CCNA第二学期 中文 第四章

CCNA中英对照题库(0-10.pdfCCNA （200-120）题库中英对照整理于：2015 年 3 月 31 日版本：1.2 声明：本题库来源互联网（鸿鹄论坛）本题库为英文考试原版左右选择题中文考试为随机抽取英文题的中译版此题库非中文考试题库，而是英文题库手动翻译此题库为手工个人翻译，存在错误和不妥难免，不代表任何官方机构和组织本题库旨在更好的理解英文原本题库，也可以用于中文考试参考用。

如发现任何错误或不当之处，可以自行修改，但请更新版本以免混乱，也可致上传者。

QUESTION 001 Refer to the exhibit. What will Router1 do when it receives the data frame shown? (Choose three.) 参照下图，这个图示显示了Ｒ１接受到如图所示数据帧的时候会怎么做？ A. Router1 will strip off the source MAC address and replace it with the MAC address 0000.0c36.6965. Ｒ１会剥离源ＭＡＣ地址，以 0000：0C36.6965 代替。

B. Router1 will strip off the source IP address and replace it with the IP address 192.168.40.1. Ｒ１会剥离源 IP 地址，1/ 10以 192.168.40.1 代替。

C. Router1 will strip off the destination MAC address and replace it with the MAC address 0000.0c07.4320. Ｒ１会剥离源ＭＡＣ地址，以 0000：0C36.6965 代替。

D. Router1 will strip off the destination IP address and replace it with the IP address of 192.168.40.1. Ｒ１会剥离目的 IP 地址，以 192.168.40.1 代替。

ERouting Chapter 1 - CCNA Exploration: 路由协议和概念 (版本1口令可用于限制对 Cisco IOS 所有或部分内容的访问。

请选择可以用口令保护的模式和接口。

（选择三项。

）VTY 接口控制台接口特权执行模式2路由器从相连的以太网接口收到消息后，会更改哪项报头地址，再将消息从另一个接口发送出去第 2 层源地址和目的地址3请参见图示。

网络管理员已经为路由器连接到直连网络的接口配置了如图所示的 IP 地址。

从路由器 ping 相连网络上的主机口之间相互 ping 都会遭到失败。

此问题最可能的原因是什么必须使用no shutdown命令启用接口。

4请参见图示。

主机 A ping 主机 B。

当 R4 收到对以太网接口的 ping 时，哪两块报头信息包括在内（选择两项。

）目的 IP 地址：目的 MAC 地址：5网络管理员刚把新配置输入 Router1。

要将配置更改保存到 NVRAM，应该执行哪一条命令Router1# copy running-config startup-config6您需要配置图中所示的串行连接，必须在 Sydney 路由器上发出以下哪条配置命令才能与 Melbourne 站点建立连接（选择三Sydney(config-if)# ip addressSydney no shutdownSydney(config-if)# clock rate 560007请参见图示。

从路由器的运行配置输出可得出什么结论显示的命令决定了路由器的当前运行情况。

8请参见图示。

在主机 2 连接到 LAN 上的交换机后，主机 2 无法与主机 1 通信。

导致此问题的原因是什么主机 1 和主机 2 位于不同的网络中。

9输入以下命令的作用是什么R1(config)# line vty 0 4R1(config-line)# password check123R1(config-line)# login设置通过 Telnet 连接该路由器时使用的口令10以下哪一项正确描述了路由器启动时的顺序加载 bootstrap、加载 IOS、应用配置11加载配置文件时的默认顺序是怎样的NVRAM、TFTP、CONSOLE12请参见图示。

