CCNA

HC K 3

Ti liu hng dn Version 1.0

Mc Lc
(Hc k 2) Bi 1: Gii thiu Review LAB. 1-1 Bi 2: Trin khai VLANs v Trunks. 2-1 Bi 3: Ci tin hiu sut vi Spanning Tree. 3-1 Bi 4: nh tuyn gia cc VLAN... 4-1 Bi 5: Bo mt mng m rng.. 5-1 Bi 6: X l li mng Switch... 6-1 Bi 7: Tng quan hat ng nh tuyn.... 7-1 Bi 8: Thit lp VLSM.. 8-1 Bi 9: Tirn khai OSPF. 9-1 Bi 10: Chun on v x l li OSPF 10-1

Bi 1: Gii thiu Review Lab

Thit lp mt mng nh

1-1

1-1

Cc chc nng ca Cisco IOS User Interface

CLI c dng nhp lnh. C nhng hat ng khc nhau gia router v switch, nhng c hai dng chung CLI. Phm Enter dng thit b phn tch v thc thi mt lnh. CLI dng tp lnh c phn tng theo tng ch cu hnh. Ngi s dng c th nh trc tip hoc dn cu hnh thng qua cng console. Cc ch cu hnh c cc giao din khc nhau. 2 ch cu hnh chnh la ch User v ch Privileged. Nhng s thay i cu hnh khng c lu tr t ng.

1-2

1-2

Overview of Cisco IOS Configuration Modes

1-3

1-3

Help Facilities of the Cisco IOS CLI

1-4

1-4

Commands Review Discussion

What does the command accomplish? From what configuration mode is the command executed?
1-5

1-5

Access to the Remote Labs

Use this module review to complete an introductory lab, which will become the basis for all subsequent lab activities.
1-6

1-6

Tm tt
Cu hnh c bn ca router va switch bao gm cu hnh hostname xc nh thit b, cu hnh cc mt khu (passwords) bo mt, v cu hnh a ch IP to kt ni. Bn dng CLI nhp lnh. Bn dng lnh configure terminal chuyn vo Global configuration mode. that khi Global configuration mode bn c th dng lnh end hoc nhn t hp phm Ctrl-Z. CLI cung cp cho bn c ch context-sensitive help, console error messages, v command history buffer.

1-7

1-7

1-8

1-8

Bi 2: Trin khai VLANs v Trunks

Xy dng mng switch kch thc trung bnh

2-1

2-1

Nhng vn trong mt mng c thit k ngho nn

Khng phn ranh gii c nhng domain li Broadcast domain ln Khi lng khng bit a ch MAC ca thng tin unicast ln Khng phn ranh gii c nhng thng tin multicast Kh khn trong qun l v h tr C th b tn thng v bo mt

2-2

Mt mng c thit k ngho nn s lm tng chi ph h tr, lm gim nhng dch v c sn, v hn ch h tr nhng ng dng v gii php mi. Hiu sut t lm nh hng n nhng ngi dng cui v truy cp n nhng ti nguyn trung tm. Mt vi vn c a ra t vic thit k mng ngho nn nh sau: Domain li: mt trong nhng l do quan trng nht trin khai mt thit k mng hiu qu l li xy ra trong phm vi nh nht. Khi nhng ng bin tng 2 v 3 khng c nh ngha r rng, li trong mt mng c th c nh hng rng Broadcast domain: broadcast tn ti trong mi mng. Nhiu ng dng v thao tc mng yu cu tnh nng broadcast; v th khng th lai b chng trit . Trong han cnh ny phi nh ngha nhng ng ranh gii mt cch r rng, broadcast domain cng nn c ng bin r rng v mt s thit b lm gim ti thiu nh hng broadcast Khi lng khng bit a ch MAC ca thng tin unicast ln: cisco catalyst switch gii hn chuyn nhng unicast frame, c a ch unicast, n cc port. Tuy nhin, khi mt frame c a ch ch khng tn ti trong bng a ch MAC, n c flood ra tt c cc port ngai tr port nhn. Hnh vi ny c gi l unknown MAC unicast flooding. Hnh ng flood ny lm vt traffic trn tt c cc port ca switch, card mng phi u tranh vi s lng frame ln trn dy. V khi d liu c lan truyn trn dy m n khng c mc ch, bo mt c th b e da

2-2

Thng tin multicast n cc port khng mong mun: a ch IP multicast l mt k thut cho php thng tin IP c lan truyn t mt ngi gi n mt nhm ngi nhn bng cch dng cp a ch IP v MAC multicast. Ging nh vic flood unicast v broadcast, nhng multicast frame cng c flood ra tt c cc port trn switch. Mt thit k thch hp cho php ngn chn nhng multicast frame trong khi vn cho php chng hat ng Kh khn trong vic qun l v h tr: mt mng c thit k ngho nn c th b ph ri v cung cp t liu ngho nn v thiu dng thng tin c nh ngha. N lm cho vic h tr, duy tr, v gii quyt vn kh khn v tn thi gian. C th b tn thng v bo mt: mt mng switch, nu t s quan tm v bo mt ti tng access c th e da n tnh tan vn ca tan mng Mt mng c thit k ngho nn lun lun c tc ng ngc li v tr thnh mt gnh nng v ti chnh v h tr cho bt k t chc no

2-3

Tng quan v VLAN

Phn an Linh hat B o m t

VLAN = Broadcast Domain = Logical Network (Subnet)

2-4

Mt VLAN l mt broadcast domain logic m c th m rng trn nhiu LAN vt l. Trong mt mng switch, VLAN cung cp s phn an v linh hat trong t chc. Bn c th thit k mt cu trc VLAN m cho php bn nhm nhng my trm li vi nhau theo tnh nng, i d n, v cc ng dng m khng quan tm n v tri ca ngi dng. Bn c th gn mi port ca switch n mt VLAN, theo cch to mt tng bo mt. Nhng port trong cng VLAN chia s mt broadcast domain, nhng port trong cc VLAN khc nhau khng cng broadcast domain. VLAN ci tin hiu sut ca mng Trong mt mng switch, VLANs cung cp phn an v linh hat trong t chc. Dng k thut VLAN, bn c th nhm nhng port v user kt ni n port thnh nhng nhm logic, chng hn nh nhng ngi cng s trong cng phng ban, nhng nhm sn xut theo tnh nng, hoc nhng nhm ngi dng chia s cng ng dng mng Mt VLAN c th tn ti trn mt switch n hoc m rng trn nhiu switch. Nhng VLAN c th gm nhng my trm trong mt ta nh hoc trn nhiu. Nhng VLAN cng c th kt ni ngang qua WAN

2-4

Thit k VLANs cho mt t chc

Thit k VLAN phi quan tm n vic trin khai c ch a ch mng phn cp. Nhng li ch ca a ch phn cp: D qun v x l li Hn ch li ti thiu Gim s dng trong bng nh tuyn

2-5

Mi VLAN trong mng switch tng ng vi mt mng IP. V th thit k VLAN phi quan tm n c ch a ch mng phn cp. a ch mng phn cp ngha l s mng IP c gn n nhng an mng hay cc VLAN trong mt m hnh c trt t. Nhng nhm a ch mng lin tc c gi li v cu hnh trn nhng thit b trong mt vng mng ring bit. Mt vi li ch ca c ch a ch phn cp: D qun l v x l li: mt c ch a ch phn cp nhm nhng a ch mng mt cch lin tc. Do , mt c ch a ch IP phn cp gip cho tm, qun l mng v x l li nhiu hiu qu hn t li hn: gn a ch mng mt cch c trt t c th hn ch li v gn a ch trng lp Gim cc dng trong bng nh tuyn: trong mt k hach a ch phn cp, cc giao thc nh tuyn c th thi hnh route summarization, cho php mt dng nh tuyn n biu din mt tp hp mng IP. Route summarization lm cho bng nh tuyn c nhiu kh nng qun l v cung cp nhng li ch sau: Chu k CPU t hn khi tnh tan li bng nh tuyn hoc sp xp nhng dng ca bng nh tuyn tm mt dng ph hp Gim b nh router Hi t nhanh hn sau khi mt thay i xy ra trong mng X l li d hn

2-5

Hng dn gn vng a ch IP

Gn mt IP Subnet trn mt VLAN. Gn nhng vng a ch IP trong nhng block lin tc

2-6

M hnh kin trc ca hng Cisco cung cp mt khung lm vic theo module cho vic thit k v trin khai mng. N cng cung cp mt cu trc l tng ph mt c ch a ch IP phn cp. Sau y l mt vi hng dn: Thit k c ch a ch IP cho cc block a ch mng l 2^n (v d 4,8,16,32,) c gn n cc subnet ca cc switch tng access v distibution. Vi phng ny cho php bn summarize thnh mt a ch mng ln hn. Ti tng distribution, tip tc gn a ch mng lin tc ngai nhng thit b tng access Mt subnet cho mt VLAN. Mi VLAN l mt broadcast domain ring bit Khi c th, subnet nn biu din dng binary trnh chiu di subnet mask thay i. Cch ny gip hn ch li v mu thun khi x l li hoc khi cu hnh nhng thit b hoc segment mi

2-6

Nhng lai thng tin trn mng

Khi thit k VLAN cn phi xem xt nhng lai thng tin trn mng nh:
qun l mng IP telephone IP Multicast D liu thng thng Scavenger class

2-7

Sau y lit k nhng lai thng tin mng khc nhau m cn phi xem xt trc khi t thit b v cu hnh VLAN Network management: nhiu lai thng tin qun l mng khc nhau c th tn ti trn mng, chng hn nh BPDU, CDP update, SNMP, RMON. Lm cho x l li mng d hn, mt vi ngi thit k gn mt VLAN ring mang nhng lai thng tin qun l mng chnh Ip telephone: c 2 lai thng tin IP telephone: thng tin tn hiu gia cc thit b u cui (in thai IP v softswitch, nh Cisco Unified CallManager) v nhng gi tin d liu ca chnh cuc hi thai voice. Ngi thit k thng cu hnh d liu n v t in thoi IP trn mt VLAN ring bit c thit k cho thng tin voice m chng c th p dng QoS xt u tin cao cho thng tin voice Ip multicast: thng tin IP multicast c gi t mt a ch ngun n mt nhm m n c nh ngha bi mt cp a ch IP v MAC ch. V d, ng dng to ra loi thng tin ny l Cisco IP/TV broadcast v phn mm bng giao din ha cu hnh nhanh my trm v my ch. Thng tin multicast c th to ra khi lng dng d liu ln ngang qua mng. V d, d liu video t chng trnh dy trc tuyn, ng dng bo mt, cisco meeting place, v Cisco TelePresence tng nhanh trn mt vi mng. Switch phi c cu hnh theo di nhng thng tin ny c lm trn ngp t mt thit b khng yu cu, v cc router phi c cu hnh chc chn rng thng tin multicast c chuyn n ng mng c yu cu.

2-7

Normal data: thng tin d liu thng thng l thng tin ng dng in hnh m n lin quan n tp tin v dch v in n, email, trnh duyt internet, truy cp database, v cc ng dng mng chia s khc. D liu ny s cn i x cng cch hoc khc cch trong nhng phn khc nhau ca mng, ph thuc vo khi lng ca mi lai. V d lai thng tin ny l SMB, NCP, SMTP, SQL, HTTP Scavenger class: gm tt c thng tin ca cc giao thc hay nhng mu m vt qu dng d liu bnh thng ca chng. Lai thng tin ny c s dng bo v mng t dng thng tin khc thng m c th lm nguy him n cc chng trnh ang chy cc PC. N cng c dng cho thng tin less than best effort, nh thng tin peer-to-peer

2-8

u im ca Voice VLANs
Cc in thai c phn an thnh nhng mng logic ring bit Cung cp iu khin v phn an mng Cho php ngi qun tr to v p dng QoS Cho php ngi qun tr to v p dng chnh sch bo mt

2-9

Mt vi Cisco Catalyst switch a ra mt tnh nng gi l voice VLAN, m cho php bn trin khai mt k thut voice trn mng d liu. Bn c th phn cc in thai thnh nhng mng logic ring bit, xem c s h tng voice v d liu cng vt l Tnh nng voice VLAN t cc in thai vo VLAN ngai bt k s can thip ca ngi dng cui. n gin, ngi dng gn in thoi vo switch, v switch cung cp cho in thai nhng thng tin VLAN cn thit C rt nhiu u im khi s dng voice VLAN. Ngi qun tr mng c th duy tr s phn chia VLAN mt cch khng ranh gii, ngay c cc in thai di chuyn n v tr mi. Bng cch t cc in thai vo VLAN, ngi qun tr mng c nhng u im v phn an v iu khin mng. N cng cho php ngi qun tr gi li k thut IP ang tn ti v d gn in thai IP vo cc subnet khc nhau bng cch dng DHCP. Thm vo , vi in thai trong VLAN v subnet, ngi qun tr mng c th nhn dng v x l l imng mt cch d dng v to ra v p dng QoS hoc chnh sch bo mt Vi tnh nng voice VLAN, ngi qun tr c tt c u im v hi t cu trc h tng vt l, trong lc duy tr k thut logic ring bit cho thit b u cui voice v data. Cu hnh ny to nhiu hiu qu khi qun l mng c nhiu dch v

2-9

Hat ng ca VLAN

2-10

Switch c hat ng tng t bridge. Mi VLAN m bn cu hnh trn switch thi hnh hc, quyt nh chuyn v lc, v c ch trnh lp khi nu VLAN l mt bridge vt l ring bit Switch thi hnh VLAN bng cch gii hn chuyn thng tin n port ch trong cng VLAN. V th, khi mt frame n 1 port trn switch, switch phi truyn li frame ch n nhng port cng VLAN. Trong thc t, mt VLAN m hat ng trn mt switch gii hn truyn thng tin unicast, multicast, v broadcast. Mt port thng ch mang thng tin cho VLAN n m n thuc. i vi mt VLAN m rng ngang qua nhiu switch, mt ng trunk yu cu kt ni 2 switch. Mt ng trunk c th mang thng tin cho nhiu VLAN.

2-10

Nhng c ch thnh vin ca VLAN

2-11

Bn cu hnh cc port thuc mt VLAN ph hp. Cc port ca Cisco catalyst switch c th c mt trong cc c ch thnh vin sau: Static VLAN: ngi qun tr s gn cc port vo cc VLAN mt cch tnh Dynamic VLAN: cisco catalyst switch h tr dynamic VLAN bng cch dng mt VLAN Management Policy Server (VMPS). Mt vi switch c thit k nh l mt VMPS; bn cng c th thit k mt my ch nh mt VMPS. VMPS cha mt c s d liu m n nh x a ch MAC c gn vo VLAN no. Khi mt frame n mt port ng trn switch, switch truy vn VMPS server bit VLAN no c gn vi a ch MAC ngun ca frame va nhn. Ti mt thi im, mt port ng ch thuc mt VLAN. Nhiu host c th hat ng trn mt port ng ch khi chng cng VLAN. Voice VLAN: mt voice VLAN port l mt access port c gn n mt Cisco IP phone, c cu hnh dng VLAN cho thng tin voice v VLAN khc cho thng tin d liu m c nhn t mt thit b c gn n phone

2-11

Giao thc trunking 802.1Q

2-12

Mt ng trunk l mt kt ni im ni im gia mt hay nhiu interface ca switch v cc thit b khc nh router hoc switch. ng trunk Ethernet mang thng tin ca nhiu VLAN trn mt kt ni n v cho php bn m rng VLAN ngang qua mng. Cisco h tr IEEE 802.1Q cho interface Fast Ethernet v gigabit Ethernet Cc ng trunk ethernet h tr nhng c ch trunk cc nhau. Bn c th cu hnh interface l trunk hay khng trunk, hoc n m phn trunk vi interface kia. Mi port 802.1q c gn n mt ng trunk. Tt c cc port trn mt ng trunk l mt native VLAN. Mi port 802.1q c gn mt gi tr nhn dng m n da trn native VLAN ID (VID) ca port (mc nh l VLAN1). Tt c frame khng gn th ghi a ch c gn vo VLAN ch ra trong bin VID

2-12

802.1Q Frame

2-13

IEEE 802.1Q s dng mt c ch gn a ch ni b bng cch thm mt ct 4byte vo ct Source Address v Type hoc Length ca ethernet frame gc. Bi v 802.1q thay i frame, thit b trunk tnh tan li FCS ca frame c chnh sa. Switch c nhim v tm ti ct a ch 4byte gn vo v quyt nh s phn pht frame n ni no. Mt phn nh ca ct a ch 4byte, chnh xc l 3bit, c s dng ch ra u tin ca frame. Chi tit ca ci ny c ch ra trong chun IEEE 802.1p. Header ca 802.1q cha ct 802.1p, v th bn phi c 802.1q c 802.1p

2-13

Hiu v Native VLANs

2-14

Mt ng trunk 802.1q v nhng port trunk c gn n n c mt gi tr native VLAN. 802.1q khng gn ct a ch cho native VLAN . V th, cc trm gc c th c nhng frame khng gn ct a ch nhng khng th c bt k frame khc bi v cc frame ny gn ct a ch

2-14

Tnh nng VTP

2-15

VTP l mt giao thc thng ip tng 2 nhm duy tr tnh n nh cho cu hnh VLAN bng cch qun l vic to, xa, v thay i tn ca cc VLAN ngang qua mng. VTP hn ch cu hnh li v cu hnh khng n nh m c th l nguyn nhn cc vn , chng hn nh trng ln VLAN hoc ch ra lai VLAN khng ng Mt VTP domain l mt hay nhiu switch kt ni vi nhau chia s cng mi trng VTP. Bn c th cu hnh mt switch ch thuc 1 VTP domain Mc nh, mt cisco catalyst switch khng c domain qun l n khi nhn mt qung b cho mt domain trn ng trunk hoc n khi bn cu hnh mt domain. Cu hnh lm trn mt VTP server c lan truyn ngang qua ng trunk n tt c switch kt ni trong mng

2-15

C ch VTP

To VLANs Chnh sa VLANs Xa VLANs Gi v chuyn qung b ng b

Khng th to, thay i, hoc xa VLANS Gi v chuyn nhng qung b ng b

Ch to VLANs cc b Chnh sa VLANs cc b Xa VLANs cc b Chuyn qung b Khng ng b

2-16

VTP hat ng trong 3 c ch: server, transparent, hoc client. Bn c th han thnh nhng tc v khc nhau ph thuc vo c ch hat ng ca VTP. c im ca 3 c ch ny nh sau: Server: y l c ch VTP mc nh., nhng VLAN khng c lan truyn trn mng n khi tn domain qun l c ch ra hoc c hc. Khi bn thay i cu hnh VLAN trn mt VTP server, cc thay i c lan truyn n tt c switch trong domain. Thng ip VTP c gi ra ngai tt c cc kt ni trunk Transparent: khi bn thay i cu hnh VLAN trong c ch transparent, thay i ch nh hng n switch cc b v khng lan truyn n cc switch khc trong domain. C ch transparent chuyn thng ip VTP m n c nhn trong domain Client: bn khng th thay i cu hnh VLAN khi trong c ch client, tuy nhin, mt client c th gi bt k VLAN hin hnh c lit k trong database ca n n nhng switch trong c ch khc. Thng ip VTP cng c chuyn trong c ch client VTP Client chy h iu hnh Cisco Catalyst khng lu VLAN trong NVRAM. Khi switch khi ng li, VLAN khng c gi li v revision number c gi tr bng 0. tuy nhin, Cisco IOS VTP client lu VLAN trong tp tin vlan.dat trong b nh flash, bng VLAN v revision number c gi li.

2-16

Hat ng ca VTP
Thng ip VTP c gi nh l multicast. VTP servers and clients c ng b n revision number sau cng. Thng ip VTP c gi mi ln 5pht hoc khi c thay i.

2-17

Thng ip VTP c flood ngang qua domain qun l. Thng ip VTP c gi mi ln 5 pht hoc khi c thay i xy ra. Nhng qung b c truyn trn VLAN mc nh (VLAN 1) dng mt multicast frame. Mt revisin number c a vo mi thng ip VTP. Revision number cao hn ch ra thng tin ang c qung b l hin hnh hn thng tin lu Mt trong nhng thnh phn chnh nht ca VTP l revision number. Mi ln VTP server chnh sa thng tin VLAN ca n, VTP server tng revision number ln mt. Sau , server gi ra ngai mt thng ip VTP vi revision number mi hn. Nu revision number ang qung b cao hn s c lu trn switch khc trong VTP domain, switch s ghi thng tin mi ln thng tin ang lu. Revision number ca c ch transparent lun lun bng 0 Mt thit b nhn thng ip VTP phi kim tra s khc nhau ca cc bin trc khi cng tc nhn thng tin VLAN. u tin, tn domain v mt khu trong thng ip phi trng vi cu hnh ca switch cc b. K tip, nu revision number ch ra trong thng ip cao hn s ang lu, switch cng tc qung b thng tin VLAN. khi to li revision number trn mt vi Cisco catalyst switch, dng lnh delete vtp. Trn nhiu Cisco Catalyst switch bn c th thay i VTP domain thnh mt tn khc v sau i n tr li khi to li revisin number

2-17

VTP Pruning

2-18

VTP Pruning dng thng ip VLAN quyt nh khi no mt ng trunk ang flood thng tin khng cn thit Mc nh, mt ng trunk mang thng tin ca tt c VLAN trong VTP domain. N khng thng dng cho mt vi switch trong mt mng ln khng c port cc b c cu hnh trong mi VLAN. Hnh v ch ra mt mng switch vi VTP pruning c cu hnh. Ch c switch 2,4, v 5 h tr cc port c cu hnh trong VLAN 3. Switch 5 khong chuyn thng tin broadcast t my X n switch 1 v 3. VTP pruning lm tng bng thng c sn bng cch gii hn flood thng tin n nhng ng trunk m thng tin phi dng truy cp n nhng thit b mng ph hp. Bn ch cu hnh VTP puning trn VTP server v khng c trn client.

2-18

Cu hnh VLANs v Trunks

1. Cu hnh v kim tra VTP. 2. Cu hnh v kim tra 802.1Q trunks. 3. To hay chnh sa mt VLAN trn VTP server switch. 4. Gn port n VLAN v kim tra. 5. Thc hin to, di chuyn v thay i. 6. Lu cu hnh VLAN.

2-19

Bn s dng cc bc sau cu hnh v kim tra mt switch: Quyt nh c s dng VTP hay khng. Nu VTP c dng, cu hnh VTP trong c ch server, client, hoc transparent Cho php trunking trn cc switch kt ni vi nhau To VLAN trn VTP server v c nhng VLAN lan truyn n switch khc Gn port n VLAN bng cch tnh hay ng Thc thi thm, di chuyn, v thay i cc port Lu cu hnh VLAN

2-19

Hng dn cu hnh VTP

VTP mc nh trn Cisco Catalyst switch: VTP domain name: None VTP mode: Server mode VTP pruning: Enabled or disabled (model specific) VTP password: Null VTP version: Version 1 Mt switch mi c th t ng tr thnh phn ca domain khi n nhn c mt thng ip t server. Mt VTP client c th vit mt database ca VTP server database nu client c revision number cao hn. Mt domain name khng th xa sau khi n c gn; n ch c th c gn li.

