Professional Documents
Culture Documents
1. GII THIU
2. CI T GNS3
Sau khi chn xong cc IOS theo model cc loi router th nhn Save lu cu hnh li.
Vo Edit > Preferences > Dynamips > Trong mc Excutable Path chn ng dn n
tp tin dynamips.exe trong th mc ci t GNS3 , sau bm vo nt Test kim tra li hot
ng ca Dynamip.
Th chy mt router 2600 khi cu hnh xong GNS3.
Sau khi khi chy router th chng ta nhn thy CPU ln ti 100%, Chng ta s iu
chnh trong Idle PC. Chn dng c du * l tt nht.
GNS3 thng qua vic s dng Dynamips c th to cu ni gia interface trn router o
vi interface trn my tht ,cho php mng o giao tip c vi mng tht, Trn h thng
Windows, th vin Wincap c s dng to kt ni ny .
kt ni cc router o trong GNS3 vi h thng mng tht ta dng thit b Cloud ,gi
s ta cn kt ni t router o n card mng tn l Local Area Connection c a ch l
192.168.1.2
Cu hnh IP trn card my tht.
Add card mng tht Local Area Connection vo Cloud hoc card o Vmware
Thc hin kt ni trn GNS3 gia router vi Cloud.
Phn mm Cisco s dng giao din dng lnh (CLI Command line interface) cho mi
trng console truyn thng. IOS l mt k thut c bn, t c pht trin cho nhiu dng
sn phm khc nhau ca Cisco. Do hot ng c th ca tng IOS s rt khc nhau tu theo
tng loi thit b.
Chng ta c nhiu cch khc nhau truy cp vo giao din CLI ca router. Cch u
tin l kt ni trc tip t my tnh hoc thit b u cui vo cng console trn router. Cch
th hai l s dng ng quay s qua modem hoc kt ni null modem vo cng AUX trn
router. C hai cch trn u khng cn phi cu hnh trc cho router. Cch th ba l telnet vo
router. thit lp phin telnet vo router th trn router t nht phi c mt cng c cu
hnh a ch IP, cc ng vty c cu hnh cho php truy cp v t mt m.
2. CC CH CU HNH ROUTER
Giao din dng lnh ca Cisco s dng cu trc phn cp. Cu trc ny i hi chng ta
mun cu hnh ci g th phi vo ch tng ng. V d: nu chng ta mun cu hnh cng
giao tip no ca router th chng ta phi vo ch cu hnh cng giao tip . T ch ny
tt c cc cu hnh c nhp vo ch c hiu lc i vi cng giao tip tng ng m thi.
Tng ng vi mi ch cu hnh c mt du nhc c trng ring v mt tp lnh ring.
IOS c mt trnh thng dch gi l EXEC. Sau khi chng ta nhp mt cu lnh th EXEC s
thc thi ngay cu lnh .
Chng ta c th cu hnh ngi dng phi nhp mt m trc khi truy nhp vo ch
ny. Ngoi ra, tng thm tnh bo mt chng ta c th cu hnh thm userID. iu ny cho
php ch nhng ngi no c php mi c th truy cp vo router. Ngi qun tr mng phi
ch EXEC c quyn mi c th s dng cc cu lnh cu hnh hoc qun l router. T
ch EXEC c quyn chng ta c th chuyn vo cc ch c khc nhau nh ch cu
hnh ton cc chng hn. Ch EXEC c quyn c xc nh bi du nhc #.
chuyn t ch EXEC ngi dng sang ch EXEC c quyn hn dng lnh en-
able ti du nhc >. Nu mt m c ci t th router s yu cu chng ta nhp mt m.
V l do bo mt nn cc thit b mng Cisco khng hin th mt m trong lc chng ta nhp
chng. Sau khi mt m c nhp vo chnh xc th du nhc > chuyn thnh # cho bit
chng ta ang ch EXEC c quyn. Chng ta g du chm hi (?) du nhc ny th s
thy router hin th ra nhiu cu lnh hn so vi ch EXEC ngi dng.
<output omited> cisco 1721 (68380) processor (revision c) with 3584k/512K bytes
of memory.
Dng trn cho bit dung lng ca b nh chnh v b nh chia s trn router. C mt s
thit b s dng mt phn DRAM lm b nh chia s. Tng hai dung lng trn l dung lng
tht s ca DRAM trn router.
xem dung lng ca b nh flash chng ta dung lnh show flash: Athe-
na_VanCong#show flash
Khi chng ta g du chm hi (?) du nhc th router s hin th danh sch cc lnh
tng ng vi ch cu hnh m chng ta ang . Ch --More-- cui mn hnh cho bit l
phn hin th vn cn tip. xem trang tip theo, chng ta nhn nhanh Spacebar. Cn nu
chng ta mun hin th tip tng dng mt th chng ta nhn phm Enter hoc Return. Chng ta
c th nhn tng dng mt th chng ta nhn phm bt k no khc quay tr v du nhc.
Sau khi chng ta vo c ch EXEC c quyn ri th chng ta g du chm hi
(?), chng ta s thy l danh sch cc cu lnhdung ch ch EXEC c quyn nhiu hn hn
danh sch cc cu lnh m chng ta thy trong ch EXEC ngi dng. Tuy nhin cc tp
lnh ny s khc nhau tu theo cu hnh ca router v tu theo tng phin bn phn mm Cisco
IOS.
Trong giao din ngi dng ca router, router c th c ch h tr son tho cu lnh.
Chng ta c th s dng cc t hp phm di chuyn con tr trn dng lnh m chng ta ang
vit khi chng ta cn phi chnh sa cu lnh . Trong cc phin bn phn mm hin nay, ch
h tr son tho cu lnh l hon ton t ng. Tuy nhin nu ch ny ln nh hng khi
chng ta bit cc script th chng ta cth tt bng lnh terminal no editing trong ch EXEC
c quyn.
