Bai Giang CNTB Mang DH HCDH CD ks2 6231

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------
CHNG 1: GII THIU V MNG DIN RNG 1.1. Gii thiu v WAN WAN (Wide Area Network) l mng c thit lp lin kt cc my tnh ca hai hay nhiu khu vc khc nhau cch xa v mt a l. Cc WAN kt ni cc mng ngi s dng qua mt phm vi a l rng ln, nn chng m ra kh nng cung ng hot ng thng tin c ly xa cho doanh nghip. S dng WAN cho php cc my tnh, my in v cc thit b khc trn mt LAN chia s v c chia s vi cc v tr xa. WAN cung cp truyn thng tc thi qua cc min a l rng ln. Kh nng truyn mt thng ip n mt ai bt c ni u trn th gii to ra mt kh nng truyn thng tng t nh dng truyn thng gia hai ngi ti mt v tr a l. Phn mm chc nng cung cp truy xut thng tin v ti nguyn thi gian thc cho php hi hp c t chc t xa. Thit lp mng din rng to ra mt lp nhn cng mi c gi l telecommuter, l nhng ngi lm vic m chng bao gi ri khi nh. Cc WAN c thit k lm cc cng vic sau: Hot ng qua cc vng tch bit v mt a l. Cho php cc ngi s dng c kh nng thng tin thi gian thc vi ngi s dng khc. Cung cp cc kt ni lin tc cc ti nguyn xa vo cc dch v cc b. Cung cp Email, www, FTP v cc dch v thng mi in t. Cc cng ngh WAN ph bin bao gm: Modem ISDL DSL Frame Relay Cc ng truyn dn s theo chuNn Bc M v chu u T1, E1, T3, E3 Mng quang ng b SON ET. Cc thit b WAN bao gm:
Hnh 1.1. Cc thit b kt ni trong WAN 1.2. Cc thit b kt ni WAN 1.2.1. Lp vt l ca WAN Cc thc hin thc t lp vt l thay i ty vo khong cch thit b n dch v, tc v chnh bn than dch v. Cc kt ni ni tip c dng h tr cc dch v WAN nh cc ng dy thu ring chy PPP hay Frame Relay. Tc ca cc kt ni ny trong di t 2400 bps n T1 tc 1,544 Mbps v E1 tc 2,048 Mbps. ISDN cung cp dch v quay s theo yu cu. Mt dch v giao tip tc c bn (BRI) c cu thnh t hai knh truyn dn 64 kbps (knh B)cho s liu v mt knh delta tc 16kbps (knh D) c dng cho bo hiu v cc tc v qun l lin kt khc. PPP thng c dng truyn dn s liu qua knh D. Vi s ra tng nhu cu v dch v tc cao, bng thng rng trong khu vc dn c, cc kt ni DSL v modem cp ang c ph dng hn. 1.2.2. Cc kt ni WAN ni tip Trong truyn thng ng di, cc WAN dng dng ng dn ni tip. y l qu trnh truyn bit s liu ni tip nhau qua mt knh n. Tin trnh ny cung ng truyn thng ng di tin cy hn v dng di tn s nh sng hay in t c bit. Cc tn s c o theo s chu k trong mt giy v c biu din theo Hz. Kch thc ca di tn c xem nh l bng thng v c o theo s bit c truyn trong mt giy. i vi mt Cisco router, kt ni vt l pha khch hng c cung cp bi mt hay hai loi kt ni ni tip. N u kt ni c ni trc tip vi nh cung cp dch v hay mt thit b cung cp tn hiu nh thi nh CSU/DSU (Channel Service Unit/Data Service Unit), th router s l mt thit b u cui
(DTE) v dng cp DTE. Tuy nhin, c mt s trng hp m router cc b c yu cu cung cp tn hiu nh thi v do s dng cp DCE.
Hnh 1.2. Cc kt ni WAN ni tip 1.2.3. Router v cc kt ni ni tip Cc router chu trch nhim nh tuyn cc gi d liu t ngun n ch trong mt LAN v cung cp kt ni n WAN . Trong mi trng LAN router cha broadcast, cung cp dch v phn di a ch cc b nh ARP, RARP v c th chia mng bng cch dng cu trc mng con. cung ng cc dch v ny router phi c kt ni LAN v WAN .
Hnh 1.3.1. Kt ni ni tip ca DTE v DCE N hm xc nh loi cp, cn phi xc nh cc u ni l DTE hay DCE. DTE l im ca thit b ngi s dng trn mt lin kt WAN . DCE l mt im thng thng chu trch nhim chuyn giao s liu n nh cung cp dch v. Khi ni cp loi ni tip cho router, router s c cc port c nh hay gn linh ng (modular port). Cc giao tip trn router l c nh c nh nhn theo loi port v ch s port. 3
Hnh 1.3.2 Cc giao tip c nh Cc giao tip trn router l linh ng c ghi nhn theo loi port, khe (slot) v ch s port. Khe l v tr ca module. cu hnh mt port trn mt card ri, cn phi ch ra giao tip bng cch dng c php port type slot number/port number. Dng nhn serial 0/1 khi giao tip l ni tip, ch s khe ni module c gn vo l 1 v port ang c tham chiu n l 0.
Hnh 1.3.3. Cc giao tip serial port dng module 1.2.4. Router v cc kt ni ISDN BRI Vi ISDN BRI, hai loi giao tip c th c dng l BRI/S v BRI/U. Xc nh ai ang cung cp thit b kt cui mng N T1 xc nh loi giao tip cn. N T1 l mt thit b trung gian nm gia router v tng i ISDN ca nh cung cp 4
dch v. kt ni port ISDN BRI n thit b ca nh cung cp dch v dng cp UTP Cat 5 straight-through. Lu , ch gn cp ni t ISDN BRI port vo mt ISDN jack hay mt tng i ISDN .
Hnh 1.3.4. Ni cp trn router cho mt cu ni ISDN
1.2.5. Router v cc kt ni DSL ni router vi dch v DSL, dng mt cp in thoi vi u ni RJ-11. DSL lm vic qua cc ng dy in thoi chuNn dng chn 3 v 4 trn u ni RJ-11.
Hnh 1.5. Kt ni router cho dch v DSL 1.2.6. Thc hin mt kt ni console 5
bt u cu hnh mt thit b ca Cisco, mt kt ni qun tr phi c thc hin trc tip n cc thit b qua cng console ca thit b. Cng cosonle cho php gim st v cu hnh mt Cisco hub, switch hay router. Cp c dng gia u cui v cng console l cp o (rollover cable). Kt ni cc thit b bng cp o t cng console n cng ni tip ca my tnh lm u cui (cng COM) sau cu hnh ng dng m phng u cui vi cc thng s ci t cho cng ni tip (COM) ca my tnh nh sau: Speed: 9600 bps Format: 8 data bit Parity: no Stop bits: 1 Flow control: no Cng AUX c dng cung cp s qun l thng qua modem. Cng AUX cng c cu hnh theo cch thc cng console.
