The switch works at the second layer of the OSI model (data link layer)
Function: The original network can be divided into multiple segments, which can expand the transmission distance of the network and support more network nodes. Dividing network segments effectively isolate broadcasts and reduce conflicts.
Each port of the switch is in an independent conflict domain, and all ports are in the same broadcast domain
Functions of the switch
Address learning: At the beginning, the MAC table of the switch was empty. It learns the source address to get the MAC address of the device connected to each connection port. When it receives a frame, it learns the source MAC address of the frame, saves it to the MAC table, and then looks at the MAC table. If there is no destination MAC in the MAC table, it floods (floods means sending this frame to each port), and if there is, it sends to the corresponding port.
Forwarding filtering: When a frame is received, it will check the MAC address table and decide to forward the frame to which port.
Eliminate loops: When there are redundant loops in the network, the spanning tree is used to prevent the transmission of the same frame in the redundant path.
There are three options when entering the switch
Type M to enter menu mode
Type K to enter command line mode
Type I to enter IP configuration mode
What we want to enter is the command line.
Its switches on IOS: there are three modes: ">" user mode, "#" privileged mode, and "(CONFIG)#" global mode.
Enter enable in user mode to enter privileged mode, and enter disable in privileged mode to return to user mode.
Enter configure terminal in privileged mode to enter global mode. Enter DISABLE in Privileged Mode Return to Privileged Mode
show version Check the system hardware configuration, software version number, etc.
Show running-config View the currently running configuration information
show interfaces Ethernet 0/1 View the information of E0/1 port
show ip View the switch's IP address
Set the switch name: hostname [switch name] For example: hostname switch1
Set the IP address of the switch: ip address [ip address ] [netmask] For example, ip address 172.16.0.1 255.255.0.0
Set the default gateway of the switch: ip default-gateway [ip address] For example: ip default-gatway 172.16.0.1
Set password enable password level [1-15] [passwork]
1-15 indicates the level, 1 indicates the password when logging in, and 15 indicates the password to enter global mode.
For example: Set the password for login to 123456, and the password for entering the global is 1234567
enable password level 1 123456
enable password level 15 1234567
Cracking the switch password: When starting the switch, press and hold the MODE key long.
Show interface View configuration information for all ports
Show interface e0/1 View the configuration information of the e0/1 port.
Set port full duplex/half duplex
interface e0/1 Enter the e0/1 port
duplex [auto (auto), full (full), half (half)] Set the port to be full/half/half duplex
Spanning Tree
When there are loops in the network, it will occur: broadcast storm, multiple frame replication (the same frame is received multiple times), and the MAC address is unstable. Spanning trees can be used to eliminate loops.
Spanning tree protocol: STP (spanning tree protocol) aims to maintain a loopless network. If a device finds a loop in the topology, it will plug one or more redundant ports.
How spanning tree works: three rules
1: First, select a root bridge, and each network can only have one root bridge. Each port on the root bridge is a specified port. The method of selecting the root bridge is to compare the priority of the switch. If the priority is the same, compare the MAC address of the switch. If the MAC address is small, make the root bridge.
Change the priority command of the switch: spantree-template [1-4] priority [0-65535]
1-4 represents the mode board, 0-65535 represents priority.
2: Select the root port. Each loop has only one root port. The root port is on a non-root bridge. The root port has the lowest cost (cost value) of the path to the pole bridge. The method of selecting the root port: Compare the port with the lowest cost (cost value) for the root bridge. If the path cost (cost value) is the same, compare the MAC address of the port, and the MAC with a smaller MAC is the root port.
Change COST value command: enter the port first, spantree cost [1---65335]
1--65535 represents the COST value.
Three: The ports on the root bridge are all specified ports.
The non-specified port is blocked.
Switches that span the tree regularly exchange information with other switches through packets of the Bridge Protocol Data Unit (BPDU). The port status of the spanning tree: blocking-listening-learning-forwarding
Switch frame forwarding methods: There are three types
Direct connection forwarding: forward the frame as soon as it receives the destination address of the frame
Store and forward: wait until the entire frame is received and then perform CRC verification. If it is correct, forward the frame, otherwise it will be discarded.
Hybrid forwarding: Reposting only after receiving the first 64 bytes of a frame, since conflicts in the network usually occur in the first 64 bits of each frame
The forwarding command to change the frame is: switching-mode
Check the forwarding method of the current frame: show port system
Manage MAC address tables
View MAC address table show mac-address-table
Set permanent MAC address:mac-address-table permanent [mac address] [port number]
Set a restricted static MAC address: mac-address-table restricted static [MAC address] [port 1] [port 2]
Note: To access port 1, you can only enter from port 2.
Configure port security: port secure max-mac-count [1-132]
1-132 means that several MAC addresses can be learned. Note: Set the number of MAC addresses that can be learned on the port.
Port secure pushes port security alive.
