Tuyen Tap Bai Viet CCNA PDF

Bi 1:
Frame relay
Frame relay vn l cng ngh WAN c trin khai nhiu nht c dng router.
c mt s chuyn i dn dn t FR sang cc cng ngh nh VPN da trn
nn IP v MPLS-VPN. Tuy nhin Frame relay s vn ng mt vai tr ln
trong cc mng doanh nghip trong mt tng lai trc mt.
Chun FR c pht trin bi nhiu nhm nghin cu. Ban u, Cisco v cc
cng ty khc (cn c gi l gang of four) pht trin mt chun gip cho tnh
tng thch ca FR v pht trin sn phm. Sau mt din n v Frame
relay Framerelay Forum c thnh lp nhm pht trin FR. IETF hin nh
ngha vi RFC lin quan n vic dng FR nh l giao thc lp 2 trong mng
IP.
Ti liu Cisco IOS thng m t cc chun ca FR thng qua cc tho hip
hin thc FRF, v d FRF.12 lin quan n c t cho tin trnh phn mnh.
Cui cng, ANSI v ITU xy dng trn cc chun ny chun ha FR theo
chun quc gia ca M v quc t.
Cc mch o ca Frame Relay:
Cng ngh Frame Relay thng chuyn cc frame t ngun n ch trn
nhng ng dn kt ni o. Cc ng i o ny c th l cc mch o
thng trc (permanent virtual circuits - PVCs) hoc cc mch o chuyn mch
(switched virtual circuits - SVCs).
Mt PVC thng c thit lp bi cc nh cung cp dch v khi h lp trnh
cc tng i Frame Relay Switch. Ty thuc vo tho thun vi nh cung cp,
mt khch hng hoc mt PVC ca ngi dng c th c cu hnh mang
lu lng n mt tc no c gi l tc thng tin cam kt
(committed information rate - CIR).
CIR l tc truyn m mng Frame Relay hoc nh cung cp ng truyn
trong tnh trng bnh thng, y cng l tc trung bnh trong mt khong
thi gian no . n v ca CIR l bits trn giy.
Mi kt ni PVC cui mi thit b u cui c xc nh bng mt a ch
c chiu di 10 bit trong phn header u ca frame, cn c gi l DLCI.
DLCI thng c dng nh x n a ch lp mng ca ch n, tc a
ch ca router u xa ca mch PVC. Sau d liu cn c truyn trn h
tng Frame relay s c ng gi trong cc header ny.
Mi header trong Frame Relay c chn vo gi tr DLCI tng ng n a
ch lp mng ca ch n. Cc frame sau s c gi n tng i vi gi
tr DLCI ban u. Cc frame ny tip tc c trung chuyn v pha mng ch
thng qua cc tng i ca cc nh cung cp dch v FR. Cc tng i FR c

th thay i gi tr DLCI sang cc PVC khc trn ng i v ch. Kt qu l,
gi tr DLCI ca mt frame khng nht thit phi l ging nh gi tr ban u
khi frame i vo mng Frame Relay. V vy, gi tr DLCI ch c ngha cc
b. Ngoi ra, c hai u ca PVC c th dng cng gi tr DLCI, v d DLCI
200. Tuy nhin, cui mt kt ni, mt DLCI khng th tng trng cho nhiu
hn mt PVC.
Thng s nhn dng kt ni lp datalink DLCI :
kt ni hai thu bao Frame Relay DTE, nh cung cp dch v FR s dng
mt mch o gia hai router u cui. Mt router c th gi ra mt frame
Frame Relay, trong c mt trng c chiu di 10-bit nhn dng tng
VC, gi l Data Link Connection Identifier (DLCI).
Cc tng i trung gian FR chuyn cc frame da trn thng tin trn gi tr
DLCI ca frame, cho n khi frame thc s thot ra khi tng i n router
trn u kia ca kt ni. Cc gi tr FR DLCI ch c ngha cc b, ngha l
mt gi tr DLCI no ch c ngha trn mt kt ni n. Kt qu l gi tr
DLCI ca mt frame c th thay i khi frame i qua mt mng. Nm bc
di y hin th cc gi tr DLCI cc b cho mt mch o trong hnh v.
Router A gi ra mt frame vi gi tr DLCI 41.

Tng i FR xc nh frame l mt phn ca mch VC kt ni router A n
routerB.
Tng i FR thay th trng DLCI ca frame bng gi tr 40.
Trong thc t, mt vi nh cung cp dch v dng a ch DLCI ton cc.
Qui c DLCI truyn thng cho php ta suy ngh router c mt a ch n
duy nht, cng tng t nh vai tr ca a ch MAC. Tuy nhin cc a ch
vn l cc b v mt gi tr DLCI ca mt mch o VC vn c th b thay
i gi tr khi n i qua mt h thng mng. V d, cho cng mt VC t
routerA n RouterB, ch ra routerA c DLCI l 40 v routerB c DLCI l
41.
tng ca a ch ton cc th cng ging nh trong LAN. V d, khi
router A gi mt frame n Router B, router A s gi frame n a ch
ton cc ca router B (41). Tng t, routerB s gi mt frame n a ch
ton cc ca router A (40).
Cc thng ip qun l trng thi cng ni b (Local Management
Interface LMI)
Cc thng ip LMI trong FrameRelay gip ta qun l trng thi ng
truyn gia router thu bao v tng i FR. Mt router thu bao dch v FR
c th gi cc thng ip truy vn v trng thi n tng i v tng i s
tr li bng thng ip trng thi LMI Status thng bo cho router v gi
tr DLCI ca mch o VC cng nh l trng thi ca tng mch VC ny.
ch mc nh, thng ip LMI c gi mi 10 giy. C mi thng
ip th su s mang y thng tin v trng thi, trong bao gm thng
tin y hn v tng VC.
Cc thng ip truy vn LMI Status enquiry (t router) v Status (t tng
i) cng hot ng nh c ch keepalive. Mt router s xem cc cng ca
n l b hng nu router khng th nhn thng ip t tng i trong ba chu
k (mi chu k l 10 giy). Kt qu l, c ch LMI trong Frame Relay thc
s c cho php hoc khng c cho php bng cch dng lnh
keepalive/no keepalive trn cng Frame Relay ca router. Ni cch khc,
lnh no keepalive s tt cc thng ip LMI.
C ba loi thng ip LMI tn ti, ch yu l do c nhiu nh cung cp thit
b v cc chun khc nhau pht trin FR. Kiu c nh ngha sm
nht, c gi l Cisco LMI th hi khc vi cc kiu ANSI v ITU c
nh ngha sau . S khc nhau im:
Cisco LMI cho dng cc gi tr DLCI c php, tc dy s DLCI cho
php.
Cc gi tr DLCI c dng gi thng ip LMI.
Ni mt cch thc t, cc vn ny t quan trng. Mc nh router s t

ng d tm loi LMI. Nu cn thit, lnh frame-relay lmi-type c th c
dng ch ra kiu LMI c dng trn ng truyn Frame Relay.
Bng di y lit k ba kiu LMI, t kha type cng vi vi im so snh
lin quan n LMI v cc gi tr DLCI cho php. V d kiu LMI ca Cisco
cho php dng cc gi tr DLCI t 16 cho n 1007. Kiu LMI ca ANSI
cho php dng DLCI t 16 n 991. Gi tr DLCI c dng bi chnh
LMI truyn v nhn cc thng ip cng khc nhau. Cisco LMI dng
DLCI 1023, cn ANSI LMI dng DLCI 0.
Frame Relay Headers v qu trnh ng gi FR

Router to ra cc frame bng cch dng cc header lin tip khc nhau. Header
u tin l ITU Link Access Procedure for Frame-Mode Bearer Services
(LAPF). Header LAPF bao gm tt c cc trng c dng bi tng i FR
phn phi cc frame trn m my FR, cc trng ny bao gm DLCI, DE,
BECN v FECN.
Cc trng theo sau phn LAPF s cha cc thng tin quan trng cho cc
router thu bao trn u cui ca VC. i vi on header ng gi, c hai ty
chn tn ti:
Cc loi header do Cisco nh ngha ban u.
Header c nh ngha bi IETF trong RFC 2427 (trc y l RFC 1490).
Nu ta dng Cisco router cui mi VC, tu chn cisco l ph hp v lm vic
tt. Trong khi, ty chn ietf l cn thit trong trng hp dng nhiu sn phm
ca cc hng khc nhau. C hai header u c mt trng c tn l protocol
h tr nhiu giao thc lp 3 trn mt VC. Trng c dng nhiu nht l
trng xc nh giao thc lp mng Network Layer Protocol ID, c m t
trong RFC2427. Hnh di y m t cu trc ca header v trailer.
Mi VC mc nh u dng header ca Cisco tr phi c cu hnh dng

header kiu IETF. C ba phng thc c dng cu hnh mt VC dng
kiu header IETF:
Dng lnh encapsulation frame-relay ietf. Lnh ny s thay i trng thi
mc nh ca cng sang IETF thay v dng cisco.
Dng lnh frame-relay interface-dlci number ietf, b qua trng thi mc nh
cho VC ny.
Dng lnh frame-relay map dlci.ietf. Lnh ny cng s thay i trng thi
mc nh ca VC.
V d, trn mt cng c 10 VC, trong c by VC cn phi dng kiu ng
gi IETF, cng c th chuyn sang IETF bng lnh encapsulation frame-relay
ietf. Sau , lnh frame-relay interface-dlci number cisco c th c dng cho
ba VC cn chy theo kiu ng gi Cisco.
Cc tn hiu bo nghn DE, BECN v FECN trong Frame Relay
Mng FR, cng ging nh cc mng a truy cp khc, c th to ra nghn do
vn tc khng ng b. V d mt mng Frame Relay c 20 thu bao vi
cc ng 256 kbps v mt vn phng chnh c bng thng mc T1. Nu c 20
site gi cc frame lin tc v vn phng chnh cng mt thi im, ta s c
khong 5Mbps d liu cn i ra khi ng T1 1.5Mbps, lm cho hng i ca
tng i FRSwitch tng nhanh.
Tng t, khi vn phng chnh cn gi d liu n bt k chi nhnh no, router
s gi tc T1. iu ny l nguyn nhn tim tng gy nghn u ra, cc
hng i cng c th tng nhanh chng bn trong mng FrameRelay.
Do , FR cung cp hai phng thc phn ng vi vn nghn.
Adaptive Shaping, FECN v BECN
chng 16, shaping v policing m t khi nim nh hnh lu lng
theo ch thch ng, trong router s thay i tc nh hnh ty thuc

vo mng c nghn hay khng. phn ng vi nghn xy ra trong mng FR,
router phi nhn c vi dng thng bo t tng i FRSwitch rng nghn
xy ra. V vy phn header ca FR s bao gm cc bit Forward Explicit
Congestion Notification (FECN) v bit Backward Explicit Congestion
Notification (BECN) bits bo hiu nghn xy ra trn mt VC no .
thc hin vic ny, khi mt tng i FRSwitch nhn thy c nghn gy ra
bi mt VC, tng i s gn bit FECN trong mt frame ca VC . Tng i
cng theo di cc VC ang b nghn sao cho n c th tm ra frame k tip
ang c gi trn VC nhng i theo chiu i din nh trong bc 4 ca
hnh. Tng i sau s nh du bit BECN trong frame ang truyn theo
chiu ngc li ny. Router nhn c frame c bit BECN bit rng mt frame
do router gi ra chu tnh trng nghn, v vy router c th gim tc gi
d liu ca n xung. Hnh di y m t mt v d ca tin trnh.
Bit FECN c th c gn bi tng i FR nhng khng th c gn bi bt

k router no bi v router khng cn truyn tn hiu nghn. V d, nu R1 ngh
rng nghn xy ra t tri sang phi, R1 c th ch cn gim tc truyn
xung. u kia ca kt ni, R2 l ch n ca frame, v vy n s khng bao
gi lu v nghn xy ra cho nhng frame i t tri sang phi. V vy, ch c
tng i cn phi thit lp gi tr bit FECN.
BECN th c th c gn bi tng i v bi router. Hnh trn m t mt tng
i gn gi tr BECN trn frame k tip ca ngi dng. N cng c th gi
cc frame kim tra Q.922. ng thi ny gip loi b s cn thit phi ch cho
c lu lng ca ngi dng gi trn VC v gn gi tr BECN trn frame .
Cui cng, cc router c th c cu hnh xem xt cc frame c bit FECN,
phn ng li bng cch gi ra cc frame kim tra Q.922 trn VC vi bit
BECN c thit lp. c tnh ny, thnh thong cn c gi l phn hi
FECN. Tnh nng ny c cu hnh bng lnh shape fecn-adapt (CB
Shaping) hoc lnh traffic-shape fecn-adapt (FRTS).
Bit ch ra kh nng loi b frame DE

Khi c nghn xy ra, cc hng i trong tng i FRSwitch bt u lp y.
Trong vi trng hp, frame c th b loi b ra khi hng i. Tng i c th
(nhng khng yu cu) phi kim tra bit ch ra kh nng loi b ca frame
Discard Eligibility (DE) khi frame cn phi b loi b. Tng i FR s ch
ng loi b cc frame c bit DE thay v loi b cc frame khng c bit DE.
C router v tng i FR c th gn bit DE. Thng thng, mt router s ra
quyt nh v vic gn bit DE trong vi frame no , bi v ngi qun tr c
kh nng bit cc lu lng no l quan trng hn lu lng no, thng l
chiu inbound.
nh du cc bit DE c th c thc hin thng qua c ch CB Marking,
dng lnh set fr-de ca MQC. Mc d router thng thc hin vic nh du
bit DE, cc tng i FR cng c th nh du bit DE. i vi tng i, ng
tc nh du thng c thc hin khi tng i khng ch lu lng, nhng
thay v loi b cc lu lng vt qu gii hn, tng i s nh du bit DE.
Bng cch ny, cc tng i bn di s c kh nng loi b cc frame nh
du v gy ra nghn.
Bng di y tm tt cc im mu cht v FECN, BECN v bit DE
Cu hnh Frame Relay

Phn ny m t cc cu hnh c bn v cc lnh hot ng, cng vi cc c ch
nn ti trn FR v c ch chn LFI trong FR.
Cu hnh Frame Relay c bn
Hai chi tit quan trng nht lin quan n cu hnh Frame Relay l vic kt hp
cc gi tr DLCI vi cc cng hoc subinterface v vic nh x a ch lp 3
n cc gi tr ny. Mt iu th v l c hai c im ny c th c cu hnh
vi cng hai lnh: frame-relay map v lnh frame-relay interface-dlci.
Mc d mt router c th hc cc gi tr DLCI trn ng truyn FR thng qua

cc thng ip LMI, cc thng ip ny khng c chc nng ngm nh rng
DLCI s dng cho cng no. cu hnh FR dng cc subinterface, cc thng
s DLCI phi c kt hp vi cc subinterface. Bt k DLCI no c hc
vi LMI m khng kt hp vi mt cng subinterface th s c gi s l
dng cho cng vt l.
Mt phng thc ph bin hn thc hin vic kt hp ny l dng lnh
frame-relay interface-dlci trong du nhc lnh sub interface. Trn cc
subinterface dng im-ni-im point-to-point, ch c mt lnh frame-relay
interface dlci l c php dng, trong khi nu cng l dng a im
multipoint, c th nhiu lnh c dng.
Mt phng thc thay th l dng lnh frame-relay map. Lnh ny vn nh x
a ch lp 3 sang gi tr DLCI nhng cng ngm nh ch ra rng DLCI thuc
v cng m lnh ny c cu hnh. Trn cc cng subinterface dng a im,
nhiu lnh c th c cho php i vi tng giao thc lp 3.
V d di y m t cc ty chn cu hnh ca FR, dng lnh frame-relay
interface-dlci v cc lnh show lin quan. V d ny hin thc cc yu cu sau
y:
R1 dng nhiu cng dng multipoint subinterface kt ni R2 v R3.
R1 dng cc cng subinterface dng im-im kt ni n R4.
Mch o VC gia R1 v R4 dng kiu ng gi IETF.
Bt u bng cu hnh ca R1. Cng subinterface s0/0.14 hin th ty chn

IETF c dng trn lnh frame-relay interface-dlci. Cng subinterface
s0/0.123 c hai DLCI thuc v n, l VC kt ni n R2 v R3.
Code:
interface Serial0/0/0
encapsulation frame-relay
!
interface Serial0/0.14 point-to-point
ip address 10.1.14.1 255.255.255.0
frame-rely interface-dlci 104 IETF
!
interface Serial0/0/0.123 multipoint
ip address 101.123.1 255.255.255.0
frame-relay interface-dlci 102
Tip theo l cu hnh R2. R2 gn gi tr DLCI cho VC t R1 v R3 n cng
subinterface .123. Ch rng s ca subinterface ca router khng cn phi
ng bng gi tr DLCI.
Code:
!
interfacce Serial0/0/0.123 multipoint
ip address 101.123.2 255.255.255.0
Tip theo l cu hnh R4, trong ng gi bng lnh frame-relay ietf. Lnh
ny s thit lp kiu ng gi cho tt c cc VC trn cng S0/0/0. Cng lu
rng tn sut gi cc thng ip thay i t gi tr mc nh (10) thnh 8
thng qua lnh keepalive 8.
Code:
encapsulation frame-relay IETF
keepalive 8
!
interface Serial0/0/0.1 point-to-point
ip address 10.1.14.4 25.255.255.0
Lnh show frame-relay pvc hin th cc thng tin thng k v trng thi ca
tng VC. Lnh k tip trn R1 b qua mt s on, ch li nhng dng c
trng thi PVC.
Code:
R1# show frame-relay pvc| incl PVC STATUS
DLCI = 100, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE,
INTERFACE = Serial0/0/0
DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE,
INTERFACE = Serial0/0/0.123
DLCI = 105, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE,
Code:
R1# show frame-relay pvc 102
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
input pkts 41 output pkts 54 in bytes 4615
out bytes 5491 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 27 out bcast bytes 1587
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:29:37, last time pvc status changed 00:13:47
Kt qu lnh di y xc nhn rng ng truyn ca R1 ang dng Cisco
LMI. Cc thng ip trng thi LMI s xut hin mi pht trong thng ip
Full Status message c lit k sau cng. Ch rng router gi cc thng ip
truy vn trng thi n tng i. Khi tng i gi cc thng ip trng thi, cc
b m ny s cng tng.
Code:
R1# show frame-relay lmi

LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE =
CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 183 Num Status msgs Rcvd 183
Num Update Status Rcvd 0 Num Status Timeouts 0
Last Full Status Req 00:00:35 Last Full Status Rcvd 00:00:35
Lnh show interface lit k vi chi tit, bao gm cc khong thi gian gi
cc thng ip LMI, LMI stats, LMI DLCI v cc trng thi trong hng i FR.
Hng i broadcast gi cc broadcast FR m nhng broadcast ny s c
nhn bn v gi trn VC. V d nh cc OSPF LSAs.
Code:
R1# show int s 0/0/0
Serial0/0/0 is up, line protocol is up
! lines omitted for brevity
Encapsulation FRAME-RELAY, loopback not set
Keepalive set (10 sec)
LMI enq sent 185, LMI stat recvd 185, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 274/0, interface broadcasts 228
! Lines omitted for brevity
Code:
R3# sh frame lmi |include LMITYPE
LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE =
ANSI
R3# sh int s 0/0/0 | include LMI DLCI
LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE
Ch l R3 ang dng kiu ANSI LMI. R3 c th cu hnh LMI tnh bng cu
lnh frame-relay lmi-type {ansi | cisco | q933a} trong cng vt l. Tuy nhin
R3 b qua lnh ny, lm cho R3 c hnh ng mc nh l t ng tm ra
loi LMI.
Frame Relay Inverse ARP:

IP ARP c bit n nh mt giao thc ph thng v tng i n gin. i
vi k thi CCIE cng vy. a s cc cu hi trong phn IP ARP l nhng cu
hi n gin. Do , nhng cu hi kh v ch xy dng CEF adjacency
table s tp trung vo Frame Relay Inverse ARP, cng chnh v vy m phng
thc Frame Relay Inverse ARP s c trnh by c th v chi tit hn.
Tng t nh IP ARP, nhim v ca InARP l phn gii gia a ch L3 v a
ch L2. a ch L3 chnh l a ch IP, cn a ch L2 y chnh l s DLCI
(tng t nh a ch MAC trong IP ARP). Tuy nhin, trong phng thc
InARP, router bit c a ch L2 (DLCI), v cn phn gii ra a ch L3
(IP) tng ng.
Hnh sau l mt v d v chc nng ca InARP.
Trong mi trng LAN, i hi phi c mt gi tin (ARP request) n host v

kch hot giao thc IP ARP trn host (tr v ARP reply). Tuy nhin , trong mi
trng WAN, khng cn mt gi tin no n router kch hot InARP trn
router ny, thay vo l mt thng ip v tnh trng LMI (Local
Management Interface) s c dng.
Sau khi nhn c thng ip trng thi LMI l LMI PVC Up, router s loan
bo a ch IP ca n ra mch lin kt o (VC - Virtual Circuit) tng ng
thng qua thng ip InARP (nh ngha trong RFC1293). Nh vy, mt khi
LMI khng c thc thi th InARP cng khng hot ng bi v khng c
thng ip no ni cho router bit gi thng ip InARP.
Trong mng Frame Relay, nhng cu hnh chi tit c chon la vi mc ch

trnh mt s tnh trng khng mong mun, nhng tnh trng ny s c m t
chi tit trong nhng trang k tip ca chng ny. V d khi s dng point-topoint subinterface, vi mi VC thuc mt subnet ring, tt c nhng vn gp
phi trong cu hnh ny s c m t r rng c th phng trnh.
Bn thn giao thc InARP tng i n gin. Tuy nhin, khi trin khai InARP
trn nhng m hnh mng khc nhau, da trn nhng kiu cng khc nhau
(cng vt l, cng point-to-point subinterface v multipoint subinterface) th
cch thc hot ng ca InARP s tr nn phc tp hn rt nhiu.
Sau y l mt v d v h thng mng Frame Relay c thit k theo m
hnh mng li khng y (partial mesh) trn cng mt subnet trong khi
mi router s dng mt kiu cng khc nhau.
S mng trn ch mang tnh cht l mt v d, n ch s dng trong mi

trng hc tp hiu chi tit hn v cch thc hot ng ca InARP. S
ny khng nn c p dng trong mi trng mng thc t bi thit k yu
km vi nhiu hn ch khi trin khai giao thc nh tuyn bn trn.
Thng tin ca mt s lnh show v debug lin quan n Frame Relay InARP
v mt trong s nhng iu k quc v InARP lin quan n point-to-point
subinterface c m t trong v d 1.1.
u tin cu hnh frame relay trn cng multipoint ca R1.
Code:
Router1# sh run
interface Serial0/0
interface Serial0/0.11 multipoint
ip address 172.31.134.1 255.255.255.0
K tip, cng serial c tt v bt v cc hng trong InARP trc b xa v
vy ta c th quan st tin trnh InARP.
Code:
Router1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)# int s 0/0
Router1(config-if)# do clear frame-relay inarp
Router1(config-if)# shut
Router1(config-if)# no shut
Router1(config-if)# ^Z
Cc thng ip t lnh debug frame-relay event hin th cc thng ip nhn
c InARP trn R1. Ch cc gi tr hex 0xAC1F8603 v 0xAC1F8604, vi
cc gi tr thp phn tng ng l 172.31.134.3 and 172.31.134.4 (tng ng
vi Router3 v Router4).
Code:
Router1# debug frame-relay events
*Mar 1 00:09:45.334: Serial0/0.11: FR ARP input
*Mar 1 00:09:45.334: datagramstart = 0x392BA0E, datagramsize = 34
*Mar 1 00:09:45.334: FR encap = 0x48C10300
*Mar 1 00:09:45.334: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00
*Mar 1 00:09:45.334: AC 1F 86 03 48 C1 AC 1F 86 01 01 02 00 00
*Mar 1 00:09:45.334:
*Mar 1 00:09:45.334: datagramstart = 0x392B8CE, datagramsize = 34
*Mar 1 00:09:45.338: FR encap = 0x64010300
*Mar 1 00:09:45.338: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00
*Mar 1 00:09:45.338: AC 1F 86 04 64 01 AC 1F 86 01 01 02 00 00
K tip, ch lnh show frame-relay map c bao gm t kha dynamic, ngha
l cc hng c hc thng qua InARP.
Code:
Router1# show frame-relay map
Serial0/0.11 (up): ip 172.31.134.3 dlci 300(0x12C,0x48C0), dynamic,

broadcast, status defined, active
Serial0/0.11 (up): ip 172.31.134.4 dlci 400(0x190,0x6400), dynamic,
Trn R3, lnh show frame-relay map ch lit k mt hng duy nht nhng nh
dng th khc. Bi v R3 dng point-to-point subinterface, hng ny khng
c hc thng qua InARP v kt qu lnh khng bao gm t kha Dynamic.
Cng ch l kt qu khng cho thy a ch Layer 3 no.
Code:
Serial0/0.3333 (up): point-to-point dlci, dlci 100(0x64,0x1840), broadcast
status defined, active
Ch : Trong v d trn ta thy xut hin lnh do trong ch cu hnh. Lnh
do cho php cu hnh trong configuration mode nhng thc hin chc nng
exec mode m khng phi thot khi mode configuration. V d lnh do clear
frame-relay inarp thc hin configuration mode tng ng vi vic ta thc
hin lnh clear frame-relay inarp ch ton cc.
Trong v d trn, lnh show cho thy Router R1 nhn v s dng thng tin
InARP; tuy nhin Router R3 th khng s dng thng tin InARP nhn vo.
H iu hnh Cisco IOS hiu rng ch mt VC c thit lp vi mt
subinterface point-to-point; mi mt a ch IP u cui khc trn cng mt
subnet ch c th tham chiu n duy nht mt s DLCI. V vy, mi thng tin
InARP nhn c lin kt n s DLCI l khng cn thit.
Ly v d, khi no Router R3 cn gi mt gi tin n Router R1(172.31.134.1),
hay n mi u cui khc trong subnet 172.31.134.0/24. T chnh cu hnh
ca mnh, Router R3 bit rng phi gi qua s DLCI trn point-to-point
subinterface , ngha l qua DLCI 100. V vy, mc d c ba kiu cng c
dng cho cu hnh Frame Relay h tr InARP mt cch mc nh, point-topoint subinterface s b qua thng tin InARP nhn c.
Cu hnh nh x a ch tnh trong Frame Relay
Trong hnh 1.3, R3 bit cch y gi tin n R4, nhng ngc li R4 cha
bit cch y gi tin ngc tr li Router3. Theo nghi logic R3 s hiu
nh sau nhng gi tin n c next-hop router trn subnet
172.31.124.0/24, R3 s gi chng ra theo mt s DLCI trn point-to-point
subinterface, y chnh l DLCI 100 . Nhng gi tin ny s c chuyn
n R1 v nh R1 chuyn n R4.
Trong cch thit k yu km trong hnh 1.3, mc d R4 v R3 s dng hai kiu
cng khc nhau, R3 s dng point-to-point subinterface trong khi R4 s dng
cng vt l. n c R3, R4 cn gi frame qua DLCI 100 n R1 v nh
R1 chuyn tip n R3. Trong trng hp ny InARP s khng gip c g,

bi v thng ip InARP ch cho php qua mt VC, m khng cho php chuyn
tip; mt ch thch rng khng c VC no tn ti gia R4 v R3.
gii quyt vn ny, trong cu hnh ca R4 c thm vo cu lnh
frame-relay map. V d 1.2 m t chi tit thng tin trc v sau khi s dng
lnh frame-relay map.
Router 4 ch lit k mt hng trong lnh show frame-relay map bi v Router4
ch c mt VC duy nht kt ni v Router1. Ch vi mt VC, Router 4 c th
hc v mt router khc thng qua InARP.
Code:
Router4# sh run
! lines omitted for brevity
interface Serial0/0
ip address 172.31.134.4 255.255.255.0
Serial0/0 (up): ip 172.31.134.1 dlci 100(0x64,0x1840), dynamic,
broadcast,, status defined, active
! Next, proof that Router4 cannot send packets to Router3s Frame Relay IP
address.
Router4# ping 172.31.134.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.134.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
K tip, cc thng tin nh x tnh c thm vo trn Router4 dng lnh framerelay map trong sub-interface. Cng ch rng lnh ny dng DLCI 100, v
vy bt c gi tin no c gi bi R4 v 172.31.134.3 (Router3) s i qua VC
v router 1, sau li cn nh tuyn gi tin ngc v Router3. T kha
broadcast bo cho Router4 gi cc bn copy trn VC ny.
Code:
Router4# conf t
Router4(config)# int s0/0
Router4(config-if)# frame-relay map ip 172.31.134.3 100 broadcast
Router4# ping 172.31.134.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.134.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms

V d 1.2
Ch : Router R3 khng cn phi s dng cu lnh frame-relay map, bi v
trong cu hnh ca R3 s dng point-to-point subinterface. Phi nh k rng
bn ng nn s dng nhiu kiu cng khc nhau nh hnh 1.3, cng khng
nn trin khai m hnh dng li khng y (non-full-mesh) vi cng mt
subnet, tr khi bn buc phi thc hin trn ng khng gian a ch IP hn ch
ca mnh.
Trong trng hp khi bn s dng m hnh nh hnh 1.3, bn c th s dng
cu hnh trn. Mt s la chon khc l nu nh bn s dng multipoint
subinterface trn c R3 v R4, c hai router u phi s dng cu lnh framerelay map, bi v c hai router u khng th nghe c thng ip InARP t
router khc. Tuy nhin, nu c hai router R3 v R4 u s dng point-to-point
subinterface, khng router no i hi phi c cu lnh frame-relay map, bi v
theo ngha logic c hai router u hiu l: dng mt VC ca n n tt c
cc a ch trong subnet.
Tt InARP
Trong hu ht nhng m hnh mng c a ra, vic s dng InARP l hp
l. Tuy nhin, ta c th tt InARP trn interface vt l hay multipoint interface
i bng cch s dng lnh no frame-relay inverse-arp trn interface
subcommand. C th ngng hot ng InARP trn tt c cc VC ca
interface/subinterface, tt c cc VC ca interface/subinterface ng vi mt
giao thc L3 ring bit, hay n thun l trn mi DLCI c th.
Cu lnh no frame-relay inverse-arp khng ch lm cho router ngng vic gi
thng ip InARP ra ngoi, m cn lm cho router khng nhn thng ip
InARP. Ly v d, cu lnh no frame-relay inverse-arp ip 400 mode
subinterface trn Router R1 trong v d 1.2 khng ch ngn R1 ngng gi thng
ip InARP ra DLCI400 ti R4 m cn lm cho R1 b i thng ip InARP
nhn trn DLCI400.
(*) Interface point-to-point lun lun b qua thng ip InARP, bi v i vi

point-to-point interface, ch dng mt s DLCI gi n tt c a ch trong
cng mt subnet
Bi 3:
SPANNING TREE PROTOCOL - STP
1. Tng quan v IEEE 802.1D:
Mt mng mnh m c thit k khng ch em li tnh hiu qu cho vic
truyn cc gi hoc frame, m cn phi xem xt lm th no khi phc hot
ng ca mng mt cch nhanh chng khi mng xy ra li. Trong mi trng
lp 3, cc giao thc nh tuyn s dng con ng d phng n mng ch
khi con ng chnh b li th s nhanh chng tn dng con ng th 2. nh
tuyn lp 3 cho php nhiu con ng n ch gi nguyn tnh trng hot
ng ca mng v cng cho php cn bng ti qua nhiu con ng.
Trong mi trng lp 2 (switching hoc bridging), khng s dng giao thc
nh tuyn v cng khng cho php cc con ng d phng, thay v bridge
cung cp vic truyn d liu gia cc mng hoc cc port ca switch. Giao thc
Spanning Tree cung cp lin kt d phng mng chuyn mch lp 2 c th
khi phc t li m khng cn c s can thip kp thi. STP c nh ngha
trong chun IEEE 802.1D.
1.1. Spanning Tree l g v ti sao phi s dng n?

Spanning Tree Protocol (STP) l mt giao thc ngn chn s lp vng, cho
php cc bridge truyn thng vi nhau pht hin vng lp vt l trong mng.
Sau giao thc ny s nh r mt thut ton m bridge c th to ra mt
topology lun l cha loop-free. Ni cch khc STP s to mt cu trc cy ca
free-loop gm cc l v cc nhnh ni ton b mng lp 2.
Vng lp xy ra trong mng vi nhiu nguyn nhn. Hu ht cc nguyn nhn
thng thng l kt qu ca vic c gng tnh ton cung cp kh nng d
phng, trong trng hp ny, mt link hoc switch b hng, cc link hoc
switch khc vn tip tc hot ng, tuy nhin cc vng lp cng c th xy ra
do li. Hnh 3.1 biu din mt mng switch in hnh v cc vng lp c
c dng cung cp kh nng d phng nh th no.
Hai nguyn nhn chnh gy ra s lp vng tai hi trong mng chuyn

mch l do broadcast v s sai lch ca bng bridge.
Broadcast Loop
Broadcast Loop v vng lp lp 2 l mt s kt hp nguy him. Hnh 3.2 biu
din broadcast to ra vng lp phn hi (feedback loop).
Gi s rng, khng c switch no chy STP:

Bc 1: host A gi mt frame bng a ch broadcast MAC (FF-FF-FF-FFFF-FF).
Bc 2: frame n c hai Cat-1 v Cat-2 qua port 1/1
Bc 3: Cat-1 s a frame qua port 1/2.
Bc 4: frame c truyn n tt c cc node trn on mng Ethernet k c
port 1/2 ca Cat-2.
Bc 5: Cat-2 a frame ny n port 1/1 ca n.
Bc 6: mt ln na, frame xut hin port 1/1 ca Cat-1.
Bc 7: Cat-1 s gi frame ny n port 1/2 ln hai. Nh vy to thnh mt
vng lp y.
Ch : frame ny cng trn qua on mng Ethernet v to thnh mt vng lp
theo hng ngc li, feedback loop xy ra trong c hai hng. Mt kt lun
quan trng na trong hnh 3.2 l bridging loop nguy him hn nhiu so vi
routing loop. Hnh 3.3 m t format ca mt DIXv2 Ethernet frame.
DIXv2 Ethernet Frame ch cha 2 a ch MAC, mt trng Type v mt CRC.

Trong IP header cha trng time-to-live (TTL) c thit lp ti host gc v
n s c gim bt mi khi qua mt router. Gi s b loi b nu TTL = 0,
iu ny cho php cc router ngn chn cc datagram b run-away. Khng
ging nh IP, Ethernet khng c trng TTL, v vy sau khi mt frame bt u
b loop trong mng th n vn tip tc cho n khi ai ngt mt trong cc

bridge hoc ngt mt kin kt.
Trong mt mng phc tp hn mng c m t trong hnh 3.1, 3.2 th c th
gy ra feedback loop rt nhanh theo t l s m. V c mi frame trn qua nhiu
port ca switch, th tng s frame tng nhanh rt nhiu.
Ngoi ra cn phi ch n broadcast storm trn cc user ca host A v B
trong hnh 3.2. Broadcast c x l bi CPU trong tt c cc thit b trn
mng. Trong trng hp ny, cc PC u c x l broadcast storm. Nu ta ngt
kt ni mt trong s cc host t LAN, th n hot ng tr li bnh thng. Tuy
nhin, ngay khi ta kt ni n tr li LAN th broadcast s s dng 100% CPU.
Nu ta khng x l iu ny m vn tip tc s dng mng, th s to ra vng
lp vt l trong VLAN.
Vic sai lch bng bridge:
Nhiu nh qun tr switch/bridge nhn thc vn c bn ca broadcast
storm, tuy nhin ta phi bit rng thm ch cc unicast frame cng c th truyn
mi trong mng m cha vng lp. Hnh 3.4 m t iu ny.
Bc 1: host A mun gi gi unicast n host B, tuy nhin host B ri khi
mng, v ng vi bng bridge ca switch khng c a ch ca host B.
Bc 2: gi s rng c hai switch u khng chy STP, th frame n port 1/1
trn c hai switch.
Bc 3: v host B b down, nn Cat-1 khng c a ch MAC BB-BB-BBBB-BB-BB trong bng bridge, v n trn frame qua cc port.
Bc 4: Cat-2 nhn c frame trn port 1/2 . C 2 vn xy ra.
o Bc 5: Cat-2 trn frame v n khng hc a ch MAC BB-BB-BB-BB-BBBB, iu ny to ra feedback loop v lm down mng.
o Cat-2 ch rng, n ch nhn mt frame trn port 1/2 vi a ch MAC l
AA-AA-AA-AA-AA-AA. N thay i a ch MAC ca host A trong bng
bridge dn n sai port.
V frame b lp theo hng ngc li, nn ta thy a ch MAC ca host A b

ln gia port 1/1 v 1/2. iu ny khng ch lm mng b trn vi cc gi
unicast m cn sa sai bng bridge. Nh vy khng ch c broadcast mi lm
h hi mng.
--------------------------Bi 4:
Spanning Tree.
Mt h thng mng hin thc STP km c th dn n rt nhiu cng vic cu
hnh, khi phc li trn mng campus. Bi vit ny gii thch c ch hot ng
ca spanning-tree, chc nng ngn nga loop trong mng switch.
STP l mt trong nhng ch m tnh k thut trong cng ngh LAN
switching. hiu v STP th cng kh khn nh l hiu v cc c ch hot
ng bn di ca OSPF hay EIGRP (timers, kiu gi tin, cc gii thut). STP
ng vai tr nn tng trong hot ng ca mi h thng mng campus. N
ng vai tr then cht trong thit k v trin khai mng campus.
Spanning-tree l mt giao thc lp 2 s dng mt gii thut c bit tm ra
cc vng lp trong mng v tc ng ca mt mng khng b loop. STP s to
ra mt cu trc cy bao gm cc l v cc nhnh tri rng trn ton b mng
L2. Trong phn ny, thut ng switch v bridge c dng thay th ln nhau.
Ngoi ra, nu khng cp n, kt nI gia cc switch s c gi s l kt
ni trunk.
Cc vng lp loop c th din ra trong mt h thng mng v nhiu l do.
Thng thng, loop l kt qu ca nhng c gng xy dng cc kt nI d
phng. Tuy nhin, loop cng c th dn n t nhng li do cu hnh.
Cc kt ni vt l theo kiu vng lp m khng dng STP c th gy nhiu vn

. C hai vn c th dn n l broadcast loop v hng bng mac-address.
Mt frame Ethernet ch cha hai a ch MAC, vng typefield, mt vng CRC
v cc thng tin lp network. Trong khi , header ca IP c cha vng timeto-live (TTL) c gn bi router ngun v b tr dn mi khi qua mt router.
Bng cch loi b nhng gi tin c TTL=0, router s ngn nga cc gi tin
tn ti qu lu trong h thng mng. Khng ging nh IP, Ethernet khng c
vng TTL. V vy, sau khi mt frame bt u b lp, frame s c chuyn bt
tn cho n khi no mt switch b tt i hoc mt kt ni l b ngt.
Bridge-ID
Gii thut spanning-tree c nh ngha trong IEEE 802.1D. Cc thng s
c dng bi gii thut bao gm Bridge-ID s c kho st trong phn ny.
Gii thut spanning-tree da trn mt s thng s ra quyt nh. Thng s
bridge-ID l thng s u tin c dng bi STP tm ra trung tm ca
mng, cn gi l root-bridge. Thng s bridge-UD l mt gi tr 8-bytes bao
gm hai vng gi tr. Gi tr u tin l gi tr thp phn c di 2-bytes gi
l Bridge-Priority v gi tr tip theo l a ch MAC 6 bytes. Bridge Priority
c dng ch ra u tin ca mt bridge trong gii thut spanning-tree.
Cc gi tr c th l t 0 cho n 65535. Gi tr mc nh l 32,768.
Gi tr MAC trong BID l mt trong nhng MAC-address ca switch. Hai
thng s BID khng th no bng nhau, bi v Catalyst switch c gn nhng
gi tr MAC address khc nhau. Trong cc gii thut ca spanning-tree, khi so
snh hai gi tr ca switch, gi tr thp hn lun c dng.
Path cost
Path cost l thng s th hai c dng bi gii thut ca spanning-tree xc
nh ng i v root. c t IEEE 802.1D ban u nh ngha cost c gi tr
bng 10 ly tha 9 chia cho bng thng ca kt ni tnh theo Mbps. V d
ng 10M s c cost l 100 (1000/10) v ng 100Mbps s c cost l 10.
Tuy nhin, do cng ngh pht trin, c cc cng ngh mi c tc cao hn c
1Gbps nn cn nh ngha li cng thc tnh cost.
Cost c lu nh mt gi tr s nguyn.
Thng s path cost s o lng cc bridge s gn nhau nh th no. Path cost l
tng ca cc chi ph trn ng link gia hai bridge. i lng ny khng o
bng hop count. Hop count cho ng i A c th ln hn hop-count cho
ng i B, trong khi , nu xt theo cost, ng i qua path A s nh hn
ng i qua path B. Thng s path cost c dng bi cc switch xc nh
ng i tt nht v RootBridge. Gi tr thp nht ca ng i s l ng i
tt nht v root-bridge.
Port-ID
Thng s PortID l thng s th ba c dng bi spanning-tree xc nh
ng i v root-bridge. Gi tr port-ID l gi tr 2-bytes bao gm mt hai ch
s. Ch s u tin gi l port Priority, gi tr th hai c gi l port-number.
Trn mt CatOS, gi tr u tin l 6bits v gi tr th hai l 10 bits. Trn IOSbased switch, c hai gi tr l 8 bits.
Ta khng nn nhm ln gia PortID vI gi tr Port Number. Gi tr port
number ch l mt phn ca PortID. Gi tr PortID cng thp th c u tin
hn gi tr portID cao trong cc quyt nh ca STP. Hai gi tr PortID khng
th no bng nhau, bi v PortNumber s ch ra switchport trn Catalyst switch.
Gi tr port priority l mt thng s STP c th thay i c. Tm gi tr ca
n l t 0 cho n 255 trn IOS-based switch, gi tr mc nh l 128.
-----------------------------------------------
Bi 5:
Route redistribution
Redistribution
1. nh ngha
Trng hp nu mt mng ca cng ty chy nhiu giao thc nh tuyn th cn
phi c mt phng thc chia s thng tin nh tuyn gia cc giao thc
khc nhau . Qu trnh gi l redistribution.
Ch l trong trng hp tn ti nhiu giao thc nh tuyn trn cng mt
router khng c ngha l redistribution t xy ra. M qu trnh redistribution
ny xy ra th ta phi cu hnh chng.
Trng hp c nhiu giao thc nh tuyn tn ti trn cng mt router m
khng c cu hnh redistribution c gi l ships in the night (SIN) routing.
C ngha l router ch trao i thng tin nh tuyn vi neighbor ca n trong
cng process domain. Mc d SIN routing thng c cp ti trng hp
nhiu giao thc nh tuyn trn cng mt router (nh l OSPF ca giao thc IP
v NLSP ca giao thc IPX).
Mt ch na l redistribution ch c th xy ra gia cc giao thc nh tuyn
tng ng vi cng mt giao thc lp 3 (IP, IPX hay Apple Talk). Mt vi
giao thc nh tuyn th t ng redistribution m khng cn phi cu hnh, tuy
nhin thng l ta phi cu hnh th qu trnh redistribution mi din ra.
Hnh 3.1 di y s miu t chnh sch redistribution ca tng giao thc nh
tuyn.
Routing Protocol & Chnh sch redistribution (Redistribution Policy)