Hnh 1.6. Thit lp mt kt ni qua cng console 1.3. Router trong WAN Router l mt loi my tnh c bit. N cng c cc thnh phn c bn ging nh my tnh: CPU, b nh, h thng Bus v cc cng giao tip. Tuy nhin router c thit k kt ni hai h thng mng v cho php hai h thng ny c th lin lc vi nhau, ngoi ra router cn thc hin vic chn ng i tt nht cho d liu. Cc thnh phn chnh bn trong router bao gm: b nh RAM, N VRAM, b nh flash, ROM v cc cng giao tip. c im v chc nng ca RAM: Lu bng nh tuyn Lu bng ARP C vng b nh chuyn mch nhanh 6
Cung cp b nh m cho cc gi d liu Duy tr hng i cho cc gi d liu Cung cp b nh tm thi cho tp tin cu hnh khi router ang hot ng Thng tin trn RAM s b xa khi router khi ng li hay mt in c im v chc nng ca NVRAM: Lu gi tp tin cu hnh khi ng ca router N i dung tp tin vn c lu gi khi khi ng li router c im v chc nng ca ROM: Lu gi cc cu lnh ca chng trnh t kim tra khi khi ng _POST ( Power-on Self Test) Lu chng trnh bootstrap v h iu hnh c bn nng cp phn mm trong ROM th phi thay chip trn mainboard c im v chc nng ca cng giao tip: Kt ni Router vo h thng mng nhn v chuyn gi d liu Cc cng c th c gn trc tip trn mainboard hay di dng card ri 1.4 c im vt l ca Router Cu trc ca cc router rt khc nhau ty vo tng phin bn bao gm cc thnh phn sau: CPU n v x l trung tm: thc thi cc cu lnh ca h iu hnh thc hin cc nhim v nh: khi ng h thng, nh tuyn, iu khin cc cng giao tip mng. RAM: c dng lu bng nh tuyn, cung cp b nh cho chuyn mch nhanh, chy tp tin cu hnh v cung cp hng i cho cc gi d liu. RAM c chia thnh hai phn: phn b nh x l chnh v b nh chia s xut/nhp. Ton b ni dung trn RAM s b xa khi mt in. Flash: B nh Flash c s dng lu ton b h iu hnh Cisco IOS. Mc nh router tm IOS ca n trong flash. NVRAM ( None-volative Random-access Memory ): L b nh RAM khng b mt thng tin khi mt in, c s dng lu tp tin cu hnh. BUS: Phn ln cc router u c bus h thng v CPU bus. Bus h thng c s dng thng tin lin lc gia CPU vi cc cng giao tip v cc khe m rng. 7
CPU s dng CPU bus truy xut cc thnh phn ca router thng qua b nh trn router. ROM ( Read Only Memory): L ni lu on m ca chng trnh kim tra khi khi ng. N him v chnh ca ROM l kim tra phn cng ca router khi khi ng, sau chp phn mm Cisco IOS t flash vo RAM. Cc cng giao tip: L ni router kt ni vi bn ngoi. Router c ba loi cng: LAN , WAN v console. Cng giao tip LAN thng l cng Ethernet hoc Token Ring. Cng giao tip WAN c th l cng Serial, ISDN , cng tch hp n v dch v knh CSU ( Channel Service Unit ). Cng console/AUX l cng giao tip ch yu c s dng cu hnh router.
Hnh 1.8. Cu trc vt l ca router 1.5 Vai tr ca Router trong WAN Chc nng ch yu ca router l nh tuyn. Hot ng nh tuyn din ra Lp 3, cung cp kt ni gia cc mng WAN vi cc chuNn vt l v lin kt d liu khc nhau. V d: mt router c th c mt giao tip ISDN s dng kiu ng gi PPP v mt giao tip ni tip T1 s dng kiu ng gi FrameRelay. Router phi c kh nng chuyn i lung bit t loi dch v ny sang loi dch v khc. V d: chuyn i t dch v ISDN sang dng T1, ng thi chuyn kiu ng gi lp Lin kt d liu t PPP sang FrameRelay.
CHNG 2. CU HNH ROUTER

2.1 Khi nim v cu hnh Router. Cu hnh router l s dng cc phng php khc nhau nh cu hnh cho router thc hin cc chc nng c th: lin kt leased line, lin kt dial-up, firewall, Voice Over IP trong tng trng hp c th. i vi Cisco Router thng c 03 phng php nh cu hnh cho router: S dng CLI: CLI l ch vit tt ca Command Line Interface, l cch cu hnh c bn p dng cho hu ht cc thit b ca Cisco. N gi s dng c th dng cc dng lnh nhp t cc Terminal (thng qua port Console hay qua cc phin Telnet) nh cu hnh cho Router. S dng Chng trnh ConfigMaker: ConfigMaker l chng trnh h tr cu hnh cho cc Router t 36xx tr xung ca Cisco. Chng trnh ny cung cp mt giao din ha v cc Wizard thn thin, c trnh by di dng Question Answer, gip cho vic cu hnh router tr nn rt n gin. N gi s dng c th khng cn nm vng cc cu lnh ca Cisco m ch cn mt kin thc c bn v h thng l c th cu hnh c router. Tuy nhin ngoi hn ch v s sn phNm router h tr nh trn, chng trnh ny cng khng cung cp y tt c cc tnh nng ca router v khng c kh nng tu bin theo cc yu cu c th c th. Hin nay version mi nht ca ConfigMaker l ConfigMaker 2.4. S dng chng trnh FastStep: Khc vi chng trnh ConfigMaker, FastStep c cung cp da trn tng loi sn phNm c th ca Cisco. V d nh vi Cisco router 2509 th c FastStep for Cisco Router 2509 Chng trnh ny cung cp cc bc cu hnh cc tnh nng c bn cho tng loi sn phNm. Cc bc cu hnh cng c trnh by di dng giao din ha, Question Answer nn rt d s dng. Tuy vy cng nh chng trnh ConfigMaker, FastStep ch mi h tr cho mt s sn phNm cp thp ca Cisco v ch gip cu hnh cho mt s chc nng c bn ca router. Tm li, vic s dng CLI cu hnh Cisco Router tuy phc tp nhng vn l cch cu hnh router thng gp nht. Hiu bit vic cu hnh bng CLI s gip ngi s dng linh hot trong vic cu hnh v d dng khc phc s c. Hin nay vic s dng CLI c th kt hp vi mt trong 02 cch cu hnh cn li Ny nhanh tc cu hnh router. Khi , cc chng trnh cu hnh s s dng to cc file cu hnh th, phng php CLI s c s dng sau cng ty bin hay thc hin cc tc v m chng trnh khng thc hin c. Trong ti liu ny cc hng dn cu hnh u l phng php CLI phng php dng dng lnh.
2.2 Cu trc router.
Cu trc router l mt trong cc vn c bn cn bit trc khi cu hnh router. Cu trc ca router c trnh by trong hnh 2.1.
Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------Cc thnh phn chnh ca router bao gm: N VRAM: N VRAM (N onvolatile random-access memory) l loi RAM c th lu li thng tin ngay c khi khng cn ngun nui. Trong Cisco Router N VRAM thng c nhim v sau: Cha file cu hnh startup cho hu ht cc loi router ngoi tr router c Flash file system dng Class A. (7xxx) Cha Software configuration register, s dng xc nh IOS image dng trong qu trnh boot ca router. Flash memory: Flash memory cha Cisco IOS software image. i vi mt s loi, Flash memory c th cha cc file cu hnh hay boot image.. Ty theo loi m Flash memory c th l EPROMs, single in-line memory (SIMM) module hay Flash memory card: Internal Flash memory: o Internal Flash memory thng cha system image. o Mt s loi router c t 2 Flash memory tr ln di dng single inline memory modules (SIMM). N u nh SIMM c 2 bank th c gi l dual-bank Flash memory. Cc bank ny c th c phn thnh nhiu phn logic nh Bootflash o Bootflash thng cha boot image. o Bootflash i khi cha ROM Monitor. Flash memory PC card hay PCMCIA card. Flash memory card dng gn vo Personal Computer Memory Card International Association (PCMCIA) slot. Card ny dng cha system image, boot image v file cu hnh. Cc loi router sau c PCMCIA slot: o Cisco 1600 series router: 01 PCMCIA slot. o Cisco 3600 series router: 02 PCMCIA slots. o Cisco 7200 series N etwork Processing Engine (N PE): 02 PCMCIA slots o Cisco 7000 RSP700 card v 7500 series Route Switch Processor (RSP) card cha 02 PCMCIA slots. DRAM: Dynamic random-access memory (DRAM) bao gom 02 loi: Primary, main, hay processor memory, dnh cho CPU dng thc hin Cisco IOS software v lu gi running configuration v cc bng routing table. Shared, packet, or I/O memory, which buffers data transmitted or received by the router's network interfaces.
