Module 8: Virtual LANs 
8.1 VLAN Concepts 
   
8.1.1 VLAN introduction 

A VLAN is a logical group of network stations, services, and devices that is not restricted to a physical LAN segment.

VLAN 是將設備或使用者的邏輯群組化,可以依照功能、部門或是應用程式來分組,而不管它們實體的區段位置在哪裡。

Configuration or reconfiguration of VLANs is done through software. Therefore, VLAN configuration does not require network equipment to be physically moved or connected.

VLAN的設定或重新設定只需要軟體程式的設定更改即可,並不需要重新去接線或搬移機器,所以比較方便。

A workstation in a VLAN group is restricted to communicating with file servers in the same VLAN group. VLANs logically segment the network into different broadcast domains so that packets are only switched between ports that are assigned to the same VLAN. VLANs consist of hosts or network equipment connected by a single bridging domain. The bridging domain is supported on different network equipment. LAN switches operate bridging protocols with a separate bridge group for each VLAN.

同一個VLAN區域堶惜u作站嚴格的限制只能和相同VLAN群組的工作站溝通。VLAN分組將網路邏輯的區分成幾個廣播領域,所以封包僅能在屬於相同VLAN群組的乙太網路交換器的埠上交換。由主機或網路設備組成的VLAN,是由乙太網路交換器的橋接或交換方式所連在一起。而不同分組的VLAN各自利用各自的橋接功能,彼此不互相干擾。

VLANs are created to provide segmentation services traditionally provided by physical routers in LAN configurations. VLANs address scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management. Switches do not bridge traffic between VLANs, as this violates the integrity of the VLAN broadcast domain. Traffic should only be routed between VLANs.

VLAN所建立的分段機制取代了傳統上由路由器所建立的分段。VLAN可以增加系統的延展性(scalability)、安全性和可管理性。路由器在VLAN架構的功能通常是過濾廣播封包、安全性和資料流管理。乙太網路交換器並不能在不同分組的VLAN之間交換資料,因為這樣違反了VLAN限制廣播領域的定義,必需透過路由器。不同VLAN之間僅能藉由路由的功能傳送資料。

8.1.2 Broadcast domains with VLANs and routers 

In Figure , a VLAN is created with one router and one switch. Three separate broadcast domains exist. The router routes traffic between the VLANs using Layer 3 routing. The switch in Figure , forwards frames to the router interfaces if certain circumstances exist:

和圖2的不同,圖3 是一個由一台路由器和交換器構成的3個VLAN。3個廣播領域是透過一台交換器所切割VLAN而成。必要時,交換器把不同VLAN的封包送到3個不同的路由器介面。

If Workstation 1 on the Engineering VLAN wants to send frames to Workstation 2 on the Sales VLAN, the frames are sent to the Fa0/0 MAC address of the router. Routing occurs through the IP address on the Fa0/0 router interface for the Engineering VLAN.

假如在工程VLAN中的工作站想要送資料到另一台在業務VLAN的電腦,則這個封包會像傳統的方式由工程VLAN先送到路由器Fa0/0的介面。當路由器的Fa0/0介面收到時,則依傳統路由器的方式送到業務的VLAN。

If Workstation 1 on the Engineering VLAN wants to send a frame to Workstation 2 on the same VLAN, the destination MAC address of the frame is that of Workstation 2.

若是工程部門VLAN的1號工作站想要送封包給同一個工程部門VLAN的2號工作站。則此封包的目的地實體位址就是2號工作站的實體位址。

VLAN implementation on a switch causes certain actions to occur:

在乙太網路交換器上設定VLAN會有下列的情況產生:

8.1.3 VLAN operation 

Static membership VLANs are called port-based and port-centric membership VLANs. As a device enters the network, it automatically assumes the VLAN membership of the port to which it is attached.

