Post Reply
User avatar
Name:EllisJoin In:Feb 21, 2019
CCNA notes (3)

Post by Ellis » Jan 3, 2019

Access control list (ACL)
1. Control network traffic 2. Implement packet filtering
There are two types of ACLs:
1. Standard Access Control List 1-99, 1300-1999 2. Extended Access Control List 100-199, 2000-2699
Standard access control list: Detect only the access control list of the source address extension: source address, destination address, protocol, port number
ACL two actions:
1. reject 2. allow
ACL for packet processing:
1. in direction 2. out direction
ACL is the most important: The ACL condition list will end with a condition that hides "reject all".
experiment:
1. Configure ACL to reject london to access Denver
Adopt standard:
Access-list 1 deny host 10.3.3.1
Access-list 1 permit any
Hide: access-list 1 deny any
2. Configure ACL to reject london to ping through Denver (1)
Configuring ACLs allows london to telnet to Denver(2)
Source: 10.3.3.1
Target: 172.16.3.1
Protocol: ICMP (Internet Control Message protocol)
Source port: None
Target port: None
Action: Deny
Source: 10.3.3.1
Target: 172.16.3.1
Protocol: TCP
Source port: None
Target port: 23
Action: Permit
Access-list 100 deny ICMP host 10.3.3.1 host 172.16.3.1
Access-list 100 permit TCP host 10.3.3.1 host 172.16.3.1 eq 23
Access-list 100 permit IP any any
The location of the standard access control list application: applied to the interface closest to the target
Location of the extended access control list application: Applies to an interface closest to the source
Show ip interface serial 0 View the configuration of the interface's acl
Show ip access-lists View specific list conditions and matching information
Redundant topology, causing "broadcast storm", "multiple frame reception", "MAC address table instability".
Spanning trees can avoid loop problems caused by redundancy. Solving the root of the problem: Put redundant ports in a blocking state.
Interfaces that are blocked will not receive/send user data.
BPDU : Bridge Protocol Data Unit
It contains: BridgeID = Bridge Priority + MAC address
BPDUs are exchanged between switches every two seconds. Periodic.
Ethernet link overhead:
10Gbps 2
1Gbps 4
100Mbps 19
10Mbps 100
1. Each network elects a root bridge BridgeID Lowest
2. Each non-root bridge elects a root port 1) Bandwidth Cost Lowest 2) Recevied BridgeID Lowest
3. Each network segment elects a designated port BridgeID Lowest
1) The root port does not participate in the competition of the specified port. 2) Usually all the interfaces of the root bridge are designated ports.
4. The non-designated port is set to the blocked state.
Spanning tree port
Blocking -> Listening -> Learning -> Forwarding
20s 15s 15s
Show spanning-tree brief View Spanning Tree Status (3500xl)
(2950/3550 : show spanning-tree)
Show spanning-tree interface fastEthernet 0/23 View the status of the interface in the spanning tree
To understanding
Spanning-tree vlan 1 priority ? Modify the priority of the switch
Change the cost cost of an interface.
Interface fa0/24
Spanning-tree vlan 1 cost ??
VLAN characteristics
1.A vlan == A broadcast domain == A logic subnet
2. There is no direct communication between different VLANs.
VLAN features:
1. Segmentation: Broadcast domain division
2. Flexibility: VLANs can span multiple switches
3. Security: Communication of different VLANs
VLAN implementation method:
1. Port-based implementation, static VLAN 2. Based on MAC address implementation, dynamic VLAN
TRUNK: A special encapsulation mechanism is used to transfer data from multiple VLANs.
Create a VLAN
Vlan database Enter the database configuration mode of the VLAN
Vlan 10 name cisco Create a VLAN number 10 called CISCO
Vlan 20 Create a system-named VLAN 20
Apply application related configuration
Exit Apply and exit the database configuration mode of the VLAN
Note: By default, all ports are subordinate to vlan 1 (management VLAN or system default VLAN), while VLAN1 is not available.
With the deleted.
Add the port to the specified VLAN
Interface fastethernet 0/1 Enter the Fast Ethernet 0/1 interface
Switchport access vlan 10 Add this port to VLAN 10.
note:
1900 only supports ISL trunk protocol 2950 only supports 802.1Q trunk routing 3550 supports 802.1Q and ISL trunk routing
Create an 802.1Q trunk in 2950
Interface fastethernet 0/1 Enter fa0/1 interface
Switchport mode trunk Change interface mode to trunk working mode
Create an 802.1Q trunk in the 3550
Interface fastehternet 0/1 Enter fa0/1 interface
Switchport trunk encapsulation dot1q need to choose which way
Switchport mode trunk Change interface mode to trunk working mode
Show interface trunk View the current switch's TRUNK configuration
Show interfaces fastethernet 0/1 switchport
VTP Vlan Trunk Protocol
VTP is a messaging system that ensures the VLANs of all switches on the network that are under the same administrative domain.
Configuration is consistent.
VTP message notifications can only be transmitted on TRUNK.
VTP has three modes:
1.Server mode
2.Client mode
Reply

Post Reply