Giao Trinh Thiet Bi Mang Cisco

MC LC CHNG 1: GII THIU V MNG WAN V ROUTER....................................4 1.1. Gii thiu v WAN...................................................................................................4 1.2. Cc thit b kt ni WAN.........................................................................................5 1.2.1. Lp vt l ca WAN.........................................................................................
5 1.2.2. Cc kt ni WAN ni tip.................................................................................5 1.2.3. Router v cc kt ni ni tip............................................................................6 1.2.4. Router v cc kt ni ISDN BRI.......................................................................7 1.2.5. Router v cc kt ni DSL................................................................................8 1.2.6. Thc hin mt kt ni console..........................................................................8 1.3. Router trong WAN...................................................................................................9 1.4 c im vt l ca Router....................................................................................10 1.5 Vai tr ca Router LAN v WAN..........................................................................11 CHNG 2: GII THIU V ROUTER................................................................14 2.1. Chc nng ca h iu hnh Cisco IOS.................................................................14 2.2. Ch giao tip vi ngi dng............................................................................14 2.3. Cc ch dng lnh.............................................................................................15 2.4. Qu trnh khi ng ca Router.............................................................................16 2.5. Thit lp phin lm vic vi HyperTerminal ........................................................16 2.6. Cc tr gip ca router i vi ngi dng...........................................................19 CHNG 3: PHN MM PACKET TRACER......................................................21 Bc 1: Chy chng trnh PT 4.1..........................................................................21 Bc 2: Chn cc thit b v u ni.......................................................................22 Bc 3: Xy dng kin trc mng Thm cc my tnh........................................23 Bc 4: Xy dng Topology Kt ni cc my tnh n Hubs v Switches..........24 Bc 5: Cu hnh a ch IP v Subnet Mask trn PC.............................................27 Bc 6: Kt ni Hub0 ti Switch0...........................................................................31 CHNG 4: CU HNH ROUTER........................................................................34 4.1. Cc ch dng lnh CLI......................................................................................34 4.2. t tn cho Router.................................................................................................34 4.3. Cu hnh mt khu cho router................................................................................34 4.3.1 t mt khu cho cng Console.....................................................................35 4.3.2 t mt khu cho php telnet..........................................................................35 4.3.3 t mt khu cho t ch ngi dng vo ch c quyn.....................36 4.4. Thot khi cc ch lnh v router bng exit, end..............................................36 4.5. Kim tra cc cu lnh Show...................................................................................37 4.6. Cu hnh cng Fast ethernet...................................................................................38 4.7. Cu hnh cng Serial..............................................................................................39 4.8. Kim tra cu hnh...................................................................................................39 4.9 Ghi li cu hnh.......................................................................................................39 BI TP CUI CHNG........................................................................................40 CHNG V: |GIAO THC NH TUYN.............................................................41 5.1.Gii thiu v nh tuyn .........................................................................................41 5.2. nh tuyn tnh......................................................................................................41 5.2.1.Hot ng ca nh tuyn tnh.........................................................................41 5.2.2.Cu hnh ng c nh ..................................................................................42 5.2.3.Cu hnh ng mc nh cho router chuyn gi i........................................44 1
5.2.4.Cc quy tc v nh tuyn tnh.........................................................................46 5.2.5.Kim tra cu hnh ng c nh.....................................................................47 5.2.6.X l s c.......................................................................................................47 5.3. nh tuyn ng.....................................................................................................47 5.3.1.Gii thiu v nh tuyn ng.........................................................................47 5.3.2.H thng t qun (Autonomous System) (AS)................................................48 5.3.3.Mc ch ca giao thc nh tuyn ng v h thng t qun........................48 5.3.4.Phn loi cc giao thc nh tuyn ng.........................................................49 5.3.5. c im ca giao thc nh tuyn theo vect khong cch..........................49 5.3.6. c im ca giao thc nh tuyn theo trng thi ng lin kt................53 5.4.Tng qut v giao thc nh tuyn..........................................................................55 5.4.1 Quyt nh chn ng i...............................................................................55 5.4.2 Cu hnh nh tuyn.........................................................................................55 5.4.3. Cc giao thc nh tuyn................................................................................56 BI TP CHNG 5.................................................................................................58 Chng VI GIAO THC NH TUYN THEO VC TKHONG CCH..........59 6.1. nh tuyn theo vect khong cch.......................................................................59 6.1.1. Cp nht thng tin nh tuyn.........................................................................59 6.1.2. Li nh tuyn lp...........................................................................................59 6.1.3. nh ngha gi tr ti a..................................................................................60 6.1.4. Trnh nh tuyn lp vng bng split horizone...............................................61 6.1.5. Router poisoning.............................................................................................62 6.1.6. Trnh nh tuyn lp vng bng c ch cp nht tc thi..............................63 6.1.7. Trnh lp vng vi thi gian holddown..........................................................64 6.2. Giao thc nh tuyn RIP.......................................................................................65 6.2.1. Tin trnh ca RIP...........................................................................................65 6.2.2. Cu hnh RIP...................................................................................................65 6.2.3. S dng ip classless........................................................................................67 6.2.4. Nhng vn thng gp khi cu hnh RIP...................................................68 6.2.5. Kim tra cu hnh RIP.....................................................................................70 6.2.6. X l s c v hot ng cp nht ca RIP....................................................71 6.2.7. Khng cho router gi thng tin nh tuyn ra mt cng giao tip..................72 6.2.8. Chia ti vi RIP...............................................................................................73 6.2.9. Chia ti cho nhiu ng................................................................................73 6.2.10. Tch hp ng c nh vi RIP...................................................................74 BI TP CHNG 6.................................................................................................76 CHNG 7: DANH SCH TRUY CP ACLs........................................................77 7.1. C bn v Danh sch kim tra truy cp.................................................................77 7.1.1. ACL l g ?......................................................................................................77 7.1.2. ACLs lm vic nh th no.............................................................................78 7.1.3. To ACLs........................................................................................................79 7.1.4. Chc nng ca wildcard mask........................................................................81 7.1.5. Kim tra ACLs................................................................................................83 7.2. Danh sch kim tra truy cp...................................................................................84 7.2.1. ACLs c bn....................................................................................................84 7.2.2. ACLs m rng.................................................................................................85 7.2.3. t tn ACLs...................................................................................................86 7.2.4. V tr t ACLs................................................................................................87 7.2.5. Bc tng la.................................................................................................87 2
7.2.6. Gii hn truy cp vo ng vty trn router...................................................88 BI TP CHNG 7.................................................................................................90
CHNG 1: GII THIU V MNG WAN V ROUTER 1.1. Gii thiu v WAN WAN (Wide Area Network) l mng c thit lp lin kt cc my tnh ca hai hay nhiu khu vc khc nhau cch xa v mt a l. Cc WAN kt ni cc mng ngi s dng qua mt phm vi a l rng ln, nn chng m ra kh nng cung ng hot ng thng tin c ly xa cho doanh nghip. S dng WAN cho php cc my tnh, my in v cc thit b khc trn mt LAN chia s v c chia s vi cc v tr xa. WAN cung cp truyn thng tc thi qua cc min a l rng ln. Kh nng truyn mt thng ip n mt ai bt c ni u trn th gii to ra mt kh nng truyn thng tng t nh dng truyn thng gia hai ngi ti mt v tr a l. Phn mm chc nng cung cp truy xut thng tin v ti nguyn thi gian thc cho php hi hp c t chc t xa. Thit lp mng din rng to ra mt lp nhn cng mi c gi l telecommuter, l nhng ngi lm vic m chng bao gi ri khi nh. Cc WAN c thit k lm cc cng vic sau: Hot ng qua cc vng tch bit v mt a l. Cho php cc ngi s dng c kh nng thng tin thi gian thc vi ngi s dng khc. Cung cp cc kt ni lin tc cc ti nguyn xa vo cc dch v cc b. Cung cp Email, www, FTP v cc dch v thng mi in t. Cc cng ngh WAN ph bin bao gm: Modem ISDL DSL Frame Relay Cc ng truyn dn s theo chun Bc M v chu u T1, E1, T3, E3 Mng quang ng b SONET. Cc thit b WAN bao gm:
Hnh 1.1. Cc thit b kt ni trong WAN 1.2. Cc thit b kt ni WAN 1.2.1. Lp vt l ca WAN Cc thc hin thc t lp vt l thay i ty vo khong cch thit b n dch v, tc v chnh bn than dch v. Cc kt ni ni tip c dng h tr cc dch v WAN nh cc ng dy thu ring chy PPP hay Frame Relay. Tc ca cc kt ni ny trong di t 2400 bps n T1 tc 1,544 Mbps v E1 tc 2,048 Mbps. ISDN cung cp dch v quay s theo yu cu. Mt dch v giao tip tc c bn (BRI) c cu thnh t hai knh truyn dn 64 kbps (knh B)cho s liu v mt knh delta tc 16kbps (knh D) c dng cho bo hiu v cc tc v qun l lin kt khc. PPP thng c dng truyn dn s liu qua knh D. Vi s ra tng nhu cu v dch v tc cao, bng thng rng trong khu vc dn c, cc kt ni DSL v modem cp ang c ph dng hn. 1.2.2. Cc kt ni WAN ni tip Trong truyn thng ng di, cc WAN dng dng ng dn ni tip. y l qu trnh truyn bit s liu ni tip nhau qua mt knh n. Tin trnh ny cung ng truyn thng ng di tin cy hn v dng di tn s nh sng hay in t c bit. Cc tn s c o theo s chu k trong mt giy v c biu din theo Hz. Kch thc ca di tn c xem nh l bng thng v c o theo s bit c truyn trong mt giy. i vi mt Cisco router, kt ni vt l pha khch hng c cung cp bi mt hay hai loi kt ni ni tip. Nu kt ni c ni trc tip vi nh cung cp dch v hay mt thit b cung cp tn hiu nh thi nh CSU/DSU (Channel Service Unit/Data Service Unit), th router s l mt thit b u cui (DTE) v dng cp DTE. Tuy nhin, c mt s trng hp m router cc b c yu cu cung cp tn hiu nh thi v do s dng cp DCE. 5
Hnh 1.2. Cc kt ni WAN ni tip 1.2.3. Router v cc kt ni ni tip Cc router chu trch nhim nh tuyn cc gi d liu t ngun n ch trong mt LAN v cung cp kt ni n WAN. Trong mi trng LAN router cha broadcast, cung cp dch v phn di a ch cc b nh ARP, RARP v c th chia mng bng cch dng cu trc mng con. cung ng cc dch v ny router phi c kt ni LAN v WAN.
Hnh 1.3. Kt ni ni tip ca DTE v DCE Nhm xc nh loi cp, cn phi xc nh cc u ni l DTE hay DCE. DTE l im ca thit b ngi s dng trn mt lin kt WAN. DCE l mt im thng thng chu trch nhim chuyn giao s liu n nh cung cp dch v. Khi ni cp loi ni tip cho router, router s c cc port c nh hay gn linh ng (modular port). Cc giao tip trn router l c nh c nh nhn theo loi port v ch s port.
Hnh 1.3. Cc giao tip c nh Cc giao tip trn router l linh ng c ghi nhn theo loi port, khe (slot) v ch s port. Khe l v tr ca module. cu hnh mt port trn mt card ri, cn phi ch ra giao tip bng cch dng c php port type slot number/port number. Dng nhn serial 0/1 khi giao tip l ni tip, ch s khe ni module c gn vo l 1 v port ang c tham chiu n l 0.
Hnh 1.4. Cc giao tip serial port dng module 1.2.4. Router v cc kt ni ISDN BRI Vi ISDN BRI, hai loi giao tip c th c dng l BRI/S v BRI/U. Xc nh ai ang cung cp thit b kt cui mng NT1 xc nh loi giao tip cn. NT1 l mt thit b trung gian nm gia router v tng i ISDN ca nh cung cp dch v. kt 7
ni port ISDN BRI n thit b ca nh cung cp dch v dng cp UTP Cat 5 straightthrough. Lu , ch gn cp ni t ISDN BRI port vo mt ISDN jack hay mt tng i ISDN.
Hnh 1.5. Ni cp trn router cho mt cu ni ISDN 1.2.5. Router v cc kt ni DSL ni router vi dch v DSL, dng mt cp in thoi vi u ni RJ-11. DSL lm vic qua cc ng dy in thoi chun dng chn 3 v 4 trn u ni RJ-11.
Hnh 1.6. Kt ni router cho dch v DSL 1.2.6. Thc hin mt kt ni console bt u cu hnh mt thit b ca Cisco, mt kt ni qun tr phi c thc hin trc tip n cc thit b qua cng console ca thit b. Cng cosonle cho php gim st v cu hnh mt Cisco hub, switch hay router. Cp c dng gia u cui v cng console l cp o (rollover cable). Kt ni cc thit b bng cp o t cng console n 8
cng ni tip ca my tnh lm u cui (cng COM) sau cu hnh ng dng m phng u cui vi cc thng s ci t cho cng ni tip (COM) ca my tnh nh sau: Speed: 9600 bps Format: 8 data bit Parity: no Stop bits: 1 Flow control: no Cng AUX c dng cung cp s qun l thng qua modem. Cng AUX cng c cu hnh theo cch thc cng console.
Hnh 1.7. Thit lp mt kt ni qua cng console 1.3. Router trong WAN Router l mt loi my tnh c bit. N cng c cc thnh phn c bn ging nh my tnh: CPU, b nh, h thng Bus v cc cng giao tip. Tuy nhin router c thit k kt ni hai h thng mng v cho php hai h thng ny c th lin lc vi nhau, ngoi ra router cn thc hin vic chn ng i tt nht cho d liu. Cc thnh phn chnh bn trong router bao gm: b nh RAM, NVRAM, b nh flash, ROM v cc cng giao tip. c im v chc nng ca RAM: Lu bng nh tuyn Lu bng ARP C vng b nh chuyn mch nhanh Cung cp b nh m cho cc gi d liu Duy tr hng i cho cc gi d liu Cung cp b nh tm thi cho tp tin cu hnh khi router ang hot ng Thng tin trn RAM s b xa khi router khi ng li hay mt in c im v chc nng ca NVRAM: Lu gi tp tin cu hnh khi ng ca router 9
Ni dung tp tin vn c lu gi khi khi ng li router c im v chc nng ca ROM: Lu gi cc cu lnh ca chng trnh t kim tra khi khi ng _POST ( Poweron Self Test) Lu chng trnh bootstrap v h iu hnh c bn nng cp phn mm trong ROM th phi thay chip trn mainboard c im v chc nng ca cng giao tip: Kt ni Router vo h thng mng nhn v chuyn gi d liu Cc cng c th c gn trc tip trn mainboard hay di dng card ri 1.4 c im vt l ca Router Cu trc ca cc router rt khc nhau ty vo tng phin bn bao gm cc thnh phn sau: CPU n v x l trung tm: thc thi cc cu lnh ca h iu hnh thc hin cc nhim v nh: khi ng h thng, nh tuyn, iu khin cc cng giao tip mng. RAM: c dng lu bng nh tuyn, cung cp b nh cho chuyn mch nhanh, chy tp tin cu hnh v cung cp hng i cho cc gi d liu. RAM c chia thnh hai phn: phn b nh x l chnh v b nh chia s xut/nhp. Ton b ni dung trn RAM s b xa khi mt in. Flash: B nh Flash c s dng lu ton b h iu hnh Cisco IOS. Mc nh router tm IOS ca n trong flash. NVRAM ( None-volative Random-access Memory ): L b nh RAM khng b mt thng tin khi mt in, c s dng lu tp tin cu hnh. BUS: Phn ln cc router u c bus h thng v CPU bus. Bus h thng c s dng thng tin lin lc gia CPU vi cc cng giao tip v cc khe m rng. CPU s dng CPU bus truy xut cc thnh phn ca router thng qua b nh trn router. ROM ( Read Only Memory): L ni lu on m ca chng trnh kim tra khi khi ng. Nhim v chnh ca ROM l kim tra phn cng ca router khi khi ng, sau chp phn mm Cisco IOS t flash vo RAM. Cc cng giao tip: L ni router kt ni vi bn ngoi. Router c ba loi cng: LAN, WAN v console. Cng giao tip LAN thng l cng Ethernet hoc Token Ring. Cng giao tip WAN c th l cng Serial, ISDN, cng tch hp n v dch v knh
10
CSU ( Channel Service Unit ). Cng console/AUX l cng giao tip ch yu c s dng cu hnh router.
Hnh 1.8. Cu trc vt l ca router 1.5 Vai tr ca Router LAN v WAN Router va c s dng phn on mng LAN va l thit b chnh trong mng WAN.
Hnh 1.9. Router phn on mng LAN. Router l thit b xng sng ca mng Intranet ln v mng Internet. Router hot ng lp 3 v thc hin chuyn gi d liu. thc hin hai chc nng ny, mi Router phi xy dng 1 bng nh tuyn v thc hin trao i thng tin nh tuyn vi nhau.
11
Hnh 1.10. Router trong WAN. Ngi qun tr mng c th duy tr bng nh tuyn bng cch cu hnh nh tuyn tnh, nhng thng thng th bng nh tuyn c lu gi ng nh cc giao thc nh tuyn v thc hin trao i thng tin mng gia cc Router. Mt h thng mng c cu hnh ng phi c y cc c im sau: C h thng a ch nht qun t u n cui. Cu trc a ch phi th hin c cu trc mng. Chn ng i tt nht. nh tuyn ng v tnh. Thc hin mch. Vai tr ca Router trong mng WAN Mng WAN hot ng ch yu lp vt l v lp lin kt d liu.
Hnh 1.11. Vai tr ca Router trong WAN Lp vt l trong mng WAN m t cc giao tip thit b d liu u cui DTE (Data Terminal Equipment) v thit b u cui mch d liu DCE(Data Cuicuit Terminating Equipment).
12
Thng thng, DCE l thit b pha nh cung cp dch v v DTE l thit b kt ni vo trong DCE.Theo m hnh ny th DCE c th l Modem hoc CSU/DSU.Chc nng ch yu ca Router l nh tuyn.Hot ng nh tuyn din ra lp ba - lp mng trong khi WAN hot ng lp mt v hai. Vy Router l thit b LAN hay WAN? Cu tr li l c hai. Router c th l thit b LAN v hocWAN hoc thit b trung gian gia LAN v WAN hoc c th l LAN v WAN cng mt lc.
Hnh 1.12. Chc nng ch yu ca Router trong WAN. Mt trong nhng nhim v ca Router trong mng WAN l nh tuyn gi d liu lp ba, y cng l nhim v ca Router trong mng LAN. Tuy nhin, nh tuyn khng phi l nhim v ch yu ca Router trong mng WAN. Khi Router s dng cc chun v giao thc ca lp vt l v lp lin kt d liu kt ni cc mng WAN th lc ny nhim v chnh ca Router trong mng WAN khng phi l nh tuyn na m l cung cp kt ni gia cc mng WAN vi cc chun vt l v lin kt d liu khc nhau.
13
CHNG 2: GII THIU V ROUTER 2.1. Chc nng ca h iu hnh Cisco IOS Router, Switch, Firewall,.. v cc sn phm ca Cisco l nhng thit b chuyn dng cng ging nh my tnh phi c h iu hnh mi hot ng c. H iu hnh ca Cisco c tn gi l Cisco IOS ( Internetworking Operating System H iu hnh kt ni) v Cisco IOS c cc chc nng chnh sau: Cc chc nng lin quan n chuyn mch v nh tuyn Cc chc nng m bo s an ton khi truy cp cc ti nguyn mng Tnh m ( V h iu hnh IOS c vit trn UNIX ln c th kt ni nhiu loi h iu hnh khc nhau: Windows, Linux,..) 2.2. Ch giao tip vi ngi dng
cu hnh v qun l router c 2 phng php chnh l cu hnh qua giao din Web v cu hnh qua ch giao tip dng lnh (Command Line Interface) tuy nhin lm theo ch giao tip dng lnh d hiu hn v chuyn nghip hn. cu hnh router ch CLI c 3 phng php chnh Console: Dng PC kt ni qua cp Rollover cu hnh trc tip Router, phng php ny hay c dng nht v nht l khi mi t cc tham s ban u hoc khi x l cc s c khi router hng khng th dng cc phng php khc. AUX: Cu hnh qua Modem
14
Telnet: Khi cc thit b mng c kt ni vi nhau v cho php cu hnh t xa th phng php ny l c rt nhiu u im v cho php ang lm vic trn 1 thit b ta c th kt ni vo thit b t xa lm vic.
Cu hnh qua giao din Web: http://[ip] phng php ny hin nay t c dng cho Router tuy nhin dng nhiu cho cc thit b ADSL, Access Point. Phng php cu hnh ny khng chuyn nghip n t ng sinh ra m cu hnh, ngi dng khng kim sot ht c.
2.3. Cc ch dng lnh Ch thc thi Ngi dng (User) Ch c quyn (Privileged) Du nhc GAD> GAD# Cch s dng thng thng Kim tra trng thi ca Router Kim tra router, cc mode cu hnh.
- IOS chia lm 2 ch giao tip vi ngi dng ch ngi dng v ch c quyn. - Ti ch ngi dng ta ch c quyn thc hin mt s lnh c bn v ci t router, ti ch ny khng c quyn sa i cc lnh cu hnh. - Khi ngi dng ch thc thi ngi dng c ton quyn cu hnh, sa i cu hnh. - t ch User vo ch Privileged ta g t kha Enable khi IOS s yu cu mt khu nu ng mt khu th IOS th ngi dng bc vo ch c quyn, nu sai mt khu th ngi dng ch ngi dng 15
IOS c c ch phn tch dng lnh nu cu lnh ng th n s c thc hin trong ch nu cu lnh sai th s nhn c thng bo.
2.4. Qu trnh khi ng ca Router
Khi router c bt ngun in n thc hin vic kim tra phn cng ca n (Power-On Self Test POST). Sau qu trnh POST cc s kin sau xy ra khi router khi ng: Tm chng trnh mi (Bootstrap) trong Rom v np chng trnh mi. Tm h iu hnh Cisco IOS trong Flash, TFTP hoc ROM tm song v np vo h iu hnh. Khng nh my tnh sau khi khi ng c ngi s dng router phi t lm nhng cng vic ny bng cch m ha tt c ni dung cng vic thnh kch bn v kch bn ny gi l file cu hnh v lu vo trong NVRAM. Np file cu hnh trong NVRAM hoc TFTP v sau tm v np file cu hnh hoc a vo ch setup.
2.5. Thit lp phin lm vic vi HyperTerminal
16
cu hnh Router ta dng phn mm HyperTerminal thit lp mt phin cu hnh vi Router. Kt ni vi Hyperterminal vi cp rollover t u RJ-45 hoc DB9 Cu hnh chn cc thng s 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control.
17
18
2.6. Cc tr gip ca router i vi ngi dng - Vn kh nht vi ngi dng l mi ch s ch c mt s tp lnh chy c nu sai ch th lnh ny khng th thc thi c. - Router tr gip ngi dng mt s lnh sau + Tr gip du ? : gip cho ngi dng bit c nhng tp lnh no trong mode ny
+ Tr gip vit tt: gip ngi dng khng cn phi g ton b cu lnh chng hn nh: show running-config c th vit tt thnh sh run 19
+ Tr gip cu lnh di: Vi ngi mi hc hoc nhng ngi cu hnh chuyn nghip th vic nh cc cu lnh di l rt kh v vy cn phi bit h tr kh nng tr gip. Chng hn cu hnh a ch IP cho 1 cng ta c th lm nh sau Router(config-if)#ip address ? A.B.C.D IP address dhcp IP Address negotiated via DHCP
Router(config-if)#ip address Ta thy sau cu lnh ip address ? a ra mt lot cc ty chn l A.B.C.D IP Address ( tc l chn a ch IP) Tip tc nh vo a ch IP l 10.0.0.1 v dng lnh ? khi xut hin mn hnh sau Router(config-if)#ip address 10.0.0.1 ? A.B.C.D IP subnet mask Router(config-if)#ip address 10.0.0.1 N yu cu A.B.C.D IP subnet mask tc l cn c Subnet Mask Router(config-if)#ip address 10.0.0.1 255.255.255.0 ? <cr> Router(config-if)#ip address 10.0.0.1 255.255.255.0 Sau khi g vo subnet mask v g vo ? n bo l <cr> tc l c th ht lnh.
