You are on page 1of 335

Mc Lc

Lab 1- Cu hnh Switch c bn................................................................................... Trang 1 Lab 2- Cu hnh Router C bn ................................................................................. Trang 12 Lab 3- Telnet v SSH .................................................................................................. Trang 18 Lab 4- Hng dn s dng GNS3 .............................................................................. Trang 22 Lab 5- Lab tng hp Switch, Router........................................................................... Trang 30 Lab 6- Wireless Lab .................................................................................................... Trang 39 Lab 7- Cisco Security Manager (SDM) ...................................................................... Trang 47 Lab 8- DHCP, DHCP Relay ....................................................................................... Trang 59 Lab 9- nh tuyn tnh (Static Route) ........................................................................ Trang 72 Lab 10- RIPv2 (Routing Information Protocol).......................................................... Trang 82 Lab 11- CDP (Cisco Discovery Protocol) .................................................................. Trang 96 Lab 12- Sao lu IOS, cu hnh cho router .................................................................. Trang 105 Lab 13- Khi phc mt khu cho Router .................................................................... Trang 114 Lab 14- Khi phc mt khu cho Switch.................................................................... Trang 120 Lab 15- Lab tng hp phn 1 ...................................................................................... Trang 123 Lab 16- OSPF (Open Shortest Path First)................................................................... Trang 129 Lab 17- EIGRP (Enhanced Interior Gateway Routing Protocol) ............................... Trang 145 Lab 18- VTP, VLAN .................................................................................................. Trang 157 Lab 19- PVST+, PVRST ............................................................................................ Trang 163 Lab 20- nh tuyn VLAN s dng Switch Layer3 ................................................... Trang 195 Lab 21- Standard ACL ................................................................................................ Trang 203 Lab 22- Extend ACL ................................................................................................... Trang 210

Lab 23- NAT, PAT ..................................................................................................... Trang 217 Lab 24- DHCP, NAT,PAT ......................................................................................... Trang 232 Lab 25- Tng hp nh tuyn, NAT, PAT, ACL........................................................ Trang 255 Lab 26- IPv6 Lab 25- VPN ....................................................................................................... Trang 256 ....................................................................................................... Trang 264

Lab 26- PPP PAP, CHAP ........................................................................................... Trang 303 Lab 27- Frame Relay c bn ....................................................................................... Trang 316 Lab 28- Frame Relay nng cao ................................................................................... Trang 328

Cu Hnh Switch C Bn
I. Mc Tiu : - Gip hc vin bt u lm quen vi cc lnh c bn trn Cisco IOS - n tp li cc lnh lin quan n : t IP cho Switch, cc loi mt khu, Port-Security Lab cu hnh Switch c bn:

II.

Yu cu : -S dng Packet Tracer kt ni m hnh nh trn -Xa ton b cu hnh hin ti ca Swicth -Cc lnh xem thng tin -Cu hnh hostname, a ch IP -Cc loi mt khu -Tc v duplex -Tnh nng PortSecurity 1. Kt ni cp v xa cu hnh cho Switch: - S dng ng cp thng kt ni t PC n Switch - S dng PC kt ni vo cng console ca Switch hoc vo tab CLI ca thit b tin hnh cu hnh - Xa cu hnh Switch

Switch> enable Switch# erase startup-config Switch# reload 2. Cc lnh kim tra thng tin : Xem cu hnh hin ti ca Switch cng vi tng s lng interface Fastethernet, GigabitEthernet, s line vty cho telnet..

Switch#show running-config Trn tt c SW Cisco u c interface mc nh l VLAN1 dng qun l SW t xa thng qua vic t ip cho interface ny, xem t im interface vlan 1

Switch#show interface vlan1 Ghi li thng tin a ch Ip, MAC, trng thi up, down Switch#show interface fa0/1 tnh trng interface fastethernet 0/1 Xem thng tin v phin bn h iu hnh, dung lng b nh RAM, NVRAM, Flash

Switch#show version Ni dung b nh Flash

Switch#show flash: Hoc Switch#dir flash: Switch#dir flash: 6 drwx 4480 Mar 1 1993 00:04:42 +00:00 html 618 -rwx 4671175 Mar 1 1993 00:06:06 +00:00 c2960-lanbase-mz.122-25.SEE3.bin 32514048 bytes total (24804864 bytes free) Xem cu hnh ang lu trn Switch

Switch#show startup-configure startup-config is not present L do hin thng bo trn l do hin ti chng ta cha lu cu hnh, by gi th t hostname cho thit b sau lu cu hnh

Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S1 S1(config)#exit S1#copy running-config startup-config Destination filename [startup-config]? (enter) Building configuration... [OK] S1#show startup-config Using 1170 out of 65536 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S1 ! <output omitted> 3. Cc loi mt khu : Cu hnh mt khu cisco cho cng Console

S1(config)#line console 0 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#exit Telnet l mt dch v gip ngi qun tr c th qun l cc thit b t xa thng qua cc line vty, trong trng hp ny mt khu line vty cho dch v Telnet l Cisco

S1(config)#line vty 0 4 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#exit t mt khu nhy t mode User ( > ) sang Privileged ( #) l class

S1(config)#enable secret class

Mode Privileged c th thay i tt c cu hnh ca thit b Cisco nn rt quan trong nn vic t mt khu cho mode ny l cn thit 4. t IP cho Switch : Switch l mt thit b lp 2 nn cc cng ca Switch ta khng th t IP c c th qun l thit b t xa, i vi Cisco Switch ta c th lm c iu ny bng cch t ip thng qua 1 interface t bit VLAN1 ( logical interface ) S1(config)#interface vlan 1 S1(config-if)#ip address 172.17.99.11 255.255.0.0 S1(config-if)#no shutdown S1(config-if)#exit S1(config)# t mng khc vn c th qun l c switch cn khai bo thm Gateway cho Switch :

S1(config)#ip default-gateway 172.17.99.1 Vi 172.27.99.1 l a ch ca gateway Kim tra li cu hnh interface Vlan 1

S1#show interface vlan 1 Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 001b.5302.4ec1 (bia 001b.5302.4ec1) Internet address is 172.17.99.11/16 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:06, output 00:03:23, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 4 packets input, 1368 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

1 packets output, 64 bytes, 0 underruns 0 output errors, 0 interface resets Cu hnh a ch IP cho PC1 vi thng tin trn bi lab, trn PC vo Desktop -> IP Configuration IP: 172.17.99.21 SM: 255.255.0.0 Gw: 172.17.99.1 hin ti cha c trong bi lab ny - Kim tra kt ni t PC n Switch : PC vo Desktop -> Command prompt -> ping 172.17.99.11 Thay i cu hnh duplex v tc trn cc cng ca Switch -

S1#configure terminal S1(config)#interface fastethernet 0/18 S1(config-if)#speed 100 S1(config-if)#duplex auto S1(config-if)#end Kim tra li interface

S1#show interface fastethernet 0/18 FastEthernet0/18 is up, line protocol is up (connected) Hardware is FastEthernet, address is 001b.5302.4e92 (bia 001b.5302.4e92) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Lu cu hnh configuration...

S1#copy running-config startup-config Destination filename [startup-config]?[Enter] Building [OK] S1# 5. Qun l bng MAC table :

Kim tra a ch MAC ca c PC bng lnh ipconfig /all, ghi li a ch MAC v kim tra li bng a ch MAC trn Switch v so snh ni dung vi a ch MAC ca PC

S1#show mac-address-table 6. Cu hnh tnh nng Port Security : Tnh nng Port Security c th gip ta qun l vic truy cp vo tng cng ca Switch gm: PC c MAC no c lt ni n cng, tng s MAC c kt ni Cc bc cu hnh nh sau

S1# configure terminal S1(config)#interface fastethernet 0/18 S1(config-if)#switchport mode access port hot ng mode access S1(config-if)#switchport port-security bt tnh nng port security S1(config-if)#switchport port-security maximum 2 ti a 2 MAC c kt ni n cng ny S1(config-if)#switchport port-security mac-address sticky cc a ch MAC trn c hc t ng t 2 PC u tin ni n cng S1(config-if)#switchport port-security violation shutdown Khi vt qu s lng cho php cng s t ng shutdown -Xem li cu hnh bng 2 lnh Switch#show running-configure Switch#show port-security interface fa0/18 Th kim tra li hot ng ca Port Security bng cch ln lt ni PC1, 2 vo cng fa0/18 sau s dng lnh show port-security address s thy ch c PC1, 2 mi c kt ni n cng fa0/18, by gi ta cm thm 1 PC th 3 vo cng fa0/18 na s thy cng t ng b shutdown do vt qu gii hn cho php ca lnh switchport port-security maximum 2

III.

- Tin hnh lu cu hnh v kt thc bi Lab. Cc lnh lin quan n bi lab:

- Cc cu lnh tr gip - Cc cu lnh kim tra - Cu hnh tn switch - Cu hnh password - Cu hnh a ch IP v default gateway

- Lab cu hnh switch c bn 1. Cc lnh tr gip: Switch> ? Switch> enable Switch# Switch# disable Switch> exit Cu hnh Hostname 2. Cc cu lnh kim tra : Switch# show running-config Switch# show startup-config Switch# show interfaces Hin th file cu hnh ang chy trn RAM Hin th file cu hnh ang chy trn NVRAM Hin th thng tin cu hnh v cc interface c trn switch v trng thi ca cc interface . Hin th cc thng s cu hnh ca Interface VLAN 1, Vlan 1 l vlan mc nh trn tt c cc switch ca cisco. Hin th thng tin v phn cng v phn mm ca switch Hin th thng tin v b nh flash Hin th bng a ch MAC hin ti ca switch Phm ? c dng lm phm tr gip ging nh router L ch User L ch Privileged Thot khi ch privileged Thot khi ch User

Switch# show interface vlan 1

Switch# show version Switch# show flash: Switch# show mac-address-table

3. Cu hnh Hostname : Switch# configure terminal Switch(config)# hostname 2960Switch Chuyn cu hnh vo ch Global Configuration t tn cho switch l 2960Switch. Cu lnh t tn ny thc thi ging trn router.

4. Cc loi password 2960Switch(config)#enable password cisco 2960Switch(config)#enable secret class 2960Switch(config)#line console 0 2960Switch(config-line)#login 2960Switch(config-line)#password cisco 2960Switch(config-line)#exit 2960Switch(config-line)#line vty 0 4 2960Switch(config-line)#login 2960Switch(config-line)#password cisco 2960Switch(config-line)#exit 5. Cu hnh a ch IP v default gateway 2960Switch(config)# Interface vlan 1 2960Switch(config-if)# ip address 172.16.10.2 255.255.0.0 2960Switch(config)#ip default-gateway 172.16.10.1 Vo ch cu hnh ca interface vlan 1 Gn a ch ip v subnet mask cho php truy cp switch t xa. Cu hnh a ch default gateway cho Switch Cu hnh Password enable cho switch l Cisco Cu hnh Password enable c m ha l class Vo ch cu hnh line console Cho php switch kim tra password khi ngi dng login vo switch thng qua console Cu hnh password cho console l Cisco Thot khi ch cu hnh line console Vo ch cu hnh line vty Cho php switch kim tra password khi ngi dng login vo switch thng qua telnet Cu hnh password cho php telnet l Cisco Thot khi ch cu hnh ca line vty

6. Cu hnh m t cho interface : 2960Switch(config)# interface fastethernet fa0/1 2960Switch(config-if)# description FinaceVLAN Vo ch cu hnh ca interface fa0/1 Thm mt on m t cho interface ny.

10

* Ch : i vi dng switch 2960 c 12 hoc 24 Fast Ethernet port th tn ca cc port s bt u t: fa0/1, fa0/2. Fa0/24. Khng c port Fa0/0. 7. Qun l bng a ch MAC : Switch# show mac address-table Hin th ni dung bng a ch mac hin thi ca switch

11

Cu Hnh Router C Bn
I. Gii thiu : Bo mt l mt yu t rt quan trng trong network,v th n rt c quan tm v s dng mt khu l mt trong nhng cch bo mt rt hiu qu.S dng mt khu trong router c th gip ta trnh c nhng s tn cng router qua nhng phin Telnet hay nhng s truy cp trc tip vo router thay i cu hnh m ta khng mong mun t ngi la. Mc ch : Ci t c mt khu cho router, khi ng nhp vo, router phi kim tra cc loi mt khu cn thit. M t bi lab v hnh :

II.

III.

Trong hnh trn, PC c ni vi router bng cp console IV. Cc cp bo mt ca mt khu : Cp bo mt ca mt khu da vo cp ch m ho ca mt khu .cc cp m ha ca mt khu: Cp 5 : m ha theo thut ton MD5, y l loi m ha 1 chiu,khng th gii m c(cp ny c dng m ho mc nh cho mt khu enable secret gn cho router) Cp 7 : m ha theo thut ton MD7, y l loi m ha 2 chiu,c th gii m c(cp ny c dng m ha cho cc loi password khc khi cn nh: enable password,line vty,line console) Cp 0 : y l cp khng m ha. V. Qui tc t mt khu : Mt khu truy nhp phn bit ch hoa,ch thng,khng qu 25 k t bao gm cc k s,khong trng nhng khng c s dng khong trng cho k t u tin. Router(config)#enable password TTG-TTG-TTG-TTG-TTG-TTG-TTG

12

% Overly long Password truncated after 25 characters mt khu c t vi 26 k t khng c chp nhn VI. Cc loi mt khu cho Router : Enable secret : nu t loai mt khu ny cho Router,bn s cn phi khai bo khi ng nhp vo ch user mode ,y l loi mt khu c hiu lc cao nht trong Router,c m ha mc nh o cp d 5. Enable password : y l loi mt khu c chc nng tng t nh enable secret nhng c hiu lc yu hn,loi password ny khng c m ha mc nh,nu yu cu m ha th s c m ha cp 7. Line Vty : y l dng mt khu dng gn cho ng line Vty,mt khu ny s c kim tra khi bn ng nhp vo Router qua ng Telnet. Line console : y l loi mt khu c kim tra cho php bn s dng cng Console cu hnh cho Router. Line aux : y l loi mt khu c kim tra khi bn s dng cng aux. Cc bc t mt khu cho Router : Bc 1 : khi ng Router , nhn enter vo ch user mode. T ch user mode dng lnh enable vo ch Privileged mode Router con0 is now available Press RETURN to get started. Router>enable Router# Bc 2 : T du nhc ch Privileged mode vo mode cofigure cu hnh cho Router bng lnh configure terminal Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Bc 3 : Cu hnh cho tng loi Password Cu hnh cho mt khu enable secret (Ch :mt khu c phn bit ch hoa v ch thng) Router(config)#enable secret TTG Router(config)#exit

VII.

Mt khu l TTG

13

Cu hnh mt khu bng lnh enable password Router(config)#enable password cisco Router(config)#exit

Mt khu l cisco

Lu : khi ta ci t cng lc 2 loi mt khu enable secret v enable password th Router s kim tra mt khu c hiu lc mnh hn l enable secret. Khi mt khu secret khng cn th lc mt khu enable password s c kim tra, hy th kim tra li bng cch thot ra li mode User ri vo li mode Privileged bng lnh enable Router s hi mt mu khai bo bng lnh enable secret Cu hnh mt khu bng lnh Line Mt khu cho ng Telnet (Line vty) Router(config)#line vty 0 4 Router(config-line)#password class password l class Router(config-line)#login m ch ci t password Router(config-line)#exit Mt khu cho cng console : Router(config)#line console 0

m ng Line Console
cng Console th 0

Router(config-line)#password cert Router(config-line)#login Router(config-line)#exit

password l cert m ch ci t password

Mt khu cho cng aux: Router(config)#line aux 0 S 0 ch s th t cng aux c dng Router(config-line)#password router Router(config-line)#login Router(config-line)#exit

password l router

14

Sau khi t xong mt khu,ta thot ra ngoi ch Privileged mode, dng lnh Show runningconfig xem li nhng password cu hnh : Router#show running-config Building configuration... Current configuration : 550 bytes version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Router enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o password secret c m ha mc nh cp 5 enable password cisco ! line con 0 password cert login line aux 0 password router login line vty 0 4 password class password cho ng vty l class

password ci t ch khng m ha

password cho cng Console l cert

password cho cng aux l router

15

login ! End Dng lnh Show running-config ta s thy c cc password cu hnh, nu mun m ha tt c cc password ta dng lnh Service password-encryption trong mode config. Router(config)#service password-encryption Router(config)#exit

Dng lnh show running-config kim tra li: Router#show run Building configuration... enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o/ enable password 7 094F471A1A0A line con 0 password 7 15110E1E10 login line aux 0 password 7 071D2E595A0C0B password c m ha cp 7 login line vty 0 4 password 7 060503205F5D login ! End

password c m ha cp 7

password c m ha cp 7

password c m ha cp 7

16

Ch : Ta khng th dng lnh no service password-encryption b ch m ha cho mt khu,ta ch c th b ch m ha khi gn li mt khu khc Sau khi t mt khu xong, khi ng nhp vo Router li, mt khu s c kim tra: Router con0 is now available Press RETURN to get started. User Access Verification Password:cert Router>ena Password:TTG nhn enter mt khu line console s c kim tra khai bo mt khu console l : cert enable d vo mode Privileged V mt khu secret c hiu lc cao hn nn c kim tra

Router# Cc loi mt khu khc nh Line Vty ,Line aux s c kim tra khi s dng n chc nng VIII. G b mt khu cho router : Nu mun g b mt khu truy cp cho loi mt khu no ta dng lnh no trc cu lnh gn cho loi mt khu . V d : Mun g b mt khu secret cho router Router(config)#no enable secret Router(config)#exit Bng cch tng t,ta c th g b mt khu cho cc loi mt khu khc.

17

Telnet, SSH
Gii thiu : Telnet l mt giao thc u cui o( Vitural terminal),l mt phn ca chng giao thc TCP/IP.Giao thc ny cho php to kt ni vi mt thit b t xa v thng qua kt ni ny, ngi s dng c th cu hnh thit b m mnh kt ni vo. II. Mc ch : Bi thc hnh ny gip bn hiu v thc hin c nhng cu hnh cn thit c th thc hin cc phin Telnet t host vo Router hay t Router vo Router. III. M t bi lab v hnh : I.

hnh bi lab nh hnh trn, Host1 ni vi router TTG1 bng cp cho. IV. Cc bc thc hin : - Cc bn cn ch thm STT c gio vin phn vo a ch IP trnh vic trng a ch gia cc nhm, trong bi Lab s dng X = 0. Cu hnh cho cc router TTG1, Host 1 nh sau: Host 1 : IP:10.0.0.2 Subnetmask:255.0.0.0 Gateway:10.0.0.1 Router TTG1: Router> enable Router# configure terminal Router(config)# hostname TTG1

18

TTG1(config)# interface fa0/1 TTG1(config-if)# ip address 10.0.0.1 255.0.0.0 Phi chn chn rng cc kt ni vt l thnh cng (kim tra bng lnh Ping t PC n TTG1) Kim tra kt ni Telnet : T Host ta th telnet vo Router TTG1 : C:\Documentsand settings\Administrator>Telnet 10.0.0.1 Password required, but none set i hi mt khu nhng khng c ci dt Connection to host lost Kt ni tht bi Thc hin Telnet khng thnh cng v chc nng Telnet i hi bn phi m ng line Vty v ci t mt khu cho n. t mt khu Vty cho Router TTG1 : TTG1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. TTG1(config)#line vty 0 4 TTG1(config-line)#pass TTG1 TTG1(config-line)#login TTG1(config-line)#exit

Lc ny thc hin Telnet : T Host bn thc hin Telnet vo Router TTG1 C:\Documentsand settings\Administrator>Telnet 10.0.0.1 User Access Verification Password: TTG1>ena % No password set TTG1> Lu : i vi thit b ca Cisco, bn ch cn nh a ch ca ni cn Telnet n, thit b s t hiu v thc hin kt ni Telnet. Khi Telnet vo, bn ang Mode User v giao thc ny i hi bn phi c ci t mt khu vo Privileged Mode.Thc hin vic ci t mt khu: Router TTG1: TTG1(config)#enable password cisco TTG1(config)#exit Bn thc hin li vic kt ni Telnet, t Host vo Router TTG1: C:\Documentsand settings\Administrator>Telnet 10.0.0.1 User Access Verification Password: TTG1

19

TTG1>ena Password: cisco TTG1# T y bn c th thc hin vic thay i cu hnh cho cc thit b m khng cn phi thng qua cng Console. Kim tra vic Telnet bng lnh Show line TTG1#show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int * 0 CTY 5 0 0/0 1 AUX 9600/9600 0 0 0/0 * 2 VTY 1 0 0/0 * 3 VTY 7 0 0/0 * 4 VTY 4 0 0/0 5 VTY 1 0 0/0 6 VTY 0 0 0/0 Du * biu th nhng line bn ang s dng Telnet,theo nh bng trn,bng ang s dng 3 dng line Telnet qua li gia 2 Router TTG1 qua cc port 2,3,4. Ct Uses ch s ln bn s dng ng line . Thot khi cc phin Telnet : chng ta s dng lnh Exit hay lnh Disconnect Ngt mt kt ni Telnet : chng ta s dng lnh clear line Mc d Telnet gip mnh c th qun l thit b t xa nhng c kh nng l mt khu qun tr thit b do Telnet khng m ha d liu khi truyn ra bn ngoi, cc bn c th tham kho thm video TelnetvsSsh ti a ch http://www.mediafire.com/download.php?y2z4ghm0wmw thy r hn Vy an ton hn ta nn s dng dch v SSH thay cho Telnet khi mun cu hnh thit b t xa, cch cu hnh nh sau : Cu hnh SSH : To username/password chng thc trong phin SSH, trong trng hp ny l TTG/123 TTG1(config)# username TTG password 123 Khai bo domain name tham gia vo qu trnh to kha m ha d liu trong phin SSH TTG1(config)# ip domain-name truongtan.edu.vn To kha m ha d liu TTG1(config)#crypto key generate rsa Chuyn sang s dng SSH version 2

20

TTG1(config)#ip ssh version 2 Chuyn qua s dng SSH thay cho Telnet TTG1(config)#line vty 0 4 TTG1(config-line)#login local chuyn qua chng thc bng username/password TTG1(config-line)#transport input ssh T PC tin hnh SSH ln router s dng phn mm putty

- Lu cu hnh ca router v kt thc bi lab TTG1#copy run start

21

Hng Dn S Dng GNS3


GNS3 l 1 chng trnh gi lp mng c giao din ha cho php bn c th gi lp cc Cisco router s dng IOS tht ,ngoi ra cn c ATM/Frame Relay/Ethernet Switch ,Pix Firewall thm ch kt ni vo h thng mng tht GNS3 c pht trin da trn Dynamips v Dynagen m phng cc dng router 1700,2600,3600,3700,7200 c th s trin khai cc bi lab ca CCNA,CCNP,CCIE nhng hin ti vn cha m phng c Catalyst Switch (mc d c th gi lp NM-16ESW) 1.Ci t GNS3 : - Video tham kho : http://www.mediafire.com/download.php?lqnj2nbuuhz - GNS3 c th chy trn Windows,Linux v Mac OSX. ci t phn mm trn Window d dng chng ta c th s dng b ci t all-in-one cung cp mi th bn cn chy c GNS3 Cc bn c th download GNS3-0.5-win32-all-in-one.exe ti y http://www.gns3.net/download

22

23

- Giao din GNS3 sau khi ci t xong

2.Cu hnh ln u tin cho GNS3 : - Vo Edit > Add IOS images and hypervisors ch ng dn n cc file IOS trong mc Setting

24

- Vo Edit > Preferences > Dynamips > Trong mc Excutable Path chn ng dn n tp tin dynamip-wxp.exe trong th mc ci t GNS3 , sau bm vo nt Test kim tra li hot ng ca Dynamip

- Ko th cc router c IOS vo trin khai 1 m hnh n gin

25

- Nhn vo biu tng Play bt u gi lp :

3.Bt u cu hnh : Nhn phi chut ln thit b chon Console bt u cu hnh

26

4.Giaotip vi mng tht : GNS3thngquavic s dng Dynamips c th to cu ni gia interface trn router o vi interface trn my tht ,cho php mng o giao tip c vi mng tht, Trn h thng Windows, th vin Wincap c s dng to kt ni ny . - kt ni cc router o trong GNS3 vi h thng mng tht ta dng thit b Cloud ,gi s ta cn kt ni t router o n card mng tn l Internal Lan c a ch l 192.168.1.2

27

- Click vo Cloud,ti Generic Ethernet NIO chn card mng router cn kt ni n,nu khng r card no c th dng Network device list.cmd pht hin,

- Sau khi chn ng card mng th phi nhn vo Add bt u s dng

28

- Kt ni Fastethernet router o n Cloud ,trong trng hp no l Fa0/0 .Cu hnh a ch ip cho interface fa0/0 sao cho cung lp mng vi card mn Internal Lan Router>enable Router#config terminal Router(config)#interface fa0/0 Router(config-if)#ip address 192.168.1.10 255.255.255.0 Router(config-if)#no shutdown - Sau t router th ping n PC v gateway ca h thng mng tht

29

I. YU CU 1. S dng Packet Tracer cu hnh bi Lab bn 2. t mt khu Console l Cisco, dch v Telnet,Enable Secret cho Center Router,SW1,SW2 l class 3. S dng lnh service password-encryption m ha cc loi mt khu khng c m ha 4. Cu hnh a ch IP nh m hnh bn 5. T cc PC th telnet n SW1,SW2,Router 6. Chuyn sang s dng SSH thay cho Telnet trn CenterRouter vi username: TTG , password:cisco 7. T cc PC th ssh n cc router 8. Video tham kho cu hnh : http://www.mediafire.com/download.php?zx2xmdeitmw

II.

CC BC THC HIN:

30

1. S dng Packet Tracer cu hnh bi Lab bn : Kt ni theo ng m hnh trn s dng Switch 2960 v router 2811 2. t mt khu Console l cisco, dch v Telnet,Enable Secret cho Center Router,SW1,SW2 l class - Center Router : Router>enable Router#configure terminal Router(config)#hostname CenterRouter - t mt khu cho cng console CenterRouter(config)#line console 0 CenterRouter(config-line)#login CenterRouter(config-line)#password cisco CenterRouter(config-line)#exit - t mt khu cho dch v Telnet CenterRouter(config)#line vty 0 4 CenterRouter(config-line)#login CenterRouter(config-line)#password class CenterRouter(config-line)#exit - t mt khu khi chuyn t mode User sang Privilege CenterRouter(config)#enable secrect class *Ch : t mt khu chuyn t mode User sang Privilege ta c th s dng 2 lnh l enable password v enable secret nhng mt khu ca enable secret th c m ha trong cu hnh cn enable password th khng, ta c th kim tra li iu ny bng cch cu hnh c nh c 2 lnh ny v kim tra li bng lnh show running- configure - SW1: Switch>enable Switch#configure terminal Switch(config)#hostname SW1 - t mt khu cho cng console SW1(config)#line console 0 SW1(config-line)#login SW1(config-line)#password cisco SW1(config-line)#exit

31

- t mt khu cho dch v Telnet SW1(config)#line vty 0 4 SW1(config-line)#login SW1(config-line)#password class SW1(config-line)#exit - t mt khu khi chuyn t mode User sang Privilege SW1(config)#enable secrect class - SW2: Switch>enable Switch#configure terminal Switch(config)#hostname SW2 - t mt khu cho cng console SW2(config)#line console 0 SW2(config-line)#login SW2(config-line)#password cisco SW2(config-line)#exit - t mt khu cho dch v Telnet SW2(config)#line vty 0 4 SW2(config-line)#login SW2(config-line)#password class SW2(config-line)#exit - t mt khu khi chuyn t mode User sang Privilege SW2(config)#enable secrect class 3. S dng lnh service password-encryption m ha cc loi mt khu khng c m ha : - S dng lnh show running-configure xem li thng tin cc mt khu hin ti - m ha cc mt khu khng c m ha mc nh, ta c th s dng lnh service password-encryption chuyn sang Type-7 password. Ln lt trn Center Router, SW1, SW2 di chuyn sang mode config v nhp lnh service password-encryption CenterRouter(configure)# service password-encryption SW1(configure)# service password-encryption SW2(configure)# service password-encryption

32

- S dng li lnh show running-configure v so snh tnh trng cc mt khu so vi trc lc nh lnh CenterRouter#show running-config Building configuration... Current configuration : 766 bytes ! version 12.4 service password-encryption ! hostname CenterRouter ! ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! interface FastEthernet0/0 duplex auto speed auto ! interface FastEthernet0/1 duplex auto speed auto ! interface Vlan1 no ip address shutdown ! ip classless ! line con 0 password 7 0822404F1A0A

33

login <output omit > *Ch : Mt khu m ha bi service password-encryption vn c th b gii m vi cng c Cain

4. Cu hnh a ch IP nh m hnh bn : - CenterRouter: CenterRouter(config)#interface fa0/1 CenterRouter (config-if)#ip address 192.168.1.1 255.255.255.0 CenterRouter (config-if)#no shutdown CenterRouter (config)#interface fa0/0 CenterRouter (config-if)#ip address 192.168.2.1 255.255.255.0 CenterRouter (config-if)#no shutdown - SW1: SW1(config)#interface vlan 1 SW1(config-if)#ip address 192.168.1.5 255.255.255.0

34

SW1(config-if)#exit SW1(config)#ip default-gateway 192.168.1.1 - SW2: SW2(config)#interface vlan 1 SW2(config-if)#ip address 192.168.2.5 255.255.255.0 SW1(config-if)#exit SW2(config)#ip default-gateway 192.168.2.1 - Cc PC trn SW2 s nhn IP ng t DHCP Server li a ch 192.168.2.10 + Cu hnh a ch cho DHCP Server : Desktop IP Configuration

+ Tip tc vo Config DHCP cu hnh dy IP cp pht cho mng 192.168.2.0/24 vi IP bt u cp pht l 192.168.2.100

35

5.T cc PC th telnet n SW1,SW2,Router : -T PC1 tin hnh Telnet n CenterRouter bng cch vo Desktop Command Prompt + PC1>telnet 192.168.1.1

- PC1 th telnet n SW2 + PC1>telnet 192.168.2.5

36

- Tng t t PC3 th Telnet n CenterRouter v SW2 6. Chuyn sang s dng SSH thay cho Telnet trn CenterRouter vi username: TTG , password:cisco: *Ch : Cn phi i tn ca Router v trong phin SSH s dng hostname ca Router v ip domain-name to ra kha m ha cho phin SSH - To username v passworld cho CenterRouter dung chng thc trong phin SSH CenterRouter(config)#username TTG password cisco - Cu hnh ip domain-name vi tn domain cng ty ca mnh CenterRouter (config)#ip domain-name truongtan.edu.vn - To ra kha (key) bng cch kt hp hostname v tn domain to ra key m ha CenterRouter (config)#crypto key generate rsa The name for the keys will be: Centerrouter.truongtan.edu.vn Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 768

37

- Key mc nh c to ra bi lnh ny m ha d liu c chiu di l 512 bit, nu cc bn s dng SSH version2 th chiu di key ti thiu l 768 bit, trong trng hp ny ta s dng SSHv2 cho an ton nn cc bn nhp vo l 768 v Enter CenterRouter (config)#ip ssh version 2 CenterRouter (config)#line vty 0 4 - ng nhp bng username v password to ra trn CenterRouter (config-line)#login local - Chuyn qua ch chng thc ch s dng SSH thay cho telnet CenterRouter (config-line)#transport input ssh 7.T cc PC th ssh n cc CenterRouter : - th SSH t PC n CenterRouter trn cc PC cc bn s dng lnh sau : Ssh L <tn user> <ip router> PC1>ssh L TTG 192.168.1.1 8. Video demo s khc nhau gia SSH v Telnet - Telnet VS SSH : http://www.mediafire.com/download.php?zx2xmdeitmw

38

WIRELESS LAB

I.

