Bi 1:

Frame relay
Frame relay vn l cng ngh WAN c trin khai nhiu nht c dng router. c mt s chuyn i dn dn t FR sang cc cng ngh nh VPN da trn nn IP v MPLS-VPN. Tuy nhin Frame relay s vn ng mt vai tr ln trong cc mng doanh nghip trong mt tng lai trc mt. Chun FR c pht trin bi nhiu nhm nghin cu. Ban u, Cisco v cc cng ty khc (cn c gi l gang of four) pht trin mt chun gip cho tnh tng thch ca FR v pht trin sn phm. Sau mt din n v Frame relay Framerelay Forum c thnh lp nhm pht trin FR. IETF hin nh ngha vi RFC lin quan n vic dng FR nh l giao thc lp 2 trong mng IP. Ti liu Cisco IOS thng m t cc chun ca FR thng qua cc tho hip hin thc FRF, v d FRF.12 lin quan n c t cho tin trnh phn mnh. Cui cng, ANSI v ITU xy dng trn cc chun ny chun ha FR theo chun quc gia ca M v quc t. Cc mch o ca Frame Relay: Cng ngh Frame Relay thng chuyn cc frame t ngun n ch trn nhng ng dn kt ni o. Cc ng i o ny c th l cc mch o thng trc (permanent virtual circuits - PVCs) hoc cc mch o chuyn mch (switched virtual circuits - SVCs). Mt PVC thng c thit lp bi cc nh cung cp dch v khi h lp trnh cc tng i Frame Relay Switch. Ty thuc vo tho thun vi nh cung cp, mt khch hng hoc mt PVC ca ngi dng c th c cu hnh mang lu lng n mt tc no c gi l tc thng tin cam kt (committed information rate - CIR). CIR l tc truyn m mng Frame Relay hoc nh cung cp ng truyn trong tnh trng bnh thng, y cng l tc trung bnh trong mt khong thi gian no . n v ca CIR l bits trn giy. Mi kt ni PVC cui mi thit b u cui c xc nh bng mt a ch c chiu di 10 bit trong phn header u ca frame, cn c gi l DLCI. DLCI thng c dng nh x n a ch lp mng ca ch n, tc a ch ca router u xa ca mch PVC. Sau d liu cn c truyn trn h tng Frame relay s c ng gi trong cc header ny. Mi header trong Frame Relay c chn vo gi tr DLCI tng ng n a ch lp mng ca ch n. Cc frame sau s c gi n tng i vi gi tr DLCI ban u. Cc frame ny tip tc c trung chuyn v pha mng ch

thng qua cc tng i ca cc nh cung cp dch v FR. Cc tng i FR c th thay i gi tr DLCI sang cc PVC khc trn ng i v ch. Kt qu l, gi tr DLCI ca mt frame khng nht thit phi l ging nh gi tr ban u khi frame i vo mng Frame Relay. V vy, gi tr DLCI ch c ngha cc b. Ngoi ra, c hai u ca PVC c th dng cng gi tr DLCI, v d DLCI 200. Tuy nhin, cui mt kt ni, mt DLCI khng th tng trng cho nhiu hn mt PVC. Thng s nhn dng kt ni lp datalink DLCI : kt ni hai thu bao Frame Relay DTE, nh cung cp dch v FR s dng mt mch o gia hai router u cui. Mt router c th gi ra mt frame Frame Relay, trong c mt trng c chiu di 10-bit nhn dng tng VC, gi l Data Link Connection Identifier (DLCI). Cc tng i trung gian FR chuyn cc frame da trn thng tin trn gi tr DLCI ca frame, cho n khi frame thc s thot ra khi tng i n router trn u kia ca kt ni. Cc gi tr FR DLCI ch c ngha cc b, ngha l mt gi tr DLCI no ch c ngha trn mt kt ni n. Kt qu l gi tr DLCI ca mt frame c th thay i khi frame i qua mt mng. Nm bc di y hin th cc gi tr DLCI cc b cho mt mch o trong hnh v.

 Router A gi ra mt frame vi gi tr DLCI 41. Tng i FR xc nh frame l mt phn ca mch VC kt ni router A n routerB. Tng i FR thay th trng DLCI ca frame bng gi tr 40. Trong thc t, mt vi nh cung cp dch v dng a ch DLCI ton cc. Qui c DLCI truyn thng cho php ta suy ngh router c mt a ch n duy nht, cng tng t nh vai tr ca a ch MAC. Tuy nhin cc a ch vn l cc b v mt gi tr DLCI ca mt mch o VC vn c th b thay i gi tr khi n i qua mt h thng mng. V d, cho cng mt VC t routerA n RouterB, ch ra routerA c DLCI l 40 v routerB c DLCI l 41. tng ca a ch ton cc th cng ging nh trong LAN. V d, khi router A gi mt frame n Router B, router A s gi frame n a ch ton cc ca router B (41). Tng t, routerB s gi mt frame n a ch ton cc ca router A (40). Cc thng ip qun l trng thi cng ni b (Local Management Interface LMI) Cc thng ip LMI trong FrameRelay gip ta qun l trng thi ng truyn gia router thu bao v tng i FR. Mt router thu bao dch v FR c th gi cc thng ip truy vn v trng thi n tng i v tng i s tr li bng thng ip trng thi LMI Status thng bo cho router v gi tr DLCI ca mch o VC cng nh l trng thi ca tng mch VC ny. ch mc nh, thng ip LMI c gi mi 10 giy. C mi thng ip th su s mang y thng tin v trng thi, trong bao gm thng tin y hn v tng VC. Cc thng ip truy vn LMI Status enquiry (t router) v Status (t tng i) cng hot ng nh c ch keepalive. Mt router s xem cc cng ca n l b hng nu router khng th nhn thng ip t tng i trong ba chu k (mi chu k l 10 giy). Kt qu l, c ch LMI trong Frame Relay thc s c cho php hoc khng c cho php bng cch dng lnh keepalive/no keepalive trn cng Frame Relay ca router. Ni cch khc, lnh no keepalive s tt cc thng ip LMI. C ba loi thng ip LMI tn ti, ch yu l do c nhiu nh cung cp thit b v cc chun khc nhau pht trin FR. Kiu c nh ngha sm nht, c gi l Cisco LMI th hi khc vi cc kiu ANSI v ITU c nh ngha sau . S khc nhau im: Cisco LMI cho dng cc gi tr DLCI c php, tc dy s DLCI cho php. Cc gi tr DLCI c dng gi thng ip LMI.

Ni mt cch thc t, cc vn ny t quan trng. Mc nh router s t ng d tm loi LMI. Nu cn thit, lnh frame-relay lmi-type c th c dng ch ra kiu LMI c dng trn ng truyn Frame Relay. Bng di y lit k ba kiu LMI, t kha type cng vi vi im so snh lin quan n LMI v cc gi tr DLCI cho php. V d kiu LMI ca Cisco cho php dng cc gi tr DLCI t 16 cho n 1007. Kiu LMI ca ANSI cho php dng DLCI t 16 n 991. Gi tr DLCI c dng bi chnh LMI truyn v nhn cc thng ip cng khc nhau. Cisco LMI dng DLCI 1023, cn ANSI LMI dng DLCI 0.

Frame Relay Headers v qu trnh ng gi FR Router to ra cc frame bng cch dng cc header lin tip khc nhau. Header u tin l ITU Link Access Procedure for Frame-Mode Bearer Services (LAPF). Header LAPF bao gm tt c cc trng c dng bi tng i FR phn phi cc frame trn m my FR, cc trng ny bao gm DLCI, DE, BECN v FECN. Cc trng theo sau phn LAPF s cha cc thng tin quan trng cho cc router thu bao trn u cui ca VC. i vi on header ng gi, c hai ty chn tn ti: Cc loi header do Cisco nh ngha ban u. Header c nh ngha bi IETF trong RFC 2427 (trc y l RFC 1490). Nu ta dng Cisco router cui mi VC, tu chn cisco l ph hp v lm vic tt. Trong khi, ty chn ietf l cn thit trong trng hp dng nhiu sn phm ca cc hng khc nhau. C hai header u c mt trng c tn l protocol h tr nhiu giao thc lp 3 trn mt VC. Trng c dng nhiu nht l trng xc nh giao thc lp mng Network Layer Protocol ID, c m t trong RFC2427. Hnh di y m t cu trc ca header v trailer.

Mi VC mc nh u dng header ca Cisco tr phi c cu hnh dng header kiu IETF. C ba phng thc c dng cu hnh mt VC dng kiu header IETF: Dng lnh encapsulation frame-relay ietf. Lnh ny s thay i trng thi mc nh ca cng sang IETF thay v dng cisco. Dng lnh frame-relay interface-dlci number ietf, b qua trng thi mc nh cho VC ny. Dng lnh frame-relay map dlci.ietf. Lnh ny cng s thay i trng thi mc nh ca VC. V d, trn mt cng c 10 VC, trong c by VC cn phi dng kiu ng gi IETF, cng c th chuyn sang IETF bng lnh encapsulation frame-relay ietf. Sau , lnh frame-relay interface-dlci number cisco c th c dng cho ba VC cn chy theo kiu ng gi Cisco. Cc tn hiu bo nghn DE, BECN v FECN trong Frame Relay Mng FR, cng ging nh cc mng a truy cp khc, c th to ra nghn do vn tc khng ng b. V d mt mng Frame Relay c 20 thu bao vi cc ng 256 kbps v mt vn phng chnh c bng thng mc T1. Nu c 20 site gi cc frame lin tc v vn phng chnh cng mt thi im, ta s c khong 5Mbps d liu cn i ra khi ng T1 1.5Mbps, lm cho hng i ca tng i FRSwitch tng nhanh. Tng t, khi vn phng chnh cn gi d liu n bt k chi nhnh no, router s gi tc T1. iu ny l nguyn nhn tim tng gy nghn u ra, cc hng i cng c th tng nhanh chng bn trong mng FrameRelay. Do , FR cung cp hai phng thc phn ng vi vn nghn. Adaptive Shaping, FECN v BECN chng 16, shaping v policing m t khi nim nh hnh lu lng

theo ch thch ng, trong router s thay i tc nh hnh ty thuc vo mng c nghn hay khng. phn ng vi nghn xy ra trong mng FR, router phi nhn c vi dng thng bo t tng i FRSwitch rng nghn xy ra. V vy phn header ca FR s bao gm cc bit Forward Explicit Congestion Notification (FECN) v bit Backward Explicit Congestion Notification (BECN) bits bo hiu nghn xy ra trn mt VC no . thc hin vic ny, khi mt tng i FRSwitch nhn thy c nghn gy ra bi mt VC, tng i s gn bit FECN trong mt frame ca VC . Tng i cng theo di cc VC ang b nghn sao cho n c th tm ra frame k tip ang c gi trn VC nhng i theo chiu i din nh trong bc 4 ca hnh. Tng i sau s nh du bit BECN trong frame ang truyn theo chiu ngc li ny. Router nhn c frame c bit BECN bit rng mt frame do router gi ra chu tnh trng nghn, v vy router c th gim tc gi d liu ca n xung. Hnh di y m t mt v d ca tin trnh.

Bit FECN c th c gn bi tng i FR nhng khng th c gn bi bt k router no bi v router khng cn truyn tn hiu nghn. V d, nu R1 ngh rng nghn xy ra t tri sang phi, R1 c th ch cn gim tc truyn xung. u kia ca kt ni, R2 l ch n ca frame, v vy n s khng bao gi lu v nghn xy ra cho nhng frame i t tri sang phi. V vy, ch c tng i cn phi thit lp gi tr bit FECN. BECN th c th c gn bi tng i v bi router. Hnh trn m t mt tng i gn gi tr BECN trn frame k tip ca ngi dng. N cng c th gi cc frame kim tra Q.922. ng thi ny gip loi b s cn thit phi ch cho c lu lng ca ngi dng gi trn VC v gn gi tr BECN trn frame . Cui cng, cc router c th c cu hnh xem xt cc frame c bit FECN, phn ng li bng cch gi ra cc frame kim tra Q.922 trn VC vi bit BECN c thit lp. c tnh ny, thnh thong cn c gi l phn hi FECN. Tnh nng ny c cu hnh bng lnh shape fecn-adapt (CB Shaping) hoc lnh traffic-shape fecn-adapt (FRTS).

Bit ch ra kh nng loi b frame DE Khi c nghn xy ra, cc hng i trong tng i FRSwitch bt u lp y. Trong vi trng hp, frame c th b loi b ra khi hng i. Tng i c th (nhng khng yu cu) phi kim tra bit ch ra kh nng loi b ca frame Discard Eligibility (DE) khi frame cn phi b loi b. Tng i FR s ch ng loi b cc frame c bit DE thay v loi b cc frame khng c bit DE. C router v tng i FR c th gn bit DE. Thng thng, mt router s ra quyt nh v vic gn bit DE trong vi frame no , bi v ngi qun tr c kh nng bit cc lu lng no l quan trng hn lu lng no, thng l chiu inbound. nh du cc bit DE c th c thc hin thng qua c ch CB Marking, dng lnh set fr-de ca MQC. Mc d router thng thc hin vic nh du bit DE, cc tng i FR cng c th nh du bit DE. i vi tng i, ng tc nh du thng c thc hin khi tng i khng ch lu lng, nhng thay v loi b cc lu lng vt qu gii hn, tng i s nh du bit DE. Bng cch ny, cc tng i bn di s c kh nng loi b cc frame nh du v gy ra nghn. Bng di y tm tt cc im mu cht v FECN, BECN v bit DE

Cu hnh Frame Relay Phn ny m t cc cu hnh c bn v cc lnh hot ng, cng vi cc c ch nn ti trn FR v c ch chn LFI trong FR. Cu hnh Frame Relay c bn Hai chi tit quan trng nht lin quan n cu hnh Frame Relay l vic kt hp cc gi tr DLCI vi cc cng hoc subinterface v vic nh x a ch lp 3 n cc gi tr ny. Mt iu th v l c hai c im ny c th c cu hnh vi cng hai lnh: frame-relay map v lnh frame-relay interface-dlci.

Mc d mt router c th hc cc gi tr DLCI trn ng truyn FR thng qua cc thng ip LMI, cc thng ip ny khng c chc nng ngm nh rng DLCI s dng cho cng no. cu hnh FR dng cc subinterface, cc thng s DLCI phi c kt hp vi cc subinterface. Bt k DLCI no c hc vi LMI m khng kt hp vi mt cng subinterface th s c gi s l dng cho cng vt l. Mt phng thc ph bin hn thc hin vic kt hp ny l dng lnh frame-relay interface-dlci trong du nhc lnh sub interface. Trn cc subinterface dng im-ni-im point-to-point, ch c mt lnh frame-relay interface dlci l c php dng, trong khi nu cng l dng a im multipoint, c th nhiu lnh c dng. Mt phng thc thay th l dng lnh frame-relay map. Lnh ny vn nh x a ch lp 3 sang gi tr DLCI nhng cng ngm nh ch ra rng DLCI thuc v cng m lnh ny c cu hnh. Trn cc cng subinterface dng a im, nhiu lnh c th c cho php i vi tng giao thc lp 3. V d di y m t cc ty chn cu hnh ca FR, dng lnh frame-relay interface-dlci v cc lnh show lin quan. V d ny hin thc cc yu cu sau y: R1 dng nhiu cng dng multipoint subinterface kt ni R2 v R3. R1 dng cc cng subinterface dng im-im kt ni n R4. Mch o VC gia R1 v R4 dng kiu ng gi IETF.

Bt u bng cu hnh ca R1. Cng subinterface s0/0.14 hin th ty chn IETF c dng trn lnh frame-relay interface-dlci. Cng subinterface s0/0.123 c hai DLCI thuc v n, l VC kt ni n R2 v R3. Code: interface Serial0/0/0 encapsulation frame-relay ! interface Serial0/0.14 point-to-point ip address 10.1.14.1 255.255.255.0 frame-rely interface-dlci 104 IETF ! interface Serial0/0/0.123 multipoint ip address 101.123.1 255.255.255.0 frame-relay interface-dlci 102 frame-relay interface-dlci 103 Tip theo l cu hnh R2. R2 gn gi tr DLCI cho VC t R1 v R3 n cng subinterface .123. Ch rng s ca subinterface ca router khng cn phi ng bng gi tr DLCI. Code: interface Serial0/0/0 encapsulation frame-relay ! interfacce Serial0/0/0.123 multipoint ip address 101.123.2 255.255.255.0 frame-relay interface-dlci 101 frame-relay interface-dlci 103 Tip theo l cu hnh R4, trong ng gi bng lnh frame-relay ietf. Lnh ny s thit lp kiu ng gi cho tt c cc VC trn cng S0/0/0. Cng lu rng tn sut gi cc thng ip thay i t gi tr mc nh (10) thnh 8 thng qua lnh keepalive 8. Code: interface Serial0/0/0 encapsulation frame-relay IETF keepalive 8 ! interface Serial0/0/0.1 point-to-point ip address 10.1.14.4 25.255.255.0 frame-relay interface-dlci 101

Lnh show frame-relay pvc hin th cc thng tin thng k v trng thi ca tng VC. Lnh k tip trn R1 b qua mt s on, ch li nhng dng c trng thi PVC. Code: R1# show frame-relay pvc| incl PVC STATUS DLCI = 100, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0 DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.123 DLCI = 103, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.123 DLCI = 104, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.14 DLCI = 105, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 DLCI = 106, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0 DLCI = 107, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 DLCI = 108, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 DLCI = 109, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0 Code: R1# show frame-relay pvc 102 PVC Statistics for interface Serial0/0/0 (Frame Relay DTE) DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.123 input pkts 41 output pkts 54 in bytes 4615 out bytes 5491 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 27 out bcast bytes 1587 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:29:37, last time pvc status changed 00:13:47 Kt qu lnh di y xc nhn rng ng truyn ca R1 ang dng Cisco LMI. Cc thng ip trng thi LMI s xut hin mi pht trong thng ip Full Status message c lit k sau cng. Ch rng router gi cc thng ip truy vn trng thi n tng i. Khi tng i gi cc thng ip trng thi, cc b m ny s cng tng. Code:

R1# show frame-relay lmi LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Sent 183 Num Status msgs Rcvd 183 Num Update Status Rcvd 0 Num Status Timeouts 0 Last Full Status Req 00:00:35 Last Full Status Rcvd 00:00:35 Lnh show interface lit k vi chi tit, bao gm cc khong thi gian gi cc thng ip LMI, LMI stats, LMI DLCI v cc trng thi trong hng i FR. Hng i broadcast gi cc broadcast FR m nhng broadcast ny s c nhn bn v gi trn VC. V d nh cc OSPF LSAs. Code: R1# show int s 0/0/0 Serial0/0/0 is up, line protocol is up ! lines omitted for brevity Encapsulation FRAME-RELAY, loopback not set Keepalive set (10 sec) LMI enq sent 185, LMI stat recvd 185, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 274/0, interface broadcasts 228 ! Lines omitted for brevity Code: R3# sh frame lmi |include LMITYPE LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = ANSI R3# sh int s 0/0/0 | include LMI DLCI LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE Ch l R3 ang dng kiu ANSI LMI. R3 c th cu hnh LMI tnh bng cu lnh frame-relay lmi-type {ansi | cisco | q933a} trong cng vt l. Tuy nhin R3 b qua lnh ny, lm cho R3 c hnh ng mc nh l t ng tm ra loi LMI.

Frame Relay Inverse ARP: IP ARP c bit n nh mt giao thc ph thng v tng i n gin. i vi k thi CCIE cng vy. a s cc cu hi trong phn IP ARP l nhng cu hi n gin. Do , nhng cu hi kh v ch xy dng CEF adjacency table s tp trung vo Frame Relay Inverse ARP, cng chnh v vy m phng thc Frame Relay Inverse ARP s c trnh by c th v chi tit hn. Tng t nh IP ARP, nhim v ca InARP l phn gii gia a ch L3 v a ch L2. a ch L3 chnh l a ch IP, cn a ch L2 y chnh l s DLCI (tng t nh a ch MAC trong IP ARP). Tuy nhin, trong phng thc InARP, router bit c a ch L2 (DLCI), v cn phn gii ra a ch L3 (IP) tng ng. Hnh sau l mt v d v chc nng ca InARP.

Trong mi trng LAN, i hi phi c mt gi tin (ARP request) n host v kch hot giao thc IP ARP trn host (tr v ARP reply). Tuy nhin , trong mi trng WAN, khng cn mt gi tin no n router kch hot InARP trn router ny, thay vo l mt thng ip v tnh trng LMI (Local Management Interface) s c dng. Sau khi nhn c thng ip trng thi LMI l LMI PVC Up, router s loan bo a ch IP ca n ra mch lin kt o (VC - Virtual Circuit) tng ng thng qua thng ip InARP (nh ngha trong RFC1293). Nh vy, mt khi LMI khng c thc thi th InARP cng khng hot ng bi v khng c thng ip no ni cho router bit gi thng ip InARP.

Trong mng Frame Relay, nhng cu hnh chi tit c chon la vi mc ch trnh mt s tnh trng khng mong mun, nhng tnh trng ny s c m t chi tit trong nhng trang k tip ca chng ny. V d khi s dng point-topoint subinterface, vi mi VC thuc mt subnet ring, tt c nhng vn gp phi trong cu hnh ny s c m t r rng c th phng trnh. Bn thn giao thc InARP tng i n gin. Tuy nhin, khi trin khai InARP trn nhng m hnh mng khc nhau, da trn nhng kiu cng khc nhau (cng vt l, cng point-to-point subinterface v multipoint subinterface) th cch thc hot ng ca InARP s tr nn phc tp hn rt nhiu. Sau y l mt v d v h thng mng Frame Relay c thit k theo m hnh mng li khng y (partial mesh) trn cng mt subnet trong khi mi router s dng mt kiu cng khc nhau.

S mng trn ch mang tnh cht l mt v d, n ch s dng trong mi trng hc tp hiu chi tit hn v cch thc hot ng ca InARP. S ny khng nn c p dng trong mi trng mng thc t bi thit k yu km vi nhiu hn ch khi trin khai giao thc nh tuyn bn trn. Thng tin ca mt s lnh show v debug lin quan n Frame Relay InARP v mt trong s nhng iu k quc v InARP lin quan n point-to-point subinterface c m t trong v d 1.1. u tin cu hnh frame relay trn cng multipoint ca R1.

Code: Router1# sh run ! Lines omitted for brevity interface Serial0/0 encapsulation frame-relay interface Serial0/0.11 multipoint ip address 172.31.134.1 255.255.255.0 frame-relay interface-dlci 300 frame-relay interface-dlci 400 ! Lines omitted for brevity K tip, cng serial c tt v bt v cc hng trong InARP trc b xa v vy ta c th quan st tin trnh InARP. Code: Router1# conf t Enter configuration commands, one per line. End with CNTL/Z. Router1(config)# int s 0/0 Router1(config-if)# do clear frame-relay inarp Router1(config-if)# shut Router1(config-if)# no shut Router1(config-if)# ^Z Cc thng ip t lnh debug frame-relay event hin th cc thng ip nhn c InARP trn R1. Ch cc gi tr hex 0xAC1F8603 v 0xAC1F8604, vi cc gi tr thp phn tng ng l 172.31.134.3 and 172.31.134.4 (tng ng vi Router3 v Router4). Code: Router1# debug frame-relay events *Mar 1 00:09:45.334: Serial0/0.11: FR ARP input *Mar 1 00:09:45.334: datagramstart = 0x392BA0E, datagramsize = 34 *Mar 1 00:09:45.334: FR encap = 0x48C10300 *Mar 1 00:09:45.334: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00 *Mar 1 00:09:45.334: AC 1F 86 03 48 C1 AC 1F 86 01 01 02 00 00 *Mar 1 00:09:45.334: *Mar 1 00:09:45.334: Serial0/0.11: FR ARP input *Mar 1 00:09:45.334: datagramstart = 0x392B8CE, datagramsize = 34 *Mar 1 00:09:45.338: FR encap = 0x64010300 *Mar 1 00:09:45.338: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00 *Mar 1 00:09:45.338: AC 1F 86 04 64 01 AC 1F 86 01 01 02 00 00 K tip, ch lnh show frame-relay map c bao gm t kha dynamic, ngha l cc hng c hc thng qua InARP. Code: Router1# show frame-relay map

Serial0/0.11 (up): ip 172.31.134.3 dlci 300(0x12C,0x48C0), dynamic, broadcast, status defined, active Serial0/0.11 (up): ip 172.31.134.4 dlci 400(0x190,0x6400), dynamic, broadcast, status defined, active Trn R3, lnh show frame-relay map ch lit k mt hng duy nht nhng nh dng th khc. Bi v R3 dng point-to-point subinterface, hng ny khng c hc thng qua InARP v kt qu lnh khng bao gm t kha Dynamic. Cng ch l kt qu khng cho thy a ch Layer 3 no. Code: Router3# show frame-relay map Serial0/0.3333 (up): point-to-point dlci, dlci 100(0x64,0x1840), broadcast status defined, active Ch : Trong v d trn ta thy xut hin lnh do trong ch cu hnh. Lnh do cho php cu hnh trong configuration mode nhng thc hin chc nng exec mode m khng phi thot khi mode configuration. V d lnh do clear frame-relay inarp thc hin configuration mode tng ng vi vic ta thc hin lnh clear frame-relay inarp ch ton cc. Trong v d trn, lnh show cho thy Router R1 nhn v s dng thng tin InARP; tuy nhin Router R3 th khng s dng thng tin InARP nhn vo. H iu hnh Cisco IOS hiu rng ch mt VC c thit lp vi mt subinterface point-to-point; mi mt a ch IP u cui khc trn cng mt subnet ch c th tham chiu n duy nht mt s DLCI. V vy, mi thng tin InARP nhn c lin kt n s DLCI l khng cn thit. Ly v d, khi no Router R3 cn gi mt gi tin n Router R1(172.31.134.1), hay n mi u cui khc trong subnet 172.31.134.0/24. T chnh cu hnh ca mnh, Router R3 bit rng phi gi qua s DLCI trn point-to-point subinterface , ngha l qua DLCI 100. V vy, mc d c ba kiu cng c dng cho cu hnh Frame Relay h tr InARP mt cch mc nh, point-topoint subinterface s b qua thng tin InARP nhn c. Cu hnh nh x a ch tnh trong Frame Relay Trong hnh 1.3, R3 bit cch y gi tin n R4, nhng ngc li R4 cha bit cch y gi tin ngc tr li Router3. Theo nghi logic R3 s hiu nh sau nhng gi tin n c next-hop router trn subnet 172.31.124.0/24, R3 s gi chng ra theo mt s DLCI trn point-to-point subinterface, y chnh l DLCI 100 . Nhng gi tin ny s c chuyn n R1 v nh R1 chuyn n R4. Trong cch thit k yu km trong hnh 1.3, mc d R4 v R3 s dng hai kiu cng khc nhau, R3 s dng point-to-point subinterface trong khi R4 s dng cng vt l. n c R3, R4 cn gi frame qua DLCI 100 n R1 v nh

R1 chuyn tip n R3. Trong trng hp ny InARP s khng gip c g, bi v thng ip InARP ch cho php qua mt VC, m khng cho php chuyn tip; mt ch thch rng khng c VC no tn ti gia R4 v R3. gii quyt vn ny, trong cu hnh ca R4 c thm vo cu lnh frame-relay map. V d 1.2 m t chi tit thng tin trc v sau khi s dng lnh frame-relay map. Router 4 ch lit k mt hng trong lnh show frame-relay map bi v Router4 ch c mt VC duy nht kt ni v Router1. Ch vi mt VC, Router 4 c th hc v mt router khc thng qua InARP. Code: Router4# sh run ! lines omitted for brevity interface Serial0/0 ip address 172.31.134.4 255.255.255.0 encapsulation frame-relay Router4# show frame-relay map Serial0/0 (up): ip 172.31.134.1 dlci 100(0x64,0x1840), dynamic, broadcast,, status defined, active ! Next, proof that Router4 cannot send packets to Router3s Frame Relay IP address. Router4# ping 172.31.134.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.134.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) K tip, cc thng tin nh x tnh c thm vo trn Router4 dng lnh framerelay map trong sub-interface. Cng ch rng lnh ny dng DLCI 100, v vy bt c gi tin no c gi bi R4 v 172.31.134.3 (Router3) s i qua VC v router 1, sau li cn nh tuyn gi tin ngc v Router3. T kha broadcast bo cho Router4 gi cc bn copy trn VC ny. Code: Router4# conf t Enter configuration commands, one per line. End with CNTL/Z. Router4(config)# int s0/0 Router4(config-if)# frame-relay map ip 172.31.134.3 100 broadcast Router4(config-if)# ^Z Router4# ping 172.31.134.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.134.3, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms V d 1.2 Ch : Router R3 khng cn phi s dng cu lnh frame-relay map, bi v trong cu hnh ca R3 s dng point-to-point subinterface. Phi nh k rng bn ng nn s dng nhiu kiu cng khc nhau nh hnh 1.3, cng khng nn trin khai m hnh dng li khng y (non-full-mesh) vi cng mt subnet, tr khi bn buc phi thc hin trn ng khng gian a ch IP hn ch ca mnh. Trong trng hp khi bn s dng m hnh nh hnh 1.3, bn c th s dng cu hnh trn. Mt s la chon khc l nu nh bn s dng multipoint subinterface trn c R3 v R4, c hai router u phi s dng cu lnh framerelay map, bi v c hai router u khng th nghe c thng ip InARP t router khc. Tuy nhin, nu c hai router R3 v R4 u s dng point-to-point subinterface, khng router no i hi phi c cu lnh frame-relay map, bi v theo ngha logic c hai router u hiu l: dng mt VC ca n n tt c cc a ch trong subnet. Tt InARP Trong hu ht nhng m hnh mng c a ra, vic s dng InARP l hp l. Tuy nhin, ta c th tt InARP trn interface vt l hay multipoint interface i bng cch s dng lnh no frame-relay inverse-arp trn interface subcommand. C th ngng hot ng InARP trn tt c cc VC ca interface/subinterface, tt c cc VC ca interface/subinterface ng vi mt giao thc L3 ring bit, hay n thun l trn mi DLCI c th. Cu lnh no frame-relay inverse-arp khng ch lm cho router ngng vic gi thng ip InARP ra ngoi, m cn lm cho router khng nhn thng ip InARP. Ly v d, cu lnh no frame-relay inverse-arp ip 400 mode subinterface trn Router R1 trong v d 1.2 khng ch ngn R1 ngng gi thng ip InARP ra DLCI400 ti R4 m cn lm cho R1 b i thng ip InARP nhn trn DLCI400.

(*) Interface point-to-point lun lun b qua thng ip InARP, bi v i vi point-to-point interface, ch dng mt s DLCI gi n tt c a ch trong cng mt subnet Bi 3: SPANNING TREE PROTOCOL - STP 1. Tng quan v IEEE 802.1D: Mt mng mnh m c thit k khng ch em li tnh hiu qu cho vic truyn cc gi hoc frame, m cn phi xem xt lm th no khi phc hot ng ca mng mt cch nhanh chng khi mng xy ra li. Trong mi trng lp 3, cc giao thc nh tuyn s dng con ng d phng n mng ch khi con ng chnh b li th s nhanh chng tn dng con ng th 2. nh tuyn lp 3 cho php nhiu con ng n ch gi nguyn tnh trng hot ng ca mng v cng cho php cn bng ti qua nhiu con ng. Trong mi trng lp 2 (switching hoc bridging), khng s dng giao thc nh tuyn v cng khng cho php cc con ng d phng, thay v bridge cung cp vic truyn d liu gia cc mng hoc cc port ca switch. Giao thc Spanning Tree cung cp lin kt d phng mng chuyn mch lp 2 c th khi phc t li m khng cn c s can thip kp thi. STP c nh ngha trong chun IEEE 802.1D.

1.1. Spanning Tree l g v ti sao phi s dng n? Spanning Tree Protocol (STP) l mt giao thc ngn chn s lp vng, cho php cc bridge truyn thng vi nhau pht hin vng lp vt l trong mng. Sau giao thc ny s nh r mt thut ton m bridge c th to ra mt topology lun l cha loop-free. Ni cch khc STP s to mt cu trc cy ca free-loop gm cc l v cc nhnh ni ton b mng lp 2. Vng lp xy ra trong mng vi nhiu nguyn nhn. Hu ht cc nguyn nhn thng thng l kt qu ca vic c gng tnh ton cung cp kh nng d phng, trong trng hp ny, mt link hoc switch b hng, cc link hoc switch khc vn tip tc hot ng, tuy nhin cc vng lp cng c th xy ra do li. Hnh 3.1 biu din mt mng switch in hnh v cc vng lp c c dng cung cp kh nng d phng nh th no.

Hai nguyn nhn chnh gy ra s lp vng tai hi trong mng chuyn mch l do broadcast v s sai lch ca bng bridge. Broadcast Loop Broadcast Loop v vng lp lp 2 l mt s kt hp nguy him. Hnh 3.2 biu din broadcast to ra vng lp phn hi (feedback loop).

Gi s rng, khng c switch no chy STP: Bc 1: host A gi mt frame bng a ch broadcast MAC (FF-FF-FF-FFFF-FF). Bc 2: frame n c hai Cat-1 v Cat-2 qua port 1/1 Bc 3: Cat-1 s a frame qua port 1/2. Bc 4: frame c truyn n tt c cc node trn on mng Ethernet k c port 1/2 ca Cat-2. Bc 5: Cat-2 a frame ny n port 1/1 ca n. Bc 6: mt ln na, frame xut hin port 1/1 ca Cat-1. Bc 7: Cat-1 s gi frame ny n port 1/2 ln hai. Nh vy to thnh mt vng lp y. Ch : frame ny cng trn qua on mng Ethernet v to thnh mt vng lp theo hng ngc li, feedback loop xy ra trong c hai hng. Mt kt lun quan trng na trong hnh 3.2 l bridging loop nguy him hn nhiu so vi routing loop. Hnh 3.3 m t format ca mt DIXv2 Ethernet frame.

DIXv2 Ethernet Frame ch cha 2 a ch MAC, mt trng Type v mt CRC. Trong IP header cha trng time-to-live (TTL) c thit lp ti host gc v n s c gim bt mi khi qua mt router. Gi s b loi b nu TTL = 0, iu ny cho php cc router ngn chn cc datagram b run-away. Khng ging nh IP, Ethernet khng c trng TTL, v vy sau khi mt frame bt u

b loop trong mng th n vn tip tc cho n khi ai ngt mt trong cc bridge hoc ngt mt kin kt. Trong mt mng phc tp hn mng c m t trong hnh 3.1, 3.2 th c th gy ra feedback loop rt nhanh theo t l s m. V c mi frame trn qua nhiu port ca switch, th tng s frame tng nhanh rt nhiu. Ngoi ra cn phi ch n broadcast storm trn cc user ca host A v B trong hnh 3.2. Broadcast c x l bi CPU trong tt c cc thit b trn mng. Trong trng hp ny, cc PC u c x l broadcast storm. Nu ta ngt kt ni mt trong s cc host t LAN, th n hot ng tr li bnh thng. Tuy nhin, ngay khi ta kt ni n tr li LAN th broadcast s s dng 100% CPU. Nu ta khng x l iu ny m vn tip tc s dng mng, th s to ra vng lp vt l trong VLAN. Vic sai lch bng bridge: Nhiu nh qun tr switch/bridge nhn thc vn c bn ca broadcast storm, tuy nhin ta phi bit rng thm ch cc unicast frame cng c th truyn mi trong mng m cha vng lp. Hnh 3.4 m t iu ny. Bc 1: host A mun gi gi unicast n host B, tuy nhin host B ri khi mng, v ng vi bng bridge ca switch khng c a ch ca host B. Bc 2: gi s rng c hai switch u khng chy STP, th frame n port 1/1 trn c hai switch. Bc 3: v host B b down, nn Cat-1 khng c a ch MAC BB-BB-BBBB-BB-BB trong bng bridge, v n trn frame qua cc port. Bc 4: Cat-2 nhn c frame trn port 1/2 . C 2 vn xy ra. o Bc 5: Cat-2 trn frame v n khng hc a ch MAC BB-BB-BB-BB-BBBB, iu ny to ra feedback loop v lm down mng. o Cat-2 ch rng, n ch nhn mt frame trn port 1/2 vi a ch MAC l AA-AA-AA-AA-AA-AA. N thay i a ch MAC ca host A trong bng bridge dn n sai port.

V frame b lp theo hng ngc li, nn ta thy a ch MAC ca host A b ln gia port 1/1 v 1/2. iu ny khng ch lm mng b trn vi cc gi unicast m cn sa sai bng bridge. Nh vy khng ch c broadcast mi lm h hi mng. --------------------------Bi 4:

Spanning Tree.
Mt h thng mng hin thc STP km c th dn n rt nhiu cng vic cu hnh, khi phc li trn mng campus. Bi vit ny gii thch c ch hot ng ca spanning-tree, chc nng ngn nga loop trong mng switch. STP l mt trong nhng ch m tnh k thut trong cng ngh LAN switching. hiu v STP th cng kh khn nh l hiu v cc c ch hot ng bn di ca OSPF hay EIGRP (timers, kiu gi tin, cc gii thut). STP ng vai tr nn tng trong hot ng ca mi h thng mng campus. N ng vai tr then cht trong thit k v trin khai mng campus. Spanning-tree l mt giao thc lp 2 s dng mt gii thut c bit tm ra cc vng lp trong mng v tc ng ca mt mng khng b loop. STP s to ra mt cu trc cy bao gm cc l v cc nhnh tri rng trn ton b mng L2. Trong phn ny, thut ng switch v bridge c dng thay th ln nhau. Ngoi ra, nu khng cp n, kt nI gia cc switch s c gi s l kt ni trunk. Cc vng lp loop c th din ra trong mt h thng mng v nhiu l do. Thng thng, loop l kt qu ca nhng c gng xy dng cc kt nI d phng. Tuy nhin, loop cng c th dn n t nhng li do cu hnh.

Cc kt ni vt l theo kiu vng lp m khng dng STP c th gy nhiu vn . C hai vn c th dn n l broadcast loop v hng bng mac-address. Mt frame Ethernet ch cha hai a ch MAC, vng typefield, mt vng CRC v cc thng tin lp network. Trong khi , header ca IP c cha vng timeto-live (TTL) c gn bi router ngun v b tr dn mi khi qua mt router. Bng cch loi b nhng gi tin c TTL=0, router s ngn nga cc gi tin tn ti qu lu trong h thng mng. Khng ging nh IP, Ethernet khng c vng TTL. V vy, sau khi mt frame bt u b lp, frame s c chuyn bt tn cho n khi no mt switch b tt i hoc mt kt ni l b ngt. Bridge-ID Gii thut spanning-tree c nh ngha trong IEEE 802.1D. Cc thng s c dng bi gii thut bao gm Bridge-ID s c kho st trong phn ny. Gii thut spanning-tree da trn mt s thng s ra quyt nh. Thng s bridge-ID l thng s u tin c dng bi STP tm ra trung tm ca mng, cn gi l root-bridge. Thng s bridge-UD l mt gi tr 8-bytes bao gm hai vng gi tr. Gi tr u tin l gi tr thp phn c di 2-bytes gi l Bridge-Priority v gi tr tip theo l a ch MAC 6 bytes. Bridge Priority c dng ch ra u tin ca mt bridge trong gii thut spanning-tree. Cc gi tr c th l t 0 cho n 65535. Gi tr mc nh l 32,768. Gi tr MAC trong BID l mt trong nhng MAC-address ca switch. Hai thng s BID khng th no bng nhau, bi v Catalyst switch c gn nhng gi tr MAC address khc nhau. Trong cc gii thut ca spanning-tree, khi so snh hai gi tr ca switch, gi tr thp hn lun c dng. Path cost Path cost l thng s th hai c dng bi gii thut ca spanning-tree xc nh ng i v root. c t IEEE 802.1D ban u nh ngha cost c gi tr bng 10 ly tha 9 chia cho bng thng ca kt ni tnh theo Mbps. V d ng 10M s c cost l 100 (1000/10) v ng 100Mbps s c cost l 10. Tuy nhin, do cng ngh pht trin, c cc cng ngh mi c tc cao hn c 1Gbps nn cn nh ngha li cng thc tnh cost. Cost c lu nh mt gi tr s nguyn. Thng s path cost s o lng cc bridge s gn nhau nh th no. Path cost l tng ca cc chi ph trn ng link gia hai bridge. i lng ny khng o bng hop count. Hop count cho ng i A c th ln hn hop-count cho ng i B, trong khi , nu xt theo cost, ng i qua path A s nh hn ng i qua path B. Thng s path cost c dng bi cc switch xc nh ng i tt nht v RootBridge. Gi tr thp nht ca ng i s l ng i tt nht v root-bridge.

