TRNG I HC IN LC

KHOA IN T VIN THNG

BO CO THC TP TT NGHIP

TM HIU ROUTER CISCO 3825 V CU HNH

VPN TRN ROUTER 3825

Ging vin hng dn

: TS. L ANH NGC

Sinh vin thc hin

: Phan Th Thu

Lp

: D4-DTVT

Kho

: 2009-2014

H NI Nm 2013
GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

TRNG I HC IN LC
KHOA IN T VIN THNG

BO CO THC TP TT NGHIP
Chuyn ngnh: in t Vin thng

TM HIU ROUTER CISCO 3825 V CU HNH

VPN TRN ROUTER 3825

Ging vin hng dn

: TS. L ANH NGC

Sinh vin thc hin

: Phan Th Thu

Lp

: D4-DTVT

Kho

: 2009 - 2014

H NI Nm 2013

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

NHN XT
(Ca c quan thc tp)

Xc nhn ca n v thc tp

Ngi vit nhn xt

(K tn, ghi r h tn, ng du)

(K, ghi r h tn)

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

NHN XT
(Ca ging vin hng dn)

Ging vin hng dn

(K, ghi r h tn)

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

MC LC
DANH MC VIT TT ................................................................................. i
MC LC HNH NH .................................................................................. ii
MC LC BNG BIU ............................................................................... iii
LI NI U .................................................................................................1
Phn 1: GII THIU V N V THC TP .............................................2
1. Gii thiu chung .....................................................................................2
2. C cu t chc. .......................................................................................3
3. Cc dch v kinh doanh. .........................................................................3
Phn 2: NI DUNG TM HIU TRONG QU TRNH THC TP ...........5
1. Tm hiu v router cisco 3825. ................................................................5
1.1 Gii thiu chung v router 3825. .......................................................5
1.2 Mt s hnh nh minh ha router 3825...............................................6
1.3 Cc thng s k thut ca router 3825 .................................................7
2. Mng ring o VPN .................................................................................9
2.1 Khi nim: ..........................................................................................9
2.2. Cc m hnh ca VPN. .........................................................................9
2.2.1 Remote-Access. ...........................................................................9
2.2.2 Site-to-Site. .................................................................................10
2.3 Cc phng php bo mt. ................................................................10
2.4 Cc k thut v cc giao thc s dng trong VPN. .........................11
2.4.1. Cc k thut s dng trong VPN. .............................................11
2.4.2 Cc giao thc ca VPN Tunneling. ...........................................12
2.5. Li ch ca VPN. .............................................................................13
3. Cu hnh VPN. .......................................................................................14
3.1 M hnh mng. .................................................................................14
3.2 Yu cu. ...........................................................................................14
3.3

Cu hnh. ........................................................................................14

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

3.3.1 Cu hnh c bn trn router. .......................................................14

3.3.2. Cu hnh VPN . ..........................................................................15
DANH MC TI LIU THAM KHO .......................................................18
KT LUN ....................................................................................................19

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

DANH MC VIT TT

T vit tt

Nga ca t vit tt

LAN

Local Area Network

WAN

Wide Area Network

ISP

Internet Service Provider - Nh cung cp dch v

CCVN

Creation Communication Viet Nam

IXP

Internet Exchange Provider -Nh cung cp ng truyn kt ni

internet

IPLC

International private leased circuit - Thu knh ring quc t

FTTH

Fiber To The Home - Cp Quang n Tn Nh

VPN

Virtual Private Network - Mng ring o

SDM

Security Device Manager

IPS

Intrusion Prevention System - H Thng Ngn Chn Xm Nhp

URL

Uniform Resource Locator

HWIC

High-Speed WAN Interface Card

SFP

Single Fiber Pigtail - Si dy n ni quang

PVDM

Packet Voice Data Module

AIM

Advanced Integration Module

ISDN

Integrated Services Digital Network

SNMP

Simple Network Management Protocol

IEEE

Institute of Electrical and Electronics Engineers

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

ii

MC LC HNH NH
Hnh 1. Tng quan mt trc ca router cisco 3825 .......................................6
Hnh 2. Bng iu khin trc ca router cisco 3825 .....................................6
Hnh 3. Tng quan pha sau ca router cisco 3825 ..........................................7
Hnh 4. Bng iu khin pha sau ca router cisco 3825 .................................7
Hnh 5. M hnh mng cn kt ni 2 chi nhnh ca cng
ty...Error! Bookmark not defined...14
Hnh

6.