Yu cu :

-Kt ni AP v bi BasicLab hon chnh theo 2 cch : +S dng cng Ethernet +S dng cng Internet - Video tham kho : http://www.mediafire.com/download.php?n2zzz0vrwn5 II. Cc bc tin hnh :

1.Kt ni theo cc s dng cng Ethernet : -Chy file basiclab_completed.pkt bt cu hnh bi lab Wireless -Kt ni thm AP Linksys v 1 PC wireless vo h thng

39

-S dng cp cho kt ni t 1 trong 4 cng Ethernet trn AP n SW2. Nh vy do m hnh l t SW n SW nn cc Wireless PC v mng LAN s cng 1 a ch mng 192.168.2.0/24

40

- iu chnh mt s tham s c bn trn AP : + Network Mode : do AP chun G s h tr ngc chun B nn y chng ta c cc la chn o Mix Mode : l ch mc nh h tr c client chun B v G o B-Only : ch h tr client chun B o G-Only : ch h tr client chun G

+ SSID : tn ca mng wireless + Knh hot ng nm trong khong 1 n 11 v phi m bo khng trng vi cc AP xung quanh, kim tra knh hot ng ca cc AP cc bn c th s dng 1 s phn mm nh : NetStumbler , InSSIDer.

41

-V hiu ha dch v DHCP trn AP v c DHCP trong LAN cp pht

42

-Kim tra li IP cp pht cho Wireless PC

-Th kt ni t PC Wireless n mng LAN bn trong

43

2.Kt ni theo cc s dng cng Internet :

-B kt ni t AP n SW trong lab 1, s dng cp thng kt ni t cng Internet ca AP n SW2, cng Internet s nhn Ip th DHCP trong LAN

44

-Bt li DHCP trn AP v m bo lp mng cp pht khng c trng vi mng LAN trong trng hp ny AP s cp pht IP trong mng 192.168.0.0/24 khc vi mng LAN l 192.168.2.0/24

-Kim tra li IP cp pht trn Wireless PC

45

-Ping t Wirless PC vo mng LAN

46

Security Device Manager ( SDM )


I. Gii thiu : SDM( Cisco Rotuer and Device Manager) l 1 cng c qun l thit b Router thng qua cng ngh Java, giao din ca SDM rt d s dng, gip chng ta c th cu hnh LAN, WAN v cc tnh nng bo mt khc ca router. SDM c thit k cho ngi qun tr mng hay reseller SMB m khng yu cu ngi s dng c kinh nghim nhiu trong vic cu hnh router. II. M t bi lab: Trong bi lab ny, chng ta cn phi c 2 PC v 2 Router, Trn PC phi c phn mm ci t SDM cho Router v h iu hnh ca Router phi h tr vic ci t v cu hnh bng SDM. kim tra h iu hnh ta nh lnh show version hay show flash kim tra tn ca h iu hnh v phn cng, sau tham kho link sau: http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803 e4727.html Nu h iu hnh khng h tr ta phi ci t h iu hnh khc cho router. Trong bi lab c s dng cc interface loopback ,l cc interface logic , gi lp cc mng kt vo 2 router

47

III. Cu hnh : Ta cu hnh cc bc nh sau trn 2 router DN v HCM: Bc 1 : Cu hnh cho php truy cp http v https Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. -Bt 1 trong 2 dch v HTTP hoc HTTPS HTTP : Router(config)# ip http server

48

Hoc HTTPS : Router(config)# ip http secure-server -Sau cu hnh chng thc cho dch v HTTP hoc HTTPS bng lnh Router(config)# ip http authentication local Bc 2 : To username v password vi quyn hn privilege 15 login v router Router(config)# username TTG privilege 15 password cisco. Bc 3 : Cu hnh cho php telnet v ssh thng qua cc line Router(config)# line vty 0 4 Router(config-line)# login local Router(config-line)# transport input telnet ssh Router(config-line)# exit Bc 4 : Ln lt cu hnh ip address cho interface Fa0/1 ( Interface kt ni n PC ) ca router DN v HCM N: Router#conf terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname DN DN(config)#interface fa0/1 DN(config-if)#ip address 172.16.1.1 255.255.255.0 DN (config-if)#no shutdown HCM : Router(config)#hostname HCM HCM(config)#interface fa0/1

49

HCM(config-if)#ip address 172.16.3.1 255.255.255.0 HCM(config-if)#no shutdown - Sau khi hon thnh xong vic cu hnh Router, ta tin hnh thay i a ch IP v kim tra kt ni t PC n router

50

Bc 5 : By gi ta s dng phn mm ci t SDM ti PC.

- Click v next. Chn Cisco Router ci t vo Router.

- Nhp a ch ca Router v username, password va c cu hnh ti bc 2 v nhn vo Next.Chn Install SDM v SDM express cho Router cn ci t.

51

- Sau nu phn mm ci t bo Finish l qu trnh ci t xong.

- Tm thi tt chc nng chn Pop-up Blocker trn trnh duyt bng cch vo Tool Pop-up Blocker Turn-Off Pop-Up Blocker

52

- By gi trn PC ta truy cp vo Web https://172.16.1.1 login vo giao din Web ca Router. Ta nhp username v password ca bc 2 chng thc,sau khi chng thc thnh cng ta c giao din ca SDM nh sau :

- Tip theo ta vo Edit > Preferences > chn Preview commands before delivering to router nh vy ta c th xem trc cc lnh SDM sp chuyn xung router cu hnh

Bc 6: Tao cc interface loopback trn router DN Interface Loopback trn Router l cc interface logic .Trong bi lab s dng cc interface ny gi lp cc mng kt ni vo router HCM v N

53

Configure > Interfaces and Connections >EditInterface/Connection

- Sau nhp thng tin v Ip > OK

- Lp li bc 6 i vi interface loopback cn li trn router DN v HCM

Bc 7 : Thit lp kt ni gia interface Fa0/0 t DN n HCM

54

Interfaces and Connections > Create Connection > Ethernet LAN > Create New Connection

Next

Nhp thng tin v Ip cho interface Fa0/0

55

56

Bc 8 : Cu hnh RIPv2 nh tuyn gia 2 router -Mc ch cu hnh giao thc nh tuyn RIP l 2 router qung b nhng mng mnh bit cho cc router hng xm ,v ngc li (ch cc mng c qung b trong RIP phi l cc mng Classfull theo lp A,B,C) .Trong bi lab c th

57

+Router N cn qung b 3 mng: 192.168.3.0,192.168.4.0 v 172.(15+X).0.0 +Router HCM cn qung b 3 mng: 192.168.1.0,192.168.2.0 v 172.(15+X).0.0 Vo Routing > RIP > Edit ,sau add cc network cn qung b trn mi router vo :

(Chn interface fa0/1 l Passive v trnh qung b thng tin nh tuyn nhm sang nhm khc) Sau lp li bc 8 trn router HCM IV. Bi tp lm thm : - Cc bn c th thc hnh thm bi lab ny nh bng phn mm GNS3 - Video hng dn cc setup SDM trn GNS3 : http://www.mediafire.com/?dmqwlmfjywi

58

DHCP LAB
I. Gii thiu giao thc DHCP: Dch v DHCP lm gim bt cng vic qun tr mng thng qua vic hn ch bt cng vic gn hoc thay i a ch IP cho cc clients. DHCP cng ly li nhng a ch IP khng cn c s dng nu thi hn thu bao IP ca cc clients ht hn v khng c ng k mi tr li. Nhng a ch ny sau c th cp pht cho cc clients khc. DHCP cng d dng nh s li nu ISP c s thay i. -Qu trnh cp pht IP cho client c thc hin qua cc bc sau: 1.Client phi c cu hnh ch nhn ip ng t DHCP server, u tin Client s gi gi DHCPDISCOVER di dng broadcast trn mng ca mnh yu cu DHCP server cp pht IP 2.DHCP server khi nhn c gi DHCPDISCOVER s tm 1 ip cha c s dng trong range IP cp pht ca mnh cp pht cho Client thng qua gi DHCPOFFER gi unicast 3.Client khi nhn c DHCPOFFER s nh gi tt c cc DHCPOFFER nhn c trong trng hp c nhiu DHCP Server v s yu cu mt trong nhng DHCP cp pht IP ny cho mnh thng qua gi DHCPREQUEST (thng thng Client s gi yu cu ny n DHCP Server nhn c DHCPOFFER u tin) 4.DHCP server ng cp IP cho client thng qua gi unicast DHCPACK -Bn yu t c bn m 1 DHCP thng thng cp pht cho Client IP address Gateway Subnet mask DNS server

59

II. DHCP Lab :

1. Cu hnh DNS server : -DNS l dch v dng phn gii t tn min sang a ch IP v ngc li, DHCP c kh nng cp pht a ch IP ca DNS server t ng cho tt c client trong h thng, trong trng hp ny ta s cu hnh trrn DNS 2 domain sau : + Cisco.com c IP l 1.1.1.1 + Truongtan.edu.vn c Ip l 2.2.2.2 Cu hnh trn PacketTracer nh sau : click vo Server Config DNS v nhp vo thng tin cho 2 domain trn vi loi Record l A Record + Cisco.com c IP l 1.1.1.1

60

+ Truongtan.edu.vn c Ip l 2.2.2.2

61

2.Cu hnh DHCP trn Cisco Router : Router>enable Router#configure terminal Router(config)#hostname DHCPServer DHCPServer(config)#interface fa0/1 DHCPServer(config-if)#ip address 192.168.1.1 255.255.255.0 DHCPServer(config-if)#no shutdown DHCPServer(config-if)#exit -Cu hnh DHCP Pool cp pht Ip cho mng 192.168.1.0/24 DHCPServer(config)#ip dhcp pool mang192 DHCPServer (dhcp-config)#network 192.168.1.0 255.255.255.0 *a ch mng DHCPServer(dhcp-config)#default-router 192.168.1.1 DHCPServer(dhcp-config)#dns-server 192.168.1.5 DHCPServer(dhcp-config)#exit -Thng thng khi cp pht IP ng ta thng dnh ring khong 10 IP u tin khng cp pht trong DHCP dnh cho cc thit b, Server cn IP tnh, trong trng hp ny ta s loi khng cp pht cc IP t 192.168.1.1 n 192.168.1.10 DHCPServer(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10 3.Kim tra li cu hnh DHCP trn PC : -DHCP client s cu hnh ch nhn IP ng nu thy thng tin IP ang c cp pht nh bn di chng t DHCP hot ng tt *Gateway *DNS Server

62

-Kim tra li cc IP c cp pht trn DHCP server bng lnh show ip dhcp binding DHCPServer# show ip dhcp binding IP address Client-ID/ Hardware address 192.168.1.11 0060.5C66.56B6 -Automatic Lease expiration Type

-Nh chng ta thy ngoi vic cp pht t ng IP, DHCP cn c th cp pht a ch DNS server, domain name kim tra nh sau : + DNS bng lnh nslookup +Thng tin DNS, DHCP, Domain name : ipconfig /all ( hin ti PacketTracer cha h tr tt nhng lnh ny )

63

DHCP RELAY
I. Gii thiu : -Giao thc DHCP l 1 giao thc c s dng rt ph bin trong vic cp pht IP ng cho cc my client, cc bn c th xem li cch cu hnh trn router Cisco ti y -Nh chng ta bit nhn c Ip t DHCP Server cc my tnh phi gi broadcast gi tin DHCP Discovery trn mng ca mnh, vy iu g xy ra khi DHCP Server v Client khng nm cng mng v mc nh router chn d liu dng broadcast. Trong trng hp ny ta s c 2 cch gii quyt: +Mi mng s c t mt DHCP server : cch ny khng hiu qu v s c qu nhiu DHCP server khi cng ty trin khai nhiu mng gy kh khn trong vic qun l v trin khai +S dng mt DHCP Server cp pht Ip ng cho tt c cc mng thng qua k thut DHCP Relay: cch ny c nhiu u im hn ch cn trin khai mt DHCP cng 1 lc cp pht ip cho nhiu mng kt hp vi lnh ip helper-address bt dch v DHCP Relay, khi cu hnh lnh ny Router khi nhn c d liu UDP broadcast trn cng ca mnh s unicast n mt Ip nh trc (IP cu DHCP Server trong trng hp ny) Cch hot ng ca DHCP Relay: 1. Client Broadcasts gi tin DHCP Discover trong ni b mng

2. DHCP Relay Agent trn cng mng vi Client s nhn gi tin v chuyn n DHCP server bng tn hiu Unicast.

64

3. DHCP server dng tn hiu Unicast gi tr DHCP Relay Agent mt gi DHCP Offer

4. DHCP Relay Agent Broadcasts gi tin DHCP Offer n cc Client

65

5. Sau khi nhn c gi tin DHCP Offer, client Broadcasts tip gi tin DHCP Request.

6. DHCP Relay Agent nhn gi tin DHCP Request t Client v chuyn n DHCP server cng bng tn hiu Unicast.

7. DHCP server dng tn hiu Unicast gi tr li cho DHCP Relay Agent mt gi DHCP ACK.

66

8. DHCP Relay Agent Broadcasts gi tin DHCP ACK n Client. n y l hon tt quy trnh tip nhn x l v chuyn tip thng tin ca DHCP Relay Agent.

II. M hnh bi lab :

67

1. Cu hnh a ch IP cho TTG v DHCP Router : -Trn 2 router lu cu hnh bng lnh copy run start sau tin hnh tt router v gn them module WIC-2T b sung thm cng Serial cho router, sau s dng cp Serial kt ni theo ng m hnh

68

DHCP Router : DHCPServer(config)#interface s0/0/0 DHCPServer(config-if)#ip address 192.168.2.1 255.255.255.0 DHCPServer(config-if)#no shutdown DHCPServer(config-if)#clock rate 64000 DHCPServer(config-if)#exit DHCPServer(config)# TTG Router : Router> Router>enable Router#configure terminal Router(config)#hostname TTGRouter TTGRouter(config)#interface s0/0/0 TTGRouter(config-if)#ip address 192.168.2.2 255.255.255.0 TTGRouter(config-if)#no shutdown TTGRouter(config-if)#clock rate 64000 TTGRouter(config-if)#exit TTGRouter(config)#interface fa0/1 TTGRouter(config-if)#ip address 192.168.3.1 255.255.255.0 TTGRouter(config-if)#no shutdown TTGRouter(config-if)#exit TTGRouter(config)# 2. nh tuyn cho TTG v DHCP Router :

*Cp xung ng h cho DCE

69

-Mc nh bng nh tuyn ca router ch cha cc mng kt ni trc tip cn bit cc mng khng kt ni trc tip cc router phi c cu hnh cc giao thc nh tuyn qung b cc mng bit cho nhau, trong trng hp ny l RIP DHCPServer : DHCPServer(config)#router rip DHCPServer(config-router)#network 192.168.1.0 DHCPServer(config-router)#network 192.168.2.0 DHCPServer(config-router)#exit DHCPServer(config)# TTGRouter : TTGRouter (config)#router rip TTGRouter (config-router)#network 192.168.2.0 TTGRouter (config-router)#network 192.168.3.0 TTGRouter (config-router)#exit TTGRouter (config)# -Trn 2 Router kim tra bng nh tuyn bng lnh show ip route, cc mng mi hc c s c nh du R u 3. Cu hnh DHCP Relay : DHCPServer : -Cu hnh thm 1 DHCP pool cp pht cho mng 192.168.3.0 bn TTG router DHCPServer(config)#ip dhcp pool mang193 DHCPServer (dhcp-config)#network 192.168.3.0 255.255.255.0 *a ch mng DHCPServer(dhcp-config)#default-router 192.168.3.1 DHCPServer(dhcp-config)#dns-server 192.168.1.5 *Gateway *DNS Server

70

DHCPServer(dhcp-config)#exit -Loi 10 IP u tin khng cp pht DHCPServer(config)#ip dhcp excluded-address 192.168.3.1 192.168.3.10 -Cu hnh DHCP Relay trn interface fa0/1 ca router TTG TTGRouter(config)#interface fa0/1 TTGRouter(config-if)#ip helper-address 192.168.2.1 -Kim tra li vic nhn IP trn PC mng 192.168.3.0 *IP ca DHCPServer

III. Thc hnh thm : -Lp thc hnh thm 2 bi lab ny bng cch cu hnh thng qua SDM trn phn mm GNS3, tham kho thm video ti a ch

71

NHTUYNTNH(Staticroute)
I. Gii thiu : nh tuyn (Routing) l 1 qu trnh m Router thc thi v s chuyn mt gi tin(Packet) t mt a ch ngun (soucre)n mt a ch ch(destination) trong mng.Trong qu trnh ny Router phI da vo nhng thng tin nh tuyn a ra nhng quyt nh nhm chuyn gi tin n nhng a ch ch nh trc.C hai loI nh tuyn c bn l nh tuyn tnh (Static Route) v nh tuyn ng (Dynamic Route) nh tuyn tnh (Static Route) l 1 qu trnh nh tuyn m thc hin bn phI cu hnh bng tay(manually) tng a ch ch c th cho Router. Mt dng mc nh ca nh tuyn tnh l Default Routes, dng ny c s dng cho cc mng ct (Stub Network) nh tuyn ng (Dynamic Route) y m mt dng nh tuyn m khi c cu hnh dng ny, Router s s dng nhng giao thc nh tuyn nh RIP(Routing Information Protocol),OSPF(Open Shortest Path Frist),IGRP(Interior Gateway Routing Protocol) thc thi vic nh tuyn mt cch t ng (Automatically) m bn khng phi cu hnh trc tip bng tay. II. M t bi lab v hnh :

- hnh bi lab nh hnh, PC ni vi router bng cp cho. Hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh hnh v. - Bi lab ny gip bn thc hin cu hnh nh tuyn tnh cho 2 router, lm cho 2 router c kh nng nhn thy c nhau v c cc mng con trong n. 2. Cu hnh nh tuyn tnh (Static Route) Chng ta cu hnh cho cc router v PC nh sau : Router TTG1 :
Router>enable Router#configureterminal

72

Router(config)#hostnameTTG1 TTG1(config)#interfacefa0/0 TTG1(configif)#ipaddress10.0.0.1255.255.255.0 TTG1(configif)#noshutdown TTG1(configif)#exit TTG1(config)#interfaces0/0/0 TTG1(configif)#ipaddress192.168.0.1255.255.255.0 TTG1(configif)#noshutdown TTG1(configif)#exit

Router TTG2 :
Router>enable Router#configureterminal Router(config)#hostnameTTG1 TTG2(config)#interfacefa0/0 TTG2(configif)#ipaddress11.1.0.1255.255.255.0 TTG2(configif)#noshutdown TTG2(configif)#exit TTG2(config)#interfaces0/0/0 TTG2(configif)#ipaddress192.168.0.2255.255.255.0 TTG2(configif)#noshutdown TTG2(configif)#exit

Host 1 : IP 10.0.0.2 Subnetmask: 255.255.255.0

73

Gateway: 10.0.0.1 Host 2 : IP: 10.0.1.2 Subnetmask: 255.255.255.0 Gateway:10.0.1.1 - Chng ta tin hnh kim tra cc kt ni bng cch : Ping t Host1 sang a ch 10.0.0.1

Ping t Host 1 sang a ch 192.168.0.1

Ping t Host 1 sang a ch 192.168.0.2

74

- M ch debug ti Router TTG2 TTG2#debug ip packet IP packet debugging is on - Thc hin li lnh ping trn ta thy TTG2# 00:33:59: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 00:33:59: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 00:34:04: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 00:34:04: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 00:34:09: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 00:34:09: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 00:34:14: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 00:34:14: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable - Ping t Host 1 sang a ch 10.0.1.1

- M ch debug ti Router TTG1 TTG1#debug ip packet IP packet debugging is on - Thc hin li lnh Ping:

75

TTG1# 00:36:41: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:41: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending 00:36:42: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:42: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending 00:36:43: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:43: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending 00:36:44: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:44: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending - Lnh Ping trng hp ny khng thc hin thnh cng, ta dng lnh debug ip packet m ch debug ti 2 Router, ta thy Router TTG 2 vn nhn c gi packet t host1 khi ta ping a ch 192.168.0.2, tuy nhin do host 1 khng lin kt trc tip vi Router TTG 2 nn gi Packet ICMP tr v lnh ping khng c a ch ch,do vy gi Packet ny b hy,iu ny dn n lnh Ping khng thnh cng. trng hp ta ping t Host1 sang a ch 10.0.1.1 gi packet b mt ngay ti router TTG1 v Router TTG1 khng xc nh c a ch ch cn n trong bng nh tuyn(a ch ny khng lin kt trc tip vi Router TTG1).Ta so snh v tr Unroutable trong kt qu debug packet 2 cu lnh ping trn thy c s khc nhau. - thc hin thnh cng kt ni ny,ta phi thc hin cu hnh Static Route cho Router TTG1 v Router TTG2 nh sau: TTG1(config)#ip route 10.0.1.0 255.255.255.0 192.168.0.2 TTG1(config)#exit - Bn thc hin lnh Ping t Host1 sang Host 2

76

- Bn thc hin lnh Ping t Router TTG2 sang Host1 TTG2#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) - thc hin thnh cng lnh Ping ny bn phi thc hin cu hnh Static route cho Router TTG 2 nh sau TTG2(config)#ip route 10.0.0.0 255.255.255.0 192.168.0.1 - Lc ny t Host2 bn c th Ping thy cc a ch Trn Router TTG 1 v Host1

77

- Chng ta kim tra bng nh tuyn ca cc router bng lnh show ip route TTG1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets C S C 10.0.0.0 is directly connected, Ethernet0 10.0.1.0 is directly connected, Serial0/0/0 192.168.0.0/24 is directly connected, Serial0/0/0 S biu th nhng kt ni thng qua nh tuyn tnh C biu th nhng kt ni trc tip TTG2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

78

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets S C C 10.0.0.0 is directly connected, Serial0/0/0 10.0.1.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0/0/0

- Thc hin lnh Show run ti Router xem li cu hnh nh tuyn: TTG1#show run Building configuration... ip kerberos source-interface any ip classless ip route 10.0.1.0 255.255.255.0 Serial0/0/0 ip http server ! end

TTG2#show run Building configuration...

79

ip classless ip route 10.0.0.0 255.255.255.0 Serial0/0/0 ip http server - Bn thc hin thnh cng vic nh tuyn cho 2 Router kt ni c vi nhau c cc mng con ca chng, bn cng c th m rng hnh ra thm vi 3, 4 hay 5 hop thc hnh vic cu hnh nh tuyn tnh tuy nhin bn thy r vic cu hnh ny tng i rc ri v di dng nht l i vi mi trng Internet bn ngoi,v vy bn s phi thc hin vic cu hnh nh tuyn ng cho Router bi sau.

80

Static Route Tng Hp

YU CU
1)S dng mng 172.(15+X).0.0/16 chia subnet vi X l s th t ca nhm 2)S dng Static Route nh tuyn 3)Cc PC phi i c internet 4)Kim tra li thng tin nh tuyn bng cc lnh + Show ip route + Ping ra internet + T PC dng lnh tracert ra internet lit k ng i

81

RIP ( ROUTING INFORMATION PROTOCOL)


I. Gii thiu : RIP (Routing Information Protocol) l mt giao thc nh tuyn dng qung b thng tin v a ch m mnh mun qung b ra bn ngoi v thu thp thng tin hnh thnh bng nh tuyn (Routing Table)cho Router. y l loi giao thc Distance Vector s dng tiu ch chn ng ch yu l da vo s hop (hop count) v cc a ch m Rip mun qung b c gi i dng Classful (i vi RIP verion 1) v Classless (i vi RIP version 2). V s dng tiu ch nh tuyn l hop count v b gii hn s hop l 15 nn giao thc ny ch c s dng trong cc mng nh (di 15 hop).

II.

M t bi lab v hnh :

- Cc PC ni vi Switch bng cp thng, hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh trn hnh. - Bi thc hnh ny gip bn thc hin c vic cu hnh cho mng c th ien lc c vi nhau bng giao thc RIP

III.

Mc tiu :

82

IV.

-Trc khi cu hnh nh tuyn bng RIPv2 cho 2 router chng ta s thy ngi t PC1 khng th ping c n router TTG2 v l do Router TTG2 thng tin v mng 10.0.0.0/24 ( LAN1) nm u - Sauk hi cu hnh RIPv2 th PC1 phi ping c n TTG2 Cc bc cu hnh : Trc tin bn cu hnh cho cc thit b nh sau:

Router TTG1
Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface serial 0/0/0 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#clock rate 64000 TTG1(config-if)#exit TTG1(config)#interface fastethernet 0/0 TTG1(config-if)#ip address 10.0.0.1 255.255.0.0 TTG1(config-if)#no shutdown TTG1(config-if)#exit

Router TTG2
Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface serial 0/0/0 TTG2(config-if)#ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#exit TTG2(config)#interfacae fastethernet 0/0 TTG2(config-if)#ip address 11.0.0.1 255.255.255.0

83

TTG2(config-if)#no shutdown TTG2(config-if)#exit

Host1 :
IP 10.0.0.2 Subnet mask:255.255.255.0 Gateway:10.0.0.1

Host2 :
IP: 11.0.0.2 Subnet mask:255.255.255.0 Gateway:11.0.0.1 Bn thc hin vic kim tra cc kt ni bng lnh Ping Ping t Host1 sang a ch 10.0.0.1

Ping t Host 1 sang a ch 192.168.0.1

Ping t Host1 sang a ch 192.168.0.2

84

i vi Host 1 bn khng th Ping thy a ch 192.168.0.2 Bn thc hin vic kim tra tng t Host 2 Ping a ch 11.0.0.1

Ping a ch 192.168.0.2

Ping a ch 192.168.0.1

85

Thc hin cc lnh Ping t Router TTG1: TTG1#ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms TTG1#ping 11.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Thc hin cc lnh Ping t Router TTG2 TTG2#ping 192.168.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms TTG2#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: .....

86

Success rate is 0 percent (0/5) Bn xem bng thng tin nh tuyn ca tng Router TTG1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C C 10.0.0.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0/0/0

TTG2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnets C C 11.0.0.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0/0/0

87

Nhn xt : Bn thy rng thng tin a ch ca cc mng m bn thc hin lnh Ping khng thnh cng khng c lu trn bng nh tuyn
Bn thc hin vic cu hnh RIP cho cc Router nh sau:

TTG1(config)#router rip TTG1(config-router)#network 192.168.0.0 TTG1(config-router)#network 10.0.0.0 TTG1(config-router)#exit

TTG2(config)#router rip TTG2(config-router)#network 11.0.0.0 TTG2(config-router)#network 192.168.0.0 TTG2(config-router)#exit Bn xem li bng thng tin nh tuyn: TTG1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C R C 10.0.0.0 is directly connected, Ethernet0 11.0.0.0/8 [120/1] via 192.168.0.2, 00:00:00, Serial0/0/0 192.168.0.0/24 is directly connected, Serial0/0/0

88

TTG2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set

10.0.0.0/8 [120/1] via 192.168.0.1, 00:00:23, Serial0/0/0 11.0.0.0/24 is subnetted, 1 subnets

C C

11.0.0.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0/0/0

Nhn xt : Bn thy rng trn bng thng tin nh tuyn, Router TTG1 lin kt RIP vi mng 11.0.0.0/8 qua cng Serial 0(192.168.0.2) v Router TTG2 lin kt vi mng 10.0.0.0/8 qua cng Serial 0(192.168.0.1) Ch : V Rip gi i ch theo dng classfull nn subnet mask s c s dng defaul i vi cc lp mng. - Lc ny bn thc hin li lnh Ping gia cc Router v cc Host: T Host1 bn thc hin lnh Ping:

89

T Host 2 bn thc hin lnh Ping:

90

- Bn thy rng cc kt ni thnh cng. n y bn hon tt vic cu hnh RIP cho mng trn c th trao i thng tin vi nhau.Nhng tm hiu r hn v RIP bn thc hin tip tc cc bc cu hnh nh sau: - Bn gi nguyn cu hnh ca Router TTG 1 v thay i cu hnh ca Router TTG 2 t RIP version 1 sang RIP version 2 v kim tra :
TTG2(config)#router rip TTG2(config-router)#version 2 - Bn m ch debug trn 2 Router kim tra gi tin: TTG1#debug ip packet IP packet debugging is on

TTG2#debug ip packet IP packet debugging is on Lc ny bn thc hin lnh Ping t Host 1 vo cc a ch khng lin kt trc tip vi n c chy RIP

91

TTG2# 01:49:58: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 01:49:58: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 01:50:03: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 01:50:03: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 01:50:08: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 01:50:08: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 01:50:13: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 01:50:13: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable

TTG2# 01:55:30: IP: s=10.0.0.2 (Serial0/0/0), d=11.0.0.1, len 60, rcvd 4 01:55:30: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable 01:55:35: IP: s=10.0.0.2 (Serial0/0/0), d=11.0.0.1, len 60, rcvd 4 01:55:35: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable 01:55:40: IP: s=10.0.0.2 (Serial0/0/0), d=11.0.0.1, len 60, rcvd 4 01:55:40: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable Nhng d liu khi bn m ch debug cho thy khi bn thc hin lnh Ping t Host1 n cc a ch nh:192.168.0.2 v 11.0.0.1 gi tin u nhn c ti im ch,tuy nhin gi tin tr v ti a ch ny khng tm c a ch 10.0.0.2(Host1) t bng nh tuyn ca Router TTG 2(unroutable) do Router ny c cu hnh RIP version 2 TTG2#show ip route

92

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnets C C 11.0.0.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0/0/0

Nhn xt : Mng 10.0.0.0 khng cn tn ti trong bng nh tuyn Bn thc hin lnh Ping t Router TTG2 sang cc a ch ca Router TTG1 TTG2#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)

- Bn thc hin vic kim tra bng lnh Show ip route TTG1#show ip route 01:46:50: IP: s=192.168.0.2 (Serial0/0/0), d=224.0.0.9, len 52, rcvd 2route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

93

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C R C 10.0.0.0 is directly connected, Ethernet0 11.0.0.0/8 [120/1] via 192.168.0.2, 00:00:05, Serial0/0/0 192.168.0.0/24 is directly connected, Serial0

Bn thy tuy ti bng nh tuyn ca Router TTG1 vn cn lu li a ch ca mng 11.0.0.0 nhng v Router TTG2 khng tm thy a ch ca mng 10.0.0.0 nn gi tin khng thc hin gi c. iu ny cho bn thy giao thc RIP Version 2 khng h tr tng thch ngc cho giao thc RIP Version 1. NhvytraoithngtinnhtuynthnhcngbngRIPthihiccRouterphicuhnhcng versionRIP,trongtrnghpnaytatiptccuhnhchoTTG1chuynquasdngRIPv2 TTG1(config)#router rip TTG1(config-router)#version 2

- Th kim tra li kt ni gia 2 PC sau khi chuyn RIP version trn TTG1 bng lnh Ping v kt qu lnh phi thnh cng

94

RIPv2 Lab Tng Hp

YU CU
1) Hc vin s thc hnh trn thit b Cisco 2801 2) S dng mng 172.(15+X).0.0/16 chia subnet vi X l s th t ca nhm 3)S dng RIPv2 nh tuyn 4)Cc PC phi i c internet 5)Sauk khi nh tuyn xong, kim tra li thng tin nh tuyn bng cc lnh : + Show ip route + Ping ra internet t PC v router + T PC dng lnh tracert ra internet lit k ng i t ngun n ch

95

Cisco Discovery Protocol (CDP)


I. Gii thiu CDP(Cisco Discovery Protocol) l 1 giao thc ca Cisco, giao thc ny hot ng lp 2(data link layer) trong m hnh OSI, n c kh nng thu thp v ch ra cc thng tin ca cc thit ln cn c kt ni trc tip, nhng thng tin ny rt cn thit v hu ch cho bn trong qu trnh x l s c mng. II. Mc ch Bi thc hnh ny gip bn hiu r v giao thc CDP v cc thng s lin quan, nm c chc nng ca cc lnh trong giao thc ny. Ch : CDP ch cung cp thng tin ca thit b kt ni trc tip vi n, tri vi cc giao thc nh tuyn. Giao thc nh tuyn c th cung cp thng tin ca cc mng xa, hay kt ni gin tip qua nhiu router. III. M t bi lab v hnh

96

hnh bi lab nh hnh v, cc router c ni vi nhau bng cp serial. IV. Cc bc thc hin Trc tin cu hnh cho cc Router nh sau Router TTG1 : Router> enable Router#configure terminal Router<config>#hostname TTG1 TTG1<config>#interface serial 0/0/0 TTG1<config-if>#ip address 192.168.1.2 255.255.255.0 TTG1<config-if>#no shutdown TTG1<config-if>#clock rate 64000 TTG1<config-if>#exit TTG1<config>#interface serial 0/0/1 TTG1<config-if>#ip address 192.168.2.2 255.255.255.0 TTG1<config-if>#no shutdown TTG1<config-if>#clock rate 64000 TTG1<config-if>#exit TTG1<config># Router TTG2 :

Router> enable Router#configure terminal Router<config>#hostname TTG2 TTG2<config>#interface serial 0/0/0 TTG2<config-if>#ip address 192.168.1.1 255.255.255.0 TTG2<config-if>#no shutdown TTG2<config-if>#clock rate 64000 TTG2<config-if>#exit

97

TTG2<config># Router TTG3 :

Router> enable Router#configure terminal Router<config>#hostname TTG2 TTG2<config>#interface serial 0/0/0 TTG2<config-if>#ip address 192.168.2.1 255.255.255.0 TTG1<config-if>#no shutdown TTG1<config-if>#clock rate 64000 TTG1<config-if>#exit TTG1<config># Lu : V CDP l 1 giao thc ring ca Cisco nn n c mc nh khi ng, v vy khi ta dng lnh Show run,nhng thng tin v giao thc ny s khng c hin th.Giao thc ny c th hot ng trn c Router v Switch V. Cc lnh trong giao thc CDP Lnh Show CDP neighbors : dng xem thng tin ca cc thit b xung quanh c lin kt trc tip(lnh ny s dng trong mode Privileged) TTG1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID TTG3 TTG2 Local Intrfce Ser 0/0/1 Ser 0/0/0 Holdtme 149 134 Capability Platform Port ID R R 2523 2500 Ser 0/0/1 Ser 0/0/0

98

Lnh Show CDP neighbors detail : dng xem chi tit thng tin ca cc thit b lin

kt trc tip. TTG1#show cdp neighbors detail ------------------------Device ID: TTG3(thit b lin kt trc tip l TTG3) Entry address(es): IP address: 192.168.2.1(a ch cng lin kt trc tip) Platform: cisco 2523, Capabilities: Router (loi thit b lin kt: Cisco Router 2523) Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1 (lin Serial0/0/1) Holdtime : 124 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong (Thng tin v h iu hnh ca thit b lin kt) advertisement version: 2 ------------------------Device ID: TTG2(thit b lin kt trc tip l TTG2) Entry address(es): IP address: 192.168.1.1(a ch cng lin kt) Platform: cisco 2500, Capabilities: Router(loi thit b lin kt l Cisco Router 2500) Interface: Serial0/0/0, Port ID (outgoing port): Serial0/0/0 (lin kt qua cng Serial0/0/0) Holdtime : 168 sec (thi gian gi gi tin l 168 sec) Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong(Thng tin chi tit v phin bn v h iu hnh ca thit b)

kt

trc

tip

qua

cng

99

advertisement version: 2 Lnh Show CDP : hin th thng tin CDP v timer v hold-time.

