GiaoTrinhQuanTriMang Ebook4you

Gio trnh Qun tr mng
v
Thit b mng
Ebook 4 U ebook.vinagrid.com
Mc lc
1
LI NI U............................................................................................................... 5
PHN I: KHI QUT V CNG NGH MNG...................................................... 6
CHNG 1: TNG QUAN V CNG NGH MNG MY TNH V MNG
CC B......................................................................................................................... 6
MUC 1: MNG MY TNH........................................................................................ 6
1. GII THIU MNG MY TNH............................................................................ 6
1.1. nh ngha mng my tnh v mc ch ca vic kt ni mng............................. 6
1.1.1. Nhu cu ca vic kt ni mng my tnh............................................................. 6
1.1.2. nh ngha mng my tnh................................................................................... 6
1.2. c trng k thut ca mng my tnh................................................................... 7
1.2.1. ng truyn ....................................................................................................... 7
1.2.2. K thut chuyn mch ......................................................................................... 7
1.2.3. Kin trc mng..................................................................................................... 7
1.2.4. H iu hnh mng .............................................................................................. 8
1.3. Phn loi mng my tnh......................................................................................... 8
1.3.1. Phn loi mng theo khong cch a l :............................................................ 8
1.3.2. Phn loi theo k thut chuyn mch: ................................................................. 8
1.3.3. Phn loi theo kin trc mng s dng................................................................ 9
1.3.4. Phn loi theo h iu hng mng ....................................................................... 9
1.4. Cc mng my tnh thng dng nht ...................................................................... 9
1.4.1. Mng cc b......................................................................................................... 9
1.4.2. Mng din rng vi kt ni LAN to LAN........................................................... 9
1.4.3. Lin mng INTERNET...................................................................................... 10
1.4.4. Mng INTRANET............................................................................................. 10
2. MNG CC B, KIN TRC MNG CC B................................................. 10
2.1. Mng cc b.......................................................................................................... 10
2.2. Kin trc mng cc b.......................................................................................... 10
2.2.1. hnh mng (Network Topology) .................................................................. 10
2.3. Cc phng php truy cp ng truyn vt l.................................................... 12
3. CHUN HO MNG MY TNH........................................................................ 13
3.1. Vn chun ho mng v cc t chc chun ho mng..................................... 13
3.2. M hnh tham chiu OSI 7 lp.............................................................................. 13
3.3. Cc chun kt ni thng dng nht IEEE 802.X v ISO 8802.X......................... 14
MC 2: CAC THIT B MNG THONG DNG VA CAC CHUN KT NI VT
L................................................................................................................................ 15
1.CC THIT B MNG THNG DNG................................................................ 15
1.1. Cc loi cp truyn................................................................................................ 15
1.1.1. Cp i dy xon (Twisted pair cable) .............................................................. 15
1.1.2. Cp ng trc (Coaxial cable) bng tn c s................................................... 15
1.1.3. Cp ng trc bng rng (Broadband Coaxial Cable)....................................... 16
1.1.4. Cp quang .......................................................................................................... 16
1.2. Cc thit b ghp ni ............................................................................................. 17
1.2.1. Card giao tip mng (Network Interface Card - NIC) .................................... 17
1.2.2. B chuyn tip (REPEATER ) .......................................................................... 17
1.2.3. Cc b tp trung (Concentrator hay HUB) ........................................................ 17
1.2.4. Switching Hub (hay cn gi tt l switch)......................................................... 17
1.2.5. Modem............................................................................................................... 18
1.2.6. Multiplexor - Demultiplexor.............................................................................. 18
1.2.7. Router................................................................................................................. 18
2. MT S KIU NI MNG THNG DNG V CC CHUN......................... 19
Mc lc
2
2.1.Cc thnh phn thng thng trn mt mng cc b ............................................ 18
2.2. Kiu 10BASE5...................................................................................................... 19
2.3. Kiu 10BASE2...................................................................................................... 19
2.4. Kiu 10BASE-T.................................................................................................... 20
2.5. Kiu 10BASE-F.................................................................................................... 20
CHNG 2: GII THIU GIAO THC TCP/IP...................................................... 22
1. GIAO THC IP...........................................................................................................
1.1. H giao thc TCP/IP............................................................................................. 21
1.2. Chc nng chnh ca - Giao thc lin mng IP(v4) ............................................. 23
1.3. a ch IP ............................................................................................................. 23
1.4. Cu trc gi d liu IP.......................................................................................... 24
1.5. Phn mnh v hp nht cc gi IP........................................................................ 25
1.6. nh tuyn IP........................................................................................................ 25
2. MT S GIAO THC IU KHIN ................................................................... 26
2.1. Giao thc ICMP.................................................................................................... 26
2.2. Giao thc ARP v giao thc RARP...................................................................... 26
3.1. Giao thc TCP ...................................................................................................... 27
3.1.1 Cu trc gi d liu TCP .................................................................................... 27
3.1.2 Thit lp v kt thc kt ni TCP ....................................................................... 28
PHN II: QUN TR MNG..................................................................................... 30
CHNG 3: TNG QUAN V B NH TUYN................................................. 33
1. L THUYT V B NH TUYN..................................................................... 33
1.1. Tng quan v b nh tuyn.................................................................................. 32
1.2. Cc chc nng chnh ca b nh tuyn, tham chiu m hnh OSI ...................... 32
1.3. Cu hnh c bn v chc nng ca cc b phn ca b nh tuyn...................... 34
2. GII THIU V B NH TUYN CISCO......................................................... 35
2.1. Gii thiu b nh tuyn Cisco ............................................................................. 35
2.2. Mt s tnh nng u vit ca b nh tuyn Cisco ............................................... 36
2.3. Mt s b nh tuyn Cisco thng dng............................................................... 36
2.4. Cc giao tip ca b nh tuyn Cisco.................................................................. 40
2.5. Kin trc module ca b nh tuyn Cisco........................................................... 41
3. CCH S DNG LNH CU HNH B NH TUYN................................... 47
3.1. Gii thiu giao tip dng lnh ca b nh tuyn Cisco....................................... 47
3.2. Lm quen vi cc ch cu hnh........................................................................ 50
3.3. Lm quen vi cc lnh cu hnh c bn................................................................ 53
3.4. Cch khc phc mt s li thng gp................................................................. 60
4. CU HNH B NH TUYN CISCO................................................................. 61
4.1. Cu hnh leased-line.............................................................................................. 61
4.2. Cu hnh X.25 & Frame Relay ............................................................................. 65
4.3. Cu hnh Dial-up................................................................................................... 80
4.4. nh tuyn tnh v ng........................................................................................ 83
5. B CHUYN MCH LP 3.................................................................................. 89
5.1. Tng quan v kin trc b chuyn mch lp 3..................................................... 89
5.2. nh tuyn trn b chuyn mch lp 3................................................................. 91
5.3. S lc v cc b chuyn mch lp 3 thng dng ca Cisco............................... 92
6. BI TP THC HNH S DNG B NH TUYN CISCO.......................... 95
Bi 1: Thc hnh nhn din thit b, u ni thit b................................................... 94
Bi 2: Thc hnh cc lnh c bn................................................................................ 94
Bi 3: Cu hnh b nh tuyn vi m hnh u ni leased-line.................................. 94
Bi 4: Cu hnh b nh tuyn vi Dial-up.................................................................. 94
Mc lc
3
Thit b phng lab........................................................................................................ 95
CHNG 4: H THNG TN MIN DNS .............................................................. 96
1. GII THIU............................................................................................................ 96
1.1. Lch s hnh thnh ca DNS................................................................................. 96
1.2. Mc ch ca h thng DNS................................................................................. 96
2. DNS SERVER V CU TRC C S D LIU TN MIN............................ 98
2.1.Cu trc c s d liu ............................................................................................ 98
2.2. Phn loi DNS server v ng b d liu gia cc DNS server......................... 101
3. HOT NG CA H THNG DNS................................................................ 105
4. BI TP THC HNH ....................................................................................... 109
Bi 1: Ci t DNS Server cho Window 2000 .......................................................... 109
Bi 2: Ci t, cu hnh DNS cho Linux ................................................................... 118
CHNG 5: DCH V TRUY CP T XA V DCH V PROXY.................... 128
MC 1: DCH V TRUY CP T XA (REMOTE ACCESS)............................... 128
1. CC KHI NIM V CC GIAO THC. ......................................................... 128
1.1. Tng quan v dch v truy cp t xa................................................................... 128
1.2. Kt ni truy cp t xa v cc giao thc s dng trong truy cp t xa ................ 129
1.3. Modem v cc phng thc kt ni vt l.......................................................... 133
2. AN TON TRONG TRUY CP T XA............................................................. 135
2.1. Cc phng thc xc thc kt ni ...................................................................... 135
2.2. Cc phng thc m ha d liu ........................................................................ 137
3. TRIN KHAI DCH V TRUY CP T XA..................................................... 138
3.1. Kt ni gi vo v kt ni gi ra......................................................................... 138
3.2. Kt ni s dng a lung (Multilink) ................................................................. 139
3.3. Cc chnh sch thit lp cho dch v truy nhp t xa ......................................... 140
3.4. S dng dch v gn a ch ng DHCP cho truy cp t xa ............................. 141
3.5. S dng RadiusServer xc thc kt ni cho truy cp t xa. .......................... 142
3.6. Mng ring o v kt ni dng dch v truy cp t xa ....................................... 144
3.7. S dng Network and Dial-up Connection......................................................... 145
3.8. Mt s vn x l s c trong truy cp t xa .................................................. 146
4. BI TP THC HNH ....................................................................................... 147
Bi 1: Thit lp dialup networking to ra kt ni Internet. truy cp Internet v gii
thiu cc dch v c bn............................................................................................. 147
Bi 2: Ci t v cu hnh dch v truy cp t xa cho php ngi dng t xa truy cp
vo mng trn h iu hnh Windows 2000 server. .................................................. 148
Bi 3: Cu hnh VPN server v thit lp VPN Client, kim tra kt ni t VPN Client
ti VPN server ........................................................................................................... 151
MC 2 : DCH V PROXY - GII PHP CHO VIC KT NI MNG DNG
RING RA INTERNET............................................................................................ 152
1. CC KHI NIM................................................................................................. 152
1.1. M hnh client server v mt s kh nng ng dng.......................................... 152
1.2. Socket.................................................................................................................. 153
1.3. Phng thc hot ng v c im ca dch v Proxy..................................... 155
1.4. Cache v cc phng thc cache........................................................................ 157
2. TRIN KHAI DCH V PROXY......................................................................... 159
2.1. Cc m hnh kt ni mng .................................................................................. 159
2.2. Thit lp chnh sch truy cp v cc qui tc ....................................................... 162
2.3. Proxy client v cc phng thc nhn thc........................................................ 165
2.4. NAT v proxy server .......................................................................................... 169
3. CC TNH NNG CA PHN MM MICROSOFT ISA SERVER 2000........ 171
Mc lc
4
3.1. Cc phin bn...................................................................................................... 171
3.2. Li ch................................................................................................................. 171
3.3. Cc ch ci t ............................................................................................... 172
3.4. Cc tnh nng ca mi ch ci t ................................................................. 173
4. BI TP THC HNH. ...................................................................................... 174
Bi 1: Cc bc ci t c bn phn mm ISA server 2000. .................................... 174
Bi 2: Cu hnh ISA Server 2000 cho php mt mng ni b c th truy cp, s dng
cc dch v c bn trn Internet qua 01 modem kt ni qua mng PSTN................. 176
Bi 3: Thit t cc chnh sch cho cc yu cu truy cp v s dng cc dch v trn
mng internet. ............................................................................................................ 178
CH NG 6: BO MT H THNG V FIREWALL......................................... 185
1. BO MT H THNG........................................................................................ 182
1.1. Cc vn chung v bo mt h thng v mng................................................ 182
1.1.1. Mt s khi nim v lch s bo mt h thng ................................................ 182
1.1.2. Cc l hng v phng thc tn cng mng ch yu...................................... 184
1.1.3. Mt s im yu ca h thng......................................................................... 194
1.1.4. Cc mc bo v an ton mng ......................................................................... 195
1.2. Cc bin php bo v mng my tnh................................................................. 196
1.2.1. Kim sot h thng qua logfile ........................................................................ 196
1.2.2. Thit lp chnh sch bo mt h thng............................................................. 204
2. TNG QUAN V H THNG FIREWALL ..211
2.1. Gii thiu v Firewall ......................................................................................... 208
2.1.1. Khi nim Firewall .......................................................................................... 208
2.1.2. Cc chc nng c bn ca Firewall ................................................................. 208
2.1.3. M hnh mng s dng Firewall ...................................................................... 208
2.1.4. Phn loi Firewall ............................................................................................ 210
2.2. Mt s phn mm Firewall thng dng.............................................................. 214
2.2.1. Packet filtering................................................................................................. 214
2.2.2. Application-proxy firewall............................................................................... 215
2.3. Thc hnh ci t v cu hnh firewall Check Point v4.0 for Windows ............ 215
2.3.1. Yu cu phn cng: ......................................................................................... 215
2.3.2. Cc bc chun b trc khi ci t: ............................................................... 216
2.3.3. Tin hnh ci t .............................................................................................. 217
2.3.4. Thit lp cu hnh............................................................................................. 228
TI LIU THAM KHO ......................................................................................... 229

Mc lc
5
Li ni u

Gio trnh Qun tr mng v cc thit b mng c bin son vi mc tiu
cung cp cc kin thc l thuyt v thc hnh qun tr ch yu cho cc h
thng thit b quan trng nn tng ca mng my tnh hin i. Gio trnh
gm 2 phn :
Phn 1. Khi qut v mng my tnh : Bao gm nhng khi nim nh
ngha c bn nht v mng my tnh, phn loi mng my tnh, gii
thiu cc giao thc mng, c bit l giao thc TCP/IP. Cc c s l
thuyt a ra trong chng ny i hi hc vin phi nm vng c
th tip thu c cc ni dung trong phn 2. Tuy vy, nu hc vin
t trang b cc kin thc c bn trn hoc c o to theo gio
trnh Thit k v xy dng mng LAN v WAN ca n 112 c
th b qua ni dung ca phn mt v hc vo ni dung ca phn 2
gio trnh
Phn 2. Qun tr mng : y l phn ni dung chnh ca gio trnh
Qun tr mng v cc thit b mng bao gm 4 chng cung cp cc
kin thc l thuyt v k nng qun tr c bn vi cc thnh phn trng
yu ca mng bao gm b nh tuyn, b chuyn mch, h thng tn
min, h thng truy cp t xa, h thng proxy, h thng bc tng la
(firewall). Cc ni dung bin son v k nng thc hnh qun tr gip
hc vin c cc kin thc thc t c th bt tay vo cng tc qun
tr mng cho n v.
Do phm vi rng ca cng tc qun tr mng, gio trnh ny khng bao gm
ht c mi ni dung ca cng tc qun tr mng. Hc vin c nhu cu nn
tham kho thm cc gio trnh khc ca n 112 nh :
- Thit k v xy dng mng LAN v WAN
- Qun tr Windows 2000-NT
- Tng quan v Lotus Notes Domino
- Thit k v qun tr website, portal
- Thit lp v qun tr h thng th in t

Gio trnh c bin son ln u tin nn khng trnh khi c nhng thiu
st. Nhm bin son rt mong nhn c cc gp t pha cc hc vin, bn
c c th hon thin ni dung gio trnh tt hn.

Chng 1: Tng quan v cng ngh mng my tnh v mng cc b
6

PHN I: KHI QUT V CNG NGH MNG

Chng 1
Tng quan v cng ngh
mng my tnh v mng cc b

Mc 1: Mng my tnh
1. Gii thiu mng my tnh
1.1. nh ngha mng my tnh v mc ch ca vic kt ni mng
1.1.1. Nhu cu ca vic kt ni mng my tnh
Vic ni my tnh thnh mng t lu tr thnh mt nhu cu khch
quan v :
- C rt nhiu cng vic v bn cht l phn tn hoc v thng tin, hoc v x
l hoc c hai i hi c s kt hp truyn thng vi x l hoc s dng
phng tin t xa.
- Chia s cc ti nguyn trn mng cho nhiu ngi s dng ti mt thi im
( cng, my in, CD ROM . . .)
- Nhu cu lin lc, trao i thng tin nh phng tin my tnh.
- Cc ng dng phn mm i hi ti mt thi im cn c nhiu ngi s
dng, truy cp vo cng mt c s d liu.
1.1.2. nh ngha mng my tnh
Ni mt cch ngn gn th mng my tnh l tp hp cc my tnh c
lp c kt ni vi nhau thng qua cc ng truyn vt l v tun theo cc
quy c truyn thng no .
Khi nim my tnh c lp c hiu l cc my tnh khng c my no c
kh nng khi ng hoc nh ch mt my khc.
Cc ng truyn vt l c hiu l cc mi trng truyn tn hiu vt l (c
th l hu tuyn hoc v tuyn).
Cc quy c truyn thng chnh l c s cc my tnh c th "ni chuyn"
c vi nhau v l mt yu t quan trng hng u khi ni v cng ngh
mng my tnh.

7
1.2. c trng k thut ca mng my tnh
Mt mng my tnh c cc c trng k thut c bn nh sau:
1.2.1. ng truyn
L phng tin dng truyn cc tn hiu in t gia cc my tnh.
Cc tn hiu iu t chnh l cc thng tin, d liu c biu th di dng
cc xung nh phn (ON_OFF), mi tn hiu truyn gia cc my tnh vi nhau
u thuc sng in t, tu theo tn s m ta c th dng cc ng truyn vt
l khc nhau
c trng c bn ca ng truyn l gii thng n biu th kh nng
truyn ti tn hiu ca ng truyn.
Thng thung ngi ta hay phn loi ng truyn theo hai loi:
- ng truyn hu tuyn (cc my tnh c ni vi nhau bng cc dy dn
tn hiu).
- ng truyn v tuyn: cc my tnh truyn tn hiu vi nhau thng qua cc
sng v tuyn vi cc thit b iu ch/gii iu ch cc u mt.
1.2.2. K thut chuyn mch
L c trng k thut chuyn tn hiu gia cc nt trong mng, cc nt
mng c chc nng hng thng tin ti ch no trong mng, hin ti c cc
k thut chuyn mch nh sau:
- K thut chuyn mch knh: Khi c hai thc th cn truyn thng vi nhau
th gia chng s thit lp mt knh c nh v duy tr kt ni cho ti khi hai
bn ngt lin lc. Cc d liu ch truyn i theo con ng c nh .
- K thut chuyn mch thng bo: thng bo l mt n v d liu ca ngi
s dng c khun dng c quy nh trc. Mi thng bo c cha cc thng
tin iu khin trong ch r ch cn truyn ti ca thng bo. Cn c vo
thng tin iu khin ny m mi nt trung gian c th chuyn thng bo ti nt
k tip trn con ng dn ti ch ca thng bo
- K thut chuyn mch gi: y mi thng bo c chia ra thnh nhiu gi
nh hn c gi l cc gi tin (packet) c khun dng qui nh trc. Mi gi
tin cng cha cc thng tin iu khin, trong c a ch ngun (ngi gi)
v a ch ch (ngi nhn) ca gi tin. Cc gi tin ca cng mt thng bo c
th c gi i qua mng ti ch theo nhiu con ng khc nhau.
1.2.3. Kin trc mng
Kin trc mng my tnh (network architecture) th hin cch ni cc
my tnh vi nhau v tp hp cc quy tc, quy c m tt c cc thc th tham
gia truyn thng trn mng phi tun theo m bo cho mng hot ng tt.
Khi ni n kin trc ca mng ngi ta mun ni ti hai vn l hnh
trng mng (Network topology) v giao thc mng (Network protocol)
- Network Topology: Cch kt ni cc my tnh vi nhau v mt hnh hc m
ta gi l t p ca mng
Cc hnh trng mng c bn l: hnh sao, hnh bus, hnh vng
8
- Network Protocol: Tp hp cc quy c truyn thng gia cc thc th truyn
thng m ta gi l giao thc (hay nghi thc) ca mng
Cc giao thc thng gp nht l : TCP/IP, NETBIOS, IPX/SPX, . . .
1.2.4. H iu hnh mng
H iu hnh mng l mt phn mm h thng c cc chc nng sau:
- Qun l ti nguyn ca h thng, cc ti nguyn ny gm:
+ Ti nguyn thng tin (v phng din lu tr) hay ni mt cch n
gin l qun l tp. Cc cng vic v lu tr tp, tm kim, xo, copy, nhm,
t cc thuc tnh u thuc nhm cng vic ny
+ Ti nguyn thit b. iu phi vic s dng CPU, cc ngoi vi... ti
u ho vic s dng
- Qun l ngi dng v cc cng vic trn h thng.
H iu hnh m bo giao tip gia ngi s dng, chng trnh ng dng
vi thit b ca h thng.
- Cung cp cc tin ch cho vic khai thc h thng thun li (v d FORMAT
a, sao chp tp v th mc, in n chung ...)
Cc h iu hnh mng thng dng nht hin nay l: WindowsNT,
Windows9X, Windows 2000, Unix, Novell.

1.3. Phn loi mng my tnh
C nhiu cch phn loi mng khc nhau tu thuc vo yu t chnh
c chn dng lm ch tiu phn loi, thng thng ngi ta phn loi
mng theo cc tiu ch nh sau
- Khong cch a l ca mng
- K thut chuyn mch m mng p dng
- Kin trc mng
- H iu hnh mng s dng ...
Tuy nhin trong thc t ngui ta thng ch phn loi theo hai tiu ch
u tin
1.3.1. Phn loi mng theo khong cch a l
Nu ly khong cch a l lm yu t phn loi mng th ta c mng
cc b (LAN), mng th (MAN), mng din rng (WAN), mng ton cu.
1.3.2. Phn loi theo k thut chuyn mch
Nu ly k thut chuyn mch lm yu t chnh phn loi s c:
mng chuyn mch knh, mng chuyn mch thng bo v mng chuyn mch
gi.
Mch chuyn mch knh (circuit switched network) : hai thc th thit
lp mt knh c nh v duy tr kt ni cho ti khi hai bn ngt lin lc.
9
Mng chuyn mch thng bo (message switched network) : Thng bo
l mt n v d liu qui c c gi qua mng n im ch m khng thit
lp knh truyn c nh. Cn c vo thng tin tiu m cc nt mng c th
x l c vic gi thng bo n ch
Mng chuyn mch gi (packet switched network) : y mi thng
bo c chia ra thnh nhiu gi nh hn c gi l cc gi tin (packet) c
khun dng qui nh trc. Mi gi tin cng cha cc thng tin iu khin,
trong c a ch ngun (ngi gi) v a ch ch (ngi nhn) ca gi tin.
Cc gi tin ca cng mt thng bo c th c gi i qua mng ti ch theo
nhiu con ng khc nhau.
1.3.3. Phn loi theo kin trc mng s dng
Kin trc ca mng bao gm hai vn : hnh trng mng (Network
topology) v giao thc mng (Network protocol)
Hnh trng mng: Cch kt ni cc my tnh vi nhau v mt hnh hc
m ta gi l t p ca mng
Giao thc mng: Tp hp cc quy c truyn thng gia cc thc th
truyn thng m ta gi l giao thc (hay nghi thc) ca mng
Khi phn loi theo topo mng ngi ta thng c phn loi thnh: mng
hnh sao, trn, tuyn tnh
Phn loi theo giao thc m mng s dng ngi ta phn loi thnh
mng : TCP/IP, mng NETBIOS . ..
Tuy nhin cc cch phn loi trn khng ph bin v ch p dng cho
cc mng cc b.
1.3.4. Phn loi theo h iu hng mng
Nu phn loi theo h iu hnh mng ngi ta chia ra theo m hnh
mng ngang hng, mng khch/ch hoc phn loi theo tn h iu hnh m
mng s dng: Windows NT, Unix, Novell . . .

1.4. Cc mng my tnh thng dng nht
1.4.1. Mng cc b
Mt mng cc b l s kt ni mt nhm my tnh v cc thit b kt ni
mng c lp t trn mt phm v a l gii hn, thng trong mt to nh
hoc mt khu cng s no . Mng c tc cao
1.4.2. Mng din rng vi kt ni LAN to LAN
Mng din rng bao gi cng l s kt ni ca cc mng LAN, mng
din rng c th tri trn phm vi mt vng, quc gia hoc c mt lc a thm
ch trn phm vi ton cu. Mng c tc truyn d liu khng cao, phm vi
a l khng gii hn
10
1.4.3. Lin mng INTERNET
Vi s pht trin nhanh chng ca cng ngh l s ra i ca lin mng
INTERNET. Mng Internet l s hu ca nhn loi, l s kt hp ca rt nhiu
mng d liu khc chy trn nn tng giao thc TCP/IP
1.4.4. Mng INTRANET
Thc s l mt mng INTERNET thu nh vo trong mt c quan/cng
ty/t chc hay mt b/nghnh . . ., gii hn phm vi ngi s dng, c s dng
cc cng ngh kim sot truy cp v bo mt thng tin .
c pht trin t cc mng LAN, WAN dng cng ngh INTERNET

2. Mng cc b, kin trc mng cc b
2.1. Mng cc b
Tn gi mng cc b c xem xt t quy m ca mng. Tuy nhin,
khng phi l c tnh duy nht ca mng cc b nhng trn thc t, quy
m ca mng quyt nh nhiu c tnh v cng ngh ca mng. Sau y l
mt s c im ca mng cc b:
c im ca mng cc b
- Mng cc b c quy m nh, thng l bn knh di vi km.
- Mng cc b thng l s hu ca mt t chc. Thc t l iu kh quan
trng vic qun l mng c hiu qu.
- Mng cc b c tc cao v t li. Trn mng rng tc ni chung ch t
vi trm Kbit/s n Mb/s. Cn tc thng thng trn mng cc b l 10, 100
Mbit/s v ti nay vi Gigabit Ethernet.

2.2. Kin trc mng cc b
2.2.1. hnh mng (Network Topology)
* nh ngha Topo mng:
Cch kt ni cc my tnh vi nhau v mt hnh hc m ta gi l t p
ca mng. C hai kiu ni mng ch yu l :
- Ni kiu im - im (point - to - point): cc ng truyn ni tng
cp nt vi nhau, mi nt lu v chuyn tip d liu
- Ni kiu im - nhiu im (point - to - multipoint hay broadcast) : tt
c cc nt phn chia nhau mt ng truyn vt l, gi d liu n nhiu nt
mt lc v kim tra gi tin theo a ch
* Phn bit kiu t p ca mng cc b v kiu t p ca mng rng.
T p ca mng din rng thng thng l ni n s lin kt gia cc
mng cc b thng qua cc b dn ng (router) v knh vin thng. Khi ni
ti t p ca mng cc b ngi ta ni n s lin kt ca chnh cc my tnh.
11
- Mng hnh sao: Mng hnh sao c tt c cc trm c kt ni vi mt thit
b trung tm c nhim v nhn tn hiu t cc trm v chuyn n trm ch
di ng truyn ni mt trm vi thit b trung tm b hn ch
(trong vng 100m, vi cng ngh hin nay).

- Mng trc tuyn tnh (Bus):
Trong mng trc tt c cc trm phn chia mt ng truyn chung
(bus). ng truyn chnh c gii hn hai u bng hai u ni c bit gi
l terminator. Mi trm c ni vi trc chnh qua mt u ni ch T (T-
connector) hoc mt thit b thu pht (transceiver).

- Mng hnh vng
Trn mng hnh vng tn hiu c truyn i trn vng theo mt chiu
duy nht. Mi trm ca mng c ni vi vng qua mt b chuyn tip
(repeater) do cn c giao thc iu khin vic cp pht quyn c truyn
d liu trn vng mng cho trm c nhu cu.
Mng hnh vng c u nhc im tng t mng hnh sao, tuy nhin
mng hnh vng i hi giao thc truy nhp mng phc tp hn mng hnh
sao.

Hub
Hnh 1.1: Kt ni hnh sao
Hnh 1.2. Kt ni kiu bus
12

d) Kt ni hn hp
L s phi hp cc kiu kt ni khc nhau,

2.3. Cc phng php truy cp ng truyn vt l
Trong mng cc b, tt c cc trm kt ni trc tip vo ng truyn
chung. Nu nhiu trm cng gi tn hiu ln ng truyn ng thi th tn
hiu s chng ln nhau v b hng. V vy cn phi c mt phng php t
chc chia s ng truyn vic truyn thng c ng n.
C hai phng php chia s ng truyn chung thng c dng
trong cc mng cc b:
- Truy nhp ng truyn mt cch ngu nhin, theo yu cu. ng nhin
phi c tnh n vic s dng lun phin v nu trong trng hp do c nhiu
trm cng truyn tin dn n tn hiu b trm ln nhau th phi truyn li. in
hnh ca phng php ny l giao thc truy cp CSMA/CD
Hnh 1.3. Kt ni kiu vng
Hnh 1.4. Mt kt ni hn hp
Hub
Hub
HUB
B chuyn
i cp
13

- C c ch trng ti cp quyn truy nhp ng truyn sao cho khng xy
ra xung t. in hnh phng php ny l giao thc truy cp Tokenring

3. Chun ho mng my tnh
3.1. Vn chun ho mng v cc t chc chun ho mng
Khi thit k cc giao thc mng, cc nh thit k t do la chn kin
trc cho ring mnh. T dn ti tnh trng khng tng thch gia cc mng
my tnh vi nhau. Vn khng tng thch lm tr ngi cho s tng tc
gia nhng giao thc mng khc nhau. Nhu cu trao i thng tin cng ln
thc y vic xy dng khung chun v kin trc mng lm cn c cho cc
nh thit k v ch to thit b mng .
Chnh v l do , t chc tiu chun ho quc t ISO (Internatinal
Organnization for Standarzation) xy dng m hnh tham chiu cho vic kt
ni cc h thng m OSI (reference model for Open Systems Interconnection).
M hnh ny l c s cho vic kt ni cc h thng m phc v cho cc ng
dng phn tn.

3.2. M hnh tham chiu OSI 7 lp
M hnh OSI c biu din theo hnh di y:
M hnh OSI phn chia thnh 7 lp bao gm cc lp ng dng, lp th hin,
lp phin, lp vn chuyn, lp mng, lp lin kt v lp vt l. M hnh OSI
cng nh ngha phn tiu (header) ca n v d liu v mi lin kt gia
cc lp, vic gn thm phn mo u (header) chuyn d liu t cc lp trn
xung lp di v m gi l chc nng g b phn mo u chuyn d liu
ln lp trn.
Lp ng dng
(application)
Lp th hin
(presentation)
Lp phin
(session)
Lp chuyn vn
(transport)
Lp mng
(network)
Lp lin kt d liu
(data link)
Lp vt l
Hnh 1.5. M hnh OSI 7 lp
14
(physical link)
Chc nng c th ca tng lp theo m hnh OSI c th tham kho chi tit
thm trong gio trnh Thit k v xy dng mng LAN v WAN

3.3. Cc chun kt ni thng dng nht IEEE 802.X v ISO 8802.X
Bn cnh vic chun ho cho mng ni chung dn n kt qu c bn
nht l m hnh tham chiu OSI nh gii thiu, ngi ta cng chun ha cc
giao thc mng cc b LAN.
- Cc chun IEEE 802.x v ISO 8802.x
IEEE l t chc i tin phong trong lnh vc chun ho mng cc b vi
n IEEE 802 vi kt qu l mt lot cc chun thuc h IEEE 802.x ra i .
Cui nhng nm 80, t chc ISO tip nhn h chun ny v ban hnh thnh
chun quc t di m hiu tng ng l ISO 8802.x.
IEEE 802.: l chun c t kin trc mng, kt ni gia cc mng v vic qun
tr mng i vi mng cc b.
IEEE 802.2: l chun c t tng dch v giao thc ca mng cc b.
IEEE 802.3: l chun c t mt mng cc b da trn mng Ethernet ni
ting ca Digital, Intel v Xerox hp tc xy dng t nm 1980. Cc chun qui
nh vt l nh 10BASE5, 10BASE2, 10BASE-F,
IEEE 802.5: l chun c t mng cc b vi topo mng dng vng (ring)
dng th bi iu vic truy nhp ng truyn.
IEEE 802.11: l chun c t mng cc b khng dy (Wireless LAN) hin
ang c tip tc pht trin.
Ngoi ra trong h chun 802.x cn c cc chun IEEE 802.4, 802.6, 802.9,
802.10 v 802.12

15
Mc 2: Cc thit b mng thng dng v
cc chun kt ni vt l

1. Cc thit b mng thng dng
1.1. Cc loi cp truyn
1.1.1. Cp i dy xon (Twisted pair cable)
Cp i dy xon l cp gm hai dy ng xon trnh gy nhiu cho
cc i dy khc, c th ko di ti vi km m khng cn khuych i. Gii tn
trn cp dy xon t khong 3004000Hz, tc truyn t vi kbps n vi
Mbps. Cp xon c hai loi:
- Loi c bc kim loi tng cng chng nhiu gi l STP ( Shield
Twisted Pair). Loi ny trong v bc kim c th c nhiu i dy. V l thuyt
th tc truyn c th t 500 Mb/s nhng thc t thp hn rt nhiu (ch t
155 Mbps vi cp di 100 m)
- Loi khng bc kim gi l UTP (UnShield Twisted Pair), cht lng
km hn STP nhng rt r. Cap UTP c chia lm 5 hng tu theo tc
truyn. Cp loi 3 dng cho in thoi. Cp loi 5 c th truyn vi tc
100Mb/s rt hay dng trong cc mng cc b v va r va tin s dng. Cp
ny c 4 i dy xon nm trong cng mt v bc

1.1.2. Cp ng trc (Coaxial cable) bng tn c s
L cp m hai dy ca n c li lng nhau, li ngoi l li kim loi. ,
Kh nng chng nhiu rt tt nn c th s dng vi chiu di t vi trm met
n vi km. C hai loi c dng nhiu l loi c tr khng 50 ohm v loi c
tr khng 75 ohm.

Hnh 1.6. Cp UTP Cat. 5
Hnh 1.7. Cp ng trc
16
Di thng ca cp ny cn ph thuc vo chiu di ca cp. Vi khong cch1
km c th t tc truyn t 1 2 Gbps. Cp ng trc bng tn c s thng
dng cho cc mng cc b. C th ni cp bng cc u ni theo chun BNC
c hnh ch T. VN ngi ta hay gi cp ny l cp gy do dch t tn trong
ting Anh l Thin Ethernet.
Mt loi cp khc c tn l Thick Ethernet m ta gi l cp bo. Loi
ny thng c mu vng. Ngi ta khng ni cp bng cc u ni ch T nh
cp gy m ni qua cc kp bm vo dy. C 2m5 li c nh du ni dy
(nu cn). T kp ngi ta gn cc tranceiver ri ni vo my tnh.
1.1.3. Cp ng trc bng rng (Broadband Coaxial Cable)
y l loi cp theo tiu chun truyn hnh (thng dng trong truyn
hnh cp) c di thng t 4 300 Khz trn chiu di 100 km. Thut ng bng
rng vn l thut ng ca ngnh truyn hnh cn trong ngnh truyn s liu
iu ny ch c ngha l cp loi ny cho php truyn thng tin tung t
(analog) m thi. Cc h thng da trn cp ng trc bng rng c th truyn
song song nhiu knh. Vic khuych i tn hiu chng suy hao c th lm theo
kiu khuych i tn hiu tng t (analog). truyn thng cho my tnh cn
chuyn tn hiu s thnh tn hiu tng t.
1.1.4. Cp quang
Dng truyn cc xung nh sng trong lng mt si thu tinh phn x
ton phn. Mi trng cp quang rt l tng v
- Xung nh sng c th i hng trm km m khng gim cung sng.
- Di thng rt cao v tn s nh sng dng i vi cp quang c khong
1014 1016
- An ton v b mt, khng b nhiu in t
Ch c hai nhc im l kh ni dy v gi thnh cao.

Cp quang cng c hai loi
- Loi a mode (multimode fiber): khi gc ti thnh dy dn ln n
mt mc no th c hin tng phn x ton phn. Cc cp a mode c
ng knh khong 50
- Loi n mode (singlemode fiber): khi ng knh dy dn bng bc
sng th cp quang ging nh mt ng dn sng, khng c hin tng phn x
nhng ch cho mt tia i. Loi ny c ng knh khon 8m v phi dng

Hnh 1.8. Truyn tn hiu bng cp quang
17
diode laser. Cp quang a mode c th cho php truyn xa ti hng trm km
m khng cn phi khuych i.

1.2. Cc thit b ghp ni
1.2.1. Card giao tip mng (Network Interface Card - NIC)
l mt card c cm trc tip vo my tnh trn khe cm m rng
ISA hoc PCI hoc tch hp vo bo mch ch PC. Trn c cc mch in
gip cho vic tip nhn (receiver) hoc/v pht (transmitter) tn hiu ln mng.
Ngi ta thng dng t tranceiver ch thit b (mch) c c hai chc nng
thu v pht.
1.2.2. B chuyn tip (REPEATER )
Nhim v ca cc repeater l hi phc tn hiu c th truyn tip cho
cc trm khc bao gm c cng tc khuych i tn hiu, iu chnh tn hiu.
1.2.3. Cc b tp trung (Concentrator hay HUB)
HUB l mt loi thit b c nhiu u cm cc u cp mng. Ngi ta
s dng HUB ni mng theo kiu hnh sao. u im ca kiu ni ny l
tng c lp ca cc my khi mt my b s c dy dn.
C loi HUB th ng (passive HUB) l HUB ch m bo chc nng
kt ni hon ton khng x l li tn hiu. HUB ch ng (active HUB) l
HUB c chc nng khuych i tn hiu chng suy hao.
HUB thng minh (intelligent HUB) l HUB ch ng nhng c kh
nng to ra cc gi tin mang tin tc v hot ng ca mnh v gi ln mng
ngi qun tr mng c th thc hin qun tr t ng
1.2.4. Switching Hub (hay cn gi tt l switch)
L cc b chuyn mch thc s. Khc vi HUB thng thng, thay v
chuyn mt tn hiu n t mt cng cho tt c cc cng, n ch chuyn tn
hiu n cng c trm ch. Do vy Switch l mt thit b quan trng trong cc
mng cc b ln dng phn on mng. Nh c switch m ng trn
mng gim hn. Ngy nay switch l cc thit b mng quan trng cho php tu
bin trn mng chng hn lp mng o VLAN.

Hnh 1.9. LAN Switch ni hai Segment mng
18
1.2.5. Modem
L tn vit tt t hai t iu ch (MOdulation) v gii iu ch
(DEModulation) l thit b cho php iu ch bin i tn hiu s sang tn
hiu tng t c th gi theo ng thoi v khi nhn tn hiu t ng
thoi c th bin i ngc li thnh tn hiu s.
1.2.6. Multiplexor - Demultiplexor
B dn knh c chc nng t hp nhiu tn hiu cng gi trn mt
ng truyn. B tch knh c chc nng ngc li ni nhn tn hiu
1.2.7. Router
Router l mt thit b dng ghp ni cc mng cc b vi nhau thnh
mng rng. Router thc s l mt my tnh lm nhim v chn ng cho cc
gi tin hng ra ngoi. Router c lp v phn cng v c th dng trn cc
mng chy giao thc khc nhau

2. Mt s kiu ni mng thng dng v cc chun
2.1.Cc thnh phn thng thng trn mt mng cc b
- Cc my ch cung cp dch v (server)
- Cc my trm cho ngi lm vic (workstation)
- ng truyn (cp ni)
- Card giao tip gia my tnh v ng truyn (network interface card)
- Cc thit b ni (connection device)
Hai yu t c quan tm hng u khi kt ni mng cc b l tc
trong mng v bn knh mng. Tn cc kiu mng dng theo giao thc
CSMA/CD cng th hin iu ny. Sau y l mt s kiu kt ni vi tc
10 Mb/s kh thng dng trong thi gian qua v mt s thng s k thut:

Chun IEEE 802.3
Kiu 10BASE5 10BASE2 10BASE-T
Kiu cp Cp ng trc Cp ng trc Cp UTP
Tc 10 Mb/s
di cp ti a 500 m/segment 185 m/segment 100 m k
t HUB
S cc thc th
truyn thng
100 host /segment 30 host / segment S cng
ca HUB

19
2.2. Kiu 10BASE5
L chun CSMA/CD c tc 10Mb v bn knh 500 m. Kiu ny dng
cp ng trc loi thick ethernet (cp ng trc bo) vi tranceiver. C th kt
ni vo mng khong 100 my

Tranceiver: Thit b ni gia card mng v ng truyn, ng vai tr l
b thu-pht.
2.3. Kiu 10BASE2
L chun CSMA/CD c tc 10Mb v bn knh 200 m. Kiu ny dng
cp ng trc loi thin ethernet vi u ni BNC. C th kt ni vo mng
khong 30 my

Hnh1.11: Ni theo chun 10BASE2 vi cp ng trc v u ni BNC
Hnh 1.10. Kt ni theo chun 10BASE5
20
2.4. Kiu 10BASE-T
L kiu ni dng HUB c cc ni kiu RJ45 cho cc cp UTP. Ta c
th m rng mng bng cch tng s HUB, nhng cng khng c tng qu
nhiu tng v hot ng ca mng s km hiu qu nu tr qu ln .
Hin nay m hnh phin bn 100BASE-T, 1000BASE-T bt u c
s dng nhiu, tc t ti 100 Mbps, 1000Mbps

2.5. Kiu 10BASE-F
Dng cab quang (Fiber cab), ch yu dng ni cc thit b xa nhau, to
dng ng trc xng sng (backborn) ni cc mng LAN xa nhau (2-10
km). Hin nay cng c cc phin bn 100BASE-F v 1000BASE-F vi tc
truyn d liu cao hn 10 v 100 ln
Hnh 1.12: Ni mng theo kiu 10BASE-T vi cp UTP v HUB

Chng 2- Gii thiu giao thc TCP/IP
21

Chng 2
Gii thiu giao thc TCP/IP

1. Giao thc IP
1.1. H giao thc TCP/IP
S ra i ca h giao thc TCP/IP gn lin vi s ra i ca Internet m
tin thn l mng ARPAnet (Advanced Research Projects Agency) do B
Quc phng M to ra. y l b giao thc c dng rng ri nht v tnh m
ca n. Hai giao thc c dng ch yu y l TCP (Transmission Control
Protocol) v IP (Internet Protocol). Chng nhanh chng c n nhn v
pht trin bi nhiu nh nghin cu v cc hng cng nghip my tnh vi mc
ch xy dng v pht trin mt mng truyn thng m rng khp th gii m
ngy nay chng ta gi l Internet.
n nm 1981, TCP/IP phin bn 4 mi hon tt v c ph bin rng
ri cho ton b nhng my tnh s dng h iu hnh UNIX. Sau ny
Microsoft cng a TCP/IP tr thnh mt trong nhng giao thc cn bn
ca h iu hnh Windows 9x m hin nay ang s dng.
n nm 1994, mt bn tho ca phin bn IPv6 c hnh thnh vi s
cng tc ca nhiu nh khoa hc thuc cc t chc Internet trn th gii ci
tin nhng hn ch ca IPv4.
Khc vi m hnh ISO/OSI tng lin mng s dng giao thc kt ni
mng "khng lin kt" (connectionless) IP, to thnh ht nhn hot ng ca
Internet. Cng vi cc thut ton nh tuyn RIP, OSPF, BGP, tng lin mng
IP cho php kt ni mt cch mm do v linh hot cc loi mng "vt l" khc
nhau nh: Ethernet, Token Ring , X.25...
Giao thc trao i d liu "c lin kt" (connection - oriented) TCP
c s dng tng vn chuyn m bo tnh chnh xc v tin cy vic trao
i d liu da trn kin trc kt ni "khng lin kt" tng lin mng IP.
Cc giao thc h tr ng dng ph bin nh truy nhp t xa (telnet),
chuyn tp (FTP), dch v World Wide Web (HTTP), th in t (SMTP), dch
v tn min (DNS) ngy cng c ci t ph bin nh nhng b phn cu
thnh ca cc h iu hnh thng dng nh UNIX (v cc h iu hnh chuyn
dng cng h ca cc nh cung cp thit b tnh ton nh AIX ca IBM, SINIX
ca Siemens, Digital UNIX ca DEC), Windows9x/NT, Novell Netware,...

1.2. Chc nng chnh ca giao thc lin mng IP (v4)

22

Hnh 2.1 M hnh OSI v m hnh kin trc ca TCP/IP

Trong cu trc bn lp ca TCP/IP, khi d liu truyn t lp ng dng
cho n lp vt l, mi lp u cng thm vo phn iu khin ca mnh
m bo cho vic truyn d liu c chnh xc. Mi thng tin iu khin ny
c gi l mt header v c t trc phn d liu c truyn. Mi lp
xem tt c cc thng tin m n nhn c t lp trn l d liu, v t phn
thng tin iu khin header ca n vo trc phn thng tin ny. Vic cng
thm vo cc header mi lp trong qu trnh truyn tin c gi l
encapsulation. Qu trnh nhn d liu din ra theo chiu ngc li: mi lp s
tch ra phn header trc khi truyn d liu ln lp trn.
Mi lp c mt cu trc d liu ring, c lp vi cu trc d liu c
dng lp trn hay lp di ca n. Sau y l gii thch mt s khi nim
thng gp.
Stream l dng s liu c truyn trn c s n v s liu l Byte.
S liu c trao i gia cc ng dng dng TCP c gi l stream,
trong khi dng UDP, chng c gi l message.
Mi gi s liu TCP c gi l segment cn UDP nh ngha cu trc
d liu ca n l packet.
OSI
Application
Presentation
Session
Transprort
Network
Data link
Physical
Application

SMTP FTP TELNET DNS
TCP UDP

IP
ICMP
ARP
IGMP
RARP
Protocols defined by the underlying networks
TCP/IP
23

Lp Internet xem tt c cc d liu nh l cc khi v gi l datagram.
B giao thc TCP/IP c th dng nhiu kiu khc nhau ca lp mng di
cng, mi loi c th c mt thut ng khc nhau truyn d liu.
Phn ln cc mng kt cu phn d liu truyn i di dng cc packets hay l
cc frames.
Application Stream
Transport Segment/datagram
Internet Datagram
Network Access Frame

Hnh 2.2: Cu trc d liu ti cc lp ca TCP/IP

1.2. Chc nng chnh ca - Giao thc lin mng IP(v4)
Trong phn ny trnh by v giao thc IPv4 ( cho thun tin ta vit IP
c ngha l cp n IPv4).
Mc ch chnh ca IP l cung cp kh nng kt ni cc mng con thnh
lin mng truyn d liu. IP cung cp cc chc nng chnh sau:
- nh ngha cu trc cc gi d liu l n v c s cho vic truyn d liu
trn Internet.
- nh ngha phng thc nh a ch IP.
- Truyn d liu gia tng vn chuyn v tng mng .
- nh tuyn chuyn cc gi d liu trong mng.
- Thc hin vic phn mnh v hp nht (fragmentation -reassembly) cc gi
d liu v nhng / tch chng trong cc gi d liu tng lin kt.
1.3. a ch IP
Mi a ch IP c di 32 bits (i vi IP4) c tch thnh 4 vng
(mi vng 1 byte), c th c biu th di dng thp phn, bt phn, thp lc
phn hoc nh phn. Cch vit ph bin nht l dng k php thp phn c du
chm tch gia cc vng. a ch IP l nh danh duy nht cho mt host
bt k trn lin mng.
Khun dng a ch IP: mi host trn mng TCP/IP c nh danh duy
nht bi mt a ch c khun dng
<Network Number, Host number>
Do t chc v ln ca cc mng con ca lin mng c th khc nhau,
ngi ta chia cc a ch IP thnh 5 lp k hiu A,B,C, D, E. Cc bit u tin
ca byte u tin c dng nh danh lp a ch (0-lp A; 10 lp B; 110
lp C; 1110 lp D; 11110 lp E).
Hnh 2.3: Cch nh a ch TCP/IP

24
Hnh 2.5: Cu trc gi d liu TCPIP

Subneting
Trong nhiu trng hp, mt mng c th c chia thnh nhiu mng
con (subnet), lc c th a thm cc vng subnetid nh danh cc mng
con. Vng subnetid c ly t vng hostid, c th i vi 3 lp A, B, C nh
sau:

Hnh 2.4: B sung vng subnetid
Tham kho chi tit thm trong gio trnh Thit k v xy dng mng LAN
v WAN
1.4. Cu trc gi d liu IP
IP l giao thc cung cp dch v truyn thng theo kiu khng lin kt
(connectionless). Cc gi d liu IP c nh ngha l cc datagram. Mi
datagram c phn tiu (header) cha cc thng tin cn thit chuyn d
liu (v d a ch IP ca trm ch). Nu a ch IP ch l a ch ca mt trm
nm trn cng mt mng IP vi trm ngun th cc gi d liu s c chuyn
thng ti ch; nu a ch IP ch khng nm trn cng mt mng IP vi my
ngun th cc gi d liu s c gi n mt my trung chuyn, IP gateway
chuyn tip. IP gateway l mt thit b mng IP m nhn vic lu chuyn
cc gi d liu IP gia hai mng IP khc nhau.

Netid Subnetid hostid Lp A
Netid Subnetid hostid Lp B
Netid Subnetid hostid Lp C
0 7 8 15 16 23 24 31
0 7 8 15 16 23 24 26 27 31
VERS HLEN Service type Toltal length

Identification Flags Fragment offset

Time to live Protocol Header checksum
Source IP address
Destination IP address
IP options (maybe none) Padding

IP datagram data (up to 65535 bytes)
Bit 0 Bit 31
Header
25
1.5. Phn mnh v hp nht cc gi IP
Mt gi d liu IP c di ti a 65536 byte, trong khi hu ht cc
tng lin kt d liu ch h tr cc khung d liu nh hn ln ti a ca gi
d liu IP nhiu ln (v d di ln nht MTU ca mt khung d liu
Ethernet l 1500 byte). V vy cn thit phi c c ch phn mnh khi pht v
hp nht khi thu i vi cc gi d liu IP.
Original IP packet 1. fragment 2.fragment

P dng c MF (3 bit thp ca trng Flags trong phn u ca gi IP) v
trng Flagment offset ca gi IP ( b phn on) nh danh gi IP l
mt phn on v v tr ca phn on ny trong gi IP gc. Cc gi cng trong
chui phn mnh u c trng ny ging nhau. C MF bng 1 nu l gi u
ca chui phn mnh v 0 nu l gi cui ca gi c phn mnh.