2-20

Khi to VLAN, bn phi quyt nh c s dng VTP hay khng. Vi VTP, bn c th lm thay i cu hnh trn mt hay nhiu switch, v nhng thay i ny t ng lan truyn n switch khc trong cng VTP domain Mc nh gi tr cu hnh VTP ph thuc vo m hnh switch v phin bn phn mm. Gi tr mc nh ca cisco catalyst switch nh sau: VTP domain name: None VTP mode: Server mode VTP pruning: Enabled or disabled (model specific) VTP password: Null VTP version: Version 1 VTP domain name c th c ch ra hoc c hc. Mc nh, domain name khng c cu hnh. Bn c th thit lp password cho VTP domain name. tuy nhin, nu bn khng gn password ging nhau trn cc switch trong domain , VTP khng hat ng c. VTP pruning l mt bin VLAN m giao thc VTP qung b. Cu hnh hay khng cu hnh VTP pruning trn mt VTP server lan truyn thay i ngang qua domain

2-20

To mt VTP Domain

SwitchX# configure terminal SwitchX(config)# vtp mode [ server | client | transparent ] SwitchX(config)# vtp domain domain-name SwitchX(config)# vtp password password SwitchX(config)# vtp pruning SwitchX(config)# end

2-21

Dng lnh vtp trong global configuration chnh sa cu hnh VTP, gm tn tp tin lu tr, domain name, interface, v c ch. Dng no vtp xa tn tp tin hoc tr ra gi tr mc nh. Khi c ch VTP l transparent, bn c th lu cu hnh VTP trong tp tin cu hnh ca switch bng cch dng lnh copy running-config startup-config.

2-21

V d v cu hnh v kim tra VTP

SwitchX(config)# vtp domain ICND Changing VTP domain name to ICND SwitchX(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode. SwitchX(config)# end SwitchX# show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : ICND VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F 0xAA Configuration last modified by 10.1.1.4 at 3-3-93 20:08:05 SwitchX#

2-22

Hnh v chng minh nhng lnh m bn dng cu hnh VTP v hin th trng thi VTP. c im ca switch trong v d nh sau: Switch l transparent trong VTP domain VTP domain name l ICND Pruning khng c cu hnh Revision number l 0

2-22

Nhng vn 802.1Q
Chc chn rng native VLAN cho mt ng trunk 802.1Q l ging nhau trn c 2 u ca ng trunk. Ch : native VLAN frames khng c gn ct a ch. Mt trunk port khng th l mt secure port. Tt c 802.1Q trunking ports trong mt nhm EtherChannel phi c cng cu hnh

2-23

Giao thc 802.1q mang thng tin nhiu VLAN trn mt lin kt n trn mt mng nhiu hng khc nhau. ng trunk 802.1q c nhiu gii hn. Bn nn xem xt nhng vn sau: Chc chn rng native VLAN cho mt ng trunk 802.1q l ging nhau trn c 2 u ca ng trunk. Nu chng khc, kt qu l lp spanning tree. Nhng frame ca native VLAN khng c gn ct a ch Sau y ch ra cch 802.1q tng tc vi nhng tnh nng khc ca switch Secure ports: mt trunk port khng th l mt secure port Port grouping: bn c th nhm nhng ng trunk thnh nhng nhm EtherChannel, nhng tt c ng trunk trong cng nhm phi c cng cu hnh. Khi bn to mt nhm u tin, tt c cc port, sau khi cc bin m c cu hnh cho port u tin bn gn n group, u nhn gi tr ny. Nu bn thay i cu hnh ca mt trong cc bin ny, switch s lan truyn nhng thay i ny n tt c cc port trong nhm. Nhng thit lp gm: Danh sch VLAN c cho php Gi thnh ng Spanning Tree Protocol cho mi VLAN u tin ca STP port i vi mi VLAN Cu hnh STP PortFast Trng thi trunkl; nu mt port trong nhm ngng trunk, tt c cc port ngng trunk

2-23

Cu hnh 802.1Q Trunking

SwitchX(config-if)#

switchport mode {access |

dynamic {auto | desirable} | trunk}

Cu hnh c im trunk ca port

SwitchX(config-if)#

switchport mode trunk

Cu hnh mt port nh l port trunk

2-24

Dng lnh switchport mode trong mode cu hnh interface xt mt Fast Ethernet hoc giagabit ethernet port tr thnh trunk port. Nhiu Cisco Catalyst Switch h tr Dynamic Trunking Protocol (DTP), m qun l m phn trunk t ng Trunk: cu hnh port tr thnh trunk c nh 802.1q v m phn vi thit b kt ni chuyn lin kt thnh trunk Access: xa trunk v m phn vi thit b kt ni chuyn kt ni thnh khng trunk Dynamic desirable: port s t ng m phn vi thit b kt ni tr thnh trunk hay khng trunk. Nu thit b kt ni n trng thi trunk hoc trng thi auto th port tr thnh trunk. Ngc li, port s l khng trunk Dynamic auto: cho php port tr thnh trunk ch khi nu thit b kt ni n co trng thi trunk hoc mong mun. Nu khng thi port tr thh port khng trunk Lnh switchport nonegotiate ch ra rng gi tin m phn DTP khng c gi trn interface tng 2. switch khng cam kt trong m phn DTP trn interface ny. Lnh ny ch c gi tr khi interface trong mode trunk hoc access. Lnh ny tr ra 1 li nu bn c gng thc thi n trong mode dynamic. Thm no trc lnh ny tr ra nhng thit lp mc nh. Khi bn cu hnh mt port vi lnh switchport nonegotiate, port trunk ch khi nu u bn kia ca link c cu hnh trunk.

Lnh c 4 ty chn:

2-24

Lnh switchport nonegotiate khng hnh thnh mt ng trunk mode dynamic desirable hoc dynamic auto Sau y ch ra nhng bc cu hnh mt port l mt port trunk theo 802.1q, bt u trong priviledge EXEC mode Step 1: vo mode cu hnh interface v port cu hnh trunking SwitchX(config)# interface int_type int_number Step 2: Cu hnh mt port nh l VLAN trunk SwitchX(config-if)# switchport mode trunk Mt vi Cisco Catalyst Switch ch h tr cch ng gi 802.1q, m c cu hnh t ng khi trunk c cho php trn interface bng cch dng lnh switchport mode trunk

2-25

Kim tra mt ng Trunk

SwitchX# show interfaces interface [switchport | trunk] SwitchX# show interfaces fa0/11 switchport Name: Fa0/11 Switchport: Enabled Administrative Mode: trunk Operational Mode: down Administrative Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) . . . SwitchX# show interfaces fa0/11 trunk Port Fa0/11 Port Fa0/11 Port Fa0/11 Mode desirable Encapsulation 802.1q Status trunking Native vlan 1

Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1-13

2-26

kim tra cu hnh trunk trn nhiu cisco catalyst switch, dng lnh show interface inerface switchport hoc show interface interface trunk hin th nhng bin trunk v thng tin VLAN ca port

2-26

Hng dn to VLAN
S VLANs ti a l ph thuc vo switch. Hu ht switch h tr 128 spanning tree instance ring bit, mt ci trn mt VLAN. VLAN 1 l Ethernet VLAN mc nh Nhng qung b Cisco Discovery Protocol v VTP c gi trn VLAN 1. a ch IP ca switch l trong VLAN qun l (mc nh VLAN 1). Nu s dng VTP, switch phi l VTP server hoc transparent mi c th to hoc xa VLANs.

2-27

Trc khi to VLAN, bn quyt nh xem c s dng VTP duy thng tin cu hnh VLAN tan cc ca mng Hu ht switch h tr ti a 128 thc th spanning-tree. Nu s VLAN trn switch vt qu s thc th spanning tree c h tr, khuyn rng bn nn cu hnh Multiple Spanning Tree Protocol (MSTP) trn switch nh x nhiu VLAN vo mt thc th spanning-tree S VLAN ti a ph thuc vo switch. Nhiu switch ti tng access c th h tr n 250 VLAN Cisco catalyst switch c mt cu hnh mc nh ca hng h tr cc lai mi trng truyn v giao thc khc nhau. Ethernet VLAN mc nh l VLAN 1. nhng qung b CDP v VTP c gi trn VLAN1 Bn c th giao tip vi Cisco Catalyst Switch xa qun l, switch phi c mt a ch IP. a ch IP ny phi l a ch ca VLAN qun l, mc nh l VLAN1. nu VTP c cu hnh, trc khi to VLAN, switch phi trong c ch VTP server hoc VTP transparent

2-27

To mt VLAN

SwitchX# configure terminal SwitchX(config)# vlan 2 SwitchX(config-vlan)# name switchlab99

2-28

Sau y lit k cc lnh c dng to VLAN: Vlan vlan-id : ID ca VLAN c to v cu hnh. Vlan-id, trong khang 1-4094 khi enhanced software image c ci, trong khang 1-1005 khi standard software image c ci. Khng c g vo 0. bn c th g vo mt VID, hoc nhiu VID bng cch phn cch nhau bi du ,, hoc mt khang bng du ni _ Name vlan-name : (ty chn) ch ra tn VLAN, mt chui ASCII t 1 n 32 k t m phi l duy nht trong domain Mc nh, mt switch trong c ch VTP server th bn c th to, thay i, hoc xa VLAN. Nu switch trong c ch VTP client, bn khng th to, thay i, hoc xa VLAN Nhiu Cisco Catalyst switch, bn dng lnh vlan trong global configuration to VLAN v vo c ch cu hnh VLAN. Thm no trc lnh ny xa VLAN. to mt VLAN n c s d liu ca VLAN, gn mt s v tn cho VLAN. VLAN 1 l VLAN mc nh ca hng. Khang VLAN bnh thng c nh ngha t 1-1001. s VLAN t 1002 n 1005 c dnh cho VLAN Token Ring v FDDI. Nu switch trong c ch VTP Server hoc VTP transparent, bn c th to, chnh sa, hoc xa cu hnh VLAN 2 n 1001 trong c s d liu VLAN (VID 1 v 1002 n 1005 c to t ng v khng th xa) Cc cu hnh VID t 1 n 1005 c lu vo tp tin vlan.dat (c s d liu ca VLAN). Bn c th hin th thng tin VLAN bng cch g lnh show vlan. Tp tin vlan.dat c lu trong flash

2-28

 to mt Ethernet VLAN, bn phi ch ra t nht 1 s. Nu tn ca VLAN khng c ch ra, mc nh n s ni s vo t vlan. V d, VLAN0004 s l tn mc nh ca VLAN 4 nu tn khng c ch ra.

2-29

Kim tra mt VLAN

SwitchX# show vlan [brief | id vlan-id || name vlan-name]

SwitchX# show vlan id 2 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------2 switchlab99 active Fa0/2, Fa0/12 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ -----2 enet 100002 1500 0 0 . . . SwitchX#

2-30

Sau khi cu hnh VLAN, bn nn kim tra nhng bin ca VLAN . Dng lnh show vlan id vlan_number hoc show vlan name vlan_name hin th thng tin v mt VLAN no Dng lnh show vlan brief hin th mt dng cho mi VLAN m hin th tn VLAN, trng thi, v cc port ca switch Dng lnh show vlan hin th thng tin ca tt c VLAN c cu hnh. Lnh ny hin th nhng port c gn n VLAN. Nhng bin VLAN khc c hin th gm type (mc nh l Ethernet); security association ID (SAID), c s dng cho ng trunk FDDI; MTU (mc nh l 1500 cho ethernet VLAN); STP; v cc bin khc c dng cho Token Ring hoc FDDI VLAN.

2-30

Gn Port ca switch n mt VLAN

SwitchX(config-if)# switchport access [vlan vlan# | dynamic]

SwitchX# configure terminal SwitchX(config)# interface range fastethernet 0/2 - 4 SwitchX(config-if)# switchport access vlan 2 SwitchX# show vlan VLAN ---1 2 Name Status Ports -------------------------------- --------- ---------------------default active Fa0/1 switchlab99 active Fa0/2, Fa0/3, Fa0/4

2-31

Sau khi to mt VLAN, bn c th gn mt port hoc mt s port bng tay n VLAN . Ti mt thi im, mt port ch c th thuc mt VLAN. Khi bn gn mt port n VLAN bng cch ny, n c bit nh l mt static-access port Trn hu ht Cisco catalyst switch, bn gn port n VLAN t mode cu hnh interface bng lnh switchporrt access. Dng ty chn vlan vlan_number thit lp mi quan h static-access. Dng ty chn dynamic iu khin v gn bng VMPS.

2-31

Kim tra cc thnh vin ca VLAN

SwitchX# show vlan brief

SwitchX# show vlan brief VLAN Name ---- -------------------------------1 default 2 switchlab99 3 vlan3 4 vlan4 1002 fddi-default 1003 token-ring-default VLAN ---1004 1005 Name -------------------------------fddinet-default trnet-default

Status --------active active active active act/unsup act/unsup

Ports ------------------------------Fa0/1 Fa0/2, Fa0/3, Fa0/4

Status Ports --------- ------------------------------act/unsup act/unsup

2-32

Dng lnh show vlan brief trong privileged EXEC xem cc thnh vin ca tt c VLAN

2-32

Kim tra cc thnh vin ca VLAN(tt.)

SwitchX(config-if)# show interfaces interface switchport

SwitchX# show interfaces fa0/2 switchport Name: Fa0/2 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 2 (switchlab99) Trunking Native Mode VLAN: 1 (default) --- output omitted ----

2-33

Cch khc, dng lnh show interfaces interface switchport trong priviledge EXEC hin th thng tin VLAN ca mt interface

2-33

Thc th to, di chuyn, v thay i cho cc VLAN

Khi dng VTP, switch phi l VTP server hoc transparent th mi c th to, thay i, hoc xa VLAN. Khai thay i VLAN t mt switch trong c ch VTP server, nhng thay i c lan truyn n cc switch khc trong VTP domain. Thay i VLAN hm thay i mng IP Sau khi mt port c gn li mt VLAN mi, port t ng xa khi VLAN trc . Khi xa mt VLAN, bt k cc port trong VLAN khng c di chuyn n mt active VLAN s khng th giao tip vi cc trm khc.

2-34

To, di chuyn, v thay i VLAN Khi s mng, nhng yu cu ca doanh nghip, v thay i c nhn, yu cu VLAN cng thay i. to, thay i, xa VLAN, Switch phi l VTP server hoc VTP transparent. Khi bn thay i VLAN t mt switch trong c ch VTP server, nhng thay i t ng lan truyn n cc switch trong domain. Nhng thay i ca switch trong c ch VTP transparent ch c ngha cc b ti switch ; nhng thay i ny khng lan truyn trong domain To VLAN v gn port Sau khi to VLAN mi, chc chn phi lm nhng thay i cn thit n vic gn port Nhng VLAN ring bit ng l nhng mng IP ringt bit. Chc chn ln k hach a ch IP mi v trin khai n cc trm trc khi di chuyn ngi dng n VLAN mi. Nhng VLAN ring bit cng yu cu nh tuyn gia cc VLAN cho ngi dng trong VLAN mi c th giao tip vi nhng VLAN khc. nh tuyn gia cc VLAN gm thit lp nhng bin IP v dch v thch hp, gm default gateway v DHCP. Thay i VLAN v cc port thnh vin chnh sa cc thuc tnh ca VLAN, nh tn VLAN, dng lnh vlan vlanid trong global configuration

2-34

 di chuyn mt port n VLAN khc, dng cng lnh m bn dng gn port t u. Khng cn phi xa port khi VLAN lm thay i ny. Sau khi bn gn li mt port n VLAN mi, port t ng xa khi VLAN trc . Xa VLAN v cc port Khi xa mt VLAN t mt switch trong VTP server, VLAN c xa t tt c switch trong domain. Khi bn xa mt VLAN t mt switch trong VTP transparent,, VLAN ch b xa trn switch . Dng lnh no vlan vlan-id xa mt VLAN gn li mt port n VLAN mc nh (VLAN1), dng lnh no switchport access vlan trong interface configuration

2-35

Tm tt
Mt mng c thit k ngho nn lm tng h tr chi ph, gim tnh sn sng ca ng dng, v gii hn h tr nhng ng dng v gii php mi. VLANs cung cp phn an v t chc linh hat. ng trunk Ethernet mang thng tin ca nhiu VLAN trn mt lin kt n v cho php bn m rng VLAN ngang qua mng. VTP l mt giao thc thng ip tng 2 m n duy tr tnh tan vn ca cu hnh VLAN.

2-36

2-36

2-37

2-37

2-38

Bi 3: Ci tin hiu sut vi Spanning Tree

Xy dng mng switch c kch thc trung bnh

3-1

3-1

Nhng k thut kt ni
K thut Fast Ethernet S dng Kt ni nhng thit b ca ngi dng n switch tng access Kt ni cc switch tng access n switch tng distribution v cc server truy sut cao n switch Cung cp switch tc cao n nhng lin kt ca switch, backbone Cung cp switch tc cao n nhng lin kt ca switch, backbone vi s d phng

Gigabit Ethernet

10-Gigabit Ethernet EtherChannel

3-2

Mt s k thut c sn kt ni cc thit b trong mng switch. Bn chn k thut kt ni no ph thuc vo khi lng thng tin m link gnh chu. Bn s thch s dng cp hn hp gm cp ng v cp quang, da trn khang cch, nhiu, bo mt, v nhng yu cu thng mi khc. Mt vi k thut sau: Fast Ethernet (100Mp/s Ethernet): nhng tiu chun LAN ny (IEEE 802.3u) hat ng 100Mbps trn cp xon i. Chun Fast Ethernet ci tin tc Ethernet t 10Mbps thnh 100Mbps ch vi mt thay i nh n cu trc cp ang tn ti. Mt switch c cc port h tr c 10Mb v 100Mb c th di chuyn frame gia cc port m khng cn chuyn i giao thc tng 2. Gigabit Ethernet: mt m rng ca chun Ethernet IEEE802.3, Gigabit Ethernet tng tc Fast Ethernet ln 10 ln, n 1000Mbps, hoc 1Gbps. IEEE802.3z ch ra thao tc trn cp quang, v IEEE802.3ab ch ra thao tc trn cp xon i. 10Giagabit Ethernet: 10Gigabit Ethernet c ph chun nh l mt chun Ethernet 802.3 vo thng 6 nm 2002. k thut ny l bc k tip cho vic m rng hiu sut v tnh nng ca mt enterprise. Vi s pht trin ca Gigabit Ethernet s tr thnh in hnh cho uplink EtherChannel: tnh nng ny cung cp hi t bng thng trn nhng lin kt tng 2 gia 2 switch. EtherChannel ghp nhng port Ethernet ring r thnh mt port hoc mt lin kt logic. Tt c interface trong mi b EtherChannel phi c cu hnh vi tc , duplex v VLAN tng t

3-2

Chn thit b v cp cn thit

Mi link cung cp bng thng thch hp cho tng bng thng trn link .

3-3

C 4 vn trong vic thit k mng cho hiu sut cao: bo mt, tnh sn sng, tnh m rng, v kh nng qun l. Sau y m t vic chn nhng thit b v cp m bn nn xem xt: Thay th nhng hub v switch tha k vi nhng switch mi ti tng access. Chn nhng thit b ti tng access c s port ph hp h tr cho ngi dng hin ti v pht trin trong tng lai. Mt vi ngi thit k c k hach 30% cho pht trin. Nu ngn sch cho php, s dng switch theo dng module thch hp cho vic m rng trong tng lai. C K hach h tr ngun cp phi theo dy v cht lng ca dch v (QoS) nu bn ngh bn phi trin khai IP telephone trong tng lai. Khi xy dng cp ni t tng access n nhng thit b tng distribution, nh rng kt ni ny mang tng traffic t cc thit b tng access. Chc chn rng nhng link ny c bng thng thch hp. Bn c th s dng EtherChannel cng bng thng khi cn thit. Ti tng distribution, chn cc switch vi hiu sut thch hp p ng ti cho tng access. Thm vo , c k hach mt vi port trunk sau ny khi thm thit b tng access. Nhng thit b ti tng ny nn l multilayer (layer 2 v 3) switch m h tr nh tuyn gia cc VLAN v ti nguyn mng. Ph thuc vo kch thc mng, nhng thit b tng distribution c th c khung c nh hay module. K hach d phng trong vic chn khung v trong kt ni n tng access v core, nh l mc tiu ca doanh nghip.

3-3

Thit b backbone phi h tr giao tip d liu tc cao gia cc module con. Chc chn kch thc backbone c th m rng v k hach d phng. Cisco c nhng cng c trc tuyn gip cho ngi thit k chn la thit b v uplink port ph hp vi doanh nghip v k thut. Mt vi gi m bn c th s dng ln k hach bng thng gia cc thit b chnh trn mng: Lin kt t tng access n distribution: lin kt ny c th l 1/20 ca tng bng thng ca tt c cc thit b ngi dng s dng lin kt ny T tng distribution n core: khng cao hn Gia cc thit b tng core: c th mang tt c traffic vi tc bng tng bng thng ca cc lin kt t distribution n core.

3-4

u im ca EtherChannel
S tp hp logic ca cc lin kt tng t gia cc switche Chia s ti ngang qua cc lin kt c xem nh l mt port logic trong STP D phng

3-5

Tng s trin khai ca Ethernt switch n desktop c th l do s tng nhanh ca ng dng yu cu bng thng cao. Nhng giao tip ca ng dng mi, nh video n desktop, messaging, white-boarding, i hi tng bng thng. Vi s trin khai ca lin kt Ethernet nhanh hn trong mng, t chc cn phi kt hp nhng ti nguyn ang tn ti hoc tng tc ca uplink v core t l vi hiu sut ngang qua mng backbone. EtherChannel l mt k thut m Cisco trin khai ghp nhiu port Fast Ethernet hoc Giga Ethernet trn switch thnh mt knh logic. Li ch ca EtherChannel l r hn media tc cao trong lc s dng li nhng port ca switch ang tn ti. Sau y l nhng u im ca EtherChannel: Cho php to ra mt lin kt logic tc rt cao Chia s ti gia cc lin kt vt l Cung cp khc phc li t ng Cu hnh trn lin kt logic thay cho lin kt vt l K thut EtherChannel cung cp m rng bng thng trong campus: Fast Ethernet: ln n 800Mbps Gigabit Ethernet: ln n 8Gbps 10Gigabit Ethernet: ln n 80Gbps

3-5

K thut d phng

K thut d phng gii hn nhng im li n. K thut d phng gy ra bo broadcast, nhiu bn copy ca frame V bng a ch MAC khng n nh.
3-6

Trong khi thit k d phng c th gii hn kh nng ca im li n lm tan b mng switch hoc bridge dn an, bn phi xem xt nhng vn m thit k d phng gy ra. Mt vi vn c th xy ra vi nhng lin kt v thit b d phng trong mng switch nh sau: Bo broadcast: khng c chng loop, mi switch hoc bridge lm trn ngp broadcast. Trng hp ny c gi bo broadcast Truyn nhiu frame: nhiu bn copy ca frame unicast c th c phn pht n trm ch. Nhiu giao thc mong ch ch nhn mt frame. Nhiu bn copy ca frame c th l nguyn nhn li unrecoverable Bng a ch MAC khng n nh: bng a ch MAC khng n nh dn n nhiu bng copy ca mt frame c nhn trn nhng port khc nhau ca switch. Vic chuyn d liu c th b hng khi switch dng ti nguyn m ang copy vi bng a ch MAC khng n nh Nhng giao thc LAN tng 2, nh Ethernet, thiu mt c ch nhn dng v hn ch loop. Mt vi giao thc tng 3 thi hnh c ch TTL gii hn s thi gian mt thit b mng tng 3 c th truyn li mt gi tin. S thiu mt c ch, nhng thit b tng s truyn li frame b loop v hn Yu cu mt c ch chng loop gii quyt nhng vn ny.