靜態指定的VLAN(Static membership VLAN)被稱連接埠中樞(port-centeric)指定的VLAN。我們可以將一個網路埠透過設定而指定成某個VLAN的埠。當一個設備或工作站連接到某個交換器埠時,它就被自動的設定成那一個交換器埠的VLAN。

The default VLAN for every port in the switch is the management VLAN. The management VLAN is always VLAN 1 and may not be deleted. At least one port must be assigned to VLAN 1 in order to manage the switch. All other ports on the switch may be reassigned to alternate VLANs.

一台有VLAN功能的交換器,它會將每個埠指定給一個預設的VLAN號碼。這個VLAN就是主控VLAN (management VLAN)。這個主控VLAN一般而言都是VLAN 1 ,而且不能被刪除。一台交換器至少有一個網路埠被指定為管理VLAN的網路埠,以便來管裡這台交換器,其它的網路埠可以重新指定給其它的VLAN。

Dynamic membership VLANs are created through network management software. CiscoWorks 2000 or CiscoWorks for Switched Internetworks is used to create Dynamic VLANs. Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port. As a device enters the network, the switch that it is connected to queries a database on the VLAN Configuration Server for VLAN membership.

動態VLAN會員(Dynamic membership VLAN) 的設定方式通常是藉由網管程式。如CiscoWorks 2000或 CiscoWorks就可以設定CISCO公司的交換器產品的動態VLAN。動態VLAN方式可以讓VLAN根據設備的實體位址(MAC)來決定它是那一個VLAN群組。當一個設備連接到交換器時,交換器會根據設備的MAC去詢問VLAN設定伺服器來決定VLAN群組。

Network administrators are responsible for configuring VLANs both statically and dynamically.

所以網路管理者可以容易的利用靜態設定或動態設定的方式來設定VLAN。

8.1.4 Benefits of VLANs 

VLANs allow network administrators to organize LANs logically instead of physically. This is a key benefit. This allows network administrators to perform several tasks:

VLAN可以讓管理者將區域網路邏輯的群組化,而不一定要根據地理位置。這些好處可以表現在下列的工作項目中:

8.1.5 VLAN types 

This page will describe three basic VLAN types that are used to determine and control VLAN membership assignments: -

這一章節描述根據設定VLAN會員的來決定VLAN的種類。VLAN可以分為如下三種分組方式。 -

The number of VLANs in a switch vary based on several factors:

在乙太網路交換器中,虛擬網路可以根據下列因素來切割。

The IP addressing scheme is another important consideration in defining the number of VLANs in a switch. For example, a network that uses a 24-bit mask to define a subnet has a total of 254 host addresses allowed on one subnet. Because a one-to-one correspondence between VLANs and IP subnets is strongly recommended, there can be no more than 254 devices in any one VLAN. It is further recommended that VLANs should not extend outside of the Layer 2 domain of the distribution switch.

在切割虛擬網路(VLAN)時,考慮IP分配的原則是另一項重要的因素。例如,一個網路若用24個子網路遮罩可以允許254台主機在一個子網路中。因為大部份的狀況會強列要求IP網路和VLAN對應成1對1的關係。所以這樣一個VLAN所含的主機數目就不能超過 254台。另外一項要求是所切割VLAN的範圍不應該超過由第二層交換器所構成的範圍,就是VLAN的範圍不應跨過路由器。跨過路由器,會因為路由器隔離廣播封包而不通。

There are two major methods of frame tagging, Inter-Switch Link (ISL) and 802.1Q. ISL is a Cisco proprietary protocol and used to be the most common, but is now being replaced by the IEEE 802.1Q standard frame tagging.

對於訊框做標籤有兩種主要的方式。Inter-Switch Link (ISL) (CISCO公司專利的) 和 802.1Q(業界標準)這兩種協定。Inter-Switch Link (ISL)是思科公司特有的專利也是一般CISCO公司乙太網路交換器常用的。但現在都被 802.1Q這種標籤標準取代。

As packets are received by the switch from any attached end-station device, a unique packet identifier is added within each header. This header information designates the VLAN membership of each packet. The packet is then forwarded to the appropriate switches or routers based on the VLAN identifier and MAC address. Upon reaching the destination node the VLAN ID is removed from the packet by the adjacent switch and forwarded to the attached device. Packet tagging provides a mechanism for controlling the flow of broadcasts and applications while not interfering with the network and applications.