Port-ID Thng s PortID l thng s th ba c dng bi spanning-tree xc nh ng i v root-bridge. Gi tr port-ID l gi tr 2-bytes bao gm mt hai ch s. Ch s u tin gi l port Priority, gi tr th hai c gi l port-number. Trn mt CatOS, gi tr u tin l 6bits v gi tr th hai l 10 bits. Trn IOSbased switch, c hai gi tr l 8 bits. Ta khng nn nhm ln gia PortID vI gi tr Port Number. Gi tr port number ch l mt phn ca PortID. Gi tr PortID cng thp th c u tin hn gi tr portID cao trong cc quyt nh ca STP. Hai gi tr PortID khng th no bng nhau, bi v PortNumber s ch ra switchport trn Catalyst switch. Gi tr port priority l mt thng s STP c th thay i c. Tm gi tr ca n l t 0 cho n 255 trn IOS-based switch, gi tr mc nh l 128. -----------------------------------------------

Bi 5:
Redistribution 1. nh ngha

Route redistribution

Trng hp nu mt mng ca cng ty chy nhiu giao thc nh tuyn th cn phi c mt phng thc chia s thng tin nh tuyn gia cc giao thc khc nhau . Qu trnh gi l redistribution. Ch l trong trng hp tn ti nhiu giao thc nh tuyn trn cng mt router khng c ngha l redistribution t xy ra. M qu trnh redistribution ny xy ra th ta phi cu hnh chng. Trng hp c nhiu giao thc nh tuyn tn ti trn cng mt router m khng c cu hnh redistribution c gi l ships in the night (SIN) routing. C ngha l router ch trao i thng tin nh tuyn vi neighbor ca n trong cng process domain. Mc d SIN routing thng c cp ti trng hp nhiu giao thc nh tuyn trn cng mt router (nh l OSPF ca giao thc IP v NLSP ca giao thc IPX). Mt ch na l redistribution ch c th xy ra gia cc giao thc nh tuyn tng ng vi cng mt giao thc lp 3 (IP, IPX hay Apple Talk). Mt vi giao thc nh tuyn th t ng redistribution m khng cn phi cu hnh, tuy nhin thng l ta phi cu hnh th qu trnh redistribution mi din ra. Hnh 3.1 di y s miu t chnh sch redistribution ca tng giao thc nh tuyn.

Routing Protocol & Chnh sch redistribution (Redistribution Policy) Static: Phi cu hnh bng tay vo cc giao thc nh tuyn khc. Connected: Tr phi c cu lnh Network cho qu trnh nh tuyn, phi yu cu cu hnh redistribution bng tay vo cc giao thc nh tuyn khc. RIP: Yu cu cu hnh redistribution bng tay. IGRP: N s t ng din ra gia IGRP v EIGRP nu gi tr AS autonomous system ca chng ging nhau. Trng hp cn li yu cu phi cu hnh bng tay. EIGRP: N s t ng din ra gia IGRP v EIGRP nu gi tr autonomous system ca chng ging nhau. EIGRP cho giao thc Apple Talk s t ng redistribution gia EIGRP v RTMP. EIGRP cho IPX s t ng redistribution gia EIGRP v IPX RIP/SAP. Trng hp cn li yu cu phi cu hnh bng tay. Trong cc phin bn sau, NLSP c th redistribution bng tay. OSPF: Yu cu phi cu hnh redistribution gia cc OSPF process khc nhau v vi giao thc nh tuyn khc. IS-IS: Yu cu phi cu hnh bng tay gia cc giao thc nh tuyn khc nhau. BGP: Yu cu phi cu hnh bng tay gia cc giao thc nh tuyn khc nhau. Cc trng hp dn ti tn ti nhiu giao thc nh tuyn trong cng mt t chc: T chc chuyn t mt giao thc ny sang mt giao thc khc bi v h cn mt giao thc nh tuyn phc tp hn. V d chuyn t RIP sang OSPF. Do yu t lch s, t chc c rt nhiu mng con. Cng ty cn c thit k chuyn sang mt giao thc duy nht trong tng lai. V d hin ti va chy RIP, IGRP. Mong mun chuyn sang EIGRP. Mt vi doanh nghip s dng gii php host-based yu cu nhiu giao thc nh tuyn. V d, v d mt UNIX host s dng RIP khm ph gateway. Sau khi 2 cng ty c hp nht.

V mt chnh tr, c nhng t tng khc nhau gia cc nh qan tr mng khc nhau.

Trong mt mi trng rt ln, nhng vng khc nhau c nhng yu cu khc nhau, do mt gii php n l l khng hiu qu. V d: mt mng a quc gia, th EIGRP l giao thc nh tuyn c s dng access layer v distribution layer nhng BGP l giao thc nh tuyn c dng kt ni vi core layer. 2. Cc vn pht sinh v gii php khi thc hin redistribution. c trng ca cc giao thc nh tuyn m hu ht c mang trong redistribution l s khc nhau trong metric v administrative distance, v kh nng classful hay classless ca chng. Nu khng xem xt cn thn s khc nhau ny khi redistribution cc giao thc nh tuyn c th dn ti cc vn nh khng trao i mt vi hoc tt c cc tuyn (route), routing loop v black hole. a/ Metric Static route khng c metric i km vi chng, nhng mi OSPF route (tuyn OSPF) phi c mt gi tr cost i km. Mt v d khc lin quan n metric na l redistribution ca RIP route (tuyn RIP) vo IGRP. Metric ca RIP l hop count, trong khi IGRP s dng bandwidth v delay. Metric ca IGRP l mt s 24 bit trong khi ca RIP gi tr gii hn l 15. Trong c 2 trng hp, yu cu i vi giao thc nh tuyn tham gia redistribution l i vi nhng tuyn (route) c redistribution vo domain ca n th n phi kt hp c metric ca n vi metric ca nhng tuyn . Do cn c mt gii php. l khi router thc hin redistribution phi gn mt gi tr metric cho nhng tuyn tham gia redistribution, tc l chuyn i metric ca cc tuyn t giao thc c (v d l RIP dng hop count) sang giao thc mi (v d l IGRP dng bandwidth+ delay). Qu trnh chuyn i nn thc hin ngay trong lc redistribution v trn router chy nhiu routing protocol. Mt v d l EIGRP v OSPF. EIGRP c redistribution vo OSPF v ngc li OSPF c redistribution vo EIGRP. OSPF khng hiu metric t hp ca EIGRP v EIGRP cng khng hiu cost ca OSPF. Kt qu l, cc phn ca qu trnh redistribution cc router phi c gn mt cost cho mi EIGRP route trc khi tuyn c qung b sang OSPF domain. Tng t nh vy, router cng phi gn mt cp gi tr sau: bandwidth, delay, reliability, load v MTU cho mi OSPF route trc khi n c qung b sang EIGRP domain. Nu qu trnh gn metric l khng ng th qu trnh redistribution s tht bi. b. Khong cch qun l (Administrative Distance) Tnh a dng ca metric cn gy ra vn sau: nu mt router chy nhiu hn mt giao thc nh tuyn v hc mt tuyn (route) ti cng mt ch t mi giao thc tng ng, th tuyn no s c chn? Mi giao thc nh tuyn s

dng metric ca n xc nh ra route tt nht theo cch ca mnh. So snh tuyn (route) vi metric khc nhau chng hn: hop count v cost, chng khc no so snh to v cam. C mt gii php gii quyt vn ny l administrative distance. ng nh metric c gn cho mi tuyn (route) n mc u tin ca mi route c th c xc nh, administrative distance c gn cho tuyn ngun (route source) n mc u tin hn ca tuyn ngun c xc nh. Nh trong phn hai gii thiu administrative distance n nh l thc o v tin cy. Gi tr administrative distance cng nh th tin cy ca thng tin nh tuyn trao i bi giao thc tng ng cng ln. V d, gi s mt router chy 2 giao thc nh tuyn l RIP v EIGRP. Khi router hc mt tuyn ti mng 192.168.5.0 bng c 2 giao thc nh tuyn th n s nhn c thng tin v tuyn ti mng 192.168.5.0 t c RIP neighbor v EIGRP neighbor. Bi v EIGRP s dng metric t hp cho nn nhng thng tin nh tuyn hc c t EIGRP s chnh xc hn l thng tin nh tuyn hc c t RIP. Do , EIGRP tin cy hn RIP. Bng 3.3 cho bit cc gi tr administrative distance mc nh ca cc giao thc nh tuyn khc nhau. EIGRP c administrative distance l 90 trong khi RIP l 120. iu chng t EIGRP tin cy hn RIP. c. Redistributing t Classless vo Classful Protocols S suy xt thn trng c ni r c ni r khi thc hin redistribution t mt classless routing process domain vo mt classful domain. hiu c ti sao li nh vy, u tin cn hiu mt classful routing protocol phn ng li nh th no vi s thay i ca subnet. Nh bit RIP l mt classful routing protocol cho nn n khng gi mask trong thng tin nh tuyn. i vi cc route m mt classful router nhn c s rI vo mt trong 2 kh nng sau: Router s c mt hay nhiu hn interface gn vi mng chnh (major network). Router s khng c interface gn vo mng chnh.

Gii php 1: cho vic redistribution gia classful routing protocol v classless routing protocol l s dng nh tuyn tnh phn phi cc route vo trong classful routing domain. Gai php 2: thc hin route summary nhm cc subnet con thnh mt subnet to hn m classful routing domain hiu c.

Bi 6: Tho lun cc vn v cp quang Hi: 1. Cho em hi v s khc nhau gia cp quang SM v MM? 2. Cc thit b u cui hn si cp quang trc khi gn n vo switch. Trn mt s switch, em thy c giao tip FX; i khi em thy giao tip cp quang l SX hoc LX. Vy ttrong ttrng hp no th mnh s dng fx, v trong trng hp no mnh dng sx. Si cp patch-cable dng cho fx l st/sc. Tuy nhin em khng phn bit c trong trng hp no em dnng st/st hoc sc/sc. Cc anh c th gii thch cho em c khng? 3. Cc bn th l gii ti sao si n mode cn n cc b suy hao 5dB, 10dB khong cch gn? Tr li: 1. Si quang l nhng dy nh v do truyn cc nh sng nhn thy c v cc tia hng ngoi. Chng c 3 lp: li (core), o (cladding) v v bc (coating). nh sng c th phn x mt cch hon ton trong li th chit sut ca li ln hn chit sut ca o mt cht. V bc pha ngoi o bo v si quang khi b m v n mn, ng thi chng xuyn m vi cc si i bn cnh. Li v o c lm bng thu tinh hay cht do (Silica), cht do, kim loi, fluor, si quang kt tinh). Thnh phn li v v c chic sut khc nhau. Chit sut ca nhng lp ny nh th ny s quyt nh tnh cht ca si quang. Chng c phn loi thnh cc loi si quang n mode (Single Mode SM) v a mode (Multimode -MM) tng ng vi s lng mode ca nh sng truyn qua si quang. Mode sng l mt trng thi truyn n nh ca sng nh sng (cng c th hiu mt mode l mt tia). Si quang n mode hay si quang a mode u ch truyn mt tn hiu (l d liu m ta cn truyn). Mun truyn nhiu d liu t cc knh khc nhau, ta phi dng n cng ngh WDM (truyn nhiu bc sng trn cng mt si quang). Si a mode c th truyn cng lc nhiu nh sng vi gc anpha khc nhau, cn si n mode ch c th truyn 1 nh sng vi 1 bc sng nht nh. Do si quang l vt liu truyn thng tin da trn nh lut phn x nh sng. Tia sng khi i t mi trng c chit sut cao qua mi trng chit sut thp th khng i thng (hay cn gi l tn x) m s phn x li. Do , khi nh sng mang thng tin, s c truyn i m khng b suy hao g c (v n c chy lng vng trong , phn x bn ny, ri phn x bn kia. Si quang n mode th li c chit sut l mt hng s v chit sut ca v cng l 1 hng s. Khi nh sng s truyn i theo ng ziczac trong si quang ( lnh pha ca tn hiu khi s ng k). Si a mode l cng ngh tin tin hn, chit sut t li ra n v s gim t t (nhng vn m bo mt t s chit sut

nh sng ch phn x ch khng tn x), khi th nh sng s i theo ng cong, lnh pha s t hn nhiu so vi hnh ziczac ca loi n mode. a mode cn chia lm 2 loi, l step mode v grade mode. Step mode th chit sut t li n v gim dn, nhng theo tng nc, cn grade mode th gim lin tc v d nhin l grade mode s tt hn step mode. D nhin l vic dng a mode th cn ph thuc nhiu yu t na nh l gi thnh, cc thit b u cui (ghp knh quang). Si SM ch truyn c mt mode sng do ng knh li rt nh (khong 10 micromet). Do ch truyn mt mode sng nn SM khng b nh hng bi hin tng tn sc v thc t SM thng c s dng hn so vi MM. Si MM c ng knh li ln hn SM (khong 6-8 ln), c th truyn c nhiu mode sng trong li. Thng s vt l ca hai loi cp ny: ng knh li si (phn truyn tin): Core. SM: 9/125; MM: 50/125 v 62.5/125. ng knh v phn x: Cladding th c SM v MM u nh nhau l 125um. Hin nay, cp quang single mode ch dng cho ng trc, ngoi vic gi thnh ra, cng ngh ca cp single mode rt khc khe, v rt kh trong vic thi cng cng nh s dng. L do chnh l do lp li ca cp single mode rt nh (khoang 27 Micromet) cn ca multi mode thi ln hn rt nhiu (khong 130 Micromet). Ngoi ra, do kt cu li single mode cho nh sng i theo ng thng, m gi thnh ch to, cng nh chnh xc trong thi cng, thit b cng ngh cao lm cho cp SM kh thc hin trong cc cng trnh dn s. V Coating th ty thuc vo dc tnh cn bo v m ngi ta lm lp ny, tuy nhin thng thng i vi cp out door th n l 250, vi cp indoor th n l 900, iu ny khng ph thuc vo cp SM hay MM. V s dng th ty thuc vo cng sut pht, nhy thu, khong cch truyn dn, tc yu cu v gi thnh m ngi ta quyt nh dng SM hoc MM. Minh ha hnh ng i ca nh sng truyn trong li (m nguyn nhn l do kt cu ca li Single Mode Multi Mode: =================== - - - >- - - - >- - ng nh sng =================== Single Mode

=================== /\/\/\/\/\/\/\/\/\ - - - - - - - - - ng nh sng \/\/\/\/\/\/\/\/\/ =================== Multi mode Tip cn theo quang hc tia (ray optic), mode ca si quang c hiu l mt tia sng nh sng n sc. Si quang a mode l si quang truyn nhiu tia sng cng mt lc, trong khi si quang n mode ch truyn duy nht mt mode dc trc. Tip cn theo quang hc lng t, nh sng l mt loi sng in t (hai thnh phn E, H) v truyn dn ca n trong si quang phi tun th cc phng trnh ca nh lut Maxoen. Ngi ta nhn thy rng thnh phn in (vc t E) v thnh phn t (vc t H) ti li v v ca si quang khng c lp vi nhau m c mi lin h thng qua iu kin bin li-v. Bt c cp nghim no ca h phng trnh Maxoen li v v tho mn iu kin bin c gi l mt mode truyn sng. Ngoi cch phn loi nh trn, cn vi cch phn loi cp quang khc. Theo Mode th c: SM v MM (MM c 2 loi: 62.5 v 50). Theo mi trng lp t th c Outdoor v In door. Outdoor li chia ra thnh cc loi: F8 v Underground. 2. Ti sao si quang n mode c kh nng truyn tt hn si a mode? Si n mode truyn xa v tt hn si a mode.Trong Single mode, nh sng i theo gn nh mt ng thng trng vi trc cp, cn trong Multi Mode, nh sng i theo mt chm tia sng c dng hnh sin ng trc (v th m ta c th ghp thm nhiu nh sng c cc bc sng khc nhau). Si quang a mode s gp hin tng tn sc trong si quang gia cc mode truyn dn. y l yu im chnh ca a mode so vi n mode. Do m tn hiu trong si quang a mode d b tn x hn, tc truyn km hn v khong cch truyn gn hn. Si quang c ch s bc v ch s lp tu theo hnh dng v chit sut ca cc phn ca li si. Si quang n mode hay a mode ph thuc vo bc sng ca nh sng truyn trong . Cng mt si quang nhng n c th l si n mode vi bc sng nay v l si a mode vi bc sng khc. Tuy nhin trong si quang, ngi ta ch truyn mt s bc sng nht nh. Nhng bc sng ny gi l cc ca s quang. Ba bc sng l 850nm, 1330nm, 1550nm. Thng th bc sng 850nm t c dng. MM c cc bc sng chun l: 780, 850 v 1300. Hin nay cc thit b t dng bc sng 780. SM c cc bc sng: 1310, 1550, 1627. Cc thit b SM dng cng ngh DWM th cn c th s dng nhiu bc sng khc na. Do khi nim si a mode v n mode phi gn lin vi bc sng truyn. Khong cch truyn (theo

khuyn co) ca cp a mode l 500m. Khong cch truyn (theo khuyn co) ca cp n mode l 3000m. Si quang n mode c dng ch yu do ko c hin tng tn sc gia cc mode l nguyn nhn ch yu gy nhiu si quang. Si n mode c dng lm mng backbone cn si a mode ch dng truyn gia cc mng trong vng. Thm na c n mode v a mode u dng nh sng laser hoc led c, cn s dng ci no l tu vo tng trng hp c th do nhu cu v yu cu ca mng. Khi truyn trong si quang, sng nh sng b chi phi bi mt s hin tng sau: (*) Suy gim (attenuation): Suy gim trong si quang do hai nguyn nhn chnh, l hp th ca vt liu v tn x ReyLeng. Hp th vt liu nh hn tn x ReyLeng nn c th b qua. Tn x ReyLeng do cc thng ging vi sai trong cu trc vt liu, v gim khi bc sng tng. th tng hp ca cc nguyn nhn suy gim gip tm ra ba ca s truyn sng s dng rng ri ngy nay (800nm, 1300nm v 1550nm) (*) Tn sc (dispersion): Tn sc l hin tng cc thnh phn khc nhau ca tn hiu cn truyn truyn i vi cc tc khc nhau trong si quang. Tn sc do gy ra hin tng gin xung nh sng u ra, gy ra nhiu chng ph v l nguyn nhn chnh dn n hn ch ca khong cch truyn trong si quang ngy nay. C mt s loi tn sc khc nhau, gm tn sc mode (si quang a mode mi c), tn sc phn cc v tn sc n sc (gm tn sc vt liu + tn sc ng dn sng), mi loi c mt nh hng khc nhau n qu trnh truyn ca tn hiu. Cc loi si quang dch tn sc hn ch c mt phn vn ny nn c khong cch truyn xa (longhaul). (*) Cc hiu ng phi tuyn: Khi truyn nhiu mode trong si quang, hin tng phi tuyn gy ra hin tng sinh ra cc hi t cc mode truyn c bn, dn n nhiu ti u thu v gim cng sut tn hiu truyn. Cc hin tng ny c nh hng cng r rt khong cch cng ln, v khong cch cng khng phi l tham s duy nht. Chng lm nh hng tiu cc n bin , tn s, cc tham s khc v xung truyn, v do nh hng n kh nng nhn dng ca u thu. Hn na, cc nh hng ny li khng ging nhau, v d b khuych i c th dng hn ch vn attenuation, nhng v hiu vi gin xung, v cc b ti to xung khng th m bo cng sut ngng ca u thugy ra nhiu kh khn trong khc phc Trong s cc nh hng th tn sc l nghim trng nht, v trong s cc loi tn sc th tn sc mode l ng k nht. Hy tng tng hai mode sng li v ngoi nht. Khong cch v thi gian khi n ch ca chng l yu t quyt nh n khong cch truyn. Thng thng khong cch ny khng c vt qu 1/2 chu k xung cn truyn b thu c kh nng hi phc tn hiu nh c. l l do chnh si n mode truyn tt hn si a mode trn cc tham s k thut chung. Ngoi ra, cn rt nhiu vn nu mun thc s

hiu c vn mode v phn bit gia chng. Truyn dn quang vi power budget l bi ton cn phi cn thn khi tnh ton thit k. Ngy nay, cng ngh WDM v cc pht hin mi trong k thut quang v ang hng th h mng n mt k nguyn mi, k nguyn ca Optical Internet. ng knh li ca si quang n mode nh hn ng knh li ca si quang a mode. iu ny xut pht t iu kin m bo tnh n mode ca si quang cho bi cng thc sau: (2*PI/lamda)*a*sqr(n1*n1-n2*n2) <2.405 Trong lamda l bc sng, a l ng knh li si quang v n1, n2 ln lt l chit sut li v. Trn th biu din s mode v diameter, bn cn ko di a c thm s mode truyn sng. R rng vi mt bc sng n mode ti hn lamda, chit sut li v xc nh, th ng knh si quang b hn ch bi cng thc trn. Thc t nh sng c lng tnh sng ht, v tr thnh mt cuc tranh ci ln nht trong lch s Vt l nhng nm cui th k 19. Tip cn theo quang hc tia v quang hc lng t u cn thit l gii cc hin tng truyn sng nh sng trong si quang, tuy nhin, bn cht in t ca sng nh sng gip gii quyt cc vn sng t v d hiu hn nhiu so vi cc l gii trong quang hc tia. n c vi mode sng, tip cn theo quang hc lng t gip bn c th hiu c vn tn sc phn cc (trong ch n mode v bn cht vt l vn l dn xut ca hai nghim c lp nhng cng hng s truyn sng, tc vn a mode), vn tn sc ng dn sng (phn b nng lng ca mode khi truyn trong si quang li v v, phn b ny khng ging nhau vi cc mode khc nhau, dn n nng lng ca sng i trong cc vng c chit sut n thay i, v l nguyn nhn ca tn sc). Chng ta khng cn hiu su sc n h Maxoen gii ntn, nhng nm c phng php tip cn ny gip chng ta hiu tt hn v si quang v cc vn truyn dn trn si quang. Ngoi ra, a 2 si quang trn th khng th phn bit c SM v MM u. phn bit c th bn phi c Microscope hoc Fusion Splicer. 3. V phn gn thit b u cui, hn v u ni cp quang Thng thng c hai k thut u ni cp quang: mi u Connector v hn h quang. 3.1. K thut mi u Connector cp quang: Ly u Connector gn vo si quang ri mi cho phng u. C nhiu loi u connector ca cc hng khc nhau nhung VN th ch yu l u connector AMP. Loi u ny khng cn dng keo gn m n c kho si trong. Thi cng theo k thut ny th n gin nhng suy hao cao do lm th cng v chi ph sa cha v x l s c cp bng chi ph lm ban u do cc u Connector ch dng c 1 ln duy nht.

3.2. K thut hn ni bng h quang: Dng my hn cp quang chuyn dng hn mt si dy ni vo cp (dy ni l loi dy c 1 u Connector gn sn ri). K thut ny c nhc im l t ngi lm v chi ph u t my kh cao (khong 12K USD) nhng u im ca n l chi ph sa cha v x l s c kh r do dy ni c th s dng nhiu ln (mi si dy ni di trung bnh 2,5 mt. Mi ln x l phi ct i 3 cm).Bn ko cp quang ti ni s dng, hn vo pittel, t pittel gn vo converter. C 2 cch hn: + Hn bng my : $20/mi + Hn bng tay (bm) : $8/mi Mt mi hn cp quang khong $12 (ty bn xa hay gn, s lng mi hn.), pigtail FC 1.5m khong $8/ 1 si simplex, patch cord FC-SC 5m khong $12/ si simplex, ODF 12 port khong $85 / ci. Khi hn th s c mt thng s gi l sai s suy hao. Bn khng th trn cng mt ng truyn dn c qu nhiu mi ni (khong 6 mi hn tay v 10 mi hn my). Cp quang khng b nhiu bi t trng nn khng cn thit phi c khong cch. Dy Patch cord/Pigtail ca cp quang th cng ging tc dng nh dy Patch cord bnh thng thi, l on cp nhy hai u c Connector kt ni thit b quang vi si quang trn ODF. Si pig tail thc cht l mt on cp quang ngn ni t fiber-enclosure n thit b. Si cp quang khi c ko s kt thc cc box gi l enclosure. Cc enclosure ny c th c gn trn tng nn thng thong cn c gi l wall-mount. Trong gio trnh academy ny hay gi fiber enclose l ODF. Cp quang s c hn vi cc connector trong cc ODF/WALLMOUT/ENCLOSURE ny. T cc ODF, anh c th dng cc si pig-tail/patch-cord gn vo switch. Giao din trn switch cho cc quang c th l SC/ST/FC. Dy Pigtail l si cp quang mt u c Connector, mt u hn vo mt si cp quang. u ni quang trn cc switch thng l u SC (u vung). C th thu cc cng ty lm dch v nh Saicom, Nhn Sinh Phc, An Minh Pht, Lc Vit, SPT hn cho bn (hn si pigtail vo cp quang, u cn li ca si pigtail cm vo ODF) ODF thng dng u ni FC (u trn, vn) v vy bn cn mua thm t nht 4 si patch cord FC SC ni t ODF ra switch. Tht ra gii php tt nht l hn thm si quang nu khong cch xa, nu khng chng ta c th mua Jumper cord c khong cch di (c bit c mt s nh cung cp cho hng di n 300 mt). Sau chng ta c th mua v ct b mt u lm pigtail. Hin ti my hn cp quang rt ph dng, cc cng ty vin thng trn a bn thnh ph u c kh nng thc hin cng vic ny. Mt s ni chn cch bm u cp quang thay v hn, nh vy r hn cht t

nhng suy hao nhiu hn l hn. Dng kiu bm u th mang tnh cht tm thi, kh kim sot c h thng, nht l h thng mng trc. V thit b u cui (Switch/Router) th cng n gin thi, bn hc CCNA th quan tm n Ethernet, Media Converter, nu bn quan tm n vin thng th quan tm n PDH, SDH, thit b DWM. Ni chung h thng thng tin quang khng c g phc tp u, n gin n cng ch l Layer 1 thi. Khong cch 1Km th dng Switch 2 u l c, dng c c MM v SM. Khng cn phi dng Router, dng Switch no c th config c L2 hay L3 th tt m gi li r. H thng quang khi chy c ri th khng c chuyn chp chn. Nu dng Cisco th c th dng con 2960 l c ri. Nn dng 2 con 2960 khng c cng GBIC ri dng thm 2 con Media Converter 100Mbps th gi thnh hp l nht, cn nu khng th dng con 2960 c cng Gbic cng c nhng khng ti u v gi tin. Khong cch gia 2 thit b u ni bng cp quang khng quy nh c th l bao nhiu KM. Khong cch gia 2 thit b cn c vo tnh ton suy hao ton tuyn, cng sut pht, nhy thu v cng sut d phng ca thit b. Thng thng mi thit b u c khuyn co chy c ly nht nh, Ch c ly quang ca cc loi module, nu gn qu cn phi gn thm b suy hao quang trnh lm hng con laser receiver, tuy nhin ch l tnh tng i thi. 3.3. V gi thnh ca hai gii php:

C hai gii php u dng ph kin nh nhau. Gm hp cha ph kin (patchpanel/ ODF), Adaptor, Patchcord. i vi gii php hn si quang pigtail (gi s l 6 si quang) pigtail MM: 7 USD/ 1 pcs tray :14 USD/ tray 12 or 24 soi Cng hn : 4 USD/ moi han Tng cng cho 6 si: 42 + 14 + 24 = 80 USD i vi gii php bm u connector: Connector :4 USD/ 1 pcs Cng bm u: 4 USD/ dau Tng cng cho 6 u: 24+24 = 48 USD Nh vy chnh lch cho mt im tp kt cui cp quang c 6 core l 80 48 = 32 USD.

Bi 7: Leased line Cu hi lin quan n leased line: 1. Cng ty mnh ang xi leased-line 256Kbps, thi gian u th c th download file v duyt web rt nhanh nhng hin nay rt chm (c th ni l chm nh dial-up). Mnh cn bit 2 iu l : - Lm cch no mng internet chy nhanh tr li - Lm cch no bit c ng leased-line m mnh ang s dng c phi l 256Kbps khng? 2. DDN l g? Mi cc bn c hiu bit v DDN dnh cht thi gian post ln cho anh em trong din n nhng kin thc ca mnh v DDN. 3. Cch cu hnh leased line trn thit b ca CISCO khng? 4. Bng thng ca mt ng truyn ( v d leased-line) c phi bng tng ca tc truyn (bt/s) ca c hai chiu (IN/OUT) cng li khng? Tr li: Bn c th dng MRTG kim tra lu lng bng thng vo ra, chng trnh min ph v h tr kh nhiu phn cng, ch phi ci l ci t hi th cng m thi nhng dng rt tt. Mrtg download ti mrtg.org kim tra tc . Ngay lc ny anh c th kim tra thng s Reliability ca cng Serial bng cch anh dng lnh #show interface Serial X/X ..Nu thng s ny c t l qu thp th c th ng truyn ch anh khng tt. y l mt thit b kt ni leased line, ng hn l thit b HDSL Modem. Thit b u cui bn cn trang b khi u ni leased line ti mng DDN ca Tp HCM l dng cc NTU. NTU th c rt nhiu loi v d ASM 31 chng hn. Thit b ny cng c datarate = 128K. Loi Timeplex AD3, IDSL Max datarate= 128K NTU Timeplex AD3 c datarate =128K, chnhxc hn nu di 128K th bu in s ch nh khch hng dng thit b theo bu in ch nh, cn nu > 128K th khch hng dngloi no cng c min l > 128K.Thng tt c cc loi thit b ny c mt u l V.35, cn mt u kia ni vo ng line cp ng ko t bu in. TimePlex AD3 c cp trn ngng sn xut v c thay th bng TimePlex SYNCHRONY AD7 v hin ti l AD-10/FR2. Hng cung cp NTU th nhiu lm, vn l bn c bu in khuyn co s dng loi g tng thch. DDN l 1 network hon chnh dng cung cp cc dch v v data. Hin ti mng DDN s dng cng ngh ghp knh TDM (TDM-based). Trong tng lai c l s chuyn dn sang cc cng ngh mi nh DPT/RPR hoc chuyn sang ATM-based, IP-based. Mng DDN l mt tp hp cc access node (s dng cc b mini MUX, DACS ) dng mng truyn dn ni tnh hin c kt ni cc access node li vi nhau (ci nh ngha ny khng chc lm . Theo em th DDN (Digital Data Network) l mt h thng mng ch da trn truyn dn cp

ng. Hin nay mng ca bu in l mng DDN (tt nhin l backbone th vn l Optical ri) Cc access node c 2 nhim v: 1. Cung cp dch v data ti ngi dng cui. v d nh dch v leasedline. 2. Tp trung lu lng (multiplexer) truyn i trn mng truyn dn. Di y so snh Leased lines (LL) vi mt s cng ngh khc nh FrameRelay v MPLS/VPN. Vic chn LL hay FrameRelay ty thuc ch yu vo nhu cu s dng. Sau y l bng so snh 1 cch c bn nht: LL: bo mt cao nht v c ng truyn dnh ring. Thch hp cho cc ng dng rt quan trng hay cc ng dng i hi cao, khng chp nhn delay (nh VoIP, SAP,). Khng ph thuc vo kh nng v trnh k thut ca nh cung cp dch v, v LL hat ng lp 1 chi ph rt cao FrameRelay: bo mt thp hn v mng FR, d liu c truyn i chung vi cc d liu ca nhng khch hng khc. Thch hp cho cc ng dng khng i hi cao. Ph thuc vo kh nng v trnh k thut ca nh cung cp dch v, v FR hat ng lp 2 chi ph r hn LL rt nhiu So snh gia leased line (TDM) v MegaWAN (VPN/MPLS), gi s tc ng truyn cn thu nh nhau. Kt ni 1 vn phng v 2 chi nhnh. Leased line: u im: - Bng thng m bo 100% - Delay nh - Jitter nh - a dch v (c th s dng cho cc dch v non-IP v IP). Khuyt im: - Gi thu rt t. - Thit b u cui rt t, t thng dng, kh tm. - Buc phi s dng 1 cp thit b cho mi knh > vn phng cn 2 thit b phc v cho 2 im chi nhnh. MegaWAN: u im: - Bng thng m bo (ch s n khng khai CBR -Constant Bit Rate cho bc thi). - Gi thu rt r - Thit b u cui thng dng, d mua (modem ADSL bnh thng hoc

SHDSL). HDSL v G.shdsl cho cc kt ni data 128Kbps&lt; n x 64Kbps &lt;= 2048Kbps. - Ch cn 1 modem vn phng phc v cho nhiu im chi nhnh. - Ph hp kt ni mng tin hc v cc dch v trn nn IP. Khuyt im: - Delay ln - Jitter ln -------------------------------------Bi 8: Xi cp quang vi RJ45 Cu hi: Xin cho, Ti c mt vn mong c gii p. Cng ty c 2 buiding cch nhau >200m (cch con ng). ni gia 2 building, cty dng cp quang (cch ny hp l nht cha?) ni 2 u. 2 u s dng LAN router cisco 26xx ( tch ri 2 mng LAN) ch c 2 port FE 10/100. Vy by gi dng cch no ni c cp quang vo ci u Rj-45 ca router? Nu ni thng vo Switch 29xx c u cho cp quang 2 u building th c th tch ri 2 mng khng? Rt cm n Tr li t cc thnh vin din n: Nu mun ni 2 vn phng vi khong cch gn (=< 3km) c rt nhiu gii php ph thuc vo cc thit b u cui m cng ty cc bn ang c: 1. Cp ng cng ngh G.SHDSL hay cng ngh VDSL: C th kt ni hai ta nh bng dy cp ng (loi cp in thoi). Dng thit b hai u VC102 (Planet VDSL Converter). * Thit b ny c nhiu ch la chn * Khong cch ti a 1km2 * Bng thng khong 11mb * Gi cng khong hn 800usd cho 1 cp. Thit b cn thit l hai modem s dng cng ngh trn c port Lan (1 hoc 4 port)

vd: Loi modem G.SHDSL Paradyn 1740 A2 gi tm 500usd, Zyxel P 792H gi tm 400usd. Loi modem VDSL Zyxel P972. Nu dng cp ng cng ngh G.SHDSL v mun u vo Router: cc bn mua cc loi NTU ang c trn th trng c Interface V35 l ok, tc Syn 2Mbps. Lc ny mng ca bn ging nh mt Wan kt ni hai LAN. Nu cng ty d d th mua Interface E1 (modem v c Router). vd: sn phm ca Telindus, CTC Lu : bn phi c chc nng ko c cp ng nu ngoi ng, trong khun vin cng ty th min bn. 2. Cp quang: kt ni bng cp quang bn cn c: - Cp quang: nn xi loi outdoor, c armoured cng tt. Vi khong cch khong 200-500m th dng cp multimode 50/125um l tt nht. S core th ty bn nhng ti thiu l 2 core (Tx & Rx), thng thng l 4 hoc 8 core d phng. - ODF x 2 pcs cho 2 building:Ty v tr u ni/ phng thit b bn c th chn loi rack mount hoc wall mount, FO adapter chn loi thng dng nh ST hoc SC - Connector quang: ti thiu l 4 (2 cho mi u), c th chn ST hay SC cho thng dng cng nh d hn u v phi cng loi vi adapter ca ODF - Patch cord quang: ni t ODF sang media converter, di khong 3m l . Ch 2 u connector phi cng loi vi adapter ca ODF v FO connector ca media converter. - Media converter:ty nhu cu bng thng gia 2 building bn c th chn FE hoc GE. Ch cc thng s: Cng sut pht ti thiu, Cng sut pht ti a, nhy u thu, ngng cng sut thu ti a, kiu FO connector. - Cui cng l 2 si patch cord RJ45 ni t media converter ti switch. Dng Media Converter l hay nht v gi r nht. Trn th trng c nhiu loi cc bn c th d gi c gi tt nht. hai u ca ng cp quang cc bn c th dng switch layer 2 hoc dng router hoc mt bn l switch v mt bn l router. Bn kt ni hai switch bng cp quang th hai mng LAN tr thnh mt nu bn khng cu hnh VLAN. u kia ni thng vo switch L2. Trang b 01 Switch c 02 cng cp quang l n. Mng chy thoi mi 1000Mbps. RJ45 cp quang (LAN)[SWITCH c cng cp quang] -[SWITCH c cng cp quang]-(LAN) Nu dng cp quang v mun u vo Router hai u: Cc bn c th dng modem quang. Trn Modem quang c nhiu la chn hn v n ra nhiu

Interface hn : LAN, E1 v V35. Nu bn mun dng cp quang trc tip trn router bn c th mua them module NM-1FE-FX. Nu khng mun u t thm switch c cng quang bn c th s dng Converter ca hng Planet Fast Ethernet Media Converters. Hin nay trn th trng c cc dng media converter 100base FX/100base TX ca Plannet. Gi r (t 100-300$ ty loi). Dng cp Munltimode th media converter r hn Single Mode, khong cch t 500m->80km. Thit b ny c th cho bng thng l 100Mbps, khong cch 2km vi multimode v khong 35 km vi cp singlemode. S dng 01 cp converter l n nht, gi c cng bnh thng m u im nht vn l d lp t v s dng, khai thc. Gii php cp quang rt tt nhng chi ph cao cho m hnh mng cho 2 ta nh ch cch nhau 200m. Dng cp quang l gii php c bng thng cao v n nh nht, ko b nh hng bi mi trng nh wireless bridge. Tuy nhin chi ph c th cao hn cng nh thi cng s rc ri hn. Vi khong cch trn 2 Km th bn dng cp quang n mt. Tc ca ng kt ni lc ny khng ph thuc vo cp quang m ch ph thuc vo thit b u cui (router/switch) ca bn. Bn chy c tc Gb bnh thng hoc thm ch 10Gb. Khong cch 200m th khng nn dng cp 50/125 m dng cp 62.5/125 th n hn. V mt l thuyt th cp quang 50/125 c suy hao t hn cp 62.5/125 nn cp 50 c dng cho c ly xa hn, tuy nhin hin nay cng sut pht quang ca thit b c ci thin ng k v gi thnh cng gim nhiu ri. L do nn dng cp 62.5/125 v loi ny rt ph thng v c nhiu nh cung cp nn bn c th mua c cc ph kin i km nh dy ni, dy nhy mt cch d dng v gi thnh cng r, chc bn bit gi thnh SP VN khng ph thuc nhiu vo gi SX m ch yu ph thuc vo c bao nhiu ngui bn thi. Mt iu na l hin nay VN vn s dng kiu bm u cp quang m t khi hn, kiu bm u gi thnh va t m li khng linh hot khi cn thay i. Sau cng, vn cn gii php Wireless. Bn c th ch cn dng 1AP cho c ly 200m xy dng 1 wireless Lan. Lc ny anh cn thm cc wireless card cho cc client. khong cch ln hn,anh cn dng 2 AP bridge thit lp 1 point to-point connection. Khi ny anh vn c 1 LAN duy nht. Trong gii php ny khng cn n cc wireless card, t PC n bridge ta s dng UTP. Chc nng ca AP l kt ni hai LAN vi nhau.

