HCIE - Routing & Switching v3.0 Outline

Layer 2 Technologies

STP

网桥ID(BID)最小者当选。网桥优先级取值越小,则网桥ID就越小。若优先级相同,则比较MAC地址。

在每一个非根交换机上选出一个根端口RP(Root Port),并且只能是一个。根端口用于接收根交换机发来的BPDU,也用来转发普通流量。根端口RP的选举条件:1. BPDU接收端口到跟交换机的路径成本最小。2. 对端网桥ID(BID)最小。3. 对端的端口ID最小。

在每一个网段上选出一个指定端口DP(Designated Port),并且只能是一个。指定端口DP用于转发根交换机发来的BPDU,也用来转发普通流量。指定端口DP的选举条件:1. 根交换机的所有端口都是指定端口DP。2. 根端口的对端端口一定是指定端口DP。3. BPDU转发端口到跟交换机的路径成本最小。4. 本端的网桥ID最小。

剩余端口成为备用端口(Alternate Port),将他们阻塞。
HCIE - Routing & Switching v3.0 Outline_第1张图片

  • STP
  • RSTP
  • MSTP
  • LooP Guard
  • Root guard
  • BPDU guard
  • TC-BPDU attack guard

VLAN

802.1Q, 4字节的VLAN tag,由交换机来处理。

交换机端口类型:access,trunk, hybrid。

access连接终端,trunk连接交换机。

1、创建vlan:
<Quidway>system-view //进入配置视图
[Quidway] vlan 10
[Quidway] vlan 100 //还可以用vlan batch批量创建vlan
2、将端口加入到vlan中:
[Quidway] interface GigabitEthernet2/0/1
[Quidway- GigabitEthernet2/0/1] port link-type access
[Quidway- GigabitEthernet2/0/1] port default vlan 100 //配置pvid
[Quidway- GigabitEthernet2/0/1] quit //回到配置视图
[Quidway] interface GigabitEthernet1/0/0 
[Quidway- GigabitEthernet1/0/0] port link-type access
[Quidway- GigabitEthernet2/0/1] port default vlan 10
[Quidway- GigabitEthernet2/0/1] quit
3、将多个端口加入到VLAN中
<Quidway>system-view
[Quidway]vlan 10
[Quidway-vlan10]port GigabitEthernet 1/0/0 to 1/0/29 //将0到29号口加入到vlan10中
4、交换机配置IP地址
[Quidway] interface Vlanif100
[Quidway-Vlanif100] ip address 119.167.200.90 255.255.255.252
[Quidway] interface Vlanif10
[Quidway-Vlanif10] ip address 119.167.206.129 255.255.255.128
5、配置默认网关:
[Quidway]ip route-static 0.0.0.0 0.0.0.0 119.167.200.89 //配置默认网关。
6、 交换机保存设置和重置命令
<Quidway>save
<Quidway>reset saved-configuration //重置交换机的配置
<Quidway>reboot //重新启动交换机
7、交换机常用的显示命令
用户视图模式下:
<Quidway>display current-configuration //显示现在交换机正在运行的配置明细
<Quidway>display device //显示各设备状态
<Quidway>display interface ? //显示个端口状态,用?可以查看后边跟的选项
<Quidway>display version //查看交换机固件版本信息
<Quidway>display vlan ? // 查看vlan的配置信息
  • Access port
  • Trunk port
[SW3]interface GigabitEthernet 0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 to 50
  • Hybrid port
  • QinQ
  • Vlan Aggregation
    详情链接1
  • Mux VLAN
    详情链接1
  • Voice VLAN

Transparent bridge

交换机就是多端口网桥。

  • Local Bridging
  • Remote Bridging
  • Integrated Bridging and Routing
  • VLAN ID Transparent Transmission

Link Aggregation, Eth-Trunk and IP-Trunk, Load-balance, LACP

  • Link Aggregation
  • LACP
[SW1]interface Eth-Trunk 1
[SW1-Eth-Trunk1]mode manual load-balance //默认即为手工模式,可不配置
[SW1-Eth-Trunk1]load-balance ? //查看可配置的均衡方式,默认为src-dst-ip
[SW1-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 to 0/0/2
[SW1-Eth-Trunk1]display eth-trunk 1
[SW1-Eth-Trunk1]port link-type trunk
[SW1-Eth-Trunk1]port trunk allow-pass vlan all
----------------------------------
上面是手工模式,下面是LACP模式
----------------------------------
[SW1]interface Eth-Trunk 2
[SW1-Eth-Trunk2]mode lacp-static //配置为lacp静态模式
[SW1-Eth-Trunk2]trunkport GigabitEthernet 0/0/0 to 0/0/3

Ethernet Technologies

  • Speed and duplex
  • Ethernet, Fast Ethernet, Gigabit Ethernet, 10GE/40GE/100GE
  • Auto MDI/MDIX
    Media Dependent Interface 网线的交叉线和直连线自动转换
  • Auto negotiation
  • Storm control
    详情链接1
  • Unicast flooding control
    未知单播:MAC表中无对应条目

