Tailieu CCNA Thuc Hanh Cau Hinh Routing Tren GNS3

TI LIU CCNA THC HNH CU HNH ROUTING TRN GNS3
MC LC
I. 1. 2. 3. 4. TNG QUAN V PHN MM M PHNG GNS3 ............................................................................... 5 GII THIU ............................................................................................................................................ 5 CI T GNS3........................................................................................................................................ 5 CU HNH GNS3 & CI T IOS CHO GNS3 ................................................................................ 11 KT NI GNS3 VI MNG THT & VMWARE ........................................................................... 15 PHN MM H IU HNH CISCO IOS ....................................................................................... 18 1.1. 1.2. 2. Mc ch ca phn mm Cisco IOS .............................................................................................. 18 Giao din ngi dng ca router .................................................................................................. 18
II. GII THIU V ROUTER & MT S CU HNH C BN .............................................................18 1.
CC CH CU HNH ROUTER ................................................................................................. 18 2.1. 2.2. 2.3. Phm tr gip trong router CLI .................................................................................................... 21 M rng thm v cch vit cu lnh.............................................................................................. 22 X l li cu lnh ............................................................................................................................ 23
3.
CU HNH ROUTER ........................................................................................................................... 24 3.1. 3.2. 3.3. 3.4. 3.5. 3.6. 3.7. Ch giao tip dng lnh CLI..................................................................................................... 25 t tn cho router .......................................................................................................................... 25 t mt m cho router ................................................................................................................... 26 Cu hnh cng serial....................................................................................................................... 28 Thc hin vic thm bt, dch chuyn v thay i tp tin cu hnh ........................................... 29 Cu hnh cng Ethernet ................................................................................................................. 30 Hon chnh cu hnh router .......................................................................................................... 31
3.
NH TUYN V CC GIAO THC NH TUYN ...........................................................................33 TNG QUAN V NH TUYN V NH TUYN TNH ............................................................. 34 1.1. 1.2. 1.3. 1.4. Gii thiu v giao thc nh tuyn tnh ........................................................................................ 34 Hot ng ca nh tuyn tnh. ..................................................................................................... 34 Cu hnh nh tuyn tnh ............................................................................................................... 35 Cu hnh ng c nh ................................................................................................................ 36
GII THIU .......................................................................................................................................................34 1.
2.
TNG QUAN V NH TUYN NG ............................................................................................ 37 2.1. 2.2. 2.3. Gii thiu v giao thc nh tuyn ng ....................................................................................... 37 Autonmous sytem(AS) (H thng t qun) .................................................................................. 37 Mc ch ca giao thc nh tuyn v h thng t qun ............................................................ 38
3.
PHN LOI CC LOI NH TUYN ............................................................................................ 38 3.1. 3.2. nh tuyn theo vect khong cch .............................................................................................. 39 Tng qut v giao thc nh tuyn................................................................................................ 45 Gii thiu giao thc RIP .................................................................................................................... 46 Tin trnh ca RIP ............................................................................................................................. 47 So snh RIPv1 v RIPv2 .................................................................................................................... 47 Cu hnh RIPv2 .................................................................................................................................. 48 Kim tra cu hnh RIP ....................................................................................................................... 51 X l s c v hot ng cp nht ca RIP ...................................................................................... 52 Ngn khng cho router gi thng tin nh tuyn ra mt cng giao tip ........................................ 53 Load Balancing trong RIPv2 ............................................................................................................. 54 Chia ti cho nhiu ng................................................................................................................... 55 Gii thiu v giao thc OSPF ............................................................................................................ 56 C ch hot ng ca OSPF .............................................................................................................. 57 Cu hnh tin trnh nh tuyn OSPF ............................................................................................... 58 Cu hnh a ch loopback cho OSPF v quyn u tin cho router................................................ 59 Thay i gi tr chi ph v Load Balancing trong OSPF. ................................................................ 61 Cu hnh qu trnh xc minh cho OSPF. ......................................................................................... 62 Cu hnh cc thng s thi gian ca OSPF ...................................................................................... 64 OSPF thc hin qung b ng mc nh ..................................................................................... 65 Nhng li thng gp trong cu hnh OSPF.................................................................................... 65
4.
TNG QUAN V GIAO THC NH TUYN RIP ..............................................................................46 4.1. 4.2. 4.3. 4.4. 4.5. 4.6. 4.7. 4.8. 4.9.
5.
TNG QUAN V GIAO THC NH TUYN OSPF ..........................................................................56 5.1. 5.2. 5.3. 5.4. 5.5. 5.6. 5.7. 5.8. 5.9.
5.10.Kim tra cu hnh OSPF ....................................................................................................................... 66 6. TNG QUAN V GIAO THC EIGRP ..................................................................................................67 6.1. 6.3. Gii thiu ............................................................................................................................................ 67 Cu hnh nh tuyn EIGRP ............................................................................................................. 69
6.4. 6.5. 6.6. 7.
Cu hnh xc thc EIGRP ................................................................................................................. 71 Load Balancing trong EIGRP ........................................................................................................... 72 Kim tra hot ng ca EIGRP ........................................................................................................ 72 Khi nim Sniffer ............................................................................................................................... 75 Mc ch s dng ............................................................................................................................... 76 Cc giao thc c th s dng Sniffing .............................................................................................. 76 Phng thc hot ng Sniffer ......................................................................................................... 76 Active........................................................................................................................................... 77 Passive ......................................................................................................................................... 77
SNIFFER TRONG MNG CISCO V CCH PHNG CHNG ........................................................75 7.1. 7.2. 7.3. 7.4.
7.4.1. 7.4.2. 7.5. 7.6. 1. 2. 3. 4. 5. 6. 7. 8.
Cc kiu tn cng ............................................................................................................................... 77 Phng chng sniffer ........................................................................................................................... 78 SMB/CIFS........................................................................................................................................... 78 Keberos:. ............................................................................................................................................. 79 Stanford SRP (Secure Remote Password):....................................................................................... 79 OpenSSH ........................................................................................................................................ 79 VPNs (Virtual Private Network) ....................................................................................................... 79 Static ARP Table. ............................................................................................................................... 79 Qun l port console trn Switch. ..................................................................................................... 80 Port Security ....................................................................................................................................... 80
I.
TNG QUAN V PHN MM M PHNG GNS3
1. GII THIU GNS3 l 1 chng trnh gi lp mng c giao din ha cho php chng ta c th gi lp cc Cisco router s dng IOS tht ,ngoi ra cn c ATM/Frame Relay/Ethernet Switch ,Pix Firewall thm ch kt ni vo h thng mng tht GNS3 c pht trin da trn Dynamips v Dynagen m phng cc dng router 1700,2600,3600,3700,7200 c th s trin khai cc bi lab ca CCNA,CCNP,CCIE nhng hin ti vn cha m phng c Catalyst Switch (mc d c th gi lp NM -16ESW trn router 3700 chy IOS 3725) 2. CI T GNS3 GNS3 c th chy trn Windows,Linux v Mac OSX. ci t phn mm trn Window d dng chng ta c th s dng b ci t all-in-one cung cp mi th chng ta cn chy c GNS3. Chng ta c th download GNS3 bn mi nht ti http://www.gns3.net/download
Sau khi ti phn mm v chng ta bt u tin hnh ci t: Chn GNS3-0.8.3.1-win32all-in-one.exe
Chn I Agree ng vi cc iu khon v tip tc ci t.
Chn tn to nn th mc mi trn programs shortcuts -> nhn Next >
Chn ci t thm cc phn mm b tr i km vi GNS3 -> nhn Next >
Chn ng dn phn vng ci t phn mm -> nhn Install tin hnh ci t.
Qu trnh ci t phn mm
Ci t thnh cng GNS3 trn windows. 3. CU HNH GNS3 & CI T IOS CHO GNS3 Giao din s dng phn mm GNS3
Vo Edit > Add IOS images and hypervisors ch ng dn n cc file IOS trong mc Setting
Sau khi chn xong cc IOS theo model cc loi router th nhn Save lu cu hnh li.
Vo Edit > Preferences > Dynamips > Trong mc Excutable Path chn ng dn n tp tin dynamips.exe trong th mc ci t GNS3 , sau bm vo nt Test kim tra li hot ng ca Dynamip.
Th chy mt router 2600 khi cu hnh xong GNS3.
Sau khi khi chy router th chng ta nhn thy CPU ln ti 100%, Chng ta s iu chnh trong Idle PC. Chn dng c du * l tt nht.
Kt ni router vi mn hnh CLI bt u cu hnh. 4. KT NI GNS3 VI MNG THT & VMWARE GNS3 thng qua vic s dng Dynamips c th to cu ni gia interface trn router o vi interface trn my tht ,cho php mng o giao tip c vi mng tht, Trn h thng Windows, th vin Wincap c s dng to kt ni ny . kt ni cc router o trong GNS3 vi h thng mng tht ta dng thit b Cloud ,gi s ta cn kt ni t router o n card mng tn l Local Area Connection c a ch l 192.168.1.2
Cu hnh IP trn card my tht.
Add card mng tht Local Area Connection vo Cloud hoc card o Vmware
Thc hin kt ni trn GNS3 gia router vi Cloud.
Ci t card mng tng ng cho my o trn Vmware.
II.
GII THIU V ROUTER & MT S CU HNH C BN
Cc k thut ca Cisco u c xy dng da trn h iu hnh mng Cisco (ISO). Phn mm IOS iu khin qu trnh nh tuyn v chuyn mch trn cc thit b kt ni lin mng. Do ngi qun tr mng phi nm vng v IOS. Trong chng ny, em s gii thiu c bn v kho st cc c im ca IOS. Tt c cc cng vic cu hnh mng t n gin nht n phc tp nht u da trn mt nn tng c bn l cu hnh router. Do trong chng ny cng gii thiu v cc k thut v cng c c bn cu hnh router m chng ta s s dng trong h thng mng Cisco. 1. PHN MM H IU HNH CISCO IOS 1.1. Mc ch ca phn mm Cisco IOS Tng t nh my tnh, router v switch khng th hot ng c nu khng c h iu hnh. Cisco gi h iu hnh ca mnh l h iu hnh mng Cisco hay gi tt l Cisco IOS. H iu hnh c ci trn cc Cisco router v Catalysst Switch. Cisco IOS cung cp cc dch v mng nh sau: nh tuyn v chuyn mch. Bo m v bo mt cho vic truy cp vp ti nguyn mng. M rng h thng mng. 1.2. Giao din ngi dng ca router
Phn mm Cisco s dng giao din dng lnh (CLI Command line interface) cho mi trng console truyn thng. IOS l mt k thut c bn, t c pht trin cho nhiu dng sn phm khc nhau ca Cisco. Do hot ng c th ca tng IOS s rt khc nhau tu theo tng loi thit b. Chng ta c nhiu cch khc nhau truy cp vo giao din CLI ca router. Cch u tin l kt ni trc tip t my tnh hoc thit b u cui vo cng console trn router. Cch th hai l s dng ng quay s qua modem hoc kt ni null modem vo cng AUX trn router. C hai cch trn u khng cn phi cu hnh trc cho router. Cch th ba l telnet vo router. thit lp phin telnet vo router th trn router t nht phi c mt cng c cu hnh a ch IP, cc ng vty c cu hnh cho php truy cp v t mt m. 2. CC CH CU HNH ROUTER
Giao din dng lnh ca Cisco s dng cu trc phn cp. Cu trc ny i hi chng ta mun cu hnh ci g th phi vo ch tng ng. V d: nu chng ta mun cu hnh cng giao tip no ca router th chng ta phi vo ch cu hnh cng giao tip . T ch ny tt c cc cu hnh c nhp vo ch c hiu lc i vi cng giao tip tng ng m thi. Tng ng vi mi ch cu hnh c mt du nhc c trng ring v mt tp lnh ring. IOS c mt trnh thng dch gi l EXEC. Sau khi chng ta nhp mt cu lnh th EXEC s thc thi ngay cu lnh . V l do bo mt nn Cisco IOS chia phin bn lm vic ca EXEC thnh hai ch l: ch EXEC ngi dng v ch EXEC c quyn. Sau y l cc c im ca ch EXEC ngi dng v ch EXEC c quyn: Ch EXEC ngi dng ch cho php thc thi mt s cu lnh hin th cc thng tin c bn ca router m thi. Ch ny ch xem ch khng cho php thc hin cc cu lnh lm thay i cu hnh router. Ch EXEC ngi dng c du nhc l >. Ch EXEC c quyn cho php thc hin tt c cc cu lnh ca router. Chng ta c th cu hnh ngi dng phi nhp mt m trc khi truy nhp vo ch ny. Ngoi ra, tng thm tnh bo mt chng ta c th cu hnh thm userID. iu ny cho php ch nhng ngi no c php mi c th truy cp vo router. Ngi qun tr mng phi ch EXEC c quyn mi c th s dng cc cu lnh cu hnh hoc qun l router. T ch EXEC c quyn chng ta c th chuyn vo cc ch c khc nhau nh ch cu hnh ton cc chng hn. Ch EXEC c quyn c xc nh bi du nhc #. chuyn t ch EXEC ngi dng sang ch EXEC c quyn hn dng lnh enable ti du nhc >. Nu mt m c ci t th router s yu cu chng ta nhp mt m. V l do bo mt nn cc thit b mng Cisco khng hin th mt m trong lc chng ta nhp chng. Sau khi mt m c nhp vo chnh xc th du nhc > chuyn thnh # cho bit chng ta ang ch EXEC c quyn. Chng ta g du chm hi (?) du nhc ny th s thy router hin th ra nhiu cu lnh hn so vi ch EXEC ngi dng. du nhc password: chng ta phi nhp mt m ng vi mt m c cu hnh cho router trc bng lnh enable secret hoc enable password. Nu mt m ca router c cu hnh bi c 2 lnh trn th mt m ca cu lnh enable secret s c p dng. Sau khi hon tt cc bc trn chng ta s gp du nhc # cho bit l chng ta ang ch EXEC c quyn. T ch ny chng ta mi c th truy cp vo ch cu hnh ton cc ri sau l cc ch cu hnh ring bit hn nh:
Ch cu hnh cng giao tip. Ch cu hnh cng giao tip con. Ch cu hnh ng truy cp. Ch cu hnh router. Ch cu hnh route-map.
T ch EXEC c quyn, chng ta g disable hoc exit tr v ch EXEC ngi dng. tr v ch EXEC c quyn t ch cu hnh ton cc, chng ta dng lnh exit hoc Ctrl-Z. Lnh Ctrl-Z c th s dng tr v ngay ch EXEC c quyn t bt k ch cu hnh ring bit no.
xem dung lng RAM chng ta dng lnh show version: <output omited> cisco 1721 (68380) processor (revision c) with 3584k/512K bytes of memory.
