Академический Документы
Профессиональный Документы
Культура Документы
012-324
. ______
: 403530 _____________________
: .466534.012-324
NETXPERT
L3
NetXpert NX-5124-G10
NetXpert NX-5124-G10F
. .
. .
. .
2
.466534.012-324
.
.
.
. . . . . .
.466534.012-324
.466534.012-324 -
NX-5124-G10 (NX-5124-G10F) -
.
:
.466534.012-324 ;
.466534.012-324 .
. .
. .
.466534.012-324
. . .
. . .
. .
. . NX-5124G-10 3 182
NX-5124G-10F
.. .
. .
1 .................................................................................................................................. 9
1.1 ............................................................................................................................. 9
1.2 ....................................................................................................................... 9
1.3 ........................................................................................................................................ 9
1.4 ..................................................................................................................................... 9
1.5 ............................................................................................................................................. 10
1.6 .................................................................................................................................. 10
2 ......................................................................................................................................... 11
2.1 ................................................................................................................. 11
2.1.1 ................................................................................... 11
2.1.2 ..................................................................................... 13
2.1.3 HTTP............................................................................................................................. 14
2.2 .................................................................................................................................. 15
2.2.1 VTY. ................................................................................................................... 15
2.2.2 ........................................................................................................................... 15
2.2.3 ......................................................................................................... 15
2.2.4 VTY.................................................................................................................. 15
2.3 ...................................................................................................................... 15
2.3.1 SNMP............................................................................................................................ 15
2.3.2 RMON ........................................................................................................................... 19
2.4 SSH ............................................................................................................................. 21
2.4.1 SSH...................................................................................................................................... 21
2.4.2 ........................................................................................................................... 22
2.4.3 Ssh.................................................................................................... 22
3 .................................................................................................................................. 23
3.1 ............................................................................................................................................................ 23
3.1.1 ........................................................................................... 23
3.1.2 .............................................................................................. 23
3.2 ................................................................................................................................ 24
3.2.1 ........................................................................................ 24
3.2.2 .................................................................................... 24
3.2.3 ............................................................................... 25
3.3 .................................................................................................................. 27
3.3.1 ........................................................................................ 27
4 ...................................................................................................... 28
4.1 ............................................................................................................................................................ 28
4.1.1 ........................................................................................... 28
4.1.2 .............................................................................................. 28
4.2 ................................................................................................................................ 29
4.2.1 Ethernet ................................................................................................... 29
5 ................................................................................ 31
. .
5.1 .................................................................................................................. 31
5.1.1 Ethernet ................................................................................................... 31
5.2 ................................................................................................................... 31
5.2.1 .............................................................................................................................................. 31
5.2.2 ................................................................... 32
5.2.3 ............................................................................... 32
5.3 .................................................................................................................. 33
. .
5.3.1 .................................................................................................... 33
6 ........................................................................................................... 34
6.1 ................................................................................................. 34
6.1.1 ....................................................................................... 34
6.1.2 ........................................................................ 34
7 ............................................................................................................ 35
7.1 ................................................................................. 35
7.2 ............................................................................................. 35
7.2.1 ................................................................................................ 35
7.2.2 .................................................................. 35
8 VLAN.................................................................................................................................................. 36
8.1 VLAN .................................................................................................................................................. 36
8.2 VLAN ............................................................................................................. 36
8.3 VLAN ....................................................................................................................... 36
. .
4
.466534.012-324
. . .
8.3.1 / VLAN ......................................................................................................... 36
8.3.2 ...................................................................................... 36
8.3.3 / VLAN ........................................................................................ 37
8.3.4 Super-VLAN ............................................................................................. 37
8.3.5 VLAN .......................................................................................... 38
8.4 ........................................................................................................................................ 38
9 STP .................................................................................................................................................... 39
9.1 (STP) ....................................................................................... 39
9.1.1 STP. ...............................................................................................................................39
9.1.2 STP .......................................................... 39
9.1.3 RSTP...................................................................................................... 39
9.1.4 SSTP ................................................................................................................ 40
9.1.5 vLAN............................................................................................ 41
9.1.6 RSTP...................................................................................................... 42
9.1.7 RSTP ................................................................................................................ 42
9.2 MSTP .......................................................................................................................................... 44
9.2.1 MSTP ................................................................................................................................... 44
9.2.2 MSTP ..................................................................................................... 49
9.2.3 MSTP................................................................................................................ 50
10 STP ................................................................................ 56
10.1 STP ....................................................................................... 56
10.1.1 STP. ....................................................................... 56
10.1.2 STP ......................................................................... 59
11 MAC- .............................................................................................................. 63
11.1 MAC- ........................................................................................................ 63
11.2 MAC-................................................................................................................... 63
11.2.1 Mac- ............................................................................................ 63
11.2.2 MAC-.................................................................................. 63
11.2.3 - VLAN....................................................................................................... 63
11.2.4 MAC-........................................................................................... 63
11.2.5 MAC- ........................................................................................ 64
12 ......................................................................................................................... 65
12.1 ............................................................................................................................................................ 65
12.2 ........................................................................................... 65
12.3 ............................................................................................................. 65
12.3.1 , ........................................... 65
12.3.2 ....................................................................................................... 65
12.3.3 ............................................................ 66
12.3.4 ....................................................................................................... 66
13 GVRP ................................................................................................................................................. 67
13.1 ............................................................................................................................................................ 67
13.2 .............................................................................................................................. 67
. .
.466534.012-324 5
. . .
15.2.3 802.1.................................. 74
15.2.4 802.1............................................................................ 74
15.2.5 802.1 ........................................................................................... 74
15.2.6 802.1................................................................................. 74
15.2.7 802.1....................................................................... 74
15.2.8 802.1 ........................................................................... 74
15.2.9 802.1............................................................................................... 75
15.2.10 VLAN 802.1................................................................................................. 75
15.2.11 ........................................................... 75
15.2.12 802.1 ........................................................................ 76
15.2.13 802.1 ......................................................... 76
15.3 802.1x ............................................................................................................................ 76
16 -............................................................................................... 77
16.1 - ........................................................................................ 77
16.1.1 MAC- ...................................................................................... 77
16.1.2 -....................................................................... 77
16.1.3 -.................................................................................. 77
17 IP- .......................................................... 78
17.1 IP- ....................................................................... 78
17.1.1 IP .................................................................................................................. 78
17.1.2 IP-........................................ 78
17.1.3 IP- ....................................................................... 78
17.1.4 ........................................................................................ 79
18 ................................................................................................................ 80
18.1 IP-.............................................................................................................................. 80
18.1.1 .............................................................................................................................................. 80
18.1.2 IP-............................................................................................... 81
18.1.3 IP-................................................................................................................ 81
18.1.4 IP- .................................................................................................................... 84
18.2 NAT ...................................................................................................................................... 84
18.2.1 .............................................................................................................................................. 84
18.2.2 NAT ........................................................................................................ 86
18.2.3 NAT .................................................................................................................. 86
18.2.4 NAT ............................................................................................................... 91
18.3 DHCP .......................................................................................................................................... 93
18.3.1 .............................................................................................................................................. 93
18.3.2 DHCP- ............................................................................................................. 93
18.3.3 DHCP- ............................................................................................................. 94
18.4 IP ................................................................................................................................ 96
18.4.1 IP- .................................................................................................................... 96
18.4.2 ......................................................................................................... 100
18.4.3 IP- ....................................................... 101
19 ........................................................................................................................ 104
. .
19.1 RIP ............................................................................................................................................ 104
19.1.1 ............................................................................................................................................ 104
19.1.2 RIP ..................................................................................................... 104
19.1.3 RIP.................................................................................................................. 104
19.2 BEIGRP..................................................................................................................................... 108
19.2.1 ............................................................................................................................................ 108
19.2.2 BEIGRP................................................................................................ 108
. .
6
.466534.012-324
. . .
20.3.1 / VRRP ................................................................................... 133
20.3.2 VRRP.............................................................................................. 133
20.3.3 VRRP............................................................................. 133
20.3.4 VRRP ...................................................................................................... 134
20.3.5 VRRP ........................................................................... 134
20.3.6 VRRP ............................................................................................ 134
20.3.7 VRRP .......................................................................................................... 134
21 IP MULTICAST ................................................................................................................................ 136
21.1 ..................................................................................... 136
21.1.1 ............................................................................. 136
21.1.2 .......................................................... 136
21.2 ........................................................................ 137
21.2.1 IP .......................................................................... 137
21.2.2 .......................................................................... 137
21.2.3 TTL.................................................................................................................. 138
21.2.4 .............................................. 138
21.2.5 ............................................. 138
21.2.6 IP Multicast................................................................................................... 139
21.2.7 IP Multicast............................................................................... 139
21.2.8 IP Multicast Helper ...................................................................................................... 139
21.2.9 ........................................................................ 140
21.2.10 ......................................................... 141
21.3 IGMP ......................................................................................................................................... 141
21.3.1 ......................................................................................................................... 141
21.3.2 IGMP ........................................................................................................................... 141
21.3.3 IGMP ( VLAN)................................. 144
21.4 PIM-DM ..................................................................................................................................... 145
21.4.1 PIM-DM ....................................................................................... 145
21.4.2 PIM-DM ....................................................................................................................... 146
21.4.3 PIM-DM................................................................... 147
21.5 PIM-SM ..................................................................................................................................... 147
21.5.1 PIM-SM........................................................................................ 147
21.5.2 PIM-SM ....................................................................................................................... 148
21.5.3 ..................................................................................................................... 149
22 QOS ................................................................................................................................................. 151
.466534.012-324 7
. . .
25.2 .................................................................................................. 159
25.3 ......................................................................................................................... 159
25.3.1 ................................................................................. 159
25.3.2 ............................................................................................. 159
25.3.3 ......................................................................................................... 159
25.3.4 ....................................................................... 159
25.4 ........................................................................................................... 159
26 ........................................................................................................................... 161
26.1 AAA ........................................................................................................................................... 161
26.1.1 AAA .................................................................................................................................... 161
26.1.2 AAA .............................................................................................................. 162
26.1.3 AAA.......................................................................... 163
26.1.4 AAA.................................................................................... 163
26.1.5 AAA ................................................................................... 166
26.1.6 AAA ................................................................................ 166
26.1.7 AAA .......................................................................................... 166
26.1.8 AAA ......................................................................................................... 167
26.1.9 AAA ................................................................................. 168
26.1.10 AAA ............................................................................................ 168
26.2 RADIUS..................................................................................................................................... 169
26.2.1 ...................................................................................................................................... 169
26.2.2 RADIUS................................................................................................ 170
26.2.3 RADIUS................................................................................................ 170
26.2.4 RADIUS .......................................................................................................... 170
26.2.5 RADIUS....................................................................................................... 171
26.3 - ............................................................................................................... 172
26.3.1 ............................................................................................................................................ 172
26.3.2 ................................................................................ 174
26.3.3 - ................................................................... 175
26.3.4 ................................................................ 176
27 ......................................................................................................... 178
27.1 .......................................................................................................................................................... 178
27.2 ..................................................................................... 178
27.3 ................................................................................................ 178
27.3.1 .............................................................................................................. 178
27.3.2 ...................................................................................................................... 178
27.3.3 ..................................................................................................................... 179
27.3.4 .................................................................................. 179
27.3.5 SNMP ................................................................... 179
27.3.6 Web ...................................................................... 179
28 PBR.................................................................................................................................................. 180
28.1 PBR.................................................................................................................................................. 180
28.2 PBR .................................................................................................................... 180
28.3 PBR .............................................................................................................................. 180
. .
28.3.1 ............................................................................................................ 180
28.3.2 ........................................................................................................ 180
28.3.3 PBR ............................................................................................... 180
28.3.4 PBR............................................................................................................................ 180
28.4 PBR........................................................................................................................... 180
........................................................................................................................... 182
. .
. .
8
.466534.012-324
. . .
1
,
, .. ,
.
1.1
0.
, 1.
<type><slot>/<port>; -
:
10M Ethernet Ethernet E
100M FastEthernet Ethernet F
1000M Ethernet Ethernet G
, 1.
, 1.
: .
1.2
:
, .
.
IP- IP.
1.3
(?) :
,
.
Switch> ?
( ),
. .
, ( ).
Switch> s?
,
.
Switch> show?
,
. , -
. .
. -
, .
1.4
.
. ,
, . -
(?).
:
System Supervision Mode ( Ctrl-p
monitor# quit
)
. .
.466534.012-324 9
. . .
User Mode ( ) Switch> exit quit
input
Administration Mode (
enable Switch# exit quit
)
exit quit
config
Global Configuraton Mode ( Ctrl-Z , -
Switch_config#
) -
inter- exit quit
Interface Configuration Mode
face Ctrl-Z , -
( Switch_config_f0/1#
, , in- -
)
terface f0/1 .
. -
, (?) .
.
:
Switch> enter
Password: <enter password>
Switch# config
Switch_config# interface f0/1
Switch_config
_f0/1# quit
Switch_config# quit
Switch#
1.5
, no -
.
, no ip routing
1.6
-
, . -
write.
. .
. .
. .
10
.466534.012-324
. . .
2
2.1
2.1.1
2.1.1.1
- 20 .
2.1.1.2
, . -
. [ ] .
Format .
. [ ]
, .
dir [filename] :
Index number Filename <FILE> Size of the file Establishment time (
<FILE> )
delete filename . , .
md directory .
. , -
rd dirname
.
.
more filename
, .
cd .
pwd .
2.1.1.3
monitor#boot flash <local_filename>
-,
.
local_filename , -
2.1.1.4
. .
-
( ).
1. TFTP
monitor#copy tftp flash [ip_addr]
. .
tftp -.
.
IP- Tftp. , IP- -
ip_addr
copy
main.bin switch.bin.
monitor#copy tftp flash
: Source file name[]?main.bin
: Remote-server ip address[]?192.168.20.1
: Destination file name[main.bin]?switch.bin
please wait ...
. .
.466534.012-324 11
. . .
######################################################################
######################################################################
######################################################################
######################################################################
######################################################################
#############################################
TFTP:successfully receive 3377 blocks ,1728902 bytes
monitor#
2. zmodem
download . download ? -
.
monitor#download c0 <local_filename>
- -
zmodem. .
local_filename , -.
Hyper Terminal WINDOWS 95, NT 4.0 -
WINDOWS 3.X.
monitor#download c0 switch.bin
: speed[9600]?115200
115200 send file
Send - ( ). send file:
2.1-1 Send
main.bin, -
, , Zmodem. Send -
.
:
ZMODEM: successfully receive 36 blocks, 18370 bytes
, .
. .
- 9600.
:
NX-5124G 10 zmodem -
, 38400.
2.1.1.5
. .
startup-config. -
, , .
1. TFTP
monitor#copy tftp flash startup-config
2. zmodem
monitor#download c0 startup-config
2.1.1.6 ftp
config #copy ftp flash [ip_addr|option]
ftp -
. copy ftp .
-
ftp. .
. .
12
.466534.012-324
. . .
copy{ftp:[[[//login-name:[login-password]@]location]/directory]/filename}|flash:
filename>}{flash<:filename>|ftp:[[[//login-name:[login-password]@]location]
/directory]/filename}<blksize><mode><type>
Login-nam FTP . ,
copy.
login-password ftp ,
copy.
nchecksize .
Vrf vrf , MPLS.
blksize ( 512)
ip_addr IP- ftp. ,
copy.
Active ftp .
passive ftp .
"main.bin", "switch.bin"
.
config#copy ftp flash
: ftp user name [anonymous]? login-nam
: ftp user password [anonymous]? login-password
: Source file name []? main. bin
: Remote-server ip address []? 192.168.20.1
: Destination file name [main. bin]? switch. bin or
config#copy ftp://login-nam:login-password@192.168.20.1/main.bin flash:switch.bin
######################################################################
######################################################################
FTP:successfully receive 3377 blocks, 1728902 bytes
config#
:
ftp - tcp (75 ), -
2.1.2
. .
:
monitor#ip address 192.168.1.1 255.255.255.0
2.1.2.2
. .
.466534.012-324 13
. . .
monitor#ip route default 192.168.1.1
2.1.2.3 PING
monitor#ping <ip_address>
.
ip_address IP-
monitor#ping 192.168.20.100
PING 192.168.20.100:56 data bytes
64 bytes from 192.168.20.100:icmp_seq=0. time=0. ms
64 bytes from 192.168.20.100:icmp_seq=1. time=0. m
64 bytes from 192.168.20.100:icmp_seq=2. time=0. ms
64 bytes from 192.168.20.100:icmp_seq=3. time=0. ms
----192.168.20.100 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0
2.1.3 HTTP
2.1.3.1 HTTP
http
http
http
http
1. http
: http .
http:
Ip http server http
2. http
: http - 80.
http:
Ip http port number http
3. http
Http enables .
. .
http.
http:
Enable password {0|7} line enable.
4. http
http, -
. .
http :
http access-class STRING http
2.1.3.2 http
(80) http.
192.168.20.0/24.
ip :
p access-list standard http-acl
permit 192.168.20.0 255.255.255.0
:
ip http access-class http-acl
ip http server
. .
14
.466534.012-324
. . .
2.2
2.2.1 VTY.
line; -
. line
, .
2.2.2
: (console), (AUX), -
(asynchronous) (virtual terminal).
. -
.
CON(CTY) - 0.
Telnet, X.25 PAD, HTTP
VTY Rlogin (, - 1 32.
Ethernet ).
2.2.2.1
VTY
.
VTY, .
.
, Telnet (Ethernet -
).
VTY :
(1).
(2). .
VTY
VTY".
2.2.3
2.2.4 VTY
VTY
more.
config#line vty 0 32
config_line#length 0
. .
2.3
2.3.1 SNMP
2.3.1.1
SNMP , :
SNMP (NMS)
. .
SNMP (AGENT)
(Management Information Base - MIB)
, SNMP -
SNMP .
SNMP (NMS), CiscoWorks.
MIB . SNMP , -
.
SNMP MIB, SNMP .
SNMP
. (MIB),
. -
. SNMP , -
. -
, , ( ), TCP, -
.
. .
.466534.012-324 15
. . .
1. SNMP
SNMP ( ) -
SNMP . , ,
SNMP .
SNMP . -
, , ,
, . , SNMP -
, , PDU, . -
, . ,
, . , -
.
,
. , ,
.
, .
. ,
. , SNMP
, . -
, -
.
.
2. SNMP
SNMP:
SNMPv1 - , ,
RFC1157.
SNMPv2C - SNMPv2, -, -
RFC1901.
(Layer 3) SNMP:
SNMPv3 - , 3, RFC3410.
SNMPv1 . (community) ,
MIB , IP- .
SNMPv3 -
; SNMPv3 :
, .
, .
-
.
SNMPv3 .
, ( ), -
.
. SNMPv3 , :
, , . -
MD5 SHA ( ) -
. .
MD5 SHA -
. DES
. -,
.
. , -
.
SNMP SNMP, -
. .
. -
.
3. MIB
SNMP MIBII ( RFC 1213)
SNMP ( RFC 1215).
MIB .
2.3.1.2 SNMP
SNMP :
SNMP
SNMP
SNMP
. .
16
.466534.012-324
. . .
SNMP
SNMP
SNMPv3
SNMPv3
SNMPv3 Engine ID
1. SNMP
SNMP MIB (
). SNMP:
OID MIB name
snmp-server view name oid] SNMP
[exclude | include] SNMP. Exclude , ; include ,
.
, SNMP MIB -
.
.
SNMP, SNMP
SNMP.
2. SNMP
SNMP -
SNMP . , -
. , -
:
IP- SNMP.
MIB MIB, -
.
MIB.
, -
:
snmp-server community string [view
. -
, no snmp-server community.
, SNMP.
3.
SysContact sysLocation MIB,
.
. .
.
:
snmp-server contact text
snmp-server location text
. .
4. SNMP
SNMP ,
. :
snmp-server packetsize byte-count
5. SNMP
SNMP, -
,
.
show snmp SNMP
6. SNMP
. .
.466534.012-324 17
. . .
SNMP ( -
):
SNMP
,
:
snmp-server host host community-
SNMP
string [trap-type]
snmp-server host host , , ..
[traps|informs]{version {v1 | v2c | : SNMPv3
v3 {auth | noauth | priv } }}commu- eybrfkmysq SNMP ,
nity-string [trap-type] .
SNMP
. snmp-server host , -
.
