Professional Documents
Culture Documents
Tuyen Tap Bai Viet CCNA PDF
Tuyen Tap Bai Viet CCNA PDF
Frame relay
Frame relay vn l cng ngh WAN c trin khai nhiu nht c dng router.
c mt s chuyn i dn dn t FR sang cc cng ngh nh VPN da trn
nn IP v MPLS-VPN. Tuy nhin Frame relay s vn ng mt vai tr ln
trong cc mng doanh nghip trong mt tng lai trc mt.
Chun FR c pht trin bi nhiu nhm nghin cu. Ban u, Cisco v cc
cng ty khc (cn c gi l gang of four) pht trin mt chun gip cho tnh
tng thch ca FR v pht trin sn phm. Sau mt din n v Frame
relay Framerelay Forum c thnh lp nhm pht trin FR. IETF hin nh
ngha vi RFC lin quan n vic dng FR nh l giao thc lp 2 trong mng
IP.
Ti liu Cisco IOS thng m t cc chun ca FR thng qua cc tho hip
hin thc FRF, v d FRF.12 lin quan n c t cho tin trnh phn mnh.
Cui cng, ANSI v ITU xy dng trn cc chun ny chun ha FR theo
chun quc gia ca M v quc t.
Cc mch o ca Frame Relay:
Cng ngh Frame Relay thng chuyn cc frame t ngun n ch trn
nhng ng dn kt ni o. Cc ng i o ny c th l cc mch o
thng trc (permanent virtual circuits - PVCs) hoc cc mch o chuyn mch
(switched virtual circuits - SVCs).
Mt PVC thng c thit lp bi cc nh cung cp dch v khi h lp trnh
cc tng i Frame Relay Switch. Ty thuc vo tho thun vi nh cung cp,
mt khch hng hoc mt PVC ca ngi dng c th c cu hnh mang
lu lng n mt tc no c gi l tc thng tin cam kt
(committed information rate - CIR).
CIR l tc truyn m mng Frame Relay hoc nh cung cp ng truyn
trong tnh trng bnh thng, y cng l tc trung bnh trong mt khong
thi gian no . n v ca CIR l bits trn giy.
Mi kt ni PVC cui mi thit b u cui c xc nh bng mt a ch
c chiu di 10 bit trong phn header u ca frame, cn c gi l DLCI.
DLCI thng c dng nh x n a ch lp mng ca ch n, tc a
ch ca router u xa ca mch PVC. Sau d liu cn c truyn trn h
tng Frame relay s c ng gi trong cc header ny.
Mi header trong Frame Relay c chn vo gi tr DLCI tng ng n a
ch lp mng ca ch n. Cc frame sau s c gi n tng i vi gi
tr DLCI ban u. Cc frame ny tip tc c trung chuyn v pha mng ch
Lnh show frame-relay pvc hin th cc thng tin thng k v trng thi ca
tng VC. Lnh k tip trn R1 b qua mt s on, ch li nhng dng c
trng thi PVC.
Code:
R1# show frame-relay pvc| incl PVC STATUS
DLCI = 100, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE,
INTERFACE = Serial0/0/0
DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE,
INTERFACE = Serial0/0/0.123
DLCI = 103, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE,
INTERFACE = Serial0/0/0.123
DLCI = 104, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE,
INTERFACE = Serial0/0/0.14
DLCI = 105, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE,
INTERFACE = Serial0/0/0
DLCI = 106, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE,
INTERFACE = Serial0/0/0
DLCI = 107, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE,
INTERFACE = Serial0/0/0
DLCI = 108, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE,
INTERFACE = Serial0/0/0
DLCI = 109, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE,
INTERFACE = Serial0/0/0
Code:
R1# show frame-relay pvc 102
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE,
INTERFACE = Serial0/0/0.123
input pkts 41 output pkts 54 in bytes 4615
out bytes 5491 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 27 out bcast bytes 1587
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:29:37, last time pvc status changed 00:13:47
Kt qu lnh di y xc nhn rng ng truyn ca R1 ang dng Cisco
LMI. Cc thng ip trng thi LMI s xut hin mi pht trong thng ip
Full Status message c lit k sau cng. Ch rng router gi cc thng ip
truy vn trng thi n tng i. Khi tng i gi cc thng ip trng thi, cc
b m ny s cng tng.
Code:
Code:
Router1# sh run
! Lines omitted for brevity
interface Serial0/0
encapsulation frame-relay
interface Serial0/0.11 multipoint
ip address 172.31.134.1 255.255.255.0
frame-relay interface-dlci 300
frame-relay interface-dlci 400
! Lines omitted for brevity
K tip, cng serial c tt v bt v cc hng trong InARP trc b xa v
vy ta c th quan st tin trnh InARP.
Code:
Router1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)# int s 0/0
Router1(config-if)# do clear frame-relay inarp
Router1(config-if)# shut
Router1(config-if)# no shut
Router1(config-if)# ^Z
Cc thng ip t lnh debug frame-relay event hin th cc thng ip nhn
c InARP trn R1. Ch cc gi tr hex 0xAC1F8603 v 0xAC1F8604, vi
cc gi tr thp phn tng ng l 172.31.134.3 and 172.31.134.4 (tng ng
vi Router3 v Router4).
Code:
Router1# debug frame-relay events
*Mar 1 00:09:45.334: Serial0/0.11: FR ARP input
*Mar 1 00:09:45.334: datagramstart = 0x392BA0E, datagramsize = 34
*Mar 1 00:09:45.334: FR encap = 0x48C10300
*Mar 1 00:09:45.334: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00
*Mar 1 00:09:45.334: AC 1F 86 03 48 C1 AC 1F 86 01 01 02 00 00
*Mar 1 00:09:45.334:
*Mar 1 00:09:45.334: Serial0/0.11: FR ARP input
*Mar 1 00:09:45.334: datagramstart = 0x392B8CE, datagramsize = 34
*Mar 1 00:09:45.338: FR encap = 0x64010300
*Mar 1 00:09:45.338: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00
*Mar 1 00:09:45.338: AC 1F 86 04 64 01 AC 1F 86 01 01 02 00 00
K tip, ch lnh show frame-relay map c bao gm t kha dynamic, ngha
l cc hng c hc thng qua InARP.
Code:
Router1# show frame-relay map
Spanning Tree.
Mt h thng mng hin thc STP km c th dn n rt nhiu cng vic cu
hnh, khi phc li trn mng campus. Bi vit ny gii thch c ch hot ng
ca spanning-tree, chc nng ngn nga loop trong mng switch.
STP l mt trong nhng ch m tnh k thut trong cng ngh LAN
switching. hiu v STP th cng kh khn nh l hiu v cc c ch hot
ng bn di ca OSPF hay EIGRP (timers, kiu gi tin, cc gii thut). STP
ng vai tr nn tng trong hot ng ca mi h thng mng campus. N
ng vai tr then cht trong thit k v trin khai mng campus.
Spanning-tree l mt giao thc lp 2 s dng mt gii thut c bit tm ra
cc vng lp trong mng v tc ng ca mt mng khng b loop. STP s to
ra mt cu trc cy bao gm cc l v cc nhnh tri rng trn ton b mng
L2. Trong phn ny, thut ng switch v bridge c dng thay th ln nhau.
Ngoi ra, nu khng cp n, kt nI gia cc switch s c gi s l kt
ni trunk.
Cc vng lp loop c th din ra trong mt h thng mng v nhiu l do.
Thng thng, loop l kt qu ca nhng c gng xy dng cc kt nI d
phng. Tuy nhin, loop cng c th dn n t nhng li do cu hnh.
Port-ID
Thng s PortID l thng s th ba c dng bi spanning-tree xc nh
ng i v root-bridge. Gi tr port-ID l gi tr 2-bytes bao gm mt hai ch
s. Ch s u tin gi l port Priority, gi tr th hai c gi l port-number.
Trn mt CatOS, gi tr u tin l 6bits v gi tr th hai l 10 bits. Trn IOSbased switch, c hai gi tr l 8 bits.
Ta khng nn nhm ln gia PortID vI gi tr Port Number. Gi tr port
number ch l mt phn ca PortID. Gi tr PortID cng thp th c u tin
hn gi tr portID cao trong cc quyt nh ca STP. Hai gi tr PortID khng
th no bng nhau, bi v PortNumber s ch ra switchport trn Catalyst switch.
Gi tr port priority l mt thng s STP c th thay i c. Tm gi tr ca
n l t 0 cho n 255 trn IOS-based switch, gi tr mc nh l 128.
-----------------------------------------------
Bi 5:
Route redistribution
Redistribution
1. nh ngha
Trng hp nu mt mng ca cng ty chy nhiu giao thc nh tuyn th cn
phi c mt phng thc chia s thng tin nh tuyn gia cc giao thc
khc nhau . Qu trnh gi l redistribution.
Ch l trong trng hp tn ti nhiu giao thc nh tuyn trn cng mt
router khng c ngha l redistribution t xy ra. M qu trnh redistribution
ny xy ra th ta phi cu hnh chng.
Trng hp c nhiu giao thc nh tuyn tn ti trn cng mt router m
khng c cu hnh redistribution c gi l ships in the night (SIN) routing.
C ngha l router ch trao i thng tin nh tuyn vi neighbor ca n trong
cng process domain. Mc d SIN routing thng c cp ti trng hp
nhiu giao thc nh tuyn trn cng mt router (nh l OSPF ca giao thc IP
v NLSP ca giao thc IPX).
Mt ch na l redistribution ch c th xy ra gia cc giao thc nh tuyn
tng ng vi cng mt giao thc lp 3 (IP, IPX hay Apple Talk). Mt vi
giao thc nh tuyn th t ng redistribution m khng cn phi cu hnh, tuy
nhin thng l ta phi cu hnh th qu trnh redistribution mi din ra.
Hnh 3.1 di y s miu t chnh sch redistribution ca tng giao thc nh
tuyn.
Gii php 1: cho vic redistribution gia classful routing protocol v classless
routing protocol l s dng nh tuyn tnh phn phi cc route vo trong
classful routing domain.
Gai php 2: thc hin route summary nhm cc subnet con thnh mt
subnet to hn m classful routing domain hiu c.
Bi 6:
Tho lun cc vn v cp quang
Hi:
1. Cho em hi v s khc nhau gia cp quang SM v MM?
2. Cc thit b u cui hn si cp quang trc khi gn n vo switch.
Trn mt s switch, em thy c giao tip FX; i khi em thy giao tip
cp quang l SX hoc LX. Vy ttrong ttrng hp no th mnh s dng
fx, v trong trng hp no mnh dng sx. Si cp patch-cable dng
cho fx l st/sc. Tuy nhin em khng phn bit c trong trng hp
no em dnng st/st hoc sc/sc. Cc anh c th gii thch cho em c
khng?
3. Cc bn th l gii ti sao si n mode cn n cc b suy hao 5dB,
10dB khong cch gn?
Tr li:
1. Si quang l nhng dy nh v do truyn cc nh sng nhn thy c
v cc tia hng ngoi. Chng c 3 lp: li (core), o (cladding) v v
bc (coating). nh sng c th phn x mt cch hon ton trong li
th chit sut ca li ln hn chit sut ca o mt cht. V bc pha
ngoi o bo v si quang khi b m v n mn, ng thi chng xuyn
m vi cc si i bn cnh. Li v o c lm bng thu tinh hay cht
do (Silica), cht do, kim loi, fluor, si quang kt tinh). Thnh phn
li v v c chic sut khc nhau. Chit sut ca nhng lp ny nh th
ny s quyt nh tnh cht ca si quang. Chng c phn loi thnh
cc loi si quang n mode (Single Mode SM) v a mode
(Multimode -MM) tng ng vi s lng mode ca nh sng truyn
qua si quang. Mode sng l mt trng thi truyn n nh ca sng nh
sng (cng c th hiu mt mode l mt tia).
