Bao Cao Final

Trng DH Cng Ngh thng Tin
ti : Router & ACLs
MC LC
PHN 1 : TNG QUAN V AN NINH MNG CISCO ...................................................................... 3 1. An ninh Mng l g? ...................................................................................................................... 3 2. An ninh hot ng nh th no ..................................................................................................... 3 3. Cc doanh nghip ang s dng cc cng ngh an ninh nh th no ........................................... 4 a. Lng tin ca khch hng ............................................................................................................ 4 b. Di ng ...................................................................................................................................... 4 c. Nng sut cao hn ..................................................................................................................... 5 d. Gim chi ph .............................................................................................................................. 5 4. Bt u vi An ninh Mng ............................................................................................................ 5 a. Cp an ninh hin ti ca bn ................................................................................................. 6 b. Cc ti sn ca bn .................................................................................................................... 6 c. Truyn ti thng tin ................................................................................................................... 6 d. Cc k hoch pht trin.............................................................................................................. 6 e. nh gi ri ro ........................................................................................................................... 7 f. D s dng................................................................................................................................. 7 PHN 2. NGUYN TC NH TUYN ............................................................................................ 8 1. Khi Nim ROUTING ................................................................................................................ 8
2. Nguyn tc nh tuyn .................................................................................................................... 8 3. Cc Phng Thc nh Tuyn: ...................................................................................................... 8 A. B. STATIC ROUTIN. ................................................................................................................. 8 cc bc cu hnh nh tuyn.................................................................................................. 8 DYNAMIC ROUTING......................................................................................................... 10
PHN 3. REMOVING PROTOCOL V SERVICES....................................................................... 17 PHN 4: ACCESS CONTROL LISTS (ACL) .................................................................................... 21 I. Mt s khi nim v ACL. ........................................................................................................ 21
Nhm 10
Page 1
ti : Router & ACLs
2. Cc loi ACLs ......................................................................................................................... 22 3. Cch t ACLs. ....................................................................................................................... 23 4. Hot ng ca ACLs. .............................................................................................................. 23 5. Ch : ...................................................................................................................................... 24 6. Thut ton hot ng ............................................................................................................... 24 II- Cu hnh Access control lists . ................................................................................................. 27 1. Standard Access lists. .............................................................................................................. 27 2. Extended Access lists. ............................................................................................................. 27 3. Complex ACLs ........................................................................................................................ 28 III- Qun l cc ACLs . ................................................................................................................. 31 PHN 5: ACCESS-LIST V ROUTE-FILTERING ........................................................................... 32 1. Khi nim v route-filtering: ....................................................................................................... 32 2. Distribute-list ............................................................................................................................... 32 3. Route-map ................................................................................................................................... 33 PHN 6. CU HNH SYSLOG CHO ROUTER (LOGGING CONCEPTS) .................................... 39 1. Syslog: .......................................................................................................................................... 39
Nhm 10
Page 2
ti : Router & ACLs
