1.交换机学习和转发
交换机工作在数据链路层。当交换机从某个端口收到一个帧时,它并不是向所有的接口转发此帧,而是根据此帧的目的MAC地址,查找交 换机中的交换表(又称为MAC地址表),然后将该帧转发到某个端口 (称为转发),或者把它丢弃(称为过滤)。
交换机运行自学习算法自动维护交换表。交换机从某端口收到一数据帧后,先进行自学习,之后进行帧的转发处理。
首先取得源MAC地址,然后查找交换表,确定其中是否有与收到帧 的源地址相匹配的MAC地址。
(1)如没有,就在交换表中增加一个表项,记录源MAC地址、所属 VLAN、进入的端口和老化时间。
(2)如有,则把原有的表项进行更新,更新进入的端口和老化时 间。 然后取得目的地址,查找交换表中,确定是否有与收到帧的目的 MAC地址相匹配的地址。
(1)如没有,则向所有其他端口(进入的端口除外)转发(称之 为广播)。
(2)如有,则按交换表中给出的端口进行转发(称之为单播)。
(3)若交换表中给出的端口就是该帧进入交换机的端口,则丢弃 这个帧,因为这时目的站和源站都在同一个端口方向上,不需要经过交 换机进行转发。
然后取得目的地址,查找交换表中,确定是否有与收到帧的目的 MAC地址相匹配的地址。
(1)如没有,则向所有其他端口(进入的端口除外)转发(称之 为广播)。
(2)如有,则按交换表中给出的端口进行转发(称之为单播)。
(3)若交换表中给出的端口就是该帧进入交换机的端口,则丢弃 这个帧,因为这时目的站和源站都在同一个端口方向上,不需要经过交 换机进行转发。
mac地址表
每一条表 项都有一个生存周期,到达生存周期仍得不到刷新的表项将被删除,这个生存周期被称作老化时间。如果在到达生存周期前某表项被刷新,则重新计算该表项的老化时间。
mac地址表项
静态mac地址
· 静态MAC地址表项不会老化,保存后设备重启不会消失,只能手动删除。
· 静态MAC地址表项中指定的VLAN必须已经创建,且已经加入绑定的端口。
· 静态MAC地址表项中指定的MAC地址必须是单播MAC地址,不能是组播和广播MAC地址。 · 静态MAC地址表项的优先级高于动态MAC地址表项。
案例
1.设置静态地址表项
按如下进行配置
按照上图做以下配置
因为PC1和PC2在同一个网段,所以可以互ping
PC>ping 192.168.100.12 Ping 192.168.100.12: 32 data bytes, Press Ctrl_C to break From 192.168.100.12: bytes=32 seq=1 ttl=128 time=47 ms From 192.168.100.12: bytes=32 seq=2 ttl=128 time=31 ms From 192.168.100.12: bytes=32 seq=3 ttl=128 time=31 ms From 192.168.100.12: bytes=32 seq=4 ttl=128 time=62 ms From 192.168.100.12: bytes=32 seq=5 ttl=128 time=31 ms --- 192.168.100.12 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/40/62 ms PC>ping 192.168.100.11 Ping 192.168.100.11: 32 data bytes, Press Ctrl_C to break From 192.168.100.11: bytes=32 seq=1 ttl=128 time=47 ms From 192.168.100.11: bytes=32 seq=2 ttl=128 time=47 ms From 192.168.100.11: bytes=32 seq=3 ttl=128 time=47 ms From 192.168.100.11: bytes=32 seq=4 ttl=128 time=47 ms From 192.168.100.11: bytes=32 seq=5 ttl=128 time=47 ms --- 192.168.100.11 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 47/47/47 ms PC1和PC2也能ping Server1 PC>ping 192.168.100.2 Ping 192.168.100.2: 32 data bytes, Press Ctrl_C to break From 192.168.100.2: bytes=32 seq=1 ttl=255 time=16 ms From 192.168.100.2: bytes=32 seq=2 ttl=255 time=46 ms From 192.168.100.2: bytes=32 seq=3 ttl=255 time=16 ms From 192.168.100.2: bytes=32 seq=4 ttl=255 time=15 ms From 192.168.100.2: bytes=32 seq=5 ttl=255 time=16 ms --- 192.168.100.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/21/46 ms PC>ping 192.168.100.2 Ping 192.168.100.2: 32 data bytes, Press Ctrl_C to break From 192.168.100.2: bytes=32 seq=1 ttl=255 time=32 ms From 192.168.100.2: bytes=32 seq=2 ttl=255 time=15 ms From 192.168.100.2: bytes=32 seq=3 ttl=255 time=16 ms From 192.168.100.2: bytes=32 seq=4 ttl=255 time=31 ms From 192.168.100.2: bytes=32 seq=5 ttl=255 time=47 ms --- 192.168.100.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/28/47 ms
对LSW1进行配置
<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]display device S5700-28C-HI's Device status: Slot Sub Type Online Power Register Status Role - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 - 5728C Present PowerOn Registered Normal Master [Huawei]sysname LSW1 #显示交换机mac地址表 [LSW1]display mac-address MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98ed-52ad 1 - - GE0/0/1 dynamic 0/- 5489-9885-10ce 1 - - GE0/0/3 dynamic 0/- 5489-9875-1fce 1 - - GE0/0/2 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 3 #显示交换机MAC地址表的静态表项 [LSW1]display mac-address static #显示交换机MAC地址表的动态表项 [LSW1]dis mac-address dynamic MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98ed-52ad 1 - - GE0/0/1 dynamic 0/- 5489-9885-10ce 1 - - GE0/0/3 dynamic 0/- 5489-9875-1fce 1 - - GE0/0/2 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 3 [LSW1]display mac-address g0/0/3 MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-9885-10ce 1 - - GE0/0/3 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 1 [LSW1]display mac-address static g0/0/3 [LSW1]display mac-address dynamic g0/0/3 MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-9885-10ce 1 - - GE0/0/3 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 1 [LSW1]display mac-address dynamic g0/0/3 MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-9885-10ce 1 - - GE0/0/3 