Cafebook - Info 03 Cac Bai Lab CCNA Tieng Viet Cua Ethena

Training & Education Network
02 Bis Dinh Tien Hoang Street, Dakao Ward, District !, HCMC Tel : (848) 824 4041 Fax : (848) 824 4041 E-mail : training@athenavn. com URL : www. athenavn. com
CCNA ATHENA LAB

Version 1. 0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Phn 1
Cisco IOS
Bi 1 :
2
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

t mt khu truy nhp cho Router

1. Gii thiu : Bo mt l mt yu t rt quan trng trong network, v th n rt c quan tm v s dng mt khu l mt trong nhng cch bo mt rt hiu qu. S dng mt khu trong router c th gip ta trnh c nhng s tn cng router qua nhng phin Telnet hay nhng s truy cp trc tip vo router thay i cu hnh m ta khng mong mun t ngi l.
2. Mc ch : Ci t c mt khu cho router, khi ng nhp vo, router phi kim tra cc loi mt khu cn thit. 3. M t bi lab v hnh :
Trong hnh trn, PC c ni vi router bng cp console 4. Cc cp bo mt ca mt khu : Cp bo mt ca mt khu da vo cp ch m ho ca mt khu . Cc cp m ha ca mt khu : Cp 5 : m ha theo thut ton MD5, y l loi m ha 1 chiu, khng th gii m c(cp ny c dng m ho mc nh cho mt khu enable secret gn cho router) Cp 7 : m ha theo thut ton MD7, y l loi m ha 2 chiu, c th gii m c(cp ny c dng m ha cho cc loi password khc khi cn nh : enable password, line vty, line console) Cp 0 : y l cp khng m ha. 5. Qui tc t mt khu : Mt khu truy nhp phn bit ch hoa, ch thng, khng qu 25 k t bao gm cc k s, khong trng nhng khng c s dng khong trng cho k t u tin. Router(config)#enable password athena-athena-athena-athen % Overly long Password truncated after 25 characters mt khu c t vi 26 k
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

t khng c chp nhn 6. Cc loi mt khu cho Router :
Enable secret : nu t loai mt khu ny cho Router, bn s cn phi khai bo khi ng nhp vo ch user mode, y l loi mt khu c hiu lc cao nht trong Router, c m ha mc nh cp 5.
Enable password : y l loi mt khu c chc nng tng t nh enable secret nhng c hiu lc yu hn, loi password ny khng c m ha mc nh, nu yu cu m ha th s c m ha cp 7. Line Vty : y l dng mt khu dng gn cho ng line Vty, mt khu ny s c kim tra khi bn ng nhp vo Router qua ng Telnet. Line console : y l loi mt khu c kim tra cho php bn s dng cng Console cu hnh cho Router. Line aux : y l loi mt khu c kim tra khi bn s dng cng aux. 7. Cc bc t mt khu cho Router : Bc 1 : khi ng Router, nhn enter vo ch user mode. T ch user mode dng lnh enable vo ch Privileged mode
Router con0 is now available Press RETURN to get started.

Router>enable Router# Bc 2 : T du nhc ch Privileged mode vo mode cofigure cu hnh cho Router bng lnh configure terminal Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Bc 3 : Cu hnh cho tng loi Password Cu hnh cho mt khu enable secret (Ch : mt khu c phn bit ch hoa v ch thng)
Router(config)#enable secret athena

Router(config)#exit Cu hnh mt khu bng lnh enable password Router(config)#enable password cisco Router(config)#exit
Mt khu l athena
Mt khu l cisco
Lu : khi ta ci t cng lc 2 loi mt khu enable secret v enable password th Router s kim tra mt khu c hiu lc mnh hn l enable secret. Khi mt khu secret khng cn th lc mt khu enable password s c kim tra.
Cu hnh mt khu bng lnh Line

9 Mt khu cho ng Telnet (Line vty) 4
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Router(config)#line vty 0 4 Router(config-line)#password class

Router(config-line)#login Router(config-line)#exit
m ch ci t password
password l class
9 Mt khu cho cng console : Router(config)#line console 0 Router(config-line)#password cert Router(config-line)#login Router(config-line)#exit
m ng Line Console
cng Console th 0 password l cert m ch ci t password
9 Mt khu cho cng aux : S 0 ch s th t cng aux c dng Router(config)#line aux 0 password l router Router(config-line)#password router Router(config-line)#login Router(config-line)#exit Sau khi t xong mt khu, ta thot ra ngoi ch Privileged mode, dng lnh Show runningconfig xem li nhng password cu hnh : Router#show running-config Building configuration. . . Current configuration : 550 bytes version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption password ci t ch khng m ha hostname Router enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o password secret c m ha mc nh cp 5 enable password cisco ! line con 0 password cert password cho cng Console l cert login line aux 0 password router password cho cng aux l router login line vty 0 4 password class password cho ng vty l class login
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

! End Dng lnh Show running-config ta s thy c cc password cu hnh, nu mun m ha tt c cc password ta dng lnh Service password-encryption trong mode config. Router(config)#service password-encryption Router(config)#exit Dng lnh show running-config kim tra li : Router#show run Building configuration. . . enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o/ enable password 7 094F471A1A0A password c m ha cp 7 line con 0 password 7 15110E1E10 password c m ha cp 7 login line aux 0
password 7 071D2E595A0C0B password c m ha cp 7
login line vty 0 4 password 7 060503205F5D login ! End
password c m ha cp 7
Ch : Ta khng th dng lnh no service password-encryption b ch m ha cho mt khu, ta ch c th b ch m ha khi gn li mt khu khc Sau khi t mt khu xong, khi ng nhp vo Router li, mt khu s c kim tra : Router con0 is now available Press RETURN to get started. User Access Verification Password : cert Router>ena Password : athena nhn enter mt khu line console s c kim tra khai bo mt khu console l : cert enable d vo mode Privileged V mt khu secret c hiu lc cao hn nn c kim tra
Router#
Cc loi mt khu khc nh Line Vty, Line aux s c kim tra khi s dng n chc nng 8. G b mt khu cho router :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Nu mun g b mt khu truy cp cho loi mt khu no ta dng lnh no trc cu lnh gn cho loi mt khu . V d : Mun g b mt khu secret l athena cho router
Router(config)#no enable secret athena

Router(config)#exit
Bng cch tng t, ta c th g b mt khu cho cc loi mt khu khc.
Bi 2
Cisco Discovery Protocol (CDP)

Y O ULL L O V E T H E W A Y W E M I N D Y O U R K N O W L E D G E

1. Gii thiu : : CDP (Cisco Discovery Protocol) l 1 giao thc ca Cisco, giao thc ny hot ng lp 2 (data link layer) trong m hnh OSI, n c kh nng thu thp v ch ra cc thng tin ca cc thit ln cn c kt ni trc tip, nhng thng tin ny rt cn thit v hu ch cho bn trong qu trnh x l s c mng. 2. Mc ch : Bi thc hnh ny gip bn hiu r v giao thc CDP v cc thng s lin quan, nm c chc nng ca cc lnh trong giao thc ny. 3. M t bi lab v hnh :
hnh bi lab nh hnh v, cc router c ni vi nhau bng cp serial. 4. Cc bc thc hin : Trc tin cu hnh cho cc Router nh sau(xem bng lnh Show run) Router Athena1 : Current configuration : 595 bytes ! version 12. 2 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ATHENA1 ! logging rate-limit console 10 except errors ! ip subnet-zero 8
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

no ip finger ! no ip dhcp-client network-discovery ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 192. 168. 1. 2 255. 255. 255. 0 no fair-queue ! interface Serial1 ip address 192. 168. 2. 1 255. 255. 255. 0 ! ip kerberos source-interface any ip classless ip http server ! line con 0 transport input none line aux 0 line vty 0 4 ! End Router Athena2 : Building configuration. . . Current configuration : 450 bytes ! version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ATHENA2 ! ip subnet-zero ! interface Ethernet0 no ip address shutdown ! interface Serial0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

ip address 192. 168. 1. 1 255. 255. 255. 0 clockrate 56000 ! interface Serial1 no ip address shutdown ! ip classless no ip http server ! line con 0 line aux 0 line vty 0 4 login ! End Router Athena3 : Current configuration : 858 bytes ! version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Athena3 ! ip subnet-zero ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 ip address 192. 168. 2. 2 255. 255. 255. 0 clockrate 56000 ! ip classless ip http server ! line con 0 line aux 0 line vty 0 4 !
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
10

End Lu : V CDP l 1 giao thc ring ca Cisco nn n c mc nh khi ng, v vy khi ta dng lnh Show run, nhng thng tin v giao thc ny s khng c hin th. Giao thc ny c th hot ng trn c Router v Switch. 5. Cc lnh trong giao thc CDP : Lnh Show CDP neighbors : dng xem thng tin ca cc thit b xung quanh c lin kt trc tip ( lnh ny s dng trong mode Privileged ) ATHENA1#show cdp neighbors Capability Codes : R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Athena3 ATHENA2 tip. Local Intrfce Holdtme Capability Platform Port ID Ser 1 149 R 2523 Ser 1 Ser 0 134 R 2500 Ser 0
Lnh Show CDP neighbors detail : dng xem chi tit thng tin ca cc thit b lin kt trc
ATHENA1#show cdp neighbors detail ------------------------Device ID : Athena3 thit b lin kt trc tip l Athena3 Entry address(es) : IP address : 192. 168. 2. 2 a ch cng lin kt trc tip Platform : cisco 2523, Capabilities : Router loi thit b lin kt : Cisco Router 2523 Interface : Serial1, Port ID (outgoing port) : Serial1 lin kt trc tip qua cng Serial1 Holdtime : 124 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12. 1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02 : 44 by cmong Thng tin v h iu hnh ca thit b lin kt advertisement version : 2 ------------------------Device ID : ATHENA2 Entry address(es) : IP address : 192. 168. 1. 1 Platform : cisco 2500, Capabilities : Router Interface : Serial0, Port ID (outgoing port) : Serial0
thit b lin kt trc tip l Athena2 a ch cng lin kt loi thit b lin kt l Cisco Router 2500 lin kt qua cng Serial 0 11
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Holdtime : 168 sec thi gian gi gi tin l 168 second Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12. 1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02 : 44 by cmong Thng tin chi tit v phin bn v h iu hnh ca thit b advertisement version : 2 Lnh Show CDP : hin th thng tin CDP v timer v hold-time.
ATHENA1#show cdp Global CDP information : Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled
gi cdp c gi mi 60 second thi gian gi gi tin l 180 second
Lnh Show CDP interface : hin th thng tin CDP v tng cng, cch ng gi v c timer, hold-time. ATHENA1#show cdp int Ethernet0 is administratively down, line protocol is down cng Ethernet0 down do khng c thit b lin kt trc tip Encapsulation ARPA cch ng gi packet Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0 is up, line protocol is up cng Serial0 up do co thit b lin kt trc tip Encapsulation HDLC cch ng gi packet dng HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial1 is up, line protocol is up cng Serial1 up do c thit b lin kt trc tip Encapsulation HDLC cch ng gi packet Sending CDP packets every 60 seconds Holdtime is 180 seconds Lu : ta c th dng lnh no cdp enable tt ch CDP trn cc interface, v lc ny lnh show CDP interface s khng hin th thng tin CDP trn interface . Nu mun bt li ch CDP trn interface no ta dng lnh CDP enable trn interface . ATHENA1(config)#int s0 ATHENA1(config-if)#no cdp enable tt ch CDP trn interface Serial0 ATHENA1(config-if)#^Z ATHENA1#show cdp inter 01 : 32 : 44 : %SYS-5-CONFIG_I : Configured from console by console Ethernet0 is administratively down, line protocol is down
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
12

Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial1 is up, line protocol is up Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds thng tin v cng Seria0 khng hin th sau khi tt ch cdp trn n Nu mun bt li ch CDP trn interface no ta dng lnh CDP enable trn interface . ATHENA1(config)#int s0 ATHENA1(config-if)#cdp enable ATHENA1(config-if)#exit Lnh Show CDP traffic : hin th b m CDP bao gm s lng gi packet gi, nhn v b li. ATHENA1#show cdp traffic CDP counters : Total packets output : 128, Input : 115 Hdr syntax : 0, Chksum error : 0, Encaps failed : 9 No memory : 0, Invalid packet : 0, Fragmented : 0 CDP version 1 advertisements output : 0, Input : 0 CDP version 2 advertisements output : 128, Input : 115 Lnh Clear CDP couter : dng reset lai b m CDP. Lnh No CDP run : tt hon ton ch CDP trn Router ATHENA1(config)#no cdp run ATHENA1(config)#^Z ATHENA1#show cdp lnh show cdp khng hp l khi tt ch cdp % CDP is not enabled Lnh CDP run : dng m li ch CDP trn Router
ATHENA1(config)#cdp run ATHENA1(config)#exit ATHENA1#show cdp Global CDP information : Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled Lu : Giao thc CDP ch cho ta bit c thng tin ca nhng thit b c lin kt trc tip. Athena3#show cdp neighbors detail ------------------------Device ID : ATHENA1 13
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Entry address(es) : IP address : 192. 168. 2. 1 Platform : cisco 2500, Capabilities : Router Interface : Serial1, Port ID (outgoing port) : Serial1 Holdtime : 138 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12. 2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22 : 01 by srani advertisement version : 2
T Router Athena3 ch xem c thng tin ca thit b ni trc tip l Router Athena1
Gi s ta thay i a ch IP ca cng Serial1 router Athena3 Athena3(config)#int s0 Athena3(config-if)#ip add 192. 168. 3. 2 255. 255. 255. 0 Athena3(config-if)#no shut Athena3(config-if)#clock rate 56000 Athena3(config-if)#^Z Dng lnh Ping t Router Athena3 ping a ch cng Serial 1 ca Router Athena1 : Athena3#ping 192. 168. 2. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192. 168. 2. 1, timeout is 2 seconds : ..... Success rate is 0 percent (0/5) S dng giao thc CDP t Router Athena3 xem thng tin v cc thit b lin kt trc tip : Athena3#show cdp neighbors detail ------------------------Device ID : ATHENA1 Entry address(es) : IP address : 192. 168. 2. 1 Platform : cisco 2500, Capabilities : Router Interface : Serial1, Port ID (outgoing port) : Serial1 Holdtime : 144 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12. 2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22 : 01 by srani
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
14

advertisement version : 2 Bn thy r t Router Athena3 ta ping khng thy c Router Athena1 nhng dng giao thc CDP bn vn nhn c thng tin ca thit b lin kt. y l u im ca giao thc CDP. u im ny s rt hu ch cho bn khi x l s c mng.
Bi 3
Telnet
15

1. Gii thiu : Telnet l mt giao thc u cui o ( Vitural terminal), l mt phn ca giao thc TCP/IP. Giao thc ny cho php to kt ni vi mt thit b t xa. 2. Mc ch : Bi thc hnh ny gip bn hiu v thc hin c nhng cu hnh cn thit c th thc hin cc phin Telnet t host vo Router hay t Router vo Router. 3. M t bi lab v hnh :
hnh bi lab nh hnh trn, cc router c ni vi nhau bng cp serial. Host1 ni vi router Athena1 bng cp cho, router Anthena1 v router Athena2 c ni vi nhau bng cng Serial. 4. Cc bc thc hin : Cu hnh cho cc router Athena1, Athena2 v Host 1 nh sau : Host 1 : IP : 10. 0. 0. 2 Subnetmask : 255. 255. 255. 0 Gateway : 10. 0. 0. 1 Router athena1 version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption !
16

hostname athena1 ! ip subnet-zero ! interface Ethernet0 ip address 10. 0. 0. 1 255. 255. 255. 0 ! interface Serial0 ip address 192. 168. 1. 1 255. 255. 255. 0 clockrate 56000 ! end Router athena2 Building configuration. . . Current configuration : 582 bytes ! version 12. 2 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname athena2 ! interface Serial0 ip address 192. 168. 1. 2 255. 255. 255. 0 no fair-queue ! end Bn phi chn chn rng cc kt ni vt l thnh cng (kim tra bng lnh Ping) Kim tra kt ni Telnet : T Host ta th telnet vo Router Athena1 : C : \Documentsand settings\Administrator>Telnet 10. 0. 0. 1 Password required, but none set i hi mt khu nhng khng c ci dt Connection to host lost Kt ni tht bi T Router athena1 ta kt ni Telnet vo Router Athena2
17
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

athena1#telnet 192. 168. 1. 2 Trying 192. 168. 1. 2. . . Open Password required, but none set [Connection to 192. 168. 1. 2 closed by foreign host] Thc hin Telnet khng thnh cng v chc nng Telnet i hi bn phi m ng line Vty v ci t mt khu cho n. t mt khu Vty cho Router Athena1 : athena1#conf t Enter configuration commands, one per line. End with CNTL/Z. athena1(config)#line Vty 0 4 athena1(config-line)#pass athena1 athena1(config-line)#login athena1(config-line)#exit t mt khu Vty cho Router Athena2 : athena2#conf t Enter configuration commands, one per line. End with CNTL/Z. athena2(config)#line vty 0 4 athena2(config-line)#pass athena2 athena2(config-line)#login athena2(config-line)#exit Lc ny bn thc hin Telnet : T Host bn thc hin Telnet vo Router Athena1 C : \Documentsand settings\Administrator>Telnet 10. 0. 0. 1 User Access Verification Password : Athena1>ena % No password set Athena1> Tng t bn thc hin hin Telnet t Router Athena1 n Router Athena2 : athena1#192. 168. 1. 2 Trying 192. 168. 1. 2. . . Open User Access Verification Password : athena2>ena
18
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

% No password set athena2> Lu : i vi thit b ca Cisco, bn ch cn nh a ch ca ni cn Telnet n, thit b s t hiu v thc hin kt ni Telnet. Khi Telnet vo, bn ang Mode User v giao thc ny i hi bn phi c ci t mt khu vo Privileged Mode. Thc hin vic ci t mt khu : Router Athena1 athena1(config)#ena pass cisco athena1(config)#exit Router Athena2 athena2(config)#ena pass class athena2(config)#exit Bn thc hin li vic kt ni Telnet, t Host vo Router Athena1 : C : \Documentsand settings\Administrator>Telnet 10. 0. 0. 1 User Access Verification Password : athena1 Athena1>ena Password : cisco Athena1# T Router Athena1 vo Router Athena2 : athena1#192. 168. 1. 2 Trying 192. 168. 1. 2. . . Open User Access Verification Password : athena2 athena2>ena Password : class athena2# T y bn c th thc hin vic thay i cu hnh cho cc thit b m khng cn phi thng qua cng Console. Kim tra vic Telnet bng lnh Show line A Modem Roty AccO AccI Uses Noise Overruns Int
athena2#show line Tty Typ Tx/Rx
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
19

0 CTY 1 AUX 9600/9600 * 2 VTY * 3 VTY * 4 VTY 5 VTY 6 VTY -
5 0 1 7 4 1 0
0 0 0 0 0 0 0
0/0 0/0 0/0 0/0 0/0 0/0 0/0
Du * biu th nhng line bn ang s dng Telnet, theo nh bng trn, bn ang s dng 3 ng line Telnet qua li gia 2 Router Athena1 v Athena2 qua cc port 2, 3, 4. Ct Uses ch s ln bn s dng ng line . Lu : Bn ch thc hin c vic Telnet qua li gia cc Router khng qu 10 ln cng lc (v bn ch c 5 line Vty t 0 n 4) athena1#192. 168. 1. 2 Trying 192. 168. 1. 2. . . % Connection refused by remote host Router bo li khi bn thc hin phin Telnet th 11. Bn cng c th thc hin Telnet cng lc gia cc thit b bng cch t mn hnh telnet, bn nhn t hp phm : Ctrl-Shift-6 sau nhn phm X, lc ny bn s tr li mn hnh gc ban u v bn c th tip tc thc hin cc phin Telnet vo cc thit b khc. tr v mn hnh Telnet ban u bn n phm enter 2 ln Thot khi cc phin Telnet : chng ta s dng lnh Exit hay lnh Disconnect Ngt mt kt ni Telnet : chng ta s dng lnh clear line
Bi 4
Khi phc mt khu cho Cisco Router

20

(Recovery Password)
1. Gii thiu : Mt khu truy cp l rt hu ch trong lnh vc bo mt, tuy nhin i khi n cng em li phin toi nu chng may bn qun mt mt khu truy nhp. Bi thc hnh khi phc mt khu cho Cisco Router ny gip bn khi phc li mt khu ng nhp vo Router. Lu : t mt khu cho Router c ngha rt ln trong kha cnh security, n ngn cn c cc phin Telnet t xa vo Router thay i cu hnh hay thc hin nhng mc ch khc. Bn nn trnh nhm ln gia hai khi nim bo mt v khi phc mt khu, bn c th khi phc hay thay i c mt khu ca Router khng c ngha l mc bo mt ca Router khng cao v khi phc mt khu cho Router, iu kin tin quyt l bn phi thao tc trc tip trn Router, iu ny c ngha l bn phi c s chp nhn ca Admin hay k thut vin qun l Router. 2. M t bi lab v hnh :
Trong hnh trn PC ni vi router bng cp console 3. Gii thiu s lc v qu trnh khi ng ca Router :
Khi va bt ngun, Router s kim tra phn cng, sau khi phn cng c kim tra hon tt, h iu hnh s c np t Flash, tip Router s np cu hnh trong NVRAM bao gm tt c nhng ni dung cu hnh trc cho Router nh cc thng tin v giao thc, a ch cc cng v c mt khu truy nhp. V vy Router khng kim tra mt khu khi ng nhp, bn phi ngn khng cho Router np d liu t NVRAM.
Mi dng Router c mt k thut khi phc mt khu khc nhau, tuy vy khi phc mt khu cho Router bn phi qua cc bc sau : 9 Bc 1 : Khi ng Router, ngn khng cho Router np cu hnh trong NVRAM. (bng cch thay i thanh ghi t 0x2102 sang thanh ghi 0x2142). 9 Bc 2 : Reset li Router (lc ny Router s dng thanh 0x2142 khi ng). 21
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

9 Bc 3 : ng nhp vo Router(lc ny Router khng kim tra mt khu), dng cc lnh ca Router xem hay ci t li mt khu (bn ch xem c mt khu khi mt khu c ci t ch khng m ha) 9 Bc 4 : Thay i thanh ghi (t 0x2142 sang 0x2102). 9 Bc 5 : Lu li cu hnh va ci t (lc ny mt khu bit). 4. Khi phc mt khu cho Cisco Router 2500. Gi s khi bn ng nhp vo Router nhng bn qun mt mt khu. athena con0 is now available Press RETURN to get started. athena>enable Password : Password : Password : % Bad secrets Bn phi thc hin vic khi phc mt khu. Cc bc thc hin nh sau : Bc 1 : bn khi ng li Router v chuyn Router sang ch Rom Monitor System Bootstrap, Version 5. 2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 8192 Kbytes of main memory n Ctrl Break khng cho Router np d liu t NVRAM Abort at 0x103AA7E (PC) >o/r 0x2142 S dng lnh ny thay i gi tr thanh ghi sang 0x2142 Bc 2 : khi ng li Router, lc ny Router s np cu hnh t thanh ghi 0x2142 (cu hnh trng) athena>ena password s khng yu cu kim tra khi ng nhp athena#show start dng lnh Show start xem cu hnh trong NVRAM Using 456 out of 32762 bytes ! version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 $1$AqeQ$yB00zFjHxIiVoHLnbLEhh1 password secret 22
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

enable password cisco ! end
c m ho mt khu enable password l cisco
Bc 3 : Cu hnh li mt khu cho Router :
Trc tin bn phi copy ton b d liu t trong NVRAM vo RAM. athena#copy start run copy cu hnh t NVRAM vo trong RAM athena#config t Enter configuration commands, one per line. End with CTRL/Z. athena(config)#ena secret Athena mt khu secret c cu hnh li l Athena athena(config)#exit athena#conf t athena(config)#ena pass class mt khu enable password l class athena(config)#exit Bc 4 : Thay i thanh ghi hin hnh t 0x2142 tr v 0x2102 Dng lnh Show version xem thanh ghi hin hnh
athena#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12. 1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02 : 44 by cmong Image text-base : 0x03042000, data-base : 0x00001000 . . 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 9 Thay i thanh ghi : athena(config)#config-register 0x2102 athena(config)#exit Thanh ghi 0x2142 ang c s dng dng lnh config-register
9 Xem li thanh ghi hin hnh : athena#show ver Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12. 1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02 : 44 by cmong 23
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

. 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 (will be 0x2102 at next reload) thanh ghi hin hnh l 0x2102
Bc 5 : lu cu hnh thay i vo thanh ghi 0x2102 athena#wr me Building configuration. . . [OK] Sau khi hon thnh, bn phi lu cc cu hnh t RAM vo trong NVRAM bng lnh copy run start athena#copy run start Dng lnh show start xem cu hnh khi ng trong NVRAM athena#show start Using 488 out of 32762 bytes ! version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname athena ! enable secret 5 $1$49cD$jrvYyRSQhpTAHuDA1/R1v. enable password class ! ! ! End Sau khi reload li, ng nhp vo Router, mt khu secret l Athena s c kim tra athena con0 is now available Press RETURN to get started. athena>ena Password : athena# mt khu l Athena s c kim tra v chp nhn Ngi vit
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
24

NGUYN CH TRUYN
Bi 5
Recovery Password cho Switch 2950

1. Gii thiu : Trong bi lab ny chng ta se thc hin recovery password ca mt switch 2. M t bi lab v hnh :
Ni cp console gia PC vi switch. Chng ta s tin hnh recovery password trn switch 2950 trong bi lab ny. 3. Thc hin : kho st vic recovery password r rng hn, chng ta s cu hnh tn v password cho switch trc khi tin hnh recovery password cho switch Chng ta cu hnh tn v password cho switch nh sau : Switch#conf t Switch(config)#host Athena Athena(config)#enable password cisco t password cho switch Athena(config)#enable secret Athena t secret password cho switch Sau khi cu hnh xong chng ta lu vo NVRAM v xem li cu hnh trong NVRAM trc khi tin hnh recovery password cho switch. Athena#copy run start Destination filename [startup-config]? Building configuration. . . Athena#show start Athena#sh start Using 1186 out of 32768 bytes
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
25

version 12. 1 hostname Athena enable secret 5 $1$s22D$vCe6IFIeKLhUPZqgm6QZ6/ enable password cisco Chng ta tin hnh recovery password theo cch bc sau : Bc 1 : tt ngun switch, sau gia nt MODE trn switch 2950 trong lc bt ngun li. Khi mn hnh hin nhng thng bo sau, ta nh nt MODE ra. Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12. 1(22)EA2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sun 07-Nov-04 23 : 14 by antonino (mt s thng bo c lc b) flash_init load_helper boot Bc 2 : Chng ta nhp flash_init bt u cu hnh cho cc file ca flash. Nhp cu lnh dir flash : xem cc file c cha trong flash. Sau chng ta i tn file config. text thnh config. bak (v cu hnh ca chng ta lu phn trc c switch cha trong file ny) bng cu lnh sau : rename flash : config. text flash : config. bak Sau chng ta reload li switch bng cu lnh boot Bc 3 : Trong qu trnh khi ng switch s hi : Continue with the configuration dialog? [yes/no] : Chng ta nhp vo NO, b qua cu hnh ny. Sau khi khi ng xong chng ta vo mode privileged. Switch>en Switch# Sau chng ta chuyn tn file config. bak trong flash thnh config. text bng cch : Switch#rename flash : config. bak flash : config. text Ri cu hnh NVRam vo RAM bng cu lnh sau : Switch#copy flash : config. text system : running-config Bc 4 : g b tt c cc loi password Athena#conf t Athena(config)#no enable password Athena(config)#no enable secret Bc 5 : copy cu hnh t RAM vo NVRam, ri reload switch li. Athena#copy run start Destination filename [startup-config]? Building configuration. . . [OK] Athena#reload
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
26