乙太網路交換器從連接埠所接的客戶終端設備接收封包,然後一個獨特的封包辯識標簽會加到每一個封包表頭。這個標簽表頭含有每個封包的VLAN編號。然後根據這個VLAN號碼和實體(MAC)位址,這個封包會被送到適當的交換器或是路由器。到達目的地端所接的交換器時,這個含有VLAN編號的表頭就會被拿掉,然後將封包傳給目的地的設備。封包標簽的技術提供了一種可以控制廣播封包和應用程式封包的技術而不會干擾網路和應用程式。

8.2 VLAN Configuration 
   
8.2.1 VLAN basics 

Each VLAN must have a unique Layer 3 network or subnet address assigned to it. This enables routers to switch packets between VLANs.

每一個VLAN必須有一個唯一的第三層網路號碼指定給它。這樣就可以讓路由器在不同的VLAN之間轉送封包。

Switch ports are provisioned for each user at the access layer. Each color represents a subnet.

存取層的使用者可以被交換器埠所規範。 每個顏色代表一個VLAN, 所以每一個交換器實際上是由許多VLAN所構成的。

ISL is a Cisco proprietary protocol that maintains VLAN information as traffic flows between switches and routers. IEEE 802.1Q is an open-standard (IEEE) VLAN tagging mechanism in switching installations. Catalyst 2950 switches do not support ISL trunking.

ISL是思科公司的專利協定。它在封包在交換器和交換器中傳輸資料時,保存了VLAN編號的資訊。IEEE802.1Q則是另一種開放式IEEE)VLAN標簽的技術。思科公司的Catalyst 2950交換器並不支援ISL的的標簽標準。

Workgroup servers operate in a client/server model. For this reason, users are assigned to the same VLAN as the server they use to maximize the performance of Layer 2 switching and keep traffic localized.

工作群組的伺服器通常是利用主從式(client/server)架構。因為這個原因,使用者被指定到相同的VLAN和伺服器,為了能達到最大的效能,通常利用乙太網路交換器將交通流量儘量限制在特定的區域中。

In Figure , a core layer router is used to route between subnets. The network is engineered, based on traffic flow patterns, to have 80 percent of the traffic contained within a VLAN. The remaining 20 percent crosses the router to the enterprise servers and to the Internet and WAN.

在圖2 中 ,核心層的路由器會將封包在各個網路之間路由。 這個網路有經過規劃,根據資料流的狀態有80%的流量限制在相同VLAN中。只有20%的封包才會跨過路由器到別的VLAN或網際網路。

8.2.2 Geographic VLANs 

End-to-end VLANs allow devices to be grouped based upon resource usage. This includes such parameters as server usage, project teams, and departments. The goal of end-to-end VLANs is to maintain 80 percent of the traffic on the local VLAN.

端點對端點的區域網路可以根據資源的使用將設備群組在一起。它考慮了一些參數例如伺服器使用率、專案團隊或是部門。設計端點對端點VLAN的目標是要維持80%的交通流量在當地的VLAN。

As corporate networks move to centralize their resources, end-to-end VLANs become more difficult to maintain. Users are required to use many different resources, many of which are no longer in their VLAN. This shift in placement and usage of resources require VLANs to be created around geographic boundaries rather than commonality boundaries.

當公司的網路規劃將資源集中後,端點對端點的區域網路變的更難維護。使用者要用的各種資源不在是在自己本身的VLAN當中。這種設備資源得轉移使的VLAN的設計偏向地理區域而不在是根據相同屬性的原則。

This geographic location can be as large as an entire building or as small as a single switch inside a wiring closet. In a geographic VLAN structure, it is typical to find the new 20/80 rule in effect. That means that 20 percent of the traffic remains within the local VLAN and 80 percent of the network traffic travels outside the local VLAN. Although this topology means that 80 percent of the services from resources must travel through a Layer 3 device, this design allows networks to provide a deterministic and consistent method to access resources.