CCNA认证基础-习题分析讲义第一部分第一章1. Convert the binary number 10111010 into its hexadecimal equivalent. Select thecorrect answer from the list below. （3）1) 852) 903) BA4) A15) B36) 1C2. Convert the Hexadecimal number A2 into its Base 10 equivalent. Select thecorrect answer from the list below. （4）1) 1562) 1583) 1604) 1625) 1646) 1663. Which binary number is a representation of the decimal number 248? （3）1) 111010002) 111101003) 111110004) 111110104. Which of the following will test the internal loopback of a node? （3）1) ping 10.10.10.12) ping 192.168.1.13) ping 127.0.0.14) ping 223.223.223.2235) ping 255.255.255.2555. What can be verified by successfully pinging the reserved loopback address ona host? （2）1) Connectivity exists between two hosts on the LAN.2) The TCP/IP stack of the local host is configured correctly.3) A connection exists between a host and the default gateway.4) The route a packet takes from the local host to a remote host is valid.6. Which of the following commands could be used on a Windows-basedcomputer to view the current IP configuration of the system? (Choose two.) （3，4）1) configip2) ifconfig3) ipconfig4) winipcfg5) Winipconfig7.Refer to the exhibit. What must be configured on Host B to allow it to communicate withthe Host C? (Choose three.) （2，4，6）1)the MAC address of RTA router interface connected to Switch 12) a unique host IP address3)the IP address of Switch 14)the default gateway address5)the MAC address of Host C6)the subnet mask for the LAN8. What are important characteristics to consider when purchasing a networkinterface card? (Choose two.) （2，3）1) security used on the network2) media used on the network3) system bus used on the computer4) software installed on the network5) diagnostic tools installed on the network第二章1. Select the necessary information that is required to compute the estimated timeit would take to transfer data from one location to another. (Choose two.) （1，5）1) file size2) data format3) network in use4) type of medium5) bandwidth of the link2. Using the data transfer calculation T=S/BW, how long would it take a 4MB file tobe sent over a 1.5Mbps connection? （2）1) 52.2 seconds2) 21.3 seconds3) 6.4 seconds4) 2 seconds5) 0.075 seconds6) 0.0375 seconds3. What are features of the TCP/IP Transport layer? (Choose two.) （3，5）1) path determination2) handles representation, encoding and dialog control3) uses TCP and UDP protocols4) packet switching5) reliability, flow control and error correction4. Which of the following is the Layer 4 PDU? （4）1) bit2) frame3) packet4) Segment5. What is important to remember about the data link layer of the OSI model whenconsidering Peer to Peer communication? (Choose three.) （3，4，5）1) It links data to the transport layer.2) It encapsulates frames into packets.3) It provides a service to the network layer.4) It encapsulates the network layer information into a frame.5) Its header contains a physical address which is required to complete the datalink functions.6) It encodes the data link frame into a pattern of 1s and 0s (bits) for transmissionon the medium.6. Which statement describes a star topology? （2）1) Each host in the network is connected to a backbone cable that is terminated atboth ends.2) Each host is connected to a hub or switch, either of which acts as a central pointfor all network connections.3) Each host is directly connected to two other hosts to form a long chain of hosts.4) Each host has a connection to all other hosts in the network.7. Which statements describe the logical token-passing topology? (Choose two.)（2）1) Network usage is on a first come, first serve basis.2) Computers are allowed to transmit data only when they possess a token.3) Data from a host is received by all other hosts. Electronic tokens are passedsequentially to each other.4) Token passing networks have problems with high collision rates.8. Which technologies are considered to be LAN technologies? (Choose two.) （2，5）1) DSL2) Token Ring3) Frame Relay4) ISDN5) Ethernet9.Refer to the exhibit. Host A wants to send a message to host B. Place the following stepsin the correct order so that the message can be sent. （4）A - add network layer addressesB - transmit bitsC - create application dataD - add data link layer addresses1) B, A, D, C2) D, A, C, B3) A, D, A, B4) C, A, D, B5) C, D, A, B6) C, B, A, D10.After an uns u ccessful ping to the local router, the technician decides to investigate therouter. The technician observes that the lights and fan on the router are not operational.In which layer of the OSI model is the problem most likely occurring? （4）1) transport2) network3) data link4) physical11. Refer t o the exhibit. What is the order of the TCP/IP Protocol Data Units as datais moved as indicated through the OSI model? （3）1) data, segments, frames, packets, bits2) data, packets, segments, frames, bits3) data, segments, packets, frames, bits4) data, packets, frames, segments, bits第三章1. Which combinations of charges will be repelled by electric force? (Choose two.)（4，6）1) neutral and neutral2) neutral and positive3) neutral and negative4) positive and positive5) positive and negative6) negative and negative2. Which of the following are considered the best media for use in data networkcommunications? (Choose three.) （2，3，6）1) glass2) fibers3) copper4) gold5) plastic6) silicon7) Silver3. Which of the following wireless standards increased transmission capabilitiesto 11 Mbps? （2）1) 802.11a2) 802.11b3) 802.11c4) 802.11d4. What is attenuation? （3）1) opposition to the flow of current2) measurement of electrical signals relative to time3) degradation of a signal as it travels along the medium4) amount or volume of traffic that is flowing on the medium5. Which cable specifications are indicated by 10BASE-T? （3）1) 10 Mbps transmission speed, baseband signal, 500 meter cable length, coaxialcable2) 10 Mbps transmission speed, broadband signal, 100 meter cable length, coaxialcable3) 10 Mbps transmission speed, baseband signal, 100 meter cable length,twisted-pair cable4) 10 Gbps transmission speed, broadband signal, 500 meter cable length,twisted-pair cable6. For which Ethernet installations would fiber optic rather than Cat5 UTP be abetter media choice? (Choose two.) （2，4）1) a 3 meter connection between two 10BASE-T hubs2) an environment with many potential sources of EMI and RFI3) a peer to peer connection between two NICs with RJ45 connectors4) an installation between two buildings that are located 500 meters apart5) a single building installation where installation costs are the major concern7. Refer to the exhibit. Which type of UTP cable should be used to connect Host Ato Switch1? （4）1) rollover2) console3) crossover4) straight-through8. Refer to the exhibit. Which type of Category 5 cable is used to make an Ethernetconnection between Host A and Host B? （3）1) coax cable2) rollover cable3) crossover cable4) straight-through cable第四章1. During cable testing, which of the following are used to calculate theinformation carrying capacity of a data cable? (Choose two.) （2，5）1) bit speed2) attenuation3) wire map4) saturation limit5) analog bandwidth2. What type of wiring problem is depicted in this sample of a cable tester? （3）1) a fault2) a short3) an open4) a split a good map3. In a new network installation, the network administrator has decided to use amedium that is not affected by electrical noise. Which cable type will best meet this standard? （5）1) coaxial2) screened twisted pair3) shielded twisted pair4) unshielded twisted pair5) fiber optic4. How does network cable length affect attenuation? （3）1) Category 5 cable that is run in metal conduit has the highest attenuation in theshortest distance.2) Shorter cable lengths have greater signal attenuation.3) Longer cable lengths have greater signal attenuation.4) The length of the cable has no effect on signal attenuation.第五章1. The highest capacity Ethernet technologies should be implemented in whichareas of a network? (Choose three.) （3，4，5）1) between workstation and backbone switch2) between individual workstations3) between backbone switches4) between enterprise server and switch5) on aggregate access links2. What device must be used between an AUI port of a networking device and themedia to which it is being connected? （3）1) a transducer2) a transmitter3) a transceiver4) a transponder5) a port replicator3. An ISDN Basic Rate Interface (BRI) is composed of how many signalingchannels? （1）1) 12) 23) 34) 44. Which layer of the OSI model covers physical media? （1）1) Layer 12) Layer 23) Layer 34) Layer 45) Layer 56) Layer 65. What type of network cable is used between a terminal and a console port? （3）1) cross-over2) straight-through3) rollover4) patch cable6. What is the recommended maximum number of workstations configured on apeer-to-peer network? （3）1) 252) 153) 104) 55) 27. Which of the following increases the potential for a collision to occur? （4）1) the use of an active hub instead of an intelligent hub2) the use of an intelligent hub instead of an active hub3) a reduction in the number of devices attached to the hub4) an increase in the number of devices attached to the hub8. What is the maximum length of a media segment used for 100BASE-TX? （1）1) 100 meters2) 185 meters3) 400 meters4) 500 meters9. Which cable diagram displays the end to end pinout for a crossover cable usedwith Cisco devices? （3）1) Cable A2) Cable B3) Cable C4) Cable D第六章1. What does the "10" in 10Base2 indicate about this version of Ethernet? （2）1) The version uses Base10 numbering within the frames.2) The version operates at a transmission rate of 10 Mbps.3) Frames can travel 10 meters unrepeated.4) The maximum frame length is 10 octets.2. How is a MAC address represented? （4）1) four groups of eight binary digits separated by a decimal point2) four Base10 digits separated by a decimal point3) six hexadecimal digits4) twelve hexadecimal digits5) twenty-four Base10 digits3. Which of the following statements are correct about CSMA/CD? (Choose three.)（1，3，6）1) It is a media access method used in LANs.2) It is a media access method used in FDDI WANs.3) When a device needs to transmit, it checks to see if the media is available.4) A device sends data without checking media availability because all deviceshave equal access.5) Multiple devices can successfully transmit simultaneously.6) Only one device can successfully transmit at a time.4. Which devices shown in the graphic must have a MAC address? （5）1) only PC2) only router3) PC and router4) PC, hub, and router5) PC, printer, and router第七章1. Which of the following items are common to all 100BASE technologies?(Choose three.) （1，4，5）1) frame format2) media3) connectors4) timing5) multi-part encoding2. Which of the following does 1000BASE-T use to accomplish gigabit speeds onCat 5e cable? （4）1) the use of four conductors in full-duplex mode2) the use of two multiplexed pairs of wires, simultaneously3) the use of three pairs of wires for data and the fourth for stabilization andforward error correction4) the use of all four pairs of wires in full-duplex mode, simultaneously3. For which of the following is Ethernet considered the standard? (Choose three.)