Вы находитесь на странице: 1из 117

,

D-Link

,
e-mail: azaitsev@dlink.ru

VLAN


.
.
,
.

(Virtual Local Area Network, VLAN)


, ,
,
.

, .
,
, .
.

VLAN

VLAN:
;
IEEE 802.1Q;
IEEE 802.1ad (Q-in-Q VLAN);
IEEE 802.1v;
MAC-;
.

OSI ,
Traffic Segmentation.

802.1q VLAN

IEEE 802.1Q
IEEE 802.1Q

Tagging ( ):
802.1Q VLAN .

Untagging ( ):
802.1Q VLAN .

VLAN ID (VID): VLAN.

Port VLAN ID (PVID): VLAN.

Tagged () :
802.1Q

.

Untagged () :
802.1Q
;
.

VLAN
IEEE 802.1Q

VLAN 802.1Q
Ethernet 32 (4 ),
1522 .
VID (VLAN ID):
12- VLAN VLAN .

VLAN 2 ,

5 VLAN 2
7 VLAN 2
5
7

PVID 4 -> 2
VLAN 2
5 VLAN 2
7 VLAN 2
4 5
4 7

, 2-
VLAN

VLAN 1 :
A1, A2, A3, A4
Switch X
Switch X
VID : 1
VID : 1
Tag: 5
Tag: 5
Untag: 1 2
Untag: 1 2
1 2 PVID = 1
1 2 PVID = 1
Switch Y
Switch Y
VID : 1
VID : 1
Tag: 1
Tag: 1
Untag: 2 3
Untag: 2 3
2 3 PVID = 1
2 3 PVID = 1

Switch X
1

A1
A1

A2
A2

Switch Y
3

B1
B1

B2
B2

A3
A3

A4
A4

B3
B3

VLAN 2 : B1, B2, B3, B4


Switch X
Switch X
VID : 2
VID : 2
Tag: 5
Tag: 5
Untag: 3 4
Untag: 3 4
3 4 PVID = 2
3 4 PVID = 2

Switch Y
Switch Y
VID : 2
VID : 2
Tag: 1
Tag: 1
Untag: 4 5
Untag: 4 5
4 5 PVID = 2
4 5 PVID = 2

B4
B4

VLAN


L2


Internet

( , , Internet)
,
(
)
L2: VLAN
L3: L3 + ACL
.

1: VLAN
V1: 1-8,
() ()
Internet
1
IP: 192.168.1.x
GW: 192.168.1.1

192.168.1.1

V2: 9-16,
VLAN2 (PC
/)
V3: 17-24,
VLAN3 (PC
/)

:
1.

2
IP: 192.168.1.x
GW: 192.168.1.1

3
IP: 192.168.1.x
GW: 192.168.1.1

2.

3.

V2 V3 V1

(IPX, IP ,
AppleTalk, NetBEUI ..)
V2 V3
Internet

Internet IP .

V2 V3.

1: VLAN

enable asymmetric_vlan
create vlan v2 tag 2
create vlan v3 tag 3
config vlan v2 add untagged 1-16
config vlan v3 add untagged 1-8,17-24
config gvrp 1-8 pvid 1
config gvrp 9-16 pvid 2
config gvrp 17-24 pvid 3
save
:
1. PC V2 (ping) V1 Internet.
2. PC V3 (ping) V1 Internet.
3. PC V2 PC V3, PC V3 PC
V2.

VLAN
IGMP Snooping
VLAN.
: L3 + ACL +
+ IGMP
snooping

Private VLAN


L2

1: Private VLAN
V1: 1-8,
() ()
Internet
1
IP: 192.168.1.x
GW: 192.168.1.1

192.168.1.1

V2: 9-16,
VLAN2 (PC
/)
V3: 17-24,
VLAN3 (PC
/)

:
1.

2
IP: 192.168.1.x
GW: 192.168.1.1

3
IP: 192.168.1.x
GW: 192.168.1.1

2.

3.

V2 V3 V1

(IPX, IP ,
AppleTalk, NetBEUI ..)
V2 V3
Internet

Internet IP .

