Вы находитесь на странице: 1из 182

.466534.

012-324

. ______
: 403530 _____________________

: .466534.012-324


NETXPERT

L3

NetXpert NX-5124-G10

NetXpert NX-5124-G10F


. .
. .

. .
2

.466534.012-324
.
.
.

. . . . . .
.466534.012-324

.466534.012-324 -
NX-5124-G10 (NX-5124-G10F) -
.
:
.466534.012-324 ;
.466534.012-324 .


. .
. .

.466534.012-324
. . .
. . .
. .

. . NX-5124G-10 3 182
NX-5124G-10F
.. .

. .

1 .................................................................................................................................. 9
1.1 ............................................................................................................................. 9
1.2 ....................................................................................................................... 9
1.3 ........................................................................................................................................ 9
1.4 ..................................................................................................................................... 9
1.5 ............................................................................................................................................. 10
1.6 .................................................................................................................................. 10
2 ......................................................................................................................................... 11
2.1 ................................................................................................................. 11
2.1.1 ................................................................................... 11
2.1.2 ..................................................................................... 13
2.1.3 HTTP............................................................................................................................. 14
2.2 .................................................................................................................................. 15
2.2.1 VTY. ................................................................................................................... 15
2.2.2 ........................................................................................................................... 15
2.2.3 ......................................................................................................... 15
2.2.4 VTY.................................................................................................................. 15
2.3 ...................................................................................................................... 15
2.3.1 SNMP............................................................................................................................ 15
2.3.2 RMON ........................................................................................................................... 19
2.4 SSH ............................................................................................................................. 21
2.4.1 SSH...................................................................................................................................... 21
2.4.2 ........................................................................................................................... 22
2.4.3 Ssh.................................................................................................... 22
3 .................................................................................................................................. 23
3.1 ............................................................................................................................................................ 23
3.1.1 ........................................................................................... 23
3.1.2 .............................................................................................. 23
3.2 ................................................................................................................................ 24
3.2.1 ........................................................................................ 24
3.2.2 .................................................................................... 24
3.2.3 ............................................................................... 25
3.3 .................................................................................................................. 27


3.3.1 ........................................................................................ 27
4 ...................................................................................................... 28
4.1 ............................................................................................................................................................ 28
4.1.1 ........................................................................................... 28
4.1.2 .............................................................................................. 28
4.2 ................................................................................................................................ 29
4.2.1 Ethernet ................................................................................................... 29
5 ................................................................................ 31

. .
5.1 .................................................................................................................. 31
5.1.1 Ethernet ................................................................................................... 31
5.2 ................................................................................................................... 31
5.2.1 .............................................................................................................................................. 31
5.2.2 ................................................................... 32
5.2.3 ............................................................................... 32
5.3 .................................................................................................................. 33
. .

5.3.1 .................................................................................................... 33
6 ........................................................................................................... 34
6.1 ................................................................................................. 34
6.1.1 ....................................................................................... 34
6.1.2 ........................................................................ 34
7 ............................................................................................................ 35
7.1 ................................................................................. 35

7.2 ............................................................................................. 35
7.2.1 ................................................................................................ 35
7.2.2 .................................................................. 35
8 VLAN.................................................................................................................................................. 36
8.1 VLAN .................................................................................................................................................. 36
8.2 VLAN ............................................................................................................. 36
8.3 VLAN ....................................................................................................................... 36
. .

4
.466534.012-324
. . .
8.3.1 / VLAN ......................................................................................................... 36
8.3.2 ...................................................................................... 36
8.3.3 / VLAN ........................................................................................ 37
8.3.4 Super-VLAN ............................................................................................. 37
8.3.5 VLAN .......................................................................................... 38
8.4 ........................................................................................................................................ 38
9 STP .................................................................................................................................................... 39
9.1 (STP) ....................................................................................... 39
9.1.1 STP. ...............................................................................................................................39
9.1.2 STP .......................................................... 39
9.1.3 RSTP...................................................................................................... 39
9.1.4 SSTP ................................................................................................................ 40
9.1.5 vLAN............................................................................................ 41
9.1.6 RSTP...................................................................................................... 42
9.1.7 RSTP ................................................................................................................ 42
9.2 MSTP .......................................................................................................................................... 44
9.2.1 MSTP ................................................................................................................................... 44
9.2.2 MSTP ..................................................................................................... 49
9.2.3 MSTP................................................................................................................ 50
10 STP ................................................................................ 56
10.1 STP ....................................................................................... 56
10.1.1 STP. ....................................................................... 56
10.1.2 STP ......................................................................... 59
11 MAC- .............................................................................................................. 63
11.1 MAC- ........................................................................................................ 63
11.2 MAC-................................................................................................................... 63
11.2.1 Mac- ............................................................................................ 63
11.2.2 MAC-.................................................................................. 63
11.2.3 - VLAN....................................................................................................... 63
11.2.4 MAC-........................................................................................... 63
11.2.5 MAC- ........................................................................................ 64
12 ......................................................................................................................... 65
12.1 ............................................................................................................................................................ 65
12.2 ........................................................................................... 65

12.3 ............................................................................................................. 65
12.3.1 , ........................................... 65
12.3.2 ....................................................................................................... 65
12.3.3 ............................................................ 66
12.3.4 ....................................................................................................... 66
13 GVRP ................................................................................................................................................. 67
13.1 ............................................................................................................................................................ 67
13.2 .............................................................................................................................. 67
. .

13.2.1 GVPR ..................................................................................................... 67


13.3 GVPR.............................................................................................................................. 67
13.3.1 / GVPR ......................................................................................... 67
13.3.2 / GVPR ....................................................................................... 67
13.3.3 GVRP.............................................................................................. 67
13.4 ........................................................................................................................................ 67
14 IGMP-SNOOPING ............................................................................................................................. 69
. .

14.1 IGMP-snooping ............................................................................................................... 69


14.1.1 / IGMP-snooping VALN ........................................................................ 69
14.1.2 / VLAN................................................... 69
14.1.3 VLAN ................................................................... 69
14.1.4 ............ 70
14.1.5 IGMP-snooping ................................................. 70
14.1.6 IGMP-snooping ................................................................... 70
14.1.7 IGMP-snooping ........................................................................................................... 70

14.1.8 IGMP-snooping ............................................................................... 71


14.1.9 IGMP-snooping ................................................................................................ 72
15 802.1................................................................................................................................................ 73
15.1 802.1 .................................................................................................................. 73
15.2 802.1 .............................................................................................................................. 73
15.2.1 802.1.................................................................................... 73
15.2.2 802.1 .............................................................. 73
. .


.466534.012-324 5
. . .
15.2.3 802.1.................................. 74
15.2.4 802.1............................................................................ 74
15.2.5 802.1 ........................................................................................... 74
15.2.6 802.1................................................................................. 74
15.2.7 802.1....................................................................... 74
15.2.8 802.1 ........................................................................... 74
15.2.9 802.1............................................................................................... 75
15.2.10 VLAN 802.1................................................................................................. 75
15.2.11 ........................................................... 75
15.2.12 802.1 ........................................................................ 76
15.2.13 802.1 ......................................................... 76
15.3 802.1x ............................................................................................................................ 76
16 -............................................................................................... 77
16.1 - ........................................................................................ 77
16.1.1 MAC- ...................................................................................... 77
16.1.2 -....................................................................... 77
16.1.3 -.................................................................................. 77
17 IP- .......................................................... 78
17.1 IP- ....................................................................... 78
17.1.1 IP .................................................................................................................. 78
17.1.2 IP-........................................ 78
17.1.3 IP- ....................................................................... 78
17.1.4 ........................................................................................ 79
18 ................................................................................................................ 80
18.1 IP-.............................................................................................................................. 80
18.1.1 .............................................................................................................................................. 80
18.1.2 IP-............................................................................................... 81
18.1.3 IP-................................................................................................................ 81
18.1.4 IP- .................................................................................................................... 84
18.2 NAT ...................................................................................................................................... 84
18.2.1 .............................................................................................................................................. 84
18.2.2 NAT ........................................................................................................ 86
18.2.3 NAT .................................................................................................................. 86
18.2.4 NAT ............................................................................................................... 91
18.3 DHCP .......................................................................................................................................... 93


18.3.1 .............................................................................................................................................. 93
18.3.2 DHCP- ............................................................................................................. 93
18.3.3 DHCP- ............................................................................................................. 94
18.4 IP ................................................................................................................................ 96
18.4.1 IP- .................................................................................................................... 96
18.4.2 ......................................................................................................... 100
18.4.3 IP- ....................................................... 101
19 ........................................................................................................................ 104

. .
19.1 RIP ............................................................................................................................................ 104
19.1.1 ............................................................................................................................................ 104
19.1.2 RIP ..................................................................................................... 104
19.1.3 RIP.................................................................................................................. 104
19.2 BEIGRP..................................................................................................................................... 108
19.2.1 ............................................................................................................................................ 108
19.2.2 BEIGRP................................................................................................ 108
. .

19.2.3 BEIGRP .......................................................................................................... 108


19.2.4 BEIGRP ......................................................................................................... 111
19.3 OSPF ........................................................................................................................................ 111
19.3.1 ............................................................................................................................................ 111
19.3.2 OSPF ................................................................................................... 112
19.3.3 OSPF.............................................................................................................. 112
19.3.4 OSPF .......................................................................................................... 115
19.4 BGP........................................................................................................................................... 119

19.4.1 ............................................................................................................................................ 119


19.4.2 BGP ................................................................................................................ 120
19.4.3 BGP .................................................................................................... 126
19.4.4 BGP............................................................................................................. 127
20 VRRP ....................................................................................................................................... 133
20.1 .......................................................................................................................................................... 133
20.2 VRRP ................................................................................................................. 133
20.3 VRRP............................................................................................................................ 133
. .

6
.466534.012-324
. . .
20.3.1 / VRRP ................................................................................... 133
20.3.2 VRRP.............................................................................................. 133
20.3.3 VRRP............................................................................. 133
20.3.4 VRRP ...................................................................................................... 134
20.3.5 VRRP ........................................................................... 134
20.3.6 VRRP ............................................................................................ 134
20.3.7 VRRP .......................................................................................................... 134
21 IP MULTICAST ................................................................................................................................ 136
21.1 ..................................................................................... 136
21.1.1 ............................................................................. 136
21.1.2 .......................................................... 136
21.2 ........................................................................ 137
21.2.1 IP .......................................................................... 137
21.2.2 .......................................................................... 137
21.2.3 TTL.................................................................................................................. 138
21.2.4 .............................................. 138
21.2.5 ............................................. 138
21.2.6 IP Multicast................................................................................................... 139
21.2.7 IP Multicast............................................................................... 139
21.2.8 IP Multicast Helper ...................................................................................................... 139
21.2.9 ........................................................................ 140
21.2.10 ......................................................... 141
21.3 IGMP ......................................................................................................................................... 141
21.3.1 ......................................................................................................................... 141
21.3.2 IGMP ........................................................................................................................... 141
21.3.3 IGMP ( VLAN)................................. 144
21.4 PIM-DM ..................................................................................................................................... 145
21.4.1 PIM-DM ....................................................................................... 145
21.4.2 PIM-DM ....................................................................................................................... 146
21.4.3 PIM-DM................................................................... 147
21.5 PIM-SM ..................................................................................................................................... 147
21.5.1 PIM-SM........................................................................................ 147
21.5.2 PIM-SM ....................................................................................................................... 148
21.5.3 ..................................................................................................................... 149
22 QOS ................................................................................................................................................. 151

22.1 .......................................................................................................................................................... 151


22.1.1 QoS ............................................................................................................................ 151
22.1.2 P2P QoS.......................................................................................................................... 151
22.1.3 QoS .......................................................................................... 151
22.2 QoS .................................................................................................................... 152
22.3 QoS............................................................................................................................... 152
22.3.1 oS ......................................................................... 152
22.3.2 CoS .................................... 152
22.3.3 CoS .................................................. 153
. .

22.3.4 CoS .......................................................................... 153


22.3.5 QoS ........................................................................................ 153
22.3.6 QoS .................................................................... 154
22.3.7 QoS ........................................................ 154
22.3.8 QoS................................. 154
22.3.9 QoS ......................................................................................... 155
22.3.10 QoS ....................................................................................... 155
. .

22.4 QoS ...........................................................................................................................155


22.4.1 QoS Strategy ............................................................. 155
23 (LAYER 2) ........................................... 156
23.1 .......................................................................................................................................................... 156
23.2 (Layer 2) ........................................................... 156
23.3 (Layer 2) .............................................. 156
24 IP ................................................ 157

24.1 IP .................................................................... 157


24.1.1 IP .................................................. 157
24.1.2 IP ................................................................... 157
24.1.3 IP .................................................. 157
24.2 ............................................................................................................................. 157
25 ......................................................................................................................... 159
25.1 .......................................................................................................................................................... 159
. .


.466534.012-324 7
. . .
25.2 .................................................................................................. 159
25.3 ......................................................................................................................... 159
25.3.1 ................................................................................. 159
25.3.2 ............................................................................................. 159
25.3.3 ......................................................................................................... 159
25.3.4 ....................................................................... 159
25.4 ........................................................................................................... 159
26 ........................................................................................................................... 161
26.1 AAA ........................................................................................................................................... 161
26.1.1 AAA .................................................................................................................................... 161
26.1.2 AAA .............................................................................................................. 162
26.1.3 AAA.......................................................................... 163
26.1.4 AAA.................................................................................... 163
26.1.5 AAA ................................................................................... 166
26.1.6 AAA ................................................................................ 166
26.1.7 AAA .......................................................................................... 166
26.1.8 AAA ......................................................................................................... 167
26.1.9 AAA ................................................................................. 168
26.1.10 AAA ............................................................................................ 168
26.2 RADIUS..................................................................................................................................... 169
26.2.1 ...................................................................................................................................... 169
26.2.2 RADIUS................................................................................................ 170
26.2.3 RADIUS................................................................................................ 170
26.2.4 RADIUS .......................................................................................................... 170
26.2.5 RADIUS....................................................................................................... 171
26.3 - ............................................................................................................... 172
26.3.1 ............................................................................................................................................ 172
26.3.2 ................................................................................ 174
26.3.3 - ................................................................... 175
26.3.4 ................................................................ 176
27 ......................................................................................................... 178
27.1 .......................................................................................................................................................... 178
27.2 ..................................................................................... 178
27.3 ................................................................................................ 178
27.3.1 .............................................................................................................. 178
27.3.2 ...................................................................................................................... 178


27.3.3 ..................................................................................................................... 179
27.3.4 .................................................................................. 179
27.3.5 SNMP ................................................................... 179
27.3.6 Web ...................................................................... 179
28 PBR.................................................................................................................................................. 180
28.1 PBR.................................................................................................................................................. 180
28.2 PBR .................................................................................................................... 180
28.3 PBR .............................................................................................................................. 180

. .
28.3.1 ............................................................................................................ 180
28.3.2 ........................................................................................................ 180
28.3.3 PBR ............................................................................................... 180
28.3.4 PBR............................................................................................................................ 180
28.4 PBR........................................................................................................................... 180
........................................................................................................................... 182
. .

. .

8
.466534.012-324
. . .
1
,
, .. ,
.





1.1
0.
, 1.
<type><slot>/<port>; -
:

10M Ethernet Ethernet E
100M FastEthernet Ethernet F
1000M Ethernet Ethernet G
, 1.
, 1.
: .

1.2
:
, .
.
IP- IP.

1.3
(?) :
,
.
Switch> ?
( ),
. .

, ( ).
Switch> s?
,
.
Switch> show?
,
. , -
. .

. -
, .

1.4
.
. ,

, . -
(?).
:

System Supervision Mode ( Ctrl-p
monitor# quit
)
. .


.466534.012-324 9
. . .
User Mode ( ) Switch> exit quit
input
Administration Mode (
enable Switch# exit quit
)

exit quit
config
Global Configuraton Mode ( Ctrl-Z , -
Switch_config#
) -

inter- exit quit
Interface Configuration Mode
face Ctrl-Z , -
( Switch_config_f0/1#
, , in- -
)
terface f0/1 .

. -
, (?) .

.

:
Switch> enter
Password: <enter password>
Switch# config
Switch_config# interface f0/1
Switch_config
_f0/1# quit
Switch_config# quit
Switch#

1.5
, no -
.
, no ip routing


1.6
-
, . -
write.

. .
. .

. .

10
.466534.012-324
. . .
2
2.1
2.1.1
2.1.1.1
- 20 .

2.1.1.2
, . -
. [ ] .

Format .
. [ ]
, .
dir [filename] :
Index number Filename <FILE> Size of the file Establishment time (
<FILE> )
delete filename . , .
md directory .
. , -
rd dirname
.
.
more filename
, .
cd .
pwd .

2.1.1.3
monitor#boot flash <local_filename>
-,
.



local_filename , -

: monitor#boot flash switch.bin

2.1.1.4
. .

-

( ).

1. TFTP
monitor#copy tftp flash [ip_addr]
. .

tftp -.
.


IP- Tftp. , IP- -
ip_addr
copy

main.bin switch.bin.
monitor#copy tftp flash
: Source file name[]?main.bin
: Remote-server ip address[]?192.168.20.1
: Destination file name[main.bin]?switch.bin
please wait ...
. .


.466534.012-324 11
. . .
######################################################################
######################################################################
######################################################################
######################################################################
######################################################################
#############################################
TFTP:successfully receive 3377 blocks ,1728902 bytes
monitor#
2. zmodem
download . download ? -
.
monitor#download c0 <local_filename>
- -
zmodem. .


local_filename , -.


Hyper Terminal WINDOWS 95, NT 4.0 -
WINDOWS 3.X.
monitor#download c0 switch.bin
: speed[9600]?115200
115200 send file
Send - ( ). send file:


2.1-1 Send
main.bin, -
, , Zmodem. Send -
.
:
ZMODEM: successfully receive 36 blocks, 18370 bytes
, .

. .
- 9600.
:
NX-5124G 10 zmodem -
, 38400.

2.1.1.5
. .

startup-config. -
, , .
1. TFTP
monitor#copy tftp flash startup-config
2. zmodem
monitor#download c0 startup-config

2.1.1.6 ftp
config #copy ftp flash [ip_addr|option]
ftp -
. copy ftp .
-
ftp. .
. .

12
.466534.012-324
. . .
copy{ftp:[[[//login-name:[login-password]@]location]/directory]/filename}|flash:
filename>}{flash<:filename>|ftp:[[[//login-name:[login-password]@]location]
/directory]/filename}<blksize><mode><type>


Login-nam FTP . ,
copy.
login-password ftp ,
copy.
nchecksize .
Vrf vrf , MPLS.
blksize ( 512)
ip_addr IP- ftp. ,
copy.
Active ftp .
passive ftp .


"main.bin", "switch.bin"
.
config#copy ftp flash
: ftp user name [anonymous]? login-nam
: ftp user password [anonymous]? login-password
: Source file name []? main. bin
: Remote-server ip address []? 192.168.20.1
: Destination file name [main. bin]? switch. bin or
config#copy ftp://login-nam:login-password@192.168.20.1/main.bin flash:switch.bin
######################################################################
######################################################################
FTP:successfully receive 3377 blocks, 1728902 bytes
config#
:
ftp - tcp (75 ), -

ip tcp synwait-time tcp.


.
FTP, FTP,
. 512 ,
.

2.1.2
. .

2.1.2.1 IP- Ethernet


monitor#ip address <ip_addr> <net_mask>
IP- Ethernet,
192.168.0.1 - 255 255 255.0.


. .

ip_addr IP- Ethernet


net_mask Ethernet

:
monitor#ip address 192.168.1.1 255.255.255.0

2.1.2.2

monitor#ip route default <ip_addr>


.


ip_addr IP-


. .


.466534.012-324 13
. . .
monitor#ip route default 192.168.1.1

2.1.2.3 PING
monitor#ping <ip_address>
.


ip_address IP-


monitor#ping 192.168.20.100
PING 192.168.20.100:56 data bytes
64 bytes from 192.168.20.100:icmp_seq=0. time=0. ms
64 bytes from 192.168.20.100:icmp_seq=1. time=0. m
64 bytes from 192.168.20.100:icmp_seq=2. time=0. ms
64 bytes from 192.168.20.100:icmp_seq=3. time=0. ms
----192.168.20.100 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0

2.1.3 HTTP
2.1.3.1 HTTP
http
http
http
http
1. http
: http .
http:

Ip http server http

2. http


: http - 80.

http:

Ip http port number http

3. http
Http enables .

. .
http.
http:

Enable password {0|7} line enable.

4. http
http, -
. .

http :

http access-class STRING http

2.1.3.2 http
(80) http.

192.168.20.0/24.
ip :
p access-list standard http-acl
permit 192.168.20.0 255.255.255.0
:
ip http access-class http-acl
ip http server
. .

14
.466534.012-324
. . .
2.2
2.2.1 VTY.
line; -
. line
, .

2.2.2
: (console), (AUX), -
(asynchronous) (virtual terminal).
. -
.

CON(CTY) - 0.
Telnet, X.25 PAD, HTTP
VTY Rlogin (, - 1 32.
Ethernet ).

2.2.2.1
VTY
.
VTY, .
.
, Telnet (Ethernet -
).
VTY :
(1).
(2). .
VTY
VTY".

2.2.3

show line VTY.

2.2.4 VTY
VTY
more.
config#line vty 0 32
config_line#length 0
. .

2.3
2.3.1 SNMP
2.3.1.1
SNMP , :
SNMP (NMS)
. .

SNMP (AGENT)
(Management Information Base - MIB)
, SNMP -
SNMP .
SNMP (NMS), CiscoWorks.
MIB . SNMP , -
.
SNMP MIB, SNMP .

SNMP
. (MIB),
. -
. SNMP , -
. -
, , ( ), TCP, -
.
. .


.466534.012-324 15
. . .
1. SNMP
SNMP ( ) -
SNMP . , ,
SNMP .
SNMP . -
, , ,
, . , SNMP -
, , PDU, . -
, . ,
, . , -
.
,
. , ,
.
, .
. ,
. , SNMP
, . -
, -
.

.
2. SNMP
SNMP:
SNMPv1 - , ,
RFC1157.
SNMPv2C - SNMPv2, -, -
RFC1901.
(Layer 3) SNMP:
SNMPv3 - , 3, RFC3410.
SNMPv1 . (community) ,
MIB , IP- .
SNMPv3 -
; SNMPv3 :
, .


, .
-
.
SNMPv3 .
, ( ), -
.
. SNMPv3 , :
, , . -
MD5 SHA ( ) -

. .
MD5 SHA -
. DES
. -,
.
. , -
.
SNMP SNMP, -
. .

. -
.
3. MIB
SNMP MIBII ( RFC 1213)
SNMP ( RFC 1215).
MIB .

2.3.1.2 SNMP
SNMP :
SNMP
SNMP

SNMP
. .

16
.466534.012-324
. . .
SNMP
SNMP
SNMPv3
SNMPv3
SNMPv3 Engine ID
1. SNMP
SNMP MIB (
). SNMP:

OID MIB name
snmp-server view name oid] SNMP
[exclude | include] SNMP. Exclude , ; include ,
.

, SNMP MIB -
.
.
SNMP, SNMP
SNMP.
2. SNMP
SNMP -
SNMP . , -
. , -
:

IP- SNMP.
MIB MIB, -
.
MIB.
, -
:

snmp-server community string [view

view-name] [ro | rw] [word] SNMP

. -
, no snmp-server community.
, SNMP.
3.
SysContact sysLocation MIB,
.
. .

