yeslab na-实验手册-ccnp交换YESLABCCNP分解指南

PAGEPAGE2YesLabCCNP交换实验手实验第一部分交换机基本配 实验1.1交换机的基本配 实验1.2交换机端口安 实验1.3交换机的恢 实验1.4交换机IOS恢 实验第二部分VLAN、VTP和 实验2.1划分 实验2.2私有 实验2.3私有VLAN与普通VLAN之间的通 实验2.4 实验2.5VTP配 实验第三部分 实验3.1STP和 实验3.2 实验3.3 实验3.4 实验 STP保 实验第四部分VLAN间通 实验4.1单臂路由实现VLAN间通信 实验 3层交换实现VLAN间通 实验第五部分网关热备冗 实验5.1网关冗余热备份协议HSRP（CISCO私有 实验5.2: 实验5.3: 本部分实验命令汇总 实验第六部分 实验6.1使用NTP服务器的CISCO路由 实验6.2配置NTP的对等 实验6.3NTP的认 实验第7部分 实验7.1静态 实验7.2动态 实验7.3复用内部全局地址的 实验第一部分实验1.1交换机的基本配switch#configswitch#configswitch(config)#hostnameSW1SW1(config)#enablesecret 为SW1(config)#lineconsoleconsoleSW1(config-line)#passwordcisco(2)配 接口基本配置SW1(config)#interfacefastEthernet0/1SW1(config-if)#duplexSW1(config-if)#speed{10|100|1000|auto}配置管理地址SW1(config)#interfacevlanSW1(config-if)#ipaddress00SW1(config-if)#noshutdownSW1(config)#ipdefault-gateway//以上是在VLAN1接口上配置了管理地址，接在VLAN1上的计算机可以直接net该SW1#copyrunning-cionfigstartup-SW1#copyrunning-cionfigstartup-Buildingconfiguration...理解交换机的CAM表；交换机端口安全特性，可以让我们配置交换机端口，使得的MAC地址的设备接入时，交换机自动关闭接口或者设备接入，也可以限制某个端口上最大的MAC地址数。本实验限制f0/10接口只允许R1接入。R1(config)#interfaceethernetR1(config-if)#ipR1(config)#interfaceethernetR1(config-if)#ipaddressR1(config-if)#noshutdownR1#showinterfacesethernetEthernet0/0isup,lineprotocolisHardwareisAmdP2,addressis0006.28d8.c460(bia0006.28d8.c460)Internetaddressis/24（此处省略步骤2：配置交换机端口安全SW1(config)#interfacefastEthernet0/10SW1(config-if)#switchmodeSW1(config-if)#switchport-SW1(config-if)#switchport-securitiy um1//以上命令只允许该端口下的MAC1SW1(config-if)#switchport-securitiyviolation{protect|shutdown|restrictshutdown:当新的计算机接入时，如果该接口的MACSW1(config-if)#switchportport-securitymac-address0006.28d8.c460SW1(config-if)#noshutdownSW1(config)#intvlan1SW1(config-if)#noSW1(config-if)#ipaddress0步骤3：检查MACSW1#showmacaddress-tableMacAddressMac1步骤4：模 接这时从 TypeescapesequencetoSending5,100-byteICMPEchosto0,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=4/4/4R1(config)#interfaceethernetR1(config-if)#mac-addressFa0/10inerr-disable*Mar100:31:05.875:%PORT_SECURITY-2-PSECURE_VIOLATION:Securityviolationoccurred,causedbyMACaddress0001.0001.0001onportFastEthernet0/10.*Mar100:31:06.867:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet0/10,changedstatetodown*Mar100:31:06.867:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceVlan1,changedstatetodown*Mar100:31:07.875:%LINK-3-UPDOWN:InterfaceFastEthernet0/10,changedstateto//SW1上的输出显示，交换机已经将接口f0/10shutdown，其原因是端口安全机制检测到 SW1#showinterfacesfastEthernetSW1#showinterfacesfastEthernetFastEthernet0/10isdown,lineprotocolisdown(err-HardwareisFastEthernet,addressis000b.5f85.138a(biaSW1#showport-SecurePortMaxSecureAddrCurrentAddrSecurityViolationSecurityAction