V2 V3.

1: Private VLAN

config
create
config
create
config
create
config
config
config

vlan default delete 1-26


vlan group2 tag 102
vlan group2 add untagged 9-16
vlan group3 tag 103
vlan group3 add untagged 17-24
vlan shared tag 1000 type private_vlan
vlan shared add untagged 1-8
private_vlan vid 1000 add community vlanid 101
private_vlan vid 1000 add community vlanid 102

:
1. PC V2 (ping) V1 Internet.
2. PC V3 (ping) V1 Internet.
3. PC V2 PC V3, PC V3 PC V2.

Traffic Segmentation ( )
.
,
,
,
.

, 1
/ ,
1-14

-
-: 1 : 10,
:
-:.
1 : 24,
: .

1
10

24

Traffic Segmentation

Traffic
Segmentation Asymmetric VLAN:
;
IGMP Snooping;
Traffic Segmentation
(
);
.
Traffic Segmentation
VLAN 802.1Q,
. VLAN
. Traffic
Segmentation .

Traffic Segmentation.



Traffic Segmentation
1
IP: 192.168.1.x
GW: 192.168.1.1

192.168.1.1

2
IP: 192.168.1.x
GW: 192.168.1.1

3
IP: 192.168.1.x
GW: 192.168.1.1


config traffic_segmentation 1-8 forward_list 1-24
config traffic_segmentation 9-16 forward_list 1-16
config traffic_segmentation 17-24 forward_list 1-8,17-24

802.1v VLAN

802.1v

IEEE.
802.1v 802.1Q (VLAN
)

,
.
, 802.1v VLAN
.

802.1v
802.1v
802.1q.
DA

, 32- (VLAN
Tag) ,


VLAN
.

Ethernet
- 1522
(1518 + 4 )

SA

Data

CRC

( )

DA

SA

Tagging

Data

CRC

802.1q/1p

8100

Priority CFI
.1p

15

VID
.1q/1v

18 19

Priority (1p) - 3 , 0-7.


VID (1q/1v) - 12 , 0-4095.

31

VLAN
802.1Q VLAN

802.1v VLAN

VID = vid

VID = vid

VLAN

?

VID = PVID

VID = PVID

VID

xStack

(15)
VLAN .
( ) userDefined VLAN
.
: IP, IPX, DEC, DEC LAT, SNAP, NetBIOS, AppleTalk, XNS, SNA, IPv6, RARP
VINES.
:
protocol-ip,

protocol-sna802dot2

protocol-ipx802dot3

protocol-snaEthernet2

protocol-ipx802dot2

protocol-netBios

protocol-ipxSnap

protocol-xns

protocol-ipxEthernet2

protocol-vines

protocol-appleTalk

protocol-ipV6

protocol-decLat

protocol-rarp

protocol-decOther

protocol-userDefined

7 VLAN

2

IP-
VLAN , L3.

4
2

DGS-3324SR
.254


,
IP IPX
192.168.1.x/24
192.168.1.254

.254

.254

IP,
/
IPX

192.168.4.x/24

192.168.4.254

IP
192.168.2.x/24
192.168.2.254
IPX- VLAN
IPX, L2.

1. default vlan.

config vlan default delete 1:1-1:24

2. VLAN, , IP VLAN.

create vlan v101 tag 101


config vlan v101 add untagged 1-8
create ipif net1 192.168.1.254/24 v101 state enabled
create vlan v102 tag 102
config vlan v102 add untagged 9-16
create ipif net2 192.168.2.254/24 v102 state enabled
create vlan v104 tag 104
config vlan v104 add untagged 17-24
create ipif net4 192.168.4.254/24 v104 state enabled
3. VLAN IPX , 1-8
IPX 24

create vlan v200 tag 200 type protocol-ipx802dot3


config vlan v200 add untagged 1-8, 24

3: PPPoE

PPPoE
Internet
Vlan 10

Vlan 10, 20

Vlan 20

DHCP
server
vlan 10
PPPoE , vlan 20

#VLAN
config
create
config
config
create
config
config
#PVID
config
#DOT1V
create
config
create
config
config
config

