Está en la página 1de 163

Tm hiu VPN v Cu hnh Camera IP

GVHD :Trng Quang Trung

LI CM N
n tt nghip l c kt qu trnh hc tp trong
nhng nm thng ti trng Cao ng K Thut Cao
Thng, t c kt qu nh hm nay, ngoi s phn
u ca tng thnh vin trong nhm thc hin l s quan
tm gip ca qu thy c ti trng, c bit l cc thy
c ti khoa in t tin hc. bn cnh l s chia s kinh
nghim t cc bn ti lp C TVT07B.
Qua y, nhm sinh vin thc hin chng em cng xin
gi li cm n chn thnh n thy TRNG QUANG
TRUNG ngi nht tnh gip chng em trong qu
trnh thc hin n ny.
Mt ln na, nhm xinh vin chng em xin chn thnh
cm n tt c mi ngi.
Nhm sinh vin thc hin:
Nguyn Hu Phc
Nguyn H Thanh
Phan Xun Thnh

n tt nghip
1

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

NHN XT CA GIO VIN HNG DN


..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
TPHCM, ngy ...... thng nm 2010
( Ch k ca gio vin )

n tt nghip
2

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

NHN XT CA GIO VIN PHN BIN


..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................

TPHCM, ngy ...... thng nm 2010


( Ch k ca gio vin )

n tt nghip
3

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

NHN XT CA HI NG BO V
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
..............................................................................................................................
TPHCM, ngy ...... thng nm 2010
( Ch k ca gio vin )

n tt nghip
4

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

MC LC
NHN XT CA GIO VIN HNG DN ............................................................. 2
NHN XT CA GIO VIN PHN BIN ................................................................ 3
NHN XT CA HI NG BO V........................................................................ 4
MC LC ....................................................................................................................... 5
LI M U.................................................................................................................. 8
PHN I GII THIU V MNG MY TNH............................................................. 9
CHNG I : KHI QUT V MNG MY TNH.................................................. 10
1.1. Mng my tnh l g? .......................................................................................... 10
1.2. u im ca mng my tnh .............................................................................. 10
1.3. Phn loi mng my tnh.................................................................................... 11
1.3.1. Phn loi mng theo khong cch a l :................................................... 11
1.3.2. Phn loi theo k thut chuyn mch: ........................................................ 11
1.3.3 Phn loi theo kin trc mng s dng:....................................................... 12
1.3.4. Phn loi theo h iu hnh mng : ............................................................ 12
1.3.5. Phn loi mng theo chc nng :................................................................. 13
1.3.6. Phn loi mng my tnh theo topo:............................................................ 13
CHNG II : M HNH OSI...................................................................................... 16
2.1. Khi nim............................................................................................................ 16
2.2. Nhim v cc tng trong m hnh OSI............................................................... 17
CHNG III : M HNH TCP/IP .............................................................................. 22
3.1. Tng qut v TCP/IP .......................................................................................... 22
3.1.1. Tng ng Dng (Application Layer) .......................................................... 22
3.1.2. Tng Giao Vn (Transport Layer) .............................................................. 22
3.1.3. Tng Lin Mng (Internet Layer) ............................................................... 22
3.1.4. Tng Giao Din Mng (Network Interface Layer) ..................................... 23
3.2. Giao thc TCP/UDP ........................................................................................... 24
3.2.1. TCP ( Transmission Control Protocol ) ...................................................... 24
3.2.2. UDP (User Datagram Protocol)................................................................... 26
3.3. Giao thc IP ( Internet Protocol ) ...................................................................... 28
3.3.1 Tng quan v giao thc IP............................................................................ 28
3.3.2. IPv4............................................................................................................... 29
3.3.2.1. Tng quan v a ch IP ......................................................................... 29
3.3.2.2. Cc khi nim v thut ng .................................................................. 30
3.3.2.3. Cc lp a ch ....................................................................................... 30
3.3.2.4. Bng tng kt......................................................................................... 32
3.3.2.5. a ch IP Public.................................................................................... 32
3.3.2.6. a ch IP Private .................................................................................. 33
3.4. NAT ( Network address translation )................................................................. 33
3.4.1. Khi nim v NAT........................................................................................ 33
3.4.2. Cc kiu NAT.............................................................................................. 34
PHN II : CAMERA IP................................................................................................ 36
CHNG I: TNG QUAN V CAMERA ................................................................. 37
1.1. Gii thiu v camera quan st........................................................................... 37
1.1.1 Phn loai camera quan st............................................................................ 37
1.1.1.1 Phn loi theo k thut hnh nh............................................................ 37
1.1.1.2 Phn loi Camera quan st theo k thut ng truyn...................... 39
1.1.1.3 Phn loi Camera qua st theo tnh nng s dng ............................... 41
1.1.2 Thng s c bn ca camera ........................................................................ 43
1.1.2.1 Camera quan st Indoor, Outdoor ........................................................ 43

n tt nghip
5

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1.1.2.2 IR Camera: Camera quan st hng ngoi............................................. 44


1.1.2.3 Cht lng hnh nh .............................................................................. 44
1.1.2.4 iu kin hot ng ............................................................................... 44
1.1.2.5 Gc quan st ........................................................................................... 45
1.1.2.6. Cc thng s khc.................................................................................. 39
1.2. S khi camera .............................................................................................. 39
1.3. B tch mu ........................................................................................................ 39
1.4. Thit b ghp din tch CCD (Charge Couple Device )...................................... 40
1.5. X l tn hiu....................................................................................................... 42
1.6. Gii thiu v Camera IP..................................................................................... 42
1.7. Cu trc Camera IP ........................................................................................... 43
1.8. Nguyn l hot ng ca IP Camera: ................................................................ 43
CHNG II : CU HNH V KHAI THC CAMERA IP....................................... 45
2.1. Datasheet Vivotek IP7135................................................................................... 45
2.2. Cu hnh Camera IP Vivotek IP7135 : .............................................................. 47
2.2.1. Kt ni vi camera ip :................................................................................. 47
2.2.2. ng nhp vo camera ip:........................................................................... 48
2.2.3. Cu hnh camera bng trnh duyt Web :................................................... 48
2.2.4. Cu hnh xem camera ip qua mng internet : ............................................ 53
2.2.5. Cu hnh xem camera ip qua mng LAN.................................................... 59
2.2.5.1.M hnh................................................................................................... 59
2.2.5.2.Cch thc hin........................................................................................ 60
2.3. Khai thc cc tnh nng ca camera ip qua phn mm Vivotek ST3402 v
playback :................................................................................................................... 68
2.3.1. Ci t phn mm :...................................................................................... 68
2.3.2. S dng chng trnh Monitor Vivotek ST3402 : ...................................... 69
2.3.3. Ci t camera :........................................................................................... 70
2.3.4. S dng chng trnh Playback for Vivotek ST3402 :............................... 76
2.4. Cc ng dng ca camera ip :............................................................................ 77
2.5. Kt lun :............................................................................................................. 80
PHN III : M NG RING O VPN.......................................................................... 81
CHNG I : VIRTUAL PRIVATE NETWORK ( VPN ).......................................... 82
1.1.Tm hiu VPN: ..................................................................................................... 82
1.1.1. nh ngha VPN:.......................................................................................... 82
1.1.2. Lch s pht trin ca VPN: ........................................................................ 83
1.1.3. Chc nng v u im ca VPN: ................................................................ 84
1.1.3.1 Chc nng ca VPN:.............................................................................. 84
1.1.3.2 u im: ................................................................................................. 85
1.1.3.3. Khuyt im: ......................................................................................... 85
1.2. Cc dng ca VPN :............................................................................................ 86
1.2.1. Remote Access VPN :................................................................................... 86
1.2.1.1. Cc thnh phn chnh ca Remote Access Network:........................... 87
1.2.1.2. u v khuyt im ca Remote Access VPN : ..................................... 88
1.2.2. VPN Site to Site (LAN to LAN ):................................................................. 89
1.2.2.1. Intranet VPN ( Mng VPN cc b ) : ................................................... 90
1.2.2.2. Extranet VPN (Mng VPN m rng ): ................................................. 91
1.3. C s k thut ng hm:................................................................................ 92
1.3.1. Cc thnh phn ca k thut ng hm :................................................. 93
1.3.2. Phn loi ng hm :................................................................................. 93
1.3.2.1. Voluntary Tunnels (ng hm ty ) : .............................................. 93
1.3.2.2. Compulsory Tunnels (ng hm cng bc ) :................................. 94

n tt nghip
6

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1.3.3. Giao thc ng hm :................................................................................ 95


1.3.4. Giao thc ng hm lp 2:........................................................................ 95
1.3.4.1. Giao thc im im (PPP Point to - Point Protocol ): ............... 96
1.3.4.2. Giao thc nh hng lp 2 (L2F Layer 2 Forwarding): ................. 98
1.3.4.3 Giao thc ng hm im im (PPTP Point to Point Tunneling
Protocol) :......................................................................................................... 100
1.3.4.4. Giao thc ng hm lp 2 (L2TP Layer 2 Tunneling Protocol) : 105
CHNG II : THIT LP M HNH VPN SERVER TRN WINDOWS 2003
.................................................................................................................................. 122
2.1. Xy dng mt Remote Access VPN : ............................................................... 122
2.1.1. Yu cu phn cng : .................................................................................. 122
2.1.2. Yu cu phn mm : .................................................................................. 122
2.1.3. M hnh Remote Access VPN : .................................................................. 122
2.1.4. Cc bc thc hin : .................................................................................. 123
2.2. Kt lun :........................................................................................................... 150
KT LUN.................................................................................................................. 151
THUT NG VIT TT ........................................................................................... 152
TI LIU THAM KHO ........................................................................................... 156

n tt nghip
7

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

LI M U
Trong thi i ngy nay Internet pht trin mnh c v m hnh ln cng
ngh, p ng cc nhu cu ca ngi dng. Internet c thit k kt ni nhiu
mng khc nhau v cho php thng tin c chuyn n ngi s dng mt cch t
do v nhanh chng m khng phi xem xt n my v mng m ngi ang s
dng. Vi Internet cc giao dch t xa, mua hng trc tuyn, t vn y t v nhiu
iu khc tr thnh hin thc. Tuy nhin Internet ph khp ton cu v khng
mt t chc, chnh ph c th no qun l nn rt kh khn trong vic bo mt, an
ton d liu cng nh qun l cc dch v. T ngi ta a mt m hnh
mng mi nhm tha mn cc nhu cu trn m vn c th tn dng c s h tng
hin c ca mng Internet, chnh l m hnh mng ring o (VPN Virtual
Private Network). Vi m hnh mng mi ny ngi ta khng phi u t nhiu
vo c s h tng m cc tnh nng bo mt, tin cy vn m bo ng thi vn
c th qun l c s hot ng ca mng ny. VPN c th cho php ngi dng
hot ng ti nh, trn ng i hay cc chi nhnh vn phng c th kt ni an ton
n my ch ca c quan mnh bng c s h tng c cung cp bi mng cng
cng. VPN m bo an ton thng tin gia cc i l, nh cung cp, cc i tc kinh
doanh vi nhau trong mi trng truyn thng rng ln. Trong nhiu trng hp
VPN cng ging nh WAN (Wide Area Network) nhng c tnh quyt nh ca
VPN chng c th s dng mng cng cng nh Internet m vn m bo c
tnh ring t v tit kim hn nhiu.
S pht trin nhanh chng ca cc dch v IP v s bng n ca Internet hin
i cho ra i hng lot cc ng dng mi i hi tnh n nh, hiu sut cao v c
th m rng cc p ng vi nhng yu cu trong tng lai. Vi s pht trin ca
Internet, vic truyn d liu thng tin khng cn l vn khong cch. Thit b IP
Camera vi s tch hp IP l mt trong nhng sn phm truyn d liu m thanh v
hnh nh kh tt. ng dng ca IP Camera kh rng ri trong thc t. Mt trong
nhng ng dng ca IP Camera kh ph bin trong nhng nm gn y l dng
trong an ninh, giam st. y l mt vn kh hay v mi m.

n tt nghip
8

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

PHN I : GII THIU V MNG


MY TNH

n tt nghip
9

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

CHNG I : KHI QUT V MNG MY TNH


1.1. Mng my tnh l g?

Hnh 1 Mng my tnh trong ni b doanh nghip


Mng my tnh l h thng cc my tnh c lp c kt ni vi nhau thng
qua cc ng truyn vt l v tun theo cc quy c truyn thng no .
Khi nim my tnh c lp y c ngha l cc my tnh khng c my no
c kh nng khi ng hoc nh ch mt my khc.
Cc ng truyn vt l c hiu l cc mi trng truyn tn hiu vt l (c
th l hu tuyn hoc v tuyn nh dy dn, tia Laser, sng ngn, v tinh nhn
to...).
Cc quy c truyn thng chnh l c s cc my tnh c th ni chuyn
c vi nhau v l mt yu t quan trng hng u khi ni v cng ngh mng
my tnh.
1.2. u im ca mng my tnh
S dng chung ti nguyn: chng trnh, d liu, thit b....
Tng tin cy ca h thng thng tin: Nu mt my tnh hay mt n v
d liu no trong mng b hng th lun c th s dng mt my tnh khc hay
mt bn sao ca n v d liu.
Tit kim chi ph.
Qun l tp trung
To ra mi trng truyn thng mnh gia nhiu ngi s dng trn phm

n tt nghip
10

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

vi a l rng. Mc tiu ny ngy cng tr nn quan trng.


1.3. Phn loi mng my tnh
C nhiu cch phn loi mng khc nhau tu thuc vo yu t chnh c
chn dng lm ch tiu phn loi, thng thng ngi ta phn loi mng theo
cc tiu ch nh sau :

Khong cch a l ca mng

K thut chuyn mch m mng p dng

Kin trc mng

H iu hnh mng s dng ...

1.3.1. Phn loi mng theo khong cch a l :


Nu ly khong cch a l lm yu t phn loi mng th ta c mng cc b,
mng th, mng din rng, mng ton cu.
Mng cc b ( LAN - Local Area Network ) : l mng c ci t trong
phm vi tng i nh hp nh trong mt to nh, mt x nghip...vi khong
cch ln nht gia cc my tnh trn mng trong vng vi km tr li.
Mng th ( MAN - Metropolitan Area Network ) : l mng c ci t
trong phm vi mt th, mt trung tm vn ho x hi, c bn knh ti a khong
100 km tr li.
Mng din rng ( WAN - Wide Area Network ) : l mng c din tch bao
ph rng ln, phm vi ca mng c th vt bin gii quc gia
thm ch c lc a.
Mng ton cu ( GAN - Global Area Network ): l mng c phm vi tri
rng ton cu.
1.3.2. Phn loi theo k thut chuyn mch:
Nu ly k thut chuyn mch lm yu t chnh phn loi s c: mng
chuyn mch knh, mng chuyn mch thng bo v mng chuyn mch gi.
Mch chuyn mch knh (circuit switched network) : Khi c hai thc th cn
truyn thng vi nhau th gia chng s thit lp mt knh c nh v duy tr kt
ni cho ti khi hai bn ngt lin lc. Cc d liu ch truyn i theo con ng
c nh . Nhc im ca chuyn mch knh l tiu tn thi gian thit lp
knh truyn c nh v hiu sut s dng mng khng cao.

n tt nghip
11

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Mng chuyn mch thng bo (message switched network) : Thng bo l


mt n v d liu ca ngi s dng c khun dng c quy nh trc. Mi
thng bo c cha cc thng tin iu khin trong ch r ch cn truyn ti ca
thng bo. Cn c vo thng tin iu khin ny m mi nt trung gian c th
chuyn thng bo ti nt k tip trn con ng dn ti ch ca thng bo. Nh
vy mi nt cn phi lu gi tm thi c thng tin iu khin trn thng bo,
nu thy thng bo khng gi cho mnh th tip tc chuyn tip thng bo i. Tu
vo iu kin ca mng m thng bo c th c chuyn i theo nhiu con
ng khc nhau.
Mng chuyn mch gi ( packet switched network ): y mi thng bo
c chia thnh nhiu gi nh hn c gi l cc gi tin (packet) c khun dng
quy nh trc. Mi gi tin cng c cha cc thng tin iu khin, trong a
ch ngun (ngi gi) v a ch ch (ngi nhn) ca gi tin. Cc gi tin ca
cng mt thng bo c th c gi i qua mng ti ch theo nhiu con ng
khc nhau.
1.3.3 Phn loi theo kin trc mng s dng:
Kin trc ca mng bao gm hai vn : hnh trng mng ( network topology)
v giao thc mng ( network protocol ).
Hnh trng mng: Cch kt ni cc my tnh vi nhau v mt hnh hc m ta
gi l t p ca mng
Giao thc mng: Tp hp cc quy c truyn thng gia cc thc th truyn
thng m ta gi l giao thc (hay nghi thc) ca mng. Khi phn loi theo topo
mng ngi ta thng c phn loi thnh: mng hnh sao, trn, tuyn tnh. Phn loi
theo giao thc m mng s dng ngi ta phn loi thnh mng : TCPIP, mng
NETBIOS . .. Tuy nhin cch phn loi trn khng ph bin v ch p dng cho cc
mng cc b.
1.3.4. Phn loi theo h iu hnh mng :
Nu phn loi theo h iu hnh mng ngi ta chia ra theo m hnh mng
ngang hng, mng khch/ch hoc phn loi theo tn mng iu hnh m mng s
dng: Windows NT, Unix, Novell.
Tuy nhin trong thc t ngi ta thng ch phn loi theo hai tiu ch u
tin.

n tt nghip
12

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1.3.5. Phn loi mng theo chc nng :


Mng Client-Server: mt hay mt s my tnh c thit lp cung cp cc
dch v nh file server, mail server, Web server, Printer server Cc my tnh
c thit lp cung cp cc dch v c gi l Server, cn cc my tnh truy
cp v s dng dch v th c gi l Client
Mng ngang hng (Peer-to-Peer): cc my tnh trong mng c th hot ng
va nh mt Client va nh mt Server.
Mng kt hp: Cc mng my tnh thng c thit lp theo c hai chc
nng Client-Server v Peer-to-Peer.
1.3.6. Phn loi mng my tnh theo topo:
Mng dng hnh sao (Star topology): dng hnh sao, tt c cc trm c ni
vo mt thit b trung tm c nhim v nhn tn hiu t cc trm v chuyn tn
hiu n trm ch vi phng thc kt ni l phng thc "im - im".

Hnh 2 Mng dng hnh sao


Mng hnh tuyn (Bus Topology): Trong dng hnh tuyn, cc my tnh u
c ni vo mt ng dy truyn chnh (bus). ng truyn chnh ny c gii
hn hai u bi mt loi u ni c bit gi l terminator (dng nhn bit l u
cui kt thc ng truyn ti y). Mi trm c ni vo bus qua mt u ni
ch T (T_connector) hoc mt b thu pht (transceiver).

n tt nghip
13

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 3 Mng hnh bus


Mng dng vng (Ring Topology): Cc my tnh c lin kt vi nhau thnh
mt vng trn theo phng thc "im - im", qua mi mt trm c th nhn
v truyn d liu theo vng mt chiu v d liu c truyn theo tng gi mt

Hnh.4 Mng hnh Ring


Mng dng kt hp: trong thc t tu theo yu cu v mc ch c th ta c th
thit k mng kt hp cc dng sao, vng, tuyn tn dng cc im mnh ca
mi dng

n tt nghip
14

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 5 Mng kt hp

n tt nghip
15

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

CHNG II : M HNH OSI


2.1. Khi nim

M hnh OSI (Open Systems Interconnection Reference Model, vit ngn l OSI
Model hoc OSI Reference Model) - l M hnh tham chiu kt ni cc h thng
m - l mt thit k da vo nguyn l tng cp, l gii mt cch tru tng k
thut kt ni truyn thng gia cc my vi tnh v thit k giao thc mng gia
chng. M hnh ny c pht trin thnh mt phn trong k hoch kt ni h thng
m (Open Systems Interconnection) do ISO v IUT-T khi xng. N cn c gi
l M hnh by tng ca OSI.

