VLANs, dynamic routing protocols, and RIP

1. VLAN (switch): virtual local area network

(Attachment: Within the same broadcast domain, the network security defense is the lowest)

1. Function: After the switch and router work together, a broadcast domain can be logically divided into multiple broadcast domains.

2. Configuration ideas:

(1) Create a VLAN on the switch

(2) Each interface on the switch is divided into the corresponding VLAN

(3) trunk (relay) main road

(4) Inter-VLAN routing --- <1> sub-interface of the router (single-arm routing) <2> SVI method of multi-layer switch

3. Configuration command:

(1) Create on the switch---VLAN number consists of 12 binary bits: 0-4095  1-4094 is available

(The default switch exists in VLAN1, and all interfaces exist in VLAN1 by default) (delete – add undo in front)

[Huawei]sysname sw1
（单个创建）                 （批量创建）
[sw1]vlan 2                [sw1]vlan batch 4 to 10
[sw1-vlan2]q               [sw1]vlan batch 11 to 20 25 to 30
[sw1]vlan 3                (11到20是一组，25到30是一组)
[sw1-vlan3]

(2) Divide each interface on the switch into the corresponding VLAN

[sw1]int e0/0/1   （单独将某个接口划分到对应的VLAN）
[sw1-Ethernet0/0/1]port link-type access    （先将该接口修改为接入模式）
[sw1-Ethernet0/0/1]port default vlan 2     （再将该接口划分到对应的VLAN）

（创建接口组）
[sw1]port-group group-member e0/0/3 to e0/0/4  （批量将多个接口划分到同一个VLAN）
[sw1-port-group]p l ac 
[sw1-port-group]p d vlan 3

(3) Configure the trunk road

(It does not belong to any VLAN, and carries the forwarding of all VLAN traffic. It can mark (encapsulate) and identify (decapsulate) the labels of different VLANs.) (VLAN ID is pressed into the data frame standard -- 802.1q (dot1. q))

[sw1]int e0/0/1
[sw1-Ethernet0/0/1]port link-type trunk   （将接口修改为trunk模式）
[sw1-Ethernet0/0/1]port trunk allow-pass vlan 2 to 3
附：华为交换机默认仅允许VLAN1通过，需要定义允许列表
[sw2]int e0/0/3
[sw2-Ethernet0/0/3]port link-type trunk
[sw2-Ethernet0/0/3]port trunk allow-pass vlan all（允许所有VLAN通过）

(4) Configuration of router sub-interfaces (one-arm routing)

[Huawei]sysname r1
[r1]intg0/0/0.1    （创建子接口）
[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2    （定义其管理的VLAN）
[r1-GigabitEthernet0/0/0.1]ip add 192.168.1.254 24    （定义子接口的IP地址）
[r1-GigabitEthernet0/0/0.1]arp broadcast enable      （开启子接口的ARP功能）
[r1]intg0/0/0.2
[r1-GigabitEthernet0/0/0.2]dot1q termination vid 3
[r1-GigabitEthernet0/0/0.2]ip add 192.168.2.254 24
[r1-GigabitEthernet0/0/0.2]arp broadcast enable

2. Dynamic routing protocol

1. Overview: Communication between routers, after negotiation, a routing table is automatically generated. After a topology change, it can converge (recalculate) to the new structure in real time. (The full name of the TCP structure --- Transmission Control Protocol)

2. Classification based on AS: AS--autonomous system (0-65535 standard number)

• IGP-Interior Gateway Routing Protocol (AS internal use) RIP OSPF EIGRP ISIS......
• EGP - Exterior Gateway Routing Protocol (used outside the AS) BGP EGP...

Classification of IGPs:

[1] Classification based on job characteristics

• DV - Distance Vector RIP EIGRP ... (directly connected routers (directly connected=neighbors) share routing tables)
• LS-Link State OSPF ISIS ... (Local Computation of Routes)

[2] Based on whether to carry the subnet mask when updating

• There are categories: do not carry the subnet mask, define the subnet mask according to the main category
• No category: carry the subnet mask, and judge the network segment based on the actual mask

3. RIP: Routing Information Protocol (Distance Vector Protocol) ( The default priority is 1 00 , if you are not satisfied, you can directly define a static route)

(Attachment: V1/V2/NG exists) (NG: dedicated to next-generation IPV6)

1. Working method: Work based on UDP520 port, using hop count for measurement. ---Support equal overhead load balancing

2. Update method: 30s cycle update; trigger update.

• Periodic update --  (keep alive; replace acknowledgment) (asynchronous periodic update may cause loops)
• Triggered update means that when a change in the network topology is detected, the router will immediately send an update message to the neighboring routers, and in turn generate a triggered update to notify their neighboring routers. This process is called triggered update.