TotalAddressesinSystem(excludingonemacperport) :0MaxAddresseslimitinSystem(excludingonemacperport):5120实验1.3交换机的恢BaseethernetMACAddress:00:18:ba:11:f5:00Xmodemfilesystemisavailable.Thepassword-recoverymechanismisThesystemhasbeeninterruptedpriortoinitializingtheFlashfilesystem.ThefollowingcommandswillinitializeTheflashfilesystem,andfinishloadingtheoperatingSystemsoftware:BaseethernetMACAddress:00:18:ba:11:f5:00Xmodemfilesystemisavailable.Thepassword-recoverymechanismisThesystemhasbeeninterruptedpriortoinitializingtheFlashfilesystem.ThefollowingcommandswillinitializeTheflashfilesystem,andfinishloadingtheoperatingSystemsoftware:Initializingflashfs[0]:3files,1flashfs[0]:0orphanedfiles,0orphaneddirectoriesflashfs[0]:Totalbytes:flashfs[0]:Bytesflashfs[0]:Bytesflashfs[0]:flashfsfscktook12...doneInitializingBootSectorFilesystem(bs)installed,fsid:3Settingconsolebaudrateto9600...(3)在提示符下输入loadhelper(4)在提示符下输入dirflash:--――注：查看flashDirectoryof2- <date>c3560-ipbasek9-mz.122-3-rwx1455<date>5-rwx24<date>private-bytesavailable bytesContinuewitchtheconfigurationswitch#renameflash:config.oldconfig-text文件。switch#copyflash:config.textsystem:running-(10)修改enable：SW1(config)#enablesecretciscoSW#copyrunning-configstartup-Destinationfilename[startup-config]?Buildingconfiguration...1.4交换机IOS恢如果交换机能够正常开IOS可以TFTP服务器上恢复体步骤可参见路由器的IOS恢复步骤。然而如果交换机无法正常开启，IOS的恢复过程会比较复杂了，需要使用Xmodem方式，该方式是通过Console口从计算机IOS，速度为9600bps，因此速度很慢。Switch：copyxmodem：flash:c3550-ipservices-mz.122-44.SE6.binSwitch：copyxmodem：flash:c3550-ipservices-mz.122-44.SE6.bin该命令的含义是通过xmodem方式拷贝文件，保存在FLASH,文件名为BegintheXmodemorXmodem-IKtransfer4.ipdefault-SwitchmodeSwitchport-Switchport- umMACSwitchport-securitiy作Switchport-securitiymac-addressShowmac-address-Mac-addressRenameflash:config.textCopyxmodem:3560-advipservicesk9-mz.122-通过Xmodem协议将文件flash实验第二部VLAN、VTPCisco交换机不仅仅具有2层交换功能，它还具有VLAN等功能。VLAN技术可以使我们很容易地控制广播域的大小。有了VLAN，交换机之间的级联链路就需要Trunk技术来保证2.1步骤1：在SW1上创建VLANsw1#vlan// sw1(vlan)#vlanVLAN2Name:sw1(vlan)#vlanVLAN3Name:APPLYcompleted.除交换机的配置，除了使用“erasestarting-config”命令外，还要使用“deleteflash:vlan.dat”命令把VLAN数据删除。SW1(config)#vlan2SW1(config)#vlan3r1(config-if)#interfacefastEthernet0/0r1(config-if)#ipaddressr1(config-if)#noshutdownsw1(config)#interfacefastEthernet0/1sw1(config-if)#switchportmodeaccesssw1(config-if)#switchportaccessvlansw1(config-if)#interfacefastEthernet0/2sw1(config-if)#switchportmodeaccesssw1(config-if)#switchportaccessvlanr2(config-if)#interfacefastEthernet0/0r2(config-if)#ipaddressr2(config-if)#no查看vlan信息。