Ty vo IOS v phn cng m c th phi nng cp Flash RAM v DRAM. ROM Read only memory (ROM) thng c s dng cha cc thng tin sau:
10
Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------ROM monitor, cung cp giao din cho ngi s dung khi router khng tm thy cc file image khng ph hp. Boot image, gip router boot khi khng tm thy IOS image hp l trn flash memoty.
2.3
Cc mode config
Cisco router c nhiu ch (mode) khi config, mi ch c c im ring, cung cp mt s cc tnh nng xc dnh cu hnh router. Cc mode ca Cisco router c trnh by trong hnh 2.2. User Mode hay User EXEC Mode: y l mode u tin khi bn bt u mt phin lm vic vi router (qua Console hay Telnet). mode ny bn ch c th thc hin c mt s lnh thng thng ca router. Cc lnh ny ch c tc dng mt ln nh lnh show hay lnh clear mt s cc counter ca router hay interface. Cc lnh ny s khng c ghi vo file cu hnh ca router v do khng gy nh hng n cc ln khi ng sau ca router. Privileged EXEC Mode: vo Privileged EXEC Mode, t User EXEC mode g lnh enable v password (nu cn). Privileged EXEC Mode cung cp cc lnh quan trng theo di hot ng ca router, truy cp vo cc file cu hnh, IOS, t cc password Privileged EXEC Mode l cha kha vo Configuration Mode, cho php cu hnh tt c cc chc nng hot ng
11
Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------ca router. Configuration Mode: N h trn ni, configuration mode cho php cu hnh tt c cc chc nng ca Cisco router bao gm cc interface, cc routing protocol, cc line console, vty (telnet), tty (async connection). Cc lnh trong configuration mode s nh hng trc tip n cu hnh hin hnh ca router cha trong RAM (running-configuration). N u cu hnh ny c ghi li vo N VRAM, cc lnh ny s c tc dng trong nhng ln khi ng sau ca router. Configurarion mode c nhiu mode nh, ngoi cng l global configuration mode, sau l cc interface configration mode, line configuration mode, routing configuration mode. ROM Mode ROM mode dng cho cc tc v chuyn bit, can thip trc tip vo phn cng ca router nh Recovery password, maintenance. Thng thng ngoi cc dng lnh do ngi s dng bt buc router vo ROM mode, router s t ng chuyn vo ROM mode nu khng tm thy file IOS hay file IOS b hng trong qu trnh khi ng.
12
Hnh 2.2: Mt s mode config ca Cisco Router Bang 2.1 trnh bay cac mode c ban cua Cisco router va mot so ac iem cua chung:
Mode User EXEC Privileged EXEC
Cach thc truy cap Log in. T user EXEC mode, s dung lenh enable.
Dau nhac Router> Router#
Cach thc thoat logout command. e tr ve user EXEC mode, dung lenh disable.. e vao global configuration mode, dung lenh configure terminal.
Global configuration
T privileged EXEC mode, dung lenh configure terminal
Router(config)#
e ra privileged EXEC mode, dung lenh exit hay end hay go Ctrl-Z. e vao interface configuration mode, go lenh interface.
13
Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------Interface configuration T global configuration mode, go lenh interface. Router(configif)# e ra global configuration mode, dung lenh exit e ra privileged EXEC mode, dung lenh exit hay go Ctrl-Z. e vao subinterface configuration mode, xac nh subinterface bang lenh interface Subinterface configuration T interface configuration mode, xac nh subinterface bang lenh interface. Router(configsubif)# To exit to global configuration mode, use the exit command. To enter privileged EXEC mode, use the end command or press Ctrl-Z. > e ra user EXEC mode, go lenh continue
ROM monitor
T privileged EXEC mode, dung lenh reload nhan phm Break trong 60s khi router khi ong Dung lenh boot system rom.
2.3 Cau hnh cac tnh nang chung cua router.

2.3.1 Mot so quy tac ve trnh bay cau lenh. Cac quy tac trnh bay tai bang sau c s dung trong tai lieu nay cung nh trong tat ca cac tai lieu khac cua Cisco
Cach trnh bay ^ hay Ctrl

Screen
Y ngha Phm Ctrl. Hiem th cac thong tin se c trnh bay tren man hnh. Hien th cac thong tin (dong lenh) ma ban phai nhap vao t ban phm. Bieu hien cac ky t khong hien thi tren man hnh, v du nh password. Bieu hien cac cau chu thch.
Boldface < ! (
[ Italics
>
)
]
Bieu hien dau nhac hien tai Bieu hien cac tham so tuy chon (khong bat buoc) cho cau lenh. Bieu hien cac tham so cua dong lenh. Cac tham so nay la bat buoc phai co va ban phai chon gia tr phu hp cho tham so o e a vao cau lenh. Bieu hien ban phai chon mot trong cac gia tr x, y, z trong cau lenh. Bang 3.1
{x|y|z}
14
2.3.2 Cac phm tat can s dung khi cau hnh router Cisco router c cau hnh bang chuoi cac lenh, e thuan tien va nhanh chong hn trong viec nhap lenh mot so cac phm tat thng c s dung c trnh bay bang 3.2:
Phm Delete Backspace Left Arrow hay Ctrl-B Right Arrow hay Ctrl-F Esc-B Esc-F TAB Ctrl-A Ctrl-E Ctrl-R Ctrl-U Ctrl-W Ctrl-Z Up Arrow hay Ctrl-P Down Arrow hay Ctr-N
Cong dung Xoa ky t ben phai con tro Xoa ky t ben trai con tro Di chuyen con tro ve ben trai mot ky t Di chuyen con tro ve ben phai mot ky t Di chuyen con tro ve ben trai mot t Di chuyen con tro ve ben phai mot t Hien th toan bo lenh (ch co tac dung khi phan a go cua lenh tng ng u e giup Cisco IOS xac nh lenh o la duy nhat) Di chuyen con tro len au hang lenh. Di chuyen con tro ve cuoi hang lenh. Hien th lai dong lenh. Xoa dong lenh. Xoa mot t Ket thuc Configuration Mode, tr ve EXEC mode. Hien th dong lenh trc. Hien th dong lenh tiep theo. Bang 3.2
Ngoai ra khi cau hnh router, dau ? thng c s dung tat ca cac mode e liet ke danh sach cac cau lenh co the s dung c tai mode o. V du:
Router> ? Exec commands: Session number to resume <1-99> connect Open a terminal connection disconnect Disconnect an existing telnet session enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system lat Open a lat connection lock Lock the terminal login Log in as a particular user
15
Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------logout Exit from the EXEC menuStart a menu-based user interface mbranchTrace multicast route for branch of tree mrbranchTrace reverse multicast route to branch of tree mtrace Trace multicast route to group name-connection Name an existing telnet connection pad Open a X.29 PAD connection ping Send echo messages resume Resume an active telnet connection show Show running system information systat Display information about terminal lines telnet Open a telnet connection terminal Set terminal line parameters tn3270 Open a tn3270 connection trace Trace route to destination where List active telnet connections x3 Set X.3 parameters on PAD xremote Enter XRemote mode
2.3.3 Cac khai niem ve console, telnet. Cach xac nh cac ten va password cho router. 2.3.3.1 Console port Console port co tren tat ca cac loai router dung e cho cac terminal co the truy cap vao router e nh cau hnh cung nh thc hien cac thao tac khac tren router. Console port thng co dang lo cam cho RJ-45 connector. e ket noi vao console port ta can cac thiet b sau: 01 terminal, co the la terminal chuyen dung cua UNIX hay may PC Windows chay chng trnh HyperTerminal. 01 Roll-over cable: si cap nay i kem vi moi router (hnh 3.1), la cap UTP co 4 cap day va c bam RJ-45 ao th t 2 au.