Bi 9:

Khi phc mt khu cho router Cisco

t vn : Khi cu hnh mt router, ngi qun tr thit b thng t cc mt khu ngn chn vic ng nhp khng hp l vo thit b do mnh qun l. V d, ngn chn vic ng nhp vo mode privileged t i n cc mode cu hnh su hn bn trong, ngi qun tr c th s dng enable password hoc enable secret: Router(config)#enable password vnpro (cu hnh enable pasword l vnpro) Router(config)#enable secret cisco (cu hnh enable secret l cisco) Hoc thm ch c th t mt khu ngn chn ng nhp khng hp l ngay t cng console: Router(config)#line console 0 Router(config-line)#password vnpro Router(config-line)#login Vic t cc mt khu nh vy l cn thit nhm m bo mt mc bo mt c bn nht cho thit b. Tuy nhin, i lc v bt cn, ngi qun tr c th nh nhm mt vi k t khi khai bo mt khu hoc c th qun mt mt khu ng nhp do khng ng nhp c vo thit b do mnh qun l. Trong trng hp ny, ngi qun tr cn phi thc hin mt s thao tc nhm khi phc li mt khu cho thit b. Bi vit ny s trnh by nguyn l c bn c s dng khi phc mt khu cho cc router ca tp on Cisco, km theo l s hng dn c th cc thao tc khi phc mt khu trn cc dng router Cisco ph bin hin nay l cc dng 2600, 2800. Nguyn l c bn: Vic khi phc mt khu da trn vic can thip vo bc cui cng ca tin trnh khi ng ca router. can thip vo tin trnh ny, ngi qun tr phi thc hin thay i gi tr ca mt thng s k thut trn router c tn gi l thanh ghi cu hnh (configuration register). Thanh ghi ny bao gm mt chui nh phn 16 bit vi mi bit u mang mt ngha, chc nng ring. Thit lp cc gi tr 0 hay 1 cho cc bit c th nh hng n tin trnh khi ng ca router. Thanh ghi cu hnh thng c hin th di dng s hexa (h m 16), v d; 0x2102, 0x2142, 0x2100,.v.v ( k hiu 0x c s dng ch ra y l cc s hexa). Ta xem xt tin trnh khi ng ca router:

1. POST (Power On Self Test): y l bc u tin, din ra ngay sau khi bt ngun ca router, quy trnh POST s kim tra ton b phn cng ca router m bo cc phn cng hot ng ng. 2. Np chng trnh bootstrap t ROM vo RAM chy, chng trnh ny chu trch nhim thc hin quy trnh np h iu hnh (IOS) cho router. 3. Np IOS (h iu hnh ca router) t b nh Flash vo RAM chy. 4. Sau khi c np, IOS s np file cu hnh startup-config t b nh NVRAM vo b nh RAM thnh file running-config v thc hin file cu hnh ny. Tt c cc mt khu sau khi khai bo u c lu li trong file cu hnh startup-config trn b nh NVRAM v v th sau khi file ny c np v chy th cc mt khu s pht huy tc dng. Do , b qua cc mt khu th phi iu khin router b qua file startup-config trong bc ny v np vo mt cu hnh trng. S dng cu hnh trng v vo c cc mode cu hnh su hn, c th chnh sa hoc xa b cc mt khu lu trong file cu hnh c, t c th s dng li file cu hnh c trong ln khi ng tip theo nhng vi cc mt khu c sa li theo ca ngi qun tr. thc hin c vic ny, cn phi thit lp gi tr l 1 cho bit th 6 ca thanh ghi cu hnh (tnh t phi sang tri, bit u tin ng ngoi cng bn phi c s th t l 0). Gi tr ca c thanh ghi khi thit lp gi tr 1 cho bit s 6 thng c dng l : 0x2142 , c ngha b qua startup-config trong NVRAM khi khi ng. Bnh thng, thanh ghi ny c gi tr mc nh l 0x2102 (trong bit s 6 bng 0 c ngha: s dng file startup-config trong NVRAM). Cc bc c th khi phc mt khu trn router Cisco cc dng 2600, 2800: u tin, gi thit router b cu hnh sai mt khu hoc mt khu b qun dn n ng nhp thit b khng thnh cng:

Ta tin hnh cc bc nh sau khi phc mt khu cho router: 1. Tt cng tc router v sau khong 30s th bt tr li, khi router khi ng, mn hnh s hin th cc dng sau:

( Nhn Ctrl + Break ti y) 2. Ctrl + Break l t hp phm ngt c tc dng a router vo mt ch c bit gi l ch rommon. Ti ch rommon, router s dng h iu hnh ph trong b nh ROM chy ch khng s dng h iu hnh chnh IOS trong flash chy:

L : Nhn Ctrl + Break ngay khi bt router c th lm ng router. Tt nht l ch nhn ngt khi router hin thng bo v kch thc b nh chnh. Ta cng c th nhn Ctrl +Break trong 15 giy u tin. Lu rng i vi cc chng trnh terminal khc nhau, t hp phm ngt c th khc nhau. Chng trnh terminal ph bin nht l Window Hyper Terminal s dng t hp phm Ctrl+Break ngt. 3. Ti rommon, ta thc hin lnh i gi tr ca thanh ghi cu hnh thnh 0x2142.

4. Sau khi i xong gi tr ca thanh ghi cu hnh, phi khi ng li router. Trong rommon, lnh khi ng li router l lnh reset.

5. Sau khi khi ng li, router sau khi np xong IOS, s b qua khng np cu hnh t NVRAM chy na m i vo mode setup, cho php ta s dng mt cu hnh trng chy.

Ta nhp phn tr li l no s dng cu hnh trng. Khi s dng cu hnh trng, ta i vo c mode privileged ca router, t c th tip tc i vo cc mode cu hnh su hn chnh sa hoc loi b mt khu trong file cu hnh c.

6. Tip theo, copy file startup-config vo thnh file running-config. Sau khi copy file startup-config vo, ta c th thay i chnh sa li mt khu c nm trn file ny.

Ta thy tn router c i t tn mc nh l Router thnh Vnpro. Nh vy, ta lm vic trn file cu hnh c v b qua c mt khu. 7. K tip, ta ch vic xem mt khu no cn chnh sa hoc loi b lm cc thao tc chnh sa, loi b tng ng. y, v d mt khu cn sa li l enable password, sa li thnh vnpro.

Sau khi sa xong, nh lu cu hnh ln cu hnh c t nay v sau s dng mt khu mi. 8. Bc cui cng, ta phi sa li thanh ghi cu hnh v mc nh nh c l 0x2102 tin trnh khi ng sau ny c din ra bnh thng.

Thanh ghi cu hnh sau khi c sa vn gi nguyn gi tr 0x2142, ta phi khi ng li router th gi tr mi 0x2102 mi c s dng. Trn y l nguyn l v cc bc dng khi phc mt khu li hoc b qun cho router cc dng 2600, 2800 ca hng Cisco. i vi cc dng khc c th c bin i cht t v cch thc v dng lnh nhng nguyn tc th vn ging nh vy, c th tham kho thm trong cc ti liu hng dn i km hoc trn trang h tr ca Cisco. ----------------------------------------------------

Bi 10: Clockrate vs bandwidth. Tng kt cc tho lun c a ra v bandwidth v clockrate Cc cu hi xung quanh vn ny: -Cu lnh clock rate to xung nhp, vy nu chng ta g clockrate cng ln th tc truyn d liu gia DCE v DTE cng cao phi khng? -Cn cu lnh Bandwidth khi g vo mt interface no th c tc dng g? - Cp xung Clockrate l dng ng b 2 u (1 l DCE trn thc t l nh cung cp dch v, 1 l DTE- l ngi s dng), nhng ng b lm g? Cn tc ng truyn l ph thuc vo Bandwidth, BW cng cao th tc ng truyn nhanh v ngc li. Clockrate nh hng n ng truyn? Nu ni nh bn th 1 ng c BW=256 vi Clockrate = 9600 v 1 ng c BW = 64 vi Clockrate = 128000 th ng no s nhanh hn. Mt s kin tr li: - Lnh bandwidth thc cht l to mt tham s u vo tnh ra composite metric (ca IGRP). khi bandwidth cng ln th metric tnh ra cng nh( nh vy con ng s c tin cy cao hn, v s c u tin so vi cc con ng khc n cng mng ch router chn update vo bng nh tuyn). Lnh ny khng c tc dng lm tng tc truyn gia DCE v DTE.

- Cn lnh clockrate, s lm thay i tc truyn d liu v xung nhp cao th d liu s c truyn vi tc cao hn. - Clock rate cng cao th d nhin s cho bn tc cng cao, nhng vi iu kin DTE v DCE phi p ng c. Hn th na tc clockrate khng phi l con s bt k bn ngh ra, ri g vo ! M n c nhng con s c nh sn, v d nh 9600,19200,56000,64000,115200, v ty thuc vo truyn sync hay async m nhng con s quy nh ny khc nhau. Nhng d sao i na th clockrate ny cng khng quyt nh hon ton tc truyn trong 1 s trng hp, th d nh modem async, frame relay, i vi modem async th clock rate ch quyt nh c tc t DTE n DCE m tc thc th ph thuc vo carier ca DCE (modem) . Cn frame relay th clock rate nh hng n access rate m thi, data truyn nhanh hay chm th cn ph thuc CIR. Nhng d sao i na th khi truyn async ta nn cho clockrate > tc carier v nh vy gip cho DTE s gip CPU trn DTE nh ti hn cho cng vic truyn c thi gian trng nhiu hn cho nhng vic khc. Clock Rate ch c ngha trong ch truyn ng b, khng c ngha trong truyn bt ng b. Trong ch truyn bt ng b, ng h xung nhp hai u khc nhau hay ni cch khc l ko ng b vi nhau th vic cp xung nhp s ko c ngha g c. Khi dng lnh clock rate, g ? s ra cc tc ph hp. Con s ny lun l bi s ca 9600 bps. - Trong truyn dn FR, CIR c ngha l tc m bo ca nh cung cp dch v cho khch hng. Trong iu kin mng b nghn th nh cung cp dch v vn m bo tc truyn = CIR m ko thp hn. Do , thng s CIR cng ko nh hng n tc truyn ca FR. - Bandwidth th c tc dng gip cc routing protocol tnh cc composite metric, khng c tc dng v vn tc trong truyn data. - Clockrate th hin tn s trn s liu c chuyn i. Tn s cng cao th s liu c chuyn i cng nhanh. Clockrate lm vic layer 1. Cn bandwidth th hon ton khng lin quan g n layer 1 c. N ch gip cho ngi qun tr theo di d dng hn. Ngai ra, bandwidth cn c mt s dynamic routing protocols nh OSPF, EIGRP dng tnh ton best route n destination. Trong v d trn th ng c clockrate 128k s nhanh hn rt nhiu so vi ng c clockrate 9.6k - Kh nng truyn s liu khng ch ph thuc vo clockrate m cn l thuc vo nhng yu t khc na nh ng kt ni vt l, cng ngh truyn dn. - Trong trng hp dng dial-up, cng ngh hin ti ch cho php n 56K. Xin lu l 56K ch l tc kt ni l thuyt. Tc thc t khi kt ni s thp hn, v d nh 48k. Lu l y khng phi l tc truyn s liu, ch l tc

 thi im kt ni m thi. Trong qu trnh truyn s liu, 2 modems 2 u s lin tc trao i vi nhau v tm ra tc kt ni n nh cao nht. Ty theo ng vt l (xa hay gn, tt hay xu,..) m tc truyn s liu thc t s thay i, chng hn nh ch cn 33.6k, 19.2k hay thm ch khng th truyn c v c qu nhiu li Trong trng hp ca ADSL, cng ngh mi ny cho php truyn s liu mt tc cao hn so vi trng hp dng dial-up. Trong trng hp dng lease line, tc 128k c bo m v ng b trn ton b ng i t im A n im B. Thit b 2 u phi c kh nng h tr hat ng tc ny Tc ny s c nh v khng thay i theo thi gian. - Khi chng ta s dng router Cisco, c hai cu lnh thng dng lin quan n bng thng. Th nht l lnh clock rate, lnh ny nh ngha t l bit lp 1 thc s. Cu lnh c s dng khi router cung cp xung ng h, in hnh khi kt ni router s dng interface serial vi mt vi thit b ln cn(v d nh vi router khc). - Cu lnh bandwidth thit lp lng bng thng sn c trn interface. V d: giao thc nh tuyn EIGRP (Enhanced Interior Gateway Routing Protocol) la chn cc metric cho interface da theo cu lnh bandwidth, khng da theo cu lnh clock rate. Ni tm li, bng thng ch thay i hot ng ca cc tool trn interface nhng khng bao gi thay i tc gi bit tht s trn mt interface. - Mt s tool QoS lin quan n bng thng ca interface, c nh ngha bi cu lnh bandwidth. Cc k s nn xem xt bng thng mc nh khi cho php cc yu t QoS. i vi cc interface serial ca router Cisco, bng thng mc nh c thit lp vi tc T1 bt k bng thng thc s. Nu s dng subinterface, chng tha hng bng thng c thit lp cho interface vt l tng ng.

Bi 11:

AAA
1.1.Gii thiu tng quan AAA 1.1.1.Vic s dng AAA trong v bo mt v iu khin truy cp m rng mng Cc nh qun tr mng ngy nay phi iu khin vic truy cp cng nh gim st thng tin m ngi dng u cui ang thao tc. Nhng vic lm c th a n thnh cng hay tht bi ca cng ty. Vi tng , AAA l cch thc tt nht gim st nhng g m ngi dng u cui c th lm trn

mng. Ta c th xc thc (authentication) ngi dng, cp quyn (authorization) cho ngi dng, cng nh tp hp c thng tin nh thi gian bt u hay kt thc ca ngi dng (accounting). Nh ta thy, bo mt l vn rt quan trng. Vi mc iu khin, tht d dng ci t bo mt v qun tr mng. Ta c th nh ngha cc vai tr (role) a ra cho user nhng lnh m h cn hon thnh nhim v ca h v theo di nhng thay i trong mng. Vi kh nng log li cc s kin, ta c th c nhng s iu chnh thch hp vi tng yu cu t ra.Tt c nhng thnh phn ny l cn thit duy tr tnh an ton, bo mt cho mng. Vi thng tin thu thp c, ta c th tin on vic cp nht cn thit theo thi gian. Yu cu bo mt d liu, gia tng bng thng, gim st cc vn trn mng, tt c u c th tm thy trn dch v AAA. 1.1.2. Tng quan AAA AAA [1] cho php nh qun tr mng bit c cc thng tin quan trng v tnh hnh cng nh mc an ton trong mng. N cung cp vic xc thc (authentication) ngi dng nhm bo m c th nhn dng ng ngi dng. Mt khi nhn dng ngi dng, ta c th gii hn thm quyn (authorization) m ngi dng c th lm. Khi ngi dng s dng mng, ta cng c th gim st tt c nhng g m h lm. AAA vi ba phn xc thc (authentication), cp quyn (authorization), tnh cc (accounting) l cc phn ring bit m ta c th s dng trong dch v mng, cn thit m rng v bo mt mng. AAA c th dng tp hp thng tin t nhiu thit b trn mng. Ta c th bt cc dch v AAA trn router, switch, firewall, cc thit b VPN, server, 1.1.3. nh ngha AAA Cc dch v AAA c chia thnh ba phn, xc thc (authentication), cp quyn (accounting), tnh cc (accounting). Ta s tm hiu s khc nhau ca ba phn ny v cch thc chng lm vic nh th no. iu quan trng nht l hiu v cc kiu khc nhau ca tnh cc (accounting). 1.1.3.1.Xc thc (Authentication) Xc thc dng nhn dng (identify) ngi dng. Trong sut qu trnh xc thc, username v password ca ngi dng c kim tra v i chiu vi c s d liu lu trong AAA Server. Tt nhin, ty thuc vo giao thc m AAA h tr m ha n u, t nht th cng m ha username v password. Xc thc s xc nh ngi dng l ai. V d: Ngi dng c username l vnpro v mt khu l L@bOnlin3 s l hp l v c xc thc thnh cng vi h thng. Sau khi xc thc thnh cng th ngi dng c th truy cp c vo mng. Tin trnh ny ch l mt trong cc thnh phn iu khin ngi dng vi

AAA. Mt khi username v password c chp nhn, AAA c th dng nh ngha thm quyn m ngi dng c php lm trong h thng. 1.1.3.2.Thm quyn (Authorization) Authorization cho php nh qun tr iu khin vic cp quyn trong mt khong thi gian, hay trn tng thit b, tng nhm, tng ngi dng c th hay trn tng giao thc. AAA cho php nh qun tr to ra cc thuc tnh m t cc chc nng ca ngi dng c php lm. Do , ngi dng phi c xc thc trc khi cp quyn cho ngi . AAA Authorization lm vic ging nh mt tp cc thuc tnh m t nhng g m ngi dng c xc thc c th c. V d: ngi dng vnpro sau khi xc thc thnh cng c th ch c php truy cp vo server VNLABPRO_SERVER thng qua FTP. Nhng thuc tnh ny c so snh vi thng tin cha trong c s d liu ca ngi dng v kt qu c tr v AAA xc nh kh nng cng nh gii hn thc t ca ngi . iu ny yu cu c s d liu phi giao tip lin tc vi AAA server trong sut qu trnh kt ni n thit b truy cp t xa (RAS). 1.1.3.3.Tnh cc (Accounting) Accounting cho php nh qun tr c th thu thp thng tin nh thi gian bt u, thi gian kt thc ngi dng truy cp vo h thng, cc cu lnh thc thi, thng k lu lng, vic s dng ti nguyn v sau lu tr thng tin trong h thng c s d liu quan h. Ni cch khc, accounting cho php gim st dch v v ti nguyn c ngi dng s dng. V d: thng k cho thy ngi dng c tn truy cp l vnpro truy cp vo VNLABPRO_SERVER bng giao thc FTP vi s ln l 5 ln. im chnh trong Accounting l cho php ngi qun tr gim st tch cc v tin on c dch v v vic s dng ti nguyn. Thng tin ny c th c dng tnh cc khch hng, qun l mng, kim ton s sch. -----------------------------------------------Bi 12:

Vn duplex trong Ethernet

Ch full-duplex trong Ethernet Cng ging nh trong Ethernet, ci tin performance ta c th dng ch fullduplex. Fast Ethernet c th cung cp tc truyn ln n 100Mbps trong mi chiu truyn, dn n kt qu 200Mbps throughput. Thng lng ti a 200Mbps ny ch t c khi mt thit b (trm lm vic, server, routers hay mt switch khc) kt ni trc tip n mt switchport. Ni cch khc, cc thit b u cui ca mt kt ni phi h tr fullduplex, c kh nng truyn m khng phi ch pht hin v khi phc khi xung t.

c t ca FastEthernet cng cho php tng thch ngc vi 10Mbps Ethernet truyn thng. Trong trng hp 100BaseTX, cc switchport thng c gi l 10/100 ch ra tc dualspeed. Khi ny, hai thit b hai u kt ni s t ng d tm tc sao cho c hai c th hot ng tc cao nht. Qu trnh d tm ny bao gm vic pht hin v chn la cng ngh lp vt l, tm ch halfduplex hay fullduplex. Nu c hai u ca kt ni c cu hnh theo kiu autonegotiate, tc chung cao nht gia hai thit b s c dng.

Trong qu trnh bt tay d tm ch duplex ca mt kt ni, mt s thng tin s c trao i qua li gia hai thit b. iu ny c ngha l, cho qu trnh d tm t ng l thnh cng, c hai u phi c thit lp ch autonegotiate. Nu khc i (ngha l ch c mt u thit lp autonegotiate), mt u ca kt ni s khng nhn c thng tin t u kia v s khng c kh nng xc nh ch chnh xc ang c dng. Nu qu trnh autonegotiation l tht bi, mt switchport s tr v ch t ng ca n l halfduplex.

Cn ch v vn duplex mismatch khi c hai u ca kt ni u khng cu hnh cho autonegotiation. Khi c mismatch xy ra, mt u ca kt ni s dng full-duplex trong khi u xa dng halfduplex. Kt qu l my trm ang hot ng ch half-duplex s lun pht hin ra collision khi c hai u mun truyn. My trm ang chy full-duplex s gi s l n c quyn truyn bt k thi im no. My trm ny s khng dng li v ch. Tnh trng ny dn n li trn kt ni v tc p ng rt chm gia cc my. Qu trnh bt tay s dng bng cc u tin di y. Khi c hai u kt ni c th bt tay nhau nhiu tc , tc no c u tin cao nht s c dng. V d, nu c hai thit b c th chy mc 6 (100BbaseTX fullduplex) v mc 2 (10base2full), mc 6 s c dng.

u tin 7 6 5 4 3 2 1

Ch ethernet 100Base-t2 (full duplex) 100Base-TX (full duplex) 100BASE-t2 (half duplex) 100Base-T4 100Base-TX 10base-T (full duplex) 10Base-T

 m bo cu hnh chnh xc c hai u ca kt ni, Cisco khuyn co cc gi tr v tc truyn, duplex mode phi c cu hnh th cng (manually) trn cc switchports. Yu t ny gip loi tr kh nng mt bn thay i cc ci t, dn n kt ni c th khng dng c. Nu bn cu hnh th cng switchport, hy thit lp lun cho thit b trn u kia ca kt ni cc thng s tng ng. Nu khc i, vn speed mismatch hay duplex mismatch s xy ra.

Bi 13:

Collision domain
Min ng v b m chuyn mch: Mt min ng (Collision domain) l mt tp hp cc thit b c th gi cc khung tin m cc khung tin ny c th b ng vi cc khung tin ca mt thit b khc. Trc khi switch c pht minh, Ethernet thng dng hub hoc cc on cp dng chung nh 10Base2 v 10Base5. Switch trong cng ngh Ethernet gip gim kh nng ng thng qua qu trnh lu cc khung tin trong b m v c ch hot ng lp 2 ca n. Theo nh ngha, Hub trong cng ngh Ethernet s bao gm cc c im sau: - Hot ng ch lp 1 ca m hnh tham chiu OSI. - Khuych i, ti to tn hiu in nng chiu di ng truyn.

Min ng (Collision Domain)

Chuyn tn hiu nhn c trn mt cng ra tt c nhng cng khc ngoi tr cng nhn vo, v khng c b m. Nh vy hub s to ra mt min ng . Ngc li, switch s gii hn min ng trn tng cng ca n. Switch cng dng cng loi cp v khuch i tn hiu ging nh hub, nhng switch lm nhiu vic hn. ng s gim thiu do cc khung tin c m, khi switch nhn c cc khung tin trn cc cng khc nhau, switch lu khung tin trong cc b nh m ngn nga xung t. V d, gi s mt switch nhn ba khung tin cng mt thi im i vo ba cng khc nhau v n phi c a ra cng mt cng ca switch. Lc ny switch s lu hai khung tin trong b nh, v chuyn cc khung tin i mt cch tun t. Khi mt cng ca switch kt ni n mt thit b khng phi l HUB, ng s khng th xy ra. Thit b duy nht c th to ra ng l bn thn cng switch v mt thit b kt ni

vo n v nu mi bn c mt cp cp ring truyn. V ng khng th xy ra, nhng phn on mng trn c th s dng ch song cng. ---------------------------------------------------------Bi 14:

Cc phng thc chng loop ca RIP

Hi t (Convergence) v chng loop: Phn quan trng nht v cng phc tp nht ca RIP nm nhng phng thc chng loop. Ging nh nhng giao thc nh tuyn distance vector khc, RIP s dng kt hp nhng cng c chng loop khc nhau, nhng ng tic rng nhng cng c ny cng lm tng thi gian hi t (convergence) mt cch ng k. S tht, l mt hn ch rt ln ca RIP (k c RIPv2). Bng 8.3 tng hp nhng tnh nng v phng thc lin quan n s hi t v chng loop ca RIP. Tnh nng Split horizon Triggered update M t Thay v qung b tt c cc route ra mt interface, RIP khng qung b nhng route m router hc c t interface ny. Router s gi mt update mi ngay khi thng tin nh tuyn b thay i, thay v phi ch ht thi gian update time. Trigger update cn c tn gi khc l flash update. Khi mt gi tr metric thay i tt hn hoc km hn, router ngay lp tc s gi ra mt thng ip cp nht m khng cn ch cho khong thi gian update timers b ht. Qu trnh ti hi t din ra nhanh hn so vi trng hp phi ch nhng khong thi gian cp nht nh k. Cc thng ip cp nht nh k vn din ra cng vi cc thng ip trigger update. Nh vy mt router c th nhn mt thng tin km v mt route t mt router cha hi t sau khi nhn mt thng tin chnh xc t mt trigger update. Tnh hung ny xy ra v cc li nh tuyn vn c th xy ra trong qu trnh ti hi t. Mt s hiu chnh xa hn na l trong thng ip cp nht, ch bao gm cc a ch mng lm cho vic trigger xy ra. K thut ny lm gim thi gian x l v gim nh hng n bng thng. khi route b li, router s gi update v route i vi infinity-metric (hop count = 16). Router nhn c qung b v mt poisoned route (metric 16) trn mt interface, router s hi p li thng ip

Route poisoning Poison reverse

Update timer

Holddown timer

poison reverse trn cng interface . Qua mi khong thi gian update timer, router s gi update mt ln qua mt interface, mi interface c mt update timer ring, mc nh trn tt c interface l 30 giy. i vi mi route n mt subnet trong bng nh tuyn, nu nh metric ca route thay i n mt gi tr ln hn, thi gian holddown timer s bt u. Trong khong thi gian ny (mc nh l 180 giy) router s khng cp nht route no khc n subnet trong bng nh tuyn cho n khi thi gian holddown timer kt thc. Trigger update s lm tng kh nng p ng mt h thng mng ang hi t. Holddown timers s gip kim sot cc thng tin nh tuyn xu. Nu khong cch n mt mng ch tng (v d s hop count tng t hai ln bn), router s gn mt gi tr thi gian cho route . Cho n khi no thi gian ht hn, router s khng chp nhn bt k cp nht no cho route . R rng c mt s nh i y. Kh nng cc thng tin nh tuyn km b a vo bng nh tuyn l gim nhng b li thi gian hi t s tng ln. Nu thi gian holdown l qu ngn, n s khng hiu qu. Nu khong thi gian l qu di, qu trnh nh tuyn thng thng s b nh hng. i vi mi route tn ti trong bng nh tuyn, thi gian invalid timer s tng cho n khi router nhn c update thng bo v route . Nu nh nhn c update, thi gian invalid s c t v 0. Nu nh router khng nhn c update, m thi gian invalid ht (mc nh l 180 giy), route c xem nh l khng dng c. Thi gian flush timer mc nh l 240 giy, cng ging nh thi gian invalid timer, tuy nhin thi gian flush timer mc nh s tng thm 60 na, trong thi gian ny nu khng nhn c update v route, router s loi route ra khi bng nh tuyn.

Invalid timer

Flush (Garbage) timer

Bi 15:

Tt Frame Relay InARP

Tt InARP: Trong hu ht nhng m hnh mng c a ra, vic s dng InARP l hp l. Tuy nhin, ta c th tt InARP trn interface vt l hay multipoint interface i bng cch s dng lnh no frame-relay inverse-arp trn interface subcommand. C th ngng hot ng InARP trn tt c cc VC ca interface/subinterface, tt c cc VC ca interface/subinterface ng vi mt giao thc L3 ring bit, hay n thun l trn mi DLCI c th. Cu lnh no frame-relay inverse-arp khng ch lm cho router ngng vic gi thng ip InARP ra ngoi, m cn lm cho router khng nhn thng ip InARP. Ly v d, cu lnh no frame-relay inverse-arp ip 400 mode subinterface trn Router R1 trong v d 1.2 khng ch ngn R1 ngng gi thng ip InARP ra DLCI400 ti R4 m cn lm cho R1 b i thng ip InARP nhn trn DLCI400. Bng 15.1 : Tng hp mt s c tnh chi tit v Frame Relay Inverse ARP trn IOS Interface Point-toCch c x trn mi kiu point interface ring bt InARP c i hi LMI khng Lun lun ? InARP c kch hot mt ng cch mc nh ? C th tt hot ng ca C InARP khng ? C th b qua thng ip Lun lun (*) InARP nhn hay khng Interface multipoint hoc interface vt l Lun lun ng Khng Khi InARP b tt i

(*) Interface point-to-point lun lun b qua thng ip InARP, bi v i vi point-to-point interface, ch dng mt DLCI gi n tt c a ch trong cng mt subnet. -------------------------------------------------------

Bi 16:

Giao thc Frame Relay InverseARP

Frame Relay Inverse ARP: IP ARP c bit n nh mt giao thc ph thng v tng i n gin. i vi k thi CCIE cng vy. a s cc cu hi trong phn IP ARP l nhng cu hi n gin. Do , nhng cu hi kh v ch xy dng CEF adjacency table s tp trung vo Frame Relay Inverse ARP, cng chnh v vy m phng thc Frame Relay Inverse ARP s c trnh by c th v chi tit hn. Tng t nh IP ARP, nhim v ca InARP l phn gii gia a ch L3 v a ch L2. a ch L3 chnh l a ch IP, cn a ch L2 y chnh l s DLCI (tng t nh a ch MAC trong IP ARP). Tuy nhin, trong phng thc InARP, router bit c a ch L2 (DLCI), v cn phn gii ra a ch L3 (IP) tng ng.

Hnh sau l mt v d v chc nng ca InARP.

Trong mi trng LAN, i hi phi c mt gi tin (ARP request) n host v kch hot giao thc IP ARP trn host (tr v ARP reply). Tuy nhin , trong mi trng WAN, khng cn mt gi tin no n router kch hot InARP trn router ny, thay vo l mt thng ip v tnh trng LMI (Local Management Interface) s c dng.

Sau khi nhn c thng ip trng thi LMI l LMI PVC Up, router s loan bo a ch IP ca n ra mch lin kt o (VC Virtual Circuit) tng ng thng qua thng ip InARP (nh ngha trong RFC1293). Nh vy, mt khi LMI khng c thc thi th InARP cng khng hot ng bi v khng c thng ip no ni cho router bit gi thng ip InARP. Trong mng Frame Relay, nhng cu hnh chi tit c chon la vi mc ch trnh mt s tnh trng khng mong mun, nhng tnh trng ny s c m t chi tit trong nhng trang k tip ca chng ny. V d khi s dng point-topoint subinterface, vi mi VC thuc mt subnet ring, tt c nhng vn gp phi trong cu hnh ny s c m t r rng c th phng trnh. Bn thn giao thc InARP tng i n gin. Tuy nhin, khi trin khai InARP trn nhng m hnh mng khc nhau, da trn nhng kiu cng khc nhau (cng vt l, cng point-to-point subinterface v multipoint subinterface) th cch thc hot ng ca InARP s tr nn phc tp hn rt nhiu. Sau y l mt v d v h thng mng Frame Relay c thit k theo m hnh mng li khng y (partial mesh) trn cng mt subnet trong khi mi router s dng mt kiu cng khc nhau.

S mng trn ch mang tnh cht l mt v d, n ch s dng trong mi trng hc tp hiu chi tit hn v cch thc hot ng ca InARP. S ny khng nn c p dng trong mi trng mng thc t bi thit k yu km vi nhiu hn ch khi trin khai giao thc nh tuyn bn trn. u tin cu hnh frame relay trn cng multipoint ca R1.

Router1# sh run ! Lines omitted for brevity interface Serial0/0 encapsulation frame-relay interface Serial0/0.11 multipoint ip address 172.31.134.1 255.255.255.0 frame-relay interface-dlci 300 frame-relay interface-dlci 400 ! Lines omitted for brevity K tip, cng serial c tt v bt v cc hng trong InARP trc b xa v vy ta c th quan st tin trnh InARP. Router1# conf t Enter configuration commands, one per line. End with CNTL/Z. Router1(config)# int s 0/0 Router1(config-if)# do clear frame-relay inarp Router1(config-if)# shut Router1(config-if)# no shut Router1(config-if)# ^Z Cc thng ip t lnh debug frame-relay event hin th cc thng ip nhn c InARP trn R1. Ch cc gi tr hex 0xAC1F8603 v 0xAC1F8604, vi cc gi tr thp phn tng ng l 172.31.134.3 and 172.31.134.4 (tng ng vi Router3 v Router4).

Router1# debug frame-relay events *Mar 1 00:09:45.334: Serial0/0.11: FR ARP input *Mar 1 00:09:45.334: datagramstart = 0392BA0E, datagramsize = 34 *Mar 1 00:09:45.334: FR encap = 048C10300 *Mar 1 00:09:45.334: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00 *Mar 1 00:09:45.334: AC 1F 86 03 48 C1 AC 1F 86 01 01 02 00 00 *Mar 1 00:09:45.334: *Mar 1 00:09:45.334: Serial0/0.11: FR ARP input *Mar 1 00:09:45.334: datagramstart = 0392B8CE, datagramsize = 34 *Mar 1 00:09:45.338: FR encap = 064010300 *Mar 1 00:09:45.338: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00 *Mar 1 00:09:45.338: AC 1F 86 04 64 01 AC 1F 86 01 01 02 00 00 K tip, ch lnh show frame-relay map c bao gm t kha dynamic, ngha l cc hng c hc thng qua InARP. Router1# show frame-relay map Serial0/0.11 (up): ip 172.31.134.3 dlci 300(012C,048C0), dynamic, broadcast, status defined, active Serial0/0.11 (up): ip 172.31.134.4 dlci 400(0190,06400), dynamic, broadcast, status defined, active Trn R3, lnh show frame-relay map ch lit k mt hng duy nht nhng nh dng th khc. Bi v R3 dng point-to-point subinterface, hng ny khng c hc thng qua InARP v kt qu lnh khng bao gm t kha Dynamic. Cng ch l kt qu khng cho thy a ch Layer 3 no.

Router3# show frame-relay map Serial0/0.3333 (up): point-to-point dlci, dlci 100(064,01840), broadcast status defined, active Ch : Trong v d trn ta thy xut hin lnh do trong ch cu hnh. Lnh do cho php cu hnh trong configuration mode nhng thc hin chc nng exec mode m khng phi thot khi mode configuration. V d lnh do clear frame-relay inarp thc hin configuration mode tng ng vi vic ta thc hin lnh clear frame-relay inarp ch ton cc. Trong v d trn, lnh show cho thy Router R1 nhn v s dng thng tin InARP; tuy nhin Router R3 th khng s dng thng tin InARP nhn vo. H iu hnh Cisco IOS hiu rng ch mt VC c thit lp vi mt subinterface point-to-point; mi mt a ch IP u cui khc trn cng mt subnet ch c th tham chiu n duy nht mt s DLCI. V vy, mi thng tin InARP nhn c lin kt n s DLCI l khng cn thit. Ly v d, khi no Router R3 cn gi mt gi tin n Router R1(172.31.134.1), hay n mi u cui khc trong subnet 172.31.134.0/24. T chnh cu hnh ca mnh, Router R3 bit rng phi gi qua s DLCI trn point-to-point subinterface , ngha l qua DLCI 100. V vy, mc d c ba kiu cng c dng cho cu hnh Frame Relay h tr InARP mt cch mc nh, point-topoint subinterface s b qua thng tin InARP nhn c. ---------------------------------------------------Bi 17: Gii thiu v IPv6 Hai vn ln m IP v.4 ang phi i mt l vic thiu ht cc a ch, c bit l cc khng gian a ch tm trung (lp B) v vic pht trin v kch thc rt nguy him ca cc bng nh tuyn trong Internet. Trong nhng nm 1990, CIDR c xy dng da trn khi nim mt n a ch (address mask). CIDR tm thi khc phc c nhng vn nu trn. Kha cnh t chc mang tnh th bc ca CIDR ci tin kh nng m rng ca IPv.4. Mc d c thm nhiu cng c khc ra i nh k thut subnetting (1985), k thut VLSM (1987) v CIDR (1993), cc k thut trn khng cu vt IP v.4 ra khi mt vn n gin: khng c a ch cho cc nhu cu tng lai. C khong 4 t a ch IPv.4 nhng khong a ch ny l s khng trong tng lai vi nhng thit b kt ni vo Internet v cc thit b ng dng trong gia nh c th yu cu a ch IP.

Mt vi gii php tm thi, chng hn nh dng RFC1918 trong dng mt phn khng gian a ch lm cc a ch dnh ring v NAT l mt cng c cho php hng ngn hosts truy cp vo Internet ch vi mt vi IP hp l. Tuy nhin gii php mang tnh di hn l vic a vo IPv.6 vi cu trc a ch 128-bit. Khng gian a ch rng ln ca IPv.6 khng ch cung cp nhiu khng gian a ch hn IPv.4 m cn c nhng ci tin v cu trc. Vi 128 bits, s c 340,282,366,920,938,463,463,374,607,431,768,211,456 a ch. Trong nm 1994, IETF xut IPv.6 trong RFC 1752. IPv.6 khc phc vo mt s vn nh thiu ht a ch, cht lng dch v, t ng cu hnh a ch, vn xc thc v bo mt. i vi mt doanh nghip dng h tng mng theo IPV4, chuyn sang IPv6 khng phi l vic d dng. Mt giao thc IP mi s yu cu cc phn mm mi, cc phn cng mi v cc phng php qun tr mi. Cng c th, IPv4 v IPv6 s cng tn ti, ngay c bn trong mt Autonomous System trong khong thi gian sp ti. IP v.6 c cc c im v li ch nh sau: Khng gian a ch rng ln a ch unicast v a ch multicast Tng hp a ch (address aggregation) T ng cu hnh Renumbering Cu trc header n gin, hiu qu Bo mt C ng Cc tu chn chuyn i t IPv4 sang IPv6 Nh c nh ngha trong RFC1884 v RFC2373, cc a ch IPv6 l 128-bit dng nhn dng cho cc cng ca routers v tp cc cng ca routers. C ba kiu a ch tn ti: - Unicast: l a ch cho mt giao tip. Mt gi d liu c gi ti mt a ch Unicast s c phn phi ti cng giao tip c ch ra bi a ch . - Anycast: l a ch cho tp hp cc cng giao tip. Cc tp ny thng thng thuc v cc node khc nhau. Mt gi d liu c gi ti mt a ch anycast s c phn phi n cng giao tip gn nht hay u tin trong nhm anycast.

- Multicast: a ch cho mt tp hp cc cng giao tip (thng thng thuc v cc node khc nhau). Khi mt gi c gi n mt a ch multicast, tt c cc cng giao tip s nhn c gi d liu ny. vit mt a ch dng 128-bit dng d c hn, kin trc ca IPv6 loi b dng c php du chm thp phn ca IPv4 m ch dng dng thp lc phn. V vy, IPv6 c th c vit bao gm 32 k t dng hex vi du hai chm : tch a ch ra thnh tm phn, mi phn c chiu di 16-bit. Theo cc k hoch hin ti, cc node chy IPv6 kt ni vo Internet s dng mt k thut gi l a ch kh kt ton cc (aggregatable global unicast address). Trong c nhiu im tng ng vi k thut summary nh trong version 4. a ch tch hp ca IPv6 c ba mc: Mc public topology: l tp hp cc nh cung cp kt ni Internet. Mc vng: mc ny l cc b i vi cc t chc. Mc cng giao tip: mc ny nh hng n cc cng giao tip ring l. Linklocal address l a ch ch c s dng trn 1 kt ni (hay 1 cng ca router) v a ch ny phi duy nht trong lin kt . a ch ny c th c s dng trong mng cc b (cc my c chung a ch mng )v c th khng c router trong mng ny. a ch ny c dng :FE80::<MAC>. Subnet ID ca lai a ch ny c gn =0. Do lai a ch ny khng th c s dng giao tip ra khi subnet cc b c. ----------------------------------------------------Bi 18:

Khi nim Vlan (CCNA level)

Trong mi trng Ethernet LAN, tp hp cc thit b cng nhn mt gi broadcast bi bt k mt thit b cn li c gi l mt broadcast domain. Trn cc switch khng h tr VLAN, switch s y tt c cc broadcast ra tt c cc cng, ngoi tr cng m n nhn frame. Kt qu l, tt c cc interface trn loi switch ny l cng broadcast domain. Nu switch ny kt ni n cc switch v cc hub khc, cc cng trn switch ny cng s trong cng broadcast domain. Mt VLAN n gin l mt tp hp ca cc switchport nm trong cng broadcast domain. Cc cng c th c nhm vo cc vlan khc nhau trn tng switch v trn nhiu switch. Bng cch to ra nhiu VLAN, cc switch s to ra nhiu broadcast domains. Khi , khi c mt broadcast c gi bi mt thit b nm trong mt vlan s c chuyn n nhng thit b khc trong cng

vlan, tuy nhin broadcast s khng c forward n cc thit b trong vlan khc. Mi Vlan nn c mt ip subnet hay ni cch khc, cc thit b trong mt vlan thng dng chung mt dy a ch IP.Tuy nhin, ta vn c th t nhiu a ch trong mt vlan v dng secondary address trn cc routers nh tuyn gia cc vlan v cc subnets. Bn cng c th thit k mt mng dng ch mt subnets trn nhiu vlan v dng routers vi chc nng proxy-arp chuyn traffic gia cc hosts trong cc vlan ny. Private vlan c th c xem nh gm mt subnet trn nhiu vlan. Cc L2 switch chuyn cc frame gia cc thit b trn cng mt vlan nhng n khng chuyn frame gia cc thit b khc vlan. chuyn d liu gia hai vlan, mt thit b L3 switch hoc routers phi c dng. VLAN Trunking Protocol: VTP qung b cc thng tin cu hnh vlan n cc switch lng ging cc cu hnh vlan c th c thc hin trn mt switch, trong khi tt c cc switch khc trong h thng mng s hc thng tin vlan. VTP thng qung b cc thng tin nh vlan ID, vlan name v kiu vlan cho tng vlan. Tuy nhin, VTP thng khng qung b bt c thng tin no v cc switchport no trong tng vlan no, v vy cu hnh kt hp switch interface no vi vlan no vn phi c cu hnh trn tng switch. Ngoi ra, s tn ti ca vlan ID c dng cho private vlan cng c qung b, nhng cc thng tin chi tit bn trong private vlan cng s khng c qung b bi VTP.

