| OSI model (total 7 layers) | TCP / IP layered (total four layers) |
|---|---|
| Application layer | Application layer |
| Presentation layer | Application layer |
| Session Layer | Application layer |
| Transport Layer | Transport Layer |
| Network layer | Internet layer (Alias: Internet layer, network layer) |
| data link layer | Network Interface Layer |
| Physical Layer | Network Interface Layer |
TCP / IP layered
application layer: the application layer the application data transmitted to the transport layer, to exchange information. It mainly provides protocol used for a variety of applications.
Transport Layer: transporting layer is mainly transferred to the reliability of the transmission to ensure that all the data arrives at the system, a system is correct, there is provided end to end.
Network layer: the network layer mainly to solve the communication problems between the computer, which is responsible for managing data exchange between different devices, it is the highest level INTERNET subnetworks, it provides unreliable connectionless datagram mechanism, regardless of whether the transmission is correct, do not do verification, and did not confirm nor ensure the correct order of the packets.
Physical Layer: The main function is to connect the IP datagram layer, sent out over the network, or receiving and processing the physical frame from the network and extracts the data transmitted to the IP layer of the network layer ---- .
Switch
MAC frame format, in the Ethernet environment, all the devices can recognize the maximum frame length of a valid portion are 1518 bytes, the minimum frame size is 64 bytes (effective length refers to the portion of the frame)
frame interval: a minimum data frames a gap (12 bytes)
- It will result in changes to the frame relay through the gap.
- Frame gap changes directly affect the network diameter.
- Reduced inter-frame gap be not less than the minimum.
Ethernet switch principle is simple, it detects that the source and destination MAC addresses from Ethernet interface to the data frame, and then compared with the dynamic lookup tables within the system, if the data source MAC layer address is not in the lookup table , then the source address and the corresponding port to the look-up table, if the destination MAC address in a lookup table, the data frame transmitted to the corresponding destination port, otherwise transmitting the data frame to the port all.
Remember that a switch can be a source MAC address of the interface on the received data frame, and the correspondence relationship between the MAC address and the receiving port is stored in the MAC address table.
转发/过滤决定
1.如果源端口和目的端口相同,则丢弃该帧,即过滤。
2.如果源端口和目的端口相同,则转发该帧,即转发。
3.如果目的端口未知,则进行广播。
交换机的交换方式
1.直通方式。
2.存储方式。
3.碎片隔离。
直通方式:不需要存储,延迟非常小、交换非常快这是它的优点,但不能提供错误检测能力,还容易丢帧。
存储方式:在数据处理时延时大,这是它的不足,但它可以对进入交换机的数据帧进行错误检验有效改善网络性能。尤其是它支持不同速度的端口间的转换,保持高速端口与低速端口间的协同工作。
碎片隔离:它会检验数据帧的长度是否够64个字节,如果小于64字节,说明是残帧,则丢弃该帧;如果大于64字节,则根据目的MAC和源MAC地址发送该帧,这种方式也不提供数据检验。它的数据处理速度比直通式慢,但又比存储转发方式要快,但对于1518字节的超长数据帧,碎片隔离方式也是没办法检验出来的,但它还是会白这种超长的错误数据帧发送到网络上,从而无畏地占用网络考卷,并会占用目标主机的处理时间,降低网络效率。
交换机管理
配置缆线和连接
配置线缆有以下几种
1.两端都是DB9母头配置线缆
2.一端是DB9母头,一端是DB9公头配置线缆
3.一端是DB9母头,一端是RJ-45水晶头配置线缆
CLI界面、菜单式界面和Web界面是目前比较流行的交换机三大配置界面,相比较而言,CLI界面配置和管理起来更加便捷、更加快速,又因为不同厂商的CLI界面在一定程度上具有相似性,所以专业的网管人员和网络工程师都善于使用CLI界面
CLI的特点
(1)配置模式介绍:
1)Setup配置模式。一般在交换机第一次启动的时候进入Setup配置模式,并不是所有的交换机都支持Setup配置模式。
Setup配置大多是以菜单的形式出现的,在Setup配置中可以做一些交换机最基本的配置,列如:修改交换机提示符、配置交换机IP地址、启动Web服务等。
用户在进入主菜单之前需要选择配置菜单界面的语言种类
Setup主菜单的提示:
2)一般用户配置模式。提示符为“Switch>"。
3)特权用户配置模式。在一般用户配置模式下使用Enable命令就可以进入特权用户配置模式,如果给特权用户配置了密码,则输入相应的特权用户密码,即可进入此模式。提示符为“Switch#”。
4)全局配置模式。从特权用户配置模式下输入Config命令,即可进入全局配置模式。
5)接口配置模式。在全局配置模式下,使用命令Interface就可以进入相应的接口配置模式。
6)VLAN配置模式。在全局配置模式下,使用命令VLAN即可进入相应的VLAN配置模式。
用命令exit可以退出当前配置模式(一般用户配置模式除外),如在全局配置模式下使用exit命令会返
回特权用户配置模式、在VLAN配置模式时,可使用命令exit回到全局配置模式。
VLAN:虚拟局域网
划分VLAN的原因:
1.基于网络性能考虑: 防止产生广播风暴,使网络阻塞
2.基于安全性的考虑:不让不属于这个端口的IP查看该VLAN的数据
关于PVID和VID,VID就是VLAN的一个标识,可以理解为它的名字,定义端口可以收发这个VLAN的包,而PVID就是定义端口可以转发VLAN的包。
Port switch and port into Trunk Access port.
Trunk ports can simultaneously send and receive data from multiple VLAN, and Access port can only be connected at the same time a VLAN, can be understood, a group of servers using the Trunk port connection, but he needed an extra PC to manage this group of servers, which when the PC can not be connected directly to the Trunk port, because the PC itself does not know what they have to connect a VLAN, this time on the need to use the Access port, while the PC is set up so that only PVID corresponds to a port.