Phn 1. Routing - nh Tuyn (Cc giao thc phc tp) OSPF.

Note: Tt c nhng router c cng area phi cu hnh ging nhau tt c cc thng s th khu vc mi hot ng ng chc nng c. 1. Cu hnh c bn Router(config)#router ospf process ID Router(config-router)#network Network_number Wildcard_mask area_ID 2. Cu hnh priority cc interface bu DR v BDR Priority cng ln th kh nng c bu lm DR cng cao, ngc vi bu Root brige ca Switch, cng nh th li cng c bu. Router(config)#interface fastethernet 0/0 Router(config-int)#ip ospf priority 55 Sau khi cu hnh xong priority c th kim tra bng lnh. Router# show ip ospf interface f0/0 3. Chnh sa li OSPF cost metric trong mi interface Cost cng nh th tuyn cng c coi l best path Router(config-int)#ip ospf cost 1 4.Cu hnh OSPF Authentication cc interface v p dng vo router Authentication key c hiu nh l password cc router trong cng mt vng chia s vi nhau. a.Cu hnh authentication n gin Router(config-if)#ip ospf authentication-key password Router(config-router)#area area number authentication b.Cu hnh authentication theo dng m ho, bo mt cao. Router(config-if)ip ospf message-digest-key key ID md5 encryption-type key Router(config-router)#area area ID authentication message-digest 5.Cu hnh OSPF timer trong cc interface

Router(config-if)ip ospf hello-interval timer Router(config-if)ip ospf dead-interval timer 6.Cu hnh qung b mt tuyn mc nh trong OSPF Router(config-router)#default-information originate 7.Qung b mt tuyn khc (khng phi l default) Router(config-router)#redistribute protocols subnets 8.Cc lnh show dng kim tra cu hnh OSPF show ip protocol show ip route show ip ospf show ip ospf interface show ip ospf database show ip ospf neighbor detail clear ip route * debug ip ospf events debug ip ospf adj EIGRP 1.Cu hnh c bn. Router(config)#router eigrp autonomous number Router(config-router)#network network number Router(config-router)#eigpr log-neighbor-changes (Khng c cng c) Router(config-router)#no auto-summary 2.Thay i bng thng v t tng hp tuyn trong interface Router(config-if)#bandwidth kilobits Router(config-if)#ip summary-address protocol AS network number subnets mask 3.Cn bng ti trong EIGRP Router(config-router)#variance number 4.Qung b default route Cch 1: Router(config)#ip route 0.0.0.0 0.0.0.0 [interface/nexthop] Router(config)#redistribute static

Cch 2: Router(config)#ip default-network network number Cch 3: Router(config-if)#ip summary-network eigrp AS number 0.0.0.0 0.0.0.0 5.Qung b cc tuyn khc trong EIGRP (khng phi l default) Router(config-router)#redistribute protocol process ID metrics k1 k2 k3 k4 k5 Ex: Router(config-router)#redistribute ospf metrics 100 100 100 100 100 6.Chia s traffic trong EIGRP Router(config-router)#traffic share {balanced/min} 7.Cc lnh kim tra cu hnh EIGRP <!--[if !supLists]-->- <!--[endif]-->show ip eigrp neighbor <!--[if !supLists]-->- <!--[endif]-->show ip eigrp interface <!--[if !supLists]-->- <!--[endif]-->show ip eigrp topology <!--[if !supLists]-->- <!--[endif]-->show ip eigrp traffic <!--[if !supLists]-->- <!--[endif]-->debug eigrp fsm <!--[if !supLists]-->- <!--[endif]-->debug eigrp packet Phn 2. Switching - Chuyn mch 1.Cu hnh c bn chung cho mt Switch Reset tt c cu hnh ca Switch v reload li. Switch#delete flash:vlan.dat Switch#erase startup-config Switch#reload 2.Cu hnh v Security v management Switch(config)#hostname tn switch Switch(config)#line console 0 Switch(config-line)#password mt khu Switch(config-line)#login Switch(config)#line vty 0 4 Switch(config-line)#pass mt khu Switch(config-line)#login 3.Thit lp a ch IP v default gateway cho Switch