.
:

snmp-server contact text
snmp-server location text
. .

4. SNMP
SNMP ,
. :

snmp-server packetsize byte-count

5. SNMP

SNMP, -
,
.

show snmp SNMP

6. SNMP
. .


.466534.012-324 17
. . .
SNMP ( -
):
SNMP
,
:

snmp-server host host community-
SNMP
string [trap-type]
snmp-server host host , , ..
[traps|informs]{version {v1 | v2c | : SNMPv3
v3 {auth | noauth | priv } }}commu- eybrfkmysq SNMP ,
nity-string [trap-type] .
SNMP
. snmp-server host , -
.
. ,
snmp trap link-status, ,
SNMP . -no snmp trap link-stat -
.
, snmp-server host.

, .
.

:

snmp-server trap-source interface , .
IP- .
snmp-server queue-length length .
- 10.
snmp-server trap-timeout seconds .
- 30 .


7. SNMP
,
SNMP.

snmp source-addr ipaddress SNMP

8. SNMPv3 SNMP:

. .

snmp-server group [groupname {v1 | v2c
|v3 [auth | noauth | priv]}][read read- SNMPv3.
view][write writeview] [notify notify-
view] [access access-list]

9. SNMPv3
. .

. -
, , -
. ,
; , .

snmp-server user username groupname {v1
| v2c | v3 [encrypted] [auth {md5 | sha} SNMPv3

auth-password ]} [access access-list]

. -
-
; . -

; , .
. .

18
.466534.012-324
. . .

SNMPv3.
snmp-server user username groupname re-
mote ip-address [udp-port port] {v1 | :
v2c | v3 [encrypted] [auth {md5 | sha}
auth-password ]} [access access-list] SNMP IP-
.

10. SNMPv3 (Engine ID)


SNMP engine ID SNMP.
SNMP SNMP SNMPv3.

snmp-server engineID remote ip-address
[udp-port port-number] engineid-string SNMP

2.3.1.3
1. 1:
snmp-server community public RO
snmp-server community private RW
snmp-server host 192.168.10.2 public
public -
MIB private MIB.
public private MIB private
MIB . , public -
192.168.20.2. ,
down, link down 192.168.20.2.
2. 2:
snmp-server engineID remote 90.0.0.3 80000523015a000003
snmp-server group getter v3 auth
snmp-server group setter v3 priv write v-write
snmp-server user get-user getter v3 auth sha 12345678
snmp-server user set-user setter v3 encrypted auth md5 12345678
snmp-server user notifier getter remote 90.0.0.3 v3 auth md5 abcdefghi
snmp-server host 90.0.0.3 informs version v3 auth notifier
snmp-server view v-write internet included

SNMPv3 . getter
, setter .
get-user getter,
sha 12345678. set-user
setter,
md5 12345678.
notifier inform
90.0.0.3.
. .

2.3.2 RMON
2.3.2.1 RMON
RMON :
RMON
RMON
. .

RMON
RMON
RMON
1. RMON
rMon
SNMP NMS. SNMP -
. rMon .

rMon :

Configure
rmon alarm index variable in- rMon.
terval {absolute | delta} ris-
ing-threshold value [eventnum- index . 1
ber] falling-threshold value 65535.
. .


.466534.012-324 19
. . .
[eventnumber] [owner string] variable MIB,
MIB INTEGER, Counter Gauge
Time Ticks.
interval -
. 1 4294967295.
absolute -
MIB; delta -
MIB .
value ,
. event
number , -
. event number -
.
owner string -
.
exit .
write .

rMon OID, vari-


able interval (absolute
delta). , , -
rising-threshold , , event number (
event number 0 , , -
) . OID , invalid. rmon
alarm
. no rmon alarm index
, index.
2. RMON
rMon :

1. configure
rMon.
Index . 1 65535.
rmon event index [de- Description .


scription string] log -
2. [log] [owner string] .
[trap community] trap , -
. community .
owner string .
3. exit .
4. write .

. .
rMon, eventLastTimeSent field -
sysUpTime rMon. log ,
log. trap , trap
community. rmon event -
. -
no rmon event index , in-
dex.
. .

3. RMON
rMon -
. rMon :

1. configure

2. interface if type ifid Iftype .


Ifid .
rmon .
rmon collection stat index [owner
3. string] Index .
owner string .
4. exit .
. .

20
.466534.012-324
. . .
5. exit .
6. write .

rmon eventcollection stat -


.
no rmon collection stats index , index.
4. RMON
rMon
. rMon :

1. configure

2. interface if type ifid Iftype .
Ifid .
.
Index .
, -
bucket-number. -
Rmon collection history index [buck-
ets bucket-number] [interval second] Ethernet -
3.
[owner owner-name] ; : 50 .
second -
;
: 1800 ( )
owner string .
4. exit .
5. exit .
6. write

,
, second. -
. rmon eventcollection stat -
-
. no rmon collection stats index
, index. , bucket-number

interval second , -
.
5. RMON
show RMON.

rmon.
Alarm .
Event ,
. .

show rmon [alarm] [event] [sta- log, .


tistics] [history] Static
, .
History
, .
. .

2.4 SSH
2.4.1 SSH
2.4.1.1 SH
SSH ,
, SSH . , -
telnet. SSH , Data Encryption Standard (DES),
the Triple DES (3DES) blowfish.

2.4.1.2 SSH
SSH , ssh.
,
SSH, ,, -
SSH. SSH :
des, 3des blowfish.
. .


.466534.012-324 21
. . .
2.4.1.3
sh ssh 1.5 ssh shell.

2.4.2
2.4.2.1
ssh .
.
:

Ip sshd auth_method STRING

2.4.2.2
ssh , -
.
-
:

Ip sshd access-class STRING

2.4.2.3
,
, .

:

Ip sshd timeout <60-65535>

2.4.2.4
,
SSH , . -
3 .


-
:

Ip sshd auth-retries <0-65535>

2.4.2.5 ssh
SSH . SSH- -

. .
ras (client). -
- .
SSH-:

Ip sshd enable
. .

2.4.3 Ssh
, , IP- 192.16.20.40 ssh.
.

2.4.3.1
ip access-list standard ssh-acl
permit 192.168.20.40

2.4.3.2
aaa authentication login ssh-auth local
ip sshd auth-method ssh-auth
ip sshd access-class ssh-acl
ip sshd enable
. .

22
.466534.012-324
. . .
3
3.1
, -
.
, ,
. ,
, .
, .

3.1.1
.

Ethernet
Ethernet Ethernet
Ethernet
Ethernet





VLAN

: Ethernet -
. Ethernet -
, . -
, .
Ethernet :
Ethernet
Ethernet
Ethernet
:



VLAN

3.1.2
.
:
1) interface ; -
config_ , -
. .

. .
. show in-
terface . , -
, :
Switch#show interface
GigaEthernet1/1 is down, line protocol is down
Hardware is Fast Ethernet, Address is 0009.7cf7.7dc1
. .

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,


reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Auto-duplex, Auto-speed
input flow-control is off, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 17:52:52, output hang never
Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0


Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute input rate 0 bits/sec, 0 packets/sec
1 packets input, 64 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
. .


.466534.012-324 23
. . .
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
1 packets output, 64 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Gigabit Ethernet g1/1, :
interface GigaEthernet0/1
config_g1/1 .
:
. -
, g 1/1, g 1/1.
2) .
, ;
,
.
3) show, -
, .

3.2
3.2.1
, .
.
:

3.2.1.1
, -
. , -
. show interface
running-config . -
.



description string
-
.

3.2.1.2

. .
. bandwidth -
.

bandwidth kilobps
, -
.
. .

3.2.1.3

. bandwidth
.

delay tensofmicroseconds
. delay -
.

3.2.2
:

. .

24
.466534.012-324
. . .

3.2.2.1
,
, . -
, , : -

:

show interface [type [slot|port]] .
show running-config .
-
show version , , ,
.

3.2.2.2
.
- . , -
, . -
:

no interface type [slotport]

3.2.2.3
, . -
-
. -
. .
DTR .
shutdown no shutdown -
.


shutdown
no shutdown
show interface show running-
config. administratively down.
.
. .

3.2.3
, ,
:



VLAN
. .

3.2.3.1
. -
, . ,
. no ip unreachable
. -
, , -

; -
.
-
:

interface null 0
. .


.466534.012-324 25
. . .
,
. IP-
192.168.20.0.
ip route 192.168.20.0 255.255.255.0 null 0

3.2.3.2
. -
BGP .
BGP. -
,
. , , -
. ,
, .
.
, -
:

interface loopback number

3.2.3.3

Ethernet.
, .
:

Interface port-aggregator number

3.2.3.4 VLAN
Vlan - . VLAN -
2 VLAN . -
, VLAN. VLAN -
, .
VLAN :



Interface vlan number VLAN

3.2.3.5 Super-VLAN
Super VLAN : VLAN
Ipv4 .
IP-. Super VLAN VLAN ,
. IPv4 .

. .
VLAN, Super VLAN, SubVLAN. SubVLAN -
IP-. Ip- Super
VLAN.
Super VLAN :

super VLAN.
. .

[no] interface superv- Super VLAN , Super VLAN.


lan index index super Vlan, :
1~32. no (prefix) super VLAN
SubVLAN Super VLAN. Sub VLAN -
Super VLANs. -
Super VLAN Sub VLAN.
Setstr Sub Vlan. , List 2, 4-
[no] subvlan [setstr] 6 VLAN 2, 4, 5, 6.

[add addstr] [remove add VLAN


remstr] Sub VLAN. addstr -
, . remove VLAN -
SubVLAN. remstr -
. , . no SubVLANs
SuperVLAN. no .
Ip- Super VLAN.
. .

26
.466534.012-324
. . .
Super VLAN ,
.

3.3
3.3.1
3.3.1.1
, ;
.
interface vlan 1interface vlan 1
ip address 192.168.1.23 255.255.255.0ip address 192.168.1.23 255.255.255.0

3.3.1.2
Ethernet 1.
interface GigaEthernet0/1
shutdown
.
interface GigaEthernet0/1
no shutdown

. .
. .

. .


.466534.012-324 27
. . .
4
4.1
, ,
.
, ,
. ,
, .
, .

4.1.1
.

Ethernet
Ethernet Ethernet Ethernet
Ethernet




VLAN
: Ethernet -
. Ethernet -
, . -
, .
Ethernet :
Ethernet
Ethernet
Ethernet
:



VLAN


4.1.2
.
:
1) interface ; -
config_ , .
.
. show interface
. , , -

. .
:
Switch#show interface
GigaEthernet1/1 is down, line protocol is down
Hardware is Fast Ethernet, Address is 0009.7cf7.7dc1
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
. .

Encapsulation ARPA, loopback not set


Auto-duplex, Auto-speed
input flow-control is off, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 17:52:52, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo


Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute input rate 0 bits/sec, 0 packets/sec
1 packets input, 64 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
. .

28
.466534.012-324
. . .
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
1 packets output, 64 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Gigabit Ethernet g0/1, :
interface GigaEthernet0/1
config_g0/1 .
:
. -
, g 1/1, g 1/1.
2) .
, ;
,
.
3) show, -
, .

4.2
4.2.1 Ethernet
Ethernet . Ethernet
: 10 / 100 /. :
, - .

4.2.1.1 Ethernet

Ethernet:


interface fastethernet [slot\port ] Ethernet
interface gigaethernet [slot\port ] Ethernet
show interface fastEthernet
Fast Ethernet show interface gigaEthernet Gigabit
Ethernet.

4.2.1.2 Ethernet
. .

Ethernet
.

Ethernet 10, 100
Speed {10|100|1000|auto}

No speed ()
. .

:
. , GBIC GE-FX 1000M,
FE-FX - 100M. speed auto,
. .

4.2.1.3

,
. Ethernet
. Ethernet
.

duplex {full|half|auto} Ethernet
No duplex ()
. .


.466534.012-324 29
. . .
4.2.1.4

PAUSE ( 802.3).

flow-control on/off /

no flow-control


. .
. .

. .

30
.466534.012-324
. . .
5
5.1
5.1.1 Ethernet
Ethernet . proce-
dures . Ethernet : 10 / 100
/. : , - -
.

5.1.1.1
keepalive,
.

keepalive .
keepalive period Period , -
.
no keepalive keepalive

5.1.1.2
. -
.

Configure
interface f0/0 , .
.
band , .
[no] switchport rate- ingress , -
limit band ingress } .
egress , -
.
exit .
exit .

5.1.1.3

PAUSE ( 802.3).

flow-control on/off /
no flow-control
. .

5.1.1.4 -
, -
( MAC )
, .
.

. .

storm-control {broadcast | multicast -


} threshold count
no storm-control {broadcast | multi-
cast } threshold -

5.2
5.2.1

,
, . -
MAC , MAC
. MAC- -
, . -
.
. .


.466534.012-324 31
. . .
: -
-. MAC- -
MAC , ,
MAC-.
, , .
.

5.2.2
/

-
-


-
MAC- IP-

5.2.3
5.2.3.1 /
:
, -
.
:

configure
interface f0/1 , .
[no] switchport port-security /
exit .
exit .
write

5.2.3.2
, -


.
: protect.
-
:

configure
interface f0/1 , .

. .
[no] switchport port-security viola-
protect:
tion [protect\restrict]
restrict:
exit .
exit .
write
. .

5.2.3.3 -
-
-.
-:

configure
interface f0/1 , .

[no] switchport port-security mac- / -. -


address mac-addr mac-addr MAC-.
exit .
exit .
write
. .

32
.466534.012-324
. . .
5.2.3.4
show, -
, , MAC-
, MAC- , -.
show -
:

show port-security [interface inter-
face-id] interface-id: ID

5.2.3.5 -
show, -
, MAC- MAC- -
.
show -
-:

show mac address-table [interface in- -
terface-id] interface-id: ID

5.2.3.6 MAC- IP-


IP- - .
:
IP- -, IP-
, , .
, -
:

switchport port-security bind {ip
A.B.C.D | mac H.H.H} MAC- IP-

5.3
5.3.1
5.3.1.1
, ;
.
interface vlan 1
ip address 192.168.1.23 255.255.255.0
. .

5.3.1.2
Ethernet 1.
interface fastEthernet 0/1
flow-control on
. .

.
interface fastEthernet 0/1
flow-control off

. .


.466534.012-324 33
. . .
6
6.1
6.1.1
,
.
, interface range,
. interface range,
, , .

6.1.2
:

interface range, , -
, :
interface range type slot/<port1 - (1) slot
port2 | port3>[ , <port1 - (2) 1 2
port2|port3>] 3.
(3) 2 , 1
(4) /
fast Ethernet,
Ethernet 1, 2, 3, 6, 8, 10, 11, 12, 0.
switch_config#interface range 1 - 3 , 6 , 8 , 10 - 12
switch_config_if_range#


. .
. .

. .

34
.466534.012-324
. . .
7
7.1

7.2
7.2.1
, -
.
-
:

Configure

Session-number -
.
mirror session session_number {desti-
Destination -
nation {interface interface-id} |
source {interface interface-id [, | - .
]rx ] } Source .
rx .
-
.
exit .
write .

7.2.2
show.

.
show mirror [session session_number]
Session-number

. .
. .

. .


.466534.012-324 35
. . .
8 VLAN
8.1 VLAN
(Virtual Local Area Network) ,
, . 1999 . IEEE -
IEEE 802.1Q, VLAN. -
, . -
VLAN ,
. VLAN , -
, , -
; -
,
, , ,
.
:
VLAN
, 802.1Q
Visiting port
Vlan , VLAN,
. ,
; VLAN , -
. vlan , -
vlan , vlan id vlan (PVID).
VLAN
Vlan-allowed vlan,
. Vlan-untagged
vlan vlan.

8.2 VLAN
/ VLAN

/ VLAN
superVLAN
VLAN


8.3 VLAN
8.3.1 / VLAN
- , -
, . VLAN
, LAN,
LAN. VLAN -
, -
. VLAN .

. .
VLAN, .
VLAN:

vlan vlan-id VLAN
name str VLAN
Exit vlan vlan.
. .

vlan vlan-range VLAN .


no vlan vlan-id | vlan-range VLAN.
VLAN -
GVRP.

8.3.2

, ,
VLAN.
, VLAN
Ethernet .
,
Ethernet .
VLAN , -
, , . -
. .

36
.466534.012-324
. . .
port pvid,
VLAN. ,
. .
VLAN PVID. VLAN
.
.
VLAN, , -
, , VLAN, -
.
:

switchport pvid vlan-id PVID .
switchport mode access|trunk|dot1q-tunnel .
switchport trunk vlan-allowed ... vlan-allowed .
switchport trunk vlan-untagged ... vlan-untagged .
:
dot1q-tunnel.
/ ,
.
dot1q-tunnel:

double-tagging double-tagging
dot1q-tunnel :
dot1q-

tunnel
2116 / 2224 / 2224M / 2226 / 2448B / 3224 / 3224M / 3424 / 6508
2224D
2448 / 2516 / 2524 / 3448 / 3512
, , , -
.

8.3.3 / VLAN
Vlan -
3. vlan :

[no] interface vlan vlan-id / VLAN

8.3.4 Super-VLAN
. .

Super VLAN : -
, VLAN Ipv4; -
, IP-. Super VLAN -
. VLAN -

IPv4 . , Super VLAN,
IP-.
. .


Super VLAN. -
, .
[no] interface supervlan index Index Super VLAN. 1
32.
no , Super VLAN.
Super VLAN. Sub
VLAN -

Super VLANs. Super VLAN -


[no] subvlan [setstr] [add . .
addstr] [remove remstr] Setstr Sub VLAN Sub VLAN. -
, 2,4-6 VLAN2,4,5,6.
Add VLAN
Sub VLAN. addstr
.
. .


.466534.012-324 37
. . .
Remove VLAN
Sub VLAN. remstr
.
No SubVLAN SuperVLAN. -
no
VLAN interface , Ip-.
Super VLAN , -
.

8.3.5 VLAN
VLAN -
:

show vlan [ id x | interface intf ] VLAN
show interface {vlan | supervlan} x /supervlan

8.4
, :

PC1~PC6 1~6 IP- -


192.168.1.0/24. , 2-6 -
ping, IP- 192.168.1.100. 1-3 4-6


2. 1-3 VLAN1,
4-6 - VLAN2. VLAN1 VLAN2 SuperVlan.
SuperVla :

interface fastethernet 0/4


switchport pvid 2
!
interface fastethernet 0/5

. .
switchport pvid 2
!
interface fastethernet 0/6
switchport pvid 2
!
interface supervlan 1
. .

subvlan 1,2
ip address 192.168.1.100 255.255.255.0
ip proxy-arp subvlan
!

. .

38
.466534.012-324
. . .
9 STP
9.1 (STP)
9.1.1 STP.
(Spanning Tree Protocol - STP)
IEEE 802.1D; , -
, .
-
-
. ,
. -
. , ,
.
STP
. LAN -
. ,
, , , LAN.
, .
.
( ) . ,
, .
:
(1) .
(2) .
(3) .
( )
. Root Path Cost, ,
.
, .
, (
LAN) . LAN
-
.
, -
.
STP ,

Ethernet. STP -
.
(Rapid Spanning Tree) -
802.1D ST. RSTP
, LAN.
. -
.
802.1D STP 802.1w RSTP. -
. .

PVST MSTP. 2: "


STP ".
, , -
.
:
802.1D STP 802.1w RSTP SSTP RSTP; SSTP -
Single Spanning-tree.
. .

9.1.2 STP
Single STP PVST RSTP MSTP
NX-5124G 10

9.1.3 RSTP

STP
/ STP





. .


.466534.012-324 39
. . .


STP

9.1.4 SSTP
9.1.4.1 STP
STP :

spanning-tree mode {sstp | rstp} STP

9.1.4.2 / STP
.
, .
:

no spanning-tree STP

, :

spanning-tree STP (SSTP)
spanning-tree mode {sstp | rstp} STP

9.1.4.3
-
.
:

spanning-tree sstp priority value sstp
no spanning-tree sstp priority sstp -
(32768)


9.1.4.4
STP -
, .
SSTP :

spanning-tree sstp hello-time value sstp

. .
no spanning-tree sstp hello-time sstp -
(4 )

9.1.4.5
,
, .
-
. .

:

spanning-tree sstp max-age value sstp
no spanning-tree sstp max-age
(20 )

9.1.4.6
sstp ,
, learning listening
(forwarding).
sstp :

spanning-tree sstp forward-time sstp
. .

40
.466534.012-324
. . .
no spanning-tree sstp forward time
(15 )

9.1.4.7
.
.
:

spanning-tree port-priority value
spanning-tree sstp port-priority value sstp
no spanning-tree sstp port-priority
(128)

9.1.4.8
:

spanning-tree cost value
spanning-tree sstp cost value sstp
no spanning-tree sstp cost

9.1.4.9
6500.
BPDU -
, MSU.
STP.
,
6500 :

spanning-tree designated-auto
no spanning-tree designated-auto

9.1.4.10 STP
STP, -
:

show spanning-tree
show spanning-tree detail
show spanning-tree interface
. .

9.1.5 vLAN
9.1.5.1
SSTP .
vLAN. vLAN, -
SSTP vLAN .
. .

vLAN,
.
,
30 ; -
STP.
NX-5124G10 -
vLAN. , , -
.

9.1.5.2 STP vLAN



STP :

spanning-tree mode pvst STP vLAN
. .


.466534.012-324 41
. . .
STP VLAN.
spanning-tree vlan vlan-list vlan-list: vLAN ( )
SSTP 30 -
.
no spanning-tree vlan vlan-list
vLAN.
spanning-tree vlan vlan-list prior-
ity value vLAN.
no spanning-tree vlan-list priority .
spanning-tree vlan vlan-list for-
ward-time value VLAN.
no spanning-tree vlan vlan-list for-
ward-time VLAN.
spanning-tree vlan vlan-list max-age
VALN
value
no spanning-tree vlan vlan-list max-
age VLAN.
spanning-tree vlan vlan-list hello-
time value VLAN.
no spanning-tree vlan vlan-list
hello-time VLAN.

:

spanning-tree vlan vlan-list cost VLAN.
no spanning-tree vlan vlan-list cost VLAN.
spanning-tree vlan vlan-list port-
priority VLAN.
no spanning-tree vlan vlan-list
port-priority VLAN.
-
vLAN:

show spanning-tree vlan vlan-list VLAN


9.1.6 RSTP
/ RSTP




. .

9.1.7 RSTP
9.1.7.1 / RSTP
:
. .


spanning-tree mode rstp RSTP
no spanning-tree mode STP (SSTP)

9.1.7.2
,
. , -

.
:

spanning-tree rstp priority value
no spanning-tree rstp priority
. .

42
.466534.012-324
. . .
, MAC-
. , RSTP,
, .
32768.

9.1.7.3
,
. -
, . -
, . -
. -
, , ;
. -
. , , -
.
:

spanning-tree rstp forward-time value
no spanning-tree rstp forward-time (15)
, -
. , -
. -
.
(Forward Delay Time) 15
.

9.1.7.4
, -
, .
:

spanning-tree rstp hello-time value
no spanning-tree rstp hello-time

,
. , -
. ,
,
. .
4 .

9.1.7.5
. .

,
. -
.
:

spanning-tree rstp max-age value
. .

no spanning-tree rstp max-age (20 )


, , . -
. ,
Max Age, -
. Max
Age, .
20 .

9.1.7.6
Ethernet . -
, . RST
Ethernet
.
. .


.466534.012-324 43
. . .
-
:

spanning-tree rstp cost value
no spanning-tree rstp cost
, Ethernet
. RSTP -
Ethernet.
, Ethernet 2000000, -
10 / 200000, 100/.

