02.生成树与vlan

实验六交换机VLAN配置及生成树协议6.1 交换机的VLAN（略，见课本）6.2 交换机生成树协议（略，见课本）6.3 实验六交换机VLAN配置及生成树协议6.3.1实验目的理解交换机VLAN的基本概念与工作原理，了解VLAN协议IEEE 802.1Q。

在掌握交换机基本配置操作的基础上，学会在交换机上对规划的VLAN作相应配置。

理解交换机生成树的基本概念与工作原理，了解生成树协议802.1D与快速生成树协议802.1W，学会在交换机上设置生成树功能。

6.3.2 实验准备（1）实验设备∙锐捷路由组网实验台，每个机架上有4台锐捷路由器、4台锐捷交换机，本次实验每组使用2台锐捷交换机，一个机架可供2组同时做实验；∙带9针COM口、双10/100M网卡的PC机若干台。

∙PC机COM口连接交换机的console口配置用的连线：说明：用锐捷路由组网实验台实验时：因为用户PC机本身的网卡NIC1已插有RJ45 UTP线连接到机房核心交换机再连到实验机架上的锐捷管理控制服务器，而后者已有串口线连接到机架上各交换机的console口，PC机可通过使用HTTP Web网页的方法访问锐捷管理控制服务器，间接由其串口向交换机的console口发出配置命令，因此用户PC机COM口不再需要连接交换机的console口；∙PC机与交换机连接用的RJ45-to-RJ45 straight-through cable (RJ45 UTP直通线) 2根：说明：用锐捷路由组网实验台实验时：因为用户PC机本身的网卡NIC2已插RJ45 UTP直通线连接到实验台机架下部理线架上的相应插座，因此只需用RJ45 UTP直通线将实验台下部的理线架上相应插座RG-Switch 与实验台上部的交换机以太接口相连；2台交换机以太端口间互连用的RJ45 UTP 交叉线：（2）预备知识● 复习交换机构成和各部件作用的知识；● 熟悉交换机的配置方法和相应的IOS 配置命令；了解在特权模式下对交换机进行配置的过程；● 熟悉交换机VLAN 的基本概念与工作原理，了解对交换机进行VLAN 配置的方法；● 熟悉交换机生成树的基本概念与工作原理，了解在交换机上设置生成树功能的方法。

一、实验目的1. 理解生成树协议（STP）的基本原理和工作机制；2. 掌握生成树协议的配置方法；3. 通过实验验证生成树协议在网络中的实际应用效果。

二、实验环境1. 实验设备：两台华为S5700交换机、两台PC机；2. 实验软件：华为网络设备仿真软件；3. 实验拓扑：两台交换机通过一条物理链路连接，两台PC机分别连接到两台交换机上。