20
CHNG 3: PHN MM PACKET TRACER
Packet Tracer l g? PT l mt phn mm m phng c pht trin bi Cisco Systems. Packet Tracer (PT) L mt cng c nng ng hin th nhiu loi giao thc c s dng trong mng my tnh. Trong ch thc v ch m phng bao gm cc giao thc: tng 2 v tng 3 nh l Ethernet v PPP, tng 3 nh l IP, ICMP, ARP, v giao thc tng 4 nh l TCP v UDP. Cc giao thc nh tuyn. Mc ch: bn lm quen vi phn mm PT v gip bn xy dng c 1 s theo mun.
Bc 1: Chy chng trnh PT 4.1
21
Bc 2: Chn cc thit b v u ni
Chng ta s bt u xy dng topology ca chng ta bng cch chn cc thit b v mi trng truyn dn m kt ni chng. Mt vi loi thit b v u ni mng c th c s dng. Chng hn bi tp thc hnh ny chng ta s dng cc thit b u cui (PC), Switch, Hub v cc loi u ni.
Kch 1 ln vo mi nhm thit b v u ni th bn tay phi xut hin rt nhiu cc Model ca thit b .
22
Bc 3: Xy dng kin trc mng Thm cc my tnh Kch vo End Devices.
Kch vo Generic.
Thm 3 my tnh na
23
Bc 4: Xy dng Topology Kt ni cc my tnh n Hubs v Switches
Thm 1 Hub Kch vo mc Hubs v chn Generic hub.
Kt ni PC0 vi Hub0 s dng vo mc Connections.
Chn vo mc cp thng Copper Straight-through .
Thc hin cc bc sau kt ni PC0 n Hub0: 24
1. Kch 1 ln vo PC0 2. Chn FastEthernet 3. D con tr ti Hub0 4. Kch 1 ln ln Hub0 v chn cng Port 0 5. Ch l khi c nh sng mu sanh trn my tnh PC0 v trn Hub0 l ng 6. 1 2 3 4 5
Lp li 5 bc trn cho vic kt ni PC1 vi cng Port 1 trn Hub0.
Thm switch Thm switch bng cch Kch vo switch 2950-24
25
Chn mc Connection kt ni PC2 vo Switch0
Click once on the Copper Straight-through cable.
26
Thc hin cc bc sau kt ni PC2 ti Switch0: 1. Kch 1 ln vo PC2 2. Chn FastEthernet 3. D con tr ti Switch0 4. Click 1 ln vo Switch0 v chn cng FastEthernet0/1 5. Ch ng mu xanh trn PC2 v Switch0 FastEthernet0/1 port.
Lp li cc bc PC3 kt ni ti cng Port 3 trn Switch0 trn cng FastEtherent0/2.
Bc 5: Cu hnh a ch IP v Subnet Mask trn PC 27
Trc khi cc my tnh truyn thng c cho nhau chng cn c t a ch IP. Kch 1 ln vo PC0
Chn tab Config. y c th i tn ca PC0. y bn g vo Default gateway cho my tnh (l cng m cho php gi gi tin ra ngoi). Chng hn g a ch IP l 172.16.1.1.
28
Kch vo FastEthernet. Bn t a ch IP l 172.16.1.10. G vo Subnet mask 255.255.0.0.
Bandwidth - Auto Mt my tnh hin nay c th truyn 3 tc khc nhau l : 10Mbps, 100Mbps v 1000 Mbps ch ny th hai my tnh khc nhau v tc truyn c th tha thun vi nhau ti u nht. Duplex - Auto Hub: Nu PC ni vi my tnh th t ng s chn half-duplex theo c ch ca Hub. ng hp hi thoi ny hy kch vo du X bn trn tay tri.
29
Lp li cho cc my hy s dng IP sau gn cho cc my tnh Host PC0 PC1 PC2 PC3 IP Address 172.16.1.10 172.16.1.11 172.16.1.12 172.16.1.13 Subnet Mask 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0
Kim tra thng tin kim tra thng tin hy di chuyn chut qua cc my
Xa thit b hoc ng lin kt xa kch vo ng mu c du x .
30
Bc 6: Kt ni Hub0 ti Switch0 Dng cp cho Cross-over ni gia switch v Hub
Dch kt ni qua Hub v kch vo Hub.
Chn cng s 5 Di chuyn kt ni n Switch0.
Kch 1 ln vo Switch0 v chn FastEthernet0/4
31
32
Ghi li cu hnh
33
CHNG 4: CU HNH ROUTER 4.1. Cc ch dng lnh CLI
- Router c rt nhiu ch cu hnh khc nhau. Mi cu lnh ch c thc hin trong 1 ch nht nh. - Hnh v trn m t cc ch dng lnh c bn, ngoi ra cn rt nhiu ch khc. - Ta thy c 3 ch chnh l: User, Privileged v ch cu hnh chung ( Router(config)# ) mun cu hnh router ta phi bt u t ch cu hnh chung. 4.2. t tn cho Router C php: Router(Config)# Hostname <Tn router> ngha: mc nh tt c cc router c tn l router, switch c tn l switch, tng la c tn l Firewall hoc ASA nh vy mc ch t tn phn bit router ny vi router khc tc l khi ang lm vic ta bit lm vic trn router no.
4.3. Cu hnh mt khu cho router 34
4.3.1 t mt khu cho cng Console - Bi v cng console l cng bn ngoi nn ai cng c th cu hnh router v vy hn ch xm nhp vo router ta t mt khu cho cng console.
4.3.2 t mt khu cho php telnet - Trong qu trnh qun tr hoc xy dng cc d n mng ngi qun tr khng th lc no cng c iu kin gn thit b chng hn 1 ta nh c 10 tng c cc thit b c ni vi nhau nh vy ngi qun tr mng nu dng ng nhp t xa (telnet) th ch vic ngi ti tng 1 c th iu khin tt cc thit b trong c 10 tng ca ta nh. Nh vy ta phi m cng cho php telnet v hn ch ngi truy cp bng mt khu.
35
4.3.3 t mt khu cho t ch ngi dng vo ch c quyn
- Phng php t mt khu trn cho php khi router ang ch router> ngi dng g vo router> enable th router s i mt khu nu ng l san fran th router s ch router# - Hn ch ca loi mt khu ny l khi ngi dng cu lnh show running th s hin th ni dung mt khu. Vi phng php th 2 l secret s m ha mt khu l hm MD5 thnh $1$n7mE$e8W/uSns.H1ibeZkTvK2e. 4.4. Thot khi cc ch lnh v router bng exit, end thot t ch trong ra ch ngoi 1 mc ta dng Exit.Chng hn router(configif)#exit th s tr thnh router(config)# thot ra tt c cc ch dng lnh dng lnh End Chng hn Router(config-if)#end s tr thnh Router# thot ra ch ngi dng nhn cu lnh Disable
36
4.5. Kim tra cc cu lnh Show show interfaces Hin th thng tin v cng ca router show controllers serial Hin th thng tin v cng DCE hoc DTE show clock Hin th thi gian t router show hosts Hin th bng gm tn b danh v a ch IP show users Hin th nhng ngi dng kt ni n router show flash Hin th thng tin v b nh flash v nhng file m c lu tr show version Hin th phin bn ca IOS chy trong RAM show ARP Hin th thng tin bng ARP trn Router show protocol Hin th giao thc tng 3 show startup-configuration Hin th cu hnh chy trong NVRAM show running-configuration Hin th file cu hnh trong RAM
37
4.6. Cu hnh cng Fast ethernet cu hnh a ch cho cng Fast ethernet ta dng cc cu lnh sau Router(config)#Interface fast ethernet <slot>/<number> Router(config-if)#IP address <IP> <Mask> Router(config-if)#No shutdown
38
4.7. Cu hnh cng Serial cu hnh a ch cho cng Serial ta dng cc cu lnh sau Router(config)#Interface serial <slot>/<number> Router(config-if)#IP address <IP> <Mask> Router(config-if)#No shutdown Router(config-if)#Clock rate <bng thng>
4.8. Kim tra cu hnh Router# Show running-config
4.9 Ghi li cu hnh Router# Copy running start
39
BI TP CUI CHNG Cho s mng nh sau
- a ch IP c cho theo bng sau Thit b Router1 Cng Fa0/0 Fa0/1 PC1 PC2 PC3 - Yu cu: - t tn cho router l RICTU - t mt khu cho cng console l cisco - Cho php cu hnh qua telnet vi mt khu l class - Mt khu t ch user vo ch c quyn l ictu - Cu hnh cc cng Fa0/0, Fa0/1 nh hnh v - Cu hnh IP cho cc my tnh - Yu cu t PC1 ping c PC2, PC3 NIC NIC NIC IP 192.168.1.1 192.168.2.1 192.168.1.10 192.168.2.10 192.168.2.20 Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 192.168.1.1 192.168.2.1 192.168.2.1 Gateway
40
CHNG V: |GIAO THC NH TUYN 5.1.Gii thiu v nh tuyn nh tuyn l qu trnh m router thc hin chuyn gi d liu ti mng ch. Tt c cc router dc theo ng i u da vo a ch IP ch ca gi d liu chuyn gi theo ng hng n ch cui cng. nh tuyn chia lm hai dng nh tuyn ng v nh tuyn tnh. 5.2. nh tuyn tnh i vi nh tuyn tnh, cc thng tin v ng i phi do ngi qun tr mng nhp cho router. Khi cu trc mng c bt k s thay i no th chnh ngi qun tr mng phi xo hoc thm thng tin v ng i cho router. nhng loi ng nh vy gi l ng c nh. 5.2.1.Hot ng ca nh tuyn tnh Hot ng ca nh tuyn tnh c th c chia ra lm ba bc sau: + u tin, ngi qun tr mng cu hnh cc ng c nh cho router + Router ci t cc ng i ny vo bng nh tuyn + Gi d liu c nh tuyn theo cc ng c nh ny Ngi qun tr mng cu hnh ng c nh cho router bng lnh ip route. C php ca lnh ip route nh sau: Router(config) # ip route prefix mask {address / interface } [distance] [tag tag] [permanent] prefix IP ca mng ch. mask Subnet mask ca mng ch. address interface distance a ch IP ca next hop i n mng ch. Cng ra trn router i n mng ch (ty chn) Khong cch qun tr ca giao thc.
tag tag(tu chn) S dng lm gi tr so snh iu khin vic phn b ng qua bn ng i (trong CCNP). Permanent (tu chn) Ch ra rng con ng ny khng b xo k c khi cng b shutdown. (trong CCNP) 41
Mt vn cn quan tm n i vi nh tuyn tnh l ch s tin cy.Ch s tin cy l mt thng s o lng tin cy ca mt ng i. ch s ny cng thp th tin cy cng cao. Do vy nu hai con ng cng i n mt ch th con ng no c tin cy nh hn th ng c t vo bng nh tuyn ca router trc. V d ng c nh s dng a ch IP ca trm k tip s c ch s tin cy mc nh l 1, cn ng c nh s dng cng ra th c ch s tin cy mc nh l 0. Nu ta mun ch nh ch s tin cy thay v s dng gi tr mc nh th ta thm hng s ny vo sau thng s v cng ra hoc a ch IP trm k ca cu lnh. Gi tr ny nm trong khong t 0 n 255. V d: router(config)# ip route 172.16.2.0 255.255.255.0 172.16.4.1 124 Nu router khng chuyn c gi tin ra cng giao tip c cu hnh th c ngha cng giao tip ang b ng, ng i tng ng s khng c t vo bng nh tuyn. 5.2.2.Cu hnh ng c nh + Khong cch qun tr v o ng i (metric) o ng i ca mi ng tnh lun bng 0 Khong cch qun tr l u tin v thng tin nh tuyn. Khong cch qun tr cng nh th cng c u tin cng cao. Nu router thy c nhiu con ng ti cng mt mng ch t nhiu ngun khc nhau th n s s dng Khong cch qun tr quyt nh a con ng no vo Bng nh tuyn. Khong cch qun tr mc nh ca ng nh tuyn tnh l 1
42
Hnh 5.2.1 Khong cch qun tr ca cc giao thc nh tuyn + Cc bc cu hnh ng c nh: 1. Xc nh tt c cc mng ch cn cu hnh, subnet mask tng ng v gateway tng ng. Gateway c th l cng giao tip trn router hoc l a ch ca trm k tip n c mng ch. 2. Bn vo ch cu hnh ton cc ca router 3. Nhp lnh ip route vi a ch mng ch, subnet mask v gateway tng ng m ta xc nh bc mt. nu cn th thm thng s v tin cy. 4. Lp li bc ba cho nhng mng ch khc 5. thot khi ch cu hnh ton cc 6. Lu tp tin cu hnh ang hot ng thnh tp tin cu hnh khi ng bng lnh copy running-config startup-config. V d: Hnh 5.2.2 l mt minh ho v cu hnh ng c nh vi cu trc mng c 3 router kt ni n gin. trn router Hoboken ta cn cu hnh ng i ti mng 172.16.1.0 v mng 172.16.5.0 c hai mng ny u c subnet mask la255.255.255.0 Khi router Hoboken inh jtuyn cho cc gi n mng ch l 172.16.1.0 th n s s dng cc ng c nh m ta cu hnh cho router Sterling, cn gi no n mng ch l 172.16.5.0 th nh tuyn ti router Waycross.
43
Hnh 5.2.2: Cu hnh nh tuyn tnh cho mng khung pha trn ca hnh 5.2.2 c hai cu lnh u ch ng c nh cho router thng qua cng ra trn router. Trong cu lnh ny khng ch nh gi tr cho ch s tin cy nn trn bng nh tuyn hai ng c nh ny c ch s tin cy mc nh l 0. ng c ch s tin cy bng 0 tng ng vi mng kt ni trc tip vo router. khung bn di ca hnh 5.2.2, hai cu lnh ch ng c nh cho router thng qua a ch router k tip. ng ti mng 172.168.1.0 c a ch ca router k tip l 172.16.2.1, ng ti mng 172.16.5.0 c a ch ca router k tip l 172.16.4.2. Trong hai cu lnh ny cng khng ch nh gi tr cho tin cy nn hai ng c nh tng ng s c c s tin cy mc nh l 1. 5.2.3.Cu hnh ng mc nh cho router chuyn gi i ng mc nh l ng m router s s dng trong trng hp router khng tm thy ng i no ph hp trong bng nh tuyn ti ch ca gi d liu. Chng ta thng cu hnh cu hnh ng mc nh cho ng ra ca Internet ca router v router khng cn lu thng tin nh tuyn ti tng mng trn Internet. Lnh cu hnh ng c nh: 44
Ip route 0.0.0.0 0.0.0.0 [next-hop-address / outging interface] Subnet 0.0.0.0 khi thc hin php ton AND logic vi bt k a ch IP ch no cng c kt qu mng l 0.0.0.0. Do nu gi d liu c a ch ch m router khng tm c ng no ph hp th gi d liu s c nh tuyn ti mng 0.0.0.0. Cc bc cu hnh ng mc nh: + Vo ch cu hnh ton cc + Nhp lnh ip route vi mng ch l 0.0.0.0 v subnet mask tng ng l 0.0.0.0. Gateway ca ng mc nh c th l cng giao tip trn router kt ni vi mng bn ngoi hoc l a ch IP ca router k tip. Thng thng ta hay s dng a ch IP ca router k tip lm gateway. + Thot khi ch cu hnh ton cc + Lu li tp tin cu hnh khi ng trong NVRAM bng lnh: copy running-config startup-config.
Vi d :
Hnh 5.2.3a
45