這種根據地理位置規劃的VLAN可以大到一整個建築物或者小到一個交換器或跳線架。在地理分類的架構中,可以觀察到新的 20/80 規則。它的意思指20%的交通流量被限制在當地的VLAN中,卻有80%的流量必需要跨躍不同的VLAN。雖然有80%的交通必需要透過第三層設備跨越不同的VLAN,這種規劃方式依舊可以讓網路使用者有一致的方法存取資源。

8.2.3 Configuring static VLANs 

Static VLANs are ports on a switch that are manually assigned to a VLAN. This can be accomplished with a VLAN management application or configured directly into the switch through the CLI. These ports maintain their assigned VLAN configuration until they are changed manually. This type of VLAN works well in networks with specific requirements:

靜態VLAN的原理是交換器上的埠可以手動指定給某一個VLAN。這種設定可以直接利用VLAN的管理應用程式或者命令列介面(CLI)來直接設定。這個埠就一直屬於被設定的VLAN,直到它被手動改變為止。這種形式的VLAN可以符合幾種特殊的需求。

Dynamic VLANs do not rely on ports assigned to a specific VLAN.

動態的VLAN並不需要靠手動來指定一個特別的VLAN。

To configure VLANs on Cisco 2900 series switches, specific guidelines must be observed:

下列是設定 Cisco 2900系列交換器VLAN的綱要:

The creation of a VLAN on a switch is a very straightforward and simple task. If an IOS command-based switch is used, the command vlan database can be used in the Privileged EXEC mode to enter into VLAN configuration mode. A VLAN name may also be configured, if necessary:

要在交換器增加一個VLAN是非常直接和簡單的工作。假如要操作一個可以設定IOS命令的交換器。必需要在特權模式下vlan database 這個指令來進入VLAN的設定模式。如果需要設定 一個VLAN的名字也是非常簡單。

Switch#vlan database

Switch(vlan)#vlan vlan_number

Switch(vlan)#exit

Upon exiting, the VLAN is applied to the switch. The next step is to assign the VLAN to one or more interfaces:

以上的指令是要在交換器上建立一個VLAN。下一步是指定VLAN到一個或多個介面。

Switch(config)#interface fastethernet 0/9

Switch(config-if)#switchport access vlan vlan_number

Lab Exercise: Configuring Static VLANs

In this lab, the students will create static VLANs.

8.2.4 Verifying VLAN configuration 

The commands show vlan, show vlan brief, or show vlan id id_number can be used to verify VLAN configurations.

The commands show vlan, show vlan brief, or show vlan id id_number 這些指令都是用來驗證VLAN設定的。

The following facts apply to VLANs:

下列陳述了幾項VLAN的事實。

Figure shows a list of applicable commands.

展示了一連串可被利用的命令。

Figure shows the steps necessary to assign a new VLAN to a port on the Sydney switch.

展示了在Sydeny 這顆交換器上指定一個新的VLAN給某個埠的步驟。

Figures and list the output of the show vlan and show vlan brief commands.

和圖 則列出了show vlanshow vlan brief 這兩個命令的輸出畫面。

Lab Exercise: Verifying VLAN Configurations

In this lab, students will create and name two VLANs, assign ports, and move hosts.

8.2.5 Saving VLAN configuration 

It is useful to keep a copy of the VLAN configuration as a text file, especially when backups or audits need to be performed.

保持一份VLAN設定的文字檔是非常有用的,特別當需要備份或檢查的時候。

The switch configuration settings can be backed up to a TFTP server with the copy running-config tftp command. The HyperTerminal text capture feature along with the commands show running-config and show vlan can be used to capture configurations settings.

交換器的設定檔可以利用 copy running-config tftp 備份到一個TFTP的伺服器上,show running-configshow vlan則可以將設定檔設定擷取出來。

8.2.6 Deleting VLANs 

In Figure , FastEthernet 0/9 was assigned to VLAN 300 with the command switchport access vlan 300. To remove this VLAN from the interface, simply use the no form of the command.