（1，4，5）1) inter-building connection2) mid-length voice3) video conferencing4) vertical wiring5) horizontal wiring6) diagonal wiring4. To make sure timing limitations are not violated when implementing a 10 MbpsEthernet network involving hubs or repeaters, a technician should adhere to which rule? （4）1) the 4-5-3 rule2) the 6-4-2 rule3) the 3-4-5 rule4) the 5-4-3 rule5. What is the maximum distance that 10BASE-T will transmit data before signalattenuation affects the data delivery? （1）1) 100 meters2) 185 meters3) 300 meters4) 500 meters6. When using Category 5 UTP cable, which RJ-45 pin pairs are used to exchangedata between hosts on an Ethernet network? （2）1) 1 and 2; 4 and 52) 1 and 2; 3 and 63) 3 and 6; 7 and 84) 4 and 5; 7 and 8第八章1. John has been hired as the network administrator of a local company and hasdecided to add more hubs to the company's existing network. Which of the following has been caused by John's inexperience? （1）1) collision domain extended2) an increased number of collision domains3) increased network performance4) increased bandwidth5) extended bandwidth2. "CompA" is trying to locate a new computer named "CompB" on the network.Which of the following does "CompA" broadcast to find the MAC address of "CompB"? （2）1) MAC request2) ARP request3) ping4) Telnet5) proxy ARP3. Which of the following is a term associated with replacing hubs with switchesto increase the number of collision domains? （3）1) encapsulation2) latency3) segmentation4) layered model5) broadcast domain6) Extended4. The accumulation of traffic from which of the following can cause a networkcondition called broadcast radiation? (Choose three.) （3，5，6）1) anonymous FTP servers2) telnet sessions3) video over IP applications4) NAS services5) ARP requests6) RIP updates5. Which of the following describes the use of Spanning Tree Protocol (STP)? （4）1) resolve routing loops2) eliminate Split Horizon errors3) limit collisions4) resolve switching loops6. Which term describes the delay in time that occurs when a frame leaves itssource device and reaches its destination? （4）1) collision2) backoff3) attenuation4) latency5) broadcast7. Based on the graphic above, which of the following occurs as each host systemcomes on line in the topology? （2）1) The switch sends its MAC address to each host.2) The switch adds MAC address to the bridge table as each host sends a frame.3) Each host exchanges MAC addresses with each other.4) The switch listens for data traffic to block since the switch lacks an IP address. 8. Which devices segment collision domains? (Choose two.) （2，3）1) transceiver2) router3) switch4) hub5) media9. Which protocol is used to eliminate switching loops? （3）1) Transmission Control Protocol2) Routing Information Protocol3) Spanning Tree Protocol4) Interior Gateway Routing Protocol5) Internetworking Protocol10. Refer to the exhibit. A network associate needs to establish an Ethernetconnection between Host A and Host B. However, the distance between the two hosts is further than the cabling standards allow. Which two devices that operate at the physical layer of the OSI can be used to allow Host A and Host B to communicate? （2，5）1) switch2) hub3) bridge4) router5) repeater第九章1. Which term describes an ARP response by a router on behalf of a requestinghost? （3）1) ARP2) RARP3) Proxy ARP4) Proxy RARP2. Which protocol functions at the internet layer of the TCP/IP protocol suite? （4）1) File Transfer Protocol (FTP)2) Trivial File Transfer Protocol (TFTP)3) Transmission Control Protocol (TCP)4) Internet Protocol (IP)5) User Datagram Protocol (UDP)6) Simple Mail Transport Protocol (SMTP)3. Which of these workstation installation and setup tasks are concerned withnetwork access layer functions? (Choose two.) （2，4）1) configuring the e-mail client2) installing NIC drivers3) configuring IP network settings4) connecting the network cable5) using FTP to download application software updates4. Which part of an IP address identifies a specific device on a network? （4）1) first two octets2) third and fourth octets3) network portion4) host portion5) only the fourth octet5. Which of the following are features of the Internet Protocol (IP)? (Choose two.)（1，3）1) It is the most widely implemented global addressing scheme.2) It allows two hosts to share a single address on a local area network.3) It is a hierarchical addressing scheme allowing addresses to be grouped.4) It is only locally significant, used primarily on local area networks.6. Which of the following are useable Class A IP addresses with a default subnetmask? (Choose three.) （2，3，5）1) 127.0.39.12) 111.9.28.303) 123.1.2.1324) 128.50.38.25) 105.1.34.16) 0.23.92.37. Which application layer protocols use UDP at the transport layer? (Choose two.)（2，4）1) FTP2) SNMP3) Telnet4) DHCP5) SMTP第十章1. Which OSI layer encapsulates data into packets? （3）1) session2) transport3) network4) data link2. Which OSI layer defines the functions of a router? （3）1) physical2) data link3) network4) transport5) session3. Which of the following are Cisco proprietary routing protocols? (Choose two.)（2，6）1) RIPv22) IGRP3) OSPF4) BGP5) RIPv16) EIGRP4. A company with a Class B license needs to have a minimum of 1,000 subnetswith each subnet capable of accommodating 50 hosts. Which mask below is the appropriate one? （4）1) 255.255.0.02) 255.255.240.03) 255.255.255.04) 255.255.255.1925) 255.255.255.2245. A small company has a class C network license and needs to create five usablesubnets, each subnet capable of accommodating at least 20 hosts. Which of the following is the appropriate subnet mask? （3）1) 255.255.255.02) 255.255.255.1923) 255.255.255.2244) 255.255.255.2406. When a network administrator applies the subnet mask 255.255.255.248 to aClass A address, for any given subnet, how many IP addresses are available to be assigned to devices? （6）1) 10222) 5103) 2544) 1265) 306) 67. Host A is assigned the IP address 10.18.97.55 /21. How many more networkdevices can be assigned to this subnetwork if Host A is the only one that has an IP address assigned so far? （4）1) 2542) 5093) 10214) 20455) 40946) 81908.Refe r to the exhibit. The network administrator wants to create a subnet for thepoint-to-point connection between the two routers. Which subnetwork mask would provide enough addresses for the point-to-point link with the least number of wasted addresses?1) 255.255.255.1922) 255.255.255.2243) 255.255.255.2404) 255.255.255.2485) 255.255.255.2529. What is the correct number of usable subnetworks and hosts for the IP networkaddress 192.168.35.0 subnetted with a /28 mask?1) 6 networks / 64 hosts2) 14 networks / 32 hosts3) 14 networks / 14 hosts4) 30 networks / 64 hosts10. Which subnet masks would be valid for a subnetted Class B address? (Choosetwo.) （5，6）1) 255.0.0.02) 255.254.0.03) 255.224.0.04) 255.255.0.05) 255.255.252.06) 255.255.255.19211. Refer to the exhibit. How will the Fohi router dynamically learn routes to the192.168.16.16/28, 192.168.16.32/28, and 192.168.16.48/28 subnetworks? （3）1) with a static route2) with a routed protocol3) with a routing protocol4) with a directly connected route12. How many broadcast domains are shown in the diagram? （1）1) three2) four3) five4) six5) seven6) eight13. How many collision domains are shown in the diagram? （5）1) three2) four3) five4) six5) seven6) eight14. A router interface has been assigned an IP address of 172.16.192.166 with amask of 255.255.255.248. To which subnet does the IP address belong?1) 172.16.0.02) 172.16.192.03) 172.16.192.1284) 172.16.192.1605) 172.16.192.1686) 172.16.192.17615. Refer to the exhibit. Host A is sending data to Host B. Once R2 determines thatdata from Host A must be forwarded to R1 to reach Host B, which layer of the OSI model will R2 use to address and build the frames destined for R1?1) physical2) data link3) network4) transport5) session6) presentation16. Which type of address is 192.168.170.112/28?1) host address2) subnetwork address3) broadcast address4) multicast address17. Which type of address is 223.168.17.167/29?1) host address2) multicast address3) broadcast address4) subnetwork address18. Which combination of network id and subnet mask correctly identifies all IPaddresses from 172.16.128.0 through 172.16.159.255?1) 172.16.128.0 255.255.255.2242) 172.16.128.0 255.255.0.03) 172.16.128.0 255.255.192.04) 172.16.128.0 255.255.224.05) 172.16.128.0 255.255.255.19219. Refer to the exhibit. The internetwork in the exhibit has been assigned the IPaddress 172.20.0.0. What would be the appropriate subnet mask to maximize the number of networks available for future growth?1) 255.255.224.02) 255.255.240.03) 255.255.248.04) 255.255.252.05) 255.255.254.06) 255.255.255.0第十一章1. If a network administrator needed to download files from a remote server, whichprotocols could the administrator use to remotely access those files? (Choose two.) （3，5）1) NFS2) ASCII3) TFTP4) IMAP5) FTP6) UDP2. What is established during a connection-oriented file transfer betweencomputers? (Choose two.) （2，5）1) a temporary connection to establish authentication of hosts2) a connection used for ASCII or binary mode data transfer3) a connection used to provide the tunnel through which file headers aretransported4) a command connection which allows the transfer of multiple commands directlyto the remote server system5) a control connection between the client and server3. Which of the following protocols are used for e-mail transfer between clientsand servers? (Choose three.) （3，4，5）1) TFTP2) SNMP3) POP34) SMTP5) IMAP46) postoffice4. Which type of institution does the domain suffix .org represent? （4）1) government2) education3) network4) non-profit5. Which of the following services is used to translate a web address into an IPaddress? （1）1) DNS2) WINS3) DHCP4) Telnet6. Which part of the URL http://www.awsb.ca/teacher gives the name of thedomain? （4）1) www2) http://3) /teacher4) awsb.ca7. Which protocols are TCP/IP application layer protocols? (Choose two.) （2，4）1) UDP2) FTP3) IP4) SMTP5) TCP8. What are three characteristics of the TCP protocol? (Choose three.) （3，4，6）1) has less overhead than UDP2) is used for IP error messages3) forces the retransmission undelivered packets4) creates a virtual session between end-user applications5) carries the IP address of destination host in the TCP header6) is responsible for breaking messages into segments and reassembling9. Two peer hosts are exchanging data using TFTP. During the current session, adatagram fails to arrive at the destination. Which statement is true regarding the retransmission of the datagram? （2）1) Datagram retransmission requires user authentication.2) Datagram retransmission is controlled by the application.3) Datagram retransmission relies on the acknowledgements at transport layer.4) Datagram retransmission occurs when the retransmission timer expires in thesource host.案例学习1. 子网计算练习：Answer2. 子网号及广播地址计算练习Answer3. 子网规划练习：已知：给定一个C类地址201.16.5.0/24。