Hnh 5.2.3b Trong v d ca hnh 5.2.2 router Hoboken c cu hnh nh tuyn d liu ti mng 172.16.1.0 trn router Sterling v ti mng 172.16.5.0 trn router Waycross. Nhng c router Sterling v Waycross u cha bit ng i ti cc mng m khng kt ni trc tip vi n. Ta c th cu hnh ng c nh cho sterling v Waycross ch ng ti tng mng mt. Nhng cch ny khng phi l mt gii php hay cho nhng h thng mng ln. Trong hnh 5.2.3a v 5.2.3b l nhng v d v cu hnh cc ng mc nh cho router sterling v Waycross. Sterling kt ni n tt c cc mng khc thng qua mt cng Serial 0. Tng t Waycross cng vy, Waycross ch c mt kt ni n tt c cc mng khc thng qua cng Serial 1 m thi. Do chng ta cu hnh ng mc nh cho Sterling v Waycross th hai router ny s s dng ng mc nh nh tuyn cho gi d liu n tt c cc mng no khng kt ni trc tip vi n. 5.2.4.Cc quy tc v nh tuyn tnh + nh tuyn tnh qua lin kt im-im. Tt nht l ta nn s dng nh tuyn tnh bng cng ra. Vi cc cng serial kt ni kiu im-im, router khng bao gi s dng a ch trung gian chuyn tip gi d liu. + nh tuyn tnh qua mng kiu qung b Tt nht l cu hnh dng nh tuyn tnh vi c a ch trung gian v cng ra 46
+ Ch s dng a ch trung gian Khi cu hnh ng nh tuyn tnh trnh vic cc ng inh jtuyn tnh ch tham chiu n cc a ch trung gian v cc ng nh tuyn tnh khng c gn vi mt cng no c m ph thuc vo vic tm ng qua cc a ch trung gian lm cho tc hi t chm li. iu ny cng c th gy ra vn nh tuyn lp. 5.2.5.Kim tra cu hnh ng c nh Sau khi cu hnh ng c nh, kim tra xem bng nh tuyn c ng c nh m ta cu hnh hay cha, hot ng nh tuyn c ng hay khng. Ta dng lnh show running-config kim tra ni dung tp tin cu hnh ang chy trn RAM xem cu lnh cu hnh ng c nh c nhp vo ng cha. Sau ta dng lnh show ip route xem c ng c nh no trong bng nh tuyn cha. Cc bc kim tra cu hnh ng c nh: + ch c quyn, ta nhp lnh show running-config xem tp tin cu hnh ang hot ng. + Kim tra xem cu lnh cu hnh ng c nh c ng khng. Nu khng ng th ta phi vo li ch cu hnh ton cc,xoa cu lnh sai v nhp cu lnh mi. + Nhp lnh show ip route. + Kim tra xem ng c nh m ta cu hnh c trong bng nh tuyn hay khng. 5.2.6.X l s c Dng lnh ping kim tra xem cc mng ni vi nhau c thng hay khng. nu c s c xy ra ta dng tip lnh tracerouter kim tra xem mng b rt u. Sau khi xc nh c s c xy ra router no th ta vo cc router sa cha hoc cu hnh li cho router . 5.3. nh tuyn ng 5.3.1.Gii thiu v nh tuyn ng Giao thc nh tuyn ng c s dng giao tip gia cc router vi nhau. Giao thc nh tuyn ng cho php router ny chia s cc thng tin nh tuyn m n bit cho cc router khc. T , cc router c th xy dng v bo tr bng nh tuyn ca n. Mt s giao thc nh tuyn ng: + RIP ( Routing Information Protocol) + IPGP (Interior Gateway Routing Protocol) 47
+ EIGRP (Enhanced Interior Gateway Routing Protocol) + OSPF (Open Shortest Path First) 5.3.2.H thng t qun (Autonomous System) (AS) H t qun AS l mt tp hp cc mng hot ng di cng mt c ch qun tr v nh tuyn. T bn ngoi nhn vo, mt AS c xem nh mt n v. T chc ng k s Internet ca M l ni qun l vic cp s cho mi AS. Ch s ny di 16 bit.
Hnh 5.3.2: Mt AS l bao gm cc router hot ng di cng mt c ch qun tr 5.3.3.Mc ch ca giao thc nh tuyn ng v h thng t qun Mc ch ca giao thc nh tuyn ng l xy dng v bo tr bng nh tuyn. Bng nh tuyn ny mang thng tin v cc mng khc v cc cng giao tip trn router n cc mng ny. Router s dng cc giao thc nh tuyn ng qun l thng tin nhn c t cc router khc, thng tin t cu hnh ca cc cng giao tip v thng tin cu hnh cc ng c nh. Giao thc nh tuyn cp nht v tt c cc ng, chn ng tt nht t vo bng nh tuyn v xo i khi ng khng c s dng na. Cn router th s dng thng tin trn bng nh tuyn chuyn gi d liu ca cc giao thc ng nh tuyn. nh tuyn ng hot ng trn c s cc thut ton nh tuyn. Khi cu trc mng c bt k thay i no nh m rng thm, cu hnh li, hay b trc trc th kin thc v mng ca cc router phi thay i theo. Cc router phi c kin thc chnh xc v cu trc h thng mng.
48
Vi h t qun AS, ton b h thng mng ton cu c chia ra thnh nhiu mng nh, d qun l hn. Mi AS c mt s AS ring, khng trng lp vi bt k AS khc, mi AS c c ch qun tr ring ca mnh. 5.3.4.Phn loi cc giao thc nh tuyn ng a s cc thut ton nh tuyn ng c xp vo 2 loi sau: + Vect khong cch + Trng thi ng lin kt nh tuyn theo vect khong cch l chn ng theo hng v khong cch ti ch. Cn nh tuyn theo trng thi ng lin kt th chn ng ngn nht da trn cu trc ca ton b h thng mng. 5.3.5. c im ca giao thc nh tuyn theo vect khong cch
Hnh 5.3.5 nh tuyn theo vect khong cch thc hin truyn bn sao ca bng nh tuyn t router ny sang router khc theo nh k. Vic cp nht nh k gia cc router gip trao i thng tin khi cu trc mng thay i. Thut ton nh tuyn theo vc t khong cch cn gi l thut ton Bellman-Ford. Mi router nhn c bng nh tuyn ca nhng router lng ging kt ni trc tip vi n. V d hnh 5.3.5 router B nhn c thng tin t router A. sau router B s cng thm khong cch t router B ti router A (v d nh tng s hop ln) vo cc thng tin nh tuyn nhn c t A. khi router B s c bng nh tuyn mi v truyn bng nh tuyn ny cho router lng ging l router C. Qu trnh ny xy ra tng t cho cc router lng ging khc. 49
Router thu thp thng tin v khong cch n cc mng khc, t n xy dng v bo tr mt c s d liu v thng tin nh tuyn trong mng, tuy nhin khi cc router hot ng theo thut ton vect khong cch n c nhc im l router s khng bit c chnh xc cu trc ca ton b h thng mng m ch bit c cc router lng ging hot ng cnh n m thi. Khi s dng nh tuyn theo vect khong cch, bc u tin l router phi xc nh cc router lng ging vi n. Cc mng kt ni trc tip vo cng giao tip ca router s c khong cch l 0. cn ng i ti cc mng khng kt ni trc tip vo router th router s chn ng tt nht da trn cc thng tin m n nhn c t cc router lng ging.
V d:
Ta c th xt qu trnh cp nht bng nh tuyn ca cc router A,B,C u tin trong bng nh tuyn ca cc router n s hin th ng i ti cc mng kt ni trc tip vi n.
50
i vi router A c hai mng kt ni trc tip l W,X do vy t router A n cc mng ny c khong cch bng 0. Sau router A v B trao i thng tin vi nhau
51
Ta thy router A s hc c t router B mng Y v ng i t router A ti mng Y phi i qua router B do vy khong cch tng ln 1. Mt khc router B li hc c t router A mng W vi khong cch l 1 qua router A, v mng Z vi khong cch l 1 qua router C. Sau router A v B li trao i thng tin bng nh tuyn vi nhau
Ta thy router A li hc c t router B mng Z vi khong cch tng ln mt bng 2 qua router B. Tng t ta cng xet vi cc router B v C ta c kt qu ca bng nh tuyn ca cc router ny nh hnh 3.3.5b. Bng nh tuyn s c cp nht khi cu trc mng c s thay i. qu trnh cp nht ny cng din ra tng bc mt t router ny n router khc. Khi cp nht router gi i ton b bng nh tuyn ca n cho cc router lng ging. Trong bng nh tuyn c thng tin v ng i ti tng mng ch.
Qu trnh cp nht bng nh tuyn Router A gi i bng nh tuyn cp nht
Qu trnh cp nht bng nh tuyn
cu trc mng thay i lm cho bng nh tuyn phi cp nht li
52
Hnh 5.3.5c
5.3.6. c im ca giao thc nh tuyn theo trng thi ng lin kt Thut ton nh tuyn theo trng thi ng lin kt l thut ton Dijkstrashay cn gi l thut ton SPF (Shortest Path First tm ng ngn nht). Thut ton nh tuyn theo trng thi ng lin kt thc hin vic xy dng v bo tr mt c s d liu y v cu trc ca ton b h thng mng. nh tuyn theo trng thi ng lin kt s dng cc cng c sau: + Thng ip thng bo trng thi ng lin kt (LSA link-state Advertisement) LSA l mt gi d liu nh mang thng tin nh tuyn c truyn i gia cc router. + C s d liu v cu trc mng: c xy dng t thng tin thu thp c t cc LSA. + Thut ton SPF: Da trn c s d liu v cu trc mng, thut ton SPF s tnh ton tm ng i ngn nht. + Bng nh tuyn: cha danh sch cc ng i c chon la. Qu trnh thu thp thng tin mng d thc hin nh tuyn theo trng thi ng lin kt: Mi router bt u trao i LSA vi tt c cc router khc, trong LSA mang thng tin v cc mng kt ni trc tip ca tng router. Sau cc router tin hnh xy dng c s d liu da trn thng tin ca cc LSA. Mi router tin hnh xy dng li cu trc mng theo dng hnh cy vi bn thn l gc, t router v ra tt c cc ng i ti tt c cc mng trong h thng. sau thut ton SPF chn ng ngn nht a vo bng nh tuyn. Trn bng nh tuyn s cha thng tin v cc ng i c chn vi cng ra tng ng. Router no pht hin cu trc mng thay i u tin s pht thng tin cp nht cho tt c cc router khc. Router pht gi LSA, trong c cc thng tin v cc router mi, cc thay i v trng thi ng lin kt. gi LSA ny s c pht cho tt c cc router khc. Khi router nhn c gi LSA ny n s cp nht li c s d liu ca n vi
53
thng tin mi va nhn c. Sau SPF s tnh li chn ng li v cp nht li cho bng nh tuyn.
Router gi LSAs cho cc router khc. Thng tin ca LSA c s dng xy dng c s d liu y v cu trc h thng mng.thut ton SPF tnh ton t xy dng ra bng nh tuyn Hnh 5.3.6a
Mi router c c s d liu ring v cu trc mng v thut ton SPF thc hin tnh ton da trn c s d liu ny. Hnh 5.3.6b nh tuyn theo trng thi ng lin kt c cc nhc im sau: + B x l trung tm ca router phi tnh ton nhiu + i hi dung lng b nh ln + Chim dung lng bng thng ng truyn Router s dng nh tuyn theo trng thi ng kin kt s cn nhiu b nh hn v hot ng x l nhiu hn l s dng nh tuyn theo vect khong cch.
54
Khi khi ng vic nh tuyn, tt c cc router phi gi cc gi LSA cho tt c cc router khc khi bng thng ng truyn s b chim dng lm cho bng thng dnh cho truyn d liu ca ngi dng gim xung. Nhng sau khi cc router thu thp thng tin xy dng c s d liu v cu trc mng th bng thng ng truyn khng b chim dng na. ch khi no cu trc mng c s thay i th router mi pht gi LSA cp nht.
5.4.Tng qut v giao thc nh tuyn 5.4.1 Quyt nh chn ng i Router c hai chc nng chnh l: + Quyt nh chn ng i + Chuyn mch Qu trnh chn ng i c thc hin lp mng. Router da vo bng nh tuyn chn ng cho gi d liu, sau khi quyt nh ng ra th router thc hin vic chuyn mch pht gi d liu. Chuyn mch l qu trnh router thc hin chuyn gi t cng nhn vo ra cng pht i. im quan trng ca qu trnh ny l router phi ng gi d liu cho ph hp vi ng truyn m gi chuyn b i ra. 5.4.2 Cu hnh nh tuyn cu hnh giao thc nh tuyn, ta cn cu hnh trong ch cu hnh ton cc v ci t cc c im nh tuyn. Bc u tin ch cu hnh ton cc, ta cn khi ng giao thc nh tuyn m ta mun, v d nh RIP, IGRP, EIGRP, OSPF. Sau , trong ch cu hnh nh tuyn ta phi khai bo a ch IP. Lnh router dng khi ng giao thc nh tuyn Lnh network dng khai bo cc cng giao tip trn router m ta mun. Giao thc nh tuyn gi v nhn cc thng tin cp nht v nh tuyn. a ch mng m lnh khai bo trong cu lnh network l a ch mng theo lp A, B, C ch khng phi a ch mng con, hay a ch host ring l. 55
5.4.3. Cc giao thc nh tuyn lp internet ca b giao thc TCP/IP, router s dng mt giao thc nh tuyn IP thc hin vic nh tuyn. Sau y l mt s giao thc nh tuyn IP: + RIP giao thc nh tuyn ni theo vect khong cch. + IGRP giao thc nh tuyn ni vect khong cch ca Cisco. + OSPF giao thc nh tuyn ni theo trng thi ng lin kt. + EIGRP giao thc m rng ca IGRP. + BGP giao thc nh tuyn ngoi theo vect khong cch. * Mt s c im c bn ca RIP + L giao thc nh tuyn theo vect khong cch. + S dng s lng hop lm thng s chn ng i. + Nu s lng hop i ti ch ln hn 15 th gi d liu s b hu b. + Cp nht theo nh k mc nh l 30 giy. IGRP (Interior Gateway Routing Protocol) l giao thc c pht trin c quyn ca Cisco. * Mt s c im ca IGRP : + L giao thc nh tuyn theo vect khong cch. + S dng bng thng, ti, tr v tin cy ca ng truyn lm thng s la chn ng i. + Cp nht theo nh k mc nh l 90 giy. OSPF (Open Shortest Path First) l giao thc nh tuyn theo trng thi ng lin kt. * Mt vi c im chnh ca OSPF + L giao thc nh tuyn theo trng thi ng lin kt.. + c nh ngha trong RFC 2328. + S dng thut ton SPF tnh ton chn ng i tt nht. + Ch cp nht khi cu trc mng c s thay i. EIRGP l giao thc nh tuyn nng cao theo vect khong cch v l giao thc c quyn ca Cisco. * Mt s c im ca EIRGP + L giao thc nng cao vect khong cch. + C chia ti.
56
+ C cc u im ca nh tuyn theo vect khong cch v nh tuyn trng thi ng lin kt. + S dng thut ton DUAL (Difused Update Algorithm) tnh ton chn ng i tt nht. + Cp nht theo nh k mc nh l 90 giy hoc cp nht khi c s thay i v cu trc mng. BGP (Border Gateway Protocol) l giao thc nh tuyn ngoi. * Vi c im c bn ca BGP + L giao thc nh tuyn ngoi theo vect khong cch. + c s dng nh tuyn gia cc ISP hoc ISP v khch hng. + c s dng nh tuyn lu lng Internet gia cc h t qun (AS)
57
BI TP CHNG 5 Cho s mng nh hnh v
