TiliuthchnhCCNA

Cu Hnh Switch C Bn
I.

Cc lnh lin quan n bi lab:

- Cc cu lnh tr gip
- Cc cu lnh kim tra
- Cu hnh tn switch
- Cu hnh password
- Cu hnh a ch IP v default gateway
- Lab cu hnh switch c bn
1. Cc lnh tr gip:
Switch> ?
Switch> enable
Switch#
Switch# disable
Switch> exit
Cu hnh Hostname

Phm ? c dng lm phm tr gip

ging nh router
L ch User
L ch Privileged
Thot khi ch privileged
Thot khi ch User

2. Cc cu lnh kim tra

Switch# show running-config
Switch# show startup-config
Switch# show interfaces

Hin th file cu hnh ang chy trn RAM

Hin th file cu hnh ang chy trn
NVRAM
Hin th thng tin cu hnh v cc
interface c trn switch v trng thi ca
cc interface .

Switch# show interface vlan 1

Hin th cc thng s cu hnh ca Interface

VLAN 1, Vlan 1 l vlan mc nh trn tt c
cc switch ca cisco.

Switch# show version

Hin th thng tin v phn cng v phn mm

ca switch

Switch# show flash:

Hin th thng tin v b nh flash

Switch# show mac-address-table

Hin th bng a ch MAC hin ti ca switch

3.Cu hnh Hostname

TiliuthchnhCCNA

Switch# configure terminal

Switch(config)# hostname 2960Switch

Chuyn cu hnh vo ch Global

Configuration
t tn cho switch l 2960Switch. Cu lnh t
tn ny thc thi ging trn router.

4.Cc loi password

2960Switch(config)#enable password cisco

Cu hnh Password enable cho switch l Cisco

2960Switch(config)#enable secret class

Cu hnh Password enable c m ha l

class

2960Switch(config)#line console 0

Vo ch cu hnh line console

2960Switch(config-line)#login

Cho php switch kim tra password khi ngi

dng login vo switch thng qua console

2960Switch(config-line)#password cisco

Cu hnh password cho console l Cisco

2960Switch(config-line)#exit

Thot khi ch cu hnh line console

2960Switch(config-line)#line vty 0 4

Vo ch cu hnh line vty

2960Switch(config-line)#login
2960Switch(config-line)#password cisco

Cho php switch kim tra password khi ngi

dng login vo switch thng qua telnet
Cu hnh password cho php telnet l Cisco

2960Switch(config-line)#exit

Thot khi ch cu hnh ca line vty

5. Cu hnh a ch IP v default gateway

2960Switch(config)# Interface vlan 1

Vo ch cu hnh ca interface vlan 1

2960Switch(config-if)# ip address
172.16.10.2 255.255.0.0

Gn a ch ip v subnet mask cho php truy

cp switch t xa.

2960Switch(config)#ip default-gateway
172.16.10.1

Cu hnh a ch default gateway cho

Switch

TiliuthchnhCCNA

6. Cu hnh m t cho interface

2960Switch(config)# interface fastethernet fa0/1

Vo ch cu hnh ca interface fa0/1

2960Switch(config-if)# description Finace

VLAN

Thm mt on m t cho interface ny.

* Ch : i vi dng switch 2960 c 12 hoc 24 Fast Ethernet port th tn ca cc port

s bt u t: fa0/1, fa0/2. Fa0/24. Khng c port Fa0/0.
7. Qun l bng a ch MAC:
Switch# show mac address-table

II.

Hin th ni dung bng a ch mac hin thi

ca switch

Lab cu hnh Switch c bn:

Yu cu :
-S dng Packet Tracer kt ni m hnh nh trn
-Xa ton b cu hnh hin ti ca Swicth
-Cc lnh xem thng tin
-Cu hnh hostname, a ch IP
-Cc loi mt khu
-Tc v duplex
-Tnh nng PortSecurity

TiliuthchnhCCNA

1. Kt ni cp v xa cu hnh cho Switch:

- S dng ng cp thng kt ni t PC n Switch
- S dng PC kt ni vo cng console ca Switch hoc vo tab CLI ca thit b
tin hnh cu hnh
- Xa cu hnh Switch
Switch> enable
Switch# erase startup-config
Switch# reload
2. Cc lnh kim tra thng tin :
-

Xem cu hnh hin ti ca Switch cng vi tng s lng interface Fastethernet,

GigabitEthernet, s line vty cho telnet..