CCNA中文筆記(1)2005-05-01軍團論壇點選: 255[1]Chapter1 InternetworkingInternetworking Basics把1個大的網路分成幾個小點的網路稱之為網路分段(network segment),這些工作由routers,switches和bridges來完成引起LAN擁塞的可能的原因是:1.太多的主機存在於1個廣播域(broadcast domain)2.廣播風暴3.多播4.帶寬過低在網路中使用routers的優點:1.它們預設是不會轉發廣播的2.它們可以基於layer-3(Network layer)的資訊來對網路進行過濾switches的主要目的:提升LAN的性能,提供給用戶更多的帶寬衝突域(collision domain):Ethernet術語之1,處於衝突域裡的某個設備在某個網段發送資料包,強迫該網段的其他所有設備注意到這個包.而在某1個相同時間裡,不同設備嘗試同時發送包,那么將在這個網段導致衝突的發生,降低網路性能bridges在某種意義上等同與switches,不同的地方是bridges只包括2到4個埠(port),而switches可以包括多達上百埠.但是相同的地方是它們都可以分割大的衝突域為數個小衝突域,因為1個埠即為1個衝突域,但是它們仍然處在1個大的廣播域中.分割廣播域的任務,可以由routers來完成Internetworking Models早期各個網路廠商擁有私有網路,不便於同其他廠商的網路進行通訊.於是,在20世紀70年代末期,ISO組織創建了OSI(Open System Interconnection)參考模型.OSI參考模型,用於幫助不同廠家創建可與對方進行協同工作的網路設備和軟體等等,最大的特點是分層.但是它仍然只是個參考模型而非物理模型Advantages of Refernce ModelsOSI參考模型分層化的優點:1.允許多廠家共同發展網路標準化元件2.允許不同類型的網路硬體和軟體相互通信3.防止其中某層的變化影響到其他層,避免牽製到整個模型The OSI Reference ModelOSI參考模型分為7層2組;最高3層定義了端用戶如何進行互相通信;底部4層定義了資料是如何端到端的傳輸.最高3層,也稱之為上層(upper layer),它們不關心網路的具體情況,這些工作是又下4層來完成整個參考模型由高到低分為:1.Application2.Presentation3.Session4.Transportwork6.Data link7.Physical在整個OSI參考模型上執行的網路設備有:1.網路管理工作站(NMS)2.網頁和應用程式伺服器3.閘道(gateways)4.網路上的主機(hosts)OSI參考模型每層的任務:1.Application層:提供用戶介面2.Presentation層:表述數據;對資料的操作諸如加密,壓縮等等3.Session層:建立會話,分隔不同應用程式的資料4.Transport層:提供可靠和不可靠的資料投遞;在錯誤資料重新傳輸前對其進行更正work層:提供邏輯位址,用於routers的路徑選擇6.Data Link層:把位元組性質的包組成幀;根據MAC位址提供對傳輸介質的訪問;實行錯誤檢測,但是不實行錯誤更正7.Physical層:在設備之間傳輸比特(bit);定義電壓,線速,針腳等物理規範OSI參考模型每層的功能:1.Application層:提供檔,列印,資料庫,和其他應用程式等服務2.Presentation層:資料加密,壓縮和翻譯等等3.Session層:會話控制4.Transport層:提供端到端的連接work層:路由(routing)6.Data Link層:組成幀7.Physical層:定義物理拓撲架構The Session LayerThe Session layer負責建立,管理,終止會話.也設備設備和節點(nodes)之間的會話控制.3種模式:simplex half duplex和full duplex一些Session layer協定和介面的例子:work File System(NFS)2.Structured Query Language(SQL)3.Remote Procedure Call(RPC)4.X Window5.AppleTalk Session Protocol6.Digital Network Architecture Session Control Protocol(DNA SCP)The Transport LayerThe Transport layer把資料分段重新組合成資料流程(data stream)Flow Control流控制(flow control)保證了資料的完整性,防止接受方的緩沖區溢出, 緩沖區溢出將導致資料的不完整.如果資料發送方傳輸資料過快,接受方將資料報(datagrams)暫時存儲在緩沖區(buffer)裡可靠的資料傳輸採用了面向連接(connection-oriented)通信模式,保證:1.接受方接受到被傳輸的段(segment)以後將發回確認(acknowledge)給發送方2.任何沒有經過確認的段將被重新傳輸3.段在達到接受方之前應按照適當的順序4.可以進行管理的流控制技術用於避免擁塞,超載(overloading)和資料的丟失Connection-Oriented Communication面向連接式通信:發送方先建立會話(call setup)或者叫做3度握手(three-way handshake);然後資料開始傳輸;資料栓書完畢以後,終止虛電路連接(virtual circuit)3度握手(面向連接回話)過程:1.第一個請求連接許可的段用於要求同步,由發送方發送給接受方2.發送方和接受方協商連接3.接受方與發送方同步4.發送方進行確認5.連接建立,開始傳輸資料如果發送方發送資料報過快,而接受方緩沖區已經滿了,它會回饋1條not ready的資訊給發送方,等待緩沖區裡的資訊處理完畢後會回饋條go的資訊給發送方;於是發送方繼續發送資料.這就是流控制的用途如果任何資料段在傳輸的過程中丟失了,被複製了,或者損壞了,這將導致傳輸失敗.這個問題的解決方法就得靠接受方回饋確認資訊給發送方Windowing視窗(window)是指允許發送方不用等待接受方回饋確認的資料段,大小以位元組(bytes)衡量,比如:如果1個TCP會話是以2位元組的視窗建立的,傳輸時假如視窗從2位元組增加為3位元組,那么發送方將不用等待之前2位元組的量的確認資訊,直接以3位元組的量傳輸The Network Layerthe Network layer用於管理設備位址,跟蹤網路上的設備位置,決定傳輸資料最好的路線.該層上有2種包(packets):1.數據(data)2.路由更新資訊(route updates)routers必須對每種路由協議保持1張單獨的路由表,因為不同的路由協定根據不同的位址機製跟蹤網路資訊路由表包含的一些資訊:1.interface:退場門2.度(metric)routers的一些要點資訊:1.預設不轉發廣播和多播(multicast)包2.根據邏輯位址決定下1跳(hop)3.可以提供層2的橋接功能,可以同時路由同1個介面4.提供VLANs的連接5.可以提供Quality of Service(QoS)The Data Link Layerthe Data Link layer負責資料的物理傳輸,錯誤檢測,網路拓撲和流控制.這個意味著在資料LAN上將根據硬體位址來進行投遞,還要把Network layer的包翻譯成比特用於在Physical layer上傳輸IEEE乙太網(Ehernet)的Data Link layer有2個子層:1.Media Access Control(MAC)802.3:這層定義了物理位址和拓撲架構,錯誤檢測,流控制等.共用帶寬,先到先服務原則(first come/first served)2.Logical Link Control(LLC)802.2:負責識別Network layer協定然後封裝(encapsulate)資料.LLC頭部資訊告訴Data Link layer如何處理接受到的幀,LLC也提供流控制和控制比特的編號Switches and Bridges at the Data Link Layer第二層的設備switches被認為是基於硬體的bridges,因為採用的是1種叫做application-specific integrated circuit(ASIC)的特殊硬體.ASICs可以在很低的延時(latency)裡達到gigabit的速度;而bridges是基於軟體性質的延時:1個幀從進去的埠到達出去的埠所耗費的時間透明橋接(transparent bridging):如果目標設備和幀是在同1個網段,那么層2設備將堵塞埠防止該幀被傳送到其他網段;如果是和目標設備處於不同網段,則該幀將只會被傳送到那個目標設備所在的網段每個和switches相連的網段必須是相同類型的設備,比如你不能把權杖環(Token Ring)上的主機和乙太網上的主機用switches混合相連,這種模式叫做media translation,不過你可以用routers來連接這樣不同類型的網路在LAN內使用switches比使用hubs的好處:1.