.

3.

4.

5.

www.qtech.ru


6.

72

1.


loopback-detection interval-time <loopback>
<no-loopback>

no loopback-detection interval-time

2.

loopback-detection specified-vlan <vlan-list>


no loopback-detection specified-vlan <vlan-
list>

3.

loopback-detection
|block| learning}

control

no loopback-detection control

www.qtech.ru

{shutdown
.


6.

73

4.

debug loopback-detection
no debug loopback-detection

show
loopback-detection
<interface-list>]


. NO

.
[interface

,
;


5.

loopback-detection control-recovery timeout

<0-3600>

( )
.

www.qtech.ru


6.

74

6.3

,
. ,
,

.
:
Switch(config)#loopback-detection interval-time 35 15
Switch(config)#interface ethernet 1/1
Switch(Config-If-Ethernet1/1)#loopback-detection special-vlan 1-3
Switch(Config-If-Ethernet1/1)#loopback-detection control block

,
MSTP ,
VLAN.
Switch(config)#spanning-tree
Switch(config)#spanning-tree mst configuration
Switch(Config-Mstp-Region)#instance 1 vlan 1
Switch(Config-Mstp-Region)#instance 2 vlan 2
Switch(Config-Mstp-Region)#

6.4

.

www.qtech.ru


7. ULDP

75

7 ULDP
7.1 ULDP
,
. ,
,
.
, .
,
,
.

Switch A

g1/0/1

g1/0/3

g1/0/2

g1/0/4

Switch B

Switch A
Switch B
g1/0/2

g1/0/1

g1/0/3

Switch C

www.qtech.ru


7. ULDP

76

, GBIC ( Giga
Bitrate interface Converter 1Gb )
,
.
,
.(broadcast black hole).
ULDP (Unidirectional Link Detection Protocol
) , ,
. ,
Ethernet ( ), ULDP
. , ,
,
, .
ULDP
, .
ULDP , ,
,

. ULDP
,
. , ULDP
, ULDP,
.
ULDP , ULDP
.
ULDP , ,
ULDP
.

7.2 ULDP
1. ULDP ;
2. ULDP ;
3. ;
4. ;
5. ;
6. (Hello messages);
7. ;
8. , ULDP;
9. ULDP;

www.qtech.ru


7. ULDP

77

1. ULDP


uldp enable

ULDP
.

uldp disable

2. ULDP

uldp enable

ULDP
.

uldp disable

3.


uldp aggressive-mode

no uldp aggressive-mode

4.

uldp aggressive-mode
no uldp aggressive-mode

www.qtech.ru


7. ULDP

78

5.


uldp manual-shutdown
no uldp manual-shutdown

6. (Hello messages)


uldp hello-interval <integer>
no uldp hello-interval


(Hello messages), 5 100
. - 10 .

7.


uldp recovery-time <integer>
no uldp recovery-time <integer>


. 30 86400 .
0 .

8. , ULDP


uldp reset


.
.

www.qtech.ru


7. ULDP

79

9. ULDP

show uldp [interface ethernet IFNAME]

ULDP.
ULDP
.

.

debug uldp fsm interface ethernet

<IFname>

no debug uldp fsm interface ethernet .
<IFname>
debug uldp error
no debug uldp error

debug uldp event


no debug uldp event

debug uldp packet {receive|send}


no debug uldp packet {receive|send}

debug uldp {hello|probe|echo| unidir|all}


[receive|send]
interface
ethernet
<IFname>
no debug uldp {hello|probe|echo|
unidir|all}
[receive|send]
interface
ethernet <IFname>


,
.

www.qtech.ru


7. ULDP

80

7.3 ULDP
Switch A

g1/1

g1/3

g1/2
g1/4

Switch B
PC1

PC2

g1/1 g1/2 , g1/3


g1/04 B . .
,
. ULDP
. , g1/1 g1/2 ,
g1/3 g1/04 B ULDP.
( ) .
:
SwitchA(config)#uldp enable
SwitchA(config)#interface ethernet 1/1
SwitchA (Config-If-Ethernet1/1)#uldp enable
SwitchA (Config-If-Ethernet1/1)#exit
SwitchA(config)#interface ethernet1/2
SwitchA(Config-If-Ethernet1/2)#uldp enable

www.qtech.ru


7. ULDP

81

B:
SwitchB(config)#uldp enable
SwitchB(config)#interface ethernet1/3
SwitchB(Config-If-Ethernet1/3)#uldp enable
SwitchB(Config-If-Ethernet1/3)#exit
SwitchB(config)#interface ethernet1/4
SwitchB(Config-If-Ethernet1/4)#uldp enable

g1/1 g1/2 ULDP


PC1 .
%Oct 29 11:09:50 2007 A unidirectional link is detected! Port Ethernet1/1
need to be shutted down!
%Oct 29 11:09:50 2007 Unidirectional port Ethernet1/1 shut down!
%Oct 29 11:09:50 2007 A unidirectional link is detected! Port Ethernet1/2
need to be shutted down!
%Oct 29 11:09:50 2007 Unidirectional port Ethernet1/2 shutted down!

g1/3 g1/4 B ULDP


PC2 .
%Oct 29 11:09:50 2007 A unidirectional link is detected! Port Ethernet1/3
need to be shutted down!
%Oct 29 11:09:50 2007 Unidirectional port Ethernet1/3 shutted down!
%Oct 29 11:09:50 2007 A unidirectional link is detected! Port Ethernet1/4
need to be shutted down!
%Oct 29 11:09:50 2007 Unidirectional port Ethernet1/4 shutted down!

7.4 ULDP
:

, ULDP ,
,
.

,
, , ULDP
, , .
.

www.qtech.ru


7. ULDP

82

, ,
ULDP
. .

hello ( 10
5 100 ), ULDP
.
1/3 STP. ,
STP ULDP
. ,
, .
ULDP LACP.
TRUNK (, port-channal, TRUNK ) .
ULDP . ,
ULDP

.
ULDP . ULDP
.
(DEBUG) .
, , , .

.


, (30-86400 )
,
ULDP. , ,
ULDP.

www.qtech.ru


8. LLDP

83

8 LLDP
8.1 LLDP
(Link Layer Discovery Protocol LLDP) , 802.1ab.

. ,
,
. MIB
SNMP.
MIB. LLDP
, . 802.1ab
, , LLDP
. (IEEE)
, MIB IETF.
, LLDP .
, Ethernet , , ,

. ,

.
, LLDP ,
.

LAN . TLV
(Type Length value ). , LLDP,
(ID)
, ,
, .

, .
, ,
.
LLDP ,

.

( Automated Discovery )
,
.

www.qtech.ru


8. LLDP

84

, ,
,
.
, 2 ,
. .
, ,
.
.
LLDP ,
,
.

8.2 LLDP
1. LLDP ;
2. LLDP ;
3. LLDP ;
4. LLDP;
5. LLDP;
6. ;
7. TRAP ;
8. TRAP ;
9. ;
10. , ;
11. ;
12. LLDP;
1. LLDP


lldp enable

lldp disable

www.qtech.ru


8. LLDP

85

2. LLDP

lldp enable

/ LLDP
.

lldp disable

3. LLDP

lldp mode (send|receive|both|disable)


LLDP

4. LLDP


lldp tx-interval <integer>


LLDP
.

no lldp tx-interval

5. LLDP


lldp msgTxHold <value>
no lldp msgTxHold

www.qtech.ru

LLDP


8. LLDP

86

6.


lldp transmit delay <seconds>
no lldp transmit delay

7. TRAP


lldp notification interval <seconds>
no lldp notification interval

TRAP

.

8. TRAP

lldp trap <enable|disable>

www.qtech.ru

/ TRAP


8. LLDP

87

9.

lldp transmit optional tlv [portDesc] [sysName]

[sysDesc] [sysCap]


no lldp transmit optional tlv
.

10. ,

lldp neighbors max-num <value>


no lldp neighbors max-num

,


.

11.

lldp tooManyNeighbors {discard | delete}

www.qtech.ru


8. LLDP

88

12. LLDP

Admin,
show lldp


LLDP.

show lldp interface ethernet <IFNAME>

LLDP

show lldp traffic

show lldp
<IFNAME>

neighbors

interface

show debugging lldp

ethernet
.

LLDP


LLDP


debug lldp
no debug lldp

LLDP.

debug lldp packets interface ethernet /

<IFNAME>

no debug lldp packets interface ethernet LLDP
<IFNAME>
.

clear lldp remote-table

www.qtech.ru


8. LLDP

89

8.3 LLDP

LLDP

, , 1,3
2,4 . 1
. TLV 4 portDes SysCap.
. :
SwitchA(config)# lldp enable
SwitchA(config)#interface ethernet 1/4
SwitchA(Config-If-Ethernet1/4)# lldp transmit optional tlv portDesc sysCap
SwitchA(Config-If-Ethernet1/4)exit

. :
SwitchB(config)#lldp enable
SwitchB(config)#interface ethernet1/1
SwitchB(Config-If-Ethernet1/1)# lldp mode receive
SwitchB(Config-If-Ethernet1/1)#exit

8.4 LLDP
LLDP .
, debug lldp
. show LLDP
,
.

www.qtech.ru


9. Port channel

90

9 PORT CHANNEL
9.1 Port channel
- (Port channel) .
.

Port channel. , .

Port channel,
.
,
. Port channel
, .
.
,
. ,
, .

S1

S2

, S1 Port channel.
Port channel .
S1 S2,
MAC MAC .
, . Port
channel ,
. .
:
Port channel
(Link Aggregation Control Protocol LACP). ,
.

www.qtech.ru


9. Port channel

91

Port channel :

VLAN,

VLAN VLAN
.
Port channel ,
- Port channel.
spanning tree,
Port channel BPDU .
.
.
128 8 .
, , , .
,

, VLAN .

9.2 LACP
LACP , IEEE 802.3ad,
. LACP LACPDU (Link
Aggregation Control Protocol Data Unit) .
, LACP , LACPDU
, , MAC ,
, .
, ,
. ,
.

(, , , ) ,
.
(LACP),
0.
LACP, , ID .

www.qtech.ru


9. Port channel

92


.
.
9.2.1 LACP

LACP. LACP ,
on .
9.2.2 LACP
1. LACP
, /
.
LACP. ,
, ,
. ,
,
. LACP
.
2.
(selected)
(standby).
LACP, .

, ,

.
:
(ID) ( MAC ).
. ,
MAC .
.
(
).
. ,
.
(selected), (standby).

-.
.

www.qtech.ru


9. Port channel

93

9.3 Port channel


1. ;
2. ;
3. port-channel;
4.
5. LACP
6. LACP
7. LACP
1.


port-group <port-group-number>

no port-group <port-group-number>

2.

port-group <port-group-number> mode {active


| passive | on}
.
no port-group

www.qtech.ru


9. Port channel

94

3. port-channel


interface port-channel <port-channel-number>

portchannel.

4.


load-balance {dst-src-mac | dst-src-ip | dst-src-mac-
ip}
,

ECMP .

5. LACP


lacp system-priority <system-priority>
no lacp system-priority

www.qtech.ru

LACP
, no
.


9. Port channel

95

6. LACP


lacp port-priority <port-priority>
no lacp port-priority

LACP
. no
.

7. LACP


lacp timeout {short | long}
no lacp timeout

www.qtech.ru


LACP . no


9. Port channel

96

9.4 Port channel


1 Port channel LACP.

S1

S2

- LACP

S1 S2. 1,2,3,4 S1 -
1 . 6,8,9,10 S2
2 . .
:
Switch1#config
Switch1(config)#interface ethernet 1/1-4
Switch1(Config-If-Port-Range)#port-group 1 mode active
Switch1(Config-If-Port-Range)#exit
Switch1(config)#interface port-channel 1
Switch1(Config-If-Port-Channel1)#
Switch2#config
Switch2(config)#port-group 2
Switch2(config)#interface ethernet 1/6
Switch2(Config-If-Ethernet1/6)#port-group 2 mode passive
Switch2(Config-If-Ethernet1/6)#exit
Switch2(config)#interface ethernet 1/8-10
Switch2(Config-If-Port-Range)#port-group 2 mode passive
Switch2(Config-If-Port-Range)#exit
Switch2(config)#interface port-channel 2
Switch2(Config-If-Port-Channel2)#

www.qtech.ru


9. Port channel

97

:
, . 1,2,3,4 S1
Port-Channel1, 6,8,9,10 S2 PortChannel2.
2 Port channel ON.

S1

S2

port channel ON

, 1,2,3,4 S1
1 ON. 6,8,9,10 S2
2 ON.
:
Switch1#config
Switch1(config)#interface ethernet 1/1
Switch1(Config-If-Ethernet1/1)#port-group 1 mode on
Switch1(Config-If-Ethernet1/1)#exit
Switch1(config)#interface ethernet 1/2
Switch1(Config-If-Ethernet1/2)#port-group 1 mode on
Switch1(Config-If-Ethernet1/2)#exit
Switch1(config)#interface ethernet 1/3
Switch1(Config-If-Ethernet1/3)#port-group 1 mode on
Switch1(Config-If-Ethernet1/3)#exit
Switch1(config)#interface ethernet 1/4
Switch1(Config-If-Ethernet1/4)#port-group 1 mode on

www.qtech.ru


9. Port channel

98

Switch1(Config-If-Ethernet1/4)#exit
Switch2#config
Switch2(config)#port-group 2
Switch2(config)#interface ethernet 1/6
Switch2(Config-If-Ethernet1/6)#port-group 2 mode on
Switch2(Config-If-Ethernet1/6)#exit
Switch2(config)#interface ethernet 1/8-10
Switch2(Config-If-Port-Range)#port-group 2 mode on
Switch2(Config-If-Port-Range)#exit

:
1,2,3,4 S1 1 ON.
LACP
. ,
2 1. 1 2 port channel 1. 3
1, port channel 1 1 2 3
port channel 1. 4 1, port channel 1 1, 2 3
4 port channel 1 ( ,
, ,
). 4
ON .

9.5 Port channel


,
:

, , ,
, VLAN.
, .

port channel.
arp, bandwigth, ip, ip-forward ..

www.qtech.ru


10. MTU

99

10 MTU
10.1 MTU
Jumbo
( ).
1519 9000 JUMBO .
, 2%-5%..
JUMBO , . ,
, .
.

10.2 MTU
1. MTU

mtu [<mtu-value>]

/ JUMBO
. NO
/ JUMBO .

no mtu enable

www.qtech.ru


11. EFM OAM

100

11 EFM OAM
11.1 EFM OAM
Ethernet ,
,
Metro . -
, Ethernet
, OAM Ethernet.
Ethernet OAM: 802.3ah (EFM OAM), 802.3ag
(CFM), E-LMI Y.1731. EFM OAM CFM
(IEEE). EFM OAM
. EFM OAM
Ethernet
. CFM
. CFM Y.1731,
(ITU), .
E-LMI , MEF, UNI.
,
.
EFM OAM (Ethernet in the First Mile Operation, Administration and Maintenance
, Ethernet (
)) OSI,
, :

OSI Model
Application

LAN
CSMA/CD
Layers

Presentation
Higher layers
Session
LLC
Transport
OAM (Optional)
Network
MAC
Data Link
Physical Layer
Physical

OAM OSI

www.qtech.ru


11. EFM OAM

101

OAM (OAMPDU) MAC 01-80-c200-00-02 . 10 .


EFM OAM OAM .
, , ,
. ,
EFM OAM :
1. ethernet OAM
Ethernet OAM OAM
OAMPDU. EFM OAM :
. OAM ,
, , , ,
. Ethernet OAM ,
OAMPDU
. Ethernet OAMPDU
5 , Ethernet OAM .
2.
Ethernet ,
, .

. EFM OAM
OAMPDUs. , OAM
OAMPDU .
SNMP Trap .
,
. ,

.
EFM OAM
Errored symbol period event, Errored frame event, Errored frame period event Errored
frame seconds event.
Errored symbol period event:
(
. .
.
).
Errored frame event: N ,
N (
- ).

www.qtech.ru


11. EFM OAM

102

Errored frame period event:


.
:
(
).
3.
- ,
Ethernet OAM OAMPDU ,
.
OAMPDU , Ethernet OAM
. OAMPDU.

.
, OAMPDU.
Critical, Dying Gasp Link Fault.
. :
Critical event:
Link Fault :
Dying Gasp: ( , ,
)
4. .
(loopback) , OAM
,
, Ethernet OAMPDU, .

. :
.
EFM OAM : -
IEEE802.3 -.
Ethernet
EFM OAM.
. .

www.qtech.ru


11. EFM OAM

Customer

103
Customer

Service Provider

802.3ah
Ethernet in
The First Mile

CE

802.1ah OAMPDU

PE

11.2 EFM
1. EFM OAM ;
2. ;
3. ;
: OAM .
1. EFM OAM


ethernet-oam mode {active | passive}

EFM
OAM. .

ethernet-oam
no ethernet-oam

EFM OAM .
NO EFM OAM

www.qtech.ru


11. EFM OAM

104

.
ethernet-oam period <seconds>
no ethernet-oam period


OAMPDU. NO

ethernet-oam timeout <seconds>


no ethernet-oam timeout

EFM
OAM . NO

2.


ethernet-oam link-monitor
no ethernet-oam link-monitor


EFM OAM, NO
.

ethernet-oam errored-symbol-period {threshold


low <low-symbols> | window <seconds>}

no ethernet-oam errored-symbol-period {threshold . NO
.
low | window }
ethernet-oam errored-frame-period {threshold low
<low-frames> | window <seconds>}

no ethernet-oam errored-frame-period {threshold . NO
.
low | window }
ethernet-oam errored-frame {threshold low <low-
frames> | window <seconds>}

no ethernet-oam errored-frame {threshold low | . NO
.
window }
ethernet-oam errored-frame-seconds {threshold
low <low-frame-seconds> | window <seconds>}

no ethernet-oam errored-frame-seconds {threshold . NO
.
low | window }

www.qtech.ru


11. EFM OAM

105

3.


ethernet-oam remote-failure
no ethernet-oam remote-failure

EFM OAM (

), NO

ethernet-oam errored-symbol-period
high {high-symbols | none}

threshold
.
no ethernet-oam errored-symbol-period threshold NO
.
high
ethernet-oam errored-frame-period threshold high
{high-frames | none}

.

NO
no ethernet-oam errored-frame-period threshold

high
.
ethernet-oam errored-frame threshold high {high-
frames | none}
.
NO
no ethernet-oam errored-frame threshold high
.
ethernet-oam errored-frame-seconds
high {high-frame-seconds | none}

threshold
.
NO

no ethernet-oam errored-frame-seconds threshold


.
high

www.qtech.ru


11. EFM OAM

106

11.3 EFM OAM


1:
, ,
EFM OAM .
.
.
Ethernet
1/0/1

Ethernet
1/0/1

CE

PE
802.1ah OAMPDU
OAM

: ( SNMP )
():
CE(config)#interface ethernet 1/1
CE (config-if-ethernet1/1)#ethernet-oam mode passive
CE (config-if-ethernet1/1)#ethernet-oam
CE (config-if-ethernet1/1)#ethernet-oam remote-loopback supported

.
PE:
PE(config)#interface ethernet 1/1
PE (config-if-ethernet1/1)#ethernet-oam

.
.
PE(config-if-ethernet1/1)#ethernet-oam remote-loopback


.
PE(config-if-ethernet1/1)# no ethernet-oam remote-loopback

.
CE(config-if-ethernet1/1)#no ethernet-oam remote-loopback supported

www.qtech.ru


11. EFM OAM

107

11.4 EFM OAM


EFM OAM , ,
:

, OAM .
, EFM OAM OAM .
, SNMP .
.
OAM .