. ,
snmp trap link-status, ,
SNMP . -no snmp trap link-stat -
.
, snmp-server host.
, .
.
:
snmp-server trap-source interface , .
IP- .
snmp-server queue-length length .
- 10.
snmp-server trap-timeout seconds .
- 30 .
7. SNMP
,
SNMP.
snmp source-addr ipaddress SNMP
8. SNMPv3 SNMP:
. .
snmp-server group [groupname {v1 | v2c
|v3 [auth | noauth | priv]}][read read- SNMPv3.
view][write writeview] [notify notify-
view] [access access-list]
9. SNMPv3
. .
. -
, , -
. ,
; , .
snmp-server user username groupname {v1
| v2c | v3 [encrypted] [auth {md5 | sha} SNMPv3
. -
-
; . -
; , .
. .
18
.466534.012-324
. . .
SNMPv3.
snmp-server user username groupname re-
mote ip-address [udp-port port] {v1 | :
v2c | v3 [encrypted] [auth {md5 | sha}
auth-password ]} [access access-list] SNMP IP-
.
2.3.1.3
1. 1:
snmp-server community public RO
snmp-server community private RW
snmp-server host 192.168.10.2 public
public -
MIB private MIB.
public private MIB private
MIB . , public -
192.168.20.2. ,
down, link down 192.168.20.2.
2. 2:
snmp-server engineID remote 90.0.0.3 80000523015a000003
snmp-server group getter v3 auth
snmp-server group setter v3 priv write v-write
snmp-server user get-user getter v3 auth sha 12345678
snmp-server user set-user setter v3 encrypted auth md5 12345678
snmp-server user notifier getter remote 90.0.0.3 v3 auth md5 abcdefghi
snmp-server host 90.0.0.3 informs version v3 auth notifier
snmp-server view v-write internet included
SNMPv3 . getter
, setter .
get-user getter,
sha 12345678. set-user
setter,
md5 12345678.
notifier inform
90.0.0.3.
. .
2.3.2 RMON
2.3.2.1 RMON
RMON :
RMON
RMON
. .
RMON
RMON
RMON
1. RMON
rMon
SNMP NMS. SNMP -
. rMon .
rMon :
Configure
rmon alarm index variable in- rMon.
terval {absolute | delta} ris-
ing-threshold value [eventnum- index . 1
ber] falling-threshold value 65535.
. .
.466534.012-324 19
. . .
[eventnumber] [owner string] variable MIB,
MIB INTEGER, Counter Gauge
Time Ticks.
interval -
. 1 4294967295.
absolute -
MIB; delta -
MIB .
value ,
. event
number , -
. event number -
.
owner string -
.
exit .
write .
scription string] log -
2. [log] [owner string] .
[trap community] trap , -
. community .
owner string .
3. exit .
4. write .
. .
rMon, eventLastTimeSent field -
sysUpTime rMon. log ,
log. trap , trap
community. rmon event -
. -
no rmon event index , in-
dex.
. .
3. RMON
rMon -
. rMon :
1. configure
20
.466534.012-324
. . .
5. exit .
6. write .
,
, second. -
. rmon eventcollection stat -
-
. no rmon collection stats index
, index. , bucket-number
interval second , -
.
5. RMON
show RMON.
rmon.
Alarm .
Event ,
. .
2.4 SSH
2.4.1 SSH
2.4.1.1 SH
SSH ,
, SSH . , -
telnet. SSH , Data Encryption Standard (DES),
the Triple DES (3DES) blowfish.
2.4.1.2 SSH
SSH , ssh.
,
SSH, ,, -
SSH. SSH :
des, 3des blowfish.
. .
.466534.012-324 21
. . .
2.4.1.3
sh ssh 1.5 ssh shell.
2.4.2
2.4.2.1
ssh .
.
:
Ip sshd auth_method STRING
2.4.2.2
ssh , -
.
-
:
Ip sshd access-class STRING
2.4.2.3
,
, .
:
Ip sshd timeout <60-65535>
2.4.2.4
,
SSH , . -
3 .
-
:
Ip sshd auth-retries <0-65535>
2.4.2.5 ssh
SSH . SSH- -
. .
ras (client). -
- .
SSH-:
Ip sshd enable
. .
2.4.3 Ssh
, , IP- 192.16.20.40 ssh.
.
2.4.3.1
ip access-list standard ssh-acl
permit 192.168.20.40
2.4.3.2
aaa authentication login ssh-auth local
ip sshd auth-method ssh-auth
ip sshd access-class ssh-acl
ip sshd enable
. .
22
.466534.012-324
. . .
3
3.1
, -
.
, ,
. ,
, .
, .
3.1.1
.
Ethernet
Ethernet Ethernet
Ethernet
Ethernet
VLAN
: Ethernet -
. Ethernet -
, . -
, .
Ethernet :
Ethernet
Ethernet
Ethernet
:
VLAN
3.1.2
.
:
1) interface ; -
config_ , -
. .
. .
. show in-
terface . , -
, :
Switch#show interface
GigaEthernet1/1 is down, line protocol is down
Hardware is Fast Ethernet, Address is 0009.7cf7.7dc1
. .
.466534.012-324 23
. . .
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
1 packets output, 64 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Gigabit Ethernet g1/1, :
interface GigaEthernet0/1
config_g1/1 .
:
. -
, g 1/1, g 1/1.
2) .
, ;
,
.
3) show, -
, .
3.2
3.2.1
, .
.
:
3.2.1.1
, -
. , -
. show interface
running-config . -
.
description string
-
.
3.2.1.2
. .
. bandwidth -
.
bandwidth kilobps
, -
.
. .
3.2.1.3
. bandwidth
.
delay tensofmicroseconds
. delay -
.
3.2.2
:
. .
24
.466534.012-324
. . .
3.2.2.1
,
, . -
, , : -
:
show interface [type [slot|port]] .
show running-config .
-
show version , , ,
.
3.2.2.2
.
- . , -
, . -
:
no interface type [slotport]
3.2.2.3
, . -
-
. -
. .
DTR .
shutdown no shutdown -
.
shutdown
no shutdown
show interface show running-
config. administratively down.
.
. .
3.2.3
, ,
:
VLAN
. .
3.2.3.1
. -
, . ,
. no ip unreachable
. -
, , -
; -
.
-
:
interface null 0
. .
.466534.012-324 25
. . .
,
. IP-
192.168.20.0.
ip route 192.168.20.0 255.255.255.0 null 0
3.2.3.2
. -
BGP .
BGP. -
,
. , , -
. ,
, .
.
, -
:
interface loopback number
3.2.3.3
Ethernet.
, .
:
Interface port-aggregator number
3.2.3.4 VLAN
Vlan - . VLAN -
2 VLAN . -
, VLAN. VLAN -
, .
VLAN :
Interface vlan number VLAN
3.2.3.5 Super-VLAN
Super VLAN : VLAN
Ipv4 .
IP-. Super VLAN VLAN ,
. IPv4 .
. .
VLAN, Super VLAN, SubVLAN. SubVLAN -
IP-. Ip- Super
VLAN.
Super VLAN :
super VLAN.
. .
26
.466534.012-324
. . .
Super VLAN ,
.
3.3
3.3.1
3.3.1.1
, ;
.
interface vlan 1interface vlan 1
ip address 192.168.1.23 255.255.255.0ip address 192.168.1.23 255.255.255.0
3.3.1.2
Ethernet 1.
interface GigaEthernet0/1
shutdown
.
interface GigaEthernet0/1
no shutdown
. .
. .
. .
.466534.012-324 27
. . .
4
4.1
, ,
.
, ,
. ,
, .
, .
4.1.1
.
Ethernet
Ethernet Ethernet Ethernet
Ethernet
VLAN
: Ethernet -
. Ethernet -
, . -
, .
Ethernet :
Ethernet
Ethernet
Ethernet
:
VLAN
4.1.2
.
:
1) interface ; -
config_ , .
.
. show interface
. , , -
. .
:
Switch#show interface
GigaEthernet1/1 is down, line protocol is down
Hardware is Fast Ethernet, Address is 0009.7cf7.7dc1
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
. .
28
.466534.012-324
. . .
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
1 packets output, 64 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Gigabit Ethernet g0/1, :
interface GigaEthernet0/1
config_g0/1 .
:
. -
, g 1/1, g 1/1.
2) .
, ;
,
.
3) show, -
, .
4.2
4.2.1 Ethernet
Ethernet . Ethernet
: 10 / 100 /. :
, - .
4.2.1.1 Ethernet
Ethernet:
interface fastethernet [slot\port ] Ethernet
interface gigaethernet [slot\port ] Ethernet
show interface fastEthernet
Fast Ethernet show interface gigaEthernet Gigabit
Ethernet.
4.2.1.2 Ethernet
. .
Ethernet
.
Ethernet 10, 100
Speed {10|100|1000|auto}
No speed ()
. .
:
. , GBIC GE-FX 1000M,
FE-FX - 100M. speed auto,
. .
4.2.1.3
,
. Ethernet
. Ethernet
.
duplex {full|half|auto} Ethernet
No duplex ()
. .
.466534.012-324 29
. . .
4.2.1.4
PAUSE ( 802.3).
flow-control on/off /
no flow-control
. .
. .
. .
30
.466534.012-324
. . .
5
5.1
5.1.1 Ethernet
Ethernet . proce-
dures . Ethernet : 10 / 100
/. : , - -
.
5.1.1.1
keepalive,
.
keepalive .
keepalive period Period , -
.
no keepalive keepalive
5.1.1.2
. -
.
Configure
interface f0/0 , .
.
band , .
[no] switchport rate- ingress , -
limit band ingress } .
egress , -
.
exit .
exit .
5.1.1.3
PAUSE ( 802.3).
flow-control on/off /
no flow-control
. .
5.1.1.4 -
, -
( MAC )
, .
.
. .
5.2
5.2.1
,
, . -
MAC , MAC
. MAC- -
, . -
.
. .
.466534.012-324 31
. . .
: -
-. MAC- -
MAC , ,
MAC-.
, , .
.
5.2.2
/
-
-
-
MAC- IP-
5.2.3
5.2.3.1 /
:
, -
.
:
configure
interface f0/1 , .
[no] switchport port-security /
exit .
exit .
write
5.2.3.2
, -
.
: protect.
-
:
configure
interface f0/1 , .
. .
[no] switchport port-security viola-
protect:
tion [protect\restrict]
restrict:
exit .
exit .
write
. .
5.2.3.3 -
-
-.
-:
configure
interface f0/1 , .
32
.466534.012-324
. . .
5.2.3.4
show, -
, , MAC-
, MAC- , -.
show -
:
show port-security [interface inter-
face-id] interface-id: ID
5.2.3.5 -
show, -
, MAC- MAC- -
.
show -
-:
show mac address-table [interface in- -
terface-id] interface-id: ID
5.3
5.3.1
5.3.1.1
, ;
.
interface vlan 1
ip address 192.168.1.23 255.255.255.0
. .
5.3.1.2
Ethernet 1.
interface fastEthernet 0/1
flow-control on
. .
.
interface fastEthernet 0/1
flow-control off
. .
.466534.012-324 33
. . .
6
6.1
6.1.1
,
.
, interface range,
. interface range,
, , .
6.1.2
:
interface range, , -
, :
interface range type slot/<port1 - (1) slot
port2 | port3>[ , <port1 - (2) 1 2
port2|port3>] 3.
(3) 2 , 1
(4) /
fast Ethernet,
Ethernet 1, 2, 3, 6, 8, 10, 11, 12, 0.
switch_config#interface range 1 - 3 , 6 , 8 , 10 - 12
switch_config_if_range#
. .
. .
. .
34
.466534.012-324
. . .
7
7.1
7.2
7.2.1
, -
.
-
:
Configure
Session-number -
.
mirror session session_number {desti-
Destination -
nation {interface interface-id} |
source {interface interface-id [, | - .
]rx ] } Source .
rx .
-
.
exit .
write .
7.2.2
show.
.
show mirror [session session_number]
Session-number
. .
. .
. .
.466534.012-324 35
. . .
8 VLAN
8.1 VLAN
(Virtual Local Area Network) ,
, . 1999 . IEEE -
IEEE 802.1Q, VLAN. -
, . -
VLAN ,
. VLAN , -
, , -
; -
,
, , ,
.
:
VLAN
, 802.1Q
Visiting port
Vlan , VLAN,
. ,
; VLAN , -
. vlan , -
vlan , vlan id vlan (PVID).
VLAN
Vlan-allowed vlan,
. Vlan-untagged
vlan vlan.
8.2 VLAN
/ VLAN
/ VLAN
superVLAN
VLAN
8.3 VLAN
8.3.1 / VLAN
- , -
, . VLAN
, LAN,
LAN. VLAN -
, -
. VLAN .
. .
VLAN, .
VLAN:
vlan vlan-id VLAN
name str VLAN
Exit vlan vlan.
. .
8.3.2
, ,
VLAN.
, VLAN
Ethernet .
,
Ethernet .
VLAN , -
, , . -
. .
36
.466534.012-324
. . .
port pvid,
VLAN. ,
. .
VLAN PVID. VLAN
.
.
VLAN, , -
, , VLAN, -
.
:
switchport pvid vlan-id PVID .
switchport mode access|trunk|dot1q-tunnel .
switchport trunk vlan-allowed ... vlan-allowed .
switchport trunk vlan-untagged ... vlan-untagged .
:
dot1q-tunnel.
/ ,
.
dot1q-tunnel:
double-tagging double-tagging
dot1q-tunnel :
dot1q-
tunnel
2116 / 2224 / 2224M / 2226 / 2448B / 3224 / 3224M / 3424 / 6508
2224D
2448 / 2516 / 2524 / 3448 / 3512
, , , -
.
8.3.3 / VLAN
Vlan -
3. vlan :
[no] interface vlan vlan-id / VLAN
8.3.4 Super-VLAN
. .
Super VLAN : -
, VLAN Ipv4; -
, IP-. Super VLAN -
. VLAN -
IPv4 . , Super VLAN,
IP-.
. .
Super VLAN. -
, .
[no] interface supervlan index Index Super VLAN. 1
32.
no , Super VLAN.
Super VLAN. Sub
VLAN -
.466534.012-324 37
. . .
Remove VLAN
Sub VLAN. remstr
.
No SubVLAN SuperVLAN. -
no
VLAN interface , Ip-.
Super VLAN , -
.
8.3.5 VLAN
VLAN -
:
show vlan [ id x | interface intf ] VLAN
show interface {vlan | supervlan} x /supervlan
8.4
, :
2. 1-3 VLAN1,
4-6 - VLAN2. VLAN1 VLAN2 SuperVlan.
SuperVla :
. .
switchport pvid 2
!
interface fastethernet 0/6
switchport pvid 2
!
interface supervlan 1
. .
subvlan 1,2
ip address 192.168.1.100 255.255.255.0
ip proxy-arp subvlan
!
. .
38
.466534.012-324
. . .
9 STP
9.1 (STP)
9.1.1 STP.
(Spanning Tree Protocol - STP)
IEEE 802.1D; , -
, .
-
-
. ,
. -
. , ,
.
STP
. LAN -
. ,
, , , LAN.
, .
.
( ) . ,
, .
:
(1) .
(2) .
(3) .
( )
. Root Path Cost, ,
.
, .
, (
LAN) . LAN
-
.
, -
.
STP ,
Ethernet. STP -
.
(Rapid Spanning Tree) -
802.1D ST. RSTP
, LAN.
. -
.
802.1D STP 802.1w RSTP. -
. .
9.1.2 STP
Single STP PVST RSTP MSTP
NX-5124G 10
9.1.3 RSTP
STP
/ STP
. .
.466534.012-324 39
. . .
STP
9.1.4 SSTP
9.1.4.1 STP
STP :
spanning-tree mode {sstp | rstp} STP
9.1.4.2 / STP
.
, .
:
no spanning-tree STP
, :
spanning-tree STP (SSTP)
spanning-tree mode {sstp | rstp} STP
9.1.4.3
-
.
:
spanning-tree sstp priority value sstp
no spanning-tree sstp priority sstp -
(32768)
9.1.4.4
STP -
, .
SSTP :
spanning-tree sstp hello-time value sstp
. .
no spanning-tree sstp hello-time sstp -
(4 )
9.1.4.5
,
, .
-
. .
:
spanning-tree sstp max-age value sstp
no spanning-tree sstp max-age
(20 )
9.1.4.6
sstp ,
, learning listening
(forwarding).
sstp :
spanning-tree sstp forward-time sstp
. .
40
.466534.012-324
. . .
no spanning-tree sstp forward time
(15 )
9.1.4.7
.
.
:
spanning-tree port-priority value
spanning-tree sstp port-priority value sstp
no spanning-tree sstp port-priority
(128)
9.1.4.8
:
spanning-tree cost value
spanning-tree sstp cost value sstp
no spanning-tree sstp cost
9.1.4.9
6500.
BPDU -
, MSU.
STP.
,
6500 :
spanning-tree designated-auto
no spanning-tree designated-auto
9.1.4.10 STP
STP, -
:
show spanning-tree
show spanning-tree detail
show spanning-tree interface
. .
9.1.5 vLAN
9.1.5.1
SSTP .
vLAN. vLAN, -
SSTP vLAN .
. .
vLAN,
.
,
30 ; -
STP.
NX-5124G10 -
vLAN. , , -
.
.466534.012-324 41
. . .
STP VLAN.
spanning-tree vlan vlan-list vlan-list: vLAN ( )
SSTP 30 -
.
no spanning-tree vlan vlan-list
vLAN.
spanning-tree vlan vlan-list prior-
ity value vLAN.
no spanning-tree vlan-list priority .
spanning-tree vlan vlan-list for-
ward-time value VLAN.
no spanning-tree vlan vlan-list for-
ward-time VLAN.
spanning-tree vlan vlan-list max-age
VALN
value
no spanning-tree vlan vlan-list max-
age VLAN.
spanning-tree vlan vlan-list hello-
time value VLAN.
no spanning-tree vlan vlan-list
hello-time VLAN.
:
spanning-tree vlan vlan-list cost VLAN.
no spanning-tree vlan vlan-list cost VLAN.
spanning-tree vlan vlan-list port-
priority VLAN.
no spanning-tree vlan vlan-list
port-priority VLAN.
-
vLAN:
show spanning-tree vlan vlan-list VLAN
9.1.6 RSTP
/ RSTP
. .
9.1.7 RSTP
9.1.7.1 / RSTP
:
. .
spanning-tree mode rstp RSTP
no spanning-tree mode STP (SSTP)
9.1.7.2
,
. , -
.
:
spanning-tree rstp priority value
no spanning-tree rstp priority
. .
42
.466534.012-324
. . .
, MAC-
. , RSTP,
, .
32768.
9.1.7.3
,
. -
, . -
, . -
. -
, , ;
. -
. , , -
.
:
spanning-tree rstp forward-time value
no spanning-tree rstp forward-time (15)
, -
. , -
. -
.
(Forward Delay Time) 15
.
9.1.7.4
, -
, .
:
spanning-tree rstp hello-time value
no spanning-tree rstp hello-time
,
. , -
. ,
,
. .
4 .
9.1.7.5
. .
,
. -
.
:
spanning-tree rstp max-age value
. .
9.1.7.6
Ethernet . -
, . RST
Ethernet
.
. .
.466534.012-324 43
. . .
-
:
spanning-tree rstp cost value
no spanning-tree rstp cost
, Ethernet
. RSTP -
Ethernet.
, Ethernet 2000000, -
10 / 200000, 100/.
9.1.7.7
Ethernet , -
. , ,
. Ethernet , -
.
:
spanning-tree rstp port-priority value
no spanning-tree rstp port-priority
, Ethernet
.
Ethernet 128.
9.1.7.8
RST
802.1D STP, . STP,
STP, .
STP, RSTP
802.1D STP BPDU. span-
ning-tree rstp migration-check
RSTP.
:
, IEEE 802.1D 2004 RSTP, -
migration-check.
RSTP:
spanning-tree rstp migration-check
-
. .
:
spanning-tree rstp migration-check
9.2 MSTP
. .
9.2.1 MSTP
9.2.1.1
Multiple Spanning Tree Protocol (MSTP) -
LAN. MSTP (Spanning
Tree Protocol (STP)) (Rapid Spanning Tree Protocol (RSTP)).
STP
RSTP vLAN . STP -
. RSTP
.