Khi son tho cu lnh, mn hnh s cun ngang khi cu lnh di qu mt hang. Khi con
tr n ht l phi th dng lnh s dch sang tri 10 khong trng. Khi 10 k t u tin ca
cu lnh s khng nhn thy c trn mn hnh na. Chng ta c th cun li xem bng
cch nhn Ctrl-B hoc nhn phm mi tn () cho ti khi mn hnh cun ti u cu lnh.
Hoc chng ta c th nhn Ctrl-A chuyn ngay v u dng lnh.
Ngoi ra, hu ht cc router u c them chc nng cho chng ta nh du khi v copy.
Nh chng ta c th copy cu lnh trc ri dn hoc chn vo cu lnh hin ti.
2.3. X l li cu lnh
Sau khi chng ta g xong cu lnh ri nhn phm Enter m cu lnh b sai th chng ta
cth dng phm mi tn () gi cu lnhva mi nhp. Sau chng ta dng ccphm mi
tn sang phi, sang tri di chuyn con tr ti v tr b sai sa li. Nu cn xo cc k t th
chng ta c th dng phm <backspace>.
3. CU HNH ROUTER
Cu hnh router cho router thc hin nhiu chc nng mng phc tp l mt cng vic
y th thch. Tuy nhin bc bt u cu hnh router th khng kh lm. Nu ngay t bc
ny chng ta c gng thc hnh nhiu lm quen v nm vng c cc bc di chuyn gia
cc ch cu hnh ca router th cng vic cu hnh phc tp v sau s tr nn n gin hn
rt nhiu. Trong phn ny s gii thiu v cc ch cu hnh c bn ca router v mt s lnh
cu hnh n gin.
Chng ta dng lnh exit tr v ch cu hnh ton cc hoc chng ta dng phm
Ctrl-Z quay v thng ch EXEC c quyn.
Cng vic u tin khi cu hnh router l t tn cho router. Trong ch cu hnh ton
cc, chng ta dng lnh sau:
Router(config)#hostname Athena_VanCong
Athena_VanCong(config)#
Ngay sau khi chng ta nhn phm Enter thc thi cu lnh chng ta s thy du nhc
i ttn mc nh (Router) sang tn m chng ta va mi t (Athena_VanCong).
Athena_VanCong(config)#line console 0
Athena_VanCong(config-line)#password <password>
Athena_VanCong(config-line)#login
Chng ta cng cn t mt m cho mt hoc nhiu ng vty kim sot cc user truy
nhp t xa vo router v Telnet. Thng thng Cisco router c 5 ng vty vi th t t 0 n
4. Chng ta thng s dng mt mt m cho tt c cc ng vty, nhng i khi chng ta nn
t thm mt m ring cho mt ng d phng khi c 4 ng kia u ang c s dng.
Sau y l cc lnh cn s dng t mt m cho ng vty:
Athena_VanCong(config)#line vty 0 4
Athena_VanCong(config-line)#password <password>
Athena_VanCong(config-line)#login
Chng ta c rt nhiu lnh show c dng kim tra ni dung cc tp tin trn router v
tm ra s c. Trong c hai ch EXEC c quyn v EXEC ngi dng, khi chng ta g
show? Th chng ta s xem c danh sch cc lnh show. ng nhin l s lnh show dng
c trong ch EXEC c quyn s nhiu hn trong ch EXEC ngi dng.
Mt s lnh show nh :
Cng serial cn phi c tn hiu clock iu khin thi gian thc hin thng tin lin lc.
Trong hu ht cc trng hp, thit b DCE, v d nh CSU, s l thit b cung cp tn hiu
clock. Mc nh th Cisco router lad thit b DTE nhng chng ta c th cu hnh chng thnh
thit b DCE.
kim tra nhng g m chng ta va mi thay i, chng ta dng lnh show running-
config. Lnh ny s hin th ni dung ca tp tin cu hnh hin ti. Nu kt qu hin th c
nhng c nhng chi tit khng ng th chng ta c th chnh sa li bng cch thc hin mt
hoc nhiu cch sau:
Trong mt t chc vic pht cc quy nh dnh cho cc tp tin cu hnh l rt cn thit.
T ta c th kim sot c cc tp tin no cn bo tr, lu cc tp tin u v nh th no.
Trn cc cng giao tip chng ta nn ghi ch li mt s thng tin quan trng, v d nh
ch s mch m cng ny kt ni vo, hay thng tin vo router khc, v phn on mng m
cng ny kt ni n. Da vo cc cu ch thch ny, ngi qun tr mng c th bit c l
cng giao tip ny kt ni vo u.
Cu ch thch ch n gin l ghi ch thm cho cc cng giao tip, ngoi ra n hon ton
khng c tc ng g i vi hot ng ca router nhng li gip cho tp tin cu hnh c r
rng hn, gip cho vic xc nh s c c nhanh hn.
Athena_VanCong#configure terminal
Athena_VanCong(config)#interface <interface>
Athena_VanCong(config-if)# description <Ch thch>
3.7.3. Thng ip ng nhp
i vi nh tuyn tnh ,cc thng tin v ng i phi do ngi qun tr mng nhp cho
router .Khi cu trc mng c bt k thay i no th chnh ngi qun tr mng phi xo hoc
thm cc thng tin v ng i cho router .Nhng loi ng i nh vy gi l ng i c
nh .i vi h thng mng ln th cng vic bo tr mng nh tuyn cho router nh trn tn
rt nhiu thi gian .Cn i vi h thng mng nh ,t c thay i th cng vic ny mt
cng hn .Chnh v nh tuyn tnh i hi ngi qun tr mng phi cu hnh mi thng tin v
ng i cho router nn n khng c c tnh linh hot nh nh tuyn ng .Trong nhng h
thng mng ln ,nh tuyn tnh thng c s dng kt hp vi giao thc nh tuyn ng
cho mt s mc ch c bit.
Ngi qun tr mng cu hnh ng c nh cho router bng lnh iproute.C php ca
lnh iproute.