1Fa0/0,Fa0/3,Fa0/4,Fa0/6,Fa0/7,Fa0/8,Fa0/10,Fa0/11,Fa0/12,Fa0/14,23sw1#showvlan-switch交换机3550或者交换机3560上，采用 令showvlanbriefVLAN 1002fddi-sw1#showvlan-switch交换机3550或者交换机3560上，采用 令showvlanbriefVLAN 1002fddi-1003token-ring-PC1PC2PC3PC4PC2PC3PC4PC3PC4我们用路由器和交换机来模拟PC，先模拟好PC：R2-PC1(config-if)#ipaddressR2-PC1(config-if)#nosw3(config)#hostnameSW3-PC2SW3-PC2(config)#interfacevlan1SW3-PC2(config-if)#ipaddressSW1(config)#hostnameSW1-PC3SW1-PC3(config-if)#ipaddressSW4-PC4(config-if)#ipaddress R2-PC1R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/2/4R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/2/4R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2SW4-PC4#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/3/4SW4-PC4#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/3/4SW2-3750(config)#vtpmode分别为VLAN10 VLAN11 (团体VLAN)VLAN 同属于一个独立VLAN下的接口都不能通信。SW2-3750#showvlanprivate-vlanPrimarySecondary //以上表明我们的VLAN10(孤立VLAN)和VLAN11(团体VLAN)都关联到属于SW2-3750(config-if)#switchportprivate-vlanmap1210-11//PC1PCF0/10口应该属于杂耍模式，并且关联所有VLAN。SW2-3750(config-if-range)#switchportmodeprivate-vlanhostPrimarySecondary Fa1/0/2, 步骤5：测试R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4R2-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4在SW3-PC2上:SW3-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/3/4SW3-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentSW3-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentSW1-PC3#TypeescapesequencetoSendingSW1-PC3#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4 TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4 TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2实验要求Vlan10 （主VLAN）PC2的接口F1/0/10Vlan （独立VLAN）PC3的接口Vlan (团体 PC4的接口SW1PVLANSW1F0/10VLAN10，101，102.观察与PVLAN的通信情况： Vlan10vlan101 Vlan10vlan102 Vlan101vlan101 Vlan101vlan102 Vlan102vlan101 Vlan102vlan102 记，如果是主机接口都会带上次VLAN的标记。由此了一些有趣的现象：做实验验证并讲解：步骤1：先模拟各个PC：R1-PC1(config-if)#ipaddressR1-PC1(config-if)#noshutdownR2-PC2(config-if)#ipaddresssw3(config)#hostnameSW3-PC3SW3-PC3(config-if)#ipaddresssw4(config)#hostnameSW4-PC4SW4-PC4(config-if)#ipaddressSW1sw1-3550(config-if)#switchporttrunkencapsulationdot1qsw1-3550(config-if)#switchportmodetrunkSW2sw2-3750(config-if)#switchporttrunkencapsulationdot1qsw2-3750(config-if)#switchportmodetrunkR1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/2/4R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis60percent(3/5),round-tripmin/avg/max=1/3/4R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis60percent(3/5),round-tripmin/avg/max=1/3/4Vlan10 （主VLAN）PC2的接口F1/0/10Vlan10 （主VLAN）PC2的接口F1/0/10Vlan （独立VLAN）PC3的接口Vlan (团体 PC4的接口sw2-3750(config-vlan)#vlan102sw2-3750(config-vlan)#vlan10SW2-3750(config-if)#switchportmodeprivate-vlanpromiscuousSW2-3750(config-if)#switchportprivate-vlanmap10 R2-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4R2-PC2#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4SW3-PC3#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentSW1-3550#showvlanVLAN11005trbrf- SW1-3550(config)#interfacefastEthernet0/10SW1-3550(config-if)#switchportmodeaccessSW1-3550(config-if)#spanning-treeportfastR1-PC1 正常通 Vlan10vlan101单向 Vlan10vlan102单向 R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4VLANVLAN通信，所以包会到达R2-PC2。