Category Archives: 交换机技术

Configuring Voice VLAN on 3550总结

Posted on by
Reply

Understanding Voice VLAN

The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. The switch can connect to a Cisco 7960 IP Phone and carry IP voice traffic. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1P class of service (CoS). QoS uses classification and scheduling to send network traffic from the switch in a predictable manner. For more information on QoS, see Chapter 29, "Configuring QoS." The Cisco 7960 IP Phone is a configurable device, and you can configure it to forward traffic with an 802.1P priority. You can configure the switch to trust or override the traffic priority assigned by an IP Phone.

The Cisco 7960 IP Phone contains an integrated three-port 10/100 switch as shown in Figure 14-1. The ports provide dedicated connections to these devices:

Port 1 connects to the switch or other voice-over-IP (VoIP) device.

Port 2 is an internal 10/100 interface that carries the IP phone traffic.

Port 3 (access port) connects to a PC or other device.

Figure 14-1 shows one way to connect a Cisco 7960 IP Phone.

Figure 14-1 Cisco 7960 IP Phone Connected to a Switch

 

 

When the IP Phone connects to the switch, the access port (PC-to-telephone jack) of the IP phone can connect to a PC. Packets to and from the PC and to or from the IP phone share the same physical link to the switch and the same switch port. For deployment examples that use voice VLANs, refer to the "Network Configuration Examples" section on page 1-9.


Configuring Voice VLAN

This section describes how to configure voice VLAN on access ports. It contains this configuration information:

Default Voice VLAN Configuration

Voice VLAN Configuration Guidelines

Configuring a Port to Connect to a Cisco 7960 IP Phone


Default Voice VLAN Configuration

The voice VLAN feature is disabled by default.

When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of the port.

The default CoS value is 0 for incoming traffic.

The CoS value is not trusted for 802.1P or 802.1Q tagged traffic.

The IP Phone overrides the priority of all incoming traffic (tagged and untagged) and sets the CoS value to 0.


Voice VLAN Configuration Guidelines

These are the voice VLAN configuration guidelines:

You should configure voice VLAN on switch access ports.

Before you enable voice VLAN, we recommend that you enable QoS on the switch by entering the mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command.

The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the Port Fast feature is not automatically disabled.

When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.

If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.

You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

Voice VLAN ports can also be these port types:

Dynamic a
ccess port. See the "Configuring Dynamic Access Ports on VMPS Clients" section on page 12-32 for more information.

Secure port. See the "Configuring Port Security" section on page 21-8 for more information.

802.1X authenticated port. See the "Using 802.1X with Voice VLAN Ports" section for more information.

Protected port. See the "Configuring Protected Ports" section on page 21-5 for more information.


Configuring a Port to Connect to a Cisco 7960 IP Phone

Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco 7960 IP Phone can carry mixed traffic.

You can configure the port to carry voice traffic in one of these ways:

Configuring Ports to Carry Voice Traffic in 802.1Q Frames

Configuring Ports to Carry Voice Traffic in 802.1P Priority-Tagged Frames

You can configure the IP phone to carry data traffic in one of these ways:

Overriding the CoS Priority of Incoming Data Frames

Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames

—————————-总结—————————–

override:替代

语音流量的配置控制:
switchport voice vlan dot1p :
Instruct the switch port to use IEEE 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP phone forwards the voice traffic with an IEEE 802.1p priority of 5.

switchport voice vlan vlan-id
Instruct the Cisco IP Phone to forward all voice traffic through the specified VLAN. By default, the Cisco IP Phone forwards the voice traffic with an 802.1Q priority of 5. Valid VLAN IDs are from 1 to 4094.

switchport voice vlan dot1p配置方法将导致交换机和IP电话之间使用802.1p标记语音帧,且使用NATIVE vlan来传输(所有,包含语音)数据.
switchport voice vlan vlan-id方式导致交换机和IP电话之间使用802.1Q标记帧传输语音.且使用NATIVE vlan传输其他数据.

不管使用那种方式,非语音流量不会被打上VLAN标记.

———————-

引用CISCO 另一份文档内容:

Switch(config-if)#switchport voice vlan ?
  <1-4094>  Vlan for voice traffic
  dot1p     Priority tagged on PVID
  none      Do not tell telephone about voice vlan
  untagged  Untagged on PVID

Enter a voice VLAN ID in order to send CDP packets that configure the IP phone to transmit voice traffic in 802.1Q frames, tagged with the voice VLAN ID and a Layer 2 CoS value (the default is 5 for voice traffic and 3 for voice control traffic). Valid VLAN IDs are from 1 to 4094. The switch puts the 802.1Q voice traffic into the voice VLAN.