Kt

qu

ping

LAN

118.70.219.0/24

118.70.218.0/24..17

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

iii

MC LC BNG BIU

Bng 1. Bng ch thch hnh 2 .........................................................................6

Bng 2. Bng ch thch hnh 4 .........................................................................7
Bng 3. Thng s k thut ca router 3825 ......................................................7

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

LI NI U
Cisco System l hng chuyn sn xut cc thit b v a ra cc gii php
mng LAN&WAN ln nht th gii hin nay. Th phn ca hng chim 70% n
80% th trng thit b mng trn ton th gii. Cc thit b v gii php ca hng
p ng nhu cu ca mi loi hnh doanh nghip t cc doanh nghip va v nh
n cc doanh nghip c quy m ln v cc nh cung cp dch v Internet (ISP).
Router l mt thit b mng lp 3, c chc nng chnh l nh tuyn mng v
router cng l sn phm mi nhn ca Cisco. Nm 1986 cisco tung ta sn phm
router u tin, tip theo l hng lot cc router c tung ra gn y c b
sung thm nhiu tnh nng nh router 1800, 1900, 2600, 2800, 2900, 3700, 3800,
3900, 7200, 7600... Trong c dng router 3800 kh ph bin, c bit l trong
h thng mng Vit Nam hin nay, vi y cc tnh nng v h tr nhiu dch v
khc.
Trong k thc tp ti Cng Ty Sng To Truyn Thng Sng To Vit Nam,
em tm hiu thc tmt s thit b mng, trong c router cisco 3825. Ni dung
bo cogm 2 phn:
Phn 1: Gii thiu v n v thc tp
Phn 2: Ni dung tm hiu trong qu trnh thc tp
Tuy nhin do thi gian v kin thc cn hn ch nn bi co khng th trnh
khi thiu st. Rt mong c s ng gp kin ca thy c v cc bn.

Sinh vin thc hin

Phan Th Thu

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

Phn 1: GII THIU V N V THC TP

1.

Gii thiu chung

Cng ty C Phn Sng to Truyn thng Vit Nam (CCVN) ra i trn c

s l Trung Tm Internet Cng ty CP Truyn thng Quc t INCOM. Vi hn 10

nm kinh nghim cung cp cc dch v ng truyn tc cao, c bit cc ng
truyn Leaseline knh ring quc t v trong nc, cc dch v hosting,
Nm 2009, CCVN c thnh lp vi mc tiu tp trung v y mnh dch
v Internet, c bit l cc dch v truy cp Internet nhm chuyn nghip ha i
ng h tr khch hng, chuyn nghip ha v tp trung sn phm dch v. Hng
ti phc v nhng khch hng ang s dng ngy mt tt hn v mang nhng gi
tr tch ly c c pht trin v phc v nhng khch hng mi.CCVN vi
thng hiu Supernet vi mc tiu tp trung ha sn phm nhm em li cho khch
hng s tha mn cao nht v cht lng dch v cng ty cung cp.
Thng hiu Supernet c ng k bo h s 162462 do Cc S hu Tr
tu - B Khoa hc v Cng ngh cp theo Quyt nh s 7658/Q-SHTT.
a ch cng ty:
-

Tr s ti H Ni: Tng 3, Ta Nh Technosoft, ph Duy Tn, Phng Dch

Vng, Qun Cu Giy, H Ni, Vit Nam.