vlan
vlan
vlan
vlan
vlan
vlan
vlan

default delete 1-28


pppoe tag 20
pppoe add untagged 1-24
pppoe add tagged 26
base tag 10
base add tagged 26
base add untagged 1-24

port_vlan 1-24 pvid 10


dot1v_protocol_group group_id 1 group_name pppoe_disc
dot1v_protocol_group group_id 1 add protocol ethernet_2 8863
dot1v_protocol_group group_id 2 group_name pppoe_session
dot1v_protocol_group group_id 2 add protocol ethernet_2 8864
port dot1v ports 1-24 add protocol_group group_id 1 vlan pppoe
port dot1v ports 1-24 add protocol_group group_id 2 vlan pppoe

QoS.

QoS


(QoS)

QoS :
(Best Effort Service)
, , ,
.
(Integrated Services, IntServ)
RFC 1633
,

.
o

QoS (hard QoS)


.

(Differentiated Service, DiffServ)


RFC 2474, RFC 2475
.
o


IntServ

QoS (soft QoS).


(QoS)

QoS OSI
IEEE 802.1.

IEEE 802.1 8 ( 0
7, 7 ), , 3
IEEE 802.1Q.


(QoS)
IEEE 802.1p
, 802.1p/1q
. 0.
DES-3200-26:4# show 802.1p default_priority
Command: show 802.1p default_priority
Port
Priority
-----------------1
0
2
0
3
0


config 802.1p default_priority <ports> <priority>

QoS MAN
MAN :
1. VoIP
2. IPTV
3. Data

- QoS 5
- QoS 4

a. Management - QoS 7
b. Internet

- QoS 3

c. Intranet
(Local)

- QoS 0

:
QoS-
,
.


(QoS)

QoS OSI
IPv4 8- ToS (Type of Service).

IP Precedence,
DSCP (Differentiated Services Code Point)
:

o IP Precedence 3
0 7;
o DSCP IETF DiffServ.
6 ToS 64
( 0 63).
L2

L3

ToS

802.1Q

IP Precedence
802.1p

CFI

VLAN ID

3bits

1bit

12bits

Delay/Cost/
3bits

5bits

DSCP
8bits


(QoS)

(packet classification).- ,

.
:

802.1;

IP- DSCP ToS;

- / ;

IP- / ;

TCP/UDP / ;

VLAN ..


802.1, ToS, DSCP
.

(Access Control List,
ACL).


(QoS)

,
4 8
.



802.1, ToS, DSCP .

D-Link
802.1 :
4

Q1

Q2

Q0

Q0

Q0

Q1

Q1

Q3

Q2

Q4

Q2

Q5

Q3

Q6

Q3


(QoS)


(packet marking).

/
(DSCP, 802.1p IP Precedence) .


/

.


(QoS)



(Queuing mechanism),

.


(QoS)

FIFO

SPQ

WRR


(QoS)

FIFO

, ,
.

.


(QoS)
(Strict Priority Queue)

.
4-
, , .
, ,
.
,
.
:
.
D-Link
.


(QoS)

(Strict Priority Queue)


3

7

Strict Priority

2
5
6
8
3
7


(QoS)
(Weighted Round
Robin)
,


.
,
.

,
.. .


(QoS)

(Weighted Round
Robin)
3 (40%)
8

1
1

1 (20%)
3
0 (10%)

5
WRR

2 (30%)

2
6
3

7
8


(QoS)

(Congestion avoidance)

(
).
:

(Tail-Drop);

(Random Early Detection,


RED);

(Simple Random
Early Detection, SRED);

(Weighted
Random Early Detection, WRED).


(QoS)

Traffic Policing ( ) Traffic Shaping
( )
.

Bandwidth control


(QoS)


Ethernet D-Link Bandwidth
control, Traffic
Policing.


64 /
64 /.

128 / ,
5 :

config bandwidth_control 5 tx_rate 128



per-flow Bandwidth control.

,
,
, .

per-flow Bandwidth control



.


