Está en la página 1de 205

CCNA

Ti liu dnh cho hc vin

Mc lc
Phn I : Cisco IOS ............................................................................................................... 1 BI 1:t Mt Khu Truy Nhp Cho Router ................................................................ 2 BI 2: Cisco Discovery Protocol (CDP) .......................................................................... 7 BI 3: TELNET ............................................................................................................. 15 BI 4: KHI PHC MT KHU CHO CISCO ROUTER ........................................ 20 BI 5: RECOVERY PASSWORD CHO SWITCH 2950 ............................................. 24 BI 6: NP IOS IMAGE T TFTP SERVER CHO CISCO ROUTER CHY T FLASH ............................................................................................................................ 26 BI 7: NP IOS IMAGE CHO 2 ROUTER CHY T FLASH ................................ 36 BI 8:NP IOS CHO SWITCH .................................................................................... 41 Phn 2 :LAN ....................................................................................................................... 46 BI 9: CU HNH VLAN TRN SWITCH 2950 ........................................................ 46 BI 10: CU HNH VLAN TRUNK ............................................................................. 56 BI 11:CU HNH VTP PASSWORD ........................................................................ 64 Phn 3 :Routing .................................................................................................................. 70 BI 12: NH TUYN TNH (Static route) ................................................................. 70 BI 13: RIP( ROUTING INFORMATION PROTOCOL) .......................................... 79 Bi 14:Cu Hnh IGRP Timer ....................................................................................... 90 BI 15:CU HNH IGRP LOAD BALANCING ........................................................ 96 BI 16: DISCONTIGOUS NETWORKS ................................................................... 103 BI 17: REDISTRIBUTE GIA RIP v IGRP .......................................................... 108 BI 18 :CU HNH OSPF C BN .......................................................................... 119 BI 19: CU HNH EIGRP ....................................................................................... 126 BI 20: CU HNH OSPF GIA WINDOWS SERVER 2003 V ROUTER ....... 128 Phn 4 : ACCESS LIST v NAT....................................................................................... 136 BI 21: STANDAR ACCESS LIST............................................................................. 136 BI 22: EXTENDED ACCESS LIST .......................................................................... 143 BI 23: TN CNG ROUTER BNG FLOOD ........................................................ 151 BI 24: CU HNH NAT STATIC ............................................................................. 154 BI 25:CU HNH NAT OVERLOAD ...................................................................... 158 Phn 5 : WAN ................................................................................................................... 164 BI 26: CU HNH PPP PAP V CHAP................................................................... 164 BI 27:CU HNH ISDN BASIC............................................................................. 171 BI 28: CU HNH ISDN DDR .................................................................................. 179 BI 29: CU HNH FRAME RELAY CN BN...................................................... 191 BI 30:CU HNH FRAME RELAY SUBINTERFACE .......................................... 199

VSIC Education Corporation

Trang 1

CCNA

Ti liu dnh cho hc vin

Phn I : Cisco IOS


BI 1: t Mt Khu Truy Nhp Cho Router
1. Gii thiu : Bo mt l mt yu t rt quan trng trong network,v th n rt c quan tm v s dng mt khu l mt trong nhng cch bo mt rt hiu qu.S dng mt khu trong router c th gip ta trnh c nhng s tn cng router qua nhng phin Telnet hay nhng s truy cp trc tip vo router thay i cu hnh m ta khng mong mun t ngi l. 2. Mc ch : Ci t c mt khu cho router, khi ng nhp vo, router phi kim tra cc loi mt khu cn thit. 3. M t bi lab v hnh :

Trong hnh trn, PC c ni vi router bng cp console 4. Cc cp bo mt ca mt khu : Cp bo mt ca mt khu da vo cp ch m ho ca mt khu .Cc cp m ha ca mt khu: Cp 5 : m ha theo thut ton MD5, y l loi m ha 1 chiu, khng th gii m c(cp ny c dng m ho mc nh cho mt khu enable secret gn cho router) Cp 7 : m ha theo thut ton MD7, y l loi m ha 2 chiu,c th gii m c(cp ny c dng m ha cho cc loi password khc khi cn nh: enable password,line vty,line console) Cp 0 : y l cp khng m ha. 5. Qui tc t mt khu : Mt khu truy nhp phn bit ch hoa,ch thng,khng qu 25 k t bao gm cc k s,khong trng nhng khng c s dng khong trng cho k t u tin. Router(config)#ena pass vsic-vsic-vsic-vsic-vsic-vsic % Overly long Password truncated after 25 characters mt khu c t vi 26 k t khng c chp nhn 6. Cc loi mt khu cho Router : Enable secret : nu t loai mt khu ny cho Router,bn s cn phi khai bo khi ng nhp vo ch user mode ,y l loi mt khu c hiu lc cao nht trong Router,c m ha mc nh cp 5.

VSIC Education Corporation

Trang 2

CCNA

Ti liu dnh cho hc vin

Enable password : y l loi mt khu c chc nng tng t nh enable secret nhng c hiu lc yu hn, loi password ny khng c m ha mc nh, nu yu cu m ha th s c m ha cp 7. Line Vty : y l dng mt khu dng gn cho ng line Vty,mt khu ny s c kim tra khi bn ng nhp vo Router qua ng Telnet. Line console : y l loi mt khu c kim tra cho php bn s dng cng Console cu hnh cho Router. Line aux : y l loi mt khu c kim tra khi bn s dng cng aux. 7. Cc bc t mt khu cho Router : Bc 1 : khi ng Router , nhn enter vo ch user mode. T ch user mode dng lnh enable vo ch Privileged mode Router con0 is now available Press RETURN to get started. Router>enable Router# Bc 2 : T du nhc ch Privileged mode vo mode cofigure cu hnh cho Router bng lnh configure terminal Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Bc 3 : Cu hnh cho tng loi Password Cu hnh cho mt khu enable secret (Ch :mt khu c phn bit ch hoa v ch thng) Router(config)#enable secret vsic Mt khu l vsic Router(config)#exit Cu hnh mt khu bng lnh enable password Router(config)#ena pass cisco Mt khu l cisco Router(config)#exit Lu : khi ta ci t cng lc 2 loi mt khu enable secret v enable password th Router s kim tra mt khu c hiu lc mnh hn l enable secret. Khi mt khu secret khng cn th lc mt khu enable password s c kim tra. Cu hnh mt khu bng lnh Line Mt khu cho ng Telnet (Line vty) Router(config)#line vty 0 4 Router(config-line)#password class password l class m ch ci t password Router(config-line)#login Router(config-line)#exit Mt khu cho cng console : Router(config)#line console 0 m ng Line Console cng Console th 0 password l cert Router(config-line)#password cert Router(config-line)#login m ch ci t password Router(config-line)#exit Mt khu cho cng aux: Router(config)#line aux 0 S 0 ch s th t cng aux c dng password l router Router(config-line)#password router Router(config-line)#login VSIC Education Corporation Trang 3

CCNA

Ti liu dnh cho hc vin

Router(config-line)#exit Sau khi t xong mt khu,ta thot ra ngoi ch Privileged mode, dng lnh Show running-config xem li nhng password cu hnh : Router#show running-config Building configuration... Current configuration : 550 bytes version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption password ci t ch khng m ha hostname Router enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o password secret c m ha mc nh cp 5 enable password cisco ! line con 0 password cert password cho cng Console l cert login line aux 0 password router password cho cng aux l router login line vty 0 4 password class password cho ng vty l class login ! End Dng lnh Show running-config ta s thy c cc password cu hnh, nu mun m ha tt c cc password ta dng lnh Service password-encryption trong mode config. Router(config)#service password-encryption Router(config)#exit Dng lnh show running-config kim tra li: Router#show run Building configuration... enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o/ enable password 7 094F471A1A0A password c m ha cp 7 line con 0 password 7 15110E1E10 password c m ha cp 7 login line aux 0 password 7 071D2E595A0C0B password c m ha cp 7 login line vty 0 4 password 7 060503205F5D login VSIC Education Corporation

password c m ha cp 7

Trang 4

CCNA

Ti liu dnh cho hc vin

! End Ch : Ta khng th dng lnh no service password-encryption b ch m ha cho mt khu,ta ch c th b ch m ha khi gn li mt khu khc Sau khi t mt khu xong, khi ng nhp vo Router li, mt khu s c kim tra: Router con0 is now available Press RETURN to get started. User Access Verification nhn enter

mt khu line console s c kim tra

Password:cert khai bo mt khu console l : cert enable d vo mode Privileged Router>ena Password:vsic V mt khu secret c hiu lc cao hn nn c kim tra Router# Cc loi mt khu khc nh Line Vty ,Line aux s c kim tra khi s dng n chc nng 8. G b mt khu cho router : Nu mun g b mt khu truy cp cho loi mt khu no ta dng lnh no trc cu lnh gn cho loi mt khu . V d : Mun g b mt khu secret l vsic cho router Router(config)#no enable secret vsic Router(config)#exit Bng cch tng t,ta c th g b mt khu cho cc loi mt khu khc. 9. Cch thc hnh bng Dynagen( phn t thc hnh cho hc vin ) Chy file Dynamips Server, sau click vo file lab1pwd.net(t CD hc CCNA), v t giao din dng lnh ny, ta nh lnh telnet VSIC1 vo router VSIC1. Vic cu hnh trn router VSIC1 ny hon ton ging vi bi lab trn.

VSIC Education Corporation

Trang 5

CCNA

Ti liu dnh cho hc vin

VSIC Education Corporation

Trang 6

CCNA

Ti liu dnh cho hc vin

BI 2: Cisco Discovery Protocol (CDP) 1. Gii thiu :


CDP(Cisco Discovery Protocol) l 1 giao thc ca Cisco, giao thc ny hot ng lp 2(data link layer) trong m hnh OSI, n c kh nng thu thp v ch ra cc thng tin ca cc thit ln cn c kt ni trc tip, nhng thng tin ny rt cn thit v hu ch cho bn trong qu trnh x l s c mng.

2. Mc ch:
Bi thc hnh ny gip bn hiu r v giao thc CDP v cc thng s lin quan, nm c chc nng ca cc lnh trong giao thc ny. Ch : CDP ch cung cp thng tin ca thit b kt ni trc tip vi n, tri vi cc giao thc nh tuyn. Giao thc nh tuyn c th cung cp thng tin ca cc mng xa, hay kt ni gin tip qua nhiu router.

3. M t bi lab v hnh :

hnh bi lab nh hnh v, cc router c ni vi nhau bng cp serial. 4. Cc bc thc hin : Trc tin cu hnh cho cc Router nh sau(xem bng lnh Show run) Router Vsic1 : Current configuration : 595 bytes ! version 12.2 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname VSIC1 !

VSIC Education Corporation

Trang 7

CCNA

Ti liu dnh cho hc vin

logging rate-limit console 10 except errors ! ip subnet-zero no ip finger ! no ip dhcp-client network-discovery ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 192.168.1.2 255.255.255.0 no fair-queue ! interface Serial1 ip address 192.168.2.1 255.255.255.0 ! ip kerberos source-interface any ip classless ip http server ! line con 0 transport input none line aux 0 line vty 0 4 ! End Router Vsic2 : Building configuration... Current configuration : 450 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname VSIC2 ! ip subnet-zero ! interface Ethernet0 no ip address shutdown !

VSIC Education Corporation

Trang 8

CCNA

Ti liu dnh cho hc vin

interface Serial0 ip address 192.168.1.1 255.255.255.0 clockrate 56000 ! interface Serial1 no ip address shutdown ! ip classless no ip http server ! line con 0 line aux 0 line vty 0 4 login ! End Router Vsic3 : Current configuration : 858 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Vsic3 ! ip subnet-zero ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 ip address 192.168.2.2 255.255.255.0 clockrate 56000 ! ip classless ip http server ! line con 0 line aux 0 line vty 0 4 ! End

VSIC Education Corporation

Trang 9

CCNA

Ti liu dnh cho hc vin

Lu : V CDP l 1 giao thc ring ca Cisco nn n c mc nh khi ng, v vy khi ta dng lnh Show run,nhng thng tin v giao thc ny s khng c hin th.Giao thc ny c th hot ng trn c Router v Switch

5. Cc lnh trong giao thc CDP :


Lnh Show CDP neighbors : dng xem thng tin ca cc thit b xung quanh c lin kt trc tip(lnh ny s dng trong mode Privileged) VSIC1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID Vsic3 Ser 1 149 R 2523 Ser 1 VSIC2 Ser 0 134 R 2500 Ser 0 Lnh Show CDP neighbors detail : dng xem chi tit thng tin ca cc thit b lin kt trc tip. VSIC1#show cdp neighbors detail ------------------------Device ID: Vsic3 thit b lin kt trc tip l Vsic3 Entry address(es): IP address: 192.168.2.2 a ch cng lin kt trc tip Platform: cisco 2523, Capabilities: Router loi thit b lin kt: Cisco Router 2523 Interface: Serial1, Port ID (outgoing port): Serial1 lin kt trc tip qua cng Serial1 Holdtime : 124 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong Thng tin v h iu hnh ca thit b lin kt advertisement version: 2 ------------------------Device ID: VSIC2 Entry address(es): IP address: 192.168.1.1 Platform: cisco 2500, Capabilities: Router

thit b lin kt trc tip l Vsic2

a ch cng lin kt loi thit b lin kt l Cisco Router 2500 Interface: Serial0, Port ID (outgoing port): Serial0 lin kt qua cng Serial 0 Holdtime : 168 sec thi gian gi gi tin l 168 sec Version : Cisco Internetwork Operating System Software VSIC Education Corporation Trang 10

CCNA

Ti liu dnh cho hc vin

IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong Thng tin chi tit v phin bn v h iu hnh ca thit b advertisement version: 2 Lnh Show CDP : hin th thng tin CDP v timer v hold-time. VSIC1#show cdp Global CDP information: Sending CDP packets every 60 seconds gi cdp c gi mi 60 second Sending a holdtime value of 180 seconds thi gian gi gi tin l 180 second Sending CDPv2 advertisements is enabled Lnh Show CDP interface : hin th thng tin CDP v tng cng,cch ng gi v c timer,hold-time. VSIC1#show cdp int Ethernet0 is administratively down, line protocol is down cng Ethernet0 down do khng c thit b lin kt trc tip Encapsulation ARPA cch ng gi packet Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0 is up, line protocol is up cng Serial0 up do co thit b lin kt trc tip Encapsulation HDLC cch ng gi packet Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial1 is up, line protocol is up cng Serial1 up do c thit b lin kt trc tip Encapsulation HDLC cch ng gi packet Sending CDP packets every 60 seconds Holdtime is 180 seconds Lu : ta c th dng lnh no cdp enable tt ch CDP trn cc interface,v lc ny lnh show CDP interface s khng hin th thng tin CDP trn interface .Nu mun bt li ch CDP trn interface no ta dng lnh CDP enable trn interface . VSIC1(config)#int s0 VSIC1(config-if)#no cdp enable tt ch CDP trn interface Serial0 VSIC1(config-if)#^Z VSIC1#show cdp inter 01:32:44: %SYS-5-CONFIG_I: Configured from console by console Ethernet0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial1 is up, line protocol is up Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds thng tin v cng Seria0 khng hin th sau khi VSIC Education Corporation Trang 11

CCNA

Ti liu dnh cho hc vin

tt ch cdp trn n Nu mun bt li ch CDP trn interface no ta dng lnh CDP enable trn interface . VSIC1(config)#int s0 VSIC1(config-if)#cdp ena VSIC1(config-if)#exit Lnh Show CDP traffic : hin th b m CDP bao gm s lng gi packet gi, nhn v b li. VSIC1#show cdp traffic CDP counters : Total packets output: 128, Input: 115 Hdr syntax: 0, Chksum error: 0, Encaps failed: 9 No memory: 0, Invalid packet: 0, Fragmented: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 128, Input: 115 Lnh Clear CDP couter : dng reset lai b m CDP. Lnh No CDP run : tt hon ton ch CDP trn Router VSIC1(config)#no cdp run VSIC1(config)#^Z VSIC1#show cdp lnh show cdp khng hp l khi tt ch cdp % CDP is not enabled Lnh CDP run : dng m li ch CDP trn Router VSIC1(config)#cdp run VSIC1(config)#exit VSIC1#show cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled Lu : Giao thc CDP ch cho ta bit c thng tin ca nhng thit b c lin kt trc tip. Vsic3#show cdp neighbors detail ------------------------Device ID: VSIC1 Entry address(es): IP address: 192.168.2.1 Platform: cisco 2500, Capabilities: Router Interface: Serial1, Port ID (outgoing port): Serial1 Holdtime : 138 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani advertisement version: 2

VSIC Education Corporation

Trang 12

CCNA

Ti liu dnh cho hc vin

T Router Vsic3 ch xem c thng tin ca thit b ni trc tip l Router Athen1 Gi s ta thay i a ch IP ca cng Serial1 router Vsic3 Vsic3(config)#int s0 Vsic3(config-if)#ip add 192.168.3.2 255.255.255.0 Vsic3(config-if)#no shut Vsic3(config-if)#clock rate 56000 Vsic3(config-if)#^Z Dng lnh Ping t Router Vsic3 ping a ch cng Serial 1 ca Router Vsic1: Vsic3#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) S dng giao thc CDP t Router Vsic3 xem thng tin v cc thit b lin kt trc tip: Vsic3#show cdp neighbors detail ------------------------Device ID: VSIC1 Entry address(es): IP address: 192.168.2.1 Platform: cisco 2500, Capabilities: Router Interface: Serial1, Port ID (outgoing port): Serial1 Holdtime : 144 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani advertisement version: 2 Bn thy r t Router Vsic3 ta ping khng thy c Router Vsic1 nhng dng giao thc CDP bn vn nhn c thng tin ca thit b lin kt. y l u im ca giao thc CDP. u im ny s rt hu ch cho bn khi x l s c mng.

6. Cu hnh s dng Dynagen(dnh cho Hc vin t thc hnh)


Chy file Dynamips Server, sau click vo file lab2cdp.net(t CD hc CCNA), v t giao din dng lnh ny, ta nh lnh telnet VSIC1 vo router VSIC1. Tng t vi cc router VSIC2,v VSIC3. S trong file cu hnh nh sau :

VSIC Education Corporation

Trang 13

CCNA

Ti liu dnh cho hc vin

VSIC Education Corporation

Trang 14

CCNA

Ti liu dnh cho hc vin

BI 3: TELNET
1. Gii thiu : Telnet l mt giao thc u cui o( Vitural terminal),l mt phn ca chng giao thc TCP/IP.Giao thc ny cho php to kt ni vi mt thit b t xa v thng qua kt ni ny, ngi s dng c th cu hnh thit b m mnh kt ni vo. 2. Mc ch : Bi thc hnh ny gip bn hiu v thc hin c nhng cu hnh cn thit c th thc hin cc phin Telnet t host vo Router hay t Router vo Router. 3. M t bi lab v hnh :

hnh bi lab nh hnh trn, cc router c ni vi nhau bng cp serial. Host1 ni vi router Vsic1 bng cp cho. 4. Cc bc thc hin : Cu hnh cho cc router Vsic1, Vsic2 v Host 1 nh sau : Host 1 : IP:10.0.0.2 Subnetmask:255.255.255.0 Gateway:10.0.0.1 Router vsic1 version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname vsic1 ! ip subnet-zero ! interface Ethernet0 ip address 10.0.0.1 255.255.255.0 ! interface Serial0 ip address 192.168.1.1 255.255.255.0 clockrate 56000 VSIC Education Corporation Trang 15

CCNA

Ti liu dnh cho hc vin

! end Router vsic2 Building configuration... Current configuration : 582 bytes ! version 12.2 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname vsic2 ! interface Serial0 ip address 192.168.1.2 255.255.255.0 no fair-queue ! end Phi chn chn rng cc kt ni vt l thnh cng (kim tra bng lnh Ping) Kim tra kt ni Telnet : T Host ta th telnet vo Router Vsic1 : C:\Documentsand settings\Administrator>Telnet 10.0.0.1 Password required, but none set i hi mt khu nhng khng c ci dt Connection to host lost Kt ni tht bi T Router vsic1 ta kt ni Telnet vo Router Vsic2 vsic1#telnet 192.168.1.2 Trying 192.168.1.2 ... Open Password required, but none set [Connection to 192.168.1.2 closed by foreign host] Thc hin Telnet khng thnh cng v chc nng Telnet i hi bn phi m ng line Vty v ci t mt khu cho n. t mt khu Vty cho Router Vsic1 : vsic1#conf t Enter configuration commands, one per line. End with CNTL/Z. vsic1(config)#line Vty 0 4 vsic1(config-line)#pass vsic1 vsic1(config-line)#login vsic1(config-line)#exit t mt khu Vty cho Router Vsic2 : vsic2#conf t Enter configuration commands, one per line. End with CNTL/Z. vsic2(config)#line vty 0 4 vsic2(config-line)#pass vsic2 vsic2(config-line)#login vsic2(config-line)#exit Lc ny thc hin Telnet : T Host bn thc hin Telnet vo Router Vsic1 VSIC Education Corporation Trang 16

CCNA

Ti liu dnh cho hc vin

C:\Documentsand settings\Administrator>Telnet 10.0.0.1 User Access Verification Password: Vsic1>ena % No password set Vsic1> Tng t bn thc hin hin Telnet t Router Vsic1 n Router Vsic2: vsic1#192.168.1.2 Trying 192.168.1.2 ... Open User Access Verification Password: vsic2>ena % No password set vsic2> Lu : i vi thit b ca Cisco, bn ch cn nh a ch ca ni cn Telnet n, thit b s t hiu v thc hin kt ni Telnet. Khi Telnet vo, bn ang Mode User v giao thc ny i hi bn phi c ci t mt khu vo Privileged Mode.Thc hin vic ci t mt khu: Router Vsic1 vsic1(config)#ena pass cisco vsic1(config)#exit Router Vsic2 vsic2(config)#ena pass class vsic2(config)#exit Bn thc hin li vic kt ni Telnet, t Host vo Router Vsic1: C:\Documentsand settings\Administrator>Telnet 10.0.0.1 User Access Verification Password: vsic1 Vsic1>ena Password: cisco Vsic1# T Router Vsic1 vo Router Vsic2: vsic1#192.168.1.2 Trying 192.168.1.2 ... Open User Access Verification Password: vsic2 vsic2>ena Password: class vsic2# T y bn c th thc hin vic thay i cu hnh cho cc thit b m khng cn phi thng qua cng Console. Kim tra vic Telnet bng lnh Show line vsic2#show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int * 0 CTY 5 0 0/0 -

VSIC Education Corporation

Trang 17

CCNA

Ti liu dnh cho hc vin

* * *

1 AUX 9600/9600 2 VTY 3 VTY 4 VTY 5 VTY 6 VTY -

0 1 7 4 1 0

0 0 0 0 0 0

0/0 0/0 0/0 0/0 0/0 0/0

Du * biu th nhng line bn ang s dng Telnet,theo nh bng trn,bng ang s dng 3 dng line Telnet qua li gia 2 Router Vsic1 v Vsic2 qua cc port 2,3,4. Ct Uses ch s ln bn s dng ng line . Lu : Bn ch thc hin c vic Telnet qua li gia cc Router khng qu 10 ln cng lc (v bn ch c 5 line Vty t 0 n 4) vsic1#192.168.1.2 Trying 192.168.1.2 ... % Connection refused by remote host Router bo li khi bn thc hin phin Telnet th 11. Bn cng c th thc hin Telnet cng lc gia cc thit b bng cch t mn hnh telnet, bn nhn t hp phm: Ctrl-Shift-6 sau nhn phm X(s dng trn terminal nhn t hp phm CTRL-SHIFT-6 sau nhn 2 ln X), lc ny bn s tr li mn hnh gc ban u v bn c th tip tc thc hin cc phin Telnet vo cc thit b khc. tr v mn hnh Telnet ban u bn n phm enter 2 ln Thot khi cc phin Telnet : chng ta s dng lnh Exit hay lnh Disconnect Ngt mt kt ni Telnet : chng ta s dng lnh clear line 5. Cu hnh s dng Dynagen(dnh cho Hc vin t thc hnh): Chy file Dynamips Server, sau open file lab3telnet.net bng wordpad xem m hnh kt ni gia cc router trong bi thc hnh. # Simple lab [localhost] [[3640]] image = \Program Files\Dynamips\images\C3640_IS_MZ122_3.BIN # On Linux / Unix use forward slashes: # image = /opt/7200-images/c7200-jk9o3s-mz.124-7a.image ram=96 [[ROUTER VSIC1]] model=3640 s1/0 = VSIC2 s1/0 (s dng s1/0 ca VSIC1 kt ni vi s1/0 VSIC2) F0/0 = NIO_gen_eth:\Device\NPF_{3E56FAD7-7D96-4763-AD9E-6232CA66410B} [[router VSIC2]] model=3640 # No need to specify an adapter here, it is taken care of VSIC Education Corporation Trang 18

CCNA

Ti liu dnh cho hc vin

# by the interface specification under Router VSIC1 Ta ch dng F0/0 = NIO_gen_eth:\Device\NPF_{3E56FAD7-7D96-4763-AD9E6232CA66410B} trong file lab3telnet.net. router c th kt ni vo c vi PC hin hnh, chng ta cn thay i thng s y. Chy file network device list trn Desktop xc nh card mng ca PC ni vo.

Thay a ch ca card mng hin hnh ti my PC vo file cu hnh. Nh vy ta thitlp c m hnh kt ni sau:

Save file cu hnh v chy, chng ta bt u vo bi thc hnh

VSIC Education Corporation

Trang 19

CCNA

Ti liu dnh cho hc vin

BI 4: KHI PHC MT KHU CHO CISCO ROUTER (Recovery Password) 1. Gii thiu : Mt khu truy cp l rt hu ch trong lnh vc bo mt, tuy nhin i khi n cng em li phin toi nu chng may bn qun mt mt khu truy nhp.Bi thc hnh khi phc mt khu cho Cisco Router ny gip bn khi phc li mt khu ng nhp vo Router . Lu : t mt khu cho Router c ngha rt ln trong kha cnh security,n ngn cn c cc phin Telnet t xa vo Router thay i cu hnh hay thc hin nhng mc ch khc.Bn nn trnh nhm ln gia hai khi nim bo mt v khi phc mt khu,bn c th khi phc hay thay i c mt khu ca Router khng c ngha l mc bo mt ca Router khng cao v khi phc mt khu cho Router, iu kin tin quyt l bn phi thao tc trc tip trn Router, iu ny c ngha l bn phi c s chp nhn ca Admin hay k thut vin qun l Router. 2. M t bi lab v hnh :

Trong hnh trn PC ni vi router bng cp console 3. Qu trnh khi ng ca Router : Khi va bt ngun, Router s kim tra phn cng, sau khi phn cng c kim tra hon tt, h iu hnh s c np t Flash, tip Router s np cu hnh trong NVRAM bao gm tt c nhng ni dung cu hnh trc cho Router nh cc thng tin v giao thc, a ch cc cng v c mt khu truy nhp.V vy Router khng kim tra mt khu khi ng nhp, bn phi ngn khng cho Router np d liu t NVRAM. Mi dng Router c mt k thut khi phc mt khu khc nhau, tuy vy khi phc mt khu cho Router bn phi qua cc bc sau: Bc 1 : Khi ng Router,ngn khng cho Router np cu hnh trong NVRAM. (bng cch thay i thanh ghi t 0x2102 sang thanh ghi 0x2142). Bc 2 : Reset li Router (lc ny Router s dng thanh 0x2142 khi ng). Bc 3 : ng nhp vo Router(lc ny Router khng kim tra mt khu), dng cc lnh ca Router xem hay ci t li mt khu (bn ch xem c mt khu khi mt khu c ci t ch khng m ha) VSIC Education Corporation Trang 20

CCNA

Ti liu dnh cho hc vin

Bc 4 : Thay i thanh ghi (t 0x2142 sang 0x2102). Bc 5 : Lu li cu hnh va ci t (lc ny mt khu bit). 4. Khi phc mt khu cho Cisco Router 2500. Gi s khi bn ng nhp vo Router nhng bn qun mt mt khu. vsic con0 is now available Press RETURN to get started. vsic>enable Password: Password: Password: % Bad secrets Bn phi thc hin vic khi phc mt khu. Cc bc thc hin nh sau: Bc 1 : bn khi ng li Router System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 8192 Kbytes of main memory n Ctrl Break khng cho Router np d liu t NVRAM Abort at 0x103AA7E (PC) >o/r 0x2142 ( hoc s dng lnh confreg 0x2142) S dng lnh ny thay i thanh ghi sang 0x2142 Bc 2 : khi ng li Router, lc ny Router s np cu hnh t thanh ghi 0x2142 (cu hnh trng) vsic>ena password s khng yu cu kim tra khi ng nhp vsic#show start dng lnh Show start xem cu hnh trong NVRAM Using 456 out of 32762 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 $1$AqeQ$yB00zFjHxIiVoHLnbLEhh1 password secret c m ho enable password cisco mt khu enable password l cisco ! end Bc 3 : Cu hnh li mt khu cho Router: vsic#config t Enter configuration commands, one per line. End with CNTL/Z. vsic(config)#ena secret Vsic mt khu secret c cu hnh li l Vsic vsic(config)#exit vsic#conf t VSIC Education Corporation Trang 21

CCNA

Ti liu dnh cho hc vin

vsic(config)#ena pass class mt khu enable password l class vsic(config)#exit Bc 4 : Thay i thanh ghi hin hnh t 0x2142 tr v 0x2102 Dng lnh Show version xem thanh ghi hin hnh vsic#show ver Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong Image text-base: 0x03042000, data-base: 0x00001000 . 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 Thanh ghi 0x2142 ang c s dng Thay i thanh ghi: vsic(config)#config-register 0x2102 dng lnh config-register vsic(config)#exit Xem li thanh ghi hin hnh: vsic#show ver Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong . 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 (will be 0x2102 at next reload) thanh ghi hin hnh l 0x2102 Bc 5 : lu cu hnh thay i vo thanh ghi 0x2102 vsic#wr me Building configuration... [OK] Dng lnh show start xem cu hnh khi ng trong NVRAM vsic#show start Using 488 out of 32762 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname vsic ! VSIC Education Corporation Trang 22

CCNA

Ti liu dnh cho hc vin

enable secret 5 $1$49cD$jrvYyRSQhpTAHuDA1/R1v. enable password class ! ! ! End Sau khi reload li, ng nhp vo Router,mt khu secret l Vsic s c kim tra vsic con0 is now available Press RETURN to get started. vsic>ena Password: mt khu l Vsic s c kim tra v chp nhn vsic#