Chc nng Gi ra cc thng tin qung b VTP X l cc thng tin VTP nhn c cp nht cu hnh vlan Trung chuyn cc thng tin qung b ca VTP Lu thng tin vlan trong NVRAM hay vlan.dat C th to, thay i v xa vlan dng cc lnh cu hnh

Server mode Yes Yes Yes Yes Yes

Client No Yes Yes No No

Transparent No No Yes Yes Yes

Cc tin trnh VTP v ch s revision number: Tin trnh cp nht ca VTP bt u khi ngi qun tr thm vo hoc xa cu hnh ca vlan trn VTP server. Khi cu hnh mi xut hin, VTP s tng gi tr VTP revision ln 1 v qung b ton b c s d liu vlan vi gi tr revision number mi. Khi nim ch s VTP cho php cc switch bit khi no c s thay i trong c s d liu vlan. Khi nhn c mt cp nht VTP, nu ch s VTP trong cp nht VTP l cao hn ch s revision number hin hnh, switch s cho rng c mt phin bn mi ca c s d liu vlan. Mc nh Cisco switch dng ch VTP server nhng switch s khng gi cc cp nht VTP cho n khi no n c cu hnh VTP domain name. thi im ny, server bt u gi cc cp nht VTP vi cc phin bn c s d liu khc nhau v cc ch s revision number khc nhau khi c thng tin cu hnh vlan database thay i. Tuy nhin cc VTP client tht s khng c cu hnh VTP domain name. Nu khng c cu hnh, client s gi s l n s dng VTP domain name trong gi tin cp nht VTP u tin m n nhn c. Tuy nhin, client vn phi cn cu hnh VTP mode. Khi cu hnh VTP, tng tnh d phng, cc h thng mng dng VTP thng dng ti thiu hai VTP server. Trong iu kin bnh thng, mt s thay i v vlan c th ch thc hin trn switch server v cc VTP server khc s cp nht s thay i ny. Sau khi cp nht xong, VTP server s lu cc thng tin cu hnh vlan thng trc (v d nh trong NVRAM) trong khi client khng lu thng tin ny. Vic h tr nhiu VTP server gy ra mt kh nng khc l vic v tnh thay i cu hnh vlan ca h thng mng. Khi mt VTP Client hoc mt VTP transparent switch kt ni ln u vo mt h thng mng thng qua kt ni trunk, n khng th nh hng n cu hnh hin ti bi v cc ch hot ng ny khng to ra cc gi tin cp nht VTP. Tuy nhin nu mt switch mi hot ng ch VTP server c gn vo mng thng qua kt ni trunk, switch c kh nng thay i cu hnh vlan ca cc switch khc bng chnh thng tin ca switch mi. Nu switch mi c cc c im sau, n s c th thay i cu hnh cc switch khc: - Kt ni l trunk. - Switch mi c cng VTP domain. - Ch s revision number l cao hn cc switch hin c. - Nu mt khu ca VTP domain l c cu hnh, mt khu ca switch mi phi l ging. Ch s revision number v tn VTP domain c th c thy thng qua cc phn mm sniffer. ngn nga kiu tn cng DoS dng VTP, hy ci t mt khu cho VTP. Mt khu ny thng c m ha dng MD5. Ngoi ra, vi ni trin khai ch n gin dng VTP transparent mode trn tt c cc switch, ngn nga switch khi vic lng nghe cc cp nht VTP t cc switch khc.

Bi 19:

Gigabit Ethernet v 10Gigabit Ethernet

Gigabit Ethernet: GE, lp vt l c b sung tng tc truyn. C hai cng ngh c kt hp vi nhau t c u im ca tng cng ngh: IEEE 802.3 v ANSI X3T11 FibreChannel. Cc yu t ca 802.3 nh nh dng frame, CSMA/CD, fullduplex v cc c im khc vn c gi li. FibreChannel th cung cp mt nn tng mch ASIC tc cao, cc thnh phn cp quang, cc c ch m ha, gii m.Kt qu ca hai giao thc ny l IEEE 802.3z Gigabit Ethernet. Gigabit Ethernet h tr vi loi cabling, c gi l 1000BaseX. Kiu GE Kiu cp 1000BASE-CX Shield twisted-pair (STP) 1000Base-T EIA/TIA Cat5 UTP S cp 1 4 Chiu di 25m 100m

Trong mng campus, bn c th dng Gigabit Ethernet trong switch block, core block v server block. Trong switch block, GE c th dng kt ni access layer switch ln distribution switch. Trong core block, GE dng kt ni distribution ln core switch v kt ni cc thit b core vi nhau. Trong server block, GE c th cung cp cc kt ni tc cao n tng server ring l. Trn Cisco switch, cc cng Gigabit lun c thit lp ch fullduplex. Do qu trnh t ng bt tay duplex mode l khng th. Cc switch Catalyst chun ha cc giao tip GBIC v SFP. GBIC v SFP cho php cc loi cp khc nhau c th kt ni. Cc module giao tip l hotswappable v c kh nng cm vo switch h tr loi media khc. Cc giao tip GBIC c th dng giao tip cp quang SC v RJ45, SFP c th dng LC v MT-RJ fiber optic. GBIC v SFP c h tr trn nhng cng Gigabit Ethernet sau: 1000BaseSX dng SC connector v cp quang multimode MMF cho khong cch ln n 550m. 1000BaseLX/LH dng SC connector v c th dng vi cp quang MMF n 550m cn SMF vi khong cch ln n 10km. 1000BaseZX dng SC connector v SMF, c khong cch ln n 70km thm ch n 100km vi loi cp quang tt.

Gigastack dng mt loi connector c bit vi tc truyn d liu cao gip bo ton tn hiu v chng nhiu, cho php kt ni GBIC-GBIC gia cc switch. Kt ni l fullduplex nu ch c mt stacking connector c dng. Nu c hai connector c dng, kt ni ny tr thnh halfduplex trn shared bus. 1000BaseT h tr kt ni RJ45 dng c 4 pair, hot ng vi khong cch ln n 100m. S bm dy l cc chn 1,2,3,6,4,5,7,8 s kt ni n 3,6,1,2,7,8 v 4,5 trong trng hp bm cp cho. Cc module quang lun c chn nhn d liu bn tri v chn truyn d liu bn phi. Cc module ny c th to ra cc bc x, v vy phi lun che cc chn bng cc nt cao su v khng nn nhn trc tip vo connector. 10-Gigabit Ethernet: Cc c im lp 2 ca Ethernet vn c bo ton: nh dng frame, MAC protocol vn khng thay i. 10GbE khc vi cc cng ngh Ethernet tin bi ca n ch lp PHYSICAL.10GbE hot ng ch full duplex. Chun ny nh ngha vi kiu transceiver c th c dng nh cc giao tip phn cng c lp (PMD Physical media dependent). LAN PHY: Kt ni cc switch trong mng campus, ch yu l lp core. WAN PHY: Giao tip vi cc mng SONET/SDH trong cc mng MAN. Cc giao tip PMD cng c mt cch t tn chun chung, ging nh GigabitEthernet. Chun 10-Gigabit s c k hiu l 10GBASE-X. Bng di y s lit k cc loi PMD khc nhau. Tt c cc loi PMD dng cp quang c th c dng trong LAN PHY hay WAN PHY ngoi tr loi 10Gbase-LX4, ch dng cho LAN PHY. Ngoi ra, bn cn bit rng cc loi PMD c bc sng di thng c chi ph cao hn cc loi khc. Kiu PMD 10Gbase-SR/SW 9850 nm serial) Fiber media MMF 50 micron Khong cch tI a Catalyst switch 66m N/A

10Gbase-LR/LW (1310 nm serial) 10Gbase-ER/EW (1550 nm serial) 10GBAse-

MMF: 50 micron 300m (2 GHz* km modal bandwidth) MMF: 62.5 micron 33m SMF: 9 micron 10km SMF 9 micron MMF 50 micron 40 km 300m

Catalyst 6500 Catalyst 6500 N/A

LX4/LW4 (1310 nm WWDM) MMF 62.5 micron 300m SMF 9 micron 10 km N/A

----------------------------------------------Bi 20:

Ethernet 10Mbps
Ethernet l mt cng ngh LAN da trn chun IEEE 802.3. Ethernet cung cp bng thng 10Mbps gia cc ngi dng cui. dng n gin nht, Ethernet s dng mt thit b chia s bng thng (hub). Thit b ny b xem nh l mt collision domain v broadcast domain. Khi s lng ngi dng tng ln, kh nng mt ngi dng truyn d liu mt thi im cng tng ln. Nu c mt ngi dng khc cng c gng truyn d liu, xung t (collision) s xy ra. Ni cch khc, c hai ngi dng khng th truyn d liu cng mt thi im nu c hai cng dng chung mt hub. Ethernet hot ng da trn cng ngh CSMA/CD. Theo , khng c ng xy ra, mt my truyn phi lui v mt khong thi gian ngu nhin. Switched Ethernet gii quyt vn ny bng cch cp mt phn bng thng 10Mbps n tng port. Lc ny, collision t xy ra v collision domain s gim. Do , cc my trm khng cn phi ch n lt truyn. Thay vo , cc my trm c th hot ng ch fullduplex: truyn v nhn ng thi. Ch fullduplex s tng hiu nng ca h thng mng, cung cp mt thng lng 20Mbps. Mt mi quan tm khc khi ni v mng Ethernet 10-Mbps l vn cp. Ethernet thng dng cp UTP, c gii hn khong cch 100m. Trong mng campus, Ethernet thng c dng lp access, gia cc thit b ca ngi dng cui. Ethernet 10Mbps khng c dng lp distribution hay lp core.

Fast Ethernet
Fast Ethernet hot ng tc 100Mbps v c c t trong IEEE802.3u. Cc nguyn tc CSMA/CD, vn cp v cc giao thc lp cao hn u c duy tr ging nh trong Ethernet. Mng campus thng dng FE cc switch lp access hoc distribution nu nh khng c sn cc kt ni tc cao hn. Cp c dng cho FastEthernet thng l UTP hoc cp quang. Cng ngh 100Base-TX 100Base-T2 100BaseT4 100Base FX Kiu cp S cp EIA/TIA cat 5 UTP 2 EIA/TIA Cat 3 4 5 UTP 2 EIA/TIA Cat 3 4 5 UTP 4 Cp quang a mode MMF: 62.5 4 Chiu di cp 100m 100m 100m 100m

micron core, 125 micron core (62.5/125) Single mode fiber SMF

10k

Ch full-duplex: Cng ging nh trong Ethernet, ci tin performance ta c th dng ch fullduplex. FE c th cung cp tc truyn ln n 100Mbps trong mi chiu truyn, dn n kt qu 200Mbps throughput. Thng lng ti a 200Mbps ny ch t c khi mt thit b (trm lm vic, server, routers hay mt switch khc) kt ni trc tip n mt switchport. Ni cch khc, cc thit b u cui ca mt kt ni phi h tr fullduplex, c kh nng truyn m khng phi ch pht hin v khi phc khi xung t. c t ca FastEthernet cng cho php tng thch ngc vi 10Mbps Ethernet truyn thng. Trong trng hp 100BaseTX, cc switchport thng c gi l 10/100 ch ra tc dualspeed. Khi ny, hai thit b hai u kt ni s t ng d tm tc sao cho c hai c th hot ng tc cao nht. Qu trnh d tm ny bao gm vic pht hin v chn la cng ngh lp vt l, tm ch halfduplex hay fullduplex. Nu c hai u ca kt ni c cu hnh theo kiu autonegotiate, tc chung cao nht gia hai thit b s c dng. Trong qu trnh bt tay d tm ch duplex ca mt kt ni, mt s thng tin s c trao i qua li gia hai thit b. iu ny c ngha l, cho qu trnh d tm t ng l thnh cng, c hai u phi c thit lp ch autonegotiate. Nu khc i (ngha l ch c mt u thit lp autonegotiate), mt u ca kt ni s khng nhn c thng tin t u kia v s khng c kh nng xc nh ch chnh xc ang c dng. Nu qu trnh autonegotiation l tht bi, mt switchport s tr v ch t ng ca n l halfduplex. Cn ch v vn duplex mismatch khi c hai u ca kt ni u khng cu hnh cho autonegotiation. Khi c mismatch xy ra, mt u ca kt ni s dng full-duplex trong khi u xa dng halfduplex. Kt qu l my trm ang hot ng ch half-duplex s lun pht hin ra collision khi c hai u mun truyn. My trm ang chy full-duplex s gi s l n c quyn truyn bt k thi im no. My trm ny s khng dng li v ch. Tnh trng ny dn n li trn kt ni v tc p ng rt chm gia cc my. Qu trnh bt tay s dng bng cc u tin di y. Khi c hai u kt ni c th bt tay nhau nhiu tc , tc no c u tin cao nht s c dng. V d, nu c hai thit b c th chy mc 6 (100BbaseTX fullduplex) v mc 2 (10base2full), mc 6 s c dng.

 u tin 7 6 5 4 3 2 1

Ch ethernet 100Base-t2 (full duplex) 100Base-TX (full duplex) 100BASE-t2 (half duplex) 100Base-T4 100Base-TX 10base-T (full duplex) 10Base-T

m bo cu hnh chnh xc c hai u ca kt ni, Cisco khuyn co cc gi tr v tc truyn, duplex mode phi c cu hnh th cng (manually) trn cc switchports. Yu t ny gip loi tr kh nng mt bn thay i cc ci t, dn n kt ni c th khng dng c. Nu bn cu hnh th cng switchport, hy thit lp lun cho thit b trn u kia ca kt ni cc thng s tng ng. Nu khc i, vn speed mismatch hay duplex mismatch s xy ra. ----------------------------------------------Bi 21:

Kinh nghim hc thi wireless

Kinh nghim cho cc bn mun hc thi chng ch CWNA Nh cc bn cng bit, CWNA cng l mt chng ch quc t nn ni chung vic hc n cng tng t nh hc cc chng ch khc, y ti s a ra cch hc tng qut cc bn c th p dng khi hc bt k chng ch no ch khng ring g CWNA. + c sch: tt nhin ri, hc bt c ci g cng cn phi c sch. Mc d bit y l mt vn bit ri, kh lm, ni mi nhng a s chng ta u mc phi mt bnh kinh nin l li. Chng ta li trong mi chuyn ch khng ring g vic c sch, bnh li ny c bit kh cha i vi i a s nam gii, iu ny cng d hiu thi, bn tnh n ng l vy m. (Mt l do na khin chng ta t c sch l khng c thi gian c bit l vi nhng ngi i lm, cn i vi cc bn sinh vin c l vn cn mi bn chi). Nu nh c c gng lm ngi c vo bn c sch th cng ch c vi ting l cng nhng nh vy cng l tt lm ri. y ti mun nhn mnh khng phi s lng m l cht lng. ng vy, cho d cc bn ngi lu, c nhiu sch nhng cc bn khng bit mnh c ci g, lm g th cc bn c c xong ri cng chng hiu thm c g, ch mt thi gian. Nh vy trc

khi c cc bn phi xc nh xem mnh s c v ci g, iu ny gip chng ta tp trung ch v ci mnh ang c. Trong qu trnh c cc bn c th ch thch, gch chn hay t mu nhng on quan trng hoc bn c th ghi li vo mt quyn s nh (khuyn khch cch ny v c ghi th chng ta mi nh c v n cng rt tin khi chng ta n li th ch cn xem quyn s ny thi, khi cn lt nguyn c quyn sch). V cui cng, sau khi c xong mt on, mt mc, mt phn hay mt chng th bn nn ngm li xem mnh c c nhng g, hiu c g khng, y l cch rt tt gip chng ta nh lu. Cc bn thy ti ni di dng lm phi khng, tht s nu nh cc bn hnh thnh mt thi quen ri th mi vic s tr nn rt n gin. + Hc nhm: y c l l phng thuc hu hiu nht cha bnh li. Khi hc nhm, ta c th tn dng ti a kin thc ca nhiu ngi khc nhau cng gii quyt mt bi ton hay mt vn l thuyt phc tp m khi nghin cu mt mnh ta khng ti no hiu c. Hn na, mi ngi mt trong qu trnh tranh lun s gip cho bui hc thm sinh ng, hp dn, khng nhm chn nhu khi ta t hc. Cc bn lu l hy ch ng tham gia vo cc cuc tranh lun, nu khng c ch kin ca mnh th hy th hin k nng lng nghe ca bn xem kin ca nhng ngi khc c ng hay khng, nu sai th hy lp tc phn bin ngay, n s gip bn nh mt vn rt lu . + Tham gia din n: y l cch hc tit kim nht, th hin tnh hin i, dch chuyn ca cc bn tr ngy nay. Mt kh khn ca cch hc ny l i khi c mt vn ta a ln din n c tun thm ch c thng tri vn khng c ai tr li gip bn, trong trng hp ny th ch cn cch duy nht l t mnh cu ly ta m thi. Nu cc bn mun mi ngi gip mnh th trc tin mnh hy gip mi ngi, cc bn hy tr li nhng bi vit trn din n trong kh nng ca cc bn, din n l ni mi ngi gip ln nhau, khng c ai ch nhn thi m khng bao gi cho c. Hin nay c rt nhiu din n v cc ch khc nhau, nu nh bn ch quan tm n mng ni chung cng nh mng khng dy ni ring th chng ta c th vo http://www. wimaxpro.org, http://vnpro.org/forum (ting Vit), cn i vi cc bn kh ting Anh th c th vo http://cwnp.com/phpBB2/index.php hoc http://www.sadikhov.com/forum/ + ng k mt kha hc: y l cch hc tn tin nht ph hp vi nhng ngi khng c kh nng t hc, tuy nhin n m bo cho bn c c kh nng lm vic thc t nhiu hn so vi cc cch cn li v trong mt kha hc bao gm lun c phn l thuyt ln thc hnh nn bn c th hiu c, nm bt c vn ngay sau khi thc hnh. Sau khi hon thnh kha hc th bn c th bt tay vo lm vic c ngay m khng cn phi m mm nh nhng ngi t hc. Mt thun li na ca cch hc ny l nu nh bn hc mt trung tm uy tn th khi i xin vic, cc nh tuyn dng s tin tng kh nng thc s ca bn hn cc ng vin khc. Tt nhin, vic hc mt trung tm uy tn khng bo m bn s l mt ngi gii, mi vic vn do chnh bn quyt nh m thi. Trc khi n lp hc, bn hy c v ch m bn s

c hc, trong lp hc bn hy th hin tnh nng ng ca mnh bng cch tch cc lng nghe ging vin ri c gng t ra nhng cu hi mang tnh xy dng gip chng ta hiu bi hn. Cn trong gi thc hnh th cc bn hy c suy ngh tm cch gii quyt bi ton t ra theo cch ca ring mnh ch ng chp nguyn cu hnh trong sch lab li, nu nh vy th chng c g ni, chng cn g hc c. Sau khi cu hnh xong, cc bn nn lu file cu hnh li v nh cn c li ngay sau bui thc hnh hm , n s gip cc bn hiu c vn ca bi ton v nh lu hn. + Trc khi thi: khong 1 hay 2 tun trc khi thi l thi gian tt nht chng ta n li nhng kin thc hc, vic ny gip bn c mt ci nhn tng quan v tt c nhng iu m bn hc trong sut thi gian va qua, kt ni li cc kin thc m trong qu trnh hc ta c tng nh chng chng c lin quan g nhau. c li cc file cu hnh m bn tng lm, sau khi c, c th bn s ng ra c nhiu iu th v y. Vic cui cng v kh quan trng chnh l luyn thi m c th hn chnh l lm cc cu hi trc nghim gip cho chng ta lm quen vi thi khi vo thi chng ta khng b chong trc cc cu hi ca . Cc thi mu cc bn c th mua t Tesking, Pass4sure, Actualtest Mt iu lu cho cc bn l cc bn khng nn tin hon ton vo cch gii ca cc thi mu ny v theo kinh nghim ca ti, n sai kh nhiu. C nhng cu n tr li sai ri gii thch rt ngon khin mnh khng th khng tin vo n. Cc bn nn vn dng kin thc hc ca mnh tr li cc cu hi trc khi xem kt qu v gii thch ca n c ph hp khng. + Trong lc thi: iu quan trng nht ti mun ni chnh l bnh tnh v t tin ri cc bn s chin thng. + Sau khi thi: cn g hnh phc bng vic ta vt bao nhiu gian kh, tn thi gian tin bc, gi y mnh t c ci mnh mun ri. C mt cu m ti thng hay nghe cc bn ni mi ln thi xong l nhu thi, hy vng hai t s lun c vang ln mi khi cc bn thi xong. Li cui cng ti mun nhn nh n cc bn l Hy hc bng tt c s am m ca mnh, hy lm sao mi ln hc chng ta li ni l c hc ch khng phi l phi hc. Khng c ai p buc bn lm vic g c, ch c bn mi bit c vic g l tt nht cho mnh, hy lm n vi tt c s am m ca mnh, ng bao gi b cuc v cui cng thnh cng s n vi bn m thi!

Bi 22:

Qui trnh khi phc password cho router Cisco.

I. i vi Cisco 1600, 1700 and 2600 Series Routers: 1. Vo HyperTerminal (Private Edition 5.0 or higher) console. 2. Tt router, sau bt li. Nhn Ctrl-Break trong vng 60 giy monitor: command "boot" aborted due to user interrupt rommon 1 > 3. Dng lnh confreg i ni dung thanh ghi sang 2142. rommon 1 >confreg 0x2142 4. Reboot the router with the reset command. rommon 2 >reset 5. Sau khi reboot, dng Ctrl-C vo user mode: router> 6. router>enable router#copy startup-config running-config 7. router>enable router#show startup-config 8. t li password mi: router#config term router(config)#enable secret newpassword router(config)#enable password newpassword router(config)#line con 0 router(config-line)#login router(config-line)#password newpassword router(config)#line aux 0 router(config-line)#login

router(config-line)#password newpassword router(config)#line vty 0 4 router(config-line)#login router(config-line)#password newpassword 9. #copy run start 10. Khi phc gi tr thanh ghi v 0x2102 router#config term router(config)#config-register 0x2102 router(config)#exit router#copy running-config startup-config 11. Kim tra ni dung thanh ghi router#show version Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-DO3S-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 17-Aug-99 13:18 by cmong Image text-base: 0x80008088, data-base: 0x80CB67B0 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) 1 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2142 (will be 0x2102 at next reload) II. Cisco 2500 Series Routers: 1. Thit lp HyperTerminal (Private Edition 5.0 or higher) console . 2. Tt routers, sau bt li. Nhn CTRL-BREAK trong vng 60 giy. Abort at 0x10EA884 (PC) > 3. i ni dung thanh ghi thnh 0x2142 >o/r 0x2142 (lower case of the letter O for o/r and zero for 0x2142)

4. Reboot router >i 5. Nhn Ctrl-C vo user mode khi router khi ng li router> 6. Vo enable mode router>enable router#copy startup-config running-config 7. Thc hin cc lnh show running-config or show startup-config router#show startup-config 8. router#config term router(config)#enable secret newpassword router(config)#enable password newpassword router(config)#line con 0 router(config-line)#login router(config-line)#password newpassword router(config)#line aux 0 router(config-line)#login router(config-line)#password newpassword router(config)#line vty 0 4 router(config-line)#login router(config-line)#password newpassword 9. Copying the startup-configuration to running-configuration. Thc hin lnh no shutdown trn tt c cc interface c dng. 10. Chuyn ni dung thanh ghi v gi tr ban u. Lu cu hnh router#config term router(config)#config-register 0x2102 router#copy running-config startup-config 11. Kim tra thanh ghi c gi tr l 2102 bng lnh show version router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-D-L), Version 12.0(4), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc.

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1) 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 1 ISDN Basic Rate interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 (will be 0x2102 at next reload) 12. Reboot the router. router#reload -------------------------------------------------Bi 23:

Cc khi nim routing c bn

Khi trong bng routing-table ca router c 2 hoc nhiu ng i n mt destination network, vic chia ti (load-balancing) s din ra. Qu trnh chia ti c th chia thnh hai kiu: 1. Per packet: tng packet khi i vo router s c x l ring l( process switching). Router s c destination network ca packet, search bng routing table v sau s switch packet ra interface ph hp. Do nu bng route ca router c hai ng i n cng mt a ch network, cc packet s c chia ti u trn c hai ng. 2. Per destination: ch c packet u tin thc hin theo qui trnh trn. tt c cc packet cn li s dng kt qu c lu trong cache. bng routing-table s khng c tham kho cho cc packet sau. Ch mc nh ca router l fastswitching. Bn c th chuyn sang process-switching bng lnh no ip routecache. cn ch l ch c th thc hin debug ip packet nu router hot ng process switching. 1. AS ( Autonomous System): Mt nhm cc routers c chung chnh sch qun l, c chung mt ngun qun l k thut duy nht v thng thng dng mt IGP (Interior Gateway Protocol). Mi AS c gn bng mt s duy nht t 1 n 65535, trong gi tr t 64512 n 65535 c dng lm gi tr ring, c gn cho cc AS cc b

2. Hi t (covergence): Qu trnh tnh ton bng routing-table trn cc router sao cho tt c cc bng c chung mt trng thi nht qun. 3. chia ti (load balancing): Cho php vic truyn packet n mt network ch din ra trn hai hoc nhiu ng i khc nhau. 4. Metric: tt c cc routing protocols dng metric nh lng ng i nhm tm ra ng i tt nht. Mt vi protocol dng metric rt n gin, v d nh RIP dng hop-count. EIGRP dng metric phc tp hn, bao gm bng thng, delay, reliabiliity... 5. Passive interface: Ngn nga cc routing update gi ra mt interface no . Tuy nhin, interface ny vn c th lng nghe cc routing update do cc router khc gi v. Lnh ny c dng trong router mode. 6. Redistribution: Qu trnh chia x route c hc t cc ngun khc nhau. V d bn c th redistribute route c hc t RIP vo OSPF (trong trng hp ny bn c th gp vn vi VLSM). Hoc bn c th redistribute static route vo EIGRP. Qu trinh redistribution ny phn ln phi cu hnh bng tay ( manually) 7. Route flapping: Trng thi thay i thng xuyn ca route. Qu trnh ny c th gy ra nhng vn nghim trng. V d nh nhng h thng mng chy ospf c th phi lin tc tnh ton li database v broadcast nhng thay i ny. 8. Static route: static route c th ch n mt host, mt network. Bn cng c th dng floating static route, trong route ny c thay i gi tr AD cao hn gi tr ca cc routing protocol ang dng. 9. AD: l mt i lng ch s tin cy ca cc routing protocol.

Bi 24: So snh chc nng Routing v Switching trong Router Phn ny so snh vai tr ca routing v switching v lm th no kt hp hai chc nng ny chuyn gi tin i trn mng. Cisco phn bit rt r s khc nhau gia cc chc nng ny ca mt router. S khc nhau tht ra kh n gin. di chuyn mt gi tin bn trong mt router t mt cng giao tip ny n mt cng giao tip kia, ng i v ch phi c xc nh v sau gi tin ny s c gi ra interface hng ra. Qu trnh tm ng l chc nng ca routing trong khi qu trnh gi mt gi tin i ra interface l chc nng ca switching. Chc nng routing Chc nng routing chu trch nhim hc cc hnh dng logic ca mng v sau ra quyt nh da trn kin thc . Cc quyt nh c thc hin bi router s xc nh khi no th mt gi tin i vo c th c route v nu nh vy, s c route nh th no. Khi mt gi tin c nhn, qu trnh nh tuyn s tri qua vi bc. Cc bc ny c th tm tt trong cc cu hi nh sau: - Giao thc routed v giao thc routing cho gi tin (thuc v giao thc ) c c ci t trn router hay khng? - Nu c ci t, c mt ng i no cho mt h thng mng xa tn ti trong bng nh tuyn hay khng? - Nu mng ch l khng c trong bng nh tuyn, c tuyn ng mc nh no c cu hnh hay khng? - Nu c mt tuyn ng mc nh tnh hoc ng, a ch ch c n c khng? - ng i tt nht v mt mng no l nh th no? - C nhiu ng i c chi ph bng nhau hay khng? - Nu c nhiu ng i c chi ph bng nhau, interface no s c dng y gi i ra. Chc nng Switching Chc nng switch lin quan n vic di chuyn d liu trn mt router. Chc nng ny s chu trch nhim chuyn gi tin. Switching ch c thc hin sau khi nhng quyt nh v routing c thc hin. Mc d router ra quyt nh, vn cn mt vi quyt nh phi thc hin bng phn cng. Chc nng switching ny thc hin nhng vic sau: 1. Kim tra frame u vo xem c hp l 2. Kim tra c phi frame ny c a ch ch l a ch L2 ca router hay

khng 3. Kim tra kch thc frame c hp l hay khng? 4. Kim tra phn CRC ca frame 5. G b phn mo u v phn cui ca frame. Sau kim tra a ch ch vi cc thng tin trong cache 6. To ra cc header v trailer mi v a ra cng ra ca router Mi quan h gia routing v switching trong Cisco Router Mt gi tin s c router chp nhn nu cu trc frame ca n cha a ch L2 ca mt trong nhng cng ca router. Nu cu hnh a ch l ng, sau khi frame c kim tra, frame v ni dung ca frame c a vo b m. B m c cha trong b nh hoc trong mt vi phn cng c bit ca router. Nu a ch ngn v a ch ch L3 ca gi tin khng nhn thy bi router trc , gi tin s c process switch hoc routed. Hnh ng ny bao gm - Khi mt gi phi c chuyn i, mt qu trnh tm kim trong bng nh tuyn s c kch hot v router s quyt nh s chuyn gi tin i nh th no. - Gi tin sau s c ng gi vi giao thc L2 ph hp. - Nu c ch fast-switching c dng, gi tin s c kim tra li mt ln na. Mt tuyn s c a vo cache. Mt entry trong cache s bao gm: IP Prefix, cng i ra ca router, phn header lp 2 c dng chuyn gi tin i Cc gi tin theo sau trong cng lung d liu, nu phn a ch ch l so trng trong route-cache, gi tin s c chuyn i dng thng tin trong cache. Chc nng routing lc ny khng b nh hng. Kiu cache c dng ph thuc vo kiu phn cng c dng. Cc kiu switching l fast switching, autonomous switching, silicon switching v CEF. ------------------------------------------Bi 25: TCP: qu trnh thit lp kt ni v hy kt ni Cc kt ni TCP v cc cng Hai ng dng dng TCP phi thit lp mt kt ni TCP trc khi d liu c th c truyn. Mi kt ni s tn ti gia mt cp TCP sockets vi socket c nh ngha nh l mt kt hp ca a ch IP, cng c dng, giao thc lp transport. Qu trnh thit lp kt ni, khi to socket bao gm gi tr cng ngun v cng ch, ch s tun t v ACK. Hnh 6-2 m t tin trnh bt tay ba ln trong thit lp TCP v qu trnh hy mt kt ni TCP.

Trong qu trnh thit lp kt ni, hai host s chn la cng, chn la ch s tun t sequence-number v dng cc ch s ca TCP nhn ra thng ip trong qu trnh bt tay ba chiu. u tin, i vi vn cng, bn server phi lng nghe cc yu cu kt ni t client, trong trng hp ny l cng 80. Pha client s chn mt cng cha dng lm source port, thng l gi tr 1024 hoc ln hn. Lu rng khi so snh cc segment trong tin trnh trn, gi tr port l khng i. Trong phn header ca TCP c bao gm vi trng c gi tr 1-bit, gi l cc c. Cc c ny phc v cho cc mc ch khc nhau. Cc c SYN v ACK s ch ra mt segment c phi l segment u tin hay l th hai trong mt kt ni TCP mi. Mt segment c c SYN s l segment u tin trong mt kt ni TCP. Mt segment c c SYN v ACK s l segment th hai trong mt kt ni. Cc c ny cho php cc host d dng nhn ra cc yu cu kt ni mi. Ch s ban u c th c gn v bt k gi tr hp l no v thng khng c gn v 0. Hy nh rng trong qu trnh khi phc li, vic s dng cc gi tr ny l c lp trong c hai chiu. Qu trnh khi phc li thc hin qu trnh khi phc li, TCP s gi cc cng nhn ACK khi nhn c d liu. Khi d liu gi i khng c ACK, bn gi c th gi li d liu. Hnh di y m t tin trnh mt web server gi ra 1000-bytes trong khi segment th hai b mt, d liu s c khi phc li.

V d trn m t mt tin trnh khi phc li trong bn gi (my web) nhn c mt ACK trong ch ra rng mt segment b mt. Lu rng trng ACK s ch ra byte mong i k tip- ch khng phi l byte nhn c cui cng. Cng lu rng trng ACK v trng sequence ch ra s bytes, ch khng phi ch ra TCP segment. Bn my gi s gi ra mt b nh thi timers, da trn gi tr TCP Measured Round Trip Time (MRTT) sao cho nu mt ACK l khng nhn c, my gi s gi li tt c nhng d liu khng c cng nhn m khng ch cho bn my nhn gi mt yu cu truyn li. ---------------------------------------------Bi 26: Dng a ch ca IPv6 a ch IPv6 th rt khc so vi a ch IPv4. Khng ch khc nhau v kch thc (di hn gp 4 ln) m s khc nhau cn trong dng biu hin dng thp lc phn so vi dng thp phn. Cc du : s tch cc s dng thp lc phn l cc thnh phn ca a ch 128-bit. Mt v d ca a ch Ipv6 l nh sau: 4021:0000:240E:0000:0000:0AC0:3428:121C trnh nhm ln, li v cc trng thi phc tp khng cn thit, cc lut sau s c xc nh: Cc s dng thp lc phn khng phn bit ch thng v ch hoa. Bt c mt s 0 no ng trc cc vng 16 bit c th c b qua v c

tng trng bng du :. Mt cp du :: ch ra rng cc gi tr 16 bit ca cc s 0 c rt gn. Qu trnh nhn dng s s d dng nhn ra s ch s 0 b thu gn bng cch thm vo s ch s 0 cho n khi no thu c mt a ch di 128-bit Ch c mt cp cc du : l cho php tn ti trong mt a ch bi v qu trnh nhn dng s khng th ch ra c bao nhiu s 0 trong mi v tr. V d a ch 4021:0000:240E:0000:0000:0AC0:3428:121C c th c vit dng 4021:0:240E::0AC0:3428:121C Mc d khng th c hai phin bn ca hai du ::, cc vng vi nhiu ch s 0 ch c th c biu din nh 0. Trong v d nu trn, cc ch s 0 trong vng th hai ca a ch c thu gn li thnh mt ch s 0. Nu mt a ch khng c phn host, a ch c th kt thc dng ::. V d 4021:0:240E::. IPv6 c th c nhiu dng v n c kh nng gii quyt cc hn ch ca IPv4. Cu trc ba mc ny c th hin thng qua cu trc ca a ch tch hp ca IPv6, trong bao gm cc vng sau: Vng tin t FP: 3 bit ca FP s c dng ch ra kiu ca a ch (l unicast. Multicast). Gi tr 001 ch ra y l a ch ton cc Vng TLA ID (top level aggregation) c dng ch ra mc thm quyn cho a ch ny. Cc Internet Router s duy tr cc bng cn thit cho tt c cc gi tr TLA. VI 13-bit, vng ny c th c n 8,192 TLAs. RES field (8 bits): kin trc ca IPv6 nh ngha vng dnh ring sao cho cc gi tr TLA hoc NLA c th m rng. Hin ti, gi tr ny bng zero NLA ID (24 bits): vng ny c dng ch ra ISP. Vng ny c th c sp xp phn nh mi quan h gia cc ISP. LSA ID (16 bits): c dng bi cc t chc to ra cc kin trc a ch bn trong ca n v ch ra cc mng con. Interface ID (64 bits): ch ra cc cng giao tip ring l trn mt kt ni. Vng ny l tng t nh vng host trn IPv4 nhng n c dn xut t dng a ch IEEE EUI-64 bit. Dng a ch ny tng t nh a ch MAC nhng thm vo mt vng 16 bit. Thm vo dng a ch tch hp ton cc nu trn, IPv6 h tr cc a ch ni b, tng t nh cc a ch RFC1918. Nu mt node khng c gn mt a ch ton cc hay mt a ch cc b nu trn, n c th c nh v bng a ch kt ni cc b, ch ra mt phn on mng. LocalUse Unicast address: c gi l a ch n hng dng ni b, c dng cho mt t chc c mng my tnh ring ( dng ni b) cha ni vi mng Internet tan cu hin ti nhng sn sng ni c khi cn. Ngai ra a ch ny cn c chia thnh 2 loi l Link-Local ( nhn dng ng kt ni local) v Site local (nhn dng trong phm vi ni b c th nhiu nhm Node Subnet). Link-local, s c s dng ngay ln u khi thit b IPv6 bt ln. Do kh nng t cu hnh ca

IPv6, nn khi thit b c bt ln, t ng mt a ch l link-local s c gn. Ch l a ch ny khng phi do ta gn m do my t gn giao tip trong ni b kt ni, ngha l vi cc host c chung a ch subnet. Sau , khi thy c router tn ti trong mng th my s gi cc gi tin router solicitation v advertising xin router 1 subnet ID to site-local s dng giao tip gia cc subnet. Ch l 2 a ch ny khng c nh tuyn ra internet. IPv6 Multicast Addresses Mt a ch multicast l mt a ch xc nh mt nhm cc cng ca router, thng thng trn cc h thng u cui khc nhau. Cc gi tin s c phn phi n tt c cc h thng c ch ra trong a ch multicast. S dng a ch multicast th hiu qu hn a ch broadcast, trong yu cu tt c cc h thng u cui phi ngng tt c cc vic ang x l. Bi v mt a ch multicast l mt a ch ca mt nhm cc my tnh, nu mt my tnh khng phi l thnh vin ca nhm a ch ny, n s drop cc gi layer 2. Tuy nhin broadcast vn c x l trc khi cc h thng xc nh rng dng broadcast ny l khng lin quan n n. Cc thit b lp 2 thng lan truyn cc broadcast bi v cc a ch broadcast khng c lu tr trong bng CAM. Khng ging nh router (hnh ng mc nh ca router l drop cc gi tin trong phn a ch l khng bit), switch s pht tn tt c cc frame vi phn a ch l khng xc nh ra tt c cc cng ca switch. V mt l thuyt, iu ny cng ng vi cc a ch multicast mc d mt vi thit b c cc c ch thng minh gii hn cc dng truyn multicast. IPv6 khng dng c ch broadcast m ch da vo a ch multicast. Mc d IPv4 dng a ch multicast nh nh ngha RFC2356, n s dng theo mt cch khc. Cc a ch IPv6 c cc dy a ch khc nhau. Tt c cc a ch IPv6 bt u vi 8 bit u tin gn bng 1. V vy tt c cc a ch multicast s bng u vi gi tr F. Dy a ch multicast l FF00::/8 - FFFF::/8 Gi tr octet th hai, theo sau octet u tin, ch ra tm vc v thi gian sng ca a ch multicast. Theo cch ny, IPv6 c hng triu nhm a ch multicast. Tm tt a ch (Address Aggregation) Qu trnh tm tt cc route, bt c khi no c th, l quan trng trong Internet. Bng nh tuyn th d qun l hn vi cch hin thc CIDR. Mc d tt c cc s a ch trong IPv6 cho php cp pht hu nh v tn cc a ch, kin trc ca IPv6 vn cho php trin khai theo dng c cu trc sao cho n khng b qu ti. Nh trong IPv4, cc bit bn tri ca a ch c dng tm tt cc a ch mng xut hin pha phi ca cu trc a ch. Nh vy, a ch IPv4 140.108.128.0/17 c th bao gm cc subnets 140.108.225.0/24. iu ny c ngha l bng nh tuyn c th route n tt c cc subnets nhng thay v c 128 a ch subnet nm trong bng nh tuyn, ch cn 1 dng duy nht tng

trng cho tt c cc route. ch ra mt subnet nh hn, cc qui lut thng thng trong nh tuyn vn c tun theo v gi tin c gi ti cho router qung b network 140.108.128.0/17. Router ny trong bng nh tuyn ca n c nhiu thng tin chi tit hn, s chuyn gi cho n khi n n c network ch. Trong IPv6, kin trc a ch cho php iu chnh tt hn dng a ch c dng trong Internet. a ch th rt di v mi phn phc v mt chc nng khc nhau. 48-bit u tin ca a ch c dng bi IANA cho qu trnh nh tuyn ng trong Interner to ra cc a ch kh kt ton cc. Ba bit u tin c gn gi tr 001 ch ra mt a ch ton cc. -------------------------------------------Bi 27: Gii thiu v WinPCap Trong rt nhiu phn mm ng dng mng, cc bn hay gp phn mm WinPCap, c bit trong qu trnh ci t Dynamips/Dynagen. 1. Gii thiu v Winpcap: nh ngha: Winpcap l mt th vin m ngun m cho vic bt gi (captrure paket) v phn tch mng, trn nn tng (platform) win32. Winpcap h tr nhng chc nng sau: Thu thp nhng gi d liu th, mt l ngay trn chnh my ang chy truyn d liu i v mt l s trao i bi nhng my khc trn mi trng chia s. Lc gi d liu theo nhng lut ca ngi dng trc khi chng c truyn ti ng dng Truyn nhng gi d liu th ti mng Thu thp thng tin thng k lu lng mng Mt tp cc tnh nng ny c c cung cp, khi m bn ci c n nh l mt trnh iu khin thit b (device driver), v n c ci t bn trong phn hot ng mng ca phn nhn win32 (win32 kernel) cng vi mt cp th vin ng DLL.

