1. Ethernet switch
1. The switch works at the link layer
The most common switches are Ethernet switches. Switches work on the second layer of the OSI reference model, the data link layer. The switch has a high-bandwidth back bus and internal switching matrix, which can transmit data between multiple port pairs at the same time. A table is maintained inside the switch, called the MAC address table (port address table) , which records the MAC address of the host under the port. The port address table is automatically established after the switch is powered on, stored in RAM, and maintained automatically.
The principle of a switch isolating collision domains is based on its port address table and forwarding decisions. (RAM random access memory is equivalent to the computer's memory stick, the running memory is volatile, and the data will be cleared after power off)
2. Self-learning function of Ethernet switch
Assume that the Ethernet switch in the figure below has 4 interfaces, each connected to a computer, and its MAC addresses are A, B, C and D respectively. At the beginning, the switching table inside the Ethernet switch is empty.
- A first sends a frame to B, and enters the switch from interface 1. After the switch receives the frame, it first searches the switching table, but fails to find out which interface should forward the frame. Then, the switch writes the source address A and interface 1 of this frame into the switching table, and broadcasts this frame to all interfaces except interface 1 (this frame comes in from interface 1, of course it should not be transmitted from interface 1 forwarded).
- C and D will discard the frame because the destination address is wrong. Only B accepts the frame with the correct destination address. This is also known as filtering.
- From the newly written item (A, 1) in the switching table, it can be seen that no matter which interface the frame is received from in the future, as long as the destination address is A, the received frame should be forwarded from interface 1. (Since the frame sent by A enters the switch from interface 1, the frame forwarded from interface 1 of the switch should also reach A)
- Assume that next B sends a frame to A via interface 3. The switch looks up the switching table and finds that the MAC address in the switching table has A. It indicates that the frame to be sent to A (that is, the frame with the destination address A) should be forwarded from interface 1. Then the frame is sent to interface 1 and forwarded to A. Obviously, it is no longer necessary to broadcast received frames anymore . The newly added item (B, 3) in the switching table at this time indicates that if there is a frame sent to B in the future, it should be forwarded from interface 3.
- After a period of time, as long as hosts C and D also send frames to other hosts, the switching table in the Ethernet switch will write the interface number (2 or 4) that should be forwarded to C or D into the switching table. In this way, the items in the exchange table are complete. Frames to be forwarded to any host can quickly find the corresponding forwarding interface in the switching table.
3. Three main functions of the switch
1), self-learning
The Ethernet switch understands the MAC address of the device connected to each port, and maps the address to the corresponding port and stores it in the MAC address table in the switch cache.
2), forwarding/filtering
When the destination address of a data frame is mapped in the MAC address table, it is forwarded to the port connected to the destination node instead of all ports (if the data frame is a broadcast/multicast frame, it is forwarded to all ports)
3), eliminate the loop
Ethernet switches use the Spanning Tree Protocol (STP) to avoid loops while allowing a backup path when the switch includes a redundant loop.