(QoS)

QoS

B D IP-.
B D
,
.
A
U

B
VoIP
U

DES3526_A
T
T

DES3526_B
U
C

U
D
VoIP


(QoS)


802.1, ,
.

config vlan default add tagged 1

24, B,
IP- 0 ( ) 7.
7 Q6,
.

config 802.1p default_priority 24 7

Spanning Tree Protocols


802.1d (STP)
802.1w (RSTP)
802.1s (MSTP)

Spanning Tree

Spanning Tree?


:
IEEE 802.1d Spanning Tree Protocol, STP
IEEE 802.1w Rapid Spanning Tree Protocol, RSTP
IEEE 802.1s Multiple Spanning Tree Protocol, MSTP

L2
(L2), ,
1

: L2, VLAN
, Spanning Tree .

: L2 Ethernet . ,
(Broadcast Storm).

Spanning Tree

: Spanning Tree (STP, RSTP, MSTP)


.

() ()

Spanning Tree


,


.

, Spanning Tree

.

BPDU

BPDU
, , Ethernet.
,
STP. :


IEEE 802.1d, STP


STP (802.1d):
1. (Root Bridge). ID
. LAN.
2. (Root Port) .

(Root Path Cost) .
.
3. (Designated Port) LAN.
,
LAN , .
LAN .
4. , .

STP
(1)

(3)

(3)

(2)

(4)
,

STP

BPDU

:
Root bridge,

:
MAC
,

Max Age: 20 .

Forward delay: 15 .

:
STP
, STP ,

Forward delay: 15 .

STP
STP:

hello: hello Bridge Protocol Data Unit


(BPDU), . 2
, 1 10 .

forward delay: Forward delay ( )


. 15
, 4 30 .

max age: Max age ( ) ,


,
BPDU. 20
6 40 .
BPDU .
BPDU,
(Message Age).
.
BPDU . BPDU
, BPDU
1. ,
, BPDU.

Topology change notification

Root
TC Flag

TC Flag

TCN ACK

TC Flag

TCN

TC

N
TC Flag
TC
N

TC Flag AC

TC Flag

BPDU

TCN

TCN

STP

802.1d STP:
. STP (802.1d)
30 60 .

:
IEEE 802.1w: Rapid Spanning Tree, RSTP.

Rapid Spanning Tree, RSTP

IEEE 802.1w





802.1d 4
: blocking (), listening
(), learning (), forwarding
().
802.1d

802.1w 3
802.1w: discarding (),
learning (), forwarding ().
802.1w


802.1d 802.1w

STP (802.1d)

RSTP (802.1w)


MAC-?


RSTP
,

,


802.1d.

BPDU,
.
BPDU ,
. RSTP .




BPDU .


BPDU

BPDU




BPDU ,
.


BPDU

BPDU

802.1d
, A B
RSTP, A
. C,
STP
. 802.1d RSTP
BPDU , C ,
BPDU
802.1d.
A(1W)

B(1W)

C(1D)

STP BPDU
RSTP BPDU

802.1d

A BPDU ,
Hello (
), 802.1d
. , C
BPDU ,
A
.
A(1W)

STP BPDU

B(1W)

C(1D)


802.1d 802.1w ,
.
802.1d ,

1. 802.1w,
1/16
1,
.
,
:
((MessageAge+HelloTime)>=MaxAge)
, MaxAge(20 )
Hello (2 ), 18
,
37 ,
, .

: STP RSTP

:
STP, 802.1d: 30 .
RSTP, 802.1w: 2-3 .
:
STP, 802.1d: 7
RSTP, 802.1w: 18
802.1w 802.1d. ,
.

RSTP

RSTP.


, RSTP.

PC1 PC2 PC2 PC1 .


,
1-2 . ( )

RSTP
PC1: 10.1.1.2

DES-3526 A
1

2
DES-3526 B

PC2: 10.1.1.1
STP DES-3526.
DES-3526.
PC1 PC2 .
1 (
ping) .
1
.