TTG1#show cdp Global CDP information: Sending CDP packets every 60 seconds(gi cdp c gi mi 60 second) Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled Lnh Show CDP interface : hin th thng tin CDP v tng cng,cch ng gi v c (thi gian gi gi tin l 180 second)

timer,hold-time. TTG1#show cdp int Ethernet0 is administratively down, line protocol is down khng c thit b lin kt trc tip) Encapsulation ARPA (cch ng gi packet) Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/0 is up, line protocol is up(cng Serial0/0/0 up do co thit b lin kt trc tip) Encapsulation HDLC (cch ng gi packet) Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/1 is up, line protocol is up (cng Serial0/0/1 up do c thit b lin kt trc tip) Encapsulation HDLC(cch ng gi packet) Sending CDP packets every 60 seconds Holdtime is 180 seconds (cng Ethernet0 down do

100

Lu : ta c th dng lnh no cdp enable tt ch CDP trn cc interface,v lc ny lnh show CDP interface s khng hin th thng tin CDP trn interface .Nu mun bt li ch CDP trn interface no ta dng lnh CDP enable trn interface . TTG1(config)#interface serial 0/0/0 TTG1(config-if)#no cdp enable (tt ch CDP trn interface Serial0/0/0) TTG1(config-if)#^Z TTG1#show cdp inter 01:32:44: %SYS-5-CONFIG_I: Configured from console by console Ethernet0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/1 is up, line protocol is up Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds (thng tin v cng Seria0/0/0 khng hin th sau khi tt ch cdp trn n) Nu mun bt li ch CDP trn interface no ta dng lnh CDP enable trn interface . TTG1(config)#interface serial 0/0/0 TTG1(config-if)#cdp enable TTG1(config-if)#exit Lnh Show CDP traffic : hin th b m CDP bao gm s lng gi packet gi, nhn

v b li. TTG1#show cdp traffic CDP counters : Total packets output: 128, Input: 115 Hdr syntax: 0, Chksum error: 0, Encaps failed: 9

101

No memory: 0, Invalid packet: 0, Fragmented: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 128, Input: 115 Lnh Clear CDP counter : dng reset lai b m CDP. Lnh No CDP run : tt hon ton ch CDP trn Router

TTG1(config)#no cdp run TTG1(config)#^Z TTG1#show cdp (lnh show cdp khng hp l khi tt ch cdp) % CDP is not enabled Lnh CDP run : dng m li ch CDP trn Router TTG1(config)#cdp run TTG1(config)#exit TTG1#show cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled Lu : Giao thc CDP ch cho ta bit c thng tin ca nhng thit b c lin kt trc tip. TTG3#show cdp neighbors detail ------------------------Device ID: TTG1 Entry address(es): IP address: 192.168.2.2 Platform: cisco 2500, Capabilities: Router Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1 Holdtime : 138 sec Version :

102

Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani advertisement version: 2 - T Router TTG3 ch xem c thng tin ca thit b ni trc tip l Router TTG1. Gi s ta thay i a ch IP ca cng Serial0/0/1 router TTG3 TTG3(config)#interface serial 0/0/0 TTG3(config-if)#ip address 192.168.3.2 255.255.255.0 TTG3(config-if)#no shut TTG3(config-if)#clock rate 64000 TTG3(config-if)#^Z - Dng lnh Ping t Router TTG3 ping a ch cng Serial 0/01 ca Router TTG1: TTG3#ping 192.168.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) - S dng giao thc CDP t Router TTG3 xem thng tin v cc thit b lin kt trc tip: TTG3#show cdp neighbors detail ------------------------Device ID: TTG1 Entry address(es): IP address: 192.168.2.2 Platform: cisco 2500, Capabilities: Router Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1 Holdtime : 144 sec Version :

103

Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani advertisement version: 2 - Bn thy r t Router TTG3 ta ping khng thy c Router TTG1 nhng dng giao thc CDP bn vn nhn c thng tin ca thit b lin kt. y l u im ca giao thc CDP. u im ny s rt hu ch cho bn khi x l s c mng.

104

NP IOS IMAGE T TFTP SERVER


I. Gii thiu : - Flash l 1 b nh c th xa, c dng lu tr h iu hnh v mt s m lnh.B nh Flash cho php cp nht phn mm m khng cn thay th chip x l.Ni dung Flash vn c gi khi tt ngun. - Bi lab ny gip bn thc hin vic np IOS (Internetwork Operating System) Image t Flash trong Router Cisco vo TFTP server to bn IOS Image d phng v np li IOS Image t t TFTP sever vo Cisco Router chy t Flash(khi phc phin bn c hay update phin bn mi) thng qua giao thc truyn TFTP (Trivial file transfer protocol) II. M t bi lab v hnh :

TTG

10.X.0.1/8

Fa0/1

IP : 10.X.0.2/8 `

- hnh bi lab nh hnh v, PC ni vi router bng cp cho - PC hot ng nh 1 TFTP Server v c ni vi Router thng qua mi trng Ethernet, lc ny Router hot ng nh l TFTP Client. IOS s c copy t Router ln Server ( trong tnh

105

hung backup IOS) hay t Server vo Router( trong tnh hung update hay ci t IOS mi). i vi trng hp np IOS cho Router khi Flash Router b xo ta c th vo mode ROMMON cu hnh ly IOS t Server. III. Cc bc thc hin : Chng ta s cu hnh cho router TTG v PC (ng vai tr nh mt TFTP server) nh sau : PC : IP Address : 10.1.0.2 Subnetmask : 255.0.0.0 Gateway : 10.1.0.1

Router TTG : Router>enable Router#configure terminal Router(config)#hostname TTG TTG(config)#interface fa0/1 TTG(config-if)#ip address 10.1.0.1 255.0.0.0 TTG(config-if)#no shutdown TTG(config-if)#exit Bn thc hin lnh Ping m bo vic kt ni gia Router v TFTP server TTG#ping 10.1.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms Dng lnh Show version xem phin bn IOS hin hnh: TTG#show version Cisco Internetwork Operating System Software

106

IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Router ang s d ng IOS version 12.2(1d)

Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani Image text-base: 0x0307EEE0, data-base: 0x00001000 ROM: System Bootstrap, Version 11.0(10c), SOFTWARE BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT WARE (fc1) TTG uptime is 15 minutes System returned to ROM by bus error at PC 0x100D042, address 0xFFFFFFFC System image file is "flash:/c2500-jk8os-l.122-1d.bin" Tn tp tin IOS image c np t flash- loI Cisco 2500 s dng h iu hnh phin bn12.2(1d) cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory. Router c 16MB RAM,14 MB dng cho b nh x l, 2 MB dng cho b nh I/O Processor board ID 08030632, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Ethernet/IEEE 802.3 interface(s)

107

2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Router c 16 MB flash

Configuration register is 0x2102

Thanh ghi hin hnh

Dng lnh Show Flash xem b nh Flash v lu tn file IOS li chun b copy xung TFTP TTG#show flash System flash directory: File Length Name/status 1 16505800 /c2500-jk8os-l.122-1d.bin [16505864 bytes used, 271352 available, 16777216 total] 16384K bytes of processor board System flash (Read ONLY)

ngha tn File IOS Image: c2500:loi thit b Cisco 2500 1.122 : lai phin bn IOS Bn thc hin vic np IOS image t Flash vo TFTP server: TTG#copy flash: tftp: Source filename []? /c2500-jk8os-l.122-1d.bin Address or name of remote host []? 10.1.0.2 Destination filename [c2500-jk8os-l.122-1d.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

a ch TFTP server

108

16505800 bytes copied in 232.724 secs (71145 bytes/sec) - Qu trnh np thnh cng, file IOS image c lu vo chng trnh cha TFTP server

- Bn thc hin xong vic np IOS t Flash vo TFTP server, sau y bn thc hin li vic np mt IOS c sn t TFTP server vo li flash ca mt Router. t PC. Gi s bn c 2 file IOS c sn trong TFTP server Cc bc thc hin: Bn cu hnh Router v Host nh trn.chy chng trnh TFTP

109

File IOS Image c2500-i-l.121-26.bin c dung lng 7,85 MB. File IOS Image c2500-jk80os-l.122-1d.bin c dung lng 16MB Bn thc hin kim tra Flash: TTG#show flash System flash directory: File Length Name/status 1 8039140 /c2500-i-l.121-26.bin [8039204 bytes used, 349404 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY) Nhn xt : B nh Flash ca bn c dung lng l 8 MB, bn c th lu file IOS image c2500-i-l.121-26.bin vo Flash Thc hin qu trnh copy flash TTG#copy tftp: flash:

110

Address or name of remote host []? 10.1.0.2

tn hay a ch ni lu Flash (TFTP Server)

Source filename []? c2500-i-l.121-26.bin Destination filename [c2500-i-l.121-26.bin]? %Warning:There is a file already existing with this name Do you want to over write? [confirm] Accessing tftp://192.168.14.2/c2500-i-l.121-26.bin... Erase flash: before copying? [confirm] 00:09:43: %SYS-5-RELOAD: Reload requested

Tn file ngun Tn file ch

%SYS-4-CONFIG_NEWER: Configurations from version 12.1 may not be correctly understood. %FLH: c2500-i-l.121-26.bin from 192.168.14.2 to flash ... System flash directory: File Length Name/status 1 8039140 /c2500-i-l.121-26.bin [8039204 bytes used, 349404 available, 8388608 total] Accessing file 'c2500-i-l.121-26.bin' on 192.168.14.2... Loading c2500-i-l.121-26.bin from 192.168.14.2 (via Ethernet0): ! [OK] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased qu trnh xa flash Loading c2500-i-l.121-26.bin from 192.168.14.2 (via Ethernet0): !!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 8039140/8388608 bytes]

qu trnh np Flash

111

Verifying checksum... OK (0x9693) Flash copy took 0:03:57 [hh:mm:ss] %FLH: Re-booting system after download F3: 7915484+123624+619980 at 0x3000060

Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong Image text-base: 0x03042000, data-base: 0x00001000 cisco 2500 (68030) processor (revision N) with 6144K/2048K bytes of memory. Processor board ID 17553463, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0.

112

1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) - Sau khi np Flash hon thnh, Router s reset li thay i Flash mi, lc ny IOS trong Flash s l file IOS bn va copy vo. Qu trnh np Flash trong TFTP server

Lu : l trong c qu trnh copy flash t TFTP server vo Router hay t Router vo TFTP server bn u phi chy chng trnh TFTP server trn PC.

113

KHI PHC MT KHU CHO CISCO ROUTER (Recovery Password)


I. Gii thiu : - Mt khu truy cp l rt hu ch trong lnh vc bo mt, tuy nhin i khi n cng em li phin toi nu chng may bn qun mt mt khu truy nhp.Bi thc hnh khi phc mt khu cho Cisco Router ny gip bn khi phc li mt khu ng nhp vo Router . Lu : t mt khu cho Router c ngha rt ln trong kha cnh security,n ngn cn c cc phin Telnet t xa vo Router thay i cu hnh hay thc hin nhng mc ch khc.Bn nn trnh nhm ln gia hai khi nim bo mt v khi phc mt khu,bn c th khi phc hay thay i c mt khu ca Router khng c ngha l mc bo mt ca Router khng cao v khi phc mt khu cho Router, iu kin tin quyt l bn phi thao tc trc tip trn Router, iu ny c ngha l bn phi c s chp nhn ca Admin hay k thut vin qun l Router. II. M t bi lab v hnh :

Trong hnh trn PC ni vi router bng cp console III. Qu trnh khi ng ca Router : Khi va bt ngun, Router s kim tra phn cng, sau khi phn cng c kim tra hon tt, h iu hnh s c np t Flash, tip Router s np cu hnh trong NVRAM bao gm tt c nhng ni dung cu hnh trc cho Router nh cc thng tin v giao thc, a ch cc cng v c mt khu truy nhp.V vy Router khng kim tra mt khu khi ng nhp, bn phi ngn khng cho Router np d liu t NVRAM.

114

Mi dng Router c mt k thut khi phc mt khu khc nhau, tuy vy khi phc mt khu cho Router bn phi qua cc bc sau: Bc 1 : Khi ng Router,ngn khng cho Router np cu hnh trong NVRAM. (bng cch thay i thanh ghi t 0x2102 sang thanh ghi 0x2142). Bc 2 : Reset li Router (lc ny Router s dng thanh 0x2142 khi ng). Bc 3 : ng nhp vo Router(lc ny Router khng kim tra mt khu), dng cc lnh ca Router xem hay ci t li mt khu (bn ch xem c mt khu khi mt khu c ci t ch khng m ha) Bc 4 : Thay i thanh ghi (t 0x2142 sang 0x2102). Bc 5 : Lu li cu hnh va ci t (lc ny mt khu bit). IV. Khi phc mt khu cho Cisco Router 2500. - Gi s khi bn ng nhp vo Router nhng bn qun mt mt khu. TTG con0 is now available Press RETURN to get started. TTG>enable Password: Password: Password: % Bad secrets - Bn phi thc hin vic khi phc mt khu. Cc bc thc hin nh sau: Bc 1 : bn khi ng li Router System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 8192 Kbytes of main memory n Ctrl Break khng cho Router np d liu t NVRAM Abort at 0x103AA7E (PC) romon> confreg 0x2142 S dng lnh ny thay i thanh ghi sang 0x2142

115

Bc 2 : khi ng li Router, lc ny Router s np cu hnh t thanh ghi 0x2142 (cu hnh trng) TTG>enable password s khng yu cu kim tra khi ng nhp TTG#show start dng lnh Show start xem cu hnh trong NVRAM

Using 456 out of 32762 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 $1$AqeQ$yB00zFjHxIiVoHLnbLEhh1 password secret c m ho enable password cisco ! end Bc 3 : Cu hnh li mt khu cho Router: TTG#configure terminal Enter configuration commands, one per line. End with CNTL/Z. TTG(config)#enable secret TTG mt khu secret c cu hnh li l TTG TTG(config)#exit

mt khu enable password l cisco

116

TTG#conf igure terminal TTG(config)#enable password class TTG(config)#exit Bc 4 : Thay i thanh ghi hin hnh t 0x2142 tr v 0x2102 Dng lnh Show version xem thanh ghi hin hnh TTG#show verion Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong Image text-base: 0x03042000, data-base: 0x00001000 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 Thay i thanh ghi: TTG(config)#config-register 0x2102 TTG(config)#exit Xem li thanh ghi hin hnh: TTG#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong

mt khu enable password l class

Thanh ghi 0x2142 ang c s dng dng lnh config-register

117

2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 (will be 0x2102 at next reload) thanh ghi hin hnh l 0x2102 Bc 5 : lu cu hnh thay i vo thanh ghi 0x2102 TTG#copy run start Building configuration... [OK] - Dng lnh show start xem cu hnh khi ng trong NVRAM TTG#show start Using 488 out of 32762 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname TTG ! enable secret 5 $1$49cD$jrvYyRSQhpTAHuDA1/R1v. enable password class

118

! ! ! End - Sau khi reload li, ng nhp vo Router,mt khu secret l TTG s c kim tra TTG con0 is now available Press RETURN to get started. TTG>ena Password: TTG# mt khu l TTG s c kim tra v chp nhn

119

RECOVERY PASSWORD CHO SWITCH 2950


I. II. Gii thiu : Trong bi lab ny chng ta se thc hin recovery password ca mt switch M t bi lab v hnh :

- Ni cp console gia PC vi switch. Chng ta s tin hnh recovery password trn switch 2950 trong bi lab ny. III. Thc hin : - kho st vic recovery password r rng hn ,chng ta s cu hnh tn v password cho switch trc khi tin hnh recovery password cho switch - Chng ta cu hnh tn v password cho switch nh sau : Switch#configure terminal Switch(config)#hostname TTG TTG(config)#enable password cisco TTG(config)#enable secret TTG t password cho switch t secret password cho switch

- Sau khi cu hnh xong chng ta lu vo NVRAM v xem li cu hnh trong NVRAM trc khi tin hnh recovery password cho switch. TTG#copy run start

120

Destination filename [startup-config]? Building configuration... TTG#show start TTG#sh start Using 1186 out of 32768 bytes version 12.1 hostname TTG enable secret 5 $1$s22D$vCe6IFIeKLhUPZqgm6QZ6/ enable password cisco Chng ta tin hnh recovery password theo cch bc sau : Bc 1 : tt ngun switch, sau gia nt MODE trn switch 2950 trong lc bt ngun li. Khi mn hnh hin nhng thng bo sau, ta nh nt MODE ra. Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sun 07-Nov-04 23:14 by antonino (mt s thng bo c lc b) flash_init load_helper boot Bc 2: Chng ta nhp flash_init bt u cu hnh cho cc file ca flash. Nhp cu lnh dir flash: xem cc file c cha trong flash. Sau chng ta i tn file config.text thnh config.bak (v cu hnh ca chng ta lu phn trc c switch cha trong file ny) bng cu lnh sau : rename flash:config.text flash:config.bak Sau chng ta reload li switch bng cu lnh boot

121

Bc 3 : Trong qu trnh khi ng switch s hi : Continue with the configuration dialog? [yes/no] :

Chng ta nhp vo NO, b qua cu hnh ny. Sau khi khi ng xong chng ta vo mode privileged. Switch>en Switch# - Sau chng ta chuyn tn file config.bak trong flash thnh config.text bng cch : Switch#rename flash:config.bak flash:config.text - Ri cu hnh NVRam vo RAM bng cu lnh sau : Switch#copy flash:config.text system:running-config Bc 4 : g b tt c cc loi password TTG#conf t TTG(config)#no enable password TTG(config)#no enable secret Bc 5 : copy cu hnh t RAM vo NVRam, ri reload switch li. TTG#copy run start Destination filename [startup-config]? Building configuration... [OK] TTG#reload

122

LAB TNG HP PHN 1


YU CU
Mail Server Web Server 203.11.X.2 1)Trin khai m hnh kt ni trn PacketTracer 2)S dng mng 192.168.X.0/24 chia subnet cc mng ca router N,HN,HCM 3)t mt khu cho line vty,console,enable secrect cho cc router l TTG, bt dch v SSH s dng version2 4)S dng RIPv2 nh tuyn gia router N,HN,HCM 5)Internet ch dng Static route n cc mng private bn trong ca HCM,N,HN 6)Cc PC phi ping c n cc mng ca Internet 7)Kim tra li thng tin nh tuyn bng cc lnh Ping,Traceroute ,Show ip route,Show ip protocols,Debug ip rip 8)T PC th telnet ,ssh ln router,lu cu hnh bng lnh copy running-config startup-config 9)Lu cu hnh ,IOS ca cc router ln TFTP server 10)Kt thc bi lab,s dng lnh erase startup-config xa cu hnh v reload khi ng li router

203.11.X.1

Internet .1
192.168.1.0/24

.2

HN

HCM

RIP v2

` PCDN PCHN

` ` PCHCM

I. 1. 2. 3. 4. 5. 6. 7. 8. 9. II.

III. 1.

Yu Cu : Trin khai m hnh kt ni trn Cisco Lab S dng mng 192.168.X.0/24 chia subnet cc mng ca router N,HN,HCM : t mt khu cho line vty,console,enable secrect cho cc router l TTG, S dng RIPv2 nh tuyn gia router N,HN,HCM : nh tuyn cc Router kt ni n Internet, Internet ch dng Static route : Cc PC phi ping c n cc mng ca Internet : Kim tra li thng tin nh tuyn bng cc lnh : T PC th telnet ,ssh ln router v lu cu hnh Copy cu hnh, IOS t cc router n lu trn TFTP Server Mc Tiu : - Gip cc hc vin nm r li cc kin thc lin quan n phn 1 ca chng trnh CCNA bao gm cc phn : a ch IP, subnet, nh tuyn tnh v ng ( Static Route, RIPv2 ), cc loi mt khu, sao lu d phng cu hnh, IOS Cc Bc Cu Hnh : Trin khai m hnh kt ni trn Cisco Lab

123

2. S dng mng 192.168.2.0/24 ( bi lab s dng X=2, cc nhm nh thay gi tr ca X = STT m gio vin phn ) chia subnet cc mng ca router N,HN,HCM : +S subnet cn +S bit mn : 5 subnet : 3 bit ( tng cng c 8 subnet)

+SubnetMask mi: 255.255.255.224 +Bc nhy +Lit k subnet 1-192.168.2.0/27 2-192.168.2.32/27 3-192.168.2.64/27 4-192.168.2.96/27 5-192.168.2.128/27 6-192.168.2.160/27 7-192.168.2.192/27 8-192.168.2.224/27 : 256 -224 = 32 IP dng c 192.168.2.1 --- 192.168.2.30 ( LAN N) 192.168.2.33 --- 192.168.2.62 (LAN HN) 192.168.2.65 --- 192.168.2.94 (LAN HCM) 192.168.2.97 --- 192.168.2.126 (N-HN) 192.168.2.129 --- 192.168.2.158 (HN-HCM) 192.168.2.161 --- 192.168.2.190 192.168.2.193 --- 192.168.2.222 192.168.2.225--- 192.168.2.254

-Tin hnh t a ch IP cho cc Router,PC 3. t mt khu cho line vty,console,enable secrect cho cc router l TTG, bt dch v SSH s dng version2 : -Mt khu line vty Router(config)#line vty 0 4 Router(config-line)#password TTG Router(config-line)#login -Mt khu console

124

Router(config)#line console 0 Router(config-line)#password TTG Router(config-line)#login -Secrect password Router(config)# enable secrect TTG -Bt dch v SSH Router(config)#hostname DN

i tn mc nh ca router

DN(config)#username ttg password 123 Username v mt khu chng thc trong SSH DN(config)#ip domain-name truongtan.edu.vn t domain name cho router DN(config)#crypto key generate rsa

To ra kha m ha d liu trong phin SSH

The name for the keys will be: DN.truongtan.edu.vn Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 DN(config)#ip ssh version 2 DN(config)#line vty 0 4 DN(config)#transport input ssh DN(config)#login local

Ch cho php SSH n router

Khi SSH n router s chng thc bng nhng username v mt khu to ra trn

- Lp li vic cu hnh cc loi mt khu v SSH trn 3 router cn li . 4. S dng RIPv2 nh tuyn gia router N,HN,HCM : - Do c 3 router u dng cc subnet ca cng network 192.168.2.0/24 nn khi cu hnh RIP c 3 router u ging nhau :

125

Router(config)#router rip Router(config-router)#version 2 Router(config-router)#network 192.168.2.0 - Do cc network c qung b trong RIP phi l cc default network theo class A,B,C. V d router DN c 2 subnet cn qung b l 192.168.2.0/27 v 192.168.2.96/27 nhng do 2 subnet ny u thuc cng network lp C 192.168.2.0/24 nn khi cu hnh RIP ch cn qung b DN(config-router)#network 192.168.2.0 - Tin hnh kim tra li thng tin nh tuyn ca cc router bng lnh : Router#show ip route Router#show ip protocols - T cc PC ca HN, HCM, N s dng lnh ping kim tra kt ni nu khng thnh cng trn cc router th s dng lnh show ip interface brief kim tra li trng thi vt l v a ch ip ca cc cng HN#show ip interface brief Interface FastEthernet0/0 FastEthernet0/1 Serial0/0/0 Serial0/0/1 Serial0/1/0 Serial0/1/1 IP-Address 192.168.2.33 unassigned 192.168.2.97 OK? Method Status YES manual YES manual up Protocol up

administratively down down up up up administratively down up up up down

YES manual

192.168.2.129 YES manual 192.168.1.1 unassigned YES manual YES manual

5. nh tuyn cc Router kt ni n Internet, Internet ch dng Static route : -Do c im cc mng ngoi Internet l rt nhiu khng th nh tuyn bng cch ch tng mng c nn cc PC trong LAN ca HCM, HN, N c th i n c tt c cc mng Internet th trn 3 router ta phi cu hnh thm default route ( ng i mc nh) , c th nh sau

126

+N, HCM s cu hnh ng i mc nh n HN DN(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.97 HCM(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.129 Lnh trn c ngha l i vi router HCM,DN nhng network ch no khng bit th s c y n router HN + HN s cu hnh ng i mc nh n Internet HN(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 Lnh trn c ngha l i vi router HN nhng network ch no khng bit th s c y n router Internet - Cn i vi router Internet s dng static route n 5 subnet m hin ti n cha bit l cc subnet ca cc LAN v subnet dng gia cc router N,HN,HCM, lnh cu hnh c th nh sau: + Internet(config)#ip route 192.168.2.0 255.255.255.224 192.168.1.2 next-hop l IP ca HN + Internet(config)#ip route 192.168.2.32 255.255.255.224 192.168.1.2 (HN LAN) + Internet(config)#ip route 192.168.2.64 255.255.255.224 192.168.1.2 (DHCM LAN) + Internet(config)#ip route 192.168.2.96 255.255.255.224 192.168.1.2 (DN-HN) + Internet(config)#ip route 192.168.2.128 255.255.255.224 192.168.1.2 (HCM-HN) - Nhng do c 5 subnet ny u thuc network 192.168.2.0/24 nn thay v nh 5 lnh route n 5 subnet ta c th s dng 1 lnh route n network chnh. Nh vy 5 lnh route trn c th thay bng 1 lnh route sau : + Internet(config)#ip route 192.168.2.0 255.255.255.0 192.168.1.2 - Kim tra kt ni t cc PC n cc mng ngoi Internet bng lnh ping,tracert 6. Cc PC phi ping c n Web, FTP Server: - S dng lnh ping trn tt c PC kim tra kt ni n cc server ti router Internet, cc lnh ping u phi thnh cng. - Setup Web v FTP server, cc bn c th tham kho video ti a ch http://www.mediafire.com/download.php?lhz4njdflyy - M trnh duyt th kt ni n Webserver

127

7. Kim tra li thng tin nh tuyn bng cc lnh : Ping,Traceroute , Show ip route, Show ip protocols, Debug ip rip 8. T PC th telnet ,ssh ln router,lu cu hnh copy running-config startup-config - T PC mun telnet,ssh n router vo Desktop Command Prompt s dng lnh telnet <ip ca router> Lnh telnet s khng thnh cng do hin ti ta ang dng SSH ssh -l <tn username to trn router> <ip ca router> - Tin hnh lu cu hnh trn cc router bng lnh Router#copy running-config startup-config Destination filename [startup-config]? <Enter> 9. Lu cu hnh ,IOS ca cc router ln TFTP server : - Trn LAN ca N tin hnh kt ni thm 1 TFTP Server c a ch 192.168.2.5 sau tin hnh copy cu hnh ( startup-config, running-config) v IOS lu trn TFTP server DN#copy run tftp Address or name of remote host []? 192.168.2.5 Destination filename [DN-confg]? <Enter> DN#copy start tftp Address or name of remote host []? 192.168.2.5 Destination filename [DN-confg]? <Enter> - Copy IOS ln lu trn TFTP server, trc tin ta phi s dng lnh dir flash: hay show flash: mode privilege xem thng tin v tn file IOS sau s dng lnh DN#copy flash: tftp: 10. Kt thc bi lab,s dng lnh erase startup-config xa cu hnh v reload khi ng li router

