Inter-VLAN Routing with an External Router

1.Refer to the exhibit. What will Router1 do when it receives the data frame shown? (Choose three.)参考图示。

位于会怎么做当它接收到数据帧显示吗?(选择三个)。

2.Refer to the exhibit. Which three statements correctly describe Network Device A? (Choose three.)参考图示。

这三个报表正确描述网络设备?(选择三3.Which layer in the OSI reference model is responsible for determining the availability of the receivingprogram and checking to see if enough resources exist for that communication?在OSI参考模型层负责确定接收的可用性程序和检查是否足够的资源存在的沟通吗?4.Which of the following describes the roles of devices in a WAN? (Choose three.下列哪个描述的角色在广域网设备?(选择三个。

5.Refer to the exhibit, Host A pings interface S0/0 on router 3, what is the TTL value for that ping? 参考图示,主机ping路由器界面S0/0 3,萍的TTL值是什么?6.A network administrator is verifying the configuration of a newly installed host by establishing an FTPconnection to a remote server. What is the highest layer of the protocol stack that the nework administratoris using for this operation?网络管理员验证的配置是一个新安装的主机通过建立FTP连接到远程服务器。

以太网交换机基础培训教材Prepared by拟制程永椿 00742 Date 日期 2005-3-13 Reviewed by 评审人 李博 00404Date 日期 2005-3-14 Approved by批准Date 日期 yyyy-mm-dd Authorized by签发Date 日期yyyy-mm-ddHuawei-3Com Technologies Co., Ltd.华为3Com 技术有限公司All rights reserved 版权所有 侵权必究Revision record修订记录Catalog目录1 以太网概述 (8)2 以太网的基础知识 (8)2.1 MAC地址 (8)2.2 以太网帧的帧格式 (9)2.2.1 以太网Ⅱ (10)2.2.2 带有802.2逻辑链路控制的IEEE 802.3 (10)2.2.3 IEEE 802.3子网访问协议（以太网SNAP） (10)2.2.4 Novell以太网 (11)2.3 CSMA/CD (11)2.4 冲突域和广播域 (12)2.5 以太网的典型设备-HUB (12)2.6 全双工以太网 (13)3 二层交换机的基本原理 (13)3.1 二层交换机 (13)3.2 支持VLAN的二层交换机 (16)3.2.1 VLAN的概念 (17)3.2.2 VLAN的划分 (18)3.2.3 VLAN的标准 (19)3.2.4 支持VLAN交换机的转发流程 (21)4 三层交换机基本原理 (24)4.1 三层交换机的提出 (24)4.2 三层交换机基本特征 (25)4.3 三层交换机的功能模型 (25)4.4 三层交换机转发流程 (27)4.4.1 IP网络规则 (27)4.4.2 三层转发流程 (27)4.4.3 选路过程 (29)4.5 路由器和交换机 (31)4.5.1 接口 (32)4.5.2 特点对照 (32)5 交换机相关协议和技术 (32)5.1 物理层特性（接口） (32)5.1.1 自协商 (33)5.1.2 智能MDI/MDIX自识别 (33)5.1.3 流控机制 (34)5.1.4 POE供电 (35)5.1.5 端口镜像 (35)5.2 二层协议和特性 (35)5.2.1 STP/RSTP/MSTP协议 (36)5.2.2 GARP/GVRP/GMRP (37)5.2.3 聚合特性 (38)5.2.4 Isolate-user-vlan (39)5.2.5 二层多播 (40)5.2.6 QinQ (41)5.3 三层特性 (41)5.3.1 SuperVLAN (41)5.4 Qos/ACL (42)5.5 安全特性 (42)5.5.1 802.1X (42)5.5.2 PORTAL (44)5.6 管理特性 (45)5.6.1 集群管理 (46)5.6.2 WEB网管 (47)5.7 IRF (47)5.8 与路由器相同的一些特性 (49)6 以太网交换机主要厂商 (49)6.1 Cisco (49)6.2 Extreme (50)6.3 Foundry (50)6.4 港湾 (50)7 参考资料 (50)图索引图1MAC地址 (9)图2常用的以太网帧格式 (10)图3由HUB组成的网络 (13)图4全双工以太网 (13)图5二层交换机结构示意图 (14)图6二层交换机的转发流程 (15)图7二层交换机工作在链路层 (15)图8交换机的冲突域和广播域 (16)图9由二层交换机构成的扁平网络 (16)图10基于端口VLAN的划分 (18)图11802.1Q VLAN帧格式 (20)图12Trunk链路实现虚拟工作组 (20)图13支持VLAN交换机交换引擎 (21)图14IVL和SVL地址学习方式 (22)图15IVL地址学习方式转发流程 (23)图16SVL地址学习方式转发流程 (23)图17支持VLAN交换机冲突域和广播域 (24)图18三层交换机功能模型 (26)图19三层交换引擎 (26)图20三层转发流程 (28)图21路由器的最长匹配转发 (30)图22三层交换机转发-精确匹配 (31)图23三层交换机转发-最长匹配 (31)图24以太网的自协商 (33)图25STP阻塞网络环路 (36)图26MSTP根据VLAN进行阻塞链路 (37)图27GARP属性注册和注销 (37)图28GARP基本原理 (38)图29Isolate-user-vlan (39)图30不支持多播功能交换机 (40)图31QinQ实现vMAN (41)图32802.1X认证体系结构 (43)图33PORTAL认证四大要素 (45)图34集群的组成 (47)图35IRF的组成 (48)图36IRF的典型应用 (49)表索引表 N/MAN参考模型 (17)表 2.路由器和三层交换机的特点对比 (32)表 3.PORTAL、PPPoE/A、802.1X三种认证方式的特点对比 (45)以太网交换机基础培训教材Keywords 关键词：以太网，交换机，LAN，VLAN，IRFAbstract 摘要：本文介绍以太网交换机的相关知识和基本原理。

Industry-Leading Performance and Control at the Network CoreEnterasys Networks’ award-winning X-Pedition family represents a new generation of switch routing solutions engineered to support today’s rapidly expanding enterprises. Built particularly for the backbone, the 16-slot X-Pedition 8600 switch router combines wire-speed performance at gigabit rates, pinpoint control of application flows, and superior routing capacity to ensure high availability of internal and external networks including business-critical web content, ERP applications, voice/video/data, e-commerce and more. The high-capacity X-Pedition 8600 delivers full-function, wire-speed IP/IPX routing—both unicast (IP:RIP ,OSPF , BGP , IPX:RIP) and multicast (IGMP , DVMRP , PIM-DM, PIM-SM). Powered by a non-blocking 32 Gigabit per second switching fabric, the X-Pedition 8600’s throughput exceeds 30 million packets per second and can be configured with up to 240 10/100 ports or 60 Gigabit Ethernet ports.Enterprise backbone requirements are met through massive table capacity and redundancy. The X-Pedition is also the industry’s first Gigabit switching router with WAN capabilities. The WAN interfaces extend the benefits of the X-Pedition to remote locations, providing network administrators application-level control from the desktop to the WAN edge, all at wire speed.The unique X-Pedition architecture enables you to route or switch packets based on the information in Layer 4 or on the traditional source-destination information in Layer 3. This application-level control allows the X-Pedition to guarantee security and end-to-end Quality of Service (QoS) while maintaining wire-speed throughput. QoS policies may encompass all the applications in the network, groups of users, or relate specifically to a single host-to-host application flow.•High-capacity, multilayer switch router for enterprise backbones—Full-function IP/IPX routing for unicast and multicast traffic—32 Gbps non-blocking switching fabric; 30 Mpps routing throughput —Up to 60 Gigabit Ethernet ports; up to 240 10/100 ports—Built-in support for 10 Gig, optical networks and emerging technologies •Full application support from the desktop to the WAN—Wire-speed Layer 4 application flow switching—Maintains wire-speed performance with all other features enabled —Supports HSSI, FDDI, ATM and serial WAN interfaces —Ready now for multicast voice and video applications•Pinpoint control to prioritize applications, improve e-business operation—Wire-speed, application-level QoS for end-to-end reliability —Application load balancing and content verification—Supports DiffServ, Weighted Fair Queuing and Rate Limiting (CAR)•Superior fault tolerance to ensure 24x7 network availability—Redundant power supplies and CPUs to protect from failures —Load sharing to enhance performance through redundant links•Advanced security features for greater peace of mind—Secure Harbour™ framework protects against internal and external abuse —Wire-speed Layer 2/3/4 security filters•Standards-based, intuitive management for fast, easy troubleshooting—Full support for RMON and RMON 2—Comprehensive SNMP-based management via NetSight™ AtlasThe X-Pedition 8600 is easily configured and managed through NetSight Atlas network management software,which includes plug-in applications for ACL, inventory and policy management. The X-Pedition Switch Router is fully standards-based and completely interoperable with existing networking equipment.Guaranteeing Quality of ServiceWith global enterprise more dependent than ever on the applications that support their business—from e-commerce and SAP to emerging multicast video applications—quality of service (QoS) becomes a top priority.QoS refers to a set of mechanisms for guaranteeing levels of bandwidth, maximum latency limits, and controlled interpacket timing. Enterasys’ X-Pedition 8600 delivers true standards-based QoS by integrating wire-speed Layer 4 switching with policy-based traffic classification and prioritization. Because Enterasys’ custom ASICs can read deeper into the packet, all the way to Layer 4, traffic can be identified, classified, and prioritized at the application level.Unmatched Performance with Wire-Speed Routing and SwitchingThe X-Pedition 8600 minimizes network congestion by routing more than 30 million packets per second (pps). The 32 Gbps switching fabric in the X-Pedition delivers full-function unicast and multicast wire-speed IP/IPX routing at gigabit speeds on all ports.The X-Pedition 8600’s custom ASICs switch or route traffic at wire speed based on Layer 2, Layer 3 and Layer 4 information. These ASICs also store QoS policies and security filters, providing wire-speed performance even when QoS and security filters are enabled. As a result, network managers no longer need to make compromises when it comes to performance and functionality; the X-Pedition delivers both.Application-Level QoS and Access Control—at Wire SpeedBased on Layer 2, Layer 3 and Layer 4 information, the X-Pedition allows network managers to identify traffic and set QoS policies, without compromising wire-speed performance.The X-Pedition can guarantee bandwidth on an application-by-application basis, thereby accommodating high-priority traffic even during peak periods of usage. QoS policies can be broad enough to encompass all the applications in the network, or relate specifically to a single host-to-host application flow.Unlike conventional routers, the X-Pedition’s performance does not degrade when security filters are imple-mented. Wire-speed security, obtained through 20,000 filters, enables network managers to benefit from both performance and security. Filters can be set based on Layer 2, Layer 3 or Layer 4 information, enabling network managers to control access based not only on IP addresses, but also on host-to-host application flows.Wire-Speed Multicast to Support Convergence ApplicationsThe X-Pedition’s switching fabric is capable of replicating packets in hardware, eliminating performance bottlenecks caused by conventional software-based routers. By providing the necessary infrastructure, the X-Pedition turns the network into an efficient multicast medium, supporting Protocol Independent Multicasting-Sparse Mode (PIM-SM), DVMRP and per-port IGMP .Industry-Leading CapacityLarge networks require large table capacities for storing routes, application flows, QoS rules, VLAN information and security filters. The X-Pedition 8600 provides table capacities that are an order of magnitude greater than most other solutions available today, supporting up to 250,000 routes, 4,000,000 application flows and 800,000 Layer 2 MAC addresses.How the X-Pedition Supports QoS•Wire-Speed Routing on Every Port —Removesrouting as the bottleneck and avoids “switch when you can, route when you must”schemes which are often complicated and proprietary •Massive Non-Blocking Backplane —Prevents overloaded output wires from clogging the switching hardware and isolates points of network congestion so that other traffic flows are unaffected•Large Buffering Capacity —Avoids packet loss during transient bursts that exceed output wire capacity •T raffic Classification and Prioritization —Enables policy-based QoS which guarantees throughput and minimizes latency forimportant traffic during times of congestion•Layer 4 Flow Switching —Provides application-level manageability, enabling the implementation of trueend-to-end QoS (e.g., RSVP)•Intuitive QoS Management Interface —Allows powerful QoS policies to beimplemented and maintained quickly and easily•Detailed NetworkInstrumentation —Facilitates network baselining and troubleshooting, delivering insight into the behavior of network trafficFull-function wire-speed IP/IPX routing enables the X-Pedition to scale seamlessly as the network evolves.The chassis-based X-Pedition can be configured with up to 240 10/100 ports or up to 60 Gigabit Ethernet ports. More than 4,000 VLANs, 20,000 security filters and large per-port buffers provide the capacity to handle peak traffic across even the largest enterprise backbones.Comprehensive Management for Easy Deployment, Changes and T roubleshootingVLAN Management —The X-Pedition can be configured to support VLANs based on ports and work managers can use Layer 2 VLANs with 802.1p prioritization and 802.1Q tagging, and can configure VLANs guided wizards within NetSight Atlas management software.Extensive Performance Monitoring —The X-Pedition paves the way for proactive planning of bandwidth growth and efficient network troubleshooting by providing RMON and RMON2 capabilities per port. Easy-to-Use, Java-Based Management —The X-Pedition’s rich functionality is made easy to use through NetSight Atlas, a command console that provides extensive configuration and monitoring of the X-Pedition as well as your entire Enterasys network. NetSight Atlas allows network managers to use any Java-enabled client station across the enterprise to remotely manage the X-Pedition 8600. NetSight Atlas can run on Solaris and Windows NT/2000/XP environments.Why the X-Pedition is a Better Backbone Router•Best-Selling Modular Layer 3Switch Router•Wire-Speed Performance with All Features Enabled •First to Support WAN Interfaces•Part of an Integrated End-to-End Solution•Pinpoint Application Control from the Desktop to the WAN •Multilayer Security Filters Don’t Sacrifice Performance •Award-Winning, Time-T ested Solution•Highly Manageable, Easily ConfigurableX-Pedition, NetSight and Secure Harbour are trademarks of Enterasys Networks. All other products or services mentioned are identified by the trademarks or servicemarks of their respective companies or organizations. NOTE: Enterasys Networks reserves the right to change specifications without notice. Please contact your representative to confirm current specifications.TECHNICAL SPECIFICATIONSPerformanceWire-speed IP/IPX unicast and multicast routing32 Gbps non-blocking switching fabric30 Million packets per second routing and Layer 4 switchingthroughputCapacity240 Ethernet/Fast Ethernet ports (10/100Base-TX or100Base-FX)60 Gigabit Ethernet ports (1000Base-LX or 1000Base-FX)Up to 25,000 routesUp to 4,000,000 Layer 4 application flowsUp to 800,000 Layer 2 MAC addressesUp to 250,000 Layer 3 routesUp to 20,000 security/access control filters3 MB buffering per Gigabit port1 MB buffering per 10/100 port4,096 VLANsPower System120VAC, 6A MaxRedundant CPU and power supplyHot-swappable media modulesPHYSICAL SPECIFICATIONSDimensions48.9 cm (19.25”) x 43.82 cm (17.25”) x 31.12 cm (12.25”)Weight61.75 lb. (28.0 kg)ENVIRONMENTAL SPECIFICATIONSOperating T emperature0°C to 40°C (32°F to 104°F)Relative Humidity5% to 95% noncondensingPROTOCOLS AND STANDARDSIP RoutingRIPv1/v2, OSPF, BGP-4IPX RoutingRIP, SAPMulticast SupportIGMP, DVMRP, PIM-DM, PIM-SMQoSApplication level, RSVPIEEE 802.1pIEEE 802.1QIEEE 802.1d Spanning T reeIEEE 802.3IEEE 802.3uIEEE 802.3xIEEE 802.3zRFC 1213 - MIB-2RFC 1493 - Bridge MIBRFC 1573 - Interfaces MIBRFC 1643 - Ethernet like interface MIBRFC 1163 - A Border Gateway Protocol (BGP)RFC 1267 - BGP-3RFC 1771 - BGP-4RFC 1657 - BGP-4 MIBRFC 1058 - RIP v1RFC 1723 - RIP v2 Carrying Additional InformationRFC 1724 - RIP v2 MIBRFC 1757 - RMONRFC 1583 - OSPF Version 2RFC 1253 - OSPF v2 MIBRFC 2096 - IP Forwarding MIBRFC 1812 - Router RequirementsRFC 1519 - CIDRRFC 1157 - SNMPRFC 2021 - RMON2RFC 2068 - HTTPRFC 1717 - The PPP Multilink ProtocolRFC 1661 - PPP (Point to Point Protocol)RFC 1634 - IPXWANRFC 1662 - PPP in HDLC FramingRFC 1490 - Multiprotocol Interconnect over Frame RelayORDERING INFORMATIONSSR-16X-Pedition 8600 switch router 16-slot base system includingchassis, backplane, modular fan, and a single switch fabricmodule (SSR-SF-16). Requires new CM2 Control ModuleSSR-PS-16Power Supply for the X-Pedition switch router 8600SSR-PS-16-DCDC Power Supply Module for the X-Pedition 8600SSR-SF-16Switch fabric module for the X-Pedition 8600. One moduleships with the base system (SSR-16). Order only if second isrequired for redundancy.SSR-PCMCIAX-Pedition 8600 and 8000 8MB PCMCIA card (ships with SSR-RS-ENT, second required for redundant CM configuration)SSR-CM2-64X-Pedition switch router Control Module with 64 MB memorySSR-CM3-128X-Pedition switch router Control Module with 128 MB memorySSR-CM4-256X-Pedition switch router Control Module with 256 MB memorySSR-MEM-128New CM2 memory upgrade kit (For CM2 series only)SSR-RS-ENTX-Pedition Switch Router Services for L2, L3, L4 Switchingand IP (Ripv2, OSPF) IPX (RIP/SAP) Routing. One requiredwith every chassis, shipped on PC card.© 2002 Enterasys Networks, Inc. All rights reserved. Lit. #9012476-111/02。

