10 Bai TH

Bi h ng d n Th c T p MMT H ng d n s d ng chng trnh Dynamips/ Dynagen
Dynamips l chng trnh s d ng PC gi l p thi t b router c a Cisco, h tr vi c s d ng HH IOS c a Cisco trn chnh PC. Vi c c u hnh cc s m ng c th c th c hi n thng qua Dynagen. Dynagen c c u hnh c a ng i dng t cc file .net, y th c ch t l cc file Text thu n ty.
Chng ta gi l p s m ng trn, dng word pad t o file c tn Lab.net. Lu , nn dng wordpad ho c editplus t o file .net, khng nn dng notepad, v cc file m u c lu theo c u trc file c a Linux (xu ng dng s d ng \n ch khng ph i \r\n nh Windows). M file template test.net c cung c p s n. C u trc file test.net nh sau:
[localhost:7200] udp = 10000 console = 2000 workingdir = E:/Dynamips_Working [[7200]] image = C:/IOS/c7200-ik9o3s-mz.124-18.bin idlepc = 0x6076c71c [[3640]] image = C:/IOS/c3640-js-mz.123-11.T10.bin idlepc = 0x60588978
Ph n [localhost:7200] ch d n cho Dynagen k t n i v i dynamips server trn my c c b , t i port 7200 (y l gi tr m c nh, khng nn thay i). workingdir:th m c lu ci file temp c a dynamips [[7200]] v [[3640]] lu cc thng s cho 2 dng s n ph m router cisco 7200 v cisco 3640, y l 2 dng router thng d ng, c th dng th c t p. image= # ng d n n file IOS c a dng s n ph m. idlepc = # Gi tr gip dynamips gi m t i cho CPU, gip CPU khng ho t ng 100% t i. Xem thm trong file tutorial c a dynamips. C u hnh cho router R0:
[[ROUTER R0]] model = 3640 #Ch nh R0 l dng 3640 console = 2000 #port console c a R0, ph i l gi tr duy nh t cho m i Router ram = 128 nvram = 128 rom = 4 slot0 = NM-4T # Module 4 cong serial
Dynamips - Dynagen
Page 1
Bi h ng d n Th c T p MMT
slot1 = NM-1FE-TX # Module 1 cong fast ethernet s0/0 = R1 s0/0 #C ng s0/0 trn R0 n i n s0/0 c a R1
Router 3640 h tr t i a 4 slot. Danh sch cc lo i card h tr c th xem thm trong file tutorial.
C u hnh cho router R1 [ROUTER R1]] model = 3640 console = 2001 ram = 128 nvram = 128 rom = 4 slot0 = NM-4T # Module 4 cong serial slot1 = NM-1FE-TX # Module 1 cong fast ethernet s0/1 = R2 s0/0 #N i n s0/0 c a R2. C u hnh cho router R2 [[ROUTER R2]] model = 3640 console = 2002 ram = 128 nvram = 128 rom = 4 slot0 = NM-4T # Module 4 cong serial slot1 = NM-1FE-TX # Module 1 cong fast ethernet
K t n i gi a router o v m ng th t. Tr c tin, s d ng tool Network device list
Theo thng bo, card m ng Local Area Connection trong PC c chu i k t n i l NIO_gen_eth:\Device\NPF_{3D748EEA-5833-45C6-90C9-245FF07D33FE} Mu n k t n i c ng fa1/0 c a Router R2 ra c ng ny, ta thm dng sau:
Dynamips - Dynagen
Page 2
[[ROUTER R2]] model = 3640 console = 2002 ram = 128 nvram = 128 rom = 4 slot0 = NM-4T # Module 4 cong serial slot1 = NM-1FE-TX # Module 1 cong fast ethernet fa1/0 = NIO_gen_eth:\Device\NPF_{3D748EEA-5833-45C6-90C9-245FF07D33FE}
#Ket n i c ng fa1/0 ra m ng th t. Sau khi hon t t, ta lu l i file v i tn lab.net Ch y server dynamips tr c
Sau double click vo file lab.net chng trnh dynagen kh i ng.
Dynamips - Dynagen
Page 3
Dng l nh list xem cc thi t b hi n c trong bi lab
G console R0 b t u c u hnh thi t b R0
Dynamips - Dynagen
Page 4
C th g console /all c u hnh t t c cc thi t b . C th dng l nh suspend R0 ngng ho t ng R0 Dng l nh reload R0 kh i ng l i router. Ta c th dng hyper terminal c u hnh thi t b C u hnh R1, ta connect n port 2001 o ny.
1. C u hnh cc c ng v static route Ta c th xem danh sch cc c ng hi n t i trn router, tr ng thi t ng c ng:
Dynamips - Dynagen
Page 5
Cch t a ch IP cho c ng. Ta vo mode c u hnh c ng, dng cu l nh ip address { a_ch _ip} {subnet_mask}
Dynamips - Dynagen
Page 6
Khi n i 2 c ng serial tr c ti p v i nhau, s c m t c ng ng vai tr DCE (c p xung ng h cho c ng cn l i ho t ng), c ng cn l i ng vai tr DTE. C ng ng vai tr DCE ph i g cu l nh clock rate {t c xung} c p xung ho t ng cho c ng DTE Ta g cu l nh R1# show controllers s0/0 xem lo i c ng c a s0/0 trn R1. K t qu trong hnh, y l c ng DCE.
Dynamips - Dynagen
Page 7
Ta c th dng cu l nh clock rate ch nh t c ho t ng c a c ng ny.
T c tnh b ng bps. Ta c th c u hnh cho thi t b ho t ng
t c 2Mbps
G cu l nh no shut kch ho t c ng, m c nh c ng
tr ng thi shutdown.
Dynamips - Dynagen
Page 8
2. C u hnh static route. B n thn R0 cha bi t ng i n network 172.29.2.0/24. M c nh 1 router ch bi t n cc network c n i tr c ti p v i n. Cu l nh show ip route s cho bi t b ng nh tuy n c a router. Ch ci C y t ng trng cho Connected, m ng n i tr c ti p v i router.
Ta h ng d n cho router R0 bi t, mu n n network 172.29.2.0/24 s i thng qua c ng S0/0 (n i n R1) ho c i thng qua router R1 c a ch 172.29.1.2 Chng ta ch nn g 1 trong 2 cch sau: R0(config)# ip route 172.29.2.0 255.255.255.0 s0/0 ho c R0(config)# ip route 172.29.2.0 255.255.255.0 172.29.1.2 v i 172.29.2.0 l network address, 255.255.255.0 l subnet mask c a network s0/0 l c ng i ra, ho c a ch 172.29.1.2 l a ch c a router lng gi ng gip chng ta t i c network mong mu n.
Dynamips - Dynagen
Page 9
B ng nh tuy n xu t hi n ng m ng 172.29.2.0 v i ch S (t ng trng cho static route, ng i do chng ta t g vo). Lc ny, R0 bi t cch i n m ng 172.29.2.0/24, tuy nhin R2 cha bi t cch i n m ng 172.29.1.0/24 lin l c v i R0. Chng ta lm tng t d y ng i ny cho R2 3. Default Route:
V i m hnh m ng nh trn, ta c th th y R0 d i n b t k ng m ng no cng thng qua R0. Ta c th s d ng 1 lo i static route c bi t cho R0 g i l default route. Khi khai bo default route, khi router mu n n m t ng m ng no m trong b ng nh tuy n c a n khng c, n s i theo con ng default route ny. Cch khai bo nh static route, ph n network address v subnet mask s d ng 4 s 0 lin ti p. R0(config)# ip route 0.0.0.0 0.0.0.0 s0/0 v i s0/0 l c ng n i v i R1 ho c R0(config)# ip route 0.0.0.0 0.0.0.0 172.29.1.2 v i 172.29.1.2 l a ch c a R1. Ta c b ng nh tuy n nh sau:
Dynamips - Dynagen
Page 10
Ch d u * bn c nh k t S, y l bi u hi n c a default route. D nhin, lc ny R3 v R4 cng c n ph i c c u hnh bi t cch i n R0. K t thc bi lab, g cu l nh exit trn c a s Dynagen
Dynamips - Dynagen
Page 11
H ng d n mn Th c T p M ng Tu n 1 Tu n 1: Lm quen v i cc thao tc c b n trn Router v Switch