128

CU HNH OSPF C BN
1. Gii thiu : Giao thc OSPF (Open Shortest Path First) thuc loi link-state routing protocol v c h tr bi nhiu nh sn xut. OSPF s dng thut ton SPF tnh ton ra ng i ngn nht cho mt route. Giao thc OSPF c th c s dng cho mng nh cng nh mt mng ln. Do cc router s dng giao thc OSPF s dng thut ton tnh metric cho cc route ri t xy dng nn hnh ca mng nn tn rt nhiu b nh cng nh hot ng ca CPU router. Nu nh mt mng qu ln th vic ny din ra rt lu v tn rt nhiu b nh. khc phc tnh trng trn, giao thc OSPF cho php chia mt mng ra thnh nhiu area khc nhau. Cc router trong cng mt area trao i thng tin vi nhau, khng trao i vi cc router khc vng. V vy, vic xy dng hnh ca router c gim i rt nhiu. Cc vng khc nhau mun lin kt c vi nhau phi ni vi area 0 (cn c gi l backbone) bng mt router bin. Cc router chy giao thc OSPF gi lin lc vi nhau bng cch gi cc gi Hello cho nhau. Nu router vn cn nhn c cc gi Hello t mt router kt ni trc tip qua mt ng kt ni th n bit c rng ng kt ni v router u xa vn hot ng tt. Nu nh router khng nhn c gi hello trong mt khong thi gian nht nh, c gi l dead interval, th router bit rng router u xa b down v khi router s chy thut ton SPF tnh route mi. Mi router s dng giao thc OSPF c mt s ID nhn dng. Router s s dng a ch IP ca interface loopback cao nht (nu c nhiu loopback) lm ID. Nu khng c loopback no c cu hnh hnh th router s s dng IP cao nht ca cc interface vt l. OSPF c mt s u im l : thi gian hi t nhanh, c h tr bi nhiu nh sn xut, h tr VLSM, c th s dng trn mt mng ln, c tnh n nh cao. 2. Cc cu lnh s dng trong bi lab : router ospf process-id Cho php giao thc OSPF network address wildcard-mask area area-id Qung b mt mng thuc mt area no

129

3. M t bi lab v hnh :

- hnh bi lab nh hnh v. Cc router c cu hnh cc interface loopback 0. a ch IP ca cc interface c ghi trn hnh. Lu y chng ta s dng subnetmask ca cc mng khc nhau. 4. Cc bc thc hin : - Trc tin ta cu hnh cho cc Router nh sau : Router TTG1 Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface s1/0 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0

130

TTG1(config-if)#no shutdown TTG1(config-if)#clock rate 64000 TTG1(config-if)#exit TTG1(config)#interface loopback 0 TTG1(config-if)#ip address 10.0.0.1 255.255.0.0 TTG1(config-if)#exit TTG1(config)# Router TTG2 Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface s1/0 TTG2(config-if)#ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#exit TTG2(config)# interface s1/1 TTG2(config-if)# ip address 170.1.0.1 255.255.0.0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#exit TTG2(config)#interface loopback 0 TTG2(config-if)#ip address 11.1.0.1 255.0.0.0 TTG2(config-if)#exit TTG1(config)#interface E0

131

TTG2(config-if)# ip address 15.1.0.1 255.0.0.0 TTG2(config-if)#no shutdown TTG2(config-if)#exit TTG2(config)# Router TT3 Router>enable Router#configure terminal Router(config)#hostname TTG3 TTG3(config)#interface s1/0 TTG3(config-if)#ip address 170.1.0.2 255.255.0.0 TTG3(config-if)#no shutdown TTG3(config-if)#clock rate 64000 TTG3(config-if)#exit TTG3(config)#interface loopback 0 TTG3(config-if)#ip address 12.1.0.1 255.255.255.252 TTG3(config-if)#exit TTG3(config)# - Trc khi cu hnh OSPF mi ngi cn ch n gi tr WildcasdMask c tnh theo cc ly 255.255.255.255 tr cho gi tr SubnetMask ca mng cn tham gia vo qu trnh qung b ca OSPF. V d : cn cho mng 192.168.1.0/24 c qung b trong OSPF: + Mng 192.168.1.0/24 c Subnetmask l 255.255.255.0 nn gi tr WildcasdMask l : 255.255.255.255 255.255.255.0 = 0.0.0.255 - Sau khi cu hnh interface cho cc router, ta tin hnh cu hnh OSPF nh sau Router TTG1: TTG1(config)#router ospf 10 TTG1(config-router)#network 192.168.1.0 0.0.0.255 area 0

132

TTG1(config-router)# network 10.0.0.0 0.0.255.255 area 0 Router TTG2 : TTG2(config)#router ospf 10 TTG2(config-router )#network 192.168.1.0 0.0.0.255 area 0 TTG2(config-router )#network 170.1.0.0 0.0.255.255 area 0 TTG2(config-router )#network 15.0.0.0 0.255.255.255 area 0 TTG2(config-router )#network 11.0.0.0 0.255.255.255 area 0 Router TTG3 : TTG3(config)#router ospf 10 TTG2(config-router )#network 170.1.0.0 0.0.255.255 area 0 TTG2(config-router )#network 12.1.0.0 0.0.0.3 area 0 - Ngoi ra chng ta c th cu hnh OSPF cho c ba router theo cch sau: TTG1(config)#router ospf 10 TTG1(config-router)#network 192.168.1.1 0.0.0.0 area 0 TTG1(config-router)# network 10.0.0.1 0.0.0.0 area 0

TTG2(config)#router ospf 10 TTG2(config-router)#network 192.168.1.2 0.0.0.0 area 0 TTG2(config-router)#network 170.1.0.1 0.0.0.0 area 0 TTG2(config-router)#network 11.1.0.1 0.0.0.0 area 0 TTG2(config-router)#network 15.1.0.1 0.0.0.0 area 0

TTG3(config)#router ospf 10 TTG3(config-router)#network 170.1.0.2 0.0.0.0 area 0 TTG3(config-router)#network 12.1.0.1 0.0.0.0 area 0

133

- Sau khi qung b cc mng ca router xong chng ta kim tra li bng nh tuyn ca cc router bng cu lnh show ip route TTG1#sh ip route Gateway of last resort is not set O 170.1.0.0/16 [110/128] via 192.168.1.2, 01:20:18, Serial1/0 10.0.0.0/16 is subnetted, 1 subnets O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:20:18, Serial1/0 C 10.0.0.0 is directly connected, Loopback0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 192.168.1.2, 01:20:18, Serial1/0 12.0.0.0/32 is subnetted, 1 subnets O C 12.1.0.1 [110/129] via 192.168.1.2, 01:20:18, Serial1/0 192.168.1.0/24 is directly connected, Serial1/0

TTG2#show ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial1/1 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/65] via 192.168.1.1, 01:20:38, Serial1/0

C 11.0.0.0/8 is directly connected, Loopback0 12.0.0.0/32 is subnetted, 1 subnets O 12.1.0.1 [110/65] via 170.1.0.2, 01:20:38, Serial1/1

C 192.168.1.0/24 is directly connected, Serial0 TTG3#show ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial1/0

134

10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/129] via 170.1.0.1, 00:00:20, Serial1/0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 170.1.0.1, 00:00:20, Serial1/0 12.0.0.0/30 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Loopback0

O 192.168.1.0/24 [110/128] via 170.1.0.1, 00:00:20, Serial1/0 O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:00:20, Serial1/0 Nhn xt : cc router bit c tt c cc mng trong hnh ca chng ta. Cc route router bit c nh giao thc OSPF c nh O u route. Trong kt qu trn cc route c in m. - By gi chng ta s kim tra li xem cc mng c th lin lc c vi nhau hay cha bng cch ln lt ng trn tng router v ping n cc mng khng ni trc tip vi n. TTG3#ping 11.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms TTG3#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/68/108 ms - Cc bn lm tng t cho cc mng khc kim tra, v chc chn s ping thy! Cu hnh OSPF nhiu Area : - Chng ta s kho st cch cu hnh cc mng c phn b trong nhiu area khc nhau trong mc ny.

135

- Trc ht, chng ta kho st nu cu hnh cho mng 12.1.0.0/30 v interface S0 ca TTG3 trong cng area 1 cn cc mng khc vn trong area 0 th ton mng ca chng ta c th lin lc c hay khng ? - Do phn trn chng ta cu hnh OSPF cho cng mt vng. Nn by gi chng ta ch cn g b cu hnh OSPF cho router TTG3 v cu hnh li cho n nh yu cu ca cu hi t ra. - Cch thc hin nh sau : TTG3(config)#router ospf 10 TTG3(config-router)#no network 170.1.0.0 0.0.255.255 area 0 g b cu hnh cu hnh OSPF c TTG3(config-router)#no network 12.1.0.0 0.0.0.3 area 0 TTG3(config)#router ospf 10 TTG3(config-router)#network 170.1.0.0 0.0.255.255 area 1 Cu hnh interface S0 router TTG3 thuc area 1 TTG3(config-router)#network 12.1.0.0 0.0.0.3 area 1 thuc area 1 - Sau khi cu hnh xong chng ta kim tra li bng nh tuyn ca cc router : TTG1#sh ip route Gateway of last resort is not set O 170.1.0.0/16 [110/128] via 192.168.1.2, 00:00:53, Serial1/0 10.0.0.0/16 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Loopback0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 192.168.1.2, 00:00:53, Serial1/0 cho

Cu hnh mng 12.1.0.0/30

O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:00:53, Serial1/0 C 192.168.1.0/24 is directly connected, Serial1/0

TTG2#sh ip route Gateway of last resort is not set

136

C 170.1.0.0/16 is directly connected, Serial1/1 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/65] via 192.168.1.1, 00:00:43, Serial1/0

C 11.0.0.0/8 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, Serial1/0

TTG3#sh ip route Gateway of last resort is not set 12.0.0.0/30 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Loopback0

C 170.1.0.0/16 is directly connected, Serial1/0

Nhn xt : router TTG1 v TTG2 bit c cc mng ca nhau nhng khng bit c mng ca router TTG3. Ngc li router TTG3, khng bit c cc mng ca router TTG1 v TTG2. iu ny chng t, cc router trong cng mt area ch bit c cc mng trong area , cc mng trong area khc th router khng bit. (Trng hp, router TTG1 thy c mng 170.1.0.0/16 l do router TTG2 qung b mng thuc area 0) - lin kt c cc mng trong cng cc area khc nhau chng ta phi c mt router bin ni area v area 0 (backbone). Router ny c mt interface thuc area v mt interface thuc area 0.

137

- Trong trng hp bi lab, chng ta c hai cch gii quyt vn ny. Cch th nht l cu hnh cho mng ca interface S0 ca router TTG3 thuc area 0. Lc ny, router TTG3 ng vai tr l mt router bin. Cch th hai l cu hnh cho mng ca interface S1 router TTG2 thuc area 1, lc ny router TTG2 ng vai tr l router bin. - Chng ta s kho st cch 1 (cu hnh cho mng interface S0 ca TTG3 thuc area0). Cch 2 c thc hin tng t

Cch cu hnh : TTG3(config)#router ospf 1 TTG3(config-router)#no network 170.1.0.0 0.0.255.255 area 1 TTG3(config-router)#network 170.1.0.0 0.0.255.255 area 0 - Sau khi cu hnh xong, chng ta kim tra li bng nh tuyn ca cc router : TTG1#show ip route Gateway of last resort is not set 10.0.0.0/16 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Loopback0 11.0.0.0/32 is subnetted, 1 subnets

138

11.1.0.1 [110/65] via 192.168.1.2, 00:40:12, Serial1/0 12.0.0.0/32 is subnetted, 1 subnets

O IA

12.1.0.1 [110/129] via 192.168.1.2, 00:38:16, Serial1/0

O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:40:12, Serial1/0 O C 170.1.0.0/16 [110/128] via 192.168.1.2, 00:40:12, Serial1/0 192.168.1.0/24 is directly connected, Serial1/0

TTG2#show ip route Gateway of last resort is not set 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/65] via 192.168.1.1, 00:03:40, Serial1/0

C 11.0.0.0/8 is directly connected, Loopback0 12.0.0.0/32 is subnetted, 1 subnets O IA 12.1.0.1 [110/65] via 170.1.0.2, 00:02:06, Serial1/1

C 15.0.0.0/8 is directly connected, Ethernet0 C 170.1.0.0/16 is directly connected, Serial1/1 C 192.168.1.0/24 is directly connected, Serial1/0

TTG3#show ip route Gateway of last resort is not set 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/129] via 170.1.0.1, 00:06:27, Serial1/0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 170.1.0.1, 00:06:27, Serial1/0 12.0.0.0/30 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Loopback0

O 15.0.0.0/8 [110/65] via 170.1.0.1, 00:06:27, Serial1/0 C 170.1.0.0/16 is directly connected, Serial1/0

139

O 192.168.1.0/24 [110/128] via 170.1.0.1, 00:06:27, Serial1/0 Nhn xt : cc router thy c cc mng ca cc router khc. Nh vy ton mng lin lc c vi nhau. Chng ta c th kim tra bng cch ping n tng mng. 4.Cu hnh qu trnh chng thc trong OSPF : - Cc router mc nhin tin rng nhng thng tin nh tuyn m n nhn c l do ng router tin cy pht ra v nhng thng tin ny khng b can thip dc ng i. m bo iu ny, cc router trong mt vng cn c cu hnh thc hin chng thc vi nhau. - Mt mt cng OSPF trn router cn c mt cha kha chng thc s dng khi gi cc thng tin OSPF cho cc router khc cng kt ni vi cng . Cha kha ny s dng to ra d liu chng thc (Authenticationg data) t trong phn header ca gi OSPF. Mt m ny c th di n 8 k t. Bn cu hnh chng thc nh sau : Router(config-if)#ip ospf authentication-key password Router(config-if)#ip ospf authentication Hoc Router(config-router)#area area-id authentication Cc lnh thc hin trong bi lab : Router TTG1 TTG1>enable TTG1#configure terminal TTG1(config)#interface s1/0 TTG1(config-if)#ip ospf authentication-key plaint TTG1(config-if)#ip ospf authentication TTG1(config-if)#exit TTG1(config)# Router TTG2 TTG2>enable TTG2#configure terminal

140

TTG2(config)#interface s1/0 TTG2(config-if)#ip ospf authentication-key plaint TTG2(config-if)#ip ospf authentication TTG2(config-if)#exit TTG2(config)# interface s1/1 TTG2(config-if)#ip ospf authentication-key plaintpas TTG2(config-if)#ip ospf authentication TTG2(config-if)#exit TTG2(config)# Router TTG3 TTG3)enable TTG3#configure terminal TTG3(config)# interface s1/1 TTG3(config-if)#ip ospf authentication-key plaintpas TTG3(config-if)#ip ospf authentication TTG3(config-if)#exit TTG3(config)# - C ch chng thc PlainText khng c an ton do mt khu khng c m ha trc khi gi ra bn ngoi nn an ton hn ta nn chuyn qua ch chng thc bng MD5, cch cu hnh nh sau Router(config-if)#ip ospf message-digest-key key-id encryption-type md5 key Router(config-if)#ip ospf authentication message-digest Hoc Router(config-router)#area area-id authentication message-digest - chuyn qua chng thc MD5 trc tin ta cn b ch chng thc PlainText hin ti trn cc Router TTG1,2,3

141

TTG1(config)#interface s1/0 TTG1(config-if)#no ip ospf authentication-key plaint TTG1(config-if)#no ip ospf authentication TTG1(config-if)#exit Tng t cho cc router cn li - Chuyn qua cu hnh chng thc MD5 Router TTG1 TTG1>enable TTG1#configure terminal TTG1(config)#interface s1/0 TTG1(config-if)#ip ospf message-digest-key 1 md5 keymd5 mt khu TTG1(config-if)#ip ospf authentication message-digest cu hnh phng thc chng thc l MD5 TTG1(config-if)#exit TTG1(config)# Router TTG2 : TTG2>enable TTG2#configure terminal TTG2(config)#interface s1/0 TTG2(config-if)#ip ospf message-digest-key 1 md5 keymd51 TTG2(config-if)#ip ospf authentication message-digest TTG2(config-if)#exit TTG2(config)# interface s1/1 TTG2(config-if)# ip ospf message-digest-key 1 md5 keymd52 TTG2(config-if)#ip ospf authentication message-digest

142

TTG2(config-if)#exit TTG2(config)# Router TTG3 TTG3>enable TTG3#configure terminal TTG3(config)# interface s1/1 TTG3(config-if)# ip ospf message-digest-key 1 md5 keymd52 TTG3(config-if)#ip ospf authentication message-digest TTG3(config-if)#exit TTG3(config)# - Cc cu lnh show dng kim tra cu hnh OSPF :

Lnh

Gii thch Hin th cc thng tin v thng s thi gian, thng s nh tuyn, mng nh tuyn v nhiu thng tin khc ca tt c cc giao thc nh tuyn ang hot ng trn router Hin th bng nh tuyn ca router, trong l danh sch cc ng i tt nht n cc mng ch ca bn thn router v cho bit router hc c cc ng i ny bng cch no. Lnh ny cho bit cng ca router c cu hnh ng vi vng ca n hay khng. Nu cng loopback khng c cu hnh th ghi a ch IP ca cng vt l c gi tr ln nht s c chn lm router ID. Lnh ny cng hin th cc thng s ca khong thi gian hello v khong thi gian bt ng trn cng , ng thi cho bit cc router lng ging thn mt kt ni vo cng. Lnh ny cho bit s ln s dng thut ton SPF, ng thi cho bit khong thi gian cp nht khi mng khng c g thay i.

Show ip protocol

Show ip route

Show ip ospf interface

Show ip ospf

143

Show ip ospf neighbor detail

Lit k chi tit cc lng ging, gi tr u tin ca chng v trng thi ca chng. Hin th ni dung ca c s d liu v cu trc h thng mng trn router, ng thi cho bit router ID, ID ca tin trnh OSPF.

Show ip ospf database

- Cc lnh clear v debug dng kim tra hot ng ca OSPF Lnh Clear ip route * Clear ip route a.b.c.d Debug ip ospf events Debug ip ospf adj Gii thch Xa ton b bng nh tuyn Xa ng a.b.c.d trong bng nh tuyn Bo co mi s kin ca OSPF Bo co mi s kin v hot ng quan h thn mt ca OSPF

144

CU HNH EIGRP
1. M t bi lab v hnh :

- Cc PC ni vi router bng cp cho, hai router c ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh hnh v. - Trong bi lab ny chng ta s tin hnh cu hnh giao thc EIGRP cho cc router. - EIGRP l giao th h tr VLSM, metric ca EIGRP c tnh mc nh da vo bng thng v tr 2. Cu hnh : Chng ta cu hnh cho cc router TTG1 v TTG2 nh sau : Router TTG1

Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface E0 TTG1(config-if)#no shutdown TTG1(config-if)#ip address 10.1.0.1 255.255.255.0 TTG1(config-if)#exit

145

TTG1(config)#interface S0 TTG1(config-if)#ip address 192.168.0.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#clock rate 64000 TTG1(config-if)#exit Router TTG2

Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface E0 TTG2(config-if)#no shutdown TTG2(config-if)#ip address 11.1.0.1 255.255.0.0 TTG2(config-if)#exit TTG2(config)#interface S0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#ip address 192.168.0.2 255.255.255.0 TTG2(config-if)#exit TTG2(config)# Sau khi cu hnh xong a ch IP cho cc interface ca router TTG1, TTG2 chng ta tin hnh cu hnh EIGRP cho cc router nh sau: TTG1(config)#router eigrp 100 TTG1(config-router)#network 10.1.0.0 0.0.255.255

100 l s Autonomus system qung b mng 10.1.0.0/16

146

TTG1(config-router)#network 192.168.0.0 TTG2(config)#router eigrp 100 TTG2(config-router)#network 11.0.0.0 0.0.255.255 TTG2(config-router)#network 192.168.0.0 t IP cho cc PC: PC 1 IP address : 10.1.0.2 255.255.0.0 10.1.0.1

qung b mng 192.168.0.0/24

PC 2 IP address : 11.1.0.2 255.255.0.0 11.1.0.1

Subnet Mask : Gateway :

Subnet Mask : Gateway :

By gi chng ta tin hnh kim tra cc kt ni trong mng bng cch : PC1#ping 11.1.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/40 ms Chng ta s dng cu lnh show ip route kim tra bng nh tuyn ca hai router

TTG2#show ip route Gateway of last resort is not set D C 10.0.0.0/8 [90/2195456] via 192.168.0.1, 00:11:35, Serial0 11.1.0.0/16 is directly connected, Ethernet0

C 192.168.0.0/24 is directly connected, Serial0

147

Trong bng nh tuyn ca router TTG2 c cc route n mng ca TTG1, v TTG1 ping thnh cng n loopback ca TTG2.

3. Cu hnh summary v chng thc EIGRP :

Router TTG1 Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface s0 TTG1(config-if)#no shutdown TTG1(config-if)#clock rate 64000

148

TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#exit TTG1(config)#interface loopback 0 TTG1(config-if)#ip address 10.1.0.1 255.255.0.0 TTG1(config-if)#exit TTG1(config)#interface loopback 1 TTG1(config-if)#ip address 10.1.0.10 255.255.0.0 TTG1(config-if)#exit TTG1(config)#interface loopback 2 TTG1(config-if)#ip address 10.1.0.20 255.255.0.0 TTG1(config-if)#exit TTG1(config)#interface loopback 3 TTG1(config-if)#ip address 10.1.0.30 255.255.0.0 TTG1(config-if)#exit TTG1(config)# Router TTG2 Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface s0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#ip address 192.168.1.2 255.255.0.0

149

TTG2(config-if)#exit TTG2(config)#interface loopback 5 TTG2(config-if)#ip address 11.5.0.1 255.255.0.0 TTG2(config-if)#exit TTG2(config)#interface loopback 6 TTG2(config-if)#ip address 11.5.0.10 255.255.0.0 TTG2(config-if)#exit TTG2(config)#interface loopback 7 TTG2(config-if)#ip address 11.5.0.20 255.255.0.0 TTG2(config-if)#exit TTG2(config)#interface loopback 8 TTG2(config-if)#ip address 11.5.0.30 255.255.0.0 TTG2(config-if)#exit TTG2(config)# Chng ta cu hnh EIGRP cho cc router nh sau : Router TTG1 TTG1(config)#router eigrp 10 TTG1(config-router)#network 10.0.0.0 TTG1(config-router)#exit TTG1(config)# Router TTG2 TTG2(config)#router eigrp 10 TTG2(config)#network 11.0.0.0

150

TTG2(config-router)#exit TTG2(config)# Cu hnh summary cho EIGRP : EIGRP t ng tng hp cc ng li theo lp a ch. V d nh bi Lab, TTG1 ch kt ni vo mng con 10.1.0.1 nhng n s pht qung co l n kt ni vo mng lp A 10.0.0.0. Trong hu ht cc trng hp, vic t ng tng hp ny c u im l gip cho bng nh tuyn ngn gn. Tuy nhin, trong mt s trng hp b khng nn s dng ch t ng tng hp ng i ny. V d trong mng c s a ch khng lin tc th ch ny phi tt i. tt ch t ng tng hp ng i, bn dng cu lnh sau : Router(config-router)#no auto-sumary Vi EIGRP, vic tng hp ng i c th c cu hnh bng tay trn tng cng ca router vi gii hn tng hp m bn mun ch khng t ng tng hp theo lp ca a ch IP. Sau khi khai bo a ch tng hp cho mt cng ca router, router s pht qung co ra cng cc a ch c tng hp nh mt cu lnh ci t. a ch tng hp c khi bo bng cu lnh nh sau: Router(config-if)#ip summary-address eigrp autonomous-system-number ip address administrative-distance Cc cu lnh trong bi Lab : Router TTG1 TTG1#configure terminal TTG1(config)#router eigrp 10 TTG1(config-router)#no auto-summary TTG1(config-router)#exit TTG1(config)#interface s0 TTG1(config-if)#ip summary-address eigrp 10 10.1.0.0 255.248.0.0 TTG1(config-if)#exit

Mask

151

TTG1(config)# Router TTG2 TTG2#configure terminal TTG2(config)#router eigrp 10 TTG2(config-router)#no auto-summary TTG2(config-router)#exit TTG2(config)#interface s0 TTG2(config-if)# ip summary-address eigrp 10 11.4.0.0 255.240.0.0 TTG2(config-if)#exit TTG2(config)#

Trc khi tt auto-summary : Router TTG1 : TTG1#show ip router Gateway of last resort is not set 10.0.0.0/16 is subnetted, 4 subnets C C C C 10.1.0.0 is directly connected, Loopback0 10.2.0.0 is directly connected, Loopback1 10.3.0.0 is directly connected, Loopback2 10.4.0.0 is directly connected, Loopback3 11.0.0.0/16 is subnetted, 4 subnets D D D 11.5.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0 11.6.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0 11.7.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0

152

11.8.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0

C 192.168.1.0/24 is directly connected, Serial0

Router TTG2: TTG2#show ip route Gateway of last resort is not set 10.0.0.0/16 is subnetted, 4 subnets D D D D 10.1.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0 10.2.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0 10.3.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0 10.4.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0 11.0.0.0/16 is subnetted, 4 subnets C C C C 11.5.0.0 is directly connected, Loopback4 11.6.0.0 is directly connected, Loopback5 11.7.0.0 is directly connected, Loopback6 11.8.0.0 is directly connected, Loopback7

C 192.168.1.0/24 is directly connected, Serial0 Sau khi tt auto-summary v cu hnh summary: Router TTG1: TTG1#show ip route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks D C 10.0.0.0/13 is a summary, 00:01:50, Null0 10.1.0.0/16 is directly connected, Loopback0

153

C C C

10.2.0.0/16 is directly connected, Loopback1 10.3.0.0/16 is directly connected, Loopback2 10.4.0.0/16 is directly connected, Loopback3 11.0.0.0/12 is subnetted, 1 subnets

11.0.0.0 [90/2297856] via 192.168.1.2, 00:00:21, Serial0

C 192.168.1.0/24 is directly connected, Serial0 Router TTG2: TTG2#show ip route Gateway of last resort is not set 10.0.0.0/13 is subnetted, 1 subnets D 10.0.0.0 [90/2297856] via 192.168.1.1, 00:00:57, Serial0 11.0.0.0/8 is variably subnetted, 5 subnets, 2 masks D C C C C 11.0.0.0/12 is a summary, 00:01:00, Null0 11.5.0.0/16 is directly connected, Loopback4 11.6.0.0/16 is directly connected, Loopback5 11.7.0.0/16 is directly connected, Loopback6 11.8.0.0/16 is directly connected, Loopback7

C 192.168.1.0/24 is directly connected, Serial0 Cu hnh chng thc cho 2 router trong bi Lab : EIGRP (Enhanced Interior Gateway Routing Protocol), l giao thc Distance Vector c quyn, v ch chy trn cc thit b Cisco. Cu hnh chng thc khi trao i thng tin nh tuyn l yu t quan trng gip bo v h thng khi s tn man in the midle. Cu hnh Authentication c thc hin trn tng Interface tham gia vo qu trnh trao i thng tin nh tuyn, thng l cc ng Serial ni gia cc Router. Sau khi Enalbe EIGRP trn cc Router, ta cn xc nh cc cng cn cu hnh Authentication nh sau : Cc cu lnh chng thc trong bi Lab

154

Router TTG1: TTG1(config)#interface s0 TTG1(config-if)#ip authentication mode eigrp 10 md5 TTG1(config-if)#ip authentication key-chain eigrp 10 truongtan TTG1(config-if)#exit TTG1(config)#key chain truongtan TTG1(config-keychain)#key 1 TTG1(config-keychain-key)#key-string ttg TTG1(config-keychain-key)#accept-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010 TTG2(config-keychain-key)#send-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010 TTG1(config-keychain-key)#exit TTG1(config)#exit TTG1#copy running-config startup-config Router TTG2: TTG2(config)#interface s0 TTG2(config-if)#ip authentication mode eigrp 10 md5 TTG2(config-if)#ip authentication key-chain eigrp 10 truongtangroup TTG2(config-if)#exit TTG2(config)#key chain truongtangroup TTG2(config-keychain)#key 1 TTG2(config-keychain-key)#key-string ttgtc TTG2(config-keychain-key)#accept-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010 TTG2(config-keychain-key)#send-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010 TTG2(config-keychain-key)#exit TTG2(config)#exit

155

- Tin hnh lu cu hnh trn 2 router TTG2#copy running-config startup-config Cc lnh show kim tra EIGRP : Lnh Show ip eigrp neighbors Show ip eigrp neighbors Show ip eigrp interface s0 Show ip eigrp topology Show ip eigrp trafic Hin th bng neighbor Hin th chi tit bng neighbor Hin th thng tin v cc interface ang chy giao thc EIGRP (c th trong bi lab vi AS 10) Hin th bng topology Hin th s lng gi tin v cc loi gi tin c nhn v gi Hin th cc thng tin v thng s thi gian, thng s nh tuyn, mng nh tuyn v nhiu thng tin khc ca tt c cc giao thc nh tuyn ang hot ng trn router Hin th bng nh tuyn vi cc router x l bi EIGRP Gii thch

Show ip protocol Show ip route eigrp

Kim tra hot ng ca EIGRP : Lnh debug eigrp fsm debug eigrp packet debug eigrp neighbor debug eigrp notifications Gii thch Hin th cc s kin v hot ng c lin quan n EIGRP feasible successor metrics (FSM) Hin th cc s kin v hot ng c lin quan n cc gi tin ca EIGRP Hin th cc s kin v cc hot ng c lin quan n EIGRP neighbors Hin th cc s kin cnh bo ca EIGRP

156

VTP, VLAN
I. M hnh bi Lab :

II. Cc bc thc hin : 1. Cu hnh VTP trn cc Switch : - SW1 : Switch> enable Switch# configure terminal Switch(config)#hostname SW1-VTPServer SW1-VTPServer(config)#vtp domain TTG SW1-VTPServer(config)#vtp password 123

157

SW1-VTPServer(config)#vtp version 2 SW1-VTPServer(config)#vtp mode server - SW2 : Switch> enable Switch# configure terminal Switch(config)#hostname SW2-VTPClient SW2-VTPClient(config)#vtp domain TTG SW2-VTPClient(config)#vtp password 123 SW2-VTPClient(config)#vtp version 2 SW2-VTPClient(config)#vtp mode client - SW3 : Switch> enable Switch# configure terminal Switch(config)#hostname SW3-VTPClient SW3-VTPClient(config)#vtp domain TTG SW3-VTPClient(config)#vtp password 123 SW3-VTPClient(config)#vtp version 2 SW3-VTPClient(config)#vtp mode client 2. Cu hnh Trunking gia cc Switch : - SW1 : SW1-VTPServer(config)#interface g1/1 SW1-VTPServer(config-if)#switchport mode trunk SW1-VTPServer(config-if)#exit

158

SW1-VTPServer(config)#interface g1/2 SW1-VTPServer(config-if)#switchport mode trunk SW1-VTPServer(config-if)#exit

- SW2 : SW2-VTPClient(config)#interface g1/1 SW2-VTPClient(config-if)#switchport mode trunk SW2-VTPClient(config-if)#exit - SW3 : SW3-VTPClient(config)#interface g1/2 SW3-VTPClient(config-if)#switchport mode trunk SW3-VTPClient(config-if)#exit 3. Cc lnh kim tra cu hnh VTP, Trunking : - SW1-VTPServer #show vtp password VTP Password: 123 - SW1-VTPServer#show vtp status VTP Version Configuration Revision :2 :0

Maximum VLANs supported locally : 255 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode :7 : Server : TTG : Disabled