在圖 ,利用switchport access vlan 300這個命令將Fastethernet 0/9這個介面指令給VLAN 300。要移除這個命令只要簡單的利用no 這個指令即可。

The command below is used to remove a VLAN from a switch:

下列命令是用來從交換器上移除一個VLAN。

Switch#vlan database

Switch(vlan)#no vlan 300

When a VLAN is deleted, all ports assigned to that VLAN become inactive. The ports will, however, remain associated with the deleted VLAN until assigned to a new VLAN.

當一個VLAN被刪除,原本指令給這個VLAN的埠會失效去作用。因為這個網路埠依舊被關連到失效的VLAN號碼,直到它被指定給一個新的VLAN號碼。

8.3 Troubleshooting VLANs 
   
8.3.1 Overview 

Students completing this lesson should be able to:

學生完成此章節將有能力去完成下列工作:

8.3.2 VLAN troubleshooting process 

It is important to develop a systematic approach for troubleshooting switch related problems. The following steps can assist in isolating a problem on a switched network:

  1. Check the physical indications, such as LED status.
  2. Start with a single configuration on a switch and work outward.
  3. Check the Layer 1 link.
  4. Check the Layer 2 link.
  5. Troubleshoot VLANs that span several switches.

發展一個系統步驟用來在交換器的環境中除錯是重要的事。下列步驟可以協助分離交換器環境中的問題。

  1. 檢查實體的指示燈。
  2. 從外界檢查單一顆交換器的設定。
  3. 檢查第一層的連結狀態。
  4. 檢查第二層的連結狀態。
  5. 擴展檢查VLAN中的其他交換器。
8.3.3 Preventing broadcast storms 

The location of the root bridge in the extended router and switch network is necessary for effective troubleshooting. The show commands on both the router and the switch can display root-bridge information. Configuration of root bridge timers set parameters for forwarding delay or maximum age for STP information. Manually configuring a device as a root bridge is another configuration option.

在路由器和交換器環境中,了解根橋接器的位置是除錯的重要關鍵。 在路由器和交換器皆可以用show 命令來看出根橋接器的位置和一些參數時間 和STP的資訊。 手動設定根橋接器也是另一種有效的方式。

If the extended router and switch network encounters a period of instability, it helps to minimize the STP processes occurring between devices.

假如這延伸的路由器和乙太網路交換器有一小段時間不太穩定,這代表STP程序在設備之間交換訊息。

If it becomes necessary to reduce BPDU traffic, put the timers on the root bridge at their maximum values. Specifically, set the forward delay parameter to the maximum of 30 seconds, and set the max_age parameter to the maximum of 40 seconds.

假如需要減少BPDU的流量,設定根橋接時間為最大。嚴格來說,設定轉送延遲時間為30秒,和最大的記錄時間max_age為 40 秒。

8.3.4 Troubleshooting VLANs 

To troubleshoot the operation of Fast Ethernet router connections to switches, it is necessary to make sure that the router interface configuration is complete and correct. Verify that an IP address is not configured on the Fast Ethernet interface. IP addresses are configured on each subinterface of a VLAN connection. Verify that the duplex configuration on the router matches that on the appropriate port/interface on the switch.

要針對路由器和交換器的高速乙太網路運作除錯,首先必需要確定路由器介面的設定是正確的。確認IP位址不是設定在高速乙太網路的實體介面上,而是設定在每個VLAN的子介面(subinterface)或者VLAN中的虛擬介面(virtual interface)上。

The show vlan command displays the VLAN information on the switch. Figure , displays the output from the show vlan command. The display shows the VLAN ID, name, status, and assigned ports.

show vlan 這個指令可以展示出這個交換器上的VLAN資訊。圖 列出了show vlan 這個指令的執行結果。它可以告訴你VLAN 編號(VLAN ID)、名稱、狀態和指定的介面埠。

The show vlan displays information about that VLAN on the router. The show vlan command followed by the VLAN number displays specific information about that VLAN on the router. Output from the command includes the VLAN ID, router subinterface, and protocol information.