Static: Phi cu hnh bng tay vo cc giao thc nh tuyn khc.
Connected: Tr phi c cu lnh Network cho qu trnh nh tuyn, phi yu cu
cu hnh redistribution bng tay vo cc giao thc nh tuyn khc.
RIP: Yu cu cu hnh redistribution bng tay.
IGRP: N s t ng din ra gia IGRP v EIGRP nu gi tr AS autonomous
system ca chng ging nhau. Trng hp cn li yu cu phi cu hnh bng
tay.
EIGRP: N s t ng din ra gia IGRP v EIGRP nu gi tr autonomous
system ca chng ging nhau. EIGRP cho giao thc Apple Talk s t ng
redistribution gia EIGRP v RTMP. EIGRP cho IPX s t ng redistribution
gia EIGRP v IPX RIP/SAP. Trng hp cn li yu cu phi cu hnh bng
tay. Trong cc phin bn sau, NLSP c th redistribution bng tay.
OSPF: Yu cu phi cu hnh redistribution gia cc OSPF process khc nhau
v vi giao thc nh tuyn khc.
IS-IS: Yu cu phi cu hnh bng tay gia cc giao thc nh tuyn khc
nhau.
BGP: Yu cu phi cu hnh bng tay gia cc giao thc nh tuyn khc
nhau.
Cc trng hp dn ti tn ti nhiu giao thc nh tuyn trong cng mt t
chc:
T chc chuyn t mt giao thc ny sang mt giao thc khc bi v h
cn mt giao thc nh tuyn phc tp hn. V d chuyn t RIP sang OSPF.
Do yu t lch s, t chc c rt nhiu mng con. Cng ty cn c
thit k chuyn sang mt giao thc duy nht trong tng lai. V d hin ti
va chy RIP, IGRP. Mong mun chuyn sang EIGRP.
Mt vi doanh nghip s dng gii php host-based yu cu nhiu giao
thc nh tuyn. V d, v d mt UNIX host s dng RIP khm ph
gateway.
-
Sau khi 2 cng ty c hp nht.
V mt chnh tr, c nhng t tng khc nhau gia cc nh qan tr

mng khc nhau.
Trong mt mi trng rt ln, nhng vng khc nhau c nhng yu cu

khc nhau, do mt gii php n l l khng hiu qu. V d: mt mng a
quc gia, th EIGRP l giao thc nh tuyn c s dng access layer v
distribution layer nhng BGP l giao thc nh tuyn c dng kt ni vi
core layer.
2. Cc vn pht sinh v gii php khi thc hin redistribution.
c trng ca cc giao thc nh tuyn m hu ht c mang trong
redistribution l s khc nhau trong metric v administrative distance, v kh
nng classful hay classless ca chng. Nu khng xem xt cn thn s khc
nhau ny khi redistribution cc giao thc nh tuyn c th dn ti cc vn
nh khng trao i mt vi hoc tt c cc tuyn (route), routing loop v black
hole.
a/ Metric
Static route khng c metric i km vi chng, nhng mi OSPF route (tuyn
OSPF) phi c mt gi tr cost i km. Mt v d khc lin quan n metric na
l redistribution ca RIP route (tuyn RIP) vo IGRP. Metric ca RIP l hop
count, trong khi IGRP s dng bandwidth v delay. Metric ca IGRP l mt s
24 bit trong khi ca RIP gi tr gii hn l 15. Trong c 2 trng hp, yu cu
i vi giao thc nh tuyn tham gia redistribution l i vi nhng tuyn
(route) c redistribution vo domain ca n th n phi kt hp c metric
ca n vi metric ca nhng tuyn .
Do cn c mt gii php. l khi router thc hin redistribution phi gn
mt gi tr metric cho nhng tuyn tham gia redistribution, tc l chuyn i
metric ca cc tuyn t giao thc c (v d l RIP dng hop count) sang giao
thc mi (v d l IGRP dng bandwidth+ delay). Qu trnh chuyn i nn
thc hin ngay trong lc redistribution v trn router chy nhiu routing
protocol.
Mt v d l EIGRP v OSPF. EIGRP c redistribution vo OSPF v ngc
li OSPF c redistribution vo EIGRP. OSPF khng hiu metric t hp ca
EIGRP v EIGRP cng khng hiu cost ca OSPF. Kt qu l, cc phn ca
qu trnh redistribution cc router phi c gn mt cost cho mi EIGRP
route trc khi tuyn c qung b sang OSPF domain. Tng t nh vy,
router cng phi gn mt cp gi tr sau: bandwidth, delay, reliability, load v
MTU cho mi OSPF route trc khi n c qung b sang EIGRP domain.
Nu qu trnh gn metric l khng ng th qu trnh redistribution s tht bi.
b. Khong cch qun l (Administrative Distance)
Tnh a dng ca metric cn gy ra vn sau: nu mt router chy nhiu hn
mt giao thc nh tuyn v hc mt tuyn (route) ti cng mt ch t mi
giao thc tng ng, th tuyn no s c chn? Mi giao thc nh tuyn s
dng metric ca n xc nh ra route tt nht theo cch ca mnh. So snh

tuyn (route) vi metric khc nhau chng hn: hop count v cost, chng khc
no so snh to v cam.
C mt gii php gii quyt vn ny l administrative distance. ng
nh metric c gn cho mi tuyn (route) n mc u tin ca mi route
c th c xc nh, administrative distance c gn cho tuyn ngun (route
source) n mc u tin hn ca tuyn ngun c xc nh. Nh trong phn
hai gii thiu administrative distance n nh l thc o v tin cy. Gi
tr administrative distance cng nh th tin cy ca thng tin nh tuyn trao
i bi giao thc tng ng cng ln.
V d, gi s mt router chy 2 giao thc nh tuyn l RIP v EIGRP. Khi
router hc mt tuyn ti mng 192.168.5.0 bng c 2 giao thc nh tuyn th
n s nhn c thng tin v tuyn ti mng 192.168.5.0 t c RIP neighbor v
EIGRP neighbor. Bi v EIGRP s dng metric t hp cho nn nhng thng tin
nh tuyn hc c t EIGRP s chnh xc hn l thng tin nh tuyn hc
c t RIP. Do , EIGRP tin cy hn RIP.
Bng 3.3 cho bit cc gi tr administrative distance mc nh ca cc giao thc
nh tuyn khc nhau. EIGRP c administrative distance l 90 trong khi RIP l
120. iu chng t EIGRP tin cy hn RIP.
c. Redistributing t Classless vo Classful Protocols
S suy xt thn trng c ni r c ni r khi thc hin redistribution t
mt classless routing process domain vo mt classful domain. hiu c
ti sao li nh vy, u tin cn hiu mt classful routing protocol phn ng li
nh th no vi s thay i ca subnet. Nh bit RIP l mt classful routing
protocol cho nn n khng gi mask trong thng tin nh tuyn. i vi cc
route m mt classful router nhn c s rI vo mt trong 2 kh nng sau:
Router s c mt hay nhiu hn interface gn vi mng chnh (major
network).
-
Router s khng c interface gn vo mng chnh.
Gii php 1: cho vic redistribution gia classful routing protocol v classless
routing protocol l s dng nh tuyn tnh phn phi cc route vo trong
classful routing domain.
Gai php 2: thc hin route summary nhm cc subnet con thnh mt
subnet to hn m classful routing domain hiu c.
Bi 6:
Tho lun cc vn v cp quang
Hi:
1. Cho em hi v s khc nhau gia cp quang SM v MM?
2. Cc thit b u cui hn si cp quang trc khi gn n vo switch.
Trn mt s switch, em thy c giao tip FX; i khi em thy giao tip
cp quang l SX hoc LX. Vy ttrong ttrng hp no th mnh s dng
fx, v trong trng hp no mnh dng sx. Si cp patch-cable dng
cho fx l st/sc. Tuy nhin em khng phn bit c trong trng hp
no em dnng st/st hoc sc/sc. Cc anh c th gii thch cho em c
khng?
3. Cc bn th l gii ti sao si n mode cn n cc b suy hao 5dB,
10dB khong cch gn?
Tr li:
1. Si quang l nhng dy nh v do truyn cc nh sng nhn thy c
v cc tia hng ngoi. Chng c 3 lp: li (core), o (cladding) v v
bc (coating). nh sng c th phn x mt cch hon ton trong li
th chit sut ca li ln hn chit sut ca o mt cht. V bc pha
ngoi o bo v si quang khi b m v n mn, ng thi chng xuyn
m vi cc si i bn cnh. Li v o c lm bng thu tinh hay cht
do (Silica), cht do, kim loi, fluor, si quang kt tinh). Thnh phn
li v v c chic sut khc nhau. Chit sut ca nhng lp ny nh th
ny s quyt nh tnh cht ca si quang. Chng c phn loi thnh
cc loi si quang n mode (Single Mode SM) v a mode
(Multimode -MM) tng ng vi s lng mode ca nh sng truyn
qua si quang. Mode sng l mt trng thi truyn n nh ca sng nh
sng (cng c th hiu mt mode l mt tia).
Si quang n mode hay si quang a mode u ch truyn mt tn hiu (l d
liu m ta cn truyn). Mun truyn nhiu d liu t cc knh khc nhau, ta
phi dng n cng ngh WDM (truyn nhiu bc sng trn cng mt si
quang). Si a mode c th truyn cng lc nhiu nh sng vi gc anpha khc
nhau, cn si n mode ch c th truyn 1 nh sng vi 1 bc sng nht
nh. Do si quang l vt liu truyn thng tin da trn nh lut phn x nh
sng. Tia sng khi i t mi trng c chit sut cao qua mi trng chit sut
thp th khng i thng (hay cn gi l tn x) m s phn x li. Do , khi
nh sng mang thng tin, s c truyn i m khng b suy hao g c (v n c
chy lng vng trong , phn x bn ny, ri phn x bn kia. Si quang n
mode th li c chit sut l mt hng s v chit sut ca v cng l 1 hng s.
Khi nh sng s truyn i theo ng ziczac trong si quang ( lnh pha
ca tn hiu khi s ng k). Si a mode l cng ngh tin tin hn, chit
sut t li ra n v s gim t t (nhng vn m bo mt t s chit sut
nh sng ch phn x ch khng tn x), khi th nh sng s i theo ng

cong, lnh pha s t hn nhiu so vi hnh ziczac ca loi n mode. a
mode cn chia lm 2 loi, l step mode v grade mode. Step mode th chit
sut t li n v gim dn, nhng theo tng nc, cn grade mode th gim lin
tc v d nhin l grade mode s tt hn step mode. D nhin l vic dng a
mode th cn ph thuc nhiu yu t na nh l gi thnh, cc thit b u cui
(ghp knh quang). Si SM ch truyn c mt mode sng do ng knh li
rt nh (khong 10 micromet). Do ch truyn mt mode sng nn SM khng b
nh hng bi hin tng tn sc v thc t SM thng c s dng hn so
vi MM. Si MM c ng knh li ln hn SM (khong 6-8 ln), c th
truyn c nhiu mode sng trong li.
Thng s vt l ca hai loi cp ny:
ng knh li si (phn truyn tin):
Core.
SM: 9/125;
MM: 50/125 v 62.5/125.
ng knh v phn x: Cladding th c SM v MM u nh nhau l 125um.
Hin nay, cp quang single mode ch dng cho ng trc, ngoi vic gi thnh
ra, cng ngh ca cp single mode rt khc khe, v rt kh trong vic thi cng
cng nh s dng. L do chnh l do lp li ca cp single mode rt nh
(khoang 27 Micromet) cn ca multi mode thi ln hn rt nhiu (khong 130
Micromet). Ngoi ra, do kt cu li single mode cho nh sng i theo ng
thng, m gi thnh ch to, cng nh chnh xc trong thi cng, thit b cng
ngh cao lm cho cp SM kh thc hin trong cc cng trnh dn s.
V Coating th ty thuc vo dc tnh cn bo v m ngi ta lm lp ny, tuy
nhin thng thng i vi cp out door th n l 250, vi cp indoor th n l
900, iu ny khng ph thuc vo cp SM hay MM. V s dng th ty thuc
vo cng sut pht, nhy thu, khong cch truyn dn, tc yu cu v gi
thnh m ngi ta quyt nh dng SM hoc MM.
Minh ha hnh ng i ca nh sng truyn trong li (m nguyn nhn l do
kt cu ca li Single Mode Multi Mode:
===================
- - - >- - - - >- - ng nh sng
===================
Single Mode
===================
/\/\/\/\/\/\/\/\/\
- - - - - - - - - ng nh sng
\/\/\/\/\/\/\/\/\/
===================
Multi mode
Tip cn theo quang hc tia (ray optic), mode ca si quang c hiu l mt
tia sng nh sng n sc. Si quang a mode l si quang truyn nhiu tia
sng cng mt lc, trong khi si quang n mode ch truyn duy nht mt
mode dc trc. Tip cn theo quang hc lng t, nh sng l mt loi sng
in t (hai thnh phn E, H) v truyn dn ca n trong si quang phi tun
th cc phng trnh ca nh lut Maxoen. Ngi ta nhn thy rng thnh
phn in (vc t E) v thnh phn t (vc t H) ti li v v ca si quang
khng c lp vi nhau m c mi lin h thng qua iu kin bin li-v. Bt
c cp nghim no ca h phng trnh Maxoen li v v tho mn iu kin
bin c gi l mt mode truyn sng.
Ngoi cch phn loi nh trn, cn vi cch phn loi cp quang khc. Theo
Mode th c: SM v MM (MM c 2 loi: 62.5 v 50). Theo mi trng lp t
th c Outdoor v In door. Outdoor li chia ra thnh cc loi: F8 v
Underground.
2. Ti sao si quang n mode c kh nng truyn tt hn si a mode?
Si n mode truyn xa v tt hn si a mode.Trong Single mode, nh sng
i theo gn nh mt ng thng trng vi trc cp, cn trong Multi Mode,
nh sng i theo mt chm tia sng c dng hnh sin ng trc (v th m ta
c th ghp thm nhiu nh sng c cc bc sng khc nhau). Si quang a
mode s gp hin tng tn sc trong si quang gia cc mode truyn dn. y
l yu im chnh ca a mode so vi n mode. Do m tn hiu trong si
quang a mode d b tn x hn, tc truyn km hn v khong cch truyn
gn hn.
Si quang c ch s bc v ch s lp tu theo hnh dng v chit sut ca cc
phn ca li si. Si quang n mode hay a mode ph thuc vo bc sng
ca nh sng truyn trong . Cng mt si quang nhng n c th l si n
mode vi bc sng nay v l si a mode vi bc sng khc. Tuy nhin
trong si quang, ngi ta ch truyn mt s bc sng nht nh. Nhng bc
sng ny gi l cc ca s quang. Ba bc sng l 850nm, 1330nm,
1550nm. Thng th bc sng 850nm t c dng. MM c cc bc sng
chun l: 780, 850 v 1300. Hin nay cc thit b t dng bc sng 780. SM c
cc bc sng: 1310, 1550, 1627. Cc thit b SM dng cng ngh DWM th
cn c th s dng nhiu bc sng khc na. Do khi nim si a mode v
n mode phi gn lin vi bc sng truyn. Khong cch truyn (theo
khuyn co) ca cp a mode l 500m. Khong cch truyn (theo khuyn co)
ca cp n mode l 3000m. Si quang n mode c dng ch yu do ko c
hin tng tn sc gia cc mode l nguyn nhn ch yu gy nhiu si
quang. Si n mode c dng lm mng backbone cn si a mode ch
dng truyn gia cc mng trong vng. Thm na c n mode v a mode
u dng nh sng laser hoc led c, cn s dng ci no l tu vo tng
trng hp c th do nhu cu v yu cu ca mng.
Khi truyn trong si quang, sng nh sng b chi phi bi mt s hin tng
sau:
(*) Suy gim (attenuation): Suy gim trong si quang do hai nguyn nhn
chnh, l hp th ca vt liu v tn x ReyLeng. Hp th vt liu nh hn tn
x ReyLeng nn c th b qua. Tn x ReyLeng do cc thng ging vi sai trong
cu trc vt liu, v gim khi bc sng tng. th tng hp ca cc nguyn
nhn suy gim gip tm ra ba ca s truyn sng s dng rng ri ngy nay
(800nm, 1300nm v 1550nm)
(*) Tn sc (dispersion): Tn sc l hin tng cc thnh phn khc nhau ca
tn hiu cn truyn truyn i vi cc tc khc nhau trong si quang. Tn sc
do gy ra hin tng gin xung nh sng u ra, gy ra nhiu chng ph
v l nguyn nhn chnh dn n hn ch ca khong cch truyn trong si
quang ngy nay. C mt s loi tn sc khc nhau, gm tn sc mode (si
quang a mode mi c), tn sc phn cc v tn sc n sc (gm tn sc vt
liu + tn sc ng dn sng), mi loi c mt nh hng khc nhau n qu
trnh truyn ca tn hiu. Cc loi si quang dch tn sc hn ch c mt
phn vn ny nn c khong cch truyn xa (longhaul).
(*) Cc hiu ng phi tuyn: Khi truyn nhiu mode trong si quang, hin tng
phi tuyn gy ra hin tng sinh ra cc hi t cc mode truyn c bn, dn n
nhiu ti u thu v gim cng sut tn hiu truyn.
Cc hin tng ny c nh hng cng r rt khong cch cng ln, v
khong cch cng khng phi l tham s duy nht. Chng lm nh hng tiu
cc n bin , tn s, cc tham s khc v xung truyn, v do nh hng
n kh nng nhn dng ca u thu. Hn na, cc nh hng ny li khng
ging nhau, v d b khuych i c th dng hn ch vn attenuation,
nhng v hiu vi gin xung, v cc b ti to xung khng th m bo cng
sut ngng ca u thugy ra nhiu kh khn trong khc phc
Trong s cc nh hng th tn sc l nghim trng nht, v trong s cc loi
tn sc th tn sc mode l ng k nht. Hy tng tng hai mode sng li
v ngoi nht. Khong cch v thi gian khi n ch ca chng l yu t
quyt nh n khong cch truyn. Thng thng khong cch ny khng
c vt qu 1/2 chu k xung cn truyn b thu c kh nng hi phc tn
hiu nh c. l l do chnh si n mode truyn tt hn si a mode trn
cc tham s k thut chung. Ngoi ra, cn rt nhiu vn nu mun thc s
hiu c vn mode v phn bit gia chng. Truyn dn quang vi power

budget l bi ton cn phi cn thn khi tnh ton thit k. Ngy nay, cng ngh
WDM v cc pht hin mi trong k thut quang v ang hng th h
mng n mt k nguyn mi, k nguyn ca Optical Internet.
ng knh li ca si quang n mode nh hn ng knh li ca si quang
a mode. iu ny xut pht t iu kin m bo tnh n mode ca si
quang cho bi cng thc sau:
(2*PI/lamda)*a*sqr(n1*n1-n2*n2) <2.405
Trong lamda l bc sng, a l ng knh li si quang v n1, n2 ln lt
l chit sut li v. Trn th biu din s mode v diameter, bn cn ko di
a c thm s mode truyn sng.
R rng vi mt bc sng n mode ti hn lamda, chit sut li v xc nh,
th ng knh si quang b hn ch bi cng thc trn.
Thc t nh sng c lng tnh sng ht, v tr thnh mt cuc tranh ci
ln nht trong lch s Vt l nhng nm cui th k 19. Tip cn theo quang
hc tia v quang hc lng t u cn thit l gii cc hin tng truyn
sng nh sng trong si quang, tuy nhin, bn cht in t ca sng nh sng
gip gii quyt cc vn sng t v d hiu hn nhiu so vi cc l gii trong
quang hc tia. n c vi mode sng, tip cn theo quang hc lng t gip
bn c th hiu c vn tn sc phn cc (trong ch n mode v bn
cht vt l vn l dn xut ca hai nghim c lp nhng cng hng s truyn
sng, tc vn a mode), vn tn sc ng dn sng (phn b nng lng
ca mode khi truyn trong si quang li v v, phn b ny khng ging
nhau vi cc mode khc nhau, dn n nng lng ca sng i trong cc vng
c chit sut n thay i, v l nguyn nhn ca tn sc). Chng ta khng cn
hiu su sc n h Maxoen gii ntn, nhng nm c phng php tip cn
ny gip chng ta hiu tt hn v si quang v cc vn truyn dn trn si
quang. Ngoi ra, a 2 si quang trn th khng th phn bit c SM v MM
u. phn bit c th bn phi c Microscope hoc Fusion Splicer.
3. V phn gn thit b u cui, hn v u ni cp quang
Thng thng c hai k thut u ni cp quang: mi u Connector v hn h
quang.
3.1. K thut mi u Connector cp quang:
Ly u Connector gn vo si quang ri mi cho phng u. C nhiu loi
u connector ca cc hng khc nhau nhung VN th ch yu l u
connector AMP. Loi u ny khng cn dng keo gn m n c kho si
trong. Thi cng theo k thut ny th n gin nhng suy hao cao do lm th
cng v chi ph sa cha v x l s c cp bng chi ph lm ban u do cc
u Connector ch dng c 1 ln duy nht.
3.2. K thut hn ni bng h quang:

Dng my hn cp quang chuyn dng hn mt si dy ni vo cp (dy ni l
loi dy c 1 u Connector gn sn ri).
K thut ny c nhc im l t ngi lm v chi ph u t my kh cao
(khong 12K USD) nhng u im ca n l chi ph sa cha v x l s c
kh r do dy ni c th s dng nhiu ln (mi si dy ni di trung bnh 2,5
mt. Mi ln x l phi ct i 3 cm).Bn ko cp quang ti ni s dng, hn
vo pittel, t pittel gn vo converter.
C 2 cch hn:
+ Hn bng my : $20/mi
+ Hn bng tay (bm) : $8/mi
Mt mi hn cp quang khong $12 (ty bn xa hay gn, s lng mi
hn.), pigtail FC 1.5m khong $8/ 1 si simplex, patch cord FC-SC 5m
khong $12/ si simplex, ODF 12 port khong $85 / ci.
Khi hn th s c mt thng s gi l sai s suy hao. Bn khng th trn cng
mt ng truyn dn c qu nhiu mi ni (khong 6 mi hn tay v 10 mi
hn my). Cp quang khng b nhiu bi t trng nn khng cn thit phi c
khong cch.
Dy Patch cord/Pigtail ca cp quang th cng ging tc dng nh dy Patch
cord bnh thng thi, l on cp nhy hai u c Connector kt ni thit
b quang vi si quang trn ODF. Si pig tail thc cht l mt on cp quang
ngn ni t fiber-enclosure n thit b. Si cp quang khi c ko s kt
thc cc box gi l enclosure. Cc enclosure ny c th c gn trn tng
nn thng thong cn c gi l wall-mount. Trong gio trnh academy ny
hay gi fiber enclose l ODF. Cp quang s c hn vi cc connector trong
cc ODF/WALLMOUT/ENCLOSURE ny. T cc ODF, anh c th dng cc
si pig-tail/patch-cord gn vo switch. Giao din trn switch cho cc quang
c th l SC/ST/FC. Dy Pigtail l si cp quang mt u c Connector, mt
u hn vo mt si cp quang. u ni quang trn cc switch thng l
u SC (u vung). C th thu cc cng ty lm dch v nh Saicom, Nhn
Sinh Phc, An Minh Pht, Lc Vit, SPT hn cho bn (hn si pigtail vo
cp quang, u cn li ca si pigtail cm vo ODF) ODF thng dng u ni
FC (u trn, vn) v vy bn cn mua thm t nht 4 si patch cord FC SC
ni t ODF ra switch.
Tht ra gii php tt nht l hn thm si quang nu khong cch xa, nu
khng chng ta c th mua Jumper cord c khong cch di (c bit c mt
s nh cung cp cho hng di n 300 mt). Sau chng ta c th mua v ct
b mt u lm pigtail. Hin ti my hn cp quang rt ph dng, cc cng
ty vin thng trn a bn thnh ph u c kh nng thc hin cng vic ny.
Mt s ni chn cch bm u cp quang thay v hn, nh vy r hn cht t
nhng suy hao nhiu hn l hn. Dng kiu bm u th mang tnh cht tm
thi, kh kim sot c h thng, nht l h thng mng trc.
V thit b u cui (Switch/Router) th cng n gin thi, bn hc CCNA th
quan tm n Ethernet, Media Converter, nu bn quan tm n vin thng th
quan tm n PDH, SDH, thit b DWM. Ni chung h thng thng tin quang
khng c g phc tp u, n gin n cng ch l Layer 1 thi. Khong cch
1Km th dng Switch 2 u l c, dng c c MM v SM. Khng cn
phi dng Router, dng Switch no c th config c L2 hay L3 th tt m gi
li r. H thng quang khi chy c ri th khng c chuyn chp chn.
Nu dng Cisco th c th dng con 2960 l c ri. Nn dng 2 con 2960
khng c cng GBIC ri dng thm 2 con Media Converter 100Mbps th gi
thnh hp l nht, cn nu khng th dng con 2960 c cng Gbic cng c
nhng khng ti u v gi tin. Khong cch gia 2 thit b u ni bng cp
quang khng quy nh c th l bao nhiu KM. Khong cch gia 2 thit b cn
c vo tnh ton suy hao ton tuyn, cng sut pht, nhy thu v cng sut
d phng ca thit b. Thng thng mi thit b u c khuyn co chy c
ly nht nh, Ch c ly quang ca cc loi module, nu gn qu cn phi gn
thm b suy hao quang trnh lm hng con laser receiver, tuy nhin ch
l tnh tng i thi.
3.3.
V gi thnh ca hai gii php:
C hai gii php u dng ph kin nh nhau. Gm hp cha ph kin

(patchpanel/ ODF), Adaptor, Patchcord.
i vi gii php hn si quang pigtail (gi s l 6 si quang)
pigtail MM: 7 USD/ 1 pcs
tray :14 USD/ tray 12 or 24 soi
Cng hn : 4 USD/ moi han
Tng cng cho 6 si: 42 + 14 + 24 = 80 USD
i vi gii php bm u connector:
Connector :4 USD/ 1 pcs
Cng bm u: 4 USD/ dau
Tng cng cho 6 u: 24+24 = 48 USD
Nh vy chnh lch cho mt im tp kt cui cp quang c 6 core l 80 48 =
32 USD.
Bi 7:
Leased line
Cu hi lin quan n leased line:
1. Cng ty mnh ang xi leased-line 256Kbps, thi gian u th c th
download file v duyt web rt nhanh nhng hin nay rt chm (c th
ni l chm nh dial-up). Mnh cn bit 2 iu l :
- Lm cch no mng internet chy nhanh tr li
- Lm cch no bit c ng leased-line m mnh ang s dng
c phi l 256Kbps khng?
2. DDN l g? Mi cc bn c hiu bit v DDN dnh cht thi gian post
ln cho anh em trong din n nhng kin thc ca mnh v DDN.
3. Cch cu hnh leased line trn thit b ca CISCO khng?
4. Bng thng ca mt ng truyn ( v d leased-line) c phi bng tng
ca tc truyn (bt/s) ca c hai chiu (IN/OUT) cng li khng?
Tr li:
Bn c th dng MRTG kim tra lu lng bng thng vo ra, chng trnh
min ph v h tr kh nhiu phn cng, ch phi ci l ci t hi th cng m
thi nhng dng rt tt. Mrtg download ti mrtg.org kim tra tc . Ngay
lc ny anh c th kim tra thng s Reliability ca cng Serial bng cch anh
dng lnh #show interface Serial X/X ..Nu thng s ny c t l qu thp th
c th ng truyn ch anh khng tt. y l mt thit b kt ni leased
line, ng hn l thit b HDSL Modem.
Thit b u cui bn cn trang b khi u ni leased line ti mng DDN ca Tp
HCM l dng cc NTU. NTU th c rt nhiu loi v d ASM 31 chng hn.
Thit b ny cng c datarate = 128K. Loi Timeplex AD3, IDSL Max
datarate= 128K NTU Timeplex AD3 c datarate =128K, chnhxc hn nu
di 128K th bu in s ch nh khch hng dng thit b theo bu in ch
nh, cn nu > 128K th khch hng dngloi no cng c min l >
128K.Thng tt c cc loi thit b ny c mt u l V.35, cn mt u kia
ni vo ng line cp ng ko t bu in. TimePlex AD3 c cp
trn ngng sn xut v c thay th bng TimePlex SYNCHRONY AD7
v hin ti l AD-10/FR2. Hng cung cp NTU th nhiu lm, vn l bn
c bu in khuyn co s dng loi g tng thch.
DDN l 1 network hon chnh dng cung cp cc dch v v data. Hin ti
mng DDN s dng cng ngh ghp knh TDM (TDM-based). Trong tng lai
c l s chuyn dn sang cc cng ngh mi nh DPT/RPR hoc chuyn sang
ATM-based, IP-based. Mng DDN l mt tp hp cc access node (s dng cc
b mini MUX, DACS ) dng mng truyn dn ni tnh hin c kt ni cc
access node li vi nhau (ci nh ngha ny khng chc lm . Theo em th
DDN (Digital Data Network) l mt h thng mng ch da trn truyn dn cp
ng. Hin nay mng ca bu in l mng DDN (tt nhin l backbone th

vn l Optical ri)
Cc access node c 2 nhim v:
1. Cung cp dch v data ti ngi dng cui. v d nh dch v leasedline.
2. Tp trung lu lng (multiplexer) truyn i trn mng truyn dn.
Di y so snh Leased lines (LL) vi mt s cng ngh khc nh
FrameRelay v MPLS/VPN.
Vic chn LL hay FrameRelay ty thuc ch yu vo nhu cu s dng. Sau
y l bng so snh 1 cch c bn nht:
LL: bo mt cao nht v c ng truyn dnh ring. Thch hp cho cc ng
dng rt quan trng hay cc ng dng i hi cao, khng chp nhn delay (nh
VoIP, SAP,). Khng ph thuc vo kh nng v trnh k thut ca nh
cung cp dch v, v LL hat ng lp 1 chi ph rt cao
FrameRelay: bo mt thp hn v mng FR, d liu c truyn i chung
vi cc d liu ca nhng khch hng khc. Thch hp cho cc ng dng
khng i hi cao. Ph thuc vo kh nng v trnh k thut ca nh cung
cp dch v, v FR hat ng lp 2
chi ph r hn LL rt nhiu
So snh gia leased line (TDM) v MegaWAN (VPN/MPLS), gi s tc
ng truyn cn thu nh nhau. Kt ni 1 vn phng v 2 chi nhnh.
Leased line:
u im:
- Bng thng m bo 100%
- Delay nh
- Jitter nh
- a dch v (c th s dng cho cc dch v non-IP v IP).
Khuyt im:
- Gi thu rt t.
- Thit b u cui rt t, t thng dng, kh tm.
- Buc phi s dng 1 cp thit b cho mi knh > vn phng cn 2 thit b
phc v cho 2 im chi nhnh.
MegaWAN:
u im:
- Bng thng m bo (ch s n khng khai CBR -Constant Bit Rate cho bc
thi).
- Gi thu rt r
- Thit b u cui thng dng, d mua (modem ADSL bnh thng hoc
SHDSL). HDSL v G.shdsl cho cc kt ni data 128Kbps< n x 64Kbps

<= 2048Kbps.
- Ch cn 1 modem vn phng phc v cho nhiu im chi nhnh.
- Ph hp kt ni mng tin hc v cc dch v trn nn IP.
Khuyt im:
- Delay ln
- Jitter ln
-------------------------------------Bi 8:
Xi cp quang vi RJ45
Cu hi:
Xin cho,
Ti c mt vn mong c gii p. Cng ty c 2 buiding cch nhau >200m
(cch con ng). ni gia 2 building, cty dng cp quang (cch ny hp l
nht cha?) ni 2 u. 2 u s dng LAN router cisco 26xx ( tch ri
2 mng LAN) ch c 2 port FE 10/100. Vy by gi dng cch no ni c
cp quang vo ci u Rj-45 ca router? Nu ni thng vo Switch 29xx c u
cho cp quang 2 u building th c th tch ri 2 mng khng?
Rt cm n
Tr li t cc thnh vin din n:
Nu mun ni 2 vn phng vi khong cch gn (=< 3km) c rt nhiu gii
php ph thuc vo cc thit b u cui m cng ty cc bn ang c:
1. Cp ng cng ngh G.SHDSL hay cng ngh VDSL:
C th kt ni hai ta nh bng dy cp ng (loi cp in thoi). Dng thit
b hai u VC102 (Planet VDSL Converter).
* Thit b ny c nhiu ch la chn
* Khong cch ti a 1km2
* Bng thng khong 11mb
* Gi cng khong hn 800usd cho 1 cp.
Thit b cn thit l hai modem s dng cng ngh trn c port Lan (1 hoc 4
port)
vd: Loi modem G.SHDSL Paradyn 1740 A2 gi tm 500usd, Zyxel P 792H

gi tm 400usd. Loi modem VDSL Zyxel P972.
Nu dng cp ng cng ngh G.SHDSL v mun u vo Router: cc bn
mua cc loi NTU ang c trn th trng c Interface V35 l ok, tc Syn
2Mbps. Lc ny mng ca bn ging nh mt Wan kt ni hai LAN. Nu cng
ty d d th mua Interface E1 (modem v c Router).
vd: sn phm ca Telindus, CTC
Lu : bn phi c chc nng ko c cp ng nu ngoi ng, trong
khun vin cng ty th min bn.
2. Cp quang:
kt ni bng cp quang bn cn c:
- Cp quang: nn xi loi outdoor, c armoured cng tt. Vi khong cch
khong 200-500m th dng cp multimode 50/125um l tt nht. S core th
ty bn nhng ti thiu l 2 core (Tx & Rx), thng thng l 4 hoc 8 core
d phng.
- ODF x 2 pcs cho 2 building:Ty v tr u ni/ phng thit b bn c th chn
loi rack mount hoc wall mount, FO adapter chn loi thng dng nh ST
hoc SC
- Connector quang: ti thiu l 4 (2 cho mi u), c th chn ST hay SC cho
thng dng cng nh d hn u v phi cng loi vi adapter ca ODF
- Patch cord quang: ni t ODF sang media converter, di khong 3m l .
Ch 2 u connector phi cng loi vi adapter ca ODF v FO connector
ca media converter.
- Media converter:ty nhu cu bng thng gia 2 building bn c th chn FE
hoc GE. Ch cc thng s: Cng sut pht ti thiu, Cng sut pht ti a,
nhy u thu, ngng cng sut thu ti a, kiu FO connector.
- Cui cng l 2 si patch cord RJ45 ni t media converter ti switch.
Dng Media Converter l hay nht v gi r nht. Trn th trng c nhiu loi
cc bn c th d gi c gi tt nht.
hai u ca ng cp quang cc bn c th dng switch layer 2 hoc dng
router hoc mt bn l switch v mt bn l router.
Bn kt ni hai switch bng cp quang th hai mng LAN tr thnh mt nu
bn khng cu hnh VLAN. u kia ni thng vo switch L2. Trang b 01
Switch c 02 cng cp quang l n. Mng chy thoi mi 1000Mbps.
RJ45 cp quang
(LAN)[SWITCH c cng cp quang] -[SWITCH c
cng cp quang]-(LAN)
Nu dng cp quang v mun u vo Router hai u: Cc bn c th dng
modem quang. Trn Modem quang c nhiu la chn hn v n ra nhiu
Interface hn : LAN, E1 v V35. Nu bn mun dng cp quang trc tip trn

router bn c th mua them module NM-1FE-FX.
Nu khng mun u t thm switch c cng quang bn c th s dng
Converter ca hng Planet Fast Ethernet Media Converters. Hin nay trn th
trng c cc dng media converter 100base FX/100base TX ca Plannet. Gi
r (t 100-300$ ty loi). Dng cp Munltimode th media converter r hn
Single Mode, khong cch t 500m->80km. Thit b ny c th cho bng
thng l 100Mbps, khong cch 2km vi multimode v khong 35 km vi cp
singlemode.
S dng 01 cp converter l n nht, gi c cng bnh thng m u im nht
vn l d lp t v s dng, khai thc. Gii php cp quang rt tt nhng chi
ph cao cho m hnh mng cho 2 ta nh ch cch nhau 200m. Dng cp quang
l gii php c bng thng cao v n nh nht, ko b nh hng bi mi
trng nh wireless bridge. Tuy nhin chi ph c th cao hn cng nh thi cng
s rc ri hn. Vi khong cch trn 2 Km th bn dng cp quang n mt.
Tc ca ng kt ni lc ny khng ph thuc vo cp quang m ch ph
thuc vo thit b u cui (router/switch) ca bn. Bn chy c tc Gb
bnh thng hoc thm ch 10Gb.
Khong cch 200m th khng nn dng cp 50/125 m dng cp 62.5/125 th
n hn. V mt l thuyt th cp quang 50/125 c suy hao t hn cp
62.5/125 nn cp 50 c dng cho c ly xa hn, tuy nhin hin nay cng sut
pht quang ca thit b c ci thin ng k v gi thnh cng gim
nhiu ri. L do nn dng cp 62.5/125 v loi ny rt ph thng v c nhiu
nh cung cp nn bn c th mua c cc ph kin i km nh dy ni, dy
nhy mt cch d dng v gi thnh cng r, chc bn bit gi thnh SP VN
khng ph thuc nhiu vo gi SX m ch yu ph thuc vo c bao nhiu
ngui bn thi. Mt iu na l hin nay VN vn s dng kiu bm u cp
quang m t khi hn, kiu bm u gi thnh va t m li khng linh hot khi
cn thay i.
Sau cng, vn cn gii php Wireless. Bn c th ch cn dng 1AP cho c ly
200m xy dng 1 wireless Lan. Lc ny anh cn thm cc wireless card cho
cc client. khong cch ln hn,anh cn dng 2 AP bridge thit lp 1
point to-point connection. Khi ny anh vn c 1 LAN duy nht. Trong gii
php ny khng cn n cc wireless card, t PC n bridge ta s dng UTP.
Chc nng ca AP l kt ni hai LAN vi nhau.
Bi 9:
Khi phc mt khu cho router Cisco

t vn :
Khi cu hnh mt router, ngi qun tr thit b thng t cc mt khu
ngn chn vic ng nhp khng hp l vo thit b do mnh qun l. V d,
ngn chn vic ng nhp vo mode privileged t i n cc mode cu hnh
su hn bn trong, ngi qun tr c th s dng enable password hoc
enable secret:
Router(config)#enable password vnpro (cu hnh enable pasword l
vnpro)
Router(config)#enable secret cisco (cu hnh enable secret l cisco)
Hoc thm ch c th t mt khu ngn chn ng nhp khng hp l ngay
t cng console:
Router(config)#line console 0
Router(config-line)#password vnpro
Router(config-line)#login
Vic t cc mt khu nh vy l cn thit nhm m bo mt mc bo
mt c bn nht cho thit b. Tuy nhin, i lc v bt cn, ngi qun tr c th
nh nhm mt vi k t khi khai bo mt khu hoc c th qun mt mt khu
ng nhp do khng ng nhp c vo thit b do mnh qun l. Trong
trng hp ny, ngi qun tr cn phi thc hin mt s thao tc nhm khi
phc li mt khu cho thit b. Bi vit ny s trnh by nguyn l c bn c
s dng khi phc mt khu cho cc router ca tp on Cisco, km theo
l s hng dn c th cc thao tc khi phc mt khu trn cc dng router
Cisco ph bin hin nay l cc dng 2600, 2800.
Nguyn l c bn:
Vic khi phc mt khu da trn vic can thip vo bc cui cng ca
tin trnh khi ng ca router. can thip vo tin trnh ny, ngi qun tr
phi thc hin thay i gi tr ca mt thng s k thut trn router c tn gi
l thanh ghi cu hnh (configuration register). Thanh ghi ny bao gm mt
chui nh phn 16 bit vi mi bit u mang mt ngha, chc nng ring. Thit
lp cc gi tr 0 hay 1 cho cc bit c th nh hng n tin trnh khi ng ca
router. Thanh ghi cu hnh thng c hin th di dng s hexa (h m
16), v d; 0x2102, 0x2142, 0x2100,.v.v ( k hiu 0x c s dng ch
ra y l cc s hexa). Ta xem xt tin trnh khi ng ca router:
1. POST (Power On Self Test): y l bc u tin, din ra ngay sau

khi bt ngun ca router, quy trnh POST s kim tra ton b phn
cng ca router m bo cc phn cng hot ng ng.
2. Np chng trnh bootstrap t ROM vo RAM chy, chng trnh
ny chu trch nhim thc hin quy trnh np h iu hnh (IOS) cho
router.
3. Np IOS (h iu hnh ca router) t b nh Flash vo RAM chy.
4. Sau khi c np, IOS s np file cu hnh startup-config t b nh
NVRAM vo b nh RAM thnh file running-config v thc hin file
cu hnh ny.
Tt c cc mt khu sau khi khai bo u c lu li trong file
cu hnh startup-config trn b nh NVRAM v v th sau khi file ny
c np v chy th cc mt khu s pht huy tc dng. Do , b
qua cc mt khu th phi iu khin router b qua file startup-config
trong bc ny v np vo mt cu hnh trng. S dng cu hnh trng
v vo c cc mode cu hnh su hn, c th chnh sa hoc xa b
cc mt khu lu trong file cu hnh c, t c th s dng li file
cu hnh c trong ln khi ng tip theo nhng vi cc mt khu
c sa li theo ca ngi qun tr.
thc hin c vic ny, cn phi thit lp gi tr l 1 cho bit
th 6 ca thanh ghi cu hnh (tnh t phi sang tri, bit u tin ng
ngoi cng bn phi c s th t l 0). Gi tr ca c thanh ghi khi
thit lp gi tr 1 cho bit s 6 thng c dng l : 0x2142 , c
ngha b qua startup-config trong NVRAM khi khi ng. Bnh
thng, thanh ghi ny c gi tr mc nh l 0x2102 (trong bit s 6
bng 0 c ngha: s dng file startup-config trong NVRAM).
Cc bc c th khi phc mt khu trn router Cisco cc dng 2600,
2800:
u tin, gi thit router b cu hnh sai mt khu hoc mt khu b qun
dn n ng nhp thit b khng thnh cng:
Ta tin hnh cc bc nh sau khi phc mt khu cho router:

1. Tt cng tc router v sau khong 30s th bt tr li, khi router khi
ng, mn hnh s hin th cc dng sau:
( Nhn Ctrl + Break ti y)

2. Ctrl + Break l t hp phm ngt c tc dng a router vo mt ch c
bit gi l ch rommon. Ti ch rommon, router s dng h iu hnh
ph trong b nh ROM chy ch khng s dng h iu hnh chnh IOS
trong flash chy:
L : Nhn Ctrl + Break ngay khi bt router c th lm ng router. Tt nht

l ch nhn ngt khi router hin thng bo v kch thc b nh chnh. Ta cng
c th nhn Ctrl +Break trong 15 giy u tin. Lu rng i vi cc chng
trnh terminal khc nhau, t hp phm ngt c th khc nhau. Chng trnh
terminal ph bin nht l Window Hyper Terminal s dng t hp phm
Ctrl+Break ngt.
3. Ti rommon, ta thc hin lnh i gi tr ca thanh ghi cu hnh thnh
0x2142.
4. Sau khi i xong gi tr ca thanh ghi cu hnh, phi khi ng li router.