159

VTP V2 Mode VTP Traps Generation MD5 digest

: Enabled : Disabled : 0x54 0xC1 0x71 0x3F 0x9B 0x83 0xAF 0x38

Configuration last modified by 0.0.0.0 at 3-1-93 01:44:06 - SW1-VTPServer#show interface trunk Port G1/1 G1/2 Port G1/1 G1/2 Port G1/1 G1/2 Port G1/1 G1/2 Mode on on Encapsulation Status 802.1q 802.1q trunking trunking 1 1 Native vlan

Vlans allowed on trunk 1-1005 1-1005 Vlans allowed and active in management domain 1,2,3 1,2,3 Vlans in spanning tree forwarding state and not pruned 1,2,3 1,2,3

4. To VLAN trn SW1-VTPServer : SW1-VTPServer(config)#vlan 2 SW1-VTPServer(config-vlan)#name KinhDoanh SW1-VTPServer(config-vlan)#exit SW1-VTPServer(config)#vlan 3 SW1-VTPServer(config-vlan)#name KeToan

160

SW1-VTPServer(config-vlan)#exit SW1-VTPServer(config)#vlan 4 SW1-VTPServer(config-vlan)#name Giamdoc SW1-VTPServer(config-vlan)#exit SW1-VTPServer(config)#vlan 5 SW1-VTPServer(config-vlan)#name IT SW1-VTPServer(config-vlan)#exit

5. Kim tra li thng tin VLAN trn cc Switch VTP client : - Switch# show vlan brief - Switch# show vlan 6. Cu hnh cc cng thuc VLAN theo yu cu : - SW2 : SW2-VTPClient(config)#interface range fa0/1 6 SW2-VTPClient (config-if-range)#switchport access vlan 2 SW2-VTPClient (config-if-range)#exit SW2-VTPClient(config)#interface range fa0/7 10 SW2-VTPClient (config-if-range)#switchport access vlan 3 SW2-VTPClient (config-if-range)#exit SW2-VTPClient(config)#interface range fa0/11 15 SW2-VTPClient (config-if-range)#switchport access vlan 4 SW2-VTPClient (config-if-range)#exit SW2-VTPClient(config)#interface range fa0/16 24

161

SW2-VTPClient (config-if-range)#switchport access vlan 5 SW2-VTPClient (config-if-range)#exit - SW3 : SW3-VTPClient(config)#interface range fa0/1 6 SW3-VTPClient (config-if-range)#switchport access vlan 2 SW3-VTPClient (config-if-range)#exit SW3-VTPClient(config)#interface range fa0/7 10 SW3-VTPClient (config-if-range)#switchport access vlan 3 SW3-VTPClient (config-if-range)#exit SW3-VTPClient(config)#interface range fa0/11 15 SW3-VTPClient (config-if-range)#switchport access vlan 4 SW3-VTPClient (config-if-range)#exit SW3-VTPClient(config)#interface range fa0/16 24 SW3-VTPClient (config-if-range)#switchport access vlan 5 SW3-VTPClient (config-if-range)#exit 7. Tin hnh t a ch IP cho cc PC theo ng lp mng ca mnh : - Kt ni cc PC vo ng cc port thuc VLAN tng ng trn SW1 v SW2 - V d trng hp ca VLAN 5, lp mng c phn l 192.168.5.0/24 nn IP dng c l t 192.168.5.1 n 192.168.5.254, tng t cho cc VLAN khc - Lu cu hnh v kt thc bi lab

162

VTP,PVST+,PVRST LAB
I. M hnh bi lab :

II. Cc bc cu hnh bi lab: Bc 1: Bc 2:Cu hnh cc loi mt khu cho cng console,vty,mode priviliege Bc 3 : Cu hnh VTP trn 3 Switch Bc 4 : Cu hnh Trunking Bc 5 : To thng tin VLAN theo yu cu ca bi lab trn VTP server (SW1) Bc 6 : Gn cc cng trn SW2,SW3 vo cc VLAN tng ng theo yu cu Bc 7 : Cu hnh a ch IP cho cc Switch c th qun l t xa Bc 8 : SW1 l RootBridge

163

Bc 1: Xa thng tin VLAN v VTP trn cc Switch - Kim tra switch c cu hnh hay cha bng cc lnh show start-up configure ,show vlan brief nu c tin hnh xa thng tin VLAN v cu hnh Switch#delete vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] - Do thng tin VTP v VLAN nm tp tin vlan.dat b nh Flash: nn lnh ny c tc dng xa thng tin VLAN v VTP trn switch SW1#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete Switch#reload Proceed with reload? [confirm] System configuration has been modified. Save? [yes/no]: n Bc 2: Cu hnh mt khu cho cng Console,line vty ,mode privilege SW1>enable SW1#config terminal Enter configuration commands, one SW1(config)#enable secret cisco SW1(config)#line console 0 SW1(config-line)#password cisco SW1(config-line)#login SW1(config)#line vty 0 15

164

SW1(config-line)#password cisco SW1(config-line)#login - Lp li bc 2 cho cc switch cn li v router

Bc 3: Cu hnh VTP trn 3 Switch - Mc nh cc Switch Cisco c cu hnh VTP nh sau : VTP domain name: None VTP mode: Server mode VTP pruning: Enabled or disabled (model specific) VTP password: Null VTP version: Version 1 - ng b c thng tin VTP th i hi cc switch phi ging nhau v VTP Domain, password SW1: Switch>enable Switch#config terminal Switch(config)#hostname SW1 SW1(config)#exit - Xem thng tin VTP trn SW1 trc khi cu hnh bng lnh show vtp status SW1#show vtp status VTP Version Configuration Revision :2 :0

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode :5 : Server

165

VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest

: : Disabled : Disabled : Disabled : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 0.0.0.0 (no valid interface found)

SW1(config)#vtp version 2 SW1(config)#vtp domain TTG Changing VTP domain name from NULL to TTG SW1(config)#vtp password cisco Setting device VLAN database password to cisco SW1(config)#vtp mode server Device mode already VTP SERVER. - Thng tin VTP trn SW1 sau khi cu hnh SW1#show vtp status VTP Version Configuration Revision :2 :0

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode :5 : Server : TTG : Disabled : Enabled

166

VTP Traps Generation MD5 digest

: Disabled : 0x14 0x8E 0xDA 0xC9 0x0A 0x42 0xAF 0xE7

Configuration last modified by 0.0.0.0 at 3-1-93 00:05:26 Local updater ID is 0.0.0.0 (no valid interface found) SW1#show vtp password VTP Password: cisco SW2: Switch>enable Switch#config terminal Switch(config)#hostname SW2 SW2(config)#vtp version 2 Setting device to VTP CLIENT mode. SW2(config)#vtp domain TTG Changing VTP domain name from NULL to TTG SW2(config)#vtp password cisco Setting device VLAN database password to cisco SW2(config)#vtp mode client - Kim tra li thng tin VTP trn SW2 SW2#show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name :2 :1 : 250 :5 : Client : TTG

167

VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest

: Disabled : Enabled : Disabled : 0x14 0x8E 0xDA 0xC9 0x0A 0x42 0xAF 0xE7

Configuration last modified by 0.0.0.0 at 3-1-93 00:05:26 SW2#show vtp password VTP Password: cisco SW3: Switch>enable Switch#config terminal Switch(config)#hostname SW3 SW3(config)#vtp version 2 SW3(config)#vtp domain TTG Changing VTP domain name from NULL to TTG SW3(config)#vtp password cisco Setting device VLAN database password to cisco SW3(config)#vtp mode client Setting device to VTP CLIENT mode. SW3#show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name :2 :1 : 250 :5 : Client : TTG

168

VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest

: Disabled : Enabled : Disabled : 0x14 0x8E 0xDA 0xC9 0x0A 0x42 0xAF 0xE7

Configuration last modified by 0.0.0.0 at 3-1-93 00:12:56 SW3#show vtp password VTP Password: cisco Bc 4: Cu hnh Trunking cho 3 switch SW1,SW2,SW3 v Router Ch : i vi Switch layer 3 do h tr c 2 chun 802.1Q v ISL nn trc khi cu hnh Trunking cn thm lnh switchport trunk encapsulation dot1q mode interface ,Switch layer 2 th ch h tr 802.1Q nn khng cn nhp lnh trn - SW1: SW1(config)#interface fa0/20 SW1(config-if)#switchport trunk encapsulation dot1q //ch dng cho layer3 Switch SW1(config-if)#switchport mode trunk SW1(config-if)#switchport nonegotiate SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#interface fa0/22 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW1(config-if)#switchport nonegotiate SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#interface fa0/23 SW1(config-if)#switchport trunk encapsulation dot1q

// v hiu ha chc nng DTP

169

SW1(config-if)#switchport mode trunk SW1(config-if)#switchport nonegotiate SW1(config-if)#no shutdown - SW2: SW2(config)#interface fa0/22 SW2(config-if)# switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk SW2(config-if)#switchport nonegotiate SW2(config-if)#no shutdown - SW3: SW3(config)#interface fa0/23 SW3(config-if)# switchport trunk encapsulation dot1q SW3(config-if)#switchport mode trunk SW3(config-if)#switchport nonegotiate SW3(config-if)#no shutdown

- S dng lnh show interfaces trunk kim tra li cu hnh Trunking SW1#show interfaces trunk Port Fa0/20 Fa0/22 Fa0/23 Port Fa0/20 Fa0/22 Mode on on on Encapsulation Status 802.1q 802.1q 802.1q trunking trunking trunking Native vlan 1 1 1

Vlans allowed on trunk 1-4094 1-4094

170

Fa0/23 Port Fa0/20 Fa0/22 Fa0/23 Port Fa0/20 Fa0/22 Fa0/23 Router:

1-4094 Vlans allowed and active in management domain 1 1 1 Vlans in spanning tree forwarding state and not pruned none 1 1

Router#config terminal Enter configuration commands, one per line. End with C Router(config)#interface fa0/0 Router(config-if)#description Gateway cho VLAN1 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface fa0/0.2 Router(config-subif)#description Gateway cho VLAN2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 192.168.2.1 255.255.255.0 Router(config-if)#exit Router(config)#interface fa0/0.3 Router(config-subif)#description Gateway cho VLAN3 Router(config-subif)#encapsulation dot1Q 3

171

Router(config-subif)#ip address 192.168.3.1 255.255.255.0 Router(config-if)#exit Router(config)#interface fa0/0.4 Router(config-subif)#description Gateway cho VLAN4 Router(config-subif)#encapsulation dot1Q 4 Router(config-subif)#ip address 192.168.4.1 255.255.255.0 Router#show ip interface brief Interface FastEthernet0/0 FastEthernet0/0.2 FastEthernet0/0.3 FastEthernet0/0.4 FastEthernet0/1 Serial0/1/0 Serial0/1/1 IP-Address 192.168.1.1 192.168.2.1 192.168.3.1 192.168.4.1 unassigned unassigned unassigned OK? Method Status YES YES YES YES manual up manual up manual up manual up Protocol up up up up

YES administratively down down YES administratively down down YES administratively down down

Bc 5: To VLAN trn VTP server SW1 - Kim tra thng tin VLAN hin ti trn SW1

SW1#show vlan VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11,Fa0/12

172

Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/24, Gi0/1, Gi0/2 1002 fddi-default 1003 trcrf-default 1004 fddinet-default 1005 trbrf-default - Tin hnh to VLAN SW1(config)#vlan 2 SW1(config-vlan)#name Accounting_Network SW1(config-vlan)#exit SW1(config)#vlan 3 SW1(config-vlan)#name Engineering_Network SW1(config-vlan)#exit SW1(config)#vlan 4 SW1(config-vlan)#name Markeeting_Network SW1(config-vlan)#exit Kim tra lai thng tin trn SW1,SW2,SW3 sau khi cu hnh m bo thng tin VLAN v VTP c ng b act/unsup act/unsup act/unsup act/unsup

SW1#show vlan VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------

173

1 default

active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/21 Fa0/24, Gi0/1, Gi0/2

Accounting_Network

active active active act/unsup act/unsup act/unsup act/unsup

3 Engineering_Network 4 Markeeting_Network 1002 fddi-default 1003 trcrf-default 1004 fddinet-default 1005 trbrf-default SW1#show vtp status VTP Version Configuration Revision

:2 :4

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest :8 : Server : TTG : Disabled : Enabled : Disabled : 0x23 0x1C 0x6A 0xEB 0x65 0xD2 0xA5 0x51

Configuration last modified by 0.0.0.0 at 3-1-93 00:41:55

174

Local updater ID is 0.0.0.0 (no valid interface found) SW2#show vlan VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/23, Fa0/24, Gi0/1 Gi0/2 2 3 Accounting_Network Engineering_Network active active active act/unsup act/unsup act/unsup act/unsup

4 Markeeting_Network 1002 fddi-default 1003 trcrf-default 1004 fddinet-default 1005 trbrf-default SW2#show vtp status VTP Version Configuration Revision

:2 :4

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode VTP Domain Name :8 : Client : TTG

175

VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest

: Disabled : Enabled : Disabled : 0x23 0x1C 0x6A 0xEB 0x65 0xD2 0xA5 0x51

Configuration last modified by 0.0.0.0 at 3-1-93 00:41:55 SW3#show vtp status VTP Version Configuration Revision :2 :4

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest :8 : Client : TTG : Disabled : Enabled : Disabled : 0x23 0x1C 0x6A 0xEB 0x65 0xD2 0xA5 0x51

Configuration last modified by 0.0.0.0 at 3-1-93 00:41:55 SW3#show vlan VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20

176

Fa0/21, Fa0/23, Fa0/24, Gi0/1 Gi0/2 2 3 Accounting_Network Engineering_Network active active active act/unsup act/unsup act/unsup act/unsup

4 Markeeting_Network 1002 fddi-default 1003 trcrf-default 1004 fddinet-default 1005 trbrf-default

Bc 6: Gn cc port trn tng Switch vo VLAN tng ng - SW1: SW1(config)#interface range fa0/1 - 5 SW1(config-if-range)#switchport access vlan 2 SW1(config-if-range)#exit SW1(config)#interface range fa0/6 - 10 SW1(config-if-range)#switchport access vlan 3 SW1(config-if-range)#exit SW1(config)#interface range fa0/11 - 15 SW1(config-if-range)#switchport access vlan 4 SW1(config-if-range)#exit - Lp li bc 6 trn cc Switch cn li - Kim tra li bng lnh show vlan trn c 3 Switch SW1#show vlan VLAN Name Status Ports

---- -------------------------------- --------- -----------------------------

177

1 default

active

Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/21, Fa0/24, Gi0/1, Gi0/2

Accounting_Network

active

Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5

Engineering_Network

active

Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10

Markeeting_Network

active

Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15

Bc 7 : Cu hnh a ch IP cho cc Switch c th qun l t xa SW1(config)# interface VLAN1 SW1(config-if)#ip address 192.168.1.11 255.255.255.0 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#ip default-gateway 192.168.1.1 SW1#show ip interface brief Interface Vlan1 IP-Address 192.168.1.11 OK? Method Status YES manual up Protocol up

SW2(config)# interface VLAN1 SW2(config-if)#ip address 192.168.1.12 255.255.255.0 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)#ip default-gateway 192.168.1.1 SW2#show ip interface brief Interface Vlan1 IP-Address 192.168.1.12 OK? Method Status YES manual up Protocol up

178

SW3(config)# interface VLAN1 SW3(config-if)#ip address 192.168.1.13 255.255.255.0 SW3(config-if)#no shutdown SW3(config-if)#exit SW3(config)#ip default-gateway 192.168.1.1

SW3#show ip interface brief Interface Vlan1 IP-Address 192.168.1.13 OK? Method Status YES manual up Protocol up

- T cc Switch th ping n router SW1#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms SW1#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms - Sau t router th telnet n cc Switch Router#telnet 192.168.1.11 Trying 192.168.1.11 ... Open User Access Verification

179

Password: SW1>enable Password: SW1# Bc 8: Cu hnh cho SW1 l RootBrigde - Tin hnh gn thm mt ng kt ni gia SW2 v SW3 nh m hnh bn di

- Cu hnh ng kt ni gia hai switch SW2 v SW3 l hot ng ch Trunk - SW2: SW2(config)#interface fa0/24 SW2(config-if)# switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk

180

SW2(config-if)#switchport nonegotiate SW2(config-if)#no shutdown - SW3: SW3(config)#interface fa0/24 SW3(config-if)# switchport trunk encapsulation dot1q SW3(config-if)#switchport mode trunk SW3(config-if)#switchport nonegotiate SW3(config-if)#no shutdown - Kim tra SW1 hin ti c phi l rootbridge cha bn lnh show spanning-tree SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee (Giao thc chy mc nh l PVST+) Root ID Priority 32769 (Roo tBrigdeID)

Address Cost Port

000a.b8f3.ec40 19 22 (FastEthernet0/22) (Root Port ca SW1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 32769 (priority 32768 sys-id-ext 1) (Priority mc nh ca W1)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Desg FWD 19 Root FWD 19 128.20 P2p 128.22 P2p

181

Fa0/23 VLAN0002

Desg FWD 19

128.23 P2p

Spanning tree enabled protocol ieee Root ID Priority 32770

Address Cost Port

000a.b8f3.ec40 19 22 (FastEthernet0/22)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority Address

32770 (priority 32768 sys-id-ext 2)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0003 Spanning tree enabled protocol ieee Root ID Priority 32771 Desg FWD 19 Root FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

Address Cost Port

000a.b8f3.ec40 19 22 (FastEthernet0/22)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

182

Bridge ID Priority Address

32771 (priority 32768 sys-id-ext 3)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 Desg FWD 19 Root FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

VLAN0004 Spanning tree enabled protocol ieee Root ID Priority 32772

Address Cost Port

000a.b8f3.ec40 19 22 (FastEthernet0/22)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 32772 (priority 32768 sys-id-ext 4)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Desg FWD 19 Root FWD 19 128.20 P2p 128.22 P2p

183

Fa0/23

Desg FWD 19

128.23 P2p

- cu hnh cho SW1 l Root Bridge cho tt c VLAN ta tin hnh thay i Priority ca SW1 thnh gi tr thp hn gi tr mc nh 32768 ca cc switch khc Ch : Gi tr ca Priority phi l bi s ca 4096 SW1(config)#spanning-tree vlan 1-4 priority 4096 - Kim tra li thng tin STP sau khi i Priority SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 4097

Address

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address 0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 4098

Desg FWD 19 Desg FWD 19 Desg FWD 19

128.20 P2p 128.22 P2p 128.23 P2p

184

Address

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4098 (priority 4096 sys-id-ext 2) Address 0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0003 Spanning tree enabled protocol ieee Root ID Priority 4099 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

Address

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4099 (priority 4096 sys-id-ext 3) Address 0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Desg FWD 19 128.20 P2p

185

Fa0/22 Fa0/23 VLAN0004

Desg FWD 19 Desg FWD 19

128.22 P2p 128.23 P2p

Spanning tree enabled protocol ieee Root ID Priority 4100

Address

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4100 (priority 4096 sys-id-ext 4) Address 0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

- Nh chng ta thy hin ti SW1 l Root Bridge cho c 4 VLAN Bc 9: Kim tra li s nh tuyn gia cc VLAN - Cu hnh Ip cho cc PC nh sau : PC-VLAN1 : IP : 192.168.1.10 SM : 255.255.255.0 GW : 192.168.1.1 (cng Fa0/0 trn router TTG1)

186

Port : Fa0/16 PC-VLAN2 : IP : 192.168.2.10 SM : 255.255.255.0 GW : 192.168.2.1 (cng Fa0/0.2 trn router TTG1) Port : Fa0/1 PC-VLAN3 : IP : 192.168.3.10 SM : 255.255.255.0 GW : 192.168.3.1 (cng Fa0/0.3 trn router TTG1) Port : Fa0/6 PC-VLAN4 : IP : 192.168.4.10 SM : 255.255.255.0 GW : 192.168.4.1 (cng Fa0/0.4 trn router TTG1) Port : Fa0/11 - T cc PC ca VLAN 1,2,3,4 phi ping c nhau ,c th s dng thm lnh tracert kim tra ng i ca gi tin t VLAN ny qua VLAN khc

Bc 10: Cu hnh PVRST+

187

Chuyn cc Switch qua hot ng mode PVRST+ - SW1: SW1(config)#spanning-tree mode rapid-pvst SW1(config)#spanning-tree vlan 1-2 root primary SW1(config)#spanning-tree vlan 3-4 root secondary - SW2: SW2(config)#spanning-tree mode rapid-pvst SW2(config)#spanning-tree vlan 1-2 root secondary SW2(config)#spanning-tree vlan 3-4 root primary

188

- SW1: SW3(config)#spanning-tree mode rapid-pvst - Kim tra li cu hnh PVRST+ trn SW1 SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 4097

Address

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address 0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0002 Spanning tree enabled protocol rstp Root ID Priority 4098 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

Address

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

189

Bridge ID Priority 4098 (priority 4096 sys-id-ext 2) Address 0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0003 Spanning tree enabled protocol rstp Root ID Priority 24579 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

Address Cost Port

000a.b8f3.ee00 19 23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority Address

28675 (priority 28672 sys-id-ext 3)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p

190

Fa0/23 VLAN0004

Root FWD 19

128.23 P2p

Spanning tree enabled protocol rstp Root ID Priority 24580

Address Cost Port

000a.b8f3.ee00 19 23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 28676 (priority 28672 sys-id-ext 4)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 Desg FWD 19 Desg FWD 19 Root FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

- Nh vy hin ti SW1 ang l Root Bridge cho VLAN 1 v 2 - Tng t nh vy trn SW2 SW2#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 4097

Address Cost

0018.192e.ddc0 19

191

Port

23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 28673 (priority 28672 sys-id-ext 1)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/21 Fa0/23 VLAN0002 Spanning tree enabled protocol rstp Root ID Priority 4098 Desg FWD 19 Root FWD 19 128.21 P2p 128.23 P2p

Address Cost Port

0018.192e.ddc0 19 23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 28674 (priority 28672 sys-id-ext 2)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/1 Fa0/21 Desg FWD 19 Desg FWD 19 128.1 P2p

128.21 P2p

192

Fa0/23 VLAN0003

Root FWD 19

128.23 P2p

Spanning tree enabled protocol rstp Root ID Priority 24579

Address

000a.b8f3.ee00

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 24579 (priority 24576 sys-id-ext 3)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/6 Fa0/21 Fa0/23 VLAN0004 Spanning tree enabled protocol rstp Root ID Priority 24580 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.6 P2p

128.21 P2p 128.23 P2p

Address

000a.b8f3.ee00

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 24580 (priority 24576 sys-id-ext 4)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

193

Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/21 Fa0/23 Desg FWD 19 Desg FWD 19 128.21 P2p 128.23 P2p

194

nh Tuyn S Dng Switch Layer3


I. M hnh bi Lab :

II. Cc bc thc hin : - Cu hnh trunking gia cc Switch - Etherchannel tng bng thng v chia ti t cc Switch Access n Layer3 Switch - S dng giao thc VTP ng b thng tin VLAN gia cc Switch - To thng tin VLAN trn switch VTP Server gm 4 VLAN: +VLAN 2 : K Ton s dng lp mng 192.168.2.0 +VLAN 3 : Kinh Doanh s dng lp mng 192.168.3.0 +VLAN 4 : Gim c s dng lp mng 192.168.4.0 +VLAN 5 : IT s dng lp mng 192.168.5.0 - Trn cc Switch Access ln lt c cc cng thuc VLAN nh sau :

195

+fa0/5 n fa0/9 thuc VLAN 2 +fa0/10 n fa0/14 thuc VLAN 3 +fa0/15 n fa0/19 thuc VLAN 4 +fa0/20 n fa0/24 thuc VLAN 5 - m bo Layer3 Switch l RootBrdge trong STP - S dng cc Layer3 Switch nh tuyn gia cc VLAN - nh tuyn gia Layer3 Switch v Router 1. Cu hnh trunking gia cc Switch - Layer3SW: Switch(config)#hostname Layer3SW Layer3SW(config)#interface range fa0/1 - 4 Layer3SW(config-if-range)#switchport mode trunk - AccessSW1: Switch(config)#hostname AccessSW1 AccessSW1(config)#interface range fa0/1 - 2 AccessSW1(config-if-range)#switchport mode trunk - AccessSW2: Switch(config)#hostname AccessSW2 AccessSW2(config)#interface range fa0/1 - 2 AccessSW2(config-if-range)#switchport mode trunk 2.S dng Etherchannel tng bng thng v chia ti t cc Switch Access n Layer3 Switch - Layer3SW: Layer3SW(config)#interface port-channel 1 Layer3SW(config-if)#exit Layer3SW(config)#interface range fa0/1 2

196

Layer3SW(config-if-range)#channel-group 1 mode active Layer3SW(config-if)#exit Layer3SW(config)#interface port-channel 2 Layer3SW(config-if)#exit Layer3SW(config)#interface range fa0/3 4 Layer3SW(config-if-range)#channel-group 2 mode active - AccessSW1: AccessSW1(config)#interface port-channel 1 AccessSW1(config-if)#exit AccessSW1(config)#interface range fa0/1 2 AccessSW1(config-if-range)#channel-group 1 mode active - AccessSW2: AccessSW2(config)#interface port-channel 2 AccessSW2(config-if)#exit AccessSW2(config)#interface range fa0/1 2 AccessSW2(config-if-range)#channel-group 2 mode active 3. S dng giao thc VTP ng b thng tin VLAN gia cc Switch: - Layer3SW: Layer3SW(config)#vtp domain TTG Layer3SW(config)#vtp password 123 Layer3SW(config)#vtp mode server - AccessSW1: AccessSW1(config)#vtp domain TTG AccessSW1(config)#vtp password 123 AccessSW1(config)#vtp mode client

197

- AccessSW2: AccessSW2(config)#vtp domain TTG AccessSW2(config)#vtp password 123 AccessSW2(config)#vtp mode client 4. To thng tin VLAN trn switch VTP Server gm 4 VLAN: +VLAN 2 : K Ton s dng lp mng 192.168.2.0 +VLAN 3 : Kinh Doanh s dng lp mng 192.168.3.0 +VLAN 4 : Gim c s dng lp mng 192.168.4.0 +VLAN 5 : IT s dng lp mng 192.168.5.0 Do chng ta ang s dng giao thc VTP ng b thng tin VLAN cho ton b Switch trong h thng nn to thng tin VLAN bt buc phi lm trn Switch VTP Server trong trng hp ny Layer3SW - Layer3SW : Layer3SW(config)#vlan 2 Layer3SW(config-vlan)#name KeToan Layer3SW(config-vlan)#exit Layer3SW(config)#vlan 3 Layer3SW(config-vlan)#name KinhDoanh Layer3SW(config-vlan)#exit Layer3SW(config)#vlan 4 Layer3SW(config-vlan)#name GiamDoc Layer3SW(config-vlan)#exit Layer3SW(config)#vlan 5 Layer3SW(config-vlan)#name IT Layer3SW(config-vlan)#exit

198

Sau kim tra li vic ng b thng tin VLAN trn cc AccessSW1 v AccessSW2 bng lnh show vlan brief m bo chc chn c thng tin v cc VLAN mi to trn 5. Trn cc Switch Access ln lt c cc cng thuc VLAN nh sau : - AccessSW1: AccessSW1(config)#interface range fa0/5 - 9 AccessSW1(config-if-range)#switchport access vlan 2 AccessSW1(config-if-range)#exit AccessSW1(config)#interface range fa0/10 - 14 AccessSW1(config-if-range)#switchport access vlan 3 AccessSW1(config-if-range)#exit AccessSW1(config)#interface range fa0/15 19 AccessSW1(config-if-range)#switchport access vlan 4 AccessSW1(config-if-range)#exit AccessSW1(config)#interface range fa0/20 - 24 AccessSW1(config-if-range)#switchport access vlan 5 - AccessSW2: AccessSW2(config)#interface range fa0/5 - 9 AccessSW2(config-if-range)#switchport access vlan 2 AccessSW2(config-if-range)#exit AccessSW2(config)#interface range fa0/10 - 14 AccessSW2(config-if-range)#switchport access vlan 3 AccessSW2(config-if-range)#exit AccessSW2(config)#interface range fa0/15 19 AccessSW2(config-if-range)#switchport access vlan 4 AccessSW2(config-if-range)#exit

199

AccessSW2(config)#interface range fa0/20 - 24 AccessSW2(config-if-range)#switchport access vlan 5 6. m bo Layer3 Switch l RootBrdge trong STP: Layer3SW(config)#spanning-tree vlan 1-5 root primary 7. S dng cc Layer3 Switch nh tuyn gia cc VLAN: nh tuyn gia cc VLAN trn switch Layer3 ta s t a ch cho cc interface VLAN 2,3,4,5 v dng cc interface ny lm gateway cho cc PC bn di (cc interface VLAN gi l SVI: Switch Virtual Interface) -Bt tnh nng nh tuyn Layer3SW(config)#ip routing -t a ch Ip cho cc interface VLAN theo lp mng tng ng phn trn, c th nh sau: Layer3SW(config)#interface vlan 2 Layer3SW(config-if)#ip address 192.168.2.1 255.255.255.0 Layer3SW(config-if)#no shutdown Layer3SW(config-if)#exit Layer3SW(config)#interface vlan 3 Layer3SW(config-if)#ip address 192.168.3.1 255.255.255.0 Layer3SW(config-if)#no shutdown Layer3SW(config-if)#exit Layer3SW(config)#interface vlan 4 Layer3SW(config-if)#ip address 192.168.4.1 255.255.255.0 Layer3SW(config-if)#no shutdown Layer3SW(config-if)#exit Layer3SW(config)#interface vlan 5 Layer3SW(config-if)#ip address 192.168.5.1 255.255.255.0 Layer3SW(config-if)#no shutdown

200

Layer3SW(config-if)#exit -t a ch Ip cho cc PC kim tra vic nh tuyn gia cc VLAN thnh cng hay cha: PCVLAN2 : Ip Address : 192.168.2.10 Subnet Mask: 255.255.255.0 Gateway PCVLAN3 : Ip Address : 192.168.3.10 Subnet Mask: 255.255.255.0 Gateway PCVLAN4 : Ip Address : 192.168.4.10 Subnet Mask: 255.255.255.0 Gateway PCVLAN5 : Ip Address : 192.168.5.10 Subnet Mask: 255.255.255.0 Gateway : 192.168.5.1 : 192.168.4.1 : 192.168.3.1 : 192.168.2.1

- Sau t cc PC s dng lnh Ping kim tra qu trnh nh tuyn thnh cng hay khng, kt qu cc PC phi Ping c ln nhau 8.nh tuyn gia Layer3 Switch v Router: - Layer3SW: Layer3SW(config)#interface fa0/5 Layer3SW(config-if)#no switchport Layer3SW(config-if)#ip address 192.168.6.1 255.255.255.0

201

Layer3SW(config-if)#no shutdown Layer3SW(config-if)#exit - Cu hnh giao thc nh tuyn RIPv2 Layer3SW(config)#router rip Layer3SW(config-router)#version 2 Layer3SW(config-router)#network 192.168.2.0 Layer3SW(config-router)#network 192.168.3.0 Layer3SW(config-router)#network 192.168.4.0 Layer3SW(config-router)#network 192.168.5.0 Layer3SW(config-router)#network 192.168.6.0 - Router DNG : Router(config)#hostname DNG DNG(config)#interface fa0/0 DNG(config-if)#ip address 192.168.6.2 255.255.255.0 DNG(config-if)#no shutdown DNG(config-if)#exit DNG(config)#router rip DNG(config-router)#version 2 DNG(config-router)#network 192.168.6.0 - Kim tra bng nh tuyn ca Router v Layer3Switch s dng lnh show ip route

202

STANDARD ACCESS LIST


I. Gii thiu: - Mt trong nhng cng c rt quan trng trong Cisco Router c dng trong lnh vc security l Access List. y l mt tnh nng gip bn c th cu hnh trc tip trn Router to ra mt danh sch cc a ch m bn c th cho php hay ngn cn vic truy cp vo mt a ch no . - Access List c 2 loi l Standard Access List v Extended Access List. + Standard Access List: y l loi danh sch truy cp m khi cho php hay ngn cn vic truy cp,Router ch kim tra mt yu t duy nht l a ch ngun(Source Address) + Extended Access List: y l loi danh sch truy cp m rng hn so vi loi Standard,cc yu t v a ch ngun, a ch ch,giao thc,port..s c kim tra trc khi Router cho php vic truy nhp hay ngn cn. II. M t bi lab v hnh : - Bi Lab ny gip bn thc hin vic cu hnh Standard Access List cho Cisco Router vi mc ch ngn khng cho host truy cp n router TTG2, ( X l s th t ca nhm do ging vin phn )

203

III.

