Chapter One
OSI7层模型
osi分层
1. Application Layer: providing a variety of services to users, the interface between the service network and the user software
2. Presentation Layer: Language conversion is used, see the user
service: resolve discrepancies between different computer
security data
data compression
3. session layer: maintenance mechanism with letters between applications, can help restore communication, you can control communication, you can send the transmission of large files.
4. Transport Layer: responsible for sending packets
of basic services: addressing, connection management, flow control and buffer
5. Network layer: can address information to the destination computer
6. The data link layer: establishing data communication between the entities link connection, the data transmitted in frame units by error control, flow control method, the physical connection may be transformed into error error-free data logical link, even if it is an error-free performance of the network layer link .
7: Physical layer: the OSI lowest layer, data transmission connection service through the physical layer.
封装与解封装
Package: transmitting a data communication from the top down, will be supplied in a large envelope of different information, the original data plus the head and tail, and then encapsulating the data.
Decapsulation: the package opposite to the principle of information to a large head and tail, put the letter sequence. Is added information of each layer was removed, the remaining results are passed to the upper layer.
TCP/IP 模型
TCP/IP 分层
1. Network Access Layer: receiving IP data transmitted over the physical network, or receiving the physical signal into a data frame, extracting data packets Ip, to ip layer.
2. Internet Layer: responsible for data transfer between adjacent nodes
aspect three main functions
1: processing requests from the transport layer, the packet is loaded IP packet, the header is filled, select a node in the path to the object, then the data report sent to the appropriate network interface.
2: processing the input data reported first plausibility check of the data reported, how routing. If the data packet has reached the destination node (the machine), it will remove the header portion of the IP data to a corresponding transport protocol. If there is no destination node, it will continue forward.
3. ICMP packet processing, i.e. the processing routing, flow control and congestion control issues.
"IP" is the TCP / IP's heart, is the most important network layer protocols.
"IP" is the best of the agreement, which will put datagram loss, duplication, delay, out of order delivery.
In order to complete the data transfer, there is a network protocol able to report when an error occurs. The agreement is "ICMP"
"IP" and "ICMP" are interdependent, "IP" sending the wrong message needs "ICMP", and "ICMP" also use "IP" to send a message.
"ICMP" error message has five, four types of information packet
errors: a source control
2. Timeout
3. Destination Unreachable
4. Redirection
5. Requirements segment
information: 1. Echo Request
2. Response response
3. Address mask request.
4. Address mask it transponder
3. transport layer: the transport layer is mainly transmitted to a system to ensure that all data is correct reach the correct system to provide reliable end to end transmission.
"OSI"7层与"TCP/IP"对比如图
Chapter two
交换机工作原理
MAC帧格式
MAC frame format, in the Ethernet environment, all the devices can recognize the maximum frame length of a valid portion are 1518 bytes, the minimum frame size is 64 bytes (effective length refers to the portion of the frame)
as shown in 
IFG: data frames a minimum gap (12 bytes)
通过中继器时会造成帧间隙 的变化。
帧间隙的变化直接影响网络直径。
帧间隙的缩减不能小于最小限度。
Minimum frame length:
To ensure site sends data transmission, can be detected to detect the presence of possible conflicts, not shorter than the required length of the frame to a certain value, otherwise the collision is detected before the transmission has ended, but in fact the frame has been undermined by conflict.
Maximum frame length: maximum transmission unit of Section 1518, which is due to the buffer capacity of the sending and receiving stations always have a limit, and if a station transmitting the frame is too long, and will interfere with the other station, the media used.
交换试以太网和传统以太网
Ethernet switch principle is very simple, it detects from the MAC address of the Ethernet source and destination port for the data frame, and then compared with the dynamic lookup tables within the system, if the source address of the MAC layer data frame is not in the lookup table , then the source address and the corresponding port to the look-up table, if the destination MAC address in a lookup table, the data frame transmitted to the corresponding destination port, otherwise transmitting the data frame to all ports.
Remember that a switch can be a source MAC address of the interface on the received data frame, and the correspondence relationship between the MAC address and the receiving port is stored in the MAC address table.
交换机的功能
1. Address Learning:
can remember the source data in a frame received interface "MAC" address, and stored, are stored in the "MAC" address
2 forwarding / filtering decision:
1. If the same source port and destination port, discard the frame, i.e. by filtration.
2. If the same source port and destination port, the frame is forwarded, i.e. forwarding.
3. If the destination port is unknown, it is broadcast.
交换机的交换方式
1. pass-through mode: 不需要存储,延迟非常小、交换非常快这是它的优点,但不能提供错误检测能力,还容易丢帧。
2. Store and Forward: 在数据处理时延时大,这是它的不足,但它可以对进入交换机的数据帧进行错误检验有效改善网络性能。尤其是它支持不同速度的端口间的转换,保持高速端口与低速端口间的协同工作。
3. Fragment:它会检验数据帧的长度是否够64个字节,如果小于64字节,说明是残帧,则丢弃该帧;如果大于64字节,则根据目的MAC和源MAC地址发送该帧,这种方式也不提供数据检验。它的数据处理速度比直通式慢,但又比存储转发方式要快,但对于1518字节的超长数据帧,碎片隔离方式也是没办法检验出来的,但它还是会白这种超长的错误数据帧发送到网络上,从而无畏地占用网络考卷,并会占用目标主机的处理时间,降低网络效率。
third chapter
1. 关于交换机配置线材主要分成三种。
1. The two ends of the cable are arranged DB9 female
2. Female DB9 one end, one end of the cable is arranged DB9 male
3. Female DB9 one end, one end of a RJ-45 cable Crystal head arrangement
2.交换机里面的CLI语言
LI interface, menu-driven interface and the Web interface is the more popular of the three switch configuration interface, comparatively speaking, CLI interface to configure and manage more convenient, faster, and because different vendors CLI interface has to a certain extent similar sex, so professional network administrators and network engineers are adept at using the CLI interface
3.交换机的几种配置模式
Setup mode:
Setup配置模式只能做一些基础的配置,如修改交换机提示符,配置交换机IP地址,启动Web服务。在进入主菜单之前,可以选择配置界面的语言种类,英文按0,中文按1.
User Mode:
一般用户配置模式下有许多的限制,用户不能对交换进行任何配置,只能查询交换机的时钟和交换机的版本信息。
在特权用户模式下按exit或者Ctrl+z可以返回一般用户模式。
Privileged user mode:
特权用户模式下可以查询交换机的配置信息,哥哥端口的连接情况与收发数据统计,在进入特权用户模式后可以进入全局配置模式对交换机的各项配置进行修改,所以特权用户模式必须要设置密码,以防被非特权用户修改。
Global configuration mode:
从特权用户配置模式下输入Config命令,即可进入全局配置模式。
Interface configuration mode:
接口配置模式主要配置的是cpu端口与以太网端口。
在全局配置模式下输入命令 interface vlan VID可以进入cpu端口配置,退出方式exit或者Ctrl+z返回进入全局配置模式。
在全局配置模式下输入命令 interface ethemet 可以进入以太网端口配置,退出方式一样.
VLAN configuration mode:
在全局配置模式下进行,如图创建一个vlan
VLAN division of reason:
1.基于网络性能考虑: 防止产生广播风暴,使网络阻塞
2.基于安全性的考虑:不让不属于这个端口的IP查看该VLAN的数据
Chapter Four
1.PVID and VID
Pvid和Vid经常出现于二、三层交换机里
pvid是交换机上的概念,说的是进入该端口的报文如果没有打vlan id就按pvid的值打上,
vid是报文上的vlan tag的意思.不是同个概念哦.
首先解释一下什么是PVID,PVID英文解释为Port-base VLAN ID,是基于端口的VLAN ID,一个端口可以属于多个vlan,但是只能有一个PVID,收到一个不带tag头的数据包时,会打上PVID所表示的vlan号,视同该vlan的数据包处理,所以也有人说PVID就是某个端口默认的vlan ID号。
默认情况下,简单的理解为:
ACCESS端口接PC,VID=PVID
TRUNK端口级联,VID=全部,PVID=1
简单的说,VID(VLAN ID)是VLAN的标识,定义其中的端口可以接收发自这个VLAN的包;而PVID(Port VLAN ID)定义这个untag端口可以转发哪个VLAN的包。比如,当端口1同时属于VLAN1、VLAN2和VLAN3时,而它的PVID为1,那么端口1可以接收到VLAN1,2,3的数据,但发出的包只能发到VLAN1中
2. Single-switch VLAN
VLAN的优点是能够减少在解决移动,添加和修改等问题是的管理开销,也能提供控制广播活动的功能,同时安全性也能得到提高。
LAN实现的方法主要有两种:
一种是基于端口
一种是基于MAC地址
基于端口VLAN的原理就是把交换机的若干个端口定义为一个VLAN,同一个VLAN中的站点在同一个子网内,不同的VLAN之间的通信就要通过路由器。
而基于MAC地址的VLAN其实更好理解,就是把多个MAC地址划分成一个VLAN,在小型园区之类的地方很实用,但是你要把每个MAC地址都记录划分是一件很麻烦的事情,不推荐使用。
3. Switch ports:
1.Trunk端口
2.Access端口
交换设备端口一般默认是access模式
accsee模式的端口只能通过一个vlan
即端口所在vlan
trunk模式的端口可以通过多个vlan
例如h3c的部分交换机 如下设置
port link-type trunk
port trunk permit vlan all
对应的,该端口所连接的另外一台交换机的端口也应该设置成trunk模式
想要哪个vlan通过
该设备中必须有这个vlan
access链路类型端口,一种交换机的主干道模式。2台交换机的2个端口之间是否能够建立干道连接,取决于这2个端口模式的组合。只允许默认VLAN的以太网帧通过的端口称为Access链路类型端口。