document/ccna60d
2
0
Fork 0
mirror of https://github.com/gnu4cn/ccna60d.git synced 2024-05-21 04:55:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Peng Hailin 2016-09-08 09:29:51 +08:00
parent bc64a52753
commit 5522428a81
12 changed files with 280 additions and 280 deletions

32
d09-ACL.md
View File

@ -381,7 +381,7 @@ access-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq telnet
在配置命名ACLs时的另一不同之处就是必须一直使用命令`ip access-list`这与编号ACLs可以只使用简单的`access-list`命令,是不一样的。
<pre>
```
Router(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
@ -400,12 +400,12 @@ Router(config)#ip access-list ?
standard Standard access list
R1(config)#ip access-list standard ?
<1-99> Standard IP access-list number<1300-1999> Standard IP access-list number (expanded range)
<b>WORD Access-list name</b>
WORD Access-list name
R1(config)#ip access-list extended ?
<100-199> Extended IP access-list number
<2000-2699> Extended IP access-list number (expanded range)
<b>WORD Access-list name</b>
</pre>
WORD Access-list name
```
命名ACLs在语法上与其它类型的ACLs也就是标准和扩展的编号ACLs有着轻微的不同。同时也**可以编辑活动的命名ACLs**, 这是一个有用的特性。只需简单地告诉路由器要配置一条命名ACL 而不管它是标准的还是扩展的。在较新的IOS版本上也可以编辑编号ACLs所以请检查所用的平台。
@ -572,12 +572,12 @@ Router(config-std-nacl)#
默认情况下通过那些为某个接口的数据包所匹配上的ACL条目会创建出一个不断增大的计数器该计数器可使用`show ip access-list`命令进行查看,如下面的例子所示。
<pre>
```
Router#show ip access-lists
Extended IP access list test
10 deny tcp any any eq 80 <b>(10 matches)</b>
20 permit ip any any <b>(56 matches)</b>
</pre>
10 deny tcp any any eq 80 (10 matches)
20 permit ip any any (56 matches)
```
而如果需要更详细的有关那些为ACL条目所匹配的流量信息可以给相关的ACL条目配置`log`或`log-input`参数。
@ -663,12 +663,12 @@ access-class VTY_ACCESS in
可使用命令`show ip access-list` 或 `show access-list`命令, 查看ACL全局统计信息这两个命令又可以仅查看某个特定编号ACL或命名ACL的全局统计信息。
<pre>
```
Router#show ip access-lists
Extended IP access list test
10 deny tcp any any eq 80 <b>(10 matches)</b>
20 permit ip any any <b>(56 matches)</b>
</pre>
10 deny tcp any any eq 80 (10 matches)
20 permit ip any any (56 matches)
```
在将某同一ACL重用到不同接口上时这种方式并不会提供到十分特定的信息因为它给出的是整体统计信息。
@ -825,16 +825,16 @@ RouterA#
3. 现在从路由器B上做一个Telnet测试。首先往路由器A的串行接口上Telnet将会被阻止。接着测试环回接口。
<pre>
```
RouterB#telnet 10.0.0.1
Trying 10.0.0.1 ...
% Connection timed out; remote host not responding
RouterB#telnet 172.20.1.1
Trying 172.20.1.1 ...Open
User Access Verification <b>←password wont show when you type it</b>
User Access Verification ←password wont show when you type it
Password:
RouterA> <b>←Hit Control+Shift+6 together and then let go and press the X key to quit.</b>
</pre>
RouterA> ←Hit Control+Shift+6 together and then let go and press the X key to quit.
```
>**注意:**我们会在其它实验中涉及ACLs但你真的需要完全地掌握这些内容。为此要尝试其它的TCP端口比如80、25等等。另外要试试那些UDP端口比如53。如没有将一台PC接上路由器则是无法对这些其它端口进行测试的。

26
d10-Routing-Concepts.md
View File

@ -170,7 +170,7 @@ ICND1考试要求你对**基本路由**basic routing及**数据包流经
默认路由来源管理距离会显示在`show ip protocols`命令的输出中。下面的输出演示了这点。
<pre>
```
R1#show ip protocols
Routing Protocol is “isis”
Invalid after 0 seconds, hold down 0, flushed after 0
@ -184,9 +184,9 @@ Routing Protocol is “isis”
Serial0/0
Routing Information Sources:
Gateway Distance Last Update
10.0.0.2 <b>115</b> 00:06:53
10.0.0.2 115 00:06:53
Distance: (default is 115 )
</pre>
```
###路由度量值
@ -332,21 +332,21 @@ Routing entry for 80.1.1.0/24
有类协议无法使用VLSM也就是RIPv1和IGRP它们都已不在CCNA大纲中了。这是因为它们不会去识别除了默认网络掩码外的其它任何东西。
<pre>
```
Router#debug ip rip
RIP protocol debugging is on
01:26:59: RIP: sending v1 update to 255.255.255.255 via Loopback0
<b>192.168.1.1</b>
</pre>
192.168.1.1
```
有类协议用到VLSM也就是RIPv2和EIGRP
<pre>
```
Router#debug ip rip
RIP protocol debugging is on
01:29:15: RIP: received v2 update from 172.16.1.2 on Serial0
01:29:15:<b>192.168.2.0/24</b> via 0.0.0.0
</pre>
01:29:15:192.168.2.0/24 via 0.0.0.0
```
##被动接口
@ -733,21 +733,21 @@ metric for determining the best forwarding path. True or false?
- 在两台路由器上都配置一个环回接口并从两个不同范围为其分配上地址11.11.11.1/32及12.12.12.2/32
- 配置标准RIP并通告所有本地网络
<pre>
<b>R1:</b>
```
R1:
router rip
version 2
no auto
network 10.10.10.0
network 11.11.11.0
<b>R2:</b>
R2:
router rip
version 2
no auto
network 10.10.10.0
network 12.12.12.0
</pre>
```
- 自R1向R2的环回接口进行`ping`操作,以测试连通性
- 执行一条`show ip route`命令来检查经由RIP收到了那些路由

14
d11-Static-Routing.md
View File

@ -154,7 +154,7 @@ Code: * - installed in RIB
2. 通过串行链路进行ping操作以确保该链路是工作的。
3. 在Router A上指定一条静态路由将到10.1.1.0/10网络的所有流量从串行接口发送出去。当然要使用你自己的串行端口编号不要只是拷贝我的配置你的接口有不同编号
<pre>
```
RouterA(config)#ip route 10.0.0.0 255.192.0.0 Serial0/1/0
RouterA(config)#exit
RouterA#ping 10.1.1.1
@ -173,7 +173,7 @@ Codes: C - Connected, S - Static, I - IGRP, R - RIP, M - Mobile, B - BGP
P - Periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/10 is subnetted, 1 subnets
S <b>10.0.0.0</b> is directly connected, Serial0/1/0
S 10.0.0.0 is directly connected, Serial0/1/0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Loopback0
192.168.1.0/30 is subnetted, 1 subnets
@ -183,14 +183,14 @@ RouterA#show ip route 10.1.1.1
Routing entry for 10.0.0.0/10
Known via “static”, distance 1, metric 0 (connected)
Routing Descriptor Blocks:
<b>* directly connected, via Serial0/1/0</b>
* directly connected, via Serial0/1/0
Route metric is 0, traffic share count is 1
RouterA#
</pre>
```
4. 在Router B上配置一条静态路由将到172.16.1.0/24网络的所有流量发到下一跳地址192.168.1.1。
<pre>
```
RouterB(config)#ip route 172.16.1.0 255.255.255.0 192.168.1.1
RouterB(config)#exit
RouterB#ping 172.16.1.1
@ -201,7 +201,7 @@ RouterB#show ip route 172.16.1.1
Routing entry for 172.16.1.0/24
Known via “static”, distance 1, metric 0
Routing Descriptor Blocks:
<b>* 192.168.1.1</b>
* 192.168.1.1
Route metric is 0, traffic share count is 1
RouterB#
</pre>
```

90
d12-OSPF-Basics.md
View File

@ -119,15 +119,15 @@ OSPF对不同传输介质采用不同默认组网类型有下面这些组
在思科IOS软件中非广播类型网络上开启OSPF的路由器默认每30秒发出Hello数据包。若4个Hello间隔也就是120秒中都没有收到Hello数据包那么该邻居路由器就被认为”死了“。下面的输出演示了在一个帧中继串行接口上`show ip ospf interface`命令的输出。
<pre>
```
R2#show ip ospf interface Serial0/0
Serial0/0 is up, line protocol is up
Internet Address 150.1.1.2/24, Area 0
Process ID 2, Router ID 2.2.2.2, <b>Network Type NON_BROADCAST,</b> Cost: 64
Transmit Delay is 1 sec, <b>State DR</b>, Priority 1
<b>Designated Router (ID) 2.2.2.2, Interface address 150.1.1.2
