Switch D-Link Newest Basic Draft

, D-Link , e-mail: [email protected]

. . , .

(Virtual Local Area Network, VLAN) , , , . , . , , . . VLAN

VLAN VLAN: ; IEEE 802.1Q; IEEE 802.1ad (Q-in-Q VLAN); IEEE 802.1v; MAC-; . OSI , Traffic Segmentation.

802.1q VLAN

IEEE 802.1Q Tagging ( ): 802.1Q VLAN . Untagging ( ): 802.1Q VLAN . VLAN ID (VID): VLAN.Port VLAN ID (PVID): VLAN. Tagged () : 802.1Q .Untagged () : 802.1Q ; . IEEE 802.1Q

VLAN 802.1Q Ethernet 32 (4 ), 1522 . VID (VLAN ID): 12- VLAN VLAN . VLAN IEEE 802.1Q

VLAN 2 , 5 VLAN 2 7 VLAN 2

5 7

PVID 4 -> 2 VLAN 2 5 VLAN 2 7 VLAN 2

4 5 4 7

, 2- VLAN

VLAN L2

( , , Internet) , ( ) L2: VLAN L3: L3 + ACL . Internet

1: VLANV1: 1-8, () () Internet

V2: 9-16, VLAN2 (PC /)

V3: 17-24, VLAN3 (PC /)

:V2 V3 V1 (IPX, IP , AppleTalk, NetBEUI ..) V2 V3 Internet Internet IP- . V2 V3.

enable asymmetric_vlancreate vlan v2 tag 2create vlan v3 tag 3

config vlan v2 add untagged 1-16config vlan v3 add untagged 1-8,17-24

config gvrp 1-8 pvid 1config gvrp 9-16 pvid 2config gvrp 17-24 pvid 3save: 1. PC V2 (ping) V1 Internet.2. PC V3 (ping) V1 Internet.3. PC V2 PC V3, PC V3 PC V2. 1: VLAN

VLAN IGMP Snooping VLAN. : L3 + ACL + + IGMP snooping

Private VLAN L2

1: Private VLANV1: 1-8, () () Internet

V2: 9-16, VLAN2 (PC /)

V3: 17-24, VLAN3 (PC /)

:V2 V3 V1 (IPX, IP , AppleTalk, NetBEUI ..) V2 V3 Internet Internet IP- . V2 V3.

config vlan default delete 1-26create vlan group2 tag 102config vlan group2 add untagged 9-16create vlan group3 tag 103config vlan group3 add untagged 17-24create vlan shared tag 1000 type private_vlanconfig vlan shared add untagged 1-8config private_vlan vid 1000 add community vlanid 101config private_vlan vid 1000 add community vlanid 102: 1. PC V2 (ping) V1 Internet.2. PC V3 (ping) V1 Internet.3. PC V2 PC V3, PC V3 PC V2. 1: Private VLAN

Traffic Segmentation ( ) . , , , . , 1 / , 1-14 24 - -: 1 : 10, : . ! !-: 1 : 24, : . 10 1

Traffic Segmentation Traffic Segmentation Asymmetric VLAN: ; IGMP Snooping; Traffic Segmentation ( ); .

Traffic Segmentation VLAN 802.1Q, . VLAN . Traffic Segmentation .

Traffic Segmentation. Traffic Segmentation

config traffic_segmentation 1-8 forward_list 1-24config traffic_segmentation 9-16 forward_list 1-16config traffic_segmentation 17-24 forward_list 1-8,17-24

802.1v VLAN

IEEE. 802.1v 802.1Q (VLAN ) , . , 802.1v VLAN . 802.1v

802.1v 802.1v 802.1q.

, 32- (VLAN Tag) , VLAN .

Ethernet - 1522 (1518 + 4 )DASATaggingDataCRC0151819318100PriorityVIDCFIDASADataCRC ( ) 802.1q/1p Priority (1p) - 3 , 0-7.VID (1q/1v) - 12 , 0-4095..1p.1q/1v

?VID = vid VLAN ? VID VID = PVID VLAN?VID = vid VID = PVID802.1Q VLAN 802.1v VLAN

xStack (15) VLAN . ( ) userDefined VLAN . : IP, IPX, DEC, DEC LAT, SNAP, NetBIOS, AppleTalk, XNS, SNA, IPv6, RARP VINES. 7 VLAN :