Enter the dot1p keyword in order to send CDP packets that configure the IP phone to transmit voice traffic in 802.1p frames, tagged with VLAN ID 0 and a Layer 2 CoS value (the default is 5 for voice traffic and 3 for voice control traffic). The switch puts the 802.1p voice traffic into the access VLAN.

Enter the untagged keyword in order to send CDP packets that configure the IP phone to transmit untagged voice traffic. The switch puts the untagged voice traffic into the access VLAN.

Enter the none keyword in order to allow the IP phone to use its own configuration and transmit untagged voice traffic. The switch puts the untagged voice traffic into the access VLAN.

——————————

对于PC数据流量的配置控制

switchport priority extend cos value :
Set the IP phone access port to override the priority received from the PC or the attached device.
The CoS value is a number from 0 to 7. Seven is the highest priority. The default is 0.

switchport priority extend trust
Set the IP phone access port to trust the priority received from the PC or the attached device.

switchport priority  extend cos vlaue 用这个vlaue值替换PC中的数据COS,默认用0替换
switchport prioriy extend trust 信任Pc数据里的COS

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf35.html

Share

[原创]MST(802.1s)学习笔记

Posted on by
1

人邮讲的太晦涩,看了CISCO 的文档,大概理解翻译了下,有错的请至正.另外,关于他们之间交换BPDU的过程我还不是十分很了解.望战友帮助讲解.

先解释一些名词,不然下面就乱了:

1.       IST: IST是一个MST区域的生成树,它维护和计算机这个MST 区域内的SPT,MST实例0就是一个特殊的MST实例,这个实例就叫 IST. 也就是说可以把IST看成是每个MST区域的外界表现

2.       CIST: 将各个IST互连起来形成的就叫CIST, CIST是跨越整个网络的唯一实例.

3.       CST:互连各个MST区域,并维护一个单独的生成树,这个区域里可能包含不属于任何区域的普通802.1D交换机.

         (这里CIST和CST的关系 还不是十分理解,我理解的是CST比CIST范围更大,书上好像是CIST比CST 范围大)

4.       IST根:就是这个MST区域的根,因为IST负责一个MST区域的SPT,所以一个MST区域会有一个根,这个根就是IST根.

5.       CIST区域根:CIST区域其实就是各个MST区域,所以CIST区域根就是说的各个区域的IST根.

6.       CIST根:就是整个CIST的根(CIST跨越整个网络的唯一实例)

 注意:如果CIST内只有一个区域,那么此时的CIST区域根就是IST根.

7.       IST是CIST的一个子树.

8.       CIST内部根路径开销: 就是一个MST区域内交换机到这个区域根(IST根,或者说是CIST区域根)的开销,是内部的,它只和IST有关,

9.       CIST外部根路径开销,是MST区域到CIST根的开销,整个MST区域表现为一个虚拟交换机,所以MST区域内交换机到CIST根的开销全部相同. The CIST external root path cost is the root path cost calculated between these virtual switches and switches that do not belong to any region.

 

一: MST区域内的生成树操作.

IST收敛后,IST的根成为CIST区域根,当CIST的根在一个MST区域外的时候,这个MST区域就要选举一个区域边界上的路由器作为CIST区域根(IST根).一个区域内的交换机必须都要相信和统一一个CIST区域根,因此,MST里的交换机之间只同步关于MST实例的端口规则.

二:MST区域间的生成树

如果有多个MST区域或者还有多个802.1D交换机,那么就要建立和维护一个CST,CST包括了所有MST区域和802.1D交换机(如果有这样单独的交换机).MST实例通过区域边界,通过IST形成MST.

 

   图示:

 

关于BPDU的交换看原文,我理解不透:

Only the CST instance sends and receives BPDUs, and MST instances add their spanning tree information into the BPDUs to interact with neighboring switches and compute the final spanning tree topology. Because of this, the spanning tree parameters related to BPDU transmission (for example, hello time, forward time, max-age, and max-hops) are configured only on the CST instance but affect all MST instances. Parameters related to the spanning tree topology (for example, switch priority, port VLAN cost, and port VLAN priority) can be configured on both the CST instance and the MST instance.