三、实验原理生成树协议（Spanning Tree Protocol，STP）是一种用于在网络中消除环路并实现冗余链路备份的协议。

当网络中出现环路时，STP会阻塞部分端口，形成一个没有环路的树形结构，确保网络的高可用性和容错能力。

STP通过交换机之间的BPDU（Bridge Protocol Data Unit）报文进行信息交互，选举根网桥，并确定每个交换机的根端口和指定端口。

根端口是连接到根网桥的端口，指定端口是连接到同一VLAN且路径最短的端口。

其余端口被阻塞，不参与数据转发。

四、实验步骤1. 配置交换机名称和密码；2. 配置交换机接口；3. 配置VLAN；4. 配置STP；5. 验证STP配置效果。

五、实验过程1. 配置交换机名称和密码```bashS1>display versionS1>sysname S1S1>display versionS1>enableS1#configure terminalS1(config)#username admin password simple 123456 S1(config)#exit```2. 配置交换机接口```bashS1>display ip interface briefS1#interface GigabitEthernet0/0/1S1(config-if)#ip address 192.168.1.1 24S1(config-if)#exitS1#interface GigabitEthernet0/0/2S1(config-if)#ip address 192.168.1.2 24S1(config-if)#exit```3. 配置VLAN```bashS1>display vlanS1#vlan 10S1(config-vlan)#name VLAN10S1(config-vlan)#exitS1#interface GigabitEthernet0/0/1S1(config-if)#port link-type access S1(config-if)#port default vlan 10 S1(config-if)#exitS1#interface GigabitEthernet0/0/2S1(config-if)#port link-type access S1(config-if)#port default vlan 10 S1(config-if)#exit```4. 配置STP```bashS1>display stpS1#stpmode stpS1>display stpS1#interface GigabitEthernet0/0/1S1(config-if)#port link-type access S1(config-if)#port default vlan 10 S1(config-if)#exitS1#interface GigabitEthernet0/0/2S1(config-if)#port link-type access S1(config-if)#port default vlan 10S1(config-if)#exit```5. 验证STP配置效果```bashS1>display stpS1>display stp interface GigabitEthernet0/0/1S1>display stp interface GigabitEthernet0/0/2S1>ping 192.168.1.2```六、实验结果与分析1. 实验结果通过实验，成功配置了生成树协议，并验证了STP在网络中的实际应用效果。

实验四生成树协议和VLAN技术实验目的：通过本次实验掌握生成树协议、快速生成树协议、聚合端口的应用及的配置。

理解他们之间的区别并结合实验加以检证。

熟悉VLAN技术的配置命令，掌握端口隔离及跨VLAN间通信的相关技术。

能够在复杂的交换网络中开启VTP服务。

1．生成树配置实验名称：生成树协议STP。

实验目的：理解生成树协议STP的配置及原理。

实现功能：使网络在有冗余链路的情况下避免环路的产生，避免广播风暴等。

实验拓朴：实验步骤：步骤1.在每台交换机上开启生成树协议。

例如对SwitchA做如下配置：SwitchA# configure terminalSwithchA(config)# spanning-tree ！开启生成树协议（思科默认开启STP）SwithchA(config)# end验证测试：验证生成树协议已经开启SwitchA# show spanning-tree ！显示交换机生成树的状态步骤2.设置生成树模式。

SwitchA(config)# spanning-tree mode stp ！设置生成树模式为STP（802.1D）验证测试：验证生成树协议模式为802.1DSwitchA# show spanning-tree注：cisco的stp协议默认是开启的。

因此SwitchB和SwitchC可以不用配置。

步骤3.设置交换机的优先级.SwitchA(config)# spanning-tree vlan 1 priority 4096 ！设置交换机SwitchA的优先级为4096，数值最小的交换机为根交换机（也称根桥），交换机SwichB和SwichC的优先级采用默认优先级（32768），因此SwitchA将成为根交换机。

步骤4.综合验证测试。

观察根端口的变化。

用PCC去ping PCB，使用连续ping命令，然后将SA和SC的接线断开，观察连通性变化。

步骤5。

将生成树协议换成rstp使用快速生成树协议，然后同样用PCC去ping PCB，使用连续ping命令，然后将SA 和SC的接线断开，观察连通性变化。

《网络系统集成实训》指导书 网络系统集成实训》指导书2-1 生成树及快速生成树【实训目的】 实训目的】 1．理解生成树协议的作用 2．熟练掌握生成树协议和快速生成树协议的配置 参考资料】 【参考资料】 1． 高峡,陈智罡,袁宗福. 网络设备互连学习指南, 科学出版社,2009 2． 高峡,钟啸剑,李永俊. 网络设备互连实验指南, 科学出版社,2009 3． VLAN 学习指南 4． 锐捷 S3550 配置手册 实训内容】 【实训内容】 1．生成树协议配置 ． 在 VLAN 中启用和关闭生成树协议 启用生成树协议： 启用生成树协议： Switch(config)#spanning-tree vlan vlan-id 闭生成树协议： 关闭生成树协议： Switch(config)#no spanning-tree vlan vlan-id 显示生成树协议状态： 生成树协议状态 显示生成树协议状态： Switch#show spanning-tree vlan vlan-id 2．快速生成树配置 ． 完成《网络设备互连指南》中的实验六 3. 举例 使用两台二层交换机，交换机之间使用两条网线相连，这样可以形成一个回路。