Hnh 6 M hnh OSI

n tt nghip
16

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

2.2. Nhim v cc tng trong m hnh OSI


Tng 7: Tng ng dng (Application layer)
Tng ng dng l tng gn vi ngi s dng nht. N cung cp phng
tin cho ngi dng truy nhp cc thng tin v d liu trn mng thng qua chng
trnh ng dng. Tng ny l giao din chnh ngi dng tng tc vi chng
trnh ng dng, v qua vi mng. Mt s v d v cc ng dng trong tng ny
bao gm Telnet, Giao thc truyn tp tin FTP v Giao thc truyn th int SMTP

Hnh 7 Tng ng dng


Tng 6: Tng trnh din (Presentation layer)
Tng trnh din bin i d liu cung cp mt giao din tiu chun cho
tng ng dng. N thc hin cc tc v nh m ha d liu sang dng MIME, nn
d liu, v cc thao tc tng t i vi biu din d liu trnh din d liu theo
nh cch m chuyn vin pht trin giao thc hoc dch v cho l thch hp. Chng
hn: chuyn i tp vn bn t m EBCDIC sang mASCII, hoc tun t
ha cc i tng (object serialization) hoc cc cu trc d liu (data structure)

n tt nghip
17

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 8 Tng trnh din


Tng 5: Tng phin (Session layer)
Tng phin kim sot cc (phin) hi thoi gia cc my tnh. Tng ny
thit lp, qun l v kt thc cc kt ni gia trnh ng dng a phng v trnh
ng dng xa. Tng ny cn h tr hot ng song cng (duplex) hoc bn song
cng (half-duplex) hoc n cng (Single) v thit lp cc qui trnh nh du im
hon thnh (checkpointing) - gip vic phc hi truyn thng nhanh hn khi c li
xy ra, v im hon thnh c nh du - tr hon (adjournment), kt thc
(termination) v khi ng li (restart).
M hnh OSI u nhim cho tng ny trch nhim "ngt mch nh nhng"
(graceful close) cc phin giao dch (mt tnh cht ca giao thc kim sot giao
vn TCP) v trch nhim kim tra v phc hi phin, y l phn thng khng
c dng n trong b giao thc TCP/IP.
Tng 4: Tng giao vn (Transport Layer)
Tng giao vn cung cp dch v chuyn dng chuyn d liu gia cc
ngi dng ti u cui, nh cc tng trn khng phi quan tm n vic cung
cp dch v truyn d liu ng tin cy v hiu qu. Tng giao vn kim sot tin
cy ca mt kt ni c cho trc. Mt s giao thc c nh hng trng thi v
kt ni (state and connection orientated). C ngha l tng giao vn c th theo di
cc gi tin v truyn li cc gi b tht bi.

n tt nghip
18

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Mt v d in hnh ca giao thc tng 4 l TCP. Tng ny l ni cc thng


ip c chuyn sang thnh cc gi tin TCP hoc UDP. tng 4 a ch c
nh l address ports, thng qua address ports phn bit c ng dng trao i.

Hnh 9 Tng giao vn


Tng 3: Tng mng (Network Layer)
Tng mng cung cp cc chc nng v qui trnh cho vic truyn cc chui
d liu c di a dng, t mt ngun ti mt ch, thng qua mt hoc nhiu
mng, trong khi vn duy tr cht lng dch v (quality of service) m tng giao vn
yu cu.
Tng mng thc hin chc nng nh tuyn, .Cc thit b nh
tuyn (router) hot ng ti tng ny gi d liu ra khp mng m rng, lm cho
lin mng tr nn kh thi. y l mt h thng nh v a ch lgic (logical
addressing scheme) cc gi tr c chn bi k s mng. H thng ny c cu
trc ph h. V d in hnh ca giao thc tng 3 l giao thc IP.

Hnh 10 Tng mng


Tng 2: Tng lin kt d liu (Data Link Layer)
Tng lin kt d liu cung cp cc phng tin c tnh chc nng v quy
trnh truyn d liu gia cc thc th mng, pht hin v c th sa cha cc li

n tt nghip
19

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

trong tng vt l nu c. Cch nh a ch mang tnh vt l, ngha l a ch (a


ch MAC) c m ha cng vo trong cc th mng (network card) khi chng
c sn xut. H thng xc nh a ch ny khng c ng cp (flat scheme).
Ch : V d in hnh nht l Ethernet. Nhng v d khc v cc giao thc
lin kt d liu (data link protocol) l cc giao thc HDLC; ADCCP dnh cho cc
mng im-ti-im hoc mng chuyn mch gi (packet-switched networks) v
giao thc Aloha cho cc mng cc b. Trong cc mng cc b theo tiu chun IEEE
802, v mt s mng theo tiu chun khc, chng hn FDDI, tng lin kt d liu c
th c chia ra thnh 2 tng con: tng MAC (Media Access Control - iu khin
Truy nhp ng truyn) v tng LLC (Logical Link Control - iu khin Lin kt
Lgic) theo tiu chun IEEE 802.2.
Tng lin kt d liu chnh l ni cc cu ni (bridge) v cc thit b
chuyn mch (switches) hot ng. Kt ni ch c cung cp gia cc nt mng
c ni vi nhau trong ni b mng. Tuy nhin, c lp lun kh hp l cho rng
thc ra cc thit b ny thuc v tng 2,5 ch khng hon ton thuc v tng 2.

Hnh 11 Tng lin kt d liu


Tng 1: Tng vt l (Physical Layer)
Tng vt l nh ngha tt c cc c t v in v vt l cho cc thit b.
Trong bao gm b tr ca cc chn cm (pin), cc hiu in th, v cc c t
v cp ni (cable). Cc thit b tng vt l bao gm Hub, b lp (repeater), thit b
tip hp mng (network adapter) v thit b tip hp knh my ch (Host Bus
Adapter)- (HBA dng trong mng lu tr (Storage Area Network)). Chc nng v
dch v cn bn c thc hin bi tng vt l bao gm:
- Thit lp hoc ngt mch kt ni in (electrical connection) vi
mt phng tin truyn thng (transmission medium).

n tt nghip
20

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

- Tham gia vo quy trnh m trong cc ti nguyn truyn thng c chia


s hiu qu gia nhiu ngi dng. Chng hn gii quyt tranh chp ti
nguyn (contention) v iu khin lu lng.
- iu bin (modulation), hoc bin i gia biu din d liu s (digital
data) ca cc thit b ngi dng v cc tn hiu tng ng c truyn
qua knh truyn thng (communication channel).
Cp (bus) SCSI song song hot ng tng cp ny. Nhiu tiu chun khc
nhau ca Ethernet dnh cho tng vt l cng nm trong tng ny; Ethernet nhp
tng vt l vi tng lin kt d liu vo lm mt. iu tng t cng xy ra i vi
cc mng cc b nh Token ring, FDDI v IEEE 802.11.

Hnh 12 Tng vt l

n tt nghip
21

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

CHNG III : M HNH TCP/IP


3.1. Tng qut v TCP/IP
TCP/IP l vit tt ca Transmission Control Protocol (Giao thc iu Khin
Truyn Thng) / Internet Protocol (Giao thc Internet).
cho cc my tnh trao i d liu vi nhau TCP/IP s dng m hnh truyn
thng 4 tng hay cn gi l M Hnh DoD (M hnh ca B Quc Phng M). Cc
tng trong m hnh ny l (Theo th t t trn xung):
+ Tng ng Dng (Application Layer).
+ Tng Giao Vn (Transport Layer).
+ Tng Lin Mng (Internet Layer).
+ Tng Giao Din Mng (Network Interface Layer).
Mi giao thc ca H TCP/IP u thuc 1 trong cc tng ny. Ta s cng tm
hiu tng tng .
3.1.1. Tng ng Dng (Application Layer)
Gm nhiu giao thc cung cp cho cc ng dng ngi dng. c s dng
nh dng v trao i thng tin ngi dng. 1 s giao thc thng dng trong tng
nyl:
+ DHCP (Dynamic Host Configuration Protocol): Giao Thc Cu Hnh
Hostng.
+ DNS (Domain Name System): H Thng Tn Min
+ SNMP (Simple Network Management Protocol): Giao Thc Qun L
Mng n Gin.
+ FTP (File Transfer Protocol): Giao Thc Truyn Tp Tin.
+ TFTP (Trivial File Transfer Protocol): Giao Thc Truyn Tp Tin Bnh
Thng .
+ SMTP (Simple Mail Transfer Protocol): Giao Thc Truyn Th n
Gin .
3.1.2. Tng Giao Vn (Transport Layer)
C trch nhim thit lp phin truyn thng gia cc my tnh v quy nh
cch

truyn

liu.

giao

thc

chnh

trong

tng

ny

gm:

n tt nghip
22

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

+ UDP (User Datagram Protocol): Cn gi l Giao Thc Gi Ngi


Dng. UDP cung cp cc knh truyn thng phi kt ni nn n khng m bo
truyn d liu 1 cch tin cy. Cc ng dng dng UDP thng ch truyn nhng gi
c kch thc nh, tin cy d liu ph thuc vo tng ng dng .
+ TCP (Transmission Control Protocol): Ngc li vi UDP, TCP cung
cp cc knh truyn thng hng kt ni v m bo truyn d liu 1 cch tin cy.
TCP thng truyn cc gi tin c kch thc ln v yu cu pha nhn xc nhn v
cc

gi

tin

nhn.

3.1.3. Tng Lin Mng (Internet Layer)


Nm bn trn tng giao din mng. Tng ny c chc nng gn a ch, ng
gi v nh tuyn (Route) d liu. 4 giao thc quan trng nht trong tng ny gm:
+ IP (Internet Protocol): C chc nng gn a ch cho d liu trc khi
truyn v nh tuyn chng ti ch.
+ ARP (Address Resolution Protocol): C chc nng bin dch a ch IP
ca my ch thnh a ch MAC.
+ ICMP (Internet Control Message Protocol): C chc nng thng bo li
trong trng hp truyn d liu b hng.
+ IGMP (Internet Group Management Protocol): C chc nng iu khin
truyn a hng (Multicast)
3.1.4. Tng Giao Din Mng (Network Interface Layer)
Tng Giao Din Mng c trch nhim a d liu ti v nhn d liu t phng
tin truyn dn. Tng ny gm cc thit b phn cng vt l chng hn nh Card
Mng v Cp Mng.
1 Card Mng chng hn card Ethernet cha 1 s HEX 12 k t (00-18-37-03C0-F4) c gi l a Ch MAC (Media Access Control) hay a Ch Truy Nhp
Phng Tin . MAC ng vai tr quan trng trong vic gn a ch v truyn d
liu.
Mt s giao thc tiu biu thuc tng ny gm :
+ ATM (Asynchronous Transfer
+ Ethernet
+ Token Ring

n tt nghip
23

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

+ FDDI (Fiber Distributed Data Interface)


+ Frame Relay

Hnh 13 Khi qut v m hnh TCP/IP


3.2. Giao thc TCP/UDP
3.2.1. TCP ( Transmission Control Protocol )
Giao thc TCP (Transmission Control Protocol - "Giao thc iu khin
truyn vn") l mt trong cc giao thc ct li ca b giao thc TCP/IP. S dng
TCP, cc ng dng trn cc my ch c ni mng c th to cc "kt ni" vi
nhau, m qua chng c th trao i d liu hoc cc gi tin. Giao thc ny m
bo chuyn giao d liu ti ni nhn mt cch ng tin cy v ng th t. TCP
cn phn bit gia d liu ca nhiu ng dng.
thit lp mt kt ni, TCP s dng mt quy trnh bt tay 3 bc (3-way
handshake) Trc khi client th kt ni vi mt server, server phi ng k mt
cng v m cng cho cc kt ni: y c gi l m b ng. Mt khi m b
ng c thit lp th mt client c th bt u m ch ng. thit lp mt
kt ni, quy trnh bt tay 3 bc xy ra nh sau:

n tt nghip
24

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

- Client yu cu m cng dch v bng cch gi gi tin SYN (gi


tin TCP) ti server, trong gi tin ny, tham s sequence number c gn cho mt
gi tr ngu nhin X.
- Server hi p bng cch gi li pha client bn tin SYN-ACK, trong
gi tin ny, tham s acknowledgment number c gn gi tr bng X + 1, tham
s sequence number c gn ngu nhin mt gi tr Y
- hon tt qu trnh bt tay ba bc, client tip tc gi ti server bn
tin ACK, trong bn tin ny, tham s sequence number c gn cho gi tr bng X
+ 1 cn tham sacknowledgment number c gn gi tr bng Y + 1
Ti thi im ny, c client v server u c xc nhn rng, mt kt ni c
thit lp.
Cu trc gi tin:
+

Bt 0 - 3

4-9

10 - 15

Source Port

32

Sequence Number

64

Acknowledgement Number

96

Data
Offset

128

Checksum

160

Options (optional)

16 - 31
Destination Port

Reserved

Flags

Window
Urgent Pointer

160/192+

Data

Hnh 14 Cu trc gi tin TCP


Mt gi tin TCP bao gm 2 phn
Header
D liu
Phn header c 11 trng trong 10 trng bt buc. Trng th 11 l
ty chn (trong bng minh ha c mu nn ) c tn l: options
ngha cc header trong TCP :
Source port : S hiu ca cng ti my tnh gi.
Destination port : S hiu ca cng ti my tnh nhn.

n tt nghip
25

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Sequence number : Trng ny c 2 nhim v. Nu c SYN bt th


n l s th t gi ban u v byte u tin c gi c s th t ny cng
thm 1. Nu khng c c SYN th y l s th t ca byte u tin.
Acknowledgement number : Nu c ACK bt th gi tr ca trng
chnh l s th t gi tin tip theo m bn nhn cn.
Data offset : Trng c di 4 bt qui nh di ca phn header
(tnh theo n v t 32 bt). Phn header c di ti thiu l 5 t (160
bit) v ti a l 15 t (480 bt).
Reserved : Dnh cho tng lai v c gi tr l 0.
Flags (hay Control bits)
Bao gm 6 c:
URG : C cho trng Urgent pointer
ACK : C cho trng Acknowledgement
PSH : Hm Push
RST : Thit lp li ng truyn
SYN : ng b li s th t
FIN : Khng gi thm s liu
Window : S byte c th nhn bt u t gi tr ca trng bo nhn
(ACK)
Checksum : 16 bt kim tra cho c phn header v d liu
3.2.2. UDP (User Datagram Protocol)
L mt trong nhng giao thc ct li ca giao thc TCP/IP. Dng UDP,
chng trnh trn mng my tnh c th gi nhng d liu ngn c gi
l datagram ti my khc. UDP khng cung cp s tin cy v th t truyn nhn
m TCP lm; cc gi d liu c th n khng ng th t hoc b mt m khng
c thng bo. Tuy nhin UDP nhanh v hiu qu hn i vi cc mc tiu nh kch
thc nh v yu cu kht khe v thi gian.
Cu trc gi tin:
UDP l giao thc hng thng ip nh nht ca tng giao vn hin c
m t trong RFC 768 ca IETF.

n tt nghip
26

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Trong b giao thc TCP/IP, UDP cung cp mt giao din rt n gin


gia tng mng bn di (th d, IPv4) v tng phin lm vic hoc tng ng
dng pha trn.
UDP khng m bo cho cc tng pha trn thng ip c gi i v
ngi gi cng khng c trng thi thng ip UDP mt khi c gi (V l do
ny i khi UDP cn c gi lUnreliable Datagram Protocol).
UDP ch thm cc thng tin multiplexing v giao dch. Cc loi thng tin
tin cy cho vic truyn d liu nu cn phi c xy dng cc tng cao hn.
+

Bits 0 - 15

16 - 31

Source Port

Destination Port

32

Length

Checksum

64

Data

Hnh 15 Cu trc gi tin UDP


Phn header ca UDP ch cha 4 trng d liu, trong c 2 trng l
ty chn ( nn trong bng).
Source port
Trng ny xc nh cng ca ngi gi thng tin v c ngha
nu mun nhn thng tin phn hi t ngi nhn. Nu khng dng n th t n
bng 0.
Destination port
Trng xc nh cng nhn thng tin, v trng ny l cn thit.
Length
Trng c di 16 bit xc nh chiu di ca ton b datagram:
phn header v d liu. Chiu di ti thiu l 8 byte khi gi tin khng c d liu, ch
c header.
Checksum

n tt nghip
27

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Trng checksum 16 bit dng cho vic kim tra li ca phn


header v d liu.
3.3. Giao thc IP ( Internet Protocol )
3.3.1 Tng quan v giao thc IP
L mt giao thc hng d liu c s dng bi cc my ch ngun v ch
truyn d liu trong mt lin mng chuyn mch gi.D liu trong mt lin mng
IP c gi theo cc khi c gi l cc gi (packet hoc datagram). C th, IP
khng cn thit lp cc ng truyn trc khi mt my ch gi cc gi tin cho mt
my khc m trc n cha tng lin lc vi.
Giao thc IP cung cp mt dch v gi d liu khng m bo (cn gi l c
gng cao nht), ngha l n hu nh khng m bo g v gi d liu. Gi d liu c
th n ni m khng cn nguyn vn, n c th n khng theo th t (so vi cc
gi khc c gi gia hai my ngun v ch ), n c th b trng lp hoc b
mt hon ton.

Hnh 16 Cu trc gi tin IP


- Version : ch ra phin bn hin hnh ca IP ang c dng, c 4 bit. Nu
trng ny khc vi phin bn IP ca thit b nhn, thit b nhn s t chi v
loi b cc gi tin ny.

n tt nghip
28

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

- IP Header Length (HLEN) : Ch ra chiu di ca header theo cc t 32 bit.


y l chiu di ca tt cc cc thng tin Header.
- Type Of Services (TOS): Ch ra tm quan trng c gn bi mt giao
thc lp trn c bit no , c 8 bit.
- Total Length : Ch ra chiu di ca ton b gi tnh theo byte, bao gm d
liu v header,c 16 bit.. bit chiu di ca d liu ch cn ly tng chiu di ny
tr i HLEN.
- Identification : Cha mt s nguyn nh danh hin hnh, c 16 bit. y l
ch s tun t.
- Flag : Mt field c 3 bit, trong c 2 bit c th t thp iu khin s phn
mnh. Mt bit cho bit gi c b phn mnh hay khng v gi kia cho bit gi c
phi l mnh cui cng ca chui gi b phn mnh hay khng.
- Fragment Offset : c dng ghp cc mnh Datagram lai vi nhau,
c 13 bit.
- Time To Live (TTL) : Ch ra s bc nhy (hop) m mt gi c th i
qua.Con s ny s gim i mt khi mt gi tin i qua mt router. Khi b m t ti
0 gi ny s b loi. y l gii php nhm ngn chn tnh trng lp vng v hn
ca gi no .
- Protocol : Ch ra giao thc lp trn, chng hn nh TCP hay UDP, tip
nhn cc gi tin khi cng on x l IP hon tt, c 8 bit.
- Header CheckSum : Gip bo dm s ton vn ca IP Header, c 16 bit.
- Source Address : Ch ra a ch ca node truyn diagram, c 32 bit.
- Destination Address : Ch ra a ch IP ca Node nhn, c 32 bit.
- Padding : Cc s 0 c b sung vo field ny m bo IP Header lun
la bi s ca 32 bit.
- Data : Cha thng tin lp trn, chiu di thay i n 64Kb.
3.3.2. IPv4
3.3.2.1. Tng quan v a ch IP
L a ch c cu trc,c chia lm 2 hoc 3 phn : network_id & host_id
hoc network_id & subnet_id & host_id.
L mt con s c kch thc 32 bit c chia thnh bn phn, mi phn gm 8
bit, gi l octet hoc byte. C cc c cc cch trnh by sau:

n tt nghip
29

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

K php thp phn c du chm. V d: 172.16.256.56

K php nh phn. V d : 10101011 11111111 00010110 10110001

K php thp lc phn. V d AC 20 BD EF

Khng gian a ch IP gm 232 bit c chia thnh nhiu lp. l cc lp


A,B,C,D,E; trong cc lp A,B,C dung t cho cc host trn mng internet,lp
D dung cho cc nhm multicast,lp E dung nghin cu.
3.3.2.2. Cc khi nim v thut ng
Network_id: l gi tr xc nh mng. Trong s 32 bit dng lm a
ch IP th s c mt s bit u tin dung xc nh network_id.
Host_id: l gi tr xc nh host trong mng. Trong s 32 bit dng lm a
ch IP th s c mt s bit cui dng xc nh host_id.
a ch host: l a ch IP, c th t cho cc interface ca host.
Mng ( network ): mt nhm gm nhiu host kt ni vi nhau.
a ch mng ( network address ): l a ch IP dng t cho cc
mng, phn host_id ca a ch ch cha cc bit 0.
Mng con ( subnet network ): l mng c c khi mt a ch mng
c phn chi nh hn, c xc nh nh vo a ch IP v subnet mask.
a ch broadcast: l a ch IP dng i din cho tt c cc host trong
mng.
Mt n mng ( network mask ):l con s di 32 bit , l phng tin
xc nh c a ch mng ca mt a ch IP.
Mt n mc nh ca lp A: 255.0.0.0
Mt n mc nh ca lp B: 255.255.0.0
Mt n mc nh ca lp C: 255.255.255.0
3.3.2.3. Cc lp a ch
a). Lp A
Dnh 1 byte cho phn network_id v 3 byte cho phn host_id.