插入switches的設備可以同時傳輸資料,而hubs不可以2.在switches中,每個埠處於1個單獨的衝突域裡,而hubs的所有埠處於1個大的衝突域裡,可想而知,前者在LAN內可以有效的增加帶寬.但是這2種設備的所有埠仍然處於1個大的廣播域裡The Physical Layerthe Physical layer負責發送和接受比特.比特由1或者0組成.這層也用於識別資料終端裝備(data terminal equipment,DTE)和資料通信裝備(data communication equipment,DCE)的介面DCE一般位於服務商(sevice provider)而DTE一般是附屬設備.可用的DTE服務通常是經由modem或者channel service unit/data sevice unit(CSU/DSU)來訪問hubs:其實是多埠的repeaters,重新放大信號用,解決線路過長,信號衰減等問題.1個物理星形(star)拓撲架構,實際在邏輯上是邏輯匯流排(bus)拓撲架構Ethernet Networking乙太網採用1種爭奪(contention) 介質訪問方法,這個機製使得在1個網路上所有主機共用帶寬.採用了Physical layer和Data Link layer的規範.它採用1種帶衝突檢測的載波監聽多路訪問的(Carrier Sense Multiple Access with CollisionDetection,CSMA/CD)機製CSMA/CD:幫助共用帶寬的設備避免同時發送資料,產生衝突的協定.補償演算法(Backoff algorithms)用於決定產生衝突的2台設備何時重新傳輸資料CSMA/CD網路帶來的問題:1.延遲(delay)2.低吞吐量(throughput)3.擁塞Half- and Full-Duplex Ethernethalf-duplex(半雙工)乙太網:它只採用1對線纜.如果hubs與switches相連,那么必須以半雙工的模式操作,因為端工作站必須能夠檢測衝突.半雙工乙太網帶寬的利用率只為上限的30%-40%full-duplex(全雙工)乙太網:採用2對線纜,點對點(point-to-point)的連接,沒有衝突,雙倍帶寬利用率全雙工乙太網可以使用在以下的3種情勢裡:1.switch和host相連2.switch和switch相連3.用交叉線纜(crossover cable)相連的host和host自動檢測機製(auto-detection mechanism):當全雙工乙太網埠電源啟動時,它先與遠端相連,並且與之進行協商.看是以10Mbps的速度還是以100Mbps的速度執行;再檢查是否可以採用全雙工模式,如果不行,則切換到半雙工模式Ethernet at the Data Link Layer4種類型的乙太網幀:1.Ethernet II2.IEEE 802.23.IEEE 802.34.SNAPEthernet AddressingMAC位址是燒錄在Network Interface Card(網卡,NIC)裡的.MAC位址,也叫硬體位址,是由48比特長(6位元組),16進製的數位組成.0-24位是由廠家自己分發.25-47位元,叫做組織唯一標誌符(organizationally unique identifier,OUI).OUI是由IEEE分發給每個組織.組織按高到低的順序分發1個唯一的全局位址給每個網卡以保證不會有重複的編號.第47位為Individual/Group(I/G)位,當I/G位為0的時候,我們可以設想這個位址是MAC位址的實際位址可以出現下MAC頭部資訊;當I/G位為1的時候,我們可以設想它為廣播或多播.第46位叫做G/L位,也叫U/L位.當這個位為0的時候代表它是由IEEE分發的全局位址;當這個位為1的時候,代表本地管理位址(例如在DECnet當中)Ethernet Frames第二層用於把第一層的比特連接成位元組,再組成幀(frames)3種介質訪問方法的類型:1.爭奪(contention),用於在乙太網中2.權杖傳遞(token passing),用於在FDDI和Token Ring裡3.投票(polling),用於在IBM Mainframes和100VG-AnyLAN中回圈冗餘校驗(cyclic redundancy check,CRC):用於錯誤檢測,而非錯誤更正隧道(tunneling):把不同類型的幀封裝在1個幀裡Ethernet II幀:1.前導(preamble)欄位:交替的1和0組成.5Mhz的時鐘頻率,8位元組,包含7位元組的起始幀分界符(start frame delimiter,SFD),SFD是,最後1個位元組同步(sync)2.目標位址(destination address,DA):6位元組3.源位址(source address,SA):6位元組4.類型(type)欄位:用於辨別上層協定,2位元組5.數據(data):64到1500位元組6.幀校驗序列(frame check sequence,FCS):4位元組,存儲CRC值802.3 Ethernet幀:1.前導(preamble)欄位:交替的1和0組成.5Mhz的時鐘頻率,8位元組,包含7位元組的起始幀分界符(start frame delimiter,SFD),SFD是,最後1個位元組同步(sync)2.目標位址(destination address,DA):6位元組3.源位址(source address,SA):6位元組4.長度(length)欄位:不能辨別上層協定,2位元組5.數據(data):64到1500位元組6.幀校驗序列(frame check sequence,FCS):4位元組,存儲CRC值802.2 and SNAP因為802.3 Ethernet幀沒有鑑別上層協議的能力(使用的是length欄位),所以,它需要IEEE定義的802.2 LLC標準來幫它實現這個功能802.2幀(SAP):1.目標服務訪問點(dest SAP)欄位: 1個位元組2.源服務訪問點(source SAP)欄位: 1個位元組3.控制欄位:1或2個位元組4.數據:大小可變1個802.2幀是由802.3Ethernet幀加上LLC資訊組成,這樣它就可以辨別上層協議802.2幀(SNAP):它有自己的協定來辨別上層協定1.目標服務訪問點(dest SAP)欄位: 1個位元組,總為AA2.源服務訪問點(source SAP)欄位: 1個位元組,總為AA3.控制欄位:1或2個位元組,值總為34.OUI ID:3位元組5.類型(type)欄位:2位元組,辨別上層協定6.數據:大小可變Ethernet at the Physical Layer一些原始的和擴展的IEEE 802.3的標準:1.10Base2:Base是指基帶傳輸技術,2指最大距離接近200米,實際為185米,10指10Mbps的速度,採用的是物理和邏輯匯流排拓撲架構,AUI連接器2.10Base5:5指最大距離500米,10指10Mbps的速度,採用的是物理和邏輯匯流排拓撲架構,AUI連接器3.10BaseT:10指10Mbps的速度,採用的是物理星形和邏輯匯流排拓撲架構, 3類UTP雙絞線,RJ-45連接器,每個設備必須與hub或者switch相連,所以1個網段只能有1台主機4.100BaseT:100指100Mbps的速度,採用的是物理星形和邏輯匯流排拓撲架構, 5,6或者7類UTP2對雙絞線,RJ-45連接器, 1個網段1台主機5.100BaseFX:100指100Mbps的速度,光纖技術,點對點拓撲架構,最大距離412米, ST或者SC連接器6.1000BaseT:1000指1000Mbps的速度,光纖技術,點對點拓撲架構,最大距離412米, 5類UTP4對雙絞線,最大距離100米Ethernet Cabling乙太網線纜接法:1.直通線(straight-through)2.交叉線(crossover)3.反轉線(rolled)Straight-Through Cable直通線用於連接:1.主機和switch/hub2.router和switch/hub直通線只使用1,2,3,6針腳,2端的連法是一一對應Crossover Cable交叉線用於連接:1switch和switch2.主機和主機3.hub和hub4.hub和switch5.