Tr S ti Thnh ph H Ch Minh: Lu 1, Si Gn Trade Center, 37 Tn

c Thng, Qun 1, Tp H Ch Minh, Vit Nam.

S in thoi Hotline: 01.699.633.688

Giy php cung cp dch v vin thng:

Ngy 23/1/2009 Cng ty c B Thng tin v Truyn thng cp gip php

Cung cp dch v Vin thng (cn gi l Giy php ISP) .

-

Ngy 06/5/2010 Cng ty c B Thng tin v Truyn thng cp Giy php

Cung cp dch v Vin thng mi (cn gi l Giy php IXP) v tr thnh mt 10

nh cung cp dch v c cp php giy php Loi hnh IXP u tin ti Vit nam,
Ni dung bao gm:

Dch v Kt ni Internet

Dch v Truy cp Internet

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

Dch v ng dng Internet trong Vin thng bao gm: Dch v th

in t, Dch v in thoi Internet loi hnh PC-to-PC quc t, PC-to-Phone chiu

i Quc t.
2. C cu t chc.
C cu t chc ca cng ty:
- Phng gim c: 1 gim c.
- Phng k ton : 2 nhn vin.
- Phng kinh doanh: 4 nhn vin.
- Phng k thut: 3 nhn vin.
Gim c

Phng k ton

Phng kinh

+ nhn s

doanh

Phng k thut

3. Cc dch v kinh doanh.

-

Dch v knh thu ring Internet Leased-line Quc t v Trong nc: Cung

cp ng truyn kt ni tc cao (Internet Leaseline) ti cc B, ban ngnh,

khi chnh ph v vn phng, cc to nh, khch sn ln, cc i S Qun v t
chc nc ngoi.
-

Dch v cung cp ng truyn trc tip IPLC Quc t, dch v WAN Metro

Ni ht v Lin tnh: Cung cp ng truyn kt ni WAN IPLC i Quc t cho cc

Vn phng i din nc ngoi ti Vit Nam. Cc dch v Metro WAN cho cc c
quan t chc trong nc.
-

Dch v Server Hosting, cho thu Datacenter: Cung cp dch v cho php

khch hng t mang my ch a ln mng Internet, m bo tc v bng thng

ln nht, kh nng bo mt cao nht.

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

Dch v Mail, Web Hosting: Cung cp dch v thu hp th theo domain ca

cc c quan, c nhn, t chc vi bo mt v an ton thng tin cao nht, giao

din thn thin v hon ton l ting Vit
-

Dch v Voice VNN: Cung cp dch v gi in thoi quc t gi r trn nn

cng ngh IP
-

Dch v FTTH: Dch v Internet Cp quang cho cc Doanh nghip

Dch v Cloud Computing: Dch v in ton m my

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

Phn 2: NI DUNG TM HIU TRONG QU TRNH THC TP

1. Tm hiu v router cisco 3825.
1.1 Gii thiu chung v router 3825.
Router Cisco 3825 l mt trong nhng router c tch hp nhiu dch v
bao gm: thoi, video v d liu. Tc dng ca cc router ny l to ra mt h tng
kt ni cc thit b mng cho php truy cp nhanh, n nh v an ton vo nhng
ng dng kinh doanh cp thit vi bo mt ti u. y l ln u tin Cisco p
dng tch hp thoi v bo mt mng vo mt b nh tuyn gip thm tnh nng ,
tit kim chi ph v c bit l khng nh hng n tc mng. Router Cisco
3825 cung cp cc h tr sau :
-

Hiu sut Wire-speed cho cc dch v ng thi nh bo mt, thoi, v cc

dch v m rng tc T3/E3.

-

Tng s bo v thng qua vic tng hiu sut v kt ni mo un.

