Lun vn

Xy dng h thng mng

LAN cho trng i hc

NHN XT CA C S THC TP
H tn ngi thc
tp:..................................................................................................Lp................

im: .
Ngy thng nm 2011
C S THC TP
(K v ng du)

NHN XT CA GIO VIN HNG DN V KT QU BO V THC

TP TT NGHIP
Sinh vin :..................................................................................................................
Lp : ..........................................................................................................................
a im thc tp:......................................................................................................
I. TIN V THI THC TP CA SINH VIN
1. Mc lin h vi gio vin : ....................................................................................
...............................................................................................................................
2. Thi gian thc tp v quan h vi c s: ....................................................................
3. Tin thc hin : .....................................................................................................
II. NI DUNG BO CO
1. Thc hin cc ni dung thc tp:................................................................................
2. Thu thp v x l s liu thc t:................................................................................
3. ................................................................................................................ K
h nng hiu bit thc t v l thuyt:..................................................................
III. HNH THC TRNH BY: ....................................................................................
IV. MT S KIN KHC: ......................................................................................
V. KIN CA GIO VIN HNG DN
(ng hay khng ng cho bo v): .........................................................................
IM:...............................
Ngy .thng nm 200
(K v ghi r h tn)

VI. KT QU BO V:................................. IM.......... .

(K v ghi r h tn)

Li ni u
Trong cng cuc i mi khng ngng ca khoa hc cng ngh, nhiu lnh vc
v ang pht trin vt bc, c bit l lnh vc cng ngh thng tin. Thnh
cng ln nht l s ra i ca my tnh, k t my tnh c coi l mt
phng tin tr gip c lc cho con ngi trong mi lnh vc. Nhng tt c cc
my tnh u n l v khng th chia s thng tin cho nhau.
Chnh v vy cng ngh thng tin - c bit l Internet, bt u c s
dng Hoa K vo nm 1995 (Wiles v Bondi, 2002) v sau bt u c
ph bin rng ri trn ton th gii. Ngy nay, tht kh c th hnh dung c
cng ngh thng tin pht trin nhanh n th no? C th ni ngnh cng ngh
thng tin l ngnh pht trin nhanh nht trong tt c cc ngnh v n c ng
dng trong mi lnh vc. c c nh vy th cn phi c mt mng my tnh
chia s d liu v dng chung d liu. Mang my tnh c cc t chc s
dng chia s thng tin, dng chung ti nguyn v cho php giao tip trc tuyn
trn mng nh: mail, th in t...
Cng vi s pht trin , lm thc y cc ngnh kinh t khc cng pht
trin theo. Trong c ngnh Gio Dc cng ang trin khai, p dng cng ngh
thng tin vo trong cng vic qun l, ging dy, iu hnh. Tt c mi hot ng
gii tr, kinh doanh, mua bn u nhanh chng, tin li, hiu qu cao.
Nhn thy c nhng li ch m cng ngh thng tin mang li cho chng
ta, th nhm chng em vi mong mun nghin cu v tm hiu v lp t c s h
tng mng v cu hnh cho cc thit b c th hot ng c trong mng. Xy
dng h thng mng LAN cho trng i hc chnh l ti ang c nghin
cu v tm hiu.
Trong thi gian tm hiu v nghim cu, do thi gian hn ch v tm hiu
cha c k cng nn s khng trnh khi cc thiu st.

Chng 1 : Tng quan h thng CNTT trong cc trng

H
I. Vai tr ca CNTT trong cc trng H
Cng ngh thng tin c mt vai tr ht sc to ln vo trong ngnh gio
dc.N gip cho s chao i thng tin gia cc trng i hc nhanh hn rt
nhiu so vi trc kia, gip cho vic ging dy ca cc gio vin c thun li
hn, sinh vin c th tm c ti liu mt cch ht sc d dng
Cc trng H nm cch xa nhau v mt a l v kh c kh nng cho
sinh vin c th chuyn i ni hc v thc tp, v do , mi trng H c con
ng v lnh a ring ca mnh. Hin nay, tnh hnh khng cn nh vy na.
Vi cng ngh thng tin, tri t chng ta tr nn nh b v gn gi hn.
Phn ln cc trng H Vit Nam hin nay ang vn hnh mt cch ring
r v t c s cnh tranh do c th l cc trng vn c truyn thng lu i l
cc trng n ngnh. Hin nay, vi s xut hin ca cc trng mi, c bit l
cc trng quc gia v trng vng a ngnh, cc trng dn lp, tnh hnh c
khc hn. Tuy nhin, theo kho st ca chng ti khi tham gia t vn t nh gi
cho 20 trng H u tin ca Vit Nam, vic s dng cng nghin thng tin
vo xy dng chng trnh hc cng nh ging dy ca cc trng cn rt nhiu
hn ch m l do ch yu l cha c cc chnh sch hiu qu v cha c s ng
tm t pha cc ging vin.
Th t ra cu hi: IT c th ci tin c cht lng ca gio dc i hc
khng? Tt nhin, IT khng th mt mnh c th lm nn tt c cht lng, tuy
nhin, quan trng nht l nhng la chn m chng ta phi c ng dng IT
vo nhm nng cao cht lng GD H.
Cc cng dng ca Internet
C th lit k mt s cng dng ca Internet trong ging dy v hc tp i hc
nh sau:
1. Ging vin c th giao tip vi tt c cc i tng: ng nghip, sinh vin,
cp trn v cc i tng vi nhau bng email;
2. Vic ging dy khng nhng c th din ra trn lp m c th din ra bt
c lc no v bt c u;
3. Vic hc ca sinh vin c th c c nhn ha vi s gip ca ging
vin bng cch trao i trc tip vi ging vin m khng ngi b nh gi;

II. Thc t trin khai h tng mng trong cc n v gio dc

Hin nay trong cc trng i hc th vic trin khai h tng mng cn
nhiu thiu st v cc m hnh cha c chun v mt s mt nh:
3. Cha c tng la bo v c s d liu cng nh bo mt
4. Phn vng chc nng h thng cha ng mc ch
5. C s h tng mng cha chun
i.

M hnh h thng thiu st

ii.

Phn hoch a ch cha chun

iii.

Chnh sch truy cp mng cho h thng cha ng theo chc nng
III. Yu cu phi quy hoch li h thng mng trong cc trng H
quy hoch li h thng mng, ta quy hoch li h thng mng theo
chun ca Cisco.
1. Xy dng theo m hnh mng chun 3 lp: Accsess switch, distribution, core
switch
2. Dng tng la (Fire wall) bo v d liu v ngn chn s truy cp tri
php t bn ngoi vo mng ni b.
3.

Phn vng mng hp l v chun theo m hnh

4.

H tng mng gm:

M hnh

Phn hoch a ch

Chnh sch truy cp ca tng vng

5

Chng 2: Phn tch h thng mng trong trng H

2.1. Phn tch yu cu h thng mng ti mt n v i hc
2.1.1 Phn vng truy cp vi cc chnh sch l:
i . Vng DMZ cha cc my ch web, Email, cc ng dng: Cc my ch ca
vng DMZ ny c th public qua cc mng khc, Inside. Cc my ch ca DMZ
v sever Inside c th mc ni d liu vi nhau.
ii. Vng Inside (my ch d liu v cc VLAN access): Cc PC t cc VLAN
c th truy cp n cc my ch ti vng DMZ v Inside v cc PC t cc VLAN
c th truy cp internet qua ng leasedline.
iii. Vng outside: Cc mng t bn ngoi mng internet ch c th truycp n
cc sever thuc vng DMZ m khng th truy cp n cc vng no khc.
2.1.2 Cc lp truy cp ngi dng
i. Lp truy cp ca cn b, gio vin: Cc PC ca cc VLAN cng phng ny
c th thng vi nhau v c th truy cp internet, cc my ch ca vng DMZ
nhng cc PC cc VLAN ny khng th truy cp n cc VLAN khc cng nh
cc my ch d liu ca sever Inside.
ii. Lp truy cp dnh cho sinh vin: Ch c php truy cp n cc my ch
ca vng DMZ cng nh c php truy cp Internet, nhng khng th truy cp
n cc VLAN khc
iii. Lp truy cp ca ngi qun tr: i vi nhng ngi qun tr mng th
c php truy cp n tt c cc vng m khng b hn ch.
iiii. Lp o to: c php truy cp n cc my ch o to cng nh my
ch d liu vng sever Inside.

2.2. Yu cu phi quy hoch li h thng mng trong cc trng H

Vi nhng u im ca Cisco, ta s xy dng mt h thng mng mi cho
trng i hc c th thay th tt nht cho mt h thng c, li thi:

M rng bng thng gip giao thng trong mng gim thiu tc nghn do
cng mt lc c nhiu ngi truy cp.

Tnh bo mt cao, gip mng ni b c th trnh c s truy cp tri php

t bn ngoi. Kim sot c lung thng tin gia mng ni b v mng Internet,
kim sot v cm a ch truy cp.
Kh nng kt ni Internet nhanh chng,
Tit kim nng lng trn c s h tng mng

Chng 3: Thit k h thng mng trong trng H

3.1. Gii thiu tng quan v cu trc mng:
3.1.1 Tng quan v h thng mng (Cc m hnh mng LAN, WAN, phn chia
IP)

Mng LAN Campus theo kin trc phn tng:

Mng LAN c thit k tun theo m hnh 3 lp ca mng LAN campus do

Cisco Systems a ra. M hnh ny hin nay cng c rt nhiu hang sn xut
p dng ph bin v nhng li ch m n mang li. Theo Cisco, mng LAN
campus c th c phn thnh 3 lp c bn nh sau:

lp Li (core layer),
lp Phn Phi (Distribution Layer)
lp Truy Cp (Access Layer).

Tuy nhin, ty theo quy m ca mng LAN m c th c hay khng c lp

Li. Di y chng ti s trnh by s lc v c ba lp ca m hnh LAN
Campus ca Cisco.
3.1.1.1 Lp Li (Core Layer)
Lp li l lp trung tm ca mng LAN campus, nm trn cng ca m hnh 3
lp. Lp li chu trch nhim vn chuyn khi lng ln d liu m phi m bo
c tin cy v nhanh chng. Mc ch duy nht ca lp li l phi chuyn
mch d liu cng nhanh cng tt. Tuy phn ln d liu ca ngi dng c vn
chuyn qua lp Li nhng vic x l d liu nu c li l trch nhim ca lp
Phn Phi.

Nu c mt s h hng xy ra lp Li, hu ht cc ngi dng trong mng

LAN u b nh hng. V vy, s d phng l rt cn thit li lp ny. Do lp
li vn chuyn mt s lng ln d liu, nn tr ti lp ny phi l cc nh.
Ti lp li, ta khng nn lm bt c mt iu g c th nh hng n tc
chuyn mch ti lp li nh l to cc access list, routing gia cc VLAN vi
nhau hay packet filtering.
Vic thit k lp Li phi tha mn mt s nguyn tc sau:
1. C tin cy cao, thit k d phng y nh d phng ngun, d phng
card x l, d phng node, ...
2. Tc chuyn mch cc cao, tr phi cc b.
3. Nu c chn cc giao thc nh tuyn th phi chn loi giao thc no c
thi gian thit lp (convergence) thp nht, c bng nh tuyn n gin nht.
3.1.1.2 Lp Phn Phi (Distribution Layer)
Lp Phn Phi cung cp kt ni gia lp Truy Cp v lp Li ca mng campus.
Chc nng chnh ca lp Phn Phi l x l d liu nh l: nh tuyn (routing),
lc gi (filtering), truy cp mng WAN, to access list,... Lp Phn Phi phi xc
nh cho c con ng nhanh nht m cc yu cu ca user c p ng. Sau
khi xc nh c con ng nhanh nht, n gi cc yu cu n lp Li. Lp
Li chu trch nhim chuyn mch cc yu cu n ng dch v cn thit.

Lp Phn Phi l ni thc hin cc chnh sch (policies) cho mng. C mt

s iu nn thc hin khi thit k lp Phn Phi:
Thc hin cc access list, packet filtering, v queueing ti lp ny
Thc hin bo mt v cc chnh sch mng bao gm address translation
(nh NAT, PAT) v firewall.
Redistribution (phi hp ln nhau) gia cc giao thc nh tuyn, bao gm
c nh tuyn tnh.
nh tuyn gia cc VLAN vi nhau.
3.1.1.3Lp Truy Cp (Access Layer)

Lp truy cp ch yu c thit k cung cp cc cng kt ni n tng my trm

trn cng mt mng, nn thnh thong n cn c gi l Desktop Layer. Bt c
cc d liu no ca cc dch v t xa ( cc VLAN khc, ngoi vo) u c
x l lp Phn Phi. Lp Truy Cp phi c cc chc nng sau:
Tip tc thc hin cc access control v policy t lp Phn Phi.
To ra cc collision domain ring bit nh dng cc switch ch khng dng
hub/bridge.
Lp truy cp phi chn cc b chuyn mch c mt cng cao ng thi
phi c gi thnh thp, kt ni n cc my trm hoc kt ni tc Gigabit
(1000 Mbps) n thit b chuyn mch lp phn phi.
Nh ni trn, ty theo quy m ca mng m ta c th thc hin y
lun c 3 lp hoc ch thc hin m hnh kt hp 2 lp.
i vi h thng mng LAN Campus ca Cm cng quy m v s lng
ngi s dng cui kh nh nn s p dng m hnh 2 lp gm c lp Phn Phi
v lp Access. Lp Phn Phi chnh l thit b chuyn mch trung tm t ti
Trung tm h thng mng, lp Access l cc thit b chuyn mch lp 2 t ti
cc chi nhnh nm di rc quanh .

