vlan 抓包分析
# vlan (virtual LAN ) # 一臺未設置任何VLAN的二層交換機上,任何廣播幀都會被轉發給除接收端口外的全部其餘端口(Flooding)。VLAN經過限制廣播幀轉發的範圍分割了廣播域 # 802.1Q也即「Virtual Bridged Local Area Networks」(虛擬橋接局域網,簡稱「虛擬局域網」)協議,公有協議 # ISL&DISL思科交換鏈路內協議和動態 ISL協議(ISL & DISL:Cisco Inter-Switch Link Protocol and Dynamic ISL Protocol) 交換鏈路內協議(ISL),是思科私有協議 # 802.1Q和ISL主要區別: # ISL 思科私有標準,只用于思科設備之間互聯,在數據幀頭部和尾部封裝30byte的開銷; # 802.1Q 國際標準協議,適用於各個廠商生產的交換機,在數據幀內部增長4byte的開銷;
# 以太網幀結構和802.1Q幀結構 # 以太網幀格式 |-----------------------------------------------------------------------------| | DMAC(6bytes) | SMAC(6bytes) | Ether-Type(2bytes) | DATA | |-----------------------------------------------------------------------------| # 802.1Q 以太網幀格式 |--------------------------------------------------------------------------------------------| | DMAC(6bytes) | SMAC(6bytes) | Ether-Type(0x8100)| VLAN(4bytes) | Ether-Type(2bytes) | DATA | |--------------------------------------------------------------------------------------------| # VLAN TAG的格式 |--------------------------------------------------------------------------------------| | Ether-Type(0x8100)| PRI(3bits) | CFI(1bit) | TAG(12bits) | Ether-Type(2bytes) | DATA | |--------------------------------------------------------------------------------------| # PRI:幀優先級,就是一般所說的802.1p,(LAN Layer 2 QoS/CoS Protocol for Traffic Prioritization ) 有關流量優先級LAN第二層QoS/CoS協議 # 1(background),0(默認,沒有優先級),2 (excellent effort),3(關鍵應用),4 (視頻),5 (語音),6 (網間控制),7 (網絡控制) # CFI:規範標識位,0爲規範格式,用於802.3或EthII。1爲非規範格式,它被用在令牌環/源路由FDDI介質訪問方法中來指示封裝幀中所帶地址的比特次序信息 # TAG:就是咱們一般說的VLAN ID,12bit,指明VLAN的ID,一共4096個 # 12bit 0-4095 # 1:系統vlan # 2-1001:以太vlan # 1002/1003/1004/1005: tocken ring # 1006-2095:擴展vlan vtp3 vtp1/2 transparant # Ether-Type:標識緊隨其後的數據類型。
# VLAN TAG處理過程
# PC :大部分的PC(專用的,或用於測試的除外)是工做在應用層的,缺省狀況下是不支持(其實也不須要)VLAN TAG的。也就是說,PC發出的都是UNTAGED數據幀。
# Router:路由器是支持VLAN TAG的。也就是說,路由器能夠發出TAGED數據幀,也能夠發出UNTAGED數據幀。須要說明的是,路由器是處理數據包的三層信息的,對於二層信息# (包括VLAN信息),路由器只是檢查其有效性,以後將其剝離。這個過程就是咱們常說的‘終結’,也就是說,路由器會終結掉報文的VLAN信息的。
# Switch:以太網交換機。VLAN技術就是主要針對於交換機提出的,因此,在討論VLAN概念時都是立足於交換機來討論。很顯然,交換機既支持收發TAGED數據幀,
# 也支持收發UNTAGED數據幀。從嚴格意義上講,引入VLAN後,交換機的行爲再也不是‘透明傳輸’,由於數據幀通過交換機後可能發生了變化。
# 全部能感知VLAN的交換機,報文在交換機內部轉發過程當中都是帶Tag的。在交給交換芯片處理以前,或者交換芯片交給端口時會根據端口的設置添加或去掉Tag。
# 若是沒有進行配置,默認全部的端口都處於Access模式。通常來講,對端口來講與VLAN相關的有三個屬性,PVID、Tag Vlan、Untag Vlan。PVID有且只有一個,Tag Vlan和Untag Vlan可能有一個,多個,也能夠沒有,但兩個至少其中一個有一個。
# PVID的做用是:若是此端口收到一個Untag的報文,則交換機會根據PVID的值給此報文打上等於PVID的Tag,而後交給交換芯片處理;若是交換芯片要將一個報文今後端口發送,發現此報文的Tag值與PVID相同,則會將Tag去掉,而後今後端口發送出去。
# Tag Vlan和Untag Vlan主要是用於報文發送的處理,若是交換芯片要將報文今後端口發送,發現報文的Tag在此端口的Tag Vlan中,且不等於PVID,則此報文將以Tag的形式發送出去,若是在Untag Vlan中,則以Untag形式發出去。若是報文的Tag既不在Tag Vlan中,也不在Untag Vlan中,則只有一種可能,交換芯片出毛病了。這就是交換機處理Vlan Tag的基本原則了。能夠如圖所示,即Tag處理只在交換芯片的進、出時刻。
# 若是是Trunk,端口只能有一個Untag的VLAN,且其等於PVID,有多個Tag的VLAN。端口能夠接收在全部容許的VLAN和Untag的報文,若是是Untag的報文,則在PVID所在的VLAN轉發。報文發送時,按上述規則轉發,便可能是Tag的,也多是Untag的。
# 交換機互聯爲trunk模式
IOU1#interface Ethernet3/3
IOU1#switchport trunk encapsulation dot1q
IOU1#switchport mode trunk
IOU1#duplex auto
IOU1(config-if)#do sh int e3/3 swi
Name: Et3/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Appliance trust: none
IOU2#interface Ethernet3/3
IOU2#switchport trunk encapsulation dot1q
IOU2#switchport mode trunk
IOU2#duplex auto
-------------------------------------------------------------------------------------------------------------------