Bi 6
Np IOS IMAGE t TFTP SERVER cho Cisco Router chy t Flash

1. Gii thiu : Flash l 1 b nh c th xa, c dng lu tr h iu hnh v mt s m lnh. B nh Flash cho php cp nht phn mm m khng cn thay th chip x l. Ni dung Flash vn c gi khi tt ngun. Bi lab ny gup bn thc hin vic np IOS (Internetwork Operating System) Image t Flash trong Router Cisco vo TFTP server to bn IOS Image d phng v np li IOS Image t t TFTP sever vo Cisco Router chy t Flash(khi phc phin bn c hay update phin bn mi) thng qua giao thc truyn TFTP (Trivial file transfer protocol) 2. M t bi lab v hnh :
Cp Console
Ethernet0 192.168.14.1 255.255.255.0
Athena
TFTP Sever 192.168.14.0 255.255.255.0

hnh bi lab nh hnh v, PC ni vi router bng cp cho v mt cp console ( iu khin router). 3. Cc bc thc hin : Chng ta s cu hnh cho router Athena v PC (ng vai tr nh mt TFTP server) nh sau : PC : 27
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

IP Address : 192. 168. 14. 2 Subnetmask : 255. 255. 255. 0 Gateway : 192. 168. 14. 1
Router Athena :
no service password-encryption hostname athena ! ip subnet-zero no ip finger ! interface Ethernet0 ip address 192. 168. 14. 1 255. 255. 255. 0 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 no ip address shutdown ! ip kerberos source-interface any ip classless ip http server ! line con 0 transport input none line aux 0 line vty 0 4 ! end Bn thc hin lnh Ping m bo vic kt ni gia Router v TFTP server athena#ping 192. 168. 14. 2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192. 168. 14. 2, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms Dng lnh Show version xem phin bn IOS hin hnh : athena#show ver Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12. 2(1d), RELEASE SOFTWARE (fc1) Router ang s d ng IOS version 12. 2(1d) 28
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22 : 01 by srani Image text-base : 0x0307EEE0, data-base : 0x00001000 ROM : System Bootstrap, Version 11. 0(10c), SOFTWARE BOOTFLASH : 3000 Bootstrap Software (IGS-BOOT-R), Version 11. 0(10c), RELEASE SOFT WARE (fc1) athena uptime is 15 minutes System returned to ROM by bus error at PC 0x100D042, address 0xFFFFFFFC System image file is "flash : /c2500-jk8os-l. 122-1d. bin" Tn tp tin IOS image c np t flash- loI Cisco 2500 s dng h iu hnh phin bn12. 2(1d) cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory. Router c 16MB RAM, 14 MB dng cho b nh x l, 2 MB dng cho b nh I/O Processor board ID 08030632, with hardware revision 00000000 Bridging software. X. 25 software, Version 3. 0. 0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Ethernet/IEEE 802. 3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Router c 16 MB flash Configuration register is 0x2102 Dng lnh Show Flash xem b nh Flash Thanh ghi hin hnh
athena#show flash System flash directory : File Length Name/status 1 16505800 /c2500-jk8os-l. 122-1d. bin [16505864 bytes used, 271352 available, 16777216 total] 16384K bytes of processor board System flash (Read ONLY) ngha t n File IOS Image : c2500 : loi thit b Cisco 2500 jk8os : cc tnh nng j : enterprise subnet k8 : reserved for huture encrytion capapilities o : fire wall s : suorce router switch 29
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

1. 122 : lai phin bn IOS Bn thc hin vic np IOS image t Flash vo TFTP server :
athena#copy flash tftp Source filename []? /c2500-jk8os-l. 122-1d. bin Address or name of remote host []? 192. 168. 14. 2 Destination filename [c2500-jk8os-l. 122-1d. bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 16505800 bytes copied in 232. 724 secs (71145 bytes/sec)
a ch TFTP server
Qu trnh np thnh cng, file IOS image c lu vo chng trnh cha TFTP server
Bn thc hin xong vic np IOS t Flash vo TFTP server, sau y bn thc hin li vic np mt IOS c sn t TFTP server vo li flash ca mt Router. Cc bc thc hin : Bn cu hnh Router v Host nh trn. chy chng trnh TFTP t PC. Gi s bn c 2 file IOS c sn trong TFTP server
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
30

File IOS Image c2500-i-l. 121-26. bin c dung lng 7, 85 MB. File IOS Image c2500-jk80os-l. 122-1d. bin c dung lng 16MB 9 Bn thc hin kim tra Flash : athena#show flash System flash directory : File Length Name/status 1 8039140 /c2500-i-l. 121-26. bin [8039204 bytes used, 349404 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY)
Nhn xt : B nh Flash ca bn c dung lng l 8 MB, bn c th lu file IOS image c2500-i-l. 121-26. bin vo Flash
9 Thc hin qu trnh copy flash athena#copy tftp flash **** NOTICE **** Flash load helper v1. 0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
31

---- ******** ---Proceed? [confirm] xc nhn vic copy Address or name of remote host []? 192. 168. 14. 2 Source filename []? c2500-i-l. 121-26. bin Destination filename [c2500-i-l. 121-26. bin]? %Warning : There is a file already existing with this name Do you want to over write? [confirm] Accessing tftp : //192. 168. 14. 2/c2500-i-l. 121-26. bin. . . Erase flash : before copying? [confirm]
tn hay a ch ni lu Flash (TFTP Server) Tn file ngun Tn file ch
00 : 09 : 43 : %SYS-5-RELOAD : Reload requested %SYS-4-CONFIG_NEWER : Configurations from version 12. 1 may not be correctly under stood. %FLH : c2500-i-l. 121-26. bin from 192. 168. 14. 2 to flash. . . System flash directory : File Length Name/status 1 8039140 /c2500-i-l. 121-26. bin [8039204 bytes used, 349404 available, 8388608 total] Accessing file 'c2500-i-l. 121-26. bin' on 192. 168. 14. 2. . . Loading c2500-i-l. 121-26. bin from 192. 168. 14. 2 (via Ethernet0) : ! [OK] Erasing device. . . eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee. . . erased qu trnh xa flash Loading c2500-i-l. 121-26. bin from 192. 168. 14. 2 (via Ethernet0) : !!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! qu trnh np Flash [OK - 8039140/8388608 bytes] Verifying checksum. . . OK (0x9693) Flash copy took 0 : 03 : 57 [hh : mm : ss] %FLH : Re-booting system after download F3 : 7915484+123624+619980 at 0x3000060 Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52. 227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252. 227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 32
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12. 1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02 : 44 by cmong Image text-base : 0x03042000, data-base : 0x00001000 cisco 2500 (68030) processor (revision N) with 6144K/2048K bytes of memory. Processor board ID 17553463, with hardware revision 00000000 Bridging software. X. 25 software, Version 3. 0. 0. 1 Ethernet/IEEE 802. 3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) Press RETURN to get started! Sau khi np Flash hon thnh, Router s reset li thay i Flash mi, lc ny IOS trong Flash s l file IOS bn va copy vo. 9 Qu trnh np Flash trong TFTP server
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
33

Lu : l trong c qu trnh copy flash t TFTP server vo Router hay t Router vo TFTP server bn u phi chy chng trnh TFTP server trn PC.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
34

Bi 7
Np IOS image cho 2 Router chy t Flash

1. M t bi lab v hnh : Bi thc hnh ny gup bn thc hin vic np IOS image t Flash ca Router ny sang Router kia.
Hai router c ni vi nhau bng cp serial. a ch cc interface c ghi trn hnh. 2. Cc bc thc hin : Bn cu hnh cho 2 Router nh sau :
Athena1#sh run
Building configuration. . . Current configuration : 440 bytes ! version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Athena1 ! ip subnet-zero ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 10. 0. 0. 1 255. 0. 0. 0 35
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

clockrate 64000 ! interface Serial1 no ip address shutdown ! ip classless ip http server ! line con 0 line aux 0 line vty 0 4 ! end
Athena2#sh run
Building configuration. . . Current configuration : 448 bytes ! version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Athena2 ! ip subnet-zero ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 10. 0. 0. 2 255. 0. 0. 0 no fair-queue ! interface Serial1 no ip address shutdown ! ip classless ip http server ! line con 0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
36

line aux 0 line vty 0 4 ! end
Chng ta kim tra flash ca hai router : Athena1#sh flash

System flash directory : File Length Name/status 1 8038440 /c2500-i-l. 121-25. bin //T n File IOS Image// [8038504 bytes used, 350104 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY) //8MB flash//
Athena2#sh flash
System flash directory : File Length Name/status 1 8039140 c2500-i-l. 121-26. bin [8039204 bytes used, 8738012 available, 16777216 total] 16384K bytes of processor board System flash (Read ONLY) thc hin vic copy IOS image t Router Athena1 sang Router Athena2, bn phi m ch TFTP server cho Router Athena1. Athena1(config)#tftp-server flash : Athena1(config)#tftp-server flash : c2500-i-l. 121-26. bin Athena1(config)#^Z Bn thc hin vic Copy IOS t Router Athena2 Athena2#copy tftp flash : **** NOTICE **** Flash load helper v1. 0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. ---- ******** ---Proceed? [confirm] Address or name of remote host []? 10. 0. 0. 1 a ch Router Athena1(Serial0) Source filename []? c2500-i-l. 121-26. bin Tn file IOS image Destination filename [c2500-i-l. 121-26. bin]? Tn File ch trong Router Athena2 Accessing tftp : //10. 0. 0. 1/c2500-i-l. 121-26. bin. . . Erase flash : before copying? [confirm] Xc nhn vic copy 00 : 02 : 57 : %SYS-5-RELOAD : Reload requested %SYS-4-CONFIG_NEWER : Configurations from version 12. 1 may not be correctly understood. 37
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

%FLH : c2500-i-l. 121-26. bin from 10. 0. 0. 1 to flash. . . System flash directory : File Length Name/status 1 8038440 /c2500-i-l. 121-25. bin [8038504 bytes used, 350104 available, 8388608 total] Accessing file 'c2500-i-l. 121-26. bin' on 10. 0. 0. 1. . . Loading c2500-i-l. 121-26. bin from 10. 0. 0. 1 (via Serial0) : ! [OK] Erasing device. . . eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee. . . erased Qu trnh xo Flash Loading c2500-i-l. 121-26. bin from 10. 0. 0. 1 (via Serial0) : Qu trnh np IOS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 8039140/8388608 bytes] Verifying checksum. . . OK (0x9693) Flash copy took 0 : 22 : 28 [hh : mm : ss] %FLH : Re-booting system after download F3 : 7915484+123624+619980 at 0x3000060 Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52. 227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252. 227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12. 1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02 : 44 by cmong Image text-base : 0x03042000, data-base : 0x00001000 cisco 2500 (68030) processor (revision N) with 6144K/2048K bytes of memory. Processor board ID 17553463, with hardware revision 00000000 Bridging software. X. 25 software, Version 3. 0. 0. 1 Ethernet/IEEE 802. 3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
38

8192K bytes of processor board System flash (Read ONLY) Press RETURN to get started! Router s reset li sau khi np IOS mi
00 : 00 : 05 : %LINK-3-UPDOWN : Interface Ethernet0, changed state to up 00 : 00 : 05 : %LINK-3-UPDOWN : Interface Serial0, changed state to up 00 : 00 : 06 : %LINK-3-UPDOWN : Interface Serial1, changed state to down 00 : 00 : 07 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Serial0, changed state to up 00 : 00 : 14 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Ethernet0, changed state to down 00 : 00 : 16 : %LINK-5-CHANGED : Interface Ethernet0, changed state to administratively down 00 : 00 : 16 : %SYS-5-CONFIG_I : Configured from memory by console 00 : 00 : 20 : %LINK-5-CHANGED : Interface Serial1, changed state to administratively down 00 : 00 : 20 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Serial0, changed state to up 00 : 00 : 22 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Serial1, changed state to down 00 : 01 : 00 : %SYS-5-RESTART : System restarted -Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12. 1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02 : 44 by cmong Athena2> Bn c th kim tra Flash li bng lnh show flash Athena2>sh flash System flash directory : File Length Name/status 1 8039140 /c2500-i-l. 121-26. bin [8039204 bytes used, 349404 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY) Lu : V y bn s dng 2 Router c b nh Flash bng nhau nn bt but bn phi thc hin vic xa Flash c trong qu trnh thc hin copy Flash mi, nhng trong trng hp bn s dng cc loi Router c b nh Flash ln, cn b nh lu thm IOS image (bn dng lnh Show Flash hay Show version kim tra) th bn khng cn phi xa Flash, iu ny c ngha l bn c th lu 2, 3 hay nhiu IOS trn Flash ty thuc vo kh nng lu tr ca Flash. Lc ny bn phi khai bo cho Router bit phi dng IOS Image no khi ng, bn dng lnh Boot System flash trong mode config thc hin qu trnh khai bo ny.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
39

Bi 8
Np IOS cho Switch

1. Gii thiu chung v switch 2950 : Hnh nh mt trc ca switch 2950
Nhn vo hnh bn c th thy switch c 12 port FastEtheret. H thng lu tr tp tin ca switch 2950 : NVRAM lu startup-config. Flash lu cc tp tin : IOS image(thng c phn m rng l. bin), vlan. dat(cha cc cu hnh ca cc VLAN), config. text, private-config. text. RAM cha running-config. Qu trnh khi ng s load tp tin config. text vo startup-config cha trong NVRAM. Nu xo tp tin config. text, sau khi khi ng li s mt ht tt c cc cu hnh. 2. Mc ch bi lab : IOS image ging nh l h iu hnh i vi mt my tnh bnh thng. Theo thi gian, th IOS image s c nhng phin bn mi hn so vi phin bn ang c trong switch. Cc phin bn mi hn c a ra nhm : sa nhng li c th mc phi trong phin bn trc, cung cp nhng tnh nng mi cho cc protocol c, hoc l cp nht nhng protocol mi. V vy, bn cn cp nht phin bn mi cho cc switch ca bn n hot ng tt v c th tng thch vi nhng switch mi s c thm vo mng sau ny. 3. M t bi lab v hnh :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
40

PC ni vi Switch 2950 bng mt ng cp thng v mt cp console. PC v siwtch c c a ch IP nh trn hnh. 4. Cc bc thc hin : BC 1 : Dng cp console kt ni my tnh vi cng console ca switch. Cm ngun cho switch, dng chng trnh Hyperterminal ca h iu hnh windows cung cp kt ni n switch, kt ni ny s gip chng ta thc hin cc cu hnh c bn cho switch. Bn phi thit lp cu hnh cho kt ni l default. Dng cp thng, ni card mng ca my tnh vi 1 cng FastEthernet mt trc ca switch phc v cho bi lab cp nht IOS cho switch. Xo cu hnh hin ti trn my Switch>enable Switch#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [con firm]y Erase of nvram : complete Switch# 00 : 04 : 57 : %SYS-7-NV_BLOCK_INIT : Initalized the geometry of nvram Switch# Xa cu hnh vlan c : Switch#delete vlan. dat Switch#reload Proceed with reload? [confirm]y 00 : 06 : 33 : %SYS-5-RELOAD : Reload requested --output omitted Would you like to enter the initial configuration dialog? [yes/no] : n --output omitted 41
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

BC 2 : Xem cu hnh mc nh ca switch
Switch> Switch>en Switch#show running-config --output omitted ! interface Vlan1 no ip address no ip route-cache shutdown ! ip http server ! line con 0 line vty 5 15 ! --output omitted BC 3 : Bc ny thc hin cc cu hnh ban u v kim tra li cc cu hnh ny ng cha. Trc tin bn phi cu hnh switch name, enable password, privileged password, console password, v virtual terminal password. Cng gn ging cc lnh trong router. Switch#configure terminal Switch(config)#hostname athena Athena(config)#enable password cisco Athena(config)#enable secret class Athena(config)#line con 0 Athena(config-line)#password athena Athena(config-line)#login Athena(config-line)#line vty 0 15 Athena(config-line)#password cert Athena(config-line)#login Athena(config-line)#^Z Athena# 00 : 08 : 11 : %SYS-5-CONFIG_I : Configured from console by console Athena# thc hin c bi lab ny bn phi cp pht a ch IP cho VLAN 1 c th kt ni thnh cng vi server, v cng phi cu hnh default-gateway (bn nn tp thi quen cu hnh default-gateway mi khi cu hnh). Athena#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Athena(config)#interface vlan 1 Athena(config-if)#ip address 10. 1. 1. 251 255. 255. 255. 0 Athena(config-if)#no shutdown 42
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Athena(config-if)# 00 : 17 : 48 : %LINK-3-UPDOWN : Interface Vlan1, changed state to up Athena(config-if)# Cn m bo a ch IP cp pht cho VLAN l a ch hp l (ngha l n thuc v subnet cp pht cho VLAN ) Theo mc nh, tt c cc port u thuc v VLAN 1. Do , tt c cc thit b bt c port no cng u phi thuc v cng 1 subnet cp pht cho VLAN 1 trn. Bn cu hnh cho my tnh ca bn a ch IP v subnet mask nh sau : 10. 1. 1. 10 255. 255. 255. 0 Kim tra li kt ni c thnh cng hay khng bng cch g lnh sau trn PC : C : \>ping 10. 1. 1. 251 Lu : Nu ping khng thnh cng, c th phi ch vi pht switch cp nht li cu hnh, ri ping li. Nu vn khng thnh cng phi kim tra li xem thc hin ng cc bc cu hnh nh trn cha. By gi bn c th ng my tnh truy cp trn switch thng qua telnet hoc l web browser. Thc hin telnet t my tnh n switch dng a ch IP ca VLAN1 10. 1. 1. 251, nhp vo mt m l : cert khi c hi. Hoc m ra mt web browser, nhp vo a ch IP 10. 1. 1. 251, nhp vo tn user l athena, phi nhp mt m l class. BC 4 : Xem s qua cc tp tin h thng trn switch bng lnh sau : athena#show file systems File Systems : Size(b) Free(b) * 7741440 3171840 32768 31806 athena#
Type flash opaque nvram opaque opaque network opaque opaque network network opaque
Flags rw ro rw rw rw rw ro ro rw rw ro
Prefixes flash : bs : nvram : null : system : tftp : xmodem : ymodem : rcp : ftp : cns :
Trong s cc tp tin trn switch c lu li cn ch : System Image (tp tin IOS nm trn vng nh flash), tp tin cu hnh lc startup nm trn NVRAM ca vng nh flash. H iu hnh ca switch c load trn DRAM Xem thng tin v cc tp tin h thng ca switch. bit c version hin ti ca IOS g lnh sau : athena#show version OS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12. 1(22)EA2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. --output omitted-athena#dir
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
43

Directory of flash : / 2 -rwx 4 drwx 5 -rwx mz. 121-22. EA2 . bin 338 -rwx 340 -rwx 109 Mar 01 1993 00 : 20 : 34 +00 : 00 info 3968 Mar 01 1993 00 : 23 : 20 +00 : 00 html 3086328 Mar 01 1993 00 : 22 : 37 +00 : 00 c2950-i6q4l2109 283 Mar 01 1993 00 : 23 : 56 +00 : 00 Jan 01 1970 00 : 00 : 48 +00 : 00 info. ver env_vars
7741440 bytes total (3173376 bytes free) athena# BC 5 : Thc hin sao chp IOS image gia tftp server v switch. a. Chp file IOS image t switch ln tftp server (upload) b. Chp file IOS image t tftp server v li switch (download) C php cn bn ca lnh chp tp tin ca switch : copy from source to dest. bit thm chi tit ca lnh copy c th s dng help ca CLI nh cch sau : athena#copy ? /erase Erase destination file system. /noverify Disable automatic image verification after copy bs : Copy from bs : file system cns : Copy from cns : file system flash : Copy from flash : file system ftp : Copy from ftp : file system null : Copy from null : file system nvram : Copy from nvram : file system rcp : Copy from rcp : file system running-config Copy from current system configuration startup-config Copy from startup configuration system : Copy from system : file system tftp : Copy from tftp : file system xmodem : Copy from xmodem : file system ymodem : Copy from ymodem : file system athena#copy Upload tp tin IOS ln tftp server athena#copy flash : c2950-i6q4l2-mz. 121-22. EA2. bin tftp Address or name of remote host []? 10. 1. 1. 10 Destination filename [c2950-i6q4l2-mz. 121-22. EA2. bin]? c2950-i6q4l2-mz. 121-22. EA2. bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!--output omitted-3086328 bytes copied in 21. 672 secs (142411 bytes/sec) athena# Download IOS image t TFTP server vo Flash ca switch, v bn s down load v tp tin va mi upload ln, dn n b trng tn cho nn bn s c hi l c ghi ln hay khng, bn phi tr li l yes : athena#copy tftp flash : Address or name of remote host []? 10. 1. 1. 10 Source filename []? c2950-i6q4l2-mz. 121-22. EA2. bin
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
44

Destination filename [c2950-i6q4l2-mz. 121-22. EA2. bin]? %Warning : There is a file already existing with this name Do you want to over write? [confirm]y Accessing tftp : //10. 1. 1. 10/c2950-i6q4l2-mz. 121-22. EA2. bin. . . Loading c2950-i6q4l2-mz. 121-22. EA2. bin from 10. 1. 1. 10 (via Vlan1) : !!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! --output omitted-[OK - 3086328 bytes] 3086328 bytes copied in 87. 712 secs (35187 bytes/sec) BC 6 : Lu li cc cu hnh : athena#copy running-config startup-config M RNG : Bn nn th thit lp kt ni 2 switch vi nhau, cu hnh 1 switch lm tftp server, cn switch kia phi cp nht li IOS image ca mnh t switch.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
45

Phn 2
Cu hnh cho Switch
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
46

Bi 1
CU HNH VLAN TRN SWITCH 2950

1. Gii thiu chung v VLAN : Trc y, cc switch ch c chc nng ngn cch cc broadcast domain, cho nn c th xem cc thit b c cm trn cng mt switch l mt LAN network. iu dn n hn ch khng gian vt l ca 1 LAN ch c th trong 1 cn phng hoc cng lm l to nh. Vi chc nng phn chia VLAN bn c th cp mt s port ca switch cho VLAN A, v cc port khc cho VLAN B Mi VLAN l mt broadcast domain v 2 thit b trn 2 VLAN khc nhau khng th lin lc c nu khng c thit b lp 3 kt ni 2 VLAN li vi nhau. VLAN em li s thu li trong vic chia nhm lm vic v 1 VLAN c th nm nhiu switch khc nhau, min l cc switch c kt ni vi nhau. 2. M t bi lab v hnh :
Console Straight through
itc Sw
95 h2
Straight through
`
PC1
VLAN 1: 192.168.1.1 255.255.255.0 VLAN 10: 192.168.10.1 255.255.255.0 VLAN 20: 192.168.20.1 255.255.255.0 Name: accounting
PC2
Cc thit b cn c : 1 switch 2950, 2 PC, 2 cp thng, 1 cp console 3. Cc bc thc hin : BC 1 Thit lp cc kt ni ging nh trong hnh. Xo cu hnh hin ti trn switch 2950 : xo startup-config, v vlan. dat Switch>enable Switch#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]y Erase of nvram : complete Switch# 00 : 04 : 57 : %SYS-7-NV_BLOCK_INIT : Initalized the geometry of nvram Switch# 47
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Xa cu hnh vlan c : Switch#delete vlan. dat Switch#reload Proceed with reload? [confirm]y 00 : 06 : 33 : %SYS-5-RELOAD : Reload requested --output omitted Would you like to enter the initial configuration dialog? [yes/no] : n --output omitted BC 2 : Xem qua cu hnh mc nh ca switch :
Switch> Switch>enable Switch#show running-config --output omitted ! interface Vlan1 no ip address no ip route-cache shutdown ! ip http server ! line con 0 line vty 5 15 ! --output omitted Thc hin cc bc cu hnh c bn : Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname athena athena(config)#enable password cisco athena(config)#enable secret class athena(config)#line con 0 athena(config-line)#password athena athena(config-line)#login athena(config-line)#line vty 0 15 athena(config-line)#password cert athena(config-line)#login athena(config-line)#^Z
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
48

athena# Xem trng thi cc vlan mc nh c trong switch athena#show vlan VLAN Name ----------------------------------1 default 1002 fddi-default Status Ports -------- ------------------------------active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 act/unsup
--output omitted BC 3 : Cc VLAN c th c to ra bng 1 trong 2 cch. Cch 1 l cp pht 1 port vo mt vlan cha tn ti. Switch s t ng to vlan cho port c cp. Cch khc l to cc vlan trc, sau mi cp pht port cho n sau. 2950 switch c lnh range cho php vic cu hnh nhiu port (lin tc, hoc khng lin tc) cho 1 s chc nng no . Gi s nh bn phi cu hnh nhiu lnh ging nhau cho nhiu port th c th dng t kha range cu hnh 1 ln cho nhiu port. Theo mc nh, VLAN 1 c sn v c gi l management vlan, tt c cc port nm sn trong VLAN 1. Do khng cn thit phi cp pht port cho vlan 1. Bn s dng lnh range cp pht port 5 n 8 cho vlan 10 theo cch to vlan th nht. Sau , to VLAN 20 theo cch th 2, cp pht 1 port s 9 cho vlan 20, ri cp pht port 10, 12 cho vlan 20 bn thy c lnh range c th s dng cho cc port khng lin tc. athena#configure terminal athena(config)#interface range fast 0/5 -8 athena(config-if-range)#switchport access vlan 10 % Access VLAN does not exist. Creating vlan 10 athena(config-if-range)#no shut athena(config-if-range)#^Z G lnh show vlan xem vlan 10 va mi to ra c hin th c th trong output. athena#show vlan VLAN Name ----------------------------------1 default 10 1002 VLAN0010 fddi-default Status Ports -------- ------------------------------active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/9, Fa0/10, Fa0/11, Fa0/12 active Fa0/5, Fa0/6, Fa0/7, Fa0/8 act/unsup
--output omitted-To VLAN 20 theo cch 2, v cp pht port dng lnh range theo kiu khng lin tc. athena#vlan database
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
49

athena(vlan)#vlan 20 VLAN 20 added : Name : VLAN0020 athena(vlan)#exit APPLY completed. Exiting. . . . athena#configure terminal athena(config)#interface fast 0/9 athena(config-if)#switchport access vlan 20 athena(config-if)#exit athena(config)#interface range fast 0/10, fast 0/12 athena(config-if-range)#switchport access vlan 20 athena(config-if-range)#exit athena(config)# Xem li cc cu hnh mi nhp vo bng lnh : show vlan athena#show vlan VLAN Name ----------------------------1 default 10 20 1002 VLAN0010 VLAN0020 fddi-default Status Ports ------- ------------------------------active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/11 active Fa0/5, Fa0/6, Fa0/7, Fa0/8 active Fa0/9, Fa0/10, Fa0/12 act/unsup
--output omitted athena#vlan database athena(vlan)#vlan 20 name accounting VLAN 20 modified : Name : accounting athena(vlan)#exit APPLY completed. Exiting. . . . Xem tn ca vlan 20 by gi c i thnh accouting ch khng cn l tn mc nh : VLAN0020 nh trc y. athena#show vlan VLAN Name -------------------1 default 10 20 1002 VLAN0010 accounting fddi-default Status -------active active active act/unsup Ports -------------------------------------Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/11 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/12
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
50

--output omitted-By gi bn i tn VLAN 10 thnh engineering nhng sau nhp vo lnh abort, tn ca VLAN 10 vn khng thay i, v n khng c lu li. Lnh abort s hu tt c cu hnh trong phin lm ng nhp vo vlan database hin hnh. athena#vlan database athena(vlan)#vlan 10 name engineering VLAN 10 modified : Name : enginerring athena(vlan)#abort Aborting. . . . athena# athena#show vlan VLAN Name ----------------------------------1 default 10 20 1002 VLAN0010 accounting fddi-default Status Ports --------- ------------------------------active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/11 active Fa0/5, Fa0/6, Fa0/7, Fa0/8 active Fa0/9, Fa0/10, Fa0/12 act/unsup
--output omitted BC 4 : Nhp vo a ch IP cho cc VLAN interface
athena(config)#interface vlan 1 athena(config-if)#ip address 192. 168. 1. 1 255. 255. 255. 0 athena(config-if)#no shut athena(config-if)#interface vlan 10 athena(config-if)#ip address 192. 168. 10. 1 255. 255. 255. 0 athena(config-if)#no shut athena(config-if)#interface vlan 20 athena(config-if)#ip address 192. 168. 20. 1 255. 255. 255. 0 athena(config-if)#no shut Kim tra li cc a ch IP nhp vo bng lnh sau : athena#show run ! interface Vlan1 ip address 192. 168. 1. 1 255. 255. 255. 0 no ip route-cache shutdown ! interface Vlan10 ip address 192. 168. 10. 1 255. 255. 255. 0 51
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

no ip route-cache shutdown ! interface Vlan20 ip address 192. 168. 20. 1 255. 255. 255. 0 no ip route-cache ! Lu : ch c mt vlan interface c php up vo bt c lc no. Chng hn interface vlan 20 ang up, nu bn g lnh no shut cho interface vlan 10 th interface vlan 20 t ng down. BC 5 : kim tra hot ng ca cc VLAN, bn c th lm nh sau : a) Cu hnh cho PC 1 a ch IP : 192. 168. 1. 2 255. 255. 255. 0. Dng cp thng ni card mng ca PC1 vi port 1 ca switch. ng t PC 1 bn g lnh : ping 192. 168. 1. 1. Lnh ping phi thnh cng. Nu khng, bn phi kim tra li ton b cu hnh. b) Cu hnh cho PC1 a ch IP : 192. 168. 10. 2 255. 255. 255. 0. Ni PC1 vi port 5 ca switch (VLAN 10). ng trn PC g lnh : ping 192. 168. 10. 1 c) Cu hnh cho PC1 a ch IP : 192. 168. 20. 2 255. 255. 255. 0. Ni PC1 vi port 9 ca switch (VLAN 20). G lnh : ping 192. 168. 1. 1. Lnh ping phi thnh cng. Cu hnh cho PC2 a ch IP : 192. 168. 20. 3 255. 255. 255. 0, ni PC2 vi port 10 trn switch. ng trn PC1 g lnh : ping 192. 168. 20. 3. Lnh ping phi thnh cng. By gi cu hnh cho PC2 a ch IP : 192. 168. 10. 2 255. 255. 255. 0, ni PC2 vi port 5 trn switch (VLAN 10) By gi bn khng th ping t PC1 n PC2 c v chng trn 2 VLAN khc nhau.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
52

