The role of the switch: Distinguish the hub (HUB), the HUB is a physical layer device, which can only forward and send current directly; the
switch is a data link layer device, which can convert current to binary, and realizes the following functions:
1. Unlimited transmission distance
2 , The conflict is completely resolved—all interfaces can send and receive data at the same time.
3. Layer 2 unicast—physical addressing. In a switching network, one-to-one communication is realized, which ensures data security, reduces the amount of junk data, and reduces Forwarding delay;
4. Increase port density—more interfaces can be added
Three-layer architecture:
Access layer: Provides port density for user terminal access-Layer 2 switches, AP
convergence layer (distribution layer): a collection of traffic, DHCP/VLAN/STP/HSRP/VRRP/channel...
QOS /ACL
core layer: nat, high-speed routing and forwarding
Redundancy-backup circuit, equipment, gateway, UPS (power supply)
VLAN: Virtual LAN Layer 2 switching and routers (Layer 3 switches) logically divide a broadcast domain into multiple;
configuration ideas:
1. Create VLAN
on the switch 2. Divide each interface on the switch into the corresponding VLAN
3. Trunk
4. Inter-vlan routing-single-arm routing (router sub-interface) Layer 3 switch
Then converted to the CAM table - the traffic entering the switch, the source MAC address to identify the data frame, then the MAC address bindings, the recording and enter the traffic interfaces, generates a MAC address table: switch forwarding mechanism traffic
after Check the target MAC address in the data frame and look for the corresponding record in the CAM table. If there is a record, it
will be unicast forwarded according to the record interface; if there is no record, the flow will be flooded; Flooding—duplicate all exits except the entrance of the flow ; The
default CAM will be deleted 300s after the last occurrence of a mac;
The difference between MAC address table and CAM — CAM converts the MAC address + interface number + vlanid in the MAC table into a hash value, and then into a binary format; the meaning is faster recognition;
Cisco's vlan:
number 12-bit binary composition = 0 -4095 of which 1-4094 can be used
1-1005 standard vlan-any conditions can be used 1006-4094 extended vlan VTP mode is used when transparent The
default switch has vlan1 vlan1002-1005 (for non-Ethernet use)
vlan1 is the default native vlan, default Management vlan; and all interfaces are in vlan1 by default;
Switch(config)#vlan 2
Switch(config-vlan)#name classroom1
Switch(config-vlan)#exit
Switch(config)#vlan 3-10, 15-20 batch creation
2) The interface is divided into vlan
Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport mode access The interface must be defined in access mode before it can be divided
Switch(config-if)#switchport access vlan 2
Switch(config -if)#exit
Switch(config)#interface range fastEthernet 0/3 -4 Batch division
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 3
3) Trunk
Layer 2 switches manually configure trunk trunks
Switch(config)#interface fastEthernet 0/24
Switch(config-if)#switchport mode trunk
Cisco’s Layer 2 switches only support 802.1q
Layer 3 switches and manually configure trunk trunks—ISL and Both 802.1q support, so the encapsulation type must be defined before configuration
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Trunk—Does not belong to any vlan, carries traffic of all vlans, and has the function of marking and identifying different vlan labels.
There are two methods for encapsulating vlanID in data frames: 802.1q (dot1.q) ISL (cisco private standard)
802.1 The biggest difference between q and isl: 1. The 802.1q tag stream is 4 bytes and the ISL tag is 20 bytes.
2. There is a native VLAN in
802.1q . A VLAN that is not encapsulated by default. 3. 802.1q uses a 12-bit tag of 4096. A vlan ISL uses 10 bits to mark 1024 vlans.
4. ISL is encapsulated in the front end of the data frame. The 802.1q mark is behind the leading bit.
There is also a DTP technology that automatically negotiates the establishment of trunk roads; the
default cisco’s 45 or more contains 45 series switches are in passive mode; 45 and below are active modes;
passive mode and passive mode cannot automatically establish a trunk; manual configuration = active mode;
but any mode and access mode cannot be established as a trunk;
Switch(config-if)#switchport mode dynamic?