3-6

Broadcast Frames

My D gi mt broadcast frame. Broadcast frames lm ngp lt tt c cc port ngai tr port g

3-7

Switch hoc bridge gi broadcast v multicast frame n tt c cc port ngai tr port nhn. Mt switch hoc bridge cha bao gi hc a ch broadcast hoc multicast bi v a ch broadcast v multicast cha bao gi xut hin nh l a ch ngun ca mt frame. Lm trn ngp broadcast v multicast frame l mt vn trong mt s mng switch vi k thut d phng

3-7

Bo Broadcast

My X gi mt broadcast. Nhng switch tip tc lan truyn thng tin broadcast mi mi

3-8

Bo broadcast xy ra khi mi switch trn mng d phng lm trn ngp broadcast frame. Nhng switch lm trn ngp broadcast frame n tt c cc port ngai tr port nhn.

V d: Hnh v chng minh bo broadcast. Sau y m t nhng s kin gy nn bo broadcast: 1. Khi my X gi mt broadcast frame, v d mt ARP cho default gateway ca n (router Y), switch A nhn frame 2. Switch A kim tra ct a ch ch trong frame v quyt nh rng frame c flood n lin kt Ethernet thp hn, segment 2 3. Khi bn copy ca frame n switch B, tin trnh lp li, v frame c chuyn n segment 1 4. Bi v c mt bn copy ca frame cng n switch B lin kt Ethernet trn, nhng frame ny to loop trong c 2 hng, d l sau trm ch nhn c mt bn copy ca frame Bo broadcast c th lm ph v dng traffic bnh thng. N cng c th ph hy tt c cc thit b trn mng switch hoc bridge v CPU trong mi thit b trn segment phi x l broadcast; v th, bo broadcast c th kha PC v Server m ang c gng x l tt c broadcast frame. Mt c ch trnh loop gii hn vn ny bng cch ngn chn mt trong 4 interface t frame ang truyn trong lc hat ng bnh thng., v th b gy c loop.

3-8

Copy nhiu frame

My X gi mt unicast frame n router Y. a ch MAC ca router Y khng c hc bi cc switch. Router Y s nhn 2 bn copy ca cng frame.

3-9

Trong mt s d phng, nhiu bn copy ca cng frame c th n mt my, nguyn nhn nhng vn cho giao thc ang nhn. Hu ht cc giao thc khng c thit k nhn dng nhiu copy ca cng frame. Thng thng, nhng giao thc s dng c ch nh s th t, gi s vic truyn b li v s th t c nh li. Nhng giao thc khc c gng chuyn giao nhng frame trng lp ny n nhng giao thc tng trn, vi kt qu khng d an trc. Hnh v chng minh copy nhiu frame xy ra nh th no. Sau y, lit k nhng s kin:

V d:

1. Khi my X gi mt unicast frame n router Y, mt bn copy c nhn trn kt ni ethernet trc tip, segment 1. ti thi im hoc sau khang thi gian, switch A nhn c mt bn copy ca frame v a n vo vng m. 2. Nu switch A kim tra ct a ch ch trong frame v khng tm thy dng no trong bng a ch MAC cho router Y, Switch A s flood frame ra tt c cc port ngai tr port nhn. 3. Khi switch B nhn mt bn copy ca frame ngang qua switch A trn segment 2, switch B cng chuyn mt bn copy ca frame n segment 1 nu n khng tm thy mt dng trong bng a ch MAC cho router Y. 4. Router nhn mt bn copy th 2 ca cng frame. Mt c ch trnh loop gii hn vn ny bng cch ngn chn mt trong 4 interface t frame ang truyn trong lc hat ng bnh thng., v th b gy c loop.

3-9

Bng a ch MAC khng n nh

My X gi mt unicast frame n router Y. a ch MAC ca router Y khng c hc bi switch. Switches A v B hc a ch MAC ca my X trn port 1. frame n router Y b flood Switch A v B hc khng ng a ch MAC ca my X trn port 2.
3-10

Khi nhiu bn copy ca mt frame n trn nhng port khc nhau ca switch dn n bng a ch MAC khng n nh. Sau y m t vn ny. V d: Trong hnh v, switch B thm mt dng, nh x a ch MAC ca my X n port 1. sau , khi bn copy ca frame c truyn n port 2 ca switch B ngang qua switch A, Switch B xa dng va thm v thm vo mt dng mi khng ng m nh x a ch MAC ca my X n port 2, m kt ni n segment 2. Ph thuc vo kin trc bn trong, switch c th hoc khng th i ph vi s thay i nhanh chng ca bng a ch MAC. Mt c ch trnh loop gii hn vn ny bng cch ngn chn mt trong 4 interface t frame ang truyn trong lc hat ng bnh thng., v th b gy c loop.

3-10

Gii quyt lp vi STP

Cung cp mt s mng d phng khng c lp bng cch t nhng port no vo trng thi kha c a ra trong chun IEEE 802.1D Nng cao vi trin khai Cisco PVST+
3-11

STP cung cp gii php chng lp bng cch qun l nhng ng vt l n cc segment mng. STP cho php d phng nhng ng vt l trong lc ngn chn nhng nh hng khng mong mun ca lp trong mng. STP l mt chun c nh ngha trong 802.1d c IEEE a ra. Nhng hnh vi ca STP nh sau: STP s bt buc nhng port no trng thi d phng chng khng lng nghe, chuyn hay flood frame. Khi , ti mi thi im ch c mt ng n mi segment mng. Nu c mt kt ni no c vn , STP thit lp li kt ni bng cch t ng cho php ng d phng trc hat ng, nu mt kt ni tn ti.

3-11

Hat ng ca Spanning-Tree
Mt root bridge trn broadcast domain. Mt root port trn nonroot bridge. Mt designated port trn segment. Cc Nondesignated port khng c s dng.

3-12

STP thc hin nhng bc sau cung cp mt s mng logic khng lp 1. Chn mt root bridge: STP c mt tin trnh chn root bridge. Trong mng ch c mt bridge c th l root bridge. Trn root bridge, tt c cc port u l designated port. Designated port thng trng thi forwarding. Khi trng thi forwarding, mt port c th gi v nhn d liu. Trong hnh v, switch X c chn lm root bridge. 2. Chn root port trn nonroot bridge: STP thit lp mt root port trn mi nonroot bridge. Root port l ng c gi thnh thp nht t nonroot bridge n root bridge. Root port thng trng thi forwarding. Gi thnh ca con ng Spanning-tree l mt gi thnh cng dn c tnh tan trn bng thng. Trong hnh, ng c gi thnh thp nht n root bridge t switch Y l ngang qua ng 100 Base-T Fast Ethernet. 3. Chn designated port trn mi segment: trn mi segment, STP thit lp mt designated port. Designated port c chn trn bridge m c ng c gi thnh thp nht n root bridge. Designated port thng trng thi forwarding, chuyn d liu cho segment. Trong hnh v, designated port cho c 2 segment l trn root bridge bi v root bridge kt ni trc tip n 2 segment ny. Port 10Base-T Ethernet trn switch Y l nondesignated port bi v ch c mt designated port trn mi segment. Nondesignated port thng trng thi bloking b gy loop. Khi mt port trng thi blocking, n khng chuyn d liu nhng vn c th nhn thng tin.

3-12

Chn Root Bridge

BPDU (mc nh gi mi ln 2 giy) Root bridge = bridge vi bridge ID nh nht Bridge ID = Priority
Bridge MAC Address

3-13

Nhng switch v bridge ang chy thut tan spanning-tree trao i thng ip cu hnh vi cc switch v bridge khc theo chu k 2 giy. Nhng switch v bridge trao i nhng thng ip ny dng mt multicast frame c gi l BPDU (Bridge Protocol Data Unit). Mt trong nhng thng tin trong BPDU l Bridge ID (BID). STP gi cho mi switch hoc bridge c gn mt BID duy nht. BID gm 8 byte (2 byte ch ra gi tr u tin v 6 byte a ch MAC). Gi tr u tin mc nh l 32,768, l gi tr khang gia. Root bridge l bridge c BID nh nht. V d: Trong hnh v, c 2 switch u c cng gi tr u tin. Switch c a ch MAC thp nht l root bridge. Trong v d, switch X l root bridge vi BID l 0x8000(0c00.1111.1111).

3-13

Trng thi ca cc port trong Spanning-Tree

Spanning tree chuyn mi port ngang qua nhiu trng thi khc nhau

3-14

C 5 trng thi: Blocking Listening Learning Forwarding Disabled Khi STP c cu hnh, mi bridge trong mng khi bt ngun i ngang qua trng thi blocking v nhng trng thi trung gian listening v learning. Nu c cu hnh thch hp, sau cc port n nh trng thi forwarding hoc blocking. Nhng port forwarding cung cp ng i c gi thnh thp nht n root bridge. Trong khi mt s thay i, mt port thi hnh tm thi trng thi listening v learning. Tt c cc port ca bridge bt u khi to trng thi blocking, m chng lng nghe BPDU. Khi bridge u tin bt ln, tnh nng ca n nh l mt root bridge v chuyn n trng thi listening. Mt s vng mt BPDU trong mt khang thi gian no c gi l maximum age(max_age), mc nh l 20 giy. Nu mt port trng thi blocking v khng nhn mt BPDU mi trong khang max_age, bridge s chuyn t trng thi blocking sang listening. Khi mt port trng thi listening, n c th gi v nhn BPDU quyt nh s hat ng. Ti thi im ny, switch khng chuyn bt k d liu no ca ngi dng. Trong trng thi listening, bridge thc hin 3 bc sau: Chn root bridge Chn root port trn nonroot bridge

3-14

Chn designated port trn mi segment Thi gian mt port chuyn t trng thi listening sang trng thi learning hoc t trng thi learning sang trng thi forwarding c gi l forward delay. Forward delay c gi tr mc nh l 15 giy Trng thi learning lm gim khi lng flood c yu cu khi bt u chuyn d liu. Nu mt port vn l designated hoc root port ti cui trng thi learning, port chuyn n trng thi forwarding. Trong trng thi forwarding, mt port c th gi v nhn d liu ca ngi dng. Nhng port khng phi designated hoc root port chuyn tr li trng thi blocking Thng thng mt port chuyn t trng thi blocking n trng thi forwarding mt khang 30 n 50 giy. Bn c th iu chnh nhng thi gian ny, nhng nhng thi gian ny l gi tr trung bnh thit lp gi tr mc nh. Nhng gi tr mc nh cho mng c thi gian thu thp tt c thng tin ng v mt s mng

3-15

M t PortFast

PortFast c cu hnh trn access ports, khng phi trunk ports.

3-16

PortFast c cu hnh trn access port ca switch chuyn ngay t trng thi blocking sang trng thi forwarding, b qua trng thi listening v learning. Bn c th s dng PortFast trn access port m kt ni n mt my trm hoc server cho php cc thit b ny kt ni n mng ngay m khng phi i spanning-tree hi t. Nu mt interface c cu hnh PortFast nhn mt BPDU, sau , Spanning tree c th chuyn port n trng thi blocking s dng mt tnh nng c gi l BPDU guard.

3-16

Cu hnh v kim tra PortFast

SwitchX(config-if)#

spanning-tree portfast

Cu hnh PortFast trn mt interface OR

SwitchX(config)#

spanning-tree portfast default

Cu hnh PortFast trn tt c interface khng phi trunking

SwitchX#

show running-config interface interface

Kim tra PortFast c cu hnh trn interface

3-17

Bng sau y lit k cc lnh c dng cu hnh v kim tra PortFast trn mt interface. Switch(config-if)#spanning-tree portfast: cu hnh PortFast trn access port v a ngay vo trng thi forwarding. Switch(config-if)#no spanning-tree portfast: b PortFast trn access port. Mc nh, PortFast khng c cu hnh. Switch(config)#spanningtree portfast default: cho php PortFast trn tt c cc port khng phi trunking. Khi tnh nng ny c cu hnh, port chuyn t trng thi blocking sang forwarding m khng cn chuyn sang cc trng thi trung gian. Switch#show running-config interface type slot/port: ch ra PortFast c c cu hnh trn port khng. N cng c dng ch ra nu cu hnh xy ra trn mt EtherChannel link bng cch ch ra port-channel channel_number thay cho type slot/port

3-17

V d v hat ng Spanning-Tree

3-18

Sau y m t trng thi ca cc port trong hnh v: Root bridge l switch Z, n c BID nh nht. Root port l port 1 trn switch X v Y. Port 1 l ng c gi thnh thp nht n root trn c 2 switch. Designated port trn switch Z l port 1 v 2. tt c cc port trn root l designated port. Port 2 ca switch X l designated port cho segment gia switch X v Y. Bi v switch X v Y c gi thnh ng i bng nhau n root bridge, designated port c chn trn switch X bi v n c BID thp hn Switch Y. Port 2 trn switch Y l nondesignated port trn segment v trng thi blocking. Tt c designated v root port u trng thi forwarding.

3-18

Gi thnh ng i Spanning-Tree

Tc ng truyn

Gi thnh (Revised IEEE Specification)

Gi thnh (Previous IEEE Specification)

10 Gb/s 1 Gb/s 100 Mb/s 10 Mb/s

2 4 19 100

1 1 10 100

3-19

Gi thnh ng i spanning tree l tng gi thnh ng i c cng dn da trn bng thng ca tt c cc link trong ng i. Trong hnh v, mt vi gi thnh ng i c ch ra trong 802.1D. Chun 802.1D c sa i; trong chun c, gi thnh c tnh da trn bng thng 1000Mbps. Chun mi s dng mt t l khng tuyn tnh, ph hp vi interface tc cao.

3-19

Tnh tan li Spanning-Tree

3-20

Khi c mt thay i s do mt lin kt b li, spanning tree iu chnh li s mng chc chn kt ni bng cch chuyn port trng thi blocking sang trng thi forwarding. V d: tnh tan li spanning-tree Trong hnh v, nu switch Z (root bridge) li v khng gi BPDU n swtich Y trong khang thi gian max_age (mc nh 20 giy, tng ng 10BPDU b li), switch Y pht hin khng nhn c BPDU t root bridge. Khi max_age trn switch Y ht thi gian trc khi mt BPDU c nhn t switch Z, mt tnh tan li spanning tree c khi to. Switch Y chuyn port 2 t trng thi blocking sang listening n learning, v cui cng n trng thi forwarding. Sau khi tt c cc port ca switch chuyn n trng thi forwarding hoc blocking, switch X tr thnh root bridge v chuyn d liu gia cc segment. Hi t STP S hi t trong STP l mt trng thi m tt c cc port trn switch v bridge c chuyn n trng thi forwarding hoc blocking. Hi t l cn thit cho mt mng hat ng bnh thng. i vi mng switch hoc bridge, mt gi chnh l khi lng thi gian yu cu hi t khi s mng thay i. Hi t nhanh l mt tnh nng mng mong mun bi v n gim khi lng thi gian m cc port chuyn trng thi v khng gi d liu ca ngi dng. Thi gian hi t thng thng l 30 n 50 giy i vi chun 802.1D.

3-20

Per VLAN Spanning Tree Plus

3-21

Chun 802.1D nh ngha mt Common Spanning Tree (CST) m gi s rng ch mt thc th spanning tree cho tan b mng switch, khng ch n s VLAN. Trong mt mng chy CST, nhng cu ny ng: Khng th chia s ti, mt uplink phi kha tt c VLAN. CPU tha; ch mt thc th spanning tree phi c tnh tan. PSVT+ nh ngha mt giao thc spanning tree m c nhiu thc th spanning tree ang chy trn mng, mt thc th ca STP trn mt VLAN. Trong mt mng ang chy nhiu thc th spanning tree, nhng cu ny ng: Chia s ti c th t c. Mt thc th spanning tree cho mi VLAN c duy tr c ngha l tn CPU i vi cc switch trn mng (tn bng thng c s dng cho mi thc th gi BPDU). Hat ng PVST+ Trong mi trng Cisco PVST+, bn c th iu chnh nhng bin spanning tree m mt na VLAN chuyn trn mi ng trunk uplink. t c iu ny mt cch d dng, bn cu hnh mt switch c chn l root bridge cho mt na tng s VLAN trong mng, v mt switch th 2 c chn lm root bridge cho mt na VLAN cn li. Cung cp nhng root switch khc nhau trn VLAN to ra mt mng nhiu d phng.

3-21

PVST+ Extended Bridge ID

Bridge ID without the extended system ID

Extended bridge ID with system ID

System ID = VLAN

3-22

Hat ng spanning tree yu cu mi switch phi c mt BID duy nht. Trong chun 802.1D ban u, BID gm u tin v a ch MAC ca switch, v tt c VLAN c miu t bi mt CST. Bi v PVST+ yu cu mi thc th spanning tree ring bit cho tng VLAN, ct BID yu cu mang thng tin VLAN ID(VID). iu ny c han thnh bng cch dng li mt vng ca ct Priority nh l mt system ID m rng mang VID. lm cho ph hp system ID m rng, 802.1D ban u, ct u tin 16bit c chia lam 2 ct , kt qu BID nh sau: u tin ca bridge: mt ct 4bit vn c s dng mang gi tr u tin. Bi v s bit b gii hn, u tin mang gi tr c tnh tan trong lng gia ca 4096 hn l gi tr tnh tan trong lng gia ca 1, khi n l 16bit. u tin mc nh l 32,768, l gi tr khang gia. System ID m rng: mt ct 12bit mang, trong trng hp ny, VID cho PVST+. a ch MAC: mt ct 6byte lu a ch MAC ca switch. Vi cng dng ca a ch MAC, mt BID lun lun l duy nht. Khi u tin v system ID m rng i lin vi a ch MAC ca switch, mi VLAN trn switch c biu din bi mt BID duy nht. Nu u tin khng c cu hnh, mi switch c u tin ging nhau, v vic chn root ca mi VLAN c da trn a ch MAC. Phng php ny l mt phng php chn root bridge ngu nhin; v l do ny, nn gn u tin thp nht cho switch lm root bridge.

3-22

Giao thc Rapid Spanning Tree

3-23

RSTP, c nh ngha trong chun IEEE 802.1w, thay th STP c nh ngha trong 802.1D, trong lc vn tng thch vi STP. RSTP c xem nh l mt s pht trin ca chun 802.1D hn l mt cuc cch mng. Thut ng trong 802.1D v c bn vn ging nhau. Hu ht nhng bin khng thay i, v th nhng ngi dng quen vi 802.1D c th cu hnh giao thc mi ny. RSTP lm gim thi gian hi t ca mng khi c s thay i s vt l hoc nhng bin cu hnh xy ra. RSTP nh ngha thm nhng lut thay th v backup ca port, v n nh ngha nhng trng thi ca port gm discarding, learning, hoc forwarding. RSTP chn mt switch nh l root ca mt s ang hat ng spanning tree v gn nhng lut ca port cho cc port trn switch, ph thuc vo port l phn no ca s . RSTP cung cp kt ni nhanh nu switch, port trn switch, hoc VLAN b li. Mt root port va designated port mi trn switch khc chuyn sang trng thi forwarding ngang qua mt bt tay tng minh gia chng. RSTP cho php cu hnh port trn switch m cc port c th chuyn sang trng thi forwarding trc tip khi switch khi ng li. Per VLAN Rapid Spanning Tree Plus (PVRST+) Chun RSTP s dng CST, m gi s ch mt thc th spanning tree cho tan b mng, khng ph thuc vo s VLAN. PVRST+ nh ngha mt giao thc spanning tree m c mt thc th RSTP trn 1 VLAN.

3-23

Multiple Spanning Tree Protocol(MSTP) MSTP, c nh ngha trong IEEE 802.1s v sau ny c nhp vo IEEE 802.1Q-2003, nh ngha mt giao thc spanning tree m c nhiu thc th spanning tree ang chy trn mng. Nhng khng ging vi PVRST+, m c mt thc th RSTP trn 1 VLAN, MSTP lm gim ti switch bng cch cho php mt thc th spanning tree n chy trn nhiu VLAN Nhng lut ca port trong RSTP RSTP nh ngha lut ca port nh sau: Root: mt port c trng thi forwarding c chn cho s spanning tree Designated port: mt port c trng thi forwarding c chn cho mi segment Alternate: mt ng thay th n root bridge m n khc vi ng i t root port Backup: mt ng d phng m n cung cp kt ni d phng n mt segment n port trn switch khc thc s kt ni. Nhng port backup ch c th tn ti ni m 2 port c cung kt ni trong mt loopback bi mt lin kt point-to-point hob bridge vi 2 hay nhiu kt ni n mt segment LAN chia s Disabled: mt port m khng c lut no trong hat ng ca spanning tree Root v designated port nhng c a vo trong s hat ng. Alternate v backup port khng c a vo s hat ng Trng thi ca nhng port trong RSTP Trng thi port iu khin tin trnh forwarding v learning v cung cp nhng gi tr ca discarding, learning v forwarding. Bng sau y so snh trng thi ca port trong STP v RSTPstates. Trong s n nh, RSTP chc chn rng mi root port v designated port chuyn n trng thi forwarding, trong khi nhng port alternate v backup lun lun trong trng thi discarding

3-24

Cu hnh Spanning-Tree mc nh
Cisco Catalyst switches h tr 3 lai STP: PVST+ PVRST+ MSTP STP mc nh ca Cisco Catalyst switches l PVST+ : Mt thc th STP ring bit cho mi VLAN Mt root bridge cho tt c VLAN Khng chia s ti

3-25

Cisco Catalyst swtich h tr 3 lai giao thc spanning tree: PVST+, PVRST+, v MSTP PVST+: da trn chun 802.1D v gm nhng m rng ca cisco, nh backboneFast, UplinkFast, v PortFast PVRST+: da trn chun 802.1w v c s hi t nhanh hn 802.1D MSTP(802.1s): kt hp nhng mt tt nht ca PVST+ v chun IEEE

3-25

Hng dn cu hnh PVRST+

1. Cho php PVRST+. 2. Thit k v cu hnh mt switch l root bridge. 3. Thit k v cu hnh mt switch l root bridge th 2. 4. Kim tra cu hnh.

3-26

trin khai PVRST+, thc hin nhng bc sau:

1. Cho php PVRST+. 2. Thit k v cu hnh mt switch l root bridge. 3. Thit k v cu hnh mt switch l root bridge th 2. 4. Kim tra cu hnh.