1.1.1.3 ----> | access vlan 10 |-----| trunk |---->| trunk |-----| access vlan 10 |----> 1.1.1.6
| port1 | SW1 | port2 | | port1 | SW1 | port2 |
-------------------------------------------------------------------------------------------------------------------
# 一、路由R3 發出 UNTAGED 以太幀
Frame 37: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:06:00 (aa:bb:cc:00:06:00), Dst: aa:bb:cc:00:04:00 (aa:bb:cc:00:04:00)
Destination: aa:bb:cc:00:04:00 (aa:bb:cc:00:04:00)
Source: aa:bb:cc:00:06:00 (aa:bb:cc:00:06:00)
Type: IPv4 (0x0800) #
Internet Protocol Version 4, Src: 1.1.1.1, Dst: 1.1.1.3
Internet Control Message Protocol
# 二、從SW1 access vlan 10口進入,並從SW1 trunk 口出
Frame 96: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:06:00 (aa:bb:cc:00:06:00), Dst: aa:bb:cc:00:04:00 (aa:bb:cc:00:04:00)
Destination: aa:bb:cc:00:04:00 (aa:bb:cc:00:04:00)
Source: aa:bb:cc:00:06:00 (aa:bb:cc:00:06:00)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 10
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 1010 = ID: 10
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 1.1.1.1, Dst: 1.1.1.3
Internet Control Message Protocol
# 三、從SW2 trunk 口入,並從SW2 access vlan 10 口出
Frame 29: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:06:00 (aa:bb:cc:00:06:00), Dst: aa:bb:cc:00:04:00 (aa:bb:cc:00:04:00)
Destination: aa:bb:cc:00:04:00 (aa:bb:cc:00:04:00)
Source: aa:bb:cc:00:06:00 (aa:bb:cc:00:06:00)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 1.1.1.1, Dst: 1.1.1.3
Internet Control Message Protocol
# 若是是Access,端口只能有一個VLAN Tag,且其等於PVID,沒有tag的VLAN。所以Access端口只能接收Untag的報文或所屬的VLAN,即等於PVID的VLAN。出去的報文都是Untag的。
# 交換機互聯爲access模式
-------------------------------------------------------------------------------------------------------------------
1.1.1.3 ----> | access vlan 10 |-----| access vlan 10 |---->| access vlan 10 |-----| access vlan 10 |----> 1.1.1.6
| port1 | SW1 | port2 | | port1 | SW1 | port2 |
-------------------------------------------------------------------------------------------------------------------
# 一、路由R3 發出 UNTAGED 以太幀
Frame 169: 60&n鈙p;b9teq on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:07:00 (aa:bb:cc:00:07:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: aa:bb:cc:00:07:00 (aa:bb:cc:00:07:00)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
# 二、從SW1 access vlan 10口進入,並從SW1 access vlan 10 口出
Frame 296: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:07:00 (aa:bb:cc:00:07:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: aa:bb:cc:00:07:00 (aa:bb:cc:00:07:00)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
# 二、從SW2 access vlan 10口進入,並從SW2 access vlan 10 口出
Frame 151: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:07:00 (aa:bb:cc:00:07:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: aa:bb:cc:00:07:00 (`a:b:cg:00:07:00)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
# native vlan
# Native VLAN是trunk上纔有的概念.主要的目的是不丟棄非標記幀.接收方交換機把全部接收到的未標記的數據包轉發到NATIVE VLAN中,而不是丟棄.默認是VLAN1.
# trunk native vlan只對Untag幀加pvid,對tag pvid的幀去除pvid
801.q的TRUNK中能夠存在多個VLAN。各個VLAN都被加上一個頭,並在該頭部說明VLAN號碼,可是有一個VLAN,不加頭,不進行封裝。就是native vlan。交換機在發送數據時候會使用vlan的標記來標記該數據屬於哪一個vlan,802.1Q容許一個不打標記的vlan,凡在這個segement上沒有打標記,對端交換機讀數據時候沒有讀到802.1Q的標記則認爲是native vlan