Process ID 2, Router ID 2.2.2.2, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 2.2.2.2, Interface address 150.1.1.2
Backup Designated Router (ID) 1.1.1.1, Interface address 150.1.1.1
Timer intervals configured, Hello 30, Dead 120,</b> Wait 120, Retransmit 5
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:00
Supports Link-local Signaling (LLS)
@ -135,20 +135,20 @@ Serial0/0 is up, line protocol is up
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
<b>Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1 (Backup Designated Router)</b>
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1 (Backup Designated Router)
Suppress Hello for 0 neighbor(s)
</pre>
```
一条点对点连接a Point-to-Point(P2P) connection, 就是一条简单的两个端结点之间的连接。P2P连接的实例包括采用HDLC及PPP封装的物理WAN接口以及FR和ATM的点对点子接口。在OSPF点对点组网类型中不会选举DR和BDR。在P2P类型网络上OSPF每10秒发出Hello数据包。在这些网络上”死亡“间隔是Hello间隔的4倍也就是40秒。下面的输出演示了在一条P2P链路上的`show ip ospf interface`命令的输出。
<pre>
```
R2#show ip ospf interface Serial0/0
Serial0/0 is up, line protocol is up
Internet Address 150.1.1.2/24, Area 0
Process ID 2, Router ID 2.2.2.2, <b>Network Type POINT_TO_POINT,</b> Cost: 64
Transmit Delay is 1 sec, <b>State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40,</b> Retransmit 5
Process ID 2, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:03
Supports Link-local Signaling (LLS)
@ -156,22 +156,22 @@ Serial0/0 is up, line protocol is up
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
<b>Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1</b>
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1
Suppress Hello for 0 neighbor(s)
</pre>
```
广播类型网络是指那些原生支持广播和多播流量的网络最常见例子就是以太网了。就如同在非广播网络中一样OSPF也会在广播网络上选举一台DR及/或BDR。默认情况下OSPF每隔10秒发出Hello数据包而如在4倍Hello间隔中没有收到Hello数据包就宣告邻居”死亡“。下面的输出演示了在一个FastEthernet接口上show ip ospf interface命令的输出。
<pre>
```
R2#show ip ospf interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 192.168.1.2/24, Area 0
Process ID 2, Router ID 2.2.2.2, <b>Network Type BROADCAST</b>, Cost: 64
Transmit Delay is 1 sec, <b>State BDR</b>, Priority 1
<b>Designated Router (ID) 192.168.1.3, Interface address 192.168.1.3
Process ID 2, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 64
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 192.168.1.3, Interface address 192.168.1.3
Backup Designated Router (ID) 2.2.2.2, Interface address 192.168.1.2
Timer intervals configured, Hello 10, Dead 40, Wait 40,</b> Retransmit 5
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:04
Supports Link-local Signaling (LLS)
@ -179,10 +179,10 @@ FastEthernet0/0 is up, line protocol is up
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
<b>Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.1.3 (Designated Router)</b>
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.1.3 (Designated Router)
Suppress Hello for 0 neighbor(s)
</pre>
```
点对多点是一种非默认OSPF组网a non-default OSPF network type。也就是说此种组网类型必须使用接口配置命令`ip ospf network point-to-point-multicast [non-broadcast]`手动进行配置。默认情况下该命令默认应用于一个广播型点对多点类型网络this command defaults to a Broadcast Point-to-Point Multipoint network type。该默认组网类型允许OSPF采用多播数据包来动态地发现其邻居路由器。此外在多播型点对多点网络类型上不进行DR/BDR选举。
@ -192,13 +192,13 @@ FastEthernet0/0 is up, line protocol is up
下面的输出演示了在一个经手动配置为点对多点网络的帧中继串行接口上的`show ip ospf interface`命令的输出。
<pre>
```
R2#show ip ospf interface Serial0/0
Serial0/0 is up, line protocol is up
Internet Address 150.1.1.2/24, Area 0
Process ID 2, Router ID 2.2.2.2, <b>Network Type POINT_TO_MULTIPOINT</b>, Cost: 64
Transmit Delay is 1 sec, <b>State POINT_TO_MULTIPOINT</b>
<b>Timer intervals configured, Hello 30, Dead 120,</b> Wait 120, Retransmit 5
Process ID 2, Router ID 2.2.2.2, Network Type POINT_TO_MULTIPOINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:04
Supports Link-local Signaling (LLS)
@ -206,10 +206,10 @@ Serial0/0 is up, line protocol is up
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
<b>Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1</b>
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1
Suppress Hello for 0 neighbor(s)
</pre>
```
OSPF要求链路上两台路由器组网类型一致一致的意思是两台路由器要么都进行选举要么都不进行选举的主要原因在于计时器的数值。就像上面各个输出中演示的那样不同组网类型采用了不同Hello数据包发送及死亡计时器间隔。为成功建立一个OSPF邻接关系在两台路由器上这些数值必须匹配。
@ -223,18 +223,18 @@ R2(config-if)#exit
通过在上面的R2上将Hello数据包间隔设置为1, 思科IOS软件就会自动的将默认死亡计时器调整为Hello间隔的4倍就是4秒。下面的输出对此进行了演示。
<pre>
```
R2#show ip ospf interface Serial0/0
Serial0/0 is up, line protocol is up
Internet Address 10.0.2.4/24, Area 2
Process ID 4, Router ID 4.4.4.4, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
<b>Timer intervals configured, Hello 1, Dead 4,</b> Wait 4, Retransmit 5
Timer intervals configured, Hello 1, Dead 4, Wait 4, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:00
...
[Truncated Output]
</pre>
```
##配置OSPF
@ -274,12 +274,12 @@ R3(config-router)#exit
基于此配置思科IOS软件分配给该进程一个默认`0.0.0.0`的路由器ID如下面`show ip protocols`命令的输出所示。
<pre>
```
R3#show ip protocols
Routing Protocol is “ospf 1”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
<b>Router ID 0.0.0.0</b>
Router ID 0.0.0.0
Number of areas in this router is 0. 0 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
@ -288,7 +288,7 @@ Reference bandwidth unit is 100 mbps
Gateway Distance Last Update
Distance: (default is 110)
```
</pre>
```
但是,命令`show ip ospf [process id]`揭示出该进程实际上并不是活动的且表明需要配置一个路由器ID 其输出如下面所示。
@ -367,7 +367,7 @@ Lo3 1 3 10.1.1.1/32 1 LOOP 0/0
在下面的路由器上给Loopback0配置了IP地址1.1.1.1/32, 给F0/0配置了2.2.2.2/24。接着在路由器上给所有接口配置了OSPF。
<pre>
```
Router(config-if)#router ospf 1
Router(config-router)#net 0.0.0.0 255.255.255.255 area 0
Router(config-router)#end
@ -377,7 +377,7 @@ Router#show ip protocols
Routing Protocol is “ospf 1”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
<b>Router ID 1.1.1.1</b>
Router ID 1.1.1.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
@ -386,12 +386,12 @@ Routing Protocol is “ospf 1”
Gateway Distance Last Update
1.1.1.1 110 00:00:14
Distance: (default is 110)
</pre>
```
但又想要将路由器ID硬编码hard code为`10.10.10.1`。那么可通过再配置一个使用该IP地址的环回接口或简单地将这个IP地址加在OSPF路由器ID处。**为令到改变生效必须重启路由器或在路由器上清除该IP OSPF进程**(清除现有数据库)。
<pre>
```
Router#conf t
Enter configuration commands, one per line.