Dng trn cho bit dung lng ca b nh chnh v b nh chia s trn router. C mt s thit b s dng mt phn DRAM lm b nh chia s. Tng hai dung lng trn l dung lng tht s ca DRAM trn router. xem dung lng ca b nh flash chng ta dung lnh show flash: Athena_VanCong#show flash <output omitted>1599897 bytes total (10889728 bytes free) 2.1. Phm tr gip trong router CLI
Khi chng ta g du chm hi (?) du nhc th router s hin th danh sch cc lnh tng ng vi ch cu hnh m chng ta ang . Ch --More-- cui mn hnh cho bit l phn hin th vn cn tip. xem trang tip theo, chng ta nhn nhanh Spacebar. Cn nu chng ta mun hin th tip tng dng mt th chng ta nhn phm Enter hoc Return. Chng ta c th nhn tng dng mt th chng ta nhn phm bt k no khc quay tr v du nhc.
Sau khi chng ta vo c ch EXEC c quyn ri th chng ta g du chm hi (?), chng ta s thy l danh sch cc cu lnhdung ch ch EXEC c quyn nhiu hn hn danh sch cc cu lnh m chng ta thy trong ch EXEC ngi dng. Tuy nhin cc tp lnh ny s khc nhau tu theo cu hnh ca router v tu theo tng phin bn phn mm Cisco IOS. 2.2. M rng thm v cch vit cu lnh
Trong giao din ngi dng ca router, router c th c ch h tr son tho cu lnh. Chng ta c th s dng cc t hp phm di chuyn con tr trn dng lnh m chng ta ang vit khi chng ta cn phi chnh sa cu lnh . Trong cc phin bn phn mm hin nay, ch h tr son tho cu lnh l hon ton t ng. Tuy nhin nu ch ny ln nh hng khi chng ta bit cc script th chng ta cth tt bng lnh terminal no editing trong ch EXEC c quyn. Khi son tho cu lnh, mn hnh s cun ngang khi cu lnh di qu mt hang. Khi con tr n ht l phi th dng lnh s dch sang tri 10 khong trng. Khi 10 k t u tin ca cu lnh s khng nhn thy c trn mn hnh na. Chng ta c th cun li xem bng cch nhn Ctrl-B hoc nhn phm mi tn () cho ti khi mn hnh cun ti u cu lnh. Hoc chng ta c th nhn Ctrl-A chuyn ngay v u dng lnh. Phm Ctrl-Z c s dng quay tr v ch EXEC c quyn t bt k ch cu hnh ring bit no.
Khi cu hnh router, router c lu li mt s cc lnh chng ta s dng. iu ny c bit c ch khi chng ta mun lp li cc cu lnh di v phc tp. Vi c ch ny chng ta c th thc hin cc vic sau: Ci t kchthc vng b m lu cc cu lnh s dng. Gi li cc cu lnh s dng. Tt chc nng ny i. Mcnh l router s lu li 10 cu lnh trong b m. Chng ta c th thay i slng cu lnh m router lu li bnglnh terminal history size hoc historysize. Ti a l 255 cu lnh c th lu li c. Nu chng ta mun gi li cu lnh va mi s dng gn nht th chng ta nhn Ctrl-P hoc phm mi tn (). Nu chng ta tip tc nhn th mi ln nhn nh vy chng ta s gi li tun t cc cu lnh trc na. Nu chng ta mun gi lui l mt cu lnh sau th chng ta nhn Ctrl-N hoc nhn phm mi tn (). Tng t, nu chng ta tip tc nhn nh vy thi mi ln nhn chng ta s gi li mt lnh . Khi g lnh, chng ta ch cn g cc k t router phn bit vi mi cu knh khc ri nhn phm Tab th router s t ng hon tt cu lnh cho chng ta. Khi chng ta dng phm Tab m router hin th c cu lnh th c ngha l router nhn bitc cu lnh m chng ta mun nhp. Ngoi ra, hu ht cc router u c them chc nng cho chng ta nh du khi v copy. Nh chng ta c th copy cu lnh trc ri dn hoc chn vo cu lnh hin ti.
2.3.
X l li cu lnh
Li cu lnh thng l do chng ta g sai. Sau khi chng ta g mt cu lnh b sai th chng ta s gp du bo li (^). Du bo li (^) t v tr m cu lnh bt u b sai. Da v o v vn dng chc nng tr gip ca h thng chng ta s tm ra v chnh sa li li c php ca cu lnh.
Trong v d trn, du bo li cho bit cu lnh b sai s 32. Chng ta g li cu lnh t u ti v tr b li ri thm du chm hi (?) nh sau: Athena_VanCong# clock set 13:32:00 February ? <1-31> Day of the month Sau chng ta nhp li cu lnh vi s nm ng nh c php trn: Athena_VanCong#clock set 13:32:00 February 31 Sau khi chng ta g xong cu lnh ri nhn phm Enter m cu lnh b sai th chng ta cth dng phm mi tn () gi cu lnhva mi nhp. Sau chng ta dng ccphm mi tn sang phi, sang tri di chuyn con tr ti v tr b sai sa li. Nu cn xo cc k t th chng ta c th dng phm <backspace>. 3. CU HNH ROUTER Cu hnh router cho router thc hin nhiu chc nng mng phc tp l mt cng vic y th thch. Tuy nhin bc bt u cu hnh router th khng kh lm. Nu ngay t bc ny chng ta c gng thc hnh nhiu lm quen v nm vng c cc bc di chuyn gia cc ch cu hnh ca router th cng vic cu hnh phc tp v sau s tr nn n gin hn rt nhiu. Trong phn ny s gii thiu v cc ch cu hnh c bn ca router v mt s lnh cu hnh n gin. K nng c v hiu mt cch r rng cc tp tin cu hnh l mt k nng rt quan trng ca ngi qun tr mng. Cisco IOS c cung cp mt s cng c cho ngi qun tr mng thm mt s thng tin cn thit vo tp tin cu hnh. Cng ging nh nhng ngi lp trnh phi c ti liu ca tng bc lp trnh th ngi qun tr mng cng cn c cung cp thng tin cng nhiu cng tt khi m h thng mng do ngi khc qun tr.
3.1.
Ch giao tip dng lnh CLI
Tt c cc cu lnh lm thay i cu hnh router u xut pht t ch cu hnh ton cc. Tu theo chng ta mun thay i thay i phn cu hnh c bit no ca router th chng ta chuyn vo ch chuyn bit tng ng. Cc ch cu hnh chuyn bitny u l ch con ca ch cu hnh ton cc. Cc cu lnh c s dng trong ch cu hnh ton cc l nhng cu lnh c tc ng ln ton b h thng. Chng ta s dng cu lnh sau di chuyn vo ch cu hnh ton cc: Ch : S thay i ca du nhc cho bit chng ta ang ch cu hnh ton cc Router # configure terminal Router(config)# Ch cu hnh ton cc l ch cu hnh chnh. T ch ny chng ta c thchuyn vo cc ch chuyn bit. Khi chng ta chuyn vo ch cu hnh chuyn bit no th du nhc s thay i tng ng. Cc cu lnh trong ch c tc ng i vi cc cng hay cc tin trnh no lin quan n ch cu hnh thi. Chng ta dng lnh exit tr v ch cu hnh ton cc hoc chng ta dng phm Ctrl-Z quay v thng ch EXEC c quyn. 3.2. t tn cho router
Cng vic u tin khi cu hnh router l t tn cho router. Trong ch cu hnh ton cc, chng ta dng lnh sau:
Router(config)#hostname Athena_VanCong Athena_VanCong(config)# Ngay sau khi chng ta nhn phm Enter thc thi cu lnh chng ta s thy du nhc i ttn mc nh (Router) sang tn m chng ta va mi t (Athena_VanCong). 3.3. t mt m cho router
Mt m c s dng hn ch vic truy cp vo router. Thng thng ta lun t mt m cho ng vty v console trn router. Ngoi ra mt m cn c s dng kim sot s truy cp vo ch EXEC c quyn trn router. Khi , chnhng ngi no c php mi c th thc hin vic thay i tp tin cu hnh trn router.Sau y l cc lnh m chng ta cn s dng thc hin vic t mt m cho ng console: Athena_VanCong(config)#line console 0 Athena_VanCong(config-line)#password <password> Athena_VanCong(config-line)#login Chng ta cng cn t mt m cho mt hoc nhiu ng vty kim sot cc user truy nhp t xa vo router v Telnet. Thng thng Cisco router c 5 ng vty vi th t t 0 n 4. Chng ta thng s dng mt mt m cho tt c cc ng vty, nhng i khi chng ta nn t thm mt m ring cho mt ng d phng khi c 4 ng kia u ang c s dng. Sau y l cc lnh cn s dng t mt m cho ng vty: Athena_VanCong(config)#line vty 0 4 Athena_VanCong(config-line)#password <password> Athena_VanCong(config-line)#login Mt m enable v enable secret c s dng hn ch vic truy cp vo ch EXEC c quyn. Mt m enable ch c s dng khi chng ta ci t mt m enable secret v mt m ny c m ho cn mt m enable th khng. Sau y l cc lnh dng t mt m enable secret: Athena_VanCong(config)#enable password <password> Athena_VanCong(config)#enable secret <password> i khi chng ta s thy l rt khng an ton khi mt m c hin th r rng khi s dng lnh show running-config hoc show startup-config. trnh iu ny chng ta nn dng lnh sau m ho tt c cc mt m hin th trn tp tin cu hnh ca router:
Athena_VanCong(config)#service password-encryption Lnh service password-encryption s p dng mt c ch m ho n gin ln ttc cc mt m cha c m ho. Ring mt m enable secret th s dng mtthut ton m ho rt mnh l MD5.
Chng ta c rt nhiu lnh show c dng kim tra ni dung cc tp tin trn router v tm ra s c. Trong c hai ch EXEC c quyn v EXEC ngi dng, khi chng ta g show? Th chng ta s xem c danh sch cc lnh show. ng nhin l s lnh show dng c trong ch EXEC c quyn s nhiu hn trong ch EXEC ngi dng. Mt s lnh show nh : Athena_VanCong#Show interface <interface>- hin th trng thi ca tt c cc cng giao tip trn router. Athena_VanCong#Show controllers serial - hin th cc thng tin chuyn bit v phn cng ca cc cng serial. Athena_VanCong#Show clock - hin th ng h c ci t trn router. Athena_VanCong#Show hosts - hin th danh sch tn v a ch tng ng. Athena_VanCong#Show users - hin th tt c cc user ang kt ni vo router. Athena_VanCong#Show history - hin th danh sch cc cu lnh va mi c s dng.
3.4.
Athena_VanCong#Show flash hin th thng tin b nh flash v tp tin IOS cha trong . Athena_VanCong#Show version - hin th thng tin v router v IOS ang chy trn RAM. Athena_VanCong#Show ARP - hin th bng ARP trn router. Athena_VanCong#Show protocol - hin th trng thi ton cc v trng thi ca cc cng giao tip c cu hnh giao thc lp 3. Athena_VanCong#Show startup-configuration - hin th tp tin cu hnh ng chy trn RAM. Cu hnh cng serial
Chng ta c th cu hnh cng serial bng ng console hoc vty. Sau y l cc bc cn thc hin khi cu hnh cng serial: Vo ch cu hnh ton cc. Vo ch cu hnh cng serial. Khai bo a ch v subnet mask. t tc clock nu u cp cm vo cng serial l DCE. Nu u cp lDTE th chng ta c th b qua ny. 5. Khi ng serial. 1. 2. 3. 4. Mi mt cng serial u phi c mt a ch IP v subnet mask chng c th nh tuyn cc gi IP. cu hnh a ch IP chng ta dng lnh sau: Athena_VanCong(config)#interface <serial interface> Athena_VanCong(config)#ip address <ip address><netmask> Cng serial cn phi c tn hiu clock iu khin thi gian thc hin thng tin lin lc. Trong hu ht cc trng hp, thit b DCE, v d nh CSU, s l thit b cung cp tn hiu clock. Mc nh th Cisco router lad thit b DTE nhng chng ta c th cu hnh chng thnh thit b DCE. Trong mi trng lm lab th cc ng lin kt serial c kt ni trc tip vi nhau. Do phi c mt u l DCE cp tn hiu clock. Chng ta dng lnh clockrate ci t tc clock. Sau y l cc tc clock m chng ta c th t cho router (n v ca tc clock l bit/s): 1200, 2400, 9600, 19200, 38400,56000, 64000, 72000, 125000, 148000, 500000, 800000, 1000000, 1300000,2000000, 4000000. Tuy nhin s c mt s tc chng ta khng s dng c tutheo kh nng vt l ca tng cng serial.
Mc nh th cc cng giao tip trn router u ng. Nu chng ta mun m hay khi ng cc cng ny th chng ta phi dng lnh no shutdown. Nu chng ta mun ng cng li bo tr hoc x l s c th chng ta dng lnh shutdown. Trong mi trng lm lab, tc clock thng c s dng l 56000. Sau y l cc lnh c s dng ci t tc clock v khi ng cng serial: Athena_VanCong(config)#interface serial 0/0 Athena_VanCong(config-if)#clock rate 56000 Athena_VanCong(config-if)#no shutdown Thc hin vic thm bt, dch chuyn v thay i tp tin cu hnh
3.5.
Nu chng ta cn chnh sa tp tin cu hnh th chng ta phi di chuyn vo ng ch cu hnh v thc hin cn thit. V d:nu chng ta cn m mt cng no trn router th trc ht chng ta phi vo ch cu hnh ton cc, sau vo ch cu ca cng ri dng lnh no shutdown. kim tra nhng g m chng ta va mi thay i, chng ta dng lnh show runningconfig. Lnh ny s hin th ni dung ca tp tin cu hnh hin ti. Nu kt qu hin th c nhng c nhng chi tit khng ng th chng ta c th chnh sa li bng cch thc hin mt hoc nhiu cch sau: Dng dng no ca cc lnh cu hnh. Khi ng li router vi tp tin cu hnh nguyn thu trong NVRAM. Chp tp tin cu hnh d phng t TFTP server. Xo tp tin cu hnh khi ng bng lnh erase startup-config,sau khing li router v vo ch ci t.
lu tp tin, cu hnh hin ti thnh tp tin cu hnh khi ng lu trongNVRAM, chng ta dng lnh nh sau: Athena_VanCong#copy running-config startup-config Athena_VanCong#wr hoc
3.6.
Cu hnh cng Ethernet
Tng t nh cng serial, chng ta c th cu hnh cng Ethernet bng ng console hoc vty. Mi cng Ethernet cng cn phi c mt a ch IP v subnet mask c th thc hin nh tuyn cc gi IP qua cng . Sau y l cc bc thc hin cu hnh Ethernet: Vo ch cu hnh ton cc. Vo ch cu hnh cng Ethernet. Khai bo a ch v subnet mask. Khi ng cng Ethernet.
Mc nh l cc cng trn router u ng. Do , chng ta phi dng lnh no shutdown m hay khi ng cng. Nu chng ta cn ng cng li bo tr hay x l s c th chng ta dng lnh shutdown.
3.7. Hon chnh cu hnh router 3.7.1. Tm quan trng ca vic chun ho tp tin cu hnh Trong mt t chc vic pht cc quy nh dnh cho cc tp tin cu hnh l rt cn thit. T ta c th kim sot c cc tp tin no cn bo tr, lu cc tp tin u v nh th no. 3.7.2. Cu ch thch cho cc cng giao tip Trn cc cng giao tip chng ta nn ghi ch li mt s thng tin quan trng, v d nh ch s mch m cng ny kt ni vo, hay thng tin vo router khc, v phn on mng m cng ny kt ni n. Da vo cc cu ch thch ny, ngi qun tr mng c th bit c l cng giao tip ny kt ni vo u. Cu ch thch ch n gin l ghi ch thm cho cc cng giao tip, ngoi ra n hon ton khng c tc ng g i vi hot ng ca router nhng li gip cho tp tin cu hnh c r rng hn, gip cho vic xc nh s c c nhanh hn.
Athena_VanCong#configure terminal Athena_VanCong(config)#interface <interface> Athena_VanCong(config-if)# description <Ch thch> 3.7.3. Thng ip ng nhp Thng ip ng nhp c hin th khi chng ta ng nhp vo h thng. Loi thng ip ny rt hu dng khi chng ta cn cnh bo trc khi n gi tt h thng mng. V d mt thng ip nh sau: This is a secure system, Authorized Access Only! (y l h thng c bo mt, ch dnh cho nhng ngi c thm quyn!) c s dng cnh bo nhng v khch ving thm bt hp php.
3.7.4. Cu hnh thng ip ng nhp (MOTD) Thng ip MOTD c th hin th trn tt v cc thit b u cui kt ni vo router.
cu hnh thng ip MOTD chng ta vo ch cu hnh ton cc. Ti y chng ta dng lnh banner motd, cch mt khong trng, nhp k t phn cch v d nh k t #, ri vit cu thng bo, kt thc bng cch nhp k t phn cch mt ln na. Sau y l cc bc thc hin cu hnh thng ip MOTD: 1. Vo ch cu hnh ton cc bng lnh configure terminal 2. Nhp lnh nh sau: banner motd # The message of the day goes here #. 3. Lu cu hnh va ri bng lnh copy running-config startup-config.
3. NH TUYN V CC GIAO THC NH TUYN
GII THIU nh tuyn n gin ch l tm ng i t mng ny n mng khc. Thng tin v nhng con ng ny c th l c cp nht t ng t cc router khc hoc l do ngi qun tr mng ch nh cho router. Chng ta s i tm hiu v nh tuyn ng, cc loi giao thc nh tuyn ng v phn tch mi loi mt giao thc tiu biu. Ngi qun tr mng khi chn la mt giao thc nh tuyn ng cn cn nhc mt s yu t nh: ln ca h thng mng, bng thng cc ng truyn, kh nng ca router. Loi router v phin bn router, cc giao thc ang chy trong h thng mng. Chng ny m t chi tit v s khc nhau gia cc giao thc nh tuyn gip cho nh qun tr mng trong vic chn la mt giao thc nh tuyn. 1. TNG QUAN V NH TUYN V NH TUYN TNH nh tuyn l qu trnh m router thc hin chuyn gi d liu ti mng ch.Tt c cc router dc theo ng i u da vo a ch IP ch ca gi d liu chuyn gi theo ng hng n ch cui cng . thc hin c iu ny,router phi hc thng tin v ng i ti cc mng khc .Nu router chy nh tuyn ng th router t ng hc nhng thng tin ny t cc router khc. Cn nu router chy nh tuyn tnh th ngi qun tr mng phi cu hnh cc thng tin n cc mng khc cho router . 1.1. Gii thiu v giao thc nh tuyn tnh
i vi nh tuyn tnh ,cc thng tin v ng i phi do ngi qun tr mng nhp cho router .Khi cu trc mng c bt k thay i no th chnh ngi qun tr mng phi xo hoc thm cc thng tin v ng i cho router .Nhng loi ng i nh vy gi l ng i c nh .i vi h thng mng ln th cng vic bo tr mng nh tuyn cho router nh trn tn rt nhiu thi gian .Cn i vi h thng mng nh ,t c thay i th cng vic ny mt cng hn .Chnh v nh tuyn tnh i hi ngi qun tr mng phi cu hnh mi thng tin v ng i cho router nn n khng c c tnh linh hot nh nh tuyn ng .Trong nhng h thng mng ln ,nh tuyn tnh thng c s dng kt hp vi giao thc nh tuyn ng cho mt s mc ch c bit. 1.2. Hot ng ca nh tuyn tnh. Hot ng ca nh tuyn tnh c th chia ra lm 3 bc nh sau: u tin ,ngi qun tr mng cu hnh cc ng c nh cho router Router ci t cc ng i ny vo bng nh tuyn .
1.3.
Gi d liu c nh tuyn theo cc ng c nh ny . Cu hnh nh tuyn tnh
Ngi qun tr mng cu hnh ng c nh cho router bng lnh iproute.C php ca lnh iproute.
Athena_VanCong(config)# ip router network subnet-mask outgoinginterface| ip next hop Cu lch m ngi qun tr ca router Athena_VanCong cu hnh ng c nh cho router n mng 172.16.1.0/24 . Cu lnh ny ch cho router bit ng n mng ch i ra bng cng giao tip no . Chng ta cn c th ch cho router bit a ch IP ca router k tip l g n c mng ch. C 2 cu lnh u ci t ng c nh vo bng nh tuyn ca router Athena_VanCong. im khc nhau duy nht gia 2 cu lnh ny l ch s tin cy ca 2 ng c nh tng ng trn bng nh tuyn ca router s khc nhau. Ch s tin cy l mt thng s o lng tin cy ca mt ng i .Ch s ny cng thp th tin cy cng cao .Do ,nu n cng mt ch th con ng no c ch s tin cy thp hn th ng c vo bng nh tuyn ca router trc .Trong v d trn,ng c nh s dng a ch IP ca trm k tip s c ch s tin cy mc nh l 1,cn ng c nh s dng cng ra th c ch s tin cy mc nh l 0 .Nu chng ta mun ch nh ch s tin cy thay v s dng gi tr mc nh th chng ta thm thng s ny vo sau thng s v cng ra/a ch IP trm k ca cu lnh .Gi tr ca ch s ny nm trong khong t 0 n 255. Athena_VanCong(config)# ip router 172.16.1.0 255.255.255.0 192.168.1.2
Nu router khng chuyn c gi ra cng giao tip c cu hnh th c ngha l cng giao tip ang b ng, ng i tng ng cng s khng c t vo bng nh tuyn . i khi chng ta s dng ng c nh lm ng d phng cho ng nh tuyn ng .Router s ch s dng ng c nh khi ng nh tuyn ng b t . thc hin iu ny , chng ta ch cn t gi tr ch s tin cy ca ng c nh cao hn ch s tin cy ca giao thc nh tuyn ng ang s dng l c . 1.4. Cu hnh ng c nh
Cu hnh ng mc nh cho router chuyn gi i l ng m router s s dng trong trng hp router khng tm thy ng i no ph hp trong bng nh tuyn ti ch ca gi d liu. Chng ta thng cu hnh ng mc nh cho ng ra Internet ca router v router khng cn phi lu thng tin nh tuyn ti tng mng trn Internet .Lnh cu hnh ng mc nh thc cht cng l lnh cu hnh ng c nh ,c th l cu lnh nh sau: Athena_VanCong(config)#ip route 0.0.0.0 0.0.0.0 [next hop-address/outgoing interface ] Subnet 0.0.0.0 khi c thc hin php ton AND logic vi bt k a ch IP ch no cng c kt qu l mng 0.0.0.0 . Do ,nu gi d liu c a ch ch m router khng tm c ng no ph hp th gi d liu s c nh tuyn ti mng 0.0.0.0. Sau khi cu hnh ng c nh chng ta dng lnh show ip route xem c ng c nh trong bng nh tuyn hay khng .
By gi trn router Athena_VanCong ,chng ta thc hin lnh ping ti mt node trong mng 172.16.1.0. V d lnh ping khng thnh cng .Sau chng ta dng lnh traceroute n node m chng ta va mi ping xem lnh traceroute b rt u .
2. TNG QUAN V NH TUYN NG