VSIC Education Corporation

Trang 23

CCNA

Ti liu dnh cho hc vin

BI 5: RECOVERY PASSWORD CHO SWITCH 2950


1. Gii thiu : Trong bi lab ny chng ta se thc hin recovery password ca mt switch 2. M t bi lab v hnh :

Ni cp console gia PC vi switch. Chng ta s tin hnh recovery password trn switch 2950 trong bi lab ny. 3. Thc hin : kho st vic recovery password r rng hn ,chng ta s cu hnh tn v password cho switch trc khi tin hnh recovery password cho switch Chng ta cu hnh tn v password cho switch nh sau : Switch#conf t Switch(config)#host Vsic Vsic(config)#enable password cisco t password cho switch Vsic(config)#enable secret Vsic t secret password cho switch Sau khi cu hnh xong chng ta lu vo NVRAM v xem li cu hnh trong NVRAM trc khi tin hnh recovery password cho switch. Vsic#copy run start Destination filename [startup-config]? Building configuration... Vsic#show start Vsic#sh start Using 1186 out of 32768 bytes version 12.1 hostname Vsic enable secret 5 $1$s22D$vCe6IFIeKLhUPZqgm6QZ6/ enable password cisco Chng ta tin hnh recovery password theo cch bc sau : Bc 1 : tt ngun switch, sau gia nt MODE trn switch 2950 trong lc bt ngun li. Khi mn hnh hin nhng thng bo sau, ta nh nt MODE ra. Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sun 07-Nov-04 23:14 by antonino (mt s thng bo c lc b) flash_init load_helper

VSIC Education Corporation

Trang 24

CCNA

Ti liu dnh cho hc vin

boot Bc 2: Chng ta nhp flash_init bt u cu hnh cho cc file ca flash. Nhp cu lnh dir flash: xem cc file c cha trong flash. Sau chng ta i tn file config.text thnh config.bak (v cu hnh ca chng ta lu phn trc c switch cha trong file ny) bng cu lnh sau : rename flash:config.text flash:config.bak Sau chng ta reload li switch bng cu lnh boot Bc 3 : Trong qu trnh khi ng switch s hi : Continue with the configuration dialog? [yes/no] : Chng ta nhp vo NO, b qua cu hnh ny. Sau khi khi ng xong chng ta vo mode privileged. Switch>en Switch# Sau chng ta chuyn tn file config.bak trong flash thnh config.text bng cch : Switch#rename flash:config.bak flash:config.text Ri cu hnh NVRam vo RAM bng cu lnh sau : Switch#copy flash:config.text system:running-config Bc 4 : g b tt c cc loi password Vsic#conf t Vsic(config)#no enable password Vsic(config)#no enable secret Bc 5 : copy cu hnh t RAM vo NVRam, ri reload switch li. Vsic#copy run start Destination filename [startup-config]? Building configuration... [OK] Vsic#reload

VSIC Education Corporation

Trang 25

CCNA

Ti liu dnh cho hc vin

BI 6: NP IOS IMAGE T TFTP SERVER CHO CISCO ROUTER CHY T FLASH


1. Gii thiu : Flash l 1 b nh c th xa, c dng lu tr h iu hnh v mt s m lnh.B nh Flash cho php cp nht phn mm m khng cn thay th chip x l.Ni dung Flash vn c gi khi tt ngun. Bi lab ny gip bn thc hin vic np IOS (Internetwork Operating System) Image t Flash trong Router Cisco vo TFTP server to bn IOS Image d phng v np li IOS Image t t TFTP sever vo Cisco Router chy t Flash(khi phc phin bn c hay update phin bn mi) thng qua giao thc truyn TFTP (Trivial file transfer protocol) 2. M t bi lab v hnh :

hnh bi lab nh hnh v, PC ni vi router bng cp cho v mt cp console ( iu khin router). PC hot ng nh 1 TFTP Server v c ni vi Router thng qua mi trng Ethernet,lc ny Router hot ng nh l TFTP Client. IOS s c copy t Router ln Server( trong tnh hung backup IOS) hay t Server vo Router( trong tnh hung update hay ci t IOS mi). i vi trng hp np IOS cho Router khi Flash Router b xo ta c th vo mode ROMMON cu hnh ly IOS t Server. 3. Cc bc thc hin: Chng ta s cu hnh cho router Vsic v PC (ng vai tr nh mt TFTP server) nh sau : PC : IP Address : 192.168.14.2 Subnetmask : 255.255.255.0 Gateway : 192.168.14.1 Router Vsic : no service password-encryption hostname vsic VSIC Education Corporation Trang 26

CCNA

Ti liu dnh cho hc vin

! ip subnet-zero no ip finger ! interface Ethernet0 ip address 192.168.14.1 255.255.255.0 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 no ip address shutdown ! ip kerberos source-interface any ip classless ip http server ! line con 0 transport input none line aux 0 line vty 0 4 ! end Bn thc hin lnh Ping m bo vic kt ni gia Router v TFTP server vsic#ping 192.168.14.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.14.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms Dng lnh Show version xem phin bn IOS hin hnh: vsic#show ver Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Router ang s d ng IOS version 12.2(1d) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani Image text-base: 0x0307EEE0, data-base: 0x00001000 ROM: System Bootstrap, Version 11.0(10c), SOFTWARE BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT WARE (fc1) VSIC Education Corporation Trang 27

CCNA

Ti liu dnh cho hc vin

vsic uptime is 15 minutes System returned to ROM by bus error at PC 0x100D042, address 0xFFFFFFFC System image file is "flash:/c2500-jk8os-l.122-1d.bin" Tn tp tin IOS image c np t flash- loI Cisco 2500 s dng h iu hnh phin bn12.2(1d) cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory. Router c 16MB RAM,14 MB dng cho b nh x l, 2 MB dng cho b nh I/O Processor board ID 08030632, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Router c 16 MB flash Configuration register is 0x2102 Thanh ghi hin hnh

Dng lnh Show Flash xem b nh Flash vsic#show flash System flash directory: File Length Name/status 1 16505800 /c2500-jk8os-l.122-1d.bin [16505864 bytes used, 271352 available, 16777216 total] 16384K bytes of processor board System flash (Read ONLY) ngha tn File IOS Image: c2500:loi thit b Cisco 2500 jk8os:cc tnh nng j :enterprise subnet k8 : reserved for huture encrytion capapilities o : fire wall s : suorce router switch 1.122 : lai phin bn IOS Bn thc hin vic np IOS image t Flash vo TFTP server: vsic#copy flash tftp Source filename []? /c2500-jk8os-l.122-1d.bin Address or name of remote host []? 192.168.14.2 a ch TFTP server Destination filename [c2500-jk8os-l.122-1d.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

VSIC Education Corporation

Trang 28

CCNA

Ti liu dnh cho hc vin

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 16505800 bytes copied in 232.724 secs (71145 bytes/sec) Qu trnh np thnh cng, file IOS image c lu vo chng trnh cha TFTP server

Bn thc hin xong vic np IOS t Flash vo TFTP server, sau y bn thc hin li vic np mt IOS c sn t TFTP server vo li flash ca mt Router. Cc bc thc hin: Bn cu hnh Router v Host nh trn.chy chng trnh TFTP t PC. Gi s bn c 2 file IOS c sn trong TFTP server

VSIC Education Corporation

Trang 29

CCNA

Ti liu dnh cho hc vin

File IOS Image c2500-i-l.121-26.bin c dung lng 7,85 MB. File IOS Image c2500-jk80os-l.122-1d.bin c dung lng 16MB Bn thc hin kim tra Flash: vsic#show flash System flash directory: File Length Name/status 1 8039140 /c2500-i-l.121-26.bin [8039204 bytes used, 349404 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY) Nhn xt : B nh Flash ca bn c dung lng l 8 MB, bn c th lu file IOS image c2500-i-l.121-26.bin vo Flash Thc hin qu trnh copy flash vsic#copy tftp flash **** NOTICE **** Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. ---- ******** ---Proceed? [confirm] xc nhn vic copy Address or name of remote host []? 192.168.14.2 tn hay a ch ni lu Flash (TFTP Server) Source filename []? c2500-i-l.121-26.bin Tn file ngun

VSIC Education Corporation

Trang 30

CCNA

Ti liu dnh cho hc vin

Destination filename [c2500-i-l.121-26.bin]? %Warning:There is a file already existing with this name Do you want to over write? [confirm] Accessing tftp://192.168.14.2/c2500-i-l.121-26.bin... Erase flash: before copying? [confirm]

Tn file ch

00:09:43: %SYS-5-RELOAD: Reload requested %SYS-4-CONFIG_NEWER: Configurations from version 12.1 may not be correctly under stood. %FLH: c2500-i-l.121-26.bin from 192.168.14.2 to flash ... System flash directory: File Length Name/status 1 8039140 /c2500-i-l.121-26.bin [8039204 bytes used, 349404 available, 8388608 total] Accessing file 'c2500-i-l.121-26.bin' on 192.168.14.2... Loading c2500-i-l.121-26.bin from 192.168.14.2 (via Ethernet0): ! [OK] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased qu trnh xa flash Loading c2500-i-l.121-26.bin from 192.168.14.2 (via Ethernet0): !!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! qu trnh np Flash [OK - 8039140/8388608 bytes] Verifying checksum... OK (0x9693) Flash copy took 0:03:57 [hh:mm:ss] %FLH: Re-booting system after download F3: 7915484+123624+619980 at 0x3000060 Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong VSIC Education Corporation Trang 31

CCNA

Ti liu dnh cho hc vin

Image text-base: 0x03042000, data-base: 0x00001000 cisco 2500 (68030) processor (revision N) with 6144K/2048K bytes of memory. Processor board ID 17553463, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) Press RETURN to get started! Sau khi np Flash hon thnh, Router s reset li thay i Flash mi, lc ny IOS trong Flash s l file IOS bn va copy vo. Qu trnh np Flash trong TFTP server

Lu : l trong c qu trnh copy flash t TFTP server vo Router hay t Router vo TFTP server bn u phi chy chng trnh TFTP server trn PC. 4. Cu hnh s dng Dynagen( dnh cho SV t thc hnh) Chy file Dynamips Server, sau open file lab6tftp1.net bng wordpad xem m hnh kt ni gia cc router trong bi thc hnh.

VSIC Education Corporation

Trang 32

CCNA

Ti liu dnh cho hc vin

# Simple lab [localhost] [[3640]] image = \Program Files\Dynamips\images\C3640_IS_MZ122_3.BIN # On Linux / Unix use forward slashes: # image = /opt/7200-images/c7200-jk9o3s-mz.124-7a.image ram=96 [[ROUTER VSIC1]] model=3640 F0/0 = NIO_gen_eth:\Device\NPF_{3E56FAD7-7D96-4763-AD9E-6232CA66410B} # No need to specify an adapter here, it is taken care of # by the interface specification under Router VSIC1 Ta ch dng F0/0 = NIO_gen_eth:\Device\NPF_{3E56FAD7-7D96-4763-AD9E6232CA66410B} trong file lab6tftp1.net. router c th kt ni vo c vi PC hin hnh, chng ta cn thay i thng s y. Chy file network device list trn Desktop xc nh card mng ca PC ni vo.

By gi chng ta bt u thc hnh. Ta khng th copy OS t router 3600 Series c do router 3600 series chy t RAM v flash mc nh l trng( IOS khng cha trong flash ca Router). thc hnh lm vic vi TFTP ta chp 1 file t Server vo trong flash vo chp ngc li t flash router vo TFTP Server. Trc tin ta test kt ni gia PC v Router

VSIC Education Corporation

Trang 33

CCNA

Ti liu dnh cho hc vin

Bt TFTP Server ti PC

Copy file cbin vo flash Router.

VSIC Education Corporation

Trang 34

CCNA

Ti liu dnh cho hc vin

Copy file cbin t router ngc li PC.( ta i tn file thnh hao.bin khi b trng file ti TFTP)

Vy ta thc hnh copy file gia TFTP Server v Router.

VSIC Education Corporation

Trang 35

CCNA

Ti liu dnh cho hc vin

BI 7: NP IOS IMAGE CHO 2 ROUTER CHY T FLASH


1. M t bi lab v hnh : Bi thc hnh ny gup bn thc hin vic np IOS image t Flash ca Router ny sang Router kia.

Hai router c ni vi nhau bng cp serial. a ch cc interface c ghi trn hnh. 2. Cc bc thc hin : Bn cu hnh cho 2 Router nh sau: Vsic1#sh run Building configuration... Current configuration : 440 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Vsic1 ! ip subnet-zero ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 10.0.0.1 255.0.0.0 clockrate 64000 ! interface Serial1 no ip address shutdown ! ip classless ip http server ! line con 0 VSIC Education Corporation Trang 36

CCNA

Ti liu dnh cho hc vin

line aux 0 line vty 0 4 ! end Vsic2#sh run Building configuration... Current configuration : 448 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Vsic2 ! ip subnet-zero ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 10.0.0.2 255.0.0.0 no fair-queue ! interface Serial1 no ip address shutdown ! ip classless ip http server ! line con 0 line aux 0 line vty 0 4 ! end Chng ta kim tra flash ca hai router : Vsic1#sh flash System flash directory: File Length Name/status 1 8038440 /c2500-i-l.121-25.bin //T n File IOS Image// [8038504 bytes used, 350104 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY) //8MB flash//

VSIC Education Corporation

Trang 37

CCNA

Ti liu dnh cho hc vin

Vsic2#sh flash System flash directory: File Length Name/status 1 8039140 c2500-i-l.121-26.bin [8039204 bytes used, 8738012 available, 16777216 total] 16384K bytes of processor board System flash (Read ONLY) thc hin vic copy IOS image t Router Vsic1 sang Router Vsic2, bn phi m ch TFTP server cho Router Vsic1. Vsic1(config)#tftp-server flash: Vsic1(config)#tftp-server flash:c2500-i-l.121-26.bin Vsic1(config)#^Z Bn thc hin vic Copy IOS t Router Vsic2 Vsic2#copy tftp flash: **** NOTICE **** Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. ---- ******** ---Proceed? [confirm] Address or name of remote host []? 10.0.0.1 a ch Router Vsic1(Serial0) Source filename []? c2500-i-l.121-26.bin Tn file IOS image Destination filename [c2500-i-l.121-26.bin]? Tn File ch trong Router Vsic2 Accessing tftp://10.0.0.1/c2500-i-l.121-26.bin... Erase flash: before copying? [confirm] Xc nhn vic copy 00:02:57: %SYS-5-RELOAD: Reload requested %SYS-4-CONFIG_NEWER: Configurations from version 12.1 may not be correctly understood. %FLH: c2500-i-l.121-26.bin from 10.0.0.1 to flash ... System flash directory: File Length Name/status 1 8038440 /c2500-i-l.121-25.bin [8038504 bytes used, 350104 available, 8388608 total] Accessing file 'c2500-i-l.121-26.bin' on 10.0.0.1... Loading c2500-i-l.121-26.bin from 10.0.0.1 (via Serial0): ! [OK] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Qu trnh xo Flash Loading c2500-i-l.121-26.bin from 10.0.0.1 (via Serial0): Qu trnh np IOS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

VSIC Education Corporation

Trang 38

CCNA

Ti liu dnh cho hc vin

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 8039140/8388608 bytes] Verifying checksum... OK (0x9693) Flash copy took 0:22:28 [hh:mm:ss] %FLH: Re-booting system after download F3: 7915484+123624+619980 at 0x3000060 Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong Image text-base: 0x03042000, data-base: 0x00001000 cisco 2500 (68030) processor (revision N) with 6144K/2048K bytes of memory. Processor board ID 17553463, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) Press RETURN to get started! Router s reset li sau khi np IOS mi

00:00:05: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:05: %LINK-3-UPDOWN: Interface Serial0, changed state to up 00:00:06: %LINK-3-UPDOWN: Interface Serial1, changed state to down 00:00:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 00:00:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down

VSIC Education Corporation

Trang 39

CCNA

Ti liu dnh cho hc vin

00:00:16: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down 00:00:16: %SYS-5-CONFIG_I: Configured from memory by console 00:00:20: %LINK-5-CHANGED: Interface Serial1, changed state to administratively down 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 00:00:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down 00:01:00: %SYS-5-RESTART: System restarted -Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong Vsic2> Bn c th kim tra Flash li bng lnh show flash Vsic2>sh flash System flash directory: File Length Name/status 1 8039140 /c2500-i-l.121-26.bin [8039204 bytes used, 349404 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY) Lu : V y bn s dng 2 Router c b nh Flash bng nhau nn bt but bn phi thc hin vic xa Flash c trong qu trnh thc hin copy Flash mi, nhng trong trng hp bn s dng cc loi Router c b nh Flash ln, cn b nh lu thm IOS image (bn dng lnh Show Flash hay Show version kim tra) th bn khng cn phi xa Flash, iu ny c ngha l bn c th lu 2, 3 hay nhiu IOS trn Flash ty thuc vo kh nng lu tr ca Flash.Lc ny bn phi khai bo cho Router bit phi dng IOS Image no khi ng, bn dng lnh Boot System flash trong mode config thc hin qu trnh khai bo ny .

VSIC Education Corporation

Trang 40

CCNA

Ti liu dnh cho hc vin

BI 8:NP IOS CHO SWITCH


1. Gii thiu chung v switch 2950 : Hnh nh mt trc ca switch 2950

Nhn vo hnh bn c th thy switch c 12 port FastEtheret. H thng lu tr tp tin ca switch 2950: NVRAM lu startup-config. Flash lu cc tp tin : IOS image(thng c phn m rng l .bin), vlan.dat(cha cc cu hnh ca cc VLAN), config.text,private-config.text. RAM cha running-config. Qu trnh khi ng s load tp tin config.text vo startup-config cha trong NVRAM. Nu xo tp tin config.text, sau khi khi ng li s mt ht tt c cc cu hnh. 2. Mc ch bi lab: IOS image ging nh l h iu hnh i vi mt my tnh bnh thng. Theo thi gian, th IOS image s c nhng phin bn mi hn so vi phin bn ang c trong switch. Cc phin bn mi hn c a ra nhm: sa nhng li c th mc phi trong phin bn trc, cung cp nhng tnh nng mi cho cc protocol c , hoc l cp nht nhng protocol mi. V vy, bn cn cp nht phin bn mi cho cc switch ca bn n hot ng tt v c th tng thch vi nhng switch mi s c thm vo mng sau ny. 3. M t bi lab v hnh :

PC ni vi Switch 2950 bng mt ng cp thng v mt cp console. PC v siwtch c c a ch IP nh trn hnh. 4. Cc bc thc hin : BC 1 :

VSIC Education Corporation

Trang 41

CCNA

Ti liu dnh cho hc vin

Dng cp console kt ni my tnh vi cng console ca switch. Cm ngun cho switch, dng chng trnh Hyperterminal ca h iu hnh windows cung cp kt ni n switch, kt ni ny s gip chng ta thc hin cc cu hnh c bn cho switch. Bn phi thit lp cu hnh cho kt ni l default. Dng cp thng, ni card mng ca my tnh vi 1 cng FastEthernet mt trc ca switch phc v cho bi lab cp nht IOS cho switch. Xo cu hnh hin ti trn my Switch>enable Switch#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [con firm]y Erase of nvram: complete Switch# 00:04:57: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of nvram Switch# Xa cu hnh vlan c: Switch#delete vlan.dat Switch#reload Proceed with reload? [confirm]y 00:06:33: %SYS-5-RELOAD: Reload requested --output omitted Would you like to enter the initial configuration dialog? [yes/no]:n --output omitted BC 2 : Xem cu hnh mc nh ca switch Switch> Switch>en Switch#show running-config --output omitted ! interface Vlan1 no ip address no ip route-cache shutdown ! ip http server ! line con 0 line vty 5 15 ! --output omitted BC 3 : Bc ny thc hin cc cu hnh ban u v kim tra li cc cu hnh ny ng cha. Trc tin bn phi cu hnh switch name, enable password, privileged password, console password, v virtual terminal password. Cng gn ging cc lnh trong router. Switch#configure terminal Switch(config)#hostname vsic Vsic(config)#enable password cisco VSIC Education Corporation Trang 42

CCNA

Ti liu dnh cho hc vin

Vsic(config)#enable secret class Vsic(config)#line con 0 Vsic(config-line)#password vsic Vsic(config-line)#login Vsic(config-line)#line vty 0 15 Vsic(config-line)#password cert Vsic(config-line)#login Vsic(config-line)#^Z Vsic# 00:08:11: %SYS-5-CONFIG_I: Configured from console by console Vsic# thc hin c bi lab ny bn phi cp pht a ch IP cho VLAN 1 c th kt ni thnh cng vi server, v cng phi cu hnh default-gateway (bn nn tp thi quen cu hnh default-gateway mi khi cu hnh). Vsic#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Vsic(config)#interface vlan 1 Vsic(config-if)#ip address 10.1.1.251 255.255.255.0 Vsic(config-if)#no shutdown Vsic(config-if)# 00:17:48: %LINK-3-UPDOWN: Interface Vlan1, changed state to up Vsic(config-if)# Cn m bo a ch IP cp pht cho VLAN l a ch hp l (ngha l n thuc v subnet cp pht cho VLAN ) Theo mc nh, tt c cc port u thuc v VLAN 1. Do , tt c cc thit b bt c port no cng u phi thuc v cng 1 subnet cp pht cho VLAN 1 trn. Bn cu hnh cho my tnh ca bn a ch IP v subnet mask nh sau: 10.1.1.10 255.255.255.0 Kim tra li kt ni c thnh cng hay khng bng cch g lnh sau trn PC: C:\>ping 10.1.1.251 Lu : Nu ping khng thnh cng, c th phi ch vi pht switch cp nht li cu hnh, ri ping li. Nu vn khng thnh cng phi kim tra li xem thc hin ng cc bc cu hnh nh trn cha. By gi bn c th ng my tnh truy cp trn switch thng qua telnet hoc l web browser. Thc hin telnet t my tnh n switch dng a ch IP ca VLAN1 10.1.1.251, nhp vo mt m l : cert khi c hi. Hoc m ra mt web browser , nhp vo a ch IP 10.1.1.251, nhp vo tn user l vsic, phi nhp mt m l class. BC 4 :Xem s qua cc tp tin h thng trn switch bng lnh sau: vsic#show file systems File Systems: Size(b) Free(b) Type Flags Prefixes * 7741440 3171840 flash rw flash: - opaque ro bs: 32768 31806 nvram rw nvram: - opaque rw null: - opaque rw system:

VSIC Education Corporation

Trang 43

CCNA

Ti liu dnh cho hc vin

vsic#

- network - opaque - opaque - network - network - opaque

rw ro ro rw rw ro

tftp: xmodem: ymodem: rcp: ftp: cns:

Trong s cc tp tin trn switch c lu li cn ch : System Image (tp tin IOS nm trn vng nh flash), tp tin cu hnh lc startup nm trn NVRAM ca vng nh flash. H iu hnh ca switch c load trn DRAM Xem thng tin v cc tp tin h thng ca switch. bit c version hin ti ca IOS g lnh sau: vsic#show version OS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. --output omitted-vsic#dir Directory of flash:/ 2 -rwx 109 Mar 01 1993 00:20:34 +00:00 info 4 drwx 3968 Mar 01 1993 00:23:20 +00:00 html 5 -rwx 3086328 Mar 01 1993 00:22:37 +00:00 c2950-i6q4l2-mz.121-22.EA2 .bin 338 -rwx 109 Mar 01 1993 00:23:56 +00:00 info.ver 340 -rwx 283 Jan 01 1970 00:00:48 +00:00 env_vars 7741440 bytes total (3173376 bytes free) vsic# BC 5 : Thc hin sao chp IOS image gia tftp server v switch. a. Chp file IOS image t switch ln tftp server (upload) b. Chp file IOS image t tftp server v li switch (download) C php cn bn ca lnh chp tp tin ca switch: copy from source to dest. bit thm chi tit ca lnh copy c th s dng help ca CLI nh cch sau: vsic#copy ? /erase Erase destination file system. /noverify Disable automatic image verification after copy bs: Copy from bs: file system cns: Copy from cns: file system flash: Copy from flash: file system ftp: Copy from ftp: file system null: Copy from null: file system nvram: Copy from nvram: file system rcp: Copy from rcp: file system

VSIC Education Corporation

Trang 44

CCNA

Ti liu dnh cho hc vin

running-config Copy from current system configuration startup-config Copy from startup configuration system: Copy from system: file system tftp: Copy from tftp: file system xmodem: Copy from xmodem: file system ymodem: Copy from ymodem: file system vsic#copy Upload tp tin IOS ln tftp server vsic#copy flash:c2950-i6q4l2-mz.121-22.EA2.bin tftp Address or name of remote host []? 10.1.1.10 Destination filename [c2950-i6q4l2-mz.121-22.EA2.bin]? c2950-i6q4l2-mz.12122.EA2.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!--output omitted-3086328 bytes copied in 21.672 secs (142411 bytes/sec) vsic# Download IOS image t TFTP server vo Flash ca switch, v bn s down load v tp tin va mi upload ln , dn n b trng tn cho nn bn s c hi l c ghi ln hay khng, bn phi tr li l yes: vsic#copy tftp flash: Address or name of remote host []? 10.1.1.10 Source filename []? c2950-i6q4l2-mz.121-22.EA2.bin Destination filename [c2950-i6q4l2-mz.121-22.EA2.bin]? %Warning:There is a file already existing with this name Do you want to over write? [confirm]y Accessing tftp://10.1.1.10/c2950-i6q4l2-mz.121-22.EA2.bin... Loading c2950-i6q4l2-mz.121-22.EA2.bin from 10.1.1.10 (via Vlan1): !!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! --output omitted-[OK - 3086328 bytes] 3086328 bytes copied in 87.712 secs (35187 bytes/sec) BC 6 : Lu li cc cu hnh : vsic#copy running-config startup-config M RNG : Bn nn th thit lp kt ni 2 switch vi nhau, cu hnh 1 switch lm tftp server , cn switch kia phi cp nht li IOS image ca mnh t switch.

