Está en la página 1de 14

TiliuthchnhCCNA

Cu Hnh Switch C Bn
I. Cc lnh lin quan n bi lab: - Cc cu lnh tr gip - Cc cu lnh kim tra - Cu hnh tn switch - Cu hnh password - Cu hnh a ch IP v default gateway - Lab cu hnh switch c bn 1. Cc lnh tr gip: Switch> ? Switch> enable Switch# Switch# disable Switch> exit Cu hnh Hostname 2. Cc cu lnh kim tra Switch# show running-config Switch# show startup-config Switch# show interfaces Hin th file cu hnh ang chy trn RAM Hin th file cu hnh ang chy trn NVRAM Hin th thng tin cu hnh v cc interface c trn switch v trng thi ca cc interface . Hin th cc thng s cu hnh ca Interface VLAN 1, Vlan 1 l vlan mc nh trn tt c cc switch ca cisco. Hin th thng tin v phn cng v phn mm ca switch Hin th thng tin v b nh flash Hin th bng a ch MAC hin ti ca switch Phm ? c dng lm phm tr gip ging nh router L ch User L ch Privileged Thot khi ch privileged Thot khi ch User

Switch# show interface vlan 1

Switch# show version Switch# show flash: Switch# show mac-address-table

3.Cu hnh Hostname

TiliuthchnhCCNA

Switch# configure terminal Switch(config)# hostname 2960Switch

Chuyn cu hnh vo ch Global Configuration t tn cho switch l 2960Switch. Cu lnh t tn ny thc thi ging trn router.

4.Cc loi password 2960Switch(config)#enable password cisco 2960Switch(config)#enable secret class 2960Switch(config)#line console 0 2960Switch(config-line)#login 2960Switch(config-line)#password cisco 2960Switch(config-line)#exit 2960Switch(config-line)#line vty 0 4 2960Switch(config-line)#login 2960Switch(config-line)#password cisco 2960Switch(config-line)#exit 5. Cu hnh a ch IP v default gateway 2960Switch(config)# Interface vlan 1 2960Switch(config-if)# ip address 172.16.10.2 255.255.0.0 2960Switch(config)#ip default-gateway 172.16.10.1 Vo ch cu hnh ca interface vlan 1 Gn a ch ip v subnet mask cho php truy cp switch t xa. Cu hnh a ch default gateway cho Switch Cu hnh Password enable cho switch l Cisco Cu hnh Password enable c m ha l class Vo ch cu hnh line console Cho php switch kim tra password khi ngi dng login vo switch thng qua console Cu hnh password cho console l Cisco Thot khi ch cu hnh line console Vo ch cu hnh line vty Cho php switch kim tra password khi ngi dng login vo switch thng qua telnet Cu hnh password cho php telnet l Cisco Thot khi ch cu hnh ca line vty

TiliuthchnhCCNA

6. Cu hnh m t cho interface 2960Switch(config)# interface fastethernet fa0/1 2960Switch(config-if)# description Finace VLAN Vo ch cu hnh ca interface fa0/1 Thm mt on m t cho interface ny.

* Ch : i vi dng switch 2960 c 12 hoc 24 Fast Ethernet port th tn ca cc port s bt u t: fa0/1, fa0/2. Fa0/24. Khng c port Fa0/0. 7. Qun l bng a ch MAC: Switch# show mac address-table Hin th ni dung bng a ch mac hin thi ca switch

II.

Lab cu hnh Switch c bn:

Yu cu : -S dng Packet Tracer kt ni m hnh nh trn -Xa ton b cu hnh hin ti ca Swicth -Cc lnh xem thng tin -Cu hnh hostname, a ch IP -Cc loi mt khu -Tc v duplex -Tnh nng PortSecurity

TiliuthchnhCCNA

1. Kt ni cp v xa cu hnh cho Switch: - S dng ng cp thng kt ni t PC n Switch - S dng PC kt ni vo cng console ca Switch hoc vo tab CLI ca thit b tin hnh cu hnh - Xa cu hnh Switch Switch> enable Switch# erase startup-config Switch# reload 2. Cc lnh kim tra thng tin : Xem cu hnh hin ti ca Switch cng vi tng s lng interface Fastethernet, GigabitEthernet, s line vty cho telnet..