1. Cc ch lm vi c: Trong router v switch Cisco c 3 modes lm vi c chnh, d a vo d u nh c ta c th bi t hi n thi t b ang ch lm vi c no: User EXEC mode: Con nh c : Router> ho c Switch# y l mode lm vi c m c th p v h n ch nh t. Ng i dng ch ny ch c cung c p m t s cu l nh n gi n, chuy n ln ch cao hn (privileged EXEC mode) chng ta s d ng cu l nh enable Privileged EXEC mode: Con nh c: Router# ho c Switch# mode lm vi c ny c th truy c p n nh ng cu l nh m c su trn router/switch, test v debug, truy xu t file, remote access n thi t b khc. T mode ny c th g cu l nh configure terminal chuy n n Global configuration mode. Global configuration mode: Con nh c: Router(config)# ho c Switch(config)# mode ny chng ta c th b t u c u hnh thay i thng s c a thi t b , ngoi ra cn c cc configuration mode m c th p hn c u hnh cc c ng (interface) ho c cc ch c nng ring bi t.
2. K t n i vo router dng c ng console: S d ng thng s k t n i nh sau trn Hyper Terminal (k t n i qua c ng COM)
B mn MMT - VT
Page 1
H ng d n mn Th c T p M ng Tu n 1
3. Cc lo i c u hnh: Trong thi t b cisco c 2 lo i c u hnh l running-config lu t i RAM v startup-config lu t i NVRAM. running-config l c u hnh hi n t i c a h th ng, nh h ng n ho t ng c a h th ng t i th i i m ang xt. M i thay i thng qua cc cu l nh c u hnh mode config s s a i running-config. startup-config l c u hnh c lu l i trong h th ng, l n kh i ng sau h th ng s t ng c startup-config v tun theo cc thng s trong file ny. Cc thao tc trong config mode khng nh h ng n start-up config v s khng c lu l i trong startup-config. Mu n copy running-config vo startup-config (lu l i cc c u hnh hi n t i l n kh i ng sau c t ng th c thi), tao dng l nh copy run start mode privileged: Router# copy run start 4. M t s cu l nh n gi n: Cc cu l nh v xem thng s : (ch y u th c thi Xem running-configuration: Router# show run Xem startup-configuration: Router# show start Xem thng tin v h i u hnh, b nh , : Router# show version mode privileged)
B mn MMT - VT
Page 2
Xem thng tin v cc c ng trn router: Router# show interface ho c Router# show ip interface brief Cc cu l nh ki m tra k t n i: (ch y u th c thi mode privileged) Router# ping 192.168.1.1 Router# traceroute 192.168.1.1 Cc cu l nh c u hnh thng s n gi n: ( mode global configuration) i tn thi t b : Router(config)#hostname Router_HaNoi t password cho thi t b : Trong thi t b cisco c 2 lo i password, t m g i l enable password v secret password. Khi chuy n t User Exec mode sang privileged mode b ng cu l nh enable, ta s b h i m t trong 2 password ny. t enable password ta dng cu l nh: Router(config)#enable password cisco y ta t password cho thi t b l cisco. t secret password ta dng cu l nh: Router(config)#enable secret ccna M c nh, enable password khng b m ha (khi show running-config) c th xem th y, secret password b m ha. Khi ci c 2 lo i password th secret password c u tin hn. 5. Password recovery v i router cisco: Khi qun enable password v secret password chng ta khng th vo privileged mode c a thi t b . Chng ta c n d a vo quy trnh password recovery hack password ny. K t n i console vo thi t b , trong qu trnh kh i ng ta n t h p phm Control Break, thi t b s vo ch Rom Monitor. B mn MMT - VT Page 3
Con nh c rommon cho chng ta bi t router ang
ch rom monitor
B mn MMT - VT
Page 4
ch ny, cc l nh c h tr r t t.
B mn MMT - VT
Page 5
S thng s thanh ghi c u hnh thnh 0x2142, reset l i h th ng Ghi ch: Gi tr thanh ghi m c nh 0x2102 Gi tr thanh ghi b qua c u hnh hi n t i 0x2142
H th ng sau khi reset s b qua c u hnh trong start-up config, tr v tr ng thi ban u.
B mn MMT - VT
Page 6
Copy start up config vo running config. C th show run xem password (n u l enable password)
B mn MMT - VT
Page 7
Lu : N u password l d ng secret password (khng th xem c), ta lm nh sau: R1(config)# no enable secret R1(config)# config-register 0x2102 R1# copy run start xa b password. 6. Trao i d li u v i TFTP server: Cc thi t b c a cisco c kh nng trao i d li u v i TFTP server: copy running, startup config ra/vo tftp server, copy IOS to/from TFTP server. Ci t TFTP server ln PC: Cc b n ci chng trnh SolarWinds TFTP server ln my PC.
B mn MMT - VT
Page 8
Vo File/Configure c u hnh server ny.
Ch n TFTP Server Root Dir l th m c c n lu hay ch a cc file n p vo router. Xem n i dung flash:
B mn MMT - VT
Page 9
C u hnh a ch cho c ng fast Ethernet 0/0 k t n i n TFTP server. Sau copy file IOS (h i u hnh vo TFTP).
B mn MMT - VT
Page 10
Qu trnh copy thnh cng:
Khi c 1 IOS m i hn, ta c th dng l nh copy tftp flash n p HH ny vo thi t b . Ch cc cu thng bo: l n copy u, l i x y ra do b nh flash khng cn ch a IOS m i. Ta c th xa IOS ang dng i (delete flash:/c2800.) - N p IOS m i b ng cu l nh copy tftp flash
B mn MMT - VT
Page 11
Sau khi load thnh cng, ta c th restart thi t b .
Copy c u hnh vo tftp: # copy running-config tftp # copy startup-config tftp Chng ta cng c th copy chi u ng c l i: # copy tftp startup-config sau reload thi t b .
B mn MMT - VT
Page 12
7. Ph c h i IOS cho thi t b cisco m t HH: Ph n th c hnh ny kh m t th i gian, nhi u b n nn k t h p lm chung. Tr c tn, cc b n xa IOS trn thi t b Router (khng lm trn Switch), sau reload thi t b. Khi khng c HDH, thi t b s vo tr ng thi rommon Ta c l n l t cc l nh sau: rommon1>set Sau set cc thng s cho thi t b : rommon2> IP_ADDRESS=172.29.80.1 rommon3> IP_SUBNET_MASK=255.255.255.0 rommon4> DEFAULT_GATEWAY=172.29.80.1 rommon5> TFTP_SERVER=172.29.80.80 rommon6> TFTP_FILE= .. {Tn file IOS} Set y cc thng s nh trn Sau , g l nh tftpdnld, ch n [y]
B mn MMT - VT
Page 13
Thi t b s n p IOS t TFTP
Hon t t, restart thi t b .
B mn MMT - VT
Page 14
B mn MMT - VT
Page 15
H ng d n Th c t p MMT
RIPv1 v RIPv2
D ng m hnh LAB nh sau:
Cc router: R0: s0/0 172.16.X.1/24 Loopback 0: 10.0.X.1/24 R1: s0/0 172.16.X.2/24 s0/1 172.16.(X+1).1/24 Loopback 0: 172.29.X.1/24 R2: s0/0 172.16.(X+1).2/24 fa0/0 172.29.17.(X+1) Loopback 0: 10.0.(X+1).1/24 R3: Router th t, c c u hnh s n: fa0/0 172.29.17.100/24 Loopback 0: 192.168.1.1/24 C u hnh IP cc c ng cho Router R0, R1, R2. Cha n i c ng fa0/0 c a R2 v i Router th t. Yu c u: Cc router ping, lin l c c v i nhau. 1. Gi i thi u thu t ton RIPv1: Thu t ton RIPv1 c c i m l 1 thu t ton d ng classful, cc gi tin qu ng b v ng m ng khng mang km subnet mask. Metric trong thu t ton RIP s d ng l hop count, th c ch t l s router trung gian c n i qua n m t ng m ng no . C u hnh RIPv1 cho cc router R0, R1, R2.
Cu l nh Router Rip b t tnh nng RIP trn cc router. Cu l nh network quy t nh cc ng m ng no s tham gia vo qu trnh nh tuy n. Th c ch t m t cu l nh network c 3 tc d ng: - a thng tin v ng m ng vo cc gi tin nh tuy n, ni cch khc l qu ng co thng tin v ng m ng trong gi tin RIP. Khoa CNTT B mn MMT VT Page 1
G i gi tin update ra interface thu c v ng m ng . Nh n gi tin update t interface thu c v ng m ng .
y, cc ng m ng c nh p theo nguyn l class c a IP. V d : - ng m ng 10.0.X.0/24 l ng m ng l p A, do ta ch g network 10.0.0.0 - ng m ng 172.16.X.0/24 l ng m ng l p B, do ta ch g network 172.16.0.0 T t c ng m ng con c a ng m ng 10.0.0.0/8 v 172.16.0.0/16 u tham gia vo qu trnh nh tuy n RIP. Ta b t tnh nng nh tuy n tng t cho Router1 (cha lm v i Router2):
Xem b ng nh tuy n c a Router0 v Router1: C a R0:
C a R1:
Khoa CNTT B mn MMT VT
Page 2
M t s ch : R: K hi u cho bi t ng m ng h c b ng RIP [120/1]: 120: l gi tr AD c a RIP, m i giao th c c m t AD (Administrative Distance) khc nhau. Giao th c c AD cng b c xem nh cng ng tin c y. 1: Metric c a ng m ng h c t RIP, y ch qua 1 router trung gian nn metric = 1 C 2 i u ng ch : Router0 h c ng m ng 172.29.0.0/16 t Router1, khng ph i 172.29.X.0/24 Router1 h c ng m ng 10.0.0.0/8 t Router0, khng ph i 10.0.X.0/24 Hai ng m ng ny b tm t t? B t tnh nng RIP trn Router2 cho 2 ng m ng 172.16.0.0 v 10.0.0.0 Xem k t qu :
Do Router0 v Router2 u qu ng b cho Router1 ng m ng 10.0.0.0/8 cho Router1, nn Router1 c s nh m l n: C 2 ng i n ng m ng 10.0.0.0/8 thng qua c ng S0/0 v S0/1. Do Router1 s phn ph i t i trn 2 ng m ng ny. Khoa CNTT B mn MMT VT Page 3
Trn Router1 ping a ch 10.0.1.1:
C hi n t ng gi c, gi m t v ng ra ch i qua c ng s0/1 n Router2, Router1 l i phn ph i t i trn c c ng S0/0 n Router0 => M t gi tin. V y m ng b s c , khng n nh. (Lu : V i nh ng Router dng m i, th y hi n t ng gi c, gi m t, trn R1 ta ph i g dng l nh sau: Router1(config)# no ip cef) L gi i nguyn do: Do c i m v nh tuy n c a RIPv1. RIPv1 khng mang subnet mask trong gi tin, do khi g p tr ng h p m ng khng lin t c s t tm t t ng i. Xt Router0 v Router1:
ng n i gi a Router0 v Router1 thu c ng m ng g c (major network) 172.16.0.0/16. C ng loopback0 c a Router0 thu c ng m ng g c (major network) 10.0.0.0/8 c i m c a RIPv1, khi i n ranh gi i c a cc major network khc nhau s t ng tm t t ng i tr c khi qu ng b. V y Router0 ch qu ng b cho Router1 ng i 10.0.0.0/8, l ng i b tm t t, khng ph i ng i 10.0.X.0/24 nh chng ta mong mu n. Tng t : Router1 ch qu ng b ng 172.29.0.0/16 cho Router0, khng ph i 172.29.X.0/24 nh chng ta mong mu n. Hi n t ng nh v y g i l hi n t ng m ng khng lin t c (discontiguous network), c s ngn cch gi a cc major network v i nhau. Cch kh c ph c: S a ng serial n i gi a Router0 v Router1 thnh ng m ng 10.0.Z.0/24 cng major network v i c ng loopback 10.0.X.1/24; ho c s a c ng loopback thnh 172.16.Z.0/24. (Phng php ny sinh vin t th nghi m). Phng php 2: Dng RIPv2. B t gi tin ki m ch ng RipV1 khng mang subnet mask: Trn c a s dynagen, ta b t cc gi tin t R0 trao i v i R1 nh sau: =>capture R0 s0/0 C:\R0.cap HDLC
Page 4
Ta b t cc gi tin trn c ng S0/0 c a R0 lu vo file R0.Cap, sau dng Wireshark (phin b n sau c a Ethereal) phn tch cc gi tin RIP response c a cc router trao i cho nhau. Ghi ch: HDLC l giao th c m c nh trn ng truy n Serial, chng ta cn c th c giao th c PPP trn ng truy n ny. Mu n ngng vi c b t gi tin ta dng cu l nh: =>no capture R1 s0/0 Debug thng tin c a RIP: Trn thi t b c th dng cu l nh debug ip rip c thng tin v ho t ng c a giao th c RIP R0# debug ip rip ho c R0# debug ip rip events mu n t t debug ta dng cu l nh R0#no debug all 2. Gi i thi u v RIPv2: RIPv2 mang cc c i m c a RIPv1, tuy nhin thu c lo i classless routing. Trong gi tin update c mang theo subnet mask. Chuy n t RIPv1 sang RIPv2 b ng cu l nh version 2 trong mode router rip. M c nh RIPv2 v n t ng tm t t cc ng i khi g p ranh gi i major network, ta c th t t ch c nng t ng tm t t b ng cu l nh no auto-summary C u hnh c th :
Tng t cho Router1 v Router2. K t qu : Cc con ng h c r t chnh xc B ng nh tuy n c a R1: H c c 2 ng loopback c a R0 v R2 r t chnh xc.
B ng nh tuy n c a R0:
Page 5