LAN Local Area Network局域网，指作用范围为几十公里以内的网络及网络相关技术。

WAN Wide Area Network广域网，指作用范围为几十公里到几千公里的网络及网络相关技术。

数据〔Data〕传递〔携带〕信息的实体。

信息〔Information〕是数据的内容或解释。

信号〔Signal〕数据的物理量编码〔通常为电编码〕，数据以信号的形式在介质中传播。

信道〔Channel〕传送信息的线路〔或通路〕。

比特〔bit〕即一个二进制位。

比特率为每秒传输的比特数〔即数据传送速率〕。

码元〔Code cell〕时间轴上的一个信号编码单元。

波特〔Baud〕码元传输的速率单位。

波特率为每秒传送的码元数〔即信号传送速率〕。

带宽〔Band width，BW〕信道传输能力的度量。

在传统的通信工程中它指频率的范围；在计算机网络中，一般用每秒允许传输的二进制位数作为带宽的计量单位。

Modem在模拟传输方式中，调制，将数字数据变换为模拟的调制信号；解调，将模拟信号重新复原为数字数据。

调制器和解调器组合在一起就称为调制解调器ModemPCM脉冲编码调制，也称为脉冲调制，这是一个把模拟信号转换为二进制数字序列的过程,包括三个步骤：采样、量化和编码。

TDM时分多路复用，是多路复用的一种方法。

信号分割的参量是信号占用的时间，故要使复用的各路信号在时间上互不重叠。

在传输时把时间分成小的时间片，每一时间片由复用的一个信号占用，每一瞬时只有一个信号占用信道虚电路分组交换技术的一种方式，两个端用户相互通信前必须建立一条逻辑连接，即虚电路。

这条虚电路可以事先建立，也可以临时建立。

协议为进展网络中的数据交换〔通信〕而建立的规那么、标准或约定(语义+语法+规那么)。

不同层具有各自不同的协议。

实体任何可以发送或接收信息的硬件/软件进程。

对等层两个不同系统的同名层次。

对等实体位于不同系统的同名层次中的两个实体。

〔协议作用在对等实体之间。

教你利⽤三层交换机实现VLAN间路由本⽂档详细介绍利⽤三层交换机实现 VLAN 间路由，⽂内含长段代码可复制可往左滑，希望对⼤家有帮助！实验背景某企业有两个主要部门，技术部和销售部，分处于不同的办公室，为了安全和便于管理对两个部门的主机进⾏了 VLAN 的划分，技术部和销售部分处于不同的VLAN，先由于业务的需求需要销售部和技术部的主机能够相互访问，获得相应的资源，两个部门的交换机通过⼀台三层交换机进⾏了连接。

技术原理三层交换机具备⽹络层的功能，实现 VLAN 相互访问的原理是：利⽤三层交换机的路由功能，通过识别数据包的 IP 地址，查找路由表进⾏选路转发，三层交换机利⽤直连路由可以实现不同 VLAN 之间的相互访问。

三层交换机给接⼝配置 IP 地址。

采⽤ SVI（交换虚拟接⼝）的⽅式实现 VLAN 间互连。

SVI 是指为交换机中的VLAN 创建虚拟接⼝，并且配置 IP 地址。

Tag VLAN是基于交换机端⼝的⼀种类型，主要⽤于使交换机的相同Vlan内的主机之间可以直接访问，同时对于不同Vlan的主机进⾏隔离。

trunk主要⽤在连接其它交换机，以便在线路上承载多个vlanWLAN是Wireless Local Area Network的简称，指应⽤⽆线通信技术将计算机设备互联起来，构成可以互相通信和实现资源共享的⽹络体系。

802.1x协议是WLAN第⼆代的认证技术，它是基于客户端-服务器（Client-Server)结构的访问控制和认证协议。

它可以限制未经授权的⽤户/设备通过接⼊端⼝（Access Port)访问LAN/WLAN。

DOT1Q是提供VLAN识别和服务质量(QoS)级别的IEEE标准。

电⽓和电⼦⼯程师协会（IEEE，全称是Institute of Electrical and Electronics Engineers）是⼀个美国的电⼦技术与信息科学⼯程师的协会，是世界上最⼤的⾮营利性专业技术学会。