1.4. Cu hnh ng c nh
Giao thc nh tuyn khc vi giao thc c nh tuyn c v chc nng v nhim v
.Giao thc nh tuyn c s dng giao tip gia cc router vi nhau.Giao thc nh tuyn
cho php router ny chia s cc thng tin nh tuyn m n bit cho cc router khc .T ,cc
router c th xy dng v bo tr bng nh tuyn ca n.
Vi h thng t qun (AS) ,ton b h thng mng ton cu c chia ra thnh nhiu
mng nh, d qun l hn.Mi AS c mt s AS ring ,khng trng lp vi bt k AS khc ,v
mi AS c c ch qun tr ring ca mnh .
nh tuyn theo vect khong cch thc hin truyn bn sao ca bng nh tuyn t rou-
ter ny sang router khc theo nh k .Vic cp nht nh k gia cc router gip trao i thng
tin khi cu trc mng thay i .Thut ton nh tuyn theo vct khong cch cn c gi l
thut ton Bellman-Ford.
Mi router nhn c bng nh tuyn ca nhng router lng ging kt ni trc tip vi
n .V d router B nhn c thng tin t router A .Sau router B s cng thm khong cch
t router B n router (v d nh tng s hop ln )vo cc thng tin nh tuyn nhn c t
A.Khi router B s c bng nh tuyn mi v truyn bng nh tuyn ny cho router lng
ging khc l router C.Qu trnh ny xy ra tng t cho tt c cc router lng ging khc.
Chuyn bng nh tuyn cho router lng ging theo nh k v tnh li vect khong
cch.
Routerthuthpthngtinvkhongcchnccmngkhc,tnxydng
vbotrmtcsdliuvthngtinnhtuyntrongmng. Tuynhin,hot
ngtheothuttonvectkhong cchnhvythrouterskhngbitc
chnhxccutrccatonbhthng mngmchbitcccrouterlng
gingktnitrctipvinmthi.
3.1.3. Li nh tuyn lp v gi tr ti a
Nguyn nhn l do cp nht sai v Mng 1 ca router B, C, D khi cp nht sai bng nh
tuyn ca nhau trong khi router A cha cp nht cho cc router cn li v mng 1. iu ny s
b lp vng nh vy hoi cho n khi no c mt tin trnh khc ct t c qu trnh ny.
Tnh trng nh vy gi l m v hn, gi d liu s b lp vng trn mng trong khi thc t l
Mng 1 b ngt.
Vi vect khong cch s dng thng s l s lng hop th mi khi router chuyn thng
tin cp nht cho router khc ,ch s hop s tng ln 1.Nu khng c bin php khc phc tnh
trng m v hn ,th c nh vy ch s hop s tng ln n v hn.
Bn thn thut ton nh tuyn theo vect khong cch c th t sa li c nhng qu
trnh lp vng ny c th ko di n khi no m n v hn. Do trnh tnh trng li ny
ko di, giao thc nh tuyn theo vect khong cch nh ngha gi tr ti a.
Bng cch ny ,giao thc nh tuyn cho php vng lp ko di n khi thng s nh
tuyn vt qua gi tr ti a. V d nh hnh v di, khi thng s nh tuyn l 16 hop ln hn
gi tr ti a l 15 th thng tin cp nht s b router hu b. Trong bt k trng hp no,
khi gi tr ca thng s nh tuyn vt qua gi tr ti a th xem nh mng l khng n
c.
Khi mng x b ngt ,Router s s dng route poisoning bng cch t gi tr 16 trn bng
nh tuyn cho bit mng ny khng n c na .
C ch cp nht tc thi cho ton b mng khi c s thay i trong cu trc mng gip
cho cc router c cp nht kp thi v khi ng thi gian holddown nhanh hn.
V d nh router C cp nht tc thi ngay khi mng 10.4.0.0 khng truy cp c na.
Khi nhn c thng tin ny, router B cng pht thng bo v mng 10.4.0.0 ra cng S0/1. n
lt router A cng s pht thng bo ra cng Fa0/0.NetWordk 10.4.0.0 is unreachable
Khi router nhn c t router lng ging mt thng tin cho bit l mt mng X no
by gi khng truy cp c na th router s nh du vo con ng ti mng X l khng
truy cp c na v khi ng thi gian holddown. Trong khong thi gian holddown ny,
nu router nhn c thng tin cp nht t chnh router lng ring lc ny thng bo l mng X
truy cp li c th router mi cp nht thng tin v kt thc thi gian holddown.
Trong sut thi gian holddown nt router nhn c thng tin cp nht t mt router lng
ring khc (khng phi l router lng ging pht thng tin cp nht v mng X lc ny)
nhng thng tin ny cho bit c ng n mng X vi thng s nh tuyn tt hn con ng
m router trc th n s b qua, khng cp nht thng tin ny. C ch na gip cho router
trnh c vic cp nht nhm nhng thng tin c do cc router lng ging cha hay bit g v
vic mng X khng truy cp c na. Khng thi gian holddown bo m cho tt c cc
router trong h thng mng c cp nht xong v thng tin mi. Sau khi thi gian hold-
down ht thi hn, tt c cc router trong h thng u c cp nht l mng X khng truy
cp c na, khi cc router u c th nhn bit chnh xc v cu trc mng. Do , sau
khi thi gian holddown kt thc th cc router li cp nht thng tin nh bnh thng.
Thut ton nh tuyn theo trng thi ng lin kt l thut ton Dijkstras hay cn gi l
thut ton SPF (Shortest Path First tm ng ngn nht).Thut ton nh tuyn theo trng thi
ng lin kt thc hin vic xy dng v bo tr mt c s d liu y v cu trc ca ton
b h thng mng.