3-26

Nhng lnh trin khai PVRST+

SwitchX(config)#

spanning-tree mode rapid-pvst

Cu hnh PVRST+
SwitchX#

show spanning-tree vlan vlan# [detail]

Kim tra cu hnh spanning-tree

SwitchX#

debug spanning-tree pvst+

Hin th nhng thng ip s kin PVST+

3-27

Bng sau y m t nhng lnh c dng cu hnh v kim tra PVRST+ SwitchX(config)#spanningtree mode rapid-pvst: Thit lp spanning tree l PVRST+ SwitchX#show spanning-tree vlan vlan-number [detail]: Hin th thng tin spanning tree m da trn VLAN hn l da trn thc th SwitchX#debug spanningtree pvst+: debug nhng s kin PVRST+ SwitchX#debug spanningtree switch state: Debug nhng thay i trng thi port. Ch , ging nh tt c lnh debug, lnh ny c th nh hng n hiu sut mng

3-27

Kim tra PVRST+

SwitchX# show spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol rstp Root ID Priority 24606 Address 00d0.047b.2800 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24606 (priority 24576 sys-id-ext 30) Address 00d0.047b.2800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type -------- ----- --- --- -------- ---Gi1/1 Desg FWD 4 128.1 P2p Gi1/2 Desg FWD 4 128.2 P2p Gi5/1 Desg FWD 4 128.257 P2p

The spanning-tree mode is set to PVRST.

3-28

Trong v d, cu Spanning tree enabled protocol rstp ch ra rng switch X ang chy PVRST+ Switch X l root bridge cho VLAN30. u tin 24606 bt ngun t tng u tin c gn ca 24576 v VLAN 30. a ch MAC ca switch X, l 00d0.047b.2800, c ni n u tin,24606, to thnh Bridge ID Khi root bridge cho VLAN 30, tt c interface ca switch X l designated port trong trng thi forwarding

3-28

Cu hnh Root v Secondary Bridges

3-29

Nu tt c switch trong mng u c cu hnh vi nhng thit lp spanning tree mc nh, switch vi a ch MAC thp nht s tr thnh root bridge. Tuy nhin, root bridge mc nh c th khng phi l mt root bridge l tng, bi v traffic, s interface forwarding, hoc lai link. Trc khi cu hnh STP, chn mt switch lm root ca spanning tree. Switch ny khng cn phi switch mnh nht, nhng nn l switch trung tm trn mng. Tt c nhng d liu ngang qua mng xy ra t switch ny. Nhng switch tng distribution thng phc v nh l root bi v nhng switch ny khng kt ni n trm cui. Thm vo , nhng di chuyn v thay i trong mng t nh hng n cc switch ny. Bng cch tng u tin (s thp) ca switch ph hp m n tr thnh root bridge., bn bt spanning tree thi hnh tnh tan li mang li mt s mi vi switch thch hp lm root

3-29

Cu hnh Root v Secondary Bridges: SwitchA

SwitchA(config)#

spanning-tree vlan 1 root primary

Lnh ny cho php switch ny l root ca VLAN 1

SwitchA(config)#

spanning-tree vlan 2 root secondary

Lnh ny cu hnh switch ny l secondary root cho VLAN 2

Hoc
SwitchA(config)#

spanning-tree vlan # priority priority

Lnh ny cu hnh u tin (lng gia ca 4096).

3-30

Switch vi BID thp nht tr thnh root ca VLAN. Bn c th dng nhng lnh cu hnh c bit quyt nh switch no tr thnh root bridge Mt cisco catalyst switch ang chy PVST+ hoc PVRST+ duy tr mt thc th spanning tree cho mi VLAN c cu hnh trn switch A. mt BID duy nht c gn cho mi thc th. i vi mi VLAN, switch vi BID thp nht tr thnh root bridge cho VLAN . Mi khi thay i u tin ca bridge, BID cng thay i. Kt qu thay i ny c dng tnh li root bridge cho VLAN cu hnh mt switch tr thnh root bridge cho VLAN ch nh, dng lnh spanningtree vlan vlan_id root primary. Vi lnh ny, switch kim tra u tin ca root switch cho VLAN ch nh. Bi v h tr system ID m rng, switch xt u tin ca n l 24576 cho VLAN ch nh nu gi tr ny s l nguyn nhn switch tr thanh root switch cho VLAN ny. Nu c mt switch khc ca VLAN ch nh c u tin thp hn 24576, th switch m bn cu hnh lnh spanning-tree vlan vlan_id root primary s xt u tin ca n i vi VLAN ch nh l 4096 t hn u tin ca switch thp nht

3-30

Cu hnh Root v Secondary Bridges: SwitchB

SwitchB(config)# spanning-tree vlan 2 root primary

Lnh ny cho php switch ny l root ca VLAN 2

SwitchB(config)# spanning-tree vlan 1 root secondary

Lnh ny cu hnh switch ny l secondary root cho VLAN 1 Hoc

SwitchB(config)# spanning-tree vlan # priority priority

Lnh ny cu hnh u tin (lng gia ca 4096).

3-31

Mt secondary root l mt switch m c th tr thnh root bridge cho VLAN nu primary root b li. cu hnh switch l secondary root bridge ca VLAN, dng lnh spanningtree vlan vlan_id root secondary Vi lnh ny, u tin ca switch c chnh sa t gi tr mc nh 32768 thnh 28672. gi s rng nhng bridge khc trong VLAN iu chnh u tin mc nh ca chng, switch ny tr thnh root bridge khi primary root bridge li. Bn c th thc thi lnh ny trn nhiu hn mt switch cu hnh nhiu backup root bridge

3-31

Tm tt
Mt k thut switch d phng gm nhiu multihomed switche v EtherChannel. Mt k thut switch d phng l nguyn nhn ca nhng vn lp chng hn nh bo broadcast. Chun 802.1D STP thit lp mt mng khng lp. PVST+ v RSTP l s pht trin ca chun STP nguyn thy.

3-32

3-32

3-33

3-33

3-34

Bi 4: nh tuyn gia cc VLAN

Xy dng mng switch c kch thc trung bnh

4-1

4-1

Tng quan v VLAN-to-VLAN

Nhng thit b tng mng kt hp nhiu broadcast domain.

4-2

Giao tip gia cc VLAN xy ra gia cc broadcast domain thng qua thit b tng 3. trong mt mi trng VLAN, cc frame ch c chuyn trong cng VLAN. VLAN thi hnh chia mng v traffic ti tng 2. giao tip gia cc VLAN khng th xy ra nu khng c thit b tng 3, nh router. Dng IEEE 802.1Q cho php trunking trn mt subinterface ca router. V d: Hnh v chng minh mt router gn n mt switch chnh. Cu hnh gia router v switch thng cp n nh l router on a stick. Router c th nhn packet trn mt VLAN v chuyn chng n VLAN khc. thi hnh tnh nng nh tuyn gia cc VLAN, router phi bit cch n cc VLAN ang kt ni. Phi c mt kt ni ring bit trn router cho mi VLAN, v phi cu hnh 802.1q trn nhng kt ni ny. Router thc s bit v nhng mng kt ni trc tip vi n. Router phi hc ng i n nhng mng khng kt ni trc tip.

4-2

Chia mt Interface vt l thnh nhiu subinterface

Mt interface vt l c th chia thnh nhiu subinterface

4-3

h tr 802.1q trunking, bn phi chia Fast Ethernet Interface ca router thnh nhiu interface con logic, mt interface logic trn mt VLAN. Nhng interface con logic ny c gi l subinterface. Ngai vic chia ny, bn c th dng mt interface vt l ring bit cho tng VLAN. V d: Trong hnh v, interface FastEthernet0/0 c chia thnh nhiu subinterface: FastEthernet0/0.1, FastEthernet0/0.2, FastEthernet0/0.3

4-3

nh tuyn gia cc VLAN vi 802.1Q Trunks

interface fastethernet 0/0 ip address 10.1.1.1 255.255.255.0 interface fastethernet 0/0.2 ip address 10.2.2.1 255.255.255.0 encapsulation dot1q 2

4-4

Trong hnh v, interface FastEthernet0/0 c chia thnh nhiu subinterface: FastEthernet0/0.1 v FastEthernet0/0.2. mi subinterface s nh tuyn n mt VLAN. Dng lnh encapsulation dot1q vlan identifier (vlan identifier l s VLAN) trn mi subinterface cho cho php ng gi 802.1q trunking. S subinterface khng c trng vi s VLAN. Tuy nhin, t 2 s ging nhau d hn trong vic qun l. Nhng frame trong Native Vlan c 802.1Q khng mang ct a ch. V th, subinterface ca native VLAN c cu hnh vi encapsulation dot1q vlan identifier native. Chc chn rng VLAN c gn n subinterface ca native VLAN phi ph hp vi native VLAN trn switch m n kt ni n.

4-4

Tm tt
nh tuyn gia cc VLAN dng mt router on a stick s dng mt router bn ngai chuyn traffic gia cc VLAN. router on a stick c cu hnh vi subinterface cho mi VLAN v ng gi 802.1q.

4-5

4-5

4-6

4-6

Bi 5: Bo mt mng m rng

Xy dng mng switch kch thc trung bnh

5-1

5-1

Tng quan v bo mt Switch

5-2

Nhiu s quan tm xung quanh nhng tn cng bo mt t bn ngai bc tng ca t chc v ti nhng tng trn OSI. Bo mt mng thng tp trung thit b nh tuyn v lc gi tin da trn header ca tng 3 v 5, port, kim duyt trng thi ca gi tin, trng tm ny gm nhng vn xung quanh tng 3 v trn, nh traffic lm cch no vo mng bn trong t Internet. Mng bn trong truy cp cc thit b v giao tip tng 2 khng c quan tm trong hu ht m t bo mt. Router v switch l bn trong mt t chc v c thit k giao tip ph hp bng cch phn pht traffic ca mng tr nhng ci khng c cu hnh. Tnh nng ca chng nh l cc thit b lm thun tin trong vic giao tip thng cu hnh bo mt rt thp v np cho nhng tn cng nguy him. Nu mt cuc tn cng ti tng 2 trn mt thit b mng ni b, mng c th b lm tn thng nhanh chng, thng ngai s pht hin. Ging Tng 3, ni bo mt c tht cht trn cc thit b trong mng khi hnh ng nguy him lm tn thng tng ny cng tng, tng 2 cng yu cu bo mt chng li nhng cuc tn cng. Nhiu tnh nng bo mt c sn trn switch v router, nhng chng phi c cu hnh t hiu qu. Trong cch ging nhau, bn trin khai ACL cho bo mt tng cao, bn phi thit lp mt chnh sch v cu hnh tnh nng thch hp bo v chng ljai nhng hnh ng nguy him tim nng trong lc duy tr hat ng mng hng ngy.

5-2

Cc thao tc c khuyn: thit b switch mi

Xem xt hoc thit lp chnh sch bo mt ca t chc. Bo mt thit b switch : m bo truy cp switch an tan. Bo m cc giao thc ca switch. Gim nh tn thng qua switch.

5-3

Nhng im yu bo mt mng gm: mt mt ca c nhn, trm cp d liu, mo nhn danh ngha, v mt tnh tan vn d liu. Bn nn thc hin bo mt c bn trn mi mng lm gim nhng nh hng khng mong mun hoc nhng hnh ng nguy him c mc ch

Bn nn theo nhng thao tc sau y khi ci mt thit b mi: 1. Xem xt hoc thit lp chnh sch bo mt ca t chc 2. Nhng thit b switch an ton bng cch truy cp switch v cc giao thc an tan v gim nh tn thng c ging xung ngang qua switch Chnh sch bo mt ca t chc Bn nn xem xt tnh chnh sch ca mt t chc khi quyt nh tng no v lai bo mt no mun trin khai. Bn phi cn bng gia mc tiu ca bo mt mng v chi ph qun tr. cung cp mt tin trnh kim tan bo mt mng ang tn ti Cung cp mt khung bo mt chung cho trin khai bo mt mng nh ngha hnh vi i vi d liu in t khng c cho php Quyt nh nhng cng c v th tc no cn cho t chc

Chnh sch bo mt tt c nhng c im sau:

5-3

Nht tr gia cc nhm quyt nh chnh v nh ngha nhim v ca ngi dng v ngi qun tr nh ngha mt tin trnh qun l nhng s c bo mt mng Cho php trin khai bo mt tt c cc site v bt buc tun th theo k hach.

5-4

Cc thao tc c khuyn: bo mt switch

Truy cp switch an tan: t password cho h thng. Truy cp vt l n cng console an tan. Truy cp thng qua telnet an tan. Dng SSH khi c th. Tt HTTP. Cu hnh thng ip cnh bo. Tt cc dch v khng cn thit. Dng syslog nu c sn.

5-5

Sau y l nhng thao tc c khuyn truy cp switch an tan: t password cho h thng: dng lnh enable secret xt password khi truy cp n privileged mode ca h thng Cisco. Bi v lnh ny thi hnh MD5 hash trn password c cu hnh, password vn l ch yu b tn cng. V th, thc hin cc thao tc chun trong vic chn la mt password tin li. C gng t password c c k t v s cng vi nhng k t c bit. V d, chn $pecial$ thay cho specia1s, trong k t s c thay bng k t $ v l c thay bng s 1. Truy cp n cng console an tan: truy cp cng console yu cu mt tng bo mt c vt l v logic ti thiu. Mt ngi truy cp n cng console c th phc hi hay to li password cu hnh, v th cho php ngi vt qua tt c bo mt khc c trin khai trn h thng . Do , bt buc bo mt truy cp vt l n cng console. Truy cp an tan n line vty: y l nhng bc c khuyn ti thiu truy cp telnet an tan: Thi hnh mt ACL c bn cho cc truy cp n tt c cc line vty Cu hnh password cho tt c line vty c cu hnh Nu vic ci Cisco IOS software c cho php, dng giao thc SSH thay cho telnet truy cp n thit b xa

5-5

Dng SSH: giao thc SSH v ng dng cung cp mt kt ni xa n router mt cch an tan. 2 phin bn SSH c sn: SSHv1 v SSHv2. Cisco IOS software thi hnh SSHv1. N m ha tt c traffic, gm password, gia mt console xa v mt router ngang qua mt giao dch telnet. Bi v SSH gi traffic khng dng plaintext, ngi qun tr c th qun l cc giao dch truy cp xa m nhng ngi quan st v t s khng c th xem. SSH server trong Cisco IOS software lm vic vi nhng SSH client c sn bn thng mi v ph bin. Tt dch v HTTP nu khng s dng: mc d Cisco IOS software cung cp mt HTTP server tch hp qun l, bn nn tt n hn ch s phi by. Nu yu cu dng HTTP truy cp n switch, cu hnh ACL c bn ch cho php truy cp t nhng subnet c tin tng. Cu hnh thng ip cnh bo: cho c 2 mc ch qun tr v hp php, cu hnh mt thng ip cnh bo hin th trc khi ng nhp l mt cch tin li v hiu qu tng cng bo mt v chnh sch s dng chung. Bng chnh sch r rng v quyn s hu, cch s dng, truy cp, v chnh sch bo v trc khi ng nhp, bn cung cp h tr tt hn cho khiu kin nu c. Tt nhng dch v khng cn thit: mc nh, thit b Cisco trin khai nhiu TCP v UDP server qun l v tch hp vo cc mi trng ang tn ti. i vi hu ht ci t, nhng dch v ny khng yu cu, tt chng c th gim rt ln tnh phi by bo mt. Nhng lnh ny dng tt nhng dch v: no service tcp-small-servers no service udp-small-servers no service finger no service config Cu hnh nht k c bn: h tr v n gin trong vic x l li v nghin cu bo mt, theo di thng tin c nhn t logging. Xem kt qu trong b nh m. a ra logging hu ch, tng kch thc b nh m.

5-6

Cc thao tc c khuyn: bo mt switch (tt.)

Bo m cc giao thc ca switch: B CDP v ch s dng khi cn thit. An tan spanning tree. Gim nh tn hi ngang qua mt switch : phng cho cc ng trunk. Tuy cp port vy l ti thiu. Thit lp cu hnh access-port chun cho cc port s dng v khng s dng.

5-7

Giao thc switch an tan Sau y l nhng thao tc c khuyn bo m cc giao thc ca switch: Cisco Discovery Protocol: CDP khng bc l nhng thng tin bo mt c bit, nhng n c th cho ngi tn cng khai thc thng tin ny trong mt tn cng, nh mt ngi tn cng bit thit b v thng tin a ch IP thi hnh nhng lai tn cng khc. Bn nn theo 2 hng dn sau v giao thc CDP: Nu CDP khng c yu cu, hoc nu mt thit b c tm thy trong mt mi trng khng an tan, tt CDP tan cc trn thit b Nu CDP c yu cu, tt CDP trn interface kt ni n mng khng tin cy. Bi v CDP l mt giao thc tng lin kt, n khng nh hng ngang qua mng, tr khi mt c ch tunneling tng 2 trong . Gii hn n ch chy gia cc thit b tin cy, v tt nhng ni cn li. Tuy nhin, CDP c yu cu trn bt k port no m ang gn n mt Cisco IP phone thit lp mt mi quan h tin cy. Bo mt s spanning-tree: tht l quan trng bo v tin trnh STP ca cc switch m hnh thnh cu trc h tng. BPDU m u trong STP c th trn ngp mt thit b hoc a ra mt cuc tn cng DoS.

5-7

Bc u tin l nh ngha root bridge d nh trong thit k v cu hnh u tin ca switch c nh lun tr thnh root bridge. Lm ging nh vy i vi designated backup root bridge. Nhng hnh ng ny bo v tr li nhng s xut ca STP khi switch mi c ci vo v bt u trao i BPDU. Trn mt vi platform, tnh nng BPDU guard c sn. Nu vy, cu hnh n trn access port trong s kt hp vi tnh nng PortFast bo v mng t nhng xm nhp BPDU khng mong mun. Lc nhn BPDU, tnh nng BPDU guard t ng tt port. Gim nh tn hi ngang qua mt switch Theo nhng thao tc c khuyn sau y gim nh tn hi ngang qua mt switch: Tt router v cc port ca switch khng c dng: Dng lnh shut trn tt c cc port v interface khng c s dng. t tt c cc port khng s dng trong mt VLAN parking-lot, m nhm nhng port khng s dng n khi chng c t vo dch v. Cu hnh tt c cc port khng c s dng nh l access port, tt m phn trunk t ng. Xem xt i vi cc ng trunk: mc nh, switch ang chy Cisco IOS Software c cu hnh t ng m phn kh nng trunk. Trng hp ny a ra mi nguy him cho cu trc h tng bi v mt thit b khng bo mt ca cng ty th 3 c th c a vo mng. Nhng tn cng tim nng gm chn traffic, i hng traffic, DoS, v nhiu na. trnh nguy him ny, tt t ng m phn trunk v cu hnh bng tay cho nhng link yu cu. Truy cp thit b vt l: bn nn ng truy cp vt l n switch trnh t thit b l vo mng vi truy cp trc tip n port ca switch.

5-8

Port Security

Port security gii hn truy cp port bng a ch MAC

5-9

Port security l mt tnh nng c h tr trn Cisco Catalyst Switch m gii hn mt s a ch MAC c php truy cp n port. Switch c th bit nhng a ch ny mt cch ng hc c th cu hnh tnh. Mt port c cu hnh vi port security ch chp nhn frame t nhng a ch c hc hoc c cu hnh. ng (Dynamic): bn ch ra c bao nhiu a ch MAC c php truy cp n port ny ti mt thi im. Bn s dng phng thc ng khi bn ch ch n s lng a ch MAC hn l nhng a ch MAC c th. Ph thuc vo cch cu hnh trn switch, nhng a ch c hc ng ny s ht hn sau mt giai an, v nhng a ch mi c hc, t s a ch ti a m bn nh ngha. Tnh (Static): bn ch ra nhng a ch MAC no c php truy cp port. Bt k a ch MAC no khng c ch ra s khng c php gi frame n port. Kt hp gia static v dynamic: bn c th chn cch kt hp gia dynamic v static. V d, nu s a ch MAC c gii hn l 4, v bn cu hnh 2 a ch MAC tnh, switch s t ng hc 2 a ch MAC k tip m n nhn trn port. Truy cp n port b gii hn trong 4 a ch ny. 2 a ch MAC c cu hnh tnh khng ht hn, nhng 2 a ch ng c hc c th, ph thuc vo cu hnh switch

C rt nhiu trin khai port security:

5-9

Dynamic sticky learning : khi tnh nng ny c cu hnh trn 1 interface, interface s chuyn nhng a ch c hc ng thnh cc a ch sticky secure. Tnh nng ny s a nhng a ch c hc ng vo tp tin running configuration khi nu chng c cu hnh tnh dng lnh switchport port-security mac-address. Nhng a ch sticky learned s khng ht hn. Tnh hung Tng tng c 5 ngi m laptop ca ca nhng ngi ny c cho php kt ni n mt port ch nh trn switch khi h n mt khu vc trong ta nh. Bn mun gii hn ch c 5 a ch MAC ca cc laptop ny c php truy cp port v cho php khng c a ch no c hc mt cch t ng. X l Sau y m t nhng bc thc hin t kt qu mong mun i vi tnh hung ny. 1.Port security c cu hnh cho php ch 5 kt ni n port, mi dng s cu hnh cho mi a ch MAC c cho php. (bc ny xy dng bng a ch MAC vi 5 a ch cho php kt ni n port v cho php khng c a ch no c hc ng. 2.Nhng frame ca nhng kt ni cho php c x l. (khi frame n mt port ca switch, a ch ngun ca n c kim tra tr li bng a ch MAC. Nu a ch ngun ph hp vi mt dng trong bng i vi port , frame c chuyn n switch x l ging nh nhng frame khc trn switch.). 3.Nhng a ch mi th khng cho php to nhng dng trong bng a ch MAC mi. (khi frame vi a ch MAC khng hp l n port, switch bit a ch ny khng c trong bng a ch MAC hin hnh v khng to mt dng ng cho a ch mi ny). 4.Switch hnh ng i vi nhng frame khng hp l. (switch khng cho php truy cp n port v c mt trong nhng hnh ng sau ph thuc vo cu hnh: (a) port b tt; (b) truy cp ca a ch MAC b cm v mt thng ip li c to ra; truy cp ca a ch MAC b cm nhng khng to ra thng ip li.

5-10

802.1X Port-Based Authentication

Truy cp mng ngang qua switch yu cu s xc nhn

5-11

Chun IEEE 802.1X nh ngha mt iu khin truy cp port v giao thc xc nhn gii hn nhng my trm khng hp l kt ni vo mng ngang qua cc port ca switch. Server xc nhn s chng thc mi my trm m kt ni n switch trc khi cung cp nhng dch v c sn cho my trm. n khi my trm c xc nhn, 802.1X cho php ch thng tin Extensible Authentication Protocol over LAN (EAPOL) c i ngang qua port . Sau khi xc nhn thnh cng, thng tin thng thng c th di chuyn ngang qua port. Vi s xc nhn 802.1X, nhng my trm trong mng c nhng lut c bit sau: Client: thit b yu cu truy cp n LAN v cc dch v switch, v tr li cho nhng yu cu t switch. My trm phi chy phn mm client 802.1X, c a ra trong Windows XP. Port m my trm kt kt ni n l client trong chun IEEE 802.1X. Authentication server: thi hnh xc nhn client thc s. Authentication server xc nhn client hp ln v thng bo switch bit client hp l truy cp n nhng dch v ca LAN v switch. Bi v switch hat ng nh mt proxy, dch v xc nhn l trong sut i vi client. H thng bo mt RADIUS vi m rng EAP th ch h tr authentication server.