VSIC Education Corporation

Trang 45

CCNA

Ti liu dnh cho hc vin

Phn 2 :LAN
BI 9: CU HNH VLAN TRN SWITCH 2950
1. Gii thiu chung v VLAN: Trc y, cc switch ch c chc nng ngn cch cc broadcast domain, cho nn c th xem cc thit b c cm trn cng mt switch l mt LAN network. iu dn n hn ch khng gian vt l ca 1 LAN ch c th trong 1 cn phng hoc cng lm l to nh. Vi chc nng phn chia VLAN bn c th cp mt s port ca switch cho VLAN A, v cc port khc cho VLAN B Mi VLAN l mt broadcast domain v 2 thit b trn 2 VLAN khc nhau khng th lin lc c nu khng c thit b lp 3 kt ni 2 VLAN li vi nhau. VLAN em li s thu li trong vic chia nhm lm vic v 1 VLAN c th nm nhiu switch khc nhau, min l cc switch c kt ni vi nhau. 2. M t bi lab v hnh :

Cc thit b cn c: 1 switch 2950, 2 PC, 2 cp thng , 1 cp console 3. Cc bc thc hin : BC 1 Thit lp cc kt ni ging nh trong hnh. Xo cu hnh hin ti trn switch 2950 : xo startup-config, v vlan.dat Switch>enable Switch#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]y Erase of nvram: complete Switch# 00:04:57: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of nvram Switch# Xa cu hnh vlan c: Switch#delete vlan.dat Switch#reload Proceed with reload? [confirm]y VSIC Education Corporation Trang 46

CCNA

Ti liu dnh cho hc vin

00:06:33: %SYS-5-RELOAD: Reload requested --output omitted Would you like to enter the initial configuration dialog? [yes/no]:n --output omitted BC 2 : Xem qua cu hnh mc nh ca switch: Switch> Switch>enable Switch#show running-config --output omitted ! interface Vlan1 no ip address no ip route-cache shutdown ! ip http server ! line con 0 line vty 5 15 ! --output omitted Thc hin cc bc cu hnh c bn: Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname vsic vsic(config)#enable password cisco vsic(config)#enable secret class vsic(config)#line con 0 vsic(config-line)#password vsic vsic(config-line)#login vsic(config-line)#line vty 0 15 vsic(config-line)#password cert vsic(config-line)#login vsic(config-line)#^Z vsic# Xem trng thi cc vlan mc nh c trong switch vsic#show vlan VLAN Name ---- -------------------------------1 default Status Ports -------- ------------------------------active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8

VSIC Education Corporation

Trang 47

CCNA

Ti liu dnh cho hc vin

1002

fddi-default

Fa0/9, Fa0/10, Fa0/11, Fa0/12 act/unsup

--output omitted BC 3 : Cc VLAN c th c to ra bng 1 trong 2 cch. Cch 1 l cp pht 1 port vo mt vlan cha tn ti. Switch s t ng to vlan cho port c cp. Cch khc l to cc vlan trc, sau mi cp pht port cho n sau. 2950 switch c lnh range cho php vic cu hnh nhiu port (lin tc, hoc khng lin tc) cho 1 s chc nng no . Gi s nh bn phi cu hnh nhiu lnh ging nhau cho nhiu port th c th dng t kha range cu hnh 1 ln cho nhiu port. Theo mc nh, VLAN 1 c sn v c gi l management vlan, tt c cc port nm sn trong VLAN 1. Do khng cn thit phi cp pht port cho vlan 1. Bn s dng lnh range cp pht port 5 n 8 cho vlan 10 theo cch to vlan th nht. Sau , to VLAN 20 theo cch th 2, cp pht 1 port s 9 cho vlan 20, ri cp pht port 10, 12 cho vlan 20 bn thy c lnh range c th s dng cho cc port khng lin tc. vsic#configure terminal vsic(config)#interface range fast 0/5 -8 vsic(config-if-range)#switchport access vlan 10 % Access VLAN does not exist. Creating vlan 10 vsic(config-if-range)#no shut vsic(config-if-range)#^Z G lnh show vlan xem vlan 10 va mi to ra c hin th c th trong output. vsic#show vlan VLAN Name Status Ports ----------------------------------- -------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/9, Fa0/10, Fa0/11, Fa0/12 10 VLAN0010 active Fa0/5, Fa0/6, Fa0/7, Fa0/8 1002 fddi-default act/unsup --output omitted-To VLAN 20 theo cch 2, v cp pht port dng lnh range theo kiu khng lin tc. vsic#vlan database vsic(vlan)#vlan 20 VLAN 20 added: Name: VLAN0020 vsic(vlan)#exit APPLY completed. Exiting.... vsic#configure terminal vsic(config)#interface fast 0/9 vsic(config-if)#switchport access vlan 20 vsic(config-if)#exit vsic(config)#interface range fast 0/9 - 12 vsic(config-if-range)#switchport access vlan 20

VSIC Education Corporation

Trang 48

CCNA

Ti liu dnh cho hc vin

vsic(config-if-range)#exit vsic(config)# Xem li cc cu hnh mi nhp vo bng lnh : show vlan vsic#show vlan VLAN Name ----------------------------1 default 10 VLAN0010 20 VLAN0020 1002 fddi-default --output omitted vsic#vlan database vsic(vlan)#vlan 20 name accounting VLAN 20 modified: Name: accounting vsic(vlan)#exit APPLY completed. Exiting.... Xem tn ca vlan 20 by gi c i thnh accouting ch khng cn l tn mc nh: VLAN0020 nh trc y. vsic#show vlan VLAN Name Status -------------------- -------1 default active 10 VLAN0010 20 accounting 1002 fddi-default --output omitted-By gi bn i tn VLAN 10 thnh engineering nhng sau nhp vo lnh abort, tn ca VLAN 10 vn khng thay i, v n khng c lu li. Lnh abort s hu tt c cu hnh trong phin lm ng nhp vo vlan database hin hnh. vsic#vlan database vsic(vlan)#vlan 10 name engineering VLAN 10 modified: Name: enginerring vsic(vlan)#abort Aborting.... vsic# vsic#show vlan active active act/unsup Ports -------------------------------------Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/11 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11Fa0/12 Status Ports ------- ------------------------------active Fa0/1, Fa0/2, Fa0/3, Fa0/4 active Fa0/5, Fa0/6, Fa0/7, Fa0/8 active Fa0/9, Fa0/10,Fa0/11,Fa0/12 act/unsup

VSIC Education Corporation

Trang 49

CCNA

Ti liu dnh cho hc vin

VLAN Name ----------------------------------1 default 10 VLAN0010 20 accounting 1002 fddi-default --output omitted

Status --------active active active act/unsup

Ports ------------------------------Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/11 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/12

BC 4 : Nhp vo a ch IP cho cc VLAN interface vsic(config)#interface vlan 1 vsic(config-if)#ip address 192.168.1.1 255.255.255.0 vsic(config-if)#no shut vsic(config-if)#interface vlan 10 vsic(config-if)#ip address 192.168.10.1 255.255.255.0 vsic(config-if)#no shut vsic(config-if)#interface vlan 20 vsic(config-if)#ip address 192.168.20.1 255.255.255.0 vsic(config-if)#no shut Kim tra li cc a ch IP nhp vo bng lnh sau: vsic#show run ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 no ip route-cache shutdown ! interface Vlan10 ip address 192.168.10.1 255.255.255.0 no ip route-cache shutdown ! interface Vlan20 ip address 192.168.20.1 255.255.255.0 no ip route-cache ! Lu : ch c mt vlan interface c php up vo bt c lc no. Chng hn interface vlan 20 ang up, nu bn g lnh no shut cho interface vlan 10 th interface vlan 20 t ng down. BC 5 : kim tra hot ng ca cc VLAN , bn c th lm nh sau: a) Cu hnh cho PC 1 a ch IP : 192.168.1.2 255.255.255.0. Dng cp thng ni card mng ca PC1 vi port 1 ca switch. ng t PC 1 bn g lnh: ping 192.168.1.1. Lnh ping phi thnh cng. Nu khng, bn phi kim tra li ton b cu hnh. b) PC2 c cm vo port 5 ca SW, ta cu hnh a ch IP ca PC2 192.168.10.2. Ta s dng lnh ping 192.168.10.1 xc nhn PC2 nm trong VLAN 10. Ta th s dng VSIC Education Corporation Trang 50

CCNA

Ti liu dnh cho hc vin

PC1 ping PC2, ta thy s khng thnh cng, do 2 PC by gi khc vng broadcast v cc vng ny khng c ni vi nhau. Tip theo ta cm PC1 vo port 6 ca Switch, ta s dng lnh ping 192.168.10.2 nhng vn khng thy c PC2 do PC1 v PC2 khng thuc chung 1 mng( 192.168.1.0 v 192.168.10.0). Ta sa a ch ca PC thnh 192.168.10.3( chung mng vi PC2), lc ny ping s thnh cng. 4. T thc hnh bng Boson Netsim( dnh cho SV thc hnh thm nh) Chy phn mm Boson Netsim v chn File Load Netmap Chn file lab9vlan.top. Sau khi open file ny chng ta ang thc hnh vi hnh nh sau:

Click vo eSwitch hin th trn phn mm v bt u cu hnh SW ging nh bi thc hnh trn. Trong hnh trn ta thy PC1 thuc VLAN1 v PC2,PC3 thuc Vlan10. PC1 ping thy int vlan1 nhng khng ping thy PC2,PC3. Trong khi PC2,PC3 c th ping thy nhau.

VSIC Education Corporation

Trang 51

CCNA

Ti liu dnh cho hc vin

Mun cu hnh IP cho PC1,2,3 ta click v eStation v chn PC mnh mun cu hnh. G lnh winipcfg cu hnh IP.

VSIC Education Corporation

Trang 52

CCNA

Ti liu dnh cho hc vin

Ta th ping vo int vlan1

VSIC Education Corporation

Trang 53

CCNA

Ti liu dnh cho hc vin

Ta thy PC2(192.168.10.2) v PC3 (192.168.10.3)u thuc Vlan 10 nn s ping thy nhau.

VSIC Education Corporation

Trang 54

CCNA

Ti liu dnh cho hc vin

PC1( 192.168.1.2) v PC2( 192.168.10.2) s khng ping thy nhau v khc Vlan.

VSIC Education Corporation

Trang 55

CCNA

Ti liu dnh cho hc vin

BI 10: CU HNH VLAN TRUNK


1. Gii thiu : Trunk l mt ng vt l ng thi ca l mt ng logic cho php vlan trn hai switch khc nhau trao i thng tin c vi nhau. Thay v vlan trn hai switch mun trao i thng tin vi nhau chng ta phi ni mt port thuc vlan trn switch ny vi mt port cng thuc vlan trn switch cn li

th trunk cho php thc hin iu ch bng mt ng vt l. Trunk to ra nhiu ng kt ni vlan o trn mt ng vt l. T vlan trn cc switch khc c th lin lc c vi nhau.

Trunk c hai loi ng gi l : dot1q v isl. Dot1q s dng cc frame tagging truyn d liu ca vlan gia hai switch khc nhau. Cn ISL s ng gi ethernet frame bng cc gn vo u fram gi tr VLAN ID. 2. M t bi lab v hnh :

Hai switch c ni vi nhau bng cp cho v c cu hnh cng VTP domain. 3. Cu hnh cho cc switch : Trc tin khi b nh hng gia cc Switch vi nhau( t ng trunking), ta cha cm cp ng Trunk( fa0/1 ca cc Switch) hay shut down port trunk VSIC1#conf t

VSIC Education Corporation

Trang 56

CCNA

Ti liu dnh cho hc vin

VSIC1(config)# int fa0/1 VSIC1(config-if)#shut Chng ta to vlan2, vlan4, vlan6 cho VSIC1; vlan3, vlan5, vlan7 cho VSIC2 v cu hnh cho hai switch trong cng mt VTP domain. VSIC1#vlan database VSIC1(vlan)#vlan 2 name vlan2 To vlan2 cho switch VSIC1 VSIC1(vlan)#vlan 4 name vlan4 VSIC1(vlan)#vlan 6 name vlan6 VSIC1(vlan)#vtp domain name VSIC Cu hnh cho VSIC1 thuc VTP domain VSIC VSIC1(vlan)#apply VSIC2#vlan database VSIC2(vlan)#vlan 3 name vlan3 VSIC2(vlan)#vlan 5 name vlan5 VSIC2(vlan)#vlan 7 name vlan7 VSIC2(vlan)#vtp domain name VSIC VSIC2(vlan)#apply Sau khi cu hnh Vlan xong chng ta kim tra li cc vlan ca VSIC1 v VSIC2 bng cu lnh show vlan. VSIC1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 vlan2 active 4 vlan4 active 6 vlan6 active VSIC2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 vlan3 active 5 vlan5 active 7 vlan7 active Switch VSIC1 c to vlan2, vlan4, vlan6; switch VSIC2 c vlan3, vlan5, vlan6. i vi SW 2950 chng ta khng cn phi ch ra cch ng gi v ch h tr cch ng gi dot1q.By gi chng ta s cu hnh ng trunk cho hai switch bng cch : (Chng ta cha ni hai port fa0/1 ca hai switch li vi nhau)

VSIC Education Corporation

Trang 57

CCNA

Ti liu dnh cho hc vin

i vi VSIC1 l Switch 2950 VSIC1#conf t VSIC1(config)#in fa0/1 VSIC1(config-if)#switchport mode trunk

Cu hnh cho port Fa0/1 l trunk

i vi VSIC2 l SW 2900XL( hay 3550) VSIC2#conf t VSIC2(config)#in fa0/1 VSIC2(config-if)#switchport mode trunk VSIC2(config-if)#switchport trunk encapsulation dot1q s dng giao thc ng gi dot1q cho ng trunk Lu : do switch 2950 ch h tr dot1q nn chng ta phi cu hnh cho switch VSIC2 (2900) s dng cng giao thc ng gi l dot1q. Khng cu hnh ISL cho switch VSIC2. By gi chng ta s dng cu lnh show vtp status kim tra VTP : VSIC1# sh vtp status VTP Version :2 Configuration Revision :3 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : VSIC VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xEA 0xB0 0xB8 0x44 0xFF 0x84 0x8D 0xFD Configuration last modified by 0.0.0.0 at 3-1-93 00:22:49 VSIC2#sh vtp status VTP Version :2 Configuration Revision :2 Maximum VLANs supported locally : 68 Number of existing VLANs : 11 VTP Operating Mode : Server VTP Domain Name : VSIC VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xA6 0x13 0x28 0xD8 0x04 0xB8 0xAD 0x14 Configuration last modified by 0.0.0.0 at 3-1-93 00:17:09 Chng ta lu l s configuration revision ca VTP switch VSIC1 ln hn ca VSIC2. Hai switch c cng VTP domain name l VSIC v c hai l VTP server. By gi chng ta ni hai port fa0/1 ca hai switch li vi nhau v kim tra li cc vlan. VSIC1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 VSIC Education Corporation Trang 58

CCNA

Ti liu dnh cho hc vin

2 4 6

vlan2 vlan4 vlan6

active active active

VSIC2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 2 vlan2 active 4 vlan4 active 6 vlan6 active Nhn xt : cc vlan trn switch VSIC2 b mt thay vo l cc vlan ca VSIC1. Do VSIC1 c s configuration revision ln hn nn p chng tt c vlan ca mnh ln switch VSIC2. Chng ta c th tng s configuration cho switch bng cch ra vo vlan datatbase v apply nhiu ln. C mi ln chng ta vo vlan database apply mt ln th s configuration s tng ln mt ln. By gi chng ta s kho st nu hai switch khc VTP domain th s hot ng nh th no. Chng ta cu hnh cho switch VSIC1 c VTP domain l VSIC, cn switch VSIC2 l VSIC1. Do phn trn chng ta cu hnh cho switch VSIC1 thuc VTP domain VSIC v cc vlan ca VSIC2 b mt nn by gi chng ta cu hnh VSIC2 thuc VTP domain VSIC1 v to li cc vlan3, vlan5, vlan7 cho VSIC2. (lu chng ta nn tho cp ni hai port fa0/1 ca hai switch trc khi thc hin) VSIC2#vlan database VSIC2(vlan)#no vlan 2 VSIC2(vlan)#no vlan 4 VSIC2(vlan)#no vlan 6 VSIC2(vlan)#vlan 3 name vlan3 VSIC2(vlan)#vlan 5 name vlan5 VSIC2(vlan)#vlan 7 name vlan7 VSIC2(vlan)#vtp domain name VSIC VSIC2(vlan)#apply By gi chng ta kim tra li s configuration revision ca hai switch v cc vlan ca chng. VSIC1#sh vtp status VTP Version :2 Configuration Revision :3 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : VSIC VSIC2#sh vtp status VTP Version :2

VSIC Education Corporation

Trang 59

CCNA

Ti liu dnh cho hc vin

Configuration Revision :0 Maximum VLANs supported locally : 68 Number of existing VLANs : 11 VTP Operating Mode : Server VTP Domain Name : VSIC1 VSIC1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 vlan2 active 4 vlan4 active 6 vlan6 active VSIC2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 vlan3 active 5 vlan5 active 7 vlan7 active By gi chng ta ni cp hai port fa0/1 li. Kim tra li cc vlan chng ta s thy c l hai switch khng trao thi thng tin vlan vi nhau (switch VSIC1 s khng p vlan ln switch VSIC2). VSIC1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 vlan2 active 4 vlan4 active 6 vlan6 active VSIC2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17,

VSIC Education Corporation

Trang 60

CCNA

Ti liu dnh cho hc vin

Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 vlan3 active 5 vlan5 active 7 vlan7 active Vy nu hai switch khng cng mt VTP domain th s khng trao i thng tin vlan cho nhau. 4. Cch t thc hnh bng Boson Netsim S dng tnh nng Lab Navigator ca Boson Netsim. Trong phn ny c rt nhiu bi v vlan Trunk.

VSIC Education Corporation

Trang 61

CCNA

Ti liu dnh cho hc vin

Click vo Load lab vo lab thc hnh. V view lab xem cu hnh chi tit

VSIC Education Corporation

Trang 62

CCNA

Ti liu dnh cho hc vin

VSIC Education Corporation

Trang 63

CCNA

Ti liu dnh cho hc vin

BI 11:CU HNH VTP PASSWORD


1. Gii thiu : Trong VTP, nu nh ta ni hai switch cng VTP domain vi nhau, th cc switch s trao i thng tin Vlan vi nhau. Nu switch no c s Configuration Revision cao hn s chuyn ht tt c cc thng tin Vlan ca mnh cho switch kia. iu ny c mt li cng nh mt hi. Trong trng hp nu nh ta thit lp mt mng vi nhiu Vlan ang hot ng tt, khi nng cp mng bng cch lp thm mt switch mi vo switch c v ta mun switch ny s ly nhng thng tin v cc Vlan c, nhng khng may switch ny c s Configuration Revision nn chuyn ht cc thng tin vlan cho switch c. iu ny ng ngha vi chng ta mt tt c Vlan c ang hot ng (do switch mi cha c vlan no). VTP password gip chng ta khc phc c trng hp khng mong mun ny. Nu hai switch cng mt VTP domain nhng khc VTP password th s khng trao i thng tin Vlan vi nhau qua ng trunk. 2. M t bi lab v hnh

Chng ta s cu hnh cho hai switch cng VTP domain name l Vsic. Switch Vsic1 c cc Vlan l vlan2, vlan4, vlan6. Switch Vsic2 c cc vlan3, vlan5, vlan7 3. Cu hnh switch : Chng ta cu hnh vlan2, vlan4, vlan6 cho switch Vsic1; vlan3, vlan5, vlan7 cho switch Vsic2. Vsic1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 Vlan2 active 4 Vlan4 active 6 Vlan6 active Vsic2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, VSIC Education Corporation Trang 64

CCNA

Ti liu dnh cho hc vin

Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 Vlan3 active 5 Vlan5 active 7 Vlan7 active Chng ta tin hnh cu hnh ng trunk cho hai switch Vsic1 v Vsic2 (khng cm cp cho vo hai port fa0/1 ca hai switch) Vsic1#conf t Vsic1(config)#in fa0/1 Vsic1(config-if)#switchport mode trunk Vsic2#conf t Vsic2(config)#in fa0/1 Vsic2(config-if)#switchport mode trunk Vsic2(config-if)#switchport trunk encapsulation dot1q s dng giao thc ng gi dot1q cho ng trunk Lu : switch 2950 s dng phng thc ng gi l dot1q do chng ta phi cu hnh cho switch Vsic2 (switch 2900) s dng giao thc ng gi ny. By gi chng ta s xem s Configuration Revision ca cc switch bng cu lnh show vtp status Vsic1#sh vtp status VTP Version :2 Configuration Revision :3 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Vsic VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x0E 0x36 0x79 0x87 0x0C 0x87 0x1E 0x4C Configuration last modified by 0.0.0.0 at 3-1-93 00:06:43 Local updater ID is 0.0.0.0 (no valid interface found) Vsic2#sh vtp status VTP Version :2 Configuration Revision :1 Maximum VLANs supported locally : 68 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Vsic VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xAB 0xF7 0xF9 0xCD 0x83 0xEB 0x42 0xE6 Configuration last modified by 0.0.0.0 at 3-1-93 00:01:47

VSIC Education Corporation

Trang 65

CCNA

Ti liu dnh cho hc vin

Trong trng hp ny s Configuration Revision ca Vsic1 ln hn ca Vsic2 do khi ta ni ng trunk li th cc vlan ca Vsic2 s b mt v thay vo l cc vlan ca Vsic1. By gi chng ta cm cp cho vo hai port fa0/1 ca hai switch v kim tra li vlan trn switch Vsic1 v Vsic2 Vsic1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 Vlan2 active 4 Vlan4 active 6 Vlan6 active Vsic2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 2 Vlan2 active 4 Vlan4 active 6 Vlan6 active Switch b mt cc vlan ca mnh, v thay vo l cc vlan ca switch Vsic1. Trong trng hp nu nh s Configuration Revision ca Vsic2 ln hn Vsic1 th s xy ra ngc li. Chng ta c th tng s configuration revision bng cch vo vlan database apply nhiu ln. C mi ln apply th s ny s tng ln. By gi chng ta tho cp thng ni hai port fa0/1 ca hai switch ra ri cu hnh vlan li cho Vsic1 ging nh ban u (gm vlan2, vlan4, vlan6) kho st hot ng ca VTP password. Sau khi cu hnh vlan cho Vsic1 xong, chng ta cu hnh VTP password bng cch : Vsic1#vlan database Vsic1(vlan)#vtp password cisco Cu hnh VTP password Vsic1(vlan)#apply Vsic2#vlan database Vsic2(vlan)#vtp password cisco1 Vsic2(vlan)#apply y chng ta c tnh cu hnh hai VTP password khc nhau kim tra hot ng ca VTP khi password khc nhau nh th no. Sau khi cu hnh VTP password xong, kim tra li s configuration revision sau ni cp vo hai port fa0/1 v kim tra cc vlan ca c hai. Vsic1#sh vtp status VTP Version :2

VSIC Education Corporation

Trang 66

CCNA

Ti liu dnh cho hc vin

Configuration Revision :2 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Vsic VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xDC 0x72 0x0C 0xDF 0x21 0x03 0x77 0xE6 Configuration last modified by 0.0.0.0 at 3-1-93 00:21:40 Local updater ID is 0.0.0.0 (no valid interface found) Vsic2#sh vtp status VTP Version :2 Configuration Revision :3 Maximum VLANs supported locally : 68 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Vsic VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xEB 0x3F 0x54 0x2C 0x25 0x7B 0x0D 0x19 Configuration last modified by 0.0.0.0 at 3-1-93 00:08:14 Vsic1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 Vlan2 active 4 Vlan4 active 6 Vlan6 active Vsic2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 Vlan3 active 5 Vlan5 active 7 Vlan7 active Mc d switch Vsic2 c s configuration revision ln hn nhng cc vlan ca Vsic1 vn khng b xa v Vsic1 cng khng bit c cc Vlan ca Vsic2. iu ny ng ngha vi

VSIC Education Corporation

Trang 67

CCNA

Ti liu dnh cho hc vin

hai switch khng chuyn i thng tin vlan cho nhau. Do switch Vsic1 c VTP password l cisco cn Vsic2 l cisco1. By gi chng ta tho cp ni hai port fa0/1 ca hai switch ra ri vo switch Vsic2 cu hnh li VTP password l cisco. Sau khi cu hnh li chng ta kim tra s configuration revision ca hai switch Vsic1#sh vtp status VTP Version :2 Configuration Revision :2 Maximum VLANs supported locally : 64 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Vsic VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xDC 0x72 0x0C 0xDF 0x21 0x03 0x77 0xE6 Configuration last modified by 0.0.0.0 at 3-1-93 00:21:40 Local updater ID is 0.0.0.0 (no valid interface found) Vsic2#sh vtp status VTP Version :2 Configuration Revision :4 Maximum VLANs supported locally : 68 Number of existing VLANs :8 VTP Operating Mode : Server VTP Domain Name : Vsic VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD9 0xBA 0xC8 0x6A 0x7A 0x2C 0x1C 0xE6 Configuration last modified by 0.0.0.0 at 3-1-93 00:08:14 By gi chng ta ni cp gia hai port fa0/1, kim tra li vlan ca c hai switch Vsic1#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active 3 Vlan3 active 5 Vlan5 active 7 Vlan7 active Vsic2#sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 Vlan3 active

VSIC Education Corporation

Trang 68

CCNA

Ti liu dnh cho hc vin

5 Vlan5 active 7 Vlan7 active Cc vlan ca Vsic1 b mt, thay vo l Vsic1 c cc Vlan ca Vsic2. T cc kt qu trn ta c th thy tc dng ca VTP password : nu hai switch cng VTP domain nhng khc password th s khng truyn thng tin vlan cho nhau.

VSIC Education Corporation

Trang 69

CCNA

Ti liu dnh cho hc vin

Phn 3 :Routing
BI 12: NH TUYN TNH (Static route)
1. Gii thiu : nh tuyn (Routing) l 1 qu trnh m Router thc thi v s chuyn mt gi tin(Packet) t mt a ch ngun (soucre)n mt a ch ch(destination) trong mng.Trong qu trnh ny Router phI da vo nhng thng tin nh tuyn a ra nhng quyt nh nhm chuyn gi tin n nhng a ch ch nh trc.C hai loI nh tuyn c bn l nh tuyn tnh (Static Route) v nh tuyn ng (Dynamic Route) nh tuyn tnh (Static Route) l 1 qu trnh nh tuyn m thc hin bn phI cu hnh bng tay(manually) tng a ch ch c th cho Router. Mt dng mc nh ca nh tuyn tnh l Default Routes, dng ny c s dng cho cc mng ct (Stub Network) nh tuyn ng (Dynamic Route) y m mt dng nh tuyn m khi c cu hnh dng ny, Router s s dng nhng giao thc nh tuyn nh RIP(Routing Information Protocol),OSPF(Open Shortest Path Frist),IGRP(Interior Gateway Routing Protocol) thc thi vic nh tuyn mt cch t ng (Automatically) m bn khng phi cu hnh trc tip bng tay. 2. M t bi lab v hnh :

hnh bi lab nh hnh, PC ni vi router bng cp cho. Hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh hnh v. Bi lab ny gip bn thc hin cu hnh nh tuyn tnh cho 2 router, lm cho 2 router c kh nng nhn thy c nhau v c cc mng con trong n. 3. Cu hnh nh tuyn tnh (Static Route) Chng ta cu hnh cho cc router v PC nh sau : Router Vsic1 hostname Vsic1 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger ! no ip dhcp-client network-discovery ! interface Ethernet0 ip address 10.0.0.1 255.255.255.0 ! interface Serial0 VSIC Education Corporation Trang 70

CCNA

Ti liu dnh cho hc vin

ip address 192.168.0.1 255.255.255.0 ! interface Serial1 no ip address shutdown ! ip kerberos source-interface any ip classless ip http server ! line con 0 transport input none line aux 0 line vty 0 4 ! end Router Vsic2 hostname Vsic2 ! ip subnet-zero ! interface Ethernet0 ip address 10.0.1.1 255.255.255.0 ! interface Serial0 ip address 192.168.0.2 255.255.255.0 clockrate 56000 ! interface Serial1 no ip address shutdown ! ip classless ip http server ! line con 0 line aux 0 line vty 0 4 ! end Host 1 : IP 10.0.0.2 Subnetmask: 255.255.255.0 Gateway: 10.0.0.1 Host 2 : IP: 10.0.1.2

VSIC Education Corporation

Trang 71

CCNA

Ti liu dnh cho hc vin

Subnetmask: 255.255.255.0 Gateway:10.0.1.1 Chng ta tin hnh kim tra cc kt ni bng cch : Ping t Host1 sang a ch 10.0.0.1

Ping t Host 1 sang a ch 192.168.0.1

Ping t Host 1 sang a ch 192.168.0.2

M ch debug ti Router Vsic2 vsic2#debug ip packet IP packet debugging is on Thc hin li lnh ping trn ta thy vsic2# 00:33:59: IP: s=10.0.0.2 (Serial0), d=192.168.0.2 (Serial0), len 60, rcvd 3 00:33:59: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable VSIC Education Corporation Trang 72

CCNA

Ti liu dnh cho hc vin

00:34:04: IP: s=10.0.0.2 (Serial0), d=192.168.0.2 (Serial0), len 60, rcvd 3 00:34:04: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 00:34:09: IP: s=10.0.0.2 (Serial0), d=192.168.0.2 (Serial0), len 60, rcvd 3 00:34:09: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 00:34:14: IP: s=10.0.0.2 (Serial0), d=192.168.0.2 (Serial0), len 60, rcvd 3 00:34:14: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable Ping t Host 1 sang a ch 10.0.1.1

M ch debug ti Router Vsic1 vsic1#debug ip packet IP packet debugging is on Thc hin li lnh Ping: vsic1# 00:36:41: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:41: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending 00:36:42: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:42: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending 00:36:43: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:43: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending 00:36:44: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:44: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending Lnh Ping trng hp ny khng thc hin thnh cng, ta dng lnh debug ip packet m ch debug ti 2 Router, ta thy Router Vsic 2 vn nhn c gi packet t host1 khi ta ping a ch 192.168.0.2, tuy nhin do host 1 khng lin kt trc tip vi Router Vsic 2 nn gi Packet ICMP tr v lnh ping khng c a ch ch,do vy gi Packet ny b hy,iu ny dn n lnh Ping khng thnh cng. trng hp ta ping t Host1 sang a ch 10.0.1.1 gi packet b mt ngay ti router vsic1 v Router vsic1 khng xc nh c a ch ch cn n trong bng nh tuyn(a ch ny khng lin kt trc tip vi Router vsic1).Ta so snh v tr Unroutable trong kt qu debug packet 2 cu lnh ping trn thy c s khc nhau. thc hin thnh cng kt ni ny,ta phi thc hin cu hnh Static Route cho Router Vsic1 v Router Vsic2 nh sau: vsic1(config)#ip route 10.0.1.0 255.255.255.0 s0 vsic1(config)#exit

VSIC Education Corporation

Trang 73

CCNA

Ti liu dnh cho hc vin

Bn thc hin lnh Ping t Host1 sang Host 2

Bn thc hin lnh Ping t Router Vsic2 sang Host1 vsic2#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) thc hin thnh cng lnh Ping ny bn phi thc hin cu hnh Static route cho Router vsic 2 nh sau Vsic2(config)#ip route 10.0.0.0 255.255.255.0 s0 Vsic2(config)#^Z Lc ny t Host2 bn c th Ping thy cc a ch Trn Router Vsic 1 v Host1

VSIC Education Corporation

Trang 74

CCNA

Ti liu dnh cho hc vin

Chng ta kim tra bng nh tuyn ca cc router bng lnh show ip route vsic1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets C 10.0.0.0 is directly connected, Ethernet0 S 10.0.1.0 is directly connected, Serial0 C 192.168.0.0/24 is directly connected, Serial0 S biu th nhng kt ni thng qua nh tuyn tnh C biu th nhng kt ni trc tip Vsic2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set S C C 10.0.0.0/24 is subnetted, 2 subnets 10.0.0.0 is directly connected, Serial0 10.0.1.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0

Thc hin lnh Show run ti Router xem li cu hnh nh tuyn: vsic1#show run Building configuration... ip kerberos source-interface any ip classless VSIC Education Corporation Trang 75

CCNA

Ti liu dnh cho hc vin

ip route 10.0.1.0 255.255.255.0 Serial0 ip http server ! end vsic2#show run Building configuration... ip classless ip route 10.0.0.0 255.255.255.0 Serial0 ip http server ! End Bn thc hin thnh cng vic nh tuyn cho 2 Router kt ni c vi nhau c cc mng con ca chng, bn cng c th m rng hnh ra thm vi 3, 4 hay 5 hop thc hnh vic cu hnh nh tuyn tnh tuy nhin bn thy r vic cu hnh ny tng i rc ri v di dng nht l i vi mi trng Internet bn ngoi,v vy bn s phi thc hin vic cu hnh nh tuyn ng cho Router bi sau. 4. T thc hnh bng Dynagen : u tin chnh file cu hnh lab12static.net c a ch card mng ph hp. # Simple lab [localhost] [[3640]] image = \Program Files\Dynamips\images\C3640_IS_MZ122_3.BIN # On Linux / Unix use forward slashes: # image = /opt/7200-images/c7200-jk9o3s-mz.124-7a.image ram=96 [[ROUTER VSIC1]] model=3640 s1/0 = VSIC2 s1/0 F0/0 = NIO_gen_eth:\Device\NPF_{7211A84E-B69B-4DDF-B780-7835124CF83B} [[router VSIC2]] model=3640 F0/0 = NIO_gen_eth:\Device\NPF_{7211A84E-B69B-4DDF-B780-7835124CF83B} # No need to specify an adapter here, it is taken care of # by the interface specification under Router VSIC1 Ta c m hnh lab sau:

VSIC Education Corporation

Trang 76

CCNA

Ti liu dnh cho hc vin

Ta s dng VMware gi lp cho PC2. Card mng VMware c bridge vi card mng ca PC, v fa0/0 ca VSIC1, VSIC2. Trong VSIC1 v PC1 thuc LAN th nht, VSIC2 v PC2 thuc LAN th 2. Ta c th th cc kt ni gia PC1 v Router VSIC1 ( cu hnh ip fa0/0) bng cch s dng lnh ping

VSIC Education Corporation

Trang 77

CCNA

Ti liu dnh cho hc vin

By gi ta cu hnh static route gia cc router ging nh bi thc hnh trn. Sau test li bng cch ping t PC1 n PC2.