Loi chng trnh s dng winpcap Nhng chng trnh m da trn winpcap: B my phn tch mng v giao thc Gim st mng Traffic logger Traffic generator user-level bridges and routers H thng pht hin xm nhp mng NIDS Network scanner Cng c bo mt Cu trc ca winpcap

N bao gm ba thnh phn chnh: b lc gi mc kernel, mt th vin packet.dll mc thp, v mt th vin c lp vi h thng wpcap.dll mc cao. Packet.dll: cung cp mt API mc thp (application program interface) truy xut trc tip ti trnh iu khin, c lp vi h iu hnh microsoft. S cung cp cc chc nng sau: Ci t, khi to v dng trnh iu khin NPF (NPF device driver) Nhn gi t trnh iu khin NPF Gi gi n trnh iu khin NPF Thu c mt danh sch cc card mng

 Ly li thng tin khc nhau v mng: miu t, danh sch a ch, netmask Truy vn v thit lp cc thng s cho mt card iu hp Source code packet.dll. (nm trong th mc packet) Wpcap: cung cp mt tp cc chc nng bt gi mc cao m n tng thch vi libpcap (dng trn linux), m n hot ng c lp vi phn cng mng v h iu hnh. Source wpcap.dll (nm trong th mc wincap) NPF (netgroup packet filter) device driver: m ngun nm trong th mc driver dnh cho h iu hnh NT Hot ng quan trng nht ca NPF l capture gi. B iu khin pht hin gi trn NIC v phn phi chng nguyn vn n ng dng ngi dng. -------------------------------------------Bi 28:

wireless cho ngi mi bt u

C bn v Wireless LAN Gii thiu Cc h thng mng switched Ethernet thng c dng trong cc mng doanh nghip ngy nay. Cc kt ni Ethernet thng c dng t thit b lp li (core layer device), xung n lp phn phi (distribution), xung dn n lp truy cp (access layer). Theo truyn thng, cc ngi dng u cui phi dng dy mng kt ni vo h thng mng campus. Tuy nhin, cng ngh mng khng dy cho php cc thit b lp access ca mng campus c th m rng n ngi dng cui m khng cn dng dy. Vi vic dng cc thit b mng khng dy, ngi dng cui c th tr nn c ng v c th di chuyn d dng m khng h b mt kt ni mng. Bi vit ny s gii thiu mt ci nhn tng quan v cc cng ngh c dng trong mng khng dy WLAN. Khi hiu v quen thuc vi mt vi l thuyt c bn ca mng khng dy, bn s c kh nng hiu, thit k v dng cc thit b mng khng dy m rng h thng mng kt ni vi ngi dng. C bn v mng khng dy Bi vit ny s gii thiu mng khng dy ni b WLAN t gc nhn thc t. Ti liu trnh by da trn nhng kin thc bn c trong cc ch v mng chuyn mch LAN trong kha hc ccnp switching. Sau cng, mc tiu ca bi vit ny gip bn c kin thc v wireless c th tch hp cng ngh ny vo mng ca bn.

So snh mng c dy v mng khng dy Mt mng khng dy c tch hp mt cch chnh xc vo mng switched c dy nh th no? Ngc li, chc nng switching s tch hp vo mng khng dy nh th no? Trc khi tr li cc cu hi ny, bn c th cn so snh hai cng ngh ny vi nhau. mc c bn nht, mng c dy th s dng dy v mng khng dy s khng c dy. iu ny thot nghe c v khi hi, nhng tht ra n cho thy mt vi khc nhau c bn mc vt l m bi vit s cp n phn sau. Mng Ethernet truyn thng c nh ngha bi cc chun IEEE 802.3. Mi kt ni Ethernet phi hot ng trong tnh trng c kim sot nghim ngt, c bit i vi nhng c ch lin quan n lp vt l. V d, cc c ch v trng thi kt ni, tc kt ni v ch duplex phi hot ng theo ng chun m t. Wireless LAN cng phi c yu cu tng t nhng li c nh ngha trong 802.11. Nhng thit b Ethernet dng dy phi truyn v nhn cc Ethernet frame theo phng thc Carrier Sense Multiple Access/Collision Detect (CSMA/CD). Theo , trn mt phn on mng dng chung, khi cc my PC truyn thng theo ch half duplex, tng PC c th ni chuyn t do vi nhau trc, v sau b xung t hay cn gi l ng (collision) nu cc thit b khc cng ang ni chuyn. Ton b tin trnh pht hin xung t (collision) da trn vic cc kt ni c dy c mt chiu di ti a v c mt tr ti a khi mt frame i t mt u ca phn on mng ny n mt u kia ca phn on. Khi h tng mng l dng chung, bt k mt tn hiu in ny cng c truyn dn trn ng dy cng c th xung t vi mt tn hiu ca mt thit b khc. Khi hai hoc nhiu Ethernet frame chng lp ln ng truyn mt thi im no , collision xy ra. Collision s dn n cc li bit v mt frame (bit error). Nhng kt ni Ethernet hot ng theo ch full duplex s khng gp phi vn collision hay cnh tranh nhau v bng thng. Mc d vy, cc kt ni ny vn phi tun th theo cng mt c t. V d, nhng Ethernet frame vn phi truyn v nhn trong mt khong thi gian trn mt kt ni full duplex. iu ny s p t chiu di ca on cp dng trong full duplex v half duplex phi l ging nhau. Mc d cc mng WLAN cng da trn mt tp hp cc chun kht khe, chnh yu t phng tin truyn cng l mt thch thc. Ni chung, khi mt PC kt ni n mt mng c dy, PC s chia s kt ni mng vi mt s lng my bit trc cng kt ni vo mng c dy . Khi cng mt PC dng mt mng khng dy, n cng chia s tng t, nhng thng qua khng kh. Trong mng khng dy, h tng r rng l khng tn ti cc on dy cp mng hay

cc cm mng. Tht ra cc ngi dng mng khng dy wireless khc cng ton quyn s dng cng khng gian truyn chung . Mng wireless LAN sau tr thnh mt mng dng chung, trong c mt s lng my cnh tranh vi nhau dng khng kh, tc h tng mng mi thi im. Vn xung t (collision) l mt vn mun tha trong lnh vc khng dy bi v mi thit b khng dy u trong ch half-duplex. Mng 802.11 lun lun hot ng ch half duplex bi v cc trm truyn v nhn s dng cng mt tn s. Ch c mt my truyn mt thi im, nu khng, s c collision xy ra. c th tr thnh full duplex, tt c cc my phi truyn trong mt tn s khc v s nhn trong mt tn s khc. Mc d iu ny nghe c v kh thi, chun 802.11 khng cho php hot ng ch full duplex. --------------------------------------------Bi 29: Trnh nghn trong mng khng dy WLAN Khi hai hoc nhiu trm khng dy cng truyn mt thi im, tn hiu tr thnh b nhiu. My trm bn pha nhn ch c th nhn kt qu nh nhng d liu rc, nhiu hay b li. Tht ra, khng c mt cch thc r rng xc nh l xung t collision xy ra. Ngay c vi my truyn ang gy ra xung t cng khng nhn ra, v lc phn nhn ca n phi tt i. c mt c ch phn hi hiu qu, trong mng khng dy, bt c khi no mt trm truyn i mt frame, bn trm nhn phi gi mt frame ACK xc nhn l frame c nhn chnh xc, khng b li. Cc frame ACK hot ng nh mt cng c c bn pht hin xung t, tuy nhin, cng c ny khng gip ngn nga xung t xy ra. Chun 802.11 dng mt phng php gi l Carrier Sense Multiple Access Collision Avoidance (CSMA/CA). Ch rng mng c dy 802.3 pht hin (detect) xung t, trong khi 802.11 c gng trnh (avoid) xung t. Trnh nghn hot ng bng cch yu cu tt c cc my trm lng nghe trc khi n truyn i mt frame. Khi mt my trm c mt frame cn phi truyn, mt trong hai trng thi sau c th xy ra: - Khng c thit b no khc ang truyn: lc ny my trm c th truyn frame i ngay lp tc. Bn my nhn d kin phi gi mt frame ACK xc nhn rng frame ban u n ng v khng b ng . - C mt thit b khc ang truyn mt frame: lc ny my ca ta phi ch cho n khi no frame ang truyn l hon tt, sau n phi ch mt khong thi gian ngu nghin trc khi c th truyn frame ca chnh n. Cc frame wireless c th thay i v kch thc. Khi mt frame c truyn,

lm th no cc my khc bit l frame c truyn hon tt v ng truyn (sng v tuyn) l rnh cho cc my khc s dng? R rng, cc my trm ch c th lng nghe trong yn lng, nhng nu lm th th khng phi lun lun l hiu qu. Cc my trm khng dy khc c th cng lng nghe v cng c th truyn cng mt thi im. Chun 802.11 yu cu tt c cc my trm phi ch mt khong thi gian. Khong thi gian ny c gi l khong thi gian gia cc frame DCF (DCF interframe space). Sau khong thi gian ny, cc my trm mi c th truyn. Bn my truyn c th ch ra mt khong thi gian d kin gi i ht mt frame bng cch ch ra trong mt trng ca frame 802.11. Khong thi gian ny cha s timeslot (thng tnh bng n v microseconds) cn thit truyn frame. Cc my trm khc phi xem gi tr cha trong header ny v phi ch khong thi gian trc khi truyn cho chnh n. Bi v tt c cc frame phi ch cng mt khong thi gian ch ra trong frame, tt c cc my c th s quyt nh cng truyn khi khong thi gian tri qua. iu ny c th dn n hin tng xung t, chnh l mt hin tng cn trnh. Bn cnh thng s thi gian nu trn, cc trm khng dy cng phi trin khai mt b nh thi ngu nhin. Trc khi truyn mt frame, my tnh phi chn mt s ngu nhin time slot phi ch. Con s ny s nm trong khong t zero n kch thc ti a ca s cnh tranh. tng c bn ca cch lm ny l khi mt my mun truyn, mi my s ch mt khong thi gian ngu nhin, gim s trm c gng truyn ng thi cng lc. Ton b tin trnh ny c gi l chc nng phi hp phn phi. Chc nng ny c m t trong hnh di y. Ba ngi dng wireless c cng mt frame phi truyn cc khong thi gian khc nhau. Mt chui cc s kin sau s xy ra: 1. Ngi dng A lng nghe v xc nh rng khng c ngi dng no khc ang truyn. Ngi dng A truyn frame ca n, ng thi qung b khong thi gian truyn frame. 2. Ngi dng B cng c frame truyn. Anh ta phi ch cho n khi no frame ca ngi dng A l hon tt, sau , phi ch ht khong thi gian DIFS (thi gian phi hp phn phi) hon tt. 3. Ngi dng B phi ch mt khong thi gian ngu nhin trc khi c gng truyn. 4. Khi ngi dng B ang ch, ngi dng C c frame phi truyn. Anh ta lng nghe v pht hin rng khng c ai ang truyn. Ngi dng C phi ch mt khong thi gian ngu nhin. Khong thi gian ny l ngn hn khong thi gian ngu nhin ca ngi dng B. 5. Ngi dng C truyn frame v qung b khong thi gian truyn. 6. Ngi dng B phi ch khong thi gian truyn frame ca ngi dng C

cng vi khong thi gian gia cc frame DIFS trc khi c gng truyn li mt ln na.

------------------------------------Bi 30: Cc khi WLAN trong mng campus mc c bn nht, h tng ca mng khng dy khng c mt t chc nht qun nu so snh vi mng c dy. V d, mt my PC vi mt card wireless c th s bt kt ni khng dy ca n mi lc mi ni. Mt iu t nhin l, PC c th truyn v nhn d liu, mt vi hot ng phi din ra. Trong cc thut ng ca 802.11, mt nhm cc thit b mng khng dy bt k c gi l mt tp hp cc dch v (service set). Cc thit thit b khng dy phi c cng tn tp hp dch v (service set identified SSID). y l mt chui c cha trong mi frame c gi ra. Nu SSID gia thit b gi v thit b nhn l ging nhau, hai thit b c th giao tip vi nhau. Chun 802.11 cho php hai hoc nhiu cc thit b khng dy giao tip trc tip vi nhau m khng cn thm bt k phng tin hay thit b no khc. M hnh mng ny c gi l m hnh mng ad-hoc, hoc cn gi l tp hp cc dch v c bn c lp (Independent Basic Service Set IBSS). M hnh c m t trong hnh v bn di:

Khng c mt cch kim sot c nh vi s thit b c th truyn v nhn trn mt h tng khng dy. Ngoi ra, c nhiu thng s c th nh hng n vic mt my trm c th truyn hoc nhn n cc my trm khc. iu ny khin cho vic to ra mt kt ni tin cy n tt c cc trm khc tr nn kh khn. Mt tp hp dch v mc c bn BSS s tp trung gii quyt vn truy cp v vn kim sot mt nhm cc thit b mng khng dy bng cch t mt access point AP l l mt thit b ng vai tr tp trung. Bt k thit b khng dy no c gng dng h tng mng u tin phi sp xp tr thnh thnh vin ca AP. Thit b AP c th s yu cu mt trong nhng iu kin sau, trc khi cho php mt my trm tham gia vo: - SSID phi ging nhau. - Mt tc truyn d liu tng thch. - Hon tt vn xc thc. Mi quan h ca mt client vi mt AP c gi l mt kt hp (association). My client phi gi mt thng ip c cha yu cu kt hp. Sau AP s gn quyn hay t chi yu cu trn bng cch gi ra mt thng ip tr li. Khi c kt hp thnh cng, tt c cc truyn thng vo/ra t my trm phi thng qua AP. Hot ng ny minh ha hnh B trong hnh v bn trn. Cc my trm khng cn c th giao tip vi nhau nh trong m hnh adhoc trc y na (cn gi l m hnh IBSS).

Thit b AP khng phi l mt thit b hon ton b ng ging nh mt Ethernet hub. Mt AP qun l mng khng dy ca n, qung b s tn ti ca chnh n sao cho cc my trm c th kt hp, sau AP s kim sot tin trnh kt hp ny. V d, bn hy nh li rng mi khung d liu khi c gi thnh cng thng qua kt ni khng dy u phi c nhn ACK. AP sau chu trch nhim gi ACK ngc v cho my truyn. Bn cng nn nh rng, bt chp trng thi kt hp l nh th no, mt my trm c kh nng lng nghe hoc nhn cc frame c gi thng qua h tng khng dy. Cc frame th tri ni trong khng kh, v c th truy cp bi bt c thit b no nm trong dy tn s cho php nhn chng. Bn ch rng m hnh tp hp dch v c bn BSS bao gm mt AP v khng c mt kt ni r rng n mt mng Ethernet thng thng. Nu ta trin khai m hnh nh trn, Access Point v cc my trm ca n to thnh mt mng c lp. Mt AP cng c th kt ni uplink vo mt h thng mng Ethernet bi v trn AP c h tr cc kt ni khng dy v c dy. Nu AP t trong cc v tr vt l khc nhau, n c th dng kt ni vo h tng mng ca doanh nghip. M hnh kt ni ny c gi l m hnh dch v m rng 802.11 Extended Service Set. Trong m hnh ESS, mt my trm ch c th kt ni vo mt AP khi my gn AP . Nu my trm sau di chuyn sang v tr khc, n c th kt ni vi cc AP gn . Chun 802.11 cng nh ngha mt cch thc cho php cc my trm trung chuyn (roaming) t AP ny sang AP khc khi v tr ca my trm khng dy thay i. ------------------------------------------------------Bi 31:

Hot ng ca AP
Chc nng c bn ca mt AP l lm cu ni (bridge) cho nhng d liu mng khng dy t khng kh (mi trng sng v tuyn) vo mng c dy bnh thng. Mt AP c th chp nhn nhng kt ni t mt s cc my trm khng dy sao cho n c th tr thnh cc thnh vin bnh thng ca mt mng LAN dng dy. Mt AP cng c th hot ng nh mt cu ni (bridge) hnh thnh mt kt ni khng dy gia mt mng LAN ny v mt mng LAN khc trn mt khong cch xa. Trong tnh hung , mi u ca kt ni khng dy cn mt access point. Kiu kt ni ny gi l AP-to-AP hoc kt ni line-of-sight, thng c dng kt ni gia cc ta nh. Cisco cng pht trin mt loi AP c th lm cu ni cho cc loi lu lng trong mng khng dy t AP ny sang AP kia, theo kiu mt chui cc cu ni.

Kiu kt ni ny cho php mt vng khng gian ln c th c bao ph bi mng khng dy. Cc AP lc ny s hnh thnh nn s mess, rt ging vi m hnh ESS, trong cc AP kt ni lin hon vi nhau thng qua cc kt ni khng dy khc. AP hot ng nh mt im truy cp trung tm, kim sot cc truy cp t cc my trm. Bt k my trm no khi c gng dng WLAN th trc ht phi thit lp mt kt ni vi mt AP. AP c th cho php kt ni theo dng m sao cho bt k my trm no cng c th kt hp, hoc c th kim sot cht ch hn bng cch yu cu xc thc, hoc c th dng cc tiu chun khc trc khi cho php kt hp. Hot ng ca WLAN th lin quan cht ch n qu trnh phn hi t u bn kia ca kt ni khng dy. V d, cc my trm phi bt tay vi AP trc khi n c th kt ni v s dng mng khng dy. mc c bn nht, yu cu ny m bo mt kt ni hai chiu bi v c my trm v AP u c kh nng truyn v nhn frame thnh cng. Tin trnh ny s loi b kh nng truyn thng mt chiu, khi my trm ch c th nghe AP nhng AP th khng th nghe my trm. Ngoi ra, AP c th kim sot nhiu kha cnh ca phm vi mng khng dy ca n bng cch yu cu mt s iu kin phi c p ng trc khi my trm c th kt ni vo. V d, AP c th yu cu my client h tr mt tc truyn d liu c th, p ng cc bin php bo mt v cc yu cu xc thc trong qu trnh kt hp. Bn c th ngh mt AP l mt thit b bt cu, trong frame t cc phng tin, h tng khc nhau s c chuyn i v chuyn i lp 2. Ni mt cch n gin, mt AP s chu trch nhim nh x mt vlan vo mt SSID.

Trong phn bn tri ca s trn minh ha cho tnh hung ta mun m rng vlan 10 ra mt AP, dng mt cng ca switch ch access. AP sau s nh x vlan 10 sang mng wireless dng SSID l marketing. Cc ngi dng kt hp vi SSID marketting s c cc my khc xem nh ang kt ni vo vlan 10. Khi nim ny c th c m rng nhiu vlan c nh x vo nhiu SSID. lm c iu ny, AP phi kt ni n switch thng qua kt ni trunk trong mang nhiu vlan. Trong phn bn phi ca hnh trn, vlan 10 v vlan 20 u c trunk n AP. AP dng 802.1q rng buc vlan vi SSID. V d, vlan 10 c nh x n SSID marketing trong khi vlan 20 th nh x n SSID Engineering. Kt qu l, khi mt AP dng nhiu SSID, n s mang nhiu vlan thng qua sng v tuyn n ngi dng cui. Ngi dng cui phi chn SSID ph hp c nh x vo vlan tng ng. ---------------------------------------------Bi 32:

Wireless LAN cells

Mt AP c th cung cp kt ni WLAN n cc client ch trong tm vc pht sng ca n. Phm vi tn hiu c th c nh ngha mt cch tng i bi loi n ten ang c dng cho AP. Trong mi trng khng kh, phm vi ny c th l mt hnh cu bao bc xung quanh mt n ten v hng. t nht, phm vi ph sng s xut hin nh mt vng trn trn mt bng ca sn. Bn cng cn nh rng, phm vi ph sng l ba chiu, ngha l cng nh hng n cc sn bn trn v bn di, trong trng hp bn trin khai trong mt to nh nhiu tng. V tr t AP phi c hoch nh k lng sao cho phm vi ph sng t c mc cn thit. Mc d bn thit k v tr t AP theo mt s no , hot ng tht s ca wireless lan s lun hot ng trong tnh trng thay i. iu l do mc d v tr ca AP l c nh, cc my trm khng dy c th thay i v tr thng xuyn. Vn di chuyn ca cc my trm c th lm cho phm vi ph sng ca AP tr nn kh khn hn d kin. Cc my trm c th di chuyn vng quanh v pha sau nhng vt cn trong mt phng, pha sau tng, catrong mt ta nh. Gii php tt nht thit k v tr t AP v phm vi ph sng l thc hin mt site survey - kho st mng. Trong tin trnh site survey, mt AP dng kim tra s c t v tr mong mun hoc d kin, trong khi mt my trm khng dy s di chuyn xung quanh o cht lng v mnh ca tn hiu. tng l th nghim AP bng chnh mi trng tht, vi nhng vt cn tht. Nhng vt cn tht ny c th gy nh hng ln hot ng ca my client.

Phm vi ph sng ca mt AP c gi l mt cell. Cc client trong mt cell c th kt hp vi AP v sau truy cp mng wlan. Khi nim trn c m t trong hnh di y. Mt my ra khi cell bi v n ra ngoi tm tn hiu ca AP.

Gi s mt AP loi dng trong nh c bn knh ph sng l 100 feet, bao ph vi phng hay mt phn ca hnh lang. My client c th di chuyn thoi mi bn trong phm vi (cell) v truy cp mng khng dy t bt k v tr no. Tuy nhin, ch c mt vng ph sng th hi b hn ch bi v cc my trm c th hot ng trong nhng phng ln cn hoc trn nhng tng lu khc. Cc my ny d nhin khng mun mt kt ni khi ang nhng v tr khc nhau. m rng ton b vng ph sng ca WLAN, cc cell khc c th che ph cc phng ln cn bng cch t thm cc AP trong ton b khu vc ta nh. tng l ta s t AP sao cho cc cell c th bao ph mi vng m mt my client c th t v tr . Tht ra, cc cell nn c nhng vng chng lp ln nhau theo mt t l phn trm nh, nh trong hnh v di y:

Khi cc cell l chng lp ln nhau, cc AP lng ging khng th dng cng tn s. Nu hai AP lng ging s dng cng mt tn s, t n s gy nhiu ln nhau. Thay vo , cc tn s c dng trn cc AP lng ging phi khng trng lp hoc phi lch nhau cho ton khu vc. Khi mt my trm kt ni n mt AP, n c th t do di chuyn xung quanh. Khi mt my trm di chuyn t mt cell ca AP sang mt cell khc, kt ni cng s c chuyn t AP sang AP khc. Vic di chuyn t mt AP sang mt AP khc c gi l chuyn vng (roaming). S chuyn ng ny c m t trong hnh v bn di. Khi my trm di chuyn dc theo con ng, n i qua vng ph sng ca vi AP. Khi mt my trm di chuyn t mt AP sang mt AP khc, n phi thit lp li kt ni vi AP mi. Ngoi ra, cc d liu m mt my trm ang gi trc khi trong trng thi roaming cng s c tm trung chuyn t AP c sang AP mi. Theo cch ny, bt k my trm khng dy no khi thc hin kt ni th ch thng qua mt AP mt thi im. iu ny cng gim thiu kh nng mt d liu ang gi hoc ang nhn khi qu trnh roaming din ra. Khi bn thit k mt mng khng dy, bn c th c gng bao ph mt vng ln nht c th cho mt AP. Bn c th cu hnh AP cng sut pht ti a ca n. Nu lm nh vy, c th bn s gim s lng AP cn thit bao ph mt vng. V v vy, s gim chi ph tng th. Tuy nhin, bn cng nn xem xt mt s yu t bt li khc nu lm nh trn. Khi mt AP c cu hnh bao ph mt vng rng ln, n cng tim tng mt kh nng l c qu nhiu my kt ni vo. Tuy nhin, bn cn nh rng mt cell th ch l mt mi trng dng chung m tt c cc my u phi chia s theo ch bn song cng (half duplex). Khi s lng my trm kt ni vo tng ln, tng s bng thng v thi gian cho mi my s gim xung.

Thay vo , hy xem xt vic gim kch thc ca cell (bng cch gim cng sut pht) sao cho ch c nhng my trm trong khong cch gn c th kt ni v dng bng thng. Lc ny, AP cng c th gip kim sot s lng my trm ang kt ni mt thi im bt k no . iu ny tr nn quan trng cho cc ng dng i hi bng thng cao hay thi gian p ng thp nh voice, video hay cc phn mm y t. Khi kch thc ca cell l gim nh, n c gi l microcells. Khi nim ny c th c m rng trong nhng mi trng cn kim sot cao nh cc sn chng khon. Trong nhng trng hp ny, cng sut pht ca AP v kch thc cell c gim thiu, lc ny cc cell c gi l picocell. --------------------------------------Bi 33: Mt s phng thc cp nht bng nh tuyn S dng mt giao thc nh tuyn l cch d dng nht to v duy tr mt bng nh tuyn. Tuy nhin y khng phi l cch duy nht hoc cch hiu qu nht thng bo cho router bit v nhng mng hin c trong mt AS. Nu mt router c rt t ti nguyn, mt cch hiu qu l nh ngha mt ng i mc nh n mt router c thng tin v cc mng khc. Do ngoi cch dng cc giao thc nh tuyn, cn c nhng cch khc cp nht. Dng nh tuyn tnh (Static Routes) Cu hnh bng nh tuyn tnh c ngha l thm vo cc tuyn ng tnh vo trong bng nh tuyn. Thun li ca cch dng nh tuyn tnh l gip tit kim ti nguyn mng. Nhc im ca cch dng ny l ngi qun tr phi chu trch nhim cp nht cho tng dng nh tuyn ti mi router nu c mt thay i trong mng. Theo nh ngha, cc tuyn ng tnh khng th t iu chnh ng mi khi c thay i xy ra. Do cc mng s khng hi t cho n khi no cc router c cu hnh. C mt vi tnh hung cn phi dng nh tuyn tnh: - Cc ng truyn c bng thng thp. - Ngi qun tr mng cn kim sot cc kt ni. - Kt ni dng nh tuyn tnh l d phng cho ng kt ni dng cc giao thc ng. - Ch c mt ng duy nht i ra mng bn ngoi. Tnh hung ny gi l mng stub. - Router c rt t ti nguyn v khng th chy mt giao thc nh tuyn ng. - Ngi qun tr mng cn kim sot bng nh tuyn v cho php cc giao thc nh tuyn classful v classless.

Dng nh tuyn tnh vi gi tr AD thay i (floating static route) C ch dng nh tuyn tnh vi gi tr AD thay i l mt c ch khc a thng tin vo bng nh tuyn. Gii php ny khc phc mt s gii hn trong thit k mng. Mt floating static route cho php mt ng i d phng nm ch cho n khi no tuyn ng chnh b cht. Sau ng d phng s c kch hot. Khi ng chnh c sa cha, ng backup s lui v ch d phng. Mt v d l mt ng quay s s lm ng d phng cho ng frame-relay . nh tuyn theo yu cu (On Demand Routing) Tt c cc vn nh tuyn u quan tm n vn ph tn qun l. Trong trng hp cc routing update, dng nh tuyn tnh th c chi ph qun tr cao, cn dng nh tuyn ng th tiu tn ti nguyn. Thng thng, vic chn la khi no th dng nh tuyn tnh, khi no dng nh tuyn ng l mt quyt nh d dng. nh tuyn tnh thng c dng chia s thng tin nh tuyn gia classful v classless hoc nh ngha mt tuyn ng mc nh. Tuy nhin trong mt vi dng mng c s phn b ln, nh tuyn tnh hay ng u khng ph hp. Trong mt h thng mng nh vy, cc kt ni thng c bng thng thp v rt t thng tin cn gi trn cc kt ni ny. Trong tnh hung ny, c v nh nh tuyn tnh v tuyn ng mc nh default-route l cc gii php ph hp. Tuy nhin nu c rt nhiu mng xa trong m hnh hub-and-spoke, gii php ny c th tr nn khng th qun l c. Trong gii php dng ODR, tt c cc spoke router c th c cu hnh ging nhau, mc d cc a ch IP phi l duy nht cho tng router. ODR dng CDP gi cc a ch mng ca cc mng kt ni trc tip t spokes hoc t stub v hub router. Hub router s gi cc a ch IP ca cc kt ni chung nh l mt tuyn mc nh v stub router. ODR c thun li l ch gi cc thng tin ti thiu, chng hn nh phn prefix v phn mask, mc nh l mi 60 giy. Thng tin ny s c cp nht vo bng nh tuyn ca hub router v c th c redistribute vo cc giao thc nh tuyn. Bi v gi tr netmask c gi trong cp nht, VLSM c th c dng.

Trong hnh v trn, routerA c y thng tin v tt c cc mng kt ni n tng spoke. Cc thit b cn li trong AS cha c t trong bng nh tuyn ca router A nhm n gin ha cu hnh. tt c cc spoke router, tng trng y l routerB, s gi mt tuyn mc nh n phn cn li ca h thng mng. Route mc nh 0.0.0.0 vi gi tr next hop l a ch IP ca cng kt ni v A. Router B s c hai mng kt ni trc tip ti n. Mt mng l tuyn mc nh 0.0.0.0 v gi tr next-hop l a ch ca routerA. Khi cu hnh ODR, ta cn phi nh cc im quan trng sau: - Khng c giao thc nh tuyn no cu hnh trn stub router. IP routing c bt ln ON ch mc nh. Cho php s dng ng i mc nh. - Bt k mt a ch ph (secondary) no c cu hnh trn stub router s khng c truyn bi CDP v hub router. - ODR phi c cu hnh trn hub router. - Mc d CDP l cho php ch mc nh trn tt cc cc cng, mt vi cng giao tip WAN chng hn nh ATM i hi phi cu hnh CDP bng lnh cdp enable. - CDP dng c ch multicast. Vi nhng cng ngh WAN yu cu pht biu mapping (v d nh trong frame-relay), hy dng t kha broadcast m bo rng cc CDP l c truyn. - C th hiu chnh CDP timers gi cc cp nht thng xuyn hn chu k mc nh 60s.

Bi 34:

Mt s thuc tnh ca IPv6

Tm tt a ch (Address Aggregation) Qu trnh tm tt cc route, bt c khi no c th, l quan trng trong Internet. Bng nh tuyn th d qun l hn vi cch hin thc CIDR. Mc d tt c cc s a ch trong IPv6 cho php cp pht hu nh v tn cc a ch, kin trc ca IPv6 vn cho php trin khai theo dng c cu trc sao cho n khng b qu ti. Nh trong IPv4, cc bit bn tri ca a ch c dng tm tt cc a ch mng xut hin pha phi ca cu trc a ch. Nh vy, a ch IPv4 140.108.128.0/17 c th bao gm cc subnets 140.108.225.0/24. iu ny c ngha l bng nh tuyn c th route n tt c cc subnets nhng thay v c 128 a ch subnet nm trong bng nh tuyn, ch cn 1 dng duy nht tng trng cho tt c cc route. ch ra mt subnet nh hn, cc qui lut thng thng trong nh tuyn vn c tun theo v gi tin c gi ti cho router qung b network 140.108.128.0/17. Router ny trong bng nh tuyn ca n c nhiu thng tin chi tit hn, s chuyn gi cho n khi n n c network ch. Trong IPv6, kin trc a ch cho php iu chnh tt hn dng a ch c dng trong Internet. a ch th rt di v mi phn phc v mt chc nng khc nhau. 48-bit u tin ca a ch c dng bi IANA cho qu trnh nh tuyn ng trong Interner to ra cc a ch kh kt ton cc. Ba bit u tin c gn gi tr 001 ch ra mt a ch ton cc. T ng cu hnh (Autoconfiguration) Cc a ch cc b hay cc router kt ni trc tip gi prefix ra cc kt ni cc b v ra tuyn ng mc nh. Cc thng tin ny c gi n tt c cc node trn h thng mng, cho php cc host cn li t ng cu hnh a ch IPv6. Router cc b s cung cp 48-bit a ch ton cc v SLA hoc cc thng tin subnet n cc thit b u cui. Cc thit b u cui ch cn n gin thm vo a ch lp 2 ca n. a ch L2 ny, cng vi 16-bit a ch subnet to thnh mt a ch 128-bit. Kh nng gn mt thit b vo m khng cn bt c mt cu hnh no hoc dng DHCP s cho php cc thit b mi thm vo Interner, chng hn nh dng cellphone, dng cc thit b wireless v. Mng Internet tr thnh plug-and-play. Ti cu hnh a ch (Renumbering) Kh nng kt ni n cc thit b xa mt cch t ng cho php n gin ha nhiu tc v trc y l cc cn c mng cho cc nh qun tr. Tnh nng t ng cu hnh ca IPv6 cho php cc router cung cp tt c cc thng tin cn thit n tt c cc host trn mng ca n. iu ny c ngha l cc thit b c th cu hnh li a ch ca n d dng hn. Trong IPv6, cc thay i ny l trong sut i vi ngi dng cui.

Header n gin v hiu qu Phn header ca IPv6 c n gin ha tng tc x l v tng hiu qu cho router. Cc ci tin bao gm: C t vng hn trong header. Cc vng bao gm 64bits. Khng cn phn kim tra li checksum. Do c t vng hn, qu trnh x l cng ngn hn. B nh dng hiu qu hn vi cc field 64 bits. iu ny cho php qu trnh tm kim tr nn rt nhanh bi v cc b x l ngy nay cng l cc b x l 64 bit. Tr ngi duy nht l vic s dng a ch 128-bit, ln hn kch thc mt word hin hnh. Vic loi b phn check sum cng gim thiu thi gian x l nhiu hn na.

Bo mt (Security) Vi cc kt ni trc tip thng qua cc khng gian a ch rng ln, vn bo mt l mt chn la nhiu thc t cho IPv6. Bi v nhu cu dng firewall v cc qu trnh NAT gia cc thit b u cui l gim, cc gii php v bo mt c th c thc hin bng cch m ha gia cc h thng. Mc d IPSec sn c trong IPv4, n tr thnh mt thnh phn trong IPv6. Vic s dng cc thnh phn m rng cho php mt giao thc cung cp gii php end-to-end.

Tnh c ng a ch IPv6 c thit k vi tnh c ng c tch hp vo trong Mobile IP. Mobile IP cho php cc h thng u cui thay i v tr m khng mt cc kt ni. c im ny rt cn thit cho nhng sn phm wireless chng hn nh IP phone v cc h thng GPS trong xe hi. nh dng phn header cho php cc thit b u cui thay I a ch IP bng cch dng mt a ch gc nh l ngun ca gi tin. a ch gc ny l n inh, cho php cc a ch duy tr tnh c ng. Bi 35:

Bo mt lp 2
Ti liu Cisco SAFE Blueprint (c a ch http://www.cisco.com/go/safe) ngh mt s gii php sau cho bo mt switch. Trong phn ln cc trng hp, vic khuyn co ph thuc vo mt trong ba c im sau trn cc cng ca switch. Cc port khng c dng ca switch: L cc port khng kt ni n bt k thit b no. V d nh cc switchport c th c gn cp sn vo cc mng trn tng. Cc port ca ngi dng: L cc port gn vo cc thit b u cui ca end-user hoc bt c port no c gn cp dn n mt vi khu vc khng c bo v. Cc port tin cy hay cc port trunks: L cc port kt ni n nhng thit b tin cy, chng hn nh cc switch khc hoc cc switch t trong cc khu vc c bo mt vt l tt. Danh sch di y tm tt cc khuyn co p dng cho cc cng ang dng v cha c dng ca switch. Cc im chung ca nhng kiu port ny l mt ngi dng c th truy cp c n switch sau khi h i vo bn trong to nh m khng cn i vo wiring closet hay data center. * Tt cc giao thc cn thit nh CDP hay DTP. * Tt cc giao thc trunking bng cch cu hnh cc port ny nh l access port. * Bt tnh nng BPDU Guard v root Guard ngn nga cc kiu tn cng STP v gi mt s mng STP n nh. * Dng cc tnh nng nh Dynamic ARP Inspection (DAI) hoc private VLAN ngn nga frame sniffing. * Bt tnh nng port security giI hn s a ch MAC cho php v cho php nhng MAC c th no . * Dng xc thc 802.1X. * Dng DHCP snooping v IP source Guard ngn nga DHCP DOS v kiu tn cng man-in-the-midle.