3. The difference between V1 and V2:

(1) V1 is a classful protocol that does not carry a subnet mask, and cannot distinguish between subnet division and summary (subnet and parent network)

(2) V2 is a classless protocol, carrying subnet mask, can identify V LSM (variable length subnet mask - subnetting) and subnet summary, does not support supernet

(3) V1 --- Broadcast update – 255.255.255.255 V2 --- Multicast update – 224.0.0.9

(4) V2 supports manual authentication

4. Destruction mechanism

(1) Horizontal split -- enter from this port, not exit from this port (anti-loop in straight line topology)

The main function is to avoid repeated traffic in the MA network.

MA network --- multi-access network: the number of nodes in a network segment is not limited

(2) Trigger update---toxic reverse split horizon

(fast, solves all loops)

(3) Maximum number of hops -- 15 hops (16 hops are unreachable)

(4) Inhibition timer

(Default does not work) If the number of hops increases without symptoms, it proves that there is a loop, and then it starts to work.

5. Configuration commands

(1) V1 configuration:

[r1]rip 1   启动时可以定义进程号，默认进程为1   （仅具有本地意义）
[r1-rip-1]version 1  选择版本1
宣告：（RIP中只宣告主类）例：接口ip 192.168.1.1 宣告：network 192.168.1.0 （主类：ABCDE）
[1] 激活 – 被选中接口可以收发RIP的信息
[2] 共享路由 – 被选中接口的网段可以共享给本地的所有邻居
[r1-rip-1]network 1.0.0.0
[r1-rip-1]network 12.0.0.0  （被宣告的接口就可以开始发RIP的更新包了）
[r2]display ip routing-table protocol rip  查看RIP协议的路由

(2) V2 configuration:

[r1]rip 1   启动时可以定义进程号，默认进程为1   （仅具有本地意义）
[r1-rip-1]version 2  选择版本2
[r1-rip-1]network 1.0.0.0
[r1-rip-1]network 12.0.0.0     （宣告主类，自己携带子网掩码）

6. Expand configuration

(1) Manual summarization of RIPV2 (V 1 does not carry subnet mask, automatic summarization is the main class): On the update source router, configure on all the interfaces from which the update is sent

[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]rip summary-address 1.1.0.0 255.255.252.0
                                            汇总网段 汇总网段子网掩码

(2) RIPV2 certification

(Authentication: The identity verification password is added to the RIP messages sent between neighbors. Huawei enables authentication, and all RIP information will be encrypted for transmission)

[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]rip authentication-mode md5 usual cipher 123456
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]rip authentication-mode md5 usual cipher 123456
（两个直连的邻居间，认证口令和模式必须完全一致）

(3) Silent interface ( passive interface): only receives, does not send routing protocol information, can only be used for the interface connected to the user terminal, and cannot be used for the interface directly connected to the neighbor of the router, otherwise the neighbors cannot share routing information.

[r1]rip 1
[r1-rip-1]silent-interface g0/0/1

(4) Speed ​​up convergence

RIP timer: 30S update, 180S failure, 180S suppression, 300S refresh

(Properly modifying the timer can speed up the convergence of the protocol.)

Modification : All devices running RIP in the entire network are recommended to be consistent; maintain the original multiple relationship, and it is not appropriate to modify too small.

[r1]rip 1
[r1-rip-1]timers rip 30 180 300   （不能修改抑制计时器）

(5) Default route – after the default source information is defined on the border router, the default route will be advertised to the intranet. Afterwards, the internal router will automatically generate a default route pointing to the direction of the border router. The default route of the border router pointing to the ISP still has to be manually written.

[r3]rip 1
[r3-rip-1]default-route originate  定义缺省源头信息后，向内网发布缺省路由