PHN 1 : TNG QUAN V AN NINH MNG CISCO 1. An ninh Mng l g? C nhng lc, v d nh khi bn ri vn phng v nh khi kt thc ngy lm vic, bn s bt h thng cnh bo an ninh v ng ca bo v vn phng v thit b. Dng nh bn cng s c mt ngn cha an ton hoc kha t lu tr cc ti liu kinh doanh mt. Mng my tnh ca bn cng i hi cng mt mc bo v nh vy. Cc cng ngh An ninh Mng bo v mng ca bn trc vic nh cp v s dng sai mc ch thng tin kinh doanh b mt v chng li tn cng bng m c t vi rt v su my tnh trn mng Internet. Nu khng c An ninh Mng c trin khai, cng ty ca bn s gp ri ro trc xm nhp tri php, s ngng tr hot ng ca mng, s gin on dch v, s khng tun th quy nh v thm ch l cc hnh ng phm php na. 2. An ninh hot ng nh th no An ninh Mng khng ch da vo mt phng php m s dng mt tp hp cc ro cn bo v doanh nghip ca bn theo nhng cch khc nhau. Ngay c khi mt gii php gp s c th gii php khc vn bo v c cng ty v d liu ca bn trc a dng cc loi tn cng mng. Cc thng tin an ninh trn mng ca bn c ngha l thng tin c gi tr m bn da vo tin hnh kinh doanh l lun sn c i vi bn v c bo v trc cc tn cng. C th, An ninh Mng l: Bo v chng li nhng tn cng mng t bn trong v bn ngoi . Cc tn cng c th xut pht t c hai pha, t bn trong v t bn ngoi tng la ca doanh nghip ca bn. Mt h thng an ninh hiu qu s gim st tt c cc hot ng mng, cnh bo v nhng hnh ng vi phm v thc hin nhng phn ng thch hp. m bo tnh ring t ca tt c cc lin lc, bt c u v vo bt c lc no .Nhn vin c th truy cp vo mng t nh hoc trn ng i vi s
Nhm 10 Page 3
ti : Router & ACLs
m bo rng hot ng truyn thng ca h vn c ring t v c bo v. Kim sot truy cp thng tin bng cch xc nh chnh xc ngi dng v h thng ca h .Cc doanh nghip c th t ra cc quy tc ca ring h v truy cp d liu. Ph duyt hoc t chi c th c cp trn c s danh tnh ngi dng, chc nng cng vic hoc cc tiu ch kinh doanh c th khc. Gip bn tr nn tin cy hn .Bi v cc cng ngh an ninh cho php h thng ca bn ngn chn nhng dng tn cng bit v thch ng vi nhng dng tn cng mi, nhn vin, khch hng v cc doanh nghip c th an tm rng d liu ca h c an ton. 3. Cc doanh nghip ang s dng cc cng ngh an ninh nh th no An ninh Mng tr thnh mt yu cu i vi doanh nghip, c bit l nhng doanh nghip hot ng trn mng Internet. Khch hng, nh cung cp v i tc kinh doanh ca bn k vng vo bn bo v bt k thng tin no m h chia s vi bn. Trong khi An ninh Mng gn nh tr thnh mt yu cu tin quyt vn hnh mt doanh nghip, n cng mang li li ch theo nhiu cch khc nhau. Di y l nhng li ch m cc doanh nghip thu c t mt mng c bo v an ton: a. Lng tin ca khch hng Tnh ring t c m bo Cng tc c khuyn khch Mt h thng an ninh mng m bo vi khch hng rng nhng thng tin nhy cm nh l s th tn dng hoc cc chi tit kinh doanh b mt s khng b truy cp v khai thc tri php. Cc i tc kinh doanh ca bn s cm thy t tin hn khi chia s d liu nh l d bo doanh thu hoc ln k hoch sn phm trc khi pht hnh. Ngoi ra, cc cng ngh va ngn chn xm nhp tri php va cung cp cho cc i tc ca bn truy cp an ton n thng tin trn mng ca bn, gip bn cng tc v lm vic cng nhau mt cch hiu qu hn. b. Di ng Bo v truy cp di ng Nng cao nng sut khi ang ngoi vn phng
Nhm 10 Page 4
ti : Router & ACLs
Gii php An ninh Mng mnh m cho php nhn vin ca bn truy cp an ton trn ng i hoc t nh ring m khng lm ly lan vi rt hoc cc dng tn cng khc. Truy cp mng an ton, thun tin c ngha l nhn vin c th s dng thng tin quan trng khi h cn, gip h tr nn c nng sut cao hn ngay c khi h khng ngi trc bn lm vic. c. Nng sut cao hn t lng ph thi gian do spam hn o c v cng tc tt hn gia cc nhn vin Mt h thng An ninh Mng hiu qu c th nng cao nng sut trn phm vi ton b t chc ca bn. Nhn vin mt t thi gian hn vo nhng cng vic khng c nng sut nh l chng spam v dit vi rt. Mng v kt ni Internet ca bn lun c an ton, m bo rng bn v nhn vin ca mnh c truy cp thng xuyn n Internet v e-mail. d. Gim chi ph Trnh c gin on dch v Cc dch v tin tin c pht trin an ton S gin on hot ng ca mng gy thit hi ln i vi mi th loi doanh nghip. Bng cch m bo rng mng v kt ni Internet ca bn l an ton v hot ng lin tc, bn c th m bo rng khch hng c th tip cn bn khi h cn n bn. An ninh hiu qu cho php doanh nghip ca bn b sung cc dch v v ng dng mi m khng lm nh hng n hiu nng mng. S dng mt khuynh hng ch ng bo v d liu ca bn s m bo rng doanh nghip ca bn s tn ti v hot ng theo yu cu. Khi cng ty ca bn tng trng, nhu cu v mng cng thay i. Vic thit lp mt mng an ton, mnh m ngay t hm nay s cho php cng ty bn b sung nhng chc nng tin tin nh l kt ni mng khng dy an ton hoc thoi v hi ngh. 4. Bt u vi An ninh Mng Ty theo nhu cu ca doanh nghip bn vi nhng cng ngh an ninh thch hp l bc u tin bt u mt d n an ninh mng.
Nhm 10 Page 5
ti : Router & ACLs
S dng danh sch nhng cn nhc di y gip bn bt u: a. Cp an ninh hin ti ca bn Khm ph v nhng tnh nng an ninh m mng ca bn c. Danh sch ny s gip xc nh nhng thiu ht trong cc phng php bo v hin ti ca bn. Mng hin ti c cung cp tng la, mng ring o, ngn chn xm nhp, chng vi rt, mt mng khng dy an ton, pht hin bt thng v qun l danh tnh cng nh ph duyt tun th hay khng? Nhng tnh nng ny c giao tip vi nhau khng? b. Cc ti sn ca bn Xy dng mt danh mc v cc ti sn ca bn xc nh xem s cn bao nhiu cp , lp bo v m h thng ca bn cn c. Bn trong doanh nghip c th ca bn, nhng ti sn no c vai tr quan trng nht i vi s thnh cng? C phi vic bo v thng tin ni b ca bn l quan trng nht khng; hay l vic bo v thng tin khch hng ca bn l quan trng nht; hay l c hai? Gi tr ca nhng ti sn ny ln n u? Nhng ti sn ny nm u trong doanh nghip ca bn? c. Truyn ti thng tin nh gi xem thng tin ang c chia s nh th no bn trong v bn ngoi cng ty ca bn. Nhn vin ca bn c cn truy cp nhanh n thng tin ni b thc hin cng vic ca h khng? Bn c chia s d liu bn ngoi bn bc tng ca doanh nghip khng? Bn kim sot vic ai c th truy cp n thng tin ny nh th no? Bn c cung cp nhng cp khc nhau v truy cp cho nhng ngi dung mng khc nhau khng? d. Cc k hoch pht trin Cng ty bn c ang lp k hoch b sung thm cc tnh nng tin tin vo h
Nhm 10 Page 6
ti : Router & ACLs
thng ca mnh khng? H thng ca bn cn phi thch ng v linh ng n u? Gii php an ninh ca bn cn phi c th h tr c s gia tng lu lng mng hoc cc ng dng tin tin m khng lm gin on dch v. e. nh gi ri ro Xc nh xem nhng hu qu ca mt v tn cng an ninh c vt khi phm vi v tn tht nng sut v gin on dch v khng. Mi trng kinh doanh ca bn b iu chnh v mt php l n mc no? Ri ro ca vic khng tun th quy nh l g? Doanh nghip ca bn c th chp nhn c mc gin on thi gian hot ng n mc no trc khi tn tht v ti chnh hoc uy tn xy ra? f. D s dng Mt cng ngh an ninh tt nht cng s khng mang li cho bn li ch no c nu n khng c lp t v s dng d dng. Hy m bo l bn c cc ti nguyn qun l h thng m bn lp t.