Bi 2
Cu hnh VLAN TRUNK

1. Gii thiu : Trunk l mt ng vt l ng thi ca l mt ng logic cho php vlan trn hai switch khc nhau trao i thng tin c vi nhau. Thay v vlan trn hai switch mun trao i thng tin vi nhau chng ta phi ni mt port thuc vlan trn switch ny vi mt port cng thuc vlan trn switch cn li
th trunk cho php thc hin iu ch bng mt ng vt l. Trunk to ra nhiu ng kt ni vlan o trn mt ng vt l. T vlan trn cc switch khc c th lin lc c vi nhau.
Trunk c hai loi ng gi l : dot1q v isl. Dot1q s dng cc frame tagging truyn d liu ca vlan gia hai switch khc nhau. Cn ISL s ng gi ethernet frame bng cc gn vo u fram gi tr VLAN ID. 2. M t bi lab v hnh :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
53

Hai switch c ni vi nhau bng cp cho v c cu hnh cng VTP domain. 3. Cu hnh cho cc switch : Chng ta to vlan2, vlan4, vlan6 cho Athena1; vlan3, vlan5, vlan7 cho Athena2 v cu hnh cho hai switch trong cng mt VTP domain. Athena1#vlan database To vlan2 cho switch Athena1 Athena1(vlan)#vlan 2 name vlan2 Athena1(vlan)#vlan 4 name vlan4 Athena1(vlan)#vlan 6 name vlan6 Cu hnh cho Athena1 thuc Athena1(vlan)#vtp domain name Athena VTP domain Athena Athena1(vlan)#apply Athena2#vlan database Athena2(vlan)#vlan 3 name vlan3 Athena2(vlan)#vlan 5 name vlan5 Athena2(vlan)#vlan 7 name vlan7 Athena2(vlan)#vtp domain name Athena Athena2(vlan)#apply Sau khi cu hnh Vlan xong chng ta kim tra li cc vlan ca Athena1 v Athena2 bng cu lnh show vlan. Athena1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 vlan2 active 4 vlan4 active 6 vlan6 active Athena2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 vlan3 active 5 vlan5 active 7 vlan7 active Switch Athena1 c to vlan2, vlan4, vlan6; switch Athena2 c vlan3, vlan5, vlan6. By gi chng ta s cu hnh ng trunk cho hai switch bng cch : (Chng ta cha ni hai port fa0/1 ca hai switch li vi nhau)
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
54

Athena1#conf t Athena1(config)#in fa0/1 Athena1(config-if)#switchport mode trunk
Cu hnh cho port Fa0/1 l trunk
Athena2#conf t Athena2(config)#in fa0/1 Athena2(config-if)#switchport mode trunk Athena2(config-if)#switchport trunk encapsulation dot1q s dng giao thc ng gi dot1q cho ng trunk Lu : do switch 2950 ch h tr dot1q nn chng ta phi cu hnh cho switch Athena2 (2900) s dng cng giao thc ng gi l dot1q. Khng cu hnh ISL cho switch Athena2. By gi chng ta s dng cu lnh show vtp status kim tra VTP : Athena1# sh vtp status VTP Version :2 Configuration Revision :3 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Athena VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xEA 0xB0 0xB8 0x44 0xFF 0x84 0x8D 0xFD Configuration last modified by 0. 0. 0. 0 at 3-1-93 00 : 22 : 49 Athena2#sh vtp status VTP Version :2 Configuration Revision :2 Maximum VLANs supported locally : 68 Number of existing VLANs : 11 VTP Operating Mode : Server VTP Domain Name : Athena VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xA6 0x13 0x28 0xD8 0x04 0xB8 0xAD 0x14 Configuration last modified by 0. 0. 0. 0 at 3-1-93 00 : 17 : 09 Chng ta lu l s configuration revision ca VTP switch Athena1 ln hn ca Athena2. Hai switch c cng VTP domain name l Athena v c hai l VTP server. By gi chng ta ni hai port fa0/1 ca hai switch li vi nhau v kim tra li cc vlan. Athena1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
55

2 4 6
vlan2 vlan4 vlan6
active active active
Athena2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 2 vlan2 active 4 vlan4 active 6 vlan6 active Nhn xt : cc vlan trn switch Athena2 b mt thay vo l cc vlan ca Athena1. Do Athena1 c s configuration revision ln hn nn p chng tt c vlan ca mnh ln switch Athena2. Chng ta c th tng s configuration cho switch bng cch ra vo vlan datatbase v apply nhiu ln. C mi ln chng ta vo vlan database apply mt ln th s configuration s tng ln mt ln. By gi chng ta s kho st nu hai switch khc VTP domain th s hot ng nh th no. Chng ta cu hnh cho switch Athena1 c VTP domain l Athena, cn switch Athena2 l Athena1. Do phn trn chng ta cu hnh cho switch Athena1 thuc VTP domain Athena v cc vlan ca Athena2 b mt nn by gi chng ta cu hnh Athena2 thuc VTP domain Athena1 v to li cc vlan3, vlan5, vlan7 cho Athena2. (lu chng ta nn tho cp ni hai port fa0/1 ca hai switch trc khi thc hin) Athena2#vlan database Athena2(vlan)#no vlan 2 Athena2(vlan)#no vlan 4 Athena2(vlan)#no vlan 6 Athena2(vlan)#vlan 3 name vlan3 Athena2(vlan)#vlan 5 name vlan5 Athena2(vlan)#vlan 7 name vlan7 Athena2(vlan)#vtp domain name Athena Athena2(vlan)#apply By gi chng ta kim tra li s configuration revision ca hai switch v cc vlan ca chng. Athena1#sh vtp status VTP Version :2 Configuration Revision :3 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Athena Athena2#sh vtp status VTP Version :2
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
56

Configuration Revision :0 Maximum VLANs supported locally : 68 Number of existing VLANs : 11 VTP Operating Mode : Server VTP Domain Name : Athena1 Athena1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 vlan2 active 4 vlan4 active 6 vlan6 active Athena2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 vlan3 active 5 vlan5 active 7 vlan7 active By gi chng ta ni cp hai port fa0/1 li. Kim tra li cc vlan chng ta s thy c l hai switch khng trao thi thng tin vlan vi nhau (switch Athena1 s khng p vlan ln switch Athena2). Athena1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 vlan2 active 4 vlan4 active 6 vlan6 active Athena2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13,
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
57

Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 vlan3 active 5 vlan5 active 7 vlan7 active Vy nu hai switch khng cng mt VTP domain th s khng trao i thng tin vlan cho nhau.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
58

Bi 3
Cu hnh VTP Password

1. Gii thiu : Trong VTP, nu nh ta ni hai switch cng VTP domain vi nhau, th cc switch s trao i thng tin Vlan vi nhau. Nu switch no c s Configuration Revision cao hn s chuyn ht tt c cc thng tin Vlan ca mnh cho switch kia. iu ny c mt li cng nh mt hi. Trong trng hp nu nh ta thit lp mt mng vi nhiu Vlan ang hot ng tt, khi nng cp mng bng cch lp thm mt switch mi vo switch c v ta mun switch ny s ly nhng thng tin v cc Vlan c, nhng khng may switch ny c s Configuration Revision nn chuyn ht cc thng tin vlan cho switch c. iu ny ng ngha vi chng ta mt tt c Vlan c ang hot ng (do switch mi cha c vlan no). VTP password gip chng ta khc phc c trng hp khng mong mun ny. Nu hai switch cng mt VTP domain nhng khc VTP password th s khng trao i thng tin Vlan vi nhau qua ng trunk. 2. M t bi lab v hnh
Chng ta s cu hnh cho hai switch cng VTP domain name l Athena. Switch Athena1 c cc Vlan l vlan2, vlan4, vlan6. Switch Athena2 c cc vlan3, vlan5, vlan7 3. Cu hnh switch : Chng ta cu hnh vlan2, vlan4, vlan6 cho switch Athena1; vlan3, vlan5, vlan7 cho switch Athena2. Athena1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 Vlan2 active 4 Vlan4 active 6 Vlan6 active 59
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Athena2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 Vlan3 active 5 Vlan5 active 7 Vlan7 active Chng ta tin hnh cu hnh ng trunk cho hai switch Athena1 v Athena2 (khng cm cp cho vo hai port fa0/1 ca hai switch) Athena1#conf t Athena1(config)#in fa0/1 Athena1(config-if)#switchport mode trunk Athena2#conf t Athena2(config)#in fa0/1 Athena2(config-if)#switchport mode trunk Athena2(config-if)#switchport trunk encapsulation dot1q s dng giao thc ng gi dot1q cho ng trunk Lu : switch 2950 s dng phng thc ng gi l dot1q do chng ta phi cu hnh cho switch Athena2 (switch 2900) s dng giao thc ng gi ny. By gi chng ta s xem s Configuration Revision ca cc switch bng cu lnh show vtp status Athena1#sh vtp status VTP Version :2 Configuration Revision :3 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Athena VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x0E 0x36 0x79 0x87 0x0C 0x87 0x1E 0x4C Configuration last modified by 0. 0. 0. 0 at 3-1-93 00 : 06 : 43 Local updater ID is 0. 0. 0. 0 (no valid interface found) Athena2#sh vtp status VTP Version :2 Configuration Revision
:1
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
60

Maximum VLANs supported locally : 68 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Athena VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xAB 0xF7 0xF9 0xCD 0x83 0xEB 0x42 0xE6 Configuration last modified by 0. 0. 0. 0 at 3-1-93 00 : 01 : 47 Trong trng hp ny s Configuration Revision ca Athena1 ln hn ca Athena2 do khi ta ni ng trunk li th cc vlan ca Athena2 s b mt v thay vo l cc vlan ca Athena1. By gi chng ta cm cp cho vo hai port fa0/1 ca hai switch v kim tra li vlan trn switch Athena1 v Athena2 Athena1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 Vlan2 active 4 Vlan4 active 6 Vlan6 active Athena2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 2 Vlan2 active 4 Vlan4 active 6 Vlan6 active Switch b mt cc vlan ca mnh, v thay vo l cc vlan ca switch Athena1. Trong trng hp nu nh s Configuration Revision ca Athena2 ln hn Athena1 th s xy ra ngc li. Chng ta c th tng s configuration revision bng cch vo vlan database apply nhiu ln. C mi ln apply th s ny s tng ln. By gi chng ta tho cp thng ni hai port fa0/1 ca hai switch ra ri cu hnh vlan li cho Athena1 ging nh ban u (gm vlan2, vlan4, vlan6) kho st hot ng ca VTP password. Sau khi cu hnh vlan cho Athena1 xong, chng ta cu hnh VTP password bng cch : Athena1#vlan database
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
61

Athena1(vlan)#vtp password cisco Athena1(vlan)#apply
Cu hnh VTP password
Athena2#vlan database Athena2(vlan)#vtp password cisco1 Athena2(vlan)#apply y chng ta c tnh cu hnh hai VTP password khc nhau kim tra hot ng ca VTP khi password khc nhau nh th no. Sau khi cu hnh VTP password xong, kim tra li s configuration revision sau ni cp vo hai port fa0/1 v kim tra cc vlan ca c hai. Athena1#sh vtp status VTP Version :2 Configuration Revision :2 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Athena VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xDC 0x72 0x0C 0xDF 0x21 0x03 0x77 0xE6 Configuration last modified by 0. 0. 0. 0 at 3-1-93 00 : 21 : 40 Local updater ID is 0. 0. 0. 0 (no valid interface found) Athena2#sh vtp status VTP Version :2 Configuration Revision :3 Maximum VLANs supported locally : 68 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Athena VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xEB 0x3F 0x54 0x2C 0x25 0x7B 0x0D 0x19 Configuration last modified by 0. 0. 0. 0 at 3-1-93 00 : 08 : 14 Athena1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 Vlan2 active 4 Vlan4 active 6 Vlan6 active
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
62

Athena2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 Vlan3 active 5 Vlan5 active 7 Vlan7 active Mc d switch Athena2 c s configuration revision ln hn nhng cc vlan ca Athena1 vn khng b xa v Athena1 cng khng bit c cc Vlan ca Athena2. iu ny ng ngha vi hai switch khng chuyn i thng tin vlan cho nhau. Do switch Athena1 c VTP password l cisco cn Athena2 l cisco1. By gi chng ta tho cp ni hai port fa0/1 ca hai switch ra ri vo switch Athena2 cu hnh li VTP password l cisco. Sau khi cu hnh li chng ta kim tra s configuration revision ca hai switch Athena1#sh vtp status VTP Version :2 Configuration Revision :2 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Athena VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xDC 0x72 0x0C 0xDF 0x21 0x03 0x77 0xE6 Configuration last modified by 0. 0. 0. 0 at 3-1-93 00 : 21 : 40 Local updater ID is 0. 0. 0. 0 (no valid interface found) Athena2#sh vtp status VTP Version :2 Configuration Revision :4 Maximum VLANs supported locally : 68 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Athena VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD9 0xBA 0xC8 0x6A 0x7A 0x2C 0x1C 0xE6
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
63

Configuration last modified by 0. 0. 0. 0 at 3-1-93 00 : 08 : 14 By gi chng ta ni cp gia hai port fa0/1, kim tra li vlan ca c hai switch Athena1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active 3 Vlan3 active 5 Vlan5 active 7 Vlan7 active Athena2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 Vlan3 active 5 Vlan5 active 7 Vlan7 active Cc vlan ca Athena1 b mt, thay vo l Athena1 c cc Vlan ca Athena2. T cc kt qu trn ta c th thy tc dng ca VTP password : nu hai switch cng VTP domain nhng khc password th s khng truyn thng tin vlan cho nhau.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
64

Phn 3
nh tuyn cho Router
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
65

Bi 1
nh tuyn tnh (Static route)

1. Gii thiu : nh tuyn (Routing) l 1 qu trnh m Router thc thi v s chuyn mt gi tin(Packet) t mt a ch ngun (soucre)n mt a ch ch(destination) trong mng. Trong qu trnh ny Router phI da vo nhng thng tin nh tuyn a ra nhng quyt nh nhm chuyn gi tin n nhng a ch ch nh trc. C hai loI nh tuyn c bn l nh tuyn tnh (Static Route) v nh tuyn ng (Dynamic Route) nh tuyn t nh (Static Route) l 1 qu trnh nh tuyn m thc hin bn phI cu hnh bng tay(manually) tng a ch ch c th cho Router. Mt dng mc nh ca nh tuyn tnh l Default Routes, dng ny c s dng cho cc mng ct (Stub Network) nh tuyn ng (Dynamic Route) y m mt dng nh tuyn m khi c cu hnh dng ny, Router s s dng nhng giao thc nh tuyn nh RIP(Routing Information Protocol), OSPF(Open Shortest Path Frist), IGRP(Interior Gateway Routing Protocol) thc thi vic nh tuyn mt cch t ng (Automatically) m bn khng phi cu hnh trc tip bng tay. 2. M t bi lab v hnh :
hnh bi lab nh hnh, PC ni vi router bng cp cho. Hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh hnh v. Bi lab ny gip bn thc hin cu hnh nh tuyn tnh cho 2 router, lm cho 2 router c kh nng nhn thy c nhau v c cc mng con trong n. 3. Cu hnh nh tuyn tnh (Static Route) Chng ta cu hnh cho cc router v PC nh sau :
Router Athena1
hostname Athena1 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger ! 66
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

no ip dhcp-client network-discovery ! interface Ethernet0 ip address 10. 0. 0. 1 255. 255. 255. 0 ! interface Serial0 ip address 192. 168. 0. 1 255. 255. 255. 0 ! interface Serial1 no ip address shutdown ! ip kerberos source-interface any ip classless ip http server ! line con 0 transport input none line aux 0 line vty 0 4 ! end
Router Athena2
hostname Athena2 ! ip subnet-zero ! interface Ethernet0 ip address 10. 0. 1. 1 255. 255. 255. 0 ! interface Serial0 ip address 192. 168. 0. 2 255. 255. 255. 0 clockrate 56000 ! interface Serial1 no ip address shutdown ! ip classless ip http server ! line con 0 line aux 0 line vty 0 4 !
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
67

end Host 1 : IP 10. 0. 0. 2 Subnetmask : 255. 255. 255. 0 Gateway : 10. 0. 0. 1 Host 2 : IP : 10. 0. 1. 2 Subnetmask : 255. 255. 255. 0 Gateway : 10. 0. 1. 1 Chng ta tin hnh kim tra cc kt ni bng cch : Ping t Host1 sang a ch 10. 0. 0. 1
Ping t Host 1 sang a ch 192. 168. 0. 1
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
68

M ch debug ti Router Athena2 athena2#debug ip packet IP packet debugging is on Thc hin li lnh ping trn ta thy athena2# 00 : 33 : 59 : IP : s=10. 0. 0. 2 (Serial0), d=192. 168. 0. 2 (Serial0), len 60, rcvd 3 00 : 33 : 59 : IP : s=192. 168. 0. 2 (local), d=10. 0. 0. 2, len 60, unroutable 00 : 34 : 04 : IP : s=10. 0. 0. 2 (Serial0), d=192. 168. 0. 2 (Serial0), len 60, rcvd 3 00 : 34 : 04 : IP : s=192. 168. 0. 2 (local), d=10. 0. 0. 2, len 60, unroutable 00 : 34 : 09 : IP : s=10. 0. 0. 2 (Serial0), d=192. 168. 0. 2 (Serial0), len 60, rcvd 3 00 : 34 : 09 : IP : s=192. 168. 0. 2 (local), d=10. 0. 0. 2, len 60, unroutable 00 : 34 : 14 : IP : s=10. 0. 0. 2 (Serial0), d=192. 168. 0. 2 (Serial0), len 60, rcvd 3 00 : 34 : 14 : IP : s=192. 168. 0. 2 (local), d=10. 0. 0. 2, len 60, unroutable Ping t Host 1 sang a ch 10. 0. 1. 1
M ch debug ti Router Athena1 athena1#debug ip packet IP packet debugging is on Thc hin li lnh Ping : athena1# 00 : 36 : 41 : IP : s=10. 0. 0. 2 (Ethernet0), d=10. 0. 1. 1, len 60, unroutable 00 : 36 : 41 : IP : s=10. 0. 0. 1 (local), d=10. 0. 0. 2 (Ethernet0), len 56, sending 00 : 36 : 42 : IP : s=10. 0. 0. 2 (Ethernet0), d=10. 0. 1. 1, len 60, unroutable 00 : 36 : 42 : IP : s=10. 0. 0. 1 (local), d=10. 0. 0. 2 (Ethernet0), len 56, sending 00 : 36 : 43 : IP : s=10. 0. 0. 2 (Ethernet0), d=10. 0. 1. 1, len 60, unroutable 00 : 36 : 43 : IP : s=10. 0. 0. 1 (local), d=10. 0. 0. 2 (Ethernet0), len 56, sending 00 : 36 : 44 : IP : s=10. 0. 0. 2 (Ethernet0), d=10. 0. 1. 1, len 60, unroutable 00 : 36 : 44 : IP : s=10. 0. 0. 1 (local), d=10. 0. 0. 2 (Ethernet0), len 56, sending Lnh Ping trng hp ny khng thc hin thnh cng, ta dng lnh debug ip packet m ch debug ti 2 Router, ta thy Router Athena 2 vn nhn c gi packet t host1 khi ta ping a ch
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
69

192. 168. 0. 2, tuy nhin do host 1 khng lin kt trc tip vi Router Athena 2 nn gi Packet ICMP tr v lnh ping khng c a ch ch, do vy gi Packet ny b hy, iu ny dn n lnh Ping khng thnh cng. trng hp ta ping t Host1 sang a ch 10. 0. 1. 1 gi packet b mt ngay ti router athena1 v Router athena1 khng xc nh c a ch ch cn n trong bng nh tuyn(a ch ny khng lin kt trc tip vi Router athena1). Ta so snh v tr Unroutable trong kt qu debug packet 2 cu lnh ping trn thy c s khc nhau. thc hin thnh cng kt ni ny, ta phi thc hin cu hnh Static Route cho Router Athena1 v Router Athena2 nh sau : athena1(config)#ip route 10. 0. 1. 0 255. 255. 255. 0 s0 athena1(config)#exit
Bn thc hin lnh Ping t Host1 sang Host 2
Bn thc hin lnh Ping t Router Athena2 sang Host1 athena2#ping 10. 0. 0. 2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. 0. 0. 2, timeout is 2 seconds : ..... Success rate is 0 percent (0/5) thc hin thnh cng lnh Ping ny bn phi thc hin cu hnh Static route cho Router athena 2 nh sau Athena2(config)#ip route 10. 0. 0. 0 255. 255. 255. 0 s0 Athena2(config)#^Z Lc ny t Host2 bn c th Ping thy cc a ch Trn Router Athena 1 v Host1
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
70

Chng ta kim tra bng nh tuyn ca cc router bng lnh show ip route athena1#show ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C S C 10. 0. 0. 0/24 is subnetted, 2 subnets 10. 0. 0. 0 is directly connected, Ethernet0 10. 0. 1. 0 is directly connected, Serial0 192. 168. 0. 0/24 is directly connected, Serial0 S biu th nhng kt ni thng qua nh tuyn tnh C biu th nhng kt ni trc tip Athena2#show ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 71
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

* - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set S C C 10. 0. 0. 0/24 is subnetted, 2 subnets 10. 0. 0. 0 is directly connected, Serial0 10. 0. 1. 0 is directly connected, Ethernet0 192. 168. 0. 0/24 is directly connected, Serial0
Thc hin lnh Show run ti Router xem li cu hnh nh tuyn : athena1#show run Building configuration. . . ip kerberos source-interface any ip classless ip route 10. 0. 1. 0 255. 255. 255. 0 Serial0 ip http server ! end athena2#show run Building configuration. . . ip classless ip route 10. 0. 0. 0 255. 255. 255. 0 Serial0 ip http server ! End Bn thc hin thnh cng vic nh tuyn cho 2 Router kt ni c vi nhau c cc mng con ca chng, bn cng c th m rng hnh ra thm vi 3, 4 hay 5 hop thc hnh vic cu hnh nh tuyn tnh tuy nhin bn thy r vic cu hnh ny tng i rc ri v di dng nht l i vi mi trng Internet bn ngoi, v vy bn s phi thc hin vic cu hnh nh tuyn ng cho Router bi sau.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
72

Bi 2
RIP( Routing Information Protocol)

1. Gii thiu : RIP (Routing Information Protocol) l mt giao thc nh tuyn dng qung b thng tin v a ch m mnh mun qung b ra bn ngoi v thu thp thng tin hnh thnh bng nh tuyn (Routing Table)cho Router. y l loi giao thc Distance Vector s dng tiu ch chn ng ch yu l da vo s hop (hop count) v cc a ch m Rip mun qung b c gi i dng Classful (i vi RIP verion 1) v Classless (i vi RIP version 2). V s dng tiu ch nh tuyn l hop count v b gii hn s hop l 15 nn giao thc ny ch c s dng trong cc mng nh (di 15 hop).
2. M t bi lab v hnh :
Cc PC ni vi router bng cp cho, hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh trn hnh. Bi thc hnh ny gip bn thc hin c vic cu hnh cho mng c th lin lc c vi nhau bng giao thc RIP
3. Cu hnh : Trc tin bn cu hnh cho cc thit b nh sau :
Router Athena1
Athena1#show run Building configuration. . . Current configuration : 609 bytes ! version 12. 2 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime 73
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

no service password-encryption ! hostname Athena1 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger ! no ip dhcp-client network-discovery ! interface Ethernet0 ip address 10. 0. 0. 1 255. 255. 255. 0 ! interface Serial0 ip address 192. 168. 0. 1 255. 255. 255. 0 no fair-queue clockrate 56000 ! interface Serial1 no ip address shutdown ! ip kerberos source-interface any ip classless ip http server ! line con 0 transport input none line aux 0 line vty 0 4 ! End
Router Athena2
Athena2#show run Building configuration. . . Current configuration : 485 bytes ! version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption !
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
74

hostname Athena2 ! ip subnet-zero ! interface Ethernet0 ip address 11. 0. 0. 1 255. 255. 255. 0 ! interface Serial0 ip address 192. 168. 0. 2 255. 255. 255. 0 ! interface Serial1 no ip address shutdown ! ip classless ip http server ! line con 0 line aux 0 line vty 0 4 ! End
Host1 :
IP 10. 0. 0. 2 Subnet mask : 255. 255. 255. 0 Gateway : 10. 0. 0. 1
Host2 :
IP : 11. 0. 0. 2 Subnet mask : 255. 255. 255. 0 Gateway : 11. 0. 0. 1 Bn thc hin vic kim tra cc kt ni bng lnh Ping Ping t Host1 sang a ch 10. 0. 0. 1
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
75

Ping t Host1 sang a ch 192. 168. 0. 2
i vi Host 1 bn khng th Ping thy a ch 192. 168. 0. 2 Bn thc hin vic kim tra tng t Host 2 Ping a ch 11. 0. 0. 1
Ping a ch 192. 168. 0. 2
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
76

Ping a ch 192. 168. 0. 1
Thc hin cc lnh Ping t Router Athena1 : Athena1#ping 192. 168. 0. 2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192. 168. 0. 2, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms Athena1#ping 11. 0. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11. 0. 0. 1, timeout is 2 seconds : ..... Success rate is 0 percent (0/5) Thc hin cc lnh Ping t Router Athena2 Athena2#ping 192. 168. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192. 168. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms Athena2#ping 10. 0. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. 0. 0. 1, timeout is 2 seconds : ..... 77
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Success rate is 0 percent (0/5) Bn xem bng thng tin nh tuyn ca tng Router (dng lnh Show ip route) Athena1#show ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C C 10. 0. 0. 0/24 is subnetted, 1 subnets 10. 0. 0. 0 is directly connected, Ethernet0 192. 168. 0. 0/24 is directly connected, Serial0
Athena2#show ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C C 11. 0. 0. 0/24 is subnetted, 1 subnets 11. 0. 0. 0 is directly connected, Ethernet0 192. 168. 0. 0/24 is directly connected, Serial0
Nhn xt : Bn thy rng thng tin a ch ca cc mng m bn thc hin lnh Ping khng thnh cng khng c lu trn bng nh tuyn
Bn thc hin vic cu hnh RIP cho cc Router nh sau : Athena1(config)#router rip Athena1(config-router)#network 192. 168. 0. 0 Athena1(config-router)#network 10. 0. 0. 0 Athena1(config-router)#exit Athena2(config)#router rip Athena2(config-router)#network 11. 0. 0. 0 Athena2(config-router)#network 192. 168. 0. 0 Athena2(config-router)#exit Bn xem li bng thng tin nh tuyn : 78
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Athena1#show ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C R C 10. 0. 0. 0/24 is subnetted, 1 subnets 10. 0. 0. 0 is directly connected, Ethernet0 11. 0. 0. 0/8 [120/1] via 192. 168. 0. 2, 00 : 00 : 00, Serial0 192. 168. 0. 0/24 is directly connected, Serial0
Athena2#show ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 10. 0. 0. 0/8 [120/1] via 192. 168. 0. 1, 00 : 00 : 23, Serial0 11. 0. 0. 0/24 is subnetted, 1 subnets C 11. 0. 0. 0 is directly connected, Ethernet0 C 192. 168. 0. 0/24 is directly connected, Serial0 Nhn xt : Bn thy rng trn bng thng tin nh tuyn, Router Athena 1 lin kt RIP vi mng 11. 0. 0. 0/8 qua cng Serial 0(192. 168. 0. 2) v Router Athena2 lin kt vi mng 10. 0. 0. 0/8 qua cng Serial 0(192. 168. 0. 1) Ch : V Rip gi i ch theo dng classfull nn subnet mask s c s dng defaul i vi cc lp mng. Lc ny bn thc hin li lnh Ping gia cc Router v cc Host : T Host1 bn thc hin lnh Ping :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
79