Cu hnh router :

- Router TTG1 : Router> enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface s0/1/0 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#exit TTG1(config)#interface fa0/1 TTG1(config-if)#ip address 10.X.0.1 255.255.255.0 TTG1(config-if)#no shutdown - Router TTG2 Router> enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface s0/1/0 TTG2(config-if)#ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#exit TTG2(config)#interface fa0/1 TTG2(config-if)#ip address 11.X.0.1 255.255.255.0 TTG2(config-if)#no shutdown

204

- PC1: IP Address:10.X.0.2 Subnet mask:255.255.255.0 Gate way : 10.X.0.1 - PC2: IP Address:11.X.0.2 Subnet mask:255.255.255.0 Gate way : 11.X.0.1

- Bn thc hin vic nh tuyn cho cc Router nh sau(Dng giao thc RIP): TTG1(config)#router rip TTG1(config-router)#version 2 TTG1(config-router)#network 192.168.1.0 TTG1(config-router)#network 10.0.0.0 TTG2(config)#router rip TTG1(config-router)#version 2 TTG2(config-router)#network 192.168.1.0 TTG2(config-router)#network 11.0.0.0 - Bn thc hin kim tra qu trnh nh tuyn: TTG2#ping 192.168.1.1 Type escape sequence to abort.

205

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms TTG2#ping 11.X.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms TTG2#ping 11.X.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/40 ms - Sau qu trnh nh tuyn,kim tra chc chn rng mng c thng,bn thc hin vic to Access List Standard ngn khng cho PC1 ping vo TTG2. - Bn thc hin to Access List trn Router TTG2 nh sau: TTG2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. TTG2(config)#access-list 1 deny 11.X.0.2 0.0.0.0 //t chi s truy nhp ca a ch 11.0.0.2// - Lc ny bn thc hin lnh Ping t Host1 n TTG2

206

- Bn thy lnh Ping thc hin vn thnh cng, l do l bn cha m ch Access list trn interface s0/1/0 ca router TTG2 TTG1(config)#interface s0/1/0 TTG1(config-if)#ip access-group 1 in - Sau khi apply access list vo interface s0/1/0, ta ping t PC1 n TTG2.

207

- By gi ta i a ch ca PC thnh 11.X.0.3, v th ping li 1 ln na.

- Bn thy lnh Ping vn khng thnh cng, l do l khi khng tm thy a ch source (a ch l) trong danh sch Access list, router s mc nh thc hin Deny any,v vy bn phi thay i mc nh ny. Sau y l lnh debug ip packet ti TTG2 khi thc hin lnh ping trn.

TTG1(config)#access-list 1 permit any

208

- Lc ny bn thc hin li lnh Ping t PC1 n TTG2

- Bn thy lnh Ping thnh cng, n y bn cu hnh xong Standard Access List.

209

EXTENDED ACCESS LIST

I.

Gii thiu : - bi trc bn thc hin vic cu hnh Standard Access List, bi Lab ny bn s tip tc tm hiu su hn v Extended Access List. y l m rng ca Standard Access List, trong qu trnh kim tra, Router s kim tra cc yu t v a ch ngun, ch,giao thc v port M t bi lab v hnh : - Mc ch ca bi Lab:Bn thc hin cu hnh Extended Access List sao cho PC1 khng th Telnet vo Router TTG2 nhng vn c th duyt web qua Router TTG2

II.

- Bn thc hin vic cu hnh cho Router v Host nh hnh trn:

210

III.

Cu hnh router : PC1: IP Address:10.X.0.2 Subnet mask:255.255.255.0 Gateway:10.X.0.1 PC2: IP Address:11.X.0.2 Subnet mask:255.255.255.0 Gateway:11.X.0.1 Router TTG1: Router> enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface s0/1/0 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#exit TTG1(config)#interface fa0/1 TTG1(config-if)#ip address 10.X.0.1 255.255.255.0 TTG1(config-if)#no shutdown Router TTG2 : Router> enable

211

Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface s0/1/0 TTG2(config-if)#ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#exit TTG2(config)#interface fa0/1 TTG2(config-if)#ip address 11.X.0.1 255.255.255.0 TTG2(config-if)#no shutdown -Cu hnh nh tuyn cho 2 router bng OSPF Router TTG1 : TTG1(config)#router ospf 1 TTG1(config-router)#network 10.X.0.0 0.255.255.255 area 0 TTG1(config-router)#network 192.168.1.0 0.0.0.255 area 0 TTG1(config-router)#exit Router TTG2 : TTG1(config)#router ospf 1 TTG1(config-router)#network 11.X.0.0 0.255.255.255 area 0 TTG1(config-router)#network 192.168.1.0 0.0.0.255 area 0 TTG1(config-router)#exit - Bn thc hin lnh Ping kim tra qu trnh nh tuyn.Sau khi chc chn rng qu trnh nh tuyn thnh cng. - Ti Router TTG2 bn thc hin cu lnh: TTG2(config)#ip http server //Cu lnh ny dng gi mt http server trn Router//

212

- To username v password dng chng thc cho Web Server TTG2(config)#username TTG2 password cisco - Lc ny Router s ng vai tr nh mt Web Server - Sau khi qu trnh nh tuyn thnh cng,bn thc hin cc bc Telnet v duyt Web t PC1 vo Router TTG2. - Ch : thnh cng vic Telnet bn phi Login cho ng line vty v t mt khu cho ng ny( y l Cisco) TTG2(config)#line vty 0 4 TTG2(config-line)#login TTG2(config-line)#password cisco Telnet :

Duyt web :

213

- Bn nhp vo User Name v Password User name: TTG2 Password : cisco - Cc bc trn thnh cng,bn thc hin vic cu hnh Access list TTG2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. TTG2(config)#access-list 101 deny tcp 11.X.0.2 0.0.0.0 192.168.1.2 0.0.0.0 eq telnet TTG2(config)#interface s0/1/0 TTG2(config-if)#ip access-group 101 in - Bn thc hin li vic Telnet nh trn,bn nhn thy qu trnh Telnet khng thnh cng nhng bc duyt Web ca bn cng khng thnh cng. - Theo yu cu bn ch ngn cm Telnet nhng cho php qu trnh duyt Web

214

Telnet :

Duyt Web :

- thnh cng bc duyt Web,bn thc hin cu lnh thay i vic Deny any mc nh ca Access List. TTG2(config)#access-list 101 permit ip any any - Bn ch rng cc cu lnh trong Access List extended khng ging nh trong Access List Standard v trong Access List Extended,Router s kim tra c a ch ngun,ch,giao thc v port..Permit ip any any c ngha l cho php tt c cc a ch ngun v ch khc(khng tm thy trong danh sch Access List) chy trn nn giao thc IP i qua. Lc ny bn thc hin li qu trnh duyt web

215

Bn nhp vo User Name v Password User name :TTG2 Password : Cisco -n y bn thnh cng vic cu hnh cho Extended Access List,bn thc hin c yu cu to Access List cho Router vi mc ch ngn cm vic Telnet vo Router v cho php qu trnh duyt Web vo Router.Bn cng c th m rng thm hnh vi nhiu Router thc tp vic cu hnh Access List cho Router vi nhng yu cu bo mt khc nhau.

216

CU HNH NAT STATIC


I. Gii thiu : Nat (Network Address Translation) l mt giao thc dng cung cp s chuyn i IP trong 1 min a ra mt mi trng khc thng qua mt IP c ng k chuyn i thng tin gia 2 mi trng (either Local or Global) . u im ca NAT( Network Nat Translation ) l chuyn i cc IP adress ring trong mng n IP adress inside c Cung cp khi ng k . Cc loi a ch : Inside Local : l cc a ch bn trong mng ni b ( gateway) Inside Global :l cc a ch ngoi cng GATEWAY , l a ch Nat c ng k. Trong bi nay l :172.17.0.1/24 Outside Global : l cc h thng mng bn ngoi cc mi trng Cch thc chuyn i mt IP public v mt IP private s khng c hiu qu khi chng ta trin khai rng cho tt c cc host trong mng, bi v khi lm nh vy ta s khng c a ch cung cp. Nat tnh thng c p dng khi ta s dng a ch public lm WebServer hay FTP Server,v.v. II. M t bi lab v hnh :

- Cc PC ni vi router bng cp cho, hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC c cho trn hnh v - Trong bi lab ny, router TTG2 c cu hnh nh mt ISP, router TTG1 c cu hnh nh mt Gateway III. Cu hnh : - Chng ta cu hnh cho cc router nh sau : Router TTG2 :

217

Router#conf igure terminal TTG2(config)#enable password cisco TTG2 (config)#hostname TTG2 TTG2config)#interface s0/1/0 TTG2 (config-if)#ip address 192.168.0.2 255.255.255.0 TTG2 (config-if)# no shutdown TTG2 (config-if)#clock rate 64000 TTG2 (config)#interface fa0/1 TTG2 (config-if)#ip address 11.1.0.1 255.255.255.0 TTG2 (config-if)#no shutdown Router TTG1 : TTG1(config)#interface serial 0/1/0 TTG1(config-if)#ip address 192.168.0.1 255.255.255.0 TTG1(configure-if)#clockrate 64000 TTG1(config)#ip nat outside cu hnh interface S0/1/0l interface outside TTG1(config)#interface fa0/1 TTG1(config-if)#ip address 10.1.0.1 255.255.255.0 TTG1(config-if)#ip nat intside Cu hnh interface Fa0/0 l interface inside TTG1(config-if)#no shutdown - Chng ta tin hnh cu hnh Static NAT cho TTG1 bng cu lnh : TTG1(config)#ip nat inside source static 10.1.0.2 172.17.0.1 Cu lnh trn c ngha l : cc gi tin xut pht t PC1 khi qua router ( vo t interface Fa0/1) TTG1 ra ngoi( ra khi interface S0/1/0) s c i a ch IP source t 10.1.0.2 thnh a ch 172.17.0.1 (y l a ch c ng k vi ISP)

218

- Chng ta tin hnh t Static Route cho 2 Router TTG2 v TTG1. TTG1(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.2 TTG2(config)#ip route 172.17.0.0 255.255.0.0 192.168.0.1 - a ch 172.17.0.1 l Address c ng k. Trn thc t ISP ch route xung user bng a ch ng k ny. - kim tra vic NAT ca router TTG1 nh th no chng ta s dng cu lnh sau: TTG1#show ip nat translation Pro Inside global --- 172.17.0.1 Inside local 10.1.0.2 Outside local ----Outside global

- kim tra router TTG1 chuyn i a ch nh th no chng ta s dng cu lnh debug ip nat trn router TTG1 v v ping t PC1 n a ch 11.1.0.1

219

- T ngoi ISP ( TTG2 ) mun ping vo PC1 hay cc server bn trong mng LAN ca khch hng bng cch ping vo a ch publish ang c NAT trn TTG1 v bn ngoi internet ch kt ni c n IP ny

- Nh vy bn ngoi mun tng tc c vi Server bn trong phi truy cp vo a ch IP l 172.17.0.1.

220

221

CU HNH NAT OVERLOAD


I. Gii thiu : NAT (Network Address Translation) dng chuyn i cc private address thnh a ch public address. Cc gi tin t mng ni b ca user gi ra ngoi, khi n router bin a ch IP source s c chuyn i thnh a ch public m user ng k vi ISP. iu ny cho php cc gi tin t mng ni b c th c gi ra mng ngoi (Internet). NAT c cc loi : NAT static, NAT pool, NAT overload. NAT static cho php chuyn i mt a ch ni b thnh mt a ch public. NAT pool cho php chuyn i cc a ch ni b thnh mt trong dy a ch public. NAT overload cho php chuyn i cc a ch ni b thnh mt a ch public Trong k thut NAT overload, router s s dng thm cc port cho cc a ch khi chuyn i. II. Cc cu lnh s dng trong bi lab : ip nat {inside | outside} Cu hnh interface l inside hay outside ip nat inside source {list {accesslistnumber | name} pool name [overload] | static localip globalip} Cho php chuyn a ch ni b thnh a ch public ip nat pool name startip endip {netmask | prefixlength prefixlength} [type rotary] To NAT pool show ip nat translations Xem cc thng tin v NAT debug ip nat Xem hot ng ca NAT

222

III.

M t bi lab v hnh :
192.168.1.1/24 S0/1/0 TTG1 Lo0 : 10.1.0.1/16 Lo1 : 11.1.0.1/16 Lo2 : 12.1.0.1/16 192.168.1.2/24 S0/1/0 TTG2 Lo0 : 13.1.0.1/16

- hnh bi lab nh hnh trn. Router TTG1 c cu hnh inteface loopback 0, loopback 1, loopback 2. Router TTG2 c cu hnh interface loopback 0. Hai router c ni vi nhau bng cp Serial. Ta gi lp 3 lp mng lo0, lo1, lo2 l nhng mng bn trong, khi cc traffic bn trong mng ny i ra ngoi ( ra khi S0/1/0) s c chuyn i a ch. IV. Cu hnh router : Hai router c cu hnh cc interface nh sau : Router TTG1 : Router>enable Router#configure terminal Router(configure)# hostname TTG1 TTG1(configure)# interface Loopback0 TTG1(configure-if)# ip address 10.1.0.1 255.255.0.0 TTG1(configure-if)#exit TTG1(configure)# interface Loopback1 TTG1(configure-if)# ip address 11.1.0.1 255.255.0.0

223

TTG1(configure-if)#exit TTG1(configure)# interface Loopback2 TTG1(configure-if)# ip address 12.1.0.1 255.255.0.0 TTG1(configure-if)#exit TTG1(configure)#interface Serial0/1/0 TTG1(configure-if)# ip address 192.168.1.1 255.255.255.0 TTG1(configure-if)#clockrate 64000 TTG1(configure-if)#exit Router TTG2 : Router>enable Router#configure terminal Router(configure)# hostname TTG1 TTG1(configure)# interface Loopback0 TTG1(configure-if)# ip address 13.1.0.1 255.255.0.0 TTG1(configure-if)#exit TTG1(configure)#interface Serial0/1/0 TTG1(configure-if)# ip address 192.168.1.2 255.255.255.0 TTG1(configure-if)#clockrate 64000 TTG1(configure-if)#exit - Chng ta cu hnh NAT trn router TTG1 theo cc bc sau : Bc 1 : Cu hnh cc interface inside v outside Trong bi lab ny, chng ta cu hnh cho cc interface loopback ca TTG1 l inside cn interface serial 0 l out side. TTG1(config)#interface loopback 0

224

TTG1(config-if)#ip nat inside TTG1(config)#in loopback 1 TTG1(config-if)#ip nat inside TTG1(config-if)#interface loopback 2 TTG1(config-if)#ip nat inside TTG1(config-if)#interface s0/0/0 TTG1(config-if)#ip nat outside TTG1(config-if)#exit Bc 2 : To access list cho php mng no c NAT. Chng ta cu hnh cho php mng 10.1.0.0/16 v mng 11.1.0.0/16 c cho php, cm mng 12.1.0.0/16 TTG1(config)# access-list 1 deny 12.1.0.0 0.0.255.255 TTG1(config)#access-list 1 permit any Bc 3 : To NAT pool cho router TTG1 Cu hnh NAT pool tn TTG1 c a ch t 172.1.1.1/24 n 172.1.1.5/24 TTG1(config)#ip nat pool TTG1 172.1.1.1 172.1.1.5 netmask 255.255.255.0 Bc 4 : Cu hnh NAT cho router TTG1(config)#ip nat inside source list 1 pool TTG1 overload Cu lnh trn cu hnh overload cho NAT pool Bc 5 : nh tuyn cho router TTG1(config)#ip route 13.1.0.0 255.255.0.0 192.168.1.2 TTG2(config)#ip route 172.1.1.0 255.255.255.0 192.168.1.1 Lu : i vi router TTG2, nu ta nh tuyn theo dng : TTG2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

225

th chng ta c th ping thy c cc mng trong router TTG1 (10.1.0.0/16, 11.1.0.0/16). Nhng thc t, ISP ch nh tuyn xung cho user bng a ch m user ng k (Inside global address). Bc 6 : Kim tra hot ng ca NAT Chng ta s kim tra NAT bng cu lnh debug ip nat TTG1#debug ip nat IP NAT debugging is on - Sau khi bt debug NAT, chng ta s ping n loopback0 ca TTG2 t loopback0 ca TTG1. Ta gi lp traffic t host 10.1.0.1 n mng 13.1.0.1. Lc ny khi traffic ca 10.1.0.1 qua S0 s chuyn i a ch. TTG1#ping Protocol [ip]: Target IP address: 13.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort.

226

Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms TTG1# 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [190] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [190] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [191] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [191] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [192] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [192] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [193] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [193] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [194] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [194] - T kt qu trn ta thy c, cc gi tin t mng 10.1.0.1 c i source IP thnh 171.1.1.1. - S dng cu lnh show ip nat translations xem cc thng v NAT TTG1#show ip nat translations Pro Inside global icmp 172.1.1.1:2459 icmp 172.1.1.1:2460 icmp 172.1.1.1:2461 icmp 172.1.1.1:2462 Inside local Outside local Outside global 13.1.0.1:2459 13.1.0.1:2460 13.1.0.1:2461 13.1.0.1:2462

10.1.0.1:2459 10.1.0.1:2460 10.1.0.1:2461 10.1.0.1:2462

13.1.0.1:2459 13.1.0.1:2460 13.1.0.1:2461 13.1.0.1:2462

227

icmp 172.1.1.1:2463

10.1.0.1:2463

13.1.0.1:2463

13.1.0.1:2463

- Cc s c in m l port NAT s dng cho a ch 10.1.0.1. - Lp li cc bc trn kim tra NAT cho loopback 1, loopback 2 ca router TTG1 TTG1#ping Protocol [ip]: Target IP address: 13.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 11.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms TTG1# 00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [210]

228

00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [210] 00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [211] 00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [211] 00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [212] 00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [212] 00:33:17: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [213] 00:33:17: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [213] 00:33:17: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [214] 00:33:17: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [214] - TTG1#show ip nat translations Pro Inside global icmp 172.1.1.1:6407 icmp 172.1.1.1:6408 icmp 172.1.1.1:6409 icmp 172.1.1.1:6410 icmp 172.1.1.1:6411 TTG1#ping Protocol [ip]: Target IP address: 13.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y

Inside local

Outside local

Outside global 13.1.0.1:6407 13.1.0.1:6408 13.1.0.1:6409 13.1.0.1:6410 13.1.0.1:6411

11.1.0.1:6407 11.1.0.1:6408 11.1.0.1:6409 11.1.0.1:6410 11.1.0.1:6411

13.1.0.1:6407 13.1.0.1:6408 13.1.0.1:6409 13.1.0.1:6410 13.1.0.1:6411

229

Source address or interface: 12.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds: .. Success rate is 0 percent (0/5) - i vi 12.1.0.1, chng ta khng ping ra ngoi c v mng 12.1.0.0/16 b cm trong access list 1. - ng router TTG2, chng ta ping xung cc loopback ca router TTG1 TTG2#ping 10.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) TTG2#ping 11.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: .....

230

Success rate is 0 percent (0/5) TTG2#ping 12.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) - Nhn xt : tt c u khng thnh cng Nguyn nhn l router TTG2 khng c route no n cc loopback ca router TTG1. Trong thc t, ta cng c kt qu tng t do ISP ch nh tuyn xung a ch m user ng k, cn cc a ch mng bn trong ca user th khng c ISP nh tuyn.

231

LABTNGHP:DHCPVNAT,PAT
1.Mhnhmng

Bngach

Mctiu:

Saukhihonthnhbilabny.Bnscth: Chunbchomtmhnhmng.

232

CuhnhcbnRouterCisco. CuhnhDHCPservertrnRouterCisco. Cuhnhnhtuyntnhvmcnh. CuhnhNATtnh. CuhnhNATngvimtdyach. CuhnhNATvtquti(overload). Kchbn: Trongbilabny,bnscuhnhDHCPvdchvNATIP.MtRoutersngvaitrl DHCP server. Nhng Router khc s chuyn tip yu cu DHCP n Server. Bn cng s cu hnhNATchaicch:tnh,ngvNATquti.Khibnhonthnhviccuhnh,cthkt nigiaccachbntrongvbnngoi. Task1:Chunbchomtmhnhmng. Bc1:Cpmngphigingnhtrongmhnh Bncthsdngbtkloirouternothchinbilabnyminsaonccc interfacetngngnhtrnmhnh. Lu:Nubnsdngrouterdng1700,2500,hoc2600thktquuracaccinterface cthlkhcnhau.Trnccroutercmtslnhskhcnhau,hockhngtnti. Bc2:Xattccccuhnhtntitrnrouter. Task2:ThchincuhnhcbnRouter. CuhnhrouterR1,R2vISPtheohngdnsauy: Cuhnhtnchoccthitb. TtDNSlookup. Cuhnhpasswordchomodeprivileged. Cuhnhmtbannermangthngipcangy.

233

Cuhnhpasswordchoktniqualineconsole. Cuhnhpasswordchottcccktnilinevty.

CuhnhachIPtrnttcccrouter.CcmytnhcnhnachIPtDHCP servertrongbilab. BttnhnngOSPFviprocessIDl1trnR1vR2.Khngqungbmngcach 209.165.200.224/27. Lu:ThayvgnmtservernR2,bncthcuhnhmtinterfaceloopbacktrnR2s dngIPviach192.168.20.254/24.Nubnlmiuny,bnkhngcncuhnhinterface FastEthernet. Task3:CuhnhPC1vPC2nhncmtachIPthngquaDHCPserver Trn Windows PC vo Start Control Panel Network Connections Local Area Connection. Nhn chut phi vo v chn Properties Chn tip Internet Protocol Chn vontObtainanIPaddressautomatically. MtkhiiunythchintrnchaiPC1vPC2,chngsnsangnhnmta chIPtmtDHCPserver. Task4:CuhnhDHCPservertrnRouterCisco PhnmmCiscoIOShtrcuhnhDHCPservergilEasyIP.Mctiuchoccbilab nyphicccthitbtrnmng192.168.10.0/24v192.168.11.0/24yucuccachIP thngquaDHCPtR2 Bc1:Loitrccachtnhccp CcDHCPserverginhrngttcccachIPtrongdyIPcsnthucmngcon ucthcpchoDHCPclient.BnphiccnhachIPcaDHCPserverkhngnncp choclient.CcachIPtnhthngcdnhchoccinterfacerouter,switch,qunlach IP,mychvmyinmngLan.LnhipdhcpexculdedaddressngnngaccrouternhnIP trongphmvicuhnh.Cclnhsausloitr10achIPutintrongdyachchocc mngLANktniviR1.CcachnyskhngccpchobtkDHCPclientno. R2(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10

234

R2(config)#ip dhcp excluded-address 192.168.11.1 192.168.11.10 Bc2:Cuhnhpool. KhitoDHCPpoolsdnglnhipdchppoolttnlR1Fa0

R2(config)#ip dhcp pool R1Fa0 XcnhsubnetsdngkhignachIP.DHCPpooltnglinktviinterface datrnbocomng.BygirouterhotngnhmtDHCPserver,cpachIPtrong subnet192.168.10.0/24btuvi192.168.10.1 R2(dhcp-config)#network 192.168.10.0 255.255.255.0 CuhnhmcnhroutervDNSchomng.ClientsnhncuhnhtDHCPvimt achIP. R2(dhcp-config)#dns-server 192.168.11.5 R2(dhcp-config)#default-router 192.168.10.1 Lu:KhngcDNSservertiach192.168.11.5.Bnangcuhnhcclnhchdnhcho bitpny. Bivthitbtmng192.168.11.0/24cngyucuachtR2,mtpoolringbit phictoraphcvchoccthitbtrnmng.Nhnglnhtngtnhcclnh trn: R2(config)#ip dhcp pool R1Fa1 R2(dhcp-config)#network 192.168.11.0 255.255.255.0 R2(dhcp-config)#dns-server 192.168.11.5 R2(dhcp-config)#default-router 192.168.11.1 Bc3:TestDHCP TrnPC1vPC2nhncmtachIPtng.TrnmiPCvoStartRun cmdipconfig

235

Ktqukimtracabnlg? Tisaocnhngktqu? Bc4:Cuhnhmtachhelper CcdchvmngnhDHCPdavochcnngLayer2qungb.Khiccthitb cungcpccdchvnytntitrnmtmngkhcviclient,chngkhngthnhncgi qungb.BivDHCPservervDHCPclientkhngcngmtmng,cuhnhR1chuyntipgi DHCP broadcast n R2, l mt DHCP server, bng cch s dng lnh cu hnh interface ip helperaddress Lu:iphelperaddressphiccuhnhtrnccinterfaceclinquan. R1(config)#interface fa0/0 R1(config-if)#ip helper-address 10.1.1.2 R1(config)#interface fa0/1 R1(config-if)#ip helper-address 10.1.1.2 Bc5:ReleasevRenewmtachIPtrnPC1vPC2 Chodmytnhcabncsdngtrongnhiubilabkhcnhau,hocktni viinternet,ncthhccmtachIPtngtmychDHCPkhcnhau.Chngta cnphixincplimtachIPbngcchsdnglnhipconfig/releasevipconfig/renew. VoStartRuncmdipconfig/releasetngtcholnhrenew. Bc6:XcminhcuhnhDHCP BncthkimtracuhnhmychDHCPbngnhiucchkhcnhau.Chyculn ipconfigtrnPC1vPC2xcmnhrnghnhncngaymtachIPng.Saubn cththchinlnhtrnrouterccthmthngtin.Cclnhshowipdhcpcungcp thng tin v tt c cc a ch c cp t DHCP. V d sau y cho thy a ch IP

236

192.168.10.11ccpchoachMAC3031.632e.3537.6564.HpngthuIPhthn vongy14thng9nm2007lc19:33 R1#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Type Client-ID/ Lease expiration

Hardware address/ User name 192.168.10.11 Automatic 0063.6973.636f.2d30. Sep 142007 07:33 PM

3031.632e.3537.6563. 2e30.3634.302d.566c. CclnhshowipdhcppoolhinththngtintrnttccccuhnhhintiDHCPpool trnrouter.Trongktquny,poolR1fa0ccuhnhtrnR1.Mtachcchothu tpoolny.Ccclienttiptheoscnhnach192.168.10.12 R2#show ip dhcp pool Pool R1Fa0 : Utilization mark (high/low) Subnet size (first/next) Total addresses Leased addresses Pending event : 100 / 0 : 0 / 0 : 254 : 1 : none

1 subnet is currently in the pool : Current index addresses IP address range Leased

237

192.168.10.12

192.168.10.1

- 192.168.10.254

CclnhdebugipdhcpserverenventscthcckhuchkhixlscDHCPcho thuvimtmychCiscoIOSDHCP.SauylktqudebugtrnR1saukhiktnimt mych.LurngchothyphnnhduDHCPchoclientmtachca192.168.10.12v subnetmask255.255.255.0 *Sep 13 21:04:18.072: DHCPD: Sending notification of DISCOVER: *Sep 13 21:04:18.072: DHCPD: htype 1 chaddr 001c.57ec.0640 DHCPD: remote id

*Sep 13 21:04:18.072: 020a0000c0a80b01010000000000 *Sep 13 21:04:18.072:

DHCPD: circuit id 00000000

*Sep 13 21:04:18.072: DHCPD: Seeing if there is an internally specified po class: *Sep 13 21:04:18.072: DHCPD: htype 1 chaddr 001c.57ec.0640 DHCPD: remote id

*Sep 13 21:04:18.072: 020a0000c0a80b01010000000000 *Sep 13 21:04:18.072: *Sep 13 21:04:18.072: 192.168.11.1.