Network_id

Host_id

n tt nghip
30

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

nhn din ra lp A bit u tin ca byte u tin phi l bit 0.


7 bit cn li trong byte th nht dnh cho a ch mng.
3 byte cn li c 24 bit dnh cho a ch ca my ch.
Vng a ch s dng l: 0 127.
Network_id: 128 mng t 0.0.0.0 n 127.0.0.0
Host_id: 16.777.214 my ch trn mt mng.
b). Lp B
Dnh 2 byte cho phn network_id v 2 byte cho phn host_id.

Network_id

Host_id

nhn din ra lp B byte u tin lun phi bt u bng 2 bit 10.


14

bit

cn

li

trong

byte

dnh

cho

ch

mng.

2 byte cn li c 16 bit dnh cho a ch ca my ch.


Vng a ch s dng l: 128 191.
Network_id: 16384 mng t 128.0.0.0 n 191.0.0.0
Host_id: 65534 my ch trn mt mng
c) Lp C
Dnh 3 byte cho phn network_id v 1 byte cho phn host_id.

Network_id

Host_id

nhn din ra lp C byte u tin lun phi bt u bng 3 bit 110


21

bit

cn

li

trong

byte

dnh

cho

ch

mng.

1 byte cn li c 16 bit dnh cho a ch ca my ch.


Vng a ch s dng l: 192 223.
Network_id: 2097152 mng t 192.0.0.0 n 223.0.0.0
Host_id: 254 my ch trn mt mng

n tt nghip
31

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

d) Lp D v E
Cc a ch c byte u tin trong khong 224 n 255 l cc a ch thuc
lp D v E. Do cc lp ny khng s dng nh a ch nn khng trnh by.
3.3.2.4. Bng tng kt
Lp A

Lp B

Lp C

128-191

192-223

255.0.0.0

255.255.0.0

255.255.255.0

Broadcast

XX.255.255.255

XX.XX.255.255

XX.XX.XX.255.255

Netwok

XX.0.0.0

XX.XX.0.0

XX.XX.XX.0

128

16.384

2.097.152

host 16.777.214

65.534

254

trn

mi

Gi tr ca 0-127
byte

tin
S

byte 1

phn
Network_id
S

byte 2

phn
Host_id
Network
mask

address
S mng

mng
Hnh 17 Bng tng kt
3.3.2.5. a ch IP Public
IP Public l nhng a ch IP nh tuyn c (s dng trn internet).

n tt nghip
32

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 18 Khong a ch IP Public


3.3.2.6. a ch IP Private
IP Private l nhng a ch IP khng nh tuyn c cc di IP ny phi
qua c ch NAT ip ca modem ADSL hoc router mi dng c Internet.

Hnh 19 Khong a ch IP Private


3.4. NAT ( Network address translation )
3.4.1. Khi nim v NAT

Hnh 20 V d v NAT
Dch a ch l thay th a ch thc trong mt packet thnh a ch c
nh x c kh nng nh tuyn trn mng ch. Nat gm c 2 bc: mt tin trnh

n tt nghip
33

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

dch a ch thc thnh a ch nh x v mt tin trnh dch ngc tr li. PIX


Firewall s dch a ch khi mt lut Nat kt hp vi packet. Nu khng c s kt hp
vi lut Nat th tin trnh x l packet c tip tc. Ngoi l l khi kch hot Nat
control. Nat control yu cu cc packets t mt interface c mc an ninh cao hn
(inside) n mt interface c mc an ninh thp hn (outside) kt hp vi mt lut Nat
hoc cc packets phi dng li.
Nat c mt s li ch nh sau:
Bn c th s dng cc a ch ring trn mng inside. Cc
a ch ny khng c nh tuyn trn Internet
Nat n a ch thc ca mt host thuc mng inside trc cc
mng khc v vy cc attacker khng th hc c a ch thc ca mt host inside
C th gii quyt vn chng cho a ch IP.
3.4.2. Cc kiu NAT
a) Dynamic NAT
Dynamic Nat dch mt nhm cc a ch thc thnh mt di cc a ch
c nh x v c kh nng nh tuyn trn mng ch. Cc a ch c nh x c th
t hn cc a ch thc. Khi mt host mun dch a ch khi truy cp vo mng ch
th PIX s gn cho n mt a ch trong di a ch c nh x. Translation ch
c thm vo khi host thc khi to kt ni. Translation c duy tr trong sut qu
trnh kt ni. Ngi s dng khng th gi c a ch IP khi Translation time out (ht
thi gian). Ngi s dng trn mng ch khng th khi to kt ni n host m s dng
dynamic Nat thm ch kt ni ny c php bi access list. (ch c th khi to kt ni
trong sut translation).

n tt nghip
34

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

b) PAT
PAT dch mt nhm cc a ch thc thnh mt a ch c nh x. c
bit, PAT dch a ch thc v port ngun (real socket) thnh a ch c nh x v mt
port duy nht (mapped port) ln hn 1024. Mi mt kt ni yu cu mt translation
ring bit bi v port ngun l khc nhau cho mi kt ni.
c) Static NAT
Static NAT to mt translation c nh ca mt (hoc nhiu) a ch
thc n mt (hoc nhiu) a ch c nh x. i vi Dynamic NAT hoc PAT th mi
host s s dng a ch hoc cng khc nhau cho mi translation. Bi v a ch c nh
x l nh nhau cho cc kt ni lin tc v tn ti mt translation c nh do vi static
Nat, ngi s dng mng ch c th khi to mt kt ni n host c dch (nu
accsess list) cho php.

d) Static PAT
Static PAT cng tng t nh Static NAT, ngoi tr chng ta cn phi
ch ra giao thc (TCP hoc UDP) v cng cho a ch thc v a ch c nh x.

n tt nghip
35

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

PHN II : CAMERA IP

n tt nghip
36

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

CHNG I: TNG QUAN V CAMERA


1.1. Gii thiu v camera quan st
Camera l thit b quan st v thu gi hnh nh, m thanh phc v cho vn
gim st v an ninh.Vi chc nng c bn l ghi hnh, Camera c ng dng rng
ri trong lnh vc gim st.
Mt h thng cc Camera t ti nhng v tr thch hp s cho php bn quan
st, theo di ton b ngi nh, nh my, x nghip hay nhng ni bn mun quan
st, ngay c khi bn khng c mt trc tip ti .
1.1.1 Phn loai camera quan st
C 3 cch phn loi Camera:
- Phn loi theo k thut hnh nh.
- Phn loi theo ng truyn.
- Phn loi theo tnh nng s dng.
1.1.1.1 Phn loi theo k thut hnh nh

a) Camera quan st Analog


Ghi hnh bng t x l tn hiu analog, x l tn hiu mu vector mu,
tn hiu in truyn trn ng cp ng trc.
Loi Camera ny c cht lng hnh nh km , v c rt t khch
hng s dng

Hnh 21 Camera tng t

n tt nghip
37

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

b) Camera quan st CCD (Charge Couple Device) (100% s):


Camera quan st CCD s dng k thut CCD nhn bit hnh nh.
CCD l tp hp nhng tch in c th cm nhn nh sng sau chuyn tn hiu
nh sng sang tn hiu s a vo cc b x l. Nguyn tc hot ng ca CCD
c th m t di y:
CCD gm mt mng li cc im bt sng c ph bng lp bc
mu ( - red, hoc xanh lc - green, hoc xanh dng - blue), mi im nh ch bt
mt mu. Do , khi chp nh (ca trp m), nh sng qua ng knh v c lu li
trn b mt chp cm bin di dng cc im nh.
Mi im nh c mt mc in p khc nhau s c chuyn n b
phn c gi tr theo tng hng. Gi tr mi im nh s c khuch i v a
vo b chuyn i tn hiu tng t sang tn hiu s, cui cng vo b x l
ti hin hnh nh chp. Chnh qu trnh c thng tin thc hin theo tng hng
lm cho tc x l nh chm, ri thiu hoc tha sng.
Cc thng s k thut ca Camera quan st CCD l ng cho mn
hnh cm bin (tnh bng inch ). Kch thc mn hnh cm bin cng ln th cht
lng cng tt. (mn hnh 1/3 inch Sony CCD s c cht lng tt hn 1/4 inch
CCD, v 1/3 inch > 1/4 inch). Hin nay c rt nhiu hng sn xut cm bin hnh
nh nhng ch c cm bin hnh ca Sony v Sharp hnh nh p v trung thc.
Cht lng ca Sharp km hn cht lng ca Sony v gi thnh r hn.

Hnh 22 Camera CCD

n tt nghip
38

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

c)

Camera

quan

st

CMOS

complementary

metal

oxide

semiconductor).
Camera quan st CMOS c ngha l cht bn dn c b sung oxit kim
loi, cnh mi im bt sng c sn mch in b tr d dng tch hp ngay qu
trnh x l im nh. Vi cu trc ny, mi im nh s c x l ngay ti ch v
ng lot truyn tn hiu s v b x l ti hin hnh nh chp nn tc x
l s nhanh hn rt nhiu.
Mt u im na m cu trc ny mang li l c th cung cp chc
nng tng tc mt vng im nh (nh phng to mt phn nh) cho ngi s
dng, iu m chp cm bin CCD kh lm c. Vi kh nng b tr nhiu nh
vy nhng chip cm bin CMOS li tiu th t nng lng hn chip cm bin CCD,
cng vi nhiu yu t khc m gi thnh sn xut chip CMOS thp.

Hnh 23 Camera CMOS


Hin nay trn th trng, dng my dng chip cm bin CMOS thng l
dng chuyn nghip hay bn chuyn nghip, a s l my quay video (gn y
cng c my nh bn chuyn nghip dng chip CMOS ca Canon), nn gi tin
c th s vt qu kh nng ca ngi dng mua my nh phc v cho nhu cu ca
c nhn, gia nh. Do vy, my nh dng chip CCD vn cn chim lnh th trng
ph thng trong thi gian trc mt.
1.1.1.2 Phn loi Camera quan st theo k thut ng truyn
a) Camera quan st c dy
Camera quan st c dy c u im l kh nng an ton cao, tnh
bo mt tt c s dng truyn tn hiu trn dy cp ng trc khong 75ohm
n tt nghip
39

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1Vpp, dy C5. y l gii php c nh gi l an ton, chng ti cng khuyn


khch cc bn nn dng loi Camera quan st c dy, ngoi tr nhng trng hp
c bit khc.Ch rng khi truyn vi khong cch xa th cn c b khuych i
trnh vic tn hiu ng truyn suy hao, dn n cht lng hnh nh khng tt.

Hnh 24 Camera c dy
b) Camera quan st khng dy.
Ging nh tn gi, cc Camera quan st ny u khng c dy. Nhng
rt tic l cng khng hon ton nh vy.Cc Camera ny vn cn thit phi c dy
ngun. Cc loi Camera quan st khng dy c u im l d thi cng lp t do
khng cn i dy, tuy nhin Camera quan st c h s an ton khng cao C 1 s
vn cn quan tm i vi thit b khng dy. l tn s bn s dng.Camera
quan st khng dy s dng sng v tuyn RF truyn tn hiu thng tn s dao
ng t 1,2 n 2,4MHZ. Camera quan st khng dy c s dng khi lp t ti
cc khu vc a hnh phc tp kh i dy t Camera quan st n cc thit b quan
st, v d nh cc ngi nh c nhiu tng chn.
i vi khong cch xa hng ngn mt chng ta cn phi s dng
nhng thit b c bit hot ng tn s cao v gi thnh kh t.
Vic s dng Camera quan st khng dy c nh gi l khng an
ton d b bt sng hoc b nh hng nhiu trc cc ngun sng khc nh in
thoi di ng v thi tit

n tt nghip
40

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 25 Camera khng dy

c) IP Camera (Camera quan st mng)


IP Camera c kt ni trc tip vo mng thng qua Swich hoc
router, tn hiu hnh nh v iu khin c truyn qua mng. Tt c cc camera
mun hin th hoc ghi hnh c u phi thng qua phn mn c ci t trn
my vi tnh.
Hin nay h thng camera IP c rt t mu m la chn v gi
thnh kh cao (C mt s loi r tin th dng cm bin hnh khng tt) nn n ch
ph hp vi nhng ni c khun vin nh nh nh ring hoc cc ca hng nh.

Hnh 26 Camera CCD


1.1.1.3 Phn loi Camera qua st theo tnh nng s dng
a) Camera quan st dng Dome (Camera p trn)
y l loi Camera quan st thng c t trong nh, kiu dng
hnh bn nguyt rt trang nh v thng c gn p ln trn nh. Camera ny c

n tt nghip
41

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

tnh nng bo mt cao v thm m ph hp gn trong cc vn phng, khch sn,


nh hng, quy tip tn

Hnh 27 Camera Dome


b) Camera quan st b mt
Ging nh tn gi, Camera quan st ny khng th nhn bit c.
N c nhiu hnh dng v kch thc khc nhau, c th ngy trang v trnh b pht
hin.
Camera quan st c th ngy trang trong cm in, bc tranh hay
bnh hoa. Ngoi ra n cn c nhng mu m khc dng u bo khi. C nhng loi
camera quan st gn ch m tng hoc giu vo vt g ch cha li 1 l ng knh
bng bng u tm m thi.
c) Camera quan st hnh hp
y l loi Camera quan st truyn thng thng c dng trong cc
nh xng, khu vc ngoi tri hoc c khun vin rng .... Tu thuc vo nhu cu
quan st ca khch hng m Camera quan st ny c th thit k nhn xa hay
nhn gn khi thay i ng knh. Loi camera quan st ny rt a dng nn thng
c s dng rt nhiu, c th gn thm xoay camera xoay, cng c th gn
thm hp bo v chng ma, nng, chng ph hoi ..
d) Camera quan st hng ngoi ( IR Camera)
Camera quan st hng ngoi ny c kh nng quan st ban m khi tt
ht n (0 Lux) Khong cch quan st ca Camera quan st ph thuc vo cng sut
ca n hng ngoi. Khong cch quan st trong bng ti ca Camera quan st
hng ngoi thng thng s quan st trong phm vi dao ng khong 10m n 60m.
Mt s loi c bit th c kh nng quan st xa hn, thm ch khong 300 m.

n tt nghip
42

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Trong iu kin mi trng nh sng ban ngy th Camera quan st


hng ngoi cng quan st bnh thng nh tt c cc loi camera quan stkhc.
Camera quan st hng ngoi c th quan st c trong iu kin ti 100% v hnh
nh s chuyn sang ch trng en

.
Hnh 28 Camera IR
e) Camera quan st PTZ
P: Pan - Quay ngang (tri/phi)
T: Tilt - Quay dc (l n/xu ng)
Z: Zoom - (Phng to)
Pan/Tilt/Zoom hay nhng h tng t c bit n vi ci tn
thng mi l PTZ Camera. Camera quan st h tr kh nng quay 4 chiu, phng
to thu nh hnh nh. Camera quan st ny c th kt ni v iu khin thng qua
bn iu khin chuyn dng, my vi tnh hoc u ghi hnh k thut s. Hn na
Camera quan st c th c lp trnh cc v tr tun tra hot ng, nn n c th
lm tt c cc cng vic cho bn.
Camera quan st ny ph hp vi nhng ni cn an ninh cao v c
phm vi rng.
1.1.2 Thng s c bn ca camera
1.1.2.1 Camera quan st Indoor, Outdoor

Indoor: Camera quan st t trong nh.


Outdoor: Camera quan st t ngoi tri.
Cc Camera quan st trong nh u c th t ngoi tri khi gn
trong hp bo v ngoi tri. Ch rng, Nu Camera quan st ca bn d nh t

n tt nghip
43

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

ngoi tri th nn chn Camera quan st Outdoor m bo chu ng c cc


tc ng bn ngoi nh m, thi tit, nc, bi, hay cc tc nhn ph hoi khc.
1.1.2.2 IR Camera: Camera quan st hng ngoi
Vi Camera quan st hng ngoi, bn c th ghi hnh vo ban m,
iu m cc Camera quan st thng thng khng thc hin c. Vi nhng ng
dng quan st 24/24, bn cn chn Camera quan st c chc nng hng ngoi. Cng
nn nh rng, trong iu kin nh sng Camera, Camera ny hot ng khng
khc nhng Camera bnh thng, ch khi m ti, n hng ngoi c t ng bt,
v Camera bt u hot ng vi tnh nng hng ngoi.
Trong bng thng s, bn cn quan tm n nhng thng s sau:
Ir Led: S lng n LED hng ngoi.
Visible Distance: Khong cch quan st.
Khi hot ng ch hng ngoi, cc n LED s t ng bt ln,
v i hi cng sut kh ln, l l do ti sao ngun cp cho cc Camera hng
ngoi thng l ln hn nhiu vi cc Camera thng thng.
Water Resistance: S chu nc.
1.1.2.3 Cht lng hnh nh
Cht lng hnh nh ca mt Camera ph thuc vo nhiu thng s
nh :
Image Sensor: Cm bin hnh.
Resolution: phn gii: phn gii cng ln th cht lng
hnh nh cng nt.
CCD Total Pixels: S im nh. Thng s ny ni ln cht
lng hnh nh, s im nh cng ln th cht lng hnh nh cng tt, tuy nhin,
cht lng hnh nh cng tt th cng ng ngha vi dung lng nh cng ln, v
s tn b nh lu tr cng nh nh hng n tc ng truyn.
1.1.2.4 iu kin hot ng
Minimum Illumination: Cng nh sng nh nht.
Thng c tnh bng Lux. Thng s ny ni ln rng, Camera ch
c th hot ng cng nh sng ln hn cng nh sng nh nht. Trong
iu kin qu ti, nu khng phi l Camera c chc nng hng ngoi th s khng
hot ng c.

n tt nghip
44

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

nh nng mt tri: 4000 lux


My: 1000lux
nh sng n tup: 500 lux,
Bu tri c my: 300lux
nh sng n tup 500 lux, trng (300 lux) trng sng 1lux
m khng trng: 0.0001 Lux
Xin ch n loi Camera quan st c chc nng Auto Iris (T
ng hiu chnh nh sng). c im ca Camera loi ny l ch vi 1 ngun sng
nh, n c th t ng khuych i ngun sng ln c th quan st c.
Power Supply: Ngun cung cp.
Hin nay a s cc Camera quan st u dng loi ngun 12VDC,
ch mt s t cc Camera dng ngun khc. Tuy nhin, bn khng phi lo lng n
vn ngun 12VDC, v phn ln cc cng ty bn camera quan st u bn b
chuyn i ngun, do bn c th s dng trc tip ngun 220VAC.
Operatinon Temperature: Di nhit hot ng.
Phn ln cc Camera quan st u cho php hot ng trong di
nhit -100C ~ 500C, nu Camera ca bn c s dng trong nhng iu kin
khc nghit nh trong cng nghip, khu vc c nhit cao th bn nn s dng cc
loi Camera quan st chuyn dng trong cng nghip.
Operational Humidity: m cho php.
Thng thng, m cho php l 90% RH ( m tng i).
1.1.2.5 Gc quan st.
Trong ti liu k thut thng khng ghi gc m, m ghi thng s tiu c
thay cho gc m. C th s dng bng quy i sau:
2.1 mm 13836

6 mm 4612

2.5 mm

10024

8 mm 3424

2.8 mm

8536

12 mm 2242

3.6 mm

7936

16 mm 2130

4 mm

6136

Ty vo ng dng ca bn m nn chn loi Camera quan st c gc


quan st l bao nhiu . Nu bn cn quan st rng, c th chn loi Camera quan

n tt nghip
45

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

st m ng nh ca n c gc m ln. Cn nu ch mun quan st trong mt phm


vi rt hp th cng s c nhng loi Camera quan st gn ng knh c tiu c ph
hp vi nhu cu ca bn.
Cn nu mun gc quan st rt ln, nn chn loi Camera c bit c
chc nng Pan/ Tilt (quay ngang, quay dc). Nu bn c mt chic Camera
nhng khng c chc nng Pan/Tilt, bn hon ton c th ci tin n bng cch lp
thm mt quay ngang, quay dc, khi , bn c th iu khin Camera ca bn
quay theo bt c hng no bn mun.
1.1.2.6. Cc thng s khc
Auto White Balance: T ng cn bng nh sng trng.
Auto Gain Control: T ng kim sot li.
Backlight Compensation: B nh sng ngc.
Auto Electronic Shutter: T ng chng sc in.
1.2. S khi camera

nh ca vt c nh sng chiu vo s phn n b lc quang ca camera


nhm mc ch hiu chnh cng nh sng, sau a qua lng knh tch mu
tch thnh 3 mu c bn RGB v p vo ma trn cm bin sng CCD, tn hiu
sng c chuyn thnh tn hiu in analog c s ha, x l, nh dng thnh
khung truyn v a n thit b lu tr hoc thit b hin th.
1.3. B tch mu
Y = 0.59G+0.3R+0.11B

n tt nghip
39

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

B tch mu gm mt h thng lng knh c ghp li vi nhau to ra cc mt


lng sc ( Green, Blue ) v ( Green, Red ). Ngun nh sng phn chiu t nh n h
thng lng knh s c tch ra thnh 3 thnh phn , thnh phn nh sng Green c
i thng qua h thng lng knh n cm bin Green, hai thnh phn cn li l Red
v Blue ln lt phn x trn 2 mt lng sc n cc bin tng ng.
Phn b nng lng nh sng tng hp sau khi qua h thng thu knh cng c
s thay i :

1.4. Thit b ghp din tch CCD (Charge Couple Device )

n tt nghip
40

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1. Cu trc chuyn khung.