3. Passive interface: Gi s , router R1 khng mu n g i cc gi tin ra c ng S0/0 n R0 ta c th s d ng tnh nng passive-interface. Router1(config)# router rip Router1(config-router)# passive-interface s0/0 Lc ny, R1 khng g i gi tin RIP ra c ng s0/0 nhng v n nh n update t c ng ny. 4. Lan truy n default route v static route v i RIP. N i Router2 v i Router3 (router th t), c u hinh IP router 2 ping c router 3. C u hnh router2 ch default route ln router3. Router2(config)# ip route 0.0.0.0 0.0.0.0 172.29.17.100 Xem b ng nh tuy n:
Ta c th lan truy n thng tin default route ny cho R1 v R0 b ng cu l nh default-information originate Khoa CNTT B mn MMT VT Page 6
Xem b ng nh tuy n c a R0 v R1:
ng default route c lan truy n b ng RIP. C th lan truy n ng static route thng qua RIP b ng tnh nng redistribute C u hnh static route trn R2: Router2(config)# ip route 192.168.1.0 255.255.255.0 172.29.17.100 C u hnh redistribute: Router2(config)# router rip Router2(config-router)# redistribute static metric 10 //G n metric b ng 10 cho cc ng static. Sau xem l i b ng nh tuy n c a R1, R0. 5. Ph n vi c c n lm: C u hnh static route trn R3 R3 c th lin l c v i R0, R1, R2. Ghi ch: Router3 khng ch y RIP. Router3(config)# ip route 10.0.X.0 255.255.255.0 172.29.17.X+1 Router3(config)# ip route 10.0.X+1.0 255.255.255.0 172.29.17.X+1 Router3(config)# ip route 172.16.X.0 255.255.255.0 172.29.17.X+1 Router3(config)# ip route 172.16.X+1.0 255.255.255.0 172.29.17.X+1 Router3(config)# ip route 172.29.X.0 255.255.255.0 172.29.17.X+1 Ghi ch: c u hnh Router3, b n vo Router2 v g cu l nh Router2# telnet 172.29.17.100 password connect l cisco Nng cao: Tm t t ng i t R3 n cc router cn l i b ng static route.
Page 7
Thc tp MMT
Giao thc nh tuyn EIGRP
Thit lp mng nh hnh bn, t a ch cho cc cng. Yu cu: Cc router k cn lin lc c vi nhau. 1. Giao thc EIGRP: L giao thc routing c quyn ca Cisco. - Hot ng di dng classless, cc gi tin nh tuyn c mang thng tin subnet mask - Khng u n gi gi tin nh tuyn mi 30s (nh giao thc RIP), ch khi c thay i trn mng thng tin update mi c truyn i. - Metric c tnh da trn 4 yu t: o Bandwidth: bng thng ca mng o Delay: tr ca cc gi tin khi qua mng o Reliability: tin cy ca ng truyn (s gi tin b hng, mt t). Tnh t 0 -> 255 ( tin cy thp n cao) o Load: Ti hin ti ca ng truyn. Tnh t 0 -> 255
Cng thc: Khoa CNTT B Mn MMT&VT. Page 1
Thc tp MMT
Bandwidth: Tnh theo bandwidth thp nht trn ng i Calculated BW = reference BW / lowest BW(kbps) Delay: Tng cc delay trn ng i Calculated Delay = the sum of outgoing interface delays EIGRP Metric = calculated BW + calculated delay
Khoa CNTT B Mn MMT&VT.
Page 2
Thc tp MMT
AD:
Page 3
Thc tp MMT
2. Cc loi gi tin EIGRP s dng: - Gi Hello: Dng pht hin cc router ln cn cng chy eigrp v duy tr mi quan h vi cc router ny. Routers khng u n gi bng nh tuyn cho nhau m ch dng gi hello duy tr quan h. - Gi Update v ACK: Dng update thng tin cho cc routers khc khi mng c s thay i. Khi nhn gi update, cc routers c yu cu phi gi gi tin ack xc nhn nhn c. - Gi Request v Reply: Dng cho thut ton DUAL, khi mt router b mt ng i n 1 mng, s dng gi request hi cc router ln cn. Gi reply dng tr li cc gi Request. 3. Cu hnh EIRGP: Router0(config)# router eigrp {AS- number} Vi AS-number l s Autonomous System. Wikipedia: In the Internet, an autonomous system (AS) is a collection of IP networks and routers under the control of one entity (or sometimes more) that presents a common routing policy to the Internet. See RFC 1930 for additional detail on this updated definition. EIGRP ch c kh nng trao i d liu vi cc routers trong cng AS. Trong thc hnh chng ta s dng AS 100. Router0(config)# router eigrp 100 Router0(config-router)# network 172.16.0.0 Router0(config-router)# network 10.0.0.0 Cu lnh network trong EIGRP c 2 cch vit: 1/ Vit tng t nh trong RIP Khoa CNTT B Mn MMT&VT. Page 4
Thc tp MMT
2/ S dng Wildcard mask: C th xem wildcard mask gn nh 1 dng ngc ca subnet mask, khi quan tm n 1 bit no , ta set bit bng 0, bit khng quan tm ta set bit bng 1. V d: Mun routing cho tt c ng mng c byte u l 172, bt chp gi tr cc byte cn li (ch quan tm n 1 byte u): network 172.0.0.0 0.255.255.255 Mun routing cho cc ng mng bt u bi 192.168, bt chp gi tr cc byte cn li: network 192.168.0.0 0.0.255.255 Mun routing cho ch ng mng 172.16.0.4/30 network 172.16.0.4 0.0.0.3 hoc n gin hn network 172.16.0.6 0.0.0.0 (so khp c 32 bits) Ghi ch: Cc sinh vin t vit ra dng nh phn xem xt cu lnh. Routing cho cc Router0, Router1, Router2: R0: S dng cu lnh truyn thng:
R1: S dng wildcard mask:
R2: Khng routing cho ng 172.29.17.0/24
Page 5
Thc tp MMT
Xem bng nh tuyn ca R1.
Ch : C s xut hin ca ng mng 10.0.0.0/8, y l ng mng b tm tt!! Vy, mc nh EIGRP cng t tm tt ng i khi qua cc major network khc. Tuy nhin ta c th tt cc chc nng ny bng cu lnh: no auto-summary (trn tt c cc router).
Page 6
Thc tp MMT
Sau khi tt auto-summary, bng nh tuyn ca cc Router th hin ng thng tin.
4. Loadbalancing vi EIGRP un-equal cost path: Ta thy, theo bng nh tuyn R0 c 2 ng i n ng mng 10.0.0.64/26 (L0 ca R2), l i qua 2 cng khc nhau n R1, sau t R1 -> R2. Hai ng i ny c metric bng nhau. Tuy nhin, EIGRP c kh nng loadbalancing trn c nhng ng i khng cng metric Ta can thip thay i metric 2 ng i ny bng cu lnh bandwidth. Khoa CNTT B Mn MMT&VT. Page 7
Thc tp MMT
Trn 1 cng serial, ta s dng cu lnh bandwidth bo cho cc thut ton nh tuyn tc hot ng ca cc cng nhm tnh ton metric chnh xc. Lu : Cu lnh bandwidth hon ton khng c kh nng lm thay i tc hot ng ca cng (y l chc nng ca cu lnh clock rate). Cu lnh ny ch c chc nng bo hiu cho cc phng thc nh tuyn tc ca cng (v cc thit b khng th t detect chnh xc tc trn cng serial), nhm tnh ton metric chnh xc hn. Mc nh cc giao thc nh EIGRP xem cng serial hot ng tc 1,5 Mbps. Bo cho EIGRP bit cng S0/0 hot ng tc 64Kbps
S0/1 tc 128 Kbps
Page 8
Thc tp MMT
Lc ny, Router0 ch chn i ng S0/0 n Router1.
Khi mun Router0 i c 2 con ng, ta dng lnh variance.
Cu lnh ny c ngha, bt k con ng no c: (Metric/ Metric ng i tt nht) <=2 cng s c chn phn phi ti. Ngay lp tc, cng S0/0 c a tr li vo bng nh tuyn.
Page 9
Thc tp MMT
Tng t vi R1:
Yu cu: Tm hiu ngha cc cu lnh: Khoa CNTT B Mn MMT&VT. Page 10
Thc tp MMT
show ip protocols show ip eigrp neighbors show ip eigrp interfaces
5. Passive interface: Bt tnh nng routing trn ng mng 172.29.17.0/24 ca Router R2. Router2(config-router)# network 172.29.0.0 Lc ny, trn bng nh tuyn ca Router s thy c cc ng mng ca cc sinh vin khc cng lm. V cc Router2 kt ni chung vi nhau thng qua mng LAN. Nu ta khng mun lin lc vi Router2 ca cc nhm khc th phi lm sao? S dng tnh nng passive-interface: Khng cho cc gi tin EIGRP i ra cng fa1/0 ca R2.
Kim tra li thng tin bng nh tuyn ca cc Router. 6. Kt ni vi Router tht: Cu hnh static route trn R2 connect n ng mng loopback ca router tht R3
Redistribute cho cc Router0 v Router1 bng cu lnh: Redistribute static metric [Bandwidth] [Delay] [Reliability] [Load] [MTU]
Page 11
Thc tp MMT
Cc s liu ny khng nht thit phi g tht chnh xc, ch cn nhp EIGRP pht sinh metric ph hp i vi ng static c chn vo EIGRP ny. Ngay lp tc, R0 v R1 hc c ng i n mng 192.168.1.0/24 ny, hc thng qua R2.
Page 12
Thc tp MMT
Lu : AD ca ng redistribute trong EIGRP b y ln thnh 170, khng cn l 90. Yu cu: - R2 cu hnh default route v lan truyn ng default route cho cc router khc bng k thut Redistribute - Cu hnh static route cho R3 lin lc vi cc mng cn li, p dng k thut tm tt ng i. Ht Ti liu tham kho: Gio trnh CCNA Trung tm tin hc i Hc KHTN. Cisco Academy v4.0
Page 13
OSPF Routing Protocol
Thi t l p cc thng s a ch nh hnh trn. Router R0, R1, R2,R3 ,R4 l router o Router R5 l router th t.
1. Giao th c OSPF:
L d ng link state routing protocol, ho t ng theo c ch classless (c mang thng tin subnet mask). - Metric: Metric trn 1 nhnh m ng tnh b ng cng th c 108/(bandwidth), metric n 1 ng m ng l t ng cc metric trn cc ng i. - 108 l 1 s tham chi u khi tnh bandwidth, c th thay i s ny b ng l nh auto-cost reference-bandwidth trong mode router ospf. - AD = 110 Link-state routing: Cc giao th c nh RIP, EIGRP u ho t ng c ch distant vector: Router2 bi t ng i n m t network s k cho lng gi ng l Router1, Router1 s tin t ng ki n th c c a Router2 v ti p t c k cho lng gi ng l Router0. C th thng tin v ng m ng s c lan truy n i, cc router s tin t ng ki n th c c a ng i lng gi ng tr c l ng. Do lan truy n nh v y, cc giao th c distant vector cn c g i l giao th c routing theo tin n (routing by rumors). Ng c l i, cc giao th c link state nh OSPF ban u s qu ng b cho cc lng gi ng v nh ng ng m ng do n qu n l (nh ng ng m ng g n tr c ti p vo cc c ng c a n). Thng tin ny s ti p t c c nh ng lng gi ng lan truy n kh p h th ng m ng. Cc routers d a vo thng tin ny s bi t c nh ng router no qu n l nh ng ng m ng no -> t v nn m t b n m ng (topology map). D a vo b n ny, m i router t xy d ng 1 c u trc cy v i chnh n l i m g c (root), sau s d ng thu t ton Shortest Path First (SPF, Djisktra) tm ng i ng n nh t n m i network. y l s khc nhau c a link state v distant vector routing. C u trc phn thnh Area c a OSPF: Giao th c OSPF, h th ng m ng c th c chia thnh nhi u area. Vi c phn chia ny nh m h n ch s lan truy n thng tin khi c s c m ng x y ra. Xt X=1: Gi s ta shutdown m t c ng trn Router1 (thu c area 1), ton b cc router trong Area 1 u nh n bi t thng tin ny v ph i xy d ng l i th m ng. Tuy nhin, vi c lan truy n thng tin ny ch b gi h p trong ph m vi area 1, khng lan sang cc area khc. -
Lc ny, Router3 c g i l Router bin gi i (ABR Area Border Router), ho t ng c Area0 v Area1. T t c cc router Area 0 khi mu n sang cc ng m ng Area 1 u ph i i thng qua Router3. Khi c s b t n di n ra Area 1 (c m t ng m ng b down ho c up), cc router Area 1 u ph i xy d ng l i th , tuy nhin Area 0 t b nh h ng, m i vi c u d n ln Router 3. Vi c phn thnh nhi u Area gip OSPF c th i gian n nh nhanh khi c thay i trn c u trc m ng, m i thay i ch b gi g n trong area x y ra thay i . Yu c u b t bu c: Area 0 g i l area xng s ng (back bone), m i area khc u ph i n i tr c ti p vo Area 0.
2. C u hnh OSPF: Cu l nh: router ospf [process-id], trn m t router c th ch y nhi u process cng lc. Con s ID c th ty , khng quan tr ng v khng nh t thi t ph i gi ng nhau trn cc routers. Cu l nh network s d ng c php wildcard mask.
Router0(config)# router ospf 1 Router0(config-router)# network 10.0.0.0 0.255.255.255 area 1 Router0(config-router)# network 172.29.1.0 0.0.0.255 area 1 Tng t cho R1 v R2. V i R3: Router3(config)# router ospf 1 Router3(config-router)# network 172.16.1.0 0.0.0.255 area 1 Router3(config-router)# network 192.168.1.0 0.0.0.3 area 0
ho c
Router3(config-router)# network 192.168.1.1 0.0.0.0 area 0
3. Qu trnh b u ch n DR v BDR trn m ng broad cast:

Trn mi tr ng Serial, 2 router lng gi ng s trao i tr c ti p d li u v i nhau. Tuy nhin mi tr ng broadcast nh Ethernet s ph c t p hn. Gi s c n routers n i v i nhau trn m ng Ethernet (n i chung vo 1 switch), m t router b t k ph i trao i d li u cho (n-1) routers cn l i. T ng c ng s c n*(n-1)/2 l n trao i d li u, i u ny l qu nhi u v c th tiu t n ton b bng thng c a m ng. Do , trn m ng broadcast, cc router s t b u ch n 1 router lm i di n cho ton m ng LAN, g i l Disignated Router (DR) v 1 router d b (Backup Designated Router BDR). T t c cc router khc s ch g i thng tin cho DR v BDR, khng g i d li u l n nhau. Sau DR s t p trung m i thng tin v pht l i cho t t c cc router cn l i 1 l n duy nh t. i u ny gip gi m bng thng dnh cho ospf trn m ng broadcast. Cc router cn l i g i l DROther. Qu trnh b u ch n: D a vo priority v RouterID. Router no c priority cao nh t s l DR, cao th nh s l BDR. Priority m c nh m i router u nh nhau, do s phn nh d a vo Router ID. Router ID c xc nh b ng: - N u khng c c ng loopback: RouterID l a ch IP cao nh t c a cc c ng v t l.
- N u c c ng loopback: L a ch IP cao nh t c a cc c ng loopback. N u priority nh nhau, Router c RouterID cao nh t s l DR, cao nh s l BDR.
Nh v y Router R2 s l DR, R1 l DROther, v y chnh b n thn R0 l BDR. Theo ng l thuy t R1 s l BDR, nhng do R1 c b t ln sau khi qu trnh b u ch n gi a R0 v R2 hon t t, vo sau cng nn ph i ch p nh n l DROther.
K t qu c a R2:
Lu : Trn k t n i serial n i gi a R2 v R3 khng b u ch n DR/BDR. C u hnh cho Router4: Router4(config)# router ospf 1 Router4(config-router)# network 192.168.1.0 0.0.0.255 area 0 Router4(config)# router rip Router4(config-router)# network 172.29.0.0 Router4(config-router)#ver 2 Router4(config-router)# no auto-summary
4. Xem xt cc b ng nh tuy n: B ng nh tuy n R0
O: ng m ng h c b ng OSPF, trong cng Area O IA: ng m ng h c b ng OSPF, khc Area c i m: OSPF khng t ng auto-summary, cc ng Loopback lun lun xu t hi n d i d ng /32. B ng nh tuy n R4:
T n t i nh ng ng h c b ng RIP v OSPF song song v i nhau.
5. Redistribute gi a RIP v OSPF: Trn R4 s th c hi n vi c redistribute a) Redistribute ng OSPF vo RIP:
B ng nh tuy n R5: h c cc ng qua RIP.
b) Redistribute RIP vo OSPF:
M c nh, khi dng l nh redistribute rip v i ospf ch c nh ng ng classful c qu ng b. V d 100.0.0.0/8, 172.29.0.0/16. y chng ta c cc subnets c a ng 100.0.0.0/8 nn ph i dng t kha subnets
B ng nh tuy n c a Router3:
Cc ng 100.100.0.0, 100.100.1.0 , c h c d i d ng OSPF external type ( c redistribute t RIP).
6. Tm t t ng m ng v i OSPF:
C 2 d ng tm t t: Tm t t khi qua bin gi i Area, tm t t khi redistribute. a) Tm t t khi qua bin gi i gi a Area0 v Area1: Router3 c th tm t t cc ng 10.0.X.0/26, 10.0.X.64/26 v 10.0.X.128/26 thnh ng m ng 10.0.X.0/24 khi bo cho R4 (i t bin gi i Area 1 sang Area 0):
Trn R4 ch cn ng m ng 10.0.1.0/24
b) Tm t t ng m ng m c Redistribute: Khi redistribute R4 (t RIP vo OSPF), ta c th tm t t cc ng 100.100.0.0, 100.100.1.0, 100.100.2.0, 100.100.3.0 thnh ng 100.100.0.0/22
Router3 cc ng nh n c c tm t t:
c) M r ng: Can thi p vo qu trnh b u ch n DR v BDR Gi s ta mu n Router1 tr thnh DR, ta ch nh s a priority trn c ng fa1/0 c a R1.
Tuy nhin, do qu trnh b u ch n ch m d t, ta ph i reset l i ospf trn c 3 routers cng lc kh i ng l i qu trnh b u ch n.
Sau khi hon t t, R1 c priority l 10 nn tr thnh DR:
Thng th ng, ng i ta ch n nh ng router c c u hnh m nh nh t m nh n vai tr DR trong m t m ng broadcast. Ta cng c th khng can thi p vo priority v t gn RouterID cho m t router b ng cu l nh:
Sau cng ph i reset l i OSPF process thay i c tc d ng. H T
VLAN
1. c i m c a h th ng switch: Switch l m t thi t b lm vi c Layer 2 trong m hnh OSI. Switch ch lm vi c v i a ch MAC. Ton b m t h th ng switch c xem l m t broadcast domain: Khi m t gi tin broadcast pht ra t m t my s lan truy n n m i my trong h th ng. chia nh broadcast domain, cc thi t b layer 3 nh router, switch layer 3 c s d ng. Lc ny, m i nhnh c a m t router l m t network khc nhau v gi tin broadcast khng th lan truy n sang nhnh m ng khc. Vi c ny gip lm tng hi u nng cho h th ng m ng, v n u kch th ng broadcast domain qu l n s khi n h th ng m ng r t ch m ch p. Cc switch layer 2 ngy nay c km tnh nng VLAN (Virtual LAN), m i switch c th hnh thnh nhi u VLAN khc nhau, m i VLAN l m t network c l p, gi tin broadcast c a VLAN ny cng khng th lan truy n sang VLAN khc. Tuy nhin, k t n i cc VLAN v i nhau v n c n s hi n di n c a thi t b layer 3. N i dung bi h c ny s tm hi u v c i m c a tnh nng VLAN trn switch. Dynamips ch h tr gi l p cc router v switch, gi l p cc PC ta ph i dng chng trnh VPCS. 2. Gi i thi u chng trnh VPCS: Dng t o cc PC o k t n i v i Dynamips. Cc PC o ny h tr l nh ping v trace gi ng nh PC th t. VPCS c th h tr t i a 9 PC o cng lc. Cch k t n i: M c nh cc PC o ho t ng Port t 20000 n 20008, k t n i n Dynamips t port 30000 n 30008. Gi s port fa0/0 trn switch o SW0 k t n i n PC1 (port 20000), ta c o n code c u hnh trong file .net nh sau: [[ROUTER SW0]] model = 3640
Khoa CNTT B Mn MMT
console = 2000 ram = 128 nvram = 128 rom = 4 slot0 = NM-16ESW #Module 16 cong fastethernet. f0/1 = NIO_udp:30000:127.0.0.1:20000 9 PC v port tng ng: RPORT l port trn Dynamips, LPORT t ng trng cho PC.
Khi kh i ng, m c nh s g n a ch IP cho 4 pc u tin: C th dng cu l nh: IP {IP_ADDRESS} {Defalt_Gateway} {Subnet_mask} t l i a ch IP cho cc PC. Khi mu n chuy n sang PC 1 ta n phm 1, PC 2 n phm 2 v tng t Ta c th ping test k t n i trn cc PC.
3. Tnh nng VLAN trn cc Switch:
Khoa CNTT B Mn MMT
n gi n, tr c tin ta ch c u hnh VLAN cho SW0 v SW1. Xem cc VLAN trn cc switch v cc port tng ng:
Ta tr c h t c th c u hnh ip cho cc switch ki m tra k t n i. Vi c t ip tng i khc so v i trn Router, ta t IP cho m t c ng o l interface VLAN1.
t cho SW1:
Khoa CNTT B Mn MMT
t cho SW2 v ping ki m tra:
Nh v y cc Switch thng v i nhau. Ta ti n hnh thm VLAN trn SW0 v SW1: Dng cu l nh valan database, sau thm cc VLAN 10 v VLAN 20.
Khoa CNTT B Mn MMT
Trn SW1:
Xem l i thng tin VLAN:
Khoa CNTT B Mn MMT
Trn SW1:
Khoa CNTT B Mn MMT
B t u th tnh nng VLAN, a port fa0/1 (PC1) vo VLAN 10: Dng cu l nh switchport access vlan 10 c ng fa0/1: Sau xem l i thng tin VLAN
Khoa CNTT B Mn MMT
Lc ny PC1 VLAN10, PC2 VLAN1 (m c nh). Chng ta ping ki m tra k t n i c a 2 PC ny: Chng ta th y d trn cng 1 switch, nhng do khc VLAN nn PC1 v PC0 b ngn cch:
Khoa CNTT B Mn MMT
t a ch ip cho c ng fa0/0 c a Router0, Router0 n i v i SW0 qua c ng fa0/3 nn v n thu c VLAN1.
Do Router0 v PC1 v n th y nhau:
K t lu n: Cc my cng VLAN v n lin l c c v i nhau, khc VLAN th d trn cng 1 switch v n khng lin l c c v i nhau. Hon t t vi c c u hnh VLAN trn SW0 v SW1 theo ng m hnh trong bi: SW0: port fa0/1 VLAN 10 v port fa0/2 VLAN 20. S d ng cu l nh switchport access mode interface:
SW1: port fa0/1
VLAN 20 v port fa0/1
VLAN 10
Khoa CNTT B Mn MMT
ng n i gi a 2 switch (c ng fa0/0) v n chuy n d li u c a m i VLAN, do ta chuy n chng sang mode TRUNK. Ghi ch: Port TRUNK l port c kh nng mang traffic c a nhi u VLAN, cc gi tin s c g n thm 1 tr ng VLAN ID pha tr c phn bi t gi a cc VLAN. cc port thng th ng, cc gi tin khng mang thng tin VLAN ID.
Hnh trn l c u trc gi tin 802.1q, l m t giao trong 2 giao th c ng gi trn ng Trunk. Gi tin Ethernet thng th ng c b c ph n Data, bn ngoi c thm nhi u tr ng. Tr ng VLAN ID chi m 12 bits.
Switch1:
Khoa CNTT B Mn MMT
10
t IP cho cc PC theo ng qui nh cho m i VLAN: VLan10: 192.168.10.0/24 VLan 20: 192.168.20.0/24
PC4 thu c VLAN10 nn d n m khc Switch v n thng c PC1, trong khi PC1 v PC2 d n m cng trn 1 switch nhng khc VLAN nn khng th y nhau.
Khoa CNTT B Mn MMT
11
4. VLAN Trunking Protocol (VTP) Khi c kh nhi u switch trong h th ng m ng, n u m i khi c n thm hay xa 1 vlan n u ph i n g tr c ti p cu l nh t i m i switch s r t m t th i gian v d gy sai st. VTP ra i gi i quy t v n ny: Ta s l a ch n m t s switch lm server v m t s switch lm client. Khi thm ho c xa vlan trn switch server, cc switch ny s t bo thng tin cho cc switch client c p nh t. Cc ng n i gi a cc switch c n a thnh d ng trunk, giao th c vtp ch ch y trn ci link d ng trunk. y c th xem l m t m hnh qu n l t p trung n gi n. C u hnh VTP: Tr c tin, chng ta c u hnh port n i gi a switch 2 v switch 1 l port trunk v cha c u hnh b t k thng tin VLAN no trn switch 2. C th xem thng tin v vtp b ng cu l nh: #show vtp status trao i thng tin c v i nhau, cc switch ph i thu c cng domain. M c nh khi cha c u hnh, vtp domain ang d ng r ng. Ngoi ra, ta ch cc thng tin nh: - Operation Mode l Server (c 2 d ng khc l Client, Transparent) - Configuration Revision: Phin b n c u hnh, b t u l 0. M i khi tat hay i c u hnh VLAN, thng s ny c t ng tng ln thm 1.
Khoa CNTT B Mn MMT
12
Ta i tn domain trn switch 0:
Xem l i thng tin vtp domain: Ch ph n Vtp Domain Name
Cc switch 1 v switch 2 cng c tn l chu i r ng. Theo nh ngha, khi vtp domain l chu i r ng s b cc tn khc vi t ln. Cc b n dng l nh show vtp status trn switch 1 ki m ch ng.
Khoa CNTT B Mn MMT
13
Ban u switch 2 cha c b t k thng tin VLAN no, hi n gi c Switch 0 c p nh t thng tin:
B c ti p theo: Ta t o VLAN 30 trn Switch0, ki m ch ng SW1 v SW2 b c p nh t theo:
Khoa CNTT B Mn MMT
14
Thng tin trn SW1:
Khoa CNTT B Mn MMT
15
Khoa CNTT B Mn MMT
16
Xem l i thng tin VTP trn SW0, Configuration Revision c tng ln.
Ghi ch: VTP c 3 mode ho t ng. Trch ti li u Cisco VTP Modes:A switch can be configured in one of three modes: server, client, or transparent. VTP Server: VTP servers advertise the VTP domain VLAN information to other VTP-enabled switches in the same VTP domain. VTP servers store the VLAN information for the entire domain in NVRAM. The server is where VLAN can created, deleted, or renamed for the domain. VTP Client:
Khoa CNTT B Mn MMT
17
VTP clients function the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client. A VTP client only stores the VLAN information for the entire domain while the switch is on. A switch reset deletes the VLAN information. You must configure VTP client mode on a switch. VTP Transparent: Transparent switches forward VTP advertisements to VTP clients and VTP servers. Transparent switches do not participate in VTP. VLANs that are created, renamed, or deleted on transparent switches are local to that switch only. Ta c th chuy n SW1 v SW2 thnh d ng Client: S d ng cu l nh VTP client: SW1:
SW2:
Cc switch mode client khng th t t o VLAN m ch nh n update thng tin VLAN t server. Cc b n c th ki m ch ng b ng cch t o VLAN trn cc SW ny. t VTP Password: M c nh cc SW khng set password. Khi set password, ch nh ng switch c cng password trn cng domain m i trao i thng tin cho nhau. Ta i password trn SW0 v t o VLAN 40.
Khoa CNTT B Mn MMT
18
Do khc Password nn SW1 khng c p nh t thng tin: Cu l nh show vlan-switch khng cho th y VLAN 40. Thng s Configuration Revision khng tng, th hi n thng tin cha c p nh t.
Khoa CNTT B Mn MMT
19
SW1 ch p nh n thay i thng tin, cc b n ph i i password trng v i SW0. (N u v n khng c c th shutdown port fa0/0 v sau no shutdown l i port ny). Yu c u th nghi m thm: - Xa VLAN trn SW server v ki m tra cc client c xa theo hay khng? - Mode Transparent trn cc switch. Thng tin VLAN c lu trong file vlan.dat flash. xa m i thng tin vlan c th dng cu l nh: # delete flash:/vlan.dat 5. Inter-Vlan Routing:
Khoa CNTT B Mn MMT
20
Cc VLAN hnh thnh, tuy nhin ch cc my trong cng VLAN m i thng c nhau. Cc VLAN khc nhau khng lin l c c v i nhau. cc VLAN ny lin l c c c n ph i c s hi n di n c a thi t b Layer 3, y l Router R0. Cc b c th c hi n: - C u hnh trn SW0: Port fa0/3 n i v i R0 ph i chuy n thnh mode trunk, em thng tin c a m i VLAN. - Trn port fa0/0 ph i dng k thu t sub interface: Chia port fa0/0 thnh 3 port logic: - Fa0/0.10 k t n i v i VLAN 10, c ip l 192.168.10.1; ki u Encapsulation l Dot1Q, vlan 10. - Fa0/0.20 k t n i v i VLAN 20, c ip l 192.168.20.1; ki u Encapsulation l Dot1Q, vlan 20. - Fa0/0.30 k t n i v i VLAN 30, c ip l 192.168.30.1; ki u Encapsulation l Dot1Q, vlan 30. Chi ti t c u hnh:
B ng nh tuy n:
Khoa CNTT B Mn MMT
21
Lc ny cc my cc VLAN khc nhau c th lin l c c v i nhau; v i yu c u ph i t default gateway ng v i VLAN c a mnh. 6. Ph n lm thm: K t n i R1 v i R0, ch n 1 giao th c nh tuy n sao cho t t c m i my u thng nhau. H t
Khoa CNTT B Mn MMT
22
Bi HDTH Th c t p MMT
Spanning Tree Protocol