Si quang n mode hay si quang a mode u ch truyn mt tn hiu (l d
liu m ta cn truyn). Mun truyn nhiu d liu t cc knh khc nhau, ta
phi dng n cng ngh WDM (truyn nhiu bc sng trn cng mt si
quang). Si a mode c th truyn cng lc nhiu nh sng vi gc anpha khc
nhau, cn si n mode ch c th truyn 1 nh sng vi 1 bc sng nht
nh. Do si quang l vt liu truyn thng tin da trn nh lut phn x nh
sng. Tia sng khi i t mi trng c chit sut cao qua mi trng chit sut
thp th khng i thng (hay cn gi l tn x) m s phn x li. Do , khi
nh sng mang thng tin, s c truyn i m khng b suy hao g c (v n c
chy lng vng trong , phn x bn ny, ri phn x bn kia. Si quang n
mode th li c chit sut l mt hng s v chit sut ca v cng l 1 hng s.
Khi nh sng s truyn i theo ng ziczac trong si quang ( lnh pha
ca tn hiu khi s ng k). Si a mode l cng ngh tin tin hn, chit
sut t li ra n v s gim t t (nhng vn m bo mt t s chit sut
===================
/\/\/\/\/\/\/\/\/\
- - - - - - - - - ng nh sng
\/\/\/\/\/\/\/\/\/
===================
Multi mode
Tip cn theo quang hc tia (ray optic), mode ca si quang c hiu l mt
tia sng nh sng n sc. Si quang a mode l si quang truyn nhiu tia
sng cng mt lc, trong khi si quang n mode ch truyn duy nht mt
mode dc trc. Tip cn theo quang hc lng t, nh sng l mt loi sng
in t (hai thnh phn E, H) v truyn dn ca n trong si quang phi tun
th cc phng trnh ca nh lut Maxoen. Ngi ta nhn thy rng thnh
phn in (vc t E) v thnh phn t (vc t H) ti li v v ca si quang
khng c lp vi nhau m c mi lin h thng qua iu kin bin li-v. Bt
c cp nghim no ca h phng trnh Maxoen li v v tho mn iu kin
bin c gi l mt mode truyn sng.
Ngoi cch phn loi nh trn, cn vi cch phn loi cp quang khc. Theo
Mode th c: SM v MM (MM c 2 loi: 62.5 v 50). Theo mi trng lp t
th c Outdoor v In door. Outdoor li chia ra thnh cc loi: F8 v
Underground.
2. Ti sao si quang n mode c kh nng truyn tt hn si a mode?
Si n mode truyn xa v tt hn si a mode.Trong Single mode, nh sng
i theo gn nh mt ng thng trng vi trc cp, cn trong Multi Mode,
nh sng i theo mt chm tia sng c dng hnh sin ng trc (v th m ta
c th ghp thm nhiu nh sng c cc bc sng khc nhau). Si quang a
mode s gp hin tng tn sc trong si quang gia cc mode truyn dn. y
l yu im chnh ca a mode so vi n mode. Do m tn hiu trong si
quang a mode d b tn x hn, tc truyn km hn v khong cch truyn
gn hn.
Si quang c ch s bc v ch s lp tu theo hnh dng v chit sut ca cc
phn ca li si. Si quang n mode hay a mode ph thuc vo bc sng
ca nh sng truyn trong . Cng mt si quang nhng n c th l si n
mode vi bc sng nay v l si a mode vi bc sng khc. Tuy nhin
trong si quang, ngi ta ch truyn mt s bc sng nht nh. Nhng bc
sng ny gi l cc ca s quang. Ba bc sng l 850nm, 1330nm,
1550nm. Thng th bc sng 850nm t c dng. MM c cc bc sng
chun l: 780, 850 v 1300. Hin nay cc thit b t dng bc sng 780. SM c
cc bc sng: 1310, 1550, 1627. Cc thit b SM dng cng ngh DWM th
cn c th s dng nhiu bc sng khc na. Do khi nim si a mode v
n mode phi gn lin vi bc sng truyn. Khong cch truyn (theo
khuyn co) ca cp a mode l 500m. Khong cch truyn (theo khuyn co)
ca cp n mode l 3000m. Si quang n mode c dng ch yu do ko c
hin tng tn sc gia cc mode l nguyn nhn ch yu gy nhiu si
quang. Si n mode c dng lm mng backbone cn si a mode ch
dng truyn gia cc mng trong vng. Thm na c n mode v a mode
u dng nh sng laser hoc led c, cn s dng ci no l tu vo tng
trng hp c th do nhu cu v yu cu ca mng.
Khi truyn trong si quang, sng nh sng b chi phi bi mt s hin tng
sau:
(*) Suy gim (attenuation): Suy gim trong si quang do hai nguyn nhn
chnh, l hp th ca vt liu v tn x ReyLeng. Hp th vt liu nh hn tn
x ReyLeng nn c th b qua. Tn x ReyLeng do cc thng ging vi sai trong
cu trc vt liu, v gim khi bc sng tng. th tng hp ca cc nguyn
nhn suy gim gip tm ra ba ca s truyn sng s dng rng ri ngy nay
(800nm, 1300nm v 1550nm)
(*) Tn sc (dispersion): Tn sc l hin tng cc thnh phn khc nhau ca
tn hiu cn truyn truyn i vi cc tc khc nhau trong si quang. Tn sc
do gy ra hin tng gin xung nh sng u ra, gy ra nhiu chng ph
v l nguyn nhn chnh dn n hn ch ca khong cch truyn trong si
quang ngy nay. C mt s loi tn sc khc nhau, gm tn sc mode (si
quang a mode mi c), tn sc phn cc v tn sc n sc (gm tn sc vt
liu + tn sc ng dn sng), mi loi c mt nh hng khc nhau n qu
trnh truyn ca tn hiu. Cc loi si quang dch tn sc hn ch c mt
phn vn ny nn c khong cch truyn xa (longhaul).
(*) Cc hiu ng phi tuyn: Khi truyn nhiu mode trong si quang, hin tng
phi tuyn gy ra hin tng sinh ra cc hi t cc mode truyn c bn, dn n
nhiu ti u thu v gim cng sut tn hiu truyn.
Cc hin tng ny c nh hng cng r rt khong cch cng ln, v
khong cch cng khng phi l tham s duy nht. Chng lm nh hng tiu
cc n bin , tn s, cc tham s khc v xung truyn, v do nh hng
n kh nng nhn dng ca u thu. Hn na, cc nh hng ny li khng
ging nhau, v d b khuych i c th dng hn ch vn attenuation,
nhng v hiu vi gin xung, v cc b ti to xung khng th m bo cng
sut ngng ca u thugy ra nhiu kh khn trong khc phc
Trong s cc nh hng th tn sc l nghim trng nht, v trong s cc loi
tn sc th tn sc mode l ng k nht. Hy tng tng hai mode sng li
v ngoi nht. Khong cch v thi gian khi n ch ca chng l yu t
quyt nh n khong cch truyn. Thng thng khong cch ny khng
c vt qu 1/2 chu k xung cn truyn b thu c kh nng hi phc tn
hiu nh c. l l do chnh si n mode truyn tt hn si a mode trn
cc tham s k thut chung. Ngoi ra, cn rt nhiu vn nu mun thc s
nhng suy hao nhiu hn l hn. Dng kiu bm u th mang tnh cht tm
thi, kh kim sot c h thng, nht l h thng mng trc.
V thit b u cui (Switch/Router) th cng n gin thi, bn hc CCNA th
quan tm n Ethernet, Media Converter, nu bn quan tm n vin thng th
quan tm n PDH, SDH, thit b DWM. Ni chung h thng thng tin quang
khng c g phc tp u, n gin n cng ch l Layer 1 thi. Khong cch
1Km th dng Switch 2 u l c, dng c c MM v SM. Khng cn
phi dng Router, dng Switch no c th config c L2 hay L3 th tt m gi
li r. H thng quang khi chy c ri th khng c chuyn chp chn.
Nu dng Cisco th c th dng con 2960 l c ri. Nn dng 2 con 2960
khng c cng GBIC ri dng thm 2 con Media Converter 100Mbps th gi
thnh hp l nht, cn nu khng th dng con 2960 c cng Gbic cng c
nhng khng ti u v gi tin. Khong cch gia 2 thit b u ni bng cp
quang khng quy nh c th l bao nhiu KM. Khong cch gia 2 thit b cn
c vo tnh ton suy hao ton tuyn, cng sut pht, nhy thu v cng sut
d phng ca thit b. Thng thng mi thit b u c khuyn co chy c
ly nht nh, Ch c ly quang ca cc loi module, nu gn qu cn phi gn
thm b suy hao quang trnh lm hng con laser receiver, tuy nhin ch
l tnh tng i thi.
3.3.
Bi 7:
Leased line
Cu hi lin quan n leased line:
1. Cng ty mnh ang xi leased-line 256Kbps, thi gian u th c th
download file v duyt web rt nhanh nhng hin nay rt chm (c th
ni l chm nh dial-up). Mnh cn bit 2 iu l :
- Lm cch no mng internet chy nhanh tr li
- Lm cch no bit c ng leased-line m mnh ang s dng
c phi l 256Kbps khng?
2. DDN l g? Mi cc bn c hiu bit v DDN dnh cht thi gian post
ln cho anh em trong din n nhng kin thc ca mnh v DDN.
3. Cch cu hnh leased line trn thit b ca CISCO khng?
4. Bng thng ca mt ng truyn ( v d leased-line) c phi bng tng
ca tc truyn (bt/s) ca c hai chiu (IN/OUT) cng li khng?
Tr li:
Bn c th dng MRTG kim tra lu lng bng thng vo ra, chng trnh
min ph v h tr kh nhiu phn cng, ch phi ci l ci t hi th cng m
thi nhng dng rt tt. Mrtg download ti mrtg.org kim tra tc . Ngay
lc ny anh c th kim tra thng s Reliability ca cng Serial bng cch anh
dng lnh #show interface Serial X/X ..Nu thng s ny c t l qu thp th
c th ng truyn ch anh khng tt. y l mt thit b kt ni leased
line, ng hn l thit b HDSL Modem.
Thit b u cui bn cn trang b khi u ni leased line ti mng DDN ca Tp
HCM l dng cc NTU. NTU th c rt nhiu loi v d ASM 31 chng hn.
Thit b ny cng c datarate = 128K. Loi Timeplex AD3, IDSL Max
datarate= 128K NTU Timeplex AD3 c datarate =128K, chnhxc hn nu
di 128K th bu in s ch nh khch hng dng thit b theo bu in ch
nh, cn nu > 128K th khch hng dngloi no cng c min l >
128K.Thng tt c cc loi thit b ny c mt u l V.35, cn mt u kia
ni vo ng line cp ng ko t bu in. TimePlex AD3 c cp
trn ngng sn xut v c thay th bng TimePlex SYNCHRONY AD7
v hin ti l AD-10/FR2. Hng cung cp NTU th nhiu lm, vn l bn
c bu in khuyn co s dng loi g tng thch.
DDN l 1 network hon chnh dng cung cp cc dch v v data. Hin ti
mng DDN s dng cng ngh ghp knh TDM (TDM-based). Trong tng lai
c l s chuyn dn sang cc cng ngh mi nh DPT/RPR hoc chuyn sang
ATM-based, IP-based. Mng DDN l mt tp hp cc access node (s dng cc
b mini MUX, DACS ) dng mng truyn dn ni tnh hin c kt ni cc
access node li vi nhau (ci nh ngha ny khng chc lm . Theo em th
DDN (Digital Data Network) l mt h thng mng ch da trn truyn dn cp
Bi 9:
5. Sau khi khi ng li, router sau khi np xong IOS, s b qua khng np cu
hnh t NVRAM chy na m i vo mode setup, cho php ta s dng mt
cu hnh trng chy.
6. Tip theo, copy file startup-config vo thnh file running-config. Sau khi
copy file startup-config vo, ta c th thay i chnh sa li mt khu c nm
trn file ny.
Bi 10:
Clockrate vs bandwidth.
Tng kt cc tho lun c a ra v bandwidth v clockrate
Cc cu hi xung quanh vn ny:
-Cu lnh clock rate to xung nhp, vy nu chng ta g clockrate cng ln th
tc truyn d liu gia DCE v DTE cng cao phi khng?