Cisco 交换机默认开启了所有 vlan 的生成树配置，所以实验中应该首先关掉交换机中的生成树协 议。

Switch1> enable Switch1# configure terminal Switch1(config)# no spanning-tree vlan 1 Switch1(config)# end Switch2> enable Switch2# configure terminal Switch2(config)# no spanning-tree vlan 1 Switch2(config)# end Switch1> enable Switch1# configure terminal Switch1(config)# spanning-tree vlan 1 Switch1(config)# spanning-tree mode pvst(pvst 为普通生成树协议，如果要配置 为普通生成树协议，快速生成树， 快速生成树，须改为 rapid-pvst)Switch1(config)# end Switch2> enable Switch2# configure terminal Switch2(config)# spanning-tree vlan 1Switch2(config)# spanning-tree mode pvst Switch2(config)# end【实训任务】 实训任务】 任务 1．在模拟器中搭建如下的拓扑结构的网络：Switch4 与 Switch5 都是 Catalyst 2950-24，二者的端口 1 和 2 均用来互连，PC0 和 PC1 的 IP 地址分别为 192.168.1.101，192.168.1.102。

目录1生成树················································································································································ 1-11.1 生成树简介 ········································································································································ 1-11.1.1 STP简介 ································································································································· 1-11.1.2 RSTP简介······························································································································· 1-71.1.3 MSTP简介 ······························································································································ 1-81.1.4 协议规范 ······························································································································· 1-131.2 生成树配置任务简介························································································································ 1-131.2.1 STP配置任务简介 ················································································································· 1-141.2.2 RSTP配置任务简介 ·············································································································· 1-141.2.3 MSTP配置任务简介 ·············································································································· 1-151.3 配置生成树 ······································································································································ 1-171.3.1 配置生成树的工作模式 ········································································································· 1-171.3.2 配置MST域 ··························································································································· 1-171.3.3 配置根桥和备份根桥 ············································································································· 1-181.3.4 配置设备的优先级················································································································· 1-191.3.5 配置MST域的最大跳数 ········································································································· 1-191.3.6 配置交换网络的网络直径······································································································ 1-201.3.7 配置生成树的时间参数 ········································································································· 1-201.3.8 配置超时时间因子················································································································· 1-211.3.9 配置端口的最大发送速率······································································································ 1-221.3.10 配置端口为边缘端口 ··········································································································· 1-221.3.11 配置端口的路径开销 ··········································································································· 1-231.3.12 配置端口的优先级··············································································································· 1-251.3.13 配置端口的链路类型 ··········································································································· 1-261.3.14 配置端口收发的MSTP报文格式·························································································· 1-271.3.15 打开端口状态变化信息显示开关 ························································································· 1-271.3.16 使能生成树协议（STP/RSTP/MSTP模式） ······································································· 1-281.3.17 执行mCheck操作 ················································································································ 1-281.3.18 配置摘要侦听功能··············································································································· 1-291.3.19 配置No Agreement Check功能··························································································· 1-311.3.20 配置生成树保护功能 ··········································································································· 1-331.4 生成树显示和维护 ··························································································································· 1-361.5 生成树典型配置举例························································································································ 1-371.5.1 MSTP典型配置举例 ·············································································································· 1-371 生成树1.1 生成树简介SecPath F100-C-AI目前不支持PVST生成树协议。