.
,
STP, MRPP, ULPP,


OAM,
.

www.qtech.ru


12.

108

12
12.1
, MAC-
. 802.1x MAC.
, MAC-
, MAC . ,
,
MAC- .
,
.

.

12.2
1.


switchport port-security

no switchport port-security
switchport port-security
address> [vlan <vlan-id>]

mac-address

<mac-
MAC-

no switchport port-security mac-address <macaddress> [vlan <vlan-id>]


switchport port-security maximum <value> [vlan
<vlan-list>]

MAC-,
no switchport port-security maximum <value> [vlan
<vlan-list>]
switchport port-security violation {protect | restrict
| shutdown}

MAC-
no switchport port-security violation

www.qtech.ru

MAC-,


12.

109

MAC- MAC
VLAN,
MAC.
switchport port-security aging {static | time <value>
| type {absolute | inactivity}}
port-security .
no switchport port-security violation aging {static |
time | type}

clear port-security {all | configured | dynamic | MACsticky} [[address <mac-addr> | interface <interface- .
id>] [vlan <vlan-id> ]]
show port-security
[address | vlan]

[interface

<interface-id>] .

12.3 PORT SECURITY

Internet

Switch

Ethernet 1/1
PC1

PC2

www.qtech.ru


12.

110

,
MAC- 10,
10 . ,
,
, .
MAC- 1, PC1 PC2
.
:
#Configure the switch.
Switch(config)#interface Ethernet 1/1
Switch(config-if-ethernet1/1)#switchport port-security
Switch(config-if- ethernet1/1)#switchport port-security maximum 10
Switch(config-if- ethernet1/1)#exit
Switch(config)#

12.4 PORT SECURITY


,
:

PORT SECURITY
MAC-

www.qtech.ru


13. DDM

111

13 DDM
13.1
13.1.1 DDM
DDM (Digital Diagnostic Monitor)
SFF-8472 MSA. DDM
.
,
,
.

.
(, , , tx rx )

.
,
.
DDM :
1. .
.

.
(1) Vcc CMOS,

(2) rx , -
rx .
(3) .
(4) , ,

2. .

,
(
) ,
.

www.qtech.ru


13. DDM

112


(, , , tx rx )
.
, Tx Fault Rx LOS
.
3. .
,
,

.

, .
:
(1) .
(2) Rx power
.
(3) .

13.1.2 DDM
DDM :
1. .

( TX , RX
, , , )
( , ,
..).

.
2. .
(TX , RX ,
, , ) . ,
,
( ,
),
.

. ,

www.qtech.ru


13. DDM

113

(
).
: /

, , , >=
>= >=
.

, .
.
3. .
,
,
.

.
,
,
.

13.2 DDM
DDM:
1. .
2.
.
3. .
(1) .
(2) .
(3) .
(4) .

www.qtech.ru


13. DDM

114

1. .

,

show transceiver [interface ethernet <interface-list>][detail]

2.
.


transceiver threshold {default | {temperature |
voltage | bias | rx-power | tx-power} {high-alarm | .
low-alarm | high-warn | low-warn} {<value> |
default}}

3. .
(1) .


transceiver-monitoring interval <minutes>
no transceiver-monitoring interval

www.qtech.ru

no

, 15 .


13. DDM

115

(2) .


transceiver-monitoring {enable | disable}

,

.

(3) .


show transceiver threshold-violation [interface

ethernet <interface-list>]


,
,
.

(4) .


clear transceiver threshold-violation
ethernet <interface-list>]

www.qtech.ru

[interface
.


13. DDM

116

13.3 DDM
1:
Ethernet 21 Ethernet 23 DDM, Ethernet 24
DDM, Ethernet 22 - ,
DDM .
a) ,
(
, ), :
Switch#show transceiver
Interface Temp() VoltageV BiasmA RX PowerdBM TX PowerdBM
1/21

333.31 6.11

-30.54(A-)

-6.01

1/23

335.00W+ 6.11 -20.54(W-)

-6.02

b) (N/A ,
), :
Switch#show transceiver interface ethernet 1/21-22;23
Interface Temp() VoltageV BiasmA RX PowerdBMTX PowerdBM
1/21

333.31

6.11

-30.54(A-)

1/22

N/A N/A

N/A

N/A

1/23

335.00W+6.11 -20.54(W-)

-6.01

N/A
-6.02

) , ,
, ,
, ,
:
Switch#show transceiver interface ethernet 1/21-22;24 detail
Ethernet 1/21 transceiver detail information:
Base information:
SFP found in this port, manufactured by company, on Sep 29 2010.
Type is 1000BASE-SX, Link length is 550 m for 50um Multi-Mode Fiber.
Link length is 270 m for 62.5um Multi-Mode Fiber.
Nominal bit rate is 1300 Mb/s, Laser wavelength is 850 nm.
Brief alarm information:
RX loss of signal

www.qtech.ru


13. DDM

117

Voltage high
RX power low
Detail diagnostic and threshold information:
Diagnostic Threshold
Realtime ValueHigh Alarm Low Alarm High Warn Low Warn
------------------------- ----------------------- --------Temperature()

33

VoltageV 7.31(A+)

70

0 70 0

5.00

0.005.00 0.00

Bias currentmA 6.11(W+)

10.30 0.005.00 0.00

RX PowerdBM-30.54(A-)

9.00 -25.00 9.00 -25.00

TX PowerdBM-6.01

9.00 -25.00 9.00 -25.00

Ethernet 1/22 transceiver detail information: N/A


Ethernet 1/24 transceiver detail information:
Base information:
SFP found in this port, manufactured by company, on Sep 29 2010.
Type is 1000BASE-SX, Link length is 550 m for 50um Multi-Mode Fiber.
Link length is 270 m for 62.5um Multi-Mode Fiber.
Nominal bit rate is 1300 Mb/s, Laser wavelength is 850 nm.
Brief alarm information: N/A
Detail diagnostic and threshold information: N/A
2:
Ethernet 21 DDM.
DDM.
1: DDM.
Switch#show transceiver interface ethernet 1/21 detail
Ethernet 1/21 transceiver detail information:
Base information:

Brief alarm information:


RX loss of signal

www.qtech.ru


13. DDM

118

Voltage high
RX power low
Detail diagnostic and threshold information:
Diagnostic Threshold
Realtime ValueHigh Alarm Low AlarmHigh WarnLow Warn
-------------- ----------- ----------- ------------ ---------

Temperature 33
VoltageV

70

7.31(A+) 5.00 0.00

Bias currentmA

70

5.00

0.00

6.11(W+) 10.30

RX PowerdBM

-30.54(A-)9.00 -25.00 9.00

TX PowerdBM

-13.019.00

0.00 5.00

0.00

-25.00

-25.00 9.00

-25.00

2: tx-power ,
- 12, 10.00.
Switch#config
Switch(config)#interface ethernet 1/21
Switch(config-if-ethernet1/21)#transceiver threshold tx-power low-warning 12
Switch(config-if-ethernet1/21)#transceiver
10.00

threshold

tx-power

low-alarm

3: DDM .
, , ,
. A- -13.01
, -12.00.
Switch#show transceiver interface ethernet 1/21 detail
Ethernet 1/21 transceiver detail information:
Base information:

Brief alarm information:


RX loss of signal
Voltage high
RX power low
TX power low
Detail diagnostic and threshold information:
Diagnostic

Threshold

www.qtech.ru


13. DDM

119

Realtime ValueHigh Alarm Low AlarmHigh WarnLow Warn


-------------- ----------- --------------------- --------Temperature
VoltageV

33

70

7.31(A+) 5.00 0.00

70

5.00

0.00

Bias currentmA

6.11(W+) 10.30

0.00

5.00 0.00

RX PowerdBM

-30.54(A-)9.00

-25.00

9.00 -25.00

TX PowerdBM

-13.01(A-)9.00 -12.00(-25.00)

9.00 -10.00(-25.00)

3:
Ethernet 21 DDM.
, .
1: . thernet 21 and
ethernet 22 , 30 .
Switch(config)#show transceiver threshold-violation interface ethernet 1/2122
Ethernet 1/21 transceiver threshold-violation information:
Transceiver monitor is disabled. Monitor interval is set to 30 minutes.
The last threshold-violation doesnt exist.
Ethernet 1/22 transceiver threshold-violation information:
Transceiver monitor is disabled. Monitor interval is set to 30 minutes.
The last threshold-violation doesnt exist.

2: ethernet 21.
Switch(config)#interface ethernet 1/21
Switch(config-if-ethernet1/21)#transceiver-monitoring enable

3: .
, ethernet 21 ,
Jan 02 11:00:50 2011, DDM,
:
Switch(config-if-ethernet1/21)#quit
Switch(config)#show transceiver threshold-violation interface ethernet 1/2122
Ethernet 1/21 transceiver threshold-violation information:
Transceiver monitor is enabled. Monitor interval is set to 30 minutes.

www.qtech.ru


13. DDM

120

The current time is Jan 02 12:30:50 2011.


The last threshold-violation time is Jan 02 11:00:50 2011.
Brief alarm information:
RX loss of signal
RX power low
Detail diagnostic and threshold information:

DiagnosticThreshold Realtime Value High AlarmLow Alarm High Warn Low Warn
----------------------- ----------- ------------ --------Temperature
VoltageV

33
7.31

70

10.00 0.00

Bias currentmA

3.11

RX PowerdBM

-30.54(A-)

TX PowerdBM

-1.01

70 0
5.00 0.00

10.30 0.00

5.00 0.00

9.00 -25.00(-34)

9.00 -12.05

9.00 -25.00

9.00 -10.00

Ethernet 1/22 transceiver threshold-violation information:


Transceiver monitor is disabled. Monitor interval is set to 30 minutes.
The last threshold-violation doesnt exist.

13.4 DDM
DDM, ,
:

, ,
DDM .
, SNMP ,
.
SFP DDM XFP DDM,
.
show transceiver show transceiver detail
, ,
.
, .

, .

www.qtech.ru


14. LLDP-MED

121

14 LLDP-MED
14.1 LLDP-MED
LLDP-MED (Link Layer Discovery Protocol-Media Endpoint Discovery) 802.1AB LLDP
(Link Layer Discovery Protocol) of IEEE. LLDP Link Layer
Discovery, (
, IP-, ID ID ) TLV
(type/length/value) LLDPDU (Link Layer Discovery Protocol Data Unit),
.
(MIB).
.
802.1AB LLDP
.
LLDP-MED TLVs , PoE
(Power over Ethernet),
.

14.2 LLDP-MED
1.


lldp transmit med tlv all
no lldp transmit med tlv all

LLDP-MED TLVs.
no .

lldp transmit med tlv capability


no lldp transmit med tlv capability

LLDP-MED Capability TLV.


no .

lldp transmit med tlv networkPolicy


no lldp transmit med tlv networkPolicy

LLDP-MED Network Policy


TLV. no
.

lldp transmit med tlv extendPoe


no lldp transmit med tlv extendPoe

LLDP-MED
Extended
Power-Via-MDI TLV. no
.

lldp transmit med tlv inventory

www.qtech.ru


14. LLDP-MED

122

no lldp transmit med tlv inventory

LLDP-MED
Management TLVs.
.

Inventory
no

network policy {voice | voice-signaling | guestvoice | guest-voice-signaling | softphone-voice |


video-conferencing | streaming-video | videosignaling} [status {enable | disable}] [tag {tagged |
untagged}] [vid {<vlan-id> | dot1p}] [cos <cosvalue>] [dscp <dscp-value> ]
no network policy {voice | voice-signaling | guestvoice | guest-voice-signaling | softphone-voice |
video-conferencing | streaming- video | videosignaling}

VLAN
ID,

( ),

, .

civic location {dhcp server | switch | endpointDev}


<country-code>

no civic location
Civic Address LCI
Civic Address LCI. no

Civic
Address LCI.
ecs location <tel-number>
no ecs location

ECS ELIN .
no

lldp med trap {enable | disable}

LLDP-MED .

Civic Address LCI address


{description-language | province-state | city
county | street | locationNum | location | floor
room | postal | otherInfo} <address>
no {description-language | province-state | city
county | street | locationNum | location | floor
room | postal | otherInfo}

|
| Civic Address LCI
address .
|
|


lldp med fast count <value>
no lldp med fast count

www.qtech.ru


LLDP-MED,

LLDP LLDP-MED TLV,


14. LLDP-MED

123

no

.

show lldp


LLDP LLDP-MED

show lldp [interface ethernet <IFNAME>]

LLDP LLDPMED

show lldp neighbors [interface ethernet <IFNAME>]

LLDP LLDPMED .

14.3 LLDP-MED
Switch A
Ethernet 1/1

Ethernet 1/2

MED

Ethernet 1/1

PC

Switch B

LLDP-MED
1) Switch A
SwitchA(config)#interface ethernet1/1
SwitchA (Config-If-Ethernet1/1)# lldp enable
SwitchA (Config-If-Ethernet1/1)# lldp mode boththis configuration can be
omitted, the default mode is RxTx
SwitchA (Config-If-Ethernet1/1)# lldp transmit med tlv capability
SwitchA (Config-If-Ethernet1/1)# lldp transmit med tlv network policy
SwitchA (Config-If-Ethernet1/1)# lldp transmit med tlv inventory

www.qtech.ru


14. LLDP-MED

124

SwitchB (Config-If-Ethernet1/1)# network policy voice tag tagged vid 10 cos


5 dscp 15
SwitchA (Config-If-Ethernet1/1)# exit
SwitchA (config)#interface ethernet1/2
SwitchA (Config-If-Ethernet1/2)# lldp enable
SwitchA (Config-If-Ethernet1/2)# lldp mode both

2) Switch B
SwitchB (config)#interface ethernet1/1
SwitchB(Config-If-Ethernet1/1)# lldp enable
SwitchB (Config-If-Ethernet1/1)# lldp mode both
SwitchB (Config-If-Ethernet1/1)# lldp transmit med tlv capability
SwitchB (Config-If-Ethernet1/1)# lldp transmit med tlv network policy
SwitchB (Config-If-Ethernet1/1)# lldp transmit med tlv inventory
SwitchB (Config-If-Ethernet1/1)# network policy voice tag tagged vid 10 cos
4

3) Verify the configuration


SwitchA
SwitchA# show lldp neighbors interface ethernet 1/1
Port name : Ethernet1/1
Port Remote Counter : 1
TimeMark :20
ChassisIdSubtype :4
ChassisId :00-03-0f-00-00-02
PortIdSubtype :Local
PortId :1
PortDesc :****
SysName :****
SysDesc :*****
SysCapSupported :4
SysCapEnabled :4
LLDP MED Information :
MED Codes:
(CAP)Capabilities, (NP) Network Policy
(LI) Location Identification, (PSE)Power Source Entity
(PD) Power Device, (IN) Inventory
MED Capabilities:CAP,NP,PD,IN

www.qtech.ru


14. LLDP-MED

MED Device Type: Endpoint Class III


Media Policy Type :Voice
Media Policy :Tagged
Media Policy Vlan id :10
Media Policy Priority :3
Media Policy Dscp :5
Power Type : PD
Power Source :Primary power source
Power Priority :low
Power Value :15.4 (Watts)
Hardware Revision:
Firmware Revision:4.0.1
Software Revision:6.2.30.0
Serial Number:
Manufacturer Name:****
Model Name:Unknown
Assert ID:Unknown
IEEE 802.3 Information :
auto-negotiation support: Supported
auto-negotiation support: Not Enabled
PMD auto-negotiation advertised capability: 1
operational MAU type: 1
SwitchA# show lldp neighbors interface ethernet 1/2
Port name : interface ethernet 1/2
Port Remote Counter1
Neighbor Index: 1
Port name : Ethernet1/2
Port Remote Counter : 1
TimeMark :20
ChassisIdSubtype :4
ChassisId :00-03-0f-00-00-02
PortIdSubtype :Local
PortId :1
PortDesc :Ethernet1/1
SysName :****
SysDesc :*****
SysCapSupported :4
SysCapEnabled :4

www.qtech.ru

125


14. LLDP-MED

126

:
1. Ethernet 2 A Ethernet 1 B
, MED TLV.
Ethernet 2 A MED TLV,
MED,
MED Ethernet 2 A.
2. LLDP-MED LLDP MED TLV,
Ethernet 1
A.

14.4 LLDP-MED
LLDP-MED, ,
:

, LLDP
LLDP LLDP-MED TLV
MED, LLDP-MED TLV.
LLDP-MED TLV,
LLDP-MED TLV , ,

LLDP-MED TLV.

LLDP-MED
, LLDP-MED,
show lldp neighbors, , LLDP-MED
.

www.qtech.ru


15. bpdu-tunnel

127

15 BPDU-TUNNEL
15.1 bpdu-tunnel
BPDU Tunnel .

.

15.1.1 bpdu-tunnel
MAN,
. VPN
LAN,
, ,

. ,
,
.

15.1.2 bpdu-tunnel

. ,
. ,
(CE1 CE2) VLAN.
1 2,
. 2
,
( : spanning tree),
.

www.qtech.ru


15. bpdu-tunnel

128

ISP network
PE2

PE1

CE2

CE1


1 VLAN 100


2 VLAN 100

BPDU-

15.2 bpdu-tunnel
1. MAC- .
2. .
1. MAC- .


bpdu-tunnel dmac <mac>
no bpdu-tunnel dmac

2. .

www.qtech.ru

/
MAC- .


15. bpdu-tunnel

129


bpdu-tunnel {stp|gvrp|uldp|lacp|dot1x}
no bpdu-tunnel {stp|gvrp|uldp|lacp|dot1x}

/
.

15.3 bpdu-tunnel

. ,
. ,
(CE1 CE2) VLAN.
1 2,
. 2
,
( : spanning tree),
.

ISP network
PE2

PE1

CE2

CE1


1 VLAN 100


2 VLAN 100

BPDU-

www.qtech.ru


15. bpdu-tunnel

130

BPDU Tunnel,
:
1. ,
1 , MAC-
multicast MAC-, .
2. ( BPDU
Tunnel) 2 , ,
-
2 .
bpdu-tunnel PE1 PE2:
1:
PE1(config)# bpdu-tunnel dmac 01-02-03-04-05-06
PE1(config-if-ethernet1/1)# bpdu-tunnel stp
PE1(config-if-etherne1/1)# bpdu-tunnel lacp
PE1(config-if-ethernet1/1)# bpdu-tunnel uldp
PE1(config-if-ethernet1/1)# bpdu-tunnel gvrp
PE1(config-if-ethernet1/1)# bpdu-tunnel dot1x
2:
PE2(config)# bpdu-tunnel dmac 01-02-03-04-05-06
PE2(config-if-ethernet1/1)# bpdu-tunnel stp
PE2(config-if-ethernet1/1)# bpdu-tunnel lacp
PE2(config-if-ethernet1/1)# bpdu-tunnel uldp
PE2(config-if-ethernet1/1)# bpdu-tunnel gvrp
PE2(config-if-ethernet1/1)# bpdu-tunnel dot1x

15.4 bpdu-tunnel
stp, gvrp, uldp, lacp and dot1x ,
bpdu-tunnel.

www.qtech.ru


16. - VLAN

131

16 - VLAN
16.1 VLAN
16.1.1 VLAN
VLAN (Virtual Local Area Network ) ,

, ,
. ,
. IEEE IEEE
802.1Q VLAN. VLAN
.
VLAN ,

, .
Switch

Switch

Switch

VLAN
1
Server

Server

Server

VLAN
2
PC

PC

PC

VLAN
3
Laser Printer

PC

VLAN

www.qtech.ru

PC


16. - VLAN

132

VLAN. VLAN
, , , VLAN
, . VLAN
,
VLAN
VLAN.
, VLAN
:

;
;

;
Ethernet : Access, Hybrid
Trunk. , .
Access VLAN.
.
Trunk VLAN.