-Cn cu lnh Bandwidth khi g vo mt interface no th c tc dng g?
- Cp xung Clockrate l dng ng b 2 u (1 l DCE trn thc t l nh
cung cp dch v, 1 l DTE- l ngi s dng), nhng ng b lm g? Cn
tc ng truyn l ph thuc vo Bandwidth, BW cng cao th tc
ng truyn nhanh v ngc li. Clockrate nh hng n ng truyn? Nu
ni nh bn th 1 ng c BW=256 vi Clockrate = 9600 v 1 ng c BW
= 64 vi Clockrate = 128000 th ng no s nhanh hn.
Mt s kin tr li:
- Lnh bandwidth thc cht l to mt tham s u vo tnh ra composite
metric (ca IGRP). khi bandwidth cng ln th metric tnh ra cng nh( nh
vy con ng s c tin cy cao hn, v s c u tin so vi cc con
ng khc n cng mng ch router chn update vo bng nh tuyn).
Lnh ny khng c tc dng lm tng tc truyn gia DCE v DTE.
Bi 11:
AAA
1.1.Gii thiu tng quan AAA
1.1.1.Vic s dng AAA trong v bo mt v iu khin truy cp m
rng mng
Cc nh qun tr mng ngy nay phi iu khin vic truy cp cng nh gim
st thng tin m ngi dng u cui ang thao tc. Nhng vic lm c th
a n thnh cng hay tht bi ca cng ty. Vi tng , AAA l cch
thc tt nht gim st nhng g m ngi dng u cui c th lm trn
u tin
7
6
5
4
3
2
1
Ch ethernet
100Base-t2 (full duplex)
100Base-TX (full duplex)
100BASE-t2 (half duplex)
100Base-T4
100Base-TX
10base-T (full duplex)
10Base-T
Bi 13:
Collision domain
Min ng v b m chuyn mch:
Mt min ng (Collision domain) l mt tp hp cc thit b c th gi cc
khung tin m cc khung tin ny c th b ng vi cc khung tin ca mt
thit b khc. Trc khi switch c pht minh, Ethernet thng dng hub hoc
cc on cp dng chung nh 10Base2 v 10Base5. Switch trong cng ngh
Ethernet gip gim kh nng ng thng qua qu trnh lu cc khung tin
trong b m v c ch hot ng lp 2 ca n.
Theo nh ngha, Hub trong cng ngh Ethernet s bao gm cc c im sau:
- Hot ng ch lp 1 ca m hnh tham chiu OSI.
- Khuych i, ti to tn hiu in nng chiu di ng truyn.
Route poisoning
Poison reverse
M t
Thay v qung b tt c cc route ra mt interface, RIP
khng qung b nhng route m router hc c t
interface ny.
Router s gi mt update mi ngay khi thng tin nh
tuyn b thay i, thay v phi ch ht thi gian update
time. Trigger update cn c tn gi khc l flash update.
Khi mt gi tr metric thay i tt hn hoc km hn,
router ngay lp tc s gi ra mt thng ip cp nht m
khng cn ch cho khong thi gian update timers b ht.
Qu trnh ti hi t din ra nhanh hn so vi trng hp
phi ch nhng khong thi gian cp nht nh k. Cc
thng ip cp nht nh k vn din ra cng vi cc thng
ip trigger update. Nh vy mt router c th nhn mt
thng tin km v mt route t mt router cha hi t sau
khi nhn mt thng tin chnh xc t mt trigger update.
Tnh hung ny xy ra v cc li nh tuyn vn c th xy
ra trong qu trnh ti hi t.
Mt s hiu chnh xa hn na l trong thng ip cp nht,
ch bao gm cc a ch mng lm cho vic trigger xy ra.
K thut ny lm gim thi gian x l v gim nh hng
n bng thng.
khi route b li, router s gi update v route i vi
infinity-metric (hop count = 16).
Router nhn c qung b v mt poisoned route (metric
16) trn mt interface, router s hi p li thng ip
Update timer
Holddown timer
Invalid timer
Flush (Garbage)
timer
Bi 15:
Bi 16:
Sau khi nhn c thng ip trng thi LMI l LMI PVC Up, router s loan
bo a ch IP ca n ra mch lin kt o (VC Virtual Circuit) tng ng
thng qua thng ip InARP (nh ngha trong RFC1293). Nh vy, mt khi
LMI khng c thc thi th InARP cng khng hot ng bi v khng c
thng ip no ni cho router bit gi thng ip InARP.
Trong mng Frame Relay, nhng cu hnh chi tit c chon la vi mc ch
trnh mt s tnh trng khng mong mun, nhng tnh trng ny s c m t
chi tit trong nhng trang k tip ca chng ny. V d khi s dng point-topoint subinterface, vi mi VC thuc mt subnet ring, tt c nhng vn gp
phi trong cu hnh ny s c m t r rng c th phng trnh.
Bn thn giao thc InARP tng i n gin. Tuy nhin, khi trin khai InARP
trn nhng m hnh mng khc nhau, da trn nhng kiu cng khc nhau
(cng vt l, cng point-to-point subinterface v multipoint subinterface) th
cch thc hot ng ca InARP s tr nn phc tp hn rt nhiu.
Sau y l mt v d v h thng mng Frame Relay c thit k theo m
hnh mng li khng y (partial mesh) trn cng mt subnet trong khi
mi router s dng mt kiu cng khc nhau.
Router1# sh run
! Lines omitted for brevity
interface Serial0/0
encapsulation frame-relay
interface Serial0/0.11 multipoint
ip address 172.31.134.1 255.255.255.0
frame-relay interface-dlci 300
frame-relay interface-dlci 400
! Lines omitted for brevity
K tip, cng serial c tt v bt v cc hng trong InARP trc b xa v
vy ta c th quan st tin trnh InARP.
Router1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)# int s 0/0
Router1(config-if)# do clear frame-relay inarp
Router1(config-if)# shut
Router1(config-if)# no shut
Router1(config-if)# ^Z
Cc thng ip t lnh debug frame-relay event hin th cc thng ip nhn
c InARP trn R1. Ch cc gi tr hex 0xAC1F8603 v 0xAC1F8604, vi
cc gi tr thp phn tng ng l 172.31.134.3 and 172.31.134.4 (tng ng
vi Router3 v Router4).
Chc nng
Gi ra cc thng tin qung b
VTP
X l cc thng tin VTP nhn
c cp nht cu hnh vlan
Trung chuyn cc thng tin
qung b ca VTP
Lu thng tin vlan trong
NVRAM hay vlan.dat
C th to, thay i v xa vlan
dng cc lnh cu hnh
Server mode
Yes
Client
No
Transparent
No
Yes
Yes
No
Yes
Yes
Yes
Yes
No
Yes
Yes
No
Yes
Bi 19:
S cp
1
4
Chiu di
25m
100m
Trong mng campus, bn c th dng Gigabit Ethernet trong switch block, core
block v server block. Trong switch block, GE c th dng kt ni access
layer switch ln distribution switch. Trong core block, GE dng kt ni
distribution ln core switch v kt ni cc thit b core vi nhau. Trong server
block, GE c th cung cp cc kt ni tc cao n tng server ring l.
Trn Cisco switch, cc cng Gigabit lun c thit lp ch fullduplex.
Do qu trnh t ng bt tay duplex mode l khng th.
Cc switch Catalyst chun ha cc giao tip GBIC v SFP. GBIC v SFP
cho php cc loi cp khc nhau c th kt ni. Cc module giao tip l
hotswappable v c kh nng cm vo switch h tr loi media khc. Cc
giao tip GBIC c th dng giao tip cp quang SC v RJ45, SFP c th dng
LC v MT-RJ fiber optic. GBIC v SFP c h tr trn nhng cng Gigabit
Ethernet sau:
1000BaseSX dng SC connector v cp quang multimode MMF cho khong
cch ln n 550m.
1000BaseLX/LH dng SC connector v c th dng vi cp quang MMF n
550m cn SMF vi khong cch ln n 10km.
1000BaseZX dng SC connector v SMF, c khong cch ln n 70km thm
ch n 100km vi loi cp quang tt.
10Gbase-LR/LW
(1310 nm serial)
10Gbase-ER/EW
(1550 nm serial)
10GBAse-
Fiber media
MMF 50 micron
Catalyst 6500
SMF 9 micron
40 km
Catalyst 6500
MMF 50 micron
300m
N/A
LX4/LW4 (1310
nm WWDM)
MMF 62.5 micron 300m
SMF 9 micron
10 km
N/A
----------------------------------------------Bi 20:
Ethernet 10Mbps
Ethernet l mt cng ngh LAN da trn chun IEEE 802.3. Ethernet cung cp
bng thng 10Mbps gia cc ngi dng cui. dng n gin nht, Ethernet
s dng mt thit b chia s bng thng (hub). Thit b ny b xem nh l mt
collision domain v broadcast domain. Khi s lng ngi dng tng ln, kh
nng mt ngi dng truyn d liu mt thi im cng tng ln. Nu c mt
ngi dng khc cng c gng truyn d liu, xung t (collision) s xy ra.
Ni cch khc, c hai ngi dng khng th truyn d liu cng mt thi
im nu c hai cng dng chung mt hub. Ethernet hot ng da trn cng
ngh CSMA/CD. Theo , khng c ng xy ra, mt my truyn phi lui
v mt khong thi gian ngu nhin. Switched Ethernet gii quyt vn ny
bng cch cp mt phn bng thng 10Mbps n tng port. Lc ny, collision
t xy ra v collision domain s gim. Do , cc my trm khng cn phi ch
n lt truyn. Thay vo , cc my trm c th hot ng ch
fullduplex: truyn v nhn ng thi. Ch fullduplex s tng hiu nng ca
h thng mng, cung cp mt thng lng 20Mbps.
Mt mi quan tm khc khi ni v mng Ethernet 10-Mbps l vn cp.
Ethernet thng dng cp UTP, c gii hn khong cch 100m. Trong mng
campus, Ethernet thng c dng lp access, gia cc thit b ca ngi
dng cui. Ethernet 10Mbps khng c dng lp distribution hay lp core.
Fast Ethernet
Fast Ethernet hot ng tc 100Mbps v c c t trong IEEE802.3u.
Cc nguyn tc CSMA/CD, vn cp v cc giao thc lp cao hn u c
duy tr ging nh trong Ethernet. Mng campus thng dng FE cc switch
lp access hoc distribution nu nh khng c sn cc kt ni tc cao hn.
Cp c dng cho FastEthernet thng l UTP hoc cp quang.
Cng ngh
100Base-TX
100Base-T2
100BaseT4
100Base FX
Kiu cp
S cp
EIA/TIA cat 5 UTP
2
EIA/TIA Cat 3 4 5 UTP
2
EIA/TIA Cat 3 4 5 UTP
4
Cp quang a mode MMF: 62.5 4
Chiu di cp
100m
100m
100m
100m
10k
Ch full-duplex:
Cng ging nh trong Ethernet, ci tin performance ta c th dng ch
fullduplex. FE c th cung cp tc truyn ln n 100Mbps trong mi chiu
truyn, dn n kt qu 200Mbps throughput. Thng lng ti a 200Mbps ny
ch t c khi mt thit b (trm lm vic, server, routers hay mt switch
khc) kt ni trc tip n mt switchport. Ni cch khc, cc thit b u cui
ca mt kt ni phi h tr fullduplex, c kh nng truyn m khng phi ch
pht hin v khi phc khi xung t.
c t ca FastEthernet cng cho php tng thch ngc vi 10Mbps Ethernet
truyn thng. Trong trng hp 100BaseTX, cc switchport thng c gi l
10/100 ch ra tc dualspeed. Khi ny, hai thit b hai u kt ni s t
ng d tm tc sao cho c hai c th hot ng tc cao nht. Qu trnh
d tm ny bao gm vic pht hin v chn la cng ngh lp vt l, tm ch
halfduplex hay fullduplex. Nu c hai u ca kt ni c cu hnh theo
kiu autonegotiate, tc chung cao nht gia hai thit b s c dng.