MST switches use Version 3 BPDUs or 802.1D STP BPDUs to communicate with 802.1D switches. MST switches use MST BPDUs to communicate with MST switches.

 原文请看http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080518f21.html#wp1033176

Share

MLS

Posted on by
Reply

To determine the best path is the primary function of routing protocols, and this can be a
CPU-intensive process. Thus, there is a significant performance increase with the offload
of a portion of this function to switching hardware. This performance increase is the goal
of the MLS feature.
Two of the three major components of MLS are the MLS route processor (MLS-RP) and
the MLS switching engine (MLS-SE). The MLS-RP is the MLS-enabled router, which
performs the traditional function of routing between subnets/VLANs. The MLS-SE is a
MLS-enabled switch, which normally requires a router to route between subnets/VLANs.
However, with special hardware and software, MLS-SE can handle the rewrite of the
packet. When a packet transverses a routed interface, the change (rewrite) of non-data
portions of the packet occurs as the packet heads to the destination, hop by hop.
Confusion can arise here because a Layer 2 device appears to take on a Layer 3 task.
Actually, the switch only rewrites Layer 3 information and "switches" between
subnets/VLANs. The router is still responsible for standards-based route calculations and
best-path determination. You can avoid much of this confusion if you mentally keep the
routing and switching functions separate, especially when they are within the same
chassis (as with an internal MLS-RP). Think of MLS as a much more advanced form of
route cache, with a separation of the cache from the router on a switch. MLS requires
both the MLS-RP and the MLS-SE, along with respective hardware and software
minimums

Share

Catalyst 3550 Multilayer Switch Software Configuration Guide, 12.1(4)EA1

Posted on by
Reply

Catalyst 3550 Multilayer Switch Software Configuration Guide, 12.1(4)EA1

Click the links on the left to view the individual chapters in HTML format.
Download the complete bookDownload the complete book (PDF - 13 MB)
Share

show spanning-tree

Posted on by
Reply

Catalyst 6500 Series Cisco IOS Command Reference, 12.1 E

show spanning-tree

To display information about the spanning tree state, use the show spanning-tree command.

show spanning-tree [bridge-group | active | backbonefast | {bridge [id]}| detail | inconsistentports | {interface interface interface-number} | root | summary [total] | uplinkfast | {vlan vlan-id} | {port-channel number} | pathcost-method]


Syntax Description

bridge-group

(Optional) Specifies the bridge group number; valid values are from 1 to 255.

active

(Optional) Displays spanning tree information on active interfaces only.

backbonefast

(Optional) Displays spanning tree BackboneFast status.

bridge [id]

(Optional) Displays bridge status and configuration information.

detail

(Optional) Displays detailed information.

inconsistentports

(Optional) Displays root inconsistency state.

interface interface

(Optional) Interface type and number; possible valid values for type are ethernet, fastethernet, gigabitethernet, tengigabitethernet, pos, atm, and ge-wan.

interface-number

(Optional) Module and port number; see the "Usage Guidelines" section for valid values.

root

(Optional) Displays root bridge status and configuration.

summary

(Optional) Specifies a summary of port states.

total

(Optional) Displays the total lines of the spanning tree state
section.

uplinkfast

(Optional) Displays spanning tree UplinkFast status.

vlan vlan-id

(Optional) Specifies the VLAN ID; see the "Usage Guidelines" section for valid values.

port-channel number

(Optional) Specifies the channel interface; see the "Usage Guidelines" section for valid values.

pathcost-method

(Optional) Displays the default path cost calculation method used.

>

 


Defaults

This command has no default settings.


Command Modes

Priviledged EXEC


Command History

Release
Modification

12.0(7)XE

Support for this command was introduced on the Catalyst 6500 series switches.

12.1(1)E

Support for this command on the Catalyst 6500 series switches was extended to the 12.1 E release.

12.1(3a)E3

The number of valid values for port-channel changed; see the "Usage Guidelines" section for valid values.

12.1(11b)E

This command was changed to include the ge-wan, atm, and pos keywords.

12.1(11b)EX

This command was changed to support extended-range VLANs and MST.

12.1(13)E

This command was changed by removing the wide option, replacing the brief option with detail, displaying the port priority as part of the port ID, removing the priority column, and supporting the long cost format.

 


Usage Guidelines

The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module installed in a 13-slot chassis, valid values for the module number are from 2 to 13 and valid values for the port number are from 1 to 48.