5-11

Switch (cng c gi l ngi xc thc): iu khin nhng truy cp vt l n mng da trn trng thi xc thc ca client. Switch hat ng nh mt proxy gia client v authentication server, yu cu nhn dng thng tin t client, kim tra thng tin vi authentication server, v chuyn tr li n client. Switch dng mt RADIUS software agent, m c nhim v ng gi v m gi EAP frame v tng tc vi authentication server. Trng thi ca port quyt nh client c php truy cp n mng. u tin Port c trng thi khng hp l. Trong trng thi ny, port khng cho php thng tin i ra v i vo ngai tr nhng thng tin ca giao thc 802.1X. Khi client c xc nhn mt cch thnh cng, port chuyn sang trng thi hp l, cho php tt c cc thng tin ca client mt cch bnh thng. Nu switch yu cu nhn dng client v client khng h tr 802.1X, port gi li trng thi khng hp l, v client khng c php truy cp n mng. Khi mt client c 802.1X kt ni n mt port v khi to tin trnh xc nhn bng cch gi mt EAPOL-start frame n switch m switch khng chy 802.1X, v khng tr li cho frame va nhn, client bt u gi frame khi nu port trng thi hp l. Nu client c xc nhn mt cch thnh cng (nhn mt Accept frame t authentication server), port thay i trng thi thnh hp l, v tt c frame t client hp l c cho php ngang qua port. Nu s xc nhn li, port gi li trng thi khng hp l, nhng s xc nhn c th lp li. Nu authentication server khng n c, switch c th truyn li yu cu. Nu khng nhn c tr li t server sau mt s ln c gng ch nh, s xc nhn li, v truy cp mng khng c cho php. Khi mt client that ra, n gi mt thng ip EAPOL-logout, khi port ca switch chuyn sang trng thi khng hp l.

5-12

Visual Objective 2-1: Configuring Expanded Switched Networks

Subnet 10.1.1.0 10.2.2.0 10.3.3.0 10.4.4.0 10.5.5.0 10.6.6.0 10.7.7.0 10.8.8.0 10.9.9.0 VLAN 1 2 3 4 5 6 7 8 9 Devices Core Switches, CoreRouter, SwitchX CoreRouter, RouterA CoreRouter, RouterB CoreRouter, RouterC CoreRouter, RouterD CoreRouter, RouterE CoreRouter, RouterF CoreRouter, RouterG CoreRouter, RouterH

5-13

5-13

Tm tt
Nhng thao tc c khuyn bo mt s switch gm t password, tt nhng port khng s dng, cu hnh xc nhn, v dng port security. bo mt mt switch, bn phi bo m truy cp n switch v nhng giao thc m switch s dng.

5-14

5-14

5-15

5-15

5-16

Bi 6: X l li mng switch

Xy dng mng switch kch thc trung bnh

6-1

6-1

Switches Troubleshooting

Nhng gi v x l li :
Tr nn quen thuc vi hat ng bnh thng ca switch. C mt s mng logc v vt l chnh xc C mt k hach. Khng gi lp nhng thnh phn ang lm vic ngai vic kim tra n u tin

6-2

C nhiu cch sa li mt switch. Pht trin mt ng i x l li hoc kim tra k hach lm vic tt hn l phng php an hay b b st. C mt vi gi x l li hiu qu: Mt thi gian tr nn quen thuc vi hat ng bnh thng ca switch: website cisco.com c nhiu thng tin k thut m m t cch switch lm vic. Hng dn cu hnh trong cc trng hp ring bit tht l hu ch. i vi nhiu trng hp phc tp, c trn tay mt s mng logic v vt l chnh xc: mt s vt l ch ra cc thit b v cp c kt ni nh th no. Mt s logic cho bit nhnng segment (VLAN) tn ti trong mng, v router no cung cp nh tuyn gia cc segment. Mt s spanning-tree cng rt hu ch cho x l li phc tp. Bi v mt switch c th to ra nhng segment khc nhau bng cch trin khi VLAN, nhng kt ni vt l khng ni c tan b cu chuyn. Bn phi bit switch c cu hnh nh th no bit nhng segment (VLAN) no tn ti v chng c kt ni logic nh th no. C mt k hach: mt vi vn v gii php l r rng; nhng ci khc th khng. Du hiu m bn thy trong mng c th l kt qu ca nhiu vn trong nhng vng hay tng khc nhau. Trc khi nhy n kt lun, c gng kim tra trong mt cch c cu trc ci g ang lm vic v ci g khng. Bi v mng c th l phc tp, n gip c lp nhng vng c vn . Mt cch lm iu ny l dng m hnh 7 tng OSI. V d, kim tra kt ni vt l (tng 1), kim tra nhng kt ni trong VLAN (tng 2), kim tra kt ni gia cc VLAN khc nhau (tng 3), v Ga s switch c cu hnh ng, nhiu vn gp phi s lin quan n tng vt l (cp v port).

6-2

ng gi s mt thnh phn ang lm vic ngai vic kim tra n u tin: nu mt PC khng th ng nhp vo mt server ngang qua mng, n c th do mt s vn . ng gi s nhng thh phn c bn ang lm vic ng ngai vic kim tra chng u tin-mt vi ngi cng c th thay i cu hnh v khng thng bo cho bn bit nhng thay i ny. Thng mt mt pht kim tra c bn (v d, nhng port c kt ni ng v hat ng), v n c th tit kim nhiu thi gian qu gi

6-3

X l kt ni ca Port

6-4

Nu bn c kinh nghim trong vn kt ni, iu u tin kim tra l port. Port l nn tng ca mng switch. Nu chng khng lm vic, khng c vic g lm! Mt vi port c ngha c bit v v tr ca chng trong mng v khi lng thng tin chng mang. Nhng ci ny l nhng port ni n nhng switch, router v server khc. Chng c th c nhiu phc tp x l bi v chng mang u im ca cc c tnh c bit, nh trunking v EtherChannel. Tuy nhin, khng b qua nhng port khc-chng cng quan trng v chng kt ni cc ngi dng trong mng. Gi phn cng Phn cng c th l mt trong nhng l do lm cho switch c vn . lai tr cc vn phn cng, kim tra nhng iu sau: Trng thi c 2 port ca mt link: chc chn rng c 2 khng tt. Ngi qun tr c th tt bng tay mt hoc 2 port, hoc phn mm ca switch c th tt mt trong cc port bi v mt li cu hnh. Nu mt port tt v port kia khng, trng thi ca port khng tt s l notconected (bi n khng nhn bit c ngi hng xm u bn kia ca dy). Trng thi ca port tt s ni vi iu ging nh disable hoc errDisable (ph thuc vo ci g ca port b tt thc s). Lin kt s khng hat ng nu c hai khng c bt. Lai cp c s dng cho kt ni: bn nn s dng cp Cat 5 cho kt ni 100Mbps, v Cat 5e cho 1Gbps hoc nhanh hn. Bn s dng cp RJ45 thng cho nhng trm cui, router, hoc server kt ni n switch hoc hub. Bn s dng cp cho cho kt ni gia switch n switch hoc t hub n switch. Khang cch ti a cho cp ng Ethernet v Fast Ethernet l 100m.

6-4

Mt tin trnh phn mm tt mt port: n ca port c mu cam ch ra rng phn mm ca switch tt port, bi cch giao tip ca ngi dng hoc bi cc tin trnh bn trong spanning tree BPDU, Root Guard, hoc port security Gi cu hnh Cu hnh ca port l l do khc l cho port c vn . Mt vi gi v cu hnh nh sau: VLAN m cc port thuc khng xut hin. Mi port ca switch thuc mt VLAN. Nu VLAN b hy, th cc port tr thnh khng hat ng (inactive) Tp hp nhng m sau chng t rng lnh show interface interface s khng cho bit li khi VLAN ca port khng tn ti SwitchX# sh int fa0/2 FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0017.596d.2a02 (bia 0017.596d.2a02) Description: Interface to RouterA F0/0 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX Tuy nhin lnh show interface interface ch ra rng port khng hat ng v s khng c tnh nng n khi li VLAN c thay th SwitchX# sh int fa0/2 switchport Name: Fa0/2 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 5 (Inactive) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Mt vi switch ch mt nh sng cam u n trn mi port m VLAN c gn khng xut hin. Nu trn switch c s lng ln port c mu cam, ng hang s. N c th l tt c cc port thuc cng VLAN, m VLAN b hy. Khi bn to VLAN tr li, port s hat ng tr li. Mt port nh n c gn vi VLAN no

6-5

m phn t ng (autonegotiation) c cho php: autonegotiation l mt tnh nng ty chn ca chun Fast Ethernet (IEEE 802.3u) m n cho php thit b t ng trao i thng tin v kh nng tc v duplex trn mt lin kt. Bn khng nn s dng autonegotiation cho cc port m h tr thit b cu trc mng, nh switch, router, server hoc printer. Thit lp t ng m phn tc v duplex l hnh vi mc nh trn cc port ca switch m c kh nng ny. Tuy nhin, bn nn cu hnh cc port m kt ni n cc thit b c nh c tc v duplex ng hn l cho php tnh nng autonegotiation. Cu hnh ny gii hn nhng vn v m phn v chc chn rng bn lun lun bit chnh xc cc port hat ng nh th no.

6-6

X l li v VLAN v Trunk

6-7

Native VLAN khng ph hp Cu hnh Native VLAN trn 2 u ng trunk phi ging nhau. Nh rng khi mt switch nhn mt frame khng gn ct a ch n s gn n native VLAN ca ng trunk. Nu mt u ca ng trunk cu hnh native VLAN l VLAN 1, v u kia cu hnh native VLAN l VLAN2, mt frame c gi t VLAN1 trn mt cnh th c nhn trn VLAN ca u bn kia. VLAN1 l qua VLAN2. Khng c l do hnh vi ny s c yu cu, v vn kt ni s xy ra trong mng nu mt native VLAN tn ti khng ph hp. C ch trunk khng ph hp Bn nn cu hnh ng trunk mt cch tnh mi khi c th. Tuy nhin, nhng port ca Cisco Catalyst switch chy DTP mc nh c gng m phn ng trunk mt cch t ng. Giao thc ny c th quyt nh trunk v giao thc no trn mt port ca switch khi n kt ni n thit b khc m cng c kh nng m phn ng trunk t ng. V d c ch DTP Dynamic auto: to mt ng trunk da trn yu cu DTP t switch kt ni n. Dynamic auto khng khi ng tin trnh m phn; v th, 2 switch cu hnh Dynamic Auto khng hnh thnh ng trunk. Dynamic Desirable: giao tip vi switch kt ni n thng qua DTP. Interface s tr thnh mt trunk nu switch kt ni n c th tr thnh mt trunk.

6-7

VLANs v IP subnet Mi VLAN phi tng ng vi mt IP subnet duy nht. Hai thit b trong cng VLAN phi c a ch cng subnet. Vi traffic bn trong VLAN, thit b ang gi nhn dng ch nh l cc b v gi mt ARP broadcast pht hin a ch MAC ca ch. Hai thit b trong cc VLAN khc nhau nn c a ch khc subnet. Vi traffic bn trong VLAN, thit b gi nhn dng ch nh xa v gi mt ARP broadcast cho a ch MAC ca default gateway. Kt ni bn trong VLAN Hu ht thi gian, nhng vn lin quan n kt ni bn trong VLAN l kt qu cu hnh li ca ngi dng. V d, nu bn cu hnh mt router on a stick hoc Multilayer Switching khng ng, th mt gi tin t mt VLAN khng th n VLAN khc. trnh cu hnh li v x l li hiu qu, bn nn hiu c ch ca thit b tng 3. nu bn chc chn rng thit b c cu hnh ph hp, switch vn cha a vo, th mt bug ca software hoc phn cng ca hng c th l nguyn nhn. Mt li cu hnh khc nh hng n nh tuyn gia cc VLAN l cu hnh li trn thit b ngi dng cui, chng hn nh PC. Mt trng hp thng thng l PC cu hnh sai default gateway. C qu nhiu PC c cng default gateway c th l nguyn nhn lm cho CPU ca default gateway tng cao, lm nh hng n tc chuyn gi tin.

6-8

X l li VTP

6-9

Khng th thy chi thit v VLAN trong kt qu ca lnh show run H thng VTP client v server yu cu cc cp nht VTP t cc VTP server khc c lu ngay m khng cn s can thip ca ngi dng. Mt c s d liu VLAN c gii thiu nh l mt phng php lu ngay cp nht VTP cho VTP client v server. Trong mt vi phin bn phn mm, c s d liu VLAN ny c lu trong mt file ring bit trong flash, c gi l tp tin vlan.dat. Bn c th xem thng tin VTP v VLAN c lu trong vlan.dat nu bn dng lnh show vtp status. Nhng switch trong c ch VTP server v client khng lu tan b cu hnh VLAN v VTP vo tp tin startup-config trong NVRAM khi bn dng lnh copy running-config startup-config. N lu cu hnh trong tp tin vlan.dat. Hnh vi ny khng nh hng n h thng ang chy c ch VTP transparent. Nhng switch trong c ch VTP transparent lu tan b cu hnh VLAN v VTP vo tp tin startup-config trong NVRAM khi bn dng lnh copy run start. V d, nu bn xa tp tin vlan.dat trn VTP server hoc client sau khi bn cu hnh VLAN, v sau khi ng li switch, VTP s ly li gi tr mc nh (tt c VLAN c cu hnh b xa). Nhng nu xa tp tin vlan.dat trn VTP transparent, v sau khi ng li switch, n gi li cu hnh VTP. y l mt v d v cu hnh VTP mc nh. Bn c th cu hnh khang VLAN t 2 n 1000 khi switch l VTP server hoc transparent. Nhng trn Cisco Catalyst switch 2960, bn ch c th cu hnh khang VLAN m rng t 1025 n 4094 trn VTP transparent.

6-9

X l li VTP (tt.)
Kim tra nhng cu hnh ny nu switch khng trao i thng tin VTP:
Tt c cc port kt ni gia cc switch c cu hnh nh ng trunk. Cc VLAN l active trong tt c server switches. C t nht mt VTP server switch. Tn domain VTP v password, nu c, ph hp trn tt c switch (phn bit ch hoa v thng). Tt c switch chy cng phin bn VTP. Kim tra tn domain v phin bn VTP trn transparent switches. Nhn bit rng cc VLAN trong khang m rng khng lan truyn trn VTP phin bn 1 v 2.
6-10

Cisco Catalyst switch khng trao i thng tin VTP C rt nhiu l do ti sao VTP li trao i thng tin VLAN. Kim tra nhng thng tin sau nu switch chy VTP b li trong vic trao i thng tin VLAN: Thng tin VTP ch chuyn qua port trunk. Chc chn rng tt c cc port kt ni gia cc switch c cu hnh nh ng trunk Chc chn rng tt c VLAN l active trn tt c VTP server switch Mt trong cc switch phi l VTP server trong domain. Tt c nhng thay i ca VLAN phi c lm trn switch ny lan truyn n cc VTP client. Tn domain phi ph hp v phn bit ch hoa v thng. V d, CISCO v cisco l 2 tn domain khc nhau. Chc chn rng khng c password gia server v client. Nu bt k password c xt, chc chn rng password phi ging nhau trn c 2 u. Password cng phn bit ch hoa v thng. Mi switch trong domain phi s dng VTP cng phin bn. VTP phin bn 1 v 2 khng tng thch trn cng domain VTP. Khng cho php VTP phin bn 2 tr khi mi switch trong domain VTP h tr phin bn 2

6-10

Mt switch trong c ch transparent v s dng VTP phin bn 2 lan truyn tt c thng ip VTP, khng ph thuc vo domain VTP. Tuy nhin, mt switch ang chy VTP phin bn 1 ch lan truyn nhng thng ip VTP n switch trong cng domain. Switch trong c ch transparent s dng VTP phin bn 1 hy cc thng ip VTP nu chng khng cng domain VTP. Nhng VLAN trong khang m rng khng lan truyn. V th bn phi cu hnh cc VLAN m rng bng tay trn mi thit b mng Cc cp nht t VTP server khng c cp nht trn client khi client thc s c revision number cao hn. Thm vo , client khng lan truyn cc cp nht VTP n nhng switch ni vi n nu client c revision number cao hn ci m server gi. Ci mi Switch l nguyn nhn mng b li Mt switch c ci mi c th l nguyn nhn ca nhng vn trong mng khi tt c switch trong mng cng domain VTP, v bn ci thm mt switch vo mng m khng c cu hnh VLAN v VTP mc nh Nu revision number ca switch mi ci vo domain VTP cao hn revision ang tn ti trn cc switch trong domain VTP, c s d liu VLAN ca switch mi s ghi ln c s d liu VLAN ca domain. iu ny xy ra khi switch l mt VTP client hoc VTP server. Mt VTP server c th xa thng tin VLAN trn mt VTP server. Du hin nhn bit vn ny l khi nhiu port trong mng i vo trng thi inactivenhng tip tc c gn n mt VLAN khng tn ti. ngn chn vn ny xy ra, lun lun chc chn rng revision number ca tt c switch m bn ci mi vo domain VTP thp hn revision number ca cc switch ang tn ti trong domain VTP Tt c cc port inactive sau khi khi ng li Cc port ca switch di chuyn n trng thi inactive khi chng l thnh vin ca cc VLAN khng tn ti trong c s d liu VLAN. Mt vn thng thng l tt c cc port di chuyn n trng thi inactive sau khi khi ng li. Thng, bn s thy iu ny khi switch c cu hnh nh l mt VTP client, khi switch khi ng li, n s mt tt c c s d liu VLAN v l nguyn nhn lm uplink port v bt k port khc khng thuc VLAN 1 tr thnh inactive Han thnh nhng bc sau gii quyt vn ny: 1.Tm thi thay i c ch VTP sang transparent 2.To VLAN uplink port c gn n c s d liu VLAN 3.Thay i c ch VTP tr li client sau khi uplink port bt u chuyn gi tin.

6-11

X l li Spanning Tree

6-12

S dng biu mng Trc khi x l li lp trong mng switch, bn phi bit t nht nhng iu sau: S mng V tr ca root bridge V tr ca nhng port b block v ng d phng Bit ny l iu c bn vi nhng l do sau: Trc khi bn c th quyt nh sa ci g trong mng, bn phi bit mng trng nh th no khi n hat ng bnh thng Hu ht tt c cc bc x l li s dng lnh show c gng nhn dng nhng iu kin li. Bit v mng gip bn tp trung trn nhng port chnh ca thit b chnh Nhn ra mt loop trong mng switch Loop gy nn bo broadcast c th lm ph hy hiu qu trn mng. Ngy nay vi ng truyn tc cao v nhng thit b cung cp vic chuyn ti ti tng phn cng, n khng ging nh host n, nh server, s lm h bn mt network bng broadcast. Cch tt nht nhn dng loop l bt li traffic trn mt link v kim tra thy nhng gi tin ging nhau nhiu ln. Tuy nhin, nu tt c ngi dng trong domain c vn v kt ti ti cng thi im, bn nghi ng mt loop. Kim tra s s dng port trn thit b bit xem c nhng ga tr khng bnh thng hay khng.

6-12

Phc hi kt ni mt cch nhanh chng Ngi qun tr thng khng c thi gian tm nguyn nhn gy nn loop, v thch hp phc hi kt ni ngay khi c th. Cch d nht trong trng h ny l tt cc port m cung cp ng d phng bng tay. Tt cc port b gy loop Nu bn c th nhn dng mt phn ca mng b nh hng nht, bt u tt cc port trong vng ny. Hoc, nu c th, u tin tt cc port trng thi bloking. Mi ln tt mt port, kim tra thy nu bn c kt ni c phc hi trong mng. Bng cch nhn dng tt nhng port no dng loop, bn cng nhn dng ng d phng ni port ny tn ti. Nu port ny c trng thi blocking, bn c th tm link m li xut hin. Ghi li nhng s kin STP Nu bn khng th nhn dng nguyn nhn ca vn , hoc nu vn l thang qua, cho php ghi li nhng s kin STP trn switch ca mng. Nu bn mun gii hn s thit b cu hnh, t nht cho php ghi li trn cc thit b m c port blocking; s chuyn tip ca mt port block l n to nn loop. Dng lnh debug spanning-tree events cho php thng tin debug STP. Dng lnh logging buffered trong global configuration bt thng tin debug ny trong vng m ca thit b. Bn cng c th c gng gi kt qu debug n mt thit b syslog. Khng may mn, khi loop xy ra, bn him khi duy tr c kt ni n mt server syslog. Tm thi tt nhng tnh nng khng cn thit Tt nhng tnh nng khng cn thit gip n gin cu trc mng v d nhn dng vn . V d, EtherChannel l mt tnh nng cho php nhm nhiu ng vt l thnh mt ng logic, v th tt tnh nng ny trong qu trnh x l li to nn ngha. Nh mt lut, lm cu hnh n gin khi c th d x l li. Ch nh Root Bridge Rt thng, thng tin v v tr root bridge khng c sn ti lc x l li. Khng cho STP quyt nh switch no tr thnh root bridge. i vi mi VLAN, bn thng nh ngha switch no tt nht tr thnh root bridge. Switch no tt nht tr thnh root bridge ph thuc vo vic thit k mng. Thng chn switch mnh gia mng. Nu bn t root bridge v tr trung tm ca mng vi kt ni trc tip n cc server v router, s gim c khang cch trung bnh t client n server v router. i vi mi VLAN, ch nh switch no s phc v nh root bridge v backup root bridge. Kim tra RSTP c cu hnh Cc giao thc spanning tree 802.1d v PVST+ c thi gian hi t trong khang 30 v 50 giy. Giao thc spanning tree RSTP v PVRST+ c thi gian hi t trong vng 1 hoc 2 giy. Thi gian hi t chm ch ra rng khng phi tt c switch trong mng c cu hnh vi RSTP. Dng lnh show spanning-tree kim tra c ch spanningtree.

6-13

Visual Objective 2-2: Troubleshooting Switched Networks

WG Switch Router fa0/0 10.2.2.12 10.3.3.12 10.4.4.12 10.5.5.12 10.6.6.12 10.7.7.12 10.8.8.12 10.9.9.12 A B C D E F G H 10.1.1.10 10.1.1.20 10.1.1.30 10.1.1.40 10.1.1.50 10.1.1.60 10.1.1.70 10.1.1.80

6-14

6-14

Tm tt
X l li mng switch hiu qu bt u bng cch hiu ci g lm mt tnh nng mng ng. Vn phn cng v li cu hnh c th l nguyn nhn ca li kt ni ca port. Native VLAN khng ph hp v c ch trunk khng ph hp c th ngn chn vic thit lp mt ng trunk. Hiu cch VTP lm vic nh th no cch phng ng tt nht khi x l li VTP. Mt trong cc i tng c bn khi x l mt li STP l b gy loop v phc hi kt ni ngay khi c th.