1.6. nh tuyn IP
C hai loi nh tuyn:
- nh tuyn trc tip: nh tuyn trc tip l vic xc nh ng ni gia hai
trm lm vic trong cng mt mng vt l.
- nh tuyn khng trc tip. nh tuyn khng trc tip l vic xc nh
ng ni gia hai trm lm vic khng nm trong cng mt mng vt l v v
vy, vic truyn tin gia chng phi c thc hin thng qua cc trm trung
gian l cc gateway.
kim tra xem trm ch c nm trn cng mng vt l vi trm
ngun hay khng, ngi gi phi tch ly phn a ch mng trong phn a ch
IP. Nu hai a ch ny c a ch mng ging nhau th datagram s c truyn
i trc tip; ngc li phi xc nh mt gateway, thng qua gateway ny
chuyn tip cc datagram.
04 05 00 2000

1 1 1 1 0 0 0 0

05 06 checksum
128.82.24.12

192.12.2.5

Data
1980 byte

04 05 00 1500

1 1 1 1 1 0 0 0

05 06 checksum
128.82.24.12

192.12.2.5

Data
1480 byte
04 05 00 520

1 1 1 1 0 0 0 0

05 06 checksum
128.82.24.12

192.12.2.5

Data
500 byte
Hnh 2.6: Nguyn tc phn mnh gi d liu
26

2. Mt s giao thc iu khin
2.1. Giao thc ICMP
ICMP ((Internet Control Message Protocol) l mt giao thc iu khin
ca mc IP, c dng trao i cc thng tin iu khin dng s liu, thng
bo li v cc thng tin trng thi khc ca b giao thc TCP/IP. V d:
- iu khin lu lng d liu (Flow control).
- Thng bo li : v d "Destination Unreachable".
- nh hng li cc tuyn ng: gi tin redirect
- Kim tra cc trm xa: gi tin echo
V d khun dng ca thng ip ICMP redirect nh sau:

2.2. Giao thc ARP v giao thc RARP
Trn mt mng cc b hai trm ch c th lin lc vi nhau nu chng
bit a ch vt l ca nhau. Nh vy vn t ra l phi thc hin nh x gia
a ch IP (32 bits) v a ch vt l (48 bits) ca mt trm. Giao thc ARP
(Address Resolution Protocol) c xy dng chuyn i t a ch IP
sang a ch vt l khi cn thit. Ngc li, giao thc RARP (Reverse Address

Application
Transport
Internet
Network
Access
Internet
Network
Application
Transport
Internet
Network
Access
Internet
Network
Gateway Gateway
Network A Network B Network C

Host A1

Host C1
Hnh 2.7: nh tuyn gia hai h thng
0 7 8 15 16 31
type (5) Code(0-3) Checksum

a ch IP ca Router mc nh
IP header (gm option) v 8 bytes u ca gi d liu IP ngun
27
Resolution Protocol) c dng chuyn i a ch vt l sang a ch IP.
Cc giao thc ARP v RARP khng phi l b phn ca IP m IP s dng n
chng khi cn.

3. Giao thc lp chuyn ti (Transport Layer)
3.1. Giao thc TCP
TCP (Transmission Control Protocol) l mt giao thc c lin kt
(connection - oriented), ngha l cn thit lp lin kt (logic), gia mt cp thc
th TCP trc khi chng trao i d liu vi nhau.
TCP cung cp kh nng truyn d liu mt cch an ton gia cc my
trm trong h thng cc mng. N cung cp thm cc chc nng nhm kim tra
tnh chnh xc ca d liu khi n v bao gm c vic gi li d liu khi c li
xy ra. TCP cung cp cc chc nng chnh sau:
1. Thit lp, duy tr, kt thc lin kt gia hai qu trnh.
2. Phn pht gi tin mt cch tin cy.
3. nh s th t (sequencing) cc gi d liu nhm truyn d liu mt
cch tin cy.
4. Cho php iu khin li.
5. Cung cp kh nng a kt ni vi cc qu trnh khc nhau gia trm
ngun v trm ch nht nh thng qua vic s dng cc cng.
6. Truyn d liu s dng c ch song cng (full-duplex).
3.1.1 Cu trc gi d liu TCP
0 31

Source port Destination port
Sequence number
Acknowledgment number
Data Resersed U A P R S F
Offset R C S S Y I Window
G K H T N N
Checksum Urgent pointer
Options Padding
TCP data
28

C th tham kho ni dung chi tit cc trng trong gio trnh Thit k v
xy dng mng LAN v WAN
Mt tin trnh ng dng trong mt host truy nhp vo cc dch v ca
TCP cung cp thng qua mt cng (port) nh sau:
Mt cng kt hp vi mt a ch IP to thnh mt socket duy nht
trong lin mng. TCP c cung cp nh mt lin kt logic gia mt cp
socket. Mt socket c th tham gia nhiu lin kt vi cc socket xa khc
nhau. Trc khi truyn d liu gia hai trm cn phi thit lp mt lin kt
TCP gia chng v khi kt thc phin truyn d liu th lin kt s c gii
phng. Cng ging nh cc giao thc khc, cc thc th tng trn s dng
TCP thng qua cc hm dch v nguyn thu (service primitives), hay cn gi
l cc li gi hm (function call).

3.1.2 Thit lp v kt thc kt ni TCP
Thit lp kt ni
Thit lp kt ni TCP c thc hin trn c s phng thc bt tay ba
bc (Tree - way Handsake) hnh sau. Yu cu kt ni lun c tin trnh
trm khi to, bng cch gi mt gi TCP vi c SYN=1 v cha gi tr khi
to s tun t ISN ca client. Gi tr ISN ny l mt s 4 byte khng du v
c tng mi khi kt ni c yu cu (gi tr ny quay v 0 khi n ti gi tr
2
32
). Trong thng ip SYN ny cn cha s hiu cng TCP ca phn mm
dch v m tin trnh trm mun kt ni (bc 1).
Mi thc th kt ni TCP u c mt gi tr ISN mi s ny c tng
theo thi gian. V mt kt ni TCP c cng s hiu cng v cng a ch IP
c dng li nhiu ln, do vic thay i gi tr INS ngn khng cho cc kt
ni dng li cc d liu c (stale) vn cn c truyn t mt kt ni c v
c cng mt a ch kt ni.
Khi thc th TCP ca phn mm dch v nhn c thng ip SYN, n
gi li gi SYN cng gi tr ISN ca n v t c ACK=1 trong trng hp sn
sng nhn kt ni. Thng ip ny cn cha gi tr ISN ca tin trnh trm
trong trng hp s tun t thu bo rng thc th dch v nhn c gi
tr ISN ca tin trnh trm (bc 2).
Tin trnh trm tr li li gi SYN ca thc th dch v bng mt thng
bo tr li ACK cui cng. Bng cch ny, cc thc th TCP trao i mt cch
tin cy cc gi tr ISN ca nhau v c th bt u trao i d liu. Khng c
thng ip no trong ba bc trn cha bt k d liu g; tt c thng tin trao
i u nm trong phn tiu ca thng ip TCP (bc 3).

29

Hnh 2.8: Qu trnh kt ni theo 3 bc

Kt thc kt ni
Khi c nhu cu kt thc kt ni, thc th TCP, v d c th A gi yu
cu kt thc kt ni vi FIN=1. V kt ni TCP l song cng (full-duplex) nn
mc d nhn c yu cu kt thc kt ni ca A (A thng bo ht s liu gi)
thc th B vn c th tip tc truyn s liu cho n khi B khng cn s liu
gi v thng bo cho A bng yu cu kt thc kt ni vi FIN=1 ca mnh. Khi
thc th TCP nhn c thng ip FIN v sau khi gi thng ip FIN
ca chnh mnh, kt ni TCP thc s kt thc.

TCP_A
TCP_B

Syn, Seq=x

Syn, Seq=y
Ack(x+1)

Ack(y+1)

a) thit lp kt ni
TCP_A
TCP_B

Fin, Seq=x

Ack(x+1)

Fin, Seq=y,

Ack(x+1)
Ack(y+1)
b) Kt thc kt ni
Chng 3- Tng quan v b nh tuyn
30

PHN II : QUN TR MNG

Qun tr mng li (network administration) c nh ngha l cc
cng vic qun l mng li bao gm cung cp cc dch v h tr, m bo
mng li hot ng hiu qu, m bo cht lng mng li cung cp ng
nh ch tiu nh ra.
Qun tr h thng (system administration) c nh ngha l cc cng
vic cung cp cc dch v h tr, m bo s tin cy, nng cao hiu qu hot
ng ca h thng, v m bo cht lng dch v cung cp trn h thng ng
nh ch tiu nh ra.
Mt nh ngha khi qut v cng tc qun tr mng l rt kh v tnh
bao hm rng ca n. Qun tr mng theo ngha mng my tnh c th c
hiu khi qut l tp bao gm ca cc cng tc qun tr mng li v qun tr
h thng.

C th khi qut cng tc qun tr mng bao gm cc cng vic sau:
Qun tr cu hnh, ti nguyn mng : Bao gm cc cng tc qun l
kim sot cu hnh, qun l cc ti nguyn cp pht cho cc i tng s dng
khc nhau. C th tham kho cc cng vic qun tr c th trong cc ti liu,
gio trnh v qun tr h thng windows, linux, novell netware ...
Qun tr ngi dng, dch v mng: Bao gm cc cng tc qun l
ngi s dng trn h thng, trn mng li v m bo dch v cung cp c
tin cy cao, cht lng m bo theo ng cc ch tiu ra. C th tham
kho cc ti liu, gio trnh qun tr h thng windows, novell netware, linux,
unix, qun tr dch v c bn th tn in t, DNS...
Qun tr hiu nng, hot ng mng : Bao gm cc cng tc qun l,
gim st hot ng mng li, m bo cc thit b, h thng, dch v trn
mng hot ng n nh, hiu qu. Cc cng tc qun l, gim st hot ng
ca mng li cho php ngi qun tr tng hp, d bo s pht trin mng
li, dch v, cc im yu, im mnh ca ton mng, cc h thng v dch v
ng thi gip khai thc ton b h thng mng vi hiu sut cao nht. C th
tham kho cc ti liu, gio trnh v cc h thng qun tr mng NMS, HP
Openview, Sunet Manager, hay cc gio trnh nng cao hiu nng hot ng
ca h thng (performance tuning).
Qun tr an ninh, an ton mng: Bao gm cc cng tc qun l, gim st
mng li, cc h thng m bo phng trnh cc truy nhp tri php, c
tnh ph hoi cc h thng, dch v, hoc mc tiu nh cp thng tin quan
trng ca cc t chc, cng ty hay thay i ni dung cung cp ln mng vi
dng xu. Vic phng chng, ngn chn s ly lan ca cc loi virus my
tnh, cc phng thc tn cng v d nh DoS lm t lit hot ng mng hay
31
dch v cng l mt phn cc k quan trng ca cng tc qun tr an ninh, an
ton mng. c bit, hin nay khi nhu cu kt ni ra mng Internet tr nn thit
yu th cc cng tc m bo an ninh, an ton c t ln hng u, c bit l
vi cc c quan cn bo mt ni dung thng tin cao (nh bng, cc c quan
lu tr, cc cc bo in t, tp on kinh t mi nhn...).
Trong phn 2 ca gio trnh ny s tp trung nghin cu su v mt s
kin thc, k nng c bn v thng dng nht v qun tr mng. Tuy nhin, cc
ni dung trnh by ti phn 2 s khng bao hm ht c cc ni dung khi
qut trn do s phc tp phong ph ca bn thn mi ni dung cng nh gii
hn v thi gian bin son. Vi mc tiu cung cp cc k nng ph bin nht
gip cho cc hc vin tip cn nhanh chng vo cng tc qun tr mng m
ng c nhim v c quan, cng ty giao cho. Phn 2 ca gio trnh s bao
gm :
- Tng quan v b nh tuyn trn mng
- H thng tn min DNS
- Dch v truy cp t xa v dch v proxy
- Firewall v bo mt h thng
Hc vin cng c th tham kho b sung thm kin thc v qun tr
mng vi cc gio trnh v mng cc b, gio trnh v th tn in t, gio trnh
v cc h iu hnh Windows, Linux, Unix l cc ni dung bin son trong b
cc gio trnh phc v o to cho n 112.

32

Chng 3
Tng quan v b nh tuyn

Chng ba cung cp cc kin thc c bn v b nh tuyn trn mng v
cc b chuyn mch lp 3. Cc thit b ny l mt phn thit yu ca mng
my tnh hin i v l cc thit b h tng ct li. Cc minh ha tng tn v
cu trc ca cc sn phm hng Cisco s gip hc vin nm vng cc l thuyt
h thng c bit l l thuyt nh tuyn. Phn ni dung cng b sung cc k
nng cu hnh hot ng ca thit b trn cc giao thc mng WAN khc nhau
nh Frame Relay, X.25...
Chng ba i hi cc hc vin cn c cc kin thc s khi v cc giao
thc trn mng din rng nh Frame Relay, X.25..., cc kin thc v a ch
lp 2, lp 3.

1. L thuyt v b nh tuyn
1.1. Tng quan v b nh tuyn
B nh tuyn l thit b c s dng trn mng thc thi cc hot
ng x l truyn ti thng tin trn mng. C th xem b nh tuyn l mt
thit b my tnh c thit k c bit m ng c vai tr x l truyn
ti thng tin trn mng ca n v do n cng bao gm cc CPU, tri tim ca
mi hot ng, b nh ROM, RAM, cc giao tip, cc bus d liu, h iu
hnh v.v...
Chc nng ca b nh tuyn l nh hng cho cc gi tin c truyn
ti qua b nh tuyn. Trn c s cc thut ton nh tuyn, thng tin cu hnh
v chuyn giao, cc b nh tuyn s quyt nh hng i tt nht cho cc gi
tin c truyn ti qua n. B nh tuyn cn c vai tr x l cc nhu cu
truyn ti v chuyn i giao thc khc.
Vai tr ca b nh tuyn trn mng l m bo cc kt ni lin thng
gia cc mng vi nhau, tnh ton v trao i cc thng tin lin mng lm cn
c cho cc b nh tuyn ra cc quyt nh truyn ti thng tin ph hp vi cu
hnh thc t ca mng. B nh tuyn lm vic vi nhiu cng ngh u ni
mng din rng khc nhau nh FRAME RELAY, X.25, ATM, SONET, ISDN,
xDSL... m bo cc nhu cu kt ni mng theo nhiu cc cng ngh v
chun mc khc nhau m nu thiu vai tr ca b nh tuyn th khng th thc
hin c.
1.2. Cc chc nng chnh ca b nh tuyn, tham chiu m hnh OSI
M hnh OSI c hc chng 1 gm 7 lp trong bao gm:
- 3 lp thuc v cc lp ng dng
o lp ng dng
33
o lp trnh by
o lp phin
- 4 lp thuc v cc lp truyn thng
o lp vn chuyn
o lp mng
o lp lin kt d liu
o lp vt l
i vi cc lp truyn thng:
- Lp vn chuyn: phn chia / ti thit d liu thnh cc dng chy d
liu. Cc chc nng chnh bao gm iu khin dng d liu, a truy nhp, qun
l cc mch o, pht hin v sa li. TCP, UDP l hai giao thc thuc h giao
thc Internet (TCP/IP) thuc v lp vn chuyn ny.
- Lp mng: cung cp hot ng nh tuyn v cc chc nng lin quan
khc cho php kt hp cc mi trng lin kt d liu khc nhau li vi nhau
cng to nn mng thng nht. Cc giao thc nh tuyn hot ng trong lp
mng ny.
- Lp lin kt d liu: cung cp kh nng truyn ti d liu t qua mi
trng truyn dn vt l. Mi c t khc nhau ca lp lin kt d liu s c
cc nh ngha khc nhau v giao thc v cc chun mc kt ni m bo
truyn ti d liu.
- Lp vt l: nh ngha cc thuc tnh in, cc chc nng, thng trnh
dng kt ni cc thit b mng mc vt l. Mt s cc thuc tnh c
nh ngha nh mc in p, ng b, tc truyn ti vt l, khong cch
truyn ti cho php...
Trong mi trng truyn thng, cc thit b truyn thng giao tip vi
nhau thng qua cc h giao thc truyn thng khc nhau c xy dng da
trn cc m hnh chun OSI nhm m bo tnh tng thch v m rng. Cc
giao thc truyn thng thng c chia vo mt trong bn nhm: cc giao
thc mng cc b, cc giao thc mng din rng, giao thc mng v cc giao
thc nh tuyn. Giao thc mng cc b hot ng trn lp vt l v lp lin
kt d liu. Giao thc mng din rng hot ng trn 3 lp di cng trong m
hnh OSI. Giao thc nh tuyn l giao thc lp mng v m bo cho cc hot
ng nh tuyn v truyn ti d liu. Giao thc mng l cc h cc giao thc
cho php giao tip vi lp ng dng.
Vai tr ca b nh tuyn trong mi trng truyn thng l m bo cho
cc kt ni gia cc mng khc nhau vi nhiu giao thc mng, s dng cc
cng ngh truyn dn khc nhau.
Chc nng chnh ca b nh tuyn l:
- nh tuyn (routing)
- Chuyn mch cc gi tin (packet switching)
34
nh tuyn l chc nng m bo gi tin c chuyn chnh xc ti a
ch cn n. Chuyn mch cc gi tin l chc nng chuyn mch s liu, truyn
ti cc gi tin theo hng nh trn c s cc nh tuyn c t ra. Nh
vy, trn mi b nh tuyn, ta phi xy dng mt bng nh tuyn, trn ch
r a ch cn n v ng i cho n. B nh tuyn da vo a ch ca gi
tin kt hp vi bng nh tuyn chuyn gi tin i ng n ch. Cc gi tin
khng c ng a ch ch trn bng nh tuyn s b hu.
Chc nng u tin ca b nh tuyn l chc nng nh tuyn nh tn
gi ca n cng l chc nng chnh ca b nh tuyn lm vic vi cc giao
thc nh tuyn. B nh tuyn c xp vo cc thit b mng lm vic lp
3, lp mng.
Bng 3-1:Tng ng chc nng thit b trong m hnh OSI
Lp 3 Lp mng

Lp 2 Lp lin kt d liu

Lp 1 Lp vt l

Chc nng khc ca b nh tuyn l cho php s dng cc phng thc
truyn thng khc nhau u ni din rng. Chc nng kt ni din rng
WAN ca b nh tuyn l khng th thiu m bo vai tr kt ni truyn
thng gia cc mng vi nhau. Chc nng kt ni mng cc b, bt k b nh
tuyn no cng cn c chc nng ny m bo kt ni n vng dch v ca
mng. B nh tuyn cn c cc chc nng m bo hot ng cho cc giao
thc mng m n qun l.
1.3. Cu hnh c bn v chc nng ca cc b phn ca b nh tuyn
Nh ni phn trc, b nh tuyn l mt thit b my tnh c
thit k c bit m ng c vai tr x l truyn ti thng tin trn
mng. N c thit k bao gm cc phn t khng th thiu nh CPU, b nh
ROM, RAM, cc bus d liu, h iu hnh. Cc phn t khc ty theo nhu cu
s dng c th c hoc khng bao gm cc giao tip, cc module v cc tnh
nng c bit ca h iu hnh.
CPU: iu khin mi hot ng ca b nh tuyn trn c s cc h
thng chng trnh thc thi ca h iu hnh.
ROM: cha cc chng trnh t ng kim tra v c th c thnh phn
c bn nht sao cho b nh tuyn c th thc thi c mt s hot ng ti
thiu ngay c khi khng c h iu hnh hay h iu hnh b hng.
RAM: gi cc bng nh tuyn, cc vng m, tp tin cu hnh khi chy,
cc thng s m bo hot ng ca b nh tuyn khc.
Flash: l thit b nh / lu tr c kh nng xo v ghi c, khng mt
d liu khi ct ngun. H iu hnh ca b nh tuyn c cha y. Ty
thuc cc b nh tuyn khc nhau, h iu hnh s c chy trc tip t
35
Flash hay c gin ra RAM trc khi chy. Tp tin cu hnh cng c th c
lu tr trong Flash.
H iu hnh: m ng hot ng ca b nh tuyn. H iu hnh
ca cc b nh tuyn khc nhau c cc chc nng khc nhau v thng c
thit k khc nhau. Mi b nh tuyn c th chy rt nhiu h iu hnh khc
nhau ty thuc vo nhu cu s dng c th, cc chc nng cn thit phi c ca
b nh tuyn v cc thnh phn phn cng c trong b nh tuyn. Cc thnh
phn phn cng mi yu cu c s nng cp v h iu hnh. Cc tnh nng
c bit c cung cp trong cc bn nng cp ring ca h iu hnh.
Cc giao tip: b nh tuyn c nhiu cc giao tip trong ch yu
bao gm:
- Giao tip WAN: m bo cho cc kt ni din rng thng qua cc
phng thc truyn thng khc nhau nh leased-line, Frame Relay, X.25,
ISDN, ATM, xDSL ... Cc giao tip WAN cho php b nh tuyn kt ni theo
nhiu cc giao din v tc khc nhau: V.35, X.21, G.703, E1, E3, cp quang
v.v...
- Giao tip LAN: m bo cho cc kt ni mng cc b, kt ni n cc
vng cung cp dch v trn mng. Cc giao tip LAN thng dng: Ethernet,
FastEthernet, GigaEthernet, cp quang.

2. Gii thiu v b nh tuyn Cisco
2.1. Gii thiu b nh tuyn Cisco
S lc v b nh tuyn
B nh tuyn Cisco bao gm nhiu nn tng phn cng khc nhau c
thit k xy dng cho ph hp vi nhu cu v mc ch s dng ca cc gii
php khc nhau.
Cc chc nng x l hot ng ca b nh tuyn Cisco da trn nn
tng ct li l h iu hnh IOS.
Tu theo cc nhu cu c th m mt b nh tuyn Cisco s cn mt IOS
c cc tnh nng ph hp. IOS c nhiu phin bn khc nhau, mt s loi phn
cng mi c pht trin ch c th c h tr bi cc IOS phin bn mi
nht.
Cc thnh phn cu thnh b nh tuyn

Hnh 3.1:Cc thnh phn ca b nh tuyn Cisco
36

- RAM: Gi bng nh tuyn, ARP Cache, fast-switching cache, packet
buffer, v l ni chy cc file cu hnh cho b nh tuyn. y chnh l ni lu
gi file Running-Config, cha cu hnh ang hot ng ca Router. Khi ngng
cp ngun cho b nh tuyn, b nh ny s t ng gii phng. Tt c cc
thng tin trong file Running-Config s b mt hon ton.
- NVRAM: non-volatile RAM, l ni gi startup/backup configure, khng
b mt thng tin khi mt ngun vo. File Startup-Config c lu trong ny
m bo khi khi ng li, cu hnh ca b nh tuyn s c t ng a v
trng thi lu gi trong file. V vy, phi thng xuyn lu file Running-
Config thnh file Startup-Config.
- Flash: L ROM c kh nng xo, v ghi c. L ni cha h iu hnh
IOS ca b nh tuyn. Khi khi ng, b nh tuyn s t c ROM np
IOS trc khi np file Startup-Config trong NVRAM.
- ROM: Cha cc chng trnh t ng kim tra.
- Cng Console: c s dng cu hnh trc tip b nh tuyn. Tc
d liu dng cho cu hnh bng my tnh qua cng COM l 9600b/s. Giao
din ra ca cng ny l RJ45 female.
- Cng AUX: c s dng qun l v cu hnh cho b nh tuyn
thng qua modem d phng cho cng Console. Giao din ra ca cng ny cng
l RJ45 female.
- Cc giao din:
o Cng Ethernet / Fast Ethernet
o Cng Serial
o Cng ASYNC ...
2.2. Mt s tnh nng u vit ca b nh tuyn Cisco
- C kh nng tch hp nhiu chc nng x l trn cng mt sn phm
vi vic s dng cc module chc nng thch hp v IOS thch hp.
- D dng trong vic nng cp b nh tuyn Cisco c v phn mm ln
phn cng do d dng p ng cc nhu cu thay i, m rng mng, p
ng cc nhu cu pht trin v ng dng cng ngh mi.
- Tng thch v d dng m rng cho cc nhu cu v a dch v ngy
cng gia tng trn.
- Tnh bn vng, an ton v bo mt.
2.3. Mt s b nh tuyn Cisco thng dng
B nh tuyn Cisco 2500
- B nh tuyn Cisco 2509
- 01 cng console, 01 AUX
- 02 cng serial tc ti 2Mbps: kt ni leased-line, X.25, Frame
Relay...
37
- 01 Ethernet tc 10Mbps giao din AUI: cn thit c u chuyn
RJ45/AUI khi kt ni vo cc mng switch/hub thng thng.

Hnh 3.2: B nh tuyn Cisco 2501
- 01 cng Async cho php kt ni n 08 modem V34/V90. S dng mt
cp kt ni Octal kt ni cc modem n b nh tuyn.
Relay...
- 01 Ethernet tc 10Mbps giao din AUI: cn thit c u chuyn
RJ45/AUI khi kt ni vo cc mng switch/hub thng thng
Cisco ngng sn xut cc b nh tuyn Cisco dng 2500.

- 01 cng console
Relay...
- 01 Ethernet tc 10Mbps giao din AUI v RJ48 (Female Socket for
RJ45 connector)
- 01 serial slot: c th s dng cho cng Serial th 2, card ISDN BRI

38
- 01 cng console
- 01 cng ISDN BRI giao din S/T: kt ni ISDN tc 2B+D, khi s
dng Vit nam cn c thm mt b tip hp NT1 u ni vo mng ISDN.
- 01 Ethernet tc 10Mbps giao din AUI v RJ48 (Female Socket for
RJ45 connector)
- 01 serial slot: c th s dng cho cng Serial, card ISDN BRI


- 01 FastEthernet tc 10/100Mbps giao din RJ48 (Female Socket for
RJ45 connector)
- 02 WAN slot: c th s dng cho cng Serial, card ISDN BRI...

RJ45 connector)
- 02 WAN slot: c th s dng cho cng Serial, card ISDN BRI...
- 01 Voice slot: ch cho php cm cc card voice
39

- 01 cng console, 01AUX
- 01 Ethernet tc 10Mbps giao din RJ48 (Female Socket for RJ45
connector)
- 02 serial slot: c th s dng cho cng Serial, card ISDN BRI, card
voice...
- 01 network module slot: c th s dng module Async, Sync/Async,
Channelized E1, PRI ...


RJ45 connector)
- 02 serial slot: c th s dng cho cng Serial, card ISDN BRI, card
voice...
Channelized E1, PRI ...


40
- B nh tuyn 3620
- PCMCIA slot
Channelized E1, PRI, Ethernet/FastEthernet, Voice, VPN ...
- Khi kt ni vi mng LAN cn thit c mt Network module c cng
Ethernet/FastEthernet

- B nh tuyn 3661
- PCMCIA slot
- 01 FastEthernet tc 100Mbps
Channelized E1, PRI, Ethernet/FastEthernet, Voice, VPN ...
- 02 module ngun, h tr v d phng ln nhau, m bo v mt cung
cp ngun in cho b nh tuyn. C th thay th module ngun m khng
cn phi tt in ton b b nh tuyn.
2.4. Cc giao tip ca b nh tuyn Cisco
- Cng Console
o Tc c th 11500Bps, lm vic tc 9600Bps
o Dng cho cu hnh cho b nh tuyn Cisco
o S dng cp Console kt ni
- Cng AUX
o Tc 11500Bps
o S dng cho qun tr/cu hnh t xa qua modem V34/V90
o C th s dng cu hnh trc tip s dng cp Console
o Ch lm vic sau khi b nh tuyn Cisco khi ng hon ton
41
o C th cu hnh AUX lm vic nh mt ng kt ni d
phng
- Ethernet/FastEthernet
o Tc 10Mbps/100Mbps giao din AUI hoc RJ45
o Dng cho u ni trc tip vo mng LAN
o Tun theo cc chun ca IEEE802.3
- Serial
o Tc kt ni ti 2Mbps
o Dng cho kt ni mng WAN
o C kh nng kt ni theo nhiu chun giao din khc nhau V35,
V24, X21, EIA530... bng vic s dng cc cp ni
- ISDN
o Tc 2B+D
o Dng cho kt ni mng ISDN s dng cho Dialup Server hoc
kt ni d phng
o C cc giao din U hoc S/T, giao din S/T cn thit c thit b
NT1 kt ni vo mng
- Async
o Giao din truyn s liu khng ng b
o Dng cho kt ni vi cc h thng modem V34/V90
o S dng cp kt ni Async (Octal Cable) ni ti 08 modem.
Octal cable thng c giao din RJ45 v cn c chuyn i RJ45-DB25 ph
hp vi giao din ca modem
2.5. Kin trc module ca b nh tuyn Cisco
Cc b nh tuyn c kin trc module
Cc b nh tuyn Cisco thng dng c gii thiu phn trc hu
ht l c kin trc module tr b nh tuyn 2500 khng c tip tc sn
xut.
Ngoi cc b nh tuyn c kin trc module c bit, cn c cc b nh
tuyn khc:
- 1600: 1601, 1602, 1603, 1604, 1605
- 1700: 1710, 1720, 1721, 1750, 1751, 1760
- 2600: 2610, 2160XM, 2611, 2611XM, 2612, 2613, 2620, 2620XM,
2621, 2621XM, 2650, 2650XM, 2651, 2651XM, 2691
- 3600: 3620, 3631, 3640, 3661, 3662
- 3700: 3725, 3745
Tnh tng thch dng ln v thay th
42
Cc b nh tuyn c kin trc module ca Cisco c thit k s
dng chung mt kho cc card giao tip v module chc nng khc nhau.
Cc card giao tip c s dng cho bt k mt b nh tuyn no c
khe cm tng thch. Tng thch ph bin nht l card giao tip Serial. Card
giao tip serial c th s dng trn bt k b nh tuyn no. Mt s card giao
tip khc nh card voice s yu cu v cu hnh phn cng v phn mm ti
thiu. Cc card giao tip c s dng cho cc b nh tuyn 1600, 1700 c th
s dng cho cc b nh tuyn 2600, 3600.
B nh tuyn 2600, 3600, 3700 cho php s dng cc module chc
nng khc nhau. Mt module chc nng c th ch bao gm mt chc nng nh
module Async, module Serial, cng c th bao gm nhiu chc nng hay bao
gm cc khe cm cho card giao tip khc nh module NM-1E- c 01 cng
Ethernet v 02 khe cm cho bt k mt loi card tng thch no. Vic la
chn module ty thuc vo nhu cu s dng c th. Cc module cng c s
dng gia cc b nh tuyn. Mt s module yu cu cu hnh ti thiu v phn
cng v phn mm. B nh tuyn 1600 v 1700 khng cho php s dng cc
module nh cc b nh tuyn 2600, 3600.

Mt s module thng gp

Hnh 3.11: Module Ethernet/FastEthernet

43
Bng 3-2:Mt s loi module Ethernet/FastEthernet
Loi module
S
cng
LAN
S khe cm WAN
Single-Port Ethernet 1 None
Four-Port Ethernet 4 None
Single-Port Ethernet Mixed Media 1 Two WAN interface card slots
Dual-Port Ethernet Mixed Media 2 Two WAN interface card slots
Single-Port Ethernet and Single-Port
Token Ring
1/1 Two WAN interface card slots
Single Port Fast Ethernet 1 None

Hnh 3.12: Module Ethernet c khe cm WAN

Bng 3-3: Mt s loi module c khe cm WAN
Tn module Loi module
NM-1FE2W/NM-1FE2W-V2 1 10/100 Ethernet, 2 khe cm WAN
NM-2FE2W/NM-2FE2W-V2 2 10/100 Ethernet, 2 khe cm WAN
NM-1FE1R2W 1 10/100 Ethernet, 1 4/16 Token Ring,
44
2 khe cm WAN
NM-2W 2 khe cm WAN

Bng 3-4: Gii hn s lng module trn cc b nh tuyn
2600 2691 3620 3631 3640 3660 3725 3745
NM-1FE2W/NM-
1FE2W-V2
N/A 1 2 N/A 4 6 2 4
NM-2FE2W/NM-
2FE2W-V2
N/A 1 2 N/A 4 6 2 4
NM-1FE1R2W N/A 1 2 N/A 4 6 2 4
NM-2W 1 1 1 N/A 3 6 2 4

Hnh 3.13: Module 4 cng serial
- Module 4 cng serial
- H tr tng lu lng 8Mbps: c th s dng tc ti a 8Mbps trn
mt cng hoc mi 2Mbps cho 4 cng.
- Kt ni vi modem theo cc chun V.35, X.21, EIA/TIA-232,
EIA/TIA530... s dng cc cp ph hp
- S dng cho u ni leased-line, Frame Relay, X.25 ...
45

Hnh 3.14: Module 8 cng Sync/Async
- Module 8 cng Sync/Async
- Tc kt ni trn mi cng thp (ti a 128Kbps)
- C th s dng hai ch ng b v khng ng b. C th s dng
cho modem quay s.
- S dng cho u ni leased-line, Frame Relay, X.25, modem quay s...

Hnh 3.15: Module 16 cng Async
- Module 16 cng Async
- Kt ni khng ng b s dng cho modem quay s.
- Kt ni vi modem theo cc chun EIA/TIA-232 s dng cp Octal

46

Hnh 3.16: Module v card ISDN BRI

Bng 3-5: Mt s loi module ISDN BRI tc 2B+D (128+16Kbps)
Loi module M t
NM-4B-S/T 4 cng ISDN BRI giao din S/T
NM-4B-U 4 cng ISDN BRI giao din U (tch hp b tip hp NT1)
NM-8B-S/T 8 cng ISDN BRI giao din S/T
NM-8B-U 8 cng ISDN BRI giao din U (tch hp b tip hp NT1)

Bng 3-6: Mt s loi card giao tip ISDN BRI tc 2B+D (128+16Kbps)
Loi card M t
WIC-1B-S/T-V2 1 cng ISDN BRI giao din S/T
WIC 1B-U-V2 1 cng ISDN BRI giao din U (tch hp b tip hp NT1)

Hnh 3.17: Card giao tip Serial
47
- Card mt v hai cng giao tip Serial
- Kt ni ng b tc n 2Mbps
- S dng cho u ni leased-line, Frame Relay, X.25, modem quay s...

3. Cch s dng lnh cu hnh b nh tuyn
3.1. Gii thiu giao tip dng lnh ca b nh tuyn Cisco
Giao tip dng lnh
Giao tip dng lnh CLI (Command Line Interface) khc vi cc giao
tip ha GUI (Graphic User Interface) l giao tip c bit c Cisco thit
k cho php ngi dng, ngi qun tr lm vic vi cc thit b ca Cisco
thng qua cc dng lnh trc tip.
Vi giao tip dng lnh, ngi dng, ngi qun tr c th trc tip
xem, cu hnh cc thit b ca Cisco thng qua cc lnh ph hp. c th s
dng c giao tip dng lnh, ngi dng phi nm vng c cc lnh, cc
tham s lnh v cch s dng cc lnh.
Mi thit b ca Cisco u c rt nhiu cc lnh, cc b lnh i km tuy
nhin ngi s dng, ngi qun tr khng nht thit phi hiu ht ton b cc
lnh trong mi thit b m ch cn hiu, nm vng mt s lnh cn thit cho cc
mc ch s dng c th.
Giao tip dng lnh ca Cisco cung cp cho ngi dng kh nng s
dng tr gip trc tuyn. iu c ngha l trong qu trnh lm vic vi thit
b thng qua giao tip dng lnh, ngi dng c th lit k cc lnh, xem li
ngha s dng ca n hay thm ch xem cc thng s lnh.
Lu : khi s dng giao tip dng lnh cu hnh thit b, sau khi lnh
c thc thi (n phm Enter) cc hot ng ca b nh tuyn s nh hng
ngay lp tc bi lnh thc thi . Mt cho nhng v d l khi ang thc hin
cu hnh t xa thng qua telnet, nu thay i a ch ca b nh tuyn, s lp
tc mt kt ni n b nh tuyn v ch c th thc hin cu hnh b nh
tuyn trc tip t cng console. iu ny c ngha cn thit phi rt cn thn v
chc chn cng nh thc hin ng trnh t mi khi thc hin cu hnh b nh
tuyn.
V d v giao tip dng lnh nh sau:
Router#config terminal
Router(config)#interface s0/0
Router(config-if)#encapsolution ppp
Router(config-if)#ip address 192.168.100.5 255.255.255.0

Cc kh nng thc hin cu hnh b nh tuyn Cisco
48
- Cu hnh b nh tuyn trc tip t cng console: l phng php s
dng mt cp console thng qua mt phn mm kt ni trc tip cng COM
nh HyperTerminal ca WINDOWS truy nhp vo b nh tuyn sau cu
hnh b nh tuyn theo giao thc dng lnh. Phng php cu hnh ny c
s dng nhiu nht v trong hu ht cc trng hp. Cc b nh tuyn s dng
ln u cng phi c cu hnh bng phng php ny.
- Cu hnh b nh tuyn thng qua truy nhp t xa telnet: truy nhp t xa
ti b nh tuyn vi telnet ch c th thc hin c khi b nh tuyn
c cu hnh vi t nht mt a ch mng, c mt khu bo v v my tnh s
dng cu hnh b nh tuyn phi c kh nng kt ni c vi b nh
tuyn thng qua mi trng mng. Sau khi kt ni c ti b nh tuyn, s
dng giao din dng lnh cu hnh b nh tuyn.
- Cu hnh b nh tuyn s dng tp tin cu hnh lu tr trn my ch
TFTP: trong mt s trng hp, tp tin cu hnh cho b nh tuyn c th c
lu tr trn my ch TFTP, b nh tuyn c cu hnh sao cho sau khi khi
ng s tm kim tp tin cu hnh trn my ch TFTP thay v s dng tp tin
cu hnh lu tr trong NVRAM. C th s dng lnh copy ti tp tin cu
hnh t my ch TFTP v b nh tuyn.
- Cu hnh b nh tuyn thng qua giao din WEB: ch thc hin c
sau khi b nh tuyn c cu hnh vi a ch IP v cho php cu hnh qua
giao thc http.
S dng giao tip dng lnh
thc hin vic kt ni my tnh vi b nh tuyn, ngi ta dng cp
console ca Cisco, mt u cm trc tip vo cng CONSOLE ca b nh
tuyn, u kia cm vo cng COM ca my tnh, c th s dng cc u
chuyn i DB9/RJ45 hoc DB25/RJ45 khi cn thit.
Phn mm giao tip gia my tnh v b nh tuyn thng dng nht l
HyperTerminal c ci t sn trong cc phin bn WINDOWS.
49

Hnh 3.18: S dng HyperTerminal kt ni n b nh tuyn
Chn ng cng COM kt ni vi cp console tin hnh ci t cc
thng s lm vic. Tc kt ni thng qua cng COM ca my tnh v cng
CONSOLE ca b nh tuyn l 9600b/s (hnh 3.19). Chn OK, bm phm
Enter, ca s lm vic xut hin du ln hn ">" sau tn ca ca b nh tuyn,
ngha l vic kt ni hon tt (hnh 3-20).

Hnh 3.19: Xc lp cc tham s cho kt ni
50

Hnh 3.20: Kt ni ti b nh tuyn thnh cng
Sau khi kt ni thnh cng, s dng cc lnh ca b nh tuyn
xem, kim tra, cu hnh v bt li cc hot ng ca b nh tuyn.
S dng du ? truy cp thng tin tr gip
- nh du ? ngay st sau cu lnh cha hon chnh s hin th cc lnh
c th bt u t cc t cha hon chnh g
- nh du ? sau cu lnh mt k t trng s hin th cc tham s c th
ca cu lnh
- Khi cu lnh khng c s hin th mt bo li
S dng TAB ngay st sau cu lnh cha hon chnh s hin th cu lnh
hon chnh

3.2. Lm quen vi cc ch cu hnh
Ch ngi dng
Bao gm cc tc v ph bin ch yu gm nhng lnh kim tra trng
thi hot ng ca b nh tuyn, trng thi cc giao tip, cc bng nh tuyn
v.v... v mt s lnh kim tra kt ni mng nh ping, traceroute, telnet v.v....
ch ny khng c php thay i cc cu hnh b nh tuyn. Ch
ngi dng khng cho php xem xt su n cc hot ng ca b nh tuyn
m trong qu trnh khai thc, vn hnh, ngi qun tr phi cn thit s dng
ch qun tr thc hin. Biu hin ca ch ngi dng l du ln hn,
>, sau tn b nh tuyn:
Router>
Router>?
Exec commands:
<1-99> Session number to resume
51
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
----- cc lnh c b bt -----
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
resume Resume an active network connection
rlogin Open an rlogin connection
show Show running system information
slip Start Serial-line IP (SLIP)
systat Display information about terminal lines
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
where List active connections
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD

Ch qun tr
Bao gm hu ht cc lnh ca ch ngi dng v cc lnh ch dnh
cho ngi qun tr. Ch c th cu hnh b nh tuyn ch ny. Trong qu
trnh khai thc, vn hnh, hiu r hoc khi c s c xy ra, ngi qun tr c
th s dng cc lnh debug lm r thm thng tin cn thit. c trng cho
ch qun tr l biu hin ca du thng, #.
Router>en
Password:
Router#
Router#?
Exec commands:
<1-99> Session number to resume
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
access-template Create a temporary Access-List entry
archive manage archive files
bfe For manual emergency modes setting
cd Change current directory
52
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
connect Open a terminal connection
copy Copy from one file to another
debug Debugging functions (see also 'undebug')
----- cc lnh c b bt -----
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
undebug Disable debugging functions (see also 'debug')
upgrade Upgrade firmware
verify Verify a file
where List active connections
write Write running configuration to memory, network, or
terminal
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD

Ch cu hnh ton cc
L ch cu hnh cc tham s ton cc cho b nh tuyn.
C rt nhiu cc cu hnh ton cc nh cu hnh tn b nh tuyn, cu hnh tn
v mt khu ngi dng, cu hnh nh tuyn ton cc, cu hnh danh sch truy
nhp v.v... Biu hin ca ch cu hnh ton cc nh sau:
Router#
Router(config)#hostname RouterA

Ch cu hnh giao tip
Ch cu hnh giao tip l ch cu hnh cho cc giao tip ca b
nh tuyn nh giao tip Serial, giao tip Ethernet, giao tip Async...
Ch cu hnh giao tip cho php ngi qun tr mng thit lp cc
tham s hot ng cho mi giao tip nh cc giao thc mng c s dng trn
giao tip, a ch mng ca giao tip, gn cc danh sch truy nhp cho giao tip
v.v... Mt v d v ch cu hnh giao tip nh sau:
Router#
Router(config)#interface s0/0
Router(config-if)#encapsolution ppp
Router(config-if)#ip address 192.168.100.5 255.255.255.0
Router(config-if)#

53
Ch cu hnh nh tuyn
L ch cu hnh cc tham s cho cc giao thc nh tuyn. Cc giao
thc nh tuyn c cu hnh c lp vi nhau v u c thc hin ch
cu hnh nh tuyn nh v d sau:
Router#
Router(config)#router rip
Router(config-router)#network 192.168.0.0
Router(config-if)#

Ch cu hnh ng kt ni
Ch cu hnh ng kt ni l mt ch cu hnh c bit s dng
thit lp cc tham s mc thp cho giao tip logic trong in hnh l cc
tham s thit lp cho cc kt ni modem quay s.
Router(config)#line 33 48
Router(config-line)#modem inout
Router(config-line)#modem autoconfig discovery
Router(config-line)#

Bng 3-7:Mt s ch cu hnh v th hin
Ch cu hnh Th hin
Global Router(config)#
Interface Router(config-if)#
Subinterface Router(config-subif)#
Controller Router(config-controller)#
Map-list Router(config-map-list)#
Map-class Router(config-map-class)#
Line Router(config-line)#
Router Router(config-router)#
Route-map Router(config-route-map)#

3.3. Lm quen vi cc lnh cu hnh c bn
54
Enable: dng vo ch qun tr. Sau khi thc hin lnh enable,
ngi dng phi cung cp mt khu qun tr ng thc s c lm vic
ch qun tr, mt khu khng c php nhp sai qu 3 ln.
Router>
Router>en
Password:
Password:
Password:
% Bad secrets
Router>en
Password:
Router#
Router#
Router#disa
Router>

Disable: thot khi ch qun tr v ch ngi dng.
Setup: thc hin khi to li cu hnh ca b nh tuyn ch cu
hnh hi thoi. Sau y l mt v d v s dng lnh setup. Ch hi thoi
ny cng c thc hin t ng i vi cc b nh tuyn cha h c tp tin
cu hnh hay ni cch khc c NVRAM khng cha thng tin.

Router#setup
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: y
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: n
First, would you like to see the current interface summary? [yes]: n
Configuring global parameters:
Enter host name [Router]:
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret [<Use current secret>]:
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password []:123456
55
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: 654321
Configure SNMP Network Management? [yes]:
Community string [public]:
Configure IP? [yes]:
Configure IGRP routing? [yes]: n
Configure RIP routing? [no]:
Configure bridging? [no]:
Async lines accept incoming modems calls. If you will have
users dialing in via modems, configure these lines.
Configure Async lines? [yes]: n
Configuring interface parameters:
Do you want to configure FastEthernet0/0 interface? [yes]: n
Do you want to configure Serial0/0 interface? [yes]: n
Do you want to configure Serial0/1 interface? [no]: y
Some supported encapsulations are
ppp/hdlc/frame-relay/lapb/x25/atm-dxi/smds
Choose encapsulation type [hdlc]: ppp
No serial cable seen.
Choose mode from (dce/dte) [dte]:
Configure IP on this interface? [no]: y
IP address for this interface: 192.168.100.5
Subnet mask for this interface [255.255.255.0] :
Class C network is 192.168.100.0, 24 subnet bits; mask is /24
The following configuration command script was created:
hostname Router
enable secret 5 $1$EuXV$Yhj/OYkz/U1R5VABqXsMC0
enable password 7 123456
line vty 0 4
password 7 654321
snmp-server community public
!
ip routing
no bridge 1
!
interface FastEthernet0/0
shutdown
no ip address
!
interface Serial0/0
shutdown
no ip address
56
!
interface Serial0/1
no shutdown
encapsulation ppp
ip address 192.168.100.5 255.255.255.0
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
end
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.

Config: cho php thc hin cc lnh cu hnh b nh tuyn. Sau lnh
config, qun tr mng mi c th thc hin cc lnh cu hnh b nh tuyn.
Trnh t thc hin cu hnh cho mt b nh tuyn c th c th hin nh sau
- t tn cho b nh tuyn
Router(config)#
Router(config)#hostname RouterABC
RouterABC(config)#
- t tn mt khu b mt dnh cho ngi qun tr
RouterABC(config)#enable secret matkhaubimat
RouterABC(config)#
- t tn mt khu cho ch qun tr. Mt khu ny ch s dng khi cu
hnh b nh tuyn khng c mt khu b mt dnh cho qun tr.
RouterABC(config)#enable password matkhau
RouterABC(config)#
- Cu hnh cho php ngi dng truy cp t xa n b nh tuyn
RouterABC(config)#line vty 0 4
RouterABC(config-line)#login
RouterABC(config-line)#password telnet
RouterABC(config-line)#
- Cu hnh cc giao tip
RouterABC(config)#interface ethernet 0
RouterABC(config-if)#ip address 192.168.2.1 255.255.255.0
RouterABC(config-if)#no shutdown
RouterABC(config-if)#
- Cu hnh nh tuyn
RouterABC(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.2
RouterABC(config)#
57

Copy: lnh copy cho php thc hin cc sao chp cu hnh ca b nh
tuyn i/n my ch TFTP, sao chp, lu tr, nng cp cc tp tin IOS ca b
nh tuyn t / ti my ch TFTP.
c th lu bn sao cu hnh hin hnh ln my ch TFTP, s dng lnh
copy rumng-config tftp nh c trnh by di. Tip theo l tin trnh ngc
li vi vic ti tp tin cu hnh t my ch TFTP v b nh tuyn.
- Nhp lnh copy runing-config tftp
- Nhp a ch IP ca my ch TFTP ni dng lu tp tin cu hnh
- Nhp tn n nh cho tp tin cu hnh
- Xc nhn chn la vi tr li yes

Lnh copy dng lu tp tin cu hnh ln my ch:
Router#copy running-config tftp
Address or name of remote host []? 192.168.1.5
Name of configuration file to write [Router-config]?cisco.cfg
Write file cisco.cfg to 192.168.1.5? [confirm] y
Writing cisco.cfg !!!!! [OK]
Router#

Lnh copy dng ti tp tin cu hnh t my ch:
Router#copy tftp running-config
Address or name of remote host []? 192.168.1.5
Source filename []? cisco.cfg
Destination filename [running-config]?

Show: l lnh c dng nhiu v ph bin nht.
Lnh show dng xc nh trng thi hin hnh ca b nh tuyn. Cc lnh
ny gip cho php c c cc thng tin quan trng cn bit khi kim tra v
iu chnh cc hot ng ca b nh tuyn.
- show version: hin th cu hnh phn cng h thng, phin bn phn
mm, tn v ngun ca cc tp tin cu hnh, v nh chng trnh khi ng.
- show processes: hin th thng tin cc qu trnh hot ng ca b nh
tuyn.
- show protocols: hin th cc giao thc c cu hnh.
- show memory: thng k v b nh ca b nh tuyn.
- show stacks: gim st vic s dng stack ca cc qu trnh, cc th tc
ngt v hin th nguyn nhn khi ng li h thng ln cui cng.
- show buffers: cung cp thng k v cc vng b m trn b nh tuyn.
58
- show flash: th hin thng tin v b nh Flash.
- show running-config: hin th tp tin cu hnh ang hot ng ca b
nh tuyn.
- show startup-config: hin th tp tin cu hnh c lu tr trn NVRAM
v c a vo b nh hot ng khi bt ngun b nh tuyn. Thng
thng running-config v startup-config l ging nhau. Khi thc hin cc lnh
cu hnh, running-config v startup-config s khng cn ging nhau, cu hnh
hot ng (running-config) cn phi c ghi tr li NVRAM sau khi kt thc
cu hnh b nh tuyn.
- show interfaces: thng k cc giao tip ca b nh tuyn. y l mt
trong cc lnh c s dng nhiu nht cho bit trng thi hot ng ca cc
giao tip, s liu thng k lu lng, s lng cc gi tin li v.v...

