[CyberSecurityLearning 12] Data link layer and switch working principle and configuration

Others 2021-03-21 09:12:56 views: null

Data Link Layer (Layer 2 Data Link Layer)

1. Belonging to the 2nd floor

2. Transmission unit: frame

3. Frame structure: as shown below

  to sum up:

  Frame header: 6+6+2=14 bytes
  MTU value: 1500 bytes (domestic)
  Frame tail: 4 bytes
  Frame header content: target MAC, source MAC, type
  Type function: identify upper layer protocol
  0x0800: upper layer is IP Protocol
  0x0806: The upper layer is ARP protocol
  0x represents hexadecimal

4. Equipment working at the data link layer: switch/network card (the network card mainly generates frames, and then "makes" the frame to the switch)

5. The working principle of the switch (★)

After the switch receives a data frame:
1. First learn the source MAC address in the frame to form a MAC address table
2. Then check the destination MAC address in the frame and match the MAC address table:
   if there is a match in the table, then unicast
   If there is no matching item in the forwarding table, it will be broadcast forwarded except the receiving port. 3. The
default aging time of the MAC address table is 300 seconds (can be modified)


The switch only recognizes its own port.
In the MAC address table of a switch, all ports appearing are its own ports.

6. Switch port:

E  10Mb
F  100Mb
G  1000Mb
Te 10000Mb

F0/1
0 module number
1 interface number

Interface rate self-adaption: 1000/100/10M self-adaption
---"The rate working mode can be any state of 10, 100, 1000

Port status: up / down
down in 3 possible:
1) Manually down (equivalent to manually disable the network card)
2) Rate does not match
3) Duplex mode does not match (duplex duplex) [Understand]
   Duplex mode: single Duplex, half-duplex, full-duplex

Simplex means that data can only be transmitted in one direction. Among the two communication parties, one is fixed as the sending end, and the other is fixed as the receiving end. Information can only be transmitted in one direction, using a transmission line. A
half-duplex system allows two-way data transmission between two devices, but not at the same time . Therefore, only one device is allowed to transmit data at the same time. If another device wants to transmit data, it needs to wait for the original transmission device to complete the data before processing.
A full-duplex system allows two-way data transmission between two devices at the same time. Ordinary telephones and mobile phones are full-duplex systems, because the other party's voice can be heard at the same time while speaking.

7. The 5 basic working modes and commands of the switch

The first time you configure network devices (switches, routers, firewalls...), you need to use the console line.
On the PC, you need to use the "Hyper Terminal" software or other software.

Basic working mode:

1) User mode:
switch>
can view the basic simple information of the switch, and can not make any modification configuration!

2) Privileged mode: (used a lot)
switch> enable (turn off the input method!!!)
switch# (If the host name is immediately followed by #, this combination is called privileged mode)


You can view all configurations, and you cannot modify the configuration,
but you can perform operations such as testing, saving, initializing, etc.
3) Global configuration mode:
switch# configure terminal (configuration terminal)
switch(config)# The

configuration cannot be viewed by default!
The configuration can be modified and it takes effect globally!
4) Interface configuration mode:
switch(config)# interface f0/1
switch(config-if)# (if is the abbreviation of interface)

By default, the configuration cannot be viewed!
The configuration can be modified and it will take effect on the port!
5) Console port/line/console mode:
Switch(config)#line console 0
Switch(config-line) #The

configuration cannot be viewed by default!
The configuration can be modified and it will take effect on the console port!

command:

6) Exit to exit the first level
     end directly to the privileged mode
7) Support command abbreviations

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#exit
Switch(config)#line co 0
Switch(config-line)#exit
Switch(config)#

8) Usage of?