6-15

6-15

6-16

6-16

Bi 7: Tng quan hot ng nh tuyn

Medium-Sized Routed Network Construction

7-1

7-1

Tuyn tnh v tuyn ng

Tuyn tnh
S dng mt tuyn m ngi qun tr cu hnh c th vo trong router

Tuyn ng
S dng mt tuyn hc c t giao thc nh tuyn, tuyn t ng c cp nht khi mng thay i

7-2

Cc Router c th chuyn cc gi tin da vo tuyn tnh hoc tuyn ng ty vo cu hnh. C hai cch ch cho router lm th no chuyn gi tin ti mng khng kt ni trc tip ti: Tnh: Router hc cc tuyn do ngi qun tr cu hnh c th. Ngi qun tr phi t cp nht khi no mng b thay i i hi phi thay i tuyn. ng: Router t hc cc tuyn sau khi ngi qun tr cu hnh mt giao thc nh tuyn. Sau khi router c cu hnh giao thc nh tuyn, router s t ng cp nht kin thc cc tuyn bt k khi no mng thay i. Giao thc nh tuyn hc v cp nht cc tuyn bng cch trao i thng tin nh tuyn vi cc router khc trong mng.

7-2

Giao thc nh tuyn

Routing protocols: s dng gia cc router xc nh ng i ti mng mc tiu, v duy tr tuyn trong bng nh tuyn Sau khi xc nh ng i, mt router c th chuyn cc gi routed protocol ti mng hc c

7-3

nh tuyn ng da vo cc giao thc nh tuyn qung b cc kin thc v tuyn. Mt giao thc nh tuyn nh ngha cc nguyn tc m mt router s dng khi n thng tin vi cc router ln cn xc nh ng i ti cc mng mc tiu v duy tr tuyn trong bng nh tuyn. Giao thc nh tuyn m t cc thng tin sau: Lm th no cc cp nht c gi i Thng tin cp nht g c gi i Khi no thng tin cp nht c gi i Lm th no xc nh ngi nhn cc cp nht

7-3

Autonomous Systems: Giao thc nh tuyn trong v giao thc nh tuyn ngoi

Mt autonomous system l mt tp ho cc mng trong mt vng qun tr chung. Giao thc nh tuyn trong IGP hot ng trong mt AS Giao thc nh tuyn ngoi EGP hot ng gia cc AS
7-4

Mt AS l mt tp cc mng di mt s qun tr chung v chia s cng mt chin lc v nh tuyn. C hai kiu giao thc nh tuyn: Interior gateway protocols (IGPs): Cc giao thc nh tuyn c s dng trao i thng tin nh tuyn bn trong mt AS: Routing Information Protocol version 2 (RIPv2), Enhanced Interior Gateway Routing (EIGRP), and Open Shortest Path First (OSPF). Exterior gateway protocols (EGPs): Cc giao thc nh tuyn c s dng nh tuyn gia cc AS: Border Gateway Protocol (BGP).

7-4

Lp cc giao thc nh tuyn

7-5

Bn trong mt AS, a s cc IGP c th phn lp theo mt trong hai thut ton: Distance vector: Cch tip cn xc nh hng v khong cch ti mi ch trong mng. Link-state: Cc tip cn s dng thut ton tm ng ngn nht bng cch xc nh ton b hoc mt phn s chnh xc ca mng Advanced Distance Vector: y l mt cch tip cn nng cp ca phng thc distance vector bi t hp mt s t im ca thut ton link-state v distance vector. Khng c mt thut ton no l tt nht cho tt c cc tnh hung mng

7-5

S dng Metric chn ng tt nht

7-6

Nhiu tuyn tu mt ch n c th tn ti. Khi mt thut ton nh tuyn cp nht bng nh tuyn, mc tiu chnh mc tiu chnh ca thut ton l xc nh ng tt nht a vo bng nh tuyn. Mi giao thc nh tuyn s dng mt i lng o khc nhau, gi l metric, xc nh ng i tt nht. Thut ton sinh ra mt con s metric cho mi tuyn trong mng. Metric cng nh, ng i cng tt. Metric c th c tnh t mt c im ca ng i. Metric phc tp hn c tnh bng cc t hp mt vi c im. Metric m giao thc nh tuyn s dng c th s dng cc c im nh sau: Hop count: S ln m mt gi s c gi qua cng ra ca mt router (s router tuyn i qua) Bandwidth: Dung lng ca mt lin kt, v d thng thng mt lin kt 10-Mb/s Ethernet tt hn mt ng thu 64-kb/s Delay: Tng thi gian yu cu chuyn mt gi t ngun ti ch Load: Ti ca ti nguyn mng nh router hoc lin kt Reliability: Thng c tnh t t l bit li trn mi lin kt Cost: Mt gi tr cu hnh c m trong cc Cisco routers mc nh c tnh theo t l nghch vi bng thng ca cng giao tip

7-6

Administrative Distance: nh gi cc ngun nh tuyn

Routers chn ngun nh tuyn theo gi tr AD tt hn (nh hn) :

OSPF c AD l 110. EIGRP c AD l 90.
7-7

Nhiu giao thc nh tuyn v cc nh tuyn tnh c th s dng cng mt lc. Nu c vi ngun cung cp thng tin nh tuyn, gi tr AD c s dng nh gi mc tin tng ti cc ngun nh tuyn . Bng cch ch nh mt gi tr AD, cc router Cisco c th phn x vic la chn cc ngun thng tin nh tuyn. Gi tr ca AD l cc s nguyn t 0 ti 255. Giao thc nh tuyn c AD nh hn s c tin cy hn mt giao thc c AD ln hn. Nh trong hnh, nu router A nhn mt tuyn ti 172.16.0.0 qua c hai giao thc EIGRP v OSPF, router A s dng AD chn tuyn no l tin cp hn t vo bng nh tuyn. Giao thc nh tuyn tin cp hn s c AD b hn. Mt s gi tr AD mc nh trong Cisco router: Connected network: 0 Static route: 1 EIGRP: 90 OSPF: 110 RIPv2: 120 External EIGRP: 170 Khng bit hoc khng tin cy: 255 (khng s dng gi gi) Nu cn s dng gi tr khng phi mc nh, chng ta c th s dng lnh cu hnh AD trn tng router, tng giao thc v tng tuyn mt.

7-7

Giao thc nh tuyn Distance Vector

nh k router chuyn mt bn sao ca bng nh tuyn ti cc router lng ging v cng tch ly khong cch ti cc mng
7-8

a s cc giao thc distance vector gi cc cp nht thng tin nh tuyn theo chu k ti cc thit b kt ni trc tip ti n, a s s dng a ch IP broadcast. Cc giao thc nh tuyn distance vector vn nh k gi thng tin nh tuyn ngay c khi khng c s thay i trong mng. Trong mi trng thun distance vector, cc cp nht theo chu k ny bao gm ton b bng nh tuyn. Khi nhn mt bng nh tuyn y t router lng ging, mt router s kim tra tt c cc tuyn bit v thay i bng nh tuyn ca n nu cn thit. Qu trnh ny c bit nh nh tuyn theo tin n bi v cc router hiu c mng da trn kin thc, ci nhn v mng ca cc router lng ging.

7-8

Ngun thng tin v khm ph cc tuyn

Routers khm ph ra tuyn tt nht n cc ch t mi lng ging

7-9

Router A hc v mng khng kt ni trc tip vi n (10.3.0.0 v 10.4.0.0) da vo thng tin n nhn c t router B. Mi hng trong bng nh tuyn c mt khong cch tch ly th hin n cch mng mc tiu bao xa (s router) theo hng cho.

7-9

Duy tr thng tin nh tuyn

Qu trnh cp nht tng bc t router ti router

7-10

Bng nh tuyn phi c cp nht khi mng thay i. Tng t nh qu trnh khm ph mng, cc cp nht mng thay i s c x l tng bc t router n router. Gii thut distance vector yu cu cc router gi ton b bng nh tuyn ti cc router lng ging vi n. Cc cp nht s c gi theo chu k trong khong thi gian nht nh. Cc bng nh tuyn cng c th gi lp tc s dng trigger update khi router pht hin mt s thay i s mng. Khi router nhn mt cp nht t mt router lng ging, router so snh cp nht vi bng nh tuyn ca n. tnh metric mi, router thm khong cch ti router lng ging vo trong khong cch tch ly trong bng nh tuyn ca router lng ging. Nu router hc c t lng ging ca n mt tuyn tt hn (tng metric nh hn) ti mt mng, n s cp nht bng nh tuyn ca n. Mi hng trong bng nh tuyn bao gm thn tin v tng chi ph (metric) v a ch IP ca router k cn u tin trn tuyn ti mi mng.

7-10

Khng nht qun thng tin nh tuyn: Counting to Infinity v Routing Loops

Mi nt duy tr khong cc t n ti mi mng ch c th

7-11

Counting to Infinity Ngay trc khi mng 10.4.0.0 b cht, tt c cc router u c kin thc nht qun v cc tuyn trn mng trong bng nh tuyn ca n. Mng c gi l c hi t. Router C kt ni trc tip ti mng 10.4.0.0 vi khong cch l 0 (hop). ng i t router A ti mng 10.4.00 qua router B s c khong cch l 2.

7-11

Counting to Infinity

Vic hi t chm lm cc tuyn bt nht qun

7-12

Khi mng 10.4.0.0 cht, router C pht hin li ny v dng vic chuyn cc gi ra cng E0 ca n. Tuy nhin, router A v B vn cha nhn c thng bo v li ny. Router vn tin tng n c th chuyn gi ti mng 10.4.0.0 thng qua router B. Bng nh tuyn ca router A vn phn nh mt ng i ti mng 10.4.0.0 vi khong cch l 2.

7-12

Counting to Infinity (tip)

Router C kt lun rng n c ng tt nht ti mng 10.4.0.0 qua router B

7-13

Khi router B gi cp nht ton b bng nh tuyn theo chu k ti router C, router C tin tng rng by gi n c mt ng i ti mng 10.4.0.0 qua router B. Router C cp nht bng nh tuyn mi ca n phn nh mt ng i ti mng 10.4.0.0 thng qua router B vi khong cch l 2.

7-13

Counting to Infinity (tip)

Router A cp nht bng nh tuyn ca n phn nh khong cch mi (do li) ca n

7-14

Router B nhn mt cp nht mi t router C v cp nht bng nh tuyn ca n phn nh khong cch mi (3). Router A nhn mt bng nh tuyn mi t router B, pht hin khong cch ti 10.4.0.0 b thay i, v tnh ton li khong cch t n ti mng 10.4.0.0 l 4.

7-14

Counting to Infinity (tip)

Khong cc ti mng 10.4.0.0 m ti mi mi

7-15

im ny, cc bng nh tuyn ca c 3 router u khng ng, n trnh by mng 10.4.0.0 c th ti c bi mt ng i khng tn ti, vi mt khong cch c gi tr v ngha. Cc cp nht bng nh tuyn s lin tc c gi ra vi s khong cch tng ln hn. Gi tin m gi ti 10.4.0.0 s khng bao gi ti c ch, n s chuyn lin tc gia cc router gy nn vng lp. Cc router cp nht nhau theo mt cch khng ng, sai lm khi nhn nh trng thi ca 10.4.0.0. Khng c bin php ngn chn qu trnh ny, khong cch distance vector s gia tng mi khi bng nh tuyn c chuyn cho router khc. Cp nht ny lin tc ny n bi v mng ch khng bao gi c bo l cht.

7-15

Gii quyt Counting to Infinity: nh ngha mt s maximum

Mt gii hn s router m tuyn i qua c thit lp ngn chn vic lp mi mi

7-16

Gii php gii quyt vn counting to infinity l nh ngha mt s maximum. Giao thc distance vector nh ngha mt s maximum coi l s v hn (infinity). Trong hnh trnh by vic nh ngha mt s infinity l 16 hop. Khi metric t ti gi tr ny, mng 10.4.0.0 c xem l khng th kt ni ti, v router s dng qung b cc cp nht routing gy nn s gia tng metric ny.

7-16

Tuyn b lp vng

Gi ti mng 10.4.0.0 b lp vng gia router B v C

7-17

nh ngha mt s maximum l mt gii php ngn chn vic gia tng lin tc metric, nhng vic tuyn b lp vng (routing loop) cng phi c ngn chn. Mt s lp vng xut hin khi hai hoc nhiu router c thng tin nh tuyn sai lm rng mt ng i ti mt mng ch no tn ti thng qua cc router khc. Mt s k thut hin nay c s dng ngn chn lp vng nh: split horizon, route poisoning, poison reverse, hold-down timers, v triggered updates. Trong v d ny, mt gi gi ti mng 10.4.0.0 n router A. Theo bng nh tuyn ca router A, router A chuyn gi ra cng S0. Gi n router B v s c forward ra cng S1 nh c ch trong bng nh tuyn ca B. Router C nhn c gi v bng nh tuyn ca n ch rng gi nn chuyn ra cng S0. Nh vy gi s tr v router B, v li chuyn v router C c nh th mi mi.

7-17

Gii php chng lp vng: Split Horizon

Khng bao gi gi thng tin v mt tuyn v hng m tuyn c hc

7-18

Mt cch trnh lp vng v tng tc hi t ca mng. Nguyn tc ca split horizon l khng gi thng tin v mt tuyn quay li hng m t thng tin ny c gi ti n (hng m tuyn c hc) Trong hnh m t lm th no split-horizon ngn chn lp vng: Router B c th gi gi ti mng 10.4.0.0 qua router C. Khng cn thit router B thng bo cho router C rng router B gi gi ti mng 10.4.0.0 qua router C. Router B gi thng tin nh tuyn v tuyn ti mng 10.4.0.0 cho router A. Khng cn thit router A thng bo cho router B v tuyn ca n ti 10.4.0.0. Khi router C thng bo rng kt ni ca n ti mng 10.4.0.0 cht, router B thy rng n khng cn ng i no ti mng 10.4.0.0 v kt lun rng mng 10.4.0.0 l khng th kt ni. Router C khng s dng router B th truy cp n 10.4.0.0.

7-18

Gii php chng lp vng: Route Poisoning v Poison Reverse

Router qung b khong cch ca tuyn b cht l s v hn

7-19

Route poisoning l mt c ch khc gip ngn chn lp vng. Khi mng 10.4.0.0 khng cn c th s dng, router C u c kt ni ca n ti mng 10.4.0.0 bi gi cp nht ca lin kt m c metric l s v hn (16). Bi u c cc tuyn ca router C ti mng 10.4.0.0, router C s khng b nh hng bi nhng cp nht sai v mng 10.4.0.0 t cc router lng ging.

7-19

Gii php chng lp vng: Route Poisoning v Poison Reverse (tip)

Poison reverse overrides split horizon.

7-20

Khi router B thy metric ti mng 10.4.0.0 t ti s v hn, router V gi mt cp nht, gi l poison reverse, quay v router C. Poison reverse ch ra rng mng 10.4.0.0 l khng th kt ni ti. m bo rng router C s khng b nh hng bi cc cp nht khng ng v mng 10.4.0.0.

7-20

Gii php chng lp vng: Hold-Down Timers

Router s gi mt tuyn b cht trng thi possibly down trong mt thi gian cho php cc router khc tnh ton li khi mng thay i

7-21

Hold-down timer c s dng ngn chn cc thng ip cp nht thng thng lm phc hi mt cch khng ng mt tuyn ang b cht. Hold-down timers buc router khng cho php bt c s thay i no nh hng n tuyn trong mt khong thi gian nht nh. Chu k hold-down ny khc nhau i vi tng giao thc nh tuyn, nhng thng l gp 3 ln chu k cp nht bng nh tuyn. Hold-down timers lm vic nh sau: Khi mt router nhn c mt cp nht t mt lng ging m ch rng mt tuyn by gi khng th truy xut ti, router s nh du tuyn l possibly down v s bt u Hold-down timers. Nu mt cp nht n t lng ging vi mt metric tt hn metric c ghi nhn ban u ca tuyn ang b possibly down, router s nh du tuyn ny l accessible, mng c cho php li. Hold-down timer b xa b. Ti bt k lc no khi hold-down timer cn hiu lc, mt cp nht c nhn t router lng ging vi metric bng hoc xu hn metric ca tuyn ang trong trng thi hold-down, cp nht ny s b b qua. B qua cp nht vi metric bng hoc xu hn c tc dng dnh nhiu thi gian hn cho s thay i lang truyn qua ton b mng. Trong chu k hold-down, tuyn xut hin trong bng nh tuyn l possibly down. Router vn c gng chuyn gi ti mng possibly down

7-21

Triggered update

Router s gi cp nht khi mt thay i trong bng nh tuyn ca n

7-22

Trong v d trc, routing loop gy ra bi thng tin b tnh ton sai do vic cp nht khng nht qun, hi t chm, v cc c ch lm vic theo nh thi. Hi t chm c th xut hin nu router phi ch n chu k cp nht tip theo, trc khi c th thng tin cho router lng ging v s thay i ca mng. Bng nh tuyn thng c cp nht ti cc router lng ging trong mt khong thi gian nht nh. Triggered update l mt cp nht c gi ngay khi s kin thay i din ra. Router pht hin s thay i lp tc gi mt cp nht ti cc router lng ging, cc router router lng ging ti lt n s gi cc triggered update n cc router lng ging ca chng. Ln sng thng bo ny s c lang truyn qua sut ton b mng ni tuyn c ch nh b thay i. Triggered update s hiu qu nu nh m bo rng ln sng cc cp nht s ti mi router mt cch tc th. Tuy nhin c 2 vn xy ra: Gi cha triggered update c th b mt hoc h hng trn mt lin kt trong mng Cp nht khng th xy ra tc thi. C th mt router cha nhn mt cp nht tc thi s gi mt cp nht thng thng lm nhng tuyn b li c phc hi li ti mt lng ging m nhn cp nht tc thi ri. Kt hp gia triggered update v k thut hold-down c th ngn chn c vn ny.

7-22

Ngn chn tuyn b lp vng

7-23

Router A, D v E c nhiu tuyn ti mng 10.4.0.0. Ngay khi router B pht hin mng 10.4.0.0 cht, router lp tc loi b tuyn ti mng ny. Router s gi triggered update ti router A v D, u c tuyn ti mng 10.4.0.0 cc router ny bng cch cp nht metric l s v hn. Router D v A nhn triggered update v bt u hold-down timer, v nh du mng 10.4.0.0 l possibly down. Router D v A ti lt n gi cc triggered update cho router E, ch rng kh nng khng th n mng 10.4.0.0. Router E cng bt u hold-down timer cho tuyn n mng 10.4.0.0. Router A v D gi mt poison reverse ti router B, cp nht ny ch rng mng 10.4.0.0 khng th c truy xut. Bi v router E nhn mt triggered update t router A v D, router E cng gi mt poison reverse v router A v D.

7-23

Ngn chn tuyn b lp vng (tip)

7-24

Router A, D v E s gi trng thi hold-down cho n khi mt trong cc iu kin sau xy ra: Ht hiu lc thi gian hold-time Nhn mt cp nht ch rng c tuyn mi c metric tt hn Ht hiu lc tuyn do ti thi gian flush timer, tuyn b loi b ra khi bng nh tuyn Trong khi hold-down, router A, D, v E gi s rng trng thi ca mng 10.4.0.0 l possibly down v s c nh tuyn gi tin ti mng ch. Trong hnh trnh by router E c gi gi ti mng 10.4.0.0. Gi s gi ti router B. Tuy nhin, bi v router B khng c tuyn ti mng 10.4.0.0. Router B s hy gi tin v gi v mt thng ip ICMP network unreachable

7-24

Ngn chn tuyn b lp vng (tip)

7-25

Khi mng 10.4.0.0 hot ng tr li, router B gi mt triggered update ti router A v router D thng bo. Sau khi thi gian hold-down ht hn, routers A v D thay i tuyn ti mng t possibly down ti trng thi hot ng. Router A v D gi ti router E mt cp nht m ch rng mng 10.4.0.0 l hot ng. Router E cp nht bng nh tuyn sau mt ht hn hold-down.

7-25

Giao thc nh tuyn Link-State

Sau thi gian ban u gi t LSAs, cc router link-state routers ch gi nhng cp nht nh, theo s kin ti tt c cc router khc
7-26

duy tr thng tin nh tuyn, link-state s dng cc LSA (link-state advertisement), mt topological database, gii thut tm ng ngn nht (SPF), cy lu kt qu ca gii thut SPF v mt bng nh tuyn. Cc giao thc link-state bao gm OSPF v IS-IS. IS-IS l giao thc nh tuyn thng c s dng bi cc ISP ln v khng nm trong phm vi ti liu ny, ti liu ny ch yu trnh by v OSPF. OSPF nh ngha trong RFC 2328 v khi nim v hot ng. Link-stat tp hp thng tin nh tuyn t tt c cc router khc trong mng hoc trong mt vng ca mng. Sau khi tt c cc thng tin l c tp hp mi router, cc router tnh ton ng i tt nht ti tt c cc mng mc tiu mt cch c lp vi nhau. Bi v mi router duy tr ring cho n mt hnh nh ca mng, nn router t khi trao i cc thng tin nh tuyn sai lch ti cc router lng ging. Mt link tng t nh mt cng ca router. Trng thi ca lin kt (link-state) l mt m t ca cng v quan h ca n vi router lng ging. Mt m t ca cng bao gm mt s thng tin nh: a ch IP, subnet-mask, kiu mng m n kt ni, cc router kt ni ti mng ny... Tp hp ca cc trng thi lin kt to thnh mt topological database hay cn gi l linkstate database. Link-state c s dng tnh ton ng i tt nht qua mng. Cc router link-state tm ng tt nht ti cc mng ch s dng thut ton Dijkstra trn topological database to cc cy SPF. ng tt nht c chn t cy SPF v t vo bng nh tuyn.

7-26

nh tuyn phn cp OSPF

Bao gm cc vng v AS Ti thiu d liu cp nht nh tuyn

7-27

OSPF c kh nng chia mt AS thnh cc nhm nh hn gi l vng (area). Cc cp nht nh tuyn vn xut hin gia cc vng, nhng a s thi gian hot ng, cp nht v tnh ton li database ch xy ra trong tng vng. Khi mt li xut hin trong mng, nh mt lng ging khng th kt ni ti, giao thc link-state gi LSA ti tt c cc router trong vng s dng mt a ch multicast c bit. Mi router trong vng nhn c mt LSA, cp nht n trong database, v chuyn LSA cho cc router lng ging ca n. LSA lm cc router trong vng tnh ton li cc tuyn. Bi v LSA phi gi ti ton b vng, v tt c cc router trong vng phi tnh ton li bng nh tuyn nn s router trong mt vng cng nn gii hn. Trong hnh, nu vng 1 c mt vn , router trong khc vng khc khng cn tnh ton li. S phn cp p dng trong OSPF c mt s thun li quan trng sau: Gim thng xuyn tnh ton SPF Bng nh tuyn nh hn Gim s lng cp nht qu ln

7-27

Cc thut ton ca giao thc Link-State

7-28

Thut ton giao thc link-state c bit nh giao thc SPF duy tr mt database phc tp ca s mng. Khng ging nh giao thc distance vector, cc giao thc link-state pht trin v duy tr s nhn din y cc router trn mng v lm th no chng kt ni. S nhn bit ny c thc hin bng cch trao i cc LSA vi cc router khc trn mng. Mi router m trao i cc LSA s xy dng mt topological database s dng tt c cc LSA nhn c. Mt thut ton SPF sau s s dng database ny tnh ton ng i ti tng mng mc tiu. Thng tin ny s c s dng cp nht bng nh tuyn. Thay v s dng cc cp nht nh k, cc LSA trao i khi c s kin trong mng. iu ny c th tng tc hi t bi v n khng ch mt chui thi gian phi ht hiu lc trc khi c hi t.