生成树的国际标准
“生成树”在计算机科学和网络领域指的是一种用于构建网络拓扑结构的算法。

它是为了防止网络中的环路而设计的，确保网络中的数据在传输时不会陷入无限循环。

生成树协议（Spanning Tree Protocol，STP）是一种常见的实现生成树算法的协议，用于构建无环的网络拓扑结构。

在网络通信中，生成树协议（STP）是IEEE 802.1D标准的一部分，它是一种用于交换机间通信的协议。

IEEE 802.1D 定义了生成树协议的运行原理，其核心目的是避免网络中出现数据包的循环传输，保证网络拓扑的连通性并防止网络中的冗余链路形成环路。

此外，IEEE 802.1Q 标准中的VLAN（Virtual LAN）技术也与生成树协议有关，它可以在生成树协议的基础上为不同VLAN 提供无环的通信路径。

总的来说，生成树协议作为网络中环路消除的重要工具，被包含在IEEE 802.1D 和IEEE 802.1Q 标准中，这些标准规定了生成树协议的基本原理、运行方式和实现方法。

《网络原理与技术实验》实验报告实验名称：利用三层交换机实现VLAN间路由，快速生成树配置评分：________班级：学号：姓名：利用三层交换机实现VLAN间路由实验目的：1.掌握交换机Tag VLAN的配置2.掌握三层交换机基本配置方法；3.掌握三层交换机VLAN路由的配置方法；4.通过三层交换机实现VLAN间相互通信；实验原理：三层交换机具备网络层的功能，实现VLAN相互访问的原理是：利用三层交换机的路由功能，通过识别数据包的IP地址，查找路由表进行选路转发，三层交换机利用直连路由可以实现不同VLAN 之间的相互访问。

三层交换机给接口配置IP地址。

采用SVI（交换虚拟接口）的方式实现VLAN 间互连。

SVI是指为交换机中的VLAN创建虚拟接口，并且配置IP地址。

实验拓扑图：实验步骤：新建packet tracer拓扑图（1）在二层交换机上配置VLAN2、VLAN3，分别将端口2、端口3划分给VLAN2、VLAN3。

（2）将二层交换机与三层交换机相连的端口fa 0/1都定义为tag Vlan模式。

（3）在三层交换机上配置VLAN2、VLAN3，此时验证二层交换机VLAN2、VLAN3下的主机之间不能相互通信。

（4）设置三层交换机VLAN间的通信，创建VLAN2,VLAN3的虚接口，并配置虚接口VLAN2、VLAN3的IP地址。

（5）查看三层交换机路由表。

（6）将二层交换机VLAN2、VLAN3下的主机默认网关分别设置为相应虚拟接口的IP地址。

PC1和PC2的配置：PC1exitinterface vlan 3ip address 192.168.2.1 255.255.255.0no shutdownendshow ip routeshow vlanPC3 Ping PC1Ping 192.168.1.2 可以ping通PC3 Ping PC2Ping 192.168.2.2 不可以ping通PC3 S2960S3560（7）验证二层交换机VLAN2,VALN3下的主机之间可以相互通信。