2.1. Gii thiu v giao thc nh tuyn ng
Giao thc nh tuyn khc vi giao thc c nh tuyn c v chc nng v nhim v .Giao thc nh tuyn c s dng giao tip gia cc router vi nhau.Giao thc nh tuyn cho php router ny chia s cc thng tin nh tuyn m n bit cho cc router khc .T ,cc router c th xy dng v bo tr bng nh tuyn ca n. Sau y l mt s giao thc nh tuyn :RIP, IGRP, EIGRP, OSPF... Cn giao thc c nh tuyn th c s dng nh hng cho d liu ca ngi dng. Mt giao thc c nh tuyn s cung cp y thng tin v a ch lp mng g i d liu c th truyn i t host ny n host khc da trn cu trc a ch . Sau y l cc giao thc c nh tuyn: Internet Protocol (IP) Internetwork Packet Exchange(IPX) 2.2. Autonmous sytem(AS) (H thng t qun)
H t qun (AS) l mt tp hp cc mng hot ng di cng mt c ch qun tr v nh tuyn .T bn ngoi nhn vo ,mt AS c xem nh mt n v .T chc ng k s Internet ca M (ARIN-American Regitry of Internet Numbers) l ni qun l vic cp s cho mi AS .Ch s ny di 16 bit .Mt s giao thc nh tuyn ,v d nh giao thc IRGP ca Ci sco,i hi phi c s AS xc nh khi hot ng .
2.3.
Mc ch ca giao thc nh tuyn v h thng t qun
Mc ch ca giao thc nh tuyn l xy dng v bo tr bng nh tuyn .Bng nh tuyn ny mang thng tin v cc mng khc v cc cng giao tip trn router n cc mng ny .Router s dng giao thc nh tuyn qun l thng tin nhn c t cc router khc ,thng tin t cu hnh ca cc cng giao tip v thng tin cu hnh cc ng c nh . Giao thc nh tuyn cp nht v tt c cc ng ,chn ng tt nht t vo bng nh tuyn v xo i khi ng khng s dng c na .Cn router th s dng thng tin trng bng nh tuyn chuyn gi d liu ca cc giao thc c nh tuyn . nh tuyn ng hot ng trn c s cc thut ton nh tuyn .Khi cu trc mng c bt k thay i no nh m rng thm ,cu hnh li ,hay b trc trc th khi ta ni h thng mng c hi t .Thi gian cc router ng b vi nhau cng ngn cng tt v khi cc router cha ng b vi nhau v cc thng tin trn mng th s nh tuyn sai. Vi h thng t qun (AS) ,ton b h thng mng ton cu c chia ra thnh nhiu mng nh, d qun l hn.Mi AS c mt s AS ring ,khng trng lp vi bt k AS khc ,v mi AS c c ch qun tr ring ca mnh . 3. PHN LOI CC LOI NH TUYN a s cc thut ton nh tuyn c xp vo 2 loi sau : Vect khong cch. Trng thi ng lin kt .
3.1. nh tuyn theo vect khong cch 3.1.1. C ch nh tuyn nh tuyn theo vect khong cch thc hin truyn bn sao ca bng nh tuyn t router ny sang router khc theo nh k .Vic cp nht nh k gia cc router gip trao i thng tin khi cu trc mng thay i .Thut ton nh tuyn theo vct khong cch cn c gi l thut ton Bellman-Ford. Mi router nhn c bng nh tuyn ca nhng router lng ging kt ni trc tip vi n .V d router B nhn c thng tin t router A .Sau router B s cng thm khong cch t router B n router (v d nh tng s hop ln )vo cc thng tin nh tuyn nhn c t A.Khi router B s c bng nh tuyn mi v truyn bng nh tuyn ny cho router lng ging khc l router C.Qu trnh ny xy ra tng t cho tt c cc router lng ging khc. Chuyn bng nh tuyn cho router lng ging theo nh k v tnh li vect khong cch.
Routerthuthpthngtinvkhongcchnccmngkhc,tnxydng vbotrmtcsdliuvthngtinnhtuyntrongmng. Tuynhin,hot ngtheothuttonvectkhong cchnhvythrouterskhngbitc chnhxccutrccatonbhthng mngmchbitcccrouterlng gingktnitrctipvinmthi. Khisdngnhtuyntheovectkhong cch,bcutinlrouterphixc nhccrouter lngging vin.Ccmng ktnitrctipvocnggiaotip caroutersckhong cchl0. Cn ng iticcmngkhngktnitrc tipvorouterthrouterschnng ttnhtdatrnthngtinmnnhn c tccrouterlngging.V d RouterA nhncthng tinvccmng khc trouter B.Ccthng tinnycttrong bng nh tuynvivectkhong cchctnhtonlichobittrouterAnmng chth itheohngno,khongcchbaonhiu.
3.1.2. C ch cp nht nh tuyn Bngnhtuyn ccpnhtkhicutrcmng csthayi.Qutrnhcp nhtnycngdinratngbcmttrouternynrouterkhc.Khicpnht,miroutergiitonbb ngnhtuyncanchoccrouterlngging.Trongbngnhtuyncthngtinvng ititngmng ch:tngchiph chongi,achcarouterktip.
3.1.3. Li nh tuyn lp v gi tr ti a nh tuyn lp c th xy ra khi bng nh tuyn trn cc router cha c cp nht hi t do qu trnh hi t chm.
Nguyn nhn l do cp nht sai v Mng 1 ca router B, C, D khi cp nht sai bng nh tuyn ca nhau trong khi router A cha cp nht cho cc router cn li v mng 1. iu ny s b lp vng nh vy hoi cho n khi no c mt tin trnh khc ct t c qu trnh ny.
Tnh trng nh vy gi l m v hn, gi d liu s b lp vng trn mng trong khi thc t l Mng 1 b ngt. Vi vect khong cch s dng thng s l s lng hop th mi khi router chuyn thng tin cp nht cho router khc ,ch s hop s tng ln 1.Nu khng c bin php khc phc tnh trng m v hn ,th c nh vy ch s hop s tng ln n v hn. Bn thn thut ton nh tuyn theo vect khong cch c th t sa li c nhng qu trnh lp vng ny c th ko di n khi no m n v hn. Do trnh tnh trng li ny ko di, giao thc nh tuyn theo vect khong cch nh ngha gi tr ti a. Bng cch ny ,giao thc nh tuyn cho php vng lp ko di n khi thng s nh tuyn vt qua gi tr ti a. V d nh hnh v di, khi thng s nh tuyn l 16 hop ln hn gi tr ti a l 15 th thng tin cp nht s b router hu b. Trong bt k trng hp no, khi gi tr ca thng s nh tuyn vt qua gi tr ti a th xem nh mng l khng n c. 3.1.4. Cc cch phng chng li nh tuyn lp 3.1.4.1. Trnh nh tuyn lp vng bng split horizone Mt nguyn nhn khc gy ra lp vng l router gi li nhng thng tin nh tuyn m n va nhn c cho chnh router gi nhng thng tin . S dng bng cu lnh Router(config-if)#no ip split- horizon 3.1.4.2. Trch nh tuyn lp vng bng Route poisoning Route poisoning c s dng trnh xy ra cc vng lp ln v gip cho router thng bo thng l mng khng truy cp c na bng cch t gi tr cho thng s nh tuyn (s lng hop chng hn )ln hn gi tr ti a. Route poisoning c ngha l khi c mt con ng no b ngt th router s thng bo v con ng vi thng s nh tuyn ln hn gi tr ti a. C ch route poisoning khng h gy mu thun vi c ch split horizon .Split horizon c ngha l khi router gi thng tin cp nht ra mt ng lin kt th router khng c gi li nhng thng tin no m n va nhn vo t ng lin kt .By gi ,router vn gi li nhng thng tin nhng vi thng s nh tuyn ln hn gi tr ti a th kt qu vn nh vy .C ch ny gi l split horizon kt hp vi poison reverse. Khi mng x b ngt ,Router s s dng route poisoning bng cch t gi tr 16 trn bng nh tuyn cho bit mng ny khng n c na . 3.1.4.3. Trch nh tuyn lp vng bng c ch cp nht tc thi
Hot ng cp nht bng nh tuyn gia cc router lng ging c thc hin theo chu k .V d :c sau 30 giy RIP thc hin cp nht mt ln .Ngoi ra cn c c ch cp nht tc thi thng bo v mt thay i no trong bng nh tuyn .Khi router pht hin ra c mt thay i no trong cu trc th n lp tc gi thng ip cp nht cho cc router lng ring thng bo v s thay i . Nht l khi c mt ng no b li khng truy cp c na th router phi cp nht tc thi thay v i n ht chu k. C ch cp nht tc thi kt hp vi route poisoning s m bo cho tt c cc router nhn c thng tin khi c mt ng no b ngt trc khi thi gian holddown kt thc. C ch cp nht tc thi cho ton b mng khi c s thay i trong cu trc mng gip cho cc router c cp nht kp thi v khi ng thi gian holddown nhanh hn.
V d nh router C cp nht tc thi ngay khi mng 10.4.0.0 khng truy cp c na. Khi nhn c thng tin ny, router B cng pht thng bo v mng 10.4.0.0 ra cng S0/1. n lt router A cng s pht thng bo ra cng Fa0/0.NetWordk 10.4.0.0 is unreachable Vi cp nht tc thi, router s gi thng ip ngay thng bo s thay i trong bng nh tuyn ca mnh. 3.1.4.4. Trnh lp vng bng thi gian holddown
Khi router nhn c t router lng ging mt thng tin cho bit l mt mng X no by gi khng truy cp c na th router s nh du vo con ng ti mng X l khng truy cp c na v khi ng thi gian holddown. Trong khong thi gian holddow n ny, nu router nhn c thng tin cp nht t chnh router lng ring lc ny thng bo l mng X truy cp li c th router mi cp nht thng tin v kt thc thi gian holddown. Trong sut thi gian holddown nt router nhn c thng tin cp nht t mt router lng ring khc (khng phi l router lng ging pht thng tin cp nht v mng X lc ny) nhng thng tin ny cho bit c ng n mng X vi thng s nh tuyn tt hn con ng m router trc th n s b qua, khng cp nht thng tin ny. C ch na gip cho router
trnh c vic cp nht nhm nhng thng tin c do cc router lng ging cha hay bit g v vic mng X khng truy cp c na. Khng thi gian holddown bo m cho tt c cc router trong h thng mng c cp nht xong v thng tin mi. Sau khi thi gian holddown ht thi hn, tt c cc router trong h thng u c cp nht l mng X khng truy cp c na, khi cc router u c th nhn bit chnh xc v cu trc mng. Do , sau khi thi gian holddown kt thc th cc router li cp nht thng tin nh bnh thng. S dng cu lnh thay i thi gian holddown: Router(config- router)#timers basic update invalid holddown flush[sleeptime] 3.1.5. c im ca giao thc nh tuyn theo trng thi ng lin kt Thut ton nh tuyn theo trng thi ng lin kt l thut ton Dijkstras hay cn gi l thut ton SPF (Shortest Path First tm ng ngn nht).Thut ton nh tuyn theo trng thi ng lin kt thc hin vic xy dng v bo tr mt c s d liu y v cu trc ca ton b h thng mng. nh tuyn theo trng thi ng lin kt s dng nhng cng c sau: Thng ip thng bo trng thi ng lin kt (LSA-Link-state Advertisement): LSA l mt gi d liu nh mang thng tin nh tuyn c truyn i gia cc router . C s d liu v cu trc mng :c xy dng t thng tin thu thp c t cc LSA . Thut ton SPF :da trn c s d liu v cu trc mng ,thut ton SPF s tnh ton tm ng ngn nht . Bng nh tuyn :cha danh sch cc ng i c chn la . Qu trnh thu thp thng tin mng thc hin nh tuyn theo trng thi ng lin kt: Mi router bt u trao i LSA vi tt c cc router khc, trong LSA mang c s d liu da trn thng tin ca cc LSA. Mi router tin hnh xy dng li cu trc mng theo dng hnh cy vi bn than n l gc ,t router v ra tt c cc ng i ti tt c cc mng trong h thng. Sau thut ton SPF chn ng ngn nht a vo bng nh tuyn. Trn bng nh tuyn s cha thng tin v cc ng i c chn vi cng ra tng ng.Bn cnh , router vn tip tc duy tr c s d liu v cu trc h thng mng v trng thi ca cc ng lin kt. Router no pht hin cu trc mng thay i u tin s pht thng tin cp nht cho tt c cc router
khc.Router pht gi LSA, trong c thng tin v router mi, cc thay i v trng thi ng lin kt. Gi LSA ny c pht i cho tt c cc router khc.
Mi router c c s d liu ring v cu trc mng v thut ton SPF thc hin tnh ton da trn c s d liu ny . Khi router nhn c gi LSA th n s cp nht li c s d liu ca n vi thng tin mi va nhn c. Sau SPF s tnh li chn ng li v cp nht li cho bng n h tuyn . nh tuyn theo trng thi ng lin kt c mt s nhc im sau: B s l trung tm ca router phi tnh ton nhiu i hi dung lng b nh phi ln Chim dng bng thng ng truyn
Router s dng nh tuyn theo trng thi ng lin kt s phi cn nhiu b nh hn v hot ng x l nhiu hn l s dng nh tuyn theo vect khong cch. Router phi c b nh lu c s d liu v cu trc mng ,bng nh tuyn. Khi khi ng vic nh tuyn ,tt c cc router phi gi gi LSA cho tt c cc router khc, khi bng thng ng truyn s b chim dng lm cho bng thng dnh cho ng truyn d liu ca ngi dng b gim xung. Nhng sau khi cc router thu thp thng tin xy dng c s d liu v cu trc mng th bng thng ng truyn khng b chim dng na .Ch khi no cu trc mng thay i th router mi pht gi LSA cp nht v nhng gi LSA ny chim mt phn bng thng rng rt nh. 3.2. Tng qut v giao thc nh tuyn 3.2.1. Quyt nh chn ng i Router c 2 chc nng chnh l : Quyt nh chn ng i Chuyn mch Qu trnh chn ng i c thc hin lp Mng.Router da vo bng nh tuyn chn ng cho gi d liu ,sau khi quyt nh ng ra th router thc hin vic chuyn mch pht gi d liu . Chuyn mch l qu trnh m router thc hin chuyn gi t cng nhn vo ra cng pht i .im quan trng ca qu trnh ny l router phi ng gi d liu cho ph hp vi ng truyn m gi chun b i ra 3.2.2. Cu hnh nh tuyn cu hnh giao thc nh tuyn ,chng ta cn cu hnh trong ch cu hnh ton cc v ci t cc c im nh tuyn .Bc u tin , ch cu hnh ton cc, chng ta cn khi ng giao thc nh tuyn m chng ta mun ,v d nhRIP,IRGP,EIGRP hay OSPF. Sau ,trong ch cu hnh nh tuyn ,cng vic chnh l chng ta khi bo a ch IP .nh tuyn ng thng s dng broadcast v multicast trao i thng tin gia cc router .Router s da vo thng s nh tuyn chn ng tt nht ti tng mng ch. Lnh router dng khi ng giao thc nh tuyn .Lnh network dng khai bo cc cng giao tip trn router m ta mun giao thc nh tuyn gi v nhn cc thng tin cp nht v nh tuyn . Sau y l cc v d v cu hnh nh tuyn:
Athena_VanCong(config)#router rip Athena_VanCong(config-router)#network 172.16.1.0 a ch mng khai bo trong cu lnh network l a ch mng theo lp A, B hocC ch khng phi l a ch mng con (subnet)hay a ch host ring l . 3.2.3. Cc giao thc nh tuyn lp Internet ca b giao thc TCP/IP , router s dng mt giao thc nh tuynIP thc hin vic nh tuyn .Sau y l mt s giao thc nh tuyn IP: RIP giao thc nh tuyn ni theo vect khong cch IGRP- giao thc nh tuyn ni theo vect khong cch Cisco. OSPF giao thc nh tuyn ni theo trng thi ng lin kt EIGRP- giao thc m rng ca IGRP BGP- giao thc nh tuyn ngoi theo vect khong cch
4. TNG QUAN V GIAO THC NH TUYN RIP

