Scribd Logo
Upload

Welcome to Scribd!

  • Cau Hinh Ccna-Ccnp

    Uploaded by

    Đỗ Đăng Hải
    3 views20 pages
    ccna,ccnp

    Original Title

    Cau Hinh Ccna-ccnp

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ccna,ccnp

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views20 pages

    Cau Hinh Ccna-Ccnp

    Uploaded by

    Đỗ Đăng Hải
    ccna,ccnp

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    Phn 1.

    Routing - nh Tuyn (Cc giao thc phc tp)


    OSPF.
    Note: Tt c nhng router c cng area phi cu hnh
    ging nhau tt c cc thng s th khu vc mi hot
    ng ng chc nng c.
    1. Cu hnh c bn
    Router(config)#router ospf process ID
    Router(config-router)#network Network_number
    Wildcard_mask area_ID
    2. Cu hnh priority cc interface bu DR v BDR
    Priority cng ln th kh nng c bu lm DR cng
    cao, ngc vi bu Root brige ca Switch, cng nh th
    li cng c bu.
    Router(config)#interface fastethernet 0/0
    Router(config-int)#ip ospf priority 55
    Sau khi cu hnh xong priority c th kim tra bng lnh.
    Router# show ip ospf interface f0/0
    3. Chnh sa li OSPF cost metric trong mi interface
    Cost cng nh th tuyn cng c coi l best path
    Router(config-int)#ip ospf cost 1

    4.Cu hnh OSPF Authentication cc interface v p


    dng vo router
    Authentication key c hiu nh l password cc
    router trong cng mt vng chia s vi nhau.
    a.Cu hnh authentication n gin
    Router(config-if)#ip ospf authentication-key password
    Router(config-router)#area area number authentication
    b.Cu hnh authentication theo dng m ho, bo mt
    cao.
    Router(config-if)ip ospf message-digest-key key ID md5
    encryption-type key
    Router(config-router)#area area ID authentication
    message-digest
    5.Cu hnh OSPF timer trong cc interface
    Router(config-if)ip ospf hello-interval timer
    Router(config-if)ip ospf dead-interval timer
    6.Cu hnh qung b mt tuyn mc nh trong OSPF
    Router(config-router)#default-information originate
    7.Qung b mt tuyn khc (khng phi l default)
    Router(config-router)#redistribute protocols subnets

    8.Cc lnh show dng kim tra cu hnh OSPF


    show ip protocol
    show ip route
    show ip ospf
    show ip ospf interface
    show ip ospf database
    show ip ospf neighbor detail
    clear ip route *
    debug ip ospf events
    debug ip ospf adj
    EIGRP
    1.Cu hnh c bn.
    Router(config)#router eigrp autonomous number
    Router(config-router)#network network number
    Router(config-router)#eigpr log-neighbor-changes
    (Khng c cng c)
    Router(config-router)#no auto-summary
    2.Thay i bng thng v t tng hp tuyn trong
    interface
    Router(config-if)#bandwidth kilobits
    Router(config-if)#ip summary-address protocol AS
    network number subnets mask
    3.Cn bng ti trong EIGRP
    Router(config-router)#variance number

    4.Qung b default route


    Cch 1:
    Router(config)#ip route 0.0.0.0 0.0.0.0
    [interface/nexthop]
    Router(config)#redistribute static
    Cch 2:
    Router(config)#ip default-network network number
    Cch 3:
    Router(config-if)#ip summary-network eigrp AS number
    0.0.0.0 0.0.0.0
    5.Qung b cc tuyn khc trong EIGRP (khng phi l
    default)
    Router(config-router)#redistribute protocol process ID
    metrics k1 k2 k3 k4 k5
    Ex: Router(config-router)#redistribute ospf metrics 100
    100 100 100 100
    6.Chia s traffic trong EIGRP
    Router(config-router)#traffic share {balanced/min}
    7.Cc lnh kim tra cu hnh EIGRP
    <!--[if !supLists]-->- <!--[endif]-->show ip eigrp neighbor
    <!--[if !supLists]-->- <!--[endif]-->show ip eigrp interface
    <!--[if !supLists]-->- <!--[endif]-->show ip eigrp topology

    <!--[if !supLists]-->- <!--[endif]-->show ip eigrp traffic


    <!--[if !supLists]-->- <!--[endif]-->debug eigrp fsm
    <!--[if !supLists]-->- <!--[endif]-->debug eigrp packet