Tng mt thng qua khe cm giao din WAN tc cao (bn)

Tng khe cm mng

Hai cng tch hp GE vi s h tr kt ni bng cp ng hoc quang

La chn chuyn mch Layer 2 h tr Power over Ethernet (PoE) (la

chn),h tr m un 36 cng Cisco EtherSwitch ( NMD-36ESW)

-

Bo mt

M ha On-board

H tr ln n 2500 ng hm(tunnel) VPN vi m un AIM-

EPII-PLUS

H tr phng chng virus thng qua Network Admission Control

(NAC)

Chng xm nhp (Intrusion Prevention) nh kim sot trng thi ca

Cisco IOS Firewall h tr, v nhiu c tnh bo mt khc

-

Thoi:

H tr cuc gi s hoc analog.

La chn h tr voice mail.

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

La chn h tr Cisco CallManager Express (Cisco CME) cho vic

x l cuc gi cc b cho doanh nghip ln n 240 IP thoi

La chn h tr Survivable Remote Site Telephony, ln n 720 IP

thoi.

1.2 Mt s hnh nh minh ha router 3825

Hnh 1. Tng quan mt trc ca router cisco 3825

Hnh 2. Bng iu khin trc ca router cisco 3825

Bng 1. Bng ch thch hnh 2
1

Cng kt ni h thng ngun d phng

Ch th LED

Khe cp th nh Flash

Cng tc ngun

Cng USB

Kt ni ngun (AC)

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

Hnh 3. Tng quan pha sau ca router cisco 3825

Hnh 4. Bng iu khin pha sau ca router cisco 3825

Bng 2. Bng ch thch hnh 4
1

Khe cm module mng (2)

Khe cm HWIC (2)

Cc l c vt

Khe cm HWIC (0)

Khe cm module mng (1)

Cng console v cng AUX

Khe cm HWIC (3)

2 cng Gigaethernet

Khe cm HWIC (1)

10

khe cp SFP

1.3 Cc thng s k thut ca router 3825

Chi tit v router 3825 c miu t bi bng sau:
Bng 3. Thng s k thut ca router 3825
Thng s

K thut

Kch thc(HWD)

(8.943.337.3) cm

Khi lng

10.5kg

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

Ngun AC vo:
in p

100-240 VAC

Tn s

47- 63 Hz

Cng sut tiu th

300 W

Console or AUX port

RJ-45 connector

Nhit vn hnh

0-45

Nonoperating temperature

-40- 85

m vn hnh

5 95 % khng ngng t

cao vn hnh

Ln n 2,000m

Mc n

Ln nht 53dBA

Chng ch an ton

UL 60950; CAN/CSA C22.2 No. 60950-00;

EN 60950; AS/NZS 3260

Cc cng kt ni

2 cng Gigaethernet
2 cng USB
1 cng SFP
1 cng console

Tiu chun mng

IEEE 802.3, IEEE 802.3u

Giao thc:
Giao thc chuyn mch

ISDN

Giao thc lin kt d liu

Ethernet,

Cc giao thc qun l

EthernetHTTP, SNMP 3

Giao thc mng li c h tr

IPSec

H tr mng ring o (VPN)

DES, 3DES

H tr Power Over Ethernet(POE)

Giao din

Ethernet RJ45

Cng ngh kt ni

C dy

Fast

Ethernet,

Gigabit

4xPVDMslots ( Packet Voice Data Module)

Cc module m rng h tr

4 x HWIC slots (High-Speed WAN Interface

Card)
2 x AIM slots (Advanced Integration Module)