2. Cu trc chuyn dng.
3. Cu trc chuyn khung dng.

n tt nghip
41

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1.5. X l tn hiu
100+600%

Cc camera cho php bo v vng sng n 600% trc khi t n gii hn


bo ha ca CCD v vic ny thc hin c bi cc thit b in t.

H s K c lu vo ram.
1.6. Gii thiu v Camera IP
Camera IP hay cn gi l camera mng cho php vic gim st c th thc
hin ti ch hoc thng qua h thng mng Lan / Wan / Wireless c xc nhn
bng 1 a ch IP ring bit. Cc camera c ch to s dng tiu chun nn nh
JPEG, MJEG, MPEG4 nhm gim ti a dung lng ng truyn nhng vn gi
c cht lng hnh nh.

n tt nghip
42

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1.7. Cu trc Camera IP

1.8. Nguyn l hot ng ca IP Camera:


Mt IP Camera hay cn gi l Network Camera c th c m t nh mt
thit b hai trong mt (gm 1 camera thng thng v 1 my vi tnh).N kt ni trc
tip vo h thng Internet nh nhng thit b Network khc. 1 Network camera c
ring cho n 1 a ch IP v gn lin vi nhng tnh nng ca mt my vi tnh
iu khin vic truyn thng tin trn Internet. Mt s Ntetwork Camera cn c
trang b thm nhng tnh nng c gi tr nh pht hin nhng s chuyn ng hay
c nhng cng output cho cc camera thng thng khc.
Thu knh s bt ly nhng hnh nh c th c miu t nh nhng chiu
di di sng khc nhau ca nh sng v bin i chng vo tn hiu in t khc.
Nhng tn hiu ny sau c chuyn i t bin (tng t) thnh s v
chuyn n nhng tn nng vi tnh ni m hnh nh c nn li v gi i thng
qua Internet.

n tt nghip
43

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

ng knh ca Camera lm cho hnh nh tp trung vo chp hnh nh image


sensor (CCD / CMOS). Trc khi n c chp hnh nh th nhng hnh nh
phi i qua b knh lc s b i nhng tia hng ngoi nhng mu sc chun s
c hin th. ( i vi Camera ra quay c ngy v m th b phn lc tia hng
ngoi s c chuyn i cung cp nhng hnh nh trng v en cht lng cao
trong iu kin ban m). Lc ny chp hnh nh s chuyn i hnh nh bao gm
nhng thng tin v nh sng vo tn hiu in t. Nhng tn hiu ny sn sng
c nn v gi i thng qua mng Internet.
CPU, Flash memory v DRAM c th c hnh dung nh b no hay
nhng tn nng tin hc ca Camera v c thit k c bit cho nhng ng dng
mng. Cng 1 lc, chng iu khin s truyn thng tin vi h thng mng v vi
web server. Qua cng Ethernet, mt Network Camera c th ng thi gi nhng
hnh nh trc tip n 10 my tnh khc hoc nhiu hn.

n tt nghip
44

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

CHNG II : CU HNH V KHAI THC CAMERA IP


Phn ny chng em xin gii thiu v Camera IP Vivotek IP7135
2.1. Datasheet Vivotek IP7135

- CPU: VVTK-1000 SoC


- Flash: 4MB
H thng

- RAM: 32MB SDRAM


- Tng thch OS: Linux 2.4

ng knh

Dng khi, f=4.0 mm, F2.0

Cm bin hnh nh

Chip CMOS VGA

Cng nh sng nh
nht

1.5 Lux / F2.0


- Chun nn: MPEG-4 cho video v

Video

JPEG cho hnh nh.


- Tc khung: 30/25 fps ti 640x480
- C th iu chnh : khch thc, cht

Hnh nh

lng, bit rate ca hnh nh.


- Lt v nghing hnh.
- Cu hnh: sng , tng phn.

m thanh

- Chun nn: GSM-AMR speech , bit


rate: 4.75 kbps ~ 12.2 kbps.

n tt nghip
45

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

- MPEG-4 AAC audio encoding, bit


rate 16 kbps ~ 128kbps.

- 10/100 Mbps Ethernet, RJ-45


- Built-in 802.11b/g WLAN (IP7137)
- Protocols: Ipv4, TCP/IP, HTTP,
Chun mng

UPnP, RTSP/ RTP/RTCP, IGMP,


SMTP, FTP, DHCP, NTP, DNS,
DDNS, and PPPoE.

- Pht hin chuyn ng.


Cnh bo v qun l

- S dng giao thc: HTTP,FTP,


SMTP.

An ninh

S dng password truy cp.

Led ch th

Ngun v tnh trng hot ng

Ngun

12 VDC

Nhit lm vic

0C ~ 50C

20% ~ 80% RH
OS:

Microsoft

Windows

2000/XP/Vista
Browser: Internet Explorer
Yu cu h thng

Cell phone: 3GPP player


Quick Time: 6.5 or above
Real Player: 10.5 or above

Installation, Management,
and Maintenance

Installation Wizard 2
16-CH recording software
Supports firmware upgrade

n tt nghip
46

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Ton b h thng

Cu trc bn ngoi
2.2. Cu hnh Camera IP Vivotek IP7135 :
2.2.1. Kt ni vi camera ip :

n tt nghip
47

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

2.2.2. ng nhp vo camera ip:


M chng trnh Install Wizard km theo khi mua Camera d tm a ch IP
ca Camera. Khi khi ng chng trnh ln s c giao din nh sau:

Nu chng trnh tm thy th s hin ra mt dng nh hnh trn c cc thng


s IP cng nh tn ca camera (Trng hp nu khng c dng thng s nh trn
th bn hy n vo nt Search gc di bn tri chg trnh n tm li,nu
nh Search nhiu ln cng khng c th bn nn kim tra li dy tn hiu cng
nh kin tra xem camera c ngun cha.Nu vn khng c th bn nn i n
ni bn Camera KT kim tra li)
Bn hy nh du chn vo vung ca dng thng s trn v n vo nt
xem Camera bng trnh duyt web (Ch : Xem bng
IE v ln u tin bn xem bng trnh duyt web th bn phi i my tnh ci t
chng trnh h tr ca Vivotek).
2.2.3. Cu hnh camera bng trnh duyt Web :
M trnh duyt IE ln v ta g a ch IP ca camera xc inh t trc (trong v
d ny l 192.168.1.36) ta s c giao din nh sau :

n tt nghip
48

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Chng ta ng nhp user name : root ,pass : theo pass trong qu trnh ci t.
V giao din s hin ra nh sau . Ch : nu my tnh ca bn cha bao gi xem
camera Vivotek th bn cn active X c th xem c camera .

Trn giao din c 3 thanh cng c l Snapshot, Client Settings, Configuration .


Snapshot : dng chp hnh.

n tt nghip
49

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Client Settings : dng chnh cc ty chn v Audio v Protocol nh sau :

Configuration : dng cu hnh cc thng s ca camera v c giao din


nh sau :

Hnh : giao din ca Configuration .


Gm cc Tab nh sau :
System : c cc phn t tn cho camera, chnh gi ,ngy, thng ,nm.
Security : dng t li user name v password.

n tt nghip
50

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh : tab Security.


Network : dng chnh i ch IP, m port. y l mt trong nhng tab quan
trng nht. Chng ta s quay lai tab ny trong phn cu hnh camera qua mng
internet v LAN.
DDNS : Dynamic Domain Name System : l ni chng ta nhp vo nh cung cp
tn min ng , user v password ca ti khon ta ng k nh cung cp .
Trong v d ny l nh cung cp l Dyndns.org .

Hnh : Tab DDNS.


Audio and Video : Gm c 3 phn :
General : cho php cu hnh trn my tnh hay thit b di ng.
Video : chnh cc thng s v Video nh mu ,kch thc khung, s khung
/giy, cht lng nh
Audio : chnh cc thng s v m thanh.

n tt nghip
51

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh : tab Video and Audio.


Sau khi chnh xong th ta save li lu cu hnh va chnh.
Motion detection : chnh nhy v phn trm.

n tt nghip
52

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh : tab Motion detection.


Mantenance : dng reboot, update firmware.

Hnh : tab Maintenance.

Ngoi ra cn c cc tab khc nh Access list, Email and FTP


2.2.4. Cu hnh xem camera ip qua mng internet :
Cc thnh phn cn thit xem hnh nh ca camera ip qua mng internet gm:
mt camera ip, mt modem ADSL v my tnh cu hnh

n tt nghip
53

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Ta c m hnh nh sau :

Cch thc hin nh sau :


a) ng k mt tn min ng: nh no-ip.com hay Dyndns.org (cch ng k
tng t nh phn ng k tn min cho VPN ).
b) Cu hnh cho camera ip :
ng nhp vo camera ip vo phn Configuration .
Bc 1: vo tab DDNS v khai bo ti khon tn min ng .

Trong phn Provider : chn trang cung cp DDNS ( y l dyndns.org)


Host name : tn min m chung ta ng k.

n tt nghip
54

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

User name v Password : tn ti khon m chng ta ng k nh


cung cp DDNS.
Bc 2 : vo tab Network .

.
Ta chn Use fixed IP address v g vo cc thng s sau :

.
Trong phn Primary DNS chng ta nh a ch ca ISP ang s dng vo.
Trong v d ny s dng dch v ca ISP FPT nn ta g l 210.245.24.20. Ngoi ra
chng ta c th s dng cc open DNS nh 216.146.35.35 hay 208.67.222.222 .
Bc 3 : m port cho camera. Trong v d ny ta m port 5000.
Cng tab Network ta chn HTTP port : 5000 v RTSP port : 5001.

n tt nghip
55

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

.
Cc thng s cn li ta gi nguyn v save cu hnh chnh sa li.

c) Cu hnh trn modem ADSL :


Trong v d ny chng ta s dng modem ca ZyXEL P-660H-T1 v2.
Bc 1 : khai bo tn min ng k.
Cng tng t nh phn VPN, ta ng nhp vo modem v chn tab
Advanced -> Dynamic DNS khai bo tn min v ti khon ca chng ta . nh
du check vo Active Dynamic DNS, sau apply lu cu hnh li

n tt nghip
56

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh : giao din DDNS.


Bc 2 : m port trn modem ADSL .
Chng ta vo tab Network -> NAT -> Port forwarding .

Hnh : Port forwarding.


Trong Service Name ta chn User define th s xut hin trang tip theo.

Ta nh du check vo Active ,g tn bt k vo service name, start port l


5000 end port l 5002 , IP ta g a ch ca camera ip vo. Trong v d ny l
192.168.1.36. Sau apply v kt qu l .

n tt nghip
57

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Nh vy chng ta cu hnh xong cho camera ip v modem ADSL. By gi


chng ta ng bn ngoi mng internet, m trnh duyt IE v g vo
ttp07b.homeip.net:5000 (tn min v port m ). Ta s c kt qu nh sau .

Ta nhp vo user name : root v password : nh trong qu trnh ci t .


V y l kt qu .

n tt nghip
58

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

2.2.5. Cu hnh xem camera ip qua mng LAN


2.2.5.1.M hnh:
Vi mng LAN lp C c IP :192.168.1.X
Subnet mask : 255.255.255.0

n tt nghip
59

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Cc thnh phn :
Camera ip :
IP

: 192.168.1.50:5000

Subnet mask : 255.255.255.0


PC admin : c quyn xem v cu hnh.
IP

: 192.168.1.X

Subnet mask : 255.255.255.0


Username

: root (mc nh )

Password

: 111111

PC client : ch c quyn xem.


IP

: 192.168.1.Y

Subnetmask : 255.255.255.0
Username

: u1

Password

: 123

Vi X,Y,Z thuc di IP trn i t 1 -> 254.


2.2.5.2.Cch thc hin
Ta thc hin cc bc sau :
Bc 1 : Tm kim v t li IP ca camera.

u tin ta ng nhp vo camera ip bng phn mm

tm

kim camera ip trong mng LAN.


Ta c giao din nh sau :

n tt nghip
60

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Click vo nt Search tm kim camera ip trong mng sau click vo Setup


ng nhp vo camera ip .

n tt nghip
61

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

ng nhp bng password 111111 v ta c giao din nh sau :

n tt nghip
62

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Click vo Next vo tip trang sau thay i IP ca camera cho ph hp vi mng


LAN.

n tt nghip
63

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

B chn Reset IP address at next boot ,thay i i ch IP nh m hnh v


click Next sau Apply hon thnh. V camera s x l.

Sau giao din ban u s xut hin li.

n tt nghip
64

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

nh du check vo a ch v click vo Link to selected device(s) vo


xem hnh nh ca camera ip.

user name : root


Pass : 111111
V kt qu l :

n tt nghip
65

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

cu hnh ta click vo

Sau vo tab Network kim tra li.

n tt nghip
66

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Bc 2 : t mt user ch cho php xem v khng c cu hnh.


Sau y ta to mt user cho php vo xem nhng khng cho cu hnh.

.
Chng ta vo tab Security , vo mc Add user :
User name

: u1

User password : 123


Sau chn Add .Nh vy l hon thnh . By gi chng ta th ng nhp vo
camera bng user: u1 .

n tt nghip
67

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Chng ta c kt qu l :

Chng ta thy khng c tab Configuration cu hnh . M hnh hon thnh .


2.3. Khai thc cc tnh nng ca camera ip qua phn mm Vivotek ST3402 v
playback :
2.3.1. Ci t phn mm :
- Ci dt phn mm i km theo trong a.
- Ch trong qu trnh ci t c password chy chng trnh.
- Phn mm ch cho php xem 16 camera .

n tt nghip
68

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

2.3.2. S dng chng trnh Monitor Vivotek ST3402 :


Chy chng trnh vi username v password chng thc ngi s dng.
Username : mc nh l root.
Password : ta t trong qu trnh ci t.

Trong :
Funtion area :

n tt nghip
69

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Channel camera area : chn camera th hin trng thi ca chnh n.


Layout area : la chn s camera hin th ln vng video area 1,4,6,9,13,16.
HDD status : hin th trng thi ca dung lng a cng ghi hnh ca camera.
Common area :

PTZ, DI/DO .., area :


-

PTZ : iu khin pan/tilt/zoom ca camera (yu cu l camera phi c chc


nng PTZ.)

DI/DO : iu khin nhp, gi tn hiu n camera tng ng .

2.3.3. Ci t camera :
Click vo biu tng configuration .

n tt nghip
70

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Chn thanh camera configuration :


Trong gm cc mc :

Hnh : camera configuration.

Insert : thm vo mt camera . Nhp vo IP ca camera hoc tn min (


ngoi mng ), port v password ca camera .

n tt nghip
71

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

.
-

Delete : xa camera c chn khi chng trnh .

Alert Setting:
+ Enable motion detect: check e canh bao do tm chyen ong bang am

thanh (thiet lap phan Display & UI setting).


+ Enable digital input: check e canh bao khi co tn hieu ngo vao.
+ Digital input alert when: canh bao ngo ra mc cao hay thap
+ Enable video loss: canh bao khi mat tn hieu video
+ Enable remote alert: cho phep canh bao t xa

Trong phan nay th oi hoi camera phai ho tr.


Chn Global setting :

n tt nghip
72

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Mc ny c giao din nh sau :

Trong o:
- Directory Settings:

Thiet lap ng dan lu tr data tren HDD (gom Snapshot, Record va


Scheduler).
- Record Diskspace Usage Settings:
Mc Cycle Recording: nen check e bat chc nang ghi de len data trc

o khi HDD ti dung lng cho phep trc.


- Network account:

Trong trng hp muon lu data len o a mang th muc nay c check, sau o
nhap Username, password va domain vao tng ng.

n tt nghip
73

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Chn Display & UI Setting :

Giao din nh sau :

.
- Local Alert Setting: ch nh am thanh canh bao tng ng.
- Remote Alert sound: thiet lap am thanh canh bao t xa
- Snapshot Format: thiet lap nh file anh khi chup nhanh.
- Modulation Mode: chon mode tn hieu video vao
- Display Options:

n tt nghip
74

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

+ Location: so th t va ten video cua camera


+ Connect time: Thi lng ket noi vi camera
+ Remote Time: thi gian thc tng ng vi camera
+Record Time: Thi lng ghi hnh cua camera.
- Miscellaneous:

+ Click on image to enable PTZ: check e co the ieu khien PTZ bang cach
click trc tiep vao
khung hnh.
+ Enable PTZ hot key: cho ieu khien PTZ bang phm tat.
+ Apply to new device:
Chn Scheduler :

Giao din nh sau :

n tt nghip
75

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

e che o ghi hnh mot cach lien tuc ta chon everyday va continuous mode roi
bam save as e lu lai cau hnh.
2.3.4. S dng chng trnh Playback for Vivotek ST3402 :

Chon playback, hoac Chay chng trnh Playback for Vivotek ST3402 khi o
se xuat hien giao dien nh sau:
Location: th t camera.
Period Start Time: thi gian bat au.
Period End Time: thi gian ket thuc.
Sau o bam play.
Lu y: can chon ung ng dan en ni cha data ghi hnh

n tt nghip
76

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

2.4. Cc ng dng ca camera ip :

nh ng ni dn
n ni cha data
ghi hnh.