4.1. Gii thiu giao thc RIP RIP (Routing Information Protocol) l mt giao thc nh tuyn theo vect khong cch c s dng rng ri trn th gii .Mc d RIP khng c nhng kh nng v c im nh nhng giao thc nh tuyn khc nhng RIP da trn nhng chun m v s dng n gin nn vn c cc nh qun tr mng a dng .Do RIP l mt giao thc tt ngi hc v mng bc u lm quen, sau y l cc c im chnh ca RIP :
4.2.
L giao thc nh tuyn theo vect khong cch S dng s lng hop lm thng s chn ng i Nu s lng hop ti ch ln hn 15 th gi d liu s b hu b Cp nht theo nh k mc nh l 30 giy Tin trnh ca RIP
RIP c pht trin trong nhiu nm bt u t phin bn 1 (RIPv1). RIP ch l giao thc nh tuyn theo lp a ch cho n phin bn 2(RIPv2) RIP tr thnh giao thc nh tuyn khng theo lp a ch. RIPv2 c nhng u im hn nh sau: Cung cp thm nhiu thng tin nh tuyn hn. C c ch xc minh gia cc router khi cp nht bo mt cho bng nh tuyn. C h tr VLSM(variable Length Subnet Masking-Subnet mask c chiu di khc nhau). RIP trnh nh tuyn lp vng m n v hn bng cch gii hn s lng hop t a cho php t my gi n my nhn, s lng hop ti a cho mi con ng l 15. i vi cc con ng m router nhn c t thng tin cp nht ca router lng ging, router s tng ch s hop ln 1 v router xem bn thn n cng l 1 hop trn ng i. Nu sau khi tng ch s hop ln 1 m ch s ny ln hn 15 th router s xem nh mng ch khng tng ng vi con ng ny khng n c. Ngoi ra, RIP cng c nhng c tnh tng t nh cc giao thc nh tuyn khc. V d nh : RIP cng c horizon v thi gian holddown trnh cp nht thng tin nh tuyn khng chnh xc. 4.3. So snh RIPv1 v RIPv2
RIP s dng thut ton nh tuyn theo vect khong cch. Nu c nhiu ng n cng mt ch th RIP s chn ng c s hop t nht. Chnh v ch da vo s lng hop chn ng nn i khi con ng m RIP chn khng phi l ng nhanh nht n ch. RIPv1 cho php cc router cp nht bng nh tuyn ca chng theo chu k mc nh l 30 giy. Vic gi thng tin nh tuyn cp nht lin tc nh vy gip cho topo mng c xy dng nhanh chng. trnh b lp vng v tn, RIP gii hn s hop ti a chuyn gi l 15 hop. Nu mt mng ch xa hn 15 router th xem nh mng ch khng th ti c v gi d liu. s b hu b . iu ny lm gii hn kh nng m rng ca RIP , RIPv1 s dng c ch split horizon chng lp vng. Vi c ch ny khi gi thng tin nh tuyn ra mt cng giao tip , RIPv1 router khng gi ngc tr li cc thng tin nh tuyn m n hc c t
chnh cng d, RIPv1 cn s dng thi gian holddown chng lp vng. Khi nhn c mt thng bo v mt mng ch b s c, router s khi ng thi gian holddown. Trong sut khong thi gian holddown router s khng cp nht tt c cc thng tin c thng s nh tuyn xu hn v mng ch . RIPv2 c pht trin t RIPv1 nn n cng c cc c tnh nh trn RIPv2 cng l giao thc nh tuyn theo vect khong cch s dng s lng hop lm thng s nh tuyn duy nht . RIPv2 cng s dng thi gian holddown v c ch split horizon trnh lp vng . Sau y l cc im khc nhau gia RIPv1 v RIPv2: RIPv1 RIPv2
Cuhnhngin Cuhnhngin nhtuyntheolpach nhtuynkhngtheolpach Khng gi thng tin v subnet Cgithngtinvsubnetmasktrongthngtin masktrongthngtin nhtuyn. nhtuyn. KhnghtrVLSM.Dottcccmng trong HtrVLSM.Ccmngtrongh h thng RIPv1phi c cngsubnetmask. thngIPv2cthcchiudisubnetmask khcnhau. Khng c c ch xc minh thng tin nh C c ch xc minh thng tin nhtuyn. tuyn. Gi qung b theo a ch255.255.255.255. Gimulticasttheoach224.0.0.9nnhiuquh n. 4.4. Cu hnh RIPv2
Lnh router rip dng khi ng RIP. Lnh network khai bo a ch mng IP tham gia v tin trnh nh tuyn. Cng no ca router c a ch IP ri vo trong a ch mng c khai bo lnh network th cng s tham gia vo qu trnh gi v nhn thng tin nh tuyn cp nht. Mt khc lnh network cng khai bo nhng a ch mng m router s thc hin qung co v mng . Lnh router rip version 2 xc nh RIPv2 c chn lm giao thc nh tuyn chy trn router. Chng ta c th cu hnh cho RIP thc hin cp nht tc thi khi cu trc mng thay i bng lnh ip rip triggered. Lnh ny ch p dng cho cng serial ca router. Khi cu trc mng thay i, router no nhn bit c s thay i u tin s cp nht vo bng nh tuyn ca n
trc, sau n lp tc gi thng tin cp nht cho cc router khc thng bo v s thay i . Hot ng ny l cp nht tc thi va n xy ra hon ton c lp vi cp nht inh k.
Athena_VanCong(config)# router rip khi ng giao thc nh tuyn RIP. Athena_VanCong(config- router)# version 2 chy phin bn RIPv2 Athena_VanCong(config- router)#network network- number -khai bo cc mng kt ni vi router qung b. RIP l giao thc broadcast. Do , khi mun chy RIP trong mng non-broadcast nh Frame Relay th ta cn phi khai bo cc router RIP lng ging bng lnh sau: Router(config- router) # neighbor ip address Phn mn Cisco IOS mc nhin nhn gi thng tin ca c RIP phin bn 1 v 2 nhng ch gi i gi thng tin bng RIP phin bn 1. Nh qun tr mng c th cu hnh cho router ch gi v nhn gi phin bn 1 hoc l ch gi gi phin bn 2bng cc lnh sau: Router(config- router) # version {1/2} Router(config- if) # ip rip send version 1 Router(config- if) # ip rip send version 2 Router(config- if) # ip rip send version 1 2
Router(config- if) # ip rip receive version 1 Router(config- if) # ip rip receive version 2 Router(config- if) # ip rip receive version 1 2 Mc nh router hc thng tin v ng n mng ch bng 3 cch sau: ng c nh l ng do ngi qun tr mng cu hnh bng tay cho router trong ch nh r router k tip ti mng ch. ng c nh c kh nng bo mt cao v khong c hot ng gi thng tin cp nht nh ng nh tuyn ng. ng c nh rt hu dng khi ch c mt ng duy nht n ch khng cn ng no khc phi chn la. ng mc nh cng do ngi qun tr mng cu hnh bng tay cho router. Trong khai bo ng mc nh s dng khi router khng bit ng n ch. Vi ng mc nh nh tuyn router s dc ngn gn hn. Khi gi d liu c a ch mng ch m router s gi n ra ng mc nh. ng nh tuyn ng l nhng ng do router hc c t cc router khc nh giao thc nh tuyn ng.
Gi s h thng mng ny s dng giao thc nh tuyn ng .Router R4 c kt ni ra internet,kt ni ny l ung mc nh ca ton b h thng mng bn trong.Nhng gi no khng gi n cc mng bn trong ni b m gi ra ngoi th mc nhin s c gi ln ng mc nh ra internet. khai bo ng mc nh cho router R4 chng ta dng ln sau : R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2 Lnh trn l lnh cu hnh ng c nh c bit i din cho bt k mng ch no vi bt k subnetmask no .Xin nhn mnh mt ln na , lnh trn c s dng khai bo ng mc nh cho router no c kt ni ng mc nh vo n. Cc router cn li trong h thng, ta dng lnh ip default-network khai bo mng mc nh ny cho cc router: Router(config)#ip default-network 192.168.1.0
Cc router R1, R2, R3, R5 s s dng mng 192.168.1.0 lm mng ch mc nh .Nhng gi d liu no c a ch ch m cc router no khng tm thy trn bng nh tuyn ca chng th chng s gi v mng mc nh 192.168.1.0.Kt qu l cc gi d liu ny c chuyn ti router R4. Trn router R4 , vi khai bo mc nh la iproute 0.0.0.0 0.0.0.0 192.168.1.2, cc gi d liu s c truyn ra ng kt ni vi Internet. 4.5. Kim tra cu hnh RIP
C nhiu lnh c th s dng kim tra cu hnh RIP c ng hay khng. Trong hai lnh thng c s dng nhiu nht l show ip route v show ip protocols. Lnh show ip protocols s hin th cc giao thc nh tuyn IP ang c chy trn ro uter. lnh ny cho thy router c cu hnh vi RIP khng nhn c bt k thng tin cp nht no t mt router lng ging trong 180 giy hoc hn th nhng con ng hc c t router lng ging s c xem l khng cn gi tr. Nu vn khng nhn thng tin cp nht g c th sau 240 giy, cc con ng ny s b xo khi bng nh tuyn . Trong hnh router Athena_VanCong nhn c cp nht mi nhtt router 2 cch y 8 giy. thi gian holddown 180 giy. Khi c mt con ng c thng bo l b ngt con ng sc t vo trng thi holddown trong 180 giy.
Lnh show ip router c s dng kim tra xem nhng ng i m router hc c t cc router RIP lng ging c c ci t vo bng nh tuyn khng trn. Trn kt qu hin th bng nh tuyn, chng ta kim tra cc ng c nh du bng ch R u dng l nhng ng m router hc c t cc router RIP lng ging. Chng ta cng nn nh rng cc router lun c mt khong thi gian hi t vi nhau, do cc thng tin mi c th cha c hin th ngay trn bng nh tuyn c. Ngoi ra cn c mt s lnh khc m chng ta c th s dng kim tracu hnh RIP :
Show interface interface. Show ip interface interface. Show running config
4.6.
X l s c v hot ng cp nht ca RIP
Hu ht cc li cu hnh RIP u do khai bo cu lnh network sai, subnet khng lin tc hoc l do split horizon. Lnh c tc dng nht trong vic tm li ca RIP trong hat ng cp nht l lnh debug ip rip Lnh debug ip rip s hin th tt c cc thng tin nh tuyn m RIP gi v nhn. V d hnh di cho thy kt qu hin th ca lnh debug ip rip. Sau khi nhn c thng tin cp nht , router s x l thng tin ri sau gi thng tin mi va cp nht ra cc cng.
C rt nhiu im quan trng m chng ta cn ch trong kt qu hin th ca lnh debug ip rip. Mt s vn phi v d nh subnet khng lin tc hay trng subnet, c th pht hin c nh lnh ny. Trong nhng trng hp nh vy chng ta s thy l cng mt mng ch nhng router gi thng tin i th mng ch li c thng s inh tuyn thp hn so vi khi router nhn vo trc . Ngoi ra cn mt s lnh c th s dng x l s c ca RIP: Show ip database. Show ip protocols( summary). Show ip route. Debug ip rip{ events}. Show ip interface brief. Ngn khng cho router gi thng tin nh tuyn ra mt cng giao tip
4.7.
Router c th thc hin chn lc thng tin nh tuyn khi cp nht hoc khi gi thng tin cp nht. i vi router s dng giao thc nh tuyn theo vect khong cch, c ch ny c tc dng v router nh tuyn da trn cc thng tin nh tuyn nhn c t cc router lng ging. Tuy nhin, i vi cc router s dng giao thc nh tuyn theo trng thi ng lin kt th c ch trn khng hiu qu v cc giao thc nh tuyn ny quyt nh chn ng i da trn c s d liu v trng thi cc ng lin kt ch khng da vo thng tin nh tuyn nhn c. Chnh v vy m cch thc hin ngn khng cho router gi thng tin nh tuyn ra mt cng giao tip c cp di y ch s dng cho cc giao thc nh tuyn theo vect khong cch nh RIP, IGRP thi.
Chng ta c th s dng lnh passive interface ngn khng cho router gi thng tin cp nht v nh tuyn ra mt cng no . Lm nh vy th chng ta s ngn c h thng mng khc hc c cc thng tin nh tuyn trong h thng ca mnh.
Router(config- router)#passive- interface Fa0/0. 4.8. Loadbalancing RIPv2
Router c th chia ti ra nhiu ng khi c nhiu ng tt n cng mt ch. Chng ta c th cu hnh bng tay cho router chia ta ra cc ng hoc l cc giao thc nh tuyn ng c th t tnh ton chia ti. RIP c kh nng chia ti ra ti a l su ng c chi ph bng nhau, cn mc nh th RIP ch chia ra lm 4 ng. RIP thc hin chia ti bng cch s dng ln lt v lun phin tng ng.
V d v kt qu hin th ca lnh show ip route. Trong , chng ta thy c hai phn, mi phn m t v mt ng. Trong phn m t v ng th hai c du(*) u dng. Du (*) ny cho bit con ng ny l con ng k tip s c s dng. 4.9. Chia ti cho nhiu ng
Router c kh nng chia ti ra nhiu ng chuyn cc gi d liu n cng mc ch. Chng ta c th cu hnh bng tay cho router thc hin chia ti hoc l cc giao thc nh tuyn ng nh RIP ,IGRP,EIGRP v OSPF s t ng tnh ton.Khi router nhn c thng tin cp nht v nhiu ng khc nhau n cng mt ch th router s chn ng no c ch s tin cy(Admintrative distance) nh nht t vo bng nh tuyn. Trong trng hp cc ng ny c cng ch s tin cy th router s chon ng no c chi ph thp nht hoc l ng no c thng s nh tuyn nh nht. Mi giao thc nh tuyn s c cch tnh chi phkhc nhau v chng ta cn phi cu hnh cc chi ph ny router thc hin chia ti. Khi router c nhiu ng c cng ch s tin cy v cng chi ph n cng mt ch th router s thc hin vic chia ti. Thng thng th router c kh nng chia ti n 6 ng c cng chi ph( gii hn ti a s ng chia ti l ph thuc vo bng nh tuyn ca Cisco IOS), tuy nhin mt s giao thc nh tuyn ni (IGP)c th c gii hn ring. V d nh EIGRP ch cho php ti a l 4 ng. Mc nh th hu ht cc giao thc nh tuyn IP u chia ti ra 4 ng. ng c nh th chia ti ra 6 ng. Ch ring BGP l ngoi l, mc nh ca BGP l ch cho php nh tuyn 1 ng n 1 ch.
S ng ti a m router c th chia ti l t 1 n 6 ng. thay i s ng ti a cho php chng ta s dng lnh sau: Router(config- router) #maximum-paths[number] Khi nh tuyn IP, Cisco IOS c hai c ch chia ti l: chia ti theo gi d liu v chia ti theo a ch ch. Nu router chuyn mch theo tin trnh th router s chia gi d liu ra cc
ng. Cn nu router chuyn mch nhanh th router s chuyn tt c gi d liu n cng mt mng ich th s ti ra ng k tip. Cch ny gi l chia ti theo a ch ch.
ng c nh l ng do ngi qun tr cu hnh cho router chuyn gi ti mng ch theo ng m mnh mun. Mt khc, lnh cu hnh ng c nh cng c s dng khai bo cho ng mc nh. Trong trng hp routerkhng tm thy ng no trn bng nh tuyn chuyn gi n mng ch th router s s dng ng mc nh. Giao thc nh tuyn c s AD nh hn ln lun lun c router chn la trc. Khi ng nh tuyn ng b s c khng s dng c na th router s s dng ti ngnh tuyn c nh chuyn gi n mng ch.
5. TNG QUAN V GIAO THC NH TUYN OSPF