ＶＬＡＮ与生成树和生成树的配置一ＶＬＡＮ与生成树在缺省的ＣＩＳＣＯＳＴＰ模式中，每个ＶＬＡＮ定义一个ＳＴＰ．ＩＥＥＥ８０２．１Ｑ标准是在整个交换ＶＬＡＮ网络中使用一个ＳＴＰ，但并不排除在每个ＶＬＡＮ中实现ＳＴＰ．１ＶＬＡＮ与生成树的关系＞ＩＥＥＥ通用生成树（ＣＳＴ）＞ＣＩＳＣＯＰＥＲＶＬＡＮ生成树（ＰＶＳＴ）＞带ＣＳＴ的ＣＩＳＣＯＰＥＲＶＬＡＮ生成树（ＰＶＳＴ＋）ＣＳＴ是ＩＥＥＥ解决运行虚拟局域网ＶＬＡＮ生成树的方法．ＣＳＴ定义，整个第２层交换网络所有实现了的ＶＬＡＮ，仅使用一个生成树实例．这个生成树实例运行在整个交换局域网上．ＰＶＳＴ是解决在虚拟局域网上处理生成树的ＣＩＳＣＯ特有解决方案．ＰＶＳＴ为每个虚拟局域网运行单独的生成树实例．一般情况下ＰＶＳＴ要求在交换机之间的中继链路上运行ＣＩＳＣＯ的ＩＳＬ．ＰＶＳＴ＋是ＣＩＳＣＯ解决在虚拟局域网上处理生成树问题的另一个方案．ＰＶＳＴ＋允许ＣＳＴ信息传给ＰＶＳＴ，以便与其他厂商在ＶＬＡＮ上运行生成树的实现方法进行操作．２按ＶＬＡＮ生成树（ＰＶＳＴ）为每个ＶＬＡＮ建立一个独立的生成树实例（ＰＶＳＴ）．生成树算法计算整个交换型网络的最佳无环路径．ＰＶＳＴ的优点：＞生成树拓扑结构的总体规模减少．＞改进了生成树的扩展性，并减少了收敛时间．＞提供更快的收敛恢复能力和更高的可靠性．ＰＶＳＴ的缺点：＞为了维护针对每个ＶＬＡＮ而生成的生树，交换机的利用率会更高＞为了支持各个ＶＬＡＮ的ＢＰＤＵ，需要占用更多的ＴＲＵＮＫ链路带宽生成树仅可运行在６４个ＶＬＡＮ上．３公共生成树（ＣＳＴ）ＣＳＴ是ＩＥＥＥ在虚拟局域网上处理生成树的特有方法，这是一种ＶＬＡＮ解决方案，称为单一或者公共生成树．生成树协议运行在ＶＬＡＮ１即缺省的ＶＬＡＮ上．所有的交换机都举出同一个根网桥，并建立与该根网桥的关系．公共生成树不能针对每个ＶＬＡＮ来优化根网桥的位置．公共生成树优点：＞最小数量的ＢＰＤＵ通信，带宽占用少．＞交换机负载保持最小．公共生成树的缺点如下：＞只用一个根网桥，这不能为所有的ＶＬＡＮ做到网桥的优化放置，导致对某些设备来说可能存在次优化路径．＞为包括交换架构中的所有端口，生成树的拓扑结构较大，这就会导致较长的收敛时间和更频繁的重新配置．４增强型的按ＶＬＡＮ生成树（ＰＶＳＴ＋）ＰＶＳＴ＋有以下特征：＞它是ＣＩＳＣＯ发展的，可以与８０２．１Ｑ公共生成树（ＣＳＴ）互操作．＞通过ＩＳＬ中继，ＰＶＳＴ＋与现存的ＣＩＳＣＯ交换机ＰＶＳＴ协议向后兼容，同时，ＰＶＳＴ＋也通过８０２．１Ｑ中继与ＣＳＴ连接互操作．＞如果ＰＶＳＴ区域和ＣＳＴ区域之间要互操作，一定要通过ＰＶＳＴ＋区域．二生成树配置生成树配置涉及下面一些任务：＞选举和维护一个根网桥．＞通过配置一些生成树的参数来优化生成树．（如端口优先级端口成本）＞通过配置上行链路来减少生成树的收敛时间．２９５０交换机上生成树的缺省配置：＞ＳＴＰ启用：缺省情况下ＶＬＡＮ１启用＞ＳＴＰ模式：ＰＶＳＴ＋＞交换机优先级：３２７６８＞ＳＴＰ端口优先级：１２８＞ＳＴＰ路径成本：１０００Ｍ：４１００Ｍ：１９１０Ｍ：１００＞ＳＴＰＶＬＡＮ端口成本：（同上）＞ＳＴＰ计时器：ＨＥＬＬＯ时间：２秒转发延迟：１５秒最大老化时间：２０秒１启用生成树：switch(config)#spanning-tree vlan vlan-list步骤：switch#config tswitch(config)# spanning-tree vlan 10switch(config)#endswitch#show spanning-tree summary(detial)summary摘要detial详细Bridge Identifier has priority 8912,address 0006.eb06.1741 (本地交换机网桥ＩＤ）desigated root has priority 8912,address 0006.eb06.1741 (根网桥ＩＤ）designated port is 7,path cost 0 (路径成本）times: hold1, topology change 35, notification 2hello 2, max age 20, forward delay 15 （根计时器）２人为建立根网桥在生成树网络中，最重要的事情就是决定根网桥的位置．