簡單的來講Native Vlan 是802。1Q協議封裝下的一種特殊Vlan,來自該VLAN的流量在穿越TRUNK接口時不打TAG,缺省時VLAN1爲Native Vlan .
而VLAN1 爲交換機的缺省VLAN,通常不承載用戶DATA也不承載管理流量,只承載控制信息:如CDP,DTP,BPDU,VTP,Pagp等。
# arp request:
------------------------------------------------------------------------------------------------------------------------------------
1.1.1.4 ----> | trunk native vlan 10 |-----| trunk native vlan 20 |---->| trunk native vlan 30 |-----| access vlan 10 |----> 1.1.1.6
| port1 | SW1 | port2 | | port1 | SW1 | port2 |
------------------------------------------------------------------------------------------------------------------------------------
Frame 2061: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
#arp request: untag數據包進入trunk native vlan 10 ,從trunk native vlan 20轉發
Frame 2387: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 10
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 1010 = ID: 10
Type: ARP (0x0806)
Padding: 0000000000000000000000000000
Trailer: 00000000
Address Resolution Protocol (request)
#arp request: vlan 10 數據包進入trunk native vlan 30,從access vlan 10出
Frame 1371: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
# arp reply
------------------------------------------------------------------------------------------------------------------------------------
1.1.1.6 ----> | access vlan 10 |-----| trunk native vlan 30 |---->| trunk native vlan 20 |-----| access vlan 10 |----> 1.1.1.4
| port1 | SW1 | port2 | | port1 | SW1 | port2 |
------------------------------------------------------------------------------------------------------------------------------------
tag 10 tag 10 tag 10
Frame 1372: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11), Dst: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11)
Destination: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11)
Source: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (reply)
Frame 2388: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11), Dst: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11)
Destination: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11)
Source: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 10
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 1010 = ID: 10
Type: ARP (0x0806)
Padding: 0000000000000000000000000000
Trailer: 00000000
Address Resolution Protocol (reply)
Frame 2062: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11), Dst: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11)
Destination: aa:bb:cc:00:04:11 (aa:bb:cc:00:04:11)
Source: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (reply)
#
-------------------------------------------------------------------------------------------------------------
| | | | | | | |
1.1.1.6 ----> |trunk native vlan 10|-SW1-|trunk native vlan 30|---->|trunk native vlan 20|--|trunk|----> 1.1.1.4
| | | | | | | |
-------------------------------------------------------------------------------------------------------------
Frame 7406: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11), Dst: aa:bb:cc:00:07:11 (aa:bb:cc:00:07:11)
Destination: aa:bb:cc:00:07:11 (aa:bb:cc:00:07:11)
Source: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 1.1.1.6, Dst: 1.1.1.3
Internet Control Message Protocol