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

2 x Network module slot

2. Mng ring o VPN

2.1 Khi nim:
VPN l mt mng ring s dng h thng mng cng cng (thng l
Internet) kt ni cc a im hoc ngi s dng t xa vi mt mng LAN tr
s trung tm. Thay v dng kt ni tht kh phc tp nh ng dy thu bao s,
VPN to ra cc lin kt o c truyn qua Internet gia mng ring ca mt t
chc vi a im hoc ngi s dng xa.
Mt s c im ca VPN:
- Bo mt (security)
- Tin cy (reliability)
- Kh nng m rng (scalability)
- Kh nng qun tr h thng mng (network management)
- Kh nng qun tr chnh sch (policy management)
2.2. Cc m hnh ca VPN.
2.2.1 Remote-Access.
Hay cng c gi l Virtual Private Dial-up Network (VPDN), y l
dng kt ni User-to-Lan p dng cho cc cng ty m cc nhn vin c nhu cu kt
ni ti mng ring (private network) t cc a im t xa. in hnh, mi cng ty
c th hy vng rng ci t mt mng kiu Remote-Access din rng theo cc ti
nguyn t mt nh cung cp dch v ESP (Enterprise Service Provider). ESP ci t
mt mt cng ngh Network Access Server (NAS) v cung cp cho cc user xa
vi phn mm client trn mi my ca h. Cc nhn vin t xa ny sau c th
quay mt s t 1-800 kt ni c theo chun NAS v s dng cc phn mm
VPN client truy cp mng cng ty ca h. Cc cng ty khi s dng loi kt ni
ny l nhng hng lnvi hng trm nhn vin thng mi. Remote-access VPNs
m bo cc kt ni c bo mt, m ho gia mng ring r ca cng ty vi cc
nhn vin t xa qua mt nh cung cp dch v th ba (third-party).

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

10

2.2.2 Site-to-Site.
Bng vic s dng mt thit b chuyn dng v c ch bo mt din rng,
mi cng ty c th to kt ni vi rt nhiu cc site qua mt mng cng cng nh
Internet.
Cc mng Site-to-site VPN c th thuc mt trong hai dng sau:
-

Intranet-based: p dng trong trung hp cng ty c mt hoc nhiu

a im xa, mi a im u c 1 mng cc b LAN. Khi h c th xy

dng mt mng ring o VPN kt ni cc mng cc b trong 1 mng ring
thng nht.
-

Extranet-based: Khi mt cng ty c mt mi quan h mt thit vi

mt cng ty khc (v d nh, mt ng nghip, nh h tr hay khch hng), h c

th xy dng mt mng extranet VPN kt ni kiu mng Lan vi mng Lan v
cho php cc cng ty c th lm vic trong mt mi trng c chia s ti
nguyn.
2.3 Cc phng php bo mt.
Mt VPN c thit k tt thng s dng vi phng php duy tr kt
ni v gi an ton khi truyn d liu:
-

Bc tng la - mt tng la (firewall) cung cp bin php ngn

chn hiu qu gia mng ring ca ngi dng vi Internet. Ngi dng c th s
dng tng la ngn chn cc cng c m, loi gi tin c php truyn qua v
giao thc s dng.
-

M ho - y l qu trnh mt m d liu khi truyn i khi my tnh

theo mt quy tc nht nh v my tnh u xa c th gii m c. Hu ht cc h

thng m ho my tnh thuc v 1 trong 2 loi sau:

M ho s dng kho ring (Symmetric-key encryption)

M ho s dng kho cng khai (Public-key encryption)

Trong h symmetric-key encryption, mi my tnh c mt m b mt s dng

m ho cc gi tin trc khi truyn i. Kho ring ny cn c ci trn mi
my tnh c trao i thng tin s dng m ho ring v my tnh phi bit c
trnh t gii m c quy c trrc. M b mt th s dng gii m gi tin.

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

11

My tnh gi m ho d liu cn gi bng kho b mt (symetric key),

sau m ho chnh kha b mt (symetric key) bng kho cng khai ca ngi
nhn (public key). My tnh nhn s dng kho ring ca n (private key) tng
ng vi kho public key gii m kho b mt (symetric key), sau s dng
kho b mt ny gii m d liu.