VSIC Education Corporation

Trang 78

CCNA

Ti liu dnh cho hc vin

BI 13: RIP( ROUTING INFORMATION PROTOCOL)


1. Gii thiu : RIP (Routing Information Protocol) l mt giao thc nh tuyn dng qung b thng tin v a ch m mnh mun qung b ra bn ngoi v thu thp thng tin hnh thnh bng nh tuyn (Routing Table)cho Router. y l loi giao thc Distance Vector s dng tiu ch chn ng ch yu l da vo s hop (hop count) v cc a ch m Rip mun qung b c gi i dng Classful (i vi RIP verion 1) v Classless (i vi RIP version 2). V s dng tiu ch nh tuyn l hop count v b gii hn s hop l 15 nn giao thc ny ch c s dng trong cc mng nh (di 15 hop). 2. M t bi lab v hnh :

Cc PC ni vi router bng cp cho, hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh trn hnh. Bi thc hnh ny gip bn thc hin c vic cu hnh cho mng c th lin lc c vi nhau bng giao thc RIP

3. Cu hnh: Trc tin bn cu hnh cho cc thit b nh sau: Router Vsic1 Vsic1#show run Building configuration... Current configuration : 609 bytes ! version 12.2 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption VSIC Education Corporation Trang 79

CCNA

Ti liu dnh cho hc vin

! hostname Vsic1 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger ! no ip dhcp-client network-discovery ! interface Ethernet0 ip address 10.0.0.1 255.255.255.0 ! interface Serial0 ip address 192.168.0.1 255.255.255.0 no fair-queue clockrate 56000 ! interface Serial1 no ip address shutdown ! ip kerberos source-interface any ip classless ip http server ! line con 0 transport input none line aux 0 line vty 0 4 ! End Router Vsic2 Vsic2#show run Building configuration... Current configuration : 485 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Vsic2 ! ip subnet-zero

VSIC Education Corporation

Trang 80

CCNA

Ti liu dnh cho hc vin

! interface Ethernet0 ip address 11.0.0.1 255.255.255.0 ! interface Serial0 ip address 192.168.0.2 255.255.255.0 ! interface Serial1 no ip address shutdown ! ip classless ip http server ! line con 0 line aux 0 line vty 0 4 ! End Host1 : IP 10.0.0.2 Subnet mask:255.255.255.0 Gateway:10.0.0.1 Host2 : IP: 11.0.0.2 Subnet mask:255.255.255.0 Gateway:11.0.0.1 Bn thc hin vic kim tra cc kt ni bng lnh Ping Ping t Host1 sang a ch 10.0.0.1

Ping t Host 1 sang a ch 192.168.0.1

VSIC Education Corporation

Trang 81

CCNA

Ti liu dnh cho hc vin

Ping t Host1 sang a ch 192.168.0.2

i vi Host 1 bn khng th Ping thy a ch 192.168.0.2 Bn thc hin vic kim tra tng t Host 2 Ping a ch 11.0.0.1

Ping a ch 192.168.0.2

Ping a ch 192.168.0.1

VSIC Education Corporation

Trang 82

CCNA

Ti liu dnh cho hc vin

Thc hin cc lnh Ping t Router Vsic1: Vsic1#ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms Vsic1#ping 11.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Thc hin cc lnh Ping t Router Vsic2 Vsic2#ping 192.168.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms Vsic2#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Bn xem bng thng tin nh tuyn ca tng Router (dng lnh Show ip route) Vsic1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 10.0.0.0/24 is subnetted, 1 subnets 10.0.0.0 is directly connected, Ethernet0

VSIC Education Corporation

Trang 83

CCNA

Ti liu dnh cho hc vin

192.168.0.0/24 is directly connected, Serial0

Vsic2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C C 11.0.0.0/24 is subnetted, 1 subnets 11.0.0.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0

Nhn xt : Bn thy rng thng tin a ch ca cc mng m bn thc hin lnh Ping khng thnh cng khng c lu trn bng nh tuyn Bn thc hin vic cu hnh RIP cho cc Router nh sau: Vsic1(config)#router rip Vsic1(config-router)#network 192.168.0.0 Vsic1(config-router)#network 10.0.0.0 Vsic1(config-router)#exit Vsic2(config)#router rip Vsic2(config-router)#network 11.0.0.0 Vsic2(config-router)#network 192.168.0.0 Vsic2(config-router)#exit Bn xem li bng thng tin nh tuyn: Vsic1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C R C 10.0.0.0/24 is subnetted, 1 subnets 10.0.0.0 is directly connected, Ethernet0 11.0.0.0/8 [120/1] via 192.168.0.2, 00:00:00, Serial0 192.168.0.0/24 is directly connected, Serial0

VSIC Education Corporation

Trang 84

CCNA

Ti liu dnh cho hc vin

Vsic2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 10.0.0.0/8 [120/1] via 192.168.0.1, 00:00:23, Serial0 11.0.0.0/24 is subnetted, 1 subnets C 11.0.0.0 is directly connected, Ethernet0 C 192.168.0.0/24 is directly connected, Serial0 Nhn xt : Bn thy rng trn bng thng tin nh tuyn, Router Vsic 1 lin kt RIP vi mng 11.0.0.0/8 qua cng Serial 0(192.168.0.2) v Router Vsic2 lin kt vi mng 10.0.0.0/8 qua cng Serial 0(192.168.0.1) Ch : V Rip gi i ch theo dng classfull nn subnet mask s c s dng defaul i vi cc lp mng. Lc ny bn thc hin li lnh Ping gia cc Router v cc Host: T Host1 bn thc hin lnh Ping:

VSIC Education Corporation

Trang 85

CCNA

Ti liu dnh cho hc vin

T Host 2 bn thc hin lnh Ping:

Bn thy rng cc kt ni thnh cng. n y bn hon tt vic cu hnh RIP cho mng trn c th trao i thng tin vi nhau.Nhng tm hiu r hn v RIP bn thc hin tip tc cc bc cu hnh nh sau: Bn gi nguyn cu hnh ca Router Vsic 1 v thay i cu hnh ca Router Vsic 2 t RIP version 1 sang RIP version 2 v kim tra :

VSIC Education Corporation

Trang 86

CCNA

Ti liu dnh cho hc vin

Vsic2(config)#router rip Vsic2(config-router)#ver 2 Bn m ch debug trn 2 Router kim tra gi tin: Vsic1#debug ip packet IP packet debugging is on Vsic2#debug ip packet IP packet debugging is on Lc ny bn thc hin lnh Ping t Host 1 vo cc a ch khng lin kt trc tip vi n c chy RIP

Vsic2# 01:49:58: IP: s=10.0.0.2 (Serial0), d=192.168.0.2 (Serial0), len 60, rcvd 3 01:49:58: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 01:50:03: IP: s=10.0.0.2 (Serial0), d=192.168.0.2 (Serial0), len 60, rcvd 3 01:50:03: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 01:50:08: IP: s=10.0.0.2 (Serial0), d=192.168.0.2 (Serial0), len 60, rcvd 3 01:50:08: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 01:50:13: IP: s=10.0.0.2 (Serial0), d=192.168.0.2 (Serial0), len 60, rcvd 3 01:50:13: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable

Vsic2# 01:55:30: IP: s=10.0.0.2 (Serial0), d=11.0.0.1, len 60, rcvd 4 01:55:30: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable 01:55:35: IP: s=10.0.0.2 (Serial0), d=11.0.0.1, len 60, rcvd 4 01:55:35: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable 01:55:40: IP: s=10.0.0.2 (Serial0), d=11.0.0.1, len 60, rcvd 4 01:55:40: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable

VSIC Education Corporation

Trang 87

CCNA

Ti liu dnh cho hc vin

Nhng d liu khi bn m ch debug cho thy khi bn thc hin lnh Ping t Host1 n cc a ch nh:192.168.0.2 v 11.0.0.1 gi tin u nhn c ti im ch,tuy nhin gi tin tr v ti a ch ny khng tm c a ch 10.0.0.2(Host1) t bng nh tuyn ca Router Vsic 2(unroutable) do Router ny c cu hnh RIP version 2 Vsic2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnets C 11.0.0.0 is directly connected, Ethernet0 C 192.168.0.0/24 is directly connected, Serial0 Nhn xt : Mng 10.0.0.0 khng cn tn ti trong bng nh tuyn Bn thc hin lnh Ping t Router Vsic2 sang cc a ch ca Router Vsic1 vsic2#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Bn thc hin vic kim tra bng lnh Show ip route Vsic1#show ip 01:46:50: IP: s=192.168.0.2 (Serial0), d=224.0.0.9, len 52, rcvd 2route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C R C 10.0.0.0/24 is subnetted, 1 subnets 10.0.0.0 is directly connected, Ethernet0 11.0.0.0/8 [120/1] via 192.168.0.2, 00:00:05, Serial0 192.168.0.0/24 is directly connected, Serial0

Bn thy tuy ti bng nh tuyn ca Router Vsic1 vn cn lu li a ch ca mng 11.0.0.0 nhng v Router Vsic2 khng tm thy a ch ca mng 10.0.0.0 nn gi tin khng thc hin gi c. iu ny cho bn thy giao thc RIP Version 2 khng h tr tng thch ngc cho giao thc RIP Version 1. 4. Cch thc hnh bng Dynagen

VSIC Education Corporation

Trang 88

CCNA

Ti liu dnh cho hc vin

S dng file lab13rip.net v chnh sa file cu hnh sao cho ph hp vi card mng ti my tnh hin hnh(ging nh bi static route). Ta ch RIP l nh tuyn tnh v c tm kim cc ng i n cc mng thng cc router khc.

Xc nhn li s nh tuyn bng cch ping t PC1 n PC2( my o VMware).

VSIC Education Corporation

Trang 89

CCNA

Ti liu dnh cho hc vin

Bi 14:Cu Hnh IGRP Timer


1. M t bi lab: Bi lab sau y s dng lnh cu hnh 4 thng s ca v timer ca IGRP bao gm update, invalid,holddown v flus timers). Ty thuc vo s mng v bng thng , mi trng mng m chng ta cu hnh sao cho thng s ny ph hp nht. Ly mt v d sau y nu s dng ng truyn 56Kbps, th vic to ra nhng gi tin update IGRP trong vng 90 giy l khng hp l, v tn nhiu ti nguyn bng thng ca h thng, gii php lc ny l tng thi gian update ln tuy nhin lm nh vy s nh hng n thi gian hi t ca h thng. Ngoi thi gian update(update timer) ra, trong IGRP cn c 3 khong thi gian khc l invalid timer, holddown timer v flush timer. C 3 khong thi gian ny ph thuc vo thi gian update timer. Invalid timer, holddown timer c thi gian t nht l gp 3 ln so vi thi gian update, flush timer c thi gian t nht bng tng thi gian update v thi gian holddown. Ph thuc vo mi ln route c cp nhp, invalid timer s c khi to li, v n xem trong mng c route no b li hay khng. Theo cu hnh mc nh, th nu nh trong khong thi gian 270s m khng thy thng tin g v 1 route ang tn ti th route c y ln trng thi holdown, trong thi gian ny router vn s dng route ny nhng khng qun b route ny na, v n ang i th xem route ny c phi l b tt tht hay khng. Nu thi gian expire ht router s khng

Trong hnh trn c 3 router gm VSIC1,VSIC2,VSIC3 c ni vi nhau thng qua cp Serial. Sinh vin thc hnh gn a v cm cp, sau s cu hnh giao thc nh tuyn IGRP nh trn. Kim tra qu trnh hot ng giao thc bng lnh show ip route v ping, sau bt tay vo cu hnh cc tham s timer( Cu hnh ti VSIC1 trc v khng cu hnh ti VSIC3,VSIC2) v gim st qu trnh hat ng trn cc router. Cui cng s cu hnh cc router VSIC3,VSIC2 c tham s ging nh VSIC1.( thm vo) Tham s cu hnh ti VSIC1 Update 5 Invalid 15 Holddown 15 Flush 30 Khi xt cc tham s ny, vic thc hin cp nhp s thc hin qung b trong vng 5s, v khi thng tin v route khng c cp nhp trong vng 15s th router s cng b route b li.( thm vo). 2. Cu hnh Router: Cu hnh ca router: VSIC Education Corporation Trang 90

CCNA

Ti liu dnh cho hc vin

VSIC1#show run Building configuration... Current configuration : 687 bytes ! hostname VSIC1 ! logging rate-limit console 10 except errors ! ip subnet-zero ! interface Loopback0 ip address 10.1.1.1 255.255.255.0 interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 192.1.1.1 255.255.255.0 no fair-queue ! interface Serial1 no ip address shutdown ! router igrp 100 network 10.0.0.0 network 192.1.1.0 ! ip kerberos source-interface any VSIC2#show run Building configuration... Current configuration : 884 bytes ! hostname VSIC2 ! interface Serial0 ip address 192.1.1.2 255.255.255.0 no fair-queue clockrate 64000 ! interface Serial1 no ip address shutdown ! interface Serial2

VSIC Education Corporation

Trang 91

CCNA

Ti liu dnh cho hc vin

ip address 193.1.1.1 255.255.255.0 ! interface Serial3 no ip address shutdown ! interface TokenRing0 no ip address shutdown ! interface BRI0 no ip address shutdown isdn x25 static-tei 0 cdapi buffers regular 0 cdapi buffers raw 0 cdapi buffers large 0 ! router igrp 100 network 192.1.1.0 network 193.1.1.0 ! ip kerberos source-interface any ip classless ip http server ! ! ! line con 0 transport input none line aux 0 line vty 0 4 ! end VSIC3#show run Building configuration... Current configuration : 706 bytes ! hostname VSIC3 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger ! interface Loopback0

VSIC Education Corporation

Trang 92

CCNA

Ti liu dnh cho hc vin

ip address 152.1.1.1 255.255.255.0 ! interface Serial0 ip address 193.1.1.2 255.255.255.0 no fair-queue clockrate 64000 ! interface Serial1 no ip address shutdown ! router igrp 100 network 152.1.0.0 network 193.1.1.0 ! end By gi ta cu hnh timer cho VSIC1 vi cc thng s nh trn: VSIC1#conf t Enter configuration commands, one per line. End with CNTL/Z. VSIC1(config)#router igrp 100 VSIC1(config-router)#timer VSIC1(config-router)#timers basisc 5 15 15 30 Xem kt qu show ip route trn VSIC1, ta thy lc c route ca 2 VSIC3,VSIC2 lc li khng c, nguyn nhn l do qu trnh khi to update ca VSIC1 nhanh hn VSIC3,VSIC2 VSIC1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set I 152.1.0.0/16 [100/91456] via 192.1.1.2, 00:00:03, Serial0 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0 is directly connected, Loopback0 I 193.1.1.0/24 [100/90956] via 192.1.1.2, 00:00:03, Serial0 C 192.1.1.0/24 is directly connected, Serial0 VSIC1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

VSIC Education Corporation

Trang 93

CCNA

Ti liu dnh cho hc vin

* - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0 is directly connected, Loopback0 C 192.1.1.0/24 is directly connected, Serial0 Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route VSIC1#show ip route Gateway of last resort is not set I 152.1.0.0/16 [100/91456] via 192.1.1.2, 00:00:16, Serial0 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0 is directly connected, Loopback0 I 193.1.1.0/24 [100/90956] via 192.1.1.2, 00:00:16, Serial0 C 192.1.1.0/24 is directly connected, Serial0 By gi ta thit lp cc tham s timer ca VSIC3,VSIC2 ging nh ca VSIC1, v sau ta thy giao thc hot ng nh tuyn tr li bnh thng. VSIC3#conf t Enter configuration commands, one per line. End with CNTL/Z. VSIC3(config)#router igrp 100 VSIC3(config-router)#timer basic VSIC3(config-router)#timer basic 5 15 15 30 VSIC2#conf t Enter configuration commands, one per line. End with CNTL/Z. VSIC2(config)#router igrp 100 VSIC2(config-router)#timers basic 5 15 15 30 VSIC3#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms

VSIC Education Corporation

Trang 94

CCNA

Ti liu dnh cho hc vin

VSIC Education Corporation

Trang 95

CCNA

Ti liu dnh cho hc vin

BI 15:CU HNH IGRP LOAD BALANCING


1. Gii thiu : Giao thc IGRP cho php chng ta chia ti khi c nhiu hn mt route n cng mt ch. Tin ch ny gip chng ta to ra mt route d phng cho route ang s dng. IGRP cp nhp route vo bng nh tuyn (trong trng hp c nhiu route n cng mt ch) da vo nguyn tc : nu route no c metric nh hn h s nhn (ca cu lnh variance (multiplier)) nhn vi metric nh nht ca cc ng th s c cp nht; ngc li, nu ln hn th s khng c cp nht. Mc nh h s nhn ny c thit lp bng 1 do ch c duy nht mt route c cp nht. (Cc tnh metric ca giao thc IGRP c cp mc 5) thay i h s nhn, chng ta s dng lnh : variance (multiplier) 2. M t bi lab v hnh :

hnh bi lab nh hnh trn. Cc cng serial ni vi nhau bng cp serail, cng ethernet ni vi nhau bng cp cho. Hai router Vsic1 v Vsic3 c cu hnh thm interface loopback 0. 3. Mc tiu ca bi lab : Phi cu hnh sao cho router Vsic1 c 2 route qua mng 14.1.0.0 ca router Vsic3 v vic truyn d liu qua mng 14.1.0.0 phi c chia ra trn 2 route . 4. Cu hnh router : Vsic1#sh run Building configuration... Current configuration : 733 bytes version 12.2 hostname Vsic1 interface Loopback0 ip address 10.1.0.1 255.255.255.0 interface Ethernet0 ip address 12.1.0.1 255.255.255.0 interface Serial0 ip address 11.1.0.1 255.255.255.0

VSIC Education Corporation

Trang 96

CCNA

Ti liu dnh cho hc vin

no fair-queue clockrate 64000 router igrp 1 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 end Vsic2#sh run Building configuration... Current configuration : 510 bytes version 12.1 hostname Vsic2 interface Ethernet0 ip address 12.1.0.2 255.255.255.0 interface Serial0 ip address 11.1.0.2 255.255.255.0 interface Serial1 ip address 13.1.0.1 255.255.255.0 router igrp 1 network 11.0.0.0 network 12.0.0.0 network 13.0.0.0 end Vsic3#sh run Building configuration... Current configuration : 546 bytes version 12.1 hostname Vsic3 interface Loopback0 ip address 14.1.0.1 255.255.255.0 interface Serial0 ip address 13.1.0.2 255.255.255.0 clockrate 64000 router igrp 1 network 13.0.0.0 network 14.0.0.0 end Sau khi cu hnh cc router ta kim tra bng nh tuyn ca router Vsic1 c kt qu : Vsic1#sh ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.1.0.0 is directly connected, Loopback0 11.0.0.0/24 is subnetted, 1 subnets C 11.1.0.0 is directly connected, Serial0

VSIC Education Corporation

Trang 97

CCNA

Ti liu dnh cho hc vin

12.0.0.0/24 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Ethernet0 I 13.0.0.0/8 [100/8576] via 12.1.0.2, 00:01:01, Ethernet0 I 14.0.0.0/8 [100/9076] via 12.1.0.2, 00:01:01, Ethernet0 Router Vsic1 ch bit mt ng duy nht n c mng 13.1.0.0/24 v mng 14.1.0.0/24 l qua Ethernet0 mc d ta thc t th c n hai ng n cc mng (qua S0 v E0). Nguyn nhn l h s variance mc nh l 1. Do c c hai ng, ta phi cu hnh li h s variance nh sau : Vsic1#conf t Vsic1(config)#router igrp 1 Vsic1(config-router)#variance 2 Kim tra li bng nh tuyn ca router Vsic1 : Vsic1#sh ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.1.0.0 is directly connected, Loopback0 11.0.0.0/24 is subnetted, 1 subnets C 11.1.0.0 is directly connected, Serial0 12.0.0.0/24 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Ethernet0 I 13.0.0.0/8 [100/8576] via 12.1.0.2, 00:00:26, Ethernet0 [100/10476] via 11.1.0.2, 00:00:26, Serial0 I 14.0.0.0/8 [100/9076] via 12.1.0.2, 00:00:26, Ethernet0 [100/10976] via 11.1.0.2, 00:00:26, Serial0 Trong bng nh tuyn ca router Vsic1 c c hai ng n mng 13.1.0.0/24 v hai ng n mng 14.1.0.0/24 (qua S0 v qua E0). Nguyn nhn l do cc route qua S0 ca Vsic1 c metric nh hn variance nhn vi metric nh nht gia hai ng. (Tham kho mc Cch tnh metric ca giao thc IGRP) 10476 < 8576*2 (= 17152) 10976 < 9076*2 (= 18152) By gi chng ta s kim tra vic chia ti ca Vsic1. Chng ta nhp lnh sh ip route 14.1.0.1 xem route n host 14.1.0.1 : Vsic1#sh ip route 14.1.0.1 Routing entry for 14.0.0.0/8 Known via "igrp 1", distance 100, metric 9076 Redistributing via igrp 1 Advertised by igrp 1 (self originated) Last update from 11.1.0.2 on Serial0, 00:00:02 ago Routing Descriptor Blocks: * 12.1.0.2, from 12.1.0.2, 00:00:02 ago, via Ethernet0 Route metric is 9076, traffic share count is 1 Total delay is 26000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 11.1.0.2, from 11.1.0.2, 00:00:02 ago, via Serial0

VSIC Education Corporation

Trang 98

CCNA

Ti liu dnh cho hc vin

Route metric is 10976, traffic share count is 1 Total delay is 45000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 Route n host 14.1.0.1 c hai ng (c t m) v du * nh du route s s dng cho ln gi d liu k. T router Vsic1, ta nhp lnh ping 14.1.0.1 Vsic1#ping 14.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms Xem li route n host 14.1.0.1 bng lnh sh ip route 14.1.0.1. Lc ny ta thy route th hai c nh du do router thc hin vic chia ti qua hai ng n mng 14.1.0.0/24 Vsic1#sh ip route 14.1.0.1 Routing entry for 14.0.0.0/8 Known via "igrp 1", distance 100, metric 9076 Redistributing via igrp 1 Advertised by igrp 1 (self originated) Last update from 11.1.0.2 on Serial0, 00:00:17 ago Routing Descriptor Blocks: 12.1.0.2, from 12.1.0.2, 00:00:18 ago, via Ethernet0 Route metric is 9076, traffic share count is 1 Total delay is 26000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 * 11.1.0.2, from 11.1.0.2, 00:00:17 ago, via Serial0 Route metric is 10976, traffic share count is 1 Total delay is 45000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 By gi chng ta s kho st vic cp nht route vo bng nh tuyn nu nh c nhiu hn route n cng mt ch. Chng ta s kho st bng cch thay i metric ca route qua S0. Cu hnh nh sau : Vsic1#conf t Vsic1(config)#in s0 Vsic1(config-if)#bandwidth 56 Cu hnh bandwidth ca S0 bng 56 kbps Xem li bng nh tuyn ca router Vsic1 : Vsic1#sh ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.1.0.0 is directly connected, Loopback0 11.0.0.0/24 is subnetted, 1 subnets C 11.1.0.0 is directly connected, Serial0 12.0.0.0/24 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Ethernet0

VSIC Education Corporation

Trang 99

CCNA

Ti liu dnh cho hc vin

I I

13.0.0.0/8 [100/8576] via 12.1.0.2, 00:00:03, Ethernet0 14.0.0.0/8 [100/9076] via 12.1.0.2, 00:00:03, Ethernet0

Router Vsic1 gi ch cn duy nht mt ng n mng 13.1.0.0/24 v mt ng n mng 14.1.0.0/24. Do lc ny route n hai mng qua S0 ca Vsic1 c metric ln hn variance nhn vi metric nh nht gia hai ng. 5. Cch tnh metric ca giao thc IGRP : Metric = [K1 * Bandwidth + (K2 * Bandwidth)/(256load) + K3*Delay] * [K5/(reliability + K4)] K1 : ng vi Bandwidth K3 : ng vi Delay Nu K5 = 0 th [K5/(reliability + K4)] khng dng trong cng thc. Mc nh K1 = K3 = 1 , K2 = K4 = K5 = 0. Khi cng thc l : Metric = Bandwidth + Delay Xc nh Bandwidth trong cng thc trn, ta ly 107 chia cho gi tr bandwidth nh nht. Gi tr delay c xc nh bng cch ly tng gi tr delay chia 10. Gi tr bandwidth nh nht v tng gi tr delay c tm thy trong kt qu ca cc cu lnh show ip interface v show ip route ip address V d : Vsic1#sh ip route 14.1.0.1 Routing entry for 14.0.0.0/8 Routing Descriptor Blocks: * 12.1.0.2, from 12.1.0.2, 00:00:02 ago, via Ethernet0 (1) Route metric is 9076, traffic share count is 1 Total delay is 26000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 11.1.0.2, from 11.1.0.2, 00:00:02 ago, via Serial0 (2) Route metric is 10976, traffic share count is 1 Total delay is 45000 microseconds, minimum bandwidth is 1544 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 Kt qu : Metric ca route (1) = 10000000/1544 + 26000/10 = 9076 Metric ca route (2) = 10000000/1544 + 45000/10 = 10976 6. T thc hnh bng Dynagen Ta chy file lab15eigrpload.net v file lab15igrp.net. Nu router khng h tr giao thc nh tuyn IGRP nn ta c th s dng giao thc EIGRP thc hnh. Tuy nhin cch tnh metric ca EIGRP bng cch tnh ca IGRP*256. Cch cu hnh giao thc EIGRP tng t nh cu hnh ca IGRP.

VSIC Education Corporation

Trang 100

CCNA

Ti liu dnh cho hc vin

Sau khi cu hnh xong ta kim tra kt qu ti router VSIC1

Ging nh trng hp ca IGRP( EIGRP cng s dng h s variance l 2) t VSIC1 n cc mng 13.0.0.0 v 14.0.0.0 bng 2 ng qua s1/0 v Fa0/0. Ta kim tra li cch tnh ton ca EIGRP bng lnh sau:

VSIC Education Corporation

Trang 101

CCNA

Ti liu dnh cho hc vin

Cu hnh tham kho: VSIC1#show run Building configuration... interface Loopback0 ip address 10.0.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 12.0.1.1 255.255.255.0 duplex auto speed auto ! interface Serial1/0 ip address 11.0.1.1 255.255.255.0 ! router eigrp 100 variance 2 network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 auto-summary ! ip http server no ip http secure-server ip classless

VSIC Education Corporation

Trang 102

CCNA

Ti liu dnh cho hc vin

BI 16: DISCONTIGOUS NETWORKS


1. Gii thiu : Discontigous network l mt h thng mng c subnets ging nh subnet ca cc mng khc , nhiu h thng mng cng subnet trong Rip th khng th chy Rip c. y l li trong Rip nu cu hnh trng Subnet trong h thng mng .Vn ny c gii quyt bng cch cu hnh bng EIGRP hoc OSPF . 2. M t bi lab v hnh :

Cc PC ni vi router bng cp cho, hai router ni vi nhau bng cp serial. a ch IP ca cc interface c cho trn hnh v. Hai router Vsic1, Vsic2 c cu hnh interface loopback 0, loopback 1( gi lp mng ethernet). Trong s ta thy mng 12.0.0.0(12.1.2.0 v 12.1.3.0) b phn cch bi mng 11.0.0.0, trng hp ny ta cc mng b phn tch t mng chnh l discontugous network. Trong bi ny ta s dng cc routing RIP,IGRP , do cc giao thc ny l classful nn thng tin c gi cp nhp bng nh tuyn s khng mang theo subnet mask, chnh v iu ny Router VSIC1 s khng hiu mng 12.1.0.0/24 v 12.1.1.0/24 do nhn mng 12.1.2.0/24 v 12.1.3.0/24 di dng kt ni trc tip v summary li thnh mng 12.0.0.0. gii quyt vn ny ta c th s dng giao thc EIGRP hay OSPF. 3. Cu hnh : Chng ta cu hnh cho cc router nh sau Router Vsic1 Building configuration... Current configuration : 625 bytes ! version 12.1 hostname Vsic1 ! interface Loopback0 ip address 12.1.2.1 255.255.255.0 ! VSIC Education Corporation Trang 103

CCNA

Ti liu dnh cho hc vin

interface Loopback1 ip address 12.1.3.1 255.255.255.0 ! interface Serial0 ip address 11.1.0.2 255.255.255.0 ! router rip network 11.0.0.0 network 12.0.0.0 end Router Vsic2 Building configuration... Current configuration : 747 bytes ! version 12.1 ! hostname Vsic2 ! interface Loopback0 ip address 12.1.0.1 255.255.255.0 interface Loopback1 ip address 12.1.1.1 255.255.255.0 ! interface Serial0 ip address 11.1.0.1 255.255.255.0 no fair-queue clockrate 64000 ! router rip network 11.0.0.0 network 12.0.0.0 ! end Cc a ch 12.1.2.1/24 & 12.13.1/24 thuc lp A nn c hiu l 12.0.0.0 ,cng vy 12.1.0.2/24 cng c hiu l 12.0.0.0. Nn chng s b trng lp da ch mng vi nhau v ta c th thy rng router VSIC1 khng th nh tuyn n mng loopback ca router VSIC2 Chng ta kim tra li bng nh tuyn ca cc router bng cu lnh show ip route Vsic2#sh ip route Gateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnets C 11.1.0.0 is directly connected, Serial0 12.0.0.0/24 is subnetted, 2 subnets

VSIC Education Corporation

Trang 104

CCNA

Ti liu dnh cho hc vin

C C

12.1.1.0 is directly connected, Loopback1 12.1.0.0 is directly connected, Loopback0

Vsic1#sh ip route Gateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnets C 11.1.0.0 is directly connected, Serial0 12.0.0.0/24 is subnetted, 2 subnets C 12.1.3.0 is directly connected, Loopback1 C 12.1.2.0 is directly connected, Loopback0

Vsic1#debug ip rip RIP event debugging is on 00:20:15: RIP: sending v1 update to 255.255.255.255 via Loopback0 (12.1.2.1) 00:20:15: RIP: Update contains 2 routes 00:20:15: RIP: Update queued 00:20:15: RIP: sending v1 update to 255.255.255.255 via Loopback1 (12.1.3.1) 00:20:15: RIP: Update contains 2 routes 00:20:15: RIP: Update queued 00:20:15: RIP: sending v1 update to 255.255.255.255 via Serial0 (11.1.0.2) 00:20:15: RIP: Update contains 1 routes 00:20:15: RIP: Update queued 00:20:15: RIP: Update sent via Loopback0 00:20:15: RIP: Update sent via Loopback1 00:20:15: RIP: Update sent via Serial0 00:20:27: RIP: received v1 update from 11.1.0.1 on Serial0 00:20:27: RIP: Update contains 1 routes 00:20:44: RIP: sending v1 update to 255.255.255.255 via Loopback0 (12.1.2.1) 00:20:44: RIP: Update contains 2 routes 00:20:44: RIP: Update queued 00:20:44: RIP: sending v1 update to 255.255.255.255 via Loopback1 (12.1.3.1) 00:20:44: RIP: Update contains 2 routes 00:20:44: RIP: Update queued 00:20:44: RIP: sending v1 update to 255.255.255.255 via Serial0 (11.1.0.2) 00:20:44: RIP: Update contains 1 routes 00:20:44: RIP: Update queued 00:20:44: RIP: Update sent via Loopback0 00:20:44: RIP: Update sent via Loopback1 00:20:44: RIP: Update sent via Serial0 Vsic1#un all All possible debugging has been turned off Ngay ti Vsic1 ta ping qua a ch 12.1.0.1 ca Vsic2 s khng th thy c v bn thn n cng thuc trng subnet. y l hn ch ca giao thc Rip m ch c th gii quyt c bng cch dng cu hnh OSPF, EIGRP . Vsic2# ping 12.1.3.1

VSIC Education Corporation

Trang 105

CCNA

Ti liu dnh cho hc vin

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Vsic1#ping 12.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) By gi chng ta s dng giao thc nh tuyn khc l EIGRP( l giao thc classless) c th nh tuyn c. Trc tin hy tt hot ng ca RIP bng lnh no router RIP. Vsic1(config)#no router Rip By gi chng ta cu hnh EIGRP VSIC1(config-router)#net 12.0.0.0 VSIC1(config-router)#net 11.0.0.0 VSIC1(config-router)#no auto-summary summary cc mng con thnh mng 12.0.0.0 VSIC2(config)#router eigrp 100 VSIC2(config-router)#net 12.0.0.0 VSIC2(config-router)#net 11.0.0.0 VSIC2(config-router)#no auto 4. T thc hnh bng Dynagen: Bi thc hnh Discontigous network tng i n gin, ta ch cn to s 2 router, hc vin cn thc hnh thm nhng giao thc RIPv2 v OSPF hiu thm cc routing classless.

phi s dng lnh ny EIGRP khng t

VSIC Education Corporation

Trang 106

CCNA

Ti liu dnh cho hc vin

Click file lab16dis.net thc hnh. Trc tin ta thc hnh vi gii php s dng EIGRP( tng t nh bi thc hnh trn), sau hc vin thc hnh vi giao thc RIPv2 v OSPF. i vi cu hnh RIP version 2, ta cu hnh ging nh RIP version 1, nhng ch nh thm lnh version 2. Sau y l kt qu s dng RIPv2 i vi bi lab.