The number of valid values for port-channel num depends on the software release. For releases prior to Release 12.1(3a)E3, valid values are from 1 to 256; for Releases 12.1(3a)E3, 12.1(3a)E4, and 12.1(4)E1, valid values are from 1 to 64. Release 12.1(5c)EX and later support a maximum of 64 values ranging from 1 to 256. Release 12.1(13)E and later support a maximum of 64 values ranging from 1 to 282; values 257 to 282 are supported on the CSM and FWSM.

If your system is configured with a Supervisor Engine 1, valid values for vlan-id are from 1 to 1005. If your system is configured with a Supervisor Engine 2, valid values for vlan-id are from 1 to 4094. Extended-range VLANs are not supported on systems configured with a Supervisor Engine 1.

When checking spanning tree active states and you have a large number of VLANs, you can enter the show spanning-tree summary total command to display the total number without having to scroll through the list of VLANs.


Examples

This example shows how to display a summary of interface information: 

Router# show spanning-tree








VLAN0001








  Spanning tree enabled protocol ieee








  Root ID    Priority    4097








             Address     0004.9b78.0800








             This bridge is the root








             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec














  Bridge ID  Priority    4097   (priority 4096 sys-id-ext 1)








             Address     0004.9b78.0800








             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec








             Aging Time 15 














Interface        Port ID                     Designated                Port ID








Name             Prio.Nbr      Cost Sts      Cost Bridge ID            Prio.Nbr








---------------- -------- --------- --- --------- -------------------- --------








Gi2/1            128.65           4 LIS         0  4097 0004.9b78.0800 128.65  








Gi2/2            128.66           4 LIS         0  4097 0004.9b78.0800 128.66  








Fa4/3            128.195         19 LIS         0  4097 0004.9b78.0800 128.195 








Fa4/4            128.196         19 BLK         0  4097 0004.9b78.0800 128.195 














Router#












Table 2-40 lists the output fields and definitions. 




 







Table 2-40 show spanning-tree Command Output Fields 







Field 




Definition 








Port ID Prio.Nbr 




Port ID and priority number. 








Cost 




Port cost. 








Sts 




Displays status information. 












 




This example shows how to display spanning tree information on active interfaces only: 






Router# show spanning-tree active








UplinkFast is disabled








BackboneFast is disabled














 VLAN1 is executing the ieee compatible Spanning Tree protocol








  Bridge Identifier has priority 32768, address 0050.3e8d.6401








  Configured hello time 2, max age 20, forward delay 15








  Current root has priority 16384, address 0060.704c.7000








  Root port is 265 (FastEthernet5/9), cost of root path is 38








  Topology change flag not set, detected flag not set








  Number of topology changes 0 last change occurred 18:13:54 ago








  Times:  hold 1, topology change 24, notification 2








          hello 2, max age 14, forward delay 10








  Timers: hello 0, topology change 0, notification 0














 Port 265 (FastEthernet5/9) of VLAN1 is forwarding








   Port path cost 19, Port priority 128, Port Identifier 129.9.








   Designated root has priority 16384, address 0060.704c.7000








   Designated bridge has priority 32768, address 00e0.4fac.b000








.








.








.








Router#












This example shows how to display spanning tree BackboneFast status: 






Router# show spanning-tree backbonefast








BackboneFast is enabled








 








BackboneFast statistics








-----------------------








Number of transition via backboneFast (all VLANs) : 0








Number of inferior BPDUs received (all VLANs)     : 0








Number of RLQ request PDUs received (all VLANs)   : 0








Number of RLQ response PDUs received (all VLANs)  : 0








Number of RLQ request PDUs sent (all VLANs)       : 0








Number of RLQ response PDUs sent (all VLANs)      : 0








Router# 












This example shows how to display spanning tree information for this bridge only: 






Router# show spanning-tree bridge








VLAN1








  Bridge ID  Priority    32768








             Address     0050.3e8d.6401








             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec








VLAN2








  Bridge ID  Priority    32768








             Address     0050.3e8d.6402








             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec








VLAN3








  Bridge ID  Priority    32768








             Address     0050.3e8d.6403








             Hello

Time   2 sec  Max Age 20 sec  Forward Delay 15 sec          








.








.








.