Nhm 10
Page 7
ti : Router & ACLs
PHN 2. NGUYN TC NH TUYN 1. Khi Nim ROUTING l qu trnh chn la cc ng i trn mt mng my tnh gi d liu qua . Vic nh tuyn c thc hin cho nhiu loi mng, trong c mng in thoi, lin mng, Internet, mng giao thng. 2. Nguyn tc nh tuyn Cc giao thc nh tuyn phi t c cc yu cu ng thi sau: Khm ph ng mt topo mng. Xy dng cc ng ngn nht. Kim sot tm tt thng tin v cc mng bn ngoi, c th s dng cc metric khc nhau trong mng cc b. Phn ng nhanh vi s thay i topo mng v cp nht cc cy ng ngn nht. Lm tt c cc iu trn theo nh k thi gian. 3. Cc Phng Thc nh Tuyn: A. STATIC ROUTIN. cc bc cu hnh nh tuyn Nh qun tr cu hnh con ng tnh Router s a con ng vo trong bng nh tuyn Con ng nh tuyn tnh s c a vo s dng : Router(config)#ip route {destination network} {subnet mask} {nexthop ip address |outgoing interface} <administrative distance> Administrative distance (AD) l mt tham s ty chn, ch ra tin cy ca m con ng.con ng c gi tr cng thp th cng c tin cy. gi tr AD mc nh ca tuyn ng tnh l 1.
Nhm 10
Page 8
ti : Router & ACLs
DEFAULT ROUTE : Router(config)#ip route 0.0.0.0 0.0.0.0 {nexthop ip address | outgoing interface} Default router c s dng gi cc packet n cc mng ch m khng c trong bng nh tuyn.thng c s dng trn cc mng dng stub network (mng ch c mt con ng i ra bn ngoi)
Nhm 10
Page 9
ti : Router & ACLs
Router#show running-config Router#show ip route B. DYNAMIC ROUTING Routing Protocol (giao thc nh tuyn) . Cc loi giao thc nh tuyn: Distance Vector: RIP, IGRP. Hot ng theo nguyn tt "hng xm", ngha l mi router s gi bng routing-table ca chnh mnh cho tt c cc router c ni trc tip vi mnh. Cc router sau o so snh vi bn routing-table m mnh hin c v kim xem route ca mnh v route mi nhn c, route no tt hn s c cp nht. Cc routing-update s c gi theo nh k (30 giy vi RIP , 60 giy i vi RIP-novell, 90 giy i vi IGRP). Do , khi c s thay i trong mng, cc router s bit c khc mng no down lin. u im: D cu hnh, router khng tn nhiu ti nguyn x l thng tin nh tuyn
Nhm 10 Page 10
ti : Router & ACLs
Nhc im: H thng metric qu n gin (nh rip ch l hop-count) nn c th xy ra vic chn ng i tt nht (best route) khng hon ton chnh xc. Do phi cp nht nh k cc routing-table, nn mt lng bandwidth ng k s b lng ph, throughput gim i mc d mng khng c thay i. Cc Router hi t chm, s dn n vic sai lch trong bng route, thiu n nh (route flaping), Routing LOOP. Link-state: Linkstate khng gi routing-update, m ch gi tnh trng [state] ca cc ci link trong linkstate-database ca mnh i cho cc router khc, ri t mi router s chy gii thut shortest path first (giao thc OSPF - open shortest path first), t xy dng bng routing-table cho mnh. Sau khi mng hi t, link-state protocol s khng gi update nh k nh Distance-vector, m ch gi khi no c mt s thay i trong topology mng (1 line b down, cn s dng ng back-up) u im: Scalable: c th thch nghi c vi a s h thng, cho php ngi thit k c th thit k mng linh hot, phn ng nhanh vi thay i sy ra. Do khng gi interval-update, nn link state bo m c bng thng cho cc ng mng . Khuyt im: Do router phi s l nhiu, nn chim nhiu ti nguyn, gim performance . Mt khuyt im na l: linkstate kh kh cu hnh chy tt , nhng ngi lm vic c kinh nghim lu th mi cu hnh tt c, do cc k thi cao cp ca Cisco ch trng kh k n linkstate Mt s giao thc nh tuyn Routing Information Protocol (RIP) Interior Gateway Routing Protocol (IGRP) Enhanced Interior Gateway Routing Protocol (EIGRP) Open Shortest Path First (OSPF) a. RIP (Giao thc nh tuyn Distance Vector) S dng hop-count lam metric. Maximum hop-coaunt la 15 Administrative distance l 120 Hot ng theo kiu tin n
Nhm 10 Page 11
ti : Router & ACLs
Gi update nh k sau 30 giy. Thong tin gi i l ton b bng nh tuyn C 2 verson l RIP v1 v RIP v2 Rip v1: classful (khng gi subnetmask) RIP v2 classless , h tr VLSM(c km theo subnetmask),authentication
Nhm 10
Page 12
ti : Router & ACLs
Cu hnh : Router(config)#router rip Khai bo cc network cn qung b cng nh kch hot cc interface c php gi v nhn RIP update bng cu lnh : Router(config-router)#network <network address> Kim tra hot ng Show ip protocol Show ip route Debug ip rip quan st vic RIP cp nht bng cch gi v nhn trn router. No debug ip rip hoc undebug all tt ch debug Show ip protocol xem routing protocol timer Show protocols xem cc protocols no c cu hnh trn cc interface b. IGRP Giao thc nh tuyn Distance vector Kt hp s dng bang thng (bandwidth) v tr (delay) lm metric Administrative distance l 100
Nhm 10
Page 13
ti : Router & ACLs
Hot ng theo kiu tin n Gi update nh l sau 90 giy . thng tin gi i l ton b bng nh tuyn classful (khng gi subnetmask) L giao thc ring ca Cisco Cu hnh : Router(config)#router igrp <AS> Khai bo cc network cn qung b cng nh kch hot cc interface c php gi v nhn IGRP update bng lnh : : Router(config-router)#network <network address> (*) AS (Autonomous System): l mt mng c qun tr chung vi cc chnh sch nh tuyn chung. Giao thc IGRP s dng AS to cc nhm router cng chia s thng tin tm ng vi nhau. Kim tra hot ng Show ip protocol Show ip route Debug ip igrp events xem cc cp nht ca IGRP c gi v nhn trn router. No debug ip igrp events hoc undebug all tt ch debug Show ip protocol xem routing protocol timer Show protocols xem cc protocols no c cu hnh trn cc interface Debug ip igrp transactions xem cc s IGRP events c x l trn router.
c. EIGRP Giao thc c quyn cua cisco . Giao thc nh tuyn classless(gi km thng tin ve subnet mask trong update). Giao thc distance-vector. Ch gi update khi c s thay i trn mng. H tr cc giao thc IP, IPX v Apple Talk. H tr VLSM/CIDR. Cho php thc hin qu trnh summarization ti bin mng. La chn ng i tt nht thng qua gii thut DUAL. Xy dng v duy tr cc bng neighbor table,topology table v routing table.