MSTP RSTP
VLAN STP,
. , MSTP, VLAN
VLAN.
. .
44
.466534.012-324
. . .
PvSTP, MSTP VLAN STP,
STP, VLAN.
NX-5124G10 MSTP. , -
, .
9.2.1.2 MST
MSTP VLAN STP MSTP. -
MSTP, MST.
, MST -
, MST. MST
VLAN, VLAN MST.
9.2-1 MSTP
1. CIST
Common and Internal Spanning Tree (CIST) , -
LAN.
MST STP RSTP;
. .
.
, CIST CIST. -
CIST ,
CIST.
2. CST
(Common Spanning Tree). MST
. .
.466534.012-324 45
. . .
, . MSTI00, CIST, -
, .
9.2.1.4
MSTP , RSTP.
1.
9.2-2
,
.
2.
9.2-3
. -
,
, .
3.
. .
. .
9.2-4
LAN .
LAN .
. .
46
.466534.012-324
. . .
4.
9.2-5
LAN,
, . -
, .
5.
9.2-6
MST CIST.
CIST.
6.
CIST MSTI. CIST -
, MST. MSTI,
, .
7.
. .
RSTP MSTP, ,
. ,
.
. .
9.2-7
. .
.466534.012-324 47
. . .
, MTSP RSTP ,
. , BPDU ,
. 802.1D STP BPDU,
.
MSTI (MSTI Configuration Messages) 103~
9.2-2 MST
MSTI (MSTI FLAGS) 1
MSTI (MSTI Regional Root Identifier) 2-9
MSTI (MSTI Internal Root Path Cost) 10 - 13
MSTI (MSTI Bridge Priority) 14
. .
MSTI (MSTI Port Priority) 15
MSTI (MSTI Remaining Hops) 16
9.2.1.6
MSTP
BPDU, .
. .
1) CIST .
2) LAN
CIST, .
3) , CIST -
.
4) MSTI MSTI.
5) LAN
MSTI.
6) CIST
CIST CIST.
7) CIST LAN
CIST.
8) , ,
LAN .
9) MSTI MSTI.
. .
48
.466534.012-324
. . .
10) MSTI MSTI.
11) CIST. -
CIST MSTI .
9.2.1.7
STP RSTP, MSTP STP (Hop Count)
Message Age Max Age BPDU.
, MSTP
. BPDU -
CIST MSTI .
0, .
9.2.1.8 STP
MSTP STP
. STP, -
STP. , , STP,
.
:
, STP, -
MSTP, STP. , -
spanning-tree mstp migration-check STP, ,
the MSTP.
, RSTP,
MSTP. , MSTP -
RSTP.
9.2.2 MSTP
MSTP
MSTP
MSTP
STP
MST
9.2.2.1 MST
MSTP, , IEEE 802.1s.
. .
MST -
, MSTP. ,
. ,
MSTP, CIST, -
.
. .
.466534.012-324 49
. . .
MST , -
BPDU RSTP BPDU.
, MST, .
-
MST BPDU, .
migration-check.
MSTP
9.2.3 MSTP
9.2.3.1 MSTP
STP SSTP (PVST, RSTP MSTP )
MAC-
0
MST VLANs CIST (MST00)
(CIST MSTI) 32768
(CIST MSTI) 128
1000 /: 20000
(CIST MSTI) 100 /: 200000
10 /: 2000000
(Hello Time) 2
15
20
20
9.2.3.2 MSTP
STP PVST SSTP . -
, .
STP MSTP :
spanning-tree STP
spanning-tree mode mstp MSTP
STP :
no spanning-tree STP
9.2.3.3 MST
MST, , : ,
. .
, VLAN MSTI. -
. ,
, .
MST -
MAC- . VLANs CIST (MST00). 0 VLAN
CIST (MST00). MAC-,
MSTP . span-
. .
.
MAC-
no spanning-tree mstp name MST
MST.
spanning-tree mstp revision value value , 0 65535.
0.
No spanning-tree mstp revision MST
. .
50
.466534.012-324
. . .
instance-id -
, MSTI. 1 15.
spanning-tree mstp instance in- vlan-list vlan,
stance-id vlan vlan-list 1 4094. instance-id -
, ;
vlan-list vlan,
1,2,3, 1-5, 1,2,5-10 ..
VLAN MSTI
no spanning-tree mstp instance in- . instance-id -
stance-id , MSTI. 1
15.
MSTP :
show spanning-tree mstp region MSTP
9.2.3.4
MSTP ID ,
MAC- .
ID .
MSTP . -
32768..
,
, Spanning-tree mstp in-
stance-id root.
, ID
ID 24576, 24576 ,
.
24576, MSTP
4096 , . -
, 4096 .
, diameter -
. ID 0.
, MSTP
STP , ,
. Hello-time
.
:
-
instance-id
spanning-tree mstp instance-id root
primary [diameter net- , 0 15.
. .
MSTP :
show spanning-tree mstp[instance in-
stance-id] MSTP
9.2.3.5
, spanning-tree mstp instance-id
root secondary,
.
, .
, MSTP -
28672. ,
32768, .
. .
.466534.012-324 51
. . .
diameter hello-
time STP. -
, .
:
spanning-tree mstp instance-id root
secondary instance-id -
[diameter net-diameter [hello-time sec- , 0 15
onds]] net-diameter (-
), instance-id
0; 2 7.
No spanning-tree mstp instance-id root instance-id -
, 0 15.
MSTP :
show spanning-tree mstp
[instance instance-id] MSTP
9.2.3.6
, , -
root. -
.
:
instance-id -
spanning-tree mstp instance-id pri- , 0 15; value -
ority value ; -
: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768,
36864, 40960, 45056, 49152, 53248, 57344, 61440
no spanning-tree mstp instance-id .
priority instance-id
, 0 15.
9.2.3.7 STP
STP:
Hello Time ( )
,
. .
.
Forward Delay ( )
, , Blocking learning for-
warding STP.
Max Age ( )
-
. .
:
2 x (fwd_delay 1.0) >= max_age
max_age >= (hello_time + 1) x 2
, MSTP:
:
52
.466534.012-324
. . .
:
spanning-tree mstp max-age seconds 6 40 ; - 20
.
no spanning-tree mstp max-age -
.
STP -
.
-
.
.
9.2.3.8
.
.
MSTP, spanning-tree mstp diameter net-
diameter. CIST.
STP .
:
spanning-tree mstp diameter net- .
net diameter 2 7;
diameter
7.
no spanning-tree mstp diameter net diameter
.
.
9.2.3.9
(maximum hops) .
spanning-tree mstp max-hops hop- .
count hop count 1 40; -
20.
9.2.3.10
, -
(forwarding), -
. ,
. .
forwarding.
, MSTP:
STP
instance-id
spanning-tree mstp instance-id port-priority , 0 15.
. .
priority ; -
priority
:
0, 16, 32, 48, 64, 80, 96, 112
128, 144, 160, 176, 192, 208, 224, 240
-
.
spanning-tree port-priority value value -
:0, 16, 32, 48, 64, 80, 96, 112
.466534.012-324 53
. . .
show spanning-tree mstp interface MSTP
interface-id ,
interface-id
F0/1, FastEtnernet0/3 ..
9.2.3.11
MSTP . -
, -
. , . -
, .
:
spanning-tree mstp instance-id cost cost instance-id -
, 0 15.
-
spanning-tree cost value .
value .
1 200000000.
no spanning-tree mstp instance-id cost -
no spanning-tree cost -
9.2.3.12
, MSTP -
-,
(handshake mechanism). ,
-.
, -
. , -
-. ,
.
, , RSTP MSTP, -
point-to-point, -
.
, :
spanning-tree mstp point-to-point force-true -.
spanning-tree mstp point-to-point force-
false (shared)
spanning-tree mstp point-to-point auto
. .
no spanning-tree mstp point-to-point
9.2.3.13 MST
MSTP, , IEEE 802.1s.
MSTPs, MSTP, Cisco,
. .
MSTP , MST. , , -
MSTP, MSTP, -
MST MST.
, MST, , STP, -
MSTP. BPDU ,
BPDU .
MST, spanning-tree mstp migration-check.
, MST,
:
spanning-tree mstp mst-compatible MST
no spanning-tree mstp mst-compatible MST
:
. .
54
.466534.012-324
. . .
MST -
, MSTP. ,
. ,
MSTP, CIST, -
.
MST , -
BPDU RSTP BPDU.
, MST, .
-
MST BPDU, .
migration-check.
9.2.3.14
MSTP STP -
. STP,
STP. STP . -
, STP, .
:
, STP,
MSTP, STP; STP,
, MSTP, spanning-tree
mstp migration-check .
RSTP,
MSTP. , MSTP -
RSTP.
STP, , -
:
spanning-tree mstp migration-check STP,
STP, ,
:
spanning-tree mstp migration-check STP,
9.2.3.15 MSTP
MSTP, ,
:
show spanning-tree MSTP ( SSTP, PVST,
. .
RSTP MSTP)
show spanning-tree detail STP (
SSTP, PVST, RSTP MSTP)
show spanning-tree interface interface-id STP ( SSTP,
PVST, RSTP MSTP)
show spanning-tree mstp MST
show spanning-tree mstp region MST
. .
.466534.012-324 55
. . .
10 STP
10.1 STP
10.1.1 STP.
( ); .
:
-
Single STP PVST RSTP MSTP
Port Fast
BPDU Guard
BPDU Filter
Uplink Fast
Backbone Fast
Root Guard
Loop Guard
. .
. .
56
.466534.012-324
. . .
.
BPDU guard Port Fast. STP
BPDU Guard BPDU , -
BPDU. RSTP/MSTP BPDU Guard
, , , , BPDU.
BPDU Guard -
. spanning-tree portfast bpduguard -
, BPDU . , -
BPDU guard .
10.1-2
. .
( Direct Link
Failure), STP ,
Forwarding, Listening Learning.
Uplink Fast spanning-tree uplinkfast
, , -
.
10.1-3 Uplink Fast. -
C B , .
C A, -
, .
. .
.466534.012-324 57
. . .
10.1-3 Uplink Fast
:
Uplink Fast SSTP PVST.
RSTP MSTP, Uplink
Fast.
c ; Uplink
Fast. L1 A B C.
L1 ,
backbone fast.
Backbone Fast 10.1-4.
. .
. .
58
.466534.012-324
. . .
, C , B.
L1, B bpdu C, -
. C , bpdu -
. Backbone Fast ,
C B
. . -
spanning-tree backbonefast,
C BPDU , C -
, indirect-link root-switch-reachable ; C
, .
Backbone Fast, BPDU -
, . ,
. -
, .
, Backbone Fast . -
: listening,
learning forwarding.
Uplink Fast, Backbone Fast SSTP PVST.
.
PVST MSTP Loop Guard
. MSTP, Loop Guard CIST,
MSTI.
:
Loop Guard SSTP/PVST RSTP/MSTP. SSTP/PVST,
Loop Guard, RSTP/MSTP,
10.1.2 STP
10.1.2.1 STP
Port Fast
. .
.466534.012-324 59
. . .
BPDU Guard
BPDU Filter
Uplink Fast
Backbone Fast
Root Guard
Loop Guard
BPDU Guard :
spanning-tree portfast bpduguard bpdu guard,
no spanning-tree portfast bpduguard bpdu guard
:
port fast . BPDU
. .
Guard BPDU Filter .
BPDU guard :
spanning-tree bpduguard enable bpdu guard
spanning-tree bpduguard disable bpdu guard
. .
Filter:
spanning-tree portfast bpdufilter BPDU Filter,
no spanning-tree portfast bpdufilter bpdu filter
:
port fast . BPDU
. .
60
.466534.012-324
. . .
Guard BPDU Filter .
BPDU filter :
spanning-tree bpdufilter enable bpdu filter
spanning-tree bpdufilter disable bpdu filter
no spanning-tree bpdufilter bpdu filter
.
Loop Guard SSTP/PVST RSTP/MSTP. SSTP/PVST,
Loop Guard, RSTP/MSTP,
- BPDU. Loop Guard ,
- BPDU .
Loop
Guard:
spanning-tree loopguard default Loop Guard, -
.
no spanning-tree loopguard default loop guard.
loop guard :
. .
.466534.012-324 61
. . .
spanning-tree guard loop loop guard .
no spanning-tree guard root guard loop guard .
spanning-tree guard none root guard loop guard .
. .
. .
. .
62
.466534.012-324
. . .
11 MAC-
11.1 MAC-
- :
-
-
-
-
11.2 MAC-
11.2.1 Mac-
MAC- , .
. ,
MAC-. MAC-
.
Configure
/ MAC-
[no] mac address-table static mac- mac-addr MAC-;
addr vlan vlan-id interface inter- Vlan-id VLAN; -
face-id 1 4094;
interface-id .
exit .
write .
11.2.2 MAC-
MAC- , -
MAC- MAC-. MAC-
; 300
.
MAC- -
:
configure
-.
mac address-table aging-time [0 | 0 , MAC- .
10-1000000] -: 10
1000000 .
exit .
write .
. .
11.2.3 - VLAN
- VALN, - VALN - -
VLAN. VLAN -.
- VALN :
. .
configure
interface f0/1 ,
switchport shared-learning - VALN
exit .
exit .
write .
11.2.4 MAC-
, -
MAC- . MAC-
show.
. .
.466534.012-324 63
. . .
MAC-
dynamic -, -
.
show mac address-table {dynamic [inter-
face interface-id | vlan vlan-id] | Vlan-id VLAN; -
static} 1 4094.
Interface-id .
Static MAC-
11.2.5 MAC-
MAC- .
MAC-
:
MAC-
dynamic -, -
clear mac address-table dynamic [address .
mac-addr | interface interface-id | vlan Mac-addr MAC-;
vlan-id] Interface-id .
Vlan-id VLAN; -
1 4094.
. .
. .
. .
64
.466534.012-324
. . .
12
.
12.1
- -
. -
. -
, , LACP.
:
, , ,
, -
.
LACP
, LACP,
. .
-
.
12.2
,
12.3
12.3.1 ,
, -
.
:
interface port-aggregator id
12.3.2
-
LACP .
,
, VLAN , , -
. .
, .
, , -
, LACP.
, -
( ). -
, , -
-
. .
. vlan
.
LACP .
, -
. , -
, , .
VLAN: PVID, , VLAN (vlan-
allowed) VLAN (vlan-untagged).
:
aggregator-group agg-id mode { lacp | static }
. .
.466534.012-324 65
. . .
12.3.3
,
.
.
src-mac
MAC-,
MAC- .
dst-mac
MAC- ,
, MAC- .
both-mac
MAC- MAC-
, MAC-
.
src-ip
IP-,
IP- .
dst-ip
IP- , ,
IP- .
both-ip
IP- IP-
, IP-
.
:
aggregator-group load-balance
:
,
. , ,
, . -
, :
src-mac dst-mac both-mac src-ip dst-ip both-ip
NX-5124G 10
12.3.4
-
:
show aggregator-group
. .
. .
. .
66
.466534.012-324
. . .
13 GVRP
13.1
GVRP ( , , -
vlan (garp vlan registration protocol GARP VLAN) -
GARP ( ). GVRP GARP
VLAN . GVRP -
VLAN -
VLAN, VLAN, .
GVRP
VLAN ( VLAN VLAN )
, VLAN
GVRP .
13.2
13.2.1 GVPR
/ GVPR
/ GVPR
GVRP
13.3 GVPR
13.3.1 / GVPR
:
[no] gvrp / GVRP
: GVRP .
13.3.2 / GVPR
:
[no] gvrp / GVPR
GVRP , ; GVRP
. GVRP
; GVRP .
: GVRP .
13.3.3 GVRP
.
. .
GVRP.
switch#show gvrp statistics interface Tthernet0/1
GVRP statistics on port Ethernet0/1
GVRP Status: Enabled
GVRP Failed Registrations: 0
GVRP Last Pdu Origin: 0000.0000.0000
GVRP Registration Type: Normal
GVRP.
switch#show gvrp status gvrp is enabled!
13.4
:
VLAN A B, GVRP A -
B.
. .
.466534.012-324 67
. . .
8 :
Switch_config_f0/8# switchport mode trunk
GVRP A
Switch_config#gvrp
GVRP 8 A
Switch_config_f0/8#gvrp
VLAN 10, VLAN 20 VLAN 30 A
Switch_config#vlan 10
Switch_config#vlan 20
Switch_config#vlan 30
9 :
Switch_config_f0/9# switchport mode trunk
GVRP
Switch_config#gvrp
GVRP 9
Switch_config_f0/9#gvrp
VLAN 40, VLAN 50 VLAN 60
Switch_config#vlan 40
Switch_config#vlan 50
Switch_config#vlan 60
, VLAN
A B. VLAN10, VLAN20, VLAN30, VLAN40, VLAN50 VLAN60
.
. .
. .
. .
68
.466534.012-324
. . .
14 IGMP-SNOOPING
14.1 IGMP-snooping
IGMP VLAN -
VLAN.
. -
IGMP ,
VLAN, IGMP IGMP
.
, IGMP , -
, IGMP-
, ,
IGMP . , IGMP-
-
. show ip igmp-snooping -
VLAN igmp-snooping.
/ IGMP-snooping VALN
/ VLAN
VLAN
IGMP-snooping
IGMP-snooping
IGMP-snooping
IGMP-snooping
IGMP-snooping
: IGMP-snooping 16 VLAN.
IGMP-snooping VLAN3, no ip IGMP-
snooping, IGMP-snooping VLAN, ip IGMP-snooping VLAN 3
.
14.1.2 / VLAN
, IGMP,
.
. .
:
ip igmp-snooping vlan vlan_id static
A.B.C.D interface intf VLAN
no ip igmp-snooping vlan vlan_id static
A.B.C.D interface intf VLAN
. .
14.1.3 VLAN
(immediate-leave),
leave; , -
, , -
.
, ;
, immediate-leave .
:
ip igmp-snooping vlan vlan_id immediate-leave VLAN
no ip igmp-snooping vlan vlan_id immediate- VLAN
leave
VLA
. .
.466534.012-324 69
. . .
14.1.4
, (DHL,
igmp-snooping),
VLAN.
, ,
.
ip igmp-snooping dlf-frames filter ,
no ip igmp-snooping dlf-frames ()
:
VLAN.
(
VLAN).
14.1.5 IGMP-snooping
(Router Age) IGMP.
IGMP -
. IGMP .
:
ip igmp-snooping timer router-age IGMP-
timer_value snooping
no ip igmp-snooping timer router-age IGMP-
snooping
:
IGMP inquirer. -
.
260 .
14.1.6 IGMP-snooping
(response time)
IGMP inquirer . -
, .
:
ip igmp-snooping timer response-time
timer_value IGMP-snooping
. .
:
; , -
. 10 .
14.1.7 IGMP-snooping
VLAN,
. .
IGMP-snooping, IGMP-snooping
IGMP query.( ,
VLAN, IGMP-snooping ).
LAN
, IGMP
snooping, IGMP snooping.
:
[no] ip igmp-snooping querier [address IGMP-snooping -
[ip_addr] address Ip- -
IGMP-snooping .
(Pseudo Query packet) - 10.0.0.200.
:
. .
70
.466534.012-324
. . .
, -
VLAN.
.
14.1.8 IGMP-snooping
:
show ip igmp-snooping IGMP-snooping
show ip igmp-snooping timer IGMP-snooping
show ip igmp-snooping groups IGMP-snooping
show ip igmp-snooping statistics IGMP-snooping
/ IGMP-
[ no ] debug ip igmp-snooping [ packet | snooping ////.
timer | event | error ] ,
/.
VLAN IGMP-snooping:
IGMP-snooping:
IGMP-snooping:
IGMP-snooping:
. .
. .
IGMP-snooping:
. .
.466534.012-324 71
. . .
IGMP-snooping:
14.1.9 IGMP-snooping
:
(1) IGMP-snooping VLAN 1,
Switch_config#ip igmp-snooping vlan 1
(2) IGMP-snooping VLAN 2,
Switch_config#ip igmp-snooping vlan 2
. .
. .
. .
72
.466534.012-324
. . .
15 802.1
15.1 802.1
802.1
802.1
802.1
802.1
802.1
802.1
802.1
802.1
802.1
VLAN
802.1
802.1
15.2 802.1
15.2.1 802.1
802.1x : , -
802.1x.
, -
. .
.
, ,
.
.
802.1x , 802.1x
.
. 802.1x ,
AAA.