Hnh 3.21: Lnh show

Router#show interface s0/0
Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
Description: 2M link to the Internet
Internet address is 192.168.100.5/24
MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec,
reliability 255/255, txload 248/255, rxload 84/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/12/0 (size/max/drops/flushes); Total output
drops: 2383688
Queueing strategy: weighted fair
Output queue: 24/1000/64/2383671 (size/max total/threshold/drops)
Conversations 5/184/256 (active/max active/max total)
59
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 677000 bits/sec, 161 packets/sec
5 minute output rate 1996000 bits/sec, 395 packets/sec
106754998 packets input, 2930909441 bytes, 0 no buffer
Received 68850 broadcasts, 0 runts, 0 giants, 0 throttles
51143 input errors, 30726 CRC, 20248 frame, 0 overrun, 0
ignored, 169 abort
319791176 packets output, 1669977392 bytes, 0 underruns
0 output errors, 0 collisions, 125 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Hnh 3.22: Lnh show interface
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 09-May-00 23:34 by linda
Image text-base: 0x80008088, data-base: 0x807D2544

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 1 week, 1 day, 1 minute
System returned to ROM by power-on at 13:29:57 Hanoi Thu Jul 31 2003
System restarted at 20:24:22 Hanoi Tue Sep 2 2003
System image file is "flash:c2600-i-mz.121-2.bin"

cisco 2620 (MPC860) processor (revision 0x102) with 26624K/6144K
bytes of memory
.
Processor board ID JAD04340ID8 (2733840160)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102
Hnh 3.23: Lnh show version
60
Write: lnh write s dng ghi li cu hnh hin ang chy ca b
nh tuyn. Nht thit phi dng lnh write memory ghi li cu hnh ca b
nh tuyn vo NVRAM mi khi c thay i v cu hnh.

Router#write ?
erase Erase NV memory
memory Write to NV memory
network Write to network TFTP server
terminal Write to terminal
<cr>

3.4. Cch khc phc mt s li thng gp
Li kt ni n cng console s dng Hyper Terminal
- Kim tra li xem s dng chnh xc loi cp dng cu hnh b
nh tuyn cha. Cp console dng cu hnh b nh tuyn l cp 8 si c
hai u RJ45 c s u ni nh bng 3-8 v s dng u chuyn i
DB9/RJ45 c cung cp km theo b nh tuyn.
- Kim tra xem s dng ng cng kt ni COM ca my tnh ni
ti b nh tuyn.
Bng 3-8: S u ni cp console
Console Cp console DB9/RJ45 COM
Tn hiu RJ45 RJ45 DB9 Tn hiu
RTS 1 8 8 CTS
DTR 2 7 6 DSR
TxD 3 6 2 RxD
GND 4 5 5 GND
GND 5 4 5 GND
RxD 6 3 3 TxD
DSR 7 2 4 DTR
CTS 8 1 7 RTS
- Kim tra cc tham s kt ni. Tc kt ni phi l 9600 cho kt ni
qua cng console.

Li kt ni s dng telnet
61
Khi s dng telnet cu hnh t xa b nh tuyn, ngi dng c th khng
kt ni c n b nh tuyn. Mt trong cc li sau cn c kim tra:
- My tnh dng cu hnh b nh tuyn khng c kt ni mng vi b
nh tuyn. Kim tra li kh nng kt ni mng t my tnh n b nh tuyn.
C th dng lnh ping kim tra.
- Khi cu hnh b nh tuyn ln u, ngi qun tr mng qun khng
thit lp mt khu cho truy nhp t xa. Khi c gng truy nhp t xa, ngi
dng s nhn c thng bo v vic mt khu truy nhp cha c thit lp.
Trng hp ny cn s dng cp console thit lp mt khu theo trnh t
nh trnh by di y:
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password 123456
Router(config-line)#end
Router#write memory
- Kim tra v vic c hay khng c cc hn ch telnet s dng cc danh
sch kim sot truy nhp (access-list).

4. Cu hnh b nh tuyn Cisco
4.1. Cu hnh leased-line
Gii thiu leased-line
Leased-line, hay cn c gi l knh thu ring, l mt hnh thc kt
ni trc tip gia cc node mng s dng knh truyn dn s liu thu ring.
Knh truyn dn s liu thu ring thng thng cung cp cho ngi s
dng s la chn trong sut v giao thc u ni hay ni cch khc, c th s
dng cc giao thc khc nhau trn knh thu ring nh PPP, HDLC, LAPB
v.v...
V mt hnh thc, knh thu ring c th l cc ng cp ng trc
tip kt ni gia hai im hoc c th bao gm cc tuyn cp ng v cc mng
truyn dn khc nhau. Khi knh thu ring phi i qua cc mng truyn dn
khc nhau, cc quy nh v giao tip vi mng truyn dn s c quy nh bi
nh cung cp dch v. Do , cc thit b u cui CSU/DSU cn thit kt
ni knh thu ring s ph thuc v nh cung cp dch v. Mt s cc chun
kt ni chnh c s dng l HDSL, G703, 2B1Q v.v...
Khi s dng knh thu ring, ngi s dng cn thit phi c cc
giao tip trn cc b nh tuyn sao cho c mt giao tip kt ni WAN cho mi
mt kt ni knh thu ring ti mi node. iu c ngha l, ti im node c
kt ni knh thu ring n 10 im khc nht thit phi c 10 giao tip
WAN phc v cho cc kt ni knh thu ring. y l mt vn hn ch
v u t thit b ban u, khng linh hot trong m rng, pht trin, phc tp
62
trong qun l, c bit l chi ph thu knh ln i vi cc yu cu kt ni xa
v khong cch a l.
Cc giao thc s dng vi ng lease-line
Hai giao thc s dng vi leased-line l HDLC, PPP v LAPB. Trong :
- HDLC: l giao thc c s dng vi h cc b nh tuyn Cisco hay
ni cch khc ch c th s dng HDLC khi c hai pha ca kt ni leased-line
u l b nh tuyn Cisco.
- PPP: l giao thc chun quc t, tng thch vi tt c cc b nh tuyn
ca cc hng sn xut khc nhau. Khi u ni knh leased-line gia mt pha l
thit b ca Cisco v mt pha l thit b ca hng th 3 th nht thit phi dng
giao thc u ni ny. PPP l giao thc lp 2 cho php nhiu giao thc mng
khc nhau c th chy trn n do vy n c s dng ph bin.
- LAPB: l giao thc truyn thng lp hai tng t nh giao thc mng
X.25 vi y cc th tc, qu trnh kim sot truyn dn, pht hin v sa
li. LAPB t c s dng.
M hnh kt ni lease-line

Ethernet
Server
Workstation
Ethernet
C2621 C3620
Server
Workstation

Cu hnh kt ni lease-line c bn
- Phn nh a ch
o Vic phn nh a ch cho cc mng v cho cc kt ni gia cc
b nh tuyn l rt quan trng, m bo cho vic lin lc thng sut gia cc
mng, m bo cho vn qui hoch a ch, nhm gn cc nh tuyn ...
o Khi thc hin xy dng mt mng dng ring, iu cn thit phi
ghi nh l ch c dng cc a ch trong nhm cc a ch dnh cho mng
dng ring:10.x.x.x, 172.16.x.x 172.31.x.x, 192.168.x.x
o m bo khng b trng lp v gim thiu cc vn pht
sinh, cc kt ni mng WAN theo kiu leased-line cn c sp xp trn lp
mng nh nht. Cc kt ni mng WAN trong trng hp ny c thc hin
trn cc lp mng gm 4 a ch.
63
o Cc lp mng khc tu theo yu cu c th v s lng cc a
ch c th m phn chia cho ph hp.
- bt u cu hnh mng:
o Router> enable
o Password: ******
o Router# config terminale
o Router(config)#
- Thc hin t tn, cc mt khu, cu hnh cho php telnet v cc iu
kin cn thit trc khi cu hnh cc giao din
- Cu hnh
o Router2621(config)# interface serial 0
- La chn giao thc s dng
o Router2621(config-if)# encapsolation HDLC
- t a ch IP cho giao tip kt ni leased-line
o Router2621(config-if)# ip address 192.168.113.5
255.255.255.252
- Lun phi a giao tip vo s dng bng lnh no shutdown
o Router2621(config-if)# no shutdown
o Router2621(config-if)# interface serial 1
- La chn giao thc PPP s dng cho mt giao tip khc
o Router2621(config-if)# encapsolation PPP
o Router2621(config-if)# ip address 192.168.113.9
255.255.255.252
o Router2621(config-if)# no shutdown
o Router2621(config-if)# exit
- S dng nh tuyn tnh vi c php: ip route [a ch mng ch]
[netmask] [a ch next hop]
o Router2621(config)# ip route 0.0.0.0 0.0.0.0
192.168.113.6
- Lun phi ghi li cu hnh khi cu hnh xong
o Router2621# write memory
- Thc hin cc phn vic cn li ti cc b nh tuyn khc, ch v
giao thc c s dng kim tra, gim st cc kt ni.
o Dng lnh show interface kim tra trng thi ca giao tip
o show interface: xem trng thi tt c cc giao tip
o show interface serial 0: xem trng thi cng serial 0
o Serial 0 is admininistrative down line protocole is down: th hin
trng thi ang b cu hnh l khng lm vic, s dng lnh no shutdown trong
Interface mode a giao tip serial 0 vo lm vic
o Serial 0 is down line protocole is down: kim tra li ng truyn
64
o Serial 0 is up line protocole is down: kim tra li cc giao thc
c s dng ti hai pha
o Serial 0 is up line protocole is up: l trng thi lm vic
Cu hnh b nh tuyn 2621

!
hostname 2621
!
!
ip address 10.0.5.1 255.255.255.0
!
!
interface Serial0/0
ip address 192.168.113.5 255.255.255.252
encapsulation ppp
!
!
ip route 0.0.0.0 0.0.0.0 192.168.113.6
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
login
!
end
Hnh 3.24: Cu hnh ca b nh tuyn 2621


!
hostname 3620
!
!
ip address 10.0.6.1 255.255.255.0
!
!
interface Serial1/0
65
ip address 192.168.113.6 255.255.255.252
encapsulation ppp
!
!
ip route 0.0.0.0 0.0.0.0 192.168.113.5
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end

4.2. Cu hnh X.25 & Frame Relay
Gii thiu X.25 v Frame Relay
X25: Nm 1978 ISO thay i thm HDLC v CCITT thm mt s thng
s sinh ra LAPB Link Access Procedure Balanced Mode. LAPB nh
ngha mt s quy lut cho mc Frame ca X.25 nh cc loi khung c bit
nh RR (Receive Ready), REJ (Reject) . . .

Hnh 3.26: Chuyn mch gi X.25

X.25 cung cp cc kt ni din rng thng qua mi trng chuyn mch gi.
Mi thu bao X.25 c mt a ch xc nh duy nht c nh s gm cc
phn m quc gia, nh cung cp dch v v a ch ca thu bao trc thuc nh
cung cp dch v.
66

Hnh 3.27: Cu trc a ch X.25
Khi c nhu cu kt ni truyn d liu, cc thit b u cui X.25 s pht
khi to mt VC (virtual circuit) ti a ch ch. Sau khi VC c thit lp, d
liu s c truyn ti gia hai im thng qua VC . Nu nhu cu d liu ln
hn, thit b u cui s khi to thm cc VC mi. Khi ht gi liu, cc VC s
c gii phng cho cc nhu cu truyn ti khc.
X.25 qui nh mt s tham s xc nh bao gm:
- ln gi tin (ips/ops): l gi tr kch thc gi tin c quy nh bi
nh cung cp dch v.
- ln ca s iu khin lung (win/wout): X.25 s dng c ch iu
khin lung bng ca s m bo tc gi nhn tin ph hp khng lm
mt mt thng tin. Vi tham s ca s bng 7, X.25 cho php gi ti a 7 gi
tin khi cha nhn c phc p.
- S lng knh VC ti a cho chiu n/hai chiu/chiu i (hic/htc/hoc):
S lng knh VC c cung cp cho mi thu bao X.25 c xc nh bi
nh cung cp. Thu bao ch c th truyn ti d liu vi s lng cc VC ti a
cho php c xc nh. Khng th thc hin c yu cu truyn ti nu
c yu cu truyn ti ti cc im mi khi s lng VC ht. Khi cc thit b
u cui X.25 thc hin truyn ti d liu n phi tun theo cc quy tc:
o Cuc gi ra c thc hin t VC ln nht cn trng. iu c
ngha l, nu cha h c cuc gi no v s VC c cung cp cho mt thu
bao l 16 th cuc gi ra u tin s khi to VC s 16 thc hin yu cu kt
ni.Trong trng hp dng ht 3 VC gi ra th cuc gi ra th 4 s s dng
VC s 13 thc hin.
o Cuc gi ti c thc hin t VC nh nht cn trng. Tng t
nh cuc gi ra, cuc gi vo u tin s nhn c trn VC s 1 v cuc gi
vo th 10 s nhn c trn VC s 10.
o Qu trnh khi to VC s dng li khi khng cn VC trng.
o Vi cc quy tc ny, yu cu cn thit phi xc lp mt cch
chnh xc cc tham s cho thit b u cui X.25 th mi c th thc hin c
cc kt ni truyn ti d liu.
V c im ca X.25
67
- Tc truyn ti hn ch, ti Vit Nam tc cung cp ti a l
128Kbps.
- tr ln, khng ph hp cho cc ng dng c yu cu cao v tr.
- Kh nng m rng d dng, chi ph khng cao.
- An ton v bo mt, vn c s dng trong cc giao dch ngn hng.
Frame Relay: Frame Relay ra i trn nn tng h tng vin thng ngy cng
c ci thin, khng cn c qu nhiu cc th tc pht hin v sa li nh
X.25. Frame relay c th chuyn nhn cc khung ln ti 4096 byte trong khi
gi tiu chun ca X.25 khuyn co dng l 128 byte. Frame Relay rt thch
hp cho tryn s liu tc cao v cho kt ni LAN to LAN v c cho m
thanh, nhng iu kin tin quyt s dng cng ngh Frame relay l cht
lng mng truyn dn phi cao.

Bng 3-9:So snh gia X.25 v Frame Relay
TT Chc nng ca mng X25 Frame relay
1 Phc p khung thng tin nhn c
2 Phc p gi tin nhn c
3 Dch a ch ca gi tin
4 Ct gi gi tin vo vng m ch phc
p

5 Pht hin gi tin sai th t
6 Hu gi tin b li
7 m bo khung tin c gi tr N(s) l hp l
8 Thit lp v hu b kt ni logical
9 Thit lp v hu b knh o
10 in cc bit c vo gia cc khung
11 iu khin lung d liu lp lin kt logic
12 To v kim tra FCS
13 To v nhn dng bit c
14 To ra khung bo cha sn sng
15 To ra khung bo sn sng
68
16 To ra khung bo khung b t chi
17 Qun l cc bit D, M, Q trong gi tin
18 Qun l cc khung mc lin kt d liu
19 Qun l cc b nh thi mc 3
20 Qun l cc bit Poll/Final trong khung
21 Qun l cc b m s th t ca khung v
gi tin

22 Ghp cc knh logic
23 Qun l cc th tc khi ng mc 2 v 3
24 Nhn dng cc khung khng hp l
25 Tr li cc khung v gi tin bo cha sn
sang

26 Tr li cc khung v gi tin bo sn sng
27 Tr li cc khung v gi tin bo t chi
khung

28 nh du s ln phi truyn li
29 Chn thm v b cc bit 0 vo s liu
Bng chc nng trn cho thy Frame relay gim rt nhiu cc cng
vic khng cn thit cho thit b chuyn mch do gim gnh nng cng nh
thi gian x l cng vic cho cc nt mng, nh vy m lm gim thi gian tr
cho cc khung thng tin khi truyn trn mng.

Hnh 3.28: M hnh mng Frame Relay
C s to c mng Frame relay l cc thit b truy nhp mng
FRAD (Frame Relay Access Device), cc thit b mng FRND (Frame Relay
Network Device), ng ni gia cc thit b v mng trc Frame Relay.
Thit b FRAD c th l cc LAN bridge, LAN Router v.v...
69
Thit b FRND c th l cc Tng i chuyn mch khung (Frame) hay
tng i chuyn mch t bo (Cell Relay - chuyn ti tng hp cc t bo ca
cc dch v khc nhau nh m thanh, truyn s liu, video v.v..., mi t bo
di 53 byte, y l phng thc ca cng ngh ATM). ng kt ni gia cc
thit b l giao din chung cho FRAD v FRND, giao thc ngi dng v mng
hay gi F.R UNI (Frame Relay User Network Interface). Mng trc Frame
Relay cng tng t nh cc mng vin thng khc c nhiu tng i kt ni
vi nhau trn mng truyn dn, theo th tc ring ca mnh.
Cng ngh Frame Relay c mt u im c trng rt ln l cho php
ngi s dng dng tc cao hn mc h ng k trong mt khong thi
gian nht nh, c ngha l Frame Relay khng c nh rng bng cho tng
cuc gi mt m phn phi bng thng mt cch linh hot iu m X.25 v
thu knh ring khng c. V d ngi s dng hp ng s dng vi tc
64Kbps, khi h chuyn i mt lng thng tin qu ln, Frame Relay cho php
truyn chng tc cao hn 64Kbps. Hin tng ny c gi l bng n
Bursting.
Cc c im ca Frame Relay:
- Cung cp cc kt ni thng qua cc knh o c nh PVC. Khi c nhu
cu kt ni gia 2 im, nh cung cp dch v s thit lp cc thng s trn cc
node Frame Relay to ra cc knh o c nh gia 2 im. Khng nh X.25,
hng kt ni Frame Relay l c nh v khng th khi to bi ngi dng.
Khi c nhu cu kt ni n im ch khc, khch hng phi thu mi PVC n
im ch mi .
- CIR (Committed Information Rate): l tc truyn d liu m nh
cung cp dch v cam kt s m bo cho khch hng, iu c ngha l
khch hng s c m bo cung cp ng truyn vi ng tc yu cu.
CIR c gn lin vi vi cc PVC v c lp gia cc PVC khc nhau. Nu
tc nghn xy ra th khch hng vn truyn c vi tc yu cu khi k kt
hp ng.
- Frame Relay h tr truyn s liu khi c bng n s liu hay cn gi l
bursty, c ngha l lng thng tin c gi i trong thi gian ngn v vi
dung lng ln hn dung lng bnh thng. Ni cch khc, khi c mt nhu
cu truyn ti khi lng d liu ln, mng Frame Relay cho php c thc
hin truyn ti d liu vi tc ln hn tc CIR mua ca nh cung cp
dch v. iu ny m bo cho khch hng tit kim c chi ph m vn m
bo truyn d liu vi khi lng ln trong nhng iu kin cn thit m bo
lu thng thng tin. Truyn d liu bursty ch thc hin c khi khng c tc
nghn trn mng.
- Frame Relay khng s dng a ch nh danh nh X.25. phn bit
cc PVC, Frame Relay s dng DLCI, mi mt PVC c gn lin vi mt
DLCI. DLCI ch c tnh cht cc b c ngha l ch c ngha qun l trn
cng mt chuyn mch. Ni cch khc s DLCI ch cn l duy nht cho mi
PVC trn mt chuyn mch cn c th c cng s DLCI trn mt chuyn
mch khc.
70
- Frame Relay s dng giao thc LMI (Local Manegment Interface) l
giao thc qun l v trao i thng tin qun tr gia cc thit b mng FRND v
cc thit b kt ni FRAD.
- Cng nh X.25, Frame Relay l mi trng mng a truy nhp khng
qung b (multiaccess nonbroadcast media). Vn ny cn c ch khi s
dng vi cc giao thc nh tuyn.

Cc m hnh kt ni ca X.25 v Frame Relay
Khi s dng phng thc truyn thng X.25, m hnh kt ni c bn l
im-a im (point-to-multipoint) da trn tnh cht c bn ca X.25 l s
dng cc VC cho cc nhu cu truyn ti d liu.

Hnh 3.29: M hnh kt ni X.25
Frame Relay a dng hn v cc m hnh kt ni. Frame Relay s dng
cc PVC nh trc thc hin truyn ti d liu gia hai im, ngi ta chia
Frame Relay thnh cc cu hnh kt ni mng. Trong :
- Full mesh: l m hnh kt ni m trong bt c hai node mng no
cng c mt PVC lin kt gia chng. M hnh ny m bo tnh sn sng cho
ton b h thng mng, nu c mt hoc mt vi PVC c s c, cc PVC cn
li vn c th m bo cho kt ni mng gia cc node mng. Yu im ca
m hnh mng ny l chi ph thu cc PVC qu ln.
FRAME RELAY FRAME RELAY
FULL MESH HUB-SPOKE
FRAME RELAY
FULL MESH

Hnh 3.30: M hnh kt ni Frame Relay
- Hub-Spoke: l m hnh c mt im tp trung mi kt ni Frame Relay
ti cc im khc, cc trao i d liu gia 2 im bt k u phi i qua im
tp trung. M hnh ny c chi ph gim thiu nht nhng c yu im v vic
tp trung mi gnh nng ln im tp trung v nu c bt k s c trn mt
PVC no th s mt kh nng truyn ti d liu vi im thuc v PVC b s c
.
71
- Partial mesh: l m hnh c s dng nhiu nht, n l s lai ghp gia
hai m hnh trn, m bo chi ph v d phng cho cc im thit yu.

Cu hnh X.25 c bn
Cc lu trong cu hnh X.25
- X.25 l mt mi trng a truy nhp khng broadcast (multi access non
broadcast media) do phi lu khi s dng vi nh tuyn ng
- X.25 lm vic vi s khi to cc VC do khi thc hin cu hnh phi
thc hin cc th tc lin kt (map) v nh tuyn theo a ch
- Cc tham s cn lu
o ln gi tin (ips/ops)
o ln ca s iu khin lung (win/wout)
o S lng knh VC ti a cho chiu n / hai chiu / chiu i
(hic/htc/hoc)
o S lng VC dnh cho mt kt ni (nvc). Nn hn ch s lng
VC cho php kt ni n mt im trong gii hn hp l tng s VC cn
thit khng vt qu s VC ti a hin c (HTC)
o Khi thc hin cc lin kt (map) phi thc hin map a ch IP
ca pha i phng ti a ch X25 ca h
o Khi thc hin nh tuyn, phi thc hin nh tuyn vi a ch IP
next hop
o Cu hnh mng u ni X25 l cu hnh a im, a ch u ni
phi nm trong lp mng con cho s lng cc im

Hnh 3.31: M hnh kt ni X.25 c bn
!
interface Serial1/1
ip address 10.1.1.2 255.255.255.0
encapsulation x25
no ip mroute-cache
72
!--- a ch X.121 ca gn cho b nh tuyn 7000
x25 address 4522973407000
!--- Cc dng lnh di l cc tham s X.25
x25 ips 256
x25 ops 256
x25 htc 16
x25 win 7
x25 wout 7
!--- Dng lnh ny dng gn a ch IP ca b nh tuyn 2500 vi
!a ch X.121 ca n
x25 map ip 10.1.1.1 4522973402500
!
!

!
hostname 2500
!
interface Serial0
ip address 10.1.1.1 255.255.255.0
no ip mroute-cache
encapsulation x25
bandwidth 56
!--- a ch X.121 ca gn cho b nh tuyn 7000
x25 address 4522973402500
!--- Cc dng lnh di l cc tham s X.25
x25 ips 256
x25 ops 256
x25 htc 16
x25 win 7
x25 wout 7
!--- Dng lnh ny dng gn a ch IP ca b nh tuyn 7000 vi
!a ch X.121 ca n
x25 map ip 10.1.1.1 4522973407000!
- Gim st:
o Show interfaces serial 0: dng kim tra trng thi
o Show x25 vc: hin th thng tin kt ni X.25
o Show x25 map: hin th cc lin kt hin c ca FR

73
Cu hnh Frame Relay c bn
Cc lu trong cu hnh Frame Relay:
- Frame Relay l mt mi trng a truy nhp khng broadcast (multi
access non broadcast media) do phi lu khi s dng vi nh tuyn ng
- Khi s dng nh tuyn ng giao thc nh tuyn vector nh RIP,
IGRP phi n lut Split Horizon. Lut Split Horizon l lut khng cho
php cc thng tin nh tuyn va i vo mt giao tip i tr ra chnh giao tip
trnh vic cp nht sai cc thng tin v nh tuyn dn n vic vng i
vng li ca cc thng tin nh tuyn. Vn ny c t ra do c nhiu PVC
cng chy trn mt giao tip vt l.
- Gim st:
o Show interfaces serial 0: dng kim tra DLCI, LMI
o Show frame-relay lmi: hin th thng tin tng hp v LMI
o Show frame-relay map: hin th cc lin kt hin c ca FR
o Show frame-relay pvc: hin th cc thng s ca PVC
o Show frame-relay traffic: hin th traffic

Hnh 3.34: M hnh kt ni Frame Relay c bn

- bt u cu hnh mng:
o Router> enable
o Password: ******
o Router# config terminale
o Router(config)#
- Thc hin t tn, cc mt khu, cu hnh cho php telnet v cc iu
kin cn thit trc khi cu hnh cc giao din
- Cu hnh
o Spicey(config)# interface serial 0
o Spicey(config-if)# encapsolation frame-relay
- Xc nh giao thc qun tr LMI. Giao thc qun tr LMI nht thit phi
c m bo vic trao i thng tin hai chiu gia thit b u cui v thit b
mng Frame Relay. LMI hot ng nh mt thng bo keepalive.
74
o Spicey(config-if)# frame-relay lmi-type cisco
- Gn DLCI c cp cho giao tip.
o Spicey(config-if)# frame-relay interface-dlci 140
- t a ch IP cho giao tip kt ni leased-line
o Spicey(config-if)# ip address 3.1.3.1 255.255.255.0
o Spicey(config-if)# no shutdown
o Spicey(config-if)# exit
- S dng nh tuyn ng RIP
o Spicey(config)# router rip
o Spicey(config-router)# network 3.0.0.0
o Spicey(config-router)# end
o Spicey# write memory
- Thc hin cc phn vic cn li ti cc b nh tuyn khc, ch v
giao thc c s dng kim tra, gim st cc kt ni.

Cu hnh b nh tuyn Spicey

Current configuration : 1705 bytes
!
version 12.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Spicey
!
interface Ethernet0
ip address 124.124.124.1 255.255.255.0
!
interface Serial0
ip address 3.1.3.1 255.255.255.0
encapsulation frame-relay
frame-relay interface-dlci 140
!
!
router rip
network 3.0.0.0
network 124.0.0.0
75
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end
Hnh 3.35: Cu hnh ca b nh tuyn Spicey

Cu hnh b nh tuyn Prasit

!
version 12.1
!
hostname Prasit
!
!
!
interface Ethernet0
ip address 123.123.123.1 255.255.255.0
!
!
interface Serial1
ip address 3.1.3.2 255.255.255.0
!
!
router rip
network 3.0.0.0
network 123.0.0.0
!
!
line con 0
exec-timeout 0 0
76
line aux 0
line vty 0 4
login
!
end
Hnh 3.36: Cu hnh ca b nh tuyn Prasit

Hnh 3.37: M hnh kt ni Frame Relay Hub-Spoke

- Cu hnh
o Spicey(config)# interface serial 0
o Spicey(config-if)# encapsolation frame-relay
- Xc nh giao thc qun tr LMI. Lu trong v d ny c s dng mt
chun kt ni LMI khc. Chun kt ni LMI khng c gi tr ton cc m ch
c gi tr ti giao tip ca thit b u cui vi mng Frame Relay. Trong cu
hnh ca cc b nh tuyn khc vn s dng LMI chun cisco.
o Spicey(config-if)# frame-relay lmi-type ansi
o Spicey(config-if)# no shutdown
- Trong v d ny, s dng giao tip con, subinterface, nn khng t a ch
cho giao tip thc, physical interface.
- Cu hnh giao tip con. Giao tip con phi s dng mt trong hai la chn
l point-to-point hoc multipoint, y s dng point-to-point cho giao tip
con s0.1 v multipoint cho giao tip con s0.2.
o Spicey(config-if)# interface serial 0.1 point-to-point
- Hoc
o Spicey(config-if)# exit
o Spicey(config)# interface serial 0.1 point-to-point
77
- Gn DLCI c cp cho giao tip. DLCI 140 l DLCI gn vi PVC ni
gia Spicey v Prasit, cn DLCI 130 gn vi PVC ni ti Aton.
- Xc lp a ch IP cho giao tip con th nht
o Spicey(config-subif)# ip address 4.0.1.1 255.255.255.0
o Spicey(config-subif)# exit
- Cu hnh giao tip con th hai ti Aton
o Spicey(config)# interface serial 0.2 multipoint
- Gn DLCI c cp cho giao tip l DLCI 130
- Xc lp a ch IP cho giao tip con th 2
o Spicey(config-subif)# ip address 3.1.3.1 255.255.255.0
o Spicey(config-subif)# exit
- S dng nh tuyn ng RIP
o Spicey(config)# router rip
o Spicey(config-router)# end
o Spicey# write memory
- Thc hin cc phn vic cn li ti cc b nh tuyn khc, ch v giao
thc c s dng kim tra, gim st cc kt ni.

Cu hnh b nh tuyn Spicey

Spicey#show running-config
Building configuration...
!
version 12.1
!
hostname Spicey
!
!
interface Ethernet0
ip address 124.124.124.1 255.255.255.0
!
78
interface Serial0
no ip address
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
ip address 4.0.1.1 255.255.255.0
!
interface Serial0.2 multipoint
ip address 3.1.3.1 255.255.255.0
!
router igrp 2
network 3.0.0.0
network 4.0.0.0
network 124.0.0.0
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end
Hnh 3.38: Cu hnh ca b nh tuyn Spicey

Cu hnh b nh tuyn Prasit

Prasit#show running-config

version 12.1
!
hostname Prasit
!
interface Ethernet0
ip address 123.123.123.1 255.255.255.0
79
!
interface Serial1
no ip address
!
!--- LMI cisco l mc nh nn khng th hin trong cu hnh
!--- Prasit v Spicey s dng 2 kiu LMI khc nhau
!--- B nh tuyn ti Prasit s dng giao tip con point-to-point
interface Serial1.1 point-to-point
ip address 4.0.1.2 255.255.255.0
!
router igrp 2
network 4.0.0.0
network 123.0.0.0
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end
Hnh 3.39: Cu hnh ca b nh tuyn Prasit

Cu hnh b nh tuyn Aton

Aton#show running-config

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
!
hostname Aton
!
!
!
80
interface Ethernet0
ip address 122.122.122.1 255.255.255.0
!
interface Serial1
ip address 3.1.3.3 255.255.255.0
frame-relay lmi-type q933a
!--- Aton c kiu LMI khc hai b nh tuyn kia
!--- Aton khng s dng giao tip con. Giao tip con cn xc nh
!l point-to-point hay multipoint b nh tuyn trung tm
!cn cc b nh tuyn cn li c th dng giao tip con
!point-to-point hay giao tip thc, physical interface
!
router igrp 2
network 3.0.0.0
network 122.0.0.0
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end
Hnh 3.40: Cu hnh ca b nh tuyn Aton

4.3. Cu hnh Dial-up
Gii thiu quay s
Kt ni quay s cho php s dng ng in thoi kt ni trao i
d liu. Tc ca kt ni quay s l khng cao v ch c th p ng c
cho cc ng dng khng yu cu v bng thng cng nh thi gian tr.
Kt ni quay s s dng modem V34, V90 l ph bin. Tc truyn
d liu ln mng v ti d liu v ti a l 33,6Kbps. c th thc hin ti v
vi tc ln hn, ti 56Kbps, b nh tuyn ng vai tr im truy nhp phi
c kt ni thu bao dng s v dng modem s.
i vi cc doanh nghip nh, vic xc thc ngi dng c th thc
hin bng cch khai bo d liu trc tip trn b nh tuyn. Cch s dng ny
khng thch hp cho cc doanh nghip va v ln hay cc doanh nghip cn c
s qun l cht ch ngi dng mt cch h thng. Lc ny cn thit c cc h
81
thng qun l ngi dng. Cc b nh tuyn ca Cisco cho php s dng hai
chun xc thc TACACS+ v RADIUS.

M hnh s dng quay s

Hnh 3.41: Cu hnh ca b nh tuyn Aton

Cu hnh quay s c bn
Danh mc cng vic:
- Cu hnh giao tip khng ng b Async
- Cu hnh giao tip iu khin modem
- Cu hnh xc thc
- Gim st
o Router#show interface Async 1
o Router#show line 1
o Router#debug ppp authentication

Cu hnh quay s c bn

!
version 12.2
service timestamps log uptime
!
hostname cisco3640
!
boot system flash:c3640-i-mz.122-8.T
82
enable secret 5 < xa>
!
! -- Tn truy nhp cho xc thc ngi dng cc b
username abc password 0 abc
!
ip subnet-zero
!
no ip domain-lookup
ip domain-name cisco.com
!
! -- Xc nh a ch my ch DNS cho cc my trm quay s
async-bootp DNS-server 5.5.5.1 5.5.5.2
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet2/0
ip address 20.20.20.1 255.255.255.0
half-duplex
!
! <<--cc giao tip khng dng c b i
!
!--- Giao tip Group-Async1 cu hnh cho tt c cc cc modem
!--- khng cn cu hnh ring r tng modem
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
dialer in-band
!--- Xc lp thi gian khng s dng l 10 pht
!--- sau thi gian ny, b nh tuyn s t ng ct kt ni
dialer idle-timeout 600
!--- nh ngha cc loi hnh d liu c dng
!--- thng qua cu hnh dialer-group v dialer-list
dialer-group 1
!--- Ch interative cho php ngi dng s dng nhiu giao thc
!--- khng cho php ngi dng thit lp cc kt ni n b nh
tuyn s dng ch dedicated
async mode interactive
!--- Cc my trm khi quay s vo s c cp a ch IP
!--- c qui nh trong DIALIN
peer default ip address pool DIALIN
ppp authentication chap
83
!--- Xc lp cc modem t line 1 n line 8 thuc v nhm ny
group-range 1 8
!
ip local pool DIALIN 10.1.1.1 10.1.1.10
ip classless
ip route 0.0.0.0 0.0.0.0 20.20.20.100
ip http server
ip pim bidir-enable
!
!--- Dng lnh sau cho php giao thc IP l giao thc hot ng
!--- nu khng c cc d liu IP i qua sau khong thi gian 10 pht
!--- ng kt ni s b ct
dialer-list 1 protocol ip permit
!
line con 0
password abc
line 1 8
!--- Dng lnh di cho php modem quay vo v quay ra
modem InOut
transport input all
autoselect ppp
flowcontrol hardware
line aux 0
line vty 0 4
login
!
!
end

Hnh 3.42: Cu hnh quay s c bn

4.4. nh tuyn tnh v ng
S lc v nh tuyn
Chc nng xc nh ng dn cho php b nh tuyn c lng cc
ng dn kh thi n ch v thit lp s kim sot cc gi tin. B nh
tuyn s dng cc cu hnh mng nh gi cc ng dn mng. Thng tin
ny c th c cu hnh bi ngi qun tr mng hay c thu thp thng qua
qu trnh x l ng c thc thi trn mng.
Lp mng dng bng nh tuyn IP gi cc gi tin t mng ngun
n mng ch. B nh tuyn da vo cc thng tin c gi trong bng nh
tuyn quyt nh truyn ti cc gi tin theo cc giao tip thch hp.

84

Hnh 3.43: S dng bng nh tuyn truyn ti cc gi tin

Mt bng nh tuyn IP bao gm cc a ch mng ch, a ch ca
im cn i qua, gi tr nh tuyn v giao tip thc hin vic truyn ti. Khi
khng c thng tin v mng ch, b nh tuyn s gi cc gi tin theo mt
ng dn mc nh c cu hnh trn b nh tuyn, nu ng dn khng
tn ti, b nh tuyn t ng loi b gi tin.
C hai phng thc nh tuyn l:
- nh tuyn tnh (static routing): l cch nh tuyn khng s dng cc giao
thc nh tuyn. Cc nh tuyn n mt mng ch s c thc hin mt
cch c nh khng thay i trn mi b nh tuyn. Mi khi thc hin vic
thm hay bt cc mng, phi thc hin thay i cu hnh trn mi b nh
tuyn.
- nh tuyn ng (dynamic routing): l vic s dng cc giao thc nh
tuyn thc hin xy dng nn cc bng nh tuyn trn cc b nh tuyn.
Cc b nh tuyn thng qua cc giao thc nh tuyn s t ng trao i cc
thng tin nh tuyn, cc bng nh tuyn vi nhau. Mi khi c s thay i v
mng, ch cn khai bo thng tin mng mi trn b nh tuyn qun l trc tip
mng mi m khng cn phi khai bo li trn mi b nh tuyn. Mt s
giao thc nh tuyn ng c s dng l RIP, RIPv2, OSPF, EIGRP v.v...
Gi tr nh tuyn c xy dng ty theo cc giao thc nh tuyn khc
nhau. Gi tr nh tuyn ca cc kt ni trc tip v nh tuyn tnh c gi tr
nh nht bng 0, i vi nh tuyn ng th gi tr nh tuyn c tnh ton
ty thuc v tng giao thc c th. Gi tr nh tuyn c th hin trong bng
nh tuyn l gi tr nh tuyn tt nht c b nh tuyn tnh ton v xy
dng nn trn c s cc giao thc nh tuyn c cu hnh v gi tr nh
tuyn ca tng giao thc.
Cc giao thc nh tuyn ng c chia thnh 2 nhm chnh:
- Cc giao thc nh tuyn khong cch vc t (distance-vecto, sau y
c gi tt l nh tuyn vect): da vo cc gii thut nh tuyn c c s
hot ng l khong cch vc t.
Theo nh k cc b nh tuyn chuyn ton b cc thng tin c trong
bng nh tuyn n cc b nh tuyn lng ging u ni trc tip vi n v
85
cng theo nh k nhn cc bng nh tuyn t cc b nh tuyn lng ging.
Sau khi nhn c cc bng nh tuyn t cc b nh tuyn lng ging, b
nh tuyn s so snh vi bng nh tuyn hin c v quyt nh v vic xy
dng li bng nh tuyn theo thut ton ca tng giao thc hay khng. Trong
trng hp phi xy dng li, b nh tuyn sau s gi bng nh tuyn mi
cho cc lng ging v cc lng ging li thc hin cc cng vic tng t. Cc
b nh tuyn t xc nh cc lng ging trn c s thut ton v cc thng tin
thu lm t mng.
T vic cn thit phi gi cc bng nh tuyn mi li cho cc lng
ging v cc lng ging sau khi xy dng li bng nh tuyn li gi tr li
bng nh tuyn mi, nh tuyn thnh vng c th xy ra nu s hi v trng
thi bn vng ca mng din ra chm trn mt cu hnh mi. Cc b nh tuyn
s dng cc k thut b m nh thi m bo khng ny sinh vic xy
dng mt bng nh tuyn sai. C th din gii iu nh sau:
o Khi mt b nh tuyn nhn mt cp nht t mt lng ging ch rng
mt mng c th truy xut trc y, nay khng th truy xut c na, b
nh tuyn nh du tuyn l khng th truy xut v khi ng mt b nh
thi.
o Nu ti bt c thi im no m trc khi b nh thi ht hn mt cp
nht c tip nhn cng t lng ging ch ra rng mng c truy xut
tr li, b nh tuyn nh du l mng c th truy xut v gii phng b nh
thi.
o Nu mt cp nht n t mt b nh tuyn lng ging khc vi gi tr
nh tuyn tt hn gi tr nh tuyn c ghi cho mng ny, b nh tuyn
nh du mng c th truy xut v gii phng b nh thi. Nu gi tr nh
tuyn ti hn, cp nht c b qua.
o Khi b nh thi c m v 0, gi tr nh tuyn mi c xc lp, b
nh tuyn c bng nh tuyn mi.
- Cc giao thc nh tuyn trng thi ng (link-state, gi tt l nh
tuyn trng thi): Gii thut c bn th hai c dng cho nh tuyn l gii
thut 1ink-state. Cc gii thut nh tuyn trng thi, cng c gi l SPF
(shortest path first, chn ng dn ngn nht), duy tr mt c s d liu phc
tp cha thng tin v cu hnh mng.
- Trong khi gii thut vect khng c thng tin c bit g v cc mng
xa v cng khng bit cc b nh tuyn xa, gii thut nh tuyn trng thi
bit c y v cc b nh tuyn xa v bit c chng lin kt vi
nhau nh th no.
Giao thc nh tuyn trng thi s dng:
o Cc thng bo v trng thi lin kt: LSA (Link State Advertisements).
o Mt c s d liu v cu hnh mng.
o Gii thut SPF, v cy SPF sau cng.
o Mt bng nh tuyn lin h cc ng dn v cc cng n tng mng.
86
Hot ng tm hiu khm ph mng trong nh tuyn trng thi c thc
hin nh sau:
o Cc b nh tuyn trao i cc LSA cho nhau. Mi b nh tuyn bt
u vi cc mng c kt ni trc tip ly thng tin.
o Mi b nh tuyn ng thi vi cc b nh tuyn khc tin hnh xy
dng mt c s d liu v cu hnh mng bao gm tt c cc LSA n t lin
mng.
o Gii thut SPF tnh ton mng c th t n. B nh tuyn xy dng
cu hnh mng lun l ny nh mt cy, t n l gc, gm tt c cc ng dn
c th n mi mng trong ton b mng ang chy giao thc nh tuyn trng
thi. Sau , n sp xp cc ng dn ny theo chin lc chn ng dn
ngn nht.
o B nh tuyn lit k cc ng dn tt nht ca n, v cc cng dn
n cc mng ch, trong bng nh tuyn ca n. N cng duy tr cc c s d
liu khc v cc phn t cu hnh mng v cc chi tit v hin trng ca mng.
Khi c thay i v cu hnh mng, b nh tuyn u tin nhn bit c s
thay i ny gi thng tin n cc b nh tuyn khc hay n mt b nh
tuyn nh trc c gn l tham chiu cho tt c cc cc b nh tuyn trn
mng lm cn c cp nht.
o Theo di cc lng ging ca n, xem xt c hot ng hay khng, v gi
tr nh tuyn n lng ging .
o To mt gi LSA trong lit k tn ca tt c cc b nh tuyn lng
ging v cc gi tr nh tuyn i vi cc lng ging mi, cc thay i trong
gi tr nh tuyn, v cc lin kt dn n cc lng ging c ghi.

o Gi gi LSA ny i sao cho tt c cc b nh tuyn u nhn c.
o Khi nhn mt gi LSA, ghi gi LSA vo c s d liu sao cho cp
nht gi LSA mi nht c pht ra t mi b nh tuyn.
o Hon thnh bn ca lin mng bng cch dng d liu t cc gi
LSA tch ly c v sau tnh ton cc tuyn dn n tt c cc mng khc
s dng thut ton SPF.
C hai vn lu i vi giao thc nh tuyn trng thi:
o Hot ng ca cc giao thc nh tuyn trng thi trong hu ht cc
trng hp u yu cu cc b nh tuyn dng nhiu b nh v thc thi nhiu
hn so vi cc giao thc nh tuyn theo vect. Cc yu cu ny xut pht t
vic cn thit phi lu tr thng tin ca tt c cc lng ging, c s d liu
mng n t cc ni khc v vic thc thi cc thut ton nh tuyn trng thi.
Ngi qun l mng phi m bo rng cc b nh tuyn m h chn c kh
nng cung cp cc ti nguyn cn thit ny.
o Cc nhu cu v bng thng cn phi tiu tn khi ng s pht tn
gi trng thi. Trong khi khi ng qu trnh khm ph, tt c cc b nh
tuyn dng cc giao thc nh tuyn trng thi gi cc gi LSA n tt c
87
cc b nh tuyn khc. Hnh ng ny lm trn ngp mng khi m cc b nh
tuyn ng lot yu cu bng thng v tm thi lm gim lng bng thng
kh dng dng cho lu lng d liu thc c nh tuyn. Sau khi ng pht
tn ny, cc giao thc nh tuyn trng thi thng ch yu cu mt lng bng
thng ti thiu gi cc gi LSA kch hot s kin khng thng xuyn nhm
phn nh s thay i ca cu hnh mng.
- V mt nhm giao thc th 3 l nhm cc giao thc nh tuyn lai
ghp gia 2 nhm trn hay ni cch khc c cc tnh cht ca c hai nhm giao
thc trn.

Cc giao thc nh tuyn
Bng 3-10:Cc giao thc nh tuyn
Cc c trng RIPv1 RIPv2 IRGP EIGRP OSPF
Khong cch vect X X x x
Trng thi ng x
T ng tm tt nh
tuyn
X X x x
H tr VLSM
1
X x x
Tng thch vi sn
phm th ba
X X X
Thch hp Nh Nh Va Ln Ln
Thi gian hi t v
trng thi cn bng
Chm Chm Chm Nhanh Nhanh
Gi tr nh tuyn hop
count
2

hop
count
~
BW
3
+D
4
~
BW+D
~
10E8/BW
Gii hn hop count 15 15 100 100
Cn bng ti cng gi
tr nh tuyn
X X x x X

1
VLSM (Vary Length Subnet Mask): h tr nh tuyn cho cc mng con subnetmask c di
thay i hay ni cch khc thng tin v subnetmask bao gm trong bng nh tuyn
2
Hop count: c tnh bng s cc im node mng m gi tin phi i qua t im ny n im
kia hay chnh bng s cc b nh tuyn m gi tin phi i qua
3
BW (bandwitch): bng thng
4
D (delay): tr
88
Cn bng ti khng
cng gi tr nh tuyn
x x
Thut ton Bellman-
Ford
Bellman-
Ford
Bellman-
Ford
DUAL Dijkstra

Cu hnh nh tuyn ng c bn vi RIP
Mt s lu khi cu hnh nh tuyn ng vi RIP
- RIP gi cc thng tin cp nht theo cc chu k nh trc, gi tr mc
nh l 30 giy, v khi c s thay i bng nh tuyn.
- RIP s dng s m cc node (hop count) lm gi tr nh gi cht
lng ca nh tuyn (metric). RIP ch gi duy nht nh tuyn c gi tr nh
tuyn thp nht.
- Gi tr hop count ti a cho php l 15.
- RIP s dng cc b m thi gian cho vic thc hin gi cc thng tin
cp nht, xo b mt nh tuyn trong bng cng nh iu khin cc qu
trnh to lp bng nh tuyn, trnh loop vng.
- RIPv1: Classfull: khng c thng tin v subnetmask
- RIPv2: Classless: c thng tin v subnetmask
Cu hnh nh tuyn vi RIP:
- Cho php giao thc nh tuyn RIP hot ng trn b nh tuyn.
o Router(config)#router rip
- Thit lp cc cu hnh mng. Network l nhm mng tnh theo lp mng c
bn ang c cc giao tip trc tip trn b nh tuyn.
o Router(config-router)#network 192.168.100.0
- Trong trng hp s dng RIP vi cc mng khng phi l mng broadcast
nh X.25, Frame Relay cn thit cu hnh RIP vi cc a ch Unicast l cc a
ch m RIP s gi ti cc thng tin cp nht
o Router(config-router)#neighbor 192.168.113.1
o Router(config-router)#neighbor 192.168.113.5
- Tu theo iu kin c th v h tng mng c th thay i chu k cp nht
thng tin, cc nh ngha thi gian khc cho ph hp.
o Router(config-router)# timers basic update invalid holddown flush
[sleeptime]
- Cc thay i khc.
o Router(config-router)# version {1 | 2}
o Router(config-router)# ip rip authentication key-chain name-of-
chain
o Router(config-router)# ip rip authentication mode {text | md5}
89
- Gim st.
o show ip interfaces
o show ip rip

Cu hnh b nh tuyn vi RIP

version 12.1
!
hostname Prasit
!
interface Ethernet0
ip address 123.123.123.1 255.255.255.0
!
interface Serial1
ip address 3.1.3.2 255.255.255.0
!
router rip
network 3.0.0.0
network 123.0.0.0
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
end
Hnh 3.44: Cu hnh ca b nh tuyn vi RIP

5. B chuyn mch lp 3
5.1. Tng quan v kin trc b chuyn mch lp 3
Tng quan
B chuyn mch lp 3 l mt trong cc thit b mng c pht trin mi trn
cc cng ngh ngy cng tin tin. B chuyn mch lp 3, nh tn gi ca n,
bao gm cc chc nng x l gi tin hot ng trn lp 3, lp mng, trong m
hnh 7 lp OSI, thc hin cc chc nng nh tuyn v x l gi tin tng t b
nh tuyn ng thi thc hin chuyn mch gi tin lp 2 nh cc b chuyn
90
mch lp 2, khc hn vi th h trc y ca n ch thc hin cc x l
chuyn mch gi tin lp 2 cn c trn cc a ch MAC ca gi tin.
Khi nhn c gi tin, b nh tuyn s thc hin xem xt cc thng tin lp 3
ca gi tin la chn ng i cho gi tin cn b chuyn mch th ch cn c
vo a ch lp 2, a ch MAC, thc hin chuyn gi tin. S khc nhau c
bn gia b nh tuyn v b chuyn mch lp 3 l b chuyn mch lp 3 c
cu thnh t cc phn cng chuyn dng c thit k ring cho b chuyn
mch cho php thc hin cc chuyn mch gi tin nhanh nh cc chuyn mch
lp 2, iu khng c cc b nh tuyn, trong khi vn c kh nng x l nh
tuyn cc gi tin vi chc nng tng t nh b nh tuyn.
Trong mi trng LAN, b chuyn mch lp 3 c nh gi l nhanh hn so
vi b nh tuyn v lm tng nng lc hot ng ca mng trn c s nng lc
chuyn mch v nh tuyn ca n. Tuy nhin, b chuyn mch lp 3 khng
th thay th hon ton cho b nh tuyn do c trng LAN ca b chuyn
mch lp 3 v khng hot ng trn mi trng a giao thc nh b nh
tuyn.
Chc nng v kin trc ca b chuyn mch lp 3 cng tng t nh b nh
tuyn v bao gm:
- Chuyn mch gi tin
- Cc hot ng nh tuyn
- Tnh nng mng thng minh
Chuyn mch gi tin
Chuyn mch gi tin l chc nng c bn chnh ca b chuyn mch lp 3.
iu khc nhau c bn gia b nh tuyn v b chuyn mch lp 3 chnh l b
nh tuyn dng b x l trung tm thc hin cc x l chuyn mch gi tin
cn b chuyn mch lp 3 dng cc thnh phn phn cng c thit k
chuyn dng ASIC (Application Specific Integrated Circuit).
Thnh phn chc nng chuyn mch gi tin ca b chuyn mch thc hin cc
cng vic kim tra a ch gi tin, so snh vi thng tin lu tr v thc hin
truyn ti chng theo hng xc nh. Chng ng thi cng thc hin cc x
l lp di tng t b nh tuyn vi vic gn li cc a ch MAC, gim s
m TTL... Chc nng chuyn mch gi tin cng thc hin php so snh ng
nht la chn ng i ng khi c nhiu hn mt kh nng la chn.
Cc hot ng nh tuyn
Hot ng nh tuyn l mt hot ng c lp khc so vi hot ng chuyn
mch gi tin. B nh tuyn cng nh b chuyn mch lp 3 qun l v iu
hnh cc thng tin nh tuyn, xy dng, cp nht v trao i chng thng qua
cc giao thc nh tuyn mi khi c s thay i v mng nh li ng, thm
mi hay cp nht thit b...
Cng nh cc b nh tuyn, b chuyn mch lp 3 hot ng vi hu ht cc
giao thc nh tuyn ng hin c.
Tnh nng mng thng minh
91
Cc tnh nng qun tr, cp pht ng, cc tnh nng nh tuyn thng minh,
cc tnh nng bo mt, xc thc cng c thit k v xy dng trn b nh
tuyn lp 3 qua d dng cho ngi qun tr thc hin vic xy dng, qun tr
v pht trin mng.