: 1-8 IPv6 VLAN . VLAN IPv6. VLAN IPv6, , IPv4, , . IPv6 . IP192.168.2.x/24 192.168.2.254 IP,192.168.4.x/24 192.168.4.254IPv6 VLAN IPv6IPv6 VLAN 2 4.254.254DGS-3324SR 1 VLAN

DGS-3324SR

1. default vlan.config vlan default delete 1:1-1:24

2. VLAN, , IP- VLAN. create vlan v101 tag 101 type protocol-ipV6config vlan v101 add untagged 1-8

create vlan v102 tag 102config vlan v102 add untagged 9-16create ipif net2 192.168.2.254/24 v102 state enabled


IPv4 2 4, IP-, IP . = IP- DGS-3324SR. IPv6 VLAN IPv6. 1 VLAN

IP192.168.2.x/24 192.168.2.254 IP,192.168.4.x/24 192.168.4.254 , IP IPX192.168.1.x/24 192.168.1.254 12.254.254.254DGS-3324SR/ IPX 2 IPX- VLAN IPX, L2. IP- VLAN , L3. 4

1. default vlan.config vlan default delete 1:1-1:242. VLAN, , IP- VLAN. create vlan v101 tag 101config vlan v101 add untagged 1-8create ipif net1 192.168.1.254/24 v101 state enabled



3. VLAN IPX , 1-8 IPX 24 create vlan v200 tag 200 type protocol-ipx802dot3config vlan v200 add untagged 1-8, 24

2

PPPoEInternetDHCP serverVlan 20Vlan 10Vlan 10, 20 vlan 10 PPPoE , vlan 20 3: PPPoE

#VLANconfig vlan default delete 1-28create vlan pppoe tag 20config vlan pppoe add untagged 1-24config vlan pppoe add tagged 26create vlan base tag 10config vlan base add tagged 26config vlan base add untagged 1-24#PVIDconfig port_vlan 1-24 pvid 10#DOT1Vcreate dot1v_protocol_group group_id 1 group_name pppoe_discconfig dot1v_protocol_group group_id 1 add protocol ethernet_2 8863create dot1v_protocol_group group_id 2 group_name pppoe_sessionconfig dot1v_protocol_group group_id 2 add protocol ethernet_2 8864config port dot1v ports 1-24 add protocol_group group_id 1 vlan pppoeconfig port dot1v ports 1-24 add protocol_group group_id 2 vlan pppoe

QoS QoS : (Best Effort Service) , , , . (Integrated Services, IntServ) RFC 1633 , . QoS (hard QoS) . (Differentiated Service, DiffServ) RFC 2474, RFC 2475 . IntServ , QoS (soft QoS).

(QoS)

QoS OSI IEEE 802.1. IEEE 802.1 8 ( 0 7, 7 ), , 3 IEEE 802.1Q.

(QoS)

IEEE 802.1p , 802.1p/1q . 0.

DES-3200-26:4# show 802.1p default_priorityCommand: show 802.1p default_priorityPort Priority------ ------------- 1 02 03 0

config 802.1p default_priority (QoS)

QoS MAN MAN :VoIP- QoS 5IPTV- QoS 4DataManagement Internet Intranet (Local) - QoS 7

- QoS 3

- QoS 0: QoS- , .

QoS OSI IPv4 8- ToS (Type of Service). IP Precedence, DSCP (Differentiated Services Code Point) : IP Precedence 3 0 7; DSCP IETF DiffServ. 6 ToS 64 ( 0 63).

(QoS)

(packet classification).- , . : 802.1;IP- DSCP ToS;- / ;IP- / ; TCP/UDP / ; VLAN ..

802.1, ToS, DSCP . (Access Control List, ACL).

(QoS)

, 4 8 . 802.1, ToS, DSCP . D-Link 802.1 :

(QoS)4 8

0Q11Q02Q03Q14Q25Q26Q37Q3

0Q21Q02Q13Q34Q45Q56Q67Q6

(packet marking). / (DSCP, 802.1p IP Precedence) . / . . (QoS)

.

. (Queuing mechanism), . (QoS)

FIFO , , . .

(QoS)

(Strict Priority Queue) . 4- , , . , , . , .: .

D-Link .

(QoS)

(Strict Priority Queue)

(QoS) Strict Priority1123445526786837

(Weighted Round Robin)

, . , . , , .. .

(QoS)

(Weighted Round Robin)

(QoS) 3 (40%) 2 (30%) 1 (20%) 0 (10%)WRR1123442556786378

(Congestion avoidance) ( ).

: (Tail-Drop); (Random Early Detection, RED); (Simple Random Early Detection, SRED); (Weighted Random Early Detection, WRED).