802.1x :
dotlx enable 802.1
802.1:
dotlx port-control auto 802.1
aaa authentication dotlx {default |list
802.1
name} method
802.1
. .
:
dot1x port-control auto 802.1x
dot1x port-control force-authorized
dot1x port-control force-unauthorized
. .
15.2.2 802.1
802.1x . -
.
, -
.
, 802.1 (, 1108).
-
.
802.1x,
. , ( -
MAC- ). , 802.1x ,
- . -
- , MAC- .
802.1 -
:
. .
.466534.012-324 73
. . .
()
dot1x multiple-hosts
802.1
15.2.3 802.1
802.1x 802.1x, -
. - -
, - . -
, 802.1x , -
.
, .
:
,
dot1x max-req count EAP-
request/identity
15.2.4 802.1
-
. -
.
-
.
:
( -
dot1x re-authentication
)
dot1x timeout re-authperiod time
-
dot1x reauth-max time
15.2.5 802.1
802.1 .
802.1x ,
.
:
dot1x timeout tx-period time 802.1
. .
15.2.6 802.1
802.1 ,
. 802.1
:
dot1x user-permit xxxz
. .
15.2.7 802.1
802.1 -
. default 802.1.
802.1
:
dot1x authentication method yyy 802.1
15.2.8 802.1
802.1;
Chap Eap (eap md5-challenge eap-tls), .
Challenge, MD5, Chap,
. .
74
.466534.012-324
. . .
challenge eap. -
-
. ,
, No .
Eap-tls
handshake Translation Layer Security (tls),
.
802.1
:
dot1x authen-type {chapjeap} chap eap
:
dot1x authentication type {chapjeap} chap, eap
15.2.9 802.1
802.1 .
dot1x 802.1 , .
,
.
. -
.
, dot1x AAA -
update . ,
.
dot1x, , -
- (supplicant).
dot1x -
:
dot1x accounting enable 802.1
; -
dot1x accounting method {method name}
default
VLAN, -
:
Dot1x guest-vlan guest-vlan
0. -
, .
. .
guest-vlan id .
guest-vlan id:
VLAN VLAN
Dot1x guest-vlan {id(1-4094)}
802.1. 1 4094
15.2.11
(Supplicant) .
:
dot1x forbid multi-network-adapter
. .
.466534.012-324 75
. . .
15.2.12 802.1
. -
:
dot1x default 802.1
15.2.13 802.1
802.1 -
:
show dot1x {interface ....} 802.1
15.3 802.1x
:
aaa authentication dot1x TST-F0/10 radius
aaa authentication dot1x TST-F0/12 local
interface VLAN1
ip address 192.168.20.24 255.255.255.0
radius-server host 192.168.20.2 auth-port 1812 acct-port 1813
radius-server key TST
2. F0/10
interface FastEthernet0/10
. .
dot1x port-control auto
dot1x authentication method TST-F0/10
dot1x user-permit radius-TST
3. F0/12
interface FastEthernet0/12
dot1x Multiple-host dot1x port-control auto
. .
76
.466534.012-324
. . .
16 -
:
MAC-
-
MAC-
16.1 -
16.1.1 MAC-
.
- .
MAC-
.
Configure
/ -
[no] mac access-list name
16.1.2 -
permit/deny , -
. -
-. -
.
-
.
-
permit deny
[no] {deny | permit} {any | host src-mac-
- - -
addr} {any | host dsf-mac-addr} [ether-
- .
type]
ethertype
Ethernet
-
exit
-
exit
write
Switch_config#mac acce 1
Switch-config-macl#permit host 1.1.1 any
Switch-config-macl#permit host 2.2.2 any
- -
. .
. .
16.1.3 -
- -
. - -
.
. .
Configure
-
.
[no] mac access-group name
name -
.
exit .
exit .
write .
. .
.466534.012-324 77
. . .
17 IP-
17.1 IP-
17.1.1 IP
,
.
. :
-
, IP- .
IP- , -
. ROS
. , : . -
, -
. , .
:
(1) .
(2) .
17.1.2 IP-
IP-. :
, .
:
ip access-list standard name name -
IP
deny {source [source-mask] | any} or per-
mit {source [source-mask] | any}
exit
:
ip access-list extended name name -
IP
{deny | permit} protocol source source-
mask destination destination-mask [prece-
dence precedence] [tos tos] . ( precedence -
{deny | permit} protocol any any IP ; TOS )
. .
exit
, ( ) -
. , add access list -
. no permit no deny -
.
:
,
. .
deny. IP-
, 255.255.255.255 .
,
IP- .
17.1.3 IP-
.
:
ip access-group name
,
. ,
. , -
. .
78
.466534.012-324
. . .
. ICMP, ,
-.
, .
17.1.4
,
SMTP 130.2.1.2.
ip access-list extended aaa
permit tcp any 130.2.1.2 255.255.255.255 eq 25
interface g0/10
ip access-group aaa
. .
. .
. .
.466534.012-324 79
. . .
18
18.1 IP-
18.1.1
18.1.1.1 IP-
(Internet protocol - IP) - ,
. IP , -
. IP- (-
IP ). , IP -
, .
(Transmission Control Protocol (TCP)) IP. TCP -
, , ,
. ,
, . TCP
, -
.
IP-, (Address Resolution Protocol (ARP)),
IP-. IP-, ICMP, HSRP, IP- -
IP-.
18.1.1.2 IP-
IP- , -
.
IP 2 : Interior Gateway Protocol (IGP) Exterior
Gateway Protocol (EGP). RIP,
OSPF, BGP BEIGRP. RIP, OSPF, BGP BEIGRP -
. , ,
,
OSOF ( ), BGP, RIP, BEIGRP.
redistribute, -
,
.
,
, . -
, , -
.
1.
.
.
. .
, , -
.
. .
2.
IGP . IP
(, ) -
. -
, .
IGRP:
RIP
OSPF
BEIGRP
3.
EGP -
. , , -
, . EGRP,
BGP.
. .
80
.466534.012-324
. . .
18.1.2 IP-
IP IP -
. -
, IP. IP
.
IP- . , -
.
, IP- , IP .
IP-:
IP-
IP-
IP-
18.1.3 IP-
18.1.3.1 IP-
IP- IP . IP- -
. -
IP 1, IP-
.
0.0.0.0
1.0.0.0 126.0.0.0
127.0.0.0
128.0.0.0 191.254.0.0
191.255.0.0
192.0.0.0
192.0.1.0 223.255.254
223.255.255.0
D 224.0.0.0 239.255.255.255
240.0.0.0 255.255.255.254
E
255.255.255.255
IP-.
: ,
.
18.1.3.2 IP-
IP-, IP- -
. .
IP-. IP-
:
IP . ,
254 IP-,
300 . IP-
.
2 , -
. IP-
.
, IP.
, -
IP-, -
.
:
,
IP- .
. .
.466534.012-324 81
. . .
,
:
ip address ip-address mask secondary IP-
:
IP -
.
18.1.3.3
IP IP- . -
, :
1.
IP- ( -
), ( , -
). , -
, .
MAC- , MAC
.
, Ethernet ,
48- MAC- .
IP- . IP-
.
: (Ad-
dress Resolution Protocol (ARP)) -ARP. RFC 826 1027.
ARP IP- MAC-. IP-
ARP -. MAC-
, IP- MAC- ARP . IP-
.
ARP
ARP
IP- . -
, ARP. , -
ARP.
, 32- IP- 48 .
, , ARP -
.
ARP , ARP.
, IP / .
:
arp ip-address hardware-address IP- ARP
. .
arp ip-address hardware-address alias
ARP- IP-
:
arp timeout seconds ARP
show interfaces - ARP -
. Use show arp, ARP. -
. .
, . -ARP .
-ARP, -
:
ip proxy-arp ARP
Free ARP
. .
82
.466534.012-324
. . .
, IP- , -
ARP. IP- ARP
. - MAC- .
ARP . -
ARP, IP- IP-,
ARP , ARP -
IP-. , .
ARP . Free
ARP , .
arp send-gratuitous ARP
arp send-gratuitous interval value ARP -
; : 120 .
2. IP-
IP- , .
Telnet, Ping .
IP-,
:
ip host name address IP
18.1.3.4
. -
-. IP- , BGP, RIP OSPF, , -
.
18.1.3.5
-
. . -
, -
. IP
. ,
. .
IP -
. , . -
, .
1. -
IP- -
. "Deny of Service" IP-
. .
.
-
. ,
, ,
, .
. , IP- -
. .
-
.
IP, -
:
ip directed-broadcast [access-list-name]
2. UDP
UDP , -
. , , UDP -
, . , -
-
. .
UDP, , UDP
. .
.466534.012-324 83
. . .
. , UDP, -
NetBIOS ( 137).
,
:
ip helper-address address
UDP
, , -
:
ip forward-protocol udp [port] ,
18.1.3.6 IP-
, :
1. ,
, . -
, ,
.
, , EXEC,
:
clear arp-cache IP ARP
2.
, IP-
, . -
.
, .
.
" IP-". :
show arp ARP
,
show hosts ,
show ip interface [type number]
show ip route [protocol]
ping {host | address} (
)
. .
18.1.4 IP-
IP VLAN 11.
interface vlan 11
ip address 202.96.2.3 255.255.255.0
. .
18.2 NAT
18.2.1
, -
IP . NAT - , IP-
IP- , -
. , NAT -
-
. NAT ,
-
(CIDR). NAT RFC 1631.
18.2.1.1 NAT
(NAT) -
. .
84
.466534.012-324
. . .
:
, -
. NAT IP , -
IP , . NAT
( ) , -
( ). NAT -
IP .
. ,
, NAT.
TCP.
IP- IP- TCP.
, NAT -
-
. , IP
IP-, .
.
18.2.1.2 NAT
NAT ,
. , NAT ,
. -
, , IP-,
NAT. ( -
) NAT. NAT , , -
.
NAT
. NAT
. NAT -
, . NAT -
, .
, NAT . -
, ,
ICMP .
NAT .
, , NAT , ,
, .
18.2.1.3 NAT
, (inside) , -
. , -
; ,
NAT. , -
.
, (outside) , -
. .
. ,
/ -
.
, NAT :
: IP-, . ,
, IP- (NIC)
.
. .
IP- ( NIC ), -
IP .
: IP- .
, -
.
: IP-, .
.
18.2.1.4 NAT
NAT NAT -
. NAT : ,
. -
. -
, NAT- :
. .
.466534.012-324 85
. . .
TCP/UDP
PAT
, -
, , , .
show running NAT.
18.2.2 NAT
NAT, -
. , NAT -
:
TCP
NAT
18.2.3 NAT
18.2.3.1
, IP-
IP-. -
.
-
. -
, .
.
, -
.
18.2-1 NAT
. .
, .
1.1.1.1 B.
. .
, 1.1.1.1, -
NAT .
, 3.
,
(SA) 1.1.1.1. -
, , , , .
, -
1.1.1.1 .
86
.466534.012-324
. . .
.
1.
,
:
ip nat inside source static local-ip -
global-ip
interface type number
ip nat inside ,
interface type number
ip nat outside ,
. -
.
2.
, -
:
ip nat pool name start-ip end-ip netmask , -
ip access-list standard access-list-name
permit source [source-mask]
ip nat inside source list
access-list-name pool name ,
interface type number
ip nat inside ,
interface type number
ip nat outside ,
:
, . (-
, deny all .) ,
, .
"
" .
18.2.3.2
, -
. -
(, TCP UDP)
. -
. .
, TCP UDP -
.
NAT, -
.
. .
18.2-2 NAT
.
. .
.466534.012-324 87
. . .
B C , 2.2.2.2. -
, . ,
IP- .
1.1.1.1 B.
, 1.1.1.1,
NAT. , , -
1.1.1.1
1.1.1.1 . , -
. -
, . -
.
,
1.1.1.1 .
B 1.1.1.1, IP-
2.2.2.2.
IP-, -
NAT, , ,
, -
1.1.1.1 1.1.1.1.
1.1.1.1 . -
.
overloadeding ,
:
ip nat pool name start-ip end-ip netmask , -
ip access-list standard access-list-name
permit source [source-mask]
:
, . (-
, deny all .) ,
, .
.
18.2.3.3
. .
, -
, . , NAT -
.
. .
18.2-3 NAT
. .
88
.466534.012-324
. . .
, :
1.1.1.1 C, -
, DNS.
DNS- C 1.1.1.1. DNS -
.
1.1.1.1 3.3.3.3.
.
,
.
IP- , 1.1.1.1 C, -
3.3.3.3.
, ,
.
C .
1.
, -
:
ip nat outside source static global-ip -
local-ip
interface type number
ip nat inside
interface type number
ip nat outside ,
2.
,
:
ip nat pool name start-ip end-ip netmask
ip access-list standard access-list-name
:
, . (-
, deny all .) ,
, .
-
.
. .
18.2.3.4 TCP
NAT -. -
, . -
NAT , -
. , ,
. ,
.
( ). -
.
. .
.466534.012-324 89
. . .
18.2-4 NAT TCP
, :
B (9.6.7.3)
1.1.1.127.
,
(1.1.1.1) IP-.
.
1.1.1.1 .
NAT ,
, .
.
1.1.1.2
. ,
.
. TCP -
.
ip nat pool name start-ip end-ip netmask ,
ip access-list standard access-list-name
permit source [source-mask]
. .
ip nat inside destination list access-
list-name pool name , ,
interface type number
ip nat inside ,
interface type number
. .
ip nat outside ,
:
, . (-
, deny all .) ,
, .
TCP -
.
18.2.3.5
, , -
. , . -
, 1 . ,
:
. .
90
.466534.012-324
. . .
ip nat translation timeout seconds
, ,
. , -
.
ip nat translation udp-timeout seconds UPD ( 5 )
ip nat translation dns-timeout seconds DNS ( 1 )
ip nat translation tcp-timeout seconds - TCP ( 1 )
ip nat translation icmp-timeout seconds NAT ICMP ( 60 )
ip nat translation syn-timeout seconds NAT TCP SYN ( 60 -
)
ip nat translation finrst-timeout seconds TCP FIN RST ( 1 -
)
NAT.
:
ip nat translation max-entries numbers NAT (
4000)
ip nat translation max-links A.B.C.D num- IP-,
ber NAT
IP-
IP-, -
ip nat translation max-links all numbers NAT
IP-;
Max-
18.2.3.6 NAT
-
NAT . .
18.2.4 NAT
NAT.
18.2.4.1
, 1
(192.168.1.0/24), Net-208. NAT
171.69.233.208 171.69.233.233.
ip nat pool net-208 171.69.233.208 171.69.233.233 255.255.255.240
ip nat inside source list a1 pool net-208
!
interface vlan10
ip address 171.69.232.182 255.255.255.240
. .
.466534.012-324 91
. . .
ip nat outside
!
interface vlan11
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
ip access-list standard a1
permit 192.168.1.0 255.255.255.0
!
18.2.4.2
net-208, 171.69.233.208 171.69.233.233.
1 192.168.1.0 192.168.1.255. -
, 1
. ( 192.168.1.0 192.168.1.255),
. ,
.
ip nat pool net-208 171.69.233.208 171.69.233.233 255.255.255.240
ip nat inside source list a1 pool net-208 overload
!
interface vlan10
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface vlan11
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
ip access-list standard a1
permit 192.168.1.0 255.255.255.0
!
18.2.4.3
, -
. , .
Net-10 IP-. ip nat outside source list 1 pool
net-10 .
ip nat pool net-208 171.69.233.208 171.69.233.223 255.2555.255.240
ip nat pool net-10 10.0.1.0 10.0.1.255 255.255.255.0
ip nat inside source list a1 pool net-208
ip nat outside source list a1 pool net-10
!
interface vlan10
ip address 171.69.232.192 255.255.255.240
ip nat outside
!
. .
interface vlan11
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
ip access-list standard a1
permit 192.168.1.0 255.255.255.0
!
. .
18.2.4.4 TCP
, , -
. .
. 1/0 ( -
) TCP .
ip nat pool real-hosts 192.168.15.2 192.168.15.15 255.255.255.240
92
.466534.012-324
. . .
ip nat inside
!
ip access-list standard a2
permit 192.168.15.1 255.255.255.0
18.3 DHCP
18.3.1
(DHCP (Dynamic Host Configuration Protocol)) -
, IP- ,
TCP/IP. DHCP RFC 2131. DHCP -
IP- . DHCP IP-:
DHCP- IP- . -
DHCP- IP-
.
DHCP- IP- DHCP
.
18.3.1.1 DHCP
DHCP. DHCP .
DHCP IP-, -
(, ) -
Ethernet.
, DHCP, DHCP -
, IP DHCP -
.
18.3.1.2 DHCP
, DHCP -
Ethernet. :
IP DHCP -
18.3.1.3 DHCP
DHCP /, , DHCP- DHCP-
DHCP .
. .
DHCP-
(, IP-, -
..) DHCP.
DHCP-
IP- DHCP- -
.
, -
. .
DHCP.
- , , -
IP-. IP- DHCP-
. ,
DHCP- .
18.3.2 DHCP-
18.3.2.1 DHCP-
IP-
DHCP-
DHCP
DHCP
. .
.466534.012-324 93
. . .
18.3.2.2 DHCP-
1. IP-
IP- DHCP. -
VLAN.
ip address dhcp IP- Ethernet DHCP
2. DHCP-
DHCP- , ,
. -
:
ip dhcp-server ip-address IP- DHCP
get an IP address.
3. DHCP
, DHCP . -
.
ip dhcp client minlease seconds
ip dhcp client retransmit count
ip dhcp client select seconds SELECT
, , get an IP ad-
dress.
4. DHCP
DHCP- ( ),
, . -
:
Show dhcp server DHCP-, -
DHCP-, , -
. :
Show dhcp lease IP- , -
, show interface : IP-
Ethernet DHCP IP-
Ethernet.
. .
18.3.2.3 DHCP-
NAT. IP-
IP Ethernet 1/1
DHCP.
interface vlan 11 ip address dhcp
. .
18.3.3 DHCP-
18.3.3.1 DHCP
DHCP-
DHCP-
ICMP
DHCP-
DHCP-
DHCP-
DHCP-
18.3.3.2 DHCP-
1. DHCP-
IP- DHCP- DHCP- -
. .
94
.466534.012-324
. . .
(DHCP- .
, , -
ip helper-address DHCP ):
ip dhcpd enable DHCP-
2. DHCP-
IP- DHCP-, DHCP-
, :
ip dhcpd disable DHCP-
3. ICMP
ICMP, -
.
ICMP , -
:
ip dhcpd ping packets pkgs ICMP
ICMP , -
:
ip dhcpd ping timeout timeout ICMP
4.
,
. :
ip dhcpd write-time time -
5. DHCP-
DHCP-, -
:
ip dhcpd pool name DHCP-
DHCP
6. DHCP-
DHCP, -
. , , -
. .
.
network ip-addr netsubnet
, ,
.
. .
range low-addr high-addr , -
DNS-, -
default-router ip-addr... , -
, -
dns-server ip-addr... DNS- .
. .
.466534.012-324 95
. . .
domain-name name ,
,
lease {days [hours][minutes] | infi- , -
nite}
NetBIOS,
netbios-name-server ip-addr... NetBIOS, -
, : IP-
, Mac- - " ".
hw-access deny hardware-address IP , Mac-
- " "
7. DHCP-
DHCP, -
:
show ip dhcpd binding DHCP-
DHCP-, -
:
show ip dhcpd statistic DHCP-
8. DHCP-
DHCP,
:
clear ip dhcpd binding {ip-addr|*}
DHCP-, -
:
clear ip dhcpd statistic DHCP-
. .
18.3.3.3 DHCP-
ICMP 200 , -
1 DHCP Server.
ip dhcpd ping timeout 2
ip dhcpd pool 1
network 192.168.20.0 255.255.255.0
range 192.168.20.211 192.168.20.215
. .
domain-name my315
default-router 192.168.20.1
dns-server 192.168.1.3 61.2.2.10
netbios-name-server 192.168.20.1
lease 1 12 0
!
ip dhcpd enable
18.4 IP
, IP. -
IP-, IP-.
18.4.1 IP-
IP: IP
. .
96
.466534.012-324
. . .
IP-
, .
18.4.1.1 IP-
IP IP-. -
ICMP. ICMP , , ,
IP . ICMP
RFC 792.
IP , :
1. ICMP
, , , -
; ICMP
. .