Trong qu trnh bt tay d tm ch duplex ca mt kt ni, mt s thng tin
s c trao i qua li gia hai thit b. iu ny c ngha l, cho qu trnh
d tm t ng l thnh cng, c hai u phi c thit lp ch
autonegotiate. Nu khc i (ngha l ch c mt u thit lp autonegotiate),
mt u ca kt ni s khng nhn c thng tin t u kia v s khng c
kh nng xc nh ch chnh xc ang c dng. Nu qu trnh
autonegotiation l tht bi, mt switchport s tr v ch t ng ca n l
halfduplex.
Cn ch v vn duplex mismatch khi c hai u ca kt ni u khng cu
hnh cho autonegotiation. Khi c mismatch xy ra, mt u ca kt ni s dng
full-duplex trong khi u xa dng halfduplex. Kt qu l my trm ang hot
ng ch half-duplex s lun pht hin ra collision khi c hai u mun
truyn. My trm ang chy full-duplex s gi s l n c quyn truyn bt
k thi im no. My trm ny s khng dng li v ch. Tnh trng ny dn
n li trn kt ni v tc p ng rt chm gia cc my.
Qu trnh bt tay s dng bng cc u tin di y. Khi c hai u kt ni
c th bt tay nhau nhiu tc , tc no c u tin cao nht s c
dng. V d, nu c hai thit b c th chy mc 6 (100BbaseTX fullduplex)
v mc 2 (10base2full), mc 6 s c dng.
u tin
7
6
5
4
3
2
1
Ch ethernet
100Base-t2 (full duplex)
100Base-TX (full duplex)
100BASE-t2 (half duplex)
100Base-T4
100Base-TX
10base-T (full duplex)
10Base-T
Bi 22:
router(config-line)#password newpassword
router(config)#line vty 0 4
router(config-line)#login
router(config-line)#password newpassword
9. #copy run start
10. Khi phc gi tr thanh ghi v 0x2102
router#config term
router(config)#config-register 0x2102
router(config)#exit
router#copy running-config startup-config
11. Kim tra ni dung thanh ghi
router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-DO3S-M), Version 12.0(5)T1, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 17-Aug-99 13:18 by cmong
Image text-base: 0x80008088, data-base: 0x80CB67B0
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
1 FastEthernet/IEEE 802.3 interface(s)
2 Low-speed serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2142 (will be 0x2102 at next reload)
II. Cisco 2500 Series Routers:
1. Thit lp HyperTerminal (Private Edition 5.0 or higher) console .
2. Tt routers, sau bt li. Nhn CTRL-BREAK trong vng 60 giy.
Abort at 0x10EA884 (PC)
>
3. i ni dung thanh ghi thnh 0x2142
>o/r 0x2142 (lower case of the letter O for o/r and zero for 0x2142)
4. Reboot router
>i
5. Nhn Ctrl-C vo user mode khi router khi ng li
router>
6. Vo enable mode
router>enable
router#copy startup-config running-config
7. Thc hin cc lnh show running-config or show startup-config
router#show startup-config
8.
router#config term
router(config)#enable secret newpassword
router(config)#enable password newpassword
router(config)#line con 0
router(config-line)#login
router(config-line)#password newpassword
router(config)#line aux 0
router(config-line)#login
router(config-line)#password newpassword
router(config)#line vty 0 4
router(config-line)#login
router(config-line)#password newpassword
9. Copying the startup-configuration to running-configuration. Thc hin lnh
no shutdown trn tt c cc interface c dng.
10. Chuyn ni dung thanh ghi v gi tr ban u. Lu cu hnh
router#config term
router(config)#config-register 0x2102
router#copy running-config startup-config
11. Kim tra thanh ghi c gi tr l 2102 bng lnh show version
router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-D-L), Version 12.0(4), RELEASE
SOFTWARE
(fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
2. Hi t (covergence):
Qu trnh tnh ton bng routing-table trn cc router sao cho tt c cc
bng c chung mt trng thi nht qun.
3. chia ti (load balancing):
Cho php vic truyn packet n mt network ch din ra trn hai hoc
nhiu ng i khc nhau.
4. Metric:
tt c cc routing protocols dng metric nh lng ng i nhm
tm ra ng i tt nht. Mt vi protocol dng metric rt n gin, v
d nh RIP dng hop-count. EIGRP dng metric phc tp hn, bao gm
bng thng, delay, reliabiliity...
5. Passive interface:
Ngn nga cc routing update gi ra mt interface no . Tuy nhin,
interface ny vn c th lng nghe cc routing update do cc router khc
gi v. Lnh ny c dng trong router mode.
6. Redistribution:
Qu trnh chia x route c hc t cc ngun khc nhau. V d bn c
th redistribute route c hc t RIP vo OSPF (trong trng hp ny
bn c th gp vn vi VLSM). Hoc bn c th redistribute static
route vo EIGRP. Qu trinh redistribution ny phn ln phi cu hnh
bng tay ( manually)
7. Route flapping:
Trng thi thay i thng xuyn ca route. Qu trnh ny c th gy ra
nhng vn nghim trng. V d nh nhng h thng mng chy ospf
c th phi lin tc tnh ton li database v broadcast nhng thay i
ny.
8. Static route:
static route c th ch n mt host, mt network. Bn cng c th dng
floating static route, trong route ny c thay i gi tr AD cao hn
gi tr ca cc routing protocol ang dng.
9. AD: l mt i lng ch s tin cy ca cc routing protocol.
Bi 24:
So snh chc nng Routing v Switching trong Router
Phn ny so snh vai tr ca routing v switching v lm th no kt hp hai
chc nng ny chuyn gi tin i trn mng. Cisco phn bit rt r s khc
nhau gia cc chc nng ny ca mt router. S khc nhau tht ra kh n
gin. di chuyn mt gi tin bn trong mt router t mt cng giao tip ny
n mt cng giao tip kia, ng i v ch phi c xc nh v sau gi
tin ny s c gi ra interface hng ra. Qu trnh tm ng l chc nng
ca routing trong khi qu trnh gi mt gi tin i ra interface l chc nng
ca switching.
Chc nng routing
Chc nng routing chu trch nhim hc cc hnh dng logic ca mng v
sau ra quyt nh da trn kin thc . Cc quyt nh c thc hin bi
router s xc nh khi no th mt gi tin i vo c th c route v nu nh
vy, s c route nh th no. Khi mt gi tin c nhn, qu trnh nh
tuyn s tri qua vi bc. Cc bc ny c th tm tt trong cc cu hi nh
sau:
- Giao thc routed v giao thc routing cho gi tin (thuc v giao thc ) c
c ci t trn router hay khng?
- Nu c ci t, c mt ng i no cho mt h thng mng xa tn ti trong
bng nh tuyn hay khng?
- Nu mng ch l khng c trong bng nh tuyn, c tuyn ng mc nh
no c cu hnh hay khng?
- Nu c mt tuyn ng mc nh tnh hoc ng, a ch ch c n c
khng?
- ng i tt nht v mt mng no l nh th no?
- C nhiu ng i c chi ph bng nhau hay khng?
- Nu c nhiu ng i c chi ph bng nhau, interface no s c dng
y gi i ra.
Chc nng Switching
Chc nng switch lin quan n vic di chuyn d liu trn mt router. Chc
nng ny s chu trch nhim chuyn gi tin. Switching ch c thc hin sau
khi nhng quyt nh v routing c thc hin. Mc d router ra quyt
nh, vn cn mt vi quyt nh phi thc hin bng phn cng. Chc nng
switching ny thc hin nhng vic sau:
1. Kim tra frame u vo xem c hp l
2. Kim tra c phi frame ny c a ch ch l a ch L2 ca router hay
khng
3. Kim tra kch thc frame c hp l hay khng?
4. Kim tra phn CRC ca frame
5. G b phn mo u v phn cui ca frame. Sau kim tra a ch ch
vi cc thng tin trong cache
6. To ra cc header v trailer mi v a ra cng ra ca router
Mi quan h gia routing v switching trong Cisco Router
Mt gi tin s c router chp nhn nu cu trc frame ca n cha a ch L2
ca mt trong nhng cng ca router. Nu cu hnh a ch l ng, sau khi
frame c kim tra, frame v ni dung ca frame c a vo b m. B
m c cha trong b nh hoc trong mt vi phn cng c bit ca router.
Nu a ch ngn v a ch ch L3 ca gi tin khng nhn thy bi router
trc , gi tin s c process switch hoc routed. Hnh ng ny bao gm
- Khi mt gi phi c chuyn i, mt qu trnh tm kim trong bng nh
tuyn s c kch hot v router s quyt nh s chuyn gi tin i nh th
no.
- Gi tin sau s c ng gi vi giao thc L2 ph hp.
- Nu c ch fast-switching c dng, gi tin s c kim tra li mt ln
na. Mt tuyn s c a vo cache. Mt entry trong cache s bao gm: IP
Prefix, cng i ra ca router, phn header lp 2 c dng chuyn gi tin i
Cc gi tin theo sau trong cng lung d liu, nu phn a ch ch l so
trng trong route-cache, gi tin s c chuyn i dng thng tin trong cache.
Chc nng routing lc ny khng b nh hng. Kiu cache c dng ph
thuc vo kiu phn cng c dng. Cc kiu switching l fast switching,
autonomous switching, silicon switching v CEF.
------------------------------------------Bi 25:
TCP: qu trnh thit lp kt ni v hy kt ni
Cc kt ni TCP v cc cng
Hai ng dng dng TCP phi thit lp mt kt ni TCP trc khi d liu c th
c truyn. Mi kt ni s tn ti gia mt cp TCP sockets vi socket c
nh ngha nh l mt kt hp ca a ch IP, cng c dng, giao thc lp
transport. Qu trnh thit lp kt ni, khi to socket bao gm gi tr cng
ngun v cng ch, ch s tun t v ACK. Hnh 6-2 m t tin trnh bt tay ba
ln trong thit lp TCP v qu trnh hy mt kt ni TCP.
Trong qu trnh thit lp kt ni, hai host s chn la cng, chn la ch s tun
t sequence-number v dng cc ch s ca TCP nhn ra thng ip trong
qu trnh bt tay ba chiu. u tin, i vi vn cng, bn server phi lng
nghe cc yu cu kt ni t client, trong trng hp ny l cng 80. Pha client
s chn mt cng cha dng lm source port, thng l gi tr 1024 hoc ln
hn. Lu rng khi so snh cc segment trong tin trnh trn, gi tr port l
khng i.
Trong phn header ca TCP c bao gm vi trng c gi tr 1-bit, gi l cc
c. Cc c ny phc v cho cc mc ch khc nhau. Cc c SYN v ACK s
ch ra mt segment c phi l segment u tin hay l th hai trong mt kt ni
TCP mi. Mt segment c c SYN s l segment u tin trong mt kt ni
TCP. Mt segment c c SYN v ACK s l segment th hai trong mt kt ni.
Cc c ny cho php cc host d dng nhn ra cc yu cu kt ni mi. Ch s
ban u c th c gn v bt k gi tr hp l no v thng khng c gn
v 0. Hy nh rng trong qu trnh khi phc li, vic s dng cc gi tr ny l
c lp trong c hai chiu.
Qu trnh khi phc li
thc hin qu trnh khi phc li, TCP s gi cc cng nhn ACK khi nhn
c d liu. Khi d liu gi i khng c ACK, bn gi c th gi li d
liu. Hnh di y m t tin trnh mt web server gi ra 1000-bytes trong
khi segment th hai b mt, d liu s c khi phc li.