Hnh 3.1 01 au DB-25 hay DB-9 dung e ket noi vao Terminal. Cac au noi nay co port noi RJ-45 pha sau. Cac au noi nay thng c goi la RJ-45 to DB-9 hay RJ-45 to DB-25 adapter.
Ket noi vao console port c thc hien nh hnh 3.2 Khi ket noi a c thc hien, chay chng trnh (v du nh HyperTerminal) cua Windows e truy cap vao router. Mot so iem lu y khi s dung chng trnh la:
16
Khoa CNTT- Bi ging mn Cng ngh v thit b mng ------------------------------------------------------------------------------------------------------------- Chon ung COM port ket noi (direct to COM1 hay COM2). Cac thong so cua console port la: 9600 baud, 8 data bits, no parity, 2 stop bits. Console port khong ho tr cho flow control va modem control.
Neu khong c at password cho console port, khi khi ong chng trnh HyperTerminal, xac lap ung cac thong so nh tren va go vai lan Enter, ban se vao ngay user EXEC mode vi dau nhac router>. Password vi console port la khong bat buoc, tuy nhien e bao am an toan cho he thong, ta co the dung cac buc sau ay e xac nh password cho console port cua router.
Hnh 3.2 Ket noi console port vao terminal.
Cau lenh enable config terminal line con0 login password password ^Z
Dau nhac ban au Router> Router# Router#(config) Router#(configline) Router#(configline) Router#(configline)
Dau nhac sau khi go Router# Router#(config) Router#(configline) Router#(configline) Router#(configline) Router#
Giai thch Vao che o Privileged mode, go password neu can Vao global configuration mode Vao line configuration mode. Cho phep login vao router va hien th cau hoi password khi truy cap. at password cho console port. Tr ve Privileged mode.
Bang 3.3 2.3.3.2 Telnet sesstion Trong he thong mang s dung TCP/IP, Telnet la mot dch vu rat hu ch giup cho ngi s dung co the truy cap va cau hnh thiet b t bat c ni nao trong he thong hay thong
17
Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------qua cac dch vu remote access. e s dung c Telnet cho viec truy cap va cau hnh cisco router can phai co cac ieu kien sau: He thong mang s dung giao thc TCP/IP Gan a ch IP cho t nhat 01 trong cac ethernet port cua router va ket noi cong o vao he thong mang. 01 PC ket noi vao mang thong qua TCP/IP.
Sau khi thoa man cac ieu kien tren, tai PC ta co the go lenh telnet ip address cua ethernet port tren router e co the truy cap vao router. Do mc o de dang va thuan tien cua telnet trong viec truy cap vao router, viec at password cho telnet la rat can thiet va quan trong. Bang sau se trnh bay cac bc e xac lap password cho cac ng telnet.
Cau lenh enable config terminal line vty 0 4 login password password ^Z
Dau nhac ban au Router> Router# Router#(config) Router#(configline) Router#(configline) Router#(configline)
Dau nhac sau khi go Router# Router#(config) Router#(configline) Router#(configline) Router#(configline) Router# Bang 3.4
Giai thch Vao che o Privileged mode, go password neu can Vao global configuration mode Vao line configuration mode. Cho phep login vao router va hien th cau hoi password khi truy cap. at password cho console port. Tr ve Privileged mode.
ng telnet trong Cicso router c ky hieu la vty. Cisco router ho tr 05 phien telnet ong thi (ky hieu t 0 en 4). Ta co the xac nh password cho tng ng telnet. Tuy nhien ca 05 ng thng c cau hnh chung 01 password duy nhat e tang kha nang bao mat va de quan ly. 2.3.3.3 Xac nh ten cho router va enable password. Khi cha xac nh ten cho router, dau nhac mac nh cua router se la router>. Viec xac nh ten cho router nham muc ch quan ly va lam thay oi dau nhac nay. Ngoai ra viec xac nh enable password cho phep ngan chan them mot lan na (ngoai password vao console hay telnet) viec truy cap va thay oi cau hnh router. Bang sau trnh bay cac buc e at (hay thay oi) ten va enable password cho router.
Cau lenh enable
Dau nhac ban au Router>
Dau nhac sau khi go lenh Router#
Giai thch Vao che o Privileged mode, go password neu can
18
Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------config terminal hostname name Router# Router#(config) Router#(config) (name)#(configline) (name)#(configline) (name)#(configline) Vao global configuration mode Xac nh ten cho router, dau nhac se thay oi ung theo ten a nhap. Xac nh enable password
enable assword password enable secret password
(name)#(config -line) (name)#(config -line)
Xac nh enable password ong thi ma hoa password trong file cau hnh. Phai i chung vi lenh service password-encryption. Tr ve Privileged mode.
^Z
(name)#(config -line)
(name)# Bang 3.5
2.3.4 Lam viec vi file cau hnh va IOS image. 2.3.4.1 Mot so khai niem c ban. File cau hnh (configuration file):
La mot file dang text co cau truc, trong o cha tat ca cac lenh quan trong cua router, quyet nh hoat ong cua router. Sau khi cau hnh ban au, file cau hnh nay c ghi vao NVRAM cua router va se c s dung trong suot thi gian hoat ong cua router. (trong mot so loai router, file nay co the cha bootflash RAM, slot 0 hay slot 1cua PCMCIA card). Khi router khi ong file cau hnh nay c nap t NVRAM vao RAM va thi hanh mot cach t ong. Viec mat hay h hong file cau hnh nay se khien router ri vao ROM mode hay setup mode. File cau hnh nam trong NVRAM c goi la startupconfig con nam trong RAM c goi la running-config. Ngoai tr trong qua trnh cau hnh router, hai file nay thng giong nhau. V du ve mot file cau hnh cua router:
Current configuration: ! version 11.2 ! Version of IOS on router, automatic command ! no service udp-small-servers no service tcp-small-servers ! hostname Critter prompt Emma ! Prompt overrides the use of the hostname as the prompt ! enable password lu ! This sets the priviledge exec mode password ! no ip domain-lookup ! Ignores all names resolutions unless locally defined on the router. ! ipx routing 0000.3089.b170 ! Enables IPX rip routing !