H Public-key encryption s dng mt t hp kho ring v kho

cng cng thc hin m ho, gii m. Kho ring ch s dng ti my tnh ,
cn kho cng cng c truyn i n cc my tnh khc m n mun trao i
thng tin bo mt. gii m d liu m ho, my tnh kia phi s dng kho cng
cng nhn c, v kho ring ca chnh n. Mt phn mm m ha cng khai
thng dng l Pretty Good Privacy (PGP) cho php m ho c hu ht mi th.
Ngi s dng c th xem thm thng tin ti trang ch PGP.
2.4 Cc k thut v cc giao thc s dng trong VPN.
2.4.1. Cc k thut s dng trong VPN.
K thut VPN da vo tng ng hm (tunneling). K thut VPN
tunneling cp n vic thit lp, duy tr kt ni mng logic (c th c cc chng
trung gian). Vi kt ni ny cc gi c xy dng da vo nh dng ca cc giao
thc VPN v c ng gi vo cc giao thc khc (chng hn nh gi TCP/IP)
sau uc truyn i n client hay server v c khi phc t u thu. C rt
nhiu giao thc VPN ng gi vo gi IP. Cc giao thc ca VPN cng h tr
vic nhn dng v m ha bo mt ng hm.
Cc dng ng hm ca VPN: VPN h tr hai dng ng hm l t
nguyn v bt buc:
-

i vi ng hm t nguyn: VPN client qun l vic thit lp kt

ni. Trc tin client thc hin vic kt ni n ISP, sau VPN ng dng to ra
ng hm n VPN server qua ng hm kt ni trc tip ny.
-

i vi ng hm bt buc nh cung cp mng (ISP) qun l vic

thit lp kt ni VPN. Trc tin VPN client kt ni n ISP v ISP thc hin kt
ni gia client v VPN server. Nu ng VPN client th vic kt ni ch thc hin
1 bc (so vi 2 bc nu s dng tunneling t nguyn). VPN tunneling bt buc

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

12

s nhn dng client v kt hp chng vi VPN server ch nh bng cc kt ni

logic c xy dng sn trong cc thit b kt ni gi l VPN FEP (Front End
Processor), hay NAS, POS.
2.4.2 Cc giao thc ca VPN Tunneling.
Cc giao thc to nn c ch ng ng bo mt cho VPN l:
1)

L2TP.
-

L2TP c s dng to kt ni c lp, a giao thc cho mng

ring o quay s (Virtual Private Dail-up Network). L2TP cho php ngi dng c
th kt ni thng qua cc chnh sch bo mt ca cng ty (security policies) to
VPN hay VPDN nh l s m rng ca mng ni b cng ty.
-

L2TP khng cung cp m ha.

L2TP l s kt hp ca PPP(giao thc Point-to-Point) vi giao thc

L2F(Layer 2 Forwarding) ca Cisco do rt hiu qu trong kt ni mng dial,

ADSL, v cc mng truy cp t xa khc. Giao thc m rng ny s dng PPP
cho php truy cp VPN bi nhng ngi s dng t xa.
2)

GRE.

y l a giao thc truyn thng ng gi IP, CLNP v tt c c gi d liu

bn trong ng ng IP (IP tunnel).

-

Vi GRE Tunnel, Cisco router s ng gi cho mi v tr mt giao thc c

trng ch nh trong gi IP header, to mt ng kt ni o (virtual point-to-point)

ti Cisco router cn n. V khi gi d liu n ch IP header s c m ra.
-

Bng vic kt ni nhiu mng con vi cc giao thc khc nhau trong mi

trng c mt giao thc chnh. GRE tunneling cho php cc giao thc khc c th
thun li trong vic nh tuyn cho gi IP.
3)

IPSec.

IPSec l s la chn cho vic bo mt trn VPN. IPSec l mt khung bao

gm bo mt d liu (data confidentiality), tnh tan vn ca d liu (integrity) v

vic chng thc d liu.

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

13

IPSec cung cp dch v bo mt s dng KDE cho php tha thun cc giao

thc v thut tan trn nn chnh sch cc b (group policy) v sinh ra cc kha bo
m ha v chng thc c s dng trong IPSec.
4)

Point to Point Tunneling Protocol (PPTP).