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 1 #显示交换机VLAN1的mac地址表项 [LSW1]display mac-address vlan 1 MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98ed-52ad 1 - - GE0/0/1 dynamic 0/- 5489-9875-1fce 1 - - GE0/0/2 dynamic 0/- 5489-9885-10ce 1 - - GE0/0/3 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 3 #显示交换机的静态表项 [LSW1]display mac-address static vlan 1 #显示交换机vlan1学习到的mac地址表项 [LSW1]display mac-address dynamic vlan 1 MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98ed-52ad 1 - - GE0/0/1 dynamic 0/- 5489-9875-1fce 1 - - GE0/0/2 dynamic 0/- 5489-9885-10ce 1 - - GE0/0/3 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 3
可以看到交换机的mac地址存储的都是动态地址,没有静态地址
注:若 MAC地址表为空,请重新执行步骤4,然后重新执行上述显示交换机MAC 地址表的相关命令。因为MAC地址表项的默认老化时间为300秒,超过这 个时间的表项都被清除了
由上面执行的代码可以看出
PC1的mac地址 5489-98ed-52ad
PC2的mac地址 5489-9875-1fce
Server1的mac地址 5489-9885-10ce
静态mac地址需要手动配置
[LSW1]mac-address static 5489-9885-10ce gigabitethernet 0/0/3 vlan 1 [LSW1]mac-address static 5489-98ed-52ad gigabitethernet 0/0/1 vlan 1 [LSW1]mac-address static 5489-9875-1fce gigabitethernet 0/0/2 vlan 1 [LSW1]display mac-address MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98ed-52ad 1 - - GE0/0/1 static - 5489-9885-10ce 1 - - GE0/0/3 static - 5489-9875-1fce 1 - - GE0/0/2 static - ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 3 [LSW1]display mac-address dynamic
此时,就算删除PC1到交换机的连线,重新建立连线,pc1也能ping通pc2或server1
因为静态MAC地址表项不会老化,保存后设备重启不会消失,只能手动删除
如何删除静态表项?
#动态地址表项会老化,一定要重新ping,才能显示正确结果 [LSW1]undo mac-address static 5489-98ed-52ad gigabitethernet 0/0/1 vlan 1 [LSW1]display mac-address static MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-9885-10ce 1 - - GE0/0/3 static - 5489-9875-1fce 1 - - GE0/0/2 static - ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 2 [LSW1]display mac-address MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-9885-10ce 1 - - GE0/0/3 static - 5489-9875-1fce 1 - - GE0/0/2 static - ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 2 MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98ed-52ad 1 - - GE0/0/1 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 1
2.配置黑洞mac地址表项
以上图为例,禁止PC-1对网络的访问,将PC-1的 MAC地址配置为黑洞MAC地址。
配置黑洞mac地址
#将PC-1的mac地址添加为黑洞表项,默认时,所有端口都属于虚拟局域网vlan 1 [LSW1]mac-address blackhole 5489-98ed-52ad vlan 1 [LSW1]display mac-address MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98ed-52ad 1 - - - blackhole - 5489-9885-10ce 1 - - GE0/0/3 static - 5489-9875-1fce 1 - - GE0/0/2 static - ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 3 [LSW1]display mac-address blackhole MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98ed-52ad 1 - - - blackhole - ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 1 [LSW1]display mac-address blackhole vlan 1 MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98ed-52ad 1 - - - blackhole - ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 1 [LSW1] PC1和PC2 可以ping Server1 PC>ping 192.168.100.2 Ping 192.168.100.2: 32 data bytes, Press Ctrl_C to break From 192.168.100.11: Destination host unreachable From 192.168.100.11: Destination host unreachable From 192.168.100.11: Destination host unreachable From 192.168.100.11: Destination host unreachable From 192.168.100.11: Destination host unreachable --- 192.168.100.2 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Ping 192.168.100.2: 32 data bytes, Press Ctrl_C to break From 192.168.100.2: bytes=32 seq=1 ttl=255 time=47 ms From 192.168.100.2: bytes=32 seq=2 ttl=255 time=31 ms From 192.168.100.2: bytes=32 seq=3 ttl=255 time=31 ms From 192.168.100.2: bytes=32 seq=4 ttl=255 time=15 ms From 192.168.100.2: bytes=32 seq=5 ttl=255 time=16 ms --- 192.168.100.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/28/47 ms
删除黑洞表项
<LSW1>sys Enter system view, return user view with Ctrl+Z. [LSW1]undo mac-address blackhole 5489-98ed-52ad vlan 1 [LSW1]display mac-address MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-9885-10ce 1 - - GE0/0/3 static - 5489-9875-1fce 1 - - GE0/0/2 static - ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 2 [LSW1]display mac-address blackhole #无黑洞表项