Smart Link

单点故障解决方案介绍smart link/monitor link /stp

DLDP

设备链路检测协议DLDP(Device Link Detection Protocol)用来监控光纤或铜质双绞线(例如超五类双绞线)的链路状态。如果发现单向链路存在,DLDP协议会根据用户配置,自动关闭或通知用户手工关闭相关接口,以防止网络问题的发生。

Switched Port Analyzer (port-mirroring)

【端口镜像、流镜像、VLAN镜像、MAC镜像】 X 【本地镜像、二层远程镜像、三层远程镜像】

CSS/iStack

华为交换机CSS/iStack配置
华为交换机iStack配置
华为交换机IStack配置

HDLC/IP-Trunk and PPP/MP

HDLC PPP PPPoE
IP Trunk
PPP协议允许将多个链路捆绑为一个逻辑链路使用,这种提高带宽的技术称为多链路PPP,即MP。
配置举例

PPPoE

IPv4/v6 Unicast

IPv4 addressing, subnetting and VLSM

寻址
A/B/C类地址,私有地址,组播地址
路由环路的原因:配置错误、聚合了不存在的网络、网络故障

IPv4 tunneling and GRE

L2TP

参考链接1
参考链接2

GRE

参考链接1

IPsec

参考链接1

SSL

SSH

IPv6 addressing

ICMPv6

IPv6 functionality protocols

Migration techniques

  • Tunneling techniques
  • Translation techniques

IPv4/v6 OSPF

  • Standard OSPF areas
  • Stub area
  • Totally stubby area
  • NSSA
  • Totally NSSA
  • LSA types
  • Adjacency on a point-to-point and on a multi-access network
  • Virtual-Link
  • LSA Filter
  • OSPF Fast Convergence
  • Stub Router
  • OSPF authentication

IPv4/v6 IS-IS

  • NSAP
  • IS-IS Link-state packets
  • IS-IS area type
  • IS-IS circuit type
  • IS-IS TLV
  • IS-IS DIS and Pseudo node
  • IS-IS SPF
  • IS-IS LSP
  • IS-IS Metric
  • IS-IS Route Leaking
  • IS-IS MT
  • IS-IS Fast Convergence
  • IS-IS LDP Synchronization
  • IS-IS Authentication

IPv4/v6 BGP

  • IBGP and EBGP
  • BGP attributes
  • BGP synchronization
  • BGP routes Summarization
  • Route Dampening
  • BGP route reflector
  • BGP community
  • BGP Peer Groups
  • BGP Security
  • Principles of Route Selection

Route Control

  • Filtering
  • IP Prefix list
  • Route Import (redistribution)
  • Route policy
  • Summarization
  • Preference
  • Other advanced features

MPLS VPN

MPLS

  • MPLS network component (P PE CE)
  • MPLS label format
  • MPLS label encapsulation
  • Forwarding Equivalence Class
  • LDP
  • Label advisement model
  • MPLS LDP - Local Label Allocation Filtering
  • MPLS LDP inbound/outbound Label Binding Filtering

MPLS Layer 3 VPN

  • MP-IBGP VPNv4 peering
  • VPN-instance
  • Route Distinguisher
  • Route Target
  • Route Target import/export
  • PE-CE-Dynamic Routes
  • PE-CE-Static Routes
  • Redistributing PE-CE routes into VPNv4
  • Redistributing VPNv4 routes into PE-CE routing table\
  • MCE

Inter-AS MPLS VPN

  • Option A
  • Option B
  • Option C

IPv4/v6 Multicast

  • Multicast distribution tree
  • Multicast forwarding
  • Multicast RPF
  • PIM-SM
  • IGMP/MLD
  • IGMP Snooping/MLD Snooping
  • PIM RP, and BSR
  • Multicast tools, features and source-specific multicast

Network Security

Access lists

uRPF

IP Source Guard

AAA

802.1x /NAC

NAT

  • Static NAT/NAPT
  • Dynamic NAT/PAT
  • Easy IP
  • NAT Server
  • Twice NAT
  • ALG
  • NAT Mapping
  • NAT Filtering

Device access control

IPsec

Traffic Suppression

Local Attack Defense

IP Address Anti-spoofing

ARP Security

DHCP Security

QoS

  • Classification
  • Traffic Policing
  • Traffic Shaping
  • Congestion Avoidance
  • Congestion Management

Network Management

  • Syslog
  • IP Service Level Agreement SLA
  • NetStream
  • SNMP
  • FTP
  • Telnet
  • SSH

Feature

  • VRRP
  • VGMP
  • Interface Backup
  • NTP
  • DHCP
  • BFD
  • NSF/GR
  • NSR

SDN

  • Strategy of SDN/NFV
  • SDN architecture
  • VXLAN
  • EVPN

Planning/Troubleshoot a Network

  • Planning/Troubleshoot complex Layer 2 network
  • Planning/Troubleshoot complex layer 3 network
  • Planning/Troubleshoot a network in response to application
  • Planning/Troubleshoot network services
  • Planning/Troubleshoot network security

你可能感兴趣的:(Computer,Network,网络)