.
Hybrid VLAN.

.
Hybrid Trunk ,
: Hybrid
VLAN VLAN, Trunk VLAN
VLAN, VLAN, native.
VLAN GVRP (GARP VLAN Registration Protocol GARP
VLAN) 802.1Q.
VLAN GVRP.
16.1.2 VLAN
1. VLAN;
2. VLAN;
3. VLAN;
4. ;
5. ;

www.qtech.ru


16. - VLAN

133

6. ;
7. ;
8. / VLAN ;
9. VLAN;
10. VLAN;
11. VLAN;
1. VLAN


vlan WORD

/ VLAN
VLAN

no vlan WORD

2. VLAN

VLAN Mode

name <vlan-name>

VLAN

no name

3. VLAN

VLAN Mode

switchport interface <interface-list>


no switchport interface <interface-list>

www.qtech.ru

VLAN


16. - VLAN

134

4.

switchport mode {trunk | access | hybrid}

,
.

5.

switchport trunk allowed vlan {WORD | all | /


VLAN,
add WORD | except WORD | remove WORD}
.
no
no switchport trunk allowed vlan
.
switchport trunk native vlan <vlan-id>
no switchport trunk native vlan

/ PVID
.

6.

switchport access vlan <vlan-id>


no switchport access vlan

www.qtech.ru


VLAN. NO
.


16. - VLAN

135

7.

switchport hybrid allowed vlan {WORD | all | /


VLAN,
add WORD | except WORD | remove WORD}
{tag | untag}
.
no switchport hybrid allowed vlan
switchport hybrid native vlan <vlan-id>

/ PVID .

no switchport hybrid native vlan

8. / VLAN

vlan ingress enable

/
VLAN.

no vlan ingress enable

9. VLAN

VLAN mode

private-vlan {primary | isolated | community}


no private-vlan

www.qtech.ru

VLAN
. NO
VLAN.


16. - VLAN

136

10. VLAN

VLAN mode

private-vlan association <secondary-vlan-list>


no private-vlan association

/
VLAN.

11. VLAN


vlan <2-4094> internal

www.qtech.ru


VLAN.


16. - VLAN

137

16.1.3 VLAN
:
VLAN100

VLAN

VLAN200

PC

PC

PC

PC
Switch

Switch

PC
PC
VLAN

VLAN200
PC

PC
VLAN100

VLAN


VLAN. VLAN VLAN2,
VLAN100 VLAN200. VLAN
: A B.

www.qtech.ru


16. - VLAN

138

,
, VLAN.

VLAN2

Site A and site B switch port 2 -4.

VLAN100

Site A and site B switch port 5 -7.

VLAN200

Site A and site B switch port 8 -10.

Trunk port

Site A and site B switch port 11.


VLAN. VLAN.
1 12
.
:
A:
Switch(config)#vlan 2
Switch(Config-Vlan2)#switchport interface ethernet 1/2-4
Switch(Config-Vlan2)#exit
Switch(config)#vlan 100
Switch(Config-Vlan100)#switchport interface ethernet 1/5-7
Switch(Config-Vlan100)#exit
Switch(config)#vlan 200
Switch(Config-Vlan200)#switchport interface ethernet 1/8-10
Switch(Config-Vlan200)#exit
Switch(config)#interface ethernet 1/11
Switch(Config-If-Ethernet1/11)#switchport mode trunk
Switch(Config-If-Ethernet1/11)#exit
Switch(config)#

B:
Switch(config)#vlan 2
Switch(Config-Vlan2)#switchport interface ethernet 1/2-4
Switch(Config-Vlan2)#exit
Switch(config)#vlan 100

www.qtech.ru


16. - VLAN

139

Switch(Config-Vlan100)#switchport interface ethernet 1/5-7


Switch(Config-Vlan100)#exit
Switch(config)#vlan 200
Switch(Config-Vlan200)#switchport interface ethernet 1/8-10
Switch(Config-Vlan200)#exit
Switch(config)#interface ethernet 1/11
Switch(Config-If-Ethernet1/11)#switchport mode trunk
Switch(Config-If-Ethernet1/11)#exit

16.1.4
:

Switch

Switch

PC

PC

PC1 Ethernet 1/7 B, PC2


Ethernet 1/9 B. Ethernet 1/10 Ethernet 1/10
.

www.qtech.ru


16. - VLAN

140

, PC1 PC2 . PC1


PC2 .
.
:

PVID

VLAN

Port 1/10 of Switch A

Access

10

VLAN 10
.

Port 1/10 of Switch B

Hybrid

10

VLAN 7,9, 10
.

Port 1/7 of Switch B

Hybrid

VLAN 7, 10

Port 1/9 of Switch B

Hybrid

VLAN 9, 10
.

:
A:
Switch(config)#vlan 10
Switch(Config-Vlan10)#switchport interface ethernet 1/10

B:
Switch(config)#vlan 7;9;10
Switch(config)#interface ethernet 1/7
Switch(Config-If-Ethernet1/7)#switchport mode hybrid
Switch(Config-If-Ethernet1/7)#switchport hybrid native vlan 7
Switch(Config-If-Ethernet1/7)#switchport hybrid allowed vlan 7;10 untag
Switch(Config-If-Ethernet1/7)#exit
Switch(Config)#interface Ethernet 1/9
Switch(Config-If-Ethernet1/9)#switchport mode hybrid
Switch(Config-If-Ethernet1/9)#switchport hybrid native vlan 9
Switch(Config-If-Ethernet1/9)#switchport hybrid allowed vlan 9;10 untag
Switch(Config-If-Ethernet1/9)#exit
Switch(Config)#interface Ethernet 1/10
Switch(Config-If-Ethernet1/10)#switchport mode hybrid

www.qtech.ru


16. - VLAN

141

Switch(Config-If-Ethernet1/10)#switchport hybrid native vlan 10


Switch(Config-If-Ethernet1/10)#switchport hybrid allowed vlan 7;9;10 untag
Switch(Config-If-Ethernet1/10)#exit

16.2 Dot1Q
16.2.1 Dot1q
Dot1q, QinQ (802.1q-in-802.1q),
802.1q. VLAN
(CVLAN tag) VLAN - (SPVLAN tag). VLAN
-,
. ,

-,
.

VLAN200-300

CE1

PE1

1
PE1,
VLAN3,
QINQ

PE2,
VLAN3,
QINQ

PE2

Dot1q

www.qtech.ru

CE2

2

VLAN200-300


16. - VLAN

142

, , Dot1q
SPVLAN (SPVID).
3. SPVID
PE. 1 1, VLAN 200-300
. Dot1q , 1
VLAN,
SPVID. VLAN3,
-, VLAN ( ,
1, SPVID ),
VLAN . 2
2 2, VLAN ,
2, , 1.
1 2
.
Dot1q --
VLAN VLAN.
VLAN .
Dot1q :

,
;
SPVID ,
;

VLAN ( 1 4096 );
. --
,
;

16.2.2 Dot1q
1. Dot1q ;
2. (TPID) ;

www.qtech.ru


16. - VLAN

143

1. Dot1q

dot1q-tunnel enable

/ dot1q-

no dot1q-tunnel enable

2. (TPID)

dot1q-tunnel tpid {0x8100|0x9100|0x9200|<1-


65535>}
.

16.2.3 Dot1q
:
PE1 PE2 - VLAN 200-300.
CE1 CE2 VLAN3. PE1 CE1, 10
, TPID 9100; 1 PE2
CE2, 10 .

VLAN3

1 PE1 PE2.

dot1q-tunnel

1 PE1 PE2.

tpid

9100

www.qtech.ru


16. - VLAN

144

PE1:
Switch(config)#vlan 3
Switch(Config-Vlan3)#switchport interface ethernet 1/1
Switch(Config-Vlan3)#exit
Switch(Config)#interface ethernet 1/1
Switch(Config-Ethernet1/1)# dot1q-tunnel enable
Switch(Config-Ethernet1/1)# exit
Switch(Config)#interface ethernet 1/1
Switch(Config-Ethernet1/1)#switchport mode trunk
Switch(Config-Ethernet1/1)#dot1q-tunnel tpid 0x9100
Switch(Config-Ethernet1/1)#exit
Switch(Config)#

PE2:
Switch(config)#vlan 3
Switch(Config-Vlan3)#switchport interface ethernet 1/1
Switch(Config-Vlan3)#exit
Switch(Config)#interface ethernet 1/1
Switch(Config-Ethernet1/1)# dot1q-tunnel enable
Switch(Config-Ethernet1/1)# exit
Switch(Config)#interface ethernet 1/1
Switch(Config-Ethernet1/1)#switchport mode trunk
Switch(Config-Ethernet1/1)#dot1q-tunnel tpid 0x9100
Switch(Config-Ethernet1/1)#exit
Switch(Config)#

16.2.4 Dot1q

Dot1q
, .
Dot1q .
STP/MSTP
PVLAN .

www.qtech.ru


16. - VLAN

145

16.3 Selective QinQ


16.3.1 Selective QinQ
Selective QinQ dot1q . (
) VLAN
,
VLAN .

16.3.2 Selective QinQ


1.
.
2. selective QinQ
1. .


dot1q-tunnel selective s-vlan <s-vid> c-vlan <c- /
vid-list>

no dot1q-tunnel selective s-vlan <s-vid> c-vlan selective QinQ.
<c-vid-list>
2. selective QinQ

dot1q-tunnel selective enable


no dot1q-tunnel selective enable

www.qtech.ru

/ selective QinQ
.


16. - VLAN

146

16.3.3 Selective QinQ

VLAN 100-200

Eth 1/1

VLAN 1000/2000

VLAN 201-300

Eth 1/2

Eth 1/9
Switch B

Eth 1/9

Eth 1/1

VLAN 100-200

Eth 1/2

VLAN 201-300

Selective QinQ
1. Ethernet1/1 A
PC Ethernet1/2 A
IP , PC VLAN
100-VLAN 200, IP VLAN 201-VLAN 300.
Ethernet 1/9 .
2. Ethernet1/1 Ethernet1/2
PC, VLAN 100- VLAN 200 IP ,
VLAN 201-VLAN 300 . Ethernet 1/9
.
3. VLAN 1000 VLAN 2000.
4. selective QinQ Ethernet1/1 Ethernet1/2
. VLAN 100- VLAN 200 VLAN 1000
VLAN Ethernet1/1, VLAN 201- VLAN 300 VLAN 2000
VLAN Ethernet1/2.

www.qtech.ru


16. - VLAN

147

:
# VLAN 1000 and VLAN 2000 on SwitchA.
switch(config)#vlan 1000;2000

# Ethernet1/1 VLAN
VLAN 1000.
switch(config-if-ethernet1/1)#switchport hybrid allowed vlan 1000 untag

# selective QinQ Ehernet1/1


VLAN 1000 VLAN VLAN 100-VLAN 200.
switch(config-if-ethernet1/1)#dot1q-tunnel selective s-vlan 1000 c-vlan 100200
# selective QinQ Ethernet1/1.
switch(config-if-ethernet1/1)#dot1q-tunnel selective enable

# Ethernet 1/2 VLAN


VLAN 2000.
switch(config-if-ethernet1/2)#switchport mode hybrid
switch(config-if-ethernet1/2)#switchport hybrid allowed vlan 2000 untag

# selective QinQ Ehernet1/2


VLAN 2000 VLAN VLAN 201- VLAN 300.
switch(config-if-ethernet1/2)#dot1q-tunnel selective s-vlan 2000 c-vlan 201300
# selective QinQ Ethernet 1/2.
switch(config-if-ethernet1/2)#dot1q-tunnel selective enable

# Ethernet 1/9 VLAN


VLAN 1000 VLAN 2000.
switch(config-if-ethernet1/2)#interface ethernet 1/9
switch(config-if-ethernet1/9)#switchport mode hybrid
switch(config-if-ethernet1/9)#switchport hybrid allowed vlan 1000;2000 tag

, VLAN 100-VLAN 200 Ethernet1/1


VLAN 1000 VLAN, VLAN
201- VLAN 300 Ethernet1/2 VLAN 2000
VLAN SwitchA.
Switch B Switch A, :
switch(config)#vlan 1000;2000
switch(config)#interface ethernet 1/1
switch(config-if-ethernet1/1)#switchport mode hybrid
switch(config-if-ethernet1/1)#switchport hybrid allowed vlan 1000 untag
switch(config-if-ethernet1/1)#dot1q-tunnel selective s-vlan 1000 c-vlan 100200

www.qtech.ru


16. - VLAN

148

switch(config-if-ethernet1/1)#dot1q-tunnel selective enable


switch(config-if-ethernet1/1)#interface ethernet 1/2
switch(config-if-ethernet1/2)#switchport hybrid allowed vlan 2000 untag
switch(config-if-ethernet1/2)#dot1q-tunnel selective s-vlan 2000 c-vlan 201300
switch(config-if-ethernet1/2)#dot1q-tunnel selective enable
switch(config-if-ethernet1/9)#switchport mode hybrid
switch(config-if-ethernet1/9)#switchport hybrid allowed vlan 1000;2000 tag

16.3.4 Selective QinQ

Selective QinQ dot1q-tunnel

.

selective QinQ.

16.4 VLAN
16.4.1 VLAN
VLAN, ,
VLAN
VLAN. ,

VLAN .
VLAN .
16.4.2 VLAN
1. VLAN ;
2. VLAN ;
3. VLAN;
1. VLAN

vlan-translation enable
no vlan-translation enable

www.qtech.ru

VLAN


16. - VLAN

149

2. VLAN

vlan-translation <old-vlan-id>
<new-vlan-id> in

to /
VLAN.

no vlan-translation old-vlan-id in

3. VLAN

show vlan-translation

VLAN

16.4.3 VLN
:
PE1 PE2 - VLAN 20
CE1 CE2 VLAN 3. 1 PE1 CE1, 10
, 1 PE2 CE2, 10
.

www.qtech.ru


16. - VLAN

150


VLAN200-300

CE1

PE1

1

VLAN20 VLAN3 ,
VLAN3
VLAN20 PE


VLAN20 VLAN3 ,
VLAN3
VLAN20 PE

PE2

CE2

2

VLAN20

VLAN

VLAN-translation

1 PE1 PE2.

Trunk port

1 10 PE1 PE2.

www.qtech.ru


16. - VLAN

151

:
PE1, PE2:
switch(Config)#interface ethernet 1/1
switch(Config-Ethernet1/1)#switchport mode trunk
switch(Config-Ethernet1/1)# vlan-translation enable
switch(Config-Ethernet1/1)# vlan-translation 20 to 3 in
switch(Config-Ethernet1/1)# vlan-translation 3 to 20 out
switch(Config-Ethernet1/1)# exit
switch(Config)#interface ethernet 1/1
switch(Config-Ethernet1/1)#switchport mode trunk
switch(Config-Ethernet1/1)#exit
switch(Config)#

16.4.4 VLAN
VLAN .
VLAN
: VLAN VLAN

VLAN

16.5 Multi-to-One VLAN


16.5.1 Multi-to-One VLAN
Multi-to-One VLAN VLAN ID VLAN ID

VLAN ID .
Multi-to-One VLAN
.
16.5.2 Multi-to-One VLAN
1. Multi-to-One VLAN
2. Multi-to-One VLAN

www.qtech.ru


16. - VLAN

152

1. Multi-to-One VLAN

vlan-translation n-to-1 <WORD> to / Multi-to-One


<new-vlan-id>
VLAN
no vlan-translation n-to-1 <WORD>

2. Multi-to-One VLAN

show vlan-translation n-to-1

Multito-One VLAN

16.5.3 Multi-to-One VLAN


:
, VLAN 1, 2 3 .
, , VLAN100
Ethernet1/1 Switch 1. ,
VLAN 1, 2 3 Ethernet1/1 Switch 1
. multito-one D, E F Ethernet1/1 Switch 2.

www.qtech.ru


16. - VLAN

153

User D,E,F
VID=101

User A,B,C
VID=100

U se r

E VID
=2

VID
=1
D
er
Us

U se r

AV
ID=
1
er
Us

=3
ID
FV

User D

er

=3
VID

User C

Us

User B

er

User A

Switch 2

Us

B VID
=2

Switch 1

User E

User F

VLAN

VLAN

Switch1Switch2

Trunk Port

1/1 1/5
Switch1 Switch 2

Multi-to-One VLAN-

1/1 Switch1 Switch2

:
Switch1Switch2:
switch(Config)# vlan 1-3;100
switch(Config-Ethernet1/1)#switchport mode trunk
switch(Config-Ethernet1/1)# vlan-translation n-to-1 1-3 to 100

www.qtech.ru


16. - VLAN

154

switch(Config)#interface ethernet 1/5


switch(Config-Ethernet1/5)#switchport mode trunk
switch(Config-Ethernet1/5)#exit

16.5.4 Multi-to-One VLAN

Dot1q-tunnel
VLAN-translation
MAC- VLAN.
,
.
MAC- Multi-to-One
VLAN
Multi-to-One VLAN MAC .

16.6 VLAN
16.6.1
VLAN VLAN (
, VLAN). VLAN, ,
VLAN MAC-, VLAN VLAN.
:
VLAN, MAC ,
MAC VLAN.
VLAN
. , ,
VLAN, ,
. , VLAN
MAC , .
VLAN, IP , VLAN
IP .
, ,
.
VLAN
VLAN. ,
. ,
,
. ,
VLAN, , VLAN

www.qtech.ru


16. - VLAN

155

. ,
VLAN,
.
: , VLAN
.
16.6.2 VLAN
1. VLAN MAC ;
2. VLAN MAC VLAN;
3. MAC VLAN;
4. VLAN;
1. VLAN MAC

switchport mac-vlan enable


no switchport mac-vlan enable

/ VLAN
MAC

2. VLAN MAC VLAN


mac-vlan vlan <vlan-id>
no mac-vlan

www.qtech.ru

VLAN
MAC VLAN; no mac-vlan
MAC VLAN
VLAN.


16. - VLAN

156

3. MAC VLAN


mac-vlan mac <mac-addrss> vlan <vlan-id> /

priority <priority-id>
MAC VLAN,

/
no mac-vlan {mac <mac-addrss>|all}

MAC

VLAN

4. VLAN


protocol-vlan etype <etype-id> vlan <vlan-id>

VLAN,

no protocol-vlan {etype <etype-id> vlan <vlan

/
id>|all}

/
VLAN.