Switch(config)#interface vlan1 Switch(config-int)#ip address a ch subnetmask Switch(config)#ip default-gateway a ch 4.Thit lp tc v duplex ca cng Switch(config-int)#speed tc Switch(config-int)#duplex full 5.Thit lp dch v HTTP v cng Switch(config)#ip http server Switch(config)#ip http port 80 6.Thit lp, qun l a ch MAC Switch(config)#mac-address-table static a ch MAC interface fastethernet s vlan Switch#show mac-address-table Switch#clear mac-address-table 7.Cu hnh bo mt cho cng Switch(config-if)#switchport mode acess Switch(config-if)#switchport port-security Cu hnh Static: Switch(config-if)#switchport port-security mac-address a ch Mac Cu hnh Sticky: Switch(config-if)#switchport port-security mac-address sticky (thng dng nht) Switch(config-if)#switchport port-security maximum value Switch(config-if)#switchport port-security violation shutdown 8.To Vlan Cch 1. Switch#vlan database Switch(vlan)#vlan number Cch 2. Khi gn cc cng vo vlan, d vlan cha tn ti nhng Switch vn t to. Switch(config)#interface fastethernet 0/0 Switch(config-int)#switchport access vlan vlan-id

Mun xo vlan ta lm nh sau: Switch(config-if)#no switchport access vlan vlan-id Switch#clear vlan vlan_number (xo ton b vlan ) 9.Gn nhiu cng vo trong vlan cng mt lc, cu hnh Range i vi dy cng khng lin tc. Switch(config)#interface range cng 1 , cng 2 , cng 3 i vi mt dy lin tc. Switch(config)#interface range cng 1-n Switch(config-range)#switchport access vlan vlan-id V d: Switch(config)#interface range f0/0 , f0/2 , f0/4 Switch(config)#interface range f0/0-10 Switch(config-range)#switchport access vlan 10 10.Cu hnh Trunk Switch(config-if)#switchport mode trunk Switch(config-if)#switchpor trunk encapsulation encapsulation-type Switch#show trunk 11.Cu hnh VTP Switch#vlan database Switch(vlan)#vtp v2-mode Switch(vlan)#vtp domain tn domain Switch(vlan)#vtp {server/client/transperant} Switch(vlan)#vtp password password (To pass cho domain) Switch#show vtp status 12.Cu hnh Inter-Vlan trn Router Router(config)#interface fastethernet 0/0.1 Router(config-subif)#encapsulation type Router(config-subif)#ip address a ch subnetmask Phn 3. Access-list v cc cu hnh lin quan. 1.Nhc li v l thuyt. C 2 loi access-list.