Qu trnh thu thp thng tin mng thc hin nh tuyn theo trng thi ng lin kt:
Mi router tin hnh xy dng li cu trc mng theo dng hnh cy vi bn than n l
gc ,t router v ra tt c cc ng i ti tt c cc mng trong h thng. Sau thut ton
SPF chn ng ngn nht a vo bng nh tuyn. Trn bng nh tuyn s cha thng tin
v cc ng i c chn vi cng ra tng ng.Bn cnh , router vn tip tc duy tr c
s d liu v cu trc h thng mng v trng thi ca cc ng lin kt. Router no pht hin
cu trc mng thay i u tin s pht thng tin cp nht cho tt c cc router
khc.Router pht gi LSA, trong c thng tin v router mi, cc thay i v trng thi
ng lin kt. Gi LSA ny c pht i cho tt c cc router khc.
Mi router c c s d liu ring v cu trc mng v thut ton SPF thc hin tnh ton
da trn c s d liu ny .
Quyt nh chn ng i
Chuyn mch
Chuyn mch l qu trnh m router thc hin chuyn gi t cng nhn vo ra cng
pht i .im quan trng ca qu trnh ny l router phi ng gi d liu cho ph hp vi
ng truyn m gi chun b i ra
Lnh router dng khi ng giao thc nh tuyn .Lnh network dng khai bo cc
cng giao tip trn router m ta mun giao thc nh tuyn gi v nhn cc thng tin cp nht
v nh tuyn .
RIP (Routing Information Protocol) l mt giao thc nh tuyn theo vect khong cch
c s dng rng ri trn th gii .Mc d RIP khng c nhng kh nng v c im nh
nhng giao thc nh tuyn khc nhng RIP da trn nhng chun m v s dng n gin
nn vn c cc nh qun tr mng a dng .Do RIP l mt giao thc tt ngi hc v
mng bc u lm quen, sau y l cc c im chnh ca RIP :
L giao thc nh tuyn theo vect khong cch
S dng s lng hop lm thng s chn ng i
Nu s lng hop ti ch ln hn 15 th gi d liu s b hu b
Cp nht theo nh k mc nh l 30 giy
4.2. Tin trnh ca RIP
RIP c pht trin trong nhiu nm bt u t phin bn 1 (RIPv1). RIP ch l giao thc
nh tuyn theo lp a ch cho n phin bn 2(RIPv2)
RIP tr thnh giao thc nh tuyn khng theo lp a ch. RIPv2 c nhng u im hn
nh sau:
RIP trnh nh tuyn lp vng m n v hn bng cch gii hn s lng hop t a cho
php t my gi n my nhn, s lng hop ti a cho mi con ng l 15. i vi cc con
ng m router nhn c t thng tin cp nht ca router lng ging, router s tng ch s
hop ln 1 v router xem bn thn n cng l 1 hop trn ng i. Nu sau khi tng ch s hop
ln 1 m ch s ny ln hn 15 th router s xem nh mng ch khng tng ng vi con
ng ny khng n c. Ngoi ra, RIP cng c nhng c tnh tng t nh cc giao thc
nh tuyn khc. V d nh : RIP cng c horizon v thi gian holddown trnh cp nht
thng tin nh tuyn khng chnh xc.
RIP s dng thut ton nh tuyn theo vect khong cch. Nu c nhiu ng n cng
mt ch th RIP s chn ng c s hop t nht. Chnh v ch da vo s lng hop chn
ng nn i khi con ng m RIP chn khng phi l ng nhanh nht n ch.
RIPv1 cho php cc router cp nht bng nh tuyn ca chng theo chu k mc nh l
30 giy. Vic gi thng tin nh tuyn cp nht lin tc nh vy gip cho topo mng c xy
dng nhanh chng. trnh b lp vng v tn, RIP gii hn s hop ti a chuyn gi l 15
hop. Nu mt mng ch xa hn 15 router th xem nh mng ch khng th ti c v gi
d liu. s b hu b . iu ny lm gii hn kh nng m rng ca RIP , RIPv1 s dng c
ch split horizon chng lp vng. Vi c ch ny khi gi thng tin nh tuyn ra mt cng
giao tip , RIPv1 router khng gi ngc tr li cc thng tin nh tuyn m n hc c t
chnh cng d, RIPv1 cn s dng thi gian holddown chng lp vng. Khi nhn c mt
thng bo v mt mng ch b s c, router s khi ng thi gian holddown. Trong sut
khong thi gian holddown router s khng cp nht tt c cc thng tin c thng s nh tuyn
xu hn v mng ch .
RIPv2 c pht trin t RIPv1 nn n cng c cc c tnh nh trn RIPv2 cng l giao
thc nh tuyn theo vect khong cch s dng s lng hop lm thng s nh tuyn duy
nht . RIPv2 cng s dng thi gian holddown v c ch split horizon trnh lp vng. Sau
y l cc im khc nhau gia RIPv1 v RIPv2:
RIPv1 RIPv2
Cuhnhngin Cuhnhngin
nhtuyntheolpach nhtuynkhngtheolpach
Khng gi thng tin v subnet Cgithngtinvsubnetmasktrongthngtin
masktrongthngtin nhtuyn. nhtuyn.
KhnghtrVLSM.Dottcccmng trong HtrVLSM.Ccmngtrongh
h thng RIPv1phi c cngsubnetmask. thngIPv2cthcchiudisubnetmask
khcnhau.
Khng c c ch xc minh thng tin nh C c ch xc minh thng tin nhtuyn.
tuyn.
Gi qung b theo a ch255.255.255.255. Gimulticasttheoach224.0.0.9nnhiuquh
n.
Lnh router rip dng khi ng RIP. Lnh network khai bo a ch mng IP tham gia
v tin trnh nh tuyn. Cng no ca router c a ch IP ri vo trong a ch mng c khai
bo lnh network th cng s tham gia vo qu trnh gi v nhn thng tin nh tuyn cp
nht. Mt khc lnh network cng khai bo nhng a ch mng m router s thc hin qung
co v mng .
Lnh router rip version 2 xc nh RIPv2 c chn lm giao thc nh tuyn chy trn
router.