Yu cu thc hin cc cng vic sau t a ch cho Router v Cc PC theo bng trn Cu hnh giao thc nh tuyn tnh trn cc router m bo tt c cc my tnh c th ping nhau c Xem cu hnh hin ti Xem thng tin bng nh tuyn Xem thng tin cc cng
58
Chng VI GIAO THC NH TUYN THEO VC TKHONG CCH 6.1. nh tuyn theo vect khong cch 6.1.1. Cp nht thng tin nh tuyn Bng nh tuyn cp nht theo chu k hoc khi cu trc mng c s thay i. im quan trng i vi mt giao thc nh tuyn l lm sao cp nht c bng nh tuyn mt cch hiu qu. Khi cu trc mng thay i, thng tin cp nht phi c s l trong ton h thng. i vi nh tuyn theo vect khong cch th mi router gi ton b bng nh tuyn ca mnh cho router kt ni trc tip vo n. Bng nh tuyn bao gm cc thng tin v ng i ti mng ch nh: Tng chi ph (v d nh khong cch ) tnh t bn thn router n mng ch, a ch ca trm k tip trn ng i.
Hnh 6.1.1 6.1.2. Li nh tuyn lp nh tuyn lp c th xy ra khi bng nh tuyn trn cc router cha c cp nht hi t do qu trnh hi t chm.
Hnh 6.1.2 1/ Trc khi Mng 1 b li, tt c cc router trn h thng mng u c thng tin ng v cu trc mng v bng nh tuyn l chnh xc. Khi cc router hi t. Gi s rng: Router C chn ng n Mng 1 bng con ng 59
qua router B v khong cch ca con ng ny t router C n Mng 1 l 3 (hops) (Ngha l nu i t Router C n Mng 1 theo con ng ny th cn cch 3 router na). 2/ Ngay khi Mng 1 b li, router E lin gi thng tin cp nht cho router A. Router A lp tc ngng vic nh tuyn v Mng. Nhng router B, C v D vn tip tc vic ny v chng vn cha hay bit v vic Mng 1 b li. Sau router A cp nht thng tin m Mng 1 cho router B v D. Router B, D lp tc ngng nh tuyn cc gi d liu v Mng 1. Nhng n lc ny cc router C vn cha c cp nht v Mng 1 nn n vn nh tuyn cc gi d liu n Mng 1 qua router B. 3/ n thi im nh k ca router C, trong thng tin cp nht ca router C gi cho router D vn c thng tin v ng n Mng 1 qua router B. Lc ny router D thy rng thng tin ny tt hn thng tin bo Mng 1 b li m n va nhn c t router A lc ly. Do router D cp nht li thng tin ny vo bng nh tuyn m khng bit rng l sai. Lc ny trn bng nh tuyn, router D c ng ti Mng 1 l i qua router C. Sau router D ly bng nh tuyn va mi cp nht xong gi cho router A. Tng t, router A cng cp nht li ng n Mng 1 lc ny l qua router D ri gi cho router B v E. Qu trnh tng t tip tc xy ra router B, E. Khi , bt k gi d liu no gi n Mng 1 u b gi lp vng t router C ti router B ti router A ti router D ri li ti router C. 6.1.3. nh ngha gi tr ti a Vic cp nht sai v Mng 1 nh trn s b lp vng hoi cho n khi no c mt tin trnh khc ct t c qu trnh ny. Tnh trng nh vy gi l m v hn, gi d liu s b lp vng trn mng trong thc t l Mng 1 b ngt. Vi vect khong cch s dng thng s l s lng hop th mi khi router chuyn thng tin cp nht cho router khc, ch s hop s tng ln. Nu khng c bin php khc phc tnh trng m v hn, th c nh vy th ch s hop s tng ln n v hn. Bn thn thut ton nh tuyn theo vect khong cch c th t sa li c nhng qu trnh lp vng ny c th ko di n khi no m n v hn. Do trnh
60
tnh trng ny ko di, giao thc nh tuyn theo vect khong cch nh ngha gi tr ti a. Bng cch ny, giao thc nh tuyn cho php vng lp ko di n khi thng s nh tuyn vt qua gi tr ti a. V d nh trong hnh 6.1.3, khi thng s nh tuyn l 16 hop ln hn gi tr ti a l 15 th thng tin cp nht s b router hu b. Trong bt c trng hp no, khi gi tr ca thng s nh tuyn vt qua gi tr ti a th xem nh mng l khng n c.
Hnh 6.1.3 nh ngha mt gi tr ti a 6.1.4. Trnh nh tuyn lp vng bng split horizone Mt nguyn nhn khc gy ra lp vng l router gi li nhng thng tin nh tuyn m n va nhn c cho chnh router gi nhng thng tin . Di y l phn tch s c xy ra nh th no: 1/ Router A gi 1 thng tin cp nht cho router B v D thng bo l Mng 1 b ngt. Tuy nhin router C vn gi cp nht cho router B l router C c ng n Mng 1 thng qua router D, khong cch ca ng ny l 4. 2/ Khi router D tng lm l router C vn c ng n Mng 1 mc d con ng ny c thng s nh tuyn khng tt bng con ng c ca router B lc trc. Sau router B cng cp nht cho router A v ng mi n Mng 1 m router B va mi nhn c. 3/ Khi router A s cp nht li l n c th gi d liu n Mng 1 thng qua router B. Router B nh tuyn n Mng 1 thng qua router C. Router C li nh tuyn n Mng 1 qua router D. Kt qu l bt k gi d liu no n Mng 1 s ri vo vng lp ny. 4/ C ch split-horizon s trnh c tnh hung ny bng cch nu router B hoc D nhn c thng tin cp nht v Mng 1 t router A th chng s khng 61
gi li v Mng 1 cho router A na nh , split horizon lm gim c vic cp nht thng tin sai v gim bt c thng tin cp nht.
Hnh 6.1.4: Trnh nh tuyn lp vng bng split horizone 6.1.5. Router poisoning Router poisoning c s dng trnh xy ra cc vng lp ln v gip cho router thng bo thng l mng khng truy cp c na bng cch t gi tr cho thng s nh tuyn (S lng hop chng hn ln hn gi tr ti a). V d nh: hnh 6.1.5: Khi Mng 5 b ngt th trn bng nh tuyn ca router E gi tr hop cho ng n Mng 5 l 16, gi tr ny c ngha l Mng 5 khng truy cp c na. Sau router E cp nht cho router C bng nh tuyn ny, trong ng n Mng 5 c thng s hop l 16 poisoning t router E, router C s gi ngc tr li thng tin ny cho router E. Lc ny ta gi thng tin cp nht v Mng 5 t router C gi ngc li cho router E l poison reverse. Router C lm nh vy m bo l n gi thng tin router poisoning ra tt c cc ng m n c. Khi router poisoning c ngha l khi c mt con ng no b ngt th router s thng bo v con ng vi thng s nh tuyn ln hn gi tr ti a. C ch router poisoning khng h gy mu thun vi c ch split horizon. Split horizon c ngha l khi router gi thng tin cp nht ra mt ng lin kt th router khng c gi li nhng thng tin no m n va nhn vo t ng lin kt . By gi, router vn gi li nhng thng tin nhng i vi thng s nh tuyn ln hn gi tr ti a th kt qu vn nh vy. C ch ny gi l split horizon kt hp vi poison reverse.
62
Hnh 6.1.5
6.1.6. Trnh nh tuyn lp vng bng c ch cp nht tc thi Hot ng bng nh tuyn gia cc router lng ging c thc hin theo chu k. V d: C sau 30 giy RIP thc hin cp nht 1 ln. Ngoi ra cn c c ch cp nht tc thi thng bo v mt thay i no trong bng nh tuyn. Khi router pht hin ra c mt thay i no trong cu trc mng th n lp tc gi thng ip cp nht cho cc router lng ging thng bo v s thay i . Nht l khi c mt ng no b li khng truy cp nht c na th cc router phi cp nht tc thi thay v i n ht chu k. C ch cp nht tc thi kt hp vi router poisoning s m bo cho tt c cc router nhn c thng tin khi c mt ng no b ngt trc khi thi gian holddown kt thc. C ch cp nht tc thi cho ton b mng khi c thay i trong cu trc mng gip cho cc router c cp nht tc thi v khi ng thi gian holddown nhanh hn. V d nh hnh 6.1.6: Router C cp nht tc thi ngay khi mng 10.4.0.0 khng truy cp c na. Khi nhn c thng s ny, router B cng pht thng bo v mng 10.4.0.0 ra cng S0/1. n lt router A cng s pht thng bo ra cng Fa0/0.
Hnh 6.1.6
63
6.1.7. Trnh lp vng vi thi gian holddown Tnh trng lp vng n v hn nh cp phn trn c th trnh c bng cch s dng thi gian holddown nh sau: Khi router nhn c t router lng ging mt thng tin cho bit l mt Mng X no by gi khng truy cp c na th router s nh du vo con ng ti Mng X l khng truy cp c na v khi ng thi gian holddown. Trong khong thi gian holddown ny, nu router nhn c thng tin cp nht t chnh router lng ging lc ny thng bo l Mng X truy cp li c th router mi cp nht thng tin v kt thc thi gian holddown. Trong sut thi gian holddown, nu router nhn c thng tin cp nht t mt router lng ging khc (khng phi l router lng rin pht thng tin cp nht v Mng X lc ny) nhng thng tin ny cho bit c ng n Mng X vi thng s nh tuyn tt hn con ng m router c trc th n cp nht thng tin ny v kt thc thi gian holddown. Trong xut thi gian holddown, nu router nhn c thng tin cp nht t mt router lng rin khc (khng phi l router lng ging pht thng tin cp nht v Mng X lc ny) nhng thng tin ny cho bit c ng ti Mng X vi thng s nh tuyn khng tt bng con ng m router c trc th n s b qua, khng cp nht thng tin ny. C ch ny gip cho router trnh c vic cp nht nhm nhng thng tin c do cc router lng ging cha hay bit g v Mng X khng truy cp c na. Khong thi gian holddown bo m cho tt c cc router trong h thng mng c cp nht xong v thng tin mi. Sau khi thi gian holddown ht thi hn, tt c cc router trong h thng u c cp nht l Mng X khng truy cp c na, khi cc router u c nhn bit chnh xc v cu trc mng. Do , sau khi thi gian holddown kt thc th cc router li cp nht thng tin nh bnh thng.
Hnh 6.1.7
64
6.2. Giao thc nh tuyn RIP 6.2.1. Tin trnh ca RIP IP RIP c m t chi tit trong 2 vn bn. Vn bn u tin l RFC 1058 v vn bn th 2 l Tiu chun Internet (STD) 56. RIP c pht trin trong nhiu nm, bt u t phin bn 1 (RIPv1) RIP ch l giao thc nh tuyn theo lp a ch cho n phin bn 2 (RIPv2) RIP tr thnh giao thc nh tuyn khng theo lp a ch. RIPv2 c nhng u im hn nh sau: Cung cp thm nhiu thng tin nh tuyn hn. C c ch xc minh gia cc router khi cp nht m bo cho bng nh tuyn. C h tr VLSM (Variable Length Subnet Masking-Subnet Mask c chiu di khc nhau). RIP trnh nh tuyn lp vng n v hn bng cch gii hn s lng hop ti a cho php t my gi n my nhn. S lng hop ti a cho mi con ng l 15. i vi cc con ng m router nhn c t thng tin cp nht ca router lng ging, router s tng ch s hop ln 1 v router xem bn thn n l mt hop trn ng i. Nu sau khi tng ch s hop ln 1 m ch s ny ln hn 15 th router s xem nh mng ch tng ng vi con ng ny khng n c. Ngoi ra, RIP cng c nhiu c tnh tng t nh cc giao thc nh tuyn khc. V d nh: RIP cng c split horizon v thi gian holddown trnh cp nht thng tin nh tuyn khng chnh xc Cc c im chnh ca RIP L giao thc nh tuyn theo vect khong cch. Thng s nh tuyn l s lng hop. Nu gi d liu n mng ch c s lng hop ln hn 15 th gi d liu s b hu b. Chu k cp nht mc nh l 30 giy. 6.2.2. Cu hnh RIP Lnh router rip dng khi ng RIP. Lnh Network dng khai bo nhng cng giao tip no ca router c php chy RIP trn . T RIP s bt u gi v nhn thng tin cp nht trn cc cng tng ng. RIP cp nht thng tin nh tuyn theo chu k. Khi router nhn c thng tin cp nht c s thay i no th n s cp nht 65
thng tin mi vo bng nh tuyn. i vi nhng con ng n mng ch m router hc c t router lng ging th n s tng ch s hop ln 1, a ch ngun ca thng tin cp nht ny s l a ch ca trm k tip. c th s dng nhiu con ng c ch s bng nhau n cng 1 ch. RIP ch chn mt con ng tt nht n mng ch, tuy nhin n cng C th cu hnh cho RIP thc hin cp nht tc thi khi cu trc mng thay i bng lnh ip rip triggered. Lnh ny ch p dng cho cng serial ca router. Khi cu trc mng thay i router no nhn bit c s thay i ny u tin s cp nht vo bng nh tuyn ca n trc, sau lp tc gi thng tin cp nht cho cc router khc thng bo v s thay i . Hot ng ny gi l cp nht tc thi v n xy ra hon ton c lp vi cp nht nh k. Hnh 6.2.2 l mt v d v cu hnh RIP:
Hnh 6.2.2 BHM(config)#router rip - Chn RIP lm giao thc nh tuyn cho router. BHM(config-router)#network 10.0.0.0 Khai bo mng kt ni trc tip vo router. BHM(config-router)#network 192.168.13.0 Khai bo mng trc tip kt ni vo router. Cc cng trn router kt ni vo mng 10.0.0.0 v 192.168.13.0 s thc hin gi v nhn thng tin cp nht v nh tuyn. Sau khi khi ng RIP trn cc mng ri ta c th thc hin thm mt s cu hnh khc. Nhng cu hnh ny khng bt buc phi lm, ta ch cu hnh thm nu thy cn thit: iu chnh cc thng s cn thit. iu chnh cc thng s hot ng v thi gian ca RIP. 66
Khai bo phin bn ca RIP m ta ang s dng (RIPv1 hay RIPv2). Cu hnh cho RIP thc hin khi trao i thng tin cp nht. Cu hnh cho RIP ch gi thng tin nh tuyn rt gn ra mt cng no . Kim tra thng tin nh tuyn IP rt gn. Cu hnh IGRP v RIP chy ng thi. Khng cho php RIP nhn thng tin cp nht t mt a ch IP no . M hoc tt ch split horizon. Kt ni RIP vo mng WAN. Tm li, cu hnh cho RIP ta bt u ch cu hnh ton cc nh sau: Router(config)#router rip - Khi ng giao thc nh tuyn RIP. Router(config-router)#network network-numbur Khai bo cc mng m RIP c php chy trn . 6.2.3. S dng ip classless Khi router nhn c gi d liu c a ch ch l mt subnet khng c trn bng nh tuyn ca router. Trn bng nh tuyn ca router khng c chnh xc subnet nhng cc subnet kt ni trc tip vo router li c cng supernet vi subnet ch ca gi d liu. V d: Mt t chc s dng a ch mng 10.10.0.0/16, khi subnet 10.10.10.0/24 c supernet l 10.10.0.0/16. Trong trng hp nh vy ta dng lnh ip classless router khng hu b gi d liu m s truyn gi ra ng n a ch supernet, nu c. i vi phn mm Cisco IOS phin bn 11.3 tr v sau, mc nh l lnh ip classless c chy trong cu hnh ca router. Nu bn mun tt lnh ny i th dng lnh no ca cu lnh ny. Tuy nhin nu khng c chc nng ny th tt c cc gi c a ch ch l mt subnet c cng supernet vi cc a ch mng khc ca router nhng li khng c trong bng nh tuyn s b hu b. Ip classless ch c tc ng i vi vic chuyn gi i ch khng tc ng n cch m router xy dng bng nh tuyn. y chnh l c im quan trng ca giao thc nh tuyn theo lp. Nu mt a ch mng ln c chia thnh cc subnet con v trn bng nh tuyn ca router ch c mt s subnet con ch khng c ton b cc subnet khi gi d liu no c a ch ch l mt subnet nm trong a ch mng ln nhng li khng c trn bng nh tuyn ca router th router s hu b 67