9.1.7.7
Ethernet , -
. , ,
. Ethernet , -

.
:

spanning-tree rstp port-priority value
no spanning-tree rstp port-priority
, Ethernet
.
Ethernet 128.

9.1.7.8
RST
802.1D STP, . STP,
STP, .
STP, RSTP
802.1D STP BPDU. span-
ning-tree rstp migration-check
RSTP.


:
, IEEE 802.1D 2004 RSTP, -
migration-check.

RSTP:

spanning-tree rstp migration-check
-

. .
:

spanning-tree rstp migration-check

9.2 MSTP
. .

9.2.1 MSTP
9.2.1.1
Multiple Spanning Tree Protocol (MSTP) -
LAN. MSTP (Spanning
Tree Protocol (STP)) (Rapid Spanning Tree Protocol (RSTP)).
STP
RSTP vLAN . STP -

. RSTP
.
MSTP RSTP
VLAN STP,
. , MSTP, VLAN
VLAN.
. .

44
.466534.012-324
. . .
PvSTP, MSTP VLAN STP,
STP, VLAN.
NX-5124G10 MSTP. , -
, .

9.2.1.2 MST
MSTP VLAN STP MSTP. -
MSTP, MST.
, MST -
, MST. MST
VLAN, VLAN MST.

9.2.1.3 IST, CST, CIST MSTI


9.2-1 MSTP, MST ,
802.1D STP.

9.2-1 MSTP
1. CIST
Common and Internal Spanning Tree (CIST) , -
LAN.
MST STP RSTP;
. .

.
, CIST CIST. -
CIST ,
CIST.
2. CST
(Common Spanning Tree). MST
. .

, Common Spanning Tree (CST) ,


. 2.1, 1, 2 3 STP -
CST.
3. IST
(Internal Spanning Tree (IST)) CIST, -
MST. , IST CST CIST.
4. MSTI

(Multiple Spanning Tree Instance). MSTP


VLAN ,
Multiple spanning tree. , CIST,
. , No.1,
. -
VLAN. , VLAN CIST.
MSTI MST .
. 3 2.1 MSTI01 -
. .


.466534.012-324 45
. . .
, . MSTI00, CIST, -
, .

9.2.1.4
MSTP , RSTP.
1.

9.2-2
,
.
2.


9.2-3
. -
,
, .
3.

. .
. .

9.2-4
LAN .

LAN .
. .

46
.466534.012-324
. . .
4.

9.2-5
LAN,
, . -
, .
5.

9.2-6

MST CIST.
CIST.
6.
CIST MSTI. CIST -
, MST. MSTI,
, .
7.
. .

RSTP MSTP, ,
. ,
.
. .

9.2-7
. .


.466534.012-324 47
. . .
, MTSP RSTP ,
. , BPDU ,
. 802.1D STP BPDU,

.

9.2.1.5 MSTP BPDU


STP RSTP, , MSTP, -
Bridge Protocol Data Unit (BPDU). CIST MSTI -
BPDU. 9.2-1 9.2-2 BPDU, MSTP.
9.2-1 MSTP BPDU

(Protocol Identifier) 1-2
(Protocol version Identifier) 3
BPDU (BPDU Type) 4
CIST (CIST Flags) 5
CIST (CIST Root Identifier) 6 - 13
CIST (CIST External Root Path Cost) 14 - 17
CIST (CIST Regional Root Identifier) 18 - 25
CIST (CIST Port Identifier) 26 - 27
(Message Age) 28 - 29
(Max Age) 30 -31
(Hello Time) 32- 33
(Forward Delay) 34 - 35
1 (version 1 Length) 36
3 (version 3 Length) 37 - 38
(Format Selector) 39
(Configuration Name) 40 - 71
(Revision) 72 - 73
(Configuration Digest) 74 - 89
CIST (CIST Internal Root Path Cost) 90 - 93
CIST (CIST Bridge Identifier) 94 - 101
CIST (CIST Remaining Hops) 102


MSTI (MSTI Configuration Messages) 103~
9.2-2 MST

MSTI (MSTI FLAGS) 1
MSTI (MSTI Regional Root Identifier) 2-9
MSTI (MSTI Internal Root Path Cost) 10 - 13
MSTI (MSTI Bridge Priority) 14

. .
MSTI (MSTI Port Priority) 15
MSTI (MSTI Remaining Hops) 16

9.2.1.6
MSTP
BPDU, .
. .

1) CIST .
2) LAN
CIST, .
3) , CIST -
.
4) MSTI MSTI.
5) LAN
MSTI.

6) CIST
CIST CIST.
7) CIST LAN
CIST.
8) , ,
LAN .
9) MSTI MSTI.
. .

48
.466534.012-324
. . .
10) MSTI MSTI.
11) CIST. -
CIST MSTI .

9.2.1.7
STP RSTP, MSTP STP (Hop Count)
Message Age Max Age BPDU.
, MSTP
. BPDU -
CIST MSTI .
0, .

9.2.1.8 STP
MSTP STP
. STP, -
STP. , , STP,
.
:
, STP, -
MSTP, STP. , -
spanning-tree mstp migration-check STP, ,
the MSTP.
, RSTP,
MSTP. , MSTP -
RSTP.

9.2.2 MSTP
MSTP
MSTP
MSTP



STP






MST

9.2.2.1 MST
MSTP, , IEEE 802.1s.
. .

MSTPs, MSTP, Cisco,


MSTP , MST. , , -
MSTP, MSTP, -
MST MST.
, MST, , STP, -
MSTP. BPDU ,
BPDU .
. .

MST, spanning-tree mstp migration-check.


, MST,
:

spanning-tree mstp mst-compatible MST
no spanning-tree mstp mst-compatible MST
:

MST -
, MSTP. ,
. ,
MSTP, CIST, -
.
. .


.466534.012-324 49
. . .
MST , -
BPDU RSTP BPDU.
, MST, .
-
MST BPDU, .
migration-check.

MSTP

9.2.3 MSTP
9.2.3.1 MSTP

STP SSTP (PVST, RSTP MSTP )
MAC-
0
MST VLANs CIST (MST00)
(CIST MSTI) 32768
(CIST MSTI) 128
1000 /: 20000
(CIST MSTI) 100 /: 200000
10 /: 2000000
(Hello Time) 2
15
20
20

9.2.3.2 MSTP
STP PVST SSTP . -
, .
STP MSTP :

spanning-tree STP


spanning-tree mode mstp MSTP
STP :

no spanning-tree STP

9.2.3.3 MST
MST, , : ,

. .
, VLAN MSTI. -
. ,
, .
MST -
MAC- . VLANs CIST (MST00). 0 VLAN
CIST (MST00). MAC-,
MSTP . span-
. .

ning-tree mstp instance instance-id vlan vlan-list MSTI -


VLAN. MSTI , VLAN CIST.
MST :

MST
string
spanning-tree mstp name string 32 ; -

.
MAC-
no spanning-tree mstp name MST
MST.
spanning-tree mstp revision value value , 0 65535.
0.
No spanning-tree mstp revision MST
. .

50
.466534.012-324
. . .
instance-id -
, MSTI. 1 15.
spanning-tree mstp instance in- vlan-list vlan,
stance-id vlan vlan-list 1 4094. instance-id -
, ;
vlan-list vlan,
1,2,3, 1-5, 1,2,5-10 ..
VLAN MSTI
no spanning-tree mstp instance in- . instance-id -
stance-id , MSTI. 1
15.
MSTP :

show spanning-tree mstp region MSTP

9.2.3.4
MSTP ID ,
MAC- .
ID .
MSTP . -
32768..
,
, Spanning-tree mstp in-
stance-id root.
, ID
ID 24576, 24576 ,
.
24576, MSTP
4096 , . -
, 4096 .
, diameter -
. ID 0.
, MSTP
STP , ,
. Hello-time

.
:

-

instance-id
spanning-tree mstp instance-id root
primary [diameter net- , 0 15.
. .

diameter[hello-time seconds]] net-diameter (


).
seconds -
. 1 10 .
No spanning-tree mstp instance-id
root instance-id
, 0 15.
. .

MSTP :

show spanning-tree mstp[instance in-
stance-id] MSTP

9.2.3.5
, spanning-tree mstp instance-id

root secondary,
.
, .
, MSTP -
28672. ,
32768, .
. .


.466534.012-324 51
. . .
diameter hello-
time STP. -
, .
:



spanning-tree mstp instance-id root
secondary instance-id -
[diameter net-diameter [hello-time sec- , 0 15
onds]] net-diameter (-
), instance-id
0; 2 7.

No spanning-tree mstp instance-id root instance-id -
, 0 15.
MSTP :

show spanning-tree mstp
[instance instance-id] MSTP

9.2.3.6
, , -
root. -
.
:


instance-id -
spanning-tree mstp instance-id pri- , 0 15; value -
ority value ; -
: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768,
36864, 40960, 45056, 49152, 53248, 57344, 61440


no spanning-tree mstp instance-id .
priority instance-id
, 0 15.

9.2.3.7 STP
STP:
Hello Time ( )
,

. .
.
Forward Delay ( )
, , Blocking learning for-
warding STP.
Max Age ( )

-
. .

:
2 x (fwd_delay 1.0) >= max_age
max_age >= (hello_time + 1) x 2
, MSTP:

:

spanning-tree mstp hello-time seconds 1 10 ; 2


.
No spanning-tree mstp hello-time
-
spanning-tree mstp forward-time seconds : 6 40 ;
- 15 .
no spanning-tree mstp forward-time -
.
. .

52
.466534.012-324
. . .
:
spanning-tree mstp max-age seconds 6 40 ; - 20
.
no spanning-tree mstp max-age -
.
STP -
.
-
.
.

9.2.3.8
.
.
MSTP, spanning-tree mstp diameter net-
diameter. CIST.
STP .
:

spanning-tree mstp diameter net- .
net diameter 2 7;
diameter
7.
no spanning-tree mstp diameter net diameter
.
.

9.2.3.9
(maximum hops) .

spanning-tree mstp max-hops hop- .
count hop count 1 40; -
20.

no spanning-tree mstp hop-count -


9.2.3.10
, -
(forwarding), -
. ,
. .

forwarding.
, MSTP:

STP
instance-id
spanning-tree mstp instance-id port-priority , 0 15.
. .

priority ; -
priority
:
0, 16, 32, 48, 64, 80, 96, 112
128, 144, 160, 176, 192, 208, 224, 240
-
.
spanning-tree port-priority value value -
:0, 16, 32, 48, 64, 80, 96, 112

128, 144, 160, 176, 192, 208, 224, 240


no spanning-tree mstp instance-id port-
priority
no spanning-tree port-priority

MSTP :
. .


.466534.012-324 53
. . .

show spanning-tree mstp interface MSTP
interface-id ,
interface-id
F0/1, FastEtnernet0/3 ..

9.2.3.11
MSTP . -
, -
. , . -
, .
:


spanning-tree mstp instance-id cost cost instance-id -
, 0 15.
-
spanning-tree cost value .
value .
1 200000000.
no spanning-tree mstp instance-id cost -

no spanning-tree cost -

9.2.3.12
, MSTP -
-,
(handshake mechanism). ,
-.
, -
. , -
-. ,
.
, , RSTP MSTP, -


point-to-point, -
.
, :

spanning-tree mstp point-to-point force-true -.
spanning-tree mstp point-to-point force-
false (shared)
spanning-tree mstp point-to-point auto

. .
no spanning-tree mstp point-to-point

9.2.3.13 MST
MSTP, , IEEE 802.1s.
MSTPs, MSTP, Cisco,
. .

MSTP , MST. , , -
MSTP, MSTP, -
MST MST.
, MST, , STP, -
MSTP. BPDU ,
BPDU .
MST, spanning-tree mstp migration-check.
, MST,

:

spanning-tree mstp mst-compatible MST
no spanning-tree mstp mst-compatible MST
:
. .

54
.466534.012-324
. . .
MST -
, MSTP. ,
. ,
MSTP, CIST, -
.
MST , -
BPDU RSTP BPDU.
, MST, .
-
MST BPDU, .
migration-check.

9.2.3.14
MSTP STP -
. STP,
STP. STP . -
, STP, .
:
, STP,
MSTP, STP; STP,
, MSTP, spanning-tree
mstp migration-check .
RSTP,
MSTP. , MSTP -
RSTP.
STP, , -
:

spanning-tree mstp migration-check STP,

STP, ,
:

spanning-tree mstp migration-check STP,

9.2.3.15 MSTP
MSTP, ,
:

show spanning-tree MSTP ( SSTP, PVST,
. .

RSTP MSTP)
show spanning-tree detail STP (
SSTP, PVST, RSTP MSTP)
show spanning-tree interface interface-id STP ( SSTP,
PVST, RSTP MSTP)
show spanning-tree mstp MST
show spanning-tree mstp region MST
. .

show spanning-tree mstp instance in-


MST
stance-id
show spanning-tree mstp detail MST
show spanning-tree mstp interface inter-
MST
face-id
show spanning-tree mstp protocol-
migration

. .


.466534.012-324 55
. . .
10 STP
10.1 STP
10.1.1 STP.

( ); .

:
-
Single STP PVST RSTP MSTP

Port Fast
BPDU Guard
BPDU Filter
Uplink Fast
Backbone Fast
Root Guard
Loop Guard

10.1.1.1 Port Fast


Port Fast , , -
, . SSTP
PVST Port Fast , ,
.
, .
BPDU ;
, . Port
Fast , , .
Port Fast -
. ,
Port Fast .
. Port Fast
BPDU Guard BPDU Filter .


. .
. .

10.1-1 Port Fast


:
, RSTP MSTP, -
. Port Fast.

10.1.1.2 BPDU Guard


Port Fast BPDU, , -


- . BPDU -
Port Fast, BPDU guard.
BPDU STP. , Port
Fast, BPDU SSTP/PVST, BPDU guard
. , BPDU
guard, BPDU SSTP/PVST, -
. .

56
.466534.012-324
. . .
.
BPDU guard Port Fast. STP
BPDU Guard BPDU , -
BPDU. RSTP/MSTP BPDU Guard
, , , , BPDU.
BPDU Guard -
. spanning-tree portfast bpduguard -
, BPDU . , -
BPDU guard .

10.1.1.3 BPDU Filter


BPDU BPDU SSTP/PVST, -
, Port Fast.
, Port Fast, BPDU SSTP/PVST,
BPDU Filter Forwarding, -
Listening Learning.
bpdu
. spanning-tree portfast bpdufilter
bpdu ; ,
bpdu.

10.1.1.4 Uplink Fast


Uplink Fast Forwarding
.
, 10.1-2.
, , -
. STP .

. .

10.1-2
. .

( Direct Link
Failure), STP ,
Forwarding, Listening Learning.
Uplink Fast spanning-tree uplinkfast
, , -
.
10.1-3 Uplink Fast. -
C B , .

C A, -
, .
. .


.466534.012-324 57
. . .
10.1-3 Uplink Fast
:
Uplink Fast SSTP PVST.
RSTP MSTP, Uplink
Fast.

10.1.1.5 Backbone Fast


Backbone Fast Uplink Fast. Uplink Fast -
,
Backbone Fast
.
10.1-3, L2 C A


c ; Uplink
Fast. L1 A B C.
L1 ,
backbone fast.
Backbone Fast 10.1-4.

. .
. .

10.1-4 Backbone Fast


. .

58
.466534.012-324
. . .
, C , B.
L1, B bpdu C, -
. C , bpdu -
. Backbone Fast ,
C B
. . -
spanning-tree backbonefast,
C BPDU , C -
, indirect-link root-switch-reachable ; C
, .
Backbone Fast, BPDU -
, . ,
. -
, .
, Backbone Fast . -
: listening,
learning forwarding.
Uplink Fast, Backbone Fast SSTP PVST.

10.1.1.6 Root Guard


Root Guard - BPDU
.
2 ,
. -
, ( - ,
). -
, (core switch) .
Root Guard ,
,
. Root Guard -
BPDU , Root Guard
.
PVST MSTP Root Guard
. MSTP, Root Guard CIST,
MSTI. , LAN
, STP, RSTP MSTP .

, spanning-tree guard root


Root Guard .
:
Root Guard - SSTP/PVST RSTP/MSTP.
SSTP/PVST, Root Guard, RSTP/MSTP,
BPDU . , ,
.
. .

10.1.1.7 Loop Guard


loop guard -
- , BPDU -
.
, spanning-tree loopguard
default. Loop guard
. BPDU , -
. .

.
PVST MSTP Loop Guard
. MSTP, Loop Guard CIST,
MSTI.
:
Loop Guard SSTP/PVST RSTP/MSTP. SSTP/PVST,
Loop Guard, RSTP/MSTP,

- BPDU. Loop Guard ,


- BPDU .

10.1.2 STP
10.1.2.1 STP
Port Fast
. .


.466534.012-324 59
. . .
BPDU Guard
BPDU Filter
Uplink Fast
Backbone Fast
Root Guard
Loop Guard

10.1.2.2 Port Fast


Port Fast
SSTP/PVST .
Port Fast STP.
port fast :

spanning-tree port fast default port fast,
.
no spanning-tree portfast default port fast
.
:
port fast , ; BPDU Guard
BPDU Filter port fast.
port fast -
:

spanning-tree port fast Port Fast
no spanning-tree portfast port fast -

10.1.2.3 BPDU Guard


BPDU guard , BPDU.
Port Fast BPDU.
BPDU Guard STP. , -
Port Fast, BPDU SSTP/PVST,
. , BPDU guard, BPDU
RSTP/MSTP, .


BPDU Guard :

spanning-tree portfast bpduguard bpdu guard,

no spanning-tree portfast bpduguard bpdu guard
:
port fast . BPDU

. .
Guard BPDU Filter .
BPDU guard :

spanning-tree bpduguard enable bpdu guard
spanning-tree bpduguard disable bpdu guard

. .

no spanning-tree bpduguard bpdu guard


10.1.2.4 BPDU Filter


BPDU Filter, BPDU, -
Port Fast.
BPDU

Filter:

spanning-tree portfast bpdufilter BPDU Filter,

no spanning-tree portfast bpdufilter bpdu filter
:
port fast . BPDU
. .

60
.466534.012-324
. . .
Guard BPDU Filter .
BPDU filter :

spanning-tree bpdufilter enable bpdu filter
spanning-tree bpdufilter disable bpdu filter

no spanning-tree bpdufilter bpdu filter

10.1.2.5 Uplink Fast


Uplink Fast Forwarding
.
Uplink Fast SSTP/PVST.
Uplink
Fast:

spanning-tree uplinkfast uplink fast
no spanning-tree uplinkfast uplink fast

10.1.2.6 Backbone Fast


BackboneFast UplinkFast. Uplink Fast
,
Backbone Fast -
.
Backbone fast SSTP/PVST.
Backbone Fast -
:

spanning-tree backbonefast backbone fast
no spanning-tree backbonefast backbone fast

10.1.2.7 Root Guard


Root Guard - BPDU


.
Loop Guard SSTP/PVST RSTP/MSTP. SSTP/PVST,
Root Guard, RSTP/MSTP,
BPDU . , , .
, Root Guard:

. .

spanning-tree guard root root guard


no spanning-tree guard root guard loop guard
spanning-tree guard none root guard loop guard

10.1.2.8 Loop Guard


loop guard -
- , BPDU -
. .

.
Loop Guard SSTP/PVST RSTP/MSTP. SSTP/PVST,
Loop Guard, RSTP/MSTP,
- BPDU. Loop Guard ,
- BPDU .
Loop
Guard:


spanning-tree loopguard default Loop Guard, -
.
no spanning-tree loopguard default loop guard.
loop guard :
. .


.466534.012-324 61
. . .

spanning-tree guard loop loop guard .
no spanning-tree guard root guard loop guard .
spanning-tree guard none root guard loop guard .


. .
. .

. .

62
.466534.012-324
. . .
11 MAC-
11.1 MAC-
- :
-
-
-
-

11.2 MAC-
11.2.1 Mac-
MAC- , .
. ,
MAC-. MAC-
.

Configure
/ MAC-
[no] mac address-table static mac- mac-addr MAC-;
addr vlan vlan-id interface inter- Vlan-id VLAN; -
face-id 1 4094;
interface-id .
exit .
write .

11.2.2 MAC-
MAC- , -
MAC- MAC-. MAC-
; 300
.
MAC- -
:

configure
-.
mac address-table aging-time [0 | 0 , MAC- .
10-1000000] -: 10
1000000 .
exit .
write .
. .

11.2.3 - VLAN
- VALN, - VALN - -
VLAN. VLAN -.
- VALN :

. .

configure
interface f0/1 ,
switchport shared-learning - VALN
exit .
exit .
write .

11.2.4 MAC-

, -
MAC- . MAC-
show.
. .


.466534.012-324 63
. . .

MAC-
dynamic -, -
.
show mac address-table {dynamic [inter-
face interface-id | vlan vlan-id] | Vlan-id VLAN; -
static} 1 4094.
Interface-id .
Static MAC-

11.2.5 MAC-
MAC- .
MAC-
:

MAC-
dynamic -, -
clear mac address-table dynamic [address .
mac-addr | interface interface-id | vlan Mac-addr MAC-;
vlan-id] Interface-id .
Vlan-id VLAN; -
1 4094.


. .
. .

. .

64
.466534.012-324
. . .
12
.

12.1
- -
. -
. -
, , LACP.
:

, , ,
, -
.
LACP
, LACP,
. .

-
.

12.2
,


12.3
12.3.1 ,
, -
.
:


interface port-aggregator id

12.3.2
-
LACP .
,
, VLAN , , -
. .

, .
, , -
, LACP.
, -
( ). -
, , -
-
. .

. vlan
.
LACP .
, -
. , -
, , .
VLAN: PVID, , VLAN (vlan-
allowed) VLAN (vlan-untagged).

:

aggregator-group agg-id mode { lacp | static }
. .


.466534.012-324 65
. . .
12.3.3
,
.
.
src-mac
MAC-,
MAC- .
dst-mac
MAC- ,
, MAC- .
both-mac
MAC- MAC-
, MAC-
.
src-ip
IP-,
IP- .
dst-ip
IP- , ,
IP- .
both-ip
IP- IP-
, IP-
.
:

aggregator-group load-balance
:
,
. , ,
, . -
, :
src-mac dst-mac both-mac src-ip dst-ip both-ip


NX-5124G 10

12.3.4
-
:

show aggregator-group

. .
. .

. .

66
.466534.012-324
. . .
13 GVRP
13.1
GVRP ( , , -
vlan (garp vlan registration protocol GARP VLAN) -
GARP ( ). GVRP GARP
VLAN . GVRP -
VLAN -
VLAN, VLAN, .
GVRP
VLAN ( VLAN VLAN )
, VLAN
GVRP .

13.2
13.2.1 GVPR
/ GVPR
/ GVPR
GVRP

13.3 GVPR
13.3.1 / GVPR
:

[no] gvrp / GVRP
: GVRP .

13.3.2 / GVPR
:

[no] gvrp / GVPR

GVRP , ; GVRP
. GVRP
; GVRP .
: GVRP .

13.3.3 GVRP
.

. .

show gvrp statistics [interface port_list] GVRP.


show gvrp status GVRP.
/ GVRP -
[ no ] debug gvrp [ packet | event ] . ,
-
/.
. .

GVRP.
switch#show gvrp statistics interface Tthernet0/1
GVRP statistics on port Ethernet0/1
GVRP Status: Enabled
GVRP Failed Registrations: 0
GVRP Last Pdu Origin: 0000.0000.0000
GVRP Registration Type: Normal

GVRP.
switch#show gvrp status gvrp is enabled!