, :
ip unreachables ICMP
2. ICMP-
. , , , -
-
, -.
. -
, . -
. -
, .
. -
, .
, -
.
, , :
ip redirects ICMP
3. ICMP
. , ICMP -
. , ICMP -
. ICMP .
, ICMP.
. .
ip mask-reply ICMP
4. MTU
IP MTU RFC 1191. IP -
MTU MTU -
. , , MTU, -
. , IP- .
. .
IP- , -
. ICMP,
MTU . , -
, MTU .
, , -
MTU . -
MTU . MTU -
IP-, . , :
.
IP MTU.
IP- MTU -
.
5. IP (MTU)
(MTU), , IP
. , IP ,
. .
.466534.012-324 97
. . .
MTU.
MTU IP MTU . IP MTU
MTU, IP MTU MTU . IP MTU
MTU. IP MTU , MTU . -
MTU, .
IP MTU , -
:
ip mtu bytes IP MTU
6. IP-
IP . RFC 791 -
IP: , , -
. , ICMP -
. ,
ICMP ( ) .
IP IP . -
IP . IP
, ICMP ( -
) .
.
IP- , , -
IP- :
ip source-route IP
7. IP
IP IP-.
. -
. -
, . hitting time
, , .
, ,
. .
, .
. NX-5124G10 2047 -
1024 . -
.
ip route-cache ( IP-)
no ip route-cache
, ,
.
. .
ip route-cache hit-numbers -
hitnumber (hitnumber)
8. IP
IP ,
. .
VLAN, . , -
, .
IP , ,
:
ip route-cache same-interface IP-
18.4.1.2
IP , .
1. TCP
TCP, -
. -
TCP. 75 .
. .
98
.466534.012-324
. . .
TCP . -
TCP.
TCP,
:
ip tcp synwait-time seconds TCP
2. TCP
TCP 2000 . , -
:
ip tcp window-size bytes TCP
18.4.1.3 IP-
, :
1. ,
, .
, , , -
.
:
clear tcp statistics
2. TCP
TCP, :
clear tcp {local host-name port re- TCP. (TCB -
mote host-name port | tcb address} TCP)
3.
, .
.
.
" IP-".
show ip access-lists name
show ip cache [prefix mask] , IP- -
[type number]
show ip sockets
show ip traffic IP-
. .
.
:
IP-.
debug arp ARP
debug ip icmp ICMP
debug ip raw
debug ip packet -
debug ip tcp TCP
debug ip udp UDP
. .
.466534.012-324 99
. . .
18.4.2
18.4.2.1 IP-
IP- .
-
. , -
. -
.
, IP .
IP
IP-. ROS
. : -
. , -
. , .
, .
:
, . -
.
18.4.2.2 IP-
IP-.
:
, .
:
ip access-list standard name name
IP
deny {source [source-mask] |
any}[log] or permit {source
[source-mask] | any}[log]
exit
:
ip access-list extended name name
IP
{deny | permit} protocol source
source-mask destination destina-
. .
tion-mask [precedence prece-
dence] [tos tos] [established]
[log]{deny | permit} protocol
any any
exit
, ( precedence -
ip-. TOS .)
. .
( )
. ,
. no permit no deny
.
:
, deny -
. , 255.255.255.255 - ,
IP- .
.
,
.
18.4.2.3 IP-
, , -
. .
100
.466534.012-324
. . .
.
.
ip access-group name {in | out} IP-
, . -
, .
, .
, .
, ICMP.
. -
. ,
. ,
ICMP .
, .
18.4.2.4
, ,
TCP , , 1023.
TCP SMTP 130.2.1.2.
ip access-list extended aaa
permit tcp any 130.2.0.0 255.255.0.0 gt 1023
permit tcp any 130.2.1.2 255.255.255.255 eq 25
interface vlan 10
ip access-group aaa in
- , .
, Ethernet TCP .
, TCP Ethernet
SMTP .
SMTP TCP- 25
. . -
25.
. , 25. -
, .
.
Ethernet 130.20.0.0. -
- 130.20.1.2. TCP,
. TCP ACR RST, -
, , .
ip access-list aaa
permit tcp any 130.20.0.0 255.255.0.0 established
permit tcp any 130.20.1.2 255.255.255.255 eq 25
interface vlan 10
. .
ip access-group aaa in
18.4.3 IP-
18.4.3.1 IP
IP- .
-
. .
. , -
. -
.
, IP .
IP
IP-. ROS
. : -
. , -
. , .
, .
, , :
(1) , .
. .
.466534.012-324 101
. . .
(2) .
18.4.3.2 IP-
IP-.
:
, .
, -
.
ip access-list standard name name
IP
deny {source [source-mask] | any} or
permit {source [source-mask] | any}
exit
, -
:
ip access-list extended name name
IP
{deny | permit} protocol source .
source-mask destination destina- , . (-
tion-mask [precedence prece- precedence ip-. TOS
dence] [tos tos] .) TCP/UDP, -
{deny | permit} protocol any any .
exit
( )
. , -
. no permit no deny -
.
:
, deny -
. , 255.255.255.255 - ,
IP- .
,
.
18.4.3.3
, . -
. .
:
ip access-group name
,
. , -
. , -
. .
. , -
ICMP.
, .
18.4.3.4
1. IP TCP/UDP
:
{deny|permit}{tcp|udp}
source source-mask[{[src_portrange begin-port end-port]|[{gt|lt} port]}]
destination destination-mask [{[dst_portrange begin-port end-port]|[{gt|lt} port]}]
[precedence precedence][tos tos]
, 14 TCP UDP. -
,
.
. .
102
.466534.012-324
. . .
,
, - -
. , -
.
, -
,
.
2. IP TCP/UDP
, TCP -
SMTP 130.2.1.2.
ip access-list extended aaa
permit tcp any 130.2.1.2 255.255.255.255 eq 25
interface f0/10
ip access-group aaa
. .
. .
. .
.466534.012-324 103
. . .
19
19.1 RIP
19.1.1
, (Routing Information
Protocol (RIP)). RIP , , -
" RIP" " -
. , ,
.
RIP ,
, , .
. RIP RFC 1058.
RIP ( - User Datagram Proto-
col (UDP)) . RIP,
30 . -
180 ,
, , . 120
, -
.
RIP . -
, -
. ; 16 . -
( 0 15) RIP .
, RIP , -
0.0.0.0. , 0.0.0.0 ; -
RIP, .
, RIP -
RIP .
RIP . ,
RIP .
RIP-2 :
MD5. (CIDR), (VLSM)
.
19.1.2 RIP
RIP, . RI; -
.
RIP
RIP
RIP
RIP
. .
IP-
RIP
19.1.3 RIP
19.1.3.1 RIP
. .
RIP, -
:
router rip RIP, -
network network-number <network-
mask> , RIP
19.1.3.2 RIP
RIP . RIP -
, -
. , -
:
. .
104
.466534.012-324
. . .
neighbor ip-address , -
, , -
, ip rip passive
. , ,
IP-
.
19.1.3.3
, RIP, -
. , -
. ,
:
offset { [interface-type number]|* }
{in|out} access-list-name offset
19.1.3.4
,
, . -
, .
-
IP (, -
), -
. ,
:
timers holddown value ( ) , -
timers expire value ( ) ,
timers update value ( )
19.1.3.5 RIP
RIP-2 , , -
, (CIDR) -
(VLSM). , RIP-1 RIP-2 ,
RIP-1. , RIP-
1, RIP-2. ,
:
. .
version {1 | 2} RIP
1 RIP 2
RIP . RIP
. , (RIP-1 RIP-2) -
, VLAN:
. .
ip rip send version 1 RIP
1
ip rip send version 2 RIP
2
ip rip send version compatibility RIP-2
, , -
VLAN:
ip rip receive version 1 RIP 1 -
ip rip receive version 2 RIP 2 -
ip rip receive version 1 2 RIP 1 2
. .
.466534.012-324 105
. . .
19.1.3.6 RIP
RIP 1 . RIP
2, RIP .
, -
RIP : MD5. .
:
, RIP,
, RIP-2 . -
(, , -
), .
RIP , -
VLAN:
ip rip authentication simple
ip rip password [string]
RIP MD5 , -
VLAN:
ip rip authentication message-digest MD5
ip rip message-digest-key [key-ID] md5
[key] MD5 ID
19.1.3.7
RIP-2 .
, RIP-2 . RIP-1
.
, ,
. ,
. -
-
.
no auto-summary
19.1.3.8 IP-
, IP-
RIP , .
, , , -
, -
. , . -
. .
, , IP-
.
no validate-update-source IP- -
RIP
. .
19.1.3.9
, RIP -
1024. ,
, , -
. RIP -
:
19.1.3.10
, IP -
- -
.
. .
106
.466534.012-324
. . .
, .
, -
. ( Frame Relay).
, , , .
IP
(Split Horizon), IP
. IP- (
, ).
, -
VLAN:
ip rip split-horizon
no ip rip split-horizon
-; -
- , .
, , "
" .
:
, ,
, , .
: (
), -
,
.
19.1.3.11 RIP
, , RIP,
.. -
, . -
.
.
Show ip rip RIP
19.1.3.12 RIP
RIP:
:
:
. .
interface vlan 11
ip address 192.168.20.81 255.255.255.0 interface loopback 0
ip address 10.1.1.1 255.0.0.0
!
router rip
network 192.168.20.0 network 10.0.0.0
!
B:
interface vlan 11
ip address 192.168.20.82 255.255.255.0
interface loopback 0
ip address 20.1.1.1 255.0.0.0
!
router rip
network 192.168.20.0 network 20.0.0.0
!
. .
.466534.012-324 107
. . .
19.2 BEIGRP
19.2.1
BEIGRP - :
-
.
, BEIGRP - ,
BEIGRP:
BEIGRP , -
.
BEIGRP ( ), -
, BEIGRP .
DUAL ( ) ,
BEIGRP , -
, . . -
, . -
( ), BEIGRP
.
BEIGRP , -
EIGRP, IP. BEIGR :
Hello -
.
.
BEIGRP .
BEIGRP .
19.2.2 BEIGRP
BEIGRP, , BEIGRP (-
); .
BEIGRP
( )
BEIGRP
BEIGRP
BEIGRP
. .
19.2.3 BEIGRP
19.2.3.1 BEIGRP
, BEIGRP
.
.
. .
BEIGRP, :
router beigrp as-number BEIGRP
network network-number network-mask BEIGRP -
19.2.3.2 ( )
BEIGRP 50 -
. ,
bandwidth .
BEIGRP.
, BEIGRP
, VLAN :
. .
108
.466534.012-324
. . .
ip beigrp bandwidth-percent percent ,
BEIGRP
19.2.3.3 BEIGRP
BEIGRP ,
. BEIGRP ,
.
.
:
metric weights k1 k2 k3 k4 k5 BEIGRP
19.2.3.4
,
,
. , -
. . :
offset{type number | *} {in | out} ac-
cess-list-name offset
19.2.3.5
-
:
BEIGRP, ,
BEIGRP, .
Null0,
. IP,
5 ( )
IP.
, BEIGRP,
.
,
, :
no auto-summary
19.2.3.6
,
. .
BEIGRP .
,
; .
:
, ,
BEIGRP, .
. .
Null0,
. IP,
5 ( )
, -
, . ,
, .
ip beigrp summary-address ip
19.2.3.7
BEIGRP :
. .
.466534.012-324 109
. . .
, -
"default-metric", (, -
, , MTU) .
BEIGRP,
"default-metric", -
BEIGRP.
(,
RIP OSPF), "default-metric"
.
.
, BEIGRP RIP , BEIGRP
, , RIP, -
:
default-metric bandwidth delay reli- -
ability loading mtu
redistribute protocol [route-map name] BEIGR
19.2.3.8 BEIGRP
BEIGRP , -
:
1.
BEIGRP :
.
, -
.
.
BEIGRP . -
BEIGRP , -
.
, , -
. BEIGRP -
, , ,
. BEIGRP, -
, .
hello -
:
( (
) )
LAN 5 15
. .
,
BEIGRP , IP, -
. ,
, BEIGRP -
, , -
. ,
, WAN. -
. .
, ,
. ,
.
ip beigrp hello-interval seconds
, :
ip beigrp hold-time seconds
2.
, ,
, .
.
.
. .
110
.466534.012-324
. . .
no ip beigrp split-horizon
19.2.3.9 BEIGRP
, :
clear ip beigrp neighbors [interface]
, BEIGRP:
show ip beigrp interfaces [interface]
BEIGRP
[as-number]
Show ip beigrp neighbors [as-number |
BEIGRP
interface]
show ip beigrp topology [as-number |
all-link | summary | active] BEIGRP
19.2.4 BEIGRP
, 10.0.0.0/8 vlan11 -
. , , -
. , BEIGRP .
interface vlan 11
ip beigrp summary-address 1 10.0.0.0 255.0.0.0
router beigrp 1
network 172.16.0.0 255.255.0.0
no auto-summary
19.3 OSPF
19.3.1
,
(OSPF). OSPF . ,
OSPF.
OSPF (Interior Gateway Protocol (IGP)),
IETF. OSPF (IGP), IP-,
IP- . OSPF -
IP Multicast.
OSPF OSPF V2 (. RFC 2328) -
:
. .
( -
(stub area) ,
)
, IP-, -
IP-. -
, , OSPF ,
RIP. , OSPF, RIP.
. .
, , OSPF , -
BGP, , OSPF, -
OSPF.
MD5 -
.
-
, ,
, ,
-
.
(not-so-
. RFC 1587
stub areas)
OSPFOSPF . RFC 1793
. .
.466534.012-324 111
. . .
19.3.2 OSPF
OSPF , -
(ABR) (ASBR).
,
. ,
.
OSPF, . OSPF, -
.
OSPF
OSPF
OSPF
OSPF
NSSA OSPF
OSPF
ID LOOPBACK
OSPF
OSPF
, , ,
IP-.
19.3.3 OSPF
19.3.3.1 OSPF
, OSPF OSPF,
IP-, -
. -
:
router ospf process-id OSPF, -
, OSPF -
network address mask area area-id
19.3.3.2 OSPF
OSPF, , -
OSPF. , , -
.
:
. .
ip ospf cost cost .
LSA ,
ip ospf retransmit-interval seconds
OSPF
LSA
ip ospf transmit-delay seconds
OSPF.
OSPF
. .
OSPF.
ip ospf message-digest-key keyid
MD5 , .
md5 key
ip ospf passive .
19.3.3.3 OSPF
3 :
. .
112
.466534.012-324
. . .
(Ethernet, Token Ring, FDDI)
(SMDS, Frame Relay, X.25)
- (HDLC, PPP)
-
.
X.25 Frame Relay ,
OSPF . Map X.25 Frame
Relay .
19.3.3.4 OSPF
,
. , -
, ,
(X.25, Frame Relay SMDS) .
.
OSPF.
, -
, .., . ,
. , - . -
.
OSPF - , -
. , -
, OSPF, - , :
.
, .
. ,
.
, OSPF -
.
ip ospf network {broadcast | non-broadcast | {point-
to-multipoint [non-broadcast] }} OSPF
19.3.3.5 OSPF
, (stub areas) -
. .
- , .
, (ABR)
. -
, .
. .
LSA, ABR, -
LSA ( 3), .
-
:
area area-id authentication simple OSPF
. .
areaarea-idauthenticationmessage-digest MD5
area area-id stub [no-summary]
-
area area-id default-cost cost
19.3.3.6 OSPF
ABR . -
OSPF, ABR .
, ABR -
, .
, -
:
area area-id range address mask
. .
.466534.012-324 113
. . .
19.3.3.7
OSPF -
, LSA.
, -
. OSPF .
, -
:
summary-address prefix mask [not , -
advertise]
19.3.3.8
ASBR
OSPF. , OSPF, -
(ASBR). , ASBR
OSP.
, ASBR -
:
default-information originate [al- ASBR -
ways] [route-map map-name] OSPF
19.3.3.9 ID LOOPBACK
OSPF IP , e -
. , OSPF ID
.
(loopback) IP-,
. -
, .
OSPF ,
IP . ,
OSPF IP- . -
OSPF.
IP- Loopback
:
interface loopback 0
ip address ip-address mask IP-
19.3.3.10 OSPF
. .
-
, , . , -
0 255;
. 255 , -
, .
OSPF :
( intra-area), (interarea), -
. .
(external).
, OSPF -
:
distance ospf [intra-area dist1] OSPF: intra-area, domain
[inter-area dist2] [external dist3] region external
19.3.3.11
, OSPF -
(SPF)
SPF. :
timers delay delaytime
timers hold holdtime
. .
114
.466534.012-324
. . .
19.3.3.12 OSPF
, IP-
, . -
, .
, .
, :
show ip ospf [process-id]
OSPF
show ip ospf [process-id] database
show ip ospf [process-id] database
[router] [link-state-id]
show ip ospf [process-id] database
[router] [self-originate]
show ip ospf [process-id] database
[router] [adv-router [ip-address]]
show ip ospf [process-id] database
[network] [link-state-id] OSPF.
show ip ospf [process-id] database
[summary] [link-state-id]
show ip ospf [process-id] database
[asbr-summary] [link-state-id]
show ip ospf [process-id] database
[external] [link-state-id]
show ip ospf [process-id] database
[database-summary]
OSPF
show ip ospf border-routers
ABR ASBR.
show ip ospf interface OSPF.
show ip ospf neighbor OSPF.
OSPF -
debug ip ospf adj
.
OSPF
debug ip ospf events
.
debug ip ospf flood
OSPF.
19.3.4 OSPF
19.3.4.1 (VLSM)
VLSM OSPF, . VLSM, -
,
. .
IP .
, 30 -
. ,
-.
interface vlan 10
ip address 131.107.1.1 255.255.255.0
! 8 bits of host address space reserved for ethernets
interface vlan 11
.466534.012-324 115
. . .
19.3.4.2 OSPF
OSPF , -
(ABR) (ASBR). -
, OSPF -
.
:
OSPF.
, , ABR ASBR
OSPF AS.
OSPF -
.
1. OSPF
OSPF.
90, Ethernet 0 0.0.0.0. RIP OSPF, OSPF
RIP.
interface vlan 10
ip address 130.130.1.1 255.255.255.0
ip ospf cost 1
!
interface vlan 10
ip address 130.130.1.1 255.255.255.0
!
router ospf 90
network 130.130.0.0 255.255.0.0 area 0
redistribute rip
!
router rip
network 130.130.0.0
redistribute ospf 90
2. , ABR ASBR
4 ID 4 IP- . -,
109 , 4 : 10.9.50.0, 2, 3 0.
10.9.50.0, 2 3 0 .
router ospf 109
network 131.108.20.0 255.255.255.0 area 10.9.50.0
network 131.108.0.0 255.255.0.0 area 2
network 131.109.10.0 255.255.255.0 area 3
network 0.0.0.0 0.0.0.0 area 0
!
! Interface vlan10 is in area 10.9.50.0:
interface vlan 10
ip address 131.108.20.5 255.255.255.0
!
! Interface vlan11 is in area 2:
. .
interface vlan 11
ip address 131.108.1.5 255.255.255.0
!
! Interface vlan12 is in area 2:
interface vlan 12
ip address 131.108.2.5 255.255.255.0
!
. .
116
.466534.012-324
. . .
, 0, -
, Ethernet 1. 1 2.
. : , ,
0.
3. , ABR ASBR
,
OSPF. :
.
RTA:
interface loopback 0
ip address 202.96.207.81 255.255.255.0
!
interface vlan 10
ip address 192.168.10.81 255.255.255.0
!
interface vlan 10
ip address 192.160.10.81 255.255.255.0
!
router ospf 192
network 192.168.10.0 255.255.255.0 area 1
network 192.160.10.0 255.255.255.0 area 0
!
RTB:
. .
interface loopback 0
ip address 202.96.209.82 255.255.255.252
!
interface vlan 10
ip address 192.168.10.82 255.255.255.0
!
interface vlan 11
. .
.466534.012-324 117
. . .
router ospf 192
network 192.168.20.0 255.255.255.0 area 1
network 192.163.20.0 255.255.255.0 area 0
!
:
Ethernet 0 3.
OSPF . OSPF
. . 36.0.0.0
.
: , -
area. ,
.
, , :
IGMP RIP OSPF ( -
, , ).
IGMP OSPF RIP.