DHCPD: circuit id 00000000 DHCPD: there is no address pool for

*Sep 13 21:04:18.072: DHCPD: Sending notification of DISCOVER: R1# *Sep 13 21:04:18.072: DHCPD: htype 1 chaddr 001c.57ec.0640 DHCPD: remote id

*Sep 13 21:04:18.072: 020a0000c0a80a01000000000000 *Sep 13 21:04:18.072:

DHCPD: circuit id 00000000

238

*Sep 13 21:04:18.072: DHCPD: Seeing if there is an internally specified po class: *Sep 13 21:04:18.072: DHCPD: htype 1 chaddr 001c.57ec.0640 DHCPD: remote id

*Sep 13 21:04:18.072: 020a0000c0a80a01000000000000 *Sep 13 21:04:18.072: R1# *Sep 13 21:04:20.072: (192.168.10.12) DHCPD: Adding

DHCPD: circuit id 00000000

binding

to

radix

tree

*Sep 13 21:04:20.072: DHCPD: Adding binding to hash tree *Sep 13 21:04:20.072: DHCPD: assigned IP address 192.168.10.12 to client 0063.6973.636f.2d30.3031.632e.3537.6563.2e30.3634.302d.566c.31. *Sep 13 21:04:20.072: DHCPD: Sending notification of ASSIGNMENT: *Sep 13 21:04:20.072: 255.255.255.0 *Sep 13 21:04:20.072: *Sep 13 21:04:20.072: 86400 DHCPD: address 192.168.10.12 mask

DHCPD: htype 1 chaddr 001c.57ec.0640 DHCPD: lease time remaining (secs) =

*Sep 13 21:04:20.076: DHCPD: Sending notification of ASSIGNMENT: *Sep 13 21:04:20.076: 255.255.255.0 R1# *Sep 13 21:04:20.076: DHCPD: htype 1 chaddr 001c.57ec.0640 DHCPD: address 192.168.10.12 mask

239

*Sep 13 21:04:20.076: 86400

DHCPD: lease time remaining (secs) =

Task5:Cuhnhnhtuyntnhvmcnh ISPsdngnhtuyntnhtipcnttcccmngngoiR2.Tuynhin,R2chuyn itmtachprivatesangachpublictrckhigiinISP.Do,ISPphiccu hnhachpublic,lmtphncuhnhNATtrnR2.NhpccnhtuyntnhtrnISPnh sau: ISP(config)#ip 0/0/1 route 209.165.200.240 255.255.255.240 serial

nhtuyntnhnybaogmttcccachpubliccsdngcpnR2. CuhnhmtngnhtuynmcnhtrnR2vtuyntruynccngnhtuyn trongOSPF R2(config)#ip route 0.0.0.0 0.0.0.0 209.165.200.226 R2(config)#router ospf 1 R2(config-router)#default-information originate R1phicnmtvigiyhcccngnhtuynmcnhtR2vtiptheoR1s kimtralibngthngtinnhtuyn.Ngoira,bncthxaccbngnhtuynvilnh cleariproute*.MtngnhtuynmcnhchnR2sxuthintrongbngnhtuyn R1.TR1,pingninterfaceserial0/0/1trnISP(209.165.200.226).Lnhpingnnthchin thnhcng.Khcphcscnupingthtbi. Task6:CuhnhNATtnh Bc1:StnhmtachIPpublicnmtachIPprivate CcmyserverbntronggnlinviR2cthtruycpmychbnngoinhISP. GnccachPubliccIP209.165.200.254nhlachchoNATsdnggitinin cachIPprivatecaccserverbntrongvich192.168.20.254

240

R2(config)#ip nat inside source static 192.168.20.254 209.165.200.254 Bc2:ChnhbntrongvbnngoiNATquaccinterface Trc khi c th NAT, bn phi ch nh rng cc interface no l bn trong, cc interfacenoloutside. R2(config)#interface serial 0/0/1 R2(config-if)#ip nat outside R2(config-if)#interface fa0/0 R2(config-if)#ip nat inside Lu : Nu s dng mt server m phng bn trong, phi cu hnh lnh ip nat inside trong interfaceloopback. Bc3:CcbccuhnhNATtnh TISP,pingnachIPpublic209.165.200.254

Task7:CuhnhNATngvimtdyccach TrongkhicungcpNATtnhchomtscnhgiamtachnibvmta ch public c th, s NAT ng gip cc a ch IP private n c cc a ch IP public. NhngachIPpublicnmtrongmtdyNAT. Bc1:nhngharamtdyccach Tomtdycaccachmlnxuthinachnguncdch.Cclnhsauy to ra mt dy a ch c tn l MYNATPOOL a n mt a ch IP c sn trong phm vi 209.165.200.241209.165.200.246 R2(config)#ip nat pool MY-NAT-POOL 209.165.200.246 netmask 255.255.255.248 209.165.200.241

Bc2:TimtACLchophpccachinsidecchuynquaprivate R2(config)#ip access-list extended NAT

241

R2(config-ext-nacl)#permit ip 192.168.10.0 0.0.0.255 any R2(config-ext-nacl)#permit ip 192.168.11.0 0.0.0.255 any Bc3:ThitlpccsourcedynamicbngccgnktccdyachviACL. MtroutercthcnhiuhnmtdyNATvnhiuhnmtACL.Cclnhsauy routercdyachsdngdchcchostcchophpbiACL. R2(config)#ip nat inside source list NAT pool MY-NAT-POOL Bc4:XcnhccinterfacebntrongvbnngoiNAT Bnquynhccinterfacesnobntrong,ccinterfacesnobnngoitrongvic cuhnhNATtnh.BygithmccinterfaceserialktnitrctipnR1nhmtinterface bntrong.. R2(config)#interface serial 0/0/0 R2(config-if)#ip nat inside Bc5:Xcthccuhnh PingISPtPC1hoctrncnginterfacefastethernettrnR1.Risdnglnhshowip nattranslationsvshowipnatstatisticstrnR2xcthcNAT. R2#show ip nat translations Pro Inside global Outside global icmp 209.165.200.241:4 209.165.200.226:4 --- 209.165.200.241 --- 209.165.200.254 Inside local Outside local

192.168.10.1:4

209.165.200.226:4

192.168.10.1 192.168.20.254

-----

-----

242

R2#show ip nat statistics Total active translations: 2 (1 static, 1 dynamic; 0 extended) Outside interfaces: Serial0/0/1 Inside interfaces: Serial0/0/0, Loopback0 Hits: 23 Misses: 3

CEF Translated packets: 18, CEF Punted packets: 0 Expired translations: 3 Dynamic mappings: -- Inside Source [Id: 1] access-list NAT pool MY-NAT-POOL refcount 1 pool MY-NAT-POOL: netmask 255.255.255.248 start 209.165.200.241 end 209.165.200.246 type misses 0 generic, total addresses 6, allocated 1 (16%),

Queued Packets: 0 gii quyt s c khi s dng NAT, bn c th s dng lnh debug ip nat. Bt tnh nngdebugNATvlplivicpingtPC1. R2#debug ip nat IP NAT debugging is on R2# *Sep 13 21:15:02.215: d=209.165.200.226 [25] NAT*: s=192.168.10.11->209.165.200.241,

243

*Sep 13 21:15:02.231: NAT*: d=209.165.200.241->192.168.10.11 [25] *Sep 13 21:15:02.247: d=209.165.200.226 [26] NAT*:

s=209.165.200.226,

s=192.168.10.11->209.165.200.241,

*Sep 13 21:15:02.263: NAT*: d=209.165.200.241->192.168.10.11 [26] *Sep 13 21:15:02.275: d=209.165.200.226 [27] NAT*:

s=209.165.200.226,

s=192.168.10.11->209.165.200.241,

*Sep 13 21:15:02.291: NAT*: d=209.165.200.241->192.168.10.11 [27] *Sep 13 21:15:02.307: d=209.165.200.226 [28] NAT*:

s=209.165.200.226,

s=192.168.10.11->209.165.200.241,

*Sep 13 21:15:02.323: NAT*: d=209.165.200.241->192.168.10.11 [28] *Sep 13 21:15:02.335: d=209.165.200.226 [29] NAT*:

s=209.165.200.226,

s=192.168.10.11->209.165.200.241,

*Sep 13 21:15:02.351: NAT*: d=209.165.200.241->192.168.10.11 [29] R2# Task8:CuhnhNAToverload

s=209.165.200.226,

Trongvdtrc,iugsxyranubncnnhiuhnsuachIPpublicthuc dychophp? Bng cch theo di s lng cng, NAT overload cho php nhiu ngi s dng bn trongmtachIPpublic.Trongnhimvny,bnsloibccpoolvlpbncuhnh trc.Sau,bnscuhnhNAToverloadtrnR2ttcccachIPnibcdch sangccR2s0/0/1achkhiktnivibtkthitbbnngoi. Bc1:hybNATpoolvbocolpbn. SdngcclnhsauloibccNATpoolvbnccNATACL.

244

R2(config)#no ip nat inside source list NAT pool MY-NAT-POOL R2(config)#no ip nat pool MY-NAT-POOL 209.165.200.246 netmask 255.255.255.248 Nubnnhncthngip,xadchNATcabn. 209.165.200.241

%Pool MY-NAT-POOL in use, cannot destroy R2#clear ip nat translation * Bc2:CuhnhPATtrnR2sdnginterfaceserial0/0/1viachIPpublic. CuhnhnytngtnhNATdynamic,ngoitrthayvpoolach,interfacelkha c dng xc nh a ch IP bn ngoi. V vy, NAT pool khng c nh ngha. Vic overloadtkhachophpbsungccscngbndch.BivbncuhnhmtACL xcminhcachIPbntrongdchcngnhlinterfacebntrongvbnngoi, bnchcncuhnhnhsau: R2(config)#ip overload nat inside source list NAT interface S0/0/1

Bc3:Xcthccuhnh. Ping ISP t PC1 hoc trn cng FastEthernet t R1. Ri s dng lnh show ip nat translationsvshowipnatstatisticstrnR2xcthcNAT. R2#show ip nat translations Pro Inside global Outside global icmp 209.165.200.225:6 209.165.200.226:6 --- 209.165.200.254 Inside local Outside local

192.168.10.11:6

209.165.200.226:6

192.168.20.254

---

---

R2#show ip nat statistics Total active translations: 2 (1 static, 1 dynamic; 1 extended)

245

Outside interfaces: Serial0/0/1 Inside interfaces: Serial0/0/0, Loopback0 Hits: 48 Misses: 6

CEF Translated packets: 46, CEF Punted packets: 0 Expired translations: 5 Dynamic mappings: -- Inside Source [Id: 2] access-list NAT interface Serial0/0/1 refcount 1 Queued Packets: 0 Lu : trong cng vic trc , bn c th c thm cc t kha overload cho ip nat inside sourceltNATpoolMYNATPOOLchophpnhiuhnsuuser. Task9:XemlicuhnhtrnRouter TrnmiRouter,sdnglnhshowrunxemthngtincuhnh.

R1#show run <output omitted> ! hostname R1 ! enable secret class !

246

no ip domain lookup ! interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.0 ip helper-address 10.1.1.2 no shutdown ! interface FastEthernet0/1 ip address 192.168.11.1 255.255.255.0 ip helper-address 10.1.1.2 no shutdown ! interface Serial0/0/0 ip address 10.1.1.1 255.255.255.252 clock rate 125000 ! interface Serial0/0/1 no ip address shutdown ! router ospf 1 network 10.1.1.0 0.0.0.3 area 0 network 192.168.10.0 0.0.0.255 area 0

247

network 192.168.11.0 0.0.0.255 area 0 ! ! banner motd ^C *********************************** !!!AUTHORIZED ACCESS ONLY!!! *********************************** ^C ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous

248

login ! end

R2#show run ! hostname R2 ! ! enable secret class ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.10.1 192.168.10.10 ip dhcp excluded-address 192.168.11.1 192.168.11.10 ! ip dhcp pool R1Fa0 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server 192.168.11.5 ! ip dhcp pool R1Fa1 network 192.168.11.0 255.255.255.0 dns-server 192.168.11.5

249

default-router 192.168.11.1 ! no ip domain lookup ! interface Loopback0 ip address 192.168.20.254 255.255.255.0 ip nat inside ip virtual-reassembly ! ! ! interface Serial0/0/0 ip address 10.1.1.2 255.255.255.252 ip nat inside ip virtual-reassembly ! interface Serial0/0/1 ip address 209.165.200.225 255.255.255.252 ip nat outside ip virtual-reassembly clock rate 125000 ! router ospf 1

250

network 10.1.1.0 0.0.0.3 area 0 network 192.168.20.0 0.0.0.255 area 0 default-information originate ! ip route 0.0.0.0 0.0.0.0 209.165.200.226 ! ! no ip http server no ip http secure-server ip nat inside source list NAT interface Serial0/0/1 overload ip nat inside source static 192.168.20.254 209.165.200.254 ! ip access-list extended NAT permit ip 192.168.10.0 0.0.0.255 any permit ip 192.168.11.0 0.0.0.255 any ! ! banner motd ^C *********************************** !!!AUTHORIZED ACCESS ONLY!!! *********************************** ^C !

251

line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login ! end

ISP#show run <output omitted> ! hostname ISP

252

! enable secret class ! no ip domain lookup ! interface Serial0/0/1 ip address 209.165.200.226 255.255.255.252 no shutdown ! ! ! ip route 209.165.200.240 255.255.255.240 Serial0/0/1 ! banner motd ^C *********************************** !!!AUTHORIZED ACCESS ONLY!!! *********************************** ^C ! line con 0 exec-timeout 0 0 password cisco logging synchronous

253

login line aux 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 password cisco logging synchronous login ! end Task10:Xa Xacuhnhvkhinglinhngrouter.Hyktnivctgiccsicp.NhngPC bnktniviccnetworkskhcbnhthng,nhLANhayInternet,ktnilicp,cuhnh liTCP/IP.

254

LAB TNG HP
YU CU
-Cu hnh IP nh m hnh bn -S dng OSPF area 0 trn 4 router routing -Cc PC phi i c internet (cu hnh thm default-route trn 4 router) -Trin khai cc ACL theo yu cu sau Router N Cc PCDN khng c s dng gmail Ch c s dng DNS ti a ch 203.162.0.181 Cho php cc dch v cn li Router HN Cc PCHN ch c s dng 2 dch v HTTP v HTTPS v 2 DNS server ti a ch 203.162.4.190,203.162.0.181 Router HCM Cc PCHCM khng c s dng yahoo mail Ch s dng DNS ti a ch 203.162.4.190 Cho php cc dch v cn li Router INTERNET Ch cho php lp mng ca PCHN remote vo router Internet

LAB TNG HP

10.123.123.(15+X)/8

10.2.10.2

Internet
2 172.(15+X).6.0/24

ADSL Router

OSPF AREA 0
1 1 172.(15+X).5.0/24 2

1 172.(15+X).4.0/24

N
1

HN
1

HCM
1

172.(15+X).1.0/24 2

172.(15+X).2.0/24

172.(15+X).3.0/24 2

` PCDN PCHN

` PCHCM

255

IPv6 Lab

- Trn c 4 router s dng lnh sau n enable IPv6 stack Router(config)# ipv6 unicast-routing 1.Cu hnh thng tin IPv6 cho tng Router INTERNET: Internet(config)#interface s0/1/1 Internet(config-if)#ipv6 address 2001:db8:1:6::2/64 Internet(config)#interface loopback 1 Internet(config-if)#ipv6 address 2001:db8:1:7::/64 eui-64

256

HN: HN(config-if)#interface s0/2/1 HN(config-if)#ipv6 address 2001:db8:1:6::1/64 HN(config)#interface s0/1/1 HN(config-if)#ipv6 address 2001:db8:1:4::1/64 HN(config)#interface s0/2/0 HN(config-if)#ipv6 address 2001:db8:1:5::1/64 HN(config)#interface loopback 1 HN(config-if)#ipv6 address 2001:db8:1:2::/64 eui-64 DN: DN(config)#interface s0/1/1 DN(config-if)#ipv6 address 2001:db8:1:4::2/64 DN(config)#interface loopback 1 DN(config-if)#ipv6 address 2001:db8:1:1::/64 eui-64 HCM: HCM(config)#interface s0/1/1 HCM(config-if)#ipv6 address 2001:db8:1:5::2/64 HCM(config)#interface loopback 1 HCM(config-if)#ipv6 address 2001:db8:1:3::/64 eui-64 2.Kim tra li cu hnh ipv6 trn 4 router: S dng cc lnh show ipv6 interface,show ipv6 interface brief HCM#show ipv6 interface brief FastEthernet0/0 [administratively down/down]

257

unassigned FastEthernet0/1 unassigned Serial0/1/0 unassigned Serial0/1/1 [up/up] Link local address, a ch ny do router t ng to ra v ch s dng c trong mng 2001:DB8:1:5::2 a ch ny do mnh khai bo bng lnh ipv6 address Loopback1 [up/up] [administratively down/down] [up/up]

FE80::20A:B8FF:FE21:738C

FE80::20A:B8FF:FE21:738C 2001:DB8:1:3:20A:B8FF:FE21:738C EUI-64 address, 64 bit cui t ng sinh ra bng cch kt hp vi a ch MAC HCM#show ipv6 interface Serial0/1/1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::20A:B8FF:FE21:738C Global unicast address(es): 2001:DB8:1:5::2, subnet is 2001:DB8:1:5::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:2

258

FF02::1:FF21:738C MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds Hosts use stateless autoconfig for addresses. Loopback1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::20A:B8FF:FE21:738C Global unicast address(es): 2001:DB8:1:3:20A:B8FF:FE21:738C, subnet is 2001:DB8:1:3::/64 [EUI] Joined group address(es): FF02::1 FF02::2 FF02::1:FF21:738C MTU is 1514 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is not supported ND reachable time is 30000 milliseconds Hosts use stateless autoconfig for addresses.

259

3.S dng lnh Ping kim tra li t ipv6 gia cc router - Trc khi ping cc bn c th s dng li lnh show ipv6 route HN#ping 2001:db8:1:5::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1:5::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms HN#ping 2001:db8:1:4::2

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1:4::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms HN#ping 2001:db8:1:6::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1:6::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms 4.Cu hnh RIPng trn cc router: INTERNET: Internet(config)#ipv6 router rip TTG Internet(config)#interface s0/1/1 Internet(config-if)#ipv6 rip TTG enable

260

Internet(config)#interface loopback 1 Internet(config-if)#ipv6 rip TTG enable HN: HN(config)#ipv6 router rip TTG HN(config)#interface s0/1/1 HN(config-if)#ipv6 rip TTG enable HN(config)#interface s0/2/1 HN(config-if)#ipv6 rip TTG enable HN(config)#interface s0/2/0 HN(config-if)#ipv6 rip TTG enable HN(config)#interface loopback 1 HN(config-if)#ipv6 rip TTG enable DN: DN(config)#ipv6 router rip TTG DN(config)#interface s0/1/1 DN(config-if)#ipv6 rip TTG enable DN(config)#interface loopback 1 DN(config-if)#ipv6 rip TTG enable HCM: HCM(config)#ipv6 router rip TTG HCM(config)#interface s0/1/1 HCM(config-if)#ipv6 rip TTG enable HCM(config)#interface loopback 1

// TTG l rip tag

261

HCM(config-if)#ipv6 rip TTG enable 5.S dng cc lnhh show ipv6 rip v show ipv6 route rip kim tra li cu hnh RIPng HN#show ipv6 route IPv6 Routing Table - 12 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 R 2001:DB8:1:1::/64 [120/2] via FE80::218:73FF:FE1D:138E, Serial0/1/1 C 2001:DB8:1:2::/64 [0/0] via ::, Loopback1 L 2001:DB8:1:2:218:73FF:FE1C:379E/128 [0/0] via ::, Loopback1 R 2001:DB8:1:3::/64 [120/2] via FE80::20A:B8FF:FE21:738C, Serial0/2/0 C 2001:DB8:1:4::/64 [0/0] via ::, Serial0/1/1 L 2001:DB8:1:4::1/128 [0/0] via ::, Serial0/1/1 C 2001:DB8:1:5::/64 [0/0] via ::, Serial0/2/0

262

L 2001:DB8:1:5::1/128 [0/0] via ::, Serial0/2/0 C 2001:DB8:1:6::/64 [0/0] via ::, Serial0/2/1 R 2001:DB8:1:7::/64 [120/2] via FE80::218:73FF:FE1C:2DCA, Serial0/2/1 L FE80::/10 [0/0] via ::, Null0 L FF00::/8 [0/0] via ::, Null0 6.T router DN v HCM th ping n Internet DN#ping 2001:db8:1:6::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1:6::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms HCM#ping 2001:db8:1:6::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1:6::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms

263

CISCO REMOTE VPN SERVER LAB

YU CU : 1.Cu hnh thng tin IP nh m hnh bn 2.Router EZVPN,N,HCM s dng OSPF Area 0 v default route n Internet 3.S dng SDM cu hnh VPN cho EZVPN router 4.PC VPN client s dng phn mm Cisco VPN Client kt ni n EZVPN router 5.PC VPN client sau khi thit lp kt ni VPN thnh cng phi ping c cc PCDN va PCHCM

264

1.Cu hnh IP cho cc interface: N DN(config)#interface s0/1/1 DN(config-if)#description Ket noi den router EZVPN DN(config-if)#ip address 172.16.4.2 255.255.255.0 DN(config)#interface fa0/1 DN(config-if)#description Ket noi den PCDN DN(config-if)#ip address 172.16.1.1 255.255.255.0 EZVPN EZVPN(config)#interface s0/2/1 EZVPN(config-if)#description Ket noi den router DN EZVPN(config-if)#ip address 172.16.4.1 255.255.255.0 EZVPN(config)#interface s0/1/0 EZVPN(config-if)#description Ket noi den router Internet EZVPN(config-if)#ip address 172.16.6.1 255.255.255.0 EZVPN(config)#interface s0/1/1 EZVPN(config-if)#description Ket noi den router HCM EZVPN(config-if)#ip address 172.16.5.1 255.255.255.0 EZVPN(config)#interface fa0/1 EZVPN(config-if)#description Ket noi den PC_LAN

265

EZVPN(config-if)#ip address 172.16.2.1 255.255.255.0 HCM HCM(config)#interface s0/1/1 HCM(config-if)#description Ket noi den router EZVPN HCM(config-if)#ip address 172.16.5.2 255.255.255.0 HCM (config)#interface fa0/1 HCM (config-if)#description Ket noi den PCHCM HCM (config-if)#ip address 172.16.3.1 255.255.255.0 INTERNET Internet(config)#interface s0/1/1 Internet(config-if)#description Ket noi den router EZVPN Internet(config-if)#ip address 172.16.6.2 255.255.255.0 Internet (config)#interface fa0/1 Internet (config-if)#description Ket noi den VPN_Client Internet (config-if)#ip address 172.16.7.1 255.255.255.0 2.Cu hnh OSPF EZVPN EZVPN(config)#ip route 0.0.0.0 0.0.0.0 172.16.6.2 EZVPN(config)#router ospf 1 EZVPN(config-router)#network 172.16.4.0 0.0.0.255 area 0 EZVPN(config-router)#network 172.16.5.0 0.0.0.255 area 0 EZVPN(config-router)#network 172.16.2.0 0.0.0.255 area 0

266

EZVPN(config-router)#default-information originate v DN // N DN(config)#router ospf 1

//Qun b default-route n router HCM

DN(config-router)#network 172.16.1.0 0.0.0.255 area 0 DN(config-router)#network 172.16.4.0 0.0.0.255 area 0

HCM HCM(config)#router ospf 1 HCM(config-router)#network 172.16.3.0 0.0.0.255 area 0 HCM(config-router)#network 172.16.5.0 0.0.0.255 area 0 - Kim tra li bng nh tuyn trn cc router EZVPN#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 172.16.6.2 to network 0.0.0.0 172.16.0.0/24 is subnetted, 6 subnets

267

C C C O C O

172.16.4.0 is directly connected, Serial0/2/1 172.16.5.0 is directly connected, Serial0/1/1 172.16.6.0 is directly connected, Serial0/1/0 172.16.1.0 [110/782] via 172.16.4.2, 00:01:52, Serial0/2/1 172.16.2.0 is directly connected, FastEthernet0/1 172.16.3.0 [110/782] via 172.16.5.2, 00:01:52, Serial0/1/1

S* 0.0.0.0/0 [1/0] via 172.16.6.2 HCM#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 172.16.5.1 to network 0.0.0.0 172.16.0.0/24 is subnetted, 5 subnets O C O O C 172.16.4.0 [110/1562] via 172.16.5.1, 00:00:27, Serial0/1/1 172.16.5.0 is directly connected, Serial0/1/1 172.16.1.0 [110/1563] via 172.16.5.1, 00:00:27, Serial0/1/1 172.16.2.0 [110/782] via 172.16.5.1, 00:00:27, Serial0/1/1 172.16.3.0 is directly connected, FastEthernet0/1

O*E2 0.0.0.0/0 [110/1] via 172.16.5.1, 00:00:27, Serial0/1/1

268

DN#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.4.1 to network 0.0.0.0

172.16.0.0/24 is subnetted, 5 subnets C O C O O 172.16.4.0 is directly connected, Serial0/1/1 172.16.5.0 [110/1562] via 172.16.4.1, 00:02:45, Serial0/1/1 172.16.1.0 is directly connected, FastEthernet0/1 172.16.2.0 [110/782] via 172.16.4.1, 00:02:45, Serial0/1/1 172.16.3.0 [110/1563] via 172.16.4.1, 00:02:45, Serial0/1/1

O*E2 0.0.0.0/0 [110/1] via 172.16.4.1, 00:02:45, Serial0/1/1 Internet#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2

269

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 2 subnets C C 172.16.6.0 is directly connected, Serial0/1/1 172.16.7.0 is directly connected, FastEthernet0/1

3. S dng SDM ci t Cisco Easy VPN cho EZVPN router - Cu hnh cc lnh cn thit cho SDM trn EZVPN router EZVPN (config)#username sdm privilege 15 password sdm EZVPN(config)#ip http secure-server EZVPN (config)#ip http authentication local EZVPN (config)#line vty 0 4 EZVPN (config-line)#transport input ssh telnet EZVPN (config-line)#login local - By gi ta s dng phn mm ci t SDM ti PC.

270

Click v next. Chn Cisco Router ci t vo Router.

271

- Nhp a ch ca Router v username, password va c cu hnh trn (sdm/sdm) v nhn vo Next.Chn Install SDM v SDM express cho Router cn ci t.

- Sau nu phn mm ci t bo Finish l qu trnh ci t xong.

272

- Cu hnh a ch ip trn PCVPN

273

- By gi trn PC ta truy cp vo Web https://172.16.2.1 login vo giao din Web ca Router. Ta nhp username v password ca bc 2 chng thc,sau khi chng thc thnh cng ta c giao din ca SDM nh sau :

- Vo Edit > Preferences

274

- Lm theo cc bc sau cu hnh EZVPN router tr thnh VPN server Chn Configure > VPN > Easy VPN Server >Launch Easy VPN Server Wizard.

- AAA phi c enable trn VPN server .Chn Yes tip tc

275

- Chn Next ti Easy VPN Server Wizard.

- Chn interface m Cisco VPN client s kt ni VPN server

276

- Chn Next cu hnh Internet Key Exchange (IKE) Policy ,c th chn Add to Policy mi

277

- Click Next chn transform set mc nh,hoc to transform set mi .Trong trng hp ny chng ta chn transform set mc nh

- Ti Chn Local ti Group Authorization and Group Policy Lookup

278

- Chon Local ti User Authentication

- Chn Add User Credenticals > thm user c tn l vpnuser c mt khu la vpnuser vi privileage l 1

279

Nhn Next

- Nhn Add nhp mi 1 Tunnel Group tn l vpn vi pre-share key l 123456 v pool ip thuc lp mng ca PCVPN t 172.16.2.240 n 172.16.2.250

280

- SDM s bo trng lp mng vi PCVPN > OK

281

- Ta c th xem li ton b cu hnh ti y > Finish

- SDM s y lnh xung router

282

4. Ci t phn mm Cisco VPN - Kim tra a ch IP trn my VPN client

283

- Sau t my client th ping n VPN server

- Ci t phn mm Cisco VPN client v to kt ni n VPN server bng cch chn Connection Entries > New

284

- Nhp thng tin v nh sau

285

- Chn kt ni VPN va mi khi to chn Connect

- EZVPN server s yu cu chng thc ta s dng vpnuser v mt khu l vpnuser to bc 1 chng thc

286

- Sau khi chng thc thnh cng vpn client s c cp pht 1 a ch ip nm trong khong t 172.16.2.240 172.16.2.250 m ta cu hnh trn

- T vpn client th ping n cc mng LAN DN v HCM

287

- Kim tra li bng nh tuyn trn EZVPN server ta s thy c 1 route tnh c t ng thm vo bng nh tuyn EZVPN#show ip route Gateway of last resort is 172.16.6.2 to network 0.0.0.0 172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks S C C C O C O 172.16.2.240/32 [1/0] via 172.16.7.2 172.16.4.0/24 is directly connected, Serial0/2/1 172.16.5.0/24 is directly connected, Serial0/1/1 172.16.6.0/24 is directly connected, Serial0/1/0 172.16.1.0/24 [110/782] via 172.16.4.2, 00:31:23, Serial0/2/1 172.16.2.0/24 is directly connected, FastEthernet0/1 172.16.3.0/24 [110/782] via 172.16.5.2, 00:31:23, Serial0/1/1

S* 0.0.0.0/0 [1/0] via 172.16.6.2

288

Cu hnh tham kho trn cc Router Router INTERNET

Current configuration : 1077 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Internet ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure

289

no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! interface FastEthernet0/0 no ip address ip broadcast-address 0.0.0.0 shutdown duplex auto speed auto ! interface FastEthernet0/1 description Ket noi den VPN_client ip address 172.16.7.1 255.255.255.0 ip broadcast-address 0.0.0.0

290

duplex auto speed auto ! interface Serial0/1/0 no ip address ip broadcast-address 0.0.0.0 shutdown clock rate 125000 ! interface Serial0/1/1 description Ket noi den router EZVPN ip address 172.16.6.2 255.255.255.0 ip broadcast-address 0.0.0.0 ! ip classless ! ! no ip http server no ip http secure-server ! ! ! !

291

! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! end Router DN Current configuration : 1058 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec

292

no service password-encryption ! hostname DN ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! !

293

no ip ips deny-action ips-interface ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description Ket noi den PCDN ip address 172.16.1.1 255.255.255.0 duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown clock rate 125000 ! interface Serial0/1/1 description Ket noi den router EZVPN ip address 172.16.4.2 255.255.255.0

294

! router ospf 1 log-adjacency-changes network 172.16.1.0 0.0.0.255 area 0 network 172.16.4.0 0.0.0.255 area 0 ! ip classless ! ! no ip http server no ip http secure-server ! control-plane ! line con 0 line aux 0 line vty 0 4 login ! end Router HCM Current configuration : 1079 bytes !

295

version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname HCM ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! !

296

no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description Ket noi den PCHCM ip address 172.16.3.1 255.255.255.0 duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown clock rate 125000 !

297

interface Serial0/1/1 description Ket noi den router EZVPN ip address 172.16.5.2 255.255.255.0 clock rate 125000 ! router ospf 1 log-adjacency-changes network 172.16.3.0 0.0.0.255 area 0 network 172.16.5.0 0.0.0.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! control-plane ! line con 0 line aux 0 line vty 0 4 login ! end

298

Router EZVPN Current configuration : 1079 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname HCM ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero

299

ip cef ! no ip dhcp use vrf connected ! no ip ips deny-action ips-interface ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 description Ket noi den PCHCM ip address 172.16.3.1 255.255.255.0 duplex auto speed auto ! interface Serial0/1/0 no ip address shutdown clock rate 125000 !

300

interface Serial0/1/1 description Ket noi den router EZVPN ip address 172.16.5.2 255.255.255.0 clock rate 125000 ! router ospf 1 log-adjacency-changes network 172.16.3.0 0.0.0.255 area 0 network 172.16.5.0 0.0.0.255 area 0 ! ip classless ! ! no ip http server no ip http secure-server ! control-plane ! line con 0 line aux 0 line vty 0 4 login !

301

CU HNH PPP PAP V CHAP


I. Gii thiu : PPP (Point-to-Point Protocol) l giao thc ng gi c s dng thc hin kt ni trong mng WAN. PPP bao gm LCP (Link Control Protocol) v NCP (Network Control Protocol). LCP c dng thit lp kt ni point-to-point, NCP dng cu hnh cho cc giao thc lp mng khc nhau. PPP c th c cu hnh trn cc interface vt l sau : Asynchronous serial : cng serial bt ng b Synchronous serial : cng serial ng b High-Speed Serial Interface (HSSI) : cng serial tc cao Integrated Services Digital Network (ISDN) Qu trnh to session ca PPP gm ba giai on (phase): Link-establishment phase Authentication phase (ty chn) Network layer protocol phase Ty chn xc nhn (authentication) gip cho vic qun l mng d dng hn. PPP s dng hai cch xc nhn l PAP (Password Authentication Protocol) v CHAP (Challenge Handshake Authentication Protocol). PAP l dng xc nhn two-way handshake. Sau khi to lin kt node u xa s gi usename v password lp i lp li cho n khi nhn c thng bo chp nhn hoc t chi. Password trong PAP c gi i dng clear text (khng m ha). CHAP l dng xc nhn three-way handshake. Sau khi to lin kt, router s gi thng ip challenge cho router u xa. Router u xa s gi li mt gi tr c tnh ton da trn password v thng ip challenge cho router. Khi nhn c gi tr ny, router s kim tra li xem c ging vi gi tr ca n tnh hay khng. Nu ng, th router xem gi xc nhn ng v kt ni c thit lp; ngc li, kt ni s b ngt ngay lp tc.

302

II.

Cc cu lnh s dng trong bi lab : username name password password Cu hnh tn v password cho CHAP v PAP. Tn v password ny phi ging vi router u xa. encapsulation ppp Cu hnh cho interface s dng giao thc PPP ppp authentication (chap chap pap pap chap pap) Cu hnh cho interface s dng PAP, CHAP, hoc c hai. Trong trng hp c hai c s dng, giao thc u tin c s dng trong qu trnh xc nhn; nu nh giao thc u b t chi hoc router u xa yu cu dng giao thc th hai th giao thc th hai c dng. ppp pap sent-username username password password Cu hnh username v password cho PAP debug ppp authentication Xem trnh t xc nhn ca PAP v CHAP

III.

