MAC Address

1. MAC The address is 48bit, It is usually expressed in hexadecimal format .

2. MAC The address is divided into unicast 、 Multicast and broadcasting MAC Address class III .

3. unicast MAC The address is unique in the world , from IEEE Manage and assign these addresses .

4. Every unicast MAC The address consists of two parts , The top 24bit representative OUI（ Organization unique logo ）, The rest 24 Places are allocated by the manufacturers themselves .

Ethernet layer 2 switch

The main function

• Enable end users to access the network ;

• maintain MAC Address table ;

• Forwarding and filtering of data frames ;

• Layer 2 loop avoidance and link redundancy .

The switch forwards data frames

• Received unicast data frame （mac There are records in the address table ）, according to mac Address table specifies interface forwarding .
• Received unicast data frame （mac There is no record in the address table ）, Copy data frames , Flood the interface other than the received data frame .
• Received broadcast data frame , Flood the interface other than the received data frame .

working principle

• PC1、PC2 Connected to the same layer-2 switch .

• Ethernet is based on MAC Address communication .

• In the initial case , Switchboard MAC The address table is empty .

1. PC1 Send data frame to PC2（ hypothesis PC1 I already know PC2 Of MAC Address ）.

2. The switch is in GE0/0/1 After receiving the frame , stay MAC The purpose of querying the frame in the address table MAC Address .

3. MAC No entries in the address table match this purpose MAC Address , So the switch will flood this data frame （ Send a copy of the data frame from all interfaces , In addition to the interface that receives the frame ）.
   meanwhile , The switch learns the source of the frame MAC Address and create MAC Address table entry , Will be MAC The address is the same as the GE0/0/1 Interface for association .

4. Connected to other interfaces of the switch PC Will receive this data frame , But they will discard the data frame , Because this is not sent to them ,PC2 Receive and process this frame .
   Now? PC2 towards PC1 Reply data , Data frames are sent to the switch .

5. After the switch receives the data frame , First, in the MAC The purpose of querying the frame in the address table MAC Address , Found a matching table entry , So the data frame is changed from GE0/0/1 Interface forwarding out .

VLAN

VLAN（Virtual Local Area Network） Virtual LAN , It's a physical LAN Communication technology logically divided into multiple broadcast domains .VLAN Can communicate directly between the hosts in , and VLAN There is no direct communication between , Thus, the broadcast message is limited to one VLAN Inside .

• Different VLAN Are different broadcast domains , Usually use different IP Network segment .

• It can be carried out flexibly according to business needs VLAN The planning .

• Different VLAN There is no two-tier exchange of visits between .

VLAN Summary of knowledge points

1. One VLAN All devices in the system are in the same broadcast domain , Different VLAN For different broadcast domains .

2. VLAN They are separated from each other , Broadcasting can't span VLAN spread , So it's different VLAN Generally, the devices between cannot be directly visited （ Exchange visits on the second floor ）, Different VLAN It is necessary to realize mutual communication through three-tier equipment .

3. One VLAN It is generally a logical subnet .

4. VLAN The members in the are mostly based on the port allocation of the switch , So-called VLAN Divide , It usually refers to adding the interface of the switch to a specific VLAN in , Thus, the device connected to the interface is added to the VLAN.

5. VLAN It is a very basic working mechanism of layer-2 switch .

Switch interface type （Link-type）

Access

• Access Only one interface can be added VLAN, The VLAN Also known as Access Interface default VLAN.

• Access The interface only sends unmarked frames , And only receive unmarked frames or default VLAN Tag Marked frame of .

• Access Interfaces are often used to connect PC、 Server or other terminal , Or devices such as routers .

Access Only one interface can be added VLAN, This type of interface is usually used to connect PC、 Servers, routers and other equipment .

Trunk

• When a link needs to carry more VLAN Data time , The link can be configured as Trunk link .

• Trunk The interfaces at both ends of the link are Trunk Interface of type . Switches at both ends shall adopt the same trunk protocol .

• Trunk Links are generally found between switches or between switches and routers .

Trunk Interfaces can add multiple VLAN, You can send and receive multiple VLAN Message of . It is generally used for the interconnection interface between switches , It is also used for the connection between the switch and the Ethernet sub interface .

Hybrid

Hybrid Interfaces can also send and receive multiple VLAN Message of , And you can specify that the interface is sending a specific VLAN Whether to carry Tag.

802.1q

IEEE 802.1q as well as VLAN Tagging It belongs to the Internet IEEE 802.1 Standard specification , Allow multiple bridges (Bridge) Publicly share the same physical network without information being leaked .IEEE 802.1q- The English abbreviation is dot1q, It is often mentioned under the framework of realizing Ethernet encapsulation protocol . The following is marked VLAN Tag Data frame of

Default port ID（PVID）

• Every Access、Trunk And Hybrid All interfaces of have an interface default VLAN-ID, be called PVID（Port Default VLAN ID）, When the interface receives an unmarked frame , Mark the data frame with PVID.