Trong rommon, lnh khi ng li router l lnh reset.
5. Sau khi khi ng li, router sau khi np xong IOS, s b qua khng np cu
hnh t NVRAM chy na m i vo mode setup, cho php ta s dng mt
cu hnh trng chy.
Ta nhp phn tr li l no s dng cu hnh trng. Khi s dng cu hnh

trng, ta i vo c mode privileged ca router, t c th tip tc i vo
cc mode cu hnh su hn chnh sa hoc loi b mt khu trong file cu
hnh c.
6. Tip theo, copy file startup-config vo thnh file running-config. Sau khi
copy file startup-config vo, ta c th thay i chnh sa li mt khu c nm
trn file ny.
Ta thy tn router c i t tn mc nh l Router thnh Vnpro.

Nh vy, ta lm vic trn file cu hnh c v b qua c mt khu.
7. K tip, ta ch vic xem mt khu no cn chnh sa hoc loi b lm cc
thao tc chnh sa, loi b tng ng. y, v d mt khu cn sa li l
enable password, sa li thnh vnpro.
Sau khi sa xong, nh lu cu hnh ln cu hnh c t nay v sau s

dng mt khu mi.
8. Bc cui cng, ta phi sa li thanh ghi cu hnh v mc nh nh c l
0x2102 tin trnh khi ng sau ny c din ra bnh thng.
Thanh ghi cu hnh sau khi c sa vn gi nguyn gi tr 0x2142, ta phi

khi ng li router th gi tr mi 0x2102 mi c s dng.
Trn y l nguyn l v cc bc dng khi phc mt khu li hoc b
qun cho router cc dng 2600, 2800 ca hng Cisco. i vi cc dng khc c
th c bin i cht t v cch thc v dng lnh nhng nguyn tc th vn
ging nh vy, c th tham kho thm trong cc ti liu hng dn i km
hoc trn trang h tr ca Cisco.
----------------------------------------------------
Bi 10:
Clockrate vs bandwidth.
Tng kt cc tho lun c a ra v bandwidth v clockrate
Cc cu hi xung quanh vn ny:
-Cu lnh clock rate to xung nhp, vy nu chng ta g clockrate cng ln th
tc truyn d liu gia DCE v DTE cng cao phi khng?
-Cn cu lnh Bandwidth khi g vo mt interface no th c tc dng g?
- Cp xung Clockrate l dng ng b 2 u (1 l DCE trn thc t l nh
cung cp dch v, 1 l DTE- l ngi s dng), nhng ng b lm g? Cn
tc ng truyn l ph thuc vo Bandwidth, BW cng cao th tc
ng truyn nhanh v ngc li. Clockrate nh hng n ng truyn? Nu
ni nh bn th 1 ng c BW=256 vi Clockrate = 9600 v 1 ng c BW
= 64 vi Clockrate = 128000 th ng no s nhanh hn.
Mt s kin tr li:
- Lnh bandwidth thc cht l to mt tham s u vo tnh ra composite
metric (ca IGRP). khi bandwidth cng ln th metric tnh ra cng nh( nh
vy con ng s c tin cy cao hn, v s c u tin so vi cc con
ng khc n cng mng ch router chn update vo bng nh tuyn).
Lnh ny khng c tc dng lm tng tc truyn gia DCE v DTE.
- Cn lnh clockrate, s lm thay i tc truyn d liu v xung nhp cao th

d liu s c truyn vi tc cao hn.
- Clock rate cng cao th d nhin s cho bn tc cng cao, nhng vi iu
kin DTE v DCE phi p ng c. Hn th na tc clockrate khng phi
l con s bt k bn ngh ra, ri g vo ! M n c nhng con s c nh sn, v
d nh 9600,19200,56000,64000,115200, v ty thuc vo truyn sync hay
async m nhng con s quy nh ny khc nhau. Nhng d sao i na th
clockrate ny cng khng quyt nh hon ton tc truyn trong 1 s trng
hp, th d nh modem async, frame relay, i vi modem async th clock
rate ch quyt nh c tc t DTE n DCE m tc thc th ph thuc
vo carier ca DCE (modem) . Cn frame relay th clock rate nh hng n
access rate m thi, data truyn nhanh hay chm th cn ph thuc CIR. Nhng
d sao i na th khi truyn async ta nn cho clockrate > tc carier v nh
vy gip cho DTE s gip CPU trn DTE nh ti hn cho cng vic truyn c
thi gian trng nhiu hn cho nhng vic khc. Clock Rate ch c ngha trong
ch truyn ng b, khng c ngha trong truyn bt ng b. Trong ch
truyn bt ng b, ng h xung nhp hai u khc nhau hay ni cch
khc l ko ng b vi nhau th vic cp xung nhp s ko c ngha g c.
Khi dng lnh clock rate, g ? s ra cc tc ph hp. Con s ny lun l bi
s ca 9600 bps.
- Trong truyn dn FR, CIR c ngha l tc m bo ca nh cung cp
dch v cho khch hng. Trong iu kin mng b nghn th nh cung cp dch
v vn m bo tc truyn = CIR m ko thp hn. Do , thng s CIR
cng ko nh hng n tc truyn ca FR.
- Bandwidth th c tc dng gip cc routing protocol tnh cc composite
metric, khng c tc dng v vn tc trong truyn data.
- Clockrate th hin tn s trn s liu c chuyn i. Tn s cng cao th
s liu c chuyn i cng nhanh. Clockrate lm vic layer 1.
Cn bandwidth th hon ton khng lin quan g n layer 1 c. N ch gip
cho ngi qun tr theo di d dng hn. Ngai ra, bandwidth cn c mt s
dynamic routing protocols nh OSPF, EIGRP dng tnh ton best route n
destination.
Trong v d trn th ng c clockrate 128k s nhanh hn rt nhiu so vi
ng c clockrate 9.6k
- Kh nng truyn s liu khng ch ph thuc vo clockrate m cn l thuc
vo nhng yu t khc na nh ng kt ni vt l, cng ngh truyn dn.
- Trong trng hp dng dial-up, cng ngh hin ti ch cho php n 56K. Xin
lu l 56K ch l tc kt ni l thuyt. Tc thc t khi kt ni s thp
hn, v d nh 48k. Lu l y khng phi l tc truyn s liu, ch l tc
thi im kt ni m thi. Trong qu trnh truyn s liu, 2 modems 2

u s lin tc trao i vi nhau v tm ra tc kt ni n nh cao nht. Ty
theo ng vt l (xa hay gn, tt hay xu,..) m tc truyn s liu thc t
s thay i, chng hn nh ch cn 33.6k, 19.2k hay thm ch khng th truyn
c v c qu nhiu li
Trong trng hp ca ADSL, cng ngh mi ny cho php truyn s liu
mt tc cao hn so vi trng hp dng dial-up. Trong trng hp dng
lease line, tc 128k c bo m v ng b trn ton b ng i t im
A n im B. Thit b 2 u phi c kh nng h tr hat ng tc
ny Tc ny s c nh v khng thay i theo thi gian.
- Khi chng ta s dng router Cisco, c hai cu lnh thng dng lin quan n
bng thng. Th nht l lnh clock rate, lnh ny nh ngha t l bit lp 1 thc
s. Cu lnh c s dng khi router cung cp xung ng h, in hnh khi kt
ni router s dng interface serial vi mt vi thit b ln cn(v d nh vi
router khc).
- Cu lnh bandwidth thit lp lng bng thng sn c trn interface. V d:
giao thc nh tuyn EIGRP (Enhanced Interior Gateway Routing Protocol) la
chn cc metric cho interface da theo cu lnh bandwidth, khng da theo cu
lnh clock rate. Ni tm li, bng thng ch thay i hot ng ca cc tool trn
interface nhng khng bao gi thay i tc gi bit tht s trn mt interface.
- Mt s tool QoS lin quan n bng thng ca interface, c nh ngha bi
cu lnh bandwidth. Cc k s nn xem xt bng thng mc nh khi cho php
cc yu t QoS. i vi cc interface serial ca router Cisco, bng thng mc
nh c thit lp vi tc T1 bt k bng thng thc s. Nu s dng
subinterface, chng tha hng bng thng c thit lp cho interface vt l
tng ng.
Bi 11:
AAA
1.1.Gii thiu tng quan AAA
1.1.1.Vic s dng AAA trong v bo mt v iu khin truy cp m
rng mng
Cc nh qun tr mng ngy nay phi iu khin vic truy cp cng nh gim
st thng tin m ngi dng u cui ang thao tc. Nhng vic lm c th
a n thnh cng hay tht bi ca cng ty. Vi tng , AAA l cch
thc tt nht gim st nhng g m ngi dng u cui c th lm trn
mng. Ta c th xc thc (authentication) ngi dng, cp quyn

(authorization) cho ngi dng, cng nh tp hp c thng tin nh thi gian
bt u hay kt thc ca ngi dng (accounting). Nh ta thy, bo mt l vn
rt quan trng.
Vi mc iu khin, tht d dng ci t bo mt v qun tr mng. Ta c
th nh ngha cc vai tr (role) a ra cho user nhng lnh m h cn hon
thnh nhim v ca h v theo di nhng thay i trong mng. Vi kh nng
log li cc s kin, ta c th c nhng s iu chnh thch hp vi tng yu cu
t ra.Tt c nhng thnh phn ny l cn thit duy tr tnh an ton, bo mt
cho mng. Vi thng tin thu thp c, ta c th tin on vic cp nht cn
thit theo thi gian. Yu cu bo mt d liu, gia tng bng thng, gim st cc
vn trn mng, tt c u c th tm thy trn dch v AAA.
1.1.2. Tng quan AAA
AAA [1] cho php nh qun tr mng bit c cc thng tin quan trng v tnh
hnh cng nh mc an ton trong mng. N cung cp vic xc thc
(authentication) ngi dng nhm bo m c th nhn dng ng ngi dng.
Mt khi nhn dng ngi dng, ta c th gii hn thm quyn
(authorization) m ngi dng c th lm. Khi ngi dng s dng mng, ta
cng c th gim st tt c nhng g m h lm. AAA vi ba phn xc thc
(authentication), cp quyn (authorization), tnh cc (accounting) l cc phn
ring bit m ta c th s dng trong dch v mng, cn thit m rng v
bo mt mng. AAA c th dng tp hp thng tin t nhiu thit b trn
mng. Ta c th bt cc dch v AAA trn router, switch, firewall, cc thit b
VPN, server,
1.1.3. nh ngha AAA
Cc dch v AAA c chia thnh ba phn, xc thc (authentication), cp
quyn (accounting), tnh cc (accounting). Ta s tm hiu s khc nhau ca ba
phn ny v cch thc chng lm vic nh th no. iu quan trng nht l
hiu v cc kiu khc nhau ca tnh cc (accounting).
1.1.3.1.Xc thc (Authentication)
Xc thc dng nhn dng (identify) ngi dng. Trong sut qu trnh xc
thc, username v password ca ngi dng c kim tra v i chiu vi c
s d liu lu trong AAA Server. Tt nhin, ty thuc vo giao thc m AAA
h tr m ha n u, t nht th cng m ha username v password. Xc
thc s xc nh ngi dng l ai. V d: Ngi dng c username l vnpro v
mt khu l L@bOnlin3 s l hp l v c xc thc thnh cng vi h thng.
Sau khi xc thc thnh cng th ngi dng c th truy cp c vo mng.
Tin trnh ny ch l mt trong cc thnh phn iu khin ngi dng vi
AAA. Mt khi username v password c chp nhn, AAA c th dng

nh ngha thm quyn m ngi dng c php lm trong h thng.
1.1.3.2.Thm quyn (Authorization)
Authorization cho php nh qun tr iu khin vic cp quyn trong mt
khong thi gian, hay trn tng thit b, tng nhm, tng ngi dng c th
hay trn tng giao thc. AAA cho php nh qun tr to ra cc thuc tnh m t
cc chc nng ca ngi dng c php lm. Do , ngi dng phi c
xc thc trc khi cp quyn cho ngi . AAA Authorization lm vic ging
nh mt tp cc thuc tnh m t nhng g m ngi dng c xc thc c
th c. V d: ngi dng vnpro sau khi xc thc thnh cng c th ch c
php truy cp vo server VNLABPRO_SERVER thng qua FTP. Nhng thuc
tnh ny c so snh vi thng tin cha trong c s d liu ca ngi dng
v kt qu c tr v AAA xc nh kh nng cng nh gii hn thc t
ca ngi . iu ny yu cu c s d liu phi giao tip lin tc vi AAA
server trong sut qu trnh kt ni n thit b truy cp t xa (RAS).
1.1.3.3.Tnh cc (Accounting)
Accounting cho php nh qun tr c th thu thp thng tin nh thi gian bt
u, thi gian kt thc ngi dng truy cp vo h thng, cc cu lnh thc
thi, thng k lu lng, vic s dng ti nguyn v sau lu tr thng tin
trong h thng c s d liu quan h. Ni cch khc, accounting cho php gim
st dch v v ti nguyn c ngi dng s dng. V d: thng k cho thy
ngi dng c tn truy cp l vnpro truy cp vo VNLABPRO_SERVER
bng giao thc FTP vi s ln l 5 ln. im chnh trong Accounting l cho
php ngi qun tr gim st tch cc v tin on c dch v v vic s
dng ti nguyn. Thng tin ny c th c dng tnh cc khch hng,
qun l mng, kim ton s sch.
-----------------------------------------------Bi 12:
Vn duplex trong Ethernet
Ch full-duplex trong Ethernet

Cng ging nh trong Ethernet, ci tin performance ta c th dng ch
fullduplex. Fast Ethernet c th cung cp tc truyn ln n 100Mbps trong
mi chiu truyn, dn n kt qu 200Mbps throughput. Thng lng ti a
200Mbps ny ch t c khi mt thit b (trm lm vic, server, routers hay
mt switch khc) kt ni trc tip n mt switchport. Ni cch khc, cc thit
b u cui ca mt kt ni phi h tr fullduplex, c kh nng truyn m
khng phi ch pht hin v khi phc khi xung t.
c t ca FastEthernet cng cho php tng thch ngc vi 10Mbps Ethernet

truyn thng. Trong trng hp 100BaseTX, cc switchport thng c gi l
10/100 ch ra tc dualspeed. Khi ny, hai thit b hai u kt ni s t
ng d tm tc sao cho c hai c th hot ng tc cao nht. Qu trnh
d tm ny bao gm vic pht hin v chn la cng ngh lp vt l, tm ch
halfduplex hay fullduplex. Nu c hai u ca kt ni c cu hnh theo
kiu autonegotiate, tc chung cao nht gia hai thit b s c dng.
Trong qu trnh bt tay d tm ch duplex ca mt kt ni, mt s thng tin

s c trao i qua li gia hai thit b. iu ny c ngha l, cho qu trnh
d tm t ng l thnh cng, c hai u phi c thit lp ch
autonegotiate. Nu khc i (ngha l ch c mt u thit lp autonegotiate),
mt u ca kt ni s khng nhn c thng tin t u kia v s khng c
kh nng xc nh ch chnh xc ang c dng. Nu qu trnh
autonegotiation l tht bi, mt switchport s tr v ch t ng ca n l
halfduplex.
Cn ch v vn duplex mismatch khi c hai u ca kt ni u khng cu

hnh cho autonegotiation. Khi c mismatch xy ra, mt u ca kt ni s dng
full-duplex trong khi u xa dng halfduplex. Kt qu l my trm ang hot
ng ch half-duplex s lun pht hin ra collision khi c hai u mun
truyn. My trm ang chy full-duplex s gi s l n c quyn truyn bt
k thi im no. My trm ny s khng dng li v ch. Tnh trng ny dn
n li trn kt ni v tc p ng rt chm gia cc my.
Qu trnh bt tay s dng bng cc u tin di y. Khi c hai u kt ni
c th bt tay nhau nhiu tc , tc no c u tin cao nht s c
dng. V d, nu c hai thit b c th chy mc 6 (100BbaseTX fullduplex)
v mc 2 (10base2full), mc 6 s c dng.
u tin
7
6
5
4
3
2
1
Ch ethernet
100Base-t2 (full duplex)
100Base-TX (full duplex)
100BASE-t2 (half duplex)
100Base-T4
100Base-TX
10base-T (full duplex)
10Base-T
m bo cu hnh chnh xc c hai u ca kt ni, Cisco khuyn co cc

gi tr v tc truyn, duplex mode phi c cu hnh th cng (manually)
trn cc switchports. Yu t ny gip loi tr kh nng mt bn thay i cc ci
t, dn n kt ni c th khng dng c. Nu bn cu hnh th cng
switchport, hy thit lp lun cho thit b trn u kia ca kt ni cc thng s
tng ng. Nu khc i, vn speed mismatch hay duplex mismatch s xy
ra.
Bi 13:
Collision domain
Min ng v b m chuyn mch:
Mt min ng (Collision domain) l mt tp hp cc thit b c th gi cc
khung tin m cc khung tin ny c th b ng vi cc khung tin ca mt
thit b khc. Trc khi switch c pht minh, Ethernet thng dng hub hoc
cc on cp dng chung nh 10Base2 v 10Base5. Switch trong cng ngh
Ethernet gip gim kh nng ng thng qua qu trnh lu cc khung tin
trong b m v c ch hot ng lp 2 ca n.
Theo nh ngha, Hub trong cng ngh Ethernet s bao gm cc c im sau:
- Hot ng ch lp 1 ca m hnh tham chiu OSI.
- Khuych i, ti to tn hiu in nng chiu di ng truyn.
Min ng (Collision Domain)
Chuyn tn hiu nhn c trn mt cng ra tt c nhng cng khc ngoi tr

cng nhn vo, v khng c b m.
Nh vy hub s to ra mt min ng . Ngc li, switch s gii hn min
ng trn tng cng ca n.
Switch cng dng cng loi cp v khuch i tn hiu ging nh hub, nhng
switch lm nhiu vic hn. ng s gim thiu do cc khung tin c m,
khi switch nhn c cc khung tin trn cc cng khc nhau, switch lu khung
tin trong cc b nh m ngn nga xung t. V d, gi s mt switch nhn
ba khung tin cng mt thi im i vo ba cng khc nhau v n phi c
a ra cng mt cng ca switch. Lc ny switch s lu hai khung tin trong b
nh, v chuyn cc khung tin i mt cch tun t. Khi mt cng ca switch
kt ni n mt thit b khng phi l HUB, ng s khng th xy ra. Thit
b duy nht c th to ra ng l bn thn cng switch v mt thit b kt ni
vo n v nu mi bn c mt cp cp ring truyn. V ng khng th

xy ra, nhng phn on mng trn c th s dng ch song cng.
---------------------------------------------------------Bi 14:
Cc phng thc chng loop ca RIP

Hi t (Convergence) v chng loop:
Phn quan trng nht v cng phc tp nht ca RIP nm nhng phng thc
chng loop. Ging nh nhng giao thc nh tuyn distance vector khc, RIP
s dng kt hp nhng cng c chng loop khc nhau, nhng ng tic rng
nhng cng c ny cng lm tng thi gian hi t (convergence) mt cch ng
k. S tht, l mt hn ch rt ln ca RIP (k c RIPv2). Bng 8.3 tng hp
nhng tnh nng v phng thc lin quan n s hi t v chng loop ca
RIP.
Tnh nng
Split horizon
Triggered update
Route poisoning
Poison reverse
M t
Thay v qung b tt c cc route ra mt interface, RIP
khng qung b nhng route m router hc c t
interface ny.
Router s gi mt update mi ngay khi thng tin nh
tuyn b thay i, thay v phi ch ht thi gian update
time. Trigger update cn c tn gi khc l flash update.
Khi mt gi tr metric thay i tt hn hoc km hn,
router ngay lp tc s gi ra mt thng ip cp nht m
khng cn ch cho khong thi gian update timers b ht.
Qu trnh ti hi t din ra nhanh hn so vi trng hp
phi ch nhng khong thi gian cp nht nh k. Cc
thng ip cp nht nh k vn din ra cng vi cc thng
ip trigger update. Nh vy mt router c th nhn mt
thng tin km v mt route t mt router cha hi t sau
khi nhn mt thng tin chnh xc t mt trigger update.
Tnh hung ny xy ra v cc li nh tuyn vn c th xy
ra trong qu trnh ti hi t.
Mt s hiu chnh xa hn na l trong thng ip cp nht,
ch bao gm cc a ch mng lm cho vic trigger xy ra.
K thut ny lm gim thi gian x l v gim nh hng
n bng thng.
khi route b li, router s gi update v route i vi
infinity-metric (hop count = 16).
Router nhn c qung b v mt poisoned route (metric
16) trn mt interface, router s hi p li thng ip
Update timer
Holddown timer
poison reverse trn cng interface .

Qua mi khong thi gian update timer, router s gi
update mt ln qua mt interface, mi interface c mt
update timer ring, mc nh trn tt c interface l 30
giy.
i vi mi route n mt subnet trong bng nh tuyn,
nu nh metric ca route thay i n mt gi tr ln hn,
thi gian holddown timer s bt u. Trong khong thi
gian ny (mc nh l 180 giy) router s khng cp nht
route no khc n subnet trong bng nh tuyn cho
n khi thi gian holddown timer kt thc.
Trigger update s lm tng kh nng p ng mt h thng
mng ang hi t. Holddown timers s gip kim sot cc
thng tin nh tuyn xu.
Nu khong cch n mt mng ch tng (v d s hop
count tng t hai ln bn), router s gn mt gi tr thi
gian cho route . Cho n khi no thi gian ht hn,
router s khng chp nhn bt k cp nht no cho route
.
Invalid timer
Flush (Garbage)
timer
R rng c mt s nh i y. Kh nng cc thng tin

nh tuyn km b a vo bng nh tuyn l gim nhng
b li thi gian hi t s tng ln. Nu thi gian holdown l
qu ngn, n s khng hiu qu. Nu khong thi gian l
qu di, qu trnh nh tuyn thng thng s b nh
hng.
i vi mi route tn ti trong bng nh tuyn, thi gian
invalid timer s tng cho n khi router nhn c update
thng bo v route . Nu nh nhn c update, thi
gian invalid s c t v 0. Nu nh router khng nhn
c update, m thi gian invalid ht (mc nh l 180
giy), route c xem nh l khng dng c.
Thi gian flush timer mc nh l 240 giy, cng ging
nh thi gian invalid timer, tuy nhin thi gian flush timer
mc nh s tng thm 60 na, trong thi gian ny nu
khng nhn c update v route, router s loi route ra
khi bng nh tuyn.
Bi 15:
Tt Frame Relay InARP

Tt InARP:
Trong hu ht nhng m hnh mng c a ra, vic s dng InARP l hp
l. Tuy nhin, ta c th tt InARP trn interface vt l hay multipoint interface
i bng cch s dng lnh no frame-relay inverse-arp trn interface
subcommand. C th ngng hot ng InARP trn tt c cc VC ca
interface/subinterface, tt c cc VC ca interface/subinterface ng vi mt
giao thc L3 ring bit, hay n thun l trn mi DLCI c th.
Cu lnh no frame-relay inverse-arp khng ch lm cho router ngng vic gi
thng ip InARP ra ngoi, m cn lm cho router khng nhn thng ip
InARP. Ly v d, cu lnh no frame-relay inverse-arp ip 400 mode
subinterface trn Router R1 trong v d 1.2 khng ch ngn R1 ngng gi thng
ip InARP ra DLCI400 ti R4 m cn lm cho R1 b i thng ip InARP
nhn trn DLCI400.
Bng 15.1 : Tng hp mt s c tnh chi tit v Frame Relay Inverse ARP trn
IOS
Interface Point-toCch c x trn mi kiu
point
interface ring bt
InARP c i hi LMI khng Lun lun
?
InARP c kch hot mt ng
cch mc nh ?
C th tt hot ng ca
C
InARP khng ?
C th b qua thng ip
Lun lun (*)
InARP nhn hay khng
Interface multipoint hoc

interface vt l
Lun lun
ng
Khng
Khi InARP b tt i
(*) Interface point-to-point lun lun b qua thng ip InARP, bi v i vi

point-to-point interface, ch dng mt DLCI gi n tt c a ch trong
cng mt subnet.
-------------------------------------------------------
Bi 16:
Giao thc Frame Relay InverseARP

Frame Relay Inverse ARP:
IP ARP c bit n nh mt giao thc ph thng v tng i n gin. i
vi k thi CCIE cng vy. a s cc cu hi trong phn IP ARP l nhng cu
hi n gin. Do , nhng cu hi kh v ch xy dng CEF adjacency
table s tp trung vo Frame Relay Inverse ARP, cng chnh v vy m phng
thc Frame Relay Inverse ARP s c trnh by c th v chi tit hn.
Tng t nh IP ARP, nhim v ca InARP l phn gii gia a ch L3 v a
ch L2. a ch L3 chnh l a ch IP, cn a ch L2 y chnh l s DLCI
(tng t nh a ch MAC trong IP ARP). Tuy nhin, trong phng thc
InARP, router bit c a ch L2 (DLCI), v cn phn gii ra a ch L3
(IP) tng ng.
Hnh sau l mt v d v chc nng ca InARP.
Trong mi trng LAN, i hi phi c mt gi tin (ARP request) n host v

kch hot giao thc IP ARP trn host (tr v ARP reply). Tuy nhin , trong mi
trng WAN, khng cn mt gi tin no n router kch hot InARP trn
router ny, thay vo l mt thng ip v tnh trng LMI (Local
Management Interface) s c dng.
Sau khi nhn c thng ip trng thi LMI l LMI PVC Up, router s loan
bo a ch IP ca n ra mch lin kt o (VC Virtual Circuit) tng ng
thng qua thng ip InARP (nh ngha trong RFC1293). Nh vy, mt khi
LMI khng c thc thi th InARP cng khng hot ng bi v khng c
thng ip no ni cho router bit gi thng ip InARP.
Trong mng Frame Relay, nhng cu hnh chi tit c chon la vi mc ch
trnh mt s tnh trng khng mong mun, nhng tnh trng ny s c m t
chi tit trong nhng trang k tip ca chng ny. V d khi s dng point-topoint subinterface, vi mi VC thuc mt subnet ring, tt c nhng vn gp
phi trong cu hnh ny s c m t r rng c th phng trnh.
Bn thn giao thc InARP tng i n gin. Tuy nhin, khi trin khai InARP
trn nhng m hnh mng khc nhau, da trn nhng kiu cng khc nhau
(cng vt l, cng point-to-point subinterface v multipoint subinterface) th
cch thc hot ng ca InARP s tr nn phc tp hn rt nhiu.
Sau y l mt v d v h thng mng Frame Relay c thit k theo m
hnh mng li khng y (partial mesh) trn cng mt subnet trong khi
mi router s dng mt kiu cng khc nhau.
S mng trn ch mang tnh cht l mt v d, n ch s dng trong mi

trng hc tp hiu chi tit hn v cch thc hot ng ca InARP. S
ny khng nn c p dng trong mi trng mng thc t bi thit k yu
km vi nhiu hn ch khi trin khai giao thc nh tuyn bn trn.
u tin cu hnh frame relay trn cng multipoint ca R1.
Router1# sh run
interface Serial0/0
interface Serial0/0.11 multipoint
ip address 172.31.134.1 255.255.255.0
K tip, cng serial c tt v bt v cc hng trong InARP trc b xa v
vy ta c th quan st tin trnh InARP.
Router1# conf t
Router1(config)# int s 0/0
Router1(config-if)# do clear frame-relay inarp
Router1(config-if)# shut
Router1(config-if)# no shut
Cc thng ip t lnh debug frame-relay event hin th cc thng ip nhn
c InARP trn R1. Ch cc gi tr hex 0xAC1F8603 v 0xAC1F8604, vi
cc gi tr thp phn tng ng l 172.31.134.3 and 172.31.134.4 (tng ng
vi Router3 v Router4).
Router1# debug frame-relay events

*Mar 1 00:09:45.334: datagramstart = 0392BA0E, datagramsize = 34
*Mar 1 00:09:45.334: FR encap = 048C10300
*Mar 1 00:09:45.334: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00
*Mar 1 00:09:45.334: AC 1F 86 03 48 C1 AC 1F 86 01 01 02 00 00
*Mar 1 00:09:45.334:
*Mar 1 00:09:45.334: datagramstart = 0392B8CE, datagramsize = 34
*Mar 1 00:09:45.338: FR encap = 064010300
*Mar 1 00:09:45.338: 80 00 00 00 08 06 00 0F 08 00 02 04 00 09 00 00
*Mar 1 00:09:45.338: AC 1F 86 04 64 01 AC 1F 86 01 01 02 00 00
K tip, ch lnh show frame-relay map c bao gm t kha dynamic, ngha
l cc hng c hc thng qua InARP.
Serial0/0.11 (up): ip 172.31.134.3 dlci 300(012C,048C0), dynamic,
Serial0/0.11 (up): ip 172.31.134.4 dlci 400(0190,06400), dynamic,
Trn R3, lnh show frame-relay map ch lit k mt hng duy nht nhng nh
dng th khc. Bi v R3 dng point-to-point subinterface, hng ny khng
c hc thng qua InARP v kt qu lnh khng bao gm t kha Dynamic.
Cng ch l kt qu khng cho thy a ch Layer 3 no.

Serial0/0.3333 (up): point-to-point dlci, dlci 100(064,01840), broadcast
status defined, active
Ch : Trong v d trn ta thy xut hin lnh do trong ch cu hnh. Lnh
do cho php cu hnh trong configuration mode nhng thc hin chc nng
exec mode m khng phi thot khi mode configuration. V d lnh do clear
frame-relay inarp thc hin configuration mode tng ng vi vic ta thc
hin lnh clear frame-relay inarp ch ton cc.
Trong v d trn, lnh show cho thy Router R1 nhn v s dng thng tin
InARP; tuy nhin Router R3 th khng s dng thng tin InARP nhn vo.
H iu hnh Cisco IOS hiu rng ch mt VC c thit lp vi mt
subinterface point-to-point; mi mt a ch IP u cui khc trn cng mt
subnet ch c th tham chiu n duy nht mt s DLCI. V vy, mi thng tin
InARP nhn c lin kt n s DLCI l khng cn thit.
Ly v d, khi no Router R3 cn gi mt gi tin n Router R1(172.31.134.1),
hay n mi u cui khc trong subnet 172.31.134.0/24. T chnh cu hnh
ca mnh, Router R3 bit rng phi gi qua s DLCI trn point-to-point
subinterface , ngha l qua DLCI 100. V vy, mc d c ba kiu cng c
dng cho cu hnh Frame Relay h tr InARP mt cch mc nh, point-topoint subinterface s b qua thng tin InARP nhn c.
---------------------------------------------------Bi 17:
Gii thiu v IPv6
Hai vn ln m IP v.4 ang phi i mt l vic thiu ht cc a ch, c
bit l cc khng gian a ch tm trung (lp B) v vic pht trin v kch thc
rt nguy him ca cc bng nh tuyn trong Internet.
Trong nhng nm 1990, CIDR c xy dng da trn khi nim mt n a
ch (address mask). CIDR tm thi khc phc c nhng vn nu trn.
Kha cnh t chc mang tnh th bc ca CIDR ci tin kh nng m rng
ca IPv.4. Mc d c thm nhiu cng c khc ra i nh k thut subnetting
(1985), k thut VLSM (1987) v CIDR (1993), cc k thut trn khng cu
vt IP v.4 ra khi mt vn n gin: khng c a ch cho cc nhu cu
tng lai. C khong 4 t a ch IPv.4 nhng khong a ch ny l s khng
trong tng lai vi nhng thit b kt ni vo Internet v cc thit b ng
dng trong gia nh c th yu cu a ch IP.
Mt vi gii php tm thi, chng hn nh dng RFC1918 trong dng mt

phn khng gian a ch lm cc a ch dnh ring v NAT l mt cng c cho
php hng ngn hosts truy cp vo Internet ch vi mt vi IP hp l. Tuy
nhin gii php mang tnh di hn l vic a vo IPv.6 vi cu trc a ch
128-bit. Khng gian a ch rng ln ca IPv.6 khng ch cung cp nhiu
khng gian a ch hn IPv.4 m cn c nhng ci tin v cu trc. Vi 128
bits, s c 340,282,366,920,938,463,463,374,607,431,768,211,456 a ch.
Trong nm 1994, IETF xut IPv.6 trong RFC 1752. IPv.6 khc phc vo
mt s vn nh thiu ht a ch, cht lng dch v, t ng cu hnh a
ch, vn xc thc v bo mt. i vi mt doanh nghip dng h tng
mng theo IPV4, chuyn sang IPv6 khng phi l vic d dng. Mt giao
thc IP mi s yu cu cc phn mm mi, cc phn cng mi v cc phng
php qun tr mi. Cng c th, IPv4 v IPv6 s cng tn ti, ngay c bn trong
mt Autonomous System trong khong thi gian sp ti.
IP v.6 c cc c im v li ch nh sau:
Khng gian a ch rng ln
a ch unicast v a ch multicast
Tng hp a ch (address aggregation)
T ng cu hnh
Renumbering
Cu trc header n gin, hiu qu
Bo mt
C ng
Cc tu chn chuyn i t IPv4 sang IPv6
Nh c nh ngha trong RFC1884 v RFC2373, cc a ch IPv6 l 128-bit
dng nhn dng cho cc cng ca routers v tp cc cng ca routers. C ba
kiu a ch tn ti:
- Unicast: l a ch cho mt giao tip. Mt gi d liu c gi ti mt a ch
Unicast s c phn phi ti cng giao tip c ch ra bi a ch .
- Anycast: l a ch cho tp hp cc cng giao tip. Cc tp ny thng thng
thuc v cc node khc nhau. Mt gi d liu c gi ti mt a ch anycast
s c phn phi n cng giao tip gn nht hay u tin trong nhm
anycast.
- Multicast: a ch cho mt tp hp cc cng giao tip (thng thng thuc v

cc node khc nhau). Khi mt gi c gi n mt a ch multicast, tt c cc
cng giao tip s nhn c gi d liu ny.
vit mt a ch dng 128-bit dng d c hn, kin trc ca IPv6 loi
b dng c php du chm thp phn ca IPv4 m ch dng dng thp lc phn.
V vy, IPv6 c th c vit bao gm 32 k t dng hex vi du hai chm :
tch a ch ra thnh tm phn, mi phn c chiu di 16-bit.
Theo cc k hoch hin ti, cc node chy IPv6 kt ni vo Internet s dng
mt k thut gi l a ch kh kt ton cc (aggregatable global unicast
address). Trong c nhiu im tng ng vi k thut summary nh trong
version 4.
a ch tch hp ca IPv6 c ba mc:
Mc public topology: l tp hp cc nh cung cp kt ni Internet.
Mc vng: mc ny l cc b i vi cc t chc.
Mc cng giao tip: mc ny nh hng n cc cng giao tip ring l. Linklocal address l a ch ch c s dng trn 1 kt ni (hay 1 cng ca router)
v a ch ny phi duy nht trong lin kt . a ch ny c th c s dng
trong mng cc b (cc my c chung a ch mng )v c th khng c router
trong mng ny. a ch ny c dng :FE80::<MAC>. Subnet ID ca lai a
ch ny c gn =0. Do lai a ch ny khng th c s dng giao
tip ra khi subnet cc b c.
----------------------------------------------------Bi 18:
Khi nim Vlan (CCNA level)

Trong mi trng Ethernet LAN, tp hp cc thit b cng nhn mt gi
broadcast bi bt k mt thit b cn li c gi l mt broadcast domain.
Trn cc switch khng h tr VLAN, switch s y tt c cc broadcast ra tt
c cc cng, ngoi tr cng m n nhn frame. Kt qu l, tt c cc interface
trn loi switch ny l cng broadcast domain. Nu switch ny kt ni n cc
switch v cc hub khc, cc cng trn switch ny cng s trong cng broadcast
domain.
Mt VLAN n gin l mt tp hp ca cc switchport nm trong cng
broadcast domain. Cc cng c th c nhm vo cc vlan khc nhau trn
tng switch v trn nhiu switch. Bng cch to ra nhiu VLAN, cc switch s
to ra nhiu broadcast domains. Khi , khi c mt broadcast c gi bi mt
thit b nm trong mt vlan s c chuyn n nhng thit b khc trong cng
vlan, tuy nhin broadcast s khng c forward n cc thit b trong vlan

khc.
Mi Vlan nn c mt ip subnet hay ni cch khc, cc thit b trong mt vlan
thng dng chung mt dy a ch IP.Tuy nhin, ta vn c th t nhiu a
ch trong mt vlan v dng secondary address trn cc routers nh tuyn
gia cc vlan v cc subnets. Bn cng c th thit k mt mng dng ch mt
subnets trn nhiu vlan v dng routers vi chc nng proxy-arp chuyn
traffic gia cc hosts trong cc vlan ny.
Private vlan c th c xem nh gm mt subnet trn nhiu vlan. Cc L2
switch chuyn cc frame gia cc thit b trn cng mt vlan nhng n khng
chuyn frame gia cc thit b khc vlan. chuyn d liu gia hai vlan, mt
thit b L3 switch hoc routers phi c dng.
VLAN Trunking Protocol:
VTP qung b cc thng tin cu hnh vlan n cc switch lng ging cc cu
hnh vlan c th c thc hin trn mt switch, trong khi tt c cc switch
khc trong h thng mng s hc thng tin vlan. VTP thng qung b cc
thng tin nh vlan ID, vlan name v kiu vlan cho tng vlan. Tuy nhin, VTP
thng khng qung b bt c thng tin no v cc switchport no trong tng
vlan no, v vy cu hnh kt hp switch interface no vi vlan no vn phi
c cu hnh trn tng switch. Ngoi ra, s tn ti ca vlan ID c dng cho
private vlan cng c qung b, nhng cc thng tin chi tit bn trong private
vlan cng s khng c qung b bi VTP.
Chc nng
Gi ra cc thng tin qung b
VTP
X l cc thng tin VTP nhn
c cp nht cu hnh vlan
Trung chuyn cc thng tin
qung b ca VTP
Lu thng tin vlan trong
NVRAM hay vlan.dat
C th to, thay i v xa vlan
dng cc lnh cu hnh
Server mode
Yes
Client
No
Transparent
No
Yes
Yes
No
Yes
Yes
Yes
Yes
No
Yes
Yes
No
Yes
Cc tin trnh VTP v ch s revision number:

Tin trnh cp nht ca VTP bt u khi ngi qun tr thm vo hoc xa cu
hnh ca vlan trn VTP server. Khi cu hnh mi xut hin, VTP s tng gi tr
VTP revision ln 1 v qung b ton b c s d liu vlan vi gi tr revision
number mi. Khi nim ch s VTP cho php cc switch bit khi no c s
thay i trong c s d liu vlan. Khi nhn c mt cp nht VTP, nu ch s
VTP trong cp nht VTP l cao hn ch s revision number hin hnh, switch
s cho rng c mt phin bn mi ca c s d liu vlan.
Mc nh Cisco switch dng ch VTP server nhng switch s khng gi cc
cp nht VTP cho n khi no n c cu hnh VTP domain name. thi
im ny, server bt u gi cc cp nht VTP vi cc phin bn c s d liu
khc nhau v cc ch s revision number khc nhau khi c thng tin cu hnh
vlan database thay i. Tuy nhin cc VTP client tht s khng c cu hnh
VTP domain name. Nu khng c cu hnh, client s gi s l n s dng
VTP domain name trong gi tin cp nht VTP u tin m n nhn c. Tuy
nhin, client vn phi cn cu hnh VTP mode. Khi cu hnh VTP, tng tnh
d phng, cc h thng mng dng VTP thng dng ti thiu hai VTP server.
Trong iu kin bnh thng, mt s thay i v vlan c th ch thc hin trn
switch server v cc VTP server khc s cp nht s thay i ny. Sau khi cp
nht xong, VTP server s lu cc thng tin cu hnh vlan thng trc (v d
nh trong NVRAM) trong khi client khng lu thng tin ny.
Vic h tr nhiu VTP server gy ra mt kh nng khc l vic v tnh thay i
cu hnh vlan ca h thng mng. Khi mt VTP Client hoc mt VTP
transparent switch kt ni ln u vo mt h thng mng thng qua kt ni
trunk, n khng th nh hng n cu hnh hin ti bi v cc ch hot
ng ny khng to ra cc gi tin cp nht VTP. Tuy nhin nu mt switch mi
hot ng ch VTP server c gn vo mng thng qua kt ni trunk,
switch c kh nng thay i cu hnh vlan ca cc switch khc bng chnh
thng tin ca switch mi. Nu switch mi c cc c im sau, n s c th
thay i cu hnh cc switch khc:
- Kt ni l trunk.
- Switch mi c cng VTP domain.
- Ch s revision number l cao hn cc switch hin c.
- Nu mt khu ca VTP domain l c cu hnh, mt khu ca switch mi
phi l ging. Ch s revision number v tn VTP domain c th c thy
thng qua cc phn mm sniffer. ngn nga kiu tn cng DoS dng VTP,
hy ci t mt khu cho VTP. Mt khu ny thng c m ha dng MD5.
Ngoi ra, vi ni trin khai ch n gin dng VTP transparent mode trn tt c
cc switch, ngn nga switch khi vic lng nghe cc cp nht VTP t cc
switch khc.
Bi 19:
Gigabit Ethernet v 10Gigabit Ethernet

Gigabit Ethernet:
GE, lp vt l c b sung tng tc truyn. C hai cng ngh
c kt hp vi nhau t c u im ca tng cng ngh: IEEE 802.3
v ANSI X3T11 FibreChannel. Cc yu t ca 802.3 nh nh dng frame,
CSMA/CD, fullduplex v cc c im khc vn c gi li. FibreChannel th
cung cp mt nn tng mch ASIC tc cao, cc thnh phn cp quang, cc
c ch m ha, gii m.Kt qu ca hai giao thc ny l IEEE 802.3z
Gigabit Ethernet.
Gigabit Ethernet h tr vi loi cabling, c gi l 1000BaseX.
Kiu GE
Kiu cp
1000BASE-CX Shield twisted-pair (STP)
1000Base-T
EIA/TIA Cat5 UTP
S cp
1
4
Chiu di
25m
100m
Trong mng campus, bn c th dng Gigabit Ethernet trong switch block, core
block v server block. Trong switch block, GE c th dng kt ni access
layer switch ln distribution switch. Trong core block, GE dng kt ni
distribution ln core switch v kt ni cc thit b core vi nhau. Trong server
block, GE c th cung cp cc kt ni tc cao n tng server ring l.
Trn Cisco switch, cc cng Gigabit lun c thit lp ch fullduplex.
Do qu trnh t ng bt tay duplex mode l khng th.
Cc switch Catalyst chun ha cc giao tip GBIC v SFP. GBIC v SFP
cho php cc loi cp khc nhau c th kt ni. Cc module giao tip l
hotswappable v c kh nng cm vo switch h tr loi media khc. Cc
giao tip GBIC c th dng giao tip cp quang SC v RJ45, SFP c th dng
LC v MT-RJ fiber optic. GBIC v SFP c h tr trn nhng cng Gigabit
Ethernet sau:
1000BaseSX dng SC connector v cp quang multimode MMF cho khong
cch ln n 550m.
1000BaseLX/LH dng SC connector v c th dng vi cp quang MMF n
550m cn SMF vi khong cch ln n 10km.
1000BaseZX dng SC connector v SMF, c khong cch ln n 70km thm
ch n 100km vi loi cp quang tt.
Gigastack dng mt loi connector c bit vi tc truyn d liu cao gip

bo ton tn hiu v chng nhiu, cho php kt ni GBIC-GBIC gia cc
switch. Kt ni l fullduplex nu ch c mt stacking connector c dng.
Nu c hai connector c dng, kt ni ny tr thnh halfduplex trn shared
bus.
1000BaseT h tr kt ni RJ45 dng c 4 pair, hot ng vi khong cch ln
n 100m. S bm dy l cc chn 1,2,3,6,4,5,7,8 s kt ni n 3,6,1,2,7,8
v 4,5 trong trng hp bm cp cho.
Cc module quang lun c chn nhn d liu bn tri v chn truyn d liu
bn phi. Cc module ny c th to ra cc bc x, v vy phi lun che cc
chn bng cc nt cao su v khng nn nhn trc tip vo connector.
10-Gigabit Ethernet:
Cc c im lp 2 ca Ethernet vn c bo ton: nh dng frame, MAC
protocol vn khng thay i. 10GbE khc vi cc cng ngh Ethernet tin bi
ca n ch lp PHYSICAL.10GbE hot ng ch full duplex. Chun ny
nh ngha vi kiu transceiver c th c dng nh cc giao tip phn cng
c lp (PMD Physical media dependent).
LAN PHY: Kt ni cc switch trong mng campus, ch yu l lp core.
WAN PHY: Giao tip vi cc mng SONET/SDH trong cc mng MAN.
Cc giao tip PMD cng c mt cch t tn chun chung, ging nh
GigabitEthernet. Chun 10-Gigabit s c k hiu l 10GBASE-X. Bng di
y s lit k cc loi PMD khc nhau. Tt c cc loi PMD dng cp quang c
th c dng trong LAN PHY hay WAN PHY ngoi tr loi 10Gbase-LX4,
ch dng cho LAN PHY. Ngoi ra, bn cn bit rng cc loi PMD c bc
sng di thng c chi ph cao hn cc loi khc.
Kiu PMD
10Gbase-SR/SW
9850 nm serial)
10Gbase-LR/LW
(1310 nm serial)
10Gbase-ER/EW
(1550 nm serial)
10GBAse-
Fiber media
MMF 50 micron
Khong cch tI a Catalyst switch

66m
N/A
MMF: 50 micron 300m

(2 GHz* km modal
bandwidth)
MMF: 62.5 micron 33m
SMF: 9 micron
10km
Catalyst 6500
SMF 9 micron
40 km
Catalyst 6500
MMF 50 micron
300m
N/A
LX4/LW4 (1310
nm WWDM)
MMF 62.5 micron 300m
SMF 9 micron
10 km
N/A
----------------------------------------------Bi 20:
Ethernet 10Mbps
Ethernet l mt cng ngh LAN da trn chun IEEE 802.3. Ethernet cung cp
bng thng 10Mbps gia cc ngi dng cui. dng n gin nht, Ethernet
s dng mt thit b chia s bng thng (hub). Thit b ny b xem nh l mt
collision domain v broadcast domain. Khi s lng ngi dng tng ln, kh
nng mt ngi dng truyn d liu mt thi im cng tng ln. Nu c mt
ngi dng khc cng c gng truyn d liu, xung t (collision) s xy ra.
Ni cch khc, c hai ngi dng khng th truyn d liu cng mt thi
im nu c hai cng dng chung mt hub. Ethernet hot ng da trn cng
ngh CSMA/CD. Theo , khng c ng xy ra, mt my truyn phi lui
v mt khong thi gian ngu nhin. Switched Ethernet gii quyt vn ny
bng cch cp mt phn bng thng 10Mbps n tng port. Lc ny, collision
t xy ra v collision domain s gim. Do , cc my trm khng cn phi ch
n lt truyn. Thay vo , cc my trm c th hot ng ch
fullduplex: truyn v nhn ng thi. Ch fullduplex s tng hiu nng ca
h thng mng, cung cp mt thng lng 20Mbps.
Mt mi quan tm khc khi ni v mng Ethernet 10-Mbps l vn cp.
Ethernet thng dng cp UTP, c gii hn khong cch 100m. Trong mng
campus, Ethernet thng c dng lp access, gia cc thit b ca ngi
dng cui. Ethernet 10Mbps khng c dng lp distribution hay lp core.
Fast Ethernet
Fast Ethernet hot ng tc 100Mbps v c c t trong IEEE802.3u.
Cc nguyn tc CSMA/CD, vn cp v cc giao thc lp cao hn u c
duy tr ging nh trong Ethernet. Mng campus thng dng FE cc switch
lp access hoc distribution nu nh khng c sn cc kt ni tc cao hn.
Cp c dng cho FastEthernet thng l UTP hoc cp quang.
Cng ngh
100Base-TX
100Base-T2
100BaseT4
100Base FX
Kiu cp
S cp
EIA/TIA cat 5 UTP
2
EIA/TIA Cat 3 4 5 UTP
2
EIA/TIA Cat 3 4 5 UTP
4
Cp quang a mode MMF: 62.5 4
Chiu di cp
100m
100m
100m
100m
micron core, 125 micron core

(62.5/125)
Single mode fiber SMF
10k
Ch full-duplex:
Cng ging nh trong Ethernet, ci tin performance ta c th dng ch
fullduplex. FE c th cung cp tc truyn ln n 100Mbps trong mi chiu
truyn, dn n kt qu 200Mbps throughput. Thng lng ti a 200Mbps ny
ch t c khi mt thit b (trm lm vic, server, routers hay mt switch
khc) kt ni trc tip n mt switchport. Ni cch khc, cc thit b u cui
ca mt kt ni phi h tr fullduplex, c kh nng truyn m khng phi ch
pht hin v khi phc khi xung t.
c t ca FastEthernet cng cho php tng thch ngc vi 10Mbps Ethernet
truyn thng. Trong trng hp 100BaseTX, cc switchport thng c gi l
10/100 ch ra tc dualspeed. Khi ny, hai thit b hai u kt ni s t
ng d tm tc sao cho c hai c th hot ng tc cao nht. Qu trnh
d tm ny bao gm vic pht hin v chn la cng ngh lp vt l, tm ch
halfduplex hay fullduplex. Nu c hai u ca kt ni c cu hnh theo
kiu autonegotiate, tc chung cao nht gia hai thit b s c dng.
Trong qu trnh bt tay d tm ch duplex ca mt kt ni, mt s thng tin
s c trao i qua li gia hai thit b. iu ny c ngha l, cho qu trnh
d tm t ng l thnh cng, c hai u phi c thit lp ch
autonegotiate. Nu khc i (ngha l ch c mt u thit lp autonegotiate),
mt u ca kt ni s khng nhn c thng tin t u kia v s khng c
kh nng xc nh ch chnh xc ang c dng. Nu qu trnh
autonegotiation l tht bi, mt switchport s tr v ch t ng ca n l
halfduplex.
Cn ch v vn duplex mismatch khi c hai u ca kt ni u khng cu
hnh cho autonegotiation. Khi c mismatch xy ra, mt u ca kt ni s dng
full-duplex trong khi u xa dng halfduplex. Kt qu l my trm ang hot
ng ch half-duplex s lun pht hin ra collision khi c hai u mun
truyn. My trm ang chy full-duplex s gi s l n c quyn truyn bt
k thi im no. My trm ny s khng dng li v ch. Tnh trng ny dn
n li trn kt ni v tc p ng rt chm gia cc my.
Qu trnh bt tay s dng bng cc u tin di y. Khi c hai u kt ni
c th bt tay nhau nhiu tc , tc no c u tin cao nht s c
dng. V d, nu c hai thit b c th chy mc 6 (100BbaseTX fullduplex)
v mc 2 (10base2full), mc 6 s c dng.
u tin
7
6
5
4
3
2
1
Ch ethernet
100Base-t2 (full duplex)
100Base-TX (full duplex)
100BASE-t2 (half duplex)
100Base-T4
100Base-TX
10base-T (full duplex)
10Base-T
m bo cu hnh chnh xc c hai u ca kt ni, Cisco khuyn co cc

gi tr v tc truyn, duplex mode phi c cu hnh th cng (manually)
trn cc switchports. Yu t ny gip loi tr kh nng mt bn thay i cc ci
t, dn n kt ni c th khng dng c. Nu bn cu hnh th cng
switchport, hy thit lp lun cho thit b trn u kia ca kt ni cc thng s
tng ng. Nu khc i, vn speed mismatch hay duplex mismatch s xy
ra.
----------------------------------------------Bi 21:
Kinh nghim hc thi wireless
Kinh nghim cho cc bn mun hc thi chng ch CWNA

Nh cc bn cng bit, CWNA cng l mt chng ch quc t nn ni
chung vic hc n cng tng t nh hc cc chng ch khc, y ti s a
ra cch hc tng qut cc bn c th p dng khi hc bt k chng ch no
ch khng ring g CWNA.
+ c sch: tt nhin ri, hc bt c ci g cng cn phi c sch. Mc d bit
y l mt vn bit ri, kh lm, ni mi nhng a s chng ta u mc
phi mt bnh kinh nin l li. Chng ta li trong mi chuyn ch
khng ring g vic c sch, bnh li ny c bit kh cha i vi i a s
nam gii, iu ny cng d hiu thi, bn tnh n ng l vy m. (Mt l do
na khin chng ta t c sch l khng c thi gian c bit l vi nhng
ngi i lm, cn i vi cc bn sinh vin c l vn cn mi bn chi).
Nu nh c c gng lm ngi c vo bn c sch th cng ch c vi
ting l cng nhng nh vy cng l tt lm ri. y ti mun nhn mnh
khng phi s lng m l cht lng. ng vy, cho d cc bn ngi lu, c
nhiu sch nhng cc bn khng bit mnh c ci g, lm g th cc bn c
c xong ri cng chng hiu thm c g, ch mt thi gian. Nh vy trc
khi c cc bn phi xc nh xem mnh s c v ci g, iu ny gip chng

ta tp trung ch v ci mnh ang c. Trong qu trnh c cc bn c th ch
thch, gch chn hay t mu nhng on quan trng hoc bn c th ghi li vo
mt quyn s nh (khuyn khch cch ny v c ghi th chng ta mi nh c
v n cng rt tin khi chng ta n li th ch cn xem quyn s ny thi, khi
cn lt nguyn c quyn sch). V cui cng, sau khi c xong mt on, mt
mc, mt phn hay mt chng th bn nn ngm li xem mnh c c
nhng g, hiu c g khng, y l cch rt tt gip chng ta nh lu. Cc
bn thy ti ni di dng lm phi khng, tht s nu nh cc bn hnh
thnh mt thi quen ri th mi vic s tr nn rt n gin.
+ Hc nhm: y c l l phng thuc hu hiu nht cha bnh li. Khi
hc nhm, ta c th tn dng ti a kin thc ca nhiu ngi khc nhau
cng gii quyt mt bi ton hay mt vn l thuyt phc tp m khi nghin
cu mt mnh ta khng ti no hiu c. Hn na, mi ngi mt trong qu
trnh tranh lun s gip cho bui hc thm sinh ng, hp dn, khng nhm
chn nhu khi ta t hc. Cc bn lu l hy ch ng tham gia vo cc cuc
tranh lun, nu khng c ch kin ca mnh th hy th hin k nng lng nghe
ca bn xem kin ca nhng ngi khc c ng hay khng, nu sai th
hy lp tc phn bin ngay, n s gip bn nh mt vn rt lu .
+ Tham gia din n: y l cch hc tit kim nht, th hin tnh hin i, dch
chuyn ca cc bn tr ngy nay. Mt kh khn ca cch hc ny l i khi c
mt vn ta a ln din n c tun thm ch c thng tri vn khng c ai
tr li gip bn, trong trng hp ny th ch cn cch duy nht l t mnh cu
ly ta m thi. Nu cc bn mun mi ngi gip mnh th trc tin mnh
hy gip mi ngi, cc bn hy tr li nhng bi vit trn din n trong kh
nng ca cc bn, din n l ni mi ngi gip ln nhau, khng c ai ch
nhn thi m khng bao gi cho c. Hin nay c rt nhiu din n v cc ch
khc nhau, nu nh bn ch quan tm n mng ni chung cng nh mng
khng dy ni ring th chng ta c th vo http://www. wimaxpro.org,
http://vnpro.org/forum (ting Vit), cn i vi cc bn kh ting Anh th c
th vo http://cwnp.com/phpBB2/index.php hoc
http://www.sadikhov.com/forum/
+ ng k mt kha hc: y l cch hc tn tin nht ph hp vi nhng
ngi khng c kh nng t hc, tuy nhin n m bo cho bn c c kh
nng lm vic thc t nhiu hn so vi cc cch cn li v trong mt kha hc
bao gm lun c phn l thuyt ln thc hnh nn bn c th hiu c,
nm bt c vn ngay sau khi thc hnh. Sau khi hon thnh kha hc th
bn c th bt tay vo lm vic c ngay m khng cn phi m mm nh
nhng ngi t hc. Mt thun li na ca cch hc ny l nu nh bn hc
mt trung tm uy tn th khi i xin vic, cc nh tuyn dng s tin tng kh
nng thc s ca bn hn cc ng vin khc. Tt nhin, vic hc mt trung
tm uy tn khng bo m bn s l mt ngi gii, mi vic vn do chnh bn
quyt nh m thi. Trc khi n lp hc, bn hy c v ch m bn s
c hc, trong lp hc bn hy th hin tnh nng ng ca mnh bng cch

tch cc lng nghe ging vin ri c gng t ra nhng cu hi mang tnh xy
dng gip chng ta hiu bi hn. Cn trong gi thc hnh th cc bn hy c
suy ngh tm cch gii quyt bi ton t ra theo cch ca ring mnh ch ng
chp nguyn cu hnh trong sch lab li, nu nh vy th chng c g ni,
chng cn g hc c. Sau khi cu hnh xong, cc bn nn lu file cu hnh li
v nh cn c li ngay sau bui thc hnh hm , n s gip cc bn hiu
c vn ca bi ton v nh lu hn.
+ Trc khi thi: khong 1 hay 2 tun trc khi thi l thi gian tt nht chng
ta n li nhng kin thc hc, vic ny gip bn c mt ci nhn tng quan
v tt c nhng iu m bn hc trong sut thi gian va qua, kt ni li cc
kin thc m trong qu trnh hc ta c tng nh chng chng c lin quan g
nhau. c li cc file cu hnh m bn tng lm, sau khi c, c th bn s
ng ra c nhiu iu th v y. Vic cui cng v kh quan trng
chnh l luyn thi m c th hn chnh l lm cc cu hi trc nghim gip cho
chng ta lm quen vi thi khi vo thi chng ta khng b chong trc
cc cu hi ca . Cc thi mu cc bn c th mua t Tesking, Pass4sure,
Actualtest Mt iu lu cho cc bn l cc bn khng nn tin hon ton
vo cch gii ca cc thi mu ny v theo kinh nghim ca ti, n sai kh
nhiu. C nhng cu n tr li sai ri gii thch rt ngon khin mnh khng th
khng tin vo n. Cc bn nn vn dng kin thc hc ca mnh tr li
cc cu hi trc khi xem kt qu v gii thch ca n c ph hp khng.
+ Trong lc thi: iu quan trng nht ti mun ni chnh l bnh tnh v
t tin ri cc bn s chin thng.
+ Sau khi thi: cn g hnh phc bng vic ta vt bao nhiu gian kh, tn
thi gian tin bc, gi y mnh t c ci mnh mun ri. C mt cu m
ti thng hay nghe cc bn ni mi ln thi xong l nhu thi, hy vng
hai t s lun c vang ln mi khi cc bn thi xong.
Li cui cng ti mun nhn nh n cc bn l Hy hc bng tt
c s am m ca mnh, hy lm sao mi ln hc chng ta li ni l
c hc ch khng phi l phi hc. Khng c ai p buc bn lm vic g
c, ch c bn mi bit c vic g l tt nht cho mnh, hy lm n vi tt c
s am m ca mnh, ng bao gi b cuc v cui cng thnh cng s n vi
bn m thi!
Bi 22:
Qui trnh khi phc password cho router Cisco.

I. i vi Cisco 1600, 1700 and 2600 Series Routers:
1. Vo HyperTerminal (Private Edition 5.0 or higher) console.
2. Tt router, sau bt li. Nhn Ctrl-Break trong vng 60 giy
monitor: command "boot" aborted due to user interrupt
rommon 1 >
3. Dng lnh confreg i ni dung thanh ghi sang 2142.
rommon 1 >confreg 0x2142
4. Reboot the router with the reset command.
rommon 2 >reset
5. Sau khi reboot, dng Ctrl-C vo user mode:
router>
6.
router>enable
router#copy startup-config running-config
7.
router>enable
router#show startup-config
8. t li password mi:
router#config term
router(config)#enable secret newpassword
router(config)#enable password newpassword
router(config)#line con 0
router(config-line)#login
router(config-line)#password newpassword
router(config)#line aux 0
router(config)#line vty 0 4
9. #copy run start
10. Khi phc gi tr thanh ghi v 0x2102
router#config term
router(config)#config-register 0x2102
router(config)#exit
router#copy running-config startup-config
11. Kim tra ni dung thanh ghi
router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-DO3S-M), Version 12.0(5)T1, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 17-Aug-99 13:18 by cmong
Image text-base: 0x80008088, data-base: 0x80CB67B0
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
1 FastEthernet/IEEE 802.3 interface(s)
2 Low-speed serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2142 (will be 0x2102 at next reload)
II. Cisco 2500 Series Routers:
1. Thit lp HyperTerminal (Private Edition 5.0 or higher) console .
2. Tt routers, sau bt li. Nhn CTRL-BREAK trong vng 60 giy.
Abort at 0x10EA884 (PC)
>
3. i ni dung thanh ghi thnh 0x2142
>o/r 0x2142 (lower case of the letter O for o/r and zero for 0x2142)
4. Reboot router
>i
5. Nhn Ctrl-C vo user mode khi router khi ng li
router>
6. Vo enable mode
router>enable
router#copy startup-config running-config
7. Thc hin cc lnh show running-config or show startup-config
router#show startup-config
8.
router#config term
router(config)#enable secret newpassword
router(config)#enable password newpassword
router(config)#line con 0
router(config)#line aux 0
router(config)#line vty 0 4
9. Copying the startup-configuration to running-configuration. Thc hin lnh
no shutdown trn tt c cc interface c dng.
10. Chuyn ni dung thanh ghi v gi tr ban u. Lu cu hnh
router#config term
router(config)#config-register 0x2102
router#copy running-config startup-config
11. Kim tra thanh ghi c gi tr l 2102 bng lnh show version
router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-D-L), Version 12.0(4), RELEASE
SOFTWARE
(fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE

BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a),
RELEASE
SOFTWARE (fc1)
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2142 (will be 0x2102 at next reload)
12. Reboot the router.
router#reload
-------------------------------------------------Bi 23:
Cc khi nim routing c bn

Khi trong bng routing-table ca router c 2 hoc nhiu ng i n mt
destination network, vic chia ti (load-balancing) s din ra. Qu trnh chia ti
c th chia thnh hai kiu:
1. Per packet: tng packet khi i vo router s c x l ring l( process
switching). Router s c destination network ca packet, search bng routing
table v sau s switch packet ra interface ph hp. Do nu bng route ca
router c hai ng i n cng mt a ch network, cc packet s c chia
ti u trn c hai ng.
2. Per destination: ch c packet u tin thc hin theo qui trnh trn. tt c cc
packet cn li s dng kt qu c lu trong cache. bng routing-table s
khng c tham kho cho cc packet sau. Ch mc nh ca router l fastswitching. Bn c th chuyn sang process-switching bng lnh no ip routecache.
cn ch l ch c th thc hin debug ip packet nu router hot ng
process switching.
1. AS ( Autonomous System):
Mt nhm cc routers c chung chnh sch qun l, c chung mt ngun
qun l k thut duy nht v thng thng dng mt IGP (Interior
Gateway Protocol). Mi AS c gn bng mt s duy nht t 1 n
65535, trong gi tr t 64512 n 65535 c dng lm gi tr ring,
c gn cho cc AS cc b
2. Hi t (covergence):
Qu trnh tnh ton bng routing-table trn cc router sao cho tt c cc
bng c chung mt trng thi nht qun.
3. chia ti (load balancing):
Cho php vic truyn packet n mt network ch din ra trn hai hoc
nhiu ng i khc nhau.
4. Metric:
tt c cc routing protocols dng metric nh lng ng i nhm
tm ra ng i tt nht. Mt vi protocol dng metric rt n gin, v
d nh RIP dng hop-count. EIGRP dng metric phc tp hn, bao gm
bng thng, delay, reliabiliity...
5. Passive interface:
Ngn nga cc routing update gi ra mt interface no . Tuy nhin,
interface ny vn c th lng nghe cc routing update do cc router khc
gi v. Lnh ny c dng trong router mode.
6. Redistribution:
Qu trnh chia x route c hc t cc ngun khc nhau. V d bn c
th redistribute route c hc t RIP vo OSPF (trong trng hp ny
bn c th gp vn vi VLSM). Hoc bn c th redistribute static
route vo EIGRP. Qu trinh redistribution ny phn ln phi cu hnh
bng tay ( manually)
7. Route flapping:
Trng thi thay i thng xuyn ca route. Qu trnh ny c th gy ra
nhng vn nghim trng. V d nh nhng h thng mng chy ospf
c th phi lin tc tnh ton li database v broadcast nhng thay i
ny.
8. Static route:
static route c th ch n mt host, mt network. Bn cng c th dng
floating static route, trong route ny c thay i gi tr AD cao hn
gi tr ca cc routing protocol ang dng.
9. AD: l mt i lng ch s tin cy ca cc routing protocol.
Bi 24:
So snh chc nng Routing v Switching trong Router
Phn ny so snh vai tr ca routing v switching v lm th no kt hp hai
chc nng ny chuyn gi tin i trn mng. Cisco phn bit rt r s khc
nhau gia cc chc nng ny ca mt router. S khc nhau tht ra kh n
gin. di chuyn mt gi tin bn trong mt router t mt cng giao tip ny
n mt cng giao tip kia, ng i v ch phi c xc nh v sau gi
tin ny s c gi ra interface hng ra. Qu trnh tm ng l chc nng
ca routing trong khi qu trnh gi mt gi tin i ra interface l chc nng
ca switching.
Chc nng routing
Chc nng routing chu trch nhim hc cc hnh dng logic ca mng v
sau ra quyt nh da trn kin thc . Cc quyt nh c thc hin bi
router s xc nh khi no th mt gi tin i vo c th c route v nu nh
vy, s c route nh th no. Khi mt gi tin c nhn, qu trnh nh
tuyn s tri qua vi bc. Cc bc ny c th tm tt trong cc cu hi nh
sau:
- Giao thc routed v giao thc routing cho gi tin (thuc v giao thc ) c
c ci t trn router hay khng?
- Nu c ci t, c mt ng i no cho mt h thng mng xa tn ti trong
bng nh tuyn hay khng?
- Nu mng ch l khng c trong bng nh tuyn, c tuyn ng mc nh
no c cu hnh hay khng?
- Nu c mt tuyn ng mc nh tnh hoc ng, a ch ch c n c
khng?
- ng i tt nht v mt mng no l nh th no?
- C nhiu ng i c chi ph bng nhau hay khng?
- Nu c nhiu ng i c chi ph bng nhau, interface no s c dng
y gi i ra.
Chc nng Switching
Chc nng switch lin quan n vic di chuyn d liu trn mt router. Chc
nng ny s chu trch nhim chuyn gi tin. Switching ch c thc hin sau
khi nhng quyt nh v routing c thc hin. Mc d router ra quyt
nh, vn cn mt vi quyt nh phi thc hin bng phn cng. Chc nng
switching ny thc hin nhng vic sau:
1. Kim tra frame u vo xem c hp l
2. Kim tra c phi frame ny c a ch ch l a ch L2 ca router hay
khng
3. Kim tra kch thc frame c hp l hay khng?
4. Kim tra phn CRC ca frame
5. G b phn mo u v phn cui ca frame. Sau kim tra a ch ch
vi cc thng tin trong cache
6. To ra cc header v trailer mi v a ra cng ra ca router
Mi quan h gia routing v switching trong Cisco Router
Mt gi tin s c router chp nhn nu cu trc frame ca n cha a ch L2
ca mt trong nhng cng ca router. Nu cu hnh a ch l ng, sau khi
frame c kim tra, frame v ni dung ca frame c a vo b m. B
m c cha trong b nh hoc trong mt vi phn cng c bit ca router.
Nu a ch ngn v a ch ch L3 ca gi tin khng nhn thy bi router
trc , gi tin s c process switch hoc routed. Hnh ng ny bao gm
- Khi mt gi phi c chuyn i, mt qu trnh tm kim trong bng nh
tuyn s c kch hot v router s quyt nh s chuyn gi tin i nh th
no.
- Gi tin sau s c ng gi vi giao thc L2 ph hp.
- Nu c ch fast-switching c dng, gi tin s c kim tra li mt ln
na. Mt tuyn s c a vo cache. Mt entry trong cache s bao gm: IP
Prefix, cng i ra ca router, phn header lp 2 c dng chuyn gi tin i
Cc gi tin theo sau trong cng lung d liu, nu phn a ch ch l so
trng trong route-cache, gi tin s c chuyn i dng thng tin trong cache.
Chc nng routing lc ny khng b nh hng. Kiu cache c dng ph
thuc vo kiu phn cng c dng. Cc kiu switching l fast switching,
autonomous switching, silicon switching v CEF.
------------------------------------------Bi 25:
TCP: qu trnh thit lp kt ni v hy kt ni
Cc kt ni TCP v cc cng
Hai ng dng dng TCP phi thit lp mt kt ni TCP trc khi d liu c th
c truyn. Mi kt ni s tn ti gia mt cp TCP sockets vi socket c
nh ngha nh l mt kt hp ca a ch IP, cng c dng, giao thc lp
transport. Qu trnh thit lp kt ni, khi to socket bao gm gi tr cng
ngun v cng ch, ch s tun t v ACK. Hnh 6-2 m t tin trnh bt tay ba
ln trong thit lp TCP v qu trnh hy mt kt ni TCP.
Trong qu trnh thit lp kt ni, hai host s chn la cng, chn la ch s tun
t sequence-number v dng cc ch s ca TCP nhn ra thng ip trong
qu trnh bt tay ba chiu. u tin, i vi vn cng, bn server phi lng
nghe cc yu cu kt ni t client, trong trng hp ny l cng 80. Pha client
s chn mt cng cha dng lm source port, thng l gi tr 1024 hoc ln
hn. Lu rng khi so snh cc segment trong tin trnh trn, gi tr port l
khng i.
Trong phn header ca TCP c bao gm vi trng c gi tr 1-bit, gi l cc
c. Cc c ny phc v cho cc mc ch khc nhau. Cc c SYN v ACK s
ch ra mt segment c phi l segment u tin hay l th hai trong mt kt ni
TCP mi. Mt segment c c SYN s l segment u tin trong mt kt ni
TCP. Mt segment c c SYN v ACK s l segment th hai trong mt kt ni.
Cc c ny cho php cc host d dng nhn ra cc yu cu kt ni mi. Ch s
ban u c th c gn v bt k gi tr hp l no v thng khng c gn
v 0. Hy nh rng trong qu trnh khi phc li, vic s dng cc gi tr ny l
c lp trong c hai chiu.
Qu trnh khi phc li
thc hin qu trnh khi phc li, TCP s gi cc cng nhn ACK khi nhn
c d liu. Khi d liu gi i khng c ACK, bn gi c th gi li d
liu. Hnh di y m t tin trnh mt web server gi ra 1000-bytes trong
khi segment th hai b mt, d liu s c khi phc li.
V d trn m t mt tin trnh khi phc li trong bn gi (my web) nhn

c mt ACK trong ch ra rng mt segment b mt. Lu rng trng
ACK s ch ra byte mong i k tip- ch khng phi l byte nhn c cui
cng. Cng lu rng trng ACK v trng sequence ch ra s bytes, ch
khng phi ch ra TCP segment. Bn my gi s gi ra mt b nh thi timers,
da trn gi tr TCP Measured Round Trip Time (MRTT) sao cho nu mt
ACK l khng nhn c, my gi s gi li tt c nhng d liu khng c
cng nhn m khng ch cho bn my nhn gi mt yu cu truyn li.
---------------------------------------------Bi 26:
Dng a ch ca IPv6
a ch IPv6 th rt khc so vi a ch IPv4. Khng ch khc nhau v kch
thc (di hn gp 4 ln) m s khc nhau cn trong dng biu hin dng
thp lc phn so vi dng thp phn. Cc du : s tch cc s dng thp lc
phn l cc thnh phn ca a ch 128-bit. Mt v d ca a ch Ipv6 l nh
sau:
4021:0000:240E:0000:0000:0AC0:3428:121C
trnh nhm ln, li v cc trng thi phc tp khng cn thit, cc lut sau
s c xc nh:
Cc s dng thp lc phn khng phn bit ch thng v ch hoa.
Bt c mt s 0 no ng trc cc vng 16 bit c th c b qua v c
tng trng bng du :. Mt cp du :: ch ra rng cc gi tr 16 bit ca cc s

0 c rt gn. Qu trnh nhn dng s s d dng nhn ra s ch s 0 b
thu gn bng cch thm vo s ch s 0 cho n khi no thu c mt a ch
di 128-bit
Ch c mt cp cc du : l cho php tn ti trong mt a ch bi v qu trnh
nhn dng s khng th ch ra c bao nhiu s 0 trong mi v tr.
V d a ch 4021:0000:240E:0000:0000:0AC0:3428:121C c th c vit
dng 4021:0:240E::0AC0:3428:121C
Mc d khng th c hai phin bn ca hai du ::, cc vng vi nhiu ch s
0 ch c th c biu din nh 0. Trong v d nu trn, cc ch s 0 trong
vng th hai ca a ch c thu gn li thnh mt ch s 0. Nu mt a ch
khng c phn host, a ch c th kt thc dng ::. V d 4021:0:240E::.
IPv6 c th c nhiu dng v n c kh nng gii quyt cc hn ch ca IPv4.
Cu trc ba mc ny c th hin thng qua cu trc ca a ch tch hp ca
IPv6, trong bao gm cc vng sau:
Vng tin t FP: 3 bit ca FP s c dng ch ra kiu ca a ch (l
unicast. Multicast). Gi tr 001 ch ra y l a ch ton cc
Vng TLA ID (top level aggregation) c dng ch ra mc thm quyn cho
a ch ny. Cc Internet Router s duy tr cc bng cn thit cho tt c cc gi
tr TLA. VI 13-bit, vng ny c th c n 8,192 TLAs.
RES field (8 bits): kin trc ca IPv6 nh ngha vng dnh ring sao cho cc
gi tr TLA hoc NLA c th m rng. Hin ti, gi tr ny bng zero
NLA ID (24 bits): vng ny c dng ch ra ISP. Vng ny c th c
sp xp phn nh mi quan h gia cc ISP.
LSA ID (16 bits): c dng bi cc t chc to ra cc kin trc a ch bn
trong ca n v ch ra cc mng con.
Interface ID (64 bits): ch ra cc cng giao tip ring l trn mt kt ni. Vng
ny l tng t nh vng host trn IPv4 nhng n c dn xut t dng a
ch IEEE EUI-64 bit. Dng a ch ny tng t nh a ch MAC nhng thm
vo mt vng 16 bit.
Thm vo dng a ch tch hp ton cc nu trn, IPv6 h tr cc a ch ni
b, tng t nh cc a ch RFC1918. Nu mt node khng c gn mt a
ch ton cc hay mt a ch cc b nu trn, n c th c nh v bng a
ch kt ni cc b, ch ra mt phn on mng. LocalUse Unicast address:
c gi l a ch n hng dng ni b, c dng cho mt t chc c
mng my tnh ring ( dng ni b) cha ni vi mng Internet tan cu hin
ti nhng sn sng ni c khi cn. Ngai ra a ch ny cn c chia thnh
2 loi l Link-Local ( nhn dng ng kt ni local) v Site local (nhn dng
trong phm vi ni b c th nhiu nhm Node Subnet). Link-local, s c
s dng ngay ln u khi thit b IPv6 bt ln. Do kh nng t cu hnh ca
IPv6, nn khi thit b c bt ln, t ng mt a ch l link-local s c

gn. Ch l a ch ny khng phi do ta gn m do my t gn giao tip
trong ni b kt ni, ngha l vi cc host c chung a ch subnet. Sau , khi
thy c router tn ti trong mng th my s gi cc gi tin router solicitation
v advertising xin router 1 subnet ID to site-local s dng giao tip
gia cc subnet. Ch l 2 a ch ny khng c nh tuyn ra internet.
IPv6 Multicast Addresses
Mt a ch multicast l mt a ch xc nh mt nhm cc cng ca router,
thng thng trn cc h thng u cui khc nhau. Cc gi tin s c phn
phi n tt c cc h thng c ch ra trong a ch multicast. S dng a ch
multicast th hiu qu hn a ch broadcast, trong yu cu tt c cc h
thng u cui phi ngng tt c cc vic ang x l. Bi v mt a ch
multicast l mt a ch ca mt nhm cc my tnh, nu mt my tnh khng
phi l thnh vin ca nhm a ch ny, n s drop cc gi layer 2. Tuy
nhin broadcast vn c x l trc khi cc h thng xc nh rng dng
broadcast ny l khng lin quan n n. Cc thit b lp 2 thng lan truyn
cc broadcast bi v cc a ch broadcast khng c lu tr trong bng CAM.
Khng ging nh router (hnh ng mc nh ca router l drop cc gi tin
trong phn a ch l khng bit), switch s pht tn tt c cc frame vi
phn a ch l khng xc nh ra tt c cc cng ca switch. V mt l thuyt,
iu ny cng ng vi cc a ch multicast mc d mt vi thit b c cc c
ch thng minh gii hn cc dng truyn multicast.
IPv6 khng dng c ch broadcast m ch da vo a ch multicast. Mc d
IPv4 dng a ch multicast nh nh ngha RFC2356, n s dng theo mt
cch khc. Cc a ch IPv6 c cc dy a ch khc nhau. Tt c cc a ch
IPv6 bt u vi 8 bit u tin gn bng 1. V vy tt c cc a ch multicast s
bng u vi gi tr F. Dy a ch multicast l FF00::/8 - FFFF::/8
Gi tr octet th hai, theo sau octet u tin, ch ra tm vc v thi gian sng
ca a ch multicast. Theo cch ny, IPv6 c hng triu nhm a ch
multicast.
Tm tt a ch (Address Aggregation)
Qu trnh tm tt cc route, bt c khi no c th, l quan trng trong Internet.
Bng nh tuyn th d qun l hn vi cch hin thc CIDR. Mc d tt c cc
s a ch trong IPv6 cho php cp pht hu nh v tn cc a ch, kin trc
ca IPv6 vn cho php trin khai theo dng c cu trc sao cho n khng b
qu ti. Nh trong IPv4, cc bit bn tri ca a ch c dng tm tt cc
a ch mng xut hin pha phi ca cu trc a ch. Nh vy, a ch IPv4
140.108.128.0/17 c th bao gm cc subnets 140.108.225.0/24. iu ny c
ngha l bng nh tuyn c th route n tt c cc subnets nhng thay v c
128 a ch subnet nm trong bng nh tuyn, ch cn 1 dng duy nht tng
trng cho tt c cc route. ch ra mt subnet nh hn, cc qui lut thng

thng trong nh tuyn vn c tun theo v gi tin c gi ti cho router
qung b network 140.108.128.0/17. Router ny trong bng nh tuyn ca n
c nhiu thng tin chi tit hn, s chuyn gi cho n khi n n c network
ch.
Trong IPv6, kin trc a ch cho php iu chnh tt hn dng a ch c
dng trong Internet. a ch th rt di v mi phn phc v mt chc nng
khc nhau. 48-bit u tin ca a ch c dng bi IANA cho qu trnh nh
tuyn ng trong Interner to ra cc a ch kh kt ton cc. Ba bit u tin
c gn gi tr 001 ch ra mt a ch ton cc.
-------------------------------------------Bi 27:
Gii thiu v WinPCap
Trong rt nhiu phn mm ng dng mng, cc bn hay gp phn mm
WinPCap, c bit trong qu trnh ci t Dynamips/Dynagen.
1. Gii thiu v Winpcap:
nh ngha:
Winpcap l mt th vin m ngun m cho vic bt gi (captrure paket) v
phn tch mng, trn nn tng (platform) win32. Winpcap h tr nhng chc
nng sau:
Thu thp nhng gi d liu th, mt l ngay trn chnh my ang chy truyn
d liu i v mt l s trao i bi nhng my khc trn mi trng chia s.
Lc gi d liu theo nhng lut ca ngi dng trc khi chng c truyn
ti ng dng
Truyn nhng gi d liu th ti mng
Thu thp thng tin thng k lu lng mng
Mt tp cc tnh nng ny c c cung cp, khi m bn ci c n nh l
mt trnh iu khin thit b (device driver), v n c ci t bn trong phn
hot ng mng ca phn nhn win32 (win32 kernel) cng vi mt cp th
vin ng DLL.
Loi chng trnh s dng winpcap