PPTP (Point-to-Point Tunneling Protocol) l nghi thc bin th ca Point to

Point Protocol dng truyn qua mng dial up. PPTP thch hp cho ng dng truy
cp t xa ca VPN nhng cng h tr trong LAN Internetworking. PPTP hot ng
lp 2 ca m hnh OSI.
S dng PPTP: PPTP ng gi d liu trong gi PPP v sau tch hp
trong gi IP v truyn qua ng hm VPN. PPTP h tr vic m ha d liu v
nn cc gi d liu ny. PPTP cng s dng dng GRE (Generic Routing
Encapsulation) ly d liu v a n ch cui cng.
Trong PPTP th VPN tunnel c to ra qua 2 qu trnh:

PPTP client kt ni n ISP qua ng dial up hoc ISDN.

Qua thit b kt ni PPTP to ra kt ni iu khin TCP gia VPN

client v VPN server thit lp tunnel. PPTP s dng TCP port 1723 cho cc kt
ni. ny.
PPTP bo mt: PPTP cng h tr nhn dng, m ha v lc gi d liu. Nhn
dng ca PPTP cng s dng EAP (Extensible Authentication Protocol), CHAP
(Challenge Hanhdshake Authentication), PAP (Password Authentication Protocol).
PPTP cng h tr lc gi d liu trn VPN server.
2.5. Li ch ca VPN.
Mt s li ch ca VPN mng li nh :
-

M rng kt ni ra ngoi.

Cung cp dch v mt cch nhanh chng (Dch v ni b).

Tng cng an ninh mng.

H tr truy cp, lm vic t xa v tng kh nng tng tc.

n gin ho m hnh kin trc mng.

Qun tr h thng mng t xa hiu qu.

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

14

Qun l d dng: c th qun l s lng ngi s dng (kh nng

thm, xo knh kt ni lin tc, nhanh chng).

3. Cu hnh VPN.
3.1 M hnh mng.

Hnh 3.1 : M hnh mng kt ni 2 chi nhnh ca cng ty.

3.2 Yu cu.
Cu hnh VPN cho php 2 LAN router core01_TSB_3825 v router TSB
lin lc c vi nhau.
3.3 Cu hnh.
3.3.1 Cu hnh c bn trn router.
-

Router ISP: ch cu hnh hostname v IP ca cc interface nh m hnh

Router core01_TSB_3825 : cu hnh hostname v ip theo m hnh, sau

trn.
cu hnh default route:
Core01_TSB_3825(config)#0.0.0.0 0.0.0.0 100.3.252.1
GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

15

Router TSB: cu hnh hostname v ip theo m hnh, sau cu hnh

default route:
TSB(config)# 0.0.0.0 0.0.0.0 100.3.254.1
3.3.2. Cu hnh VPN .
Cu hnh VPN theo cc bc sau :

Trn router core01_TSB_3825 .

Bc 1: To Internet Key Exchange (IKE) key policy.
Core01_TSB_3825(config)#crypto isakmp policy 9
Core01_TSB_3825(config-isakmp)#hash md5
Core01_TSB_3825(config-isakmp)#authentication pre-share
Bc 2: To shared key s dng cho kt ni VPN.
Core01_TSB_3825(config)#crypto isakmp key CCVN address 100.3.254.2
Bc 3:Quy nh lifetime
Core01_TSB_3825(config)#crypto

ipsec

security-association

lifetime

seconds 86400
Bc 4:Cu hnh ACL dy IP c th VPN.
Core01_TSB_3825(config)#access-list 111 permit ip 118.70.218.0 0.0.0.255
118.70.219.0 0.0.0.255
Bc 5: Chn m ha bo mt l: ESP-3DES
Core01_TSB_3825(config)#crypto ipsec transform-set LZT-VN esp-3des espmd5-hmac
Bc 6: To cypto-map cho cc transform, setname
Core01_TSB_3825(config)#crypto map TSB 10 ipsec-isakmp
Core01_TSB_3825(config-crypto-map)#set peer 100.3.254.2
Core01_TSB_3825(config-crypto-map)#set transform-set LZT-VN
Core01_TSB_3825(config-crypto-map)#match address 111
GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

16

Bc 7: gn interface
Core01_TSB_3825(config)#inter G0/0
Core01_TSB_3825(config-if)#crypto map TSB

Trn router TSB.