T Host 2 bn thc hin lnh Ping :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
80

Bn thy rng cc kt ni thnh cng. n y bn hon tt vic cu hnh RIP cho mng trn c th trao i thng tin vi nhau. Nhng tm hiu r hn v RIP bn thc hin tip tc cc bc cu hnh nh sau : Bn gi nguyn cu hnh ca Router Athena 1 v thay i cu hnh ca Router Athena 2 t RIP version 1 sang RIP version 2 v kim tra :
Athena2(config)#router rip Athena2(config-router)#ver 2 Bn m ch debug trn 2 Router kim tra gi tin : Athena1#debug ip packet IP packet debugging is on Athena2#debug ip packet IP packet debugging is on Lc ny bn thc hin lnh Ping t Host 1 vo cc a ch khng lin kt trc tip vi n c chy RIP
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
81

Athena2# 01 : 49 : 58 : IP : s=10. 0. 0. 2 (Serial0), d=192. 168. 0. 2 (Serial0), len 60, rcvd 3 01 : 49 : 58 : IP : s=192. 168. 0. 2 (local), d=10. 0. 0. 2, len 60, unroutable 01 : 50 : 03 : IP : s=10. 0. 0. 2 (Serial0), d=192. 168. 0. 2 (Serial0), len 60, rcvd 3 01 : 50 : 03 : IP : s=192. 168. 0. 2 (local), d=10. 0. 0. 2, len 60, unroutable 01 : 50 : 08 : IP : s=10. 0. 0. 2 (Serial0), d=192. 168. 0. 2 (Serial0), len 60, rcvd 3 01 : 50 : 08 : IP : s=192. 168. 0. 2 (local), d=10. 0. 0. 2, len 60, unroutable 01 : 50 : 13 : IP : s=10. 0. 0. 2 (Serial0), d=192. 168. 0. 2 (Serial0), len 60, rcvd 3 01 : 50 : 13 : IP : s=192. 168. 0. 2 (local), d=10. 0. 0. 2, len 60, unroutable
Athena2# 01 : 55 : 30 : IP : s=10. 0. 0. 2 (Serial0), d=11. 0. 0. 1, len 60, rcvd 4 01 : 55 : 30 : IP : s=11. 0. 0. 1 (local), d=10. 0. 0. 2, len 60, unroutable 01 : 55 : 35 : IP : s=10. 0. 0. 2 (Serial0), d=11. 0. 0. 1, len 60, rcvd 4 01 : 55 : 35 : IP : s=11. 0. 0. 1 (local), d=10. 0. 0. 2, len 60, unroutable 01 : 55 : 40 : IP : s=10. 0. 0. 2 (Serial0), d=11. 0. 0. 1, len 60, rcvd 4 01 : 55 : 40 : IP : s=11. 0. 0. 1 (local), d=10. 0. 0. 2, len 60, unroutable Nhng d liu khi bn m ch debug cho thy khi bn thc hin lnh Ping t Host1 n cc a ch nh : 192. 168. 0. 2 v 11. 0. 0. 1 gi tin u nhn c ti im ch, tuy nhin gi tin tr v ti a ch ny khng tm c a ch 10. 0. 0. 2(Host1) t bng nh tuyn ca Router Athena 2(unroutable) do Router ny c cu hnh RIP version 2 Athena2#show ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 82
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

* - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 11. 0. 0. 0/24 is subnetted, 1 subnets C 11. 0. 0. 0 is directly connected, Ethernet0 C 192. 168. 0. 0/24 is directly connected, Serial0 Nhn xt : Mng 10. 0. 0. 0 khng cn tn ti trong bng nh tuyn Bn thc hin lnh Ping t Router Athena2 sang cc a ch ca Router Athena1 athena2#ping 10. 0. 0. 2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. 0. 0. 2, timeout is 2 seconds : ..... Success rate is 0 percent (0/5) Bn thc hin vic kim tra bng lnh Show ip route Athena1#show ip 01 : 46 : 50 : IP : s=192. 168. 0. 2 (Serial0), d=224. 0. 0. 9, len 52, rcvd 2route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C R C 10. 0. 0. 0/24 is subnetted, 1 subnets 10. 0. 0. 0 is directly connected, Ethernet0 11. 0. 0. 0/8 [120/1] via 192. 168. 0. 2, 00 : 00 : 05, Serial0 192. 168. 0. 0/24 is directly connected, Serial0
Bn thy tuy ti bng nh tuyn ca Router Athena1 vn cn lu li a ch ca mng 11. 0. 0. 0 nhng v Router Athena2 khng tm thy a ch ca mng 10. 0. 0. 0 nn gi tin khng thc hin gi c. iu ny cho bn thy giao thc RIP Version 2 khng h tr tng thch ngc cho giao thc RIP Version 1.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
83

Bi 3
Cu hnh IGRP LOAD BALANCING

1. Gii thiu : Giao thc IGRP cho php chng ta chia ti khi c nhiu hn mt route n cng mt ch. Tin ch ny gip chng ta to ra mt route d phng cho route ang s dng. IGRP cp nhp route vo bng nh tuyn (trong trng hp c nhiu route n cng mt ch) da vo nguyn tc : nu route no c metric nh hn h s nhn (ca cu lnh variance (multiplier)) nhn vi metric nh nht ca cc ng th s c cp nht; ngc li, nu ln hn th s khng c cp nht. Mc nh h s nhn ny c thit lp bng 1 do ch c duy nht mt route c cp nht. (Cc tnh metric ca giao thc IGRP c cp mc 5) thay i h s nhn, chng ta s dng lnh : variance (multiplier) 2. M t bi lab v hnh :
hnh bi lab nh hnh trn. Cc cng serial ni vi nhau bng cp serail, cng ethernet ni vi nhau bng cp cho. Hai router Athena1 v Athena3 c cu hnh thm interface loopback 0. 3. Mc tiu ca bi lab : Phi cu hnh sao cho router Athena1 c 2 route qua mng 14. 1. 0. 0 ca router Athena3 v vic truyn d liu qua mng 14. 1. 0. 0 phi c chia ra trn 2 route . 4. Cu hnh router : Athena1#sh run Building configuration. . . 84
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Current configuration : 733 bytes version 12. 2 hostname Athena1 interface Loopback0 ip address 10. 1. 0. 1 255. 255. 255. 0 interface Ethernet0 ip address 12. 1. 0. 1 255. 255. 255. 0 interface Serial0 ip address 11. 1. 0. 1 255. 255. 255. 0 no fair-queue clockrate 64000 router igrp 1 network 10. 0. 0. 0 network 11. 0. 0. 0 network 12. 0. 0. 0 end Athena2#sh run Building configuration. . . Current configuration : 510 bytes version 12. 1 hostname Athena2 interface Ethernet0 ip address 12. 1. 0. 2 255. 255. 255. 0 interface Serial0 ip address 11. 1. 0. 2 255. 255. 255. 0 interface Serial1 ip address 13. 1. 0. 1 255. 255. 255. 0 router igrp 1 network 11. 0. 0. 0 network 12. 0. 0. 0 network 13. 0. 0. 0 end Athena3#sh run Building configuration. . . Current configuration : 546 bytes version 12. 1 hostname Athena3 interface Loopback0 ip address 14. 1. 0. 1 255. 255. 255. 0 interface Serial0 ip address 13. 1. 0. 2 255. 255. 255. 0 clockrate 64000 router igrp 1 network 13. 0. 0. 0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
85

network 14. 0. 0. 0 end Sau khi cu hnh cc router ta kim tra bng nh tuyn ca router Athena1 c kt qu : Athena1#sh ip route Gateway of last resort is not set 10. 0. 0. 0/24 is subnetted, 1 subnets C 10. 1. 0. 0 is directly connected, Loopback0 11. 0. 0. 0/24 is subnetted, 1 subnets C 11. 1. 0. 0 is directly connected, Serial0 12. 0. 0. 0/24 is subnetted, 1 subnets C 12. 1. 0. 0 is directly connected, Ethernet0 I 13. 0. 0. 0/8 [100/8576] via 12. 1. 0. 2, 00 : 01 : 01, Ethernet0 I 14. 0. 0. 0/8 [100/9076] via 12. 1. 0. 2, 00 : 01 : 01, Ethernet0 Router Athena1 ch bit mt ng duy nht n c mng 13. 1. 0. 0/24 v mng 14. 1. 0. 0/24 l qua Ethernet0 mc d ta thc t th c n hai ng n cc mng (qua S0 v E0). Nguyn nhn l h s variance mc nh l 1. Do c c hai ng, ta phi cu hnh li h s variance nh sau : Athena1#conf t Athena1(config)#router igrp 1 Athena1(config-router)#variance 2 Kim tra li bng nh tuyn ca router Athena1 : Athena1#sh ip route Gateway of last resort is not set 10. 0. 0. 0/24 is subnetted, 1 subnets C 10. 1. 0. 0 is directly connected, Loopback0 11. 0. 0. 0/24 is subnetted, 1 subnets C 11. 1. 0. 0 is directly connected, Serial0 12. 0. 0. 0/24 is subnetted, 1 subnets C 12. 1. 0. 0 is directly connected, Ethernet0 I 13. 0. 0. 0/8 [100/8576] via 12. 1. 0. 2, 00 : 00 : 26, Ethernet0 [100/10476] via 11. 1. 0. 2, 00 : 00 : 26, Serial0 I 14. 0. 0. 0/8 [100/9076] via 12. 1. 0. 2, 00 : 00 : 26, Ethernet0 [100/10976] via 11. 1. 0. 2, 00 : 00 : 26, Serial0 Trong bng nh tuyn ca router Athena1 c c hai ng n mng 13. 1. 0. 0/24 v hai ng n mng 14. 1. 0. 0/24 (qua S0 v qua E0). Nguyn nhn l do cc route qua S0 ca Athena1 c metric nh hn variance nhn vi metric nh nht gia hai ng. (Tham kho mc Cch tnh metric ca giao thc IGRP) 10476 < 8576*2 (= 17152) 10976 < 9076*2 (= 18152)
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
86

By gi chng ta s kim tra vic chia ti ca Athena1. Chng ta nhp lnh sh ip route 14. 1. 0. 1 xem route n host 14. 1. 0. 1 : Athena1#sh ip route 14. 1. 0. 1 Routing entry for 14. 0. 0. 0/8 Known via "igrp 1", distance 100, metric 9076 Redistributing via igrp 1 Advertised by igrp 1 (self originated) Last update from 11. 1. 0. 2 on Serial0, 00 : 00 : 02 ago Routing Descriptor Blocks : * 12. 1. 0. 2, from 12. 1. 0. 2, 00 : 00 : 02 ago, via Ethernet0 Route metric is 9076, traffic share count is 1 Total delay is 26000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 11. 1. 0. 2, from 11. 1. 0. 2, 00 : 00 : 02 ago, via Serial0 Route metric is 10976, traffic share count is 1 Total delay is 45000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 Route n host 14. 1. 0. 1 c hai ng (c t m) v du * nh du route s s dng cho ln gi d liu k. T router Athena1, ta nhp lnh ping 14. 1. 0. 1 Athena1#ping 14. 1. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14. 1. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms Xem li route n host 14. 1. 0. 1 bng lnh sh ip route 14. 1. 0. 1. Lc ny ta thy route th hai c nh du do router thc hin vic chia ti qua hai ng n mng 14. 1. 0. 0/24 Athena1#sh ip route 14. 1. 0. 1 Routing entry for 14. 0. 0. 0/8 Known via "igrp 1", distance 100, metric 9076 Redistributing via igrp 1 Advertised by igrp 1 (self originated) Last update from 11. 1. 0. 2 on Serial0, 00 : 00 : 17 ago Routing Descriptor Blocks : 12. 1. 0. 2, from 12. 1. 0. 2, 00 : 00 : 18 ago, via Ethernet0 Route metric is 9076, traffic share count is 1 Total delay is 26000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 * 11. 1. 0. 2, from 11. 1. 0. 2, 00 : 00 : 17 ago, via Serial0 Route metric is 10976, traffic share count is 1 Total delay is 45000 microseconds, minimum bandwidth is 1544 Kbit
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
87

Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 By gi chng ta s kho st vic cp nht route vo bng nh tuyn nu nh c nhiu hn route n cng mt ch. Chng ta s kho st bng cch thay i metric ca route qua S0. Cu hnh nh sau : Athena1#conf t Athena1(config)#in s0 Athena1(config-if)#bandwidth 56 Cu hnh bandwidth ca S0 bng 56 kbps
Xem li bng nh tuyn ca router Athena1 : Athena1#sh ip route Gateway of last resort is not set 10. 0. 0. 0/24 is subnetted, 1 subnets C 10. 1. 0. 0 is directly connected, Loopback0 11. 0. 0. 0/24 is subnetted, 1 subnets C 11. 1. 0. 0 is directly connected, Serial0 12. 0. 0. 0/24 is subnetted, 1 subnets C 12. 1. 0. 0 is directly connected, Ethernet0 I 13. 0. 0. 0/8 [100/8576] via 12. 1. 0. 2, 00 : 00 : 03, Ethernet0 I 14. 0. 0. 0/8 [100/9076] via 12. 1. 0. 2, 00 : 00 : 03, Ethernet0 Router Athena1 gi ch cn duy nht mt ng n mng 13. 1. 0. 0/24 v mt ng n mng 14. 1. 0. 0/24. Do lc ny route n hai mng qua S0 ca Athena1 c metric ln hn variance nhn vi metric nh nht gia hai ng. 5. Cch tnh metric ca giao thc IGRP : Metric = [K1 * Bandwidth + (K2 * Bandwidth)/(256load) + K3*Delay] * [K5/(reliability + K4)] K1 : ng vi Bandwidth K3 : ng vi Delay Nu K5 = 0 th [K5/(reliability + K4)] khng dng trong cng thc. Mc nh K1 = K3 = 1, K2 = K4 = K5 = 0. Khi cng thc l : Metric = Bandwidth + Delay Xc nh Bandwidth trong cng thc trn, ta ly 10000000 chia cho gi tr bandwidth nh nht. Gi tr delay c xc nh bng cch ly tng gi tr delay chia 10. Gi tr bandwidth nh nht v tng gi tr delay c tm thy trong kt qu ca cc cu lnh show ip interface v show ip route ip address V d : Athena1#sh ip route 14. 1. 0. 1 Routing entry for 14. 0. 0. 0/8 Routing Descriptor Blocks : * 12. 1. 0. 2, from 12. 1. 0. 2, 00 : 00 : 02 ago, via Ethernet0 (1)
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
88

Route metric is 9076, traffic share count is 1 Total delay is 26000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 11. 1. 0. 2, from 11. 1. 0. 2, 00 : 00 : 02 ago, via Serial0 (2) Route metric is 10976, traffic share count is 1 Total delay is 45000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 Kt qu : Metric ca route (1) = 10000000/1544 + 26000/10 = 9076 Metric ca route (2) = 10000000/1544 + 45000/10 = 10976
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
89

Bi 4
DISCONTIGOUS NETWORKS
1. Gii thiu : Discontigous network l mt h thng mng c subnets ging nh subnet ca cc mng khc, nhiu h thng mng cng subnet trong Rip th khng th chy Rip c. y l li trong Rip nu cu hnh trng Subnet trong h thng mng. Vn ny c gii quyt bng cch cu hnh bng EIGRP hoc OSPF. 2. M t bi lab v hnh :
Cc PC ni vi router bng cp cho, hai router ni vi nhau bng cp serial. a ch IP ca cc interface c cho trn hnh v. Hai router Athena1, Athena2 c cu hnh interface loopback 0, loopback 1. y l dng mng discontigous. Khi s dng giao thc classful (RIP, IGRP) th hai router s khng bit c mng ca cc loopback ca nhau. Do cc giao thc classful s dng default subnet mask qung b mng nn cc router s khng phn bit c cc mng 12. 1. 2. 0/24, 12. 1. 3. 0/24, 12. 1. 0. 0/24 v 12. 1. 1. 0/24. 3. Cu hnh : Chng ta cu hnh cho cc router nh sau Router Athena1 Building configuration. . . Current configuration : 625 bytes ! version 12. 1 hostname Athena1 ! interface Loopback0 ip address 12. 1. 2. 1 255. 255. 255. 0 ! interface Loopback1 ip address 12. 1. 3. 1 255. 255. 255. 0 ! interface Serial0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
90

ip address 11. 1. 0. 2 255. 255. 255. 0 ! router rip network 11. 0. 0. 0 network 12. 0. 0. 0 end ng mng ca a ch 12. 1. 2. 1/24 & 12. 1. 3. 1/24 thuc lp A nn c hiu l 12. 0. 0. 0, cng vy 11. 1. 0. 2/24 cng c hiu l 11. 0. 0. 0 nn chng s b trng lp a ch mng vi nhau v l nghuyn nhn khng th hiu nhau. Router Athena2 Building configuration. . . Current configuration : 747 bytes ! version 12. 1 ! hostname Athena2 ! interface Loopback0 ip address 12. 1. 0. 1 255. 255. 255. 0 interface Loopback1 ip address 12. 1. 1. 1 255. 255. 255. 0 ! interface Serial0 ip address 11. 1. 0. 1 255. 255. 255. 0 no fair-queue clockrate 64000 ! router rip network 11. 0. 0. 0 network 12. 0. 0. 0 ! end ng mng ca a ch 12. 1. 2. 1/24 & 12. 13. 1/24 thuc lp A nn c hiu l 12. 0. 0. 0, cng vy 11. 1. 0. 2/24 cng c hiu l 11. 0. 0. 0. Nn chng s b trng lp da ch mng vi nhau va l nghuyn nhn khng th hiu nhau. Chng ta kim tra li bng nh tuyn ca cc router bng cu lnh show ip route Athena2#sh ip route Gateway of last resort is not set 11. 0. 0. 0/24 is subnetted, 1 subnets C 11. 1. 0. 0 is directly connected, Serial0 12. 0. 0. 0/24 is subnetted, 2 subnets C 12. 1. 1. 0 is directly connected, Loopback1 C 12. 1. 0. 0 is directly connected, Loopback0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
91

Athena1#sh ip route Gateway of last resort is not set 11. 0. 0. 0/24 is subnetted, 1 subnets C 11. 1. 0. 0 is directly connected, Serial0 12. 0. 0. 0/24 is subnetted, 2 subnets C 12. 1. 3. 0 is directly connected, Loopback1 C 12. 1. 2. 0 is directly connected, Loopback0
Athena1#debug ip rip RIP event debugging is on 00 : 20 : 15 : RIP : sending v1 update to 255. 255. 255. 255 via Loopback0 (12. 1. 2. 1) 00 : 20 : 15 : RIP : Update contains 2 routes 00 : 20 : 15 : RIP : Update queued 00 : 20 : 15 : RIP : sending v1 update to 255. 255. 255. 255 via Loopback1 (12. 1. 3. 1) 00 : 20 : 15 : RIP : Update contains 2 routes 00 : 20 : 15 : RIP : Update queued 00 : 20 : 15 : RIP : sending v1 update to 255. 255. 255. 255 via Serial0 (11. 1. 0. 2) 00 : 20 : 15 : RIP : Update contains 1 routes 00 : 20 : 15 : RIP : Update queued 00 : 20 : 15 : RIP : Update sent via Loopback0 00 : 20 : 15 : RIP : Update sent via Loopback1 00 : 20 : 15 : RIP : Update sent via Serial0 00 : 20 : 27 : RIP : received v1 update from 11. 1. 0. 1 on Serial0 00 : 20 : 27 : RIP : Update contains 1 routes 00 : 20 : 44 : RIP : sending v1 update to 255. 255. 255. 255 via Loopback0 (12. 1. 2. 1) 00 : 20 : 44 : RIP : Update contains 2 routes 00 : 20 : 44 : RIP : Update queued 00 : 20 : 44 : RIP : sending v1 update to 255. 255. 255. 255 via Loopback1 (12. 1. 3. 1) 00 : 20 : 44 : RIP : Update contains 2 routes 00 : 20 : 44 : RIP : Update queued 00 : 20 : 44 : RIP : sending v1 update to 255. 255. 255. 255 via Serial0 (11. 1. 0. 2) 00 : 20 : 44 : RIP : Update contains 1 routes 00 : 20 : 44 : RIP : Update queued 00 : 20 : 44 : RIP : Update sent via Loopback0 00 : 20 : 44 : RIP : Update sent via Loopback1 00 : 20 : 44 : RIP : Update sent via Serial0 Athena1#un all All possible debugging has been turned off Ngay ti Athena1 ta ping qua a ch 12. 1. 0. 1 ca Athena2 s khng th thy c v bn thn n cng thuc trng subnet. y l hn ch ca giao thc Rip m ch c th gii quyt c bng cch dng cu hnh OSPF, EIGRP. Athena1# ping 12. 1. 3. 1 Type escape sequence to abort.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
92

Sending 5, 100-byte ICMP Echos to 12. 1. 0. 1, timeout is 2 seconds : ..... Success rate is 0 percent (0/5) Athena1#ping 12. 1. 1. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12. 1. 1. 1, timeout is 2 seconds : ..... Success rate is 0 percent (0/5) Khng th thy nhau l iu tt yu. v cc a ch mng b trng lp ! Gii php cho vn ny l thay i hai a ch Loopback ca Router Athena1 li thnh 12. 1. 2. 1/24 13. 1. 0. 1/24 v 12. 1. 3. 1/24 14. 1. 1. 1/24 y n gin bi lab cng nh hiu vn d hn, chng ta s cu hnh li bi nh hnh sau :
hai router Athena1, Athena2 chng ta ch cu hnh interface loopback 0, khng cu hnh interface loopback1. Router(config)#hostname Athena2 Athena2(config)#interface serial 0 Athena2(config-if)#ip address 11. 1. 0. 1 255. 255. 255. 0 Athena2(config-if)#no shut 00 : 03 : 25 : %LINK-3-UPDOWN : Interface Serial0, changed state to up Athena2(config-if)# 00 : 03 : 26 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Serial0, changed state to up Athena2 (config)#interface lo 0 Athena2(config-if)#ip address 12. 1. 3. 1 255. 255. 255. 0 Athena2(config-if)#no shut 00 : 09 : 11 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Loopback0, changed state to up Athena2 (config)#router rip Athena2(config-router)#network 11. 1. 0. 0 Athena2 (config-router)#network 12. 1. 3. 0 Router(config)#hostname Athena1 Athena1(config)#interface s0 Athena1(config-if)#ip address 11. 1. 0. 2 255. 255. 255. 0 Athena1(config-if)#no shut Athena1(config)#interface lo0 Athena1(config-if)#ip address 13. 1. 0. 1 255. 255. 255. 0 Athena1(config-if)#no shut 93
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Athena1(config)#router rip Athena1(config-router)#net Athena1(config-router)#network 11. 1. 0. 0 Athena1(config-router)#network 13. 1. 0. 1 Athena1(config-router)#^Z Router(config)#hostname Athena1 Athena1(config-if)#ip address 11. 1. 0. 1 255. 255. 255. 0 Athena1 (config-if)#no shut Athena1(config-if)#clock rate 64000 Athena1#sh ip route Gateway of last resort is not set 11. 0. 0. 0/24 is subnetted, 1 subnets C 11. 1. 0. 0 is directly connected, Serial0 12. 0. 0. 0/24 is subnetted, 1 subnets C 12. 1. 3. 0 is directly connected, Loopback0 R 13. 0. 0. 0/8 [120/1] via 11. 1. 0. 2, 00 : 00 : 10, Serial0 Athena1#ping 13. 1. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13. 1. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms Athena1#ping 12. 1. 3. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12. 1. 3. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms Nhn xt : ton mng lc ny lin lc c vi nhau. Ngoi ra chng ta c th gii quyt vn trn bng cch thay i a ch IP ca Loopback 0 router Athena2 tng t nh vy. V by gi chng ta c th gii quyt c vn ca hnh lc u bi lab mt cch d dng ch n gin bng thay i a ch mng ca cc loopback nh v d va ri!
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
94

Bi 5
Redistribute gia RIP v IGRP

1. Gii thiu : Trong bi lab ny, chng ta s cu hnh hai mng - mt s dng RIP version 1, mt sng dng IGRP - lin lc c vi nhau bng cch phn phi cc route qua li gia cc giao thc. RIP version 1 v IGRP c hai u l loi DISTANCE VECTOR. Tuy nhin hai giao thc ny c nhiu im khc nhau nh : Thi gian Update Tnh metric da vo RIP 30 giy Hop count IGRP 90 giy Bng thng (bandwidth), tr (delay), tin cy (reliability), ng ti (load), MTU 4294967295
Gi tr Infinite-Metric 16 2. Cc lnh s dng trong bi : defaultmetric bandwidth delay reliability loading mtu Cu hnh gi tr metric cho tt c cc route c phn phi vo IGRP, EIGRP, OSPF, BGP, EGP redistribute protocol [processid] {level1 | level12 | level2} [metric metricvalue] Phn phi cc route t mt giao thc vo mt giao thc khc route-map map-tag [permit | deny] [sequence-number] nh ngha iu kin phn phi route t mt giao thc vo giao thc khc match ip address {access-list-number [access-list-number. . . | access-list-name. . . ]|accesslist-name [access-list-number. . . | access-list-name] | prefix-list prefix-list-name [prefix-listname. . . ]} Phn phi cc route cho php bi standard access-list, extended access-list 3. M t bi Lab v hnh :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
95

hnh bi lab nh hnh trn, a ch IP ca cc cng c cho trong bng. Hai router Athena1 v Athena4 c to interface Loopback Lo0. Mng 1 v mng 2 s dng hai giao thc truyn dn khc nhau. Mng 1 gm router Athena1 v Athena2 s dng RIP, mng 2 gm router Athena4 s dng IGRP. Ring router Athena3, mng ca cng S1 s dng RIP, mng ca cng S0 s dng IGRP. 4. Mc tiu ca bi lab : Mc tiu ca bi l tt c cc mng con ca hai mng 1 v 2 phi lin lc c vi nhau. 5. Cu hnh router : Chng ta cu hnh cho cc router nh sau : Athena1#sh run Building configuration. . . Current configuration : 691 bytes version 12. 2 hostname Athena1 interface Loopback0 ip address 1. 1. 1. 1 255. 255. 255. 0 interface Serial0 ip address 192. 168. 1. 1 255. 255. 255. 0 clockrate 64000 router rip network 1. 0. 0. 0 network 192. 168. 1. 0 End Athena2#sh run Building configuration. . . 96
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E

Current configuration : 494 bytes version 12. 1 hostname Athena2 interface Serial0 ip address 192. 168. 1. 2 255. 255. 255. 0 interface Serial1 ip address 192. 168. 2. 1 255. 255. 255. 0 router rip network 192. 168. 1. 0 network 192. 168. 2. 0 End Athena3#sh run Building configuration. . . Current configuration : 556 bytes version 12. 1 hostname Athena3 interface Serial0 ip address 192. 168. 3. 1 255. 255. 255. 0 no fair-queue clockrate 64000 interface Serial1 ip address 192. 168. 2. 2 255. 255. 255. 0 clockrate 64000 router rip network 192. 168. 2. 0 router igrp 1 network 192. 168. 3. 0 End Athena4#sh run Building configuration. . . Current configuration : 680 bytes version 12. 1 hostname Athena4 interface Loopback0 ip address 2. 2. 2. 2 255. 255. 255. 0 interface Serial0 ip address 192. 168. 3. 2 255. 255. 255. 0 no fair-queue router igrp 1 network 2. 0. 0. 0 network 192. 168. 3. 0 End
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
97