Nhng chng trnh m da trn winpcap:
B my phn tch mng v giao thc
Gim st mng
Traffic logger
Traffic generator
user-level bridges and routers
H thng pht hin xm nhp mng NIDS
Network scanner
Cng c bo mt
Cu trc ca winpcap
N bao gm ba thnh phn chnh: b lc gi mc kernel, mt th vin

packet.dll mc thp, v mt th vin c lp vi h thng wpcap.dll mc cao.
Packet.dll:
cung cp mt API mc thp (application program interface) truy xut trc tip
ti trnh iu khin, c lp vi h iu hnh microsoft. S cung cp cc chc
nng sau:
Ci t, khi to v dng trnh iu khin NPF (NPF device driver)
Nhn gi t trnh iu khin NPF
Gi gi n trnh iu khin NPF
Thu c mt danh sch cc card mng
Ly li thng tin khc nhau v mng: miu t, danh sch a ch, netmask
Truy vn v thit lp cc thng s cho mt card iu hp
Source code packet.dll. (nm trong th mc packet)
Wpcap:
cung cp mt tp cc chc nng bt gi mc cao m n tng thch vi libpcap
(dng trn linux), m n hot ng c lp vi phn cng mng v h iu
hnh. Source wpcap.dll (nm trong th mc wincap)
NPF (netgroup packet filter) device driver: m ngun nm trong th mc driver
dnh cho h iu hnh NT
Hot ng quan trng nht ca NPF l capture gi. B iu khin pht hin gi
trn NIC v phn phi chng nguyn vn n ng dng ngi dng.
-------------------------------------------Bi 28:
wireless cho ngi mi bt u

C bn v Wireless LAN
Gii thiu
Cc h thng mng switched Ethernet thng c dng trong cc mng doanh
nghip ngy nay. Cc kt ni Ethernet thng c dng t thit b lp li
(core layer device), xung n lp phn phi (distribution), xung dn n lp
truy cp (access layer). Theo truyn thng, cc ngi dng u cui phi dng
dy mng kt ni vo h thng mng campus. Tuy nhin, cng ngh mng
khng dy cho php cc thit b lp access ca mng campus c th m rng
n ngi dng cui m khng cn dng dy. Vi vic dng cc thit b mng
khng dy, ngi dng cui c th tr nn c ng v c th di chuyn d dng
m khng h b mt kt ni mng.
Bi vit ny s gii thiu mt ci nhn tng quan v cc cng ngh c dng
trong mng khng dy WLAN. Khi hiu v quen thuc vi mt vi l thuyt
c bn ca mng khng dy, bn s c kh nng hiu, thit k v dng cc thit
b mng khng dy m rng h thng mng kt ni vi ngi dng.
C bn v mng khng dy
Bi vit ny s gii thiu mng khng dy ni b WLAN t gc nhn thc t.
Ti liu trnh by da trn nhng kin thc bn c trong cc ch v mng
chuyn mch LAN trong kha hc ccnp switching. Sau cng, mc tiu ca bi
vit ny gip bn c kin thc v wireless c th tch hp cng ngh ny
vo mng ca bn.
So snh mng c dy v mng khng dy

Mt mng khng dy c tch hp mt cch chnh xc vo mng switched c
dy nh th no? Ngc li, chc nng switching s tch hp vo mng khng
dy nh th no? Trc khi tr li cc cu hi ny, bn c th cn so snh hai
cng ngh ny vi nhau.
mc c bn nht, mng c dy th s dng dy v mng khng dy s khng
c dy. iu ny thot nghe c v khi hi, nhng tht ra n cho thy mt vi
khc nhau c bn mc vt l m bi vit s cp n phn sau.
Mng Ethernet truyn thng c nh ngha bi cc chun IEEE 802.3. Mi
kt ni Ethernet phi hot ng trong tnh trng c kim sot nghim ngt,
c bit i vi nhng c ch lin quan n lp vt l. V d, cc c ch v
trng thi kt ni, tc kt ni v ch duplex phi hot ng theo ng
chun m t. Wireless LAN cng phi c yu cu tng t nhng li c nh
ngha trong 802.11.
Nhng thit b Ethernet dng dy phi truyn v nhn cc Ethernet frame theo
phng thc Carrier Sense Multiple Access/Collision Detect (CSMA/CD).
Theo , trn mt phn on mng dng chung, khi cc my PC truyn thng
theo ch half duplex, tng PC c th ni chuyn t do vi nhau trc, v
sau b xung t hay cn gi l ng (collision) nu cc thit b khc cng
ang ni chuyn. Ton b tin trnh pht hin xung t (collision) da trn vic
cc kt ni c dy c mt chiu di ti a v c mt tr ti a khi mt frame
i t mt u ca phn on mng ny n mt u kia ca phn on. Khi h
tng mng l dng chung, bt k mt tn hiu in ny cng c truyn dn
trn ng dy cng c th xung t vi mt tn hiu ca mt thit b khc.
Khi hai hoc nhiu Ethernet frame chng lp ln ng truyn mt thi im
no , collision xy ra. Collision s dn n cc li bit v mt frame (bit
error).
Nhng kt ni Ethernet hot ng theo ch full duplex s khng gp phi
vn collision hay cnh tranh nhau v bng thng. Mc d vy, cc kt ni
ny vn phi tun th theo cng mt c t. V d, nhng Ethernet frame vn
phi truyn v nhn trong mt khong thi gian trn mt kt ni full duplex.
iu ny s p t chiu di ca on cp dng trong full duplex v half duplex
phi l ging nhau.
Mc d cc mng WLAN cng da trn mt tp hp cc chun kht khe, chnh
yu t phng tin truyn cng l mt thch thc. Ni chung, khi mt PC kt
ni n mt mng c dy, PC s chia s kt ni mng vi mt s lng
my bit trc cng kt ni vo mng c dy . Khi cng mt PC dng mt
mng khng dy, n cng chia s tng t, nhng thng qua khng kh. Trong
mng khng dy, h tng r rng l khng tn ti cc on dy cp mng hay
cc cm mng. Tht ra cc ngi dng mng khng dy wireless khc cng

ton quyn s dng cng khng gian truyn chung .
Mng wireless LAN sau tr thnh mt mng dng chung, trong c mt
s lng my cnh tranh vi nhau dng khng kh, tc h tng mng
mi thi im. Vn xung t (collision) l mt vn mun tha trong lnh
vc khng dy bi v mi thit b khng dy u trong ch half-duplex.
Mng 802.11 lun lun hot ng ch half duplex bi v cc trm truyn
v nhn s dng cng mt tn s. Ch c mt my truyn mt thi im, nu
khng, s c collision xy ra. c th tr thnh full duplex, tt c cc my
phi truyn trong mt tn s khc v s nhn trong mt tn s khc. Mc d
iu ny nghe c v kh thi, chun 802.11 khng cho php hot ng ch
full duplex.
--------------------------------------------Bi 29:
Trnh nghn trong mng khng dy WLAN
Khi hai hoc nhiu trm khng dy cng truyn mt thi im, tn hiu tr
thnh b nhiu. My trm bn pha nhn ch c th nhn kt qu nh nhng d
liu rc, nhiu hay b li. Tht ra, khng c mt cch thc r rng xc nh
l xung t collision xy ra. Ngay c vi my truyn ang gy ra xung t
cng khng nhn ra, v lc phn nhn ca n phi tt i. c mt c ch
phn hi hiu qu, trong mng khng dy, bt c khi no mt trm truyn i
mt frame, bn trm nhn phi gi mt frame ACK xc nhn l frame
c nhn chnh xc, khng b li.
Cc frame ACK hot ng nh mt cng c c bn pht hin xung t, tuy
nhin, cng c ny khng gip ngn nga xung t xy ra. Chun 802.11 dng
mt phng php gi l Carrier Sense Multiple Access Collision Avoidance
(CSMA/CA). Ch rng mng c dy 802.3 pht hin (detect) xung t, trong
khi 802.11 c gng trnh (avoid) xung t.
Trnh nghn hot ng bng cch yu cu tt c cc my trm lng nghe trc
khi n truyn i mt frame. Khi mt my trm c mt frame cn phi truyn,
mt trong hai trng thi sau c th xy ra:
- Khng c thit b no khc ang truyn: lc ny my trm c th truyn frame
i ngay lp tc. Bn my nhn d kin phi gi mt frame ACK xc nhn
rng frame ban u n ng v khng b ng .
- C mt thit b khc ang truyn mt frame: lc ny my ca ta phi ch cho
n khi no frame ang truyn l hon tt, sau n phi ch mt khong thi
gian ngu nghin trc khi c th truyn frame ca chnh n.
Cc frame wireless c th thay i v kch thc. Khi mt frame c truyn,
lm th no cc my khc bit l frame c truyn hon tt v ng

truyn (sng v tuyn) l rnh cho cc my khc s dng? R rng, cc my
trm ch c th lng nghe trong yn lng, nhng nu lm th th khng phi
lun lun l hiu qu. Cc my trm khng dy khc c th cng lng nghe v
cng c th truyn cng mt thi im. Chun 802.11 yu cu tt c cc my
trm phi ch mt khong thi gian. Khong thi gian ny c gi l khong
thi gian gia cc frame DCF (DCF interframe space). Sau khong thi gian
ny, cc my trm mi c th truyn.
Bn my truyn c th ch ra mt khong thi gian d kin gi i ht mt
frame bng cch ch ra trong mt trng ca frame 802.11. Khong thi gian
ny cha s timeslot (thng tnh bng n v microseconds) cn thit
truyn frame. Cc my trm khc phi xem gi tr cha trong header ny v
phi ch khong thi gian trc khi truyn cho chnh n.
Bi v tt c cc frame phi ch cng mt khong thi gian ch ra trong frame,
tt c cc my c th s quyt nh cng truyn khi khong thi gian tri
qua. iu ny c th dn n hin tng xung t, chnh l mt hin tng cn
trnh.
Bn cnh thng s thi gian nu trn, cc trm khng dy cng phi trin khai
mt b nh thi ngu nhin. Trc khi truyn mt frame, my tnh phi
chn mt s ngu nhin time slot phi ch. Con s ny s nm trong khong t
zero n kch thc ti a ca s cnh tranh. tng c bn ca cch lm ny
l khi mt my mun truyn, mi my s ch mt khong thi gian ngu nhin,
gim s trm c gng truyn ng thi cng lc.
Ton b tin trnh ny c gi l chc nng phi hp phn phi. Chc nng
ny c m t trong hnh di y. Ba ngi dng wireless c cng mt
frame phi truyn cc khong thi gian khc nhau. Mt chui cc s kin sau
s xy ra:
1. Ngi dng A lng nghe v xc nh rng khng c ngi dng no khc
ang truyn. Ngi dng A truyn frame ca n, ng thi qung b khong
thi gian truyn frame.
2. Ngi dng B cng c frame truyn. Anh ta phi ch cho n khi no
frame ca ngi dng A l hon tt, sau , phi ch ht khong thi gian
DIFS (thi gian phi hp phn phi) hon tt.
3. Ngi dng B phi ch mt khong thi gian ngu nhin trc khi c gng
truyn.
4. Khi ngi dng B ang ch, ngi dng C c frame phi truyn. Anh ta lng
nghe v pht hin rng khng c ai ang truyn. Ngi dng C phi ch mt
khong thi gian ngu nhin. Khong thi gian ny l ngn hn khong thi
gian ngu nhin ca ngi dng B.
5. Ngi dng C truyn frame v qung b khong thi gian truyn.
6. Ngi dng B phi ch khong thi gian truyn frame ca ngi dng C
cng vi khong thi gian gia cc frame DIFS trc khi c gng truyn li
mt ln na.
------------------------------------Bi 30:
Cc khi WLAN trong mng campus
mc c bn nht, h tng ca mng khng dy khng c mt t chc nht
qun nu so snh vi mng c dy. V d, mt my PC vi mt card wireless
c th s bt kt ni khng dy ca n mi lc mi ni. Mt iu t nhin l,
PC c th truyn v nhn d liu, mt vi hot ng phi din ra.
Trong cc thut ng ca 802.11, mt nhm cc thit b mng khng dy bt k
c gi l mt tp hp cc dch v (service set). Cc thit thit b khng dy
phi c cng tn tp hp dch v (service set identified SSID). y l mt
chui c cha trong mi frame c gi ra. Nu SSID gia thit b gi v
thit b nhn l ging nhau, hai thit b c th giao tip vi nhau.
Chun 802.11 cho php hai hoc nhiu cc thit b khng dy giao tip trc
tip vi nhau m khng cn thm bt k phng tin hay thit b no khc. M
hnh mng ny c gi l m hnh mng ad-hoc, hoc cn gi l tp hp cc
dch v c bn c lp (Independent Basic Service Set IBSS). M hnh c
m t trong hnh v bn di:
Khng c mt cch kim sot c nh vi s thit b c th truyn v nhn trn

mt h tng khng dy. Ngoi ra, c nhiu thng s c th nh hng n vic
mt my trm c th truyn hoc nhn n cc my trm khc. iu ny khin
cho vic to ra mt kt ni tin cy n tt c cc trm khc tr nn kh khn.
Mt tp hp dch v mc c bn BSS s tp trung gii quyt vn truy cp v
vn kim sot mt nhm cc thit b mng khng dy bng cch t mt
access point AP l l mt thit b ng vai tr tp trung. Bt k thit b khng
dy no c gng dng h tng mng u tin phi sp xp tr thnh thnh vin
ca AP. Thit b AP c th s yu cu mt trong nhng iu kin sau, trc khi
cho php mt my trm tham gia vo:
- SSID phi ging nhau.
- Mt tc truyn d liu tng thch.
- Hon tt vn xc thc.
Mi quan h ca mt client vi mt AP c gi l mt kt hp (association).
My client phi gi mt thng ip c cha yu cu kt hp. Sau AP s gn
quyn hay t chi yu cu trn bng cch gi ra mt thng ip tr li. Khi
c kt hp thnh cng, tt c cc truyn thng vo/ra t my trm phi thng
qua AP. Hot ng ny minh ha hnh B trong hnh v bn trn. Cc my
trm khng cn c th giao tip vi nhau nh trong m hnh adhoc trc y
na (cn gi l m hnh IBSS).
Thit b AP khng phi l mt thit b hon ton b ng ging nh mt

Ethernet hub. Mt AP qun l mng khng dy ca n, qung b s tn ti ca
chnh n sao cho cc my trm c th kt hp, sau AP s kim sot tin
trnh kt hp ny. V d, bn hy nh li rng mi khung d liu khi c gi
thnh cng thng qua kt ni khng dy u phi c nhn ACK. AP sau
chu trch nhim gi ACK ngc v cho my truyn.
Bn cng nn nh rng, bt chp trng thi kt hp l nh th no, mt my
trm c kh nng lng nghe hoc nhn cc frame c gi thng qua h tng
khng dy. Cc frame th tri ni trong khng kh, v c th truy cp bi bt
c thit b no nm trong dy tn s cho php nhn chng.
Bn ch rng m hnh tp hp dch v c bn BSS bao gm mt AP v
khng c mt kt ni r rng n mt mng Ethernet thng thng. Nu ta
trin khai m hnh nh trn, Access Point v cc my trm ca n to thnh
mt mng c lp.
Mt AP cng c th kt ni uplink vo mt h thng mng Ethernet bi v trn
AP c h tr cc kt ni khng dy v c dy. Nu AP t trong cc v tr vt
l khc nhau, n c th dng kt ni vo h tng mng ca doanh nghip.
M hnh kt ni ny c gi l m hnh dch v m rng 802.11 Extended
Service Set.
Trong m hnh ESS, mt my trm ch c th kt ni vo mt AP khi my
gn AP . Nu my trm sau di chuyn sang v tr khc, n c th kt ni
vi cc AP gn . Chun 802.11 cng nh ngha mt cch thc cho php cc
my trm trung chuyn (roaming) t AP ny sang AP khc khi v tr ca my
trm khng dy thay i.
------------------------------------------------------Bi 31:
Hot ng ca AP
Chc nng c bn ca mt AP l lm cu ni (bridge) cho nhng d liu mng
khng dy t khng kh (mi trng sng v tuyn) vo mng c dy bnh
thng. Mt AP c th chp nhn nhng kt ni t mt s cc my trm khng
dy sao cho n c th tr thnh cc thnh vin bnh thng ca mt mng LAN
dng dy.
Mt AP cng c th hot ng nh mt cu ni (bridge) hnh thnh mt kt
ni khng dy gia mt mng LAN ny v mt mng LAN khc trn mt
khong cch xa. Trong tnh hung , mi u ca kt ni khng dy cn
mt access point. Kiu kt ni ny gi l AP-to-AP hoc kt ni line-of-sight,
thng c dng kt ni gia cc ta nh.
Cisco cng pht trin mt loi AP c th lm cu ni cho cc loi lu lng
trong mng khng dy t AP ny sang AP kia, theo kiu mt chui cc cu ni.
Kiu kt ni ny cho php mt vng khng gian ln c th c bao ph bi

mng khng dy. Cc AP lc ny s hnh thnh nn s mess, rt ging vi
m hnh ESS, trong cc AP kt ni lin hon vi nhau thng qua cc kt ni
khng dy khc.
AP hot ng nh mt im truy cp trung tm, kim sot cc truy cp t cc
my trm. Bt k my trm no khi c gng dng WLAN th trc ht phi
thit lp mt kt ni vi mt AP. AP c th cho php kt ni theo dng m sao
cho bt k my trm no cng c th kt hp, hoc c th kim sot cht ch
hn bng cch yu cu xc thc, hoc c th dng cc tiu chun khc trc
khi cho php kt hp.
Hot ng ca WLAN th lin quan cht ch n qu trnh phn hi t u bn
kia ca kt ni khng dy. V d, cc my trm phi bt tay vi AP trc khi
n c th kt ni v s dng mng khng dy. mc c bn nht, yu cu
ny m bo mt kt ni hai chiu bi v c my trm v AP u c kh nng
truyn v nhn frame thnh cng. Tin trnh ny s loi b kh nng truyn
thng mt chiu, khi my trm ch c th nghe AP nhng AP th khng th
nghe my trm.
Ngoi ra, AP c th kim sot nhiu kha cnh ca phm vi mng khng dy
ca n bng cch yu cu mt s iu kin phi c p ng trc khi my
trm c th kt ni vo. V d, AP c th yu cu my client h tr mt tc
truyn d liu c th, p ng cc bin php bo mt v cc yu cu xc thc
trong qu trnh kt hp.
Bn c th ngh mt AP l mt thit b bt cu, trong frame t cc phng
tin, h tng khc nhau s c chuyn i v chuyn i lp 2. Ni mt cch
n gin, mt AP s chu trch nhim nh x mt vlan vo mt SSID.
Trong phn bn tri ca s trn minh ha cho tnh hung ta mun m rng
vlan 10 ra mt AP, dng mt cng ca switch ch access. AP sau s
nh x vlan 10 sang mng wireless dng SSID l marketing. Cc ngi dng
kt hp vi SSID marketting s c cc my khc xem nh ang kt ni
vo vlan 10.
Khi nim ny c th c m rng nhiu vlan c nh x vo nhiu
SSID. lm c iu ny, AP phi kt ni n switch thng qua kt ni
trunk trong mang nhiu vlan. Trong phn bn phi ca hnh trn, vlan 10 v
vlan 20 u c trunk n AP. AP dng 802.1q rng buc vlan vi SSID.
V d, vlan 10 c nh x n SSID marketing trong khi vlan 20 th nh x
n SSID Engineering.
Kt qu l, khi mt AP dng nhiu SSID, n s mang nhiu vlan thng qua
sng v tuyn n ngi dng cui. Ngi dng cui phi chn SSID ph hp
c nh x vo vlan tng ng.
---------------------------------------------Bi 32:
Wireless LAN cells

Mt AP c th cung cp kt ni WLAN n cc client ch trong tm vc pht
sng ca n. Phm vi tn hiu c th c nh ngha mt cch tng i bi
loi n ten ang c dng cho AP. Trong mi trng khng kh, phm vi ny
c th l mt hnh cu bao bc xung quanh mt n ten v hng. t nht, phm
vi ph sng s xut hin nh mt vng trn trn mt bng ca sn. Bn cng
cn nh rng, phm vi ph sng l ba chiu, ngha l cng nh hng n cc
sn bn trn v bn di, trong trng hp bn trin khai trong mt to nh
nhiu tng.
V tr t AP phi c hoch nh k lng sao cho phm vi ph sng t
c mc cn thit. Mc d bn thit k v tr t AP theo mt s no ,
hot ng tht s ca wireless lan s lun hot ng trong tnh trng thay i.
iu l do mc d v tr ca AP l c nh, cc my trm khng dy c th
thay i v tr thng xuyn.
Vn di chuyn ca cc my trm c th lm cho phm vi ph sng ca AP
tr nn kh khn hn d kin. Cc my trm c th di chuyn vng quanh v
pha sau nhng vt cn trong mt phng, pha sau tng, catrong mt ta
nh. Gii php tt nht thit k v tr t AP v phm vi ph sng l thc
hin mt site survey - kho st mng. Trong tin trnh site survey, mt AP dng
kim tra s c t v tr mong mun hoc d kin, trong khi mt my
trm khng dy s di chuyn xung quanh o cht lng v mnh ca tn
hiu. tng l th nghim AP bng chnh mi trng tht, vi nhng vt cn
tht. Nhng vt cn tht ny c th gy nh hng ln hot ng ca my
client.
Phm vi ph sng ca mt AP c gi l mt cell. Cc client trong mt cell

c th kt hp vi AP v sau truy cp mng wlan. Khi nim trn c m
t trong hnh di y. Mt my ra khi cell bi v n ra ngoi tm tn hiu ca
AP.
Gi s mt AP loi dng trong nh c bn knh ph sng l 100 feet, bao ph

vi phng hay mt phn ca hnh lang. My client c th di chuyn thoi mi
bn trong phm vi (cell) v truy cp mng khng dy t bt k v tr no.
Tuy nhin, ch c mt vng ph sng th hi b hn ch bi v cc my trm c
th hot ng trong nhng phng ln cn hoc trn nhng tng lu khc. Cc
my ny d nhin khng mun mt kt ni khi ang nhng v tr khc nhau.
m rng ton b vng ph sng ca WLAN, cc cell khc c th che ph
cc phng ln cn bng cch t thm cc AP trong ton b khu vc ta nh.
tng l ta s t AP sao cho cc cell c th bao ph mi vng m mt my
client c th t v tr . Tht ra, cc cell nn c nhng vng chng lp ln
nhau theo mt t l phn trm nh, nh trong hnh v di y:
Khi cc cell l chng lp ln nhau, cc AP lng ging khng th dng cng tn

s.
Nu hai AP lng ging s dng cng mt tn s, t n s gy nhiu ln nhau.
Thay vo , cc tn s c dng trn cc AP lng ging phi khng trng lp
hoc phi lch nhau cho ton khu vc.
Khi mt my trm kt ni n mt AP, n c th t do di chuyn xung
quanh. Khi mt my trm di chuyn t mt cell ca AP sang mt cell khc, kt
ni cng s c chuyn t AP sang AP khc. Vic di chuyn t mt AP sang
mt AP khc c gi l chuyn vng (roaming).
S chuyn ng ny c m t trong hnh v bn di. Khi my trm di
chuyn dc theo con ng, n i qua vng ph sng ca vi AP. Khi mt my
trm di chuyn t mt AP sang mt AP khc, n phi thit lp li kt ni vi
AP mi. Ngoi ra, cc d liu m mt my trm ang gi trc khi trong
trng thi roaming cng s c tm trung chuyn t AP c sang AP mi.
Theo cch ny, bt k my trm khng dy no khi thc hin kt ni th ch
thng qua mt AP mt thi im. iu ny cng gim thiu kh nng mt d
liu ang gi hoc ang nhn khi qu trnh roaming din ra.
Khi bn thit k mt mng khng dy, bn c th c gng bao ph mt vng
ln nht c th cho mt AP. Bn c th cu hnh AP cng sut pht ti a ca
n. Nu lm nh vy, c th bn s gim s lng AP cn thit bao ph mt
vng. V v vy, s gim chi ph tng th. Tuy nhin, bn cng nn xem xt
mt s yu t bt li khc nu lm nh trn.
Khi mt AP c cu hnh bao ph mt vng rng ln, n cng tim tng
mt kh nng l c qu nhiu my kt ni vo. Tuy nhin, bn cn nh rng
mt cell th ch l mt mi trng dng chung m tt c cc my u phi chia
s theo ch bn song cng (half duplex). Khi s lng my trm kt ni vo
tng ln, tng s bng thng v thi gian cho mi my s gim xung.
Thay vo , hy xem xt vic gim kch thc ca cell (bng cch gim cng
sut pht) sao cho ch c nhng my trm trong khong cch gn c th kt
ni v dng bng thng. Lc ny, AP cng c th gip kim sot s lng my
trm ang kt ni mt thi im bt k no . iu ny tr nn quan trng
cho cc ng dng i hi bng thng cao hay thi gian p ng thp nh voice,
video hay cc phn mm y t.
Khi kch thc ca cell l gim nh, n c gi l microcells. Khi nim ny
c th c m rng trong nhng mi trng cn kim sot cao nh cc sn
chng khon. Trong nhng trng hp ny, cng sut pht ca AP v kch
thc cell c gim thiu, lc ny cc cell c gi l picocell.
--------------------------------------Bi 33:
Mt s phng thc cp nht bng nh tuyn
S dng mt giao thc nh tuyn l cch d dng nht to v duy tr mt
bng nh tuyn. Tuy nhin y khng phi l cch duy nht hoc cch hiu
qu nht thng bo cho router bit v nhng mng hin c trong mt AS.
Nu mt router c rt t ti nguyn, mt cch hiu qu l nh ngha mt ng
i mc nh n mt router c thng tin v cc mng khc. Do ngoi
cch dng cc giao thc nh tuyn, cn c nhng cch khc cp nht.
Dng nh tuyn tnh (Static Routes)
Cu hnh bng nh tuyn tnh c ngha l thm vo cc tuyn ng tnh vo
trong bng nh tuyn. Thun li ca cch dng nh tuyn tnh l gip tit
kim ti nguyn mng. Nhc im ca cch dng ny l ngi qun tr phi
chu trch nhim cp nht cho tng dng nh tuyn ti mi router nu c mt
thay i trong mng. Theo nh ngha, cc tuyn ng tnh khng th t iu
chnh ng mi khi c thay i xy ra. Do cc mng s khng hi t cho
n khi no cc router c cu hnh. C mt vi tnh hung cn phi dng
nh tuyn tnh:
- Cc ng truyn c bng thng thp.
- Ngi qun tr mng cn kim sot cc kt ni.
- Kt ni dng nh tuyn tnh l d phng cho ng kt ni dng cc giao
thc ng.
- Ch c mt ng duy nht i ra mng bn ngoi. Tnh hung ny gi l
mng stub.
- Router c rt t ti nguyn v khng th chy mt giao thc nh tuyn ng.
- Ngi qun tr mng cn kim sot bng nh tuyn v cho php cc giao
thc nh tuyn classful v classless.
Dng nh tuyn tnh vi gi tr AD thay i (floating static route)

C ch dng nh tuyn tnh vi gi tr AD thay i l mt c ch khc a
thng tin vo bng nh tuyn. Gii php ny khc phc mt s gii hn trong
thit k mng. Mt floating static route cho php mt ng i d phng nm
ch cho n khi no tuyn ng chnh b cht. Sau ng d phng s
c kch hot. Khi ng chnh c sa cha, ng backup s lui v ch
d phng. Mt v d l mt ng quay s s lm ng d phng cho
ng frame-relay .
nh tuyn theo yu cu (On Demand Routing)
Tt c cc vn nh tuyn u quan tm n vn ph tn qun l. Trong
trng hp cc routing update, dng nh tuyn tnh th c chi ph qun tr cao,
cn dng nh tuyn ng th tiu tn ti nguyn. Thng thng, vic chn la
khi no th dng nh tuyn tnh, khi no dng nh tuyn ng l mt quyt
nh d dng. nh tuyn tnh thng c dng chia s thng tin nh
tuyn gia classful v classless hoc nh ngha mt tuyn ng mc nh.
Tuy nhin trong mt vi dng mng c s phn b ln, nh tuyn tnh hay
ng u khng ph hp. Trong mt h thng mng nh vy, cc kt ni
thng c bng thng thp v rt t thng tin cn gi trn cc kt ni ny.
Trong tnh hung ny, c v nh nh tuyn tnh v tuyn ng mc nh
default-route l cc gii php ph hp. Tuy nhin nu c rt nhiu mng xa
trong m hnh hub-and-spoke, gii php ny c th tr nn khng th qun l
c. Trong gii php dng ODR, tt c cc spoke router c th c cu hnh
ging nhau, mc d cc a ch IP phi l duy nht cho tng router.
ODR dng CDP gi cc a ch mng ca cc mng kt ni trc tip t
spokes hoc t stub v hub router. Hub router s gi cc a ch IP ca cc kt
ni chung nh l mt tuyn mc nh v stub router. ODR c thun li l ch
gi cc thng tin ti thiu, chng hn nh phn prefix v phn mask, mc nh
l mi 60 giy. Thng tin ny s c cp nht vo bng nh tuyn ca hub
router v c th c redistribute vo cc giao thc nh tuyn. Bi v gi tr
netmask c gi trong cp nht, VLSM c th c dng.
Trong hnh v trn, routerA c y thng tin v tt c cc mng kt ni n

tng spoke. Cc thit b cn li trong AS cha c t trong bng nh tuyn
ca router A nhm n gin ha cu hnh. tt c cc spoke router, tng trng
y l routerB, s gi mt tuyn mc nh n phn cn li ca h thng
mng. Route mc nh 0.0.0.0 vi gi tr next hop l a ch IP ca cng kt ni
v A. Router B s c hai mng kt ni trc tip ti n. Mt mng l tuyn mc
nh 0.0.0.0 v gi tr next-hop l a ch ca routerA.
Khi cu hnh ODR, ta cn phi nh cc im quan trng sau:
- Khng c giao thc nh tuyn no cu hnh trn stub router. IP routing c
bt ln ON ch mc nh. Cho php s dng ng i mc nh.
- Bt k mt a ch ph (secondary) no c cu hnh trn stub router s
khng c truyn bi CDP v hub router.
- ODR phi c cu hnh trn hub router.
- Mc d CDP l cho php ch mc nh trn tt cc cc cng, mt vi
cng giao tip WAN chng hn nh ATM i hi phi cu hnh CDP bng lnh
cdp enable.
- CDP dng c ch multicast. Vi nhng cng ngh WAN yu cu pht biu
mapping (v d nh trong frame-relay), hy dng t kha broadcast m bo
rng cc CDP l c truyn.
- C th hiu chnh CDP timers gi cc cp nht thng xuyn hn chu k
mc nh 60s.
Bi 34:
Mt s thuc tnh ca IPv6

Tm tt a ch (Address Aggregation)
Qu trnh tm tt cc route, bt c khi no c th, l quan trng trong Internet.
Bng nh tuyn th d qun l hn vi cch hin thc CIDR. Mc d tt c cc
s a ch trong IPv6 cho php cp pht hu nh v tn cc a ch, kin trc
ca IPv6 vn cho php trin khai theo dng c cu trc sao cho n khng b
qu ti. Nh trong IPv4, cc bit bn tri ca a ch c dng tm tt cc
a ch mng xut hin pha phi ca cu trc a ch. Nh vy, a ch IPv4
140.108.128.0/17 c th bao gm cc subnets 140.108.225.0/24. iu ny c
ngha l bng nh tuyn c th route n tt c cc subnets nhng thay v c
128 a ch subnet nm trong bng nh tuyn, ch cn 1 dng duy nht tng
trng cho tt c cc route. ch ra mt subnet nh hn, cc qui lut thng
thng trong nh tuyn vn c tun theo v gi tin c gi ti cho router
qung b network 140.108.128.0/17. Router ny trong bng nh tuyn ca n
c nhiu thng tin chi tit hn, s chuyn gi cho n khi n n c network
ch.
Trong IPv6, kin trc a ch cho php iu chnh tt hn dng a ch c
dng trong Internet. a ch th rt di v mi phn phc v mt chc nng
khc nhau. 48-bit u tin ca a ch c dng bi IANA cho qu trnh nh
tuyn ng trong Interner to ra cc a ch kh kt ton cc. Ba bit u tin
c gn gi tr 001 ch ra mt a ch ton cc.
T ng cu hnh (Autoconfiguration)
Cc a ch cc b hay cc router kt ni trc tip gi prefix ra cc kt ni cc
b v ra tuyn ng mc nh. Cc thng tin ny c gi n tt c cc node
trn h thng mng, cho php cc host cn li t ng cu hnh a ch IPv6.
Router cc b s cung cp 48-bit a ch ton cc v SLA hoc cc thng tin
subnet n cc thit b u cui. Cc thit b u cui ch cn n gin thm
vo a ch lp 2 ca n. a ch L2 ny, cng vi 16-bit a ch subnet to
thnh mt a ch 128-bit. Kh nng gn mt thit b vo m khng cn bt c
mt cu hnh no hoc dng DHCP s cho php cc thit b mi thm vo
Interner, chng hn nh dng cellphone, dng cc thit b wireless v. Mng
Internet tr thnh plug-and-play.
Ti cu hnh a ch (Renumbering)
Kh nng kt ni n cc thit b xa mt cch t ng cho php n gin ha
nhiu tc v trc y l cc cn c mng cho cc nh qun tr. Tnh nng t
ng cu hnh ca IPv6 cho php cc router cung cp tt c cc thng tin cn
thit n tt c cc host trn mng ca n. iu ny c ngha l cc thit b c
th cu hnh li a ch ca n d dng hn. Trong IPv6, cc thay i ny l
trong sut i vi ngi dng cui.
Header n gin v hiu qu

Phn header ca IPv6 c n gin ha tng tc x l v tng hiu
qu cho router. Cc ci tin bao gm:
C t vng hn trong header.
Cc vng bao gm 64bits.
Khng cn phn kim tra li checksum.
Do c t vng hn, qu trnh x l cng ngn hn. B nh dng hiu qu hn
vi cc field 64 bits. iu ny cho php qu trnh tm kim tr nn rt nhanh
bi v cc b x l ngy nay cng l cc b x l 64 bit. Tr ngi duy nht l
vic s dng a ch 128-bit, ln hn kch thc mt word hin hnh. Vic loi
b phn check sum cng gim thiu thi gian x l nhiu hn na.
Bo mt (Security)
Vi cc kt ni trc tip thng qua cc khng gian a ch rng ln, vn bo
mt l mt chn la nhiu thc t cho IPv6. Bi v nhu cu dng firewall v
cc qu trnh NAT gia cc thit b u cui l gim, cc gii php v bo mt
c th c thc hin bng cch m ha gia cc h thng. Mc d IPSec
sn c trong IPv4, n tr thnh mt thnh phn trong IPv6. Vic s dng cc
thnh phn m rng cho php mt giao thc cung cp gii php end-to-end.
Tnh c ng
a ch IPv6 c thit k vi tnh c ng c tch hp vo trong Mobile IP.
Mobile IP cho php cc h thng u cui thay i v tr m khng mt cc kt
ni. c im ny rt cn thit cho nhng sn phm wireless chng hn nh IP
phone v cc h thng GPS trong xe hi. nh dng phn header cho php cc
thit b u cui thay I a ch IP bng cch dng mt a ch gc nh l
ngun ca gi tin. a ch gc ny l n inh, cho php cc a ch duy tr tnh
c ng.
Bi 35:
Bo mt lp 2
Ti liu Cisco SAFE Blueprint (c a ch http://www.cisco.com/go/safe)
ngh mt s gii php sau cho bo mt switch. Trong phn ln cc trng hp,
vic khuyn co ph thuc vo mt trong ba c im sau trn cc cng ca
switch.
Cc port khng c dng ca switch: L cc port khng kt ni n bt k
thit b no. V d nh cc switchport c th c gn cp sn vo cc mng
trn tng.
Cc port ca ngi dng: L cc port gn vo cc thit b u cui ca end-user
hoc bt c port no c gn cp dn n mt vi khu vc khng c bo v.
Cc port tin cy hay cc port trunks: L cc port kt ni n nhng thit b tin
cy, chng hn nh cc switch khc hoc cc switch t trong cc khu vc c
bo mt vt l tt.
Danh sch di y tm tt cc khuyn co p dng cho cc cng ang dng
v cha c dng ca switch. Cc im chung ca nhng kiu port ny l mt
ngi dng c th truy cp c n switch sau khi h i vo bn trong to
nh m khng cn i vo wiring closet hay data center.
* Tt cc giao thc cn thit nh CDP hay DTP.
* Tt cc giao thc trunking bng cch cu hnh cc port ny nh l access
port.
* Bt tnh nng BPDU Guard v root Guard ngn nga cc kiu tn cng
STP v gi mt s mng STP n nh.
* Dng cc tnh nng nh Dynamic ARP Inspection (DAI) hoc private VLAN
ngn nga frame sniffing.
* Bt tnh nng port security giI hn s a ch MAC cho php v cho
php nhng MAC c th no .
* Dng xc thc 802.1X.
* Dng DHCP snooping v IP source Guard ngn nga DHCP DOS v kiu
tn cng man-in-the-midle.
Bn cnh cc khuyn co trn, Cisco SAFE Blueprint cn c thm cc khuyn

co sau:
* I vi bt c port no (bao gm c trusted port), hy xem xt kh nng trin
khai private vlan bo v mng khI b sniffing, bao gm c vic ngn nga
cc routers hay cc L3 switch khng nh tuyn cc gi tin gia cc thit b
trong private LAN.
* Cu hnh xc thc VTP ch ton cc cho tng switch ngn nga kiu
tn cng DOS.
* Tt bt c cng no khng dng ca switch v t cc cng ny vo trong cc
vlan khng dng.
* Trnh s dng VLAN 1. i vi cc kt ni trunk, khng dng native vlan.
Bo mt cho switch trn cc cng ang dng v cha dng
V d diy m t mt cu hnh trn switch Cat 3560, vi cch cu hnh tng
c im c nu ra. Trong v d ny, cng F0/1 l cng khng c dng.
CDP c tt trn cc cng nhng CDP vn cn chy ch ton cc v
gi thuyt l mt vi cng vn cn cn dng CDP. DTP c tt v STP
RootGuard v BPDU Guard c bt.
Lnh cdp run cho php CDP vn chy ch ton cc nhng CDP b tt
trn cng F0/1 l cng khng c s dng.
cdp run
int fa0/0
no cdp enable
Lnh switchport mode access ngn nga port khng tr thnh trunking v lnh
switchport nonegotiate ngn nga bt k thng ip no ca DTP c gi hay
nhn.
switchport mode access
switchport nonegotiate
Hai lnh cui cng bt tnh nng Root Guard v BPDU Guard trn tng cng.
BPDU cng c th c bt trn tt c cc cng bng tnh nng PortFast. Tnh
nng ny c cu hnh bng lnh ch ton cc spanning-tree portfast
bpduguard enable.
spanning-tree guard root
spanning-tree bpduguard enable
Port Security
Tnh nng switchport port security gim st mt cng ca switch giI hn s
a ch MAC kt hp vi port trong bng switching L2. Tnh nng ny cng
p t gii hn s a ch MAC bng cch ch cho vi a ch MAC c th dng
trn cng .
hin thc tnh nng port security, switch s thm vo vi bc trong tin
trnh x l bnh thng ca cc frame i vo. Thay v t ng thm vo bng
MAC a ch MAC ngun v s cng, switch xem xt cu hnh port security v
s quyt nh n c cho php a ch khng. Bng cch ngn nga cc a
ch MAC khi vic thm vo switch, port security c th ngn nga khng y
frame v cc a ch MAC trn mt cng.
Tnh nng port security h tr nhng c im ch cht sau:
Gii hn s a ch MAC c th kt hp vi mt cng ca switch.
Gii hn a ch MAC tht kt hp vi cng, da trn ba phng thc sau:
Cu hnh tnh a ch MAC.
Hc ng a ch MAC, s a ch MAC c th ln n gi tr nh ngha ti a,
trong cc hng trong bng nh tuyn s b mt khi reload.
Hc ng cc a ch MAC nhng cc a ch ny s c lu trong cu hnh
(cn c gi l sticky).
Chc nng port security bo v vi kiu tn cng. Khi mt bng CAM in
thng tin mi vo, cc thng tin c s b xa ra. Khi mt switch nhn c mt
frame i v a ch MAC ch khng cn trong bng CAM, switch s pht tn
frame ra tt c cc cng. Mt k tn cng c th lm cho cc switch in li
thng tin trong bng CAM bng cch gi ra rt nhiu frame, mi frame c mt
a ch MAC ngun khc nhau, lm cho switch xa cc thnh phn trong bng
CAM cho hu ht cc host hp l. Kt qu l, switch s pht tn cc frame hp
l bi v a ch MAC ch khng cn trong bng CAM, lm cho my tn cng
thy tt c cc frame.
-----------------------------------------------------Bi 36:
Mt s tnh nng nng cao ca NAT

Cu hnh pool uyn chuyn hn:
C php cu hnh dy a ch c m rng cho php mt dy khng lin
tc cc a ch. C php sau y l cho php:
ip nat pool <name> { netmask <mask> | prefix-length <length> } [ type {
rotary }]
Lnh ny s a ngi dng vo IP NAT pool, trong mt dy a ch c th

c cu hnh. Ch c mt lnh c cu hnh trong ch ny:
address <start> <end>
Example:
Router(config)#ip nat pool fred prefix-length 24
Router(config-ipnat-pool)#address 171.69.233.225 171.69.233.226
Router(config-ipnat-pool)#address 171.69.233.228 171.69.233.238
Cu hnh to ra mt dy cha cc a ch 171.69.233.225-226 v dy a ch
171.69.233.228-238 (a ch 171.69.233.227 b loi b).
Dch sang a ch ca cng:
gip cc ngi dng mun dch tt c cc a ch bn trong gn n mt
cng trn router, NAT cho php ta t tn cho cng ca router khi cu hnh nat
ng.
ip nat inside source list <number> interface <interface> overload
Nu khng c a ch no trn cng, hay nu cng l khng up, NAT s khng
xy ra.
V d:
ip nat inside source list 1 interface Serial0 overload
Cu hnh NAT tnh vi cc cng:
Khi chuyn dch a ch n a ch ca mt cng, cc kt ni n router xut
pht t bn ngoi (chng hn nh email) s cn cc cu hnh thm c th
chuyn cc kt ni vo cc my bn trong. Lnh ny cho php ngi dng nh
x vi dch v n vi my bn trong.
ip nat inside source static { tcp | udp } <localaddr> <localport>
<globaladdr> <globalport>
V d:
ip nat inside source static tcp 192.168.10.1 25 171.69.232.209 25
Trong v d ny, cc kt ni SMTP t bn ngoi n cng 25 s c gi vo
my bn trong a ch 192.168.10.1.
H tr cho route maps:
Cc lnh thc hin NAT ng c th ch ra mt route map x l thay v l
mt access-list. Mt route map cho php ngi dng la ra mt kt hp ca
access-list, next-hop v a ch cng ra (output interface) xc nh dy a
ch no s c dng.
ip nat inside source route-map <name> pool <name>

