Cisco switch settings Note: record the Frame Forwarding method and VLAN configuration

Cisco switch settings Note: record the Frame Forwarding method and VLAN configuration. It mainly records the switch function, three selection methods when entering the switch, and the working principle of the Spanning Tree, the forwarding method of vswitch frames and VLAN division.

Purpose: divide the original network into multiple segments, which can expand the network transmission distance and support more network nodes. Divide network segments to effectively isolate broadcasts and reduce conflicts. Each port of the vswitch is an independent conflict domain, and all ports are in the same broadcast domain.

Cisco switch settings Note: Switch Functions

Address Learning: The mac table of the first vswitch is empty. It learns the source address to obtain the MAC address of the device connected to each connection port. When it receives a frame, it learns the source MAC address of the frame, saves it to the MAC table, and then views the MAC table.

If there is no target MAC in the MAC table, it will send this frame to each port.) If there is a target MAC, it will be sent to the corresponding port. Forwarding Filtering: When a frame is received, the MAC address table is viewed and the frame is forwarded to that port. Eliminate loops: When redundant loops exist in the network, the Spanning Tree is used to prevent the same frame from being transmitted in the redundant path.

Cisco switch settings Note: There are three options for entering the switch:
◆ Enter M to enter the menu Mode
◆ Enter K to enter the command line mode
◆ Enter I to enter IP configuration mode
◆ We want to enter the command line.

Switch in IOS: There are three modes: ">" user mode, "#" privileged mode, and "CONFIG) #" global mode. Enter enable in user mode to enter privileged mode, and enter disable in privileged mode to return to user mode. In privileged mode, enter configure terminal to enter global mode. Enter DISABLE in privileged mode and return to privileged mode.
◆ Show version: displays the system hardware configurations and software version numbers.
◆ Show running-config
◆ Show interfaces Ethernet 0/1 view E0/1 port information
◆ Show ip: view the ip address of the vswitch
◆ Set the vswitch name: hostname

Cisco switch settings Note: [Switch name]

For example: hostname switch1, set the ip address of the vswitch: ip address [ip address], [netmask], for example, ip address 172.16.0.1 255.255.0.0, and set the default gateway of the vswitch: ip default-gatway [ip address] For example: ip default-gatway 172.16.0.1 set the password enable password level [1-15] [passwork] 1-15 to indicate the level, 1 indicates the logon password and 15 indicates the global password.

For example, set the logon password to 123456, the global password to 1234567, enable password level 1 123456, and enable password level 15 1234567. Crack the switch password: press the MODE key when starting the switch.

Show interface to view the configuration information of all ports, Show interface e0/1 to view the configuration information of port e0/1. Set full/half duplex ports, interface e0/1 to enter port e0/1, duplex [auto), full duplex), half duplex) set port to full/half duplex.

Cisco switch settings Note: Spanning Tree

When there is a loop in the Network: a broadcast storm occurs, multiple frame copies receive the same frame multiple times), the MAC address is unstable. You can use the Spanning Tree to eliminate loops. Spanning tree protocol: STPspanning tree protocol) is used to maintain a Non-loop network. If a device finds a loop in the topology, it will plug in one or more redundant ports.

How Spanning Tree works: Three Rules

◆ Select a root bridge, and each network can have only one root bridge. Each port on the root bridge is a specified port. The root bridge selection method first compares the priority of the switch with priority ), if the priorities are the same, compare the MAC address of the vswitch and the MAC address is smaller, and change the priority of the vswitch. command: spantree-template [1-4] priority [0-65535] 1-4 indicates the mode board, and 0-65535 indicates the priority.

◆ Select the root port. Each loop has only one root port. The root port is on a non-root bridge and the root port is the cost value at the lowest cost for reaching the pole bridge path ), root port selection method: Compare the root port with the one with the lowest cost for the root bridge. If the cost value for the path is the same, compare the MAC address of the port, make the root port small MAC. Run the "change COST value" command: first enter the port. spantree cost [1---65335] 1--65535 indicates the COST value.

◆ Specifies a port. All ports on the root bridge are specified. What are unspecified ports? The data packets of the Spanning Tree switch and other switches are periodically exchanged through the Network Bridge Protocol Data Unit BPDU. The port status of the Spanning Tree: blocking) -- listening for listening -- learning) -- forwarding)

There are three forwarding methods for vswitch frames:
◆ Direct connection forwarding: the frame is forwarded as soon as the destination address of the received frame.
◆ Storage and forwarding: After the entire frame is received, CRC verification is performed. If yes, the frame is forwarded; otherwise, the frame is discarded.
◆ Hybrid forwarding: it is forwarded only after the first 64 bytes of the received frame, because the network conflict usually occurs in the first 64 bytes of each frame.