    Phn 2. Switching - Chuyn mch


    1.Cu hnh c bn chung cho mt Switch
    Reset tt c cu hnh ca Switch v reload li.
    Switch#delete flash:vlan.dat
    Switch#erase startup-config
    Switch#reload
    2.Cu hnh v Security v management
    Switch(config)#hostname tn switch
    Switch(config)#line console 0
    Switch(config-line)#password mt khu
    Switch(config-line)#login
    Switch(config)#line vty 0 4
    Switch(config-line)#pass mt khu
    Switch(config-line)#login
    3.Thit lp a ch IP v default gateway cho Switch
    Switch(config)#interface vlan1
    Switch(config-int)#ip address a ch subnetmask
    Switch(config)#ip default-gateway a ch

    4.Thit lp tc v duplex ca cng


    Switch(config-int)#speed tc
    Switch(config-int)#duplex full
    5.Thit lp dch v HTTP v cng
    Switch(config)#ip http server
    Switch(config)#ip http port 80
    6.Thit lp, qun l a ch MAC
    Switch(config)#mac-address-table static a ch MAC
    interface fastethernet s vlan
    Switch#show mac-address-table
    Switch#clear mac-address-table
    7.Cu hnh bo mt cho cng
    Switch(config-if)#switchport mode acess
    Switch(config-if)#switchport port-security
    Cu hnh Static: Switch(config-if)#switchport portsecurity mac-address a ch Mac
    Cu hnh Sticky: Switch(config-if)#switchport portsecurity mac-address sticky (thng dng nht)
    Switch(config-if)#switchport port-security maximum
    value
    Switch(config-if)#switchport port-security violation
    shutdown

    8.To Vlan
    Cch 1.
    Switch#vlan database
    Switch(vlan)#vlan number
    Cch 2. Khi gn cc cng vo vlan, d vlan cha tn ti
    nhng Switch vn t to.
    Switch(config)#interface fastethernet 0/0
    Switch(config-int)#switchport access vlan vlan-id
    Mun xo vlan ta lm nh sau:
    Switch(config-if)#no switchport access vlan vlan-id
    Switch#clear vlan vlan_number (xo ton b vlan )
    9.Gn nhiu cng vo trong vlan cng mt lc, cu hnh
    Range
    i vi dy cng khng lin tc.
    Switch(config)#interface range cng 1 , cng 2 , cng 3
    i vi mt dy lin tc.
    Switch(config)#interface range cng 1-n
    Switch(config-range)#switchport access vlan vlan-id

    V d:
    Switch(config)#interface range f0/0 , f0/2 , f0/4

    Switch(config)#interface range f0/0-10


    Switch(config-range)#switchport access vlan 10
    10.Cu hnh Trunk
    Switch(config-if)#switchport mode trunk
    Switch(config-if)#switchpor trunk encapsulation
    encapsulation-type
    Switch#show trunk
    11.Cu hnh VTP
    Switch#vlan database
    Switch(vlan)#vtp v2-mode
    Switch(vlan)#vtp domain tn domain
    Switch(vlan)#vtp {server/client/transperant}
    Switch(vlan)#vtp password password (To pass cho
    domain)
    Switch#show vtp status
    12.Cu hnh Inter-Vlan trn Router
    Router(config)#interface fastethernet 0/0.1
    Router(config-subif)#encapsulation type
    Router(config-subif)#ip address a ch subnetmask

    Phn 3. Access-list v cc cu hnh lin quan.


    1.Nhc li v l thuyt.
    C 2 loi access-list.