(QoS)

Traffic Policing ( ) Traffic Shaping ( ) .

(QoS)

Bandwidth control Ethernet D-Link Bandwidth control, Traffic Policing. 64 / 64 /. 128 / , 5 : config bandwidth_control 5 tx_rate 128 per-flow Bandwidth control. , , , . per-flow Bandwidth control .

(QoS)

QoS B D IP-. B D , .

(QoS)TTUUUUB VoIPD VoIPACDES3526_ADES3526_B

802.1, , . config vlan default add tagged 1 24, B, IP- 0 ( ) 7. 7 Q6, .config 802.1p default_priority 24 7

(QoS)

Spanning Tree Protocols

802.1d (STP) 802.1w (RSTP)802.1s (MSTP)

Spanning Tree Spanning Tree?

: IEEE 802.1d Spanning Tree Protocol, STP IEEE 802.1w Rapid Spanning Tree Protocol, RSTP IEEE 802.1s Multiple Spanning Tree Protocol, MSTP

L2 (L2), , 1 2 3 : L2, VLAN , Spanning Tree .: L2 Ethernet . , (Broadcast Storm).

: Spanning Tree (STP, RSTP, MSTP) . Spanning Tree

, Spanning Tree . Spanning Tree () () , .

BPDU BPDU , , Ethernet. , STP. :

IEEE 802.1d, STP STP (802.1d):1. (Root Bridge). ID . LAN. 2. (Root Port) . (Root Path Cost) . . 3. (Designated Port) LAN. , LAN , . LAN . 4. , .

(2) (3) (3) (1) (4) , STP

Max Age: 20 .Forward delay: 15 .Forward delay: 15 .: BPDU : Root bridge, : MAC , : : STP , STP , STP

STP:

hello: hello Bridge Protocol Data Unit (BPDU), . 2 , 1 10 . forward delay: Forward delay ( ) . 15 , 4 30 . max age: Max age ( ) , , BPDU. 20 6 40 .

BPDU . BPDU, (Message Age). . BPDU . BPDU , BPDU 1. , , BPDU. STP

Topology change notificationRoot TCN TCN BPDU

STP 802.1d STP: . STP (802.1d) 30 60 .

: IEEE 802.1w: Rapid Spanning Tree, RSTP.

Rapid Spanning Tree, RSTP IEEE 802.1w

802.1d 4 : blocking (), listening (), learning (), forwarding (). 802.1d 802.1w 3 802.1w: discarding (), learning (), forwarding (). 802.1w

802.1d 802.1w

STP (802.1d) RSTP (802.1w) ? MAC-?

RSTP

, ,

802.1d.

BPDU, . BPDU , . RSTP .

BPDU . ABBPDUBPDU

BPDU , . ABBPDUBPDU

802.1dA(1W)B(1W)C(1D)RSTP BPDUSTP BPDU, A B RSTP, A . C, STP . 802.1d RSTP BPDU , C , BPDU 802.1d.

STP BPDU A BPDU , Hello ( ), 802.1d . , C BPDU , A . 802.1d

802.1d 802.1w , . 802.1d , 1. 802.1w, 1/16 1, . , : ((MessageAge+HelloTime)>=MaxAge), MaxAge(20 ) Hello (2 ), 18 , 37 , , .

: STP RSTP:STP, 802.1d: 30 . RSTP, 802.1w: 2-3 .

:STP, 802.1d: 7 RSTP, 802.1w: 18

802.1w 802.1d. , .

RSTP. , RSTP.PC1 PC2 PC2 PC1 . , 1-2 . ( ) ?

RSTP

PC2: 10.1.1.1PC1: 10.1.1.2 DES-3526 A STP DES-3526. DES-3526.PC1 PC2 . 1 ( ping) . 1 .DES-3526 B 1 2 RSTP

DES-3526 A:

enable stp

# , A , .# = 32768. config stp priority 4096 instance_id 1

DES-3526 B:enable stp

:1. PC1 PC2 PC2 PC1 . 2. 1. 1-2 ( 1-2 ping) 1-2 .3. 1 . 1-2 ping. RSTP

RSTP: Spanning Tree ( ). VLAN, . , VLAN , . VLAN. RSTP: Multiple Spanning Tree, MSTP (IEEE 802.1s)

Multiple Spanning Tree, MSTP IEEE 802.1s.MSTP STP 802.1q VLAN. VLAN STP, , . MSTP . ( ) MSTP RSTP .