7-28

Li ch v hn ch ca Link-State
Li ch:
Hi t nhanh: Cc thay i c bo co ngay lp tc bi ngun b nh hng Chng vic lp vng tuyn: Cc router bit v s mng Cc gi link-state c s tun t v s xc nhn Thit k mng phn cp cho php ti u cc ti nguyn

Hn ch:
Yu cu nh k cc ti nguyn:
Memory (Ba bng: adjacency, topology, forwarding) CPU (Thut ton Dijkstras yu cu nhiu, nht l khi mng bt n

Yu cu thit k mng chc ch Cu hnh c th phc tp khi tinh chnh cc thng s v khi thit k phc tp

7-29

7-29

Tm tt
nh tuyn ng yu cu ngi qun tr cu hnh hoc l giao thc distance vector hoc link-state Giao thc distance vector bao gm cc gii php nh split horizon, route poisoning, v hold-down timers ngn chn routing loops. Giao thc link-state cho php m rng vi c s h tng mng ln tt hn distance vector, nhng yu cu thit k chc ch hn

7-30

7-30

7-31

7-31

7-32

Bi 8: Thit lp VLSM

Medium-Sized Routed Network Construction

8-1

Tng quan: Variable-length subnet masks (VLSMs) c pht trin cho php c nhiu mc a ch IP trong mt mng. C ch ny ch c dng khi n c h tr bi cc nghi thc nh tuyn c h tr VLSM, v d nh l RIPv2, OSPF, va EIGRP. VLSM l mt k thut quan trong trn nhng mng nh tuyn ln. Mc tiu bi ny s miu t cc kh nng ca VLSMs. Mc tiu: Mc tiu ca bi s gip bn c th miu t c ch hat ng ca VLSM v CDIR trn Cisco routers. V gii thch cch Cisco routers thit lp c ch gom route, Nhng kh nng ny bao gm nhng mc tiu: Cch tnh subnet mask. Miu t mc ch ca c ch VLSM v cch tnh VLSM. Miu t cch gom route v cch router qun l c ch gom route.

8-1

Subnetting Review
xc nh mng con (subnet), bn s mn nhng bits t phn host ID ca a ch IP:
S mng con (subnet) c c ty thuc vo s bits mn. S mng con (subnet) c c = 2s , vi s l s bits mn. S hosts trn mi mng con (subnet) c c ty thuc vo s bits cn ca phn host ID khng c mn. S hosts trn mi mng con (subnet) = 2h -2, vi h l s bits cn li ca phn host ID khng c mn. One address is reserved as the network address. 1 a ch l a ch mng (network address). 1 a ch l a ch broadcast (broadcast address).

8-2

Cch tnh s subnetworks v s hosts: Lun nh rng a ch IP c di 32 bits v gm c 2 phn: phn network ID v phn host ID. di ca phn network ID v phn host ID ty thuc vo lp a ch. S lng a ch host c th s dng cng ty thuc vo lp a ch. S lng bits mc nh cho phn network ID c xem nh l classful prefix length. V th, mt a ch lp A c classful prefix length l /8 , mt a ch lp B c classful prefix length l /16, mt a ch lp C c classful prefix length l /24.

8-2

Possible Subnets and Hosts for a Class C Network

8-3

a ch subnet c to bng cch ly nhng bits thuc phn host ca cc lp a ch lp A, lp B, v lp C. Thng thng mt ngi qun tr mng gn a ch subnet cc b. Ging a ch IP, mi subnet phi c mt a ch mng ring. Mi ln mn bits t phn host, s c t nht mt bits cn li cho phn host, v s c th c dng cho hosts. V s lng a ch hosts c th c gn trn mi subnet s gim theo ly tha 2.

8-3

Possible Subnets and Hosts for a Class B Network

8-4

Khi bn mn bits t phn host. iu quan trng cn ch l s subnet c th to c t vic mn bao nhiu bits. Mn 2 bits to c 4 subnets (2^2=4). Mi ln mn 1 bit khc t phn host s subnet c th to ra theo ly tha c s 2 v s lng host cng theo ly tha c s 2 tr i 2.

8-4

Possible Subnets and Hosts for a Class A Network

8-5

8-5

Subnetting Review Exercise

hia nh mt mng (network) vi mt a ch ring (private address) 172.16.0.0/16 to ra 100 mng con (subnets) v s dng c ti a s a ch hosts cho mi mng con (subnets), cn phi xem xt cc vn sau:
Cn mn bao nhiu bits? Subnet mask mi l gi? a ch mng ca 4 mng con (subnets) u tin? Vng a ch hosts ca 4 mng con (subnets) u tin?

8-6

8-6

What Is a Variable-Length Subnet Mask?

Subnet 172.16.14.0/24 is divided into smaller subnets.

Subnet with one mask (/27). Then further subnet one of the unused /27 subnets into multiple /30 subnets.
8-7

8-7

A Working VLSM Example

8-8

8-8

A Working VLSM Example (Cont.)

8-9

8-9

A Working VLSM Example (Cont.)

8-10

8-10

A Working VLSM Example (Cont.)

8-11

8-11

Understanding Route Summarization

Routing protocols can summarize addresses of several networks into one address.
8-12

8-12

Classful Routing Overview

Nhng nghi thc nh tuyn classful khng gi subnet mask km theo a ch network trong qu trnh gi cp nht. Trong cng mng, yu cu subnet mask phi ng b, ch dng mt subnet mask cho ton b mng. C ch gom routes c trao i gia nhng mng (networks). Mt s nghi thc nh tuyn classful: RIPv1 IGRP Lu : Nghi thc nh tuyn classful l nhng nghi thc nh tuyn truyn thng, c dng gii quyt cc vn tng thch. RIP version 1 va Interior Gateway Routing Protocol (IGRP) l classful routing.

8-13

Nghi thc classful tht s l nhng nghi thc nh tuyn distance vector, n khng gi thng tin subnet mask trong qu trnh cp nht thng tin nh tuyn. Khi dng nghi thc nh tuyn classful, tt c cc mng con (subnetworks) ca cng mng chnh (major network) lp A, B, hoc C phi dng chung subnet mask. Nhng routers chy nghi thc nh tuyn classful t ng thc hin gom route khi qung b ra mng ngai. Khi nhn c 1 gi d liu cp nht, router chy nghi thc nh tuyn classful thc hin mt trong nhng hnh ng sau cho cc route: oNu thng tin nh tuyn cp nht cng mng chnh (major network) vi giao tip nhn (receiving interface), th router s dng subnet mask ca giao tip nhn cho thng tin nh tuyn . oNu thng tin nh tuyn cp nht khng cung mng chnh (major network) vi giao tip nhn (receiving interface), th router dng classful mask mc nh (theo lp a ch) nh sau: Lp A, classfull mask mc nh l 255.0.0.0. Lp B, classfull mask mc nh l 255.255.0.0. Lp C, classfull mask mc nh l 255.255.255.0.

8-13

Classless Routing Overview

Nhng nghi thc nh tuyn classful gi subnet mask km theo a ch network trong qu trnh gi cp nht. Nhng nghi thc nh tuyn classless h tr VLSM, mt mng c th c nhiu subnet mask. C ch gom routes phi c iu khin bng tay. Mt s nghi thc nh tuyn classless: RIPv2 EIGRP OSPF RIPv2 v EIGRP mc nh chy nh l classful, v gom route c trao i gia nhng mng. Lnh no auto-summary buc nhng nghi thc ny hat ng theo classless.
8-14

Cc nghi thc nh tuyn classless c th c xem nh l nhng nghi thc nh tuyn th h th 2, bi v chng c thit k gii quyt nhng gii hn ca nhng nghi thc nh tuyn classful. Mt trong nhng gii hn ln nht trong mi trng mng classfull l subnet mask khng c trao i trong qu trnh cp nht thng tin nh tuyn, v th yu cu phi dng cng subnet mask cho tt c cc mng con (subnetworks) trong cng mng chnh (major network). Mt gii hn khc ca classful l vic gom route t ng khi cp nht thng tin nh tuyn ra mng khc (mng khc mang chnh). Trong mi trng mng classless, tin trnh gom route c iu khin th cng. Bi v cc route ca mng con (subnet) sinh ra cc route thng qua min nh tuyn (routing domain), vi th bn s c th cn thc hin gom route th cng ti u ha kch thc ca bng nh tuyn (routing table). Nhng nghi thc nh tuyn classful bao gm: RIPv2, EIGRP, v OSPF.

8-14

Summarizing Within an Octet

8-15

8-15

Summarizing Addresses in a VLSM-Designed Network

8-16

cho php router gom ti a cc a ch IP li thnh 1 a ch, th k hoch IP addressing nn lin tip nhau. iu ny cng quan trong khi thc hin chia IP theo VLSM. M hnh VLSM cho php s dng a ch IP ti a d qu trnh cp nht thng tin nh tuyn c hiu qu khi bn dng m hnh a ch phn cp. Gom route s lm gim vic chim dng vng nh trn router v lm gim vic chim dng vng nh ca cc thng tin nghi thc nh tuyn. Nhng yu cu cho vic thc hin gom route c hiu qu: Nhng a ch IP phi cng s bit cao nhiu nht. Cc nghi thc nh tuyn phi cn c trn vic s l nh tuyn vi cc a ch IP 32 bits v prefix length c th ln ti 32 bits. Cc nghi thc nh tuyn phi gui km subnet mask khi cp nht thng tin theo chun IP 32 bits.

8-16

Route Summarization Operation in Cisco Routers

192.16.5.33 192.16.5.32 192.16.5.0 192.16.0.0 0.0.0.0 /32 /27 /24 /16 /0 Host Subnet Network Block of Networks Default

Supports host-specific routes, blocks of networks, and default routes Routers use longest prefix match

8-17

Chn la nhng routes t Route Summaries: Nu nhiu hn mt dng route trong bng nh tuyn khp vi a ch ch, route no c subnet mask di nht trong bng nh tuyn s c u tin s dng. Nhiu route c th khp n 1 ch, nhng route c subnet mask di nht s c s dng.

8-17

Summarizing Routes in a Discontiguous Network

Classful RIPv1 v IGRP khng gi subnets, v v th khng th h tr subnet khng lin tc. Classless RIPv2, EIGRP v OSPF c th gi subnets, v v th c th h tr subnet khng lin tc.

8-18

Nhng nghi thc nh tuyn classful gom route t ng ti vng ranh gii mng. Hnh ng ny khng th thay i, nhng c mt vi kt qu quan trong bn cn lu : Nhng mng con (subnets) s khng c cp nht cho cc mng chnh (major network) khc. Nhng subnets khng lin tc s khng th thy bi cc router.

8-18

Tm tt
Subnetting cho php bn s dng a ch mt cch hiu qu bng cch s l mt min broadcast ln v chia n thnh nhng min nh hn c th qun l c. VLSM cho php bn s dng a ch IP hiu qu hn bng cch to ra m hnh a ch phn tng nhiu lp. Li ch ca c ch gom route l lm cho bng nh tuyn gn hn v c khng b nh hng bi nhng s thay i m hnh mng.

8-19

8-19

8-20

8-20

Bi 9: Trin khai OSPF

Trin khai OSPF n min

9-1

9-1

Tng quan OSPF

Khi to quan h k cn quan gi hello Truyn LSAs thay cho cp nht bng nh tuyn Link: giao din ca Router State: miu t giao din v quan h vi router k cn Trn ngp LSAs n cc router chy OSPF trong min, k c cc router xa Tp hp cc LSAs sinh bi cc router OSPF v to CSDL cc kt ni v trng thi ca n S dng thut ton SPF tm ra ng ngn nht ti cc ch v t vo bng nh tuyn ca router

9-2

OSPF l mt link-state routing protocol. Bn c th hiu mt link nh l mt interface trn mt router. Trng thi(state) ca link l m t ca interface v mi quan h ca n vi router ln cn. Mt m t ca interface bao gm a ch IP ca interface, subnet mask, lai network m n kt ni n. Tp hp tt c link state to thnh mt link-state database Theo chu k (30pht) v khi router thay i trng thi, n gi ngay tc khc gi tin link-state advertisement (LSA) qung b trng thi ca n. Gi tin LSA gm thng tin v cc interface, metric, v cc bin khc. Khi router thu thp thng tin link-state, n s dng thut tan Shortest Path First (SPF) tnh tan con ng ngn nht n mi node. Mt topological (link-state) database l mt bc tranh v mi quan h gia cc router trong mng. Topological database cha cc LSA nhn t cc router trong cng mt area. V th cc router trong cng area chia s cng thng tin, chng c topological database ging nhau

9-2

Cu trc phn cp OSPF

Gim thiu kch c bng nh tuyn Hn ch tc ng khi cu trc mng b thay i trong phm vi mt vng
9-3

OSPF s dng m hnh mng phn cp 2 lp. C 2 thnh phn chnh trong m hnh ny: Area: mt area l mt nhm nhng mng lin tc nhau. y l cch chia logic ca mt autonomous system. Autonomous system(AS): mt AS bao gm mt tp hp nhng network di mt ngi qun tr chung m chng chia s mt chin lc routing. Mt AS, thnh thang c gi l 1 domain, c th chia thnh nhiu area. Trong mi AS, mt backbone area phi c nh ngha. Backbone area l mt vng chuyn tip bi v tt c vng khc giao tip qua n. i vi OSPF, nhng area khng phi l backbone c th c cu hnh thm vo nh l mt stub area, totally stubby area, hoc notso-stubby area (NSSAs) gim kch thc link-state database v bng nh tuyn Nhng router hat ng trong m hnh mng phn cp 2 lp c nhng thc th nh tuyn khc nhau v nhng tnh nng trong OSPF khc nhau. Sau y din gii mt vi v d trong hnh v: Router B l backbone router. N cung cp kt ni gia cc area khc nhau Router C, D v E l Area Border Router (ABR). ABR kt ni n nhiu area, duy tr mt link-state database ring bit cho mi area m n kt ni, v nh tuyn traffic n hoc t nhng area khc nhau

9-3

Router F, G v H l nonbackbone router. Chng bit topology ca area m chng thuc v c link-state database ging nhau. Ph thuc vo cu hnh ca nhng area khng phi l backbone (stub area, totally stubby area, NSSA), ABR s qung b default route n nhng router khng phi l backbone. Nonebackbone router s s dng default route chuyn tt c traffic trong area hoc trong domain n ABR. Router A l Autonomous System Boundary Router (ASBR), kt ni n domain bn ngai hay AS khc Router I l router thuc domain hoc AS khc

9-4

Cc lin kt k cn: Gi Hello

9-5

Cc router k cn phi nhn dng nhng router khc trc khi trao i thng tin bi v nh tuyn ca OSPF ph thuc vo trng thi ca link gia 2 router. Tin trnh ny c thc hin bi giao thc Hello. Giao thc hello thit lp v duy tr mi quan h k cn gia cc router bng cch chc chn rng gia chng phi c mi quan h 2 chiu. Mi quan h 2 chiu xy ra khi mt router thy mnh c lit k trong gi Hello nhn t ngi k cn. Mi interface tham gia vo OSPF gi gi Hello theo chu k bng a ch multicast 224.0.0.5. gi hello gm nhng thng tin sau: Router ID: l mt s 32bit, c gi tr duy nht nhn din router. Mc nh chn a ch IP cao nht ca interface ang hat ng, tr khi loopback interface hoc router ID c cu hnh. V d, a ch 172.16.12.1 s c chn hn 172.16.1.1. s nhn din ny quan trng trong vic thit lp v chn an x l li v mi quan h k cn v trao i thng tin nh tuyn Hello v dead interval: hello interval ch ra tn sut router gi gi hello, tnh theo giy. Mc nh hello interval trong mng multiaccess l 10 giy. Dead interval l thi gian router ch lng nghe t router k cn trc khi xa n khi dch v. Mc nh dead interval gp 4 ln hello interval. Dead v hello interval phi ging nhau trn nhng router k cn, nu khng mi quan h k cn s khng c thit lp.

9-5

Neighbor: lit k nhng router k cn thit lp mi quan h 2 chiu. Area ID: giao tip, 2 router phi chia s cng mt segment v nhng interface ca chng phi cng area trn segment . Nhng router k cn phi cng subnet v mask. Nhng router ny s c cng link-state database. Router priority: u tin ca router, n l mt s 8bit. OSPF s dng gi tr ny chn DR v BDR. a ch IP ca DR v BDR. Authentication password: nu s xc thc c cu hnh, 2 router phi trao i cng password. S xc thc ny khng yu cu, nhng nu c cu hnh, 2router phi c cng password. Stub area flag: mt stub area l mt area c bit. 2 router phi cng stub area flag trong gi hello. Thit k stub area l mt k thut lm gim nhng cp nht nh tuyn bng cch thay th chng vi mt default route.

9-6

Thut ton SPF

10 10 1 1 1

t mi router vo gc cy v tnh ng ngn nht ti tng ch da trn gi thnh (cost) cng dn Gi thnh (Cost) = Reference Bandwidth / Interface Bandwidth (b/s)
9-7

Thut tan SPF t mi router vo gc cy v tnh ng ngn nht ti tng ch da trn gi thnh cng dn. LSA c gi n tt c cc router trong area bng cch dng mt thut tan tin cy, m chc chn rng tt c router trong area c cng link-state database chnh xc. Mi router s dng thng tin trong link-state database tnh cy ng i ngn nht, vi n l gc cy. Sau , router s dng cy ny nh tuyn traffic. Trong hnh v router A l gc cy Mi router c mt nh toppology, mc d tt c cc router xy cy ng i ngn nht cng link-state database Gi thnh ca mt interface l ch ph gi mt gi tin ngang qua mt interface no . Gi thnh ca interface t lnh nghch vi bng thng ca interface , v th bng thng cao th gi thnh thp. ng T1 c gi thnh cao hn ng 10Mbps Ethernet. Cng thc tnh gi thnh: cost=reference bandwidth/interface bandwidth (b/s) Mc nh reference bandwidth l 10^8 (100,000,000) hoc gn bng bandwidth ca Fast Ethernet. Gi thnh ca ng 10Mbps l 10^8/10^7=10 v ng T1 l 10^8/1,544,000=64 C th dng lnh ospf auto-cost reference-bandwidth ref-bw chnh sa reference bandwidth ln hn Fast Ethernet

9-7

Cu hnh OSPF n min

RouterX(config)#

router ospf process-id nh ngha OSPF nh mt phng thc routing ng

RouterX(config-router)#

network address wildcard-mask area area-id Gn mng n min OSPF c th

9-8

Lnh router ospf s dng s nhn din tin trnh nh (process ID) l mt i s. Process ID l duy nht dng nhn dng cc tin trnh nh tuyn. Process ID khng cn phi trng vi process ID trn router OSPF khc. Lnh network ch ra nhng mng IP trn router tham gia vo OSPF. i vi mi network, bn phi ch ra area m network thuc vo. Lnh network c cc i s sau: Address: c th l a ch ca mt subnet, hay interface. Wildcard-mask: ch ra phn no ca a ch IP s b kim tra, 0 l kim tra v 1 l khng kim tra. V d, wildcard-mask 0.0.0.0 ch ra rng kim tra tt c 32 bit trong a ch. Area-id: area c gn vi khang a ch OSPF. N c th c dng c s 10 hoc c s 10 phn cch bi du chm (0.0.0.1). Trong trng hp 8 bit khng lin tc, tnh tan wildcard-mask c th gy ra li. Bn c th trnh li ny bng cch ch ra a ch IP ca interface v wildcardmask l 0.0.0.0.

9-8

Cu hnh Loopback Interfaces

Router ID:
Con s xc nh router trong OSPF Mc nh: a ch IP ln nht ca cc interface ang hot ng khi tin trnh OSPF khi ng C th b thay i bi loopback interface: a ch IP ln nht ca cc loopback interface ang hot ng C th ch nh bi lnh router-id
9-9

chnh sa router ID vi a ch loopback, u tin nh ngha mt loopback interface vi lnh sau: routerX(config)#interface loopback <number> a ch IP cao nht, c dng lm router ID, b vit khi cu hnh mt a ch cho loopback interface. Khi loopback interface c cu hnh, OSPF c nhiu tin cy hn bi v loopback interface ny lun lun hat ng v khng c trng thi down nh interface tht. D , a ch loopback nn c s dng cho cc router chnh. Nu a ch loopback c qung b bng lnh network area, s dng mt a ch private s tit kim a ch IP tht. Ch , a ch loopback yu cu subnet khc nhau cho mi router, tr khi a ch host ca n c qung b S dng mt a ch m khng qung b s tit kim a ch IP tht, nhng khng ging nh mt a ch c qung b, a ch khng qung b s khng xut hin trong bng OSPF v v th khng th truy cp ngang qua mng. Do , s dng a ch Private s d cho vic debug v thay i vng a ch.

9-9

Kim tra cu hnh OSPF

RouterX# show ip protocols Kim tra OSPF c cu hnh RouterX# show ip route Hin th cc ch hc bi giao thc OSPF
RouterX# show ip route Codes: I - IGRP derived, R - RIP derived, O - OSPF derived, C - connected, S - static, E - EGP derived, B - BGP derived, E2 - OSPF external type 2 route, N1 - OSPF NSSA external type 1 route, N2 - OSPF NSSA external type 2 route Gateway of last resort is 10.119.254.240 to network 10.140.0.0 O O O O O . 10.110.0.0 [110/5] via 10.119.254.6, 0:01:00, Ethernet2 IA 10.67.10.0 [110/10] via 10.119.254.244, 0:02:22, Ethernet2 10.68.132.0 [110/5] via 10.119.254.6, 0:00:59, Ethernet2 10.130.0.0 [110/5] via 10.119.254.6, 0:00:59, Ethernet2 E2 10.128.0.0 [170/10] via 10.119.254.244, 0:02:22, Ethernet2 . .
9-10

Bn c th s dng cc lnh show xem cu hnh OSPF. Lnh show ip protocols hin th cc bin v thi gian, lc, gi thnh, mng v nhng thng tin khc ca tan b router Lnh show ip route hin th nhng con ng m router bit v cch chng hc nhng con ng ny. Lnh ny l cch tt nht bit kt ni gia router cc b v ch. Bng sau y m t nhng ct ch ra trong lnh show ip route O: ct ny ch ra phng php hc bit mt con ng. N c th c mt trong nhng gi tr sau: I: IGRP R: RIP . E2, IA: Ct ny ch ra con ng thuc lai no. N c th c mt trong nhng gi tr sau: *: ch ra ng cui cng c chn khi chuyn mt packet. IA: ng ni b trong mt area

9-10

172.150.0.0: a ch mng ch. [110/5]: s u tin l adminitrative distance (AD), s th 2 l gi thnh. 0:01:00: ch ra thi gian cui cng con ng c cp nht (gi:pht:giy). Ethernet2: ch ra interface s i qua n mng ch.