RSTP
DES-3526 A:

enable stp
# , A
,
.
# = 32768.
config stp priority 4096 instance_id 1
DES-3526 B:

enable stp
:
1. PC1 PC2 PC2 PC1 .
2. 1. 1-2 ( 12 ping) 1-2 .
3. 1 .
1-2 ping.

RSTP
RSTP:
Spanning Tree ( ).
VLAN,
. , VLAN
, .
VLAN.

: Multiple Spanning Tree, MSTP (IEEE 802.1s)

Multiple Spanning Tree, MSTP

IEEE 802.1s.

MSTP
.

( ) MSTP
RSTP
.

MSTP STP
802.1q VLAN. VLAN
STP, ,
.

MSTP

MSTP
MSTP MST.
, MST
:

VLAN STP

MSTP
.
STP VLAN.

MSTP

MSTP

Vlan 2
Vlan 3

MSTP
1. STP .
2. STP MSTP. ( RSTP)
3. MSTP .
4. VLAN.
5. STP ,
. 32768.
, . ,
MAC,
.
6. , VLAN,
.
7. .

MSTP 2:

DES-3526_A

DES-3526_B

config vlan default delete 1-24

config vlan default delete 1-24

create
config
config
create
config
config
enable
config
config
config
create
config
create
config

create vlan v2 tag 2


config vlan v2 add tagged 25-26
config vlan v2 add untagged 1-8

vlan v2 tag 2
vlan v2 add untagged 1-8
vlan v2 add tagged 25-26
vlan v3 tag 3
vlan v3 add untagged 17-24
vlan v3 add tagged 25-26
stp
stp version mstp
stp mst_config_id name abc
stp mst_config_id revision_level 1
stp instance_id 2
stp instance_id 2 add_vlan 2
stp instance_id 3
stp instance_id 3 add_vlan 3

##
A .
config stp priority
config stp priority
config stp priority

STP ,
4096 instance_id 0
4096 instance_id 2
4096 instance_id 3

## ,
25
## v2, 26 - v3.
config stp mst_ports 25 instance_id 2
priority 96
config stp mst_ports 26 instance_id 3
priority 96
config stp ports 1-24 edge true

create vlan v3 tag 3


config vlan v3 add tagged 25-26
config vlan v3 add untagged 17-24
enable
config
config
config

stp
stp version mstp
stp mst_config_id name abc
stp mst_config_id revision_level 1

create
config
create
config

stp
stp
stp
stp

instance_id
instance_id
instance_id
instance_id

2
2 add_vlan 2
3
3 add_vlan 3

config stp ports 1-24 edge true


## A B
show stp instance_id
show stp ports

LoopBack Detection


: STP LoopBack Detection

, ,
STP BPDU.
LoopBack Detection ,
, .

LoopBack Detection ()

: DES-3526
.
1-
( Port-Based):

:
1) enable loopdetect
2) config loopdetect recover_timer 60 (lbd_recover_timer ,
.
. ,
0)
3) config loopdetect interval 10 (
ECTP (Ethernet Configuration Testing
Ptotocol))
4) config loopdetect mode port-based (
.
)
5) config loopdetect ports 1-26 state enabled


: LoopBack Detection

STP ,
.
.
.
Port-Based VLAN-Based.

LoopBack Detection ()

: DES-3526
.
2- VLAN-
VLAN- ( Port-Based):

:
1) enable loopdetect
2) config loopdetect recover_timer 60 (lbd_recover_timer ,
.
. ,
0)
3) config loopdetect interval 10 (
ECTP (Ethernet Configuration Testing Ptotocol))
4) config loopdetect mode vlan-based ( .
VLAN
VLAN-)
5) config loopdetect ports 1-26 state enabled


:
o

,
.

, IEEE 802.3ad (LACP):


o

Link
Aggregation Control Protocol (LACP).

Link Aggregation Control Protocol (LACP)


LACP

( ),
LACP
LACP.
LACP ,
.
, LACP,
:
o (active):

LACP.

o (passive):
LACP.

,

:

;
;
;
(Flow Control) .

802.1,
.

4 PC
. 4-
,
MAC-.

:
PC-1
.
PC-2
.
PC-3
.
PC-4
.