MSTP MSTP MSTP MST.

, MST : VLAN STP MSTP . STP VLAN.

MSTPVlan 2Vlan 3 MSTP

MSTP STP . STP MSTP. ( RSTP) MSTP . VLAN. STP , . 32768. , . , MAC, . , VLAN, . .

config vlan default delete 1-24

create vlan v2 tag 2config vlan v2 add untagged 1-8config vlan v2 add tagged 25-26create vlan v3 tag 3config vlan v3 add untagged 17-24config vlan v3 add tagged 25-26enable stpconfig stp version mstpconfig stp mst_config_id name abcconfig stp mst_config_id revision_level 1create stp instance_id 2config stp instance_id 2 add_vlan 2create stp instance_id 3config stp instance_id 3 add_vlan 3

## STP , A .config stp priority 4096 instance_id 0config stp priority 4096 instance_id 2config stp priority 4096 instance_id 3

## , 25 ## v2, 26 - v3.config stp mst_ports 25 instance_id 2 priority 96config stp mst_ports 26 instance_id 3 priority 96config stp ports 1-24 edge true DES-3526_Aconfig vlan default delete 1-24

create vlan v2 tag 2config vlan v2 add tagged 25-26config vlan v2 add untagged 1-8

create vlan v3 tag 3config vlan v3 add tagged 25-26config vlan v3 add untagged 17-24

enable stpconfig stp version mstpconfig stp mst_config_id name abcconfig stp mst_config_id revision_level 1

create stp instance_id 2config stp instance_id 2 add_vlan 2create stp instance_id 3config stp instance_id 3 add_vlan 3

config stp ports 1-24 edge true DES-3526_BMSTP 2: ## A Bshow stp instance_idshow stp ports

: L3, MSTP L2. . , .MSTP ()v2v3v3v2L3 DGS-3324SRL2 DES3526_AT v3v2TTL2 DES3526_BTT192.168.2.x/24 192.168.2.254192.168.3.x/24 192.168.3.254192.168.2.x/24 192.168.2.254192.168.3.x/24 192.168.3.254192.168.3.x/24Gw=192.168.3.254192.168.2.x/24Gw=192.168.2.2541-1213-201-81-89-249-2425,2625,26

config vlan default delete 1-20

create vlan v2 tag 2config vlan v2 add untagged 1-12config vlan v2 add tagged 21-24create ipif ip2 192.168.2.254/24 v2

create vlan v3 tag 3config vlan v3 add untagged 13-20config vlan v3 add tagged 21-24create ipif ip3 192.168.3.254/24 v3

### MSTPenable stpconfig stp version mstpconfig stp mst_config_id name abcconfig stp mst_config_id revision_level 1

create stp instance_id 2config stp instance_id 2 add_vlan 2


config stp ports 1-20 edge true DGS3324SR L3config vlan default delete 1-24

create vlan v2 tag 2config vlan v2 add untagged 1-8config vlan v2 add tagged 25-26

create vlan v3 tag 3config vlan v3 add untagged 9-24config vlan v3 add tagged 25-26

### MSTPenable stpconfig stp version mstpconfig stp mst_config_id name abcconfig stp mst_config_id revision_level 1



config stp ports 1-24 edge true DES3526

LoopBack Detection

: STP LoopBack Detection, , STP BPDU. LoopBack Detection , , .

LoopBack Detection () : DES-3526 .1- ( Port-Based):

:

1) enable loopdetect 2) config loopdetect recover_timer 60 (lbd_recover_timer , . . , 0) 3) config loopdetect interval 10 ( ECTP (Ethernet Configuration Testing Ptotocol)) 4) config loopdetect mode port-based ( . ) 5) config loopdetect ports 1-26 state enabled

: LoopBack Detection STP , . . . Port-Based VLAN-Based.

: DES-3526 .2- VLAN- VLAN- ( Port-Based):

:

1) enable loopdetect 2) config loopdetect recover_timer 60 (lbd_recover_timer , . . , 0) 3) config loopdetect interval 10 ( ECTP (Ethernet Configuration Testing Ptotocol)) 4) config loopdetect mode vlan-based ( . VLAN VLAN-) 5) config loopdetect ports 1-26 state enabledLoopBack Detection ()

: , .

, IEEE 802.3ad (LACP): Link Aggregation Control Protocol (LACP).

Link Aggregation Control Protocol (LACP) LACP ( ), LACP LACP. LACP , . , LACP, : (active): LACP. (passive): LACP.