Frame 8211: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11), Dst: aa:bb:cc:00:07:11 (aa:bb:cc:00:07:11)
Destination: aa:bb:cc:00:07:11 (aa:bb:cc:00:07:11)
Source: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 10
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 1010 = ID: 10
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 1.1.1.6, Dst: 1.1.1.3
Internet Control Message Protocol
Frame 4608: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11), Dst: aa:bb:cc:00:07:11 (aa:bb:cc:00:07:11)
Destination: aa:bb:cc:00:07:11 (aa:bb:cc:00:07:11)
Source: aa:bb:cc:00:09:11 (aa:bb:cc:00:09:11)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 10
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 1010 = ID: 10
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 1.1.1.6, Dst: 1.1.1.3
Internet Control Message Protocol
1.1.1.3 ping 1.1.1.4 不通
request
-----------------------------------------------------------------------------------------
| | | |
1.1.1.3 ----> | trunk | SW1 | trunk native vlan 10 |----> 1.1.1.4
| port1 | | port2 |
-----------------------------------------------------------------------------------------
Frame 307: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
Frame 13: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:04:21 (aa:bb:cc:00:04:21), Dst: PVST+ (01:00:0c:cc:cc:cd)
Destination: PVST+ (01:00:0c:cc:cc:cd)
Source: aa:bb:cc:00:04:21 (aa:bb:cc:00:04:21)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 0001 = ID: 1
Length: 50
Logical-Link Control
Spanning Tree Protocol
# trunk收,untag加pvid;trunk發,tag直接轉發
1.1.1.4 ping 1.1.1.3 不通
request
--------------------------------------------------------------------------------------------------
| | | |
1.1.1.4 ----> | trunk native vlan 10 | SW1 | trunk |----> 1.1.1.3
| port2 | | port1 |
--------------------------------------------------------------------------------------------------
Frame 6945: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11), Dst: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Destination: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Source: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 1.1.1.4, Dst: 1.1.1.3
Internet Control Message Protocol
Frame 3877: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11), Dst: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Destination: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Source: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 10
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 1010 = ID: 10
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 1.1.1.4, Dst: 1.1.1.3
Internet Control Message Protocol
# trunk收,untag加pvid;trunk發,tag直接轉發
1.1.1.3 ping 1.1.1.4 通
request
--------------------------------------------------------------------------------------------------
| | | |
1.1.1.3 ----> | access vlan 10 | SW1 | trunk native vlan 10 |----> 1.1.1.4
| port1 | | port2 |
--------------------------------------------------------------------------------------------------
Frame 1777: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
Frame 1786: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
# trunk發,tag去pvid
reply
---------------------------------------------------------------------------------------------------
| | | |
1.1.1.4 ----> | trunk native vlan 10 | SW1 | access vlan 10 |----> 1.1.1.3