19
Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------interface Serial0 ip address 137.11.12.2 255.255.255.0 ipx network 12 ! interface Serial1 description this is the link to Albuquerque ip address 137.11.23.2 255.255.255.0 ipx network 23 ! interface TokenRing0 ip address 137.11.2.2 255.255.255.0 ipx network CAFE ring-speed 16 ! router rip network 137.11.0.0 ! no ip classless ! banner motd ^C This Heres the Rootin-est Tootin-est Router in these here Parts! ^C ! Any text between the Ctl-C keystroke is considered part of the banner, including !the return key.! line con 0 password cisco login ! login tells the router to supply a prompt; password defines what the user must type! ! line aux 0 line vty 0 4 password cisco login ! end
IOS image:
IOS la ch viet tat cua Internetworking Operating System. IOS thc s la trai tim cua Cisco router. No quyet nh tat ca cac chc nang cua thiet b va bao gom tat ca cac dong lenh dung e cau hnh thiet b o. IOS image la thuat ng dung e ch file cha IOS, nh o ma ta co the backup hay upgrade IOS mot cach de dang va thuan tien. Trong Cisco router IOS thng c cha trong Flash RAM. TFTP server.
TFTP la ch viet tat cua Trial File Transfer Protocol, mot protocol chuan cua giao thc TCP/IP. TFTP la mot connectionless, reliable protocol. TFTP Server co the la mot workstation UNIX hay mot PC thng chay chng trnh gia lap TFTP server tren mot he thong mang TCP/IP. TFTP Server thng c dung lam ni backup cac file cau hnh, IOS image hay ngc lai la ni cha cac file cau hnh mi, cac IOS image mi e update cho router. 2.3.4.2 Lam viec vi file cau hnh va IOS. Vi file cau hnh:
Cac qua trnh lam viec vi file cau hnh c mo ta trong hnh 3.3
20
Hnh 3.3 Nh hnh 3.3 cho thay, ta co the chuyen oi qua lai file cau hnh t RAM, NVRAM va TFTP Server. Cac chuyen oi en NVRAM va TFTP thng co ngha la thay the (replace) trong khi cac chuyen oi ti RAM co ngha la bo sung (add). V du: e copy file cau hnh t RAM vao NVRAM ta dung lenh sau: copy running-config startup-config e xem mot file cau hnh ta dung lenh sau: show {running-config | startup-config} e xoa mot file cau hnh ta dung lenh sau: erase nvram Ngoai ra ta con co the s dung cac cau lenh khac co tac dung tng t. Cac lenh nay la cac lenh cu thng c s dung trong cac IOS version 11.0 tr ve trc. e chuyen oi file cau hnh trong Cisco router dung lenh sau privileged mode: copy {tftp | running-config | startup-config} {tftp | running-config | startup-config}
Cau lenh show running-config show startup-config copy running-config startup config copy running-config tftp erase nvram
Cau lenh tng ng (lenh cu) write terminal show config write mem write network write erase hay erase startup-config.
21
Khoa CNTT- Bi ging mn Cng ngh v thit b mng ------------------------------------------------------------------------------------------------------------.
22
Xem noi dung cua flash RAM
Dung lenh show flash e xem thong tin ve IOS image cha trong flash RAM V du:
fred#show flash System flash directory: File Length Name/status 1 4181132 c2500-i-l.112-7a [4181196 bytes used, 4207412 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY)
Chon IOS image e khi ong router.
Trong moi router co 01 thanh ghi goi la configuration register. ay la mot thanh ghi 16-bit (Hnh 3.5) trong o 4 bit cuoi cung c goi la boot field quyet nh qua trnh khi ong cua router. Gia tr cua boot field cho biet router se khi ong t ROM hay t RAM. Can thiep vao qua trnh khi ong cua router thong qua configuration register thng dung trong qua trnh password recovery.
Hnh 3.5: configuration register. Mot cach khac n gian va thng c s dung la dung lenh boot system cua IOS. Lenh nay thng c at va trong startup-config cua router. Bang sau se tong ket lai ca hai phng phap tren
Gia tr cua boot field 0x0 0x1 0x2 en 0xF 0x2 en 0xF 0x2 en 0xF
Cau lenh boot system Khong anh hng Khong anh hng Boot system rom Boot system flash Boot system flash filename
Ket qua ROM monitor mode. ROM mode. ROM mode IOS au tien trong flash se c dung e khi ong. IOS image trong flash c ch nh se c dung e khi ong. IOS image co ten la filename trong TFTP server co a ch ip address se c dung e khi ong. Router se s dung cac lenh t tren xuong di cho en khi co mot lenh c thc
0x2 en 0xF
Boot system tftp ip address filename
0x2 en 0xF
Nhieu lenh boot system
23
Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------.Bang 3.7
CHNG III: GIAO THC NNH TUYN 3.1.Gii thiu v nh tuyn nh tuyn l qu trnh m router thc hin chuyn gi d liu ti mng ch. Tt c cc router dc theo ng i u da vo a ch IP ch ca gi d liu chuyn gi theo ng hng n ch cui cng. nh tuyn chia lm hai dng nh tuyn ng v nh tuyn tnh. 3.2. nh tuyn tnh i vi nh tuyn tnh, cc thng tin v ng i phi do ngi qun tr mng nhp cho router. Khi cu trc mng c bt k s thay i no th chnh ngi qun tr mng phi xo hoc thm thng tin v ng i cho router. nhng loi ng nh vy gi l ng c nh. 3.2.1.Hot ng ca nh tuyn tnh Hot ng ca nh tuyn tnh c th c chia ra lm ba bc sau: + u tin, ngi qun tr mng cu hnh cc ng c nh cho router + Router ci t cc ng i ny vo bng nh tuyn + Gi d liu c nh tuyn theo cc ng c nh ny N gi qun tr mng cu hnh ng c nh cho router bng lnh ip route. C php ca lnh ip route nh sau: Router(config) # ip route prefix mask {address / interface } [distance] [tag tag] [permanent] prefix IP ca mng ch. mask Subnet mask ca mng ch. address interface distance a ch IP ca next hop i n mng ch. Cng ra trn router i n mng ch (ty chn) Khong cch qun tr ca giao thc.
tag tag(tu chn) S dng lm gi tr so snh iu khin vic phn b ng qua bn ng i (trong CCN P).
24
Permanent (tu chn) Ch ra rng con ng ny khng b xo k c khi cng b shutdown. (trong CCN P) Mt vn cn quan tm n i vi nh tuyn tnh l ch s tin cy.Ch s tin cy l mt thng s o lng tin cy ca mt ng i. ch s ny cng thp th tin cy cng cao. Do vy nu hai con ng cng i n mt ch th con ng no c tin cy nh hn th ng c t vo bng nh tuyn ca router trc. V d ng c nh s dng a ch IP ca trm k tip s c ch s tin cy mc nh l 1, cn ng c nh s dng cng ra th c ch s tin cy mc nh l 0. N u ta mun ch nh ch s tin cy thay v s dng gi tr mc nh th ta thm hng s ny vo sau thng s v cng ra hoc a ch IP trm k ca cu lnh. Gi tr ny nm trong khong t 0 n 255. V d: router(config)# ip route 172.16.2.0 255.255.255.0 172.16.4.1 124 N u router khng chuyn c gi tin ra cng giao tip c cu hnh th c ngha cng giao tip ang b ng, ng i tng ng s khng c t vo bng nh tuyn. 3.2.2.Cu hnh ng c nh + Khong cch qun tr v o ng i (metric) o ng i ca mi ng tnh lun bng 0 Khong cch qun tr l u tin v thng tin nh tuyn. Khong cch qun tr cng nh th cng c u tin cng cao. N u router thy c nhiu con ng ti cng mt mng ch t nhiu ngun khc nhau th n s s dng Khong cch qun tr quyt nh a con ng no vo Bng nh tuyn. Khong cch qun tr mc nh ca ng nh tuyn tnh l 1
25
Hnh 3.2.1 Khong cch qun tr ca cc giao thc nh tuyn + Cc bc cu hnh ng c nh: 1. Xc nh tt c cc mng ch cn cu hnh, subnet mask tng ng v gateway tng ng. Gateway c th l cng giao tip trn router hoc l a ch ca trm k tip n c mng ch. 2. Bn vo ch cu hnh ton cc ca router 3. N hp lnh ip route vi a ch mng ch, subnet mask v gateway tng ng m ta xc nh bc mt. nu cn th thm thng s v tin cy. 4. Lp li bc ba cho nhng mng ch khc 5. thot khi ch cu hnh ton cc 6. Lu tp tin cu hnh ang hot ng thnh tp tin cu hnh khi ng bng lnh copy running-config startup-config. V d: Hnh 3.2.2 l mt minh ho v cu hnh ng c nh vi cu trc mng c 3 router kt ni n gin. trn router Hoboken ta cn cu hnh ng i ti mng 172.16.1.0 v mng 172.16.5.0 c hai mng ny u c subnet mask la255.255.255.0
26
Khi router Hoboken inh jtuyn cho cc gi n mng ch l 172.16.1.0 th n s s dng cc ng c nh m ta cu hnh cho router Sterling, cn gi no n mng ch l 172.16.5.0 th nh tuyn ti router Waycross.
