Professional Documents
Culture Documents
v
Thit b mng
Ebook 4 U
ebook.vinagrid.com
Mc lc
LI NI U ...............................................................................................................5
PHN I: KHI QUT V CNG NGH MNG ......................................................6
CHNG 1: TNG QUAN V CNG NGH MNG MY TNH V MNG
CC B.........................................................................................................................6
MUC 1: MNG MY TNH ........................................................................................6
1. GII THIU MNG MY TNH ............................................................................6
1.1. nh ngha mng my tnh v mc ch ca vic kt ni mng .............................6
1.1.1. Nhu cu ca vic kt ni mng my tnh.............................................................6
1.1.2. nh ngha mng my tnh...................................................................................6
1.2. c trng k thut ca mng my tnh ...................................................................7
1.2.1. ng truyn .......................................................................................................7
1.2.2. K thut chuyn mch .........................................................................................7
1.2.3. Kin trc mng.....................................................................................................7
1.2.4. H iu hnh mng ..............................................................................................8
1.3. Phn loi mng my tnh.........................................................................................8
1.3.1. Phn loi mng theo khong cch a l :............................................................8
1.3.2. Phn loi theo k thut chuyn mch: .................................................................8
1.3.3. Phn loi theo kin trc mng s dng ................................................................9
1.3.4. Phn loi theo h iu hng mng .......................................................................9
1.4. Cc mng my tnh thng dng nht ......................................................................9
1.4.1. Mng cc b.........................................................................................................9
1.4.2. Mng din rng vi kt ni LAN to LAN ...........................................................9
1.4.3. Lin mng INTERNET......................................................................................10
1.4.4. Mng INTRANET .............................................................................................10
2. MNG CC B, KIN TRC MNG CC B .................................................10
2.1. Mng cc b..........................................................................................................10
2.2. Kin trc mng cc b ..........................................................................................10
2.2.1. hnh mng (Network Topology) ..................................................................10
2.3. Cc phng php truy cp ng truyn vt l....................................................12
3. CHUN HO MNG MY TNH........................................................................13
3.1. Vn chun ho mng v cc t chc chun ho mng.....................................13
3.2. M hnh tham chiu OSI 7 lp..............................................................................13
3.3. Cc chun kt ni thng dng nht IEEE 802.X v ISO 8802.X .........................14
MC 2: CAC THIT B MNG THONG DNG VA CAC CHUN KT NI VT
L ................................................................................................................................15
1.CC THIT B MNG THNG DNG ................................................................15
1.1. Cc loi cp truyn................................................................................................15
1.1.1. Cp i dy xon (Twisted pair cable) ..............................................................15
1.1.2. Cp ng trc (Coaxial cable) bng tn c s ...................................................15
1.1.3. Cp ng trc bng rng (Broadband Coaxial Cable).......................................16
1.1.4. Cp quang ..........................................................................................................16
1.2. Cc thit b ghp ni .............................................................................................17
1.2.1. Card giao tip mng (Network Interface Card - NIC) ....................................17
1.2.2. B chuyn tip (REPEATER ) ..........................................................................17
1.2.3. Cc b tp trung (Concentrator hay HUB) ........................................................17
1.2.4. Switching Hub (hay cn gi tt l switch).........................................................17
1.2.5. Modem ...............................................................................................................18
1.2.6. Multiplexor - Demultiplexor..............................................................................18
1.2.7. Router.................................................................................................................18
2. MT S KIU NI MNG THNG DNG V CC CHUN .........................19
1
Ebook 4 U
ebook.vinagrid.com
Mc lc
2.1.Cc thnh phn thng thng trn mt mng cc b ............................................18
2.2. Kiu 10BASE5......................................................................................................19
2.3. Kiu 10BASE2......................................................................................................19
2.4. Kiu 10BASE-T....................................................................................................20
2.5. Kiu 10BASE-F ....................................................................................................20
CHNG 2: GII THIU GIAO THC TCP/IP......................................................22
1. GIAO THC IP...........................................................................................................
1.1. H giao thc TCP/IP.............................................................................................21
1.2. Chc nng chnh ca - Giao thc lin mng IP(v4) .............................................23
1.3. a ch IP .............................................................................................................23
1.4. Cu trc gi d liu IP ..........................................................................................24
1.5. Phn mnh v hp nht cc gi IP........................................................................25
1.6. nh tuyn IP ........................................................................................................25
2. MT S GIAO THC IU KHIN ...................................................................26
2.1. Giao thc ICMP ....................................................................................................26
2.2. Giao thc ARP v giao thc RARP......................................................................26
3.1. Giao thc TCP ......................................................................................................27
3.1.1 Cu trc gi d liu TCP ....................................................................................27
3.1.2 Thit lp v kt thc kt ni TCP .......................................................................28
PHN II: QUN TR MNG.....................................................................................30
CHNG 3: TNG QUAN V B NH TUYN .................................................33
1. L THUYT V B NH TUYN.....................................................................33
1.1. Tng quan v b nh tuyn..................................................................................32
1.2. Cc chc nng chnh ca b nh tuyn, tham chiu m hnh OSI ......................32
1.3. Cu hnh c bn v chc nng ca cc b phn ca b nh tuyn......................34
2. GII THIU V B NH TUYN CISCO.........................................................35
2.1. Gii thiu b nh tuyn Cisco .............................................................................35
2.2. Mt s tnh nng u vit ca b nh tuyn Cisco ...............................................36
2.3. Mt s b nh tuyn Cisco thng dng ...............................................................36
2.4. Cc giao tip ca b nh tuyn Cisco..................................................................40
2.5. Kin trc module ca b nh tuyn Cisco...........................................................41
3. CCH S DNG LNH CU HNH B NH TUYN ...................................47
3.1. Gii thiu giao tip dng lnh ca b nh tuyn Cisco.......................................47
3.2. Lm quen vi cc ch cu hnh........................................................................50
3.3. Lm quen vi cc lnh cu hnh c bn................................................................53
3.4. Cch khc phc mt s li thng gp.................................................................60
4. CU HNH B NH TUYN CISCO .................................................................61
4.1. Cu hnh leased-line..............................................................................................61
4.2. Cu hnh X.25 & Frame Relay .............................................................................65
4.3. Cu hnh Dial-up...................................................................................................80
4.4. nh tuyn tnh v ng........................................................................................83
5. B CHUYN MCH LP 3..................................................................................89
5.1. Tng quan v kin trc b chuyn mch lp 3 .....................................................89
5.2. nh tuyn trn b chuyn mch lp 3 .................................................................91
5.3. S lc v cc b chuyn mch lp 3 thng dng ca Cisco...............................92
6. BI TP THC HNH S DNG B NH TUYN CISCO..........................95
Bi 1: Thc hnh nhn din thit b, u ni thit b...................................................94
Bi 2: Thc hnh cc lnh c bn................................................................................94
Bi 3: Cu hnh b nh tuyn vi m hnh u ni leased-line..................................94
Bi 4: Cu hnh b nh tuyn vi Dial-up..................................................................94
2
Ebook 4 U
ebook.vinagrid.com
Mc lc
Thit b phng lab ........................................................................................................95
CHNG 4: H THNG TN MIN DNS ..............................................................96
1. GII THIU ............................................................................................................96
1.1. Lch s hnh thnh ca DNS.................................................................................96
1.2. Mc ch ca h thng DNS.................................................................................96
2. DNS SERVER V CU TRC C S D LIU TN MIN............................98
2.1.Cu trc c s d liu ............................................................................................98
2.2. Phn loi DNS server v ng b d liu gia cc DNS server.........................101
3. HOT NG CA H THNG DNS ................................................................105
4. BI TP THC HNH .......................................................................................109
Bi 1: Ci t DNS Server cho Window 2000 ..........................................................109
Bi 2: Ci t, cu hnh DNS cho Linux ...................................................................118
CHNG 5: DCH V TRUY CP T XA V DCH V PROXY....................128
MC 1: DCH V TRUY CP T XA (REMOTE ACCESS)...............................128
1. CC KHI NIM V CC GIAO THC. .........................................................128
1.1. Tng quan v dch v truy cp t xa...................................................................128
1.2. Kt ni truy cp t xa v cc giao thc s dng trong truy cp t xa ................129
1.3. Modem v cc phng thc kt ni vt l..........................................................133
2. AN TON TRONG TRUY CP T XA.............................................................135
2.1. Cc phng thc xc thc kt ni ......................................................................135
2.2. Cc phng thc m ha d liu ........................................................................137
3. TRIN KHAI DCH V TRUY CP T XA .....................................................138
3.1. Kt ni gi vo v kt ni gi ra.........................................................................138
3.2. Kt ni s dng a lung (Multilink) .................................................................139
3.3. Cc chnh sch thit lp cho dch v truy nhp t xa .........................................140
3.4. S dng dch v gn a ch ng DHCP cho truy cp t xa .............................141
3.5. S dng RadiusServer xc thc kt ni cho truy cp t xa. ..........................142
3.6. Mng ring o v kt ni dng dch v truy cp t xa .......................................144
3.7. S dng Network and Dial-up Connection.........................................................145
3.8. Mt s vn x l s c trong truy cp t xa ..................................................146
4. BI TP THC HNH .......................................................................................147
Bi 1: Thit lp dialup networking to ra kt ni Internet. truy cp Internet v gii
thiu cc dch v c bn.............................................................................................147
Bi 2: Ci t v cu hnh dch v truy cp t xa cho php ngi dng t xa truy cp
vo mng trn h iu hnh Windows 2000 server. ..................................................148
Bi 3: Cu hnh VPN server v thit lp VPN Client, kim tra kt ni t VPN Client
ti VPN server ...........................................................................................................151
MC 2 : DCH V PROXY - GII PHP CHO VIC KT NI MNG DNG
RING RA INTERNET ............................................................................................152
1. CC KHI NIM .................................................................................................152
1.1. M hnh client server v mt s kh nng ng dng ..........................................152
1.2. Socket..................................................................................................................153
1.3. Phng thc hot ng v c im ca dch v Proxy.....................................155
1.4. Cache v cc phng thc cache ........................................................................157
2. TRIN KHAI DCH V PROXY.........................................................................159
2.1. Cc m hnh kt ni mng ..................................................................................159
2.2. Thit lp chnh sch truy cp v cc qui tc .......................................................162
2.3. Proxy client v cc phng thc nhn thc........................................................165
2.4. NAT v proxy server ..........................................................................................169
3. CC TNH NNG CA PHN MM MICROSOFT ISA SERVER 2000........171
3
Ebook 4 U
ebook.vinagrid.com
Mc lc
3.1. Cc phin bn......................................................................................................171
3.2. Li ch .................................................................................................................171
3.3. Cc ch ci t ...............................................................................................172
3.4. Cc tnh nng ca mi ch ci t .................................................................173
4. BI TP THC HNH. ......................................................................................174
Bi 1: Cc bc ci t c bn phn mm ISA server 2000. ....................................174
Bi 2: Cu hnh ISA Server 2000 cho php mt mng ni b c th truy cp, s dng
cc dch v c bn trn Internet qua 01 modem kt ni qua mng PSTN.................176
Bi 3: Thit t cc chnh sch cho cc yu cu truy cp v s dng cc dch v trn
mng internet. ............................................................................................................178
CH NG 6: BO MT H THNG V FIREWALL .........................................185
1. BO MT H THNG........................................................................................182
1.1. Cc vn chung v bo mt h thng v mng................................................182
1.1.1. Mt s khi nim v lch s bo mt h thng ................................................182
1.1.2. Cc l hng v phng thc tn cng mng ch yu ......................................184
1.1.3. Mt s im yu ca h thng .........................................................................194
1.1.4. Cc mc bo v an ton mng .........................................................................195
1.2. Cc bin php bo v mng my tnh .................................................................196
1.2.1. Kim sot h thng qua logfile ........................................................................196
1.2.2. Thit lp chnh sch bo mt h thng.............................................................204
2. TNG QUAN V H THNG FIREWALL ..211
2.1. Gii thiu v Firewall .........................................................................................208
2.1.1. Khi nim Firewall ..........................................................................................208
2.1.2. Cc chc nng c bn ca Firewall .................................................................208
2.1.3. M hnh mng s dng Firewall ......................................................................208
2.1.4. Phn loi Firewall ............................................................................................210
2.2. Mt s phn mm Firewall thng dng ..............................................................214
2.2.1. Packet filtering .................................................................................................214
2.2.2. Application-proxy firewall...............................................................................215
2.3. Thc hnh ci t v cu hnh firewall Check Point v4.0 for Windows ............215
2.3.1. Yu cu phn cng: .........................................................................................215
2.3.2. Cc bc chun b trc khi ci t: ...............................................................216
2.3.3. Tin hnh ci t..............................................................................................217
2.3.4. Thit lp cu hnh.............................................................................................228
TI LIU THAM KHO .........................................................................................229
4
Ebook 4 U
ebook.vinagrid.com
Mc lc
Li ni u
Gio trnh Qun tr mng v cc thit b mng c bin son vi mc tiu
cung cp cc kin thc l thuyt v thc hnh qun tr ch yu cho cc h
thng thit b quan trng nn tng ca mng my tnh hin i. Gio trnh
gm 2 phn :
Phn 1. Khi qut v mng my tnh : Bao gm nhng khi nim nh
ngha c bn nht v mng my tnh, phn loi mng my tnh, gii
thiu cc giao thc mng, c bit l giao thc TCP/IP. Cc c s l
thuyt a ra trong chng ny i hi hc vin phi nm vng c
th tip thu c cc ni dung trong phn 2. Tuy vy, nu hc vin
t trang b cc kin thc c bn trn hoc c o to theo gio
trnh Thit k v xy dng mng LAN v WAN ca n 112 c
th b qua ni dung ca phn mt v hc vo ni dung ca phn 2
gio trnh
Phn 2. Qun tr mng : y l phn ni dung chnh ca gio trnh
Qun tr mng v cc thit b mng bao gm 4 chng cung cp cc
kin thc l thuyt v k nng qun tr c bn vi cc thnh phn trng
yu ca mng bao gm b nh tuyn, b chuyn mch, h thng tn
min, h thng truy cp t xa, h thng proxy, h thng bc tng la
(firewall). Cc ni dung bin son v k nng thc hnh qun tr gip
hc vin c cc kin thc thc t c th bt tay vo cng tc qun
tr mng cho n v.