M t bi lab v hnh :

- hnh bi lab nh hnh v. Hai router c t tn l TTG, TTG2 v c ni vi nhau bng cp serial. a ch IP ca cc interface nh hnh trn. - Yu cu bi Lab : + Thay i chun ng gi ca 2 router sang PPP + Trin khai chng thc trong PPP bng PAP + Trin khai chng thc trong PPP bng CHAP

303

IV.

Cu hnh router : a) Bc 1 : t tn v a ch cho cc interface Router TTG1 : Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(configure)#interface s0/1/0 TTG1(configure-if)#ip address 192.168.1.1 255.255.255.0 TTG1(configure-if)#clockrate 64000 TTG1(configure-if)#exit Router TTG2 : Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(configure)#interface s0/1/0 TTG2(configure-if)#ip address 192.168.1.2 255.255.255.0 TTG2(configure-if)#clockrate 64000 TTG2(configure-if)#exit - Chng ta s kim tra trng thi ca cc cng bng cu lnh show ip interface brief TTG2#sh ip interface brief Interface Fastethernet0/0 Serial0/1/0 Serial0/1/1 IP-Address unassigned 192.168.1.2 unassigned OK? Method Status Protocol

YES unset administratively down down YES manual up up

YES unset administratively down down

- Cng serial ca router TTG2 up. Lm tng t kim tra trng thi cc cng ca router TTG1. - Chng ta s dng cu lnh show interfaces serial bit c cc thng s ca interface serial cc router TTG2#sh interfaces serial 0/1/0 Serial0/1/0 is up, line protocol is up Hardware is HD64570

304

Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:02, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15 packets input, 846 bytes, 0 no buffer Received 15 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 19 packets output, 1708 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up TTG1#show interface s0/1/0

305

Serial0/1/0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 00:11:35 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 21 packets input, 2010 bytes, 0 no buffer Received 21 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 23 packets output, 1280 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 output buffer failures, 0 output buffers swapped out 7 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

306

- C hai cng serial ca hai router u s dng giao thc ng gi l HDLC v trng thi ca c hai u l up b) Bc 2 : Cu hnh PPP PAP, CHAP Cu hnh PPP PAP ng router TTG1, chng ta s cu hnh PPP cho interface serial 0 bng cu lnh encapsulation ppp TTG1(config)#interface s0/1/0 TTG1(config-if)#encapsulation ppp - Kim tra trng thi interface serial0/1/0 ca router TTG1 TTG1#show ip interface brief Interface FastEthernet0/0 Serial0/1/0 Serial0/1/1 IP-Address unassigned 192.168.1.1 unassigned OK? Method YES unset YES manual YES unset Status Protocol

administratively down down up down

administratively down down

TTG1#show interface s0/1/0 Serial0/1/0 is up, line protocol is down Hardware is HD64570 Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP REQsent Closed: IPCP, CDPCP

307

Last input 00:00:08, output 00:00:01, output hang never Last clearing of "show interface" counters 00:00:15 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1 packets input, 22 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 7 packets output, 98 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up - Nhn xt : interface serial0/1/0 ca router TTG1 b down, ng ngha vi interface serial 0/1/0 ca router TTG2 cng b down. Nguyn nhn l hai interface ny s dng giao thc ng gi khc nhau. (Interface serial 0 ca router TTG1 s dng PPP cn TTG2 s dng HDLC). V vy chng ta phi cu hnh cho interface serial 0 ca router TTG2 cng s dng giao thc PPP. TTG2(config)#interface s0/1/0 TTG2(config-if)#encapsulation ppp - By gi chng ta s kim tra trng thi ca cc interface TTG2# interface s0/1/0

308

Serial0/1/0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters 00:00:18 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15 packets input, 1004 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 13 packets output, 976 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets

309

0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up - C hai interface ca hai router up tr li. Do c hai c cu hnh s dng cng giao thc ng gi l PPP. - Trc khi cu hnh PAP cho hai interface chng ta s dng cu lnh debug ppp authentication xem trnh t trao i thng tin ca PAP. TTG2#debug ppp authentication PPP authentication debugging is on Chng ta s cu hnh PAP cho c hai interface serial 0 nh sau : TTG1(config)#username TTG2 password cisco TTG1(config)#interface s0/1/0 TTG1(config-if)#ppp authentication pap TTG1(config-if)#ppp pap sent-username TTG1 password cisco

TTG2(config)#username TTG1 password cisco TTG2(config)# interface s0/1/0 TTG2(config-if)#ppp authentication pap TTG2(config-if)#ppp pap sent-username TTG2 password cisco Lu : - Trong cu lnh username name password password , name phi trng vi router u xa v ngc li cn password th phi ging nhau - Cn trong cu lnh ppp pap sent-username name password password , name v password l ca chnh router chng ta cu hnh

310

- Sau khi chng ta cu hnh PAP xong trn route TTG2, th mn hnh s xut hin trnh t ca PAP 00:09:49: Se0 PPP: Phase is AUTHENTICATING, by both 00:09:49: Se0 PAP: O AUTH-REQ id 1 len 18 from "TTG2" 00:09:49: Se0 PAP: I AUTH-REQ id 1 len 18 from "TTG1" 00:09:49: Se0 PAP: Authenticating peer TTG1 00:09:49: Se0 PAP: O AUTH-ACK id 1 len 5 00:09:49: Se0 PAP: I AUTH-ACK id 1 len 5 00:09:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to up ngha ca cc thng bo : Dng thng bo 1 : PPP thc hin xc nhn hai chiu Dng thng bo 2 : TTG2 gi yu cu xc nhn Dng thng bo 3 : Nhn yu cu xc nhn t TTG1 Dng thng bo 4 : Nhn xc nhn ca TTG1 Dng thng bo 5 : Gi xc nhn ng n TTG1 Dng thng bo 6 : Nhn xc nhn ng t TTG1 Dng thng bo 7 : Trng thi ca interface c chuyn sang UP - Nh vy hai interface ca router TTG1 v TTG2 up. Chng ta ng router TTG2 ping interface serial 0/1/0 ca router TTG1 kim tra. TTG2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds: !!!!!

311

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms Cu hnh PPP CHAP Trc khi cu hnh PPP CHAP cho hai interface chng ta g b PAP c hai router TTG1(config)#interface s0/1/0 TTG1(config-if)#no ppp authentication pap TTG1(config-if)#no ppp pap sent-username TTG1 password cisco TTG2(config)#interface s0/1/0 TTG2(config-if)#no ppp authentication pap TTG2(config-if)#no ppp pap sent-username TTG2 password cisco - By gi chng ta s cu hnh CHAP bng cu lnh ppp authentication chap TTG1(config)# interface s0/1/0 TTG1(config-if)#ppp authentication chap TTG2(config)# interface s0/1/0 TTG2(config-if)#ppp authentication chap Lu : khi cu hnh PPP CHAP chng ta vn phi cu hnh cho interface serial s dng giao thc ng gi PPP bng cu lnh encapsulation ppp v cng phi s dng cu lnh username name password password cu hnh name v password cho giao thc CHAP thc hin xc nhn. y, chng ta khng thc hin li cc cu lnh v bc cu hnh PAP chng ta thc hin ri. Do chng ta s dng cu lnh debug ppp authentication router TTG2, nn khi cu hnh CHAP xong hai router th mn hnh s hin thng bo nh sau : (console c ni vi router TTG2) 00:15:08: Se0 CHAP: O CHALLENGE id 1 len 28 from "TTG2" 00:15:08: Se0 CHAP: I CHALLENGE id 2 len 28 from "TTG1" 00:15:08: Se0 CHAP: O RESPONSE id 2 len 28 from "TTG2" 00:15:08: Se0 CHAP: I RESPONSE id 1 len 28 from "TTG1"

312

00:15:08: Se0 CHAP: O SUCCESS id 1 len 4 00:15:08: Se0 CHAP: I SUCCESS id 2 len 4 00:15:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up - ngha ca cc cu thng bo : Dng thng bo 1 : TTG2 gi thng bo challenge n router TTG1 Dng thng bo 2 : TTG2 nhn thng bo challenge t router TTG1 Dng thng bo 3 : TTG2 gi response n router TTG1 Dng thng bo 4 : TTG2 nhn response t router TTG1 Dng thng bo 5 : TTG2 gi xc nhn thnh cng n TTG1 Dng thng bo 6 : TTG2 nhn xc nhn thnh cng t TTG1 Dng thng bo 7 : Trng thi ca interface serial c chuyn sang UP - Hai interface serial ca router TTG1 v TTG2 UP, chng ta ng router TTG2 ping n interface serial 0/1/0 ca router TTG1 kim tra TTG2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms - Nu nh name v password trong cu lnh username name password password khng ng th trng thi ca interface s b down. Do qu trnh xc nhn gia hai interface s s dng name v password ny. Nu nh khng khp th kt ni s b hy

313

PPP Review Lab

314

CU HNH FRAME RELAY CN BN


I. Gii thiu : Frame Relay l k thut m rng ca k thut ISDN. Frame relay s dng k thut chuyn mch gi thit lp mt mng WAN. Frame Relay to ra nhng ng kt ni o ni cc mng LAN li vi nhau to thnh mt mng WAN. Mng Frame Relay s dng cc switch kt ni cc mng li vi nhau. K thut Frame Relay c s dng rng ri ngy nay, do c gi thnh r hn rt nhiu so vi leased line. Frame Relay hot ng lp Data link trong OSI v s dng giao thc LAPF (Link Access Procedure for Frame Relay). Frame Relay s dng cc frame chuyn d liu qua li gia cc thit b u cui ca user (DTE) thng qua cc thit b DCE ca mng Frame Relay. ng kt ni gia hai DTE thng qua mng Frame Relay c gi l mt mch o (VC : Virtual Circuit). Cc VC c thit lp bng cch gi cc thng ip bo hiu (signaling message) n mng; c gi l switched virtual circuits (SVCs). Nhng ngy nay, ngi ta thng s dng permanent virtual circuits (PVCs) to kt ni. PVC l cc ng kt ni c cu hnh trc bi cc Frame Relay Switch v cc thng tin chuyn mch ca gi c lu trong switch. Trong Frame Relay, nu mt frame b li th s b hy ngay m khng c mt thng bo no. Cc router ni vi mng Frame Relay c th c nhiu ng kt ni o n nhiu mng khc nhau. Do , Frame Relay gip chng ta tit kim rt nhiu v khng cn cc mng phi lin kt trc tip vi nhau. Cc ng kt ni o (VC) c cc DLCI (Data Link Channel Identifier) ca ring n. DLCI c cha trong cc frame khi n c chuyn i trong mng Frame Relay. Trong Frame Relay, ngi ta thng s dng mng hnh sao kt ni cc mng LAN vi nhau hnh thnh mt mng WAN (c gi l hub and spoke topology)

315

trong hnh ny, mng trung tm c gi l hub, cc mng remote1, remote2, remote3, remote4 v remote5 c gi l spoke. Mi spoke ni vi hub bng mt ng kt ni o (VC). Trong hnh trn nu ta mun cc spoke c th lin lc c vi nhau th ch cn to ra cc VC gia cc spoke vi nhau. hnh ny gip ta to ra mt mng WAN c gi thnh r hn rt nhiu so vi s dng leased line, do cc mng ch cn mt ng ni vi mng Frame Relay. Frame Relay s dng split horizon chng lp. Split horizon khng cho php routing update tr ngc v interface gi. V trong frame relay, chng ta c th to nhiu ng PVC trn mt interface vt l, do s b lp nu khng c split horizon. Trong mng WAN s dng leased line, cc DTE c ni trc tip vi nhau nhng trong mng s dng Frame Relay, cc DTE c ni vi nhau thng qua mt mng Frame Relay gm nhiu Switch. Do chng ta phi map a ch lp mng Frame Relay vi a ch IP ca DTE u xa. Chng ta c th map bng cch s dng cc cu lnh. Nhng vic ny c th c thc hin t ng bng LMI v Inverse ARP. LMI (Local Management Interface) c trao i gia DTE v DCE (Frame Relay switch), c dng kim tra hot ng v thng bo tnh trng ca VC, iu khin lung, v cung cp s DLCI cho DTE. LMI c nhiu loi l : cisco (chun ring ca Cisco), ansi (theo chun ANSI Annex D) v q933a (theo chun ITU q933 Annex A). Khi router mi c ni vi mng Frame Relay, router s gi LMI n mng hi tnh trng. Sau mng s gi li router mt thng ip LMI vi cc thng s ca ng VC c cu hnh. Khi router mun map mt VC vi a ch lp mng, router s gi thng ip Inverse ARP bao gm a ch lp mng (IP) ca router trn ng VC n vi DTE u xa. DTE u xa s gi li mt Inverse ARP bao gm a ch lp mng ca n, t router map a ch ny vi s DLCI ca VC. II. Cc cu lnh s dng trong bi lab :

316

encapsulation framerelay [cisco | ietf] Cu hnh giao thc ng gi Frame Relay cho interface. Router h tr hai loi ng gi Frame Relay l Cisco v ietf. framerelay intftype [dce | dte | nni] Cu hnh cho loi Frame Relay switch cho interface. S dng cho router ng vai tr l mt frame relay switch. framerelay lmitype {ansi | cisco | q933a} Cu hnh loi LMI s dng cho router framerelay route indlci outinterface outdlci To PVC gia cc interface trn router ng vai tr l mt frame relay switch framerelay switching Cu hnh cho router hot ng nh mt frame relay switch show framerelay pvc [type number [dlci]] Xem thng s ca cc ng PVC c cu hnh trm router show framerelay route Xem tnh trng cng nh thng s c cu hnh cho cc ng PVC. Cu lnh ny c s dng cho router ng vai tr l frame relay switch show framerelay map Xem cc thng s v map gia DLCI u gn vi IP u xa show framerelay lmi [type number] Xem cc thng s ca LMI gia router vi Frame relay switch.

317

III.

M t bi lab v hnh :

hnh bi lab nh hnh trn. Router FrameSwitch c cu hnh l mt frame relay switch. Hai u cp serial ni vi router FrameSwitch l DCE. Router TTG1 v TTG2 s dng giao thc RIP. IV. Cu hnh router : - Chng ta cu hnh cho cc interface ca router TTG1 v TTG2 nh sau : Router TTG1 : Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface Loopback0 TTG1(config-if)#ip address 10.1.0.1 255.255.255.0 TTG1(config-if)#interface Serial0/1/0 TTG1(config-if)# ip address 192.168.1.1 255.255.255.0

318

TTG1(config-if)#no shutdown TTG1(config-if)#exit TTG1(config)#router rip TTG1(config-router)#network 10.0.0.0 TTG1(config-router)# network 192.168.1.0

Router TTG2 : Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface Loopback0 TTG2(config-if)#ip address 11.1.0.1 255.255.255.0 TTG2(config-if)#interface Serial0/1/0 TTG2(config-if)# ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#exit TTG2(config)#router rip TTG2(config-router)#network 11.0.0.0 TTG2(config-router)# network 192.168.1.0 - Chng ta tin hnh cu hnh frame realy cho hai router TTG1 v TTG2 TTG1(config)#interfae s0/1/0 TTG1(config-if)#encapsulation frame-relay

S dng giao thc ng gi


Frame Relay cho interface S0/1/0

319

TTG1(config-if)#frame-relay lmi-type ansi TTG2(config)#interface s0/1/0 TTG2(config-if)#encapsulation frame-relay TTG2(config-if)#frame-relay lmi-type ansi

Cu hnh kiu ca LMI l ANSI

- Sau khi cu hnh frame relay cho router TTG1 v TTG2, chng ta s cu hnh cho router FrameSwitch tr thnh mt frame relay switch nh sau :

FrameSwitch(config)#frame-relay switching FrameSwitch(config)#interface s0/1/0

Cu hnh cho router tr thnh


mt Frame Relay Switch

FrameSwitch(config-if)#encapsulation frame-relay FrameSwitch(config-if)#frame-relay lmi-type ansi FrameSwitch(config-if)#frame-relay intf-type dce Cu hnh interface serial 0 l Frame Relay DCE FrameSwitch(config-if)#clock rate 64000

Cung cp xung clock 64000 bps

FrameSwitch(config-if)#frame-relay route 102 interface s0/1/1 201 FrameSwitch(config-if)#no shutdown FrameSwitch(config)#in s0/1/1 FrameSwitch(config-if)#encapsulation frame-relay FrameSwitch(config-if)#frame-relay lmi-type ansi FrameSwitch(config-if)#frame-relay intf-type dce FrameSwitch(config-if)#clock rate 64000 FrameSwitch(config-if)#frame-relay route 201 interface s0/1/0 102

320

FrameSwitch(config-if)#no shutdown - Cu lnh frame-relay route 102 interface s0/1/1 201 c ngha : bt k mt frame relay traffic no c DLCI l 102 n interface serial0/1/0 ca router s c gi ra interface serial0/1/1 vi DLCI l 201. Tng t cho cu lnh frame-relay route 201 interface s0/1/0 102 : bt k frame relay traffic no c DCLI l 201 n interface serial0/1/1 s c gi ra serial0/1/0 vi DLCI l 102. Hai cu lnh trn c s dng to ra mt PVC gia S0/1/0 v S0/1/1. - kim tra xem router FrameSwitch c hot ng nh mt frame relay switch hay cha chng ta s dng cu lnh show frame-relay pvc

FrameSwitch#show frame-relay pvc PVC Statistics for interface Serial0/1/0 (Frame Relay DCE) Active Local Switched Unused 0 1 0 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0

DLCI=102, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 input pkts 3 out bytes 166 in BECN pkts 0 in DE pkts 0 out bcast pkts 0 output pkts 3 dropped pkts 1 out FECN pkts 0 out DE pkts 0 out bcast bytes 0 Num Pkts Switched 3 in bytes 186 in FECN pkts 0 out BECN pkts 0

pvc create time 00:01:04, last time pvc status changed 00:00:40

321

PVC Statistics for interface Serial1 (Frame Relay DCE) Active Local Switched Unused 0 1 0 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0

DLCI = 201, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/1 input pkts 4 out bytes 186 in BECN pkts 0 in DE pkts 0 out bcast pkts 0 output pkts 3 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 0 Num Pkts Switched 3 in bytes 200 in FECN pkts 0 out BECN pkts 0

pvc create time 00:00:45, last time pvc status changed 00:00:43 DLCI USAGE ch cho ta bit hai interface S0/1/0, S0/1/1 hot ng ch frame relay switch v ACTIVE. ng thi thng bo ca cu lnh cn cho ta bit c s gi c chuyn mch qua interface (Num Pkts Switched 3). - Nh vy, t kt qu trn ta bit c rng router FrameSwitch ang hot ng nh mt Frame Relay Switch. - Chng ta s kim tra tnh trng ca LMI gia router FrameSwitch v hai router TTG1, TTG2 bng cu lnh show frame lmi FrameSwitch#show frame lmi LMI Statistics for interface Serial0/1/0 (Frame Relay DCE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid dummy Call Ref 0 Invalid Status Message 0 Invalid Prot Disc 0 Invalid Msg Type 0 Invalid Lock Shift 0

322

Invalid Information ID 0 Invalid Report Request 0 Num Status Enq. Rcvd 20 Num Update Status Sent 0

Invalid Report IE Len 0 Invalid Keep IE Len 0 Num Status msgs Sent 20 Num St Enq. Timeouts 0

LMI Statistics for interface Serial0/1/1 (Frame Relay DCE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid dummy Call Ref 0 Invalid Status Message 0 Invalid Information ID 0 Invalid Report Request 0 Num Status Enq. Rcvd 16 Num Update Status Sent 0 Invalid Prot Disc 0 Invalid Msg Type 0 Invalid Lock Shift 0 Invalid Report IE Len 0 Invalid Keep IE Len 0 Num Status msgs Sent 16 Num St Enq. Timeouts 0

- Cu lnh cho ta bit c thng tin ca tt c cc interface ca router hot ng ch Frame relay. ( y l interface S0/1/0v S0/1/1) - By gi chng ta s kim tra cc frame relay route trn router Frameswitch bng cu lnh show frame route FrameSwitch#sh frame-relay route Input Intf Serial0/1/0 Serial0/1/1 Input Dlci 102 201 Output Intf Serial0/1/1 Serial0/1/0 Output Dlci 201 102 Status active active

- Kt qu cu lnh cho chng ta bit rng traffic n interface serial0/1/0 vi DLCI 102s c chuyn mch qua serial0/1/1 vi DLCI 201; ngc li, traffic n serial0/1/1 vi DLCI 201 s c chuyn mch qua serial0/1/0 vi DLCI 102. ng thi cu lnh cng ch ra l c hai DLCI u hot ng.

323

- Chuyn sang router TTG1, chng ta s kim tra xem DLCI 102 trn interface serial0/0/0 c hot ng hay cha bng cch : TTG1#sh frame-relay pvc PVC Statistics for interface Serial0/0/0 (Frame Relay DTE) Active Local Switched Unused 1 0 0 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0

DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 input pkts 8 out bytes 570 in BECN pkts 0 in DE pkts 0 out bcast pkts 7 output pkts 7 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 570 in bytes 646 in FECN pkts 0 out BECN pkts 0

pvc create time 00:02:58, last time pvc status changed 00:02:38

- Nhn xt : Interface serial0/0/0 ca router TTG1 hot ng nh mt frame relay DTE, v DLCI 102 hot ng. - Mc nh Cisco s dng Inverse ARP map a ch IP u xa ca PVC vi DLCI ca interface u gn. Do chng ta khng cn phi thc hin thm bc ny. kim tra vic ny chng ta s dng cu lnh show frame-relay map TTG1#sh frame-relay map Serial0/1/0 (up): ip 192.168.1.2 dlci 102(0xC9,0x3090), dynamic, broadcast, status defined, active

324

- Kt qu cu lnh cho ta bit, DLCI 102 hot ng trn interface serial0/0/0 v c map vi a ch IP 102.168.1.2 ca router TTG2, v vic map ny l t ng. - Lp li cc bc tng t kim tra cho router TTG2 TTG2#sh frame-relay pvc PVC Statistics for interface Serial0/0/0 (Frame Relay DTE) Active Local Switched Unused 1 0 0 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0

DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 input pkts 10 out bytes 934 in BECN pkts 0 in DE pkts 0 out bcast pkts 11 output pkts 11 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 934 in bytes 858 in FECN pkts 0 out BECN pkts 0

pvc create time 00:04:05, last time pvc status changed 00:04:05

TTG2#show frame-relay map Serial0/0/0 (up): ip 192.168.1.1 dlci 201(0xC9,0x3090), dynamic, broadcast,, status defined, active - Nhn xt : DLCI 201 hot ng trn interface serial0/0/0 ca TTG2 v c map vi a ch IP 192.168.1.1

325

- By gi chng ta s kim tra cc mng c th lin lc c vi nhau cha bng cch ln lt ng hai router v ping n cc interface loopback ca router u xa. TTG1#ping 11.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms TTG2#ping 10.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/64 ms - Nh vy, cc mng c th lin lc c vi nhau. V router FrameSwitch thc hin tt chc nng frame relay switch.

326

CU HNH FRAME RELAY NNG CAO


I. Gii thiu : - Fame relay hu nh rt ph bin trong cng ngh WAN .Frame Relay cung cp nhiu hn cc c tnh v cc li nhun vic kt ni point -to- point WAN . - Trong mi trng Frame Relay hot ng m bo vic kt ni lm vic th 2 u thit b bn ngoi Frane Relay phi l Data Terminal Equipment (DTE) v mi trng Frame relay switch bn trong phi l Data Communication Equipmet (DCE) . Subinterface hot ng ging nh lease lines mi point-to-point subinterface i hi phi c cc subnet ring bit Trong bi thc hnh ta s dng m hnh Hub v Spoke. Trong Router TTG l HUB v cc Spoke l router TTG v TTG2. II. M t bi lab v hnh :

327

III.

Cu hnh :

FR-SWITCHING : Router>enable Router#configure terminal Router(config)#hostname FRSwitch FRSwitch(config)#interface s0/1/0 FRSwitch(config-if)# encapsulation frame-relay FRSwitch(config-if)# clockrate 64000 FRSwitch(config-if)#frame-relay intf-type dce FRSwitch(config-if)# frame-relay route 102 interface Serial0/1/1 201 thc hin route cho cc PVC, lnh ny khi thy DLCI n S0/1/0 l 102 s y frame ny ra S0/1/1 v i thnh DLCI 201 FRSwitch(config-if)# frame-relay route 103 interface Serial0/2/0 301 FRSwitch(config-if)#exit FRSwitch(config)#interface s0/1/1 FRSwitch(config-if)#encapsulation frame-relay FRSwitch(config-if)# clockrate 64000 FRSwitch(config-if)#frame-relay intf-type dce FRSwitch(config-if)# frame-relay route 201 interface Serial0/1/0 102 FRSwitch(config-if)#exit FRSwitch(config)#interface s0/2/0 FRSwitch(config-if)#encapsulation frame-relay FRSwitch(config-if)# clockrate 64000 FRSwitch(config-if)#frame-relay intf-type dce FRSwitch(config-if)# frame-relay route 301 interface Serial0/1/0 103 Router TTG1: Router>enable

328

Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface loopback 0 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#exit TTG1(config)#interface s0/1/0 TTG1(config-if)#encapsulation frame-relay TTG1(config-if)#no shutdown TTG1(config-if)#exit TTG1(config)#interface Serial0/1/0.102 point-to-point TTG1(config-if)# ip address 192.168.4.1 255.255.255.0 TTG1(config-if)# frame-relay interface-dlci 102 TTG1(config-if)#exit TTG1(config)#interface Serial0/1/0.103 point-to-point TTG1(config-if)# ip address 192.168.5.1 255.255.255.0 TTG1(config-if)#frame-relay interface-dlci 103 TTG1(config-if)#exit TTG1(config)#router eigrp 100 TTG1(config-router)# network 192.168.1.0 TTG1(config-router)# network 192.168.4.0 TTG1(config-router)# network 192.168.5.0 Router TTG2 : Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface loopback 0 TTG2(config-if)#interface Loopback0 TTG2(config-if)# ip address 192.168.2.1 255.255.255.0 TTG2(config-if)#exit

329

TTG2(config)#interface Serial0/1/0 TTG2(config-if)#encapsulation frame-relay TTG2(config-if)#exit TTG2(config)#interface Serial0/1/0.201 point-to-point TTG2(config-if)# ip address 192.168.4.2 255.255.255.0 TTG2(config-if)# frame-relay interface-dlci 201 TTG2(config-if)#exit TTG2(config)#router eigrp 100 TTG2(config-router)# network 192.168.2.0 TTG2(config-router)# network 192.168.4.0 TTG2(config-router)#exit Router TTG3 : Router>enable Router#configure terminal Router(config)#hostname TTG3 TTG3(config)#interface loopback 0 TTG3(config-if)#ip address 192.168.3.1 255.255.255.0 TTG3(config-if)#exit TTG3(config)#interface s0/1/0 TTG3(config-if)#encapsulation frame-relay TTG3(config-if)#no shutdown TTG3(config-if)#exit TTG3(config)#interface Serial0/1/0.301 point-to-point TTG3(config-if)# ip address 192.168.5.2 255.255.255.0 TTG3(config-if)# frame-relay interface-dlci 301 TTG3(config-if)#exit TTG3(config)#router eigrp 100

330

TTG3(config-router)# network 192.168.3.0 TTG3(config-router)# network 192.168.5.0 TTG3(config-router)#exit - Chng kim tra route map ca cc router bng cu lnh sau : TTG1#show frame-relay map Serial0/1/0.103 (up): point-to-point dlci, dlci 103(0x35,0xC50), broadcast status defined, active Serial0/1/0.102 (up): point-to-point dlci, dlci 102(0x34,0xC40), broadcast status defined, active - S dng cu lnh show frame-relay pvc kim tra cc ng PVC TTG2#sh frame-relay pvc PVC Statistics for interface Serial0/1/0 (Frame Relay DTE) DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/0 input pkts 8 out bytes 2572 in BECN pkts 0 in DE pkts 0 out bcast pkts 14 output pkts 14 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 2572 in bytes 1448 in FECN pkts 0 out BECN pkts 0

pvc create time 00:17:21, last time pvc status changed 00:04:16 - Chng ta s dng cu lnh sau xem thng tin v LMI TTG1#sh frame-relay lmi LMI Statistics for interface Serial0/1/0 (Frame Relay DTE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0

331

Invalid dummy Call Ref 0 Invalid Status Message 0 Invalid Information ID 0 Invalid Report Request 0 Num Status Enq. Sent 74 Num Update Status Rcvd 0 FRSwitch#show frame-relay pvc

Invalid Msg Type 0 Invalid Lock Shift 0 Invalid Report IE Len 0 Invalid Keep IE Len 0 Num Status msgs Rcvd 37 Num Status Timeouts 37

PVC Statistics for interface Serial0/1/0 (Frame Relay DCE) DLCI = 102, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/0 input pkts 16 out bytes 1621 in BECN pkts 0 in DE pkts 0 out bcast pkts 0 output pkts 17 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 0 Num Pkts Switched 16 in bytes 1590 in FECN pkts 0 out BECN pkts 0

pvc create time 00:06:22, last time pvc status changed 00:07:02 DLCI = 103, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/0 input pkts17 out bytes 1590 in BECN pkts 0 in DE pkts 0 out bcast pkts 0 output pkts 16 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 0 Num Pkts Switched 17 in bytes 1620 in FECN pkts 0 out BECN pkts 0

pvc create time 00:06:13, last time pvc status changed 00:09:19 PVC Statistics for interface Serial0/1/1 (Frame Relay DCE)

332

DLCI = 201, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/1 - i vi lnh show frame pvc ta cn ch cc ch sau ca PVC status : ACTIVE : C 2 u ca Frame relay PVC trng thi hot ng INACTIVE : u Frame relay ca u bn kia ca router ang c vn v cu hnh, nhng ti u Frame Relay hin ti router hot ng tt. DELETED : Vn xy ra vi Router hin ti. LMI cha hot ng. - By gi chng ta s kim tra trng thi ca cc cng: TTG2#show ip interface brief Interface Loopback0 Serial0/1/0 Serial0/1/0.201 Serial0/1/1 IP-Address 192.168.2.1 unassigned 192.168.4.2 unassigned OK? Method Status YES manual up YES unset up YES manual up YES unset administratively down Protocol up up up down

TTG2#show frame-relay map Serial0/1/0.201 (up): point-to-point dlci, dlci 201(0x33,0xC30), broadcast status defined, active - Chng ta kim tra li bng nh tuyn ca cc router: TTG2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - IGRP, EX - IGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route

333

Gateway of last resort is not set C D D 192.168.4.0/24 is directly connected, Serial0/1/0.201 192.168.5.0/24 [90/10476] via 192.168.4.1, 00:00:25, Serial0/1/0.201 192.168.1.0/24 [90/8976] via 192.168.4.1, 00:00:25, Serial0/1/0.201

C 192.168.2.0/24 is directly connected, Loopback0 D 192.168.3.0/24 [90/10976] via 192.168.4.1, 00:00:25, Serial0/1/0.201

TTG2#ping 192.168.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/118/128 ms TTG2#ping 192.168.4.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/80 ms TTG3#ping 192.168.5.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms - TTG2#ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: !!!!!

334

Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/120 ms - Nh vy ta hon thnh vic nh tuyn trn mng Frame Relay

335