回包的时候，SW2VLANVLAN10，SW1VLAN10标记的包当然会转给自己的VLAN10R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentPC3SW2收到一VLAN10PVLAN通信的，但是当从R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentSW1VLAN10PC1 单向 Vlan101vlan101不 Vlan101vlan102不 SW1-3550(config)#interfacefastEthernet0/10R1-PC1R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentR1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percent//SW2VLAN101VLAN101下的任何一个R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percent 单向 Vlan102vlan101不 Vlan102vlan102正常通 SW1-3550(config)#interfacefastEthernet0/10R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percent//SW2VLAN102VLAN10的R1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis0percentR1-PC1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis100percent(5/5),round-tripmin/avg/max=1/2/4的时候也是带的VLAN102的标记，所以是通的。当一个VLAN不同的交换机时，在同一VLAN上但是连接在不同的交换机上的计信息，交换机从属于某一VLAN（例如VLAN3）的端口接收到数据，在Trunk链进行传输前，会加上一个vlan标记3，表明该数据来自VLAN3去掉，只发送到属于VLAN3的端口上。有两种常见的帧标记技术：ISL802.1Q。ISLCisco同时用新的FCS字段替代了原有的FCS字段，该技术是国际标准，得到所有厂家的支持。Cisco交换机之间的链路是否形成Trunk可以自动协商，这个协议称为DTP（DynamicTrunkProtocol），DTP还可以协商Trunk链路的封装类型。理解DTP的协商规律。SW1(config-if)#interfaceSW1(config-if)#interfaceSW1(config-if)#switchporttrunkencapsulation//指定trunk的封装类型为dot1q,同一链路的两端封装要相同。有的交换机，例如2950只能封装dot1q，因此无需执行该命令。SW1(config-if)#switchportmode先配置好VLANSW1(vlan)#vlan2VLAN2modified:SW1(config)#interfacefastEthernet0/1SW1(config-if)#switchportmodeaccessSW1(config-if)#switchaccessvlanSW2#vlanSW2(vlan)#vlanVLAN2APPLYAPPLYSW2(config)#interfacefastEthernetSW2(config-if)#switchportmodeSW2(config-if)#switchportaccessvlanSW2(config)#interfacefastEthernetSW2(config-if)#switchporttrunkencapsulationSW2(config-if)#switchportmodeR2(config)#interfaceR2(config)#interfaceR2(config-if)#ipaddressR1(config)#interfaceR1(config-if)#ipaddressTypeTypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2seconds:PacketsentwithasourceaddressofSuccessrateis80percent(4/5),round-tripmin/avg/max=16/33/60msSW1(config)#interfacefastEthernet0/5SW1(config-if)#switchtrunkencapsulation? Interfaceusesonly802.1qtrunkingencapsulationwhentrunking InterfaceusesonlyISLtrunkingencapsulationwhentrunkingnegotiateDevicewillnegotiatetrunkingencapsulationwithpeeron注意：如果你用的模拟器，采用的是路由器的交换模块，只支持dot1q.一般情况下我们switchportmodetrunktrunk，不用协商。如果你想让协商类型有ISL和dot1q，请在真实交换机上进行//negotiate:trunkSW1(config-if)#switchtrunkencapsulation和DTP配置有关的有以下一些命令，这些命令不能任意组合：“switchporttrunkencapsulation｛negotiate|isl|dot1q｝”配置Trunk链上的封装类型，上面己经详细介绍过了。“switchportnonegotiate”：Trunk链 “switchmode{trunk|dynamicdesirable|dynamicauto}”：desirable、dynamicauto都将成功协商为trunkdynamicauto： 协商，如果另一端为negotiate、dynamicdesirable下面的表格表示哪些组合可以让交换机之间的链路协商成为trunk。