Do phm vi rng ca cng tc qun tr mng, gio trnh ny khng bao gm
ht c mi ni dung ca cng tc qun tr mng. Hc vin c nhu cu nn
tham kho thm cc gio trnh khc ca n 112 nh :
-
Gio trnh c bin son ln u tin nn khng trnh khi c nhng thiu
st. Nhm bin son rt mong nhn c cc gp t pha cc hc vin, bn
c c th hon thin ni dung gio trnh tt hn.
5
Ebook 4 U
ebook.vinagrid.com
Chng 1
Tng quan v cng ngh
mng my tnh v mng cc b
Mc 1: Mng my tnh
1. Gii thiu mng my tnh
1.1. nh ngha mng my tnh v mc ch ca vic kt ni mng
1.1.1. Nhu cu ca vic kt ni mng my tnh
Vic ni my tnh thnh mng t lu tr thnh mt nhu cu khch
quan v :
- C rt nhiu cng vic v bn cht l phn tn hoc v thng tin, hoc v x
l hoc c hai i hi c s kt hp truyn thng vi x l hoc s dng
phng tin t xa.
- Chia s cc ti nguyn trn mng cho nhiu ngi s dng ti mt thi im
( cng, my in, CD ROM . . .)
- Nhu cu lin lc, trao i thng tin nh phng tin my tnh.
- Cc ng dng phn mm i hi ti mt thi im cn c nhiu ngi s
dng, truy cp vo cng mt c s d liu.
1.1.2. nh ngha mng my tnh
Ni mt cch ngn gn th mng my tnh l tp hp cc my tnh c
lp c kt ni vi nhau thng qua cc ng truyn vt l v tun theo cc
quy c truyn thng no .
Khi nim my tnh c lp c hiu l cc my tnh khng c my no c
kh nng khi ng hoc nh ch mt my khc.
Cc ng truyn vt l c hiu l cc mi trng truyn tn hiu vt l (c
th l hu tuyn hoc v tuyn).
Cc quy c truyn thng chnh l c s cc my tnh c th "ni chuyn"
c vi nhau v l mt yu t quan trng hng u khi ni v cng ngh
mng my tnh.
6
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
8
Ebook 4 U
ebook.vinagrid.com
9
Ebook 4 U
ebook.vinagrid.com
10
Ebook 4 U
ebook.vinagrid.com
Hub
11
Ebook 4 U
ebook.vinagrid.com
HUB
Hub
Hub
B chuyn
i cp
Hnh 1.4. Mt kt ni hn hp
2.3. Cc phng php truy cp ng truyn vt l
Trong mng cc b, tt c cc trm kt ni trc tip vo ng truyn
chung. Nu nhiu trm cng gi tn hiu ln ng truyn ng thi th tn
hiu s chng ln nhau v b hng. V vy cn phi c mt phng php t
chc chia s ng truyn vic truyn thng c ng n.
C hai phng php chia s ng truyn chung thng c dng
trong cc mng cc b:
- Truy nhp ng truyn mt cch ngu nhin, theo yu cu. ng nhin
phi c tnh n vic s dng lun phin v nu trong trng hp do c nhiu
trm cng truyn tin dn n tn hiu b trm ln nhau th phi truyn li. in
hnh ca phng php ny l giao thc truy cp CSMA/CD
12
Ebook 4 U
ebook.vinagrid.com
dng
hin
phin
Lp chuyn
(transport)
Lp
(network)
vn
mng
Lp lin kt d liu
(data link)
Lp
Ebook 4 U
vt
13
ebook.vinagrid.com
Chc nng c th ca tng lp theo m hnh OSI c th tham kho chi tit
thm trong gio trnh Thit k v xy dng mng LAN v WAN
3.3. Cc chun kt ni thng dng nht IEEE 802.X v ISO 8802.X
Bn cnh vic chun ho cho mng ni chung dn n kt qu c bn
nht l m hnh tham chiu OSI nh gii thiu, ngi ta cng chun ha cc
giao thc mng cc b LAN.
- Cc chun IEEE 802.x v ISO 8802.x
IEEE l t chc i tin phong trong lnh vc chun ho mng cc b vi
n IEEE 802 vi kt qu l mt lot cc chun thuc h IEEE 802.x ra i .
Cui nhng nm 80, t chc ISO tip nhn h chun ny v ban hnh thnh
chun quc t di m hiu tng ng l ISO 8802.x.
IEEE 802.: l chun c t kin trc mng, kt ni gia cc mng v vic qun
tr mng i vi mng cc b.
IEEE 802.2: l chun c t tng dch v giao thc ca mng cc b.
IEEE 802.3: l chun c t mt mng cc b da trn mng Ethernet ni
ting ca Digital, Intel v Xerox hp tc xy dng t nm 1980. Cc chun qui
nh vt l nh 10BASE5, 10BASE2, 10BASE-F,
IEEE 802.5: l chun c t mng cc b vi topo mng dng vng (ring)
dng th bi iu vic truy nhp ng truyn.
IEEE 802.11: l chun c t mng cc b khng dy (Wireless LAN) hin
ang c tip tc pht trin.
Ngoi ra trong h chun 802.x cn c cc chun IEEE 802.4, 802.6, 802.9,
802.10 v 802.12
14
Ebook 4 U
ebook.vinagrid.com
15
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
1.2.5. Modem
L tn vit tt t hai t iu ch (MOdulation) v gii iu ch
(DEModulation) l thit b cho php iu ch bin i tn hiu s sang tn
hiu tng t c th gi theo ng thoi v khi nhn tn hiu t ng
thoi c th bin i ngc li thnh tn hiu s.
1.2.6. Multiplexor - Demultiplexor
B dn knh c chc nng t hp nhiu tn hiu cng gi trn mt
ng truyn. B tch knh c chc nng ngc li ni nhn tn hiu
1.2.7. Router
Router l mt thit b dng ghp ni cc mng cc b vi nhau thnh
mng rng. Router thc s l mt my tnh lm nhim v chn ng cho cc
gi tin hng ra ngoi. Router c lp v phn cng v c th dng trn cc
mng chy giao thc khc nhau
IEEE 802.3
Kiu
10BASE5
10BASE2
10BASE-T
Kiu cp
Cp ng trc
Cp ng trc
Cp UTP
Tc
10 Mb/s
di cp ti a
500 m/segment
185 m/segment
100 m k
t HUB
S cc thc th
truyn thng
30 host / segment
S cng
ca HUB
18
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
20
Ebook 4 U
ebook.vinagrid.com
Chng 2
Gii thiu giao thc TCP/IP
1. Giao thc IP
1.1. H giao thc TCP/IP
S ra i ca h giao thc TCP/IP gn lin vi s ra i ca Internet m
tin thn l mng ARPAnet (Advanced Research Projects Agency) do B
Quc phng M to ra. y l b giao thc c dng rng ri nht v tnh m
ca n. Hai giao thc c dng ch yu y l TCP (Transmission Control
Protocol) v IP (Internet Protocol). Chng nhanh chng c n nhn v
pht trin bi nhiu nh nghin cu v cc hng cng nghip my tnh vi mc
ch xy dng v pht trin mt mng truyn thng m rng khp th gii m
ngy nay chng ta gi l Internet.
n nm 1981, TCP/IP phin bn 4 mi hon tt v c ph bin rng
ri cho ton b nhng my tnh s dng h iu hnh UNIX. Sau ny
Microsoft cng a TCP/IP tr thnh mt trong nhng giao thc cn bn
ca h iu hnh Windows 9x m hin nay ang s dng.
n nm 1994, mt bn tho ca phin bn IPv6 c hnh thnh vi s
cng tc ca nhiu nh khoa hc thuc cc t chc Internet trn th gii ci
tin nhng hn ch ca IPv4.
Khc vi m hnh ISO/OSI tng lin mng s dng giao thc kt ni
mng "khng lin kt" (connectionless) IP, to thnh ht nhn hot ng ca
Internet. Cng vi cc thut ton nh tuyn RIP, OSPF, BGP, tng lin mng
IP cho php kt ni mt cch mm do v linh hot cc loi mng "vt l" khc
nhau nh: Ethernet, Token Ring , X.25...
Giao thc trao i d liu "c lin kt" (connection - oriented) TCP
c s dng tng vn chuyn m bo tnh chnh xc v tin cy vic trao
i d liu da trn kin trc kt ni "khng lin kt" tng lin mng IP.
Cc giao thc h tr ng dng ph bin nh truy nhp t xa (telnet),
chuyn tp (FTP), dch v World Wide Web (HTTP), th in t (SMTP), dch
v tn min (DNS) ngy cng c ci t ph bin nh nhng b phn cu
thnh ca cc h iu hnh thng dng nh UNIX (v cc h iu hnh chuyn
dng cng h ca cc nh cung cp thit b tnh ton nh AIX ca IBM, SINIX
ca Siemens, Digital UNIX ca DEC), Windows9x/NT, Novell Netware,...
1.2. Chc nng chnh ca giao thc lin mng IP (v4)
21
Ebook 4 U
ebook.vinagrid.com
OSI
TCP/IP
Application
Presentation
Application
SMTP
TELNET
FTP
DNS
Session
Transprort
TCP
UDP
Network
ICMP
IGMP
IP
Data link
ARP
RARP
Physical
22
Ebook 4 U
ebook.vinagrid.com
Stream
Transport
Segment/datagram
Internet
Datagram
Network Access
Frame
ebook.vinagrid.com
Subneting
Trong nhiu trng hp, mt mng c th c chia thnh nhiu mng
con (subnet), lc c th a thm cc vng subnetid nh danh cc mng
con. Vng subnetid c ly t vng hostid, c th i vi 3 lp A, B, C nh
sau:
Netid
Subnetid
78
15 16
Netid
0
Lp A
hostid
23 24
31
Subnetid
78
15 16
Netid
23 24
Lp B
hostid
26 27
31
Subnetid
Lp C
hostid
Bit 31
HLEN Service type
Identification
Time to live
Toltal length
Flags
Protocol
Fragment offset
Header checksum
Source IP address
Header
Destination IP address
IP options (maybe none)
Padding
ebook.vinagrid.com
00
2000
1 1
0 0 0 0
05
06
checksum
128.82.24.12
1. fragment
04 05
00
1500
1 1
1 0 0 0
05
06
checksum
128.82.24.12
2.fragment
04 05
00
520
1 1
0 0 0 0
05
06
checksum
128.82.24.12
192.12.2.5
192.12.2.5
192.12.2.5
Data
1980 byte
Data
1480 byte
Data
500 byte
25
Ebook 4 U
ebook.vinagrid.com
Host A1
Host C1
Gateway
Application
Transport
Internet
Network
Access
Gateway
Internet
Network
Network A
Application
Transport
Internet
Network
Access
Internet
Network
Network B
Network C
78
15 16
type (5)
Code(0-3)
31
Checksum
a ch IP ca Router mc nh
IP header (gm option) v 8 bytes u ca gi d liu IP ngun
ebook.vinagrid.com
31
Source port
Destination port
Sequence number
Acknowledgment number
Data
Resersed U A P R S F
Offset
R C S S Y
Window
G K H T N N
Checksum
Urgent pointer
Options
Padding
TCP data
27
Ebook 4 U
ebook.vinagrid.com
C th tham kho ni dung chi tit cc trng trong gio trnh Thit k v
xy dng mng LAN v WAN
Mt tin trnh ng dng trong mt host truy nhp vo cc dch v ca
TCP cung cp thng qua mt cng (port) nh sau:
Mt cng kt hp vi mt a ch IP to thnh mt socket duy nht
trong lin mng. TCP c cung cp nh mt lin kt logic gia mt cp
socket. Mt socket c th tham gia nhiu lin kt vi cc socket xa khc
nhau. Trc khi truyn d liu gia hai trm cn phi thit lp mt lin kt
TCP gia chng v khi kt thc phin truyn d liu th lin kt s c gii
phng. Cng ging nh cc giao thc khc, cc thc th tng trn s dng
TCP thng qua cc hm dch v nguyn thu (service primitives), hay cn gi
l cc li gi hm (function call).
3.1.2 Thit lp v kt thc kt ni TCP
Thit lp kt ni
Thit lp kt ni TCP c thc hin trn c s phng thc bt tay ba
bc (Tree - way Handsake) hnh sau. Yu cu kt ni lun c tin trnh
trm khi to, bng cch gi mt gi TCP vi c SYN=1 v cha gi tr khi
to s tun t ISN ca client. Gi tr ISN ny l mt s 4 byte khng du v
c tng mi khi kt ni c yu cu (gi tr ny quay v 0 khi n ti gi tr
232). Trong thng ip SYN ny cn cha s hiu cng TCP ca phn mm
dch v m tin trnh trm mun kt ni (bc 1).