HuaweiWireless Access Controller Datasheetand network status instantly.Monitoring interfaceConfiguration interfaceOne-click diagnosis solves 80% of common network problems.The web system supports real-time and periodic one-click intelligent diagnosis from the dimensions of users, APs, and ACs, and provides feasible suggestions for troubleshooting the faults.Figure 1-4 Intelligent diagnosisBuilt-in application identification serverˉSupports Layer 4 to Layer 7 application identification and can identify over 1600 applications, including common office applications and P2P download applications, such as Lync, FaceTime, YouTube, and Facebook.ˉSupports application-based policy control technologies, including traffic blocking, traffic limit, and priority adjustment policies.ˉSupports automatic application expansion in the application signature database.Comprehensive reliability designˉSupports the Boolean port for environmental monitoring and the intra-board temperature probe, which monitors the operating environment of the AC6005 in real time.ˉSupports AC 1+1 HSB, and N+1 backup, ensuring uninterrupted services.ˉSupports port backup based on the Link Aggregation Control Protocol (LACP) or Multiple Spanning Tree Protocol (MSTP).Large-capacity and high-performance designˉThe AC6005 can manage up to 256 APs, meeting requirements o f small and medium campuses.ˉAn AC6005 has eight GE interfaces, and provides a 20 Gbit/s switching capacity and a 4 Gbit/s forwarding capability (the highest among all similar products of the industry).ˉThe AC6005 can manage up to 2048 users, allowing 100 users on an AP to transmit data simultaneously.Various rolesˉThe AC6005 provides PoE power on eight interfaces or PoE+ power on four interfaces and can supply power to directly connected APs, requiring no additional PoE switch for AP power supplies.ˉThe AC6005 has a built-in Portal/AAA server and can provide Portal/802.1x authentication for 1K users.Flexible networkingˉThe AC can be deployed in inline, bypass, bridge, and Mesh network modes, and supports both centralized and local forwarding.ˉThe AC and APs can be connected across a Layer 2 or Layer 3 network. In addition, NAT can be deployed when APs are deployed on the private network and the AC is deployed on the public network.ˉThe AC is compatible with Huawei full-series 802.11n and 802.11ac APs and supports hybrid networking of 802.11n and 802.11ac APs for simple scalability.Multiple interface supportˉSix GE and tow GE combo interfacesˉOne RJ45 serial maintenance interfaceˉOne Mini USB serial maintenance interfaceFeature Description Scalability Licenses are available for managing 1, 8, or 32 APs.Flexible networking The AC and APs can be connected across a Layer 2 or Layer 3 network. NAT can be deployed in configurations where APs are deployed on an internal network and the AC is deployed on an external network.Services can be mapped between VLANs and Service Set Identifiers (SSIDs). The number of service VLANs and number of SSIDs can be in a ratio of 1:1 or 1:N based on service requirements. You can assign user VLANs based on SSIDs, physical locations, or services.The AC can be deployed in inline, bypass, and WDS/Mesh networks.Flexible forwarding The AC6005 allows you to easily configure local or centralized forwarding based on Virtual Access Points (VAPs) according to network traffic and service control requirements.• Centralized forwarding meets the requirements of most network configurations; however, when bandwidth demands from users connected to the same AP steadily increase, traffic switching loads will increase.• Local forwarding improves bandwidth efficiency; however, user authentication cannot be controlled by the AC in local forwarding mode.The AC6005 solves this problem with support for centralized authentication in local forwarding to accommodate changing needs.Radio management The AC6005 supports automatic selection and calibration of radio parameters in AP regions, including these features:• Automatic signal level adjustment and channel selection on power-up• Automatic signal re-calibration in the event of signal interferenceˉPartial calibration: Adjusts a specific AP to optimal signal levels.ˉGlobal calibration: Adjusts all APs in a specified region for optimal signal levels.• When an AP is removed or goes offline, the AC6005 increases the power of neighboring APs to compensate for reduced signal strength.Flexible user rights management The AC6005 uses Access Control Lists (ACLs) based on APs, VAPs, or SSIDs and provides isolation and bandwidth-limiting for each option. The AC6005 also provides access controls for users, and user roles, to meet enterprise requirements regarding permissions, authentication, and authorization, as well as bandwidth limitations per user and user group.• The AC6005 implements per-user access control based on ACLs, VLAN IDs, and bandwidth limits sent from the RADIUS server.• User groups are defined with access control policies. An ACL, user isolation policy, and bandwidth limitations can be applied to user groups for additional access control.• Inter-group user isolation or intra-group user isolation can also be configured.AC6005 featuresFeature DescriptionWDS The AC6005 provides STA access and wireless bridge management functions, as well as network bridge management when in Fit AP mode.The AC6005 supports these networking modes: point-to-multipoint bridging, single-band/dual-band multi-hop relay, dual-band WDS bridging + WLAN access, and single-band WDS bridging + WLAN access.The AC6005 can also function as a wireless bridge between a central campus network and multiple branch campuses. This configuration works well for deployments with no wired network or where cable routing is inconvenient.High reliability Multiple ACs can be configured in a network to increase WLAN reliability. If an active AC experiences a fault or the link between the active AC and APs disconnects, the APs can switch to a standby AC.The AC6005 system provides N+1 active/standby mode, which allows multiple active ACs to share the same standby AC. This feature provides high reliability at reduced cost.Load balancing • Inter-AP load balancing: When an STA is in the coverage area of multiple APs, the AC6005 connects the STA to the AP with the lightest load, delivering STA-based or traffic-based load balancing.• Inter-STA resource balancing: The AC6005 can dynamically and evenly allocate bandwidth resources to prevent some STAs from overusing available bandwidth due to network adapter performance or special applications, such as BT Total Broadband.• The AC6005 first utilizes the 5 GHz band to increase overall utilization of bandwidth.Visualized WLAN network management and maintenance The AC6005 and APs use Fit AP + AC networking and standard Link Layer Discovery Protocol (LLDP) for centralized AP management and maintenance. When paired with Huawei’s eSight network management tool, the AC6005 provides network topology displays to easily manage and optimize network performance.System security • Application identification: Use the service awareness technology to identify packets of dynamic protocols such as HTTP and RTP by checking Layer 4 to Layer 7 information in the packets, helping implement fine-grained QoS management.• URL filtering: URL filtering regulates online behavior by controlling which URLs users can access.• Antivirus: The antivirus function depends on the powerful and constantly updated virus signature database to secure the network and system data.• Intrusion prevention：Intrusion prevention detects intrusions, such as buffer overflow attacks, Trojan horses, and worms, by analyzing network traffic and takes actions to quickly terminate the intrusions. In this way, intrusion prevention protects the information system and network architecture of enterprises.Item SpecificationsTechnical specifications • Dimensions (H x W x D):43.6 mm x 320 mm x 233.6 mm• Weight: 2.9 kg• Operating temperature: –5o C to 50o C• Storage temperature: –40o C to +70o C• Humidity: 5% to 95%• Input voltage: 100 V AC to 240 V AC; 50/60 Hz• Maximum voltage range: 90 V AC to 264 V AC, 47 Hz to 63 Hz• Maximum power consumption: 163.6 W (device power consumption: 39.6 W, PoE: 124 W)Interface type • 8 x GE interfaces, among which the last two are multiplexed with two optical interfaces as combo interfaces• One RJ45 serial maintenance interface• One Mini USB serial maintenance interfaceLED indicator • Power module indicator (PWR): indicates the power-on status of the device.• System running status indicator (SYS): indicates the running status of the device.• Service network port indicator: indicates the data transmission status, interface rate, and PoE status of a network port.Number of managed APs256Number of SSIDs16KNumber of APs controlled byeach license1, 8, 32 Number of access users Entire device: 2KUser group management The AC supports 128 user groups:• Each user group can reference a maximum of 8 ACLs.• Each user group can associate with a maximum of 128 ACL rules.Number of MAC addresses4KNumber of VLANs4KNumber of ARP entries4KNumber of routing entries8KNumber of multicast forwardingentries2KNumber of DHCP IP address pools64 IP address pools, each containing a maximum of 8K IP addressesAC6005 specificationsFeature DescriptionNetwork management and maintenance Device management and statistics• Command line management based on SSH/Telnet/Console• SNMPv2/v3• Web management• Standard MIBs and Huawei proprietary MIBs• Syslog• AP and station statistics• Alarms with different severity levelsCentralized AP configuration and management• Group-based AP management• Centralized version management and automatic version file load • Built-in AP type and customized AP additionGraphic AP deployment and topology displays• AP LLDP• AC LLDPWireless protocols IEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11k, 802.11n, 802.11acWLAN deployment AP-AC networking• AP-AC Layer 2/3 networking• AC Layer 2 forwarding or Layer 3 routing• NAT traversal (APs are deployed on a private network and ACs are deployed on the public network) Data forwarding• AP-AC CAPWAP tunnel and DTLS encryption• VAP-based forwarding (centralized forwarding and local forwarding)• Centralized authentication and local forwardingVLAN deployment• Mapping between SSIDs and VLANs, and VLAN assignment based on SSIDs or physical locations WDS deployment• Point-to-point and point-to-multipoint• Automatic topology detection and loop prevention (STP)AC active/standby mode• Dual-linked active and standby ACs with Virtual Router Redundancy Protocol (VRRP)• N:1 active/standby deploymentWireless featuresFeature DescriptionRadio management Channel and power configuration• Centralized or static channel power configuration• Automatic channel allocation to implement global radio calibration or partial radio calibration • Automatic power adjustment to implement coverage hole compensation• AP region-based configuration and managementLoad balancing• Load balancing based on the traffic volume on each radio• Load balancing based on the number of usersWireless service control Extended Service Set (ESS)-based service management• ESS-based SSID hiding and AP isolation at Layer 2• Maximum number of access users and associated aging time settings in an ESS• ESSs to service VLANs mapping• ESS associations with a security profile or a QoS profile• Internet Group Management Protocol (IGMP) support for APs in an ESSWireless roaming• Layer 2 roaming• Inter-VLAN Layer 3 roaming• Pairwise Master Key (PMK) caching, rapid key negotiation• Identity check on users who request to reassociate with the AC to reject reassociation requests of unauthorized users• Delayed clearing of user information after a user goes offline so that the user can rapidly go online again DHCP service control• Built-in DHCP server• Support for DHCP snooping on APs• Support for DHCP relay and DHCP snooping on ACMulticast service management• IGMP snooping• IGMP proxyWireless user management WLAN user management• User blacklist and whitelist• User access number limit• User disconnection• Support for multiple queries including online user information and statistics User group management• ACLs based on user groups• Isolation based on user groupsFeature DescriptionEthernet features • 802.1p, QinQ, Smart Link, LLDP• Storm suppression, port isolation, and link aggregationEthernet loop protection • Spanning Tree Protocol (STP)/Rapid Spanning Tree Protocol (RSTP)/Multiple Spanning Tree Protocol (MSTP)• Bridge Protocol Data Unit (BPDU) protection, root protection, and loop protection• Partitioned STP and BPDU tunnels• Rapid Ring Protection Protocol (RRPP)• Hybrid networking of RRPP rings and other ring networksWired featuresFeature DescriptionWireless security and authentication Authentication and encryption• OPEN/WEP/PSK/WPA(2) + 802.1x• WEP/TKIP/AES(CCMP)• WAPIUser authentication and control• MAC address authentication, Portal authentication, and 802.1x authentication • MAC + Portal authentication• PEAP/TLS/MD5/CHAPSecurity and defense• ACLs based on interface, users, and user groups• Isolation based on VAPs and user groups• IP source guard for STAs• Detection of unauthorized APs and alarm function• User blacklist and whitelistAAA• Local authentication/local accounts (MAC addresses and accounts)• RADIUS authentication• Multiple authentication serversWireless QoS control Flow control• VAP-based rate limiting• User-group-based rate limiting• Rate limiting for a specified user• Dynamic traffic control, preventing resources from being wasted by STAsPriority mapping and scheduling• Mapping QoS settings of encapsulated data packets to 802.1p and DSCP fields of outer tunnel packets • Mapping between DSCP, 802.1p, and 802.11e10Huawei AC6005Wireless Access Controller Datasheet ComponentPart Number Name Description AC+license02356813AC6005-8-PWR-8AP AC6005-8-PWR-8AP Bundle(Including AC6005-8-PWR,Resource License 8 AP)AC+license 02356816AC6005-8-8AP AC6005-8 -8AP Bundle(Including AC6005-8,Resource License 8 AP)License 88031VEB L-AC6005-1AP Software Charge,AC6005,L-AC6005-1AP ,AC6005 Access ControllerAP Resource License(1 AP)88031VEAL-AC6005-8APSoftware Charge,AC6005,L-AC6005-8AP ,AC6005 Access ControllerAP Resource License(8 AP)Power moduleSee the ordering guide.Power cableOptical moduleOptical jumperNetwork cableGround bar AC6005 purchase and accessory informationFeatureDescription IP routingUnicast routing protocols: RIP , OSPF, BGP , and IS-IS Device reliabilityVirtual Router Redundancy Protocol (VRRP)QoS features Traffic classifier, traffic behavior, queue scheduling, congestion avoidance, and outbound interfacerate limitingLink detection BFDEFM OAM, CFM OAM, and Y .1731IP service controlARPBuilt-in DHCP serverRADIUS clientBuilt-in FTP serverDHCP relay and DHCP snoopingProfessional Service and SupportHuawei Professional Services provides expert network design and service optimization tasks to help customers:ˉDesign and deploy a high-performance network that is reliable and secure.ˉMaximize return on investment and reduce operating expenses.Company AddendumFor more information, please visit /en/ or contact your local Huawei office.Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.Other trademarks, product, service and company names mentioned are the property of their respective owners.General DisclaimerThe information in this document may contain predictive statements including,without limitation, statements regarding the future financial and operating results,future product portfolio, new technology, etc. There are a number of factors thatcould cause actual results and developments to differ materially from thoseexpressed or implied in the predictive statements. Therefore, such information isprovided for reference purpose only and constitutes neither an offer nor anacceptance. Huawei may change the information at any time without notice.。

1Which three features are commonly supported at the distribution layer of the Cisco hierarchical network model? (Choose thsecurity policiesPower over Ethernetswitch port securityquality of serviceLayer 3 functionalityend user access to network2Refer to the exhibit. What characteristic of hierarchical network designs is exhibited by having SW3 connected to both SW1scalabilitysecurityredundancymaintainability3Which hierarchical design model layer controls the flow of network traffic using policies and delineates broadcast domains routing functions between virtual LANs (VLANs)?accessdistributionnetworkcore4W hat is the likely impact of moving a conventional company architecture to a completely converged network?Local analog phone service can be completely outsourced to cost-effective providers.The Ethernet VLAN structure is less complex.A shared infrastructure is created resulting in a single network to manage.QoS issues are greatly reduced.There is less bandwidth competition between voice and video streams.5 A technician is attempting to explain Cisco StackWise technology to a client that is setting up three stackable switches. Whexplanation accurately describes StackWise technology?StackWise technology allows up to eight ports to be bound together to increase available bandwidth.StackWise technology allows the switch to deliver power to end devices by using existing Ethernet cabling.StackWise technology allows the switch capabilities and ports to be expanded by the addition of line cards.StackWise technology allows up to nine switches to be interconnected via the use of a fully redundant backplane.6W hich layer of the hierarchical design model provides a means of connecting devices to the network and controlling which allowed to communicate on the network?applicationaccessnetworkcore7Which feature supports higher throughput in switched networks by combining multiple switch ports?convergenceredundant linkslink aggregationnetwork diameter8W hich two characteristics are associated with enterprise level switches? (Choose two.)low port densityhigh forwarding ratehigh latency levelsupport link aggregationpredefined number of ports9Which layer of the hierarchical network design model is refered to as the high-speed backbone of the internetwork, where availability and redundancy are critical?access layercore layerdata-link layerdistribution layernetwork layerphysical layer10L ink aggregation should be implemented at which layer of the hierarchical network?core onlydistribution and coreaccess and distributionaccess, distribution, and core11 A network administrator is selecting a switch that will operate at the network core. Which three features should the switchoptimum network performance and reliability? (Choose three.)port securitysecurity policies10 Gigabit Ethernetquality of service (QoS)hot-swappable hardwarePower over Ethernet (PoE)12W hat statement best describes a modular switch?a slim-line chassisallows interconnection of switches on redundant backplanedefined physical characteristicsflexible characteristics13At which heirarchical layer are switches normally not required to process all ports at wire speed?core layerdistribution layeraccess layerentry layer14C onfiguring communication between devices on different VLANs requires the use of which layer of the OSI model?Layer 1Layer 3Layer 4Layer 515Refer to the exhibit. Beginning with HR servers and workstations, a network engineer is designing a new security structur network. Which set of policies adheres to the hierarchical network model design principles?Implement Layer 3 switching on S1 to reduce the packet processing load on D1 and D2. Install all security processin reduce network traffic load.Configure port security options on S1. Use Layer 3 access control features on D1 and D2 to limit access to the HR s the HR subnet.Move all HR assets out of the data center and connect them to S1. Use Layer 3 security functions on S1 to deny all out of S1.Perform all port access and Layer 3 security functions on C1.16A network technician is asked to examine an existing switched network. Following this examination, the technician makes recommendations for adding new switches where needed and replacing existing equipment that hampers performance. T is given a budget and asked to proceed. Which two pieces of information would be helpful in determining necessary port d switches? (Choose two.)forwarding ratetraffic flow analysisexpected future growthnumber of required core connectionsnumber of hubs that are needed in the access layer to increase performance17Which hierarchical design characteristic would be recommended at both the core and distribution layers to protect the net case of a route failure?PoEredundancyaggregationaccess lists18W hich two features are supported at all three levels of the Cisco three-layer hierarchical model? (Choose two.)Power over Ethernetload balancing across redundant trunk linksredundant componentsQuality of Servicelink aggregation19For organizations that are implementing a voice over IP solution, what functionality should be enabled at all three layers o hierarchical network?Power over Ethernetquality of serviceswitch port securityinter-VLAN routing20W hich layer of the OSI model does an access layer LAN switch use to make a forwarding decision?Layer 1Layer 2Layer 3Layer 4。