13.4
:
VLAN A B, GVRP A -
B.
. .


.466534.012-324 67
. . .
8 :
Switch_config_f0/8# switchport mode trunk
GVRP A
Switch_config#gvrp
GVRP 8 A
Switch_config_f0/8#gvrp
VLAN 10, VLAN 20 VLAN 30 A
Switch_config#vlan 10
Switch_config#vlan 20
Switch_config#vlan 30
9 :
Switch_config_f0/9# switchport mode trunk
GVRP
Switch_config#gvrp
GVRP 9
Switch_config_f0/9#gvrp
VLAN 40, VLAN 50 VLAN 60
Switch_config#vlan 40
Switch_config#vlan 50
Switch_config#vlan 60
, VLAN
A B. VLAN10, VLAN20, VLAN30, VLAN40, VLAN50 VLAN60
.


. .
. .

. .

68
.466534.012-324
. . .
14 IGMP-SNOOPING
14.1 IGMP-snooping
IGMP VLAN -
VLAN.
. -
IGMP ,
VLAN, IGMP IGMP
.
, IGMP , -
, IGMP-
, ,
IGMP . , IGMP-
-
. show ip igmp-snooping -
VLAN igmp-snooping.
/ IGMP-snooping VALN
/ VLAN
VLAN

IGMP-snooping
IGMP-snooping
IGMP-snooping
IGMP-snooping
IGMP-snooping

14.1.1 / IGMP-snooping VALN


:

ip igmp-snooping [vlan vlan_id] / IGMP-snooping VALN
no ip igmp-snooping [vlan vlanid]
vlan , vlan , vlans,
.
IGMP-snooping VLAN , ip igmp-
snooping.

: IGMP-snooping 16 VLAN.
IGMP-snooping VLAN3, no ip IGMP-
snooping, IGMP-snooping VLAN, ip IGMP-snooping VLAN 3
.

14.1.2 / VLAN
, IGMP,
.
. .

:

ip igmp-snooping vlan vlan_id static
A.B.C.D interface intf VLAN
no ip igmp-snooping vlan vlan_id static
A.B.C.D interface intf VLAN
. .

14.1.3 VLAN
(immediate-leave),
leave; , -
, , -
.
, ;
, immediate-leave .

:

ip igmp-snooping vlan vlan_id immediate-leave VLAN
no ip igmp-snooping vlan vlan_id immediate- VLAN
leave
VLA
. .


.466534.012-324 69
. . .
14.1.4
, (DHL,
igmp-snooping),
VLAN.
, ,
.

ip igmp-snooping dlf-frames filter ,

no ip igmp-snooping dlf-frames ()
:
VLAN.
(
VLAN).

14.1.5 IGMP-snooping
(Router Age) IGMP.
IGMP -
. IGMP .
:

ip igmp-snooping timer router-age IGMP-
timer_value snooping
no ip igmp-snooping timer router-age IGMP-
snooping
:
IGMP inquirer. -
.
260 .

14.1.6 IGMP-snooping
(response time)


IGMP inquirer . -
, .
:

ip igmp-snooping timer response-time
timer_value IGMP-snooping

no ip igmp-snooping timer response-time IGMP-snooping -


. .
:
; , -
. 10 .

14.1.7 IGMP-snooping
VLAN,
. .

IGMP-snooping, IGMP-snooping
IGMP query.( ,
VLAN, IGMP-snooping ).
LAN
, IGMP
snooping, IGMP snooping.
:


[no] ip igmp-snooping querier [address IGMP-snooping -
[ip_addr] address Ip- -

IGMP-snooping .
(Pseudo Query packet) - 10.0.0.200.
:
. .

70
.466534.012-324
. . .
, -
VLAN.
.

14.1.8 IGMP-snooping
:

show ip igmp-snooping IGMP-snooping
show ip igmp-snooping timer IGMP-snooping
show ip igmp-snooping groups IGMP-snooping
show ip igmp-snooping statistics IGMP-snooping
/ IGMP-
[ no ] debug ip igmp-snooping [ packet | snooping ////.
timer | event | error ] ,
/.
VLAN IGMP-snooping:

IGMP-snooping:

IGMP-snooping:

IGMP-snooping:
. .
. .

IGMP-snooping:

. .


.466534.012-324 71
. . .
IGMP-snooping:

14.1.9 IGMP-snooping
:


(1) IGMP-snooping VLAN 1,
Switch_config#ip igmp-snooping vlan 1
(2) IGMP-snooping VLAN 2,
Switch_config#ip igmp-snooping vlan 2

. .
. .

. .

72
.466534.012-324
. . .
15 802.1
15.1 802.1
802.1
802.1
802.1
802.1
802.1
802.1
802.1
802.1
802.1
VLAN

802.1
802.1

15.2 802.1
15.2.1 802.1
802.1x : , -
802.1x.
, -
. .
.
, ,
.
.
802.1x , 802.1x
.
. 802.1x ,
AAA.
802.1x :


dotlx enable 802.1
802.1:

dotlx port-control auto 802.1
aaa authentication dotlx {default |list
802.1
name} method
802.1
. .

:

dot1x port-control auto 802.1x
dot1x port-control force-authorized
dot1x port-control force-unauthorized
. .

15.2.2 802.1
802.1x . -
.
, -
.
, 802.1 (, 1108).
-

.
802.1x,
. , ( -
MAC- ). , 802.1x ,
- . -
- , MAC- .
802.1 -
:
. .


.466534.012-324 73
. . .

()
dot1x multiple-hosts
802.1

15.2.3 802.1
802.1x 802.1x, -
. - -
, - . -
, 802.1x , -
.

, .

:

,
dot1x max-req count EAP-
request/identity

15.2.4 802.1
-
. -
.
-
.
:

( -
dot1x re-authentication
)
dot1x timeout re-authperiod time
-
dot1x reauth-max time


15.2.5 802.1
802.1 .
802.1x ,
.
:

dot1x timeout tx-period time 802.1

. .
15.2.6 802.1
802.1 ,
. 802.1
:

dot1x user-permit xxxz
. .

15.2.7 802.1
802.1 -
. default 802.1.
802.1
:


dot1x authentication method yyy 802.1

15.2.8 802.1
802.1;
Chap Eap (eap md5-challenge eap-tls), .
Challenge, MD5, Chap,
. .

74
.466534.012-324
. . .
challenge eap. -
-
. ,
, No .
Eap-tls
handshake Translation Layer Security (tls),
.
802.1
:

dot1x authen-type {chapjeap} chap eap
:

dot1x authentication type {chapjeap} chap, eap

15.2.9 802.1
802.1 .
dot1x 802.1 , .
,
.
. -
.
, dot1x AAA -
update . ,
.
dot1x, , -
- (supplicant).
dot1x -
:

dot1x accounting enable 802.1
; -
dot1x accounting method {method name}
default

15.2.10 VLAN 802.1


VLAN, (-
, ) . -
VLAN . -
VLAN , -
.
: .
. .

VLAN, -
:

Dot1x guest-vlan guest-vlan
0. -
, .
. .

guest-vlan id .
guest-vlan id:

VLAN VLAN
Dot1x guest-vlan {id(1-4094)}
802.1. 1 4094

15.2.11

(Supplicant) .
:

dot1x forbid multi-network-adapter
. .


.466534.012-324 75
. . .
15.2.12 802.1
. -
:

dot1x default 802.1

15.2.13 802.1
802.1 -
:

show dot1x {interface ....} 802.1

15.3 802.1x
:

F0/10 , F0/12. IP- -


- : 192.168.20.2. : TST. F0/10 -
.
F0/12. F0/12
.
1.
username switch password 0 TST
username TST password 0 TST


aaa authentication dot1x TST-F0/10 radius
aaa authentication dot1x TST-F0/12 local
interface VLAN1
ip address 192.168.20.24 255.255.255.0
radius-server host 192.168.20.2 auth-port 1812 acct-port 1813
radius-server key TST
2. F0/10
interface FastEthernet0/10

. .
dot1x port-control auto
dot1x authentication method TST-F0/10
dot1x user-permit radius-TST
3. F0/12
interface FastEthernet0/12
dot1x Multiple-host dot1x port-control auto
. .

dot1x authentication method TST-F0/12


dot1x authentication type eap

. .

76
.466534.012-324
. . .
16 -
:
MAC-
-
MAC-

16.1 -
16.1.1 MAC-
.
- .
MAC-
.

Configure
/ -
[no] mac access-list name

16.1.2 -
permit/deny , -
. -
-. -
.
-
.

-
permit deny
[no] {deny | permit} {any | host src-mac-
- - -
addr} {any | host dsf-mac-addr} [ether-
- .
type]
ethertype
Ethernet
-
exit

-
exit
write

Switch_config#mac acce 1
Switch-config-macl#permit host 1.1.1 any
Switch-config-macl#permit host 2.2.2 any
- -
. .

. .

16.1.3 -
- -
. - -
.
. .


Configure
-
.
[no] mac access-group name
name -
.
exit .

exit .
write .
. .


.466534.012-324 77
. . .
17 IP-
17.1 IP-
17.1.1 IP
,
.

. :
-

, IP- .
IP- , -
. ROS
. , : . -
, -
. , .
:
(1) .
(2) .

17.1.2 IP-
IP-. :
, .

:

ip access-list standard name name -
IP
deny {source [source-mask] | any} or per-
mit {source [source-mask] | any}

exit

:



ip access-list extended name name -
IP
{deny | permit} protocol source source-
mask destination destination-mask [prece-
dence precedence] [tos tos] . ( precedence -
{deny | permit} protocol any any IP ; TOS )

. .
exit
, ( ) -
. , add access list -
. no permit no deny -
.
:
,
. .

deny. IP-
, 255.255.255.255 .
,
IP- .

17.1.3 IP-
.

:

ip access-group name
,
. ,
. , -
. .

78
.466534.012-324
. . .
. ICMP, ,
-.
, .

17.1.4
,
SMTP 130.2.1.2.
ip access-list extended aaa
permit tcp any 130.2.1.2 255.255.255.255 eq 25
interface g0/10
ip access-group aaa

. .
. .

. .


.466534.012-324 79
. . .
18
18.1 IP-
18.1.1
18.1.1.1 IP-
(Internet protocol - IP) - ,
. IP , -
. IP- (-
IP ). , IP -
, .
(Transmission Control Protocol (TCP)) IP. TCP -
, , ,
. ,
, . TCP
, -
.
IP-, (Address Resolution Protocol (ARP)),
IP-. IP-, ICMP, HSRP, IP- -
IP-.

18.1.1.2 IP-
IP- , -
.
IP 2 : Interior Gateway Protocol (IGP) Exterior
Gateway Protocol (EGP). RIP,
OSPF, BGP BEIGRP. RIP, OSPF, BGP BEIGRP -
. , ,
,
OSOF ( ), BGP, RIP, BEIGRP.
redistribute, -
,
.
,

, . -
, , -


.
1.
.
.


. .




, , -

.
. .

2.
IGP . IP
(, ) -
. -
, .
IGRP:
RIP
OSPF

BEIGRP
3.
EGP -
. , , -
, . EGRP,
BGP.
. .

80
.466534.012-324
. . .
18.1.2 IP-
IP IP -
. -
, IP. IP
.
IP- . , -
.
, IP- , IP .
IP-:
IP-
IP-



IP-

18.1.3 IP-
18.1.3.1 IP-
IP- IP . IP- -
. -
IP 1, IP-
.

0.0.0.0
1.0.0.0 126.0.0.0
127.0.0.0
128.0.0.0 191.254.0.0

191.255.0.0
192.0.0.0
192.0.1.0 223.255.254
223.255.255.0
D 224.0.0.0 239.255.255.255
240.0.0.0 255.255.255.254
E
255.255.255.255

IP- RFC 1166 .


, .
IP-. IP-
, -
:

ip address ip-address mask IP-
. .

IP-.
: ,
.

18.1.3.2 IP-
IP-, IP- -
. .

IP-. IP-
:
IP . ,
254 IP-,
300 . IP-
.
2 , -
. IP-

.
, IP.
, -
IP-, -
.
:
,
IP- .
. .


.466534.012-324 81
. . .
,
:

ip address ip-address mask secondary IP-
:
IP -
.

18.1.3.3
IP IP- . -
, :
1.
IP- ( -
), ( , -
). , -
, .
MAC- , MAC
.
, Ethernet ,
48- MAC- .
IP- . IP-
.
: (Ad-
dress Resolution Protocol (ARP)) -ARP. RFC 826 1027.
ARP IP- MAC-. IP-
ARP -. MAC-
, IP- MAC- ARP . IP-
.
ARP
ARP
IP- . -
, ARP. , -
ARP.
, 32- IP- 48 .


, , ARP -
.
ARP , ARP.
, IP / .
:

arp ip-address hardware-address IP- ARP

. .
arp ip-address hardware-address alias
ARP- IP-
:

arp timeout seconds ARP
show interfaces - ARP -
. Use show arp, ARP. -
. .

clear arp-cache ARP.


ARP
-ARP ( RFC 1027), -
, . , -
ARP , , , -
ARP . -
, ,
-ARP, . -

, . -ARP .
-ARP, -
:

ip proxy-arp ARP
Free ARP
. .

82
.466534.012-324
. . .
, IP- , -
ARP. IP- ARP
. - MAC- .
ARP . -
ARP, IP- IP-,
ARP , ARP -
IP-. , .
ARP . Free
ARP , .

arp send-gratuitous ARP
arp send-gratuitous interval value ARP -
; : 120 .
2. IP-
IP- , .
Telnet, Ping .
IP-,
:

ip host name address IP

18.1.3.4

. -
-. IP- , BGP, RIP OSPF, , -
.

18.1.3.5
-
. . -
, -
. IP
. ,

. .
IP -
. , . -
, .
1. -

IP- -
. "Deny of Service" IP-
. .

.
-
. ,
, ,
, .

. , IP- -
. .

-
.
IP, -
:

ip directed-broadcast [access-list-name]

2. UDP
UDP , -
. , , UDP -
, . , -
-
. .
UDP, , UDP
. .


.466534.012-324 83
. . .
. , UDP, -
NetBIOS ( 137).
,
:

ip helper-address address
UDP
, , -
:

ip forward-protocol udp [port] ,

18.1.3.6 IP-
, :
1. ,
, . -
, ,
.
, , EXEC,
:

clear arp-cache IP ARP
2.
, IP-
, . -
.
, .
.
" IP-". :


show arp ARP
,
show hosts ,

show ip interface [type number]
show ip route [protocol]
ping {host | address} (
)

. .
18.1.4 IP-
IP VLAN 11.
interface vlan 11
ip address 202.96.2.3 255.255.255.0
. .

18.2 NAT
18.2.1
, -
IP . NAT - , IP-
IP- , -
. , NAT -

-
. NAT ,
-
(CIDR). NAT RFC 1631.

18.2.1.1 NAT
(NAT) -
. .

84
.466534.012-324
. . .
:
, -
. NAT IP , -
IP , . NAT
( ) , -
( ). NAT -
IP .
. ,
, NAT.
TCP.
IP- IP- TCP.
, NAT -
-
. , IP
IP-, .
.

18.2.1.2 NAT
NAT ,
. , NAT ,
. -
, , IP-,
NAT. ( -
) NAT. NAT , , -
.
NAT
. NAT
. NAT -
, . NAT -
, .
, NAT . -
, ,
ICMP .
NAT .
, , NAT , ,
, .

18.2.1.3 NAT
, (inside) , -
. , -
; ,
NAT. , -
.
, (outside) , -
. .

. ,
/ -
.
, NAT :
: IP-, . ,
, IP- (NIC)
.
. .

IP- ( NIC ), -
IP .
: IP- .
, -
.
: IP-, .
.

18.2.1.4 NAT
NAT NAT -
. NAT : ,
. -
. -
, NAT- :
. .


.466534.012-324 85
. . .
TCP/UDP



PAT
, -
, , , .
show running NAT.

18.2.2 NAT
NAT, -
. , NAT -
:



TCP

NAT

18.2.3 NAT
18.2.3.1
, IP-
IP-. -
.
-
. -
, .

.
, -
.

18.2-1 NAT
. .
, .
1.1.1.1 B.
. .

, 1.1.1.1, -
NAT .
, 3.
,
(SA) 1.1.1.1. -
, , , , .
, -
1.1.1.1 .

B IP- (DA) 2.2.2.2,


1.1.1.1.
, -
NAT, IP-.
1.1.1.1
1.1.1.1.
1.1.1.1 . -
. .

86
.466534.012-324
. . .
.
1.
,
:

ip nat inside source static local-ip -
global-ip
interface type number
ip nat inside ,
interface type number
ip nat outside ,
. -
.
2.
, -
:

ip nat pool name start-ip end-ip netmask , -

ip access-list standard access-list-name
permit source [source-mask]
ip nat inside source list
access-list-name pool name ,

interface type number
ip nat inside ,
interface type number
ip nat outside ,
:
, . (-
, deny all .) ,
, .

"
" .

18.2.3.2
, -
. -
(, TCP UDP)
. -
. .

, TCP UDP -
.
NAT, -
.
. .

18.2-2 NAT
.
. .


.466534.012-324 87
. . .
B C , 2.2.2.2. -
, . ,
IP- .
1.1.1.1 B.
, 1.1.1.1,
NAT. , , -
1.1.1.1
1.1.1.1 . , -
. -
, . -
.
,
1.1.1.1 .
B 1.1.1.1, IP-
2.2.2.2.
IP-, -
NAT, , ,
, -
1.1.1.1 1.1.1.1.
1.1.1.1 . -
.
overloadeding ,
:

ip nat pool name start-ip end-ip netmask , -

ip access-list standard access-list-name
permit source [source-mask]

ip nat inside source list


access-list-name pool name overload ,

interface type number
ip nat inside ,
interface type number
ip nat outside ,


:
, . (-
, deny all .) ,
, .

.

18.2.3.3

. .
, -
, . , NAT -
.
. .

18.2-3 NAT
. .

88
.466534.012-324
. . .
, :
1.1.1.1 C, -
, DNS.
DNS- C 1.1.1.1. DNS -
.
1.1.1.1 3.3.3.3.
.
,
.
IP- , 1.1.1.1 C, -
3.3.3.3.
, ,
.
C .
1.
, -
:

ip nat outside source static global-ip -
local-ip
interface type number
ip nat inside

interface type number
ip nat outside ,
2.
,
:

ip nat pool name start-ip end-ip netmask

ip access-list standard access-list-name

permit source [source-mask]


ip nat outside source list -
access-list-name pool name ,

interface type number
ip nat inside ,
interface type number
ip nat outside ,
. .

:
, . (-
, deny all .) ,
, .
-
.
. .

18.2.3.4 TCP
NAT -. -
, . -
NAT , -
. , ,
. ,
.

( ). -
.
. .


.466534.012-324 89
. . .
18.2-4 NAT TCP
, :
B (9.6.7.3)
1.1.1.127.
,
(1.1.1.1) IP-.

.
1.1.1.1 .
NAT ,
, .
.
1.1.1.2
. ,


.
. TCP -
.

ip nat pool name start-ip end-ip netmask ,

ip access-list standard access-list-name
permit source [source-mask]

. .
ip nat inside destination list access-
list-name pool name , ,

interface type number
ip nat inside ,
interface type number
. .

ip nat outside ,
:
, . (-
, deny all .) ,
, .
TCP -
.

18.2.3.5
, , -
. , . -
, 1 . ,
:
. .

90
.466534.012-324
. . .

ip nat translation timeout seconds

, ,
. , -
.

ip nat translation udp-timeout seconds UPD ( 5 )
ip nat translation dns-timeout seconds DNS ( 1 )
ip nat translation tcp-timeout seconds - TCP ( 1 )
ip nat translation icmp-timeout seconds NAT ICMP ( 60 )
ip nat translation syn-timeout seconds NAT TCP SYN ( 60 -
)
ip nat translation finrst-timeout seconds TCP FIN RST ( 1 -
)
NAT.
:

ip nat translation max-entries numbers NAT (
4000)
ip nat translation max-links A.B.C.D num- IP-,
ber NAT
IP-
IP-, -
ip nat translation max-links all numbers NAT
IP-;
Max-

18.2.3.6 NAT
-
NAT . .

clear ip nat translation *


NAT
clear ip nat translation inside local-ip ,
global-p [outside local-ip global-p]

clear ip nat translation outside local-ip , -
global-ip
clear ip nat translation inside local-ip
. .

local-port global-ip global-port [outside


local-ip local-port global-ip global-
port]
, -
:

. .

show ip nat translations [verbose]


show ip nat statistics

18.2.4 NAT
NAT.

18.2.4.1

, 1
(192.168.1.0/24), Net-208. NAT
171.69.233.208 171.69.233.233.
ip nat pool net-208 171.69.233.208 171.69.233.233 255.255.255.240
ip nat inside source list a1 pool net-208
!
interface vlan10
ip address 171.69.232.182 255.255.255.240
. .


.466534.012-324 91
. . .
ip nat outside
!
interface vlan11
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
ip access-list standard a1
permit 192.168.1.0 255.255.255.0
!

18.2.4.2
net-208, 171.69.233.208 171.69.233.233.
1 192.168.1.0 192.168.1.255. -
, 1
. ( 192.168.1.0 192.168.1.255),
. ,
.
ip nat pool net-208 171.69.233.208 171.69.233.233 255.255.255.240
ip nat inside source list a1 pool net-208 overload
!
interface vlan10
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface vlan11
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
ip access-list standard a1
permit 192.168.1.0 255.255.255.0
!

18.2.4.3
, -
. , .
Net-10 IP-. ip nat outside source list 1 pool
net-10 .


ip nat pool net-208 171.69.233.208 171.69.233.223 255.2555.255.240
ip nat pool net-10 10.0.1.0 10.0.1.255 255.255.255.0
ip nat inside source list a1 pool net-208
ip nat outside source list a1 pool net-10
!
interface vlan10
ip address 171.69.232.192 255.255.255.240
ip nat outside
!

. .
interface vlan11
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
ip access-list standard a1
permit 192.168.1.0 255.255.255.0
!
. .

18.2.4.4 TCP
, , -
. .
. 1/0 ( -
) TCP .
ip nat pool real-hosts 192.168.15.2 192.168.15.15 255.255.255.240

ip nat inside destination list a2 pool real-hosts


!
interface vlan10
ip address 192.168.15.129 255.255.255.240
ip nat outside
!
interface vlan11
ip address 192.168.15.17 255.255.255.240
. .

92
.466534.012-324
. . .
ip nat inside
!
ip access-list standard a2
permit 192.168.15.1 255.255.255.0

18.3 DHCP
18.3.1
(DHCP (Dynamic Host Configuration Protocol)) -
, IP- ,
TCP/IP. DHCP RFC 2131. DHCP -
IP- . DHCP IP-:

DHCP- IP- . -

DHCP- IP-
.

DHCP- IP- DHCP
.

18.3.1.1 DHCP
DHCP. DHCP .
DHCP IP-, -
(, ) -
Ethernet.
, DHCP, DHCP -
, IP DHCP -
.

18.3.1.2 DHCP
, DHCP -
Ethernet. :


IP DHCP -

18.3.1.3 DHCP
DHCP /, , DHCP- DHCP-
DHCP .
. .

DHCP-
(, IP-, -
..) DHCP.
DHCP-
IP- DHCP- -
.
, -
. .

DHCP.
- , , -
IP-. IP- DHCP-
. ,
DHCP- .