Ly li thng tin khc nhau v mng: miu t, danh sch a ch, netmask
Truy vn v thit lp cc thng s cho mt card iu hp
Source code packet.dll. (nm trong th mc packet)
Wpcap:
cung cp mt tp cc chc nng bt gi mc cao m n tng thch vi libpcap
(dng trn linux), m n hot ng c lp vi phn cng mng v h iu
hnh. Source wpcap.dll (nm trong th mc wincap)
NPF (netgroup packet filter) device driver: m ngun nm trong th mc driver
dnh cho h iu hnh NT
Hot ng quan trng nht ca NPF l capture gi. B iu khin pht hin gi
trn NIC v phn phi chng nguyn vn n ng dng ngi dng.
-------------------------------------------Bi 28:
cng vi khong thi gian gia cc frame DIFS trc khi c gng truyn li
mt ln na.
------------------------------------Bi 30:
Cc khi WLAN trong mng campus
mc c bn nht, h tng ca mng khng dy khng c mt t chc nht
qun nu so snh vi mng c dy. V d, mt my PC vi mt card wireless
c th s bt kt ni khng dy ca n mi lc mi ni. Mt iu t nhin l,
PC c th truyn v nhn d liu, mt vi hot ng phi din ra.
Trong cc thut ng ca 802.11, mt nhm cc thit b mng khng dy bt k
c gi l mt tp hp cc dch v (service set). Cc thit thit b khng dy
phi c cng tn tp hp dch v (service set identified SSID). y l mt
chui c cha trong mi frame c gi ra. Nu SSID gia thit b gi v
thit b nhn l ging nhau, hai thit b c th giao tip vi nhau.
Chun 802.11 cho php hai hoc nhiu cc thit b khng dy giao tip trc
tip vi nhau m khng cn thm bt k phng tin hay thit b no khc. M
hnh mng ny c gi l m hnh mng ad-hoc, hoc cn gi l tp hp cc
dch v c bn c lp (Independent Basic Service Set IBSS). M hnh c
m t trong hnh v bn di:
Hot ng ca AP
Chc nng c bn ca mt AP l lm cu ni (bridge) cho nhng d liu mng
khng dy t khng kh (mi trng sng v tuyn) vo mng c dy bnh
thng. Mt AP c th chp nhn nhng kt ni t mt s cc my trm khng
dy sao cho n c th tr thnh cc thnh vin bnh thng ca mt mng LAN
dng dy.
Mt AP cng c th hot ng nh mt cu ni (bridge) hnh thnh mt kt
ni khng dy gia mt mng LAN ny v mt mng LAN khc trn mt
khong cch xa. Trong tnh hung , mi u ca kt ni khng dy cn
mt access point. Kiu kt ni ny gi l AP-to-AP hoc kt ni line-of-sight,
thng c dng kt ni gia cc ta nh.
Cisco cng pht trin mt loi AP c th lm cu ni cho cc loi lu lng
trong mng khng dy t AP ny sang AP kia, theo kiu mt chui cc cu ni.
Trong phn bn tri ca s trn minh ha cho tnh hung ta mun m rng
vlan 10 ra mt AP, dng mt cng ca switch ch access. AP sau s
nh x vlan 10 sang mng wireless dng SSID l marketing. Cc ngi dng
kt hp vi SSID marketting s c cc my khc xem nh ang kt ni
vo vlan 10.
Khi nim ny c th c m rng nhiu vlan c nh x vo nhiu
SSID. lm c iu ny, AP phi kt ni n switch thng qua kt ni
trunk trong mang nhiu vlan. Trong phn bn phi ca hnh trn, vlan 10 v
vlan 20 u c trunk n AP. AP dng 802.1q rng buc vlan vi SSID.
V d, vlan 10 c nh x n SSID marketing trong khi vlan 20 th nh x
n SSID Engineering.
Kt qu l, khi mt AP dng nhiu SSID, n s mang nhiu vlan thng qua
sng v tuyn n ngi dng cui. Ngi dng cui phi chn SSID ph hp
c nh x vo vlan tng ng.
---------------------------------------------Bi 32:
Thay vo , hy xem xt vic gim kch thc ca cell (bng cch gim cng
sut pht) sao cho ch c nhng my trm trong khong cch gn c th kt
ni v dng bng thng. Lc ny, AP cng c th gip kim sot s lng my
trm ang kt ni mt thi im bt k no . iu ny tr nn quan trng
cho cc ng dng i hi bng thng cao hay thi gian p ng thp nh voice,
video hay cc phn mm y t.
Khi kch thc ca cell l gim nh, n c gi l microcells. Khi nim ny
c th c m rng trong nhng mi trng cn kim sot cao nh cc sn
chng khon. Trong nhng trng hp ny, cng sut pht ca AP v kch
thc cell c gim thiu, lc ny cc cell c gi l picocell.
--------------------------------------Bi 33:
Mt s phng thc cp nht bng nh tuyn
S dng mt giao thc nh tuyn l cch d dng nht to v duy tr mt
bng nh tuyn. Tuy nhin y khng phi l cch duy nht hoc cch hiu
qu nht thng bo cho router bit v nhng mng hin c trong mt AS.
Nu mt router c rt t ti nguyn, mt cch hiu qu l nh ngha mt ng
i mc nh n mt router c thng tin v cc mng khc. Do ngoi
cch dng cc giao thc nh tuyn, cn c nhng cch khc cp nht.
Dng nh tuyn tnh (Static Routes)
Cu hnh bng nh tuyn tnh c ngha l thm vo cc tuyn ng tnh vo
trong bng nh tuyn. Thun li ca cch dng nh tuyn tnh l gip tit
kim ti nguyn mng. Nhc im ca cch dng ny l ngi qun tr phi
chu trch nhim cp nht cho tng dng nh tuyn ti mi router nu c mt
thay i trong mng. Theo nh ngha, cc tuyn ng tnh khng th t iu
chnh ng mi khi c thay i xy ra. Do cc mng s khng hi t cho
n khi no cc router c cu hnh. C mt vi tnh hung cn phi dng
nh tuyn tnh:
- Cc ng truyn c bng thng thp.
- Ngi qun tr mng cn kim sot cc kt ni.
- Kt ni dng nh tuyn tnh l d phng cho ng kt ni dng cc giao
thc ng.
- Ch c mt ng duy nht i ra mng bn ngoi. Tnh hung ny gi l
mng stub.
- Router c rt t ti nguyn v khng th chy mt giao thc nh tuyn ng.
- Ngi qun tr mng cn kim sot bng nh tuyn v cho php cc giao
thc nh tuyn classful v classless.
Bi 34:
Bo mt (Security)
Vi cc kt ni trc tip thng qua cc khng gian a ch rng ln, vn bo
mt l mt chn la nhiu thc t cho IPv6. Bi v nhu cu dng firewall v
cc qu trnh NAT gia cc thit b u cui l gim, cc gii php v bo mt
c th c thc hin bng cch m ha gia cc h thng. Mc d IPSec
sn c trong IPv4, n tr thnh mt thnh phn trong IPv6. Vic s dng cc
thnh phn m rng cho php mt giao thc cung cp gii php end-to-end.
Tnh c ng
a ch IPv6 c thit k vi tnh c ng c tch hp vo trong Mobile IP.
Mobile IP cho php cc h thng u cui thay i v tr m khng mt cc kt
ni. c im ny rt cn thit cho nhng sn phm wireless chng hn nh IP
phone v cc h thng GPS trong xe hi. nh dng phn header cho php cc
thit b u cui thay I a ch IP bng cch dng mt a ch gc nh l
ngun ca gi tin. a ch gc ny l n inh, cho php cc a ch duy tr tnh
c ng.
Bi 35:
Bo mt lp 2
Ti liu Cisco SAFE Blueprint (c a ch http://www.cisco.com/go/safe)
ngh mt s gii php sau cho bo mt switch. Trong phn ln cc trng hp,
vic khuyn co ph thuc vo mt trong ba c im sau trn cc cng ca
switch.
Cc port khng c dng ca switch: L cc port khng kt ni n bt k
thit b no. V d nh cc switchport c th c gn cp sn vo cc mng
trn tng.
Cc port ca ngi dng: L cc port gn vo cc thit b u cui ca end-user
hoc bt c port no c gn cp dn n mt vi khu vc khng c bo v.
Cc port tin cy hay cc port trunks: L cc port kt ni n nhng thit b tin
cy, chng hn nh cc switch khc hoc cc switch t trong cc khu vc c
bo mt vt l tt.
Danh sch di y tm tt cc khuyn co p dng cho cc cng ang dng
v cha c dng ca switch. Cc im chung ca nhng kiu port ny l mt
ngi dng c th truy cp c n switch sau khi h i vo bn trong to
nh m khng cn i vo wiring closet hay data center.
* Tt cc giao thc cn thit nh CDP hay DTP.
* Tt cc giao thc trunking bng cch cu hnh cc port ny nh l access
port.
* Bt tnh nng BPDU Guard v root Guard ngn nga cc kiu tn cng
STP v gi mt s mng STP n nh.
* Dng cc tnh nng nh Dynamic ARP Inspection (DAI) hoc private VLAN
ngn nga frame sniffing.
* Bt tnh nng port security giI hn s a ch MAC cho php v cho
php nhng MAC c th no .
* Dng xc thc 802.1X.
* Dng DHCP snooping v IP source Guard ngn nga DHCP DOS v kiu
tn cng man-in-the-midle.
Port Security
Tnh nng switchport port security gim st mt cng ca switch giI hn s
a ch MAC kt hp vi port trong bng switching L2. Tnh nng ny cng
p t gii hn s a ch MAC bng cch ch cho vi a ch MAC c th dng
trn cng .
hin thc tnh nng port security, switch s thm vo vi bc trong tin
trnh x l bnh thng ca cc frame i vo. Thay v t ng thm vo bng
MAC a ch MAC ngun v s cng, switch xem xt cu hnh port security v
s quyt nh n c cho php a ch khng. Bng cch ngn nga cc a
ch MAC khi vic thm vo switch, port security c th ngn nga khng y
frame v cc a ch MAC trn mt cng.
Tnh nng port security h tr nhng c im ch cht sau:
Gii hn s a ch MAC c th kt hp vi mt cng ca switch.
Gii hn a ch MAC tht kt hp vi cng, da trn ba phng thc sau:
Cu hnh tnh a ch MAC.
Hc ng a ch MAC, s a ch MAC c th ln n gi tr nh ngha ti a,
trong cc hng trong bng nh tuyn s b mt khi reload.
Hc ng cc a ch MAC nhng cc a ch ny s c lu trong cu hnh
(cn c gi l sticky).
Chc nng port security bo v vi kiu tn cng. Khi mt bng CAM in
thng tin mi vo, cc thng tin c s b xa ra. Khi mt switch nhn c mt
frame i v a ch MAC ch khng cn trong bng CAM, switch s pht tn
frame ra tt c cc cng. Mt k tn cng c th lm cho cc switch in li
thng tin trong bng CAM bng cch gi ra rt nhiu frame, mi frame c mt
a ch MAC ngun khc nhau, lm cho switch xa cc thnh phn trong bng
CAM cho hu ht cc host hp l. Kt qu l, switch s pht tn cc frame hp
l bi v a ch MAC ch khng cn trong bng CAM, lm cho my tn cng
thy tt c cc frame.
-----------------------------------------------------Bi 36:
Bc 3:
Nu router c cu hnh IP classless ( mc nh IOS t 11.3 tr i, cc
router c chc nng ny) router thc hin so snh li mt ln na a ch
172.16.4.1 vi level 1 route v thy level 1 parent route 172.0.0.0 /8 ph hp
vi 8 bits u ca a ch do router s chuyn gi tin ti IP next-hop
192.168.2.3
Nu router khng cu hnh IP classless ( command: R(config) # no ip
classless) th gi tin ny s b hy cho d router c cu hnh default route ti IP
next-hop 192.168.2.3
Ch : Nu router c cu hnh no ip classless defaul route ch c
s dng khi khng c bt k mt level 1 ultimate route v level 1 parent
route no ph hp.