Mi thc th kt ni TCP u c mt gi tr ISN mi s ny c tng
theo thi gian. V mt kt ni TCP c cng s hiu cng v cng a ch IP
c dng li nhiu ln, do vic thay i gi tr INS ngn khng cho cc kt
ni dng li cc d liu c (stale) vn cn c truyn t mt kt ni c v
c cng mt a ch kt ni.
Khi thc th TCP ca phn mm dch v nhn c thng ip SYN, n
gi li gi SYN cng gi tr ISN ca n v t c ACK=1 trong trng hp sn
sng nhn kt ni. Thng ip ny cn cha gi tr ISN ca tin trnh trm
trong trng hp s tun t thu bo rng thc th dch v nhn c gi
tr ISN ca tin trnh trm (bc 2).
Tin trnh trm tr li li gi SYN ca thc th dch v bng mt thng
bo tr li ACK cui cng. Bng cch ny, cc thc th TCP trao i mt cch
tin cy cc gi tr ISN ca nhau v c th bt u trao i d liu. Khng c
thng ip no trong ba bc trn cha bt k d liu g; tt c thng tin trao
i u nm trong phn tiu ca thng ip TCP (bc 3).
28
Ebook 4 U
ebook.vinagrid.com
TCP_A
TCP_B
Fin, Seq=x
Syn, Seq=x
Ack(x+1)
Syn, Seq=y
Ack(x+1)
Ack(y+1)
a) thit lp kt ni
Fin, Seq=y,
Ack(x+1)
Ack(y+1)
b) Kt thc kt ni
29
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
31
Ebook 4 U
ebook.vinagrid.com
Chng 3
Tng quan v b nh tuyn
Chng ba cung cp cc kin thc c bn v b nh tuyn trn mng v
cc b chuyn mch lp 3. Cc thit b ny l mt phn thit yu ca mng
my tnh hin i v l cc thit b h tng ct li. Cc minh ha tng tn v
cu trc ca cc sn phm hng Cisco s gip hc vin nm vng cc l thuyt
h thng c bit l l thuyt nh tuyn. Phn ni dung cng b sung cc k
nng cu hnh hot ng ca thit b trn cc giao thc mng WAN khc nhau
nh Frame Relay, X.25...
Chng ba i hi cc hc vin cn c cc kin thc s khi v cc giao
thc trn mng din rng nh Frame Relay, X.25..., cc kin thc v a ch
lp 2, lp 3.
1. L thuyt v b nh tuyn
1.1. Tng quan v b nh tuyn
B nh tuyn l thit b c s dng trn mng thc thi cc hot
ng x l truyn ti thng tin trn mng. C th xem b nh tuyn l mt
thit b my tnh c thit k c bit m ng c vai tr x l truyn
ti thng tin trn mng ca n v do n cng bao gm cc CPU, tri tim ca
mi hot ng, b nh ROM, RAM, cc giao tip, cc bus d liu, h iu
hnh v.v...
Chc nng ca b nh tuyn l nh hng cho cc gi tin c truyn
ti qua b nh tuyn. Trn c s cc thut ton nh tuyn, thng tin cu hnh
v chuyn giao, cc b nh tuyn s quyt nh hng i tt nht cho cc gi
tin c truyn ti qua n. B nh tuyn cn c vai tr x l cc nhu cu
truyn ti v chuyn i giao thc khc.
Vai tr ca b nh tuyn trn mng l m bo cc kt ni lin thng
gia cc mng vi nhau, tnh ton v trao i cc thng tin lin mng lm cn
c cho cc b nh tuyn ra cc quyt nh truyn ti thng tin ph hp vi cu
hnh thc t ca mng. B nh tuyn lm vic vi nhiu cng ngh u ni
mng din rng khc nhau nh FRAME RELAY, X.25, ATM, SONET, ISDN,
xDSL... m bo cc nhu cu kt ni mng theo nhiu cc cng ngh v
chun mc khc nhau m nu thiu vai tr ca b nh tuyn th khng th thc
hin c.
1.2. Cc chc nng chnh ca b nh tuyn, tham chiu m hnh OSI
M hnh OSI c hc chng 1 gm 7 lp trong bao gm:
-
3 lp thuc v cc lp ng dng
lp ng dng
32
Ebook 4 U
ebook.vinagrid.com
lp trnh by
lp phin
lp vn chuyn
lp mng
lp lin kt d liu
lp vt l
i vi cc lp truyn thng:
- Lp vn chuyn: phn chia / ti thit d liu thnh cc dng chy d
liu. Cc chc nng chnh bao gm iu khin dng d liu, a truy nhp, qun
l cc mch o, pht hin v sa li. TCP, UDP l hai giao thc thuc h giao
thc Internet (TCP/IP) thuc v lp vn chuyn ny.
- Lp mng: cung cp hot ng nh tuyn v cc chc nng lin quan
khc cho php kt hp cc mi trng lin kt d liu khc nhau li vi nhau
cng to nn mng thng nht. Cc giao thc nh tuyn hot ng trong lp
mng ny.
- Lp lin kt d liu: cung cp kh nng truyn ti d liu t qua mi
trng truyn dn vt l. Mi c t khc nhau ca lp lin kt d liu s c
cc nh ngha khc nhau v giao thc v cc chun mc kt ni m bo
truyn ti d liu.
- Lp vt l: nh ngha cc thuc tnh in, cc chc nng, thng trnh
dng kt ni cc thit b mng mc vt l. Mt s cc thuc tnh c
nh ngha nh mc in p, ng b, tc truyn ti vt l, khong cch
truyn ti cho php...
Trong mi trng truyn thng, cc thit b truyn thng giao tip vi
nhau thng qua cc h giao thc truyn thng khc nhau c xy dng da
trn cc m hnh chun OSI nhm m bo tnh tng thch v m rng. Cc
giao thc truyn thng thng c chia vo mt trong bn nhm: cc giao
thc mng cc b, cc giao thc mng din rng, giao thc mng v cc giao
thc nh tuyn. Giao thc mng cc b hot ng trn lp vt l v lp lin
kt d liu. Giao thc mng din rng hot ng trn 3 lp di cng trong m
hnh OSI. Giao thc nh tuyn l giao thc lp mng v m bo cho cc hot
ng nh tuyn v truyn ti d liu. Giao thc mng l cc h cc giao thc
cho php giao tip vi lp ng dng.
Vai tr ca b nh tuyn trong mi trng truyn thng l m bo cho
cc kt ni gia cc mng khc nhau vi nhiu giao thc mng, s dng cc
cng ngh truyn dn khc nhau.
Chc nng chnh ca b nh tuyn l:
- nh tuyn (routing)
- Chuyn mch cc gi tin (packet switching)
33
Ebook 4 U
ebook.vinagrid.com
Lp mng
Lp 2
Lp lin kt d liu
Lp 1
Lp vt l
34
Ebook 4 U
ebook.vinagrid.com
Flash hay c gin ra RAM trc khi chy. Tp tin cu hnh cng c th c
lu tr trong Flash.
H iu hnh: m ng hot ng ca b nh tuyn. H iu hnh
ca cc b nh tuyn khc nhau c cc chc nng khc nhau v thng c
thit k khc nhau. Mi b nh tuyn c th chy rt nhiu h iu hnh khc
nhau ty thuc vo nhu cu s dng c th, cc chc nng cn thit phi c ca
b nh tuyn v cc thnh phn phn cng c trong b nh tuyn. Cc thnh
phn phn cng mi yu cu c s nng cp v h iu hnh. Cc tnh nng
c bit c cung cp trong cc bn nng cp ring ca h iu hnh.
Cc giao tip: b nh tuyn c nhiu cc giao tip trong ch yu
bao gm:
- Giao tip WAN: m bo cho cc kt ni din rng thng qua cc
phng thc truyn thng khc nhau nh leased-line, Frame Relay, X.25,
ISDN, ATM, xDSL ... Cc giao tip WAN cho php b nh tuyn kt ni theo
nhiu cc giao din v tc khc nhau: V.35, X.21, G.703, E1, E3, cp quang
v.v...
- Giao tip LAN: m bo cho cc kt ni mng cc b, kt ni n cc
vng cung cp dch v trn mng. Cc giao tip LAN thng dng: Ethernet,
FastEthernet, GigaEthernet, cp quang.
2. Gii thiu v b nh tuyn Cisco
2.1. Gii thiu b nh tuyn Cisco
S lc v b nh tuyn
B nh tuyn Cisco bao gm nhiu nn tng phn cng khc nhau c
thit k xy dng cho ph hp vi nhu cu v mc ch s dng ca cc gii
php khc nhau.
Cc chc nng x l hot ng ca b nh tuyn Cisco da trn nn
tng ct li l h iu hnh IOS.
Tu theo cc nhu cu c th m mt b nh tuyn Cisco s cn mt IOS
c cc tnh nng ph hp. IOS c nhiu phin bn khc nhau, mt s loi phn
cng mi c pht trin ch c th c h tr bi cc IOS phin bn mi
nht.
Cc thnh phn cu thnh b nh tuyn
ebook.vinagrid.com
ebook.vinagrid.com
37
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
- B nh tuyn 3620
- 01 cng console, 01AUX
- PCMCIA slot
- 02 network module slot: c th s dng module Async, Sync/Async,
Channelized E1, PRI, Ethernet/FastEthernet, Voice, VPN ...
- Khi kt ni vi mng LAN cn thit c mt Network module c cng
Ethernet/FastEthernet
40
Ebook 4 U
ebook.vinagrid.com
41
Ebook 4 U
ebook.vinagrid.com
42
Ebook 4 U
ebook.vinagrid.com
S
cng
LAN
S khe cm WAN
Single-Port Ethernet
None
Four-Port Ethernet
None
1/1
None
Loi module
NM-1FE2W/NM-1FE2W-V2
NM-2FE2W/NM-2FE2W-V2
NM-1FE1R2W
43
Ebook 4 U
ebook.vinagrid.com
2 khe cm WAN
NM-2W
2 khe cm WAN
N/A
N/A
NM-2FE2W/NM2FE2W-V2
N/A
N/A
NM-1FE1R2W
N/A
N/A
N/A
NM-2W
44
Ebook 4 U
ebook.vinagrid.com
45
Ebook 4 U
ebook.vinagrid.com
M t
NM-4B-S/T
NM-4B-U
NM-8B-S/T
NM-8B-U
Bng 3-6: Mt s loi card giao tip ISDN BRI tc 2B+D (128+16Kbps)
Loi card
M t
WIC-1B-S/T-V2
WIC 1B-U-V2
46
Ebook 4 U
ebook.vinagrid.com
47
Ebook 4 U
ebook.vinagrid.com
48
Ebook 4 U
ebook.vinagrid.com
49
Ebook 4 U
ebook.vinagrid.com
50
Ebook 4 U
ebook.vinagrid.com
access-profile
clear
Reset functions
connect
disable
disconnect
enable
exit
ppp
resume
rlogin
show
slip
systat
telnet
terminal
traceroute
tunnel
udptn
where
x28
x3
Ch qun tr
Bao gm hu ht cc lnh ca ch ngi dng v cc lnh ch dnh
cho ngi qun tr. Ch c th cu hnh b nh tuyn ch ny. Trong qu
trnh khai thc, vn hnh, hiu r hoc khi c s c xy ra, ngi qun tr c
th s dng cc lnh debug lm r thm thng tin cn thit. c trng cho
ch qun tr l biu hin ca du thng, #.
Router>en
Password:
Router#
Router#?
Exec commands:
<1-99>
access-enable
access-profile
access-template
archive
bfe
cd
51
Ebook 4 U
ebook.vinagrid.com
Reset functions
clock
configure
connect
copy
debug
tunnel
udptn
undebug
upgrade
Upgrade firmware
verify
Verify a file
where
write
x28
x3
Ch cu hnh ton cc
L ch cu hnh cc tham s ton cc cho b nh tuyn.
C rt nhiu cc cu hnh ton cc nh cu hnh tn b nh tuyn, cu hnh tn
v mt khu ngi dng, cu hnh nh tuyn ton cc, cu hnh danh sch truy
nhp v.v... Biu hin ca ch cu hnh ton cc nh sau:
Router#
Router#config terminal
Router(config)#hostname RouterA
52
Ebook 4 U
ebook.vinagrid.com
Ch cu hnh nh tuyn
L ch cu hnh cc tham s cho cc giao thc nh tuyn. Cc giao
thc nh tuyn c cu hnh c lp vi nhau v u c thc hin ch
cu hnh nh tuyn nh v d sau:
Router#
Router#config terminal
Router(config)#router rip
Router(config-router)#network 192.168.0.0
Router(config-if)#
Ch cu hnh ng kt ni
Ch cu hnh ng kt ni l mt ch cu hnh c bit s dng
thit lp cc tham s mc thp cho giao tip logic trong in hnh l cc
tham s thit lp cho cc kt ni modem quay s.
Router#config terminal
Router(config)#line 33 48
Router(config-line)#modem inout
Router(config-line)#modem autoconfig discovery
Router(config-line)#
Th hin
Global
Router(config)#
Interface
Router(config-if)#
Subinterface
Router(config-subif)#
Controller
Router(config-controller)#
Map-list
Router(config-map-list)#
Map-class
Router(config-map-class)#
Line
Router(config-line)#
Router
Router(config-router)#
Route-map
Router(config-route-map)#
53
Ebook 4 U
ebook.vinagrid.com
Enable: dng vo ch qun tr. Sau khi thc hin lnh enable,
ngi dng phi cung cp mt khu qun tr ng thc s c lm vic
ch qun tr, mt khu khng c php nhp sai qu 3 ln.