| port2 | | port1 |
---------------------------------------------------------------------------------------------------
Frame 2413: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11), Dst: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Destination: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Source: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (reply)
Frame 1980: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11), Dst: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Destination: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Source: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (reply)
# trunk收,untag加pvid
request 1.1.1.3 Ping 1.1.1.4 不通
--------------------------------------------------------------------------------------------------
| | | |
1.1.1.3 ----> | access vlan 10 | SW1 | trunk native vlan 20 |----> 1.1.1.4
| port1 | | port2 |
--------------------------------------------------------------------------------------------------
Frame 2563: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11), Dst: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11)
Destination: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11)
Source: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 1.1.1.3, Dst: 1.1.1.4
Internet Control Message Protocol
Frame 4152: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11), Dst: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11)
Destination: aa:bb:cc:00:06:11 (aa:bb:cc:00:06:11)
Source: aa:bb:cc:00:08:11 (aa:bb:cc:00:08:11)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 10
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 1010 = ID: 10
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 1.1.1.3, Dst: 1.1.1.4
Internet Control Message Protocol
# trunk發,tag 直接轉發
# DTP(DynamicTrunking protocol)是思科私有協議爲Trunk服務,前身是DISL。可讓交換機間的鏈路自動協商是否造成Trunk。
# TRUNK介紹過配置Trunk用switchporttrunk encapsulation dot1Q和switchportmode trunk這兩條命令便可。
# 如今能夠不用手動打這兩條命令,而是用DTP來自動協商造成Trunk。另外DTP還能夠協商Trunk鏈路的封裝類型(802.1Q或ISL)。配置了DTP的交換機會發送DTP協商包,對方對DTP協商包進行響應,最終決定是否能夠造成Trunk。
# 30s發送一次DTP的frame. 該協議僅在交換機間協商。
# DTP有4種模式類型是:auto,dersirable,trunk negotiate,trunk nonegotiate
# auto:被動協商,不主動發送DTP,但收到DTP後能夠回覆,回覆後成功協商成Trunk鏈路
# desirable:指望把接口置於Trunk模式,會主動發送或回覆DTP協商,只要對方能響應,就成功協商成Trunk鏈路
# negotiate:已經強制將端口配成Trunk模式了,會主動發送或回覆DTP協商,只要對方能響應,就成功協商成Trunk鏈路
# nonegotiate:已經強制將端口配成Trunk模式了,但不主動發送或回覆DTP協商。所以只有在對方端口已是negotiate或nonegotiate,即對方端口已經配置成了Trunk的狀況下,才能造成Trunk鏈路
# 思科交換機端口的主幹模式
# OFF(關閉):使用"switchport mode access"命令,靜態配置交換機端口爲接入端口(非主幹端口)。
# ON(打開):使用"switchport mode trunk"命令,靜態配置交換機端口爲主幹端口。
# Dynamic auto(動態自動):使用"switchport mode dynamic auto"命令,靜態配置交換機端口爲動態自動模式。
# Dynamic desirable(動態指望):使用"switchport mode dynamic desirable"命令,靜態配置交換機端口爲動態指望模式。
# Nonegotiate(關閉DTP協議):使用"switchport nonegotiate"命令,將關閉DTP協議
--------------------------------------------------------------------
| SW1 | | SW2 |
| trunk | -- | trunk |
| none | | none |
--------------------------------------------------------------------
IOU1(config)#do sh int e3/3 swi
Name: Et3/3
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Appliance trust: none
IOU1(config)#
IOU2(config)#do sh int e3/3 swi
Name: Et3/3
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: isl