Sau khi cu hnh nh trn, ta nh lnh show ip route ln lt trn bn router xem bng nh tuyn : Athena1#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1. 0. 0. 0/24 is subnetted, 1 subnets C 1. 1. 1. 0 is directly connected, Loopback0 C 192. 168. 1. 0/24 is directly connected, Serial0 R 192. 168. 2. 0/24 [120/1] via 192. 168. 1. 2, 00 : 00 : 23, Serial0 Athena2#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 1. 0. 0. 0/8 [120/1] via 192. 168. 1. 1, 00 : 00 : 20, Serial0 C 192. 168. 1. 0/24 is directly connected, Serial0 C 192. 168. 2. 0/24 is directly connected, Serial1 Athena3#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 1. 0. 0. 0/8 [120/2] via 192. 168. 2. 1, 00 : 00 : 25, Serial1 I 2. 0. 0. 0/8 [100/8976] via 192. 168. 3. 2, 00 : 00 : 08, Serial0 R 192. 168. 1. 0/24 [120/1] via 192. 168. 2. 1, 00 : 00 : 25, Serial1 C 192. 168. 2. 0/24 is directly connected, Serial1 C 192. 168. 3. 0/24 is directly connected, Serial0 Athena4#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
98

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 2. 0. 0. 0/24 is subnetted, 1 subnets C 2. 2. 2. 0 is directly connected, Loopback0 C 192. 168. 3. 0/24 is directly connected, Serial0 Trong bng nh tuyn ca router Athena1 v Athena2 ch c nhng route chy RIP trong Mng 1, khng c cc route chy IGRP ca Mng 2 (c th l khng thy c cc mng 192. 168. 3. 0 va 2. 0. 0. 0). Tng t, bng nh tuyn ca Athena4 khng c cc route chy RIP ca Mng 1. Nguyn nhn l gia router Athena2 v router Athena3 chy RIP; ngc li gia Athena3 v Athena4 chy IGRP. router Athena4 bit c cc route ca Mng 1 (s dng giao thc RIP), chng ta cn s dng lnh redistribute. Cu lnh ny c dng phn phi cc route ca mt giao thc vo mt giao thc khc ( y l t RIP vo IGRP). router Athena3, ta phn phi cc route ca Mng 1 (s dng RIP) vo Mng 2 (s dng IGRP) nh sau : Athena3(config)#router igrp 1 Athena3(config-router)#redistribute rip Kim tra li bng nh tuyn ca router Athena4 : Athena4#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 2. 0. 0. 0/24 is subnetted, 1 subnets C 2. 2. 2. 0 is directly connected, Loopback0 I 192. 168. 2. 0/24 [100/10476] via 192. 168. 3. 1, 00 : 01 : 06, Serial0 C 192. 168. 3. 0/24 is directly connected, Serial0 Nhn xt : router Athena4 nhn c route ca mng 192. 168. 2. 0 nhng cn hai mng 192. 168. 1. 0 v 1. 0. 0. 0 th khng nhn c. Ta nhp lnh : Athena4#debug ip igrp transactions sau mt khong thi gian ta nhn c thng bo sau : 00 : 40 : 20 : IGRP : received update from 192. 168. 3. 1 on Serial0 00 : 40 : 20 : network 1. 0. 0. 0, metric 4294967295 (inaccessible) 00 : 40 : 20 : network 192. 168. 1. 0, metric 4294967295 (inaccessible)
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E
99

00 : 40 : 20 :
network 192. 168. 2. 0, metric 10476 (neighbor 8476)
Mc d router Athena4 nhn c update ca hai route 1. 0. 0. 0 v 192. 168. 1. 0 nhng b nh du l inaccessible. Nguyn nhn ca li trn l cch tnh metric ca giao thc RIP v IGRP khc nhau. Nh phn gii thiu cp n, RIP s dng hop count tnh metric; cn IGRP s dng bng thng, tr, tin cy, ng ti v MTU tnh metric. Do , gii quyt li ny chng ta phi cu hnh cch tnh metric cho router Athena3 khi phn phi route t RIP sang IGRP. (Tham kho phn Cch tnh metric ca giao thc IGRP trong bi Cu hnh IGRP load balancing bit tnh metric) Cisco cung cp cho ta ba cch thc hin : Cch 1 : cu hnh metric cho tt cc cc route ca bt k giao thc no c phn phi. Cu hnh nh sau : Athena3(config)#router igrp 1 Athena3(config-router)#default-metric 1540 100 255 1 1500 Xem li bng nh tuyn ca router Athena4 : Athena4#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set I 1. 0. 0. 0/8 [100/8593] via 192. 168. 3. 1, 00 : 00 : 00, Serial0 2. 0. 0. 0/24 is subnetted, 1 subnets C 2. 2. 2. 0 is directly connected, Loopback0 I 192. 168. 1. 0/24 [100/8593] via 192. 168. 3. 1, 00 : 00 : 00, Serial0 I 192. 168. 2. 0/24 [100/10476] via 192. 168. 3. 1, 00 : 00 : 00, Serial0 C 192. 168. 3. 0/24 is directly connected, Serial0 Nhn xt : Hai route 1. 0. 0. 0 v 192. 168. 1. 0 c update vo bng nh tuyn ca router Athena4 Metric ca c hai route bng nhau (8593) Khuyt im ca cch cu hnh ny l tt c cc route ca bt k mt giao thc no c phn phi u c gi tr metric bng nhau khng cn bit c route gn hay xa. Do ta khng c c mt gi tr metric chnh xc c. Thc hin thm cc lnh sau : Athena3(config)#router igrp 1 Athena3(config-router)#no default-metric 1540 100 255 1 1500 Athena3(config-router)#no redistribute rip g b default-metric v redistribute rip trc khi ta kho st cch 2. Cch 2 : cu hnh metric cho tng giao thc Cch cu hnh :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R
K N O W L E D G E 100

Athena3(config)#router igrp 1 Athena3(config-router)#redistribute rip metric 1540 100 255 1 1500 Kim tra lai bng nh tuyn ca router Athena4 ta c kt qu nh sau : Athena4#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set I 1. 0. 0. 0/8 [100/8593] via 192. 168. 3. 1, 00 : 00 : 00, Serial0 2. 0. 0. 0/24 is subnetted, 1 subnets C 2. 2. 2. 0 is directly connected, Loopback0 I 192. 168. 1. 0/24 [100/8593] via 192. 168. 3. 1, 00 : 00 : 00, Serial0 I 192. 168. 2. 0/24 [100/10476] via 192. 168. 3. 1, 00 : 00 : 00, Serial0 C 192. 168. 3. 0/24 is directly connected, Serial0 Nhn xt : router Athena4 vn nhn c kt qu nh cch 1 nhng vi cch ny ta c th linh hot hn trong vic cu hnh metric cho tng giao thc c th. Cch 3 : cu hnh metric cho tng route. Cch cu hnh : To access-list 1 cho php mng 1. 0. 0. 0, access-list 2 cho php mng 192. 168. 1. 0 Athena3(config)#access-list 1 permit 1. 0. 0. 0 Athena3(config)#access-list 2 permit 192. 168. 1. 0 Cu hnh mt route map c tn l rip_to_igrp cho php thit lp bandwidth, delay, realibility, load v MTU ( tnh metric ca IGRP) theo cc iu kin sau : Route tha iu kin ca access-list 1 th cc gi tr l 56 100 255 1 1500 Athena3(config)#route-map rip_to_igrp 10 Athena3(config-route-map)#match ip address 1 Athena3(config-route-map)#set metric 56 100 255 1 1500 Athena3(config-route-map)#exit Route tha iu kin ca access-list 2 th cc gi tr l 1000 100 255 1 1500 Athena3(config)#route-map rip_to_igrp 15 Athena3(config-route-map)#match ip address 2 Athena3(config-route-map)#set metric 1000 100 255 1 1500 Athena3(config-route-map)#exit Route khng tha hai iu kin trn th gi tr l 10000 100 255 1 1500 Athena3(config)#route-map rip_to_igrp 20 Athena3(config-route-map)#set metric 10000 100 255 1 1500 Athena3(config-route-map)#exit S dng route map cho tt c cc route c phn phi t RIP sang IGRP Athena3(config)#router igrp 1 Athena3(config-router)#redistribute rip route-map rip_to igrp
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Kim tra li bng nh tuyn ca router Athena4 : Athena4#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set I 1. 0. 0. 0/8 [100/180671] via 192. 168. 3. 1, 00 : 00 : 17, Serial0 2. 0. 0. 0/24 is subnetted, 1 subnets C 2. 2. 2. 0 is directly connected, Loopback0 I 192. 168. 1. 0/24 [100/12100] via 192. 168. 3. 1, 00 : 00 : 17, Serial0 I 192. 168. 2. 0/24 [100/8576] via 192. 168. 3. 1, 00 : 00 : 17, Serial0 C 192. 168. 3. 0/24 is directly connected, Serial0 Trn y, ta ch phn phi route ca RIP vo IGRP. router Athena1 v Athena2 c c cc route trong Mng 2, ta cn phi phn phi cc route ca IGRP vo RIP. phn phi route t IGRP vo RIP, ta cu hnh nh sau : Athena3#conf t Athena3(config)#router rip Athena3(config-router)#redistribute igrp 1 metric 2 Kim tra bng nh tuyn ca router Athena1 v Athena2 : Athena1#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1. 0. 0. 0/24 is subnetted, 1 subnets C 1. 1. 1. 0 is directly connected, Loopback0 R 2. 0. 0. 0/8 [120/3] via 192. 168. 1. 2, 00 : 00 : 04, Serial0 C 192. 168. 1. 0/24 is directly connected, Serial0 R 192. 168. 2. 0/24 [120/1] via 192. 168. 1. 2, 00 : 00 : 05, Serial0 R 192. 168. 3. 0/24 [120/3] via 192. 168. 1. 2, 00 : 00 : 05, Serial0 Athena2#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

P - periodic downloaded static route Gateway of last resort is not set R 1. 0. 0. 0/8 [120/1] via 192. 168. 1. 1, 00 : 00 : 25, Serial0 R 2. 0. 0. 0/8 [120/2] via 192. 168. 2. 2, 00 : 00 : 19, Serial1 C 192. 168. 1. 0/24 is directly connected, Serial0 C 192. 168. 2. 0/24 is directly connected, Serial1 R 192. 168. 3. 0/24 [120/2] via 192. 168. 2. 2, 00 : 00 : 19, Serial1 C hai router cp nht c cc route ca Mng 2 (2. 0. 0. 0 v 192. 168. 3. 0). Lc ny tt c cc mng hon ton lin lc c vi nhau.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 6
Cu hnh OSPF c bn
1. Gii thiu : Giao thc OSPF (Open Shortest Path First) thuc loi link-state routing protocol v c h tr bi nhiu nh sn xut. OSPF s dng thut ton SPF tnh ton ra ng i ngn nht cho mt route. Giao thc OSPF c th c s dng cho mng nh cng nh mt mng ln. Do cc router s dng giao thc OSPF s dng thut ton tnh metric cho cc route ri t xy dng nn hnh ca mng nn tn rt nhiu b nh cng nh hot ng ca CPU router. Nu nh mt mng qu ln th vic ny din ra rt lu v tn rt nhiu b nh. khc phc tnh trng trn, giao thc OSPF cho php chia mt mng ra thnh nhiu area khc nhau. Cc router trong cng mt area trao i thng tin vi nhau, khng trao i vi cc router khc vng. V vy, vic xy dng hnh ca router c gim i rt nhiu. Cc vng khc nhau mun lin kt c vi nhau phi ni vi area 0 (cn c gi l backbone) bng mt router bin. Cc router chy giao thc OSPF gi lin lc vi nhau bng cch gi cc gi Hello cho nhau. Nu router vn cn nhn c cc gi Hello t mt router kt ni trc tip qua mt ng kt ni th n bit c rng ng kt ni v router u xa vn hot ng tt. Nu nh router khng nhn c gi hello trong mt khong thi gian nht nh, c gi l dead interval, th router bit rng router u xa b down v khi router s chy thut ton SPF tnh route mi. Mi router s dng giao thc OSPF c mt s ID nhn dng. Router s s dng a ch IP ca interface loopback cao nht (nu c nhiu loopback) lm ID. Nu khng c loopback no c cu hnh hnh th router s s dng IP cao nht ca cc interface vt l. OSPF c mt s u im l : thi gian hi t nhanh, c h tr bi nhiu nh sn xut, h tr VLSM, c th s dng trn mt mng ln, c tnh n nh cao. 2. Cc cu lnh s dng trong bi lab : router ospf process-id Cho php giao thc OSPF network address wildcard-mask area area-id Qung b mt mng thuc mt area no 3. M t bi lab v hnh :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

hnh bi lab nh hnh v. Cc router c cu hnh cc interface loopback 0. a ch IP ca cc interface c ghi trn hnh. Lu y chng ta s dng subnetmask ca cc mng khc nhau. 4. Cu hnh router : Chng ta cu hnh cc interface cho cc router nh sau : Athena1#sh run Building configuration. . . Current configuration : 592 bytes version 12. 1 hostname Athena1 interface Loopback0 ip address 10. 0. 0. 1 255. 255. 0. 0 interface Serial0 ip address 192. 168. 1. 1 255. 255. 255. 0 end Athena2#sh run Building configuration. . . Current configuration : 667 bytes version 12. 1 hostname Athena2 interface Loopback0 ip address 11. 1. 0. 1 255. 0. 0. 0 interface Serial0 ip address 192. 168. 1. 2 255. 255. 255. 0 no fair-queue clockrate 64000 interface Serial1 ip address 170. 1. 0. 1 255. 255. 0. 0 end
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Athena3#sh run Building configuration. . . Current configuration : 591 bytes version 12. 1 hostname Athena3 interface Loopback0 ip address 12. 1. 0. 1 255. 255. 255. 252 interface Serial0 ip address 170. 1. 0. 2 255. 255. 0. 0 end Sau khi cu hnh interface cho cc router, chng ta tin hnh cu hnh OSPF cho chng nh sau : Athena1(config)#router ospf 1 Athena1(config-router)#net 192. 168. 1. 0 0. 0. 0. 255 area 0 Athena1(config-router)#net 10. 0. 0. 0 0. 0. 255. 255 area 0 Athena2(config)#router ospf 1 Athena2(config-router)#net 192. 168. 1. 0 0. 0. 0. 255 area 0 Athena2(config-router)#net 170. 1. 0. 0 0. 0. 255. 255 area 0 Athena2(config-router)#net 11. 1. 0. 0 0. 255. 255. 255 area 0 Athena3(config)#router ospf 1 Athena3(config-router)#net 170. 1. 0. 0 0. 0. 255. 255 area 0 Athena3(config-router)#net 12. 1. 0. 0 0. 0. 0. 3 area 0 Chng ta cu hnh OSPF cho c ba router trong cng mt area 0 (backbone). Ngoi ra chng ta c th cu hnh OSPF cho c ba router theo cch sau : Athena1(config)#router ospf 1 Athena1(config-router)#net 192. 168. 1. 1 0. 0. 0. 0 area 0 Athena1(config-router)#net 10. 0. 0. 1 0. 0. 0. 0 area 0 Athena2(config)#router ospf 1 Athena2(config-router)#net 192. 168. 1. 2 0. 0. 0. 0 area 0 Athena2(config-router)#net 170. 1. 0. 1 0. 0. 0. 0 area 0 Athena2(config-router)#net 11. 1. 0. 1 0. 0. 0. 0 area 0 Athena3(config)#router ospf 1 Athena3(config-router)#net 170. 1. 0. 2 0. 0. 0. 0 area 0 Athena3(config-router)#net 12. 1. 0. 1 0. 0. 0. 0 area 0 Khi qung b cho OSPF chng ta c th qung b theo hai cch : qung b ng mng (cch u) hoc qung b chnh interface (cch sau). Nu qung b chnh interface th wildcard mask phi l 0. 0. 0. 0 Sau khi qung b cc mng ca cc router xong chng ta kim tra li bng nh tuyn ca cc router bng cu lnh show ip route Athena1#sh ip route Gateway of last resort is not set O 170. 1. 0. 0/16 [110/128] via 192. 168. 1. 2, 01 : 20 : 18, Serial0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

10. 0. 0. 0/16 is subnetted, 1 subnets 10. 0. 0. 0 is directly connected, Loopback0 11. 0. 0. 0/32 is subnetted, 1 subnets O 11. 1. 0. 1 [110/65] via 192. 168. 1. 2, 01 : 20 : 18, Serial0 12. 0. 0. 0/32 is subnetted, 1 subnets O 12. 1. 0. 1 [110/129] via 192. 168. 1. 2, 01 : 20 : 18, Serial0 C 192. 168. 1. 0/24 is directly connected, Serial0 C Athena2#sh ip route Gateway of last resort is not set C 170. 1. 0. 0/16 is directly connected, Serial1 10. 0. 0. 0/32 is subnetted, 1 subnets O 10. 0. 0. 1 [110/65] via 192. 168. 1. 1, 01 : 20 : 38, Serial0 C 11. 0. 0. 0/8 is directly connected, Loopback0 12. 0. 0. 0/32 is subnetted, 1 subnets O 12. 1. 0. 1 [110/65] via 170. 1. 0. 2, 01 : 20 : 38, Serial1 C 192. 168. 1. 0/24 is directly connected, Serial0 Athena3#sh ip route Gateway of last resort is not set C 170. 1. 0. 0/16 is directly connected, Serial0 10. 0. 0. 0/32 is subnetted, 1 subnets O 10. 0. 0. 1 [110/129] via 170. 1. 0. 1, 00 : 00 : 20, Serial0 11. 0. 0. 0/32 is subnetted, 1 subnets O 11. 1. 0. 1 [110/65] via 170. 1. 0. 1, 00 : 00 : 20, Serial0 12. 0. 0. 0/30 is subnetted, 1 subnets C 12. 1. 0. 0 is directly connected, Loopback0 O 192. 168. 1. 0/24 [110/128] via 170. 1. 0. 1, 00 : 00 : 20, Serial0 Nhn xt : cc router bit c tt c cc mng trong hnh ca chng ta. Cc route router bit c nh giao thc OSPF c nh O u route. Trong kt qu trn cc route c in m. By gi chng ta s kim tra li xem cc mng c th lin lc c vi nhau hay cha bng cch ln lt ng trn tng router v ping n cc mng khng ni trc tip vi n. Athena3#ping 11. 1. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11. 1. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms Athena3#ping 10. 0. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11. 1. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/68/108 ms Cc bn lm tng t cho cc mng khc kim tra, v chc chn s ping thy!
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Cu hnh cc mng trong cc area khc nhau : Chng ta s kho st cch cu hnh cc mng c phn b trong nhiu area khc nhau trong mc ny. Trc ht, chng ta kho st nu cu hnh cho mng 12. 1. 0. 0/30 v interface S0 ca Athena3 trong cng area 1 cn cc mng khc vn trong area 0 th ton mng ca chng ta c th lin lc c hay khng ? Do phn trn chng ta cu hnh OSPF cho cng mt vng. Nn by gi chng ta ch cn g b cu hnh OSPF cho router Athena3 v cu hnh li cho n nh yu cu ca cu hi t ra. Cch thc hin nh sau : Athena3(config)#router ospf 1 Athena3(config-router)#no net 170. 1. 0. 0 0. 0. 255. 255 area 0 g b cu hnh cu hnh OSPF c Athena3(config-router)#no net 12. 1. 0. 0 0. 0. 0. 3 area 0 Athena3(config)#router ospf 1 Athena3(config-router)#net 170. 1. 0. 0 0. 0. 255. 255 area 1 Cu hnh cho interface S0 router Athena3 thuc area 1 Athena3(config-router)#net 12. 1. 0. 0 0. 0. 0. 3 area 1 Cu hnh mng 12. 1. 0. 0/30 thuc area 1 Sau khi cu hnh xong chng ta kim tra li bng nh tuyn ca cc router : Athena1#sh ip route Gateway of last resort is not set O 170. 1. 0. 0/16 [110/128] via 192. 168. 1. 2, 00 : 00 : 53, Serial0 10. 0. 0. 0/16 is subnetted, 1 subnets C 10. 0. 0. 0 is directly connected, Loopback0 11. 0. 0. 0/32 is subnetted, 1 subnets O 11. 1. 0. 1 [110/65] via 192. 168. 1. 2, 00 : 00 : 53, Serial0 C 192. 168. 1. 0/24 is directly connected, Serial0 Athena2#sh ip route Gateway of last resort is not set C 170. 1. 0. 0/16 is directly connected, Serial1 10. 0. 0. 0/32 is subnetted, 1 subnets O 10. 0. 0. 1 [110/65] via 192. 168. 1. 1, 00 : 00 : 43, Serial0 C 11. 0. 0. 0/8 is directly connected, Loopback0 C 192. 168. 1. 0/24 is directly connected, Serial0 Athena3#sh ip route Gateway of last resort is not set C 170. 1. 0. 0/16 is directly connected, Serial0 12. 0. 0. 0/30 is subnetted, 1 subnets C 12. 1. 0. 0 is directly connected, Loopback0 Nhn xt : router Athena1 v Athena2 bit c cc mng ca nhau nhng khng bit c mng ca router Athena3. Ngc li router Athena3, khng bit c cc mng ca router Athena1 v
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Athena2. iu ny chng t, cc router trong cng mt area ch bit c cc mng trong area , cc mng trong area khc th router khng bit. (Trng hp, router Athena1 thy c mng 170. 1. 0. 0/16 l do router Athena2 qung b mng thuc area 0) lin kt c cc mng trong cng cc area khc nhau chng ta phi c mt router bin ni area v area 0 (backbone). Router ny c mt interface thuc area v mt interface thuc area 0.
Trong trng hp bi lab, chng ta c hai cch gii quyt vn ny. Cch th nht l cu hnh cho mng ca interface S0 ca router Athena3 thuc area 0. Lc ny, router Athena3 ng vai tr l mt router bin. Cch th hai l cu hnh cho mng ca interface S1 router Athena2 thuc area 1, lc ny router Athena2 ng vai tr l router bin. Chng ta s kho st cch 1 (cu hnh cho mng interface S0 ca Athea3 thuc area0). Cch 2 c thc hin tng t
Cch cu hnh : Athena3(config)#router ospf 1 Athena3(config-router)#no net 170. 1. 0. 0 0. 0. 255. 255 area 1 Athena3(config-router)#net 170. 1. 0. 0 0. 0. 255. 255 area 0 Sau khi cu hnh xong, chng ta kim tra li bng nh tuyn ca cc router : Athena1#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set O 170. 1. 0. 0/16 [110/128] via 192. 168. 1. 2, 00 : 01 : 30, Serial0 10. 0. 0. 0/16 is subnetted, 1 subnets C 10. 0. 0. 0 is directly connected, Loopback0 11. 0. 0. 0/32 is subnetted, 1 subnets O 11. 1. 0. 1 [110/65] via 192. 168. 1. 2, 00 : 01 : 30, Serial0 12. 0. 0. 0/32 is subnetted, 1 subnets O IA 12. 1. 0. 1 [110/129] via 192. 168. 1. 2, 00 : 01 : 30, Serial0 C 192. 168. 1. 0/24 is directly connected, Serial0 Athena2#sh ip route Gateway of last resort is not set C 170. 1. 0. 0/16 is directly connected, Serial1 10. 0. 0. 0/32 is subnetted, 1 subnets O 10. 0. 0. 1 [110/65] via 192. 168. 1. 1, 00 : 01 : 07, Serial0 C 11. 0. 0. 0/8 is directly connected, Loopback0 12. 0. 0. 0/32 is subnetted, 1 subnets O IA 12. 1. 0. 1 [110/65] via 170. 1. 0. 2, 00 : 01 : 07, Serial1 C 192. 168. 1. 0/24 is directly connected, Serial0
Athena3#sh ip route Gateway of last resort is not set C 170. 1. 0. 0/16 is directly connected, Serial0 10. 0. 0. 0/32 is subnetted, 1 subnets O 10. 0. 0. 1 [110/129] via 170. 1. 0. 1, 00 : 00 : 06, Serial0 11. 0. 0. 0/32 is subnetted, 1 subnets O 11. 1. 0. 1 [110/65] via 170. 1. 0. 1, 00 : 00 : 06, Serial0 12. 0. 0. 0/30 is subnetted, 1 subnets C 12. 1. 0. 0 is directly connected, Loopback0 O 192. 168. 1. 0/24 [110/128] via 170. 1. 0. 1, 00 : 00 : 06, Serial0 Nhn xt : cc router thy c cc mng ca cc router khc. Nh vy ton mng lin lc c vi nhau. Chng ta c th kim tra bng cch ping n tng mng.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 7
Cu hnh EIGRP
Cc PC ni vi router bng cp cho, hai router c ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh hnh v. Trong bi lab ny chng ta s tin hnh cu hnh giao thc EIGRP cho cc router. 2. Cu hnh : Chng ta cu hnh cho cc router Athena1 v Athena2 nh sau : Athena1#sh run Building configuration. . . Current configuration : 541 bytes ! version 12. 1 ! hostname Athena1 ! interface Ethernet0 ip address 10. 1. 0. 1 255. 255. 0. 0 ! interface Serial1 ip address 192. 168. 0. 1 255. 255. 255. 0 clockrate 64000 ! end Athena2#sh run Building configuration. . . Current configuration : 541 bytes !
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

version 12. 1 ! hostname Athena2 ! interface Ethernet0 ip address 11. 1. 0. 1 255. 255. 0. 0 ! interface Serial1 ip address 192. 168. 0. 2 255. 255. 255. 0 ! end Sau khi cu hnh xong a ch IP cho cc interface ca router Athena1, Athena2 chng ta tin hnh cu hnh EIGRP cho cc router nh sau : 100 l s Autonomus system Athena1(config)#router eigrp 100 qung b mng 10. 1. 0. 0 Athena1(config-router)#network 10. 1. 0. 0 Athena1(config-router)#network 192. 168. 0. 0 qung b mng 192. 168. 0. 0 Athena2(config)#router eigrp 100 Athena2(config-router)#network 11. 0. 0. 0 Athena2(config-router)#network 192. 168. 0. 0 By gi chng ta tin hnh kim tra cc kt ni trong mng bng cch : Athena1#ping 11. 1. 0. 2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11. 1. 0. 2, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/40 ms Athena1# Chng ta s dng cu lnh show ip route kim tra bng nh tuyn ca hai router Athena2#show ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set D C C 10. 0. 0. 0/8 [90/2195456] via 192. 168. 0. 1, 00 : 11 : 35, Serial1 11. 1. 0. 0/16 is directly connected, Ethernet0 192. 168. 0. 0/24 is directly connected, Serial1
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Trong bng nh tuyn ca router Athena2 c cc route n mng ca Athena1, v Athena1 ping thnh cng n loopback ca Athena2. Nh vy, ton mng chng ta thng nhau.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 8
Cu hnh OSPF gia Windows Server 2003 v router

1. Gii thiu : Trong bi lab ny chng ta s kho st cu hnh OSPF gia mt my Server s dng Windows 2003 v router 2. M t bi lab v hnh :
Lo0 : 11.1.0.1/8
192.168.1.1/24 S0
192.168.1.2/24 S0
170.1.0.1/16 S1
170.1.0.2/16 S0
Athena1 Lo0 : 10.0.0.1/16
Athena2 E0 15.1.0.1/8
Athena3 Text Lo0 : 12.1.0.1/30
AREA 0
Server 15.1.0.2/8
hnh bi lab nh hnh v, chng ta s cu hnh loopback 0 cho cc router. a ch IP ca cc interface c ghi trn hnh. Lu , khi cu hnh IP cho server, chng ta khng cu hnh default gateway. 3. Cu hnh cho cc router : Chng ta cu hnh cho cho cc router nh sau : Athena1#sh run Building configuration. . . Current configuration : 592 bytes version 12. 1
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

hostname Athena1 interface Loopback0 ip address 10. 0. 0. 1 255. 255. 0. 0 interface Serial0 ip address 192. 168. 1. 1 255. 255. 255. 0 router ospf 1 log-adjacency-changes network 10. 0. 0. 0 0. 0. 255. 255 area 0 network 192. 168. 1. 0 0. 0. 0. 255 area 0 end Athena2#sh run Building configuration. . . Current configuration : 712 bytes version 12. 1 hostname Athena2 interface Loopback0 ip address 11. 1. 0. 1 255. 0. 0. 0 interface Ethernet0 ip address 15. 1. 0. 1 255. 0. 0. 0 interface Serial0 ip address 192. 168. 1. 2 255. 255. 255. 0 no fair-queue clockrate 64000 interface Serial1 ip address 170. 1. 0. 1 255. 255. 0. 0 router ospf 1 log-adjacency-changes network 11. 1. 0. 0 0. 255. 255. 255 area 0 network 15. 0. 0. 0 0. 255. 255. 255 area 0 network 170. 1. 0. 0 0. 0. 255. 255 area 0 network 192. 168. 1. 0 0. 0. 0. 255 area 0 end Athena3#sh run Building configuration. . . Current configuration : 608 bytes version 12. 1 hostname Athena3 interface Loopback0 ip address 12. 1. 0. 1 255. 255. 255. 252 interface Serial0 ip address 170. 1. 0. 2 255. 255. 0. 0 clockrate 64000 router ospf 1 log-adjacency-changes
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

network 12. 1. 0. 0 0. 0. 0. 3 area 0 network 170. 1. 0. 0 0. 0. 255. 255 area 0 end 4. Cu hnh cho server : Chng ta vo Start Program Administrative Tools Routing And Remote Access. Sau chn PC chng ta mun cu hnh ri nhp chut phi chn Configure and Enable Routing and Remote Access.
Ri nhn Next chn Custom Configuration Next chn Lan routing Next Finish Yes. Click vo IP routing, bn ca s bn phi chng ta nhp chut phi vo General ri chn New Routing Protocol
Chn Open Shortest Path Frist (OSPF) OK
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Nhp chut phi vo OSPF (trong IP routing) chn New Interface. Trong ca s hin ra chn Local Area Connection OK Trong ca s hin ra, nh du chn Enable OSPF for this address, trong phn Network Type, ta chn mc Broadcast. Sau nhn OK.
Chng ta c th set cost cho route ny bng cch nhp gi tr vp Cost, v u tin cho router bng cch nhp gi tr vo Router priority. Router no c u tin cao nht s l designated router. Nhp chut phi vo OSPF chn Properties. Trong ca s hin ra chn Enable antonomous system boundary router.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Click vo tab Areas, chn 0. 0. 0. 0 nhn Edit
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Trong ca s va hin ra, b Enable plaintext password OK
Chng ta nhn chut phi vo OSPF chn Show Link-state Database. Trong ca s hin ra chng ta s tht c cc mng ca router Athena1, Athena2, Athena3.
By gi chng ta s ping ti cc mng ca ba router kim tra.

Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Chng ta ping thnh cng mng 10. 0. 0. 0 ca Athena1, cc bn tip tc ping ti cc mng khc kim tra v chc chn s thnh cng. Nh vy ton mng lin lc c vi nhau. Vic chy OSPF gia Winserver 2003 v router thnh cng.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Phn 4
Access List v NAT
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Anh HoThiu hai bi Standard Access list v Extended Access list ca Lut
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 3
Tn cng router bng flood

1. M t bi lab v cu hnh :
hnh bi lab trn hnh trn, chng ta s bt http server trn router Athena2 v Deny Service ny bng DoS trn S0 ca router Athena2 a ch l 192. 168. 1. 2, ta cu hnh access-list 101 p vo interface S0, ni dung ca access-list 101 ny l cm tt c cc gi i vo interface ny (s dng Defense). 2. Cu hnh ca Router : Cu hnh ca cc router : Athena1#sh run Building configuration. . . Current configuration : 559 bytes version 12. 1 hostname Athena1 interface Ethernet0 ip address 10. 1. 0. 1 255. 255. 255. 0 interface Serial0 ip address 192. 168. 1. 1 255. 255. 255. 0 no fair-queue clockrate 64000 router rip network 10. 0. 0. 0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

network 192. 168. 1. 0 end Athena2#sh run Building configuration. . . Current configuration : 616 bytes version 12. 1 hostname Athena2 interface Loopback0 ip address 11. 1. 0. 1 255. 255. 255. 0 interface Serial0 ip address 192. 168. 1. 2 255. 255. 255. 0 router rip network 11. 0. 0. 0 network 192. 168. 1. 0 ip http server access-list 101 deny tcp any 10. 1. 0. 0 0. 0. 0. 255 access-list 101 permit ip any any end Chng ta bt http server trn router Athena2 bng cch : Athena2(config)#ip http server 3. Thc thi DoS : Sau khi cu hnh xong, ta chy th Web Service trn router 2501 bng vo Internet explorer browser, v nhp vo khung Address : http : //192. 168. 3. 1/ v chc chn Service ny s chy.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

By gi, chng ta vo command prompt khi ng chng trnh bonk (http : //www. packetstorm. net/)
Chng trnh ny s gi packet lin tc n a ch m chng ta nhp vo (Interface S0 ca Athena2). Lc ny to router Athena2 chng ta cu hnh access-list l deny tt c cc gi n a ch 192.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

168. 1. 2 (interface S0 ca Athena2). Chng ta c th xem qu trnh u tin l khi mi bt u gi gi t phn mm file chy bonk, nhng gi t phn mm ny gi b deny : (s dng cu lnh debug ip packet detail hin th thng tin v cc gi trn Athena2) 01 : 35 : 27 : IP : s=192. 168. 1. 2 (local), d=58. 78. 126. 160, len 56, unroutable 01 : 35 : 28 : IP : s=234. 163. 97. 104 (Serial0), d=192. 168. 1. 2, len 56, access denied 01 : 35 : 28 : IP : s=90. 18. 161. 21 (Serial0), d=192. 168. 1. 2, len 56, access denied 01 : 35 : 28 : IP : s=192. 168. 1. 2 (local), d=90. 18. 161. 21, len 56, unroutable 01 : 35 : 29 : IP : s=212. 188. 230. 189 (Serial0), d=192. 168. 1. 2, len 56, access denied 01 : 35 : 29 : IP : s=95. 72. 43. 45 (Serial0), d=192. 168. 1. 2, len 56, access denied 01 : 35 : 29 : IP : s=192. 168. 1. 2 (local), d=95. 72. 43. 45, len 56, unroutable 01 : 35 : 30 : IP : s=137. 183. 32. 171 (Serial0), d=192. 168. 1. 2, len 56, access denied 01 : 35 : 30 : IP : s=34. 183. 126. 195 (Serial0), d=192. 168. 1. 2, len 56, access denied Tuy nhin trong qu trnh deny router Athena2 phi a gi vo d liu ca mnh phn tch. Trong khi file chy bonk gi gi mt cch lin tc, nn cha y 2 pht sau th interface serial 0 ca Athena2 b down v service http ca n v vy cng s b down lun. Chng ta khng th duyt web lc ny. 01 : 35 : 31 : IP : s=192. 168. 1. 2 (local), d=190. 191. 154. 23, len 56, unroutable 01 : 35 : 32 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Serial0, changed state to down 01 : 35 : 32 : IP : s=68. 190. 155. 4 (Serial0), d=192. 168. 1. 2, len 56, access denied 01 : 35 : 32 : IP : s=192. 168. 1. 2 (local), d=68. 190. 155. 4, len 56, unroutable. Sau khi down mt thi gian, router s t ng up interface S0 ln li. Nu khng cn ghn na th s hot ng bnh thng. 01 : 35 : 52 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Serial0, changed state to up
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 4
Cu hnh NAT Static

1. Gii thiu : Nat (Network Address Translation) l mt giao thc dng cung cp s chuyn i IP trong 1 min a ra mt mi trng khc thng qua mt IP c ng k chuyn i thng tin gia 2 mi trng (either Local or Global). u im ca NAT( Network Nat Translation ) l chuyn i cc IP adress ring trong mng n IP adress inside c Cung cp khi ng k. Cc loi a ch : Inside Local : l cc a ch bn trong mng ni b ( gateway) Inside Global : l cc a ch ngoi cng GATEWAY , l a ch Nat c ng k. Trong bi nay l : 172. 17. 0. 1/24 Outside Global : l cc h thng mng bn ngoi cc mi trng 2. M t bi lab v hnh :
ISP
` PC1 10.1.0.2/16 Gateway : 10.1.0.1/16
192.168.0.2/124 S0
11.1.0.1/16 E0 ` PC2 11.1.0.2/16 Gateway : 11.1.0.1/16
E0 10.1.0.1/16
Athena1 S0 192.168.0.1/24
Athena2
Gateway
Cc PC ni vi router bng cp cho, hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC c cho trn hnh v Trong bi lab ny, router Athena1 c cu hnh nh mt ISP, router Athena2 c cu hnh nh mt gateway 3. Cu hnh : Chng ta cu hnh cho cc router nh sau : Router#conf t Athena1(config)#enable password cisco Route r(config)#hostname Athena1 Athena1(config)#interface serial 1 Athena1(config-if)#ip address 192. 168. 0. 1 255. 255. 255. 0 Athena1(config-if)# no shut Athena1(config-if)#clock rate 64000 Athena1(config)#interface ethernet 0 Athena1(config-if)#ip address 10. 1. 0. 1 255. 255. 0. 0 Athena1(config-if)#no shut
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Athena2(config)#interface serial 1 Athena2(config-if)#ip address 192. 168. 0. 2 255. 255. 255. 0 cu hnh interface S1 l interface outside Athena2(config)#ip nat outside Athena2(config)#interface ethernet 0 Athena2(config-if)#ip address 11. 1. 0. 1 255. 255. 0. 0 Athena2(config-if)#no shut Athena2(config)#ip nat intside Cu hnh interface E0 l interface inside Chng ta tin hnh cu hnh Static NAT cho Athena2 bng cu lnh : Athena2(config)#ip nat inside source static 11. 1. 0. 2 172. 17. 0. 1 Cu lnh trn c ngha l : cc gi tin xut pht t PC2 khi qua router Athena2 ra ngoi s c i a ch IP source t 11. 1. 0. 2 thnh a ch 172. 17. 0. 1 (y l a ch c ng k vi ISP) Chng ta tin hnh t Static Route cho 2 Router Athena1 v Athena2. Athena2(config)#ip route 0. 0. 0. 0 0. 0. 0. 0 192. 168. 0. 1 Athena1(config)#ip route 172. 17. 0. 0 255. 255. 0. 0 192. 168. 0. 2 a ch 172. 17. 0. 1 l Address c ng k. Trn thc t ISP ch route xung user bng a ch ng k ny. kim tra vic NAT ca router Athena2 nh th no chng ta s dng cu lnh sau : Athena2#sh ip nat translation Pro Inside global Inside local Outside local Outside global --- 172. 17. 0. 1 11. 1. 0. 2 ---- kim tra router Athena2 chuyn i a ch nh th no chng ta s dng cu lnh Athena2#debug ip nat T router Athena2, ta ping interface serial 0 ca Athena1. Athena2#ping 192. 168. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11. 1. 0. 2, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms Khi s xut hin trn mn hnh Hyber Terminal ca router Athena2 nhng thng bo sau : 00 : 52 : 46 : NAT* : s=11. 1. 0. 2->172. 17. 0. 1, d=192. 168. 0. 1 [267] 00 : 52 : 46 : NAT* : s=192. 168. 0. 1, d=172. 17. 0. 1->11. 1. 0. 2 [267] 00 : 52 : 47 : NAT* : s=11. 1. 0. 2->172. 17. 0. 1, d=192. 168. 0. 1 [268] 00 : 52 : 47 : NAT* : s=192. 168. 0. 1, d=172. 17. 0. 1->11. 1. 0. 2 [268] 00 : 52 : 48 : NAT* : s=11. 1. 0. 2->172. 17. 0. 1, d=192. 168. 0. 1 [269] 00 : 52 : 48 : NAT* : s=192. 168. 0. 1, d=172. 17. 0. 1->11. 1. 0. 2 [269] 00 : 52 : 49 : NAT* : s=11. 1. 0. 2->172. 17. 0. 1, d=192. 168. 0. 1 [270] 00 : 52 : 49 : NAT* : s=192. 168. 0. 1, d=172. 17. 0. 1->11. 1. 0. 2 [270] a ch 11. 1. 0. 2 c chuyn thnh a ch 172. 17. 0. 1 v a ch ch l 192. 168. 0. 1. V gi ICMP reply c gi tr li cng c chuyn a ch ch t 172. 17. 0. 1 thnh 11. 1. 0. 2. Cc s 267, 268, 269, 270 l cc phin trong qu trnh NAT Ngi vit
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 5
Cu hnh NAT Overload

1. Gii thiu : NAT (Network Address Translation) dng chuyn i cc private address thnh a ch public address. Cc gi tin t mng ni b ca user gi ra ngoi, khi n router bin a ch IP source s c chuyn i thnh a ch public m user ng k vi ISP. iu ny cho php cc gi tin t mng ni b c th c gi ra mng ngoi (Internet). NAT c cc loi : NAT static, NAT pool, NAT overload. NAT static cho php chuyn i mt a ch ni b thnh mt a ch public. NAT pool cho php chuyn i cc a ch ni b thnh mt trong dy a ch public. NAT overload cho php chuyn i cc a ch ni b thnh mt a ch public Trong k thut NAT overload, router s s dng thm cc port cho cc a ch khi chuyn i. 2. Cc cu lnh s dng trong bi lab : ip nat {inside | outside} Cu hnh interface l inside hay outside ip nat inside source {list {accesslistnumber | name} pool name [overload] | static localip globalip} Cho php chuyn a ch ni b thnh a ch public ip nat pool name startip endip {netmask | prefixlength prefixlength} [type rotary] To NAT pool show ip nat translations Xem cc thng tin v NAT debug ip nat Xem hot ng ca NAT 3. M t bi lab v hnh :
192.168.1.1/24 S0 Athena1 Lo0 : 10.1.0.1/16 Lo1 : 11.1.0.1/16 Lo2 : 12.1.0.1/16
192.168.1.2/24 S0 Athena2 Lo0 : 13.1.0.1/16
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

hnh bi lab nh hnh trn. Router Athena1 c cu hnh inteface loopback 0, loopback 1, loopback 2. Router Athena2 c cu hnh interface loopback 0. Hai router c ni vi nhau bng cp Serial. 4. Cu hnh router : Hai router c cu hnh cc interface nh sau : Athena1#sh run Building configuration. . . Current configuration : 630 bytes hostname Athena1 interface Loopback0 ip address 10. 1. 0. 1 255. 255. 0. 0 interface Loopback1 ip address 11. 1. 0. 1 255. 255. 0. 0 interface Loopback2 ip address 12. 1. 0. 1 255. 255. 0. 0 interface Serial0 ip address 192. 168. 1. 1 255. 255. 255. 0 end Athena2#sh run Building configuration. . . Current configuration : 644 bytes hostname Athena2 interface Loopback0 ip address 13. 1. 0. 1 255. 255. 0. 0 interface Serial0 ip address 192. 168. 1. 2 255. 255. 255. 0 no fair-queue clockrate 64000 end Chng ta cu hnh NAT trn router Athena1 theo cc bc sau : Bc 1 : Cu hnh cc interface inside v outside Trong bi lab ny, chng ta cu hnh cho cc interface loopback ca Athena1 l inside cn interface serial 0 l out side. Athena1(config)#in lo0 Athena1(config-if)#ip nat inside Athena1(config)#in lo1 Athena1(config-if)#ip nat inside Athena1(config-if)#in lo2 Athena1(config-if)#ip nat inside Athena1(config-if)#in s0 Athena1(config-if)#ip nat outside Athena1(config-if)#exit
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bc 2 : To access list cho php mng no c NAT. Chng ta cu hnh cho php mng 10. 1. 0. 0/16 v mng 11. 1. 0. 0/16 c cho php, cm mng 12. 1. 0. 0/16 Athena1(config)# access-list 1 deny 12. 1. 0. 0 0. 0. 255. 255 Athena1(config)#access-list 1 permit any Bc 3 : To NAT pool cho router Athena1 Cu hnh NAT pool tn Athena1 c a ch t 172. 1. 1. 1/24 n 172. 1. 1. 5/24 Athena1(config)#ip nat pool Athena1 172. 1. 1. 1 172. 1. 1. 5 netmask 255. 255. 255. 0 Bc 4 : Cu hnh NAT cho router Athena1(config)#ip nat inside source list 1 pool Athena1 overload Cu lnh trn cu hnh overload cho NAT pool Bc 5 : nh tuyn cho router Athena1(config)#ip route 13. 1. 0. 0 255. 255. 0. 0 192. 168. 1. 2 Athena2(config)#ip route 172. 1. 1. 0 255. 255. 255. 0 192. 168. 1. 1
Lu : i vi router Athena2, nu ta nh tuyn theo dng : Athena2(config)#ip route 0. 0. 0. 0 0. 0. 0. 0 192. 168. 1. 1 th chng ta c th ping thy c cc mng trong router Athena1 (10. 1. 0. 0/16, 11. 1. 0. 0/16). Nhng thc t, ISP ch nh tuyn xung cho user bng a ch m user ng k (Inside global address). Bc 6 : Kim tra hot ng ca NAT Chng ta s kim tra NAT bng cu lnh debug ip nat Athena1#debug ip nat IP NAT debugging is on Sau khi bt debug NAT, chng ta s ping n loopback0 ca Athena2 t loopback0 ca Athena1 Athena1#ping Protocol [ip] : Target IP address : 13. 1. 0. 1 Repeat count [5] : Datagram size [100] : Timeout in seconds [2] : Extended commands [n] : y Source address or interface : 10. 1. 0. 1 Type of service [0] : Set DF bit in IP header? [no] : Validate reply data? [no] : Data pattern [0xABCD] : Loose, Strict, Record, Timestamp, Verbose[none] : Sweep range of sizes [n] : Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13. 1. 0. 1, timeout is 2 seconds :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms Athena1# 00 : 31 : 12 : NAT : s=10. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [190] 00 : 31 : 12 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->10. 1. 0. 1 [190] 00 : 31 : 12 : NAT : s=10. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [191] 00 : 31 : 12 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->10. 1. 0. 1 [191] 00 : 31 : 12 : NAT : s=10. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [192] 00 : 31 : 12 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->10. 1. 0. 1 [192] 00 : 31 : 12 : NAT : s=10. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [193] 00 : 31 : 12 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->10. 1. 0. 1 [193] 00 : 31 : 12 : NAT : s=10. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [194] 00 : 31 : 12 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->10. 1. 0. 1 [194] T kt qu trn ta thy c, cc gi tin t mng 10. 1. 0. 1 c i source IP thnh 171. 1. 1. 1. S dng cu lnh show ip nat translations xem cc thng v NAT Athena1#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 172. 1. 1. 1 : 2459 10. 1. 0. 1 : 2459 13. 1. 0. 1 : 2459 13. 1. 0. 1 : 2459 icmp 172. 1. 1. 1 : 2460 10. 1. 0. 1 : 2460 13. 1. 0. 1 : 2460 13. 1. 0. 1 : 2460 icmp 172. 1. 1. 1 : 2461 10. 1. 0. 1 : 2461 13. 1. 0. 1 : 2461 13. 1. 0. 1 : 2461 icmp 172. 1. 1. 1 : 2462 10. 1. 0. 1 : 2462 13. 1. 0. 1 : 2462 13. 1. 0. 1 : 2462 13. 1. 0. 1 : 2463 13. 1. 0. 1 : 2463 icmp 172. 1. 1. 1 : 2463 10. 1. 0. 1 : 2463 Cc s c in m l port NAT s dng cho a ch 10. 1. 0. 1. Lp li cc bc trn kim tra NAT cho loopback 1, loopback 2 ca router Athena1 Athena1#ping Protocol [ip] : Target IP address : 13. 1. 0. 1 Repeat count [5] : Datagram size [100] : Timeout in seconds [2] : Extended commands [n] : y Source address or interface : 11. 1. 0. 1 Type of service [0] : Set DF bit in IP header? [no] : Validate reply data? [no] : Data pattern [0xABCD] : Loose, Strict, Record, Timestamp, Verbose[none] : Sweep range of sizes [n] : Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13. 1. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms Athena1# 00 : 33 : 16 : NAT : s=11. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [210] 00 : 33 : 16 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->11. 1. 0. 1 [210] 00 : 33 : 16 : NAT : s=11. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [211]
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

00 : 33 : 16 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->11. 1. 0. 1 [211] 00 : 33 : 16 : NAT : s=11. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [212] 00 : 33 : 16 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->11. 1. 0. 1 [212] 00 : 33 : 17 : NAT : s=11. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [213] 00 : 33 : 17 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->11. 1. 0. 1 [213] 00 : 33 : 17 : NAT : s=11. 1. 0. 1->172. 1. 1. 1, d=13. 1. 0. 1 [214] 00 : 33 : 17 : NAT* : s=13. 1. 0. 1, d=172. 1. 1. 1->11. 1. 0. 1 [214] Athena1#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 172. 1. 1. 1 : 6407 11. 1. 0. 1 : 6407 13. 1. 0. 1 : 6407 13. 1. 0. 1 : 6407 icmp 172. 1. 1. 1 : 6408 11. 1. 0. 1 : 6408 13. 1. 0. 1 : 6408 13. 1. 0. 1 : 6408 icmp 172. 1. 1. 1 : 6409 11. 1. 0. 1 : 6409 13. 1. 0. 1 : 6409 13. 1. 0. 1 : 6409 icmp 172. 1. 1. 1 : 6410 11. 1. 0. 1 : 6410 13. 1. 0. 1 : 6410 13. 1. 0. 1 : 6410 icmp 172. 1. 1. 1 : 6411 11. 1. 0. 1 : 6411 13. 1. 0. 1 : 6411 13. 1. 0. 1 : 6411 Athena1#ping Protocol [ip] : Target IP address : 13. 1. 0. 1 Repeat count [5] : Datagram size [100] : Timeout in seconds [2] : Extended commands [n] : y Source address or interface : 12. 1. 0. 1 Type of service [0] : Set DF bit in IP header? [no] : Validate reply data? [no] : Data pattern [0xABCD] : Loose, Strict, Record, Timestamp, Verbose[none] : Sweep range of sizes [n] : Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13. 1. 0. 1, timeout is 2 seconds : . . Success rate is 0 percent (0/5) i vi 12. 1. 0. 1, chng ta khng ping ra ngoi c v mng 12. 1. 0. 0/16 b cm trong access list 1. ng router Athena2, chng ta ping xung cc loopback ca router Athena1 Athena2#ping 10. 1. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. 1. 0. 1, timeout is 2 seconds : ..... Success rate is 0 percent (0/5) Athena2#ping 11. 1. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11. 1. 0. 1, timeout is 2 seconds :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

..... Success rate is 0 percent (0/5) Athena2#ping 12. 1. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12. 1. 0. 1, timeout is 2 seconds : ..... Success rate is 0 percent (0/5) Nhn xt : tt c u khng thnh cng Nguyn nhn l router Athena2 khng c route no n cc loopback ca router Athena1. Trong thc t, ta cng c kt qu tng t do ISP ch nh tuyn xung a ch m user ng k, cn cc a ch mng bn trong ca user th khng c ISP nh tuyn.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Phn 5
Mng WAN
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 1
Cu hnh PPP PAP v CHAP

1. Gii thiu : PPP (Point-to-Point Protocol) l giao thc ng gi c s dng thc hin kt ni trong mng WAN. PPP bao gm LCP (Link Control Protocol) v NCP (Network Control Protocol). LCP c dng thit lp kt ni point-to-point, NCP dng cu hnh cho cc giao thc lp mng khc nhau. PPP c th c cu hnh trn cc interface vt l sau : Asynchronous serial : cng serial bt ng b Synchronous serial : cng serial ng b High-Speed Serial Interface (HSSI) : cng serial tc cao Integrated Services Digital Network (ISDN) Qu trnh to session ca PPP gm ba giai on (phase) : Link-establishment phase Authentication phase (ty chn) Network layer protocol phase Ty chn xc nhn (authentication) gip cho vic qun l mng d dng hn. PPP s dng hai cch xc nhn l PAP (Password Authentication Protocol) v CHAP (Challenge Handshake Authentication Protocol). PAP l dng xc nhn two-way handshake. Sau khi to lin kt node u xa s gi usename v password lp i lp li cho n khi nhn c thng bo chp nhn hoc t chi. Password trong PAP c gi i dng clear text (khng m ha). CHAP l dng xc nhn three-way handshake. Sau khi to lin kt, router s gi thng ip challenge cho router u xa. Router u xa s gi li mt gi tr c tnh ton da trn password v thng ip challenge cho router. Khi nhn c gi tr ny, router s kim tra li xem c ging vi gi tr ca n tnh hay khng. Nu ng, th router xem gi xc nhn ng v kt ni c thit lp; ngc li, kt ni s b ngt ngay lp tc. 2. Cc cu lnh s dng trong bi lab : username name password password Cu hnh tn v password cho CHAP v PAP. Tn v password ny phi ging vi router u xa. encapsulation ppp Cu hnh cho interface s dng giao thc PPP ppp authentication (chap chap pap pap chap pap) Cu hnh cho interface s dng PAP, CHAP, hoc c hai. Trong trng hp c hai c s dng, giao thc u tin c s dng trong qu trnh xc nhn; nu nh giao thc u b t chi hoc router u xa yu cu dng giao thc th hai th giao thc th hai c dng. ppp pap sent-username username password password Cu hnh username v password cho PAP debug ppp authentication Xem trnh t xc nhn ca PAP v CHAP
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Athena1
S0 192.168.1.1/24
Athena2 S0 192.168.1.2/24
hnh bi lab nh hnh v. Hai router c t tn l Athena, Athena2 v c ni vi nhau bng cp serial. a ch IP ca cc interface nh hnh trn. 4. Cu hnh router : a) Bc 1 : t tn v a ch cho cc interface Athena1#sh run Building configuration. . . Current configuration : 497 bytes version 12. 1 hostname Athena1 enable password cisco interface Serial0 ip address 192. 168. 1. 1 255. 255. 255. 0 clockrate 64000 end Athena2#sh run Building configuration. . . Current configuration : 423 bytes version 12. 1 hostname Athena2 enable password cisco interface Serial0 ip address 192. 168. 1. 2 255. 255. 255. 0 end Chng ta s kim tra trng thi ca cc cng bng cu lnh show ip interface brief Athena2#sh ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0 unassigned YES unset administratively down down Serial0 192. 168. 1. 2 YES manual up up Serial1 unassigned YES unset administratively down down
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Cng serial ca router Athena2 up. Lm tng t kim tra trng thi cc cng ca router Athena1. Chng ta s dng cu lnh show interfaces serial bit c cc thng s ca interface serial cc router Athena2#sh interfaces serial 0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192. 168. 1. 2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00 : 00 : 02, output 00 : 00 : 01, output hang never Last clearing of "show interface" counters never Input queue : 0/75/0/0 (size/max/drops/flushes); Total output drops : 0 Queueing strategy : weighted fair Output queue : 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15 packets input, 846 bytes, 0 no buffer Received 15 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 19 packets output, 1708 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Athena1#sh int s 0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192. 168. 1. 1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00 : 00 : 00, output 00 : 00 : 00, output hang never Last clearing of "show interface" counters 00 : 11 : 35 Input queue : 0/75/0/0 (size/max/drops/flushes); Total output drops : 0 Queueing strategy : fifo Output queue : 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 21 packets input, 2010 bytes, 0 no buffer
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Received 21 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 23 packets output, 1280 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 output buffer failures, 0 output buffers swapped out 7 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up C hai cng serial ca hai router u s dng giao thc ng gi l HDLC v trng thi ca c hai u l up b) Bc 2 : Cu hnh PPP PAP, CHAP Cu hnh PPP PAP ng router Athena1, chng ta s cu hnh PPP cho interface serial 0 bng cu lnh encapsulation ppp Athena1(config)#in s0 Athena1(config-if)#encapsulation ppp Kim tra trng thi interface serial 0 ca router Athena1 Athena1#sh ip int brie Interface IP-Address OK? Method Status Protocol Ethernet0 unassigned YES unset administratively down down Serial0 192. 168. 1. 1 YES manual up down Serial1 unassigned YES unset administratively down down Athena1#sh int s 0 Serial0 is up, line protocol is down Hardware is HD64570 Internet address is 192. 168. 1. 1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP REQsent Closed : IPCP, CDPCP Last input 00 : 00 : 08, output 00 : 00 : 01, output hang never Last clearing of "show interface" counters 00 : 00 : 15 Input queue : 0/75/0/0 (size/max/drops/flushes); Total output drops : 0 Queueing strategy : fifo Output queue : 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1 packets input, 22 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 7 packets output, 98 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Nhn xt : interface serial 0 ca router Athena1 b down, ng ngha vi interface serial 0 ca router Athena2 cng b down. Nguyn nhn l hai interface ny s dng giao thc ng gi khc nhau. (Interface serial 0 ca router Athena1 s dng PPP cn Athena2 s dng HDLC). V vy chng ta phi cu hnh cho interface serial 0 ca router Athena2 cng s dng giao thc PPP. Athena2(config)#in s0 Athena2(config-if)#encapsulation ppp By gi chng ta s kim tra trng thi ca cc interface Athena2#sh int s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192. 168. 1. 2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Open : IPCP, CDPCP Last input 00 : 00 : 01, output 00 : 00 : 01, output hang never Last clearing of "show interface" counters 00 : 00 : 18 Input queue : 0/75/0/0 (size/max/drops/flushes); Total output drops : 0 Queueing strategy : weighted fair Output queue : 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15 packets input, 1004 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 13 packets output, 976 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up C hai interface ca hai router up tr li. Do c hai c cu hnh s dng cng giao thc ng gi l PPP. Trc khi cu hnh PAP cho hai interface chng ta s dng cu lnh debug ppp authentication xem trnh t trao i thng tin ca PAP. Athena2#debug ppp authentication PPP authentication debugging is on Chng ta s cu hnh PAP cho c hai interface serial 0 nh sau : Athena1(config)#username Athena1 password cisco Athena1(config)#in s0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Athena1(config-if)#ppp authentication pap Athena1(config-if)#ppp pap sent-username Athena1 password cisco Athena2(config)#username Athena1 password cisco Athena2(config)#in s0 Athena2(config-if)#ppp authentication pap Athena2(config-if)#ppp pap sent-username Athena2 password cisco Lu : Trong cu lnh username name password password, name v password phi trng vi name v password ca router u xa. Cn trong cu lnh ppp pap sent-username name password password, name v password l ca chnh router chng ta cu hnh Sau khi chng ta cu hnh PAP xong trn route Athena2, th mn hnh s xut hin trnh t ca PAP 00 : 09 : 49 : Se0 PPP : Phase is AUTHENTICATING, by both 00 : 09 : 49 : Se0 PAP : O AUTH-REQ id 1 len 18 from "Athena2" 00 : 09 : 49 : Se0 PAP : I AUTH-REQ id 1 len 18 from "Athena1" 00 : 09 : 49 : Se0 PAP : Authenticating peer Athena1 00 : 09 : 49 : Se0 PAP : O AUTH-ACK id 1 len 5 00 : 09 : 49 : Se0 PAP : I AUTH-ACK id 1 len 5 00 : 09 : 50 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Serial0, changed state to up ngha ca cc thng bo : Dng thng bo 1 : PPP thc hin xc nhn hai chiu Dng thng bo 2 : Athena2 gi yu cu xc nhn Dng thng bo 3 : Nhn yu cu xc nhn t Athena1 Dng thng bo 4 : Nhn xc nhn ca Athena1 Dng thng bo 5 : Gi xc nhn ng n Athena1 Dng thng bo 6 : Nhn xc nhn ng t Athena1 Dng thng bo 7 : Trng thi ca interface c chuyn sang UP Nh vy hai interface ca router Athena1 v Athena2 up. Chng ta ng router Athena2 ping interface serial 0 ca router Athena1 kim tra. Athena2#ping 192. 168. 1. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14. 1. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms Cu hnh PPP CHAP Trc khi cu hnh PPP CHAP cho hai interface chng ta g b PAP c hai router Athena1(config)#in s0 Athena1(config-if)#no ppp authentication pap Athena1(config-if)#no ppp pap sent-username Athena1 password cisco Athena2(config)#in s0 Athena2(config-if)#no ppp authentication pap Athena2(config-if)#no ppp pap sent-username Athena2 password cisco
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