Switch#show running-config
-

Trn tt c SW Cisco u c interface mc nh l VLAN1 dng qun l SW

t xa thng qua vic t ip cho interface ny, xem t im interface vlan 1

Switch#show interface vlan1

Ghi li thng tin a ch Ip, MAC, trng thi up, down
Switch#show interface fa0/1 tnh trng interface fastethernet 0/1
-

Xem thng tin v phin bn h iu hnh, dung lng b nh RAM, NVRAM,

Flash

Switch#show version
-

Ni dung b nh Flash

Switch#show flash:
Hoc
Switch#dir flash:
Switch#dir flash:
6 drwx 4480 Mar 1 1993 00:04:42 +00:00 html
618 -rwx 4671175 Mar 1 1993 00:06:06 +00:00 c2960-lanbase-mz.122-25.SEE3.bin
32514048 bytes total (24804864 bytes free)
-

Xem cu hnh ang lu trn Switch

TiliuthchnhCCNA

Switch#show startup-configure
startup-config is not present
-

L do hin thng bo trn l do hin ti chng ta cha lu cu hnh, by gi th

t hostname cho thit b sau lu cu hnh

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#exit
S1#copy running-config startup-config
Destination filename [startup-config]? (enter)
Building configuration...
[OK]
S1#show startup-config
Using 1170 out of 65536 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname S1
!
<output omitted>
3. Cc loi mt khu :
-

Cu hnh mt khu cisco cho cng Console

S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
-

Telnet l mt dch v gip ngi qun tr c th qun l cc thit b t xa thng

qua cc line vty, trong trng hp ny mt khu line vty cho dch v Telnet l
Cisco

S1(config)#line vty 0 4
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
-

t mt khu nhy t mode User ( > ) sang Privileged ( #) l class

TiliuthchnhCCNA

S1(config)#enable secret class

Mode Privileged c th thay i tt c cu hnh ca thit b Cisco nn rt quan trong
nn vic t mt khu cho mode ny l cn thit
4. t IP cho Switch : Switch l mt thit b lp 2 nn cc cng ca Switch ta khng
th t IP c c th qun l thit b t xa, i vi Cisco Switch ta c th lm
c iu ny bng cch t ip thng qua 1 interface t bit VLAN1 ( logical
interface )
S1(config)#interface vlan 1
S1(config-if)#ip address 172.17.99.11 255.255.0.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#
-

t mng khc vn c th qun l c switch cn khai bo thm Gateway cho

Switch :

S1(config)#ip default-gateway 172.17.99.1

Vi 172.27.99.1 l a ch ca gateway
-

Kim tra li cu hnh interface Vlan 1

S1#show interface vlan 1

Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 001b.5302.4ec1 (bia 001b.5302.4ec1)
Internet address is 172.17.99.11/16
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:06, output 00:03:23, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
4 packets input, 1368 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
1 packets output, 64 bytes, 0 underruns

TiliuthchnhCCNA

0 output errors, 0 interface resets

-

Cu hnh a ch IP cho PC1 vi thng tin trn bi lab, trn PC vo Desktop -> IP
Configuration
IP: 172.17.99.21
SM: 255.255.0.0
Gw: 172.17.99.1 hin ti cha c trong bi lab ny
- Kim tra kt ni t PC n Switch :
PC vo Desktop -> Command prompt -> ping 172.17.99.11
-

Thay i cu hnh duplex v tc trn cc cng ca Switch

S1#configure terminal
S1(config)#interface fastethernet 0/18
S1(config-if)#speed 100
S1(config-if)#duplex auto
S1(config-if)#end
-

Kim tra li interface

S1#show interface fastethernet 0/18

FastEthernet0/18 is up, line protocol is up (connected)
Hardware is FastEthernet, address is 001b.5302.4e92 (bia 001b.5302.4e92)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
-

Lu cu hnh

S1#copy running-config startup-config

Destination filename [startup-config]?[Enter] Building
[OK]
S1#

configuration...