Bn cnh cc khuyn co trn, Cisco SAFE Blueprint cn c thm cc khuyn co sau: * I vi bt c port no (bao gm c trusted port), hy xem xt kh nng trin khai private vlan bo v mng khI b sniffing, bao gm c vic ngn nga cc routers hay cc L3 switch khng nh tuyn cc gi tin gia cc thit b trong private LAN. * Cu hnh xc thc VTP ch ton cc cho tng switch ngn nga kiu tn cng DOS. * Tt bt c cng no khng dng ca switch v t cc cng ny vo trong cc vlan khng dng. * Trnh s dng VLAN 1. i vi cc kt ni trunk, khng dng native vlan. Bo mt cho switch trn cc cng ang dng v cha dng V d diy m t mt cu hnh trn switch Cat 3560, vi cch cu hnh tng c im c nu ra. Trong v d ny, cng F0/1 l cng khng c dng. CDP c tt trn cc cng nhng CDP vn cn chy ch ton cc v gi thuyt l mt vi cng vn cn cn dng CDP. DTP c tt v STP RootGuard v BPDU Guard c bt. Lnh cdp run cho php CDP vn chy ch ton cc nhng CDP b tt trn cng F0/1 l cng khng c s dng. cdp run int fa0/0 no cdp enable Lnh switchport mode access ngn nga port khng tr thnh trunking v lnh switchport nonegotiate ngn nga bt k thng ip no ca DTP c gi hay nhn. switchport mode access switchport nonegotiate Hai lnh cui cng bt tnh nng Root Guard v BPDU Guard trn tng cng. BPDU cng c th c bt trn tt c cc cng bng tnh nng PortFast. Tnh nng ny c cu hnh bng lnh ch ton cc spanning-tree portfast bpduguard enable. spanning-tree guard root spanning-tree bpduguard enable

Port Security Tnh nng switchport port security gim st mt cng ca switch giI hn s a ch MAC kt hp vi port trong bng switching L2. Tnh nng ny cng p t gii hn s a ch MAC bng cch ch cho vi a ch MAC c th dng trn cng . hin thc tnh nng port security, switch s thm vo vi bc trong tin trnh x l bnh thng ca cc frame i vo. Thay v t ng thm vo bng MAC a ch MAC ngun v s cng, switch xem xt cu hnh port security v s quyt nh n c cho php a ch khng. Bng cch ngn nga cc a ch MAC khi vic thm vo switch, port security c th ngn nga khng y frame v cc a ch MAC trn mt cng. Tnh nng port security h tr nhng c im ch cht sau: Gii hn s a ch MAC c th kt hp vi mt cng ca switch. Gii hn a ch MAC tht kt hp vi cng, da trn ba phng thc sau: Cu hnh tnh a ch MAC. Hc ng a ch MAC, s a ch MAC c th ln n gi tr nh ngha ti a, trong cc hng trong bng nh tuyn s b mt khi reload. Hc ng cc a ch MAC nhng cc a ch ny s c lu trong cu hnh (cn c gi l sticky). Chc nng port security bo v vi kiu tn cng. Khi mt bng CAM in thng tin mi vo, cc thng tin c s b xa ra. Khi mt switch nhn c mt frame i v a ch MAC ch khng cn trong bng CAM, switch s pht tn frame ra tt c cc cng. Mt k tn cng c th lm cho cc switch in li thng tin trong bng CAM bng cch gi ra rt nhiu frame, mi frame c mt a ch MAC ngun khc nhau, lm cho switch xa cc thnh phn trong bng CAM cho hu ht cc host hp l. Kt qu l, switch s pht tn cc frame hp l bi v a ch MAC ch khng cn trong bng CAM, lm cho my tn cng thy tt c cc frame. -----------------------------------------------------Bi 36:

Mt s tnh nng nng cao ca NAT

Cu hnh pool uyn chuyn hn: C php cu hnh dy a ch c m rng cho php mt dy khng lin tc cc a ch. C php sau y l cho php: ip nat pool <name> { netmask <mask> | prefix-length <length> } [ type { rotary }]

Lnh ny s a ngi dng vo IP NAT pool, trong mt dy a ch c th c cu hnh. Ch c mt lnh c cu hnh trong ch ny: address <start> <end> Example: Router(config)#ip nat pool fred prefix-length 24 Router(config-ipnat-pool)#address 171.69.233.225 171.69.233.226 Router(config-ipnat-pool)#address 171.69.233.228 171.69.233.238 Cu hnh to ra mt dy cha cc a ch 171.69.233.225-226 v dy a ch 171.69.233.228-238 (a ch 171.69.233.227 b loi b). Dch sang a ch ca cng: gip cc ngi dng mun dch tt c cc a ch bn trong gn n mt cng trn router, NAT cho php ta t tn cho cng ca router khi cu hnh nat ng. ip nat inside source list <number> interface <interface> overload Nu khng c a ch no trn cng, hay nu cng l khng up, NAT s khng xy ra. V d: ip nat inside source list 1 interface Serial0 overload Cu hnh NAT tnh vi cc cng: Khi chuyn dch a ch n a ch ca mt cng, cc kt ni n router xut pht t bn ngoi (chng hn nh email) s cn cc cu hnh thm c th chuyn cc kt ni vo cc my bn trong. Lnh ny cho php ngi dng nh x vi dch v n vi my bn trong. ip nat inside source static { tcp | udp } <localaddr> <localport> <globaladdr> <globalport> V d: ip nat inside source static tcp 192.168.10.1 25 171.69.232.209 25 Trong v d ny, cc kt ni SMTP t bn ngoi n cng 25 s c gi vo my bn trong a ch 192.168.10.1. H tr cho route maps: Cc lnh thc hin NAT ng c th ch ra mt route map x l thay v l mt access-list. Mt route map cho php ngi dng la ra mt kt hp ca access-list, next-hop v a ch cng ra (output interface) xc nh dy a ch no s c dng.

ip nat inside source route-map <name> pool <name> Example: ip nat pool provider1-space 171.69.232.1 171.69.232.254 prefix-length 24 ip nat pool provider2-space 131.108.43.1 131.108.43.254 prefix-length 24 ip nat inside source route-map provider1-map pool provider1-space ip nat inside source route-map provider2-map pool provider2-space ! interface Serial0/0 ip nat outside ! interface Serial0/1 ip nat outside ! interface Fddi1/0 ip nat inside ! route-map provider1-map permit 10 match ip address 1 match interface Serial0/0 ! route-map provider2-map permit 10 match ip address 1 match interface Serial0/1 T kha extendable: T kha extandable cho php ngi dng cu hnh vi lut chuyn i khng r rng, v d nh cc lut c cng a ch local v global. ip nat inside source static <localaddr> <globaladdr> extendable Mt vi khch hng mun dng nhiu hn mt nh cung cp dch v v s dch vo tng khng gian a ch ca nh cung cp dch v. Ta c th dng route map vic chn la da trn a ch ton cc hay trn nhng cng ra hoc da vo access list. Di y l mt v d: ip nat pool provider1-space ... ip nat pool provider2-space ... ip nat inside source route-map provider1-map pool provider1-space ip nat inside source route-map provider2-map pool provider2-space ! route-map provider1-map permit 10 match ip address 1 match interface Serial0/0 !

route-map provider2-map permit 10 match ip address 1 match interface Serial0/1 Ta cng mun nh ngha cc nh x tnh cho mt host c bit trn tng khng gian a ch ca ngi dng. H iu hnh Cisco IOS khng cho php hai cu lnh cu hnh tnh c cng a ch cc b v n s gy ra s nhp nhng t pha bn trong. Router s chp nhn cc cu lnh tnh ny v gii quyt vic nhp nhng bng cch to ra cc cu lnh nh x y v nu vic nh x c nh du nh l extendable. i vi mt dng t bn ngoi vo, cc lut route map ng s c dng n to ra vic chuyn i. To ra cc tn cho cc dy a ch: Nhiu khch hng mun cu hnh NAT dch cc a ch cc b sang a ch ton cc c cp pht t nhng a ch khng dng trong mt dy a ch mng. iu ny yu cu router tr li nhng ARP request cho nhng a ch ny cc gi tin i v a ch ton cc c chp nhn bi router v c thc hin NAT. Tin trnh nh tuyn routing trong router s qun l gi tin ny khi a ch ton cc c cp pht t mt a ch o, khng kt ni vo u. Khi mt dy a ch NAT dng mt a ch inside global hoc outside local bao gm cc a ch trn mt subnet, phn mm s to ra mt tn gi cho a ch m router s tr li ARP. Qu trnh t tn t ng ny cng din ra cho cc a ch inside global hay outside global trong cc hng cu hnh tnh. C ch ny c th tt bng cch dng lnh no-alias: ip nat inside source static <local-ip-address> <global-ip-address> no-alias Host Number Preservation: Lu gi a ch host. d cho vic qun tr, mt vi site ch mun i phn a ch mng, khng i phn a ch. Ngha l h mun phn a ch chuyn i phi c cng a ch phn host ging nh ban u. D nhin l hai a ch mng phi c cng prefix length. c im ny c th c bt bng cch cu hnh nat ng nh thng l nhng cu hnh phn dy a ch thm vo t kha match-host. ip nat pool fred <start> <end> prefix-length <len> type match-host Ci tin thi gian timeouts: Cc lnh sau y c h tr m rng thi gian chuyn dch ip nat translation ? icmp-timeout Specify timeout for NAT ICMP flows syn-timeout Specify timeout for NAT TCP flows after a SYN and no further data

Gii hn s lng NAT sessions: Dng cc lnh sau, Cisco IOS NAT c th c cu hnh gii hn s lng NAT to ra. Mc nh l khng gii hn. ip nat translation max-entries <n> ----------------------------------------------Bi 37:

Cch xem thng tin bng nh tuyn

Cu trc bng nh tuyn v tin trnh tra bng nh tuyn ca router: Mt khi quyt nh tr thnh ngi qun tr mng bn phi thc s hiu v cu trc ca bng nh tuyn v qu trnh tm ng i da vo bng nh tuyn (lookup process). Kin thc ny rt quan trng khi ngi qun tr gii quyt nhng vn lin quan ti bng nh tuyn. hiu c qu trnh router thc hin tra bng nh tuyn nh th no, ta phi hiu c nh dng ca bng nh tuyn, layer 1 route v layer 2 route. Ta s dng m hnh mng vi 2 router, R1 gm 1 mng chnh 172.16.0.0 /16 c chia subnet 172.16.0.0 /24. R2 gm 3 mng chnh (major network) 172.17.0.0/16, 172.16.0.0/16, 192.168.1.0/24.

Hnh 37.1: M hnh lab gm 2 router.

 n gin ta ch xt thng tin bng inh tuyn trn Router 2

Hnh 37.2: Thng tin bng inh tuyn ca Router 2 Khi show bng nh tuyn c bn ta s thy c nhng thng tin sau: Cho bit tuyn ng ny c c do ngi qun tr ch ra (static route), router hc c nh cc giao thc nh tuyn (dynamic route) hay l mng kt ni trc tip ti router (connected route). Router c th gi c d liu ti mng ny ti c mng mong mun Router phi gi gi tin ra interface no hay gi gi tin ti a ch IP no (IP next-hop) V d: nh trn hnh 2, router 2 mun gi gi tin ti mng 172.16.12.0 th s gi ra cng (interface) serial0/0/0 hay gi ti cng ca router c a ch IP 172.16.1.1. Thng tin ny c hc nh giao thc nh tuyn RIP I/ Cu trc phn cp ca bng nh tuyn. Bng nh tuyn ca router c cu trc phn cp, vic ny rt quan trng gip router khng cn phi tra ht tt c tuyn ng trong bng nh tuyn chn ng i. n gin ta ch tm hiu tuyn ng vi 2 cp lever 1 v 2. Level 1 ultimate route: l nhng tuyn c subnet mask bng hoc nh hn classfull mask ca a ch mng v bao gm thng tin v next-hop IP address hay interface m router s gi gi tin ra i n mng mong mun. Nh trong hnh 3, 192.168.1.0 /24 l tuyn ng cp 1 v n c subnet mask l 24 bng vi classful mask ca a ch mng lp C /24 v interface trn router i ra mng ny l serial Ethernet0/1/0.

Hnh 37.3: level 1 route Parent and child routes ( level 1 parent route and level 2 route) Khi mt mng c chia subnet c add vo bng nh tuyn, tuyn ng ny c phn thnh 2 cp: parent route v child route hay cn c gi parent route cp 1(level 1 parent route) v route cp 2. Level 1 parent route: l a ch classfull khng mang thng tin v a ch IP next-hop hay exit interface. (xem tip bn di) Level 2 route: L tuyn ng ch ra mng con ca a ch mng chnh Nh trong hnh 4

Hnh 4: parent and child routes Mng 172.16.0.0 /24 v 172.17.0.0 /16 l parent routes, cc mng khc 172.16.1.0 172.16.12.0 v 172.17.1.0 /24 172.17.128.0 /24 l child routes v chng l mng con ca a ch mng chnh 172.16.0.0 v 172.17.0.0 Trong phn ny chng ta chia lm 2 trng hp Trng hp 1: Tt c cc subnet ca cng mt mng chnh c subnet mask bng nhau Parent route l a ch classful c subnet mask c ch ra i din cho cc mng con ca n. Trn hnh 4, 172.16.0.0 /24 l parent route c subnet mask l 24 ch ra rng hai mng con ca n 172.16.1.0 v 172.16.12.0 s dng subnet mask l 24. Trng hp 2: Cc subnet ca cng mt mng c subnet mask vi chiu di khc nhau Parent route cng l a ch classful nhng subnet mask l classfull mask ( classful mask ca a ch mng lp A l /8, lp B /16, lp C/24). Mi subnet u mang thng tin ring v subnet mask ca mnh. Trn hnh 4, 172.17.0.0 /16 c chia lm 2 mng con c a ch 172.17.1.0 /24 v 172.17.128/17.Parent route 172.17.0.0 /16 c classfull mask l /16 v mi mng con u c subnet mask ring ca mnh.

II/ Qu trnh router thc hin tra bng nh tuyn: Khi router nhn c mt gi IP n s dng a ch IP ch ca gi tin ny kt hp vi bng nh tuyn xc nh ng i. Nh vy qu trnh tra bng nh tuyn nh th no? Lm th no router c th xc nh c ng i tt nht? Subnet mask ca mi mng trong bng nh tuyn c ngha g? . . . Cc bc router thc hin tra bng nh tuyn: Bc 1: u tin router s so snh a ch IP ch vi tt c level 1 routes trong bng nh tuyn. Nu a ch ny ph hp nht vi level 1 ultimate route th n s dng ng ny chuyn gi tin i. Nu a ch ny ph hp nht vi level 1 parent route th router s thc hin sang bc th 2. Bc 2: Router s so snh a ch IP ch vi tt c level 2 child routes. Nu c mt tuyn ph hp nht th n s s dng tuyn ny chuyn gi tin i. Nu khng ph hp th router thc hin tip bc 3. Bc 3: Router xt xem n thc hin nh tuyn classfull routing behavior hay classless routing behavior Nu router thc hin nh tuyn classful routing behavior ( Router(config) # no ip classless) : Gi tin ny s b hy Nu router thc hin nh tuyn l classless routing behavior ( Router(config)# ip classless): Router s quay li tm tip level 1 xem c default route hay supernet ( a ch mng c subnet mask nh hn classfull mask) c ch ra hay khng, nu c th router thc hin tip bc 4. Bc 4: Nu router tm c default route hay supernet ph hp th n s s dng tuyn ng ny chuyn gi i, nu khng tm thy bt k s ph hp no thi gi s b hy. hiu r ta xt v d sau vi 2 router nh hnh 2 kt hp vi router 3, trn router c mng 172.16.4.0 /24. Ta tt cu hnh nh tuyn ng trn mng 192.168.2.0 (Router(config-rip)# no network 192.168.2.0) v cu hnh stactic route 172.0.0.0/8 ti router R3. M hnh lab.

Bng nh tuyn trn router 2.

ng trn Router 2 ta ping ti a ch IP 172.16.4.1. Router thc hin tra bng nh tuyn nh sau: Bc 1: Router so snh a ch IP 172.16.4.1 vi level 1 routes, nhng level 1 uitimate route ( 192.168.1.0 /24 v 192.168.2.0 /24 ) khng ph hp ch c 1 level parent route 172.0.0.0 /8 ph hp vi 8 bits u v 1 level parent route 172.16.0.0 /24 ph hp vi 16 bits u. Trong , level 1 parent route 172.16.0.0 /24 l ph hp nht. Router thc hin tip bc 2 Bc 2: V level 1 parent route 172.16.0.0 /24 l ph hp nht do router s tip tc so snh a ch IP 172.16.4.1 vi cc level 2 child routes ( 172.16.1.0 v 172.16.2.0), 2 level child route ny khng ph hp vi a ch 172.16.4.1 router thc hip tip bc 3

Bc 3: Nu router c cu hnh IP classless ( mc nh IOS t 11.3 tr i, cc router c chc nng ny) router thc hin so snh li mt ln na a ch 172.16.4.1 vi level 1 route v thy level 1 parent route 172.0.0.0 /8 ph hp vi 8 bits u ca a ch do router s chuyn gi tin ti IP next-hop 192.168.2.3 Nu router khng cu hnh IP classless ( command: R(config) # no ip classless) th gi tin ny s b hy cho d router c cu hnh default route ti IP next-hop 192.168.2.3 Ch : Nu router c cu hnh no ip classless defaul route ch c s dng khi khng c bt k mt level 1 ultimate route v level 1 parent route no ph hp. ------------------------------------------Bi 38: TNG QUAN V IP VERSION 6 IGII THIU CHUNG IIH thng a ch IPv4 hin nay khng c s thay i v c bn k t RFC 791 pht hnh 1981. Qua thi gian s dng cho n nay pht sinh cc yu t nh: - S pht trin mnh m ca h thng Internet dn n s cn kit v a ch Ipv4 - Nhu cu v phng thc cu hnh mt cch n gin - Nhu cu v Security IP-Level - Nhu cu h tr v thng tin vn chuyn d liu thi gian thc (Real time Delivery of Data) cn gi l Quality of Service (QoS) - Da trn cc nhc im bc l k trn, h thng IPv6 hay cn gi l IPng (Next Generation : th h k tip) c xy dng vi cc im chnh nh sau : 1- inh dng phn Header ca cc gi tin theo dng mi Cc gi tin s dng Ipv6 (Ipv6 Packet) c cu trc phn Header thay i nhm tng cng tnh hiu qu s dng thng qua vic di cc vng (field) thng tin khng cn thit (non-essensial) v ty chn (Optional) vo vng m rng (Extension Header Field) 2- Cung cp khng gian a ch rng ln hn 3- Cung cp gii php nh tuyn (Routing) v nh v a ch (Addressing) hiu qu hn

-Phng thc cu hnh Host n gin v t ng ngay c khi c hoc khng c DHCP Server (stateful / stateless Host Configuration) 4- Cung cp sn thnh phn Security (Built-in Security) 5- H tr gii php Chuyn giao u tin (Prioritized Delivery) trong Routing 6- Cung cp Protocol mi trong vic tng tc gia cc im kt ni (Nodes ) 7- C kh nng m rng d dng thng qua vic cho php to thm Header ngay sau Ipv6 Packet Header Chng ta c thm tham kho 1 Bng so sng gia IPv6 Packet v IPv4 packet sau : Bng so snh Ipv6 / Ipv4 IPv4 Source and destination addresses are 32 bits (4 bytes) in length. IPsec support is optional. No identification of packet flow for QoS handling by routers is present within the IPv4 header. Fragmentation is done by both routers and the sending host. Header includes a checksum. Header includes options. Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an IPv4 address to a link layer address. Internet Group Management Protocol (IGMP) is used to manage local subnet group membership. ICMP Router Discovery is used to determine the IPv4 address of the best default IPv6 Source and destination addresses are 128 bits (16 bytes) in length. For more information, see IPv6 Addressing. IPsec support is required. For more information, see IPv6 Header. Packet flow identification for QoS handling by routers is included in the IPv6 header using the Flow Label field. For more information, see IPv6 Header. Fragmentation is not done by routers, only by the sending host. For more information, see IPv6 Header. Header does not include a checksum. For more information, see IPv6 Header. All optional data is moved to IPv6 extension headers. For more information, see IPv6 Header. ARP Request frames are replaced with multicast Neighbor Solicitation messages. For more information, see Neighbor Discovery. IGMP is replaced with Multicast Listener Discovery (MLD) messages. For more information, see Multicast Listener Discovery. ICMP Router Discovery is replaced with ICMPv6 Router Solicitation and Router Advertisement messages and is required. For

gateway and is optional. Broadcast addresses are used to send traffic to all nodes on a subnet.

more information, see Neighbor Discovery. There are no IPv6 broadcast addresses. Instead, a link-local scope all-nodes multicast address is used. For more information, see Multicast IPv6 Addresses. Must be configured either Does not require manual configuration or manually or through DHCP. DHCP. For more information, see Address Autoconfiguration. Uses host address (AAAA) resource records in Uses host address (A) the Domain Name System (DNS) to map host resource records in the Domain Name System (DNS) names to IPv6 addresses. For more information, see IPv6 and DNS. to map host names to IPv4 addresses. Uses pointer (PTR) resource Uses pointer (PTR) resource records in the IP6.ARPA DNS domain to map IPv6 addresses records in the INto host names. For more information, see IPv6 ADDR.ARPA DNS domain to map IPv4 addresses to host and DNS. names. Must support a 1280-byte packet size (without Must support a 576-byte fragmentation). For more information, see packet size (possibly IPv6 MTU. fragmented). II- A CH IPv6 1- Khng gian a ch IPv6 a ch IPv6 (IPv6 Adddress) vi 128 bits a ch cung cp khi lng tng ng s thp phn l 2128 hoc 340,282,366,920,938,463,463,374,607,431,768,211,456 a ch so vi IPv4 vi 32 bits a ch cugn cp khi lng tng ng s thp phn l 232 hoc 4,294,967,296 a ch 2-Hnh thc trnh by IPv6 Address gm 8 nhm, mi nhm 16 bits c biu din dng s Thp lc phn (Hexa-Decimal) Vd-1 : 2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A (1) (2) (3) (4) (5) (6) (7) (8) Co th n gin ha vi quy tc sau : - Cho php b cc s khng (0) nm pha trc trong mi nhm - Thay bng 1 s 0 cho nhm c gi tr bng khng - Thay bng :: cho cc nhm lin tip c gi tr bng khng Nh vy a ch Vd-1 c th vit li nh sau :

Vd-2 : 2001:DB8:0:2F3B:2AA:FF:FE28:9C5A Vd-3 : a ch = FE80:0:0:0:2AA:FF:FE9A:4CA2 C th vit li = FE80::2AA:FF:FE9A:4CA2 (*) Lu : phn Gi tr u (Prefix) c xc nh bi Subnet Mask IPv6 tng t IPv4 c Prefix = 21DA:D3:0 (48 bits) Vd-4 : 21DA:D3::/48 hoc 21DA:D3:0:2F3B::/64 c Prefix = 21DA:D3:0:2F3B ( 64 bits) Ch thch : khng b b ng, chng ta nn lu v mt s khi nim trc khi ni v a ch ca IPv6 Host a) Link-Local : khi nim ch v cc Host kt ni cng h thng thit b vt l (tm hiu Hub, Switch) b) Site-Local : khi nim ch v cc Host kt ni cng Site c) Node : im kt ni vo mng (tm hiu l Network Adapter). Mi Node s c nhiu IPv6 Address cn thit (Interface Address) dng cho cc phm vi (Scope), trng thi (State), vn chuyn (Tunnel) khc nhau thay v ch c 1 a ch cn thit nh IPv4 d) Do vy khi ci t IPv6 Protocol trn mt Host, mi Network Adapter s c nhiu IPv6 Address gn cho cc Interface khc nhau 3-Cc loi IPv6 Address a- Unicast Unicast Address dng nh v mt Interface trong phm vi cc Unicast Address. Gi tin (Packet) c ch n l Unicast Address s thng qua Routing chuyn n 1 Interface duy nht b- Multicast Multicast Address dng nh v nhiu Interfaces. Packet c ch n l Multicast Address s thng qua Routing chuyn n tt c cc Interfaces c cng Multicast Address c-Anycast Anycast Address dng nh v nhiu Interfaces. Tuy vy, Packet c ch n l Anycast Address s thng qua Routing chuyn n mt Interfaces trong

s cc Interface c cng Anycast Address, thng thng l Interface gn nht (khi nim Gn y c tnh theo khong cch Routing) Trong cc trng hp nu trn, IPv6 Address c cp cho Interface ch khng phi Node, mt Node c th c nh v bi mt trong s cc Interface Address IPv6 khng c dng Broadcast, cc dng Broadcast trong IPv4 c xem nh tng ng Multicast trong Ipv6 4-Cc loi IPv6 - Unicast Address IPv6 Unicast Address gm cc loi : Global unicast addresses Link-local addresses Site-local addresses Unique local IPv6 unicast addresses Special addresses a-Global unicast addresses (GUA) GUA l a ch IPv6 Internet (tng t Public IPv4 Address). Phm vi nh v ca GUA l tan b h thng IPv6 Internet (RFC 3587)

001 /3)

: 3 bits u lun c gi tr = 001 nh phn (Binary bin) (Prefix = 001

Global Routing Prefix : gm 45 bits. L a ch c cp cho mt t chc, Cng ty / C quan ..(Organization) khi ng k IPv6 Internet Address (Public IP) Subnet ID : gm 16 bits. L a ch t cp trong t chc to cc Subnets Interface ID : gm 64 bits. L a ch ca Interface trong Subnet C th n gin ha thnh dng nh sau (Global Routing Prefix = 48 bits)

(*) Cc a ch Unicast trong ni b (Local Use Unicast Address) : gm 2 loi : Link-Local Addresses : gm cc a ch dng cho cc Host trong cng Link v Neighbor Discovery Process (quy trnh xc nh cc Nodes trong cng Link) Site-Local Addresses : gm cc a ch dng cc Nodes trong cng Site lin lc vi nhau

b-Link-local addresses (LLA) LLA l a ch IPv6 dng cho cc Nodes trong cng Link lin lc vi nhau (tng t cc a ch IPv4 = 169.254.X.X). Phm vi s dng ca LLA l trong cng Link (do vy c th b trng lp trong cc Link) Khi dng HH Windows, LLA c cp t ng vi cu trc nh sau :

64 bits u = FE80 l gi tr c nh (Prefix = FE80 :: / 64) Interface ID = gm 64 bits . Kt hp vi Physical Address ca Netwoprk Adapter (ni phn sau)

c-Site-local addresses (SLA) SLA tng t cc a ch Private IPv4 (10.X.X.X, 172.16.X.X, 192.168.X.X) c s dng trong h thng ni b (Intranet). Phm vi s dng SLA l trong cng Site. (*) Site : l khi nim ch mt phn ca h thng mng ti cc ta a l khc nhau

1111 1110 11 = 10 bits u l gi tr c nh (Prefix = FEC0 /10) Subnet ID : gm 54 bits dng xc ng cc Subnets trong cng Site Interface ID : gm 64 bits. L a ch ca Interfaces trong Subnet (*) Ch thch Vi cu trc nh trnh by phn trn, cc Local Use Unicast Address (Linklocal, Site Local) c th b trng lp (trong cc Link khc, Site khc). Do vy khi s dng cc Local Use Unicast Addresss c 1 thng s nh v c thm vo (Additional Identifier) gi l Zone_ID vi c php : Address%Zone_ID Vd-5 : ping fe80::2b0:d0ff:fee9:4143%3 Zone_ID = %3. Trong :

Address = Local-Use Address (Link-Local / Site-Local) Zone ID = gi tr nguyn, gi tr tng tng i (so vi Host) xc nh Link hoc Site. Trong cc Windows-Based IPv6 Host, Zone ID c xc nh nh sau : + i vi Link-Local Address (LLA) : Zobe ID l s th t ca Interface (trong Host) kt ni vi Link. C th xem bng lnh : netsh interface ipv6 show interface + i vi Site-Local Address (SLA) : Zone ID l Site ID, c gn cho Site trong Organization. i vi cc Organization ch c 1 Site, Zone ID = Site ID = 1 v c th xem bng lnh : netsh interface ipv6 show address level=verbose

d-Unique- local addresses (ULA) i vi cc Organization c nhiu Sites, Prefix ca SLA c th b trng lp. C th thay th SLA bng ULA (RFC 4193), ULA l a ch duy nht ca mt Host trong h thng c nhiu Sites vi cu trc:

111 110 : 7 bits u l gi tr c nh FC00/7. L=0 : Local Prefix =FC00 /8 Glocal ID : a ch Site (Site ID). C th gn ty Subnet ID : a ch Subnet trong Site Vi cu trc ny, ULA s tng t GUA v khc nhau phn Prefix nh sau :

e- Cc a ch c bit (Special addresses) Cc a ch c bit trong IPv6 gm : 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:1 : a ch khng xc nh (Unspecified address) : a ch Loopback (tng ng IPv4 127.0.0.1)

IPv4-Cpompatible Address (IPv4CA) : Format : 0:0:0:0:0:0:w.x.y.z Address Vd : 0:0:0:0:0:0:0:192.168.1.2 Trong w,x,y,z l cc IPv4

IPv4CA l a ch tng thch ca mt IPv4/IPv6 Node. Khi s dng IPv4CA nh mt IPv6 Destination, gi tin s c ng gi (Packet) vi IPv4 Header truyn trong mi trng IPv4

IPv4-mapped address (IPv4MA) Format : 0:0:0:0:0:FFFF:w.x.y.z (::FFFF:w.x.y.z) cc IPv4 Address Vd : 0:0:0:0:0:FFFF:192.168.1.2 Trong w,x,y,z l

IPv4MA l a ch ca mt IPv4 Only Node i vi mt IPv6 Node, IPv4MA ch c tc dng thng bo v khng c dng nh Resource hoc Destination Address 6to4 Address L a ch s dng trong lin lc gia cc IPv4/IPv6 nodes trong h thng h tng IPv4 (IPv4 Routing Infrastructure). 6to4 c to bi Prefix gm 64 bits nh sau : Prefix = 2002/16 + 32 bits IPv4 Address =64 bits 6to4 Address l a ch ca Tunnel (Tulneling Address) nh ngha bi RFC 3056 5-Cc loi IPv6 - Multicast Address Multicast Address ca IPv6 Node c hat ng tng t Maulticast trong IPv4. Mt IPv6 Node c th tip nhn tn hiu ca nhiu Multicast Address cng lc. IPv6 Node c th tham gia hoc ri khi mt IPv6 Multicast Address bt k lc no V d v mt s IPv65 Multicast Address c s dng : FF01::1 (interface-local scope all-nodes multicast address) FF02::1 (link-local scope all-nodes multicast address) FF01::2 (interface-local scope all-routers multicast address) FF02::2 (link-local scope all-routers multicast address) FF05::2 (site-local scope all-routers multicast address)

Solicited-Node Address (SNA)

L a ch s dng trong quy trnh phn gii cp a ch LLA (Link-Local Address) t ng cho cc Node (tng t quy trnh t cp a ch 169.254.X.X trong IPv4) SNA c dng : FF02:0:0:0:0:1:FF / 104 + 24 bits a ch MAC

6-Cc loi IPv6 - Anycast Address Anycast Address c th gn cho nhiu Interfaces, gi tin chuyn n Anycast Address s c vn chuyn bi h thng Routing n Interface gn nht. Hin nay, Anycast Address ch c dng nh Destination Address v gn cho cc Router. IPv6 - Interface ID Trong tt c cc loi a ch ni trn u c gi tr Interface ID dng xc nh Interface. Gi tr Interface ID c xem xt v to nn theo cc yu t sau : - Xc nh bi Extended Unique Identifier (EUI)-64 Address (*) . EUI-64 Address c th do gn hoc kt hp vi MAC (physical) Address ca Network Adapter (Window XP / Windows 2k3) - c gn tm thi vi gi tr ngu nhin (**) (RFC 3041) - c to thnh bi Link-layer address hoc Serial Number khi cu hnh Point-toPoint Protocol (PPP) - T cp (manual address configuration) - L mt gi tr pht sinh ngu nhin v gn thng trc cho Interface (Windows Vista / LogHorn) Extended Unique Identifier (EUI)-64 Address (*) EUI-64 Address xc nh phong thc to 64 bits Interface ID bng cch kt hp Mac Address ca Network Adapter (48 bits) theo quy tc nh sau :

Mac Address = 6 nhm 8 bits = 48 bits. Trong 24 bits l m nh sn xut, 24 bits l m s Adapter Bc 1 : Tch i MAC Address lm 2 nhm (mi nhm 24 bits), chn vo gia 16 bits gi tr FFFE Bc 2 : o ngc gi tr bit th 7 ca nhm u V d : Network Adapter c MAC address = 00-AA-00-3F-2A-1C Bc 1 00-AA-00-FF:FE-3F-2A-1C Bc 2 02-AA-00-FF-FE-3F-2A-1C Interface ID = 02AA:00FF:FE3F:2A1C (64 bits) Bng so snh tng ng gia IPv4 v IPv6 IPv4 Address Internet address classes Multicast addresses (224.0.0.0/4) Broadcast addresses Unspecified address is 0.0.0.0 Loopback address is 127.0.0.1 Public IP addresses Private IP addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) Autoconfigured addresses (169.254.0.0/16) Text representation: Dotted decimal notation IPv6 Address Not applicable in IPv6 IPv6 multicast addresses (FF00::/8) Not applicable in IPv6 Unspecified address is :: Loopback address is ::1 Global unicast addresses Site-local addresses (FEC0::/10) Link-local addresses (FE80::/64) Text representation: Colon hexadecimal format with suppression of leading zeros and zero compression. IPv4-compatible addresses are expressed in dotted decimal notation. Network bits representation: Prefix length notation only DNS name resolution: IPv6 host address (AAAA) resource record DNS reverse resolution: IP6.ARPA domain

Network bits representation: Subnet mask in dotted decimal notation or prefix length DNS name resolution: IPv4 host address (A) resource record DNS reverse resolution: IN-ADDR.ARPA domain

Bi 38: OSPF, cng c kin thc li no. Distance vector v link state Khi ta hc v giao thc distance vector th router hc ng i nh neighbors [nh tuyn theo tin n, neighbors bo g nghe ny nh RIP]. Giao thc distance ch tin cy thng tin route ca neighbor. Hc qua EIGRP th c tin b hn t l n nghe tin n nhng n cn xc nhn li xem c ng hay khng [ y l xem ng no tt hn]. EIGRP th nhanh hn nhng ch h tr sn phm cisco. C mt giao thc khc kh hn 2 ci kia nhng hi tn performance mt cht, h tr a chng loi sn phm l OSPF. OSPF th khng nghe tin n nh nhng giao thc kia m n ly ton b thng tin v state [trng thi: links ca router , interfaces, nhng neighbor ca router , v trng thi up/down,ip, subnet,] ca thng gc copy vo link state database ca n ri t tm ra ng i tt nht cho mnh bng thut ton shortest-path-frist [hay cn gi l Dijkstra]. Nhng con bin [ABR: area border router] nm gia nhiu bin c bn topology cho nhiu vng khc nhau. N ch gi tuyn route summary t area khc ra cho area0 [backbone]. Nhng trc khi trao i thng tin th n cn phi thit lp mt mi qua h gi l neighbor. Quan h neighbor s c thit lp nh vo gi nhng gi hellos. Khi router nhn gi hello t neighbor th n kim tra:

Area ID Authentication Networkmask [subnet mask phi ging nhau] HelloInterval, DeadInterval timer [trong mi trng broadcast l hello 10, v Nonbroadcast l 40. DeadInterval gp 4 ln hello]. Sau thi gian dead m khng nhn c hello th b neighbors. C stub V mt s option cu hnh trn interface nhn vo gi hello.

Khi tr thnh neighbor th cc router c th trao i cc gi update cho nhau. Nhng nu nh vy th s tn mt lng bng thng rt ln v mt con s cn trao i vi tt c cc con cn li. => C n(n-1)/2 cc quan h gn [adjacencies] vi nhau. V vy cn tn ti mt qu trnh bu chn con chnh [DR], ch c con chnh l quan h c vi cc con khc, v mt con ph l BDR backup con chnh khi n cht.

Qu trnh bu chn DR, BDR c th xy ra trn mi trng Broadcast v NBMA networks. Qu trnh hnh thnh full adjacency c th din ra qua 7 qu trnh c bn sau. C 2 router A v B vi Router ID tng ng l a v b. 1.Down state Hai router mi gn vo v cu hnh th trng thi Down state [router khng nhn c thng tin t router cn k] 2. Init State Ch c 1 router gi gi tin hello v router kia nhn c nhng cha bit router ID ca chnh n nn ch l 1 chiu. [one way] 3. Two-way state 1 router gi c router ID ca n, router kia nhn c v hi p li vi router ID ca n. trong trng thi ny nu mi trng Ethernet [hay cn gi l multiaccess, hoc broadcast] cng bu chn lun DR v BDR. **Router c u tin ln nht l DR, ln nh l BDR. u tin theo th t sau:

cu hnh priority [ip ospf priority] cu hnh router ID bng lnh [router ID] Loopback c IP cao nht interface vt l c IP cao nht

Router c priotity l 0 th khng tham gia vo qu trnh bu chn DR/BDR.

Bi 39: Ti sao interface serial khng nhn c IP ng t DHCP-server? Cu hi: Trong khi cu hnh DHCP Relay th cu lnh IP helper address A.B.C.D(a ch ca con DHCP) ch tc dng trong kt ni Ethernet(FastEthernet), cn trong kt ni Serial th khng c? V khi cu hnh DHCP client trn Router, mnh cu mnh trn cng Ethernet th n support cn trong kt ni Serial th li khng nh?. Tr li: Cu tr li cho vn ny l cp IP cho client th DHCP server cn bit MAC ca client n c th lu trong c s d liu ca n. Sau ny nu client c xin IP cng da vo bng ny m cp pht li IP cho client.