<!--[if !supLists]-->- <!--[endif]-->Loi th nht: Standard IP Access-list ch lc d liu da vo a ch IP ngun. Range ca loi ny l t 1 99. Nn c p dng vi cng gn ch nht. <!--[if !supLists]-->- <!--[endif]-->Loi th hai: Extended IP Access-list lc d liu da vo <!--[if !supLists]-->o <!--[endif]-->a ch IP ngun <!--[if !supLists]-->o <!--[endif]-->a ch IP ch <!--[if !supLists]-->o <!--[endif]-->Giao thc (TCP, UDP) <!--[if !supLists]-->o <!--[endif]-->S cng (HTTP, Telnet) <!--[if !supLists]-->o <!--[endif]-->V cc thng s khc nh Windcard mask Range ca loi ny l t 100 199. Nn c p dng vi cng gn ngun nht. Hai bc cu hnh Access-list <!--[if !supLists]-->- <!--[endif]-->Bc 1: To access-list trong ch cu hnh config. <!--[if !supLists]-->- <!--[endif]-->Bc 2: p dng access-list cho tng cng tu theo yu cu ch cu hnh (config-if) Lu : <!--[if !supLists]-->- <!--[endif]-->Mc nh ca tt c Access-list l deny all, v vy trong tt c cc access-list ti thiu phi c 1 lnh permit. Nu trong access-list c c permit v deny th nn cc dng lnh permit bn trn. <!--[if !supLists]-->- <!--[endif]-->V hng ca access-list (In/Out) khi p dng vo cng c th hiu n gin l: In l t host, Out l ti host hay In vo trong Router, cn Out l ra khi Router. <!--[if !supLists]-->- <!--[endif]-->i vi IN router kim tra gi tin trc khi n c a ti bng x l. i vi OUT, router kim tra gi tin sau khi n vo bng x l. <!--[if !supLists]-->- <!--[endif]-->Windcard mask c tnh bng cng thc: WM = 255.255.255.255 Subnet mask (p dng cho c Classful v Classless addreess) <!--[if !supLists]-->- <!--[endif]-->0.0.0.0 255.255.255.255 = any. <!--[if !supLists]-->- <!--[endif]-->Ip address 0.0.0.0 = host ip address (ch nh tng host mt ) 2.Cu hnh Standard Access-list (V d) Router(config)#access-list 1 deny 172.16.0.0 0.0.255.255 Router(config)#access-list 1 permit any Router(config)#interface fastethernet 0/0 Router(config-in)#ip access-group in 3.Cu hnh Extended Access-list (V d) Router(config)#access-list 101 deny tcp 172.16.0.0 0.0.255.255 host 192.168.1.1 eq telnet Router(config)#access-list 101 deny tcp 172.16.0.0 0.0.255.255 host 192.168.1.2 eq ftp Router(config)#access-list 101 permit any any

Router(config)#interface fastethernet 0/0 Router(config-int)#ip access-group out 4.Cu hnh named ACL thay cho cc s hiu. Router(config)#ip access-list extended server-access (tn ca access-list) Router(config-ext-nacl)#permit tcp any host 192.168.1.3 eq telnet Router(config)#interface fastethernet 0/0 Router(config-int)#ip access-group server-access out 5.Permit hoc Deny Telnet s dng Standard Acl (V d) Router(config)#access-list 2 permit 172.16.0.0 0.0.255.255 Router(config)#access-list 2 deny any Router(config)#line vty 0 4 Router(config-line)#password cisco Router(config-line)#login Router(config-line)#ip access-class 2 in 6.Xo v kim tra Access-list Mun xo th ta dng lnh sau: Router(config)# no ip access-list s hiu Kim tra Acl ta dng cc lnh sau: <!--[if !supLists]-->- <!--[endif]-->show access-list <!--[if !supLists]-->- <!--[endif]-->show running-config <!--[if !supLists]-->- <!--[endif]-->show ip interface Phn 4. NAT PPP Frame Relay I.Cu hnh NAT

Cu hnh Static NAT

Cu hnh NAT trong ch Router(config). Cc lnh nh sau Router(config)#ip nat inside source static [inside local address] [inside global address] V d: R(config)#ip nat inside source statice 10.0.0.1 202.103.2.1 (a ch 10.10.0.1 s c chuyn thnh 202.103.2.1 khi i ra khi Router) Sau khi cu hnh xong phi p dng vo cng in v cng out, trong v d di y, cng Ethernet l cng in, cn cng Serial l cng out Router(config)#interface ethernet 0

Router(config-if)#ip nat inside Router(config)#interface serial 0 Router(config-if)#ip nat outside

Cu hnh Dynamic NAT

Router(config)#ip nat pool [ tn pool] [A.B.C.D A1.B1.C1.D1] netmask [mt n] Router(config)#ip nat inside source list [s hiu ACL] pool [tn pool] Router(config)#access-list [s hiu ACL] permit A.B.C.D windcard masks V d: R(config)#ip nat pool nat-pool1 179.9.8.80 179.9.8.95 netmask 255.255.255.0 R(config)#ip nat inside source list 1 pool nat-pool1 R(config)#access-list 1 permit 10.1.0.0 0.0.0.255 Sau p vo cng In v Out nh Static NAT Note: Gii a ch inside local address v inside global address phi nm trong gii cho php ca ACL

Cu hnh PAT overload

o

Cu hnh overload vi 1 a ch IP c th.