End with CNTL/Z.
@ -407,7 +407,7 @@ Router#show ip prot
Routing Protocol is “ospf 1”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
<b>Router ID 10.10.10.1</b>
Router ID 10.10.10.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
@ -416,7 +416,7 @@ Routing Protocol is “ospf 1”
Gateway Distance Last Update
1.1.1.1 110 00:03:15
Distance: (default is 110)
</pre>
```
到第39天**DR和BDR选举时就将看到这个路由器ID有着特别的重要性**。
@ -428,7 +428,7 @@ Distance: (default is 110)
被动接口配置在OSPF和EIGRP中的工作方式是一样的也就是一旦某接口被标记为被动接口经由该接口形成的所有邻居关系都会被拆除同时再也不会通过该接口发送或接收Hello数据包了。不过根据路由器上所配置的网络配置语句该接口仍然会继续受通告。
<pre>
```
Router(config)#router ospf 10
Router(config-router)#passive-interface f0/0
Router#show ip ospf int f0/0
@ -439,8 +439,8 @@ FastEthernet0/0 is up, line protocol is up
No designated router on this network
No backup designated router on this network
Timer intervals configured,Hello 10, Dead 40, Wait 40,Retransmit 5
<b>No Hellos (Passive interface)</b>
</pre>
No Hellos (Passive interface)
```
##第12天问题

26
d13-OSPFv3.md
View File

@ -130,22 +130,22 @@ Neighbor ID Pri State Dead Time Interface ID Interface
通过将`[detail]`关键字追加到本命令的后面,还可以查看详细的邻居信息。
<pre>
```
R1#show ipv6 ospf neighbor detail
Neighbor 3.3.3.3
In the area 0 via interface FastEthernet0/0
<b>Neighbor: interface-id 4, link-local address FE80::213:19FF:FE86:A20</b>
Neighbor: interface-id 4, link-local address FE80::213:19FF:FE86:A20
Neighbor priority is 1, State is FULL, 6 state changes
DR is 1.1.1.1 BDR is 3.3.3.3
<b>Options is 0x000013 in Hello (V6-Bit E-Bit R-bit )</b>
<b>Options is 0x000013 in DBD (V6-Bit E-Bit R-bit )</b>
Options is 0x000013 in Hello (V6-Bit E-Bit R-bit )
Options is 0x000013 in DBD (V6-Bit E-Bit R-bit )
Dead timer due in 00:00:39
Neighbor is up for 00:06:40
Index 1/1/1, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
</pre>
```
在上面的输出中注意真实的邻居地址是本地链路地址而不是所配置的全球IPv6单播地址。
@ -184,25 +184,25 @@ Neighbor 3.3.3.3
**R1:**
<pre>
```
ipv6 router ospf 1
router-id 1.1.1.1
int fa0/0<b>(或特定接口编号)</b>
int fa0/0(或特定接口编号)
ipv6 ospf 1 area 0
int lo0<b>(或特定接口编号)</b>
int lo0(或特定接口编号)
ipv6 ospf 1 area 0
</pre>
```
**R2:**
<pre>
```
ipv6 router ospf 1
router-id 2.2.2.2
int fa0/0<b>(或特定接口编号)</b>
int fa0/0(或特定接口编号)
ipv6 ospf 1 area 0
int lo0<b>(或特定接口编号)</b>
int lo0(或特定接口编号)
ipv6 ospf 1 area 0
</pre>
```
- 自R1向R2的IPv6环回接口发出`ping`操作,以测试连通性
- 执行一个`show ipv6 route`命令来验证有通过OSPFv3接收到路由

6
d14-DHCP-and-DNS.md
View File

@ -404,15 +404,15 @@ Router#pinging 192.168.1.2
3. 配置DHCP地址池。接着为地址配置一个3天3小时5分的租期。最后将1到10的地址排除在分配给主机的地址之外。假设这些地址已为其它服务器或接口使用。
<pre>
```
Router#conf t
Router(config)#ip dhcp pool 60days
Router(dhcp-config)#network 172.16.0.0 255.255.0.0
Router1(dhcp-config)#lease 3 3 5 <b>← command wont work on Packet Trer</b>
Router1(dhcp-config)#lease 3 3 5 ← command wont work on Packet Trer
Router1(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 172.16.1.1 172.16.1.10
Router(config)#
</pre>
```
4. 执行一个`ipconfig /all`命令查看是否有IP地址分配到PC。如旧地址仍在使用就需要执行一下`ipconfig /renew`命令。

28
d15-Layer_1-and-Layer_2-Troubleshooting.md
View File

@ -140,7 +140,7 @@ PoE LED只有在Catalyst 2960交换机型号上才能找到。
<tr><td>绿色</td><td>有链路且链路无问题</td></tr>
<tr><td>绿色闪烁</td><td>活动的:端口在发送或接收数据</td></tr>
<tr><td>绿色琥珀色交替闪烁</td><td>链路故障link fault出现可影响连通性的错误帧以及过多的冲突、循环冗余校验CRC同时将对以太网的alignment及jabber问题进行检测<a href="pdfs/EthernetErrorDescription.pdf" >以太网错误描述</a>, <a href="pdfs/EthernetErrors.pdf">以太网错误</a></td></tr>
<tr><td>琥珀色</td><td>端口被生成树协议Spanning Tree Protocol, STP阻塞而未转发数据。<b>注意:</b>在某端口重新配置后端口LED将保持琥珀色30秒因为STP会检查网络拓扑有没有可能的环回。</td></tr>
<tr><td>琥珀色</td><td>端口被生成树协议Spanning Tree Protocol, STP阻塞而未转发数据。注意在某端口重新配置后端口LED将保持琥珀色30秒因为STP会检查网络拓扑有没有可能的环回。</td></tr>
<tr><td>琥珀色闪烁</td><td>端口被STP阻塞同时没有发送或接收数据。</td></tr>
<tr><td rowspan=2>双工</td><td>不亮</td><td>端口以半双工方式运行。</td></tr>
<tr><td>绿色</td><td>端口以全双工方式运行。</td></tr>
@ -155,7 +155,7 @@ PoE LED只有在Catalyst 2960交换机型号上才能找到。
<tr><td rowspan=5>PoE</td><td>不亮</td><td>PoE关闭。如被供电设备从交流电源取得电力那么就算被供电设备是连接到交换机的PoE端口LED也会不亮。</td></tr>
<tr><td>绿色</td><td>PoE开启。端口LED只在该交换机端口供电时才亮起绿色。</td></tr>
<tr><td>绿色和琥珀色交替亮起</td><td>因为向被供电设备提供电力会超出交换机电源功率而将PoE禁用了。Catalyst 2960-24PC-L、2960 48PST-L、2960-48PST-S及2960-24PC-S可以提供最高370W的电力。而Catalyst 2960-24LT-L和2960-24LC-S交换机只能提供最高124W的电力。</td></tr>
<tr><td>琥珀色闪烁</td><td>PoE因为故障而关闭。<br><b>注意:</b>在做网线不合规及加电的设备连接到PoE端口(non-compliant cabling or powered devices are connected to a PoE port)时都会导致PoE故障。在将思科认证的IP电话、无线接入点或符合IEEE 802.3af规范的设备连接到PoE端口时只能使用标准规范的做网线方式。必须将导致PoE故障的网线或设备从网络上移除。Only standard-compliant cabling can be used to connect Cisco prestandard IP phones, wireless access points, or IEEE 802.3af-compliant devices to PoE ports. You must remove the cable or device that cause the PoE fault from the network.</td></tr>
<tr><td>琥珀色闪烁</td><td>PoE因为故障而关闭。<br>注意在做网线不合规及加电的设备连接到PoE端口(non-compliant cabling or powered devices are connected to a PoE port)时都会导致PoE故障。在将思科认证的IP电话、无线接入点或符合IEEE 802.3af规范的设备连接到PoE端口时只能使用标准规范的做网线方式。必须将导致PoE故障的网线或设备从网络上移除。Only standard-compliant cabling can be used to connect Cisco prestandard IP phones, wireless access points, or IEEE 802.3af-compliant devices to PoE ports. You must remove the cable or device that cause the PoE fault from the network.</td></tr>
<tr><td>琥珀色</td><td>端口的PoE已被关闭。默认PoE是开启的。</td></tr>
</table>
@ -243,9 +243,9 @@ PoE LED只有在Catalyst 2960交换机型号上才能找到。
下面是在一个GigabitEthernet交换端口上的`show interfaces`命令的输出。
<pre>
Catalyst-3750-1#<b>show interfaces GigabitEthernet3/0/1</b>
GigabitEthernet0/1 is up, line protocol is down <b>(notconnect)</b>
```
Catalyst-3750-1#show interfaces GigabitEthernet3/0/1
GigabitEthernet0/1 is up, line protocol is down (notconnect)