Nhng serial l dng point-to-point v khng c MAC, cho nn n khng th xin IP t DHCP server c. Do khng c lnh ip address dhcp h tr cho n. i vi interface Ethernet, ta c th xin a ch ip mi nhm mc ch test cho cc bi Lab bng cch sau. R1(config)#int f0/0 R1(config-if)#mac-address aa.aa.aa R1(config-if)#shut R1(config-if)#no sh Sn tin y mnh cng trch mt cht ca CCNA v 2 dng ng gi ph bin ca interface serial. Mc nh serial s c dng HDLC. R1#sh int s1/0 Serial1/0 is up, line protocol is up Hardware is M4T Internet address is 1.1.1.2/8 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, crc 16, loopback not set

Keepalive set (10 sec) Restart-Delay is 0 secs Last input 00:00:05, output 00:00:07, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 97 packets input, 7396 bytes, 0 no buffer Received 93 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 116 packets output, 9881 bytes, 0 underruns 0 output errors, 0 collisions, 5 interface resets 0 output buffer failures, 0 output buffers swapped out 7 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Mt dng tin tin hn so vi HDLC l PPP. Ta c th cu hnh interface serial thnh dng PPP bng lnh sau. R1(config)#int serial 1/0 R1(config-if)#encapsulation ppp R1#sh interfaces serial 1/0 Serial1/0 is up, line protocol is down Hardware is M4T Internet address is 1.1.1.2/8 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Listen, crc 16, loopback not set Keepalive set (10 sec) Restart-Delay is 0 secs Last input 00:00:04, output 00:00:02, output hang never Last clearing of "show interface" counters 00:01:10 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 8 packets input, 184 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 20 packets output, 280 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 2 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up HDLC ch chy c IP (khng h tr IPX, apple talk, ) PPP thm vo trng h tr thm cc giao thc IPX, apple talk, PPP(layer 2) gm c 2 trng chnh: + NCP:giao tip bit IP, IPX, ng gi cho chnh xc. + LCP ng gi khi to ng link, gm 5 phn nh bn trong: - Authentication: PAP: bt tay 2 bc, khng m ha /CHAP: bt tay 3 bc v m ha MD5. - Compress: nn - Multilink: gom nhiu ng li vi nhau lm tng bandwidth ln. - Error detection: kim tra li - Callback. ------------------------------------------------Bi 40: BO MT MNG WLAN - Mng WLAN bn thn n l khng bo mt, tuy nhin, i vi mng c dy nu bn khng c mt s phng nga hay cu hnh bo v no th n cng chng bo mt g. im mu cht to ra mt mng WLAN bo mt v gi n an ton l vic o to nhng ngi trin khai v qun l mng WLAN. o to nhng nh qun tr v mc bo mt c bn v nng cao cho mng WLAN l mt iu ct yu ngn chn nhng l hng bo mt trong mng WLAN. I. Wired Equivalent Privacy (WEP): - WEP l mt thut ton m ha c s dng bi tin trnh xc thc Shared Key Authentication xc thc ngi dng v m ha d liu trn phn on khng dy ca mng LAN. Chun 802.11 yu cu s dng WEP nh l mt phng thc bo mt cho mng khng dy. - WEP l mt thut ton n gin s dng b pht sinh s gi ngu nhin (PRNG = Pseudo-Random Number Generator) v m ha dng (stream cipher) RC4. Trong nhiu nm, thut ton ny c xem nh l mt b mt thng mi v chi tit v n l khng c tit l, nhng vo thng 9 nm 1994, mt ngi no pht tn m ngun ca n trn cc mailing list. RC4 thuc s hu thng mi ca RSADSL. M ha dng RC4 l kh nhanh gii m v m ha, v th n tit kim c CPU, RC4 cng n gin cc nh pht trin phn mm lp trnh n vo trong sn phm ca mnh. - Chng ta ni WEP l n gin, iu c ngha l n kh yu. Thut ton

RC4 c ci t mt cch khng thch hp vo WEP to nn mt gii php bo mt thp hn mc va cho mng 802.11. C 64 bit v 128 bit WEP u c mc yu km nh nhau trong vic ci t 24 bit IV (Initialization Vector) v cng s dng tin trnh m ha c nhiu l hng. Tin trnh ny khi to gi tr ban u cho IV l 0, sau tng IV ln 1 khi mi gi c truyn. Trong mt mng thng xuyn nghn, nhng phn tch thng k cho thy rng tt c cc gi tr IV c th (2^24) s c s dng ht ch trong ngy, iu c ngha l IV s khi to li t 0 t nht mt ln trong ngy. iu ny to ra l hng cho cc hacker. Khi WEP c s dng, IV s c truyn i (m khng m ha) cng vi mi gi tin ( m ha). Cch lm ny to nn nhng l hng bo mt sau: + Tn cng ch ng chn traffic mi: Cc trm di ng khng c quyn (cha c quyn, unauthorized) c th chn cc gi tin vo mng da trn chui d liu bit trc. + Tn cng ch ng gii m traffic: Da trn vic la gt AP + Tn cng bng cch xy dng t in (Dictionary-building): Sau khi thu thp y traffic th WEP key c th b crack dng cc phn mm min ph. Mt khi WEP key b crack th vic gii m cc gi tin theo thi gian thc c th c thc hin bng cch lng nghe cc gi tin c qun b, sau dng WEP key gii m chng. + Tn cng b ng gii m traffic: Bng cch s dng nhng phn tch thng k, WEP traffic c th b gii m. 1. Ti sao WEP c chn: - Nu nh WEP khng bo mt nh vy th ti sao n c chn ci t trong chun 802.11? Khi chun 802.11 c hon tt v thng qua, cc nh sn xut thit b WLAN bt u a sn phm ca h ra th trng. Chun 802.11 xc nh rng thit b phi bo m cc tiu chun v bo mt sau: + C th xut c (exportable) + Kh mnh (reasonable strong) + T ng b ha (self-synchronizing) + Tnh ton mt cch hiu qu (computationally efficient) + Ty chn (optional) - V WEP tha mn c tt c cc yu cu ny. Khi WEP c ci t, n d nh s h tr cc mc tiu bo mt nh tnh tin cy (confidentiality), iu khin truy cp, v tnh ton vn (integrity) d liu. iu tht s xy ra l c qu nhiu nh ph chun ngh rng ch n gin l ci t WEP v chng ta s c mt gii php bo mt ton din cho WLAN. Nhng h cng nhanh chng nhn ra rng WEP khng phi l mt gii php ton din cho bo mt WLAN. Nhng tht may mn cho ngnh cng nghip khng dy v cc thit b WLAN rt ph bin trc khi nhng vn ny c bit n, iu ny lm cho nhiu nh sn xut v cc t chc th 3 kt hp vi nhau to ra cc gii php bo mt cho WLAN. - Chun 802.11 li vic ci t WEP ty thuc vo cc nh sn xut. V th cc nh sn xut ci t WEP key c th ging hoc khc nhau l cho WEP c phn no yu i. Thm ch, chun tng thch wi-fi ca

WECA ch kim tra 40 bit WEP key. Mt s nh sn xut WLAN tm cch m rng WEP trong khi mt s khc li s dng cc chun mi nh 802.1X vi EAP hay VPN. C nhiu gii php trn th trng khc phc c nhng yu im ca WEP. 2. WEP key: - Chc nng chnh ca WEP da trn cc key, l cc yu t c bn cho thut ton m ha. WEP key c ci t vo client v cc thit b h tng trong mng WLAN. Mt WEP key l mt chui k t v s c s dng theo 2 cch. Th nht, WEP key c th c s dng kim tra nh danh xc thc client. Th 2, WEP key c th c dng m ha d liu. - Khi mt client s dng WEP c gng xc thc v kt ni vi AP th AP s xc nh xem client c gi tr WEP key chnh xc hay khng. Chnh xc y c ngha l client c key l mt phn ca h thng phn pht WEP key c ci t trong WLAN. WEP key phi khp c 2 u xc thc (AP v Client). - Mt nh qun tr WLAN c th phn pht WEP key mt cch th cng hay s dng cc phng thc cp cao nh h thng phn pht WEP key. H thng phn pht WEP key c th n gin ch l vic ci t cc key tnh hay cao cp hn nh s dng cc server m ha key tp trung. R rng l cc gii php cao cp hn s gy ra kh khn hn cho cc hacker khi mun t nhp vo mng, - C 2 loi WEP key l 64 bit v 128 bit (i khi bn thng nghe nhc n l 40 bit v 104 bit). iu ny gy ra s hiu nhm. L do cho s hiu nhm ny l WEP c ci t theo cch ging nhau cho c 2 kch thc m ha k trn. Mi WEP key u s dng 24 bit IV kt ni vi key b mt. Chiu di ca key b mt l 40 hoc 104 bit, v th to thnh WEP key 64 v 128 bit. - Vic nhp WEP key tnh vo client hay cc thit b h tng nh Bridge hay AP l hon ton n gin. i khi, s c mt checkbox chn chiu di WEP key s dng, i khi khng c checkbox no, v th admin phi bit phi nhp vo bao nhiu k t khi c yu cu. Thng thng cc phn mm client s cho php nhp vo WEP key theo dng k t s (ASCII) hay theo dng thp lc phn (HEX)

- S k t nhp vo cho key b mt ty thuc vo phn mm cu hnh yu cu dng ASCII hay HEX v s dng 64 bit hay 128 bit. Nu card khng dy ca bn h tr 128 bit, th n cng h tr 64 bit. Nu bn nhp WEP key theo nh dng ASCII th bn s phi nhp 5 k t cho 64 bit v 13 k t cho 128 bit. Nu bn nhp theo dng HEX th phi nhp 10 k t cho 64 bit v 26 k t cho 128 bit. 2.1 WEP Key tnh (static): - Nu bn chn ci t WEP key tnh, bn s phi gn cc WEP key tnh ny mt cch th cng cho cc AP v cc client. Cc WEP key ny s khng bao gi thay i lm cho on mng d b hacker tn cng. V l do ny m WEP key tnh ch thch hp s dng nh l mt phng thc bo mt cn bn cho cc mng WLAN nh, n gin. N khng c khuyn khch s dng cho cc doanh nghip ln. - Khi s dng WEP key tnh, mng s c rt nhiu s h. Hy xem xt trng hp mt nhn vin ri khi cng ty v lm mt card mng khng dy ca h. V WEP key c lu tr trong firmware ca card mng nn card vn c th truy cp vo mng khng dy chng no WEP key trn WLAN cha thay i. - Hu ht cc AP v client c kh nng lu tr 4 WEP key ng thi. Mt l do hu ch cho vic c nhiu WEP key chnh l vic phn on (segment) mng. Gi s rng mng c 100 client, s dung 4 WEP key thay v 1 s phn ngi dng vo 4 nhm khc nhau, mi nhm 25 ngi dng. Nu WEP key b crack th iu c ngha l ch cn thay i WEP key cho 25 client v AP thay v phi thay i ton b mng. - Mt l do khc c nhiu WEP key l trong mi trng hn hp cc card h tr 128 bit v cc card ch h tr 64 bit. Trong trng hp ny, chng ta c th phn ra 2 nhm ngi dng.

2.2 Server m ha key tp trung: - Cc doanh nghip s dng WEP key nh l mt phng thc bo mt c bn cho WLAN th nn s dng cc server m ha key tp trung nu c th v cc l do sau: + Sinh kha tp trung (centralized key generation) + Phn pht kha tp trung (Centralized key distribution) + T ng quay vng kha lc s dng (ongoing key rotation) + Gim chi ph qun l kha - Bt c mt thit b no cng c th hot ng nh l mt server key tp trung. Thng th mt server nh RADIUS server hay cc server ng dng chuyn bit s m nhn vic pht sinh WEP key mi trong thi gian s dng. Bnh thng, khi s dng WEP, key (c gn bi admin) s c nhp mt cch th cng vo client v AP. Khi s dng server key tp trung th mt tin trnh t ng gia client, AP v Server s thc hin tc v phn pht key.

- Server m ha key tp trung cho php t ng sinh key theo tng gi tin (perpacket), tng phin lm vic (per-session) ty thuc vo ci t ca nh sn xut. Vic phn pht WEP key theo per-packet s sinh ra mt WEP key mi

cho c 2 u kt ni i vi tng gi tin c truyn i, trong khi per-session s dng WEP key mi cho mi phin lm vic gia cc node. Ch l vic s dng per-packet s ngn nhiu bng thng mng hn l per-session. 2.3 S dng WEP: - Khi WEP c khi to, phn d liu ca gi tin truyn s c m ha, tuy nhin, mt phn header ca gi tin (bao gm MAC address) l khng c m ha. Tt c nhng thng tin lp 3 bao gm a ch ngun, a ch ch u c m ha bi WEP. Khi mt AP gi ra mt Beacon trong mng WLAN s dng WEP, Beacon ny cng khng c m ha. Hy lu l Beacon khng cha thng tin lp 3 no. - Khi cc gi tin c gi s dng m ha WEP, nhng gi tin phi c gii m mi c th s dng c. Vic gii m ny lm tiu tn ti nguyn CPU v gim hiu qu bng thng trn WLAN i khi l rt ng k. Mt s nh sn xut ci t thm CPU vo AP ca h nhm mc ch thc hin m ha v gii m WEP. Nhiu nh sn xut ci t m ha v gii m WEP bng phn mm v s dng chung CPU cho vic qun l AP, truyn gi tin Nhng AP ny s b nh hng ln nu nh c s dng WEP. Bng vic ci t WEP trong phn cng th c v nh l AP s duy tr c bng thng 5 Mbps (hay nhiu hn) khi WEP c s dng. im bt li ca gii php ny l n lm tng chi ph cho cc AP cp cao. - WEP c th c trin khai nh l mt c ch bo mt c bn nhng nh qun tr mng cn phi bit nhng yu im ca WEP v cch khc phc chng. Admin cng nn bit rng mi nh sn xut khc nhau s ci t WEP khc nhau lm cho vic s dng sn phm ca nhiu nh sn xut khc nhau gp kh khn. 3. Advantage Encryption Standard (AES): - AES t c mt s chp nhn nh l mt s thay th xng ng cho thut ton RC4 c s dng trong WEP. AES s dng thut ton Rijndale c chiu di key ln lt l 128 bit, 192 bit v 256 bit - AES c xem nh l khng th crack c bi hu ht cc chuyn gia mt m v National Institute of Standard and Technology (NIST) chn s dng AES cho chun x l thng tin lin bang (FIPS = Federal Information Processing Standard). Nh l mt phn ca n lc ci tin chun 802.11, ban lm vic 802.11i xem xt s dng AES trong phin bn WEPv2 - AES c thng qua bi nhm lm vic 802.11i s dng trong WEPv2 s c ci t trong firmware v software bi cc nh sn xut. AP firmware v Client firmware (PCMCIA card) s phi nng cp ln c th h tr AES. Cc phn mm trn client (driver v ng dng) s h tr cu hnh AES vi key b mt.

Bi 41:

CC KIU TN CNG TRN MNG WLAN

- Hacker c th tn cng mng WLAN bng cc cch sau: + Passive Attack (eavesdropping) + Active Attack (kt ni, thm d v cu hnh mng) + Jamming Attack + Man-in-the-middle Attack - Cc phng php tn cng trn c th c phi hp vi nhau theo nhiu cch khc nhau 1. Passive Attack (eavesdropping): - Tn cng b ng (passive) hay nghe ln (eavesdropping) c l l mt phng php tn cng WLAN n gin nht nhng vn rt hiu qu. Passive attack khng li mt du vt no chng t c s hin din ca hacker trong mng v hacker khng tht kt ni vi AP lng nghe cc gi tin truyn trn on mng khng dy. WLAN sniffer hay cc ng dng min ph c th c s dng thu thp thng tin v mng khng dy khong cch xa bng cch s dng anten nh hng. Phng php ny cho php hacker gi khong cch vi mng, khng li du vt trong khi vn lng nghe v thu thp c nhng thng tin qu gi. - C nhiu ng dng c kh nng thu thp c password t nhng da ch HTTP, email, instant message, phin lm vic FTP, telnet. Nhng kiu kt ni trn u truyn password theo dng clear text (khng m ha). Nhiu ng dng c th bt c password hash (mt m c bm) truyn trn on mng khng dy gia client v server lc client ng nhp vo. Bt k thng tin no truyn trn on mng khng dy theo kiu ny u rt d b tn cng bi hacker. Hy xem xt nhng tc ng nu nh hacker c th ng nhp vo mng bng thng tin ca mt ngi dng no v gy ra nhng thit hi cho mng. Hacker l th phm nhng nhng thng tin log c li ch n ngi dng m hacker ng nhp vo. iu ny c th lm cho nhn vin mt vic. - Mt hacker c th u trong bi u xe, dng nhng cng c t nhp vo mng WLAN ca bn. Cc cng c c th l mt packet sniffer, hay mt s phn mm hacking min ph c th crack c WEP key v ng nhp vo mng. 2. Active Attack: - Hacker c th tn cng ch ng (active) thc hin mt s tc v trn mng. Mt cuc tn cng ch ng c th c s dng truy cp vo server v ly c nhng d liu c gi tr hay s dng ng kt ni Internet ca doanh nghip thc hin nhng mc ch ph hoi hay thm ch l thay i cu hnh ca h tng mng. Bng cch kt ni vi mng khng dy thng qua AP, hacker c th xm nhp su hn vo mng hoc c th thay i cu hnh

ca mng. V d, mt hacker c th sa i thm MAC address ca hacker vo danh sch cho php ca MAC filter trn AP hay v hiu ha tnh nng MAC filter gip cho vic t nhp sau ny d dng hn. Admin thm ch khng bit c thay i ny trong mt thi gian di nu nh khng kim tra thng xuyn. - Mt s v d in hnh ca active attack c th bao gm cc Spammer hay cc i th cnh tranh mun t nhp vo c s d liu ca cng ty bn. Mt spammer (k pht tn th rc) c th gi mt lc nhiu mail n mng ca gia nh hay doanh nghip thng qua kt ni khng dy WLAN. Sau khi c c a ch IP t DHCP server, hacker c th gi c ngn bc th s dng kt ni internet ca bn m bn khng h bit. Kiu tn cng ny c th lm cho ISP ca bn ngt kt ni email ca bn v lm dng gi nhiu mail mc d khng phi li ca bn.

- i th cnh tranh c th mun c c danh sch khch hng ca bn cng vi nhng thng tin lin h hay thm ch l bng lng c mc cnh tranh tt hn hay ginh ly khch hng ca bn. Nhng kiu tn cng ny xy ra thng xuyn m admin khng h hay bit. - Mt khi hacker c c kt ni khng dy vo mng ca bn, hn c th truy cp vo server, s dng kt ni WAN, Internet hay truy cp n laptop, desktop ngi dng. Cng vi mt s cng c n gin, hacker c th d dng thu thp c nhng thng tin quan trng, gi mo ngi dng hay thm ch gy thit hi cho mng bng cch cu hnh sai. D tm server bng cch qut cng, to ra phin lm vic NULL chia s hay crack password, sau ng nhp vo server bng account crack c l nhng iu m hacker c th lm i vi mng ca bn.

3. Jamming (tn cng bng cch gy nghn): - Jamming l mt k thut c s dng ch n gin lm hng (shut down) mng khng dy ca bn. Tng t nh nhng k ph hoi s dng tn cng DoS vo mt web server lm nghn server th mng WLAN cng c th b shut down bng cch gy nghn tn hiu RF. Nhng tn hiu gy nghn ny c th l c hay v v c th loi b c hay khng loi b c. Khi mt hacker ch ng tn cng jamming, hacker c th s dng mt thit b WLAN c bit, thit b ny l b pht tn hiu RF cng sut cao hay sweep generator. - loi b kiu tn cng ny th yu cu u tin l phi xc nh c ngun tn hiu RF. Vic ny c th lm bng cch s dng mt Spectrum Analyzer (my phn tch ph). C nhiu loi Spectrum Analyzer trn th trng nhng bn nn dng loi cm tay, dng pin cho tin s dng. Mt cch khc l dng cc ng dng Spectrum Analyzer phn mm km theo cc sn phm WLAN cho client.

Khi ngun gy ra jamming l khng th di chuyn c v khng hi gy nh thp truyn thng hay cc h thng hp php khc th admin nn xem xt s dng dy tn s khc cho mng WLAN. V d, nu admin chu trch nhim thit k v ci t mng WLAN cho mi trng rng ln, phc tp th cn phi xem xt k cng. Nu nh ngun nhiu RF tri rng hn 2.4 Ghz nh b m, l vi sng th admin nn s dng nhng thit b theo chun 802.11a hot ng trong bng tn 5 Ghz UNII thay v s dng nhng thit b 802.11b/g hot ng trong bng tn 2.4 Ghz s d b nhiu. - Jamming do v xut hin thng xuyn do nhiu thit b khc nhau chia s chung bng tn 2.4 ISM vi mng WLAN. Jamming mt cch ch ng thng khng ph bin lm, l do l bi v thc hin c jamming th rt tn km, gi ca thit b rt mc tin, kt qu t c ch l tm thi shut down mng trong thi gian ngn.

4. Man-in-the-middle Attack: - Tn cng theo kiu Man-in-the-middle l trng hp trong hacker s dng mt AP nh cp cc node di ng bng cch gi tn hiu RF mnh hn AP hp php n cc node . Cc node di ng nhn thy c AP pht tn hiu RF tt hn nn s kt ni n AP gi mo ny, truyn d liu c th l nhng d liu nhy cm n AP gi mo v hacker c ton quyn x l. - lm cho client kt ni li n AP gi mo th cng sut pht ca AP gi mo phi cao hn nhiu so vi AP hp php trong vng ph sng ca n. Vic kt ni li vi AP gi mo c xem nh l mt phn ca roaming nn ngi dng s khng h bit c. Vic a ngun nhiu ton knh (all-band interference - chng hn nh bluetooth) vo vng ph sng ca AP hp php s buc client phi roaming. - Hacker mun tn cng theo kiu Man-in-the-middle ny trc tin phi bit c gi tr SSID l cc client ang s dng (gi tr ny rt d dng c c). Sau , hacker phi bit c gi tr WEP key nu mng c s dng WEP. Kt ni upstream (vi mng trc c dy) t AP gi mo c iu khin thng qua mt thit b client nh PC card hay Workgroup Bridge. Nhiu khi, tn cng Man-in-the-middle c thc hin ch vi mt laptop v 2 PCMCIA card. Phn mm AP chy trn my laptop ni PC card c s dng nh l mt AP v mt PC card th 2 c s dng kt ni laptop n AP hp php gn . Trong cu hnh ny, laptop chnh l man-in-the-middle (ngi gia), hot ng gia client v AP hp php. T hacker c th ly c nhng thng tin gi tr bng cch s dng cc sniffer trn my laptop.

im ct yu trong kiu tn cng ny l ngi dng khng th nhn bit c. V th, s lng thng tin m hacker c th thu c ch ph thuc vo thi gian m hacker c th duy tr trng thi ny trc khi b pht hin. Bo mt vt l (Physical security) l phng php tt nht chng li kiu tn cng ny.

Bi 42: CC KHUYN CO V BO MT WLAN 1. WEP: - Khng nn ch da vo WEP cho d bn ci t mt gii php bo mt tt n th no i na. Mt mi trng khng dy ch c bo v bi WEP l mt mi trng hon ton khng an ton. Khi s dng WEP, khng nn s dng WEP key c lin quan n SSID hay cng ty. Hy to ra mt WEP key kh nh v kh nhn bit c. Trong nhiu trng hp, WEP key c th on ra m ch cn nhn vo SSID hay tn ca cng ty. WEP ch nn c s dng gim nhng nguy c nh nghe trm tnh c ch khng nn l mt gii php bo mt duy nht. 2. Kch thc Cell: - gim nguy c b nghe ln, admin nn m bo rng kch thc cell ca AP l hp l. Phn ln cc hacker thng tm nhng v tr c sng RF v t c bo v nht nh va h, bi u xe t nhp vo mng khng dy. V th, cc AP khng nn pht tn hiu mnh n bi u xe (hay cc v tr khc) tr khi tht s cn thit. Cc AP dnh cho doanh nghip cho php cu hnh cng sut pht, rt hiu qu iu khin kch thc ca cell xung quanh AP. Nu k nghe ln trong bi u xe ca cng ty khng bt c sng RF ca AP th s khng c cch no xm nhp c mng nn mng s c bo v khi kiu tn cng ny. - Thng th cc admin b hp dn bi vic thit lp mc cng sut pht ti a trn tt c cc thit b WLAN nhm t c throughput cng nh vng bao ph ti a, nhng cch cu hnh m qung nh vy s tr gi rt t cho an ton ca mng WLAN. Kch thc cell thch hp ca mt AP trong mt vng no nn c document cn thn li lc cu hnh AP. Trong mt s trng hp c th ci t 2 AP ( cng mt v tr) vi kch thc cell nh hn gim nguy c b tn cng. - Hy c t AP trung tm ca ta nh, iu ny s lm gim nguy c r r tn hiu ra bn ngoi vng bao ph mong mun. Nu bn ang s dng mt anten lp ngoi th nn chn kiu anten thch hp gim thiu kch thc ph sng va . Hy tt AP khi khng cn s dng, iu ny s gip gim nguy c tn cng cng nh b st nh. 3. Xc thc ngi dng: - Bi v xc thc ngi dng chnh l im yu nht trong mng WLAN v chun 802.11 khng ch nh mt phng thc no xc thc ngi dng nn iu cn thit i vi admin l ci t mt phng thc xc thc da trn ngi dng (user-based) cng sm cng tt khi ci t h tng mng WLAN. Xc thc ngi dng nn da trn nhng c ch khng ph thuc thit b nh username, password, sinh trc hc, smart card, h thng token-based, hay cc phng thc xc thc khc nh danh ngi dng (ch khng phi l thit b). Gii php bn trin khai nn h tr xc thc 2 chiu gia Server xc thc (RADIUS) v cc client khng dy.

- RADIUS l mt chun thc t trong cc h thng xc thc ngi dng c s dng ph bin trn th trng cng ngh thng tin. AP s gi mt yu cu xc thc ngi dng n RADIUS server (user authentication request), RADIUS server ny c th c c s d liu ngi dng tch hp hay c th chuyn authentication request n mt domain controller, mt NDS server, mt Active Directory server hay thm ch l mt h thng tng thch LDAP. Mt s nh cung cp RADIUS cn h tr cc giao thc xc thc mi nht nh EAP. - Vic qun l mt RADIUS server c th l rt n gin hoc rt phc tp ty thuc vo vic ci t. Bi v cc gii php bo mt khng dy l rt nhy cm nn cn cn thn khi chn mt gii php RADIUS server m bo cc admin c th qun tr. 4. S cn thit ca bo mt: - Hy chn la mt gii php bo mt thch hp vi nhu cu v ngn sch ca cng ty cho c hin ti ln tng lai. Mng WLAN c c s ph bin nhanh nh vy l do tnh d ci t ca chng. Gi s mt mng WLAN bt u vi mt AP v 5 ngi dng c th pht trin nhanh chng ln 15 AP v 300 ngi dng trn ton b campus ca cng ty. V th, c ch bo mt s dng cho 1 AP khng cn thch hp na khi s lng ngi dng tng ln n 300 ngi. Cng ty c th lng ph tin bc vo cc gii php bo mt m c th nhanh chng b li thi khi WLAN pht trin. Trong nhiu trn hp, cc cng ty c sn IDS (Intrusion Detection System), firewall hay RADIUS servaer, khi quyt nh la chn gii php bo mt khng dy th hy tn dng nhng thit b c sn gim chi ph xung thp nht c th. 5. S dng cc cng c bo mt khc: - Tn dng nhng cng ngh sn c nh VPN, Firewall, H thng pht hin xm nhp (IDS = Intrusion Detection System), cc giao thc v chun nh 802.1X, EAP, xc thc ngi dng vi RADIUS s gip cho mng khng giy c an ton hn nhiu so vi yu cu ca chun 802.11. Chi ph v thi gian ci t nhng gii php ny ty thuc vo ln ca doanh nghip. 6. Gim st nhng phn cng gi mo: - pht hin c nhng AP gi mo th bn nn thng xuyn kim tra cc AP hin c ca mnh nhng khng nn thng bo rng ri iu ny. Ch ng pht hin v loi b nhng AP gi s gip chng li hacker v cho php admin duy tr v iu khin mng mt cch an ton. Thng xuyn kim tra bo mt xc nh nhng AP c cu hnh sai c th gy nguy him cho mng. Cu hnh hin ti nn c so snh vi nhng cu hnh lu trc bit c liu ngi dng hay hacker thay i cu hnh ca AP hay cha. Bn cng c th ci t v gim st vic truy nhp ca ngi dng nhm mc ch pht hin nhng truy nhp tri php trn phn on mng khng dy. Kiu gim st ny c th gip tm li nhng thit b khng dy b mt.

7. Switch, not Hub: - Mt chnh sch khc nn c tun th l lun lun kt ni AP vi Switch thay v Hub. Hub l mt thit b broadcast, v th, mi gi tin m Hub nhn c s c pht ra trn tt c cc port ca Hub. Nu AP c kt ni vi Hub th mi gi tin truyn trong mng c dy s c broadcast ra mng c dy. iu ny s gip hacker thu thp thm c nhng thng tin gi tr nh password hay IP address. 8. Wireless DMZ: Mt tng khc trong bo mt mng WLAN l to ra mt vng phi qun s khng dy (WDMZ = Wireless Demilitarized Zone). Vic to ra nhng WDMZ ny s dng Firewall hay Router c th tn km ty thuc vo mc ca vic ci t. WDMZ thng c ci t nhng mi trng WLAN trung bnh v ln. V AP l mt thit b khng an ton v khng ng tin v th, chng nn c cch ly khi nhng on mng khc bng mt Firewall.

9. Cp nht Firmware v Software: - Bn nn thng xuyn cp nht firware v driver cho AP v card mng. Vic s dng firmware v driver phin bn mi nht s gip trnh c nhng l hng bo mt bit, v chng c cc nh sn xut v nhng l hng ny cng nh thm vo cc tnh nng mi.

Bi 43: L HNG SSID TRONG MNG WIRELESS 1. Tnh nng qung b SSID: - Cc wireless network admin thng hay tt tnh nng qung b Service Set Identifier (SSID) trn Access Point (AP) hay router nhm mc ch bo mt. Thm ch mt ngi khi bit ni c th truy nhp mng khng dy th h vn khng th kt ni c nu h khng bit SSID. - V vy, vic lm n SSID bng cch tt tnh nng qung b SSID c th ngn chn vic truy nhp tri php vo mng. Tuy nhin, ng iu ny nh la nhn thc v bo mt ca bn. Mt ngi vi thit b cn thit vn c th d dng ly c SSID ca mng. - Theo cu hnh mc nh, cc beacon c gi bi AP hay router s cha cc SSID thng bo cho cc client trong vng ca mnh. Cc SSID ny c hin th trong Windows XP nh l cc mng sn c. Tuy nhin, khi tt tnh nng qung b SSID th beacon s khng cha SSID na, iu ny s ngn chn vic hin th mng trong Windows XP. Nu n c s dng vi cc phng thc m ha khc th c th gip bo v mng ca bn. 2. Pht hin SSID khi n khng c qung b: - Tuy nhin, vic tt tnh nng qung b SSID trn AP hay router s khng th ngn chn c cc hacker hay war driver pht hin ra mng khng dy v thm ch l c SSID na. Cc hacker c th s dng phn mm hp l nh AirMagnet l c th d dng pht hin ra SSID cho d n c c qung b trong beacon hay khng. - AirMagnet s chp ly SSID t cc gi tin c gi trong mng gia cc client. SSID c cha trong cc association request, v trong mt s trng hp c probe request v probe response u cha n mc d bn tt tnh nng qung b SSID ri. V d, SSID ca mng c th b chp ly bi AirMagnet khi mt client trong mng boot up thc hin vic kt ni vo mng khng dy, lc client s gi gi tin association request n AP c th kt ni vo mng khng dy. - Hacker v war driver c th s dng cc cng c khc nh AirJack cng c hiu qu tng t. Cc cng c ny lm vic bng cch gi mt gi tin deassociation gi n mt client no . iu ny s lm cho client thc hin vic re-authentication v re-association vi AP. Cc cng c ny s nhanh chng chp ly SSID ca mng t cc gi tin association request. 3. Cc iu cn nh: - Vic b tnh nng qung b SSID ch c th gip bo v mng ca bn bng cch n n trc nhng ngi dng bnh thng. - S dng tnh nng n SSID khng c ngha l bn khng cn cn n WAP hay WPA bo mt mng. - Cc cng c pht hin v phn tch lun lun sn c bt c khi no, cho d bn c s dng phng php bo mt no i na.

Bi 44: CHNH SCH BO MT CHO DOANH NGHIP S DNG WLAN - Mi cng ty s dng WLAN nn c mt chnh sch bo mt trong a ra cc mi nguy him m mng WLAN c th gp phi. V d, nu kch thc cell khng thch hp th s cho php cc hacker c th kt ni vo mng t ngoi ng hay bi u xe, v th bn nn a chi tit ny vo trong chnh sch bo mt. Cc chi tit khc c th c trong chnh sch bo mt bao gm mt m, WEP key, s dng cc gii php bo mt cao cp, thng xuyn kim k phn cng WLAN Ngoi ra cn c nhiu yu t khc ty thuc vo nhu cu bo mt ca cng ty cng nh mc rng ln ca mng WLAN. - Li th ca vic c, ci t v duy tr mt chnh sch bo mt vng chc l rt nhiu. Ngn chn vic mt trm d liu, ngn chn nhng k ph hoi hay gin ip, bo v b mt kinh doanh - Khi u ca mt chnh sch bo mt chnh l qun l. Nhn din c nhng nhu cu v bo mt v y thc nhim v phi to ra c mt ti liu thch hp bao gm chnh sch bo mt cho WLAN l mt u tin hng u. Trc tin, ngi chu trch nhim bo mt WLAN phi c o to v mt cng ngh. Tip theo, nhng chuyn gia c o to phi lm vic vi cp trn thng nht v mt chnh sch bo mt cho cng ty. i ng cc c nhn c o to ny sau c th xy dng nn mt danh sch cc yu cu m nu tun th theo s m bo cho mng khng dy c bo v ging nh mng c dy. 1. Gi nhng thng tin nhy cm c b mt: - Mt s iu m ch c admin mi nn bit bao gm: + Username v password ca AP hay Bridge + SNMP strings + WEP key + MAC address list Vic gi nhng thng tin ny trong tay nhng ngi ng tin cy, nhng c nhn ti nng nh admin l iu rt quan trng bi v nhng k ph hoi hay hacker c th d dng s dng nhng thng tin ny truy cp vo mng v cc thit b mng. Nhng thng tin ny c th c lu tr theo nhiu cch an ton khc nhau. Trn th trng hin nay c cc ng dng s dng m ha rt mnh dnh cho mc ch lu tr nhng thng tin nhy cm. 2. Physical Security: - Mc d physical secirity l rt quan trng i vi mng c dy truyn thng nhng n li cng quan trng hn i vi nhng cng ty c s dng cng ngh WLAN. V hacker c th khng cn phi trong ta nh mi c th kt ni vo mng c m ch cn ngoi ng hay bi u xe l . Thm ch nhng phn mm pht hin xm nhp l khng ngn chn cc hacker nh cp nhng thng tin nhy cm. Tn cng b ng khng h li du vt no trn mng bi v hacker khng tht s kt ni vo mng m ch lng nghe. Hin nay c nhng ng dng c th lm cho card mng hot ng trong ch hn hp

(promiscuous mode) cho php truy cp d liu m khng cn phi thit lp kt ni. - Khi WEP l gii php bo mt duy nht trong mng WLAN th bn nn kim sot chc ch nhng user ang s dng thit b khng dy thuc s hu ca cng ty, chng hn nh khng cho php h mang nhng thit b ra khi cng ty. V WEP key c lu tr trong firmware ca thit b, v th thit b i n u th im yu nht ca mng nm . Admin nn bit ai, u v khi no cc PC card b em ra khi cng ty. - Admin nn bit mt iu l WEP bn thn n khng phi l mt gii php bo mt an ton. Thm ch vi vic kim sot chc ch nh trn nhng khi card b nh ri hay lm mt th ngi s dng phi c trch nhim bo co s mt mt ngay lp tc cho admin admin c th a ra mt s bin php ngn nga cn thit. y, admin c th thit lp li MAC filter hay thay i WEP key - Vic thng xuyn tm kim quanh cng ty pht hin nhng hnh ng kh nghi l mt cch hiu qu gim nhng nguy c tim n. Nhn vin bo v nn c hun luyn nhn bit c nhng phn cng 802.11 l v cnh bo cho cng ty tm kim nhng k ph hoi ang n np u trong ta nh. 3. Kim k thit b WLAN v mc bo mt: - Nh l mt phn b sung cho chnh sch bo mt vt l, tt c cc thit b WLAN nn thng xuyn c kim k thng k cc truy nhp hp php cng nh ngn chn vic s dng cc thit b khng dy mt cch tri php. Nu nh mng qu ln v c qu nhiu thit b khng dy th vic thng xuyn kim k thit b l khng thc t. Trong trng hp ny, chng ta nn ci t mt gii php bo mt khng da trn phn cng m da trn username v password hay cc gii php khc. i vi mng va v nh th vic kim k hng thng hay hng qu s gip bit c nhng mt mt v thit b. - Thng xuyn scan mng bng sniffer tm kim nhng thit b gi mo l mt bc quan trng gip bo mt mng. Hy xem xt trng hp mt mng khng dy phc tp (v mc tin ) c ci t vi chnh sch bo mt hp l. Nhng nu mt ngi dng t ci t thm mt AP trong mng th iu ny c th s to ra nhng l hng cho hacker li dng v n cng ph v cc chnh sch bo mt tt (v mc tin) c ci t. - Kim k v phn cng cng nh mc bo mt nn c document li trong chnh sch bo mt ca cng ty. Cc bc thc hin, cc cng c c s dng v cc bo co nn c r rng trong chnh sch bo mt v cng vic nhm chn ny khng nn lm mt cch s si. Cc nh qun l nn thng xuyn nhn c nhng bo co kiu ny t cc admin. 4. S dng cc gii php bo mt cao cp: - Cc cng ty c s dng mng WLAN nn tn dng nhng u im ca cc c ch bo mt hin c trn th trng. Mt yu cu vi chnh sch bo mt l bt k mt s ci t no ca cc c ch bo mt u phi c document li mt cch r rng. Bi v nhng cng ngh ny kh mi, c quyn v thng c

s dng kt hp vi cc giao thc hay cng ngh bo mt khc nn chng phi c document li lc c nhng l hng xut hin th admin c th xc nh u v lm th no m l hng li xut hin. - Bi v c t ngi trong nghnh cng nghip cng ngh thng tin c o to bi bn v cng ngh khng dy nn nhng s xut ca ngi s dng c th lm hng mng hay li nhng l hng cho hacker. Nhng sai lm ny ca cc nhn vin l mt l do rt quan trng cho vic phi document mt cch r rng tnh nng bo mt ci t. 5. Mng khng dy cng cng: - Mt iu khng th trnh khi l cc nhn vin vi thng tin nhy cm trn my laptop ca h s kt ni vi mng khng dy cng cng. Mt yu cu nn c trong chnh sch bo mt l buc tt c cc nhn vin chy cc phn mm tng la (firewall) c nhn v cc phn mm antivirus trn my tnh laptop ca h. Hu ht cc mng khng dy cng cng c rt t hot khng c mt c ch bo mt no nhm lm tng tnh n gin cho ngi s dng lc kt ni ng thi cng lm gim nhng yu cu v h tr k thut t ngi s dng. - Thm ch nhng upstream server trn on mng c dy c bo v th ngi dng khng dy vn c nguy c b tn cng. Hy xem xt tnh hung trong hacker ngi sn bay s dng cc im nng wi-fi (wi-fi hot spot). Hacker ny c th sniff (lng nghe, iu tra ) mng WLAN ly c username, password, ng nhp vo h thng i cho ngi dng cng ng nhp vo. Sau hacker c th dng ping scan qua ton b subnet tm kim nhng ngi dng khc v bc u hack vo laptop ca h. 6. Gii hn v theo di truy cp: - Hu ht mng LAN ca doanh nghip u c mt s phng php no gii hn v theo di s truy cp ca nhn vin trong mng LAN. Thng thng th h thng s c trin khai dch v AAA (Authentication, Authorization, Accounting). Dch v ny cng nn c document li v ci t nh l mt phn ca bo mt mng WLAN. Dch v AAA s cho php doanh nghip gn quyn truy cp n mt lp ngi dng no . V d, khch hng ch c cho php s dng internet trong khi nhn vin s c truy cp n server ni b v internet. - Vic lu gi nhng thng tin v quyn truy cp ca user cng nhu nhng thao tc h thc hin s l mt bng chng quan trng bit c ai lm g trn mng. Chng hn, nu nhn vin ang ngh php v trong sut k ngh php account ca h c s dng lin tc th c th bit c account b hacker bit c password. C c nhng thng tin v cc thao tc lm s gip cho admin bit c iu g tht s xy ra vi mng c bin php i ph thch hp

Bi 45: CC VN CN XEM XT KHI TRIN KHAI WLAN Sau khi bn kt thc site survey v c c bn trin khai vt l, bn c th chuyn sang bc tip theo ca qu trnh trin khai. Mt mng WLAN bo mt i hi phi c AAA Server nh RADIUS cho php xc thc theo ngi dng. Hn na, bn nn trin khai 1 c ch qun l WLAN. 1. Cc vn cn xem xt khi trin khai 802.1X: - Gii php 802.1X yu cu phi c AAA server cung cp xc thc theo ngi dng. AAA server thng c t trung tm d liu (data center) c bo v. V n nm layer 3 v c tc chuyn mch ca ng dy (wire-speed) nn bn c th o t c tr ca mng gia bin mng (network edge) v data center vo khong vi milisecond hay thm ch microsecond. - Vic trin khai 802.1X tr nn phc tp hn khi phi trin khai qua kt ni WAN. Kt ni WAN thng c bng thng (bandwidth) thp hn so vi kt ni LAN v kt qu l nghn c th xut hin trn nhng kt ni ny. Nghn c th c nhng nh hng ng k ln xc thc 802.1X v n c th drop (hy b) nhng gi tin RADIUS lm cho vic xc thc ca trm client b time out nh c minh ha trong hnh di.

- Bn c th hn ch nh hng bng 2 cch sau: + S dng QoS u tin cc gi tin 802.1X RADIUS c truyn qua kt ni WAN + Ci t AAA server cc b chi nhnh u tin gi tin 802.1X RADIUS s dng IP QoS: - Phng php ny cung cp u tin cho cc gi tin 802.1X khi kt ni WAN xy ra nghn. i vi cc mng trin khai QoS h tr cc ng dng VoIP th hu nh chng ta khng cn cu hnh g thm. - VoIP thng c gi tr IP Precedence bng 5 v gi tr DSCP (Differentiated

Service Code Point) l EF (Expedited Forwarding). Video c IP Precedence bng 4 v DSCP l AF41 n AF43. Cc giao thc iu khin cuc gi VoIP (MGCP hay H.323) c IP Precedence bng 3 v DSCP l AF31 n AF33. Cc gi tin 802.1X RADIUS c th c xem nh l control traffic nn c th xp vo IP Precedence bng 3 v DSCP l AF31 n AF33. Bng di y tm tt cc gi tr ny.