Ph n 1: L thuy t.
Gi i thi u: Khi c nhi u ng n i gi a cc switch, t o thnh cc ng backup (hay cn g i l ng d th a redundant), hi n t ng loop r t c th x y ra. V d :
Hnh 1: Loop gi a 2 switch (Ngu n Cisco.com)
Khi my N g i 1 gi tin broadcast ra h th ng m ng, gi tin n Switch A gi s ban theo port fa0/0 n port fa0/0 c a Switch B. Do y l gi broadcast nn Sw B s chuy n ti p gi tin ny ra port fa0/1 v chuy n n port fa0/1 c a Switch A. Switch A l i chuy n ti p gi tin ny cho Switch B theo port fa0/0. Qu trnh c th ti p di n v gy nn hi n t ng loop. Qu trnh di n ra tng t khi c nhi u ng i k t n i gi a nhi u Switch: SW2 -> SW1 -> SW3 -> SW2
Spanning Tree ra i kh c ph c hi n t ng loop gi a cc switch, khi cc switch n i v i nhau b ng nhi u k t n i, s c t nh t 1 ng b v hi u ha t m th i. Khi ng k t n i chnh b t, ng k t n i ph ny s c t ng kch ho t. Nguyn l ho t ng: Spanning Tree Protocol (STP) ho t ng theo nguyn t c: L a ch n ra 1 s port trn switch cho vo tr ng thi forwarding (tr ng thi chuy n ti p cc gi tin data), cc port khc cho vo tr ng thi blocking (khng chuy n ti p cc gi tin data). Nguyn l l a ch n cc port tr ng thi forwarding: (Ngu n Cisco Press ICND 2) Ghi ch: ph n sau c s d ng khi ni m bridge. Chng ta s xem khi ni m ny cng nh switch, c th s d ng hon i cho nhau.
u tin, cc switch s l a ra 1 switch lm root bridge, root bridge l switch c t t c cc port c t tr ng thi forwarding. Qu trnh b u ch n d a vo Bridge ID, Switch no c ID nh nh t s c lm Root. ID l m t s ghp g m 2 thnh ph n Switch Priority v Switch MAC address.
V d : SW3 c priority =32769, a ch MAC=0200.0003.0003 s c ID = 32769:0200.0003.0003 M c nh cc SW u c priority nh nhau nn SW no c a ch MAC b nh t s l Root Bridge. Ban u, cc SW u t nh n mnh l Root, sau qu trnh b u ch n di n ra gi a cc SW v s th ng nh t b u ch n ra SW c ID nh nh t lm ROOT. Cc port c a ROOT u tr ng thi Forwarding.
Sau qu trnh b u ch n, SW1 s l Root Bridge.