show vlan 這個指令可以展示出這個路由器上的VLAN資訊。 show vlan 這個指令加上vlan 號碼的執行結果 可以告訴你VLAN 編號(VLAN ID)、路由器的子介面(subinterface)和協定資訊。

The show spanning-tree command displays the spanning-tree topology known to the router. This command will show the STP settings used by the router for a spanning-tree bridge in the router and switch network.

show spanning-tree 這個指令可以告訴你路由器所學習到spanning-tree 拓樸的架構。 這個指令可以告訴你路由器的STP設定和交換路由環境中的 spanning-tree 橋接器。

The first part of the show spanning-tree output lists global spanning-tree configuration parameters, followed by those that are specific to given interfaces.

show spanning-tree 輸出的第一個部份列出整體(global) spanning-tree 的設定參數,後面跟著列印一些被指定的介面參數。

Bridge Group 1 is executing the IEEE compatible Spanning-Tree Protocol.

第一組的橋接號碼通常是用來執行IEEE相容的spanning-tree。

The following lines of output show the current operating parameters of the spanning tree:

這下列的輸出是目前的spanning-tree 的設定。

Bridge Identifier has priority 32768, address 0008.e32e.e600 Configured hello time 2, Max age 20, forward delay 15

The following line of output shows that the router is the root of the spanning tree:

這下列的輸出代表路由器是這個spanning-tree 的根。

We are the root of the spanning tree.

Key information from the show spanning-tree command creates a map of the STP network.

show spanning-tree這個命令最主要的目的是建立一張STP網路的圖。

The debug sw-vlan packets command displays general information about VLAN packets received but not configured to support the router.  VLAN packets that the router is configured to route or switch are counted and indicated when using the show vlans command.

debug sw-vlan packets 命令展示了一般本身路由器並沒有設定支援的VLAN封包。show vlans 指令則會指示那些有在路由器或交換器上設定的VLAN資訊。

8.3.5 VLAN troubleshooting scenarios  

Each of these scenarios contains an analysis of the problem to then solving the problem. Using appropriate specific commands and gathering meaningful information from the outputs, the progression of the troubleshooting process can be completed.

每個場景包含了如何分析和如何解決問題的過程。使用適當的指令取得有意義的輸出資料,漸漸就可以完全解決問題。

When having difficulty with a trunk connection between a switch and a router, be sure to consider the following possible causes:

當交換器和路由器連接的主幹網路有問題時,可以考慮如下的可能原因。

Scenario 1: A trunk line cannot be established between a switch and a router

Figure illustrates this scenario:

  1. Make sure that the port is connected and not receiving any physical-layer, alignment or frame-check-sequence (FCS) errors. This can be done with the show interfaces command on the switch.
  2. Verify that the duplex and speed are set properly between the switch and the router. This can be done with the show interface status command on the switch or the show interfaces command on the router.
  3. Configure the physical router interface with one subinterface for each VLAN that will route traffic. Verify this with the show interfaces IOS command. Also, make sure that each subinterface on the router has the proper encapsulation type, VLAN number, IP address, and subnet mask configured. This can be done with the show interfaces or show running-config IOS commands.
  4. Confirm that the router is running an IOS release that supports trunking. This can be verified with the show version command.

場景1:在路由器和交換器中的主幹線路不能建立。

描述了這個場景。

  1. 確認這個網路埠有連接,且沒有任何實體層的錯誤和排列錯誤,或者封包序號錯誤發生frame-check-sequence ( FCS ) errors。我們可以用show interfaces 這個指令來檢查交換器。
  2. 確認交換器和路由器兩端雙工和速度的設定是正常的。我們可以用show interface status檢查交換器和用 show interfaces 檢查路由器。
  3. 路由器的實體介面,我們可以針對每一個VLAN建立一個子介面(subinterface),這個子介面可以為每一個VLAN路由封包,就像傳統的路由器介面一樣。我們可以用show interfaces 這個指令來驗證。同時也要確認每個子介面有正確的封裝型態、VLAN號碼、IP位址、子網路遮罩。我們可以用 show interfaces 或 show running-config 這個指令驗證。
  4. 確認路由器的IOS版本,其介面有能力支援有VLAN資訊的骨幹。我們可以利用 show version 這個指令達成驗證。