实验报告.实验目的进一步理解三层交换机配置的基本原理； 熟练掌握PacketTracer 软件的安装和配置方法; 掌握三层交换机的基本命令配置。

掌握vlan 之间路由的含义。

•实验环境（软件、硬件及条件） 1台2811路由器； 2台工作站； 2台2960的交换机； 网络连接线路若干（双绞线）； 网络拓朴结构如下：6、软件：windows xp 操作系统、PacketTracer 软件。

三、实验规划vlan 10；192.ise.11/24GO/2 vlvi 20:192 168. 2.1/E4 Xtrunk \ Gl/1 irliii 20： s*0 £0/2-2斗\ £0/2 ■"12960-24TT S witch 0GO/1 35 码Multil Aer Strunk /Gl/I 1 r | fO/2/ j「一^29S0-24TTSwitchlPC-PT PCIFC1:1^ 163.1 100/24PC*PT PC2FC2:192.16S 2 100/24实验名称 课程名称Vian 间路由三层交换实验计算机网络实训1、 2、31、 2、 3、间路由-二层交换 1*—二层交换机：SW3560GiO/1trunkGiO/2 trunkvlan 10 192.168. L 1/24 swl fO/2-24vlan 20192.16& 2.1/24sw2 fO/2-24交换机「Swl 2960Gil/ItrunkfO/2->PCl交换机:SwO 2960Gil/1trunkfO/2->PC2IPC1: 192.168.1.100/24]PC2: 192.168. 2.100/241、启动PacketTracer 软件，选择路由器、PC 构成以上拓扑结构，画出拓扑图,vlan 10:192. 169. 1. 1/24 trunk PC-PTPCIPCI ：192.16B.1 100/24然后用PacketTracer 软件对此网络进行配置。

1请参见图示。

下列哪三种说法正确描述了图中所示的网络设计？（选择三项。

）136Refer to the exhibit. Which three statements describe the network design shown in the exhibit?此设计不易扩展。

This design will not scale easily.路由器将VLAN合并到单个广播域内。

The router merges the VLANs into a single broadcast domain.此设计使用了一些不必使用的交换机端口或路由器端口。

This design uses more switch and router ports than are necessary.此设计超出了交换机可连接的VLAN的最大数量。

This design exceeds the maximum number of VLANs that can be attached to a switch.此设计需要在交换机与路由器之间的链路上使用ISL或802.1q协议。

This design requires the use of the ISL or 802.1q protocol on the links between the switch and the router.如果交换机与路由器之间的物理接口可以正常工作，则不同VLAN中的设备可通过路由器通信。

If the physical interfaces between the switch and router are operational, the devices on the different VLANs can communicate through the router.2、某路由器有两个快速以太网接口，需要连接到本地网络中的四个VLAN。

在不降低网络必要性能的情况下，如何才能使用数量最少的物理接口达到此要求？1A router has two FastEthernet interfaces and needs to connect to four VLANs in the local network. How can this be accomplished using the fewest number of physical interfaces without unnecessarily decreasing network performance?实施单臂路由器配置。

VLAN名词解释VLAN（Virtual Local Area Network）即虚拟局域网，是一种将物理上分散的计算机设备通过网络技术进行逻辑上的划分和组合的方法。

其实质上是将一个局域网分割成多个虚拟的局域网，使得处于同一VLAN的设备可以像在一个物理局域网中一样进行通信。

VLAN的创建和管理是由交换机来实现的，交换机上通过将不同的端口或者MAC地址进行归属划分，可以将局域网分割成多个互不干扰的VLAN。

VLAN的好处主要体现在以下几个方面：1. 管理灵活方便：VLAN可以根据不同的需求进行划分和管理，可以根据部门、功能或者位置等因素进行划分，使得管理更灵活、方便。