View commands beginning with e

9) Historical commands

Press ↑ or ↓
10) Tab completion key

11) Configure the host name:
conf t (enter the global configuration mode first)
hostname device name

12) Set the user password: (used when entering the user)
line co 0 (line console 0)
password
login (login verification)
exit

13) Shortcut keys:
ctrl+u: quickly delete all characters of the cursor
ctrl+a: quickly locate the cursor to the beginning of the line (a: ahead)
ctrl+e: quickly locate the cursor to the end of the line (e: end)

14)
There is a file in the memory called:
running-config (running configuration file)
How was this file born?
The first time you boot, the system will automatically create a new clean running-config in the memory [store all your configuration files]

Memory: The speed is very fast, and the reading speed of the memory is much higher than that of the hard disk; Disadvantage: Once the power is off, the data can not be saved,
so we put the next movie from the Internet on the hard disk (the memory cannot store things )

14) Command to save the configuration:
en (in privileged mode)
copy running-config startup-config (copy the running-config file from the memory to the startup-config file [startup configuration file] in the hard disk )
or
write (a Words are okay, Cisco’s is okay, the others are in the manual) [abbreviation wr]

15) Switch startup action: (understand 14↑)
First go to the hard disk to find whether startup-config exists,
if it does not exist, create a new running-config in the memory
if it exists, copy it to the memory and rename it to running-config

16) View running-config configuration
en (view commands are always in privileged mode)
show running-config
sh run (abbreviation)

17) View the startup-config configuration
show startup-config

18. Restart the device:
en (indicated in privileged mode)
reload

19) Configure privileged password: (used when entering privileges)
conf t
enable password password (running-config is displayed in plain text)
enable secret password (cipher text) When
configured at the same time, the plain text password becomes invalid

20) View the MAC address table:
show mac-address-table

21) View the interface status list:
show ip interface brief (view brief information of interface interface)
sh ip int b

22) Manually shut down the interface
int f0/x
shutdown
exit

23) Manually open the interface
int f0/x
no shutdown (no means to delete a command)
exit

24) Usage of do
Other modes can be forced to use privileged mode commands by adding do space,
such as:
do sh run
do sh ip int b
do wr,
etc.

25) Delete configuration
1 ) Delete where it is configured!
2) Add no space before the command
3) There are parameters in the original command, and the parameters are unique , you do not need to add parameters when deleting (such as deleting the password: no enable password, do not write no enable password 123)
such as:
conf t
hostname sw1 (Configuration)

conf t
no hostname (delete)

26) Clear/erase/initialize the configuration
en
erase startup-config (file in the hard disk)
. In the prompt after pressing Enter, nvram represents the meaning of hard disk

Small exercise:
1. Turn on a switch
2. Configure the host name as sw01-01
3. Configure the user password as 123.com
4. Configure the privileged password as 456.com
5. Use the show command to verify whether the above configuration is successfully configured!
6. Restart to verify whether the configuration exists
7. Re-do steps 2-4
8. Save the configuration and restart to verify whether the save is successful
9. Connect 2 PCs and observe whether the MAC address table is formed.

 

27) Configure IP for layer 3 port :
int f0/0
ip add 10.1.1.254 255.255.255.0
no shut (abbreviation of no showdown) because the router interface is closed
exit by default


Describe the meaning of the two states of the following interfaces:
    physical layer, data link layer state, layer
     1 and layer 2
  1) up up The first up represents manual/physical open, and the Internet connection is also plugged in. The next up represents successful negotiation with the other party.
  2) down down The previous down indicates that the interface is manually turned on but the interface is not plugged into the network cable (no signal is detected), and the next down indicates that there is no negotiation
  3) up down The previous up indicates that it is manually turned on and the signal is detected, and the back down indicates Negotiation is unsuccessful
  4) administratively down down          administratively down means that the manual down is down, and there is no negotiation or negotiation

Layer 1: The problem of the physical layer is that the network cable is not plugged in, and the network cable is plugged in but it is artificially down.
Layer 2: It is a negotiation (whether the rate mode matches/duplex mode), and it may be up only after the two parties negotiate successfully.