主機與router直連交叉線只使用1,2,3,6針腳,2端的連法是1連3,2連6,3連1,6連2Rolled Cable反轉線不是用來連接乙太網連接的,它是用來連接主機與router的com口(console serial port)的,它採用1到8跟針腳,2端全部相反對應當主機與router的console口用反轉線連好後,啟動Window系統裡的HyperTerminal 程式即可對router進行連接,其配置如下:1.Bps:96002.Data bits:83.Parity:None4.Stop bits:15.Flow control:noneData Encapsulation封裝(encapsulation):把OSI參考模型每層自己的協定資訊加進資料資訊的過程,反之叫做解封裝協定資料單元(protocol data units,PDU):資料包括封裝進去的資訊在OSI參考模型每層的叫法:1.Transport layer:segmentwork layeracket或者datagram3.Data Link layer:frame4.Physical layer:bitsChapter2 Internet ProtocolsTCP/IP and the DoD ModelDoD模型被認為是OSI參考模型的濃縮品,分為4層,從上到下是:1.Process/Application layer2.Host-to-Host layer3.Internet layerwork Access layer其中,如果在功能上和OSI參考模型互相對應的話,那么:1.DoD模型的Process/Application層對應OSI參考模型的最高3層2.DoD模型的Host-to-Host層對應OSI參考模型的Transport層3.DoD模型的Internet層對應OSI參考模型的Network層4.DoD模型的Network Access層對應OSI參考模型的最底2層The Process/Application Layer ProtocolsProcess/Application層包含的協定和應用程式有:Telnet,FTP,X Windows,TFTP,SMTP,SNMP,NFS和LPD等等Dynamic Host Configuration Protocol(DHCP)/BootP(Bootstrap Protocol)動態主機配置協定(DHCP)伺服器可以提供的資訊有:1.IP位址2.子網路遮罩(subnet mask)3.功能變數名稱(domain name)4.預設閘道(default gateway)5.DNS6.WINS訊息The Host-to-Host Layer ProtocolsHost-to-Host層描述了2種協議:1.傳輸控制協議(Transmission Control Protocol,TCP)2.用戶資料報協定(User Datagram Protocol,UDP)Transmission Control Protocol(TCP)當1個主機開始發送資料段(segment)的時候,發送方的TCP協議要與接受方的TCP 協議進行協商並連接,連接後即所謂的虛電路(virtual circuit),這樣的通信模式就叫做面向連接(connection-oriented).面向連接的最大優點是可靠,但是它卻增加了額外的網路負擔(overhead)User Datagram Protocol(UDP)UDP協議的最他特點是無連接(connectionless),即不可靠,因為它不與對方進行協商並連接,它也不會給資料段標號,也不關心資料段是否到達接受方Key Concepts of Host-to-Host Protocols現下把TCP協定和UDP協定的一些特性做個比較:1.TCP.協議在傳送資料段的時候要給段標號;UDP協議不2.TCP協議可靠;UDP協議不可靠3.TCP協定是面向連接;UDP協定採用無連接4.TCP協定負載較高;UDP協定低負載5.TCP協議的發送方要確認接受方是否收到資料段;UDP反之6.TCP協定採用視窗技術和流控制;UDP協議反之Port NumbersTCP和UDP協議必須使用埠號(port number)來與上層進行通信,因為不同的埠號代表了不同的服務或應用程式.1到1023號埠叫做知名埠號(well-known port numbers).源埠一般是1024號以上隨機分發The Internet Layer Protocols在DoD模型中,Internet層負責:路由,以及給上層提供單獨的網路介面Internet Protocol(IP)IP協定查找每個資料包(packets)的位址,然後,根據路由表決定該資料包下1段路徑該如何走,尋找最佳路徑Internet Control Message Protocol(ICMP)ICMP協定一樣是工作在DoD模型的Internet層,IP協定使用ICMP協定來提供某些不同的服務,ICMP協定是一種管理協定一些ICMP協定相關資訊和事件:1.目標不可達(destination unreachable):假如1個routers不能把IP協定資料報發送到更遠的地方去,於是router將發送ICMP協定資訊給資料報的發送方,告訴它說目標網路不可達2.緩沖區已滿(buffer full):假如router的緩沖區已經存滿發送方發來的IP協定資料報了,它將發送ICMP協定資訊給發送方並告訴它緩沖區已滿,如果再繼續接受的話將導致緩沖區溢出,造成資料丟失3.跳(hops):IP協定資料報經過1個router,稱為經過1跳4.Ping(Packet Internet Groper):採用ICMP協定資訊來檢查網路的物理連接和邏輯連接是否完好5.Traceroute:根據ICMP協定資訊來跟蹤資料在網路上的路徑,經過哪些跳Address Resolution Protocol(ARP)位址解析協定(ARP)用於根據1個已知的IP位址查找硬體位址.它把IP位址翻譯成硬體位址Reverse Address Resolution Protocol(RARP)RARP協定用於把MAC位址翻譯成IP位址IP AddressingIP位址是軟體位址,MAC位址是硬體位址,MAC位址是燒錄在NIC裡的,MAC位址用於在本地網路查找主機位址.IP位址是唯一的,也叫做網路位址(network address);硬體位址也叫節點位址(node address)Network Address網路位址分為5類:1.A類位址:4個8位位組(octets).第一個octet代表網路號,剩下的3個代表主機位元.範圍是0xxxxxxx,即0到1272.B類位址: 前2個octets代表網路號,剩下的2個代表主機位元. 範圍是10xxxxxx,即128到1913.C類位址: 前3個octets代表網路號,剩下的1個代表主機位元. 範圍是110xxxxx,即192到2234.D類位址:多播位址,範圍是224到2395.E類位址:保留,實驗用,範圍是240到255Network Address:Special Purpose一些特殊的IP位址:1.IP位址127.0.0.1:本地回環(loopback)測試位址2.廣播位址:255.255.255.2553.IP位址0.0.0.0:代表任何網路4.網路號全為0:代表本網路或本網段5.網路號全為1:代表所有的網路6.節點號全為0:代表某個網段的任何主機位址7.節點號全為1:代表該網段的所有主機廣播位址TCP/IP協定規定,主機號部分各位全為1的IP位址用於廣播.所謂廣播位址指同時向網上所有的主機發送報文,也就是說,不管物理網路特性如何,Internet 網支援廣播傳輸.如136.78.255.255就是B類位址中的一個廣播位址,你將資訊送到此位址,就是將資訊送給網路號為136.78的所有主機.有時需要在本網內廣播,但又不知道本網的網路號時,TCP/IP協定規定32比特全為1的IP位址用於本網廣播,即255.255.255.255Private IP Address私有IP位址(private IP address):節約了IP位址是空間,增加了安全性.處於私有IP 位址的網路稱為內網,與外部進行通信就必須靠網路位址翻(network address translation,NAT)一些私有位址的範圍:1.A類位址中:10.0.0.0到10.255.255.255.2552.B類位址中:172.16.0.0到172.31.255.2553.C類位址中:192.168.0.0到192.168.255.255Broadcast Address廣播位址:1.層2廣播:FF.FF.FF.FF.FF.FF,發送給LAN內所有節點2.層3廣播:發送給網路上所有節點3.單播(unicast):發送給單獨某個目標主機4.多播:由1台主機發出,發送給不同網路的許多節點Introduction to Network Address Translation(NAT)NAT一般都操作在Cisco router上,用於連接2個網路,同時把私有位址翻譯公有位址一些NAT的種類以及特點:1.靜態NAT(static NAT):本地位址和全局位址一一對應.這樣的模式需要你擁有真正的Internet上的IP位址2.動態NAT(dynamic NAT):把未註冊的IP位址對應到已註冊IP位址池中的某個IP 位址上.你不必需要靜態配置你的router使內外位址對應3.超載(overloading):採用的最廣泛的NAT配置類型.類似動態NAT,但是它是把1組未註冊的IP位址根據不同的埠(ports)對應到1個已註冊的IP位址上.因此,它又叫做埠位址翻譯(port address translation,PAT)Chapter3 IP Subnetting and Variable Length Subnet Masks(VLSM)Subnetting Basics子網劃分(subnetting)的優點:1.減少網路流量2.提升網路性能3.簡化管理4.易於擴大地理範圍How to Creat Subnets如何劃分子網?首先要熟記2的冪:2的0次方到9次方的值分別為:1,2,4,8,16,32,64,128,256和512.還有要明白的是:子網劃分是借助於取走主機位元,把這個取走的部分作為子網位元.