    Loi th nht: Standard IP Access-list ch lc d liu da


    vo a ch IP ngun. Range ca loi ny l t 1 99. Nn
    c p dng vi cng gn ch nht.
    Loi th hai: Extended IP Access-list lc d liu da vo
    a ch IP ngun
    a ch IP ch
    Giao thc (TCP, UDP)
    S cng (HTTP, Telnet)
    V cc thng s khc nh Windcard mask
    Range ca loi ny l t 100 199. Nn c p dng vi
    cng gn ngun nht.
    Hai bc cu hnh Access-list
    Bc 1: To access-list trong ch cu hnh config.
    Bc 2: p dng access-list cho tng cng tu theo yu
    cu ch cu hnh (config-if)
    Lu :
    Mc nh ca tt c Access-list l deny all, v vy trong
    tt c cc access-list ti thiu phi c 1 lnh permit. Nu
    trong access-list c c permit v deny th nn cc
    dng lnh permit bn trn.
    V hng ca access-list (In/Out) khi p dng vo cng
    c th hiu n gin l: In l t host, Out l ti host hay
    In vo trong Router, cn Out l ra khi Router.
    i vi IN router kim tra gi tin trc khi n c a
    ti bng x l. i vi OUT, router kim tra gi tin sau khi
    n vo bng x l.
    Windcard mask c tnh bng cng thc:
    WM = 255.255.255.255 Subnet mask (p dng cho c

    Classful v Classless addreess)


    0.0.0.0 255.255.255.255 = any.
    Ip address 0.0.0.0 = host ip address (ch nh tng host
    mt )
    2.Cu hnh Standard Access-list (V d)
    Router(config)#access-list 1 deny 172.16.0.0
    0.0.255.255
    Router(config)#access-list 1 permit any
    Router(config)#interface fastethernet 0/0
    Router(config-in)#ip access-group in
    3.Cu hnh Extended Access-list (V d)
    Router(config)#access-list 101 deny tcp 172.16.0.0
    0.0.255.255 host 192.168.1.1 eq telnet
    Router(config)#access-list 101 deny tcp 172.16.0.0
    0.0.255.255 host 192.168.1.2 eq ftp
    Router(config)#access-list 101 permit any any
    Router(config)#interface fastethernet 0/0
    Router(config-int)#ip access-group out
    4.Cu hnh named ACL thay cho cc s hiu.
    Router(config)#ip access-list extended server-access
    (tn ca access-list)
    Router(config-ext-nacl)#permit tcp any host 192.168.1.3
    eq telnet
    Router(config)#interface fastethernet 0/0
    Router(config-int)#ip access-group server-access out

    5.Permit hoc Deny Telnet s dng Standard Acl (V d)


    Router(config)#access-list 2 permit 172.16.0.0
    0.0.255.255
    Router(config)#access-list 2 deny any
    Router(config)#line vty 0 4
    Router(config-line)#password cisco
    Router(config-line)#login
    Router(config-line)#ip access-class 2 in
    6.Xo v kim tra Access-list
    Mun xo th ta dng lnh sau:
    Router(config)# no ip access-list s hiu
    Kim tra Acl ta dng cc lnh sau:
    <!--[if !supLists]-->- <!--[endif]-->show access-list
    <!--[if !supLists]-->- <!--[endif]-->show running-config
    <!--[if !supLists]-->- <!--[endif]-->show ip interface

    Phn 4. NAT PPP Frame Relay


    I.Cu hnh NAT
    Cu hnh Static NAT
    Cu hnh NAT trong ch Router(config). Cc lnh nh
    sau
    Router(config)#ip nat inside source static [inside local
    address] [inside global address]
    V d:

    R(config)#ip nat inside source statice 10.0.0.1


    202.103.2.1 (a ch 10.10.0.1 s c chuyn thnh
    202.103.2.1 khi i ra khi Router)
    Sau khi cu hnh xong phi p dng vo cng in v cng
    out, trong v d di y, cng Ethernet l cng in, cn
    cng Serial l cng out
    Router(config)#interface ethernet 0
    Router(config-if)#ip nat inside
    Router(config)#interface serial 0
    Router(config-if)#ip nat outside
    Cu hnh Dynamic NAT
    Router(config)#ip nat pool [ tn pool] [A.B.C.D
    A1.B1.C1.D1] netmask [mt n]
    Router(config)#ip nat inside source list [s hiu ACL]
    pool [tn pool]
    Router(config)#access-list [s hiu ACL] permit A.B.C.D
    windcard masks
    V d:
    R(config)#ip nat pool nat-pool1 179.9.8.80 179.9.8.95
    netmask 255.255.255.0
    R(config)#ip nat inside source list 1 pool nat-pool1
    R(config)#access-list 1 permit 10.1.0.0 0.0.0.255
    Sau p vo cng In v Out nh Static NAT
    Note: Gii a ch inside local address v inside global
    address phi nm trong gii cho php ca ACL
    Cu hnh PAT overload