2. 增强网络安全性：VLAN可以将不同安全级别的设备进行隔离，提高网络安全性，防止不同部门或者个人设备之间的信息泄露。

3. 提高网络性能：VLAN可以减少广播和组播的传输范围，提高网络的性能和带宽利用率，降低冲突、碰撞等问题。

4. 管理广播域：VLAN可以划分不同的广播域，减少广播的范围，在大型网络中可以提高网络的可靠性和性能。

5. 提供灵活的资源共享：VLAN可以将位于不同地点的设备组合成一个虚拟的局域网，方便资源的共享和访问。

在VLAN中，有一些常用的术语和名词需要了解：1. 标签（Tag）：用于标记一个数据帧属于哪一个VLAN，一般在交换机之间传送VLAN信息时使用。

标签信息会根据不同的交换机厂商和协议有所不同，最常用的标签协议时IEEE 802.1Q。

2. 截断（Trunk）：指的是能够传送多个VLAN的数据帧的链路或者端口，可以将不同VLAN的数据帧同时发送到目标交换机上的对应接口。

3. 端口隔离（Port Isolation）：一种保证不同端口之间不进行数据转发的技术，可以有效隔离不同VLAN之间的通信，提高网络安全性。

4. VLAN划分（VLAN Partitioning）：即将一个网络划分成多个VLAN，可以根据不同的需求进行划分，例如按照物理位置、功能或者安全级别等进行划分。

路由器 :1、进入 SETUP模式 Router#setup2、时间设置 router#clock set hh:mm:ss date moth year3、 router>show historyRouter>terminal history size lines4、 router#show version5、 router#show running-config6、 router#show starup-config7、 router(config)#hostname name主机命名8、 router(config)#banner motd # message #开机时的固定显示信息9、 router(config)#enable password password特权模式明文密码10、 router(config)#no enable password11、 router(config)#enable secret password特权模式加密密码12、 router(config)#no enable secret13、 router(config)#service password-encryption特权模式把明文密码加密密码，但没enable secret 安全能够反解14、 router(config)#line console 控制台密码15、 router(config-line)#login16、 router(config-line)#password password17、 router(config-line)#exec-timeout mm ss严禁控制台会话自动退出18、 router(config-line)#logging synchronous重显被打乱的控制台输入router(config)#no ip domain-lookup严禁域名分析19、 router(config)#line vty 0 4 虚构终端密码20、 router(config-line)#login21、 router(config-line)#password password22、 router(config)#interface type number(slot/port)端口设置23、 router(config-if)#ip address ip summast24、 router(config-if)#clock rate 64000（时钟频次单位为bps，只在 DCE端设置）25、 router(config-if)#bandwith 64(带宽设置，单位为KB)26、 router(config-if)#no shutdown(shutdown)27、 router(config-if )#media-type type(10base)为以太网端口选择适合的介质种类28、 router(config-if )#ctrl+z 保留退出到特权模式29、 router#30、 router> 用户模式 enable 进入router# 特权模式 config terminal 进入router(config)# 全局配置模式31、Interface Router(config-if)# 端口设置Subinterface Router(config-subif)#子端口设置Controller Router(config-controller)#控制口设置Line Router(config-line)#虚构口设置Router Router(config-router)#路由设置IPX router Router(config-ipx-router)#IPX路由设置32、 router#show interface33、 router#show interface Ethernet 034、 router#show interface serial 035、 router#show running-config36、 router#show starup-config37、 router#show flash38、 router#show controller39、 router#show controller interface type40、 router#show running-configrouter#copy running-config starup-configrouter#copy running-config tftprouter#copy starup-config tftprouter#copy flash tftprouter#copy tftp star-configrouter#copy tftp flash--------------------------------------------------------------------------------端口状态Serial1 is up, line protocol is up 正常工作Serial1 is up, line protocol is down 连结问题Serial1 is down, line protocol is down端口问题Serial1 is administratively down, line protocol is down人为封闭配置存放器的值1、封闭路由器的电源从头启动按住ctrl+break键入进2、＞3、＞ o/r 0 × 2142(跳过 nvarm 启动恢复密码 )4、＞I5、当系统提示能否进入setup 模式时，按 N6、 router>7、 router>enable8、 router#9、进入改正后（包含密码、存放器的值：0×2100 为 rom monitor启动、 0× 2101 为 setup 模式启动、 0× 2102为10、 router#copy running-config starup-config11、 router#reload12、也能够在 router#setup 进入 setup 模式静态路由协议设置router(config)#ip route network submask(要抵达的网络号掩码)ip address( 下一跳或出口ip 地点 )rip 设置router(config)#router riprouter(config-router)#network network-numberrouter#show ip protocol查察 RIP 信息router#show ip route查察路由表router#debug ip rip查察 RIP更新信息router(config-router)#passive-interface e0(阻挡发出作息 )router(config-router)#ip rip receive version 1 2接收1、2RIP版本信息igrp 设置router(config)#router igrp as numberrouter(config-router)#network network numberrouter#show ip route查察路由表router#debug ip igrp events查察 IGRP 路由更新大体信息router#debug ip igrp transaction查察 IGRP路由更新详尽信息Router(config-router)#variance multiplier控制 IGRP load balancingRouter(config-router)#traffic-share {balanced | min}控制 load-balanced traffic的散布eigrp 设置router(config)#router eigrp as numberrouter(config-router)#network network numberrouter(config)#no auto-summry封闭自动汇总router(config)# auto-summry翻开自动汇总（默认是翻开的）router#show ip route eigrp显示目前的路由表里的EIGRP条目router#show ip protocol显示活动的路由协议进度的参数和目前的状态router#show ip eigrp neighbors显示被 EIGRP发现的街坊router#show ip eigrp traffic显示发出和收到的IP EIGRP 包的数目router#show ip eigrp topology显示 IP EIGRP的拓扑表Router#debug ip eigrpospf 设置1. Router(config)#router ospf process-idRouter(config-router)#network address( 能够是网络号也能够是Ip 地点 mask （通配掩码） area area-id Router(config-if)# ip ospf priority numbe配置 OSPF的优先级Router#show ip protocols考证 OSPF的配置Router#show ip route显示路由器学到的所有路由Router#show ip ospf interface type number显示 area-ID和毗邻信息Router#show ip ospf neighbor鉴于每接口显示OSPF街坊信息Router#debug ip ospf eventsRouter#debug ip ospf packet2. Router(config)# interface loopback number （ lookback 回路配置）Router(config-if)# ip address ip-address subnet-maskRouter(config-if)# ip ospf cost cost-numbe改正 OSPF 的 Cost 数值Router(config-if)# ip ospf authentication-key key配置明文口令Router(config-if)# ip ospf messge-digest-key keyid md5 key配置 MD5 口令(keyid 和 key 一定配对一致，两街坊才能够通讯)Router(config-route)# area area-id authentication [message-digest]message-digest 为可选项，使用后路由器只传递口令信息的纲要（或散列）配置 OSPF地区的考证：3. Router(config-if)# ip ospf hello-interval seconds配置 hello间隔：Router(config-if)# ip ospf dead-interval seconds配置 down 机判断间隔--------------------------------------------------------------------------------接见列表1.标准接见列表 (standard access lists): 只使用源 IP 地点来做过滤决定Router(config)#access-list 10 permit anyRouter(config)#int e1Router(config-if)#ip access-group 10 out使用 IP 标准 ACL 来控制VTY线路的接见 .Router(config)#line vty 0 4Router(config-line)#access-class 50 in删除 IP 标准 ACLRouter(config-line)#no ip access-class 50 inRouter(config)#no access-list 50,层 4 端口号来做过滤决定2.扩展接见列表 (extended access lists): 它比较源 IP 地点和目标 IP 地点 ,层 3 的协议字段Router(config)#access-list 110 permit ip any anyRouter(config)#int e1Router(config-if)#ip access-group 110 out3.虚构通道接见router(config)#line vty 0 4outer(config-line)#access-class 12 inip interface: 只显示IP 接见列表信息ip interface: 显示所有接口的信息和配置的ACL 信息ip interface [ 接口号 ]:显示详细某个接口的信息和配置的ACL信息running-config: 显示 DRAM 信息和ACL 信息 ,以及接口对ACL 的应用信息 .互换机配置互换机上设置登岸口令Switch(config)# enable password level level passwordSwitch(config)# no enable password level levelpassword hostname1900/2900(config)#hostname hostnameIP Address1900(config)#ip address {ip address} {mask}2950(config#interface vlan 12950(config-if)#ip address {ip_address} {mask}2950(config)#interface vlan 1default gateway1900/2950(config)#ip default-gateway {ip address}查察互换机的IP 地点1900#show ipManagement VLAN: 12950#show interface vlan 1Vlan1 is up, line protocol is up设置双工选项1900(config)#interface e0/11900(config-if)#duplex {auto | full |full-flow-control | half}2950(config)#interface fe0/12950(config-if)#duplex {auto | full | half}设置端口速度： switch(config-if)# speed {10|100|auto}查勘双工选项Switch#show interfaces fastethernet0/3查察 MAC 地点表1900/2950#show mac-address-table配置永远MAC 地点1900(config)#mac-address-table permanent {mac-address type module/port}1900#show mac-address-table2950(config)#mac-address-table static mac_addr {vlan vlan_id} [interface int1 [int2 ... int15]]--------------------------------------------------------------------------------配置受限静态MAC 地点1900(config)#mac-address-table restricted static {mac-address type module/port src-if-list} 1900#show mac-address-table2950(config)#mac-address-table secure mac-addr interface [vlan vlan-id]2950#show mac-address-table配置端口安全性1900(config-if)#port secure max-mac-count count1900(config)#interface e0/41900(config-if)#port secure1900(config-if)#port secure max-mac-count 11900(config)#address-violation {suspend | disable | ignore1900# show mac-address-table security2950(config-if)#port security max-mac-count count2950(config)#interface fa0/12950(config-if)#port security2950(config-if)#port security max-mac-count 102950(config-if)#port security action {shutdown | trap}2950#show mac-address-table secure2950#show port-security管理配置文件消除NVRAM1900#delete nvram2950#erase startup-configvlan 配置1900 VLAN 成立1900 下 ,使用 vlan [vlan#] name [name] [vlan#]命令 ,以下 :>en#config t(config)#hostname 19001900(config)#vlan 2 name sales1900(config)#vlan 3 name marketing1900(config)#vlan 4 name mis1900(config)#exit端口分派1900(config)#int e0/21900(config-if)#vlan-membership static 21900(config)#int e0/41900(config-if)#vlan-membership static 31900(config)#int e0/51900(config-if)#vlan-membership static 41900(config-if)#exit1900(config)#exitVLAN 考证1900#sh vlan2900 VLAN成立在 2950 下创立VLAN,在特权模式下使用vlan database 命令2950#vlan database2950(vlan)#vlan 2 name MarketingVLAN 2 modified:Name: Marketing2950(vlan)#vlan 3 name AccountingVLAN 3 added:Name: Accounting2950(vlan)#applyAPPLY complete2950(vlan)#Ctrl+C2950#端口分派2950 下的端口配置,使用 switchport access vlan [vlan#] 命令 ,2950(config-if)#int f0/22950(config-if)#switchport access vlan 22950(config-if)#int f0/32950(config-if)#switchport access vlan 32950(config-if)#int f0/42950(config-if)#switchport access vlan 42950(config-if)#exit2950(config)#exit考证配置信息,以下 :2950#sh vlan或2950#sh vlan brieftrunk 配置1900 trunk 配置1900(config)#int f0/261900(config-if)#trunk on2950 下在接口配置模式,使用 switchport命令,以下:2950(config)#int f0/122950(config-if)#switchport mode trunk2950(config-if)# switchport trunk encapsulation {isl|dot1q}2950(config-if)#^Z将某 VLAN 从中继中删除2950(config-if)# switchport trunk allowed vlan remove vlan-list增添某个VLAN 到中继线路2950(config-if)# switchport trunk allowed vlan add vlan-listConfiguring Inter-VLAN Routing给连结1900 的 trunk 端口配置 ,使用 encapsulation isl [vlan#] 命令 ,以下 : 2600Router(config)#int f0/2600Router(config-subif)#encapsulation isl [vlan#]2600Router(config-subif)#ip add ip add submask给连结2950 的这样配置,以下 :2600Router(config)#int f0/2600Router(config-subif)#encapsulation dot1q [vlan#]2600Router(config-subif)#ip add ip add submask--------------------------------------------------------------------------------VTP 配置1900(config)#vtp server1900(config)#vtp domain noco1900(config)#vtp password noko在特权模式下使用show vtp 命令考证 ,以下 :1900#sh vtpVTP version: 1Configuration revision: 0Maximum VLANs supported locally: 1005Number of existing VLANs: 5VTP domain name: nocoVTP password: nokoVTP operating mode: Server2950 以下 :2950(config)#vtp mode server2950(config)#vtp domain noco考证信息 ,以下 :2950#sh vtp ?counters VTP statisticsstatus VTP domain status2950#sh vtp statusNAT 配置配置静态变换Router(config)#ip nat inside source static local-ip global-ipRouter(config-if)#ip nat insideRouter(config-if)#ip nat outside配置动向地点变换Router(config)#ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} Router(config)#access-list access-list-number permit source [source-wildcard]Router(config)#ip nat inside source listaccess-list-number pool name配置 OverloadingRouter(config)#access-list access-list-number permitsource source-wildcardRouter(config)#ip nat inside source listaccess-list-number interface interface overload消除 NAT Translation TableRouter#clear ip nat translation *消除所有的动向地点变换条目Router#clear ip nat translation inside global-iplocal-ip [outside local-ip global-ip]消除一个简单的动向地点变换条目（内、外）Router#clear ip nat translation outsidelocal-ip global-ip消除一个简单的动向地点变换（外）Router#clear ip nat translation protocol inside global-ipglobal-port local-ip local-port [outside local-iplocal-port global-ip global-port] 消除一个扩展动向地点变换条目 Show命令输出信息Router#show ip nat translations------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------互换机 :1.在鉴于IOS 的互换机上设置主机名/ 系统名:switch(config)# hostname hostname/ 系统名:在鉴于CLI的互换机上设置主机名switch(enable) set system name name-string2.在鉴于IOS 的互换机上设置登录口令:switch(config)# enable password level 1 password在鉴于CLI的互换机上设置登录口令:switch(enable) set passwordswitch(enable) set enalbepass3.在鉴于 IOS 的互换机上设置远程接见:switch(config)# interface vlan 1switch(config-if)# ip address ip-address netmaskswitch(config-if)# ip default-gateway ip-address在鉴于CLI的互换机上设置远程接见:switch(enable) set interface sc0 ip-address netmask broadcast-addressswitch(enable) set interface sc0 vlan switch(enable) set ip route default gateway4.在鉴于 IOS 的互换机上启用和阅读CDP信息 :switch(config-if)# cdp enableswitch(config-if)# no cdp enable为了查察Cisco 毗邻设施的CDP 通知信息 :switch# show cdp interface [type modle/port]switch# show cdp neighbors [type module/port] [detail]在鉴于CLI的互换机上启用和阅读CDP信息 :switch(enable) set cdp {enable|disable} module/port为了查察Cisco 毗邻设施的CDP 通知信息 :switch(enable) show cdp neighbors[module/port] [vlan|duplex|capabilities|detail] 5.鉴于 IOS 的互换机的端口描绘 :switch(config-if)# de脚本ion de脚本ion-string鉴于 CLI的互换机的端口描绘:switch(enable)set port name module/number de脚本ion-string6.在鉴于 IOS 的互换机上设置端口速度:switch(config-if)# speed{10|100|auto}在鉴于CLI的互换机上设置端口速度:switch(enable) set port speed moudle/number {10|100|auto}switch(enable) set port speed moudle/number {4|16|auto}7.在鉴于IOS 的互换机上设置以太网的链路模式:switch(config-if)# duplex {auto|full|half}:在鉴于CLI的互换机上设置以太网的链路模式switch(enable) set port duplex module/number {full|half}8.在鉴于 IOS 的互换机上配置静态VLAN:switch# vlan databaseswitch(vlan)# vlan vlan-num name vlaswitch(vlan)# exitswitch# configure teriminalswitch(config)# interface interface module/numberswitch(config-if)# switchport mode accessswitch(config-if)# switchport access vlan vlan-numswitch(config-if)# end在鉴于CLI的互换机上配置静态VLAN:switch(enable) set vlan vlan-num [name name]switch(enable) set vlan vlan-num mod-num/port-list9. 在鉴于 IOS 的互换机上配置VLAN 中继线 :switch(config)# interface interface mod/portswitch(config-if)# switchport mode trunkswitch(config-if)# switchport trunk encapsulation {isl|dotlq}switch(config-if)# switchport trunk allowed vlan remove vlan-listswitch(config-if)# switchport trunk allowed vlan add vlan-list在鉴于CLI的互换机上配置VLAN 中继线 :switch(enable) set trunk module/port [on|off|desirable|auto|nonegotiate]Vlan-range [isl|dotlq|dotl0|lane|negotiate]--------------------------------------------------------------------------------10.在鉴于 IOS 的互换机上配置 VTP 管理域 :switch# vlan databaseswitch(vlan)# vtp domain domain-name在鉴于CLI的互换机上配置VTP 管理域 :switch(enable) set vtp [domain domain-name]11.在鉴于 IOS 的互换机上配置 VTP 模式 :switch# vlan databaseswitch(vlan)# vtp domain domain-nameswitch(vlan)# vtp {sever|cilent|transparent}switch(vlan)# vtp password password在鉴于CLI的互换机上配置VTP 模式 :switch(enable) set vtp [domain domain-name] [mode{ sever|cilent|transparent }][password password] 12.在鉴于 IOS 的互换机上配置 VTP 版本 :switch# vlan databaseswitch(vlan)# vtp v2-mode在鉴于CLI的互换机上配置VTP 版本 :switch(enable) set vtp v2 enable13.在鉴于 IOS 的互换机上启动 VTP 剪裁 :switch# vlan databaseswitch(vlan)# vtp pruning在鉴于CL I 的互换机上启动VTP 剪裁 :switch(enable) set vtp pruning enable14.在鉴于 IOS 的互换机上配置以太信道 :switch(config-if)# port group group-number [distribution {source|destination}]在鉴于 CLI的互换机上配置以太信道 :switch(enable) set port channel moudle/port-range mode{on|off|desirable|auto}--------------------------------------------------------------------------------15.在鉴于 IOS 的互换机上浮整根路径成本:switch(config-if)# spanning-tree [vlan vlan-list] cost cost在鉴于CLI的互换机上浮整根路径成本:switch(enable) set spantree portcost moudle/port costswitch(enable) set spantree portvlancost moudle/port [cost cost][vlan-list]16.在鉴于 IOS 的互换机上浮整端口 ID:switch(config-if)# spanning-tree[vlan vlan-list]port-priority port-priority在鉴于 CLI的互换机上浮整端口 ID:switch(enable) set spantree portpri {mldule/port}priority switch(enable)set spantree portvlanpri {module/port}priority [vlans]17.在鉴于 IOS 的互换机上改正 STP时钟 :switch(config)# spanning-tree [vlan vlan-list] hello-time secondsswitch(config)# spanning-tree [vlan vlan-list] forward-time secondsswitch(config)# spanning-tree [vlan vlan-list] max-age seconds在鉴于CLI的互换机上改正STP时钟 :switch(enable) set spantree hello interval[vlan]switch(enable) set spantree fwddelay delay [vlan]switch(enable) set spantree maxage agingtiame[vlan]18.在鉴于 IOS 的互换机端口上启用或禁用Port Fast 特点 :switch(config-if)#spanning-tree portfast在鉴于 CLI的互换机端口上启用或禁用Port Fast 特点 :switch(enable) set spantree portfast {module/port}{enable|disable}19.在鉴于 IOS 的互换机端口上启用或禁用UplinkFast 特点 :switch(config)# spanning-tree uplinkfast [max-update-rate pkts-per-second]在鉴于 CLI的互换机端口上启用或禁用UplinkFast 特点 :switch(enable) set spantree uplinkfast {enable|disable}[rate update-rate] [all-protocols off|on]--------------------------------------------------------------------------------20.为了将互换机配置成一个集群的命令互换机,第一要给管理接口分派一个IP 地点 ,而后使用以下命令 : switch(config)# cluster enable cluster-name cv 21.为了从一条中继链路上删除VLAN,可使用以下命令 :switch(enable) clear trunk module/port vlan-range22.用 show vtp domain显示管理域的VTP 参数 .23.用 show vtp statistics显示管理域的VTP 参数 .24.在 Catalyst 互换机上定义TrBRF的命令以下 :switch(enable) set vlan vlan-name [name name] type trbrf bridge bridge-num[stp {ieee|ibm}]--------------------------------------------------------------------------------25.在 Catalyst 互换机上定义 TrCRF的命令以下 :switch (enable) set vlan vlan-num [name name] type trcrf{ring hex-ring-num|decring decimal-ring-num} parent vlan-num26. 在创立好TrBRF VLAN以后,就能够给它分派互换机端口.关于以太网互换,能够采纳以下命令给VLAN 分派端口: switch(enable) set vlan vlan-num mod-num/port-num27. 命令 show spantree 显示一个互换机端口的STP状态 .28.配置一个 ELAN 的 LES和 BUS,能够使用以下命令 :ATM (config)# interface atm multiointATM(config-subif)# lane serber-bus ethernet elan-name29. 配置 LECS:ATM(config)# lane database database-nameATM(lane-config-databade)# name elan1-name server-atm-address les1-nsap-addressATM(lane-config-databade)# name elan2-name server-atm-address les2-nsap-addressATM(lane-config-databade)# name--------------------------------------------------------------------------------30.创立完数据库后 ,一定在主接口上启动 LECS命.令以下 :ATM(config)# interface atm numberATM(config-if)# lane config database database-nameATM(config-if)# lane config auto-config-atm-address31. 将每个 LEC配置到一个不一样的ATM 子接口上 .命令以下 :32.用 show lane server 显示 LES的状态 .33.用 show lane bus 显示 bus 的状态 .34.用 show lane database 显示 LECS数据库可内容 .35.用 show lane client 显示 LEC的状态 .36. 用 show module 显示已安装的模块列表.37.用物理接口成立与 VLAN 的连结 : router#configure terminal router(config)# interface mediamodule/port router(config-if)# de 脚本 ion de 脚本ion-stringrouter(config-if)# ip address ip-addr subnet-maskrouter(config-if)# no shutdown38. 用中继链路来成立与VLAN 的连结 :router(config)# interface module/router(config-ig)# encapsulation[isl|dotlq] vlan-numberrouter(config-if)# ip address ip-address subnet-mask39.用 LANE 来成立与 VLAN 的连结 :router(config)# interface atm module/portrouter(config-if)# no ip addressrouter(config-if)# atm pvc 1 0 5 qsaalrouter(config-if)# atm pvc 2 0 16 ilnirouter(config-if)# interface atm module/ multipointrouter(config-if)# ip address ip-address subnet-maskrouter(config-if)# lane client ethernet elan-numrouter(config-if)# interface atm module/ multipointrouter(config-if)# ip address ip-address subnet-namerouter(config-if)#--------------------------------------------------------------------------------40.为了在路由办理器长进行动向路由配置 ,能够用以下 IOS 命令来进行 :router(config)# ip routingrouter(config)# router ip-routing-protocolrouter(config-router)# network ip-network-numberrouter(config-router)# network ip-network-number（）41. 配置默认路由:switch(enable) set ip route default gateway42. 为一个路由办理器分派VLANID,可在接口模式下使用以下命令:router(config)# interface interface numberrouter(config-if)# mls rp vlan-id vlan-id-num43.在路由办理器启用 MLSP:router(config)# mls rp ip44.为了把一个外置的路由办理器接口和互换机布置在同一个 VTP 域中 :router(config)# interface interface numberrouter(config-if)# mls rp vtp-domain domain-name45.查察指定的 VTP 域的信息 :router# show mls rp vtp-domain vtp domain name46.要确立 RSM 或路由器上的管理接口 ,能够在接口模式下输入以下命令 :router(config-if)#mls rp management-interface47.要查验 MLS-RP的配置状况：router# show mls rp48.查验特定接口上的 MLS 配置：router# show mls rp interface interface number49.为了在 MLS-SE上设置流掩码而又不想在任一个路由办理器接口上设置接见列表：set mls flow [destination|destination-source|full]50.为使 MLS 和输入接见列表能够兼容，能够在全局模式下使用以下命令：router(config)# mls rp ip input-acl--------------------------------------------------------------------------------51.当某个互换机的第 3 层互换无效时，可在互换机的特权模式下输入以下命令：switch(enable) set mls enable52.若想改变老化时间的值，可在特权模式下输入以下命令：switch(enable) set mls agingtime agingtime53.设置迅速老化：switch(enable) set mls agingtime fast fastagingtime pkt_threshold54.确立那些 MLS-RP和 MLS-SE参加了 MLS，可先显示互换机引用列表中的内容再确立：switch(enable) show mls include55.显示 MLS 高速缓存记录：switch(enable) show mls entry56.用命令 show in arp 显示 ARP高速缓存区的内容。