LACP
Link Aggregation Control
Protocol IEEE 802.3ad (LACP)
.
(
) ,
.
( LACP-
) LACP
.
,
(active), (passive).
, .
LACP Static. LACP ,
LACP, .. LACP .
, ,
, , ..

(Link Aggregation Algorithm)



.
D-Link 9 :
1. mac_source - ;
2. mac_destination - ;
3. mac_source_dest - ;
4. ip_source IP- ;
5. ip_destination IP- ;
6. ip_source_dest IP- ;
7. l4_src_port TCP/UDP- ;
8. l4_dest_port TCP/UDP- ;
9. l4_src_dest_port TCP/UDP- .
mac_source


()

A ( - 2, 4, 6 8)
:
1.
create link_aggregation group_id 1 type static
config link_aggregation algorithm mac_destination
2.
config link_aggregation group_id 1 master_port 2 ports
2,4,6,8 state enabled
B ( - 1, 3, 5 7)
:
1.
create link_aggregation group_id 1
config link_aggregation algorithm mac_source
2.
config link_aggregation group_id 1 master_port 1 ports
1,3,5,7 state enabled

(LACP)
1

( LACP)
.
create link_aggregation group_id 1 type lacp
create link_aggregation group_id 2 type lacp
config link_aggregation algorithm mac_destination
1, 2, 3, 4 1 1
-.
config link_aggregation group_id 1 master_port 1
ports 1-4 state enabled
5, 6, 7, 8 2 5
-.
config link_aggregation group_id 2 master_port 5 port
5-8 state enabled
1-8 .
config lacp_port 1-8 mode active

2 3

( 1-4 )
create link_aggregation group_id 1 type lacp
config link_aggregation algorithm mac_source
config link_aggregation group_id 1 master_port 1
ports 1-4 state enabled

Port Security
( )

Port Security

(Port Security)
Port Security D-Link
, .
,


ETTH/ ETTB
Port Security 3

5


!!


.

!

Port Security

Port Security
Port Security:

Permanent () -
, ,
FDB Aging Time .

Delete on Timeout ( )
- ,
FDB Aging Time .

Delete on Reset ( )
-
( ).

Port Security

Port Security

1-3
2. -
. - Delete on Timeout.

config port_security ports 1-3 admin_state


lock_address_mode DeleteOnTimeout

enabled

max_learning_addr

show port_security

, SNMP Trap
Log-
,
:

enable port_security trap_log

Port Security ()
: MAC-

Port Security
, Max.
Learning Addresses = 0
,

MAC 1
MAC 2
MAC 3
MAC 4

MAC 5
MAC 6
MAC 7

MAC 8
MAC 9
MAC 10

MAC
MAC-.

Port Security
Port Security
Port Security
- .
, -
.

Port Security
- ( max_learning_addr 0).

config port_security ports 1-24 admin_state enabled max_learning_addr 0

- ( VLAN default).
create fdb default 00-50-ba-00-00-01 port 2
create fdb default 00-50-ba-00-00-02 port 2
create fdb default 00-50-ba-00-00-03 port 2
create fdb default 00-50-ba-00-00-04 port 2
create fdb default 00-50-ba-00-00-05 port 8
....... ( )

Web- ;

(Command Line Interface, CLI);

Telnet;

SNMP-.


IP-
DES-3528
DES-3528#config ipif System ipaddress 192.168.100.240/24
Command: config ipif System ipaddress 192.168.100.240/24
Success.

IP-
:
show ipif



.
D-Link

config ports
:
DES-3528#config ports 1-3 speed 10_full learning enable state
enable flow_control enable
Command: config ports 1-3 speed 10_full learning enable state
enable flow_control enable
Success
:
show ports < >



4.
NVRAM.
SDRAM.
, , , .

NVRAM,
save

DES-3528#save
Command: save
Saving all settings to NV-RAM.Done


Show
Show
, ,
.
Show.


Show
show config

,
NV RAM

show fdb

show switch

show
device_status

show error ports

show firmware
information


()

show ipif


IP-


Show
show packet ports

show log

Log-


Web-

Оценить