18.3.2 DHCP-

18.3.2.1 DHCP-
IP-
DHCP-
DHCP
DHCP
. .


.466534.012-324 93
. . .
18.3.2.2 DHCP-
1. IP-
IP- DHCP. -
VLAN.

ip address dhcp IP- Ethernet DHCP
2. DHCP-
DHCP- , ,
. -
:

ip dhcp-server ip-address IP- DHCP
get an IP address.
3. DHCP
, DHCP . -
.

ip dhcp client minlease seconds
ip dhcp client retransmit count
ip dhcp client select seconds SELECT
, , get an IP ad-
dress.
4. DHCP
DHCP- ( ),
, . -
:

Show dhcp server DHCP-, -

DHCP-, , -


. :

Show dhcp lease IP- , -

, show interface : IP-
Ethernet DHCP IP-
Ethernet.

. .
18.3.2.3 DHCP-
NAT. IP-
IP Ethernet 1/1
DHCP.
interface vlan 11 ip address dhcp
. .

18.3.3 DHCP-
18.3.3.1 DHCP
DHCP-
DHCP-
ICMP

DHCP-

DHCP-
DHCP-
DHCP-

18.3.3.2 DHCP-
1. DHCP-
IP- DHCP- DHCP- -
. .

94
.466534.012-324
. . .
(DHCP- .
, , -
ip helper-address DHCP ):

ip dhcpd enable DHCP-
2. DHCP-
IP- DHCP-, DHCP-
, :

ip dhcpd disable DHCP-
3. ICMP
ICMP, -
.
ICMP , -
:

ip dhcpd ping packets pkgs ICMP

ICMP , -
:

ip dhcpd ping timeout timeout ICMP
4.
,
. :

ip dhcpd write-time time -

5. DHCP-
DHCP-, -

:

ip dhcpd pool name DHCP-
DHCP
6. DHCP-
DHCP, -
. , , -
. .

.

network ip-addr netsubnet

, ,
.
. .


range low-addr high-addr , -

DNS-, -


default-router ip-addr... , -

, -


dns-server ip-addr... DNS- .
. .


.466534.012-324 95
. . .

domain-name name ,
,


lease {days [hours][minutes] | infi- , -
nite}
NetBIOS,


netbios-name-server ip-addr... NetBIOS, -

, : IP-
, Mac- - " ".

hw-access deny hardware-address IP , Mac-
- " "
7. DHCP-
DHCP, -
:

show ip dhcpd binding DHCP-

DHCP-, -
:

show ip dhcpd statistic DHCP-
8. DHCP-
DHCP,
:



clear ip dhcpd binding {ip-addr|*}
DHCP-, -
:

clear ip dhcpd statistic DHCP-

. .
18.3.3.3 DHCP-
ICMP 200 , -
1 DHCP Server.
ip dhcpd ping timeout 2
ip dhcpd pool 1
network 192.168.20.0 255.255.255.0
range 192.168.20.211 192.168.20.215
. .

domain-name my315
default-router 192.168.20.1
dns-server 192.168.1.3 61.2.2.10
netbios-name-server 192.168.20.1
lease 1 12 0
!
ip dhcpd enable

18.4 IP
, IP. -
IP-, IP-.

18.4.1 IP-
IP: IP
. .

96
.466534.012-324
. . .


IP-
, .

18.4.1.1 IP-
IP IP-. -
ICMP. ICMP , , ,
IP . ICMP
RFC 792.
IP , :
1. ICMP
, , , -
; ICMP
. .
, :

ip unreachables ICMP
2. ICMP-
. , , , -
-
, -.

. -
, . -
. -
, .
. -
, .
, -
.
, , :


ip redirects ICMP
3. ICMP
. , ICMP -
. , ICMP -
. ICMP .
, ICMP.
. .


ip mask-reply ICMP
4. MTU
IP MTU RFC 1191. IP -
MTU MTU -
. , , MTU, -
. , IP- .
. .

IP- , -
. ICMP,
MTU . , -
, MTU .
, , -
MTU . -
MTU . MTU -
IP-, . , :

.
IP MTU.
IP- MTU -
.
5. IP (MTU)
(MTU), , IP
. , IP ,
. .


.466534.012-324 97
. . .
MTU.
MTU IP MTU . IP MTU
MTU, IP MTU MTU . IP MTU
MTU. IP MTU , MTU . -
MTU, .
IP MTU , -
:

ip mtu bytes IP MTU
6. IP-
IP . RFC 791 -
IP: , , -
. , ICMP -
. ,
ICMP ( ) .
IP IP . -
IP . IP
, ICMP ( -
) .
.
IP- , , -
IP- :

ip source-route IP
7. IP
IP IP-.

. -
. -
, . hitting time
, , .
, ,
. .
, .


. NX-5124G10 2047 -
1024 . -
.

ip route-cache ( IP-)
no ip route-cache
, ,
.

. .

ip route-cache hit-numbers -
hitnumber (hitnumber)
8. IP
IP ,
. .

VLAN, . , -
, .
IP , ,
:

ip route-cache same-interface IP-

18.4.1.2
IP , .
1. TCP
TCP, -
. -
TCP. 75 .
. .

98
.466534.012-324
. . .
TCP . -
TCP.
TCP,
:

ip tcp synwait-time seconds TCP
2. TCP
TCP 2000 . , -
:

ip tcp window-size bytes TCP

18.4.1.3 IP-
, :
1. ,
, .
, , , -
.
:

clear tcp statistics
2. TCP
TCP, :

clear tcp {local host-name port re- TCP. (TCB -
mote host-name port | tcb address} TCP)
3.
, .
.

.
" IP-".

show ip access-lists name
show ip cache [prefix mask] , IP- -
[type number]
show ip sockets
show ip traffic IP-
. .

show tcp TCP


show tcp brief TCP
show tcp statistics TCP
show tcp tcb TCP
4.
, debug -
. .

.
:
IP-.

debug arp ARP
debug ip icmp ICMP
debug ip raw

debug ip packet -
debug ip tcp TCP
debug ip udp UDP
. .


.466534.012-324 99
. . .
18.4.2
18.4.2.1 IP-
IP- .
-
. , -
. -
.



, IP .
IP
IP-. ROS
. : -
. , -
. , .
, .
:
, . -
.

18.4.2.2 IP-
IP-.
:
, .

:

ip access-list standard name name
IP
deny {source [source-mask] |
any}[log] or permit {source
[source-mask] | any}[log]


exit

:

ip access-list extended name name
IP
{deny | permit} protocol source
source-mask destination destina-

. .
tion-mask [precedence prece-
dence] [tos tos] [established]
[log]{deny | permit} protocol
any any
exit
, ( precedence -
ip-. TOS .)
. .

( )
. ,
. no permit no deny
.
:
, deny -
. , 255.255.255.255 - ,

IP- .
.
,
.

18.4.2.3 IP-
, , -
. .

100
.466534.012-324
. . .
.
.

ip access-group name {in | out} IP-
, . -
, .
, .
, .
, ICMP.

. -
. ,
. ,
ICMP .
, .

18.4.2.4
, ,
TCP , , 1023.
TCP SMTP 130.2.1.2.
ip access-list extended aaa
permit tcp any 130.2.0.0 255.255.0.0 gt 1023
permit tcp any 130.2.1.2 255.255.255.255 eq 25
interface vlan 10
ip access-group aaa in
- , .
, Ethernet TCP .
, TCP Ethernet
SMTP .
SMTP TCP- 25
. . -
25.
. , 25. -
, .
.

Ethernet 130.20.0.0. -
- 130.20.1.2. TCP,
. TCP ACR RST, -
, , .
ip access-list aaa
permit tcp any 130.20.0.0 255.255.0.0 established
permit tcp any 130.20.1.2 255.255.255.255 eq 25
interface vlan 10
. .

ip access-group aaa in

18.4.3 IP-
18.4.3.1 IP
IP- .
-
. .

. , -
. -
.



, IP .
IP

IP-. ROS
. : -
. , -
. , .
, .
, , :
(1) , .
. .


.466534.012-324 101
. . .
(2) .

18.4.3.2 IP-
IP-.
:
, .
, -
.

ip access-list standard name name
IP
deny {source [source-mask] | any} or
permit {source [source-mask] | any}

exit
, -
:

ip access-list extended name name
IP

{deny | permit} protocol source .
source-mask destination destina- , . (-
tion-mask [precedence prece- precedence ip-. TOS
dence] [tos tos] .) TCP/UDP, -
{deny | permit} protocol any any .

exit
( )
. , -
. no permit no deny -
.
:


, deny -
. , 255.255.255.255 - ,
IP- .
,
.

18.4.3.3
, . -

. .
:

ip access-group name
,
. , -
. , -
. .

. , -
ICMP.
, .

18.4.3.4
1. IP TCP/UDP
:

{deny|permit}{tcp|udp}
source source-mask[{[src_portrange begin-port end-port]|[{gt|lt} port]}]
destination destination-mask [{[dst_portrange begin-port end-port]|[{gt|lt} port]}]
[precedence precedence][tos tos]
, 14 TCP UDP. -
,
.
. .

102
.466534.012-324
. . .
,
, - -
. , -
.
, -
,
.
2. IP TCP/UDP
, TCP -
SMTP 130.2.1.2.
ip access-list extended aaa
permit tcp any 130.2.1.2 255.255.255.255 eq 25
interface f0/10
ip access-group aaa

. .
. .

. .


.466534.012-324 103
. . .
19
19.1 RIP
19.1.1
, (Routing Information
Protocol (RIP)). RIP , , -
" RIP" " -
. , ,
.
RIP ,
, , .
. RIP RFC 1058.
RIP ( - User Datagram Proto-
col (UDP)) . RIP,
30 . -
180 ,
, , . 120
, -
.
RIP . -
, -
. ; 16 . -
( 0 15) RIP .
, RIP , -
0.0.0.0. , 0.0.0.0 ; -
RIP, .
, RIP -
RIP .
RIP . ,
RIP .
RIP-2 :
MD5. (CIDR), (VLSM)
.

19.1.2 RIP
RIP, . RI; -


.
RIP
RIP


RIP
RIP

. .
IP-


RIP

19.1.3 RIP
19.1.3.1 RIP
. .

RIP, -
:

router rip RIP, -

network network-number <network-
mask> , RIP

19.1.3.2 RIP
RIP . RIP -
, -
. , -
:
. .

104
.466534.012-324
. . .

neighbor ip-address , -

, , -
, ip rip passive
. , ,
IP-
.

19.1.3.3

, RIP, -
. , -
. ,
:

offset { [interface-type number]|* }
{in|out} access-list-name offset

19.1.3.4
,
, . -
, .
-
IP (, -
), -
. ,
:

timers holddown value ( ) , -

timers expire value ( ) ,
timers update value ( )

19.1.3.5 RIP
RIP-2 , , -
, (CIDR) -
(VLSM). , RIP-1 RIP-2 ,
RIP-1. , RIP-
1, RIP-2. ,
:
. .


version {1 | 2} RIP
1 RIP 2
RIP . RIP
. , (RIP-1 RIP-2) -
, VLAN:
. .


ip rip send version 1 RIP
1
ip rip send version 2 RIP
2
ip rip send version compatibility RIP-2
, , -

VLAN:

ip rip receive version 1 RIP 1 -

ip rip receive version 2 RIP 2 -

ip rip receive version 1 2 RIP 1 2
. .


.466534.012-324 105
. . .
19.1.3.6 RIP
RIP 1 . RIP
2, RIP .
, -
RIP : MD5. .
:
, RIP,
, RIP-2 . -
(, , -
), .
RIP , -
VLAN:

ip rip authentication simple

ip rip password [string]
RIP MD5 , -
VLAN:

ip rip authentication message-digest MD5
ip rip message-digest-key [key-ID] md5
[key] MD5 ID

19.1.3.7
RIP-2 .
, RIP-2 . RIP-1
.
, ,
. ,
. -
-
.


no auto-summary

19.1.3.8 IP-
, IP-
RIP , .
, , , -
, -
. , . -

. .
, , IP-
.

no validate-update-source IP- -
RIP
. .

19.1.3.9
, RIP -
1024. ,
, , -
. RIP -
:

maximum-count number RIP


no maximum-count

19.1.3.10
, IP -
- -
.
. .

106
.466534.012-324
. . .
, .
, -
. ( Frame Relay).
, , , .
IP
(Split Horizon), IP
. IP- (
, ).
, -
VLAN:

ip rip split-horizon
no ip rip split-horizon
-; -
- , .
, , "
" .
:
, ,
, , .
: (
), -
,
.

19.1.3.11 RIP
, , RIP,
.. -
, . -
.

.

Show ip rip RIP

Show ip rip database RIP


Show ip rip protocol RIP
,
.

Debug ip rip database ,

. .

Debug ip rip protocol RIP

19.1.3.12 RIP
RIP:
:
:
. .

interface vlan 11
ip address 192.168.20.81 255.255.255.0 interface loopback 0
ip address 10.1.1.1 255.0.0.0
!
router rip
network 192.168.20.0 network 10.0.0.0
!
B:

interface vlan 11
ip address 192.168.20.82 255.255.255.0
interface loopback 0
ip address 20.1.1.1 255.0.0.0
!
router rip
network 192.168.20.0 network 20.0.0.0
!
. .


.466534.012-324 107
. . .
19.2 BEIGRP
19.2.1
BEIGRP - :
-


.
, BEIGRP - ,
BEIGRP:
BEIGRP , -
.
BEIGRP ( ), -
, BEIGRP .
DUAL ( ) ,
BEIGRP , -
, . . -
, . -
( ), BEIGRP
.
BEIGRP , -
EIGRP, IP. BEIGR :
Hello -

.
.
BEIGRP .
BEIGRP .

19.2.2 BEIGRP
BEIGRP, , BEIGRP (-
); .
BEIGRP


( )
BEIGRP




BEIGRP
BEIGRP

. .
19.2.3 BEIGRP
19.2.3.1 BEIGRP
, BEIGRP
.
.
. .

BEIGRP, :

router beigrp as-number BEIGRP
network network-number network-mask BEIGRP -

19.2.3.2 ( )

BEIGRP 50 -
. ,
bandwidth .
BEIGRP.
, BEIGRP
, VLAN :
. .

108
.466534.012-324
. . .

ip beigrp bandwidth-percent percent ,
BEIGRP

19.2.3.3 BEIGRP
BEIGRP ,
. BEIGRP ,
.
.
:

metric weights k1 k2 k3 k4 k5 BEIGRP

19.2.3.4
,
,
. , -
. . :

offset{type number | *} {in | out} ac-
cess-list-name offset

19.2.3.5
-
:
BEIGRP, ,
BEIGRP, .
Null0,
. IP,
5 ( )
IP.
, BEIGRP,

.
,
, :

no auto-summary

19.2.3.6
,
. .

BEIGRP .
,
; .
:
, ,
BEIGRP, .
. .

Null0,
. IP,
5 ( )
, -
, . ,
, .

ip beigrp summary-address ip

address address mask

19.2.3.7
BEIGRP :
. .


.466534.012-324 109
. . .
, -
"default-metric", (, -
, , MTU) .
BEIGRP,
"default-metric", -
BEIGRP.
(,
RIP OSPF), "default-metric"
.
.
, BEIGRP RIP , BEIGRP
, , RIP, -
:

default-metric bandwidth delay reli- -
ability loading mtu
redistribute protocol [route-map name] BEIGR

19.2.3.8 BEIGRP
BEIGRP , -
:


1.
BEIGRP :
.
, -
.
.
BEIGRP . -
BEIGRP , -
.
, , -
. BEIGRP -


, , ,
. BEIGRP, -
, .
hello -
:
( (

) )
LAN 5 15

. .
,
BEIGRP , IP, -
. ,
, BEIGRP -
, , -
. ,
, WAN. -
. .

, ,
. ,
.

ip beigrp hello-interval seconds
, :


ip beigrp hold-time seconds
2.
, ,
, .
.
.
. .

110
.466534.012-324
. . .

no ip beigrp split-horizon

19.2.3.9 BEIGRP
, :

clear ip beigrp neighbors [interface]
, BEIGRP:

show ip beigrp interfaces [interface]
BEIGRP
[as-number]
Show ip beigrp neighbors [as-number |
BEIGRP
interface]
show ip beigrp topology [as-number |
all-link | summary | active] BEIGRP

19.2.4 BEIGRP
, 10.0.0.0/8 vlan11 -
. , , -
. , BEIGRP .
interface vlan 11
ip beigrp summary-address 1 10.0.0.0 255.0.0.0
router beigrp 1
network 172.16.0.0 255.255.0.0
no auto-summary

19.3 OSPF
19.3.1
,
(OSPF). OSPF . ,

OSPF.
OSPF (Interior Gateway Protocol (IGP)),
IETF. OSPF (IGP), IP-,
IP- . OSPF -
IP Multicast.
OSPF OSPF V2 (. RFC 2328) -
:

. .

( -
(stub area) ,
)
, IP-, -
IP-. -
, , OSPF ,
RIP. , OSPF, RIP.
. .

, , OSPF , -
BGP, , OSPF, -
OSPF.
MD5 -

.
-
, ,

, ,

-
.

(not-so-
. RFC 1587
stub areas)
OSPFOSPF . RFC 1793
. .


.466534.012-324 111
. . .
19.3.2 OSPF
OSPF , -
(ABR) (ASBR).
,
. ,
.
OSPF, . OSPF, -
.
OSPF
OSPF
OSPF
OSPF
NSSA OSPF
OSPF


ID LOOPBACK
OSPF

OSPF
, , ,
IP-.

19.3.3 OSPF
19.3.3.1 OSPF
, OSPF OSPF,
IP-, -
. -
:

router ospf process-id OSPF, -

, OSPF -


network address mask area area-id

19.3.3.2 OSPF
OSPF, , -
OSPF. , , -
.
:

. .

ip ospf cost cost .
LSA ,
ip ospf retransmit-interval seconds
OSPF
LSA
ip ospf transmit-delay seconds
OSPF.
OSPF
. .

ip ospf priority number


.
, -
ip ospf hello-interval seconds
OSPF.
-
ip ospf dead-interval seconds , OSPF -
.
,
ip ospf authentication-key key OSPF ;

OSPF.
ip ospf message-digest-key keyid
MD5 , .
md5 key
ip ospf passive .

19.3.3.3 OSPF
3 :
. .

112
.466534.012-324
. . .
(Ethernet, Token Ring, FDDI)
(SMDS, Frame Relay, X.25)
- (HDLC, PPP)
-
.
X.25 Frame Relay ,
OSPF . Map X.25 Frame
Relay .

19.3.3.4 OSPF
,
. , -
, ,
(X.25, Frame Relay SMDS) .
.
OSPF.

, -
, .., . ,
. , - . -
.
OSPF - , -
. , -
, OSPF, - , :
.
, .
. ,
.
, OSPF -
.

ip ospf network {broadcast | non-broadcast | {point-
to-multipoint [non-broadcast] }} OSPF

19.3.3.5 OSPF
, (stub areas) -
. .
- , .
, (ABR)
. -
, .
. .

LSA, ABR, -
LSA ( 3), .
-
:

area area-id authentication simple OSPF
. .

areaarea-idauthenticationmessage-digest MD5
area area-id stub [no-summary]
-
area area-id default-cost cost

19.3.3.6 OSPF
ABR . -

OSPF, ABR .
, ABR -
, .
, -
:

area area-id range address mask
. .


.466534.012-324 113
. . .
19.3.3.7
OSPF -
, LSA.
, -
. OSPF .
, -
:

summary-address prefix mask [not , -
advertise]

19.3.3.8
ASBR
OSPF. , OSPF, -
(ASBR). , ASBR
OSP.
, ASBR -
:

default-information originate [al- ASBR -
ways] [route-map map-name] OSPF

19.3.3.9 ID LOOPBACK
OSPF IP , e -
. , OSPF ID
.
(loopback) IP-,
. -
, .
OSPF ,
IP . ,
OSPF IP- . -
OSPF.
IP- Loopback


:


interface loopback 0

ip address ip-address mask IP-

19.3.3.10 OSPF

. .
-
, , . , -
0 255;
. 255 , -
, .
OSPF :
( intra-area), (interarea), -
. .

(external).
, OSPF -
:

distance ospf [intra-area dist1] OSPF: intra-area, domain
[inter-area dist2] [external dist3] region external

19.3.3.11
, OSPF -
(SPF)
SPF. :

timers delay delaytime
timers hold holdtime
. .

114
.466534.012-324
. . .
19.3.3.12 OSPF
, IP-
, . -
, .
, .
, :


show ip ospf [process-id]
OSPF
show ip ospf [process-id] database
show ip ospf [process-id] database
[router] [link-state-id]
show ip ospf [process-id] database
[router] [self-originate]
show ip ospf [process-id] database
[router] [adv-router [ip-address]]
show ip ospf [process-id] database
[network] [link-state-id] OSPF.
show ip ospf [process-id] database
[summary] [link-state-id]
show ip ospf [process-id] database
[asbr-summary] [link-state-id]
show ip ospf [process-id] database
[external] [link-state-id]
show ip ospf [process-id] database
[database-summary]
OSPF
show ip ospf border-routers
ABR ASBR.
show ip ospf interface OSPF.
show ip ospf neighbor OSPF.
OSPF -
debug ip ospf adj
.
OSPF
debug ip ospf events
.

debug ip ospf flood
OSPF.

debug ip ospf lsa-generation OSPF LSA.


debug ip ospf packet OSPF .
OSPF -
debug ip ospf retransmission
.
debug ip ospf spf debug ip ospf spf SPF OSPF.
intra OSPF
debug ip ospf spf inter
debug ip ospf spf external
. .

debug ip ospf tree SPF OSPF.

19.3.4 OSPF
19.3.4.1 (VLSM)
VLSM OSPF, . VLSM, -
,
. .

IP .
, 30 -
. ,
-.
interface vlan 10
ip address 131.107.1.1 255.255.255.0
! 8 bits of host address space reserved for ethernets
interface vlan 11

ip address 131.107.254.1 255.255.255.252


! 2 bits of address space reserved for serial lines
! Router is configured for OSPF and assigned AS 107
router ospf 107
! Specifies network directly connected to the router
network 131.107.0.0 0.0.255.255 area 0.0.0.0
. .


.466534.012-324 115
. . .
19.3.4.2 OSPF
OSPF , -
(ABR) (ASBR). -
, OSPF -
.
:
OSPF.
, , ABR ASBR
OSPF AS.
OSPF -
.
1. OSPF
OSPF.
90, Ethernet 0 0.0.0.0. RIP OSPF, OSPF
RIP.
interface vlan 10
ip address 130.130.1.1 255.255.255.0
ip ospf cost 1
!
interface vlan 10
ip address 130.130.1.1 255.255.255.0
!
router ospf 90
network 130.130.0.0 255.255.0.0 area 0
redistribute rip
!
router rip
network 130.130.0.0
redistribute ospf 90
2. , ABR ASBR
4 ID 4 IP- . -,
109 , 4 : 10.9.50.0, 2, 3 0.
10.9.50.0, 2 3 0 .
router ospf 109
network 131.108.20.0 255.255.255.0 area 10.9.50.0


network 131.108.0.0 255.255.0.0 area 2
network 131.109.10.0 255.255.255.0 area 3
network 0.0.0.0 0.0.0.0 area 0
!
! Interface vlan10 is in area 10.9.50.0:
interface vlan 10
ip address 131.108.20.5 255.255.255.0
!
! Interface vlan11 is in area 2:

. .
interface vlan 11
ip address 131.108.1.5 255.255.255.0
!
! Interface vlan12 is in area 2:
interface vlan 12
ip address 131.108.2.5 255.255.255.0
!
. .