5. Qun l bng MAC table :

-

Kim tra a ch MAC ca c PC bng lnh ipconfig /all, ghi li a ch MAC v

kim tra li bng a ch MAC trn Switch v so snh ni dung vi a ch MAC
ca PC

TiliuthchnhCCNA

S1#show mac-address-table
6. Cu hnh tnh nng Port Security :
-

Tnh nng Port Security c th gip ta qun l vic truy cp vo tng cng ca
Switch gm: PC c MAC no c lt ni n cng, tng s MAC c kt ni

Cc bc cu hnh nh sau

S1# configure terminal

S1(config)#interface fastethernet 0/18
S1(config-if)#switchport mode access port hot ng mode access
S1(config-if)#switchport port-security bt tnh nng port security
S1(config-if)#switchport port-security maximum 2 ti a 2 MAC c kt ni n
cng ny
S1(config-if)#switchport port-security mac-address sticky cc a ch MAC trn c
hc t ng t 2 PC u tin ni n cng
S1(config-if)#switchport port-security violation shutdown Khi vt qu s lng cho
php cng s t ng shutdown
-Xem li cu hnh bng 2 lnh
Switch#show running-configure
Switch#show port-security interface fa0/18
-

Th kim tra li hot ng ca Port Security bng cch ln lt ni PC1, 2 vo

cng fa0/18 sau s dng lnh show port-security address s thy ch c PC1,
2 mi c kt ni n cng fa0/18, by gi ta cm thm 1 PC th 3 vo cng
fa0/18 na s thy cng t ng b shutdown do vt qu gii hn cho php
ca lnh switchport port-security maximum 2

Tin hnh lu cu hnh v kt thc bi Lab.

TiliuthchnhCCNA

Cu Hnh Router C Bn
I.

Gii thiu :
Bo mt l mt yu t rt quan trng trong network,v th n rt c quan tm v s dng
mt khu l mt trong nhng cch bo mt rt hiu qu.S dng mt khu trong router c th
gip ta trnh c nhng s tn cng router qua nhng phin Telnet hay nhng s truy cp trc
tip vo router thay i cu hnh m ta khng mong mun t ngi la.

II.

Mc ch :
Ci t c mt khu cho router, khi ng nhp vo, router phi kim tra cc loi mt khu
cn thit.

III.

M t bi lab v hnh :

Trong hnh trn, PC c ni vi router bng cp console

IV.

Cc cp bo mt ca mt khu :
Cp bo mt ca mt khu da vo cp ch m ho ca mt khu .cc cp m ha
ca mt khu:
Cp 5 : m ha theo thut ton MD5, y l loi m ha 1 chiu,khng th gii m
c(cp ny c dng m ho mc nh cho mt khu enable secret gn cho router)
Cp 7 : m ha theo thut ton MD7, y l loi m ha 2 chiu,c th gii m
c(cp ny c dng m ha cho cc loi password khc khi cn nh: enable
password,line vty,line console)
Cp 0 : y l cp khng m ha.

V.

Qui tc t mt khu :
Mt khu truy nhp phn bit ch hoa,ch thng,khng qu 25 k t bao gm cc k
s,khong trng nhng khng c s dng khong trng cho k t u tin.
Router(config)#enable password vsic-vsic-vsic-vsic-vsic-vsic-vsic
% Overly long Password truncated after 25 characters mt khu c t vi 26 k
t khng c chp nhn

TiliuthchnhCCNA

VI.

Cc loi mt khu cho Router :

Enable secret : nu t loai mt khu ny cho Router,bn s cn phi khai bo khi ng
nhp vo ch user mode ,y l loi mt khu c hiu lc cao nht trong Router,c m ha
mc nh o cp d 5.
Enable password : y l loi mt khu c chc nng tng t nh enable secret nhng
c hiu lc yu hn,loi password ny khng c m ha mc nh,nu yu cu m ha th s
c m ha cp 7.
Line Vty : y l dng mt khu dng gn cho ng line Vty,mt khu ny s c
kim tra khi bn ng nhp vo Router qua ng Telnet.
Line console : y l loi mt khu c kim tra cho php bn s dng cng Console
cu hnh cho Router.
Line aux : y l loi mt khu c kim tra khi bn s dng cng aux.