Switch#show running-config Trn tt c SW Cisco u c interface mc nh l VLAN1 dng qun l SW t xa thng qua vic t ip cho interface ny, xem t im interface vlan 1

Switch#show interface vlan1 Ghi li thng tin a ch Ip, MAC, trng thi up, down Switch#show interface fa0/1 tnh trng interface fastethernet 0/1 Xem thng tin v phin bn h iu hnh, dung lng b nh RAM, NVRAM, Flash

Switch#show version Ni dung b nh Flash

Switch#show flash: Hoc Switch#dir flash: Switch#dir flash: 6 drwx 4480 Mar 1 1993 00:04:42 +00:00 html 618 -rwx 4671175 Mar 1 1993 00:06:06 +00:00 c2960-lanbase-mz.122-25.SEE3.bin 32514048 bytes total (24804864 bytes free) Xem cu hnh ang lu trn Switch

TiliuthchnhCCNA

Switch#show startup-configure startup-config is not present L do hin thng bo trn l do hin ti chng ta cha lu cu hnh, by gi th t hostname cho thit b sau lu cu hnh

Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S1 S1(config)#exit S1#copy running-config startup-config Destination filename [startup-config]? (enter) Building configuration... [OK] S1#show startup-config Using 1170 out of 65536 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S1 ! <output omitted> 3. Cc loi mt khu : Cu hnh mt khu cisco cho cng Console

S1(config)#line console 0 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#exit Telnet l mt dch v gip ngi qun tr c th qun l cc thit b t xa thng qua cc line vty, trong trng hp ny mt khu line vty cho dch v Telnet l Cisco

S1(config)#line vty 0 4 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#exit t mt khu nhy t mode User ( > ) sang Privileged ( #) l class

TiliuthchnhCCNA

S1(config)#enable secret class Mode Privileged c th thay i tt c cu hnh ca thit b Cisco nn rt quan trong nn vic t mt khu cho mode ny l cn thit 4. t IP cho Switch : Switch l mt thit b lp 2 nn cc cng ca Switch ta khng th t IP c c th qun l thit b t xa, i vi Cisco Switch ta c th lm c iu ny bng cch t ip thng qua 1 interface t bit VLAN1 ( logical interface ) S1(config)#interface vlan 1 S1(config-if)#ip address 172.17.99.11 255.255.0.0 S1(config-if)#no shutdown S1(config-if)#exit S1(config)# t mng khc vn c th qun l c switch cn khai bo thm Gateway cho Switch :

S1(config)#ip default-gateway 172.17.99.1 Vi 172.27.99.1 l a ch ca gateway Kim tra li cu hnh interface Vlan 1

S1#show interface vlan 1 Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 001b.5302.4ec1 (bia 001b.5302.4ec1) Internet address is 172.17.99.11/16 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:06, output 00:03:23, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 4 packets input, 1368 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 1 packets output, 64 bytes, 0 underruns

TiliuthchnhCCNA

0 output errors, 0 interface resets Cu hnh a ch IP cho PC1 vi thng tin trn bi lab, trn PC vo Desktop -> IP Configuration IP: 172.17.99.21 SM: 255.255.0.0 Gw: 172.17.99.1 hin ti cha c trong bi lab ny - Kim tra kt ni t PC n Switch : PC vo Desktop -> Command prompt -> ping 172.17.99.11 Thay i cu hnh duplex v tc trn cc cng ca Switch -

S1#configure terminal S1(config)#interface fastethernet 0/18 S1(config-if)#speed 100 S1(config-if)#duplex auto S1(config-if)#end Kim tra li interface

S1#show interface fastethernet 0/18 FastEthernet0/18 is up, line protocol is up (connected) Hardware is FastEthernet, address is 001b.5302.4e92 (bia 001b.5302.4e92) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Lu cu hnh configuration...