5.1. Gii thiu v giao thc OSPF OSPF l giao thc nh tuyn theo trng thi ng lin c trin khai da trn cc chun m. OSPF c m t trong nhiu chun ca IETF (Internet Engineering Task Force). Chun m y c ngha l OSPF hon ton m i vi cng cng, khng c tnh c quyn.
Nu so snh vi RIPv1 v v2 th OSPF l mt giao thc nh tuyn ni vi IGP tt hn v kh nng m rng ca n. RIP ch gii hn trong 15 hop, hi t chm v i khi chn ng c tc chm v khi quyt nh chn ng n khng quan tm n cc yu t quan trng khc nh bng thng chng hn. OSPF khc phc c cc nhc im ca RIP v n l mt giao thc nh tuyn mnh, c kh nng m rng, ph hp vi cc h thng mng hin i. OSPF c th c cu hnh n vng s dng cho cc mng nh. Mng OSPF ln cn s dng thit k phn cp v chia thnh nhiu vng. Cc vng ny u c kt ni vo cng phn phi la vng 0 hay cn gi l vng xng sng (backbone). Kiu thit k ny cho php kim sot hot ng cp nht nh tuyn. Vic phn vng nh vy lm gim ti ca hot ng nh tuyn, tng tc hi t, gii hn s thay i ca h thng mng vo tng vng v tng hiu sut hot ng Sau y l cc c im chnh ca OSPF: L giao thc nh tuyn theo trng thi ng lin kt. c nh ngha trong RFC 2328. S dng thut ton SPF tnh ton chn ng i tt nht. Ch cp nht khi cu trc mng c s thay i. C ch hot ng ca OSPF
5.2.
OSPF thc hin thu thp thng tin v trng thi cc ng lin kt t cc router lng ging. Mi router OSPF qung co trng thi cc ng lin kt ca n v chuyn tip cc thng tin m n nhn c cho tt c cc lng ging khc. Router x l cc thng tin nhn c xy dng mt c s d liu v trng thi cc ng lin kt trong mt vng. Mi router trong cng mt vng OSPF s c cng mt c s d liu ny. Do mi router s c thng tin ging nhau v trng thi ca cc ng lin kt v lng ging ca cc router khc.Mi router p dng thut ton SPF v c s d liu ca n tnh ton chn ng tt nht n tng mng ch. Thut ton SPF tnh ton chi ph da trn bng thng ca ng truyn. ng no c chi ph nh nht s c chn a vo bng nh tuyn. Mi router gi mt danh sch cc lng ging thn mt, danh sch ny gi l c s d liu cc lng ging thn mt. Cc lng ging c gi l thn mt l nhng lng ging m router c thit lp mi quan h hai chiu. Mt router c th c nhiu lng ging nhng khng phi lng ging no cng c mi quan h thn mt. Do chng ta cn lu mi quan h lng ging khc vi mi quan h lng ging thn mt, hay gi tt l mi quan h thn mt. i vi mi router danh sch lng ging thn mt s khc nhau.
gim bt s lng trao i thng tin nh tuyn vi nhiu router lng ging trong cng mt mng, cc router OSPF bu ra mt router i din gi l Designated router (DR) v mt router i din d phng gi l Backup Designated (BDR) lm im tp trung cc thng tin nh tuyn. 5.3. Cu hnh tin trnh nh tuyn OSPF
nh tuyn OSPF s dng khi nim v vng. Mi router xy dng mt c s d liu y v trng thi cc ng lin kt trong mt vng. Mt vng trong mng OSPF c cp s t 0 n 65.535. Nu OSPF n vng th l vng 0. Trong mng OSPF a vng, tt c cc vng u phi kt ni vo vng 0. Do vng 0 c gi l vng xng sng. Trc tin, chng ta cn khi ng tin trnh nh tuyn OSPF trn router, khai bo a ch mng v ch s vng. a ch mng c khai bo km theo wildcard mask ch khng phi l subnet mask. Ch s danh nh (ID) ca vng c vit di dng s hoc di dng s thp phn c du chm tng t nh IP. khi ng nh tuyn OSPF chng ta dng lnh sau trong ch cu hnh ton cc: Router (config)#router ospf process-id Process-id l ch s xc nh tin trnh ng tuyn OSPF trn router. Chng ta c th khi ng nhiu tin trnh OSPF trn cng mt router. Ch s ny c th l bt k gi tr no trong khong t 1 n 65.535. a s cc nh qun tr mng thng gi ch s process -id ny ging nhau trong cng mt h t qun, nhng iu ny l khng bt buc. Rt him khi no chng ta cn chy nhiu hn mt tin trnh OSPF trn mt router. Chng ta khai bo a ch mng cho OSPF nh sau: Router(config-router)#network address wildcard-mask area area-id
Mi mng c quy c thuc v mt vng. Adress c th l a ch ca ton mng, hoc l mt subnet hoc l a ch ca mt cng giao tip. Wildcard-mask s xc nh chui a ch host nm trong mng m chng ta cn khai bo. 5.4. Cu hnh a ch loopback cho OSPF v quyn u tin cho router
Khi tin trnh OSPF bt u hot ng, Cisco IOS s dng a ch IP ln nht ang hot ng trn router lm router ID. Nu khng c cng no ang hot ng th tin trnh OSPF khng th bt u c. Khi router chn a ch IP ca mt cng lm router ID v sau cng ny b s c th tin trnh s b mt router ID. Khi tin trnh OSPF s bi ngng hot ng cho n khi cng hot ng tr li. m bo cho OSPF hot ng n nh chng ta cn phi c mt cng lun lun tn ti cho tin trnh OSPF. Chnh v vy cn cu hnh mt cng loopback l mt cng lun l ch khng phi cng vt l. Nu c mt cng loopback c cu hnh th OSPF s s dng a ch ca cng loopback lm router ID m khng quan tm n gi tr ca a ch ny. Nu trn router c nhiu hn mt cng loopback th OSPF s chn a ch IP ln nht trong cc a ch IP ca cc cng loopback lm router ID. to cng loopback v t a ch IP cho n chng ta s dng cc lnh sau: Router (config)#interface loopback number Router (config-if)#ip address ip-address subnet-mask Chng ta nn s dng cng loopback cho mi router chy OSPF. Cng loopback ny nn c cu hnh vi a ch c subnet mask l 255.255.255.255. a ch 32-bit subnet mask nh vy gi l host mask v subnet mask ny xc nh mt a ch mng ch c mt host. Khi OS PF pht qung co v mng loopback, OSPF s lun lun qung co loopback nh l mt host vi 32-bit mask.
Trong mng qung b a truy cp c th c nhiu hn hai router. Do , OSPF bu ra mt router i din (DR Designated Router) lm im tp trung tt c cc thng tin qung co v cp nht v trng thi ca cc ng lin kt. V vai tr ca DR rt quan trng nn mt router i din d phng (BDR Backup Designated Router) cng c bu ra thay th khi DR b s c. i vi cng kt ni vo mng qung b, gi tr u tin mc nh ca OSPF trn cng l 1. Khi gi tr OSPF u tin ca cc router u bng nhau th OSPF s bu DR da trn router ID. Router ID no ln nht s c chn. Chng ta c th quyt nh kt qu bu chn DR bng cch t gi tr u tin cho cng cua router kt ni vo mng . Cng ca router no c gi tr u tin cao nht th router chc chn l DR. Gi tr u tin c th t bt k gi tr no nm trong khong t 0 n 255. Gi tr 0 s lm cho router khng bao gi c bu chn. Router no c gi tr u tin OSPF cao nht s c chn lm DR. Router no c v tr u tin th 2 s l BDR. Sau khi bu chn xong, DR v BDR s gi lun vai tr ca n cho d chng ta c t thm router mi vo mng vi gi tr u tin OSPF cao hn. thay i gi tr u tin OSPF, chng ta dng lnh ip ospf priority trn cng no cn thay i. Chng ta dng lnh showip ospf interface c th xem c gi tr u tin ca cng v nhiu thng tin quan trng khc. Router(config-if)#ip ospf priority number Router#show ip ospf interfacetype number
5.5.
Thay i gi tr chi ph v chia ti ca OSPF.
OSPF s dng chi ph lm thng s chn ng tt nht. Gi tr chi ph ny lin quan n ng truyn v d liu nhn vo ca mt cng trn router. Ni tm li, chi ph ca mt kt ni c tnh theo cng thc 108/bng thng, trong bng thng c tnh theo n v bit/s. Ngi qun tr mng c th cu hnh gi tr chi ph bng nhiu cch. Cng no c chi ph thp th cng s c chn chuyn d liu. Cisco IOS t ng tnh chi ph da trn bng thng ca cng tng ng. Do , OSPF hot ng ng chng ta cn cu hnh bng thng ng cho cng ca router. Router (config)#interface <interface> Router(config-if)#bandwidth <bng thng> Gi tr bng thng mc nh ca cng Serial Cisco l 1,544Mbps hay 1544kbs.
Gi tr chi ph thay i s nh hng n kt qu tnh ton ca OSPF. Trong mi trng nh tuyn c nhiu hng khc nhau, chng ta s phi thay i gi tr chi ph gi tr chi ph ca hng ny tng thch vi gi tr chi ph ca hng kia. Mt trng hp khc chng ta cn thay i gi tr chi ph khi s dng Gigabit Ethernet. Gi tr chi ph mc nh thp nht, gi tr 1, l tng ng vi kt ni 100Mbs. Do , khi trong mng va co 100Mbs va Gigabit Ethernet th gi tr chi ph mc nh s lm cho vic nh tuyn c th khng ti u. Gi tr chi phi nm trong khong t 1 n 65.535. Chng ta s dng cu lnh sau trong ch cu hnh cng tng ng ci t gi tr chi ph cho cng : Router (config-if)#ip ospf cost number
Khi c nhiu ng i n ch vi cng chi ph trong cng mt qu trnh nh tuyn, chng ta s c hin tng cn bng ti, v cc ng ny cng s c a vo bng nh tuyn. Ta c th chnh s lng ti a cc ng i n cng mt ch bng lnh maximumpaths mode router. Khong gi tr ca n l t 1 n 64, mc nh cho OSPF l 16. 5.6. Cu hnh qu trnh xc minh cho OSPF.
Cc router mc nhin tin rng nhng thng tin nh tuyn m n nhn c l do ng router tin cy pht ra v nhng thng tin ny khng b can thip dc ng i. m bo iu ny, cc router trong mt vng cn c cu hnh thc hin xc minh vi nhau. Mi mt cng OSPF trn router cn c mt cha kho xc minh s dng khi gi cc thng tin OSPF cho cc router khc cng kt ni vi cng . Cha kha xc minh, hay cn gi l mt m, c chia s gia hai router. Cha kho ny s dng to ra d liu xc minh (trng Authentication data) t trong phn header ca gi OSPF. Mt m ny c th di n 8 k t. Chng ta s dng cu lnh sau cu hnh mt m xc minh cho mt cng OSPF: Router (config-if)#ip ospf authentication-keypassword
Sau khi cu hnh mt m xong, chng ta cn bt ch xc minh cho OSPF: Router(config-router)#areaarea-number authentication
Vi c ch xc minh n gin trn, mt m c gi i di dn vn bn. Do n d dng c gii m nu gi OSPF b nhng k tn cng bt c. Chnh v vy cc thng tin xc minh nn c mt m li. m bo an ton hn v thc hin mt m thng tin xc minh, chng ta nn cu hnh mt m message-digest bng cu lnh sau trn cng tng ng ca router: Router( config-if)#ip ospf message-digest-key key-id encryption-type md5 key
MD5 l mt thut ton mt m thng ip message-digist. Nu chng ta t tham s encryption-type gi tr 0 c ngha l khng th hin mt m, cn gi tr 7 c ngha l thc hin mt m theo cch c quyn ca Cisco. Tham s key-id l mt con s danh nh c gi tr t 1 n 255. Tham s key l phn cho chng ta khai bo mt m, c th di n 16 k t. Cc router lng ging bt buc phi c cng s key-id c cng gi tr key.
Sau khi cu hnh mt m MD5 xong chng ta cn bt ch xc minh message-digest trong OSPF: Router (config-router)#area area-id authentication message-digest
T mt m v ni dung ca gi d liu, thut ton mt m MD5 s to ra mt thng ip gn thm vo gi d liu. Router nhn gi d liu s dng mt m m bn thn router c kt hp vi gi d liu nhn c to ra mt thng ip. Nu kt qu hai thng ip ny ging nhau th c ngha l l router nhn c gi d liu t ng ngun v ni dung gi d liu khng b can thip. Nu c ch xc minh l message-digest th trng authentication data s c cha key-id v thng s cho bit chiu di ca phn thng ip gn thm vo gi d liu. Phn thng ip ny ging nh mt con du khng th lm gi c. 5.7. Cu hnh cc thng s thi gian ca OSPF
Cc router OSPF bt buc phi c khong thi gian hello v khong thi gian bt ng vi nhau mi c th thc hin trao i thng tin vi nhau. Mc nh, khong thi gian bt ng bng bn ln khong thi gian hello. iu ny c ngha l mt router c n 4 c hi gi gi hello trc khi n xc nh l cht. Trong mng OSPF qung b, khong thi gian hello mc nh l 10 giy, khong thi gian bt ng mc nh l 40 giy. Trong mng khng qung b, khong thi gian hello mc nh l 30 giy v khong thi gian bt ng mc nh l 120 giy. Cc gi tr mc nh ny c nh hng n hiu qu hot ng ca OSPF v i khi chng ta cn phi thay i chng. Ngi qun tr mng c php la chn gi tr cho hai khong thi gian ny. tng hiu qu hot ng ca mng chng ta cn u tin thay i gi tr ca hai khong thi gian ny. Tuy nhin, cc gi tr ny phi c cu hnh ging nhau cho mi router lng ging kt ni vi nhau.
cu hnh khong thi gian hello v khong thi gian bt ng trn mt cng ca router, chng ta s dng cu lnh sau: Router (config-if)#ip ospf hello-interval seconds Router (config-if)#ip ospf dead-interval seconds
5.8.
OSPF thc hin qung b ng mc nh
nh tuyn OSPF m bo cc con ng n tt c cc mng ch trong h thng khng b lp vng. n c cc mng nm ngoi h thng th OSPF cn phi bit v mng hoc l phi c ng mc nh. Tt nht l s dng ng mc nh v nu router phi lu li tng ng i cho mi mng ch trn th gii th s tn mt lng ti nguyn khng l. Trn thc t, chng ta khai bo ng mc nh cho router OSPF no kt ni ra ngoi. Sau thng tin v ng mc nh ny c phn phi vo cho cc router khc trong h t qun (AS autonomous system) thng qua hot ng cp nht bnh thng ca OSPF. Trn router c cng kt ni ra ngoi, chng ta cu hnh mc nh bng cu lnh sau: Router (config)#ip route 0.0.0.0 0.0.0.0 [interface | next-hop address ] Mng tm s 0 nh vy tng ng vi bt k a ch mng no. Sau khi cu hnh ng mc nh xong, chng ta cu hnh cho OSPF chuyn thng tin v ng mc nh cho mi router khc trong vng OSPF: Router (config-router) #default information originate Mi router trong h thng OSPF s nhn bit c l c ng mc nh trn router bin gii kt ni ra ngoi. 5.9. Nhng li thng gp trong cu hnh OSPF