Chng ta c th cu hnh cho RIP thc hin cp nht tc thi khi cu trc mng thay i
bng lnh ip rip triggered. Lnh ny ch p dng cho cng serial ca router. Khi cu trc mng
thay i, router no nhn bit c s thay i u tin s cp nht vo bng nh tuyn ca n
trc, sau n lp tc gi thng tin cp nht cho cc router khc thng bo v s thay i
. Hot ng ny l cp nht tc thi va n xy ra hon ton c lp vi cp nht inh k.
RIP l giao thc broadcast. Do , khi mun chy RIP trong mng non-broadcast nh
Frame Relay th ta cn phi khai bo cc router RIP lng ging bng lnh sau:
Phn mn Cisco IOS mc nhin nhn gi thng tin ca c RIP phin bn 1 v 2 nhng
ch gi i gi thng tin bng RIP phin bn 1. Nh qun tr mng c th cu hnh cho router ch
gi v nhn gi phin bn 1 hoc l ch gi gi phin bn 2bng cc lnh sau:
ng mc nh cng do ngi qun tr mng cu hnh bng tay cho router. Trong
khai bo ng mc nh s dng khi router khng bit ng n ch. Vi ng mc
nh nh tuyn router s dc ngn gn hn. Khi gi d liu c a ch mng ch m router s
gi n ra ng mc nh.
C nhiu lnh c th s dng kim tra cu hnh RIP c ng hay khng. Trong hai
lnh thng c s dng nhiu nht l show ip route v show ip protocols.
Lnh show ip protocols s hin th cc giao thc nh tuyn IP ang c chy trn rou-
ter. lnh ny cho thy router c cu hnh vi RIP khng nhn c bt k thng tin cp nht
no t mt router lng ging trong 180 giy hoc hn th nhng con ng hc c t router
lng ging s c xem l khng cn gi tr. Nu vn khng nhn thng tin cp nht g c
th sau 240 giy, cc con ng ny s b xo khi bng nh tuyn . Trong hnh router Athe-
na_VanCong nhn c cp nht mi nhtt router 2 cch y 8 giy. thi gian holddown 180
giy. Khi c mt con ng c thng bo l b ngt con ng sc t vo trng
thi holddown trong 180 giy.
Router c th thc hin chn lc thng tin nh tuyn khi cp nht hoc khi gi thng tin
cp nht. i vi router s dng giao thc nh tuyn theo vect khong cch, c ch ny c
tc dng v router nh tuyn da trn cc thng tin nh tuyn nhn c t cc router lng
ging. Tuy nhin, i vi cc router s dng giao thc nh tuyn theo trng thi ng lin kt
th c ch trn khng hiu qu v cc giao thc nh tuyn ny quyt nh chn ng i da
trn c s d liu v trng thi cc ng lin kt ch khng da vo thng tin nh tuyn
nhn c. Chnh v vy m cch thc hin ngn khng cho router gi thng tin nh tuyn
ra mt cng giao tip c cp di y ch s dng cho cc giao thc nh tuyn theo
vect khong cch nh RIP, IGRP thi.
Chng ta c th s dng lnh passive interface ngn khng cho router gi thng tin
cp nht v nh tuyn ra mt cng no . Lm nh vy th chng ta s ngn c h thng
mng khc hc c cc thng tin nh tuyn trong h thng ca mnh.
Khi nh tuyn IP, Cisco IOS c hai c ch chia ti l: chia ti theo gi d liu v chia ti
theo a ch ch. Nu router chuyn mch theo tin trnh th router s chia gi d liu ra cc
ng. Cn nu router chuyn mch nhanh th router s chuyn tt c gi d liu n cng mt
mng ich th s ti ra ng k tip. Cch ny gi l chia ti theo a ch ch.
OSPF l giao thc nh tuyn theo trng thi ng lin c trin khai da trn cc
chun m. OSPF c m t trong nhiu chun ca IETF (Internet Engineering Task Force).
Chun m y c ngha l OSPF hon ton m i vi cng cng, khng c tnh c quyn.
Nu so snh vi RIPv1 v v2 th OSPF l mt giao thc nh tuyn ni vi IGP tt hn v
kh nng m rng ca n. RIP ch gii hn trong 15 hop, hi t chm v i khi chn ng
c tc chm v khi quyt nh chn ng n khng quan tm n cc yu t quan trng
khc nh bng thng chng hn. OSPF khc phc c cc nhc im ca RIP v n l mt
giao thc nh tuyn mnh, c kh nng m rng, ph hp vi cc h thng mng hin i.
OSPF c th c cu hnh n vng s dng cho cc mng nh.
Mng OSPF ln cn s dng thit k phn cp v chia thnh nhiu vng. Cc vng ny
u c kt ni vo cng phn phi la vng 0 hay cn gi l vng xng sng (backbone).
Kiu thit k ny cho php kim sot hot ng cp nht nh tuyn. Vic phn vng nh vy
lm gim ti ca hot ng nh tuyn, tng tc hi t, gii hn s thay i ca h thng
mng vo tng vng v tng hiu sut hot ng
OSPF thc hin thu thp thng tin v trng thi cc ng lin kt t cc router lng
ging. Mi router OSPF qung co trng thi cc ng lin kt ca n v chuyn tip cc
thng tin m n nhn c cho tt c cc lng ging khc.
Mi router gi mt danh sch cc lng ging thn mt, danh sch ny gi l c s d liu
cc lng ging thn mt. Cc lng ging c gi l thn mt l nhng lng ging m router c
thit lp mi quan h hai chiu. Mt router c th c nhiu lng ging nhng khng phi lng
ging no cng c mi quan h thn mt. Do chng ta cn lu mi quan h lng ging
khc vi mi quan h lng ging thn mt, hay gi tt l mi quan h thn mt. i vi mi
router danh sch lng ging thn mt s khc nhau.
gim bt s lng trao i thng tin nh tuyn vi nhiu router lng ging trong
cng mt mng, cc router OSPF bu ra mt router i din gi l Designated router (DR) v
mt router i din d phng gi l Backup Designated (BDR) lm im tp trung cc thng
tin nh tuyn.