16.6.3 VLAN
:
VLAN100.
.
VLAN100. , . MAC
00-03-0f-11-22-33, VLAN200
VLAN300, , ,
VLAN100 . VLAN100
, ,
VLAN100.

www.qtech.ru


16. - VLAN

157

SwitchA

SwitchB

SwitchC

VLAN100

VLAN200

M
VLAN300

VLAN


MAC-based VLAN


,B,C.

:
Switch A, Switch B, Switch C:
switch(Config)#mac-vlan mac 00-03-0f-11-22-33 vlan 100 priority 0
switch(Config)#exit
switch#

16.6.4 VLAN
VLAN,
(, ), ,
.
-

www.qtech.ru


16. - VLAN

158

( ICMP, ping), MAC ,


VLAN.

Ping 192.168.1.200

Ping 192.168.1.100

Dynamic VLAN

192.168.1.100/2

192.168.1.200/2

VLAN

VLAN VLAN
: VLAN , .

16.7 GVRP
16.7.1 GVRP
GARP (Generic Attribute Registration Protocol),
,
- .
VLAN, MAC- . ,
GARP ,
(populate). GARP
( - GARP), GVRP.
GVRP (GARP VLAN Registration Protocol) ,
GARP.
VLAN .
, GVRP
VLAN
VLAN .
, GVRP

www.qtech.ru


16. - VLAN

159

VLAN .
, ,
. ,
VLAN, VLAN
GVRP.
Device C

VLAN 100-1000

VLAN 100-1000

Device A

Device B

Device D

Device F

Device G

Device E

A G ; B,C,D,E,F
, G. G
VLAN100-1000 , B,C,D,E,F . GVRP
, A G ,
VLAN. GVRP ,
VLAN
VLAN , VLAN VLAN100-1000 A G
. VLAN, ,
, A G VLAN100-1000.
VLAN
GVRP
VLAN.
16.7.2 GVRP
1. GARP;
2. / GVRP ;
3. GVRP ;

www.qtech.ru


16. - VLAN

160

1. GARP


garp timer join <200-500>
garp timer leave <500-1200>
garp timer leaveall <5000-60000>
no garp timer (join | leave | leaveAll)

,
GARP.

2. / GVRP


gvrp
no gvrp

/
GVRP .

3. GVRP


gvrp

/
GVRP .

no gvrp

www.qtech.ru


16. - VLAN

161

16.7.3 GVRP
1:

PC

Switch A

Switch B

Switch C

PC

GVRP

VLAN
GVRP.
, GVRP ,
VLAN 100 ,
VLAN 100
VLAN 100 .

VLAN100

2-6 A C.

Trunk port

11 , 10, 11 B.

GVRP

A, B, C.

www.qtech.ru


16. - VLAN

162

GVRP 11 A C, 10, 11 B.

VLAN 100 ,
11 10 11
11 .
:
A:
Switch(config)# gvrp
Switch(config)#vlan 100
Switch(Config-Vlan100)#switchport interface ethernet 1/2-6
Switch(Config-Vlan100)#exit
Switch(config)#interface ethernet 1/11
Switch(Config-If-Ethernet1/11)#switchport mode trunk
Switch(Config-If-Ethernet1/11)# gvrp
Switch(Config-If-Ethernet1/11)#exit

B:
Switch(config)#gvrp
Switch(config)#interface ethernet 1/10
Switch(Config-If-Ethernet1/10)#switchport mode trunk
Switch(Config-If-Ethernet1/10)# gvrp
Switch(Config-If-Ethernet1/10)#exit
Switch(config)#interface ethernet 1/11
Switch(Config-If-Ethernet1/11)#switchport mode trunk
Switch(Config-If-Ethernet1/11)# gvrp
Switch(Config-If-Ethernet1/11)#exit

C:
Switch(config)# gvrp
Switch(config)#vlan 100
Switch(Config-Vlan100)#switchport interface ethernet 1/2-6

www.qtech.ru


16. - VLAN

163

Switch(Config-Vlan100)#exit
Switch(config)#interface ethernet 1/11
Switch(Config-If-Ethernet1/11)#switchport mode trunk
Switch(Config-If-Ethernet1/11)# gvrp
Switch(Config-If-Ethernet1/11)#exit

16.7.4 GVRP
GARP,
, GVRP
. GVRP RSTP
. GVRP,
RSTP .

www.qtech.ru


17. MAC

164

17 MAC
17.1 MAC
- -
. MAC .
,
( ).
,
.
,
.
, ,
,
.
,
.
MAC :
1.

2.

17.1.1
.
.
,
.
.

www.qtech.ru


17. MAC

165

Port 5

PC1

PC2

MAC 00-01-11-11-11-11

Port 12

PC3

PC4

MAC 00-01-33-33-33-33

: 4 , 1 2
( ),
1/5 , 3 4
, 1/12 .
.
1 3. :
1. 1 3, 00-01-11-11-11-11
1/5 .
2. , 00-0133-33-33-33. 00-01-11-11-11-11
1/5, 00-01-33-33-33-33 ,
(,
VLAN1).
3. 3 4 , 1, 4
, 00-01-33-33-33-33,
3. 1/12 , 3,
00-01-33-33-33-33
1/12.
4. : 00-0111-11-11-11 1/5 00-01-33-33-33-33 1/12.
5. 1 3,
, 1 3. ,

www.qtech.ru


17. MAC

166

300 2*300 (..


). 300
.
.
17.1.2

. , ,
1 3,
2 4. :
MAC

00-01-11-11-11-11

1/5

00-01-22-22-22-22

1/5

00-01-33-33-33-33

1/12

00-01-44-44-44-44

1/12

1.
1 3, , 1/5
1/12
2.
1 2, , ,
2 1 (
).
:

;
, :
1. :
, . VLAN
, ,

www.qtech.ru


17. MAC

167

.
, .
VLAN ,
VLAN.
,
VLAN.
2. :
, VLAN,
IGMP snooping
,
.
3. : VLAN , ,
,
.
,

VLAN
,
VLAN. ,
VLAN,
VLAN, .

www.qtech.ru


17. MAC

168

17.2
1. ;
2. ;
3. ;
1.


mac-address-table aging-time <0|aging-time>
no mac-address-table aging-time

2.

mac-address-table {static | static-multicast |


blackhole} address <mac-addr> vlan <vlan-id>
[interface [ethernet | portchannel] <interfacename>] | [source|destination|both]
no mac-address-table {static | static-multicast |
blackhole | dynamic} [address <mac-addr>]
[vlan <vlan-id>] [interface [ethernet |
portchannel] <interface-name>]

www.qtech.ru

,
.


17. MAC

169

3.

clear mac-address-table dynamic [address


<mac-addr>]
[vlan
<vlan-id>]
[interface
[ethernet | portchannel] <interface-name>]

4. MAC


mac-address-learning cpu-control
no mac-address-learning cpu-control
showCollisionMacTable

/ MAC CPU
MAC


clearCollisionMacTable

MAC-


mac-address-table
avoid-collision /
no mac-address-table avoid-collision

ffp

www.qtech.ru

MAC-,


17. MAC

170

17.3

1/0/11

1/0/5
1/0/7

Port 12

1/0/9

PC1

PC2

MAC 00-01-11-11-11-11

PC4

PC3

MAC 00-01-33-33-33-33

MAC 00-01-22-22-22-22

MAC 00-01-44-44-44-44

:
, , 1/5, 1/7,1/9, 1/11
. 4 VLAN1.
, . 1
, ; 2
3 7 9, .
:
1. 00-01-11-11-11-11 1 .
Switch(config)#mac-address-table static 00-01-11-11-11-11 discard vlan 1.
2. 2 3 7 9 .
Switch(config)#mac-address-table
interface ethernet 1/7

static

address

00-01-22-22-22-22

vlan

Switch(config)#mac-address-table
interface ethernet 1/9

static

address

00-01-33-33-33-33

vlan

17.4
show mac-address-table, ,
MAC , .
:

www.qtech.ru


17. MAC

171

;
Spanning Tree discarding
Spanning Tree . ,
;
, , ,
. .

17.5
17.5.1
17.5.5.1

.
,
.
, , ,
.
, -, ,
. ,
-
.
, ,
,
. ,
, ,
. , ,
, .
17.5.5.2

1. ;
2. ;
3. ;
4. ;

www.qtech.ru


17. MAC

172

1.

switchport port-security


.
,
: no
switchport
port-security

no switchport port-security

2.

switchport port-security lock


no switchport port-security lock


; no switchport port-security
aging
.

switchport port-security convert


MAC-

switchport port-security timeout <value>


no switchport port-security timeout

switchport port-security mac-address <macaddress>


no switchport port-security mac-address
<mac-address>


; no switchport portsecurity mac-address
.


clear port-security dynamic [address <mac-
addr> | interface <interface-id>]
.

www.qtech.ru


17. MAC

173

3.

switchport port-security maximum <value>


no switchport
<value>

port-security

;
maximum
no switchport port-security
maximum
.

switchport port-security violation {protect | ;


shutdown} [recovery <30-3600>]
no switchport port-security
violation
no switchport port-security violation
.

4. MAC-


mac-address-table synchronizing enable
no mac-address-table synchronizing enable

/
MAC-,

mac-address-table periodic-monitor-time <5- MAC86400>


,

MAC-
mac-address-table trap enable
no mac-address-table trap enable

www.qtech.ru


17. MAC

17.5.5.3

174


. :

, ,
.
. , ,
, .

,
, .
, ,
MAC .

17.6 MAC-
17.6.1 MAC-
MAC . MAC-,
, ,
snmp
17.6.2 MAC-
1.
2.
3.
4.
5.
6.
7.

snmp MAC
MAC
MAC

MAC ,
MAC
MAC

1. snmp MAC


snmp-server enable traps mac-notification

/ snmp MAC
no snmp-server enable traps mac-notification

www.qtech.ru


17. MAC

175

2. MAC


mac-address-table notification
no mac-address-table notification

MAC

3. MAC


mac-address-table notification interval <0- MAC
86400>
, no
no mac-address-table notification interval

4.


mac-address-table notification history-size ,
<0-500>
no
no mac-address-table notification history-size

5. MAC ,

mac-notification {added | both | removed}


no mac-notification

www.qtech.ru

MAC
,


17. MAC

176

6. MAC

show mac-notification summary

MAC

7. MAC

clear mac-notification statistics

MAC

17.6.3 MAC
IP- (NMS) 1.1.1.5, IP- 1.1.1.9. NMS
Trap .(: NMS
)
:
Switch(config)#snmp-server enable
Switch(config)#snmp-server enable traps mac-notification
Switch(config)# mac-address-table notification
Switch(config)# mac-address-table notification interval 5
Switch(config)# mac-address-table notification history-size 100
Switch(Config-If-Ethernet1/4)# mac-notification both

17.6.4 MAC
, show
snmp.

www.qtech.ru


18. MSTP

177

18 MSTP
18.1 MSTP
MSTP (Multiple STP) spanning-tree,
STP RSTP. .
(CIST - common and internal spanning
tree) , , MSTP, STP RSTP.
(MSTI multiple spanning-tree instances) MST (MSTP domain). MSTP
RSTP,
,
VLAN. MSTP
.
, VLAN
, MSTP ,
.
18.1.1 MSTP

VLAN, , IEEE 802.1s
MST. MST VLAN
.
MSTP c
MSID(MST Configuration Identification) (
MSTP (designated)
, , , STP ).
MSTP MSID.
MSID :

: ;

: VLAN,

;

MST.
MSTP CIST , MST
. :

www.qtech.ru


18. MSTP

178

Root

Root

M
E
F

D
MST
REGION

CIST MST

, STP,
RSTP, .
, , , MSTP
MST, MSTP
.
; , D.
18.1.1.1

MSTP

(IST) MSTP . IST


, IST IST
ID CST.
, IST
CST. CST ,
IST MSTP .
MSTP BPDU,
CST IST,
. , MST
.
MST ( ID , .
.), , IST.
MST IST
, BPDU. MST BPDU
, ,
,
.
MST

www.qtech.ru


18. MSTP

179

, MST
, ID , .
.
18.1.1.2

MST


802.1D, MSTP CST, MST
STP . CST
MST IST .
MSTI MST. MSTI
MSTI MST.
MST MST BPDU .
, CIST
MSTI.
18.1.2
MSTP ,
MSTP. CIST: Root Port, Designated Port, Alternate Port, Backup Port
MSTI
: Master Port.

CIST (Root Port, Designated Port, Alternate Port, Backup Port)


, RSTP.
18.1.3 MSTP
MSTP VLAN ,
.
,
.
, VLAN .
VLAN .

18.2 MSTP
1. MSTP ;
2. ;
3. MSTP;
4. MSTP;
5. MSTP;
6. ;
7. ;

www.qtech.ru


18. MSTP

180

8. snooping- ;
9. FLUSH ;

1. MSTP


spanning-tree

/ MSTP

no spanning-tree

spanning-tree mode {mstp|stp|rstp}

MSTP.

no spanning-tree mode

spanning-tree mcheck


MSTP

2. ;


spanning-tree mst <instance-id> priority
<bridge-priority>

.
no spanning-tree mst <instance-id> priority
spanning-tree priority <bridge-priority>
no spanning-tree priority

www.qtech.ru


18. MSTP

181

spanning-tree mst <instance-id> cost <cost>

no spanning-tree mst <instance-id> cost

spanning-tree mst <instance-id> port-priority


<port-priority>
.
no spanning-tree mst <instance-id> portpriority
spanning-tree mst <instance-id> rootguard

no
spanning-tree
mst
<instance-id>
rootguard
. ,
,

.

spanning-tree rootguard

no spanning-tree rootguard

0.


.
spanning-tree [mst <instance-id>] loopguard
no spanning-tree
loopguard

[mst

www.qtech.ru


<instance-id>] . NO
.


18. MSTP

182

3. MSTP


spanning-tree mst configuration
no spanning-tree mst configuration


MSTP. NO
.

MSTP
show

instance <instance-id> vlan <vlan-list>


no instance <instance-id> [vlan <vlan-list> ]



VLAN

name <name>

MSTP

no name
revision-level <level>
no revision-level

MSTP

abort


MSTP

MSTP.

exit


MSTP,
MSTP
.

no

4. MSTP

www.qtech.ru


18. MSTP

183


spanning-tree forward-time <time>
no spanning-tree forward-time
spanning-tree hello-time <time>

no spanning-tree hello-time

Hello
BPDU.

spanning-tree maxage <time>

BPDU

no spanning-tree maxage
spanning-tree max-hop <hop-count>
no spanning-tree max-hop


BPDU MSTP.

5. MSTP

spanning-tree link-type p2p {auto|force-


true|force-false}
no spanning-tree link-type
spanning-tree
portfast
[bpdufilter| , .
bpduguard] [recovery <30-3600>]
Bpdufilter
BPDU.
no spanning-tree portfast
bpduguard BPDU
. no
,
,

www.qtech.ru


18. MSTP

184

6.

spanning-tree format standard


spanning-tree format privacy
spanning-tree format auto
no spanning-tree format

standard

c IEEE, privacy
CISCO, auto ,

7.

spanning-tree cost

no spanning-tree cost
spanning-tree port-priority

no spanning-tree port-priority
spanning-tree rootguard

no spanning-tree rootguard

spanning-tree transmit-hold-count <tx-hold-

count-value>

no spanning-tree transmit-hold-count
spanning-tree cost-format {dot1d | dot1t}

www.qtech.ru


dot1d dot1t


18. MSTP

185

8. snooping-

spanning-tree digest-snooping
no spanning-tree digest-snooping

NO

9. FLUSH


spanning-tree tcflush {enable|
protect}
no spanning-tree tcflush

disable| Enable:
;
Disable:
;
Protect:
;
no

.


spanning-tree tcflush {enable|
protect}
no spanning-tree tcflush

www.qtech.ru

disable| flush .
no
.


18. MSTP

186

18.3 MSTP
Switch 1

2
1

1
2

3
Switch 2

Switch 3

6
7

Switch 4
MSTP

C .
MSTP . ,
().
:


Bridge MAC

Switch1

Switch2

Switch3

Switch4

00-00-01

00-00-02

00-00-03

00-00-04

Address
Bridge Priority

32768

32768

32768

Port 1
Port
Priority
Port 2

128

128

128

128

128

128

128

128

Port 3

www.qtech.ru

32768


18. MSTP

Route
Cost

187

Port 4

128

128

Port 5

128

128

Port 6

128

128

Port 7

128

128

Port 1

200000

200000

200000

Port 2

200000

200000

200000

Port 3

200000

200000

Port 4

200000

200000

Port 5

200000

200000

Port 6

200000

200000

Port 7

200000

200000

MSTP 1.
, x discarding (),

.
:
1. VLAN:
VLAN 20, 30, 40, 50 Switch2, Switch3 Switch4;
1-7 Switch2, Switch3 Switch4;
2. Switch2, Switch3 Switch4 MSTP:
Switch2, Switch3 Switch4 ,
mstp;
VLAN 20 VLAN 30 Switch2, Switch3 Switch4
3;

www.qtech.ru


18. MSTP

188

VLAN 40 VLAN 50 Switch2, Switch3 Switch4


4;
3. Switch3 3.
Switch4 4:
3
Switch3 0;
4
Switch4 0.
:
Switch2:
Switch2(config)#vlan 20
Switch2(Config-Vlan20)#exit
Switch2(config)#vlan 30
Switch2(Config-Vlan30)#exit
Switch2(config)#vlan 40
Switch2(Config-Vlan40)#exit
Switch2(config)#vlan 50
Switch2(Config-Vlan50)#exit
Switch2(config)#spanning-tree mst configuration
Switch2(Config-Mstp-Region)#name mstp
Switch2(Config-Mstp-Region)#instance 3 vlan 20;30
Switch2(Config-Mstp-Region)#instance 4 vlan 40;50
Switch2(Config-Mstp-Region)#exit
Switch2(config)#interface e1/0/1-7
Switch2(Config-Port-Range)#switchport mode trunk
Switch2(Config-Port-Range)#exit
Switch2(config)#spanning-tree

Switch3:
Switch3(config)#vlan 20
Switch3(Config-Vlan20)#exit
Switch3(config)#vlan 30
Switch3(Config-Vlan30)#exit
Switch3(config)#vlan 40
Switch3(Config-Vlan40)#exit
Switch3(config)#vlan 50
Switch3(Config-Vlan50)#exit
Switch3(config)#spanning-tree mst configuration

www.qtech.ru


18. MSTP

189

Switch3(Config-Mstp-Region)#name mstp
Switch3(Config-Mstp-Region)#instance 3 vlan 20;30
Switch3(Config-Mstp-Region)#instance 4 vlan 40;50
Switch3(Config-Mstp-Region)#exit
Switch3(config)#interface e1/0/1-7
Switch3(Config-Port-Range)#switchport mode trunk
Switch3(Config-Port-Range)#exit
Switch3(config)#spanning-tree
Switch3(config)#spanning-tree mst 3 priority 0

Switch4:
Switch4(config)#vlan 20
Switch4(Config-Vlan20)#exit
Switch4(config)#vlan 30
Switch4(Config-Vlan30)#exit
Switch4(config)#vlan 40
Switch4(Config-Vlan40)#exit
Switch4(config)#vlan 50
Switch4(Config-Vlan50)#exit
Switch4(config)#spanning-tree mst configuration
Switch4(Config-Mstp-Region)#name mstp
Switch4(Config-Mstp-Region)#instance 3 vlan 20;30
Switch4(Config-Mstp-Region)#instance 4 vlan 40;50
Switch4(Config-Mstp-Region)#exit
Switch4(config)#interface e1/0/1-7
Switch4(Config-Port-Range)#switchport mode trunk
Switch4(Config-Port-Range)#exit
Switch4(config)#spanning-tree
Switch4(config)#spanning-tree mst 4 priority 0

, , Switch1
0 . MSTP, Switch2, Switch3
Switch4, Switch 2
0, Switch3
3 Switch4
4. VLAN 20 30
3. VLAN 40 50
4. VLAN
0. 1 Switch2
3 4.

www.qtech.ru


18. MSTP

190

MSTP 3 :
0, 3 4. , x discarding ().
.
Switch 1

Switch 2

Switch 3
1

1
2

3
5

6
7

Switch 4
0 MSTP

Switch 2

Switch 3

3
5

6
7

Switch 4
3 MSTP

www.qtech.ru


18. MSTP

191

Switch 2

Switch 3

3
5

6
7

Switch 4
4 MSTP

18.4 MSTP
, MSTP , MSTP
.
MSTP ,
:
2(Bridge_Forward_Delay - 1.0 ) >= Bridge_Max_Age;
Bridge_Max_Age >= 2(Bridge_Hello_Time + 1.0 );
MSTP .
MSTP, ,
.
.
.

www.qtech.ru


19. QoS

192

19 QOS
19.1 QoS
QoS (Quality of Service ) -
,
. QoS -

. QoS ,

.
19.1.1 QoS
QoS: ,

.
QoS: QoS QoS
, .
QoS.
CoS: - , 802.1Q
. Tag
0 7.
Layer 2 802.1Q/P Frame
Start frame
delimiter

Preamble

DA

SA

Tag

PT

Data

FCS

3 bits used for COS (user priority)


ToS: . , IPv4
IP . ToS
IP (IP Precedence) DSCP.