Hardware is GigabitEthernet, address is 000f.2303.2db1 (bia 000f.2303.2db1)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
@ -272,7 +272,7 @@ Output queue: 0/40 (size/max)
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
</pre>
```
多数思科Catalyst交换机端口默认都是`notconnect`状态,如同该命令打印输出的第一行所示。但如果网线从该端口拔出或未有正确连接,端口状态也会转换成该状态。在连接的网线有问题或是网线另一端没有插入到活动端口或设备(比如某台工作站插入交换机的端口是关闭的)时,将同样显示为`notconnect`。
@ -296,15 +296,15 @@ Output queue: 0/40 (size/max)
除了`show interfaces`命令,命令`show interfaces [name] counters errors`也可以用来查看接口错误及促进一层的排错。下面就是命令`show interface [name] counters errors`打印出的输出。
<pre>
Catalyst-3750-1#<b>show interfaces GigabitEthernet3/0/1 counters errors</b>
```
Catalyst-3750-1#show interfaces GigabitEthernet3/0/1 counters errors
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
Gi3/0/1 0 0 0 0 0
Port Single-Col Multi-Col Late-Col Excess-Col Carri-Sen Runts
Gi3/0/1 0 0 0 0 0 0
Port Giants
Gi3/0/1 0
</pre>
```
接下来的部分对命令`show interfaces [name] counters errors`输出中的一些错误字段,以及这些字段所表示的故障或问题,进行讲述。
@ -541,8 +541,8 @@ VTP客户端/服务器clinet/server或服务器/服务器(server/server)
最后,`show vtp status`命令的输出也包含了用于认证目的的MD5散列值。该散列值是从VTP域名称和密码生成的域中所有交换机上的该散列值应是一致的。而如在这些交换机上的域名称和密码不同则计算出的MD5也会不同。而如域名称或密码不同那么`show vtp status`命令就会示出一条MD5摘要校验和不匹配an MD5 digest checksum mismatch消息如下面的输出所示。
<pre>
Cat-3550-1#<b>show vtp status</b>
```
Cat-3550-1#show vtp status
VTP Version : running VTP2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
@ -553,11 +553,11 @@ VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 Digest : 0x26 0x99 0xB7 0x93 0xBE 0xDA 0x76 0x9C
<b>*** MD5 digest checksum mismatch on trunk: Fa0/11 ***</b>
<b>*** MD5 digest checksum mismatch on trunk: Fa0/12 ***</b>
*** MD5 digest checksum mismatch on trunk: Fa0/11 ***
*** MD5 digest checksum mismatch on trunk: Fa0/12 ***
...
[Truncated Output]
</pre>
```
最后在应用VTP时**配置修订号可能会造成严重破坏。VTP域中的交换机使用配置修订号来保持对域中最新信息的跟踪**the configuration revision number can wreak havoc when using VTP. Switches use the configuration revision number to keep track of the most recent information in the VTP domain。域中所有交换机都将其前一次从一条VTP通告中收听到的配置修订号存储起来同时在每次接收到新信息时该号码都被增加。而在任何交换机接收到带有高于其自身配置修订号的通告报文时都将覆写任何存储的VLAN信息并将其自身存储的VLAN信息与所接收到的通告报文中的信息进行同步。

82
d31-Spanning-Tree-Protocol.md
View File

@ -255,18 +255,18 @@ BPDUs都是每两秒发出的此特性允许实现快速的网络循环探测
**桥优先级是该交换机相对于其它交换机的优先级。**桥优先级取值范围是0到65535。思科Catalyst交换机的默认值为32768。
<pre>
```
Switch2#show spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
<b>Root ID Priority 32768</b>
Root ID Priority 32768
Address 0009.7c87.9081
Cost 19
Port 1 (FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
<b>Address 0008.21a9.4f80</b>
Address 0008.21a9.4f80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
@ -275,7 +275,7 @@ Name Prior.Nbr Cost Sts Cost Bridge ID Prior.Nbr
---------- --------- ---- --- ----------- -------------- ---------
Fa0/1 128.1 19 FWD 0 32768 0009.7c87.9081 128.13
Fa0/2 128.2 19 FWD 19 32770 0008.21a9.4f80 128.2
</pre>
```
上面输出中的MAC地址是得自交换机背板或管理引擎的硬件地址the hardware address derived from the switch backplane or supervisor engine 又名为基底MAC地址the base MAC address。**在802.1D标准中每个VLAN都需要一个唯一BID。**
@ -330,33 +330,33 @@ Switch(config)#spanning-tree vlan 2 root ?
*图31.6 -- 强制某台交换机成为根桥*
<pre>
```
SwitchC#show spanning-tree vlan 5
VLAN0005
Spanning tree enabled protocol ieee
Root ID <b>Priority 0</b>
Root ID Priority 0
Address 0000.0000.000c
<b>This bridge is the root</b>
This bridge is the root
Bridge ID Priority 0 (priority 0 sys-id-ext 5)
SwitchD#show spanning-tree vlan 5
VLAN0005
Spanning tree enabled protocol ieee
Root ID <b>Priority 4096</b>
Root ID Priority 4096
Address 0000.0000.000d
Bridge ID Priority 4096 (priority 8192 sys-id-ext 5)
SwitchD#show spanning-tree vlan 5
VLAN0005
Spanning tree enabled protocol ieee
Root ID <b>Priority 4096</b>
Root ID Priority 4096
Address 0000.0000.000d
Bridge ID Priority 4096 (priority 8192 sys-id-ext 5)
</pre>
```
注意到VLAN编号通常会被加到优先级数字上如下面的输出展示的那样。
<pre>
```
SwitchA#show spanning-tree vlan 5
Bridge ID Priority <b>32773</b> (priority 32768 sys-id-ext 5)
Bridge ID Priority 32773 (priority 32768 sys-id-ext 5)
Address 0013.c3e8.2500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
@ -364,7 +364,7 @@ Interface Role Sts Cost Prio.Nbr Type
--------- ---- ---- ---- -------- ----
Fa0/15 Desg FWD 19 128.15 P2p
Fa0/18 Desg FWD 19 128.18 P2
</pre>
```
##生成树开销及优先级
@ -394,23 +394,23 @@ Fa0/18 Desg FWD 19 128.18 P2
在思科IOS Catalyst交换机中可通过执行`show spanning-tree interface [name]`查看默认端口开销值如下面的输出中演示的那样该输出展示了一个FastEthernet接口的默认短整数端口开销。
<pre>
```
VTP-Server#<b>show spanning-tree interface FastEthernet0/2</b>
Vlan Role Sts <b>Cost</b> Prio.Nbr Type
VTP-Server#show spanning-tree interface FastEthernet0/2
Vlan Role Sts Cost Prio.Nbr Type
---- ---- --- ---- -------- ----
VLAN0050 Desg FWD <b>19</b> 128.2 P2p
</pre>
VLAN0050 Desg FWD 19 128.2 P2p
```
下面的输出显示了同样的长整数端口开销分配the following output shows the same for long port cost assignment
<pre>
```
VTP-Server#<b>show spanning-tree interface FastEthernet0/2</b>
Vlan Role Sts <b>Cost</b> Prio.Nbr Type
VTP-Server#show spanning-tree interface FastEthernet0/2
Vlan Role Sts Cost Prio.Nbr Type
---- ---- --- ---- -------- ----
VLAN0050 Desg FWD <b>200000</b> 128.2 P2p
</pre>
VLAN0050 Desg FWD 200000 128.2 P2p
```
重要的是记住带有更低的数值开销的端口是更为首选的端口端口开销越低那个特定端口被选举为根端口的可能性就越高the lower the port cost, the higher the probability of that particular port being elected the Root Port。**端口开销全局重要,并影响整个生成树网络。**该数值被配置在生成树域中的所有非根交换机上on all Non-Root Switches in the Spanning Tree domain