VSIC Education Corporation

Trang 107

CCNA

Ti liu dnh cho hc vin

BI 17: REDISTRIBUTE GIA RIP v IGRP


1. Gii thiu : Trong bi lab ny, chng ta s cu hnh hai mng - mt s dng RIP version 1, mt sng dng IGRP - lin lc c vi nhau bng cch phn phi cc route qua li gia cc giao thc. RIP version 1 v IGRP c hai u l loi DISTANCE VECTOR. Tuy nhin hai giao thc ny c nhiu im khc nhau nh : Thi gian Update Tnh metric da vo RIP 30 giy Hop count IGRP 90 giy Bng thng (bandwidth), tr (delay), tin cy (reliability), ng ti (load), MTU 4294967295

Gi tr Infinite-Metric 16 2. Cc lnh s dng trong bi : defaultmetric bandwidth delay reliability loading mtu Cu hnh gi tr metric cho tt c cc route c phn phi vo IGRP, EIGRP, OSPF, BGP, EGP redistribute protocol [processid] {level1 | level12 | level2} [metric metricvalue] Phn phi cc route t mt giao thc vo mt giao thc khc route-map map-tag [permit | deny] [sequence-number] nh ngha iu kin phn phi route t mt giao thc vo giao thc khc match ip address {access-list-number [access-list-number... | access-listname...]|access-list-name [access-list-number...| access-list-name] | prefix-list prefixlist-name [prefix-list-name...]} Phn phi cc route cho php bi standard access-list, extended access-list 3. M t bi Lab v hnh :

VSIC Education Corporation

Trang 108

CCNA

Ti liu dnh cho hc vin

hnh bi lab nh hnh trn, a ch IP ca cc cng c cho trong bng. Hai router Vsic1 v Vsic4 c to interface Loopback Lo0. Mng 1 v mng 2 s dng hai giao thc truyn dn khc nhau. Mng 1 gm router Vsic1 v Vsic2 s dng RIP, mng 2 gm router Vsic4 s dng IGRP. Ring router Vsic3, mng ca cng S1 s dng RIP, mng ca cng S0 s dng IGRP. 4. Mc tiu ca bi lab : Mc tiu ca bi l tt c cc mng con ca hai mng 1 v 2 phi lin lc c vi nhau. 5. Cu hnh router : Chng ta cu hnh cho cc router nh sau : Vsic1#sh run Building configuration... Current configuration : 691 bytes version 12.2 hostname Vsic1 interface Loopback0 ip address 1.1.1.1 255.255.255.0 interface Serial0 ip address 192.168.1.1 255.255.255.0 clockrate 64000 router rip network 1.0.0.0 network 192.168.1.0 End Vsic2#sh run Building configuration... Current configuration : 494 bytes version 12.1 hostname Vsic2 interface Serial0 ip address 192.168.1.2 255.255.255.0 interface Serial1 ip address 192.168.2.1 255.255.255.0 router rip network 192.168.1.0 network 192.168.2.0 End Vsic3#sh run Building configuration... Current configuration : 556 bytes version 12.1 hostname Vsic3

VSIC Education Corporation

Trang 109

CCNA

Ti liu dnh cho hc vin

interface Serial0 ip address 192.168.3.1 255.255.255.0 no fair-queue clockrate 64000 interface Serial1 ip address 192.168.2.2 255.255.255.0 clockrate 64000 router rip network 192.168.2.0 router igrp 1 network 192.168.3.0 End Vsic4#sh run Building configuration... Current configuration : 680 bytes version 12.1 hostname Vsic4 interface Loopback0 ip address 2.2.2.2 255.255.255.0 interface Serial0 ip address 192.168.3.2 255.255.255.0 no fair-queue router igrp 1 network 2.0.0.0 network 192.168.3.0 End Sau khi cu hnh nh trn, ta nh lnh show ip route ln lt trn bn router xem bng nh tuyn : Vsic1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, Serial0 R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:23, Serial0 Vsic2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

VSIC Education Corporation

Trang 110

CCNA

Ti liu dnh cho hc vin

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 1.0.0.0/8 [120/1] via 192.168.1.1, 00:00:20, Serial0 C 192.168.1.0/24 is directly connected, Serial0 C 192.168.2.0/24 is directly connected, Serial1 Vsic3#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 1.0.0.0/8 [120/2] via 192.168.2.1, 00:00:25, Serial1 I 2.0.0.0/8 [100/8976] via 192.168.3.2, 00:00:08, Serial0 R 192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:25, Serial1 C 192.168.2.0/24 is directly connected, Serial1 C 192.168.3.0/24 is directly connected, Serial0 Vsic4#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 C 192.168.3.0/24 is directly connected, Serial0 Trong bng nh tuyn ca router Vsic1 v Vsic2 ch c nhng route chy RIP trong Mng 1, khng c cc route chy IGRP ca Mng 2 (c th l khng thy c cc mng 192.168.3.0 va 2.0.0.0). Tng t, bng nh tuyn ca Vsic4 khng c cc route chy RIP ca Mng 1. Nguyn nhn l gia router Vsic2 v router Vsic3 chy RIP; ngc li gia Vsic3 v Vsic4 chy IGRP. router Vsic4 bit c cc route ca Mng 1 (s dng giao thc RIP), chng ta cn s dng lnh redistribute. Cu lnh ny c dng phn phi cc route ca mt giao thc vo mt giao thc khc ( y l t RIP vo IGRP). router Vsic3, ta phn phi cc route ca Mng 1 (s dng RIP) vo Mng 2 (s dng IGRP) nh sau : Vsic3(config)#router igrp 1

VSIC Education Corporation

Trang 111

CCNA

Ti liu dnh cho hc vin

Vsic3(config-router)#redistribute rip Kim tra li bng nh tuyn ca router Vsic4 : Vsic4#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 I 192.168.2.0/24 [100/10476] via 192.168.3.1, 00:01:06, Serial0 C 192.168.3.0/24 is directly connected, Serial0 Nhn xt : router Vsic4 nhn c route ca mng 192.168.2.0 nhng cn hai mng 192.168.1.0 v 1.0.0.0 th khng nhn c.Ta nhp lnh : Vsic4#debug ip igrp transactions sau mt khong thi gian ta nhn c thng bo sau : 00:40:20: IGRP: received update from 192.168.3.1 on Serial0 00:40:20: network 1.0.0.0, metric 4294967295 (inaccessible) 00:40:20: network 192.168.1.0, metric 4294967295 (inaccessible) 00:40:20: network 192.168.2.0, metric 10476 (neighbor 8476) Mc d router Vsic4 nhn c update ca hai route 1.0.0.0 v 192.168.1.0 nhng b nh du l inaccessible. Nguyn nhn ca li trn l cch tnh metric ca giao thc RIP v IGRP khc nhau. Nh phn gii thiu cp n, RIP s dng hop count tnh metric; cn IGRP s dng bng thng, tr, tin cy, ng ti v MTU tnh metric. Do , gii quyt li ny chng ta phi cu hnh cch tnh metric cho router Vsic3 khi phn phi route t RIP sang IGRP. (Tham kho phn Cch tnh metric ca giao thc IGRP trong bi Cu hnh IGRP load balancing bit tnh metric) Cisco cung cp cho ta ba cch thc hin : Cch 1 : cu hnh metric cho tt cc cc route ca bt k giao thc no c phn phi. Cu hnh nh sau : Vsic3(config)#router igrp 1 Vsic3(config-router)#default-metric 1540 100 255 1 1500 Xem li bng nh tuyn ca router Vsic4 : Vsic4#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR

VSIC Education Corporation

Trang 112

CCNA

Ti liu dnh cho hc vin

P - periodic downloaded static route Gateway of last resort is not set I 1.0.0.0/8 [100/8593] via 192.168.3.1, 00:00:00, Serial0 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 I 192.168.1.0/24 [100/8593] via 192.168.3.1, 00:00:00, Serial0 I 192.168.2.0/24 [100/10476] via 192.168.3.1, 00:00:00, Serial0 C 192.168.3.0/24 is directly connected, Serial0 Nhn xt : Hai route 1.0.0.0 v 192.168.1.0 c update vo bng nh tuyn ca router Vsic4 Metric ca c hai route bng nhau (8593) Khuyt im ca cch cu hnh ny l tt c cc route ca bt k mt giao thc no c phn phi u c gi tr metric bng nhau khng cn bit c route gn hay xa. Do ta khng c c mt gi tr metric chnh xc c. Thc hin thm cc lnh sau : Vsic3(config)#router igrp 1 Vsic3(config-router)#no default-metric 1540 100 255 1 1500 Vsic3(config-router)#no redistribute rip g b default-metric v redistribute rip trc khi ta kho st cch 2. Cch 2 : cu hnh metric cho tng giao thc Cch cu hnh : Vsic3(config)#router igrp 1 Vsic3(config-router)#redistribute rip metric 1540 100 255 1 1500 Kim tra lai bng nh tuyn ca router Vsic4 ta c kt qu nh sau : Vsic4#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set I 1.0.0.0/8 [100/8593] via 192.168.3.1, 00:00:00, Serial0 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 I 192.168.1.0/24 [100/8593] via 192.168.3.1, 00:00:00, Serial0 I 192.168.2.0/24 [100/10476] via 192.168.3.1, 00:00:00, Serial0 C 192.168.3.0/24 is directly connected, Serial0 Nhn xt : router Vsic4 vn nhn c kt qu nh cch 1 nhng vi cch ny ta c th linh hot hn trong vic cu hnh metric cho tng giao thc c th. Cch 3 : cu hnh metric cho tng route. Cch cu hnh : To access-list 1 cho php mng 1.0.0.0, access-list 2 cho php mng 192.168.1.0 VSIC Education Corporation Trang 113

CCNA

Ti liu dnh cho hc vin

Vsic3(config)#access-list 1 permit 1.0.0.0 Vsic3(config)#access-list 2 permit 192.168.1.0 Cu hnh mt route map c tn l rip_to_igrp cho php thit lp bandwidth, delay, realibility, load v MTU ( tnh metric ca IGRP) theo cc iu kin sau : Route tha iu kin ca access-list 1 th cc gi tr l 56 100 255 1 1500 Vsic3(config)#route-map rip_to_igrp 10 Vsic3(config-route-map)#match ip address 1 Vsic3(config-route-map)#set metric 56 100 255 1 1500 Vsic3(config-route-map)#exit Route tha iu kin ca access-list 2 th cc gi tr l 1000 100 255 1 1500 Vsic3(config)#route-map rip_to_igrp 15 Vsic3(config-route-map)#match ip address 2 Vsic3(config-route-map)#set metric 1000 100 255 1 1500 Vsic3(config-route-map)#exit Route khng tha hai iu kin trn th gi tr l 10000 100 255 1 1500 Vsic3(config)#route-map rip_to_igrp 20 Vsic3(config-route-map)#set metric 10000 100 255 1 1500 Vsic3(config-route-map)#exit S dng route map cho tt c cc route c phn phi t RIP sang IGRP Vsic3(config)#router igrp 1 Vsic3(config-router)#redistribute rip route-map rip_to igrp Kim tra li bng nh tuyn ca router Vsic4 : Vsic4#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set I 1.0.0.0/8 [100/180671] via 192.168.3.1, 00:00:17, Serial0 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 I 192.168.1.0/24 [100/12100] via 192.168.3.1, 00:00:17, Serial0 I 192.168.2.0/24 [100/8576] via 192.168.3.1, 00:00:17, Serial0 C 192.168.3.0/24 is directly connected, Serial0 Trn y, ta ch phn phi route ca RIP vo IGRP. router Vsic1 v Vsic2 c c cc route trong Mng 2, ta cn phi phn phi cc route ca IGRP vo RIP. phn phi route t IGRP vo RIP, ta cu hnh nh sau : Vsic3#conf t Vsic3(config)#router rip Vsic3(config-router)#redistribute igrp 1 metric 2 Kim tra bng nh tuyn ca router Vsic1 v Vsic2 : Vsic1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

VSIC Education Corporation

Trang 114

CCNA

Ti liu dnh cho hc vin

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 R 2.0.0.0/8 [120/3] via 192.168.1.2, 00:00:04, Serial0 C 192.168.1.0/24 is directly connected, Serial0 R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:05, Serial0 R 192.168.3.0/24 [120/3] via 192.168.1.2, 00:00:05, Serial0 Vsic2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R 1.0.0.0/8 [120/1] via 192.168.1.1, 00:00:25, Serial0 R 2.0.0.0/8 [120/2] via 192.168.2.2, 00:00:19, Serial1 C 192.168.1.0/24 is directly connected, Serial0 C 192.168.2.0/24 is directly connected, Serial1 R 192.168.3.0/24 [120/2] via 192.168.2.2, 00:00:19, Serial1 C hai router cp nht c cc route ca Mng 2 (2.0.0.0 v 192.168.3.0). Lc ny tt c cc mng hon ton lin lc c vi nhau. 6. Cch t thc hnh bng Dynagen: Chy file lab17re.net khi ng cc router, ta c th lm bi tng t vi giao thc RIP v EIGRP.

VSIC Education Corporation

Trang 115

CCNA

Ti liu dnh cho hc vin

Ta c th hin bi m rng redistribution gia EIGRP v IGRP vi s sau y:

Trong cu hnh Redistribution gia IGRP v EIGRP nu nh chng ta cu hnh s AS ca 2 routing ny ging nhau th vic t ng redistributrion s xy ra, cn nu AS khng ging nhau ta c th redistribution bng cch s dng lnh. Sau y l bng nh tuyn khi s dng AS ging nhau

VSIC Education Corporation

Trang 116

CCNA

Ti liu dnh cho hc vin

Cu hnh redistribution khi EIGRP v IGRP c s AS khc nhau v kt qu ti bng nh tuyn ca router VSIC4.

VSIC Education Corporation

Trang 117

CCNA

Ti liu dnh cho hc vin

VSIC Education Corporation

Trang 118

CCNA

Ti liu dnh cho hc vin

BI 18 :CU HNH OSPF C BN


1. Gii thiu : Giao thc OSPF (Open Shortest Path First) thuc loi link-state routing protocol v c h tr bi nhiu nh sn xut. OSPF s dng thut ton SPF tnh ton ra ng i ngn nht cho mt route. Giao thc OSPF c th c s dng cho mng nh cng nh mt mng ln. Do cc router s dng giao thc OSPF s dng thut ton tnh metric cho cc route ri t xy dng nn hnh ca mng nn tn rt nhiu b nh cng nh hot ng ca CPU router. Nu nh mt mng qu ln th vic ny din ra rt lu v tn rt nhiu b nh. khc phc tnh trng trn, giao thc OSPF cho php chia mt mng ra thnh nhiu area khc nhau. Cc router trong cng mt area trao i thng tin vi nhau, khng trao i vi cc router khc vng. V vy, vic xy dng hnh ca router c gim i rt nhiu. Cc vng khc nhau mun lin kt c vi nhau phi ni vi area 0 (cn c gi l backbone) bng mt router bin. Cc router chy giao thc OSPF gi lin lc vi nhau bng cch gi cc gi Hello cho nhau. Nu router vn cn nhn c cc gi Hello t mt router kt ni trc tip qua mt ng kt ni th n bit c rng ng kt ni v router u xa vn hot ng tt. Nu nh router khng nhn c gi hello trong mt khong thi gian nht nh, c gi l dead interval, th router bit rng router u xa b down v khi router s chy thut ton SPF tnh route mi. Mi router s dng giao thc OSPF c mt s ID nhn dng. Router s s dng a ch IP ca interface loopback cao nht (nu c nhiu loopback) lm ID. Nu khng c loopback no c cu hnh hnh th router s s dng IP cao nht ca cc interface vt l. OSPF c mt s u im l : thi gian hi t nhanh, c h tr bi nhiu nh sn xut, h tr VLSM, c th s dng trn mt mng ln, c tnh n nh cao. 2. Cc cu lnh s dng trong bi lab : router ospf process-id Cho php giao thc OSPF network address wildcard-mask area area-id Qung b mt mng thuc mt area no 3. M t bi lab v hnh :

VSIC Education Corporation

Trang 119

CCNA

Ti liu dnh cho hc vin

hnh bi lab nh hnh v. Cc router c cu hnh cc interface loopback 0. a ch IP ca cc interface c ghi trn hnh. Lu y chng ta s dng subnetmask ca cc mng khc nhau. 4. Cu hnh router : Chng ta cu hnh cc interface cho cc router nh sau : Vsic1#sh run Building configuration... Current configuration : 592 bytes version 12.1 hostname Vsic1 interface Loopback0 ip address 10.0.0.1 255.255.0.0 interface Serial0 ip address 192.168.1.1 255.255.255.0 end Vsic2#sh run Building configuration... Current configuration : 667 bytes version 12.1 hostname Vsic2 interface Loopback0 ip address 11.1.0.1 255.0.0.0 interface Serial0 ip address 192.168.1.2 255.255.255.0 no fair-queue clockrate 64000 interface Serial1 ip address 170.1.0.1 255.255.0.0 end Vsic3#sh run Building configuration... Current configuration : 591 bytes version 12.1 hostname Vsic3 interface Loopback0 ip address 12.1.0.1 255.255.255.252 interface Serial0 ip address 170.1.0.2 255.255.0.0 end Sau khi cu hnh interface cho cc router, chng ta tin hnh cu hnh OSPF cho chng nh sau : Vsic1(config)#router ospf 1 Vsic1(config-router)#net 192.168.1.0 0.0.0.255 area 0

VSIC Education Corporation

Trang 120

CCNA

Ti liu dnh cho hc vin

Vsic1(config-router)#net 10.0.0.0 0.0.255.255 area 0 Vsic2(config)#router ospf 1 Vsic2(config-router)#net 192.168.1.0 0.0.0.255 area 0 Vsic2(config-router)#net 170.1.0.0 0.0.255.255 area 0 Vsic2(config-router)#net 11.1.0.0 0.255.255.255 area 0 Vsic3(config)#router ospf 1 Vsic3(config-router)#net 170.1.0.0 0.0.255.255 area 0 Vsic3(config-router)#net 12.1.0.0 0.0.0.3 area 0 Chng ta cu hnh OSPF cho c ba router trong cng mt area 0 (backbone). Ngoi ra chng ta c th cu hnh OSPF cho c ba router theo cch sau : Vsic1(config)#router ospf 1 Vsic1(config-router)#net 192.168.1.1 0.0.0.0 area 0 Vsic1(config-router)#net 10.0.0.1 0.0.0.0 area 0 Vsic2(config)#router ospf 1 Vsic2(config-router)#net 192.168.1.2 0.0.0.0 area 0 Vsic2(config-router)#net 170.1.0.1 0.0.0.0 area 0 Vsic2(config-router)#net 11.1.0.1 0.0.0.0 area 0 Vsic3(config)#router ospf 1 Vsic3(config-router)#net 170.1.0.2 0.0.0.0 area 0 Vsic3(config-router)#net 12.1.0.1 0.0.0.0 area 0 Khi qung b cho OSPF chng ta c th qung b theo hai cch : qung b ng mng (cch u) hoc qung b chnh interface (cch sau). Nu qung b chnh interface th wildcard mask phi l 0.0.0.0 Sau khi qung b cc mng ca cc router xong chng ta kim tra li bng nh tuyn ca cc router bng cu lnh show ip route Vsic1#sh ip route Gateway of last resort is not set O 170.1.0.0/16 [110/128] via 192.168.1.2, 01:20:18, Serial0 10.0.0.0/16 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Loopback0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 192.168.1.2, 01:20:18, Serial0 12.0.0.0/32 is subnetted, 1 subnets O 12.1.0.1 [110/129] via 192.168.1.2, 01:20:18, Serial0 C 192.168.1.0/24 is directly connected, Serial0 Vsic2#sh ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial1 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/65] via 192.168.1.1, 01:20:38, Serial0 C 11.0.0.0/8 is directly connected, Loopback0 12.0.0.0/32 is subnetted, 1 subnets O 12.1.0.1 [110/65] via 170.1.0.2, 01:20:38, Serial1

VSIC Education Corporation

Trang 121

CCNA

Ti liu dnh cho hc vin

192.168.1.0/24 is directly connected, Serial0

Vsic3#sh ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial0 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/129] via 170.1.0.1, 00:00:20, Serial0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 170.1.0.1, 00:00:20, Serial0 12.0.0.0/30 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Loopback0 O 192.168.1.0/24 [110/128] via 170.1.0.1, 00:00:20, Serial0 Nhn xt : cc router bit c tt c cc mng trong hnh ca chng ta. Cc route router bit c nh giao thc OSPF c nh O u route. Trong kt qu trn cc route c in m. By gi chng ta s kim tra li xem cc mng c th lin lc c vi nhau hay cha bng cch ln lt ng trn tng router v ping n cc mng khng ni trc tip vi n. Vsic3#ping 11.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms Vsic3#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/68/108 ms Cc bn lm tng t cho cc mng khc kim tra, v chc chn s ping thy! Cu hnh cc mng trong cc area khc nhau : Chng ta s kho st cch cu hnh cc mng c phn b trong nhiu area khc nhau trong mc ny. Trc ht, chng ta kho st nu cu hnh cho mng 12.1.0.0/30 v interface S0 ca Vsic3 trong cng area 1 cn cc mng khc vn trong area 0 th ton mng ca chng ta c th lin lc c hay khng ? Do phn trn chng ta cu hnh OSPF cho cng mt vng. Nn by gi chng ta ch cn g b cu hnh OSPF cho router Vsic3 v cu hnh li cho n nh yu cu ca cu hi t ra. Cch thc hin nh sau : Vsic3(config)#router ospf 1 Vsic3(config-router)#no net 170.1.0.0 0.0.255.255 area 0 g b cu hnh cu hnh OSPF c Vsic3(config-router)#no net 12.1.0.0 0.0.0.3 area 0 Vsic3(config)#router ospf 1 Vsic3(config-router)#net 170.1.0.0 0.0.255.255 area 1 Cu hnh cho interface S0 router Vsic3 thuc Trang 122

VSIC Education Corporation

CCNA

Ti liu dnh cho hc vin

area 1 Cu hnh mng 12.1.0.0/30 Vsic3(config-router)#net 12.1.0.0 0.0.0.3 area 1 thuc area 1 Sau khi cu hnh xong chng ta kim tra li bng nh tuyn ca cc router : Vsic1#sh ip route Gateway of last resort is not set O 170.1.0.0/16 [110/128] via 192.168.1.2, 00:00:53, Serial0 10.0.0.0/16 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Loopback0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 192.168.1.2, 00:00:53, Serial0 C 192.168.1.0/24 is directly connected, Serial0 Vsic2#sh ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial1 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/65] via 192.168.1.1, 00:00:43, Serial0 C 11.0.0.0/8 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, Serial0 Vsic3#sh ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial0 12.0.0.0/30 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Loopback0 Nhn xt : router Vsic1 v Vsic2 bit c cc mng ca nhau nhng khng bit c mng ca router Vsic3. Ngc li router Vsic3, khng bit c cc mng ca router Vsic1 v Vsic2. iu ny chng t, cc router trong cng mt area ch bit c cc mng trong area , cc mng trong area khc th router khng bit. (Trng hp, router Vsic1 thy c mng 170.1.0.0/16 l do router Vsic2 qung b mng thuc area 0) lin kt c cc mng trong cng cc area khc nhau chng ta phi c mt router bin ni area v area 0 (backbone). Router ny c mt interface thuc area v mt interface thuc area 0.

VSIC Education Corporation

Trang 123

CCNA

Ti liu dnh cho hc vin

Trong trng hp bi lab, chng ta c hai cch gii quyt vn ny. Cch th nht l cu hnh cho mng ca interface S0 ca router Vsic3 thuc area 0. Lc ny, router Vsic3 ng vai tr l mt router bin. Cch th hai l cu hnh cho mng ca interface S1 router Vsic2 thuc area 1, lc ny router Vsic2 ng vai tr l router bin. Chng ta s kho st cch 1 (cu hnh cho mng interface S0 ca vsic3 thuc area0). Cch 2 c thc hin tng t

Cch cu hnh : Vsic3(config)#router ospf 1 Vsic3(config-router)#no net 170.1.0.0 0.0.255.255 area 1 Vsic3(config-router)#net 170.1.0.0 0.0.255.255 area 0 Sau khi cu hnh xong, chng ta kim tra li bng nh tuyn ca cc router : Vsic1#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set O 170.1.0.0/16 [110/128] via 192.168.1.2, 00:01:30, Serial0 10.0.0.0/16 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Loopback0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 192.168.1.2, 00:01:30, Serial0 12.0.0.0/32 is subnetted, 1 subnets O IA 12.1.0.1 [110/129] via 192.168.1.2, 00:01:30, Serial0 C 192.168.1.0/24 is directly connected, Serial0 Vsic2#sh ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial1 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/65] via 192.168.1.1, 00:01:07, Serial0 C 11.0.0.0/8 is directly connected, Loopback0 12.0.0.0/32 is subnetted, 1 subnets VSIC Education Corporation Trang 124

CCNA

Ti liu dnh cho hc vin

O IA 12.1.0.1 [110/65] via 170.1.0.2, 00:01:07, Serial1 C 192.168.1.0/24 is directly connected, Serial0

Vsic3#sh ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial0 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/129] via 170.1.0.1, 00:00:06, Serial0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 170.1.0.1, 00:00:06, Serial0 12.0.0.0/30 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Loopback0 O 192.168.1.0/24 [110/128] via 170.1.0.1, 00:00:06, Serial0 Nhn xt : cc router thy c cc mng ca cc router khc. Nh vy ton mng lin lc c vi nhau. Chng ta c th kim tra bng cch ping n tng mng. 5. Cch t thc hnh Dynagen: Vi bi thc hnh ny ta phi s dng n 3 router, s dng file lab18ospfcb.net thc hnh vi s sau:

VSIC Education Corporation

Trang 125

CCNA

Ti liu dnh cho hc vin

BI 19: CU HNH EIGRP


1. M t bi lab v hnh :

Cc PC ni vi router bng cp cho, hai router c ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh hnh v. Trong bi lab ny chng ta s tin hnh cu hnh giao thc EIGRP cho cc router. EIGRP l giao th h tr VLSM, metric ca EIGRP c tnh bng IGRP nhn 256. 2. Cu hnh : Chng ta cu hnh cho cc router Vsic1 v Vsic2 nh sau : Vsic1#sh run Building configuration... Current configuration : 541 bytes ! version 12.1 ! hostname Vsic1 ! interface Ethernet0 ip address 10.1.0.1 255.255.0.0 ! interface Serial1 ip address 192.168.0.1 255.255.255.0 clockrate 64000 ! end Vsic2#sh run Building configuration... Current configuration : 541 bytes ! version 12.1 ! hostname Vsic2 ! interface Ethernet0 VSIC Education Corporation Trang 126

CCNA

Ti liu dnh cho hc vin

ip address 11.1.0.1 255.255.0.0 ! interface Serial1 ip address 192.168.0.2 255.255.255.0 ! end Sau khi cu hnh xong a ch IP cho cc interface ca router Vsic1, Vsic2 chng ta tin hnh cu hnh EIGRP cho cc router nh sau: Vsic1(config)#router eigrp 100 100 l s Autonomus system qung b mng 10.1.0.0 Vsic1(config-router)#network 10.1.0.0 Vsic1(config-router)#network 192.168.0.0 qung b mng 192.168.0.0 Vsic2(config)#router eigrp 100 Vsic2(config-router)#network 11.0.0.0 Vsic2(config-router)#network 192.168.0.0 By gi chng ta tin hnh kim tra cc kt ni trong mng bng cch : Vsic1#ping 11.1.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/40 ms Vsic1# Chng ta s dng cu lnh show ip route kim tra bng nh tuyn ca hai router Vsic2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set D 10.0.0.0/8 [90/2195456] via 192.168.0.1, 00:11:35, Serial1 C 11.1.0.0/16 is directly connected, Ethernet0 C 192.168.0.0/24 is directly connected, Serial1 Trong bng nh tuyn ca router Vsic2 c cc route n mng ca Vsic1, v Vsic1 ping thnh cng n loopback ca Vsic2. 3. T thc hnh bng Dynagen: . Ta c th s dng file lab19eigrp.net thc hnh, s hon ton ging nh bi static, RIP. Ta c th gi lp cc mng Lan bng cc interface loopback.