Router(config)#ip nat pool [tn pool] [ip global inside] [subnet mask] Router(config)#ip nat inside source list [tn s hiu ACL] pool [tn pool] overload Router(config)#access-list [s hiu] permit [a ch] [windcard mask] V d: R(config)#access-list 2 permit 10.0.0.0 0.0.0.255 R(config)#ip nat pool nat-pool2 179.9.8.20 255.255.255.240 R(config)#ip nat inside source list 2 nat-pool2 overload
o

Cu hnh overload dng a ch ca cng ra.(Thng xuyn c dung hn l trng hp trn)

Router(config)#ip nat inside source list [tn s hiu ACL] interface [cng ra] overload Router(config)#access-list [s hiu] permit [a ch] [windcard mask] V d: R(config)#ip nat inside source list 3 interface serial 0 overload R(config)#access-list 3 permit 10.0.0.0 0.0.0.255

Cc lnh Clear NAT/PAT

Lnh xa tt c dynamic nat trn ton b cc interface. Router#clear ip nat translation * Lnh xa cc single nat trn tng interface Router#clear ip nat translation [inside/outside] [global ip - local ip] Lnh xa cc extended nat trn tng interface Router#clear ip nat translation protocol [inside/outside] [global ip - global port local ip local port]

Kim tra v Debug cc NAT v PAT

Router#show ip nat translation Router#show ip nat statics Router#debug ip nat

Cu hnh DHCP

Router(config)#ip dhcp excluded-address ip-address (end-ip-address) Router(config)#ip dhcp pool [tn pool] Router(dhcp-config)#network addess subnetmask Router(dhcp-config)#default-router address Router(dhcp-config)#dns-server address Router(dhcp-config)#netbios-name-server address Router(dhcp-config)#domain-name tn domain Router(dhcp-config)#lease ngy/gi/pht

Kim tra v troubleshoot cu hnh DHCP

Router#show ip dhcp binding Router#debug ip dhcp server events

Trong trng hp DHCP server khng nm cng mng vi host

Note: khi DHCP server khng cng mng vi host th ta phi dng lnh ip helperaddress gip host n DHCP server. Router(config)#interface [cng nm cng mng vi host] Router(config-if)#ip helper-address [a ch ca DHCP server] Note: Trong trng hp mun gi tin ca host c broadcast mng cha DHCP th ta dng thm lnh ip directed-broadcast cng cng mng vi DHCP server Router(config)#interface [cng nm cng mng vi dhcp]

Router(config-)#ip directed-broadcast II. Cu hnh PPP 1. Cu hnh c bn: R(config)#interface serial 0/0 R(config-if)#encapsulation ppp 2. Cu hnh PAP Cu hnh PAP khng yu cu hai Router ging nhau v password nhng CHAP th phi c. (Cu hnh trn RA) R(config)#host RA RA(config)#username RB password 321 RA(config-if)#encapsulation ppp RA(config-if)#ppp authentication pap RA(config-if)#ppp pap sent-username RA password 123 (Cu hnh trn RB) R(config)#host RB RB(config)#username RA password 123 RB(config-if)#encapsulation ppp RB(config-if)#ppp authentication pap RB(config-if)#ppp pap sent-username RB password 321 3. Cu hnh CHAP. (yu cu phi ging nhau v password) (Cu hnh trn RA) R(config)#host RA RA(config)#username RB password 123 RA(config-if)encapsulation ppp RA(config-if)ppp authentication chap (Cu hnh trn RB) R(config)#host RB RB(config)#username RA password 123 RB(config-if)encapsulation ppp RB(config-if)ppp authentication chap 4. Cc cu hnh khc ca PPP