Cc Switch cn l i s l a ra cc Root Port: Trn m i switch, port c cost i n Root nh nh t s l Root Port, c t tr ng thi Forwarding. B ng tnh COST:
M i Switch s t tm ROOT PORT (d a vo cost):
M i SWITCH u xc nh c ROOT Port c a mnh.
B c cu i cng: B u ch n designated port.

Trn nhnh m ng n i gi a SW2 v SW3, khng c ROOT Port. Chng ta ph i quy t nh a m t trong 2 port: port c a SW2 ho c SW3 vo tr ng thi blocking (khng truy n d li u). Trong 2 port, port no c cost v root cao hn s b a vo tr ng thi blocking, port cn l i g i l designated port (v n tr ng thi ho t ng, khng b block). Trong tr ng h p c 2 port c cost v root nh nhau, port trn root c Bridge ID cao hn s b a vo tr ng thi blocking.
Bi HDTH Th c t p MMT Qu trnh thay i t tr ng thi BLOCKING sang FORWARDING. Khi Port tr ng thi FWD b t k t n i (s c dy m ng ho c 1 v n tng t ), port tr ng thi BLOCKING ph i c chuy n sang FORWARDING. Qu trnh g m cc b c: Blocking -> Listening: Giai o n ny Switch xa b b ng MAC c, chu n b h c l i b ng MAC m i. SW cha chuy n gi tin ra kh i port ny. Listening -> Learning: B c vo giai o n h c b ng MAC m i. Port v n cha dng chuy n d li u. Forwarding: B t u chuy n gi tin ra kh i port ny. M c nh 1 switch m t 50s chuy n t tr ng thi blocking sang Forwarding.
Ph n 2: C u hnh
Thi t l p m hnh lab nh sau:
Qu trnh b u ch n Root Bridge, Root port v Designated Port di n ra t ng. Ta xem trn Switch 0: show spanning-tree brief
Phn tch: Spanning tree c tnh theo t ng VLAN ( y chng ta ch m i c VLAN 1). V i VLAN1, Root Bridge c ID l 32768: cc00.05e4.0000, v Switch 0 chnh l Root Bridge. Do y l Root Bridge nn c 3 port u tr ng thi FWD (Forwarding), cost v Root = 0. Xem thng tin trn SW1:
Phn tch: Root Bridge l SW0, SW1 c cng priority (32768) nhng MAC cc01.05e4.0001 > MAC c a SW0. Port Fa0/1 tr ng thi Blocking, port ny c Cost v Root l 19 (Fast Ethernet), port Fa0/1 ny n i v i Port Fa0/11 (nhn vo m c Designated, ta bi t l port Fa0/11 do Port ID c a Switch bn c nh l 128.12) Port Fa0/2 v Fa0/10 tr ng thi FWD, cc port ny cng chnh l designated port nhnh m ng . Ti p n l thng tin trn SW2:
Thay i Root Bridge: Ta c th ch nh cho SW2 tr thnh Root Bridge (config)#spanning-tree vlan 1 root primary
VLAN 1 b ng cu l nh:
Lc ny SW0 khng cn l ROOT: Tr ng thi cc port:
Tr ng thi cc port trn SW1: Do SW0 c ID nh hn SW1 nn c 2 port n i v i SW0 u BLOCKING.
trang thi
Trn SW2:
Thay i cho SW1 tr thnh ROOT:Ta s d ng cu l nh (config)# spanning-tree vlan 1 priority 8000 t priority cho SW1 th p hn Root Bridge hi n t i.
Tr ng thi cc port trn cc Switch: Cc b n t l gi i v tr ng thi cc port.
SW0:
SW2:
10
Thay i COST cho cc port: hnh trn, port fa0/10 c a SW0 tr ng thi Blocking; port fa0/11 tr ng thi FWD. Hai port ny c cng cost l 19 khi n i v i ROOT Bridge (l SW1), tuy nhin fa0/11 n i v i port fa0/1 (port th p hn) trn Root Bridge nn c u tin cho vo tr ng thi FWD. Ta ch nh cost trn port fa0/10 < 19 port ny thnh root port => Tr ng thi FWD.
Port Fa0/11 -> Block.
11
Bi HDTH Th c t p MMT Spanning Tree v i cc VLAN khc nhau: T o VLAN 2 trn cc switch, a port n i cc switch thnh d ng trunk. a cc port v mode TRUNK
V i SW1:
T o VLAN v VTP
Xem VLAN: c VLAN2.
12
13
Bi HDTH Th c t p MMT Xem thng tin port trn SW0: Ta th y SW0 v i VLAN1 khng ph i l ROOT, nhng v i VLAN2 SW0 l ROOT. i u ny ch ng t , v i m i VLAN cc switch s duy tr m t STP Topology khc nhau.
Th nghi m: Cc b n sv t ki m nghi m tnh nng sau: Shutdown m t port tr ng thi FWD, Quan st qu trnh chuy n t tr ng thi BLK->LIS->LRN->FWD port cn l i. V d : Shutdown port fa0/10 trn SW0.
14
Bi HDTH Th c t p MMT Tnh nng Etherchanel:
SW1 c 2 port n i n SW0, s c 1 trong 2 port b block. Ta c th ghp 2 port v t l ny thnh 1 port logic. i u ny gip tng t c k t n i gi a SW0 v SW1, ngoi ra s khng c port no b block. Ta s d ng cu l nh Channel-group 1 mode on trn c ng fa0/10 v fa0/11
Tng t cho SW1:
15
Lc ny trn SW0 hnh thnh 1 port o, g i l Port Channel 1 g m 2 port v t l fa0/10 v fa0/11. SW0 xem nh lc ny ch c 1 k t n i n SW1, khng c port b block.
16
Tng t cho SW1:
17
Switch Layer 3 - HSRP
Thi t l p h th ng m ng nh hnh bn.
Ph n 1: Switch Layer 3.
Trong bi ny chng ta s kh o st vai tr c a thi t b SWITCH Layer 3 trong v n Routing. T o VLAN: T o thm cc VLAN2, VLAN3 v c u hnh cc port trunk theo nh s . C th s d ng VTP c u hnh VLAN ho c t c u hnh trn t t c cc switch. Trn SW0:
SW1:
SW2:
Ci t a ch IP cho cc my theo nh s .
1. Inter VLan Routing: SWITCH Layer 3 c kh nng ho t ng t ng Network, tng t cc thi t b Router. Do chng ta c th dng Switch Layer 3 routing gi a cc VLAN v i nhau v khng c n s d ng thi t b Router.
H ng d n Th c t p MMT Nh c l i: V i thi t b router, routing gi a cc VLAN ta ph i chia sub interfaces v ch n VLAN tng ng v i t ng sup interfaces qua cu l nh: (config-subif)# encapsulate dot1q <VLAN-ID> V i Sw layer 3, v n n gi n hn r t nhi u. V i m i VLAN, trn SW Layer3 ta t o ra m t interface qu n l tng ng. V d v i VLAN 1, ta t o interface vlan 1 nh sau: (config)# int vlan 1 (config-if)# ip add <ip_gateway_vlan1> <subnet_mask> y, thi t b SW2 l thi t b SW layer 3, ta c u hnh theo hnh bn d i:
Nh v y, cc VLAN c th lin l c c v i nhau.
Cc my u ch n gateway ph h p v i VLAN c a mnh. T PC2 ta c th ping n cc VLAN khc. 2. C u hnh Routing trn SW Layer3: Trn sw layer 3 ta c th xem b ng nh tuy n b ng cu l nh: # show ip route tng t nh trn router.
Cc interface VLAN cng c xem nh cc interface v t l. Ta b t u c u hnh routing cho cc ng m ng c a SW2 v cc routers. SW2 c cc c ng fa0/0 v fa0/1 n i v i cc routers, cc c ng ny s ho t ng layer 3, khng ho t ng layer 2. Cu l nh chuy n mode ho t ng cho 1 port sang layer 3 l cu l nh: (config-if)# no switchport Chuy n sang Layer 3 (config-if)# switchport Chuy n ng c l i layer 2 Ta chuy n port fa0/0 v fa0/1 ln layer3, ng th i t a ch IP theo s .
Tng t cho port fa1/0:
Cc ng m ng ny s xu t hi n trong b ng nh tuy n:
SW layer3 c th ch y h u h t m i giao th c nh tuy n nh router: ospf, rip, eigrp y chng ta s nh tuy n s d ng OSPF.
nh tuy n cho R0:
nh tuy n cho R1:
B ng nh tuy n c a cc thi t b : Cc ng m ng h c b ng OSPF.
C a R0:
C a R1
Ph n 2: HSRP (Hot Standby Router Protocol)

3. Gi i thi u HSRP: Thng th ng, cc my tnh trong m ng s ch DEFAULT GATEWAY n a ch c a LAN interface trong m ng. M i giao ti p v i cc ng m ng khc u thng qua router ny. N u Router b down, m i giao ti p v i bn ngoi s b ng t. m t s m ng quan tr ng, chng ta c th s d ng HSRP v s d ng nhi u router cng lc lm gateway. Khi router chnh b down, cc router khc c th m nh n vai tr gateway cho m ng v m i giao ti p trn m ng v n ti n hnh bnh th ng. T t c cc router ny s dng chung m t a ch IP o v m t a ch MAC cng o. Trong m hnh, cc PC 4 -> PC 7 u dng default gateway l 192.168.1.1 (l Router 0). Ta s c u hnh R0 v R1 u s d ng a ch tr m s dng a ch ny lm default gateway. Cu l nh s d ng l y l o 192.168.1.200; cc my
10
H ng d n Th c t p MMT (config-if)# standby <id> ip <ip_gateway> Ta s c u hnh trn c ng fa1/0 (h ng vo m ng LAN) c a R0 v R1: R1:
R0:
Trong R0 v R1 s c m t router c ch n ra ng vai tr chnh (Active) v m t router ng vai tr d b standby. Khi router Active b m t lin l c, router Standby s c n ln vai tr Active. Trong m t nhnh m ng LAN, t i m t th i i m ch c 1 router Active v 1 router Standby, cc routers khc (n u c) s ng vai tr Listen. Qu trnh ch n d a vo Priority (m c nh l 100), priority cao nh t s ng vai tr active. Khi priority ngang nhau, router no c a ch IP c ng m ng LAN cao hn (c ng fa1/0) s ng vai tr active. y Router1 (192.168.1.254 > 192.168.1.1) s ng vai tr Active: Dng cu l nh show standby xem:
11
R0:
R1:
12
H ng d n Th c t p MMT a ch IP o 192.168.1.200 s i km v i a ch MAC o 0000.0c07.ac<id> y standby 1 nn MAC s l 0000.0c07.ac01. Ghi ch thm: Qu trnh b u ch n di n ra ch 1 l n, do n u ta c u hnh HSRP cho R0 tr c, n s lm Active. Khi R1 tham gia vo HSRP d IP c cao hn nhng cng khng th c p quy n active c a R0. cho php cc router c Priority cao hn khi vo sau c th c p quy n active, ta c u hnh tnh nng Preempt: R0:
R1:
Th
nghi m: C u hnh cho R5 s d ng gateway 192.168.1.200
13
4. Ch nh Priority: Ta cng c th t gn priority cho m t router b ng l nh: standby <id> priority p d ng: Ch nh priority cho R1 l 110 -> Lun l Active v priority > R0.
14
5. Tnh nng Track Interface: Khi m t interface no b down, ta c th yu c u HSRP gi m priority c a router xu ng cho php cc router khc thnh vai tr active. V d : R1 ang gi vai tr active, n u interface fa0/0 c a n b down, n s khng th lin l c v i m ng bn ngoi. Do ta yu c u HSRP ki m sot c ng fa0/0, n u c ng ny b down s gi m priority c a R1 i 50, cho php R0 tr thnh active router. Trn c ng LAN fa1/0 ta c u hnh:
15
Th nghi m shutdown port fa0/0 c a Router R1: Ngay l p t c n b gi m priority v tr thnh Standby (priority = 110 50 = 60)
16
H ng d n Th c t p MMT Khi no shutdown c ng ny, priority tr l i 110 v c p quy n active c a router R0 (nh tnh nng preempt):
6. Load Balancing v i HSRP: T o ra 2 gateway o v i a ch nh sau: - 192.168.1.200: Cho R1 l active c a group ny, R0 l standby (standby group 1) - 192.168.1.100: Cho R0 l active c a group ny, R1 l standby (standby group 2) Host PC 4, PC 5 ch n default gateway l 192.168.1.100 Host PC 6, PC 7 ch n default gateway l 192.168.1.200 Bnh th ng PC4, PC5 s ch n R1 l gateway; PC6, PC7 s ch n R0 l gateway. Khi R0 b down, R1 s m nhi m c a ch 192.168.1.100 (bnh th ng R1 l standby cho a ch ny) v ng c l i khi R1 down. H t
17
Th c t p MMT
Network Address Translation (NAT)