Example:
ip nat pool provider1-space 171.69.232.1 171.69.232.254 prefix-length 24
ip nat pool provider2-space 131.108.43.1 131.108.43.254 prefix-length 24
ip nat inside source route-map provider1-map pool provider1-space
!
interface Serial0/0
ip nat outside
!
interface Serial0/1
ip nat outside
!
interface Fddi1/0
ip nat inside
!
route-map provider1-map permit 10
match ip address 1
match interface Serial0/0
!
match ip address 1
T kha extendable:
T kha extandable cho php ngi dng cu hnh vi lut chuyn i khng
r rng, v d nh cc lut c cng a ch local v global.
ip nat inside source static <localaddr> <globaladdr> extendable
Mt vi khch hng mun dng nhiu hn mt nh cung cp dch v v s dch
vo tng khng gian a ch ca nh cung cp dch v. Ta c th dng route
map vic chn la da trn a ch ton cc hay trn nhng cng ra hoc
da vo access list. Di y l mt v d:
ip nat pool provider1-space ...
ip nat pool provider2-space ...
!
match ip address 1
!

match ip address 1
Ta cng mun nh ngha cc nh x tnh cho mt host c bit trn tng
khng gian a ch ca ngi dng. H iu hnh Cisco IOS khng cho php
hai cu lnh cu hnh tnh c cng a ch cc b v n s gy ra s nhp nhng
t pha bn trong. Router s chp nhn cc cu lnh tnh ny v gii quyt vic
nhp nhng bng cch to ra cc cu lnh nh x y v nu vic nh x
c nh du nh l extendable. i vi mt dng t bn ngoi vo, cc
lut route map ng s c dng n to ra vic chuyn i.
To ra cc tn cho cc dy a ch:
Nhiu khch hng mun cu hnh NAT dch cc a ch cc b sang a ch
ton cc c cp pht t nhng a ch khng dng trong mt dy a ch
mng. iu ny yu cu router tr li nhng ARP request cho nhng a ch
ny cc gi tin i v a ch ton cc c chp nhn bi router v c
thc hin NAT. Tin trnh nh tuyn routing trong router s qun l gi tin
ny khi a ch ton cc c cp pht t mt a ch o, khng kt ni vo
u. Khi mt dy a ch NAT dng mt a ch inside global hoc outside
local bao gm cc a ch trn mt subnet, phn mm s to ra mt tn gi cho
a ch m router s tr li ARP.
Qu trnh t tn t ng ny cng din ra cho cc a ch inside global hay
outside global trong cc hng cu hnh tnh. C ch ny c th tt bng cch
dng lnh no-alias:
ip nat inside source static <local-ip-address> <global-ip-address> no-alias
Host Number Preservation: Lu gi a ch host.
d cho vic qun tr, mt vi site ch mun i phn a ch mng, khng
i phn a ch. Ngha l h mun phn a ch chuyn i phi c cng a
ch phn host ging nh ban u. D nhin l hai a ch mng phi c cng
prefix length. c im ny c th c bt bng cch cu hnh nat ng nh
thng l nhng cu hnh phn dy a ch thm vo t kha match-host.
ip nat pool fred <start> <end> prefix-length <len> type match-host
Ci tin thi gian timeouts:
Cc lnh sau y c h tr m rng thi gian chuyn dch
ip nat translation ?
icmp-timeout Specify timeout for NAT ICMP flows
syn-timeout Specify timeout for NAT TCP flows after a SYN and no further data
Gii hn s lng NAT sessions:

Dng cc lnh sau, Cisco IOS NAT c th c cu hnh gii hn s lng
NAT to ra. Mc nh l khng gii hn.
ip nat translation max-entries <n>
----------------------------------------------Bi 37:
Cch xem thng tin bng nh tuyn
Cu trc bng nh tuyn v tin trnh tra bng nh tuyn ca router:

Mt khi quyt nh tr thnh ngi qun tr mng bn phi thc s hiu v
cu trc ca bng nh tuyn v qu trnh tm ng i da vo bng nh
tuyn (lookup process). Kin thc ny rt quan trng khi ngi qun tr gii
quyt nhng vn lin quan ti bng nh tuyn.
hiu c qu trnh router thc hin tra bng nh tuyn nh th no, ta
phi hiu c nh dng ca bng nh tuyn, layer 1 route v layer 2 route.
Ta s dng m hnh mng vi 2 router, R1 gm 1 mng chnh 172.16.0.0 /16
c chia subnet 172.16.0.0 /24. R2 gm 3 mng chnh (major network)
172.17.0.0/16, 172.16.0.0/16, 192.168.1.0/24.
Hnh 37.1: M hnh lab gm 2 router.
n gin ta ch xt thng tin bng inh tuyn trn Router 2
Hnh 37.2: Thng tin bng inh tuyn ca Router 2

Khi show bng nh tuyn c bn ta s thy c nhng thng tin sau:
Cho bit tuyn ng ny c c do ngi qun tr ch ra (static route), router
hc c nh cc giao thc nh tuyn (dynamic route) hay l mng kt ni
trc tip ti router (connected route).
Router c th gi c d liu ti mng ny
ti c mng mong mun Router phi gi gi tin ra interface no hay gi
gi tin ti a ch IP no (IP next-hop)
V d: nh trn hnh 2, router 2 mun gi gi tin ti mng 172.16.12.0 th s
gi ra cng (interface) serial0/0/0 hay gi ti cng ca router c a ch IP
172.16.1.1. Thng tin ny c hc nh giao thc nh tuyn RIP
I/ Cu trc phn cp ca bng nh tuyn.
Bng nh tuyn ca router c cu trc phn cp, vic ny rt quan trng gip
router khng cn phi tra ht tt c tuyn ng trong bng nh tuyn chn
ng i. n gin ta ch tm hiu tuyn ng vi 2 cp lever 1 v 2.
Level 1 ultimate route: l nhng tuyn c subnet mask bng hoc nh hn
classfull mask ca a ch mng v bao gm thng tin v next-hop IP address
hay interface m router s gi gi tin ra i n mng mong mun.
Nh trong hnh 3, 192.168.1.0 /24 l tuyn ng cp 1 v n c subnet mask
l 24 bng vi classful mask ca a ch mng lp C /24 v interface trn
router i ra mng ny l serial Ethernet0/1/0.
Hnh 37.3: level 1 route

Parent and child routes ( level 1 parent route and level 2 route)
Khi mt mng c chia subnet c add vo bng nh tuyn, tuyn ng ny
c phn thnh 2 cp: parent route v child route hay cn c gi parent
route cp 1(level 1 parent route) v route cp 2.
Level 1 parent route: l a ch classfull khng mang thng tin v a ch IP
next-hop hay exit interface. (xem tip bn di)
Level 2 route: L tuyn ng ch ra mng con ca a ch mng chnh
Nh trong hnh 4
Hnh 4: parent and child routes

Mng 172.16.0.0 /24 v 172.17.0.0 /16 l parent routes, cc mng khc
172.16.1.0 172.16.12.0 v 172.17.1.0 /24 172.17.128.0 /24 l child routes
v chng l mng con ca a ch mng chnh 172.16.0.0 v 172.17.0.0
Trong phn ny chng ta chia lm 2 trng hp
Trng hp 1: Tt c cc subnet ca cng mt mng chnh c subnet mask
bng nhau
Parent route l a ch classful c subnet mask c ch ra i din cho cc
mng con ca n. Trn hnh 4, 172.16.0.0 /24 l parent route c subnet mask l
24 ch ra rng hai mng con ca n 172.16.1.0 v 172.16.12.0 s dng
subnet mask l 24.
Trng hp 2: Cc subnet ca cng mt mng c subnet mask vi chiu di
khc nhau
Parent route cng l a ch classful nhng subnet mask l classfull mask (
classful mask ca a ch mng lp A l /8, lp B /16, lp C/24). Mi subnet
u mang thng tin ring v subnet mask ca mnh. Trn hnh 4, 172.17.0.0 /16
c chia lm 2 mng con c a ch 172.17.1.0 /24 v 172.17.128/17.Parent
route 172.17.0.0 /16 c classfull mask l /16 v mi mng con u c subnet
mask ring ca mnh.
II/ Qu trnh router thc hin tra bng nh tuyn:

Khi router nhn c mt gi IP n s dng a ch IP ch ca gi tin ny kt
hp vi bng nh tuyn xc nh ng i. Nh vy qu trnh tra bng nh
tuyn nh th no? Lm th no router c th xc nh c ng i tt nht?
Subnet mask ca mi mng trong bng nh tuyn c ngha g? . . .
Cc bc router thc hin tra bng nh tuyn:
Bc 1: u tin router s so snh a ch IP ch vi tt c level 1 routes trong
bng nh tuyn. Nu a ch ny ph hp nht vi level 1 ultimate route th n
s dng ng ny chuyn gi tin i. Nu a ch ny ph hp nht vi level
1 parent route th router s thc hin sang bc th 2.
Bc 2: Router s so snh a ch IP ch vi tt c level 2 child routes. Nu c
mt tuyn ph hp nht th n s s dng tuyn ny chuyn gi tin i. Nu
khng ph hp th router thc hin tip bc 3.
Bc 3: Router xt xem n thc hin nh tuyn classfull routing behavior hay
classless routing behavior
Nu router thc hin nh tuyn classful routing behavior ( Router(config) #
no ip classless) : Gi tin ny s b hy
Nu router thc hin nh tuyn l classless routing behavior (
Router(config)# ip classless): Router s quay li tm tip level 1 xem c default
route hay supernet ( a ch mng c subnet mask nh hn classfull mask) c
ch ra hay khng, nu c th router thc hin tip bc 4.
Bc 4: Nu router tm c default route hay supernet ph hp th n s s
dng tuyn ng ny chuyn gi i, nu khng tm thy bt k s ph hp
no thi gi s b hy.
hiu r ta xt v d sau vi 2 router nh hnh 2 kt hp vi router 3, trn
router c mng 172.16.4.0 /24. Ta tt cu hnh nh tuyn ng trn mng
192.168.2.0 (Router(config-rip)# no network 192.168.2.0) v cu hnh stactic
route 172.0.0.0/8 ti router R3.
M hnh lab.
Bng nh tuyn trn router 2.
ng trn Router 2 ta ping ti a ch IP 172.16.4.1. Router thc hin tra bng

nh tuyn nh sau:
Bc 1: Router so snh a ch IP 172.16.4.1 vi level 1 routes, nhng level 1
uitimate route ( 192.168.1.0 /24 v 192.168.2.0 /24 ) khng ph hp ch c 1
level parent route 172.0.0.0 /8 ph hp vi 8 bits u v 1 level parent route
172.16.0.0 /24 ph hp vi 16 bits u. Trong , level 1 parent route
172.16.0.0 /24 l ph hp nht. Router thc hin tip bc 2
Bc 2: V level 1 parent route 172.16.0.0 /24 l ph hp nht do router s
tip tc so snh a ch IP 172.16.4.1 vi cc level 2 child routes ( 172.16.1.0
v 172.16.2.0), 2 level child route ny khng ph hp vi a ch 172.16.4.1
router thc hip tip bc 3
Bc 3:
Nu router c cu hnh IP classless ( mc nh IOS t 11.3 tr i, cc
router c chc nng ny) router thc hin so snh li mt ln na a ch
172.16.4.1 vi level 1 route v thy level 1 parent route 172.0.0.0 /8 ph hp
vi 8 bits u ca a ch do router s chuyn gi tin ti IP next-hop
192.168.2.3
Nu router khng cu hnh IP classless ( command: R(config) # no ip
classless) th gi tin ny s b hy cho d router c cu hnh default route ti IP
next-hop 192.168.2.3
Ch : Nu router c cu hnh no ip classless defaul route ch c
s dng khi khng c bt k mt level 1 ultimate route v level 1 parent
route no ph hp.
------------------------------------------Bi 38:
TNG QUAN V IP VERSION 6
IGII THIU CHUNG
IIH thng a ch IPv4 hin nay khng c s thay i v c bn k t RFC 791
pht hnh 1981. Qua thi gian s dng cho n nay pht sinh cc yu t
nh:
- S pht trin mnh m ca h thng Internet dn n s cn kit v a
ch Ipv4
- Nhu cu v phng thc cu hnh mt cch n gin
- Nhu cu v Security IP-Level
- Nhu cu h tr v thng tin vn chuyn d liu thi gian thc (Real time
Delivery of Data) cn gi l Quality of Service (QoS)
-
Da trn cc nhc im bc l k trn, h thng IPv6 hay cn gi l IPng
(Next Generation : th h k tip) c xy dng vi cc im chnh nh sau :
1- inh dng phn Header ca cc gi tin theo dng mi
Cc gi tin s dng Ipv6 (Ipv6 Packet) c cu trc phn Header thay i nhm
tng cng tnh hiu qu s dng thng qua vic di cc vng (field) thng tin
khng cn thit (non-essensial) v ty chn (Optional) vo vng m rng
(Extension Header Field)
2- Cung cp khng gian a ch rng ln hn
3- Cung cp gii php nh tuyn (Routing) v nh v a ch (Addressing)
hiu qu hn
-Phng thc cu hnh Host n gin v t ng ngay c khi c hoc khng c

DHCP Server
(stateful / stateless Host Configuration)
4- Cung cp sn thnh phn Security (Built-in Security)
5- H tr gii php Chuyn giao u tin (Prioritized Delivery) trong Routing
6- Cung cp Protocol mi trong vic tng tc gia cc im kt ni (Nodes )
7- C kh nng m rng d dng thng qua vic cho php to thm Header
ngay sau Ipv6 Packet Header
Chng ta c thm tham kho 1 Bng so sng gia IPv6 Packet v IPv4 packet
sau :
Bng so snh Ipv6 / Ipv4
IPv4
Source and destination
addresses are 32 bits (4 bytes)
in length.
IPsec support is optional.
No identification of packet
flow for QoS handling by
routers is present within the
IPv4 header.
Fragmentation is done by
both routers and the sending
host.
Header includes a checksum.
Header includes options.
Address Resolution Protocol
(ARP) uses broadcast ARP
Request frames to resolve an
IPv4 address to a link layer
address.
Internet Group Management
Protocol (IGMP) is used to
manage local subnet group
membership.
ICMP Router Discovery is
used to determine the IPv4
address of the best default
IPv6
Source and destination addresses are 128 bits
(16 bytes) in length. For more information, see
IPv6 Addressing.
IPsec support is required. For more
information, see IPv6 Header.
Packet flow identification for QoS handling by
routers is included in the IPv6 header using the
Flow Label field. For more information, see
IPv6 Header.
Fragmentation is not done by routers, only by
the sending host. For more information, see
IPv6 Header.
Header does not include a checksum. For more
information, see IPv6 Header.
All optional data is moved to IPv6 extension
headers. For more information, see IPv6
Header.
ARP Request frames are replaced with
multicast Neighbor Solicitation messages. For
more information, see Neighbor Discovery.
IGMP is replaced with Multicast Listener
Discovery (MLD) messages. For more
information, see Multicast Listener
Discovery.
ICMP Router Discovery is replaced with
ICMPv6 Router Solicitation and Router
Advertisement messages and is required. For
gateway and is optional.

Broadcast addresses are used
to send traffic to all nodes on
a subnet.
more information, see Neighbor Discovery.

There are no IPv6 broadcast addresses. Instead,
a link-local scope all-nodes multicast address
is used. For more information, see Multicast
IPv6 Addresses.
Must be configured either
Does not require manual configuration or
manually or through DHCP.
DHCP. For more information, see Address
Autoconfiguration.
Uses host address (AAAA) resource records in
Uses host address (A)
the Domain Name System (DNS) to map host
resource records in the
Domain Name System (DNS) names to IPv6 addresses. For more
information, see IPv6 and DNS.
to map host names to IPv4
addresses.
Uses pointer (PTR) resource Uses pointer (PTR) resource records in the
IP6.ARPA DNS domain to map IPv6 addresses
records in the INto host names. For more information, see IPv6
ADDR.ARPA DNS domain
to map IPv4 addresses to host and DNS.
names.
Must support a 1280-byte packet size (without
Must support a 576-byte
fragmentation). For more information, see
packet size (possibly
IPv6 MTU.
fragmented).
II- A CH IPv6
1- Khng gian a ch IPv6
a ch IPv6 (IPv6 Adddress) vi 128 bits a ch cung cp khi lng tng
ng s thp phn l
2128 hoc 340,282,366,920,938,463,463,374,607,431,768,211,456 a
ch
so vi IPv4 vi 32 bits a ch cugn cp khi lng tng ng s thp phn
l
232 hoc 4,294,967,296 a ch
2-Hnh thc trnh by
IPv6 Address gm 8 nhm, mi nhm 16 bits c biu din dng s Thp lc
phn (Hexa-Decimal)
Vd-1 : 2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A
(1) (2)
(3) (4) (5)
(6) (7) (8)
Co th n gin ha vi quy tc sau :
- Cho php b cc s khng (0) nm pha trc trong mi nhm
- Thay bng 1 s 0 cho nhm c gi tr bng khng
- Thay bng :: cho cc nhm lin tip c gi tr bng khng
Nh vy a ch Vd-1 c th vit li nh sau :
Vd-2 : 2001:DB8:0:2F3B:2AA:FF:FE28:9C5A
Vd-3 : a ch = FE80:0:0:0:2AA:FF:FE9A:4CA2
C th vit li = FE80::2AA:FF:FE9A:4CA2
(*) Lu : phn Gi tr u (Prefix) c xc nh bi Subnet Mask IPv6
tng t IPv4
c Prefix = 21DA:D3:0 (48 bits)
Vd-4 : 21DA:D3::/48
hoc 21DA:D3:0:2F3B::/64 c Prefix = 21DA:D3:0:2F3B ( 64 bits)
Ch thch :
khng b b ng, chng ta nn lu v mt s khi nim trc khi ni v
a ch ca IPv6 Host
a) Link-Local : khi nim ch v cc Host kt ni cng h thng thit b vt l
(tm hiu Hub, Switch)
b) Site-Local : khi nim ch v cc Host kt ni cng Site
c) Node : im kt ni vo mng (tm hiu l Network Adapter). Mi Node s
c nhiu IPv6 Address cn thit (Interface Address) dng cho cc phm vi
(Scope), trng thi (State), vn chuyn (Tunnel) khc nhau thay v ch c 1 a
ch cn thit nh IPv4
d) Do vy khi ci t IPv6 Protocol trn mt Host, mi Network Adapter s c
nhiu IPv6 Address gn cho cc Interface khc nhau
3-Cc loi IPv6 Address
a- Unicast
Unicast Address dng nh v mt Interface trong phm vi cc Unicast
Address. Gi tin (Packet) c ch n l Unicast Address s thng qua Routing
chuyn n 1 Interface duy nht
b- Multicast
Multicast Address dng nh v nhiu Interfaces. Packet c ch n l
Multicast Address s thng qua Routing chuyn n tt c cc Interfaces c
cng Multicast Address
c-Anycast
Anycast Address dng nh v nhiu Interfaces. Tuy vy, Packet c ch n
l Anycast Address s thng qua Routing chuyn n mt Interfaces trong
s cc Interface c cng Anycast Address, thng thng l Interface gn nht

(khi nim Gn y c tnh theo khong cch Routing)
Trong cc trng hp nu trn, IPv6 Address c cp cho Interface ch
khng phi Node, mt Node c th c nh v bi mt trong s cc Interface
Address
IPv6 khng c dng Broadcast, cc dng Broadcast trong IPv4 c xem nh
tng ng Multicast trong Ipv6
4-Cc loi IPv6 - Unicast Address
IPv6 Unicast Address gm cc loi :
Global unicast addresses
Link-local addresses
Site-local addresses
Unique local IPv6 unicast addresses
Special addresses
a-Global unicast addresses (GUA)
GUA l a ch IPv6 Internet (tng t Public IPv4 Address). Phm vi nh v
ca GUA l tan b h thng IPv6 Internet (RFC 3587)
001
/3)
: 3 bits u lun c gi tr = 001 nh phn (Binary bin) (Prefix = 001
Global Routing Prefix : gm 45 bits. L a ch c cp cho mt t chc,

Cng ty / C quan ..(Organization) khi ng k IPv6 Internet Address (Public
IP)
Subnet ID : gm 16 bits. L a ch t cp trong t chc to cc Subnets
Interface ID : gm 64 bits. L a ch ca Interface trong Subnet
C th n gin ha thnh dng nh sau (Global Routing Prefix = 48 bits)
(*) Cc a ch Unicast trong ni b (Local Use Unicast Address) : gm 2

loi :
Link-Local Addresses : gm cc a ch dng cho cc Host trong cng Link
v Neighbor Discovery Process (quy trnh xc nh cc Nodes trong cng
Link)
Site-Local Addresses : gm cc a ch dng cc Nodes trong cng Site lin
lc vi nhau
b-Link-local addresses (LLA)

LLA l a ch IPv6 dng cho cc Nodes trong cng Link lin lc vi nhau
(tng t cc a ch IPv4 = 169.254.X.X). Phm vi s dng ca LLA l trong
cng Link (do vy c th b trng lp trong cc Link)
Khi dng HH Windows, LLA c cp t ng vi cu trc nh sau :
64 bits u = FE80 l gi tr c nh (Prefix = FE80 :: / 64)

Interface ID = gm 64 bits . Kt hp vi Physical Address ca Netwoprk
Adapter (ni phn sau)
c-Site-local addresses (SLA)

SLA tng t cc a ch Private IPv4 (10.X.X.X, 172.16.X.X, 192.168.X.X)
c s dng trong h thng ni b (Intranet). Phm vi s dng SLA l trong
cng Site.
(*) Site : l khi nim ch mt phn ca h thng mng ti cc ta a l
khc nhau
1111 1110 11 = 10 bits u l gi tr c nh (Prefix = FEC0 /10)

Subnet ID : gm 54 bits dng xc ng cc Subnets trong cng Site
Interface ID : gm 64 bits. L a ch ca Interfaces trong Subnet
(*) Ch thch
Vi cu trc nh trnh by phn trn, cc Local Use Unicast Address (Linklocal, Site Local) c th b trng lp (trong cc Link khc, Site khc). Do vy
khi s dng cc Local Use Unicast Addresss c 1 thng s nh v c thm
vo (Additional Identifier) gi l Zone_ID vi c php :
Address%Zone_ID
Vd-5 : ping fe80::2b0:d0ff:fee9:4143%3
Zone_ID = %3. Trong :
Address = Local-Use Address (Link-Local / Site-Local)

Zone ID = gi tr nguyn, gi tr tng tng i (so vi Host)
xc nh Link hoc Site.
Trong cc Windows-Based IPv6 Host, Zone ID c xc nh nh sau :
+ i vi Link-Local Address (LLA) : Zobe ID l s th t ca Interface
(trong Host) kt ni vi Link. C th xem bng lnh : netsh interface ipv6
show interface
+ i vi Site-Local Address (SLA) : Zone ID l Site ID, c gn cho Site
trong Organization. i vi cc Organization ch c 1 Site, Zone ID = Site ID
= 1 v c th xem bng lnh :
netsh interface ipv6 show address level=verbose
d-Unique- local addresses (ULA)

i vi cc Organization c nhiu Sites, Prefix ca SLA c th b trng lp. C
th thay th SLA bng ULA (RFC 4193), ULA l a ch duy nht ca mt
Host trong h thng c nhiu Sites vi cu trc:
111 110 : 7 bits u l gi tr c nh FC00/7. L=0 : Local Prefix =FC00 /8

Glocal ID : a ch Site (Site ID). C th gn ty
Subnet ID : a ch Subnet trong Site
Vi cu trc ny, ULA s tng t GUA v khc nhau phn Prefix nh sau :
e- Cc a ch c bit (Special addresses)

Cc a ch c bit trong IPv6 gm :
0:0:0:0:0:0:0:0
: a ch khng xc nh (Unspecified address)
0:0:0:0:0:0:0:1
: a ch Loopback (tng ng IPv4 127.0.0.1)
IPv4-Cpompatible Address (IPv4CA) :

Format : 0:0:0:0:0:0:w.x.y.z
Address
Vd : 0:0:0:0:0:0:0:192.168.1.2
Trong w,x,y,z l cc IPv4
IPv4CA l a ch tng thch ca mt IPv4/IPv6 Node. Khi s dng

IPv4CA nh mt IPv6 Destination, gi tin s c ng gi (Packet)
vi IPv4 Header truyn trong mi trng IPv4
IPv4-mapped address (IPv4MA)

Format : 0:0:0:0:0:FFFF:w.x.y.z (::FFFF:w.x.y.z)
cc IPv4 Address
Vd : 0:0:0:0:0:FFFF:192.168.1.2
Trong w,x,y,z l
IPv4MA l a ch ca mt IPv4 Only Node i vi mt IPv6 Node,

IPv4MA ch c tc dng thng bo v khng c dng nh Resource
hoc Destination Address
6to4 Address
L a ch s dng trong lin lc gia cc IPv4/IPv6 nodes trong h
thng h tng IPv4 (IPv4 Routing Infrastructure). 6to4 c to bi
Prefix gm 64 bits nh sau :
Prefix = 2002/16 + 32 bits IPv4 Address =64 bits
6to4 Address l a ch ca Tunnel (Tulneling Address) nh ngha bi
RFC 3056
5-Cc loi IPv6 - Multicast Address
Multicast Address ca IPv6 Node c hat ng tng t Maulticast trong IPv4.
Mt IPv6 Node c th tip nhn tn hiu ca nhiu Multicast Address cng lc.
IPv6 Node c th tham gia hoc ri khi mt IPv6 Multicast Address bt k lc
no
V d v mt s IPv65 Multicast Address c s dng :
FF01::1 (interface-local scope all-nodes multicast address)
FF02::1 (link-local scope all-nodes multicast address)
FF01::2 (interface-local scope all-routers multicast address)
FF02::2 (link-local scope all-routers multicast address)
FF05::2 (site-local scope all-routers multicast address)
Solicited-Node Address (SNA)

L a ch s dng trong quy trnh phn gii cp a ch LLA (Link-Local
Address) t ng cho cc Node (tng t quy trnh t cp a ch 169.254.X.X
trong IPv4)
SNA c dng :
FF02:0:0:0:0:1:FF / 104 + 24 bits a ch MAC
6-Cc loi IPv6 - Anycast Address

Anycast Address c th gn cho nhiu Interfaces, gi tin chuyn n Anycast
Address s c vn chuyn bi h thng Routing n Interface gn nht. Hin
nay, Anycast Address ch c dng nh Destination Address v gn cho cc
Router.
IPv6 - Interface ID
Trong tt c cc loi a ch ni trn u c gi tr Interface ID dng xc nh
Interface. Gi tr Interface ID c xem xt v to nn theo cc yu t sau :
- Xc nh bi Extended Unique Identifier (EUI)-64 Address (*) . EUI-64 Address
c th do gn hoc kt hp vi MAC (physical) Address ca Network Adapter
(Window XP / Windows 2k3)
- c gn tm thi vi gi tr ngu nhin (**) (RFC 3041)
- c to thnh bi Link-layer address hoc Serial Number khi cu hnh Point-toPoint Protocol (PPP)
- T cp (manual address configuration)
- L mt gi tr pht sinh ngu nhin v gn thng trc cho Interface (Windows
Vista / LogHorn)
Extended Unique Identifier (EUI)-64 Address (*)
EUI-64 Address xc nh phong thc to 64 bits Interface ID bng cch kt hp
Mac Address ca Network Adapter (48 bits) theo quy tc nh sau :
Mac Address = 6 nhm 8 bits = 48 bits. Trong 24 bits l m nh sn xut, 24

bits l m s Adapter
Bc 1 : Tch i MAC Address lm 2 nhm (mi nhm 24 bits), chn vo
gia 16 bits gi tr FFFE
Bc 2 : o ngc gi tr bit th 7 ca nhm u
V d : Network Adapter c MAC address = 00-AA-00-3F-2A-1C
Bc 1 00-AA-00-FF:FE-3F-2A-1C
Bc 2 02-AA-00-FF-FE-3F-2A-1C Interface ID =
02AA:00FF:FE3F:2A1C (64 bits)
Bng so snh tng ng gia IPv4 v IPv6
IPv4 Address
Internet address classes
Multicast addresses
(224.0.0.0/4)
Broadcast addresses
Unspecified address is 0.0.0.0
Loopback address is 127.0.0.1
Public IP addresses
Private IP addresses (10.0.0.0/8,
172.16.0.0/12, and
192.168.0.0/16)
Autoconfigured addresses
(169.254.0.0/16)
Text representation: Dotted
decimal notation
Network bits representation:

Subnet mask in dotted decimal
notation or prefix length
DNS name resolution: IPv4 host
address (A) resource record
DNS reverse resolution:
IN-ADDR.ARPA domain
IPv6 Address
Not applicable in IPv6
IPv6 multicast addresses (FF00::/8)
Not applicable in IPv6
Unspecified address is ::
Loopback address is ::1
Global unicast addresses
Site-local addresses (FEC0::/10)
Link-local addresses (FE80::/64)
Text representation: Colon hexadecimal
format with suppression of leading zeros
and zero compression. IPv4-compatible
addresses are expressed in dotted decimal
notation.
Network bits representation: Prefix length
notation only
DNS name resolution: IPv6 host address
(AAAA) resource record
DNS reverse resolution: IP6.ARPA domain
Bi 38:
OSPF, cng c kin thc li no.
Distance vector v link state
Khi ta hc v giao thc distance vector th router hc ng i nh neighbors
[nh tuyn theo tin n, neighbors bo g nghe ny nh RIP]. Giao thc
distance ch tin cy thng tin route ca neighbor.
Hc qua EIGRP th c tin b hn t l n nghe tin n nhng n cn xc nhn
li xem c ng hay khng [ y l xem ng no tt hn]. EIGRP th
nhanh hn nhng ch h tr sn phm cisco.
C mt giao thc khc kh hn 2 ci kia nhng hi tn performance mt cht,
h tr a chng loi sn phm l OSPF. OSPF th khng nghe tin n nh
nhng giao thc kia m n ly ton b thng tin v state [trng thi: links ca
router , interfaces, nhng neighbor ca router , v trng thi up/down,ip,
subnet,] ca thng gc copy vo link state database ca n ri t tm ra
ng i tt nht cho mnh bng thut ton shortest-path-frist [hay cn gi l
Dijkstra].
Nhng con bin [ABR: area border router] nm gia nhiu bin c bn
topology cho nhiu vng khc nhau. N ch gi tuyn route summary t
area khc ra cho area0 [backbone].
Nhng trc khi trao i thng tin th n cn phi thit lp mt mi qua h gi
l neighbor. Quan h neighbor s c thit lp nh vo gi nhng gi hellos.
Khi router nhn gi hello t neighbor th n kim tra:
Area ID
Authentication
Networkmask [subnet mask phi ging nhau]
HelloInterval, DeadInterval timer [trong mi trng broadcast l hello
10, v Nonbroadcast l 40. DeadInterval gp 4 ln hello]. Sau thi gian
dead m khng nhn c hello th b neighbors.
C stub
V mt s option cu hnh trn interface nhn vo gi hello.
Khi tr thnh neighbor th cc router c th trao i cc gi update cho nhau.

Nhng nu nh vy th s tn mt lng bng thng rt ln v mt con s cn
trao i vi tt c cc con cn li.
=> C n(n-1)/2 cc quan h gn [adjacencies] vi nhau.
V vy cn tn ti mt qu trnh bu chn con chnh [DR], ch c con chnh
l quan h c vi cc con khc, v mt con ph l BDR backup con chnh
khi n cht.
Qu trnh bu chn DR, BDR c th xy ra trn mi trng Broadcast v

NBMA networks.
Qu trnh hnh thnh full adjacency c th din ra qua 7 qu trnh c bn sau.
C 2 router A v B vi Router ID tng ng l a v b.
1.Down state
Hai router mi gn vo v cu hnh th trng thi Down state
[router khng nhn c thng tin t router cn k]
2. Init State
Ch c 1 router gi gi tin hello v router kia nhn c nhng cha bit router
ID ca chnh n nn ch l 1 chiu. [one way]
3. Two-way state
1 router gi c router ID ca n, router kia nhn c v hi p li vi router
ID ca n. trong trng thi ny nu mi trng Ethernet [hay cn gi l
multiaccess, hoc broadcast] cng bu chn lun DR v BDR.
**Router c u tin ln nht l DR, ln nh l BDR.
u tin theo th t sau:
cu hnh priority [ip ospf priority]

cu hnh router ID bng lnh [router ID]
Loopback c IP cao nht
interface vt l c IP cao nht
Router c priotity l 0 th khng tham gia vo qu trnh bu chn DR/BDR.
Bi 39:
Ti sao interface serial khng nhn c IP ng t DHCP-server?
Cu hi:
Trong khi cu hnh DHCP Relay th cu lnh IP helper address A.B.C.D(a
ch ca con DHCP) ch tc dng trong kt ni Ethernet(FastEthernet), cn
trong kt ni Serial th khng c?
V khi cu hnh DHCP client trn Router, mnh cu mnh trn cng Ethernet
th n support cn trong kt ni Serial th li khng nh?.
Tr li:
Cu tr li cho vn ny l cp IP cho client th DHCP server cn bit
MAC ca client n c th lu trong c s d liu ca n. Sau ny nu client
c xin IP cng da vo bng ny m cp pht li IP cho client.
Nhng serial l dng point-to-point v khng c MAC, cho nn n khng th

xin IP t DHCP server c. Do khng c lnh ip address dhcp h tr cho
n.
i vi interface Ethernet, ta c th xin a ch ip mi nhm mc ch test cho
cc bi Lab bng cch sau.
R1(config)#int f0/0
R1(config-if)#mac-address aa.aa.aa
R1(config-if)#shut
R1(config-if)#no sh
Sn tin y mnh cng trch mt cht ca CCNA v 2 dng ng gi ph bin
ca interface serial.
Mc nh serial s c dng HDLC.
R1#sh int s1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 1.1.1.2/8
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, crc 16, loopback not set

Restart-Delay is 0 secs
Last input 00:00:05, output 00:00:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
97 packets input, 7396 bytes, 0 no buffer
Received 93 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
116 packets output, 9881 bytes, 0 underruns
0 output errors, 0 collisions, 5 interface resets
0 output buffer failures, 0 output buffers swapped out
7 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Mt dng tin tin hn so vi HDLC l PPP. Ta c th cu hnh interface serial
thnh dng PPP bng lnh sau.
R1(config)#int serial 1/0
R1(config-if)#encapsulation ppp
R1#sh interfaces serial 1/0
Serial1/0 is up, line protocol is down
Hardware is M4T
Internet address is 1.1.1.2/8
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Listen, crc 16, loopback not set
Restart-Delay is 0 secs
Last input 00:00:04, output 00:00:02, output hang never
Last clearing of "show interface" counters 00:01:10
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
8 packets input, 184 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

20 packets output, 280 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
2 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
HDLC ch chy c IP (khng h tr IPX, apple talk, )
PPP thm vo trng h tr thm cc giao thc IPX, apple talk,
PPP(layer 2) gm c 2 trng chnh:
+ NCP:giao tip bit IP, IPX, ng gi cho chnh xc.
+ LCP ng gi khi to ng link, gm 5 phn nh bn trong:
- Authentication: PAP: bt tay 2 bc, khng m ha /CHAP: bt tay 3 bc v
m ha MD5.
- Compress: nn
- Multilink: gom nhiu ng li vi nhau lm tng bandwidth ln.
- Error detection: kim tra li
- Callback.
------------------------------------------------Bi 40:
BO MT MNG WLAN
- Mng WLAN bn thn n l khng bo mt, tuy nhin, i vi mng c dy
nu bn khng c mt s phng nga hay cu hnh bo v no th n cng
chng bo mt g. im mu cht to ra mt mng WLAN bo mt v gi
n an ton l vic o to nhng ngi trin khai v qun l mng WLAN.
o to nhng nh qun tr v mc bo mt c bn v nng cao cho mng
WLAN l mt iu ct yu ngn chn nhng l hng bo mt trong mng
WLAN.
I. Wired Equivalent Privacy (WEP):
- WEP l mt thut ton m ha c s dng bi tin trnh xc thc Shared
Key Authentication xc thc ngi dng v m ha d liu trn phn on
khng dy ca mng LAN. Chun 802.11 yu cu s dng WEP nh l mt
phng thc bo mt cho mng khng dy.
- WEP l mt thut ton n gin s dng b pht sinh s gi ngu nhin
(PRNG = Pseudo-Random Number Generator) v m ha dng (stream
cipher) RC4. Trong nhiu nm, thut ton ny c xem nh l mt b mt
thng mi v chi tit v n l khng c tit l, nhng vo thng 9 nm
1994, mt ngi no pht tn m ngun ca n trn cc mailing list. RC4
thuc s hu thng mi ca RSADSL. M ha dng RC4 l kh nhanh gii
m v m ha, v th n tit kim c CPU, RC4 cng n gin cc nh
pht trin phn mm lp trnh n vo trong sn phm ca mnh.
- Chng ta ni WEP l n gin, iu c ngha l n kh yu. Thut ton
RC4 c ci t mt cch khng thch hp vo WEP to nn mt gii php

bo mt thp hn mc va cho mng 802.11. C 64 bit v 128 bit WEP u
c mc yu km nh nhau trong vic ci t 24 bit IV (Initialization
Vector) v cng s dng tin trnh m ha c nhiu l hng. Tin trnh ny
khi to gi tr ban u cho IV l 0, sau tng IV ln 1 khi mi gi c
truyn. Trong mt mng thng xuyn nghn, nhng phn tch thng k cho
thy rng tt c cc gi tr IV c th (2^24) s c s dng ht ch trong
ngy, iu c ngha l IV s khi to li t 0 t nht mt ln trong ngy.
iu ny to ra l hng cho cc hacker. Khi WEP c s dng, IV s c
truyn i (m khng m ha) cng vi mi gi tin ( m ha). Cch lm ny
to nn nhng l hng bo mt sau:
+ Tn cng ch ng chn traffic mi: Cc trm di ng khng c quyn
(cha c quyn, unauthorized) c th chn cc gi tin vo mng da trn
chui d liu bit trc.
+ Tn cng ch ng gii m traffic: Da trn vic la gt AP
+ Tn cng bng cch xy dng t in (Dictionary-building): Sau khi thu thp
y traffic th WEP key c th b crack dng cc phn mm min ph. Mt
khi WEP key b crack th vic gii m cc gi tin theo thi gian thc c th
c thc hin bng cch lng nghe cc gi tin c qun b, sau dng
WEP key gii m chng.
+ Tn cng b ng gii m traffic: Bng cch s dng nhng phn tch
thng k, WEP traffic c th b gii m.
1. Ti sao WEP c chn:
- Nu nh WEP khng bo mt nh vy th ti sao n c chn ci t
trong chun 802.11? Khi chun 802.11 c hon tt v thng qua, cc nh sn
xut thit b WLAN bt u a sn phm ca h ra th trng. Chun 802.11
xc nh rng thit b phi bo m cc tiu chun v bo mt sau:
+ C th xut c (exportable)
+ Kh mnh (reasonable strong)
+ T ng b ha (self-synchronizing)
+ Tnh ton mt cch hiu qu (computationally efficient)
+ Ty chn (optional)
- V WEP tha mn c tt c cc yu cu ny. Khi WEP c ci
t, n d nh s h tr cc mc tiu bo mt nh tnh tin cy
(confidentiality), iu khin truy cp, v tnh ton vn (integrity) d liu.
iu tht s xy ra l c qu nhiu nh ph chun ngh rng ch n
gin l ci t WEP v chng ta s c mt gii php bo mt ton din
cho WLAN. Nhng h cng nhanh chng nhn ra rng WEP khng phi
l mt gii php ton din cho bo mt WLAN. Nhng tht may mn
cho ngnh cng nghip khng dy v cc thit b WLAN rt ph bin
trc khi nhng vn ny c bit n, iu ny lm cho nhiu
nh sn xut v cc t chc th 3 kt hp vi nhau to ra cc gii
php bo mt cho WLAN.
- Chun 802.11 li vic ci t WEP ty thuc vo cc nh sn xut.
V th cc nh sn xut ci t WEP key c th ging hoc khc nhau l
cho WEP c phn no yu i. Thm ch, chun tng thch wi-fi ca
WECA ch kim tra 40 bit WEP key. Mt s nh sn xut WLAN tm

cch m rng WEP trong khi mt s khc li s dng cc chun mi
nh 802.1X vi EAP hay VPN. C nhiu gii php trn th trng khc
phc c nhng yu im ca WEP.
2. WEP key:
- Chc nng chnh ca WEP da trn cc key, l cc yu t c bn cho thut
ton m ha. WEP key c ci t vo client v cc thit b h tng trong
mng WLAN. Mt WEP key l mt chui k t v s c s dng theo 2
cch. Th nht, WEP key c th c s dng kim tra nh danh xc thc
client. Th 2, WEP key c th c dng m ha d liu.
- Khi mt client s dng WEP c gng xc thc v kt ni vi AP th AP s xc nh xem client c gi tr WEP key chnh xc hay khng. Chnh xc y
c ngha l client c key l mt phn ca h thng phn pht WEP key c
ci t trong WLAN. WEP key phi khp c 2 u xc thc (AP v Client).
- Mt nh qun tr WLAN c th phn pht WEP key mt cch th cng hay s
dng cc phng thc cp cao nh h thng phn pht WEP key. H thng
phn pht WEP key c th n gin ch l vic ci t cc key tnh hay cao cp
hn nh s dng cc server m ha key tp trung. R rng l cc gii php cao
cp hn s gy ra kh khn hn cho cc hacker khi mun t nhp vo mng,
- C 2 loi WEP key l 64 bit v 128 bit (i khi bn thng nghe nhc n l
40 bit v 104 bit). iu ny gy ra s hiu nhm. L do cho s hiu nhm ny
l WEP c ci t theo cch ging nhau cho c 2 kch thc m ha k trn.
Mi WEP key u s dng 24 bit IV kt ni vi key b mt. Chiu di ca key
b mt l 40 hoc 104 bit, v th to thnh WEP key 64 v 128 bit.
- Vic nhp WEP key tnh vo client hay cc thit b h tng nh Bridge hay
AP l hon ton n gin. i khi, s c mt checkbox chn chiu di WEP
key s dng, i khi khng c checkbox no, v th admin phi bit phi nhp
vo bao nhiu k t khi c yu cu. Thng thng cc phn mm client s
cho php nhp vo WEP key theo dng k t s (ASCII) hay theo dng thp
lc phn (HEX)
- S k t nhp vo cho key b mt ty thuc vo phn mm cu hnh yu cu

dng ASCII hay HEX v s dng 64 bit hay 128 bit. Nu card khng dy ca
bn h tr 128 bit, th n cng h tr 64 bit. Nu bn nhp WEP key theo nh
dng ASCII th bn s phi nhp 5 k t cho 64 bit v 13 k t cho 128 bit.
Nu bn nhp theo dng HEX th phi nhp 10 k t cho 64 bit v 26 k t
cho 128 bit.
2.1 WEP Key tnh (static):
- Nu bn chn ci t WEP key tnh, bn s phi gn cc WEP key tnh ny
mt cch th cng cho cc AP v cc client. Cc WEP key ny s khng bao
gi thay i lm cho on mng d b hacker tn cng. V l do ny m
WEP key tnh ch thch hp s dng nh l mt phng thc bo mt cn bn
cho cc mng WLAN nh, n gin. N khng c khuyn khch s dng
cho cc doanh nghip ln.
- Khi s dng WEP key tnh, mng s c rt nhiu s h. Hy xem xt trng
hp mt nhn vin ri khi cng ty v lm mt card mng khng dy ca h.
V WEP key c lu tr trong firmware ca card mng nn card vn c th
truy cp vo mng khng dy chng no WEP key trn WLAN cha thay i.
- Hu ht cc AP v client c kh nng lu tr 4 WEP key ng thi. Mt l do
hu ch cho vic c nhiu WEP key chnh l vic phn on (segment) mng.
Gi s rng mng c 100 client, s dung 4 WEP key thay v 1 s phn ngi
dng vo 4 nhm khc nhau, mi nhm 25 ngi dng. Nu WEP key b crack
th iu c ngha l ch cn thay i WEP key cho 25 client v AP thay v
phi thay i ton b mng.
- Mt l do khc c nhiu WEP key l trong mi trng hn hp cc card
h tr 128 bit v cc card ch h tr 64 bit. Trong trng hp ny, chng ta c
th phn ra 2 nhm ngi dng.
2.2 Server m ha key tp trung:

- Cc doanh nghip s dng WEP key nh l mt phng thc bo mt c bn
cho WLAN th nn s dng cc server m ha key tp trung nu c th v cc
l do sau:
+ Sinh kha tp trung (centralized key generation)
+ Phn pht kha tp trung (Centralized key distribution)
+ T ng quay vng kha lc s dng (ongoing key rotation)
+ Gim chi ph qun l kha
- Bt c mt thit b no cng c th hot ng nh l mt server key tp trung.
Thng th mt server nh RADIUS server hay cc server ng dng chuyn
bit s m nhn vic pht sinh WEP key mi trong thi gian s dng. Bnh
thng, khi s dng WEP, key (c gn bi admin) s c nhp mt cch
th cng vo client v AP. Khi s dng server key tp trung th mt tin trnh
t ng gia client, AP v Server s thc hin tc v phn pht key.
- Server m ha key tp trung cho php t ng sinh key theo tng gi tin (perpacket), tng phin lm vic (per-session) ty thuc vo ci t ca nh sn
xut. Vic phn pht WEP key theo per-packet s sinh ra mt WEP key mi
cho c 2 u kt ni i vi tng gi tin c truyn i, trong khi per-session

s dng WEP key mi cho mi phin lm vic gia cc node. Ch l vic s
dng per-packet s ngn nhiu bng thng mng hn l per-session.
2.3 S dng WEP:
- Khi WEP c khi to, phn d liu ca gi tin truyn s c m ha, tuy
nhin, mt phn header ca gi tin (bao gm MAC address) l khng c m
ha. Tt c nhng thng tin lp 3 bao gm a ch ngun, a ch ch u c
m ha bi WEP. Khi mt AP gi ra mt Beacon trong mng WLAN s dng
WEP, Beacon ny cng khng c m ha. Hy lu l Beacon khng cha
thng tin lp 3 no.
- Khi cc gi tin c gi s dng m ha WEP, nhng gi tin phi c
gii m mi c th s dng c. Vic gii m ny lm tiu tn ti nguyn
CPU v gim hiu qu bng thng trn WLAN i khi l rt ng k. Mt s
nh sn xut ci t thm CPU vo AP ca h nhm mc ch thc hin m
ha v gii m WEP. Nhiu nh sn xut ci t m ha v gii m WEP bng
phn mm v s dng chung CPU cho vic qun l AP, truyn gi tin
Nhng AP ny s b nh hng ln nu nh c s dng WEP. Bng vic ci
t WEP trong phn cng th c v nh l AP s duy tr c bng thng 5
Mbps (hay nhiu hn) khi WEP c s dng. im bt li ca gii php ny
l n lm tng chi ph cho cc AP cp cao.
- WEP c th c trin khai nh l mt c ch bo mt c bn nhng nh
qun tr mng cn phi bit nhng yu im ca WEP v cch khc phc
chng. Admin cng nn bit rng mi nh sn xut khc nhau s ci t WEP
khc nhau lm cho vic s dng sn phm ca nhiu nh sn xut khc nhau
gp kh khn.
3. Advantage Encryption Standard (AES):
- AES t c mt s chp nhn nh l mt s thay th xng ng cho
thut ton RC4 c s dng trong WEP. AES s dng thut ton Rijndale
c chiu di key ln lt l 128 bit, 192 bit v 256 bit
- AES c xem nh l khng th crack c bi hu ht cc chuyn gia
mt m v National Institute of Standard and Technology (NIST) chn
s dng AES cho chun x l thng tin lin bang (FIPS = Federal
Information Processing Standard). Nh l mt phn ca n lc ci tin
chun 802.11, ban lm vic 802.11i xem xt s dng AES trong phin
bn WEPv2
- AES c thng qua bi nhm lm vic 802.11i s dng trong WEPv2
s c ci t trong firmware v software bi cc nh sn xut. AP
firmware v Client firmware (PCMCIA card) s phi nng cp ln c th
h tr AES. Cc phn mm trn client (driver v ng dng) s h tr cu
hnh AES vi key b mt.
Bi 41:
CC KIU TN CNG TRN MNG WLAN

- Hacker c th tn cng mng WLAN bng cc cch sau:
+ Passive Attack (eavesdropping)
+ Active Attack (kt ni, thm d v cu hnh mng)
+ Jamming Attack
+ Man-in-the-middle Attack
- Cc phng php tn cng trn c th c phi hp vi nhau theo nhiu
cch khc nhau
1. Passive Attack (eavesdropping):
- Tn cng b ng (passive) hay nghe ln (eavesdropping) c l l mt phng
php tn cng WLAN n gin nht nhng vn rt hiu qu. Passive attack
khng li mt du vt no chng t c s hin din ca hacker trong
mng v hacker khng tht kt ni vi AP lng nghe cc gi tin truyn trn
on mng khng dy. WLAN sniffer hay cc ng dng min ph c th c
s dng thu thp thng tin v mng khng dy khong cch xa bng cch
s dng anten nh hng. Phng php ny cho php hacker gi khong cch
vi mng, khng li du vt trong khi vn lng nghe v thu thp c nhng
thng tin qu gi.
- C nhiu ng dng c kh nng thu thp c password t nhng da ch
HTTP, email, instant message, phin lm vic FTP, telnet. Nhng kiu kt ni
trn u truyn password theo dng clear text (khng m ha). Nhiu ng dng
c th bt c password hash (mt m c bm) truyn trn on mng
khng dy gia client v server lc client ng nhp vo. Bt k thng tin no
truyn trn on mng khng dy theo kiu ny u rt d b tn cng bi
hacker. Hy xem xt nhng tc ng nu nh hacker c th ng nhp vo
mng bng thng tin ca mt ngi dng no v gy ra nhng thit hi cho
mng. Hacker l th phm nhng nhng thng tin log c li ch n ngi
dng m hacker ng nhp vo. iu ny c th lm cho nhn vin mt
vic.
- Mt hacker c th u trong bi u xe, dng nhng cng c t nhp
vo mng WLAN ca bn. Cc cng c c th l mt packet sniffer, hay mt
s phn mm hacking min ph c th crack c WEP key v ng nhp
vo mng.
2. Active Attack:
- Hacker c th tn cng ch ng (active) thc hin mt s tc v trn
mng. Mt cuc tn cng ch ng c th c s dng truy cp vo server
v ly c nhng d liu c gi tr hay s dng ng kt ni Internet ca
doanh nghip thc hin nhng mc ch ph hoi hay thm ch l thay i
cu hnh ca h tng mng. Bng cch kt ni vi mng khng dy thng qua
AP, hacker c th xm nhp su hn vo mng hoc c th thay i cu hnh
ca mng. V d, mt hacker c th sa i thm MAC address ca hacker

vo danh sch cho php ca MAC filter trn AP hay v hiu ha tnh nng
MAC filter gip cho vic t nhp sau ny d dng hn. Admin thm ch
khng bit c thay i ny trong mt thi gian di nu nh khng kim tra
thng xuyn.
- Mt s v d in hnh ca active attack c th bao gm cc Spammer hay cc
i th cnh tranh mun t nhp vo c s d liu ca cng ty bn. Mt
spammer (k pht tn th rc) c th gi mt lc nhiu mail n mng ca gia
nh hay doanh nghip thng qua kt ni khng dy WLAN. Sau khi c c
a ch IP t DHCP server, hacker c th gi c ngn bc th s dng kt ni
internet ca bn m bn khng h bit. Kiu tn cng ny c th lm cho ISP
ca bn ngt kt ni email ca bn v lm dng gi nhiu mail mc d
khng phi li ca bn.
- i th cnh tranh c th mun c c danh sch khch hng ca bn cng

vi nhng thng tin lin h hay thm ch l bng lng c mc cnh tranh
tt hn hay ginh ly khch hng ca bn. Nhng kiu tn cng ny xy ra
thng xuyn m admin khng h hay bit.
- Mt khi hacker c c kt ni khng dy vo mng ca bn, hn c th
truy cp vo server, s dng kt ni WAN, Internet hay truy cp n laptop,
desktop ngi dng. Cng vi mt s cng c n gin, hacker c th d dng
thu thp c nhng thng tin quan trng, gi mo ngi dng hay thm ch
gy thit hi cho mng bng cch cu hnh sai. D tm server bng cch qut
cng, to ra phin lm vic NULL chia s hay crack password, sau ng
nhp vo server bng account crack c l nhng iu m hacker c th
lm i vi mng ca bn.
3. Jamming (tn cng bng cch gy nghn):

- Jamming l mt k thut c s dng ch n gin lm hng (shut down)
mng khng dy ca bn. Tng t nh nhng k ph hoi s dng tn cng
DoS vo mt web server lm nghn server th mng WLAN cng c th b
shut down bng cch gy nghn tn hiu RF. Nhng tn hiu gy nghn ny c
th l c hay v v c th loi b c hay khng loi b c. Khi mt
hacker ch ng tn cng jamming, hacker c th s dng mt thit b WLAN
c bit, thit b ny l b pht tn hiu RF cng sut cao hay sweep generator.
- loi b kiu tn cng ny th yu cu u tin l phi xc nh c ngun
tn hiu RF. Vic ny c th lm bng cch s dng mt Spectrum Analyzer
(my phn tch ph). C nhiu loi Spectrum Analyzer trn th trng nhng
bn nn dng loi cm tay, dng pin cho tin s dng. Mt cch khc l dng
cc ng dng Spectrum Analyzer phn mm km theo cc sn phm WLAN
cho client.
Khi ngun gy ra jamming l khng th di chuyn c v khng

gyhi nh thp truyn thng hay cc h thng hp php khc th
admin nn xem xt s dng dy tn s khc cho mng WLAN. V d,
nu admin chu trch nhim thit k v ci t mng WLAN cho mi
trng rng ln, phc tp th cn phi xem xt k cng. Nu nh ngun
nhiu RF tri rng hn 2.4 Ghz nh b m, l vi sng th admin nn
s dng nhng thit b theo chun 802.11a hot ng trong bng tn 5
Ghz UNII thay v s dng nhng thit b 802.11b/g hot ng trong
bng tn 2.4 Ghz s d b nhiu.
- Jamming do v xut hin thng xuyn do nhiu thit b khc nhau
chia s chung bng tn 2.4 ISM vi mng WLAN. Jamming mt cch
ch ng thng khng ph bin lm, l do l bi v thc hin c
jamming th rt tn km, gi ca thit b rt mc tin, kt qu t c
ch l tm thi shut down mng trong thi gian ngn.
4. Man-in-the-middle Attack:
- Tn cng theo kiu Man-in-the-middle l trng hp trong hacker s dng
mt AP nh cp cc node di ng bng cch gi tn hiu RF mnh hn AP
hp php n cc node . Cc node di ng nhn thy c AP pht tn hiu RF
tt hn nn s kt ni n AP gi mo ny, truyn d liu c th l nhng d
liu nhy cm n AP gi mo v hacker c ton quyn x l.
- lm cho client kt ni li n AP gi mo th cng sut pht ca AP gi
mo phi cao hn nhiu so vi AP hp php trong vng ph sng ca n. Vic
kt ni li vi AP gi mo c xem nh l mt phn ca roaming nn ngi
dng s khng h bit c. Vic a ngun nhiu ton knh (all-band
interference - chng hn nh bluetooth) vo vng ph sng ca AP hp php s
buc client phi roaming.
- Hacker mun tn cng theo kiu Man-in-the-middle ny trc tin phi bit
c gi tr SSID l cc client ang s dng (gi tr ny rt d dng c c).
Sau , hacker phi bit c gi tr WEP key nu mng c s dng WEP. Kt
ni upstream (vi mng trc c dy) t AP gi mo c iu khin thng qua
mt thit b client nh PC card hay Workgroup Bridge. Nhiu khi, tn cng
Man-in-the-middle c thc hin ch vi mt laptop v 2 PCMCIA card. Phn
mm AP chy trn my laptop ni PC card c s dng nh l mt AP v
mt PC card th 2 c s dng kt ni laptop n AP hp php gn .
Trong cu hnh ny, laptop chnh l man-in-the-middle (ngi gia), hot
ng gia client v AP hp php. T hacker c th ly c nhng thng
tin gi tr bng cch s dng cc sniffer trn my laptop.
im ct yu trong kiu tn cng ny l ngi dng khng th nhn bit

c. V th, s lng thng tin m hacker c th thu c ch ph
thuc vo thi gian m hacker c th duy tr trng thi ny trc khi b
pht hin. Bo mt vt l (Physical security) l phng php tt nht
chng li kiu tn cng ny.
Bi 42:
CC KHUYN CO V BO MT WLAN
1. WEP:
- Khng nn ch da vo WEP cho d bn ci t mt gii php bo mt tt
n th no i na. Mt mi trng khng dy ch c bo v bi WEP l
mt mi trng hon ton khng an ton. Khi s dng WEP, khng nn s
dng WEP key c lin quan n SSID hay cng ty. Hy to ra mt WEP key
kh nh v kh nhn bit c. Trong nhiu trng hp, WEP key c th on
ra m ch cn nhn vo SSID hay tn ca cng ty. WEP ch nn c s dng
gim nhng nguy c nh nghe trm tnh c ch khng nn l mt gii php
bo mt duy nht.
2. Kch thc Cell:
- gim nguy c b nghe ln, admin nn m bo rng kch thc cell ca AP
l hp l. Phn ln cc hacker thng tm nhng v tr c sng RF v t c
bo v nht nh va h, bi u xe t nhp vo mng khng dy. V th,
cc AP khng nn pht tn hiu mnh n bi u xe (hay cc v tr khc) tr
khi tht s cn thit. Cc AP dnh cho doanh nghip cho php cu hnh cng
sut pht, rt hiu qu iu khin kch thc ca cell xung quanh AP. Nu
k nghe ln trong bi u xe ca cng ty khng bt c sng RF ca AP th
s khng c cch no xm nhp c mng nn mng s c bo v khi kiu
tn cng ny.
- Thng th cc admin b hp dn bi vic thit lp mc cng sut pht ti a
trn tt c cc thit b WLAN nhm t c throughput cng nh vng bao
ph ti a, nhng cch cu hnh m qung nh vy s tr gi rt t cho an
ton ca mng WLAN. Kch thc cell thch hp ca mt AP trong mt vng
no nn c document cn thn li lc cu hnh AP. Trong mt s trng
hp c th ci t 2 AP ( cng mt v tr) vi kch thc cell nh hn gim
nguy c b tn cng.
- Hy c t AP trung tm ca ta nh, iu ny s lm gim nguy c r r tn
hiu ra bn ngoi vng bao ph mong mun. Nu bn ang s dng mt anten
lp ngoi th nn chn kiu anten thch hp gim thiu kch thc ph sng
va . Hy tt AP khi khng cn s dng, iu ny s gip gim nguy c tn
cng cng nh b st nh.
3. Xc thc ngi dng:
- Bi v xc thc ngi dng chnh l im yu nht trong mng WLAN v
chun 802.11 khng ch nh mt phng thc no xc thc ngi dng nn
iu cn thit i vi admin l ci t mt phng thc xc thc da trn
ngi dng (user-based) cng sm cng tt khi ci t h tng mng WLAN.
Xc thc ngi dng nn da trn nhng c ch khng ph thuc thit b nh
username, password, sinh trc hc, smart card, h thng token-based, hay cc
phng thc xc thc khc nh danh ngi dng (ch khng phi l thit b).
Gii php bn trin khai nn h tr xc thc 2 chiu gia Server xc thc
(RADIUS) v cc client khng dy.
- RADIUS l mt chun thc t trong cc h thng xc thc ngi dng c

s dng ph bin trn th trng cng ngh thng tin. AP s gi mt yu cu
xc thc ngi dng n RADIUS server (user authentication request),
RADIUS server ny c th c c s d liu ngi dng tch hp hay c th
chuyn authentication request n mt domain controller, mt NDS server, mt
Active Directory server hay thm ch l mt h thng tng thch LDAP. Mt
s nh cung cp RADIUS cn h tr cc giao thc xc thc mi nht nh EAP.
- Vic qun l mt RADIUS server c th l rt n gin hoc rt phc tp ty
thuc vo vic ci t. Bi v cc gii php bo mt khng dy l rt nhy cm
nn cn cn thn khi chn mt gii php RADIUS server m bo cc
admin c th qun tr.
4. S cn thit ca bo mt:
- Hy chn la mt gii php bo mt thch hp vi nhu cu v ngn sch ca
cng ty cho c hin ti ln tng lai. Mng WLAN c c s ph bin nhanh
nh vy l do tnh d ci t ca chng. Gi s mt mng WLAN bt u vi
mt AP v 5 ngi dng c th pht trin nhanh chng ln 15 AP v 300 ngi
dng trn ton b campus ca cng ty. V th, c ch bo mt s dng cho 1
AP khng cn thch hp na khi s lng ngi dng tng ln n 300 ngi.
Cng ty c th lng ph tin bc vo cc gii php bo mt m c th nhanh
chng b li thi khi WLAN pht trin. Trong nhiu trn hp, cc cng ty
c sn IDS (Intrusion Detection System), firewall hay RADIUS servaer, khi
quyt nh la chn gii php bo mt khng dy th hy tn dng nhng thit
b c sn gim chi ph xung thp nht c th.
5. S dng cc cng c bo mt khc:
- Tn dng nhng cng ngh sn c nh VPN, Firewall, H thng pht hin
xm nhp (IDS = Intrusion Detection System), cc giao thc v chun nh
802.1X, EAP, xc thc ngi dng vi RADIUS s gip cho mng khng
giy c an ton hn nhiu so vi yu cu ca chun 802.11. Chi ph v thi
gian ci t nhng gii php ny ty thuc vo ln ca doanh nghip.
6. Gim st nhng phn cng gi mo:
- pht hin c nhng AP gi mo th bn nn thng xuyn kim tra cc
AP hin c ca mnh nhng khng nn thng bo rng ri iu ny. Ch ng
pht hin v loi b nhng AP gi s gip chng li hacker v cho php admin
duy tr v iu khin mng mt cch an ton. Thng xuyn kim tra bo mt
xc nh nhng AP c cu hnh sai c th gy nguy him cho mng. Cu
hnh hin ti nn c so snh vi nhng cu hnh lu trc bit c
liu ngi dng hay hacker thay i cu hnh ca AP hay cha. Bn cng c
th ci t v gim st vic truy nhp ca ngi dng nhm mc ch pht hin
nhng truy nhp tri php trn phn on mng khng dy. Kiu gim st ny
c th gip tm li nhng thit b khng dy b mt.
7. Switch, not Hub:

- Mt chnh sch khc nn c tun th l lun lun kt ni AP vi Switch
thay v Hub. Hub l mt thit b broadcast, v th, mi gi tin m Hub nhn
c s c pht ra trn tt c cc port ca Hub. Nu AP c kt ni vi
Hub th mi gi tin truyn trong mng c dy s c broadcast ra mng c
dy. iu ny s gip hacker thu thp thm c nhng thng tin gi tr nh
password hay IP address.
8. Wireless DMZ:
Mt tng khc trong bo mt mng WLAN l to ra mt vng phi qun s
khng dy (WDMZ = Wireless Demilitarized Zone). Vic to ra nhng
WDMZ ny s dng Firewall hay Router c th tn km ty thuc vo mc
ca vic ci t. WDMZ thng c ci t nhng mi trng WLAN
trung bnh v ln. V AP l mt thit b khng an ton v khng ng tin v th,
chng nn c cch ly khi nhng on mng khc bng mt Firewall.
9. Cp nht Firmware v Software:

- Bn nn thng xuyn cp nht firware v driver cho AP v card mng. Vic
s dng firmware v driver phin bn mi nht s gip trnh c nhng l
hng bo mt bit, v chng c cc nh sn xut v nhng l hng ny
cng nh thm vo cc tnh nng mi.
Bi 43:
L HNG SSID TRONG MNG WIRELESS
1. Tnh nng qung b SSID:
- Cc wireless network admin thng hay tt tnh nng qung b Service Set
Identifier (SSID) trn Access Point (AP) hay router nhm mc ch bo mt.
Thm ch mt ngi khi bit ni c th truy nhp mng khng dy th h
vn khng th kt ni c nu h khng bit SSID.
- V vy, vic lm n SSID bng cch tt tnh nng qung b SSID c th ngn
chn vic truy nhp tri php vo mng. Tuy nhin, ng iu ny nh la
nhn thc v bo mt ca bn. Mt ngi vi thit b cn thit vn c th d
dng ly c SSID ca mng.
- Theo cu hnh mc nh, cc beacon c gi bi AP hay router s cha cc
SSID thng bo cho cc client trong vng ca mnh. Cc SSID ny c
hin th trong Windows XP nh l cc mng sn c. Tuy nhin, khi tt tnh
nng qung b SSID th beacon s khng cha SSID na, iu ny s ngn
chn vic hin th mng trong Windows XP. Nu n c s dng vi cc
phng thc m ha khc th c th gip bo v mng ca bn.
2. Pht hin SSID khi n khng c qung b:
- Tuy nhin, vic tt tnh nng qung b SSID trn AP hay router s khng th
ngn chn c cc hacker hay war driver pht hin ra mng khng dy v
thm ch l c SSID na. Cc hacker c th s dng phn mm hp l nh
AirMagnet l c th d dng pht hin ra SSID cho d n c c qung b
trong beacon hay khng.
- AirMagnet s chp ly SSID t cc gi tin c gi trong mng gia cc
client. SSID c cha trong cc association request, v trong mt s trng
hp c probe request v probe response u cha n mc d bn tt tnh
nng qung b SSID ri. V d, SSID ca mng c th b chp ly bi
AirMagnet khi mt client trong mng boot up thc hin vic kt ni vo mng
khng dy, lc client s gi gi tin association request n AP c th kt
ni vo mng khng dy.
- Hacker v war driver c th s dng cc cng c khc nh AirJack cng c
hiu qu tng t. Cc cng c ny lm vic bng cch gi mt gi tin deassociation gi n mt client no . iu ny s lm cho client thc hin vic
re-authentication v re-association vi AP. Cc cng c ny s nhanh chng
chp ly SSID ca mng t cc gi tin association request.
3. Cc iu cn nh:
- Vic b tnh nng qung b SSID ch c th gip bo v mng ca bn bng
cch n n trc nhng ngi dng bnh thng.
- S dng tnh nng n SSID khng c ngha l bn khng cn cn n WAP
hay WPA bo mt mng.
- Cc cng c pht hin v phn tch lun lun sn c bt c khi no, cho d
bn c s dng phng php bo mt no i na.
Bi 44:
CHNH SCH BO MT CHO DOANH NGHIP S DNG WLAN
- Mi cng ty s dng WLAN nn c mt chnh sch bo mt trong a ra
cc mi nguy him m mng WLAN c th gp phi. V d, nu kch thc
cell khng thch hp th s cho php cc hacker c th kt ni vo mng t
ngoi ng hay bi u xe, v th bn nn a chi tit ny vo trong chnh
sch bo mt. Cc chi tit khc c th c trong chnh sch bo mt bao gm
mt m, WEP key, s dng cc gii php bo mt cao cp, thng xuyn kim
k phn cng WLAN Ngoi ra cn c nhiu yu t khc ty thuc vo nhu
cu bo mt ca cng ty cng nh mc rng ln ca mng WLAN.
- Li th ca vic c, ci t v duy tr mt chnh sch bo mt vng chc l rt
nhiu. Ngn chn vic mt trm d liu, ngn chn nhng k ph hoi hay gin
ip, bo v b mt kinh doanh
- Khi u ca mt chnh sch bo mt chnh l qun l. Nhn din c
nhng nhu cu v bo mt v y thc nhim v phi to ra c mt ti liu
thch hp bao gm chnh sch bo mt cho WLAN l mt u tin hng u.
Trc tin, ngi chu trch nhim bo mt WLAN phi c o to v mt
cng ngh. Tip theo, nhng chuyn gia c o to phi lm vic vi
cp trn thng nht v mt chnh sch bo mt cho cng ty. i ng cc c
nhn c o to ny sau c th xy dng nn mt danh sch cc yu
cu m nu tun th theo s m bo cho mng khng dy c bo v ging
nh mng c dy.
1. Gi nhng thng tin nhy cm c b mt:
- Mt s iu m ch c admin mi nn bit bao gm:
+ Username v password ca AP hay Bridge
+ SNMP strings
+ WEP key
+ MAC address list
Vic gi nhng thng tin ny trong tay nhng ngi ng tin cy, nhng
c nhn ti nng nh admin l iu rt quan trng bi v nhng k ph hoi hay
hacker c th d dng s dng nhng thng tin ny truy cp vo mng v
cc thit b mng. Nhng thng tin ny c th c lu tr theo nhiu cch an
ton khc nhau. Trn th trng hin nay c cc ng dng s dng m ha rt
mnh dnh cho mc ch lu tr nhng thng tin nhy cm.
2. Physical Security:
- Mc d physical secirity l rt quan trng i vi mng c dy truyn thng
nhng n li cng quan trng hn i vi nhng cng ty c s dng cng ngh
WLAN. V hacker c th khng cn phi trong ta nh mi c th kt ni vo
mng c m ch cn ngoi ng hay bi u xe l . Thm ch nhng
phn mm pht hin xm nhp l khng ngn chn cc hacker nh cp
nhng thng tin nhy cm. Tn cng b ng khng h li du vt no trn
mng bi v hacker khng tht s kt ni vo mng m ch lng nghe. Hin nay
c nhng ng dng c th lm cho card mng hot ng trong ch hn hp
(promiscuous mode) cho php truy cp d liu m khng cn phi thit lp kt

ni.
- Khi WEP l gii php bo mt duy nht trong mng WLAN th bn nn kim
sot chc ch nhng user ang s dng thit b khng dy thuc s hu ca
cng ty, chng hn nh khng cho php h mang nhng thit b ra khi
cng ty. V WEP key c lu tr trong firmware ca thit b, v th thit b i
n u th im yu nht ca mng nm . Admin nn bit ai, u v khi
no cc PC card b em ra khi cng ty.
- Admin nn bit mt iu l WEP bn thn n khng phi l mt gii php
bo mt an ton. Thm ch vi vic kim sot chc ch nh trn nhng khi card
b nh ri hay lm mt th ngi s dng phi c trch nhim bo co s mt
mt ngay lp tc cho admin admin c th a ra mt s bin php ngn
nga cn thit. y, admin c th thit lp li MAC filter hay thay i WEP
key
- Vic thng xuyn tm kim quanh cng ty pht hin nhng hnh ng
kh nghi l mt cch hiu qu gim nhng nguy c tim n. Nhn vin bo
v nn c hun luyn nhn bit c nhng phn cng 802.11 l v cnh
bo cho cng ty tm kim nhng k ph hoi ang n np u trong ta
nh.
3. Kim k thit b WLAN v mc bo mt:
- Nh l mt phn b sung cho chnh sch bo mt vt l, tt c cc thit b
WLAN nn thng xuyn c kim k thng k cc truy nhp hp php
cng nh ngn chn vic s dng cc thit b khng dy mt cch tri php.
Nu nh mng qu ln v c qu nhiu thit b khng dy th vic thng
xuyn kim k thit b l khng thc t. Trong trng hp ny, chng ta nn
ci t mt gii php bo mt khng da trn phn cng m da trn username
v password hay cc gii php khc. i vi mng va v nh th vic kim k
hng thng hay hng qu s gip bit c nhng mt mt v thit b.
- Thng xuyn scan mng bng sniffer tm kim nhng thit b gi mo l
mt bc quan trng gip bo mt mng. Hy xem xt trng hp mt
mng khng dy phc tp (v mc tin ) c ci t vi chnh sch bo
mt hp l. Nhng nu mt ngi dng t ci t thm mt AP trong mng
th iu ny c th s to ra nhng l hng cho hacker li dng v n cng ph
v cc chnh sch bo mt tt (v mc tin) c ci t.
- Kim k v phn cng cng nh mc bo mt nn c document li
trong chnh sch bo mt ca cng ty. Cc bc thc hin, cc cng c
c s dng v cc bo co nn c r rng trong chnh sch bo mt v
cng vic nhm chn ny khng nn lm mt cch s si. Cc nh qun l nn
thng xuyn nhn c nhng bo co kiu ny t cc admin.
4. S dng cc gii php bo mt cao cp:
- Cc cng ty c s dng mng WLAN nn tn dng nhng u im ca cc c
ch bo mt hin c trn th trng. Mt yu cu vi chnh sch bo mt l bt
k mt s ci t no ca cc c ch bo mt u phi c document li mt
cch r rng. Bi v nhng cng ngh ny kh mi, c quyn v thng c
s dng kt hp vi cc giao thc hay cng ngh bo mt khc nn chng phi

c document li lc c nhng l hng xut hin th admin c th xc nh
u v lm th no m l hng li xut hin.
- Bi v c t ngi trong nghnh cng nghip cng ngh thng tin c o
to bi bn v cng ngh khng dy nn nhng s xut ca ngi s dng c
th lm hng mng hay li nhng l hng cho hacker. Nhng sai lm ny
ca cc nhn vin l mt l do rt quan trng cho vic phi document mt cch
r rng tnh nng bo mt ci t.
5. Mng khng dy cng cng:
- Mt iu khng th trnh khi l cc nhn vin vi thng tin nhy cm trn
my laptop ca h s kt ni vi mng khng dy cng cng. Mt yu cu nn
c trong chnh sch bo mt l buc tt c cc nhn vin chy cc phn mm
tng la (firewall) c nhn v cc phn mm antivirus trn my tnh laptop
ca h. Hu ht cc mng khng dy cng cng c rt t hot khng c mt c
ch bo mt no nhm lm tng tnh n gin cho ngi s dng lc kt ni
ng thi cng lm gim nhng yu cu v h tr k thut t ngi s dng.
- Thm ch nhng upstream server trn on mng c dy c bo v th
ngi dng khng dy vn c nguy c b tn cng. Hy xem xt tnh hung
trong hacker ngi sn bay s dng cc im nng wi-fi (wi-fi hot spot).
Hacker ny c th sniff (lng nghe, iu tra ) mng WLAN ly c
username, password, ng nhp vo h thng i cho ngi dng cng ng
nhp vo. Sau hacker c th dng ping scan qua ton b subnet tm kim
nhng ngi dng khc v bc u hack vo laptop ca h.
6. Gii hn v theo di truy cp:
- Hu ht mng LAN ca doanh nghip u c mt s phng php no
gii hn v theo di s truy cp ca nhn vin trong mng LAN. Thng thng
th h thng s c trin khai dch v AAA (Authentication, Authorization,
Accounting). Dch v ny cng nn c document li v ci t nh l mt
phn ca bo mt mng WLAN. Dch v AAA s cho php doanh nghip gn
quyn truy cp n mt lp ngi dng no . V d, khch hng ch c
cho php s dng internet trong khi nhn vin s c truy cp n server ni
b v internet.
- Vic lu gi nhng thng tin v quyn truy cp ca user cng nhu nhng thao
tc h thc hin s l mt bng chng quan trng bit c ai lm g
trn mng. Chng hn, nu nhn vin ang ngh php v trong sut k ngh
php account ca h c s dng lin tc th c th bit c account
b hacker bit c password. C c nhng thng tin v cc thao tc
lm s gip cho admin bit c iu g tht s xy ra vi mng c bin
php i ph thch hp
Bi 45:
CC VN CN XEM XT KHI TRIN KHAI WLAN
Sau khi bn kt thc site survey v c c bn trin khai vt l, bn c
th chuyn sang bc tip theo ca qu trnh trin khai. Mt mng WLAN bo
mt i hi phi c AAA Server nh RADIUS cho php xc thc theo
ngi dng. Hn na, bn nn trin khai 1 c ch qun l WLAN.
1. Cc vn cn xem xt khi trin khai 802.1X:
- Gii php 802.1X yu cu phi c AAA server cung cp xc thc theo
ngi dng. AAA server thng c t trung tm d liu (data center)
c bo v. V n nm layer 3 v c tc chuyn mch ca ng dy
(wire-speed) nn bn c th o t c tr ca mng gia bin mng
(network edge) v data center vo khong vi milisecond hay thm ch
microsecond.
- Vic trin khai 802.1X tr nn phc tp hn khi phi trin khai qua kt ni
WAN. Kt ni WAN thng c bng thng (bandwidth) thp hn so vi kt
ni LAN v kt qu l nghn c th xut hin trn nhng kt ni ny. Nghn c
th c nhng nh hng ng k ln xc thc 802.1X v n c th drop (hy
b) nhng gi tin RADIUS lm cho vic xc thc ca trm client b time out
nh c minh ha trong hnh di.
- Bn c th hn ch nh hng bng 2 cch sau:

+ S dng QoS u tin cc gi tin 802.1X RADIUS c truyn qua
kt ni WAN
+ Ci t AAA server cc b chi nhnh
u tin gi tin 802.1X RADIUS s dng IP QoS:
- Phng php ny cung cp u tin cho cc gi tin 802.1X khi kt ni
WAN xy ra nghn. i vi cc mng trin khai QoS h tr cc ng
dng VoIP th hu nh chng ta khng cn cu hnh g thm.
- VoIP thng c gi tr IP Precedence bng 5 v gi tr DSCP (Differentiated
Service Code Point) l EF (Expedited Forwarding). Video c IP Precedence

bng 4 v DSCP l AF41 n AF43. Cc giao thc iu khin cuc gi VoIP
(MGCP hay H.323) c IP Precedence bng 3 v DSCP l AF31 n AF33. Cc
gi tin 802.1X RADIUS c th c xem nh l control traffic nn c th xp
vo IP Precedence bng 3 v DSCP l AF31 n AF33. Bng di y tm tt
cc gi tr ny.
- Vic s dng QoS u tin traffic ca 802.1X RADIUS khng gii quyt
c ht mi vn lin quan n vic xc thc t xa. Cc vn sau vn lun
tn ti:
+ Khng c dch v WAN (WAN outage)
+ tr ca WAN
- Nu kt ni WAN b t th trm client khng th truy cp vo WLAN cng
nh ti nguyn cc b. Vi kt ni WAN c tr rt cao nh v tinh cng c
nhng nh hng xu n qu trnh xc thc v n c th lm cho vic xc thc
b time out lm cho hiu nng hot ng ca station b gim st nghim trng.
Xc thc cc b chi nhnh:
- Xc thc cc b chi nhnh dng nh l mt gii php tt gii quyt vn
, nhng n cng khng phi l mt cng c cha c bch bnh. Vic trin
khai AAA server chi nhnh c nhng vn sau:
+ Chi ph i vi nhng cng ty c nhiu chi nhnh th cn t nht 1 server
mi chi nhnh
+ Kh nng qun l
- S lng authentication server c th ln n hng ngn ty thuc vo s
trin khai
- Vic phi ti to li c s d liu ngi dng cho mt lng ln cc chi
nhnh c th l mt vn kh thc hin
- Vic truy cp ca admin c th l mt vn nu nh cc admin chi nhnh
cn thng xuyn truy cp vo server trung tm
- Mt s nh sn xut nh Cisco tch hp authentication server vo trong AP
gip ngi dng tit kim chi ph v nhng rc ri lin quan n vic qun
l AAA server cc b nh c minh ha trong hnh di
2. Qun l WLAN:
- Qun l mng ni chung v qun l WLAN ni ring l mt ch ln v
cn phi c mt sch khc ni v chng. Phn ny ch a ra mt s khi nim
quan trng ni bt nht cn phi xem xt trong sut qu trnh trin khai.
- Trong bt k kiu mng no, bn khng th qun l nhng g m bn khng
th o t c
- Trong cc mng ln, c th ln n hng ngn thit b cn c qun l.
Trong cc trin khai mng WLAN cho mt doanh nghip ln khng him khi
ta thy s lng AP nhiu gp 3 ln bnh thng. WLAN c th s nh hng
chnh n vic bn s qun l mng nh th no. c c mt mng WLAN
hot ng ng tin cy nh mng LAN v gim thiu nhng phc tp trong
vic qun l th bn cn phi c mt gii php qun l trong bao gm vic
qun l WLAN.
- Nhng nh ph chun WLAN u tin gp nhng kh khn v gnh nng
qun l trong WLAN. Hu ht cc gi qun l gi r rt kh m rng n hng
ngn thit b m khng phi s dng nhiu trm qun l, v khng c mt gii
php no a ra nhng chc nng qun l sng v tuyn (RF). Nhng thiu st
ny lm cho vic trin khai WLAN c hiu nng hot ng ngho nn v buc
admin phi t pht trin nhng cng c ring ca h qun l WLAN mt
cch hiu qu.
- Nhiu gii php qun l WLAN cung cp cc dch v qun l ging vi mng
c dy nh: SNMP, gim st li, thu thp cc by li (trap), phn phi cu
hnh, phn phi firmware Tuy nhin, khng c gii php no cho admin c
ci nhn su hn v bn thn mng v tuyn. Hiu nng ca WLAN khc nhau
rt ln trong cc ci t khc nhau. Vt liu ca tng v v tr ca nhiu bn
ngoi nh l vi sng c th nh hng n hiu nng ca WLAN. Ngoi ra th
cc thit b Bluetooth, ad-hoc client v mng WLAN ca hng xm s lm suy
gim hiu nng ca WLAN n mc khng th s dng c.
- Vic qun l c sng v tuyn s cho php admin nhn thy c cc vn
nh vy v ty thuc vo cc gii php ci t m n c th t ng iu

khin cc tham s ca radio (sng v truyn) nh la chn knh/tn s v cng
sut truyn ca client/AP thch nghi vi mi trng RF.
Kt lun:
- Quyt nh ca bn khi trin khai mng WLAN l iu quan trng ti u
mng WLAN:
+ Kiu ngi dng no s s dng WLAN? (c tnh di ng cao hay ch thnh
thong)
+ Kiu ng dng no m nhng ngi dng ny s s dng trong WLAN?
-Mc d 2 cu hi ny l rt c bn v hu nh bn thn n t gii thch
nhng chng vn thng b b qun trong lc trin khai. Chng l nn tng cho
vic tit kim chi ph trong sut qu trnh trin khai, chnh l trong vic la
chn kiu trin khai coverage-oriented hay capacity-oriented.
- Mt khi bn chn c kiu trin khai th vic bit c cc cng c
thc hin site survey cng nh cc trng hp site survey thc t c th gip
bn tit kim thi gian v tin bc cho mt cng vic nhm chn v tn thi
gian. Ngy nay, site survey l mt cng vic th cng c ngha l ngi kho
st s phi thc hin tt c cc o t cng nh tnh ton. Cng vi s pht
trin ca WLAN th cc cng c qun l cng gip t ng mt s tin trnh
ny.
---------------------------------------Bi 46:
CC CNG NGH CNH TRANH VI WLAN