9-11

Kim tra cu hnh OSPF(tt)

RouterX# show ip ospf

Hin th OSPF router ID, timers, v statistics

RouterX# show ip ospf Routing Process "ospf 50" with ID 10.64.0.2 <output omitted> Number of areas in this router is 1. 1 normal 0 stub 0 nssa Number of areas transit capable is 0 External flood list length 0 Area BACKBONE(0) Area BACKBONE(0) Area has no authentication SPF algorithm last executed 00:01:25.028 ago SPF algorithm executed 7 times <output omitted>

9-12

Dng lnh show ip ospf kim tra gi tr router ID. Lnh ny cng hin th nhng cu hnh v thi gian v nhng thng k khc, gm thi gian m thut tan SPF thc thi. Lnh ny cng c nhng bin ty chn v th bn c th ch ra thng tin thm na. Hnh v ch ra mt phn kt qu ca lnh ny trn router X. RouterX# sh ip ospf Routing Process "ospf 50" with ID 10.64.0.2 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs

9-12

Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Number of areas transit capable is 0 External flood list length 0 Area BACKBONE(0) Area BACKBONE(0) Area has no authentication SPF algorithm last executed 00:01:25.028 ago SPF algorithm executed 7 times Area ranges are Number of LSA 6. Checksum Sum 0x01FE3E Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0

9-13

Kim tra cu hnh OSPF (tt.)

RouterX# show ip ospf interface Kim tra area ID v thng tin lin kt

RouterX# show ip ospf interface ethernet 0 Ethernet 0 is up, line protocol is up Internet Address 192.168.254.202, Mask 255.255.255.0, Area 0.0.0.0 AS 201, Router ID 192.168.99.1, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State OTHER, Priority 1 Designated Router id 192.168.254.10, Interface address 192.168.254.10 Backup Designated router id 192.168.254.28, Interface addr 192.168.254.28 Timer intervals configured, Hello 10, Dead 60, Wait 40, Retransmit 5 Hello due in 0:00:05 Neighbor Count is 8, Adjacent neighbor count is 2 Adjacent with neighbor 192.168.254.28 (Backup Designated Router) Adjacent with neighbor 192.168.254.10 (Designated Router)

9-14

Lnh show ip ospf interface kim tra xem interface c cu hnh trong area no. Nu khng c a ch loopback c cu hnh, a ch cao nht ca interface s c chn lm router ID. Lnh ny cng hin th hello interval v dead interval v ch ra mi quan h k cn Kt qu lnh show ip ospf interface Ethernet: trng thi tng physical v data link ca interface Internet address: a ch IP ca interface, subnet mask, v a ch area AS: s AS, router ID, loi mng, gi thnh Transmit delay: thi gian tr, trng thi ca interface, v u tin ca router Designated router: Ch ra router ID ca DR v a ch IP ca n Backup Designated router: Ch ra router ID ca BDR v a ch IP ca n. Timer intervals configured: nhng thi gian cu hnh Hello: s giy n khi gi hello k tip c gi ra khi interface Neighbor count: s router k cn c mi quan h 2 chiu

9-14

Kim tra cu hnh OSPF(tt.)

RouterX# show ip ospf neighbor

Hin th thng tin router k cn trn thc giao din

RouterX# show ip ospf neighbor ID 10.199.199.137 172.16.48.1 172.16.48.200 10.199.199.137 Pri 1 1 1 5 State Dead Time FULL/DR 0:00:31 FULL/DROTHER 0:00:33 FULL/DROTHER 0:00:33 FULL/DR 0:00:33 Address 192.168.80.37 172.16.48.1 172.16.48.200 172.16.48.189 Interface FastEthernet0/0 FastEthernet0/1 FastEthernet0/1 FastEthernet0/1

9-15

Lnh show ip ospf neighbor hin th thng tin v cc router k cn ca mt interface. Mi dng trong hnh v ch ra thng tin tm tt ca mt router k cn.

9-15

Kim tra cu hnh OSPF(tt.)

RouterX# show ip ospf neighbor 10.199.199.137 Neighbor 10.199.199.137, interface address 192.168.80.37 In the area 0.0.0.0 via interface Ethernet0 Neighbor priority is 1, State is FULL Options 2 Dead timer due in 0:00:32 Link State retransmission due in 0:00:04 Neighbor 10.199.199.137, interface address 172.16.48.189 In the area 0.0.0.0 via interface Fddi0 Neighbor priority is 5, State is FULL Options 2 Dead timer due in 0:00:32 Link State retransmission due in 0:00:03

9-16

Bng sau lit k nhng ct trong lnh show ip ospf neighbor. Neighbor: router ID ca router k cn. Interface address: a ch IP ca interface. In the area: area v thng qua interface ny bit router k cn. Neighbor priority: u tin ca router k cn, trng thi ca router k cn. State: trng thi OSPF. State changes: tng s thay i trng t khi router k cn c pht hin. Gi tr ny c th khi to li bng lnh clear ip ospf counters neghbor. DR is: router ID ca DR i vi interface. BDR is: router ID ca BDR i vi interface. Options: nhng ty chn ca gi hello (E bit. C th c 2 gi tr 0 v 2; 2 ch ra rng area khng phi l stub; 0 ch ra rng area l mt stub). Dead timer due in: thi gian i trc khi xa mt router k cn.

9-16

Neighbor is up for: s gi:pht:giy t khi router k cn c mi quan h 2 chiu. Index: v tr ca router k cn trong area v hng i truyn li trong AS. Retransmission queue length: s thnh phn trong hng i. Number of retransmission: s thi gian cp nht gi tin c gi li trong lc flooding. First: v tr b nh v chi tit flooding. Next: v tr b nh v chi tit flooding. Last transmission scan length: s LSA trong s truyn li gi tin cui cng. Maximum: s LSA ti a m c th gi trong bt k s truyn li gi tin. Last retransmission scan time: thi gian phi tn xy dng s truyn li gi tin cui cng. Maximum: thi gian phi tn ti a xy dng bt k s truyn li gi tin.

9-17

Cc lnh OSPF debug

RouterX# debug ip ospf events OSPF:hello with invalid timers on interface Ethernet0 hello interval received 10 configured 10 net mask received 255.255.255.0 configured 255.255.255.0 dead interval received 40 configured 30 OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.117 aid:0.0.0.0 chk:6AB2 aut:0 auk: RouterX# debug ip ospf packet OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116 aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0

9-18

Kt qu ca lnh debug ip ospf events phi hin th nu bt k mt trong nhng trng hp sau xy ra: Subnet mask ca nhng router trong cng mng khng ph hp Hello interval ca router khng ging vi hello interval ca router k cn Dead interval ca router khng ging vi dead interval ca router k cn Nu mt router c cu hnh OSPF khng thy mt router k cn, thc hin cc bc sau: Chc chn rng c 2 router cu hnh cng subnet mask v cng hello interval v dead interval Chc chn rng c 2 router cng mt area v cng lai area V d kt qu ca lnh debug ip ospf events: OSPF: hello packet with mismatched E bit c ngha rng router ny v router k cn khng cng lai area. Mt router c cu hnh l transit area v router c cu hnh l stub area hin th thng tin v mi gi OSPF c nhn, dng lnh debug ip ospf packet trong privileged EXEC mode. Thm no trc lnh ny tt debug. Kt qu ca lnh debug ip ospf packet s khc nhau ph thuc vo s chng thc cu hnh. Bng sau ch ra kt qu ca lnh ny vi s chng thc MD5: V: phin bn OSPF T: Lai gi OSPF, c th l mt trong nhng lai sau:

9-18

1: hello 2: data description 3: link-state request 4: link-state update 5: link-state acknowledgment L: chiu di gi OSPF (Byte) Rid: router ID Aid: area ID Chk: checksum Aut: lai chng thc, c th l mt trong nhng lai sau: 0: khng chng thc 1: simple password 2: MD5 Auk: kha chng thc Keyid: id ca kha MD5 Seq: s th t

9-19

Cn ti vi OSPF
Cn ti OSPF:
Cc ng phi c cng gi thnh (cost) Mc nh, ti a 4 ng bng nhau c th cng c miu t trong bng nh tuyn C th thay i mc nh v c ti a 16 ng: (config-router)# maximum-paths <value> m bo cc ng c cng gi thnh, c th ch nh gi thnh ca mt giao din qua lnh: (config-if)# ip ospf cost <value>

9-20

Cn ti l mt tnh nng chun ca IOS image v c sn tt c platform. N gn lin vi tin trnh chuyn gi tin trong router, v cho php router s dng nhiu ng chuyn gi tin n ch. S ng c s dng b gii hn bi s entry m giao thc nh tuyn a vo bng nh tuyn. Mc nh l 4 ng, ngai tr BGP. BGP c gi tr mc nh l 1. s ng ti a c th cu hnh l 16.

9-20

Cn ti vi OSPF

9-21

Gi thnh ca mt interface trong OSPF l chi ph yu cu gi mt gi tin ngang qua mt interface no . Gi thnh ca interface t l nghch vi bng thng ca interface . Bng thng cng cao gi thnh cng thp. Mc nh, router tnh gi thnh ca mt interface da vo bng thng. Tuy nhin, bn c th p t gi thnh ca interface bng lnh ip ospf cost {value} trong mode cu hnh interface. Nu c nhiu ng n cng ch c gi thnh bng nhau, OSPF c th lu gi 16 next hop n cng ch trong bng nh tuyn (c gi l cn ti). Mc nh, router OSPF h tr 4 ng c gi thnh bng nhau n mt ch. Dng lnh maximum-paths trong global configuration cu hnh s ng c gi thnh bng nhau trong bng nh tuyn, v d: routerX(config)#router ospf 1 routerX(config-router)#maximum-paths ? <1-16> number of pth routerX(config-router)#maximum-paths 3 Bn c th dng lnh show ip route tm nhng ng c gi thnh bng nhau. Trong v d, ch ra c 3 ng c gi thnh bng nhau n mng ch 194.168.20.0.

9-21

RouterX# show ip route 194.168.20.0 Routing entry for 194.168.20.0/24 Known via "ospf 1", distance 110, metric 74, type intra area Redistributing via ospf 1 Last update from 10.10.10.1 on Serial1, 00:00:01 ago Routing Descriptor Blocks: * 20.20.20.1, from 204.204.204.1, 00:00:01 ago, via Serial2 Route metric is 74, traffic share count is 1 30.30.30.1, from 204.204.204.1, 00:00:01 ago, via Serial3 Route metric is 74, traffic share count is 1 10.10.10.1, from 204.204.204.1, 00:00:01 ago, via Serial1 Route metric is 74, traffic share count is 1 Ch rng c 3 khi m t 3 nh tuyn. Mi khi l mt ng. Du (*) ch ra con ng ny s c chn khi chuyn traffic mi. traffic c th l mt packet hoc tan b chui packet, iu ny ph thuc no cn ti ca router l per-destination hay per-packet

9-22

Xc thc OSPF
OSPF h tr 2 xc thc: Dng hin th password Xc thc vi MD5 Router xc thc trn tng gi tin OSPF. Router xc thc trn tng a ch ngun ca tng gi tin OSPF m n nhn c. Cu hnh mi kha (key) hay (password); mi cp lin kt phi c cng mt kha

9-23

S xc thc c th c cu hnh yu cu nhng router tham gia vo nh tuyn phi c password nh ngha trc Khi cu hnh chng thc trn router, router s chng thc ngun ca mi gi tin m n nhn. S chng thc ny c han thnh bng cch trao i kha (thng nh l password) gia router nhn v gi. Mc nh, OSPF khng c cu hnh xc thc, ngha rng tt c nhng trao i nh tuyn trn mng u khng c xc thc. OSPF h tr 2 phng php xc thc: Hin th password MD5 Xc thc MD5 gm mt s th t khng gim trong mi gi OSPF bo v tn cng tr li.

9-23

Cu hnh xc thc OSPF password hin

RouterX(config-if)#

ip ospf authentication-key password

Gn mt password s dng vi router k cn

RouterX(config-if)#

ip ospf authentication [message-digest | null]

Ch ra lai xc thc ca interface (as of Cisco IOS Release 12.0) OR

RouterX(config-router)#

area area-id authentication [message-digest]

Ch ra lai cc thc ca mt area

9-24

cu hnh xc thc theo phng php hin th pasword thc hin nhng bc sau: Step 1: dng lnh ip ospf authentication-key password gn mt password s dng vi cc router k cn m chng c phng php xc thc l hin th password. Password c to bi lnh ny c xem nh l mt kha s c thm trc tip vo OSPF header. Mt password khc nhau c th c gn n mi network trn mi interface. Tt c router trn cng mng phi c cng password c kh nng trao i thng tin OSPF. Step 2: dng lnh ip ospf authentication ch ra lai xc thc nhng bin trong lnh ny: Message-digest: (ty chn) ch ra rng xc thc MD5 s c s dng Null: (ty chn) khng cu hnh xc thc. Ty chn ny hu dng khi mun ghi password hoc xc thc MD5 c cu hnh trn area Dng lnh ip ospf authentication khng c bin cu hnh xc thc plaintext password. Trc khi dng lnh ny, cu hnh password cho interface bng lnh ip ospf authentication-key Lnh ip ospf authentication c gii thiu trong Cisco IOS release 12.0. Tng thch ngc, lai xc thc cho mt area vn c h tr. Nu interface khng c ch ra lai xc thc, th lai xc thc mc nh l area (mc nh l khng xc thc). cu hnh xc thc cho mt area OSPF, dng lnh area area-id authentication [message-disget].

9-24

V d v cu hnh xc thc plaintext password

9-25

Da vo v d trong hnh v chng minh cu hnh, kim tra v x l li ca xc thc plaintext password. Xc thc plaintext c cu hnh trn interface s0/0/1 vi lnh ip ospf authentication. Interface c cu hnh vi mt kha xc thc l plainpas. Ch rng cc interface kt ni router 1 v 2 c cu hnh cng lai xc thc vi cng kha.

9-25

Kim tra xc thc Plaintext Password

RouterX#show ip ospf neighbor Neighbor ID Pri State 10.2.2.2 0 FULL/ Dead Time 00:00:32 Address 192.168.1.102 Interface Serial0/0/1

RouterX#show ip route <output omitted> Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O 10.2.2.2/32 [110/782] via 192.168.1.102, 00:01:17, Serial0/0/1 C 10.1.1.0/24 is directly connected, Loopback0 192.168.1.0/27 is subnetted, 1 subnets C 192.168.1.96 is directly connected, Serial0/0/1 RouterX#ping 10.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms

9-26

Hnh v ch ra kt qu ca lnh show ip ospf neighbor v show ip route. Ch rng neighbor state l FULL, ch ra rng 2 router thit lp mi quan h k cn thnh cng. Bng nh tuyn kim tra rng a ch 10.2.2.2 c hc thng qua OSPF trn kt ni serial. Kt qu ca lnh ping a ch loopbak interface c hin th chng t rng link ang hat ng.

9-26

Trin khai OSPF

9-27

9-27

Tm tt
OSPF l mt classless, link-state routing protocol. N s dng mt m hnh vng phn cp hi t nhanh. OSPF trao i gi hello thit lp mi quan h k cn gia 2 router. Thut tan SPF da vo gi thnh tnh ng i tt nht. Gi thnh thp hn ch ra ng i tt hn. Lnh router ospf process-id c dng cho php OSPF trn router router. Dng loopback interface gi router ID n nh. Lnh show ip ospf neighbor hin th thng tin ca router k cn trn mt interface. Lnh debug ip ospf events v debug ip ospf packets c th c s dng chn an v x l li OSPF Mc nh, OSPF s cn ti ngang qua 4 ng c gi thnh bng nhau. C 2 lai xc thc: Plaintext and MD5.

9-28

9-28

9-29

9-29

9-30

Bi 10:Chn an v x l li OSPF

Trin khai OSPF n min

10-1

10-1

Cc thnh phn ca chn on v x l li OSPF

10-2

3 thnh phn chnh ca chn an v x l li gm: Mi quan h k cn Bng nh tuyn S xc thc

10-2

Chn an v x l li v mi quan h k cn

10-3

Neighbor state l FULL c ngha l tt. Nu neighbor state c nhng trng thi khc, n c th ch ra mt vn . V d, kt qu ca lnh show ip ospf neighbor Dng lnh show ip ospf interface xem c li tng physical v tng data link hay khng. administratively down ch ra rng interface cha c cho php. Nu trng thi ca interface khng phi l up/up, th s khng c mi quan h k cn. Trong v d, serial 0/0/1 l up/up thit lp mt mi quan h k cn vi router kt ni trc tip, c 2 router phi cng kch thc MTU. kim tra kch thc MTU ca interface, dng lnh show interface. Trong v d, kch thc MTU L 1500bytes RouterX# sh ip int fa0/0 FastEthernet0/0 is up, line protocol is up Internet address is 10.2.2.3/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set

10-3

Lnh network m bn cu hnh di tin trnh nh tuyn OSPF ch ra nhng interface no ca router tham gia vo OSPF v quyt nh interface thuc area no. Nu mt interface xut hin di lnh show ip ospf interface, th interface ny ang chy OSPF. Trong v d, interface s0/0/1 v s0/0/0 ang chy OSPF RouterX# sh ip ospf interface Serial0/0/1 is up, line protocol is up Internet Address 10.23.23.1/24, Area 0 Process ID 100, Router ID 192.168.1.65, Network Type POINT_TO_POINT, Cost: 1562 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:04 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 192.168.1.81 Suppress hello for 0 neighbor(s) Simple password authentication enabled Serial0/0/0 is up, line protocol is up Internet Address 10.140.1.2/24, Area 0 Process ID 100, Router ID 192.168.1.65, Network Type POINT_TO_POINT, Cost: 1562 Transmit Delay is 1 sec, State POINT_TO_POINT, Nhng router OSPF trao i gi hello thit lp mi quan h k cn. C 4 thng tin trong gi hello phi ph hp trc khi thit lp mi quan h k cn: Area ID Hello v dead interval Password ca xc thc Stub area flag bit bt k mt thng tin no khng ph hp, dng lnh debug ip ospf adj. V d sau chng minh thit lp mi quan h k cn thnh cng trn interface serial 0/0/1 *Feb 17 18:41:51.242: OSPF: Interface Serial0/0/1 going Up *Feb 17 18:41:51.742: OSPF: Build router LSA for area 0, router ID 10.1.1.1, seq 0x80000013 *Feb 17 18:41:52.242: %LINEPROTO-5-UPDOWN: Line protocol on

10-4

Interface Serial0/0/1, changed state to up *Feb 17 18:42:01.250: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1, state 2WAY *Feb 17 18:42:01.250: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x9B6 opt 0x52 flag 0x7 len 32 *Feb 17 18:42:01.262: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x23ED opt0x52 flag 0x7 len 32 mtu 1500 state EXSTART *Feb 17 18:42:01.262: OSPF: NBR Negotiation Done. We are the SLAVE *Feb 17 18:42:01.262: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x23ED opt 0x52 flag 0x2 len 72 *Feb 17 18:42:01.294: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x23EE opt0x52 flag 0x3 len 72 mtu 1500 state EXCHANGE *Feb 17 18:42:01.294: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x23EE opt 0x52 flag 0x0 len 32 *Feb 17 18:42:01.294: OSPF: Database request to 10.2.2.2 *Feb 17 18:42:01.294: OSPF: sent LS REQ packet to 192.168.1.102, length 12 *Feb 17 18:42:01.314: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x23EF opt0x52 flag 0x1 len 32 mtu 1500 state EXCHANGE *Feb 17 18:42:01.314: OSPF: Exchange Done with 10.2.2.2 on Serial0/0/1 *Feb 17 18:42:01.314: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x23EF opt 0x52 flag 0x0 len 32 *Feb 17 18:42:01.326: OSPF: Synchronized with 10.2.2.2 on Serial0/0/1, state FULL *Feb 17 18:42:01.330: %OSPF-5-ADJCHG: Process 10, Nbr 10.2.2.2 on Serial0/0/1 from LOADING to FULL, Loading Done *Feb 17 18:42:01.830: OSPF: Build router LSA for area 0, router ID 10.1.1.1, seq 0x80000014

10-5

Chn on v x l li bng nh tuyn

10-6

Mt con ng OSPF trong bng nh tuyn c th c m khc nhau: O: mt con ng trong vng t mt router trong cng area O IA: mt con ng ngoi vng t mt router khc area O E1 hoc E2: mt con ng bn ngai t mt AS khc Nu bn c OSPF n min, bn s khng thy bt k con ng O IA trong bng nh tuyn. Trong v d sau, c c con ng O IA v O E2 RouterX# sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 ia - IS-IS inter area, * - candidate default, o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/32 is subnetted, 1 subnets O 172.16.31.100 [110/1563] via 10.140.1.1, 00:03:15, Serial0/0/0

10-6

10.0.0.0/24 is subnetted, 5 subnets C 10.2.2.0 is directly connected, FastEthernet0/0 O IA 10.1.1.0 [110/1563] via 10.140.1.1, 00:03:15, Serial0/0/0 O 10.140.2.0 [110/3124] via 10.140.1.1, 00:03:15, Serial0/0/0 [110/3124] via 10.23.23.2, 00:03:15, Serial0/0/1 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.64/28 is directly connected, Loopback0 O E2 192.168.1.81/32 [110/1563] via 10.23.23.2, 00:03:17, Serial0/0/1 Lnh network m bn cu hnh di tin trnh OSPF cng ch ra nhng mng c OSPF qung b. Lnh show ip protocols ch ra c lc bt k con ng no khng, m c th nh hng n nhng con ng c thy trong bng nh tuyn. Trong v d sau, cng hin th nhng mng c cu hnh qung b n cc router OSPF khc RouterX# sh ip protocols Routing Protocol is "ospf 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.1.65 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 10.2.2.3 0.0.0.0 area 0 10.23.23.1 0.0.0.0 area 0 10.140.1.2 0.0.0.0 area 0 192.168.1.65 0.0.0.0 area 0 Reference bandwidth unit is 100 mbps Routing Information Sources: Gateway Distance Last Update 192.168.1.81 110 00:04:52 172.16.31.100 110 00:04:52 Distance: (default is 110)

10-7

Chn on v x l li xc thc Plaintext Password

Xc thc Plaintext trn routerX, khng xc thc trn routerY
RouterX#debug ip ospf adj *Feb 17 18:51:31.242: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 0, we use type 1 RouterY#debug ip ospf adj *Feb 17 18:50:43.046: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 1, we use type 0

Xc thc trn router X v routerY, nhng khc password

RouterX#debug ip osp adj *Feb 17 18:54:01.238: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch Authentication Key - Clear Text RouterY#debug ip ospf adj *Feb 17 18:53:13.050: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch Authentication Key - Clear Text

10-8

Lnh debug ip ospf adj c dng hin th nhng s kin lin quan n mi quan h k cn v rt hu ch khi chn an v x l li xc thc V d: Nu xc thc plaintext password c cu hnh trn interface serial 0/0/1 ca routerX v trn interface serial 0/0/0 ca router Y, nhng khc password, kt qu 2 router ny khng thit lp c mi quan h k cn trn link . Kt qu lnh debug ip ospf adj ch ra trong hnh chng t rng router thng bo kha xc thc khng ph hp; khng c gi OSPF no c gi gia 2 router k cn

10-8

Chn an v x l li OSPF

10-9

10-9

Tm tt
Chn an v x l li OSPF c gi tm : mi quan h k cn, bng nh tuyn v s xc thc . Dng lnh show ip interface kim tra MTU ca mt OSPF interface. Dng lnh show ip ospf interface gip chn an v x l li c cu hnh OSPF trn interface hay khng Dng lnh debug ip ospf adj chn an v x l li xc thc.

10-10

10-10

10-11

10-11

10-12