Nhm 10 Page 14
ti : Router & ACLs
Metric c tnh da trn cc con ng c gi thng khng bng nhau (unequalcost). Gi tr AD bng 90. Khc phc c vn mng khng lin tc gp phn i vi cc giao thc RIP v1 v IGRP.
Nhm 10
Page 15
ti : Router & ACLs
Cu hnh Kch hot giao thc dnh tuyn EIGRP Router(config)# router eigrp <AS number> Kch hot cc interface s gi v nhn update, cng nh khai bo cc network cn qung b: Router(config-router)# network <network number> summary cc cu lnh troubleshoot: show ip route, show ip route eigrp, show ip eigrp neighbors, show ip eigrp topology. d. OSPF Chun m . Giao thc link-state. Ch h tr giao thc IP. Gom nhm cc network v router vo trong tng area. Lun tn ti area 0(backbone area ).tt c cc area khc (nu c) du phi ni vo area 0. S dng gii thut Dijkstra xy dng cy ng i ngn nht n cc ch. Cho php cn bng trn cc con ng bng gi tr bng nhau(equal-cost). H tr VLSM/CIDR. Ch gi update khi c s thay i mng. Khc phc vn lin quan n discontiguous network. Xy dng v duy tr cc neighbor database ,topology database . Gi tr AD bng 110. : Router(config-router)# no auto
Nhm 10
Page 16
ti : Router & ACLs
Cu hnh Kch hot giao thc nh tuyn PF Router(config)#router ospf <process ID> Cu hnh OSPF area Router(config-router)#network <network number><wildcard mask> area <area ID> Cc cu lnh troubleshoot: show ip route, show ip ospf, show ip ospf database, show ip ospf interface, show ip ospf neighbor. PHN 3. REMOVING PROTOCOL V SERVICES
Nhm 10
Page 17
ti : Router & ACLs
Extended Access List cho php hoc loi b (permit / deny) traffic theo protocol v service port: Router(config)#access-list {access-list-number} {deny|permit} {protocol} [source address] [destination address] {service port|eq service} access-list-number: Vi Extended Access list, ch s ny nm trong khong 100199, 2000-2069 . Protocol: 0 255 IP protocol number (tham kho ti http://www.iana.org/assignments/protocol-numbers/protocolnumbers.xml)hoc cc protocol ph bin sau: Ahp Eigrp Esp Gre Icmp Igmp Ip Ipinip Nos ospf Authentication Header Protocol Cisco's EIGRP routing protocol Encapsulation Security Payload Cisco's GRE tunneling Internet Control Message Protocol Internet Gateway Message Protocol Any Internet Protocol IP in IP tunneling KA9Q NOS compatible IP over IP tunneling OSPF routing protocol
Page 18
Nhm 10
ti : Router & ACLs
pcp pim tcp udp
Payload Compression Protocol Protocol Independent Multicast Transmission Control Protocol User Datagram Protocol
Services v port number tng ng: Well-known ports: 01023 Tham kho y ti http://www.iana.org/assignments/port-numbers http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Reg istered_ports:_1024.E2.80.9349151 hoc mt s port thng dng: 21: File Transfer Protocol (FTP) 22: Secure Shell (SSH) 23: Telnet remote login service 25: Simple Mail Transfer Protocol (SMTP) 53: Domain Name System service 80: Hypertext Transfer Protocol (HTTP) used in the World Wide Web 110: Post Office Protocol (POP) 119: Network News Transfer Protocol (NNTP) 161: Simple Network Management Protocol (SNMP) 443: HTTPs with Transport Layer Security or Secure Sockets Layer Registered ports: 102449151 Tham kho y ti http://www.iana.org/assignments/port-numbers http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Reg istered_ports:_1024.E2.80.9349151 hoc mt s port thng dng: 1080 TCP SOCKS proxy 1167 UDP phone, conference calling 1194 TCP UDP OpenVPN 1220 TCP QuickTime Streaming Server administration 1234 UDP VLC media player Default port for UDP/RTP stream 1293 TCP UDP IPSec (Internet Protocol Security) 1352 TCP IBM Lotus Notes/Domino[36] (RPC) protocol 1470 TCP Solarwinds Kiwi Log Server 1503 TCP UDP Windows Live Messenger (Whiteboard and Application Sharing) 1512 TCP UDP Microsoft Windows Internet Name Service (WINS) 1513 TCP UDP Garena Garena Gaming Client
Nhm 10 Page 19
ti : Router & ACLs
Dynamic, private or ephemeral ports: 4915265535 Gm cc port c s dng m khng cn ng k vi IANA, s dng trong cc dch v chy trong mng ni b, hoc cc dch v pht trin ring.
Nhm 10
Page 20
ti : Router & ACLs
PHN 4: ACCESS CONTROL LISTS (ACL)
I.
Mt s khi nim v ACL.
ACL l mt danh sch cc cu lnh c p t vo cc cng (interface) ca router. Danh sch ny ch ra cho router bit loi packet no c chp nhn (allow) v loi packet no b hy b (deny). S chp nhn v hu b ny c th da vo a ch ngun, a ch ch hoc ch s port ACL(Accesscontrol-list) c s dng cho lu thng Layer 3 (routable traffic). Acl dng xc nh gi tin lu chuyn vo ra trn giao din router, kt qu sau khi xc nh c th s dng vo nhiu mc ch khc nhau nh l : 1. X l cc chnh sch an ninh ( xc thc, VPN, Firewal) X l cc chnh sch nh tuyn (Destination / source based routing) X l cc chnh sch NAT/PAT Access-list dng lm g? Access-list dng lc lu lng mng bng cch kim sot vic nh tuyn cc gi tin c chuyn tip hoc chn li ti router. Khi router kim tra tng gi tin liu chuyn tip hay l nh rt cc gi tin da trn danh sch c ta nh sn. Access c th l a ch ngun ca lu lng truy cp, a ch ch ca giao thng, giao thc lp trn hoc cc thng tin khc. Ngi dng c th i khi thnh cng thot khi aceess-list c bn v khng yu cu xc thc. 2. Ti sao phi s dng ACLs?