“计算机网络实验”－实验报告实验序号：实验项目名称：VLAN之间的路由配置实验台号：三实验组号：实验时间：5月15日8：00—16:15实验成员及分工：实验目的：实验1，熟悉交换机的命令，掌握交换机的配置，学会如何划分vlan 子网。

实验2，进一步熟悉各个设备的配置，同时掌握路由控制链表的配置。

实验设备和环境：设备：两台pc，两台路由器，一台3750交换机，两台2950交换机，若干设备连接线环境：安全的网络环境实验过程及步骤：（可以另附页，给出相应的实验环境拓扑图和实验说明）实验总结：（遇到的问题、解决方法、收获和体会，可以另附页）实验器材、验收同学：实验责任人：实验记录人：报告执笔人：实验完成时间：验收同学：实验小组成员签名：指导教师签名： 成绩：一、VLAN 之间的路由配置Switch>enable Switch#config tEnter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname c3750 c3750(config)#exit c3750#00:01:19: %SYS-5-CONFIG_I: Configured from console by console c3750#vlan b00:01:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state t o upc3750#vlan basedata ^% Invalid input detected at '^' marker.c3750#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.c3750(vlan)#vlan 2 name market交换机3750IP 地址： 192.168.2.2 默认网关： 192.168.2.1交换机2950IP 地址： 192.168.3.5 默认网关： 192.168.3.1路由器2811fa1/0/24fa1/0/23fa0/24fa 0/0图9.5 采用单臂路由实现VLAN 之间的路由VLAN 2 modified:Name: marketc3750(vlan)#vlan 3 name developVLAN 3 modified:Name: developc3750(vlan)#end^% Invalid input detected at '^' marker.c3750(vlan)#exitAPPL Y completed.Exiting....c3750#config tEnter configuration commands, one per line. End with CNTL/Z.c3750(config)#inter range f0/1 -4^% Invalid input detected at '^' marker.c3750(config)#inter range f1/1 -4^% Invalid input detected at '^' marker.c3750(config)#inter range fa1/1 -4^% Invalid input detected at '^' marker.c3750(config)#interface range fa1/0/1 -4c3750(config-if-range)#switchport access vlan 2c3750(config-if-range)#interface range fa1/0/5 -8c3750(config-if-range)#switchport access vlan 3c3750(config-if-range)#exitc3750(config)#inter fa1/0/24c3750(config-if)#switchport trunk encap dot1qc3750(config-if)#switchport mode trunkc3750(config-if)#interface fa1/0/23c3750(config-if)#switchport tunk encap dot1q^% Invalid input detected at '^' marker.c3750(config-if)#switchport trunk encap dot1qc3750(config-if)#switchport mode trunkc3750(config-if)#e00:07:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to downc3750(config-if)#exitc3750(config)#00:08:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23, changed state to upc3750(config)#% Please answer 'yes' or 'no'.Would you like to enter the initial configuration dialog? [yes/no]:% Please answer 'yes' or 'no'.Would you like to enter the initial configuration dialog? [yes/no]: noPress RETURN to get started!Router>Router>enableRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#inter f0/0Router(config-if)#no shutdownRouter(config-if)#Router(config-if)#*May 15 03:16:07.219: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up*May 15 03:16:10.219: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upRouter(config-if)#interf f0/0.2Router(config-subif)#encap dot1q 2Router(config-subif)#ip address% Incomplete command.Router(config-subif)#ip address 192.168.2.1 255.255.255.0Router(config-subif)#no shutdownRouter(config-subif)#inter f0/0.3Router(config-subif)#encap dot1q 3Router(config-subif)#ip address 192.168..3.1 255.255.255.0^% Invalid input detected at '^' marker.Router(config-subif)#ip address 192.168.3.1 255.255.255.0Router(config-subif)#exitRouter(config)#inter f0/0.3Router(config-subif)#no shutdownRouter(config-subif)#endRouter#*May 15 03:19:17.519: %SYS-5-CONFIG_I: Configured from console by console% Please answer 'yes' or 'no'.Would you like to enter the initial configuration dialog? [yes/no]: nPress RETURN to get started!Switch>00:13:51: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down00:13:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to downe% Ambiguous command: "e"Switch>enableSwitch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#hostname c2950c2950(config)#exitc2950#v00:14:18: %SYS-5-CONFIG_I: Configured from console by console]% Unknown command or computer name, or unable to find computer addressc2950#vlan database% Warning: It is recommended to configure VLAN from config mode,as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.c2950(vlan)#vlan 2 name marketVLAN 2 modified:Name: marketc2950(vlan)#vlan 3 name developVLAN 3 modified:Name: developc2950(vlan)#vtp clientDevice mode already VTP CLIENT.c2950(vlan)#exitIn CLIENT state, no apply attempted.Exiting....c2950#config tEnter configuration commands, one per line. End with CNTL/Z.c2950(config)#inter range fa0/1 -4c2950(config-if-range)#switchport access vlan 2c2950(config-if-range)#inter range fa0/0/5 -8^% Invalid input detected at '^' marker.c2950(config)#inter range fa0/5 -8c2950(config-if-range)#switchport access vlan 3c2950(config-if-range)#interface f0/24c2950(config-if)#switchport mode trunkc2950(config-if)#exitc2950(config)#endc2950#00:18:36: %SYS-5-CONFIG_I: Configured from console by console二、路由访问控制列表配置未添加acl 之前 R1的配置Router>enable Router#config tEnter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname ri ri(config)#inter f0/0ri(config-if)#ip address 192.168.1.1 255.255.255.0交换机2950-A交换机2950-B路由器r1路由r2IP 地址： 192.168.1.2 默认网关： 192.168.1.1S0/0/0S0/1fa0/1192.168.1.1192.168.2.1fa0/1 192.168.12.2192.168.12.1IP 地址： 192.168.2.2 默认网关： 192.168.2.1图8.20 采用交换机的路由器配置环境ri(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upri(config-if)#inter s0/0/0^% Invalid input detected at '^' marker.ri(config-if)#exitri(config)#inter s0/0/0^% Invalid input detected at '^' marker.ri(config)#inter s0/0/1^% Invalid input detected at '^' marker.ri(config)#inter s0/0ri(config-if)#ri(config-if)#exitri(config)#interface Serial0/0ri(config-if)#ri(config-if)#exitri(config)#interface Serial0/1ri(config-if)#ri(config-if)#exitri(config)#interface Serial0/0ri(config-if)#ip address 192.168.12.1 255.255.255.0ri(config-if)#encap pppri(config-if)#clock rate 64000ri(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/0, changed state to downri(config-if)#no shutdownri(config-if)#ri(config-if)#exitri(config)#interface Serial0/0ri(config-if)#exitri(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleri#config tEnter configuration commands, one per line. End with CNTL/Z.ri(config)#router ripri(config-router)#network 192.168.1.0ri(config-router)#network 192.168.12.0ri(config-router)#end%SYS-5-CONFIG_I: Configured from console by consoleri#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.1.0/24 is directly connected, FastEthernet0/0ri#%LINK-5-CHANGED: Interface Serial0/0, changed state to upri#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.1.0/24 is directly connected, FastEthernet0/0ri#ri#configure terminalEnter configuration commands, one per line. End with CNTL/Z.ri(config)#interface Serial0/0ri(config-if)#ri(config-if)#exitri(config)#ri(config)#ri(config)#router ripri(config-router)#ri#%SYS-5-CONFIG_I: Configured from console by consoleri#ping 192.168.12.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds: .....Success rate is 0 percent (0/5)ri#show interFastEthernet0/0 is up, line protocol is up (connected)Hardware is Lance, address is 00e0.f9aa.eb23 (bia 00e0.f9aa.eb23) Internet address is 192.168.1.1/24MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setARP type: ARPA, ARP Timeout 04:00:00,Last input 00:00:08, output 00:00:05, output hang neverLast clearing of "show interface" counters neverInput queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: fifoOutput queue :0/40 (size/max)5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 input packets with dribble condition detected1 packets output, 52 bytes, 0 underruns0 output errors, 0 collisions, 1 interface resets0 babbles, 0 late collision, 0 deferred0 lost carrier, 0 no carrierri#show interFastEthernet0/0 is up, line protocol is up (connected)Hardware is Lance, address is 00e0.f9aa.eb23 (bia 00e0.f9aa.eb23) Internet address is 192.168.1.1/24MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setARP type: ARPA, ARP Timeout 04:00:00,Last input 00:00:08, output 00:00:05, output hang neverLast clearing of "show interface" counters neverInput queue: 0/75/0 (size/max/drops); Total output drops: 0Queueing strategy: fifoOutput queue :0/40 (size/max)5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 input packets with dribble condition detected1 packets output, 52 bytes, 0 underruns0 output errors, 0 collisions, 1 interface resets0 babbles, 0 late collision, 0 deferred0 lost carrier, 0 no carrier0 output buffer failures, 0 output buffers swapped outSerial0/0 is up, line protocol is down (disabled)Hardware is HD64570Internet address is 192.168.12.1/24MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation PPP, loopback not set, keepalive set (10 sec)LCP ClosedClosed: LEXCP, BRIDGECP, IPCP, CCP, CDPCP, LLC2, BACPLast input never, output never, output hang neverLast clearing of "show interface" counters never--More--%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to upInput queue: 0/75/0 (size/max/drops); Total output drops: 0Queueing strategy: weighted fairOutput queue: 0/1000/64/0 (size/max total/threshold/drops)ri#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.1.0/24 is directly connected, FastEthernet0/0R 192.168.2.0/24 [120/1] via 192.168.12.2, 00:00:08, Serial0/0C 192.168.12.0/24 is directly connected, Serial0/0R2的配置Router>enableRouter#hostname r2^% Invalid input detected at '^' marker.Router#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname r2r2(config)#interfa f0/0\^% Invalid input detected at '^' marker.r2(config)#inter f0/0r2(config-if)#ip address 192.168.2.1 255.255.255.0r2(config-if)#no shutdown%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upr2(config-if)#inter s0/1r2(config-if)#ip address 192.168.12.2 255.255.255.0r2(config-if)#no shutdown%LINK-5-CHANGED: Interface Serial0/1, changed state to upr2(config-if)#exitr2(config)#router ripr2(config-router)#network 192.168.12.0r2(config-router)#network 192.168.2.0r2(config-router)#end%SYS-5-CONFIG_I: Configured from console by consoler2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.2.0/24 is directly connected, FastEthernet0/0r2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setC 192.168.2.0/24 is directly connected, FastEthernet0/0r2#conf tEnter configuration commands, one per line. End with CNTL/Z.r2(config)#inter s0/1r2(config-if)#encap pppr2(config-if)#e%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to upxitr2(config)#exit%SYS-5-CONFIG_I: Configured from console by consoler2#ping 192.168.12.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 msr2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setR 192.168.1.0/24 [120/1] via 192.168.12.1, 00:00:18, Serial0/1C 192.168.2.0/24 is directly connected, FastEthernet0/0C 192.168.12.0/24 is directly connected, Serial0/1r2#标准数据包过滤ri(config)#access-list 99 deny 192.168.2.2 0.0.0.0ri(config)#access-list permit 0.0.0.0 255.255.255.255^% Invalid input detected at '^' marker.ri(config)#interf s0/0ri(config-if)#ip access-group 99 inri(config-if)#end%SYS-5-CONFIG_I: Configured from console by consoleri#show ip access-listStandard IP access list 99deny host 192.168.2.2ri#扩展ip访问链表配置ri(config)#inter s0/0ri(config-if)#no ip access-group 99 inri(config-if)#exitri(config)#access-list 110 deny tcp 192.168.2.2 0.0.0.0 192.168.12.1.0.0.0.0 eq23^% Invalid input detected at '^' marker.ri(config)#access-list 110 deny tcp 192.168.2.2 0.0.0.0 192.168.12.1.0.0.0.0 eq 23^% Invalid input detected at '^' marker.ri(config)#ri(config)#access-list 110 deny tcp 192.168.2.2 0.0.0.0 192.168.12.1 0.0.0.0 eq 23 ri(config)#inter s0/0ri(config-if)#exitri(config)#access-list 110 permit ip any anyri(config)#inter s0/0ri(config-if)#ip access-group 110 inri(config-if)#exitri(config)#exit%SYS-5-CONFIG_I: Configured from console by console ri#show ip access-listStandard IP access list 99deny host 192.168.2.2Extended IP access list 110deny tcp host 192.168.2.2 host 192.168.12.1 eq telnet permit ip any any (2 match(es))ri#。