, , : ; ; ; (Flow Control) .

802.1, .

4 PC . 4- , MAC-. : PC-1 . PC-2 . PC-3 . PC-4 .

Link Aggregation Control Protocol IEEE 802.3ad (LACP) . ( ) , . ( LACP- ) LACP . , (active), (passive).

, . LACP Static. LACP , LACP, .. LACP- . , , , , .. LACP

(Link Aggregation Algorithm) .

D-Link 9 :1. mac_source - ;2. mac_destination - ;3. mac_source_dest - ;4. ip_source IP- ;5. ip_destination IP- ;6. ip_source_dest IP- ;7. l4_src_port TCP/UDP- ; 8. l4_dest_port TCP/UDP- ; 9. l4_src_dest_port TCP/UDP- .

mac_source

A ( - 2, 4, 6 8): 1. create link_aggregation group_id 1 type staticconfig link_aggregation algorithm mac_destination2. config link_aggregation group_id 1 master_port 2 ports 2,4,6,8 state enabled

B ( - 1, 3, 5 7):1. create link_aggregation group_id 1config link_aggregation algorithm mac_source2. config link_aggregation group_id 1 master_port 1 ports 1,3,5,7 state enabled ()

(LACP) 1 ( LACP) .create link_aggregation group_id 1 type lacpcreate link_aggregation group_id 2 type lacpconfig link_aggregation algorithm mac_destination 1, 2, 3, 4 1 1 -. config link_aggregation group_id 1 master_port 1 ports 1-4 state enabled 5, 6, 7, 8 2 5 -. config link_aggregation group_id 2 master_port 5 port 5-8 state enabled 1-8 .config lacp_port 1-8 mode active 2 3( 1-4 )create link_aggregation group_id 1 type lacpconfig link_aggregation algorithm mac_sourceconfig link_aggregation group_id 1 master_port 1 ports 1-4 state enabled

Port Security ( )

Port Security D-Link , . , (Port Security) ETTH/ ETTB !!Port Security

Port Security Port Security:Permanent () - , , FDB Aging Time .Delete on Timeout ( ) - , FDB Aging Time . Delete on Reset ( ) - ( ).

Port Security

Port Security 1-3 2. - . - Delete on Timeout.config port_security ports 1-3 admin_state enabled max_learning_addr 2 lock_address_mode DeleteOnTimeout

:show port_security

, SNMP Trap Log- , :enable port_security trap_log

Port Security

MAC 1MAC 2MAC 3MAC 4 Port Security , Max. Learning Addresses = 0 , MAC- MAC-. MAC 5MAC 6MAC 7

MAC 8MAC 9MAC 10: MAC- Port Security ()

Port Security Port Security - . , - .

Port Security - ( max_learning_addr 0).config port_security ports 1-24 admin_state enabled max_learning_addr 0 - ( VLAN default).create fdb default 00-50-ba-00-00-01 port 2create fdb default 00-50-ba-00-00-02 port 2create fdb default 00-50-ba-00-00-03 port 2create fdb default 00-50-ba-00-00-04 port 2create fdb default 00-50-ba-00-00-05 port 8....... ( )

Port Security

:

Web- ; (Command Line Interface, CLI); Telnet; SNMP-.

DES-3528#config ipif System ipaddress 192.168.100.240/24Command: config ipif System ipaddress 192.168.100.240/24Success. IP- DES-3528 IP- :show ipif

DES-3528#config ports 1-3 speed 10_full learning enable state enable flow_control enableCommand: config ports 1-3 speed 10_full learning enable state enable flow_control enableSuccess . D-Link config ports

: : show ports

4. NVRAM. SDRAM. , , , .

NVRAM, saveDES-3528#saveCommand: saveSaving all settings to NV-RAM.Done

Show Show , , . Show.

Show

show config , NV RAM show fdb show switch show device_status show error ports show firmware information () show ipif IP-

Show

show packet ports show log Log-

1 2 3 Web-

STP loop Redundant , 30 RSTPVLAN Redundant RSTPMSTP VLAN, cable connection SwitchEach bridge periodically sends a configuration message out of every port. A message contains : ( ID of sender,ID of root,distance from sender to root).Initially, every bridge claims to be root and sends a distance field of 0.A bridge keeps sending the same message (periodically) until it hears a better message.Better means A root with a smaller IDA root with equal ID, but with shorter distanceThe root ID and distance are the same as we already have, but the sending bridge has a smaller ID.

Documents

Switch D-Link Newest Basic Draft