Layer 3 IPv4 Packet


Version
length

ToS
(1 byte)

Len

ID

Offset

TTL

IP precedence or DSCP

ToS

www.qtech.ru

Proto FCS IP-SA

IP-DA

Data


19. QoS

193

IP Precedence: IP.
, 3 0 7.
DSCP (Differentiated Services Code Point): ,
, IP ,
6 , 0 63 IP.
MPLS TC(EXP)
MPLS , 3 0 7.

Internal Priority: , .
. - Int-Prio
IntP.
Drop Precedence: .
. 0 1.
Drop-Prec DP.
Classification: QoS,
,
(ACL).
Policing: QoS ,
.
Remark: QoS , ,
.
Scheduling: QoS .
.
,
.
In-Profile: QoS(
) In-Profile.
Out-of-Profile: QoS(
) Out-of-Profile.

19.1.2 QoS
QoS
. QoS ,
. QoS

www.qtech.ru


19. QoS

194

. , ,
QoS.
IP
, , 4
OSI , TCP. , IP

. FTP,

-,
.
, QoS
. IP
802.1Q . QoS
,

.
, QoS,
,
,
.
QoS ,
/ .
19.1.3 QoS
QoS 4 : , ,
, ,
,
QoS .

Ingress

Generate
Internal
Priority

Color

Classification

Policing

Sort the packet traffic


according to the classification
info and convert classification
info to internal priority value
and drop precedence value

Egress

Remark

Decide whether the traffic


color is single bucket dual
color or dual bucket three
color according to policing
policy

Degrade, discard the different


color packets, and remark
DSCP, TOS, COS fields

QoS

www.qtech.ru

Scheduling

Place packets into priority


queues according to internal
priority and service according
to the queue weight and the
drop precedence


19. QoS

195

:
,
.
. .
Start

MPLS
Packet(*0)

IP packet

Trust
EXP(*1)
N

Trust DSCP
N

Trust COS
(*2)

tag packet

Set the packet COS as


the default ingress
COS(*4)

COS-to-Int-Prio
COS-to-Drop-Prec
conversation according
to the COS value (*5)

DSCP-to-DSCP
DSCP-to-Int-Prio
DSCP-to-Drop-Prec
Conversion according to the
packet DSCP

EXP-to-Int-Prio
EXP-to-Drop-Prec
conversation according to
the packet MPLS EXP value
Set the packet COS field
equals Int-Prio

Enter the
policing flow

www.qtech.ru


19. QoS

196

1: CoS
, .
2: DSCP CoS,
DSCP COS.
:

.

.
- (single bucket dual color)
- (dual bucket three color).
.
, ,

. COS DSCP
. .

www.qtech.ru


19. QoS

197

Start

No

Whether
configure the
policing policy
Yes

Decide the packet color and


action according to the policy

The specific
color ection

Drop

Pass

Select one or several option of the following:


Set COS: Set L2 COS filed of the packed
Set Int-Prio: Set internal priority of the packet
Set Drop-Prec: Set drop precedence of the
packet
Set DSCP/TOS: Set DSCP or TOS filed of the
packet

Enter scheduling

Drop the
packets

1. .

.
2.
- ( IntP-to-IntP).

www.qtech.ru


19. QoS

198


, .
:
,

. .

Start

MPLS packet(*0)
N

Remark DSCP and L2 COS


fields of the packets
according to Int-Prio-to-DSCP
Int-Prio-to-COS mapping(*1)

Remark EXP field


of the packed
according to IntPrio-to-EXP
mapping

Select queue according to


IntPrio-to-Queue mapping
Queue Number

Read the buffer value


according to the queue
remove algorithm, the packet
drop priority and the egress
queue

No

Buffer available
Yes

Place the packets into the


specified queue, and forward
the packets according to the
weight priority

Finish

Drop the
packets

www.qtech.ru


19. QoS

199

19.2 QoS
1. ;
ACL, CoS, VLAN ID,
IPv4, DSCP IPv6 FL .
.
2. ;
,
, .
( ,
DSCP) .
, .
3. QoS VLAN ;
(trust mode)
. .
VLAN.
VLAN ,
.
4. ;
, sp,wdrr .
QoS.
CoS DP, DSCP DSCP, IntP DSCP.
1. .


class-map <class-map-name>
no class-map <class-map-name>


; no
class-map <class-map-name>
.

match {access-group <acl-index-or-name> | ip

www.qtech.ru


19. QoS

200

dscp <dscp-list>| ip precedence <ip-precedencelist> | ipv6 access-group <acl-index-or-name> |


ipv6 dscp <dscp-list>| ipv6 flowlabel <flowlabellist>|vlan <vlan-list> | cos <cos-list>}
no match {access-group | ip dscp | ip precedence
| ipv6 access-group | ipv6 dscp | ipv6 flowlabel |
vlan | cos}

( ACL,
CoS, VLAN ID, IPv4, IPv6 FL
DSCP, ..) ;
No
.

2.


policy-map <policy-map-name>
no policy-map <policy-map-name>


; NO
.

class <class-map-name> [insert-before <class- ,


map-name>]
.
DSCP
no class <class-map-name>

;
NO
.
set {ip dscp <new-dscp> | ip precedence <new-

precedence> | internal priority <new-inp> | drop

precedence <new-dp> | cos <new-cos>}


; NO
no set {ip dscp | ip precedence | internal priority .
| drop precedence |cos }
policy <bits_per_second> <normal_burst_bytes>

({conform-action ACTION | exceed-action


.
ACTION} )

.
ACTION definition:
,
drop | transmit | set-dscp-transmit <dscp_value> -
| set-prec-transmit <ip_precedence_value> | set- , ,
cos-transmit <cos_value> | set-internal-priority .
<inp_value> | set-Drop-Precedence <dp_value>

www.qtech.ru


19. QoS

201

no policy


. NO
.

accounting


.

,
.


.
(
) .
( ,
) .

no accounting


drop


. NO
.

no drop
transmit
no transmit

3. QoS VLAN


mls qos trust dscp
no mls qos trust dscp
mls qos cos {<default-cos>}
no mls qos cos

www.qtech.ru

. NO
.

CoS

; NO


19. QoS

202

service-policy input <policy-map-name>


no service-policy input <policy-map-name>

; NO

.

.


service-policy input <policy-map-name> vlan

<vlan-list>

VLAN
.
no service-policy input <policy-map-name> vlan NO
, VLAN
<vlan-list>
.

4.


mls qos queue algorithm {sp | wdrr}
no mls qos queue algorithm

. wdrr


mls qos queue weight <weight0..weight3>
no mls qos queue weight

www.qtech.ru

wdrr
.
1 2 3 4


19. QoS

203

5. QoS


mls qos map {cos-intp <intp1intp8> | dscp-intp

<in-dscp list> to <intp>}


QoS. NO

no mls qos map {cos-intp | dscp-intp}

6. VLAN.

clear mls qos statistics [interface <interface-name>


| vlan <vlan-id>]

VLAN.
,
.

7. QoS

show mls qos maps [cos-dp | dscp-dscp | dscp-


intp | dscp-dp | intp-dscp]

show class-map [<class-map-name>]

QoS

show policy-map [<policy-map-name>]

QoS.

QoS

show mls qos {interface [<interface-id>] [policy QoS .


| queuing] | vlan <vlan-id>}

www.qtech.ru


19. QoS

204

19.3 QoS
1:
QoS,
Ethernet 1/1 1:1:2:2:4:4:8:8, CoS
DSCP CoS 5.
:
Switch#config
Switch(config)# mls qos queue weight 1 1 2 2 4 4 8 8
Switch(Config-If-Ethernet 1/1)#mls qos trust cos
Switch(Config-If-Ethernet1/1)#mls qos cos 5

:
QoS,
1:1:2:2:4:4:8:8. ,
CoS, ethernet 1/1
CoS. CoS 1 7
1,2,3,4,5,6,7.8 .
CoS, 5 6.
DSCP .
2:
Ethernet 1/2 192.168.1.0
10 / 4 . ,
.
:
Switch#config
Switch(config)#access-list 1 permit 192.168.1.0 0.0.0.255
Switch(config)#class-map c1
Switch(Config-ClassMap-c1)#match access-group 1
Switch(Config-ClassMap-c1)#exit
Switch(config)#policy-map p1
Switch(Config-PolicyMap-p1)#class c1
Switch(Config-PolicyMap-p1-Class-c1)#policy 10000 4000 exceed-action drop
Switch(Config-PolicyMap-p1-Class-c1)#exit
Switch(Config-PolicyMap-p1)#exit
Switch(config)#interface ethernet 1/2
Switch(Config-If-Ethernet1/2)#service-policy input p1

www.qtech.ru


19. QoS

205

:
1 192.168.1.0. QoS
. 1, ACL 1
. p1. p1 1.

. ethernet 1/2. ,
, 192.168.1.0,
Ethernet 1/2, 10 /
4 . , ,
.
3:

QOS area
Server

Switch3

Switch2
Trunk

Switch1

QoS

, , QoS ,
Switch1 IP.
, CoS 192.168.1.0 5
ethernet1/1 ( 40

www.qtech.ru


19. QoS

206

dcsp 40-40, IP
5). , Switch2 . Switch2 Ethernet 1/1,
Switch1 dscp.
QoS
.
:
QoS Switch1:
Switch#config
Switch(config)#access-list 1 permit 192.168.1.0 0.0.0.255
Switch(config)#class-map c1
Switch(Config-ClassMap-c1)#match access-group 1
Switch(Config-ClassMap-c1)#exit
Switch(config)#policy-map p1
Switch(Config-PolicyMap-p1)#class c1
Switch(Config-PolicyMap-p1-Class-c1)#set ip precedence 40
Switch(Config-PolicyMap-p1-Class-c1)#exit
Switch(Config-PolicyMap-p1)#exit
Switch(config)#interface ethernet 1/1
Switch(Config-If-Ethernet1/1)#service-policy input p1

QoS Switch2:
Switch#config
Switch(config)#interface ethernet 1/1
Switch(Config-If-Ethernet1/1)#mls qos trust cos

19.4 QoS
cos EXP
;

dscp
. IPv4 IPv6;
exp, dscp cos
. : EXP>DSCP>COS;
VLAN (mac vlan/ vlan/vlan
IP/vlan ), COS COS
VLAN;
,
;

VLAN .

www.qtech.ru


20.

207

20
20.1
,
( ACL) .
,
,
. : 1)
( , )
,
; 2)
.
-
-,
- .
- .

20.2
1. ;
2. ;
1.


access-group <aclname> redirect to interface [ethernet
<IFNAME>|<IFNAME>]

; no accessno access-group <aclname> redirect
group <aclname> redirect

.

www.qtech.ru


20.

208

2.

/
show flow-based-redirect {interface [ethernet <IFNAME>
|<IFNAME>]}


/.

20.3
:
:
IP 192.168.1.111, 1, 6.
:
1. . IP - 192.168.1.111
2. 1.
:
Switch(config)#access-list 1 permit host 192.168.1.111
Switch(config)#interface ethernet 1/1
Switch(Config-If-Ethernet1/1)# access-group 1 redirect to interface ethernet
1/6

20.4
,
, :
( ) - ACL,
ACL, ACL, ACL,
IPv6 ACL IPv6 ACL;

. permit;

1000;

www.qtech.ru


21. QinQ

209

21 QINQ
21.1 QinQ
21.1.1 QinQ
Dot1q, QinQ (802.1Q-in-802.1Q)
802.1Q. VLAN (CVLAN
tag) VLAN (SPVLAN tag). VLAN
2-
. ,

(METRO) 3-
.
QinQ: QinQ QinQ. QinQ ,
.
21.1.2 QinQ
QinQ . QinQ ,
, VLAN
. QinQ , VLAN .
21.1.3 QinQ
QinQ . ,
, .
: QinQ
VLAN, MAC , Ipv4/IPv6 , Ipv4/IPv6
.. ,

.

21.2 QinQ
QinQ
QoS.
1. ;
2. QinQ
;
3. QinQ ;

www.qtech.ru


21. QinQ

210

1.


class-map <class-map-name>
no class-map <class-map-name>


, NO
.

match {access-group <acl-index-or-name> | ip


dscp <dscp-list>| ip precedence <ip-precedencelist>| ipv6 access-group <acl-index-or-name>|
ipv6 dscp <dscp-list> | ipv6 flowlabel <flowlabellist> | vlan <vlan-list> | cos <cos-list>}


(
, CoS, VLAN ID,
IPv4 DSCP ..
); NO
no match {access-group | ip dscp | ip .
precedence|ipv6 access-group| ipv6 dscp | ipv6
flowlabel | vlan | cos}

2. QinQ


policy-map <policy-map-name>
no policy-map <policy-map-name>


, NO
.

class <class-map-name> [insert-before <class-map- ,


name>]
,
.

NO

no class <class-map-name>
.
set {s-vid <new-vid> | c-vid <new-vid>}
no set {s-vid | c-vid}

www.qtech.ru

VLAN

.
NO .


21. QinQ

211

3. QinQ


service-policy input <policy-map-name>
no service-policy input <policy-map-name>

.
NO
.

4. QinQ

show mls qos {interface [<interface-id>]

QinQ
.

21.3 QinQ

QinQ

www.qtech.ru


21. QinQ

212

, VLAN c 1001,
2001, 3001 DSLAM1. VLAN1001 ,
VLAN2001 VOIP, VLAN3001 VOD.
, QinQ,
VLAN ID . 1001
1001 ( ),
- VLAN1001 BRAS
( ). 2001 ( 3001)
2001 ( 3001) SR
. VLAN
DSLAM2. : VLAN
,
. ,
DSLAM
.
:
DSLAM1 1 , :
Switch(config)#class-map c1
Switch(config-classmap-c1)#match vlan 1001
Switch(config-classmap-c1)#exit
Switch(config)#class-map c2
Switch(config-classmap-c2)#match vlan 2001
Switch(config-classmap-c2)#exit
Switch(config)#class-map c3
Switch(config-classmap-c3)#match vlan 3001
Switch(config-classmap-c3)#exit
Switch(config)#policy-map p1
Switch(config-policymap-p1)#class c1
Switch(config-policymap-p1-class-c1)# set s-vid 1001
Switch(config-policymap-p1)#class c2
Switch(config-policymap-p1-class-c2)# set s-vid 2001
Switch(config-policymap-p1)#class c3
Switch(config-policymap-p1-class-c3)# set s-vid 3001
Switch(config-policymap-p1-class-c3)#exit
Switch(config-policymap-p1)#exit
Switch(config)#interface ethernet 1/0/1
Switch(config-if-ethernet1/0/1)#service-policy input p1

www.qtech.ru


21. QinQ

213

DSLAM2 1 , :
Switch(config)#class-map c1
Switch(config-classmap-c1)#match vlan 1001
Switch(config-classmap-c1)#exit
Switch(config)#class-map c2
Switch(config-classmap-c2)#match vlan 2001
Switch(config-classmap-c2)#exit
Switch(config)#class-map c3
Switch(config-classmap-c3)#match vlan 3001
Switch(config-classmap-c3)#exit
Switch(config)#policy-map p1
Switch(config-policymap-p1)#class c1
Switch(config-policymap-p1-class-c1)# set s-vid 1002
Switch(config-policymap-p1)#class c2
Switch(config-policymap-p1-class-c2)# set s-vid 2002
Switch(config-policymap-p1)#class c3
Switch(config-policymap-p1-class-c3)# set s-vid 3002
Switch(config-policymap-p1-class-c3)#exit
Switch(config-policymap-p1)#exit
Switch(config)#interface ethernet 1/0/1
Switch(config-if-ethernet1/0/1)# service-policy input p1

21.4 QinQ
QinQ , ,
:
, QinQ
;
, ,
;

, TCAM ;

www.qtech.ru


22. 3-

214

22 3-
,

IP .

22.1 3-
22.1.1 3-
3- .
, . 3- VLAN.
3 2,
VLAN, 2.
, 2, 3,
( UP)
3. 3 (
DOWN). IP ,
3- , IP .
IP 3- .

22.1.2 3-
3- :
1. 3- ;
2. VLAN ;
1. 3-

interface vlan <vlan-id>


no interface vlan <vlan-id>

www.qtech.ru

VLAN (VLAN
3- ); no VLAN
, .


22. 3-

215

2. VLAN

VLAN
description <text>

VLAN .
no VLAN
.

no description

22.2 IP
22.2.1 IPv4, IPv6
IPv4 -.
, IPv4 , , ,
.
. IPv4
80- ,
. ,
-,
IPv4, .
IPv6 -, . IPv6
IETF -
4 (IPv4). IPv6 ,
IPv4, .
, IPv6
IP-. IPv4 ,
.
-
( , IP-,
, . .).
IP-,
. IPv4- ;
,
IPv4-, NAT
(Network Address Translation), CIDR (Classless Inter-Domain Routing) . .
CIDR, NAT IPv4
, NAT (end-to-end),
IP,

www.qtech.ru


22. 3-

216

,
. ,

, IPSec .
, , IPv4,
- IPv6, IETF,
.
, 128- IPv6
IP- IP-
, . IPv6
IPv4.
,

.
IPv4, IPv6 .
, ,
IPv6. IPv6
,

. ,
MTU (Path MTU Discovery Mechanism)
.
Plug-And-Play.