! Interface vlan13 is in area 3:


interface vlan 13
ip address 131.109.10.5 255.255.255.0
!
! Interface vlan14 is in area 0:
interface vlan 14
ip address 131.109.1.1 255.255.255.0
!

! Interface vlan 100 is in area 0:


interface vlan 100
ip address 10.1.0.1 255.255.0.0
, .
/ -
. . OSPF.
. ID 10.9.50.0
131.108.20.0. Ethernet 0. 0 10.9.50.0.
. .

116
.466534.012-324
. . .
, 0, -
, Ethernet 1. 1 2.
. : , ,
0.
3. , ABR ASBR
,
OSPF. :

.
RTA:
interface loopback 0
ip address 202.96.207.81 255.255.255.0
!
interface vlan 10
ip address 192.168.10.81 255.255.255.0

!
interface vlan 10
ip address 192.160.10.81 255.255.255.0
!
router ospf 192
network 192.168.10.0 255.255.255.0 area 1
network 192.160.10.0 255.255.255.0 area 0
!
RTB:
. .

interface loopback 0
ip address 202.96.209.82 255.255.255.252
!
interface vlan 10
ip address 192.168.10.82 255.255.255.0
!
interface vlan 11
. .

ip address 192.160.20.82 255.255.255.0


!
router ospf 192
network 192.168.20.0 255.255.255.0 area 1
network 192.168.10.0 255.255.255.0 area 1
!
RTC:
interface loopback 0

ip address 202.96.208.83 255.255.255.252


!
interface vlan 10
ip address 192.163.20.83 255.255.255.0
!
interface vlan 11
ip address 192.160.20.83 255.255.255.0
!
. .


.466534.012-324 117
. . .
router ospf 192
network 192.168.20.0 255.255.255.0 area 1
network 192.163.20.0 255.255.255.0 area 0
!

19.3.4.3 OSPF ABR


, ABR. 2
:
OSPF

. -
.

:
Ethernet 0 3.
OSPF . OSPF
. . 36.0.0.0
.
: , -
area. ,
.
, , :
IGMP RIP OSPF ( -


, , ).
IGMP OSPF RIP.
OSPF :
interface vlan 10
ip address 192.168.20.81 255.255.255.0
ip ospf password GHGHGHG
ip ospf cost 10
!
interface vlan 11

. .
ip address 192.168.30.81 255.255.255.0
ip ospf password ijklmnop
ip ospf cost 20
ip ospf retransmit-interval 10
ip ospf transmit-delay 2
ip ospf priority 4
!
. .

interface vlan 12
ip address 192.168.40.81 255.255.255.0
ip ospf password abcdefgh
ip ospf cost 10
!
interface vlan 13
ip address 192.168.0.81 255.255.255.0
ip ospf password ijklmnop

ip ospf cost 20
ip ospf dead-interval 80
!
router ospf 192
network 192.168.0.0 255.255.255.0 area 0
network 192.168.20.0 255.255.255.0 area 192.168.20.0
network 192.168.30.0 255.255.255.0 area 192.168.30.0
network 192.168.40.0 255.255.255.0 area 192.168.40.0
. .

118
.466534.012-324
. . .
area 0 authentication simple
area 192.168.20.0 stub
area 192.168.20.0 authentication simple
area 192.168.20.0 default-cost 20
area 192.168.20.0 authentication simple
area 192.168.20.0 range 36.0.0.0 255.0.0.0
area 192.168.30.0 range 192.42.110.0 255.255.255.0
area 0 range 130.0.0.0 255.0.0.0
area 0 range 141.0.0.0 255.0.0.0
redistribute rip
RIP is in network 192.168.30.0. router rip
network 192.168.30.0 redistribute ospf 192
!

19.4 BGP
, (Border Gateway Protocol
(BGP)). BGP BGP. BGP
(Exterior Gateway Protocol (EGP)), RFC1163,
1267 1771.
.

19.4.1
19.4.1.1 BGP
BGP, , , -
( ), .
BGP 4, RFC1771. -
BGP , AS -
. AS, -
, AS-. BGP 4 -
(CIDR), -
. CIDR
BGP IP . CIDR OSPF, IGRP -
, ISIS-IP RIP 2.

. BGP

:
, access-list, aspath-list prefix-list;
access-list, prefix-list
Nexthop.
, route-map -
, MED, Local Preference, Route Weight.
(OSPF,
RIP ..), redistribute -
. .

BGP. network, aggregate -


BGP . BGP, -
route-map, .
BGP , distance
BGP.

19.4.1.2 BGP
. .

BGP .
, BGP . BGP
:
, .
, , IGP, -
.
.

, -
.
, ,
. , -
, -
IGP.
, -
, .
. .


.466534.012-324 119
. . .
,
(IGP < EGP < INCOMPLETE).
, MED.

, bgp always-compare-med router.
(EBGP) IBGP, -
MED. (confederation paths)
EBGP IBGP.
,
ID-.

19.4.2 BGP
19.4.2.1 BGP
BGP . -
BGP , -
.
1. BGP
BGP, -
:

BGP -
router bgp autonomous-system

network network-number/masklen
[route-map route-map-name] BGP
:
, ,
IP . -
IGP RIP, ,
.
IGP BGP. -
, RAM , -
. , -
.


2. BGP
, , BGP .
, BGP .
BGP : . (Internal
neighbors) , (external neighbors)
.
, .
BGP , -

. .
:

neighbor {ip-address } remote-as num-
BGP
ber
BGP
BGP.
. .

3. BGP (Soft Reset)


, BGP , -
. , -
. , BGP , -
. BGP ,
. , -
BGP . , -
. (inbound updates) , -

(dynamic inbound soft reset). -


, (outbound soft reset).
. -
BGP.
BGP, BGP
,
. , -
. .

120
.466534.012-324
. . .
. , . -
,
BGP.
, BGP -
. -
.

BGP:

Neighbor { ip-address } soft-
BGP
reconfiguration [inbound]
4. BGP
2 BGP , BGP
, .
BGP , BGP -
, .
BGP :

clear ip bgp * BGP
clear ip bgp address BGP
5. BGP IGP
AS AS, ,
AS , AS
AS. , BGP
AS IGP, AS -
, .
, BGP , IGP AS
, BGP IGP. .
, BGP IGP . AS -
AS AS BGP, -
.
IGP, BGP . -
.


no synchronization BGP IGP
clear ip bgp, BGP .
BGP BGP
.
, BGP IGP. -
,
IGRP, BGP . -
. .

BGP IGP, , EBGP, .


, IGP BGP, -
AS; . , -
, , BGP IGP. -
IP . , -
, , IGP. -
NGP IP ,
; , BGP . -
. .

BGP, . IGP -
BGP; BGP -
IGP, BGP , .
6. BGP
BGP - , BGP ,
. .
0 65536. BGP

32768, , , 0. -
, .
7. BGP
BGP -
:
. .


.466534.012-324 121
. . .

neighbor {ip-address } weight weight
, route-map.
BGP ,
:
(1) Aspath ip aspath-list -
neighbor filter-list .

ip aspath-list aspaths-list-name {permit |
BGP
deny} as-regular-expression
router bgp autonomous-system
neighbor {ip-address } filter-list aspath-
BGP
list-name {in | out }
(2) ip access-list -
neighbor distribute-list .

ip access-list standard access-list-name
router bgp autonomous-system
neighbor {ip-address } distribute-list
BGP
access-list-name {in | out }
(3) ip prefix-list -
neighbor prefix-list router .

ip prefix-list prefixs-list-name Sequence

number {permit |deny} A.B.C.D/n ge x le y
router bgp autonomous-system
neighbor {ip-address } prefix-list
BGP
prefix-list-name {in | out}
(4) route-map
neighbor route-map .
,
, .


BGP " -
BGP " .
8. BGP
BGP , .
, .
-
(nexthop) .
. -

. .
. *, .
BGP , -
BGP:

filter interface { in | out }( access-list
access-list-name) (prefix-list prefix- BGP
. .

list-name) (gateway access-list-name)


BGP " -
BGP " .
9. BGP
BGP.
, Frame Relay X.25, BGP -
IP-. ,

:
BGP -
.
,
. (, )
BGP -
, -
:
. .

122
.466534.012-324
. . .

-
neighbor {ip-address } next-hop-self
BGP
peer
. , BGP
. , -
. , ,
.

19.4.2.2 BGP
1.
peer
. , BGP
. ,
. , , -
.
, -
(autonomous system path), (community), (network
numbers). aspath-list
, community-list

ip access-list .
, -
:
2.

neighbor {ip-address } route-map route- -
map-name {in | out}
. " BGP".
(CIDR) ( -
NET), .
BGP BGP
. BGP, -

BGP.
, -
:

-
aggregate network/len
BGP

aggregate network/len summary-only

. .

,
aggregate network/len route-map map-name

BGP " BGP".
3. Communities BGP
, BGP, -
. .

BGP:
Network number
AS_PATH
COMMUNITY
(communities) -
COMMUNITY, .
COMMUNITY , .
. AS ,

.
COMMUNITY 1
4294967200. :

EBGP (peer). (
no-export
EBGP AS )
no-advertise (peer)
. .


.466534.012-324 123
. . .
-
local-as . ( AS
.)
, , BGP ,
. ,
COMMUNITY .
COMMUNITIES . -
, COMMUNITY
BGP:

COMMUNITY,
neighbor {ip-address} send-community
.
COMMUNITY :

route-map map-name sequence-number {deny |

permit}
set community community-value
router bgp autonomous-system
neighbor {ip-address} route-map access-

list-name {in | out}
COMMUNITY :

ip community-list standard | expended
community-list-name {permit | deny}
communtiy-expression
route-map map-name sequence-number {deny |
permit}
match community-list-name
router bgp autonomous-system
neighbor {ip-address} route-map route-map-
name {in | out}

COMMUNITY " -


BGP COMMUNITY".
4. AS
IBGP
,
.
.
, EBGP
, , -

. .
IBGP. , , MED -
.
BGP , ,
.
:

. .

bgp confederation0 identifier


AS-
autonomous-system
, AS , :

bgp confederation peers
AS,
autonomous-system [autonomous-system ...]
AS- AS-

BGP.
5. (route reflectors)
AS- IBGP -
.
:
(). -
. . -
. .

124
.466534.012-324
. . .
, .
IBGP .
,
:
BGP .
.
. ,
.
-
:


neighbor ip-address route-reflector-client

AS IBGP .
, -
.
.
4- , -
.
.
, ,
ID :

bgp cluster-id cluster-id ID
-
BGP.
6.
, BGP:

neighbor {ip-address} shutdown BGP
BGP:

no neighbor {ip-address} shutdown BGP


7.
, -
.
:

BGP -
. .

neighbor {ip-address} ebgp-multihop ttl



8. BGP
- .
3 BGP: , -
. BGP,
BGP .
. .

, BGP:

distance bgp external-distance internal- BGP -
distance local-distance
BGP.
, , -
, .

9. BGP
BGP
:

( ) -
neighbor [ip-address | peer group-name]

timers keepalive holdtime

. .


.466534.012-324 125
. . .
no neighbor timers
BGP .
10. MED AS
MED , .
MED .
, MED AS .
MED .

19.4.3 BGP
:

MED
bgp always-compare-med


. .
1. BGP
, -, BGP, -
. :

clear ip bgp * BGP
clear ip bgp as-number BGP AS
BGP -
clear ip bgp address

-
clear ip bgp address soft {in|out}

clear ip bgp aggregates

clear ip bgp networks
network
clear ip bgp redistribute
2.
, -
BGP . ,


. .
:

show ip bgp BGP
,
show ip bgp prefix

show ip bgp community

. .
,
show ip bgp regexp regular-expression

show ip bgp network BGP
BGP
show ip bgp neighbors address
TCP
show ip bgp neighbors [address] [received- ,
routes | routes | advertised-routes] BGP
. .

show ip bgp paths BGP


show ip bgp summary BGP
3. BGP
BGP, , -
.
:

debug ip bgp * BGP.


debug ip bgp all BGP.
debug ip bgp fsm BGP.
debug ip bgp keepalive BGP Keepalive.
debug ip bgp open BGP Open.
debug ip bgp update BGP Update.
. .

126
.466534.012-324
. . .
19.4.4 BGP
BGP:
1. BGP
, -
: , 140.222.1.1 -
ASPATH , 200. -
250 . .
router bgp 100
!
neighbor 140.222.1.1 route-map fix-weight in
neighbor 140.222.1.1 remote-as 1
!
route-map fix-weight permit 10
match as-path aaa
set local-preference 250
set weight 200
!
ip aspath-list aaa permit ^690$
ip aspath-list aaa permit ^1800
, freddy -
127 MED AS 690. , -
1.1.1.1:
router bgp 100
neighbor 1.1.1.1 route-map freddy out
!
ip aspath-list abc permit 690_
ip aspath-list xyz permit .*
!
route-map freddy permit 10
match as-path abc
set metric 127
!
route-map freddy permit 20 match as-path xyz
It indicates how to use routing image to modify forwarded routes as follows:
router bgp 100
redistribute rip route-map rip2bgp

!
route-map rip2bgp
match ip address rip
set local-preference 25
set metric 127
set weight 30000
set next-hop 192.92.68.24
set origin igp
!
. .

ip access-list standard rip


permit 131.108.0.0 255.255.0.0
permit 160.89.0.0 255.255.0.0
permit 198.112.0.0 255.255.128.0
2. BGP
, BGP AS109, . -
: ( ), (
. .

). .
router bgp 109
network 131.108.0.0
network 192.31.7.0
neighbor 131.108.200.1 remote-as 167
neighbor 131.108.234.2 remote-as 109
neighbor 150.136.64.19 remote-as 99

3. BGP
BGP . -
test1, as-path, 100.
test2, as-path, 193.1.12.10. -
, test3 193.1.12.10.
router bgp 200
neighbor 193.1.12.10 remote-as 100
neighbor 193.1.12.10 filter-list test1 weight 100
. .


.466534.012-324 127
. . .
neighbor 193.1.12.10 filter-list test2 out
neighbor 193.1.12.10 filter-list test3 in
ip aspath-list test1 permit _109_
ip aspath-list test2 permit _200$
ip aspath-list test2 permit 100$
ip aspath-list test3 deny _690$
ip aspath-list test3 permit .*
4. BGP
BGP .
1/0 ACL:
router bgp 122
filter vlan10 in access-list acl
filter-network -
. filter-gateway , -
s1/0:
router bgp 100
filter vlan100 in access-list filter-network gateway filter-gateway
filter-prefix
. filter-prefix ,
:
router bgp 100
filter * in prefix-list filter-prefix gateway filter-gateway
5.
0.0.0.0/0 :
ip prefix-list abc deny 0.0.0.0/0
35.0.0.0/8
ip prefix-list abc permit 35.0.0.0/8
/8 /24 BGP.
router bgp
network 101.20.20.0 filter *
ip prefix max24
!
ip prefix-list max24 seq 5 permit 0.0.0.0/0 ge 8 le 24
!


-
8 24:
router bgp 12
filter * in prefix-list max24
!
ip prefix-list max24 seq 5 permit 0.0.0.0/0 ge 8 le 24
.
24 192/8:
ip prefix-list abc permit 192.0.0.0/8 le 24

. .
25 192/8:
ip prefix-list abc deny 192.0.0.0/8 ge 25
( 8
24) .
ip prefix-list abc permit 0.0.0.0/0 ge 8 le 24
( 25)
. .

.
ip prefix-list abc deny 0.0.0.0/0 ge 25
10/8 . , 10.0.0.0/8
32 , :
ip prefix-list abc deny 10.0.0.0/8 le 32
25 204.70.1/24:
ip prefix-list abc deny 204.70.1.0/24 ge 25

:
ip prefix-list abc permit any
6. BGP
, BGP -
.
, redistribute static
193*.*.*:
. .

128
.466534.012-324
. . .
ip route 193.0.0.0 255.0.0.0 null 0
!
router bgp 100
redistribute static

, BGP.
, AS atomic.
router bgp 100 aggregate
193.0.0.0/8
193.*.*.*,
:
router bgp 100
aggregate 193.0.0.0/8 summary-only
7. BGP
, . RTA, RTB, RTC RTE -
AS200, RTA , RTB RTC -
, RTE IBGP. RTD AS100 -
RTA EBGP. :

RTA:
interface vlan110
ip address 2.0.0.1 255.0.0.0
!
interface vlan111
ip address 3.0.0.1 255.0.0.0

!
interface vlan112
ip address 4.0.0.1 255.0.0.0
!
interface vlan113
ip address 5.0.0.1 255.0.0.0
!
router bgp 200
neighbor 2.0.0.1 remote-as 200 /*RTC IBGP*/
. .

neighbor 2.0.0.1 route-reflector-client


neighbor 3.0.0.1 remote-as 200 /*RTB IBGP*/
neighbor 3.0.0.1 route-reflector-client
neighbor 5.0.0.1 remote-as 200 /*RTE IBGP*/
neighbor 4.0.0.2 remote-as 100 /*RTD EBGP*/
network 11.0.0.0/8
!
. .

ip route 11.0.0.0 255.0.0.0 2.0.0.12


RTB:
interface vlan110
ip address 3.0.0.2 255.0.0.0
!
router bgp 200
neighbor 3.0.0.1 remote-as 200 /*RTA IBGP*/
network 13.0.0.0/8

!
ip route 13.0.0.0 255.0.0.0 3.0.0.12
RTC:
interface vlan110
ip address 2.0.0.2 255.0.0.0
!
router bgp 200
. .


.466534.012-324 129
. . .
neighbor 2.0.0.1 remote-as 200 /*RTA IBGP*/
network 12.0.0.0/8
!
ip route 12.0.0.0 255.0.0.0 2.0.0.12
RTD:
interface vlan110
ip address 4.0.0.2 255.0.0.0
!
router bgp 100
neighbor 4.0.0.1 remote-as 200 /*RTA EBGP*/
network 14.0.0.0/8
!
ip route 14.0.0.0 255.0.0.0 4.0.0.12
RTE:
interface vlan110
ip address 5.0.0.2 255.0.0.0
!
router bgp 200
neighbor 5.0.0.1 remote-as 200 /*RTA IBGP*/
network 15.0.0.0/8
!
ip route 15.0.0.0 255.0.0.0 5.0.0.12 8.
8. BGP-
AS-, IBGP RTA, RTB RTC, -
AS 65010. RTE AS 65020. RTE RTA EBGP
AS-. AS- AS65010 AS65020,
AS200. RTD AS100, RTD EBGP AS 200 RTA.


RTA:
interface vlan110
ip address 1.0.0.1 255.0.0.0
!
interface vlan111

. .
ip address 2.0.0.1 255.0.0.0
!
interface vlan112
ip address 4.0.0.1 255.0.0.0
!
interface vlan113
ip address 5.0.0.1 255.0.0.0
!
. .

router bgp 65010


bgp confederation identifier 200
bgp confederation peers 65020
neighbor 1.0.0.2 remote-as 65010 /*RTB IBGP*/
neighbor 2.0.0.2 remote-as 65010 /*RTC IBGP*/
neighbor 5.0.0.2 remote-as 65020 /*RTE EBGP*/
neighbor 4.0.0.2 remote-as 100 /*RTD EBGP*/

RTB:
interface vlan110
ip address 1.0.0.2 255.0.0.0
!
interface vlan111
ip address 3.0.0.1 255.0.0.0
!
router bgp 65010
. .

130
.466534.012-324
. . .
bgp confederation identifier 200
bgp confederation peers 65020
neighbor 1.0.0.1 remote-as 65010 /*RTA IBGP*/
neighbor 3.0.0.2 remote-as 65010 /*RTC IBGP*/
RTC:
interface vlan110
ip address 2.0.0.2 255.0.0.0
!
interface vlan111
ip address 3.0.0.2 255.0.0.0
!
router bgp 65010
bgp confederation identifier 200
bgp confederation peers 65020
neighbor 2.0.0.1 remote-as 65010 /*RTA IBGP*/
neighbor 3.0.0.1 remote-as 65010 /*RTB IBGP*/
RTD:
interface vlan110
ip address 4.0.0.2 255.0.0.0
!
router bgp 100
neighbor 4.0.0.1 remote-as 200 /*RTA EBGP*/
RTE:
interface vlan110
ip address 5.0.0.2 255.0.0.0
!
router bgp 65020
bgp confederation identifier 200
bgp confederation peers 65010
neighbor 5.0.0.1 remote-as 65010 /*RTA EBGP*/
9. BGP

BGP.
, route map set-community -
171.69.232.50. AAA

no-export; , , . -
BGP AS200 ,
.
router bgp 100
neighbor 171.69.232.50 remote-as 200
neighbor 171.69.232.50 send-community
neighbor 171.69.232.50 route-map set-community out
!
. .

route-map set-community 10 permit


match ip address aaa
set community no-export
!
route-map set-community 20 permit
, map set-community
171.69.232.90. AS70 200 200 ,
.
. .

route-map bgp 200


neighbor 171.69.232.90 remote-as 100
neighbor 171.69.232.90 send-community
neighbor 171.69.232.90 route-map set-community out
!
route-map set-community 10 permit
match as-path test1 set community-additive 200 200
!

route-map set-community 20 permit


match as-path test2
!
ip aspath-list test1 permit 70$
ip aspath-list test2 permit .*
, MED 171.69.232.55 -
. MED ,
. .


.466534.012-324 131
. . .
com1, 8000, 100 200 300
900 901. .
com2 -
500.
50. ,
171.69.232.55 50.
router bgp 200
neighbor 171.69.232.55 remote-as 100
neighbor 171.69.232.55 route-map filter-on-community in
!
route-map filter-on-community 10 permit
match community com1 set metric 8000
!
route-map filter-on-community 20 permit
match community com2 set local-preference 500
!
route-map filter-on-community 30 permit
set local-preference 50
!
ip community-list com1 permit 100 200 300
ip community-list com1 permit 900 901
!
ip community-list com2 permit 88
ip community-list com2 permit 90


. .
. .

. .

132
.466534.012-324
. . .
20 VRRP
20.1
,
(Virtual Route Redundancy Protocol (VRRP))
. VRRP
.
VRRP.
IP MAC . VRRP ,
, . -
, . -
.
. , .

20.2 VRRP
/ VRRP
VRRP
VRRP
VRRP
VRRP
VVRP

20.3 VRRP
20.3.1 / VRRP
.

vrrp vrid associate virtual-address VRRP
no vrrp vrid VRRP

VRRP.
, IP ,
Init.
,

. IP-, -
255. VRRP
.

20.3.2 VRRP
.

. .

vrrp vrid authentication {no-


authen|simple-text string} (word) VRRP

no vrrp vrid authentication VRRP



-
. -
, .
. .

.
VRRP no-authen ( -
).

20.3.3 VRRP
.

vrrp vrid preempt {on | off | delay} VRRP


no vrrp vrid preempt
-
. -
,
, -
. .
. .


.466534.012-324 133
. . .
.

20.3.4 VRRP
.

vrrp vrid priority value (1~254) VRRP
no vrid priority VRRP
, VRRP
255. , -
.
, 100.

20.3.5 VRRP
.

vrrp vrid timer advertisement value VRRP
no vrrp vrid timer advertisement dvertisement
VRRP
(advertisement) -
. , -
skew_time. -
, , , -
.
1 .