Router>
Router>en
Password:
Password:
Password:
% Bad secrets
Router>en
Password:
Router#
Router#
Router#disa
Router>
54
Ebook 4 U
ebook.vinagrid.com
interface? [yes]: n
interface? [yes]: n
interface? [no]: y
[dte]:
55
Ebook 4 U
ebook.vinagrid.com
Config: cho php thc hin cc lnh cu hnh b nh tuyn. Sau lnh
config, qun tr mng mi c th thc hin cc lnh cu hnh b nh tuyn.
Trnh t thc hin cu hnh cho mt b nh tuyn c th c th hin nh sau
- t tn cho b nh tuyn
Router#config terminal
Router(config)#
Router(config)#hostname RouterABC
RouterABC(config)#
- Cu hnh nh tuyn
RouterABC(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.2
RouterABC(config)#
56
Ebook 4 U
ebook.vinagrid.com
Copy: lnh copy cho php thc hin cc sao chp cu hnh ca b nh
tuyn i/n my ch TFTP, sao chp, lu tr, nng cp cc tp tin IOS ca b
nh tuyn t / ti my ch TFTP.
c th lu bn sao cu hnh hin hnh ln my ch TFTP, s dng lnh
copy rumng-config tftp nh c trnh by di. Tip theo l tin trnh ngc
li vi vic ti tp tin cu hnh t my ch TFTP v b nh tuyn.
- Nhp lnh copy runing-config tftp
- Nhp a ch IP ca my ch TFTP ni dng lu tp tin cu hnh
- Nhp tn n nh cho tp tin cu hnh
- Xc nhn chn la vi tr li yes
Lnh copy dng lu tp tin cu hnh ln my ch:
Router#copy running-config tftp
Address or name of remote host []? 192.168.1.5
Name of configuration file to write [Router-config]?cisco.cfg
Write file cisco.cfg to 192.168.1.5? [confirm] y
Writing cisco.cfg !!!!! [OK]
Router#
ebook.vinagrid.com
58
Ebook 4 U
ebook.vinagrid.com
DSR=up
DTR=up
RTS=up
CTS=up
ebook.vinagrid.com
Erase NV memory
memory
Write to NV memory
network
terminal
Write to terminal
<cr>
Cp console
DB9/RJ45
COM
Tn hiu
RJ45
RJ45
DB9
Tn hiu
RTS
CTS
DTR
DSR
TxD
RxD
GND
GND
GND
GND
RxD
TxD
DSR
DTR
CTS
RTS
60
Ebook 4 U
ebook.vinagrid.com
Router#config terminal
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password 123456
Router(config-line)#end
Router#write memory
61
Ebook 4 U
ebook.vinagrid.com
C2621
Ethernet
Server
C3620
Ethernet
Workstation
Server
Workstation
Cu hnh kt ni lease-line c bn
- Phn nh a ch
o Vic phn nh a ch cho cc mng v cho cc kt ni gia cc
b nh tuyn l rt quan trng, m bo cho vic lin lc thng sut gia cc
mng, m bo cho vn qui hoch a ch, nhm gn cc nh tuyn ...
o Khi thc hin xy dng mt mng dng ring, iu cn thit phi
ghi nh l ch c dng cc a ch trong nhm cc a ch dnh cho mng
dng ring:10.x.x.x, 172.16.x.x 172.31.x.x, 192.168.x.x
o m bo khng b trng lp v gim thiu cc vn pht
sinh, cc kt ni mng WAN theo kiu leased-line cn c sp xp trn lp
mng nh nht. Cc kt ni mng WAN trong trng hp ny c thc hin
trn cc lp mng gm 4 a ch.
62
Ebook 4 U
ebook.vinagrid.com
ip
address
192.168.113.5
ip
address
192.168.113.9
o Router2621(config-if)# no shutdown
o Router2621(config-if)# exit
ip
route
0.0.0.0
0.0.0.0
interface
show interface:
ebook.vinagrid.com
64
Ebook 4 U
ebook.vinagrid.com
65
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
X25
Frame relay
Dch a ch ca gi tin
Hu gi tin b li
Thit lp v hu b kt ni logical
Thit lp v hu b knh o
10
11
12
13
14
15
To ra khung bo sn sng
67
Ebook 4 U
ebook.vinagrid.com
17
18
19
Qun l cc b nh thi mc 3
20
21
Qun l cc b m s th t ca khung v
gi tin
22
23
Qun l cc th tc khi ng mc 2 v 3
24
25
26
27
28
nh du s ln phi truyn li
29
Bng chc nng trn cho thy Frame relay gim rt nhiu cc cng
vic khng cn thit cho thit b chuyn mch do gim gnh nng cng nh
thi gian x l cng vic cho cc nt mng, nh vy m lm gim thi gian tr
cho cc khung thng tin khi truyn trn mng.
ebook.vinagrid.com
ebook.vinagrid.com
FRAME RELAY
FRAME RELAY
FRAME RELAY
FULL MESH
HUB-SPOKE
FULL MESH
ebook.vinagrid.com
71
Ebook 4 U
ebook.vinagrid.com
72
Ebook 4 U
ebook.vinagrid.com
hin th traffic
- Xc nh giao thc qun tr LMI. Giao thc qun tr LMI nht thit phi
c m bo vic trao i thng tin hai chiu gia thit b u cui v thit b
mng Frame Relay. LMI hot ng nh mt thng bo keepalive.
73
Ebook 4 U
ebook.vinagrid.com
74
Ebook 4 U
ebook.vinagrid.com
75
Ebook 4 U
ebook.vinagrid.com
- Hoc
o Spicey(config-if)# exit
o Spicey(config)# interface serial 0.1 point-to-point
76
Ebook 4 U
ebook.vinagrid.com
77
Ebook 4 U
ebook.vinagrid.com
78
Ebook 4 U
ebook.vinagrid.com
79
Ebook 4 U
ebook.vinagrid.com
80
Ebook 4 U
ebook.vinagrid.com
thng qun l ngi dng. Cc b nh tuyn ca Cisco cho php s dng hai
chun xc thc TACACS+ v RADIUS.
M hnh s dng quay s
Cu hnh xc thc
Gim st
81
Ebook 4 U
ebook.vinagrid.com
82
Ebook 4 U
ebook.vinagrid.com
83
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
RIPv1
RIPv2
IRGP
EIGRP
Trng thi ng
T ng tm tt nh
tuyn
x
X
H tr VLSM1
Tng thch vi sn
phm th ba
OSPF
Nh
Nh
Va
Ln
Ln
Thi gian hi t v
trng thi cn bng
Chm
Chm
Chm
Nhanh
Nhanh
Gi tr nh tuyn
hop
count2
hop
count
BW +D
15
15
100
100
Cn bng ti cng gi
tr nh tuyn
Thch hp
BW+D 10E8/BW
VLSM (Vary Length Subnet Mask): h tr nh tuyn cho cc mng con subnetmask c di
thay i hay ni cch khc thng tin v subnetmask bao gm trong bng nh tuyn
2
D (delay): tr
87
Ebook 4 U
ebook.vinagrid.com
Cn bng ti khng
cng gi tr nh tuyn
Thut ton
x
Bellman- Bellman- BellmanFord
Ford
Ford
x
DUAL
Dijkstra
o Router(config)#router rip
- Thit lp cc cu hnh mng. Network l nhm mng tnh theo lp mng c
bn ang c cc giao tip trc tip trn b nh tuyn.
o Router(config-router)#network 192.168.100.0
o Router(config-router)#network 172.25.0.0
o Router(config-router)#network 10.0.0.0
- Cc thay i khc.
o Router(config-router)# version {1 | 2}
o Router(config-router)# ip rip authentication key-chain name-ofchain
o Router(config-router)# ip rip authentication mode {text | md5}
88
Ebook 4 U
ebook.vinagrid.com
- Gim st.
o show ip interfaces
o show ip rip
Cu hnh b nh tuyn vi RIP
version 12.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Prasit
!
interface Ethernet0
ip address 123.123.123.1 255.255.255.0
!
interface Serial1
ip address 3.1.3.2 255.255.255.0
encapsulation frame-relay
frame-relay interface-dlci 150
!
router rip
network 3.0.0.0
network 123.0.0.0
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
login
end
ebook.vinagrid.com
Cc hot ng nh tuyn
ebook.vinagrid.com
Cc tnh nng qun tr, cp pht ng, cc tnh nng nh tuyn thng minh,
cc tnh nng bo mt, xc thc cng c thit k v xy dng trn b nh
tuyn lp 3 qua d dng cho ngi qun tr thc hin vic xy dng, qun tr
v pht trin mng.
5.2. nh tuyn trn b chuyn mch lp 3
VLAN
VLAN l khi nim ch mt mng LAN c lp mt cch logic vi nhau. V
thc cht, tt c cc thit b mng c u ni v hot ng trn cng mt mi
trng vt l, h tng mng chung v hnh thnh mt cch logic cc mng LAN
trn mi trng da trn cc thit t nhn dng c lp vi nhau i vi
mi nhm thnh vin. Ni cch khc, mi cng kt ni ca cc b chuyn
mch c nh ngha thuc v mt nhm lm vic (VLAN) no v hnh
thnh cc kh nng c lp tch ri ca cc nhm lm vic vi nhau. Cc
gi tin ca mt VLAN ch c lu chuyn ti cc cng trong cng VLAN m
khng c lu chuyn n cc cng khc VLAN tr cng c nh ngha l
trung k ca cc VLAN. Khc vi LAN, VLAN khng b gii hn v phm vi
a l c th m ch ph thuc vo nhu cu v hnh thc trin khai.
VLAN Trunking l khi nim c dng ch vic kt ni gia cc b
chuyn mch vi nhau m qua cho php cc gi tin ca tt c cc VLAN
c truyn qua.
VLAN c cu hnh ti lp 2 cho php phn nh cc nhm thit b my tnh
c lp logic vi nhau, cc nhu cu trao i d liu gia cc thit b khc
VLAN phi c thc hin bi cc thit b hot ng lp 3 nh b chuyn
mch lp 3 hay cc b nh tuyn.
Cc giao thc v m hnh kt ni VLAN xin xem thm trong cc gio trnh v
mng ni b LAN.
Cu trc x l nh tuyn
Nh ni phn trc, b chuyn mch lp 3 ng thi thc hin cc chc
nng chuyn mch v chc nng nh tuyn. B chuyn mch lp 3 cho php
cc thit b thuc v cc nhm mng khc nhau, cc VLAN khc nhau c th
kt ni c vi nhau.
y cn phn bit cc nhu cu kt ni trao i d liu khc nhau trong
bao gm:
-
91
Ebook 4 U
ebook.vinagrid.com
H tr QoS
92
Ebook 4 U
ebook.vinagrid.com
S cng 10/100
S cng Gigabit
24
2 (GBIC)
24 (cho php cp
ngun qua cp
mng n cc
thit b khc nh
thit b im truy
cp khng dy)
2 (GBIC)
24
2 (GBIC)
24 (cng quang
tc 100Mbps)
2 (GBIC)
48
2 (GBIC)
10 (GBIC)
2 (10/100/1000BASE-T)
10 (10/100/1000BASE-T)
2 (GBIC)
Nng lc x l cao:
o CEF: Cisco Express Forwarding
o Cc giao thc nh tuyn: RIP, OSPF, IGRP, EIGRP, BGPv4
o Inter-VLAN IP routing
o Cc giao thc nh tuyn multicast
o Cc giao thc chuyn i d phng
Ti u bng thng:
o 1,6 Gigabit cho cng 10/100 v 16 Gigabit cho cng Gigabit
o Chc nng lm vic vi my ch cache theo giao thc WCCP
o Kh nng hn ch tc theo tng ng dng, nhm ngi dng
93
Ebook 4 U
ebook.vinagrid.com
An ton v bo mt
o Xc thc ngi dng vi cc h thng qun tr tp trung
TACACS+, RADIUS
o M ha SSH, Kerberos
o Cc tnh nng xc thc thit b
o VLAN
Bit cch s dng cc loi cp vi tng loi thit b, giao tip khc nhau
Cc lnh show
Lnh config
Yu cu:
- Nm vng v s dng thnh tho cc lnh kim tra v cc lnh cu hnh
c bn
Bi 3: Cu hnh b nh tuyn vi m hnh u ni leased-line
-
Cu hnh Interface
Cu hnh nh tuyn
Yu cu:
- S dng thit b phng lab cu hnh mt kt ni leased-line cho php kt
ni 2 mng vi nhau.
-
Cu hnh line vt l
94
Ebook 4 U
ebook.vinagrid.com
Cu hnh nh tuyn
Cu hnh xc thc
Yu cu:
- S dng thit b phng lab cu hnh mt im truy nhp gin tip quay
s qua thoi.
-
02 cp V.35 DTE
04 ng in thoi
95
Ebook 4 U
ebook.vinagrid.com
Chng 4
H thng tn min DNS
Chng 4 s tp trung nghin cu v h thng tn min l mt h thng
nh danh ph bin trn mng TCP/IP ni chung v c bit l mng Internet.
H thng tn min ti quan trng cho s pht trin ca cc ng dng ph bin
nh th tn in t, web...Cu trc h thng tn min, cu trc v ngha ca
cc trng tn min cng nh cc k nng c bn c cung cp s gip cho
ngi qun tr c th hoch nh c cc nhu cu lin quan n tn min cho
mng li, tin hnh th tc ng k chnh xc (nu ng k tn min Internet)
v m nhn c cc cng tc to mi, sa i ... hay ni chung l cc cng
vic qun tr h thng my ch tn min DNS
Chng 4 i hi cc hc vin phi quen thuc vi a ch IP, vic son
tho qun tr cc tin trnh trn cc h thng linux, unix, windows.