3.2. M hnh 7 tng OSI, giao thc TCP/IP

3.2.1. Cc chun ca mng v m hnh OSI
a. nh ngha
M hnh OSI (Open Systems Interconnection Reference Model, vit ngn l OSI
Model hoc OSI Reference Model)- tm dch l M hnh tham chiu kt ni cc
10

h thng m - l mt thit k da vo nguyn l tng cp, l gii mt cch tru

tng k thut kt ni truyn thng gia cc my vi tnh v thit k giao thc
mng gia chng. M hnh ny c pht trin thnh mt phn trong k hoch
Kt ni cc h thng m (Open Systems Interconnection) do ISO v IUT-T khi
xng. N cn c gi l M hnh by tng ca OSI
b. Mc ch
M hnh OSI phn chia chc nng ca mt giao thc ra thnh mt chui cc tng
cp. Mi mt tng cp c mt c tnh l n ch s dng chc nng ca tng di
n, ng thi ch cho php tng trn s dng cc chc nng ca mnh.
Thng thng th ch c nhng tng thp hn l c ci t trong phn cng,
cn nhng tng khc c ci t trong phn mm.
Tnh nng chnh ca n l quy nh v giao din gia cc tng cp, tc qui nh
c t v phng php cc tng lin lc vi nhau. iu ny c ngha l cho d cc
tng cp c son tho v thit k bi cc nh sn xut, hoc cng ty, khc nhau
nhng khi c lp rp li, chng s lm vic mt cch dung ha (vi gi thit l
cc c t c thu o mt cch ng n
Vic phn chia hp l cc chc nng ca giao thc khin vic suy xt v chc
nng v hot ng ca cc chng giao thc d dng hn, t to iu kin cho
vic thit k cc chng giao thc t m, chi tit, song c tin cy cao. Mi tng
cp thi hnh v cung cp cc dch v cho tng ngay trn n, ng thi i hi
dch v ca tng ngay di n.
Nh ni trn, mt thc thi bao gm nhiu tng cp trong m hnh OSI,
thng c gi l mt "chng giao thc" (v d nh chng giao thc TCP/IP)

11

3.2.2 Cc tng ca OSI

3.2.2.1 Lp Application
Lp trn cng trong m hnh OSI l lp Application. Th u tin m bn
cn hiu v lp ny l n khng m ch n cc ng dng m ngi dng ang
chy m thay vo n ch cung cp nn tng lm vic (framework) m ng
dng chy bn trn.
hiu lp ng dng ny thc hin nhng g, chng ta hy gi d rng mt
ngi dng no mun s dng Internet Explorer m mt FTP session v
truyn ti mt file. Trong trng hp c th ny, lp ng dng s nh ngha
mt giao thc truyn ti. Giao thc ny khng th truy cp trc tip n ngi
dng cui m ngi dng cui ny vn phi s dng ng dng c thit k
tng tc vi giao thc truyn ti file. Trong trng hp ny, Internet Explorer
s lm ng dng .
3.2.2.2 Lp Presentation
Lp Presentation thc hin mt s cng vic phc tp hn, tuy nhin mi
th m lp ny thc hin c th c tm gn li trong mt cu. Lp ny ly d
liu c cung cp bi lp ng dng, bin i chng thnh mt nh dng
chun lp khc c th hiu c nh dng ny. Tng t nh vy lp ny
cng bin i d liu m n nhn c t lp session (lp di) thnh d liu
m lp Application c th hiu c. L do lp ny cn thit n vy l v cc
ng dng khc nhau c d liu khc nhau. vic truyn thng mng c
thc hin ng cch th d liu cn phi c cu trc theo mt chun no .
3.2.2.3 Lp Session
Khi d liu c bin i thnh nh dng chun, my gi i s thit lp
mt phin session vi my nhn. y chnh l lp s ng b ho qu trnh
lin lc ca hai my v qun l vic trao i d liu. Lp phin ny chu trch
nhim cho vic thit lp, bo tr v kt thc session vi my t xa.
Mt im th v v lp session l n c lin quan gn vi lp Application
hn vi lp Physical. C th mt s ngi ngh rng vic kt ni session mng
nh mt chc nng phn cng, nhng trong thc t session li c thit lp
gia cc ng dng. Nu ngi dng ang chy nhiu ng dng th mt s ng
dng ny c th thit lp session vi cc ti nguyn xa ti bt k thi im
no.
3.2.2.4 Lp Transport

12

Lp Transport chu trch nhim cho vic duy tr vn iu khin lung.

H iu hnh Windows cho php ngi dng c th chy nhiu ng dng mt
cch ng thi, chnh v vy m nhiu ng dng, v bn thn h iu hnh cn
phi truyn thng trn mng ng thi. Lp Transport ly d liu t mi ng
dng v tch hp tt c d liu vo trong mt lung. Lp ny cng chu trch
nhim cho vic cung cp vn kim tra li v thc hin khi phc d liu khi
cn thit. Bn cht m ni, lp Transport chu trch nhim cho vic bo m tt
c d liu t my gi n my nhn.
3.2.2.5 Lp Network
Lp mng Network l lp c trch nhim quyt nh xem d liu s n
my nhn nh th no. Lp ny nm nhng thnh phn nh vic nh a ch,
nh tuyn, v cc giao thc logic. Bn cnh lp mng cng chu trch nhim
cho vic qun l li ca chnh n, cho vic iu khin xp chui v iu khin
tc nghn.
Vic sp xp cc gi l rt cn thit bi mi mt giao thc gii hn kch
thc ti a ca mt gi. S lng d liu phi c truyn i thng vt qu
kch thc gi ln nht. Chnh v vy m d liu c chia nh thnh nhiu gi
nh. Khi iu ny xy ra, lp mng s gn vo mi gi nh ny mt s th t
nhn dng.
Khi d liu ny n c my tnh ngi nhn th lp mng li kim tra s
th nhn dng ca cc gi v s dng chng sp xp d liu ng nh nhng
g m chng c chia lc trc t pha ngi gi, bn cnh cn c nhim
v ch ra gi no b thiu trong qu trnh gi.
3.2.2.6 Lp Data Link
Lp lin kt d liu Data Link c th c chia nh thnh hai lp khc;
Media Access Control (MAC) v Logical Link Control (LLC). MAC v c bn
thit lp s nhn dng ca mi trng trn mng thng qua a ch MAC ca
n. a ch MAC l a ch c gn cho adapter mng mc phn cng. y
l a ch c s dng cui cng khi gi v nhn cc gi. Lp LLC iu khin
s ng b khung v cung cp mt mc kim tra li.
3.2.2.7 Lp Vt L
Lp vt l ca m hnh OSI m ch n cc chi tit k thut ca phn
cng. Lp vt l nh ngha cc c im nh nh thi v in p. Lp ny
cng nh ngha cc chi tit k thut phn cng c s dng bi cc adapter
mng v bi cp mng (tha nhn rng kt ni l kt ni dy). n gin ha,
lp vt l nh ngha nhng g n c th truyn pht v nhn d liu.
13

Lm vic hai chiu

Cho n lc ny, chng ta tho lun v m hnh OSI di dng mt ng
dng cn truyn ti d liu trn mng. M hnh ny cng c s dng khi mt
my tnh no nhn d liu. Khi d liu c nhn, d liu i ngc tr
ln t lp vt l. Cc lp cn li lm vic tch b nhng g c ng gi
bn pha gi v bin i d liu v nh dng m lp ng dng c th s dng
c.

3.2. Gii thiu cng ngh mng Cisco

Cc doanh nghip ln s cn n mt c s h tng mng c kh nng p ng
nhu cu a dng ca cng ty. Cisco a ra khuynh hng v mt h thng ton
cu, tch hp hng n xy dng mng li thng minh c th gip i mi
doanh nghip ca bn cng nh t c hiu qu hot ng v li nhun cao
hn.
Mt h thng mng n gin da trn giao thc TCP/IP s dng classful
32-bit IP address v distance vector. Nhng cng ngh th lin tc thay i v
pht trin yu cu h thng mng cn phi c s thay i, thit k li, hay xy
dng mt m hnh mng mi, vic to ra mt h thng mng vi tnh tu bin cao
l cn thit.
M rng l kh nng ca h thng mng p ng yu cu ngy cng pht trin
vi trng tm l thit k li v ci t li h thng. Nhng vic pht trin ca h
thng mng th rt nhanh nhng thit k li h thng l mt iu khng h n
gin. p ng yu cu gi c, v s n gin trong qu trnh qun tr v bo
14

dng h thng mng. Ngoi ra h thng mng cn phi thit lp s u tin cho
nhng ng dng khc nhau.
Khi thit k h thng p ng cc yu cu pht trin trong tng lai ta cn phi
hiu c cu trc vt l v cc giao thc mng thit k trin khai mt cch
hp l v ti u nht.

3.2.1 Thit k m hnh mng ba lp:

Vi mt h thng mng c thit k c cu trc phn lp nhm trnh s phc tp ho

trong mng, vic chia ra cc lp nh gip chng ta nhm nhng thit b, cc giao thc
kt ni, v tnh nng c th cho tng lp mt, gii quyt cc s c mt cch nhanh nht
lin quan trc tip ti mt lp no . Ti u ho h thng mng.

Cisco gii thiu m hnh mng ba lp bao gm:

Core layer
Distribution layer
Access layer

15

Khi nim m hnh mng ba lp da trn vai tr ca tng lp trong h thng

mng, n cng tng t nh khi nim m hnh mng OSI chia ra da trn vai tr
ca tng lp trong vic truyn d liu.
S dng m hnh mng vi cu trc phn lp mang li s thun tin trong thit
k, c th trong trin khai, d dng qun l v gii quyt s c. V cng p
ng c yu cu v tnh mm do cho h thng mng.
Nhng trong cng mt thi im rt kh c th tch bit hon ton thit b ny
thit lm vic ti lp no. Nhng mi lp trong h thng mng cng c th s bao
gm cc thit b nh: Router, Switch, Link, gii php tch hp
Mt vi h thng mng c kt hp cc thnh phn ca hai lp vo lm mt p
ng cc yu cu ring. Di y l vai tr ca tng tng trong m hnh mng:
3.2.1.1

Core Layer

Lp Core Layer cung cp ti u ho v tin cy trong qu trnh truyn tin vi

tc rt cao (high speeds). Nhng khng phi lp Core Layer p ng ton b
qu trnh truyn thng tin trn mng, nhng c th c coi nh ng i l
lin kt cc ng nh vi nhau, i khi cc giao tip ch thc hin mt lp duy
nht m thi. Lp Core Layer p ng cc vai tr sau:
-

Kim tra Access-list

M ho d liu
Address translation

Cc thit b hot ng trong lp Core Layer bao gm cc dng: 12000, 7500,

7200, and 7000 series routers
Core Layer (tng li): y l cc thit b rt quan trng, c tc x l cao,
thng m nhim vic qun l tp trung. tng ny hu nh khng c bt k
16

mt s rng buc no v cc Rules ca Firewall hoc VLAN, ch n gin l

Forward d liu i m thi. Tng Core ny l mc tin nht v c nhiu tnh nng
vi cc Card m rng v Module...
3.2.1.2

Distribution Layer

Distribution Layer lm vic gia Core Layer v Access Layer, vi vai tr p

ng mt s giao tip gip gim ti cho lp Core Layer trong qu trnh truyn
thng tin trong mng. Vi tc dng ca lp ny cung cp danh gii cho vic s
dng access lists v cc tnh nng lc khc khi cn thit s gi ln lp core
layer. Tuy nhin lp ny cng l lp nh ngha cc chnh sch cho mng. Mt
chnh sch c th p dng cc dng c th sau:
-

Routing updates
Route summaries
VLAN
Address aggregation

S dng cc chnh sch bo mt mng v chng cc giao dch khng cn thit.

Nu mt h thng mng bao gm hai hoc nhiu routing protocol, nh Routing
Information Protocol (RIP) v Interior Gateway Routing Protocol (IGRP), ton
b cc vn trn lm vic ti lp distribution.
Cc thit b hot ng ti lp Distribution layer: 4500, 4000, and 3600 series
routers
Distribution Layer (tng phn phi): bao gm cc thit b nh ROUTER,
SWITCH LAYER 3, MULTI-SWITCH, FIREWALL .... tng ny, cc thit b
lm nhim v a lng thng tin ti ni cn thit (tc l phn phi m). Tuy
nhin, cc thit b nh Switch layer 3 hoc Multi-layer c tc x l nhanh hn
Router v Firewall; thit b tng ny tip nhn cc lung d liu t Access Layer
ti v chuyn ra tng cao hn hoc ra ngoi.
3.2.1.3

Access Layer

Mang n s kt ni ca ngi dng vi cc ti nguyn trn mng hoc cc

giao tip vi lp Distribution. Access layer s dng Access lists chng li
nhng k xm nhp bt hp php, trong lp Access layer cng mang n cc kt
ni nh WAN, Frame Relay, ISDN, hay Leased lines.
Cc thit b hot ng ti lp Access Layer: 2600, 2500, 1700, and 1600 series
routers

17

V vic thit k mng, Cisco a ra mt m hnh phn tng r rng, phn chia
theo nhu cu s dng v tnh nng ca sn phm v nhanh chng c mi ngi
+ cc hng khc chp nhn. M hnh m Cisco a ra bao gm: Core Layer,
Distribution Layer, Access Layer.
Access Layer (tng truy cp): cc thit b bao gm HUB, SWITCH thng
thng, SWITCH c VLAN... ni chung l cc thit b t Layer 2 ca m hnh
OSI tr xung. Cc thit b ny ni chung l tng i r hn cc thit b cc
Layer khc. y l v tr kt ni vi hu ht cc thit b ca End-user.

im cn ch tng ny thng th cc Multi-layer Switch hoc Switch

Layer 3 s c ni vi Server Farm tng tc v cc thit b ny c kh nng
x l d liu rt cao.

Tng cng c s h tng mng

Cc IP to ln pht trin giao thng c thc y bi phng tin truyn
thng mi ng dng v nhu cu khch hng tng tc nhiu hn, c nhn, di
ng v video. .C s h tng mng ca Cisco cung cp gii php cho php bn
c nhn ho, dch v th h k tip v phng tin truyn thng kinh nghim
bt c u, bt c lc no.
Bng thng rng
Cisco gii php bng thng rng gip cung cp v nhanh chng m rng ting ni
bo mt cao v kh nng m rng, video, v cc dch v d liu.
C s h tng cp: IP NGN ca Cisco Cp gii php gip ci thin hiu qu,
thng nht v MPEG video IP c s h tng, v tng cng "triple-play" cc dch
v.
Carrier Ethernet: IP NGN ca Cisco Carrier Ethernet thit k to iu kin "bt
k play-" dch v c th cung cp bt c ni no, vi bt k thit b.
Carrier-Grade IPv6 Gii php: Cung cp v tng lai ca Internet. Bo qun,
chun b v pht trin thnh vng vi CGv6. Core Networks Cisco IP / MPLS
nh tuyn li gii php cung cp dch v linh hot v kh nng m rng cho cc
th h kinh doanh v dch v tiu dng.

18

Edge Networks: Cisco cung cp mt danh mc u t ton din v cc gii php

mng cnh cung cp dch v ti u ha video v in thoi di ng.
IPTV v truyn hnh Telco
S dng sc mnh ca Cisco gii php IPTV cung cp phng tin truyn
thng c nhn, x hi, v kinh nghim tng tc.
Qun l mng cho cc nh cung cp dch v
Cng c qun l mng Cisco y nhanh v n gin ha vic trin khai h
tng mng v cung cp kh nng hin th thi gian thc vo mng
Mng quang
Cisco cung cp mt gii php quang hc, linh hot cao nng lc nn tng
thc y th h tip theo nh cung cp dch v Ethernet.
C s h tng an ton: Cisco tnh nng bo mt v cc dch v cho c s h
tng mng gip m bo mng li lin tc v sn sng phc v.
Cisco IPTV
Gii php IPTV ca Cisco cung cp mt c s h tng giao phng tin truyn
thng phong ph ko di t headend cch tt c cc n nh khch hng.
Carrier-Grade IPv6 Gii php: Cung cp v tng lai ca Internet. Preserve,
prepare and prosper with CGv6. Bo qun, chun b v pht trin thnh vng vi
CGv6.
Cisco Secure cao c s h tng: Cisco tnh nng bo mt v cc dch v cho c
s h tng mng gip m bo mng li lin tc v sn sng phc v.
Cisco mng quang: Cisco cung cp mt gii php quang hc, linh hot cao nng
lc nn tng cho tng tc cung cp dch v th h tip theo.
Cisco Carrier Ethernet: IP NGN ca Cisco Carrier Ethernet thit k to iu
kin "bt k play-" dch v m bn c th cung cp bt c ni no, vi bt k
thit b. Cisco IP / MPLS nh tuyn li gii php cung cp dch v linh hot v
kh nng m rng cho cc th h kinh doanh v dch v tiu dng.