VSIC Education Corporation

Trang 127

CCNA

Ti liu dnh cho hc vin

BI 20: CU HNH OSPF GIA WINDOWS SERVER 2003 V ROUTER


1. Gii thiu : Trong bi lab ny chng ta s kho st cu hnh OSPF gia mt my Server s dng Windows 2003 v router. PC c th c s dng lm Router, ng thi c th tch hp vo h thng router v nh tuyn thng qua giao thc chun OSPF. 2. M t bi lab v hnh :

hnh bi lab nh hnh v, chng ta s cu hnh loopback 0 cho cc router. a ch IP ca cc interface c ghi trn hnh. Lu , khi cu hnh IP cho server, chng ta khng cu hnh default gateway. Server hot ng ging nh Router, n s trao i cc thng tin nh tuyn thng qua giao thc OSPF v c th bit c cc mng 10.0.0.0, 12.0.0.0 u xa. 3. Cu hnh cho cc router : Chng ta cu hnh cho cho cc router nh sau : Vsic1#sh run Building configuration... Current configuration : 592 bytes version 12.1 hostname Vsic1 interface Loopback0 ip address 10.0.0.1 255.255.0.0 interface Serial0 VSIC Education Corporation Trang 128

CCNA

Ti liu dnh cho hc vin

ip address 192.168.1.1 255.255.255.0 router ospf 1 log-adjacency-changes network 10.0.0.0 0.0.255.255 area 0 network 192.168.1.0 0.0.0.255 area 0 end Vsic2#sh run Building configuration... Current configuration : 712 bytes version 12.1 hostname Vsic2 interface Loopback0 ip address 11.1.0.1 255.0.0.0 interface Ethernet0 ip address 15.1.0.1 255.0.0.0 interface Serial0 ip address 192.168.1.2 255.255.255.0 no fair-queue clockrate 64000 interface Serial1 ip address 170.1.0.1 255.255.0.0 router ospf 1 log-adjacency-changes network 11.1.0.0 0.255.255.255 area 0 network 15.0.0.0 0.255.255.255 area 0 network 170.1.0.0 0.0.255.255 area 0 network 192.168.1.0 0.0.0.255 area 0 end Vsic3#sh run Building configuration... Current configuration : 608 bytes version 12.1 hostname Vsic3 interface Loopback0 ip address 12.1.0.1 255.255.255.252 interface Serial0 ip address 170.1.0.2 255.255.0.0 clockrate 64000 router ospf 1 log-adjacency-changes network 12.1.0.0 0.0.0.3 area 0 network 170.1.0.0 0.0.255.255 area 0 end 4. Cu hnh cho server :

VSIC Education Corporation

Trang 129

CCNA

Ti liu dnh cho hc vin

Chng ta vo Start Program Administrative Tools Routing And Remote Access. Sau chn PC chng ta mun cu hnh ri nhp chut phi chn Configure and Enable Routing and Remote Access.

Ri nhn Next chn Custom Configuration Next chn Lan routing Next Finish Yes. Click vo IP routing, bn ca s bn phi chng ta nhp chut phi vo General ri chn New Routing Protocol

Chn Open Shortest Path Frist (OSPF) OK Nhp chut phi vo OSPF (trong IP routing) chn New Interface. Trong ca s hin ra chn Local Area Connection OK Trong ca s hin ra, nh du chn Enable OSPF for this address, trong phn Network Type, ta chn mc Broadcast. Sau nhn OK.

VSIC Education Corporation

Trang 130

CCNA

Ti liu dnh cho hc vin

Chng ta c th set cost cho route ny bng cch nhp gi tr vp Cost, v u tin cho router bng cch nhp gi tr vo Router priority. Router no c u tin cao nht s l designated router. Nhp chut phi vo OSPF chn Properties. Trong ca s hin ra chn Enable antonomous system boundary router.

VSIC Education Corporation

Trang 131

CCNA

Ti liu dnh cho hc vin

Click vo tab Areas, chn 0.0.0.0

nhn Edit

Trong ca s va hin ra, b Enable plaintext password

OK

VSIC Education Corporation

Trang 132

CCNA

Ti liu dnh cho hc vin

Chng ta nhn chut phi vo OSPF chn Show Link-state Database. Trong ca s hin ra chng ta s tht c cc mng ca router Vsic1, Vsic2, Vsic3.

By gi chng ta s ping ti cc mng ca ba router kim tra.

VSIC Education Corporation

Trang 133

CCNA

Ti liu dnh cho hc vin

Chng ta ping thnh cng mng 10.0.0.0 ca Vsic1, cc bn tip tc ping ti cc mng khc kim tra v chc chn s thnh cng. Nh vy ton mng lin lc c vi nhau. Vic chy OSPF gia Winserver 2003 v router thnh cng. 5. T thc hnh s dng Dynagen : i vi bi thc hnh ny, ta c th s dng my tnh hin hnh chy h iu hnh 2003 hay c th s dng my o. Trc tin ta kim tra vic ci t admin tool Routing v Remote Access trong Win 2003. Sau tin hnh Bridge card mng ca my s dng vi Router VSIC2.

VSIC Education Corporation

Trang 134

CCNA

Ti liu dnh cho hc vin

Chy file lab20ospfs.net thc hnh v chnh a ch card mng ph hp vi PC win 2003 # Simple lab [localhost] [[3640]] image = \Program Files\Dynamips\images\C3640_IS_MZ122_3.BIN # On Linux / Unix use forward slashes: # image = /opt/7200-images/c7200-jk9o3s-mz.124-7a.image ram=96 [[ROUTER VSIC1]] model=3640 s1/0 = VSIC2 s1/0 [[router VSIC2]] s1/1 = VSIC3 s1/1 F0/0 = NIO_gen_eth:\Device\NPF_{3E56FAD7-7D96-4763-AD9E-6232CA66410B} thay i a ch mng dng ny model=3640 [[ROUTER VSIC3]] model=3640 # No need to specify an adapter here, it is taken care of # by the interface specification under Router VSIC1 Chng ta bt u thc hnh, ta hy th thm 1 giao thc c trong admin tool Routing v Remote Access l RIP.

VSIC Education Corporation

Trang 135

CCNA

Ti liu dnh cho hc vin

Phn 4 : ACCESS LIST v NAT


BI 21: STANDAR ACCESS LIST
1. Gii thiu: -Mt trong nhng cng c rt quan trng trong Cisco Router c dng trong lnh vc security l Access List. y l mt tnh nng gip bn c th cu hnh trc tip trn Router to ra mt danh sch cc a ch m bn c th cho php hay ngn cn vic truy cp vo mt a ch no . -Access List c 2 loi l Standard Access List v Extended Access List. -Standard Access List: y l loi danh sch truy cp m khi cho php hay ngn cn vic truy cp,Router ch kim tra mt yu t duy nht l a ch ngun(Source Address) -Extended Access List: y l loi danh sch truy cp m rng hn so vi loi Stanhdar,cc yu t v a ch ngun, a ch ch,giao thc,port..s c kim tra trc khi Router cho php vic truy nhp hay ngn cn. 2. M t bi lab v hnh : -Bi Lab ny gip bn thc hin vic cu hnh Standard Access List cho Cisco Router vi mc ch ngn khng cho host truy cp n router VSIC2.

3. Cu hnh router : Router Vsic1 Vsic1#show run VSIC Education Corporation Trang 136

CCNA

Ti liu dnh cho hc vin

Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Vsic1 ! ip subnet-zero ! process-max-time 200 ! interface Ethernet0 ip address 11.0.0.1 255.255.255.0 no ip directed-broadcast ! interface Serial0 ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast ! interface Serial1 no ip address no ip directed-broadcast shutdown ! ip classless no ip http server ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 ! end Router Vsic2 Vsic2#show run Building configuration... Current configuration: ! version 12.1 service timestamps debug uptime

VSIC Education Corporation

Trang 137

CCNA

Ti liu dnh cho hc vin

service timestamps log uptime no service password-encryption ! hostname Vsic2 ! ip subnet-zero ! interface Ethernet0 no ip address shutdown ! interface Serial0 ip address 192.168.1.2 255.255.255.0 clockrate 56000 ! interface Serial1 no ip address shutdown ! ip classless no ip http server ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 ! end Host: IP Address:11.0.0.2 Subnet mask:255.255.255.0 Gateway:11.0.0.1 -Bn thc hin vic nh tuyn cho cc Router nh sau(Dng giao thc RIP): Vsic1(config)#router rip Vsic1(config-router)#net 192.168.1.0 Vsic1(config-router)#net 11.0.0.0 Vsic2(config)#router rip Vsic2(config-router)#net 192.168.1.0 Vsic2(config-router)#net 10.0.0.0 -Bn thc hin kim tra qu trnh nh tuyn: Vsic2#ping 192.168.1.1

VSIC Education Corporation

Trang 138

CCNA

Ti liu dnh cho hc vin

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms Vsic2#ping 11.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms Vsic2#ping 11.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/40 ms -Sau qu trnh nh tuyn,kim tra chc chn rng mng c thng,bn thc hin vic to Access List Standar ngn khng cho Router Vsic 2 ping vo Host. -V khi lu thng,gi tin mun n c a ch ca Host bt but phi i qua Router Vsic1. -Bn thc hin to Access List trn Router Vsic 1 nh sau: Vsic1#conf t Enter configuration commands, one per line. End with CNTL/Z. Vsic1(config)#access-list 1 deny 11.0.0.2 0.0.0.0 //t chi s truy nhp ca a ch 11.0.0.2// -Lc ny bn thc hin lnh Ping t Host n VSIC2

VSIC Education Corporation

Trang 139

CCNA

Ti liu dnh cho hc vin

-Bn thy lnh Ping thc hin vn thnh cng, l do l bn cha m ch Access list trn interface ethernet0 ca router Vsic1 Vsic1(config)#int e0 Vsic1(config-if)#ip access-group 1 in //ngn cn ng vo ca serial 0 theo access group 1// -Sau khi apply access list vo interface ethernet 0, ta ping t PC1 n VSIC2.

By gi ta i a ch ca PC thnh 11.0.0.3, v th ping li 1 ln na.

VSIC Education Corporation

Trang 140

CCNA

Ti liu dnh cho hc vin

-Bn thy lnh Ping vn khng thnh cng, l do l khi khng tm thy a ch source (a ch l) trong danh sch Access list, router s mc nh thc hin Deny any,v vy bn phi thay i mc nh ny. Sau y l lnh debug ip packet ti VSIC1 khi thc hin lnh ping trn.

Vsic1(config)#access-list 1 permit any -Lc ny bn thc hin li lnh Ping t PC1 n VSIC2

VSIC Education Corporation

Trang 141

CCNA

Ti liu dnh cho hc vin

-Bn thy lnh Ping thnh cng, n y bn cu hnh xong Standard Access List. 4. T cu hnh bng Dynagen: Click file lab21acls.net v cu hnh theo s sau:

Thay v apply ACL ti interface Fa0/0 theo chiu in, ta c th hin i vi interface s1/0 theo chiu out. Ta cu hnh tng t v test theo hng dn ca bi trn.

VSIC Education Corporation

Trang 142

CCNA

Ti liu dnh cho hc vin

BI 22: EXTENDED ACCESS LIST


1. Gii thiu : - bi trc bn thc hin vic cu hnh Standard Access List, bi Lab ny bn s tip tc tm hiu su hn v Extended Access List. y l m rng ca Standard Access List, trong qu trnh kim tra, Router s kim tra cc yu t v a ch ngun, ch,giao thc v port 2. M t bi lab v hnh : -Mc ch ca bi Lab:Bn thc hin cu hnh Extended Access List sao cho Host1 khng th Telnet vo Router Vsic 2 nhng vn c th duyt web qua Router Vsic2 Bn thc hin hnh nh sau:

Bn thc hin vic cu hnh cho Router v Host nh hnh trn: 3. Cu hnh router : Host1: IP Address:11.0.0.2 Subnet mask:255.255.255.0 Gateway:11.0.0.1

VSIC Education Corporation

Trang 143

CCNA

Ti liu dnh cho hc vin

Host2: IP Address:10.0.0.2 Subnet mask:255.255.255.0 Gateway:10.0.0.1 Router Vsic1: vsic1#show run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname vsic1 ! ip subnet-zero ! process-max-time 200 ! interface Ethernet0 ip address 11.0.0.1 255.255.255.0 no ip directed-broadcast ! interface Serial0 ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast ! interface Serial1 no ip address no ip directed-broadcast shutdown ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 ! end Router Vsic2

VSIC Education Corporation

Trang 144

CCNA

Ti liu dnh cho hc vin

Building configuration... Current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname vsic2 ! enable secret 5 $1$V7En$XlyfRt14RWv2KPO9goxVt. //mt khu secret l Router// ! ip subnet-zero ! interface Ethernet0 ip address 10.0.0.1 255.255.255.0 ! interface Serial0 ip address 192.168.1.2 255.255.255.0 no fair-queue clockrate 56000 ! interface Serial1 no ip address shutdown ! ip classless no ip http server ! line con 0 transport input none line 1 8 line aux 0 line vty 0 4 password cisco login ! end -Bn thc hin vic nh tuyn(s dng Rip) vsic1(config)#router rip vsic1(config-router)#net 11.0.0.0 vsic1(config-router)#net 192.168.1.0

VSIC Education Corporation

Trang 145

CCNA

Ti liu dnh cho hc vin

vsic2(config)#router rip vsic2(config-router)#net 10.0.0.0 vsic2(config-router)#net 192.168.1.0 -Bn thc hin lnh Ping kim tra qu trnh nh tuyn.Sau khi chc chn rng qu trnh nh tuyn thnh cng. -Ti Router Vsic2 bn thc hin cu lnh: vsic2(config)#ip http server //Cu lnh ny dng gi mt http server trn Router// -Lc ny Router s ng vai tr nh mt Web Server -Sau khi qu trnh nh tuyn thnh cng,bn thc hin cc bc Telnet v duyt Web t Host 1 vo Router Vsic2. -Ch : thnh cng vic Telnet bn phi Login cho ng line vty v t mt khu cho ng ny( y l Cisco) Telnet:

Duyt web

VSIC Education Corporation

Trang 146

CCNA

Ti liu dnh cho hc vin

VSIC Education Corporation

Trang 147

CCNA

Ti liu dnh cho hc vin

Bn nhp vo User Name v Password User name:Vsic2 Password:Router

-Cc bc trn thnh cng,bn thc hin vic cu hnh Access list vsic2#conf t Enter configuration commands, one per line. End with CNTL/Z. vsic2(config)#access-list 101 deny tcp 11.0.0.2 0.0.0.0 192.168.1.2 0.0.0.0 eq telnet vsic2(config)#int s0 vsic2(config-if)#ip access-group 101 in -Bn thc hin li vic Telnet nh trn,bn nhn thy qu trnh Telnet khng thnh cng nhng bc duyt Web ca bn cng khng thnh cng. -Theo yu cu bn ch ngn cm Telnet nhng cho php qu trnh duyt Web Telnet

VSIC Education Corporation

Trang 148

CCNA

Ti liu dnh cho hc vin

Duyt Web

- thnh cng bc duyt Web,bn thc hin cu lnh thay i vic Deny any mc nh ca Access List. vsic2(config)#access-list 101 permit ip any any -Bn ch rng cc cu lnh trong Access List extended khng ging nh trong Access List Standard v trong Access List Extended,Router s kim tra c a ch ngun,ch,giao thc v port..Permit ip any any c ngha l cho php tt c cc a ch ngun v ch khc(khng tm thy trong danh sch Access List) chy trn nn giao thc IP i qua. Lc ny bn thc hin li qu trnh duyt web

VSIC Education Corporation

Trang 149

CCNA

Ti liu dnh cho hc vin

Bn nhp vo User Name v Password User name:Vsic2 Password:Router

-n y bn thnh cng vic cu hnh cho Extended Access List,bn thc hin c yu cu to Access List cho Router vi mc ch ngn cm vic Telnet vo Router v cho php qu trnh duyt Web vo Router.Bn cng c th m rng thm hnh vi nhiu Router thc tp vic cu hnh Access List cho Router vi nhng yu cu bo mt khc nhau. 4. T Thc hnh bng Dynagen: S dng file lab22acle.net thc hnh. S v cch cu hnh tng t nh trn.

VSIC Education Corporation

Trang 150

CCNA

Ti liu dnh cho hc vin

BI 23: TN CNG ROUTER BNG FLOOD


1. M t bi lab v cu hnh :

hnh bi lab trn hnh trn, chng ta s bt http server trn router Vsic2 v Deny Service ny bng DoS trn S0 ca router Vsic2 a ch l 192.168.1.2, ta cu hnh access-list 101 p vo interface S0, ni dung ca access-list 101 ny l cm tt c cc gi i vo interface ny (s dng Defense). 2. Cu hnh ca Router : Cu hnh ca cc router : Vsic1#show run Building configuration... Current configuration : 559 bytes version 12.1 hostname Vsic1 interface Ethernet0 ip address 10.1.0.1 255.255.255.0 interface Serial0 ip address 192.168.1.1 255.255.255.0 no fair-queue clockrate 64000 router rip network 10.0.0.0 network 192.168.1.0 end Vsic2#show run Building configuration... Current configuration : 616 bytes version 12.1 hostname Vsic2 interface Loopback0 VSIC Education Corporation Trang 151

CCNA

Ti liu dnh cho hc vin

ip address 11.1.0.1 255.255.255.0 interface Serial0 ip address 192.168.1.2 255.255.255.0 router rip network 11.0.0.0 network 192.168.1.0 ip http server access-list 101 deny tcp any 10.1.0.0 0.0.0.255 access-list 101 permit ip any any end Chng ta bt http server trn router Vsic2 bng cch : Vsic2(config)#ip http server 3. Thc thi DoS : Sau khi cu hnh xong, ta chy th Web Service trn router 2501 bng vo Internet explorer browser, v nhp vo khung Address : http://192.168.3.1/ v chc chn Service ny ang chy. By gi, chng ta vo command prompt khi ng chng trnh bonk (http://www.packetstorm.net/)

Chng trnh ny s gi packet lin tc n a ch m chng ta nhp vo (Interface S0 ca Vsic2). Lc ny to router Vsic2 chng ta cu hnh access-list l deny tt c cc gi n a ch 192.168.1.2 (interface S0 ca Vsic2). Chng ta c th xem qu trnh u tin l khi mi bt u gi gi t phn mm file chy bonk, nhng gi t phn mm ny gi b deny : (s dng cu lnh debug ip packet detail hin th thng tin v cc gi trn Vsic2) 01:35:27: IP: s=192.168.1.2 (local), d=58.78.126.160, len 56, unroutable 01:35:28: IP: s=234.163.97.104 (Serial0), d=192.168.1.2, len 56, access denied 01:35:28: IP: s=90.18.161.21 (Serial0), d=192.168.1.2, len 56, access denied 01:35:28: IP: s=192.168.1.2 (local), d=90.18.161.21, len 56, unroutable 01:35:29: IP: s=212.188.230.189 (Serial0), d=192.168.1.2, len 56, access denied VSIC Education Corporation Trang 152

CCNA

Ti liu dnh cho hc vin

01:35:29: IP: s=95.72.43.45 (Serial0), d=192.168.1.2, len 56, access denied 01:35:29: IP: s=192.168.1.2 (local), d=95.72.43.45, len 56, unroutable 01:35:30: IP: s=137.183.32.171 (Serial0), d=192.168.1.2, len 56, access denied 01:35:30: IP: s=34.183.126.195 (Serial0), d=192.168.1.2, len 56, access denied Tuy nhin trong qu trnh deny router Vsic2 phi a gi vo d liu ca mnh phn tch. Trong khi file chy bonk gi gi mt cch lin tc, nn cha y 2 pht sau th interface serial 0 ca Vsic2 b down v service http ca n v vy cng s b down lun. Chng ta khng th duyt web lc ny. 01:35:31: IP: s=192.168.1.2 (local), d=190.191.154.23, len 56, unroutable 01:35:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down 01:35:32: IP: s=68.190.155.4 (Serial0), d=192.168.1.2, len 56, access denied 01:35:32: IP: s=192.168.1.2 (local), d=68.190.155.4, len 56, unroutable. Sau khi down mt thi gian, router s t ng up interface S0 ln li. Nu khng cn ghn na th s hot ng bnh thng. 01:35:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

VSIC Education Corporation

Trang 153

CCNA

Ti liu dnh cho hc vin

BI 24: CU HNH NAT STATIC


1. Gii thiu : Nat (Network Address Translation) l mt giao thc dng cung cp s chuyn i IP trong 1 min a ra mt mi trng khc thng qua mt IP c ng k chuyn i thng tin gia 2 mi trng (either Local or Global) . u im ca NAT( Network Nat Translation ) l chuyn i cc IP adress ring trong mng n IP adress inside c Cung cp khi ng k . Cc loi a ch : Inside Local : l cc a ch bn trong mng ni b ( gateway) Inside Global :l cc a ch ngoi cng GATEWAY , l a ch Nat c ng k. Trong bi nay l :172.17.0.1/24 Outside Global : l cc h thng mng bn ngoi cc mi trng Cch thc chuyn i mt IP public v mt IP private s khng c hiu qu khi chng ta trin khai rng cho tt c cc host trong mng, bi v khi lm nh vy ta s khng c a ch cung cp. Nat tnh thng c p dng khi ta s dng a ch public lm WebServer hay FTP Server,v.v. 2. M t bi lab v hnh :

Cc PC ni vi router bng cp cho, hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC c cho trn hnh v Trong bi lab ny, router Vsic2 c cu hnh nh mt ISP, router Vsic1 c cu hnh nh mt gateway 3. Cu hnh : Chng ta cu hnh cho cc router nh sau : Router#conf t Vsic2(config)#enable password cisco Route r(config)#hostname Vsic2 Vsic2(config)#interface serial 0 Vsic2(config-if)#ip address 192.168.0.1 255.255.255.0 Vsic2(config-if)# no shut Vsic2(config-if)#clock rate 64000 Vsic2(config)#interface ethernet 0 Vsic2(config-if)#ip address 10.1.0.1 255.255.0.0 Vsic2(config-if)#no shut Vsic1(config)#interface serial 0 Vsic1(config-if)#ip address 192.168.0.2 255.255.255.0 VSIC Education Corporation Trang 154

CCNA

Ti liu dnh cho hc vin

Vsic1(config)#ip nat outside cu hnh interface S0 l interface outside Vsic1(config)#interface ethernet 0 Vsic1(config-if)#ip address 11.1.0.1 255.255.0.0 Vsic1(config-if)#no shut Vsic1(config-if)#ip nat intside Cu hnh interface E0 l interface inside Chng ta tin hnh cu hnh Static NAT cho Vsic1 bng cu lnh : Vsic1(config)#ip nat inside source static 10.1.0.2 172.17.0.1 Cu lnh trn c ngha l : cc gi tin xut pht t PC2 khi qua router( vo t interface E0) Vsic1 ra ngoi( ra khi interface S0) s c i a ch IP source t 11.1.0.2 thnh a ch 172.17.0.1 (y l a ch c ng k vi ISP) Chng ta tin hnh t Static Route cho 2 Router Vsic2 v Vsic1. Vsic1(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.1 Vsic2(config)#ip route 172.17.0.0 255.255.0.0 192.168.0.2 a ch 172.17.0.1 l Address c ng k. Trn thc t ISP ch route xung user bng a ch ng k ny. kim tra vic NAT ca router Vsic1 nh th no chng ta s dng cu lnh sau: Vsic1#sh ip nat translation Pro Inside global Inside local Outside local Outside global --- 172.17.0.1 11.1.0.2 ---- kim tra router Vsic1 chuyn i a ch nh th no chng ta s dng cu lnh debug ip nat trn router Vsic1 v v ping t PC1 n PC2( hay interface loopback gi lp).

VSIC Education Corporation

Trang 155

CCNA

Ti liu dnh cho hc vin

Ta c th s dng lnh ping t Router Vsic2 vo bn trong Server( a ch 172.17.0.1) ca chng ta,

Nh vy bn ngoi mun tng tc c vi Server bn trong phi truy cp vo a ch IP l 172.17.0.1. 4. T thc hnh bng Dynagen : Ta s dng file lab24nats.net thc hnh. Ta thc hnh tng t nh trn vi s nh sau :

VSIC Education Corporation

Trang 156

CCNA

Ti liu dnh cho hc vin

Bt thm debug ip packet VSIC2 xem packet t PC1 ti VSIC2.

VSIC Education Corporation

Trang 157

CCNA

Ti liu dnh cho hc vin

BI 25:CU HNH NAT OVERLOAD


1. Gii thiu : NAT (Network Address Translation) dng chuyn i cc private address thnh a ch public address. Cc gi tin t mng ni b ca user gi ra ngoi, khi n router bin a ch IP source s c chuyn i thnh a ch public m user ng k vi ISP. iu ny cho php cc gi tin t mng ni b c th c gi ra mng ngoi (Internet). NAT c cc loi : NAT static, NAT pool, NAT overload. NAT static cho php chuyn i mt a ch ni b thnh mt a ch public. NAT pool cho php chuyn i cc a ch ni b thnh mt trong dy a ch public. NAT overload cho php chuyn i cc a ch ni b thnh mt a ch public Trong k thut NAT overload, router s s dng thm cc port cho cc a ch khi chuyn i. 2. Cc cu lnh s dng trong bi lab : ip nat {inside | outside} Cu hnh interface l inside hay outside ip nat inside source {list {accesslistnumber | name} pool name [overload] | static localip globalip} Cho php chuyn a ch ni b thnh a ch public ip nat pool name startip endip {netmask | prefixlength prefixlength} [type rotary] To NAT pool show ip nat translations Xem cc thng tin v NAT debug ip nat Xem hot ng ca NAT 3. M t bi lab v hnh :

hnh bi lab nh hnh trn. Router Vsic1 c cu hnh inteface loopback 0, loopback 1, loopback 2. Router Vsic2 c cu hnh interface loopback 0. Hai router c ni vi nhau bng cp Serial. Ta gi lp 3 lp mng lo0, lo1, lo2 l nhng mng bn trong, khi cc traffic bn trong mng ny i ra ngoi ( ra khi S0) s c chuyn i a ch. 4. Cu hnh router :

VSIC Education Corporation

Trang 158

CCNA

Ti liu dnh cho hc vin

Hai router c cu hnh cc interface nh sau : Vsic1#sh run Building configuration... Current configuration : 630 bytes hostname Vsic1 interface Loopback0 ip address 10.1.0.1 255.255.0.0 interface Loopback1 ip address 11.1.0.1 255.255.0.0 interface Loopback2 ip address 12.1.0.1 255.255.0.0 interface Serial0 ip address 192.168.1.1 255.255.255.0 end Vsic2#sh run Building configuration... Current configuration : 644 bytes hostname Vsic2 interface Loopback0 ip address 13.1.0.1 255.255.0.0 interface Serial0 ip address 192.168.1.2 255.255.255.0 no fair-queue clockrate 64000 end Chng ta cu hnh NAT trn router Vsic1 theo cc bc sau : Bc 1 : Cu hnh cc interface inside v outside Trong bi lab ny, chng ta cu hnh cho cc interface loopback ca Vsic1 l inside cn interface serial 0 l out side. Vsic1(config)#in lo0 Vsic1(config-if)#ip nat inside Vsic1(config)#in lo1 Vsic1(config-if)#ip nat inside Vsic1(config-if)#in lo2 Vsic1(config-if)#ip nat inside Vsic1(config-if)#in s0 Vsic1(config-if)#ip nat outside Vsic1(config-if)#exit Bc 2 : To access list cho php mng no c NAT. Chng ta cu hnh cho php mng 10.1.0.0/16 v mng 11.1.0.0/16 c cho php, cm mng 12.1.0.0/16 Vsic1(config)# access-list 1 deny 12.1.0.0 0.0.255.255 Vsic1(config)#access-list 1 permit any

VSIC Education Corporation

Trang 159

CCNA

Ti liu dnh cho hc vin

Bc 3 : To NAT pool cho router Vsic1 Cu hnh NAT pool tn Vsic1 c a ch t 172.1.1.1/24 n 172.1.1.5/24 Vsic1(config)#ip nat pool Vsic1 172.1.1.1 172.1.1.5 netmask 255.255.255.0 Bc 4 : Cu hnh NAT cho router Vsic1(config)#ip nat inside source list 1 pool Vsic1 overload Cu lnh trn cu hnh overload cho NAT pool Bc 5 : nh tuyn cho router Vsic1(config)#ip route 13.1.0.0 255.255.0.0 192.168.1.2 Vsic2(config)#ip route 172.1.1.0 255.255.255.0 192.168.1.1 Lu : i vi router Vsic2, nu ta nh tuyn theo dng : Vsic2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 th chng ta c th ping thy c cc mng trong router Vsic1 (10.1.0.0/16, 11.1.0.0/16). Nhng thc t, ISP ch nh tuyn xung cho user bng a ch m user ng k (Inside global address). Bc 6 : Kim tra hot ng ca NAT Chng ta s kim tra NAT bng cu lnh debug ip nat Vsic1#debug ip nat IP NAT debugging is on Sau khi bt debug NAT, chng ta s ping n loopback0 ca Vsic2 t loopback0 ca Vsic1. Ta gi lp traffic t host 10.1.0.1 n mng 13.1.0.1. Lc ny khi traffic ca 10.1.0.1 qua S0 s chuyn i a ch. Vsic1#ping Protocol [ip]: Target IP address: 13.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms Vsic1# 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [190] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [190] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [191] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [191] VSIC Education Corporation Trang 160

CCNA

Ti liu dnh cho hc vin

00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [192] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [192] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [193] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [193] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [194] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [194] T kt qu trn ta thy c, cc gi tin t mng 10.1.0.1 c i source IP thnh 171.1.1.1. S dng cu lnh show ip nat translations xem cc thng v NAT Vsic1#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 172.1.1.1:2459 10.1.0.1:2459 13.1.0.1:2459 13.1.0.1:2459 icmp 172.1.1.1:2460 10.1.0.1:2460 13.1.0.1:2460 13.1.0.1:2460 icmp 172.1.1.1:2461 10.1.0.1:2461 13.1.0.1:2461 13.1.0.1:2461 icmp 172.1.1.1:2462 10.1.0.1:2462 13.1.0.1:2462 13.1.0.1:2462 icmp 172.1.1.1:2463 10.1.0.1:2463 13.1.0.1:2463 13.1.0.1:2463 Cc s c in m l port NAT s dng cho a ch 10.1.0.1. Lp li cc bc trn kim tra NAT cho loopback 1, loopback 2 ca router Vsic1 Vsic1#ping Protocol [ip]: Target IP address: 13.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 11.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms Vsic1# 00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [210] 00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [210] 00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [211] 00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [211] 00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [212] 00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [212] 00:33:17: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [213] 00:33:17: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [213] 00:33:17: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [214] 00:33:17: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [214]

VSIC Education Corporation

Trang 161

CCNA

Ti liu dnh cho hc vin

Vsic1#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 172.1.1.1:6407 11.1.0.1:6407 13.1.0.1:6407 13.1.0.1:6407 icmp 172.1.1.1:6408 11.1.0.1:6408 13.1.0.1:6408 13.1.0.1:6408 icmp 172.1.1.1:6409 11.1.0.1:6409 13.1.0.1:6409 13.1.0.1:6409 icmp 172.1.1.1:6410 11.1.0.1:6410 13.1.0.1:6410 13.1.0.1:6410 icmp 172.1.1.1:6411 11.1.0.1:6411 13.1.0.1:6411 13.1.0.1:6411 Vsic1#ping Protocol [ip]: Target IP address: 13.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 12.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds: .. Success rate is 0 percent (0/5) i vi 12.1.0.1, chng ta khng ping ra ngoi c v mng 12.1.0.0/16 b cm trong access list 1. ng router Vsic2, chng ta ping xung cc loopback ca router Vsic1 Vsic2#ping 10.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Vsic2#ping 11.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Vsic2#ping 12.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) Nhn xt : tt c u khng thnh cng Nguyn nhn l router Vsic2 khng c route no n cc loopback ca router Vsic1. Trong thc t, ta cng c kt qu tng t do ISP ch

VSIC Education Corporation

Trang 162

CCNA

Ti liu dnh cho hc vin

nh tuyn xung a ch m user ng k, cn cc a ch mng bn trong ca user th khng c ISP nh tuyn. 5. T thc hnh bng Dynagen: Ta click vo file lab25nato.net thc hnh tng t nh bi trn. Tuy nhin ta c thay mng gi lp lo0 bng mt mng LAN. Ta s dng PC ping ra ngoi v bt debug theo di trn router, ta s thy s chuyn i a ch xy ra ti router. Hc vin trong bi t thc hnh nn kt hp gia static NAT v dynamip NAT. Ta c c th gi s trng hp l trong mng c 1 Web Server, v Web Server c NAT static khi i ra ngoi v ngc li. Cn li nhng PC khc trong mng s dng NAT overload ra Internet. thc hin thnh cng c bi ny, ta test bng cch PC bn trong c th ping ra ngoi v ngoi c th truy cp Web Server bn trong.