1. Gii thiu
1.1. Lch s hnh thnh ca DNS
Vo nhng nm 1970 mng ARPanet ca b quc phng M rt nh v d
dng qun l cc lin kt vi trm my tnh vi nhau. Do mng ch cn mt
file HOSTS.TXT cha tt c thng tin cn thit v my tnh trong mng v
gip cc my tnh chuyn i c thng tin a ch v tn mng cho tt c
my tnh trong mng ARPanet mt cch d dng. V chnh l bc khi u
ca h thng tn min gi tt l DNS ( Domain name system)
Nh khi mng my tnh ARPanet ngy cng pht trin th vic qun l
thng tin ch da vo mt file HOSTS.TXT l rt kh khn v khng kh thi.
V thng tin b xung v sa i vo file HOSTS.TXT ngy cng nhiu v nht
l khi ARPanet pht trin h thng my tnh da trn giao thc TCP/IP dn n
s pht trin tng vt ca mng my tnh:
96
Ebook 4 U
ebook.vinagrid.com
Mi mt a ch IP tng ng vi mt tn min
Vy tm li tn min l (domain name) g ? nhng tn gi nh nh
home.vnn.vn hoc www.cnn.com th c gi l tn min (domain name hoc
DNS name). N gip cho ngi s dng d dng nh v n dng ch m
ngi bnh thng c th hiu v s dng hng ngy.
H thng DNS gip cho mng Internet thn thin hn vi ngi s
dng do mng internet pht trin bng n mt vi nm li y. Theo thng
trn th gii vo thi im thng 7/2000 s lng tn min c ng k l
93.000.000
Tm li mc ch ca h thng DNS l:
a ch IP kh nh cho ngi s dng nhng d dng vi my tnh
Tn th d nh vi ngi s dng nh khng dng c vi my tnh
H thng DNS gip chuyn i t tn min sang a ch IP v ngc li
gip ngi dng d dng s dng h thng my tnh
97
Ebook 4 U
ebook.vinagrid.com
98
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
Tn y
Mc ch
Start of Authority
Xc nh my ch DNS c thm
quyn cung cp thng tin v tn
min xc nh trn DNS
NS
Name Server
Host
nh x xc nh a ch IP ca mt
host
MX
Mail Exchanger
PTR
Pointer
Xc nh chuyn t a ch IP sang
tn min
Canonical NAME
CNAME
Cu trc ca mt tn min
Domain s c dng : lable.lable.label...lable
di ti a ca mt tn min l 255 k t
Mi mt Lable ti a l 63 k t
Lable phi bt u bng ch hoc s v ch c php cha ch, s, du
tr(-), du chm (.) m khng c cha cc k t khc.
Phn loi tn min
Hu ht tn min c chia thnh cc loi sau:
Arpa : tn min ngc (chuyn i t a ch IP sang tn min reverse
domain)
Com : cc t chc thng mi
Edu : cc c quan gio dc
Gov : cc c quan chnh ph
Mil : cc t chc qun s, quc phng
Net : cc trung tm mng ln
Org : cc t chc khc
Int : cc t chc a chnh ph (t c s dng)
Ngoi ra hin nay trn th gii s dng loi tn min c hai k t cui
xc nh tn min thuc quc gia no (c xc nh trong chun ISO3166)
100
Ebook 4 U
ebook.vinagrid.com
Loi tn
Miu t
V d
N l nh ca nhnh cy
ca tn min. N xc nh n gin n ch l du chm (.) s
Gc
kt thc ca domain (fully dng ti cui ca tn v nh
(domain root) qualified domain names "example.microsoft.com."
FQDNs).
Tn min cp
L hai hoc ba k t xc
mt
".com", xc nh tn s dng trong
nh nc/khu vc hoc cc
xc nh l t chc thng mi .
(Top-level t chc.
domain)
Tn min cp N rt a dng trn internet,
n c th l tn ca mt
hai
"microsoft.com.", l tn min cp
cng ty, mt t chc hay
(Second-level mt c nhn .v.v. ng k hai ng k l cng ty Microsoft.
domain) trn internet.
Chia nh thm ra ca tn
Tn min cp min cp hai xung thng
nh hn c s dng nh chi "example.microsoft.com." l phn
nhnh, phong ban ca mt qun l ti liu v d ca microsof
(Subdomain) c quan hay mt ch no
.
Mt s ch khi t tn min:
Tn min nn t gii hn t t cp 3 n cp 4 hoc cp 5 v nu nhiu
hn na vic qun tr l kh khn.
S dng tn min l phi duy nht trong mng internet
Nn t tn n gin gi nh v trnh t tn qu di
2.2. Phn loi DNS server v ng b d liu gia cc DNS server
C ba loi DNS server sau:
101
Ebook 4 U
ebook.vinagrid.com
Primary server
Ngun xc thc thng tin chnh thc cho cc domain m n c php
qun l qun l
Thng tin v tn min do n c phn cp qun l th c lu tr ti y
v sau c th c chuyn sang cho cc secondary server.
Cc tn min do primary server qun l th c to v sa i ti primary
server v sau c cp nhp n cc secondary server.
Secondary server
DNS c khuyn ngh nn s dng t nht l hai DNS server lu cho
mi mt zone. Primary DNS server qun l cc zone v secondary server c
s dng lu tr d phng cho zone cho primary server. Secondary DNS
server c khuyn ngh dng nhng khng nht thit phi c. Secondary
server c php qun l domain nhng d liu v domain khng phi to ti
secondary server m n c ly v t primary server.
Secondary server c th cung cp hot ng ch khng c ti trn
mng. Khi lng truy vn zone tng cao ti primary server n s chuyn bt ti
sang secondary server hoc khi primary server b s c th secondary s hot
ng thay th cho n khi primary server hot ng tr li
Secondary server nn c s dng ti ni gn vi client c th phc v
cho vic truy vn tn min mt cch d dng. Nhng khng nn ci t
secondary server trn cng mt subnet hoc cng mt kt ni vi primary
server. V iu s l mt gii php tt s dng secondary server d
phng cho primary server v c th kt ni n primary server b hng th cng
khng nh hng g n secondary server.
Primary server lun lun duy tr mt lng ln d liu v thng xuyn
thay i hoc thm vo cc zone. Do DNS server s dng mt c ch cho
php chuyn cc thng tin t primary server sang secondary server v lu gi
n trn a. Cc thng tin nhn d liu v cc zone c th s dng gii php ly
ton b (full) hoc ly phn thay i (incremental)
Nhiu secondary DNS server s tng n nh hot ng ca mng v
vic lu tr thng tin ca tn min mt cch m bo nh mt iu cn quan
tm l d liu ca zone c chuyn trn mng t primary server n cc
secondary server s lm tng lu lng ng truyn v yu cu thi gian
ng b d liu trn cc secondary server.
Caching-only server
Mc d tt c cc DNS server u c kh nng lu tr d liu trn b nh
cache ca my tr li truy vn mt cch nhanh chng. Caching-only server
l loi DNS server ch s dng cho vic truy vn, lu gi cu tr li da trn
thng tin trn cache ca my v cho kt qu truy vn. Chng khng h qun l
mt domain no v thng tin m n ch gii hn nhng g c lu trn cache
ca server.
102
Ebook 4 U
ebook.vinagrid.com
103
Ebook 4 U
ebook.vinagrid.com
vdc-hn01.vnn.vn. postmaster.vnn.vn. (
; serial number
; refresh every 30 mins
; retry every hour
; expire after 24 hours
; minimum TTL 2 hours
NS
vdc-hn01.vnn.vn.
NS
hcm-server1.vnn.vn.
ebook.vinagrid.com
T1 T2
ebook.vinagrid.com
nh
"hostname.example.microsoft.com.", v loi truy vn l a ch A. Client truy
vn DNS hi "C bn ghi a ch
A cho my tnh c tn l
"hostname.example.microsoft.com" khi client nhn c cu tr li ca DNS
server n s xc nh a ch IP ca bn ghi A.
C mt s gii php tr li cc truy vn DNS. Client c th t tr li
bng cch s dng cc thng tin c lu tr trong b nh cache ca n t
nhng truy vn trc . DNS server c th s dng cc thng tin c lu tr
trong cache ca n tr li hoc DNS server c th hi mt DNS server khc
ly thng tin tr li li client.
Ni chung cc bc ca mt truy vn gm c hai phn nh sau:
T tm cu tr li truy vn
106
Ebook 4 U
ebook.vinagrid.com
4
2
V d c .c o m .v n
A b c .c o m
6
P C A
W w w .a b c .c o m
107
Ebook 4 U
ebook.vinagrid.com
R o o t s e rv e r
7
6
2
3
D n s .c o m .s g
V d c .c o m .v n
PC A
D n s .a b c .c o m .s g
W w w .a b c .c o m .s g
Hnh 4.2: Root server khng kt ni trc tip vi server tn min cn truy vn
Trong trng hp khng kt ni trc tip th root server s hi server
trung gian (phn lp theo hnh cy) xc nh c n server tn min qun
l tn min cn truy vn
Bc 1 - PC A truy vn DNS server vdc.com.vn (local name server) tn min
www.acb.com.sg.
Bc 2 - DNS server vdc.com.vn khng qun l tn min www.abc.com.sg vy
n s chuyn ln root server.
Bc 3 - Root server s khng xc nh c DNS server qun l trc tip tn
min www.abc.com.sg n s cn c vo cu trc ca h thng tn min
chuyn n DNS qun l cp cao hn ca tn min abc.com.sg l com.sg v
n xc nh c rng DNS server DNS.com.sg qun l tn min com.sg.
Bc 4 - DNS.com.sg sau s xc nh c rng DNS server
DNS.abc.com.sg c quyn qun l tn min www.abc.com.sg.
Bc 5 - DNS.abc.com.sg s ly bn ghi xc nh cho tn min
www.abc.com.sg tr li DNS server DNS.com.sg.
Bc 6 - DNS.com.sg s li chuyn cu tr li ln root server.
Bc 7 - Root server s chuyn cu tr li tr li DNS server vdc.com.vn.
Bc 8 - V DNS server vdc.com.vn s tr li v PC A cu tr li v PC A
kt ni c n host qun l tn min www.abc.com.sg.
Khi cc truy vn lp i lp li th h thng DNS c kh nng thit lp
chuyn quyn tr li n DNS trung gian m khng cn phi qua root server v
n cho php thi gian truy vn c gim i.
108
Ebook 4 U
ebook.vinagrid.com
R o o t s e rv e r
3
4
D n s .c o m .s g
V d c .c o m .v n
7
5
PC A
D n s .a b c .c o m .s g
W w w .a b c.c o m .s g
4. Bi tp thc hnh
Bi 1: Ci t DNS Server cho Window 2000
M ca s qun l DNS
Bc 1: M ca s qun l DNS
109
Ebook 4 U
ebook.vinagrid.com
110
Ebook 4 U
ebook.vinagrid.com
Bm v "new zone" s hin ca s cho php chn kiu d liu m zone qun l.
Standard Primary l loi d liu ca zone c khai bo v qun l ngay ti
server. Cn Stardard Secondary l loi zone m d liu c ly v t
Standard Primary v d liu cng nm trn server . Standard Primary thng
s dng d phng cho cc zone tn ti. Bm Next tip tc
111
Ebook 4 U
ebook.vinagrid.com
S xut ca s nh trn. Forward lookup zone l loi zone qun l vic chuyn
i t domain name sang a ch IP. Cn phn Reverse lookup zone qun l
vic chuyn i t IP sang Domain name. Bm Next tip tc
112
Ebook 4 U
ebook.vinagrid.com
Thm mt host mi
Ti ca s qun l DNS chn zone to v bm chut phi chn "new
host"
113
Ebook 4 U
ebook.vinagrid.com
IN
203.162.0.100
114
Ebook 4 U
ebook.vinagrid.com
CNAME
ktm.vnn.vn.
To mt bn ghi th in t (MX)
Ti ca s qun l DNS ti tn min mun to bn ghi MX bm chut
phi
115
Ebook 4 U
ebook.vinagrid.com
IN
MX 10
mr-hn.vnn.vn.
Ta c tn min th in t mail.ktm.vnn.vn. ( ta c th to c cc
hp th abc@mail.ktm.vnn.vn ) c cha ti server th in t mrhn.vnn.vn vi mc u tin l 10
116
Ebook 4 U
ebook.vinagrid.com
117
Ebook 4 U
ebook.vinagrid.com
IN
NS
vdc-hn01.vnn.vn.
ebook.vinagrid.com
Miu t
nameserver a ch
domain name
xc nh domain mc nh ca client
ebook.vinagrid.com
IN
SOA
vdc-hn01.vnn.vn. postmaster.vnn.vn. (
1999082802
; serial number
1800
3600
86400
6400
)
IN
NS
vdc-hn01.vnn.vn.
IN
NS
hcm-server1.vnn.vn.
IN
SOA
vdc-hn01.vnn.vn. postmaster.vnn.vn. (
1999082301 ; Serial
10800
3600
604800
86400 )
; name servers
IN
NS
vdc-hn01.vnn.vn.
IN
NS
hcm-server1.vnn.vn.
IN
PTR
ldap.vnn.vn.
IN
PTR
hanoi-server1.vnn.vn.
IN
PTR
hanoi-server2.vnn.vn.
IN
PTR
mail.vnn.vn.
ebook.vinagrid.com
Internet
Loi bn ghi
a ch
mr.vnn.vn.
IN
203.162.4.148
mr-hn.vnn.vn.
IN
203.162.0.24
mail.vnn.vn.
IN
203.162.0.9
fmail.vnn.vn.
IN
203.162.4.147
hot.vnn.vn.
IN
203.162.0.23
home.vnn.vn.