3.3. Gii thiu cc thit b trong h thng

3.3.1. Gii thiu Core switch 4506

19

u im Core switch 4506

+ Hiu sut lm vic cao.

+Tnh bo mt cao.
+ C nhiu kinh nghim khi s dng an ton thng qua chuyn mch.
+ Tit kim nng lng trn c s h tng mng ca bn.
+ C kh nng phc hi, o ha, t ng ha,tip tc nng cao d dng s dng
mng.
+ Kh nng m rng, chi ph cho cc dch v gim,quyn s hu.
+ Cung cp cc d bo v kh nng m rng vi hiu sut cao, cht lng ng
tin tin.
+ Vi s linh hot ca cu hnh cho php vic trin khai mng khng bin d
dng.
+ Tch hp kh nng phc hi cc tnh nng trong c phn cng v phn mm ti
a ha kh dng ca mng, gip m bo nng sut lao ng, li nhun, v thnh
cng ca khch hng.
+ Tp trung, sng to, linh hot cho vic thit k h thng ca n, gip m bo
di chuyn vi tc dy IPv6 v 10 Gigabit Ethernet (GE).
+ Khi c trin khai th tui th ko di, cung cp cc kh nng bo v c bit
cho cc t chc thuc mi quy m, chi ph gim, khc phc nhng nhc im
ca Cisco Catalyst 4500.
3.3.1.1 Cisco Catalyst 4500E Series v PDA Classic Line
Classic Catalyst 4500 cung cp hai loi: 4500E Series v Classic Line
20

Cisco Catalyst 4500E.

+ Cung cp tng kh nng chuyn i cng sut ca mi khe cm.

+ C hai loi l : Dng 47xx v dng 46xx.
o

Dng 47 xx hot ng 48 Gb trn mi khe cm chuyn i cng sut.

Dng 46 xx hot ng 24 Gb trn mi khe cm chuyn i cng sut.

Classic Line

+ Cung cp 6 gigabit cho vic chuyn i cng sut trn mi khe cm.
Dng Classic c th c trin khai c hai.
o

Vi Cisco Catalyst 4500 Series gim st ng c.

Kh nng chuyn i mi khe cm th dng c in vn cn mc 6 Gb

trn mi khe cm.
Do cc kin trc chuyn i tp trung ca Cisco Catalyst 4500, cc th
dng c in s p dng tt c cc tnh nng E-Series ng c mi gim st nh
l tm hng i trn mi cng.
o

Vi Cisco Catalyst 4500E Series cng c gim st.

E-Series dng card hot ng c 48 gigabits mi khe cm hoc 24 gigabits

mi khe da vo vic chng thuc v 47xx hoc 46xx ca dng th.

3.3.1.2 Sc mnh ca Ethernet trn Cisco Catalyst 4500E

+ Cisco Catalyst 4500E Series cung cp th trc tuyn, ngun in, v cc ph
kin cn thit trin khai v hot ng da trn cc tiu chun Power over
Ethernet / Power over Ethernet Plus (PoE / PoEP).
+ PoE cung cp in trn 100m ca tiu chun loi 3 / 5 khng c che ch bi
cp xon i (UTP) khi mt chun IEEE 802.3af/at-ph hp hoc cc tiu chun
ca Cisco trang thit b c gn vo / cng PoE dng th PoEP.
21

+ Khng i hi sc mnh ca tng, thit b km theo nh in thoi IP, cc

trm gc khng dy, my quay video.
+ Cc thit b tng thch ca chun IEEE khc c th s dng nng lng cung
cp t cc Cisco Catalyst 4500 Series PoE dng th PoEP. Kh nng ny cho
php mng qun tr kim sot tp trung quyn lc v loi b s cn thit phi ci
t cc ca hng trn trn nh v khc ngoi cch ni m mt thit b h tr c
th c ci t.
3.3.1.3 Cisco Catalyst 4500E Series v Gigabit Ethernet dng PDA Classic
+ Cisco Catalyst 4500E Series 48-cng Gigabit Ethernet dng th cung cp
hiu sut cao 10/100/1000 chuyn i.
+ C hai loi th dng E-Series da trn bng thng cho mi khe cm:
o Card dng 47xx rng a 48 Gbps cho mi khe cm
o Th dng 46xx rng a 24 Gbps trn mi khe cm.
+ Cisco Catalyst 4500 48-port 10/100/1000 E-Series dng 47xx th cung cp
cc tiu chun IEEE 802.3at PoEP h tr trn tt c 48 cng ng thi. Dng th
ny cng h tr m ha tiu chun IEEE v Cisco 802.1AE TrustSec trong
phn cng.
+ Cc Catalyst Cisco 4500 48-port 10/100/1000 E-Series th dng 46xx c sn
trong ba phin bn.
3.3.1.4 Cisco Catalyst 4500E Series h tr 10 Gigabit Ethernet dng card Fiber.
+ Cisco Catalyst 4500 12-port E-Series 10 Gigabit Ethernet dng th c th
c trin khai cho hiu sut cao v Ethernet mt cao 10 Gb tp hp trong
khun vin trng v trong cc mng nh v va lm nng ct; chuyn i.
+ Cisco Catalyst 4500E Series 12-port 10 Gigabit Ethernet dng card h tr tiu
chun nh.
+ Cc cng c th c s dng thay th cho nhau nh: Gigabit Ethernet v 10
Gigabit Ethernet h tr chuyn i theo tng giai on t Gigabit Ethernet
Gigabit Ethernet cho 10. Cisco Catalyst 4500E Series cng 6-10 Gigabit Ethernet
dng th c th c trin khai, trong cc mng nh v va nh mt chuyn
mch, hoc cho hiu nng cao dy ln n 10 Gigabit Ethernet c yu cu.
+ Cc Cisco Catalyst 4500E Series 6-port 10 Gigabit Ethernet dng card h tr
quang hc X2 tiu chun cng nh Cisco TwinGig m-un.

WS-X4506-GB-T Cisco Catalyst 4500 6-Port 10/100/1000 RJ-45 IEEE 802.3af

PoE v 1000BASE-X SFP)
22

6-port 10/100/1000 v 6-cng SFP (bt k s kt hp n 6 cng c th

c hot ng ti mt thi im)
10/100/1000 RJ-45 PoE v 1000BASE-X (SFP)
Cisco IOS Software Release 12.2 (20) EWA
PoE IEEE 802.3af v Cisco prestandard (RJ-45 ch)
Cung cp y cc dng chuyn mch tc gigabit trn tt c cc cng
L2-4 Jumbo Frame h tr (ln n 9216 byte)
Thit k cung cp cho khch hng s la chn ca RJ-45 c hoc khng
c PoE v SFP m khng chu thm chi ph
Doanh nghip v thng mi: hiu sut cao kt ni my tnh bn v my
ch trang tri; thit k IP in thoi, trm gc khng dy, my quay video, v
cc thit b tng thch IEEE khc
Cung cp dch v: GE nh tp hp cho DSLAM / PON / backhaul d liu di
ng

3.3.2 Gii thiu Firewall ASA 5520

3.3.2.1. Gii thiu v firewall:
Thut ng FireWall c ngun gc t mt k thut thit k trong xy dng
ngn chn, hn ch ho hon. Trong Cng ngh mng thng tin, FireWall l
mt k thut c tch hp vo h thng mng chng li s truy cp tri php
nhm bo v cc ngun thng tin ni b cng nh hn ch s xm nhp vo h
thng ca mt s thng tin khc khng mong mun.
Internet FireWall l mt tp hp thit b (bao gm phn cng v phn
mm) c t gia mng ca mt t chc, mt cng ty, hay mt quc gia
(Intranet) v Internet.
Trong mt s trng hp, Firewall c th c thit lp trong cng mt
mng ni b v c lp cc min an ton. V d nh m hnh di y th hin
mt mng Firewall ngn cch phng my, ngi s dng v Internet

3.3.2.2. Phn loi firewall:

Firewall c chia lm 2 loi, gm Firewall cng v Firewall mm

23

c im ca Firewall cng: L nhng firewall c tch hp trn Router.

- Khng c linh hot nh Firewall mm: (Khng th thm chc nng, thm
quy tc nh firewall mm)
- Firewall cng hot ng tng thp hn Firewall mm (Tng Network v tng
Transport)
- Firewall cng khng th kim tra c nt dung ca gi tin.
V d Firewall cng: NAT (Network Address Translate)
Firewall mm: L nhng Firewall c ci t trn Server.

c im ca Firewall mm:
- Tnh linh hot cao: C th thm, bt cc quy tc, cc chc nng.
- Firewall mm hot ng tng cao hn Firewall cng (tng ng dng)
- Firewal mm c th kim tra c ni dung ca gi tin (thng qua cc t kha).
V d v Firewall mm: Zone Alarm, Norton Firewall
3.3.2.3. Tai sao chng ta cn Firewall?
Nu my tnh ca bn khng c bo v, khi bn kt ni Internet, tt c cc
giao thng ra vo mng u c cho php, v th hacker, trojan, virus c th truy
cp v ly cp thng tin c nhn cu bn trn my tnh. Chng c th ci t cc
on m tn cng file d liu trn my tnh. Chng c th s dng my tnh
cu bn tn cng mt my tnh ca gia nh hoc doanh nghip khc kt ni
Internet. Mt firewall c th gip bn thot khi gi tin him c trc khi n
n h thng ca bn
Chc nng chnh ca Firewall.
Chc nng chnh ca Firewall l kim sot lung thng tin t gia Intranet v
Internet. Thit lp c ch iu khin dng thng tin gia mng bn trong
(Intranet) v mng Internet. C th l:
- Cho php hoc cm nhng dch v truy nhp ra ngoi (t Intranet ra Internet).
- Cho php hoc cm nhng dch v php truy nhp vo trong (t Internet vo
Intranet).
24

- Theo di lung d liu mng gia Internet v Intranet.

- Kim sot a ch truy nhp, cm a ch truy nhp.
- Kim sot ngi s dng v vic truy nhp ca ngi s dng.
- Kim sot ni dung thng tin thng tin lu chuyn trn mng.

3.3.3. Firewall ASA 5520

Hnh 1. Cisco ASA 5520 Series Adaptive Security Appliance

Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance cung cp dch v bo v vi
Active / Active sn sng cao v kt ni Ethernet Gigabit cho cc mng doanh
nghip c trung bnh trong mt thit b m un hiu sut cao. Vi bn giao din
Ethernet Gigabit v h tr ln ti 100 VLAN, cc doanh nghip c th d dng
trin khai Cisco ASA 5520 thnh nhiu khu vc trong phm vi mng ca h.
Cisco ASA 5520 Adaptive Security Appliance quy m vi cc doanh nghip l
yu cu an ninh mng ca h pht trin, cung cp bo v u t vng chc. Cc
doanh nghip c th m rng SSL v IPsec VPN nng lc h tr mt s lng
ln cng nhn di ng, t xa cc trang web, v cc i tc kinh doanh. Ln n
750 AnyConnect v / hoc clientless VPN ng nghip c th c h tr trn
mi Cisco ASA 5520 bng cch ci t mt khi qut hoc mt Premium
AnyConnect VPN giy php; 750 IPsec VPN ng nghip c h tr trn nn
tng c bn.
Nng lc v kh nng phc hi VPN c th c tng ln bng cch tn dng ca
Cisco ASA 5520 tch hp VPN clustering v kh nng cn bng ti. Cc Cisco
ASA 5520 h tr ln n 10 thit b trong mtcluster, cung cp ti a l 7500
AnyConnect v / hoc clientless VPN ng nghip hoc 7500 IPsec VPN ng
nghip mi cm. i vi kinh doanh lin tc v lp k hoch s kin, cc ASA
5520 ca Cisco cng c th hng li t cc VPN Cisco FLEX giy php, cho
php cc qun tr vin phn ng vi hoc k hoch cho n ngn hn ca ng
Premium VPN t xa truy cp ngi dng, cho n mt khong thi gian 2 thng.
Cc tng ng dng tin tin bo mt v bo v an ninh ni dung c cung cp
bi Cisco ASA 5520 c th c m rng bng cch trin khai cng tc phng
chng xm nhp hiu sut cao v kh nng gim thiu su ca SSM AIP, hoc
cc phn mm c hi bo v ton din ca SSM CSC. S dng ty chn bi
cnh kh nng bo mt ca Cisco ASA 5520 Adaptive Security Appliance, cc
doanh nghip c th trin khai ln ti 20 bc tng la o trong mt thit b
cho php kim sot compartmentalized ca chnh sch an ninh trn mt cp
25

phng ban. o ha ny tng cng an ninh v lm gim chi ph qun l chung v

h tr trong khi cng c cc thit b bo mt vo mt thit b.

Thng lng tng la

Firewall v IPS ti a Throughput

Ln n 450 Mbps
Ln n 225 Mbps vi AIP SSM-10
ln n 375 Mbps vi AIP SSM-20
Ln n 450 Mbps vi AIP SSM-40

VPN Throughput

Ln n 225 Mbps

ng thi phin

280.000

IPsec VPN Peers

Premium AnyConnect VPN Peer *

750
2,10, 25, 50, 100, 250, 500, hoc 750

An ninh bi cnh *

Tnh n 20

Giao din port

Giao din o (VLAN)

4 cng Gigabit Ethernet v Fast

Ethernet 1
150

Kh nng m rng

VPN clustering v cn bng ti

Sn sng cao

Active / Active **, Active / Standby

Bng 3 lit k cc tnh nng ca Cisco ASA 5520.