Hnh 3.2.2: Cu hnh nh tuyn tnh cho mng khung pha trn ca hnh 3.2.2 c hai cu lnh u ch ng c nh cho router thng qua cng ra trn router. Trong cu lnh ny khng ch nh gi tr cho ch s tin cy nn trn bng nh tuyn hai ng c nh ny c ch s tin cy mc nh l 0. ng c ch s tin cy bng 0 tng ng vi mng kt ni trc tip vo router. khung bn di ca hnh 6.2.2, hai cu lnh ch ng c nh cho router thng qua a ch router k tip. ng ti mng 172.168.1.0 c a ch ca router k tip l 172.16.2.1, ng ti mng 172.16.5.0 c a ch ca router k tip l
27
172.16.4.2. Trong hai cu lnh ny cng khng ch nh gi tr cho tin cy nn hai ng c nh tng ng s c c s tin cy mc nh l 1. 3.2.3.Cu hnh ng mc nh cho router chuyn gi i ng mc nh l ng m router s s dng trong trng hp router khng tm thy ng i no ph hp trong bng nh tuyn ti ch ca gi d liu. Chng ta thng cu hnh cu hnh ng mc nh cho ng ra ca Internet ca router v router khng cn lu thng tin nh tuyn ti tng mng trn Internet. Lnh cu hnh ng c nh: Ip route 0.0.0.0 0.0.0.0 [next-hop-address / outging interface] Subnet 0.0.0.0 khi thc hin php ton AN D logic vi bt k a ch IP ch no cng c kt qu mng l 0.0.0.0. Do nu gi d liu c a ch ch m router khng tm c ng no ph hp th gi d liu s c nh tuyn ti mng 0.0.0.0. Cc bc cu hnh ng mc nh: + Vo ch cu hnh ton cc + N hp lnh ip route vi mng ch l 0.0.0.0 v subnet mask tng ng l 0.0.0.0. Gateway ca ng mc nh c th l cng giao tip trn router kt ni vi mng bn ngoi hoc l a ch IP ca router k tip. Thng thng ta hay s dng a ch IP ca router k tip lm gateway. + Thot khi ch cu hnh ton cc + Lu li tp tin cu hnh khi ng trong N VRAM bng lnh: copy running-config startup-config. Vi d:
28
Hnh 3.2.3a
Hnh 3.2.3b Trong v d ca hnh 3.2.2 router Hoboken c cu hnh nh tuyn d liu ti mng 172.16.1.0 trn router Sterling v ti mng 172.16.5.0 trn router Waycross. N hng c router Sterling v Waycross u cha bit ng i ti cc mng m khng kt ni trc tip vi n. Ta c th cu hnh ng c nh cho sterling v Waycross ch ng ti tng mng mt. N hng cch ny khng phi l mt gii php hay cho nhng h thng mng ln. Trong hnh 3.2.3a v 3.2.3b l nhng v d v cu hnh cc ng mc nh cho router sterling v
29
Waycross. Sterling kt ni n tt c cc mng khc thng qua mt cng Serial 0. Tng t Waycross cng vy, Waycross ch c mt kt ni n tt c cc mng khc thng qua cng Serial 1 m thi. Do chng ta cu hnh ng mc nh cho Sterling v Waycross th hai router ny s s dng ng mc nh nh tuyn cho gi d liu n tt c cc mng no khng kt ni trc tip vi n. 3.2.4.Cc quy tc v nh tuyn tnh + nh tuyn tnh qua lin kt im-im. Tt nht l ta nn s dng nh tuyn tnh bng cng ra. Vi cc cng serial kt ni kiu im-im, router khng bao gi s dng a ch trung gian chuyn tip gi d liu. + nh tuyn tnh qua mng kiu qung b Tt nht l cu hnh dng nh tuyn tnh vi c a ch trung gian v cng ra + Ch s dng a ch trung gian Khi cu hnh ng nh tuyn tnh trnh vic cc ng inh jtuyn tnh ch tham chiu n cc a ch trung gian v cc ng nh tuyn tnh khng c gn vi mt cng no c m ph thuc vo vic tm ng qua cc a ch trung gian lm cho tc hi t chm li. iu ny cng c th gy ra vn nh tuyn lp. 3.2.5.Kim tra cu hnh ng c nh Sau khi cu hnh ng c nh, kim tra xem bng nh tuyn c ng c nh m ta cu hnh hay cha, hot ng nh tuyn c ng hay khng. Ta dng lnh show running-config kim tra ni dung tp tin cu hnh ang chy trn RAM xem cu lnh cu hnh ng c nh c nhp vo ng cha. Sau ta dng lnh show ip route xem c ng c nh no trong bng nh tuyn cha. Cc bc kim tra cu hnh ng c nh: + ch c quyn, ta nhp lnh show running-config xem tp tin cu hnh ang hot ng.
30
+ Kim tra xem cu lnh cu hnh ng c nh c ng khng. N u khng ng th ta phi vo li ch cu hnh ton cc,xoa cu lnh sai v nhp cu lnh mi. + N hp lnh show ip route. + Kim tra xem ng c nh m ta cu hnh c trong bng nh tuyn hay khng. 3.2.6.X l s c Dng lnh ping kim tra xem cc mng ni vi nhau c thng hay khng. nu c s c xy ra ta dng tip lnh tracerouter kim tra xem mng b rt u. Sau khi xc nh c s c xy ra router no th ta vo cc router sa cha hoc cu hnh li cho router . 3.3. nh tuyn ng 3.3.1.Gii thiu v nh tuyn ng Giao thc nh tuyn ng c s dng giao tip gia cc router vi nhau. Giao thc nh tuyn ng cho php router ny chia s cc thng tin nh tuyn m n bit cho cc router khc. T , cc router c th xy dng v bo tr bng nh tuyn ca n. Mt s giao thc nh tuyn ng: + RIP ( Routing Information Protocol) + IPGP (Interior Gateway Routing Protocol) + EIGRP (Enhanced Interior Gateway Routing Protocol) + OSPF (Open Shortest Path First) 3.3.2.H thng t qun (Autonomous System) (AS) H t qun AS l mt tp hp cc mng hot ng di cng mt c ch qun tr v nh tuyn. T bn ngoi nhn vo, mt AS c xem nh mt n v. T chc ng k s Internet ca M l ni qun l vic cp s cho mi AS. Ch s ny di 16 bit.