------------------------------------------Bi 38:
TNG QUAN V IP VERSION 6
IGII THIU CHUNG
IIH thng a ch IPv4 hin nay khng c s thay i v c bn k t RFC 791
pht hnh 1981. Qua thi gian s dng cho n nay pht sinh cc yu t
nh:
- S pht trin mnh m ca h thng Internet dn n s cn kit v a
ch Ipv4
- Nhu cu v phng thc cu hnh mt cch n gin
- Nhu cu v Security IP-Level
- Nhu cu h tr v thng tin vn chuyn d liu thi gian thc (Real time
Delivery of Data) cn gi l Quality of Service (QoS)
-
Da trn cc nhc im bc l k trn, h thng IPv6 hay cn gi l IPng
(Next Generation : th h k tip) c xy dng vi cc im chnh nh sau :
1- inh dng phn Header ca cc gi tin theo dng mi
Cc gi tin s dng Ipv6 (Ipv6 Packet) c cu trc phn Header thay i nhm
tng cng tnh hiu qu s dng thng qua vic di cc vng (field) thng tin
khng cn thit (non-essensial) v ty chn (Optional) vo vng m rng
(Extension Header Field)
2- Cung cp khng gian a ch rng ln hn
3- Cung cp gii php nh tuyn (Routing) v nh v a ch (Addressing)
hiu qu hn
IPv6
Source and destination addresses are 128 bits
(16 bytes) in length. For more information, see
IPv6 Addressing.
IPsec support is required. For more
information, see IPv6 Header.
Packet flow identification for QoS handling by
routers is included in the IPv6 header using the
Flow Label field. For more information, see
IPv6 Header.
Fragmentation is not done by routers, only by
the sending host. For more information, see
IPv6 Header.
Header does not include a checksum. For more
information, see IPv6 Header.
All optional data is moved to IPv6 extension
headers. For more information, see IPv6
Header.
ARP Request frames are replaced with
multicast Neighbor Solicitation messages. For
more information, see Neighbor Discovery.
IGMP is replaced with Multicast Listener
Discovery (MLD) messages. For more
information, see Multicast Listener
Discovery.
ICMP Router Discovery is replaced with
ICMPv6 Router Solicitation and Router
Advertisement messages and is required. For
Vd-2 : 2001:DB8:0:2F3B:2AA:FF:FE28:9C5A
Vd-3 : a ch = FE80:0:0:0:2AA:FF:FE9A:4CA2
C th vit li = FE80::2AA:FF:FE9A:4CA2
(*) Lu : phn Gi tr u (Prefix) c xc nh bi Subnet Mask IPv6
tng t IPv4
c Prefix = 21DA:D3:0 (48 bits)
Vd-4 : 21DA:D3::/48
hoc 21DA:D3:0:2F3B::/64 c Prefix = 21DA:D3:0:2F3B ( 64 bits)
Ch thch :
khng b b ng, chng ta nn lu v mt s khi nim trc khi ni v
a ch ca IPv6 Host
a) Link-Local : khi nim ch v cc Host kt ni cng h thng thit b vt l
(tm hiu Hub, Switch)
b) Site-Local : khi nim ch v cc Host kt ni cng Site
c) Node : im kt ni vo mng (tm hiu l Network Adapter). Mi Node s
c nhiu IPv6 Address cn thit (Interface Address) dng cho cc phm vi
(Scope), trng thi (State), vn chuyn (Tunnel) khc nhau thay v ch c 1 a
ch cn thit nh IPv4
d) Do vy khi ci t IPv6 Protocol trn mt Host, mi Network Adapter s c
nhiu IPv6 Address gn cho cc Interface khc nhau
3-Cc loi IPv6 Address
a- Unicast
Unicast Address dng nh v mt Interface trong phm vi cc Unicast
Address. Gi tin (Packet) c ch n l Unicast Address s thng qua Routing
chuyn n 1 Interface duy nht
b- Multicast
Multicast Address dng nh v nhiu Interfaces. Packet c ch n l
Multicast Address s thng qua Routing chuyn n tt c cc Interfaces c
cng Multicast Address
c-Anycast
Anycast Address dng nh v nhiu Interfaces. Tuy vy, Packet c ch n
l Anycast Address s thng qua Routing chuyn n mt Interfaces trong
001
/3)
0:0:0:0:0:0:0:1
Trong w,x,y,z l
IPv6 Address
Not applicable in IPv6
IPv6 multicast addresses (FF00::/8)
Not applicable in IPv6
Unspecified address is ::
Loopback address is ::1
Global unicast addresses
Site-local addresses (FEC0::/10)
Link-local addresses (FE80::/64)
Text representation: Colon hexadecimal
format with suppression of leading zeros
and zero compression. IPv4-compatible
addresses are expressed in dotted decimal
notation.
Network bits representation: Prefix length
notation only
DNS name resolution: IPv6 host address
(AAAA) resource record
DNS reverse resolution: IP6.ARPA domain
Bi 38:
OSPF, cng c kin thc li no.
Distance vector v link state
Khi ta hc v giao thc distance vector th router hc ng i nh neighbors
[nh tuyn theo tin n, neighbors bo g nghe ny nh RIP]. Giao thc
distance ch tin cy thng tin route ca neighbor.
Hc qua EIGRP th c tin b hn t l n nghe tin n nhng n cn xc nhn
li xem c ng hay khng [ y l xem ng no tt hn]. EIGRP th
nhanh hn nhng ch h tr sn phm cisco.
C mt giao thc khc kh hn 2 ci kia nhng hi tn performance mt cht,
h tr a chng loi sn phm l OSPF. OSPF th khng nghe tin n nh
nhng giao thc kia m n ly ton b thng tin v state [trng thi: links ca
router , interfaces, nhng neighbor ca router , v trng thi up/down,ip,
subnet,] ca thng gc copy vo link state database ca n ri t tm ra
ng i tt nht cho mnh bng thut ton shortest-path-frist [hay cn gi l
Dijkstra].
Nhng con bin [ABR: area border router] nm gia nhiu bin c bn
topology cho nhiu vng khc nhau. N ch gi tuyn route summary t
area khc ra cho area0 [backbone].
Nhng trc khi trao i thng tin th n cn phi thit lp mt mi qua h gi
l neighbor. Quan h neighbor s c thit lp nh vo gi nhng gi hellos.
Khi router nhn gi hello t neighbor th n kim tra:
Area ID
Authentication
Networkmask [subnet mask phi ging nhau]
HelloInterval, DeadInterval timer [trong mi trng broadcast l hello
10, v Nonbroadcast l 40. DeadInterval gp 4 ln hello]. Sau thi gian
dead m khng nhn c hello th b neighbors.
C stub
V mt s option cu hnh trn interface nhn vo gi hello.
Bi 39:
Ti sao interface serial khng nhn c IP ng t DHCP-server?
Cu hi:
Trong khi cu hnh DHCP Relay th cu lnh IP helper address A.B.C.D(a
ch ca con DHCP) ch tc dng trong kt ni Ethernet(FastEthernet), cn
trong kt ni Serial th khng c?
V khi cu hnh DHCP client trn Router, mnh cu mnh trn cng Ethernet
th n support cn trong kt ni Serial th li khng nh?.
Tr li:
Cu tr li cho vn ny l cp IP cho client th DHCP server cn bit
MAC ca client n c th lu trong c s d liu ca n. Sau ny nu client
c xin IP cng da vo bng ny m cp pht li IP cho client.
- Server m ha key tp trung cho php t ng sinh key theo tng gi tin (perpacket), tng phin lm vic (per-session) ty thuc vo ci t ca nh sn
xut. Vic phn pht WEP key theo per-packet s sinh ra mt WEP key mi
Bi 41:
4. Man-in-the-middle Attack:
- Tn cng theo kiu Man-in-the-middle l trng hp trong hacker s dng
mt AP nh cp cc node di ng bng cch gi tn hiu RF mnh hn AP
hp php n cc node . Cc node di ng nhn thy c AP pht tn hiu RF
tt hn nn s kt ni n AP gi mo ny, truyn d liu c th l nhng d
liu nhy cm n AP gi mo v hacker c ton quyn x l.
- lm cho client kt ni li n AP gi mo th cng sut pht ca AP gi
mo phi cao hn nhiu so vi AP hp php trong vng ph sng ca n. Vic
kt ni li vi AP gi mo c xem nh l mt phn ca roaming nn ngi
dng s khng h bit c. Vic a ngun nhiu ton knh (all-band
interference - chng hn nh bluetooth) vo vng ph sng ca AP hp php s
buc client phi roaming.
- Hacker mun tn cng theo kiu Man-in-the-middle ny trc tin phi bit
c gi tr SSID l cc client ang s dng (gi tr ny rt d dng c c).
Sau , hacker phi bit c gi tr WEP key nu mng c s dng WEP. Kt
ni upstream (vi mng trc c dy) t AP gi mo c iu khin thng qua
mt thit b client nh PC card hay Workgroup Bridge. Nhiu khi, tn cng
Man-in-the-middle c thc hin ch vi mt laptop v 2 PCMCIA card. Phn
mm AP chy trn my laptop ni PC card c s dng nh l mt AP v
mt PC card th 2 c s dng kt ni laptop n AP hp php gn .
Trong cu hnh ny, laptop chnh l man-in-the-middle (ngi gia), hot
ng gia client v AP hp php. T hacker c th ly c nhng thng
tin gi tr bng cch s dng cc sniffer trn my laptop.
Bi 42:
CC KHUYN CO V BO MT WLAN
1. WEP:
- Khng nn ch da vo WEP cho d bn ci t mt gii php bo mt tt
n th no i na. Mt mi trng khng dy ch c bo v bi WEP l
mt mi trng hon ton khng an ton. Khi s dng WEP, khng nn s
dng WEP key c lin quan n SSID hay cng ty. Hy to ra mt WEP key
kh nh v kh nhn bit c. Trong nhiu trng hp, WEP key c th on
ra m ch cn nhn vo SSID hay tn ca cng ty. WEP ch nn c s dng
gim nhng nguy c nh nghe trm tnh c ch khng nn l mt gii php
bo mt duy nht.
2. Kch thc Cell:
- gim nguy c b nghe ln, admin nn m bo rng kch thc cell ca AP
l hp l. Phn ln cc hacker thng tm nhng v tr c sng RF v t c
bo v nht nh va h, bi u xe t nhp vo mng khng dy. V th,
cc AP khng nn pht tn hiu mnh n bi u xe (hay cc v tr khc) tr
khi tht s cn thit. Cc AP dnh cho doanh nghip cho php cu hnh cng
sut pht, rt hiu qu iu khin kch thc ca cell xung quanh AP. Nu
k nghe ln trong bi u xe ca cng ty khng bt c sng RF ca AP th
s khng c cch no xm nhp c mng nn mng s c bo v khi kiu
tn cng ny.
- Thng th cc admin b hp dn bi vic thit lp mc cng sut pht ti a
trn tt c cc thit b WLAN nhm t c throughput cng nh vng bao
ph ti a, nhng cch cu hnh m qung nh vy s tr gi rt t cho an
ton ca mng WLAN. Kch thc cell thch hp ca mt AP trong mt vng
no nn c document cn thn li lc cu hnh AP. Trong mt s trng
hp c th ci t 2 AP ( cng mt v tr) vi kch thc cell nh hn gim
nguy c b tn cng.
- Hy c t AP trung tm ca ta nh, iu ny s lm gim nguy c r r tn
hiu ra bn ngoi vng bao ph mong mun. Nu bn ang s dng mt anten
lp ngoi th nn chn kiu anten thch hp gim thiu kch thc ph sng
va . Hy tt AP khi khng cn s dng, iu ny s gip gim nguy c tn
cng cng nh b st nh.
3. Xc thc ngi dng:
- Bi v xc thc ngi dng chnh l im yu nht trong mng WLAN v
chun 802.11 khng ch nh mt phng thc no xc thc ngi dng nn
iu cn thit i vi admin l ci t mt phng thc xc thc da trn
ngi dng (user-based) cng sm cng tt khi ci t h tng mng WLAN.
Xc thc ngi dng nn da trn nhng c ch khng ph thuc thit b nh
username, password, sinh trc hc, smart card, h thng token-based, hay cc
phng thc xc thc khc nh danh ngi dng (ch khng phi l thit b).