Nhm 10
Page 21
ti : Router & ACLs
- Qun l cc IP traffic - H tr mc c bn v bo mt cho cc truy cp mng, th hin tnh nng lc cc packet qua router Chc nng: +Xc nh tuyn ng thch hp cho DDR (dial-on-demand routing) + Thun tin cho vic lc gi tin ip + Cung cp tnh sn sng mng cao 2. Cc loi ACLs C 2 loi Access lists chnh l: Standard Access lists v Extended Access lists Standard ACLs: Lc (Filter) a ch ip ngun (Source) vo trong mng nn c t gn ch (Destination).
Nhm 10
Page 22
ti : Router & ACLs
Extended ACLs: Lc a ch ip ngun v ch ca 1 gi tin (packet), giao thc tng Network layer header nh TCP, UDP, ICMP, v port numbers trong tng Transport layer header. Nn t gn ngun (source). Complex ACLs: Ngoi ra cn c thm cc ACLs khc nh: Dynamic ACLs, Reflexive ACLs, Time-base ACLs. Dynamic ACLs: Lock and key cho php lc cc ip tracffic ng. Dng ACLs extended trong vic to ra cc ACLs bo mt hn S dng khi c host t xa mun truy cp n localhost Reflexive ACLs: Ngn chn nhng traffic l t ngoi vo trong localhost Nhng tracffic t trong ra ngoi th c cho php t ngoi i vo trong Time-base ACLs Qun l ACLs theo thi gian m ngi qun tr qui nh trc 3. Cch t ACLs. a. Inbound ACLs. Inbound: ni nm na l 1 ci cng vo(theo chiu i vo ca gi tin) trn Router nhng gi tin s c x l thng qua ACL trc khi c nh tuyn ra ngoi (outbound interface). Ti y nhng gi tin s dropped nu khng trng vi bng nh tuyn (routing table), nu gi tin (packet) c chp nhn n s c x l trc khi chuyn giao (transmission). b. Outbound ACLs. Outbound: l cng i ra ca gi tin trn Router, nhng gi tin s c nh tuyn n outbound interface v x l thng qua ACLs, trc khi a n ngoi hng i (outbound queue). 4. Hot ng ca ACLs.
Nhm 10 Page 23
ti : Router & ACLs
- ACL s c thc hin theo trnh t ca cc cu lnh trong danh sch cu hnh khi to access-list. Nu c mt iu kin c so khp (matched) trong danh sch th n s thc hin, v cc cu lnh cn li s khng c kim tra na. Trng hp tt c cc cu lnh trong danh sch u khng khp (unmatched) th mt cu lnh mc nh deny any c thc hin. Cui access- list mc nh s l lnh loi b tt c (deny all). V vy, trong access-list cn phi c t nht mt cu lnh permit. Khi packet i vo mt interface, router s kim tra xem c mt ACL trong inbound interface hay khng, nu c packet s c kim tra i chiu vi nhng iu kin trong danh sch. Nu packet c cho php (allow) n s tip tc c kim tra trong bng routing quyt nh chn interface i n ch. Tip , router s kim tra xem outbound interface c ACL hay khng. Nu khng th packet c th s c gi ti mng ch. Nu c ACL outbound interface, n s kim tra i chiu vi nhng iu kin trong danh sch ACL . 5. Ch : Ch c th thit lp 1 ACL trn giao thc cho mi hng trn mi interface. Mt interface c th c nhiu ACL. Router khng th lc traffic m bt u t chnh n. Cu lnh no t trc th x l trc. Khi 1 cu lnh mi thm vo danh sch, n s t cui danh sch. Standard ACLs: Nn t gn ch ca traffic. Extended ACLs: Nn t gn ngun ca traffic. Mc nh c hai lnh the Access-Group hay the Access-Class theo chiu OUT 6. Thut ton hot ng Hnh nh m t hot ng ca ACLs:
Nhm 10
Page 24
ti : Router & ACLs
Cng vo d liu c gi l Incoming, cng ra l Outcomming, trc tin n s d bng nh tuyn, nu ng th tip in l kim tra ACLs, nu ng th i tip, ngc li s bi hu b. ACLs hot ng theo th t v thc hin cu lnh u tin nu n matched.
Nhm 10
Page 25
ti : Router & ACLs
Hnh trn cho ta thy ACLs kim tra cc danh sch truy cp nh th no.