C ch ny hay b nhm ln nht khi router c cu hnh ng mc nh. t mt a ch mng ln chia thnh nhiu nubnet con. Kt ni trc tip vo router ch c mt subnet. Khi router xy dng bng nh tuyn, trn bng nh tuyn ng nhin c cc subnet ca mng kt ni trc tip vo router. Cn nhng subnet no khng c th subnet khng tn ti. Do khi router nhn c gi d liu c a ch mng ch l mt subnet khng c trn bng nh tuyn nhng li c cng supernet vi cc mng kt ni trc tip vo router th router xem nh mng ch khng tn ti v hu b gi d liu cho d trn bng nh tuyn ca router c cu hnh ng mc nh. Lnh ip classless s gii quyt vn ny bng cch cho php router khng cn quan tm n a ch ch na. Khi nu router khng tm thy c c th mng ch trn bng nh tuyn th n s dng ng mc nh truyn gi i. 6.2.4. Nhng vn thng gp khi cu hnh RIP Router nh tuyn theo RIP phi da vo cc router lng ging hc thng tin n cc mng m khng kt ni trc tip vo router. RIP s dng thut ton vect khong cch. Tt c cc giao thc nh tuyn theo vect khong cch u c nhc im l tc hi t chm. Trng thi hi t l khi tt c cc router trong h thng mng u c thng tin nh tuyn v mt mng ging nhau v chnh xc. Cc giao thc nh tuyn theo vect khong cch thng gp vn v nh tuyn lp vng v m n v hn. y l hu qu khi cc router cha c hi t nn truyn cho nhau nhng thng tin c cha c cp nht ng. gii quyt nhng vn ny, RIP s dng nhng k thut sau: nh ngha gi tr ti a. Split horizon. Poison reverse. Thi gian holddewn. Cp nht tc thi. C mt s k thut i hi bn phi cu hnh, cn c mt s khc th khng cn cu hnh g c hoc ch cn cu hnh mt cht thi. RIP gii hn s hop ti a l 15. Bt k mng ch no m c s hop ln hn 15 th xem nh mng khng n c. iu ny lm cho RIP b hn ch khng s dng c cho nhng h thng mng ln nhng n li gip RIP trnh c li m n v hn. 68
Lut split horizon l: Khi gi thng tin cp nht ra mt hng no th khng gi li nhng thng tin m router a nhn c t hng . Trong mt s cu hnh mng th bn cn phi tt c ch split horizon. Sau y l lnh tt c ch split horizon: GAD(config-if)#no ip split horizon Thi gian holddown l mt thng s m ta c th thay i nu cn. Khong thi gian holddown gip cho router trnh b lp vng m n v hn nhng ng thi n cng lm tng thi gian hi t gia cc router. Trong khong thi gian ny, router khng cp nht nhng ng no c thng s nh tuyn khng tt bng con ng m router c trc , nh vy th c khi c ng khc thay th cho ng c tht nhng router cng khng cp nht. Thi gian holddown mc nh ca RIP l 180 giy. Ta c th iu chnh cho thi gian ngn li tng tc hi t nhng ta phi cn nhc k,thi gian holddown l tng l phi di hn khong thi gian di nht c th cho ton b h thng mng c th cho ton b h thng cp nht xong. V d nh hnh 6.2.4 ta c 4 router. Nu mi router c thi gian cp nht l 30 giy th thi gian ti a cho c 4 router cp nht xong l 120 giy. Nh vy th thi gian holddown phi di hn 120 giy. thay i thi gian holddown ta dng lnh sau: Router(config-router)#times [sleeptime] basic update invalid holddown flush
Hnh 6.2.4 Mt l do khc lm nh hng ti tc hi t l chu k cp nht. Chu k cp nht mc nh ca RIP l 30 giy. Ta c th iu chnh cho chu k cp nht di hn tit kim bng thng ng truyn hoc l git ngn chu k cp nht tng tc hi t.
69
thay i chu k cp nht ta dng lnh sau: GAD(config-router )# update-time seconds Cn mt vn ta hay gp i vi cc giao thc nh tuyn l ta khng mun cho cc giao thc ny gi cc thng tin cp nht v nh tuyn ra mt cng no . Sau khi nhp lnh network khai bo a ch mng l lp tc RIP bt u gi cc thng tin nh tuyn ra tt c cc cng c a ch mng nm trong mng m bn va khai bao. Nh qun tr mng c th khng cho php gi thng tin cp nht v nh tuyn ra mt cng no bng lnh passive-interface. GAD(config-router)#neighbor ip address Phn mm Cisco IOS mc nhin nhn gi thng tin ca c RIP phin bn 1 v 2 nhng ch gi i gi thng tin bng RIP phin bn 1 nh qun tr mng c th cu hnh cho router ch gi v nhn gi phin bn 1 hoc ch gi gi phin bn 2 bng cc lnh sau: GAD(config-router)#version (1/2) GAD(config-if)#ip rip send version 1 GAD(config-if)#ip rip send version 2 GAD(config-if)#ip rip send version 1 2 GAD(config-if)#ip rip receive version 1 GAD(config-if)#ip rip receive version 2 GAD(config-if)#ip rip receive version 1 2 6.2.5. Kim tra cu hnh RIP C rt nhiu lnh c th kim tra cu hnh RIP c ng hay khng. Trong 2 lnh thng c s dng nhiu nht l show ip route v show ip protocols Lnh show ip protocols s hin th cc giao thc nh tuyn ip ang c chy trn router. Kt qu hin th ca lnh ny gip ta kim tra c phn ln cu hnh ca RIP nhng cha phi y ton b. Sau y ta cn ch mt s im khi kim tra: C ng l giao thc nh tuyn RIP c cu hnh hay khng. RIP c cu hnh gi v nhn thng tin cp nht trn cc cng no c chnh xc hay khng. Cc a ch mng c khai bo trn router chy RIP c ng hay khng.
70
Hnh 6.2.5a Lnh show ip route c s dng kim tra xem nhng ng i m router hc c t cc router rip lng ging c c ci t vo bng nh tuyn khng. Trn kt qu hin th bng nh tuyn, ta kim tra cc ng c nh du bng ch R u dng m nhng ng router hc c t cc router rip lng ging. Ta nn nh rng cc router c mt khong thi gian hi t vi nhau, do cc thng tin mi c th cha c hin th ngay trn bng nh tuyn c. Ngoi ra cn c mt s lnh khc m ta c th s dng kim tra cu hnh RIP: show interface interface show ip interface interface show running config
Hnh 6.2.5b 6.2.6. X l s c v hot ng cp nht ca RIP Hu ht cc li v cu hnh RIP u do khai bo cu lnh network sau, subnet khng lin tc hoc l do split horizon lnh c tc dng nht trong vic tm li ca RIP trong hot ng cp nht l lnh debug ip rip 71
Lnh debug ip rip s hin th tt c cc thng tin nh tuyn m rip gi v nhn. V d trong hnh 6.2.6 cho ta thy kt qu hin th ca lnh debug ip rip. Sauk hi nhn c thng tin cp nht, router s x l thng tin ri sau gi thng tin mi va cp nht ra cc cng. Trong hnh cho ta thy router chy rip v1 v rip gi cp nht theo kiu broadcast (a ch broadcast 255.255.255.255) s trong ngoc n l a ch ngun ca gi thng tin cp nht RIP.
Hnh 6.2.6 C rt nhiu im quan trng m ta cn ch trong kt qu hin th ca lnh debug ip rip. Mt s vn , v d nh subnet khng lin tc hay trng subnet, c th pht hin nh lnh ny. Trong nhng trng hp nh vy ta s thy l cng mt mng ch nhng router gi thng tin i mng ch li c thng s nh tuyn thp hn so vi khi router nhn vo trc . Ngoi ra cn mt s lnh c th s dng s l s c ca RIP: show ip rip database show ip protocols (summary) show ip route debug ip rip (events) show ip interface brief 6.2.7. Khng cho router gi thng tin nh tuyn ra mt cng giao tip Router c th thc hin chn lc thng tin nh tuyn khi cp nht hoc khi gi thng tin cp nht. i vi router s dng giao thc nh tuyn theo vect khong cch, c ch ny c tc dng v router nh tuyn da trn cc thng tin nh tuyn nhn c t cc router lng ging.
72
Tuy nhin i vi router s dng giao thc nh tuyn theo trng thi ng lin kt th c ch trn khng hiu qu v cc giao thc ny quyt nh chn ng i trn c s d liu v trng thi cc ng lin kt ch khng da vo thng tin nh tuyn nhn c. Chnh v vy m cch thc hin ngn khng cho router gi thng tin nh tuyn ra mt cng giao tip c cp sau ch s dng cho giao thc nh tuyn theo vect khong cch nh RIP, IGRP thi. Ta c th s dng lnh passive interface ngn khng cho router gi thng tin cp nht v nh tuyn ra mt cng no . Lm nh vy th bn s ngn c h thng mng khc hc c cc thng tin nh tuyn trong h thng ca mnh. i vi RIP v IGRP, lnh passive interface s lm cho router ngng gi thng tin cp nht v nh tuyn cho 1 router lng ging no , nhng router vn tip tc lng nghe v nhn thng tin cp nht t router lng ging 6.2.8. Chia ti vi RIP Router c th chia ti theo nhiu ng khi c nhiu ng tt n cng mt ch.Bn c th cu hnh bng tay cho route chia ti ra cc ng hoc la route cc giao thc nh tuyn ngc tht ng tnh ton chia ti. RIP c kh nng chia ti ra ti a l 6 ng, c chi ph bng nhau, cn mc nh th rip ch chia ti ra 4 ng. RIP thc hin chia ti bng cch s dng ln lt v lun phin tng ng. 6.2.9. Chia ti cho nhiu ng Router c kh nng chia ti ra nhiu ng chuyn cc gi d liu n cng mt ch .Chng ta c th cu hnh bng tay cho router thc hin chia ti hoc l cc giao thc nh tuyn ng nh RIP, IGRP, EIGRP v OSPF s t ng tnh ton. Khi router nhn c thng tin cp nht v nhiu ng khc nhau n cng mt ch th router s chn ng no c ch s tin cy(Administrative distance) nh nht t vo bng nh tuyn. Trong trng hp cc ng ny c cng ch s tin cy th router th router s chn ng no c chi ph thp nht hoc c thng s nh tuyn nh nht. Mi giao thc nh tuyn c cch tnh chi ph khc nhau v ta cn phi cu hnh cc chi ph ny router thc hin chia tai. Khi router c nhiu ng c cng ch s tin cy v cng chi ph n cng mt ch th router s thc hin vic chia ti. Thng thng th router c kh nng chia ti n 6 ng c cng chi ph (thi hn ti a s ng chia ti l ph thuc vo bng 73
nh tuyn ca Cisco IOS ), tuy nhin mt s giao thc nh tuyn ni (IGP) c th c gii hn ring. V d nh EIGRP ch co php ti a l 4 ng. Mc nh th hu ht cc giao thc nh tuyn IP u chia ti ra 4 ng. ng c nh th chia ti ra 6 ng. Ch ring BGP l ngoi l, mc nh ca BGP l ch cho php nh tuyn mt ng n mt ch. S ng ti a m router c th chia ti ra t 1 n 6 ng. thay i s ng ti a cho php ta s dng lnh sau: Router(config-router)#maximum-paths [number] IGRP c th chia ti ln ti a 6 ng. RIP da vo s lng hop chn ng chia ti, trong khi IGRP th da vo bng thng chn ng chia ti. Khi nh tuyn IP, Cisco IOS c 2 c ch chia ti l: Chia ti theo gi d liu v chia ti theo a ch ch. Nu router chuyn mng theo tin chnh th router s chia gi d liu ra cc ng. Cch ny gi l chia ti theo gi d liu. Cn nu router chuyn mch nhanh th router s chuyn tt c cc gi d liu n cng mt ch ra 1 ng. Cc gi d liu n hop khc nhng trong cng mt mng ch th s ti ra ng k tip. Cch ny gi l chia ti theo a ch ch. 6.2.10. Tch hp ng c nh vi RIP ng c nh l do ngi qun tr cu hnh cho router chuyn gi ti mng ch theo ng m mnh mun. Mt khc, lnh cu hnh ng c nh cng nh s dng khai bo cho ng mc nh. Trong trng hp router khng tm thy ng no trn bng nh tuyn chuyn gi n mng ch th router s s dng ng mc nh. Router chy RIP c th nhn thng tin v ng mc nh t nhng thng tin cp nht ca cc router RIP lng ging khc. Hoc l bn thn router c cu hnh ng mc nh s cp nht thng tin nh tuyn ny cho cc router khc. Ta c th xo ng c nh bng lnh no ip router ngi qun tr mng c th cu hnh ng c nh bn cnh nh tuyn ng. Mi mt giao thc nh tuyn ng c 1 ch s tin cy (AD) mc nh. Ngi qun tr mng c th cu hnh mt ng c nh ti mt mng ch vi ng nh tuyn ng nhng vi ch s AD ln hn ch s AD ca giao thc nh tuyn ng tng ng. Khi , ng nh tuyn ng c ch s AD nh hn nn lun lun c router chn la trc. Khi ng nh tuyn ng b s c khng s dng c na th router s s dng ti ng c nh chuyn gi d liu n mng ch. 74
Nu ta cu hnh ng c nh ch ra mt cng RIP cng chy trn cng th RIP s gi thng tin cp nht v ng c nh ny cho ton b h thng mng. V khi , ng c nh c xem nh l kt ni trc tip vo router nn n khng cn bn cht l mt ng c nh na. Nu ta cu hnh ng c nh ch ra mt cng m RIP khng chy trn cng th RIP khng gi thng tin cp nht v ng c nh , ch khi ta phi cu hnh thm lnh redistribute static cho RIP. Khi mt cng giao tip b ngt th tt c cc ng c nh ch ra cng u b xo khi bng nh tuyn. Tng t nh vy, khi router khng xc nh c trm k tip trn ng c nh cho gi d liu ti mng nh th ng c nh cng s khi bng nh tuyn.
75
BI TP CHNG 6. Cho s mng nh hnh v hy thc hin cc cng vic sau Cu hnh cho cc thit b theo bng a ch cho di y Cu hnh nh tuyn ng RIP V1 trn cc router m bo tt c cc my tnh truyn thng c vi nhau Cho xem thng s bng nh tuyn
76