因此這個意味劃分越多的子網,主機將越少Subnet Masks子網路遮罩用於辨別IP位址中哪部分為網路位址,哪部分為主機位址,有1和0組成,長32位,全為1的位元代表網路號.不是所有的網路都需要子網,因此就引入1個概念:預設子網路遮罩(default subnet mask).A類IP位址的預設子網路遮罩為255.0.0.0;B類的為255.255.0.0;C類的為255.255.255.0Classless Inter-Domain Routing(CIDR)CIDR叫做無類域間路由,ISP常用這樣的方法給客戶分發位址,ISP提供給客戶1個塊(block size),類似這樣:192.168.10.32/28,這排數字告訴你你的子網路遮罩是多少,/28代表多少位為1,最大/32.但是你必須知道的1點是:不管是A類還是B類還是其他類位址,最大可用的只能為30/,即保留2位元給主機位元CIDR值:1.遮罩255.0.0.0:/8(A類位址預設遮罩)2.遮罩255.128.0.0:/93.遮罩255.192.0.0:/104.遮罩255.224.0.0:/115.遮罩255.240.0.0:/126.遮罩255.248.0.0:/137.遮罩255.252.0.0:/148.遮罩255.254.0.0:/159.遮罩255.255.0.0:/16(B類位址預設遮罩)10.遮罩255.255.128.0:/1711.遮罩255.255.192.0:/1812.遮罩255.255.224.0:/1913.遮罩255.255.240.0:/2014.遮罩255.255.248.0:/2115.遮罩255.255.252.0:/2216.遮罩255.255.254.0:/2317.遮罩255.255.255.0:/24(C類位址預設遮罩)18.遮罩255.255.255.128:/2519.遮罩255.255.255.192:/2620.遮罩255.255.255.224:/2721.遮罩255.255.255.240:/2822.遮罩255.255.255.248:/2923.遮罩255.255.255.252:/30Subnetting Class A,B&C Address劃分子網的幾個捷徑:1.你所選擇的子網路遮罩將會產生多少個子網?:2的x次方-2(x代表遮罩位,即2進製為1的部分)2.每個子網能有多少主機?: 2的y次方-2(y代表主機位元,即2進製為0的部分)3.有效子網是?:有效子網號=256-10進製的子網路遮罩(結果叫做block size或basenumber)4.每個子網的廣播位址是?:廣播位址=下個子網號-15.每個子網的有效主機分別是?:忽略子網內全為0和全為1的位址剩下的就是有效主機位址.最後有效1個主機位址=下個子網號-2(即廣播位址-1)根據上述捷徑劃分子網的具體實例:C類位址例子:網路位址192.168.10.0;子網路遮罩255.255.255.192(/26)1.子網數=2*2-2=22.主機數=2的6次方-2=623.有效子網?:block size=256-192=64;所以第一個子網為192.168.10.64,第二個為192.168.10.1284.廣播位址:下個子網-1.所以2個子網的廣播位址分別是192.168.10.127和192.168.10.1915.有效主機範圍是:第一個子網的主機位址是192.168.10.65到192.168.10.126;第二個是192.168.10.129到192.168.10.190B類位址例子1:網路位址:172.16.0.0;子網路遮罩255.255.192.0(/18)1.子網數=2*2-2=22.主機數=2的14次方-2=163823.有效子網?:block size=256-192=64;所以第一個子網為172.16.64.0,最後1個為172.16.128.04.廣播位址:下個子網-1.所以2個子網的廣播位址分別是172.16.127.255和172.16.191.2555.有效主機範圍是:第一個子網的主機位址是172.16.64.1到172.16.127.254;第二個是172.16.128.1到172.16.191.254B類位址例子2:網路位址:172.16.0.0;子網路遮罩255.255.255.224(/27)1.子網數=2的11次方-2=2046(因為B類位址預設遮罩是255.255.0.0,所以網路位元為8+3=11)2.主機數=2的5次方-2=303.有效子網?:block size=256-224=32;所以第一個子網為172.16.0.32, 最後1個為172.16.255.1924.廣播位址:下個子網-1.所以第一個子網和最後1個子網的廣播位址分別是172.16.0.63和172.16.255.2235.有效主機範圍是:第一個子網的主機位址是172.16.0.33到172.16.0.62;最後1個是172.16.255.193到172.16.255.223Variable Length Subnet Masks(VLSM)變長子網路遮罩(VLSM)的作用:節約IP位址空間;減少路由表大小.使用VLSM時,所採用的路由協定必須能夠支援它,這些路由協定包括RIPv2,OSPF,EIGRP和BGP. 關於更多的VLSM知識,可以去進行搜索Troubleshooting IP Address一些網路問題的排難1.打開Windows裡的1個DOS視窗,ping本地回環位址127.0.0.1,如果回饋資訊失敗,說明IP協定棧有錯,必須重新安裝TCP/IP協議2.如果1成功,ping本機IP位址,如果回饋資訊失敗,說明你的網卡不能和IP協定棧進行通信Chapter4 Introduction to the Cisco IOSThe Cisco Router User InterfaceCisco Internetwork Operation System(IOS)是Cisco 的routers和switches的內核Cisco Router IOSIOS的一些功能:1.運載網路協定和功能2.對產生高速流量的設備進行連接3.增加網路安全性4.提供網路的可擴展性來簡易化網路的增長和冗餘問題5.可靠的連接網路資源你可以透過以下模式進入IOS:1.透過router的console口,用於本地2.透過modem連接auxiliary(Aux)口,用於遠端3.透過VTY線路來telnetBringing Up a Router當啟動1個router的時候,大致將分為以下幾個階段:1.開機自檢(power-on self-test,POST)2.如果1正常, 如果IOS存在的話,將從它的快閃記憶體(flash memory)查找和載入IOS到RAM中(2500系列不載入RAM中,直接從快閃記憶體中執行).快閃記憶體是1種電子可擦除唯讀記憶體(electronically erasable programmable read-only memory,EEPROM)3.如果1和2正常,接下來它將在非易失性RAM(NVRAM)中查找啟動配置檔startup-config,假如沒有找到任何啟動配置檔,router將進入到setup模式Setup Modesetup模式可以對router進行些配置,但是我們不推薦使用這個方法對router進行配置.它分為2種模式:1.Basic Management2.Extended Management在setup模式中,[]代表預設設定,你可以使用Ctrl+C隨時退出setup模式Command-Line Interface當問你是否進入setup模式,選擇no,即進入命令行模式Logging into the Router從用戶模式(user mode)進入到特權模式(exec mode),注意提示符的變化:Router>enableRouter#從特權模式退出到用戶模式:Router#disableRouter>退出router命令行:在用戶模式和特權模式下輸入logout,如下:Router#logoutRouter con0 is now availablePress RETURN to get startedOverview of Router Modes配置router,需要進入到1個叫做配置模式的模式,在特權模式下輸入configure terminal進入全局配置模式(global configuration mode),在這之下輸入的命令叫做全局命令,一旦輸入,將對整個router產生影響.如下,注意提示符的變化:Router#configConfigruation from terminal,memory or network[terminal]?(press Enter)Router(config)#參數terminal,memory和network的區別:1.configure terminal:配置router的running-config,所謂running-config即為當前執行在動態RAM(DRAM)的配置檔2.configure memory: 配置router的startup-config,所謂startup-config即為存儲在router 的NVRAM裡的配置檔3.configure network:配置存儲在TFTP主機的配置檔Interfaces。