Trc tin, chng ta cn khi ng tin trnh nh tuyn OSPF trn router, khai bo a
ch mng v ch s vng. a ch mng c khai bo km theo wildcard mask ch khng phi
l subnet mask. Ch s danh nh (ID) ca vng c vit di dng s hoc di dng s thp
phn c du chm tng t nh IP.
khi ng nh tuyn OSPF chng ta dng lnh sau trong ch cu hnh ton cc:
Khi tin trnh OSPF bt u hot ng, Cisco IOS s dng a ch IP ln nht ang hot
ng trn router lm router ID. Nu khng c cng no ang hot ng th tin trnh OSPF
khng th bt u c. Khi router chn a ch IP ca mt cng lm router ID v sau
cng ny b s c th tin trnh s b mt router ID. Khi tin trnh OSPF s bi ngng hot
ng cho n khi cng hot ng tr li.
Chng ta nn s dng cng loopback cho mi router chy OSPF. Cng loopback ny nn
c cu hnh vi a ch c subnet mask l 255.255.255.255. a ch 32-bit subnet mask nh
vy gi l host mask v subnet mask ny xc nh mt a ch mng ch c mt host. Khi OSPF
pht qung co v mng loopback, OSPF s lun lun qung co loopback nh l mt host vi
32-bit mask.
Trong mng qung b a truy cp c th c nhiu hn hai router. Do , OSPF bu ra
mt router i din (DR Designated Router) lm im tp trung tt c cc thng tin qung
co v cp nht v trng thi ca cc ng lin kt. V vai tr ca DR rt quan trng nn mt
router i din d phng (BDR Backup Designated Router) cng c bu ra thay th khi
DR b s c.
thay i gi tr u tin OSPF, chng ta dng lnh ip ospf priority trn cng no cn
thay i. Chng ta dng lnh showip ospf interface c th xem c gi tr u tin ca cng v
nhiu thng tin quan trng khc.
Router(config-router)#areaarea-number authentication
Cc router OSPF bt buc phi c khong thi gian hello v khong thi gian bt ng
vi nhau mi c th thc hin trao i thng tin vi nhau. Mc nh, khong thi gian bt ng
bng bn ln khong thi gian hello. iu ny c ngha l mt router c n 4 c hi gi gi
hello trc khi n xc nh l cht.
Trong mng OSPF qung b, khong thi gian hello mc nh l 10 giy, khong thi
gian bt ng mc nh l 40 giy. Trong mng khng qung b, khong thi gian hello mc
nh l 30 giy v khong thi gian bt ng mc nh l 120 giy. Cc gi tr mc nh ny c
nh hng n hiu qu hot ng ca OSPF v i khi chng ta cn phi thay i chng.
Ngi qun tr mng c php la chn gi tr cho hai khong thi gian ny. tng
hiu qu hot ng ca mng chng ta cn u tin thay i gi tr ca hai khong thi gian ny.
Tuy nhin, cc gi tr ny phi c cu hnh ging nhau cho mi router lng ging kt ni vi
nhau.
cu hnh khong thi gian hello v khong thi gian bt ng trn mt cng ca rou-
ter, chng ta s dng cu lnh sau:
Trong cu hnh nh tuyn OSPF vic m bo tnh chnh xc ca cc thng tin sau cng
v cng quan trng:
kim tra cu hnh OSPF chng ta c th dng cc lnh show c lit k cc lnh
show hu dng cho chng ta khi tm s c ca OSPF nh sau:
Show ip protocol - Hin th cc thng tin v thng s thi gian, thng s nhtuyn,
mng nh tuyn v nhiu thng tin khc ca tt ccc giao thc nh tuyn ang hot
ng trn router.
Show ip ospf interface - Lnh ny cho bit cng ca router c cu hnh ngvi
vng m n thuc v hay khng. Nu cng loopback khng c cu hnh th ghi a ch
IP ca cng vt l no c gi tr ln nht s c chn lm router ID. Lnh ny cng
hin th cc thng s ca khong thi gian hello v khong thi gian bt ng trn cng
, ng thi cho bit cc router lng ging thn mt kt ni vo cng.
Show ip ospf - Lnh ny cho bit s ln s dng thut ton SPF, ngthi cho bit
khong thi gian cp nht khi mng khng c gthay i.
Show ip ospfneighbor detail - Lit k chi tit cc lng ging, gi tr u tin ca chng
vtrng thi ca chng.
Show ip ospfdatabase - Hin th ni dung ca c s d liu v cu trc h thngmng
trn router, ng thi cho bit router ID, ID ca tin trnh OSPF.
Hn na, EIGRP cn thay th c cho giao thc Novell Routing Information Protocol
(Novell RIP) v Apple Talk Routing Table Maintenance Protocol (RTMP) phc v
hiu qu cho c hai mng IPX v Apple Talk.
EIGRP l mt la chn l tng cho cc mng ln, a giao thc c xy dng da trn
cc Cisco router.
6.2. Cc c im ca EIGRP
EIGRP hot ng khc vi IGRP. V bn cht EIGRP l mt giao thc nh tuyn theo
vect khong cch nng cao nhng khi cp nht v bo tr thng tin lng ging v thng tin
nh tuyn th n lm vic ging nh mt giao thc nh tuyn theo trng thi ng lin kt.
Sau y l cc u im ca EIGRP so vi giao thc nh tuyn theo vect khong cch
thng thng:
Tc hi t nhanh.
S dng bng thng hiu qu.
C h tr VLSM (Variable Length Subnet Mask) v CIDR (Classless Interdomain
Routing). Khng ging nh IGRP, EIGRP c trao i thng tin v subnet mask nn n
h tr c cho h thng IP khng theo lp.
H tr nhiu giao thc mng khc nhau.
Khng ph thuc vo giao thc nh tuyn. Nh cu trc tng phn ring bit tng ng
vi tng giao thc m EIGRP khng cn phi chnh sa lu. V d nh khi pht trin
h tr mt giao thc mi nh IP chng hn, EIGRP cn phi c thm phn mi tng
ng cho IP nhng hon ton khng cn phi vit li EIGRP.