VII.

Cc bc t mt khu cho Router :

Bc 1 : khi ng Router , nhn enter vo ch user mode.

T ch user mode dng lnh enable vo ch Privileged mode
Router con0 is now available
Press RETURN to get started.
Router>enable
Router#

Bc 2 : T du nhc ch Privileged mode vo mode cofigure cu hnh cho

Router bng lnh configure terminal
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#

Bc 3 : Cu hnh cho tng loi Password

Cu hnh cho mt khu enable secret
(Ch :mt khu c phn bit ch hoa v ch thng)
Router(config)#enable secret ttg
Router(config)#exit

Cu hnh mt khu bng lnh enable password

Router(config)#enable password cisco
Router(config)#exit

Mt khu l ttg

Mt khu l cisco

TiliuthchnhCCNA

Lu : khi ta ci t cng lc 2 loi mt khu enable secret v enable password th

Router s kim tra mt khu c hiu lc mnh hn l enable secret. Khi mt khu secret khng
cn th lc mt khu enable password s c kim tra, hy th kim tra li bng cch thot
ra li mode User ri vo li mode Privileged bng lnh enable Router s hi mt mu khai bo
bng lnh enable secret
Cu hnh mt khu bng lnh Line
Mt khu cho ng Telnet (Line vty)
Router(config)#line vty 0 4
Router(config-line)#password class
password l class
m ch ci t password
Router(config-line)#login
Router(config-line)#exit
Mt khu cho cng console :
Router(config)#line console 0

m ng Line Console
cng Console th 0

Router(config-line)#password cert
Router(config-line)#login

password l cert
m ch ci t password

Router(config-line)#exit
Mt khu cho cng aux:
Router(config)#line aux 0
S 0 ch s th t cng aux c dng
Router(config-line)#password router

password l router

Router(config-line)#login
Router(config-line)#exit
Sau khi t xong mt khu,ta thot ra ngoi ch Privileged mode, dng lnh Show runningconfig xem li nhng password cu hnh :
Router#show running-config
Building configuration...
Current configuration : 550 bytes
version 12.1

TiliuthchnhCCNA

no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption

password ci t ch khng m ha

hostname Router
password secret c

enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o

m ha mc nh cp 5
enable password cisco
!
line con 0
password cert

password cho cng Console l cert

login
line aux 0
password router

password cho cng aux l router

login
line vty 0 4
password class

password cho ng vty l class

login
!
End
Dng lnh Show running-config ta s thy c cc password cu hnh, nu mun m ha
tt c cc password ta dng lnh Service password-encryption trong mode config.
Router(config)#service password-encryption
Router(config)#exit

TiliuthchnhCCNA

Dng lnh show running-config kim tra li:

Router#show run
Building configuration...
enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o/
enable password 7 094F471A1A0A

password c m ha cp 7

line con 0
password 7 15110E1E10

password c m ha cp 7

login
line aux 0
password 7 071D2E595A0C0B password c m ha cp 7
login
line vty 0 4
password 7 060503205F5D

password c m ha cp 7

login
!
End
Ch : Ta khng th dng lnh no service password-encryption b ch m ha cho mt
khu,ta ch c th b ch m ha khi gn li mt khu khc
Sau khi t mt khu xong, khi ng nhp vo Router li, mt khu s c kim tra:
Router con0 is now available
Press RETURN to get started.
User Access Verification
Password:cert
Router>ena
Password:ttg

nhn enter
mt khu line console s c kim tra
khai bo mt khu console l : cert
enable d vo mode Privileged

V mt khu secret c hiu lc cao hn nn c kim tra

TiliuthchnhCCNA

Router#
Cc loi mt khu khc nh Line Vty ,Line aux s c kim tra khi s dng n chc nng
VIII.

G b mt khu cho router :

Nu mun g b mt khu truy cp cho loi mt khu no ta dng lnh no trc cu lnh
gn cho loi mt khu .
V d : Mun g b mt khu secret cho router
Router(config)#no enable secret
Router(config)#exit
Bng cch tng t,ta c th g b mt khu cho cc loi mt khu khc.