By gi chng ta s cu hnh CHAP bng cu lnh ppp authentication chap Athena1(config)#in s0 Athena1(config-if)#ppp authentication chap Athena2(config)#in s0 Athena2(config-if)#ppp authentication chap Lu : khi cu hnh PPP CHAP chng ta vn phi cu hnh cho interface serial s dng giao thc ng gi PPP bng cu lnh encapsulation ppp v cng phi s dng cu lnh username name password password cu hnh name v password cho giao thc CHAP thc hin xc nhn. y, chng ta khng thc hin li cc cu lnh v bc cu hnh PAP chng ta thc hin ri. Do chng ta s dng cu lnh debug ppp authentication router Athena2, nn khi cu hnh CHAP xong hai router th mn hnh s hin thng bo nh sau : (console c ni vi router Athena2) 00 : 15 : 08 : Se0 CHAP : O CHALLENGE id 1 len 28 from "Athena2" 00 : 15 : 08 : Se0 CHAP : I CHALLENGE id 2 len 28 from "Athena1" 00 : 15 : 08 : Se0 CHAP : O RESPONSE id 2 len 28 from "Athena2" 00 : 15 : 08 : Se0 CHAP : I RESPONSE id 1 len 28 from "Athena1" 00 : 15 : 08 : Se0 CHAP : O SUCCESS id 1 len 4 00 : 15 : 08 : Se0 CHAP : I SUCCESS id 2 len 4 00 : 15 : 09 : %LINEPROTO-5-UPDOWN : Line protocol on Interface Serial0, changed state to up ngha ca cc cu thng bo : Dng thng bo 1 : Athena2 gi thng bo challenge n router Athena1 Dng thng bo 2 : Athena2 nhn thng bo challenge t router Athena1 Dng thng bo 3 : Athena2 gi response n router Athena1 Dng thng bo 4 : Athena2 nhn response t router Athena1 Dng thng bo 5 : Athena2 gi xc nhn thnh cng n Athena1 Dng thng bo 6 : Athena2 nhn xc nhn thnh cng t Athena1 Dng thng bo 7 : Trng thi ca interface serial c chuyn sang UP Hai interface serial ca router Athena1 v Athena2 UP, chng ta ng router Athena2 ping n interface serial 0 ca router Athena1 kim tra Athena2#ping 192. 168. 1. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14. 1. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms Nu nh name v password trong cu lnh username name password password khng ng th trng thi ca interface s b down. Do qu trnh xc nhn gia hai interface s s dng name v password ny. Nu nh khng khp th kt ni s b hy.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 2
Cu hnh ISDN Basic

1. Gii thiu : ISDN (Integrated Services Digital Network) l mt cng ngh truyn dn tc cao v quay s c s dng rng ri . H thng mng ny c to ra cach y 20 nm v c ng dng rng ri ti U. S. A u nm 1990. ISDN l mng phc v cho vic truyn dn d liu s mt mng ISDN BRI t tiu chun c th t ti tc 128Kbps. D liu c up ln sau mi 10 giy mng ISDN cho php truyn dn cc tn hiu s, cc knh s ng thi trn dy in thoi analog thng thng v u bn kia c gii m qua modem hay cc thit b khc . 2. M t bi lab v hnh :
Trong bi ny chng ta s s dng mt thit b m phng ISDN. Chng ta s ni hai router vo thit b bng cp thng. 3. Cu hnh : a. Cu hnh cho router Athena2 : Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname Athena2 Athena2(config)#isdn switch-type basic-ni cu hnh loi ISDN switch Athena2(config)#dialer-list 1 protocol ip permit Athena2(config)#username Athena1 password cisco Athena2(config)#interface bri 0 Athena2(config-if)#encapsulation ppp cu hnh giao thc ng gi l PPP Athena2(config-if)#ip address 200. 10. 1. 2 255. 255. 255. 0 Athena2(config-if)#isdn spid1 21 21 S SPID number 21 phone numbers 21 Athena2(config-if)#dialer-group 1 Athena2(config-if)#dialer map ip 200. 10. 1. 1 name Athena1 broadcast 11 cu hnh s ca router u xa Ahena2 thc hin cuc gi Athena2(config-if)#ppp authentication chap cu hnh PPP CHAP
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Athena2(config-if)#no shut Athena2(config-if)# b. Cu hnh cho router Athena1 : Router(config)#hostname Athena1 Athena1(config)#isdn switch-type basic-ni Athena1(config)#dialer-list 1 protocol ip permit Athena1(config)#username Athena2 password cisco Athena1(config)#interface bri 0 Athena1(config-if)#encapsulation ppp Athena1(config-if)# Athena1(config-if)#ip address 200. 10. 1. 1 255. 255. 255. 0 Athena1(config-if)#isdn spid1 11 11 Athena1(config-if)#dialer-group 1 Athena1(config-if)#dialer map ip 200. 10. 1. 2 name Athena2 broadcast 21 Athena1(config-if)#ppp authentication chap Athena1(config-if)#no shut Sau khi cu hnh xong chng ta kim tra li bng cch : Athena2#sh run Building configuration. . . Current configuration : 726 bytes ! version 12. 1 ! hostname Athena2 ! username Athena1 password 0 cisco ! ip subnet-zero ! isdn switch-type basic-ni ! interface BRI0 ip address 200. 10. 1. 2 255. 255. 255. 0 encapsulation ppp dialer map ip 200. 10. 1. 1 name Athena1 broadcast 11 dialer-group 1 isdn switch-type basic-ni isdn spid1 21 ppp authentication chap ! dialer-list 1 protocol ip permit end Athena2#sh interfaces bri 0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

BRI0 is up, line protocol is up (spoofing) Hardware is BRI Internet address is 200. 10. 1. 2/24 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Last input never, output 00 : 00 : 22, output hang never Last clearing of "show interface" counters 00 : 18 : 04 Input queue : 0/75/0/0 (size/max/drops/flushes); Total output drops : 0 Queueing strategy : weighted fair Output queue : 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 1 abort 10 packets output, 80 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 111 carrier transitions Chng ta kim tra trng thi kt ni ca lin kt ISDN bng cu lnh sau : Athena1#sh isdn status Global ISDN Switchtype = basic-net3 ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-net3 Layer 1 Status : ACTIVE Layer 2 Status : TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status : 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask : 0x80000003 Number of L2 Discards = 0, L2 Session ID = 13 Total Allocated ISDN CCBs = 0 Athena2#sh isdn status Global ISDN Switchtype = basic-net3 ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-net3 Layer 1 Status : ACTIVE Layer 2 Status :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

TEI = 67, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status : 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask : 0x80000003 Number of L2 Discards = 0, L2 Session ID = 3 Total Allocated ISDN CCBs = 0 Nu cu hnh ng th trng thi ca Layer 1 l ACTIVE MULTIPLE_FRAME_ESTABLISHED ng router Athena2, chng ta ping a ch 200. 10. 1. 1 kim tra kt ni : Athena2#ping 200. 10. 1. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200. 10. 1. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms
Layer
Nhn xt : ping thnh cng v router Athena2 thc hin kt ni vi router Athena1 s dng interface dialer 0 Athena2#sh interfaces bri 0 BRI0 is up, line protocol is up (spoofing) Hardware is BRI Internet address is 200. 10. 1. 2/24 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Last input 00 : 00 : 05, output 00 : 00 : 05, output hang never Last clearing of "show interface" counters 00 : 09 : 45 Input queue : 0/75/0/0 (size/max/drops/flushes); Total output drops : 0 Queueing strategy : weighted fair Output queue : 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 103 packets input, 1111 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 70 packets output, 309 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 output buffer failures, 0 output buffers swapped out 5 carrier transitions Lnh show dialer dng ch trng thi knh B s ngt, st gim (drop) sau 120 giy inactive.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Trng thi giao tip BRI ca router Athen2 c xc nh vi trng thi ca router Athnena1. Cng giao tip BRI0 c ch dn n knh D ca mng trong trang thi ny l UP/UP (spoofing state) chng t rng knh D hot ng Athena2#sh dialer BRI0 - dialer type = ISDN Dial String Successes Failures Last DNIS Last status 11 1 0 01 : 31 : 13 successful 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0 : 1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle BRI0 : 2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle Athena1#show dialer BRI0 - dialer type = ISDN Dial String Successes Failures Last DNIS Last status 21 0 1 00 : 01 : 43 failed 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0 : 1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle BRI0 : 2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle By gi nu nh i s s SPID hay l s Phone numbers th trng thi s thay i, h thng ng nhin l s khng th kt ni c. Athena2(config)#interface bri0 Athena2(config-if)#no isdn spid1 21 21 Athena2(config-if)#isdn spid1 14 14 Athena2(config-if)#no shut Athena2(config-if)# 02 : 16 : 31 : %ISDN-6-LAYER2DOWN : Layer 2 for Interface BRI0, TEI 70 changed to down Athena2(config-if)#dialer idle-timeout 20 cu hnh thi gian idle-timeout l 20s
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Athena2(config-if)#no shut Athena2(config-if)#^Z Athena2# Athena1#ping 200. 10. 1. 2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200. 10. 1. 2, timeout is 2 seconds : ..... Success rate is 0 percent (0/5)
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 3
Cu hnh ISDN DDR

1. Gii thiu : ISDN (Integrated Services Digital Network) l mng s tch hp a dch v, cung cp cho chng ta nhiu loi hnh dch v s khc nhau, bao gm : data v thoi. ISDN cho php truyn cc knh s ng thi trn dy in thoi thng thng. K thut dial-on-demand routing (DDR) c pht trin bi Cisco cho php chng ta s dng ng dy in thoi to thnh mt mng WAN. DDR cho php router thc hin kt ni khi c traffic c gi v ngt kt ni khi khng cn n. iu ny gip chng ta tit kim c chi ph rt nhiu. Trong k thut DDR, ch khi gp interesting traffic router mi thc hin kt ni, ngoi ra th khng. iu ny gip chng ta qun l c mng tt hn. Ngoi ra, DDR s dng idle timeout xc nh thi gian router ngt kt ni nu nh khng c interesting traffic no c gi. 2. Cc cu lnh s dng trong bi lab : isdn switch-type switch-type Cu hnh loi ca ISDN switch isdn spid1 spidnumber [ldn] Cu hnh s SPID v ldn dialer-list dialer-group-num protocol protocol-name {permit | deny | list access-list-number} To dialer list nh ngha intersting traffic cho router. dialer-group group-number Nhng dialer list vo mt interface dialer idle-timeout seconds Cu hnh thi gian idle-timeout dialer poolmember number To dialer pool dialer pool number Nhng mt dialer interface vo dialer pool dialer remotename username Cu hnh tn ca router u xa dialer string dialstring Cu hnh s quay kt ni vi router u xa 3. M t bi lab v hnh :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Trong bi Lab ny chng ta s dng hai router c cng BRI v thit b m phng mi trng ISDN. Cp ni t cng BRI ca router n thit b m phng mi trng BRI l cp thng. Chng ta khi to Loopback 0, Loopback 1, Loopback 2 c hai router. a ch cc cng c ch thch ngay trn hnh. Password ca c hai router l : cisco 4. Mc tiu bi lab : Cu hnh kt ni gia hai router thng qua mi trng ISDN trong ch d Dial-on-demand routing (DDR) s dng interface dialer. 5. Cu hnh router : Bc 1 : cu hnh tn router, cc interface loopback v m ng telnet hai router Athena1#sh run Current configuration : 1301 bytes version 12. 1 hostname Athena1 enable password cisco interface Loopback0 ip address 10. 1. 0. 1 255. 255. 255. 0 interface Loopback1 ip address 11. 1. 0. 1 255. 255. 255. 0 interface Loopback2 ip address 12. 1. 0. 1 255. 255. 255. 0 line con 0 line aux 0 line vty 0 4 password cisco login end Athena2#sh run Current configuration : 1204 bytes version 12. 1 hostname Athena2 enable password cisco interface Loopback0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

ip address 13. 1. 0. 1 255. 255. 255. 0 interface Loopback1 ip address 14. 1. 0. 1 255. 255. 255. 0 interface Loopback2 ip address 15. 1. 0. 1 255. 255. 255. 0 line con 0 line aux 0 line vty 0 4 password cisco login end Bc 2 : Cu hnh loi ISDN Switch s dng v s SPID v ldn. S SPID v ldn c cung cp bi nh cung cp dch v ISDN. Athena1#conf t Athena1(config)#isdn switch-type basic-net3 Cu hnh loi ISDN witch Athena1(config)# in bri0 Athena1(config-if)#isdn spid1 21 21 Cu hnh s SPID v ldn Athena2#conf t Athena2(config)#isdn switch-type basic-net3 Athena2(config)# in bri0 Athena2(config-if)#isdn spid1 11 11 Bc 3 : nh tuyn cho cc router y chng ta dng Static route nh tuyn cho cc router ch khng dng cc giao thc nh tuyn ng nh RIP, IGRP L do ta phi dng static route se c gii thch mc Nguyn nhn khng nn dng cc giao thc nh tuyn ng trong cu hnh ISDN DDR Athena1#conf t Athena1(config)#ip route 13. 1. 0. 0 255. 255. 255. 0 192. 168. 0. 2 Athena1(config)#ip route 14. 1. 0. 0 255. 255. 255. 0 192. 168. 0. 2 Athena1(config)#ip route 15. 1. 0. 0 255. 255. 255. 0 192. 168. 0. 2 Athena2#conf t Athena2(config)#ip route 10. 1. 0. 0 255. 255. 255. 0 192. 168. 0. 1 Athena2(config)#ip route 11. 1. 0. 0 255. 255. 255. 0 192. 168. 0. 1 Athena2(config)#ip route 12. 1. 0. 0 255. 255. 255. 0 192. 168. 0. 1 Bc 4 : Cu hnh interesting traffic Router ch thc hin kt ni khi v ch khi gp cc interesting traffic; ngoi ra, router s khng kt ni. Interesting traffic c nh ngha cho router bng : loi traffic, ngun hoc ch n ca mt gi tin. (thng qua access list). Interesting traffic c cu hnh bng cu lnh dialer-list. Trong bi ny, i vi router Athena1, chng ta cu hnh interesting traffic l tt c cc traffic khc traffic telnet n mng 14. 1. 0. 0/24. Chng ta dng Extended access list cu hnh. Athena1#conf t
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Athena1(config)#access-list 101 deny tcp any 14. 1. 0. 0 0. 0. 0. 255 eq telnet Athena1(config)#access-list 101 permit ip any any Athena1(config)#dialer-list 1 protocol ip list 1 i vi router Athena2, cu hnh cc traffic ca mng 13. 1. 0. 0/24 v 14. 1. 0. 0/24 l interesting traffic. Chng ta dng Standard access list cu hnh. Athena2#conf t Athena2(config)#access-list 1 permit 13. 1. 0. 0 0. 0. 0. 255 Athena2(config)#access-list 1 permit 14. 1. 0. 0 0. 0. 0. 255 Athena2(config)#dialer-list 1 protocol ip list 1 Bc 5 : Cu hnh interface dialer cho router Trong bi chng ta s dng PPP thay cho HDLC v PPP c tnh bo mt cao. Mc nh ca router Cisco s dng HDLC. Athena1(config)#username Athena2 password cisco Athena1(config-if)#in bri0 Athena1(config-if)#encapsulation ppp Athena1(config-if)#ppp authentication chap Cu hnh interface BRI0 thuc Athena1(config-if)#dialer pool-member 1 dialer pool 1 Athena1(config-if)#no shut Athena1(config-if)#exit Athena1(config)#in dialer 1 Athena1(config-if)# ip address 192. 168. 0. 1 255. 255. 255. 0 Athena1(config-if)#encapsulation ppp Athena1(config-if)#ppp authentication chap Cu hnh tn router kt ni Athena1(config-if)#dialer remote-name Athena2 Cu hnh s gi cho router Athena1(config-if)#dialer string 11 Cu hnh interface dialer 1 thuc pool 1 Athena1(config-if)#dialer pool 1 Router s ngt kt ni nu nh Athena1(config-if)#dialer idle-timeout 180 khng c traffic no truyn trong khong thi gian cu hnh Athena1(config-if)#dialer-group 1 S dng dialer list 1 cho interface ny Athena1(config-if)#no shut Athena1(config-if)#exit Cu hnh tng t cho router Athena2 Athena2(config)#username Athena1 password cisco Athena2(config-if)#in bri0 Athena2(config-if)#encapsulation ppp Athena2(config-if)#ppp authentication chap Athena2(config-if)#dialer pool-member 1 Athena2(config-if)#no shut Athena2(config-if)#exit Athena2(config)#in dialer 0 Athena2(config-if)# ip address 192. 168. 0. 2 255. 255. 255. 0 Athena2(config-if)#encapsulation ppp
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Athena2(config-if)#ppp authentication chap Athena2(config-if)#dialer remote-name Athena1 Athena2(config-if)#dialer string 21 Athena2(config-if)#dialer pool 1 Athena2(config-if)#dialer idle-timeout 180 Athena2(config-if)#dialer-group 1 Athena2(config-if)#no shut Athena2(config-if)#exit 6. Kim tra kt qu : Kim tra trng thi kt ni ca interface BRI0 Athena1#sh isdn status Global ISDN Switchtype = basic-net3 ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-net3 Layer 1 Status : ACTIVE Layer 2 Status : TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status : 1 Active Layer 3 Call(s) CCB : callid=8004, sapi=0, ces=1, B-chan=1, calltype=DATA Active dsl 0 CCBs = 1 The Free Channel Mask : 0x80000002 Number of L2 Discards = 0, L2 Session ID = 0 Total Allocated ISDN CCBs = 1 Nu cu hnh ng th trng MULTIPLE_FRAME_ESTABLISHED. thi ca Layer 1 l ACTIVE v Layer 2 l
Kim tra cc interesting traffic. ng router Athena2, chng ta ping t interface loopback 1 (14. 1. 0. 1) n interface loopback 2 (12. 1. 0. 1) ca router Athena1 Athena2#ping Protocol [ip] : Target IP address : 12. 1. 0. 1 Repeat count [5] : Datagram size [100] : Timeout in seconds [2] : Extended commands [n] : y Source address or interface : 14. 1. 0. 1 Type of service [0] : Set DF bit in IP header? [no] : Validate reply data? [no] : Data pattern [0xABCD] : Loose, Strict, Record, Timestamp, Verbose[none] :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Sweep range of sizes [n] : Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12. 1. 0. 1, timeout is 2 seconds : 00 : 30 : 15 : %LINK-3-UPDOWN : Interface BRI0 : 1, changed state to up 00 : 30 : 15 : %DIALER-6-BIND : Interface BR0 : 1 bound to profile Di0. !!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 32/35/36 ms 00 : 30 : 16 : %LINEPROTO-5-UPDOWN : Line protocol on Interface BRI0 : 1, changed state to up 00 : 30 : 21 : %ISDN-6-CONNECT : Interface BRI0 : 1 is now connected to 21 Athena1 Nhn xt : ping thnh cng v router Athena2 thc hin kt ni vi router Athena1 s dng interface dialer 0 Chng ta dng cu lnh show isdn active xem nhng thng tin v cuc kt ni hin hnh Athena2#sh isdn active ISDN ACTIVE Call Calling Called Type Number Number Out 21
Remote Name Athena1
Seconds Used 14
Seconds Left 167
Seconds Idle 12
Charges Units/currency 0
Cn 167 giy na th router s ngt kt ni nu nh khng c interesting traffic no gi qua ng kt ni. Chng ta ch khong 180 giy na kim tra vic router ngt kt ni t ng (Lu : khng ping bt c mng no!) Sau 180 giy chng ta s c kt qu nh sau : Athena2# 00 : 33 : 16 : %DIALER-6-UNBIND : Interface BR0 : 1 unbound from profile Di0 00 : 33 : 16 : %ISDN-6-DISCONNECT : Interface BRI0 : 1 disconnected from 21 Athena1, call lasted 181 seconds 00 : 33 : 17 : %LINK-3-UPDOWN : Interface BRI0 : 1, changed state to down 00 : 33 : 18 : %LINEPROTO-5-UPDOWN : Line protocol on Interface BRI0 : 1, changed state to down Router ngt t ng ngt kt ni khi khng c interesting traffic no c gi qua ng truyn. Lm li cc bc trn kim tra cc interesting traffic cn li ca router Athena2. Athena2#ping Protocol [ip] : Target IP address : 10. 1. 0. 1 Repeat count [5] : Datagram size [100] : Timeout in seconds [2] : Extended commands [n] : y Source address or interface : 13. 1. 0. 1 Type of service [0] : Set DF bit in IP header? [no] : Validate reply data? [no] :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Data pattern [0xABCD] : Loose, Strict, Record, Timestamp, Verbose[none] : Sweep range of sizes [n] : Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12. 1. 0. 1, timeout is 2 seconds : 00 : 30 : 15 : %LINK-3-UPDOWN : Interface BRI0 : 1, changed state to up 00 : 30 : 15 : %DIALER-6-BIND : Interface BR0 : 1 bound to profile Di0. !!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 32/35/36 ms 00 : 30 : 16 : %LINEPROTO-5-UPDOWN : Line protocol on Interface BRI0 : 1, changed state to up 00 : 30 : 21 : %ISDN-6-CONNECT : Interface BRI0 : 1 is now connected to 21 Athena1 v sau 180 giy, ta c : Athena2# 00 : 33 : 16 : %DIALER-6-UNBIND : Interface BR0 : 1 unbound from profile Di0 00 : 33 : 16 : %ISDN-6-DISCONNECT : Interface BRI0 : 1 disconnected from 21 Athena1, call lasted 181 seconds 00 : 33 : 17 : %LINK-3-UPDOWN : Interface BRI0 : 1, changed state to down 00 : 33 : 18 : %LINEPROTO-5-UPDOWN : Line protocol on Interface BRI0 : 1, changed state to down Khi ta thc hin ping mt mng no ca router Athena1 t interface loopback 2 (15. 1. 0. 1) th router s khng kt ni. Do cc gi tin t mng 15. 1. 0. 0/24 khng phi l interesting traffic. Athena2#ping Protocol [ip] : Target IP address : 11. 1. 0. 1 Repeat count [5] : Datagram size [100] : Timeout in seconds [2] : Extended commands [n] : y Source address or interface : 15. 1. 0. 1 Type of service [0] : Set DF bit in IP header? [no] : Validate reply data? [no] : Data pattern [0xABCD] : Loose, Strict, Record, Timestamp, Verbose[none] : Sweep range of sizes [n] : Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11. 1. 0. 1, timeout is 2 seconds : ..... Success rate is 0 percent (0/5) Athena2#sh isdn active ISDN ACTIVE Call Calling Called Type Number Number
Remote Name
Seconds Used
Seconds Left
Seconds Idle
Charges Units/currency
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