Router#












This example shows how to display detailed interface information: 






Router# show spanning-tree detail














VLAN1 is executing the ieee compatible Spanning Tree protocol 








Bridge Identifier has priority 4096, address 00d0.00b8.1401 








Configured hello time 2, max age 20, forward delay 15 








We are the root of the spanning tree 








Topology change flag not set, detected flag not set 








Number of topology changes 9 last change occurred 02:41:34 ago 








from FastEthernet4/21 








Times: hold 1, topology change 35, notification 2 








hello 2, max age 20, forward delay 15 








Timers: hello 1, topology change 0, notification 0, aging 300 














Port 213 (FastEthernet4/21) of VLAN1 is forwarding 








Port path cost 19, Port priority 128, Port Identifier 128.213. 








Designated root has priority 4096, address 00d0.00b8.1401 








Designated bridge has priority 4096, address 00d0.00b8.1401 








Designated port id is 128.213, designated path cost 0 








Timers: message age 0, forward delay 0, hold 0 








Number of transitions to forwarding state: 1 








BPDU: sent 4845, received 1 














Port 214 (FastEthernet4/22) of VLAN1 is forwarding 








Port path cost 19, Port priority 128, Port Identifier 128.214. 








Designated root has priority 4096, address 00d0.00b8.1401 








Designated bridge has priority 4096, address 00d0.00b8.1401 








Designated port id is 128.214, designated path cost 0 








Timers: message age 0, forward delay 0, hold 0 








Number of transitions to forwarding state: 1 








BPDU: sent 127545, received 5 








Router# 












This example shows how to display spanning tree information for a specific interface: 






Router# show spanning-tree interface fastethernet 5/9








Interface Fa0/10 (port 23) in Spanning tree 1 is ROOT-INCONSISTENT Port path cost 100, Port priority 128 Designated root has priority 8192, address 0090.0c71.a400 Designated bridge has priority 32768, address 00e0.1e9f.8940 Designated port is 23, path cost 115 .








.








.












This example shows how to display spanning tree information for a specific VLAN: 






Router# show spanning-tree vlan 200








VLAN0200 








 Spanning tree enabled protocol ieee 








 Root ID Priority 32768 








    Address 00d0.00b8.14c8 








    This bridge is the root 








    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec








 Bridge ID Priority 32768 








    Address 00d0.00b8.14c8 








    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 








    Aging Time 300








Interface Role Sts Cost Prio.Nbr Status 








---------------- ---- --- --------- -------- -------------------------------- 








Fa4/4 Desg FWD 200000 128.196 P2p 








Fa4/5 Back BLK 200000 128.197 P2p








Router#












This example shows how to display spanning tree information for a specific bridge group: 






Router# show spanning-tree 1








 UplinkFast is disabled








 BackboneFast is disabled








 








  Bridge group 1 is executing the ieee compatible Spanning Tree protocol








   Bridge Identifier has priority 32768, address 00d0.d39c.004d








   Configured hello time 2, max age 20, forward delay 15








   Current root has priority 32768, address 00d0.d39b.fddd








   Root port is 7 (FastEthernet2/
2), cost of root path is 19








   Topology change flag set, detected flag not set








   Number of topology changes 3 last change occurred 00:00:01 ago








           from FastEthernet2/2








   Times:  hold 1, topology change 35, notification 2








           hello 2, max age 20, forward delay 15 








   Timers: hello 0, topology change 0, notification 0  bridge aging time 15








 








Port 2 (Ethernet0/1/0) of Bridge group 1 is down








                                        








    Port path cost 100, Port priority 128








    Designated root has priority 32768, address 0050.0bab.1808








    Designated bridge has priority 32768, address 0050.0bab.1808








    Designated port is 2, path cost 0








    Timers: message age 0, forward delay 0, hold 0








    BPDU: sent 0, received 0








 








  Port 7 (FastEthernet2/2) of Bridge group 1 is forwarding








    Port path cost 19, Port priority 128, Port Identifier 128.7.