T op 10 Recommendations for Plantwide EtherNet/IP Deployments With cyber security and network performance at the forefront, follow a plan to help ensure the best industrial network design for your plant.To deploy EtherNet/IP plantwide at your facility, you need an industrial network design methodology. Following a plan helps you create structure and hierarchy to help maintain real-time network performance. In addition, it helps enable the convergence of multiple control and information disciplines, including data collection, configuration, diagnostics, discrete, process, batch, safety, time synchronization, drive, motion, energy management, voice and video (see Figure 1).To design and plan a plantwide EtherNet/IP network, first consider each level of the logical model shown in Figure 2. Then generate a network requirements document using industry best practices and standards. Be sure to include any required future expansion capabilities. Next, take an inventory of devices and applications with network dependencies within the logical model to help define a physical and logical topology for the requirements document.Figure 1. A converged plantwide EtherNet/IP architecture enables the convergence of multiple control and information disciplines.Rockwell Automation andCisco Four Key Initiatives:• Common Technology View:A single system architecture, usingopen, industry standard networkingtechnologies, such as Ethernet, isparamount for achieving the flexibility,visibility, and efficiency required in acompetitive manufacturing environment.• Coverged Plantwide Ethernet Architectures:These manufacturing focusedreference architectures, comprisedof the Rockwell Automation IntegratedArchitecture™ and Cisco’s IndustrialIntelligence, provide users with thefoundation for success to deploy thelatest technology by addressingtopics relevant to both engineeringand IT professionals.• Joint Product and Solution Collaboration:Stratix 8000™ Industrial Ethernet switchincorporating the best of Cisco and thebest of Rockwell Automation.• People and Process Optimization:Education and services to facilitateManufacturing and IT convergence andallow successful architecture deploymentand efficient operations allowing criticalresources to focus on increasinginnovation and productivity.Implement the installation, procurement and configuration of the network following the generated requirements document. Then audit the network against standards to help ensure that the network requirements were met.To maximize network availability, manage change control, and monitor the network to identify issues early. Assess network moves, additions and changes as part of the change-control process to protect the integrity of the requirements and your network performance. 10 Recommendations for EtherNet/IP Deployment Industrial managers who want to deploy plantwide EtherNet/IP can follow these 10 industrial network design recommendations from Rockwell Automation and Cisco:1. Understand a networked device’s application and functional requirements.These include data requirements such as communication patterns and traffic types (industrial and nonindustrial). 2. Enable a future-ready network e industry and technology standards, reference models and reference architectures, such as the Cisco and Rockwell Automation Converged Plantwide Ethernet (CPwE) Architectures.3. Create structure within the plantwide EtherNet/IP network.Develop a logical topology that uses both a multi-tier switch hierarchy (Layer 2 and Layer 3) and the logical model shown in Figure 2. Define zones and segmentation, then place industrial automation and control system devices, servers or other communicating end-devices within the logical topology based on their location, function, availability andperformance requirements.Figure 2. T o design and plana plantwide EtherNet/IPnetwork, first consider eachlevel of the logical modelshown here.2“Designing and deployingplantwide EtherNet/IP requiresan industrial network designmethodology to help ensure arobust, secure and future-readynetwork platform.”4. Segment the logical topology into modular building blocks.Create smaller Layer 2 networks to minimize broadcast domains. Use virtual local area networks (VLANs) within a zone to segment different traffic types, such as industrial and nonindustrial. Minimize the number of devices to less than 200 within a zone and VLAN. Use firewalls to strongly segment the manufacturing and enterprise zones, creating a demilitarized zone (DMZ) that enables secure sharing of applications and data between the zones.5. Use managed industrial switches.These provide key network services such as loop prevention, resiliency, segmentation, prioritization, time synchronization, multicast management, security and diagnostics.6. Design and implement a robust physical layer reflecting availabilityand resiliency requirements.Overlay the logical topology over the plant physical layout to create the physical topology. Use 1 gigabit-per-second fiber uplinks and redundant paths between switches for optimal network resiliency.Ensure the end devices and network infrastructure devices communicate at the best possible speed and duplex. Deploy physical cabling corresponding to plant conditions and requirements.In addition, deploy a defense-in-depth approach to help prevent noise coupling through techniques such as bonding, EMI segregation, shield barriers and filtering.7. Determine application and network security requirements.Establish early dialogue with IT, considering applicable IT requirements. Implement a defense-in-depth security approach at multiple application layers such as physical, device, network and application, using an industrial security policy that’s unique from and in addition to the enterprise security policy.8. Reduce network latency and jitter by using standard network protocols. Protocols include time synchronization using IEEE 1588 precision time protocol (PTP), quality of service (QoS) for control data prioritization and Internet Group Management Protocol for multicast management.9. Increase control and information data availability.Implement a redundant path network topology such as a ring or redundant star.In addition, use a resiliency protocol to avoid Layer 2 loops while helping to ensure fast network convergence time. These considerations affect how quickly the network will recover from a disruption, which may result in application timeouts and system shutdowns.10. Deploy a hierarchical network model using Layer 3 switches.Layer 3 switches support inter-VLAN routing between cell/area (Layer 2 network) zones and plantwide applications and servers. Layer 3 switch capabilities enable design recommendation 4. If the application requires industrialized Layer 3 switches, consider products such as the Allen-Bradley® Stratix 8300™ Layer 3 managed switch.Learn more about design guidance and recommendations from Cisco and Rockwell Automation by visiting /networks/architectures.html.3Additional ResourcesRockwell Automation References Architectures Website/networks/architectures.htmlRockwell Automation EtherNet/IP Website/networks/ethernet/Rockwell Automation Network and Security Services Website/services/networks/Reference Architectures for Manufacturing Whitepaper/idc/groups/literature/documents/wp/enet-wp004_-en-e.pdfConverged Plantwide Ethernet Architectures Designand Implementation Guide (DIG)/idc/groups/literature/documents/td/enet-td001_-en-p.pdfNetwork Infrastructure for EtherNet/IP: Introduction and Considerations – ODVA/Portals/0/Library/Publications_Numbered/PUB00035R0_Infrastructure_Guide.pdfEtherNet/IP Media Planning and Installation Manual – ODVA/Portals/0/Library/Publications_Numbered/PUB00148R0_EtherNetIP_Media_Planning_and_Installation_Manual.pdfGuidance for Selecting Cables for EtherNet/IP Networks Whitepaper/idc/groups/literature/documents/wp/enet-wp007_-en-p.pdfRockwell Automation Knowledgebase /Cisco is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found at .F or ongoing news, please go to . Cisco equipment in Europe is supplied by Cisco Systems International BV, a wholly owned subsidiary of Cisco Systems, Inc. Americas HeadquartersCisco Systems, Inc.San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd.Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The NetherlandsCisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at /go/offices.CCDE, CCENT , Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco T elePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting T o Y ou, Catalyst, CCDA, CCDP , CCIE, CCIP , CCNA, CCNP , CCSP , CCVP , Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center , Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaT one, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMART net, Spectrum Expert, StackWise, The Fastest Way to Increase Y our Internet Quotient, T ransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0809R)Rockwell Automation is a leading provider of power , control and information solutions that enable customers to get products to market faster , reduce their total cost of ownership, better utilize plant assets, and minimize risks in their manufacturing environments.Americas:Rockwell Automation1201 South Second StreetMilwaukee, WI 53204-2496 USAT el: (1) 414.382.2000, Fax: (1) 414.382.4444Asia Pacific:Rockwell Automation L evel 14, Core F , Cyberport 3 100 Cyberport Road, Hong Kong T el: (852) 2887 4788, Fax: (852) 2508 1846Europe/Middle East/Africa: Rockwell Automation NV, Pegasus Park, De Kleetlaan 12a 1831 Diegem, Belgium T el: (32) 2 663 0600, Fax: (32) 2 663 0640© 2011 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved.Publication ENET-WP022B-EN-E — October 2011T o learn more about how Cisco and Rockwell Automation can help you, please visit:/partners/cisco.html/web/strategy/manufacturing/cisco-rockwell_automation.html。