By gi chng ta se kim tra interesting traffic ca router Athena1. ng router Athena1, chng ta ping n 14. 1. 0. 1 t mt interface loopback bt k. Athena1#ping Protocol [ip] : Target IP address : 14. 1. 0. 1 Repeat count [5] : Datagram size [100] : Timeout in seconds [2] : Extended commands [n] : y Source address or interface : 10. 1. 0. 1 Type of service [0] : Set DF bit in IP header? [no] : Validate reply data? [no] : Data pattern [0xABCD] : Loose, Strict, Record, Timestamp, Verbose[none] : Sweep range of sizes [n] : Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14. 1. 0. 1, timeout is 2 seconds : 00 : 38 : 30 : %LINK-3-UPDOWN : Interface BRI0 : 1, changed state to up 00 : 38 : 30 : %DIALER-6-BIND : Interface BR0 : 1 bound to profile Di1. !!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 32/34/36 ms Athena1# 00 : 38 : 31 : %LINEPROTO-5-UPDOWN : Line protocol on Interface BRI0 : 1, changed state to up Athena1# 00 : 38 : 36 : %ISDN-6-CONNECT : Interface BRI0 : 1 is now connected to 11 Athena2 Nhn xt : router thc hin kt ni vi router Athena2, v gi tin c truyn i. Ch sau 180 giy router t ng ngt kt ni. Sau chng ta thc hin telnet n 14. 1. 0. 1. Athena1#telnet 14. 1. 0. 1 Trying 14. 1. 0. 1. . . % Connection timed out; remote host not responding Nhn xt : chng ta khng th telnet c. Nguyn nhn l do chng ta cm telnet n mng 14. 1. 0. 0 t bt k mt mng no(access-list 101 deny tcp any 14. 1. 0. 0 0. 0. 0. 255 eq telnet). Do , traffic telnet n 14. 1. 0. 1 khng phi l interesting traffic nn router khng thc hin kt ni. Chng ta telnet n 13. 1. 0. 1 : Athena1#telnet 13. 1. 0. 1 Trying 13. 1. 0. 1. . . 00 : 42 : 30 : %LINK-3-UPDOWN : Interface BRI0 : 1, changed state to up 00 : 42 : 30 : %DIALER-6-BIND : Interface BR0 : 1 bound to profile Di1 open 00 : 42 : 31 : %LINEPROTO-5-UPDOWN : Line protocol on Interface BRI0 : 1, changed state to up 00 : 42 : 36 : %ISDN-6-CONNECT : Interface BRI0 : 1 is now connected to 11 Athena2 User Access Verification Password : cisco Chng ta nhp password l cisco telnet vo Athena2 Athena2>
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Nhn xt : router thc hin kt ni. Do chng ta telnet vo mng 13. 1. 0. 0/24 ch khng phi mng 14. 1. 0. 0. y l mt interesting traffic. 7. Nguyn nhn khng nn dng cc giao thc nh tuyn ng trong cu hnh ISDN DDR thy c nguyn nhn chng ta s cu hnh giao thc RIP trn c 2 router thay cho static route.
Chng ta xa NVRAM, reload c hai route trc khi cu hnh li cc router nh sau : Athena1#sh run Building configuration. . . Current configuration : 1205 bytes version 12. 1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Athena1 enable password cisco username Athena2 password cisco isdn switch-type basic-net3 interface Loopback0 ip address 10. 1. 0. 1 255. 255. 255. 0 interface Loopback1 ip address 11. 1. 0. 1 255. 255. 255. 0 interface Loopback2 ip address 12. 1. 0. 1 255. 255. 255. 0 interface BRI0 no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

isdn spid1 21 21 ppp authentication chap interface Dialer1 ip address 192. 168. 0. 1 255. 255. 255. 0 encapsulation ppp dialer pool 1 dialer remote-name Athena2 dialer idle-timeout 180 dialer string 11 dialer-group 1 ppp authentication chap access-list 1 permit any dialer-list 1 protocol ip list 1 router rip network 10. 0. 0. 0 network 11. 0. 0. 0 network 12. 0. 0. 0 network 192. 168. 0. 0 line con 0 line aux 0 line vty 0 4 password cisco login end Athena2#sh run Building configuration. . . Current configuration : 1150 bytes version 12. 1 hostname Athena2 enable password cisco username Athena1 password cisco isdn switch-type basic-net3 interface Loopback0 ip address 13. 1. 0. 1 255. 255. 255. 0 interface Loopback1 ip address 14. 1. 0. 1 255. 255. 255. 0 interface Loopback2 ip address 15. 1. 0. 1 255. 255. 255. 0 interface BRI0 no ip address encapsulation ppp dialer pool-member 1
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

isdn switch-type basic-net3 isdn spid1 11 11 ppp authentication chap interface Dialer0 ip address 192. 168. 0. 2 255. 255. 255. 0 encapsulation ppp dialer pool 1 dialer remote-name Athena1 dialer idle-timeout 180 dialer string 21 dialer-group 1 ppp authentication chap access-list 1 permit any dialer-list 1 protocol ip list 1 router rip network 13. 0. 0. 0 network 14. 0. 0. 0 network 15. 0. 0. 0 network 192. 168. 0. 0 line con 0 line aux 0 line vty 0 4 password cisco login end S dng cu lnh show ip route kim tra li bng nh tuyn ca cc router : Athena2#sh ip Gateway of last resort is not set R 10. 0. 0. 0/8 [120/1] via 192. 168. 0. 1, 00 : 00 : 03, Dialer0 R 11. 0. 0. 0/8 [120/1] via 192. 168. 0. 1, 00 : 00 : 03, Dialer0 192. 168. 0. 0/24 is variably subnetted, 2 subnets, 2 masks C 192. 168. 0. 0/24 is directly connected, Dialer0 C 192. 168. 0. 1/32 is directly connected, Dialer0 R 12. 0. 0. 0/8 [120/1] via 192. 168. 0. 1, 00 : 00 : 03, Dialer0 13. 0. 0. 0/24 is subnetted, 1 subnets C 13. 1. 0. 0 is directly connected, Loopback0 14. 0. 0. 0/24 is subnetted, 1 subnets C 14. 1. 0. 0 is directly connected, Loopback1 15. 0. 0. 0/24 is subnetted, 1 subnets C 15. 1. 0. 0 is directly connected, Loopback2
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Kim tra li kt ni hin hnh bng lnh show isdn active (lc ny hai router kt ni vi nhau, do ta cu hnh tt c cc gi tin u l interesting traffic : access-list 1 permit any nn khi RIP gi cc gi routing update th router t ng kt ni). Athena1#sh isdn active ISDN ACTIVE Call Calling Called Remote Seconds Seconds Seconds Charges Type Number Number Name Used Left Idle Units/currency Out 11 Athena2 350 152 27 0 C sau khong 30 giy chng ta lp li cu lnh show isdn active kim tra thi gian cn li router ngt kt ni (Lu : khng truyn bt k mt traffic no qua li gia hai router ta c c kt qu chnh xc) Athena1#sh isdn active ISDN ACTIVE Call Calling Called Remote Type Number Number Name Out 11 Athena2 Athena1#sh isdn active ISDN ACTIVE Call Calling Called Remote Type Number Number Name Out 11 Athena2 Athena1#sh isdn active ISDN ACTIVE Call Calling Called Remote Type Number Number Name Out 11 Athena2
Seconds Used 359
Seconds Left 171
Seconds Idle 8
Seconds Used 375
Seconds Left 154
Seconds Idle 25
Seconds Used 377
Seconds Left 179
Seconds Idle 0
Nhn xt : thi gian cn li router t ng ngt kt ni (idle-timeout) khng bao gi xung c 0. Do giao thc RIP c 30 giy gi update mt ln. Tng t cho cc giao thc nh tuyn ng khc. Trong trng hp thi gian idle-timeout nh hn 30 giy th router s ng ngt kt ni lin tc. V vy chng ta khng nn s dng nh tuyn ng trong cu hnh ISDN DDR. S dng static route s cho hiu qu cao hn.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 4
Cu hnh Frame Relay cn bn

1. Gii thiu : Frame Relay l k thut m rng ca k thut ISDN. Frame relay s dng k thut chuyn mch gi thit lp mt mng WAN. Frame Relay to ra nhng ng kt ni o ni cc mng LAN li vi nhau to thnh mt mng WAN. Mng Frame Relay s dng cc switch kt ni cc mng li vi nhau. K thut Frame Relay c s dng rng ri ngy nay, do c gi thnh r hn rt nhiu so vi leased line. Frame Relay hot ng lp Data link trong OSI v s dng giao thc LAPF (Link Access Procedure for Frame Relay). Frame Relay s dng cc frame chuyn d liu qua li gia cc thit b u cui ca user (DTE) thng qua cc thit b DCE ca mng Frame Relay. ng kt ni gia hai DTE thng qua mng Frame Relay c gi l mt mch o (VC : Virtual Circuit). Cc VC c thit lp bng cch gi cc thng ip bo hiu (signaling message) n mng; c gi l switched virtual circuits (SVCs). Nhng ngy nay, ngi ta thng s dng permanent virtual circuits (PVCs) to kt ni. PVC l cc ng kt ni c cu hnh trc bi cc Frame Relay Switch v cc thng tin chuyn mch ca gi c lu trong switch. Trong Frame Relay, nu mt frame b li th s b hy ngay m khng c mt thng bo no. Cc router ni vi mng Frame Relay c th c nhiu ng kt ni o n nhiu mng khc nhau. Do , Frame Relay gip chng ta tit kim rt nhiu v khng cn cc mng phi lin kt trc tip vi nhau. Cc ng kt ni o (VC) c cc DLCI (Data Link Channel Identifier) ca ring n. DLCI c cha trong cc frame khi n c chuyn i trong mng Frame Relay. Trong Frame Relay, ngi ta thng s dng mng hnh sao kt ni cc mng LAN vi nhau hnh thnh mt mng WAN (c gi l hub and spoke topology)
Remote4
Remote5
Remote3
Center
Remote1
Remote2
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

trong hnh ny, mng trung tm c gi l hub, cc mng remote1, remote2, remote3, remote4 v remote5 c gi l spoke. Mi spoke ni vi hub bng mt ng kt ni o (VC). Trong hnh trn nu ta mun cc spoke c th lin lc c vi nhau th ch cn to ra cc VC gia cc spoke vi nhau. hnh ny gip ta to ra mt mng WAN c gi thnh r hn rt nhiu so vi s dng leased line, do cc mng ch cn mt ng ni vi mng Frame Relay. Frame Relay s dng split horizon chng lp. Split horizon khng cho php routing update tr ngc v interface gi. V trong frame relay, chng ta c th to nhiu ng PVC trn mt interface vt l, do s b lp nu khng c split horizon. Trong mng WAN s dng leased line, cc DTE c ni trc tip vi nhau nhng trong mng s dng Frame Relay, cc DTE c ni vi nhau thng qua mt mng Frame Relay gm nhiu Switch. Do chng ta phi map a ch lp mng Frame Relay vi a ch IP ca DTE u xa. Chng ta c th map bng cch s dng cc cu lnh. Nhng vic ny c th c thc hin t ng bng LMI v Inverse ARP. LMI (Local Management Interface) c trao i gia DTE v DCE (Frame Relay switch), c dng kim tra hot ng v thng bo tnh trng ca VC, iu khin lung, v cung cp s DLCI cho DTE. LMI c nhiu loi l : cisco (chun ring ca Cisco), ansi (theo chun ANSI Annex D) v q933a (theo chun ITU q933 Annex A). Khi router mi c ni vi mng Frame Relay, router s gi LMI n mng hi tnh trng. Sau mng s gi li router mt thng ip LMI vi cc thng s ca ng VC c cu hnh. Khi router mun map mt VC vi a ch lp mng, router s gi thng ip Inverse ARP bao gm a ch lp mng (IP) ca router trn ng VC n vi DTE u xa. DTE u xa s gi li mt Inverse ARP bao gm a ch lp mng ca n, t router map a ch ny vi s DLCI ca VC. 2. Cc cu lnh s dng trong bi lab : encapsulation framerelay [cisco | ietf] Cu hnh giao thc ng gi Frame Relay cho interface. Router h tr hai loi ng gi Frame Relay l Cisco v ietf. framerelay intftype [dce | dte | nni] Cu hnh cho loi Frame Relay switch cho interface. S dng cho router ng vai tr l mt frame relay switch. framerelay lmitype {ansi | cisco | q933a} Cu hnh loi LMI s dng cho router framerelay route indlci outinterface outdlci To PVC gia cc interface trn router ng vai tr l mt frame relay switch framerelay switching Cu hnh cho router hot ng nh mt frame relay switch show framerelay pvc [type number [dlci]] Xem thng s ca cc ng PVC c cu hnh trm router show framerelay route Xem tnh trng cng nh thng s c cu hnh cho cc ng PVC. Cu lnh ny c s dng cho router ng vai tr l frame relay switch show framerelay map Xem cc thng s v map gia DLCI u gn vi IP u xa show framerelay lmi [type number] Xem cc thng s ca LMI gia router vi Frame relay switch.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

DLCI 102 192.168.1.1/24 S0 Athena1 Lo0 : 10.1.0.1/24 S0 DCE Frameswitch S1 DCE DLCI 201 192.168.1.2/24 S0 Athena2 Lo0 : 11.1.0.1/24
hnh bi lab nh hnh trn. Router FrameSwitch c cu hnh l mt frame relay switch. Hai u cp serial ni vi router FrameSwitch l DCE. Router Athena1 v Athena2 s dng giao thc RIP. 4. Cu hnh router : Chng ta cu hnh cho cc interface ca router Athena1 v Athena2 nh sau : Athena1#sh run Building configuration. . . Current configuration : 599 bytes version 12. 1 hostname Athena1 interface Loopback0 ip address 10. 1. 0. 1 255. 255. 255. 0 interface Serial0 ip address 192. 168. 1. 1 255. 255. 255. 0 router rip network 10. 0. 0. 0 network 192. 168. 1. 0 end Athena2#sh run Building configuration. . . Current configuration : 601 bytes version 12. 1 hostname Athena2 interface Loopback0 ip address 11. 1. 0. 1 255. 255. 255. 0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

interface Serial0 ip address 192. 168. 1. 2 255. 255. 255. 0 router rip network 11. 0. 0. 0 network 192. 168. 1. 0 end Chng ta tin hnh cu hnh frame realy cho hai router Athena1 v Athena2 Athena1(config)#in s0 S dng giao thc ng gi Athena1(config-if)#encapsulation frame-relay Frame Relay cho interface S0 Athena1(config-if)#frame-relay lmi-type ansi Cu hnh kiu ca LMI l ANSI Athena2(config)#in s0 Athena2(config-if)#encapsulation frame-relay Athena2(config-if)#frame-relay lmi-type ansi Sau khi cu hnh frame relay cho router Athena1 v Athena2, chng ta s cu hnh cho router FrameSwitch tr thnh mt frame relay switch nh sau : Cu hnh cho router tr thnh FrameSwitch(config)#frame-relay switching mt Frame Relay Switch FrameSwitch(config)#in s0 FrameSwitch(config-if)#encapsulation frame-relay FrameSwitch(config-if)#frame-relay lmi-type ansi Cu hnh interface serial 0 FrameSwitch(config-if)#frame-relay intf-type dce l Frame Relay DCE FrameSwitch(config-if)#clock rate 64000 Cung cp xung clock 64000 bps cho DTE FrameSwitch(config-if)#frame-relay route 102 interface s1 201 FrameSwitch(config-if)#no shut FrameSwitch(config)#in s1 FrameSwitch(config-if)#encapsulation frame-relay FrameSwitch(config-if)#frame-relay lmi-type ansi FrameSwitch(config-if)#frame-relay intf-type dce FrameSwitch(config-if)#clock rate 64000 FrameSwitch(config-if)#frame-relay route 201 interface s0 102 FrameSwitch(config-if)#no shut Cu lnh frame-relay route 102 interface s1 201 c ngha : bt k mt frame relay traffic no c DLCI l 102 n interface serial 0 ca router s c gi ra interface serial 1 vi DLCI l 201. Tng t cho cu lnh frame-relay route 201 interface s0 102 : bt k frame relay traffic no c DCLI l 201 n interface serial 1 s c gi ra serial 0 vi DLCI l 102. Hai cu lnh trn c s dng to ra mt PVC gia S0 v S1. kim tra xem router FrameSwitch c hot ng nh mt frame relay switch hay cha chng ta s dng cu lnh show frame-relay pvc FrameSwitch#sh frame-relay pvc
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

PVC Statistics for interface Serial0 (Frame Relay DCE) Active Inactive Deleted Local 0 0 0 Switched 1 0 0 0 Unused 0 0 0
Static 0 0
DLCI = 102, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 3 output pkts 3 in bytes 186 out bytes 166 dropped pkts 1 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 3 pvc create time 00 : 01 : 04, last time pvc status changed 00 : 00 : 40 PVC Statistics for interface Serial1 (Frame Relay DCE) Local Switched Unused Active 0 1 0 0 Inactive 0 0 0 Deleted 0 0 0 Static 0 0
DLCI = 201, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial1 input pkts 4 output pkts 3 in bytes 200 out bytes 186 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 3 pvc create time 00 : 00 : 45, last time pvc status changed 00 : 00 : 43 DLCI USAGE ch cho ta bit hai interface S0, S1 hot ng ch frame relay switch v ACTIVE. ng thi thng bo ca cu lnh cn cho ta bit c s gi c chuyn mch qua interface (Num Pkts Switched 3). Nh vy, t kt qu trn ta bit c rng router FrameSwitch ang hot ng nh mt Frame Relay Switch. Chng ta s kim tra tnh trng ca LMI gia router FrameSwitch v hai router Athena1, Athena2 bng cu lnh show frame lmi FrameSwitch#show frame lmi LMI Statistics for interface Serial0 (Frame Relay DCE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Num Status Enq. Rcvd 20 Num Status msgs Sent 20 Num Update Status Sent 0 Num St Enq. Timeouts 0 LMI Statistics for interface Serial1 (Frame Relay DCE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Rcvd 16 Num Status msgs Sent 16 Num Update Status Sent 0 Num St Enq. Timeouts 0 Cu lnh cho ta bit c thng tin ca tt c cc interface ca router hot ng ch Frame relay. ( y l interface S0 v S1) By gi chng ta s kim tra cc frame relay route trn router Frameswitch bng cu lnh show frame route FrameSwitch#sh frame-relay route Input Intf Input Dlci Output Intf Output Dlci Status Serial0 102 Serial1 201 active Serial1 201 Serial0 102 active Kt qu cu lnh cho chng ta bit rng traffic n interface serial 0 vi DLCI 102s c chuyn mch qua serial 1 vi DLCI 201; ngc li, traffic n serial 1 vi DLCI 201 s c chuyn mch qua serial 0 vi DLCI 102. ng thi cu lnh cng ch ra l c hai DLCI u hot ng. Chuyn sang router Athena1, chng ta s kim tra xem DLCI 102 trn interface serial 0 c hot ng hay cha bng cch : Athena1#sh frame-relay pvc PVC Statistics for interface Serial0 (Frame Relay DTE) Active Inactive Deleted Local 1 0 0 0 Switched 0 0 0 Unused 0 0 0 Static 0 0
DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 8 output pkts 7 in bytes 646 out bytes 570 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 7 out bcast bytes 570 pvc create time 00 : 02 : 58, last time pvc status changed 00 : 02 : 38 Nhn xt : Interface serial 0 ca router Athena1 hot ng nh mt frame relay DTE, v DLCI 102 hot ng.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Mc nh Cisco s dng Inverse ARP map a ch IP u xa ca PVC vi DLCI ca interface u gn. Do chng ta khng cn phi thc hin thm bc ny. kim tra vic ny chng ta s dng cu lnh show frame-relay map Athena1#sh frame-relay map Serial0 (up) : ip 192. 168. 1. 2 dlci 102(0xC9, 0x3090), dynamic, broadcast, status defined, active Kt qu cu lnh cho ta bit, DLCI 102 hot ng trn interface serial 0 v c map vi a ch IP 102. 168. 1. 2 ca interface serial 0 Athena2, v vic map ny l t ng. Lp li cc bc tng t kim tra cho router Athena2 Athena2#sh frame-relay pvc PVC Statistics for interface Serial0 (Frame Relay DTE) Active Inactive Deleted Static Local 1 0 0 0 Switched 0 0 0 0 Unused 0 0 0 0 DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 10 output pkts 11 in bytes 858 out bytes 934 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 11 out bcast bytes 934 pvc create time 00 : 04 : 05, last time pvc status changed 00 : 04 : 05 Athena2#sh frame-relay map Serial0 (up) : ip 192. 168. 1. 1 dlci 201(0xC9, 0x3090), dynamic, broadcast, , status defined, active Nhn xt : DLCI 201 hot ng trn interface serial 0 ca Athena2 v c map vi a ch IP 192. 168. 1. 1 By gi chng ta s kim tra cc mng c th lin lc c vi nhau cha bng cch ln lt ng hai router v ping n cc interface loopback ca router u xa. Athena1#ping 11. 1. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11. 1. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms Athena2#ping 10. 1. 0. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. 1. 0. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/64 ms Nh vy, cc mng c th lin lc c vi nhau. V router FrameSwitch thc hin tt chc nng frame relay switch.
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Bi 5
Cu hnh Frame Relay Subinterfaces

1. Gii thiu : Fame relay hu nh rt ph bin trong cng ngh WAN. Frame Relay cung cp nhiu hn cc c tnh v cc li nhun vic kt ni point to- point WAN. Trong mi trng Frame Relay hot ng m bo vic kt ni lm vic th 2 u thit b bn ngoi Frane Relay phi l data terminal equepment (DTE) v mi trng Frame relay switch bn trong phi l data communication equepmet(DCE) Suninterface hot ng ging nh lease lines mi point-to-point suninterface i hi phi chnh subnet ca no. Cu hnh ny c dng trong ng dng n Hub v Spoke 2. M t bi lab v hnh :
Lo0 : 192.168.1.1/24 DLCI 51
S0.102 192.168.4.1/24
Athena1
S0.103 192.168.5.1/24
192.168.4.2/24 S0.201
C PV
C PV
S0
192.168.5.2/24 S0.301
Athena2 DLCI 52 Lo0 : 192.168.2.1/24
S1 Frameswitch S2
Athena3 DLCI 53 Lo0 : 192.168.3.1/24
3. Cu hnh : a) Cu hnh cho router FR-SWITCHING Building configuration. . .
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Current configuration : 1044 bytes ! version 12. 1 hostname switch ! frame-relay switching ! interface Serial0 no ip address encapsulation frame-relay no fair-queue clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 52 interface Serial1 51 frame-relay route 53 interface Serial2 51 ! interface Serial1 no ip address encapsulation frame-relay clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 51 interface Serial0 52 ! interface Serial2 no ip address encapsulation frame-relay clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 51 interface Serial0 53 ! interface Serial3 no ip address shutdown ! interface BRI0 no ip address shutdown ! ip classless ip http server line con 0 line aux 0 line vty 0 4
dng kiu frame relay ansi thc hin route cho cc PVC
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

! end b) Cu hnh cho router Athena3 : Current configuration : 685 bytes ! version 12. 1 hostname Athena3 ! interface Loopback0 ip address 192. 168. 3. 1 255. 255. 255. 0 ! interface Serial0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0. 301 point-to-point ip address 192. 168. 5. 2 255. 255. 255. 0 frame-relay interface-dlci 51 ! router igrp 100 network 192. 168. 3. 0 network 192. 168. 5. 0 ! end c) Cu hnh cho router Athena1 : Building configuration. . . Current configuration : 874 bytes version 12. 1 hostname Athena1 interface Loopback0 ip address 192. 168. 1. 1 255. 255. 255. 0 ! interface Serial0 no ip address encapsulation frame-relay no fair-queue frame-relay lmi-type ansi ! interface Serial0. 102 point-to-point ip address 192. 168. 4. 1 255. 255. 255. 0 frame-relay interface-dlci 52 ! interface Serial0. 103 point-to-point
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

ip address 192. 168. 5. 1 255. 255. 255. 0 frame-relay interface-dlci 53 ! d) Xy dng cu hnh cho router Athena2 Building configuration. . . Current configuration : 686 bytes ! version 12. 1 hostname Athena2 ! interface Loopback0 ip address 192. 168. 2. 1 255. 255. 255. 0 ! interface Serial0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0. 201 point-to-point ip address 192. 168. 4. 2 255. 255. 255. 0 frame-relay interface-dlci 51 router igrp 100 network 192. 168. 2. 0 network 192. 168. 4. 0 end Chng kim tra route map ca cc router bng cu lnh sau : Athena1#sh frame-relay map Serial0. 103 (up) : point-to-point dlci, dlci 53(0x35, 0xC50), broadcast status defined, active Serial0. 102 (up) : point-to-point dlci, dlci 52(0x34, 0xC40), broadcast status defined, active S dng cu lnh show frame-relay pvc kim tra cc ng PVC Athena2#sh frame-relay pvc PVC Statistics for interface Serial0 (Frame Relay DTE) DLCI = 51, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0. 52 input pkts 8 out bytes 2572 in BECN pkts 0 in DE pkts 0 out bcast pkts 14 output pkts 14 in bytes 1448 dropped pkts 0 in FECN pkts 0 out FECN pkts 0 out BECN pkts 0 out DE pkts 0 out bcast bytes 2572
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

pvc create time 00 : 17 : 21, last time pvc status changed 00 : 04 : 16 Chng ta s dng cu lnh sau xem thng tin v LMI Athena1#sh frame-relay lmi LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Sent 74 Num Status msgs Rcvd 37 Num Update Status Rcvd 0 Num Status Timeouts 37 switch#show frame-relay pvc PVC Statistics for interface Serial0 (Frame Relay DCE) DLCI = 52, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 16 output pkts 17 in bytes 1590 out bytes 1621 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 16 pvc create time 00 : 06 : 22, last time pvc status changed 00 : 07 : 02 DLCI = 53, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts17 output pkts 16 in bytes 1620 out bytes 1590 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 17 pvc create time 00 : 06 : 13, last time pvc status changed 00 : 09 : 19 PVC Statistics for interface Serial1 (Frame Relay DCE) DLCI = 51, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial1
By gi chng ta s kim tra trng thi ca cc cng BRI Athena2#sh ip int brief Interface IP-Address OK? Method Status ocol Loopback0 192. 168. 2. 1 YES manual up Serial0 Serial0. 201 unassigned 192. 168. 4. 2 YES unset up YES manual up
Prot up up up
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Serial1 TokenRing0
unassigned unassigned
YES unset administratively down down YES unset administratively down down
Athena2#sh frame-relay map Serial0. 201 (up) : point-to-point dlci, dlci 51(0x33, 0xC30), broadcast status defined, active Chng ta kim tra li bng nh tuyn ca cc router : Athena2#sh ip route Codes : C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192. 168. 4. 0/24 is directly connected, Serial0. 201 I 192. 168. 5. 0/24 [100/10476] via 192. 168. 4. 1, 00 : 00 : 25, Serial0. 201 I 192. 168. 1. 0/24 [100/8976] via 192. 168. 4. 1, 00 : 00 : 25, Serial0. 201 C 192. 168. 2. 0/24 is directly connected, Loopback0 I 192. 168. 3. 0/24 [100/10976] via 192. 168. 4. 1, 00 : 00 : 25, Serial0. 201 Athena2#ping 192. 168. 4. 2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192. 168. 4. 2, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/118/128 ms Athena2#ping 192. 168. 4. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192. 168. 4. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/80 ms Athena3#ping 192. 168. 5. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192. 168. 5. 1, timeout is 2 seconds : !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms Athena2#ping 192. 168. 3. 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192. 168. 3. 1, timeout is 2 seconds :
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/120 ms
Y O ULL
L O V E
T H E
W A Y
W E
M I N D
Y O U R

Cafebook - Info 03 Cac Bai Lab CCNA Tieng Viet Cua Ethena

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cafebook - Info 03 Cac Bai Lab CCNA Tieng Viet Cua Ethena

Uploaded by

Copyright:

Available Formats

Training & Education Network

CCNA ATHENA LAB

Training & Education Network

Training & Education Network

t mt khu truy nhp cho Router

Training & Education Network

t khng c chp nhn 6. Cc loi mt khu cho Router :

Router con0 is now available Press RETURN to get started.

Router(config)#enable secret athena

Cu hnh mt khu bng lnh Line

Training & Education Network

Router(config)#line vty 0 4 Router(config-line)#password class

Training & Education Network

password 7 071D2E595A0C0B password c m ha cp 7

login line vty 0 4 password 7 060503205F5D login ! End

Training & Education Network

Router(config)#no enable secret athena

Bng cch tng t, ta c th g b mt khu cho cc loi mt khu khc.

Cisco Discovery Protocol (CDP)

Training & Education Network

Training & Education Network

Training & Education Network

Training & Education Network

Training & Education Network

gi cdp c gi mi 60 second thi gian gi gi tin l 180 second

Training & Education Network

Training & Education Network

Training & Education Network

Training & Education Network

Training & Education Network

Training & Education Network

Training & Education Network

athena2#show line Tty Typ Tx/Rx

Training & Education Network

0 CTY 1 AUX 9600/9600 * 2 VTY * 3 VTY * 4 VTY 5 VTY 6 VTY -

0/0 0/0 0/0 0/0 0/0 0/0 0/0

Khi phc mt khu cho Cisco Router

Training & Education Network

Training & Education Network

Training & Education Network

enable password cisco ! end

c m ho mt khu enable password l cisco

Bc 3 : Cu hnh li mt khu cho Router :

Training & Education Network

Training & Education Network

Recovery Password cho Switch 2950

Training & Education Network

Training & Education Network

Np IOS IMAGE t TFTP SERVER cho Cisco Router chy t Flash

Ethernet0 192.168.14.1 255.255.255.0

TFTP Sever 192.168.14.0 255.255.255.0

Training & Education Network

Training & Education Network

Training & Education Network

Training & Education Network

Training & Education Network

tn hay a ch ni lu Flash (TFTP Server) Tn file ngun Tn file ch

Training & Education Network

Training & Education Network

Training & Education Network

Np IOS image cho 2 Router chy t Flash

Training & Education Network

Training & Education Network