Tnh nng ring c cp php
* Bao gm hai vi h thng c bn
** C sn cho tnh nng tng la t
Cisco ASA 5520 Series gip cc doanh nghip tng hiu qu v hiu qu trong
vic bo v mng ca h v cc ng dng trong khi cung cp bo v u t c
bit thng qua cc yu t sau:
Kh nng bo mt th trng c kim chng - Cisco ASA 5500 Series
tch hp nhiu tnh nng y , cao thc hin dch v bo mt, bao gm tng
la ng dng nhn bit, SSL v IPsec VPN, IPS vi ton cu S tng quan v
m bo ph sng, chng virus, chng spam, phishing, v lc web dch v. Kt
26

hp vi cng ngh danh ting thi gian thc, cc cng ngh ny mang li hiu
qu cao v ng dng mng lp an ninh, da trn ngi dng kim sot truy cp,
gim thiu su, bo v phn mm c hi, ci thin nng sut lao ng, tin nhn
tc thi v kim sot peer-to-peer, v ngi dng t xa an ton v kt ni trang
web. Cc ch IPS vi th trng cng ngh danh ting hng u th gii, Cisco
IPS vi ton tng quan cung cp hai ln hiu qu ca di sn IPS v bao gm bo
him m bo cho ha bnh tng cng tm. Cung cp lin tc ca khch hng v
clientless truy cp cho mt lot cc nn tng my tnh bn v di ng, Cisco
ASA 5585-X cung cp lun lun-v di ng an ton bo mt web tch hp v IPS
cho thc thi chnh sch v bo v mi e da.
M rng dch v tch hp kin trc - Cisco ASA 5500 Series cung cp cho cc
doanh nghip mnh, thch ng bo v t mi trng e da pht trin nhanh
thng qua s kt hp c o ca cc phn cng v phn mm m rng v
Modular Khung chnh sch mnh m ca n (MPF). Vic m rng sng to a
thit k v kin trc phn mm ca Cisco 5500 Series ASA cho php doanh
nghip d dng ci t cc dch v an ninh b sung hiu sut cao thng qua an
ninh x l dch v (SSPs), an ninh dch v m-un (SSMs) v bo mt dch v
th (SSCs). iu ny cung cp cho cc doanh nghip c n u t bo v, trong
khi cho php h m rng dch v bo mt thng tin v Cisco ASA 5500 ca h
Series l ca h an ton v nhu cu pht trin. Tt c cc dch v ny c th d
dng qun l thng qua mnh m ca Cisco Modular Policy Framework, cho
php cc doanh nghip to ra an ninh ty bin rt cao chnh sch trong khi lm
cho n n gin thm an ninh mi v cc dch v mng vo cc chnh sch
hin c ca h.
Gim chi ph trin khai v hot ng - Cisco ASA 5500 Series cho php tiu
chun ha trn t mt nn tng gim tng chi ph hot ng ca an ninh. Mt
mi trng ph bin cho cc cu hnh n gin ho vic qun l v gim chi ph
o to cho nhn vin, trong khi cc nn tng phn cng thng thng ca lot
bi ny lm gim chi ph ti thiu. hiu qu b sung c thc hin bng cch
trin khai kh nng tch hp, obviating s cn thit phi thit k phc tp cn
thit kt ni cc gii php c lp. Ton din v qun l giao din - Cisco
Adaptive Security ha Device Manager (ASDM), mt giao din dng lnh
ton din (CLI), syslog tit, v Simple Network Management Protocol (SNMP)
h tr vng ra mt phong ph b sung cho cc ty chn qun l. Nhiu n v
trin khai c nhiu li ch t Cisco Security Manager, mt nn tng c kh
nng qun l trin khai phn phi ca hng trm thit b

3.3.3 Gii thiu Router 2811

27

3.3.3.1. Router

3.3.3.1.1. Cc thnh phn bn trong router

Cu trc chnh xc ca router rt khc nhau tu theo tng phin bn router. Trong
phn ny ch gii thiu v c c thnh phn c bn ca router.
CPU - n v x l trung tm: thc thi cc cu lnh ca h iu hnh thc hin
cc nhim v sau: khi ng h thng, nh tuyn, iu khin cc cng giao tip
mng. CPU l mt b giao tip mng. CPU l mt b vi x l. Trong cc router ln
c th c nhiu CPU.
RAM: c s dng lu bng nh tuyn, cung cp b nh cho chuyn mch
nhanh, chy tp tin cu hnh v cung cp hng i cho cc gi d liu. Trong a s
router, h iu hnh Cisco IOS chy trn RAM. RAM thng c chia thnh hai
phn: phn b nh x l chnh v phn b nh chia s xut/nhp. Phn b nh chia
s xut/nhp c chia cho cc cng giao tip lm ni lu tr tm cc gi d
liu.Ton b ni dung trn RAM s b xo khi tt in. Thng thng, RAM trn
router l loi RAM ng (DRAM - Dynamic RAM) v c th nng thm RAM
bng cch gn thm DIMM (Dual In-Line Memory Module).
Flash: B nh Flash c s dng lu ton b phn mm h iu hnh Cisco
IOS. Mc nh l router tm IOS ca n trong flash. Bn c th nng cp h iu
hnh bng cch chp phin bn mi hn vo flash. Phn mm IOS c th di
dng nn hoc khng nn. i vi hu ht cc router, IOS c chp ln RAM
trong qu trnh khi ng router. Cn c mt s router th IOS c th chy trc tip
trn flash m khng cn chp ln RAM. Bn c th gn thm hoc thay th cc
thanh SIMM hay card PCMCIA nng dung lng flash.
NVRAM (Non-volative Random-access Memory): L b nh RAM khng b mt
28

thng tin, c s dng lu tp tin cu hnh. Trong mt s thit b c NVRAM

v flash ring, NVRAM c thc thi nh flash. Trong mt s thit b, flash v
NVRAM l cng mt b nh. Trong c hai trng hp, ni dung ca NVRAM
vn c lu gi khi tt in.
Bus: Phn ln cc router u c bus h thng v CPU bus. B us h thng c s
dng thng tin lin lc gia CPU vi cc cng giao tip v cc khe m rng.
Loi bus ny vn chuyn d liu v cc cu lnh i v n cc a ch ca nh
tng ng.
ROM (Read Only Memory): L ni lu on m ca chng trnh kim tra khi
khi ng. Nhim v chnh ca ROM l kim tra phn cng ca router ng, sau
chp phn mm Cisco phin bn IOS c dng lm ngun khi ng d phng.
Cc cng giao tip: L ni router kt ni vi bn ngoi. Router c 3 loi cng:
LAN, WAN v console/AUX. Cng giao tip LAN c th gn c nh trn router
hoc di dng card ri.
Cng giao tip WAN c th l cng Serial, ISDN, cng tch hp n v dch v
knh CSU (Chanel Service Unit). Tng t nh cng giao tip LAN, cc cng giao
tip WAN cng c chip iu khin c bit. Cng giao tip WAN c th nh trn
router hoc d ng card ri.
Router l mt loi my tnh c bit. N cng c cc thnh phn c bn ging nh
my tnh: CPU, b nh, system bus v cc cng giao tip. Tuy nhin router c
kt l thc hin mt s chc nng c bit. V d: router c thit k l thc
hin mt s chc nng c bit. V d: router kt ni hai h thng mng vi nhau
v cho php hai h thng ny c th lin lc vi nhau, ngoi ra router cn thc hin
vic chn l a ng i tt nht cho d liu.
Ngun in: Cung cp in cho cc thnh phn ca router, mt s router ln
c th s dng nhiu b ngun hoc nhiu card ngun. Cn mt s router nh,
ngun in c th l b phn nm ngoi router.

29

Hnh 4: S khi cc thnh phn trn mch Router.

Hnh 5: Hnh nh bn ngoi Router.

30

Hnh 6: Hnh nh bn trong Router.

3.3.3.2. chc nng nh sau
Lu bng nh tuyn.
Lu bng ARP.
C vng b nh chuyn mch nhanh.
Cung cp vng nh m cho cc gi d liu
Duy tr hng i cho cc gi d liu.
Cung cp b nh tm thi cho tp tin cu hnh ca router khi
3.3.3.3. Router 2811
Tng quan sn phm

Cisco 2811 Integrated Services Router l mt phn ca dch v tch hp Cisco

2800 Series Router m b sung cho dch v tch hp Router Danh mc u t.
Cisco 2811 Integrated Services Router cung cp cc h tr sau y:
* Dy tc hiu sut cho cc dch v ng thi nh an ninh v ting ni, v
dch v tin tin cho nhiu mc gi T1/E1/xDSL WAN
* Tng cng u t bo v thng qua tng hiu sut v m un
* Tng cng u t bo v thng qua cc m un tng
* Tng mt thng qua tc cao WAN Interface Card Slots (bn)
31

* Enhanced Network Module Slot

* H tr cho hn 90 module hin c v mi
* H tr cho phn ln cc hin mc tiu, NMS, WICs, VWICs, v VIC
* Hai tch hp cng Ethernet 10/100 Fast
* Ty chn chuyn mch lp 2 h tr ngun qua mng Ethernet (PoE) (l mt ty
chn)
* An ninh
o-board m ha
o H tr ln n 1500 ng hm VPN vi cc Module AIM-EPII-PLUS
o Antivirus quc phng h tr thng qua mng Admission Control (NAC)
o ngn chn xm nhp cng nh Cisco IOS h tr tng la trng thi v
nhiu hn na
tnh nng bo mt cn thit
* Voice
o Analog v cuc gi thoi k thut s h tr
o Ty chn hp th thoi h tr
o Ty chn h tr cho Cisco CallManager Express (Cisco CME) x l cuc
gi a phng trong kinh doanh mt mnh ng ln to36 in thoi IP
o Ty chn h tr cho Survivable Remote Site Telephony h tr cho x l cuc
gi a phng ti cc vn phng chi nhnh doanh nghip nh cho ti 36 in
thoi IP

Tnh nng
Tu chn Wireless (b/g)
Thng tin sn phm
Hng sn xut
Thng s k thut
Dng sn phm
Giao tip WAN
Broadband
Giao tip WAN FE
10/100
Giao tip LAN 10/100
Giao tip LAN
10/100/1000
B nh DRAM
B nh Flash
Khe cm NetworkModule
Khe cm Interface Card
Cng AUX
Cng Console

Khng
Cisco
Cisco 2800

2-port 10/100 Mbps managed switch

256Mb
64Mb
1 slot, supports NM and NME type modules
4 slots, each slot can support HWIC, WIC, VIC, or
VWIC type modules
1 cng
1 cng
32

Cng USB
Giao thc nh tuyn

Giao thc bo mt

2 cng USB 1.1

+ BGP, EIGRP, OSPF, RIPv1, RIPv2 + IPv4, IPv6
unicast & multicast; (Internetwork Packet Exchange
[IPX], IBM SNA, AppleTalk supported with optional
Advanced Enterprise Services Feature Set)
With the Cisco IOS Software Advanced Security
feature set, the Cisco 2800 provides a robust array of
common security features such as a Cisco IOS
Software Firewall, intrusion prevention, IPSec VPN,
Secure Socket Layer (SSL) VPN, advanced application
Web UI, CLI, Telnet

Cu hnh qun tr
Khe cm Onboard AIM
2 khe cm
(Internal)
Khe cm PVDM (DSP) 2
Ngun
100 to 240 VAC
Kch thc
44.5 x 438.2 x 416.6 mm
The Cisco 2811 Cryptographic Module Physical Characteristi

Cc b nh tuyn Cisco 2811 l mt module a chip mt m c. router c mt

h bin
tc 350MHz. Ty thuc vo cu hnh, hoc l NetGX ni b chip hoc phn
mm IOS l
c s dng cho cc hot ng mt m. Ranh gii mt m ca module ny l
trng hp ca thit b. Tt c cc chc nng tho lun trong ny ti liu c
cung cp bi cc thnh phn bn trong ranh gii ny m ha. Cc router Cisco
2811 c mt giao din iu khin cng, mt cng ph, hai Universal Serial Bus
(USB) cng, bn tc cao giao din WAN card (HWIC) khe, two10/100
Gigabit Ethernet cng RJ45, mt nng cao Network Module (ENM) khe, v mt
a Compact Flash (CF). Cc router Cisco 2811 h tr mt chiu rng mng
li n module, bn n chiu rng hoc hai i chiu rng HWICs, hai bn
tin tch hp m-un (AIMS) 1, Hai bn trong gi d liu thoi m-un
(PVDMs), hai nhanh chng Ethernet kt ni, v 16 cng ca sn lng in thoi
IP hin th bng iu khin pha sau. Mt trc c 4 n LED rng tnh trng u
ra d liu v h thng in ph tr in, hot ng h thng, v n flash nh gn
33

tnh trng bn rn. Cc bng iu khin tr li bao gm 12 n LED:

+, Ethernet hot ng hai n LED, hai n LED kp, hai n LED tc , hai
n LED lin kt, hai PVDM n LED, mt hai AIM n LED.C hai cng USB
nhng h khng c h tr hin nay. Cc cng s c h tr trong tng lai
cho th thng minh hoc u c th.
Th CF c lu tr cc hnh nh IOS c xem l mt module b nh trong,
bi v cc hnh nh IOS lu tr trong th c th khng c sa i hoc nng
cp. Cc th chnh n khng bao gi phi c loi b khi a. Tamper du r
rng s c t trong th c trong .

3.3.4. Gii thiu Acess switch 2960

3.3.4.1. Swith 2960

3.3.4.1.1Mt s tnh nng ca 2960

2960-S v 2960 chuyn mch l nhng lp hng u, cung cp d dng

trong s dng, hot ng kinh doanh bo mt cao, tnh bn vng c ci thin,
v mt mng khng bin gii kinh nghim.
2960-S bao gm FlexStack chuyn xp chng kh nng vi 1 v 10 kt ni
Gigabit, v ngun qua Ethernet Plus
Cisco 2960 Switch kt ni nhanh chng cung cp truy cp Ethernet .
Cisco 2960-S v 2960 Series c truy cp c nh cu hnh thit b chuyn
mch thit k cho cc doanh nghip, th trng c va, v mng li chi nhnh
vn phng cung cp thp hn tng chi ph s hu.
Cisco Catalyst 2960-S Series vi phn mm LAN Base:
34

 10 v 1 ng ln Ethernet Gigabit linh hot vi Small Form-Factor Pluggable

Plus (SFP +), cung cp cho doanh nghip lin tc v nhanh chng chuyn tip
n 10 Gigabit Ethernet
24 hoc 48 cng ca my tnh bn kt ni Gigabit Ethernet
Cisco FlexStack xp module vi 40 Gbps, cho php d dng hot ng vi duy
nhtcu hnh v nng cp chuyn i n gin
PoE + vi ln n 30W cho mi cng cho php bn h tr PoE mi nht + c
kh nng thit b
Power cung cp, vi 740W hoc 370W ngun in c nh cho PoE + thit b
chuyn mch c sn
USB lu tr phn phi tp tin, sao lu, v cc hot ng n gin
Mt lot cc tnh nng phn mm cung cp mt cch d dng hot ng,
an ton cao hot ng kinh doanh,tnh bn vng, v mt mng li kinh nghim
bin gii
TNHH i phn cng bo hnh, bao gm thay th tip theo-kinh doanh-ngy
vi dch v 90-ngy v h tr ca Cisco Catalyst 2960 Series tc vi LAN cung
cp phn mm c bn nh sau:
Dual-mc ch ng ln cho Gigabit Ethernet uplink linh hot, cho php s
dng hoc l mt ng ln ng hoc cp quang, mi mc ch kp ng ln
cng c mt cng Ethernet 10/100/1000 v da trn mt cng SFP Gigabit
Ethernet, vi mt trong nhng cng hot ng ti mt thi
24 hoc 48 cng kt ni Fast Ethernet my tnh bn
PoE cu hnh ln n 15,4 W trn mi cng
Mt lot cc tnh nng phn mm cung cp mt cch d dng hot ng,
an ton cao hot ng kinh doanh,tnh bn vng, v mng mt kinh nghim bin
gii
Gii hn bo hnh sut i phn cng