IN
203.162.0.12
121
Ebook 4 U
ebook.vinagrid.com
www.vnn.vn.
IN
203.162.0.16
Internet
Loi bn ghi
Server
www.gpc.com.vn.
IN
CNAME
home.vnn.vn.
www.huonghai.com.vn.
IN
CNAME
home.vnn.vn.
www.songmayip.com.vn.
IN
CNAME
hot.vnn.vn.
www.covato2.com.vn.
IN
CNAME
hot.vnn.vn.
Internet
Loi bn
ghi
mc u
tin
Server
mrvn.vnn.vn.
IN
MX
10
mr.vnn.vn.
clipsalvn.vnn.vn.
IN
MX
10
mr-hn.vnn.vn.
dbqnam.vnn.vn.
IN
MX
10
mr-hn.vnn.vn.
thangloi.vnn.vn.
IN
MX
50
mail.netnam.vn.
IN
MX
100
fallback.netnam.vn.
IN
203.162.0.49
hoc
122
Ebook 4 U
ebook.vinagrid.com
IN
203.162.0.49
1 5 Sep 07 ?
189:52 /usr/local/sbin/named
ebook.vinagrid.com
#/usr/local/sbin/named
Hng dn s dng nslookup
nslookup - l cng c trn internet cho php truy vn tn min v a ch IP
mt cch tng tc.
Cu trc cu lnh
nslookup [ -option ... ] [ host-to-find | - [ server ]]
Miu t cc lnh ca nslookup
server domain & lserver domain Change the default server to domain.
Lserver uses the initial server to look up information about domain while
server uses the current default server. If an authoritative answer can't be
found, the names of servers that might have the answer are returned.
root Thay i server mc nh s lm root cho domain truy vn.
ls [option] domain [>> filename]
Hin danh sch thng tin ca domain. Mc nh l hin tn ca host v a ch
IP. Ta c th s dng cc la chn hin nhiu thng tin hn:
-t querytype hin danh sch tt c bn ghi xc nh bi loi querytype
-a hin danh sch cc b danh (aliaes) ca domain host (tng t nh -t
CNAME)
-d hin danh sch cc bn ghi ca domain (tng t nh -t ANY)
-h hin danh sch thng tin v CPU v thng tin v h iu hnh ca
domain. (tng t nh -t HINFO)
?
Ebook 4 U
ebook.vinagrid.com
Cc loi khc (ANY, AXFR, MB, MD, MF, NULL) c miu t chi tit
trong tiu chun RFC-1035 . (Mc nh = A, vit tt = q, ty)
[no]recurse Yu cu name server truy vn ti mt server khc nu n
khng c thng tin v domain cn tm. (mc nh = recurse, vit tt = [no]rec)
retry=number Thit lp s ln truy vn. Khi truy vn m khng nhn c
tr li trong khong thi gian nht nh (thit lp bng lnh set timeout). Khi
thi gian ht th yu cu truy vn s c gi li. V thit lp y iu
khin s ln s gi li trc khi t b truy vn. (Mc nh = 4, vit tt = ret)
root=host i root server cho host
timeout=number Thit lp thi gian timeout cho mt qu trn truy vn tnh
bng giy. (mc nh = 5 giy, vit tt = ti)
[no]vc s dng mt virtual circuit gi yu cu truy vn n server.
(mc nh l = novc, vit tt = [no]v)
Phn tch li
Nu truy vn lookup khng thnh cng th mt thng tin v li s c hin ra.
V cc li c th l :
Timed out
Server khng tr li truy vn sau mt khong thi gian ( khong thi gian c
th thay i bng cu lnh set timeout=value) v and a certain number of
retries (changed with set retry=value).
No response from server
Khng c name server ang chy ti server m client ch n.
No records
Server khng c bn ghi tng ng loi m truy vn cho host a tn ti. Loi
truy vn c thit lp bng cu lnh "set querytype" .
Non-existent domain
Host hoc domain name khng tn ti.
Connection refused
125
Ebook 4 U
ebook.vinagrid.com
Network is unreachable
Kt ni ti name server hoc finger server khng th c ti thi im ny.
Lnh ny thng xut hin vi cc yu cu ca cu lnh ls v finger.
Server failure
Name server tm thy li trong d liu v domain v khng th a ra cu tr
li ng.
Refused
Name server t chi yu cu tr li.
Format error
Name server thy rng cc gi tin yu cu khng ng nh dng. N c th l
li ca chng trnh nslookup.
V d :
Truy vn DNS s
dng bn ghi a cho
domain
home.vnn.vn c a
ch
IP
l
203.162.0.12
home.vnn.vn
Address: 203.162.0.12
>
Truy vn bn ghi
mx
(mail)
cho
domain hn.vnn.vn
n tr n cc host
mu13.vnn.vn c a
ch 203.162.0.55 v
mu14.vnn.vn c a
ch 203.162.0.64
hn.vnn.vn
mu14.vnn.vn
>
Truy vn loi ns > set querytype=ns
126
Ebook 4 U
ebook.vinagrid.com
> vn
Server: vdc-hn01.vnn.vn
Address: 203.162.0.11
Aliases: 11.0.162.203.in-addr.arpa
Non-authoritative answer:
vn
nameserver = DNS-hcm01.vnnic.net.vn
vn
nameserver = ns.ripe.net
vn
nameserver = DNS1.vn
vn
nameserver = ns1.gip.net
vn
nameserver = ns2.gip.net
vn
nameserver = ns3.rip.net
vn
nameserver = DNS1.vnnic.net.vn
vn
nameserver = cheops.anu.edu.au
ns.ripe.net
ns2.gip.net
DNS1.vnnic.net.vn
cheops.anu.edu.au
>
127
Ebook 4 U
ebook.vinagrid.com
Chng 5
Dch v truy cp t xa v dch v Proxy
Chng 5 cung cp cc kin thc c bn ca hai ni dung dch v ph
bin trn mng my tnh: dch v truy cp t xa v dch v proxy.
Vic truy cp t xa l nhu cu thit yu m rng phm vi hot ng
mng ca cc t chc, cng ty. Ni dung truy cp t xa gii thiu trong chng
ny l truy cp qua mng thoi PSTN. y l hnh thc truy cp t xa cho tc
truy cp thp va phi nhng li c tnh ph bin rng ri v d thit lp
nht.
Dch v proxy trn mng c pht trin cho cc mc ch tng cng
tc truy nhp cho khch hng trong mng, tit kim c ti nguyn mng
(a ch IP) v m bo c an ton cho mng li khi bt buc phi cung cp
truy nhp ra mng ngoi hay ra mng Internet. Thit lp dch v proxy l cng
tc mi qun tr h thng mng cn bit v cc nhu cu kt ni lin mng v kt
ni Internet cng ngy cng tr nn khng th thiu cho bt k t chc, cng ty
no.
Chng 5 yu cu cc hc vin nn trang b cc kin thc c bn v
mng in thoi PSTN, kin thc v cc giao thc mng WAN PPP, SLIP...
cc giao thc xc thc nh RADIUS...Trong phn proxy, hc vin cn lm
quen vi khi nim chuyn i a ch NAT, hot ng ca cc giao thc
TCP/IP.
ebook.vinagrid.com
Kt ni truy cp t xa
Tin trnh truy cp t xa c m t nh sau: ngi dng t xa khi to
mt kt ni ti my ch truy cp. Kt ni ny c to lp bng vic s dng
mt giao thc truy cp t xa (v d giao thc PPP- Point to Point Protocol).
My ch truy cp xc thc ngi dng v chp nhn kt ni cho ti khi kt
thc bi ngi dng hoc ngi qun tr h thng. My ch truy cp ng vai
tr nh mt gateway bng vic trao i d liu gia ngi dng t xa v mng
ni b. Bng vic s dng kt ni ny, ngi dng t xa gi v nhn d liu t
my ch truy cp. D liu c truyn trong cc khun dng c nh ngha
bi cc giao thc mng (v d giao thc TCP/IP) v sau c ng gi bi
cc giao thc truy cp t xa. Tt c cc dch v v cc ngun ti nguyn trong
mng ngi dng t xa u c th s dng thng qua kt ni truy cp t xa ny
(hnh 5.1)
129
Ebook 4 U
ebook.vinagrid.com
130
Ebook 4 U
ebook.vinagrid.com
131
Ebook 4 U
ebook.vinagrid.com
132
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
135
Ebook 4 U
ebook.vinagrid.com
136
Ebook 4 U
ebook.vinagrid.com
137
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
139
Ebook 4 U
ebook.vinagrid.com
140
Ebook 4 U
ebook.vinagrid.com
Yes
Make
Connection
Deny
Dial-in
permission
Allow
No connection
Use Remote
Access Policy
Contidion/
permition
Deny
Allow
No
Profile
Yes
Connection
ebook.vinagrid.com
142
Ebook 4 U
ebook.vinagrid.com
143
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
s dng trc, trong v sau khi kt ni. Cc thng s ny bao gm: modem s
quay s, kiu m ha password c s dng v cc giao thc mng s s dng
sau kt ni. Trng thi kt ni bao gm thi gian v tc cng c chnh kt
ni hin th m khng cn bt c mt cng c no khc.
3.8. Mt s vn x l s c trong truy cp t xa
Cc vn lin quan n s c trong truy cp t xa, thng bao gm:
Gim st truy cp t xa: gim st my ch truy cp l phng php tt
nht thng s dng tm ra ngun gc ca cc vn xy ra s c. Mi mt
chng trnh phn mm hay thit b phn cng my ch truy cp bao gi cng
c cc cng c s dng gim st v ghi li cc s kin xy ra (trong cc file
log) i vi mi phin truy cp t xa.
Theo di cc kt ni truy cp t xa: kh nng theo di cc kt ni truy
cp t xa ca mt My ch truy cp cho ta x l cc vn phc tp v s c
mng. Cc thng tin theo di mt kt ni t xa thng rt phc tp v kh chi
tit do phn tch v x l cn thit ngi qun tr mng phi c kinh
nghim v trnh v h thng mng.
X l cc s c v phn cng: bao gm cc thit b truyn thng ti
ngi dng v ti my ch truy cp. i vi cc thit b ti ngi dng (thng
l cc modem, cc mng...), hy xem ti liu v sn phm hay hi nh cung
cp thit b v sn phm ca h v cc cch kim tra v xc nh li ca sn
phm ny. Nu kt ni s dng modem, hy kim tra rng modem c ci
t ng cha. Trong Windows 2000 cc bc kim tra nh sau:
o Trong Control Panel, kch Phone and Modem Options
o Trong trang modem, kch tn modem, sau kch Properties
o Kch Diagnostics, sau kch Query Modem.
Nu modem c ci t ng, b cc thng s v modem s c hin th,
ngc li hy kim tra v ci t li modem, trong trng hp cui cng hy
hi nh sn xut thit b ny. nhn thm cc thng tin v modem trong khi
ang c gng to lp mt kt ni, hy xem thng tin trong log file tm ra
nguyn nhn gp s c. ghi cc thng tin vo log file thc hin theo cc
bc sau:
o Trong Control Panel, kch Phone and Modem Options
o Trong trang modem, kch tn modem, sau kch Properties
o Kch Diagnostics, sau kch la chn Record a log, sau kch
OK.
i vi thit b truyn thng ti my ch truy cp: Kim tra cc thit b
phn cng tng t nh trong trng hp thit b ti ngi dng, ng thi
kim tra log file v cc s kin xy ra vi h thng tm ra nguyn nhn s
c. Mt cch khc kim tra modem ti my ch truy cp l s dng mt
ng in thoi v gi ti modem sau nghe xem modem c tr li v
c gng to mt kt ni hay khng. Nu khng c tn hiu to kt ni t
146
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
148
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
150
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
152
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
155
Ebook 4 U
ebook.vinagrid.com
- 10.255.255.255 (lp A)
172.16.0.0
- 172.31.255.255 (lp B)
192.168.0.0
- 192.168.255.255 (lp C)
156
Ebook 4 U
ebook.vinagrid.com
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
Ebook 4 U
ebook.vinagrid.com
160
Ebook 4 U
ebook.vinagrid.com
161
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
Hnh 5.22: X l cc yu cu n
Gi s rng ci t proxy server vi hai giao tip kt ni, mt kt ni
ti Internet v mt kt ni vo mng dng ring. Nu lc gi hot ng v sau
, b lc gi IP t chi yu cu th yu cu s b t chi. Nu cc qui tc
qung b web t chi yu cu th yu cu cng b loi b. Nu mt qui tc nh
tuyn c thit lp yu cu c nh tuyn ti mt Server upstream hoc mt
site ch k phin th Server c xc nh s x l yu cu. Nu mt qui tc
nh tuyn ch ra rng cc yu cu c nh tuyn ti mt Server c th th
web Server trong s tr v i tng.
2.3. Proxy client v cc phng thc nhn thc
165
Ebook 4 U
ebook.vinagrid.com
166
Ebook 4 U
ebook.vinagrid.com
thc nhn thc V5 Kerberos hoc giao thc nhn thc challenge/response ca
n.
4. Chng thc client v chng thc server
Ta c th s dng cc c tnh ca SSL nhn thc. Chng thc c
s dng theo hai cch khi mt client yu cu mt i tng t server: server
nhn thc chnh n bng cch gi i mt chng thc server cho client. Server
yu cu client nhn thc chnh n (Trong trng hp ny client phi a ra mt
chng thc client ph hp ti server).
SSL nhn thc bng cch kim tra ni dung ca mt chng thc s c
m ho do proxy client trnh ln trong qu trnh ng nhp (Cc ngi dng
c th c c cc chng thc s t mt t chc ngoi c tin tng cao).