VSIC Education Corporation

Trang 163

CCNA

Ti liu dnh cho hc vin

Phn 5 : WAN
BI 26: CU HNH PPP PAP V CHAP
1. Gii thiu : PPP (Point-to-Point Protocol) l giao thc ng gi c s dng thc hin kt ni trong mng WAN. PPP bao gm LCP (Link Control Protocol) v NCP (Network Control Protocol). LCP c dng thit lp kt ni point-to-point, NCP dng cu hnh cho cc giao thc lp mng khc nhau. PPP c th c cu hnh trn cc interface vt l sau : Asynchronous serial : cng serial bt ng b Synchronous serial : cng serial ng b High-Speed Serial Interface (HSSI) : cng serial tc cao Integrated Services Digital Network (ISDN) Qu trnh to session ca PPP gm ba giai on (phase): Link-establishment phase Authentication phase (ty chn) Network layer protocol phase Ty chn xc nhn (authentication) gip cho vic qun l mng d dng hn. PPP s dng hai cch xc nhn l PAP (Password Authentication Protocol) v CHAP (Challenge Handshake Authentication Protocol). PAP l dng xc nhn two-way handshake. Sau khi to lin kt node u xa s gi usename v password lp i lp li cho n khi nhn c thng bo chp nhn hoc t chi. Password trong PAP c gi i dng clear text (khng m ha). CHAP l dng xc nhn three-way handshake. Sau khi to lin kt, router s gi thng ip challenge cho router u xa. Router u xa s gi li mt gi tr c tnh ton da trn password v thng ip challenge cho router. Khi nhn c gi tr ny, router s kim tra li xem c ging vi gi tr ca n tnh hay khng. Nu ng, th router xem gi xc nhn ng v kt ni c thit lp; ngc li, kt ni s b ngt ngay lp tc. 2. Cc cu lnh s dng trong bi lab : username name password password Cu hnh tn v password cho CHAP v PAP. Tn v password ny phi ging vi router u xa. encapsulation ppp Cu hnh cho interface s dng giao thc PPP ppp authentication (chap chap pap pap chap pap) Cu hnh cho interface s dng PAP, CHAP, hoc c hai. Trong trng hp c hai c s dng, giao thc u tin c s dng trong qu trnh xc nhn; nu nh giao thc u b t chi hoc router u xa yu cu dng giao thc th hai th giao thc th hai c dng. ppp pap sent-username username password password Cu hnh username v password cho PAP debug ppp authentication Xem trnh t xc nhn ca PAP v CHAP

VSIC Education Corporation

Trang 164

CCNA

Ti liu dnh cho hc vin

3. M t bi lab v hnh :

hnh bi lab nh hnh v. Hai router c t tn l Vsic, Vsic2 v c ni vi nhau bng cp serial. a ch IP ca cc interface nh hnh trn. 4. Cu hnh router : a) Bc 1 : t tn v a ch cho cc interface Vsic1#sh run Building configuration... Current configuration : 497 bytes version 12.1 hostname Vsic1 enable password cisco interface Serial0 ip address 192.168.1.1 255.255.255.0 clockrate 64000 end Vsic2#sh run Building configuration... Current configuration : 423 bytes version 12.1 hostname Vsic2 enable password cisco interface Serial0 ip address 192.168.1.2 255.255.255.0 end Chng ta s kim tra trng thi ca cc cng bng cu lnh show ip interface brief Vsic2#sh ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0 unassigned YES unset administratively down down Serial0 192.168.1.2 YES manual up up Serial1 unassigned YES unset administratively down down Cng serial ca router Vsic2 up. Lm tng t kim tra trng thi cc cng ca router Vsic1. Chng ta s dng cu lnh show interfaces serial bit c cc thng s ca interface serial cc router Vsic2#sh interfaces serial 0 VSIC Education Corporation Trang 165

CCNA

Ti liu dnh cho hc vin

Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:02, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15 packets input, 846 bytes, 0 no buffer Received 15 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 19 packets output, 1708 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Vsic1#sh int s 0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 00:11:35 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 21 packets input, 2010 bytes, 0 no buffer Received 21 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 23 packets output, 1280 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 output buffer failures, 0 output buffers swapped out 7 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

VSIC Education Corporation

Trang 166

CCNA

Ti liu dnh cho hc vin

C hai cng serial ca hai router u s dng giao thc ng gi l HDLC v trng thi ca c hai u l up b) Bc 2 : Cu hnh PPP PAP, CHAP Cu hnh PPP PAP ng router Vsic1, chng ta s cu hnh PPP cho interface serial 0 bng cu lnh encapsulation ppp Vsic1(config)#in s0 Vsic1(config-if)#encapsulation ppp Kim tra trng thi interface serial 0 ca router Vsic1 Vsic1#sh ip int brie Interface IP-Address OK? Method Status Protocol Ethernet0 unassigned YES unset administratively down down Serial0 192.168.1.1 YES manual up down Serial1 unassigned YES unset administratively down down Vsic1#sh int s 0 Serial0 is up, line protocol is down Hardware is HD64570 Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP REQsent Closed: IPCP, CDPCP Last input 00:00:08, output 00:00:01, output hang never Last clearing of "show interface" counters 00:00:15 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1 packets input, 22 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 7 packets output, 98 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Nhn xt : interface serial 0 ca router Vsic1 b down, ng ngha vi interface serial 0 ca router Vsic2 cng b down. Nguyn nhn l hai interface ny s dng giao thc ng gi khc nhau. (Interface serial 0 ca router Vsic1 s dng PPP cn Vsic2 s dng HDLC). V vy chng ta phi cu hnh cho interface serial 0 ca router Vsic2 cng s dng giao thc PPP. Vsic2(config)#in s0

VSIC Education Corporation

Trang 167

CCNA

Ti liu dnh cho hc vin

Vsic2(config-if)#encapsulation ppp By gi chng ta s kim tra trng thi ca cc interface Vsic2#sh int s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters 00:00:18 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15 packets input, 1004 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 13 packets output, 976 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up C hai interface ca hai router up tr li. Do c hai c cu hnh s dng cng giao thc ng gi l PPP. Trc khi cu hnh PAP cho hai interface chng ta s dng cu lnh debug ppp authentication xem trnh t trao i thng tin ca PAP. Vsic2#debug ppp authentication PPP authentication debugging is on Chng ta s cu hnh PAP cho c hai interface serial 0 nh sau : Vsic1(config)#username Vsic2 password cisco Vsic1(config)#in s0 Vsic1(config-if)#ppp authentication pap Vsic1(config-if)#ppp pap sent-username Vsic1 password cisco Vsic2(config)#username Vsic1 password cisco Vsic2(config)#in s0 Vsic2(config-if)#ppp authentication pap Vsic2(config-if)#ppp pap sent-username Vsic2 password cisco Lu : Trong cu lnh username name password password , name v password phi trng vi name v password ca router u xa.

VSIC Education Corporation

Trang 168

CCNA

Ti liu dnh cho hc vin

Cn trong cu lnh ppp pap sent-username name password password , name v password l ca chnh router chng ta cu hnh Sau khi chng ta cu hnh PAP xong trn route Vsic2, th mn hnh s xut hin trnh t ca PAP 00:09:49: Se0 PPP: Phase is AUTHENTICATING, by both 00:09:49: Se0 PAP: O AUTH-REQ id 1 len 18 from "Vsic2" 00:09:49: Se0 PAP: I AUTH-REQ id 1 len 18 from "Vsic1" 00:09:49: Se0 PAP: Authenticating peer Vsic1 00:09:49: Se0 PAP: O AUTH-ACK id 1 len 5 00:09:49: Se0 PAP: I AUTH-ACK id 1 len 5 00:09:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up ngha ca cc thng bo : Dng thng bo 1 : PPP thc hin xc nhn hai chiu Dng thng bo 2 : Vsic2 gi yu cu xc nhn Dng thng bo 3 : Nhn yu cu xc nhn t Vsic1 Dng thng bo 4 : Nhn xc nhn ca Vsic1 Dng thng bo 5 : Gi xc nhn ng n Vsic1 Dng thng bo 6 : Nhn xc nhn ng t Vsic1 Dng thng bo 7 : Trng thi ca interface c chuyn sang UP Nh vy hai interface ca router Vsic1 v Vsic2 up. Chng ta ng router Vsic2 ping interface serial 0 ca router Vsic1 kim tra. Vsic2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms Cu hnh PPP CHAP Trc khi cu hnh PPP CHAP cho hai interface chng ta g b PAP c hai router Vsic1(config)#in s0 Vsic1(config-if)#no ppp authentication pap Vsic1(config-if)#no ppp pap sent-username Vsic1 password cisco Vsic2(config)#in s0 Vsic2(config-if)#no ppp authentication pap Vsic2(config-if)#no ppp pap sent-username Vsic2 password cisco By gi chng ta s cu hnh CHAP bng cu lnh ppp authentication chap Vsic1(config)#in s0 Vsic1(config-if)#ppp authentication chap Vsic2(config)#in s0 Vsic2(config-if)#ppp authentication chap Lu : khi cu hnh PPP CHAP chng ta vn phi cu hnh cho interface serial s dng giao thc ng gi PPP bng cu lnh encapsulation ppp v cng phi s dng cu lnh

VSIC Education Corporation

Trang 169

CCNA

Ti liu dnh cho hc vin

username name password password cu hnh name v password cho giao thc CHAP thc hin xc nhn. y, chng ta khng thc hin li cc cu lnh v bc cu hnh PAP chng ta thc hin ri. Do chng ta s dng cu lnh debug ppp authentication router Vsic2, nn khi cu hnh CHAP xong hai router th mn hnh s hin thng bo nh sau : (console c ni vi router Vsic2) 00:15:08: Se0 CHAP: O CHALLENGE id 1 len 28 from "Vsic2" 00:15:08: Se0 CHAP: I CHALLENGE id 2 len 28 from "Vsic1" 00:15:08: Se0 CHAP: O RESPONSE id 2 len 28 from "Vsic2" 00:15:08: Se0 CHAP: I RESPONSE id 1 len 28 from "Vsic1" 00:15:08: Se0 CHAP: O SUCCESS id 1 len 4 00:15:08: Se0 CHAP: I SUCCESS id 2 len 4 00:15:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up ngha ca cc cu thng bo : Dng thng bo 1 : Vsic2 gi thng bo challenge n router Vsic1 Dng thng bo 2 : Vsic2 nhn thng bo challenge t router Vsic1 Dng thng bo 3 : Vsic2 gi response n router Vsic1 Dng thng bo 4 : Vsic2 nhn response t router Vsic1 Dng thng bo 5 : Vsic2 gi xc nhn thnh cng n Vsic1 Dng thng bo 6 : Vsic2 nhn xc nhn thnh cng t Vsic1 Dng thng bo 7 : Trng thi ca interface serial c chuyn sang UP Hai interface serial ca router Vsic1 v Vsic2 UP, chng ta ng router Vsic2 ping n interface serial 0 ca router Vsic1 kim tra Vsic2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms Nu nh name v password trong cu lnh username name password password khng ng th trng thi ca interface s b down. Do qu trnh xc nhn gia hai interface s s dng name v password ny. Nu nh khng khp th kt ni s b hy 5. T thc hnh bng Dynagen: y l s n gin, hc vin ch cn chy file lab26ppp.net thc hnh bi trn.

VSIC Education Corporation

Trang 170

CCNA

Ti liu dnh cho hc vin

BI 27:CU HNH ISDN BASIC


1. Gii thiu : ISDN (Integrated Services Digital Network) l mt cng ngh truyn dn tc cao v quay s c s dng rng ri .H thng mng ny c to ra cach y 20 nm v c ng dng rng ri ti U.S.A u nm 1990. ISDN l mng phc v cho vic truyn dn d liu s mt mng ISDN BRI t tiu chun c th t ti tc 128Kbps. D liu c up ln sau mi 10 giy mng ISDN cho php truyn dn cc tn hiu s,cc knh s ng thi trn dy in thoi analog thng thng v u bn kia c gii m qua modem hay cc thit b khc . 2. M t bi lab v hnh :

Trong bi ny chng ta s s dng mt thit b m phng ISDN. Chng ta s ni hai router vo thit b bng cp thng. 3. Cu hnh : a. Cu hnh cho router Vsic2: Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname Vsic2 Vsic2(config)#isdn switch-type basic-ni cu hnh loi ISDN switch Vsic2(config)#dialer-list 1 protocol ip permit Vsic2(config)#username Vsic1 password cisco Vsic2(config)#interface bri 0 Vsic2(config-if)#encapsulation ppp cu hnh giao thc ng gi l PPP Vsic2(config-if)#ip address 200.10.1.2 255.255.255.0 Vsic2(config-if)#isdn spid1 21 21 S SPID number 21 phone numbers 21 Vsic2(config-if)#dialer-group 1 Vsic2(config-if)#dialer map ip 200.10.1.1 name Vsic1 broadcast 11 cu hnh s ca router u xa Ahena2 thc hin cuc gi Vsic2(config-if)#ppp authentication chap cu hnh PPP CHAP Vsic2(config-if)#no shut Vsic2(config-if)# b. Cu hnh cho router Vsic1 : Router(config)#hostname Vsic1 Vsic1(config)#isdn switch-type basic-ni VSIC Education Corporation Trang 171

CCNA

Ti liu dnh cho hc vin

Vsic1(config)#dialer-list 1 protocol ip permit Vsic1(config)#username Vsic2 password cisco Vsic1(config)#interface bri 0 Vsic1(config-if)#encapsulation ppp Vsic1(config-if)# Vsic1(config-if)#ip address 200.10.1.1 255.255.255.0 Vsic1(config-if)#isdn spid1 11 11 Vsic1(config-if)#dialer-group 1 Vsic1(config-if)#dialer map ip 200.10.1.2 name Vsic2 broadcast 21 Vsic1(config-if)#ppp authentication chap Vsic1(config-if)#no shut Sau khi cu hnh xong chng ta kim tra li bng cch : Vsic2#sh run Building configuration... Current configuration : 726 bytes ! version 12.1 ! hostname Vsic2 ! username Vsic1 password 0 cisco ! ip subnet-zero ! isdn switch-type basic-ni ! interface BRI0 ip address 200.10.1.2 255.255.255.0 encapsulation ppp dialer map ip 200.10.1.1 name Vsic1 broadcast 11 dialer-group 1 isdn switch-type basic-ni isdn spid1 21 ppp authentication chap ! dialer-list 1 protocol ip permit end Vsic2#sh interfaces bri 0 BRI0 is up, line protocol is up (spoofing) Hardware is BRI Internet address is 200.10.1.2/24 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Last input never, output 00:00:22, output hang never Last clearing of "show interface" counters 00:18:04

VSIC Education Corporation

Trang 172

CCNA

Ti liu dnh cho hc vin

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 1 abort 10 packets output, 80 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 111 carrier transitions Chng ta kim tra trng thi kt ni ca lin kt ISDN bng cu lnh sau : Vsic1#sh isdn status Global ISDN Switchtype = basic-net3 ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-net3 Layer 1 Status: ACTIVE Layer 2 Status: TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status: 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask: 0x80000003 Number of L2 Discards = 0, L2 Session ID = 13 Total Allocated ISDN CCBs = 0 Vsic2#sh isdn status Global ISDN Switchtype = basic-net3 ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-net3 Layer 1 Status: ACTIVE Layer 2 Status: TEI = 67, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status: 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask: 0x80000003 Number of L2 Discards = 0, L2 Session ID = 3 Total Allocated ISDN CCBs = 0 Nu cu hnh ng th trng thi ca Layer 1 l ACTIVE v Layer 2 l MULTIPLE_FRAME_ESTABLISHED

VSIC Education Corporation

Trang 173

CCNA

Ti liu dnh cho hc vin

ng router Vsic2, chng ta ping a ch 200.10.1.1 kim tra kt ni : Vsic2#ping 200.10.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.10.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms Nhn xt : ping thnh cng v router Vsic2 thc hin kt ni vi router Vsic1 s dng interface dialer 0 Vsic2#sh interfaces bri 0 BRI0 is up, line protocol is up (spoofing) Hardware is BRI Internet address is 200.10.1.2/24 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters 00:09:45 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 103 packets input, 1111 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 70 packets output, 309 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 output buffer failures, 0 output buffers swapped out 5 carrier transitions Lnh show dialer dng ch trng thi knh B s ngt, st gim (drop) sau 120 giy inactive. Trng thi giao tip BRI ca router Athen2 c xc nh vi trng thi ca router Athnena1.Cng giao tip BRI0 c ch dn n knh D ca mng trong trang thi ny l UP/UP (spoofing state) chng t rng knh D hot ng Vsic2#sh dialer BRI0 - dialer type = ISDN Dial String Successes Failures Last DNIS Last status 11 1 0 01:31:13 successful 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0:1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs)

VSIC Education Corporation

Trang 174

CCNA

Ti liu dnh cho hc vin

Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle BRI0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle Vsic1#show dialer BRI0 - dialer type = ISDN Dial String Successes Failures Last DNIS Last status 21 0 1 00:01:43 failed 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0:1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle BRI0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle By gi nu nh i s s SPID hay l s Phone numbers th trng thi s thay i, h thng ng nhin l s khng th kt ni c. Vsic2(config)#interface bri0 Vsic2(config-if)#no isdn spid1 21 21 Vsic2(config-if)#isdn spid1 14 14 Vsic2(config-if)#no shut Vsic2(config-if)# 02:16:31: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BRI0, TEI 70 changed to down Vsic2(config-if)#dialer idle-timeout 20 cu hnh thi gian idle-timeout l 20s Vsic2(config-if)#no shut Vsic2(config-if)#^Z Vsic2# Vsic1#ping 200.10.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.10.1.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) 4. Cch t thc hnh bng Boson Netsim :

VSIC Education Corporation

Trang 175

CCNA

Ti liu dnh cho hc vin

M chng trnh Boson Netsim bt u thc hnh. Ta vo File Load Netmap Chn file lab27ISDN.top. S ging nh s thc hnh trn, spid1 vn l 11 v 22.. Ta ch rng trong trng trnh simulation Boson Netsim khc 1 cht so vi cu hnh thc t, chng ta phi thm dial string v trong lnh isdn spid1 ch cn ch s spid1 l , khng cn phi ch ra s in thoi trong lnh ny. Sau y l cu hnh trn Router VSIC1 vo VSIC2 ca Boson Netsim, khi cu hnh xong ta test bng lnh ping gia 2 u router VSIC1 v VSIC2.

VSIC Education Corporation

Trang 176

CCNA

Ti liu dnh cho hc vin

VSIC Education Corporation

Trang 177

CCNA

Ti liu dnh cho hc vin

VSIC Education Corporation

Trang 178

CCNA

Ti liu dnh cho hc vin

BI 28: CU HNH ISDN DDR


1. Gii thiu : ISDN (Integrated Services Digital Network) l mng s tch hp a dch v, cung cp cho chng ta nhiu loi hnh dch v s khc nhau, bao gm : data v thoi. ISDN cho php truyn cc knh s ng thi trn dy in thoi thng thng. K thut dial-on-demand routing (DDR) c pht trin bi Cisco cho php chng ta s dng ng dy in thoi to thnh mt mng WAN. DDR cho php router thc hin kt ni khi c traffic c gi v ngt kt ni khi khng cn n. iu ny gip chng ta tit kim c chi ph rt nhiu. Trong k thut DDR, ch khi gp interesting traffic router mi thc hin kt ni, ngoi ra th khng. iu ny gip chng ta qun l c mng tt hn. Ngoi ra, DDR s dng idle timeout xc nh thi gian router ngt kt ni nu nh khng c interesting traffic no c gi. 2. Cc cu lnh s dng trong bi lab : isdn switch-type switch-type Cu hnh loi ca ISDN switch isdn spid1 spidnumber [ldn] Cu hnh s SPID v ldn dialer-list dialer-group-num protocol protocol-name {permit | deny | list access-listnumber} To dialer list nh ngha intersting traffic cho router. dialer-group group-number Nhng dialer list vo mt interface dialer idle-timeout seconds Cu hnh thi gian idle-timeout dialer poolmember number To dialer pool dialer pool number Nhng mt dialer interface vo dialer pool dialer remotename username Cu hnh tn ca router u xa dialer string dialstring Cu hnh s quay kt ni vi router u xa 3. M t bi lab v hnh :

VSIC Education Corporation

Trang 179

CCNA

Ti liu dnh cho hc vin

Trong bi Lab ny chng ta s dng hai router c cng BRI v thit b m phng mi trng ISDN. Cp ni t cng BRI ca router n thit b m phng mi trng BRI l cp thng. Chng ta khi to Loopback 0, Loopback 1, Loopback 2 c hai router. a ch cc cng c ch thch ngay trn hnh. Password ca c hai router l : cisco 4. Mc tiu bi lab : Cu hnh kt ni gia hai router thng qua mi trng ISDN trong ch d Dial-ondemand routing (DDR) s dng interface dialer. 5. Cu hnh router : Bc 1: cu hnh tn router, cc interface loopback v m ng telnet hai router VSIC1#sh run Current configuration : 1301 bytes version 12.1 hostname VSIC1 enable password cisco interface Loopback0 ip address 10.1.0.1 255.255.255.0 interface Loopback1 ip address 11.1.0.1 255.255.255.0 interface Loopback2 ip address 12.1.0.1 255.255.255.0 line con 0 line aux 0 line vty 0 4 password cisco login end VSIC2#sh run Current configuration : 1204 bytes version 12.1 hostname VSIC2 enable password cisco interface Loopback0 ip address 13.1.0.1 255.255.255.0 interface Loopback1 ip address 14.1.0.1 255.255.255.0 interface Loopback2 ip address 15.1.0.1 255.255.255.0 line con 0 line aux 0 line vty 0 4 password cisco login end

VSIC Education Corporation

Trang 180

CCNA

Ti liu dnh cho hc vin

Bc 2: Cu hnh loi ISDN Switch s dng v s SPID v ldn. S SPID v ldn c cung cp bi nh cung cp dch v ISDN. VSIC1#conf t VSIC1(config)#isdn switch-type basic-net3 Cu hnh loi ISDN witch VSIC1(config)# in bri0 VSIC1(config-if)#isdn spid1 21 21 Cu hnh s SPID v ldn VSIC2#conf t VSIC2(config)#isdn switch-type basic-net3 VSIC2(config)# in bri0 VSIC2(config-if)#isdn spid1 11 11 Bc 3 : nh tuyn cho cc router y chng ta dng Static route nh tuyn cho cc router ch khng dng cc giao thc nh tuyn ng nh RIP, IGRP L do ta phi dng static route se c gii thch mc Nguyn nhn khng nn dng cc giao thc nh tuyn ng trong cu hnh ISDN DDR VSIC1#conf t VSIC1(config)#ip route 13.1.0.0 255.255.255.0 192.168.0.2 VSIC1(config)#ip route 14.1.0.0 255.255.255.0 192.168.0.2 VSIC1(config)#ip route 15.1.0.0 255.255.255.0 192.168.0.2 VSIC2#conf t VSIC2(config)#ip route 10.1.0.0 255.255.255.0 192.168.0.1 VSIC2(config)#ip route 11.1.0.0 255.255.255.0 192.168.0.1 VSIC2(config)#ip route 12.1.0.0 255.255.255.0 192.168.0.1 Bc 4 : Cu hnh interesting traffic Router ch thc hin kt ni khi v ch khi gp cc interesting traffic; ngoi ra, router s khng kt ni. Interesting traffic c nh ngha cho router bng : loi traffic, ngun hoc ch n ca mt gi tin. (thng qua access list). Interesting traffic c cu hnh bng cu lnh dialer-list. Trong bi ny, i vi router VSIC1, chng ta cu hnh interesting traffic l tt c cc traffic khc traffic telnet n mng 14.1.0.0/24. Chng ta dng Extended access list cu hnh. VSIC1#conf t VSIC1(config)#access-list 101 deny tcp any 14.1.0.0 0.0.0.255 eq telnet VSIC1(config)#access-list 101 permit ip any any VSIC1(config)#dialer-list 1 protocol ip list 1 i vi router VSIC2, cu hnh cc traffic ca mng 13.1.0.0/24 v 14.1.0.0/24 l interesting traffic. Chng ta dng Standard access list cu hnh. VSIC2#conf t VSIC2(config)#access-list 1 permit 13.1.0.0 0.0.0.255 VSIC2(config)#access-list 1 permit 14.1.0.0 0.0.0.255 VSIC2(config)#dialer-list 1 protocol ip list 1 Bc 5 : Cu hnh interface dialer cho router

VSIC Education Corporation

Trang 181

CCNA

Ti liu dnh cho hc vin

Trong bi chng ta s dng PPP thay cho HDLC v PPP c tnh bo mt cao. Mc nh ca router Cisco s dng HDLC. VSIC1(config)#username VSIC2 password cisco VSIC1(config-if)#in bri0 VSIC1(config-if)#encapsulation ppp VSIC1(config-if)#ppp authentication chap VSIC1(config-if)#dialer pool-member 1 Cu hnh interface BRI0 thuc dialer pool 1 VSIC1(config-if)#no shut VSIC1(config-if)#exit VSIC1(config)#in dialer 1 VSIC1(config-if)# ip address 192.168.0.1 255.255.255.0 VSIC1(config-if)#encapsulation ppp VSIC1(config-if)#ppp authentication chap VSIC1(config-if)#dialer remote-name VSIC2 Cu hnh tn router kt ni Cu hnh s gi cho router VSIC1(config-if)#dialer string 11 VSIC1(config-if)#dialer pool 1 Cu hnh interface dialer 1 thuc pool 1 VSIC1(config-if)#dialer idle-timeout 180 Router s ngt kt ni nu nh khng c traffic no truyn trong khong thi gian cu hnh S dng dialer list 1 cho interface ny VSIC1(config-if)#dialer-group 1 VSIC1(config-if)#no shut VSIC1(config-if)#exit Cu hnh tng t cho router VSIC2 VSIC2(config)#username VSIC1 password cisco VSIC2(config-if)#in bri0 VSIC2(config-if)#encapsulation ppp VSIC2(config-if)#ppp authentication chap VSIC2(config-if)#dialer pool-member 1 VSIC2(config-if)#no shut VSIC2(config-if)#exit VSIC2(config)#in dialer 0 VSIC2(config-if)# ip address 192.168.0.2 255.255.255.0 VSIC2(config-if)#encapsulation ppp VSIC2(config-if)#ppp authentication chap VSIC2(config-if)#dialer remote-name VSIC1 VSIC2(config-if)#dialer string 21 VSIC2(config-if)#dialer pool 1 VSIC2(config-if)#dialer idle-timeout 180 VSIC2(config-if)#dialer-group 1 VSIC2(config-if)#no shut VSIC2(config-if)#exit 6. Kim tra kt qu : Kim tra trng thi kt ni ca interface BRI0 VSIC1#sh isdn status