@ -722,7 +722,7 @@ STP故障通常有以下三类STP issues usually fall within the following th
2. 在将一侧设置为中继链路之前,可能看不到中继链路变成活动的。
<pre>
```
SwitchB#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SwitchB(config)#int FastEthernet0/1
@ -730,24 +730,24 @@ SwitchB(config-if)#switchport mode trunk
SwitchB(config-if)#^Z
SwitchB#sh int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 <b>on</b> 802.1q trunking 1
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-1005
Port Vlans allowed and active in management domain
Fa0/1 1
</pre>
```
3. 将看到另一交换机是留作自动模式的。
<pre>
```
SwitchA#show int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 <b>auto</b> n-802.1q trunking 1
Fa0/1 auto n-802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-1005
Port Vlans allowed and active in management domain
Fa0/1 1
</pre>
```
4. 在每台交换机上创建出两个VLANs。
@ -780,13 +780,13 @@ VLAN Name Status Ports
5. 确定哪台交换机是VLANs 2和3的根桥。
<pre>
```
SwitchB#show spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID <b>Priority</b> <b>32770</b>
Root ID Priority 32770
Address 0001.972A.7A23
<b>This bridge is the root</b>
This bridge is the root
Hello Time 2 sec
Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
@ -796,17 +796,17 @@ VLAN0002
Interface Role Sts Cost Prio.Nbr Type
--------- ---- --- ---- -------- ----
Fa0/1 Desg FWD 19 128.1 P2p
</pre>
```
可以看到Switch B是根。在交换机A上完成同样的命令并对VLAN 3进行检查。优先级是32768加上VLAN编号这里就是2.最低MAC地址将确定出根桥。
<pre>
```
SwitchB#show spanning-tree vlan 3
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 32771
Address 0001.972A.7A23
<b>This bridge is the root</b>
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 0001.972A.7A23
@ -815,21 +815,21 @@ VLAN0003
Interface Role Sts Cost Prio.Nbr Type
---------- ---- --- ---- -------- ----
Fa0/1 Desg FWD 19 128.1 P2p
</pre>
```
这里Switch A的MAC地址较高这就是为何其不会成为根桥的原因`00101123D245`
6. 将另一个交换机设置为VLANs 2和3的根桥。对VLAN 2使用命令`spanning-tree vlan 2 priority 4096`以及对VLAN 3的`spanning-tree vlan 3 root primary`命令。
<pre>
```
SwitchA(config)#spanning-tree vlan 2 priority 4096
SwitchA(config)#spanning-tree vlan 3 root primary
SwitchA#show spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID <b>Priority 4098</b>
Root ID Priority 4098
Address 0010.1123.D245
<b>This bridge is the root</b>
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4098 (priority 4096 sys-id-ext 2)
Address 0010.1123.D245
@ -843,7 +843,7 @@ VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 24579
Address 0010.1123.D245
<b>This bridge is the root</b>
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24579 (priority 24576 sys-id-ext 3)
Address 0010.1123.D245
@ -853,6 +853,6 @@ Interface Role Sts Cost Prio.Nbr Type
--------- ---- --- ---- -------- ----
Fa0/1 Desg FWD 19 128.1 P2p
SwitchA#
</pre>
```
>**注意:**尽管Switch B有较低的桥IDSwitch A还是被强制作为根桥。

12
d32-Rapid-Spanning-Tree-Protocol.md
View File

@ -133,20 +133,20 @@ Root bridge for: VLAN0050, VLAN0060, VLAN0070
1. 检查交换机上的生成树模式。
<pre>
```
SwitchA#show spanning-tree summary
Switch is in <b>pvst</b> mode
Switch is in pvst mode
Root bridge for: VLAN0002 VLAN0003
</pre>
```
2. 将模式改为RSTP并再度检查。
<pre>
```
SwitchA(config)#spanning-tree mode rapid-pvst
SwitchA#show spanning-tree summary
Switch is in <b>rapid-pvst</b> mode
Switch is in rapid-pvst mode
Root bridge for: VLAN0002 VLAN0003
</pre>
```
3. 用RSTP模式来重复第31天的实验。

32
d33-EtherChannels-and-Link-Aggregation-Protocols.md
View File

@ -602,11 +602,11 @@ Group Port-channel Protocol Ports
默认LACP允许最多16个端口进入到一个端口通道组中by default, LACP allows up to 16 ports to be entered into a port channel group。前8个运作接口将为LACP所使用而剩下的8个接口将被置为热备份状态。命令`show EtherChannel detail`显示出一个LACP以太网通道中所支持的链路最大数量如下面的输出所示。
<pre>
Switch-1#<b>show EtherChannel 1 detail</b>
```
Switch-1#show EtherChannel 1 detail
Group state = L2
<b>Ports: 3 Maxports = 16
Port-channels: 1 Max Port-channels = 16</b>
Ports: 3 Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol: LACP
Ports in the group:
-------------------
@ -690,23 +690,23 @@ Index Load Port EC state
0 00 Fa0/3 Active
Time since last port bundled: 00d:00h:00m:32s Fa0/3
Time since last port Un-bundled: 00d:00h:00m:49s Fa0/1
</pre>
```
LACP的配置及统计数据也可以通过执行`show lacp [options]`命令进行查看。此命令可用的选项在下面的输出中进行了演示。
<pre>
Switch-1#<b>show lacp ?</b>
```
Switch-1#show lacp ?
<1-6> Channel group number
counters Traffic information
internal Internal information
neighbor Neighbor information
sys-id LACP System ID
</pre>
```
`[counters]`关键字提供了有关LACP发出和接收到的数据包的信息。该命令的打印输出如下面所示。
<pre>
Switch-1#<b>show lacp counters</b>
```
Switch-1#show lacp counters
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
---------------------------------------------------------------------
@ -714,12 +714,12 @@ Channel group: 1
Fa0/1 14 12 0 0 0 0 0
Fa0/2 21 18 0 0 0 0 0
Fa0/3 21 18 0 0 0 0 0
</pre>
```
而`[internal]`关键字提供了诸如端口状态、管理密钥adminitrative key、LACP端口优先级以及端口编号等信息。下面的输出对此进行了演示。
<pre>
Switch-1#<b>show lacp internal</b>
```
Switch-1#show lacp internal
Flags: S - Device is sending Slow LACPDUs. F - Device is sending Fast
LACPDUs.
A - Device is in Active mode. P - Device is in Passive mode.
@ -729,11 +729,11 @@ Port Flags State Priority Key Key Number State
Fa0/1 SA bndl 32768 0x1 0x1 0x0 0x3D
Fa0/2 SA bndl 32768 0x1 0x1 0x1 0x3D
Fa0/3 SA bndl 32768 0x1 0x1 0x2 0x3D
</pre>
```
关键字`[neighbor]`打印出邻居名称、LACP邻居的ID、邻居的设备IDMAC以及邻居端口等信息。这些标志还表明邻居运行所处状态以及其是否时一个物理学习设备the flags also indicate the mode the neighbor is operating in, as well as whether it is a physical learner, for example。下面的输出对此进行了演示。
<pre>
```
Switch-1#show lacp neighbor
Flags: S - Device is sending Slow LACPDUs. F - Device is sending Fast
LACPDUs.