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Appliance trust: none
IOU2(config)#
Frame 5064: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:04:33 (aa:bb:cc:00:04:33), Dst: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc) # 目的MAC地址 CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
Source: aa:bb:cc:00:04:33 (aa:bb:cc:00:04:33)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 0001 = ID: 1 # 802.1Q封裝 vlan 1
Length: 34
Padding: 0000000000000000
Logical-Link Control
DSAP: SNAP (0xaa)
1010 101. = SAP: SNAP
.... ...0 = IG Bit: Individual
SSAP: SNAP (0xaa)
1010 101. = SAP: SNAP
.... ...0 = CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information (0x00)
.... ..11 = Frame type: Unnumbered frame (0x3)
Organization Code: Cisco (0x00000c) # cisco 私有協議
PID: DTP (0x2004) # 採用DTP協議
Dynamic Trunk Protocol: (Operating/Administrative): Trunk/Desirable (0x83) (Operating/Administrative): ISL/Negotiated (0x40): aa:bb:cc:00:04:33
Version: 1
Domain
Type: Domain (0x0001)
Length: 5
Domain:
Trunk Status
Type: Trunk Status (0x0002)
Length: 5
Value: Trunk/Desirable (0x83) # Trunk Status :Trunk/Desirable 模式
1... .... = Trunk Operating Status: Trunk (0x1)
.... .011 = Trunk Administrative Status: Desirable (0x3)
Trunk Type
Type: Trunk Type (0x0003)
Length: 5
Value: ISL/Negotiated (0x40)
010. .... = Trunk Operating Type: ISL (0x2) # trunk 類型爲 ISL
.... .000 = Trunk Administrative Type: Negotiated (0x0) # 管理配置類型:Negotiated
Sender ID
Type: Sender ID (0x0004)
Length: 10
Sender ID: aa:bb:cc:00:04:33 (aa:bb:cc:00:04:33)
Frame 5065: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:06:33 (aa:bb:cc:00:06:33), Dst: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc) # 目的MAC地址 CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
Source: aa:bb:cc:00:06:33 (aa:bb:cc:00:06:33)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 0001 = ID: 1
Length: 34
Padding: 0000000000000000
Logical-Link Control
DSAP: SNAP (0xaa)
1010 101. = SAP: SNAP
.... ...0 = IG Bit: Individual
SSAP: SNAP (0xaa)
1010 101. = SAP: SNAP
.... ...0 = CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information (0x00)
.... ..11 = Frame type: Unnumbered frame (0x3)
Organization Code: Cisco (0x00000c)
PID: DTP (0x2004)
Dynamic Trunk Protocol: (Operating/Administrative): Trunk/Desirable (0x83) (Operating/Administrative): ISL/Negotiated (0x40): aa:bb:cc:00:06:33
Version: 1
Domain
Type: Domain (0x0001)
Length: 5
Domain:
Trunk Status
Type: Trunk Status (0x0002)
Length: 5
Value: Trunk/Desirable (0x83)
1... .... = Trunk Operating Status: Trunk (0x1)
.... .011 = Trunk Administrative Status: Desirable (0x3)
Trunk Type
Type: Trunk Type (0x0003)
Length: 5
Value: ISL/Negotiated (0x40)
010. .... = Trunk Operating Type: ISL (0x2)
.... .000 = Trunk Administrative Type: Negotiated (0x0)
Sender ID
Type: Sender ID (0x0004)
Length: 10
Sender ID: aa:bb:cc:00:06:33 (aa:bb:cc:00:06:33)
--------------------------------------------------------------------------------------------------
| SW1 | | SW2 |
| trunk | -- | trunk |
|switchport trunk encapsulation dot1q | |switchport trunk encapsulation dot1q |
| switchport mode trunk | | switchport mode trunk |
--------------------------------------------------------------------------------------------------
IOU1(config-if)#do sh int e3/3 swi