Cc chng thc v server bao gm cc thng tin nhn bit v server. Cc chng
thc v client thng gm cc thng tin nhn bit v ngi dng v t chc
a ra chng thc
Chng thc client: Nu chng thc client c la chn l phng thc
xc thc th proxy server yu cu client gi chng thc n trc khi yu cu
mt i tng. Proxy server nhn yu cu v gi mt chng thc cho client.
Client nhn chng thc ny v kim tra xem c thc l thuc v proxy server .
Client gi yu cu ca n cho proxy server, tuy nhin proxy server yu cu mt
chng thc t client m c a ra trc . Proxy server kim tra xem
chng thc c thc s thucc v client c php truy cp khng.
Chng thc server: Khi mt client yu cu mt i tng SSL t mt
server, client yu cu server phi nhn thc chnh n. Nu proxy server kt
thc mt kt ni SSL th sau proxy server s phi nhn thc chnh n cho
client. Ta phi thit lp v ch nh cc chng thc v pha server s dng
khi nhn thc server cho client
5. Nhn thc pass-though
Nhn thc pass-though ch n kh nng ca proxy server chuyn thng
tin nhn thc ca client cho server ch. Proxy server h tr nhn thc cho c
cc yu cu i v n. Hnh v sau m t trng hp nhn thc pass-though.
ebook.vinagrid.com
168
Ebook 4 U
ebook.vinagrid.com
169
Ebook 4 U
ebook.vinagrid.com
2. Khi gi d liu u tin ti NAT router, NAT router thc hin vic kim
tra trong bng NAT. Nu s chuyn i a ch c trong bng, NAT router
thc hin bc th 3. Nu khng c s chuyn i no c tm thy, NAT
router xc nh rng a ch 10.1.1.25 phi c chuyn i. NAT router xc
nh mt a ch mi v cu hnh mt chuyn i i vi a ch 10.1.1.25 ti
a ch hp l ngoi mng (Internet) t dy a ch ng c nh ngha t
trc v d 203.162.94.163.
3. NAT router thay th a ch 10.1.1.25 bng a ch 203.162.94.163 sau
gi c chuyn tip ti ch.
4. Server 203.162.0.12 trn Internet nhn gi v phc p tr li NAT
router vi a ch 203.162.94.163.
5. Khi NAT router nhn c gi phc p t Server vi a ch ch n
l 203.162.94.163, n thc hin vic tm kim trong bng NAT. Bng NAT ch
ra rng a ch mng trong 10.1.1.25 (tng ng c nh x ti a ch
203.162.94.163 mng ngoi) s nhn c gi tin ny. NAT router thc hin
vic chuyn i a ch ch trong gi tin l 10.1.1.25 v chuyn gi tin ny ti
ch (10.1.1.25). My 10.1.1.25 nhn gi v tip tc thc hin vi cc gi tip
theo vi cc bc tun t nh trn.
Trong trng hp mun s dng mt a ch mng ngoi cho nhiu a
ch mng trong. NAT router s duy tr cc thng tin th tc mc cao hn trong
bng NAT i vi cc s hiu cng TCP v UDP chuyn i a ch mng
ngoi tr li chnh xc ti cc a ch mng trong.
Nh vy NAT cho php cc client trong mng dng ring vi vic s
dng cc a ch IP dng ring truy cp vo mt mng bn ngoi nh mng
Internet.Cung cp kt ni ra ngoi Internet trong cc mng khng c cung
cp cc a ch Internet c ng k. Thch hp cho vic chuyn i a ch
trong hai mng Intranet ghp ni nhau. Chuyn i cc a ch IP ni ti c
ISP c phn b thnh cc a ch c phn b bi ISP mi m khng cn thit
lp th cng cc giao din mng cc b.
NAT c th c s dng mt cch c nh hoc ng. Chuyn i c
nh xy ra khi ta thit lp th cng mt bng a ch cng cc a ch IP. Mt
a ch c th bn trong mng s dng mt a ch IP (c thit lp th cng
bi ngi qun tr mng) truy cp ra mng ngoi. Cc thit lp ng cho
php ngi qun tr thit lp mt hoc nhiu cc nhm a ch IP dng chung
ng k. Nhng a ch trong nhm ny c th c s dng bi cc client
trn mng dng ring truy cp ra mng ngoi. Vic ny cho php nhiu
client trong mng s dng cng mt a ch IP.
NAT cng c mt s nhc im nh lm tng tr ca cc gi tin
trn mng. NAT phi x l mi gi quyt nh xem liu cc header c
thay i nh th no. Khng phi bt k ng dng no cng c th chy c
vi NAT. NAT h tr nhiu giao thc truyn thng v cng rt nhiu giao thc
khng c h tr. Cc giao thc c NAT h tr nh:TCP,UDP, HTTP,
TFTP, FTPCc thng tin khng c h tr nh: IP multicast, BOOTP,
DNS zone transfer, SNMP
170
Ebook 4 U
ebook.vinagrid.com
Proxy v NAT
Nh phn tch c dch v NAT v dch v Proxy u c th l mt
gii php kt ni cc mng dng ring ra Internet, tuy nhin mi dch v li
c cc u im v nhc im ring.
Dch v proxy cho kh nng thi hnh v tc cao hn nh tnh nng
cache, tuy nhin s dng cache c th a ra cc i tng qu hn cn phi
c cc chnh sch cache hp l m bo tnh thi s ca cc i tng.
Chnh v s dng cache nn gim ti trn kt ni truy cp Internet. NAT khng
c tnh nng cache.
Dch v proxy phi c trin khai i vi tng ng dng, trong khi
NAT l mt tin trnh trong sut hn. Hu ht cc ng dng u c th lm
vic c vi NAT. NAT d ci t v vn hnh, dng nh khng phi lm g
nhiu vi NAT sau khi ci t.
Ti cc client, i vi NAT khng phi thit t g nhiu ngoi vic cu
hnh tham s default gateway ti Server NAT. Trong khi s dng dch v
proxy, cn phi c cc chng trnh proxy client lm vic vi proxy server.
Dch v proxy cho php thit t cc chnh sch ti ngi dng, vi
NAT vic s dng cc tnh nng ny c hn ch rt nhiu, c th ni s dng
dch v proxy l cch truy cp an ton nht kt ni mng dng ring ra
ngoi Internet.
ebook.vinagrid.com
ebook.vinagrid.com
M t
Ch c
HTTP
v FTP
Cache
Lu tr nh k cc i tng web
vo RAM v a cng ca ISA
server
Khng
VPN
Khng
Lc gi
iu khin dng gi IP i v n
Khng
Lc ng dng
Khng
Qung b Web
Khng
Qung b Server
Khng
Cnh bo
Ch Ch
firewall cache
173
Ebook 4 U
ebook.vinagrid.com
Bo co
4. Bi tp thc hnh.
Yu cu v Phng hc l thuyt: S lng my tnh theo s lng hc
vin trong lp hc m bo mi hc vin c mt my tnh, cu hnh my ti
thiu nh sau (PIII 800 MHZ, 256 MB RAM, HDD 1GB,FDD, CDROM 52 x).
My tnh ci t Windows 2000 advance server. Cc my tnh c ni
mng chy giao thc TCP/IP.
Thit b thc hnh: a ci phn mm Windows 2000 Advance Server,
a ci phn mm ISA Server 2000. Mi my tnh c 01 Modem V.90 v 01
ng in thoi. 01 account truy cp internet
Bi 1: Cc bc ci t c bn phn mm ISA server 2000.
Bc 1: Cc bc ci t c bn.
9
174
Ebook 4 U
ebook.vinagrid.com
Start ISA Server Getting Started Wizard check box, sau kch OK.
175
Ebook 4 U
ebook.vinagrid.com
9 Kch chut phi Default Web Site (Stopped), sau kch Properties. V
ISA Server s dng cc cng 80 and 8080, bn phi cu hnh IIS phc v
cc kt ni t cc client ti trn cng khc. Bn s cu hnh IIS phc c cc
yu cu ny trn cng TCP 8008.
9 Trong hp thoi Default Web Site (Stopped) Properties, trong hp TCP
Port, g 8008 sau kch OK.
9
Kch chut phi Default Web Site (Stopped), sau kch Start.
176
Ebook 4 U
ebook.vinagrid.com
Kch Access Policy, kch chut phi vo Protocol Rule, sau chn New -->
Rule.
9
9
Trong hp thoi Internet Connection Wizard, chn Do not show the Internet
Connection wizard in the future, sau kch Yes.
Ebook 4 U
ebook.vinagrid.com
Kim tra rng la chn Bypass proxy server for local addresses b, sau
kch OK hai ln.
Bi 3: Thit t cc chnh sch cho cc yu cu truy cp v s dng cc
dch v trn mng internet.
I.Thit lp cc thnh phn chnh sch
Bc 1: Thit lp lch trnh
9
9
Kch Add.
Trong hp thoi Add/Edit Destination trong mc Destination g
home.vnn.vn
Bc 3: Thit lp client address set
Ebook 4 U
ebook.vinagrid.com
g vo 39000
Trong danh sch Direction kch Send Receive sau kch Next.
Trong danh sch Protocol type kim tra rng TCP c la chn, trong
mc Direction
Kch Next sau trong trang Completing the New Protocol Definition
ng Internet Explorer.
Trong ISA Management m rng Access Policy sau kch Protocol Rules.
Trong New Protocol Rule Wizard, trong mc Protocol rule name g Allow
HTTP, HTTP-S, and FTP sau kch Next.
Trong trang Protocols kim tra rng Selected protocols c chn, kch
xa Gopher check box sau kch Next.
Trong trang Schedule kim tra rng Always c la chn sau kch
Next.
179
Ebook 4 U
ebook.vinagrid.com
9
9
9
Trong trang Client Type kim tra rng Any request c chn, sau
kch Next.
Trong trang Completing the New Protocol Rule Wizard kch Finish.
M Internet Explorer ti mt my tnh trm, trong mc Address g
http://home.vnn.vn sao n ENTER. Kim tra rng trnh duyt kt ni thnh
cng ni dung trang web c hin th
ng Internet Explorer.
Bc 2: Thit lp mt qui tc giao thc cho php ngi dng trong nhm
Domain Admins truy cp Internet s dng tt c cc giao thc.
Trong New Protocol Rule Wizard, trong mc Protocol rule name g Allow
All Access for Administrators sau kch Next.
Trong trang Rule Action kim tra rng Allow c chn sau kch
Next.
Trong trang Protocols, trong danh sch Apply this rule to kim tra rng All
IP traffic c chn sau kch Next.
Trong trang Schedule, kim tra rng Always c chn sau kch
Next.
Trong trang Client Type, kch Specific users and groups, sau kch Next.
Trong hp thoi Select Users or Groups, kch Domain Admins, kch Add,
sau kch OK.
Trong trang Completing the New Protocol Rule Wizard kch Finish.
Bc 3: Thit lp mt qui tc giao thc t chi ngi dng trong nhm
Accounting Department nh ngha trong client set truy cp Internet.
9
9
9
Trong trang Protocols, trong danh sch Apply this rule to, kim tra rng All
IP traffic c la chn, sau kch Next.
Trong trang Schedule, kim tra rng Always c la chn, sau kch
Next.
180
Ebook 4 U
ebook.vinagrid.com
Trong hp thoi Add Client Sets, kch Accounting Department, kch Add,
sau kchOK.
Trong trang Completing the New Protocol Rule Wizard, kch Finish.
Kim tra xc nhn vic truy cp khng thnh cng t nhm nhm
Accounting Department
Bc 4: Xa qui tc giao thc t chi ngi dng trong nhm Accounting
Department
Trong New Site and Content Rule Wizard, trong mc Site and content rule
Trong trang Rule Action, kim tra rng Deny c chn, sau kch
Next.
Trong trang Destination Sets, trong danh sch Apply this rule to, kch
Specified destination set.
Trong danh sch Name, la chn set1 ( thit lp phn trn), sau kch
Next.
Trong trang Schedule, chn schedule1 ( thit lp phn trn), sau kch
Next.
Trong trang Client Type, kim tra rng Any request c chn, sau
kch Next.
Trong trang Completing the New Site and Content Rule Wizard, kch
Finish.
Bc 2:
Kim tra qui tc va thit lp
9
9
Ebook 4 U
ebook.vinagrid.com
1. Bo mt h thng
1.1. Cc vn chung v bo mt h thng v mng
Do c im ca mt h thng mng l c nhiu ngi s dng v phn
tn v mt a l nn vic bo v cc ti nguyn (mt mt, hoc s dng khng
hp l) trong mi trng mng phc tp hn nhiu so vi mi trng mt my
tnh n l, hoc mt ngi s dng.
Hot ng ca ngi qun tr h thng mng phi m bo cc thng tin
trn mng l tin cy v s dng ng mc ch, i tng ng thi m bo
mng hot ng n nh, khng b tn cng bi nhng k ph hoi.
C mt thc t l khng mt h thng mng no m bo l an ton
tuyt i, mt h thng d c bo v chc chn n mc no th cng c lc
b v hiu ho bi nhng k c xu.
1.1.1. Mt s khi nim v lch s bo mt h thng
Trc khi tm hiu cc vn lin quan n phng thc ph hoi v
cc bin php bo v cng nh thit lp cc chnh sch v bo mt, ta s tm
hiu mt s khi nim lin quan n bo mt thng tin trn mng Internet.
182
Ebook 4 U
ebook.vinagrid.com
183
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
hng loi ny v bn thn vic thit k giao thc tng Internet (IP) ni ring
v b giao thc TCP/IP cha ng nhng nguy c tim tng ca cc l hng
ny.