- Vic s dng QoS u tin traffic ca 802.1X RADIUS khng gii quyt c ht mi vn lin quan n vic xc thc t xa. Cc vn sau vn lun tn ti: + Khng c dch v WAN (WAN outage) + tr ca WAN - Nu kt ni WAN b t th trm client khng th truy cp vo WLAN cng nh ti nguyn cc b. Vi kt ni WAN c tr rt cao nh v tinh cng c nhng nh hng xu n qu trnh xc thc v n c th lm cho vic xc thc b time out lm cho hiu nng hot ng ca station b gim st nghim trng. Xc thc cc b chi nhnh: - Xc thc cc b chi nhnh dng nh l mt gii php tt gii quyt vn , nhng n cng khng phi l mt cng c cha c bch bnh. Vic trin khai AAA server chi nhnh c nhng vn sau: + Chi ph i vi nhng cng ty c nhiu chi nhnh th cn t nht 1 server mi chi nhnh + Kh nng qun l - S lng authentication server c th ln n hng ngn ty thuc vo s trin khai - Vic phi ti to li c s d liu ngi dng cho mt lng ln cc chi nhnh c th l mt vn kh thc hin - Vic truy cp ca admin c th l mt vn nu nh cc admin chi nhnh cn thng xuyn truy cp vo server trung tm - Mt s nh sn xut nh Cisco tch hp authentication server vo trong AP gip ngi dng tit kim chi ph v nhng rc ri lin quan n vic qun l AAA server cc b nh c minh ha trong hnh di

2. Qun l WLAN: - Qun l mng ni chung v qun l WLAN ni ring l mt ch ln v cn phi c mt sch khc ni v chng. Phn ny ch a ra mt s khi nim quan trng ni bt nht cn phi xem xt trong sut qu trnh trin khai. - Trong bt k kiu mng no, bn khng th qun l nhng g m bn khng th o t c - Trong cc mng ln, c th ln n hng ngn thit b cn c qun l. Trong cc trin khai mng WLAN cho mt doanh nghip ln khng him khi ta thy s lng AP nhiu gp 3 ln bnh thng. WLAN c th s nh hng chnh n vic bn s qun l mng nh th no. c c mt mng WLAN hot ng ng tin cy nh mng LAN v gim thiu nhng phc tp trong vic qun l th bn cn phi c mt gii php qun l trong bao gm vic qun l WLAN. - Nhng nh ph chun WLAN u tin gp nhng kh khn v gnh nng qun l trong WLAN. Hu ht cc gi qun l gi r rt kh m rng n hng ngn thit b m khng phi s dng nhiu trm qun l, v khng c mt gii php no a ra nhng chc nng qun l sng v tuyn (RF). Nhng thiu st ny lm cho vic trin khai WLAN c hiu nng hot ng ngho nn v buc admin phi t pht trin nhng cng c ring ca h qun l WLAN mt cch hiu qu. - Nhiu gii php qun l WLAN cung cp cc dch v qun l ging vi mng c dy nh: SNMP, gim st li, thu thp cc by li (trap), phn phi cu hnh, phn phi firmware Tuy nhin, khng c gii php no cho admin c ci nhn su hn v bn thn mng v tuyn. Hiu nng ca WLAN khc nhau rt ln trong cc ci t khc nhau. Vt liu ca tng v v tr ca nhiu bn ngoi nh l vi sng c th nh hng n hiu nng ca WLAN. Ngoi ra th cc thit b Bluetooth, ad-hoc client v mng WLAN ca hng xm s lm suy gim hiu nng ca WLAN n mc khng th s dng c. - Vic qun l c sng v tuyn s cho php admin nhn thy c cc vn

 nh vy v ty thuc vo cc gii php ci t m n c th t ng iu khin cc tham s ca radio (sng v truyn) nh la chn knh/tn s v cng sut truyn ca client/AP thch nghi vi mi trng RF. Kt lun: - Quyt nh ca bn khi trin khai mng WLAN l iu quan trng ti u mng WLAN: + Kiu ngi dng no s s dng WLAN? (c tnh di ng cao hay ch thnh thong) + Kiu ng dng no m nhng ngi dng ny s s dng trong WLAN? -Mc d 2 cu hi ny l rt c bn v hu nh bn thn n t gii thch nhng chng vn thng b b qun trong lc trin khai. Chng l nn tng cho vic tit kim chi ph trong sut qu trnh trin khai, chnh l trong vic la chn kiu trin khai coverage-oriented hay capacity-oriented. - Mt khi bn chn c kiu trin khai th vic bit c cc cng c thc hin site survey cng nh cc trng hp site survey thc t c th gip bn tit kim thi gian v tin bc cho mt cng vic nhm chn v tn thi gian. Ngy nay, site survey l mt cng vic th cng c ngha l ngi kho st s phi thc hin tt c cc o t cng nh tnh ton. Cng vi s pht trin ca WLAN th cc cng c qun l cng gip t ng mt s tin trnh ny. ---------------------------------------Bi 46:

CC CNG NGH CNH TRANH VI WLAN

C nhiu cng ngh cnh tranh vi cc chun 802.11. Khi nhu cu kinh doanh thay i v cng ngh c ci tin th vn lin tc c nhiu chun mi c to ra h tr cho th trng. y chng ta xt nhng cng ngh sau: + HomeRF + Bluetooth + Infrared + OpenAir 1. HomeRF - HomeRF hot ng trong bng tn 2.4 Ghz v s dng cng ngh nhy tn (frequency hopping). Cc thit b HomeRF nhy khong 50 hop trong mt giy khong 5 n 20 ln nhanh hn cc thit b 802.11 FHSS. Phin bn mi l HomeRF 2.0 s dng quy tc nhy tn bng rng (wide band) mi c ph chun bi FCC. Hy nh li cc quy tc sau c p dng sau ngy 31/8/2000: + Tn s sng mang rng ln nht l 5 Mhz + t nht l 15 hop trong mt chui nhy (hop sequence) + Cng sut pht ti a l 125 mW. - Bi v HomeRF cho php tng tn s sng mang v rt linh hot trong vic ci t nn c ngi ngh rng nhy tn bng rng s ph bin. Tuy

nhin, iu ny khng xy ra. Mc d c thun li v mt tc (10 Mbps) nhng vn khng b c nhng bt li v gii hn cng sut pht 125 mW. iu ny gy ra gii hn vic nhy tn bng rng ch trong phm vi 150 feet. Nhng gii hn ny lm cho cc thit b nhy tn bng rng ch c s dng ch yu trong mi trng SOHO. - HomeRF s dng giao thc SWAP, l mt s kt hp gia CSMA v TDMA. SWAP l mt s lai ti gia 802.11 v chun DECT v c pht trin bi nhm lm vic HomeRF. Cc thit b HomeRF l cc thit b duy nht trn th trng hin ti vn cn s dng cc quy tc nhy tn bng rng. Cc thit b HomeRF c xem l bo mt hn 802.11 trong vic s dng WEP bi v HomeRF s dng 32 bit IV thay v ch 24 bit nh trong 802.11. Hn na, HomeRF ch nh cc IV c chn nh th no trong qu trnh m ha. 802.11 khng c qu trnh ny nn n rt d b tn cng. 2. Bluetooth - Bluetooth l mt cng ngh nhy tn khc hot ng trong bng tn 2.4 Ghz ISM. T l nhy ca cc thit b Bluetooth khong 1600 hop trong mt giy (c dwell time khong 625 uS) v th chng c chi ph nhiu hn ng k so vi h thng nhy tn trong 802.11. T l nhy cao cng gip cho cng ngh khng c tt hn vi nhiu bng hp. Cc h thng Bluetooth khng c thit k c throughput cao nhng li rt n gin trong s dng, c cng sut thp v khong cch ngn (WPAN). Chun IEEE 802.15 bao gm cc c t cho Bluetooth. - Mt im bt li ln nht trong vic s dng cng ngh Bluetooth l chng dng nh ph hy hon ton cc mng 2.4 Ghz khc. Tc nhy cao ca Bluetooth trong ton b bng tn 2.4 s dng c lm cho tn hiu Bluetooth xut hin trong cc h thng khc nh l nhiu all-band (all-band interference). Bluetooth cng nh hng n cc h thng FHSS khc. Nhiu all-band c ngha l lm hng tn hiu trong ton b dy tn s c th s dng c. Nhng l thay, nhiu ngc (counter-interference) (nhiu ca mng WLAN gy ra cho Bluetooth) khng nh hng n cc thit b bluetooth mt cch nghim trng nh l nhiu ca Bluetooth gy ra cho cc thit b WLAN. - Cc thit b Bluetooth hot ng trong 3 lp cng sut: 1 mW, 2.5 mW v 100 mW. Hin ti th rt t thit b bluetooth s dng lp 3 (100 mW). Cc thit b bluetooth lp 2 (2.5 mW) c phm vi hot ng ti a l 10 mt (33 feet). Nu bn mun m rng vng hot ng th bn nn s dng anten nh hng. 3. Infrared Data Association (IrDA) IrDA khng phi l mt chun nh Bluetooth, HomeRF hay 802.11 m l mt t chc. c thnh lp vo thng 6 nm 1993, IrDA l mt t chc c nhim v to ra cc chun c th tng tc vi nhau, chi ph thp, cng sut thp, half-duplex, serial data interconnection h tr cho cc ngi dng di ng trong m hnh point-to-point v c th gn vo cc phn cng my tnh khc nhau. Truyn thng c s dng ch yu trong cc my tnh ton (calculator), my in, cc lin kt building-to-building v cc my tnh cm tay.

Infrared (IR): - Infrared l mt cng ngh truyn truyn thng da trn nh sng ch khng phi l mt cng ngh tri ph. Cc thit b IR c th t c tc ti a l 4 Mbps khong cch gn nhng v n l mt cng ngh da vo nh sng nn cc ngun nh sng IR khc c th gy nhiu n vic truyn thng IR. Tc thng thy ca mt thit b IR l khong 115 Kbps l cho vic trao i d liu gia cc thit b cm tay. Mt li th quan trng ca mng IR l n khng gy nhiu vi mng tri ph RF nn chng c th c s dng cng vi nhau. Security: - Tnh bo mt ca bn thn cc thit b IR l rt tuyt vi do 2 nguyn nhn chnh. Th nht, IR khng th truyn xuyn tng mc cng sut thp nh th (2 mW). Th 2, mt hacker hay mt k nghe ln phi can thip trc tip vo cc beam c th truy cp vo cc thng tin c truyn. Vi PDA v Laptop, IR c s dng cho cc kt ni point-to-point mt khong cch rt ngn v th, tnh bo mt l khng cn thit trong trng hp ny. Stability (tnh n nh): IR khng th truyn xuyn tng m n s phn x li khi tng v trn nh. Infrared khng b ph hy bi tn hiu in t, iu ny lm tng tnh n nh ca h thng IR. Cc thit b IR qung b (broadcast) c th c treo trn trn nh. Thit b IR qung b (tng t nh anten RF) s truyn sng mang IR v cc thng tin theo tt c mi hng. V l do tiu th in nng nn Broadcast IR thng c s dng trong nh. Truyn thng IR point-to-point c th c s dng outdoor v c phm vi hot ng ti a ln n 1 Km (khong 3280 feet) nhng khong cch ny c th b lm ngn li bi nh sng mt tri. nh sng mt tri xp x 60% nh sng infrared v c th lm suy yu tn hiu broadcast IR mt cch nghim trng. 4. Wireless LAN Interoperability Forum (WLIF) - Chun OpenAir l chun c to ra bi WLIF (hin ti th din n ny khng cn hot ng na) nh l mt h thng WLAN thay th cho 802.11. OpenAir c 2 tc hot ng l 800 Kbps v 1.6 Mbps. Cc h thng OpenAir v 802.11 khng tng thch vi nhau v khng th tng tc c vi nhau. Hin nay th chun ny rt t c s dng. OpenAir tp trung ch yu vo cc thit b FHSS v ch hot ng 2 tc .

Bi 47:

CC BNG C S DNG TRONG CHUYN MCH

- Cc Catalyst switch cha mt vi kiu bng s dng cho qu trnh chuyn mch. Cc bng ny c thay i i vi chuyn mch lp 2 hoc a lp, v c gi trong mt b nh nhanh nhiu trng bn trong mt frane hoc gi c so snh song song. 1. B nh ni dung i ch CAM (Content Addressable Memory): - Tt c Catalyst switch u s dng mt bng CAM cho chuyn mch lp 2. V frame n cc port ca switch, nn a ch MAC ngun c hc v ghi li trong bng CAM. C port n v VLAN u c ghi li, cng vi mt nh du thi gian (timestamp). Nu mt a ch MAC hc trn mt port chuyn sang port khc, th a ch MAC v timestamp c ghi li cho hu ht cc port n trc . Sau , cc mc trc s c xon. Nu tm thy mt a ch MAC c tn ti trong bng cho port n chnh xc, th timestamp s c cp nht. - Cc switch thng c bng CAM ln truy tm nhiu a ch cho vic chuyn tip frame. Tuy nhin, khng gian bng khng gi mi a ch c th trn mt mng ln. qun l khng gian bng CAM, cc mc c (a ch khng c dng trong khong thi gian no ) s b xa. Khong thi gian mc nh l 300s. Ta cng c th cu hnh switch thay i gi tr mc nh ny. - iu g s xy ra khi a ch MAC ca host c hc trn mt port ca switch, v sau chuyn sang port khc. Thng thng mc bng CAM gc ca host c thi hn l 300s, trong khi a ch ca n c hc trn mt port mi. trnh vic trng lp cc mc trong bng CAM, th switch s lm sch mc tn ti i vi a ch MAC c hc trn port khc. y l iu chp nhn c v a ch MAC l duy nht v mt host khng bao gi c thy trn nhiu hn mt port tr khi mng c vn . Nu switch ch rng, a ch MAC ang c hc trn cc port qua li, n s pht ra mt thng ip bo li a ch MAC "flapping" gia hai interface. 2. B nh ni dung i ch bc ba TCAM (Ternary Content Addressable Memory): - Trong cch nh tuyn truyn thng, cc ACL c th so khp, lc, hoc iu khin lu lng c bit. Danh sch truy cp c cu thnh t mt hoc nhiu mc truy cp (ACE - Access Control Entry), hoc so khp cu lnh c c lng (Evaluating) trong lnh theo sau. Vic c lng (Evaluating) mt danh sch truy cp c th b sung thi gian vo cc gi chuyn tip. - Tuy nhin trong chuyn mch a lp, tt c qu trnh so khp m cc ACL cung cp c thc hin phn cng. TCAM cho php mt gi c c lng da vo ton b danh sch truy cp trong bng tra cu. Hu ht switch c nhiu bng TCAM bo mt c trong v ngoi, v cc QoS ACL c c lng ng thi, hoc hon ton trong quyt nh song song chuyn tip lp 2 hoc lp 3.

- Phn mm IOS ca Catalyst c hai thnh phn thc thi hot ng ca TCAM: Qun l tnh nng FM ( Feature Manager): sau khi mt danh sch truy cp c to hoc cu hnh, phn mm qun l tnh nng s bin dch, v cc ACE s c hp nht vo trong ton b bng TCAM. Sau TCAM c tra cu vi tc chuyn tip frame. Qun l c s d liu chuyn mch SDM ( Switching Database Manager): ta c th chia TCAM trn cc Catalyst switch thnh cc vng c chc nng khc nhau. Phn mm SDM cu hnh hoc cc phn chia TCAM ny nu cn. Cu trc bng TCAM: - TCAM l mt bng m rng ca bng CAM, nn n cng thc hin truy tm da trn thut ton so trng gm c hai gi tr vo l bit 0 v 1, cho kt qu nhanh nhng hot ng ca tru tng hn. V d gi tr nh phn (0 v 1) l t kha trong bng, nhng gi tr mt n cng c s dng quyt nh bit no c lin quan thc s. Nh vy t kha ca bng TCAM c ba gi tr l 0,1 v X. - Ton b TCAM c so snh kt hp c ba gi tr, mt n v kt qu (Value, Mask, v Result). Cc trng c c t header ca frame hoc packet v s c da vo TCAM. Vic nh x c thc hin nh sau: Value: l mt chui 134 bit, gm c a ch ngun v ch, v cc thng tin giao thc lin quan, tt c u c so trng. Thng tin mc ni n Value lin quan n kiu danh sch truy cp c biu din trong bng 1. Value trong bng TCAM ly trc tip t a ch, port v thng tin giao thc trong ACE. Mask: cng l mt chui 134 bit trong cng frame. Mark ch chn cc bit Value, v bit mask s c thit lp so trng bit Value chnh xc. Mask s dng bng TCAM xut pht t a ch hoc bit mask trong cc ACE. Result: l gi tr bng s cho bit hnh ng sau khi so trng xy ra bng TCAM. V d Result c th l mt quyt nh cho php hoc khng, hoc gi tr QoS, hoc con tr n bng nh tuyn kt tip

Bi 48: Recovery Password Switch ! Vic crack password switch cc k n gin trong cc dng switch sau: 2900XL, 3500XL, 2940, 2950, 2960, 2970, 3550, 3560, and 3750 series switches

Nhn v gi nt "mode" , bn tri ca switch, cho n khi thy switch hin cc cu thng bo "... password recovery mechanism is enable.." V i switch khi ng li, Lc ny ta c cu hnh rng. Ta vo c mode privileged . copy file cu hnh c ln li, mc ch sa, xo password, ta dng lnh : Quote: Switch#copy flash:config.text.rename running-config CCNA# Sau khi sa password qun, ta lu cu hnh li bnh thng . Tuy nhin, vi dng Switch 2955 series, chng ta khng th s dng nt "mode" recovery password. M ta tin hnh cc bc sau : G cp ngun switch, v gn li, cng tng t router, ta nhn CTRL + Break nht tin trnh boot. ( Lu : tu vo h iu hnh m ta c t hp phm ngt khc nhau ) Quote: C2955 Boot Loader (C2955-HBOOT-M) Version 12.1(0.0.514), CISCO

DEVELOPMENT TEST VERSION Compiled Fri 13-Dec-02 17:38 by madison WS-C2955T-12 starting... Base ethernet MAC Address: 00:0b:be:b6:ee:00 Xmodem file system is available. Initializing Flash... flashfs[0]: 19 files, 2 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 7741440 flashfs[0]: Bytes used: 4510720 flashfs[0]: Bytes available: 3230720 flashfs[0]: flashfs fsck took 7 seconds. ...done initializing flash. Ch i thy mn hnh hin ra : Quote: The system has been interrupted prior to initializing the flash file system to finish loading the operating system software: flash_init load_helper boot Nhn CTRL + Break Quote: switch: G command : Quote: switch: flash_init Initializing Flash... flashfs[0]: 143 files, 4 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 3612672 flashfs[0]: Bytes used: 2729472 flashfs[0]: Bytes available: 883200 flashfs[0]: flashfs fsck took 86 seconds ....done Initializing Flash. Boot Sector Filesystem (bs installed, fsid: 3 Parameter Block Filesystem (pb installed, fsid: 4 G command

Quote: switch: load_helper switch: Tip tc ta g dir flash xem IOS trn switch (Lu , c du : sau ch flash) Quote: switch: dir flash: Directory of flash:/ -rwx 1803357 <date> c3500xl-c3h2s-mz.120-5.WC7.bin -rwx 1131 <date> config.text ( file lu cu hnh )-rwx 109 <date> info -rwx 389 <date> env_vars drwx 640 <date> html -rwx 109 <date> info.ver 403968 bytes available (3208704 bytes used) switch: Ta sa file cu hnh lu password Quote: switch: rename flash:config.text flash:config.old Enter boot command Quote: switch: boot Loading "flash:c3500xl-c3h2s-mz.1205.WC7.bin"...############################### ################################################## ############################## ################################################## #################### File "flash:c3500xl-c3h2s-mz.120-5.WC7.bin" uncompressed and installed, entry po int: 0x3000 executing... Sau khi khi ng ln : Quote: --- System Configuration Dialog --At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Continue with configuration dialog? [yes/no]: n Press RETURN to get started. Switch>

Switch>en Switch# Sa file config li thnh file config.text nh lc u : Quote: Switch#rename flash:config.old flash:config.text Destination filename [config.text] Copy file password c ln xo, sa : Quote: Switch#copy flash:config.text system:running-config Swpass# Ta sa password xong, lu li , kt thc qu trnh recovery password : Quote: Sw1#write memory Building configuration... [OK]

---------------------------------------------------------Bi 49:

CC THIT B H TNG MNG KHNG DY

2.1. CC THIT B H TNG MNG KHNG DY (WLAN) 2.1.1. im truy cp: AP(access point) Cung cp cho cc my khch(client) mt im truy cp vo mng. AP l mt thit b song cng(Full duplex) c mc thng minh tng ng vi mt chuyn mch Ethernet phc tp(Switch).

Hnh 2-2: Kt ni gia Access Point v my tnh c h tr card mng khng dy 2.1.1. Cc ch hot ng ca AP: AP c th giao tip vi cc my khng dy, vi mng c dy truyn thng v vi cc AP khc. C 3 Mode hot ng chnh ca AP: Ch gc (Root mode): Root mode c s dng khi AP c kt ni vi mng backbone c dy thng qua giao din c dy (thng l Ethernet) ca n. Hu ht cc AP s h tr cc mode khc ngoi root mode, tuy nhin root mode l cu hnh mc nh. Khi mt AP c kt ni vi phn on c dy thng qua cng Ethernet ca n, n s c cu hnh hot ng trong root mode. Khi trong root mode, cc AP c kt ni vi cng mt h thng phn phi c dy c th ni chuyn c vi nhau thng qua phn on c dy. Cc client khng dy c th giao tip vi cc client khng dy khc nm trong nhng cell ( t bo, hay vng ph sng ca AP) khc nhau thng qua AP tng ng m chng kt ni vo, sau cc AP ny s giao tip vi nhau thng qua phn on c dy nh v d trong hnh 2-3.

Hnh 2-3: M hnh hnh Root Mode Ch cu ni(bridge Mode): Trong Bridge mode, AP hot ng hon ton ging vi mt cu ni khng dy. AP s tr thnh mt cu ni khng dy khi c cu hnh theo cch ny. Ch mt s t cc AP trn th trng c h tr chc nng Bridge, iu ny s lm cho thit b c gi cao hn ng k. Chng ta s gii thch mt cch ngn gn cu ni khng dy hot ng nh th no, t hnh 2-3 Client khng kt ni vi cu ni, nhng thay vo , cu ni c s dng kt ni 2 hoc nhiu on mng c dy li vi nhau bng kt ni khng dy.

Hnh 2-4: M hnh bridge mode

Ch lp(repeater mode): AP c kh nng cung cp mt ng kt ni khng dy upstream vo mng c dy thay v mt kt ni c dy bnh thng. Mt AP hot ng nh l mt root AP v AP cn li hot ng nh l mt Repeater khng dy. AP trong repeater mode kt ni vi cc client nh l mt AP v kt ni vi upstream AP nh l mt client.

Hnh 2-5: M hnh Repeater mode 2.1.1. Cc thit b my khch trong WLAN: L nhng thit b WLAN c cc my khch s dng kt ni vo WLAN. 2.1.1.a. Card PCI Wireless: L thnh phn ph bin nht trong WLAN. Dng kt ni cc my khch vo h thng mng khng dy. c cm vo khe PCI trn my tnh. Loi ny c s dng ph bin cho cc my tnh bn(desktop) kt ni vo mng khng dy.

Hnh 2-6: Card mng khng dy chun PCI

2.1.1.a. Card PCMCIA Wireless: Trc y c s dng trong cc my tnh xch tay(laptop) v ccthit b h tr c nhn s PDA(Personal Digital Associasion). Hin nay nh s pht trin ca cng ngh nn PCMCIA wireless t c s dng v my tnh xch tay v PDA,. u c tch hp sn Card Wireless bn trong thit b.

Hnh 2-7: Card mng khng dy chun PCMCIA 2.1.1.a. Card USB Wireless: Loi rt c u chung hin nay dnh cho cc thit b kt ni vo mng khng dy v tnh nng di ng v nh gn . C chc nng tng t nh Card PCI Wireless, nhng h tr chun cm l USB (Universal Serial Bus). C th tho lp nhanh chng (khng cn phi cm c nh nh Card PCI Wireless) v h tr cm khi my tnh ang hot ng.

Hnh 2-8: Card mng khng dy chun USB

Bi 50:

Mt s gii php bo mt trong mng khng dy

50.1. WLAN VPN: Mng ring o VPN bo v mng WLAN bng cch to ra mt knh che chn d liu khi cc truy cp tri php. VPN to ra mt tin cy cao thng qua vic s dng mt c ch bo mt nh IPSec (Internet Protocol Security). IPSec dng cc thut ton mnh nh Data Encryption Standard (DES) v Triple DES (3DES) m ha d liu, v dng cc thut ton khc xc thc gi d liu. IPSec cng s dng th xc nhn s xc nhn kha m (public key). Khi c s dng trn mng WLAN, cng kt ni ca VPN m nhn vic xc thc, ng gi v m ha.

Hnh 50.1: WLAN VPN 50.2. TKIP(Temporal Key Integrity Protocol): L gii php ca IEEE c pht trin nm 2004. L mt nng cp cho WEP nhm v nhng vn bo mt trong ci t m dng RC4 trong WEP. TKIP dng hm bm(hashing) IV chng li vic gi mo gi tin, n cng cung cp phng thc kim tra tnh ton vn ca thng ip MIC(message integrity check ) m bo tnh chnh xc ca gi tin. TKIP s dng kha ng bng cch t cho mi frame mt chui s ring chng li dng tn cng gi mo.

50.3. AES(Advanced Encryption Standard): L mt chc nng m ha c ph chun bi NIST(Nation Instutute of Standard and Technology). IEEE thit k mt ch cho AES p ng nhu cu ca mng WLAN. Ch ny c gi l CBC-CTR(Cipher Block Chaining Counter Mode) vi CBC-MAC(Cipher Block Chaining Message Authenticity Check). T hp ca chng c gi l AES-CCM . Ch CCM l s kt hp ca m ha CBC-CTR v thut ton xc thc thng ip CBCMAC. S kt hp ny cung cp c vic m ha cng nh kim tra tnh ton vn ca d liu gi. M ha CBC-CTR s dng mt bin m b sung cho chui kha. Bin m s tng ln 1 sao khi m ha cho mi khi(block). Tin trnh ny m bo ch c duy nht mt kha cho mi khi. Chui k t cha c m ha s c phn mnh ra thnh cc khi 16 byte. CBC-MAC hot ng bng cch s dng kt qu ca m ha CBC cng vi chiu di frame, a ch ngun, a ch ch v d liu. Kt qu s cho ra gi tr 128 bit v c ct thnh 64 bit s dng lc truyn thng. AES-CCM yu cu chi ph kh ln cho c qu trnh m ha v kim tra tnh ton vn ca d liu gi nn tiu tn rt nhiu nng lc x l ca CPU kh ln. 50.4. 802.1x v EAP: 802.1x l chun c t cho vic truy cp da trn cng(port-based) c nh ngha bi IEEE. Hot ng trn c mi trng c dy truyn thng v khng dy. Vic iu khin truy cp c thc hin bng cch: Khi mt ngi dng c gng kt ni vo h thng mng, kt ni ca ngi dng s c t trng thi b chn(blocking) v ch cho vic kim tra nh danh ngi dng hon tt.

Hnh 50.2: M hnh hot ng xc thc ca 802.1x

EAP l phng thc xc thc bao gm yu cu nh danh ngi dng(password, cetificate,), giao thc c s dng(MD5, TLS_Transport Layer Security, OTP_ One Time Password,) h tr t ng sinh kha v xc thc ln nhau. M hnh xc thc 802.1X-EAP cho Client din ra nh sau:

Hnh 50.3: Qu trnh trao i thng tin xc thc ca 802.1x 50.5. WPA (Wi-Fi Protected Access) WEP c xy dng bo v mt mng khng dy trnh b nghe trm. Nhng nhanh chng sau ngi ta pht hin ra nhiu l hng cng ngh ny. Do , cng ngh mi c tn gi WPA (Wi-Fi Protected Access) ra i, khc phc c nhiu nhc im ca WEP. Trong nhng ci tin quan trng nht ca WPA l s dng hm thay i kho TKIP (Temporal Key Integrity Protocol). WPA cng s dng thut ton RC4 nh WEP, nhng m ho y 128 bit. V mt c im khc l WPA thay i kho cho mi gi tin. Cc cng c thu thp cc gi tin ph kho m ho u khng th thc hin c vi WPA. Bi WPA thay i kho lin tc nn hacker khng bao gi thu thp d liu mu tm ra mt khu. Khng nhng th, WPA cn bao gm kim tra tnh ton vn ca thng tin (Message

Integrity Check). V vy, d liu khng th b thay i trong khi ang trn ng truyn. WPA c sn 2 la chn: WPA Personal v WPA Enterprise. C 2 la chn u s dng giao thc TKIP, v s khc bit ch l kho khi to m ho lc u. WPA Personal thch hp cho gia nh v mng vn phng nh, kho khi to s c s dng ti cc im truy cp v thit b my trm. Trong khi , WPA cho doanh nghip cn mt my ch xc thc v 802.1x cung cp cc kho khi to cho mi phin lm vic. C mt l hng trong WPA v li ny ch xy ra vi WPA Personal. Khi m s dng hm thay i kho TKIP c s dng to ra cc kho m ho b pht hin, nu hacker c th on c kho khi to hoc mt phn ca mt khu, h c th xc nh c ton b mt khu, do c th gii m c d liu. Tuy nhin, l hng ny cng s b loi b bng cch s dng nhng kho khi to khng d on (ng s dng nhng t nh "PASSWORD" lm mt khu). iu ny cng c ngha rng k thut TKIP ca WPA ch l gii php tm thi, cha cung cp mt phng thc bo mt cao nht. WPA ch thch hp vi nhng cng ty m khng truyn d liu "mt" hay cc thng tin nhy cm... WPA cng thch hp vi nhng hot ng hng ngy v mang tnh th nghim cng ngh. 50.6. WPA 2 Mt gii php v lu di l s dng 802.11i tng ng vi WPA2, c chng nhn bi Wi-Fi Alliance. Chun ny s dng thut ton m ho mnh m v c gi l Chun m ho nng cao AES (Advanced Encryption Standard). AES s dng thut ton m ho i xng theo khi Rijndael, s dng khi m ho 128 bit, v 192 bit hoc 256 bit. nh gi chun m ho ny, Vin nghin cu quc gia v Chun v Cng ngh ca M, NIST (National Institute of Standards and Technology), thng qua thut ton m i xng ny. V chun m ho ny c s dng cho cc c quan chnh ph M bo v cc thng tin nhy cm. Trong khi AES c xem nh l bo mt tt hn rt nhiu so vi WEP 128 bit hoc 168 bit DES (Digital Encryption Standard). m bo v mt hiu nng, qu trnh m ho cn c thc hin trong cc thit b phn cng nh tch hp vochip. Tuy nhin, rt t ngi s dng mng khng dy quan tm ti vn ny. Hn na, hu ht cc thit b cm tay Wi-Fi v my qut m vch u khng tng thch vi chun 802.11i. 50.7. Lc (Filtering) Lc l c ch bo mt c bn c th s dng cng vi WEP. Lc hot ng ging nh Access list trn router, cm nhng ci khng mong mun v cho php nhng ci mong mun. C 3 kiu lc c bn c th c s dng trong wireless lan: + Lc SSID + Lc a ch MAC + Lc giao thc

50.7.a. Lc SSID Lc SSID l mt phng thc c bn ca lc v ch nn c s dng cho vic iu khin truy cp c bn. SSID ca client phi khp vi SSID ca AP c th xc thc v kt ni vi tp dch v. SSID c qung b m khng c m ha trong cc Beacon nn rt d b pht hin bng cch s dng cc phn mm. Mt s sai lm m ngi s dng WLAN mc phi trong vic qun l SSID gm: S dng gi tr SSID mc nh to iu kin cho hacker d tm a ch MAC ca AP. S dng SSID c lin quan n cng ty. S dng SSID nh l phng thc bo mt ca cng ty. Qung b SSID mt cch khng cn thit. 50.7.b. Lc a ch MAC Hu ht cc AP u c chc nng lc a ch MAC. Ngi qun tr c th xy dng danh sch cc a ch MAC c cho php. Nu client c a ch MAC khng nm trong danh sch lc a ch MAC ca AP th AP s ngn chn khng cho php client kt ni vo mng. Nu cng ty c nhiu client th c th xy dng my ch RADIUS c chc nng lc a ch MAC thay v AP. Cu hnh lc a ch MAC l gii php bo mt c tnh m rng cao.

Hnh 50.4: Tin trnh xc thc MAC 50.7.c. Lc giao thc Mng Lan khng dy c th lc cc gi i qua mng da trn cc giao thc t lp 2 n lp 7. Trong nhiu trng hp ngi qun tr nn ci t lc giao thc trong mi trng dng chung, v d trong trng hp sau: C mt nhm cu ni khng dy c t trn mt Remote building trong mt mng WLAN ca mt trng i hc m kt ni li ti AP ca ta nh k thut trung tm. V tt c nhng ngi s dng trong remote building chia s bng thng 5Mbs gia nhng ta nh ny, nn mt s lng ng k cc iu khin trn cc s dng ny phi c thc hin. Nu cc kt ni ny c ci t vi mc ch c bit ca s truy nhp internet ca ngi s dng, th b lc giao thc s loi tr tt c cc giao thc, ngoi tr HTTP, SMTP, HTTPS, FTP

Hnh 50.5: Lc giao thc --------------------------------------------------Bi 51: CC KIU TN CNG TRONG MNG WLAN Mt s hnh thc tn cng xm nhp mng khng dy ph bin: 51.1. ROGUE ACCESS POINT 51.1.a. nh ngha Access Point gi mo c dng m t nhng Access Point c to ra mt cch v tnh hay c lm nh hng n h thng mng hin c. N c dng ch cc thit b hot ng khng dy tri php m khng quan tm n mc ch thc ca chng. 51.b. Phn loi a)Access Point c cu hnh khng hon chnh Mt Access Point c th bt ng tr thnh 1 thit b gi mo do sai st trong vic cu hnh. S thay i trong Service Set Identifier(SSID), thit lp xc thc, thit lp m ha, iu nghim trng nht l chng s khng th chng thc cc kt ni nu b cu hnh sai. V d: trong trng thi xc thc m (open mode authentication) cc ngi dng khng dy trng thi 1(cha xc thc v cha kt ni) c th gi cc yu cu xc thc n mt Access Point v c

xc thc thnh cng s chuyn sang trang thi 2 (c xc thc nhng cha kt ni). Nu 1 Access Point khng xc nhn s hp l ca mt my khch do li trong cu hnh, k tn cng c th gi mt s lng ln yu cu xc thc, lm trn bng yu cu kt ni ca cc my khch Access Point , lm cho Access Point t chi truy cp ca cc ngi dng khc bao gm c ngi dng c php truy cp. b)Access Point gi mo t cc mng WLAN ln cn Cc my khch theo chun 802.11 t ng chn Access Point c sng mnh nht m n pht hin c kt ni. v d: Windows XP t ng kt ni n kt ni tt nht c th xung quanh . V vy, nhng ngi dng c xc thc ca mt t chc c th kt ni n cc Access Point ca cc t chc khc ln cn. Mc d cc Access Point ln cn khng c thu ht kt ni t cc ngi dng, nhng kt ni v tnh l nhng d liu nhy cm. c)Access Point gi mo do k tn cng to ra Gi mo AP l kiu tn cng man in the middle c in. y l kiu tn cng m tin tc ng gia v trm lu lng truyn gia 2 nt. Kiu tn cng ny rt mnh v tin tc c th trm tt c lu lng i qua mng. Rt kh khn to mt cuc tn cng man in the middle trong mng c dy bi v kiu tn cng ny yu cu truy cp thc s n ng truyn. Trong mng khng dy th li rt d b tn cng kiu ny. Tin tc cn phi to ra mt AP thu ht nhiu s la chn hn AP chnh thng. AP gi ny c th c thit lp bng cch sao chp tt c cc cu hnh ca AP chnh thng l: SSID, a ch MAC v.v..Bc tip theo l lm cho nn nhn thc hin kt ni ti AP gi. - Cch th nht l i cho ngui dng t kt ni. - Cch th hai l gy ra mt cuc tn cng t chi dch v DoS trong AP chnh thng do vy ngui dng s phi kt ni li vi AP gi. Trong mng 802.11 s la chn AP c thc hin bi cng ca tn hiu nhn. iu duy nht tin tc phi thc hin l chc chn rng AP ca mnh c cng tn hiu mnh hn c. c c iu tin tc phi t AP ca mnh gn ngi b la hn l AP chnh thng hoc s dng k thut anten nh hng. Sau khi nn nhn kt ni ti AP gi, nn nhn vn hot ng nh bnh thng do vy nu nn nhn kt ni n mt AP chnh thng khc th d liu ca nn nhn u i qua AP gi. Tin tc s s dng cc tin ch ghi li mt khu ca nn nhn khi trao i vi Web Server. Nh vy tin tc s c c tt c nhng g anh ta mun ng nhp vo mng chnh thng. Kiu tn cng ny tn ti l do trong 802.11 khng yu cu chng thc 2 hng gia AP v nt. AP pht qung b ra ton mng. iu ny rt d b tin tc nghe trm v do vy tin tc c th ly c tt c cc thng tin m chng cn. Cc nt trong mng s dng WEP chng thc chng vi AP nhng WEP cng c nhng l hng c th khai thc. Mt tin tc c th nghe trm thng tin v s dng b phn tch m ho trm mt khu ca ngi dng d)Access Point gi mo c thit lp bi chnh nhn vin ca cng ty V s tin li ca mng khng dy mt s nhn vin ca cng ty t trang b Access Point v kt ni chng vo mng c dy ca cng ty. Do khng hiu r v nm vng v bo mt trong mng khng dy h v tnh to ra mt l hng ln v bo mt. Nhng ngi l vo cng ty v hacker bn ngoi c th kt ni

n Access Point khng c xc thc nh cp bng thng, nh cp thng tin nhy cm ca cng ty, s dng h thng mng ca cng ty tn cng ngi khc, 51.2. De-authentication Flood Attack (tn cng yu cu xc thc li )

Hnh 51.1: M t tn cng de-authentication flood -K tn cng xc nh mc tiu tn cng l cc ngi dng trong mng wireless v cc kt ni ca h(Access Point n cc kt ni ca n). -Chn cc frame yu cu xc thc li vo mng WLAN bng cch gi mo a ch MAC ngun v ch ln lt ca Access Point v cc ngi dng. -Ngi dng wireless khi nhn c frame yu cu xc thc li th ngh rng chng do Access Point gi n. -Sau khi ngt c mt ngi dng ra khi dch v khng dy, k tn cng tip tc thc hin tng t i vi cc ngi dng cn li. -Thng thng ngi dng s kt ni li phc hi dch v, nhng k tn cng nhanh chng tip tc gi cc gi yu cu xc thc li cho ngi dng. 51.3. Fake Access Point K tn cng s dng cng c c kh nng gi cc gi beacon vi a ch vt l(MAC) gi mo v SSID gi to ra v s Access Point gi lp.iu ny lm xo trn tt c cc phn mm iu khin card mng khng dy ca ngi dng.

Hnh 51.2: Tn cng Fake AP 51.4. Tn cng da trn s cm nhn sng mang lp vt l Tn s l mt nhc im bo mt trong mng khng dy. Mc nguy him thay i ph thuc vo giao din ca lp vt l. C mt vi tham s quyt nh s chu ng ca mng l: nng lng my pht, nhy ca my thu, tn s RF, bng thng v s nh hng ca anten. Trong 802.11 s dng thut ton a truy cp cm nhn sng mang (CSMA) trnh va chm. CSMA l mt thnh phn ca lp MAC. CSMA c s dng chc chn rng s khng c va chm d liu trn ng truyn. Kiu tn cng ny khng s dng tp m to ra li cho mng nhng n s li dng chnh chun . C nhiu cch khai thc giao thc cm nhn sng mang vt l. Cch n gin l lm cho cc nt trong mng u tin tng rng c mt nt ang truyn tin ti thi im hin ti. Cch d nht t c iu ny l to ra mt nt gi mo truyn tin mt cch lin tc. Mt cch khc l s dng b to tn hiu RF. Mt cch tn cng tinh vi hn l lm cho card mng chuyn vo ch kim tra m n truyn i lin tip mt mu kim tra. Tt c cc nt trong phm vi ca mt nt gi l rt nhy vi sng mang v trong khi c mt nt ang truyn th s khng c nt no c truyn.

51.5. Tn cng ngt kt ni (Disassociation flood attack)

Hnh 51.3: M t tn cng disassociation flood

- K tn cng xc nh mc tiu ( wireless clients ) v mi lin kt gia AP

vi cc clients - K tn cng gi disassociation frame bng cch gi mo Source v Destination MAC n AP v cc client tng ng - Client s nhn cc frame ny v ngh rng frame hy kt ni n t AP. ng thi k tn cng cng gi disassociation frame n AP. - Sau khi ngt kt ni ca mt client, k tn cng tip tc thc hin tng t vi cc client cn li lm cho cc client t ng ngt kt ni vi AP. - Khi cc clients b ngt kt ni s thc hin kt ni li vi AP ngay lp tc. K tn cng tip tc gi disassociation frame n AP v client.