dynamicdynamicsw1(config-if)#switchmodedynamicSW2(config-if)#interfacefastEthernet0/5SW2(config-if)#SW2(config-if)#interfacefastEthernet0/5SW2(config-if)#switchtrunkencapsulationnegotiateSW2(config-if)#switchmodedynamicautoSW1#showinterfacesfastEthernet0/5SW1#showinterfacesfastEthernet0/5EncapsulationNative Vlansallowedon 1- Vlansallowedandactiveinmanagement Vlansinspanningtreeforwardingstateandnotpruned //可以看到trunkdesirable,双方协商成为了trunk.封装的类类型为ISL还是802.1Q。注意，需要在两端都进行检查，确认两端都形成Trunk才行。有vlan都打；但是如果封装为802.1q则本征vlan是不打，其他vlan都要打；默sw2#showinterfacesf0/5EncapsulationNative Vlansallowedon 1- Vlansallowedandactiveinmanagement Vlansinspanningtreeforwardingstateandnotpruned 2.5VTP配VTP（VLANTrunkProtocol）提供了一种用于在交换机上管理VLAN相同的VLAN信息。VTP被组织成管理域（VTP）,相同域中的交换机能共享VLAN信息。根据交换机在VTP域中的作用不同，VTP可以分为三种模式：通告给域中的其他交换机。默认情况下，交换机是服务器模式。每个VTP域必须至少有一台服务器，域中的VTP来自其他交换机的VTPVLANVTPTrunk链向其他交换机转发，因此这种交换机还能充当VTP中继。上创建、修改、删除VLAN，但是这些VLAN信息并不会通告给其他交换机，它也不TrunkVTPVTP初始值为0。只要在VTPServer上创建、修改、删除VLAN，通告的Revision就增加1，通告中还包含了VLANRevisionRevision通告，而不管谁是ServerClient。交换机只接受比本地保存的Resivison告；如果交换机收到Resivison号更低的通告，会用自己的VLAN信息反向覆盖。掌握VTP配置。配置实例SW1(vlan)#vlan2VLAN2Name:SW1(vlan)#vlanVLAN3Name:SW1(vlan)#vtpDevicemodealreadyVTPAPPLYAPPLYmodeserver命令SW1(vlan)#vtppasswordciscoPasswordalreadysettocisco.//配置vtp 为 namealreadysetto APPLYcompleted.APPLYcompleted.SW2#vlandatabaseSW2(vlan)#vtpclientSettingdevicetoVTPCLIENTvtp namealreadysettoSW2(vlan)#vtppasswordPasswordalreadysetto然然后再在SW3上做如下配置：SW3#vlandatabase namealreadysettoyeslab.SW3(vlan)#vtppasswordciscoPasswordalreadysettocisco.SW3(vlan)#vtpSettingdevicetoVTPTRANSPARENTSW2#showvlan-switchVLAN SW2#showvlan-switchVLAN 1Fa0/3,Fa0/4,Fa0/5,Fa0/7,Fa0/8,Fa0/9,Fa0/10Fa0/11,Fa0/12231 002 003 00 00 00 ieee00 ibm001002fddi-1003token-ring-1002fddi-1003token-ring-1004fddinet-VLANTypeSAIDMTUParentRingNoBridgeNoStpBrdgModeTrans1RemoteSPANPrimarySecondaryEtherChann（以太通路将倍EtherChannel链整个过程在几毫秒内完成，从而起到冗余的作用，增强了网络的稳定性和安全性。EtherChannel链IPI地址、源MA地址、目的MACIPIPMACMACEhrChannelPLACCISCOLACP掌握etherchannel的配置。SW1(config-if)#SW1(config-if)#interfacerangefastEthernet0/5-//range命令可以让我们同时对多个接口做相同的配置SW1(config-ifswitchporttrunkencapsulationdot1qSW1(config-if)#switchportmodetrunkSW1(config-if)#channel-group1modeEhernetChannelonEhernetChannelCreatingaport-channelinterfacePort-channel1这时我们再去查看自动生成的Port-channel口下的配置:SW1(config)#doshowrunning-configinterfaceport-channel1Buildingconfiguration...Currentconfiguration:92bytesinterfacePort-channel1switchporttrunkencapsulationdot1qswitchportmodetrunkSW2SW2(config)#interfacerangefastEthernet0/5-SW2(config-if)#switchporttrunkencapsulationSW2(config-if)#switchportmodetrunkSW2(config-if)#channel-group1modeonSW