IP Camera c ng dng rt ph bin trong cc cng vic quan st v c


bit hin nay c p dng nhiu trong hi ngh truyn hnh.
Cc ng dng ca IP camera rt ln v trong hu ht cc lnh vc: doanh
nghip, y t, gio dc, an ninh quc phng
Trong phn ny ca bo co s trnh by chi tit v ng dng IP camera
trong hi ngh truyn hnh v ng dng t vn y t t xa.

n tt nghip
77

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 29 : ng dng trong qun l, quan st bn hng

Hnh 30 : ng dng trong gim st sn xut

n tt nghip
78

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Thit b IP Camera khng ch gii hn vic quan st, gim st, m cn


c ng dng vo phm vi rng hn v cng rt ph hp l hi tho video
(Video Conference).
Hi tho video s dng cng ngh vin thng ca audio v video, cho php
ngi dng nhng a im cch nhau c th tham gia mt cuc hp cng nhau
trong thi gian thc. N c th n gin nh l mt cuc ni chuyn gia hai ngi
trong nhng vn phng ring ca h (point-to-point) hoc bao gm mt vi a
im (multi-point) vi nhiu ngi trong nhng cn phng ln nhng ni khc
nhau. Bn cnh m thanh v hnh nh ca nhng hot ng ca cuc hp c
truyn ti, hi ngh video cn c th dng chia s ti liu, trnh din thng tin cho
cc bn tham gia.
Mt h thng hi ngh video dng tng t n gin c th c thit lp d
dng ch vi hai mch TV ng v c ni vi nhau qua cp. Trong nhng chuyn
bay u tin vo v tr ca mnh, c quan hng khng v tr M - NASA s dng
lin lc qua hai bng tn sng v tuyn l UHF v VHF, mi bng tn c s dng
cho mt hng truyn. V nhng chng trnh TV s dng kiu hi thoi ny trong
cc mc bo co tnh hnh nhng ni khc, cho ti khi h thng v tinh nhn to
v nhng xe thng tin c a vo s dng v tr nn ph bin.
Cng ngh ny tuy nhin qu tn km v khng th c s dng cho cc
ng dng lin quan khc, nh l cha bnh t xa, gio dc t xa, hi hp trong cc
doanh nghip, v rt nhiu vn khc na ni ring ca ng dng t xa. Nhng c
gng s dng nhng mng li in thoi sn c truyn ti video cht lng
thp, nh l h thng u tin c pht trin bi AT&T, u tht bi vi
nguyn nhn chnh l cht lng hnh nh qu thp khng c nhng k thut nn
video hiu qu. Ngay c vi h thng c bng thng 1MHz v tc truyn 6Mbps
ca hng Picturephone vo nhng nm 1970 cng khng mang li kt qu nh
mong mun.
Ch cho n khi cc mng li truyn ti tn hiu in thoi s vo nhng
nm 1980 tr nn kh thi nh l ISDN, m bo tc truyn ti ti thiu (thng
l 128 kilobits/s) cho video nn v audio. Nhng h thng xut hin u tin, ca
nhng nh pht trin phn cng VTC tin phong nh l PictureTel, bt u xut

n tt nghip
79

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

hin ngoi th trng nh l nhng h thng mng ISDN v c m rng ra trn


ton th gii. Nhng h thng hi thoi video sut nhng nm 1990 nhanh chng
chuyn t vic s dng cc thit b phn cng v phn mm t tin sang nhng
cng ngh chun vi chi ph chp nhn c. V cui cng, vo nhng nm 1990,
chun hi ngh video qua IP c cung cp, bn cnh l nhng cng ngh nn
video c pht trin, cho php thc hin hi ngh video qua nn desktop hay PC.
Vo nm 1992, CU-SeeMe c pht trin ti Cornell bi Tim Dorcey et al., IVS
c pht trin ti INRIA, VTC tr nn ph bin v tr thnh nhng dch v min
ph, nhng web plugin v phn mm, nh l NetMeeting, MSN Messenger, Yahoo
Messenger, SightSpeed, Skype v nhng phn mm khc em n dch v r tin,
cht lng chp nhn c, VTC.
2.5. Kt lun :
Ngy nay nhu cu gim st v an ninh ngy cng cao, cng vi s pht trin
khng ngng ca internet th camera ip l mt s la chn ng n cho nhu cu
ny.
Vi s pht trin khng ngng ca khoa hc v k thut th cht lng camera ip
ngy cng c nng cao v cng c.V th loi camera ny v ang chim u
th trn th trng.

n tt nghip
80

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

PHN III : M NG RING O VPN

n tt nghip
81

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

CHNG I : VIRTUAL PRIVATE NETWORK ( VPN )


1.1.Tm hiu VPN:
1.1.1. nh ngha VPN:
VPN c hiu n gin nh l s m rng ca mt mng ring (private
network) thng qua cc mng cng cng. V cn bn, mi VPN l mt mng ring
r s dng mt mng chung (thng l internet) kt ni cng vi cc site (cc
mng ring l) hay nhiu ngi s dng t xa. Thay cho vic s dng bi mt kt
ni thc, chuyn dng nh ng leased line, mi VPN s dng cc kt ni o
c dn ng qua Internet t mng ring ca cc cng ty ti cc site hay cc
nhn vin t xa. c th gi v nhn d liu thng qua mng cng cng m vn
bo m tnh an tan v bo mt VPN cung cp cc c ch m ha d liu trn
ng truyn to ra mt ng ng bo mt gia ni nhn v ni gi (Tunnel)
ging nh mt kt ni point-to-point trn mng ring. c th to ra mt ng
ng bo mt , d liu phi c m ha hay che giu i ch cung cp phn u
gi d liu (header) l thng tin v ng i cho php n c th i n ch thng
qua mng cng cng mt cch nhanh chng. D lu c m ha mt cch cn
thn do nu cc packet b bt li trn ng truyn cng cng cng khng th
c c ni dung v khng c kha gii m. Lin kt vi d liu c m ha
v ng gi c gi l kt ni VPN. Cc ng kt ni VPN thng c gi l
ng ng VPN (VPN Tunnel).

Hnh 31 : M hnh VPN

n tt nghip
82

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1.1.2. Lch s pht trin ca VPN:


S xut hin mng chuyn dng o, cn gi l mng ring o (VPN), bt
ngun t yu cu ca khch hng (client), mong mun c th kt ni mt cch c
hiu qu vi cc tng i thu bao (PBX) li vi nhau thng qua mng din rng
(WAN). Trc kia, h thng in thoi nhm hoc l mng cc b (LAN) trc kia
s dng cc ng thu ring cho vic t chc mng chuyn dng thc hin vic
thng tin vi nhau.
Cc mc nh du s pht trin ca VPN:
- Nm 1975, Franch Telecom a ra dch v Colisee, cung cp dch v
dy chuyn dng cho cc khch hang ln. Colisee c th cung cp phng thc gi
s chuyn dng cho khch hng. Dch v ny cn c vo lng dch v m a ra
cc ph v nhiu tnh nng qun l khc.
- Nm 1985, Sprint a ra VPN, AT&T a ra dch v VPN c tn
ring l mng c nh ngha bng phn mm SDN.
- Nm 1986, Sprint a ra Vnet, Telefonica Ty Ban Nha a ra
Ibercom.
- Nm 1988, n ra i chin cc ph dch v VPN M, lm cho mt
s x nghip va v nh chu ni cc ph s dng VPN v c th tit kim gn
30% chi ph, kch thch s pht trin nhanh chng dch v ny ti M.
-

Nm 1989, AT&T a ra dch v quc t IVPN l GSDN.

- Nm 1990, MCI v Sprint a ra dch v VPN quc t VPN; Telstra


ca -xtry-li-a a ra dich v VPN rong nc u tin khu vc chu Thi
Bnh Dng.
- Nm 1992, Vin thng H Lan v Telia Thu in thnh lp cng ty
hp tc u t Unisource, cung cp dch v VPN.
- Nm 1993, AT&T, KDD v vin thng Singapo tuyn b thnh lp
Lin minh ton cu Worldparners, cung cp hng lot dch v quc t, trong c
dch v VPN.

n tt nghip
83

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

- Nm 1994, BT v MCI thnh lp cng ty hp tc u t Concert,


cung cp dch v VPN, dch v chuyn tip khung (Frame relay)
-

Nm 1995, ITU-T a ra khuyn ngh F-16 v dch v VPN ton cu


(GVPNS).

- Nm 1996, Sprint v vin thng c (Deustch Telecom), Vin thng


Php (French Telecom) kt thnh lin minh Global One.
-

Nm 1997 c th coi l mt nm rc r i vi cng ngh VPN,

Cng ngh ny c mt trn khp cc tp ch khoa hc cng ngh, cc cuc hi


thoCc mng VPN xy dng trn c s h tng mng Internet cng cng
mang li mt kh nng mi, mt ci nhn mi cho VPN. Cng ngh VPN l gii
php thng tin ti u cho cc cng ty, t chc c nhiu vn phng, chi nhnh la
chn. Ngy nay, vi s pht trin ca cng ngh, c s h tng mng IP (Internet)
ngy mt hon thin lm cho kh nng ca VPN ngy mt hon thin.
Hin nay, VPN khng ch dng cho dch v thoi m cn dng cho cc dch
v d liu, hnh nh v cc dch v a phng tin.
1.1.3. Chc nng v u im ca VPN:
1.1.3.1 Chc nng ca VPN:
VPN cung cp ba chc nng chnh l: tnh xc thc (Authentication), tnh
ton vn (Integrity) v tnh bo mt (Confidentiality).
a) Tnh xc thc : thit lp mt kt ni VPN th trc ht c hai pha phi
xc thc ln nhau khng nh rng mnh ang trao i thng tin vi ngi
mnh mong mun ch khng phi l mt ngi khc.
b) Tnh ton vn : m bo d liu khng b thay i hay m bo khng c
bt k s xo trn no trong qu trnh truyn dn.
c) Tnh bo mt : Ngi gi c th m ho cc gi d liu trc khi truyn qua
mng cng cng v d liu s c gii m pha thu. Bng cch lm nh
vy, khng mt ai c th truy nhp thng tin m khng c php. Thm ch
nu c ly c th cng khng c c.

n tt nghip
84

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1.1.3.2 u im:
a) Tit kim chi ph : Vic s dng mt VPN s gip cc cng ty gim c
chi ph u t v chi ph thng xuyn. Tng gi thnh ca vic s hu mt mng
VPN s c thu nh, do ch phi tr t hn cho vic thu bng thng ng truyn,
cc thit b mng ng trc v duy tr hot ng ca h thng. Gi thnh cho vic
kt ni LAN-to-LAN gim t 20 ti 30% so vi vic s dng ng thu ring
truyn thng. Cn i vi vic truy cp t xa gim t 60 ti 80%.
b) Tnh linh hot : Tnh linh hot y khng ch l linh hot trong qu
trnh vn hnh v khai thc m n cn thc s mm do i vi yu cu s dng.
Khch hng c th s dng kt ni T1, T3 gia cc vn phng v nhiu kiu kt ni
khc cng c th c s dng kt ni cc vn phng nh, cc i tng di
ng. Nh cung cp dch v VPN c th cung cp nhiu la chn cho khch hng,
c th l kt ni modem 56 kbit/s, ISDN 128 kbit/s, xDSL, T1, T3
c) Kh nng m rng : Do VPN c xy dng da trn c s h tng
mng cng cng (Internet), bt c ni no c mng cng cng l u c th trin
khai VPN. M mng cng cng c mt khp mi ni nn kh nng m rng ca
VPN l rt linh ng. Mt c quan xa c th kt ni mt cch d dng n mng
ca cng ty bng cch s dng ng dy in thoi hay DSLV mng VPN d
dng g b khi c nhu cu.
Kh nng m rng bng thng l khi mt vn phng, chi nhnh yu cu bng thng
ln hn th n c th c nng cp d dng.
d) Gim thiu cc yu cu v thit b : VPN da trn c s h tng ca mng
cng cng nn khng cn phi u t nhiu v cc thit b modem chuyn bit, cc
card tng thch (adapter) , chi ph bo tr cc thit b chuyn bit .
e) Tnh bo mt : Bi v VPNs s dng k thut tunneling truyn d liu
thng qua mng cng cng cho nn tnh bo mt cng c ci thin. Thm vo ,
VPNs s dng thm cc phng php tng cng bo mt nh m ha, xc nhn v
y quyn. Do VPNs c nh gi cao bo mt trong truyn tin.
1.1.3.3. Khuyt im:

n tt nghip
85

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

a) Ph thuc nhiu vo cht lng ca mng Internet. S qu ti hay tc nghn


mng lm nh hng n cht lng truyn thng tin.
b) Thiu cc giao thc k tha h tr : VPN hin nay da hon ton trn c s
k thut IP. Tuy nhin, nhiu t chc tip tc s dng my tnh ln (mainframes) v
cc thit b v giao thc k tha cho vic truyn tin mi ngy. Kt qu l VPNs
khng ph hp c vi cc thit b v giao thc ny.
1.2. Cc dng ca VPN :
Phn loi k thut VPNs da trn 3 yu cu c bn:
- Ngi s dng xa c th truy cp vo ti nguyn mng on th bt k
thi gian no.
- Kt ni ni b gia cc chi nhnh vn phng xa nhau
- Qun l truy cp cc ti nguyn mng quan trng ca khch hng, nh cung
cp hay cc thc th ngoi khc l iu quan trng i vi t chc hay c quan.
Da vo nhng yu cu c bn trn VPN c chia thnh :
- Mng VPN truy cp t xa (Remote Access VPN).
- Mng VPN cc b (Intranet VPN).
- Mng VPN m rng (Extranet VPN).
1.2.1. Remote Access VPN :
Remote Access cn c gi l Dial-up ring o (VPDN) l mt kt ni
ngi dng n LAN , thng l nhu cu ca mt t chc c nhiu nhn vin cn
kin h n mng ring ca cng ty t nhiu a im rt xa.
VD: cng ty mun thit lp mt VPN ln n mt nh cung cp dch v
doanh nghip (ESP). Doanh nghip ny to ra mt my ch truy cp mng (NAS)
v cung cp cho nhng ngi s dng xa mt phn mm my khch cho my tnh
ca h. sau , ngi s dng c th gi mt s min ph lin h vi NAS v
dng phn mm VPN my khch truy cp vo mng ring ca cng ty. Loi
VPN ny cho php cc kt ni an ton, c mt m.

n tt nghip
86

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 32 : Remote Access VPN.


1.2.1.1. Cc thnh phn chnh ca Remote Access Network:
-Remote Access Server (RAS): c t ti trung tm c nhim v xc
nhn v chng nhn cc yu cu gi ti.
-Quay s kt ni n trung tm, iu ny s lm gim chi ph cho mt s
yu cu kh xa so vi trung tm.
-H tr cho nhng ngi c nhim v cu hnh, bo tr v qun l RAS v
h tr truy cp t xa bi ngi dng.
-Bng vic trin khai Remote Access VPNs, nhng ngi dng t xa hoc
cc chi nhnh vn phng ch cn t mt kt ni cc b n nh cung cp dch v
ISP hoc ISPs POP v kt ni n ti nguyn thng qua internet.
Thng tin Remote Access Setup c m t bi hnh sau:

n tt nghip
87

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 33 : Remote Access VPN setup.

1.2.1.2. u v khuyt im ca Remote Access VPN :

Cc u v khuyt im ca mng VPN truy nhp t xa so vi cc


phng php truy nhp t xa truyn thng:

a) u im :
-

Mng VPN truy nhp t xa khng cn s h tr ca nhn vin mng bi v


qu trnh kt ni t xa c cc ISP thc hin.

Gim c cc chi ph cho kt ni t khong cch xa bi v cc kt ni


khong cch xa c thay th bi cc kt ni cc b thng qua mng
Internet.

Cung cp dch v kt ni gi r cho nhng ngi s dng xa.

Bi v cc kt ni truy nhp l ni b nn cc Modem kt ni hot ng


tc cao hn so vi cc truy nhp khong cch xa.

n tt nghip
88

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

VPN cung cp kh nng truy nhp tt hn n cc site ca cng ty bi v


chng h tr mc thp nht ca dch v kt ni.
b) Khuyt im :

Mng VPN truy nhp t xa khng h tr cc dch v m bo cht lng


dch v.

Nguy c b mt d liu cao. Hn na, nguy c cc gi c th b phn pht


khng n ni hoc mt gi.

Bi v thut ton m ho phc tp, nn tiu giao thc tng mt cch


ng k. Thm vo vic nn d liu IP xy ra chm.

Do phi truyn d liu thng qua internet, nn khi trao i cc d liu ln


th s rt chm.

1.2.2. VPN Site to Site (LAN to LAN ):


LAN-to-LAN VPN l s kt ni hai mng ring l thng qua mt ng hm
bo mt. ng hm bo mt ny c th s dng cc giao thc PPTP, L2TP, hoc
IPsec. Mc ch chnh ca LAN-to-LAN l kt ni hai mng khng c ng ni
li vi nhau, khng c vic tha hip tch hp, chng thc, s cn mt ca d liu.
Gm 2 loi : Intranet v Extranet :

Hnh 34 : Kt ni cc mng doanh nghip qua mng cng cng

n tt nghip
89

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1.2.2.1. Intranet VPN ( Mng VPN cc b ) :

Cc VPN cc b c s dng bo mt cc kt ni gia cc a im


khc nhau ca mt cng ty. Mng VPN lin kt tr s chnh, cc vn phng, chi
nhnh trn mt c s h tng chung s dng cc kt ni lun c m ho bo mt.
iu ny cho php tt c cc a im c th truy nhp an ton cc ngun d liu
c php trong ton b mng ca cng ty.
Nhng VPN ny vn cung cp nhng c tnh ca mng WAN nh kh
nng m rng, tnh tin cy v h tr cho nhiu kiu giao thc khc nhau vi chi ph
thp nhng vn m bo tnh mm do. Kiu VPN ny thng c cu hnh nh
l mt VPN Site- to- Site.

Central site

Remote site
POP

Internet

or

Router

vn phng xa

Hnh 35 : M hnh Intranet VPN


Nhng u im ca mng VPN cc b :

-Cc mng li cc b hay ton b c th c thit lp (vi iu kin mng


thng qua mt hay nhiu nh cung cp dch v).
-Gim c s nhn vin k thut h tr trn mng i vi nhng ni xa.
-Bi v nhng kt ni trung gian c thc hin thng qua mng Internet,
nn n c th d dng thit lp thm mt lin kt ngang cp mi.

n tt nghip
90

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

-Tit kim chi ph thu c t nhng li ch t c bng cch s dng ng


ngm VPN thng qua Internet kt hp vi cng ngh chuyn mch tc cao. V
d nh cng ngh Frame Relay, ATM.
Cc nhc im i cng:
- Kh nng b mt gi khi truyn d liu vn rt cao.
- Trong trng hp truyn ti cc d liu a phng tin th gy qu ti, chm h
thng v tc truyn s rt chm do ph thuc vo mng Internet.
- Bi v d liu c truyn ngm qua mng cng cng mng Internet
cho nn vn cn nhng mi e da v mc bo mt d liu v mc cht
lng dch v (QoS).
1.2.2.2. Extranet VPN (Mng VPN m rng ):
Khng ging nh mng VPN cc b v mng VPN truy nhp t xa, mng VPN
m rng khng b c lp vi th gii bn ngoi. Thc t mng VPN m rng
cung cp kh nng iu khin truy nhp ti nhng ngun ti nguyn mng cn thit
m rng nhng i tng kinh doanh nh l cc i tc, khch hng, v cc nh
cung cp

Central site

Remote site
DSL
cable

POP

Internet

or

Router
Extranet
Business-to-business

Intranet
.

Hnh 36 : M hnh mng VPN m rng.

n tt nghip
91

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Cc VPN m rng cung cp mt ng hm bo mt gia cc khch hng, cc


nh cung cp v cc i tc qua mt c s h tng cng cng. Kiu VPN ny s
dng cc kt ni lun lun c bo mt v c cu hnh nh mt VPN Siteto
Site. S khc nhau gia mt VPN cc b v mt VPN m rng l s truy cp
mng c cng nhn mt trong hai u cui ca VPN.
Nhng u im chnh ca mng VPN m rng:
- Chi ph cho mng VPN m rng thp hn rt nhiu so vi mng truyn
thng.
- D dng thit lp, bo tr v d dng thay i i vi mng ang hot ng.
- V mng VPN m rng c xy dng da trn mng Internet nn c nhiu
c hi trong vic cung cp dch v v chn la gii php ph hp vi cc nhu
cu ca mi cng ty hn.
- Bi v cc kt ni Internet c nh cung cp dch v Internet bo tr, nn
gim c s lng nhn vin k thut h tr mng, do vy gim c chi ph
vn hnh ca ton mng.
Bn cnh nhng u im trn gii php mng VPN m rng cng cn
nhng nhc im i cng nh:
- Kh nng bo mt thng tin, mt d liu trong khi truyn qua mng cng
cng vn tn ti.
- Truyn dn khi lng ln d liu, nh l a phng tin, vi yu cu truyn
dn tc cao v m bo thi gian thc, l thch thc ln trong mi trng
Internet.
- Lm tng kh nng ri ro i vi cc mng cc b ca cng ty.
1.3. C s k thut ng hm:
K thut ng hm l mt thnh phn cc k quan trng trong VPN, n cho
php cc t chc to mt mng ring ngay trn internet hoc cc mng cng cng
khc. Mng ring o ny khng b xm nhp bi ngi l, nhng c nhn, my
tnh khng thuc t chc ca mng ring o ny.

n tt nghip
92

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

ng hm l k thut ng gi tan b d liu ca bt k mt nh dng


giao thc no khc. Header (hoc c thm Trailer) ca ng hm s c nh
vo gi tin ban u sau c truyn thng qua mt c s h tng trung gian n
im ch.
1.3.1. Cc thnh phn ca k thut ng hm :
trin khai mt ng hm gia hai im, chng ta cn c bn thnh phn
cho ng hm :
- Mng ch : Mng cha nhng ti nguyn c s dng t xa bi cc my
khch ( n c tn gi khc l home network )
- Nt initiator: L my khch t xa hoc my ch khi to mt phin lm
vic VPN. Initiator c th l mt phn ca mng ni b hoc l mt ngi dng di
ng, v d laptop.
- Home agent : Phn mm nm mt im truy cp target network. HA s
nhn yu cu v kim tra xem my ch yu cu c thm quyn truy cp khng. Nu
kim tra thnh cng, n s bt u thit lp ng hm.
- Foreign agent : Phn mm nm trong initiator hoc mt im truy cp
mng cha initiator. Initiator s dng FA yu cu mt phin lm vic VPN t
HA ti mng ch.
1.3.2. Phn loi ng hm :
Da trn cch thc ng hm thng tin c to ra ta chia lm hai lai
voluntary hay compulsory.
1.3.2.1. Voluntary Tunnels (ng hm ty ) :
Voluntary Tunnels l lai ng hm xuyn sut t u n cui.
Voluntary Tunnels c to ra theo yu cu ca my khch. Kt qu l inititor s
tr thnh mt u cui ca ng hm. Bi vy mt ng hm ring bit c to
ra cho mi cp my trao i thng tin. Sau khi qu trnh truyn thng gia hai my
kt thc, ng hm ny cng s kt thc theo.

n tt nghip
93

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 37 : Minh ha ng hm ty .
1.3.2.2. Compulsory Tunnels (ng hm cng bc ) :
Khng ging nh ng hm voluntary c to ra theo yu cu ca my
khch. ng hm compulsory c to ra v nh cu hnh bi mt thit b trung
gian. Initiator phi s dng ng hm c to ra bi thit b trung gian nn n
mi c tn l ng hm cng bc.
Ghi ch: Cc giao thc ng hm khc nhau s dng cc thit b trung gian
han tan khc nhau. V d i vi L2TP s dg L2TP Access Concentrator (LAC).
Tng t giao thc PPTP s dng thit b trung gian l Front End Processor (FEP).
Cn ci t IPSec, thit b trung gian s dng trong phin truyn thng VPN l IP
Security Gateway.