CHNG 7: DANH SCH TRUY CP ACLs 7.1. C bn v Danh sch kim tra truy cp 7.1.1. ACL l g ? ACLs l mt danh sch cc iu kin c p dng cho lu lng i qua mt cng ca Router. Danh sch ny cho php Router bit loi gi no c chp nhn hay b t chi da trn cc iu kin c th. ACL c s dng qun l lu lng mng v bo v s truy cp ra hoc vo h thng mng. ACL c th c to ra cho tt c cc giao thc c nh tuyn nh IP (Internet Protocol) v IPX (Internetwork Packet Exchange). ACL c th c cu hnh trn router kim tra vic truy cp v mt mng hay mt subnet no .
Hnh 7.1. V d v ACL ACL lc ti bng cch kim tra vic chuyn i cc gi c nh tuyn xong hoc l chn ngay cc gi vo cng ca router. Router kim tra tng gi mt quyt nh l chuyn gi i hay hy b gi ty vo cc iu kin trong ACL nh: a ch ngun v ch, giao thc v s port ca lp trn.
77
Hnh 7.2. Cu trc v gi d liu Mt s nguyn nhn chnh to ACLs: Gii hn lu lng mng tng hiu xut hot ng ca mng. V d, bng cch gii hn lu lng truyn video, ACLs lm gim ti ng k v lm tng hiu sut ca mng. Kim tra dng lu lng. ACLs c th gii hn thng tin truy cp nh tuyn. Cung cp ch bo v truy cp c bn. ACLs c th cho php mt host truy cp vo mt phn no ca h thng mng v ngn khng cho cc host khc truy cp vo khu vc . Quyt nh loi lu lng c php cho qua hay chn li trn cc cng ca router. V d, lu lng ca Email c php cho qua nhng tt c lu lng ca telnet u b chn li. Cho php ngi qun tr mng iu khin c cc phm vi m cc Client c quyn truy cp vo trong h thng mng. Kim tra host cho php hay t chi khng cho truy cp vo mt khu vc no trong h thng. Nu trn router khng c cu hnh ACLs th tt c cc gi c chuyn i n mi v tr trong h thng mng. 7.1.2. ACLs lm vic nh th no Mi ACLs l mt danh sch cc cu lnh trong xc nh gi d liu no c chp nhn hay t chi ti chiu ra hay chiu vo ca mt cng trn Router. Mi mt cu lnh c cc iu kin v kt qu chp nhn hay t chi tng ng. Nu tho iu kin trong cu lnh th quyt nh chp nhn hay t chi s c thc hin. Th t t cc cu lnh trong ACLs rt quan trng.Phn mm Cisco IOS s kim tra gi d liu vi tng cu lnh mt theo ng th t t trn xung di. Nu tho iu 78
kin ca mt cu lnh th gi d liu s c chp nhn hay t chi ngay v ton b cc cu lnh cn li trong ACLs s khng phi kim tra na. Nu khng tho iu kin ca tt c cc cu lnh trong ACLs th mc nh l cui danh sch lun c mt cu lnh n deny any (t chi tt c). Nu bn cn thm mt cu lnh vo ACLs th bn phi xo ton b ACLs i ri to li ACLs mi c cu lnh mi.
Hnh 7.3. S lm vic ca ACLs 7.1.3. To ACLs ACLs c to trong ch cu hnh ton cc. C rt nhiu loi ACLs khc nhau, bao gm: ACL c bn, ACL m rng, ACL cho IPX, AppleTalk v cc giao thc khc. Khi cu hnh ACLs trn router mi ACL c mt s xc nh.
Hnh 7.4. Cc thng s cu hnh ACL Bt u to ACLs bng t kha access-list, theo sau l cc tham s tng ng ca lnh ny. Trong ch ch cu hnh cng ca router, dng lnh access-group gn ACL tng ng vo cng . Khi gn ACL cho mt cng , cn xc nh c th ACL p dng cho chiu ra hay vo trn cng ca router. thay i ACL, dng lnh no access-list list-number xa tt c cc cu lnh access-list c cng list-number. 79
Cc nguyn tc c bn khi to v gn ACLs: Mt ACL cho mt giao thc trn mt chiu ca mt cng. ACL c bn nn t v tr gn mng ch nht. ACL m rng nn t gn mng ngun nht ng trong router xc nh chiu i ra hay i vo trn mt cng ca router Cc cu lnh trong mt ACL s c kim tra tun t t trn xung cho n khi c mt cu lnh c tha. Ngc li, nu khng c cu lnh trong ACL th gi d liu s b t chi.
Hnh 7.5. Cu hnh ACL cho mt router Trong thc t, cc lnh ca danh sch truy cp c th l cc xu k t di. Cc danh sch truy cp c th phc tp khi nhp vo hoc dch ra.Tuy nhin, bn c th n gin ho cc lnh nh cu hnh cho danh sch truy cp chung bng cch gim cc lnh bi hai phn t chung. M hnh to ACL: Bc 1: To cc thng s cho cu lnh kim tra danh sch truy cp ny (c th l mt hoc vi cu lnh): Router(config)#access-list access-list-number {permit | deny} {test condition}
Bc 2: Cho php mt giao din tr thnh mt phn ca nhm, nhm m s dng danh sch truy cp c xc nh (kch hot access list trn interface). Router(config-ip)#{protocol} access-group access-list-number {in | out} access-list-number l s hiu phn bit cc access list vi nhau, ng thi cng cho bit l loi access list no (standard hay extended) Cp nht cc danh sch truy cp: Nu cc cu lnh iu kin thm vo l cn thit trong mt danh sch truy cp th cp nht ton b. 80
ACL phi c xo v to li vi cc cu lnh iu kin mi. Xc nh ACLs nh th no? Mi ACL c xc nh duy nht bng cch gn mt s (hoc mt tn) cho n. S ny xc nh kiu ca danh sch truy cp c to v phi nm trong phm vi gii hn c bit ca cc ch s:
Mt ACL c s ho khng th b hiu chnh trn router. hiu chnh mt ACL: Bc 1: Copy n ti mt file vn bn. Bc 2: G b t cu hnh router vi no hnh dng ca cu lnh ACL Bc 3: To nhng thay i cn thit cho lile vn bn. Bc 4: Dn tr li ch cu hnh chung. 7.1.4. Chc nng ca wildcard mask Mt wildcard mask di 32 bit c chia lm 4 Octet. Mi mt wildcard mask i cng vi mt a ch IP. S bit 0 v 1 trong wildcard mask c s dng xc nh cch x l bit tng ng trong a ch IP.
Hnh 7.6. Cu trc ca wildcard mask v a ch IP 81
Subnet mask c chui bit 1 bt u t tri ko di sang phi xc nh phn host v phn mng trong mt a ch IP. Trong khi wildcard mask c thit k lc ra mt a ch IP ring l hay mt nhm a ch IP cho php hay t chi truy cp da trn a ch IP. Gi tr 0 v 1 trong wildcard mask c ngha khc vi bit 0 v 1 trong subnet mask. trnh nhm ln, ch x c s dng thay th bit 1 trong wildcard mask. V d, wildcard mask l 0.0.255.255. Bit 0 c ngha l bit tng ng trong a ch IP phi kim tra, cn bit x (bit 1) c ngha l bit tng ng trong a ch IP c th b qua khng cn kim tra. Trong qu trnh wildcard mask, a ch IP trong mi cu lnh c kt hp vi wildcard mask trong cu lnh tnh ra gi tr chun. Gi tr ny dng so snh vi a ch ca cc gi d liu ang c kim tra bi cu lnh ACL. Nu hai gi tr ny ging nhau th c ngha l iu kin v a ch c tha mn. C hai t kha c bit c s dng trong ACLs l any v host. Any i din cho IP 0.0.0.0 v wildcard mask l 255.255.255.255, host i din cho wildcard mask 0.0.0.0.
82
Hnh 7.7. Qu trnh kt hp IP v wildcard mask
7.1.5. Kim tra ACLs C rt nhiu lnh show c s dng v kim tra ni dung v v tr t ACLs trn router. Lnh show ip interface hin th thng tin ca cc cng IP trn router v cho bit c ACLs c t trn cc cng hay khng. Lnh show access-lists s hin th ni dung ca tt c cc ACLs trn router. xem c th mt ACL no th cn thm tn hoc s vo sau cu lnh show access-lists
83
Hnh 7.8. V d v mt lnh show
7.2. Danh sch kim tra truy cp 7.2.1. ACLs c bn ACLs c bn thc hin kim tra a ch IP ngun ca gi d liu. Kt qu kim tra s dn n kt qu l cho php hay t chi truy cp ton b cc giao thc da trn a ch mng, subnet hay host. Trong ch cu hnh ton cc, lnh access-list c s dng to ACL c bn vi s ACL nm trong khong t 1 n 99. V d: Access-list 2 deny 172.16.1.1 Access-list 2 permit 172.16.1.0 0.0.0.255 Access-list 2 deny 172.16.0.0 0.0.255.255 Access-list 2 permit 172.0.0.0 0.255.255.255 Cu lnh ACL u tin khng c wildcard mask, trong trng hp ny wildcard mask mc nh c s dng l 0.0.0.0. iu ny c ngha l ton b a ch 172.16.1.1 phi c tha, nu khng th router s phi kim tra cu lnh k tip trong ACL.
84
Hnh 7.9. Hot ng ca ACL c bn Cu trc y ca lnh ACL c bn: Router(config)#access-list access-list-number {deny / permit} Source [ source wildcard ] [ log ] Dng no ca cu lnh c s dng xa ACLs: Router(config)#no access-list access-list-number 7.2.2. ACLs m rng ACLs m rng thng c s dng nhiu hn ACLs c bn v n c kh nng kim sot ln hn nhiu. ACLs m rng kim tra i ch ngun v ch ca gi d liu, kim tra c giao thc vi s cng. Do rt thun tin trong vic cu hnh cc iu kin kim tra cho ACL. Gi d liu c chp nhn hay t chi l da trn v tr xut pht v ch n ca gi d liu cng vi loi giao thc v s cng ca n. V d, mt ACL m rng c th cho php lu lng ca Email t cng Fa0/0 ra cng S0/0 v t chi cc lu lng ca Web v FTP. Khi gi d liu b hy b v b t chi, mt s giao thc s gi thng ip phn hi v cho my gi thng bo l d liu khng n ch c. Trong mt ACL c th c nhiu cu lnh. Cc cu lnh c cng s ACL l nm trong cng mt danh sch ACL. C th cu hnh s lng ACL vi s lng khng hn ch v ch ph thuc vo dung lng b nh ca router.
85
V d: Access-list 114 permit tcp 172.16.6.0 0.0.0.255 any eq telnet Access-list 114 permit tcp 172.16.6.0 0.0.0.255 any eq ftp Access-list 114 permit tcp 172.16.6.0 0.0.0.255 any eq ftp-data cui cu lnh ACL m rng c thng s v s port TCP v UDP xc nh chnh xc hn loi gi d liu. C th xc nh s port bng cc tham s eq (equal: bng), neq (not equal: khng bng), gt (greater: ln hn), lt (less than: nh hn). ACL m rng s dng s ACL t 100 n 199 (v t 2000 n 2699 i vi cc IOS gn y). Lnh ip access-group c s dng gn mt ACL m rng c vo mt cng ca router. Mt ACL cho mt giao thc cho mt chiu trn mt cng. V d: Router(config-if)#ip access-group access-list-number {in | out} 7.2.3. t tn ACLs t tn ACLs c nhng u im sau: Xc nh ACL bng tn s mang tnh trc gic hn ACLs t tn c th chnh sa m khng cn phi xa ton b ACLs ri vit li t u nh ACLs t theo s. Khng cn b gii hn ti a 798 ACLs c bn v 799 ACLs m rng. V d v cu hnh t tn ACL: TN(config)#ip access-list extended server-access TN(config-ext-nacl)#permit TCP any host 131.108.101.99 eq mstp TN(config-ext-nacl)#permit UDP any host 131.108.101.99 eq domain TN(config-ext-nacl)#deny ip any any TN(config-ext-nacl)#^Z Applying the name list: TN(config)#interface fastethernet 0/0 TN(config-if)#ip access-group server-access out TN(config-if)#^Z Nhng im cn lu khi thc hin t tn ACLs: ACLs t tn khng tng thch vi cc Cisco IOS phin bn trc 11.2, Khng s dng chung mt tn cho nhiu ACLs khc nhau. V d, khng th c mt ACL c bn v mt ACLs m rng c cng tn l TN. 86
7.2.4. V tr t ACLs ACLs c s dng kim sot lu lng bng cch lc gi d liu v loi b cc lu lng khng mong mun trn mng. V tr t ACLs rt quan trng, n gip cho hot ng ca ton b h thng mng c hiu qu.
Hnh 7.10. V tr t ACLs Nguyn tc chung l: t ACLs m rng cng gn ngun ca ngun lu lng m ta mun chn li cng tt. ACLs c bn khng xc nh a ch ch nn t chng cng gn ch cng tt. 7.2.5. Bc tng la Bc tng la l mt cu trc ngn gia ngi dng bn trong h thng mng vi h thng bn ngoi trnh nhng k xm nhp bt hp php. Mt bc tng la bao gm nhiu thit b lm vic cng nhau ngn chn cc truy cp khng mong mun.
Hnh 7.11. Cu trc bc tng la Trong cu trc ny, router kt ni ra Internet c gi l router ngoi vi, s a tt c cc lu lng nhn vo n Application gateway. Kt qu l gateway c th kim sot vic 87
phn phi cc dch v i ra v i vo h thng mng. Khi , ch nhng user no c php mi c th kt ni ra Internet hoc l ch nhng ng dng no c php mi c th thit lp kt ni cho host bn trong v bn ngoi. iu ny gip bo v Application gateway v trnh cho n b qu ti bi nhng gi d liu vn l s b hy b. Do ACLs t trn router ng vai tr nh bc tng la, l nhng router v tr trung gian gia mng bn trong v mng bn ngoi. Router bc tng la ny s cch ly cho ton b h thng mng bn trong trnh b tn cng. ACLs cng nn s dng trn router v tr trung gian kt ni gia hai phn ca h thng mng v kim sot hot ng gia hai phn ny. 7.2.6. Gii hn truy cp vo ng vty trn router ACLs c bn v m rng u c hiu qu i vi cc gi d liu i qua router. Nhng chng khng chn c cc gi d liu xut pht t chnh bn thn router . Do mt ACL m rng ngn hng Telnet ra s khng th ngn chn c cc phin Telnet xut pht t chnh router .
Hnh 7.12. Truy cp vo ng vty trn router Trn router c cc cng vt l nh cng Fa0/0 v S0/0 cng c cc cng o. Cc cng ny gi l ng vty c nh s t 0 n 4. Gii hn truy cp vo ng vty s tng kh nng bo v cho h thng mng. Qu trnh to vty ACLs cng ging nh to cc ACL khc, nhng khi t ACLs vo ng vty th dng lnh access-class thay v dng lnh access-group V du: Creating the standard list: Router1(config)#access-list 2 permit 172.16.1.0 0.0.0.255 Router1(config)#access-list 2 permit 172.16.2.0 0.0.0.255 Router1(config)#access-list 2 deny any Applying the access list: 88
Router1(config)#line vty 0 4 Router1(config-line)#password secret Router1(config-line)#access-class 2 in Router1(config-line)#login
89
BI TP CHNG 7. 1. Cho s mng nh sau
2. Yu cu: 3. Cu hnh nh tuyn ng RIP trong mng cng ty 4. Cu hnh nh tuyn tnh gia Cng ty v ISP 5. Cm tt c cc my gn vi Switch3 khng truy cp mng gn vi Switch 2 6. Cm tt c cc my gn vi mng Switch2 khng truy cp c trang web http://mail.yahoo.com
90