OSPF router phi thit lp mi quan h lng ging hoc thn mt vi OSPF router khc trao i thng tin nh tuyn. Mi quan h ny khng thit lp c c th do nhng nguyn nhn sau: C hai bn lng ging vi nhau u khng gi Hello. Khong thi gian Hello v khong thi gian bt ng khng ging nhau gia cc router lng ging. Loi cng giao tip khc nhau gia cc router lng ging. Mt m xc minh v cha kho khc nhau gia cc router lng ging. Trong cu hnh nh tuyn OSPF vic m bo tnh chnh xc ca cc thng tin sau cng v cng quan trng: Tt c cc cng giao tip phi c a ch v subnet mask chnh xc. Cu lnh network area phi c wildcard mask chnh xc. Cu lnh network area phi khai bo ng area m network thuc v. 5.10. Kim tra cu hnh OSPF kim tra cu hnh OSPF chng ta c th dng cc lnh show c lit k cc lnh show hu dng cho chng ta khi tm s c ca OSPF nh sau: Show ip protocol - Hin th cc thng tin v thng s thi gian, thng s nhtuyn, mng nh tuyn v nhiu thng tin khc ca tt ccc giao thc nh tuyn ang hot ng trn router. Show ip ospf interface - Lnh ny cho bit cng ca router c cu hnh ngvi vng m n thuc v hay khng. Nu cng loopback khng c cu hnh th ghi a ch IP ca cng vt l no c gi tr ln nht s c chn lm router ID. Lnh ny cng hin th cc thng s ca khong thi gian hello v khong thi gian bt ng trn cng , ng thi cho bit cc router lng ging thn mt kt ni vo cng. Show ip ospf - Lnh ny cho bit s ln s dng thut ton SPF, ngthi cho bit khong thi gian cp nht khi mng khng c gthay i. Show ip ospfneighbor detail - Lit k chi tit cc lng ging, gi tr u tin ca chng vtrng thi ca chng. Show ip ospfdatabase - Hin th ni dung ca c s d liu v cu trc h thngmng trn router, ng thi cho bit router ID, ID ca tin trnh OSPF. Cc lnh clear v debug dng kim tra hot ng OSPF. Clear ip route * - Xo ton b bng nh tuyn.
Clear ip route a.b.c.d - Xo ng a.b.c.d trong bng nh tuyn. Debug ip ospf events- Bo co mi s kin ca OSPF. Debug ip ospf adj - Bo co mi s kin v hot ng quan h thn mtca OSPF.
6. TNG QUAN V GIAO THC EIGRP 6.1. Gii thiu Enhanced Interior Gateway Routing Protocol (EIGRP) l mt giao thc nh tuyn c quyn ca Cisco c pht trin t Interior Gateway Routing Protocol (IGRP). Khng ging nh IGRP l mt giao thc nh tuyn theo lp a ch, EIGRP c h tr nh tuyn lin min khng theo lp a ch (CIDR Classless Interdomain Routing) v cho php ngi thit k mng ti u khng gian s dng a ch bng VLSM. So vi IGRP, EIGRP c thi gian hi t nhanh hn, kh nng m rng tt hn v kh nng chng lp vng cao hn. Hn na, EIGRP cn thay th c cho giao thc Novell Routing Information Protocol (Novell RIP) v Apple Talk Routing Table Maintenance Protocol (RTMP) phc v hiu qu cho c hai mng IPX v Apple Talk. EIGRP thng c xem l giao thc lai v n kt hp cc u im ca c giao thc nh tuyn theo vect khong cch v giao thc nh tuyn theo trng thi ng lin kt. EIGRP l mt giao thc nh tuyn nng cao hn da trn cc c im c giao thc nh tuyn theo trng thi ng lin kt. Nhng u im tt nht ca OSPF nh thng tin cp nht mt phn, pht hin router lng gingc a vo EIGRP. Tuy nhin, cu hnh EIGRP d hn cu hnh OSPF. EIGRP l mt la chn l tng cho cc mng ln, a giao thc c xy dng da trn cc Cisco router. 6.2. Cc c im ca EIGRP
EIGRP hot ng khc vi IGRP. V bn cht EIGRP l mt giao thc nh tuyn theo vect khong cch nng cao nhng khi cp nht v bo tr thng tin lng ging v thng tin nh tuyn th n lm vic ging nh mt giao thc nh tuyn theo trng thi ng lin kt.
Sau y l cc u im ca EIGRP so vi giao thc nh tuyn theo vect khong cch thng thng: Tc hi t nhanh. S dng bng thng hiu qu. C h tr VLSM (Variable Length Subnet Mask) v CIDR (Classless Interdomain Routing). Khng ging nh IGRP, EIGRP c trao i thng tin v subnet mask nn n h tr c cho h thng IP khng theo lp. H tr nhiu giao thc mng khc nhau. Khng ph thuc vo giao thc nh tuyn. Nh cu trc tng phn ring bit tng ng vi tng giao thc m EIGRP khng cn phi chnh sa lu. V d nh khi pht trin h tr mt giao thc mi nh IP chng hn, EIGRP cn phi c thm phn mi tng ng cho IP nhng hon ton khng cn phi vit li EIGRP. EIGRP router hi t nhanh v chng s dng DUAL. DUAL bo m hot ng khng b lp vng khi tnh ton ng i, cho php mi router trong h thng mng thc hin ng b cng lc khi c s thay i xy ra. EIGRP s dng bng thng hiu qu v n ch gi thng tin cp nht mt phn v gii hn ch khng gi ton b bng nh tuyn. Nh vy n ch tn mt lng bng thng ti thiu khi h thng mng n nh. iu ny tng t nh hot ng cp nht ca OSPF, nhng khng ging nh router OSPF, router EIGRP ch gi thng tin cp nht mt phn cho router no cn thng tin m thi, ch khng gi cho mi router khc trong vng nh OSPF. Chnh v vy m hot ng cp nht ca EIGRP gi l cp nht gii hn. Thay v hot ng cp nht theo chu k, cc router EIGRP gi lin lc vi nhau bng cc gi hello rt nh. Vic trao i cc gi hello theo nh k khng chim nhiu bng thng ng truyn.
EIGRP c th h tr cho IP, IPX v Apple Talk nh c cu trc tng phn theo giao thc (PDMs Protocol-dependent modules). EIGRP c th phn phi thng tin ca IPX RIP v SAP ci tin hot ng ton din. Trn thc t, EIGRP c th iu khin hai giao thc ny. Ro uter EIGRP nhn thng tin nh tuyn v dch v, ch cp nht cho cc router khc khi thng tin trong bng nh tuyn hay bng SAP thay i. EIGRP cn c th iu khin giao thc Apple Talk Routing Table Maintenance Protocol (RTMP). RTMP s dng s lng hop chn ng nn kh nng chn ng khng c tt lm. Do , EIGRP s dng thng s nh tuyn tng hp cu hnh c chn ng tt nht cho mng Apple Talk. L mt giao thc nh tuyn theo vect khong cch, RTMP thc hin trao i ton b thng tin nh tuyn theo chu k. gim bt s qu ti ny, EIGRP thc hin phn phi thng tin nh tuyn Apple Talk khi c s kin thay i m thi. Tuy nhin, Apple Talk client cng mun nhn thng tin RTMP t cc router ni b, do EIGRP dng cho Apple Talk ch nn chy trong mng khng c client, v d nh cc lin kt WAN chng hn. 6.3. Cu hnh nh tuyn EIGRP S dng lnh sau khi ng EIGRP v xc nh con s ca h t qun: Router(config)#router eigrp autonomous-system-number Thng s autonomous-system-number xc nh cc router trong mt h t qun. Nhng router no trong cng mt h thng mng th phi c con s ny ging nhau. Khai bo nhng mng no ca router m chng ta ang cu hnh thuc v h t qun EIGRP: Router(config-router)#network network-number Thng s network-number l a ch mng ca cc cng giao tip trn router thuc v h thng mng EIGRP. Router s thc hin qung co thng tin v nhng mng c khai bo trong cu lnh network ny.Network l nhng mng no kt ni trc tip vo router . Khi cu hnh cng serial s dng trong EIGRP, vic quan trng l cn t bng thng cho cng ny. Nu chng ta khng thay i bng thng ca cng, EIGRP s s dng bng thng mc nh ca cng thay v bng thng thc s. Nu ng kt ni thc s chm hn, router c th khng hi t c, thng tin nh tuyn cp nht c th b mt hoc l kt qu chn ng khng ti u. t bng thng cho mt cng serial trn router, chng ta dng cu lnh sau trong ch cu hnh ca cng :
Router(config-if)#bandwidth kilobits Gi tr bng thng khai trong lnh bandwidth ch c s dng tnh ton cho tin trnh nh tuyn, gi tr ny nn khai ng vi tc ca cng. Cisco cn khuyn co nn thm cu lnh sau trong cu hnh EIGRP: Router(config-if)#eigrp log-neighbor-changes Cu lnh ny s lm cho router xut ra cc cu thng bo mi khi c s thay i ca cc router lng ging thn mt gip chng ta theo di s n nh ca h thng nh tuyn v pht hin c s c nu c.
Vi EIGRP, vic tng hp ng i c th c cu hnh bng tay trn tng cng ca router vi gii hn tng hp m chng ta mun ch khng t ng tng hp theo lp ca a ch IP. Sau khi khai bo a ch tng hp cho mt cng ca router, router s pht qung co ra cng cc a ch c tng hp nh mt cu lnh ci t. a ch tng hp c khai bo bng lnh ip summary-address eigrp nh sau:
Router(config-if)# ip summary-address eigrp autonomous-system-number ipaddressmask administrative-distance ng tng hp ca EIGRP c ch s mc nh ca tin cy (administrative- distance) l 5. Tuy nhin, chng ta c th khai bo gi tr cho ch s ny trong khong t 1 n 255. Trong a s cc trng hp, khi chng ta mun cu hnh tng hp a ch bng tay th chng ta nn tt ch t ng tng hp bng lnh no auto-summary. 6.4. Cu hnh xc thc EIGRP EIGRP h tr kiu xc thc MD5. Router(config)# interface <interface> Vo ch cu hnh interface Router(config-if)# ip authenticationmode eigrp as-number md5 Cho php thut ton MD5 s c s dng xc thc i vi cc gi tin ca EIGRP trn cc interface. Router(config-if)# ip authenticaitonkey-chain eigrp as-number athena Cho php xc thc cc gi tin ca EIGRP. athena l tn ca key chain. Router(config-if)# exit Tr v ch cu hnh Privileged. Router(config)# key chain athena To ra mt key chain. Tn ca key chain phi tng ng vi tn c cu hnh trong mode interface. Router(config-keychain)# key 1 Xc nh ch s ca key. * Ch : Ch s ca key c th nm trong khong t 0 n 2147483647. Ch s key khng cn phi lin tip nhau. Cn phi to t nht mt key trong mt key chain. Router(config-keychain-key)# keystring vancong Xc nh key string. * Ch : mt key string c th cha t 1 n 80 k t v trong bao gm c cc k t thng, hoa, c bit, s.
Router(config-keychainkey)# accept-lifetime start-time {infinite | end-time | durationseconds} Ty chn ny s ch ra khong thi gian m key s c nhn. Router(config-keychain-key)# sendlifetime start-time {infinite | endtime | duration seconds} Ty chn ny ch ra khong thi gian m key s c gi. 6.5. Chia ti trong EIGRP
Mt c im ni tri ca EIGRP l giao thc ny cho php cn bng ti ngay c trn nhng ng khng u nhau. iu ny gip tn dng tt hn cc ng truyn ni n ro uter.Nu mt ng i n ch ca mt router m khng c Feasibel Successor, th n s khng c s dng thc hin c ch cn bng ti. Giao thc nh tuyn EIGPR h tr cn bng ti ti a l 6 ng c cost khng bng nhau. Router(config)# router eigrp as-number Cho php router hot ng vi giao thc nh tuyn EIGRP vi s AS Router(config-router)# network network-address Ch ra nhng mng s c qung b bi EIGRP. Router(config-router)# variance <n> Router s chn nhng ng i c metric nh hn hoc bng n*metric thp nht ca router n mng ch. Trong n l ch s c ch ra bi cu lnh variance 6.6. Kim tra hot ng ca EIGRP
Chng ta s dng cc lnh show nh sau kim tra cc hot ng ca EIGRP.Ngoi ra, cc lnh debug l nhng lnh gip chng ta theo di hot ng EIGRP khi cn thit.
Show ip eigrpneighbors [type number] [details] Hin th bng lng ging ca EIGRP. S dng tham s type number xc nh c th cng cn xem. T kho details cho php hin th thng tin chi tit hn. Show ip eigrpinterfaces [type number] [as- number] [details] Hin th thng tin EIGRP ca cc cng. S dng cc tham s in nghing cho php gii hn phn thng tin hin th cho tng cng hoc trong tng AS. T kho details cho php hin th thng tin chi tit hn. Show ip eigrptopology [as- number] [[ip- address] mask] Hin th tt c cc feasible successor trong bng cu trc mng ca EIGRP. S dng cc tham s in nghing gii hn thng tin hin th theo s AS hay theo a ch mng c th.
Show ip eigrptopology [active | pending | zero- successors] Tu theo chng ta s dng t kho no, router s hin th thng tin v cc ng i ang hot ng, ang ch x l hay khng c successor. Show ip eigrp topology all-links - Hin th thng tin v mi ng i ch khng ch cfeasible successor trong bng cu trc EIGRP. Show ip eigrp traffic [as-number] - Hin th s gi EIGRP gi i v nhn c.Chng ta s dng tham s as-number gii hn thng tin hin thtrong mt AS c th.
Cc lnh debug: Debug eigrp fsm -Hin th hot ng ca cc EIGRP feasible successor gip chng ta xc nh khi no tin trnh nh tuyn ci t v xa thng tin cp nht v ng i.
Debug eigrp packet - Hin th cc gi EIGRP gi i v nhn c. Cc gi ny c th l gi hello, cp nht, bo nhn, yu cu hoc hi p. S th t ca gi v ch s bo nhn c sdng gi bo m cc gi EIGRP cng c hin th.
7. SNIFFER TRONG MNG CISCO V CCH PHNG CHNG