Trong trng hp ng hm compulsory , c my khch t xa cng nh


my khch kt ni cc b u phi kt ni vi thit b trung gian, c t ti ISP's
POP. Sau khi kt ni thnh cng, thit b trung gian s tao ra ng hm.

Hnh 38 : Minh ha ng hm cng bc.


Bng so snh hai loi ng hm.
ng hm voluntary

ng hm compulsory

initiator l im cui ca ng hm.

Thit b trung gian l im cui ca


n hm

Mt ng hm ring bit cho mi Mt ng hm c dng chung cho


qu trnh truyn thng

nhiu qu trnh truyn thng

ng hm kt thc khi qu trnh ng hm s khng kt thc cho n


truyn d liu gia hai my kt thc

khi cp truyn thng cui cng dng


trao i d liu

n tt nghip
94

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

D liu c trao i nhanh

D liu trao i chm hn do nhiu


qu trnh truyn thng dng chung
mt ng hm

ng hm ngn

ng hm di

1.3.3. Giao thc ng hm :


K thut ng hm s dng 3 giao thc :
- Carrier protocol (giao thc truyn ti). Giao thc c dng gi
gi tin ng hm n ch thng qua mng tng tc. Gi tin ng hm c
ng gi bn trong gi tin ca giao thc ny. Do n phi gi gi tin qua mt mng
khng ng nht, v d internet, giao thc ny cn c h tr rng ri. PPPoE,
PPPoA..
- Encapsulating protocol (giao thc ng gi). Giao thc c dng
ng gi payload ban u. Giao thc ng gi cng chu trch nhim to ra, bo tr
v kt thc ng hm. Ngy nay giao thc ng gi thng l PPTP, L2TP, and
IPSec.
- Passenger protocol (giao thc gi tin). D liu gc cn c ng gi
truyn qua mng nh ng hm thuc v giao thc ny. VD: IPX, NetBeui, IP .
1.3.4. Giao thc ng hm lp 2:
Hin nay c nhiu gii php gii quyt hai vn v ng gi d liu v
an ton d liu trong VPN, da trn nn tng l cc giao thc ng hm. Mt giao
thc ng hm s thc hin ng gi d liu vi phn Header (v c th c
Trailer) tng ng truyn qua Internet. Giao thc ng hm l ct li ca gii
php VPN. C 4 giao thc ng hm c s dng trong VPN l:
- Giao thc nh hng lp 2 - L2F (Layer 2 Forwarding).
- Giao thc ng hm im-im-PPTP (Point to Point Tunneling
protocol).
- Giao thc ng hm lp 2 - L2TP (Layer 2 tunneling protocol).

n tt nghip
95

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 39 : Cng ngh VPN v m hnh OSI.


Cc giao thc lp 2 u c s tha k t giao thc lin kt im- im. V
vy hiu r cc giao thc ny, chng ta s tm hiu v giao thc lin kt imim.
1.3.4.1. Giao thc im im (PPP Point to - Point Protocol ):
Trong mng my tnh, Point-to-Point Protocol (hoc PPP) l mt giao
thc lin kt d liu, thng c dng thit lp mt kt ni trc tip gia 2 nt
mng. N c th cung cp kt ni xc thc, m ha vic truyn d liu...
PPP c s dng bng nhiu kiu mng vt l khc nhau, bao gm cp
tun t (serial cable), dy in thoi, mng in thoi, radio v cp quang ging nh
SONET. a phn cc nh cung cp dch v Internet u s dng PPP cho khch
hng truy cp Internet. Hai kiu ng gi d liu ca PPP l PPPoE (Point-toPoint Protocol over Ethernet) v PPPoA (Point-to-Point Protocol over ATM), chng
c s dng bi cc nh cung cp dch v Internet kt ni ti dch v Internet.

n tt nghip
96

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Mt s chc nng ca PPP:


- Gn v qun l a ch IP vo gi d liu non_IP.
- Cu hnh v kim sot ng truyn c thit lp.
- ng gi d liu ng b v bt ng b.
- Pht hin li trong qu trnh truyn.
- Dn knh kt hp cc giao thc mng lp 2.
- Tha thun cc thng s thch hp cho cu hnh nh t l nn d liu v
a ch.
Cu trc gi PPP:

Hnh 40 : nh dng gi PPP.


Cu trc khung PPP c 6 trng :
- Flag: trng xc nh bt u v kt thc frame, c di l 1 byte
- Address(a ch) : Trong lin kt im im, giao thc PPP khng s
dng a ch ring cho tng nt nn trng a ch cha chui nh phn 11111111 (
chun a ch truyn i chng), di ca trng l 1 byte.
- Control: Trng iu khin cha chui nh phn 00000011, n ch ra
rng frame mang d liu khng nm trong chui giao tc PPP. Chiu di ca trng
l 1byte.
- Protocol. Trng xc nhn giao thc ca d liu c ng gi trong
trng d liu c frame. Nghi thc trong trng ny c xc nh bi s assigned
trong chun RFC 232. Chiu di l 1 byte.
- Data. Trng cha thng tin c chuyn i gia nt ngun v nt
ch. Chiu di ca trng c khng xc nh, ph thuc vo thng tin cn chuyn
i, tuy nhin di ln nht ca trng d liu l 1500 bytes
- FCS (Frame Check Sequence). Trng cha chui kim tra gip cho
bn nhn xc nh chnh xc ca thng tin nhn c trong rrng d liu.

n tt nghip
97

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Thng thng di ca trng l 2 bytes, tuy nhin khi hin thc PPP c th s
dng n 4 bytes cho FCS tng kh nng pht hin li.
1.3.4.2. Giao thc nh hng lp 2 (L2F Layer 2 Forwarding):
Giao thc nh hng lp 2 L2F do Cisco pht trin c lp v c pht
trin da trn giao thc PPP (Point-to-Point Protocol). L2F cung cp gii php cho
dch v quay s o bng cch thit lp mt ng hm bo mt thng qua c s h
tng cng cng nh Internet. L2F l giao thc c pht trin sm nht, l phng
php truyn thng cho nhng ngi s dng xa truy cp vo mt mng cng ty
thng qua thit b truy cp t xa.
L2F cho php ng gi cc gi PPP trong L2F, nh ng hm lp lin
kt d liu.
a) Cu trc gi ca L2F
1bit

1bit 1bit

1bit 8bit

1bit

Reserved C

3bit

8bit

Version Protocol

Multiplex ID
Length

8bit

Sequence

Client ID
Offset

Key
Data
Ckecksums
Hnh 41 : nh dng gi L2F.

Trong :
F: Trng Offset c mt nu bit ny c thit lp.
K: Trng Key c mt nu bt ny c thit lp.
P_ priority: Gi ny l mt gi u tin nu bt ny c thit lp.
S: Trng Sequence c mt nu bt ny c thit lp.
Reserved: lun c t l: 00000000.
Version : Phin bn chnh ca L2F dng to gi. 3 bit ny lun l 111.
Protocol : Xc nh giao thc ng gi L2F.
Sequence: S chui c a ra nu trong L2F Header bt S=1.

n tt nghip
98

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Multiplex ID: Nhn dng mt kt ni ring trong mt ng hm (tunnel).


Client ID: Gip tch ng hm ti nhng im cui.
Length: chiu di ca gi (tnh bng Byte) khng bao gm phn checksum.
Offset: Xc nh s Byte trc L2F Header, ti d liu ti tin c bt u.
Trng ny c khi bt F=1.
Key: Trng ny c trnh by nu bit K c thit lp. y l mt phn ca
qu trnh nhn thc.
Checksum: Kim tra tng ca gi. Trng checksum c nu bt C=1.
b) u v nhc ca L2F:
u im:
- Cho php thit lp ng hm a giao thc.
- c cung cp bi nhiu nh cung cp.
Nhc im:
- Khng c m ho.
- Yu trong vic xc thc ngi dng.
- Khng c iu khin lung cho ng hm.

c) Hot ng ca L2F :
Khi c mt my khch quay s yu cu khi to kt ni ti mt my ch
trong mng ni b, cc quy trnh sau s c thc hin tun t:
- User t xa khi to mt kt ni PPP ti nh cung cp dch v mng ca
h. Nu user t xa l mt b phn ca mng cc b th ngi dng c th s dng
ISDN hoc cc kt ni tng t n ISP. Nu user khng phi l mt b phn ca
mng ni b th h phi dch v.
- Nu NAS hin hu ISP's POP chp nhn yu cu kt ni th kt ni
PPP s c thit lp gia NAS v user.
- User c chng thc ISP. C th s dng CHAP hay PAP thc
hin chng thc.
- Nu khng c ng hm no tn ti cng vo ca mng ch mong
mun th mt ng hm s c khi to.
- Sau khi ng hm c thit lp xong, s c mt multiplex ID ( MID)
duy nht c ch nh trn kt ni. Mt thng ip thng bo s c gi ti cng

n tt nghip
99

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

vo ca my ch mng. Thng ip ny thng bo cho cng vo v yu cu kt ni


t user t xa.
- Gateway c th chp nhn hay hy b yu cu kt ni. Trong trng hp
yu cu b hy b th user s c thng bo iu ny v kt ni quay s kt thc.
Trong trng hp yu cu kt ni c chp nhn, gateway ca my ch s gi
thng bo khi to ci t ti user t xa. p ng ny c th bao gm c thng tin
v chng thc m gateway s dng chng thc user t xa.
- Sau khi user c chng thc bi my ch mng, mt giao thc o s
c thit lp gia hai u cui.

1.3.4.3 Giao thc ng hm im im (PPTP Point to Point


Tunneling Protocol) :
Giao thc ng hm imim PPTP c a ra u tin bi mt nhm
cc cng ty c gi l PPTP Forum. Nhm ny bao gm 3 cng ty: Ascend

n tt nghip
100

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

comm., Microsoft, ECI Telematicsunication v US Robotic. tng c s ca giao


thc ny l tch cc chc nng chung v ring ca truy cp t xa, li dng c s h
tng Internet sn c to kt ni bo mt gia ngi dng xa (client) v mng
ring. Ngi dng xa ch vic quay s ti nh cung cp dch v Internet a
phng l c th to ng hm bo mt ti mng ring ca h.
PPTP ng gi cc khung d liu ca giao thc PPP vo cc IP datagram
truyn qua mng IP (Internet hoc Intranet). PPTP dng mt kt ni TCP (gi l kt
ni iu khin PPTP) khi to, duy tr, kt thc ng ngm; v mt phin bn
ca giao thc GRE (Generic Routing Encapsulation - ng gi nh tuyn chung)
ng gi cc khung PPP. Phn ti tin ca khung PPP c th c mt m
hoc/v gii nn.
PPTP gi nh tn ti mt mng IP gia PPTP client (VPN client s dng giao
thc ng ngm PPTP) v PPTP server (VPN server s dng PPTP). PPTP client
c th c ni trc tip qua vic quay s ti my ch truy nhp mng (Network
Access Server - NAS) thit lp kt ni IP.
Vic xc thc trong qu trnh thit lp kt ni IP-VPN trn giao thc PPTP s
dng cc c ch xc thc ca kt ni PPP, v d EAP (Extensible Authentication
Protocol: giao thc nhn thc m rng), CHAP (Challenge - Handshake
Authentication Protocol: giao thc nhn thc i hi bt tay), PAP (Password
Authentication Protocol: giao thc nhn thc khu lnh). PPTP cng tha hng
vic mt m hoc/ v nn phn ti tin ca PPP. Mt m phn ti PPP s dng MPPE
(Microsoft Point - to - Point Encryption: mt m im ti im ca Microsoft) (vi
iu kin xc thc s dng giao thc EAP - TLS (EAP - Transport Level Security:
EAP - an ninh mc truyn ti) hoc MS - CHAP ca Microsoft). MPPE ch cung
cp mt m mc truyn dn, khng cung cp mt m u cui n u cui. Nu
cn s dng mt m u cui n u cui th c th s dng IPSec mt m
lu lng IP gia cc u cui sau khi ng ngm PPTP c thit lp. My
ch PPTP l my ch IP-VPN s dng giao thc PPTP vi mt giao din ni vi
Internet v mt giao din khc ni vi Intranet.
a) Duy tr ng hm bng kiu kt ni PPTP :

n tt nghip
101

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Kt ni iu khin PPTP l kt ni gia a ch IP ca my trm PPTP (c


cng TCP c cp pht ng) v a ch IP ca my ch PPTP (s dng cng TCP
dnh ring 1723). Kt ni iu khin PPTP mang cc bn tin iu khin v qun l
cuc gi PPTP c s dng duy tr ng ngm PPTP. Cc bn tin ny bao
gm cc bn tin PPTP Echo - Request v PPTP Encho - Reply nh k pht hin
cc li kt ni gia PPTP client v PPTP server. Cc gi ca kt ni iu khin
PPTP bao gm IP header, TCP header, cc bn tin iu khin PPTP v cc header,
trailer ca lp ng truyn d liu.

Hnh 4.12 : Gi d liu ca kt ni iu khin PPTP


b) ng gi d liu ng ngm PPTP :
ng gi khung PPP: D liu ng ngm PPTP c ng gi thng qua
nhiu mc. Hnh 4.13 l cu trc d liu c ng gi.

Hnh 4.13: D liu ng ngm PPTP


Phn ti ca khung PPP ban u c mt m v ng gi vi phn tiu PPP
to ra khung PPP. Khung PPP sau c ng gi vi phn tiu ca phin bn
sa i giao thc GRE (Generic Routing Encapsulation: giao thc ng gi nh
tuyn chung), giao thc ny cung cp c ch chung cho php ng gi d liu
gi qua mng IP.
i vi PPTP, phn Header ca GRE c sa i mt s im sau:
Mt bit xc nhn c s dng khng nh s c mt ca trng xc
nhn 32 bit.
Trng Key c thay th bng trng di Payload 16 bit v trng
ch s cuc gi 16 bit. Trng ch s cuc gi c thit lp bi PPTP
client trong qu trnh khi to ng ngm PPTP.
Mt trng xc nhn di 32 bit c thm vo.

n tt nghip
102

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

ng gi cc GRE: Phn ti PPP ( c mt m) v cc GRE Header sau


c ng gi vi mt tiu IP cha cc thng tin a ch ngun v ch thch
hp cho PPTP client v PPTP server.
ng gi lp lin kt d liu: c th truyn qua mng LAN hoc WAN,
IP datagram cui cng s c ng gi vi mt Header v Trailer ca lp lin kt
d liu giao din vt l u ra. V d, nu IP datagram c gi qua giao din
Ethernet, n s c gi vi phn Header v Trailer Ethernet. Nu IP datagram
c gi qua ng truyn WAN im ti im (v d nh ng in thoi tng
t hoc ISDN), n s c ng gi vi phn Header v Trailer ca giao thc PPP.
c) X l d liu ng ngm PPTP :
Khi nhn c d liu ng ngm PPTP, PPTP client hoc PPTP server s thc
hin cc bc sau:

X l v loi b phn Header v Trailer ca lp lin kt d liu.

X l v loi b IP Header.

X l v loi b GRE Header v PPP Header.

Gii m hoc/v gii nn phn PPP Payload (Nu cn thit).

X l phn Payload nhn hoc chuyn tip.

d) S ng gi :
Hnh 2.9 l s ng gi PPTP qua kin trc mng (t mt IP-VPN
client qua kt ni truy nhp t xa VPN, s dng modem tng t).

n tt nghip
103

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

TCP/IP

IPX

NetBEU
I

Bt u gi
y
NDIS
NDISWAN
L2TP

Data link
Header

PPTP

IP
Header

text

Async

X.25

ISDN

PPP Encrypted PPP Payload


GRE
(IP Datagram,
Heade
IPX Datagram,
Header
r
NetBEUI Frame)

Data link
Trailer

Cu trc gi tin cui cng

Hnh 42: S ng gi PPTP


Qu trnh c m t cc bc sau:
Cc IP datagram v IPX datagram hoc khung NetBEUI c a ti giao
din o bng giao thc tng ng (giao din o i din cho kt ni VPN) s dng
NDIS (Network Driver Interface Specification).
NDIS a gi d liu ti NDISWAN, ni thc hin mt m, nn d liu,
v cung cp PPP Header. Phn tiu PPP ny ch gm trng m s giao thc
PPP (PPP Protocol ID Field), khng c cc trng Flags v FCS (Frame Check
Sequence). Gi nh trng a ch v iu khin c tha thun giao thc
iu khin ng truyn LCP (Link Control Protocol) trong qu trnh kt ni PPP.
NDISWAN gi d liu ti giao thc PPTP, ni ng gi khung PPP vi
phn tiu GRE. Trong GRE Header, trng ch s cuc gi c t gi tr thch
hp xc nh ng ngm.
Giao thc PPTP sau s gi gi va hnh thnh ti giao thc TCP/IP.
TCP/IP dng gi d liu ng ngm PPTP vi phn tiu IP, sau gi
kt qu ti giao din i din cho kt ni quay s ti local ISP s dng NDIS.

n tt nghip
104

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

NDIS gi gi tin ti NDISWAN, ni cung cp cc phn PPP Header v


Trailer.
NDISWAN gi khung PPP kt qu ti cng WAN tng ng i din cho
phn cng quay s (v d, cng khng ng b cho kt ni modem).
e) u v khuyt im ca PPTP :
u im chnh ca PPTP:

PPTP l mt gii php c xy dng trn nn cc sn phm ca

Microsoft( cc sn phm c s dng rt rng ri).

PPTP c th h tr cc giao thc non-IP.

PPTP c h tr trn nhiu nn khc nhau nh Unix, Linux, v Apple's

Macintosh. Cc nn khng h tr PPTP c th cc dch v ca PPTP bng cch s


dng b nh tuyn c ci t sn kh nng ca my khch PPTP.
Nhc im caPPTP:

PPTP bo mt yu hn so vi k thut L2TP v IPSec.

PPTP ph thuc nn.

PPTP yu cu my ch v my khch phi c cu hnh mnh.

Mc d PPTP c ci t ring cho VPN nhng cc b nh tuyn cng

nh my ch truy cp t t xa cng phi cu hnh trong trng hp sa dng cc


gii php nh tuyn bng ng quay s.
im yu ln nht ca PPTP l c ch bo mt ca n yu do s dng m
ha vi kha m pht sinh t password ca user. iu ny cng nguy him hn khi
password c gi trong mi trng khng an ton chng thc. Giao thc
ng hm Layer 2 Forwarding (L2F) c pht trin tng cng kh nng bo
mt.
1.3.4.4. Giao thc ng hm lp 2 (L2TP Layer 2 Tunneling
Protocol) :
Giao thc ng hm lp 2 L2TP l s kt hp gia hai giao thc PPTP
v L2F- chuyn tip lp 2. PPTP do Microsoft a ra cn L2F do Cisco khi
xng. Hai cng ty ny hp tc cng kt hp 2 giao thc li v ng k chun
ho ti IETF.

n tt nghip
105

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Ging nh PPTP, L2TP l giao thc ng hm, n s dng tiu ng


gi ring cho vic truyn cc gi lp 2. Mt im khc bit chnh gia L2F v
PPTP l L2F khng ph thuc vo IP v GRE, cho php n c th lm vic mi
trng vt l khc. Bi v GRE khng s dng nh giao thc ng gi, nn L2F
nh ngha ring cch thc cc gi c iu khin trong mi trng khc. Nhng
n cng h tr TACACS+ v RADIUS cho vic xc thc. C hai mc xc thc
ngi dng: u tin ISP trc khi thit lp ng hm, Sau l cng ni ca
mng ring sau khi kt ni c thit lp.
L2TP mang dc tnh ca PPTP v L2F. Tuy nhin, L2TP nh ngha ring
mt giao thc ng hm da trn hot ng ca L2F. N cho php L2TP truyn
thng qua nhiu mi trng gi khc nhau nh X.25, Frame Relay, ATM. Mc d
nhiu cng c ch yu ca L2TP tp trung cho UDP ca mng IP, nhng c th
thit lp mt h thng L2TP m khng cn phi s dng IP lm giao thc ng
hm. Mt mng ATM hay frame Relay c th p dng cho ng hm L2TP.
Do L2TP l giao thc lp 2 nn n cho php ngi dng s dng cc
giao thc iu khin mt cch mm do khng ch l IP m c th l IPX hoc
NETBEUI. Cng ging nh PPTP, L2TP cng c c ch xc thc PAP, CHAP hay
RADIUS.
Mc d Microsoft lm cho PPTP tr nn cch chn la ph bin khi
xy dng VPN bng cch h tr giao thc ny sn c trong h iu hnh Windows
nhng cng ty cng c k hoch h tr thm L2TP trong Windows NT 4.0 v
Windows 98.
a) Duy tr ng hm ngm bng bn tin iu khin L2TP :
Khng ging PPTP, vic duy tr ng ngm L2TP khng c thc hin thng
qua mt kt ni TCP ring bit. Cc lu lng iu khin v duy tr cuc gi c
gi i nh cc bn tin UDP gia L2TP client v L2TP server (L2TP client v L2TP
server u s dng cng UDP 1701).
Cc bn tin iu khin L2TP qua mng IP c gi nh cc UDP datagram. UDP
datagram li c mt m bi IPSec ESP nh trn hnh 43.

n tt nghip
106

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 43: Bn tin iu khin L2TP


V kt ni TCP khng c s dng, L2TP dng th t bn tin m bo vic
truyn cc bn tin L2TP. Trong bn tin iu khin L2TP, trng Next-Received
(tng t nh TCP Acknowledgment) v Next-Sent (tng t nh TCP Sequence
Number) c s dng duy tr thc t cc bn tin iu khin. Cc gi khng
ng th t b loi b. Cc trng Next-Sent v Next-Received cng c th c s
dng truyn dn tun t v iu khin lung cho cc d liu ng ngm.
L2TP h tr nhiu cuc gi trn mi ng ngm. Trong bn tin iu khin L2TP
v phn tiu L2TP ca d liu ng ngm c mt m s ng ngm (Tunnel
ID) xc nh ng ngm, v mt m s cuc gi (Call ID) xc nh cuc gi
trong ng ngm .
b) ng ngm d liu L2TP
ng ngm d liu L2TP c thc hin thng qua nhiu mc ng gi. Hnh
44 ch ra cu trc cui cng ca d liu ng ngm L2TP trn nn IPSec.