Giao Trinh Thiet Bi Mang Cisco

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Giao Trinh Thiet Bi Mang Cisco

Uploaded by

Copyright:

Available Formats

7.2.6. Gii hn truy cp vo ng vty trn router...................................................88 BI TP CHNG 7.................................................................................................90

2.4. Qu trnh khi ng ca Router

2.5. Thit lp phin lm vic vi HyperTerminal

CHNG 3: PHN MM PACKET TRACER

Bc 1: Chy chng trnh PT 4.1

Bc 3: Xy dng kin trc mng Thm cc my tnh Kch vo End Devices.

Bc 4: Xy dng Topology Kt ni cc my tnh n Hubs v Switches

Thm 1 Hub Kch vo mc Hubs v chn Generic hub.

Kt ni PC0 vi Hub0 s dng vo mc Connections.

Chn vo mc cp thng Copper Straight-through .

Thc hin cc bc sau kt ni PC0 n Hub0: 24

Lp li 5 bc trn cho vic kt ni PC1 vi cng Port 1 trn Hub0.

Thm switch Thm switch bng cch Kch vo switch 2950-24

Chn mc Connection kt ni PC2 vo Switch0

Click once on the Copper Straight-through cable.

Lp li cc bc PC3 kt ni ti cng Port 3 trn Switch0 trn cng FastEtherent0/2.

Bc 5: Cu hnh a ch IP v Subnet Mask trn PC 27

Kch vo FastEthernet. Bn t a ch IP l 172.16.1.10. G vo Subnet mask 255.255.0.0.

Xa thit b hoc ng lin kt xa kch vo ng mu c du x .

Bc 6: Kt ni Hub0 ti Switch0 Dng cp cho Cross-over ni gia switch v Hub

Dch kt ni qua Hub v kch vo Hub.

Chn cng s 5 Di chuyn kt ni n Switch0.

Kch 1 ln vo Switch0 v chn FastEthernet0/4

CHNG 4: CU HNH ROUTER 4.1. Cc ch dng lnh CLI

4.3. Cu hnh mt khu cho router 34

4.3.3 t mt khu cho t ch ngi dng vo ch c quyn

4.8. Kim tra cu hnh Router# Show running-config

4.9 Ghi li cu hnh Router# Copy running start

BI TP CUI CHNG Cho s mng nh sau

Qu trnh cp nht bng nh tuyn Router A gi i bng nh tuyn cp nht

Qu trnh cp nht bng nh tuyn

cu trc mng thay i lm cho bng nh tuyn phi cp nht li

BI TP CHNG 5 Cho s mng nh hnh v

Hnh 7.6. Cu trc ca wildcard mask v a ch IP 81

Hnh 7.7. Qu trnh kt hp IP v wildcard mask

Hnh 7.8. V d v mt lnh show

Router1(config)#line vty 0 4 Router1(config-line)#password secret Router1(config-line)#access-class 2 in Router1(config-line)#login

BI TP CHNG 7. 1. Cho s mng nh sau

You might also like