第四章TACAS+4.1. 用户登录集中鉴权提问 使用集中的鉴权方式对用户登录设备进行控制回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa authentication login default group tacacs+Router1(config)#aaa authentication enable default group tacacs+Router1(config)#tacacs-server host 172.25.1.1Router1(config)#tacacs-server key COOKBOOKRouter1(config)#endRouter1#注释 部署集中化鉴权就不需要在每台设备上配置用户名密码了，改密码也变得简单了 4.2. 限制特定命令的执行权限提问 对设备可执行命令权限进行基于用户的授权回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa authorization exec default group tacacs+Router1(config)#aaa authorization commands 15 default group tacacs+Router1(config)#tacacs-server host 172.25.1.1Router1(config)#tacacs-server key neoshiRouter1(config)#endRouter1#注释 无4.3. TACACS+服务器无法访问提问 防止出现TACACS+服务器故障导致所有用户都不能登录回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa authentication login default group tacacs+ enableRouter1(config)#aaa authentication enable default group tacacs+ enableRouter1(config)#aaa authorization commands 15 default group tacacs+ if-authenticatedRouter1(config)#tacacs-server host 172.25.1.1Router1(config)#tacacs-server key COOKBOOKRouter1(config)#endRouter1#注释 在认证服务器出现故障的情况下使用enable密码作为备份，同时建议使用if-authenticated参数在你配置授权的时候4.4. 在特定端口禁用TACACS+鉴权提问 为了方便禁止在控制口使用TACACS+鉴权回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa authentication login default group tacacs+ local Router1(config)#aaa authentication login NEOSHI lineRouter1(config)#line con 0Router1(config-line)#login authentication NEOSHIRouter1(config-line)#endRouter1#注释4.5. 记录用户行为提问 记录用户输入的配置命令和时间回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa accounting commands 1 default stop-only group tacacs+ Router1(config)#aaa accounting commands 15 default stop-only group tacacs+ Router1(config)#endRouter1#注释 下面是一条日志记录，很详尽吧Fri Jan 3 11:08:47 2006 toronto ijbrown tty66 172.25.1.1 stop task_id=512 start_time=1041610127 timezone=EST service=shell priv-lvl=15 cmd=configure terminal <cr>4.6. 记录系统事件提问 记录系统事件回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa accounting exec default start-stop group tacacs+Router1(config)#aaa accounting connection default start-stop group tacacs+Router1(config)#aaa accounting system default stop-only group tacacs+Router1(config)#endRouter1#注释 除了可以记录用户输入命令以外还提供了exec（用户开始和中止exec会话的时间记录），connection （用户发起外部连接的时间，地址，数据包 多少等信息记录比如telnet ssh等）和system（系统重启，禁用AAA等系统信息）等三种系统事件的记录4.7. 设置TACACS+消息的源地址提问 发送TACACS+消息时只使用特定的源地址回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#ip tacacs source-interface Loopback0Router1(config)#endRouter1#注释 所有本设备的记录都来自于同一地址方便对日志进行汇总和统计<!--[if !supportLists]-->4.8. <!--[endif]-->TACACS+服务器配置文件样本 注释 可以使用思科免费的TACACS+服务器也可以使用商业的服务器，配置方式略。