VSIC Education Corporation

Trang 182

CCNA

Ti liu dnh cho hc vin

Global ISDN Switchtype = basic-net3 ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-net3 Layer 1 Status: ACTIVE Layer 2 Status: TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status: 1 Active Layer 3 Call(s) CCB:callid=8004, sapi=0, ces=1, B-chan=1, calltype=DATA Active dsl 0 CCBs = 1 The Free Channel Mask: 0x80000002 Number of L2 Discards = 0, L2 Session ID = 0 Total Allocated ISDN CCBs = 1 Nu cu hnh ng th trng thi ca Layer 1 l ACTIVE v Layer 2 l MULTIPLE_FRAME_ESTABLISHED. Kim tra cc interesting traffic. ng router VSIC2, chng ta ping t interface loopback 1 (14.1.0.1) n interface loopback 2 (12.1.0.1) ca router VSIC1 VSIC2#ping Protocol [ip]: Target IP address: 12.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 14.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.0.1, timeout is 2 seconds: 00:30:15: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:30:15: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0.!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 32/35/36 ms 00:30:16: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 00:30:21: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 21 VSIC1 Nhn xt : ping thnh cng v router VSIC2 thc hin kt ni vi router VSIC1 s dng interface dialer 0

VSIC Education Corporation

Trang 183

CCNA

Ti liu dnh cho hc vin

Chng ta dng cu lnh show isdn active xem nhng thng tin v cuc kt ni hin hnh VSIC2#sh isdn active ISDN ACTIVE Call Calling Called Type Number Number Out 21

Remote Name VSIC1

Seconds Used 14

Seconds Left 167

Seconds Idle 12

Charges Units/currency 0

Cn 167 giy na th router s ngt kt ni nu nh khng c interesting traffic no gi qua ng kt ni. Chng ta ch khong 180 giy na kim tra vic router ngt kt ni t ng (Lu : khng ping bt c mng no!) Sau 180 giy chng ta s c kt qu nh sau : VSIC2# 00:33:16: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0 00:33:16: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 21 VSIC1, call lasted 181 seconds 00:33:17: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down 00:33:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down Router ngt t ng ngt kt ni khi khng c interesting traffic no c gi qua ng truyn. Lm li cc bc trn kim tra cc interesting traffic cn li ca router VSIC2. VSIC2#ping Protocol [ip]: Target IP address: 10.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 13.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.0.1, timeout is 2 seconds: 00:30:15: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:30:15: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0.!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 32/35/36 ms 00:30:16: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 00:30:21: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 21 VSIC1 v sau 180 giy, ta c : VSIC Education Corporation Trang 184

CCNA

Ti liu dnh cho hc vin

VSIC2# 00:33:16: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0 00:33:16: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 21 VSIC1, call lasted 181 seconds 00:33:17: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down 00:33:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down Khi ta thc hin ping mt mng no ca router VSIC1 t interface loopback 2 (15.1.0.1) th router s khng kt ni. Do cc gi tin t mng 15.1.0.0/24 khng phi l interesting traffic. VSIC2#ping Protocol [ip]: Target IP address: 11.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 15.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) VSIC2#sh isdn active ISDN ACTIVE Call Calling Called Type Number Number

Remote Name

Seconds Used

Seconds Left

Seconds Idle

Charges Units/currency

By gi chng ta se kim tra interesting traffic ca router VSIC1. ng router VSIC1, chng ta ping n 14.1.0.1 t mt interface loopback bt k. VSIC1#ping Protocol [ip]: Target IP address: 14.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: VSIC Education Corporation Trang 185

CCNA

Ti liu dnh cho hc vin

Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds: 00:38:30: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:38:30: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1.!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 32/34/36 ms VSIC1# 00:38:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up VSIC1# 00:38:36: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 11 VSIC2 Nhn xt : router thc hin kt ni vi router VSIC2, v gi tin c truyn i. Ch sau 180 giy router t ng ngt kt ni. Sau chng ta thc hin telnet n 14.1.0.1. VSIC1#telnet 14.1.0.1 Trying 14.1.0.1 ... % Connection timed out; remote host not responding Nhn xt : chng ta khng th telnet c. Nguyn nhn l do chng ta cm telnet n mng 14.1.0.0 t bt k mt mng no(access-list 101 deny tcp any 14.1.0.0 0.0.0.255 eq telnet). Do , traffic telnet n 14.1.0.1 khng phi l interesting traffic nn router khng thc hin kt ni. Chng ta telnet n 13.1.0.1 : VSIC1#telnet 13.1.0.1 Trying 13.1.0.1 ... 00:42:30: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:42:30: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1 open 00:42:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 00:42:36: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 11 VSIC2 User Access Verification Password: cisco Chng ta nhp password l cisco telnet vo VSIC2 VSIC2> Nhn xt : router thc hin kt ni. Do chng ta telnet vo mng 13.1.0.0/24 ch khng phi mng 14.1.0.0. y l mt interesting traffic. 7. Nguyn nhn khng nn dng cc giao thc nh tuyn ng trong cu hnh ISDN DDR thy c nguyn nhn chng ta s cu hnh giao thc RIP trn c 2 router thay cho static route.

VSIC Education Corporation

Trang 186

CCNA

Ti liu dnh cho hc vin

Chng ta xa NVRAM, reload c hai route trc khi cu hnh li cc router nh sau : VSIC1#sh run Building configuration... Current configuration : 1205 bytes version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption hostname VSIC1 enable password cisco username VSIC2 password cisco isdn switch-type basic-net3 interface Loopback0 ip address 10.1.0.1 255.255.255.0 interface Loopback1 ip address 11.1.0.1 255.255.255.0 interface Loopback2 ip address 12.1.0.1 255.255.255.0 interface BRI0 no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 isdn spid1 21 21 ppp authentication chap interface Dialer1 ip address 192.168.0.1 255.255.255.0 encapsulation ppp dialer pool 1 dialer remote-name VSIC2 dialer idle-timeout 180 dialer string 11 dialer-group 1 ppp authentication chap VSIC Education Corporation Trang 187

CCNA

Ti liu dnh cho hc vin

access-list 1 permit any dialer-list 1 protocol ip list 1 router rip network 10.0.0.0 network 11.0.0.0 network 12.0.0.0 network 192.168.0.0 line con 0 line aux 0 line vty 0 4 password cisco login end VSIC2#sh run Building configuration... Current configuration : 1150 bytes version 12.1 hostname VSIC2 enable password cisco username VSIC1 password cisco isdn switch-type basic-net3 interface Loopback0 ip address 13.1.0.1 255.255.255.0 interface Loopback1 ip address 14.1.0.1 255.255.255.0 interface Loopback2 ip address 15.1.0.1 255.255.255.0 interface BRI0 no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 isdn spid1 11 11 ppp authentication chap interface Dialer0 ip address 192.168.0.2 255.255.255.0 encapsulation ppp dialer pool 1 dialer remote-name VSIC1 dialer idle-timeout 180 dialer string 21 dialer-group 1 ppp authentication chap

VSIC Education Corporation

Trang 188

CCNA

Ti liu dnh cho hc vin

access-list 1 permit any dialer-list 1 protocol ip list 1 router rip network 13.0.0.0 network 14.0.0.0 network 15.0.0.0 network 192.168.0.0 line con 0 line aux 0 line vty 0 4 password cisco login end S dng cu lnh show ip route kim tra li bng nh tuyn ca cc router : VSIC2#sh ip Gateway of last resort is not set R 10.0.0.0/8 [120/1] via 192.168.0.1, 00:00:03, Dialer0 R 11.0.0.0/8 [120/1] via 192.168.0.1, 00:00:03, Dialer0 192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.0.0/24 is directly connected, Dialer0 C 192.168.0.1/32 is directly connected, Dialer0 R 12.0.0.0/8 [120/1] via 192.168.0.1, 00:00:03, Dialer0 13.0.0.0/24 is subnetted, 1 subnets C 13.1.0.0 is directly connected, Loopback0 14.0.0.0/24 is subnetted, 1 subnets C 14.1.0.0 is directly connected, Loopback1 15.0.0.0/24 is subnetted, 1 subnets C 15.1.0.0 is directly connected, Loopback2 Kim tra li kt ni hin hnh bng lnh show isdn active (lc ny hai router kt ni vi nhau, do ta cu hnh tt c cc gi tin u l interesting traffic : access-list 1 permit any nn khi RIP gi cc gi routing update th router t ng kt ni). VSIC1#sh isdn active ISDN ACTIVE Call Calling Called Remote Seconds Seconds Seconds Charges Type Number Number Name Used Left Idle Units/currency Out 11 VSIC2 350 27 0 152 C sau khong 30 giy chng ta lp li cu lnh show isdn active kim tra thi gian cn li router ngt kt ni (Lu : khng truyn bt k mt traffic no qua li gia hai router ta c c kt qu chnh xc) VSIC1#sh isdn active ISDN ACTIVE Call Calling Called Remote VSIC Education Corporation

Seconds Seconds Seconds Charges Trang 189

CCNA

Ti liu dnh cho hc vin

Type Out

Number Number Name 11 VSIC2

Used 359

Left 171

Idle 8

Units/currency 0

VSIC1#sh isdn active ISDN ACTIVE Call Calling Called Remote Type Number Number Name Out 11 VSIC2 VSIC1#sh isdn active ISDN ACTIVE Call Calling Called Remote Type Number Number Name Out 11 VSIC2

Seconds Seconds Seconds Charges Used Left Idle Units/currency 375 25 0 154

Seconds Seconds Seconds Charges Used Left Idle Units/currency 377 0 0 179

Nhn xt : thi gian cn li router t ng ngt kt ni (idle-timeout) khng bao gi xung c 0. Do giao thc RIP c 30 giy gi update mt ln. Tng t cho cc giao thc nh tuyn ng khc. Trong trng hp thi gian idle-timeout nh hn 30 giy th router s ng ngt kt ni lin tc. V vy chng ta khng nn s dng nh tuyn ng trong cu hnh ISDN DDR. S dng static route s cho hiu qu cao hn.

VSIC Education Corporation

Trang 190

CCNA

Ti liu dnh cho hc vin

BI 29: CU HNH FRAME RELAY CN BN


1. Gii thiu : Frame Relay l k thut m rng ca k thut ISDN. Frame relay s dng k thut chuyn mch gi thit lp mt mng WAN. Frame Relay to ra nhng ng kt ni o ni cc mng LAN li vi nhau to thnh mt mng WAN. Mng Frame Relay s dng cc switch kt ni cc mng li vi nhau. K thut Frame Relay c s dng rng ri ngy nay, do c gi thnh r hn rt nhiu so vi leased line. Frame Relay hot ng lp Data link trong OSI v s dng giao thc LAPF (Link Access Procedure for Frame Relay). Frame Relay s dng cc frame chuyn d liu qua li gia cc thit b u cui ca user (DTE) thng qua cc thit b DCE ca mng Frame Relay. ng kt ni gia hai DTE thng qua mng Frame Relay c gi l mt mch o (VC : Virtual Circuit). Cc VC c thit lp bng cch gi cc thng ip bo hiu (signaling message) n mng; c gi l switched virtual circuits (SVCs). Nhng ngy nay, ngi ta thng s dng permanent virtual circuits (PVCs) to kt ni. PVC l cc ng kt ni c cu hnh trc bi cc Frame Relay Switch v cc thng tin chuyn mch ca gi c lu trong switch. Trong Frame Relay, nu mt frame b li th s b hy ngay m khng c mt thng bo no. Cc router ni vi mng Frame Relay c th c nhiu ng kt ni o n nhiu mng khc nhau. Do , Frame Relay gip chng ta tit kim rt nhiu v khng cn cc mng phi lin kt trc tip vi nhau. Cc ng kt ni o (VC) c cc DLCI (Data Link Channel Identifier) ca ring n. DLCI c cha trong cc frame khi n c chuyn i trong mng Frame Relay. Trong Frame Relay, ngi ta thng s dng mng hnh sao kt ni cc mng LAN vi nhau hnh thnh mt mng WAN (c gi l hub and spoke topology)

trong hnh ny, mng trung tm c gi l hub, cc mng remote1, remote2, remote3, remote4 v remote5 c gi l spoke. Mi spoke ni vi hub bng mt ng kt ni o (VC). Trong hnh trn nu ta mun cc spoke c th lin lc c vi nhau th ch cn to VSIC Education Corporation Trang 191

CCNA

Ti liu dnh cho hc vin

ra cc VC gia cc spoke vi nhau. hnh ny gip ta to ra mt mng WAN c gi thnh r hn rt nhiu so vi s dng leased line, do cc mng ch cn mt ng ni vi mng Frame Relay. Frame Relay s dng split horizon chng lp. Split horizon khng cho php routing update tr ngc v interface gi. V trong frame relay, chng ta c th to nhiu ng PVC trn mt interface vt l, do s b lp nu khng c split horizon. Trong mng WAN s dng leased line, cc DTE c ni trc tip vi nhau nhng trong mng s dng Frame Relay, cc DTE c ni vi nhau thng qua mt mng Frame Relay gm nhiu Switch. Do chng ta phi map a ch lp mng Frame Relay vi a ch IP ca DTE u xa. Chng ta c th map bng cch s dng cc cu lnh. Nhng vic ny c th c thc hin t ng bng LMI v Inverse ARP. LMI (Local Management Interface) c trao i gia DTE v DCE (Frame Relay switch), c dng kim tra hot ng v thng bo tnh trng ca VC, iu khin lung, v cung cp s DLCI cho DTE. LMI c nhiu loi l : cisco (chun ring ca Cisco), ansi (theo chun ANSI Annex D) v q933a (theo chun ITU q933 Annex A). Khi router mi c ni vi mng Frame Relay, router s gi LMI n mng hi tnh trng. Sau mng s gi li router mt thng ip LMI vi cc thng s ca ng VC c cu hnh. Khi router mun map mt VC vi a ch lp mng, router s gi thng ip Inverse ARP bao gm a ch lp mng (IP) ca router trn ng VC n vi DTE u xa. DTE u xa s gi li mt Inverse ARP bao gm a ch lp mng ca n, t router map a ch ny vi s DLCI ca VC. 2. Cc cu lnh s dng trong bi lab : encapsulation framerelay [cisco | ietf] Cu hnh giao thc ng gi Frame Relay cho interface. Router h tr hai loi ng gi Frame Relay l Cisco v ietf. framerelay intftype [dce | dte | nni] Cu hnh cho loi Frame Relay switch cho interface. S dng cho router ng vai tr l mt frame relay switch. framerelay lmitype {ansi | cisco | q933a} Cu hnh loi LMI s dng cho router framerelay route indlci outinterface outdlci To PVC gia cc interface trn router ng vai tr l mt frame relay switch framerelay switching Cu hnh cho router hot ng nh mt frame relay switch show framerelay pvc [type number [dlci]] Xem thng s ca cc ng PVC c cu hnh trm router show framerelay route Xem tnh trng cng nh thng s c cu hnh cho cc ng PVC. Cu lnh ny c s dng cho router ng vai tr l frame relay switch show framerelay map Xem cc thng s v map gia DLCI u gn vi IP u xa show framerelay lmi [type number] Xem cc thng s ca LMI gia router vi Frame relay switch.

VSIC Education Corporation

Trang 192

CCNA

Ti liu dnh cho hc vin

3. M t bi lab v hnh :

hnh bi lab nh hnh trn. Router FrameSwitch c cu hnh l mt frame relay switch. Hai u cp serial ni vi router FrameSwitch l DCE. Router VSIC1 v VSIC2 s dng giao thc RIP. 4. Cu hnh router : Chng ta cu hnh cho cc interface ca router VSIC1 v VSIC2 nh sau : VSIC1#sh run Building configuration... Current configuration : 599 bytes version 12.1 hostname VSIC1 interface Loopback0 ip address 10.1.0.1 255.255.255.0 interface Serial0 ip address 192.168.1.1 255.255.255.0 router rip network 10.0.0.0 network 192.168.1.0 end VSIC2#sh run Building configuration... Current configuration : 601 bytes version 12.1 hostname VSIC2 interface Loopback0 ip address 11.1.0.1 255.255.255.0 interface Serial0 ip address 192.168.1.2 255.255.255.0 router rip VSIC Education Corporation Trang 193

CCNA

Ti liu dnh cho hc vin

network 11.0.0.0 network 192.168.1.0 end Chng ta tin hnh cu hnh frame realy cho hai router VSIC1 v VSIC2 VSIC1(config)#in s0 VSIC1(config-if)#encapsulation frame-relay S dng giao thc ng gi Frame Relay cho interface S0 VSIC1(config-if)#frame-relay lmi-type ansi Cu hnh kiu ca LMI l ANSI VSIC2(config)#in s0 VSIC2(config-if)#encapsulation frame-relay VSIC2(config-if)#frame-relay lmi-type ansi Sau khi cu hnh frame relay cho router VSIC1 v VSIC2, chng ta s cu hnh cho router FrameSwitch tr thnh mt frame relay switch nh sau : FrameSwitch(config)#frame-relay switching Cu hnh cho router tr thnh mt Frame Relay Switch FrameSwitch(config)#in s0 FrameSwitch(config-if)#encapsulation frame-relay FrameSwitch(config-if)#frame-relay lmi-type ansi FrameSwitch(config-if)#frame-relay intf-type dce Cu hnh interface serial 0 l Frame Relay DCE FrameSwitch(config-if)#clock rate 64000 Cung cp xung clock 64000 bps cho DTE FrameSwitch(config-if)#frame-relay route 102 interface s1 201 FrameSwitch(config-if)#no shut FrameSwitch(config)#in s1 FrameSwitch(config-if)#encapsulation frame-relay FrameSwitch(config-if)#frame-relay lmi-type ansi FrameSwitch(config-if)#frame-relay intf-type dce FrameSwitch(config-if)#clock rate 64000 FrameSwitch(config-if)#frame-relay route 201 interface s0 102 FrameSwitch(config-if)#no shut Cu lnh frame-relay route 102 interface s1 201 c ngha : bt k mt frame relay traffic no c DLCI l 102 n interface serial 0 ca router s c gi ra interface serial 1 vi DLCI l 201. Tng t cho cu lnh frame-relay route 201 interface s0 102 : bt k frame relay traffic no c DCLI l 201 n interface serial 1 s c gi ra serial 0 vi DLCI l 102. Hai cu lnh trn c s dng to ra mt PVC gia S0 v S1. kim tra xem router FrameSwitch c hot ng nh mt frame relay switch hay cha chng ta s dng cu lnh show frame-relay pvc FrameSwitch#sh frame-relay pvc PVC Statistics for interface Serial0 (Frame Relay DCE) Active Inactive Deleted Static Local 0 0 0 0 Switched 1 0 0 0 Unused 0 0 0 0 VSIC Education Corporation Trang 194

CCNA

Ti liu dnh cho hc vin

DLCI = 102, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 3 output pkts 3 in bytes 186 out bytes 166 dropped pkts 1 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 3 pvc create time 00:01:04, last time pvc status changed 00:00:40 PVC Statistics for interface Serial1 (Frame Relay DCE) Local Switched Unused Active 0 1 0 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0

DLCI = 201, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial1 input pkts 4 output pkts 3 in bytes 200 out bytes 186 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 3 pvc create time 00:00:45, last time pvc status changed 00:00:43 DLCI USAGE ch cho ta bit hai interface S0, S1 hot ng ch frame relay switch v ACTIVE. ng thi thng bo ca cu lnh cn cho ta bit c s gi c chuyn mch qua interface (Num Pkts Switched 3). Nh vy, t kt qu trn ta bit c rng router FrameSwitch ang hot ng nh mt Frame Relay Switch. Chng ta s kim tra tnh trng ca LMI gia router FrameSwitch v hai router VSIC1, VSIC2 bng cu lnh show frame lmi FrameSwitch#show frame lmi LMI Statistics for interface Serial0 (Frame Relay DCE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Rcvd 20 Num Status msgs Sent 20 Num Update Status Sent 0 Num St Enq. Timeouts 0 LMI Statistics for interface Serial1 (Frame Relay DCE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0

VSIC Education Corporation

Trang 195

CCNA

Ti liu dnh cho hc vin

Invalid Status Message 0 Invalid Information ID 0 Invalid Report Request 0 Num Status Enq. Rcvd 16 Num Update Status Sent 0

Invalid Lock Shift 0 Invalid Report IE Len 0 Invalid Keep IE Len 0 Num Status msgs Sent 16 Num St Enq. Timeouts 0

Cu lnh cho ta bit c thng tin ca tt c cc interface ca router hot ng ch Frame relay. ( y l interface S0 v S1) By gi chng ta s kim tra cc frame relay route trn router Frameswitch bng cu lnh show frame route FrameSwitch#sh frame-relay route Input Intf Input Dlci Output Intf Output Dlci Status Serial0 102 Serial1 201 active Serial1 201 Serial0 102 active Kt qu cu lnh cho chng ta bit rng traffic n interface serial 0 vi DLCI 102s c chuyn mch qua serial 1 vi DLCI 201; ngc li, traffic n serial 1 vi DLCI 201 s c chuyn mch qua serial 0 vi DLCI 102. ng thi cu lnh cng ch ra l c hai DLCI u hot ng. Chuyn sang router VSIC1, chng ta s kim tra xem DLCI 102 trn interface serial 0 c hot ng hay cha bng cch : VSIC1#sh frame-relay pvc PVC Statistics for interface Serial0 (Frame Relay DTE) Active Inactive Deleted Local 1 0 0 Switched 0 0 0 Unused 0 0 0 Static 0 0 0

DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 8 output pkts 7 in bytes 646 out bytes 570 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 7 out bcast bytes 570 pvc create time 00:02:58, last time pvc status changed 00:02:38 Nhn xt : Interface serial 0 ca router VSIC1 hot ng nh mt frame relay DTE, v DLCI 102 hot ng. Mc nh Cisco s dng Inverse ARP map a ch IP u xa ca PVC vi DLCI ca interface u gn. Do chng ta khng cn phi thc hin thm bc ny. kim tra vic ny chng ta s dng cu lnh show frame-relay map VSIC1#sh frame-relay map Serial0 (up): ip 192.168.1.2 dlci 102(0xC9,0x3090), dynamic, broadcast, status defined, active

VSIC Education Corporation

Trang 196

CCNA

Ti liu dnh cho hc vin

Kt qu cu lnh cho ta bit, DLCI 102 hot ng trn interface serial 0 v c map vi a ch IP 102.168.1.2 ca interface serial 0 VSIC2, v vic map ny l t ng. Lp li cc bc tng t kim tra cho router VSIC2 VSIC2#sh frame-relay pvc PVC Statistics for interface Serial0 (Frame Relay DTE) Active Inactive Deleted Static Local 1 0 0 0 Switched 0 0 0 0 Unused 0 0 0 0 DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 10 output pkts 11 in bytes 858 out bytes 934 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 11 out bcast bytes 934 pvc create time 00:04:05, last time pvc status changed 00:04:05 VSIC2#sh frame-relay map Serial0 (up): ip 192.168.1.1 dlci 201(0xC9,0x3090), dynamic, broadcast,, status defined, active Nhn xt : DLCI 201 hot ng trn interface serial 0 ca VSIC2 v c map vi a ch IP 192.168.1.1 By gi chng ta s kim tra cc mng c th lin lc c vi nhau cha bng cch ln lt ng hai router v ping n cc interface loopback ca router u xa. VSIC1#ping 11.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms VSIC2#ping 10.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/64 ms Nh vy, cc mng c th lin lc c vi nhau. V router FrameSwitch thc hin tt chc nng frame relay switch. 5. T thc hnh bng Dynagen: Chy file lab29frcb.net thc hnh vi s sau:

VSIC Education Corporation

Trang 197

CCNA

Ti liu dnh cho hc vin

Ngoi vic thc hnh ging nh bi lab trn,hc vin s dng thm cc routing protocol khc nm r hn cc routing hot ng trn mi trng mng Frame Relay.

VSIC Education Corporation

Trang 198

CCNA

Ti liu dnh cho hc vin

BI 30:CU HNH FRAME RELAY SUBINTERFACE


1. Gii thiu : Fame relay hu nh rt ph bin trong cng ngh WAN .Frame Relay cung cp nhiu hn cc c tnh v cc li nhun vic kt ni point to- point WAN . Trong mi trng Frame Relay hot ng m bo vic kt ni lm vic th 2 u thit b bn ngoi Frane Relay phi l data terminal equepment (DTE) v mi trng Frame relay switch bn trong phi l data communication equepmet(DCE) .Suninterface hot ng ging nh lease lines mi point-to-point suninterface i hi phi c cc subnet ring bit.Trong bi thc hnh ta s dng m hnh Hub v Spoke. Trong Router VSIC l HUB v cc Spoke l router VSIC v VSIC2. 2. M t bi lab v hnh :

3. Cu hnh : a) Cu hnh cho router FR-SWITCHING Building configuration... Current configuration : 1044 bytes ! version 12.1 hostname switch ! frame-relay switching ! interface Serial0 no ip address

VSIC Education Corporation

Trang 199

CCNA

Ti liu dnh cho hc vin

encapsulation frame-relay no fair-queue clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 52 interface Serial1 51 frame-relay route 53 interface Serial2 51 ! interface Serial1 no ip address encapsulation frame-relay clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 51 interface Serial0 52 ! interface Serial2 no ip address encapsulation frame-relay clockrate 64000 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 51 interface Serial0 53 ! interface Serial3 no ip address shutdown ! interface BRI0 no ip address shutdown ! ip classless ip http server line con 0 line aux 0 line vty 0 4 ! end b) Cu hnh cho router Vsic3 : Current configuration : 685 bytes ! version 12.1 hostname Vsic3 ! interface Loopback0 ip address 192.168.3.1 255.255.255.0 VSIC Education Corporation

dng kiu frame relay ansi thc hin route cho cc PVC

Trang 200

CCNA

Ti liu dnh cho hc vin

! interface Serial0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0.301 point-to-point ip address 192.168.5.2 255.255.255.0 frame-relay interface-dlci 51 ! router igrp 100 network 192.168.3.0 network 192.168.5.0 ! end c) Cu hnh cho router VSIC: Building configuration... Current configuration : 874 bytes version 12.1 hostname VSIC interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! interface Serial0 no ip address encapsulation frame-relay no fair-queue frame-relay lmi-type ansi ! interface Serial0.102 point-to-point ip address 192.168.4.1 255.255.255.0 frame-relay interface-dlci 52 ! interface Serial0.103 point-to-point ip address 192.168.5.1 255.255.255.0 frame-relay interface-dlci 53 ! router igrp 100 network 192.168.1.0 network 192.168.4.0 network 192.168.5.0 d) Xy dng cu hnh cho router Vsic2 Building configuration... Current configuration : 686 bytes ! version 12.1

VSIC Education Corporation

Trang 201

CCNA

Ti liu dnh cho hc vin

hostname Vsic2 ! interface Loopback0 ip address 192.168.2.1 255.255.255.0 ! interface Serial0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0.201 point-to-point ip address 192.168.4.2 255.255.255.0 frame-relay interface-dlci 51 router igrp 100 network 192.168.2.0 network 192.168.4.0 end Chng kim tra route map ca cc router bng cu lnh sau : VSIC#sh frame-relay map Serial0.103 (up): point-to-point dlci, dlci 53(0x35,0xC50), broadcast status defined, active Serial0.102 (up): point-to-point dlci, dlci 52(0x34,0xC40), broadcast status defined, active Nh vy 4 S dng cu lnh show frame-relay pvc kim tra cc ng PVC Vsic2#sh frame-relay pvc PVC Statistics for interface Serial0 (Frame Relay DTE) DLCI = 51, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0.52 input pkts 8 output pkts 14 in bytes 1448 out bytes 2572 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 14 out bcast bytes 2572 pvc create time 00:17:21, last time pvc status changed 00:04:16 Chng ta s dng cu lnh sau xem thng tin v LMI VSIC#sh frame-relay lmi LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0

VSIC Education Corporation

Trang 202

CCNA

Ti liu dnh cho hc vin

Num Status Enq. Sent 74 Num Update Status Rcvd 0

Num Status msgs Rcvd 37 Num Status Timeouts 37

switch#show frame-relay pvc PVC Statistics for interface Serial0 (Frame Relay DCE) DLCI = 52, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 16 output pkts 17 in bytes 1590 out bytes 1621 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 16 pvc create time 00:06:22, last time pvc status changed 00:07:02 DLCI = 53, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts17 output pkts 16 in bytes 1620 out bytes 1590 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 17 pvc create time 00:06:13, last time pvc status changed 00:09:19 PVC Statistics for interface Serial1 (Frame Relay DCE) DLCI = 51, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial1 i vi lnh show frame pvc ta cn ch cc ch sau ca PVC status : ACTIVE : C 2 u ca Frame relay PVC trng thi hot ng INACTIVE : u Frame relay ca u bn kia ca router ang c vn v cu hnh, nhng ti u Frame Relay hin ti router hot ng tt. DELETED : Vn xy ra vi Router hin ti. LMI cha hot ng.

By gi chng ta s kim tra trng thi ca cc cng: Vsic2#sh ip int brief Interface ocol Loopback0 Serial0 Serial0.201 Serial1 IP-Address 192.168.2.1 unassigned 192.168.4.2 unassigned OK? Method Status YES manual up YES unset up YES manual up Prot up up up

YES unset administratively down down

VSIC Education Corporation

Trang 203

CCNA

Ti liu dnh cho hc vin

TokenRing0 Vsic2#sh frame-relay map

unassigned

YES unset administratively down down

Serial0.201 (up): point-to-point dlci, dlci 51(0x33,0xC30), broadcast status defined, active Chng ta kim tra li bng nh tuyn ca cc router: Vsic2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - IGRP, EX - IGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.4.0/24 is directly connected, Serial0.201 I 192.168.5.0/24 [100/10476] via 192.168.4.1, 00:00:25, Serial0.201 I 192.168.1.0/24 [100/8976] via 192.168.4.1, 00:00:25, Serial0.201 C 192.168.2.0/24 is directly connected, Loopback0 I 192.168.3.0/24 [100/10976] via 192.168.4.1, 00:00:25, Serial0.201 Vsic2#ping 192.168.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/118/128 ms Vsic2#ping 192.168.4.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/80 ms Vsic3#ping 192.168.5.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms Vsic2#ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/120 ms

VSIC Education Corporation

Trang 204

CCNA

Ti liu dnh cho hc vin

Nh vy ta hon thnh vic nh tuyn trn mng Frame Relay. 4. T thc hnh bng Dynagen: S sau khi chy file lab30Frnc.net :

Ta cu hnh cc router Frame Relay SW, VSIC, VSIC2, VSIC3 ging nh trn. Tuy nhin nh hc vin nn s dng nhng giao thc khc nh EIGRP hay OSPF,RIP. V cn phi test nh tuyn c hay cha.

VSIC Education Corporation

Trang 205