Bc 1: To Internet Key Exchange (IKE) key policy.
LZT-VN(config)#crypto isakmp policy 9
LZT-VN(config-isakmp)#hash md5
LZT-VN(config-isakmp)#authentication pre-share
Bc 2 :To shared key s dng cho kt ni VPN
LZT-VN(config)#crypto isakmp key CCVN address 100.3.252.54
Bc 3 :Quy nh lifetime
LZT-VN(config)#crypto ipsec security-association lifetime seconds 86400
Bc 4:Cu hnh ACL dy IP c th VPN.
LZT-VN(config)#access-list

111

permit

ip

118.70.219.00.0.0.255118.70.218.00.0.0.255
Bc 5: Chn m ha bo mt l: ESP-3DES
LZT-VN(config)#crypto ipsec transform-set LZT-VN esp-3des esp-md5-hmac
Bc 6: To cypto-map cho cc transform, setname
LZT-VN(config)#crypto map TSB 10 ipsec-isakmp LZT-VN(config-cryptomap)#set peer 100.3.252.54
LZT-VN(config-crypto-map)#set transform-set LZT-VN
LZT-VN(config-crypto-map)#match address 111
Bc 7:Gn vo interface
LZT-VN(config)#inter G0/0 LZT-VN(config-if)#crypto map TSB

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

17

Kt qu ping t LAN 118.70.219.0/24 n 118.70.218.0/24 thnh cng c

hin th hnh bn di:

Hnh 3.3.2: kt qu ping ping t LAN 118.70.219.0/24 n 118.70.218.0/24

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

18

DANH MC TI LIU THAM KHO

1.

Ngc

Huyn,Cisco

Vit

Nam

gii

thiu

lot

router

mi,

http://www.vietbao.vn, , truy cp 25 / 9 / 2013.

2.

Nguyn Thng Triu, Gii Thiu Cc Dng Thit B Cisco (Phn 1),
http://www.kenhgiaiphap.vn, truy cp 25/ 9/ 2013.

3.

Cisco

systems,

Cisco

Systems

Corporate

Timeline,

http://www.newroom.cisco.cm, truy cp 26/ 9/ 2013.

4.

Cisco systems, Introduction to Cisco 3800 Series Routers Hardware

Documentation, http://www.cisco.com, truy cp 20/ 9/ 2013.

5.

Cisco

systems,Overview

of

Cisco

3800

Series

Routers,

http://www.cisco.com, truy cp 15/ 9/ 2013.

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu

19

KT LUN
Sau khi hon thnh k thc tp ti cng ty c phn sang to truyn thng
Vit Nam, em tm hiu c mt s vn thc t, trau di thm kin thc
chuyn ngnh cng nh kin thc x hi:

Tm hiu c c cu t chc ca cng ty, c lm vic trong mi

trng nghim tc k lut, hc hi c nhiu kinh nghim lm vic t cc nhn

vin cng ty

Tm hiu thc t mt s thit b mng t hnh dng bn ngoi, cu to,

hot ng, c bit l router cisco 3825

Nm c mt s kin thc v cu hnh thit b mng cisco

Nhng kin thc v kinh nghim hc hi c trong qu trnh thc tp s

gip em rt nhiu cho qu trnh hc tp cng nh lm vic sau ny.
Cui cng em xin chn thnh cm n Gim c v cc nhn vin cng ty c
phn sang to truyn thng Vit Nam to iu kin gip em c lm vic v
hon thnh k thc tp ny. Em cng xin chn thnh cm n thy gio TS. L Anh
Ngc tn tnh gip , hng dn em hon thnh bi bo co ny.

Sinh vin
Phan Th Thu

GVHD: TS.L Anh Ngc

SVTH: Phan Th Thu