5.2. nh tuyn trn b chuyn mch lp 3
VLAN
VLAN l khi nim ch mt mng LAN c lp mt cch logic vi nhau. V
thc cht, tt c cc thit b mng c u ni v hot ng trn cng mt mi
trng vt l, h tng mng chung v hnh thnh mt cch logic cc mng LAN
trn mi trng da trn cc thit t nhn dng c lp vi nhau i vi
mi nhm thnh vin. Ni cch khc, mi cng kt ni ca cc b chuyn
mch c nh ngha thuc v mt nhm lm vic (VLAN) no v hnh
thnh cc kh nng c lp tch ri ca cc nhm lm vic vi nhau. Cc
gi tin ca mt VLAN ch c lu chuyn ti cc cng trong cng VLAN m
khng c lu chuyn n cc cng khc VLAN tr cng c nh ngha l
trung k ca cc VLAN. Khc vi LAN, VLAN khng b gii hn v phm vi
a l c th m ch ph thuc vo nhu cu v hnh thc trin khai.
VLAN Trunking l khi nim c dng ch vic kt ni gia cc b
chuyn mch vi nhau m qua cho php cc gi tin ca tt c cc VLAN
c truyn qua.
VLAN c cu hnh ti lp 2 cho php phn nh cc nhm thit b my tnh
c lp logic vi nhau, cc nhu cu trao i d liu gia cc thit b khc
VLAN phi c thc hin bi cc thit b hot ng lp 3 nh b chuyn
mch lp 3 hay cc b nh tuyn.
Cc giao thc v m hnh kt ni VLAN xin xem thm trong cc gio trnh v
mng ni b LAN.
Cu trc x l nh tuyn
Nh ni phn trc, b chuyn mch lp 3 ng thi thc hin cc chc
nng chuyn mch v chc nng nh tuyn. B chuyn mch lp 3 cho php
cc thit b thuc v cc nhm mng khc nhau, cc VLAN khc nhau c th
kt ni c vi nhau.
y cn phn bit cc nhu cu kt ni trao i d liu khc nhau trong
bao gm:
- Cc nhu cu kt ni trao i d liu trn cc mng s dng nhm giao
thc mng nh tuyn c nh IP, IPX.
- Cc nhu cu kt ni trao i d liu trn cc mng s dng nhm giao
thc mng khng nh tuyn c nh NetBEUI, AppleTalk.
i vi nhm giao thc khng nh tuyn c, b chuyn mch x l chng
bng nhm cc giao thc cu ni (bridge). Cc giao thc nh tuyn c s
c x l tng t nh mt b nh tuyn. B chuyn mch lp 3 h tr nh
92
tuyn - cu ni kt hp, nh tuyn gia cc VLAN, cc chuyn mch nhiu
lp.
Chuyn mch v nh tuyn kt hp
Cho php b chuyn mch chuyn cc gi tin thuc nhm cc giao thc khng
nh tuyn c gia cc cng c cu hnh ch cu ni ng thi cho
php chuyn cc gi tin thuc nhm nh tuyn c qua li gia cc cng
thuc v cc VLAN s dng cho nhm cc giao thc nh tuyn c. Giao
thc chuyn mch v nh tuyn kt hp ch thc hin x l nh hng cc
gi tin trn cng mt thit b chuyn mch.
nh tuyn gia cc VLAN
Vic nh tuyn gia cc VLAN c thc hin trn cc b chuyn mch lp
3, thng qua cc module nh tuyn lp 3 hoc thc hin trn cc b chuyn
mch. B chuyn mch lp 3 h tr cc giao thc nh tuyn tnh, nh tuyn
ng RIP, OSPF, IGRP, EIGRP.

5.3. S lc v cc b chuyn mch lp 3 thng dng ca Cisco
B chuyn mch lp 3 Cisco 2948G-L3

Hnh 3.45: B chuyn mch lp 3 Cisco 2948G-L3

- 48 cng 10/100 Ethernet, giao din RJ45
- 02 cng uplink Gigabit Ethernet h tr GBIC (Gigabit Interface
Converter) cho php la chn cc giao din khc nhau ph hp vi nhu
cu s dng cng kt ni Gigabit
- Tc chuyn mch lp 3: 10.000 gi tin/giy
- Thng lng: 22Gbit/giy
- H tr IP, IPX, IP multicast
- Chc nng nh tuyn lp 3: RIP, OSPF, IGRP, EIGRP
- Chc nng chuyn i d phng, h tr trung chuyn giao thc cp a
ch ng
- H tr QoS
- Chc nng an ninh mng vi danh sch truy nhp ACL
B chuyn mch lp 3 Cisco 3550
93

Hnh 3.46: Cc b chuyn mch lp 3 Cisco 3550

Loi chuyn mch S cng 10/100 S cng Gigabit
Catalyst 3550-24 Switch 24 2 (GBIC)
Catalyst 3550-24 PWR
Switch
24 (cho php cp
ngun qua cp
mng n cc
thit b khc nh
thit b im truy
cp khng dy)
2 (GBIC)
Catalyst 3550-24-DC Switch 24 2 (GBIC)
Catalyst 3550-24-FX Switch 24 (cng quang
tc 100Mbps)
2 (GBIC)
Catalyst 3550-48 Switch 48 2 (GBIC)
Catalyst 3550-12G Switch 10 (GBIC)
2 (10/100/1000BASE-T)
Catalyst 3550-12T switch 10 (10/100/1000BASE-T)
2 (GBIC)
- Nng lc x l cao:
o CEF: Cisco Express Forwarding
o Cc giao thc nh tuyn: RIP, OSPF, IGRP, EIGRP, BGPv4
o Inter-VLAN IP routing
o Cc giao thc nh tuyn multicast
o Cc giao thc chuyn i d phng
- Ti u bng thng:
o 1,6 Gigabit cho cng 10/100 v 16 Gigabit cho cng Gigabit
o Chc nng lm vic vi my ch cache theo giao thc WCCP
o Kh nng hn ch tc theo tng ng dng, nhm ngi dng
94
- D dng s dng v khai thc
- An ton v bo mt
o Xc thc ngi dng vi cc h thng qun tr tp trung
TACACS+, RADIUS
o M ha SSH, Kerberos
o Cc tnh nng xc thc thit b
o VLAN
- D dng thc hin QoS vi cc mc a dng v linh hot.
- Qun tr t xa v tp trung. Tng thch vi cc h thng qun tr thng
dng.
Ngoi ra cn c cc b chuyn mch lp 3 ca Cisco vi cc dng 4000, 6000..

6. Bi tp thc hnh s dng b nh tuyn Cisco
Bi 1: Thc hnh nhn din thit b, u ni thit b
Yu cu:
- Nhn din ng cc chng loi thit b
- Nhn din cc giao tip ca b nh tuyn, ngha v mc ch s dng
- Bit cch s dng cc loi cp vi tng loi thit b, giao tip khc nhau
- Bit u ni b nh tuyn vi nhau v vi cc thit b modem khc
- S dng phn mm HyperTerminal kt ni vi b nh tuyn
Bi 2: Thc hnh cc lnh c bn
- Cc lnh show
- Lnh config
Yu cu:
- Nm vng v s dng thnh tho cc lnh kim tra v cc lnh cu hnh
c bn
Bi 3: Cu hnh b nh tuyn vi m hnh u ni leased-line
- Cu hnh Interface
- Cu hnh giao thc
- Cu hnh nh tuyn
Yu cu:
- S dng thit b phng lab cu hnh mt kt ni leased-line cho php kt
ni 2 mng vi nhau.
- Vn dng cc kin thc hc kim sot v x l s c.
Bi 4: Cu hnh b nh tuyn vi Dial-up
- Cu hnh line vt l
95
- Cu hnh async interface
- Cu hnh nh tuyn
- Cu hnh xc thc
Yu cu:
- S dng thit b phng lab cu hnh mt im truy nhp gin tip quay
s qua thoi.
- Vn dng cc kin thc hc kim sot v x l s c.

Thit b phng lab
- 02 b nh tuyn 2509 (leased-line v async) hoc tng ng
- 02 modem leased-line CSU/DSU dng cho kt ni leased-line
- 02 cp V.35 DTE
- 04 modem dial-up 56kbps
- 02 cp Async dng cho kt ni modem 56kbps
- Phn mm gi lp b nh tuyn (router simulator)
- 02 my tnh dng cu hnh trc tip cc b nh tuyn
- cc my tnh thc hnh trn phn mm gi lp b nh tuyn
- 04 ng in thoi

Chng 4 - H thng tn min DNS
96
Chng 4
H thng tn min DNS

Chng 4 s tp trung nghin cu v h thng tn min l mt h thng
nh danh ph bin trn mng TCP/IP ni chung v c bit l mng Internet.
H thng tn min ti quan trng cho s pht trin ca cc ng dng ph bin
nh th tn in t, web...Cu trc h thng tn min, cu trc v ngha ca
cc trng tn min cng nh cc k nng c bn c cung cp s gip cho
ngi qun tr c th hoch nh c cc nhu cu lin quan n tn min cho
mng li, tin hnh th tc ng k chnh xc (nu ng k tn min Internet)
v m nhn c cc cng tc to mi, sa i ... hay ni chung l cc cng
vic qun tr h thng my ch tn min DNS
Chng 4 i hi cc hc vin phi quen thuc vi a ch IP, vic son
tho qun tr cc tin trnh trn cc h thng linux, unix, windows.

1. Gii thiu
1.1. Lch s hnh thnh ca DNS
Vo nhng nm 1970 mng ARPanet ca b quc phng M rt nh v d
dng qun l cc lin kt vi trm my tnh vi nhau. Do mng ch cn mt
file HOSTS.TXT cha tt c thng tin cn thit v my tnh trong mng v
gip cc my tnh chuyn i c thng tin a ch v tn mng cho tt c
my tnh trong mng ARPanet mt cch d dng. V chnh l bc khi u
ca h thng tn min gi tt l DNS ( Domain name system)
Nh khi mng my tnh ARPanet ngy cng pht trin th vic qun l
thng tin ch da vo mt file HOSTS.TXT l rt kh khn v khng kh thi.
V thng tin b xung v sa i vo file HOSTS.TXT ngy cng nhiu v nht
l khi ARPanet pht trin h thng my tnh da trn giao thc TCP/IP dn n
s pht trin tng vt ca mng my tnh:
Lu lng v trao i trn mng tng ln
Tn min trn mng v a ch ngy cng nhiu
Mt my tnh ngy cng cao do m bo pht trin ngy cng kh
khn
n nm 1984 Paul Mockpetris thuc vin USC's Information Sciences
Institute pht trin mt h thng qun l tn min mi (miu t trong chun
RFC 882 - 883) gi l DNS (Domain Name System) v ngy ny n ngy cng
c pht trin v hiu chnh b xung tnh nng m bo yu cu ngy cng
cao ca h thng (hin nay DNS c tiu chun theo chun RFC 1034 - 1035)

1.2. Mc ch ca h thng DNS
97
My tnh khi kt ni vo mng Internet th c gn cho mt a ch IP
xc nh. a ch IP ca mi my l duy nht v c th gip my tnh c th
xc nh ng i n mt my tnh khc mt cch d dng. Nh i vi ngi
dng th a ch IP l rt kh nh. Do vy cn phi s dng mt h thng
gip cho my tnh tnh ton ng i mt cch d dng v ng thi cng gip
ngi dng d nh. Do vy h thng DNS ra i nhm gip cho ngi dng c
th chuyn i t a ch IP kh nh m my tnh s dng sang mt tn d nh
cho ngi s dng v ng thi n gip cho h thng Internet d dng s dng
lin lc v ngy cng pht trin.
H thng DNS s dng h thng c s d liu phn tn v phn cp
hnh cy do vic qun l s d dng v cng rt thun tin cho vic chuyn
i t tn min sang a ch IP v ngc li. Cng ging nh m hnh qun l
c nhn ca mt t nc mi c nhn s c mt tn xc nh ng thi cng
c a ch chng minh th gip qun l con ngi mt cch d dng hn
(nhng khc l tn min khng c trng nhau cn tn ngi th vn c th
trng nhau)
Mi c nhn u c mt s cn cc qun l

Mi mt a ch IP tng ng vi mt tn min

Vy tm li tn min l (domain name) g ? nhng tn gi nh nh
home.vnn.vn hoc www.cnn.com th c gi l tn min (domain name hoc
DNS name). N gip cho ngi s dng d dng nh v n dng ch m
ngi bnh thng c th hiu v s dng hng ngy.
H thng DNS gip cho mng Internet thn thin hn vi ngi s
dng do mng internet pht trin bng n mt vi nm li y. Theo thng
trn th gii vo thi im thng 7/2000 s lng tn min c ng k l
93.000.000
Tm li mc ch ca h thng DNS l:
a ch IP kh nh cho ngi s dng nhng d dng vi my tnh
Tn th d nh vi ngi s dng nh khng dng c vi my tnh
H thng DNS gip chuyn i t tn min sang a ch IP v ngc li
gip ngi dng d dng s dng h thng my tnh

98
2. DNS server v cu trc c s d liu tn min
2.1.Cu trc c s d liu
C s d liu ca h thng DNS l h thng c s d liu phn tn v
phn cp hnh cy. Vi .Root server l nh ca cy v sau cc domain c
phn nhnh dn xung di v phn quyn qun l. Khi mt client truy vn
mt tn min n s ln lt i t root phn cp ln lt xung di n
DNS qun l domain cn truy vn.

Cu trc ca d liu c phn cp hnh cy root qun l ton b s
v phn quyn qun l xung di v tip cc tn min li c tip tc
chuyn xung cp thp hn (delegate) xung di.
Zone
H thng DNS cho php phn chia tn min qun l v n chia h
thng tn min ra thnh zone v trong zone qun l tn min c phn chia
v n cha thng tin v domain cp thp hn v c kh nng chia thnh cc
zone cp thp hn v phn quyn cho cc DNS server khc qun l.
V d: zone .com th DNS server qun l zone .com cha thng tin v cc
bn ghi c ui l .com v c kh nng chuyn quyn qun l (delegate) cc
zone cp thp hn cho cc DNS khc qun l nh .microsoft.com l vng
(zone) do microsoft qun l.
Root Server
9 L server qun l ton b cu trc ca h thng DNS
9 Root server khng cha d liu thng tin v cu trc h thng DNS m
n ch chuyn quyn (delegate) qun l xung cho cc server cp thp hn v
do root server c kh nng xc nh ng n ca mt domain ti bt c
u trn mng
9 Hin nay trn th gii c khong 13 root server qun l ton b h thng
Internet (v tr ca root server nh trn hnh v di)

99

H thng c s d liu ca DNS l h thng d liu phn tn hnh cy
nh cu trc l cu trc logic trn mng Internet

V mt vt l h thng DNS nm trn mng Internet khng c c cu
trc hnh cy nhng n c cu hnh phn cp logic phn cp hnh cy phn
quyn qun l.
Mt DNS server c th nm bt c v tr no trn mng Internet nhng c
cu hnh logic phn cp chuyn tn min cp thp hn xung cho cc DNS
server khc nm bt c v tr no trn mng Internet (v nguyn tc ta c th
t DNS ti bt c v tr no trn mng Internet. Nhng tt nht l t DNS ti
v tr no gn vi cc client d dng truy vn n ng thi cng gn vi v
tr ca DNS server cp cao hn trc tip ca n).
Mi mt tn min u c qun l bi t nht mt DNS server v trn
ta khai cc bn ghi ca tn min trn DNS server. Cc bn ghi s xc
nh a ch IP ca tn min hoc cc dch v xc nh trn Internet nh web,
th in t ...
100
Sau y l cc bn ghi trn DNS
Tn trng Tn y Mc ch
SOA Start of Authority Xc nh my ch DNS c thm
quyn cung cp thng tin v tn
min xc nh trn DNS
NS Name Server Chuyn quyn qun l tn min
xung mt DNS cp thp hn
A Host nh x xc nh a ch IP ca mt
host
MX Mail Exchanger Xc nh host c quyn qun l th
in t cho mt tn min xc nh
PTR Pointer Xc nh chuyn t a ch IP sang
tn min
CNAME Canonical NAME Thng s dng xc nh dch v
web hosting
Cu trc ca mt tn min
Domain s c dng : lable.lable.label...lable
di ti a ca mt tn min l 255 k t
Mi mt Lable ti a l 63 k t
Lable phi bt u bng ch hoc s v ch c php cha ch, s, du
tr(-), du chm (.) m khng c cha cc k t khc.
Phn loi tn min
Hu ht tn min c chia thnh cc loi sau:
Arpa : tn min ngc (chuyn i t a ch IP sang tn min reverse
domain)
Com : cc t chc thng mi
Edu : cc c quan gio dc
Gov : cc c quan chnh ph
Mil : cc t chc qun s, quc phng
Net : cc trung tm mng ln
Org : cc t chc khc
Int : cc t chc a chnh ph (t c s dng)
Ngoi ra hin nay trn th gii s dng loi tn min c hai k t cui
xc nh tn min thuc quc gia no (c xc nh trong chun ISO3166)
101

Loi tn Miu t V d
Gc
(domain root)
N l nh ca nhnh cy
ca tn min. N xc nh
kt thc ca domain (fully
qualified domain names
FQDNs).
n gin n ch l du chm (.) s
dng ti cui ca tn v nh
"example.microsoft.com."
Tn min cp
mt
(Top-level
domain)
L hai hoc ba k t xc
nh nc/khu vc hoc cc
t chc.
".com", xc nh tn s dng trong
xc nh l t chc thng mi .
Tn min cp
hai
(Second-level
domain)
N rt a dng trn internet,
n c th l tn ca mt
cng ty, mt t chc hay
mt c nhn .v.v. ng k
trn internet.
"microsoft.com.", l tn min cp
hai ng k l cng ty Microsoft.
Tn min cp
nh hn
(Subdomain)
Chia nh thm ra ca tn
min cp hai xung thng
c s dng nh chi
nhnh, phong ban ca mt
c quan hay mt ch no
.
"example.microsoft.com." l phn
qun l ti liu v d ca microsof

Mt s ch khi t tn min:
Tn min nn t gii hn t t cp 3 n cp 4 hoc cp 5 v nu nhiu
hn na vic qun tr l kh khn.
S dng tn min l phi duy nht trong mng internet
Nn t tn n gin gi nh v trnh t tn qu di

2.2. Phn loi DNS server v ng b d liu gia cc DNS server
C ba loi DNS server sau:
102
Primary server
Ngun xc thc thng tin chnh thc cho cc domain m n c php
qun l qun l
Thng tin v tn min do n c phn cp qun l th c lu tr ti y
v sau c th c chuyn sang cho cc secondary server.
Cc tn min do primary server qun l th c to v sa i ti primary
server v sau c cp nhp n cc secondary server.
Secondary server
DNS c khuyn ngh nn s dng t nht l hai DNS server lu cho
mi mt zone. Primary DNS server qun l cc zone v secondary server c
s dng lu tr d phng cho zone cho primary server. Secondary DNS
server c khuyn ngh dng nhng khng nht thit phi c. Secondary
server c php qun l domain nhng d liu v domain khng phi to ti
secondary server m n c ly v t primary server.
Secondary server c th cung cp hot ng ch khng c ti trn
mng. Khi lng truy vn zone tng cao ti primary server n s chuyn bt ti
sang secondary server hoc khi primary server b s c th secondary s hot
ng thay th cho n khi primary server hot ng tr li
Secondary server nn c s dng ti ni gn vi client c th phc v
cho vic truy vn tn min mt cch d dng. Nhng khng nn ci t
secondary server trn cng mt subnet hoc cng mt kt ni vi primary
server. V iu s l mt gii php tt s dng secondary server d
phng cho primary server v c th kt ni n primary server b hng th cng
khng nh hng g n secondary server.
Primary server lun lun duy tr mt lng ln d liu v thng xuyn
thay i hoc thm vo cc zone. Do DNS server s dng mt c ch cho
php chuyn cc thng tin t primary server sang secondary server v lu gi
n trn a. Cc thng tin nhn d liu v cc zone c th s dng gii php ly
ton b (full) hoc ly phn thay i (incremental)
Nhiu secondary DNS server s tng n nh hot ng ca mng v
vic lu tr thng tin ca tn min mt cch m bo nh mt iu cn quan
tm l d liu ca zone c chuyn trn mng t primary server n cc
secondary server s lm tng lu lng ng truyn v yu cu thi gian
ng b d liu trn cc secondary server.
Caching-only server
Mc d tt c cc DNS server u c kh nng lu tr d liu trn b nh
cache ca my tr li truy vn mt cch nhanh chng. Caching-only server
l loi DNS server ch s dng cho vic truy vn, lu gi cu tr li da trn
thng tin trn cache ca my v cho kt qu truy vn. Chng khng h qun l
mt domain no v thng tin m n ch gii hn nhng g c lu trn cache
ca server.
103
Khi no th s dng caching-only server ?. Khi m server bt u chy th
n khng c thng tin lu trong cache. Thng tin s c cp nhp theo thi
gian khi cc client server truy vn dch v DNS. Nu bn s dng kt ni mng
WAN tc thp th vic s dng caching-only DNS server l mt gii php
tt n cho php gim lu lng thng tin truy vn trn ng truyn.
Ch
Caching-only DNS server khng cha zone no v cng khng quyn
qun l bt k domain no. N s dng b nh cache ca mnh lu cc truy
vn DNS ca client. Thng tin s c lu trong cache tr li cho cc truy
vn n ca client
Caching-only DNS c kh nng tr li cc truy vn nh khng qun l
hoc to bt c zone hoc domain no
DNS server ni trung c khuyn ngh l c cu hnh s dng
TCP/IP v dng a ch IP tnh.
ng b d liu gia cc DNS server (zone transfer)
Truyn ton b zone
Bi v tm quan trng ca h thng DNS v vic qun l cc domain thuc
zone phi c m bo. Do thng mt zone th thng c t trn hn
mt DNS server trnh li khi truy vn tn min thuc zone . Ni cch
khc nu ch c mt server qun l zone v khi server khng tr li truy vn th
cc tn min trong zone s khng c tr li v khng cn tn ti trn
Internet. Do ta cn c nhiu DNS server cng qun l mt zone v c c ch
chuyn d liu ca cc zone v ng b n t mt DNS server ny n cc
DNS server khc
Khi mt DNS server mi c thm vo mng th n c cu hnh nh
mt secondary server mi cho mt zone tn ti. N s tin hnh nhn ton
b (full) zone t DNS server khc. Nh DNS server th h u tin thng
dng gii php ly ton b c s d liu v zone khi c cc thay i trong zone.
Truyn phn thay i (Incremental zone)
Truyn ch nhng thay i (incremental zone transfer) ca zone c miu
t chi tit trong tiu chun RFC 1995. N l phn b xung cho chun sao chp
DNS zone. Incremental transfer th c h tr bi c DNS server l ngun ly
thng tin v DNS server nhn thng tin v zone, n cung cp gii php hiu
qu cho vic ng b nhng thay i hoc thm bt zone.
Gii php ban u cho DNS yu cu cho vic thay i d liu v zone l
truyn ton b d liu ca zone s dng truy vn AXFR. Vi vic ch truyn
cc thay i (incremental transfer) s s dng truy vn (IXFR) c s dng
thay th cho AXFR. N cho php secondary server ch ly v nh zone thay
i ng b d liu.
Vi trao i IXFR zone, th s khc nhau gia versions ca ngun d liu
v bn sao ca n. Nu c hai bn u c cng version ( xc nh bi s serial
104
trong khai bo ti phn u ca zone SOA "start of authority") th vic truyn
d liu ca zone s khng c thc hin.
Nu s serial cho d liu ngun ln hn s serial ca secondary server th
n s thc hin chuyn nhng thay i vi cc bn ghi ngun (Resource record
- RR) ca zone. truy vn IXFR thc hin thnh cng v cc thay i c
gi th ti DNS server ngun ca zone phi lu gi cc phn thay i s
dng truyn n ni yu cu ca truy vn IXFR. Incremental s cho php lu
lng truyn d liu l t v thc hin nhanh hn.
SOA vdc-hn01.vnn.vn. postmaster.vnn.vn. (
82802 ; serial number
; refresh every 30 mins
; retry every hour
; expire after 24 hours
; minimum TTL 2 hours
NS vdc-hn01.vnn.vn.
NS hcm-server1.vnn.vn.
Zone transfer s xy ra khi c nhng hnh ng sau xy ra:
Khi qu trnh lm mi ca zone kt thc (refresh expire)
Khi secondary server c thng bo zone thay i ti server ngun
qun l zone
Khi dch v DNS bt u chy ti secondary server
Ti secondary server yu cu chuyn zone
Sau y l cc bc yu cu t secondary server n DNS server cha zone
yu cu ly d liu v zone m n qun l.
1. Trong khi cu hnh mi DNS server. Th n s gi truy vn yu cu gi
ton b zone ("all zone" transfer (AXFR) request) n DNS server qun l
chnh d liu ca zone
2. DNS server chnh qun l d liu ca zone s tr li v chuyn ton b
d liu v zone n secondary (destination) server mi cu hnh.
zone th c chuyn n DNS server yu cu cn c vo version c xc
nh bng s Serial ti phn khai bo (start of authority SOA). Ti phn SOA
cng c cha cc thng s xc nh thi gian lm mi li zone ...
3. Khi thi gian lm mi (refresh interval) ca zone ht, th DNS server
nhn d liu s truy vn yu cu lm mi zone ti DNS server chnh cha d
liu zone.
4. DNS server chnh qun l d liu s tr li truy vn v gi li d liu.
Tr li s bao gm c s serial ca zone hin ti ti DNS server chnh.
5. DNS server nhn d liu v zone s kim tra s serial trong tr li v
quyt nh s lm th no vi zone
105
Nu gi tr ca s serial bng vi s hin ti ti DNS server nhn tr li th
n s kt lun rng s khng cn chuyn d liu v zone n. V n s thit lp
li vi cc thng s c v thi gian lm mi li bt u.
Nu gi tr ca s serial ti DNS server chnh ln hn gi tr hin ti ti d
liu DNS ni nhn th n kt lun rng zone cn phi c cp nhp v vic
chuyn zone l cn thit.
6. Nu DNS server ni nhn kt lun rng zone cn phi thay i v n s
gi truy vn IXFR ti DNS server chnh yu cu gi zone
7. DNS server chnh s tr li vi vic gi nhng thay i ca zone hoc
ton b zone
Nu DNS server chnh c h tr vic gi nhng thay i ca zone th n s
gi nhng phn thay i (incremental zone transfer (IXFR) of the zone.). Nu
n khng h tr th n s gi ton b zone (full AXFR transfer of the zone)

3. Hot ng ca h thng DNS
H thng DNS hot ng ng ti lp 4 ca m hnh OSI n s dng
truy vn bng giao thc UDP v mc nh l s dng cng 53 trao i thng
tin v tn min.

Hat ng ca h thng DNS l chuyn i tn min sang a ch IP v
ngc li. H thng c s d liu ca DNS l h thng c s d liu phn tn,
cc DNS server c phn quyn qun l cc tn min xc nh v chng lin
kt vi nhau cho php ngi dng c th truy vn mt tn min bt k (c
tn ti) ti bt c im no trn mng mt cc nhanh nht
G T
1
T
2

Nh trnh by cc DNS server phi bit t nht mt cch n c
root server v ngc li. Nh trn hnh v mun xc nh c tn min
mit.edu th root server phi bit DNS server no c phn quyn qun l tn
min mit.edu chuyn truy vn n.
106
Ni tm li tt c cc DNS server u c kt ni mt cch logic vi nhau:
Tt c cc DNS server u c cu hnh bit t nht mt cch n
root server
Mt my tnh kt ni vo mng phi bit lm th no lin lc vi t
nht l mt DNS server
Hot ng ca DNS
Khi DNS client cn xc nh cho mt tn min n s truy vn DNS.
Truy vn DNS v tr li ca h thng DNS cho client s dng th tc UDP
cng 53, UPD hot ng mc th 3 (network) ca m hnh OSI, UDP l th
tc phi kt ni (connectionless), tng t nh dch v gi th bnh thng bn
cho th vo thng th v hy vng c th chuyn n ni bn cn gi ti.
Mi mt message truy vn c gi i t client bao gm ba phn thng tin :
Tn ca min cn truy vn (tn y FQDN)
Xc nh loi bn ghi l mail, web ...
Lp tn min (phn ny thng c xc nh l IN internet, y
khng i su vo phn ny)
V d : tn min truy vn y nh
"hostname.example.microsoft.com.", v loi truy vn l a ch A. Client truy
vn DNS hi "C bn ghi a ch A cho my tnh c tn l
"hostname.example.microsoft.com" khi client nhn c cu tr li ca DNS
server n s xc nh a ch IP ca bn ghi A.
C mt s gii php tr li cc truy vn DNS. Client c th t tr li
bng cch s dng cc thng tin c lu tr trong b nh cache ca n t
nhng truy vn trc . DNS server c th s dng cc thng tin c lu tr
trong cache ca n tr li hoc DNS server c th hi mt DNS server khc
ly thng tin tr li li client.
Ni chung cc bc ca mt truy vn gm c hai phn nh sau:
Truy vn s bt u ngay ti client computer xc nh cu tr li
Khi ngay ti client khng c cu tr li, cu hi s c chuyn n
DNS server tm cu tr li.
T tm cu tr li truy vn
Bc u tin ca qu trnh s l mt truy vn. Tn min s dng mt
chng trnh trn ngay my tnh truy vn tm cu tr li cho truy vn. Nu
truy vn c cu tr li th qu trnh truy vn kt thc
Ngay ti my tnh truy vn thng tin c ly t hai ngun sau:
Trong file HOSTS c cu hnh ngay ti my tnh. Cc thng tin nh
x t tn min sang a ch c thit lp file ny c s dng u tin. N
c ti ngay ln b nh cache ca my khi bt u chy DNS client.
107
Thng tin c ly t cc cu tr li ca truy vn trc . Theo thi
gian cc cu tr li truy vn c lu gi trong b nh cache ca my tnh v
n c s dng khi c mt truy vn lp li mt tn min trc .
Truy vn DNS server
Khi DNS server nhn c mt truy vn. u tin n s kim tra cu tr
li liu c phi l thng tin ca bn ghi m n qun l trong cc zone ca
server. Nu truy vn ph hp vi bn ghi m n qun l th n s s dng
thng tin tr li tr li (authoritatively answer) v kt thc truy vn.
Nu khng c thng tin v zone ca n ph hp vi truy vn. N s
kim tra cc thng tin c lu trong cache liu c cc truy vn tng t no
trc ph hp khng nu c thng tin ph hp n s s dng thng tin
tr li v kt thc truy vn.
Nu truy vn khng tm thy thng tin ph hp tr li t c cache v
zone m DNS server qun l th truy vn s tip tc. N s nh DNS server
khc tr li truy vn n khi tm c cu tr li.
Cc cch DNS server lin lc vi nhau xc nh cu tr li
Trng hp Root server kt ni trc tip vi server tn min cn truy vn
1
5
4
3
2
6
A b c . c o m
P C A
W w w . a b c . c o m
V d c . c o m . v n
R o o t s e r v e r

Hnh 4.1: Root server kt ni trc tip vi server tn min cn truy vn
Trong trng hp root server bit c DNS server qun l tn min
cn truy vn. Th cc bc ca truy vn s nh sau:
Bc 1 : PC A truy vn DNS server tn min vdc.com.vn. (l local name
server) tn min www.abc.com.
Bc 2 : DNS server tn min vdc.com.vn khng qun l tn min
www.abc.com do vy n s chuyn truy vn ln root server.
Bc 3 : Root server s xc nh c rng DNS server qun l tn min
www.abc.com l server DNS.abc.com v n s chuyn truy vn n DNS
server DNS.abc.com tr li
Bc 4 : DNS server DNS.abc.com s xc nh bn ghi www.abc.com v tr
li li root server
Bc 5 : Root server s chuyn cu tr li li cho server vdc.com.vn
108
Bc 6 : DNS server vdc.com.vn s chuyn cu tr li v cho PC A v t
PC A c th kt ni n PC B (qun l www.abc.com)
Trng hp root server khng kt ni trc tip vi server tn min cn truy vn

1
7
6
3
2
8
P C A
W w w . a b c . c o m . s g
V d c . c o m . v n
R o o t s e r v e r
D n s . a b c . c o m . s g
D n s . c o m . s g
4
5

Hnh 4.2: Root server khng kt ni trc tip vi server tn min cn truy vn
Trong trng hp khng kt ni trc tip th root server s hi server
trung gian (phn lp theo hnh cy) xc nh c n server tn min qun
l tn min cn truy vn
Bc 1 - PC A truy vn DNS server vdc.com.vn (local name server) tn min
www.acb.com.sg.
Bc 2 - DNS server vdc.com.vn khng qun l tn min www.abc.com.sg vy
n s chuyn ln root server.
Bc 3 - Root server s khng xc nh c DNS server qun l trc tip tn
min www.abc.com.sg n s cn c vo cu trc ca h thng tn min
chuyn n DNS qun l cp cao hn ca tn min abc.com.sg l com.sg v
n xc nh c rng DNS server DNS.com.sg qun l tn min com.sg.
Bc 4 - DNS.com.sg sau s xc nh c rng DNS server
DNS.abc.com.sg c quyn qun l tn min www.abc.com.sg.
Bc 5 - DNS.abc.com.sg s ly bn ghi xc nh cho tn min
www.abc.com.sg tr li DNS server DNS.com.sg.
Bc 6 - DNS.com.sg s li chuyn cu tr li ln root server.
Bc 7 - Root server s chuyn cu tr li tr li DNS server vdc.com.vn.
Bc 8 - V DNS server vdc.com.vn s tr li v PC A cu tr li v PC A
kt ni c n host qun l tn min www.abc.com.sg.
Khi cc truy vn lp i lp li th h thng DNS c kh nng thit lp
chuyn quyn tr li n DNS trung gian m khng cn phi qua root server v
n cho php thi gian truy vn c gim i.
109
1
3
7
4
2
8
PC A
Www.abc.com.sg
Vdc.com.vn
Root server
Dns.abc.com.sg
Dns.com.sg
5
6

Hot ng ca DNS cache
Khi DNS server s l cc truy vn ca client v s dng cc truy vn lp
li. N s xc nh v lu li cc thng tin quan trng ca tn min m client
truy vn. Thng tin s c ghi li trong b nh cache ca DNS server.
Cache lu gi thng tin l gii php hu hiu tng tc truy vn thng
tin cho cc truy vn thng xuyn ca cc tn min hay c s dng v lm
gim lu lng thng tin truy vn trn mng.
DNS server khi thc hin cc truy vn quy cho client th DNS server
s tm thi lu trong cache bn ghi thng tin ( resource record - RR) ly c
t DNS server lu tr thng tin v truy vn . Sau mt client khc truy vn
yu cu thng tin ca ng bn ghi th n s ly thng tin ban ghi (RR) lu
trong cache tr li.
Khi thng tin c lu trong cache. Th cc bn ghi RR c ghi trong
cache s c cung cp thi gian sng (TTL - Time-To-Live). Thi gian sng
ca mt bn ghi trong cache l thi gian m n tn ti trong cache v c
dng tr li cho cc truy vn ca client khi truy vn tn min trong bn ghi
. Thi gian sng (TTL) c khai khi cu hnh cho cc zone. Gi tr mc
nh nh nht ca thi gian sng (Minimum TTL) l 3600 giy (1 gi) nh gi
tr ny ta c th thay i khi cu hnh zone. Ht thi gian sng bn ghi s c
xa khi b nh cache.

4. Bi tp thc hnh
Bi 1: Ci t DNS Server cho Window 2000
M ca s qun l DNS
Bc 1: M ca s qun l DNS
110

Bm vo mune Start chn Programs v sau l "Administrative tools" Chn
"DNS Manager"
Bc 2: Ca s qun l DNS server s xut hin
111
Ti ca s qun l DNS server bn c th khai bo cc tnh nng ca DNS

Thm trng (zone)

zone l tn min (domain name) m server qun l. Ti ca s qun l DNS ti
phn server qun l bm chut phi hin menu v chn "new zone" nh
hnh trn

Bm v "new zone" s hin ca s cho php chn kiu d liu m zone qun l.
Standard Primary l loi d liu ca zone c khai bo v qun l ngay ti
server. Cn Stardard Secondary l loi zone m d liu c ly v t
Standard Primary v d liu cng nm trn server . Standard Primary thng
s dng d phng cho cc zone tn ti. Bm Next tip tc
112

S xut ca s nh trn. Forward lookup zone l loi zone qun l vic chuyn
i t domain name sang a ch IP. Cn phn Reverse lookup zone qun l
vic chuyn i t IP sang Domain name. Bm Next tip tc

Ti ca s ny in zone (domain name) m s qun l. Bm Next tip tc

in tn ca file lu tr zone ti "Create a new file with this file name"
hoc s dng file c sn ti "Use this existing file" V bm Next cho n khi
xut hin nt finish kt thc to zone

Thm tn min (domain name)
Ti ca s qun l domain chn vo server v bm chut phi hin ln
menu v chn "New Domain..." in mt domain mi.

113

Sau khi bm vo "New Domain" n s xut hin ca s cho php bn
in tn min m server c php qun l. Sau khi in bm "OK" kt thc

Thm mt host mi
Ti ca s qun l DNS chn zone to v bm chut phi chn "new
host"

114
Xut hin ca s cho php ta khai bo host mi

Bn in tn ca host m mun to. Tn ca host s c t ng in
thm phn domain thnh tn y ca host.
V d: nh trn y l vng qun l zone (location) l ktm.vnn.vn. Vy
khi bn in Name l www v IP address l 203.162.0.100 th s tng ng
vi nh ngha domain www.ktm.vnn.vn. tr n a ch IP 203.162.0.100
www.ktm.vnn.vn. IN A 203.162.0.100
To mt bn ghi web (to b danh)
Ti ca s qun l Domain v tn min va to v bm chut phi v
chn "New Alias" to mt CNAME n mt host.

Bm v "New Alias..." s xut hin ca s cho php khai bo Alias
115

Ti phn "Alias name" in tn to alias v ti phn "Fully qualified
name for target host" in tn y ca mt host m mun to b danh (
thng c s dng cho webhosting)
V d : www.ktm.vnn.vn. IN CNAME ktm.vnn.vn.
Ta s c trang web www.ktm.vnn.vn t trn server web c tn l ktm.vnn.vn.
To mt bn ghi th in t (MX)
Ti ca s qun l DNS ti tn min mun to bn ghi MX bm chut
phi

Sau khi bm vo"New Mail Exchanger.." s xut hin ca s cho php
to cc thng s cho bn ghi mx
116

in ti "Host or domain" in tn hoc trng tn ny kt hp vi
phn zone "Parent domain" to thnh domain y ca bn ghi th in
t. Ti "Mail server" in tn ca server th in t v ti "Mail server
priority" in mc u tin ca server th in t ( ln cng nh mc u
tin cng cao)
V d trn hnh ta c:
mail.ktm.vnn.vn IN MX 10 mr-hn.vnn.vn.
Ta c tn min th in t mail.ktm.vnn.vn. ( ta c th to c cc
hp th abc@mail.ktm.vnn.vn ) c cha ti server th in t mr-
hn.vnn.vn vi mc u tin l 10
Chuyn quyn qun l tm min (delegate)
Ti ca s qun l DNS ti domain mun chuyn quyn qun l bm
chut phi.
117

Bm vo "New Delegation..." hin ca s cho php chuyn quyn
qun l tn min

in phn domain m bn mun chuyn quyn qun l vo "Delegated
domain"
V d y in l abc ngha l bn mun chuyn quyn qun l
domain abc.ktm.vnn.vn. Bm "Next" tip tc
118

Hin ca s in vo "Server name" tn ca DNS server s c php
qun l tn min abc.ktm.vnn.vn. Bm "Resolve" xc nh a ch IP ca
DNS server. Sau bm "Ok" kt thc.
V d abc.ktm.vnn.vn. IN NS vdc-hn01.vnn.vn.
Tng ng tn min abc.ktm.vnn.vn. s c chuyn quyn v DNS
server vdc-hn01.vnn.vn qun l.

Bi 2: Ci t, cu hnh DNS cho Linux
Hin ti trn Internet rt nhiu nh cung cp phn mm min ph cho
DNS. Nhng phn mn s dng DNS cho unix c s dng ph bin hin ny
l gi phn mm cho DNS l Bind
Bind c pht trin bi mt t chc phi li nhun l Internet Software
Consortium (www.isc.org) v n cung cp phn mn bind min ph.
Hin ti phn mm bind c version l 9.2.2
Phn mn Bind cn cung cp tin ch nslookup l cng c rt tin li
cho vic kim tra tn min
Khai bo DNS cho client/server
Vi client s dng linux hoc unix ta vo file /etc/resolv.conf
9 Client ch ly thng tin v cc domain
9 Client ch gi query ti server v nhn tr li
Cu hnh DNS server
9 Cu bnh resolver nh ca (DNS client)
9 Cu hnh Bind cho name server (named)
119
9 Xy d c s d liu cho DNS (cho cc zone file)
Cu hnh cho DNS client /etc/resolv.conf
Cc t kha Miu t
nameserver a ch a ch IP ca DNS server s gi truy vn n
ly thng tin v domain
domain name xc nh domain mc nh ca client

Vi DNS client ch cn cu hnh file resolv.conf
Ci t DNS server.
Ta c th ly chng trnh ci t bind cho DNS ti www.isc.org ly v
server
cd /usr/src
mkdir bind-9.xx
cd bind-9.xx
Ly chng trnh ci t DNS v y bind-9.xx-src.tar.gz
gunzip bind-9.xx-src.tar.gz
tar xf bind-9.xx-src.tar
rm bind-9.xx-src.tar
cd src
make clean
make depend
make install
Vy l ta ci xong phn mn named cho DNS v cc zone file s c cha
trong /var/named cn file cu hnh nm trong /usr/local/etc vy ta phi to v
t file cu hnh v zone file vo cc th mc trn v chy
#/usr/local/sbin/named
Vy l server sn sng cho truy vn DNS
120
Cu trc file c s d liu (zone file)
Cc file c s d liu zone c ch lm hai loi cho domain (c dng
db.domain hoc domain.root) v cc domain ngc ( db.address ) v n nm
trong th mc /var/named ca DNS server.
Cc d liu nm trong file c d liu c gi l DNS resource record.
Cc loi resource record trong file d liu bao gm:
SOA record
Ch r domain ct qun l bi name server ghi sau trng SOA. Trong
trng hp file db.domain
@ IN SOA vdc-hn01.vnn.vn. postmaster.vnn.vn. (
1999082802 ; serial number
1800 ; refresh every 30 mins
3600 ; retry every hour
86400 ; expire after 24 hours
6400 ; minimum TTL 2 hours
)
IN NS vdc-hn01.vnn.vn.
IN NS hcm-server1.vnn.vn.
Khai bo zone ngc db.203.162.0
@ IN SOA vdc-hn01.vnn.vn. postmaster.vnn.vn. (
1999082301 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
; name servers
IN NS vdc-hn01.vnn.vn.
IN NS hcm-server1.vnn.vn.
6 IN PTR ldap.vnn.vn.
7 IN PTR hanoi-server1.vnn.vn.
8 IN PTR hanoi-server2.vnn.vn.
9 IN PTR mail.vnn.vn.
Trong mi zone ch khai mt trng SOA. Nh v d trn trong trng
hp file db.com.vn, ch @ bi th cc tt c cc domain trong file qun l bi
name server vdc-hn01.vnn.vn v a ch mail ca admin mng l
postmaster.vnn.vn. Ngoi ra trong phn SOA c 5 thng s cn qun tm sau:
Serial number : Thng s ny c tc dng vi tt c cc d liu trong file. Khi
secondary server yu cu primary server cc thng tin v domain m n qun
l th u tin n s so snh serial number ca secondary v primary server.
121
Nu serial number ca secondary server nh hn ca primary server th d liu
ca domain s c cp nhp li cho secondary server t secondary server.
Mi khi ta thay i ni dung ca file db.domain th ta cn phi thay i
serial number v thng ta nh serial number theo nguyn tc sau:
Serial number : yyyymmddtt
trong : yyyy l nm
mm l thng
dd l ngy
tt l s ln sa i trong ngy
Refresh: l chu k thi gian m secondary server s snh v cp nhp li d
liu ca n vi primary server
Retry: nu secondary server khng kt ni c vi primary server th c sau
mt khong thi gian th n s kt ni li
Expire : l khong thi gian m domain s ht hiu lc nu secondary khng
kt ni c vi primary server.
TTL (time to live) : khi mt server bt k yu cu thng tin v d liu no t
primary server, v d liu s c lu gi ti server v c hiu lc trong
khong thi gian ca TTL. Ht khong thi gian nu tip tc cn th n li
phi truy vn li primary server.