20.3.6 VRRP
.

show vrrp vrid [interface vlan_intf] VRRP
[no] vrrp {packet | event} / VRRP
:


switch#show vrrp 1
VLAN1 (192.168.20.118, 255.255.255.0 00e0.0f42.0000)
group id: 1
state: Master
virtual mac address: 0000.5e00.0101
priority: 100
preempt: on
authentication: no-authen
advertisement interval: 1

. .
associate IP address: 192.168.20.110
advertisement timer expiry: 1

20.3.7 VRRP . .

20.3-1
1.
IP
. .

134
.466534.012-324
. . .
Switch_config_v1# ip address 192.168.20.18 255.255.255.0
IP-
Switch_config_v2 # IP- 211.162.1.120 255.255.255.0
1 ,
IP 192.168.20.1 120
Switch_config_v1#vrrp 1 associate 192.168.20.1
Switch_config_v1#vrrp 1 priority 120

Switch_config#show vrrp
VLAN1 (192.168.20.18,255.255.255.0 00e0.0f42.0000)
group id: 1
state: Master
virtual mac address: 0000.5e00.0101
priority: 120
preempt: on
authentication: no-authen
advertisement interval: 1
associate IP address: 192.168.20.1
advertisement timer expiry: 1
2. B
IP
Switch_config_v1# ip address 192.168.20.16 255.255.255.0
IP
Switch_config_v2#ip address 211.162.1.125 255.255.255.0
1 ,
IP 192.168.20.1
Switch_config_v1#vrrp 1 associate 192.168.20.1
Switch_config_v1#vrrp 1 associate 192.168.20.1

Switch_config#show vrrp
VLAN1 (192.168.20.16,255.255.255.0 00e0.0f42.0000)
group id: 1
state: Backup
virtual mac address: 0000.5e00.0101

priority: 100
preempt: on
authentication: no-authen
advertisement interval: 1
associate IP address: 192.168.20.1
advertisement timer expiry: 1
3.
: 192.168.20.1 .
. .
. .

. .


.466534.012-324 135
. . .
21 IP MULTICAST
21.1
, . -
.
IP ()
() IP- IP-, IP-
. ,
D (224.0.0.0 ~ 239.255.255.255). Multicast -
, UDP; UDP -
, TCP.
IP- ,
, , , ,
. ,
.
. -
.
. , .
, .
-
, (, PIM-DM, PIM-SM ),
IGMP.
, IGMP .
-
, 1 N-.

21.1.1
-
:
, IGMP -
.
OLNK ,
. -
.
PIM-DM/PIM-SM/DVMRP -


, -
.
, IP-
.

. .
. .

21.1.2

21.1.2.1
IP ()
TTL ()
IP Multicast ()
IP ()
1) IP multicast ()
. .

136
.466534.012-324
. . .
2) IP Multicast Helper ()
3) ()
()

21.1.2.2 IGMP
IGMP
IGMP
IGMP Querier
IGMP

IGMP
IGMP Immediate-Leave

21.1.2.3 PIM-DM

PIM-DM


DR
(S, G)

21.1.2.4 PIM-SM
RP
BSR
RP
PIM-SM
, PIM-SM

21.1.2.5 DVMRP



DVMRP
DVMRP
, DVMRP

21.2
21.2.1 IP
. .


.
:

ip multicast-routing IP
. .

21.2.2

IGMP. OLNK, PIM-DM, PIM-SM DVMRP.
.
, -
.
-
(MBR), ,

,
. , ,
PIM-DM ( (S, G)) BIDIR PIM-SM ( (*, G)) .

21.2.2.1 OLNK
OLNK . -
:
. .


.466534.012-324 137
. . .

ip olnk

21.2.2.2 PIM-DM
PIM-DM ;
:

ip pim-dm , PIM-DM
PIM-DM

21.2.2.3 PIM-SM
PIM-SM ;
:

, PIM-SM -
ip pim-sm PIM-SM

21.2.3 TTL
ip multicast ttl-threshold TTL , -
, no ip multicast ttl-threshold -
. 1.

ip multicast ttl-threshold ttl-value TTL

, TTL -
:
interface ethernet 1/0
ip multicast ttl-threshold 200

21.2.4


ip multicast mroute-cache -
, no ip multicast mroute-cache,
.

ip multicast mroute-cache -


,

. .
:
interface ethernet 1/0
no ip mroute-cache

21.2.5

. .

. RPF -
. - , -
( ). RPF -
.
, , , .
. GRE -
, ,
. (UR) -

, (MR) -
, .
MR1 MR2. MR2 , -
. ,
. ,
.
. .

138
.466534.012-324
. . .
RPF,
. ,
. .
.
, , -
.

ip mroute source-address mask rpf-address
type number [distance]

21.2.6 IP Multicast
ip multicast boundary
no ip multicast boundary, .
.

ip multicast boundary access-list IP multicast

, -
.
interface ethernet 0/0
ip multicast boundary acl
ip access-list standard acl
permit 192.168.20.97 255.255.255.0

21.2.7 IP Multicast
ip multicast rate-limit -
/. no ip multi-
cast rate-limit .
N Kbps.

ip multicast rate-limit in group-list ac- -
. .

cess-list1 source-list access-list2 nkbps


, N Kbps.

ip multicast rate-limit out group-list ac- -
cess-lis1 source-list access-list2 kbps
. .

21.2.8 IP Multicast Helper


ip multicast helper-map,
. no ip multi-
cast helper-map .
, ,
.

interface type number .


ip multicast helper-map broadcast ip multicast helper
group-address access-list .
ip directed-broadcast .
ip forward-protocol [port] , .
, , -
.
. .


.466534.012-324 139
. . .

interface type number .
ip directed-broadcast .
ip multicast helper-map group-address ip multicast helper -
broadcast-address access-list .
, -
ip forward-protocol [port]
.

, -
.
. IP- -
0 .
ip multicast helper-map broadcast 230.0.0.1 testacl1
230.0.0.1, -
UDP 4000, 192.168.20.97/24.
IP- 1
. ip multicast helper-map 230.0.0.1
172.10.255.255 testacl2
172.10.255.255, 4000,
192.168.20.97/24.
, ,
( VLAN)
interface ethernet 0
ip directed-broadcast
ip multicast helper-map broadcast 230.0.0.1 testacl
ip pim-dm
!
ip access-list extended testacl permit udp 192.168.20.97 255.255.255.0 any
ip forward-protocol udp 4000
, , -
.
interface ethernet 1
ip directed-broadcast
ip multicast helper-map 230.0.0.1 172.10.255.255 testacl2
ip pim-dm


!
ip access-list extended testacl2 permit udp 192.168.20.97 255.255.255.0 any
ip forward-protocol udp 4000

21.2.9
ip igmp helper-address ip pim-dm neighbor-filter -
(stub multicast route).
,
(stub router):

. .

interface type number
ipigmphelper-address destination- ip igmp helper-address
address
,
. .


interface type number
ip pim neighbor-filter access- PIM , -
list

, :
ip multicast-routing

ip pim-dm
ip igmp helper-address 10.0.0.2
Central Router B Configuration
ip multicast-routing
ip pim-dm
ip pim-dm neighbor-filter stubfilter
ip access-list stubfilter
deny 10.0.0.1
. .

140
.466534.012-324
. . .
21.2.10
1.
, -
. , :

clear ip igmp group [type number] [group-address |
IGMP
<cr>]
-
clear ip mroute [* | group-address | source-address]
.
2.
,
IP .

.

show ip igmp groups [type number | group-
address] [detail] IGMP
show ip igmp interface [type number] IGMP
show ip mroute mfc
show ip rpf [ucast | mstatic | pim-dm |
pim-sm | dvmrp] source-address RPF

21.3 IGMP
21.3.1
1. IGMP
IGMP, Internet Group Management Protocol ( -
), ,
. IGMP
. , , -
,
, , -
. , -

IGMP ,
,
, .

IGMP ;
, . -
, IP-
IGMP . , -
IGMP 3.
. .

, / IGMP, -
. IGMP- -
.
2. OLNK
, OLNK (IGMP only-link) . -
OLNK . OLNK
. .

, PIM-DM. OLNK -
IGMP RPF ,
,
.

21.3.2 IGMP
IGMP-

IGMP. IGMP- .
IGMP .

21.3.2.1 IGMP
IGMP, . 1 -
. 2 -
-
. .


.466534.012-324 141
. . .
, leave,
. 3 -
. , IGMP 3
IGMP 1 2. -
IGMP .
IGMP , , IGMP-
( ,
) IGMP
.
, IGMP-
, .

IGMP-, .

ip igmp version version_number IGMP

21.3.2.2 IGMP
IGMP, -
IGMP (general query) 224.0.0.1 IGMP-
, - (report) IGMP-. , -
IGMP-. -
IGMP (IGMP Query Interval). ,
IGMP-
. IGMP .
-
IGMP .

ip igmp query-interval time IGMP ( ) -

21.3.2.3 IGMP Querier


2 3 IGMP , -
IGMP -
Querier. Querier - , .. (


IGMP , ),
query (). -
, IGMP. -
IGMP- 1, -
, IGMP 1.
2 3 : Que-
rier IP-. (non-
querier) Querier. -
( ), -

. .
IGMP , Non-Querier , -
IGMP IP .
Querier
2 IGMP.

ip igmp querier-timeout time Querier
. .

Querier 1 IGMP -
; 3 .
, IGMP .

21.3.2.4 IGMP
2 3 IGMP ,
IGMP IGMP
IGMP. , IGMP -

IGMP . ,
IGMP .
, IGMP .
:
IGMP , IGMP. -
, ,
, 1 .
. .

142
.466534.012-324
. . .
2 3 IGMP IGMP
.

ip igmp query-max-response-time time IGMP
1 IGMP , -
. ,
1.

21.3.2.5
IGMP 2 3,
IGMP
-
. , IGMP -
. IGMP -
, ,
.
.
,
IGMP . , IGMP .
IGMP 2 3, IGMP
.

ip igmp last-member-query-interval time

IGMP
1. IGMP 1, -
.

21.3.2.6 IGMP
, -
IGMP. -
, IGMP .
IGMP. , IGMP

1 1,
, 2
2. , . , -
.
, -
, ,
, . ,
IGMP 3, -
, ..
. .

.
-
.

ip igmp static-group { * | group-address} -
{include source-address | <cr> }
. .

21.3.2.7 IGMP Immediate-Leave


IGMP 2 IGMP -
, IGMP Immediate-Leave
(Immediate Leave) -
IGMP. IGMP 2, leave
, . -
Group Specific , -

, . Immediate
Leave , IGMP -
. ,
.
:
-
, ,
. ,
. .


.466534.012-324 143
. . .
.
, .
2 IGMP ,
Immediate-Leave:

IGMP,
ip igmp immediate-leave group-list
"Immediate-leave multicast
list-name
group"
IP list-
ip access-list standard list-name
name (_).
IP- IGMP "Immediate-Leave"
permit source-address
IP.
leave IGMP 1 3
2, 1 3.

21.3.3 IGMP ( VLAN)


1. IGMP
IGMP -
IGMP . , , , -
, .
, ,
. IGMP -
.
, , 1 2 -
, , IGMP-, -
, 1. -
, IGMP
(Ethernet 1/0) 1.
interface ethernet 1/0
ip igmp version 1
2. IGMP
,
IGMP (Ethernet 1/0) 50 .
interface ethernet 1/0


ip igmp query-interval 50
IGMP Querier
2 3 IGMP , -
IGMP ,
(Querier). Querier - , .. ( -
IGMP , ),
query (). -
, IGMP. -

. .
IGMP- 1,
, IGMP 1.
2 3 : Que-
rier IP-. (non-querier)
Querier. (
), IGMP
, Non-Querier ,
. .

IGMP IP .
Querier
2 IGMP.

ip igmp querier-timeout time Querier
Querier 1 IGMP -
; 3 .

, IGMP -
2.
3. IGMP Querier
, Querier
IGMP (Ethernet 1/0) 100 .
interface ethernet 1/0
ip igmp querier-timeout 100
. .

144
.466534.012-324
. . .
4. IGMP
,
IGMP (Ethernet 1/0 ) 15 .
interface ethernet 1/0
ip igmp query-max-response-time 15
5.
,
IGMP (Ethernet 1/0) 2000 .
interface ethernet 1/0
ip igmp last-member-query-interval 2000
6. IGMP
-
. -
.
interface ethernet 1/0
ip igmp static-group *
, , Ethernet 1/0
. , -
IP -
.
interface ethernet 1/0
ip igmp static-group 224.1.1.7
, ,
224.1.1.7 Ethernet 1/0. ,
224.1.1.7 IP
224.1.1.7 .
interface ethernet 1/0
ip igmp static-group 224.1.1.7 include 192.168.20.168
, ,
224.1.1.7 Ethernet 0/0 - 192.168.20.168. -
, 224.1.1.7, -
192.168.20.168. -
IP , 192.168.20.168 224.1.1.7

.
7. , IP , 192.168.20.169
224.1.1.7 , .
ip igmp static-group 224.1.1.7 include 192.168.20.169
- ,
, .
:
, -
. .

, , -
, . -
. , ip igmp static-group
224.1.1.7, ip igmp static-group 224.1.1.7 include 192.168.20.168, -
.
7. IGMP Immediate-Leave
. .

, -
Immediate-Leave (Ethernet 1/0) IGMP- (192.168.20.168 )
. IGMP IP 192.168.20.168 Immedi-
ate-Leave.
interface ethernet 1/0
ip igmp immediate-leave imme-leave
exit

ip access-list standard imme-leave


permit 192.168.20.168

21.4 PIM-DM
21.4.1 PIM-DM
. .


.466534.012-324 145
. . .
Protocol Independent Multicast Dense Mode -
. , -
. , PIM-DM -
(flood and prune). -
, PIM -
PRF. , PIM-DM -
. , -
(S, G). (S, G) , ,
, , , ..
, PIM-DM prune
, . -
. , -
(forwarding), -
. ,
.
, , PIM-DM prune -
, .
S G, -
(S, G) .
PIM-DM, ,
.
DR, PIM-DM : (as-
sertion), ,
; Join/Prune join/prune ; -
pruning deny .
PIM-DM , PIM-DM -
PIM . PIM-DM
DR .
IGMP v1, PIM-DM DR. -
DR, PIM DR .
, IP DR. -
Hello, IP
DR.
PIM-DM v2 , CIDR,
VLSM IGMP v1, v2, v3.

21.4.2 PIM-DM


21.4.2.1
, -
, . -
.
:

( )

. .
ip pim-dm hello-interval
?
- -
-
ip pim-dm state-refresh origination- , ; -
interval upstream. -
, ,
-
. .

21.4.2.2
PIM
. - -
, ;
upstream. -

, , -
.

no ip pim-dm state-refresh disable -

ippim-dm state-refresh origination- -
interval
. .

146
.466534.012-324
. . .
21.4.2.3
PIM-DM , -
;
.
, -
PIM-DM. -
.

ip pim-dm neighor-filter
ip multicast boundary

21.4.2.4 DR
DR , IGMP v1. DR 1. -
DR, PIM DR .
, IP -
DR. Hello,
IP DR..
:

ip pim-dm dr-priority DR

21.4.2.5 (S, G)
(S, G) MRT -
(S, G) . -
.

(S, G) MRT;
-
clear ip mroute pim-dm {* | group , -
[source]} . -
(S, G) , -

PIM-DM -

, -
(S, G) PIM-DM . -
clear ip pim-dm interface (S, G) ,
PIM-DM -

. .

21.4.3 PIM-DM

21.5 PIM-SM
21.5.1 PIM-SM
Protocol Independent Multicast Spare Mode (PIM-SM) -
. .

. PIM-SM
PIM-SM, -
(DR) . , DR
Join/Prune
.

. .


.466534.012-324 147
. . .
PIM-SM -
. 2 :
RP G
. PIM-SM Join/Prune -
. :
DR join , (*, G) -
RP G ;
, register
RP DR. RP
. RP join (S, G)
register-stop DR , -
DR . ,
, RP , -
RP. , DR -


prune RP G, .
PIM-SM RP.
BSRS PIM-SM . BSR -
. RP PIM-SM , -
, RP- , -
BSR. BSR "BootStrap" RP
, . "BootStrap" . -
"BootStrap" .
, DR -

. .
RP, ,
. DR join/prune
RP . -
, DR - RP,
. DR
register RP.
. .

21.5.2 PIM-SM
21.5.2.1 PIM-SM
PIM-SM ,
:

ip pim-sm , PIM-SM

PIM-SM

21.5.2.2 RP
RP PIM-SM . ,
RP PIM-SM ;
, PIM-DM.
. .

148
.466534.012-324
. . .
PIM-SM BSR, -
. override, RP RP
RP, BSR. override ,
PR, BSR.
:

ip pim-sm rp-address rp-add [override|acl-name] RP, -
no ip pim-sm rp-address rp-add

21.5.2.3 BSR
RP BSR PIM-SM , -
PR RP -
.
:

ip pim-sm bsr-candidate type number [hash-
mask-length] [priority] BSR. -
no ip pim-sm bsr-candidate type number learn compete BSR.

21.5.2.4 RP
RP BSR , -
PIM-SM -
RP.
:

ip pim-sm rp-candidate [type RP.
number] [interval|group-l/st acl-name] BSR -
no ip pim-sm rp-candidate [type PIM-SM
number] PIM-SM BSR.

21.5.2.5 PIM-SM
,

PIM-SM.

show ip mroute pim-sm [group-address]
[source-address] [type number] [summary]
[count] [active kbps] PIM-SM

21.5.2.6 , PIM-
SM
. .

, -
PIM-SM.

clear ip mroute pim-sm [ * | group-address PIM-
] [source-address] SM
. .

21.5.3
21.5.3.1 PIM-SM ( VLAN )

PIM-SM .

!
ip multicast-routing

!
interface LoopbackO
ip address 192.166.100.142 255.255.255.0
ip pim-sm
!
interface Ethernet1/1
ip address 192.166.1.142 255.255.255.0
ip pim-sm
ip pim-sm dr-priority 100
. .


.466534.012-324 149
. . .
!
interface Serial2/0
ip address 192.168.21.142 255.255.255.0
physical-layer speed 128000
ip pim-sm
!
router rip
network 192.168.21.0
network 192.166.1.0
network 192.166.100.0
version 2
!
ip pim-sm bsr-candidate Loopback0 30 201
ip pim-sm rp-candidate Loopback0
!
B
!
ip multicast-routing
!
interface Ethernet0/1
ip address 192.168.200.144 255.255.255.0
ip pim-sm
ip pim-sm dr-priority 200
!
interface Serial0/0
ip address 192.168.21.144 255.255.255.0
ip pim-sm
!

21.5.3.2 BSR ( VLAN )


BSR .
:
!
ip multicast-routing
!
interface Loopback0
ip address 192.166.100.142 255.255.255.0
ip pim-sm
!
interface Ethernet1/1
ip address 192.166.1.142 255.255.255.0


ip pim-sm
!
interface Serial2/0
ip address 192.168.21.142 255.255.255.0
physical-layer speed 128000 ip pim-sm
!
router rip
network 192.168.21.0
network 192.166.100.0
!

. .
ip pim-sm bsr-candidate Loopback0 30 201
!
B:
!
ip multicast-routing
!
interface Loopback0
. .

ip address 192.168.100.144 255.255.255.0


ip pim-sm
!
interface Ethernet0/1
ip address 192.168.200.144 255.255.255.0
ip pim-sm
!
interface Serial0/0
ip address 192.168.21.144 255.255.255.0
ip pim-sm

!
ip pim-sm bsr-candidate Loopback0 30
!
. .

150
.466534.012-324
. . .
22 QOS
,
, .

22.1
22.1.1 QoS
; -
,
. , -
. .
QoS
, .
.
802.1Q. .
. -
, 0 7 , , .
DSCP IP IP-; DSCP -
6 TOS IP.
, -
.
,
. port-to-port (P2P) QoS. ,
,
(, - , ..).
QoS , -
.

22.1.2 P2P QoS


-
. QoS
: (best-effort service) -
(differentiated service).
(Best-effort service)

. -
, .
best-effort, , , -
. QoS best-effort service
, (first come, first served).
(Differentiated service)
,
, QoS.
. .

, IP IP-. -
QoS (intelli-
gent queue). QoS , -
(weighted round robin - WRR) , (first come, first
served (FCFS)) .

22.1.3 QoS
. .

QoS Queue of QoS queue QoS.


, , (Strict Priority (SP)), weighted round robin (WRR)
, (first come, first served FCFS).
1. Strict Priority
-
, . -
. .

, -
.
2. Weighted round robin
WRR -
. . -
.
. .


.466534.012-324 151
. . .
, WWW -
.
3. First come first served
FCFS -
. , ,
.

22.2 QoS
, .
. ,
. . -
QoS -
. , .
, QoS .
QoS:
CoS
CoS
CoS
CoS
QoS
QoS
QoS
QoS
QoS
QoS

22.3 QoS
22.3.1 oS
QoS CoS, -
IEEE802.1p, . . -

QoS.


CoS , -
CoS .
(layer 2), ; -
.
CoS
:

. .
configure
COS
[no] cos map quid cos1..cosn quid ID COS
cos1..cosn cos, IEEE802.1p
exit
write
. .

22.3.2 CoS
. -
.
:
WRR (Weighted Round Robin):

.
FIFO (First In First Out): ,

. , -
.
Hybrid: ; SP
WRR . : 4 -
: -
SP, WRR. -
, WRR
. .

152
.466534.012-324
. . .
, -
SP. 2
SP; WRR. -
,
WRR , .
CoS -
:

configure
QoS
[no] scheduler policy { wrr | wrr wrr
fcfs | hybrid } fcfs fcfs
Hybrid hybrid
exit
write

22.3.3 CoS
CoS , -
, COS WRR. -
.
CoS -
. WRR.
Cos wrr.
byte-count ( ) -
, WRR . ( )
CoS,
:

configure
COS
[no] scheduler wrr bandwidth
weight1...weightn
weight1...weightn
CS.
exit .
write

22.3.4 CoS
, CoS . -
CoS
CoS , .
Cos , -
.

. .

configure
interface f1/1 , .
CoS , -
[no] cos default cos
; Cos cos.
exit .
exit .
. .

write

22.3.5 QoS
QoS -
(,
- IP-).
IP MAC-
; . permit, -

. deny,
. IP -
. .
QoS . , -
. .
QoS .
. .


.466534.012-324 153
. . .

configure
QoS
[no]policy-map name
name
Qos.
description description-text
description-text .
QoS.
[no]classify {ip access-group
access-list-name
access-list-name any }
IP.
-
QoS.
dscp-value dscp -
dscp.
action { dscp dscp-value | redirect
interface-id -
interface-id H.H.H | drop }
.
.. -

drop .
exit .
exit

22.3.6 QoS
QoS -
( ):

configure
QoS
[no]policy-map name
name
Qos.
description description-text
description-text .
exit .
exit

22.3.7 QoS


QoS , -
. . , -
IP ToS.
. ,
, , -
-, IP- , .
.
.
-

. .
( ):

configure
QoS
[no]policy-map name
name
QoS.
. .

[no]classify {ip access-group access-list-name


access-list-name | any } IP.
any .
exit .
exit

22.3.8 QoS
-

, .
, , .
-
. .

configure
[no]policy-map name QoS name -
. .

154
.466534.012-324
. . .