Gii php bn trin khai nn h tr xc thc 2 chiu gia Server xc thc
(RADIUS) v cc client khng dy.
Bi 43:
L HNG SSID TRONG MNG WIRELESS
1. Tnh nng qung b SSID:
- Cc wireless network admin thng hay tt tnh nng qung b Service Set
Identifier (SSID) trn Access Point (AP) hay router nhm mc ch bo mt.
Thm ch mt ngi khi bit ni c th truy nhp mng khng dy th h
vn khng th kt ni c nu h khng bit SSID.
- V vy, vic lm n SSID bng cch tt tnh nng qung b SSID c th ngn
chn vic truy nhp tri php vo mng. Tuy nhin, ng iu ny nh la
nhn thc v bo mt ca bn. Mt ngi vi thit b cn thit vn c th d
dng ly c SSID ca mng.
- Theo cu hnh mc nh, cc beacon c gi bi AP hay router s cha cc
SSID thng bo cho cc client trong vng ca mnh. Cc SSID ny c
hin th trong Windows XP nh l cc mng sn c. Tuy nhin, khi tt tnh
nng qung b SSID th beacon s khng cha SSID na, iu ny s ngn
chn vic hin th mng trong Windows XP. Nu n c s dng vi cc
phng thc m ha khc th c th gip bo v mng ca bn.
2. Pht hin SSID khi n khng c qung b:
- Tuy nhin, vic tt tnh nng qung b SSID trn AP hay router s khng th
ngn chn c cc hacker hay war driver pht hin ra mng khng dy v
thm ch l c SSID na. Cc hacker c th s dng phn mm hp l nh
AirMagnet l c th d dng pht hin ra SSID cho d n c c qung b
trong beacon hay khng.
- AirMagnet s chp ly SSID t cc gi tin c gi trong mng gia cc
client. SSID c cha trong cc association request, v trong mt s trng
hp c probe request v probe response u cha n mc d bn tt tnh
nng qung b SSID ri. V d, SSID ca mng c th b chp ly bi
AirMagnet khi mt client trong mng boot up thc hin vic kt ni vo mng
khng dy, lc client s gi gi tin association request n AP c th kt
ni vo mng khng dy.
- Hacker v war driver c th s dng cc cng c khc nh AirJack cng c
hiu qu tng t. Cc cng c ny lm vic bng cch gi mt gi tin deassociation gi n mt client no . iu ny s lm cho client thc hin vic
re-authentication v re-association vi AP. Cc cng c ny s nhanh chng
chp ly SSID ca mng t cc gi tin association request.
3. Cc iu cn nh:
- Vic b tnh nng qung b SSID ch c th gip bo v mng ca bn bng
cch n n trc nhng ngi dng bnh thng.
- S dng tnh nng n SSID khng c ngha l bn khng cn cn n WAP
hay WPA bo mt mng.
- Cc cng c pht hin v phn tch lun lun sn c bt c khi no, cho d
bn c s dng phng php bo mt no i na.
Bi 44:
CHNH SCH BO MT CHO DOANH NGHIP S DNG WLAN
- Mi cng ty s dng WLAN nn c mt chnh sch bo mt trong a ra
cc mi nguy him m mng WLAN c th gp phi. V d, nu kch thc
cell khng thch hp th s cho php cc hacker c th kt ni vo mng t
ngoi ng hay bi u xe, v th bn nn a chi tit ny vo trong chnh
sch bo mt. Cc chi tit khc c th c trong chnh sch bo mt bao gm
mt m, WEP key, s dng cc gii php bo mt cao cp, thng xuyn kim
k phn cng WLAN Ngoi ra cn c nhiu yu t khc ty thuc vo nhu
cu bo mt ca cng ty cng nh mc rng ln ca mng WLAN.
- Li th ca vic c, ci t v duy tr mt chnh sch bo mt vng chc l rt
nhiu. Ngn chn vic mt trm d liu, ngn chn nhng k ph hoi hay gin
ip, bo v b mt kinh doanh
- Khi u ca mt chnh sch bo mt chnh l qun l. Nhn din c
nhng nhu cu v bo mt v y thc nhim v phi to ra c mt ti liu
thch hp bao gm chnh sch bo mt cho WLAN l mt u tin hng u.
Trc tin, ngi chu trch nhim bo mt WLAN phi c o to v mt
cng ngh. Tip theo, nhng chuyn gia c o to phi lm vic vi
cp trn thng nht v mt chnh sch bo mt cho cng ty. i ng cc c
nhn c o to ny sau c th xy dng nn mt danh sch cc yu
cu m nu tun th theo s m bo cho mng khng dy c bo v ging
nh mng c dy.
1. Gi nhng thng tin nhy cm c b mt:
- Mt s iu m ch c admin mi nn bit bao gm:
+ Username v password ca AP hay Bridge
+ SNMP strings
+ WEP key
+ MAC address list
Vic gi nhng thng tin ny trong tay nhng ngi ng tin cy, nhng
c nhn ti nng nh admin l iu rt quan trng bi v nhng k ph hoi hay
hacker c th d dng s dng nhng thng tin ny truy cp vo mng v
cc thit b mng. Nhng thng tin ny c th c lu tr theo nhiu cch an
ton khc nhau. Trn th trng hin nay c cc ng dng s dng m ha rt
mnh dnh cho mc ch lu tr nhng thng tin nhy cm.
2. Physical Security:
- Mc d physical secirity l rt quan trng i vi mng c dy truyn thng
nhng n li cng quan trng hn i vi nhng cng ty c s dng cng ngh
WLAN. V hacker c th khng cn phi trong ta nh mi c th kt ni vo
mng c m ch cn ngoi ng hay bi u xe l . Thm ch nhng
phn mm pht hin xm nhp l khng ngn chn cc hacker nh cp
nhng thng tin nhy cm. Tn cng b ng khng h li du vt no trn
mng bi v hacker khng tht s kt ni vo mng m ch lng nghe. Hin nay
c nhng ng dng c th lm cho card mng hot ng trong ch hn hp
Bi 45:
CC VN CN XEM XT KHI TRIN KHAI WLAN
Sau khi bn kt thc site survey v c c bn trin khai vt l, bn c
th chuyn sang bc tip theo ca qu trnh trin khai. Mt mng WLAN bo
mt i hi phi c AAA Server nh RADIUS cho php xc thc theo
ngi dng. Hn na, bn nn trin khai 1 c ch qun l WLAN.
1. Cc vn cn xem xt khi trin khai 802.1X:
- Gii php 802.1X yu cu phi c AAA server cung cp xc thc theo
ngi dng. AAA server thng c t trung tm d liu (data center)
c bo v. V n nm layer 3 v c tc chuyn mch ca ng dy
(wire-speed) nn bn c th o t c tr ca mng gia bin mng
(network edge) v data center vo khong vi milisecond hay thm ch
microsecond.
- Vic trin khai 802.1X tr nn phc tp hn khi phi trin khai qua kt ni
WAN. Kt ni WAN thng c bng thng (bandwidth) thp hn so vi kt
ni LAN v kt qu l nghn c th xut hin trn nhng kt ni ny. Nghn c
th c nhng nh hng ng k ln xc thc 802.1X v n c th drop (hy
b) nhng gi tin RADIUS lm cho vic xc thc ca trm client b time out
nh c minh ha trong hnh di.
- Vic s dng QoS u tin traffic ca 802.1X RADIUS khng gii quyt
c ht mi vn lin quan n vic xc thc t xa. Cc vn sau vn lun
tn ti:
+ Khng c dch v WAN (WAN outage)
+ tr ca WAN
- Nu kt ni WAN b t th trm client khng th truy cp vo WLAN cng
nh ti nguyn cc b. Vi kt ni WAN c tr rt cao nh v tinh cng c
nhng nh hng xu n qu trnh xc thc v n c th lm cho vic xc thc
b time out lm cho hiu nng hot ng ca station b gim st nghim trng.
Xc thc cc b chi nhnh:
- Xc thc cc b chi nhnh dng nh l mt gii php tt gii quyt vn
, nhng n cng khng phi l mt cng c cha c bch bnh. Vic trin
khai AAA server chi nhnh c nhng vn sau:
+ Chi ph i vi nhng cng ty c nhiu chi nhnh th cn t nht 1 server
mi chi nhnh
+ Kh nng qun l
- S lng authentication server c th ln n hng ngn ty thuc vo s
trin khai
- Vic phi ti to li c s d liu ngi dng cho mt lng ln cc chi
nhnh c th l mt vn kh thc hin
- Vic truy cp ca admin c th l mt vn nu nh cc admin chi nhnh
cn thng xuyn truy cp vo server trung tm
- Mt s nh sn xut nh Cisco tch hp authentication server vo trong AP
gip ngi dng tit kim chi ph v nhng rc ri lin quan n vic qun
l AAA server cc b nh c minh ha trong hnh di
2. Qun l WLAN:
- Qun l mng ni chung v qun l WLAN ni ring l mt ch ln v
cn phi c mt sch khc ni v chng. Phn ny ch a ra mt s khi nim
quan trng ni bt nht cn phi xem xt trong sut qu trnh trin khai.
- Trong bt k kiu mng no, bn khng th qun l nhng g m bn khng
th o t c
- Trong cc mng ln, c th ln n hng ngn thit b cn c qun l.
Trong cc trin khai mng WLAN cho mt doanh nghip ln khng him khi
ta thy s lng AP nhiu gp 3 ln bnh thng. WLAN c th s nh hng
chnh n vic bn s qun l mng nh th no. c c mt mng WLAN
hot ng ng tin cy nh mng LAN v gim thiu nhng phc tp trong
vic qun l th bn cn phi c mt gii php qun l trong bao gm vic
qun l WLAN.
- Nhng nh ph chun WLAN u tin gp nhng kh khn v gnh nng
qun l trong WLAN. Hu ht cc gi qun l gi r rt kh m rng n hng
ngn thit b m khng phi s dng nhiu trm qun l, v khng c mt gii
php no a ra nhng chc nng qun l sng v tuyn (RF). Nhng thiu st
ny lm cho vic trin khai WLAN c hiu nng hot ng ngho nn v buc
admin phi t pht trin nhng cng c ring ca h qun l WLAN mt
cch hiu qu.
- Nhiu gii php qun l WLAN cung cp cc dch v qun l ging vi mng
c dy nh: SNMP, gim st li, thu thp cc by li (trap), phn phi cu
hnh, phn phi firmware Tuy nhin, khng c gii php no cho admin c
ci nhn su hn v bn thn mng v tuyn. Hiu nng ca WLAN khc nhau
rt ln trong cc ci t khc nhau. Vt liu ca tng v v tr ca nhiu bn
ngoi nh l vi sng c th nh hng n hiu nng ca WLAN. Ngoi ra th
cc thit b Bluetooth, ad-hoc client v mng WLAN ca hng xm s lm suy
gim hiu nng ca WLAN n mc khng th s dng c.
- Vic qun l c sng v tuyn s cho php admin nhn thy c cc vn
Infrared (IR):
- Infrared l mt cng ngh truyn truyn thng da trn nh sng ch khng
phi l mt cng ngh tri ph. Cc thit b IR c th t c tc ti a l 4
Mbps khong cch gn nhng v n l mt cng ngh da vo nh sng nn
cc ngun nh sng IR khc c th gy nhiu n vic truyn thng IR. Tc
thng thy ca mt thit b IR l khong 115 Kbps l cho vic trao i d
liu gia cc thit b cm tay. Mt li th quan trng ca mng IR l n khng
gy nhiu vi mng tri ph RF nn chng c th c s dng cng vi nhau.
Security:
- Tnh bo mt ca bn thn cc thit b IR l rt tuyt vi do 2 nguyn nhn
chnh. Th nht, IR khng th truyn xuyn tng mc cng sut thp nh
th (2 mW). Th 2, mt hacker hay mt k nghe ln phi can thip trc tip
vo cc beam c th truy cp vo cc thng tin c truyn. Vi PDA v
Laptop, IR c s dng cho cc kt ni point-to-point mt khong cch rt
ngn v th, tnh bo mt l khng cn thit trong trng hp ny.