3.3.4.2. Power over Ethernet Plus

Ngoi 802.3af PoE, Cisco Catalyst 2960-S Series h tr ngun qua mng
Ethernet Plus (PoE +)
(IEEE 802.3at tiu chun), cung cp ln n 30W nng lng trn mi cng.
Cisco Catalyst 2960-S v 2960 Series
Thit b chuyn mch c th cung cp mt chi ph thp hn tng s ca
35

quyn s hu cho cc trin khai c kt hp in thoi IP Cisco, Cisco Aironet

mng LAN khng dy (WLAN) cc im truy cp, hoc bt k thit b IEEE
802.3af cui tng thch. PoE loi b s cn thit phi thnh sc mnh mi
PoE-kch hot thit b v loi b cc chi ph cho h thng cp in b sung v cc
mch in s nu khng cn thit trong in thoi IP v trin khai mng WLAN
3.3.4.3. Intelligent Power Over Ethernet qun l
Cisco Catalyst 2960-S PoE m hnh h tr PoE mi nht + thit b bao gm in
thoi IP Cisco v Cisco
Cc im truy cp Aironet WLAN cung cp ln n 30W nng lng trn mi
cng, cng nh bt k cui theo chun IEEE 802.3af,thit b.
Cng sut tiu th mi Port lnh cho php khch hng xc nh cng sut ti a
t trn mt
cng c nhn.
Mi Port PoE in Sensing bin php quyn lc thc t c rt ra, cho php
kim sot nhiu hn thng minh
Thit b h tr.
Cisco Discovery Protocol Version 2 cho php chuyn sang m phn thit lp
quyn lc chi tit hn khi kt ni vi mt thit b h tr ca Cisco nh in thoi
IP hoc cc im truy cp hn nhng g c cung cp bi
IEEE phn loi.
Cc MIB PoE cung cp kh nng ch ng vo s dng quyn lc v cho php
khch hng thit lp khc nhau cp in ngng.
. Cisco Catalyst 2960-S v 2960 Series vi phn mm c s LAN Switch hiu
qu v kh nng m rng thng tin
Hiu sut v quy m s cho tt c cc m hnh Switch

Chuyn tip bng

thng
Chuyn i bng
thng *
Flash Memory
B nh DRAM
VLAN ti a
VLAN ID
MTU)

Cisco Catalyst 2960-S

Cisco Catalyst 2960

88 Gbps
20 Gbps cho FlexStack
Stacking
76 Gbps

16 Gbps
32 Gbps (2960G)

64 MB

32Gbps
32 Gbps (2960G)
32 MB

128 MB

64 MB

255
4000

255
4000

ln n 9000 byte

ln n 9000 byte

36

Jumbo Frames

9018 byte

9018 byte (2960G ch)

T l chuyn tip: 64-Byte gi Cisco Catalyst 2960-S

Cisco Catalyst 2960S-48FPD-L 101,2 mpps
Cisco Catalyst 2960S-48LPD-L 101,2 mpps
Cisco Catalyst 2960S-24PD-L 65,5 mpps
Cisco Catalyst 2960S-48TD-L 101,2 mpps
Cisco Catalyst 2960S-24TD-L 65,5 mpps
Cisco Catalyst 2960S-48FPS-L 77,4 mpps
Cisco Catalyst 2960S-48LPS-L 77,4 mpps
Cisco Catalyst 2960S-24PS-L 41,7 mpps
Cisco Catalyst 2960S-48TS-L 77,4 mpps
Cisco Catalyst 2960S-24TS-L 41,7 mpps
T l chuyn tip: 64-Byte gi Cisco Catalyst 2960
Cisco Catalyst 2960PD-8TT-L 2,7 mpps
Cisco Catalyst 2960-8TC-L 2,7 mpps
Cisco Catalyst 2960-24TT-L 6,5 mpps
Mt vi c click chut kch hot Cisco khuyn co bo mt, tnh sn c, v
QoS tnh nng m khng cn phi tham kho kin mt hng dn thit k chi
tit. Trnh thut s bo mt t ng hn ch truy cp tri php vo my ch vi d
liu nhy cm. Smartport v trnh thut tit kim thi gian cho cc qun tr mng,
gim sai st ca con ngi, v gip m bo rng cu hnh ca chuyn i c
ti u cho cc ng dng ny. C sn min ph, Cisco Network Assistant c th
c ti v t trang web ca Ciscon Ngoi Cisco Network Assistant, Cisco
Catalyst 2960 Series chuyn mch cung cp cho qun l mng li rng ln bng
cch s dng qun l SNMP nn tng nh CiscoWorks cho chuyn mch
Internetworks. Qun l vi CiscoWorks, thit b chuyn mch Cisco Catalyst c
th c cu hnh v qun l cung cp cc end-to-end thit b, VLAN, giao
thng, v qun l chnh sch. Ngoi ra, qun l ti nguyn CiscoWorks
Essentials, mt Web-based cng c qun l, gip cho php thu thp hng tn kho
t ng, trin khai phn mm, d dng theo di cc thay i mng, quan im
vo thit b sn sng, v c lp nhanh chng cc iu kin li.

3.4. Cc bc cu hnh thit b cisco:

3.4.1. Chun cp kt ni
3.4.1.1. Cp i dy xon (Twisted pair cable)
Cp i dy xon l cp gm hai dy ng xon trnh gy nhiu cho
37

cc i dy khc, c th ko di ti vi km m khng cn khuych i. Gii

tn trn cp dy xon t khong 3004000Hz, tc truyn t vi kbps n
vi Mbps. Cp xon c hai loi:
- Loi c bc kim loi tng cng chng nhiu gi l STP ( Shield Twisted
Pair). Loi ny trong v bc kim c th c nhiu i dy. V l thuyt th tc
truyn c th t 500 Mb/s nhng thc t thp hn rt nhiu (ch t
155 Mbps vi cp di 100 m)
- Loi khng bc kim gi l UTP (UnShield Twisted Pair), cht lng km
hn STP nhng rt r. Cp UTP c chia lm 5 hng tu theo tc truyn.
Cp loi 3 dng cho in thoi. Cp loi 5 c th truyn vi tc 100Mb/s
rt hay dng trong cc mng cc b v va r va tin s dng. Cp ny c 4
i dy xon nm trong cng mt v bc

3.4.1.2. Cp ng trc (Coaxial cable) bng tn c s

L cp m hai dy ca n c li lng nhau, li ngoi l li kim loi. , Kh
nng chng nhiu rt tt nn c th s dng vi chiu di t vi trm met n
vi km. C hai loi c dng nhiu l loi c tr khng 50 ohm v loi c tr
khng 75 ohm.
3.4.1.3. Cp ng trc (Coaxial cable) bng tn c s
L cp m hai dy ca n c li lng nhau, li ngoi l li kim loi. , Kh
nng chng nhiu rt tt nn c th s dng vi chiu di t vi trm met n
vi km. C hai loi c dng nhiu l loi c tr khng 50 ohm v loi c tr
khng 75 ohm.

38

Hnh 1.7. Cp ng trc

Di thng ca cp ny cn ph thuc vo chiu di ca cp. Vi khong cch1
km c th t tc truyn t 1 2 Gbps. Cp ng trc bng tn c s
thng dng cho cc mng cc b. C th ni cp bng cc u ni theo
chun BNC c hnh ch T. VN ngi ta hay gi cp ny l cp gy do dch
t tn trong ting Anh l Thin Ethernet.
Mt loi cp khc c tn l Thick Ethernet m ta gi l cp bo. Loi ny
thng c mu vng. Ngi ta khng ni cp bng cc u ni ch T nh cp
gy m ni qua cc kp bm vo dy. C 2m5 li c nh du ni dy (nu
cn). T kp ngi ta gn cc tranceiver ri ni vo my tnh.
3.4.1.4. Cp ng trc bng rng (Broadband Coaxial Cable)
y l loi cp theo tiu chun truyn hnh (thng dng trong truyn hnh
cp) c di thng t 4 300 Khz trn chiu di 100 km. Thut ng bng
rng vn l thut ng ca ngnh truyn hnh cn trong ngnh truyn s liu
iu ny ch c ngha l cp loi ny cho php truyn thng tin tung t
(analog) m thi. Cc h thng da trn cp ng trc bng rng c th
truyn song song nhiu knh. Vic khuych i tn hiu chng suy hao c th
lm theokiu khuych i tn hiu tng t (analog). truyn thng cho my
tnh cn chuyn tn hiu s thnh tn hiu tng t.
3.4.1.5. Cp quang
Dng truyn cc xung nh sng trong lng mt si thu tinh phn x ton
phn. Mi trng cp quang rt l tng v
- Xung nh sng c th i hng trm km m khng gim cung sng.
- Di thng rt cao v tn s nh sng dng i vi cp quang c khong
1014 1016
- An ton v b mt, khng b nhiu in t
Ch c hai nhc im l kh ni dy v gi thnh cao.
39

Cp quang cng c hai loi

- Loi a mode (multimode fiber): khi gc ti thnh dy dn ln n mt
mc no th c hin tng phn x ton phn. Cc cp a mode c ng
knh khong 50
- Loi n mode (singlemode fiber): khi ng knh dy dn bng bc sng
th cp quang ging nh mt ng dn sng, khng c hin tng phn x
nhng ch cho mt tia i. Loi ny c ng knh khon 8m v phi dung
diode laser. Cp quang a mode c th cho php truyn xa ti hng trm km
m khng cn phi khuych i.

3.4.2. Cc thit b ghp ni

3.4.2.1. B chuyn tip (REPEATER )
Nhim v ca cc repeater l hi phc tn hiu c th truyn tip cho cc
trm khc bao gm c cng tc khuych i tn hiu, iu chnh tn hiu.
3.4.2.2. Cc b tp trung (Concentrator hay HUB)
HUB l mt loi thit b c nhiu u cm cc u cp mng. Ngi ta s
dng HUB ni mng theo kiu hnh sao. u im ca kiu ni ny l tng
c lp ca cc my khi mt my b s c dy dn.
C loi HUB th ng (passive HUB) l HUB ch m bo chc nng kt ni
hon ton khng x l li tn hiu. HUB ch ng (active HUB) l HUB c
chc nng khuych i tn hiu chng suy hao. HUB thng minh
(intelligent HUB) l HUB ch ng nhng c kh nng to ra cc gi tin
mang tin tc v hot ng ca mnh v gi ln mng ngi qun tr mng
c th thc hin qun tr t ng
3.4.2.3. Switching Hub (hay cn gi tt l switch)
L cc b chuyn mch thc s. Khc vi HUB thng thng, thay v chuyn
mt tn hiu n t mt cng cho tt c cc cng, n ch chuyn tn hiu n
40

cng c trm ch. Do vy Switch l mt thit b quan trng trong cc mng

cc b ln dng phn on mng. Nh c switch m ng trn mng
gim hn. Ngy nay switch l cc thit b mng quan trng cho php tu bin
trn mng chng hn lp mng o VLAN.

3.4.2.4. Modem
L tn vit tt t hai t iu ch (MOdulation) v gii iu ch
(DEModulation) l thit b cho php iu ch bin i tn hiu s sang tn
hiu tng t c th gi theo ng thoi v khi nhn tn hiu t ng
thoi c th bin i ngc li thnh tn hiu s.
3.4.2.5. Multiplexor - Demultiplexor
B dn knh c chc nng t hp nhiu tn hiu cng gi trn mt
ng truyn. B tch knh c chc nng ngc li ni nhn tn hiu
3.4.2.6. Router
Router l mt thit b dng ghp ni cc mng cc b vi nhau thnh
mng rng. Router thc s l mt my tnh lm nhim v chn ng cho cc
gi tin hng ra ngoi. Router c lp v phn cng v c th dng trn cc
mng chy giao thc khc nhau

3.5 Thit lp kt ni cu hnh

3.5.1.Cc thnh phn thng thng trn mt mng cc b

41

- Cc my ch cung cp dch v (server)

- Cc my trm cho ngi lm vic (workstation)
- ng truyn (cp ni)
- Card giao tip gia my tnh v ng truyn (network interface card)
- Cc thit b ni (connection device)
Hai yu t c quan tm hng u khi kt ni mng cc b l tc
trong mng v bn knh mng. Tn cc kiu mng dng theo giao thc
CSMA/CD cng th hin iu ny. Sau y l mt s kiu kt ni vi tc

10 Mb/s kh thng dng trong thi gian qua v mt s thng s k thut:

3.5.2. Kiu 10BASE5

L chun CSMA/CD c tc 10Mb v bn knh 500 m. Kiu ny dng
cp ng trc loi thick ethernet (cp ng trc bo) vi tranceiver. C th
kt
ni vo mng khong 100 my

42

Tranceiver: Thit b ni gia card mng v ng truyn, ng vai tr l

b thu-pht.
3.5.3. Kiu 10BASE2
L chun CSMA/CD c tc 10Mb v bn knh 200 m. Kiu ny dng
cp ng trc loi thin ethernet vi u ni BNC. C th kt ni vo mng
khong 30 my

43

Hnh1.11: Ni theo chun 10BASE2 vi cp ng trc v u ni BNC

3.5.4. Kiu 10BASE-T

L kiu ni dng HUB c cc ni kiu RJ45 cho cc cp UTP. Ta c
th m rng mng bng cch tng s HUB, nhng cng khng c tng qu
nhiu tng v hot ng ca mng s km hiu qu nu tr qu ln .
Hin nay m hnh phin bn 100BASE-T, 1000BASE-T bt u c
s dng nhiu, tc t ti 100 Mbps, 1000Mbps

44

3.5.5. Kiu 10BASE-F

Dng cab quang (Fiber cab), ch yu dng ni cc thit b xa nhau, to
dng ng trc xng sng (backborn) ni cc mng LAN xa nhau (2-10
km). Hin nay cng c cc phin bn 100BASE-F v 1000BASE-F vi tc
truyn d liu cao hn 10 v 100 ln

3.6.