• about Access Interface of type ,PVID Default is 1, because Access Only one interface can be added VLAN, therefore PVID That is, the interface belongs to VLAN.

• about Trunk And Hybrid Type port ,PVID The default is also 1, Both interfaces allow multiple VLAN The data frame passes through , When the interface receives an unmarked frame , Mark the data frame with PVID.

• Raw Ethernet data frame （ Or unmarked frames 、Untagged frame ）： It refers to the data frame encapsulated by Ethernet , For example, ordinary PC Or data frames sent and received by the server network card .

• 802.1Q Data frame （ Or mark frame 、 carry VLAN Tag Data frame of 、Tagged frame ）： Means inserted 802.1Q Ethernet data frame of the header .

1. Switch interface “ Receive frame ”：

   It refers to the interface of the data frame from the outside to the switch , And enter the process inside the switch .

2. Switch interface “ Send the frame ”：

   It refers to the process that data frames are sent from the inside of the switch to the outside of the interface .

Access Interface

Access The interface receives frames ：

• If the frame does not have tag, Then receive the frame and print the port PVID;
• • If the frame carries tag, Then when VLAN-ID And PVID Phase at the same time , Receive the message , Or throw it away .

Access Interface sends frames ：

• be stripped Tag, The sent frame is ordinary Ethernet frame （ That is, unmarked frames ）.

Trunk Interface

Trunk The interface receives frames ：

• If the data frame does not carry tag, Then connect the interface PVID, If PVID In the area where passage is allowed VLAN In the list , Then the frame is received , Or throw it away . By default Trunk Port of PVID by 1, and VLAN1 The default is already allow-pass VLAN In the list .
• If the data frame has tag, And its VLAN-ID Where the interface is allowed to pass VLAN-ID In the list , Then the frame is received , Or throw it away .

Trunk Interface sends frames ：

• if VLAN-ID Interface with PVID identical , And the VLAN-ID stay allow-pass VLAN In the list , be Get rid of Tag, Sending data frames .

• if VLAN-ID Interface with PVID Different , And the VLAN-ID stay allow-pass VLAN In the list , be Keep it as it is Tag, Send the tape tag Data frame of （ Tag frame ）.

Hybrid Interface

Hybrid The interface receives frames ：

• If the data frame does not carry tag, Connect the interface PVID, if PVID In the area where passage is allowed VLAN In the list , Then the frame is received , Or throw it away .
• If the data frame has tag, And VLAN-ID Where the interface is allowed to pass VLAN In the list , Then receive the message . Otherwise, discard the message .

Hybrid Interface sends frames ：

• if VLAN-ID Where the interface is allowed to pass VLAN In the list , Then send the frame . You can set whether to carry... When sending through the command Tag.

The following chart can also be seen intuitively

VLAN Basic configuration

• Create... On both switches VLAN10 And 20.

• Will connect PC As shown in the figure VLAN.

• To configure SW1-SW2 The link between is trunk, Make the same VLAN Users within can communicate across switches .

#  establish VLAN10 And VLAN20：
[SW1] vlan batch 10 20
#  take GE0/0/1 Configure to access type , And add VLAN10：
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1] port link-type access
[SW1-GigabitEthernet0/0/2] port default vlan 10
#  take GE0/0/2 Configure to access type , And add VLAN20：
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20

#  establish VLAN10 And VLAN20：
[SW2]vlan batch 10 20
#  take GE0/0/1 Configure to access type , And add VLAN10：
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1] port link-type access
[SW2-GigabitEthernet0/0/1] port default vlan 10
#  take GE0/0/2 Configure to access type , And add VLAN20：
[SW1]interface GigabitEthernet 0/0/2
[SW2-GigabitEthernet0/0/2] port link-type access
[SW2-GigabitEthernet0/0/2] port default vlan 20

To configure Trunk link , allow vlan10 and vlan20 Flow through

[SW1]interface GigabitEthernet 0/0/24
[SW1-GigabitEthernet0/0/24]port link-type trunk
[SW1-GigabitEthernet0/0/24]port trunk allow-pass vlan 10 20
[SW2]interface GigabitEthernet 0/0/24
[SW2-GigabitEthernet0/0/24]port link-type trunk
[SW2-GigabitEthernet0/0/24]port trunk allow-pass vlan 10 20

identical vlan Communication between , Different vlan No communication

see vlan Information

After completing the above configuration , Of the same genus VLAN10 Of PC1 And PC3 You can communicate with each other ; Of the same genus VLAN20 Of PC2 And PC4 You can also communicate with each other , We call this communication behavior “ Layer 2 communication ”. But it's different VLAN Users of cannot communicate directly .