Nhm 10
Page 26
ti : Router & ACLs
II- Cu hnh Access control lists . 1. Standard Access lists. Standard ACLs s dng s t 1 -> 99 hay 1300 -> 1999. C 2 bc to ACLs: B1: nh ngha danh sch ACLs t vo interface. router(config)#access-list [ACL number] [permit|deny] [source address] [wildcard mask] [log] Hoc l : router(config)#access-list [ACL number] [permit|deny] [host|any] [source address] B2: Sau t danh sch(ACLs) vo interface trn router m ta mun chn gi tin ngay ti . router(config)#interface [interface-number] router(config-if)#ip access-group [ACL number] [in out] - v standard access list ch kim tra c a ch ngun nn phi p access list vo cng gn ch nht 2. Extended Access lists. #: Extanded ACLs s dng s t 100 -> 199 hay 2000 -> 2699. Cng ging standard ACL v thm mt s cch lc gi tin nh: Source and destination IP address (a ch ngun a ch ch) IP protocol TCP, UDP, ICMP (cm giao thc) Port information (WWW, DNS, FTP, TELNET,) ( cm cc dch v thng qua cc cng hot ng ca n) Cc lnh cu hnh: Ta cng thc hin 2 bc ging nh Standard ACLs B1: To access list ti grobal config mode router(config)#access-list [#] [permit deny] [protocol] [source address] [wildcard mask] [operator source port] [destination address] [wildcard mask] [operator destination port] [log] Hoc
Nhm 10
Page 27
ti : Router & ACLs
router(config)#access-list [#] [permit deny] [protocol] [host] [source address] [host] [destination address][ lt, gt, neq, eq, range] [port number] B2: P DNG ACCESS LIST VO CNG router(config)#interface [interface-number] router(config-if)#ip access-group [#] [in out] - interface access control Mt s port thng dng: 21 23 25 53 69 80 161 520 FTP TELNET SMTP DNS TFTP WWW SNMP RIP
3. Complex ACLs a. Dynamic ACLs: Cc bc cu hnh: B 1: To mt ti khon ngi dng local trn router B 2: To mt Extended ACLs cho php tt c cc host c telnet n host 10.2.2.2. Khi telnet thnh cng s cho php ng mng 192.168.10.0 i qua ng mng 192.168.30.0 vi thi gian timeout 15 pht (absolute time)(ALCs ng s sinh ra khi lnh access-enable c bt ln v s mt i sau 15 pht bt chp user c s dng n hay ko) B 3: Gn ACLs cho interface ch nh B 4: Ch nh nu user telnet v xc thc thnh cng th s thit lp mt session 5 pht, nu user ko s dng session ny n s kt thc sau 5 pht (idle timeout) nu user s dng session ny n s kt thc sau 15 pht.
Nhm 10
Page 28
ti : Router & ACLs
b. Replexive ACLs Cu hnh ACLs cho php ICMP v TCP traffic c chiu inbound v outbound nhng ch cho php nu gi tin u tin ca session bt ngun t mng ni b. Tt c cc traffic khc s b cm. Reflexive ACLs c gn trn interface s0/1/0 Cc bc cu hnh: B 1: To mt Extend name ACLs cho php cc traffic i ra ngoi Internet B 2: To mt Extend name ACLs cha Reflexive ACLs t ng c to ra khic gi outbound match vi Name ACLs bc 1. B 3: Gn cc name ACLs cho interface
Nhm 10
Page 29
ti : Router & ACLs
c. Time-base ACLs
Nhm 10
Page 30
ti : Router & ACLs
Cc bc cu hnh: B 1. nh ngha khong thi gian thi hnh ACLs v t cho n mt ci tn.(khong thi gian ny ph thuc vo gi h thng trn router, chc nng ny lm vic tt vi s ng b thi gian ca giao thc Network Time Protocol (NTP) nhng lc ny ng h ca router khng c s dng. ) B 2. p dng khong thi gian ny cho ACLs B 3. P dng ACL cho interface.
III- Qun l cc ACLs . Hin th tt c ACLs ang s dng. Router(config)#show running-config Xem ACLs hot ng trn interface no . Router(config)#show interface [ # ] Xem vic t v hng i ca ip ACLs:Router(config)#show ip interfaces [ # ] Xem nhng cu lnh ACLs: Router(config)#show access-list [ # ] Hin th tt c ip ACLs: Router#show ip access-list Hin th ip ACL 100: Router#show ip access-list 100 Xa b m (to clear the counters use): router(config)#show access-list [ # ] router(config)#clear access-list counter [ # ] Xa Access list router(config)#no ip access-list [standard-extended][#] router(config)#interface [interface-number] router(config-if)#no access-list [#] [permit deny] [source address] [wildcard mask]
Nhm 10
Page 31
ti : Router & ACLs
PHN 5: ACCESS-LIST V ROUTE-FILTERING 1. Khi nim v route-filtering: Khi chy nhiu giao thc chung vi nhau v c nhu cu redistribution t giao thc ny vo giao thc kia ta c th gp phi vn ng dn khng ti u, route feedback (sau khi redistribute route xong route li quay ngc v ni sinh ra do distance ca giao thc c redistribute vo thp hn) S dng tnh nng lc route gip nh qung tr iu khin c nhng route qung b, redistribute, Vic lc route nhng giao thc distance th hiu qu hn nhng giao thc linkstate. V giao thc vi giao thc distance th router qung b route da trn bng routing table c n. Nhng router ang chy link-state protocol xc nh route ca chng da trn thng tin trong link-state database hn l nhng route c neighbors qung b vo n. Vic lc route khng nh hng n qung b trng thi link hay bng link-state database. Kt qu vic lc route c th tc ng trn router c cu hnh lc nhng khng nh hng n route i vo router neighbor. (i vi Link-state, bi v n qung b trng thi ca link) V vy vic lc route th thng c s dng trn con ASBR v ni y route s i vo v i ra ging dng ca distace vector. Access-list c s dng chn route (route selection) trong distribute-list v route-map 2. Distribute-list Distribute-list c dng nhiu trong qu trnh thc hin kim sot v ti u cc routes (route control & optimize). Mt trong nhng ng dng thng thy l trong qu trnh redistribution ca cc routing protocols vi nhau. Distribute-list c dng chng hin tng route-feedback. Cch s dng:
Nhm 10 Page 32