Cc bn ghi thng dng trong DNS server
NS (name server) : Bn ghi NS xc nh DNS server no s qun l tn
min. Nh v d trn l DNS server vdc-hn01.vnn.vn. v hcm-
server1.vnn.vn.
A (address) : Bn ghi dng A cho tng ng mt domain name vi mt a ch
IP. Ch cho php khai bo mt bn ghi A cho mt a ch IP.
V d:

Tn min Internet Loi bn ghi a ch
mr.vnn.vn. IN A 203.162.4.148
mr-hn.vnn.vn. IN A 203.162.0.24
mail.vnn.vn. IN A 203.162.0.9
fmail.vnn.vn. IN A 203.162.4.147
hot.vnn.vn. IN A 203.162.0.23
home.vnn.vn. IN A 203.162.0.12
122
www.vnn.vn. IN A 203.162.0.16
CNAME (canonical name) : l tn ph cho mt host c sn tn min dng A.
N thng c s dng cho cc server web, ftp
V d : cc domain c dng CNAME c ch ti cc my ch web
Tn min Internet Loi bn ghi Server
www.gpc.com.vn. IN CNAME home.vnn.vn.
www.huonghai.com.vn. IN CNAME home.vnn.vn.
www.songmayip.com.vn. IN CNAME hot.vnn.vn.
www.covato2.com.vn. IN CNAME hot.vnn.vn.
MX (mail exchange): l tn ph cho cc dch v mail trn cc my ch
c tn min dng A. Bn ghi ny cho php my ch c th cung cp dch v
mail cho cc domain khc nhau. C th khai bo nhiu domain khc nhau cng
ch ti mt server hoc mt domain tr ti nhiu server khc nhau ( s dng
backup) trong trng hp ny gi tr u tin phi t khc nhau. Vi s u tin
cng nh th mc u tin cng cao.
V d
Tn min Internet Loi bn
ghi
mc u
tin
Server
mrvn.vnn.vn. IN MX 10 mr.vnn.vn.
clipsalvn.vnn.vn. IN MX 10 mr-hn.vnn.vn.
dbqnam.vnn.vn. IN MX 10 mr-hn.vnn.vn.
thangloi.vnn.vn. IN MX 50 mail.netnam.vn.
IN MX 100 fallback.netnam.vn.
PTR (Pointer) : l bn ghi tng ng a ch IP vi domain. Cc file dng
db.address. V d db.203.162.0 cho tng ng vi cc a ch IP tng ng vi
mng 203.162.0.xxx
Ch :
Trc mi phn khai bo domain thng c dng
$ORIGIN domain.
khai bo gi tr mc nh ca domain. Cho php trong phn khai bo gi tr
khng phi khai bo lp li phn domain mc nh.
V d :
vdc.com.vn. IN A 203.162.0.49
hoc
123
$ORIGIN com.vn.
vdc IN A 203.162.0.49
Du ";" c s dng lm k hiu dng ch thch, cc phn sau du ; u
khng c tc dng.

nh ngha cu hnh (name.conf)
Khi cc file c s d liu (zone file) th cn phi cu hnh DNS
server c cc zone file . i vi h thng BIND c ch ch dn name server
c cc zone file c khai trong file named.conf n c nm trong th mc
/etc hoc /usr/local/etc
V d : khai bo file db trong file named.conf:
; khai bo cho zone file domain.vn
zone "vn." in {
type master;
file "db.vn";
};
;khai bo cho zone file domain.gov.vn
zone "gov.vn." in {
type master;
file "db.gov.vn";
};
;khai bo cho zone ngc 203.162.0.xxx
zone "0.162.203.in-addr.arpa" in {
type master;
file "db.203.162.0";
};
;khai bo cho zone ngc 203.162.1.xxx
zone "1.162.203.in-addr.arpa" in {
type master;
file "db.203.162.1";
};
Ch : sau mi ln thay i d liu sa i c tc dng th cn phi lm
ng tc DNS server cp nhp thay i
%su
%password:
# ps -ef | grep named
root 17413 1 5 Sep 07 ? 189:52 /usr/local/sbin/named
# kill -HUP 17413
Cn chy DNS server
124
#/usr/local/sbin/named

Hng dn s dng nslookup
nslookup - l cng c trn internet cho php truy vn tn min v a ch IP
mt cch tng tc.
Cu trc cu lnh
nslookup [ -option ... ] [ host-to-find | - [ server ]]
Miu t cc lnh ca nslookup
server domain & lserver domain Change the default server to domain.
Lserver uses the initial server to look up information about domain while
server uses the current default server. If an authoritative answer can't be
found, the names of servers that might have the answer are returned.
root Thay i server mc nh s lm root cho domain truy vn.
ls [option] domain [>> filename]
Hin danh sch thng tin ca domain. Mc nh l hin tn ca host v a ch
IP. Ta c th s dng cc la chn hin nhiu thng tin hn:
-t querytype hin danh sch tt c bn ghi xc nh bi loi querytype
-a hin danh sch cc b danh (aliaes) ca domain host (tng t nh -t
CNAME)
-d hin danh sch cc bn ghi ca domain (tng t nh -t ANY)
-h hin danh sch thng tin v CPU v thng tin v h iu hnh ca
domain. (tng t nh -t HINFO)
? hin danh sch cc cu lnh.
exit thot khi chng trnh.
set keyword[=value] cu lnh dng thay i trng thi thng tin m c nh
hng n truy vn. Cc t kho:
all cho php hin tt c cc loi bn ghi
[no]debug bt ch tm li. Cho hin rt nhiu loi thng tin cho php
xc nh li truy vn n domain. (mc nh=nodebug, vit tt = [no]deb)
[no]d2 Bt ch tm li mc cao hn. Tt c cc gi tin truy vn u
c xut hin. (mc nh=nod2)
domain=name Thay i domain mc nh vo tn. Khi truy vn mt tn n
s t ng in thm domain vo sau.
port=value Chuyn cng mc nh s dng cho TCP/UDP name server
thnh cng c thit lp bi gi tr ny (mc nh= 53, vit tt = po)
querytype=value
type=value Chn loi truy vn thng tin. C cc loi sau:
A truy vn host ( khai bo a ch IP).
125
CNAME (canonical name) to tn b danh ( thng dng cho web)
HINFO truy vn loi CPU v h iu hnh ca server.
MINFO thng tin v hp th hoc mail list.
MX truy vn v mail exchanger.
NS truy vn v named zone.
PTR truy vn chuyn t a ch IP sang domain.
SOA Thng tin v ngi qun l v zone.
TXT Cc thng tin khc.
UINFO Thng tin v ngi dng.
WKS H tr cho cc dch v khc.
Cc loi khc (ANY, AXFR, MB, MD, MF, NULL) c miu t chi tit
trong tiu chun RFC-1035 . (Mc nh = A, vit tt = q, ty)
[no]recurse Yu cu name server truy vn ti mt server khc nu n
khng c thng tin v domain cn tm. (mc nh = recurse, vit tt = [no]rec)
retry=number Thit lp s ln truy vn. Khi truy vn m khng nhn c
tr li trong khong thi gian nht nh (thit lp bng lnh set timeout). Khi
thi gian ht th yu cu truy vn s c gi li. V thit lp y iu
khin s ln s gi li trc khi t b truy vn. (Mc nh = 4, vit tt = ret)
root=host i root server cho host
timeout=number Thit lp thi gian timeout cho mt qu trn truy vn tnh
bng giy. (mc nh = 5 giy, vit tt = ti)
[no]vc s dng mt virtual circuit gi yu cu truy vn n server.
(mc nh l = novc, vit tt = [no]v)
Phn tch li
Nu truy vn lookup khng thnh cng th mt thng tin v li s c hin ra.
V cc li c th l :
Timed out
Server khng tr li truy vn sau mt khong thi gian ( khong thi gian c
th thay i bng cu lnh set timeout=value) v and a certain number of
retries (changed with set retry=value).
No response from server
Khng c name server ang chy ti server m client ch n.
No records
Server khng c bn ghi tng ng loi m truy vn cho host a tn ti. Loi
truy vn c thit lp bng cu lnh "set querytype" .
Non-existent domain
Host hoc domain name khng tn ti.
Connection refused
126
Network is unreachable
Kt ni ti name server hoc finger server khng th c ti thi im ny.
Lnh ny thng xut hin vi cc yu cu ca cu lnh ls v finger.
Server failure
Name server tm thy li trong d liu v domain v khng th a ra cu tr
li ng.
Refused
Name server t chi yu cu tr li.
Format error
Name server thy rng cc gi tin yu cu khng ng nh dng. N c th l
li ca chng trnh nslookup.
V d :
Truy vn DNS s
dng bn ghi a cho
domain
home.vnn.vn c a
ch IP l
203.162.0.12

Default Server: vdc-hn01.vnn.vn
Address: 203.162.0.11
Aliases: 11.0.162.203.in-addr.arpa
> set querytype=a
> home.vnn.vn
Server: vdc-hn01.vnn.vn
Address: 203.162.0.11
Name: home.vnn.vn
Address: 203.162.0.12
>
Truy vn bn ghi
mx (mail) cho
domain hn.vnn.vn
n tr n cc host
mu13.vnn.vn c a
ch 203.162.0.55 v
mu14.vnn.vn c a
ch 203.162.0.64
> set querytype=mx
> hn.vnn.vn
Address: 203.162.0.11
hn.vnn.vn MX preference = 20, mail exchanger = mu13.vnn.vn
hn.vnn.vn MX preference = 10, mail exchanger = mu14.vnn.vn
vnn.vn nameserver = vdc-hn01.vnn.vn
vnn.vn nameserver = hcm-server1.vnn.vn
mu13.vnn.vn internet address = 203.162.0.55
mu14.vnn.vn internet address = 203.162.0.64
vdc-hn01.vnn.vn internet address = 203.162.0.11
hcm-server1.vnn.vn internet address = 203.162.4.1
>
Truy vn loi ns > set querytype=ns
127
(name server) cho
domain vn do cc
server no qun l
s cho ta mt danh
sch cc nameserver
qun ly cc domain
c ui vn
> vn
Address: 203.162.0.11
Non-authoritative answer:
vn nameserver = DNS-hcm01.vnnic.net.vn
vn nameserver = ns.ripe.net
vn nameserver = DNS1.vn
vn nameserver = ns1.gip.net
vn nameserver = ns2.gip.net
vn nameserver = ns3.rip.net
vn nameserver = DNS1.vnnic.net.vn
vn nameserver = cheops.anu.edu.au
DNS-hcm01.vnnic.net.vn internet address = 203.162.87.66
ns.ripe.net AAAA IPv6 address = 2001:610:240:0:53:0:0:193
ns.ripe.net internet address = 193.0.0.193
DNS1.vn internet address = 203.162.3.235
ns1.gip.net internet address = 204.59.144.222
ns2.gip.net internet address = 204.59.1.222
DNS1.vnnic.net.vn internet address = 203.162.57.105
cheops.anu.edu.au internet address = 150.203.224.24
>

Chng 5 - Dch v truy nhp t xa v dch v Proxy
128
Chng 5
Dch v truy cp t xa v dch v Proxy

Chng 5 cung cp cc kin thc c bn ca hai ni dung dch v ph
bin trn mng my tnh: dch v truy cp t xa v dch v proxy.
Vic truy cp t xa l nhu cu thit yu m rng phm vi hot ng
mng ca cc t chc, cng ty. Ni dung truy cp t xa gii thiu trong chng
ny l truy cp qua mng thoi PSTN. y l hnh thc truy cp t xa cho tc
truy cp thp va phi nhng li c tnh ph bin rng ri v d thit lp
nht.
Dch v proxy trn mng c pht trin cho cc mc ch tng cng
tc truy nhp cho khch hng trong mng, tit kim c ti nguyn mng
(a ch IP) v m bo c an ton cho mng li khi bt buc phi cung cp
truy nhp ra mng ngoi hay ra mng Internet. Thit lp dch v proxy l cng
tc mi qun tr h thng mng cn bit v cc nhu cu kt ni lin mng v kt
ni Internet cng ngy cng tr nn khng th thiu cho bt k t chc, cng ty
no.
Chng 5 yu cu cc hc vin nn trang b cc kin thc c bn v
mng in thoi PSTN, kin thc v cc giao thc mng WAN PPP, SLIP...
cc giao thc xc thc nh RADIUS...Trong phn proxy, hc vin cn lm
quen vi khi nim chuyn i a ch NAT, hot ng ca cc giao thc
TCP/IP.

Mc 1: Dch v truy cp t xa (Remote Access)
1. Cc khi nim v cc giao thc
1.1. Tng quan v dch v truy cp t xa.
Dch v truy nhp t xa (Remote Access Service) cho php ngi dng
t xa c th truy cp t mt my tnh qua mt mi trng mng truyn dn (v
d mng in thoi cng cng) n mt mng dng ring nh th my tnh
c kt ni trc tip trong mng . Ngi dng t xa kt ni ti mng
thng qua mt my ch dch v gi l my ch truy cp (Access server). Khi
ngi dng t xa c th s dng ti nguyn trn trn mng nh l mt my
tnh kt ni trc tip trong mng . Dch v truy nhp t xa cng cung cp
kh nng to lp mt kt ni WAN thng qua cc mng phng tin truyn dn
gi thnh thp nh mng thoi cng cng. Dch v truy cp t xa cng l cu
ni mt my tnh hay mt mng my tnh thng qua n c ni n
Internet theo cch c coi l hp l vi chi ph khng cao, ph hp vi cc
doanh nghp, t chc qui m va v nh. Khi la chn v thit k gii php
truy cp t xa, chng ta cn thit phi quan tm n cc yu cu sau:
S lng kt ni ti a c th phc v ngi dng t xa.
Cc ngun ti nguyn m ngi dng t xa mun mun truy cp.
129
Cng ngh, phng thc v thng lng kt ni. V d, cc kt ni c
th s dng modem thng qua mng in thoi cng cng PSTN, mng s ho
tch hp cc dch v ISDN...
Cc phng thc an ton cho truy cp t xa, phng thc xc thc
ngi dng, phng thc m ho d liu
Cc giao thc mng s dng kt ni.

1.2.Kt ni truy cp t xa v cc giao thc s dng trong truy cp t xa
Kt ni truy cp t xa
Tin trnh truy cp t xa c m t nh sau: ngi dng t xa khi to
mt kt ni ti my ch truy cp. Kt ni ny c to lp bng vic s dng
mt giao thc truy cp t xa (v d giao thc PPP- Point to Point Protocol).
My ch truy cp xc thc ngi dng v chp nhn kt ni cho ti khi kt
thc bi ngi dng hoc ngi qun tr h thng. My ch truy cp ng vai
tr nh mt gateway bng vic trao i d liu gia ngi dng t xa v mng
ni b. Bng vic s dng kt ni ny, ngi dng t xa gi v nhn d liu t
my ch truy cp. D liu c truyn trong cc khun dng c nh ngha
bi cc giao thc mng (v d giao thc TCP/IP) v sau c ng gi bi
cc giao thc truy cp t xa. Tt c cc dch v v cc ngun ti nguyn trong
mng ngi dng t xa u c th s dng thng qua kt ni truy cp t xa ny
(hnh 5.1)

Hnh 5.1: Kt ni truy cp t xa

Giao thc truy cp t xa
SLIP (Serial Line Interface Protocol), PPP v Microsoft RAS l cc giao
thc truy cp to lp kt ni c s dng trong truy cp t xa. SLIP l giao
thc truy cp kt ni im-im v ch h tr s dng vi giao thc IP, hin
nay hu nh khng cn c s dng. Microsoft RAS l giao thc ring ca
Microsoft h tr s dng cng vi cc giao thc NetBIOS, NetBEUI v c
s dng trong cc phin bn c ca Microsoft.
130
PPP giao thc truy cp kt ni im-im vi kh nhiu tnh nng u
vit, l mt giao thc chun c hu ht cc nh cung cp h tr. RFC 1661
nh ngha v PPP. Chc nng c bn ca PPP l ng gi thng tin giao thc
lp mng thng qua cc lin kt im im.
C ch lm vic v vn hnh ca PPP nh sau: thit lp truyn
thng, mi u cui ca lin kt PPP phi gi cc gi LCP (Link Control
Protocol) thit lp v kim tra lin kt d liu. Sau khi lin kt c thit lp
vi cc tnh nng ty chn c sp t v tha thun gia hai u lin kt,
PPP gi cc gi NCP (Network Control Protocol) la chn v cu hnh mt
hoc nhiu giao thc lp mng. Mi ln mt giao thc lp mng la chn
c cu hnh, lu lng t mi giao thc lp mng c th gi qua lin kt
ny. Lin kt tn ti cho n khi cc gi LCP hoc NCP ng kt ni hoc n
khi mt s kin bn ngoi xy ra (chng hn nh mt s kin hn gi hay mt
s can thip ca ngi qun tr). Ni cch khc PPP l mt con ng m ng
thi cho nhiu giao thc.
PPP khi u c pht trin trong mi trng mng IP, tuy nhin n
thc hin cc chc nng c lp vi cc giao thc lp 3 v c th c s dng
cho cc giao thc lp mng khc nhau. Nh cp, PPP ng gi cc th
tc lp mng c cu hnh chuyn qua mt lin kt PPP. PPP c nhiu
cc tnh nng khin n rt mm do v linh hot, bao gm:
- Ghp ni vi cc giao thc lp mng
- Lp cu hnh lin kt
- Kim tra cht lng lin kt
- Nhn thc
- Nn cc thng tin tip u
- Pht hin li
- Tha thun cc thng s lin kt
PPP h tr cc tnh nng ny thng qua vic cung cp LCP c kh nng
m rng v NCP tha thun cc thng s v cc chc nng ty chn gia
cc u cui. Cc giao thc, cc tnh nng ty chn, kiu xc thc ngi dng
tt c u c truyn thng trong khi khi to lin kt gia hai im.
PPP c th hot ng trong bt k giao din DTE/DCE no, PPP c th
hot ng ch ng b hoc khng ng b. Ngoi nhng yu cu khc
ca cc giao din DTE/DCE, PPP khng c hn ch no v tc truyn dn.
Trong hu ht cc cng ngh mng WAN, m hnh lp c a ra
c nhng im lin h vi m hnh OSI v din t vn hnh ca cc cng
ngh c th. PPP khng khc nhiu so vi cc cng ngh khc. PPP cng c
m hnh lp nh ngha cc cu trc v chc nng (hnh 5.2)

131

Hnh 5.2: M hnh lpPPP

Cng nh hu ht cc cng ngh, PPP c cu trc khung, cu trc ny
cho php ng gi bt c giao thc lp 3 no. Di y l cu trc khung PPP
(hnh 5.3)
Hnh 5.3: Cu trc khung PPP

Cc trng ca khung PPP nh sau:
C: di 1 byte s dng ch ra rng y l im bt u hay kt thc mt
khung, trng ny l mt dy bit 01111110
a ch: di 1 byte bao gm dy bit 11111111, l a ch qung b chun.
PPP khng gn tng a ch ring.
Giao thc: di 2 byte, nhn dng giao thc ng gi. Gi tr cp nht ca
trng ny c ch ra trong RFC 1700
D liu: c di thay i, c th 0 hoc nhiu byte l cc d liu cho kiu
giao thc c th oc ch ra trong trng giao thc. Phn cui cng ca trng
d liu c nhn bit bng cch t c v tip sau n l 2 byte FCS. Gi tr
ngm nh ca trng ny l 1500 byte. Tuy vy gi tr ln hn c th c s
dng tng di cho trng d lliu.
FCS: thng l 2 byte, c th s dng 4 byte FCS tng kh nng pht hin
li.
132
LCP c th tha thun chp nhn s thay i cu trc khung PPP
chun gia hai u cui ca lin kt. Cc khung thay i lun lun d nhn
bit hn so vi cc khung chun. LCP cung cp phng php thit lp, cu
hnh, duy tr v kt thc mt kt ni im-im. LCP thc hin cc chc nng
ny thng qua bn giai on. u tin, LCP thc hin thit lp v tha thun
cu hnh gia lin kt im im. Trc khi bt k n v d liu lp mng no
c chuyn, LCP u tin phi m kt ni v tha thun cc thng s thit
lp. Qu trnh ny c hon thnh khi mt khung nhn bit cu hnh c
gi v nhn. Tip theo, LCP xc nh cht lng lin kt. Lin kt c kim
tra xc nh xem liu cht lng c khi to cc giao thc lp mng
khng. Vic truyn dn ca giao thc lp mng b nh li cho n khi giai
on ny hon tt. LCP cho php y l mt ty chn sau giai on thit lp v
tha thun cu hnh ca lin kt. Sau LCP thc hin tha thun cu hnh
giao thc lp mng. Cc giao thc lp mng c th c cu hnh ring r bi
NCP thch hp v c khi to hay d b vo bt k thi im no. Cui
cng, LCP kt thc lin kt khi xut hin yu cu t ngi dng hoc theo cc
b nh thi gian, do li truyn dn hay do cc yu t vt l khc.
Ba kiu khung LCP c s dng hon thnh cc cng vic i vi
tng giai on: khung thit lp lin kt c s dng thit lp v cu hnh
mt lin kt, khung kt thc lin kt c s dng kt thc mt lin kt,
khung duy tr lin kt c s dng qun l v g ri lin kt.

Cc giao thc mng s dng trong truy cp t xa.
Khi trin khai dch v truy cp t xa, cc giao thc mng thng c
s dng l giao thc TCP/IP, IPX, NETBEUI.
TCP/IP l mt b giao thc gm c giao thc TCP v giao thc IP cng
lm vic vi nhau cung cp phng tin truyn thng trn mng. TCP/IP l
mt b giao thc c bn, lm nn tng cho truyn thng lin mng l b giao
thc mng c s dng ph bin nht hin nay. Vi kh nng nh tuyn v
m rng, TCP/IP h tr mt cch linh hot v ph hp cho cc tt c cc mng.
IPX (Internet Packet Exchange) l giao thc c s dng cho cc mng
Novell NetWare. IPX l mt giao thc c kh nng nh tuyn v thng c
s dng vi cc h thng mng trc y.
NetBEUI l giao thc dng cho mng cc b LAN ca Microsoft.
NetBEUI cho ta nhiu tin ch v hu nh khng phi lm g nhiu vi
NetBEUI. Thng qua NetBEUI ta c th truy cp tt c cc ti nguyn trn
mng. NETBEUI l mt giao thc khng c kh nng nh tuyn v ch thch
hp vi m hnh mng nh, n gin.

133
1.3. Modem v cc phng thc kt ni vt l.
1. Modem.
My tnh lm vic vi d liu dng s, khi truyn thng trn mi trng
truyn dn vi cc dng tn hiu khc (v d nh vi mng in thoi cng
cng lm vic vi cc tn hiu tng t) ta cn mt thit b chuyn i tn
hiu s thnh tn hiu thch nghi vi mi trng truyn dn, thit b gi l
Modem (Modulator/demodulator). Nh vy Modem l mt thit b chuyn i
tn hiu s sang dng tn hiu ph hp vi mi trng truyn dn v ngc li.
Hnh di l mt kt ni s dng modem qua mng in thoi in hnh (hnh
5.4).

Hnh 5.4: Kt ni s dng modem qua mng in thoi in hnh

Cc modem s dng cc phng php nn d liu nhm mc ch tng
tc truyn d liu. Hiu sut nn d liu ph thuc vo d liu, c hai giao
thc nn thng c s dng l V.42bis v MNP 5. hiu sut nn ca V.42bis
v MNP 5 c th thay i t 0 n 400 % hay cao hn ph thuc vo d liu t
nhin
Chun modem V.90 cho php cc modem nhn d liu vi tc 56 Kbps qua
mng in thoi cng cng (PSTN). V.90 xem mng PSTN nh l mt mng
s v chng s m ha dng d liu xung theo k thut s thay v iu ch
gi i nh cc chun iu ch trc y. Trong khi theo hng ngc li t
khch hng n nh cung cp dch v dng d liu ln vn c iu ch theo
cc nguyn tc thng thng v tc ti ta t c l 33.6 Kbps, giao thc
hng ln ny da trn chun V.34
S khc nhau gia tn hiu s ban u vi tn hiu s c phc hi ti
u nhn gi l tp m lng t ha (nhiu lng t), chnh tp m ny hn
ch tc truyn d liu. Gia cc modem u cui c mt cu trc h tng
cho vic kt ni l mng thoi cng cng. Cc chun modem trc y u
gi s c hai u ca kt ni ging nhau l c mt kt ni tng t vo mng
in thoi cng cng, cng ngh V.90 li dng u im ca t chc mng
m mt u kt ni gia h thng truy cp t xa v mng thoi cng cng l
dng s hon ton cn u kia vn c kt ni vo mng PSTN theo dng
tng t nh tn dng c cc u im ca lin kt s tc cao, v ch c
qu trnh bin i A/D mi gy ra tp m vi cc kt ni s th khng c lng
t ha do nhiu lng t rt t trong cu trc mng ny.
134
nh lut shanon ni rng ng dy in thoi tng t hn ch tc
truyn d liu khong 35 kbps m khng xem xt n mt thc t l mt u
ca truyn thng c s ha nn gim nh lng tp m gy ra s chm tr
trong vic truyn d liu. Nhiu lng t gii hn chun truyn thng V.34
tc 33.6 kbps, nhng nhiu lng t ch c nh hng khi chuyn i
tng t - s m khng c nh hng khi chuyn i s-tng t v y chnh
l cha kha cho cng ngh V.90 ng thi cng gii thch c v sao tc
download c th t c 56 kbps cn khi upload tc ch t 33.6 kbps. D
liu chuyn i t modem s V.90 qua mng PSTN l mt dng s vi tc 64
Kbps nhng ti sao V.90 ch h tr tc n 56 Kbps, v cc l do sau: Th
nht mc d nhiu lng t c b qua nhng nhiu mc thp do b
chuyn i s - tng t l khng tuyn tnh, do nh hng ca vng loop ni
ht. L do th hai l cc t chc quc t c qui nh cht ch v mc nng
lng tn hiu nhm hn ch nhiu xuyn m gia cc dy dn t gn k nhau,
v qui nh ny tng ng vi mc nng lng ti a trn ng dy in
thoi tng ng l 56 kbps
xy dng mt h thng truy cp t xa qua mng thoi cng cng t
c tc 56 kbps gia hai u kt ni cn hi ba iu kin sau: th nht,
mt u ca kt ni (thng l u trung tm mng) phi l kt ni s ti mng
PSTN. Th hai, chun modem V.90 h tr ti hai u cui ca ni kt. Th ba,
ch c mt chuyn i duy nht s-tng t trn mng thoi gia hai u ca
kt ni
Khi vn hnh modem V.90 thm d ng thoi quyt nh xem n
s lm vic theo tiu chun no, nu pht hin ra bt k mt chuyn i s-
tng t no th n n gin ch lm vic chun V.34 v cng c gng kt
ni chun ny nu modem u xa khng h tr chun V.90.

2.Cc phng thc kt ni vt l c bn:
Mt phng thc ph bin v s c dng nhiu l kt ni qua
mng in thoi cng cng (PSTN). My tnh c ni qua mt modem lp t
bn trong (Internal modem) hoc qua cng truyn s liu ni tip COM port.
Tc truyn ti a hin nay c th c c bng phng thc ny c th ln
n 56 Kbps cho chiu ly d liu xung v 33,6Kbps cho chiu truyn d liu
hng ln vi cc chun iu ch tn hiu ph bin V90, K56Flex, X2. Ta cng
c th s dng modem c yu cu v h tng c s thp hn vi chun iu ch
V.24, V.32Bis, V.32...
Phng thc th hai l s dng mng truyn s liu s a dch v ISDN.
Phng thc ny i hi chi ph cao hn v ngy cng c ph bin rng ri.
Ta c c kh nhiu cc li ch t vic s dng mng ISDN m mt trong s
l tc . Ta c th s dng cc la chn ISDN 2B+D BRI (2x64Kbps d
liu + 16Kbps dng cho iu khin) hoc 23B+D PRI (23x64Kbps + 64Kbps)
thng qua thit b TA (Terminal Adapter) hay cc card ISDN.
Mt phng thc khc nhng t c s dng l qua mng truyn s
liu X.25, tc khng cao nhng an ton v bo mt cao hn. Yu cu cho
135
ngi s dng trong trng hp ny l phi c s dng card truyn s liu
X.25 hoc mt thit b c gi l PAD (Packet Asssembled Disassembled).
Ta cng c th s dng cc kt ni trc tip qua cp modem, phng thc ny
cho ta cc kt ni tc cao nhng phi thng qua cc modem truyn s liu
c gi thnh cao.

2. An ton trong truy cp t xa
2.1. Cc phng thc xc thc kt ni
1.Qa trnh nhn thc.
Tin trnh nhn thc vi cc giao thc xc thc c thc hin khi
ngi dng t xa c cc yu cu xc thc ti my ch truy cp, mt tha thun
gia ngi dng t xa v my ch truy cp xc nh phng thc xc thc
s s dng. Nu khng c phng thc xc thc no c s dng, tin trnh
PPP s khi to kt ni gia hai im ngay lp tc.
Phng thc xc thc c th c s dng vi cc hnh thc kim tra c
s d liu a phng (lu tr cc thng tin v username v password ngay
trn my ch truy cp) xem cc thng tin v username v password c gi
n c trng vi trong c s d liu hay khng. Hoc l gi cc yu cu xc
thc ti mt server khc xc thc thng s dng l cc RADIUS server (s
c trnh by phn sau)
Sau khi kim tra cc thng tin gi tr li t c s d liu a phng
hoc t RADIUS server. Nu hp l, tin trnh PPP s khi to mt kt ni, nu
khng yu cu kt ni ca ngi dng s b t chi. (hnh 5.5)
.
Hnh 5.5: Xc thc kt ni

136
2.Giao thc xc thc PAP
PAP l mt phng thc xc thc kt ni khng an ton, nu s dng
mt chng trnh phn tch gi tin trn ng kt ni ta c th nhn thy cc
thng tin v username v password di dng c c. iu ny c ngha l
cc thng tin gi i t ngi dng t xa ti my ch truy cp khng c m
ha m c gi i di dng c c chnh l l do PAP khng an ton.
Hnh di m t qu trnh xc thc PAP, sau khi tha thun giao thc xc thc
PAP trn lin kt PPP gia cc u cui, ngui dng t xa gi thng tin
(username:nntrong, password:ras123) ti my ch truy cp t xa, sau khi kim
tra cc thng tin ny trong c s d liu ca mnh, my ch truy cp t ra s
quyt nh xem liu yu cu kt ni c c thc hin hay khng (hnh 5.6)

Hnh 5.6: Giao thc xc thc PAP

3.Giao thc xc thc CHAP
Sau khi tha thun giao thc xc thc CHAP trn lin kt PPP gia cc
u cui, my ch truy cp gi mt challenge ti ngi dng t xa. Ngi
dng t xa phc p li mt gi tr c tnh ton s dng tin trnh x l mt
chiu (hash). my ch truy cp kim tra v so snh thng tin phc p vi gi
tr hash m t n tnh c. Nu cc gi tr ny bng nhau vic xc thc l
thnh cng, ngc li kt ni s b hy b. Nh vy CHAP cung cp c ch an
ton thng qua vic s dng gi tr challenge thay i, duy nht v khng th
on c. Cc thng tin v username v password khng c gi i di
dng c c trn mng v do chng li cc truy cp tri php bng hnh
thc ly trm password trn ng kt ni (hnh 5.7).

137

Hnh 5.7: Giao thc xc thc CHAP

4.Giao thc xc thc m rng EAP
Ngoi cc giao thc kim tra tnh xc thc c bn PAP, CHAP, trong
Microsoft Windows 2000 h tr thm mt s giao thc cho ta cc kh nng
nng cao an ton, bo mt v a truy nhp l giao thc xc thc m rng
EAP (Extensible Authentication Protocol).
EAP cho php c c mt c cu xc thc tu cng nhn mt kt ni
gi vo. Ngi s dng v my ch truy nhp t xa s trao i tm ra giao
thc chnh xc c s dng. EAP h tr cc hnh thc sau:
S dng cc card vt l dng cung cp mt khu. Cc card ny dng
mt s cc phng thc xc thc khc nhau nh s dng cc on m thay i
theo mi lt s dng.
H tr MD5-CHAP, giao thc m ho tn ngi s dng, mt khu s
dng thut ton m ho MD5 (Message Digest 5).
H tr s dng cho cc th thng minh. Th thng minh bao gm th v
thit b c th. Cc thng tin xc thc v c nhn ngi dng c ghi li
trong cc th ny.
Cc nh pht trin phn mm c lp s dng giao din chng trnh
ng dng EAP c th pht trin cc module chng trnh cho cc cng ngh p
dng cho th nhn dng, th thng minh, cc phn cng sinh hc nh nhn
dng vng mc, cc h thng s dng mt khu mt ln.

2.2. Cc phng thc m ha d liu
Dch v truy cp t xa cung cp c ch an ton bng vic m ha v gii
m d liu truyn gia ngi dng truy cp t xa v my ch truy cp.
138
C hai phng thc m ha d liu thng c s dng l m ha
i xng v m ha phi i xng.
Phng thc m ho i xng, thng tin dng c c, c m ho
s dng kha b mt (kho m ch c ngi m ho mi bit c) to thnh
thng tin c m ho. pha nhn, thng tin m ho c gii m cng vi
kha b mt thnh dng gc ban u. im ch ca phng php m ho ny
l vic s dng kho b mt cho c qu trnh m ho v qu trnh gii m. Do
, nhc im chnh ca phng thc ny l cn c qu trnh trao i kho b
mt, dn n tnh trng d b l kho b mt.
Phng php m ho phi i xng, khc phc im hn ch ca
phng php m ho i xng l qu trnh trao i kho b mt, ngi ta s
dng phng php m ho phi i xng s dng mt cp kho tng ng vi
nhau gi l phng thc m ho phi i xng dng kho cng khai. Phng
thc m ha ny s dng hai kha l kha cng khai v kha b mt c cc
quan h ton hc vi nhau. Trong kha b mt c gi b mt v khng c
kh nng b l do khng cn phi trao i trn mng. Kha cng khai khng
phi gi b mt v mi ngi u c th nhn c kho ny. Do phng thc
m ha ny s dng 2 kha khc nhau, nn ngi ta gi n l phng thc m
ha phi i xng. Mc d kha b mt c gi b mt, nhng khng ging vi
"secret Key" c s dng trong phng thc m ha i xng s dng kho
b mt do kha b mt khng c trao i trn mng. Kha cng khai v kha
b mt tng ng ca n c quan h ton hc vi nhau v c sinh ra sau khi
thc hin cc hm ton hc; nhng cc hm ton hc ny lun tho mn iu
kin l sao cho khng th tm c kha b mt t kha cng cng v ngc
li. Do c mi quan h ton hc vi nhau, thng tin c m ha bng kha
cng khai ch c th gii m c bng kha b mt tng ng.
Giao thc thng c s dng m ha d liu hin nay l giao thc
IPsec. Hu ht cc my ch truy cp da trn phn cng hay mm hin nay u
h tr IPSec. IPSec l mt giao thc bao gm cc chun m bo m cc vn
bo mt, an ton v ton vn d liu cho cc kt ni qua mng s dng giao
thc IP bng cc bin php m ho. IPSec bo v chng li cc hnh ng ph
hoi t bn ngoi. Cc client khi to mt mi lin quan bo mt hot ng
tng t nh kho cng khai m ho d liu.
Ta c th s dng cc chnh sch p dng cho IPSec cu hnh n. Cc
chnh sch cung cp nhiu mc v kh nng bo m an ton cho tng
loi d liu. Cc chnh sch cho IPSec s c thit lp cho ph hp vi tng
ngi dng, tng nhm ngi dng, cho mt ng dng, mt nhm min hay
ton b h thng mng.

3. Trin khai dch v truy cp t xa
3.1. Kt ni gi vo v kt ni gi ra
Cu hnh my ch truy cp to lp cc kt ni gi vo cho php
ngi dng t xa truy cp vo mng. Cc thng s c bn thng c cu
139
hnh khi to lp cc kt ni gi vo bao gm xc nh cc phng thc xc
thc ngi dng, m ha hay khng m ha d liu, cc phng thc m ha
d liu nu yu cu, cc giao thc mng s c s dng cho truy nhp t xa,
cc thit t v chnh sch v cc quyn truy nhp ca ngi dng t xa, mc
c php truy nhp nh th no, xc nh phng thc cp pht a ch IP
cho my truy nhp t xa, cc yu cu cu hnh to lp cc kt ni VPN
Kt ni gi ra c th c thit lp gi ra ti mt mng dng ring
hoc ti mt ISP. Trong windows 2000 h tr cc hnh thc kt ni sau:
Ni ti mng dng ring, ta s phi cung cp s in thoi ni s ni
n. C th l s in thoi ca ISP, ca mng dng ring hay ca my tnh
pha xa. Xc nh quyn s dng kt ni ny. .
Ni ti Internet, hai la chn c th l s dng truy cp qua ng thoi
v s dng truy cp qua mng LAN. S dng ng thoi, cc vn ta cn
quan tm l s in thoi truy nhp, tn v mt khu c cung cp bi ISP. S
dng LAN, ta s phi quan tm n proxy server v mt s thit t khc.
To lp kt ni VPN, VPN l mt mng s dng cc kt ni dng giao
thc to ng hm (PPTP, L2TP, IPSEC,...) to c cc kt ni an
ton, bo m thng tin khng b xm phm khi truyn ti qua cc mng
cng cng. Tng t nh khi to lp mt kt ni gi ra, Nu cn thit
phi thng qua mt ISP trung gian trc khi ni ti mng dng ring, la
chn mt kt ni gi ra. Cung cp a ch my ch, a ch mng ni m
ta ang mun ni ti. Cc thit lp khc l thit t cc quyn s dng
kt ni.
To lp kt ni trc tip vi my tnh khc, la chn ny c s dng
kt ni trc tip hai my tnh vi nhau thng qua mt cp c thit k cho
ni trc tip hai my tnh. Mt trong hai my tnh c la chn l ch v my
tnh kia c la chn l t. La chn thit b cng ni hai my tnh ni vi
nhau.

3.2. Kt ni s dng a lung (Multilink)
Multilink l s kt hp nhiu lin kt vt l trong mt lin kt logic duy
nht nhm gia tng bng thng cho kt ni. Multilink cho php s dng hai
hoc nhiu hn cc cng truyn thng nh l mt cng duy nht c tc cao.
iu ny c ngha l ta c th s dng hai modem kt ni Internet vi tc
cao gp i so vi vic s dng mt modem. Multilink gia tng bng thng v
gim tr gia cc h thng bng c ch chia cc gi d liu v gi i trn
cc mch song song. Multilink s dng giao thc MPPP cho vic qun l cc
kt ni ca mnh. s dng, MPPP cn phi c h tr c hai pha ca kt
ni (hnh 5.8).
140

Hnh 5.8: Kt ni s dng a lung

Hnh v m t kt ni s dng Multilink, khi ngi dng t xa s dng
hai modem v hai ng thoi kt ni vi my ch truy cp, mi kt ni l vic
theo chun V.90 c tc 56 kbps s dng k thut Multilink cho php t tc
112 Kbps gia my truy cp t xa v my ch truy cp.

3.3. Cc chnh sch thit lp cho dch v truy nhp t xa
Chnh sch truy nhp t xa l tp hp cc iu kin v cc thit t cho
php ngi qun tr mng gn cho mi ngi dng t xa cc quyn truy cp v
mc s dng cc ngun ti nguyn trn mng. Ta c th dng cc chnh
sch c c nhiu cc la chn ph hp vi tng mc ngi dng, tng
tnh mm do, tnh nng ng khi cp quyn truy nhp cho ngi dng.
Mt chnh sch truy nhp t xa thng thng bao gm ba thnh phn
nhm cung cp cc truy nhp an ton c kim sot n my ch truy cp.
Cc iu kin (Conditions): l mt danh sch cc tham s nh ngy
thng, nhm ngi dng, m ngi gi, a ch IP ph hp vi my trm ang
ni n my ch truy cp. B chnh sch iu kin u tin ny tng ng vi
cc thng s ca yu cu kt ni gi n c x l i vi s cho php truy
cp v cu hnh.
S cho php (Permission): Cc kt ni truy nhp t xa c cho php v
gn trc tip ti mi ngi dng bi cc thit t trong cc chnh sch truy
nhp t xa. V d mt chnh sch c th gn tt c ngi dng trong mt nhm
no y quyn truy cp ch trong gi lm vic hnh chnh t 8:00 A.M n
5:00 P.M, hay ng thi gn cho mt nhm ngi dng khc quyn truy cp
lin tc 24/24.
Profile: Mi chnh sch u bao gm mt thit t ca profile p dng
cho kt ni nh l cc th tc xc thc hay m ha. Cc thit t trong profile
c thi hnh ngay ti cc kt ni. V d: nu mt profile thit t cho mt kt
ni m ngi dng ch c php s dng trong 30 pht mi ln th ngi
dng s b ngt kt ni ti my ch truy cp trong sau 30 pht.
Qu trnh thc thi cc chnh sch truy cp t xa c m t bng hnh
di (hnh 5.9)

141
Dial-in
permission
No connection
Use Remote
Access Policy
Contidion/
permition
Profile
Make
Connection
Connection
Conditions
No
Yes
Yes
Allow Deny
No
Allow Deny

Hnh 5.9: Qu trnh thc thi cc chnh sch truy cp t xa

Cc iu kin c gi ti to mt kt ni, nu cc iu kin gi ti
ny khng thch hp truy cp b t chi, nu thch hp cc iu kin ny c
s dng xc nh s truy cp. Tip theo my ch truy cp kim tra cc cho
php quay s vo ngi dng s b t chi nu thit t ny l Deny v c
php truy cp nu l Allow, nu thit t l s dng cc chnh sch truy cp
xc nh quyn truy cp th s cho php ca cc chnh sch s quyt nh
quyn truy cp ca ngi dng. Nu cc chnh sch ny t chi truy cp ngi
dng s b ngt kt ni, nu l cho php s chuyn ti kim tra cc chnh
sch trong profile l bc cui cng xc nh quyn truy cp ca ngi
dng.
3.4. S dng dch v gn a ch ng DHCP cho truy cp t xa
Khi thit lp mt my ch truy cp cho php ngi dng t xa truy
cp vo mng, ta c th la chn phng thc m cc my t xa c th nhn
c a ch IP.
Vi phng thc cu hnh a ch IP tnh ngay trn cc my trm, ngi
dng phi cu hnh bng tay a ch IP trn mi my truy cp. S dng phng
thc ny phi m bo rng cc thng tin cu hnh a ch IP l hp l v cha
c s dng trn mng. ng thi cc thng tin v default gateway,
DNScng phi c cu hnh bng tay mt cch chnh xc.V l do ny
142
khuyn ngh khng nn s dng phng php ny cho vic gn IP cho cc my
truy cp t xa.
My ch truy cp c th gn ng mt a ch IP cho cc my truy cp
t xa. a ch IP ny thuc trong khong a ch m ta cu hnh trn my
ch truy cp. S dng phng php ny ta cn phi m bo rng khong a
ch IP ny c dnh ring cp pht cho cc my truy cp t xa.
Phng thc s dng DHCP server, my ch truy cp nhn a ch IP t
DHCP server v gn cho cc my truy cp t xa. Phng thc ny rt linh hot,
khng cn phi dnh ring mt khong a ch IP d tr cho my truy cp t xa
v thng c s dng trong mt mng c t chc v a dng trong cc hnh
thc kt ni. a ch IP c cp pht cho cc my truy cp t xa mt cch t
ng, cc thng tin cu hnh khc (Gateway, DNS server) cng c cung
cp tp trung, chnh xc ti tng my truy cp ng thi cc my truy cp cng
khng cn thit phi cu hnh li khi c cc thay i v cu trc mng.
Hot ng ca DHCP c m t nh sau: Mi khi DHCP client khi
ng, n yu cu mt a ch IP t DHCP server. Khi DHCP server nhn yu
cu, n chn mt a ch IP trong khong IP c nh ngha trong c s d
liu ca n. DHCP server cp pht a ch IP ti DHCP client Nu DHCP
client chp nhn a ch IP ny, DHCP server cho thu a ch IP ny trong mt
khong thi gian c th (ty theo thit t). Cc thng tin v a ch IP c
gi t DHCP server ti DHCP client thng bao gm cc thnh phn sau: a
ch IP, subnet mask, cc gi tr la chn khc (default gateway, a ch DNS
server).

3.5. S dng RadiusServer xc thc kt ni cho truy cp t xa.
1. Hot ng ca Radius server
RADIUS l mt giao thc lm vic theo m hnh client/server. RADIUS
cung cp dch v xc thc v tnh cc cho mng truy nhp gin tip. Radius
client l mt my ch truy cp tip nhn cc yu cu xc thc t ngi dng t
xa v chuyn cc yu cu ny ti Radius server. Radius server nhn cc yu
cu kt ni ca ngi dng xc thc v sau tr v cc thng tin cu hnh cn
thit cho Radius client chuyn dch v ti ngi s dng (hnh 5.10).

Hnh 5.10: Hot ng ca Radius server
Qu trnh hot ng c m t nh sau:
143
1. Ngi s dng t xa khi to qu trnh xc thc PPP ti my ch truy
cp
2. My ch truy cp yu cu ngi dng cung cp thng tin v username
v password bng cc giao thc PAP hoc CHAP.
3. Ngi dng t xa phc p v gi thng tin username v password ti
my ch truy cp.
4. My ch truy cp (Radius client) gi chuyn tip cc thng tin username
v password c m ha ti Radius server
5. Radius server tr li vi cc thng tin chp nhn hay t chi. Radius
client thc hin theo cc dch v v cc thng s dch v i cng vi cc phc
p chp nhn hay t chi t Radius server
2. Nhn thc v cp quyn
Khi Radius server nhn yu cu truy cp t Radius client, Radius server
tm kim trong c s d liu cc thng tin v yu cu ny. Nu username
khng c trong c s d liu ny th hoc mt profile mc nh c chuyn
hoc mt thng bo t chi truy cp c chuyn ti Radius client.
Trong RADIUS nhn thc v cp quyn i i vi nhau, nu username
c trong c s d liu v password c xc nhn l ng th Radius server gi
tr v thng bo truy cp c chp nhn, thng bo ny bao gm mt danh
sch cc cp c tnh- gi tr m t cc thng s c s dng cho phin lm
vic. Cc thng s in hnh bao gm: kiu dch v, kiu giao thc, a ch gn
cho ngi dng (ng hoc tnh), danh sch truy cp c p dng hay mt
nh tuyn tnh c ci t trong bng nh tuyn ca my ch truy cp.
Thng tin cu hnh trong Radius server s xc nh nhng g s c ci t
trn my ch truy cp. Hnh v di y m t qu trnh nhn thc v cp
quyn ca Radius server (hnh 5.11)

Hnh 5.11: Nhn thc v cp quyn
3.Tnh cc
Cc vn v x l cc ca RADIUS hot ng c lp vi nhn thc
v cp quyn. Chc nng tnh cc cho php ghi li d liu c gi ti thi
im bt u v kt thc ca mt phin lm vic v a ra cc con s v mt s
dng ti nguyn nh (thi gian, s gi, s byte...) c s dng trong phin
lm vic .
144
3.6. Mng ring o v kt ni dng dch v truy cp t xa
VPN (Virtual Private Network) l mt mng ring c xy dng trn
nn tng h tng mng cng cng (v d mng Internet), s dng mng cng
cng cho vic truyn thng ring t.
Gii php VPN cho php ngi dng lm vic ti nh hoc ang i cng
tc xa c th thc hin mt kt ni ti tr s chnh bng vic s dng h tng
mng l mt mng cng cng nh l Internet, Nh vy thay v phi thc hin
mt kt ni ng di ti tr s chnh ngi s dng ch cn to lp mt kt
ni ni ht ti mt ISP khi bng cng ngh VPN mt kt ni VPN s c
thit lp gia ngi dng vi mng trung tm. Kt ni VPN cng cho php cc
t chc kt ni lin mng gia cc a im xa khc nhau thng qua cc kt
ni trc tip (leased line) t cc a im ti mt ISP. Nh vy kt ni VPN
cho php mt t chc gim chi ph gi ng di qua Dialup hay chi ph thu
ng leadline cho khong cch xa thay v nh vy ch cn cc kt ni ni ht
v iu ny l tit kim c chi ph. VPN gi d liu gia cc u cui, d
liu c ng gi, vi cc Header cung cp thng tin nh tuyn cho php
chuyn d liu qua mt lin kt hoc mt lin mng cng cng ti ch. D
liu chuyn i c m ho m bo an ton, cc gi d liu truyn thng
trn mng l khng th c m khng c kho gii m. Lin kt m trong d
liu c ng gi v m ho l mt kt ni VPN.
Cc hnh thc kt ni: C hai kiu kt ni VPN, kt ni VPN truy cp t
xa v kt ni Site-to-site. Mt kt ni VPN truy cp t xa c thit lp bi
mt my tnh PC ti mt mng dng ring. VPN gateway cung cp truy cp ti
cc ti nguyn ca mng dng ring. Cc gi d liu gi qua kt ni VPN
c khi to t cc client. VPN client thc hin vic xc thc ti VPN
gateway. Kt ni site-to-site, c thit lp bi cc VPN gateway v kt ni hai
phn ca mt mng dng ring. (hnh 5.12).

Hnh 5.12: Kt ni site-to-site
Tunnel: l mt phn quan trng trong vic xy dng mt mng VPN.
Cc chun truyn thng s dng qun l cc tulnnel v ng gi d liu ca
VPN bao gm cc giao thc lm vic lp 2 nh PPTP (Point-to-Point
Tunlling Protocol) c pht trin bi Microsoft h tr trong mi trng mng
145
Windows, L2TP (Layer 2 Tunnelling Protocol) c pht trin bi Cisco. IPsec
l mt giao thc lm vic lp 3, IPsec c pht trin bi IETF v ngy cng
c s dng rng ri.
L2TP v PPTP c mc ch l cung cp cc ng hm d liu thng
qua mng truyn d liu cng cng. L2TP khc vi PPTP ch n to lp
ng hm nhng khng m ho d liu. L2TP cung cp cc ng hm bo
mt khi cng hot ng vi cc cng ngh m ho khc nh IPSec. IPSec
khng yu cu phi c L2TP nhng cc chc nng m ho ca n a n cho
L2TP kh nng cung cp cc knh thng tin bo mt, cung cp cc gii php
VPN. L2TP v PPTP cng s dng PPP ng gi, thm bt thng tin tip
u v truyn ti d liu qua mng.
Cc kt ni VPN c cc c trng sau: ng gi (Encapsulation), xc
thc (Authentication) v m ho d liu (Data encryption)
ng gi d liu: Cng ngh VPN s dng mt phng thc ng gi
d liu trong cho php d liu truyn c qua mng cng cng qua cc
giao thc to ng hm.
Xc thc: Khi mt kt ni VPN c thit lp,VPN gateway s xc thc
VPN client ang yu cu kt ni v nu c c php kt ni c thc
hin. Nu s xc thc kt ni l qua li c s dng, th VPN client s thc
hin vic xc thc li VPN gateway, m bo rng y chnh l server m
mnh cn gi. Xc thc d liu v tnh ton vn ca d liu: xc nhn rng
d liu ang c gi t mt u ca kt ni khc m khng b thay i trong
qu trnh truyn, d liu phi bao gm mt trng kim tra bng mt m d
trn mt kho m ho bit ch gia ngi gi v ngi nhn
M ha d liu: m bo d liu truyn trn mng, d liu phi c
m ho ti u gi v gii m ti u nhn. Vic m ho v gii m d liu ph
thuc v ngi gi v ngi nhn ang s dng phng thc m ho v gii
m no.

3.7. S dng Network and Dial-up Connection
Network and Dial-up Connection (NDC) l mt cng c c Microsoft
pht trin h tr vic to lp cc kt ni trong bao gm cc kt ni cho
truy cp t xa. Vi vic s dng NDC ta c th truy cp ti cc ti nguyn d
ang trong mng hay mt a im xa. Cc kt ni c khi to, thit
lp cu hnh, lu gi v qun l bi NDC. Mi mt kt ni bao gm mt b cc
c tnh c s dng thit lp lin kt gia mt my tnh ti my tnh hoc
mng khc. Cc kt ni gi ra c lin lc vi mt my ch truy cp xa
bng cc hnh thc truy cp gin tip thng l qua cc mng truyn dn mng
thoi cng cng, mng ISDN. NDC cng h tr vic thit lp cc kt ni gi
vo c ngha l ng vai tr nh mt my ch truy cp.
Bi v tt c cc dch v v cc phng thc truyn thng u c thit
lp trong kt ni nn khng cn phi s dng cc cng c khc cu hnh cho
kt ni. V d thit lp cho mt kt ni dial-up bao gm cc c tnh c
146
s dng trc, trong v sau khi kt ni. Cc thng s ny bao gm: modem s
quay s, kiu m ha password c s dng v cc giao thc mng s s dng
sau kt ni. Trng thi kt ni bao gm thi gian v tc cng c chnh kt
ni hin th m khng cn bt c mt cng c no khc.