auto Set trunking mode dynamic negotiation parameter to AUTO passive mode
desirable Set trunking mode dynamic negotiation parameter to DESIRABLE active mode
Huawei configuration:
1. Create vlan
[SWA]vlan 10
[SWA-vlan10]quit
[SWA]vlan batch 2 to 3 5 10 Create vlan2-3, 5, 10 in batches
2. The interface is assigned to a vlan
single interface and the interface mode is changed to access
[SWA]interface GigabitEthernet 0/0/5
[SWA-GigabitEthernet0/0/5]port link-type access is
changed to access in batches
[Huawei]port-group 1
[Huawei ]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/10
[Huawei]port link-type access
Divide interfaces into vlan
SWA individually]interface GigabitEthernet0/0/5
[SWA-GigabitEthernet0/0/5]port default vlan 3
Divide interfaces into vlan2 in batches
[Huawei]vlan 2
[Huawei-vlan2]port GigabitEthernet 0/0/1 to 0/0/2
3. After the trunk
enters the interface, first modify the interface type to trunk mode; then define the VLANs that the trunk can allow to pass; the default trunk PVLAN-native VLAN similar to cisco is vlan1, and the default is vlan1 The traffic is not marked, and others added to the allow list can also pass through
[SWA-GigabitEthernet0/0/1]port link-type trunk
[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
[Huawei-GigabitEthernet0/ 0/1]port trunk allow-pass vlan all Allow all vlans to pass through
[Huawei-GigabitEthernet0/0/1]port default vlan 3 Modify the pvlan on the trunk road. Note that once the pvlan is not the default vlan1, it needs to be in the allowable condition Add a new PVLAN; at this time, the original vlan1 is no longer a pvlan, you need to manually add it to the allow list;
4. Router between VLANs
- Single-arm routing—sub-interface—change the trunk mode of the switch interface connecting the switch to the router
[RTA]interface GigabitEthernet0/0/1.1
[RTA-GigabitEthernet0/0/1.1]dot1q termination vid 2
[RTA-GigabitEthernet0/0/1.1]ip address 192.168.2.254 24
[RTA-GigabitEthernet0/0/1.1]arp broadcast enable
[RTA]interface GigabitEthernet0/0/1.2
[RTA-GigabitEthernet0/0/1.2]dot1q termination vid 3
[RTA-GigabitEthernet0/0/1.2]ip address 192.168 .3.254 24
[RTA-GigabitEthernet0/0/1.2]arp broadcast enable
DHCP pond configuration
dhcp enable First enable the DHCP service globally,
then enable the dhcp service on the interface, and enable each sub-interface separately
[r1]interface GigabitEthernet 0/0/0.1
[r1-GigabitEthernet0/0/0.1]dhcp select global
and then define the pond
ip pool v3
gateway -list 192.168.2.1
network 192.168.2.0 mask 255.255.255.0
dns-list 114.114.114.114
Huawei VLAN part of the interface mode explanation:
1. As long as the traffic enters the Huawei device, it will be immediately labeled; - The internal traffic forwarded by the Huawei device exists Label
2. All interfaces on the Huawei device switch have a forwarding permission list, and only traffic allowed by the forwarding permission list can enter or transfer from this interface;
3. When transferring from an interface, in addition to viewing the permission list, Need to define whether to mark;
4. If a certain traffic enters from an interface of the switch without a label, it will be marked with the pvlan id of the interface;
5. If a certain traffic enters from an interface of the switch, there is a label, and Match the allowed list of the interface, if it is allowed to enter, if not allowed, it will be discarded;
6. If the PC receives the marked traffic, it will discard it;
No matter the interface is in any mode, it matches the above 5 rules;
access mode: only one VLAN can be allowed to pass (allow list cannot be directly defined); PVLAN is allowed VLAN; and it must be untagged
[sw1]interface GigabitEthernet 0/0/ 5
[sw1-GigabitEthernet0/0/5]port link-type access
[sw1-GigabitEthernet0/0/5]port default vlan 2
Relay mode: All VLANs can be manually added to the allow list. By default, only pvlan is in the allow list, and the pvlan output rule is not marked
, and the other VLAN
output rules are marked; [sw1]interface GigabitEthernet 0/0/6
[ sw1-GigabitEthernet0/0/6]port link-type trunk
[sw1-GigabitEthernet0/0/6]port trunk pvid vlan 2
[sw1-GigabitEthernet0/0/6]port trunk allow-pass vlan all
Promiscuous mode: All VLANs can be manually added to the allowed list, and when allowed to pass, you can define whether to tag; the
default PVLAN is VLAN1, and the outgoing rule is untagged; once the PVLAN is modified, you need to manually add the VLAN to the allowed list , At the same time you can define whether to tag;
[sw1]interface GigabitEthernet 0/0/7
[sw1-GigabitEthernet0/0/7]port hybrid tagged vlan 2 to 3
[sw1-GigabitEthernet0/0/7]port hybrid untagged vlan 4 to 5
[sw1]display port vlan active View the VLAN forwarding rules of the interface;