    Designated root has priority 32768, address 00d0.d39b.fddd








    Designated bridge has priority 32768, address 00d0.d39b.fddd








    Designated port id is 128.7, designated path cost 0








    Timers: message age 2, forward delay 0, hold 0








    Number of transitions to forwarding state: 1








    BPDU: sent 3, received 49                                                          








Router#      












This example shows how to display a summary of port states: 






Router# show spanning-tree summary 








Root bridge for: Bridge group 1, VLAN0001, VLAN0004-VLAN1005 








 VLAN1013-VLAN1499, VLAN2001-VLAN4094 








EtherChannel misconfiguration guard is enabled 








Extended system ID is enabled 








Portfast is enabled by default 








PortFast BPDU Guard is disabled by default 








Portfast BPDU Filter is disabled by default 








Loopguard is disabled by default 








UplinkFast is disabled 








BackboneFast is disabled 








Pathcost method used is long








Name                   Blocking Listening Learning Forwarding STP Active 








---------------------- -------- --------- -------- ---------- ---------- 








1 bridge               0        0         0        1          1 








3584 vlans 3584 0 0 7168 10752








                       Blocking Listening Learning Forwarding STP Active 








---------------------- -------- --------- -------- ---------- ---------- 








Total                  3584     0         0        7169       10753 








Router#      












This example shows how to display the total lines of the spanning tree state section: 






Router#  show spanning-tree summary total 








Root bridge for:Bridge group 10, VLAN1, VLAN6, VLAN1000.








Extended system ID is enabled.








PortFast BPDU Guard is disabled








EtherChannel misconfiguration guard is enabled








UplinkFast is disabled








BackboneFast is disabled








Default pathcost method used is long














Name                 Blocking Listening Learning Forwarding STP Active








-------------------- -------- --------- -------- ---------- ----------








           105 VLANs 3433     0         0        105        3538      








 








BackboneFast statistics








-----------------------








Number of transition via backboneFast (all VLANs) :0








Number of inferior BPDUs received (all VLANs)     :0








Number of RLQ request PDUs received (all VLANs)   :0








Number of RLQ response PDUs received (all VLANs)  :0








Number of RLQ request PDUs sent (all VLANs)       :0








Number of RLQ response PDUs sent (all VLANs)      :0








Router# 












This example shows how to determine if any ports are in root inconsistent state: 






Router#  show spanning-tree inconsistentports 












Name                 Interface            Inconsistency








-------------------- -------------------- ------------------








 VLAN1               FastEthernet3/1      Root Inconsistent














Number of inconsistent ports (segments) in the system :1








Router# 




Share
					

		
		
	


				
					
	

		

						
CISCO交换机POST过程排错

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			
POST是Power On Self Test, 也就是加电自检。 Cisco的2900系列交换机在POST阶段会执行8个不同的测试来分别检测交换机里最重要的一些元件是否正常工作。正常情况下, 当POST开始的时候, 每个端口上的LED灯都是黄的并持续2秒钟, 然后都变绿。 每通过一个测试, 就有一个端口上的绿灯熄掉(从端口1开始)。 所以当8个测试都成功结束的时候, 交换机上的前8个端口上的灯应该都会熄掉。 如果某个测试失败, 对应的那个端口上的灯就会变黄, 而且最左边的“System”的那个灯也会变黄。


这里是测试和端口上的灯的对应关系:
1           DRAM(内存)
2           Flash Memory(闪存)
3           Switch CPU(交换机处理器)
4           System Board(交换机主板)
5           CPU Interface ASIC(处理器接口集成电路)
6           Switch Core ASIC(交换机核心集成电路)
7           Ethernet Controller ASIC(以太网控制器集成电路)
8           Ethernet Interfaces(以太网接口)


所以你需要这样: 断电, 然后再加电, 仔细看前8个灯。 应该是先全黄, 再全绿, 再一个一个的由绿灯变熄灭, 如果某一个由绿灯变黄了(而不是熄灭), 记下这个灯的号码, 再和上面我给你给出的对应关系来对比就知道到底是什么元件坏掉了。比如第四个灯由绿变黄了, 和上面对应关系一对比就知道是交换机主板坏掉了。


还有, 在加电自检的过程中仔细看console的输出, 自检的结果也会在console上显示的。


Share
					

		
		
	


				
					
	

		

						
1924/2912交换机简单试验[转]