Hnh 44 : ng bao gi tin L2TP


-ng gi L2TP: phn ti PPP ban u c ng gi vi mt PPP Header
v mt L2TP Trailer.
- ng gi UDP: gi L2TP sau c ng gi vi mt UDP Header, cc
a ch cng ngun v ch c t bng 1701.
-ng gi IPSec: tu thuc vo chnh sch IPSec, gi UDP c mt m v
ng gi vi IPSec ESP Header, IPSec ESP Trailer, IPSec Authentication Trailer.
-ng gi IP: gi IPSec c ng gi vi IP Header cha a ch IP ngun
v ch ca IP-VPN client v IP-VPN server.

n tt nghip
107

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

-ng gi lp ng truyn d liu: truyn i c trn ng truyn


LAN hoc WAN, IP datagram cui cng s c ng gi vi phn Header v
Trailer tng ng vi k thut lp ng truyn d liu ca giao din vt l u ra.
V d, khi cc IP datagram c gi vo mt giao din Ethernet, IP datagram s
c ng gi vi Ethernet Header v Trailer. Khi cc IP datagram c gi trn
ng truyn WAN im ti im (chng hn ng dy in thoi ISDN), IP
datagram c ng gi vi PPP Header v Trailer.
c) X l d liu ng ngm L2TP trn nn IPSec
Khi nhn c d liu ng ngm L2TP trn nn IPSec, L2TP client hay L2TP
server s thc hin cc bc sau:
X l v loi b Header va Trailer ca lp ng truyn d liu.
X l v loi b IP Header.
Dng IPSec ESP Auth Trailer xc thc IP payload v IPSec ESP Header.
Dng IPSec ESP Header gii m phn gi mt m.

X l UDP Header v gi gi L2TP ti L2TP.

L2TP dng ch s ng ngm v ch s cuc gi trong L2TP Header


xc nh ng ngm L2TP c th.

Dng PPP Header xc nh PPP Payload v chuyn tip n ti ng


giao thc x l.

d) S ng gi L2TP trn nn IPSec

Hnh 45 : S ng gi L2TP

n tt nghip
108

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Cc bc sau m t qu trnh :

Mt IP datagram, IPX datagram, hoc NetBEUI Frame c a ti

giao din o i din cho kt ni IP-VPN s dng NDIS bng giao thc thch hp.

NDIS a cc gi ti NDISWAN, ti y c th nen v cung cp PPP

Header ch bao gm trng ch s PPP Protocol. Cc trng Flag hay FCS khng
c thm vo.

NDISWAN gi khung PPP ti giao thc L2TP, ni ng gi PPP

Frame vi mt L2TL Header. Trong L2TP Header, ch s ng ngm v ch s


cuc gi c thit lp vi cc gi tr thch hp xc nh ng ngm.

Giao thc L2TP gi gi thu c ti giao thc TCP/IP vi thng tin

gi gi L2TP nh mt bn tin UDP t cng UDP 1701 ti cng UDP 1701 vi cc


a ch IP ca IP-VPN client v IP-VPN server.

Giao thc TCP/IP xy dng mt gi IP vi cc IP Header v UDP

Header thch hp. IPSec sau s phn tch gi IP v so snh n vi chnh sch
IPSec hin thi. Da trn nhng thit lp trong chnh sch, IPSec ng gi v mt
m phn bn tin UDP ca gi IP s dng cc ESP Header v Trailer ph hp. IP
Header ban u vi Protocol field c t l 50 c thm vo pha trc ca gi
ESP. Giao thc TCP/IP sau gi gi thu c ti giao din i din cho kt ni
quay s ti local ISP s dng NDIS.

NDIS gi s ti NDISWAN.

NDISWAN cung cp PPP Header v Trailer v gi khung PPP thu

c ti cng AN thch hp i din cho phn cng dial-up.


e) u im v khuyt im ca L2TP :
u im:
L2TP l mt gii php chung, khng ph thuc nn v h tr nhiu k
thut mng. Hn na L2TP c th h tr giao tc thng qua lin kt nonIP ca mng WAN m khng cn IP.
ng hm L2TP ch n thun l user t xa hoc ISP. Do n khng
yu cu b sung cu hnh ca user t xa v ISP.
L2TP cho php t chc kim sot chng thc users thay v.

n tt nghip
109

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

L2TP h tr kim sot lung v cc gi d liu b loi b khi ng hm


qu ti. do giao tc trn L2TP nhanh hn giao tc trn L2F.
L2TP cho php users vi a ch IP cha c ng k c th truy cp
mng t xa thng qua mng cng cng.
L2TP tng cng bo mt bng cch cch m ha d liu da trn IPSec
trn sut ng hm v kh nng chng thc gi ca IPSec.
Khuyt im:
L2TP chm hn PPTP v L2F v n s dng IPSEc chng thc tng
gi nhn oc..
Mc d PPTP c ci t ring cho gii php VPN nhng vn phi cu
hnh thm b nh tuyn v my phc v truy cp t xa.
1.3.5. Giao thc bo mt IPSec (Intrenet Protocol Security) :
Cc giao thc nguyn thu TCP/IP khng bao gm cc c tnh bo mt vn
c. Trong giai on u ca Internet khi m ngi dng thuc cc trng i hc v
cc vin nghin cu th vn bo mt d liu khng phi l vn quan trng nh
by gi khi m Internet tr nn ph bin, cc ng dng thng mi c mt khp ni
trn Internet v i tng s dng Internet rng hn bao gm c cc Hacker.
thit lp tnh bo mt trong IP cp gi, IETF a ra h giao thc
IPSec. H giao thc IPSec u tin oc dung cho xc thc, m ho cc gi d liu
IP, c chun ho thnh cc RFC t 1825 n 1829 vo nm 1995. H giao thc
ny m t kin trc c bn ca IPSec bao gm hai loi tiu c s dng trong
gi IP, gi IP l n v d kiu c s trong mng IP. IPSec nh ngha 2 loi tiu
cho cc gi IP iu khin qu trnh xc thc v m ho: mt l xc thc tiu
IP AH (IP Authentication Header) iu khin vic xc thc v hai l ng gi ti
tin an ton ESP (Encapsulation Security Payload) cho mc ch m ho.
IPSec khng phi l mt giao thc. N l mt khung ca cc tp giao thc
chun m cho php nhng nh qun tr mng la chn thut ton, cc kho v
phng php nhn thc cung cp s xc thc d liu, tnh ton vn d liu, v s
tin cy d liu. IPSec l s la chn cho bo mt tng th cc VPN, l phng n

n tt nghip
110

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

ti u cho mng ca cng ty. N m bo truyn thng tin cy trn mng IP cng
cng i vi cc ng dng.
IPsec to nhng ng hm bo mt xuyn qua mng Internet truyn
nhng lung d liu. Mi ng hm bo mt l mt cp nhng kt hp an ninh
bo v lung d liu gia hai Host.
IPSec c pht trin nhm vo h giao thc IP k tip l IPv6, nhng do vic
trin khai IPv6 cn chm v s cn thit phi bo mt cc gi IP nn IPSec c
thay i cho ph hp vi IPv4.
a)Khung giao thc IPSec :
IPSec l khung ca cc chun m, c pht trin bi IETF.

Hnh 46: Khung giao thc c s dng trong IPSec


Mt s giao thc chnh c khuyn khch s dng khi lm vic vi IPSec.
- Giao thc bo mt IP (IPSec)
+ AH (Authentication Header)
+ ESP (Encapsulation Security Payload)
- M ho bn tin
+ DES (Data Encryption Standard)
+ 3 DES (Triple DES)
- Cc chc nng ton vn bn tin
+ HMAC (Hash ased Message Authentication Code)
+ MD5 (Message Digest 5)
+ SHA-1 (Secure Hash Algorithm -1)

n tt nghip
111

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

- Nhn thc i tc (peer Authentication)


+ Rivest, Shamir, and Adelman (RSA) Digital Signatures
+ RSA Encrypted Nonces
- Qun l kho
+ DH (Diffie- Hellman)
+ CA (Certificate Authority)
- Kt hp an ninh
+ IKE (Internet Key Exchange)
+ ISAKMP (Internet Security Association and Key Management
Protocol)
IPSec l tp hp nhng tiu chun m lm vic cng nhau thit lp tnh bo
mt, ton vn d liu v nhn thc gia cc thit b ngang hng. Nhng im ngang
hng c th l nhng cp Host hay nhng cp cng ni bo mt (nhng b nh
tuyn, nhng tng la, nhng b tp trung VPN ) hay c th gia mt host v
mt cng ni bo mt, nh trong VPN truy cp t xa.
Hai giao thc chnh ca IPSec l AH (Authentication Header) v ESP
(Encapsulation Security Payload ).
- AH: Cho php xc thc v kim tra tnh ton vn d liu ca cc gi IP

truyn

gia hai h thng. N l mt phng tin kim tra xem d liu c b thay
i trong khi truyn khng. Do AH khng cung cp kh nng mt m d liu
nn cc d liu u c truyn di dng bn r.
- ESP: L mt giao thc an ton cho php mt m d liu, xc thc ngun gc d
liu, kim tra tnh ton vn d liu. ESP m bo tnh b mt ca thng tin
thng qua vic mt m lp IP. Tt c cc lu lng ESP u c mt m
gia hai h thng.
Giao thc AH
khun dng AH

n tt nghip
112

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 47 : Khun dng gi AH


+ Next header (8bit): Xc nh kiu d liu ca phn Payload tip sau AH. Gi tr
ca trng ny c la chn t tp cc gi tr s giao thc IP c nh ngha bi
IANA (TCP_6; UDP_ 17).
+ Payload length (8bit): Xc nh di ca AH theo n v 32bit (4 Byte).
+ Reserved (16 bit): trng ny dng d tr s dng trong tng lai. Gi tr ca
trng ny c th t bng 0 v c tham gia trong vic tnh Authentication Data.
+ Security Parameter Index (SPI):
-

SPI l mt s 32 bit bt k, cng vi a ch IP ch v giao thc an ninh


ESP cho php nhn dng duy nht SA cho gi d liu ny. Cc gi tr SPI t
1255 c dnh ring s dng trong tng lai. SPI thng c la
chn bi pha thu khi thit lp SA. SPI l trng bt buc.

Gi tr SPI 0 c s dng cc b. C th s dng gi tr ny ch ra cha


c SA no tn ti.

+ Sequence number (SN):


-

Trng 32 bit khng du cha mt gi tr m tng dn. SN l trng bt


buc cho d pha thu khng thc hin dch v chng trng lp cho mt SA
c th no. vic x l SN tu thuc pha thu, ngha l pha pht lun phi
truyn trng ny, cn pha thu c th khng cn phi x l n.

n tt nghip
113

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

B m ca pha pht v pha thu u c khi to 0 khi mt SA c


thit lp (gi u tin c truyn i s dng SA s c SN=1). Nu dch v
anti-replay c la chn th c pht i s khng c lp li (bng cch
thit lp mt SA mi, v do l mt kho mi) trc khi truyn gi th 232
ca mt SA.

+ Authentication Data:
Trng ny c di bin i cha mt mt gi tr kim tra tnh ton vn ICV
(integrity Check Value) cho gi tin. di ca trng ny bng s nguyn ln 32
bit (hay 4 Byte).
Trng ny c th cha mt phn d liu m kiu tng minh (Explicit padding)
m bo di ca AH header l s nguyn ln 32 bit (i vi IPv4) hoc 64 bit
(i vi IPv6).
Giao thc ESP
Khun dng ESP

Hnh 48: Khun dng gi ESP


Trong :
+ Security Parameter Index (SPI):
-

SPI l mt s 32 bit bt k, cng vi a ch IP ch v giao thc an ninh


ESP cho php nhn dng duy nht SA cho gi d liu ny. Cc gi tr SPI t

n tt nghip
114

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

1255 c dnh ring s dng trong tng lai. SPI thng c la


chn bi pha thu khi thit lp SA. SPI l trng bt buc.
-

Gi tr SPI 0 c s dng cc b. C th s dng gi tr ny ch ra cha


c SA no tn ti.

+ Sequence number (SN):


Trng 32 bit khng du cha mt gi tr m tng dn (SN). SN l trng

bt buc cho d pha thu khng thc hin dch v chng trng lp cho mt
SA c th no. vic x l SN tu thuc pha thu, ngha l pha pht lun
phi truyn trng ny, cn pha thu c th khng cn phi x l n.
-

B m ca pha pht v pha thu u c khi to 0 khi mt SA c


thit lp (gi u tin c truyn i s dng SA s c SN=1). Nu dch v
anti-replay c la chn th c pht i s khng c lp li (bng cch
thit lp mt SA mi, v do l mt kho mi) trc khi truyn gi th 232
ca mt SA.

+ Payload Data
Trng ny c di bin i cha d liu m t trong Next header. Payload
Data l trng bt buc v c di bng s nguyn ln Byte.
+ Padding
Nu thut ton mt m c s dng yu cu bn r (cleartext hay plaintext)
phi l s nguyn ln khi cc Byte (trong mt m khi) th Padding field c s
dng thm vo Plaintext c kch thc yu cu.
Padding cn thit m bo phn d liu mt m s kt thc bin gii 4
Byte phn bit r rng vi trng Authentication Data.
Ngoi ra padding cn c th c s dng che du di thc ca Payload,
tuy nhin mc dch ny phi c cn nhc v n nh hng ti bng tn truyn
dn. Bn gi c th thm 0255 Padding Byte.
+ Pad length
Trng ny xcnh s padding Byte thm vo. Cc gi tr hp l l 0255.
Pad length l trng bt buc.

n tt nghip
115

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

+ Next header (8bit)


L mt trng bt buc. Next header xc nh kiu d liu cha trong Payload
Data. Gi tr ca trng ny c la chn t tp ccgi tr IP Protocol Numbers
nh ngha bi IANA..
+ Authentication Data
Trng c di bin i cha mt gi tr kim tra tnh ton ven ICV
(integrity Check Value) tnh trn d liu ca ton b gi ESP tr trng
Authentication Data. di ca trng ph thuc vo hm xc thc c la chn.
trng ny l tu chn, v ch c thm vo nu dch v authentication c la
chn cho SA ang xt. Thut ton xc thc phi ch ra di ca ICV v cc bc
x l cng nh cc lut so snh cn thc hin kim tra tnh ton vn ca gi tin.
Hot ng ca AH v ESP trong cc ch (mode)
AH v ESP u c th c s dng cho cc gi tin IP theo hai cch khc
nhau tng ng vi hai mode: Transport mode v Tunnel mode.
+ Transport mode:
c s dng ph bin cho nhng kt ni gia cc host hay gia cc thit b
c chc nng nh nhng host. V d, mt cng ni IPSec ( c th l b nh
tuyn phn mm IOS, FIX Firewall, hay b tp trung VPN 3000 ca Cisco) c th
xem nh l mt host khi c truy nhp bi mt nh qun l cu hnh hay nhng
hot ng iu khin khc.
Transport mode cho php bo v phn ti tin ca gi d liu, cung cp c ch
bo mt cho cc giao thc lp trn, nhng khng bo v IP header v phn IP
header lun dng clear.
Trong Transport mode, AH c chn vo sau tiu IP v trc cc giao
thc lp trn (TCP, UDP) hoc bt k tiu IPSec c chn vo trc .
+ Tunnel mode:
c s dng gia cc cng ni nh cc b nh tuyn, nhng FIX Firewwall,
nhng b tp trung. Tunnel mode cng c s dng ph bin khi mt host kt ni
ti mt trong nhng cng ni gia tng truy nhp ti cc mng c iu

n tt nghip
116

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

khin bi cng ni , nh trong trng hp nhng ngi dng t xa quay s truy


cp ti mt b nh tuyn hay b tp trung.

Hnh 4.21 : Khun dng gi tin IPv4 trc v sau khi x l AH

Hnh 49 : Khun dng gi tin IPv6 trc v sau khi x l AH

n tt nghip
117

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 4.23 : Khun dng gi tin IPv4 trc v sau khi x l ESP

Hnh 50 : Khun dng gi tin IPv6 trc v sau khi x l ESP


c th p dng AH v ESP trong ch Transport mode v Tunnel mode,
IPSec yu cu phi h tr c cho t hp ca transport mode v Tunnel mode.
iu ny c thc hin bng cc s dng Tunnel mode m ho v xc thc cc
gi v tiu ca n ri gn AH hoc ESP, hoc dng c hai trong ch transport
mode bo mt cho tiu mi c to ra. AH v ESP khng th s dng chung
trong Tunnel mode bi v ESP c c ch tu chn xc thc, tu chn ny nn s
dng trong Tunnel modekhi cc gi cn phi m ho v xc thc.

n tt nghip
118

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

b) Hot ng ca giao thc IPSec :


Ta bit rng, mc ch chnh ca IPSec l bo v lung d liu mong mun
vi cc dch v bo mt cn thitv hot ng ca IPSec c th chia thnh 5 bc
chnh nh sau:

A gi lu lng cn bo v ti B
Router A v B tho thun mt phin trao i IKE Phase 1 IKE
SA

IKE Phase IKE SA

Router A v B tho thun mt phin trao i IKE Phase 2


IPSec SA

IKE Phase IPSec SA

Thng tin c truyn dn qua ng hm IPSec


Kt thc ng hm IPSec
Hnh 4.24 : 5 bc hot ng ca IPSec.
Bc 1: Lu lng cn c bo v khi to qu trnh IPSec. y, cc thit
b IPSec s nhn ra u l lu lng cn c bo v chng hn thng qua trng
a ch.
Bc 2: IKE Phase 1 IKE xc thc cc i tc IPSec v mt tp cc dch v
bo mt c tho thun v cng nhn (tho thun cc kt hp an ninh IKE SAs
(Security associations)). Trong phase ny, thit lp mt knh truyn thng an ton
tin hnh tho thun IPSec SA trong Phase 2.
Bc 3: IKE Phase 2 IKE tho thun cc tham s IPSec SA v thit lp cc
IPSec SA tng ng hai pha. Nhng thng s an ninh ny c s dng
bo v d liu v cc bn tin trao i gia cc im u cui. kt qu cui cng ca
hai bc IKE l mt knh thng tin bo mt c to ra gia hai pha.
Bc 4: Truyn d liu D liu c truyn gia cc i tc IPSec da trn
c s cc thng s bo mt v cc kho c lu tr trong c s d liu SA.

n tt nghip
119

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Bc 5: Kt thc ng hm IPSec kt thc cc SA IPSec do b xo hoc do


ht hn (time out).
c) V d v hot ng ca IPSec :
tm tt ton b qu trnh hot ng ca IPSec, ta xt mt v d nh trong
hnh v.
Encrypted
Mng ring
oc bo v

Clear text
Digital Certification
Mng ring
c bo v

Certificate
Authority

Internal
Network

D liu
IKE Session
SA

Internal
Network

Internet

LAN

Authenticated
Encryption Tunnel

LAN

Hinh 51 : Qu trnh trao i thng tin


Trong v d ny, B mun truyn thng an ton vi A. Khi gi d liu ti
Router B, Router ny s kim tra chnh sch an ninh v nhn ra gi ny cn c
bo v. chnh sch an ninh c cu hnh trc cng cho bit Router A s l im
cui pha bn kia ca ng hm IPSec. Router B kim tra xem c IPSec SA no
c thit lp vi Router A cha? nu cha th yu cu mt qu trnh IKE thit
lp IPSec SA. Nu hai Router tho thun c mt IPSec SA th IPSec SA c
th c to ra tc thi. Trong trng hp, hai Router cha tho thun mt IKE SA
th u tin chng phi tho thun mt IKE SA trc khi tho thun cc IPSec SA.
Trong qu trnh ny, hai Router trao i cc chng thc s, cc chng thc ny phi
c k trc bi mt CA m hai pha cng tin tng. Khi phin IKE c thit
lp, hai Router c th tho thun IPSec SA. Khi IPSec SA c thit lp, hai
Router s thng nht c thut ton mt m (chng hn DES), thut ton xc thc
(chng hn MD5), v mt kho phin s dng chung. Ti y, Router B c th mt
m gi tin ca B, t n vo trong mt gi IPSec mi, sau gi ti Router A. Khi

n tt nghip
120

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Router A nhn gi IPSec, n tm kim IPSec SA, x l gi theo yu cu, a v


dng gi tin ban u v chuyn ti A. Qu trnh phc tp ny c thc hin hon
ton trong sut i vi A v B.
d) Cc vn cn tn ng ca IPSec :
Mc d IPSec sn sng a ra cc c tnh cn thit cho vic bo mt mt
VPN thng qua mng Internet nhng n vn cn trong giai on pht trin
hng ti hon thin. Tt c cc gi c s l theo IPSec s lm tng kch thc
gi tin do phi thm vo cc tiu IPSec lm cho thng lng ca mng gim
xung. iu ny c th c gii quyt bng cch nn d liu trc khi m ha,
nhng iu ny cha c chun ha.
-

IKE vn l cng ngh cha c chng minh. Phng thc chuyn kho
bng tay li khng thch hp cho mng c s lng ln cc i tng di
ng.