3.8. Mt s vn x l s c trong truy cp t xa
Cc vn lin quan n s c trong truy cp t xa, thng bao gm:
Gim st truy cp t xa: gim st my ch truy cp l phng php tt
nht thng s dng tm ra ngun gc ca cc vn xy ra s c. Mi mt
chng trnh phn mm hay thit b phn cng my ch truy cp bao gi cng
c cc cng c s dng gim st v ghi li cc s kin xy ra (trong cc file
log) i vi mi phin truy cp t xa.
Theo di cc kt ni truy cp t xa: kh nng theo di cc kt ni truy
cp t xa ca mt My ch truy cp cho ta x l cc vn phc tp v s c
mng. Cc thng tin theo di mt kt ni t xa thng rt phc tp v kh chi
tit do phn tch v x l cn thit ngi qun tr mng phi c kinh
nghim v trnh v h thng mng.
X l cc s c v phn cng: bao gm cc thit b truyn thng ti
ngi dng v ti my ch truy cp. i vi cc thit b ti ngi dng (thng
l cc modem, cc mng...), hy xem ti liu v sn phm hay hi nh cung
cp thit b v sn phm ca h v cc cch kim tra v xc nh li ca sn
phm ny. Nu kt ni s dng modem, hy kim tra rng modem c ci
t ng cha. Trong Windows 2000 cc bc kim tra nh sau:
o Trong Control Panel, kch Phone and Modem Options
o Trong trang modem, kch tn modem, sau kch Properties
o Kch Diagnostics, sau kch Query Modem.
Nu modem c ci t ng, b cc thng s v modem s c hin th,
ngc li hy kim tra v ci t li modem, trong trng hp cui cng hy
hi nh sn xut thit b ny. nhn thm cc thng tin v modem trong khi
ang c gng to lp mt kt ni, hy xem thng tin trong log file tm ra
nguyn nhn gp s c. ghi cc thng tin vo log file thc hin theo cc
bc sau:
o Trong Control Panel, kch Phone and Modem Options
o Trong trang modem, kch tn modem, sau kch Properties
o Kch Diagnostics, sau kch la chn Record a log, sau kch
OK.
i vi thit b truyn thng ti my ch truy cp: Kim tra cc thit b
phn cng tng t nh trong trng hp thit b ti ngi dng, ng thi
kim tra log file v cc s kin xy ra vi h thng tm ra nguyn nhn s
c. Mt cch khc kim tra modem ti my ch truy cp l s dng mt
ng in thoi v gi ti modem sau nghe xem modem c tr li v
c gng to mt kt ni hay khng. Nu khng c tn hiu to kt ni t
147
modem th c th kt lun rng ang c mt vn li v modem ti my
ch truy cp
X l cc s c v ng truyn thng: Thng l do cp c u sai
hay v nguyn nhn t nh cung cp dch v in thoi. Hy kim tra ng
in thoi t ngi dng ti my ch truy cp bng cch gi in thoi thng
thng, thng qua cht lng cuc gi ta cng c th phn no d on c
cht lng ca ng truyn.
X l cc thit t v cu hnh: Sau khi xc nh rng cc vn v
phn cng cng nh ng truyn thng u tt, bc tip theo ta kim tra cc
thit t v cu hnh, bao gm:
Cc thit t v mng: li cu hnh v mng xy ra khi to kt ni
thnh cng nhng vn khng th truy cp c cc ngun ti nguyn trn
mng, cc li thng xy ra nh vic phn gii tn cha hot ng, cc li v
nh tuyn...khi li v cu hnh mng xy ra, trc tin ta kim tra rng cc
my kt ni trc tip (khng thng qua dch v truy cp t xa) c th truy cp
c vo cc ngun ti nguyn trn mng. Sau kim tra cc cu hnh v
TCP/IP bng vic s dng lnh ipconfig /all trn my client. Kim tra rng cc
thng s nh DNS, a ch IP, cc thng s v nh tuyn c thit t
ng cha. S dng lnh ping kim tra kt ni mng lm vic.
Cc thit t My ch truy cp: Cc thit t trn my ch truy cp vi
cc thng s sai khi to lp kt ni c th l nguyn nhn ngi dng khng th
truy cp vo cc ngun ti nguyn trn mng. h tr cho vic xc nh
nguyn nhn gy li, kim tra cc s kin ghi log trn my ch truy cp v
client, trong mt s trng hp cn thit phi theo di (tracing) cc kt ni trn
my ch truy cp.
Cc thit t trn my ngi dng t xa: kim tra cc giao thc mng
lm vic trn client, cc giao thc mng lm vic trn client phi c h tr
bi my ch truy cp. V d, nu ngi dng t xa thit t trn client cc giao
thc NWLink, IPX/SPX v my ch truy cp ch h tr s dng TCP/IP, th
kt ni s khng thnh cng.

4. Bi tp thc hnh
Yu cu v Phng hc l thuyt: S lng my tnh theo s lng hc
vin trong lp hc m bo mi hc vin c mt my tnh, cu hnh my ti
thiu nh sau (PIII 800 MHZ, 256 MB RAM, HDD 1GB,FDD, CDROM 52 x).
My tnh ci t Windows 2000 advance server. Cc my tnh c ni
mng chy giao thc TCP/IP.
Thit b thc hnh: a ci phn mm Windows 2000 Advance Server.
Mi my tnh c 01 Modem V.90 v 01 ng in thoi. 01 account truy cp
internet
Bi 1: Thit lp dialup networking to ra kt ni Internet. truy cp
Internet v gii thiu cc dch v c bn
9 ng nhp vo h thng vi quyn Administrator.
148
9 Kch Start, tr settings, sau kch Network and Dial-up Connections
9 Trong Network and Dial-up Connections, kch p vo Make New
Connection.
9 Trong Network Connection Wizard, kch Next, c hai la chn c th s
dng l Dial-up to private network hoc Dial-up to the Internet.
9 Nu chn Dial-up to private network, a vo s in thoi truy cp ca
nh cung cp.
9 Nu chn Dial-up to the Internet, lc Internet Connection Wizard s
bt u, lm theo cc bc ch dn.
9 Nu mun tt c ngi dng u c th s dng kt ni ny th la chn,
For all users, sau kch Next. Nu mun ch ngi dng hin ti s dng th
la chn Only for myself, sau kch Next.
9 Nu la chn Only for myself th chuyn n bc cui cng, Nu
la chn For all users v mun cc my tnh khc trn mng c th chia s kt
ni ny hy la chn Enable Internet Connection Sharing for this connection.
9 Thit t ngm nh l bt k my tnh no cng c th khi to kt ni
ny mt cch t ng, nu mun b ngm nh ny hy xa la chn Enable
on-demand dialing, sau kch next
9 a vo tn ca kt ni v kch Finish.

Bi 2: Ci t v cu hnh dch v truy cp t xa cho php ngi dng t
xa truy cp vo mng trn h iu hnh Windows 2000 server.
Bc 1:
Ci t my ch dch v truy cp t xa
9 ng nhp vo h thng vi quyn Administrator
9 M Routing and Remote Access t menu Administrator Tools
9 Kch chut phi vo tn Server sau chn Configure and Enable
Routing and remote Access.
9 Kch bn Routing and Remote Access Server Setup xut hin, kch next
9 Trong trang common Configuration, chn Remote access server, sau
kch next
9 Trong trang Remote Client Protocol, xc nh cc giao thc s h tr
cho truy cp t xa, sau kch next
9 Trong trang Network Selection, la chn kt ni mng s gn cho cc
my truy cp t xa, sau kch next
9 Trong trang IP Address Asignment, la chn Automaticlly hoc From
specified range of addresses cho vic gn cc a ch IP ti cc my truy cp t
xa
149
9 Trong trang Managing Multiple Remote Acccess Servers cho php la
chn cu hnh RADIUS, kch next
9 Kch Finish kt thc.
Bc 2:
Thit t ti khon cho ngi dng t xa. Thit lp mt ti khon c tn
RemoteUser
9 ng nhp vi quyn Administrator
9 M Active Directory Users and Computers t menu Administrator
Tools
9 Kch chut phi vo Users, chn new v kch vo User
9 Trong hp thoi New Object-User, in RemoteUser vo First name
9 Trong hp User logon name, g RemoteUser
9 Thit t Password cho ti khon ny, kch next sau kch Finish.
9 Kch chut phi vo RemoteUser sau kch Properties
9 Trong trang Dial-In tab, kch Allow access, sau click OK
Thit lp mt Global group tn l RemoteGroup, sau thm ti khon ngi
dng va thit lp vo nhm ny
9 Kch chut phi vo Users, chn new sau kch Group
9 Trong hp thoi New Object-Group, mc Group name g vo
RemoteGroup
9 Trong mc Group scope kim tra Global c la chn, trong mc
Group type kim tra rng Security c la chn, sau kch OK
9 M hp thoi Properties ca RemoteGroup
9 Trong trang Member, kch Add
9 Trong hp thoi Select Users, Contacts, Computers, hoc Group, Look
in box, kim tra domain c hin th
9 Trong danh sch cc i tng, kch RemoteUser, kch Add sau kch
OK
9 Kch OK ng hp thoi RemoteGroup Properties
Bc 3:
Kim tra cu hnh thit lp bc trn bng vic thc hin mt kt ni quay
s ti my ch truy cp t xa vi ti khon c tn l RemoteUser, kt ni c
thit lp sau ng kt ni li.
Bc 4:
Cu hnh cho php ti khon RemoteUser truy cp vo mng c iu khin
truy cp bi cc chnh sch truy cp t xa (Remote access policy)
9 M li Active Directory Users and Computers t menu Administrator
Tools
150
9 M hp thoi Properties ca ti khon RemoteUser
9 Trong trang Dial-in tab, kch Control access though Remote Policy sau
kch OK, l u rng iu khin vng (Domain Controler) phi chy ch
Native.
9 Thu nh ca s Active Directory Users and Computers
Bc 5:
s ti my ch truy cp t xa vi ti khon c tn l RemoteUser. Thng bo
li xut hin, kt ni khng c thit lp.
Bc 6:
S dng RRAS thit lp mt chnh sch mi i vi ngi dng t xa, tn
chnh sch ny l Allow RemoteGroup Access cho php ngi dng trong
nhm RemoteGroup truy cp.
9 M rng tn my ch ang cu hnh, kch chut phi vo Remote
Access Policy sau chn New Remote Access Policy
9 Trong trang Policy Name, g vo Allow RemoteGroup Access sau
kch Next
9 Trong trang Condition, kch Add trong hp thoi Select Attribute kch
Windows-Groups sau kch Add
9 Trong hp thoi Groups kch Add
9 Trong hp thoi Select Groups, trong danh sch Look in, kch vo tn
domain
9 Trong hp thoi Select Groups,di Name kch RemoteGroups kch
Add sau kch OK
9 Trong hp thoi Groups kch OK
9 Trong trang Condition kch Next
9 Trong trang Permissions kch Grant remote access permission sau
kch Next
9 Trong trang User Profile kch Finish
9 Trong trang Routing and Remote Access kch Remote Access Policies
sau kch chut phi Allow RemoteGroup access sau kch Move Up
Bc 7:
thit lp sau ng kt ni li.
Bc 8:
Cu hnh default policy c thi hnh trc:
151
9 M trang Routing and Remote Access, kch chut phi RemoteGroup
sau kch Move Down.
9 ng ca s Routing and Remote Access
Bc 9:
s ti my ch truy cp t xa vi ti khon c tn l RemoteUser. Thng bo
li xut hin, kt ni khng c thit lp.
Bc 10:
Cu hnh cho php truy cp s dng Properties ca RemoteUser
9 M li Active Directory Users and Computers t menu Administrator
Tools
9 M Properties ca RemoteUser
9 Trong trang Dial-in, kch Allow access sau kch OK
9 ng Active Directory Users and Computers.
Bc 11:
thit lp sau ng kt ni li

Bi 3: Cu hnh VPN server v thit lp VPN Client, kim tra kt ni t
VPN Client ti VPN server
Bc 1:
Cu hnh cho kt ni VPN gi vo
9 Kch chut phi vo tn Server (Server l tn my ch ang cu hnh)
9 Kch bn thit lp Routing and Remote Access xut hin, kch next
9 Trong trang Network Selection, mc Name kim tra tn la chn sau
Click next
9 Trong trang IP Address Assigment, kch From a specified range of
addresses
9 Trong trang Address Range Assignment, kch New
9 in a ch IP vo Start IP address v in vo s a ch vo
Number of Address
9 Kch OK, sau kch next
9 Trong trang Managing Multiple Remote Access Servers, la chn No, I
dont want to set up this server to use RADIUS now, kch next sau kch
Finish
152
9 Kch OK ng hp thoi Routing and Remote Access.
Cu hnh cho php ti khon Administrator truy cp vo mng
9 M Active Directory Users and Computers t menu Administrator
Tools.
9 M rng tn domain kch Users, kch p chut vo Administrator
9 Trong mc Dial-in, chn Allow acces sau kch OK.
9 ng ca s Active Directory Users and Computers
Bc 2:
Cu hnh cho kt ni VPN gi ra. kim tra dch v truy cp t xa lm
vic phc v cho nhng ngi dng t xa, ta thit lp mt ni kt ti VPN
server.
9 Kch chut phi vo My Network Places, sau kch Properties
9 Trong ca s Network Dialup Connections, kch p chut vo Make
new connection
9 Trong trang Network Connection Type, kch Connect to a private
network through the Internet, sau kch next
9 Trong trang Destination Address page, g vo a ch IP ca my ci t
VPN server, sau kch next
9 Trong trang Connection Availability, kch Only for my self, kch next
sau kch Finish
9 Khi to kt ni ti VPN server
9 Trong hp thoi Connect Virtual Private Connection, kim tra ti khon
ng nhp l Administrator v Password sau kch connect
9 Kch OK ng thng bo Connnection Complete
9 ng ca s Network Dialup Connections.
S dng tin ch Ipconfig xc nhn rng bn thit lp c mt kt ni
VPN v nhn c a IP cho kt ni ny lu rng i ch IP cho kt ni
VPN ny l dy a ch tnh m VPN server cp pht
ng kt ni
9 Kch p vo biu tng Connection trong khay h thng
9 Trong hp thoi Vitual Private Connection Status, kch disconnect
9 ng tt c cc ca s li
Mc 2 : Dch v Proxy - Gii php cho vic kt ni mng
dng ring ra Internet

1. Cc khi nim
1.1. M hnh client server v mt s kh nng ng dng
153
M hnh chun cho cc ng dng trn mng l m hnh client-server.
Trong m hnh ny my tnh ng vai tr l mt client l my tnh c nhu cu
cn phc v dch v v my tnh ng vai tr l mt server l my tnh c th
p ng c cc yu cu v dch v t cc client. Khi nim client-server
ch mang tnh tng i, iu ny c ngha l mt my c th lc ny ng vai
tr l client v lc khc li ng vai tr l server. Nhn chung, client l mt
my tnh c nhn, cn cc Server l cc my tnh c cu hnh mnh c cha cc
c s d liu v cc chng trnh ng dng phc v mt dch v no y t
cc yu cu ca client (hnh 5.13).

Hnh 5.13: M hnh client server
Cch thc hot ng ca m hnh client-server nh sau: mt tin trnh
trn server khi to lun trng thi ch yu cu t cc tin trnh client, tin
trnh ti client c khi to c th trn cng h thng hoc trn cc h thng
khc c kt ni thng qua mng, tin trnh client thng c khi to bi
cc lnh t ngi dng. Tin trnh client ra yu cu v gi chng qua mng ti
server yu cu c phc v cc dch v. Tin trnh trn server thc hin
vic xc nh yu cu hp l t client sau phc v v tr kt qu ti client v
tip tc ch i cc yu cu khc. Mt s kiu dch v m server c th cung
cp nh: dch v v thi gian (tr yu cu thng tin v thi gian ti client), dch
v in n (phc v yu cu in ti client), dch v file (gi, nhn v cc thao tc
v file cho client), thi hnh cc lnh t client trn server...
Dch v web l mt dch v c bn trn mng Internet hot ng theo
m hnh client-server. Trnh duyt Web (Internet Explorer, Netscape...) trn
cc my client s dng giao thc TCP/IP a ra cc yu cu HTTP ti my
server. Trnh duyt c th a ra cc yu cu mt trang web c th hay yu cu
thng tin trong cc c s d liu. My server s dng phn mm ca n phn
tch cc yu cu t cc gi tin nhn c kim tra tnh hp l ca client v thc
hin phc v cc yu cu c th l gi tr li client mt trang web c th hay
cc thng tin trn c s d liu di dng mt trang web. Server l ni lu tr
ni dung thng tin cc website, phn mm trn server cho php server xc nh
c trang cn yu cu v gi ti client. C s d liu v cc ng dng tng
t khc trn my ch c khai thc v kt ni qua cc chng trnh nh CGI
(Common Gateway Interface), khi cc my server nhn c yu cu v tra
cu trong c s d liu , n chuyn yu cu ti server c cha c s d liu
hoc ng dng x l qua CGI.
1.2. Socket
Mt kt ni c nh ngha nh l mt lin kt truyn thng gia cc
tin trnh, nh vy xc nh mt kt ni cn phi xc nh cc thnh phn
sau: {Protocol, local-addr, local-process, remote-addr, remote-process}
154
Trong local-addr v remote-addr l a ch ca cc my a phng v my
t xa. local-process, remote-process xc nh v tr tin trnh trn mi h
thng. Chng ta nh ngha mt na kt ni l {Protocol, local-addr, local-
process} v {Protocol, remote-addr, remote-process} hay cn gi l mt
socket.
Chng ta bit xc inh mt my ta da vo a ch IP ca n,
nhng trn mt my c v s cc tin trnh ng dng ang chy, xc nh v
tr cc tin trnh ng dng ny ngi ta nh danh cho mi tin trnh mt s
hiu cng, giao thc TCP s dng 16 bit cho vic nh danh cc cng tin trnh
v qui c s hiu cng t 1-1023 c s dng cho cc tin trnh chun (nh
FTP qui c s dng cng 21, dch v WEB qui c cng 80, dch v gi th
SMTP cng 25...) s hiu cng t 1024- 65535 dnh cho cc ng dng ca
ngi dng. Nh vy mt cng kt hp vi mt a ch IP to thnh mt socket
duy nht trong lin mng. Mt kt ni TCP c cung cp nh mt lin kt
logic gia mt cp socket. Mt socket c th tham gia nhiu lin kt vi cc
socket xa khc nhau. Trc khi truyn d liu gia hai trm cn phi thit lp
mt lin kt TCP gia chng v khi kt thc phin truyn d liu th lin kt
s c gii phng.

Hnh 5.14: Socket

Qu trnh thit lp mt socket vi cc li gi h thng c m t nh
sau: server thit lp mt socket vi cc thng s c t cc th tc truyn thng
nh (TCP, UDP, XNS...) v cc kiu truyn thng (SOCK_STREAM,
155
SOCK_DGRAM...), sau lin kt ti socket ny cc thng s v a ch nh
IP v cc cng TCP/UDP sau server ch ch v chp nhn kt ni n
t client.
1.3. Phng thc hot ng v c im ca dch v Proxy
1. Phng thc hot ng
Dch v proxy c trin khai nhm mc ch phc v cc kt ni t cc
my tnh trong mng dng ring ra Internet. Khi ng k s dng dch v
internet ti nh cung cp dch v, khch hng s c cp hu hn s lng a
ch IP t nh cung cp, s lng IP nhn c khng cp cho cc my
tnh trm. Mt khc vi nhu cu kt ni mng dng ring ra Internet m khng
mun thay i li cu trc mng hin ti ng thi mun gia tng kh nng thi
hnh ca mng qua mt kt ni Internet duy nht v mun kim sot tt c cc
thng tin vo ra, mun cp quyn v ghi li cc thng tin truy cp ca ngi s
dng Dch v proxy p ng c tt c cc yu cu trn. Hot ng trn c
s m hnh client-server. Qu trnh hot ng ca dch v proxy theo cc bc
nh sau:

Hnh 5.15: Hot ng ca dch v Proxy

1 Client yu cu mt i tng trn mng Internet
1 Proxy server tip nhn yu cu, kim tra tnh hp l cng nh thc hin
vic xc thc client nu tha mn proxy server gi yu cu i tng ny ti
server trn Internet.
1 Server trn Internet gi i tng yu cu v cho proxy server.
1 Proxy server gi tr i tng v cho client
Ta c th thit lp proxy server phc v cho nhiu dch v nh dch
v truyn file, dch v web, dch v th in tMi mt dch v cn c mt
proxy server c th phc v cc yu cu c th ca dch v t cc client.
Proxy server cn c th c cu hnh cho php qung b cc server
thuc mng trong ra ngoi Internet vi mc an ton cao. V d ta c th thit
lp mt web server thuc mng trong v thit lp cc qui tc qung b web trn
proxy server cho php qung b web server ny ra ngoi Internet. Tt c cc
yu cu truy cp web n c chp nhn bi proxy server v proxy server s
thc hin vic chuyn tip yu cu ti web server thuc mng trong (hnh 5.16)
156

Cc client c t chc trong mt cu trc mng gi l mng trong
(Inside network) hay cn gi l mng dng ring. IANA (Internet Assigned
Numbers Authority) dnh ring 3 khong a ch IP tng ng vi 3 lp
mng tiu chun cho cc mng dng ring l:
10.0.0.0 - 10.255.255.255 (lp A)
172.16.0.0 - 172.31.255.255 (lp B)
192.168.0.0 - 192.168.255.255 (lp C)
Cc a ch ny s dng cho cc client trong mng dng ring m khng
c gn cho bt c my ch no trn mng Internet. Trong vic thit k v
cu hnh mng dng ring khuyn ngh nn s dng cc khong a ch IP ny.
Khi nim mng ngoi (Outside network) l ch vng m cc server
thuc vo. Cc a ch s dng trn mng ny l cc a ch IP c ng k
hp l ca nh cung cp dch v Internet.
Proxy server s dng hai giao tip, giao tip mng trong v giao tip
ngoi. Giao tip trong in hnh l cc cc mng s dng cho vic kt ni gia
proxy server vi mng dng ring v c a ch c gn l a ch thuc mng
dng ring. Tt c cc thng tin gia client thuc mng dng ring v proxy
server c thc hin thng qua giao tip ny. Giao tip ngoi thng bng cc
hnh thc truy cp gin tip qua mng in thoi cng cng v qua cc mng
bng kt ni trc tip ti mng ngoi. Giao tip ngoi c gn a ch IP
thuc mng ngoi c cung cp hp l bi nh cung cp dch v Internet.
2. c im
Proxy Server kt ni mng dng ring vi mng Internet ton cu v
cng cho php cc my tnh trn mng internet c th truy cp cc ti nguyn
trong mng dng ring.
Proxy Server tng cng kh nng kt ni ra Internet ca cc my tnh
trong mng dng ring bng cch tp hp cc yu cu truy cp Internet t cc
my tnh trong mng v sau khi nhn c kt qu t Internet s tr li li cho
my c yu cu ban u.
Ngoi ra proxy server cn c kh nng bo mt v kim sot truy cp
Internet ca cc my tnh trong mng dng ring. Cho php thit t cc chnh
sch truy cp ti tng ngi dng.
157
Proxy server lu tr tm thi cc kt qu c ly t Internet v
nhm tr li cho cc yu cu truy cp Internet vi cng a ch. Vic lu tr
ny cho php cc yu cu truy cp Internet vi cng a ch s khng cn phi
ly li kt qu t Internet, lm gim thi gian truy cp Internet, tng cng hot
ng ca mng v gim ti trn ng kt ni Internet. Cc cng vic lu tr
ny gi l qu trnh cache.
1.4. Cache v cc phng thc cache
Nhm tng cng kh nng truy cp Internet t cc my tnh trm trong
mng s dng dch v proxy ta s dng cc phng thc cache. Dch v proxy
s dng cache lu tr bn sao ca cc i tng c truy cp trc .
Tt c cc i tng u c th c lu tr (nh hnh nh v cc tp tin), tuy
nhin mt s i tng nh yu cu xc thc (Authenticate) v s dng SSL
(Secure Socket Layer) khng c cache. Nh vy vi cc i tng c
cache, khi mt yu cu t mt my tnh trm ti proxy server, proxy server
thay v kt ni ti a ch m my tnh trm yu cu s tm kim trong cache
cc i tng tho mn v gi tr kt qu v my tnh trm. Nh vy cache cho
php ci thin hiu nng truy cp Internet ca cc my trm v lm gim lu
lng trn ng kt ni Internet. Vn gp phi khi s dng cache l khi cc
i tng c cache c s thay i t ngun, cc my tnh trm yu cu mt
i tng ti proxy server, proxy server ly i tng trong cache phc v
v nh vy thng tin chuyn ti cc my tnh trm l thng tin c so vi ngun,
gii quyt vn ny cn phi c cc chnh sch cache cc i tng
ng thi cc i tng phi lin tc c cp nht mi. V d: thng thng
mt a ch WEB th cc i tng v hnh nh t c s thay i cn ni dung
text thng c s thay i do ta c th thit t ch cache nhng i tng
hnh nh, nhng i tng c ni dung text th khng cache, iu ny khng
nh hng ti hiu sut truy cp v cc tp tin v hnh nh thng c knh
thc rt ln so vi cc i tng c ni dung text, vic cp nht cc i tng
nh th no ph thuc vo cc phng thc cache m ta s trnh by di y.
Proxy server thc thi cache cho cc i tng c yu cu mt cch c
chu k tng hiu sut ca mng. Ta c th thit lp cache m bo rng
n bao gm nhng d liu thng hay cc client s dng nht. Proxy server c
th s dng cho php thng tin gia mng dng ring v Internet, vic thng
tin c th l client trong mng truy cp Internet-trong trng hp ny proxy
server thc hin Forward caching, cng c th l client ngoi truy cp ti mng
trong (ti cc server c qung b)-trong trng hp ny proxy server thc
hin reverse caching. C hai trng hp u c c t kh nng ca proxy
server l lu tr thng tin (tm thi) lm cho vic truyn thng thng tin c
nhanh hn, sau y l cc tnh cht ca cache proxy server:
- Phn cache: khi ci t mt mng cc my proxy server ta s thit lp c
vic phn phi ni dung cache. Proxy server cho php ghp nhiu h thng
thnh mt cache logic duy nht.
- Cache phn cp: Kh nng phn phi cache cn c th chuyn su hn bng
cch ci t ch cache phn cp lin kt mt lot cc my proxy server vi
nhau client c th truy cp ti gn chng nht.
158
- Cache nh k: s dng cache nh k ni dung download i vi cc yu cu
thng xuyn ca cc client
- Reverse cache: proxy server c th cache cc ni dung ca cc server qung b
do tng hiu sut v kh nng truy cp, mi c tnh cache ca proxy server
u c th p dng cho ni dung trn cc server qung b.
Proxy server c th c trin khai nh mt Forward cache nhm cung
cp tnh nng cache cho cc client mng trong truy cp Internet. Proxy server
duy tr b cache tp trung ca cc i tng Internet thng c yu cu c
th truy cp t bt k trnh duyt t my client. Cc i tng phc v cho cc
yu cu t cc a cache yu cu tc v x l nh hn ng k so vi cc i
tng t Internet, vic ny tng cng hiu sut ca trnh duyt trn client,
gim thi gian hi p v gim vic chim bng thng cho kt ni Internet.
Hnh v sau m t proxy server x l cc yu cu ca ngi dng ra sao (hnh
6.17)


Hnh trn m t qu trnh cc client trong mng dng ring truy cp ra
ngoi Internet nhng tin trnh ny cng tng t i vi cc cache reverse
(khi ngi dng trn Internet truy cp vo cc Server qung b) cc bc bao
gm;
1 Client 1 yu cu mt i tng trn mng Internet
2 Proxy server kim tra xem i tng c trong cache hay khng. Nu i
tng khng c trong cache ca proxy server th proxy server gi yu cu i
tng ti server trn Internet.
3 Server trn Internet gi i tng yu cu v cho proxy server .
4 proxy server gi bn copy ca i tng trong cache ca n v tr i
tng v cho client1
5 Client 2 gi mt yu cu v i tng tng t
6 Proxy server gicho client 2 i tng t cache ca n ch khng phi
t Internet na.
159
Ta c th trin khai dch v proxy qung b cc server trong mng
dng ring ra ngoi Internet. Vi cc yu cu n, proxy server c th ng vai
tr nh l mt server bn ngoi, p ng cc yu cu ca client t cc ni dung
web trong cache ca n. Proxy server chuyn tip cc yu cu cho server ch
khi no cache ca n khng th phc v yu cu (Reverse cache).
La chn cc phng thc cache da trn cc yu t: khng gian cng
s dng, i tng no c cache v khi no cc i tng ny s c cp
nht. V c bn ta c hai phng thc cache th ng v ch ng.
Phng thc Cache th ng (passive cache): Cache th ng lu tr
cc i tng ch khi cc my tnh trm yu cu ti i tng. Khi mt i
tng c chuyn ti my tnh trm, my ch Proxy xc nh xem i tng
ny c th cache hay khng nu c th i tng s c cache. Cc i tng
ch c cp nht khi c nhu cu. i tng s b xo khi cache da trn thi
im gn nht m cc my tnh trm truy cp ti i tng. Phng thc ny
c li ch l s dng t hn b x l nhng tn nhiu khng gian a hn
Phng thc Cache ch ng (active cache): Cng ging nh phng
thc cache th ng, Cache ch ng lu tr cc i tng khi cc my tnh
trm ra yu cu ti mt i tng my ch Proxy p ng yu cu v lu i
tng ny vo Cache. Phng thc ny t ng cp nht cc i tng t
Internet da vo: s lng yu cu i vi cc i tng, i tng thng
xuyn thay i nh th no. Phng thc ny s t ng cp nht cc i tng
khi m my ch Proxy ang phc v mc thp v do khng nh hng
n hiu sut phc v cc my tnh trm. i tng trong cache s b xo da
trn cc thng tin header HTTP, URL.

2. Trin khai dch v proxy
2.1. Cc m hnh kt ni mng
i tng phc v ca proxy server kh rng, t mng vn phng nh,
mng vn phng va ti mng ca cc tp on ln. Vi mi quy m t chc
s c mt cu trc mng s dng proxy server cho ph hp. Sau y chng ta
s xem xt mt s m hnh c bn i vi mng c nh, mng c trung bnh v
mng tp on ln. Trong chng ta s i su vo m hnh th nht dnh cho
mng vn phng nh bi n ph hp quy m t chc ca cc cng ty va v
nh ti Vit nam.
M hnh mng vn phng nh:
- Bao gm mt mng LAN c lp.
- S dng giao thc IP.
- Kt ni Internet bng ng thoi (qua mng in thoi cng cng bng cc
hnh thc quay dial-up hay s dng cng ngh ADSL) hoc ng trc tip
(Leased Line).
- t hn 250 my tnh trm.
M hnh kt ni mng nh hnh v (hnh 5.18)
160

Hnh 5.18: M hnh kt ni mng

Theo m hnh ny, vi mi phng thc kt ni Internet Proxy server s dng
02 giao tip nh sau:
- Kt ni Internet bng ng thoi qua mng PSTN:
01 giao tip vi mng ni b thng qua card mng.
01 giao tip vi Internet thng qua Modem.
- Kt ni Internet bng ng trc tip (Leased Line)
01 giao tip vi mng ni b thng qua card mng
01 giao tip vi Internet thng qua card mng khc. Lc ny bng a ch ni
b (LAT-Local Address Table) c xy dng da trn danh sch a ch IP
mng ni b.
M hnh kt ni mng c trung bnh
c trng ca mng vn phng c trung bnh nh sau:
- Vn phng trung tm vi mt vi mng LAN
- Mi vn phng chi nhnh c mt mng LAN.
- S dng giao thc IP.
- Kt ni bng ng thoi t vn phng chi nhnh ti vn phng trung tm.
- Kt ni Internet t vn phng trung tm ti ISP bng ng thoi hoc ng
trc tip (Leased Line).
- t hn 2000 my tnh trm
M hnh mng nh hnh 5.19. Theo m hnh ny, vn phng chi nhnh
s dng mt my ch Proxy cung cp kh nng lu tr thng tin ni b (local
caching), qun tr kt ni v kim sot truy cp ti vn phng trung tm. Ti
vn phng trung tm, mt s my ch Proxy hot ng theo kin trc mng
(array) cung cp kh nng bo mt chung cho ton mng, cung cp tnh nng
lu tr thng tin phn tn (distributed caching) v cung cp kt ni ra Internet.
161


M hnh kt ni mng tp on ln
Mng ca cc tp on ln c c trng nh sau:
- Vn phng trung tm c nhiu mng LAN v c mng trc LAN.
- C vi vn phng chi nhnh, mi vn phng chi nhnh c mt mng LAN.
- S dng giao thc mng IP.
- Kt ni bng ng thoi t cc vn phng chi nhnh ti vn phng trung tm.
- Kt ni Internet t vn phng trung tm ti ISP bng ng ng trc tip
(Leased Line).
- C nhiu hn 2000 my tnh trm.
M hnh mng nh hnh 5.20. Theo m hnh ny mng ti cc vn
phng chi nhnh cng cu hnh tng t nh i vi m hnh cc vn phng c
trung bnh. Cc yu cu kt ni Internet khng c p ng bi cache ni b
ti my ch Proxy ca vn phng chi nhnh s c chuyn ti mt lot my
ch Proxy hot ng theo kin trc mng ti vn phng trung tm. Ti vn
phng trung tm cc my ch Proxy s dng 02 giao tip mng (card mng)
trong 01 card mng giao tip vi mng trc LAN v 01 card mng giao tip
vi mng LAN thnh vin.
162


2.2. Thit lp chnh sch truy cp v cc qui tc
1..Cc qui tc.
Ta c th thit lp proxy server p ng cc yu cu bo mt v vn
hnh bng cch thit lp cc qui tc xc nh xem liu ngi dng, my tnh
hoc ng dng c c quyn truy cp v truy cp nh th no ti my tnh
trong mng hay trn Internet hay khng. Thng thng mt proxy server nh
ngha cc loi qui tc sau: Qui tc v chnh sch truy nhp, qui tc v bng
thng, qui tc v chnh sch qung b, cc c tnh lc gi v qui tc v nh
tuyn v chui (chaining).
Khi mt client trong mng yu cu mt i tng proxy server s x l
cc qui tc xc nh xem yu cu c c xc nh chp nhn hay khng.
Tng t khi mt client bn ngoi (Internet) yu cu mt i tng t mt
server trong mng, proxy server cng x l cc b qui tc xem yu cu c c
cho php khng.
Cc qui tc ca chnh sch truy nhp:Ta c th s dng proxy server
thit lp chnh sch bao gm cc qui tc v giao thc, qui tc v ni dung. Cc
qui tc giao thc nh ngha giao thc no c th s dng cho thng tin gia
mng trong v Internet. Qui tc giao thc s c x l mc ng dng. V d
mt qui tc giao thc c th cho php cc Client s dng giao thc HTTP. Cc
qui tc v ni dung qui nh nhng ni dung no trn cc site no m client c
th truy nhp. Cc qui tc ni dung cng c x l mc ng dng. V d
mt qui tc v ni dung c th cho php cc client truy nhp ti bt k a ch
no trn Internet.
163
Qui tc bng thng: Qui tc bng thng xc nh kt ni no nhn c
quyn u tin.Trong vic iu khin bng thng thng th proxy server khng
gii hn rng bng thng. Hn na n cho bit cht lng dch v (QoS)
c cp pht u tin cho cc kt ni mng nh th no. Thng th bt k kt
ni no khng c qui tc v bng thng km theo s nhn c quyn u tin
ngm nh v bt k kt ni no c qui tc bng thng i km s c sp xp
vi quyn u tin hn quyn u tin ngm nh.
Cc qui tc v chnh sch qung b: Ta c th s dng proxy server
thit lp chnh sch qung b, bao gm cc qui tc qung b server v qui tc
qung b web. Cc qui tc qung b server v web lc tt c cc yu cu n t
cc yu cu ca client ngoi mng (internet) ti cc server trong mng. Cc qui
tc qung b server v web s a cc yu cu n cho cc server thch hp
pha sau proxy server.
c tnh lc gi: c tnh lc gi ca proxy server cho php iu khin
lung cc gi IP n v i t proxy server. Khi lc gi hot ng th mi gi
trn giao din bn ngoi u b rt li, tr khi chng c hon ton cho php
hoc l mt cch c nh bng cc b lc gi IP, hoc l mt cch ng bng
cc chnh sch truy cp hay qung b. Thm ch nu bn khng lc gi hot
ng th truyn thng gia mng Internet v mng cc b c cho php khi
no bn thit lp r rng cc qui tc cho php truy cp. Trong hu ht cc
trng hp, vic m cc cng ng thng c s dng hn. Do , ngi ta
thng khuyn ngh rng bn nn thit lp cc qui tc truy cp cho php client
trong mng truy nhp vo Internet hoc cc qui tc qung b cho php client
bn ngoi truy nhp vo cc server bn trong. l do cc b lc gi IP m
mt cch c nh nhng chnh sch truy nhp v qui tc qung b li m cc
cng kiu ng. Gi s bn mun cp quyn cho mi ngi dng trong mng
truy cp ti cc site HTTP. Bn khng nn thit lp mt b lc gi IP m
cng 80. Nn thit lp qui tc v site, ni dung v giao thc cn thit cho
php vic truy nhp ny. Trong mt vi trng hp ta s phi s dng cc lc
gi IP, v d nn thit lp cc lc gi IP nu ta mun qung b cc Server ra
bn ngoi.
Qui tc nh tuyn v cu hnh chui proxy (chaining): thng l qui tc
c p dng sau cng nh tuyn cc yu cu ca client ti mt server
c ch nh phc v cc yu cu .
2. X l cc yu cu i
Mt trong cc chc nng chnh ca proxy server l kh nng kt ni
mng dng ring ra Internet trong khi bo v mng khi nhng ni dung c c
. thun tin cho vic kim sot kt ni ny, ta dng proxy server to ra
mt chnh sch truy cp cho php cc client truy cp ti cc server trn Internet
c th, chnh sch truy cp cng vi cc qui tc nh tuyn quyt nh cc
client truy cp Internet nh th no.
Khi proxy server x l mt yu cu i, proxy server kim tra cc qui tc
nh tuyn cc qui tc v ni dung v cc qui tc giao thc xem xt vic truy
cp c c php hay khng. Yu cu ch c cho php nu c quy tc giao
164
thc, qui tc ni dung v site cho php v nu khng mt qui tc no t chi
yu cu.
Mt vi qui tc c th c thit lp p dng cho cc client c th.
Trong trng hp ny, cc client c th c ch nh hoc l bng a ch IP
hoc bng user name. Proxy server x l cc yu cu theo cch khc nhau ph
thuc vo kiu yu cu ca client v vic thit lp proxy server.Vi mt yu
cu, cc qui tc c x l theo th t nh sau: qui tc giao thc, qui tc ni
dung, cc lc gi IP, qui tc nh tuyn hoc cu hnh chui proxy.
Hnh di a ra qu trnh x l i vi mt yu cu i (hnh 5.21)

Hnh 5.21: Qu trnh x l i vi mt yu cu i

Trc tin, proxy server kim tra cc qui tc giao thc, proxy server
chp nhn yu cu ch khi mt qui tc giao thc chp nhn mt cch c th yu
cu v khng mt qui tc giao thc no t chi yu cu .
Sau , proxy server kim tra cc qui tc v ni dung. Proxy server ch
chp nhn yu cu nu mt qui tc v ni dung chp nhn yu cu v khng c
mt qui tc v ni dung no t chi n.
Tip n proxy server kim tra xem liu c mt b lc gi IP no c
thit lp loi b yu cu khng quyt nh xem liu yu cu c b t chi.
Cui cng, proxy server kim tra qui tc nh tuyn quyt nh xem yu cu
c phc v nh th no.
Gi s ci t mt proxy server trn mt my tnh vi hai giao tip kt
ni, mt kt ni vi Internet v mt kt ni vo mng dng ring. Ta s cho cc
ch dn cho php tt c client truy cp vo tt c cc site. Trong trng hp
ny, chnh sch truy nhp ch l cc qui tc nh sau: mt qui tc v giao thc
165
cho php tt c cc client s dng mi giao thc ti tt c cc thi im .Mt
qui tc v ni dung cho php tt c mi ngi truy cp ti mi ni dung trn tt
c cc site tt c cc thi im no. Lu rng qui tc ny cho php cc
client truy cp Internet nhng khng cho cc client bn ngoi truy cp vo
mng ca bn.
3. X l cc yu cu n
Proxy server c th c thit lp cc Server bn trong c th truy
cp an ton n t cc client ngoi. Ta c th s dng proxy server thit lp
mt chnh sch qung b an ton cho cc Server trong mng. Chnh sch qung
b (bao gm cc b lc gi IP, cc qui tc qung b Web, hoc qui tc qung
b Server, cng vi cc qui tc nh tuyn) s quyt nh cc Server c
qung b nh th no.
Khi proxy server x l mt yu cu xut pht t mt client bn ngoi,
n s kim tra cc b lc gi IP, cc qui tc qung b v cc qui tc nh tuyn
quyt nh xem liu yu cu c c thc hin hay khng v Server trong
no s thc hin cc yu cu .

Hnh 5.22: X l cc yu cu n
Gi s rng ci t proxy server vi hai giao tip kt ni, mt kt ni
ti Internet v mt kt ni vo mng dng ring. Nu lc gi hot ng v sau
, b lc gi IP t chi yu cu th yu cu s b t chi. Nu cc qui tc
qung b web t chi yu cu th yu cu cng b loi b. Nu mt qui tc nh
tuyn c thit lp yu cu c nh tuyn ti mt Server upstream hoc mt
site ch k phin th Server c xc nh s x l yu cu. Nu mt qui tc
nh tuyn ch ra rng cc yu cu c nh tuyn ti mt Server c th th
web Server trong s tr v i tng.
2.3. Proxy client v cc phng thc nhn thc
166
Chnh sch truy nhp v cc qui tc qung b ca Proxy server c th
c thit lp cho php hoc t chi mt nhm my tnh hay mt nhm cc
ngi dng truy nhp ti mt server no . Nu qui tc c p dng ring
vi cc ngi dng, Proxy server s kim tra cc c tnh yu cu quyt
nh ngi dng c nhn thc nh th no.
Ta c th thit lp cc thng s cho cc yu cu thng tin i v n
ngi dng phi c proxy server nhn thc trc khi x l cc qui tc. Vic
ny m bo rng cc yu cu ch c php nu ngi dng a ra cc yu
cu c xc thc. Bn cng c th thit lp cc phng php nhn thc
c s dng v c th thit lp cc phng php nhn thc cho cc yu cu i
v yu cu n khc nhau. V c bn mt Proxy server thng h tr cc
phng php nhn thc sau y: phng thc nhn thc c bn., nhn thc
Digest, nhn thc tch hp Microsoft windows, chng thc client v chng
thc server.
m bo rng cc chng trnh proxy client phi h tr mt trong cc
phng php nhn thc m proxy server a ra. Trnh duyt IE 5 tr ln h
tr hu ht cc phng php nhn thc, mt vi trnh duyt khc c th ch h
tr phng php nhn thc c bn. m bo rng cc trnh duyt client c th
h tr t nht mt trong s cc phng php nhn thc m Proxy server h tr.
1. Phng php nhn thc c bn.
Phng php nhn thc ny gi v nhn cc thng tin v ngi dng l
cc k t text d dng c c. Thng thng th cc thng tin v user name
v password s c m ho th trong phng php ny khng c s m ho
no c s dng. Tin trnh nhn thc c m t nh sau, proxy client nhc
ngi dng a vo username v password sau thng tin ny c client
gi cho proxy server. Cui cng username v password c kim tra nh l
mt ti khon trn proxy server.
2. Phng php nhn thc Digest.
Phng php ny c tnh cht tng t nh phng php nhn thc c
bn nhng khc vic chuyn cc thng tin nhn thc. Cc thng tin nhn thc
qua mt tin trnh x l mt chiu thng c bit vi ci tn l "hashing".
Kt qu ca tin trnh ny gi l hash hay message digest v khng th gii m
chng. Thng tin gc khng th phc hi t hash. Cc thng tin c b sung
vo password trc khi hash nn khng ai c th bt c password v s dng
chng gi danh ngi dng thc. Cc gi tr c thm vo gip nhn
dng ngi dng. Mt tem thi gian cng c thm vo ngn cn ngi
dng s dng mt password sau khi n b hu. y l mt u im r rng
so vi phng php nhn thc c bn bi v ngi dng bt hp php khng
th chn bt c password.
3. Phng php nhn thc tch hp.
Phng php ny c s dng tch hp trong cc sn phm ca
Microsoft. y cng l phng php chun ca vic nhn thc bi v username
v password khng c gi qua mng. Phng php ny s dng hoc giao
167
thc nhn thc V5 Kerberos hoc giao thc nhn thc challenge/response ca
n.
4. Chng thc client v chng thc server
Ta c th s dng cc c tnh ca SSL nhn thc. Chng thc c
s dng theo hai cch khi mt client yu cu mt i tng t server: server
nhn thc chnh n bng cch gi i mt chng thc server cho client. Server
yu cu client nhn thc chnh n (Trong trng hp ny client phi a ra mt
chng thc client ph hp ti server).
SSL nhn thc bng cch kim tra ni dung ca mt chng thc s c
m ho do proxy client trnh ln trong qu trnh ng nhp (Cc ngi dng
c th c c cc chng thc s t mt t chc ngoi c tin tng cao).
Cc chng thc v server bao gm cc thng tin nhn bit v server. Cc chng
thc v client thng gm cc thng tin nhn bit v ngi dng v t chc
a ra chng thc
Chng thc client: Nu chng thc client c la chn l phng thc
xc thc th proxy server yu cu client gi chng thc n trc khi yu cu
mt i tng. Proxy server nhn yu cu v gi mt chng thc cho client.
Client nhn chng thc ny v kim tra xem c thc l thuc v proxy server .
Client gi yu cu ca n cho proxy server, tuy nhin proxy server yu cu mt
chng thc t client m c a ra trc . Proxy server kim tra xem
chng thc c thc s thucc v client c php truy cp khng.
Chng thc server: Khi mt client yu cu mt i tng SSL t mt
server, client yu cu server phi nhn thc chnh n. Nu proxy server kt
thc mt kt ni SSL th sau proxy server s phi nhn thc chnh n cho
client. Ta phi thit lp v ch nh cc chng thc v pha server s dng
khi nhn thc server cho client
5. Nhn thc pass-though
Nhn thc pass-though ch n kh nng ca proxy server chuyn thng
tin nhn thc ca client cho server ch. Proxy server h tr nhn thc cho c
cc yu cu i v n. Hnh v sau m t trng hp nhn thc pass-though.

Hnh 5.23: Nhn thc pass-though
Client gi yu cu ly mt i tng trn mt web server cho proxy
server. Proxy server chuyn yu cu ny cho web server, bt u t y vic
nhn thc qua cc bc sau:
168
1 Webserver nhn c yu cu ly i tng v p li rng client cn phi
nhn thc. Web server cng ch ra cc kiu nhn thc c h tr.
2 Proxy server chuyn yu cu nhn thc cho client
3 Client tip nhn yu cu v tr cc thng tin nhn thc cho proxy server
4 Proxy server chuyn li thng tin cho web server
5 T lc ny client lin lc trc tip vi web server
6. SSL Tunneling.
Vi ng hm SSL, mt client c th thit lp mt ng hm qua
proxy server trc tip ti server yeu cu vi cc i tng yu cu l HTTPS.
Bt c khi no client yu cu mt i tng HTTPS qua proxy server n s
dng ng hm SSL. ng hm SSL lm vic bi s ngm nh cc yu cu
i ti cc cng 443 v 563.

Hnh 5.24: SSL Tunneling.
Tin trnh to ng hm SSL c m t nh sau:
1 Khi client yu cu mt i tng HTTPS t mt web server trn
Internet, proxy server gi mt yu cu kt ni https://URL_name
2 Yu cu tip theo c gi ti cng 8080 trn my proxy server
CONNECT URL_name:443 HTTP/1.1
3 Proxy server kt ni ti Web server trn cng 443
4 Khi mt kt ni TCP c thit lp, proxy server tr li kt ni c
thit lp HTTP/1.0 200
5 T y, client thng tin trc tip vi Web server bn ngoi

7. SSL bridging.
SSL bridging cp n kh nng ca proxy server trong vic m ha
hoc gii m cc yu cu ca client v chuyn cc yu cu ny ti server ch.
V d, trong trng hp qung b (hoc reverse proxy), proxy server c th
phc v mt yu cu SSL ca client bng cch chm dt kt ni SSL vi client
v m li mt kt ni mi vi web server. SSL bridging c s dng khi
proxy server kt thc hoc khi to mt kt ni SSL.
169
Khi mt client yu cu mt i tng HTTP. Proxy server m ha yu
cu v chuyn tip n cho web server. Web server tr v i tng m ha
cho proxy server. Sau proxy server gii m i tng v gi li cho client.
Ni mt cch khc cc yu cu HTTP c chuyn tip nh cc yu cu SSL.
Khi client yu cu mt i tng SSL. Proxy server gii m yu cu, sau
m ha li mt ln na v chuyn tip n ti Web server. Web server tr v
i tng m ha cho proxy server. Proxy server gii m i tng v sau
gi n cho client. Ni mt cch khc cc yu cu SSL c chuyn tip nh l
cc yu cu SSL.
Khi client yu cu mt i tng SSL. Proxy server gii m yu cu v
chuyn tip n cho web server. Web server tr v i tng HTTP cho proxy
server. Proxy server m ha i tng v chuyn n cho client. Ni cch khc
cc yu cu SSL c chuyn tip nh cc yu cu HTTP.
SSL bridging c th c thit lp cho cc yu cu i v n. Tuy nhin
vi cc yu cu i client phi h tr truyn thng bo mt vi proxy server.

2.4. NAT v proxy server
Khi nim NAT (Network Addresss Tranlation)
NAT l mt giao thc cho ta kh nng bn ha mt mt vng a ch
IP s dng trong mng dng ring ra mng ngoi v ngc li. NAT thng
c thit lp trn cc b nh tuyn l ranh gii gia mng dng ring v
mng ngoi (v d nh mng cng cng Internet). NAT chuyn i cc a ch
IP trn mng dng ring thnh cc a ch IP c ng k hp l trc khi
chuyn cc gi t mng dng ring ti Internet hoc ti mng ngoi khc.
Trong phn ny chng ta s ch tm hiu s vn hnh ca NAT khi NAT c
thit lp cung cp cc chc nng chuyn i cc a ch mng dng ring
trong vic phc v cho vic kt ni truy cp ra mng ngoi nh th no. lm
vic ny, NAT dng tin trnh cc bc theo hnh v di y.