ti : Router & ACLs
- Ch ra nhng a ch network bn mun loi b (filter) v to ra mt access-list. Bn cng cn xc nh bn mun lc theo chiu incoming hay chiu outgoing. - Nu dng theo chiu OUT: distribute-list access-list-number out [interfacename] Trong trng hp ny th distribute-list out s khng cho mt s routes c qung b ra t router. - Nu dng theo chiu IN: distribute-list access-list-number in [interface-name] Distribute-list s ngn khng cho nhng routes no c a vo bng routingtable. Di y l mt s v d IGRP Route Filtering: router igrp 10 network 140.10.0.0 redist rip default-metric 1 1 1 1 1 distr-list 1 in access-list 1 deny 170.10.0.0 0.0.255.255 access-list 1 permit any any Routes 170.10.0.0 s khng c a vo bng routes. EIGRP IP Filtering router eigrp 1 network 172.16.0.0 network 192.168.5.0 distribute-list 7 out s0 access-list permit 172.16.0.0 0.0.255.255 RIP access-list 1 deny 10.2.2.0 0.0.0.255 access-list 1 deny 172.16.0.0 0.0.0.255.255 access-list 1 permit any router rip distrbute-list 1 in e0 3. Route-map Route map l cc cng c trong cc logic if/then c th c p dng cho mt router. Cc route-map l cc cng c lp trnh c dng kim sot qu trnh redistribution, hin thc PBR, kim sot qu trnh NAT hoc hin thc BGP.C th dng route-map cho cc mc ch sau y: kim sot qu trnh redistribution: cc route map cho php kim sot mt mc cao hn so vi cch dng distribution list. Route-map khng n thun
Nhm 10 Page 33
ti : Router & ACLs
ngn chn hay cho php mt mng ging nh distribute list m cn c kh nng gn metric cho nhng route b so trng . kim sot v thay i thng tin nh tuyn: cc route map c dng thay i thng tin nh tuyn bng cch gn gi tr metric cho cc route. nh ngha chnh sch trong PBR: cc route-map ra cc quyt nh da trn a ch ngun. Khi mt php so trng c tm thy trong access-list, s c cc hnh ng tng ng. thm vo mc tinh t trong cu hnh NAT: cc route map nh ngha dy ca cc a ch public v a ch private. C cc lnh show gim st v kim tra hot ng ca NAT. hin thc BGP: mt trong nhng im mnh ca giao thc BGP l kh nng thc hin policy based routing. Cc thuc tnh trong BGP c dng nh hng n ng i cho traffic. Cc thuc tnh ny thng c hin thc dng route maps. Nu c mt php so trng th p dng thuc tnh ny. Khi ny dng lnh set thc hin. Route map l phng thc ch yu c dng bi BGP nh ngha chnh sch nh tuyn BGP. Route map rt ging ACL. C hai thc hin tc v if/then, trong cc tiu ch c dng xc nh l gi tin c c cho php hoc t chi hay khng. S khc nhau c bn l route map c kh nng thc hin hnh ng thay i thuc tnh n cc gi d liu tha iu kin so trng. Trong mt ACL, tiu ch so trng l ngm nh,trong mt route map, l mt keyword. iu ny c ngha rng, nu mt gi tha vi mt tiu chun cho trong mt route map, mt vi hnh ng phi c thc hin thay i gi, trong khi accesslist ch n gin cho php hoc t chi mt gi. Cc c im ca route map c tm tt trong danh sch sau: Mt route map c mt danh sch cc tiu ch v tiu chun chn la, c lit k vi pht biu mtch. Mt route map c kh nng thay i cc gi hoc cc route b so trng bng cch dng lnh set. Mt tp hp ca cc pht biu mch c cng tn c xem l cng mt route
Nhm 10 Page 34
ti : Router & ACLs
map Route map s ngng x l ngay khi c mt php so trng c thc hin, ging nh mt ACL. Trong mt route map, mi pht biu c nh s th t v c th c son tho ring l. S th t c dng ch ra th t trong cc iu kin c kim tra. Nh vy nu hai pht biu trong route map c tn l BESTTEST, mt pht biu c ch s l 5, mt pht biu c ch s l 15 th pht biu c ch s l 5 s c kim tra trc. Nu khng c mt pht biu match trong pht biu 5 th pht biu th 15 s c kim tra. Route map c th dng cc IP access-list chun hoc m rng thit lp cc chnh sch nh tuyn. Cc access-list m rng c th c dng ch ra tiu ch so snh da trn phn a ch ngun v a ch ch, ng dng, kiu giao thc, kiu dch v ToS v u tin. Lnh match trong cc cu hnh route map c dng nh ngha iu kin phi kim tra. Lnh set trong cu hnh route map c dng nh ngha hnh ng theo sau mt pht biu so snh. Mt route map c th ch cc php AND v OR. Ging nh mt access-list, c mt pht biu ngm nh DENY cui mt route map. Hnh ng theo sau ca pht biu deny ny ty thuc route map c dng nh th no. hiu iu ny mt cch chnh xc, bn cn hiu chnh xc route map hot ng nh th no. Danh sch sau y s gii thch logic ca hot ng route-map: Pht biu ca route map dng cho PBR c th c nh du nh l permit hoc deny Ch nu pht biu c nh du nh permit v gi tin b so trng, lnh set mi c p dng. Cc pht biu trong route-map s tng ng vi cc dng ca mt access- list.
Nhm 10 Page 35
ti : Router & ACLs
Ch ra mt iu kin so snh trong route map th cng tng t nh ch ra ngun v ch trong access list Cc pht biu trong route map c so snh vi ng i ca gi xem c mt so trng no hay khng. Cc pht biu ny s c ln lt kim tra t trn xung di. Mt pht biu so trng c th cha nhiu iu kin. t nht mt iu kin trong pht biu match phi l ng. y l php logic OR Mt route-map c th cha nhiu pht biu so snh. Tt c cc pht biu match trong route map phi c xem xt l ng cho pht biu ca route map l so trng. iu kin ny gi l php logic AND. Route-map c s dng trong bn trng hp: Dng vi NAT Dng trong redistribution Dng vi BGP Dng trong PBR Cu lnh access list trong Cisco IOS thng c dng nh l mt cng c chn la "matching" mt mu traffic no i qua router. Nh bn cng bit, trng thi bnh thng, router cho php hu nh mi lu lng IP i qua n. Nu, trong mt iu kin no , bn khng mun cho lu lng mail (SMTP/POP3) c i qua router, bn cn cm cc traffic ny. Lc ny, bn vit ra mt accesslist, "quan tm" n TCP (SMTP/POP3). Sau bn p access list vo cng ca router, theo chiu IN/OUT.