OSPF :
interface vlan 10
ip address 192.168.20.81 255.255.255.0
ip ospf password GHGHGHG
ip ospf cost 10
!
interface vlan 11
. .
ip address 192.168.30.81 255.255.255.0
ip ospf password ijklmnop
ip ospf cost 20
ip ospf retransmit-interval 10
ip ospf transmit-delay 2
ip ospf priority 4
!
. .
interface vlan 12
ip address 192.168.40.81 255.255.255.0
ip ospf password abcdefgh
ip ospf cost 10
!
interface vlan 13
ip address 192.168.0.81 255.255.255.0
ip ospf password ijklmnop
ip ospf cost 20
ip ospf dead-interval 80
!
router ospf 192
network 192.168.0.0 255.255.255.0 area 0
network 192.168.20.0 255.255.255.0 area 192.168.20.0
network 192.168.30.0 255.255.255.0 area 192.168.30.0
network 192.168.40.0 255.255.255.0 area 192.168.40.0
. .
118
.466534.012-324
. . .
area 0 authentication simple
area 192.168.20.0 stub
area 192.168.20.0 authentication simple
area 192.168.20.0 default-cost 20
area 192.168.20.0 authentication simple
area 192.168.20.0 range 36.0.0.0 255.0.0.0
area 192.168.30.0 range 192.42.110.0 255.255.255.0
area 0 range 130.0.0.0 255.0.0.0
area 0 range 141.0.0.0 255.0.0.0
redistribute rip
RIP is in network 192.168.30.0. router rip
network 192.168.30.0 redistribute ospf 192
!
19.4 BGP
, (Border Gateway Protocol
(BGP)). BGP BGP. BGP
(Exterior Gateway Protocol (EGP)), RFC1163,
1267 1771.
.
19.4.1
19.4.1.1 BGP
BGP, , , -
( ), .
BGP 4, RFC1771. -
BGP , AS -
. AS, -
, AS-. BGP 4 -
(CIDR), -
. CIDR
BGP IP . CIDR OSPF, IGRP -
, ISIS-IP RIP 2.
. BGP
:
, access-list, aspath-list prefix-list;
access-list, prefix-list
Nexthop.
, route-map -
, MED, Local Preference, Route Weight.
(OSPF,
RIP ..), redistribute -
. .
19.4.1.2 BGP
. .
BGP .
, BGP . BGP
:
, .
, , IGP, -
.
.
, -
.
, ,
. , -
, -
IGP.
, -
, .
. .
.466534.012-324 119
. . .
,
(IGP < EGP < INCOMPLETE).
, MED.
, bgp always-compare-med router.
(EBGP) IBGP, -
MED. (confederation paths)
EBGP IBGP.
,
ID-.
19.4.2 BGP
19.4.2.1 BGP
BGP . -
BGP , -
.
1. BGP
BGP, -
:
BGP -
router bgp autonomous-system
network network-number/masklen
[route-map route-map-name] BGP
:
, ,
IP . -
IGP RIP, ,
.
IGP BGP. -
, RAM , -
. , -
.
2. BGP
, , BGP .
, BGP .
BGP : . (Internal
neighbors) , (external neighbors)
.
, .
BGP , -
. .
:
neighbor {ip-address } remote-as num-
BGP
ber
BGP
BGP.
. .
120
.466534.012-324
. . .
. , . -
,
BGP.
, BGP -
. -
.
BGP:
Neighbor { ip-address } soft-
BGP
reconfiguration [inbound]
4. BGP
2 BGP , BGP
, .
BGP , BGP -
, .
BGP :
clear ip bgp * BGP
clear ip bgp address BGP
5. BGP IGP
AS AS, ,
AS , AS
AS. , BGP
AS IGP, AS -
, .
, BGP , IGP AS
, BGP IGP. .
, BGP IGP . AS -
AS AS BGP, -
.
IGP, BGP . -
.
no synchronization BGP IGP
clear ip bgp, BGP .
BGP BGP
.
, BGP IGP. -
,
IGRP, BGP . -
. .
BGP, . IGP -
BGP; BGP -
IGP, BGP , .
6. BGP
BGP - , BGP ,
. .
0 65536. BGP
32768, , , 0. -
, .
7. BGP
BGP -
:
. .
.466534.012-324 121
. . .
neighbor {ip-address } weight weight
, route-map.
BGP ,
:
(1) Aspath ip aspath-list -
neighbor filter-list .
ip aspath-list aspaths-list-name {permit |
BGP
deny} as-regular-expression
router bgp autonomous-system
neighbor {ip-address } filter-list aspath-
BGP
list-name {in | out }
(2) ip access-list -
neighbor distribute-list .
ip access-list standard access-list-name
router bgp autonomous-system
neighbor {ip-address } distribute-list
BGP
access-list-name {in | out }
(3) ip prefix-list -
neighbor prefix-list router .
ip prefix-list prefixs-list-name Sequence
number {permit |deny} A.B.C.D/n ge x le y
router bgp autonomous-system
neighbor {ip-address } prefix-list
BGP
prefix-list-name {in | out}
(4) route-map
neighbor route-map .
,
, .
BGP " -
BGP " .
8. BGP
BGP , .
, .
-
(nexthop) .
. -
. .
. *, .
BGP , -
BGP:
filter interface { in | out }( access-list
access-list-name) (prefix-list prefix- BGP
. .
:
BGP -
.
,
. (, )
BGP -
, -
:
. .
122
.466534.012-324
. . .
-
neighbor {ip-address } next-hop-self
BGP
peer
. , BGP
. , -
. , ,
.
19.4.2.2 BGP
1.
peer
. , BGP
. ,
. , , -
.
, -
(autonomous system path), (community), (network
numbers). aspath-list
, community-list
ip access-list .
, -
:
2.
neighbor {ip-address } route-map route- -
map-name {in | out}
. " BGP".
(CIDR) ( -
NET), .
BGP BGP
. BGP, -
BGP.
, -
:
-
aggregate network/len
BGP
aggregate network/len summary-only
. .
,
aggregate network/len route-map map-name
BGP " BGP".
3. Communities BGP
, BGP, -
. .
BGP:
Network number
AS_PATH
COMMUNITY
(communities) -
COMMUNITY, .
COMMUNITY , .
. AS ,
.
COMMUNITY 1
4294967200. :
EBGP (peer). (
no-export
EBGP AS )
no-advertise (peer)
. .
.466534.012-324 123
. . .
-
local-as . ( AS
.)
, , BGP ,
. ,
COMMUNITY .
COMMUNITIES . -
, COMMUNITY
BGP:
COMMUNITY,
neighbor {ip-address} send-community
.
COMMUNITY :
route-map map-name sequence-number {deny |
permit}
set community community-value
router bgp autonomous-system
neighbor {ip-address} route-map access-
list-name {in | out}
COMMUNITY :
ip community-list standard | expended
community-list-name {permit | deny}
communtiy-expression
route-map map-name sequence-number {deny |
permit}
match community-list-name
router bgp autonomous-system
neighbor {ip-address} route-map route-map-
name {in | out}
COMMUNITY " -
BGP COMMUNITY".
4. AS
IBGP
,
.
.
, EBGP
, , -
. .
IBGP. , , MED -
.
BGP , ,
.
:
. .
BGP.
5. (route reflectors)
AS- IBGP -
.
:
(). -
. . -
. .
124
.466534.012-324
. . .
, .
IBGP .
,
:
BGP .
.
. ,
.
-
:
neighbor ip-address route-reflector-client
AS IBGP .
, -
.
.
4- , -
.
.
, ,
ID :
bgp cluster-id cluster-id ID
-
BGP.
6.
, BGP:
neighbor {ip-address} shutdown BGP
BGP:
, BGP:
distance bgp external-distance internal- BGP -
distance local-distance
BGP.
, , -
, .
9. BGP
BGP
:
( ) -
neighbor [ip-address | peer group-name]
timers keepalive holdtime
. .
.466534.012-324 125
. . .
no neighbor timers
BGP .
10. MED AS
MED , .
MED .
, MED AS .
MED .
19.4.3 BGP
:
MED
bgp always-compare-med
. .
1. BGP
, -, BGP, -
. :
clear ip bgp * BGP
clear ip bgp as-number BGP AS
BGP -
clear ip bgp address
-
clear ip bgp address soft {in|out}
clear ip bgp aggregates
clear ip bgp networks
network
clear ip bgp redistribute
2.
, -
BGP . ,
. .
:
show ip bgp BGP
,
show ip bgp prefix
show ip bgp community
. .
,
show ip bgp regexp regular-expression
show ip bgp network BGP
BGP
show ip bgp neighbors address
TCP
show ip bgp neighbors [address] [received- ,
routes | routes | advertised-routes] BGP
. .
126
.466534.012-324
. . .
19.4.4 BGP
BGP:
1. BGP
, -
: , 140.222.1.1 -
ASPATH , 200. -
250 . .
router bgp 100
!
neighbor 140.222.1.1 route-map fix-weight in
neighbor 140.222.1.1 remote-as 1
!
route-map fix-weight permit 10
match as-path aaa
set local-preference 250
set weight 200
!
ip aspath-list aaa permit ^690$
ip aspath-list aaa permit ^1800
, freddy -
127 MED AS 690. , -
1.1.1.1:
router bgp 100
neighbor 1.1.1.1 route-map freddy out
!
ip aspath-list abc permit 690_
ip aspath-list xyz permit .*
!
route-map freddy permit 10
match as-path abc
set metric 127
!
route-map freddy permit 20 match as-path xyz
It indicates how to use routing image to modify forwarded routes as follows:
router bgp 100
redistribute rip route-map rip2bgp
!
route-map rip2bgp
match ip address rip
set local-preference 25
set metric 127
set weight 30000
set next-hop 192.92.68.24
set origin igp
!
. .
). .
router bgp 109
network 131.108.0.0
network 192.31.7.0
neighbor 131.108.200.1 remote-as 167
neighbor 131.108.234.2 remote-as 109
neighbor 150.136.64.19 remote-as 99
3. BGP
BGP . -
test1, as-path, 100.
test2, as-path, 193.1.12.10. -
, test3 193.1.12.10.
router bgp 200
neighbor 193.1.12.10 remote-as 100
neighbor 193.1.12.10 filter-list test1 weight 100
. .
.466534.012-324 127
. . .
neighbor 193.1.12.10 filter-list test2 out
neighbor 193.1.12.10 filter-list test3 in
ip aspath-list test1 permit _109_
ip aspath-list test2 permit _200$
ip aspath-list test2 permit 100$
ip aspath-list test3 deny _690$
ip aspath-list test3 permit .*
4. BGP
BGP .
1/0 ACL:
router bgp 122
filter vlan10 in access-list acl
filter-network -
. filter-gateway , -
s1/0:
router bgp 100
filter vlan100 in access-list filter-network gateway filter-gateway
filter-prefix
. filter-prefix ,
:
router bgp 100
filter * in prefix-list filter-prefix gateway filter-gateway
5.
0.0.0.0/0 :
ip prefix-list abc deny 0.0.0.0/0
35.0.0.0/8
ip prefix-list abc permit 35.0.0.0/8
/8 /24 BGP.
router bgp
network 101.20.20.0 filter *
ip prefix max24
!
ip prefix-list max24 seq 5 permit 0.0.0.0/0 ge 8 le 24
!
-
8 24:
router bgp 12
filter * in prefix-list max24
!
ip prefix-list max24 seq 5 permit 0.0.0.0/0 ge 8 le 24
.
24 192/8:
ip prefix-list abc permit 192.0.0.0/8 le 24
. .
25 192/8:
ip prefix-list abc deny 192.0.0.0/8 ge 25
( 8
24) .
ip prefix-list abc permit 0.0.0.0/0 ge 8 le 24
( 25)
. .
.
ip prefix-list abc deny 0.0.0.0/0 ge 25
10/8 . , 10.0.0.0/8
32 , :
ip prefix-list abc deny 10.0.0.0/8 le 32
25 204.70.1/24:
ip prefix-list abc deny 204.70.1.0/24 ge 25
:
ip prefix-list abc permit any
6. BGP
, BGP -
.
, redistribute static
193*.*.*:
. .
128
.466534.012-324
. . .
ip route 193.0.0.0 255.0.0.0 null 0
!
router bgp 100
redistribute static
, BGP.
, AS atomic.
router bgp 100 aggregate
193.0.0.0/8
193.*.*.*,
:
router bgp 100
aggregate 193.0.0.0/8 summary-only
7. BGP
, . RTA, RTB, RTC RTE -
AS200, RTA , RTB RTC -
, RTE IBGP. RTD AS100 -
RTA EBGP. :
RTA:
interface vlan110
ip address 2.0.0.1 255.0.0.0
!
interface vlan111
ip address 3.0.0.1 255.0.0.0
!
interface vlan112
ip address 4.0.0.1 255.0.0.0
!
interface vlan113
ip address 5.0.0.1 255.0.0.0
!
router bgp 200
neighbor 2.0.0.1 remote-as 200 /*RTC IBGP*/
. .
!
ip route 13.0.0.0 255.0.0.0 3.0.0.12
RTC:
interface vlan110
ip address 2.0.0.2 255.0.0.0
!
router bgp 200
. .
.466534.012-324 129
. . .
neighbor 2.0.0.1 remote-as 200 /*RTA IBGP*/
network 12.0.0.0/8
!
ip route 12.0.0.0 255.0.0.0 2.0.0.12
RTD:
interface vlan110
ip address 4.0.0.2 255.0.0.0
!
router bgp 100
neighbor 4.0.0.1 remote-as 200 /*RTA EBGP*/
network 14.0.0.0/8
!
ip route 14.0.0.0 255.0.0.0 4.0.0.12
RTE:
interface vlan110
ip address 5.0.0.2 255.0.0.0
!
router bgp 200
neighbor 5.0.0.1 remote-as 200 /*RTA IBGP*/
network 15.0.0.0/8
!
ip route 15.0.0.0 255.0.0.0 5.0.0.12 8.
8. BGP-
AS-, IBGP RTA, RTB RTC, -
AS 65010. RTE AS 65020. RTE RTA EBGP
AS-. AS- AS65010 AS65020,
AS200. RTD AS100, RTD EBGP AS 200 RTA.
RTA:
interface vlan110
ip address 1.0.0.1 255.0.0.0
!
interface vlan111
. .
ip address 2.0.0.1 255.0.0.0
!
interface vlan112
ip address 4.0.0.1 255.0.0.0
!
interface vlan113
ip address 5.0.0.1 255.0.0.0
!
. .
RTB:
interface vlan110
ip address 1.0.0.2 255.0.0.0
!
interface vlan111
ip address 3.0.0.1 255.0.0.0
!
router bgp 65010
. .
130
.466534.012-324
. . .
bgp confederation identifier 200
bgp confederation peers 65020
neighbor 1.0.0.1 remote-as 65010 /*RTA IBGP*/
neighbor 3.0.0.2 remote-as 65010 /*RTC IBGP*/
RTC:
interface vlan110
ip address 2.0.0.2 255.0.0.0
!
interface vlan111
ip address 3.0.0.2 255.0.0.0
!
router bgp 65010
bgp confederation identifier 200
bgp confederation peers 65020
neighbor 2.0.0.1 remote-as 65010 /*RTA IBGP*/
neighbor 3.0.0.1 remote-as 65010 /*RTB IBGP*/
RTD:
interface vlan110
ip address 4.0.0.2 255.0.0.0
!
router bgp 100
neighbor 4.0.0.1 remote-as 200 /*RTA EBGP*/
RTE:
interface vlan110
ip address 5.0.0.2 255.0.0.0
!
router bgp 65020
bgp confederation identifier 200
bgp confederation peers 65010
neighbor 5.0.0.1 remote-as 65010 /*RTA EBGP*/
9. BGP
BGP.
, route map set-community -
171.69.232.50. AAA
no-export; , , . -
BGP AS200 ,
.
router bgp 100
neighbor 171.69.232.50 remote-as 200
neighbor 171.69.232.50 send-community
neighbor 171.69.232.50 route-map set-community out
!
. .
.466534.012-324 131
. . .
com1, 8000, 100 200 300
900 901. .
com2 -
500.
50. ,
171.69.232.55 50.
router bgp 200
neighbor 171.69.232.55 remote-as 100
neighbor 171.69.232.55 route-map filter-on-community in
!
route-map filter-on-community 10 permit
match community com1 set metric 8000
!
route-map filter-on-community 20 permit
match community com2 set local-preference 500
!
route-map filter-on-community 30 permit
set local-preference 50
!
ip community-list com1 permit 100 200 300
ip community-list com1 permit 900 901
!
ip community-list com2 permit 88
ip community-list com2 permit 90
. .
. .
. .
132
.466534.012-324
. . .
20 VRRP
20.1
,
(Virtual Route Redundancy Protocol (VRRP))
. VRRP
.
VRRP.
IP MAC . VRRP ,
, . -
, . -
.
. , .
20.2 VRRP
/ VRRP
VRRP
VRRP
VRRP
VRRP
VVRP
20.3 VRRP
20.3.1 / VRRP
.
vrrp vrid associate virtual-address VRRP
no vrrp vrid VRRP
VRRP.
, IP ,
Init.
,
. IP-, -
255. VRRP
.
20.3.2 VRRP
.
. .
.
VRRP no-authen ( -
).
20.3.3 VRRP
.
.466534.012-324 133
. . .
.
20.3.4 VRRP
.
vrrp vrid priority value (1~254) VRRP
no vrid priority VRRP
, VRRP
255. , -
.
, 100.
20.3.5 VRRP
.
vrrp vrid timer advertisement value VRRP
no vrrp vrid timer advertisement dvertisement
VRRP
(advertisement) -
. , -
skew_time. -
, , , -
.
1 .
20.3.6 VRRP
.
show vrrp vrid [interface vlan_intf] VRRP
[no] vrrp {packet | event} / VRRP
:
switch#show vrrp 1
VLAN1 (192.168.20.118, 255.255.255.0 00e0.0f42.0000)
group id: 1
state: Master
virtual mac address: 0000.5e00.0101
priority: 100
preempt: on
authentication: no-authen
advertisement interval: 1
. .
associate IP address: 192.168.20.110
advertisement timer expiry: 1
20.3.7 VRRP . .
20.3-1
1.
IP
. .
134
.466534.012-324
. . .
Switch_config_v1# ip address 192.168.20.18 255.255.255.0
IP-
Switch_config_v2 # IP- 211.162.1.120 255.255.255.0
1 ,
IP 192.168.20.1 120
Switch_config_v1#vrrp 1 associate 192.168.20.1
Switch_config_v1#vrrp 1 priority 120
Switch_config#show vrrp
VLAN1 (192.168.20.18,255.255.255.0 00e0.0f42.0000)
group id: 1
state: Master
virtual mac address: 0000.5e00.0101
priority: 120
preempt: on
authentication: no-authen
advertisement interval: 1
associate IP address: 192.168.20.1
advertisement timer expiry: 1
2. B
IP
Switch_config_v1# ip address 192.168.20.16 255.255.255.0
IP
Switch_config_v2#ip address 211.162.1.125 255.255.255.0
1 ,
IP 192.168.20.1
Switch_config_v1#vrrp 1 associate 192.168.20.1
Switch_config_v1#vrrp 1 associate 192.168.20.1
Switch_config#show vrrp
VLAN1 (192.168.20.16,255.255.255.0 00e0.0f42.0000)
group id: 1
state: Backup
virtual mac address: 0000.5e00.0101
priority: 100
preempt: on
authentication: no-authen
advertisement interval: 1
associate IP address: 192.168.20.1
advertisement timer expiry: 1
3.
: 192.168.20.1 .
. .
. .
. .
.466534.012-324 135
. . .
21 IP MULTICAST
21.1
, . -
.
IP ()
() IP- IP-, IP-
. ,
D (224.0.0.0 ~ 239.255.255.255). Multicast -
, UDP; UDP -
, TCP.
IP- ,
, , , ,
. ,
.
. -
.
. , .
, .
-
, (, PIM-DM, PIM-SM ),
IGMP.
, IGMP .
-
, 1 N-.
21.1.1
-
:
, IGMP -
.
OLNK ,
. -
.
PIM-DM/PIM-SM/DVMRP -
, -
.
, IP-
.
. .
. .
21.1.2
21.1.2.1
IP ()
TTL ()
IP Multicast ()
IP ()
1) IP multicast ()
. .
136
.466534.012-324
. . .