EIGRP s dng bng thng hiu qu v n ch gi thng tin cp nht mt phn v gii
hn ch khng gi ton b bng nh tuyn. Nh vy n ch tn mt lng bng thng ti thiu
khi h thng mng n nh. iu ny tng t nh hot ng cp nht ca OSPF, nhng
khng ging nh router OSPF, router EIGRP ch gi thng tin cp nht mt phn cho router
no cn thng tin m thi, ch khng gi cho mi router khc trong vng nh OSPF. Chnh
v vy m hot ng cp nht ca EIGRP gi l cp nht gii hn. Thay v hot ng cp nht
theo chu k, cc router EIGRP gi lin lc vi nhau bng cc gi hello rt nh. Vic trao i
cc gi hello theo nh k khng chim nhiu bng thng ng truyn.
EIGRP c th h tr cho IP, IPX v Apple Talk nh c cu trc tng phn theo giao thc
(PDMs Protocol-dependent modules). EIGRP c th phn phi thng tin ca IPX RIP v SAP
ci tin hot ng ton din. Trn thc t, EIGRP c th iu khin hai giao thc ny. Rou-
ter EIGRP nhn thng tin nh tuyn v dch v, ch cp nht cho cc router khc khi thng tin
trong bng nh tuyn hay bng SAP thay i.
EIGRP cn c th iu khin giao thc Apple Talk Routing Table Maintenance Protocol
(RTMP). RTMP s dng s lng hop chn ng nn kh nng chn ng khng c
tt lm. Do , EIGRP s dng thng s nh tuyn tng hp cu hnh c chn ng tt
nht cho mng Apple Talk. L mt giao thc nh tuyn theo vect khong cch, RTMP thc
hin trao i ton b thng tin nh tuyn theo chu k. gim bt s qu ti ny, EIGRP thc
hin phn phi thng tin nh tuyn Apple Talk khi c s kin thay i m thi. Tuy nhin,
Apple Talk client cng mun nhn thng tin RTMP t cc router ni b, do EIGRP dng
cho Apple Talk ch nn chy trong mng khng c client, v d nh cc lin kt WAN chng
hn.
Router(config-router)#network network-number
Khi cu hnh cng serial s dng trong EIGRP, vic quan trng l cn t bng thng
cho cng ny. Nu chng ta khng thay i bng thng ca cng, EIGRP s s dng bng
thng mc nh ca cng thay v bng thng thc s. Nu ng kt ni thc s chm hn,
router c th khng hi t c, thng tin nh tuyn cp nht c th b mt hoc l kt qu
chn ng khng ti u. t bng thng cho mt cng serial trn router, chng ta dng cu
lnh sau trong ch cu hnh ca cng :
Router(config-if)#bandwidth kilobits
Gi tr bng thng khai trong lnh bandwidth ch c s dng tnh ton cho tin trnh
nh tuyn, gi tr ny nn khai ng vi tc ca cng.
Router(config-if)#eigrp log-neighbor-changes
Vo ch cu hnh interface
Router(config-keychain)# key 1
Xc nh ch s ca key.
Xc nh key string.
Router s chn nhng ng i c metric nh hn hoc bng n*metric thp nht ca rou-
ter n mng ch. Trong n l ch s c ch ra bi cu lnh variance
Chng ta s dng cc lnh show nh sau kim tra cc hot ng ca EIGRP.Ngoi ra,
cc lnh debug l nhng lnh gip chng ta theo di hot ng EIGRP khi cn thit.
Show ip eigrpneighbors [type number] [details]
Hin th thng tin EIGRP ca cc cng. S dng cc tham s in nghing cho php gii
hn phn thng tin hin th cho tng cng hoc trong tng AS. T kho details cho php hin
th thng tin chi tit hn.
Tu theo chng ta s dng t kho no, router s hin th thng tin v cc ng i ang
hot ng, ang ch x l hay khng c successor.
Cc lnh debug:
Debug eigrp fsm -Hin th hot ng ca cc EIGRP feasible successor gip chng ta
xc nh khi no tin trnh nh tuyn ci t v xa thng tin cp nht v ng i.
Debug eigrp packet - Hin th cc gi EIGRP gi i v nhn c. Cc gi ny c th
l gi hello, cp nht, bo nhn, yu cu hoc hi p. S th t ca gi v ch s bo nhn
c sdng gi bo m cc gi EIGRP cng c hin th.
Tuy nhin nhng giao dch gia cc h thng mng my tnh thng l nhng d liu
dng nh phn (Binary). Bi vy nghe ln v hiu c nhng d liu dng nh phn ny,
cc chng trnh Sniffer phi c tnh nng c bit nh l s phn tch cc giao thc (Protocol
Analysis), cng nh tnh nng gii m (Decode) cc d liu dng nh phn sang dng khc
hiu c chng. Trong mt h thng mng s dng nhng giao thc kt ni chung v ng
b. Chng ta c th s dng Sniffer bt c Host no trong h thng mng ca chng ta. Ch
ny c gi l ch hn tp(promiscuous mode).
i tng Sniffing l :
7.4.1. Active
L Sniffing qua Switch, n rt kh thc hin v d b pht hin. Attacker thc hin loi
tn cng ny nh sau:
Mt trong nhng tn cng mng thng thy nht c s dng chng li nhng c
nhn v cc t chc ln chnh l cc tn cng MITM (Man in the Middle). C th hiu nm na
v kiu tn cng ny th n nh mt k nghe trm. MITM hot ng bng cch thit lp cc kt
ni n my tnh nn nhn v relay cc message gia chng. Trong trng hp b tn cng, nn
nhn c tin tng l h ang truyn thng mt cch trc tip vi nn nhn kia, trong khi s
thc th cc lung truyn thng li b thng qua host ca k tn cng. V kt qu l cc host ny
khng ch c th thng dch d liu nhy cm m n cn c th gi xen vo cng nh thay i
lung d liu kim sot su hn nhng nn nhn ca n.