    Cu hnh overload vi 1 a ch IP c th.
    Router(config)#ip nat pool [tn pool] [ip global inside]
    [subnet mask]
    Router(config)#ip nat inside source list [tn s hiu ACL]
    pool [tn pool] overload
    Router(config)#access-list [s hiu] permit [a ch]
    [windcard mask]
    V d:
    R(config)#access-list 2 permit 10.0.0.0 0.0.0.255
    R(config)#ip nat pool nat-pool2 179.9.8.20
    255.255.255.240
    R(config)#ip nat inside source list 2 nat-pool2 overload

    Cu hnh overload dng a ch ca cng ra.(Thng


    xuyn c dung hn l trng hp trn)
    Router(config)#ip nat inside source list [tn s hiu ACL]
    interface [cng ra] overload
    Router(config)#access-list [s hiu] permit [a ch]
    [windcard mask]
    V d:
    R(config)#ip nat inside source list 3 interface serial 0
    overload
    R(config)#access-list 3 permit 10.0.0.0 0.0.0.255
    Cc lnh Clear NAT/PAT
    Lnh xa tt c dynamic nat trn ton b cc interface.
    Router#clear ip nat translation *
    Lnh xa cc single nat trn tng interface
    Router#clear ip nat translation [inside/outside] [global ip

    - local ip]
    Lnh xa cc extended nat trn tng interface
    Router#clear ip nat translation protocol [inside/outside]
    [global ip - global port local ip local port]
    Kim tra v Debug cc NAT v PAT
    Router#show ip nat translation
    Router#show ip nat statics
    Router#debug ip nat
    Cu hnh DHCP
    Router(config)#ip dhcp excluded-address ip-address
    (end-ip-address)
    Router(config)#ip dhcp pool [tn pool]
    Router(dhcp-config)#network addess subnetmask
    Router(dhcp-config)#default-router address
    Router(dhcp-config)#dns-server address
    Router(dhcp-config)#netbios-name-server address
    Router(dhcp-config)#domain-name tn domain
    Router(dhcp-config)#lease ngy/gi/pht
    Kim tra v troubleshoot cu hnh DHCP
    Router#show ip dhcp binding
    Router#debug ip dhcp server events
    Trong trng hp DHCP server khng nm cng mng
    vi host
    Note: khi DHCP server khng cng mng vi host th ta
    phi dng lnh ip helper-address gip host n DHCP
    server.
    Router(config)#interface [cng nm cng mng vi host]
    Router(config-if)#ip helper-address [a ch ca DHCP
    server]

    Note: Trong trng hp mun gi tin ca host c


    broadcast mng cha DHCP th ta dng thm lnh ip
    directed-broadcast cng cng mng vi DHCP server
    Router(config)#interface [cng nm cng mng vi
    dhcp]
    Router(config-)#ip directed-broadcast
    II. Cu hnh PPP
    1. Cu hnh c bn:
    R(config)#interface serial 0/0
    R(config-if)#encapsulation ppp
    2. Cu hnh PAP
    Cu hnh PAP khng yu cu hai Router ging nhau v
    password nhng CHAP th phi c.
    (Cu hnh trn RA)
    R(config)#host RA
    RA(config)#username RB password 321
    RA(config-if)#encapsulation ppp
    RA(config-if)#ppp authentication pap
    RA(config-if)#ppp pap sent-username RA password 123
    (Cu hnh trn RB)
    R(config)#host RB
    RB(config)#username RA password 123
    RB(config-if)#encapsulation ppp
    RB(config-if)#ppp authentication pap

    RB(config-if)#ppp pap sent-username RB password 321


    3. Cu hnh CHAP. (yu cu phi ging nhau v
    password)
    (Cu hnh trn RA)
    R(config)#host RA
    RA(config)#username RB password 123
    RA(config-if)encapsulation ppp
    RA(config-if)ppp authentication chap
    (Cu hnh trn RB)
    R(config)#host RB
    RB(config)#username RA password 123
    RB(config-if)encapsulation ppp
    RB(config-if)ppp authentication chap

    4. Cc cu hnh khc ca PPP


    <!--[if !supLists]-->a. <!--[endif]-->Cu hnh Multilink
    R(config-if)#encapsulation ppp
    R(config-if)#ppp multilink
    <!--[if !supLists]-->b. <!--[endif]-->Cu hnh
    Compression
    R(config-if)#encapsulation ppp
    R(config-if)#compress [predictor/stac/mppc]