7.1. Khi nim Sniffer Khi u Sniffer l tn mt sn phm ca Network Associates c tn l Sniffer Network Analyzer. Sniffer c hiu n gin nh l mt chng trnh c gng nghe ngng cc lu lng thng tin trn (trong mt h thng mng). Tng t nh l thit b cho php nghe ln trn ng dy in thoi. Ch khc nhau mi trng l cc chng trnh Sniffer thc hin nghe ln trong mi trng mng my tnh. Tuy nhin nhng giao dch gia cc h thng mng my tnh thng l nhng d liu dng nh phn (Binary). Bi vy nghe ln v hiu c nhng d liu dng nh phn ny, cc chng trnh Sniffer phi c tnh nng c bit nh l s phn tch cc giao thc (Protocol Analysis), cng nh tnh nng gii m (Decode) cc d liu dng nh phn sang dng khc hiu c chng. Trong mt h thng mng s dng nhng giao thc kt ni chung v ng b. Chng ta c th s dng Sniffer bt c Host no trong h thng mng ca chng ta. Ch ny c gi l ch hn tp(promiscuous mode).
i tng Sniffing l : Password (t Email, Web, SMB, FTP, SQL hoc Telnet) Cc thng tin v th tn dng
7.2.
Vn bn ca Email Cc tp tin ang di ng trn mng (tp tin Email, FTP hoc SMB) Mc ch s dng
Sniffer thng c s dng vo 2 mc ch khc bit nhau. N c th l mt cng c gip cho cc qun tr mng theo di v bo tr h thng mng ca mnh. Cng nh theo hng tiu cc n c th l mt chng trnh c ci vi mt h thng mng my tnh vi mc ch nh hi, nghe ln cc thng tin trn on mng ny Di y l mt s tnh nng ca Sniffer c s dng theo c hng tch cc v tiu cc : T ng chp cc tn ngi s dng (Username) v mt khu khng c m ho (Clear Text Password). Tnh nng ny thng c cc Hacker s dng tn cng h thng ca chng ta. Chuyn i d liu trn ng truyn nhng qun tr vin c th c v hiu c ngha ca nhng d liu . Bng cch nhn vo lu lng ca h thng cho php cc qun tr vin c th phn tch nhng li ang mc phi trn h thng lu lng ca mng. V d nh : Ti sao gi tin t my A khng th gi c sang my B Mt s Sniffer tn tin cn c thm tnh nng t ng pht hin v cnh bo cc cuc tn cng ang c thc hin vo h thng mng m n ang hot ng (Intrusion Detecte Service). Ghi li thng tin v cc gi d liu, cc phin truynTng t nh hp en ca my bay, gip cc qun tr vin c th xem li thng tin v cc gi d liu, cc phin truyn sau s cPhc v cho cng vic phn tch, khc phc cc s c trn h thng mng. Cc giao thc c th s dng Sniffing Telnet v Rlogin : ghi li cc thng tin nh Password, usernames HTTP: Cc d liu gi i m khng m ha SMTP : Password v d liu gi i khng m ha NNTP : Password v d liu gi i khng m ha POP : Password v d liu gi i khng m ha FTP : Password v d liu gi i khng m ha IMAP : Password v d liu gi i khng m ha Phng thc hot ng Sniffer
7.3.
7.4.
Cng ngh Ethernet c xy dng trn mt nguyn l chia s. Theo mt khi nim ny th tt c cc my tnh trn mt h thng mng cc b u c th chia s ng truyn ca h thng mng . Hiu mt cch khc tt c cc my tnh u c kh nng nhn thy lu lng d liu c truyn trn ng truyn chung . Nh vy phn cng Ethernet c xy dng vi tnh nng lc v b qua tt c nhng d liu khng thuc ng truyn chung vi n. N thc hin c iu ny trn nguyn l b qua tt c nhng Frame c a ch MAC khng hp l i vi n. Khi Sniffer c tt tnh nng lc ny v s dng ch hn tp (promiscuous mode). N c th nhn thy tt c lu lng thng tin t my B n my C, hay bt c lu lng thng tin gia bt k my no trn h thng mng. Min l chng cng nm trn mt h thng mng. 7.4.1. Active L Sniffing qua Switch, n rt kh thc hin v d b pht hin. Attacker thc hin loi tn cng ny nh sau: Attacker kt ni n Switch bng cch gi a ch MAC nc danh Switch xem a ch kt hp vi mi khung (frame) My tnh trong LAN gi d liu n cng kt ni 7.4.2. Passive y l loi Sniffing ly d liu ch yu qua Hub. N c gi l Sniffing th ng v rt kh c th pht hin ra loi Sniffing ny. Attacker s dng my tnh ca mnh kt ni n Hub v bt u Sniffing 7.5. Cc kiu tn cng 7.5.1. Man in the Middle Mt trong nhng tn cng mng thng thy nht c s dng chng li nhng c nhn v cc t chc ln chnh l cc tn cng MITM (Man in the Middle). C th hiu nm na v kiu tn cng ny th n nh mt k nghe trm. MITM hot ng bng cch thit lp cc kt ni n my tnh nn nhn v relay cc message gia chng. Trong trng hp b tn cng, nn nhn c tin tng l h ang truyn thng mt cch trc tip vi nn nhn kia, trong khi s thc th cc lung truyn thng li b thng qua host ca k tn cng. V kt qu l cc host ny khng ch c th thng dch d liu nhy cm m n cn c th gi xen vo cng nh thay i lung d liu kim sot su hn nhng nn nhn ca n. Gi s hacker mun theo di hostA gi thng tin g cho hostB. u tin hacker s gi gi Arp reply n hostA vi ni dung l a ch MAC ca hacker v a ch IP ca hostB. Tip theo
hacker s gi gi Arp reply ti hostB vi ni dung l MAC ca my hacker v IP ca hostA. Nh vy c hai hostA v hostB u tip nhn gi Arp reply v lu vo trong Arp table ca mnh. n lc ny khi hostA mun gi thng tin cho hostB n lin tra vo Arp table thy c sn thng tin v a ch MAC ca hostB nn hostA s ly thng tin ra s dng, nhng thc cht a ch MAC l ca hacker. ng thi my tnh ca hacker s m chc nng gi l IP Forwarding gip chuyn ti ni dung m hostA gi qua hostB. HostA v hostB giao tip bnh thng v khng c cm gic b qua my trung gian l my ca hacker. Trong trng hp khc, hacker s nghe ln thng tin t my chng ta n Gateway. Nh vy mi hng ng ra internet ca chng ta u b hacker ghi li ht, dn n vic mt mt cc thng tin nhy cm. 7.5.2. MAC Flooding Kiu tn cng lm trn bng CAM da vo im yu ca thit b chuyn mch: bng CAM ch cha c mt s hu hn cc nh x (v d nh switch Catalysh 6000 c th cha c ti a 128000 nh x) v cc nh x ny khng phi tn ti mi mi trong bng CAM . Sau mt khong thi gian no , thng l 300 s,nu a ch ny khng c dng trong vic trao i thng tin th n s b g b khi bng. Khi bng CAM c in y, tt c thng tin n s c gi n tt c cc cng ca n tr cng n nhn c. Lc ny chc nng ca switch khng khc g chc nng ca mt hub. Cch tn cng ny cng dng k thut Arp poisoning m i tng nhm n l Switch. Hacker s gi nhng gi Arp reply gi to vi s lng khng l nhm lm Switch x l khng kp v tr nn qu ti. Khi Switch s khng sc th hin bn cht Layer2 ca mnh na m broadcast gi tin ra ton b cc port ca mnh. Hacker d dng bt c ton b thng tin trong mng ca chng ta. 7.6. Phng chng sniffer
ngn chn nhng k tn cng mun Sniffer Password. Chng ta ng thi s dng cc giao thc, phng php m ho password cng nh s dng mt gii php chng thc an ton (Authentication): 1. SMB/CIFS: Trong mi trng Windows/SAMBA chng ta cn kch hot tnh nng LANmanager Authencation.
2. Keberos: Mt gii php chng thc d liu an ton c s dng trn Unix cng nh Windows: Kerberos Users Frequently Asked Questions 1.14. 3. Stanford SRP (Secure Remote Password):Khc phc c nhc im khng m ho Password khi truyn thong ca 2 giao thc FTP v Telnet trn Unix: The SRP Project. 4. OpenSSH:Khi chng ta s dng Telnet, FTP2 giao thc chun ny khng cung cp kh nng m ho d liu trn ng truyn. c bit nguy him l khng m ho Password, chng ch gi Password qua ng truyn di dng Clear Text. iu g s xy ra nu nhng d liu nhy cm ny b Sniffer. OpenSSH l mt b giao thc c ra i khc phc nhc im ny: ssh (s dng thay th Telnet), sftp (s dng thay th FTP) 5. VPNs (Virtual Private Network):c s dng m ho d liu khi truyn thong trn Internet. Tuy nhin nu mt Hacker c th tn cng v tho hip c nhng Node ca ca kt ni VPN , th chng vn c th tin hnh Sniffer c. 6. Static ARP Table: Rt nhiu nhng iu xu c th xy ra nu c ai thnh cng thuc c bng ARP ca mt my tnh trn mng ca chng ta. nhng lm th no chng ta ngn chn mt ai c gng u c bng ARP. Mt cch ngn chn nhng tc ng xu ca hnh vi ny l to mc bng ARP tnh cho tt c cc thit b trn on mng a phng ca chng ta. Khi iu ny c thc hin, ht nhn s b qua tt c cc cu tr li ARP cho a ch IP c th c s dng trong cc mc nhp v s dng a ch MAC ch nh thay th.
S dng cu lnh arp a xem bng ARP. Cu lnh arp s <IP><MAC> gn tnh a ch MAC vi a ch IP tng ng. Cu lnh arp d xa bng ARP v cc a ch MAC t nhn ng cc a ch IP.
7. Qun l port console trn Switch: Mt h iu hnh ca Switch Cisco c qun l port, dy Console(line con 0) m n cung cp s truy xut trc tip n Switch cho s qun tr. Nu s qun l port c ci t qu lng lo th Switch c th b nh hng bi cc cuc tn cng. Gii php l ci t mt ti khon duy nht cho mi nh qun tr khi truy xut bng dy Console. Lnh sau ch ra 1 v d v vic to 1 ti khon cp privilged v ci t cp privilege thnh mc nh(0) cho dy Console . cp privileged 0 l cp thp nht ca Switch Cisco v cho php ci t rt t lnh. Ngi qun tr c th lm tng cp privileged ln 15 bng cu lnh enable. Cng vy, ti khon ny cng c th c truy xut t dy virtual terminal. Switch(config)# username athena privilege 0 Switch(config)# line con 0 Switch(config-line)# privilege level 0
S dng nhng dng hng dn sau to password an ton: password t nht l 8 k t; khng l nhng t c bn; v thm vo t nht 1 k t c bit hay s nh:!@#$%^&*()|+_; thay i password t nht l 3 thng 1 ln. S dng: Switch(config)# username ljones secret g00d-P5WD Switch(config)# line con 0 Switch(config-line)# login local 8. Port Security: Port Security gii hn s lng ca da ch MAC hp l c cho php trn Port. Tt c nhng port trn Switch hoc nhng interface nn c m bo trc khi trin khai.Theo cch ny, nhng t tnh c ci t hoc g b nh l nhng yu cu thm vo hoc lm di thm nhng t tnh 1 cch ngu nhin hoc l nhng kt qu bo mt vn d c sn.Nn nh rng Port Security khng s dng cho nhng Port access ng hoc port ch cho ngi phn tch Switch Port. V cho n khi Port security bt tnh nng Port trn Switch nhiu nht c th.V d sau cho thy dng lnh shutdonw mt interface hoc mt mng cc interface:
Single interface: Switch(config)# interface <interface> Switch(config-if)# shutdown Range of interfaces: Switch(config)# interface range fastethernet 0/2 8 Switch(config-if-range)# shutdown Port Security c kh nng lm thay i s ph thuc trn ch Switch v phin bn IOS. Mi Port hot ng c th b hn ch bi s lng ti a a ch MAC vi hnh dng la chn cho bt k s vi phm no. Nhng vi phm ny c th lm drop gi tin ( violation protect ) hoc drop v gi thng ip (restrict or action trap) hoc shutdown port hon ton( violation shutdown or action shutdown). Shutdown l trng thi mc nh , m bo hu ht protect v restrict c hai u yu cu theo di a ch MAC m n c quan st v ph hu ti nguyn x l hn l shutdown. a ch MAC c thu thp mt cch t ng vi vi Switch h tr Entry tnh v Sticky Entry. Entry tnh th c cu hnh bng tay thm vo trn mi port (e.g., switchport portsecurity mac- address mac- address) v c lu li trong file cu hnh.. Sticky Entry c xem nh l Entry tnh, ngoi n c hc mt cch t ng . Nhng Entry ng tn ti c chuyn sang Sticky Entry sau khi s dng cu lnh (switchport port-security mac- address Stickey). Nhng Entry ng c c lu li trong file cu hnh (switchport portsecurity mac- address Stickey mac- address) nu file cu hnh c lu v chy th a ch MAC khng cn hc li ln na cho vic restart ln sau. V cng vy mt s lng ti a a ch MAC c th c ci t bng cu lnh sau(e.g.,switchport port-security maximun value) . Ngi qun tr c th bt tnh nng cu hnh a ch MAC tnh trn cc port bng cch s dng cu lnh switchport port-security aging static. Lnh aging time (e.g., switchport portsecurity aging time time) c th t di dng pht. ng thi dng lnh aging c th t cho s khng hot ng (e.g., switchport port-security aging type inactivity), iu ny c ngha l tui cc a ch c cu hnh trn port ngoi nu khng c d liu lu thng t nhng a ch ny cho khai bo tng phn bng dng lnh aging time. t tnh ny cho php tip tc truy cp n s lng nhng da ch gii hn . V d: + Nhng dng lnh sau dng gii hn tnh mt cng trn CatalystSwitch 3550.
Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security violation shutdown Switch(config-if)# switchport port-security maximum 1 Switch(config-if)# switchport port-security mac-address0011.2233.4455 Switch(config-if)# switchport port-security aging time 10 Switch(config-if)# switchport port-security aging type inactivity
+ Nhng dng lnh sau gii hn ng mt cng trn Catalyst Switch 3550. Ch nhng dng lnh aging khng c s dng vi nhng a ch sticky MAC. Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security violation shutdown Switch(config-if)# switchport port-security maximum 1 Switch(config-if)# switchport port-security mac-address sticky
Ch khi c s vi phm port security xy ra th ngay lp tc n s tr thnh trng thi error-disable v n LED s tt. Switch cng s gi mt thng ip SNMP trap, logs (syslog) v lm tng ln s phn i ca xm nhp. Khi mt port o trng thi error-disable, ngi qun tr c th a n ra khi trng thi ny bng cch s dng dng lnh ch ton cc errdisable recovery cause psecure-violation hoc dng lnh shutdown v no shutdown trn cng c cu hnh. C mt s vn quan trng pht sinh khi cu hnh port security trn port kt ni n mt IP phone. Mt d port security khng c s dng trn Trunk port, a ch MAC phn i vic xem xt viec gn VLAN ca gi tin n. Cng IP phone gi gi tin ra 2 Vlan s c 2 bng entries c chia ra trong bng MAC v th n s m 2 ln ln n maximum MAC. Khi IP Phone c th s dng 2 gi tin khng c gn vo (untagged, e.g., Layer 2 CDP protocol ) v gi tin Voice Vlan c gn(tagged); a ch MAC ca IP Phone s c thy trn c 2 native VLAN v Voice VLAN. V vy n s c m 2 ln. Vic t ti a a ch MAC cho 1 port kt ni n 1 IP Phone cho trng hp nhiu my tnh tn cng vo IP Phone. Nhng my tnh truyn hp l s dng nhiu a ch MAC phi c cu hnh tnh ton. Mt kh nng mi bo m cho nhng port ca Switch nhanh hn v thch hp hn l macros. Macros cho php nhm nhng port sn sng m nhng lnh c chp nhn bng cu hnh tay. Bt k dng lnh no c thm vo bng vic s dng k t # ti u mi dng lnh v kt thc bi k t@.
V d sau y to ra s ngn cn security macro gi l unused bo m trn nhng port hoc trn nhng interface trn Switch 3550. Switch(config)# macro name unused Sau khi to s gn cm security macro, unused, p t macro trn tt c cc port ca Switch nh s bo m ranh gii vi cc dng lnh sau. Switch(config)# interface range fasteth0/1 24 , giga0/1 2 Switch(config-if-range)# macro apply unused Sau khi macros c xy dng tnh bo m da trn unused macro c thit lp bt tnh nng bo mt d h tr tt c cc h thng theo mong i.. Switch(config)# macro name host Vic chp nhn nhng macros s ch lm thay i n tnh bo m nhng bin c yu cu cho nhng port h tr hon ton nhng h thng thch hp. Ngi qun tr c th s dng cu lnh macro trace thay th cho cu lnh macro a pply bi v cu lnh macro trace c th xc nh debugging ca macros. Thng xuyn s dng show parser macro description bit macro cui cng c p ln mi port. Cui cng a ch MAC tnh v port security p trn mi port ca Switch c th tr thnh gnh nng cho ngi qun tr. Port Access Control List (PACLs) c th cung cp kh nng bo mt tng t nh a ch MAC tnh v port security v PACLs cng cung cp nhiu tnh nng linh ng v iu khin.Vic cho php a ch MAC v a ch IP c th c chia v c xem xt t pha ca mt Switch m rng. Mt s cng c gip sniffer v pht hin cc gi Sniffer: Cain & Able : Mt cng c sniffer ton din vi nhiu cch thc scan bt gi tin, gii m d liu... AntiSniff: cng c pht hin cc gi Sniffer ton din hiu qu.. CPM (Check Promiscuous Mode): Cng c c pht trin bi Carnegie-Mellon nhm gip kim tra Sniffer trn cc h thng UNIX.