Gi s hacker mun theo di hostA gi thng tin g cho hostB. u tin hacker s gi gi
Arp reply n hostA vi ni dung l a ch MAC ca hacker v a ch IP ca hostB. Tip theo
hacker s gi gi Arp reply ti hostB vi ni dung l MAC ca my hacker v IP ca hostA.
Nh vy c hai hostA v hostB u tip nhn gi Arp reply v lu vo trong Arp table ca
mnh. n lc ny khi hostA mun gi thng tin cho hostB n lin tra vo Arp table thy c
sn thng tin v a ch MAC ca hostB nn hostA s ly thng tin ra s dng, nhng thc
cht a ch MAC l ca hacker. ng thi my tnh ca hacker s m chc nng gi l IP
Forwarding gip chuyn ti ni dung m hostA gi qua hostB. HostA v hostB giao tip bnh
thng v khng c cm gic b qua my trung gian l my ca hacker.
Cch tn cng ny cng dng k thut Arp poisoning m i tng nhm n l Switch.
Hacker s gi nhng gi Arp reply gi to vi s lng khng l nhm lm Switch x l khng
kp v tr nn qu ti. Khi Switch s khng sc th hin bn cht Layer2 ca mnh na
m broadcast gi tin ra ton b cc port ca mnh. Hacker d dng bt c ton b thng tin
trong mng ca chng ta.
ngn chn nhng k tn cng mun Sniffer Password. Chng ta ng thi s dng
cc giao thc, phng php m ho password cng nh s dng mt gii php chng thc
an ton (Authentication):
S dng cu lnh arp a xem bng ARP. Cu lnh arp s <IP><MAC> gn tnh a
ch MAC vi a ch IP tng ng. Cu lnh arp d xa bng ARP v cc a ch MAC
t nhn ng cc a ch IP.
7. Qun l port console trn Switch: Mt h iu hnh ca Switch Cisco c qun l port,
dy Console(line con 0) m n cung cp s truy xut trc tip n Switch cho s qun tr.
Nu s qun l port c ci t qu lng lo th Switch c th b nh hng bi cc cuc
tn cng. Gii php l ci t mt ti khon duy nht cho mi nh qun tr khi truy xut
bng dy Console. Lnh sau ch ra 1 v d v vic to 1 ti khon cp privilged v ci t
cp privilege thnh mc nh(0) cho dy Console . cp privileged 0 l cp thp nht ca
Switch Cisco v cho php ci t rt t lnh. Ngi qun tr c th lm tng cp privileged
ln 15 bng cu lnh enable. Cng vy, ti khon ny cng c th c truy xut t dy vir-
tual terminal.
Switch(config)# username athena privilege 0
Switch(config)# line con 0
Switch(config-line)# privilege level 0
Range of interfaces:
Entry tnh th c cu hnh bng tay thm vo trn mi port (e.g., switchport port-
security mac- address mac- address) v c lu li trong file cu hnh.. Sticky Entry c
xem nh l Entry tnh, ngoi n c hc mt cch t ng . Nhng Entry ng tn ti
c chuyn sang Sticky Entry sau khi s dng cu lnh (switchport port-security mac- ad-
dress Stickey). Nhng Entry ng c c lu li trong file cu hnh (switchport port-
security mac- address Stickey mac- address) nu file cu hnh c lu v chy th a ch
MAC khng cn hc li ln na cho vic restart ln sau. V cng vy mt s lng ti a
a ch MAC c th c ci t bng cu lnh sau(e.g.,switchport port-security maximun
value) .
Ngi qun tr c th bt tnh nng cu hnh a ch MAC tnh trn cc port bng cch s
dng cu lnh switchport port-security aging static. Lnh aging time (e.g., switchport port-
security aging time time) c th t di dng pht. ng thi dng lnh aging c th t
cho s khng hot ng (e.g., switchport port-security aging type inactivity), iu ny c
ngha l tui cc a ch c cu hnh trn port ngoi nu khng c d liu lu
thng t nhng a ch ny cho khai bo tng phn bng dng lnh aging time. t tnh ny
cho php tip tc truy cp n s lng nhng da ch gii hn .
V d:
+ Nhng dng lnh sau dng gii hn tnh mt cng trn CatalystSwitch 3550.
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security violation shutdown
Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security mac-address0011.2233.4455
Switch(config-if)# switchport port-security aging time 10
Switch(config-if)# switchport port-security aging type inactivity
+ Nhng dng lnh sau gii hn ng mt cng trn Catalyst Switch 3550. Ch
nhng dng lnh aging khng c s dng vi nhng a ch sticky MAC.
C mt s vn quan trng pht sinh khi cu hnh port security trn port kt ni n
mt IP phone. Mt d port security khng c s dng trn Trunk port, a ch MAC phn
i vic xem xt viec gn VLAN ca gi tin n. Cng IP phone gi gi tin ra 2 Vlan s c
2 bng entries c chia ra trong bng MAC v th n s m 2 ln ln n maximum
MAC.
Ngi qun tr c th s dng cu lnh macro trace thay th cho cu lnh macro ap-
ply bi v cu lnh macro trace c th xc nh debugging ca macros. Thng xuyn s
dng show parser macro description bit macro cui cng c p ln mi port. Cui
cng a ch MAC tnh v port security p trn mi port ca Switch c th tr thnh gnh
nng cho ngi qun tr. Port Access Control List (PACLs) c th cung cp kh nng bo
mt tng t nh a ch MAC tnh v port security v PACLs cng cung cp nhiu tnh
nng linh ng v iu khin.Vic cho php a ch MAC v a ch IP c th c chia v
c xem xt t pha ca mt Switch m rng.
Cain & Able : Mt cng c sniffer ton din vi nhiu cch thc scan bt gi tin,
gii m d liu...
AntiSniff: cng c pht hin cc gi Sniffer ton din hiu qu..
CPM (Check Promiscuous Mode): Cng c c pht trin bi Carnegie-Mellon
nhm gip kim tra Sniffer trn cc h thng UNIX.