2) IP Multicast Helper ()
3) ()
()
21.1.2.2 IGMP
IGMP
IGMP
IGMP Querier
IGMP
IGMP
IGMP Immediate-Leave
21.1.2.3 PIM-DM
PIM-DM
DR
(S, G)
21.1.2.4 PIM-SM
RP
BSR
RP
PIM-SM
, PIM-SM
21.1.2.5 DVMRP
DVMRP
DVMRP
, DVMRP
21.2
21.2.1 IP
. .
.
:
ip multicast-routing IP
. .
21.2.2
IGMP. OLNK, PIM-DM, PIM-SM DVMRP.
.
, -
.
-
(MBR), ,
,
. , ,
PIM-DM ( (S, G)) BIDIR PIM-SM ( (*, G)) .
21.2.2.1 OLNK
OLNK . -
:
. .
.466534.012-324 137
. . .
ip olnk
21.2.2.2 PIM-DM
PIM-DM ;
:
ip pim-dm , PIM-DM
PIM-DM
21.2.2.3 PIM-SM
PIM-SM ;
:
, PIM-SM -
ip pim-sm PIM-SM
21.2.3 TTL
ip multicast ttl-threshold TTL , -
, no ip multicast ttl-threshold -
. 1.
ip multicast ttl-threshold ttl-value TTL
, TTL -
:
interface ethernet 1/0
ip multicast ttl-threshold 200
21.2.4
ip multicast mroute-cache -
, no ip multicast mroute-cache,
.
ip multicast mroute-cache -
,
. .
:
interface ethernet 1/0
no ip mroute-cache
21.2.5
. .
. RPF -
. - , -
( ). RPF -
.
, , , .
. GRE -
, ,
. (UR) -
, (MR) -
, .
MR1 MR2. MR2 , -
. ,
. ,
.
. .
138
.466534.012-324
. . .
RPF,
. ,
. .
.
, , -
.
ip mroute source-address mask rpf-address
type number [distance]
21.2.6 IP Multicast
ip multicast boundary
no ip multicast boundary, .
.
ip multicast boundary access-list IP multicast
, -
.
interface ethernet 0/0
ip multicast boundary acl
ip access-list standard acl
permit 192.168.20.97 255.255.255.0
21.2.7 IP Multicast
ip multicast rate-limit -
/. no ip multi-
cast rate-limit .
N Kbps.
ip multicast rate-limit in group-list ac- -
. .
.466534.012-324 139
. . .
interface type number .
ip directed-broadcast .
ip multicast helper-map group-address ip multicast helper -
broadcast-address access-list .
, -
ip forward-protocol [port]
.
, -
.
. IP- -
0 .
ip multicast helper-map broadcast 230.0.0.1 testacl1
230.0.0.1, -
UDP 4000, 192.168.20.97/24.
IP- 1
. ip multicast helper-map 230.0.0.1
172.10.255.255 testacl2
172.10.255.255, 4000,
192.168.20.97/24.
, ,
( VLAN)
interface ethernet 0
ip directed-broadcast
ip multicast helper-map broadcast 230.0.0.1 testacl
ip pim-dm
!
ip access-list extended testacl permit udp 192.168.20.97 255.255.255.0 any
ip forward-protocol udp 4000
, , -
.
interface ethernet 1
ip directed-broadcast
ip multicast helper-map 230.0.0.1 172.10.255.255 testacl2
ip pim-dm
!
ip access-list extended testacl2 permit udp 192.168.20.97 255.255.255.0 any
ip forward-protocol udp 4000
21.2.9
ip igmp helper-address ip pim-dm neighbor-filter -
(stub multicast route).
,
(stub router):
. .
interface type number
ipigmphelper-address destination- ip igmp helper-address
address
,
. .
interface type number
ip pim neighbor-filter access- PIM , -
list
, :
ip multicast-routing
ip pim-dm
ip igmp helper-address 10.0.0.2
Central Router B Configuration
ip multicast-routing
ip pim-dm
ip pim-dm neighbor-filter stubfilter
ip access-list stubfilter
deny 10.0.0.1
. .
140
.466534.012-324
. . .
21.2.10
1.
, -
. , :
clear ip igmp group [type number] [group-address |
IGMP
<cr>]
-
clear ip mroute [* | group-address | source-address]
.
2.
,
IP .
.
show ip igmp groups [type number | group-
address] [detail] IGMP
show ip igmp interface [type number] IGMP
show ip mroute mfc
show ip rpf [ucast | mstatic | pim-dm |
pim-sm | dvmrp] source-address RPF
21.3 IGMP
21.3.1
1. IGMP
IGMP, Internet Group Management Protocol ( -
), ,
. IGMP
. , , -
,
, , -
. , -
IGMP ,
,
, .
IGMP ;
, . -
, IP-
IGMP . , -
IGMP 3.
. .
, / IGMP, -
. IGMP- -
.
2. OLNK
, OLNK (IGMP only-link) . -
OLNK . OLNK
. .
, PIM-DM. OLNK -
IGMP RPF ,
,
.
21.3.2 IGMP
IGMP-
IGMP. IGMP- .
IGMP .
21.3.2.1 IGMP
IGMP, . 1 -
. 2 -
-
. .
.466534.012-324 141
. . .
, leave,
. 3 -
. , IGMP 3
IGMP 1 2. -
IGMP .
IGMP , , IGMP-
( ,
) IGMP
.
, IGMP-
, .
IGMP-, .
ip igmp version version_number IGMP
21.3.2.2 IGMP
IGMP, -
IGMP (general query) 224.0.0.1 IGMP-
, - (report) IGMP-. , -
IGMP-. -
IGMP (IGMP Query Interval). ,
IGMP-
. IGMP .
-
IGMP .
ip igmp query-interval time IGMP ( ) -
IGMP , ),
query (). -
, IGMP. -
IGMP- 1, -
, IGMP 1.
2 3 : Que-
rier IP-. (non-
querier) Querier. -
( ), -
. .
IGMP , Non-Querier , -
IGMP IP .
Querier
2 IGMP.
ip igmp querier-timeout time Querier
. .
Querier 1 IGMP -
; 3 .
, IGMP .
21.3.2.4 IGMP
2 3 IGMP ,
IGMP IGMP
IGMP. , IGMP -
IGMP . ,
IGMP .
, IGMP .
:
IGMP , IGMP. -
, ,
, 1 .
. .
142
.466534.012-324
. . .
2 3 IGMP IGMP
.
ip igmp query-max-response-time time IGMP
1 IGMP , -
. ,
1.
21.3.2.5
IGMP 2 3,
IGMP
-
. , IGMP -
. IGMP -
, ,
.
.
,
IGMP . , IGMP .
IGMP 2 3, IGMP
.
ip igmp last-member-query-interval time
IGMP
1. IGMP 1, -
.
21.3.2.6 IGMP
, -
IGMP. -
, IGMP .
IGMP. , IGMP
1 1,
, 2
2. , . , -
.
, -
, ,
, . ,
IGMP 3, -
, ..
. .
.
-
.
ip igmp static-group { * | group-address} -
{include source-address | <cr> }
. .
, . Immediate
Leave , IGMP -
. ,
.
:
-
, ,
. ,
. .
.466534.012-324 143
. . .
.
, .
2 IGMP ,
Immediate-Leave:
IGMP,
ip igmp immediate-leave group-list
"Immediate-leave multicast
list-name
group"
IP list-
ip access-list standard list-name
name (_).
IP- IGMP "Immediate-Leave"
permit source-address
IP.
leave IGMP 1 3
2, 1 3.
ip igmp query-interval 50
IGMP Querier
2 3 IGMP , -
IGMP ,
(Querier). Querier - , .. ( -
IGMP , ),
query (). -
, IGMP. -
. .
IGMP- 1,
, IGMP 1.
2 3 : Que-
rier IP-. (non-querier)
Querier. (
), IGMP
, Non-Querier ,
. .
IGMP IP .
Querier
2 IGMP.
ip igmp querier-timeout time Querier
Querier 1 IGMP -
; 3 .
, IGMP -
2.
3. IGMP Querier
, Querier
IGMP (Ethernet 1/0) 100 .
interface ethernet 1/0
ip igmp querier-timeout 100
. .
144
.466534.012-324
. . .
4. IGMP
,
IGMP (Ethernet 1/0 ) 15 .
interface ethernet 1/0
ip igmp query-max-response-time 15
5.
,
IGMP (Ethernet 1/0) 2000 .
interface ethernet 1/0
ip igmp last-member-query-interval 2000
6. IGMP
-
. -
.
interface ethernet 1/0
ip igmp static-group *
, , Ethernet 1/0
. , -
IP -
.
interface ethernet 1/0
ip igmp static-group 224.1.1.7
, ,
224.1.1.7 Ethernet 1/0. ,
224.1.1.7 IP
224.1.1.7 .
interface ethernet 1/0
ip igmp static-group 224.1.1.7 include 192.168.20.168
, ,
224.1.1.7 Ethernet 0/0 - 192.168.20.168. -
, 224.1.1.7, -
192.168.20.168. -
IP , 192.168.20.168 224.1.1.7
.
7. , IP , 192.168.20.169
224.1.1.7 , .
ip igmp static-group 224.1.1.7 include 192.168.20.169
- ,
, .
:
, -
. .
, , -
, . -
. , ip igmp static-group
224.1.1.7, ip igmp static-group 224.1.1.7 include 192.168.20.168, -
.
7. IGMP Immediate-Leave
. .
, -
Immediate-Leave (Ethernet 1/0) IGMP- (192.168.20.168 )
. IGMP IP 192.168.20.168 Immedi-
ate-Leave.
interface ethernet 1/0
ip igmp immediate-leave imme-leave
exit
21.4 PIM-DM
21.4.1 PIM-DM
. .
.466534.012-324 145
. . .
Protocol Independent Multicast Dense Mode -
. , -
. , PIM-DM -
(flood and prune). -
, PIM -
PRF. , PIM-DM -
. , -
(S, G). (S, G) , ,
, , , ..
, PIM-DM prune
, . -
. , -
(forwarding), -
. ,
.
, , PIM-DM prune -
, .
S G, -
(S, G) .
PIM-DM, ,
.
DR, PIM-DM : (as-
sertion), ,
; Join/Prune join/prune ; -
pruning deny .
PIM-DM , PIM-DM -
PIM . PIM-DM
DR .
IGMP v1, PIM-DM DR. -
DR, PIM DR .
, IP DR. -
Hello, IP
DR.
PIM-DM v2 , CIDR,
VLSM IGMP v1, v2, v3.
21.4.2 PIM-DM
21.4.2.1
, -
, . -
.
:
( )
. .
ip pim-dm hello-interval
?
- -
-
ip pim-dm state-refresh origination- , ; -
interval upstream. -
, ,
-
. .
21.4.2.2
PIM
. - -
, ;
upstream. -
, , -
.
no ip pim-dm state-refresh disable -
ippim-dm state-refresh origination- -
interval
. .
146
.466534.012-324
. . .
21.4.2.3
PIM-DM , -
;
.
, -
PIM-DM. -
.
ip pim-dm neighor-filter
ip multicast boundary
21.4.2.4 DR
DR , IGMP v1. DR 1. -
DR, PIM DR .
, IP -
DR. Hello,
IP DR..
:
ip pim-dm dr-priority DR
21.4.2.5 (S, G)
(S, G) MRT -
(S, G) . -
.
(S, G) MRT;
-
clear ip mroute pim-dm {* | group , -
[source]} . -
(S, G) , -
PIM-DM -
, -
(S, G) PIM-DM . -
clear ip pim-dm interface (S, G) ,
PIM-DM -
. .
21.4.3 PIM-DM
21.5 PIM-SM
21.5.1 PIM-SM
Protocol Independent Multicast Spare Mode (PIM-SM) -
. .
. PIM-SM
PIM-SM, -
(DR) . , DR
Join/Prune
.
. .
.466534.012-324 147
. . .
PIM-SM -
. 2 :
RP G
. PIM-SM Join/Prune -
. :
DR join , (*, G) -
RP G ;
, register
RP DR. RP
. RP join (S, G)
register-stop DR , -
DR . ,
, RP , -
RP. , DR -
prune RP G, .
PIM-SM RP.
BSRS PIM-SM . BSR -
. RP PIM-SM , -
, RP- , -
BSR. BSR "BootStrap" RP
, . "BootStrap" . -
"BootStrap" .
, DR -
. .
RP, ,
. DR join/prune
RP . -
, DR - RP,
. DR
register RP.
. .
21.5.2 PIM-SM
21.5.2.1 PIM-SM
PIM-SM ,
:
ip pim-sm , PIM-SM
PIM-SM
21.5.2.2 RP
RP PIM-SM . ,
RP PIM-SM ;
, PIM-DM.
. .
148
.466534.012-324
. . .
PIM-SM BSR, -
. override, RP RP
RP, BSR. override ,
PR, BSR.
:
ip pim-sm rp-address rp-add [override|acl-name] RP, -
no ip pim-sm rp-address rp-add
21.5.2.3 BSR
RP BSR PIM-SM , -
PR RP -
.
:
ip pim-sm bsr-candidate type number [hash-
mask-length] [priority] BSR. -
no ip pim-sm bsr-candidate type number learn compete BSR.
21.5.2.4 RP
RP BSR , -
PIM-SM -
RP.
:
ip pim-sm rp-candidate [type RP.
number] [interval|group-l/st acl-name] BSR -
no ip pim-sm rp-candidate [type PIM-SM
number] PIM-SM BSR.
21.5.2.5 PIM-SM
,
PIM-SM.
show ip mroute pim-sm [group-address]
[source-address] [type number] [summary]
[count] [active kbps] PIM-SM
21.5.2.6 , PIM-
SM
. .
, -
PIM-SM.
clear ip mroute pim-sm [ * | group-address PIM-
] [source-address] SM
. .
21.5.3
21.5.3.1 PIM-SM ( VLAN )
PIM-SM .
!
ip multicast-routing
!
interface LoopbackO
ip address 192.166.100.142 255.255.255.0
ip pim-sm
!
interface Ethernet1/1
ip address 192.166.1.142 255.255.255.0
ip pim-sm
ip pim-sm dr-priority 100
. .
.466534.012-324 149
. . .
!
interface Serial2/0
ip address 192.168.21.142 255.255.255.0
physical-layer speed 128000
ip pim-sm
!
router rip
network 192.168.21.0
network 192.166.1.0
network 192.166.100.0
version 2
!
ip pim-sm bsr-candidate Loopback0 30 201
ip pim-sm rp-candidate Loopback0
!
B
!
ip multicast-routing
!
interface Ethernet0/1
ip address 192.168.200.144 255.255.255.0
ip pim-sm
ip pim-sm dr-priority 200
!
interface Serial0/0
ip address 192.168.21.144 255.255.255.0
ip pim-sm
!
ip pim-sm
!
interface Serial2/0
ip address 192.168.21.142 255.255.255.0
physical-layer speed 128000 ip pim-sm
!
router rip
network 192.168.21.0
network 192.166.100.0
!
. .
ip pim-sm bsr-candidate Loopback0 30 201
!
B:
!
ip multicast-routing
!
interface Loopback0
. .
!
ip pim-sm bsr-candidate Loopback0 30
!
. .
150
.466534.012-324
. . .
22 QOS
,
, .
22.1
22.1.1 QoS
; -
,
. , -
. .
QoS
, .
.
802.1Q. .
. -
, 0 7 , , .
DSCP IP IP-; DSCP -
6 TOS IP.
, -
.
,
. port-to-port (P2P) QoS. ,
,
(, - , ..).
QoS , -
.
. -
, .
best-effort, , , -
. QoS best-effort service
, (first come, first served).
(Differentiated service)
,
, QoS.
. .
, IP IP-. -
QoS (intelli-
gent queue). QoS , -
(weighted round robin - WRR) , (first come, first
served (FCFS)) .
22.1.3 QoS
. .
, -
.
2. Weighted round robin
WRR -
. . -
.
. .
.466534.012-324 151
. . .
, WWW -
.
3. First come first served
FCFS -
. , ,
.
22.2 QoS
, .
. ,
. . -
QoS -
. , .
, QoS .
QoS:
CoS
CoS
CoS
CoS
QoS
QoS
QoS
QoS
QoS
QoS
22.3 QoS
22.3.1 oS
QoS CoS, -
IEEE802.1p, . . -
QoS.
CoS , -
CoS .
(layer 2), ; -
.
CoS
:
. .
configure
COS
[no] cos map quid cos1..cosn quid ID COS
cos1..cosn cos, IEEE802.1p
exit
write
. .
22.3.2 CoS
. -
.
:
WRR (Weighted Round Robin):
.
FIFO (First In First Out): ,
. , -
.
Hybrid: ; SP
WRR . : 4 -
: -
SP, WRR. -
, WRR
. .
152
.466534.012-324
. . .
, -
SP. 2
SP; WRR. -
,
WRR , .
CoS -
:
configure
QoS
[no] scheduler policy { wrr | wrr wrr
fcfs | hybrid } fcfs fcfs
Hybrid hybrid
exit
write
22.3.3 CoS
CoS , -
, COS WRR. -
.
CoS -
. WRR.
Cos wrr.
byte-count ( ) -
, WRR . ( )
CoS,
:
configure
COS
[no] scheduler wrr bandwidth
weight1...weightn
weight1...weightn
CS.
exit .
write
22.3.4 CoS
, CoS . -
CoS
CoS , .
Cos , -
.
. .
configure
interface f1/1 , .
CoS , -
[no] cos default cos
; Cos cos.
exit .
exit .
. .
write
22.3.5 QoS
QoS -
(,
- IP-).
IP MAC-
; . permit, -
. deny,
. IP -
. .
QoS . , -
. .
QoS .
. .
.466534.012-324 153
. . .
configure
QoS
[no]policy-map name
name
Qos.
description description-text
description-text .
QoS.
[no]classify {ip access-group
access-list-name
access-list-name any }
IP.
-
QoS.
dscp-value dscp -
dscp.
action { dscp dscp-value | redirect
interface-id -
interface-id H.H.H | drop }
.
.. -
drop .
exit .
exit
22.3.6 QoS
QoS -
( ):
configure
QoS
[no]policy-map name
name
Qos.
description description-text
description-text .
exit .
exit
22.3.7 QoS
QoS , -
. . , -
IP ToS.
. ,
, , -
-, IP- , .
.
.
-
. .
( ):
configure
QoS
[no]policy-map name
name
QoS.
. .
22.3.8 QoS
-
, .
, , .
-
. .
configure
[no]policy-map name QoS name -
. .
154
.466534.012-324
. . .
QoS.
max-band , -
.
cos-value cos -
cos.
dscp-value dscp
dscp.
interface-id
.
drop .
stat , -
.
action {dscp dscp-value | re-
direct interface-id | drop }
exit .
exit
22.3.9 QoS
QOS . -
, . -
, , , . -
,
. ,
,
.
.
QoS :
configure
interface f0/1 , .
QoS .
name QoS.
[no] qos policy name ingress
ingress , QoS -
.
exit .
exit
22.3.10 QoS
QoS,
show.
-
. .
:
show policy-map [policy-map- QoS
name] policy-map-name
22.4 QoS
. .
action drop
interface FastEthernet0/2
qos policy pmap ingress
qos policy any ingress(NOTE: the applying order of the two policies)
. .
.466534.012-324 155
. . .
23
(LAYER 2)
23.1
(Layer 2) -
, -
.
.
23.2 (Layer 2)
.
configure
-
interface <intf_name> (
).
. -
[no] l2protocol-tunnel [stp] -
stp.
[CTRL] + Z
write
Super VLAN , IP-.
Super VLAN ,
.
23.3 (Layer 2)
:
A1/A2/Gather , C1/C2 , .
, ,
. STP, -
:
trunk () f0/2 A1, f0/1 f0/2
Gather f0/1 A2.
Access () f0/1 A1, f0/2
. .
A2 STP.
. .
. .
156
.466534.012-324
. . .
24 IP
24.1 IP
24.1.1 IP
IP
IP. IP ,
IP- IP
IP . , IP- -
, CPU .
IP , , IP-
, .. IP , -
IP , . -
, IP ,
, CPU.
: . -
, ,
. -
; ,
-
. , , -
.
3224 / 3224M / 6508
24.1.2 IP
IP :
. -
. -
[no] ip exf {default | desti-
, -
nation mask} {cpu | nexthop
default -
vlan vlanid}
.
CPU.