    <!--[if !supLists]-->c. <!--[endif]-->Cu hnh Error


    detection
    R(config-if)#encapsulation ppp
    R(config-if)#ppp quality [phn trm]
    5. Cc lnh kim tra cu hnh PPP
    R#show interface (xem encapsulation)
    R#debug ppp negotiation (Xem qu trnh kt ni gia 2
    node)
    R#debug ppp authentication (Xem qu trnh xc thc
    gia 2 node)

    III. Cu hnh Frame-Relay


    <!--[if !supLists]-->1. <!--[endif]-->Cu hnh n gin
    R(config-if)#encapsulation frame-relay {ciso| ietf} (mc
    nh l cisco)
    Khi lnh ny c thc thi, DLCI s c Inverse ARP t
    ng map, ngi dng khng cn phi lm g c.
    * Nhng Inverse ARP khng lm vic vi cc kt ni Huband-Spoke
    <!--[if !supLists]-->2. <!--[endif]-->Cu hnh Frame-relay
    static map
    R(config-if)#encapsulation frame-relay

    R(config-if)#frame-relay map ip remoteip-address localdlci [broadcast] [cisco| ietf]


    (ip address trong dng lnh trn ch ly lm minh ha
    bi n rt ph bin, chnh xc phi l remoteprotocol
    address)
    Broadcast trong cu lnh trn c 2 chc nng:
    <!--[if !supLists]--> <!--[endif]-->Forward broadcast khi
    multicast khng c khi ng.
    <!--[if !supLists]--> <!--[endif]-->n gin ha cu hnh
    OSPF cho mng nonbroadcast s dng FRelay.
    V d:
    R(config-if)#encapsulation frame-relay
    R(config-if)#frame-relay map ip 192.168.2.1 100
    broadcast

    <!--[if !supLists]-->3. <!--[endif]-->Cu hnh FR trong


    mng None Broadcast MutiAccess
    <!--[if !supLists]-->- <!--[endif]-->Trong mng Broadcast
    khi 1 my tnh truyn frame tt c cc node lng nghe
    frame nhng ch c node cn nhn mi nhn c.
    <!--[if !supLists]-->- <!--[endif]-->Trong mng None
    Broadcast khi 1 my tnh truyn frame th ch c node
    cn nhn mi lng nghe v nhn c frame , cc
    node cn li th khng. Frame c truyn qua 1 virtual
    Circuit hoc 1 thit b chuyn mch.
    <!--[if !supLists]-->- <!--[endif]-->Star topology c th
    c coi nh l 1 mng Hub and Spoke.
    <!--[if !supLists]-->4. <!--[endif]-->Gii quyt vn vi

    Routing Updates m khng disable Split Horizal


    Gii php dng Sub-interface
    R(config)#interface s0/0
    R(config-if)#encapsulation frame-relay
    R(config-if)interface s0/0.1 [multipoint| point-to-point]
    <!--[if !supLists]-->- <!--[endif]-->point-to-point: Mi
    subinterface c subnet ring ca mnh. Broadcast v
    Split horizol khng l vn .
    <!--[if !supLists]-->- <!--[endif]-->Multi-point: Tt c cc
    subinterface lin quan phi cng chung 1 subnet v nh
    vy Broadcast v Split horizol s c vn .
    V d:
    (Point-to-point)
    R(config)#interface s0/0
    R(config-if)#encapsulation frame-relay
    R(config-if)#interface s0/0.1 point-to-point
    R(config-subif)#frame-relay interface-dlci 18
    (Multipoint)
    R(config)#interface s0/0
    R(config-if)#encapsulation frame-relay
    R(config-if)#interface s0/0.2 multipoint
    R(config-subif)#frame-relay interface-dlci 19
    R(config-subif)#frame-relay interface-dlci 20
    <!--[if !supLists]-->5. <!--[endif]-->Cu hnh trn Framerelay Switching (v d)

    R(config)#frame-relay switching
    R(config)#interface s0/0
    R(config-if)#encapsulation frame-relay
    R(config-if)#frame-relay intf-type dce
    R(config-if)#frame-relay route 103interface serial 0/1
    301

    You might also like