Name: Et3/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Appliance trust: none
IOU1(config-if)#
IOU2(config-if)#do sh int e3/3 swi
Name: Et3/3
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Appliance trust: none
IOU2(config-if)#
Frame 6159: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:06:33 (aa:bb:cc:00:06:33), Dst: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
Source: aa:bb:cc:00:06:33 (aa:bb:cc:00:06:33)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 0001 = ID: 1
Length: 34
Padding: 0000000000000000
Logical-Link Control
DSAP: SNAP (0xaa)
1010 101. = SAP: SNAP
.... ...0 = IG Bit: Individual
SSAP: SNAP (0xaa)
1010 101. = SAP: SNAP
.... ...0 = CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information (0x00)
.... ..11 = Frame type: Unnumbered frame (0x3)
Organization Code: Cisco (0x00000c)
PID: DTP (0x2004)
Dynamic Trunk Protocol: (Operating/Administrative): Trunk/On (0x81) (Operating/Administrative): 802.1Q/802.1Q (0xa5): aa:bb:cc:00:06:33
Version: 1
Domain
Type: Domain (0x0001)
Length: 5
Domain:
Trunk Status
Type: Trunk Status (0x0002)
Length: 5
Value: Trunk/On (0x81)
1... .... = Trunk Operating Status: Trunk (0x1) #
.... .001 = Trunk Administrative Status: On (0x1)
Trunk Type
Type: Trunk Type (0x0003)
Length: 5
Value: 802.1Q/802.1Q (0xa5)
101. .... = Trunk Operating Type: 802.1Q (0x5) # Trunk Type : 802.1Q
.... .101 = Trunk Administrative Type: 802.1Q (0x5) # 管理配置類型: 802.1Q
Sender ID
Type: Sender ID (0x0004)
Length: 10
Sender ID: aa:bb:cc:00:06:33 (aa:bb:cc:00:06:33)
Frame 6160: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:04:33 (aa:bb:cc:00:04:33), Dst: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
Source: aa:bb:cc:00:04:33 (aa:bb:cc:00:04:33)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0000 0000 0001 = ID: 1
Length: 34
Padding: 0000000000000000
Logical-Link Control
DSAP: SNAP (0xaa)
1010 101. = SAP: SNAP
.... ...0 = IG Bit: Individual
SSAP: SNAP (0xaa)
1010 101. = SAP: SNAP
.... ...0 = CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information (0x00)
.... ..11 = Frame type: Unnumbered frame (0x3)
Organization Code: Cisco (0x00000c)
PID: DTP (0x2004)
Dynamic Trunk Protocol: (Operating/Administrative): Trunk/On (0x81) (Operating/Administrative): 802.1Q/802.1Q (0xa5): aa:bb:cc:00:04:33
Version: 1
Domain
Type: Domain (0x0001)
Length: 5
Domain:
Trunk Status
Type: Trunk Status (0x0002)
Length: 5
Value: Trunk/On (0x81)
1... .... = Trunk Operating Status: Trunk (0x1)
.... .001 = Trunk Administrative Status: On (0x1)
Trunk Type
Type: Trunk Type (0x0003)
Length: 5
Value: 802.1Q/802.1Q (0xa5)
101. .... = Trunk Operating Type: 802.1Q (0x5)
.... .101 = Trunk Administrative Type: 802.1Q (0x5)
Sender ID
Type: Sender ID (0x0004)
Length: 10
Sender ID: aa:bb:cc:00:04:33 (aa:bb:cc:00:04:33)
相關文章
- 1. DTP 抓包分析
- 2. VTP 抓包分析
- 3. STP 抓包分析
- 4. tcpdump 抓包分析
- 5. VLAN+DHCP(1)(附抓包)
- 6. WireShark抓包分析
- 7. wireshark抓包分析
- 8. TLS抓包分析
- 9. Fiddler抓包分析
- 10. DHCP抓包分析
- 更多相關文章...
- • 互聯網系統應用架構基礎分析 - 紅包項目實戰
- • 高併發系統的分析和設計 - 紅包項目實戰
- • Git五分鐘教程
- • 算法總結-二分查找法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. DTP 抓包分析
- 2. VTP 抓包分析
- 3. STP 抓包分析
- 4. tcpdump 抓包分析
- 5. VLAN+DHCP(1)(附抓包)
- 6. WireShark抓包分析
- 7. wireshark抓包分析
- 8. TLS抓包分析
- 9. Fiddler抓包分析
- 10. DHCP抓包分析