@ -760,7 +760,7 @@ Fa0/3 00001,0014.a9e5.d640 0x3 24s SP
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x1 0x3C
</pre>
```
最后,关键字`[sys-id]`提供了本地交换机的系统IDfinally, the `[sys-id]` keyword provides the system ID of the local switch。这是一个该交换机MAC地址和LACP优先级的结合体如下面的输出所示。

154
d34-First-Hop-Redundancy-Protocols.md
View File

@ -223,14 +223,14 @@ R2(config-if)#
为解决此问题思科IOS软件允许管理员将HSRP配置为使用其所配置上的物理接口的实际MAC地址。那么结果就是一个单独的MAC地址为所有HSRP组所使用也就是活动网关所使用的MAC地址且在每次往连接到这些交换机上的路由器添加HSRP组的时候无需对端口安全配置进行修改。此操作是通过使用接口配置命令`standby use-bia`命令完成的。下面的输出演示了命令`show standby`该命令给出了一个配置了两个不同HSRP组的网关接口的信息
<pre>
```
Gateway-1#show standby
FastEthernet0/0 - Group 1
State is Active
8 state changes, last state change 00:13:07
Virtual IP address is 192.168.1.254
<b>Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)</b>
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.002 secs
Preemption disabled
@ -242,13 +242,13 @@ FastEthernet0/0 - Group 2
State is Active
2 state changes, last state change 00:09:45
Virtual IP address is 172.16.1.254
<b>Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)</b>
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.423 secs
Preemption disabled
Active router is local
</pre>
```
在上面的输出中由于是默认的HSRP版本那么HSRP `Group 1`的虚拟MAC地址就是`0000.0c07.ac01`同时HSRP组2的就是`0000.0c07.ac02`。这就意味着连接此网关的交换机端口要学习三个不同地址:物理接口`Fastethernet0/0`的实际或出厂地址、HSRP `Group 1`的虚拟MAC地址以及HSRP组2的虚拟MAC地址。
@ -265,14 +265,14 @@ Gateway-1(config-if)#exit
基于上面的输出中的配置,命令`show standby`会反应出HSRP组的新MAC地址如下面的输出所示:
<pre>
```
Gateway-1#show standby
FastEthernet0/0 - Group 1
State is Active
8 state changes, last state change 00:13:07
Virtual IP address is 192.168.1.254
<b>Active virtual MAC address is 0013.1986.0a20
Local virtual MAC address is 0013.1986.0a20 (bia)</b>
Active virtual MAC address is 0013.1986.0a20
Local virtual MAC address is 0013.1986.0a20 (bia)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.756 secs
Preemption disabled
@ -284,8 +284,8 @@ FastEthernet0/0 - Group 2
State is Active
2 state changes, last state change 00:09:45
Virtual IP address is 172.16.1.254
<b>Active virtual MAC address is 0013.1986.0a20
Local virtual MAC address is 0013.1986.0a20 (bia)</b>
Active virtual MAC address is 0013.1986.0a20
Local virtual MAC address is 0013.1986.0a20 (bia)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.188 secs
Preemption disabled
@ -293,21 +293,21 @@ FastEthernet0/0 - Group 2
Standby router is unknown
Priority 105 (configured 105)
IP redundancy name is "hsrp-Fa0/0-2" (default)
</pre>
```
那么这里两个HSRP组所用的MAC地址都是`0013.1986.0a20`就是分配给物理网关接口的MAC地址了。这在下面的输出中有证实
<pre>
```
Gateway-1#show interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is <b>0013.1986.0a20 (bia 0013.1986.0a20)</b>
Hardware is AmdFE, address is 0013.1986.0a20 (bia 0013.1986.0a20)
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
...
[Truncated Output]
</pre>
```
> **注意**除了将HSRP配置为使用出厂地址the burnt-in address, BIA, 管理员亦可经由接口配置命令`standby [number] mac-address [mac]`静态指定虚拟网关要使用的MAC地址。但一般不会这样做因为这可能会导致交换网络中的重复MAC地址这就会引起严重的网络故障甚至造成网络中断。
@ -442,18 +442,18 @@ VTP-Server-2(config-if)#exit
在配置应用后,就可使用`show standby [interface brief]`命令对HSRP的配置进行验证。下面的输出对`show standby brief`命令进行了展示:
<pre>
VTP-Server-1#<b>show standby brief</b>
```
VTP-Server-1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl172 1 105 Active local 172.16.31.2 172.16.31.254
VTP-Server-2#<b>show standby brief</b>
VTP-Server-2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl172 1 100 Standby local 172.16.31.1 172.16.31.254
</pre>
```
基于此种配置,只有在`VTP-Server-1`失效时,`VTP-Server-2`才会成为活动网关。此外因为没有配置抢占preemption那么即使在`VTP-Server-1`重新上线时就算在该HSRP组中其比起`VTP-Server-2`有着更高的优先级,它仍然无法强制性地接过活动网关角色。
@ -470,13 +470,13 @@ VTP-Server-1(config-if)#standby 1 preempt
这里同样使用命令`show standby [interface [name] |brief]`, 来验证在某个网关上已有配置抢占特性。是通过下面的`show standby brief`命令输出中的“P”字样演示的
<pre>
```
VTP-Server-1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri <b>P</b> State Active Standby Virtual IP
Vl172 1 105 <b>P</b> Active local 172.16.31.2 172.16.31.254
</pre>
Interface Grp Pri P State Active Standby Virtual IP
Vl172 1 105 P Active local 172.16.31.2 172.16.31.254
```
有了这个修改,在因`VTP-Server-1`失效而导致`VTP-Server-2`接过VLAN172的活动网关角色时一旦`VTP-Server-1`再度上线其就将强制性再度接手那个角色。在配置抢占特性时思科IOS软件允许指定在交换机抢占及强制重新获得活动网关角色之前的时间间隔。
@ -489,7 +489,7 @@ VTP-Server-1(config-if)#standby 1 preempt delay minimum 30
此配置可使用命令`show standby [interface]`进行验证。下面的输出对此进行了演示:
<pre>
```
VTP-Server-1#show standby vlan172
Vlan172 - Group 1
State is Active
@ -499,12 +499,12 @@ Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.636 secs
<b>Preemption enabled, delay min 30 secs</b>
Preemption enabled, delay min 30 secs
Active router is local
Standby router is 172.16.31.2, priority 100 (expires in 8.629 sec)
Priority 105 (configured 105)
IP redundancy name is “hsrp-Vl172-1” (default)
</pre>
```
而关键字`[reload]`用于指定网关在其重启后需要等待的时间the `[reload]` keyword is used to specify the amount of time the gateway should wait after it initiates following a reload。关键字`[sync]`是与IP冗余客户端配合使用的。此配置超出了CCNA考试要求但在生产环境中是十分有用的因为在出现某个正在被跟踪的抖动接口或类似情况下此配置可以阻止不必要的角色切换this configuration is beyond the scope of the CCNA exam requirements but is very useful in production environments because it prevents an unnecessary change of roles in the case of a flapping interface that is being tracked, or similar activity
@ -514,7 +514,7 @@ HSRP接口跟踪特性令到管理员可以将HSRP配置为追踪接口状态
在下面的输出中,`VTP-Server-1`被配置为对连接到假想WAN路由器的接口`Gigabitethernet5/1`的状态,进行跟踪。在那个接口状态转变为`down`时该网关就将其优先级值降低10默认的:
<pre>
```
VTP-Server-1#show standby vlan172
Vlan172 - Group 1
State is Active
@ -529,10 +529,10 @@ Vlan172 - Group 1
Standby router is 172.16.31.2, priority 100 (expires in 7.616 sec)
Priority 105 (configured 105)
IP redundancy name is “hsrp-Vl172-1” (default)
<b>Priority tracking 1 interfaces or objects, 1 up:
Priority tracking 1 interfaces or objects, 1 up:
Interface or object Decrement State
GigabitEthernet5/1 10 Up</b>
</pre>
GigabitEthernet5/1 10 Up
```
而要将该网关降低值配置为比如50, 就可以执行命令`standby [name] track [interface] [decrement value]`, 如下面的输出所示:
@ -543,7 +543,7 @@ VTP-Server-1(config-if)#standby 1 track GigabitEthernet5/1 50
此项配置可使用命令`show standby [interface]`进行验证。下面对此进行了演示:
<pre>
```
VTP-Server-1#show standby vlan172
Vlan172 - Group 1
State is Active
@ -558,10 +558,10 @@ Vlan172 - Group 1
Standby router is 172.16.31.2, priority 100 (expires in 7.616 sec)
Priority 105 (configured 105)
IP redundancy name is “hsrp-Vl172-1” (default)
<b>Priority tracking 1 interfaces or objects, 1 up:
Priority tracking 1 interfaces or objects, 1 up:
Interface or object Decrement State
GigabitEthernet5/1 50 Up</b>
</pre>
GigabitEthernet5/1 50 Up
```
###配置HSRP的版本
@ -574,22 +574,22 @@ VTP-Server-1(config-if)#standby version 2
使用命令`show standby [interface]`,可对此配置进行验证。下面的输出对此进行了演示:
<pre>
```
VTP-Server-1#show standby vlan172
Vlan172 - Group 1 <b>(version 2)</b>
Vlan172 - Group 1 (version 2)
State is Active
5 state changes, last state change 00:43:42
Virtual IP address is 172.16.31.254
<b>Active virtual MAC address is 0000.0c9f.f001
Active virtual MAC address is 0000.0c9f.f001
Local virtual MAC address is 0000.0c9f.f001 (v2 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.419 secs</b>
Next hello sent in 2.419 secs
Preemption enabled
Active router is local
Standby router is 172.16.31.2, priority 100 (expires in 4.402 sec)
Priority 105 (configured 105)
IP redundancy name is “hsrp-Vl172-1” (default)
</pre>
```
而HSRP的开启就自动将HSRP所使用的MAC地址范围从`0000.0C07.ACxx`,改变为`0000.0C9F。F000`到`0000.0C9F.FFFF`。因此务必要记住这将导致生产网络中的一些数据包丢失因为网络中的设备必须要掌握到网关的新MAC地址。这类导致包丢失的变动都推荐在维护窗口或几乎的断网窗口来进行。
@ -706,32 +706,32 @@ VTP-Server-2(config-if)#exit
下面还使用命令`show vrrp [all|brief|interface]`, 对此配置进行了验证。关键字`[all]`展示了有关该VRRP配置的所有信息包括了组的状态、描述信息在配置了的情况下、本地网关优先级以及主虚拟路由器和其它信息。关键字`[brief]`则会列印出该VRRP配置的摘要信息。而`[interface]`关键字会列印出特定接口的VRRP信息。下面的输出展示了`show vrrp all`命令的输出:
<pre>
```
VTP-Server-1#show vrrp all
Vlan192 - Group 1
SWITCH-VRRP-Example
<b>State is Master
State is Master
Virtual IP address is 192.168.1.254
Virtual MAC address is 0000.5e00.0101</b>
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
<b>Preemption enabled
Preemption enabled
Priority is 105
Master Router is 192.168.1.1 (local), priority is 105</b>
Master Router is 192.168.1.1 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
VTP-Server-2#show vrrp all
Vlan192 - Group 1
SWITCH-VRRP-Example
<b>State is Backup
State is Backup
Virtual IP address is 192.168.1.254
Virtual MAC address is 0000.5e00.0101</b>
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
<b>Preemption enabled
Preemption enabled
Priority is 100
Master Router is 192.168.1.1, priority is 105</b>
Master Router is 192.168.1.1, priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.328 sec)
</pre>
```
下面的输出展示了由命令`show vrrp brief`所列印出的信息:
@ -771,7 +771,7 @@ VTP-Server-1(config-if)#vrrp 1 track 2
VRRP跟踪的配置是通过使用命令`show vrrp interface [name]`命令进行验证的。下面的输出对此进行了演示:
<pre>
```
VTP-Server-1#show vrrp interface vlan192
Vlan192 - Group 1
SWITCH-VRRP-Example
@ -781,32 +781,32 @@ Vlan192 - Group 1
Advertisement interval is 0.100 sec
Preemption enabled
Priority is 105
<b>Track object 1 state Up decrement 10
Track object 2 state Up decrement 10</b>
Track object 1 state Up decrement 10
Track object 2 state Up decrement 10
Authentication MD5, key-string
Master Router is 192.168.1.1 (local), priority is 105
Master Advertisement interval is 0.100 sec
Master Down interval is 0.889 sec
</pre>
```
而要查看被追踪对象的各项参数,就使用命令`show track [number] [brief] [interface] [ip] [resolution] [timers]`。下面是`show track`命令输出的演示:
<pre>
```
VTP-Server-1#show track
Track 1
Interface Loopback0 line-protocol
Line protocol is Up
1 change, last change 00:11:36
<b>Tracked by:
VRRP Vlan192 1</b>
Tracked by:
VRRP Vlan192 1
Track 2
IP route 1.1.1.1 255.255.255.255 reachability
Reachability is Up (connected)
1 change, last change 00:08:48
First-hop interface is Loopback0
<b>Tracked by:
VRRP Vlan192 1</b>
</pre>
Tracked by:
VRRP Vlan192 1
```
> **注意**这些被追踪对象亦可与HSRP和GLBP配合使用。GLBP在下面的小节进行说明。
@ -955,10 +955,10 @@ VTP-Server-4(config-if)#exit
一旦该GLBP组已被配置就可使用命令`show glbp brief`来查看该GLBP配置的摘要信息了如同下面的输出所示
<pre>
```
VTP-Server-1#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
<b>Vl192 1 - 110 Active 192.168.1.254 local 192.168.1.4</b>
Vl192 1 - 110 Active 192.168.1.254 local 192.168.1.4
Vl192 1 1 - Active 0007.b400.0101 local -
Vl192 1 2 - Listen 0007.b400.0102 192.168.1.2 -
Vl192 1 3 - Listen 0007.b400.0103 192.168.1.3 -
@ -966,7 +966,7 @@ Vl192 1 4 - Listen 0007.b400.0104 192.168.1.4 -
VTP-Server-2#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
<b>Vl192 1 - 100 Listen 192.168.1.254 192.168.1.1 192.168.1.4</b>
Vl192 1 - 100 Listen 192.168.1.254 192.168.1.1 192.168.1.4
Vl192 1 1 - Listen 0007.b400.0101 192.168.1.1 -
Vl192 1 2 - Active 0007.b400.0102 local -
Vl192 1 3 - Listen 0007.b400.0103 192.168.1.3 -
@ -974,7 +974,7 @@ Vl192 1 4 - Listen 0007.b400.0104 192.168.1.4 -
VTP-Server-3#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
<b>Vl192 1 - 100 Listen 192.168.1.254 192.168.1.1 192.168.1.4</b>
Vl192 1 - 100 Listen 192.168.1.254 192.168.1.1 192.168.1.4
Vl192 1 1 - Listen 0007.b400.0101 192.168.1.1 -
Vl192 1 2 - Listen 0007.b400.0102 192.168.1.2 -
Vl192 1 3 - Active 0007.b400.0103 local -
@ -982,18 +982,18 @@ Vl192 1 4 - Listen 0007.b400.0104 192.168.1.4 -
VTP-Server-4#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
<b>Vl192 1 - 100 Standby 192.168.1.254 192.168.1.1 local</b>
Vl192 1 - 100 Standby 192.168.1.254 192.168.1.1 local
Vl192 1 1 - Listen 0007.b400.0101 192.168.1.1 -
Vl192 1 2 - Listen 0007.b400.0102 192.168.1.2 -
Vl192 1 3 - Listen 0007.b400.0103 192.168.1.3 -
Vl192 1 4 - Active 0007.b400.0104 local -
</pre>
```
从上面的输出可以看出,基于`VTP-Server-1`192.168.1.1有着优先级值110, 该值高于所有其它网关的优先级值,而已被选举作为活动虚拟网关。网关`VTP-Server-4`192.168.1.4, 由于有着剩下三台网关中最高的IP地址而就算这三台网关有着同样的优先级值被选举作备份虚拟网关。因此网关`VTP-Server-2`与`VTP-Server-3`都被置于侦听状态了。
命令`show glbp`将有关该GLBP组状态的详细信息打印了出来下面对此命令的输出进行了演示
<pre>
```
VTP-Server-1#show glbp
Vlan192 - Group 1
State is Active
@ -1003,50 +1003,50 @@ Vlan192 - Group 1
Next hello sent in 1.465 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption disabled
