1. How many layers does the switch work on? How does it work?
Layer 2 (Data Link Layer)
Working principle: 1. First, the MAC address table is formed by learning the source MAC address and local port in the frame.
2. Then forward the data by matching the target MAC address to the MAC address table:
For example: if there is a MAC address table, then unicast forwarding
If there is no MAC address table, broadcast forwarding
3. The aging time of the MAC address table is 300 seconds
2. The difference between a switch and a router!
Router: Works at Layer 3, isolated network segment, is an independent network segment, can isolate broadcast domains, can configure IP, and can forward data between different network segments
Switch: Works at Layer 2, can be used as a local area network, cannot isolate broadcast domains
3. Describe the routing entry type and priority in detail
Routing entry type:
Direct route: Configure the IP address, no entry is required, and enable /up, a direct route entry will be automatically generated, the type is c
Non-directly connected routes: manual configuration or automatic learning (static routes or dynamic routes are required, and the network segment is added to the routing table)
Static routing - manually configured by the administrator, is unidirectional and lacks flexibility
Default route - when the router cannot find a route entry for the destination network in the routing table, the router forwards the request to the default route interface
Dynamic routing - automatically establish its own routing table by routing specific information, and can automatically adjust according to changes
Floating routing---By setting two starters on the same network segment and modifying the administrative distance value of one entry, its priority is lowered and it is hidden in the routing table. When the entry with high priority is down, it is hidden. The routing entry surfaced!
Policy routing---Access control management through ACL
The routing entries in the routing table have priority. When the router matches the routing table, it will be matched according to the priority.
Until a matching entry is found and forwarded, it does not continue to match down.
The priority of routing entries is inversely proportional to the administrative distance (A) value!
4. Proficient in describing the routing principle (that is, the whole process of the router processing data)
1. The route receives and sends the data packet and performs Layer 2 decapsulation on the port to determine whether the target MAC address is its own
It is itself, and then decapsulates the IP header through Layer 3 to check whether the destination IP address is in the routing table entry
2. (If there is no route for the target IP segment in the routing table, it will be discarded)
If the routing table knows the direction of the next hop to the network segment, then re-encapsulate the frame header on the outgoing interface; the outgoing interface MAC address is used as the source MAC address, and the next MAC address
As the destination MAC (if you don't know, perform ARP protocol to broadcast to obtain the MAC address of the interface and store it in the cache table) to complete the encapsulation as a complete frame, and forward the TTL value of -1
(Discard if TTL=0)
3. In the next route, determine whether there is a network segment leading to this direction. If not, continue to the previous step. If so, perform ARP protocol broadcast to find the corresponding MAC address, and then proceed.
Repackaging and unpacking
5. Describe the difference between static routing, default routing, and floating routing!
Static routing - manually configured by the administrator, is unidirectional and lacks flexibility
Default route - when the router cannot find a route entry for the destination network in the routing table, the router forwards the request to the default route interface
Dynamic routing---By setting two stuns on the same network segment and modifying the administrative distance value of one entry, its priority is lowered and hidden in the routing table. When the entry with high priority is down, it will be hidden. The routing entry surfaced!
6. Proficiency in describing the working principle of ARP.
Resolve a known IP address to a MAC address
Principle: 1. The sender first sends an ARP broadcast message
2. The receiver responds with an ARP unicast reply
ARP detailed analysis
1. When the PC communicates with other hosts, first determine whether it is in the same network segment as itself.
2. If in the same network segment, send ARP broadcast to seek the MAC address of the target IP address.
3. If it is not in the same network segment, send ARP broadcast to seek the MAC address of the gateway (provided that the PC is configured with a gateway)
7. Proficiency in describing the principle, purpose and difference between ARP attack and spoofing
ARP attack
Purpose of attack: Terminate communication
Attack principle: By sending fake ARP packets, the attacker frequently sends unicast or broadcast to everyone, so that the corresponding relationship between fake IP and MAC address appears in the cache table of others
ARP spoofing
Principle: The same as the attack, but saying that your MAC address is the data flow out through yourself
Purpose: stealing data, monitoring, tampering, controlling
Difference: one sends a fake IP MAC to terminate the communication, one sends a fake IP and its own MAC achieves the purpose of monitoring modification control
8. Proficiently introduce the types of NAT, the principle and application of each type!
(1) Static NAT one-to-one After upgrading to static PAT, it is generally used to publish server/port mapping!
(2) Dynamic NAT many-to-one but cannot access the Internet at the same time
(3) Dynamic PAT many-to-one and can access the Internet at the same time
9. Common protocols at each layer
应用层 http https ftp dns smtp pop3 telnet ssh server tftp
80 443 20/21 53 25 110 22 23 445 69
Transport layer TCP UDP
6 17
TCP:http https ftp dns smtp psp3 telnet ssh server
UDP: dns server tftp
Network layer ICMP IP ARP
Data link layer MAC sublayer protocol Type: used to distinguish which protocol the upper layer is 0800: The upper layer is the IP protocol 0806: The upper layer is the ARP protocol
physical layer
10. The lower layer provides services for the upper layer (mainly for the 2345 layer)
The frame header and frame trailer of the data link layer provide services for the network layer
The IP header of the network layer provides services for the tcp udp of the upper layer
ARP obtains the other party's mac address based on the other party's ip
icmp probes the path for the ip packet header to see if the front is unreachable
Transport layer FTP UDP Provide services for the application layer Determine the different protocol numbers of the application according to the different ports opened by the application layer
The application layer provides services for the client to convey instructions to the following
11. Proficiency in describing frame header (complete), IP header (complete), ARP header, ICMP header
IP header: version header length priority and service type total length
identifier flags segment offset
TTL protocol number Header checksum
source address destination address optional
ARP header: frame header ARP message frame trailer
ICMP header: frame header (IP header (ICMP header ICMP data)) frame tail
12. Describe the frame structure
MAC sublayer plus IP packet plus FCS MAC sublayer active address destination address and type IP packet is the data of the upper three layers FCS is a simple frame check that can restore the data of this frame
13. In TCP/IP, what protocols are in the transport layer, what are the differences, and why is UDP insecure?
tcp : secure and reliable but slow transfer
udp: unreliable and insecure but fast transfer
Each transmission in the tcp packet header will be confirmed. If it is not received, it will be retransmitted and there will be a verification of the IP packet header value. Three-way handshake request connection Four-way handshake disconnection
And udp will not confirm after transmission, so udp is not safe
14. What does VLAN do? How many floors do you work on? What is the principle? What categories are there?
VLAN: Role: Technology used to split broadcast domains on Layer 2 switches
Advantages: Split broadcast advantage, segmentation, flexibility, simplified network management
Classification: 1. Static vlan based on port division of static vlan
2. Dynamic vlan divides dynamic vlan based on MAC address
15.What is the role of trunk? How? What type of labels are there?
Function: realizes the communication between the same vlan across switches, forms a relay link, and can transmit all vlan data
Different vlan data is distinguished by identification between switches, and vlan identification is applied to data frames destined for other switches
Ethernet implements trunking, and there are two types of encapsulation that switch links in the network:
* ISL(Cisco)
* IEEE 802.1q
Access link: connecting terminal, can only belong to and transmit a certain vlan data frame
Trunk link: The switches are interconnected, which is a public link and can transmit all vlan data frames