Run the switching-mode command to change the frame forwarding mode: show port system, manage the MAC address table, and view the MAC address table show mac-address-table, set the permanent MAC address: mac-addess-table permanent [mac address] [port number].

Set a restricted static MAC address: mac-address-table restricted static [MAC address] [Port 1] [Port 2]. Note: To Access Port 1, you can only access port 2. Configure port security: port secure max-mac-count [1-132]. 1-132 indicates that you can learn several MAC addresses. Note: set the number of MAC addresses that can be learned from the port.

Port secure performs Port security attacks. Manage the configuration file and upload the configuration file to the TFTP server. copy nvram tftp: // ip address/file name. cfg. Note: The configuration file suffix is cfg. You can download the copy TFTP: // ip address/file name from tftp. cfg nvram.

Cisco switch settings Note: VLAN

Vlan virtual local area network (Vlan) is a way of logically dividing devices in a LAN into broadcast domains rather than physically. VLAN is a protocol proposed to solve Ethernet broadcast problems and security. It adds VLAN IDs Based on Ethernet frames and divides users into smaller working groups using VLAN IDs, restrict access between users of VALN Layer 2. Each VLAN is a virtual LAN.

Cisco switch settings Note: VLAN operations

Cisco switch settings Note: Limits broadcast data and floods. Each port can belong to only one VLAN. To enable VLAN name to traverse multiple switches, a trunk line trunk is required) connect the two vswitches to transmit data to multiple VLANs. A VLAN spans multiple switches, and the trunk channel can carry multiple VLANs.

Cisco switch settings Note: VLAN Division
◆ VLAN division based on ports:
◆ VLAN Based on MAC address
◆ VLAN Based on Network Layer
◆ VLAN Based on IP Multicast

VLAN link layer encapsulation: ISLinter switch link) CISCO proprietary. There is also the 802.1Q protocol encapsulation protocol. ISL Encapsulation Protocol: CISCO proprietary protocol is used to maintain VLAN information when connecting data of multiple switches to different switches. ISL has nothing to do with the client. ISL works in a "point-to-point" environment. The ISL frame tag method is a low latency mechanism, it is used to switch data between multiple VLANs on a single physical path,

Encapsulation structure of ISL frames: | DA | SA | frame type/length | raw data | new CRC | DA and SA are the destination and original address ISL encapsulated, and no data is modified, instead, a new 26-byte header and a 4-byte CRC Check tail are added.

The 802.1Q encapsulation protocol is a virtual bridging LAN standard. It refers to the ability to carry more than one subnet data stream over a line view. The encapsulation structure of the Q frame is as follows: | inltal mac address | 2-byte TPID, 2-byteTCI | inltlal type/date | newCRC |.

Four bytes are added to an Ethernet frame using the 802.1Q frame Standard, and two bytes mark the Protocol identifier TPID) contains the fixed value of 0X8100, this special TPID value indicates that the frame carries 802.1Q tag information. Two bytes of control information: 3bit user priority, 1Bit Standard Format Indicator CFI), 12Bit VLAN identifier VID)

Cisco switch settings Note: VTP

VTP Protocol: VTP maintains VLAN configuration consistency throughout the network. Advantages of VTP: the entire network VLAN configuration is consistent, accurate VLAN tracking and monitoring, dynamic reporting of the added VLAN in the network, plug-and-play configuration when a new VLAN is added. Each vswitch uses VTP to connect the following content to other vswitches, manage domains, configurations, version numbers, known VLANs, and their specific parameters.

VTP working mode: three modes are available: server, client, transparent mode, and server mode. You can create, modify, delete, and store VLAN configurations in NVROM, VLAN configurations are transmitted to other switches through the Trunk channel Trunk. In client mode (clinent), you cannot create, modify, or delete VLANs. configurations are not stored in NVROM. In customer mode, the service is synchronized.

Transparent mode (transparent): You can create, modify, and delete VLANs. However, these VLAN information is not transmitted to other switches, and only valid vtp pruning is performed on the local host: use VLAN announcements to determine when a dry-track connection spreads data without land. VTP is advertised once every 5 minutes. The advertised VTP information includes: the maximum transmission unit MTU in the VLAN of VLANID (ISL), VLAN name, 802.1Q, and ENI id value FDDI), and the frame format.

Cisco switch settings Note: Step-by-Step VLAN configuration

First, define the VTP mode, VTP [server, clinent, transparent], then define the vlan id: VLAN [1-1001], and then define VLAN members, the following is the configuration of multiple switch VLANs, the configuration of switch1 switch 1 ).
Vtp server defines VTP as the service mode)
Vtp domain vtpname1