<b>Active is local
Active is local
Standby is 192.168.1.4, priority 100 (expires in 9.619 sec)
Priority 110 (configured)</b>
Priority 110 (configured)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
<b>Group members:
Group members:
0004.c16f.8741 (192.168.1.3)
000c.cea7.f3a0 (192.168.1.2)
0013.1986.0a20 (192.168.1.1) local
0030.803f.ea81 (192.168.1.4)
There are 4 forwarders (1 active)
Forwarder 1
State is Active</b>
State is Active
1 state change, last state change 02:52:12
MAC address is 0007.b400.0101 (default)
Owner ID is 0013.1986.0a20
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
<b>Forwarder 2
Forwarder 2
State is Listen
MAC address is 0007.b400.0102 (learnt)
Owner ID is 000c.cea7.f3a0</b>
Owner ID is 000c.cea7.f3a0
Redirection enabled, 599.299 sec remaining (maximum 600 sec)
Time to live: 14399.299 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.1.2 (primary), weighting 100 (expires in 9.295 sec)
<b>Forwarder 3
Forwarder 3
State is Listen
MAC address is 0007.b400.0103 (learnt)
Owner ID is 0004.c16f.8741</b>
Owner ID is 0004.c16f.8741
Redirection enabled, 599.519 sec remaining (maximum 600 sec)
Time to live: 14399.519 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.1.3 (primary), weighting 100 (expires in 9.515 sec)
<b>Forwarder 4
Forwarder 4
State is Listen
MAC address is 0007.b400.0104 (learnt)
Owner ID is 0030.803f.ea81</b>
Owner ID is 0030.803f.ea81
Redirection enabled, 598.514 sec remaining (maximum 600 sec)
Time to live: 14398.514 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.1.4 (primary), weighting 100 (expires in 8.510 sec)
</pre>
```
当在活动虚拟网关上执行时,命令`show glbp`除了展示其它内容外还会给出备份虚拟网关的地址和组中所有活动虚拟转发器的数目以及由活动虚拟网关所指派给这些活动虚拟转发器的状态。同时还显示了各台活动虚拟转发器的虚拟MAC地址。

58
d35-booting-and-IOS.md
View File

@ -67,7 +67,7 @@ RxBoot程序 -- 小型的IOSMini-IOS, 在此程序模式下允许上传一
通过命令`show version`,就可以查看到当前的配置寄存器设置:
<pre>
```
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JS-L), Version 12.1(17), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by Cisco Systems, Inc.
@ -88,8 +88,8 @@ TN3270 Emulation software.
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
<b>Configuration register is 0x2102</b>
</pre>
Configuration register is 0x2102
```
命令还现实了该路由器已在线多长时间及上次重启的原因--在对启动问题进行故障排除时,这些信息是有用的。
@ -100,20 +100,20 @@ System returned to ROM by reload
同时改命令将显示处路由器上不同类型的存储器:
<pre>
```
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.2(4)T1, RELEASE SOFTWARE Copyright (c) 1986-2001 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE<b>← ROM code</b>
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE← ROM code
BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c)
System image file is “flash:c2500-is-l_122-4_T1.bin”<b>← Flash image</b>
Cisco 2522 (68030) processor CPU<b>← CPU</b>
with 14336K/2048K bytes of memory. <b>← DRAM</b>
System image file is “flash:c2500-is-l_122-4_T1.bin”← Flash image
Cisco 2522 (68030) processor CPU← CPU
with 14336K/2048K bytes of memory. ← DRAM
Processor board ID 18086064, with hardware revision 00000003
32K bytes of non-volatile configuration memory.<b>← NVRAM</b>
16384K bytes of processor System flash (Read ONLY) <b>← EEPROM/FLASH</b>
</pre>
32K bytes of non-volatile configuration memory.← NVRAM
16384K bytes of processor System flash (Read ONLY) ← EEPROM/FLASH
```
下面是路由器启动过程的一个图形化再现:
@ -132,9 +132,9 @@ Processor board ID 18086064, with hardware revision 00000003
你可以将运行配置拷贝到一台运行了TFTP服务器软件的PC机或服务器上
<pre>
Router#copy startup-config tftp:<b>← You need to include the colon</b>
</pre>
```
Router#copy startup-config tftp:← You need to include the colon
```
还可以将IOS镜像复制到某台TFTP服务器上。如要将服务器IOS更新到另一较新版本就必须要这么做以防新版本可能带来的问题管理员经常将一个路由器现有闪存装不下的IOS镜像放上去
@ -156,14 +156,14 @@ Router#copy tftp flash:
通过`show version`或`show flash`命令, 或者经由`dir flash:`进入到flash目录进入到flash目录将显示出闪存中所有的文件就可以查看到闪存的文件名。
<pre>
```
RouterA#show flash
System flash directory:
File Length Name/status
1 14692012 <b>c2500-js-l.121-17.bin</b>
1 14692012 c2500-js-l.121-17.bin
[14692076 bytes used, 2085140 available, 16777216 total]
16384K bytes of processor board System flash (Read ONLY)
</pre>
```
作者本打算对此方面进行深入但你应着重于CCNA考试本身及日常工作。不过灾难恢复应在深入研究及实验的目标清单当中。
@ -268,18 +268,18 @@ Device# PID SN UDI
在下面可以看到有哪些特性也被激活。特性`ipbasek9`将总是开启的。
<pre>
```
Router#show license all
License Store: Primary License Storage
StoreIndex: 0 <b>Feature: ipbasek9</b> Version: 1.0
<b>License Type: Permanent
License State: Active, In Use</b>
StoreIndex: 0 Feature: ipbasek9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
License Store: Evaluation License Storage
StoreIndex: 0 <b>Feature: securityk9</b> Version: 1.0
<b>License Type: Evaluation
License State: Inactive</b>
StoreIndex: 0 Feature: securityk9 Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 208 weeks 2 days
Evaluation period left: 208 weeks 2 days
License Count: Non-Counted
@ -291,7 +291,7 @@ StoreIndex: 1 Feature: datak9 Version: 1.0
Evaluation period left: 208 weeks 2 days
License Count: Non-Counted
License Priority: None
</pre>
```
命令`show license feature`将打印出已开启的特性摘要信息:
@ -305,16 +305,16 @@ datak9 yes no no no
一旦许可证得到验证就必须通过U盘或网络服务器及在命令行执行`license install [url]`, 将该许可证密钥添加到路由器。需要注意“.lic”这个文件名。
<pre>
```
Router#dir usbflash0:
Directory of usbflash0:/
1 -rw- 3064 Apr 18 2013 03:31:18 +00:00 FHH1216P07R_20090528163510702.<b>lic</b>
1 -rw- 3064 Apr 18 2013 03:31:18 +00:00 FHH1216P07R_20090528163510702.lic
255537152 bytes total (184524800 bytes free)
Router#
Router#license install usbflash0:FHH1216P07R_20090528163510702.<b>lic</b>
Router#license install usbflash0:FHH1216P07R_20090528163510702.lic
Installing...Feature:datak9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
@ -322,7 +322,7 @@ Installing...Feature:datak9...Successful:Supported
Router#
*Jun 25 11:18:20.234: %LICENSE-6-INSTALL: Feature datak9 1.0 was installed in this device. UDI=CISCO2951:FHH1216P07R; StoreIndex=0:Primary License Storage
*Jun 25 11:18:20.386: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c2951 Next reboot level = datak9 and License = datak9
</pre>
```
此时将必须重启该路由器,以激活新的特性集。