IPv6, IPv6 ,
, IPv6, Plug-And-Play.
,
,
.
IPSec. IPSec IPv6, IPv4. IPv6
,
, , ,
, ,
(VPN).
IP- .
IP-, IETF,
.
. IPv4, IPv6

(Care-Of-Address). IPv6

www.qtech.ru


22. 3-

217

. , ,
.
- , IPv4.
. NAT

.
IPv4-, ,
.
IPv6 ,
. , NAT
.
IPv6
(Internal Gateway Protocols IGP)
(Exterior Gateway Protocols EGP). , IPv6,
RIPng, OSPFv3, IS-ISv6, MBGP4+ ..
Multicast Multicast .
broadcast IPv4, Router Discovery and Router Query, IPv6 multicast
IPv4 broadcast . Multicast
, .
22.2.2 IP
3- IPv4 IPv6 .
22.2.2.1

IPv4

1. IPv4 3-
2. .
1. IPv4 3-

VLAN
ip address <ip-address> <mask> [secondary]
no ip address [<ip-address> <mask>]

www.qtech.ru

IP VLAN ;
no ip address [<ip-address>
<mask>] IP VLAN
.


22. 3-

218

2. .


ip default-gateway <A.B.C.D>
no ip default-gateway <A.B.C.D>

22.2.2.2

.
no .

IPv6

IPv6:
1. IPv6
(1) IPv6 ;
(2) IPv6;
2. IPv6 Neighbor Discovery
(1) DAD neighbor solicitation;
(2) neighbor solicitation;
(3) IPv6 (neighbor);
(4) IPv6;
1. IPv6
(1) IPv6

ipv6
address
length> [eui-64]

<ipv6-address/prefix- IPv6 ,
unicast , site-local
no ipv6 address <ipv6-address/prefix- link-local . no ipv6 address <ipv6address/prefix-length> IPv6 .
length>

www.qtech.ru


22. 3-

219

(2) IPv6

ipv6 route <ipv6-prefix/prefix-length> IPv6.


{<nexthop-ipv6-address>|<interface
no

type interface-number> | {<nexthop- IPv6.


ipv6-address> <interface-type interfacenumber>}} [distance]
no ipv6 route <ipv6-prefix/prefixlength>
{<nexthop-ipv6address>|<interface-type
interfacenumber>
|{<nexthop-ipv6-address>
<interface-type
interface-number>}}
[distance]

2. IPv6 Neighbor Discovery


(1) DAD neighbor solicitation

ipv6 nd dad attempts <value>


no ipv6 nd dad attempts

. no
(1).

(2) neighbor solicitation

ipv6 nd ns-interval <seconds>


no ipv6 nd ns-interval

www.qtech.ru

. no
(1 ).


22. 3-

220

(3) IPv6 (neighbor)

ipv6
neighbor
<ipv6-address>
<hardware-address>
interface , IPv6 , MAC
<interface-type interface-name>
.
no ipv6 neighbor <ipv6-address>

(4) IPv6

clear ipv6 neighbors

22.2.3 IPv6

. PC IPv6 ,
RA ( ).

22.3 ARP
22.3.1 ARP
ARARP (Address Resolution Protocol - )
Ethernet MAC IP .
..
22.3.2 ARP
ARP:
1. ARP
1. ARP

www.qtech.ru


22. 3-

221

VLAN

arp <ip_address> <mac_address> {interface ARP;


[ethernet] <portName>}
no ARP
IP .
no arp <ip_address>

22.3.3 ARP
ping , ,
:

, ARP .
ARP , ARP
/ ARP .
.

www.qtech.ru


23. ARP

23

222

ARP

23.1 ARP
ARP . ,
, ARP
, .
ARP
, - .
ARP , , ,
,
, ,
, DOS ..
ARP ,
. ARP
: ARP ,
.
ARP : IP.
ARP ,
, , .
IP ARP , IP
, ,
IP , , IP ,
. . ,
IP ,
.
, IP
, ARP .
.

23.2

ARP

1. ARP .
2. , ,
IP.
3.
4. IP
5.

www.qtech.ru


23. ARP

223

6. , ARP ,
.
1. ARP .

anti-arpscan enable

ARP .

no anti-arpscan enable

2. , ,
IP

anti-arpscan port-based threshold


<threshold-value>
no anti-arpscan port-based
threshold

,
.

anti-arpscan ip-based threshold <threshold- ,


value>
IP.
no anti-arpscan ip-based threshold

3.

anti-arpscan trust <port | supertrust-port>


no anti-arpscan trust <port |supertrust-port>

www.qtech.ru


23. ARP

224

4. IP

anti-arpscan
[<netmask>]

trust

no anti-arpscan
[<netmask>]

ip

trust

ip

<ip-address> IP.
<ip-address>

5.

anti-arpscan recovery enable


no anti-arpscan recovery enable
anti-arpscan recovery time <seconds>
no anti-arpscan recovery time

7. , ARP ,

anti-arpscan log enable


no anti-arpscan log enable
anti-arpscan trap enable
no anti-arpscan trap enable

www.qtech.ru

/
ARP .
/ SNMP
Trap ARP .


23. ARP

225

show anti-arpscan [trust <ip | port |


supertrust-port> | prohibited <ip | port>]

ARP


debug anti-arpscan <port | ip>

ARP .

no debug anti-arpscan <port | ip>

23.3 ARP
B

E 1/0/1
E 1/0/19

E 1/0/2

E 1/0/2

Server
192.168.1.100/2

PC

PC

ARP

, , E1/1 B
E1/19 A, E1/2 A (IP
192.168.1.100/24), A PC.
ARP ,
.
A:
SwitchA(config)#anti-arpscan enable
SwitchA(config)#anti-arpscan recovery time 3600
SwitchA(config)#anti-arpscan trust ip 192.168.1.100 255.255.255.0
SwitchA(config)#interface ethernet1/2
SwitchA (Config-If-Ethernet1/2)#anti-arpscan trust port

www.qtech.ru


23. ARP

226

SwitchA (Config-If-Ethernet1/2)#exit
SwitchA(config)#interface ethernet1/19
SwitchA (Config-If-Ethernet1/19)#anti-arpscan trust supertrust-port
Switch A(Config-If-Ethernet1/19)#exit
B:
Switch B(config)# anti-arpscan enable
SwitchB(config)#interface ethernet1/1
SwitchB (Config-If-Ethernet 1/1)#anti-arpscan trust port
SwitchB (Config-If-Ethernet 1/1)exit

23.4 ARP
ARP .
ARP ( debug antiarpscan ) .

www.qtech.ru


24. ARP

227

24 ARP
24.1
24.1.1 ARP (Address Resolution Protocol)
, ARP (RFC-826), , IP
48- , MAC , , IP
192.168.0.1, MAC 00-1F-CE-FD-1D-2B.
,
(broadcast) , IP
(ARP ),
, IP MAC . ,
MAC .
24.1.2 ARP
ARP, ARP ,
ARP , , ARP ,
ARP (ARP spoofing).
(
), ARP ,
, MAC .
, , .
.
.
, ..
,
.
24.1.3 ARP
, ARP,.
ARP, ARP.
ARP , ,
IP , ARP ,
IP-MAC
. ,
, .
ARP
.
IP-MAC ,
.

www.qtech.ru


24. ARP


ARP.

228

ARP.

ND IPv6, ARP
, ND ,
ARP.

24.2 ARP
ARP:
1. ARP
2. ARP
3. ARP
1. ARP

ip arp-security updateprotect
no ip arp-security updateprotect

/
ARP.

2. ARP, ND

ip arp-security learnprotect
no ip arp-security learnprotect

/
ARP.

3. ARP, ND

ip arp-security convert

www.qtech.ru

ARP .


24. ARP

229

24.3 ARP, ND

switch

IP:192.168.2.4;mac: 00-00-00-00-00-04

IP:192.168.2.1;mac: 00-00-00-00-00-01

IP:192.168.1.2;mac: 00-00-00-00-00-02

IP:192.168.2.3;mac: 00-00-00-00-00-03

B C. A ,
, B. ARP
: 192.168.2.3, 00-00-00-00-00-01, MAC
IP , ARP
192.168.2.3 MAC 00-00-00-00-00-01 address ( A).
C,
. ARP ,
ARP ARP
.

www.qtech.ru


24. ARP

230

ARP , ARP
ARP .
ARP .
Switch#config
Switch(config)#interface vlan 1
Switch(Config-If-Vlan1)#arp 192.168.2.1 00-00-00-00-00-01 interface eth 1/2
Switch(Config-If-Vlan1)#interface vlan 2
Switch(Config-If-Vlan2)#arp 192.168.1.2 00-00-00-00-00-02 interface eth 1/2
Switch(Config-If-Vlan2#interface vlan 3
Switch(Config-If-Vlan3)#arp 192.168.2.3 00-00-00-00-00-03 interface eth 1/2
Switch(Config-If-Vlan3)#exit
Switch(Config)#ip arp-security learnprotect
Switch(Config)#
Switch(config)#ip arp-security convert

, ARP ,
ARP , ARP ,
.
Switch#config
Switch(config)#ip arp-security updateprotect

www.qtech.ru


25. ARP GUARD

231

25 ARP GUARD
25.1 ARP GUARD
ARP , ,
ARP ,
IP MAC . ARP .
ARP ARP IP
MAC , . ARP
: 1. PC4 ARP , IP PC2
MAC PC4, , IP , PC2,
PC4, PC4 ,
PC2; 2. PC4 ARP , IP PC2
MAC , , PC2
.
, , ARP , ,
.

PC1

PC2

PC3

PC4

ARP GUARD

www.qtech.ru

PC5

PC6


25. ARP GUARD

232

ARP-
.
ARP
, . ARP ,
.
ARP GUARD .
ARP GUARD,
ARP GUARD ,
FFP , , , .
.
. , .

25.2 ARP GUARD


1. IP

arp-guard ip <addr>

/ ARP GUARD

no arp-guard ip <addr>

www.qtech.ru


26. ARP (Gratuitous ARP)

233

26 ARP (GRATUITOUS
ARP)
26.1 ARP
ARP ARP , IP
.
QTECH : 3-
ARP
.
ARP :

ARP .
ARP MAC .
ARP ,
. ARP
.
ARP ARP .
ARP
ARP . ARP .

26.2 ARP
1. ARP ARP .
2. ARP.
1. ARP ARP .

.
ip gratuitous-arp <5-1200>
no ip gratuitous-arp

ARP

ARP .
no
ARP.

www.qtech.ru


26. ARP (Gratuitous ARP)

234

2. ARP


show ip gratuitous-arp [interface vlan <1-
4094>]
ARP.

26.3 ARP

Interface vlan1
192.168.14.254
255.255.255.0

PC5

Interface vlan10
192.168.15.254
255.255.255.0

PC6

PC3

PC4

PC6

ARP

, , VLAN10 IP
192.168.15.254 255.255.255.0. PC3, PC4, PC5
. VLAN1 IP 192.168.14.254
255.255.255.0. PC1 PC2 - .
ARP :
ARP.
Switch(config)#ip gratuitous-arp 300
Switch(config)#exit

ARP .
Switch(config)#interface vlan 10

www.qtech.ru


26. ARP (Gratuitous ARP)

235

Switch(Config-if-Vlan10)#ip gratuitous-arp 300


Switch(Config-if-Vlan10)#exit
Switch(config) #exit

26.4 ARP
ARP . ARP ,
, debug ARP send.
ARP ,
. ARP ,
.

www.qtech.ru


27. DHCP

236

27 DHCP
27.1 DHCP
DHCP [RFC2131] Dynamic Host Configuration Protocol (
). , IP
, ,
, DNS . DHCP
BOOTP. ,
,
IP
. DHCP ,
IP , , IP
.
DHCP -, DHCP DHCP
,
.
, DHCP (relay) DHCP
. DHCP :
Discover
Offer
Request
Ack

DHCP

DHCP

DHCP

:
DHCP DHCPDISCOVER.
DHCP DHCPDISCOVER DHCP
DHCPOFFER IP .
DHCP DHCPREQUEST DHCP ,
DHCPOFFER .
DHCP DHCPACK IP
.
.
, DHCP DHCP ,
DHCP , .

www.qtech.ru


27. DHCP

237

DHCP (relay) DHCP


.
DHCP , DHCP . DHCP
IP ,
(, IP MAC
ID ).
: 1)
; . 2) IP
, , ,
. IP , , .
3) . 4)

, .

27.2 DHCP Server Configuration


DHCP :
1. / DHCP
2. DHCP
(1) / DHCP
(2) DHCP
(3) DHCP
3.
1. / DHCP

service dhcp

/ DHCP.

no service dhcp

ip dhcp disbale

DHCP ,
no .

no ip dhcp disable

www.qtech.ru


27. DHCP

238

2. DHCP
(1) / DHCP

ip dhcp pool <name>

DHCP. no
DHCP.

no ip dhcp pool <name>

(2) DHCP

DHCP

network-address <network-number> [mask | ,


prefix-length]
.
no
no network-address
.
default-router
[<address1>[<address2>[<address8>]]]
no default-router
dns-server
[<address1>[<address2>[<address8>]]]
no dns-server
domain-name <domain>


DHCP . no
.
DNS DHCP
. no
DNS .

no domain-name

DHCP
. no
.

netbios-name-server
[<address1>[<address2>[<address8>]]]

WINS .
no .

no netbios-name-server
netbios-node-type
{b-node|h-node|m-node|p- DHCP
node|<type-number>}
. no

www.qtech.ru


27. DHCP

239

no netbios-node-type

bootfile <filename>


DHCP . no
.

no bootfile
next-server
[<address1>[<address2>[<address8>]]]

,
.
no
next-server no
.
[<address1>[<address2>[<address8>]]]
option <code> {ascii <string> | hex <hex> |

,
ipaddress <ipaddress>}
.
no .
no option <code>
lease { days [hours][minutes] | infinite }
no lease


. no
.

max-lease-time {[<days>] [<hours>] [<minutes>] |

infinite}
,

no

no max-lease-time
.

ip dhcp excluded-address <low-address> [<high-
address>]
,
no ip dhcp excluded-address <low-address> .
[<high-address>]

www.qtech.ru


27. DHCP

240

(3) DHCP

DHCP

hardware-address
<hardware-address> / ,
[{Ethernet | IEEE802|<type-number>}]
.
no hardware-address
host <address> [<mask> | <prefix-length> ]
no host
client-identifier <unique-identifier>
no client-identifier

/ IP ,
.
/
.

ID

3.

ip dhcp conflict logging


no ip dhcp conflict logging

/
DHCP
,


clear ip dhcp conflict <address | all >

www.qtech.ru


27. DHCP

241

27.3 DHCP
DHCP , DHCP
DHCP . DHCP
DHCP , DHCP
,
, .
DHCPDiscover (Broadcast)

DHCPDiscover

DHCPOffer (Unicast)

DHCPOffer

DHCPRequest (Broadcast)

DHCPRequest

DHCPAck (Unicast)

DHCPAck

DHCP Client

DHCP Relay

DHCP Server

DHCP

, DHCP DHCP . DHCP


DHCP, , DHCP
.
DHCPDISCOVER, DHCP
IP relay agent DHCPDISCOVER
DHCP ( DHCP
RFC2131).
DHCPDISCOVER, DHCP , DHCP
DHCPOFFER DHCP .
DHCP DHCPREQUEST, DHCP
.
DHCPDISCOVER, DHCP , DHCP
DHCPACK DHCP .
DHCP:
1. DHCP .
2. DHCP DHCP .
3. share-vlan.

www.qtech.ru


27. DHCP

242

1. DHCP .

service dhcp

DHCP DHCP
DHCP.

no service dhcp

2. DHCP DHCP .

ip forward-protocol udp bootps


no ip forward-protocol udp bootps

UDP 67
DHCP.


ip helper-address <ipaddress>
no ip helper-address <ipaddress>

DHCP . no ip
helper-address <ipaddress> .

3. share-vlan.
DHCP
, ,
,
share-vlan ( sub-vlan, sub-vlan
share-vlan) DHCP ,
- 82.

www.qtech.ru


27. DHCP

243

ip dhcp relay share-vlan <vlanid> sub- / share-vlan sub-vlan.


vlan <vlanlist>
no dhcp relay share-vlan

27.4 DHCP
1:
, DHCP .
VLAN- - 10.16.1.2/16. A B,
. A B
.
A( 10.16.1.0)

B( 10.16.2.0)

IP address

IP address

10.16.1.200

10.16.1.200

10.16.1.201

10.16.1.201

DNS

10.16.1.202

DNS

10.16.1.202

WINS

10.16.1.209

WWW

10.16.1.209

WINS

H-

www.qtech.ru


27. DHCP

244

A MAC 00-03-22-23-dc-ab IP
10.16.1.210 management .
Switch(config)#service dhcp
Switch(config)#interface vlan 1
Switch(Config-Vlan-1)#ip address 10.16.1.2 255.255.0.0
Switch(Config-Vlan-1)#exit
Switch(config)#ip dhcp pool A
Switch(dhcp-A-config)#network 10.16.1.0 24
Switch(dhcp-A-config)#lease 3
Switch(dhcp-A-config)#default-route 10.16.1.200 10.16.1.201
Switch(dhcp-A-config)#dns-server 10.16.1.202
Switch(dhcp-A-config)#netbios-name-server 10.16.1.209
Switch(dhcp-A-config)#netbios-node-type H-node
Switch(dhcp-A-config)#exit
Switch(config)#ip dhcp excluded-address 10.16.1.200 10.16.1.201
Switch(config)#ip dhcp pool B
Switch(dhcp-B-config)#network 10.16.2.0 24
Switch(dhcp-B-config)#lease 1
Switch(dhcp-B-config)#default-route 10.16.2.200 10.16.2.201
Switch(dhcp-B-config)#dns-server 10.16.2.202
Switch(dhcp-B-config)#option 72 ip 10.16.2.209
Switch(dhcp-config)#exit
Switch(config)#ip dhcp excluded-address 10.16.2.200 10.16.2.201
Switch(config)#ip dhcp pool A1
Switch(dhcp-A1-config)#host 10.16.1.210
Switch(dhcp-A1-config)#hardware-address 00-03-22-23-dc-ab
Switch(dhcp-A1-config)#exit

: DHCP/BOOTP VLAN1
, 10.16.1.0/24
10.16.2.0/24. , IP
VLAN , IP VLAN - 10.16.1.2/24,
, , 10.16.1.0/24.
DHCP/BOOTP 10.16.2.0/24, ,
, 10.16.2.0/24.
10.16.2.0/24,
.
2:

www.qtech.ru


27. DHCP

245

E1/0/1
192.168.1.1

DHCP Client

E1/0/2
10.1.1.1

DHCP Client
DHCP

DHCP Server
10.1.1.1

DHCP Client

DHCP

, DHCP
. DHCP - 10.1.1.10. :
Switch(config)#service dhcp
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 192.168.1.1 255.255.255.0
Switch(Config-if-Vlan1)#exit
Switch(config)#vlan 2
Switch(Config-Vlan-2)#exit
Switch(config)#interface Ethernet 1/2
Switch(Config-Erthernet1/2)#switchport access vlan 2
Switch(Config-Erthernet1/2)#exit
Switch(config)#interface vlan 2
Switch(Config-if-Vlan2)#ip address 10.1.1.1 255.255.255.0
Switch(Config-if-Vlan2)#exit
Switch(config)#ip forward-protocol udp bootps
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip help-address 10.1.1.10
Switch(Config-if-Vlan1)#exit

www.qtech.ru


27. DHCP

246

: ip forward-protocol udp
<port> ip helper-address <ipaddress>. ip help-address
3- 2- .
3:

Ethernet 1/2

DHCP Client

Ethernet 1/3

DHCP
DHCP Server

, DHCP .
DHCP-
82. Ethernet1/2 , VLAN3, Ethernet1/3
, DHCP ,
192.168.40.199. vlan 1 vlan 1, IP
192.168.40.50. DHCP- 192.168.40.199, vlan3
sub-vlan vlan1.
:
switch(config)#vlan 1
switch(config)#vlan 3
switch(config)#interface ethernet 1/2
Switch(Config-If-Ethernet1/2)#switchport access vlan 3
switch(config)#interface ethernet 1/3
Switch(Config-If-Ethernet1/2)#switchport mode trunk
switch(config)#service dhcp
switch(config)#ip forward-protocol udp bootps
switch(config)#ip dhcp relay information option
switch(config)#ip dhcp relay share-vlan 1 sub-vlan 3
switch(config-if-vlan1)#ip address 192.168.40.50 255.255.255.0
switch(config-if-vlan1)#ip helper-address 192.168.40.199

www.qtech.ru


27. DHCP

247

27.5 DHCP
DHCP IP ,
, :
, DHCP , , . DHCP
, ,
, DHCP , DHCP .
DHCP ,
.
, DHCP
, VLAN , ,
.
, . ,
network-address host , .
, IP-MAC
. ,
. .

www.qtech.ru


28. DHCPv6

248

28 DHCPV6
28.1 DHCPv6
DHCPv6 [RFC3315] IPv6 (DHCP).
IPv6 :
DNS DHCP , DHCPv6
IPv6. DHCP IP
DNS ,
, DHCP ,
IPv6 DHCPv6,
. DHCPv6
. DHCPv6 DHCPv6
, ,
DNS , IPv6 .
DHCPv6 , . DHCPv6
UDP. DHCPv6 DHCP DHCP
547, DHCP ( )
546. DHCP (solicit)
(request) DHCP multicast ff02::1:2.
Solicit (Muticast)
Advertise
Request
Reply

DHCPv6

DHCPv6

DHCPv6

DHCPv6 DHCPv6 IPv6


, DHCPv6 ,
.
DHCP SOLICIT ()
FF02::1:2.
DHCP , , ADVERTISE
(), (DIUD) .
, ADVERTISE.
REQUEST (), ,
ADVERTISE.

www.qtech.ru


28. DHCPv6

249

DHCPv6 REPLY ()
IPv6 .
. ,
DHCPv6 DHCPv6 ,
.
DHCPv6 (relay), .
DHCPv6 , relay
. DHCPv6 DHCPv6 ,
Relay-forward DHCPv6
. DHPCv6
Relay-reply.
DHCPv6 .
IPv6 DHCPv6
, DHCPv6 ,

, .
(
64) 64 .
(RA) , .