C nhiu cng ngh cnh tranh vi cc chun 802.11. Khi nhu cu kinh doanh
thay i v cng ngh c ci tin th vn lin tc c nhiu chun mi
c to ra h tr cho th trng. y chng ta xt nhng cng ngh sau:
+ HomeRF
+ Bluetooth
+ Infrared
+ OpenAir
1. HomeRF
- HomeRF hot ng trong bng tn 2.4 Ghz v s dng cng ngh nhy tn
(frequency hopping). Cc thit b HomeRF nhy khong 50 hop trong mt giy
khong 5 n 20 ln nhanh hn cc thit b 802.11 FHSS. Phin bn mi l
HomeRF 2.0 s dng quy tc nhy tn bng rng (wide band) mi c ph
chun bi FCC. Hy nh li cc quy tc sau c p dng sau ngy 31/8/2000:
+ Tn s sng mang rng ln nht l 5 Mhz
+ t nht l 15 hop trong mt chui nhy (hop sequence)
+ Cng sut pht ti a l 125 mW.
- Bi v HomeRF cho php tng tn s sng mang v rt linh hot trong
vic ci t nn c ngi ngh rng nhy tn bng rng s ph bin. Tuy
nhin, iu ny khng xy ra. Mc d c thun li v mt tc (10

Mbps) nhng vn khng b c nhng bt li v gii hn cng sut pht
125 mW. iu ny gy ra gii hn vic nhy tn bng rng ch trong phm
vi 150 feet. Nhng gii hn ny lm cho cc thit b nhy tn bng rng
ch c s dng ch yu trong mi trng SOHO.
- HomeRF s dng giao thc SWAP, l mt s kt hp gia CSMA v
TDMA. SWAP l mt s lai ti gia 802.11 v chun DECT v c
pht trin bi nhm lm vic HomeRF. Cc thit b HomeRF l cc thit b
duy nht trn th trng hin ti vn cn s dng cc quy tc nhy tn bng
rng. Cc thit b HomeRF c xem l bo mt hn 802.11 trong vic s
dng WEP bi v HomeRF s dng 32 bit IV thay v ch 24 bit nh trong
802.11. Hn na, HomeRF ch nh cc IV c chn nh th no trong
qu trnh m ha. 802.11 khng c qu trnh ny nn n rt d b tn cng.
2. Bluetooth
- Bluetooth l mt cng ngh nhy tn khc hot ng trong bng tn 2.4 Ghz
ISM. T l nhy ca cc thit b Bluetooth khong 1600 hop trong mt giy (c
dwell time khong 625 uS) v th chng c chi ph nhiu hn ng k so vi h
thng nhy tn trong 802.11. T l nhy cao cng gip cho cng ngh khng c
tt hn vi nhiu bng hp. Cc h thng Bluetooth khng c thit k c
throughput cao nhng li rt n gin trong s dng, c cng sut thp v
khong cch ngn (WPAN). Chun IEEE 802.15 bao gm cc c t cho
Bluetooth.
- Mt im bt li ln nht trong vic s dng cng ngh Bluetooth l chng
dng nh ph hy hon ton cc mng 2.4 Ghz khc. Tc nhy cao ca
Bluetooth trong ton b bng tn 2.4 s dng c lm cho tn hiu Bluetooth
xut hin trong cc h thng khc nh l nhiu all-band (all-band interference).
Bluetooth cng nh hng n cc h thng FHSS khc. Nhiu all-band c
ngha l lm hng tn hiu trong ton b dy tn s c th s dng c.
Nhng l thay, nhiu ngc (counter-interference) (nhiu ca mng WLAN
gy ra cho Bluetooth) khng nh hng n cc thit b bluetooth mt cch
nghim trng nh l nhiu ca Bluetooth gy ra cho cc thit b WLAN.
- Cc thit b Bluetooth hot ng trong 3 lp cng sut: 1 mW, 2.5 mW v
100 mW. Hin ti th rt t thit b bluetooth s dng lp 3 (100 mW). Cc thit
b bluetooth lp 2 (2.5 mW) c phm vi hot ng ti a l 10 mt (33 feet).
Nu bn mun m rng vng hot ng th bn nn s dng anten nh hng.
3. Infrared Data Association (IrDA)
IrDA khng phi l mt chun nh Bluetooth, HomeRF hay 802.11 m l mt
t chc. c thnh lp vo thng 6 nm 1993, IrDA l mt t chc c nhim
v to ra cc chun c th tng tc vi nhau, chi ph thp, cng sut thp,
half-duplex, serial data interconnection h tr cho cc ngi dng di ng
trong m hnh point-to-point v c th gn vo cc phn cng my tnh khc
nhau. Truyn thng c s dng ch yu trong cc my tnh ton (calculator),
my in, cc lin kt building-to-building v cc my tnh cm tay.
Infrared (IR):
- Infrared l mt cng ngh truyn truyn thng da trn nh sng ch khng
phi l mt cng ngh tri ph. Cc thit b IR c th t c tc ti a l 4
Mbps khong cch gn nhng v n l mt cng ngh da vo nh sng nn
cc ngun nh sng IR khc c th gy nhiu n vic truyn thng IR. Tc
thng thy ca mt thit b IR l khong 115 Kbps l cho vic trao i d
liu gia cc thit b cm tay. Mt li th quan trng ca mng IR l n khng
gy nhiu vi mng tri ph RF nn chng c th c s dng cng vi nhau.
Security:
- Tnh bo mt ca bn thn cc thit b IR l rt tuyt vi do 2 nguyn nhn
chnh. Th nht, IR khng th truyn xuyn tng mc cng sut thp nh
th (2 mW). Th 2, mt hacker hay mt k nghe ln phi can thip trc tip
vo cc beam c th truy cp vo cc thng tin c truyn. Vi PDA v
Laptop, IR c s dng cho cc kt ni point-to-point mt khong cch rt
ngn v th, tnh bo mt l khng cn thit trong trng hp ny.
Stability (tnh n nh):
IR khng th truyn xuyn tng m n s phn x li khi tng v trn nh.
Infrared khng b ph hy bi tn hiu in t, iu ny lm tng tnh n nh
ca h thng IR. Cc thit b IR qung b (broadcast) c th c treo trn trn
nh. Thit b IR qung b (tng t nh anten RF) s truyn sng mang IR v
cc thng tin theo tt c mi hng. V l do tiu th in nng nn Broadcast
IR thng c s dng trong nh. Truyn thng IR point-to-point c th c
s dng outdoor v c phm vi hot ng ti a ln n 1 Km (khong 3280
feet) nhng khong cch ny c th b lm ngn li bi nh sng mt tri. nh
sng mt tri xp x 60% nh sng infrared v c th lm suy yu tn hiu
broadcast IR mt cch nghim trng.
4. Wireless LAN Interoperability Forum (WLIF)
- Chun OpenAir l chun c to ra bi WLIF (hin ti th din n ny
khng cn hot ng na) nh l mt h thng WLAN thay th cho 802.11.
OpenAir c 2 tc hot ng l 800 Kbps v 1.6 Mbps. Cc h thng
OpenAir v 802.11 khng tng thch vi nhau v khng th tng tc c
vi nhau. Hin nay th chun ny rt t c s dng. OpenAir tp trung ch
yu vo cc thit b FHSS v ch hot ng 2 tc .
Bi 47:
CC BNG C S DNG TRONG CHUYN MCH

- Cc Catalyst switch cha mt vi kiu bng s dng cho qu trnh chuyn
mch. Cc bng ny c thay i i vi chuyn mch lp 2 hoc a lp, v
c gi trong mt b nh nhanh nhiu trng bn trong mt frane hoc gi
c so snh song song.
1. B nh ni dung i ch CAM (Content Addressable Memory):
- Tt c Catalyst switch u s dng mt bng CAM cho chuyn mch lp 2.
V frame n cc port ca switch, nn a ch MAC ngun c hc v ghi li
trong bng CAM. C port n v VLAN u c ghi li, cng vi mt nh
du thi gian (timestamp). Nu mt a ch MAC hc trn mt port chuyn
sang port khc, th a ch MAC v timestamp c ghi li cho hu ht cc port
n trc . Sau , cc mc trc s c xon. Nu tm thy mt a ch
MAC c tn ti trong bng cho port n chnh xc, th timestamp s c
cp nht.
- Cc switch thng c bng CAM ln truy tm nhiu a ch cho vic
chuyn tip frame. Tuy nhin, khng gian bng khng gi mi a ch c
th trn mt mng ln. qun l khng gian bng CAM, cc mc c (a ch
khng c dng trong khong thi gian no ) s b xa. Khong thi gian
mc nh l 300s. Ta cng c th cu hnh switch thay i gi tr mc nh
ny.
- iu g s xy ra khi a ch MAC ca host c hc trn mt port ca
switch, v sau chuyn sang port khc. Thng thng mc bng CAM gc
ca host c thi hn l 300s, trong khi a ch ca n c hc trn mt port
mi. trnh vic trng lp cc mc trong bng CAM, th switch s lm sch
mc tn ti i vi a ch MAC c hc trn port khc. y l iu chp
nhn c v a ch MAC l duy nht v mt host khng bao gi c thy
trn nhiu hn mt port tr khi mng c vn . Nu switch ch rng, a ch
MAC ang c hc trn cc port qua li, n s pht ra mt thng ip bo li
a ch MAC "flapping" gia hai interface.
2. B nh ni dung i ch bc ba TCAM (Ternary Content Addressable
Memory):
- Trong cch nh tuyn truyn thng, cc ACL c th so khp, lc, hoc iu
khin lu lng c bit. Danh sch truy cp c cu thnh t mt hoc nhiu
mc truy cp (ACE - Access Control Entry), hoc so khp cu lnh c c
lng (Evaluating) trong lnh theo sau. Vic c lng (Evaluating) mt danh
sch truy cp c th b sung thi gian vo cc gi chuyn tip.
- Tuy nhin trong chuyn mch a lp, tt c qu trnh so khp m cc ACL
cung cp c thc hin phn cng. TCAM cho php mt gi c c
lng da vo ton b danh sch truy cp trong bng tra cu. Hu ht switch
c nhiu bng TCAM bo mt c trong v ngoi, v cc QoS ACL c c
lng ng thi, hoc hon ton trong quyt nh song song chuyn tip lp 2
hoc lp 3.
- Phn mm IOS ca Catalyst c hai thnh phn thc thi hot ng ca

TCAM:
Qun l tnh nng FM ( Feature Manager): sau khi mt danh sch truy cp
c to hoc cu hnh, phn mm qun l tnh nng s bin dch, v cc ACE
s c hp nht vo trong ton b bng TCAM. Sau TCAM c tra cu
vi tc chuyn tip frame.
Qun l c s d liu chuyn mch SDM ( Switching Database Manager):
ta c th chia TCAM trn cc Catalyst switch thnh cc vng c chc nng
khc nhau. Phn mm SDM cu hnh hoc cc phn chia TCAM ny nu cn.
Cu trc bng TCAM:
- TCAM l mt bng m rng ca bng CAM, nn n cng thc hin truy tm
da trn thut ton so trng gm c hai gi tr vo l bit 0 v 1, cho kt qu
nhanh nhng hot ng ca tru tng hn. V d gi tr nh phn (0 v 1) l t
kha trong bng, nhng gi tr mt n cng c s dng quyt nh bit no
c lin quan thc s. Nh vy t kha ca bng TCAM c ba gi tr l 0,1
v X.
- Ton b TCAM c so snh kt hp c ba gi tr, mt n v kt qu (Value,
Mask, v Result). Cc trng c c t header ca frame hoc packet v s
c da vo TCAM. Vic nh x c thc hin nh sau:
Value: l mt chui 134 bit, gm c a ch ngun v ch, v cc thng tin
giao thc lin quan, tt c u c so trng. Thng tin mc ni n Value lin
quan n kiu danh sch truy cp c biu din trong bng 1. Value trong
bng TCAM ly trc tip t a ch, port v thng tin giao thc trong ACE.
Mask: cng l mt chui 134 bit trong cng frame. Mark ch chn cc bit
Value, v bit mask s c thit lp so trng bit Value chnh xc. Mask s
dng bng TCAM xut pht t a ch hoc bit mask trong cc ACE.
Result: l gi tr bng s cho bit hnh ng sau khi so trng xy ra bng
TCAM. V d Result c th l mt quyt nh cho php hoc khng, hoc gi
tr QoS, hoc con tr n bng nh tuyn kt tip
Bi 48:
Recovery Password Switch !
Vic crack password switch cc k n gin trong cc dng switch sau:
2900XL, 3500XL, 2940, 2950, 2960, 2970, 3550, 3560, and 3750 series
switches
Nhn v gi nt "mode" , bn tri ca switch, cho n khi thy switch hin cc

cu thng bo "... password recovery mechanism is enable.."
V i switch khi ng li, Lc ny ta c cu hnh rng. Ta vo c
mode privileged . copy file cu hnh c ln li, mc ch sa, xo password,
ta dng lnh :
Quote:
Switch#copy flash:config.text.rename running-config
CCNA#
Sau khi sa password qun, ta lu cu hnh li bnh thng .
Tuy nhin, vi dng Switch 2955 series, chng ta khng th s dng nt
"mode" recovery password. M ta tin hnh cc bc sau :
G cp ngun switch, v gn li, cng tng t router, ta nhn CTRL + Break
nht tin trnh boot. ( Lu : tu vo h iu hnh m ta c t hp phm
ngt khc nhau )
Quote:
C2955 Boot Loader (C2955-HBOOT-M) Version 12.1(0.0.514), CISCO
DEVELOPMENT TEST
VERSION
Compiled Fri 13-Dec-02 17:38 by madison
WS-C2955T-12 starting...
Base ethernet MAC Address: 00:0b:be:b6:ee:00
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 19 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 4510720
flashfs[0]: Bytes available: 3230720
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Ch i thy mn hnh hin ra :
Quote:
The system has been interrupted prior to initializing the flash file system to
finish
loading the operating system software:
flash_init
load_helper
boot
Nhn CTRL + Break
Quote:
switch:
G command :
Quote:
switch: flash_init
Initializing Flash...
flashfs[0]: 143 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 3612672
flashfs[0]: Bytes used: 2729472
flashfs[0]: Bytes available: 883200
flashfs[0]: flashfs fsck took 86 seconds
....done Initializing Flash.
Boot Sector Filesystem (bs installed, fsid: 3
Parameter Block Filesystem (pb installed, fsid: 4
G command
Quote:
switch: load_helper
switch:
Tip tc ta g dir flash xem IOS trn switch
(Lu , c du : sau ch flash)
Quote:
switch: dir flash:
Directory of flash:/
-rwx 1803357 <date> c3500xl-c3h2s-mz.120-5.WC7.bin
-rwx 1131 <date> config.text ( file lu cu hnh )-rwx 109 <date> info
-rwx 389 <date> env_vars
drwx 640 <date> html
-rwx 109 <date> info.ver
403968 bytes available (3208704 bytes used)
switch:
Ta sa file cu hnh lu password
Quote:
switch: rename flash:config.text flash:config.old
Enter boot command
Quote:
switch: boot
Loading "flash:c3500xl-c3h2s-mz.1205.WC7.bin"...###############################
##################################################
##############################
##################################################
####################
File "flash:c3500xl-c3h2s-mz.120-5.WC7.bin" uncompressed and installed,
entry po
int: 0x3000
executing...
Sau khi khi ng ln :
Quote:
--- System Configuration Dialog --At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Continue with configuration dialog? [yes/no]: n
Press RETURN to get started.
Switch>
Switch>en
Switch#
Sa file config li thnh file config.text nh lc u :
Quote:
Switch#rename flash:config.old flash:config.text
Destination filename [config.text]
Copy file password c ln xo, sa :
Quote:
Switch#copy flash:config.text system:running-config
Swpass#
Ta sa password xong, lu li , kt thc qu trnh recovery password :
Quote:
Sw1#write memory
Building configuration...
[OK]
---------------------------------------------------------Bi 49:
CC THIT B H TNG MNG KHNG DY

2.1. CC THIT B H TNG MNG KHNG DY (WLAN)
2.1.1. im truy cp: AP(access point)
Cung cp cho cc my khch(client) mt im truy cp vo mng. AP l mt
thit b song cng(Full duplex) c mc thng minh tng ng vi mt
chuyn mch Ethernet phc tp(Switch).
Hnh 2-2: Kt ni gia Access Point v my tnh c h tr card mng

khng dy
2.1.1. Cc ch hot ng ca AP:
AP c th giao tip vi cc my khng dy, vi mng c dy truyn thng v
vi cc AP khc. C 3 Mode hot ng chnh ca AP:
Ch gc (Root mode): Root mode c s dng khi AP c kt ni vi
mng backbone c dy thng qua giao din c dy (thng l Ethernet) ca n.
Hu ht cc AP s h tr cc mode khc ngoi root mode, tuy nhin root mode
l cu hnh mc nh. Khi mt AP c kt ni vi phn on c dy thng
qua cng Ethernet ca n, n s c cu hnh hot ng trong root mode.
Khi trong root mode, cc AP c kt ni vi cng mt h thng phn phi
c dy c th ni chuyn c vi nhau thng qua phn on c dy. Cc
client khng dy c th giao tip vi cc client khng dy khc nm trong
nhng cell ( t bo, hay vng ph sng ca AP) khc nhau thng qua AP
tng ng m chng kt ni vo, sau cc AP ny s giao tip vi nhau
thng qua phn on c dy nh v d trong hnh 2-3.
Hnh 2-3: M hnh hnh Root Mode

Ch cu ni(bridge Mode): Trong Bridge mode, AP hot ng hon ton
ging vi mt cu ni khng dy. AP s tr thnh mt cu ni khng dy khi
c cu hnh theo cch ny. Ch mt s t cc AP trn th trng c h tr
chc nng Bridge, iu ny s lm cho thit b c gi cao hn ng k. Chng
ta s gii thch mt cch ngn gn cu ni khng dy hot ng nh th no, t
hnh 2-3 Client khng kt ni vi cu ni, nhng thay vo , cu ni c s
dng kt ni 2 hoc nhiu on mng c dy li vi nhau bng kt ni
khng dy.
Hnh 2-4: M hnh bridge mode
Ch lp(repeater mode): AP c kh nng cung cp mt ng kt ni khng

dy upstream vo mng c dy thay v mt kt ni c dy bnh thng. Mt AP
hot ng nh l mt root AP v AP cn li hot ng nh l mt Repeater
khng dy. AP trong repeater mode kt ni vi cc client nh l mt AP v kt
ni vi upstream AP nh l mt client.
Hnh 2-5: M hnh Repeater mode

2.1.1. Cc thit b my khch trong WLAN:
L nhng thit b WLAN c cc my khch s dng kt ni vo WLAN.
2.1.1.a. Card PCI Wireless:
L thnh phn ph bin nht trong WLAN. Dng kt ni cc my khch vo
h thng mng khng dy. c cm vo khe PCI trn my tnh. Loi ny
c s dng ph bin cho cc my tnh bn(desktop) kt ni vo mng
khng dy.
Hnh 2-6: Card mng khng dy chun PCI
2.1.1.a. Card PCMCIA Wireless:

Trc y c s dng trong cc my tnh xch tay(laptop) v ccthit b h
tr c nhn s PDA(Personal Digital Associasion). Hin nay nh s pht trin
ca cng ngh nn PCMCIA wireless t c s dng v my tnh xch tay v
PDA,. u c tch hp sn Card Wireless bn trong thit b.
Hnh 2-7: Card mng khng dy chun PCMCIA

2.1.1.a. Card USB Wireless:
Loi rt c u chung hin nay dnh cho cc thit b kt ni vo mng
khng dy v tnh nng di ng v nh gn . C chc nng tng t nh Card
PCI Wireless, nhng h tr chun cm l USB (Universal Serial Bus). C th
tho lp nhanh chng (khng cn phi cm c nh nh Card PCI Wireless) v
h tr cm khi my tnh ang hot ng.
Hnh 2-8: Card mng khng dy chun USB
Bi 50:
Mt s gii php bo mt trong mng khng dy

50.1. WLAN VPN:
Mng ring o VPN bo v mng WLAN bng cch to ra mt knh che chn
d liu khi cc truy cp tri php. VPN to ra mt tin cy cao thng qua vic
s dng mt c ch bo mt nh IPSec (Internet Protocol Security). IPSec
dng cc thut ton mnh nh Data Encryption Standard (DES) v Triple DES
(3DES) m ha d liu, v dng cc thut ton khc xc thc gi d liu.
IPSec cng s dng th xc nhn s xc nhn kha m (public key). Khi
c s dng trn mng WLAN, cng kt ni ca VPN m nhn vic xc
thc, ng gi v m ha.
Hnh 50.1: WLAN VPN

50.2. TKIP(Temporal Key Integrity Protocol):
L gii php ca IEEE c pht trin nm 2004. L mt nng cp cho WEP
nhm v nhng vn bo mt trong ci t m dng RC4 trong WEP. TKIP
dng hm bm(hashing) IV chng li vic gi mo gi tin, n cng cung cp
phng thc kim tra tnh ton vn ca thng ip MIC(message integrity
check ) m bo tnh chnh xc ca gi tin. TKIP s dng kha ng bng
cch t cho mi frame mt chui s ring chng li dng tn cng gi mo.
50.3. AES(Advanced Encryption Standard):

L mt chc nng m ha c ph chun bi NIST(Nation Instutute of
Standard and Technology). IEEE thit k mt ch cho AES p ng
nhu cu ca mng WLAN. Ch ny c gi l CBC-CTR(Cipher Block
Chaining Counter Mode) vi CBC-MAC(Cipher Block Chaining Message
Authenticity Check). T hp ca chng c gi l AES-CCM . Ch CCM
l s kt hp ca m ha CBC-CTR v thut ton xc thc thng ip CBCMAC. S kt hp ny cung cp c vic m ha cng nh kim tra tnh ton vn
ca d liu gi.
M ha CBC-CTR s dng mt bin m b sung cho chui kha. Bin
m s tng ln 1 sao khi m ha cho mi khi(block). Tin trnh ny m bo
ch c duy nht mt kha cho mi khi. Chui k t cha c m ha s c
phn mnh ra thnh cc khi 16 byte.
CBC-MAC hot ng bng cch s dng kt qu ca m ha CBC cng vi
chiu di frame, a ch ngun, a ch ch v d liu. Kt qu s cho ra gi tr
128 bit v c ct thnh 64 bit s dng lc truyn thng.
AES-CCM yu cu chi ph kh ln cho c qu trnh m ha v kim tra tnh
ton vn ca d liu gi nn tiu tn rt nhiu nng lc x l ca CPU kh ln.
50.4. 802.1x v EAP:
802.1x l chun c t cho vic truy cp da trn cng(port-based) c nh
ngha bi IEEE. Hot ng trn c mi trng c dy truyn thng v khng
dy. Vic iu khin truy cp c thc hin bng cch: Khi mt ngi dng
c gng kt ni vo h thng mng, kt ni ca ngi dng s c t trng
thi b chn(blocking) v ch cho vic kim tra nh danh ngi dng hon tt.
Hnh 50.2: M hnh hot ng xc thc ca 802.1x
EAP l phng thc xc thc bao gm yu cu nh danh ngi

dng(password, cetificate,), giao thc c s dng(MD5, TLS_Transport
Layer Security, OTP_ One Time Password,) h tr t ng sinh kha v xc
thc ln nhau.
M hnh xc thc 802.1X-EAP cho Client din ra nh sau:
Hnh 50.3: Qu trnh trao i thng tin xc thc ca 802.1x

50.5. WPA (Wi-Fi Protected Access)
WEP c xy dng bo v mt mng khng dy trnh b nghe trm.
Nhng nhanh chng sau ngi ta pht hin ra nhiu l hng cng ngh
ny. Do , cng ngh mi c tn gi WPA (Wi-Fi Protected Access) ra i,
khc phc c nhiu nhc im ca WEP.
Trong nhng ci tin quan trng nht ca WPA l s dng hm thay i kho
TKIP (Temporal Key Integrity Protocol). WPA cng s dng thut ton RC4
nh WEP, nhng m ho y 128 bit. V mt c im khc l WPA thay
i kho cho mi gi tin. Cc cng c thu thp cc gi tin ph kho m ho
u khng th thc hin c vi WPA. Bi WPA thay i kho lin tc nn
hacker khng bao gi thu thp d liu mu tm ra mt khu. Khng
nhng th, WPA cn bao gm kim tra tnh ton vn ca thng tin (Message
Integrity Check). V vy, d liu khng th b thay i trong khi ang trn
ng truyn. WPA c sn 2 la chn: WPA Personal v WPA Enterprise. C
2 la chn u s dng giao thc TKIP, v s khc bit ch l kho khi to m
ho lc u. WPA Personal thch hp cho gia nh v mng vn phng nh,
kho khi to s c s dng ti cc im truy cp v thit b my trm.
Trong khi , WPA cho doanh nghip cn mt my ch xc thc v 802.1x
cung cp cc kho khi to cho mi phin lm vic.
C mt l hng trong WPA v li ny ch xy ra vi WPA Personal. Khi m s
dng hm thay i kho TKIP c s dng to ra cc kho m ho b pht
hin, nu hacker c th on c kho khi to hoc mt phn ca mt khu,
h c th xc nh c ton b mt khu, do c th gii m c d liu.
Tuy nhin, l hng ny cng s b loi b bng cch s dng nhng kho khi
to khng d on (ng s dng nhng t nh "PASSWORD" lm mt
khu).
iu ny cng c ngha rng k thut TKIP ca WPA ch l gii php tm thi,
cha cung cp mt phng thc bo mt cao nht. WPA ch thch hp vi
nhng cng ty m khng truyn d liu "mt" hay cc thng tin nhy cm...
WPA cng thch hp vi nhng hot ng hng ngy v mang tnh th nghim
cng ngh.
50.6. WPA 2
Mt gii php v lu di l s dng 802.11i tng ng vi WPA2, c
chng nhn bi Wi-Fi Alliance. Chun ny s dng thut ton m ho mnh
m v c gi l Chun m ho nng cao AES (Advanced Encryption
Standard). AES s dng thut ton m ho i xng theo khi Rijndael, s
dng khi m ho 128 bit, v 192 bit hoc 256 bit. nh gi chun m ho
ny, Vin nghin cu quc gia v Chun v Cng ngh ca M, NIST
(National Institute of Standards and Technology), thng qua thut ton m
i xng ny. V chun m ho ny c s dng cho cc c quan chnh ph
M bo v cc thng tin nhy cm. Trong khi AES c xem nh l bo
mt tt hn rt nhiu so vi WEP 128 bit hoc 168 bit DES (Digital Encryption
Standard). m bo v mt hiu nng, qu trnh m ho cn c thc hin
trong cc thit b phn cng nh tch hp vochip. Tuy nhin, rt t ngi s
dng mng khng dy quan tm ti vn ny. Hn na, hu ht cc thit b
cm tay Wi-Fi v my qut m vch u khng tng thch vi chun 802.11i.
50.7. Lc (Filtering)
Lc l c ch bo mt c bn c th s dng cng vi WEP. Lc hot ng
ging nh Access list trn router, cm nhng ci khng mong mun v cho
php nhng ci mong mun. C 3 kiu lc c bn c th c s dng trong
wireless lan:
+ Lc SSID
+ Lc a ch MAC
+ Lc giao thc
50.7.a. Lc SSID
Lc SSID l mt phng thc c bn ca lc v ch nn c s dng cho vic
iu khin truy cp c bn. SSID ca client phi khp vi SSID ca AP c
th xc thc v kt ni vi tp dch v. SSID c qung b m khng c
m ha trong cc Beacon nn rt d b pht hin bng cch s dng cc phn
mm. Mt s sai lm m ngi s dng WLAN mc phi trong vic qun l
SSID gm:
S dng gi tr SSID mc nh to iu kin cho hacker d tm a ch MAC
ca AP.
S dng SSID c lin quan n cng ty.
S dng SSID nh l phng thc bo mt ca cng ty.
Qung b SSID mt cch khng cn thit.
50.7.b. Lc a ch MAC
Hu ht cc AP u c chc nng lc a ch MAC. Ngi qun tr c th xy
dng danh sch cc a ch MAC c cho php. Nu client c a ch MAC
khng nm trong danh sch lc a ch MAC ca AP th AP s ngn chn
khng cho php client kt ni vo mng. Nu cng ty c nhiu client th c
th xy dng my ch RADIUS c chc nng lc a ch MAC thay v AP.
Cu hnh lc a ch MAC l gii php bo mt c tnh m rng cao.
Hnh 50.4: Tin trnh xc thc MAC

50.7.c. Lc giao thc
Mng Lan khng dy c th lc cc gi i qua mng da trn cc giao thc t
lp 2 n lp 7. Trong nhiu trng hp ngi qun tr nn ci t lc giao
thc trong mi trng dng chung, v d trong trng hp sau:
C mt nhm cu ni khng dy c t trn mt Remote building trong mt
mng WLAN ca mt trng i hc m kt ni li ti AP ca ta nh k thut
trung tm. V tt c nhng ngi s dng trong remote building chia s bng
thng 5Mbs gia nhng ta nh ny, nn mt s lng ng k cc iu khin
trn cc s dng ny phi c thc hin. Nu cc kt ni ny c ci t vi
mc ch c bit ca s truy nhp internet ca ngi s dng, th b lc giao
thc s loi tr tt c cc giao thc, ngoi tr HTTP, SMTP, HTTPS, FTP
Hnh 50.5: Lc giao thc

--------------------------------------------------Bi 51:
CC KIU TN CNG TRONG MNG WLAN
Mt s hnh thc tn cng xm nhp mng khng dy ph bin:
51.1. ROGUE ACCESS POINT
51.1.a. nh ngha
Access Point gi mo c dng m t nhng Access Point c to ra mt
cch v tnh hay c lm nh hng n h thng mng hin c. N c
dng ch cc thit b hot ng khng dy tri php m khng quan tm n
mc ch thc ca chng.
51.b. Phn loi
a)Access Point c cu hnh khng hon chnh
Mt Access Point c th bt ng tr thnh 1 thit b gi mo do sai st trong
vic cu hnh. S thay i trong Service Set Identifier(SSID), thit lp xc
thc, thit lp m ha, iu nghim trng nht l chng s khng th chng
thc cc kt ni nu b cu hnh sai. V d: trong trng thi xc thc m (open
mode authentication) cc ngi dng khng dy trng thi 1(cha xc thc
v cha kt ni) c th gi cc yu cu xc thc n mt Access Point v c
xc thc thnh cng s chuyn sang trang thi 2 (c xc thc nhng cha kt
ni). Nu 1 Access Point khng xc nhn s hp l ca mt my khch do li
trong cu hnh, k tn cng c th gi mt s lng ln yu cu xc thc, lm
trn bng yu cu kt ni ca cc my khch Access Point , lm cho Access
Point t chi truy cp ca cc ngi dng khc bao gm c ngi dng c
php truy cp.
b)Access Point gi mo t cc mng WLAN ln cn
Cc my khch theo chun 802.11 t ng chn Access Point c sng mnh
nht m n pht hin c kt ni. v d: Windows XP t ng kt ni n
kt ni tt nht c th xung quanh . V vy, nhng ngi dng c xc thc
ca mt t chc c th kt ni n cc Access Point ca cc t chc khc ln
cn. Mc d cc Access Point ln cn khng c thu ht kt ni t cc ngi
dng, nhng kt ni v tnh l nhng d liu nhy cm.
c)Access Point gi mo do k tn cng to ra
Gi mo AP l kiu tn cng man in the middle c in. y l kiu tn cng
m tin tc ng gia v trm lu lng truyn gia 2 nt. Kiu tn cng ny
rt mnh v tin tc c th trm tt c lu lng i qua mng. Rt kh khn
to mt cuc tn cng man in the middle trong mng c dy bi v kiu tn
cng ny yu cu truy cp thc s n ng truyn. Trong mng khng dy
th li rt d b tn cng kiu ny. Tin tc cn phi to ra mt AP thu ht nhiu
s la chn hn AP chnh thng. AP gi ny c th c thit lp bng cch
sao chp tt c cc cu hnh ca AP chnh thng l: SSID, a ch MAC
v.v..Bc tip theo l lm cho nn nhn thc hin kt ni ti AP gi.
- Cch th nht l i cho ngui dng t kt ni.
- Cch th hai l gy ra mt cuc tn cng t chi dch v DoS trong AP
chnh thng do vy ngui dng s phi kt ni li vi AP gi.
Trong mng 802.11 s la chn AP c thc hin bi cng ca tn hiu
nhn. iu duy nht tin tc phi thc hin l chc chn rng AP ca mnh c
cng tn hiu mnh hn c. c c iu tin tc phi t AP ca
mnh gn ngi b la hn l AP chnh thng hoc s dng k thut anten nh
hng. Sau khi nn nhn kt ni ti AP gi, nn nhn vn hot ng nh bnh
thng do vy nu nn nhn kt ni n mt AP chnh thng khc th d liu
ca nn nhn u i qua AP gi. Tin tc s s dng cc tin ch ghi li mt
khu ca nn nhn khi trao i vi Web Server. Nh vy tin tc s c c tt
c nhng g anh ta mun ng nhp vo mng chnh thng. Kiu tn cng
ny tn ti l do trong 802.11 khng yu cu chng thc 2 hng gia AP v
nt. AP pht qung b ra ton mng. iu ny rt d b tin tc nghe trm v do
vy tin tc c th ly c tt c cc thng tin m chng cn. Cc nt trong
mng s dng WEP chng thc chng vi AP nhng WEP cng c nhng
l hng c th khai thc. Mt tin tc c th nghe trm thng tin v s dng b
phn tch m ho trm mt khu ca ngi dng
d)Access Point gi mo c thit lp bi chnh nhn vin ca cng ty
V s tin li ca mng khng dy mt s nhn vin ca cng ty t trang b
Access Point v kt ni chng vo mng c dy ca cng ty. Do khng hiu r
v nm vng v bo mt trong mng khng dy h v tnh to ra mt l hng
ln v bo mt. Nhng ngi l vo cng ty v hacker bn ngoi c th kt ni
n Access Point khng c xc thc nh cp bng thng, nh cp thng

tin nhy cm ca cng ty, s dng h thng mng ca cng ty tn cng ngi
khc,
51.2. De-authentication Flood Attack (tn cng yu cu xc thc li )
Hnh 51.1: M t tn cng de-authentication flood

-K tn cng xc nh mc tiu tn cng l cc ngi dng trong mng
wireless v cc kt ni ca h(Access Point n cc kt ni ca n).
-Chn cc frame yu cu xc thc li vo mng WLAN bng cch gi mo a
ch MAC ngun v ch ln lt ca Access Point v cc ngi dng.
-Ngi dng wireless khi nhn c frame yu cu xc thc li th ngh rng
chng do Access Point gi n.
-Sau khi ngt c mt ngi dng ra khi dch v khng dy, k tn cng tip
tc thc hin tng t i vi cc ngi dng cn li.
-Thng thng ngi dng s kt ni li phc hi dch v, nhng k tn
cng nhanh chng tip tc gi cc gi yu cu xc thc li cho ngi dng.
51.3. Fake Access Point
K tn cng s dng cng c c kh nng gi cc gi beacon vi a ch vt
l(MAC) gi mo v SSID gi to ra v s Access Point gi lp.iu ny
lm xo trn tt c cc phn mm iu khin card mng khng dy ca ngi
dng.
Hnh 51.2: Tn cng Fake AP

51.4. Tn cng da trn s cm nhn sng mang lp vt l
Tn s l mt nhc im bo mt trong mng khng dy. Mc nguy him
thay i ph thuc vo giao din ca lp vt l. C mt vi tham s quyt nh
s chu ng ca mng l: nng lng my pht, nhy ca my thu, tn s
RF, bng thng v s nh hng ca anten. Trong 802.11 s dng thut ton
a truy cp cm nhn sng mang (CSMA) trnh va chm. CSMA l mt
thnh phn ca lp MAC. CSMA c s dng chc chn rng s khng c
va chm d liu trn ng truyn. Kiu tn cng ny khng s dng tp m
to ra li cho mng nhng n s li dng chnh chun . C nhiu cch
khai thc giao thc cm nhn sng mang vt l. Cch n gin l lm cho cc
nt trong mng u tin tng rng c mt nt ang truyn tin ti thi im hin
ti. Cch d nht t c iu ny l to ra mt nt gi mo truyn tin mt
cch lin tc. Mt cch khc l s dng b to tn hiu RF. Mt cch tn cng
tinh vi hn l lm cho card mng chuyn vo ch kim tra m n
truyn i lin tip mt mu kim tra. Tt c cc nt trong phm vi ca mt nt
gi l rt nhy vi sng mang v trong khi c mt nt ang truyn th s khng
c nt no c truyn.
51.5. Tn cng ngt kt ni (Disassociation flood attack)
Hnh 51.3: M t tn cng disassociation flood
- K tn cng xc nh mc tiu ( wireless clients ) v mi lin kt gia AP

vi cc clients
- K tn cng gi disassociation frame bng cch gi mo Source v
Destination MAC n AP v cc client tng ng
- Client s nhn cc frame ny v ngh rng frame hy kt ni n t AP.
ng thi k tn cng cng gi disassociation frame n AP.
- Sau khi ngt kt ni ca mt client, k tn cng tip tc thc hin tng
t vi cc client cn li lm cho cc client t ng ngt kt ni vi AP.
- Khi cc clients b ngt kt ni s thc hin kt ni li vi AP ngay lp tc.
K tn cng tip tc gi disassociation frame n AP v client.

Tuyen Tap Bai Viet CCNA PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tuyen Tap Bai Viet CCNA PDF

Uploaded by

Copyright:

Available Formats

Bi 1:

thng qua cc tng i ca cc nh cung cp dch v FR. Cc tng i FR c

Router A gi ra mt frame vi gi tr DLCI 41.

Ni mt cch thc t, cc vn ny t quan trng. Mc nh router s t

Frame Relay Headers v qu trnh ng gi FR

Mi VC mc nh u dng header ca Cisco tr phi c cu hnh dng

theo ch thch ng, trong router s thay i tc nh hnh ty thuc

Bit FECN c th c gn bi tng i FR nhng khng th c gn bi bt

Bit ch ra kh nng loi b frame DE

Cu hnh Frame Relay

Mc d mt router c th hc cc gi tr DLCI trn ng truyn FR thng qua

Bt u bng cu hnh ca R1. Cng subinterface s0/0.14 hin th ty chn

R1# show frame-relay lmi

Frame Relay Inverse ARP:

Trong mi trng LAN, i hi phi c mt gi tin (ARP request) n host v

Trong mng Frame Relay, nhng cu hnh chi tit c chon la vi mc ch

S mng trn ch mang tnh cht l mt v d, n ch s dng trong mi

Serial0/0.11 (up): ip 172.31.134.3 dlci 300(0x12C,0x48C0), dynamic,

R1 chuyn tip n R3. Trong trng hp ny InARP s khng gip c g,

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms

(*) Interface point-to-point lun lun b qua thng ip InARP, bi v i vi

1.1. Spanning Tree l g v ti sao phi s dng n?

Hai nguyn nhn chnh gy ra s lp vng tai hi trong mng chuyn

Gi s rng, khng c switch no chy STP:

DIXv2 Ethernet Frame ch cha 2 a ch MAC, mt trng Type v mt CRC.

b loop trong mng th n vn tip tc cho n khi ai ngt mt trong cc

V frame b lp theo hng ngc li, nn ta thy a ch MAC ca host A b

Cc kt ni vt l theo kiu vng lp m khng dng STP c th gy nhiu vn

Routing Protocol & Chnh sch redistribution (Redistribution Policy)

Sau khi 2 cng ty c hp nht.

V mt chnh tr, c nhng t tng khc nhau gia cc nh qan tr

Trong mt mi trng rt ln, nhng vng khc nhau c nhng yu cu

dng metric ca n xc nh ra route tt nht theo cch ca mnh. So snh

Router s khng c interface gn vo mng chnh.

nh sng ch phn x ch khng tn x), khi th nh sng s i theo ng

hiu c vn mode v phn bit gia chng. Truyn dn quang vi power

3.2. K thut hn ni bng h quang:

V gi thnh ca hai gii php:

C hai gii php u dng ph kin nh nhau. Gm hp cha ph kin

ng. Hin nay mng ca bu in l mng DDN (tt nhin l backbone th

SHDSL). HDSL v G.shdsl cho cc kt ni data 128Kbps&lt; n x 64Kbps

vd: Loi modem G.SHDSL Paradyn 1740 A2 gi tm 500usd, Zyxel P 792H

Interface hn : LAN, E1 v V35. Nu bn mun dng cp quang trc tip trn

Khi phc mt khu cho router Cisco

1. POST (Power On Self Test): y l bc u tin, din ra ngay sau

Ta tin hnh cc bc nh sau khi phc mt khu cho router:

( Nhn Ctrl + Break ti y)

L : Nhn Ctrl + Break ngay khi bt router c th lm ng router. Tt nht

4. Sau khi i xong gi tr ca thanh ghi cu hnh, phi khi ng li router.

Ta nhp phn tr li l no s dng cu hnh trng. Khi s dng cu hnh

Ta thy tn router c i t tn mc nh l Router thnh Vnpro.

Sau khi sa xong, nh lu cu hnh ln cu hnh c t nay v sau s

Thanh ghi cu hnh sau khi c sa vn gi nguyn gi tr 0x2142, ta phi

- Cn lnh clockrate, s lm thay i tc truyn d liu v xung nhp cao th

thi im kt ni m thi. Trong qu trnh truyn s liu, 2 modems 2

mng. Ta c th xc thc (authentication) ngi dng, cp quyn

AAA. Mt khi username v password c chp nhn, AAA c th dng

Vn duplex trong Ethernet

Ch full-duplex trong Ethernet

c t ca FastEthernet cng cho php tng thch ngc vi 10Mbps Ethernet

Trong qu trnh bt tay d tm ch duplex ca mt kt ni, mt s thng tin

Cn ch v vn duplex mismatch khi c hai u ca kt ni u khng cu

m bo cu hnh chnh xc c hai u ca kt ni, Cisco khuyn co cc

SHDSL). HDSL v G.shdsl cho cc kt ni data 128Kbps< n x 64Kbps