IPSec c thit k ch iu khin lu lng IP m thi.

Vic tnh ton cho nhiu gii hut trong IPSec vn cn l mt vn i vi


cc trm lm vic v my PC c.

Vic phn phi cc phn cng v phn mm mt m vn cn b hn ch i


vi chnh ph mt s nc.

S dng IPSec ch dng hm cho php cc nt c th c nhng a


ch IP khng hp l nhng vn c th lin lc c vi cc nt khc. Nhng
khi chuyn xung bo mt mc Host th cc a ch phi c qun l
cn thn sao cho nhn dng c nhau.

n tt nghip
121

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

CHNG II : THIT LP M HNH VPN SERVER TRN


WINDOWS 2003
2.1. Xy dng mt Remote Access VPN :
2.1.1. Yu cu phn cng :
- Mt modem ADSL
- Cn c mt ng truyn ADSL tc cao (Nu l dch v ADSL vi a
ch IP tnh cng tt) phc v cho qu trnh kt ni v truyn thng gia trong
v ngoi cng ty. Cc ngi dng xa (VPN Client) s kt ni n my ch
cung cp dch v VPN Server gia nhp h thng mng ring o ca cng
ty v c cp pht a ch IP thch hp kt ni vi cc ti nguyn ni b
ca cng ty.
- Mt my ch ci t Windows Server 2003 hoc Windows Server 2000
lm my ch VPN (VPN Server), c 1 card mng kt ni vi h thng mng
ni b v mt card mng kt ni ti lp mng chy dch v Internet bn
ngoi ADSL (IP tnh, nu dng IP ng th phi s dng kt hp vi cc dch
v Dynamic DNS nh dynDNS.org hay no-ip.com) kt ni vi bn
ngoi (Internet).
2.1.2. Yu cu phn mm :
- Mt my tnh VPN server s dng Windows server 2003.
- Mt my tnh VPN client s dng Windows XP, Vista hay Windows 7.
2.1.3. M hnh Remote Access VPN :
Gm mt my tnh lm server VPN v mt my client :
My VPN server :
IP Address : 192.168.1.200
Subnet Mask : 255.255.255.0
Default Gateway : 192.168.1.1

n tt nghip
122

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Preferred DNS Server : 210.245.24.20


My VPN client :
IP Address : 192.168.1.X

( X nm trong di t 1 n 255)

Subnet Mask : 255.255.255.0


Default Gateway : 192.168.1.1
Preferred DNS Server : 210.245.24.20
2.1.4. Cc bc thc hin :
a) ng k mt DDNS (Dynamic Domain Name System H thng
tn min ng) :
DDNS c nhim v c nhim v cp nht a ch IP WAN cho kt ni
Internet.

Hnh 52 IP WAN

e thuan tien cho qua trnh truy cap ta ngi ta s dung ten mien thay the
cho IP WAN. Gia s ta co ten mien ttp07b.homeip.net tng ng vi a ch IP
WAN 118.112.10.156 , khi IPWAN thay oi thanh 1 a ch khac nh

n tt nghip
123

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

118.68.9.169 th dch vu DDNS se t ong cap nhat a ch IPWAN mi cho ten

mien ttp07b.homeip.net.
=> nh vay chung ta khong can quan tam en IP WAN ma ch can nh en ten
mien ma thoi.
Ta c th ng k ti khon cc trang no-ip.com hoc dyndns.com . Sau khi
ng k xong th m mail kch hot ti khon , vo li trang no-ip.com hoc
dyndns.com ng nhp bng accoutn ng k ri to mt tn min .

Hnh 53: To mt tn min.

n tt nghip
124

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

To mt tn min
ri chn ui.

Nhp vo y
cp nht IP
WAN

Hnh 54 : To mt tn min.
Sau click Next hon thnh .

n tt nghip
125

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 55 : Tn min ng hon thnh.

b) Cu hnh mt VPN server trn Windows 2003 :


Bc 1 : Ci t cc dch v trn Routing and Remote Access.
Trc khi ci VPN, cn Stop dch v Windows Firewall/Internet
Connection Sharing (ICS) v chuyn dch v sang ch Disable (mc nh sau
khi ci l Automatic).
Chy Services Manager bng cch click Start->Programs->
Administrative Tools->Services. Giao din ca Services Manager nh hnh :

n tt nghip
126

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 56 : Tt Windows Firewall/Internet Connection Sharing (ICS).


Sau khi dng dch v Windows Firewall/Internet Connection Sharing (ICS),
tin hnh ci t VPN Server.
ci t VPN trn Windows 2003, chy Manager Your Server bng cch
click Start->Programs->Administrative Tools-> Manager Your Server.

Hnh 57 : Manager Server.

n tt nghip
127

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Nhp vo Add or remove a role to thm cc dc v.

Hnh 58 : Configure Your Server Wizard.


Click Next tip tc.

Hnh 59: La chn dch v Remote access/VPN server.


Click Next tip tc.

n tt nghip
128

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 60: Hin ra danh sch cc dch v c thit lp.


Click Next tip tc.

Click Next tip tc vo cu hnh VPN .

n tt nghip
129

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 61: Cho php cu hnh Routing and Remote Access Server.

Hnh 62 : La chn VPN server v LAN routing.

Cho php la chn cc dch v c trong Routing and Remote Access.

n tt nghip
130

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 63 dch v c ci t , nhn Finish hon thnh.

Hnh 2.13 Nhn Next Start cc dch v .

n tt nghip
131

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 64: Nhn Finish kt thc. Sau bc ny l cu hnh VPN server

Bc 2 : Cu hnh VPN server :

Hnh 65 : Manage Server.

n tt nghip
132

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Sau khi ci t Routing and Remote Access, cu hnh VPN Server, c th chy
Manage Your Server, sau click vo Manage this remote access/VPN server (nh
hnh). Hoc c th click Start-> Programs-> Administrative Tools -> Routing and
Remote Access.

Hnh 66 : Giao din chnh ca Routing and Remote Access.


Ch : trn menu chut phi c mt s chc nng cn quan tm:
- Disable Routing and Remote Access: Chc nng ny c s dng khi ta
mun xo cu hnh Routing and Remote Access c to 1 cu hnh mi. Sau khi
disable, trn menu chut phi ni trn, chn Configure and Enable Routing and
Remote Access, cu hnh mt Routing and Remote Access mi.
- All Tasks vi cc chc nng con nh Start, Stop, Pause, Resume, Restart
c s dng i vi service Enable Routing and Remote Access. Vic ny cng
tng t nh khi s dng Service Manager.

n tt nghip
133

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 67: Tab General.


Cn ch n 3 tab l General, Security v IP.
Trong Tab General, cn kim tra mc Router v Remote access server c
check. Mc Router cho php nh tuyn cc yu cu t VPN Client n cc my
trong mng ni b. Mc Remote access server cho php cc VPN client kt ni n
c. Nn chn LAN and demand-dial routing.

Hnh 68 : Tab Security.

n tt nghip
134

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Tab ny cho php la chn Authentication provider v Accounting provider. Nu


trong mng ni b c 1 my tnh ci RADIUS, c th la chn Authentication
provider v Accounting provider l RADIUS. Trong phn ny, la chn Windows
Authentication v Windows Accounting.

Hnh 69 : Tab IP.


Chn Static address pool ri chn Add.

n tt nghip
135

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 70 Nhp khong a ch vo


Trong hnh nhp cc gi tr vo cc Start IP address v End IP address. Cc IP
trong di ny s c cp t ng cho mi kt ni VPN.
Bc 3 : Remote Access Policies :
Bc cui cng l cho php truy cp qua Remote Access Policies.

n tt nghip
136

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 71 Remote Access Policies


Trong hnh chn Remote Access Policies. Remote Access Policies c 2 la chn l
Connections to Microsoft Routing and Remote Access Server v Connections to
other access server. Chut phi vo Connections to Microsoft Routing and Remote
Access Server, trn menu chut phi chn Properties.

n tt nghip
137

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 72 Th Connections to Microsoft Routing and Remote Access Server


Trong hnh la chn Grant remote access permission, sau nhp OK
xc nhn.Thc hin cng vic tng t i vi la chn Connections to other
access server.
Sau bc ny l vic to account trn Windows cho php s dng kt ni
VPN.
Bc 4 :To mt user trn Windows cho php s dng VPN :
Nh bit, vic to user trn Windows s dng Computer Manager.
chy Computer Manager, click Start -> Programs->Administrative Tools>Computer Manager. Giao din chnh ca Computer Manager nh bn di.

n tt nghip
138

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 73 To user ng nhp


Trn hnh chn System Tools->Local Users and Groups->Users. Sau
chut phi vo user mun cho php dng VPN, v d user client. Trn menu chut
phi, nhp Properties.

n tt nghip
139

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Hnh 74 : Properties ca client.


Trn hnh chn Tab Dial-in. Trong tab ny, chn Allow access. Nu mun
ch chnh xc a ch IP cp cho VPN Client i vi user trn, chn Assign a Static
IP Address. Sau g a ch IP vo tng ng. a ch ny c th nm ngoi di
IP m ta chn trn. Tuy nhin n nn nm cng lp vi di IP .
Sau bc ny, user client c th kt ni VPN n VPN Server.
c) NAT port 1723 trn Modem ADSL :
Modem c cu hnh trong v d ny l ZyXEL P-660H-T1 v2. M trnh
duyt g 192.168.1.1. Password l 1234.

n tt nghip
140

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Password l 1234.

Chn Ignore vo giao din chnh.

n tt nghip
141

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Sau khi vo c giao din chnh chn Tab Advanced khai bo tn min ng.

n tt nghip
142

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Chn thanh Dynamic DNS trong Tab Advanced. nh du check vo Active


Dynamic DNS v khai bo tn min , account , password ng k trang
dyndns.com -> sau Apply thc thi.

Sau vo Tab Security chn thanh Firewall. B chn nt check Active


Firewall.

n tt nghip
143

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Trong Tab Network chn thanh NAT, mn hnh bn phi chn Tab Port
Forwarding. Sau chn giao thc PPTP trong Service Name ri g a ch IP
ca VPN server -> sau Add li.

Nh vy l m port 1723 trong modem ADSL. Bc tip theo l kim tra port
m thnh cng cha . Vo trang web canyouseeme.org kim tra.

G port 1723 vo mu v nhn nt check kim tra.

n tt nghip
144

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

c) Ci t VPN client trn Windows 7 :


Vo Control Panel chn Network and Sharing Center .

Open mc :

Chn thanh Set up a new connection or network.

n tt nghip
145

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Trong Set up a connection or Network chn Connect to a workplace.

Trong Connection to a Workplace nh du check vo mu .

n tt nghip
146

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Chn mc Use my Internet connection (VPN).

n tt nghip
147

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Trong Connection to a Workplace g a ch tn min ng ng k t


trc vo Internet address . Sau chn Next. Trong v d ny g l
ttp07b.homeip.net.

G user name v password m VPN server cp trc . Phn Domain b trng.

n tt nghip
148

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Nu c nh hnh trn l chng ta kt ni thnh cng.


tin cho vic s dng vo ln sau ta to shortcut ra ngoi mn hnh
desktop v ln truy nhp sau s nh hnh di.

n tt nghip
149

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

Ta nhp vo user v password truy nhp n my ch VPN.


2.2. Kt lun :
- Vi cng ngh thng tin pht trin nh hin nay p dng cc gip php cng
ngh VPN s gp phn ng k vo s pht trin ca doanh nghip, gip qun l
cc vn phng mt cch c hiu qa.
- Cng ngh VPN gip cc nh qun tr c mt ci nhn tng quan hn v mng
Intranet (M rng mng v phm vi khai thc thng tin) nh mng Internet ang
ngy cng pht trin mnh nc ta nh hin nay.
- Vi cng ngh mng VPN s lm tng kh nng p ng khai thc thng tin
mi lc, mi ni v m bo kh nng an ton bo mt trong qu trnh khai thc ,
n s lm thay i cch suy ngh, lm vic v khai thc thng tin nhanh chng trong
thi i CNTT bng n v h tng CNTT ti Vit nam ngy cng mnh. N s l
nn tng cho cc dch v lp trn khai thc trit khng gii hn v khng gian
a l, thi gian v tng cc cng c cho nh qun l iu hnh sn xut kinh doanh
trong doanh nghip mnh.

n tt nghip
150

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

KT LUN
ti Tm hiu VPN v Cu hnh Camera IP ca chng em hon tt.
ti trnh by c nguyn tc lm vic v cch cu hnh cua mt mng VPN v
cch cu hnh Camera IP qua internet.
Cui cng em xin chn thnh cm n qu thy c v cc bn gip chng
em hon tt n ny. c bit, chng em xin cm n thy Trng Quang Trung
hng dn em hon thnh d n ny.
Tuy nhin do kin thc v thi gian c hn nn n khng trnh khi sai st,
rt mong c s ng gp kin ca thy v cc bn em hon thin n ny.

n tt nghip
151

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

THUT NG VIT TT
T vit tt

T y

ngha

ADSL

Asymmetric Digital Subscriber Line Cng ngh truy nhp ng dy thu


bao s bt i xng

AES

Advanced Encryption Standard

Chun mt m cao cp

AH

Authentication Header

Giao thc tiu xc thc

ARP

Address Resolution Protocol

Giao thc bin dch a ch

ATM

Asynchronous Tranfer Mode

Cng ngh truyn ti khng ng b

B-ISDN

Broadband
Integrated
Digital Network

CIR

Committed Information Rate

CHAP

Challenge
Handshake Giao thc xc thc yu cu bt tay
Authentication Protocol.

CSU

Channel Service Unit

n v dch v knh

DCE

Data Communication Equipment

Thit b truyn thng d liu

DES

Data Encryption Standard

Thut ton mt m DES

DHCP

Dynamic
Protocol

DNS

Domain Name System

h thng phn gii tn min

DDNS

Dynamic DNS

H thng phn gii tn min ng

DSL

Digital Subcriber Line

ng dy thu bao s

DSP

Digital Signal Processors

B x l tn hiu s

DSU

Data Service Unit

n v dch v d liu

ESP

Encapsulating Security Payload

Giao thc ti an ninh ng gi

FCS

Frame Check Sequence

Chui kim tra khung

FR

Frame Relay

Chuyn tip khung d liu

FTP

File Transfer Protocol

Giao thc truyn tp tin

GAN

Global Area Network

Mng ton cu

Host

Service Mng s a dch v bng rng

Tc thng tin cam kt

Configuration Giao thc cu hnh host ng

n tt nghip
152

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

GVPNS

Global VPN Service

Dch v VPN ton cu

ICMP

Internet Control Message Protocol

Giao thc bn tin iu khin Internet

IKE

Internet Key Exchange

Giao thc trao i kho Internet

IN

Intelligent Network

Mng thng minh

IP

Internet Protocol

Giao thc Internet

IP-Sec

Internet Protocol Security

Giao thc an ninh Internet

ISDN

Integrated Service Digital Network

Mng s a dch v

ISO

International Standard Organization

T chc chun quc t

ISP

Internet Service Provider

Nh cung cp dch v internet

L2F

Layer 2 Forwarding

Giao thc chuyn tip lp 2

L2TP

Layer 2 Tunneling Protocol

Giao thc ng ngm lp 2

LAC

L2TP Access Concentrator

B tp trung truy cp L2TP

LAN

Local Area Network

Mng cc b

LCP

Link Control Protocol

Giao thc iu khin lin kt

LLC

Logical Link Control

iu khin lin kt logic

LNS

L2TP Network Server

My ch mng L2TP

MAC

Message Authentication Code

M xc thc bn tin

MG

Media Gateway

Cng kt ni phng tin

MGC

Media Gateway Controller

Thit b iu khin truy nhp

MPLS

Multi Protocol Laber Switching

B nh tuyn chuyn mch nhn

MPPE

Microsoft Point-to-Point Encryption M ho im-im ca Microsoft

MTU

Maximum Transfer Unit

n v truyn ti ln nht

NAS

Network Access Server

My ch truy nhp mng

NCP

Network Control Protocol

Giao thc iu khin mng

NGN

Next Generation Network

Mng th h sau

OSI

Open System Interconnection

M hnh OSI

Referency Model

PAP

Passwork Authentication Protocol

Giao thc xc thc mt khu.

n tt nghip
153

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

PDU

Protocol Data Unit

n v d liu giao thc

PKI

Public Key Infrastructure

C s h tng kho cng khai

POP

Point of presence

im truy cp truyn thng.

PPP

Point to Point Protocol

Giao thc im ti im

PPPoA

Point to Point Protocol over ATM

Giao thc im im qua ATM

PPPoE

Point to
Ethernet

PPTP

Point to Point Tunneling Protocol

Giao thc ng ngm im ti im

QoS

Quality of Service

Cht lng dch v

RAS

Remote Access Service

Dch v truy nhp t xa

RADIUS

Remote Authentication Dial-In User Xc thc ngi dng quay s t xa


Service

RRAS

Routing and Remote Access Server

My ch truy cp nh hng v truy


vp t xa.

SA

Securty Association

Kt hp an ninh

SIG

Session Initiation Protocol

Giao thc khi to phin

SNMP

Simple
Network
Protocol

SONET

Synchronous Optical Network

Mng quang ng b

RTP

Real Time Protocol

Giao thc thi gian thc

SMTP

Simple Mail Transfer Protocol

Giao thc truyn th n gin

SVC

Switched Virtual Circuit

Mch o chuyn mch

TCP

Transmission Control Protocol

Giao thc iu khin ng truyn

TE

Terminal Equipment

Thit b u cui

TFTP

Trivial File Transfer Protocol

Giao thc truyn tp tin bnh thng

UNI

User Network Interface

Giao din mng ngi s dng

UDP

User Datagram Protocol

Giao thc UDP

VC

Virtual Circuit

Knh o

VNS

Virtual Network Service

Dch v mng o

Point

Protocol

over Giao thc im im qua Ethernet

Management Giao thc qun l mng n gin

n tt nghip
154

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

VPN

Virtual Private Network

Mng ring o

WAN

Wide Area Network

Mng din rng

n tt nghip
155

Tm hiu VPN v Cu hnh Camera IP


GVHD :Trng Quang Trung

TI LIU THAM KHO


Sch tham kho
Ti liu Mng my tnh
Trung tm tin hc i hc KHTN H Ch Minh.

Cc website
1) http://google.com.vn
2) http://nhatnghe.com
3) http://thegioimang.com
4) http://vi.wikipedia.org

n tt nghip
156