[no] ip exf / IP
24.1.3 IP
show ip exf IP-
. .
24.2
:
, CPU. -
IP-,
.
IP ;
. .
, -
, . ,
, ,
IP- .
.
( )
ARR CPU -
, ARR .
, -
ARR. , VLAN -
, ARR, CPU
.
.
,
.
, :
. .
.466534.012-324 157
. . .
(1) 192.168.0.0/16 next hop 92.168.26.3/vlan1
(2) 192.168.20.0/24 next hop 192.168.26.1/vlan1
(3) 192.168.1.0/24 direct routing
(4) 0192.168.26.0/24 direct routing
(5) 10.0.0.0/8 next hop 192.168.1.4/vlan2
(6) 0.0.0.0/0 next hop 192.168.1.6/vlan2
1 2, 3, 4.
, -
. 3 4 , - CPU. -
:
ip exf 192.168.20.0 255.255.255.0 nexthop 192.168.26.1 vlan 1
ip exf 192.168.1.0 255.255.255.0 cpu
ip exf 192.168.26.0 255.255.255.0 cpu
ip exf 192.168.0.0 255.255.0.0 nexthop 192.168.26.3 vlan 1
ip exf 10.0.0.0 255.0.0.0 nexthop 192.168.1.4 vlan 2 ip exf 0.0.0.0 0.0.0.0 nexthop 192.168.1.6 vlan 2
. .
. .
. .
158
.466534.012-324
. . .
25
25.1
, -
6508 , -
. , , ARP, IGMP IP , -
. , -
- .
25.2
IGMP, ARP IP-,
,
.
(ARP, IGMP IP), ,
, . ,
:
25.3
25.3.1
filter period time time .
filter threshold vlaue , value.
, , -
filter block-time time
25.3.2
filter igmp IGMP
fileter ip source-ip IP-
interface f x/y X Y.
filter arp ARP
ARP, <MAC, source port> .
, MAC, .
IGMP IP, <IP address + source port> .
, IGMP IP .
25.3.3
. .
, -
. , .
filter enable
no ; -
.
. .
25.3.4
,
show filter
25.4
, IGMP, ARP
1/2. , 1200 15 , -
; 10 . , :
filter period 15
filter threshold 1200
filter block-time 600
. .
.466534.012-324 159
. . .
interface f1/2
filter arp exit
filter enable
. .
. .
. .
160
.466534.012-324
. . .
26
26.1 AAA
26.1.1 AAA
.
- (uthentication), (authorization) (accounting) (AAA)
, -
.
26.1.1.1 AAA
AAA ,
:
(Authentication) ,
.
. AAA, -
, . -
. -
.
(
default). ,
. -
. -
, .
(Authorization) .
AAA . -
, .
, ,
AAA. , -
, RADIUS TACACS+. ,
RADIUS TACACS+, , -
(AV), .
AAA. , AAA,
, . -
, AAA, .
(Accounting) . -
, , -
, , , , .
, ,
. AAA, -
RADIUS TA-
CACS+ ( ) . -
- -
; , / -
. .
. , , -
, .
, , .
26.1.1.2 AAA
AAA :
. .
, RADIUS, TACACS+
26.1.1.3 AAA
AAA , -
( ) ( IP, IPX,
VPDN). , ,
.
26.1.1.4
, -
, . -
. -
. .
.466534.012-324 161
. . .
. -
.
. , -
.
- , ,
. -
, ,
, .
.
, . ,
, .
. , -
,
;
.
,
. R1 R2 RADIUS, T1 T2 - TACACS+. -
,
.
26.1-1 AAA
"default" , -
. -
.
,
R1 . R1 , -
PASS . R1 -
FAIL, . R1 ,
ERROR R2 -
.
, , .
. .
FAIL ERROR. FAIL ,
, . -
FAIL. ERROR ,
. ERROR AAA , -
.
-
, ( ) .
. .
26.1.2 AAA
, . -
-
.
26.1.2.1 AAA
AAA , .
AAA,
:
, -
, RADIUS TACACS+.
aaa authentication, .
.
. .
162
.466534.012-324
. . .
aaa authorization, ().
aaa accounting, ().
26.1.3 AAA
, AAA
PPP, AAA
,
,
26.1.4 AAA
.
AAA, :
, -
, RADIUS TACACS+. -
.
aaa authentication ,
.
26.1.4.1 AAA
AAA .
aaa authentication , ,
. , -
, .
login authentication .
AAA, :
aaa authentication login {default |
list-name}method1 [method2...]
line [console | vty ] line-number
[ending-line-number]
.
, ,
; .
:
enable
Group name
Group radius radius
Line .
Local
-
local-case
None -
. .
.466534.012-324 163
. . .
enable . aaa authentication login default
enable
enable aaa authentication login, -
. , enable
, ,
, :
aaa authentication login default enable
aaa authentication login default line
aaa authentication login line
. ,
, ,
, :
aaa authentication login default line
,
.
aaa authentication login default local
aaa authentication login local,
. ,
-
, , :
aaa authentication login default local
, -
.
RADIUS
aaa authentication login default group radius
aaa authentication login radius
RADIUS .
, RADIUS -
, , , :
aaa authentication login default group radius
RADIUS , -
RADIUS. -
RADIUS, RADIUS.
26.1.4.2
aaa authentication enable default -
. , -
EXEC. -
. .
. error ,
. fail,
. -
, , none
.
:
. .
enable enable
Group group-name
group radius radius
line .
none -
, RA-
DIUS , :
RADIUS
. .
164
.466534.012-324
. . .
- $ENABLElevel$, level ,
; enable. , -
, enable 7. RADIUS -
, Radius- $ENABLE7$.
16, .. RADIUS , Radius-
$ENABLE15$. -
Radius-. , -
(Admin-User)
Radius-.
26.1.4.3 AA
AAA , logon logon
failure. , , -
AAA , ,
.
.
:
aaa authentication banner delimiter
logon
text-string delimiter
logon failure
:
aaa authentication fail-message delim-
failure
iter text-string delimiter
, , -
. , -
. -
, .
26.1.4.4 ,
, , -
, authentication username-prompt. -
, no aaa authentication
username-prompt:
username:
aa authentication username-prompt , -
TACACS+ RADIUS.
:
Aaa authentication username-prompt , ,
. .
text-string
26.1.4.5 ,
, , -
, authentication password-prompt.
enable, .
, no aaa authentication username-
. .
prompt.
password:
aa authentication password-prompt , -
TACACS+ RADIUS.
:
aaa authentication password-prompt , ,
text-string
26.1.4.6
,
, (, RADIUS) -
, "
" (escape code).
. .
.466534.012-324 165
. . .
,
: -
.
username name {nopassword | password password | password encryption-type en-
crypted-password}
username name [autocommand command]
username name [callback-dialstring telephone-number]
username name [callback-rotary rotary-group-number]
username name [callback-line [tty | aux] line-number [ending-line-number]]
username name [noescape] [nohangup]
username name [privilege level]
username name [user-maxlinks number]
no username name
26.1.4.7 -
. -
. -
, .
enable password { [encryption-type] encrypted-password} [level level]
no enable password [level level]
26.1.5 AAA
RADIUS
RADIUS, , -
, RADIUS:
aaa authentication login radius-login radius local
aaa authorization network radius-network radius
line vty
login authentication radius-login
.
aaa authentication login radius-login radius local -
RADIUS . RADIUS
, .
aaa authentication ppp radius-ppp radius -
PPP CHAP PAP -
. EXEC , .
aaa authorization network radius-network radius RADIUS -
, .
login authentication radius-login radius-login 3.
26.1.6 AAA
. .
EXEC AAA
26.1.7 AAA
.
AAA , :
, -
. .
, RADIUS, TACACS+.
.
aaa authorization .
.
.
166
.466534.012-324
. . .
aaa authorization exec {default |
list-name}method1 [method2...]
line [console | vty ] line-number [
ending-line-number]
login authorization {default | list-
name} ( )
list-name ,
. method ,
. , -
error. fail,
. ,
, none -
.
aaa authorization exec default group radius
default , -
. , radius -
exec, :
aaa authorization exec default group radius
:
,
.
EXEC:
Group WORD
Group radius radius
Local
, -
if-authenticated
.
None - .
26.1.8 AAA
EXEC
,
LOCAL :
aaa authentication login default local
aaa authorization exec default local
!
username exec1 password 0 abc priviledge 15
username exec2 password 0 abc priviledge 10
username exec3 nopassword
. .
10.
: exec3; .
: exec4, : abc, :
10.
: exec5, : abc, telnet 172.16.20.1
exec.
. .
.466534.012-324 167
. . .
26.1.9 AAA
AAA
AAA
26.1.10 AAA
.
AAA , :
, ,
RADIUS, TACACS+.
.
aaa accounting .
.
.
26.1.10.1 AAA
aaa accounting AAA. -
,
, aaa accounting connection.
Telnet, Package Assembling/ De-assembling, H323, rlogin ..
323 .
:
aaa accounting connection {default |
list-name} {start-stop | stop-only |
none} group groupname
list-name ,
. method , -
.
:
group WORD
group radius radius
none
stop -
stop-only
start-stop -
start-stop
.
26.1.10.2 AAA
. .
aaa accounting AAA. aaa
accounting network -
, ,
.. SLIP PPP. :
aaa accounting network {default | list-
name} {start-stop | stop-only | none }
. .
group groupname
list-name ,
. method , -
.
:
group WORD
168
.466534.012-324
. . .
26.1.10.3
, -
aaa accounting update.
:
aaa accounting update [newinfo] [peri-
odic number]
newinfo,
. , IP Control
Protocol (IPCP) IP- . -
IP-, .
periodic, , -
. -
, .
newinfo periodic, -
,
, . ,
aaa accounting update periodic, aaaa
ccounting update newinfo,
,
newinfo.
26.1.10.4 -
AAA
(NULL), .
aaa accounting suppress null-username
26.2 RADIUS
Remote Authentication Dial-In User Service (RA-
DIUS). , -
RADIUS.. RADIUS
, RADIUS , -
(AAA). RADIUS .
RADIUS -
RADIUS.
26.2.1
26.2.1.1 RADIUS
RADIUS /, . -
RADIUS
. .
RADIUS, -
. RADIUS
, ,
.
RADIUS , -
:
, RA-
. .
DIUS. , -
RADIUS. IP
, dial-in RADIUS.
, , RA-
DIUS, , (-
, Telnet), (, Point-to-Point Protocol (PPP)). , -
, RADIUS
PPP, IP- 10.2.3.4, .
, , RADIUS -
RADIUS. RADIUS -
, (
, , , ..), .
RADIUS :
RADIUS :
AppleTalk Remote Access (ARA, AppleTalk Remote Access)
. .
.466534.012-324 169
. . .
NetBIOS Frame Control (NBFCP, NetBIOS Frame Control )
NetWare Asynchronous Services Interface (NASI, NetWare Asynchronous ServicesInterface)
X.25 PAD
-. RADIUS .
RADIUS , call-in. -
call-out ( -
, )
.
, . RADIUS
26.2.1.2 RADIUS
-
RADIUS, :
(1) .
(2) RADIUS.
(3) RADIUS: ACCEPT: -
REJECT:
. .
CHALLENGE: RADIUS Challenge.
..
ACCEPT REJECT , EXEC
. RADIUS, -
RADIUS. , ACCEPT REJECT, -
:
a. , , Telnet, rlogin ..
b. , IP- , , -
.
26.2.2 RADIUS
RADIUS , -
:
aaa authentication
RADIUS. aaa
authentication, " ".
line interface, -
. "
".
, -
:
aaa authorization -
. .
. "
".
, aaa accounting -
.
aaa accounting, " ".
26.2.3 RADIUS
. .
RADIUS -
RADIUS RADIUS RADIUS
26.2.4 RADIUS
26.2.4.1 RADIUS
RADIUS , -
RADIUS Livingston, Merit, Microsoft, .
RADIUS
. radius-server host RADIUS- ra-
dius-server key .
:
radius-server host ip-address [auth- IP- RADIUS -
port port-number][acct-port portnumber] .
. .
170
.466534.012-324
. . .
, -
radius-server key string
RADIUS.
, RADIUS, , -
radius :
-
radius-server retransmit retries
RADIUS ( 2)
( ) -
radius-server timeout seconds RADIUS -
.
, RADIUS,
radius-server deadtime minutes , -
.
26.2.4.2 RADIUS -
Internet Engineering Task Force (IETF)
RADIUS, -
(attribute 26). Vendor-specific attributes (VSAs)
, .
ID VSAs, RFC 2138: Remote Authentication
Dial-In User Service (RADIUS). -
VSAs, :
-
radius-servervsasend[authentication]
VSA, RADIUS IETF attribute 26
26.2.4.3 RADIUS
RADIUS RA-
DIUS, RADIUS. -
RADIUS AAA, aaa authentication, -
RADIUS .
.
26.2.4.4 RADIUS
AAA ,
. RADIUS -
, , -
, , IP, IPX, ARA, Telnet.
RADIUS AAA, aaa au-
thorization, RADIUS .
.
. .
26.2.4.5 RADIUS
AAA ,
, . RADIUS
AAA, aaa accounting, RADIUS
. .
. .
26.2.5 RADIUS
26.2.5.1 RADIUS
aaa authentication login use-radius radius local
,
RADIUS:
aaa authentication login use-radius radius local
:
aaa authentication login use-radius radius local -
RADIUS . RADIUS ,
. ,
use-radius , RADIUS, -
.
. .
.466534.012-324 171
. . .
26.2.5.2 RADIUS
, -
:
radius-server host 1.2.3.4
radius-server key myRaDiUSpassWoRd
username root password AlongPassword
aaa authentication login admins radius local
line vty 1 16
login authentication admins
. radius-
server host IP- RADIUS.
radius-server key , RA-
DIUS.
aaa authentication login admins radius local ad-
mins, RADIUS, , RA-
DIUS , .
login authentication admins admins -
.
26.3 -
-
-.
26.3.1
26.3.1.1 -
- ,
PPPoE 802.1x. -, -
, , -
.
1.
, :
. DHCP
DNS-.
DHCP : IP-.
AAA : AAA , -
.
: -. -
.
. .
. .
2.
, -
DHCP, DNS . , . 3-2.
:
DHCP DHCP ( -
, DHCP ).
.
. .
172
.466534.012-324
. . .
- ( URL -
IP-), DNS
DNS- ; -
.
DNS .
,
.
. -
.
, -
. ,
.
, keep-alive -
.
, .
AA .
, -
keep-alive , . keep-
alive , -
. AAA -
.
, -
. ,
, DNS .
. .
. .
26.3.1.2
1.
:
. .
.466534.012-324 173
. . .
/ .
. -
.
VLAN ID. ,
VLAN ID, .
, -, -
.
.
, .
, ,
. , -
.
2.
-
. -,
-. DHCP-, DNS -
, - . -
, . -
, DHCP , DNS , -
, - .
. .
26.3.2
26.3.2.1
1.
, IP
:
. .
web-auth portal-server A.B.C.D IP-
2.
authtime . authtime
, , -
.
:
web-auth authtime <60-65535>
3. Keep-alive ( ).
, - ,
, .
. .
174
.466534.012-324
. . .
:
web-authkeep-alive<60-65535>
4. (HoldTime)
no keep-alive
HoldTime, , .
:
web-auth holdtime <60-65535>
5. VLAN ID
VLAN ID,
VLAN N , N VLAN.
.
-
VLAN ID:
web-auth vlan-password <WORD>
VLAN ID
26.3.2.2
1.
/ VLAN ID.
-
:
web-auth mode user | vlan-id
2.
. -
defaulf.
-
:
web-auth authentication WORD
3.
. -
defaulf.
. .
-
:
web-auth accounting WORD
. .
26.3.2.3 -
,
- .
- -
:
web-auth enable -
26.3.3 -
26.3.3.1
-, -
:
. .
.466534.012-324 175
. . .
show web-auth
26.3.3.2
- , -
:
show web-auth interface [vlan | Su-
perVlan]
26.3.3.3
,
, :
show web-auth user
26.3.3.4
-
, ,
:
web-auth kick-out user-IP
26.3.4
. :
. .
. .
aaa authentication login auth-weba radius
aaa accounting network acct-weba start-stop radius
!
radius-server host 192.168.20.2 auth-port 1812 acct-port 1813
radius-server key 405.10
!
ip dhcpd enable
ip http server
!
vlan 1-4
!
web-auth portal-server 192.168.20.41
web-auth holdtime 3600
. .
176
.466534.012-324
. . .
web-auth authtime 600
web-auth keep-alive 180
2
interface FastEthernet0/1
switchport pvid 1
!
interface FastEthernet0/2
switchport pvid 2
!
interface FastEthernet0/3
switchport pvid 3
!
interface FastEthernet0/4
switchport pvid 4
interface VLAN1
no ip directed-broadcast
ip helper-address 192.168.20.1
web-auth accounting acct-weba
web-auth authentication auth-weba
web-auth mode vlan-id
web-auth enable
!
interface VLAN2
ip address 192.168.20.41 255.255.255.0
no ip directed-broadcast
!
interface VLAN3
no ip directed-broadcast
ip helper-address 192.168.20.1
web-auth accounting acct-weba
web-auth authentication auth-weba
web-auth mode user
web-auth enable
!
interface VLAN4
no ip directed-broadcast
!
. .
. .
. .
.466534.012-324 177
. . .
27
27.1
, .
, , -
255 .
, -
-. -
.
27.2
SNMP
Web
27.3
27.3.1
1. VLAN
, - -
-
VLAN. VLAN .
2. - -
BDP -, -
- .
BDP , -, - -
BDP .
3. IP-
TCP/IP,
telnet, http snmp, IP- ,
. IP- -
.
- ,
IP- -. IP- IP ,
. ,
. , -
- (
).
. .
27.3.2
1.
-
:
. .
3. -
-
MAC- :
cluster member [id member-id] mac-
-
address H.H.H [password enable-password]
. .
178
.466534.012-324
. . .
27.3.3
1. IP-
IP-
:
cluster address-pool A.B.C.D A.B.C.D IP-
2. hellotime
-
-, hellotime (: ). -
hellotime :
cluster hellotime <1-300>
-
3. holdtime
-
, , -
down. (holdtime) .
holdtime
:
cluster holdtime <1-300>
-
4.
. , ,
-,
.
:
cluster discovery hop-count PDP
27.3.4
:
show cluster
show cluster member
show cluster candidate
. .
27.3.5 SNMP
snmp -
snmp . :
-N snmp, IP-
. .
27.3.6 Web
, http -
. esN/
.466534.012-324 179
. . .
28 PBR
28.1 PBR
, PBR.
PBR ( )
, . IP- ,
PBR. IP-
.
PBR:
IP , , PBR -
. PBR
.
PBR :
28.2 PBR
PBR, :
28.3 PBR
28.3.1
.
-
ip access-list stand netl
28.3.2
.
route-map pbr
match ip address access-list
set ip next-hop A.B.C.D IP-
28.3.3 PBR
PBR IP- :
. .
interface interface_name
ip policy route-map route-map_name PBR
28.3.4 PBR
, PBR :
. .
debug ip policy PBR
28.4 PBR
:
interface vlan1
180
.466534.012-324
. . .
ip address 13.1.1.1 255.255.255.0
no ip directed-broadcast
!
interface vlan4
ip address 14.1.1.1 255.255.255.0
no ip directed-broadcast
!
ip access-list standard net1
permit 10.1.1.2 255.255.255.255
!
ip access-list standard net2
permit 10.1.1.4 255.255.255.255
!
ip access-list standard net3
permit 10.1.1.21 255.255.255.255
!
route-map pbr 10 permit
match ip address net1
set ip next-hop 12.1.1.99
!
route-map pbr 20 permit
match ip address net2
set ip next-hop 13.1.1.99
!
route-map pbr 30 permit
match ip address net3 set
ip next-hop 14.1.1.99
!
route-map pbr 40 permit set
ip next-hop 12.1.1.100
PBR , vlan1. IP- -
- 10.1.1.2, - 12.1.1.99, -
12.1.1.99 . ,
IP- .
, route-map pbr 20 , IP- -
10.1.1.4. route-map pbr 30 , IP- 10.1.1.21.
route-map pbr 40 . ,
.
. .
. .
. .
.466534.012-324 181
. . .
()
-
-
(-
. - - - ) - .
.
. .
. .
. .
182
.466534.012-324
. . .