QoS.
max-band , -
.
cos-value cos -
cos.
dscp-value dscp
dscp.
interface-id
.
drop .
stat , -
.
action {dscp dscp-value | re-
direct interface-id | drop }
exit .
exit

22.3.9 QoS
QOS . -
, . -
, , , . -
,
. ,
,
.
.
QoS :

configure
interface f0/1 , .
QoS .
name QoS.
[no] qos policy name ingress
ingress , QoS -

.
exit .
exit

22.3.10 QoS
QoS,
show.
-
. .

:

show policy-map [policy-map- QoS
name] policy-map-name

22.4 QoS
. .

22.4.1 QoS Strategy


pmap ; ,
icmp IP- 90.0.0.13 90.0.012 :
ip access-list extended ipacl
permit icmp 90.0.0.13 255.255.255.255 90.0.0.12 255.255.255.255
policy-map pmap
classify ip access-group ipacl

action drop
interface FastEthernet0/2
qos policy pmap ingress
qos policy any ingress(NOTE: the applying order of the two policies)
. .


.466534.012-324 155
. . .
23
(LAYER 2)
23.1
(Layer 2) -
, -
.
.

23.2 (Layer 2)

.

configure
-
interface <intf_name> (
).
. -
[no] l2protocol-tunnel [stp] -
stp.
[CTRL] + Z
write
Super VLAN , IP-.
Super VLAN ,
.

23.3 (Layer 2)
:


A1/A2/Gather , C1/C2 , .
, ,
. STP, -
:
trunk () f0/2 A1, f0/1 f0/2
Gather f0/1 A2.
Access () f0/1 A1, f0/2

. .
A2 STP.

. .

. .

156
.466534.012-324
. . .
24 IP

24.1 IP
24.1.1 IP
IP
IP. IP ,
IP- IP
IP . , IP- -
, CPU .
IP , , IP-
, .. IP , -
IP , . -
, IP ,
, CPU.
: . -
, ,
. -
; ,
-
. , , -
.



3224 / 3224M / 6508

24.1.2 IP
IP :

. -
. -
[no] ip exf {default | desti-
, -
nation mask} {cpu | nexthop
default -
vlan vlanid}

.
CPU.
[no] ip exf / IP

24.1.3 IP

show ip exf IP-
. .

24.2
:
, CPU. -
IP-,
.
IP ;
. .

, -
, . ,
, ,
IP- .
.
( )
ARR CPU -
, ARR .

, -
ARR. , VLAN -
, ARR, CPU
.
.
,
.
, :
. .


.466534.012-324 157
. . .
(1) 192.168.0.0/16 next hop 92.168.26.3/vlan1
(2) 192.168.20.0/24 next hop 192.168.26.1/vlan1
(3) 192.168.1.0/24 direct routing
(4) 0192.168.26.0/24 direct routing
(5) 10.0.0.0/8 next hop 192.168.1.4/vlan2
(6) 0.0.0.0/0 next hop 192.168.1.6/vlan2
1 2, 3, 4.
, -
. 3 4 , - CPU. -
:
ip exf 192.168.20.0 255.255.255.0 nexthop 192.168.26.1 vlan 1
ip exf 192.168.1.0 255.255.255.0 cpu
ip exf 192.168.26.0 255.255.255.0 cpu
ip exf 192.168.0.0 255.255.0.0 nexthop 192.168.26.3 vlan 1
ip exf 10.0.0.0 255.0.0.0 nexthop 192.168.1.4 vlan 2 ip exf 0.0.0.0 0.0.0.0 nexthop 192.168.1.6 vlan 2


. .
. .

. .

158
.466534.012-324
. . .
25
25.1
, -
6508 , -
. , , ARP, IGMP IP , -
. , -
- .

25.2
IGMP, ARP IP-,
,
.
(ARP, IGMP IP), ,
, . ,
:

25.3

25.3.1

filter period time time .
filter threshold vlaue , value.
, , -
filter block-time time

25.3.2

filter igmp IGMP
fileter ip source-ip IP-

interface f x/y X Y.
filter arp ARP
ARP, <MAC, source port> .
, MAC, .
IGMP IP, <IP address + source port> .
, IGMP IP .

25.3.3
. .

, -
. , .

filter enable
no ; -
.
. .

25.3.4
,

show filter

25.4
, IGMP, ARP
1/2. , 1200 15 , -
; 10 . , :
filter period 15
filter threshold 1200
filter block-time 600
. .


.466534.012-324 159
. . .
interface f1/2
filter arp exit
filter enable


. .
. .

. .

160
.466534.012-324
. . .
26
26.1 AAA
26.1.1 AAA
.
- (uthentication), (authorization) (accounting) (AAA)
, -
.

26.1.1.1 AAA
AAA ,
:
(Authentication) ,
.

. AAA, -
, . -
. -
.
(
default). ,
. -
. -
, .
(Authorization) .
AAA . -
, .
, ,
AAA. , -
, RADIUS TACACS+. ,
RADIUS TACACS+, , -
(AV), .
AAA. , AAA,
, . -
, AAA, .

(Accounting) . -
, , -
, , , , .
, ,
. AAA, -
RADIUS TA-
CACS+ ( ) . -
- -
; , / -
. .

. , , -
, .
, , .

26.1.1.2 AAA
AAA :
. .



, RADIUS, TACACS+

26.1.1.3 AAA
AAA , -
( ) ( IP, IPX,

VPDN). , ,
.

26.1.1.4
, -
, . -
. -
. .


.466534.012-324 161
. . .
. -
.
. , -
.
- , ,
. -
, ,
, .
.
, . ,
, .

. , -
,
;
.
,
. R1 R2 RADIUS, T1 T2 - TACACS+. -
,
.

26.1-1 AAA
"default" , -


. -
.
,
R1 . R1 , -
PASS . R1 -
FAIL, . R1 ,
ERROR R2 -
.
, , .

. .
FAIL ERROR. FAIL ,
, . -
FAIL. ERROR ,
. ERROR AAA , -
.
-
, ( ) .
. .

26.1.2 AAA
, . -
-
.

26.1.2.1 AAA

AAA , .
AAA,
:
, -
, RADIUS TACACS+.
aaa authentication, .
.
. .

162
.466534.012-324
. . .
aaa authorization, ().
aaa accounting, ().

26.1.3 AAA
, AAA
PPP, AAA


,
,

26.1.4 AAA
.
AAA, :
, -
, RADIUS TACACS+. -
.
aaa authentication ,
.

26.1.4.1 AAA
AAA .
aaa authentication , ,
. , -
, .
login authentication .
AAA, :

aaa authentication login {default |

list-name}method1 [method2...]
line [console | vty ] line-number

[ending-line-number]

login authentication {default | -


list-name}
List-name ,
. method ,
. ,
error. fail, -
.
, , none
.
. .

aaa authentication login default group radius


default ,
. , RADIUS
:
aaa authentication login default group radius

none ,
. .

.
, ,
; .
:

enable

Group name
Group radius radius
Line .
Local
-
local-case

None -
. .


.466534.012-324 163
. . .
enable . aaa authentication login default
enable
enable aaa authentication login, -
. , enable
, ,
, :
aaa authentication login default enable

aaa authentication login default line
aaa authentication login line
. ,
, ,
, :
aaa authentication login default line
,
.

aaa authentication login default local
aaa authentication login local,
. ,
-
, , :
aaa authentication login default local
, -

.
RADIUS
aaa authentication login default group radius
aaa authentication login radius
RADIUS .
, RADIUS -
, , , :
aaa authentication login default group radius


RADIUS , -
RADIUS. -
RADIUS, RADIUS.

26.1.4.2
aaa authentication enable default -
. , -
EXEC. -

. .
. error ,
. fail,
. -
, , none
.
:

. .

aaa authentication enable default -


methodl [method2...]
method -
.
:

enable enable
Group group-name
group radius radius
line .
none -
, RA-
DIUS , :
RADIUS
. .

164
.466534.012-324
. . .
- $ENABLElevel$, level ,
; enable. , -
, enable 7. RADIUS -
, Radius- $ENABLE7$.
16, .. RADIUS , Radius-
$ENABLE15$. -
Radius-. , -
(Admin-User)
Radius-.

26.1.4.3 AA
AAA , logon logon
failure. , , -
AAA , ,
.
.
:

aaa authentication banner delimiter
logon
text-string delimiter
logon failure
:

aaa authentication fail-message delim-
failure
iter text-string delimiter
, , -
. , -
. -
, .

26.1.4.4 ,
, , -
, authentication username-prompt. -

, no aaa authentication
username-prompt:
username:
aa authentication username-prompt , -
TACACS+ RADIUS.
:

Aaa authentication username-prompt , ,
. .

text-string

26.1.4.5 ,
, , -
, authentication password-prompt.
enable, .
, no aaa authentication username-
. .

prompt.
password:
aa authentication password-prompt , -
TACACS+ RADIUS.
:

aaa authentication password-prompt , ,

text-string

26.1.4.6
,
, (, RADIUS) -
, "
" (escape code).
. .


.466534.012-324 165
. . .
,
: -
.
username name {nopassword | password password | password encryption-type en-
crypted-password}
username name [autocommand command]
username name [callback-dialstring telephone-number]
username name [callback-rotary rotary-group-number]
username name [callback-line [tty | aux] line-number [ending-line-number]]
username name [noescape] [nohangup]
username name [privilege level]
username name [user-maxlinks number]
no username name

26.1.4.7 -


. -
. -
, .
enable password { [encryption-type] encrypted-password} [level level]
no enable password [level level]

26.1.5 AAA
RADIUS
RADIUS, , -
, RADIUS:
aaa authentication login radius-login radius local
aaa authorization network radius-network radius
line vty
login authentication radius-login
.
aaa authentication login radius-login radius local -
RADIUS . RADIUS
, .


aaa authentication ppp radius-ppp radius -
PPP CHAP PAP -
. EXEC , .
aaa authorization network radius-network radius RADIUS -
, .
login authentication radius-login radius-login 3.

26.1.6 AAA

. .
EXEC AAA

26.1.7 AAA
.
AAA , :
, -
. .

, RADIUS, TACACS+.
.
aaa authorization .
.
.

26.1.7.1 EXEC AAA


aaa authorization . aaa


authorization exec , ,
EXEC EXEC.
login authorization .
:
. .

166
.466534.012-324
. . .

aaa authorization exec {default |

list-name}method1 [method2...]
line [console | vty ] line-number [

ending-line-number]
login authorization {default | list-
name} ( )
list-name ,
. method ,
. , -
error. fail,
. ,
, none -
.
aaa authorization exec default group radius
default , -
. , radius -
exec, :
aaa authorization exec default group radius
:
,
.

EXEC:

Group WORD
Group radius radius
Local
, -
if-authenticated
.
None - .

26.1.8 AAA
EXEC

,
LOCAL :
aaa authentication login default local
aaa authorization exec default local
!
username exec1 password 0 abc priviledge 15
username exec2 password 0 abc priviledge 10
username exec3 nopassword
. .

username exec4 password 0 abc user-maxlinks 10


username exec5 password 0 abc autocommand telnet 172.16.20.1
!
RADIUS :
aaa authentication login default local
; -
.
. .

aaa authorization exec default local


exec; , -
exec.
: exec1, : abc, EXEC: 15 ( -
), , exec1, 15, -
exec, .
: exec2, : abc, EXEC: 10, ,
exec2, 10, EXEC,

10.
: exec3; .
: exec4, : abc, :
10.
: exec5, : abc, telnet 172.16.20.1
exec.
. .


.466534.012-324 167
. . .
26.1.9 AAA
AAA
AAA

26.1.10 AAA
.
AAA , :
, ,
RADIUS, TACACS+.
.
aaa accounting .
.
.

26.1.10.1 AAA
aaa accounting AAA. -
,
, aaa accounting connection.
Telnet, Package Assembling/ De-assembling, H323, rlogin ..
323 .
:

aaa accounting connection {default |
list-name} {start-stop | stop-only |
none} group groupname
list-name ,
. method , -
.

:

group WORD
group radius radius


none
stop -
stop-only

start-stop -
start-stop
.

26.1.10.2 AAA

. .
aaa accounting AAA. aaa
accounting network -
, ,
.. SLIP PPP. :

aaa accounting network {default | list-
name} {start-stop | stop-only | none }
. .

group groupname
list-name ,
. method , -
.
:

group WORD

group radius radius


none
stop -
stop-only

start-stop -
start-stop
.
. .

168
.466534.012-324
. . .
26.1.10.3
, -
aaa accounting update.
:

aaa accounting update [newinfo] [peri-

odic number]
newinfo,
. , IP Control
Protocol (IPCP) IP- . -
IP-, .
periodic, , -
. -
, .
newinfo periodic, -
,
, . ,
aaa accounting update periodic, aaaa
ccounting update newinfo,
,
newinfo.

26.1.10.4 -

AAA
(NULL), .
aaa accounting suppress null-username

26.2 RADIUS
Remote Authentication Dial-In User Service (RA-
DIUS). , -
RADIUS.. RADIUS
, RADIUS , -
(AAA). RADIUS .

RADIUS -
RADIUS.

26.2.1
26.2.1.1 RADIUS
RADIUS /, . -
RADIUS
. .

RADIUS, -
. RADIUS
, ,
.
RADIUS , -
:
, RA-
. .

DIUS. , -
RADIUS. IP
, dial-in RADIUS.
, , RA-
DIUS, , (-
, Telnet), (, Point-to-Point Protocol (PPP)). , -
, RADIUS
PPP, IP- 10.2.3.4, .

, , RADIUS -
RADIUS. RADIUS -
, (
, , , ..), .
RADIUS :
RADIUS :
AppleTalk Remote Access (ARA, AppleTalk Remote Access)
. .


.466534.012-324 169
. . .
NetBIOS Frame Control (NBFCP, NetBIOS Frame Control )
NetWare Asynchronous Services Interface (NASI, NetWare Asynchronous ServicesInterface)
X.25 PAD
-. RADIUS .
RADIUS , call-in. -
call-out ( -
, )
.
, . RADIUS

26.2.1.2 RADIUS
-
RADIUS, :
(1) .
(2) RADIUS.
(3) RADIUS: ACCEPT: -

REJECT:
. .
CHALLENGE: RADIUS Challenge.
..
ACCEPT REJECT , EXEC
. RADIUS, -
RADIUS. , ACCEPT REJECT, -
:
a. , , Telnet, rlogin ..
b. , IP- , , -
.

26.2.2 RADIUS
RADIUS , -
:
aaa authentication


RADIUS. aaa
authentication, " ".
line interface, -
. "
".
, -
:
aaa authorization -

. .
. "
".
, aaa accounting -
.
aaa accounting, " ".

26.2.3 RADIUS
. .

RADIUS -
RADIUS RADIUS RADIUS

26.2.4 RADIUS
26.2.4.1 RADIUS
RADIUS , -
RADIUS Livingston, Merit, Microsoft, .

RADIUS
. radius-server host RADIUS- ra-
dius-server key .
:

radius-server host ip-address [auth- IP- RADIUS -
port port-number][acct-port portnumber] .
. .

170
.466534.012-324
. . .
, -
radius-server key string
RADIUS.
, RADIUS, , -
radius :

-
radius-server retransmit retries
RADIUS ( 2)
( ) -
radius-server timeout seconds RADIUS -
.
, RADIUS,
radius-server deadtime minutes , -
.

26.2.4.2 RADIUS -

Internet Engineering Task Force (IETF)
RADIUS, -
(attribute 26). Vendor-specific attributes (VSAs)
, .
ID VSAs, RFC 2138: Remote Authentication
Dial-In User Service (RADIUS). -
VSAs, :

-
radius-servervsasend[authentication]
VSA, RADIUS IETF attribute 26

26.2.4.3 RADIUS
RADIUS RA-
DIUS, RADIUS. -
RADIUS AAA, aaa authentication, -
RADIUS .
.

26.2.4.4 RADIUS
AAA ,
. RADIUS -
, , -
, , IP, IPX, ARA, Telnet.
RADIUS AAA, aaa au-
thorization, RADIUS .
.
. .

26.2.4.5 RADIUS
AAA ,
, . RADIUS
AAA, aaa accounting, RADIUS
. .
. .

26.2.5 RADIUS
26.2.5.1 RADIUS
aaa authentication login use-radius radius local
,
RADIUS:
aaa authentication login use-radius radius local

:
aaa authentication login use-radius radius local -
RADIUS . RADIUS ,
. ,
use-radius , RADIUS, -
.
. .


.466534.012-324 171
. . .
26.2.5.2 RADIUS
, -
:
radius-server host 1.2.3.4
radius-server key myRaDiUSpassWoRd
username root password AlongPassword
aaa authentication login admins radius local
line vty 1 16
login authentication admins
. radius-
server host IP- RADIUS.
radius-server key , RA-
DIUS.
aaa authentication login admins radius local ad-
mins, RADIUS, , RA-
DIUS , .
login authentication admins admins -
.

26.3 -
-
-.

26.3.1
26.3.1.1 -
- ,
PPPoE 802.1x. -, -
, , -
.
1.
, :
. DHCP
DNS-.
DHCP : IP-.


AAA : AAA , -
.
: -. -

.

. .
. .

2.
, -
DHCP, DNS . , . 3-2.
:
DHCP DHCP ( -
, DHCP ).
.
. .

172
.466534.012-324
. . .
- ( URL -
IP-), DNS

DNS- ; -
.
DNS .
,
.
. -
.
, -
. ,
.
, keep-alive -
.
, .
AA .
, -
keep-alive , . keep-
alive , -
. AAA -
.
, -
. ,
, DNS .

. .
. .

26.3.1.2
1.
:
. .


.466534.012-324 173
. . .
/ .
. -
.
VLAN ID. ,
VLAN ID, .
, -, -
.
.
, .
, ,
. , -
.
2.
-
. -,
-. DHCP-, DNS -
, - . -
, . -
, DHCP , DNS , -
, - .


. .
26.3.2
26.3.2.1
1.
, IP
:
. .


web-auth portal-server A.B.C.D IP-
2.
authtime . authtime
, , -
.

:

web-auth authtime <60-65535>
3. Keep-alive ( ).
, - ,
, .
. .

174
.466534.012-324
. . .

:

web-authkeep-alive<60-65535>
4. (HoldTime)
no keep-alive
HoldTime, , .

:

web-auth holdtime <60-65535>
5. VLAN ID
VLAN ID,
VLAN N , N VLAN.
.
-
VLAN ID:


web-auth vlan-password <WORD>
VLAN ID

26.3.2.2
1.
/ VLAN ID.
-
:

web-auth mode user | vlan-id
2.
. -

defaulf.
-
:

web-auth authentication WORD
3.
. -
defaulf.
. .

-
:

web-auth accounting WORD
. .

26.3.2.3 -
,
- .
- -
:

web-auth enable -

26.3.3 -
26.3.3.1
-, -
:
. .


.466534.012-324 175
. . .

show web-auth

26.3.3.2
- , -
:

show web-auth interface [vlan | Su-

perVlan]

26.3.3.3
,
, :

show web-auth user

26.3.3.4
-
, ,
:

web-auth kick-out user-IP

26.3.4
. :


. .
. .



aaa authentication login auth-weba radius
aaa accounting network acct-weba start-stop radius
!
radius-server host 192.168.20.2 auth-port 1812 acct-port 1813
radius-server key 405.10

!
ip dhcpd enable
ip http server
!
vlan 1-4
!
web-auth portal-server 192.168.20.41
web-auth holdtime 3600
. .

176
.466534.012-324
. . .
web-auth authtime 600
web-auth keep-alive 180
2
interface FastEthernet0/1
switchport pvid 1
!
interface FastEthernet0/2
switchport pvid 2
!
interface FastEthernet0/3
switchport pvid 3
!
interface FastEthernet0/4
switchport pvid 4

interface VLAN1
no ip directed-broadcast
ip helper-address 192.168.20.1
web-auth accounting acct-weba
web-auth authentication auth-weba
web-auth mode vlan-id
web-auth enable
!
interface VLAN2
ip address 192.168.20.41 255.255.255.0
no ip directed-broadcast
!
interface VLAN3
no ip directed-broadcast
ip helper-address 192.168.20.1
web-auth accounting acct-weba
web-auth authentication auth-weba
web-auth mode user
web-auth enable
!
interface VLAN4

no ip directed-broadcast
!
. .
. .

. .


.466534.012-324 177
. . .
27
27.1
, .
, , -
255 .
, -
-. -
.

27.2




SNMP
Web

27.3
27.3.1
1. VLAN
, - -
-
VLAN. VLAN .
2. - -

BDP -, -
- .
BDP , -, - -
BDP .
3. IP-
TCP/IP,


telnet, http snmp, IP- ,
. IP- -
.
- ,
IP- -. IP- IP ,
. ,
. , -
- (
).

. .
27.3.2
1.
-
:

. .

cluster mode commander cluster-name


2. -
-
-:

cluster mode commander member -

3. -
-
MAC- :

cluster member [id member-id] mac-
-
address H.H.H [password enable-password]
. .

178
.466534.012-324
. . .
27.3.3
1. IP-
IP-
:

cluster address-pool A.B.C.D A.B.C.D IP-
2. hellotime
-
-, hellotime (: ). -
hellotime :


cluster hellotime <1-300>
-
3. holdtime
-
, , -
down. (holdtime) .
holdtime
:


cluster holdtime <1-300>
-
4.

. , ,
-,
.
:

cluster discovery hop-count PDP

27.3.4

:

show cluster
show cluster member
show cluster candidate
. .

show cluster topo


show address-pool

27.3.5 SNMP
snmp -
snmp . :
-N snmp, IP-
. .

snmp; community string community string + @esN,


. community string
public, community string - No.6 public@es6.

27.3.6 Web
, http -
. esN/

url. , IP : 192.168.20.1, url - No.6:


http://192.168.20.1/es6/.
. .


.466534.012-324 179
. . .
28 PBR
28.1 PBR
, PBR.
PBR ( )
, . IP- ,
PBR. IP-
.
PBR:
IP , , PBR -
. PBR
.
PBR :


28.2 PBR
PBR, :


28.3 PBR
28.3.1
.

-
ip access-list stand netl

28.3.2
.



route-map pbr
match ip address access-list
set ip next-hop A.B.C.D IP-

28.3.3 PBR
PBR IP- :

. .

interface interface_name
ip policy route-map route-map_name PBR

28.3.4 PBR
, PBR :
. .


debug ip policy PBR

28.4 PBR
:
interface vlan1

ip address 11.1.1.1 255.255.255.0


no ip directed-broadcast
ip policy route-map pbr
!
interface vlan2
ip address 12.1.1.1 255.255.255.0
no ip directed-broadcast
!
interface vlan3
. .

180
.466534.012-324
. . .
ip address 13.1.1.1 255.255.255.0
no ip directed-broadcast
!
interface vlan4
ip address 14.1.1.1 255.255.255.0
no ip directed-broadcast
!
ip access-list standard net1
permit 10.1.1.2 255.255.255.255
!
ip access-list standard net2
permit 10.1.1.4 255.255.255.255
!
ip access-list standard net3
permit 10.1.1.21 255.255.255.255
!
route-map pbr 10 permit
match ip address net1
set ip next-hop 12.1.1.99
!
route-map pbr 20 permit
match ip address net2
set ip next-hop 13.1.1.99
!
route-map pbr 30 permit
match ip address net3 set
ip next-hop 14.1.1.99
!
route-map pbr 40 permit set
ip next-hop 12.1.1.100

PBR , vlan1. IP- -
- 10.1.1.2, - 12.1.1.99, -
12.1.1.99 . ,
IP- .
, route-map pbr 20 , IP- -
10.1.1.4. route-map pbr 30 , IP- 10.1.1.21.

route-map pbr 40 . ,
.
. .
. .

. .


.466534.012-324 181
. . .

()
-
-
(-
. - - - ) - .

.


. .
. .

. .

182
.466534.012-324
. . .