S1#copy running-config startup-config Destination filename [startup-config]?[Enter] Building [OK] S1# 5. Qun l bng MAC table : -

Kim tra a ch MAC ca c PC bng lnh ipconfig /all, ghi li a ch MAC v kim tra li bng a ch MAC trn Switch v so snh ni dung vi a ch MAC ca PC

TiliuthchnhCCNA

S1#show mac-address-table 6. Cu hnh tnh nng Port Security : Tnh nng Port Security c th gip ta qun l vic truy cp vo tng cng ca Switch gm: PC c MAC no c lt ni n cng, tng s MAC c kt ni Cc bc cu hnh nh sau

S1# configure terminal S1(config)#interface fastethernet 0/18 S1(config-if)#switchport mode access port hot ng mode access S1(config-if)#switchport port-security bt tnh nng port security S1(config-if)#switchport port-security maximum 2 ti a 2 MAC c kt ni n cng ny S1(config-if)#switchport port-security mac-address sticky cc a ch MAC trn c hc t ng t 2 PC u tin ni n cng S1(config-if)#switchport port-security violation shutdown Khi vt qu s lng cho php cng s t ng shutdown -Xem li cu hnh bng 2 lnh Switch#show running-configure Switch#show port-security interface fa0/18 Th kim tra li hot ng ca Port Security bng cch ln lt ni PC1, 2 vo cng fa0/18 sau s dng lnh show port-security address s thy ch c PC1, 2 mi c kt ni n cng fa0/18, by gi ta cm thm 1 PC th 3 vo cng fa0/18 na s thy cng t ng b shutdown do vt qu gii hn cho php ca lnh switchport port-security maximum 2 Tin hnh lu cu hnh v kt thc bi Lab.

TiliuthchnhCCNA

Cu Hnh Router C Bn
I. Gii thiu : Bo mt l mt yu t rt quan trng trong network,v th n rt c quan tm v s dng mt khu l mt trong nhng cch bo mt rt hiu qu.S dng mt khu trong router c th gip ta trnh c nhng s tn cng router qua nhng phin Telnet hay nhng s truy cp trc tip vo router thay i cu hnh m ta khng mong mun t ngi la. Mc ch : Ci t c mt khu cho router, khi ng nhp vo, router phi kim tra cc loi mt khu cn thit. M t bi lab v hnh :

II.

III.

Trong hnh trn, PC c ni vi router bng cp console IV. Cc cp bo mt ca mt khu : Cp bo mt ca mt khu da vo cp ch m ho ca mt khu .cc cp m ha ca mt khu: Cp 5 : m ha theo thut ton MD5, y l loi m ha 1 chiu,khng th gii m c(cp ny c dng m ho mc nh cho mt khu enable secret gn cho router) Cp 7 : m ha theo thut ton MD7, y l loi m ha 2 chiu,c th gii m c(cp ny c dng m ha cho cc loi password khc khi cn nh: enable password,line vty,line console) Cp 0 : y l cp khng m ha. V. Qui tc t mt khu : Mt khu truy nhp phn bit ch hoa,ch thng,khng qu 25 k t bao gm cc k s,khong trng nhng khng c s dng khong trng cho k t u tin. Router(config)#enable password vsic-vsic-vsic-vsic-vsic-vsic-vsic % Overly long Password truncated after 25 characters mt khu c t vi 26 k t khng c chp nhn

TiliuthchnhCCNA

VI.