V d in hnh ca phng thc tn cng DoS l cc cuc tn cng vo
mt s Web Site ln lm ngng tr hot ng ca web site ny nh:
www.ebay.com v www.yahoo.com.
Tuy nhin, mc nguy him ca cc l hng loi ny c xp loi C,
t nguy him v chng ch lm gin on s cung cp dch v ca h thng
trong mt thi gian m khng lm nguy hi n d liu v nhng k tn cng
cng khng t c quyn truy nhp bt hp php vo h thng.
Mt l hng loi C khc cng thng thy l cc im yu ca dch
v cho php thc hin tn cng lm ngng tr h thng ca ngi s dng
cui. Ch yu hnh thc tn cng ny l s dng dch v Web. Gi s trn mt
Web Server c nhng trang Web trong c cha cc on m Java hoc
JavaScripts, lm "treo" h thng ca ngi s dng trnh duyt Web ca
Netscape bng cc bc sau:
- Vit cc on m nhn bit c Web Browers s dng Netscape.
- Nu s dng Netscape, s to mt vng lp v thi hn, sinh ra v s
cc ca s, trong mi ca s ni n cc Web Server khc nhau.
Vi mt hnh thc tn cng n gin ny, c th lm treo h thng trong
khong thi gian 40 giy (i vi my client c 64 MB RAM). y cng l
mt hnh thc tn cng kiu DoS. Ngi s dng trong trng hp ny ch c
th khi ng li h thng.
Mt l hng loi C khc cng thng gp i vi cc h thng mail l
khng xy dng cc c ch anti-relay (chng relay) cho php thc hin cc
hnh ng spam mail. Nh chng ta bit, c ch hot ng ca dch v th
in t l lu v chuyn tip. Mt s h thng mail khng c cc xc thc khi
ngi dng gi th, dn n tnh trng cc i tng tn cng li dng cc
my ch mail ny thc hin spam mail. Spam mail l hnh ng nhm lm
t lit dch v mail ca h thng bng cch gi mt s lng ln cc message
ti mt a ch khng xc nh, v my ch mail lun phi tn nng lc i tm
nhng a ch khng c thc dn n tnh trng ngng tr dch v. Cc message
c th sinh ra t cc chng trnh lm bom th rt ph bin trn mng Internet.
b) Cc l hng loi B:
L hng loi ny c mc nguy him hn l hng loi C, cho php
ngi s dng ni b c th chim c quyn cao hn hoc truy nhp khng
hp php.
V d trn hnh 12, l hng loi B c th c i vi mt h thng UNIX
m file /etc/passwd dng plaintext; khng s dng c ch che mt khu
trong UNIX (s dng file /etc/shadow)
Nhng l hng loi ny thng xut hin trong cc dch v trn h
thng. Ngi s dng local c hiu l ngi c quyn truy nhp vo h
thng vi mt s quyn hn nht nh.
186
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
188
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
P = L x R /S
Trong :
P: Xc sut thnh cng
L: Thi gian sng ca mt mt khu
R: Tc th
S: Khng gian mt khu = AM (M l chiu di mt khu)
V d, trn h thng UNIX ngi ta chng minh c rng nu mt
khu di qu 8 k t th xc sut ph kho gn nh = 0. C th nh sau:
Nu s dng khong 92 k t c th t mt khu, khng gian mt khu
c th c l S = 928
Vi tc th l 1000 mt khu trong mt giy c R = 1000/s
Thi gian sng ca mt mt khu l 1 nm
Ta c xc sut thnh cng l :
P = 1x 365 x 86400 x 1000/928 = 1/1.000.000
Nh vy vic d mt khu l khng th v s mt khong 100 nm mi
tm ra mt khu chnh xc.
Thng thng cc chng trnh ph kho thng kt hp mt s thng
tin khc trong qu trnh d mt khu nh:
- Cc thng tin trong tp tin /etc/passwd
- Mt s t in
- T lp v cc t lit k tun t, chuyn i cch pht m ca mt t ...
Bin php khc phc i vi cch thc ph hoi ny l cn xy dng
mt chnh sch bo v mt khu ng n.
c) Trojans
Da theo truyn thuyt c Hy lp "Nga thnh Trojan", trojans l mt
chng trnh chy khng hp l trn mt h thng vi vai tr nh mt chng
trnh hp php. Nhng chng trnh ny thc hin nhng chc nng m ngi
s dng h thng thng khng mong mun hoc khng hp php. Thng
thng, trojans c th chy c l do cc chng trnh hp php b thay
i m ca n bng nhng m bt hp php.
Cc chng trnh virus l mt loi in hnh ca Trojans. Nhng
chng trnh virus che du cc on m trong cc chng trnh s dng hp
190
Ebook 4 U
ebook.vinagrid.com
191
Ebook 4 U
ebook.vinagrid.com
192
Ebook 4 U
ebook.vinagrid.com
193
Ebook 4 U
ebook.vinagrid.com
194
Ebook 4 U
ebook.vinagrid.com
firewalls
Physical protection
data encrytion
login/password
Information
Access rights
ebook.vinagrid.com
No mail.
Sun Microsystems Inc. SunOS 5.7
/export/home/ptthanh
196
Ebook 4 U
ebook.vinagrid.com
b) Logfile UTMP
Logfile ny ghi li thng tin v nhng ngi ang login vo h thng,
thng nm th mc /etc/utmp. xem thng tin trong logfile c th s dng
cc tin ch nh who, w, finger, rwho, users. V d ni dung ca logfile dng
lnh who nh sau:
/export/home/vhai% who
root
console
Aug 10 08:45
(:0)
ptthanh
pts/4
Sep 15 15:27
(203.162.0.87)
ptthanh
pts/6
Sep 15 15:28
(203.162.0.87)
root
pts/12
Sep 7 16:35
(:0.0)
root
pts/13
Sep 7 11:35
(:0.0)
root
pts/14
Sep 7 11:39
(:0.0)
c) Logfile WTMP
Logfile ny ghi li cc thng tin v cc hot ng login v logout vo h
thng. N c chc nng tng t vi logfile UTMP. Ngoi ra cn ghi li cc
thng tin v cc ln shutdown, reboot h thng, cc phin truy nhp hoc ftp v
thng nm th mc /var/adm/wtmp. Logfile ny thng c xem bng
lnh "last". V d ni dung nh sau:
/export/home/vhai% last | more
ptthanh
ptthanh
pts/10
203.162.0.85
pts/10
vtoan pts/10
203.162.0.87
vtoan pts/6
203.162.0.87
vtoan pts/4
d) Tin ch Syslog
y l mt cng c ghi logfile rt hu ch, c s dng rt thng dng
trn cc h thng UNIX. Tin ch syslog gip ngi qun tr h thng d dng
trong vic thc hin ghi logfile i vi cc dch v khc nhau. Thng thng
tin ch syslog thng c chy di dng mt daemon v c kch hot khi
h thng khi ng. Daemon syslogd ly thng tin t mt s ngun sau:
- /dev/log: Nhn cc messages t cc tin trnh hot ng trn h thng
- /dev/klog: nhn messages t kernel
- port 514: nhn cc messages t cc my khc qua port 514 UDP.
Khi syslogd nhn cc messages t cc ngun thng tin ny n s thc
hin kim tra file cu hnh ca dch v l syslog.conf to log file tng ng.
C th cu hnh file syslog.conf to mt message vi nhiu dch v khc
nhau.
197
Ebook 4 U
ebook.vinagrid.com
/dev/console
*.err;kern.debug;daemon.notice;mail.crit
/var/adm/messages
*.alert;kern.err;daemon.err
operator
*.alert
root
*.emerg
f) Tin ch cron
Tin ch cron s ghi li logfile ca cc hot ng thc hin bi lnh
crontabs. Thng thng, logfile ca cc hot ng cron lu trong file
/var/log/cron/log. Ngoi ra, c th cu hnh syslog ghi li cc logfile ca
hot ng cron.
V d ni dung ca logfile cron nh sau:
198
Ebook 4 U
ebook.vinagrid.com
g) Logfile ca sendmail
Hot ng ghi log ca sendmail c th c ghi qua tin ch syslog.
Ngoi ra chng trnh sendmail cn c la chn "-L + level security" vi mc
bo mt t "debug" ti "crit" cho php ghi li logfile. V sendmail l mt
chng trnh c nhiu bug, vi nhiu l hng bo mt nn ngi qun tr h
thng thng xuyn nn ghi li logfile i vi dch v ny.
h) Logfile ca dch v FTP
Hu ht cc daemon FTP hin nay u cho php cu hnh ghi li
logfile s dng dch v FTP trn h thng . Hot ng ghi logfile ca dch v
FTP thng c s dng vi la chn "-l", cu hnh c th trong file
/etc/inetd.conf nh sau:
# more /etc/inetd.conf
ftp
stream tcp
nowait root
/etc/ftpd/in.ftpd
in.ftpd l
ftplogfile
199
Ebook 4 U
ebook.vinagrid.com
200
Ebook 4 U
ebook.vinagrid.com
201
Ebook 4 U
ebook.vinagrid.com
202
Ebook 4 U
ebook.vinagrid.com
203
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
209
Ebook 4 U
ebook.vinagrid.com
- FTP gateway: Kim sot truy cp FTP gia LAN v vng DMZ. Cc
truy cp ftp t mng LAN ra Internet l t do. Cc truy cp FTP vo LAN i
hi xc thc thng qua Authentication Server.
- Telnet Gateway: Kim sot truy cp telnet gia mng LAN v Internet.
Ging nh FTP, ngi dng c th telnet ra ngoi t do, cc telnet t ngoi vo
yu cu phi xc thc qua Authentication Server
- Authentication Server: c s dng bi cc cng giao tip, nhn din
cc yu cu kt ni, dng cc k thut xc thc mnh nh one-time
password/token (mt khu s dng mt ln). Cc my ch dch v trong mng
LAN c bo v an ton, khng c kt ni trc tip vi Internet, tt c cc
thng tin trao i u c kim sot qua gateway.
2.1.4. Phn loi Firewall
C kh nhiu loi firewall, mi loi c nhng u v nhc im ring.
Tuy nhin thun tin cho vic nghin cu ngi ta chia h thng lm 2 loi
chnh:
- Packet filtering: l h thng firewall cho php chuyn thng tin gia h
thng trong v ngoi mng c kim sot.
- Application-proxy firewall: l h thng firewall thc hin cc kt ni
thay cho cc kt ni trc tip t my khch yu cu.
2.1.4.1. Packet Filtering
Kiu firewall chung nht l kiu da trn mc mng ca m hnh OSI.
Firewall mc mng thng hot ng theo nguyn tc router hay cn c gi
l router, c ngha l to ra cc lut cho php quyn truy nhp mng da trn
mc mng. M hnh ny hot ng theo nguyn tc lc gi tin (packet
filtering).
kiu hot ng ny cc gi tin u c kim tra a ch ngun ni
chng xut pht. Sau khi a ch IP ngun c xc nh th n c kim tra
vi cc lut c t ra trn router. V d ngi qun tr firewall quyt nh
rng khng cho php bt k mt gi tin no xut pht t mng microsoft.com
c kt ni vi mng trong th cc gi tin xut pht t mng ny s khng bao
gi n c mng trong.
Cc firewall hot ng lp mng (tng t nh mt router) thng
cho php tc x l nhanh bi n ch kim tra a ch IP ngun m khng c
mt lnh thc s no trn router, n khng cn mt khong thi gian no
xc nh xem l a ch sai hay b cm. Nhng iu ny b tr gi bi tnh tin
cy ca n. Kiu firewall ny s dng a ch IP ngun lm ch th, iu ny to
ra mt l hng l nu mt gi tin mang a ch ngun l a ch gi th nh vy
n s c c mt s mc truy nhp vo mng trong ca bn.
Tuy nhin c nhiu bin php k thut c th c p dng cho vic lc
gi tin nhm khc phc yu im ny. V d nh i vi cc cng ngh packet
filtering phc tp th khng ch c trng a ch IP c kim tra bi router
m cn c cc trng khc na c kim tra vi cc lut c to ra trn
210
Ebook 4 U
ebook.vinagrid.com
firewall, cc thng tin khc ny c th l thi gian truy nhp, giao thc s
dng, port ...
Firewall kiu Packet Filtering c th c phn thnh 2 loi:
a) Packet filtering firewall: hot ng ti lp mng ca m hnh OSI
hay lp IP trong m hnh giao thc TCP/IP.
ebook.vinagrid.com
212
Ebook 4 U
ebook.vinagrid.com
213
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
16 Mbytes
Card mng
Thit b khc
CD-ROM
215
Ebook 4 U
ebook.vinagrid.com
Card mng
Thit b khc
CD-ROM
16 Mbytes
Card mng
Thit b khc
CD-ROM
216
Ebook 4 U
ebook.vinagrid.com
217
Ebook 4 U
ebook.vinagrid.com
218
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
220
Ebook 4 U
ebook.vinagrid.com
221
Ebook 4 U
ebook.vinagrid.com
ebook.vinagrid.com
ebook.vinagrid.com
224
Ebook 4 U
ebook.vinagrid.com
Chn ch IP Forwarding:
225
Ebook 4 U
ebook.vinagrid.com
226
Ebook 4 U
ebook.vinagrid.com
227
Ebook 4 U
ebook.vinagrid.com
228
Ebook 4 U
ebook.vinagrid.com
2.
3.
4.
5.
6.
7.
DNS and BIND, 3trd Edition - Paul Albitz and Cricket Liu, 09/1998
8.
9.
229
Ebook 4 U
ebook.vinagrid.com