Vlan EXCISE 31.Refer to the exhibit. The network administrator has just added VLAN 50 to Switch1 and Switch2 and assigned hosts on the IP addresses of the VLAN in the 10.1.50.0/24 subnet range. Computer A can communicate with computer B, but not with computer C or computer D. What is the most likely cause of this problem?A．There is a native VLAN mismatch.B．The link between Switch1 and Switch2 is up but not trunked.C．The router is not properly configured for inter-VLAN routing.D．VLAN 50 is not allowed to entering the trunk between Switch1 and Switch2.2.Refer to the exhibit. The exhibited configurations do not allow the switches to form a trunk. What is the most likely cause of this problem?A．Cisco switches only support the ISL trunking protocol.B．The trunk cannot be negotiated with both ends set to auto.C．By default, Switch1 will only allow VLAN 5 across the link.D．A common native VLAN should have been configured on the switches.3.Refer to the exhibit. Which two conclusions can be drawn regarding the switch that produced the output shown? (Choose two.)A．The network administrator configured VLANs 1002-1005.B．The VLANs are in the active state and are in the process of negotiating configuration parameters.C．A FDDI trunk has been configured on this switch.D．The command switchport access vlan 20 was entered in interface configuration mode for Fast Ethernet interface 0/1.E．Devices attached to ports fa0/5 through fa0/8 cannot communicate with devices attached to ports fa0/9 through fa0/12 without the use of a Layer 3 device.4. What statements describe how hosts on VLANs communicate?A．Hosts on different VLANs use VTP to negotiate a trunk.B．Hosts on different VLANs communicate through routers.C．Hosts on different VLANs should be in the same IP network.D．Hosts on different VLANs examine VLAN ID in the frame tagging to determine if the frame for their network.5. Switch port fa0/1 was manually configured as a trunk, but now it will be used to connect a host to the network. How should the network administrator reconfigure switch port Fa0/1?A．Disable DTP.B．Delete any VLANs currently being trunked through port Fa0/1.C．Administratively shut down and re-enable the interface to return it to default.D．Enter the switchport mode access command in interface configuration mode.6.Refer to the exhibit. SW1 and SW2 are new switches being installed in the topology shown in the exhibit. Interface Fa0/1 on switch SW1 has been configured with trunk mode “on”. Which statement is true about forming a trunk link between the switches SW1 and SW2?A．Interface Fa0/2 on switch SW2 will negotiate to become a trunk link if it supports DTP.B．Interface Fa0/2 on switch SW2 can only become a trunk link if statically configured as a trunk.C．Interface Fa0/1 converts the neighboring link on the adjacent switch into a trunk link if the neighboring interface is configured in nonegotiate mode.D．Interface Fa0/1 converts the neighboring link on the adjacent switch into a trunk link automatically with no consideration of the configuration on the neighboring interface.7. The network administrator wants to separate hosts in Building A into two VLANs numbered 20 and 30. Which two statements are true concerning VLAN configuration? (Choose two.)A．The VLANs may be named.B．VLAN information is saved in the startup configuration.C．Non-default VLANs created manually must use the extended range VLAN numbers.D．The network administrator may create the VLANs in either global configuration mode or VLAN database mode.E．Both VLANs may be named BUILDING_A to distinguish them from other VLANs in different geographical locations.8. What is a valid consideration for planning VLAN traffic across multiple switches?A．Configuring interswitch connections as trunks will cause all hosts on any VLAN to receive broadcasts from the other VLANs.B．A trunk connection is affected by broadcast storms on any particular VLAN that is carried by that trunk.C．Restricting trunk connections between switches to a single VLAN will improve efficiency of port usage.D．Carrying all required VLANs on a single access port will ensure proper traffic separation.9. What are two characteristics of VLAN1 in a default switch configuration? (Choose two.)A．VLAN1 should renamed.B．VLAN 1 is the management VLAN.C．All switch ports are members of VLAN1.D．Only switch port 0/1 is assigned to VLAN1.E．Links between switches must be members of VLAN1.10.Refer to the exhibit. Which statement is true concerning interface Fa0/5? A．The default native VLAN is being used.B．The trunking mode is set to auto.C．Trunking can occur with non-Cisco switches.D．VLAN information about the interface encapsulates the Ethernet frames.11. What statement about the 802.1q trunking protocol is true? A．802.1q is Cisco proprietary.B．802.1q frames are mapped to VLANs by MAC address.C．802.1q does NOT require the FCS of the original frame to be recalculated.D．802.1q will not perform operations on frames that are forwarded out access ports.12. What is the effect of the switchport mode dynamic desirable command?A．DTP cannot negotiate the trunk since the native VLAN is not the default VLAN.B．The remote connected interface cannot negotiate a trunk unless it is also configured as dynamic desirable.C．The connected devices dynamically determine when data for multiple VLANs must be transmitted across the link and bring the trunk up as needed.D．A trunk link is formed if the remote connected device is configured with the switchport mode dynamic auto or switchport mode trunk commands.13. A network administrator is removing several VLANs from a switch. When the administrator enters the no vlan 1command, an error is received. Why did this command generate an error?A．VLAN 1 can never be deleted.B．VLAN 1 can only be deleted by deleting the vlan.dat file. C．VLAN 1 can not be deleted until all ports have been removed from it.D．VLAN 1 can not be deleted until another VLAN has been assigned its responsibilities.14.Refer to the exhibit. Company HR is adding PC4, a specialized application workstation, to a new company office. The company will add a switch, S3, connected via a trunk link to S2, another switch. For security reasons the new PC will reside in the HR VLAN, VLAN 10. The new office will use the 172.17.11.0/24 subnet. After installation, users on PC1 are unable to access shares on PC4. What is the likely cause?A．The switch to switch connection must be configured as an access port to permit access to VLAN 10 on S3.B．The new PC is on a different subnet so Fa0/2 on S3 must be configured as a trunk port.C．PC4 must use the same subnet as PC1.D．A single VLAN cannot span multiple switches.15.Refer to the exhibit. Computer 1 sends a frame to computer 4. On which links along the path between computer 1 and computer 4 will a VLAN ID tag be included with the frame?A．AB．A, BC．A, B, D, GD．A, D, FE．C, EF．C, E, F16.Refer to the exhibit. Computer B is unable to communicate with computer D. What is the most likely cause of this problem?A．The link between the switches is up but not trunked.B．VLAN 3 is not an allowed VLAN to enter the trunk between the switches.C．The router is not properly configured to route traffic between the VLANs.D．Computer D does not have a proper address for the VLAN 3 address space.17. What happens to the member ports of a VLAN when the VLAN is deleted?A．The ports cannot communicate with other ports.B．The ports default back to the management VLAN.C．The ports automatically become a part of VLAN1.D．The ports remain a part of that VLAN until the switch is rebooted. They then become members of the management VLAN.18. Which two statements describe the benefits of VLANs? (Choose two.)A．VLANs improve network performance by regulating flow control and window size.B．VLANs enable switches to route packets to remote networks via VLAN ID filtering.C．VLANs reduce network cost by reducing the number of physical ports required on switches.D．VLANs improve network security by isolating users that have access to sensitive data and applications.E．VLANs divide a network into smaller logical networks, resulting in lower susceptibility to broadcast storms.19. What switch port modes will allow a switch to successfully form a trunking link if the neighboring switch port is in "dynamic desirable" mode?A．dynamic desirable modeB．on or dynamic desirable modeC．on, auto, or dynamic desirable modeD．on, auto, dynamic desirable, or nonegotiate mode20. What must the network administrator do to remove Fast Ethernet port fa0/1 from VLAN 2 and assign it to VLAN 3?A．Enter the no vlan 2 and the vlan 3 commands in global configuration mode.B．Enter the switchport access vlan 3command in interface configuration mode.C．Enter the switchport trunk native vlan 3 command in interface configuration mode.D．Enter the no shutdown in interface configuration mode to return it to the default configuration and then configure the port for VLAN 3.21.Refer to the exhibit. How far is a broadcast frame that is sent by computer A propagated in the LAN domain?A．none of the computers will receive the broadcast frame B．computer A, computer B, computer CC．computer A, computer D, computer GD．computer B, computer CE．computer D, computer GF．computer A, computer B, computer C, computer D, computer E, computer F, computer G, computer H, computer I。

·A CK TCP报文段中确认位ACK=1时，有效。

ACK=0时，无效·A RP，Address Resolution Protocol 地址解析协议已知主机或路由器的IP地址，找出其相应的硬件地址·A RQ协议，Automatic Repeat reQuest自动重传请求协议·A S，Autonomous System自治系统·A SK，Amplitude Shift Keying幅移键控ATM，Asynchronous Transfer Mode 局域网拓扑之一，A TM网单元交换技术使用53字节的单元进行交换BGP，Border Gateway Protocol 边界网关协议，采用路径向量，应用层协议基于TCP，端口号179C/S，Client/Server客户/服务器模型CDM，Code Division Multiple码分多路复用CHAP，Challenge Handshake Authentication Protocol 挑战握手认证协议，属于PPP协议集通过3次握手，用哈希值取代密码CIDR，Classless Inter-Domain Routing无分类编址cookie 储存在用户主机中的文本文件由服务器产生，作为识别用户的手段CRC，Cyclic Redundancy Check循环冗余校验码CSMA，Carrrier Sense Multiple Access载波侦听多路访问协议CSMA/CA，CSMA with Collision Avoidance载波侦听多路访问/冲突避免协议CSMA/CD，CSMA/Collision Detection载波监听多路访问/碰撞检测协议CTS，Clear To Send CSMA/CA协议中，允许发送控制帧AP收到RTS后，若信道空闲，广播允许发送控制帧DF，Don't Fragment IPv4分组标志字段中间位，DF=0时才允许分片DHCP，Dynamic Host Configuration Protocol 动态主机配置协议，动态地分配IP地址，应用层协议基于UDP，C/S模式DIX Ethernet V2世界上第一个局域网产品（以太网）的规定DNS，Domain Name System 域名系统，描述名字-地址映射，C/S模型采用UDP，端口号53EGP，External Gateway Protocol外部网关协议E-mail，Electronic Mail电子邮件FDDI，Fiber Distributed Data Interface局域网拓扑之一，光纤分布数字接口，IEEE 802.8 FDM，Frequency-Division Multiplexing频分多路复用FEC，Forward Error Correction前向纠错FIN，Finish TCP报文段中终止位，用来释放一个连接FSK，Frequency Shift Keying频移键控FTP，File Transfer Protocol文件传输协议，C/S模型，使用TCP，端口号20、21 GBN协议，Go Back N Frames Protocal后退N帧协议HTML，Hyper Text Markup Language 超文本标记语言使用约定的标记对页面上的各种信息、格式进行描述HTTP，Hypertext Transfer Protocol超文本传输协议，应用层协议，使用TCP IANA，Internet Assigned Numbers Authority互联网数字分配机构，互联网地址指派机构ICANN，Internet Corporation for Assigned Names andNumbers互联网名称与数字地址分配机构ICMP，Internet Control Message Protocol 网际控制报文协议，网络层协议报告差错情况和提供有关异常情况的报告IGMP，Internet Group Management Protocol 网际组管理协议组播路由器用来维护组播组成员信息的协议IGP，Interior Gateway Protocol内部网关协议IMAP，Internet Mail Access Protocol因特网报文存取协议，邮件访问标准协议之一Interdomain Routing自治系统之间的路由选择叫做域间路由选择Intradomain Routing自治系统内部的路由选择叫做域内路由选择ISP，Internet Service Provider网络服务提供商，如电信、网通LCP，Link Control Protocol PPP协议的组成部分，链路控制协议Link-State Database 链路状态数据库全网的拓扑结构图，它在全网范围内是一致的LLC子层，Logical Link Control逻辑链路控制LLC子层MAC，Medium Access Control介质访问控制MAC地址，Media Access Control Address介质访问控制地址，物理地址MAC子层，Media Access Control媒体接入控制MAC子层MF，More Fragment IPv4分组标志字段最低位MF=1时后面还有分片，MF=0时是最后一个分片MIME，Multipurpose Internet Mail Extensions 多用途网际邮件扩充增加邮件主体的结构，定义传送非ASCII码的编码规则MSL，Maximun Segment Lifetime 报文最大生存时间TCP释放时客户机需等待2MSL才能进入到连接关闭状态MSS，Maximum Segment Size 最大报文段长度，TCP规定的一种选项TCP报文段中的数据字段的最大长度NA T，Network Address Translation网络地址转换，将专用网络地址转换为公用地址NCP，Network Control Protocol PPP协议的组成部分，网络控制协议NIC，Network Interface Card网络接口卡NRZI编码，Non-Return-to-Zero Inverted Encoding反向非归零编码NRZ编码，Non-Return-to-Zero Encoding非归零编码OSPF，Open Shortest Path First 开放最短路径优先协议，使用链路状态网络层协议，协议字段89P2P，Peer to Peer对等连接模型PAP认证，Password Authentication Protocol 密码认证协议，属于PPP协议集通过2次握手，传输密码是明文PCI，Protocol Control Information协议控制信息，控制协议操作的信息，PDU＝PCI＋SDU PCM，Pulse Code Modulation对音频信号进行编码的脉码调制PDU，Protocol Data Unit 协议数据单元，对等层次之间传送的数据单元PDU＝PCI＋SDUPING，Packet Inter Net Groper 分组网间探测，ICMP的应用之一工作在应用层，直接使用网络层ICMPPOP，Post Office Protocol邮局协议，C/S模型，使用TCP，端口号110PPP协议，Point-to-Point Protocol 应用在直接连接两个结点的链路上使用串行线路通信的面向字节的协议PSH，Push TCP报文段中推送位PSH=1的报文段，不等缓存填满，尽快交付进程PSK，Phase Shift Keying相移键控PVC，Permanent Virtual Circuit永久性虚电路QAM，Quadrature Amplitude Modulation正交振幅调制RARP，Reverse Address Resolution Protocol 逆地址解析协议知道自己硬件地址的主机，找出其IP地址RIP，Routing Information Protocol 路由信息协议，基于距离向量应用层协议，使用UDP，端口号520RST，Reset TCP报文段中复位位RST=1，表明TCP连接出现严重差错RTO，Retransmission Time-Out TCP超时重传机制，略大于保留加权平均往返时间RTTsRTS，Request To Send CSMA/CA协议中请求发送控制帧发送端发送数据前，先广播请求发送控制帧RTT，Round-Trip Time往返时延，从发送方发送数据到收到接收方确认的时间RZ编码，Return-to-zero Code Encoding归零编码SAP，Service Access Point访问服务点，常见的接口SDN，Software Defined Network 软件定义网络，核心技术OpenFlow 分离了网络设备的控制面与数据面SDU，Service Date Unit 服务数据单元，为完成用户所需的功能而应传送的数据PDU＝PCI＋SDUSMTP，Simple Mail Transfer Protocol简单邮件传输协议，C/S模型，使用TCP，端口号25 SNMP，Simple Network Management Protocol简单网络管理协议，使用UDPSR协议，Selective Repeat选择重传协议STDM，Statistic Time-Division Multiplexing统计时分多路复用SVC，Switched Virtual Circuit交换性虚电路（临时的）SYN TCP报文段中同步位SYN=1表示这是一个连接请求或连接接收报文TCP，Transmission Control Protocol 传输控制协议一种面向连接的、可靠的、基于字节流的传输层通信协议TDM，Time-Division Multiplexing时分多路复用TFTP，Trivial File Transfer Protocol小文件传送协议，使用UDPTraceroute（Windows中是Tracert）定位源和目标计算机间的所有路由器网络层，使用ICMP时间超过报文TSAP，Transport Service Access Point传输层服务访问点，是端口TTL，Time To Live生存时间，数据报在网络中可通过的路由器数的最大值UDP，User Datagram Protocol用户数据报协议，一个无连接的、非可靠的传输层协议URG TCP报文段中紧急位URG=1时，表明此报文段中有紧急数据，应尽快传送URL，Uniform Resource Locator统一资源定位符，负责标识万维网上的各种文档VLAN，Virtual Local Area Network虚拟局域网，802.3ac标准WDM，Wavelength Division Multiplexing波分多路复用WLAN，Wireless Local Area Networks无线局城网，采用IEEE 802.11标准WWW，World Wide Web万维网，C/S模型，端口号80。