1(config-if)#interfacerangefastEthernet0/5-6SW1(config-if)#channel-group1modeonSW1(config)#interfaceport-channelSW1(config-if)#switchporttrunkencapsulationdot1qSW1(config-if)#switchportmodetrunkSW1#showrunning-configinterfacefastEthernetinterfaceswitchporttrunkencapsulationdot1qswitchportmodetrunkchannel-group1modeonSW2(config)#interfacerangefastEthernet0/5-6SW2(config-if)#channel-group1modeonSW2(config)#interfaceport-channelSW2(config-if)#switchporttrunkencapsulationdot1qSW2(config-if)#switchportmodetrunk SW1(config)#interfacePort-//创建一个以太网的channel，他的接口标识号码是1SW1(config-if)#switchporttrunkencapsulationdot1qSW1(confi-if)#switchportmodetrunkSW1(config)#interfaceFastEthernet0/5SW1(config-if)#switchporttrunkencapsulationdot1qSW1(config-if)#switchportmodetrunkSW1(config-if)#channel-group1modechannel-group1SW1(config)#interfaceSW1(config-if)#switchporttrunkencapsulationdot1qSW1(config-if)#switchportmodetrunkSW1(config-if)#channel-group1modeSW2(config)#interfacePort-SW2(config-if)#switchporttrunkencapsulationdot1qSW2(confi-if)#switchportmodetrunkSW2(config)#interfaceFastEthernet0/5SW2(config-if)#switchporttrunkencapsulationdot1qSW2(config-if)#switchportmodetrunkSW2(config-if)#channel-group1modeonSW2(config)#interfaceSW2(config-if)#switchporttrunkencapsulationdot1qSW2(config-if)#switchportmodetrunkSW2(config-if)#channel-group1modesw3560#showetherchannel//etherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators: GroupPort-channel etherchanneldownshutdownnoshutdown，再查看状态。(3)配置自动协商建EtherChannel。SW1(config)#interfacerangefastEthernet0/5-6SW1(config-if-range)#channel-group1mode? EnableLACP EnablePAgPonlyifaPAgPdeviceisdetecteddesirableEnablePAgPunconditionally EnableEtherchannel EnableLACPonlyifaLACPdeviceis把接口配置为PAGPdesirable：channel-group1mode把接口配置为PAGP的auto：channel-group1mode把接口配置为LACP的active：channel-group1modeLACPpassivechannel-group1modepassiveSW1(config-if-range)#channel-group1modedesirablechannel-group1disirablesw3560然后再切换到SW2上做同样的配置：SW2(config)#interfacerangefastEthernet0/5-6SW2(config-if-range)#channel-group1modedesirable监测和测试sw3560#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel 注意：只有链路两端都配置使用相同的协议才可成功协商建立EthernetChannel（不关心SW1(config)#port-channelload-balancedst-mac1：SW1(config)#interfacerangeFastEthernet0/5-6SW1(config-if)#channel-group1modedesirableSW2(config)#interfacerangeSW1(config)#interfacerangeFastEthernet0/5-6SW1(config-if)#channel-group1modedesirableSW2(config)#interfacerangeFastEthernet0/5-6SW2(config-if)#channel-group1modeactiveSW1#showetherchannelFlags:D-down PSW1#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-in f-failedtoallocateM-notinuse,minimumlinksnotu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel1++1+ //“SD”表明要重新开启//f0/6端口上协商已经终止,“[I]”的意思为：Istand-alonesSW2#SW2#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel 1+ SW1(config-if)#interfacerangeSW1(config-if)#interfacerangeFastEthernet0/5-6SW1(config-if)#channel-group1modeautoSW2(config-if)#SW2(config-if)#interfacerangeFastEthernet0/5-6SW2(config-if)#channel-group1modedesirableSW1#showetherchannelFlags:SW1#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel1++1+ SW2#showSW2#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators:GroupPort-channel 1+ Etherchannel并不是一个特定的二层协议。在三层链，也是可以起在SW1上：SW1(config)#interfacerangefastEthernet0/5-SW1(config-if-range)#noSW1(config-if-range)#channel-group1modeCreatingaport-channelinterfacePort-channelSW1(config-if-range)#noSW2(config)#interfaceport-channelSW2(config-if)#ipaddress在SW2上：SW2(config)#interfacerangefastEthernet0/5-6SW2(config-if-range)#noswitchportSW2(config-if-range)#channel-group1modeonSW2(config-if-range)#noshutdownSW2(config)#interfaceport-channel1SW2(config-if)#ipaddressSW1#TypeescapesequencetoSending5,100-byteICMPEchosto,timeoutis2Successrateis80percent(4/5),round-tripmin/avg/max=1/3/4SW1#showetherchannelFlags:D-down P-bundledinport-channelI-stand-alones-suspendedH-Hot-standby(LACPonly)R- S-U-inuse f-failedtoallocateaggregatorM-notinuse,minimumlinksnotmetu-unsuitableforbundlingw-waitingtobeaggregatedd-defaultportNumberofchannel-groupsinuse:1Numberofaggregators: GroupPort-channel 本部分实验相关命令vlanvlan2namevlanswitchaccessvlaninterfacerangeF0/2–showswitchporttrunkswitchportmodeshowinterfaceF0/3switchportvtpmodevtpvtpvtpmodevtpmodeshowvtpvtpvtpversion设定Vtpinterfaceport-channelchannel-groupmodeport-channelload-balancedst-showetherchannelshowetherchannelport-实验第三部在故障时自动调整网络的数据转发路径。STP30—50基本环路。交换环路会带来三个问题：广播风暴、同一帧的多个拷贝、交换机CAM表不稳定。STP(SpanningTreeProtocol)可以解决这些问题，STP接口，构建一棵没有环路的转发树。STPBPDU(BridgeProtocolDataUnit)和其他交桥ID、路径代价、端口ID当网络上有多个VLAN，PVST(PerVlanSTP)会为每个VLANSTP树。此时端重的负担。Cisco交换机默认的模式就是PVST+。到VLAN2先手先手动配置三条链路为sw1(config)#interfacerangefastEthernet0/1,fastEthernet0/5sw1(config-if-range)#switchporttrunkencapsulationdot1qsw1(config-if-range)#switchportmodetrunk切换到sw2上做配sw2(config)#interfacerangefastEthernet0/2,fastEthernet0/5sw2(config-if-range)#switchporttrunkencapsulationdot1qsw2(config-if-range)#switchportmodetrunksw3(config)#interfacerangefastEthernet0/1,fastEthernet0/2sw3(config-if-range)#switchporttrunkencapsulationdot1qsw3(config-if-range)#switchportmodetrunk配置步骤2：增加VLAN2并在三台交换机上配置VTPSW1#vlandatabaseSW1(vlan)#vlan2SW1(vlan)#vtpserverSW1(vlan)#vtppasswordcisco SW1配置完毕，然后在SW2上做如下配置SW2#vlandatabaseSW2(vlan)#vtpclient SW2(vlan)#vtppasswordcisco接着在SW3上做配置：SW3#vlandatabaseSW3(vlan)#vtpclient SW3(vlan)#vtppasswordciscoSW1#showspanning-SpanningtreeenabledprotocolSW1#showspanning-SpanningtreeenabledprotocolieeeRootID Thisbridgeistheroot32769vlan1VLANIDvlan2232770。