Remember:
Layer 2 interface is enabled by default.
Layer 3 interface is management down by default (manual shutdown). Almost all router ports on the market are shut down
after they are purchased. You must manually no showdown to open
the switch and plug it in. It can be used, because when it leaves the factory, the manual no shutdown is given to you

28) Turn on remote control:


conf t
line vty 0 4 ( vty is called virtual terminal )
[ 0 4 is equivalent to opening 5 virtual terminals (0-4) on this device, which means that this company, including anyone in the world, can remotely control me, And up to 5 people can control me at the same time ]
  transport input telnet/ssh/none/all (if you don’t write this command, the default is 23, which is telnet, you can also write this line)
  password password [ this password is called telnet password ]
  login
  exit

PC (remote control)

Have to match a global password:

conf t
hostname r1 ---"Configure the host name
ip domain-name r1.qf.com---"Configure the domain name
crypto key generate rsa ---"Generate a key pair! (These three lines only need to be written when SSH is configured)
line vty 0 4
  transport input telnet/ ssh /none/all
  login local no password is written
  exit
username xx password 123.com

Exercise:
1. Successfully realize the remote connection to the router via telnet or ssh on the pc, which only does login verification
2. Successfully realize the remote connection to the router via telnet or ssh on the pc, which requires login local verification

Small experiment: the
switch cannot isolate the network segment (the switch is used to component the same local area network, so everyone connected to the switch, including the gateway)
router is specially used to isolate the network segment (in other words, the router It is specially used to connect different network segments, and different network segments must be connected !) The
router does not allow its two interfaces to be on the same network segment! Routers are specially used to connect different network segments, and different network segments must be connected!
The number of network segments does not depend on the switch, but the router!

The switch only acts as a switch and only acts as a component LAN, so no additional configuration is required. The
router is different. The interface of the router is not configured with IP, and it is manually down by default, requiring manual labor. Turning on

does not refer to the gateway, your package will not be sent out

In the future, PC3 wants to get out of this network segment, (that is, the person you want to communicate with is not in the 20th network segment). The information must be sent to the gateway. Only the gateway can send your data packets to other network segments.
So far, it is in a state of interoperability across the entire network. !

Now PC1 is required to be able to remotely manage the router:

Go to PC1 to verify:

Now this router has two names in the entire network: when you call it 10.1.1.254 and 20.1.1.254, the
router is different from the PC. The PC has one network card and one IP, while the router has two network cards and two IPs. These two IPs can represent me in the entire network

Now the switch on the left also wants to be controlled remotely:

Next, PC1 was stunned. The switch didn't have ip. Who am I telnet?
Understanding the diagram:

29) Configure the management IP for the switch:
  conf t
  interface vlan 1 [ int f0/1 is the physical interface, int vlan 1 is the virtual interface "1 means the first virtual interface" ]
    ip address 10.1.1.253 255.255.255.0
    no shutdown

验证:switch(config-if)#do show ip interface brief

This IP can be pinged

30) Configure the default gateway for the switch: [It can be understood as configuring a gateway for the virtual PC in the
   switch ] Purpose: The switch can be managed across network segments!
  conf t
  ip default-gateway 10.1.1.254

31) Turn off the automatic resolution function:
  conf t
   no ip domain-lookup

Guess you like

Origin blog.csdn.net/Waffle666/article/details/113396688
Recommended
Ranking
PAT Level B 1094 Google's Recruitment (20 points) Python
Old Wei wins the offer to take you to learn --- brush (integer number 31. 1 appears) title series
Bilibili: Barrage Screening: Baijiaxing: Import XML directly
개체 배열 중복 제거
matplotlib—patches.Circle
[Observation] It is also a cordless vacuum cleaner, why does Dyson V10 dare to sell 4990 yuan?
0410
Apache Kafka message delivery reliability analysis
How hotel occupancy records inquiry etj
Essential knowledge for getting started with speculating in spot silver
Daily
More
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

Code World

© 2018 codetd.com