Hnh 5.25: NAT
1. Ngi dng ti my 10.1.1.25 mun m mt kt ni ra ngoi ti server
203.162.0.12
170
2. Khi gi d liu u tin ti NAT router, NAT router thc hin vic kim
tra trong bng NAT. Nu s chuyn i a ch c trong bng, NAT router
thc hin bc th 3. Nu khng c s chuyn i no c tm thy, NAT
router xc nh rng a ch 10.1.1.25 phi c chuyn i. NAT router xc
nh mt a ch mi v cu hnh mt chuyn i i vi a ch 10.1.1.25 ti
a ch hp l ngoi mng (Internet) t dy a ch ng c nh ngha t
trc v d 203.162.94.163.
3. NAT router thay th a ch 10.1.1.25 bng a ch 203.162.94.163 sau
gi c chuyn tip ti ch.
4. Server 203.162.0.12 trn Internet nhn gi v phc p tr li NAT
router vi a ch 203.162.94.163.
5. Khi NAT router nhn c gi phc p t Server vi a ch ch n
l 203.162.94.163, n thc hin vic tm kim trong bng NAT. Bng NAT ch
ra rng a ch mng trong 10.1.1.25 (tng ng c nh x ti a ch
203.162.94.163 mng ngoi) s nhn c gi tin ny. NAT router thc hin
vic chuyn i a ch ch trong gi tin l 10.1.1.25 v chuyn gi tin ny ti
ch (10.1.1.25). My 10.1.1.25 nhn gi v tip tc thc hin vi cc gi tip
theo vi cc bc tun t nh trn.
Trong trng hp mun s dng mt a ch mng ngoi cho nhiu a
ch mng trong. NAT router s duy tr cc thng tin th tc mc cao hn trong
bng NAT i vi cc s hiu cng TCP v UDP chuyn i a ch mng
ngoi tr li chnh xc ti cc a ch mng trong.
Nh vy NAT cho php cc client trong mng dng ring vi vic s
dng cc a ch IP dng ring truy cp vo mt mng bn ngoi nh mng
Internet.Cung cp kt ni ra ngoi Internet trong cc mng khng c cung
cp cc a ch Internet c ng k. Thch hp cho vic chuyn i a ch
trong hai mng Intranet ghp ni nhau. Chuyn i cc a ch IP ni ti c
ISP c phn b thnh cc a ch c phn b bi ISP mi m khng cn thit
lp th cng cc giao din mng cc b.
NAT c th c s dng mt cch c nh hoc ng. Chuyn i c
nh xy ra khi ta thit lp th cng mt bng a ch cng cc a ch IP. Mt
a ch c th bn trong mng s dng mt a ch IP (c thit lp th cng
bi ngi qun tr mng) truy cp ra mng ngoi. Cc thit lp ng cho
php ngi qun tr thit lp mt hoc nhiu cc nhm a ch IP dng chung
ng k. Nhng a ch trong nhm ny c th c s dng bi cc client
trn mng dng ring truy cp ra mng ngoi. Vic ny cho php nhiu
client trong mng s dng cng mt a ch IP.
NAT cng c mt s nhc im nh lm tng tr ca cc gi tin
trn mng. NAT phi x l mi gi quyt nh xem liu cc header c
thay i nh th no. Khng phi bt k ng dng no cng c th chy c
vi NAT. NAT h tr nhiu giao thc truyn thng v cng rt nhiu giao thc
khng c h tr. Cc giao thc c NAT h tr nh:TCP,UDP, HTTP,
TFTP, FTPCc thng tin khng c h tr nh: IP multicast, BOOTP,
DNS zone transfer, SNMP
171

Proxy v NAT
Nh phn tch c dch v NAT v dch v Proxy u c th l mt
gii php kt ni cc mng dng ring ra Internet, tuy nhin mi dch v li
c cc u im v nhc im ring.
Dch v proxy cho kh nng thi hnh v tc cao hn nh tnh nng
cache, tuy nhin s dng cache c th a ra cc i tng qu hn cn phi
c cc chnh sch cache hp l m bo tnh thi s ca cc i tng.
Chnh v s dng cache nn gim ti trn kt ni truy cp Internet. NAT khng
c tnh nng cache.
Dch v proxy phi c trin khai i vi tng ng dng, trong khi
NAT l mt tin trnh trong sut hn. Hu ht cc ng dng u c th lm
vic c vi NAT. NAT d ci t v vn hnh, dng nh khng phi lm g
nhiu vi NAT sau khi ci t.
Ti cc client, i vi NAT khng phi thit t g nhiu ngoi vic cu
hnh tham s default gateway ti Server NAT. Trong khi s dng dch v
proxy, cn phi c cc chng trnh proxy client lm vic vi proxy server.
Dch v proxy cho php thit t cc chnh sch ti ngi dng, vi
NAT vic s dng cc tnh nng ny c hn ch rt nhiu, c th ni s dng
dch v proxy l cch truy cp an ton nht kt ni mng dng ring ra
ngoi Internet.

3. Cc tnh nng ca phn mm Microsoft ISA server 2000
3.1. Cc phin bn
ISA server bao gm hai phin bn c thit k ph hp vi tng
nhu cu ca ngi s dng l ISA server Standard v ISA server Enterprise.
- ISA server Standard cung cp kh nng an ton firewall v kh nng
web cache cho mt mi trng kinh doanh, cc nhm lm vic hay vn phng
nh. ISA server Standard cung cp vic bo mt cht ch, truy cp web nhanh,
qun l trc quan, gi c hpl v kh nng thi hnh cao.
- ISA server Enterprise c thit k p ng cc nhu cu v hiu
sut, qun tr v cn bng trong cc mi trng Internet tc cao vi s qun
l server tp trung, chnh sch truy cp a mc v cc kh nng chng li cao.
ISA server Enterprisecung cp s bo mt, truy cp Internet nhanh cho cc mi
trng c s i hi kht khe.
3.2. Li ch
ISA server l mt trong cc phn mm my ch thuc dng .NET
Enterprise Server. Cc sn phm thuc dng .NET Enterprise Server l cc
server ng dng ton din ca Microsoft trong vic xy dng, trin khai, qun
l, tch hp, cc gii php da trn web v cc dch v. ISA server mang li
mt s cc li ch cho cc t chc cn kt ni Internet nhanh, bo mt, d qun
l.
172
1. Truy cp Web nhanh vi cache hiu sut cao.
- Ngi dng c th truy cp web nhanh hn bng cc i tng ti ch
trong cache so vi vic phi kt ni vo Internet lc no cng tim tng nguy
c tc nghn.
- Gim gi thnh bng thng nh gim lu lng t Internet
- Phn tn ni dung ca cc Web server v cc ng dng thng mi in
t mt cch hiu qu, p ng c nhu cu khch hng trn ton cu (kh
nng phn phi ni dung web ch c trn phin bn ISA server Enterprise)
2. Kt ni Internet an ton nh Firewall nhiu lp.
- Bo v mng trc cc truy nhp bt hp php bng cch gim st lu
lng mng ti nhiu lp
- Bo v cc my ch web, email v cc ng dng khc khi s tn cng
t bn ngoi bng vic s dng web v server qung b x l mt cch an
ton cc yu cu n
- Lc lu lng mng i v n m bo an ton.
- Cung cp truy cp an toan cho ngi dng hp l t Internet ti mng
ni ti nh s dng mng ring o (VPN)
3. Qun l thng nht vi s qun tr tch hp.
- iu khin truy cp tp trung m bo tnh an ton v pht huy hiu
lc ca cc chnh sch vn hnh.
- Tng hiu sut nh vic gii hn truy cp s dng Internet i vi mt
s cc ng dng v ch n.
- Cp pht bng thng ph hp vi cc u tin.
- Cung cp cc cng c gim st v cc bo co ch ra kt ni Internet
c s dng nh th no.
- T ng ha cc nhim v bng vic s dng cc script
4. Kh nng m rng.
- Ch trng ti an ton v thi hnh nh s dng ISA server Softwware
Development Kit (SDK) vi s pht trin cc thnh phn b sung.
- Chc nng qun l v an ton m rng cho cc nh sn xut th ba
- T ng cc tc v qun tr vi cc i tng Script COM (Component
Object Model)
3.3. Cc ch ci t
ISA server c th c ci t ba ch khc nhau: Cache, Firewall v
Integrated
1. Ch cache: Trong ch ny ta c th nng cao hiu sut truy cp v
tit kim bng thng bng cch lu tr cc i tng web thng c truy
xut t ngi dng. Ta cng c th nh tuyn cc yu cu ca ngi dng ti
cache server khc ang lu gi cc i tng .
173
2. Ch firewall: Trong ch ny cho php ta m bo an ton lu
lng mng nh s thit lp cc qui tc iu khin thng tin gia mng trong
v Internet. Ta cng c th qung b cc server trong chia s d liu trn
mng vi cc i tc v khch hng.
3. Ch tch hp: Trong ch ny ta c th tch hp cc dch v cache
v firewall trn mt server.
3.4. Cc tnh nng ca mi ch ci t
Cc tnh nng khc nhau ty thuc vo ch m ta ci t, bng sau lit k
cc tnh nng c trong ch firewall v cache, ch tch hp c tt c cc
tnh nng
Tnh nng M t Ch
firewall
Ch
cache
Chnh sch truy cp nh ngha cc giao thc v ni
dung Internet m ngi dng c th
s dng v truy cp
C Ch c
HTTP
v FTP
Cache Lu tr nh k cc i tng web
vo RAM v a cng ca ISA
server
Khng C
VPN M rng mng ring nh s dng
cc ng lin kt qua cc mng
c chia s hay mng cng cng
nh Internet
C Khng
Lc gi iu khin dng gi IP i v n C Khng
Lc ng dng Thc thi cc tc v ca h thng
hoc ca giao thc ch nh, nh l
nhn thc cung cp mt lp bo
v b sung cho dch v firewall
C Khng
Qung b Web Qung b web trong mng ngi
dng trong mng c th truy cp
Khng C
Qung b Server Cho php cc Server ng dng c
th phc v cc client bn ngoi
C Khng
Gim st thi gian
thc
Cho php gim st tp trung cc hot
ng ca ISA server bao gm cc
cnh bo, gim st cc phin lm
vic v cc dch v
C C
Cnh bo Bo cho ta bit cc s kin c bit
xut hin v thc thi cc hot ng
ph hp
C C
174
Bo co Tng hp v phn tch hot ng
trn mt hoc nhiu my ISA server
C C

4. Bi tp thc hnh.
Yu cu v Phng hc l thuyt: S lng my tnh theo s lng hc
vin trong lp hc m bo mi hc vin c mt my tnh, cu hnh my ti
thiu nh sau (PIII 800 MHZ, 256 MB RAM, HDD 1GB,FDD, CDROM 52 x).
My tnh ci t Windows 2000 advance server. Cc my tnh c ni
mng chy giao thc TCP/IP.
Thit b thc hnh: a ci phn mm Windows 2000 Advance Server,
a ci phn mm ISA Server 2000. Mi my tnh c 01 Modem V.90 v 01
ng in thoi. 01 account truy cp internet

Bi 1: Cc bc ci t c bn phn mm ISA server 2000.
Bc 1: Cc bc ci t c bn.
9 a a ci t Microsoft Internet Security and Acceleration Server
2000 Enterprise Edition vo CD-ROM.
9 Ca s Microsoft ISA Server Setup m ra. Nu ca s ny khng t
ng xut hin, s dngWindows Explorer chy x:\ISAAutorun.exe (vi x
l tn a CD-ROM).
9 Trong ca s Microsoft ISA Server Setup, kch Install ISA Server.
9 Trong hp thoi Microsoft ISA Server (Enterprise Edition) Setup kch
Continue.
9 Vo CD Key sau kch OK hai ln.
9 Trong hp thoi Microsoft ISA Server Setup kch I Agree.
9 Trong hp thoi Microsoft ISA Server (Enterprise Edition) Setup kch
Custom Installation.
9 Trong hp thoi Microsoft ISA Server (Enterprise Edition) Custom
Installation kch Add-in services sau kch Change Option.
9 Trong hp thoi Microsoft ISA Server (Enterprise Edition) Add-in
services kim tra la chn Install H.323 Gatekeeper Service c chn,
chn Message Screener sau kch OK.
9 Trong hp thoi Microsoft ISA Server (Enterprise Edition)
CustomInstallation kch Administration tools sau kch Change Option.
9 Trong hp thoi Microsoft ISA Server (Enterprise Edition)
Administration tools, kim tra la chn ISA Management c chn, chn
H.323 Gatekeeper Administration Tools sau kchOK.
175
9 Trong hp thoi Microsoft ISA Server (Enterprise Edition) Custom
Installation kch Continue. Hp thoi Microsoft Internet Security and
Acceleration Server Setup xut hin, lu bn rng my tnh khng th tham
gia vo array. Bn s cu hnh my tnh ny l mt stand-alone server.
9 Kch Yes cu hnh my tnh ny l mt stand-alone server.
9 Trong hp thoi Microsoft ISA Server Setup c m t cc mode ci t
m bo rng mode Integrated c la chn sau kch Continue.
9 Trong hp thoi Microsoft Internet Security and Acceleration Server
Setup c thng bo v IIS publishing sau kch OK bit rng ISA Server
Setup ang dng dch v IIS publishing.
9 Kch OK v t ngm nh cc gi tr thit t cho cache.
Bc 2: Cu hnh LAT khai bo a ch cho mng ring.
9 Trong hp thoi Microsoft Internet Security and Acceleration Server
2000 Setup kch Construct Table. Lu rng khi bn thm vo khng ng a
ch IP vo LAT, ISA server s chuyn tip sai cc gi tin do cc my client
s khng th truy cp Internet
9 Trong hp thoi Local Address Table, kch xa Add the following
private ranges: 10.x.x.x, 192.168.x.x and 172.16.x.x-172.31.x.x
9 Chn adapter ip_address (vi tn cc mng v a ch IP l a ch mng
ring), sau kch OK.
9 Trong thng bo Setup Message, kch OK.
9 Trong Internal IP Ranges, kch 10.255.255.255-10.255.255.255, sau
kch Remove.
9 Kim tra rng Internal IP Ranges ch cha IP addresses trong mng
trong ca bn sau kch OK.
9 Kt thc vic ci t ISA Server v khi to cu hnh ISA Server.
9 Trong hp thoi Launch ISA Management Tool, kch xa
9 Start ISA Server Getting Started Wizard check box, sau kch OK.
9 Trong hp thng bo Microsoft ISA Server (Enterprise Edition) Setup
kch OK.
9 ng ca s Microsoft ISA Server Setup.
9 Ly a Microsoft Internet Security and Acceleration Server Enterprise
Edition t a CD-ROM.
Bc 3: Cu hnh Default Web Site trong Internet Information Services s
dng cng 8008, sau khi ng Default Web Site.
9 M Internet Services Manager t Administrative Tools.
9 Trong Internet Information Services, m rng server(server l tn my
tnh ca bn), sau kch DefaultWeb Site (Stopped).
176
9 Kch chut phi Default Web Site (Stopped), sau kch Properties. V
ISA Server s dng cc cng 80 and 8080, bn phi cu hnh IIS phc v
cc kt ni t cc client ti trn cng khc. Bn s cu hnh IIS phc c cc
yu cu ny trn cng TCP 8008.
9 Trong hp thoi Default Web Site (Stopped) Properties, trong hp TCP
Port, g 8008 sau kch OK.
9 Kch chut phi Default Web Site (Stopped), sau kch Start.
Bi 2: Cu hnh ISA Server 2000 cho php mt mng ni b c th truy
cp, s dng cc dch v c bn trn Internet qua 01 modem kt ni qua
mng PSTN.
Bc 1: Cu hnh v qun tr cu hnh cho ISA server s dng Getting Started
Vi Getting Started Wizard, c cc la chn cu hnh sau:

9 Select Policy elements, cu hnh ngm nh chn tt c cc thnh phn c
th s dng khi to cc qui tc.
9 Configure Schedules, cu hnh ngm nh c hai lch l Weekends v Work
Hours, ta c th sa cc lch ny hoc to cc lch mi.
9 Configure Client sets, cc my tnh Client c th to thnh nhm vi nhau
bng cc a ch IP s dng cho mc ch to cc qui tc ng vi tng nhm
client
9 Configure Protocol Rule, a ra cc qui tc giao thc cc client s dng
truy nhp Internet
177
9 Configure Destination Sets, cho php thit lp cc my tnh trn mng
Internet thnh nhm bi tn hay a ch IP, Destination Sets c s dng
to ra cc qui tc, p dng cc qui tc cho mt hay nhiu Destination Sets
9 Configure Site and Content Rules, cu hnh cc qui tc v ni dung.
9 Secure Server cho php bn c th t cc mc bo v thch hp cho
mng.
9 Configure Filewall Protection, Packet Fitering bo m cho ISA server s lc
khng c packet no qua tr khi c php
9 Cofigure Dial-Up Entries, cho php chn giao din kt ni vi Internet
9 Configure Routing for filewall and secureNat client.
9 Configure Routing for Web browser Appilications cho php to cc qui tc
nh tuyn, xc nh r yu cu t Web Proxy Client c gi trc tip ti
Internet hay ti Upstream server
9 Configure Cache policy, cu hnh cc chnh sch v cache.
Bc 2: Cu hnh ISA server cho php cc client s dng c cc dch v ca
Internet qua mng thoi cng cng
9 To mt Dial-Up Entries, kt ni vi InternetBc 2: To mt qui tc giao
thc.
9 M ISA Management, kch Servers and arrays, sau kch tn my ch ISA.
9 Kch Access Policy, kch chut phi vo Protocol Rule, sau chn New -->
Rule.
9 t tn ca Protocol Rule, sau kch Next.
9 Kim tra rng Allow c chn, kch Next, sau chn All IP traffic,
kch Next Chn Always, kch Next sau chn Any Request, kch Next, sau
kch Finish.
Bc 3: Cu hnh Web Proxy Client: cu hnh Internet Explorer s dng
ISA server i vi cc yu cu truy cp dch v Web.
9 M trnh duyt Internet Explorer.
9 Trong Internet Connection Wizard, kch Cancel.
9 Trong hp thoi Internet Connection Wizard, chn Do not show the Internet
Connection wizard in the future, sau kch Yes.
9 Trong Internet Explorer, trong Address , g http://vdc.com.vn sau chn
ENTER. Internet Explorer khng th kt ni ti trang web ny.
9 Trong menu Tools, kch Internet Options.
9 Trong hp thoi Internet Options, trong Connections kch LAN Settings.
9 Trong hp thoi Local Area Network (LAN) Settings , kch b la chn
Automatically detect settings. Chn Use a proxy server, trong Address g vo
a ch IP ca ISA Server .
9 Trong hp Port, g 8080
178
9 Kim tra rng la chn Bypass proxy server for local addresses b, sau
kch OK hai ln.
Bi 3: Thit t cc chnh sch cho cc yu cu truy cp v s dng cc
dch v trn mng internet.
I.Thit lp cc thnh phn chnh sch
Bc 1: Thit lp lch trnh
9 ng nhp vo h thng vi quyn administrator
9 M ISA Management t thc n Microsoft ISA Server.
9 Trong ISA Management, m rng Servers and Arrays, m rng server
(server l tn ca ISA Server ), m rng Policy Elements, sau kch
Schedules.
9 Kch Create a Schedule thit lp mt lch trnh.
9 Trong hp thoi New schedule trong mc Name a vo mt tn lch trnh
v d schedule1.
9 Trong mc Description g vo Daily period of most network utilization
9 Ko la chn ton b lch trnh sau kch Inactive.
9 Ko la chn vng t thi im hin ti ti 2 h tip theo i vi tt c
cc ngy trong tun sau kch active v d, nu thi im hin ti l 3:15
P.M., th la chn vng t 3:00 P.M. ti 5:00 P.M. cho tt c cc ngy trong
tun.
9 Kch OK.
Bc 2: Thit lp destination set
9 Trong ISA Management, kch Destination Sets.
9 Kch Create a Destination Set.
9 Trong hp thoi New Destination Set trong mc Name cho vo mt tn cho
thit lp mi ny v d set1.
9 Trong mc Description box, g vo mt ni dung m t cho thit lp mi
ny
9 Kch Add.
9 Trong hp thoi Add/Edit Destination trong mc Destination g
home.vnn.vn
Bc 3: Thit lp client address set
9 Trong ISA Management kch Client Address Sets.
9 Kch Create a Client Set.
9 Trong hp thoi Client Set trong mc Name g vo mt tn cho thit lp
mi, v d Accounting Department.
9 Trong mc Description g ni dung m t cho thit lp mi ny sau kch
Add.
179
9 Trong hp thoi Add/Edit IP Addresses trong mc From g vo a ch bt
u thuc nhm a ch thuc mng dng ring .
9 Trong mc To g vo a ch kt thc thuc nhm a ch thuc mng dng
ring kch OK hai ln.
Bc 4: Thit lp protocol definition (s dng cng UDP 39000 cho kt ni
chnh gi ra v cng TCP 39000 cho kt ni th hai)
9 Trong ISA Management kch Protocol Definitions.
9 Kch Create a Protocol Definition.
9 Trong New Protocol Definition Wizard trong mc Protocol definition
9 name g vo mt tn cho thit t mi sau kch Next.
9 Trong trang Primary Connection Information trong mc Port number
9 g vo 39000
9 Trong danh sch Protocol type kch UDP.
9 Trong danh sch Direction kch Send Receive sau kch Next.
9 Trong trang Secondary Connections kch Yes sau kch New.
9 Trong hp thoi New/Edit Secondary Connection trong mc From v mc
To g 39000
9 Trong danh sch Protocol type kim tra rng TCP c la chn, trong
mc Direction
9 kch Outbound sau kch OK.
9 Kch Next sau trong trang Completing the New Protocol Definition
9 Wizard kch Finish.
II.Thit lp cc qui tc giao thc
Bc 1: Thit lp mt qui tc giao thc cho php HTTP, HTTP-S v FTP i
vi mi ngi dng truy cp Internet ti mi thi im bng vic s dng cc
giao thc HTTP, HTTP-S v FTP .
9 M trnh duyt Internet Explorer ti mt my trm, trong Address g
http://home.vnn.vn nhn ENTER. Trnh duyt Internet Explorerkhng th kt
ni ti Web site v ISA Server t chi yu cu.
9 ng Internet Explorer.
9 Trong ISA Management m rng Access Policy sau kch Protocol Rules.
9 Kch Create a Protocol Rule for Internet Access.
9 Trong New Protocol Rule Wizard, trong mc Protocol rule name g Allow
HTTP, HTTP-S, and FTP sau kch Next.
9 Trong trang Protocols kim tra rng Selected protocols c chn, kch
xa Gopher check box sau kch Next.
9 Trong trang Schedule kim tra rng Always c la chn sau kch
Next.
180
9 Trong trang Client Type kim tra rng Any request c chn, sau
kch Next.
9 Trong trang Completing the New Protocol Rule Wizard kch Finish.
9 M Internet Explorer ti mt my tnh trm, trong mc Address g
http://home.vnn.vn sao n ENTER. Kim tra rng trnh duyt kt ni thnh
cng ni dung trang web c hin th
9 ng Internet Explorer.
Bc 2: Thit lp mt qui tc giao thc cho php ngi dng trong nhm
Domain Admins truy cp Internet s dng tt c cc giao thc.
9 Trong ISA Management kch Create a Protocol Rule.
9 Trong New Protocol Rule Wizard, trong mc Protocol rule name g Allow
All Access for Administrators sau kch Next.
9 Trong trang Rule Action kim tra rng Allow c chn sau kch
Next.
9 Trong trang Protocols, trong danh sch Apply this rule to kim tra rng All
IP traffic c chn sau kch Next.
9 Trong trang Schedule, kim tra rng Always c chn sau kch
Next.
9 Trong trang Client Type, kch Specific users and groups, sau kch Next.
9 Trong trang Users and Groups, kch Add.
9 Trong hp thoi Select Users or Groups, kch Domain Admins, kch Add,
sau kch OK.
9 Trong trang Users and Groups, kch Next.
9 Trong trang Completing the New Protocol Rule Wizard kch Finish.
Bc 3: Thit lp mt qui tc giao thc t chi ngi dng trong nhm
Accounting Department nh ngha trong client set truy cp Internet.
9 Trong ISA Management, kch Create a Protocol Rule.
9 Trong New Protocol Rule Wizard, trong mc Protocol rule name g vo
Deny Access from Accounting Department , sau kch Next.
9 Trong trang Rule Action, kch Deny, sau kch Next.
9 Trong trang Protocols, trong danh sch Apply this rule to, kim tra rng All
IP traffic c la chn, sau kch Next.
9 Trong trang Schedule, kim tra rng Always c la chn, sau kch
Next.
9 Trong trang Client Type, kch Specific computers (client address
9 sets), sau kch Next.
9 Trong trang Client Sets, kch Add.
181
9 Trong hp thoi Add Client Sets, kch Accounting Department, kch Add,
sau kchOK.
9 Trong trang Client Sets, kch Next.
9 Trong trang Completing the New Protocol Rule Wizard, kch Finish.
9 Kim tra xc nhn vic truy cp khng thnh cng t nhm nhm
Accounting Department
Bc 4: Xa qui tc giao thc t chi ngi dng trong nhm Accounting
Department
9 Trong In ISA Management, kch Deny Access from Accounting
Department
9 Kch Delete a Protocol Rule.
9 Trong hp thoi Confirm Delete, kch Yes.
III.Thit lp cc qui tc ni dung
Bc 1: Thit lp mt qui tc ni dung t chi truy cp ti ni dung c
nh ngha trong destination set v vi lch trnh thit lp mc 1
9 Trong ISA Management, kch Site and Content Rules.
9 Kch Create a Site and Content Rule.
9 Trong New Site and Content Rule Wizard, trong mc Site and content rule
9 name, g vo mt tn v d Deny Access Rule sau kch Next.
9 Trong trang Rule Action, kim tra rng Deny c chn, sau kch
Next.
9 Trong trang Destination Sets, trong danh sch Apply this rule to, kch
Specified destination set.
9 Trong danh sch Name, la chn set1 ( thit lp phn trn), sau kch
Next.
9 Trong trang Schedule, chn schedule1 ( thit lp phn trn), sau kch
Next.
9 Trong trang Client Type, kim tra rng Any request c chn, sau
kch Next.
9 Trong trang Completing the New Site and Content Rule Wizard, kch
Finish.
Bc 2:
Kim tra qui tc va thit lp
9 M trnh duyt Internet Explorer.
9 Trong Address, g http://home.vnn.vn sau n ENTER. kim tra rng
trang web ny khng c hin th, v qui tc ni dung thit lp trn c
hiu lc
9 ng trnh duyt Internet Explorer.
Chng 6 - Bo mt h thng v Firewall
182

Chng 6 tp trung vo cc ni dung quan trng v bo mt h thng v
mng li. Ni dung ca phn th nht chng 6 cung cp cho cc hc vin
khi nim v cc hnh thc tn cng mng, cc l hng, im yu ca mng
li. Cc k nng c bn trong phn mt ca chng 6 gip ngi qun tr
qun l v xy dng cc chnh sch bo mt tng ng cho cc thnh phn
mng, h thng hay dch v ngay t lc bt u hot ng.
Phn 2 ca chng 6 tp trung gii thiu v thit b bo mt mnh v
thng dng trn mng. l thit b bc tng la (firewall). Hc vin s c
c cc kin thc v cu trc firewall, cc chc nng c bn v cch phn loi
cng nh u nhc im ca cc loi firewall hot ng theo cc nguyn l
khc nhau. Nhng k nng thit lp cu hnh, lut, qun tr firewall vi m
hnh firewall checkpoint s gip cho cc hc vin hiu c th v cc cng vic
qun tr v bo mt h thng mng
Chng 6 yu cu cc hc vin trang b rt nhiu cc kin thc c bn
nh nm vng cc kin thc qun tr h thng OS windows, linux, unix. Hc
vin cn hiu su v giao thc TCP/IP, hot ng ca IP hay UDP, TCP. Hc
vin cn c hiu bit v cc port, socket ca cc giao thc dch v nh SMTP,
POP3, WWW...Cc kin thc c trang b trong cc gio trnh qun tr h
thng hoc cc ti liu, sch gio khoa v ni dung trn hc vin nn tham
kho trc khi hc chng 6 ny.

1. Bo mt h thng
1.1. Cc vn chung v bo mt h thng v mng
Do c im ca mt h thng mng l c nhiu ngi s dng v phn
tn v mt a l nn vic bo v cc ti nguyn (mt mt, hoc s dng khng
hp l) trong mi trng mng phc tp hn nhiu so vi mi trng mt my
tnh n l, hoc mt ngi s dng.
Hot ng ca ngi qun tr h thng mng phi m bo cc thng tin
trn mng l tin cy v s dng ng mc ch, i tng ng thi m bo
mng hot ng n nh, khng b tn cng bi nhng k ph hoi.
C mt thc t l khng mt h thng mng no m bo l an ton
tuyt i, mt h thng d c bo v chc chn n mc no th cng c lc
b v hiu ho bi nhng k c xu.
1.1.1. Mt s khi nim v lch s bo mt h thng
Trc khi tm hiu cc vn lin quan n phng thc ph hoi v
cc bin php bo v cng nh thit lp cc chnh sch v bo mt, ta s tm
hiu mt s khi nim lin quan n bo mt thng tin trn mng Internet.
183
1.1.1.1. Mt s khi nim
a) i tng tn cng mng (Intruder):
L nhng c nhn hoc cc t chc s dng cc kin thc v mng v
cc cng c ph hoi (phn mm hoc phn cng) d tm cc im yu, l
hng bo mt trn h thng, thc hin cc hot ng xm nhp v chim ot
ti nguyn mng tri php.
Mt s i tng tn cng mng l:
- Hacker: L nhng k xm nhp vo mng tri php bng cch s dng
cc cng c ph mt khu hoc khai thc cc im yu ca cc thnh phn truy
nhp trn h thng.
- Masquerader: L nhng k gi mo thng tin trn mng. C mt s
hnh thc nh gi mo a ch IP, tn min, nh danh ngi dng ...
- Eavesdropping: L nhng i tng nghe trm thng tin trn mng, s
dng cc cng c sniffer; sau dng cc cng c phn tch v debug ly
c cc thng tin c gi tr.
Nhng i tng tn cng mng c th nhm nhiu mc ch khc nhau
nh: n cp nhng thng tin c gi tr v kinh t, ph hoi h thng mng c
ch nh, hoc cng c th ch l nhng hnh ng v thc, th nghim cc
chng trnh khng kim tra cn thn ...
b) Cc l hng bo mt:
Cc l hng bo mt l nhng im yu trn h thng hoc n cha
trong mt dch v m da vo k tn cng c th xm nhp tri php
thc hin cc hnh ng ph hoi hoc chim ot ti nguyn bt hp php.
Nguyn nhn gy ra nhng l hng bo mt l khc nhau: c th do li
ca bn thn h thng, hoc phn mm cung cp, hoc do ngi qun tr yu
km khng hiu su sc cc dch v cung cp ...
Mc nh hng ca cc l hng l khc nhau. C nhng l hng ch
nh hng ti cht lng dch v cung cp, c nhng l hng nh hng
nghim trng ti ton b h thng ...
c) Chnh sch bo mt:
L tp hp cc qui tc p dng cho mi i tng c tham gia qun l
v s dng cc ti nguyn v dch v mng.
Mc tiu ca chnh sch bo mt gip ngi s dng bit c trch
nhim ca mnh trong vic bo v cc ti nguyn thng tin trn mng , ng
thi gip cc nh qun tr thit lp cc bin php bo m hu hiu trong qu
trnh trang b, cu hnh, kim sot hot ng ca h thng v mng
Mt chnh sch bo mt c coi l hon ho nu n xy dng gm cc
vn bn php qui, km theo cc cng c bo mt hu hiu v nhanh chng gip
ngi qun tr pht hin, ngn chn cc xm nhp tri php.
184
1.1.1.2. Lch s bo mt h thng
C mt s s kin nh du cc hot ng ph hoi trn mng, t ny
sinh cc yu cu v bo mt h thng nh sau:
- Nm 1988: Trn mng Internet xut hin mt chng trnh t nhn
phin bn ca chnh n ln tt c cc my trn mng Internet. Cc chng trnh
ny gi l "su". Tuy mc nguy hi ca n khng ln, nhng n t ra cc
vn i vi nh qun tr v quyn truy nhp h thng, cng nh cc li phn
mm.
- Nm 1990: Cc hnh thc truyn Virus qua a ch Email xut hin ph
bin trn mng Internet.
- Nm 1991: Pht hin cc chng trnh trojans.
Cng thi gian ny s pht trin ca dch v Web v cc cng ngh lin
quan nh Java, Javascipts c rt nhiu cc thng bo li v bo mt lin
quan nh: cc l hng cho php c ni dung cc file d liu ca ngi dng,
mt s l hng cho php tn cng bng hnh thc DoS, spam mail lm ngng
tr dch v.
- Nm 1998: Virus Melisa lan truyn trn mng Internet thng qua cc
chng trnh gi mail ca Microsoft, gy nhng thit hi kinh t khng nh.
- Nm 2000: Mt lot cc Web Site ln nh yahoo.com v ebay.com b
t lit, ngng cung cp dch v trong nhiu gi do b tn cng bi hnh thc
DoS.
1.1.2. Cc l hng v phng thc tn cng mng ch yu
1.1.2.1. Cc l hng
Nh phn trn trnh by, cc l hng bo mt trn mt h thng l
cc im yu c th to ra s ngng tr ca dch v, thm quyn i vi ngi
s dng hoc cho php cc truy nhp khng hp php vo h thng. Cc l
hng cng c th nm ngay cc dch v cung cp nh sendmail, web, ftp ...
Ngoi ra cc l hng cn tn ti ngay chnh ti h iu hnh nh trong
Windows NT, Windows 95, UNIX hoc trong cc ng dng m ngi s dng
thng xuyn s dng nh word processing, cc h databases...
C nhiu t chc khc nhau tin hnh phn loi cc dng l hng c
bit. Theo cch phn loi ca B quc phng M, cc loi l hng bo mt trn
mt h thng c chia nh sau:
- L hng loi C: cc l hng loi ny cho php thc hin cc phng
thc tn cng theo DoS (Denial of Services - T chi dch v). Mc nguy
him thp, ch nh hng ti cht lng dch v, c th lm ngng tr, gin
on h thng; khng lm ph hng d liu hoc t c quyn truy nhp bt
hp php.
- L hng loi B: Cc l hng cho php ngi s dng c thm cc
quyn trn h thng m khng cn thc hin kim tra tnh hp l nn c th
dn n mt mt hoc l thng tin yu cu bo mt. Mc nguy him trung
bnh. Nhng l hng ny thng c trong cc ng dng trn h thng.
185
- L hng loi A: Cc l hng ny cho php ngi s dng ngoi cho
th truy nhp vo h thng bt hp php. L hng ny rt nguy him, c th
lm ph hy ton b h thng.
Hnh sau minh ha cc mc nguy him v loi l hng tng ng:

Hnh 6.1: Cc loi l hng bo mt v mc ngy him

Sau y ta s phn tch mt s l hng bo mt thng xut hin trn
mng v h thng.
a) Cc l hng loi C
Cc l hng loi ny cho php thc hin cc cuc tn cng DoS.
DoS l hnh thc tn cng s dng cc giao thc tng Internet trong b
giao thc TCP/IP lm h thng ngng tr dn n tnh trng t chi ngi
s dng hp php truy nhp hay s dng h thng. Mt s lng ln cc gi tin
c gi ti server trong khong thi gian lin tc lm cho h thng tr nn
qu ti, kt qu l server p ng chm hoc khng th p ng cc yu cu t
client gi ti.
Cc dch v c l hng cho php thc hin cc cuc tn cng DoS c
th c nng cp hoc sa cha bng cc phin bn mi hn ca cc nh cung
cp dch v. Hin nay, cha c mt gii php ton din no khc phc cc l
186
hng loi ny v bn thn vic thit k giao thc tng Internet (IP) ni ring
v b giao thc TCP/IP cha ng nhng nguy c tim tng ca cc l hng
ny.
V d in hnh ca phng thc tn cng DoS l cc cuc tn cng vo
mt s Web Site ln lm ngng tr hot ng ca web site ny nh:
www.ebay.com v www.yahoo.com.
Tuy nhin, mc nguy him ca cc l hng loi ny c xp loi C,
t nguy him v chng ch lm gin on s cung cp dch v ca h thng
trong mt thi gian m khng lm nguy hi n d liu v nhng k tn cng
cng khng t c quyn truy nhp bt hp php vo h thng.
Mt l hng loi C khc cng thng thy l cc im yu ca dch
v cho php thc hin tn cng lm ngng tr h thng ca ngi s dng
cui. Ch yu hnh thc tn cng ny l s dng dch v Web. Gi s trn mt
Web Server c nhng trang Web trong c cha cc on m Java hoc
JavaScripts, lm "treo" h thng ca ngi s dng trnh duyt Web ca
Netscape bng cc bc sau:
- Vit cc on m nhn bit c Web Browers s dng Netscape.
- Nu s dng Netscape, s to mt vng lp v thi hn, sinh ra v s
cc ca s, trong mi ca s ni n cc Web Server khc nhau.
Vi mt hnh thc tn cng n gin ny, c th lm treo h thng trong
khong thi gian 40 giy (i vi my client c 64 MB RAM). y cng l
mt hnh thc tn cng kiu DoS. Ngi s dng trong trng hp ny ch c
th khi ng li h thng.
Mt l hng loi C khc cng thng gp i vi cc h thng mail l
khng xy dng cc c ch anti-relay (chng relay) cho php thc hin cc
hnh ng spam mail. Nh chng ta bit, c ch hot ng ca dch v th
in t l lu v chuyn tip. Mt s h thng mail khng c cc xc thc khi
ngi dng gi th, dn n tnh trng cc i tng tn cng li dng cc
my ch mail ny thc hin spam mail. Spam mail l hnh ng nhm lm
t lit dch v mail ca h thng bng cch gi mt s lng ln cc message
ti mt a ch khng xc nh, v my ch mail lun phi tn nng lc i tm
nhng a ch khng c thc dn n tnh trng ngng tr dch v. Cc message
c th sinh ra t cc chng trnh lm bom th rt ph bin trn mng Internet.
b) Cc l hng loi B:
L hng loi ny c mc nguy him hn l hng loi C, cho php
ngi s dng ni b c th chim c quyn cao hn hoc truy nhp khng
hp php.
V d trn hnh 12, l hng loi B c th c i vi mt h thng UNIX
m file /etc/passwd dng plaintext; khng s dng c ch che mt khu
trong UNIX (s dng file /etc/shadow)
Nhng l hng loi ny thng xut hin trong cc dch v trn h
thng. Ngi s dng local c hiu l ngi c quyn truy nhp vo h
thng vi mt s quyn hn nht nh.
187
Mt loi cc vn v quyn s dng chng trnh trn UNIX cng
thng gy nn cc l hng loi B. V trn h thng UNIX mt chng trnh c
th c thc thi vi 2 kh nng:
- Ngi ch s hu chng trnh kch hot chy.
- Ngi mang quyn ca ngi s hu file kch hot chy.
Mt dng khc ca l hng loi B xy ra i vi cc chng trnh c m
ngun vit bng C. Nhng chng trnh vit bng C thng s dng mt vng
m - mt vng trong b nh s dng lu d liu trc khi x l. Nhng
ngi lp trnh thng s dng vng m trong b nh trc khi gn mt
khong khng gian b nh cho tng khi d liu. V d, ngi s dng vit
chng trnh nhp trng tn ngi s dng, qui nh trng ny di 20 k t.
Do h s khai bo:
char first_name [20];
Khai bo ny s cho php ngi s dng nhp vo ti a 20 k t. Khi
nhp d liu, trc tin d liu c lu vng m; nu ngi s dng nhp
vo 35 k t s xy ra hin tng trn vng m v kt qu 15 k t d tha s
nm mt v tr khng kim sot c trong b nh. i vi nhng k tn
cng, c th li dng l hng ny nhp vo nhng k t c bit, thc thi
mt s lnh c bit trn h thng. Thng thng, l hng ny thng c li
dng bi nhng ngi s dng trn h thng t c quyn root khng hp
l.
Vic kim sot cht ch cu hnh h thng v cc chng trnh s hn
ch c cc l hng loi B.
c) Cc l hng loi A:
Cc l hng loi A c mc rt nguy him, e da tnh ton vn v
bo mt ca h thng. Cc l hng loi ny thng xut hin nhng h thng
qun tr yu km hoc khng kim sot c cu hnh mng.
Mt v d thng thy l trn nhiu h thng s dng Web Server l
Apache, i vi Web Server ny thng cu hnh th mc mc nh chy
cc script l cgi-bin; trong c mt Scripts c vit sn th hot ng
ca apache l test-cgi. i vi cc phin bn c ca Apache (trc version
1.1), c dng sau trong file test-cgi:
echo QUERY_STRING = $QUERY_STRING
Bin mi trng QUERY_STRING do khng c t trong c du "
(quote) nn khi pha client thc hin mt yu cu trong chui k t gi n
gm mt s k t c bit; v d k t "*", web server s tr v ni dung ca
ton b th mc hin thi (l cc th mc cha cc script cgi). Ngi s dng
c th nhn thy ton b ni dung cc file trong th mc hin thi trn h thng
server.
Mt v d khc cng xy ra tng t i vi cc Web server chy trn
h iu hnh Novell: cc web server ny c mt scripts l convert.bas, chy
scripts ny cho php c ton b ni dung cc files trn h thng.
188
Nhng l hng loi ny ht sc nguy him v n tn ti sn c trn
phn mm s dng, ngi qun tr nu khng hiu su v dch v v phn mm
s dng s c th b qua nhng im yu ny.
i vi nhng h thng c, thng xuyn phi kim tra cc thng bo
ca cc nhm tin v bo mt trn mng pht hin nhng l hng loi ny.
Mt lot cc chng trnh phin bn c thng s dng c nhng l hng loi
A nh: FTP, Gopher, Telnet, Sendmail, ARP, finger...
1.1.2.2. Mt s phng thc tn cng mng ph bin
a) Scanner
Scanner l mt chng trnh t ng r sot v pht hin nhng im
yu v bo mt trn mt trm lm vic cc b hoc trn mt trm xa. Vi
chc nng ny, mt k ph hoi s dng chng trnh Scanner c th pht hin
ra nhng l hng v bo mt trn mt server xa.
Cc chng trnh scanner thng c mt c ch chung l r sot v pht
hin nhng port TCP/UDP c s dng trn mt h thng cn tn cng t
pht hin nhng dch v s dng trn h thng . Sau cc chng trnh
scanner ghi li nhng p ng trn h thng xa tng ng vi cc dch v m
n pht hin ra. Da vo nhng thng tin ny, nhng k tn cng c th tm ra
nhng im yu trn h thng.
Nhng yu t mt chng trnh Scanner c th hot ng nh sau:
- Yu cu v thit b v h thng: Mt chng trnh Scanner c th hot
ng c nu mi trng c h tr TCP/IP (bt k h thng l UNIX, my
tnh tng thch vi IBM, hoc dng my Macintosh).
- H thng phi kt ni vo mng Internet.
Tuy nhin khng phi n gin xy dng mt chng trnh Scanner,
nhng k ph hoi cn c kin thc su v TCP/IP, nhng kin thc v lp
trnh C, PERL v mt s ngn ng lp trnh shell. Ngoi ra ngi lp trnh
(hoc ngi s dng) cn c kin thc l lp trnh socket, phng thc hot
ng ca cc ng dng client/server.
Cc chng trnh Scanner c vai tr quan trng trong mt h thng bo
mt, v chng c kh nng pht hin ra nhng im yu km trn mt h thng
mng. i vi ngi qun tr mng nhng thng tin ny l ht sc hu ch v
cn thit; i vi nhng k ph hoi nhng thng tin ny s ht sc nguy him.
b) Password Cracker
Password cracker l mt chng trnh c kh nng gii m mt mt
khu c m ho hoc c th v hiu ho chc nng bo v mt khu ca
mt h thng.
hiu cch thc hot ng ca cc chng trnh b kho, chng ta cn
hiu cch thc m ho to mt khu. Hu ht vic m ho cc mt khu
c to ra t mt phng thc m ho. Cc chng trnh m ho s dng cc
thut ton m ho m ho mt khu.
189
Qu trnh hot ng ca cc chng trnh b kho c minh ho trong
hnh sau:

Hnh 6.2: Hot ng ca cc chng trnh b kha

Theo s trn, mt danh sch cc t c to ra v c m ho i
vi tng t. Sau mi ln m ho, chng trnh s so snh vi mt khu m
ho cn ph. Nu khng thy trng hp, qu trnh li quay li. Phng thc b
kho ny gi l bruce-force.
Yu t v thit b phn cng: Trong hnh trn my tnh thc hin cc
chng trnh ph kho l mt my PC 66MHz hoc cu hnh cao hn. Trong
thc t yu cu cc thit b phn cng rt mnh i vi nhng k ph kho
chuyn nghip. Mt phng thc khc c th thay th l thc hin vic ph
kho trn mt h thng phn tn; do vy gim bt c cc yu cu v thit b
so vi phng php lm ti mt my.
Nguyn tc ca mt s chng trnh ph kho c th khc nhau. Mt vi
chng trnh to mt mt danh sch cc t gii hn, p dng mt s thut ton
m ho, t kt qu so snh vi password m ho cn b kho to ra mt
danh sch khc theo mt lgic ca chng trnh, cch ny tuy khng chun tc
nhng kh nhanh v da vo nguyn tc khi t mt khu ngi s dng
thng tun theo mt s qui tc thun tin khi s dng.
190
n giai on cui cng, nu thy ph hp vi mt khu c m
ho, k ph kho s c c mt khu dng text thng thng. Trong hnh trn,
mt khu dng text thng thng c ghi vo mt file.
nh gi kh nng thnh cng ca cc chng trnh b kho ta c
cng thc sau:
P = L x R /S
Trong :
P: Xc sut thnh cng
L: Thi gian sng ca mt mt khu
R: Tc th
S: Khng gian mt khu = A
M
(M l chiu di mt khu)

V d, trn h thng UNIX ngi ta chng minh c rng nu mt
khu di qu 8 k t th xc sut ph kho gn nh = 0. C th nh sau:
Nu s dng khong 92 k t c th t mt khu, khng gian mt khu
c th c l S = 92
8

Vi tc th l 1000 mt khu trong mt giy c R = 1000/s
Thi gian sng ca mt mt khu l 1 nm
Ta c xc sut thnh cng l :
P = 1x 365 x 86400 x 1000/92
8
= 1/1.000.000
Nh vy vic d mt khu l khng th v s mt khong 100 nm mi
tm ra mt khu chnh xc.
Thng thng cc chng trnh ph kho thng kt hp mt s thng
tin khc trong qu trnh d mt khu nh:
- Cc thng tin trong tp tin /etc/passwd
- Mt s t in
- T lp v cc t lit k tun t, chuyn i cch pht m ca mt t ...
Bin php khc phc i vi cch thc ph hoi ny l cn xy dng
mt chnh sch bo v mt khu ng n.
c) Trojans
Da theo truyn thuyt c Hy lp "Nga thnh Trojan", trojans l mt
chng trnh chy khng hp l trn mt h thng vi vai tr nh mt chng
trnh hp php. Nhng chng trnh ny thc hin nhng chc nng m ngi
s dng h thng thng khng mong mun hoc khng hp php. Thng
thng, trojans c th chy c l do cc chng trnh hp php b thay
i m ca n bng nhng m bt hp php.
Cc chng trnh virus l mt loi in hnh ca Trojans. Nhng
chng trnh virus che du cc on m trong cc chng trnh s dng hp
191
php. Khi nhng chng trnh ny c kch hot th nhng on m n du
s c thc thi thc hin mt s chc nng m ngi s dng khng bit.
Mt nh ngha chun tc v cc chng trnh Trojans nh sau: chng
trnh trojans l mt chng trnh thc hin mt cng vic m ngi s dng
khng bit trc, ging nh n cp mt khu hay copy file m ngi s dng
khng nhn thc c.
Nhng tc gi ca cc chng trnh trojan xy dng mt kt hoch. Xt
v kha cnh bo mt trn Internet, mt chng trnh trojan s thc hin mt
trong nhng cng vic sau:
- Thc hin mt vi chc nng hoc gip ngi lp trnh pht hin
nhng thng tin quan trng hoc thng tin c nhn trn mt h thng hoc mt
vi thnh phn ca h thng
- Che du mt vi chc nng hoc gip ngi lp trnh pht hin nhng
thng tin quan trng hoc thng tin c nhn trn mt h thng hoc mt vi
thnh phn ca h thng
Mt vi chng trnh trojan c th thc hin c 2 chc nng ny. Ngoi
ra, mt s chng trnh trojans cn c th ph hu h thng bng cch ph hoi
cc thng tin trn cng (v d trng hp ca virus Melisa ly lan qua ng
th in t).
Hin nay vi nhiu k thut mi, cc chng trnh trojan kiu ny d
dng b pht hin v khng c kh nng pht huy tc dng. Tuy nhin trong
UNIX vic pht trin cc chng trnh trojan vn ht sc ph bin.
Cc chng trnh trojan c th ly lan qua nhiu phng thc, hot ng
trn nhiu mi trng h iu hnh khc nhau (t Unix ti Windows, DOS).
c bit trojans thng ly lan qua mt s dch v ph bin nh Mail, FTP...
hoc qua cc tin ch, chng trnh min ph trn mng Internet.
Vic nh gi mc nh hng ca cc chng trnh trojans ht sc
kh khn. Trong mt vi trng hp, n ch n gin l nh hng n cc
truy nhp ca khch hng nh cc chng trnh trojans ly c ni dung ca
file passwd v gi mail ti k ph hoi. Cch thc sa n gin nht l thay th
ton b ni dung ca cc chng trnh b nh hng bi cc on m trojans
v thay th cc password ca ngi s dng h thng.
Tuy nhin vi nhng trng hp nghim trng hn, l nhng k tn
cng to ra nhng l hng bo mt thng qua cc chng trnh trojans. V d
nhng k tn cng ly c quyn root trn h thng v li dng n ph hu
ton b hoc mt phn ca h thng. Chng dng quyn root thay i
logfile, ci t cc chng trnh trojans khc m ngi qun tr khng th pht
hin. Trong trng hp ny, mc nh hng l nghim trng v ngi qun
tr h thng ch cn cch l ci t li ton b h thng
d) Sniffer
i vi bo mt h thng sniffer c hiu l cc cng c (c th l
phn cng hoc phn mm) "bt" cc thng tin lu chuyn trn mng v t cc
192
thng tin "bt" c ly c nhng thng tin c gi tr trao i trn
mng.
Hot ng ca sniffer cng ging nh cc chng trnh "bt" cc thng
tin g t bn phm (key capture). Tuy nhin cc tin ch key capture ch thc
hin trn mt trm lm vic c th cn i vi sniffer c th bt c cc thng
tin trao i gia nhiu trm lm vic vi nhau.
Cc chng trnh sniffer (sniffer mm) hoc cc thit b sniffer (sniffer
cng) u thc hin bt cc gi tin tng IP tr xung (gm IP datagram v
Ethernet Packet). Do , c th thc hin sniffer i vi cc giao thc khc
nhau tng mng nh TCP, UDP, IPX, ...
Mt khc, giao thc tng IP c nh ngha cng khai, v cu trc
cc trng header r rng, nn vic gii m cc gi tin ny khng kh khn.
Mc ch ca cc chng trnh sniffer l thit lp ch
promiscuous (mode dng chung) trn cc card mng ethernet - ni cc gi tin
trao i trong mng - t "bt" c thng tin.
Cc thit b sniffer c th bt c ton b thng tin trao i trn mng
l da vo nguyn tc broadcast (qung b) cc gi tin trong mng Ethernet.
Trn h thng mng khng dng hub, d liu khng chuyn n mt
hng m c lu chuyn theo mi hng. V d khi mt trm lm vic cn
c gi mt thng bo n mt trm lm vic khc trn cng mt segment
mng, mt yu cu t trm ch c gi ti tt c cc trm lm vic trn mng
xc nh trm no l trm cn nhn thng tin (trm ch). Cho ti khi trm
ngun nhn c thng bo chp nhn t trm ch th lung d liu s c
gi i. Theo ng nguyn tc, nhng trm khc trn segment mng s b qua
cc thng tin trao i gia hai trm ngun v trm ch xc nh. Tuy nhin,
cc trm khc cng khng b bt buc phi b qua nhng thng tin ny, do
chng vn c th "nghe" c bng cch thit lp ch promiscous mode trn
cc card mng ca trm . Sniffer s thc hin cng vic ny.
Mt h thng sniffer c th kt hp c cc thit b phn cng v phn
mm, trong h thng phn mm vi cc ch debug thc hin phn tch
cc gi tin "bt" c trn mng.
H thng sniffer phi c t trong cng mt segment mng (network
block) cn nghe ln.
Hnh sau minh ho v tr t sniffer:
193

Hnh 6.3: Cc v tr t sniffer trn 1 segment mng
Phng thc tn cng mng da vo cc h thng sniffer l rt nguy
him v n c thc hin cc tng rt thp trong h thng mng. Vi vic
thit lp h thng sniffer cho php ly c ton b cc thng tin trao i trn
mng. Cc thng tin c th l:
- Cc ti khon v mt khu truy nhp
- Cc thng tin ni b hoc c gi tr cao...
Tuy nhin vic thit lp mt h thng sniffer khng phi n gin v cn
phi xm nhp c vo h thng mng v ci t cc phn mm sniffer.
ng thi cc chng trnh sniffer cng yu cu ngi s dng phi hiu su
v kin trc, cc giao thc mng.
Mc khc, s lng cc thng tin trao i trn mng rt ln nn cc d
liu do cc chng trnh sniffer sinh ra kh ln. Thng thng, cc chng
trnh sniffer c th cu hnh ch thu nhp t 200 - 300 bytes trong mt gi
tin, vi thng nhng thng tin quan trng nh tn ngi dng, mt khu nm
phn u gi tin.
Trong mt s trng hp qun tr mng, phn tch cc thng tin lu
chuyn trn mng, ngi qun tr cng cn ch ng thit lp cc chng trnh
sniffer, vi vai tr ny sniffer c tc dng tt.
Vic pht hin h thng b sniffer khng phi n gin, v sniffer hot
ng tng rt thp, v khng nh hng ti cc ng dng cng nh cc dch
v h thng cung cp. Mt s bin php sau ch c tc dng kim tra h
thng nh:
- Kim tra cc tin trnh ang thc hin trn h thng (bng lnh ps trn
Unix hoc trnh qun l ti nguyn trong Windows NT). Qua kim tra cc
tin trnh l trn h thng; ti nguyn s dng, thi gian khi to tin trnh...
pht hin cc chng trnh sniffer.
194
- S dng mt vi tin ch pht hin card mng c chuyn sang ch
promiscous hay khng. Nhng tin ch ny gip pht hin h thng ca bn
c ang chy sniffer hay khng.
Tuy nhin vic xy dng cc bin php hn ch sniffer cng khng qu
kh khn nu ta tun th cc nguyn tc v bo mt nh:
- Khng cho ngi l truy nhp vo cc thit b trn h thng
- Qun l cu hnh h thng cht ch
- Thit lp cc kt ni c tnh bo mt cao thng qua cc c ch m ho.