Cu trc tng quan ca cc thit b cisco

B nh tuyn l thit b c s dng trn mng thc thi cc hot

ng x l truyn ti thng tin trn mng. C th xem b nh tuyn l mt
thit b my tnh c thit k c bit m ng c vai tr x l
truyn
ti thng tin trn mng ca n v do n cng bao gm cc CPU, tri tim
ca
mi hot ng, b nh ROM, RAM, cc giao tip, cc bus d liu, h iu
hnh v.v...
45

Chc nng ca b nh tuyn l nh hng cho cc gi tin c truyn

ti qua b nh tuyn. Trn c s cc thut ton nh tuyn, thng tin cu hnh
v chuyn giao, cc b nh tuyn s quyt nh hng i tt nht cho cc gi
tin c truyn ti qua n. B nh tuyn cn c vai tr x l cc nhu cu
truyn ti v chuyn i giao thc khc. Vai tr ca b nh tuyn trn mng
l m bo cc kt ni lin thng gia cc mng vi nhau, tnh ton v trao
i cc thng tin lin mng lm cn c cho cc b nh tuyn ra cc quyt
nh truyn ti thng tin ph hp vi cu hnh thc t ca mng. B nh
tuyn lm vic vi nhiu cng ngh u ni mng din rng khc nhau nh
FRAME RELAY, X.25, ATM, SONET, ISDN, xDSL... m bo cc nhu cu
kt ni mng theo nhiu cc cng ngh v chun mc khc nhau m nu
thiu vai tr ca b nh tuyn th khng th thc hin c.
3.6.1. Cc chc nng chnh ca b nh tuyn, tham chiu m hnh OSI
M hnh OSI c hc chng 1 gm 7 lp trong bao gm:
- 3 lp thuc v cc lp ng dng
o lp ng dng
o lp trnh by
o lp phin
- 4 lp thuc v cc lp truyn thng
o lp vn chuyn
o lp mng
o lp lin kt d liu
o lp vt l
i vi cc lp truyn thng:
- Lp vn chuyn: phn chia / ti thit d liu thnh cc dng chy d liu.
Cc chc nng chnh bao gm iu khin dng d liu, a truy nhp, qun l
cc mch o, pht hin v sa li. TCP, UDP l hai giao thc thuc h giao
thc Internet (TCP/IP) thuc v lp vn chuyn ny.
- Lp mng: cung cp hot ng nh tuyn v cc chc nng lin quan khc
cho php kt hp cc mi trng lin kt d liu khc nhau li vi nhau cng
to nn mng thng nht. Cc giao thc nh tuyn hot ng trong lp mng
ny.
- Lp lin kt d liu: cung cp kh nng truyn ti d liu t qua mi trng
truyn dn vt l. Mi c t khc nhau ca lp lin kt d liu s c cc nh
46

ngha khc nhau v giao thc v cc chun mc kt ni m bo truyn ti d

liu.
- Lp vt l: nh ngha cc thuc tnh in, cc chc nng, thng trnh dng
kt ni cc thit b mng mc vt l. Mt s cc thuc tnh c nh
ngha nh mc in p, ng b, tc truyn ti vt l, khong cch truyn
ti cho php... Trong mi trng truyn thng, cc thit b truyn thng giao
tip vi nhau thng qua cc h giao thc truyn thng khc nhau c xy
dng da trn cc m hnh chun OSI nhm m bo tnh tng thch v m
rng. Cc giao thc truyn thng thng c chia vo mt trong bn nhm:
cc giao thc mng cc b, cc giao thc mng din rng, giao thc mng v
cc giao thc nh tuyn. Giao thc mng cc b hot ng trn lp vt l v
lp lin kt d liu. Giao thc mng din rng hot ng trn 3 lp di cng
trong m hnh OSI. Giao thc nh tuyn l giao thc lp mng v m bo
cho cc hot ng nh tuyn v truyn ti d liu. Giao thc mng l cc h
cc giao thc cho php giao tip vi lp ng dng. Vai tr ca b nh tuyn
trong mi trng truyn thng l m bo cho cc kt ni gia cc mng khc
nhau vi nhiu giao thc mng, s dng cc cng ngh truyn dn khc nhau.
Chc nng chnh ca b nh tuyn l:
- nh tuyn (routing)
- Chuyn mch cc gi tin (packet switching)
nh tuyn l chc nng m bo gi tin c chuyn chnh xc ti a ch
cn n. Chuyn mch cc gi tin l chc nng chuyn mch s liu, truyn
ti cc gi tin theo hng nh trn c s cc nh tuyn c t ra. Nh
vy, trn mi b nh tuyn, ta phi xy dng mt bng nh tuyn, trn ch
r a ch cn n v ng i cho n. B nh tuyn da vo a ch ca gi
tin kt hp vi bng nh tuyn chuyn gi tin i ng n ch. Cc gi tin
khng c ng a ch ch trn bng nh tuyn s b hu. Chc nng u tin
ca b nh tuyn l chc nng nh tuyn nh tn gi ca n cng l chc
nng chnh ca b nh tuyn lm vic vi cc giao thc nh tuyn. B nh
tuyn c xp vo cc thit b mng lm vic lp
3, lp mng.
Bng 3-1:Tng ng chc nng thit b trong m hnh OSI

Chc nng khc ca b nh tuyn l cho php s dng cc phng thc

truyn thng khc nhau u ni din rng. Chc nng kt ni din rng
47

WAN ca b nh tuyn l khng th thiu m bo vai tr kt ni truyn

thng gia cc mng vi nhau. Chc nng kt ni mng cc b, bt k b nh
tuyn no cng cn c chc nng ny m bo kt ni n vng dch v
ca mng. B nh tuyn cn c cc chc nng m bo hot ng cho cc
giao thc mng m n qun l.
3.6.2. Cu hnh c bn v chc nng ca cc b phn ca b nh tuyn
Nh ni phn trc, b nh tuyn l mt thit b my tnh c thit k
c bit m ng c vai tr x l truyn ti thng tin trn mng. N
c thit k bao gm cc phn t khng th thiu nh CPU, b nh ROM,
RAM, cc bus d liu, h iu hnh. Cc phn t khc ty theo nhu cu s
dng c th c hoc khng bao gm cc giao tip, cc module v cc tnh
nng c bit ca h iu hnh.
CPU: iu khin mi hot ng ca b nh tuyn trn c s cc h thng
chng trnh thc thi ca h iu hnh.
ROM: cha cc chng trnh t ng kim tra v c th c thnh phn c bn
nht sao cho b nh tuyn c th thc thi c mt s hot ng ti thiu
ngay c khi khng c h iu hnh hay h iu hnh b hng.
RAM: gi cc bng nh tuyn, cc vng m, tp tin cu hnh khi chy, cc
thng s m bo hot ng ca b nh tuyn khc.
Flash: l thit b nh / lu tr c kh nng xo v ghi c, khng mt d liu
khi ct ngun. H iu hnh ca b nh tuyn c cha y. Ty thuc
cc b nh tuyn khc nhau, h iu hnh s c chy trc tip t Flash
hay c gin ra RAM trc khi chy. Tp tin cu hnh cng c th c lu
tr trong Flash.
H iu hnh: m ng hot ng ca b nh tuyn. H iu hnh ca cc
b nh tuyn khc nhau c cc chc nng khc nhau v thng c thit k
khc nhau. Mi b nh tuyn c th chy rt nhiu h iu hnh khc nhau
ty thuc vo nhu cu s dng c th, cc chc nng cn thit phi c ca b
nh tuyn v cc thnh phn phn cng c trong b nh tuyn. Cc thnh
phn phn cng mi yu cu c s nng cp v h iu hnh. Cc tnh nng
c bit c cung cp trong cc bn nng cp ring ca h iu hnh.
Cc giao tip: b nh tuyn c nhiu cc giao tip trong ch yu bao gm:
- Giao tip WAN: m bo cho cc kt ni din rng thng qua cc
phng thc truyn thng khc nhau nh leased-line, Frame Relay,
X.25,ISDN, ATM, xDSL ... Cc giao tip WAN cho php b nh tuyn kt
ni theo nhiu cc giao din v tc khc nhau: V.35, X.21, G.703, E1, E3,
cp quang v.v...
48

- Giao tip LAN: m bo cho cc kt ni mng cc b, kt ni n cc vng

cung cp dch v trn mng. Cc giao tip LAN thng dng: Ethernet,
FastEthernet, GigaEthernet, cp quang.

3.7.. Tp lnh c bn cisco

3.7.1. Lm quen vi cc ch cu hnh
Ch ngi dng
Bao gm cc tc v ph bin ch yu gm nhng lnh kim tra trng thi
hot ng ca b nh tuyn, trng thi cc giao tip, cc bng nh tuyn
v.v... v mt s lnh kim tra kt ni mng nh ping, traceroute, telnet
v.v.... ch ny khng c php thay i cc cu hnh b nh tuyn.
Ch ngi dng khng cho php xem xt su n cc hot ng ca b
nh tuyn m trong qu trnh khai thc, vn hnh, ngi qun tr phi cn
thit s dng ch qun tr thc hin. Biu hin ca ch ngi dng l
du ln hn,
>, sau tn b nh tuyn:
Router>
Router>?
Exec commands:
<1-99>

Session number to resume

access-enable

Create a temporary Access-List entry

access-profile Apply user-profile to interface

clear

Reset functions

connect

Open a terminal connection

disable

Turn off privileged commands

disconnect
enable
exit

Disconnect an existing network connection

Turn on privileged commands
Exit from the EXEC

----- cc lnh c b bt ----49

ping

Send echo messages

ppp

Start IETF Point-to-Point Protocol (PPP)

resume

Resume an active network connection

rlogin

Open an rlogin connection

show

Show running system information

slip

Start Serial-line IP (SLIP)

systat

Display information about terminal lines

telnet

Open a telnet connection

terminal

Set terminal line parameters

traceroute

Trace route to destination

tunnel

Open a tunnel connection

udptn

Open an udptn connection

where

List active connections

x28

Become an X.28 PAD

x3

Set X.3 parameters on PAD

Ch qun tr
Bao gm hu ht cc lnh ca ch ngi dng v cc lnh ch dnh cho
ngi qun tr. Ch c th cu hnh b nh tuyn ch ny. Trong qu
trnh khai thc, vn hnh, hiu r hoc khi c s c xy ra, ngi qun tr
c th s dng cc lnh debug lm r thm thng tin cn thit. c trng
cho ch qun tr l biu hin ca du thng, #.
Router>en
Password:
Router#
Router#?
Exec commands:
<1-99>
access-enable

Session number to resume

Create a temporary Access-List entry
50

access-profile Apply user-profile to interface

access-template Create a temporary Access-List entry
archive

manage archive files

bfe

For manual emergency modes setting

cd

Change current directory

clear

Reset functions

clock

Manage the system clock

configure

Enter configuration mode

connect

Open a terminal connection

copy

Copy from one file to another

debug

Debugging functions (see also 'undebug')

----- cc lnh c b bt ----traceroute

Trace route to destination

tunnel

Open a tunnel connection

udptn

Open an udptn connection

undebug

Disable debugging functions (see also 'debug')

upgrade

Upgrade firmware

verify
where
write

Verify a file
List active connections
Write running configuration to memory, network, or

terminal
x28

Become an X.28 PAD

x3

Set X.3 parameters on PAD

Ch cu hnh ton cc
L ch cu hnh cc tham s ton cc cho b nh tuyn.
C rt nhiu cc cu hnh ton cc nh cu hnh tn b nh tuyn, cu hnh
tn v mt khu ngi dng, cu hnh nh tuyn ton cc, cu hnh danh sch
truy nhp v.v... Biu hin ca ch cu hnh ton cc nh sau:
51

Router#
Router#config terminal
Router(config)#hostname RouterA

Ch cu hnh giao tip

Ch cu hnh giao tip l ch cu hnh cho cc giao tip ca b nh
tuyn nh giao tip Serial, giao tip Ethernet, giao tip Async... Ch cu
hnh giao tip cho php ngi qun tr mng thit lp cc tham s hot ng
cho mi giao tip nh cc giao thc mng c s dng trn giao tip, a ch
mng ca giao tip, gn cc danh sch truy nhp cho giao tip v.v... Mt v d
v ch cu hnh giao tip nh sau:
Router#
Router#config terminal
Router(config)#interface s0/0
Router(config-if)#encapsolution ppp
Router(config-if)#ip address 192.168.100.5 255.255.255.0
Router(config-if)#
Ch cu hnh nh tuyn
L ch cu hnh cc tham s cho cc giao thc nh tuyn. Cc giao thc
nh tuyn c cu hnh c lp vi nhau v u c thc hin ch cu
hnh nh tuyn nh v d sau:
Router#
Router#config terminal
Router(config)#router rip
Router(config-router)#network 192.168.0.0
Router(config-if)#

Ch cu hnh ng kt ni
Ch cu hnh ng kt ni l mt ch cu hnh c bit s dng
thit lp cc tham s mc thp cho giao tip logic trong in hnh l cc
tham s thit lp cho cc kt ni modem quay s.
52

Router#config terminal
Router(config)#line 33 48
Router(config-line)#modem inout
Router(config-line)#modem autoconfig discovery
Router(config-line)#

3.7.2 Lm quen vi cc lnh cu hnh c bn

Enable: dng vo ch qun tr. Sau khi thc hin lnh enable, ngi dng
phi cung cp mt khu qun tr ng thc s c lm vic ch qun tr,
mt khu khng c php nhp sai qu 3 ln.
Router>
Router>en
Password:
Password:
Password:
% Bad secrets
Router>en
Password:
53

Router#
Router#
Router#disa
Router>

Disable: thot khi ch qun tr v ch ngi dng.

Setup: thc hin khi to li cu hnh ca b nh tuyn ch cu hnh hi
thoi. Sau y l mt v d v s dng lnh setup. Ch hi thoi ny cng
c thc hin t ng i vi cc b nh tuyn cha h c tp tin cu hnh hay
ni cch khc c NVRAM khng cha thng tin.

Router#setup
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: y
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: n
First, would you like to see the current interface summary? [yes]: n
Configuring global parameters:
Enter host name [Router]:
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret [<Use current secret>]:

54

The enable password is used when you do not specify an

enable secret password, with some older software versions, and
some boot images.
Enter enable password []:123456
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: 654321
Configure SNMP Network Management? [yes]:
Community string [public]:
Configure IP? [yes]:
Configure IGRP routing? [yes]: n
Configure RIP routing? [no]:
Configure bridging? [no]:
Async lines accept incoming modems calls. If you will have
users dialing in via modems, configure these lines.
Configure Async lines? [yes]: n
Configuring interface parameters:
Do you want to configure FastEthernet0/0 interface? [yes]: n
Do you want to configure Serial0/0 interface? [yes]: n
Do you want to configure Serial0/1 interface? [no]: y
Some supported encapsulations are
ppp/hdlc/frame-relay/lapb/x25/atm-dxi/smds
Choose encapsulation type [hdlc]: ppp
No serial cable seen.
Choose mode from (dce/dte) [dte]:
Configure IP on this interface? [no]: y
IP address for this interface: 192.168.100.5
55

Subnet mask for this interface [255.255.255.0] :

Class C network is 192.168.100.0, 24 subnet bits; mask is /24
The following configuration command script was created:
hostname Router
enable secret 5 $1$EuXV$Yhj/OYkz/U1R5VABqXsMC0
enable password 7 123456
line vty 0 4
password 7 654321
snmp-server community public
!
ip routing
no bridge 1
!
interface FastEthernet0/0
shutdown
no ip address
!
interface Serial0/0
shutdown
no ip address
!
interface Serial0/1
no shutdown
encapsulation ppp
ip address 192.168.100.5 255.255.255.0
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
56

!
end
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.

