看华为高级网络工程师怎么样优化二层交换机网络
<div style="color: black; text-align: left; margin-bottom: 10px;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">大众</span>好,经过上一篇<span style="color: black;">文案</span>的生成树协议配置,该拓扑<span style="color: black;">能够</span>防止广播风暴,并且实现了链路的冗余。本文的<span style="color: black;">重点</span>目的是优化网络拓扑,使该拓扑具备防攻击。<span style="color: black;">经过</span>本文,<span style="color: black;">期盼</span><span style="color: black;">大众</span>能够学习到怎么配置核心交换机根桥<span style="color: black;">守护</span>、BPDU<span style="color: black;">守护</span>、TC<span style="color: black;">守护</span>以及环路<span style="color: black;">守护</span>功能,配置了这些功能,监控网络更加易于运维管理。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">网络拓扑如图1:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/09e020ca77434caeb95f3e3c0309ec1a~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1725634586&x-signature=4%2FzJ1%2FShCpBvN91l0lub0gShPoE%3D" style="width: 50%; margin-bottom: 20px;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">图1</p>
</div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">第1</span>步:配置核心交换机根桥<span style="color: black;">守护</span>功能,<span style="color: black;">经过</span>维持指定端口的角色来<span style="color: black;">守护</span>核心交换机根交换机的角色。</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">操作设备:核心交换机</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">配置命令是:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">sys</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">interface GigabitEthernet 0/0/4</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">stp root-protection</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">interface GigabitEthernet 0/0/5</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">stp root-protection</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">第二步:所有交换机配置TC<span style="color: black;">守护</span>功能,<span style="color: black;">由于</span>交换机收到TC报文会进行删除MAC<span style="color: black;">位置</span>表和ARP表的动作,为了避免TC报文攻击,<span style="color: black;">咱们</span>需要使能该功能。</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">操作设备:所有交换机</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">配置命令是:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">sys</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">stp tc-protection //交换机启用TC报文攻击防护功能</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">stp tc-protection threshold 10 //配置TC报文攻击阈值,默认是1</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">第三步:汇聚-1和汇聚-2交换机配置环路<span style="color: black;">守护</span>功能,在根端口和AP端口上配置。</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">操作设备:汇聚-1交换机</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">操作命令:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">interface GigabitEthernet0/0/4 //根端口</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> stp root-protection</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">操作设备:汇聚-2交换机</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">操作命令:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">interface GigabitEthernet0/0/5 //根端口</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> stp root-protection</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">interface GigabitEthernet0/0/1 //AP端口</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> stp root-protection</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">第四步:配置接入交换机bpdu<span style="color: black;">守护</span>功能</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">操作设备:所有接入交换机</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">操作命令:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">sys</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">stp bpdu-protection</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Interface g0/0/x //接监控摄像头的接口</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">stp edge-port enable //配置端口为边缘端口</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">error-down auto-recovery cause bpdu-protection interval 30 //配置接口<span style="color: black;">由于</span>bpdu<span style="color: black;">守护</span>关闭自动恢复时间30s,<span style="color: black;">倘若</span>不配置需要手工恢复。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">经过<span style="color: black;">以上</span>配置,<span style="color: black;">全部</span>监控网络更加<span style="color: black;">稳妥</span>,具备抵抗网络攻击的能力。大神带你飞,相信你学习了这篇<span style="color: black;">文案</span>,你对二层网络的配置<span style="color: black;">亦</span>能像个高级网络工程师<span style="color: black;">同样</span>得心应手的规划二层交换网络了。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">更加多</span>内容创作需要您的支持,<span style="color: black;">倘若</span>你<span style="color: black;">经过</span>本文学习到了知识,请关注转发点赞。查看往期<span style="color: black;">文案</span>,你能学习到<span style="color: black;">更加多</span>。</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/5c52eab84f1a46609c62cfe906996a3e~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1725634586&x-signature=Kuqyn5C042mXuROI5hBmLc8TqQk%3D" style="width: 50%; margin-bottom: 20px;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">自己</span>的华为网络专家证书</p>
</div>
</div>
太棒了、厉害、为你打call、点赞、非常精彩等。 说得好啊!我在外链论坛打滚这么多年,所谓阅人无数,就算没有见过猪走路,也总明白猪肉是啥味道的。
页:
[1]