Tailieu CCNA Thuc Hanh Cau Hinh Routing Tren GNS3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tailieu CCNA Thuc Hanh Cau Hinh Routing Tren GNS3

Uploaded by

Copyright:

Available Formats

TI LIU CCNA THC HNH CU HNH ROUTING TRN GNS3

II. GII THIU V ROUTER & MT S CU HNH C BN .............................................................18 1.

GII THIU .......................................................................................................................................................34 1.

6.4. 6.5. 6.6. 7.

7.4.1. 7.4.2. 7.5. 7.6. 1. 2. 3. 4. 5. 6. 7. 8.

TNG QUAN V PHN MM M PHNG GNS3

Sau khi ti phn mm v chng ta bt u tin hnh ci t: Chn GNS3-0.8.3.1-win32all-in-one.exe

Chn I Agree ng vi cc iu khon v tip tc ci t.

Chn tn to nn th mc mi trn programs shortcuts -> nhn Next >

Chn ci t thm cc phn mm b tr i km vi GNS3 -> nhn Next >

Chn ng dn phn vng ci t phn mm -> nhn Install tin hnh ci t.

Th chy mt router 2600 khi cu hnh xong GNS3.

Cu hnh IP trn card my tht.

Thc hin kt ni trn GNS3 gia router vi Cloud.

Ci t card mng tng ng cho my o trn Vmware.

GII THIU V ROUTER & MT S CU HNH C BN

Ch giao tip dng lnh CLI

Cu hnh cng Ethernet

3. NH TUYN V CC GIAO THC NH TUYN

Gi d liu c nh tuyn theo cc ng c nh ny . Cu hnh nh tuyn tnh

2. TNG QUAN V NH TUYN NG

Mc ch ca giao thc nh tuyn v h thng t qun

4. TNG QUAN V GIAO THC NH TUYN RIP

Show interface interface. Show ip interface interface. Show running config

X l s c v hot ng cp nht ca RIP

Router(config- router)#passive- interface Fa0/0. 4.8. Loadbalancing RIPv2

5. TNG QUAN V GIAO THC NH TUYN OSPF

Thay i gi tr chi ph v chia ti ca OSPF.

OSPF thc hin qung b ng mc nh

7. SNIFFER TRONG MNG CISCO V CCH PHNG CHNG

You might also like