Stability (tnh n nh):
IR khng th truyn xuyn tng m n s phn x li khi tng v trn nh.
Infrared khng b ph hy bi tn hiu in t, iu ny lm tng tnh n nh
ca h thng IR. Cc thit b IR qung b (broadcast) c th c treo trn trn
nh. Thit b IR qung b (tng t nh anten RF) s truyn sng mang IR v
cc thng tin theo tt c mi hng. V l do tiu th in nng nn Broadcast
IR thng c s dng trong nh. Truyn thng IR point-to-point c th c
s dng outdoor v c phm vi hot ng ti a ln n 1 Km (khong 3280
feet) nhng khong cch ny c th b lm ngn li bi nh sng mt tri. nh
sng mt tri xp x 60% nh sng infrared v c th lm suy yu tn hiu
broadcast IR mt cch nghim trng.
4. Wireless LAN Interoperability Forum (WLIF)
- Chun OpenAir l chun c to ra bi WLIF (hin ti th din n ny
khng cn hot ng na) nh l mt h thng WLAN thay th cho 802.11.
OpenAir c 2 tc hot ng l 800 Kbps v 1.6 Mbps. Cc h thng
OpenAir v 802.11 khng tng thch vi nhau v khng th tng tc c
vi nhau. Hin nay th chun ny rt t c s dng. OpenAir tp trung ch
yu vo cc thit b FHSS v ch hot ng 2 tc .
Bi 47:
Bi 48:
Recovery Password Switch !
Vic crack password switch cc k n gin trong cc dng switch sau:
2900XL, 3500XL, 2940, 2950, 2960, 2970, 3550, 3560, and 3750 series
switches
DEVELOPMENT TEST
VERSION
Compiled Fri 13-Dec-02 17:38 by madison
WS-C2955T-12 starting...
Base ethernet MAC Address: 00:0b:be:b6:ee:00
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 19 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 4510720
flashfs[0]: Bytes available: 3230720
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Ch i thy mn hnh hin ra :
Quote:
The system has been interrupted prior to initializing the flash file system to
finish
loading the operating system software:
flash_init
load_helper
boot
Nhn CTRL + Break
Quote:
switch:
G command :
Quote:
switch: flash_init
Initializing Flash...
flashfs[0]: 143 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 3612672
flashfs[0]: Bytes used: 2729472
flashfs[0]: Bytes available: 883200
flashfs[0]: flashfs fsck took 86 seconds
....done Initializing Flash.
Boot Sector Filesystem (bs installed, fsid: 3
Parameter Block Filesystem (pb installed, fsid: 4
G command
Quote:
switch: load_helper
switch:
Tip tc ta g dir flash xem IOS trn switch
(Lu , c du : sau ch flash)
Quote:
switch: dir flash:
Directory of flash:/
-rwx 1803357 <date> c3500xl-c3h2s-mz.120-5.WC7.bin
-rwx 1131 <date> config.text ( file lu cu hnh )-rwx 109 <date> info
-rwx 389 <date> env_vars
drwx 640 <date> html
-rwx 109 <date> info.ver
403968 bytes available (3208704 bytes used)
switch:
Ta sa file cu hnh lu password
Quote:
switch: rename flash:config.text flash:config.old
Enter boot command
Quote:
switch: boot
Loading "flash:c3500xl-c3h2s-mz.1205.WC7.bin"...###############################
##################################################
##############################
##################################################
####################
File "flash:c3500xl-c3h2s-mz.120-5.WC7.bin" uncompressed and installed,
entry po
int: 0x3000
executing...
Sau khi khi ng ln :
Quote:
--- System Configuration Dialog --At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Continue with configuration dialog? [yes/no]: n
Press RETURN to get started.
Switch>
Switch>en
Switch#
Sa file config li thnh file config.text nh lc u :
Quote:
Switch#rename flash:config.old flash:config.text
Destination filename [config.text]
Copy file password c ln xo, sa :
Quote:
Switch#copy flash:config.text system:running-config
Swpass#
Ta sa password xong, lu li , kt thc qu trnh recovery password :
Quote:
Sw1#write memory
Building configuration...
[OK]
---------------------------------------------------------Bi 49:
Bi 50:
Integrity Check). V vy, d liu khng th b thay i trong khi ang trn
ng truyn. WPA c sn 2 la chn: WPA Personal v WPA Enterprise. C
2 la chn u s dng giao thc TKIP, v s khc bit ch l kho khi to m
ho lc u. WPA Personal thch hp cho gia nh v mng vn phng nh,
kho khi to s c s dng ti cc im truy cp v thit b my trm.
Trong khi , WPA cho doanh nghip cn mt my ch xc thc v 802.1x
cung cp cc kho khi to cho mi phin lm vic.
C mt l hng trong WPA v li ny ch xy ra vi WPA Personal. Khi m s
dng hm thay i kho TKIP c s dng to ra cc kho m ho b pht
hin, nu hacker c th on c kho khi to hoc mt phn ca mt khu,
h c th xc nh c ton b mt khu, do c th gii m c d liu.
Tuy nhin, l hng ny cng s b loi b bng cch s dng nhng kho khi
to khng d on (ng s dng nhng t nh "PASSWORD" lm mt
khu).
iu ny cng c ngha rng k thut TKIP ca WPA ch l gii php tm thi,
cha cung cp mt phng thc bo mt cao nht. WPA ch thch hp vi
nhng cng ty m khng truyn d liu "mt" hay cc thng tin nhy cm...
WPA cng thch hp vi nhng hot ng hng ngy v mang tnh th nghim
cng ngh.
50.6. WPA 2
Mt gii php v lu di l s dng 802.11i tng ng vi WPA2, c
chng nhn bi Wi-Fi Alliance. Chun ny s dng thut ton m ho mnh
m v c gi l Chun m ho nng cao AES (Advanced Encryption
Standard). AES s dng thut ton m ho i xng theo khi Rijndael, s
dng khi m ho 128 bit, v 192 bit hoc 256 bit. nh gi chun m ho
ny, Vin nghin cu quc gia v Chun v Cng ngh ca M, NIST
(National Institute of Standards and Technology), thng qua thut ton m
i xng ny. V chun m ho ny c s dng cho cc c quan chnh ph
M bo v cc thng tin nhy cm. Trong khi AES c xem nh l bo
mt tt hn rt nhiu so vi WEP 128 bit hoc 168 bit DES (Digital Encryption
Standard). m bo v mt hiu nng, qu trnh m ho cn c thc hin
trong cc thit b phn cng nh tch hp vochip. Tuy nhin, rt t ngi s
dng mng khng dy quan tm ti vn ny. Hn na, hu ht cc thit b
cm tay Wi-Fi v my qut m vch u khng tng thch vi chun 802.11i.
50.7. Lc (Filtering)
Lc l c ch bo mt c bn c th s dng cng vi WEP. Lc hot ng
ging nh Access list trn router, cm nhng ci khng mong mun v cho
php nhng ci mong mun. C 3 kiu lc c bn c th c s dng trong
wireless lan:
+ Lc SSID
+ Lc a ch MAC
+ Lc giao thc
50.7.a. Lc SSID
Lc SSID l mt phng thc c bn ca lc v ch nn c s dng cho vic
iu khin truy cp c bn. SSID ca client phi khp vi SSID ca AP c
th xc thc v kt ni vi tp dch v. SSID c qung b m khng c
m ha trong cc Beacon nn rt d b pht hin bng cch s dng cc phn
mm. Mt s sai lm m ngi s dng WLAN mc phi trong vic qun l
SSID gm:
S dng gi tr SSID mc nh to iu kin cho hacker d tm a ch MAC
ca AP.
S dng SSID c lin quan n cng ty.
S dng SSID nh l phng thc bo mt ca cng ty.
Qung b SSID mt cch khng cn thit.
50.7.b. Lc a ch MAC
Hu ht cc AP u c chc nng lc a ch MAC. Ngi qun tr c th xy
dng danh sch cc a ch MAC c cho php. Nu client c a ch MAC
khng nm trong danh sch lc a ch MAC ca AP th AP s ngn chn
khng cho php client kt ni vo mng. Nu cng ty c nhiu client th c
th xy dng my ch RADIUS c chc nng lc a ch MAC thay v AP.
Cu hnh lc a ch MAC l gii php bo mt c tnh m rng cao.
xc thc thnh cng s chuyn sang trang thi 2 (c xc thc nhng cha kt
ni). Nu 1 Access Point khng xc nhn s hp l ca mt my khch do li
trong cu hnh, k tn cng c th gi mt s lng ln yu cu xc thc, lm
trn bng yu cu kt ni ca cc my khch Access Point , lm cho Access
Point t chi truy cp ca cc ngi dng khc bao gm c ngi dng c
php truy cp.
b)Access Point gi mo t cc mng WLAN ln cn
Cc my khch theo chun 802.11 t ng chn Access Point c sng mnh
nht m n pht hin c kt ni. v d: Windows XP t ng kt ni n
kt ni tt nht c th xung quanh . V vy, nhng ngi dng c xc thc
ca mt t chc c th kt ni n cc Access Point ca cc t chc khc ln
cn. Mc d cc Access Point ln cn khng c thu ht kt ni t cc ngi
dng, nhng kt ni v tnh l nhng d liu nhy cm.
c)Access Point gi mo do k tn cng to ra
Gi mo AP l kiu tn cng man in the middle c in. y l kiu tn cng
m tin tc ng gia v trm lu lng truyn gia 2 nt. Kiu tn cng ny
rt mnh v tin tc c th trm tt c lu lng i qua mng. Rt kh khn
to mt cuc tn cng man in the middle trong mng c dy bi v kiu tn
cng ny yu cu truy cp thc s n ng truyn. Trong mng khng dy
th li rt d b tn cng kiu ny. Tin tc cn phi to ra mt AP thu ht nhiu
s la chn hn AP chnh thng. AP gi ny c th c thit lp bng cch
sao chp tt c cc cu hnh ca AP chnh thng l: SSID, a ch MAC
v.v..Bc tip theo l lm cho nn nhn thc hin kt ni ti AP gi.
- Cch th nht l i cho ngui dng t kt ni.
- Cch th hai l gy ra mt cuc tn cng t chi dch v DoS trong AP
chnh thng do vy ngui dng s phi kt ni li vi AP gi.
Trong mng 802.11 s la chn AP c thc hin bi cng ca tn hiu
nhn. iu duy nht tin tc phi thc hin l chc chn rng AP ca mnh c
cng tn hiu mnh hn c. c c iu tin tc phi t AP ca
mnh gn ngi b la hn l AP chnh thng hoc s dng k thut anten nh
hng. Sau khi nn nhn kt ni ti AP gi, nn nhn vn hot ng nh bnh
thng do vy nu nn nhn kt ni n mt AP chnh thng khc th d liu
ca nn nhn u i qua AP gi. Tin tc s s dng cc tin ch ghi li mt
khu ca nn nhn khi trao i vi Web Server. Nh vy tin tc s c c tt
c nhng g anh ta mun ng nhp vo mng chnh thng. Kiu tn cng
ny tn ti l do trong 802.11 khng yu cu chng thc 2 hng gia AP v
nt. AP pht qung b ra ton mng. iu ny rt d b tin tc nghe trm v do
vy tin tc c th ly c tt c cc thng tin m chng cn. Cc nt trong
mng s dng WEP chng thc chng vi AP nhng WEP cng c nhng
l hng c th khai thc. Mt tin tc c th nghe trm thng tin v s dng b
phn tch m ho trm mt khu ca ngi dng
d)Access Point gi mo c thit lp bi chnh nhn vin ca cng ty
V s tin li ca mng khng dy mt s nhn vin ca cng ty t trang b
Access Point v kt ni chng vo mng c dy ca cng ty. Do khng hiu r
v nm vng v bo mt trong mng khng dy h v tnh to ra mt l hng
ln v bo mt. Nhng ngi l vo cng ty v hacker bn ngoi c th kt ni