NAT ra i ch y u gi i quy t v n thi u cc a ch IPv4. S l ng a ch IP c c p pht t i th i i m 1993. i u ny d n n 1 nguy c c n ki t a ch IPv4.
Cc gi i php c a ra: Lu di: Chuy n ln IPv6 Tr c m t: s d ng NAT. Gi i php NAT: T ch c qu n l h th ng m ng internet nh ngha cc vng a ch IP c dng l i trong cc m ng n i b , cc a ch ny g i l private IP addresses:
Page 1
Th c t p MMT
Cc cng ty, t ch c c php s d ng ty cc a ch ny cho m ng LAN c a mnh. Tr c khi ra m ng public, cc gi tin s c chuy n i a ch private IP thnh a ch public IP. Qu trnh ny l nguyn t c ho t ng c a NAT. Do m i t ch c u c dng l i cc a ch IP ny nn s l ng a ch IPv4 c n thi t trong m ng public gi m ng k . Cc d ng NAT xem xt trong bi: - Static NAT - Dynamic NAT - NAT Port (interface/pool) - Static NAT + Port Thi t l p h th ng m ng nh hnh v :
Page 2
Th c t p MMT
Trong , - R1 t ng trng cho ISP - R0 l m t doanh nghi p thu ng truy n c a ISP (m hnh ny th ng dng trong ki u k t n i lease line). - Doanh nghi p mua 1 gi a ch g m 6 a ch IP public 203.162.2.8/29 C u hnh IP cho cc thi t b : R0:
R1:
Page 3
Th c t p MMT
Routing: Gi a doanh nghi p ny v ISP s khng ch y b t k dynamic routing protocol no c . Doanh nghi p n thu n ch default route ln ISP v ISP dng static route xu ng h ng doanh nghi p. R0:
R1:
1. NAT Tnh (Static NAT): y l hnh th c NAT th cng, t 1 a ch trong m ng LAN thnh 1 a ch public IP. Cch ny th ng dng NAT cc server trong h th ng m ng nh Web server, FTP server, Mail server Gi s y chng ta c yu c u:
Page 4
Th c t p MMT
NAT tnh cho ip my tnh PC1 172.16.1.3 tr thnh ip 203.162.2.9 i v i m ng bn ngoi. Cu l nh c n dng: ip nat inside source static ip nat inside ip nat outside C th : Di n ra hon ton Router R0. NAT tnh 172.16.1.3 thnh 203.162.2.9 b ng cu l nh IP nat inside source static. Sau ln c ng m ng LAN (fa0/0) g cu l nh ip nat inside; c ng m ng WAN s1/0 g cu l nh ip nat outside.
Ngay l p t c thao tc NAT c ghi nh n. Cu l nh #show ip nat translation
Gi i thch ngha:
Page 5
Th c t p MMT
Inside local address - Usually not an IP address assigned by a RIR or service provider and is most likely an RFC 1918 private address. In the figure, the IP address 192.168.10.10 is assigned to the host PC1 on the inside network. Inside global address - Valid public address that the inside host is given when it exits the NAT router. When traffic from PC1 is destined for the web server at 209.165.201.1, router R2 must translate the address. In this case, IP address 209.165.200.226 is used as the inside global address for PC1. Outside global address - Reachable IP address assigned to a host on the Internet. For example, the web server is reachable at IP address 209.165.201.1. Outside local address - The local IP address assigned to a host on the outside network. In most situations, this address will be identical to the outside global address of that outside device.
C th gi i thch nm na: Inside local: a ch trong m ng LAN tr c khi NAT Inside global: a ch trong m ng LAN sau khi c NAT, tr c khi truy n ra m ng ngoi. Global inside: a ch my tnh bn ngoi tr c khi NAT Global outside: a ch my tnh bn ngoi sau khi NAT. cc d ng NAT trong bi ny, global inside v global outside lun nh nhau, v ta ch nat inside (m ng LAN). Theo cu l nh show bn trn, my tnh 172.16.1.3 tr c khi ra ngoi s c i thnh 203.162.2.9 Ta th ping t my tnh ny ra m ng ngoi:
B t cu l nh debug ip nat v ping l i l n n a, quan st trn router:
Page 6
Th c t p MMT
Khi gi tin i ra ngoi (echo request), source ip = 172.16.X.3 s c chuy n thnh 203.162.2.9 Khi gi tin i vo (echo reply), dest ip = 203.162.2.9 s c chuy n tr l i thnh 172.16.X.3 v a vo m ng LAN. Lc ny, ISP khng h bi t c s t n t i c a network 172.29.X.0/24. T PC bn ngoi (50.50.50.2) cng d dng lin l c vo my tnh trn theo a ch ip 203.162.2.9 Lc ny, ta c 1 nh x 1-1 gi a 172.29.X.3 <-> 203.162.2.9
Lo i NAT ny khng ti t ki m c a ch public IP, v 1 a ch private s tng ng 1 a ch public. 2. NAT ng (Dynamic NAT): NAT tnh ta ph i t thi t l p nh x private <-> public cho t ng c p. Ta c th nh ngha t t c ip private v t t c ip public trn router. Khi 1 gi tin private ip n router, n s t l a 1 a ch public ip cn r nh NAT. C u hnh: Cu l nh ip nat inside v ip nat outside trn fa0/0 v s1/0 v n gi nguyn trong su t bi h c. Cc a ch m ng LAN cho php ra ngoi: b ng access-list Cc a ch public IP dng NAT: cu l nh ip nat pool < a ch u> < a ch cu i> netmask <subnet mask> Cu l nh nat: ip nat inside source list pool
Page 7
Th c t p MMT
V d : Cho php cc my trong LAN 172.16.X.0/24 ra ngoi internet, cc a ch ny s c nat b ng range 203.162.2.10 -> 203.162.2.14 ( a ch 203.162.2.9 dng NAT tnh, m c d ta v n c th dng l i a ch ny).
c i m c a dynamic nat: Khi cha c gi tin i ra, qu trnh NAT cha th c thi. Do b ng NAT cha t n t i cc record m i ny, ch t n t i record static nat b c tr c.
L y my tnh 172.16.1.4 ping ra ngoi:
Page 8
Th c t p MMT
Xem l i b ng NAT: t n t i record ny.
Tuy nhin, cc record NAT ng ch t n t i trong 1 kho ng th i gian ng n, n u khng ti p t c dng s b thu h i c p cho my khc.
Ta c th ch nh th i gian thu h i qua cu l nh:
L y ti p 1 my khc, 2 my ping song song ra m ng ngoi:
Page 9
Th c t p MMT
B ng NAT: Router t ng l y thm a ch 203.162.2.11 cho my 172.16.1.5
C th xem cc th ng k v NAT:
Page 10
Th c t p MMT
NAT ng th ng khng th dng nat cc server v: - Ch khi no c gi tin bn trong i ra m i xu t hi n giao tc, v ch duy tr 1 kho ng th i gian ng n. - Do tnh ch t ng, ta khng bi t private ip address s c nat thnh public ip address no. i u ny hon ton do router quy t nh. Ngoi ra, d ng NAT ny cng cha ti t ki m a ch ip, 1 private <-> 1 public. Khi pool c 5 a ch public, ch c 5 my tnh trong m ng LAN c th ra internet cng lc. 3. NAT overload trn interface: y l d ng NAT dng nhi u nh t m hnh ADSL. Overload y c ngha l khi ni m NAT km theo port. V d : Gi s router dng ip 203.162.2.10 NAT ng d ng trn my 172.16.1.4, s d ng port 10000 (t gi v sau s vi t l 172.16.1.4:10000) khi n Router s c NAT thnh 203.162.2.10:10000 v ra internet. Cung lc , gi tin 172.16.1.5:10001 n router s c NAT thnh 203.162.2.10:10001 ra internet. Khi c gi tin t internet tr v router, router s xem xt Destination port: n u l 203.162.2.10:10000 s chuy n thnh 172.16.1.4:10000 v tr v m ng LAN; n u l 203.162.2.10:10001 s chuy n thnh 172.16.1.5:10001 v tr v m ng LAN. V i cch th c ny, d ch dng 1 a ch public IP router c th NAT c cng lc cho nhi u my khc nhau. Port trong h th ng m ng l s 2 byte : 0 -> 65535 Trong tr ng h p s d ng IP ng (ADSL), ta khng bi t tr c IP c a c ng m ng WAN. Ta s dng t kha interface. Ty vo lc ch y, ip c a c ng WAN c th l bao nhiu s c dng NAT. C u hnh: Tr c h t ta t t tnh nng NAT dynamic b c tr c (config)# no ip nat inside source list 1 pool ADSL Sau c u hnh cu l nh nat overload: Ch t interface v overload.
Page 11
Th c t p MMT
Ping t my 172.16.1.5 v ki m tra: debug:
B ng nat: C thm port c th .
Page 12
Th c t p MMT
4. NAT Overload Pool: Trong cc t ch c l n, 1 a ch dng NAT overload i khi khng ph c v . Do chng ta s NAT overload trn m t POOL. y chng ta s s d ng l i POOL ADSL nh ngha ph n 2. Tr c h t b cu l nh NAT interface b c lm tr c. Sau p cu l nh nat pool v km theo t kha Overload.
Ping t nhi u my ra ngoi:
B ng NAT:
Page 13
Th c t p MMT
5. Static NAT + Port: Nh chng ta ni, static NAT l lo i NAT duy nh t ph h p cho vi c NAT cc server nh web, ftp, mail Tuy nhin, n u chng ta c 10 servers, v i hnh th c static nat truy n th ng s c n n 10 public ip addresses -> Qu lng ph. Ta c th k t h p NAT tnh nhng ch theo 1 port c th . Do , cng 1 a ch public IP c th NAT cho nhi u servers, d a theo s port khc nhau. V d , tftp (udp: 69) n m my tnh 172.16.1.2 (my tnh th t); d ch v ftp (tcp: 20,21) n m trn my tnh 172.16.1.10. Ta c th NAT 2 servers ny thnh cng a ch IP 203.162.2.9 C u hnh: Tr c h t b cu l nh static nat c u hnh m c 1. Sau g cu l nh static nat k t h p port.
B ng NAT: Khoa CNTT B mn MMT VT Page 14
Th c t p MMT
Ki m tra: Copy c u hnh c a router R1 (m ng ngoi) vo tftp server trn my 172.16.1.2. Do ta ch NAT udp 172.16.1.2:69 thnh 203.162.2.9:69, nn t R1 ping a ch 203.162.2.9 khng c (ta khng nat giao th c ICMP).
Tuy nhin, truy xu t tftp v n thnh cng:
Page 15
Th c t p MMT
Debug trn R0:
Khi c cc server khc, ta c th dng cng ip 203.162.2.9 ny NAT. Khuy t y u: Khng th ki m tra s lin thng v i server b ng cu l nh ping. u i m: Ti t ki m a ch IP t i a. H T
Page 16
Th c t p M ng My Tnh
IPSEC VPN
Trong k thu t ngy nay c kh nhi u lo i VPN khc nhau, m t trong nh ng lo i VPN k t h p s n trong thi t b cisco l IPSEC VPN. y l VPN layer 3, s m ha t t c d li u t layer 3 tr ln. Trong ph m vi bi h c ny, chng ta s tm hi u VPN d ng site-to-site, k t n i 2 m ng LAN v i nhau.
1/ Cc c i m c a IPSEC VPN:
IPSec ni ring hay VPN ni chung cung c p cho chng ta nh ng l i ch: Data confidentiality Data integrity Data origin authentication Anti-replay Ba thnh ph n chnh c a IPSEC: - Internet Key Exchange (IKE) - Encapsulating Security Payload (ESP) - Authentication Header (AH) IKE l m t framework tr gip cho vi c trao i cc tham s security, thng qua IKE cc tham s nh lo i m ha, chi u di kha, thu t ton hashing no c s d ng s c th ng nh t gi a 2 u k t n i. AH: Cung c p framework b o m cho vi c b o m tnh ton v n d li u (data integrity) v anti replay. AH khng cung c p kh nng m ha d li u. AH ch m b o d li u khi n tay ng i nh n l d li u nguyn g c, khng b thay i trn ng truy n. AH th c hi n i u ny b ng c ch hash, ton b d li u c a qua hm hash t o thnh AH header. Khi d li u b thay i th AH header s khng cn ng, ng i nh n u bn kia s nh n bi t c s thay i ny.
Page 1
ESP: Cung c p c ch m ha d li u trn ng truy n. Ngy nay, ESP c th m nh n c vai tr b o m data integrity. Do , nhi u m ng VPN khng s d ng AH m m i cng vi c d n cho ESP th c hi n. Hai c ch truy n d li u c a VPN: Transport Tunnel (m c nh) In transport mode, security is provided for the upper protocol layers, transport layer and above only. Transport mode protects the payload of the packet but leaves the original IP address in the clear. The original IP address is used to route the packet through the Internet. ESP transport mode is used between hosts. Tunnel mode provides security for the whole original IP packet. The original IP packet is encrypted. Next, the encrypted packet is encapsulated in another IP packet. The outside IP address is used to route the packet through the internet. Tunnel mode: Ton b gi tin IP ban u c b c bn trong m t IP header v cc IPSec header khc. C th xem gi tin IP ban u l ph n data c a gi tin m i. Transport mode: Thng tin IP header c b o ton, cc thng tin header c a IPSec c chn thm vo gi tin. Xem hnh minh h a bn d i:
Page 2
Page 3
Khi dng transport mode, cc thng tin c a IP header ban u khng c thay i. Do h u nh khng th dng k t h p transport mode v cc giao th c nh NAT. 2/Cc giao th c ch ng th c ng i dng: Hi n t i IPSEC h tr cc giao th c ch ng th c ng i dng sau:
Page 4
Trong bi ny, chng ta s s d ng d ng pre-shared key.
3/Qu trnh thi t l p k t n i IPSEC:

C th xem qu trnh thi t l p k t n i IPSEC l m t qu trnh an ton 2 l p. u tin IKE s thi t lp m t knh truy n an ton, sau cc thng s c a IPSEC c trao i trn knh truy n an ton ny. Sau khi 2 bn th ng nh t v i nhau cc thng s IPSEC, tunnel VPN m i chnh th c c thnh l p. Qu trnh trao i cc thng s IPSEC (t m g i l SA Security Association) thng qua IKE l i bao g m 2 giai o n con. Phase 1: IKE phase 1 cng s t trao i m t s thng s b o m t nh: ch ng th c pha i di n, trao i kha, sau s t o nn 1 knh truy n an ton. Knh truy n ny khng tr c ti p dng truy n d li u m ch c dng trao i cc thng s c a IPSEC. D li u sau cng m i c truy n trn k t n i IPSEC c t o ra ny. Khoa CNTT B mn MMT VT Page 5
Trong phase 1, cc bn trao i v ki u m ha d li u, thu t ton bm ( b o m ton v n thng tin), ki u ch ng th c, ki u trao i kha (Diffie Hellman 1 ho c 2). Sau khi trao i thnh cng cc thng s , knh truy n an ton IKE c thi t l p. IKE c chuy n sang phase 2. Cc thng s c trao i phase 1.
Phase 2: Khi phase 1 thnh cng, 1 knh truy n tng i an ton c thi t l p. Phase 2 c a IKE s trao i cc thng s dng trong IPSEC nh thu t ton bm c a AH, thu t ton m ha c a ESP trn knh truy n ny. D a trn cc thng s ny, knh truy n IPSEC c thi t l p v cu i cng d li u c truy n trn tunnel IPSEC ny. Ta c th ch nh th i gian s ng c a cc thng s IPSEC (Security Associations SA) ny, khi h t chu k s ng 2 u l i s d ng IKE trao i cc thng s m i v hnh thnh 1 k t n i IPSEC m i thay th cho k t n i c. B n thn cc thng s c a giao th c IKE cng c chu trnh s ng c a n (xem hnh trn). Qu trnh thi t l p k t n i IPSEC s c chia lm 5 b c:
Trong , b c 1 nh ngha cc interesting traffic ngha l cc gi tin no s c php i qua tunnel VPN, gi tn no s khng c php. V VPN l m t ki u k t n i ph c t p, i h i tnh ton nhi u nn khng ph i b t k gi tin no cng s d ng VPN.
4/C u hnh:
Khoa CNTT B mn MMT VT Page 6
Thi t l p s nh hnh sau:
C u hnh cho cc router h c ng m ng WAN c a nhau, khng h c ng m ng LAN. Router 1 s khng bi t s t n t i c a 2 ng m ng LAN 192.168.1.0/24 v 192.168.2.0/24 C u hnh static route R0 bi t ng i n m ng LAN 192.168.2.0/24 v ng c l i R2 bi t ng i n m ng LAN 192.168.1.0/24 Bng nh tuy n: R0:
Page 7
R1:
R2:
C u hnh access-list, nh ngha interesting traffic c cho php qua VPN: R0 cho php cc my tnh m ng LAN 192.168.1.0/24 i n m ng LAN 192.168.2.0/24 qua VPN
Page 8
R2: tng t cho R2
C u hnh IKE cho R0 v R2: S d ng cu l nh isakmp policy <policy_id> C u hnh c th : (isakmp = Internet Security Association and Key Management Protocol) R2: R0: R2(config)# crypto isakmp policy 20 R0(config)#crypto isakmp policy 10 Encryption des Encryption des //c th ch n lo i khc Authentication pre-shared Authentication pre-shared Group 1 Group 1 Lifetime 3600 Lifetime 3600 Exit Exit R2(config)#crypto isakmp key 0 cisco R0(config)# crypto isakmp key 0 cisco address 203.162.1.1 address 203.162.1.6
u tin ta quy nh ki u m ha 2 bn dng chung (DES), ki u ch ng th c l preshare, c ch trao i kha s d ng Diffie Hellman Group 1. Sau c u hnh pre shared key l cisco cho c 2 bn. Khoa CNTT B mn MMT VT Page 9
Hai routers c th nh ngha r t nhi u isakmp policy, cc routers s duy t v l a ra m t b ph h p gi a hai bn. Th t u tin duy t theo policy id tng d n. Do , th ng ng i ta c u hnh cc policy an ton cao c id th p, cc policy c an ton th p l y s id cao hn. V d :
MATCH
Sau b c ny, knh truy n IKE thi t l p. Ta quy nh cc thng s c a IPSEC. Cc thng s ny s c trao i trn knh truy n v a t o:
Page 10
u tin ta nh ngha cc thng s c a IPSEC thng qua cu l nh transform-set Tn transform-set l myset, ki u m ha c a esp l 3des, ki u hashing l md5, khng dng AH. C r t nhi u thng s l a ch n
y ta
Sau s d ng cu l nh crypto map ch nh transform set ny s dng cho peer no: - set peer: router R2, u i di n - set transform set: cc thng s security v a nh ngha - set pfs: Dng c ch trao i kha Diffie Hellman Group 1 - match address: cc gi tin c i qua VPN nh ngha trong access-list 100 Cu i cng map vo c ng s1/0 l c ng t o k t n i VPN:
Page 11
Tng t cho R2:
Page 12
Nh v y, k t n i VPN nh ngha xong. Ta c th ping t ng m ng LAN 192.168.1.0/24 sang m ng LAN 192.168.2.0/24 kch ho t k t n i ny.
Page 13
Page 14
Xem cc policy: c th khc trong hnh
Page 15
Ki m tra tnh ch t VPN:

Ta th y r rng R1 gi a ng i khng h bi t s t n t i c a 2 m ng LAN Tuy nhin 2 m ng LAN v n lin h c v i nhau thng qua VPN, tnh ch t Virtual v Private th hi n i m ny. C u hnh cho php cc thi t b khc telnet n R0. B t cc gi tin telnet:
Telnet t R1, khng qua VPN:
Page 16
Telnet t PC th t, thng qua VPN:
Page 17
Cc gi tin b t c: T R1 telnet n: th hi n r n i dung
T PC th t: Khng th c c, th m ch n i dung bn trong chng ta cng khng th bi t thu c giao th c no v b m ha b i ESP.
Page 18
H T
Page 19

10 Bai TH

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

10 Bai TH

Uploaded by

Copyright:

Available Formats

Bi h ng d n Th c T p MMT H ng d n s d ng chng trnh Dynamips/ Dynagen

K t n i gi a router o v m ng th t. Tr c tin, s d ng tool Network device list

#Ket n i c ng fa1/0 ra m ng th t. Sau khi hon t t, ta lu l i file v i tn lab.net Ch y server dynamips tr c

Sau double click vo file lab.net chng trnh dynagen kh i ng.

G console R0 b t u c u hnh thi t b R0

Ta c th dng cu l nh clock rate ch nh t c ho t ng c a c ng ny.

T c tnh b ng bps. Ta c th c u hnh cho thi t b ho t ng

G cu l nh no shut kch ho t c ng, m c nh c ng

H ng d n mn Th c T p M ng Tu n 1 Tu n 1: Lm quen v i cc thao tc c b n trn Router v Switch

Con nh c rommon cho chng ta bi t router ang

Qu trnh copy thnh cng:

Sau khi load thnh cng, ta c th restart thi t b .

Thi t b s n p IOS t TFTP

Hon t t, restart thi t b .

Xem b ng nh tuy n c a Router0 v Router1: C a R0:

Khoa CNTT B mn MMT VT

Khoa CNTT B mn MMT VT

Khoa CNTT B mn MMT VT

Xem b ng nh tuy n c a R0 v R1:

Khoa CNTT B mn MMT VT

Cng thc: Khoa CNTT B Mn MMT&VT. Page 1

Khoa CNTT B Mn MMT&VT.

Khoa CNTT B Mn MMT&VT.

R1: S dng wildcard mask:

R2: Khng routing cho ng 172.29.17.0/24

Khoa CNTT B Mn MMT&VT.

Xem bng nh tuyn ca R1.

Khoa CNTT B Mn MMT&VT.

S0/1 tc 128 Kbps

Khoa CNTT B Mn MMT&VT.

Khi mun Router0 i c 2 con ng, ta dng lnh variance.

Khoa CNTT B Mn MMT&VT.

Yu cu: Tm hiu ngha cc cu lnh: Khoa CNTT B Mn MMT&VT. Page 10

Khoa CNTT B Mn MMT&VT.

Khoa CNTT B Mn MMT&VT.

Khoa CNTT B Mn MMT&VT.

OSPF Routing Protocol

3. Qu trnh b u ch n DR v BDR trn m ng broad cast:

4. Xem xt cc b ng nh tuy n: B ng nh tuy n R0

T n t i nh ng ng h c b ng RIP v OSPF song song v i nhau.

5. Redistribute gi a RIP v OSPF: Trn R4 s th c hi n vi c redistribute a) Redistribute ng OSPF vo RIP:

B ng nh tuy n R5: h c cc ng qua RIP.

b) Redistribute RIP vo OSPF:

Cc ng 100.100.0.0, 100.100.1.0 , c h c d i d ng OSPF external type ( c redistribute t RIP).

Tuy nhin, do qu trnh b u ch n ch m d t, ta ph i reset l i ospf trn c 3 routers cng lc kh i ng l i qu trnh b u ch n.

Sau khi hon t t, R1 c priority l 10 nn tr thnh DR:

Sau cng ph i reset l i OSPF process thay i c tc d ng. H T

Khoa CNTT B Mn MMT

3. Tnh nng VLAN trn cc Switch:

Khoa CNTT B Mn MMT

Khoa CNTT B Mn MMT

t cho SW2 v ping ki m tra:

Khoa CNTT B Mn MMT

Xem l i thng tin VLAN:

Khoa CNTT B Mn MMT

Khoa CNTT B Mn MMT

Khoa CNTT B Mn MMT

Khoa CNTT B Mn MMT

t a ch ip cho c ng fa0/0 c a Router0, Router0 n i v i SW0 qua c ng fa0/3 nn v n thu c VLAN1.

Do Router0 v PC1 v n th y nhau:

SW1: port fa0/1

VLAN 20 v port fa0/1

Khoa CNTT B Mn MMT