可以让交换机自己根据一定的原则来选择根网桥以及备份或从（secondary）根网桥，也可使用命令人为指定根网桥．ＰＳ：不要将接入层的交换机配置为根网桥．ＳＴＰ根网桥通常是汇聚层或者核心层的交换机．通过命令直接建立根网桥：spanning-tree vlan vlan-id root primary步骤：switch#config terminalswitch(config)#spanning-tree vlan vlan-id root primary dianmeternet-diameter hello-time sec为ＶＬＡＮ配置根网桥网络半径以及ＨＥＬＬＯ时间ＲＯＯＴ关键字：指定这台交换机为根网桥diameter netdianmeter：该关键字指定在末端口主机任意两点之间的网段的最大数量．net-diameter的值是２－７．这个直径应该从根网桥开始计算，根网桥是１switch(config)#endswitch#show spanning-tree vlan vlan-id detail让交换机返回缺省的配置，可以使用如下命令：no spanstree vlan vlan-id root２＞修改网桥的优先级别：多数情况下做如下配置：spanning -tree vlan vlan-id root primary （主ＲＯＯＴ）spanning-tree vlan vlan-id root secondary（备份ＲＯＯＴ）修改网桥优先级：spanning-tree vlan vlan-id priority bridge-priority３确定到根网桥的路径生成树协议依次用ＢＰＤＵ中这些不同域来确定根网桥的最佳路径：＞根路径成本（ＲＯＯＴＰＡＴＨＣＯＳＴ）＞网桥ＩＤ（ＢＲＩＤＧＥＩＤ）＞端口优先级（ＰＯＲＴＰＲＯＩＲＩＴＹ）从端口发出ＢＰＤＵ时，它会被施加一个端口成本，所有端口成本的总和就是路径成本．生成树首先查看路径成本，以确定哪些端口应该转发，哪些端口应该阻塞．报告最低路径成本的端口被选为转发端口．如果对多个端口来说，其中路径成本相同，那么，生成树将查看网桥ＩＤ．报告有最低网桥ＩＤ的ＢＰＤＵ端口被允许进行转发，而其他所有端口被阻断．如果路径成本和网桥ＩＤ都相同（如在平行链路中），生成树将查看端口ＩＤ．端口ＩＤ低的优先级高，将作为转发端口．４修改端口成本如果想要改变某台交换机和根之间的数据所走的路径，就要仔细计算当前的路径成本，然后，改变所希望路径的端口成本．我们可以更改交换机端口的成本，端口成本更低的端口更容易被选为转发帧的端口．spanning-tree vlan vlan-id cost costno spanning-tree vlan vlan-id cost(删除)配置步骤：＞１config terminal 进入配置状态＞２interface interface-id 进入端口配置界面＞３spanning-tree vlan vlan-id cost cost值为某个ＶＬＡＮ配置端口成本＞４end＞５show spanning-tree interface interface-id detail查看配置＞６write５修改端口优先级在路径成本和网桥ＩＤ都相同的情况下，有最低优先级的端口将为vlan转发数据帧．对应基于ＣＬＩ的命令的交换机，可能的端口优先级别范围为０～６３，缺省为３２．基于ＩＯＳ的交换机端口的优先级别范围是０～２５５，缺省为１２８．spanning-tree vlan vlan-id port-priority priority值no spanning-tree vlan vlan－id port-priority１＞config terminal 进入配置状态２＞interface interface-id 进入端口配置界面３＞spanning-tree vlan vlan-id port-priority４＞end５＞show spanning-tree interface interface-id detail６＞write６修改生成树计时器使用缺省的ＳＴＰ计时器配置，从一条链路失效到另一条接替，需要花费５０秒．这可能使网络存取被耽误，从而引起超时，不能阻止桥接回路的产生，还会对某些协议的应用产生不良影响，会引起连接、会话或数据的丢失。