Config: cho php thc hin cc lnh cu hnh b nh tuyn. Sau lnh config,
qun tr mng mi c th thc hin cc lnh cu hnh b nh tuyn. Trnh t thc
hin cu hnh cho mt b nh tuyn c th c th hin nh sau
- t tn cho b nh tuyn
Router#config terminal
Router(config)#
Router(config)#hostname RouterABC
RouterABC(config)#
- t tn mt khu b mt dnh cho ngi qun tr
RouterABC(config)#enable secret matkhaubimat
RouterABC(config)#
- t tn mt khu cho ch qun tr. Mt khu ny ch s dng khi cu
hnh b nh tuyn khng c mt khu b mt dnh cho qun tr.
RouterABC(config)#enable password matkhau
RouterABC(config)#
- Cu hnh cho php ngi dng truy cp t xa n b nh tuyn
RouterABC(config)#line vty 0 4
RouterABC(config-line)#login
RouterABC(config-line)#password telnet
RouterABC(config-line)#
- Cu hnh cc giao tip
RouterABC(config)#interface ethernet 0
57

RouterABC(config-if)#ip address 192.168.2.1 255.255.255.0

RouterABC(config-if)#no shutdown
RouterABC(config-if)#
- Cu hnh nh tuyn
RouterABC(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.2
RouterABC(config)#
Copy: lnh copy cho php thc hin cc sao chp cu hnh ca b nh tuyn
i/n my ch TFTP, sao chp, lu tr, nng cp cc tp tin IOS ca b nh
tuyn t / ti my ch TFTP. c th lu bn sao cu hnh hin hnh ln my
ch TFTP, s dng lnh copy rumng-config tftp nh c trnh by di. Tip
theo l tin trnh ngc li vi vic ti tp tin cu hnh t my ch TFTP v b
nh tuyn.
- Nhp lnh copy runing-config tftp
- Nhp a ch IP ca my ch TFTP ni dng lu tp tin cu hnh
- Nhp tn n nh cho tp tin cu hnh
- Xc nhn chn la vi tr li yes

Lnh copy dng lu tp tin cu hnh ln my ch:

Router#copy running-config tftp
Address or name of remote host []? 192.168.1.5
Name of configuration file to write [Router-config]?cisco.cfg
Write file cisco.cfg to 192.168.1.5? [confirm] y
Writing cisco.cfg !!!!! [OK]
Router#

Lnh copy dng ti tp tin cu hnh t my ch:

Router#copy tftp running-config
Address or name of remote host []? 192.168.1.5
Source filename []? cisco.cfg
58

Destination filename [running-config]?

Show: l lnh c dng nhiu v ph bin nht.
Lnh show dng xc nh trng thi hin hnh ca b nh tuyn. Cc lnh ny
gip cho php c c cc thng tin quan trng cn bit khi kim tra v iu
chnh cc hot ng ca b nh tuyn.
- show version: hin th cu hnh phn cng h thng, phin bn phn mm, tn
v ngun ca cc tp tin cu hnh, v nh chng trnh khi ng.
- show processes: hin th thng tin cc qu trnh hot ng ca b nh tuyn.
- show protocols: hin th cc giao thc c cu hnh.
- show memory: thng k v b nh ca b nh tuyn.
- show stacks: gim st vic s dng stack ca cc qu trnh, cc th tc ngt v
hin th nguyn nhn khi ng li h thng ln cui cng.
- show buffers: cung cp thng k v cc vng b m trn b nh tuyn.
- show flash: th hin thng tin v b nh Flash.
- show running-config: hin th tp tin cu hnh ang hot ng ca b nh
tuyn.
- show startup-config: hin th tp tin cu hnh c lu tr trn NVRAM v
c a vo b nh hot ng khi bt ngun b nh tuyn. Thng thng
running-config v startup-config l ging nhau. Khi thc hin cc lnh cu hnh,
running-config v startup-config s khng cn ging nhau, cu hnh hot ng
(running-config) cn phi c ghi tr li NVRAM sau khi kt thc cu hnh b
nh tuyn.
- show interfaces: thng k cc giao tip ca b nh tuyn. y l mt trong cc
lnh c s dng nhiu nht cho bit trng thi hot ng ca cc giao tip, s
liu thng k lu lng, s lng cc gi tin li v.v...

59

Router#show interface s0/0

Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
Description: 2M link to the Internet
Internet address is 192.168.100.5/24
MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec,
reliability 255/255, txload 248/255, rxload 84/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/12/0 (size/max/drops/flushes); Total output
drops: 2383688
Queueing strategy: weighted fair
Output queue: 24/1000/64/2383671 (size/max total/threshold/drops)
Conversations 5/184/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 677000 bits/sec, 161 packets/sec
60

5 minute output rate 1996000 bits/sec, 395 packets/sec

106754998 packets input, 2930909441 bytes, 0 no buffer
Received 68850 broadcasts, 0 runts, 0 giants, 0 throttles
51143 input errors, 30726 CRC, 20248 frame, 0 overrun, 0
ignored, 169 abort
319791176 packets output, 1669977392 bytes, 0 underruns
0 output errors, 0 collisions, 125 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Hnh 3.22: Lnh show interface
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 09-May-00 23:34 by linda
Image text-base: 0x80008088, data-base: 0x807D2544

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 1 week, 1 day, 1 minute
System returned to ROM by power-on at 13:29:57 Hanoi Thu Jul 31 2003
System restarted at 20:24:22 Hanoi Tue Sep 2 2003
System image file is "flash:c2600-i-mz.121-2.bin"

cisco 2620 (MPC860) processor (revision 0x102) with 26624K/6144K

61

bytes of memory
.
Processor board ID JAD04340ID8 (2733840160)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Write: lnh write s dng ghi li cu hnh hin ang chy ca b nh tuyn.
Nht thit phi dng lnh write memory ghi li cu hnh ca b nh tuyn vo
NVRAM mi khi c thay i v cu hnh.

Router#write ?
erase

Erase NV memory

memory

Write to NV memory

network Write to network TFTP server

terminal Write to terminal
<cr>
3.8 Cc giao thc nh tuyn h thng cisco:
3.8.1 Gii thiu b nh tuyn Cisco
S lc v b nh tuyn
B nh tuyn Cisco bao gm nhiu nn tng phn cng khc nhau c thit
k xy dng cho ph hp vi nhu cu v mc ch s dng ca cc gii php
khc nhau. Cc chc nng x l hot ng ca b nh tuyn Cisco da trn
nn tng ct li l h iu hnh IOS. Tu theo cc nhu cu c th m mt b
nh tuyn Cisco s cn mt IOS c cc tnh nng ph hp. IOS c nhiu
62

phin bn khc nhau, mt s loi phn cng mi c pht trin ch c th

c h tr bi cc IOS phin bn mi nht.
Cc thnh phn cu thnh b nh tuyn

- RAM: Gi bng nh tuyn, ARP Cache, fast-switching cache, packet

buffer, v l ni chy cc file cu hnh cho b nh tuyn. y chnh l ni lu
gi file Running-Config, cha cu hnh ang hot ng ca Router. Khi
ngng cp ngun cho b nh tuyn, b nh ny s t ng gii phng. Tt c
cc thng tin trong file Running-Config s b mt hon ton.
- NVRAM: non-volatile RAM, l ni gi startup/backup configure, khng b
mt thng tin khi mt ngun vo. File Startup-Config c lu trong ny
m bo khi khi ng li, cu hnh ca b nh tuyn s c t ng a v
trng thi lu gi trong file. V vy, phi thng xuyn lu file RunningConfig thnh file Startup-Config.
- Flash: L ROM c kh nng xo, v ghi c. L ni cha h iu hnh IOS
ca b nh tuyn. Khi khi ng, b nh tuyn s t c ROM np IOS
trc khi np file Startup-Config trong NVRAM.
- ROM: Cha cc chng trnh t ng kim tra.
- Cng Console: c s dng cu hnh trc tip b nh tuyn. Tc
d liu dng cho cu hnh bng my tnh qua cng COM l 9600b/s. Giao
din ra ca cng ny l RJ45 female.
- Cng AUX: c s dng qun l v cu hnh cho b nh tuyn thng
qua modem d phng cho cng Console. Giao din ra ca cng ny cng l
RJ45 female.
- Cc giao din:
63

o Cng Ethernet / Fast Ethernet

o Cng Serial
o Cng ASYNC ...

3.8.2. nh tuyn tnh v ng

S lc v nh tuyn
Chc nng xc nh ng dn cho php b nh tuyn c lng
cc ng dn kh thi n ch v thit lp s kim sot cc gi tin. B
nh tuyn s dng cc cu hnh mng nh gi cc ng dn mng.
Thng tin ny c th c cu hnh bi ngi qun tr mng hay c thu
thp thng qua qu trnh x l ng c thc thi trn mng.
Lp mng dng bng nh tuyn IP gi cc gi tin t mng
ngun n mng ch. B nh tuyn da vo cc thng tin c gi trong
bng nh tuyn quyt nh truyn ti cc gi tin theo cc giao tip thch
hp.

Mt bng nh tuyn IP bao gm cc a ch mng ch, a ch

ca im cn i qua, gi tr nh tuyn v giao tip thc hin vic truyn
ti. Khi
khng c thng tin v mng ch, b nh tuyn s gi cc gi tin
theo mt ng dn mc nh c cu hnh trn b nh tuyn, nu ng
dn khng tn ti, b nh tuyn t ng loi b gi tin.
C hai phng thc nh tuyn l:
- nh tuyn tnh (static routing): l cch nh tuyn khng s dng
cc giao thc nh tuyn. Cc nh tuyn n mt mng ch s c
thc hin mt cch c nh khng thay i trn mi b nh tuyn. Mi khi
64

thc hin vic thm hay bt cc mng, phi thc hin thay i cu hnh
trn mi b nh tuyn.
- nh tuyn ng (dynamic routing): l vic s dng cc giao thc
nh tuyn thc hin xy dng nn cc bng nh tuyn trn cc b nh
tuyn. Cc b nh tuyn thng qua cc giao thc nh tuyn s t ng
trao i cc thng tin nh tuyn, cc bng nh tuyn vi nhau. Mi khi c
s thay i v mng, ch cn khai bo thng tin mng mi trn b nh
tuyn qun l trc tip mng mi m khng cn phi khai bo li trn
mi b nh tuyn. Mt s giao thc nh tuyn ng c s dng l RIP,
RIPv2, OSPF, EIGRP v.v...
Gi tr nh tuyn c xy dng ty theo cc giao thc nh tuyn
khc nhau. Gi tr nh tuyn ca cc kt ni trc tip v nh tuyn tnh c
gi tr nh nht bng 0, i vi nh tuyn ng th gi tr nh tuyn c
tnh ton ty thuc v tng giao thc c th. Gi tr nh tuyn c th
hin trong bng nh tuyn l gi tr nh tuyn tt nht c b nh
tuyn tnh ton v xy dng nn trn c s cc giao thc nh tuyn c
cu hnh v gi tr nh tuyn ca tng giao thc.
Cc giao thc nh tuyn ng c chia thnh 2 nhm chnh:
- Cc giao thc nh tuyn khong cch vc t (distance-vecto, sau y c gi
tt l nh tuyn vect): da vo cc gii thut nh tuyn c c s hot ng l
khong cch vc t. Theo nh k cc b nh tuyn chuyn ton b cc thng
tin c trong bng nh tuyn n cc b nh tuyn lng ging u ni trc tip
vi n v cng theo nh k nhn cc bng nh tuyn t cc b nh tuyn lng
ging. Sau khi nhn c cc bng nh tuyn t cc b nh tuyn lng ging,
b nh tuyn s so snh vi bng nh tuyn hin c v quyt nh v vic xy
dng li bng nh tuyn theo thut ton ca tng giao thc hay khng. Trong
trng hp phi xy dng li, b nh tuyn sau s gi bng nh tuyn mi
cho cc lng ging v cc lng ging li thc hin cc cng vic tng t. Cc b
nh tuyn t xc nh cc lng ging trn c s thut ton v cc thng tin thu
lm t mng. T vic cn thit phi gi cc bng nh tuyn mi li cho cc
lng ging v cc lng ging sau khi xy dng li bng nh tuyn li gi tr li
bng nh tuyn mi, nh tuyn thnh vng c th xy ra nu s hi v trng thi
bn vng ca mng din ra chm trn mt cu hnh mi. Cc b nh tuyn s
dng cc k thut b m nh thi m bo khng ny sinh vic xy dng
mt bng nh tuyn sai. C th din gii iu nh sau:
o Khi mt b nh tuyn nhn mt cp nht t mt lng ging ch rng mt mng
c th truy xut trc y, nay khng th truy xut c na, b nh tuyn nh
du tuyn l khng th truy xut v khi ng mt b nh thi.

65

o Nu ti bt c thi im no m trc khi b nh thi ht hn mt cp nht

c tip nhn cng t lng ging ch ra rng mng c truy xut tr li,
b nh tuyn nh du l mng c th truy xut v gii phng b nh thi.
o Nu mt cp nht n t mt b nh tuyn lng ging khc vi gi tr nh
tuyn tt hn gi tr nh tuyn c ghi cho mng ny, b nh tuyn nh du
mng c th truy xut v gii phng b nh thi. Nu gi tr nh tuyn ti hn,
cp nht c b qua.
o Khi b nh thi c m v 0, gi tr nh tuyn mi c xc lp, b nh
tuyn c bng nh tuyn mi.
- Cc giao thc nh tuyn trng thi ng (link-state, gi tt l nh tuyn trng
thi): Gii thut c bn th hai c dng cho nh tuyn l gii thut 1ink-state.
Cc gii thut nh tuyn trng thi, cng c gi l SPF (shortest path first,
chn ng dn ngn nht), duy tr mt c s d liu phc tp cha thng tin v
cu hnh mng.
- Trong khi gii thut vect khng c thng tin c bit g v cc mng xa v
cng khng bit cc b nh tuyn xa, gii thut nh tuyn trng thi bit c
y v cc b nh tuyn xa v bit c chng lin kt vi nhau nh th
no.
Giao thc nh tuyn trng thi s dng:
o Cc thng bo v trng thi lin kt: LSA (Link State Advertisements).
o Mt c s d liu v cu hnh mng.
o Gii thut SPF, v cy SPF sau cng.
o Mt bng nh tuyn lin h cc ng dn v cc cng n tng mng. Hot
ng tm hiu khm ph mng trong nh tuyn trng thi c thc hin nh
sau:
o Cc b nh tuyn trao i cc LSA cho nhau. Mi b nh tuyn bt u vi
cc mng c kt ni trc tip ly thng tin.
o Mi b nh tuyn ng thi vi cc b nh tuyn khc tin hnh xy dng
mt c s d liu v cu hnh mng bao gm tt c cc LSA n t lin mng.
o Gii thut SPF tnh ton mng c th t n. B nh tuyn xy dng cu hnh
mng lun l ny nh mt cy, t n l gc, gm tt c cc ng dn c th n
mi mng trong ton b mng ang chy giao thc nh tuyn trng thi. Sau ,
n sp xp cc ng dn ny theo chin lc chn ng dn ngn nht.
o B nh tuyn lit k cc ng dn tt nht ca n, v cc cng dn n cc
mng ch, trong bng nh tuyn ca n. N cng duy tr cc c s d liu khc
v cc phn t cu hnh mng v cc chi tit v hin trng ca mng. Khi c thay
66

i v cu hnh mng, b nh tuyn u tin nhn bit c s thay i ny gi

thng tin n cc b nh tuyn khc hay n mt b nh tuyn nh trc c
gn l tham chiu cho tt c cc cc b nh tuyn trn mng lm cn c cp nht.
o Theo di cc lng ging ca n, xem xt c hot ng hay khng, v gi tr
nh tuyn n lng ging .
o To mt gi LSA trong lit k tn ca tt c cc b nh tuyn lng ging v
cc gi tr nh tuyn i vi cc lng ging mi, cc thay i trong gi tr nh
tuyn, v cc lin kt dn n cc lng ging c ghi.
o Gi gi LSA ny i sao cho tt c cc b nh tuyn u nhn c.
o Khi nhn mt gi LSA, ghi gi LSA vo c s d liu sao cho cp
nht gi LSA mi nht c pht ra t mi b nh tuyn.
o Hon thnh bn ca lin mng bng cch dng d liu t cc gi
LSA tch ly c v sau tnh ton cc tuyn dn n tt c cc mng khc
s dng thut ton SPF.
C hai vn lu i vi giao thc nh tuyn trng thi:
o Hot ng ca cc giao thc nh tuyn trng thi trong hu ht cc
trng hp u yu cu cc b nh tuyn dng nhiu b nh v thc thi nhiu
hn so vi cc giao thc nh tuyn theo vect. Cc yu cu ny xut pht t
vic cn thit phi lu tr thng tin ca tt c cc lng ging, c s d liu
mng n t cc ni khc v vic thc thi cc thut ton nh tuyn trng thi.
Ngi qun l mng phi m bo rng cc b nh tuyn m h chn c kh
nng cung cp cc ti nguyn cn thit ny.
o Cc nhu cu v bng thng cn phi tiu tn khi ng s pht tn
gi trng thi. Trong khi khi ng qu trnh khm ph, tt c cc b nh
tuyn dng cc giao thc nh tuyn trng thi gi cc gi LSA n tt c
cc b nh tuyn khc. Hnh ng ny lm trn ngp mng khi m cc b nh
tuyn ng lot yu cu bng thng v tm thi lm gim lng bng thng
kh dng dng cho lu lng d liu thc c nh tuyn. Sau khi ng pht
tn ny, cc giao thc nh tuyn trng thi thng ch yu cu mt lng bng
67

thng ti thiu gi cc gi LSA kch hot s kin khng thng xuyn nhm
phn nh s thay i ca cu hnh mng.
- V mt nhm giao thc th 3 l nhm cc giao thc nh tuyn lai
ghp gia 2 nhm trn hay ni cch khc c cc tnh cht ca c hai nhm giao
thc trn.