//Address:MACDesgFWDDesgFWDSpanningtreeenabledprotocolRootDesgFWDDesgFWDSW1(config)#spanning-treevlan1priorityspanning-treevlan1SW1(config)#spanning-treevlan1priorityspanning-treevlan1rootprimarySW2(config)#spanning-treevlan2priorityspanning-treevlan2rootprimary//Thisbridgeistherootvlan1 2secMaxAge20secForwardDelay15BridgeID 32769(priority32768sys-id-ext 2secMaxAge20secForwardDelay15secAgingTime300 RoleSts Prio.NbrThisbridgeisthe//SW1vlan1vlan2 2secMaxAge20secForwardDelay15secBridgeIDPriority 32770(priority32768sys-id-ext2) 2secMaxAge20secForwardDelay15AgingTime RoleSts Prio.NbrSW1#showSW1#showspanning-SpanningtreeenabledprotocolieeeRootID Thisbridgeistheroot DesgFWDRootFWDAgingTime RoleSts Prio.Nbr52secMaxAge20secForwardDelay15sec32770(priority32768sys-id-ext2)2secMaxAge20secForwardDelay15BridgeIDoSpanningtreeenabledprotocolieeeRootID oAgingTime2secMaxAge20secForwardDelay15(priority4096sys-id-ext2secMaxAge20secForwardDelay15oBridgeIDoSW2#showspanning-SpanningtreeenabledprotocolieeeRootID 5o 2secMaxAge20secForwardDelay15BridgeID 32769(priority32768sys-id-ext oTime 2secMaxAge20secForwardDelay15secAgingTime300 RoleSts Prio.NbrSpanningtreeenabledprotocolRoleStsDesgFWDDesgFWDDesgFWDRootFWDDesgFWDDesgFWDRoot ThisbridgeistheRoot ThisbridgeistheBridgeID2secMaxAge20secForwardDelay15(priority4096sys-id-ext2secMaxAge20secForwardDelay15AgingTime RoleSts Prio.Nbr1）理解Portfast的工作原理；2）理解Uplinkfast的工作原理；（1）配置PC1我们可以用一个路由器来模拟：Router(config)#hostnamePC1PC1(config)#noiproutingPC1(config-if)#ipaddressPC1我们可以用一个路由器来模拟：Router(config)#hostnamePC1PC1(config)#noiproutingPC1(config-if)#ipaddressPC1(config-if)#ipdefault-gateway再回到SW1上添加如下配置：再回到SW1上添加如下配置：SW1(config)#interfaceFastEthernet0/9SW1(config-if)#switchportmodeaccessSW1(config-if)#switchportaccessvlan1SW1(config)#interfaceSW1(config-if)#ipaddress0SW1(config-if)#no监测和测试SW1（3560）#showspanning-treeSW1（3560）#showspanning-treevlanSpanningtreeenabledprotocolieeeRootID ThisbridgeistheBridge2secMaxAge20secForwardDelay15(priority4096sys-id-ext2secMaxAge20secForwardDelay15AgingTime RoleSts Prio.NbrDesgFWDDesgFWDSW1SW1#debugspanning-treeSW1config)#interfacefastEthernet0/9SW1(config-if)#noshutdown*Mar101:42:03.519:%LINK-3-UPDOWN:InterfaceFastEthernet0/9,changedstatetodown*Mar101:42:03.627:setportid:VLAN0001Fa0/9:newportid*Mar101:42:03.627:STP:VLAN0001Fa0/9->listening*Mar101:42:05.623:%LINK-3-UPDOWN:InterfaceFastEthernet0/9,changedstateto 101:42:06.623:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceFastEthernet0/9,changedstatetoupsw1(config-*Mar101:42:18.627:STP:VLAN0001Fa0/9->sw1(config-*Mar101:42:33.627:STP:VLAN0001Fa0/9->SW1(config)#interfacefastEthernet0/9SW1(config-if)#spanning-treeportfast%Warning:portfastshouldonlybe