31
Hnh 3.3.2: Mt AS l bao gm cc router hot ng di cng mt c ch qun tr 3.3.3.Mc ch ca giao thc nh tuyn ng v h thng t qun Mc ch ca giao thc nh tuyn ng l xy dng v bo tr bng nh tuyn. Bng nh tuyn ny mang thng tin v cc mng khc v cc cng giao tip trn router n cc mng ny. Router s dng cc giao thc nh tuyn ng qun l thng tin nhn c t cc router khc, thng tin t cu hnh ca cc cng giao tip v thng tin cu hnh cc ng c nh. Giao thc nh tuyn cp nht v tt c cc ng, chn ng tt nht t vo bng nh tuyn v xo i khi ng khng c s dng na. Cn router th s dng thng tin trn bng nh tuyn chuyn gi d liu ca cc giao thc ng nh tuyn. nh tuyn ng hot ng trn c s cc thut ton nh tuyn. Khi cu trc mng c bt k thay i no nh m rng thm, cu hnh li, hay b trc trc th kin thc v mng ca cc router phi thay i theo. Cc router phi c kin thc chnh xc v cu trc h thng mng. Vi h t qun AS, ton b h thng mng ton cu c chia ra thnh nhiu mng nh, d qun l hn. Mi AS c mt s AS ring, khng trng lp vi bt k AS khc, mi AS c c ch qun tr ring ca mnh. 3.3.4.Phn loi cc giao thc nh tuyn ng a s cc thut ton nh tuyn ng c xp vo 2 loi sau: + Vect khong cch + Trng thi ng lin kt
32
nh tuyn theo vect khong cch l chn ng theo hng v khong cch ti ch. Cn nh tuyn theo trng thi ng lin kt th chn ng ngn nht da trn cu trc ca ton b h thng mng. 3.3.5. c im ca giao thc nh tuyn theo vect khong cch
Hnh 3.3.5 nh tuyn theo vect khong cch thc hin truyn bn sao ca bng nh tuyn t router ny sang router khc theo nh k. Vic cp nht nh k gia cc router gip trao i thng tin khi cu trc mng thay i. Thut ton nh tuyn theo vc t khong cch cn gi l thut ton Bellman-Ford. Mi router nhn c bng nh tuyn ca nhng router lng ging kt ni trc tip vi n. V d hnh 3.3.5 router B nhn c thng tin t router A. sau router B s cng thm khong cch t router B ti router A (v d nh tng s hop ln) vo cc thng tin nh tuyn nhn c t A. khi router B s c bng nh tuyn mi v truyn bng nh tuyn ny cho router lng ging l router C. Qu trnh ny xy ra tng t cho cc router lng ging khc. Router thu thp thng tin v khong cch n cc mng khc, t n xy dng v bo tr mt c s d liu v thng tin nh tuyn trong mng, tuy nhin khi cc router hot ng theo thut ton vect khong cch n c nhc im l router s khng bit c chnh xc cu trc ca ton b h thng mng m ch bit c cc router lng ging hot ng cnh n m thi.
33
Khi s dng nh tuyn theo vect khong cch, bc u tin l router phi xc nh cc router lng ging vi n. Cc mng kt ni trc tip vo cng giao tip ca router s c khong cch l 0. cn ng i ti cc mng khng kt ni trc tip vo router th router s chn ng tt nht da trn cc thng tin m n nhn c t cc router lng ging. V d:
Ta c th xt qu trnh cp nht bng nh tuyn ca cc router A,B,C u tin trong bng nh tuyn ca cc router n s hin th ng i ti cc mng kt ni trc tip vi n.
34
i vi router A c hai mng kt ni trc tip l W,X do vy t router A n cc mng ny c khong cch bng 0. Sau router A v B trao i thng tin vi nhau
Ta thy router A s hc c t router B mng Y v ng i t router A ti mng Y phi i qua router B do vy khong cch tng ln 1. Mt khc router B li hc c t router A mng W vi khong cch l 1 qua router A, v mng Z vi khong cch l 1 qua router C. Sau router A v B li trao i thng tin bng nh tuyn vi nhau
Ta thy router A li hc c t router B mng Z vi khong cch tng ln mt bng 2 qua router B. Tng t ta cng xet vi cc router B v C ta c kt qu ca bng nh tuyn ca cc router ny nh hnh 3.3.5b. Bng nh tuyn s c cp nht khi cu trc mng c s thay i. qu trnh cp nht ny cng din ra tng bc mt t router ny n router khc. Khi
35
cp nht router gi i ton b bng nh tuyn ca n cho cc router lng ging. Trong bng nh tuyn c thng tin v ng i ti tng mng ch. Qu trnh cp nht bng nh tuyn
Qu trnh cp nht bng nh tuyn Router A gi i bng nh tuyn cp nht
cu trc mng thay i lm cho bng nh tuyn phi cp nht li Hnh 3.3.5c 3.3.6. c im ca giao thc nh tuyn theo trng thi ng lin kt Thut ton nh tuyn theo trng thi ng lin kt l thut ton Dijkstrashay cn gi l thut ton SPF (Shortest Path First tm ng ngn nht). Thut ton nh tuyn theo trng thi ng lin kt thc hin vic xy dng v bo tr mt c s d liu y v cu trc ca ton b h thng mng. nh tuyn theo trng thi ng lin kt s dng cc cng c sau: + Thng ip thng bo trng thi ng lin kt (LSA link-state Advertisement) LSA l mt gi d liu nh mang thng tin nh tuyn c truyn i gia cc router. + C s d liu v cu trc mng: c xy dng t thng tin thu thp c t cc LSA. + Thut ton SPF: Da trn c s d liu v cu trc mng, thut ton SPF s tnh ton tm ng i ngn nht.
36
+ Bng nh tuyn: cha danh sch cc ng i c chon la. Qu trnh thu thp thng tin mng d thc hin nh tuyn theo trng thi ng lin kt: Mi router bt u trao i LSA vi tt c cc router khc, trong LSA mang thng tin v cc mng kt ni trc tip ca tng router. Sau cc router tin hnh xy dng c s d liu da trn thng tin ca cc LSA. Mi router tin hnh xy dng li cu trc mng theo dng hnh cy vi bn thn l gc, t router v ra tt c cc ng i ti tt c cc mng trong h thng. sau thut ton SPF chn ng ngn nht a vo bng nh tuyn. Trn bng nh tuyn s cha thng tin v cc ng i c chn vi cng ra tng ng. Router no pht hin cu trc mng thay i u tin s pht thng tin cp nht cho tt c cc router khc. Router pht gi LSA, trong c cc thng tin v cc router mi, cc thay i v trng thi ng lin kt. gi LSA ny s c pht cho tt c cc router khc. Khi router nhn c gi LSA ny n s cp nht li c s d liu ca n vi thng tin mi va nhn c. Sau SPF s tnh li chn ng li v cp nht li cho bng nh tuyn.