28.2 DHCPv6
DHCPv6 :
1. / DHCPv6
2. DHCPv6
(1) / DHCPv6
(2) DHCPv6
3. DHCPv6
1. / DHCPv6

service dhcpv6

/ DHCPv6.

no service dhcpv6

www.qtech.ru


28. DHCPv6

250

2. DHCPv6
(1) / DHCPv6

ipv6 dhcp pool <poolname>

/ DHCPv6.

no ipv6 dhcp pool <poolname>

(2) DHCPv6

DHCPv6
network-address <ipv6-pool-start-address>

{<ipv6-pool-end-address> | <prefix-length>}
[eui-64]

IPv6

no network-address
dns-server <ipv6-address>
no dns-server <ipv6-address>

DNS DHCPv6
.

domain-name <domain-name>

DHCPv6 .

no domain-name <domain-name>
excluded-address <ipv6-address>
no excluded-address <ipv6-address>
lifetime
{<valid-time>
{<preferred-time> | infinity}
no lifetime

www.qtech.ru

IPv6 ,
.
infinity}


DHCPv6.


28. DHCPv6

251

3. DHCPv6 .

ipv6 dhcp server <poolname> [preference DHCPv6


<value>] [rapid-commit] [allow-hint]

DHCPv6 .
no ipv6 dhcp server <poolname>

28.3 DHCPv6
1. DHCPv6 :
2. / DHCPv6
3. DHCPv6
1. / DHCPv6

service dhcpv6

/ DHCPv6.

no service dhcpv6

2. DHCPv6

ipv6 dhcp relay destination {[<ipv6-address>]


[interface { <interface-name> | vlan <1- DHCPv6 . no
4096>}]}
.
no ipv6 dhcp relay destination {[<ipv6address>] [interface { <interface-name> | vlan
<1-4096>}]}

www.qtech.ru


28. DHCPv6

252

28.4 DHCPV6
DHCPv6:
1. / DHCPv6
2.
3. DHCPv6
(1) / DHCPv6
(2) ,
(3)
(4) DHCPv6
4. DHCPv6
1. / DHCPv6

service dhcpv6

/ DHCPv6.

no service dhcpv6

2.

ipv6 local pool <poolname> <prefix|prefix- .


length> <assigned-length>
no ipv6 local pool <poolname>

www.qtech.ru


28. DHCPv6

253

3. DHCPv6
(1) / DHCPv6

ipv6 dhcp pool <poolname>

/ DHCPv6.

no ipv6 dhcp pool <poolname>


(2) ,

DHCPv6
prefix-delegation pool <poolname> [lifetime

,
{<valid-time> | infinity} {<preferred-time> |
infinity}]
.
no prefix-delegation pool <poolname>
(3)

DHCPv6
prefix-delegation
<ipv6-prefix/prefix-
length> <client-DUID> [iaid <iaid>] [lifetime .
{<valid-time> | infinity} {<preferred-time> |
infinity}]
no prefix-delegation <ipv6-prefix/prefixlength> <client-DUID> [iaid <iaid>]

www.qtech.ru


28. DHCPv6

254

(4) DHCPv6

DHCPv6
dns-server <ipv6-address>
no dns-server <ipv6-address>

DNS DHCPv6
.

domain-name <domain-name>

DHCPv6 .

no domain-name <domain-name>

4. DHCPv6

ipv6 dhcp server <poolname> [preference DHCPv6


<value>] [rapid-commit] [allow-hint]

DHCPv6 .
no ipv6 dhcp server <poolname>

28.5 DHCPv6
DHCPv6:
1. / DHCPv6
2. DHCPv6
1. / DHCPv6

service dhcpv6

/ DHCPv6.

no service dhcpv6

www.qtech.ru


28. DHCPv6

255

2. DHCPv6

ipv6 dhcp client pd <prefix-name> [rapid-


commit]
DHCPv6

no ipv6 dhcp client pd
.

28.6 DHCPv6
1:
IPv6 QTECH
DHPv6 IPv6.
DHCPv6 .
:
1
. 2 DHCPv6
. 3 DHCPv6
. Windows
Vista, DHCPv6 .

www.qtech.ru


28. DHCPv6

256

DHCPv6 Server
Switch3
V1: 2001:da8:1:1::1
V10: 2001:da8:10:1::1

Switch2
V1: 2001:da8:1:1::2
V10: 2001:da8:10:1::2
V100: 2001:da8:100:1::1

DHCPv6 Relay

Switch1

DHCPv6 client

3:
Switch3>enable
Switch3#config
Switch3(config)#service dhcpv6
Switch3(config)#ipv6 dhcp pool EastDormPool
Switch3(dhcpv6-EastDormPool-config)#network-address
2001:da8:100:1::100

2001:da8:100:1::1

Switch3(dhcpv6-EastDormPool-config)#excluded-address 2001:da8:100:1::1
Switch3(dhcpv6-EastDormPool-config)#dns-server 2001:da8::20
Switch3(dhcpv6-EastDormPool-config)#dns-server 2001:da8::21
Switch3(dhcpv6-EastDormPool-config)#domain-name dhcpv6.com

www.qtech.ru


28. DHCPv6

Switch3(dhcpv6-EastDormPool-config)#lifetime 1000 600


Switch3(dhcpv6-EastDormPool-config)#exit
Switch3(config)#interface vlan 1
Switch3(Config-if-Vlan1)#ipv6 address 2001:da8:1:1::1/64
Switch3(Config-if-Vlan1)#exit
Switch3(config)#interface vlan 10
Switch3(Config-if-Vlan10)#ipv6 address 2001:da8:10:1::1/64
Switch3(Config-if-Vlan10)#ipv6 dhcp server EastDormPool preference 80
Switch3(Config-if-Vlan10)#exit
Switch3(config)#
3:
Switch2>enable
Switch2#config
Switch2(config)#service dhcpv6
Switch2(config)#interface vlan 1
Switch2(Config-if-Vlan1)#ipv6 address 2001:da8:1:1::2/64
Switch2(Config-if-Vlan1)#exit
Switch2(config)#interface vlan 10
Switch2(Config-if-Vlan10)#ipv6 address 2001:da8:10:1::2/64
Switch2(Config-if-Vlan10)#exit
Switch2(config)#interface vlan 100
Switch2(Config-if-Vlan100)#ipv6 address 2001:da8:100:1::1/64
Switch2(Config-if-Vlan100)#no ipv6 nd suppress-ra
Switch2(Config-if-Vlan100)#ipv6 nd managed-config-flag
Switch2(Config-if-Vlan100)#ipv6 nd other-config-flag
Switch2(Config-if-Vlan100)#ipv6 dhcp relay destination 2001:da8:10:1::1
Switch2(Config-if-Vlan100)#exit
Switch2(config)#

www.qtech.ru

257


28. DHCPv6

258

28.7 DHCPv6
DHCPv6 IPv6 ,
:

, DHCPv6 , , .
DHCPv6 , ,
, DHCPv6 ,
DHCPv6 .
DHCPv6 , .
, DHCPv6,
IPv6 . ,
, , ,
DHCPv6 . , ,
IPv6 VLAN-a, ,
, DHCPv6 .
, DHCPv6 ,
, IPv6
, . ,
IPv6 . , ,
DHCPv6 IPv6 . ,
, .

www.qtech.ru


29. 82 DHCP

259

29 82 DHCP
29.1 82 DHCP
82 DHCP (Relay Agent). 82
DHCP DHCP
IP . 82 (
,
) DHCP , , DHCP
. DHCP , 82,
, IP
82. DHCP
DHCP
82 . DHCP
82 ,
. 82 DHCP
.
29.1.1 82 DHCP
DHCP , 82 .
, 255. :

Code: ,
82 , RFC3046 82.
Len: , Code
Len.
82 -, -.
RFC3046 -, :

www.qtech.ru


29. 82 DHCP

260

SubOpt: -, - Circuit-ID 1,
- Remote ID 2.
Len: -, SubOpt
Len.
29.1.2 82
DHCP Relay/Agent

DHCP
DHCP

DHCP

DHCP

DHCP Client

Option

Option

DHCP

82 DHCP

DHCP 82, DHCP


, IP DHCP : discover, offer, select
acknowledge. DHCP :
1) DHCP .
82.
2) DHCP 82 ,
, DHCP . - 1
82 (Circuit ID) , DHCP (VLAN
), Circuit ID .
- 2 82 (Remote ID) MAC DHCP .
3) DHCP DHCP IP
,
82. DHCP DHCP
82.
4) DHCP 82
.

www.qtech.ru


29. 82 DHCP

261

29.2 82 DHCP
1. 82 DHCP
2. 82 DHCP
3. 82 DHCP
4. 82 DHCP
5.
6. 82
7. 82 DHCP
1. 82 DHCP .

ip dhcp relay information option


no ip dhcp relay information option

82

.
no .

2. 82 DHCP

ip dhcp relay information policy {drop | keep


| replace}
,
82. drop , ,
no ip dhcp relay information policy
82,
. keep
,

82
. replace
,

www.qtech.ru


29. 82 DHCP

262

82
. no
replace.
Ip dhcp relay information option subscriber- - 1
id {standard | <circuit-id>}
82
(Circuit
ID),
standard

VLAN

no ip dhcp relay information option


, Vlan2+Ethernet1/0/12,
subscriber-id
<circuit-id> circuit-id,
(
64 ). no
.

ip dhcp relay information option remote-id - 1
{standard | <remote-id>}
82 (Remote ID). no
no ip dhcp relay information option remote- .
id

3. 82 DHCP .

ip dhcp server relay information enable


no ip dhcp server relay information enable

DHCP
82. no
.

4. 82 DHCP

ip dhcp relay information option subscriber- subscriber-id


id format {hex | acsii | vs-hp}
82 .
ip dhcp relay information option remote-id remote-id 82
format {default | vs-hp}
.

www.qtech.ru


29. 82 DHCP

263

5.

ip dhcp relay information option delimiter

[colon | dot | slash | space]


82
.

no
no ip dhcp relay information option delimiter

slash.

6. 82

ip dhcp relay information option self-defined 82,


remote-id {hostname | mac | string WORD}

no ip dhcp relay information option self- - remoteid.


defined remote-id
ip dhcp relay information option self-defined
remote-id format [ascii | hex]
remote-id 82.
ip dhcp relay information option self-defined 82,
subscriber-id {vlan | port | id (switch-id (mac

| hostname)| remote-mac)| string WORD }


- circuit no ip dhcp relay information option self- id.
defined subscriber-id
ip dhcp relay information option self-defined
subscriber-id format [ascii | hex]
circuit -id 82.

www.qtech.ru


29. 82 DHCP

264

7. 82 DHCP

show ip dhcp relay information option


82 ,
.

debug ip dhcp relay packet

DHCP

29.3 82 DHCP

DHCP Agent

Relay

Vlan2:ethernet1/
Vlan3
DHCP Client PC1

Vlan2:ethernet1/

DHCP Client PC2

DHCP

82 DHCP

(1 2)
(3), DHCP . 82
, DHCP , , ,
1 2,
DHCP . 82, .. 3
, ,
( 1 2) , ,
, .

www.qtech.ru


29. 82 DHCP

265

3 (MAC 00:1f:ce:02:33:01):
Switch3(Config)#service dhcp
Switch3(Config)#ip dhcp relay information option
Switch3(Config)#ip forward-protocol udp bootps
Switch3(Config)#interface vlan 3
Switch3(Config-if-vlan3)#ip address 192.168.10.222 255.255.255.0
Switch3(Config-if-vlan2)#ip address 192.168.102.2 255.255.255.0
Switch3(Config-if-vlan2)#ip helper 192.168.10.88

Linux ISC DHCP


/etc/dhcpd.conf:

82,

ddns-update-style interim;
ignore client-updates;
class "Switch3Vlan2Class1" {
match if option agent.circuit-id
agent.remote-id=00:1f:ce:02:33:01;

"Vlan2+Ethernet1/0/2"

and

option

"Vlan2+Ethernet1/0/3"

and

option

}
class "Switch3Vlan2Class2" {
match if option agent.circuit-id
agent.remote-id=00:1f:ce:02:33:01;
}
subnet 192.168.102.0 netmask 255.255.255.0 {
option routers 192.168.102.2;
option subnet-mask 255.255.255.0;
option domain-name "example.com.cn";
option domain-name-servers 192.168.10.3;
authoritative;
pool {
range 192.168.102.21 192.168.102.50;
default-lease-time 86400; #24 Hours
max-lease-time 172800; #48 Hours
allow members of "Switch3Vlan2Class1";
}
pool {
range 192.168.102.51 192.168.102.80;

www.qtech.ru


29. 82 DHCP

266

default-lease-time 43200; #12 Hours


max-lease-time 86400; #24 Hours
allow members of "Switch3Vlan2Class2";

}
}
DHCP 2
192.168.102.21 ~ 192.168.102.50, 1 192.168.102.51 ~
192.168.102.80.

29.4 82 DHCP
82 DHCP DHCP . ,
, , DHCP
.
82 DHCP DHCP . DHCP

DHCP , , ,
. ,
DHCP .
82 DHCP ,
82 DHCP
debug ip dhcp relay packet. .
82 DHCP ,
82 DHCP debug ip dhcp
server packet. .

www.qtech.ru


30. 60 43 DHCP

267

30 60 43 DHCP
30.1 60 43 DHCP
DHCP DHCP . 60,
DHCP- 43
60 60 43
DHCP.
60 43 DHCP-:
1. 60 43 .
DHCP 60 DHCP , 60
DHCP , DHCP 43,
, 43 DHCP .
2. 43,
60. DHCP 60 DHCP , DHCP
43, .
3. 60, DHCP
43.

30.2 60 43 DHCP
1. 60 43.


option 60 ascii LINE

60
ascii ip-
DHCP

option 43 ascii LINE

43
ascii ip-
DHCP

option 60 hex WORD

60
hex ip-
DHCP

option 43 hex WORD

43
hex ip-

www.qtech.ru


30. 60 43 DHCP

268

DHCP
option 60 ip A.B.C.D

60
IP ip-
DHCP

option 43 ip A.B.C.D

43
IP ip-
DHCP

no option 60

60

no option 43

43

30.3 60 43 DHCPv6

Switch

DHCP

Fit AP IP 43 DHCP
discovery . DHCP 60
60 Fit AP 43 FTP AP.
# DHCP
router(config)#ip dhcp pool a
router (dhcp-a-config)#option 60 ascii AP1000
router (dhcp-a-config)#option 43 ascii 192.168.10.5,192.168.10.6

30.4 60 43 DHCP
DHCP 60 43, ,
:

DHCP
60, ,
60

www.qtech.ru


31. 37, 38 DHCPv6

269

31 37, 38 DHCPV6
31.1 37, 38 DHCPv6
DHCPv6 ( IPv6)
IPv6 IPv6 , IPv6
.
DHCPv6 DHCPv6 ,
, DHCPv6 . DHCPv6
, , relay-forward ,
, DHCPv6
relay-reply. DHCPv6
.
DHCPv6 , :
IP ?
IP , ,
? DHCPv6 ,
MAC ?
37 38 DHCPv6 (RFC4649 RFC4580).
37 38 DHCPv6 82 DHCP. DHCPv6
37 38 .
37 38 .
37 38 DHCPv6 DHCPv6 DHCPv6
, ,
DHCPv6 . ,
,
, , .
RFC4649 RFC4580 , 37 38,
.