Manage configuration files
Upload the configuration file to the TFTP server
copy nvram tftp://IP address/file name.cfg Note: The suffix name of the configuration file is cfg
Download the configuration file from TFTP
copy tftp://IP address/file name.cfg nvram
VLAN
Vlan (virtual local area network) is a virtual local area network that is a kind of broadcast domains logically rather than physically divided devices within the local area network into broadcast domains.
VLAN is a protocol proposed to solve the broadcasting problems and security of Ethernet. It adds VLAN ID on the basis of Ethernet frames, and divides users into smaller working groups using VLAN ID, restricting layer 2 mutual access of VALN users. Each VLAN is a virtual LAN.
VLAN work
Restrict broadcast data and limit flooding. Each port can only belong to one VLAN. In order to make the VLAN name pass through multiple switches, two switches need to be connected by a trunk. The trunk can transmit data for multiple VLANs.
VLANs are pitifully spanning multiple switches, and the main road can carry multiple VLANs.
VLAN division
VLANs are divided based on ports:
Dividing VLANs based on MAC address
VLAN division based on network layer
VLAN division based on IP multicast
VLAN link layer encapsulation: proprietary to ISL (inter switch link) CISCO. There is also the IEEE802.1Q protocol packaging protocol.
ISL Encapsulation Protocol: CISCO's proprietary protocol is used to maintain VLAN information when connecting multiple switch data through each switch. ISL has nothing to do with the client. ISL works in a "point-to-point" environment. The ISL frame marking method is a low-key mechanism. It is used to switch data between multiple VLANs on a single physical path.
Encapsulation structure of ISL frames: |DA|SA|Frame type/Length|Raw data|New CRC|
DA and SA are encapsulated by the destination and original address ISL without any modification to the data, but a new 26 byte header and 4 byte CRC check tail is added.
IEEE802.1Q Encapsulation Protocol: It is a virtual bridge LAN standard, which refers to the ability to carry more than one subnet data stream through a line view.
The encapsulation structure of IEEE802.1Q frame: |inltal mac address|2-byte TPID,2-byteTCI|inltlal type/date|newCRC|
4 bytes are added to the Ethernet frame standard using 802.1Q frame, and the 2-byte marking protocol identifier (TPID) contains a fixed value of 0X8100. This special TPID value indicates that the frame has 802.1Q marking information. 2 byte control information: 3bit user priority, 1Bit canonical format indicator (CFI), 12Bit VLAN identifier (VID)
VTP
VTP protocol: VTP maintains consistency of VLAN configuration across the entire network
VTP advantages: Consistency of VLAN configuration across the network, accurate tracking and supervision of VLANs, dynamic reporting of added VLANs in the network, plug-and-play configuration when adding new VLANs. Through VTP, each switch will pass the following content to other switches, management domain, configuration, version number, known VLAN and their specific parameters
VTP working mode: There are three modes: server, client, and transparent mode
Server mode: You can create and delete VLANs, store the VLAN configuration in NVROM, and the VLAN configuration will be transmitted to other switches through the trunk.
Client mode: Cannot create modification and delete VLANs, and do not store configurations in NVROM. Client mode is in the synchronous service mode.
Transparent mode: You can create modifications and delete VLANs, but their VLAN information will not be propagated to other switches and is only valid on the local machine.
VTP Pruning: Use VLAN Advertisements to determine when a trunk connection is unused to spread data.
VTP announcements are announced every 5 minutes. The VTP information announced is: VLANID (ISL), VLAN name, IEEE802.1Q
OSAID value (FDDI) The largest transmission unit (MTU) size in VLAN, frame format.
VLAN configuration step help
First define the VTP mode, VTP [server,clinent,transparent]
Then define the ID of the VLAN: VLAN [1—1001]
Define VLAN members again
The following are the configurations of multiple switch VLANs
switch1 (configuration of switch 1)
(1) vtp server (Define VTP as service mode)
(2) vtp domain vtpname1 (Define VTP name VTPNAME1)
Note: To enable the customer mode to learn VTP information, the VTP name must be defined.
(3) VLAN 2 (Define VLAN ID)
VLAN 3
(4) Starting from the Trunk at the entrance of the fast Ethernet (Trunk)
interface f 0/26
trunk on
(5) Define VLAN members
interfac e0/1
vlan-membership static 2 (Define E0/1 is a member of VLAN2, and STATIC is static, which means it is divided into ports)
switch2 (configuration of switch 2)
(1) vtp client (defined as customer model)
(2) Only by starting from the fast Ethernet port (Trunk) can you learn VLAN information from the server
interface f 0/26
trunk on
(3) Define VLAN members after learning VLAN
interface e0/2
vlan-membership static 2
You can use the show vtp command to view the VTP mode and information.
show vlan (the command is used to view the number of VLANs and VLAN members)
Article entry: csh Editor in charge: csh