68

Cc giao thc nh tuyn

Cu hnh nh tuyn ng c bn vi RIP

Mt s lu khi cu hnh nh tuyn ng vi RIP
- RIP gi cc thng tin cp nht theo cc chu k nh trc, gi tr mc
nh l 30 giy, v khi c s thay i bng nh tuyn.
- RIP s dng s m cc node (hop count) lm gi tr nh gi cht
lng ca nh tuyn (metric). RIP ch gi duy nht nh tuyn c gi tr nh
tuyn thp nht.
- Gi tr hop count ti a cho php l 15.
69

- RIP s dng cc b m thi gian cho vic thc hin gi cc thng tin
cp nht, xo b mt nh tuyn trong bng cng nh iu khin cc qu
trnh to lp bng nh tuyn, trnh loop vng.
- RIPv1: Classfull: khng c thng tin v subnetmask
- RIPv2: Classless: c thng tin v subnetmask
Cu hnh nh tuyn vi RIP:
- Cho php giao thc nh tuyn RIP hot ng trn b nh tuyn.
Router(config)#router rip
- Thit lp cc cu hnh mng. Network l nhm mng tnh theo lp mng c
bn ang c cc giao tip trc tip trn b nh tuyn.
Router(config-router)#network 192.168.100.0
Router(config-router)#network 172.25.0.0
Router(config-router)#network 10.0.0.0
- Trong trng hp s dng RIP vi cc mng khng phi l mng broadcast
nh X.25, Frame Relay cn thit cu hnh RIP vi cc a ch Unicast l cc a
ch m RIP s gi ti cc thng tin cp nht
Router(config-router)#neighbor 192.168.113.1
Router(config-router)#neighbor 192.168.113.5
- Tu theo iu kin c th v h tng mng c th thay i chu k cp nht thng
tin, cc nh ngha thi gian khc cho ph hp.
Router(config-router)# timers basic update invalid holddown
flush[sleeptime]
- Cc thay i khc.
Router(config-router)# version {1 | 2}
Router(config-router)# ip rip authentication key-chain name-of-chain
Router(config-router)# ip rip authentication mode {text | md5}
- Gim st.
show ip interfaces
70

show ip rip

71

3.9 Thit lp chnh sch bng access-list

V d :
Cu hnh mt ip access-list :
Code:
ip access-list {standard | extended} acl-name
Lu :
Permit : tng ng vi bn quan tm n dy ip .
Deny : tng ng vi bn khng quan tm n dy ip .
Quan tm tng ng vi n s thc hin theo cu lnh action iu khin.
V d : bn quan tm n dy ip x-y khng quan tm n dy ip a-b , action l :
action drop .
=> x-y s b drop cn a-b khng b nh hng g.
Bc 2 : nh ngha mt Vlan -access map bng cu lnh :
vlan access-map map_name[0-65535]

Vn t ra l bn cng c th khng cn gn s th t t [0-65535] , switch s

t to. Trng hp dng s khi no bn dng map-name chung cho nhiu accessmap khi n s gn mt s m bt tng ln lt ln 10 n v. V d : 10, 20,
30...

Bc 3: Cu hnh mt "match clause". nh ngha ra mt mnh lin h gia

vlan-acesslist v ip access-list trn :
Code:
match ip address {acl_number | acl_name}
hay tng qut nht l cu lnh :
Code:
72

match {ip | mac} address {name |

number} [name | number]
Bc 4: Cu hnh "hnh ng m switch s lm vi vlan-access map trn
Code:
action {drop | forward}
Lu :
1) Bn c th khng cn nh c th l drop hay forward mc nh khng chn
n s ly hnh ng l forward
Trch:
V d :
Code:
Switch(config)# ip access-list extended ip1
Switch(config-ext-nacl)# permit tcp any any
Switch(config-ext-nacl)# exit
Switch(config)# vlan access-map map_1 10
Switch(config-access-map)# match ip address ip1
Switch(config-access-map)# action drop
Code:
Switch(config)# ip access-list extended ip2
Switch(config-ext-nacl)# permit udp any any
Switch(config-ext-nacl)# exit
Switch(config)# vlan access-map map_1 20
Switch(config-access-map)# match ip address ip2
Switch(config-access-map)# action forward
Bc 5 : apply mt vlan-map vo mt vlan
vlan filter mapname vlan-list list

73

3.10. Thit k h thng mng LAN cho trng i hc

3.10.1. S kt ni vt l

74

Hnh : S kt ni vt l mng LAN

3.10.2. Thit k s logic mng LAN cho trng i hc

75

76

3.10.3. Bn v quy hoch IP

i Hc K Thut Cng Nghip Thi Nguyn
S dng di IP: 172.16.0.0/24
Gm 256 di IP: 172.16.0.0/24 ti 172.16.255.0/24

IP ca cc thit b qun tr
Firewall: 172.16.248.0/24

Core switch: 172.16.248.0/24

IP ca cc server local

IP ca cc VLAN

Mail: 172.16.110.10

VLAN 23: 172.16.241.23

Web: 172.16.110.11

VLAN 11: 172.16.241.11

Router: 172.16.249.0/24

VLAN 110:
172.16.241.110
IP ca cc sever public
Edusoft: 172.16.11.12

BK domain:
172.16.11.10

Database:
172.16.11.11

VLAN 20: 172.16.241.20

VLAN 21: 172.16.241.21

VLAN 22: 172.16.241.22

77

3.11. Cu cc hnh thit b trong h thng mng

3.11.1. Cu hnh CoreSwitch 4506
sh run
Building configuration...
Current configuration : 9276 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
!
hostname TTHL-CoreSW
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$GzO2$6rdB6DLRJM9BHRzGa/3fy/
enable password 7 00001B120A7B07140C71141E5059
!
username admin privilege 15 secret 5 $1$RWbJ$wTD6JZujhOuhg94yHUro31
no aaa new-model
clock timezone UTC 7
ip subnet-zero
no ip domain-lookup
ip domain-name lrc-tnu.edu.vn
!
ip multicast-routing
!
!
!
!
!
power redundancy-mode redundant
no file verify auto
!
spanning-tree mode pvst
78

spanning-tree extend system-id

spanning-tree vlan 1,11,21-29 priority 24576
!
vlan internal allocation policy ascending
!
interface Port-channel1
switchport
switchport access vlan 2
switchport mode access
interface GigabitEthernet3/1
!
interface GigabitEthernet3/2
!
interface GigabitEthernet3/3
!
interface GigabitEthernet3/4
!
interface GigabitEthernet3/5
!
interface GigabitEthernet3/6
..
interface GigabitEthernet3/24
!
interface Vlan1
ip address 172.9.241.254 255.255.255.0
!
interface Vlan11
description VLAN server
ip address 172.16.11.1 255.255.255.0
ip pim dense-mode
!
interface Vlan20
description Vlan 20
ip address 172.16.20.1 255.255.255.0
ip helper-address 172.16.11.15
ip access-group Staff in
ip pim dense-mode
!
interface Vlan21
description Vlan 21
ip address 172.16.21.1 255.255.255.0
ip helper-address 172.16.11.15
ip access-group Student in
ip pim dense-mode
79

!
..
interface Vlan24
description Vlan 24
ip address 172.16.24.1 255.255.255.0
ip helper-address 172.16.11.15
ip pim dense-mode
!
router rip
version 2
network 172.0.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 172.16.248.2
ip http server
no ip http secure-server
!
ip access-list extended Staff
permit udp any any eq bootps
permit udp any any eq bootpc
permit pim any any
permit ip 172.16.25.0 0.0.0.255 172.16.110.0 0.0.0.255
permit ip 172.16.25.0 0.0.0.255 172.16.11.0 0.0.0.255
permit ip 172.16.25.0 0.0.0.255 172.16.21.0 0.0.0.255
permit ip 172.16.25.0 0.0.0.255 172.16.22.0 0.0.0.255
permit ip 172.16.25.0 0.0.0.255 172.16.23.0 0.0.0.255
permit ip 172.16.25.0 0.0.0.255 172.16.24.0 0.0.0.255
permit ip 172.16.25.0 0.0.0.255 172.16.241.0 0.0.0.255
permit icmp 172.16.25.0 0.0.0.255 any
deny ip any any
ip access-list extended Student
permit udp any any eq bootps
permit udp any any eq bootpc
permit ip 172.16.21.0 0.0.0.255 172.16.110.0 0.0.0.255
permit ip 172.16.21.0 0.0.0.255 172.16.11.0 0.0.0.255
permit ip 172.16.21.0 0.0.0.255 172.16.22.0 0.0.0.255
permit ip 172.16.21.0 0.0.0.255 172.16.23.0 0.0.0.255
permit ip 172.16.21.0 0.0.0.255 172.16.24.0 0.0.0.255
permit ip 172.16.21.0 0.0.0.255 172.16.241.0 0.0.0.255
permit icmp 172.16.21.0 0.0.0.255 any
deny ip any any
!
!
!
80

control-plane
!
line con 0
login local
stopbits 1
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
transport input telnet ssh
!
End

3.11.2. Cu hnh Firewall ASA 5510

sh run
: Saved
ASA Version 7.2(2)
!
hostname DHA-ASA5510
domain-name lrc-tnu.edu.vn
enable password jeAOvZvIA1LKyOvZ encrypted
names
!
interface Ethernet0/0 (sua thanh cong giga)
nameif outside
security-level 0
ip address 222.254.76.10 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.248.2 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 172.16.110.1 255.255.255.0
!
interface Ethernet0/3
shutdown
81

no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd jeAOvZvIA1LKyOvZ encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name lrc-tnu.edu.vn
access-list outside_in extended permit ip any any
access-list inside_in extended permit ip any any
access-list dmz_in extended permit ip any any
pager lines 24
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any DMZ
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 222.254.76.10
nat (inside) 1 172.16.0.0 255.255.0.0
access-group outside_in in interface outside
access-group inside_in in interface inside
access-group dmz_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 222.254.76.1 1
route inside 172.16.0.0 255.255.0.0 172.16.248.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
<--- More --->
http server enable
82

http 0.0.0.0 0.0.0.0 inside

snmp-server host inside 172.16.11.100 community abcbcbcbc
no snmp-server location
no snmp-server contact
snmp-server community dhtn2009
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:df793b193e213427cda58632e243c0bc
: end

3.11.3. Cu hnh Router 2811

sh run
Building configuration...
83

Current configuration : 1646 bytes

!
! No configuration change since last restart
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DHTN-R2811-WAN
!
boot-start-marker
boot-end-marker
!
card type e1 0 0
no logging console
!
no aaa new-model
!
resource policy
!
clock calendar-valid
no network-clock-participate wic 0
ip subnet-zero
!
!
ip cef
!
!
!
username admin privilege 15 secret 5 $1$FcRv$viXNF1Zal16u.QjgKSV.3.
!
!
controller E1 0/0/0
channel-group 0 unframed
!
controller E1 0/0/1
channel-group 0 unframed
!
!
interface Multilink6
ip address 10.254.254.2 255.255.255.252
ppp multilink
84

ppp multilink group 6

!
interface FastEthernet0/0
description Ket noi den CoreSW DH
ip address 172.16.249.2 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface Serial0/0/0:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 6
!
interface Serial0/0/1:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 6
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
ip classless
ip route 172.16.0.0 255.255.0.0 172.16.249.1
!
ip http server
!
!
control-plane
!
banner motd ^CChu y!-Chi danh cho che do nguoi quan tri^C
!
line con 0
exec-timeout 15 0
logging synchronous
85

line aux 0
line vty 0 4
password 7 02020C4F05261B2F591E51495D
login local
line vty 5 15
password 7 02020C4F05261B2F591E51495D
login local
!
scheduler allocate 20000 1000
!
End

3.11.4. Cu hnh cc acess switch 2960

sh run
Building configuration...
Current configuration : 4496 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname TTHL-SW18
!
enable secret 5 $1$faXf$7r60XVt0E/y3DkztfVZpu/
!
username cisco privilege 15 secret 5 $1$feho$2ov/FR/pPUi1PnqDWMqhl.
no aaa new-model
clock timezone UTC 7
ip subnet-zero
!
no ip domain-lookup
ip domain-name lrc-tnu.edu.vn
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
86

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause unicast-flood
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause loopback
errdisable recovery interval 60
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 25
switchport mode access
spanning-tree portfast
--More-interface FastEthernet0/3
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 25

87

switchport mode access

spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 25
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 21
switchport mode access
--More-!
interface FastEthernet0/14
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/15

spanning-tree portfast

88

switchport access vlan 21

switchport mode access
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
89

interface FastEthernet0/24
switchport access vlan 21
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 172.16.241.5 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.241.1 (tro den default gateway cua coreswitch 450)
ip http server
!
control-plane
!
!
line con 0
login local
line vty 0 4
login local
transport input telnet
line vty 5 15
login local
transport input telnet
!
end

Chng 4:

Tng kt
90

4.1. nh gi kt qu t c (kt qu chnh, nhng hn ch)

Qua thi gian 7 tun nghin cu v tm hiu, chng em c nhng kt qu t
c nh:

c tm hiu thm v cc thit b mng nh: Fire wall, Core switch,

Router, Accsess Switch.
M hnh chun ca cisco
Bit cu hnh c bn mt s thit b
Bit mt s cu lnh c bn
V nhng hn ch nh:
Cha lm c h thng mng c th
Cha th cu hnh chun cho cc thit b

4.2. Ti liu tham kho

1.
2.
3.
4.

Ti liu tham kho gm c:

CCNA ting vit
CCNA_full
Campus Networks
CCNA lab guide

91