31.2 37, 38 DHCPv6


1. Dhcpv6 snooping
2. Dhcpv6
3. Dhcpv6

www.qtech.ru


31. 37, 38 DHCPv6

270

1. Dhcpv6 snooping

Description

ipv6 dhcp snooping remote-id option


no ipv6 dhcp snooping remote-id option
ipv6 dhcp snooping subscriber-id option
no ipv6 dhcp snooping subscriber-id option

37 DHCPv6
snooping.

no

.
38 DHCPv6
snooping.

no

ipv6 dhcp snooping remote-id policy {drop | ,


keep | replace}
37.
no ipv6 dhcp snooping remote-id policy

drop
37;
keep
37 ;
replace
37 .
no
replace.

ipv6 dhcp snooping subscriber-id policy ,


{drop | keep | replace}
38.
no ipv6 dhcp snooping subscriber-id policy

drop
38;
keep
38 ;
replace
38 .
no
replace.

www.qtech.ru


31. 37, 38 DHCPv6

271

ipv6 dhcp snooping subscriber-id select (sp |

sv | pv | spv) delimiter WORD (delimiter subscriber-id,


WORD |)
no
no ipv6 dhcp snooping subscriber-id select , ..
VLAN MAC.
delimiter
ipv6 dhcp snooping subscriber-id select

(sp|sv|pv|spv) delimiter WORD (delimiter subscriber-id,


WORD |)
no
no ipv6 dhcp snooping subscriber-id select , .. VLAN
.
delimiter

ipv6 dhcp snooping remote-id <remote-id>
no ipv6 dhcp snooping remote-id

ipv6
dhcp
<subscriber-id>

snooping

37.
<remote-id> remote-id
37,
128 . no

, ..
VLAN MAC.

subscriber-id 38.
<subscriber-id>
subscriber-id

no ipv6 dhcp snooping subscriber-id


38,
128 . no
, ..
VLAN ,
"Vlan2+Ethernet1/2".

www.qtech.ru


31. 37, 38 DHCPv6

272

2. Dhcpv6

Description

ipv6 dhcp relay remote-id option


no ipv6 dhcp relay remote-id option

37 DHCPv6
. no
.

ipv6 dhcp relay subscriber-id option


no ipv6 dhcp relay subscriber-id option

38 DHCPv6
. no
.

ipv6 dhcp relay remote-id delimiter WORD


no ipv6 dhcp relay remote-id delimiter

remote-id.
no
, ..
VLAN MAC.

ipv6 dhcp relay subscriber-id select (sp | sv |


pv | spv) delimiter WORD (delimiter WORD |)
no ipv6 dhcp relay subscriber-id select
delimiter

subscriber -id.

no

,
..
VLAN .

3-
ipv6 dhcp relay remote-id <remote-id>
no ipv6 dhcp relay remote-id

37.
<remote-id> remoteid
37, 128 .
no
, ..
VLAN MAC.

ipv6 dhcp relay subscriber-id <subscriber-id>


no ipv6 dhcp relay subscriber-id

38.
<subscriber-id>
subscriber-id

38,
128
.

no

, .. VLAN

"Vlan2+Ethernet1/2".

www.qtech.ru


31. 37, 38 DHCPv6

273

3. Dhcpv6

Description

ipv6 dhcp server remote-id option

37 DHCPv6
.

no

no ipv6 dhcp server remote-id option


ipv6 dhcp server subscriber-id option

38 DHCPv6
.

no

no ipv6 dhcp server subscriber-id option


ipv6 dhcp use class

DHCPv6 .
no ,
DHCPv6.

no ipv6 dhcp use class

ipv6 dhcp class <class-name>

DHCPv6
DHCPv6 .
no .

no ipv6 dhcp class <class-name>



ipv6 dhcp server select relay-forw

37 38
, ,
,
37 38. no
, ..
37 38
.

no ipv6 dhcp server select relay-forw

DHCPv6
{remote-id [*] <remote-id> [*] | subscriber-id 37 38,
[*] <subscriber-id> [*]}
.
no {remote-id [*] <remote-id>
subscriber-id [*] <subscriber-id> [*]}

www.qtech.ru

[*]


31. 37, 38 DHCPv6

274

class <class-name>



. no
.

no class <class-name>

address range <start-ip> <end-ip>


DHCPv6 . no
. /
.

no address range <start-ip> <end-ip>

31.3 37, 38 DHCPv6


31.3.1 37, 38 DHCPv6 Snooping
B

Interface E1/1

Interface E 1/2

MAC-AA

Interface E 1/3

Interface E 1/4

MAC-BB

MAC-CC

DHCPv6 Snooping

A Mac-AA, Mac-BB Mac-CC ,


1/2, 1/3 . IP 2010:2,
2010:3 2010:4 DHCPv6; DHCPv6 1/1.

www.qtech.ru


31. 37, 38 DHCPv6

275

(), CLASS1 38,


CLASS2 37, CLASS3 37 38. EastDormPool
, CLASS1, CLASS2 CLASS3
2001:da8:100:1::22001:da8:100:1::30, 2001:da8:100:1::312001:da8:100:1::60
2001:da8:100:1::612001:da8:100:1::100 . A
DHCPv6 snooping 37 38.
A:
SwitchA(config)#ipv6 dhcp snooping remote-id option
SwitchA(config)#ipv6 dhcp snooping subscriber-id option
SwitchA(config)#int e 1/1
SwitchA(config-if-ethernet1/1)#ipv6 dhcp snooping trust
SwitchA(config-if-ethernet1/1)#exit
SwitchA(config)#interface vlan 1
SwitchA(config-if-vlan1)#ipv6 address 2001:da8:100:1::1
SwitchA(config-if-vlan1)#exit
SwitchA(config)#interface ethernet 1/1-4
SwitchA(config-if-port-range)#switchport access vlan 1
SwitchA(config-if-port-range)#exit
SwitchA(config)#
B:
SwitchB(config)#service dhcpv6
SwitchB(config)#ipv6 dhcp server remote-id option
SwitchB(config)#ipv6 dhcp server subscriber-id option
SwitchB(config)#ipv6 dhcp pool EastDormPool
SwitchB(dhcpv6-eastdormpool-config)#network-address
2001:da8:100:1::1000

2001:da8:100:1::2

SwitchB(dhcpv6-eastdormpool-config)#dns-server 2001::1
SwitchB(dhcpv6-eastdormpool-config)#domain-name dhcpv6.com
SwitchB(dhcpv6-eastdormpool-config)# excluded-address 2001:da8:100:1::2
SwitchB(dhcpv6-eastdormpool-config)#exit
SwitchB(config)#
SwitchB(config)#ipv6 dhcp class CLASS1
SwitchB(dhcpv6-class-class1-config)#remote-id
id vlan1+Ethernet1/1
SwitchB(dhcpv6-class-class1-config)#exit
SwitchB(config)#ipv6 dhcp class CLASS2

www.qtech.ru

00-1f-ce-00-00-01

subscriber-


31. 37, 38 DHCPv6

SwitchB(dhcpv6-class-class2-config)#remote-id
id vlan1+Ethernet1/2

276

00-1f-ce-00-00-01

subscriber-

00-1f-ce-00-00-01

subscriber-

SwitchB(dhcpv6-class-class2-config)#exit
SwitchB(config)#ipv6 dhcp class CLASS3
SwitchB(dhcpv6-class-class3-config)#remote-id
id vlan1+Ethernet1/3
SwitchB(dhcpv6-class-class3-config)#exit
SwitchB(config)#ipv6 dhcp pool EastDormPool
SwitchB(dhcpv6-eastdormpool-config)#class CLASS1
SwitchB(dhcpv6-pool-eastdormpool-class-class1-config)#address
2001:da8:100:1::3 2001:da8:100:1::30

range

SwitchB(dhcpv6-pool-eastdormpool-class-class1-config)#exit
witchB(dhcpv6-eastdormpool-config)#class CLASS2
SwitchB(dhcpv6-pool-eastdormpool-class-class2-config)#address
2001:da8:100:1::31 2001:da8:100:1::60

range

SwitchB(dhcpv6-eastdormpool-config)#class CLASS3
SwitchB(dhcpv6-pool-eastdormpool-class-class3-config)#address
2001:da8:100:1::61 2001:da8:100:1::100

range

SwitchB(dhcpv6-pool-eastdormpool-class-class3-config)#exit
SwitchB(dhcpv6-eastdormpool-config)#exit
SwitchB(config)#interface vlan 1
SwitchB(config-if-vlan1)#ipv6 address 2001:da8:100:1::2/64
SwitchB(config-if-vlan1)#ipv6 dhcp server EastDormPool
SwitchB(config-if-vlan1)#exit
SwitchB(config)#

31.3.2 37, 38 DHCPv6


1:
IPv6 IPv6
DHCPv6 ,
IPv6 . DHCPv6
, (stateful)
(stateless).
:
1
; 2 DHCPv6
; 3 DHCPv6
. Windows
Vista, DHCPv6 .

www.qtech.ru


31. 37, 38 DHCPv6

277

DHCPv6 Server
Switch3
V1: 2001:da8:1:1::1
V10: 2001:da8:10:1::1

Switch2
V1: 2001:da8:1:1::2
V10: 2001:da8:10:1::2
V100: 2001:da8:100:1::1

DHCPv6 Relay

Switch1

DHCPv6 client
DHCPv6

2:
S2(config)#service dhcpv6
S2(config)#ipv6 dhcp relay remote-id option
S2(config)#ipv6 dhcp relay subscriber-id option
S2(config)#vlan 10
S2(config-vlan10)#int vlan 10
S2(config-if-vlan10)#ipv6 address 2001:da8:1:::2/64
S2(config-if-vlan10)#ipv6 dhcp relay destination 2001:da8:10:1::1
S2(config-if-vlan10)#exit
S2(config)#

www.qtech.ru


31. 37, 38 DHCPv6

278

31.4 37, 38 DHCPv6


, DHCPv6 , multicast ,
VLAN. DHCPv6 ,
VLAN,
DHCPv6 .
37,38 DHCPv6 snooping
: 37,38 ; 37,38;
, . ,
IPv6 37,38, ,
DHCPv6 snooping . DHCPv6
37,38 , , ,
.
DHCPv6 37,38, DHCPv6
, ,
37,38 .

www.qtech.ru


32. DHCP Snooping

279

32 DHCP SNOOPING
32.1 DHCP Snooping
DHCP Snooping , IP
DHCP. DHCP DHCP
. DHCP
.
DHCP DHCP ,
.
DHCP , .
DHCP ,
, ,
.
DHCP Snooping,
DHCP
( MAC , IP , IP, VLAN ).
DHCP Snooping , , dot1x ARP,
.
DHCP : DHCP
( DHCPOFFER, DHCPACK DHCPNAK),
, (
).
DHCP: DHCP,
, DHCP
.
DHCP: DHCP snooping DHCP
, DHCP .
. ,
, dot1x.
dot1x , , dot1x.
ARP: ARP
, ARP .
:
;
dot1x .
:
, MAC
syslog.

www.qtech.ru


32. DHCP Snooping

280

: ,
syslog.
:
TrustView .
2.
82: 82 DHCP
.

32.2 DHCP Snooping


1. DHCP Snooping
2. DHCP Snooping
3. ARP DHCP Snooping
4. 82 DHCP Snooping
5.
6. DES
7. DHCP
8.
9. DHCP Snooping DOT1X
10. DHCP Snooping USER
11.
12.
13. DHCP
14.
15. 82 DHCP Snooping
1. DHCP Snooping

ip dhcp snooping enable


no ip dhcp snooping enable

www.qtech.ru

/ DHCP Snooping.


32. DHCP Snooping

281

2. DHCP Snooping

ip dhcp snooping binding enable

/ DHCP
Snooping.

no ip dhcp snooping binding enable

3. ARP DHCP Snooping

ip dhcp snooping binding arp

/ ARP
DHCP Snooping .

no ip dhcp snooping binding arp

4. 82 DHCP Snooping

ip dhcp snooping information enable


no ip dhcp snooping information enable

/ 82 DHCP
Snooping.

5.

ip user private packet version two


no ip user private packet version two

www.qtech.ru

/ .


32. DHCP Snooping

282

6. DES

enable trustview key 0/7 <password>


no enable trustview key

/ DES
.

7. DHCP

ip user helper-address A.B.C.D [port / DHCP .


<udpport>]
source
<ipAddr>
(secondary|)
no ip user helper-address (secondary|)

8.

ip dhcp snooping trust


no ip dhcp snooping trust

www.qtech.ru

.
.

no


32. DHCP Snooping

283

9. DHCP Snooping DOT1X

ip dhcp snooping binding dot1x

/ DHCP
Snooping DOT1X .

no ip dhcp snooping binding dot1x

10. DHCP Snooping USER

ip dhcp snooping binding user-control

/ DHCP
no ip dhcp snooping binding user- Snooping USER .
control

11.

ip dhcp snooping binding user <mac> / .


address <ipAddr> <mask> vlan <vid>
interface (ethernet|) <ifname>
no ip dhcp snooping binding user <mac>
interface (ethernet|) <ifname>

www.qtech.ru


32. DHCP Snooping

284

12.

ip
dhcp
snooping
{shutdown|blackhole}
<second>]

action /
[recovery .

no ip dhcp snooping action

13. DHCP

ip dhcp snooping limit-rate <pps>


no ip dhcp snooping limit-rate


DHCP .

14.

debug ip dhcp snooping packet


debug ip dhcp snooping event
debug ip dhcp snooping update
debug ip dhcp snooping binding

www.qtech.ru

,
.


32. DHCP Snooping

285

15. 82 DHCP Snooping

ip dhcp snooping information option subscriber-id


subscriber-id format {hex | acsii | vs-hp}
82 DHCP snooping.
ip dhcp snooping information option remote-

-
id {standard | <remote-id>}
remote-id

82.

no
no ip dhcp snooping information option .
remote-id
ip dhcp snooping information option allow-

untrusted
DHCP 82.
no ip dhcp snooping information option ,
DHCP
allow-untrusted
82.
ip dhcp snooping information option
delimiter [colon | dot | slash | space]
- 82. no
no ip dhcp snooping information option
slash.
delimiter
ip dhcp snooping information option self- 82,
defined remote-id {hostname | mac | string

WORD}
- remoteno ip dhcp snooping information option self- id.
defined remote-id
ip dhcp snooping information option self- remote-id
defined remote-id format [ascii | hex]
82.
ip dhcp snooping information option selfdefined subscriber-id {vlan | port | id
(switch-id (mac | hostname)| remote-mac) |
string WORD}
no ip dhcp snooping information option type

www.qtech.ru

82,

- circuteid.


32. DHCP Snooping

286

self-defined subscriber-id
ip dhcp snooping information option self- circuit-id
defined subscriber-id format [ascii | hex]
82.

ip dhcp snooping information option

-
subscriber-id {standard | <circuit-id>}
circuit-id 82. no
no ip dhcp snooping information option .
subscriber-id

32.3 DHCP Snooping


Switch
E1/0/1

E1/0/10
STOP

E1/0/11

E1/0/12
DHCPACK

DHCP Client
IP:1.1.1.5
Mac:AA

Gateway

DHCP Client
IP:1.1.1.6
Mac:BB

DHCP

, Mac-AA ,
1/1 , IP DHCP, IP
1.1.1.5. DHCP ,
1/11 1/12 . Mac-BB,
1/1 , DHCP ( DHCPACK).
DHCP Snooping
.

www.qtech.ru


32. DHCP Snooping

287

:
switch#
switch#config
switch(config)#ip dhcp snooping enable
switch(config)#interface ethernet 1/11
switch(Config-If-Ethernet1/11)#ip dhcp snooping trust
switch(Config-If-Ethernet1/11)#exit
switch(config)#interface ethernet 1/12
switch(Config-If-Ethernet1/12)#ip dhcp snooping trust
switch(Config-If-Ethernet1/12)#exit
switch(config)#interface ethernet 1/1-10
switch(Config-Port-Range)#ip dhcp snooping action shutdown
switch(Config-Port-Range)#

32.4 DHCP Snooping


32.4.1
debug ip dhcp snooping
.
32.4.2
DHCP Snooping, ,
:
DHCP Snooping ;
DHCP , ,
.

www.qtech.ru


33. 82 DHCP

288

33 82 DHCP
33.1 82 DHCP
82 DHCP (Relay Agent). 82
DHCP DHCP
IP . 82 (
,
) DHCP , , DHCP
. DHCP , 82,
, IP
82. DHCP
DHCP
82 . DHCP
82 ,
. 82 DHCP
.
33.1.1 82 DHCP
DHCP , 82 .
, 255. :

Code: ,
82 , RFC3046 82.
Len: , Code
Len.
82 -, -.
RFC3046 -, :

SubOpt: -, - Circuit-ID 1,
- Remote ID 2.

www.qtech.ru


33. 82 DHCP

289

Len: -, SubOpt
Len.
33.1.2 82
DHCP Relay/Agent

DHCP
DHCP

DHCP

DHCP

DHCP Client

Option

Option

DHCP

82 DHCP

DHCP 82, DHCP


, IP DHCP : discover, offer, select
acknowledge. DHCP :
1) DHCP .
82.
2) DHCP 82 ,
, DHCP . - 1
82 (Circuit ID) , DHCP (VLAN
), Circuit ID .
- 2 82 (Remote ID) MAC DHCP .
3) DHCP DHCP IP
,
82. DHCP DHCP
82.
4) DHCP 82
.

www.qtech.ru


33. 82 DHCP

290

33.2 82 DHCP
1. DHCP Snooping
2. DHCP Snooping
3. 82 DHCP Snooping
4.
1. DHCP Snooping

ip dhcp snooping enable

/ DHCP Snooping.

no ip dhcp snooping enable

2. DHCP Snooping

ip dhcp snooping binding enable

/ DHCP
Snooping.

no ip dhcp snooping binding enable

3. 82 DHCP Snooping

ip dhcp snooping information enable


no ip dhcp snooping information enable

www.qtech.ru

/ 82 DHCP
Snooping.


33. 82 DHCP

291

4.

ip dhcp snooping trust

.
.

no ip dhcp snooping trust

no

33.3 82 DHCP

Vlan2:ethernet1/

DHCP Agent
Vlan3

DHCP

DHCP Client PC1

82 DHCP

DHCP
DHCP Snooping.
DHCP . 82
DHCP Snooping,
82.
3 (MAC 00:1f:ce:02:33:01):
Switch3(Config)#service dhcp
Switch3(Config)#ip dhcp relay information option
Switch3(Config)#ip forward-protocol udp bootps
Switch3(Config)#interface vlan 3
Switch3(Config-if-vlan3)#ip address 192.168.10.222 255.255.255.0
Switch3(Config-if-vlan2)#ip address 192.168.102.2 255.255.255.0
Switch3(Config-if-vlan2)#ip helper 192.168.10.88

www.qtech.ru


33. 82 DHCP

Linux ISC DHCP


/etc/dhcpd.conf:

292

82,

ddns-update-style interim;
ignore client-updates;

class "Switch3Vlan2Class1" {
match
if
option
agent.circuit-id
agent.remote-id=00:1f:ce:02:33:01;

"Vlan2+Ethernet1/2"

and

option

"Vlan2+Ethernet1/3"

and

option

}
class "Switch3Vlan2Class2" {
match
if
option
agent.circuit-id
agent.remote-id=00:1f:ce:02:33:01;

}
subnet 192.168.102.0 netmask 255.255.255.0 {
option routers 192.168.102.2;
option subnet-mask 255.255.255.0;
option domain-name "example.com.cn";
option domain-name-servers 192.168.10.3;
authoritative;

pool {
range 192.168.102.21 192.168.102.50;
default-lease-time 86400; #24 Hours
max-lease-time 172800; #48 Hours
allow members of "Switch3Vlan2Class1";
}
pool {
range 192.168.102.51 192.168.102.80;
default-lease-time 43200; #12 Hours
max-lease-time 86400; #24 Hours
allow members of "Switch3Vlan2Class2";
}

}
DHCP 2
192.168.102.21 ~ 192.168.102.50, 1 192.168.102.51 ~
192.168.102.80.

www.qtech.ru


33. 82 DHCP

293

33.4 82 DHCP
82 DHCP DHCP . ,
, , DHCP
.
82 DHCP DHCP . DHCP

DHCP , , ,
. ,
DHCP .
82 DHCP ,
82 DHCP
debug ip dhcp relay packet. .
82 DHCP ,
82 DHCP debug ip dhcp
server packet. .

www.qtech.ru