 


Scenario 2: Dropped packets and loops

Figure illustrates this scenario:

場景2:封包遺失和形成迴圈

描述了這個場景。

Spanning-tree bridges use topology change notification Bridge Protocol Data Unit packets (BPDUs) to notify other bridges of a change in the spanning-tree topology of the network. The bridge with the lowest identifier in the network becomes the root. Bridges send these BPDUs any time a port makes a transition to or from a forwarding state, as long as there are other ports in the same bridge group. These BPDUs migrate toward the root bridge.

啟動 STP 的橋接器會利用Bridge Ptotocol Data Unit (BPDU)封包來告訴橋接器網路有變動。有最低編號的橋接器會變成網路中的根橋接器。橋接器可以在任何時間送出BPDU的封包,當有一個網路埠有變動時或變成傳送的狀態時。只要有其它的網路埠在同一組橋接號碼中。這些BPDU都會變成只有根橋接器在送。

There can be only one root bridge per bridged network. An election process determines the root bridge. The root determines values for configuration messages, in the BPDUs, and then sets the timers for the other bridges. Other designated bridges determine the shortest path to the root bridge and are responsible for advertising BPDUs to other bridges through designated ports. A bridge should have ports in the blocking state if there is a physical loop.

每一個橋接的網路中只可以有一個根橋接器。有一個選舉的過成來決定這個根橋接器。這個根橋接器在BPDU決定了設定的訊息,然後為其它的橋接器設定計時器。其它橋接器有個主要(指定)的橋接器(designated bridges)根據傳送到其它橋接器的主要網路埠所送出的BPDU決定最短路徑。如果有個橋接器形成迴圈,它應改(該)有能力將網路埠設成阻隔狀態以便消除迴圈。

Problems can arise for internetworks in which both IEEE and DEC spanning-tree algorithms are used by bridging nodes. These problems are caused by differences in the way the bridging nodes handle spanning tree BPDU packets, or hello packets, and in the way they handle data.

問題可能發生在網路中有IEEE和 DEC兩種STP演算法同時使用時。這個問題是因為兩種STP的BPDU封包、HELLO的封包和處理方式都不相同而產生的。

In this scenario, Switch A, Switch B, and Switch C are running the IEEE spanning-tree algorithm. Switch D is inadvertently configured to use the DEC spanning-tree algorithm.

在這個場景中,交換器 A、B、C執行IEEE的STP演算法。但D交換器卻是設定成DEC的STP演算法。

Switch A claims to be the IEEE root and Switch D claims to be the DEC root. Switch B and Switch C propagate root information on all interfaces for IEEE spanning tree. However, Switch D drops IEEE spanning-tree information. Similarly, the other routers ignore Router D's claim to be root.

交換器A宣稱它是 IEEE的根交換器,然而D交換器確是宣稱它是DEC 的根交換器。B和 C交換器會從所有的埠散播IEEE根交換器的資訊。然而D交換器會把這些IEEE的STP資訊丟掉,相同的,其它的交換器也會丟棄D交換器是DEC根的資訊。

The result is that in none of the bridges believing there is a loop and when a broadcast packet is sent on the network, a broadcast storm results over the entire internetwork. This broadcast storm will include Switches X and Y, and beyond.

這個結果導致沒有一個交換器會知到這網路中有一個迴圈存在。當有一個廣播封包產生時,整個網路就會產生廣播風暴。這廣播風暴也會影響到X和Y和之後的交換器。

To resolve this problem, reconfigure Switch D for IEEE. Although a configuration change is necessary, it might not be sufficient to reestablish connectivity. There will be a reconvergence delay as devices exchange BPDUs and recompute a spanning tree for the network.

要解決這個問題,必需要重新將D交換器設為IEEE的STP。雖然有經過重新設定,但並不表示足夠時間而可以重新建立連線。當要重新交換和計算BPDU封包時,它們需要重新收斂的延遲時間。