1.1.3. Mt s im yu ca h thng
1.1.3.1. Deamon fingerd
Mt l hng ca deamon fingerd l c hi phng thc tn cng
worm "su" trn Internet pht trin: l li trn vng m trong cc tin trnh
fingerd (li khi lp trnh). Vng m lu chui k t nhp c gii hn l
512 bytes. Tuy nhin chng trnh fingerd khng thc hin kim tra d liu
u vo khi ln hn 512 bytes. Kt qu l xy ra hin tng trn d liu vng
m khi d liu ln hn 512 bytes. Phn d liu d tha cha nhng on m
kch mt script khc hot ng; scripts ny tip tc thc hin finger ti mt
host khc. Kt qu l hnh thnh mt mt xch cc "su" trn mng Internet.
1.1.3.2. File hosts.equiv
Nu mt ngi s dng c xc nh trong file host.equiv cng vi a
ch my ca ngi , th ngi s dng c php truy nhp t xa vo h
thng khai bo. Tuy nhin c mt l hng khi thc hin chc nng ny l
n cho php ngi truy nhp t xa c c quyn ca bt c ngi no khc
trn h thng. V d, nu trn my A c mt file /etc/host.equiv c dng nh
danh B julie, th julie trn B c th truy nhp vo h thng A v c bt c
quyn ca bt c ngi no khc trn A. y l do li ca th tc ruserok()
trong th vin libc khi lp trnh.
1.1.3.3. Th mc /var/mail
Nu th mc /var/mail c set l vi quyn c vit (writeable) i
vi tt c mi ngi trn h thng, th bt c ai c th to file trong th mc
ny. Sau to mt file vi tn ca mt ngi c trn h thng ri link ti
mt file trn h thng, th cc th ti ngi s dng c tn trng vi tn file
link s c gn thm vo trong file m n link ti.
V d, mt ngi s dng to link t /var/mail/root ti /etc/passwd, sau
gi mail bng tn mt ngi mi ti root th tn ngi s dng mi ny s
c gn thm vo trong file /etc/passwd; Do vy th mc /var/mail khng bao
gi c set vi quyn writeable.
195
1.1.3.4. Chc nng proxy ca FTPd
Chc nng proxy server ca FTPd cho php mt ngi s dng c th
truyn file t mt ftpd ny ti mt ftpd server khc. S dng chc nng ny s
c th b qua c cc xc thc da trn a ch IP.
Nguyn nhn l do ngi s dng c th yu cu mt file trn ftp server
gi mt file ti bt k a ch IP no. Nn ngi s dng c th yu cu ftp
server gi mt file gm cc lnh l PORT v PASV ti cc server ang
nghe trn cc port TCP trn bt k mt host no; kt qu l mt trong cc host
c ftp server chy v tin cy ngi s dng nn b qua c xc thc a
ch IP.
1.1.4. Cc mc bo v an ton mng
V khng c mt gii php an ton tuyt i nn ngi ta thng phi s
dng ng thi nhiu mc bo v khc nhau to thnh nhiu lp "ro chn" i
vi cc hot ng xm phm. Vic bo v thng tin trn mng ch yu l bo
v thng tin ct gi trong cc my tnh, c bit l trong cc server ca mng.
Hnh sau m t cc lp ro chn thng dng hin nay bo v thng tin ti
cc trm ca mng:

NFORMATON
A
c
c
e
s
s

r
i
g
h
t
s
l
o
g
i
n
/
p
a
s
s
w
o
r
d
d
a
t
a

e
n
c
r
y
t
i
o
n
P
h
y
s
i
c
a
l

p
r
o
t
e
c
t
i
o
n
f
i
r
e
w
a
l
l
s

Hnh 6.4: Cc mc bo v mng

Nh minh ho trong hnh trn, cc lp bo v thng tin trn mng gm:
- Lp bo v trong cng l quyn truy nhp nhm kim sot cc ti
nguyn ( y l thng tin) ca mng v quyn hn (c th thc hin nhng
thao tc g) trn ti nguyn . Hin nay vic kim sot mc ny c p
dng su nht i vi tp.
- Lp bo v tip theo l hn ch theo ti khon truy nhp gm ng k
tn v mt khu tng ng. y l phng php bo v ph bin nht v n
n gin, t tn km v cng rt c hiu qu. Mi ngi s dng mun truy
nhp c vo mng s dng cc ti nguyn u phi c ng k tn v mt
khu. Ngi qun tr h thng c trch nhim qun l, kim sot mi hot ng
196
ca mng v xc nh quyn truy nhp ca nhng ngi s dng khc tu theo
thi gian v khng gian.
- Lp th ba l s dng cc phng php m ho (encryption). D liu
c bin i t dng clear text sang dng m ho theo mt thut ton no .
- Lp th t l bo v vt l (physical protection) nhm ngn cn cc
truy nhp vt l bt hp php vo h thng. Thng dng cc bin php truyn
thng nh ngn cm ngi khng c nhim v vo phng t my, dng h
thng kho trn my tnh, ci t cc h thng bo ng khi c truy nhp vo
h thng ...
- Lp th nm: Ci t cc h thng bc tng la (firewall), nhm
ngn chn cc thm nhp tri php v cho php lc cc gi tin m ta khng
mun gi i hoc nhn vo v mt l do no .

1.2. Cc bin php bo v mng my tnh
1.2.1. Kim sot h thng qua logfile
Mt trong nhng bin php d tm cc du vt hot ng trn mt h
thng l da vo cc cng c ghi logfile. Cc cng c ny thc hin ghi li nht
k cc phin lm vic trn h thng. Ni dung chi tit thng tin ghi li ph
thuc vo cu hnh ngi qun tr h thng. Ngoi vic r sot theo di hot
ng, i vi nhiu h thng cc thng tin trong logfile gip ngi qun tr
nh gi c cht lng, hiu nng ca mng li.
1.2.1.1. H thng logfile trong Unix
Trong Unix, cc cng c ghi log to ra logfile l cc file di dng text
thng thng cho php ngi s dng dng nhng cng c son tho file text
bt k c th c c ni dung. Tuy nhin, mt s trng hp logfile c
ghi di dng binary v ch c th s dng mt s tin ch c bit mi c th
c c thng tin.
a) Logfile lastlog:
Tin ch ny ghi li nhng ln truy nhp gn y i vi h thng. Cc
thng tin ghi li gm tn ngi truy nhp, thi im, a ch truy nhp ... Cc
chng trnh login s c ni dung file lastlog, kim tra theo UID truy nhp
vo h thng v s thng bo ln truy nhp vo h thng gn y nht. V d
nh sau:
Last login: Fri Sep 15 2000 14:11:38
Sun Microsystems Inc. SunOS 5.7 Generic October 1998
No mail.
Sun Microsystems Inc. SunOS 5.7 Generic October 1998
/export/home/ptthanh

197
b) Logfile UTMP
Logfile ny ghi li thng tin v nhng ngi ang login vo h thng,
thng nm th mc /etc/utmp. xem thng tin trong logfile c th s dng
cc tin ch nh who, w, finger, rwho, users. V d ni dung ca logfile dng
lnh who nh sau:
/export/home/vhai% who
root console Aug 10 08:45 (:0)
ptthanh pts/4 Sep 15 15:27 (203.162.0.87)
ptthanh pts/6 Sep 15 15:28 (203.162.0.87)
root pts/12 Sep 7 16:35 (:0.0)
root pts/13 Sep 7 11:35 (:0.0)
root pts/14 Sep 7 11:39 (:0.0)

c) Logfile WTMP
Logfile ny ghi li cc thng tin v cc hot ng login v logout vo h
thng. N c chc nng tng t vi logfile UTMP. Ngoi ra cn ghi li cc
thng tin v cc ln shutdown, reboot h thng, cc phin truy nhp hoc ftp v
thng nm th mc /var/adm/wtmp. Logfile ny thng c xem bng
lnh "last". V d ni dung nh sau:
/export/home/vhai% last | more
ptthanh pts/10 203.162.0.85 Mon Sep 18 08:44 still logged in
ptthanh pts/10 Sat Sep 16 16:52 - 16:52 (00:00)
vtoan pts/10 203.162.0.87 Fri Sep 15 15:30 - 16:52 (1+01:22)
vtoan pts/6 203.162.0.87 Fri Sep 15 15:28 still logged in
vtoan pts/4 Fri Sep 15 15:12 - 15:12 (00:00)

d) Tin ch Syslog
y l mt cng c ghi logfile rt hu ch, c s dng rt thng dng
trn cc h thng UNIX. Tin ch syslog gip ngi qun tr h thng d dng
trong vic thc hin ghi logfile i vi cc dch v khc nhau. Thng thng
tin ch syslog thng c chy di dng mt daemon v c kch hot khi
h thng khi ng. Daemon syslogd ly thng tin t mt s ngun sau:
- /dev/log: Nhn cc messages t cc tin trnh hot ng trn h thng
- /dev/klog: nhn messages t kernel
- port 514: nhn cc messages t cc my khc qua port 514 UDP.
Khi syslogd nhn cc messages t cc ngun thng tin ny n s thc
hin kim tra file cu hnh ca dch v l syslog.conf to log file tng ng.
C th cu hnh file syslog.conf to mt message vi nhiu dch v khc
nhau.
198
V d ni dung mt file syslog.conf nh sau:
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/console
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
# if a non-loghost machine chooses to have authentication messages
Trong ni dung file syslog.conf ch ra, i vi cc message c dng
*.emerg (message c tnh khn cp) s c thng bo ti tt c ngi s dng
trn h thng; i vi cc messages c dng *.err, hoc kern.debug v nhng
hot ng truy cp khng hp php s c ghi log trong file
/var/adm/messages.
Mc nh, cc messages c ghi vo logfile /var/adm/messages.
e) Tin ch sulog
Bt c khi no ngi s dng dng lnh "su" chuyn sang hot ng
h thng di quyn mt user khc u c ghi log thng qua tin ch sulog.
Nhng thng tin logfile ny c ghi vo logfile /var/adm/sulog. Tin ch ny
cho php pht hin cc trng hp dng quyn root c c quyn ca mt
user no khc trn h thng.
V d ni dung ca logfile sulog nh sau:
# more /var/adm/sulog
SU 01/04 13:34 + pts/1 ptthanh-root

f) Tin ch cron
Tin ch cron s ghi li logfile ca cc hot ng thc hin bi lnh
crontabs. Thng thng, logfile ca cc hot ng cron lu trong file
/var/log/cron/log. Ngoi ra, c th cu hnh syslog ghi li cc logfile ca
hot ng cron.
V d ni dung ca logfile cron nh sau:
199
# more /var/log/cron/log
! *** cron started *** pid = 2367 Fri Aug 4 16:32:38 2000
> CMD: /export/home/mrtg/mrtg /export/home/mrtg/termcount.cfg
> ptthanh 2386 c Fri Aug 4 16:34:01 2000
< ptthanh 2386 c Fri Aug 4 16:34:02 2000
> CMD: /export/home/mrtg/getcount.pl
> ptthanh 2400 c Fri Aug 4 16:35:00 2000
< ptthanh 2400 c Fri Aug 4 16:35:10 2000
> CMD: /export/home/mrtg/mrtg /export/home/mrtg/termcount.cfg

g) Logfile ca sendmail
Hot ng ghi log ca sendmail c th c ghi qua tin ch syslog.
Ngoi ra chng trnh sendmail cn c la chn "-L + level security" vi mc
bo mt t "debug" ti "crit" cho php ghi li logfile. V sendmail l mt
chng trnh c nhiu bug, vi nhiu l hng bo mt nn ngi qun tr h
thng thng xuyn nn ghi li logfile i vi dch v ny.
h) Logfile ca dch v FTP
Hu ht cc daemon FTP hin nay u cho php cu hnh ghi li
logfile s dng dch v FTP trn h thng . Hot ng ghi logfile ca dch v
FTP thng c s dng vi la chn "-l", cu hnh c th trong file
/etc/inetd.conf nh sau:
# more /etc/inetd.conf
ftp stream tcp nowait root /etc/ftpd/in.ftpd in.ftpd l
Sau cu hnh syslog.conf tng ng vi dch v FTP; c th nh sau:
# Logfile FTP
daemon.info ftplogfile
Vi la chn ny s ghi li nhiu thng tin quan trng trong mt phin
ftp nh: thi im truy nhp, a ch IP, d liu get/put ... vo site FTP . V
d ni dung logfile ca mt phin ftp nh sau:
Sun Jul 16 21:55:06 2000 12 nms 8304640 /export/home/ptthanh/PHSS_17926.depot b _ o r
ptthanh ftp 0 * c
Sun Jul 16 21:56:45 2000 96 nms 64624640 /export/home/ptthanh/PHSS_19345.depot b _ o
r ptthanh ftp 0 * c
Sun Jul 16 21:57:41 2000 4 nms 3379200 /export/home/ptthanh/PHSS_19423.depot b _ o r
ptthanh ftp 0 * c
Sun Jul 16 22:00:38 2000 174 nms 130396160 /export/home/ptthanh/PHSS_19987.depot b _
o r ptthanh ftp 0 * c
200
i) Logfile ca dch v Web:
Ty thuc vo Web server s dng s c cc phng thc v cu hnh
ghi logfile ca dch v Web khc nhau. Hu ht cc web server thng dng
hin nay u h tr c ch ghi log. V d ni dung logfile ca dch v Web s
dng Web server Netscape nh sau:
202.167.123.170 - - [03/Aug/2000:10:59:43 +0700] "GET /support/cgi-bin/search.pl
HTTP/1.0" 401 223
203.162.46.67 - - [03/Sep/2000:22:50:52 +0700] "GET http://www.geocities.com/ HTTP/1.1"
401 223
203.162.0.85 - - [15/Sep/2000:07:43:17 +0700] "GET /support/cgi-bin/search.pl HTTP/1.0"
401 223
203.162.0.85 - ptthanh [15/Sep/2000:07:43:22 +0700] "GET /support/cgi-bin/search.pl
HTTP/1.0" 404 207
203.162.0.85 - - [15/Sep/2000:07:43:17 +0700] "GET /support/cgi-bin/search.pl HTTP/1.0"
401 223

1.2.1.2. Mt s cng c hu ch h tr phn tch logfile:
i vi ngi qun tr, vic phn tch logfile ca cc dch v l ht sc
quan trng. Mt s cng c trn mng gip ngi qun tr thc hin cng vic
ny d dng hn, l:
- Tin ch chklastlog v chkwtmp gip phn tch cc logfile lastlog v
WTMP theo yu cu ngi qun tr.
- Tin ch netlog gip phn tch cc gi tin, gm 3 thnh phn:
+ TCPlogger: log li tt c cc kt ni TCP trn mt subnet
+ UDPlogger: log li tt c cc kt ni UDP trn mt subnet
+ Extract: X l cc logfile ghi li bi TCPlogger v UDBlogger.
- Tin ch TCP wrapper: Tin ch ny cho php ngi qun tr h thng
d dng gim st v lc cc gi tin TCP ca cc dch v nh systat, finger,
telnet, rlogin, rsh, talk ...
1.2.1.3. Cc cng c ghi log thng s dng trong Windows NT v 2000
Trong h thng Windows NT 4.0 v Windows 2000 hin nay u h tr
y cc c ch ghi log vi cc mc khc nhau. Ngi qun tr h thng
ty thuc vo mc an ton ca dch v v cc thng tin s dng c th la
chn cc mc ghi log khc nhau. Ngoi ra, trn h thng Windows NT cn
h tr cc c ch ghi logfile trc tip vo cc database to bo co gip
ngi qun tr phn tch v kim tra h thng nhanh chng v thun tin. S
dng tin ch event view xem cc thng tin logfile trn h thng vi cc mc
nh Application log; Security log; System log. Cc hnh di y s minh
ho mt s hot ng ghi logfile trn h thng Windows:
201
V d: ghi li hot ng c, vit, truy nhp.... i vi mt file/th
mc l thnh cng hay khng thnh cng ngi qun tr c th cu hnh nh
sau:
Chn File Manager - User Manager - Security - Auditing. V d hnh
sau minh ha cc hot ng c th c ghi log trong Windows 2000:

Hnh 6.5: Ghi log trong Windows 2000

- S dng tin ch Event View cho php xem nhng thng tin logfile
nh sau:
202

Hnh 6.6: Cng c Event View ca Windows 2000

Xem chi tit ni dung mt message:

203

Hnh 6.7: Chi tit 1 thng bo li trong Windows 2000

Thng bo ny cho bit nguyn nhn, thi im xy ra li cng nh
nhiu thng tin quan trng khc.
C th cu hnh Event Service thc hin mt action khi c mt thng
bo li xy ra nh sau:

204

Hnh 6.8: Cu hnh dchv ghi log trong Windows 2000

Ngoi ra, cng ging nh trn UNIX, trong Windows NT cng c cc
cng c theo di logfile ca mt s dch v thng dng nh FTP, Web. Ty
thuc vo loi server s dng c cc phng php cu hnh khc nhau.

1.2.2. Thit lp chnh sch bo mt h thng
Trong cc bc xy dng mt chnh sch bo mt i vi mt h thng,
nhim v u tin ca ngi qun tr l xc nh c ng mc tiu cn bo
mt. Vic xc nh nhng mc tiu ca chnh sch bo mt gip ngi s dng
bit c trch nhim ca mnh trong vic bo v cc ti nguyn thng tin trn
mng, ng thi gip cc nh qun tr thit lp cc bin php m bo hu
hiu trong qu trnh trang b, cu hnh v kim sot hot ng ca h thng.
Nhng mc tiu bo mt bao gm:
1.2.2.1. Xc nh i tng cn bo v
y l mc tiu u tin v quan trng nht trong khi thit lp mt chnh
sch bo mt. Ngi qun tr h thng cn xc nh r nhng i tng no l
205
quan trng nht trong h thng cn bo v v xc nh r mc u tin i
vi nhng i tng . V d cc i tng cn bo v trn mt h thng c
th l: cc my ch dch v, cc router, cc im truy nhp h thng, cc
chng trnh ng dng, h qun tr CSDL, cc dch v cung cp ...
Trong bc ny cn xc nh r phm vi v ranh gii gia cc thnh
phn trong h thng khi xy ra s c trn h thng c th c lp cc thnh
phn ny vi nhau, d dng d tm nguyn nhn v cch khc phc. C th chia
cc thnh phn trn mt h thng theo cc cch sau:
- Phn tch cc dch v ty theo mc truy cp v tin cy.
- Phn tch h thng theo cc thnh phn vt l nh cc my ch
(server), router, cc my trm (workstation)...
- Phn tch theo phm vi cung cp ca cc dch v nh: cc dch v bn
trong mng (NIS, NFS ...) v cc dch v bn ngoi nh Web, FTP, Mail ...

1.2.2.2. Xc nh nguy c i vi h thng
Cc nguy c i vi h thng chnh l cc l hng bo mt ca cc dch
v h thng cung cp. Vic xc nh ng n cc nguy c ny gip ngi
qun tr c th trnh c nhng cuc tn cng mng, hoc c bin php bo
v ng n. Thng thng, mt s nguy c ny nm cc thnh phn sau trn
h thng:
a) Cc im truy nhp:
Cc im truy nhp ca h thng bt k (Access Points) thng ng
vai tr quan trng i vi mi h thng v y l im u tin m ngi s
dng cng nh nhng k tn cng mng quan tm ti. Thng thng cc im
truy nhp thng phc v hu ht ngi dng trn mng, khng ph thuc vo
quyn hn cng nh dch v m ngi s dng dng. Do , cc im truy
nhp thng l thnh phn c tnh bo mt lng lo. Mt khc, i vi nhiu h
thng cn cho php ngi s dng dng cc dch v nh Telnet, rlogin truy
nhp vo h thng, y l nhng dch v c nhiu l hng bo mt.
b) Khng kim sot c cu hnh h thng
Khng kim sot hoc mt cu hnh h thng chim mt t l ln trong
s cc l hng bo mt. Ngy nay, c mt s lng ln cc phn mm s dng,
yu cu cu hnh phc tp v a dng hn, iu ny cng dn n nhng kh
khn ngi qun tr nm bt c cu hnh h thng. khc phc hin
tng ny, nhiu hng sn xut phn mm a ra nhng cu hnh khi to
mc nh, trong khi nhng cu hnh ny khng c xem xt k lng trong
mt mi trng bo mt. Do , nhim v ca ngi qun tr l phi nm c
hot ng ca cc phn mm s dng, ngha ca cc file cu hnh quan trng,
p dng cc bin php bo v cu hnh nh s dng phng thc m ha
hashing code (MD5).
c) Nhng bug phn mm s dng
Nhng bug phn mm to nn nhng l hng ca dch v l c hi cho
cc hnh thc tn cng khc nhau xm nhp vo mng. Do , ngi qun tr
206
phi thng xuyn cp nht tin tc trn cc nhm tin v bo mt v t nh cung
cp phn mm pht hin nhng li ca phn mm s dng. Khi pht hin c
bug cn thay th hoc ngng s dng phn mm ch nng cp ln phin bn
tip theo.
d) Nhng nguy c trong ni b mng
Mt h thng khng nhng chu tn cng t ngoi mng, m c th b
tn cng ngay t bn trong. C th l v tnh hoc c , cc hnh thc ph hoi
bn trong mng vn thng xy ra trn mt s h thng ln. Ch yu vi hnh
thc tn cng bn trong mng l k tn cng c th tip cn v mt vt l i
vi cc thit b trn h thng, t c quyn truy nhp bt hp php ti ngay
h thng . V d nhiu trm lm vic c th chim c quyn s dng nu
k tn cng ngi ngay ti cc trm lm vic .

1.2.2.3. Xc nh phng n thc thi chnh sch bo mt
Sau khi thit lp c mt chnh sch bo mt, mt hot ng tip theo
l la chn cc phng n thc thi mt chnh sch bo mt. Mt chnh sch
bo mt l hon ho khi n c tnh thc thi cao. nh gi tnh thc thi ny,
c mt s tiu ch la chn l:
- Tnh ng n
- Tnh thn thin
- Tnh hiu qu

1.2.2.4. Thit lp cc qui tc/th tc
a) Cc th tc i vi hot ng truy nhp bt hp php
S dng mt vi cng c c th pht hin ra cc hnh ng truy nhp
bt hp php vo mt h thng. Cc cng c ny c th i km theo h iu
hnh, hoc t cc hng sn xut phn mm th ba. y l bin php ph bin
nht theo di cc hot ng h thng.
- Cc cng c logging: hu ht cc h iu hnh u h tr mt s lng
ln cc cng c ghi log vi nhiu thng tin b ch. pht hin nhng hot
ng truy nhp bt hp php, mt s qui tc khi phn tch logfile nh sau:
+ So snh cc hot ng trong logfile vi cc log trong qu kh. i
vi cc hot ng thng thng, cc thng tin trong logfile thng c chu k
ging nhau nh thi im ngi s dng login hoc log out, thi gian s dng
cc dch v trn h thng...
+ Nhiu h thng s dng cc thng tin trong logfile to ha n cho
khch hng. C th da vo cc thng tin trong ha n thanh ton xem xt
cc truy nhp bt hp php nu thy trong ha n c nhng im bt
thng nh thi im truy nhp, s in thoi l ...
+ Da vo cc tin ch nh syslog xem xt, c bit l cc thng bo
li login khng hp l (bad login) trong nhiu ln.
207
+ Da vo cc tin ch km theo h iu hnh theo di cc tin trnh
ang hot ng trn h thng; pht hin nhng tin trnh l, hoc nhng
chng trnh khi to khng hp l ...
- S dng cc cng c gim st khc: V d s dng cc tin ch v
mng theo di cc lu lng, ti nguyn trn mng pht hin nhng im
nghi ng.
b) Cc th tc bo v h thng
- Th tc qun l ti khon ngi s dng
- Th tc qun l mt khu
- Th tc qun l cu hnh h thng
- Th tc sao lu v khi phc d liu
- Th tc bo co s c

1.2.2.5. Kim tra, nh gi v hon thin chnh sch bo mt
Mt h thng lun c nhng bin ng v cu hnh, cc dch v s
dng, v ngay c nn tng h iu hnh s dng, cc thit b phn cng .... do
vy ngi thit lp cc chnh sch bo mt m c th l cc nh qun tr h
thng lun lun phi r sat, kim tra li chnh sch bo mt m bo lun ph
hp vi thc t. Mt khc kim tra v nh gi chnh sch bo mt cn gip
cho cc nh qun l c k hoch xy dng mng li hiu qu hn.
a) Kim tra, nh gi
Cng vic ny c thc hin thng xuyn v lin tc. Kt qu ca
mt chnh sch bo mt th hin r nt nht trong cht lng dch v m h
thng cung cp. Da vo c th kim tra, nh gi c chnh sch bo
mt l hp l hay cha. V d, mt nh cung cp dch v Internet c th
kim tra c chnh sch bo mt ca mnh da vo kh nng phn ng ca h
thng khi b tn cng t bn ngoi nh cc hnh ng spam mail, DoS, truy
nhp h thng tri php ...
Hot ng nh gi mt chnh sch bo mt c th da vo mt s tiu
ch sau:
- Tnh thc thi.
- Kh nng pht hin v ngn nga cc hot ng ph hoi.
- Cc cng c hu hiu hn ch cc hot ng ph hoi h thng.
b) Hon thin chnh sch bo mt:
T cc hot ng kim tra, nh gi nu trn, cc nh qun tr h thng
c th rt ra c nhng kinh nghim c th ci thin chnh sch bo mt
hu hiu hn. Ci thin chnh sch c th l nhng hnh ng nhm n gin
cng vic ngi s dng, gim nh phc tp trn h thng ...
Nhng hot ng ci thin chnh sch bo mt c th din ra trong sut
thi gian tn ti ca h thng . N gn lin vi cc cng vic qun tr v duy
208
tr h thng. y cng chnh l mt yu cu trong khi xy dng mt chnh sch
bo mt, cn phi lun lun mm do, c nhng thay i ph hp ty theo iu
kin thc t.
2. Tng quan v h thng firewall
2.1. Gii thiu v Firewall
2.1.1. Khi nim Firewall
Firewall l thit b nhm ngn chn s truy nhp khng hp l t mng
ngoi vo mng trong. H thng firewall thng bao gm c phn cng v
phn mm. Firewall thng c dng theo phng thc ngn chn hay to
cc lut i vi cc a ch khc nhau.
2.1.2. Cc chc nng c bn ca Firewall
Chc nng chnh ca Firewall l kim sot lung thng tin gia mng
cn bo v (Trusted Network) v Internet thng qua cc chnh sch truy nhp
c thit lp.
- Cho php hoc cm cc dch v truy nhp t trong ra ngoi v t ngoi
vo trong.
- Kim sot a ch truy nhp, v dch v s dng.
- Kim sot kh nng truy cp ngi s dng gia 2 mng.
- Kim sot ni dung thng tin truyn ti gia 2 mng.
- Ngn nga kh nng tn cng t cc mng ngoi.
Xy dng firewalls l mt bin php kh hu hiu, n cho php bo v
v kim sot hu ht cc dch v do c p dng ph bin nht trong cc
bin php bo v mng. Thng thng, mt h thng firewall l mt cng
(gateway) gia mng ni b giao tip vi mng bn ngoi v ngc li
2.1.3. M hnh mng s dng Firewall
Kin trc ca h thng c firewall nh sau:

Hnh 6.9: Kin trc h thng c firewall
209
Nhn chung, mi h thng firewall u c cc thnh phn nh sau:
Hnh 6.10: Cc thnh phn ca h thng firewall
Firewall c th bao gm phn cng hoc phn mm nhng thng l c
hai. V mt phn cng th firewall c chc nng gn ging mt router, n cho
php hin th cc a ch IP ang kt ni qua n. iu ny cho php bn xc
nh c cc a ch no c php v cc a ch IP no khng c php kt
ni.
Tt c cc firewall u c chung mt thuc tnh l cho php phn bit
i x hay kh nng t chi truy nhp da trn cc a ch ngun.
Theo hnh trn cc thnh phn ca mt h thng firewall bao gm:
- Screening router: L chng kim sot u tin cho LAN.
- DMZ: Khu "phi qun s", l vng c nguy c b tn cng t Internet.
- Gateway: l cng ra vo gia mng LAN v DMZ, kim sot mi lin
lc, thc thi cc c ch bo mt.
- IF1: Interface 1: L card giao tip vi vng DMZ.
- IF2: Interface 2: L card giao tip vi vng mng LAN.
210
- FTP gateway: Kim sot truy cp FTP gia LAN v vng DMZ. Cc
truy cp ftp t mng LAN ra Internet l t do. Cc truy cp FTP vo LAN i
hi xc thc thng qua Authentication Server.
- Telnet Gateway: Kim sot truy cp telnet gia mng LAN v Internet.
Ging nh FTP, ngi dng c th telnet ra ngoi t do, cc telnet t ngoi vo
yu cu phi xc thc qua Authentication Server
- Authentication Server: c s dng bi cc cng giao tip, nhn din
cc yu cu kt ni, dng cc k thut xc thc mnh nh one-time
password/token (mt khu s dng mt ln). Cc my ch dch v trong mng
LAN c bo v an ton, khng c kt ni trc tip vi Internet, tt c cc
thng tin trao i u c kim sot qua gateway.
2.1.4. Phn loi Firewall
C kh nhiu loi firewall, mi loi c nhng u v nhc im ring.
Tuy nhin thun tin cho vic nghin cu ngi ta chia h thng lm 2 loi
chnh:
- Packet filtering: l h thng firewall cho php chuyn thng tin gia h
thng trong v ngoi mng c kim sot.
- Application-proxy firewall: l h thng firewall thc hin cc kt ni
thay cho cc kt ni trc tip t my khch yu cu.
2.1.4.1. Packet Filtering
Kiu firewall chung nht l kiu da trn mc mng ca m hnh OSI.
Firewall mc mng thng hot ng theo nguyn tc router hay cn c gi
l router, c ngha l to ra cc lut cho php quyn truy nhp mng da trn
mc mng. M hnh ny hot ng theo nguyn tc lc gi tin (packet
filtering).
kiu hot ng ny cc gi tin u c kim tra a ch ngun ni
chng xut pht. Sau khi a ch IP ngun c xc nh th n c kim tra
vi cc lut c t ra trn router. V d ngi qun tr firewall quyt nh
rng khng cho php bt k mt gi tin no xut pht t mng microsoft.com
c kt ni vi mng trong th cc gi tin xut pht t mng ny s khng bao
gi n c mng trong.
Cc firewall hot ng lp mng (tng t nh mt router) thng
cho php tc x l nhanh bi n ch kim tra a ch IP ngun m khng c
mt lnh thc s no trn router, n khng cn mt khong thi gian no
xc nh xem l a ch sai hay b cm. Nhng iu ny b tr gi bi tnh tin
cy ca n. Kiu firewall ny s dng a ch IP ngun lm ch th, iu ny to
ra mt l hng l nu mt gi tin mang a ch ngun l a ch gi th nh vy
n s c c mt s mc truy nhp vo mng trong ca bn.
Tuy nhin c nhiu bin php k thut c th c p dng cho vic lc
gi tin nhm khc phc yu im ny. V d nh i vi cc cng ngh packet
filtering phc tp th khng ch c trng a ch IP c kim tra bi router
m cn c cc trng khc na c kim tra vi cc lut c to ra trn
211
firewall, cc thng tin khc ny c th l thi gian truy nhp, giao thc s
dng, port ...
Firewall kiu Packet Filtering c th c phn thnh 2 loi:
a) Packet filtering firewall: hot ng ti lp mng ca m hnh OSI
hay lp IP trong m hnh giao thc TCP/IP.

Hnh 6.11: Packet filtering firewall
b) Circuit level gateway: hot ng ti lp phin (session) ca m hnh
OSI hay lp TCP trong m hnh giao thc TCP/IP.
Hnh 6.12: Circuit level gateway
212
2.1.4.2. Application-proxy firewall
Kiu firewall ny hot ng da trn phn mm. Khi mt kt ni t mt
ngi dng no n mng s dng firewall kiu ny th kt ni s b
chn li, sau firewall s kim tra cc trng c lin quan ca gi tin yu cu
kt ni. Nu vic kim tra thnh cng, c ngha l cc trng thng tin p ng
c cc lut t ra trn firewall th firewall s to mt ci cu kt ni gia
hai node vi nhau.
u im ca kiu firewall loi ny l khng c chc nng chuyn tip
cc gi tin IP, hn na ta c th iu khin mt cch chi tit hn cc kt ni
thng qua firewall. ng thi n cn a ra nhiu cng c cho php ghi li cc
qu trnh kt ni. Tt nhin iu ny phi tr gi bi tc x l, bi v tt c
cc kt ni cng nh cc gi tin chuyn qua firewall u c kim tra k
lng vi cc lut trn firewall v ri nu c chp nhn s c chuyn tip
ti node ch.
S chuyn tip cc gi tin IP xy ra khi mt my ch nhn c mt
yu cu t mng ngoi ri chuyn chng vo mng trong. iu ny to ra mt
l hng cho cc k ph hoi (hacker) xm nhp t mng ngoi vo mng trong.
Nhc im ca kiu firewall hot ng da trn ng dng l phi to
cho mi dch v trn mng mt trnh ng dng u quyn (proxy) trn firewall
v d nh phi to mt trnh ftp proxy dch v ftp, to trnh http proxy cho dch
v http... Nh vy ta c th thy rng trong kiu giao thc client-server nh
dch v telnet lm v d th cn phi thc hin hai bc cho hai my ngoi
mng v trong mng c th kt ni c vi nhau. Khi s dng firewall kiu
ny cc my client (my yu cu dch v) c th b thay i. V d nh i vi
dch v telnet th cc my client c th thc hin theo hai phng thc: mt l
bn telnet vo firewall trc sau mi thc hin vic telnet vo my mng
khc; cch th hai l bn c th telnet thng ti ch tu theo cc lut trn
firewall c cho php hay khng m vic telnet ca bn s c thc hin. Lc
ny firewall l hon ton trong sut, n ng vai tr nh mt cu ni ti ch
ca bn.
Firewall kiu Application-proxy c th c phn thnh 2 loi:
a) Application level gateway: tnh nng tng t nh loi circuit-level
gateway nhng li hot ng lp ng dng trong m hnh giao thc TCP/IP.
213

Hnh 6.13: Application level gateway

b) Stateful multilayer inspection firewall: y l loi kt hp c cc
tnh nng ca cc loi firewall trn: lc cc gi ti lp mng v kim tra ni
dung cc gi ti lp ng dng. Firewall loi ny cho php cc kt ni trc tip
gia cc client v cc host nn gim c cc li xy ra do tnh cht "khng
trong sut" ca firewall kiu Application gateway. Stateful multilayer
inspection firewall cung cp cc tnh nng bo mt cao v li trong sut i vi
cc end users.
214

Hnh 6.14: Stateful multilayer inspection firewall

2.2. Mt s phn mm Firewall thng dng
2.2.1. Packet filtering
Kiu lc gi tin ny c th c thc hin m khng cn to mt
firewall hon chnh, c rt nhiu cc cng c tr gip cho vic lc gi tin trn
Internet (k c phi mua hay c min ph). Sau y ta c th lit k mt s
tin ch nh vy
2.2.1.1. TCP_Wrappers
TCP_Wrappers l mt chng trnh c vit bi Wietse Venema.
Chng trnh hot ng bng cch thay th cc chng trnh thng tr ca h
thng v ghi li tt c cc yu cu kt ni, thi gian yu cu, v a ch ngun.
Chng trnh ny cng c kh nng ngn chn cc a ch IP hay cc mng
khng c php kt ni.
2.2.1.2. NetGate
NetGate c a ra bi Smallwork l mt h thng da trn cc lut v
lc gi tin. N c vit ra s dng trn cc h thng Sun Sparc OS 4.1.x.
Tng t nh cc kiu packet filtering khc, NetGate kim tra tt c cc gi tin
n nhn c v so snh vi cc lut c to ra.
2.2.1.3. Internet Packet Filter
Phn mm ny hon ton min ph, c vit bi Darren Reed. y l
mt chng trnh kh tin li, n c kh nng ngn chn c vic tn cng
bng a ch IP gi. Mt s u im ca chng trnh l n khng ch c kh
215
nng hu b cc gi tin TCP khng ng hoc cha hon thin m cn khng
gi li bn tin ICMP li. Chng trnh ny cho php bn c th kim tra th
cc lut bn ra trc khi s dng chng.
2.2.2. Application-proxy firewall
2.2.2.1. TIS FWTK
TIS FWTK (Trusted information Systems Firewall Tool Kit) l mt
phn mm u tin y tnh nng ca firewall v c trng cho kiu firewall
hot ng theo phng thc ng dng. Nhng phin bn u tin ca phn
mm ny l min ph v bao gm nhiu thnh phn ring r. Mi thnh phn
phc v cho mt kiu dch v trn mng. Cc thnh phn ch yu bao gm:
Telnet, FTP, rlogin, sendmail v http.
Phn mm ny l mt h thng ton din, tuy nhin n khng c kh
nng bo v mng ngay sau khi ci t v vic ci t v cu hnh khng phi l
d dng. Khi cu hnh phn mm ny bn phi thc s hiu mnh ang lm g
bi c th vi cc lut bn to ra th mng ca bn khng th c kt ni vi
bt k mng no khc thm ch ngay c nhng mng quen thuc. im c
trng nht ca phn mm ny l n c sn nhiu tin ch gip bn iu khin
c truy nhp i vi ton mng, mt phn mng hay thm ch ch ring mt
a ch.
2.2.2.2. Raptor
Raptor l phn mm firewall cung cp y cc tnh nng ca mt
firewall chuyn nghip vi hai giao din qun l, mt trn h u hnh Unix
(RCU) v mt trn h iu hnh Windows (RMC). Raptor c th c cu hnh
bo v mng theo bn phng thc: Standard Proxies, Generic Service
Passer, Virtual Private Network tunnels v Raptor Mobile. Tuy vic cu hnh
cho Raptor kh phc tp vi vic to cc route, nh ngha cc entity, user v
group, thit lp cc authorization rule ... nhng b li ta c th s dng c rt
nhiu tnh nng u vit do Raptor cung cp tu bin cc mc bo v i vi
mng ca mnh.

2.3. Thc hnh ci t v cu hnh firewall Check Point v4.0 for Windows
2.3.1. Yu cu phn cng:
- Cu hnh ti thiu i vi my ci GUI Client
H iu hnh Windows 95, Windows NT, X/Motif
Dung lng a trng 20 Mbytes
B nh 16 Mbytes
Card mng Cc loi card c h iu hnh h tr
Thit b khc CD-ROM
216
- Cu hnh ti thiu i vi my ci Management Server
H iu hnh Windows NT (Intel x86 v Pentium)
B nh ti thiu 16MB, nn dng 24MB
Card mng Cc loi card c h iu hnh h tr
Thit b khc CD-ROM
- Cu hnh ti thiu i vi my ci Modul Firewall
H iu hnh Windows NT (Intel x86 v Pentium)
B nh 16 Mbytes
Card mng
Ti thiu phi c 3 card mng thuc cc loi card c h
iu hnh h tr.
Thit b khc CD-ROM

2.3.2. Cc bc chun b trc khi ci t
- Tht cht an ninh cho my ch ci firewall v cc module ca firewall
nh GUI Client v Management Server (tt cc dch v khng cn thit, update
cc patch sa li ca h iu hnh ...).
- Kim tra cc kt ni mng trn cc giao din mng, m bo t my
ch ci Module Firewall c th ping c cc IP trn cc giao din mng (s
dng lnh ifconfig , ping ...).
- Kim tra bng Routing (s dng lnh netstat -rn ...).
- Kim tra dch v DNS (s dng lnh nslookup).
- Lp s mng th nghim, i vi my ch c 3 giao din mng c
th lp s nh sau:
217

Hnh 6.15: S mng th nghim i vi my ch c 3 giao din mng

2.3.3. Tin hnh ci t
Login di quyn Administrator v ci t h thng Firewall
Checkpoint trn cc my theo trnh t sau:
- Ci t GUI Client v Management Server.
- Ci t Module Firewall.

2.3.3.1. Ci t GUI Client v Management Server
a a CD Checkpoint v chy lnh setup trong th mc Windows,
chn Account Management Client v FireWall-1 User Interface trong ca s
Select Components:

218

Chn Next, mn hnh s hin ra nh sau:

Chn Next ri chn th mc ci t trong ca s Choose Destination Location:
219

Chn Next ri chn cc thnh phn trong ca s Select Components:

Chn Next bt u qu trnh ci t.
Sau khi ci xong GUI Client, mn hnh s t ng hin ra phn ci t Account
Management Client With Encryption Installation:
220


Chn Next ri chn Folder trong ca s Select Program Folder:
221

Chn Next bt u qu trnh ci t

2.3.3.2. Ci t Module Firewall:
Chn FireWall-1 trong ca s Select Components ban u:

Chn Next, mn hnh s hin ra nh sau:
222


Chn Next ri chn FireWall-1 FireWall Module trong ca s Selecting
Product Type:
223

Chn Next ri ty theo phin bn Checkpoint ng k chn s license ph
hp:

Chn Next bt u qu trnh ci t.
Sau khi ci xong, mn hnh ci t license s hin ln nh sau:
224

Chn Add ri nhp license vo ca s sau :

Chn hostname ca Management Server:

225

Chn ch IP Forwarding:

226

t cc tham s cho SMTP Security Server:

227
Chn Finish kt thc qu trnh ci t ri Restart li my.

Sau khi restart li my, login vo mn hnh console ca CheckPoint vi user v
password to thit lp cu hnh cho firewall:

228
2.3.4. Thit lp cu hnh

Sau khi login vo mn hnh iu khin ca CheckPoint, ta bt u tin hnh
qu trnh thit lp cu hnh cho firewall theo cc bc sau:
- nh ngha cho cc giao tip (Interface) thuc mng trong (Inside network) v
mng ngoi (Outside network) ca my ch ci CheckPoint.
- To cc Network thuc mng trong: Theo m hnh th nghim y l mng
192.168.7.0 v 192.168.1.0.
- Nhm cc Inside network thnh mt group tin qun l.
- Thit lp cc lut cho php hoc cm cc truy nhp t trong ra ngoi v t ngoi
vo trong. Cc lut ny gm cc thnh phn c bn sau:
+ S th t: biu th mc u tin ca lut. Lut no c s th t cng nh
th mc u tin cng ln.
+ Ngun (SOURCE)
+ ch (DESTINATION)
+ Giao tip (IF VIA)
+ Dch v (SERVICE): cc dch v c cho php/cm
+ Hnh ng (ACTION): cho php/cm
+ Ngoi ra cn c cc tham s khc nh TRACK, INSTALL ON, TIME
Sau y l mt v d v thit lp lut cho firewall CheckPoint:

Ti liu tham kho
229

TI LIU THAM KHO

1. Interconnecting Cisco Network Devices - Steve McQuerry, 03/2000
2. Building Scalable Cisco Internetworks - Catherine Paquet, 01/2003
3. Routing TCP/IP Volume I - Jeff Doyle, 09/1998
4. Cisco Internetworking Basic - Cisco Press, 07/2001
5. Cisco WEB site http://www.cisco.com - Technologies
6. Microsoft Windows 2000 advanced server - Microsoft Press, 1985-
1999
7. DNS and BIND, 3trd Edition - Paul Albitz and Cricket Liu, 09/1998
8. Internet System Consortium WEB site http://www.isc.org
9. Remote Access Study Guide - Robert Padjen, Todd Lammle, Wade
Edwards, 9/ 2002
10. Building Cisco Remote Access Networks - Catherine Paquet,
08/1999.
11. Complete Book of Remote Access:Connectivity and Security ,
Victor Kasacavage (Editor), Weikai Yan, 12/2002
12. Designing & Implementing Microsoft Proxy Server- David Wolfe,
Sams Net Publishing.
13. ISA Server 2000 Administration Study Guide- William Heldman
(Sybex-MCSE).
14. Configuring ISA server for an Enterprise-Microsoft Training and
Certification, 02/2001
15. Designing & Implementting Microsoft Windows2000 Network
Infrastructure, Microsoft Training and Certification, 05/2000
16. Firewalls and Internet Security: Repelling the Wily Hacker, Steven
M. Bellovin, 01/2003
17. Inside Network Perimeter Security, Karen Fredericks and Lenny
Zeltser and Scott Winters, 01/2002
18. CCSP Cisco Secure PIX Firewall Advanced Exam Certification
Guide, Greg Bastien and Christian Degu, 01/2003
19. Building Internet Firewalls, Elizabeth D. Zwicky & Simon Cooper,
01/2000
20. Firewalls: A Complete Guide, Marcus Goncalves, 01/1999

21. Configuring ISA server for an Enterprise-Microsoft Training and
Certification, 02/2001

GiaoTrinhQuanTriMang Ebook4you

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GiaoTrinhQuanTriMang Ebook4you

Uploaded by

Copyright:

Available Formats

Gio trnh Qun tr mng

You might also like