Nhm 10
Page 36
ti : Router & ACLs
Trong v d trn, access list c dng lc gi. V d cng ch ra l bn cn ch ra traffic m bn ang quan tm (SMTP/POP3), bc k tip l bn p dng access list vo mt interface no ca router. Vy, ACL l mt cng c la ra mt loi traffic no m mnh quan tm. Cng c route-map trong Cisco IOS cung cp mt thun ton tng t nh logic If/Then/Else thng thy trong cc ngn ng lp trnh. Mt route map cha mt hoc nhiu cu lnh route-map v router s x l cc cu lnh route-map da vo th t i km vi chng. Mi cu lnh route-map c nhng thng s so trng (match) bn trong c cu hnh bng cu lnh match. ( so trng tt c gi tin, mt mnh route-map ch n gin a ra mt cu lnh match). ng thi, cu lnh route-map cng c mt hoc nhiu cu lnh ty chn set dng p t thng tin, chng hn p t metric cho mt s route c redistribute. Nh vy, mt cm gic ging nhau gia hai cu lnh l c hai cng c th th hin thun ton if-then khi cu hnh router. Tuy nhin, s khc nhau l route-map mang tnh cht tng qut hn. V trong route map cng c dng access list. Cc quy lut tng qut ca route map nh sau: Mi cu lnh route-map phi c mt tn gi r rng, tt c cc cu lnh c cng tn gi ny u thuc chung mt route map. Mi cu lnh route-map phi c mt hnh ng (permit hoc deny). Mi cu lnh route-map c mt s th t duy nht, cho php xa, chn cc cu lnh route-map n. Khi dng route-map trong qu trnh redistribute, route map s x l route ly t bng nh tuyn hin thi ch khng ly t database. Route map c x l tun t da vo s th t nh km trong cc cu lnh route-map.
Nhm 10 Page 37
ti : Router & ACLs
Khi mt route c th c so trng trong route map, n s khng c x l trong cc cu lnh route-map ng sau na (dng cho redistribution). Khi mt route c so trng vi pht biu route map, nu route-map c thng s permit i km th route s c redistribute (dng cho redistribution). Khi mt route c so trng vi pht biu route map, nu route-map c thng s deny i km th route s khng c redistribute (dng cho redistribution) Route map thng hay gy nhm ln, c bit khi dng thng s deny trong cu lnh route-map. V d v route-map: Route-filtering in redistribution: Router(config)# access-list 1 deny 192.168.1.0 0.0.255 Router(config)# access-list 1 deny 192.168.2.0 0.0.255 Router(config)# access-list 1 permit any Router(config)# route-map MYMAP permit 10 Router(config-route-map)# match ip address 1 Router(config-route-map)# set tag 150 Router(config)# router ospf 1 Router(config-router)# redistribute eigrp 10 metric 3 subnets route-map MYMAP BGP route-filtering: Router(config)# access-list 1 permit 10.1.1.0 0.0.0.255 Router(config)# route-map MYMAP permit 10 Router(config-route-map)# match ip address 1 Router(config-route-map)# set metric 100 Router(config-route-map)# route-map MYMAP permit 20 Router(config)# router bgp 100 Router(config-router)# neighbor 172.16.1.1 route-map MYMAP out
Nhm 10
Page 38
ti : Router & ACLs
PHN 6. CU HNH SYSLOG CHO ROUTER (LOGGING CONCEPTS)
1. Syslog: Syslog l mt cng c (phn mm) s dng lu tr cc s kin xy ra trn mt thit b, h thng phc v cho cng tc qun tr, pht hin cc xm nhp tri php... Syslog c xy dng da trn cc Trap (phn loi cc s kin) c tt c khong 7Trap. Nhng thng thng th ch dng Trap Information vi Trap Debugging. Cu hnh Log ch cn vi cu lnh v mt my tnh ci sn phn mm Syslog. Cc phn mm Syslog c th s dng l Kiwi-Syslog (Free), Solarwind tn ph .... Cu lnh cu hnh : Router(config)#logging <a ch IP ca my ci phn mm Syslog> Router(config)#logging trap debugging (c th thay th debugging bng s 7). Rt nhiu thit b ca Cisco bao gm router,switch,Pix firewall,ASA u c kh nng s dng syslog gi cc thng tin v h thng,cnh bo.V d nh mt Cisco router s to ra mt syslog nu cng b down hay c s thay i v cu hnh.Ta c th cu hnh cho cc thit b Cisco gi thng tin syslog n 1 syslog server bn ngoi c th lu tr tp trung, trong trng hp kt ni n syslog server b ngt th ton b thng tin v syslog ca thit b s c lu tr cc b. Syslog s dng User Datagram Protocol (UDP), cng 514 mc nh truyn d liu. Mt gi tin syslog s gii hn trong 1024 bytes gm 5 thng tin sau: Facility(1): phn loi ngun sinh ra syslog (ng dng, h iu hnh, cc tin trnh..) Mc nh, thit b s dng Cisco IOS, CatOS switches, v VPN 3000 Concentrators s dng facility l local7 , trong khi Cisco PIX Firewalls s dng local4 trong thng tin syslog. Severity(2): Mc pht sinh ra cc thng tin syslog c phn chia ra nh sau:
Nhm 10 Page 39
ti : Router & ACLs
0 1 2 3 4 5 6 7
Emergency: Alert: Critical: Error: Warning: Notice: Informational: Debug:
System is unusable. Action must be taken immediately. Critical conditions. Error conditions. Warning conditions. Normal but significant condition. Informational messages. Debug-level messages.
Thit b Cisco s dng mc Emergency n Warning thng bo cc vn lin quan cc vn v phn mm v phn cng. Tin trnh khi ng li ,cng up/down th c gi vi mc Notice. H thng khi ng li l mc Informational. Kt qu ca lnh debug l mc Debug. Hostname(3): C th l tn hoc Ip ca thit b sinh ra syslog Timestamp(4):Thi gian sinh ra syslog theo nh dng MMM DD HH:MM:SS .Thi gian sinh ra syslog phi chnh xc nn khi trin khai dch v ny ta thng kt hp vi giao thc NTP(Network Time Protocol) ng b thng tin v thi gian trn tt c thit b . Message(5): Ni dung Syslog
Nhm 10
Page 40
ti : Router & ACLs
Giao din chng trnh Kiwi Syslog
Nhm 10
Page 41

Bao Cao Final

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bao Cao Final

Uploaded by

Copyright:

Available Formats

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

pcp pim tcp udp

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

PHN 4: ACCESS CONTROL LISTS (ACL)

Mt s khi nim v ACL.

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs

Trng DH Cng Ngh thng Tin

ti : Router & ACLs