Cc loi mt khu cho Router : Enable secret : nu t loai mt khu ny cho Router,bn s cn phi khai bo khi ng nhp vo ch user mode ,y l loi mt khu c hiu lc cao nht trong Router,c m ha mc nh o cp d 5. Enable password : y l loi mt khu c chc nng tng t nh enable secret nhng c hiu lc yu hn,loi password ny khng c m ha mc nh,nu yu cu m ha th s c m ha cp 7. Line Vty : y l dng mt khu dng gn cho ng line Vty,mt khu ny s c kim tra khi bn ng nhp vo Router qua ng Telnet. Line console : y l loi mt khu c kim tra cho php bn s dng cng Console cu hnh cho Router. Line aux : y l loi mt khu c kim tra khi bn s dng cng aux. Cc bc t mt khu cho Router : Bc 1 : khi ng Router , nhn enter vo ch user mode. T ch user mode dng lnh enable vo ch Privileged mode Router con0 is now available Press RETURN to get started. Router>enable Router# Bc 2 : T du nhc ch Privileged mode vo mode cofigure cu hnh cho Router bng lnh configure terminal Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Bc 3 : Cu hnh cho tng loi Password Cu hnh cho mt khu enable secret (Ch :mt khu c phn bit ch hoa v ch thng) Router(config)#enable secret ttg Router(config)#exit

VII.

Mt khu l ttg

Cu hnh mt khu bng lnh enable password Router(config)#enable password cisco Router(config)#exit

Mt khu l cisco

TiliuthchnhCCNA

Lu : khi ta ci t cng lc 2 loi mt khu enable secret v enable password th Router s kim tra mt khu c hiu lc mnh hn l enable secret. Khi mt khu secret khng cn th lc mt khu enable password s c kim tra, hy th kim tra li bng cch thot ra li mode User ri vo li mode Privileged bng lnh enable Router s hi mt mu khai bo bng lnh enable secret Cu hnh mt khu bng lnh Line Mt khu cho ng Telnet (Line vty) Router(config)#line vty 0 4 Router(config-line)#password class password l class m ch ci t password Router(config-line)#login Router(config-line)#exit Mt khu cho cng console : Router(config)#line console 0

m ng Line Console
cng Console th 0

Router(config-line)#password cert Router(config-line)#login Router(config-line)#exit

password l cert m ch ci t password

Mt khu cho cng aux: Router(config)#line aux 0 S 0 ch s th t cng aux c dng Router(config-line)#password router Router(config-line)#login Router(config-line)#exit Sau khi t xong mt khu,ta thot ra ngoi ch Privileged mode, dng lnh Show runningconfig xem li nhng password cu hnh : Router#show running-config Building configuration... Current configuration : 550 bytes version 12.1

password l router

TiliuthchnhCCNA

no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Router enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o password secret c m ha mc nh cp 5 enable password cisco ! line con 0 password cert login line aux 0 password router login line vty 0 4 password class login ! End Dng lnh Show running-config ta s thy c cc password cu hnh, nu mun m ha tt c cc password ta dng lnh Service password-encryption trong mode config. Router(config)#service password-encryption Router(config)#exit password cho ng vty l class password cho cng aux l router password cho cng Console l cert password ci t ch khng m ha

TiliuthchnhCCNA

Dng lnh show running-config kim tra li: Router#show run Building configuration... enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o/ enable password 7 094F471A1A0A line con 0 password 7 15110E1E10 login line aux 0 password 7 071D2E595A0C0B password c m ha cp 7 login line vty 0 4 password 7 060503205F5D login ! End Ch : Ta khng th dng lnh no service password-encryption b ch m ha cho mt khu,ta ch c th b ch m ha khi gn li mt khu khc Sau khi t mt khu xong, khi ng nhp vo Router li, mt khu s c kim tra: Router con0 is now available Press RETURN to get started. User Access Verification Password:cert Router>ena Password:ttg nhn enter mt khu line console s c kim tra khai bo mt khu console l : cert enable d vo mode Privileged V mt khu secret c hiu lc cao hn nn c kim tra password c m ha cp 7 password c m ha cp 7 password c m ha cp 7

TiliuthchnhCCNA

Router# Cc loi mt khu khc nh Line Vty ,Line aux s c kim tra khi s dng n chc nng VIII. G b mt khu cho router : Nu mun g b mt khu truy cp cho loi mt khu no ta dng lnh no trc cu lnh gn cho loi mt khu . V d : Mun g b mt khu secret cho router Router(config)#no enable secret Router(config)#exit Bng cch tng t,ta c th g b mt khu cho cc loi mt khu khc.