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			
实验1 交换机的启动及基本配置:
1924交换机上配置:
sw1924_b#delete nvram———-全部清除交换机的所有配置
sw1924_b#reload—————-重新启动交换机(初始提示符为> )
sw1924_b<config>#hostname sw1924—————————设置交换机的主机名>sw1924_b<config>#enable secret cisco———————–设置加密密码
sw1924_b<config>#enable password level 1 cisco1———–设置等级密码(1最低)
sw1924_b<config>#enable password level 15 cisco15———-设置等级密码(15最高)
sw1924_b<config>#ip address 192.168.14.1 255.255.255.0—–设置交换机的管理IP地址
sw1924_b<config>#ip default-gateway 192.168.198.2———-设置交换机的网关地址
sw1924_b<config>#ip domain-name pctc.com.cn—————-设置交换机所连域的域名
sw1924_b<config>#ip name-server 218.87.18.230————–设置交换机所连域的域名服务器IP
sw1924_b#show ip——————————————-查看上述设置环境
sw1924_b#show version————————————–查看交换机的版本等信息
sw1924_b#show running-config——————————-查看交换机的当前运行配置等全部信息
sw1924_b#show int e0/1————————————-查看交换机的第1个端口信息


2912交换机上配置:
sw2912_a#erase nvram———–全部清除交换机的所有配置
sw2912_a#reload—————-重新启动交换机(初始提示符为switch> )
sw2912_a<config>#int vlan 1———————————-进入vlan 1特殊接口配置模式
sw2912_a<config-if>#ip address 192.168.15.1 255.255.255.0—-设置交换机的管理IP地址
sw2912_a<config>#ip default-gateway 192.168.198.2———-设置交换机的网关地址
sw2912_a<config>#ip domain-name pctc.com.cn—————-设置交换机所连域的域名
sw2912_a<config>#ip name-server 218.87.18.230————–设置交换机所连域的域名服务器IP
sw2912_a#show int vlan 1———————————–查看交换机的VLAN 1特殊接口配置信息
sw2912_a#show run——————————————查看交换机的当前运行配置等全部信息


实验2 交换机的端口和MAC地址表的设置:
1924交换机配置端口属性:
sw1924_b#conf t
sw1924_b<config>#interface ethernet 0/1————————-进入第1个端口
sw1924_b<config-if>#description sw1924_b-e0/1-pc1—————给端口写入注释信息
sw1924_b<config-if>#duplex auto/full/full-flow-control/half—–设置端口的工作模式
sw1924_b<config-if>#port secure———————————启用端口安全性
sw1924_b<config-if>#port secure max-mac-count 1———设置该端口允许对应的MAC地址数(默认132个)
sw1924_b#sh mac-address-table security——————查看端口安全性


2912交换机配置端口属性:
sw1912_a#conf t—————————————–进入全局配置模式
sw1912_a<config>#interface fastethernet 0/1————-进入第1个端口
sw1912_a<config-if>#description sw2912_a-f0/1-pc1——-给端口写入注释信息
sw1912_a<config-if>#duplex auto/full/half—————设置端口的工作模式
sw1912_a<config-if>#port security———————–启用端口安全性
sw1912_a<config-if>#port security max-mac-count 1——-设置该端口允许对应的MAC地址数(默认132个)
sw1912_a<config-if>#end———————————返回特权模式
sw1912_a<config-if>#sh port security——————–查看端口安全性


配置和查看MAC地址表:
1924交换机配置MAC地址表:
sw1924_b<config>#mac-address-table aging-time 600—————–设置动态地址超时时间
sw1924_b<config>#mac-address-table permanent 0000.0cdd.5a4d e0/3—定义永久MAC地址(绑定MAC地址)
sw1924_b<config>#mac-address-table restricted static 0000.0cdd.aaed e0/6 e0/7–定义受限MAC地址
sw1924_b<config>#address-violation disable/ignore/suspend———————-定义地址安全违规
sw1924_b#show mac-address-table——————查看上述配置
sw1924_b#clear mac-addr restric static———–清除受限MAC地址表项


2912交换机配置MAC地址表:
sw2912_a<config>#mac-address-table aging-time 700—————设置动态地址超时时间
sw2912_a<config>#mac-address-table static 0000.0cdd.5a4d e0/3—定义永久MAC地址(绑定MAC地址)
sw2912_a<config>#mac-address-table secure 00d0.f80d.3333 f0/3 vlan 1—定义受限MAC地址
sw2912_a<config-if>#port security action shutdown/trap—————–定义地址安全违规
sw2912_a#show port security——————————————–查看上述配置