<!--[if !supLists]-->a. <!--[endif]-->Cu hnh Multilink R(config-if)#encapsulation ppp R(config-if)#ppp multilink <!--[if !supLists]-->b. <!--[endif]-->Cu hnh Compression R(config-if)#encapsulation ppp R(config-if)#compress [predictor/stac/mppc] <!--[if !supLists]-->c. <!--[endif]-->Cu hnh Error detection R(config-if)#encapsulation ppp R(config-if)#ppp quality [phn trm] 5. Cc lnh kim tra cu hnh PPP R#show interface (xem encapsulation) R#debug ppp negotiation (Xem qu trnh kt ni gia 2 node) R#debug ppp authentication (Xem qu trnh xc thc gia 2 node) III. Cu hnh Frame-Relay <!--[if !supLists]-->1. <!--[endif]-->Cu hnh n gin R(config-if)#encapsulation frame-relay {ciso| ietf} (mc nh l cisco) Khi lnh ny c thc thi, DLCI s c Inverse ARP t ng map, ngi dng khng cn phi lm g c. * Nhng Inverse ARP khng lm vic vi cc kt ni Hub-and-Spoke <!--[if !supLists]-->2. <!--[endif]-->Cu hnh Frame-relay static map R(config-if)#encapsulation frame-relay R(config-if)#frame-relay map ip remoteip-address local-dlci [broadcast] [cisco| ietf] (ip address trong dng lnh trn ch ly lm minh ha bi n rt ph bin, chnh xc phi l remoteprotocoladdress) Broadcast trong cu lnh trn c 2 chc nng: <!--[if !supLists]--> <!--[endif]-->Forward broadcast khi multicast khng c khi ng. <!--[if !supLists]--> <!--[endif]-->n gin ha cu hnh OSPF cho mng nonbroadcast s dng FRelay. V d:

R(config-if)#encapsulation frame-relay R(config-if)#frame-relay map ip 192.168.2.1 100 broadcast <!--[if !supLists]-->3. <!--[endif]-->Cu hnh FR trong mng None Broadcast MutiAccess <!--[if !supLists]-->- <!--[endif]-->Trong mng Broadcast khi 1 my tnh truyn frame tt c cc node lng nghe frame nhng ch c node cn nhn mi nhn c. <!--[if !supLists]-->- <!--[endif]-->Trong mng None Broadcast khi 1 my tnh truyn frame th ch c node cn nhn mi lng nghe v nhn c frame , cc node cn li th khng. Frame c truyn qua 1 virtual Circuit hoc 1 thit b chuyn mch. <!--[if !supLists]-->- <!--[endif]-->Star topology c th c coi nh l 1 mng Hub and Spoke. <!--[if !supLists]-->4. <!--[endif]-->Gii quyt vn vi Routing Updates m khng disable Split Horizal Gii php dng Sub-interface R(config)#interface s0/0 R(config-if)#encapsulation frame-relay R(config-if)interface s0/0.1 [multipoint| point-to-point] <!--[if !supLists]-->- <!--[endif]-->point-to-point: Mi subinterface c subnet ring ca mnh. Broadcast v Split horizol khng l vn . <!--[if !supLists]-->- <!--[endif]-->Multi-point: Tt c cc subinterface lin quan phi cng chung 1 subnet v nh vy Broadcast v Split horizol s c vn . V d: (Point-to-point) R(config)#interface s0/0 R(config-if)#encapsulation frame-relay R(config-if)#interface s0/0.1 point-to-point R(config-subif)#frame-relay interface-dlci 18 (Multipoint) R(config)#interface s0/0 R(config-if)#encapsulation frame-relay R(config-if)#interface s0/0.2 multipoint R(config-subif)#frame-relay interface-dlci 19 R(config-subif)#frame-relay interface-dlci 20 <!--[if !supLists]-->5. <!--[endif]-->Cu hnh trn Frame-relay Switching (v d) R(config)#frame-relay switching

R(config)#interface s0/0 R(config-if)#encapsulation frame-relay R(config-if)#frame-relay intf-type dce R(config-if)#frame-relay route 103interface serial 0/1 301