2. Basic configuration of the switch
1. Huawei emulator sets password authentication for the console of the switch
console端口:
安全设备和路由器一般有管理口(console口),管理口有IP地址。console端口一般为设备的
控制口,console端口使用配置专用连线直接连接至计算机的串口,Console端口的类型也有所不同,
绝大多数交换机都采用RJ-45端口,但也有少数采用DB-9串口端口或DB-25串口端口
当然也可以使用软件连接(使用超级终端、secureCRT、putty、xshell等软件)1. Open the eNSP software, add a host and an S3700 switch, use the console line (ctl in the eNSP software) to connect the host to the switch, and then start the two machines
2. Turn on the host and use the serial port to connect to the switch
3. Set the password authentication mode on the console port
<Huawei>system-view #进入系统视图
[Huawei]user-interface console 0 #进入console口
[Huawei-ui-console0]authentication-mode password #设置密码认证模式(有AAA认证模式、password认证模式)
[Huawei-ui-console0]set authentication password cipher 密码 #设置密文密码
[Huawei-ui-console0]set anthentication password simple 密码 #设置明文密码
<Huawei>display current-configuration #查看当前的配置信息(当前的配置内容保存在内存中,断电后会丢失)4. Set the username and password authentication mode on the console port
<Huawei>system-view #进入系统视图
[Huawei]user-interface console 0 #进入console口
[Huawei-ui-console0]authentication-mode aaa #设置AAA认证模式
[Huawei]aaa #进入AAA
[Huawei-aaa]local-user 用户名 password cipher 密码 #设置用户名和密码
[Huawei-aaa]local-user 用户名 privilege leval 级别 #设置用户级别2. Telnet remote login management
1. Configure Cloud
Open eNSP, add a switch S3700 and a Cloud, then configure the Cloud, bind UDP and a network card of the virtual machine, in the port mapping settings, select the bidirectional channel, the inbound port number is 1, and the outbound port number is 2 ; Connect the Cloud to the switch S3700 with a straight line (Copper), and then turn on the device
2. Telnet remote connection switch configuration
- Configure IP for the switch
Since the IP address cannot be set for the Layer 2 interface of the switch, the IP address can only be set for the virtual interface of the switch (vlan interface-valnif1)
<Huawei>system-view #进入系统视图
[Huawei]interface Vlanif 1 #进入Vlanif1接口
[Huawei-Vlanif1]ip add 192.168.137.130 24 #设置接口的IP地址要和Cloud配置的网卡IP处在同一网段- Switch User Interface Configuration
You can configure password authentication mode or username and password authentication
#密码认证模式
<Huawei>system-view #进入系统视图
[Huawei]user-interfce vty 0 4 #进入虚拟用户终端接口
[Huawei-ui-vty0-4]authentication-mode password #选择认证方式为密码认证
[Huawei-ui-vty0-4]set authentication password cipher 密码 #设置密码
[Huawei-ui-vty0-4]quit #返回上一级
[Huawei]telnet server enable #开启telnet服务#用户名密码认证
<Huawei>system-view #进入系统视图
[Huawei]user-interfce vty 0 4 #进入虚拟用户终端接口
[Huawei-ui-vty0-4]authentication-mode aaa #选择认证方式为aaa认证
[Huawei-ui-vty0-4]quit
[Huawei]aaa #进入aaa配置
[Huawei-aaa]local-user 用户名 password cipher 密码 #设置用户名密码
[Huawei-aaa]local-user 用户名 privilege level 15 #设置用户级别
[Huawei-aaa]quit #返回上一级
[Huawei]telnet server enable #开启telnet服务3. Use the cmd command line window of the physical host to connect remotely
telnet 192.168.137.130
3. ssh remote management
1. Configure IP for the switch
<Huawei>system-view #进入系统视图
[Huawei]interface vlan 1 #进入Vlanif1接口
[Huawei-Vlanif1]ip add 192.168.137.150 24 #设置接口的IP地址要和Cloud配置的网卡IP处在同一网段2. Switch user interface configuration
<Huawei> system-view #进入系统视图
[Huawei] user-interface vty 0 4 #进入虚拟用户终端接口
[Huawei-ui-vty0-4]authentication-mode aaa #选择认证方式为AAA认证
[Huawei-ui-vty0-4]protocol inbound ssh #修改允许的入站协议为ssh
[Huawei-ui-vty0-4]quit3. aaa configuration
[Huawei]aaa #进入aaa配置
[Huawei-aaa]local-user 用户名 password cipher 密码 #设置用户名密码
[Huawei-aaa]local-user 用户名 privilege level 15 #设置用户级别
[Huawei-aaa]local-user 用户名 service-type ssh #设置用户的服务类型为SSH
[Huawei-aaa]quit #返回上一级4. ssh configuration
[Huawei]ssh user 用户名 #创建对应的SSH用户
[Huawei]ssh user 用户名 authentication-type password #设置SSH用户的认证类型
[Huawei]ssh user 用户名 service-type stelnet #设置SSH用户的服务类型
[Huawei]stelnet server enable #开启stelnet服务5. Open the Xshell software connection