实验3 配置VTP、VLAN、VLAN Trunk和STP:
配置VTP:
sw1924_a#conf t
sw1924_a<config>#vtp server——————-定义VTP的工作模式
sw1924_a<config>#vtp domain cisco————-定义VTP的域名
sw1924_a<config>#trunk on———————启用干道


sw1924_b<config>#vtp domain cisco————-加入VTP域
sw1924_b<config>#vtp client——————-定义VTP的工作模式
sw1924_b<config>#trunk on———————启用干道


sw1924_a#show trunk b
sw1924_a#show trunk b allowed-vlans———–查看干道信息


配置VLAN:
sw1924_a<config>#vlan 10 dept1
sw1924_a<config>#vlan 20 dept2
sw1924_a<config>#vlan 30 dept3
sw1924_a<config>#vlan 40 dept4—————-定义所需VLAN
sw1924_a#show vlan—————————-查看VLAN信息


sw1924_b#show vlan
sw1924_b#show vtp—————————–查看VTP的信息
sw1924_b<config>#int e0/1
sw1924_b<config>#vlan-membership static 10
sw1924_b<config>#int e0/2
sw1924_b<config>#vlan-membership static 20
sw1924_b<config>#int e0/3
sw1924_b<config>#vlan-membership static 30
sw1924_b<config>#int e0/4
sw1924_b<config>#vlan-membership static 40—-把接口划入各自VLAN


配置spanning tree:
sw1924_b<config>#spantree 1————启用生成树协议
sw1924_b#sh spantree 1—————–查看生成树信息
sw1924_b<config>#no spantree 1———关闭生成树协议
sw1924_b<config>#sh spantree 1———查看生成树信息




Share
					

		
		
	


				
					
	

		

						
用Sniffer抓包分析以太网帧

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			


用sniffer抓icmp包来分析。


1。ping 192.168.1.1 -l 0


ping一个ip,指定携带的数据长度为0


抓包分析如图:




从图上的1处我们可以看到这个数据总大小是:60byte
从2处看到ip数据总长度:28byte
ip数据为什么是28byte?
因为ip头部是20个字节(4处标记的),而icmp头部是8个字节,因为我们的ping是指定数据长度为0的 ,所以icmp里不带额外数据,即:
28=20+8
而我们知道以太网类型帧头部是 6个字节源地址+6个字节目标地址+2个字节类型=14字节
以太网帧头部+ip数据总长度=14+28=42
注意3处标记的,填充了18个字节。
42+18=60
刚好等于总长度,其实这里我们需要注意到这里捕捉到帧不含4个字节的尾部校验,如果加上4字节尾部校验,正好等于64!
64恰好是以太类型帧最小大小。


在图中我们还可以看到 这个帧没有分割,flags=0x,因为不需要分割。


再分析一个
ping 192.168.1.1 -l 64

数据大小106byte
106-14(以太类型帧头部)=92
刚好等于ip部分的显示大小
92-20(ip)-8(icmp头)=64
刚好等于我们指定的64字节ping 包


以太网帧实际承载数据部分最大为1500,这里面还包含其他协议的报头,所以实际承载数据肯定小于1500,如果ping 192.168.1.1 -l 1500,那么数据必要会被分割,但计算方法还是一样的,只是需要特别注意,后续帧无需包含第一个帧所包含的icmp报头。
所以第一个帧的大小会是 1500(实际数据部分大小,含ip和icmp报头)+14(以太类型帧头部)=1514,在第一个帧里实际携带了多少数据的是1500-20(IP 报头)-8(icmp报头)=1472,剩余28bytes数据会在后续帧中
后续帧大小:14(以太类型头)+20(ip头)+28(实际数据)=62
注意上面的计算我们都不计算尾部4字节校验的。可以实际抓包验证上面的分析。


Share
					

		
		
	


				
					
	

				
					
	

		

						
[一个有意思的问题]关于vlan的

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			
有2个同网段的主机,故意分别放到不同的vlan里,问这2个主机能正常通信不,存在路由器的情况下.


个人理解:


主机在发送数据包的时候,会首先将目标地址利用本机的子网掩码,看目标地址与本机地址是否在同一网段,是同一网段就从ARP缓存里寻找目标ip对应的MAC,如果没有就发送ARP广播以希望获得MAC地址,获得MAC地址后,将目标MAC地址封装到侦中,送入物理层传输.


如果不是同一网段,主机将把目标MAC设置为网关接口的MAC地址,并将数据发送给网关,交给第三层设备处理.


这个问题,主机首先发现目标ip与本机是同一网段,数据不会送给网关,主机在本网内发送ARP广播希望获得目标地址的MAC,但是事实上是这个vlan里根本就没有这个主机,所以不会获得MAC,找不到接收者 丢弃该数据.


 


Share