Router gi LSAs cho cc router khc. Thng tin ca LSA c s dng xy dng c s d liu y v cu trc h thng mng.thut ton SPF tnh ton t xy dng ra bng nh tuyn
Hnh 3.3.6a
37
Mi router c c s d liu ring v cu trc mng v thut ton SPF thc hin tnh ton da trn c s d liu ny. Hnh 3.3.6b nh tuyn theo trng thi ng lin kt c cc nhc im sau: + B x l trung tm ca router phi tnh ton nhiu + i hi dung lng b nh ln + Chim dung lng bng thng ng truyn Router s dng nh tuyn theo trng thi ng kin kt s cn nhiu b nh hn v hot ng x l nhiu hn l s dng nh tuyn theo vect khong cch. Khi khi ng vic nh tuyn, tt c cc router phi gi cc gi LSA cho tt c cc router khc khi bng thng ng truyn s b chim dng lm cho bng thng dnh cho truyn d liu ca ngi dng gim xung. N hng sau khi cc router thu thp thng tin xy dng c s d liu v cu trc mng th bng thng ng truyn khng b chim dng na. ch khi no cu trc mng c s thay i th router mi pht gi LSA cp nht. 3.4.Tng qut v giao thc nh tuyn 3.4.1 Quyt nh chn ng i Router c hai chc nng chnh l: + Quyt nh chn ng i + Chuyn mch
38
Qu trnh chn ng i c thc hin lp mng. Router da vo bng nh tuyn chn ng cho gi d liu, sau khi quyt nh ng ra th router thc hin vic chuyn mch pht gi d liu. Chuyn mch l qu trnh router thc hin chuyn gi t cng nhn vo ra cng pht i. im quan trng ca qu trnh ny l router phi ng gi d liu cho ph hp vi ng truyn m gi chuyn b i ra. 3.4.2 Cu hnh nh tuyn cu hnh giao thc nh tuyn, ta cn cu hnh trong ch cu hnh ton cc v ci t cc c im nh tuyn. Bc u tin ch cu hnh ton cc, ta cn khi ng giao thc nh tuyn m ta mun, v d nh RIP, IGRP, EIGRP, OSPF. Sau , trong ch cu hnh nh tuyn ta phi khai bo a ch IP. Lnh router dng khi ng giao thc nh tuyn Lnh network dng khai bo cc cng giao tip trn router m ta mun. Giao thc nh tuyn gi v nhn cc thng tin cp nht v nh tuyn. a ch mng m lnh khai bo trong cu lnh network l a ch mng theo lp A, B, C ch khng phi a ch mng con, hay a ch host ring l. 3.4.3. Cc giao thc nh tuyn lp internet ca b giao thc TCP/IP, router s dng mt giao thc nh tuyn IP thc hin vic nh tuyn. Sau y l mt s giao thc nh tuyn IP: + RIP giao thc nh tuyn ni theo vect khong cch. + IGRP giao thc nh tuyn ni vect khong cch ca Cisco. + OSPF giao thc nh tuyn ni theo trng thi ng lin kt. + EIGRP giao thc m rng ca IGRP. + BGP giao thc nh tuyn ngoi theo vect khong cch. * Mt s c im c bn ca RIP + L giao thc nh tuyn theo vect khong cch. + S dng s lng hop lm thng s chn ng i. + N u s lng hop i ti ch ln hn 15 th gi d liu s b hu b. + Cp nht theo nh k mc nh l 30 giy.
39
IGRP (Interior Gateway Routing Protocol) l giao thc c pht trin c quyn ca Cisco. * Mt s c im ca IGRP : + L giao thc nh tuyn theo vect khong cch. + S dng bng thng, ti, tr v tin cy ca ng truyn lm thng s la chn ng i. + Cp nht theo nh k mc nh l 90 giy. OSPF (Open Shortest Path First) l giao thc nh tuyn theo trng thi ng lin kt. * Mt vi c im chnh ca OSPF + L giao thc nh tuyn theo trng thi ng lin kt.. + c nh ngha trong RFC 2328. + S dng thut ton SPF tnh ton chn ng i tt nht. + Ch cp nht khi cu trc mng c s thay i. EIRGP l giao thc nh tuyn nng cao theo vect khong cch v l giao thc c quyn ca Cisco. * Mt s c im ca EIRGP + L giao thc nng cao vect khong cch. + C chia ti. + C cc u im ca nh tuyn theo vect khong cch v nh tuyn trng thi ng lin kt. + S dng thut ton DUAL (Difused Update Algorithm) tnh ton chn ng i tt nht. + Cp nht theo nh k mc nh l 90 giy hoc cp nht khi c s thay i v cu trc mng. BGP (Border Gateway Protocol) l giao thc nh tuyn ngoi. * Vi c im c bn ca BGP + L giao thc nh tuyn ngoi theo vect khong cch. + c s dng nh tuyn gia cc ISP hoc ISP v khch hng.
40
+ c s dng nh tuyn lu lng Internet gia cc h t qun (AS)
41
Chng 4 GIAO THC NNH TUYN THEO VC KHONG CCH 4.1.Tng quan v nh tuyn theo vect khong cch Giao thc nh tuyn ng gip cho cng vic ca ngi qun tr mng tr ln n gin hn nhiu. Vi nh tuyn ng router c th t ng cp nht v thay i vic nh tuyn theo s thay i ca h thng mng. tuy nhin nh tuyn ng cng c nhng vn ca n hiu r hn, trong chng ny ta s cp ti cc vn ca giao thc nh tuyn theo vect khong cch c th l IGRP. 4.2. nh tuyn theo vect khong cch 4.2.1.Cp nht thng tin nh tuyn Bng nh tuyn c cp nht theo chu k hoc khi cu trc mng c s thay i. im quan trng vi mt giao thc nh tuyn l lm sao cp nht bng nh tuyn mt cch hiu qu. Khi cu trc mng c bt k mt s thay i no thng tin cp nht phi c x l trong ton b h thng. i vi nh tuyn theo vect khong cch th mi router gi ton b bng nh tuyn ca mnh cho cc router khc kt ni trc tip vi n. Bng nh tuyn bao gm cc thng tin v ng i ti mng ch nh tng chi ph (khong cch chng hn) tnh t bn thn router ti mng ch, a ch ca trm k tip trn ng i. 4.2.2.Li nh tuyn lp Mt vn c th xy ra trong qu trnh cc router cp nht bng nh tuyn, l khi bng nh tuyn trn cc router cha c cp nht hi t do qu trnh hi t chm. Ta c th xt v d c th sau:
42
Hnh 4.2.2 Ta thy trc khi mng mt b li, tt c cc router trong h thng mng u c thng tin ng v cu trc mng v bng nh tuyn l chnh xc. Ta gi s rng router C chn ng n mng 1 bng con ng qua router B. Ta thy khong cch ca con ng ny t router C n mng 1 l 3 hops. N gay khi mng 1 b li, router E lin gi thng tin cp nht cho router A. router A lp tc ngng ngay vic nh tuyn v mng 1. N hng router B, C ,D vn tip tc vic ny v chng vn cha bit mng 1 b li. Sau router A cp nht thng tin v vic mng 1 b li cho router B, D router B, D lp tc ngng ngay vic nh tuyn v mng 1. nhng lc ny router C vn cha c cp nht thng tin v mng 1 nn n vn tip tc nh tuyn cc gi d liu n mng 1 qua router B. n thi im cp nht nh k ca router C.Trong thng tin cp nht ca router C cho router D vn c thng tin v ng n mng 1 qua router B. Lc ny router D thy rng thng tin ny tt hn thng tin bo mng 1 b li do n nhn c t router A lc ny. Do router D cp nht li thng tin ny vo bng nh tuyn m n khng bit rng nh vy l sai. Lc ny trn bng nh tuyn ca router D c ng ti mng 1 l i qua router C. Sau router D ly bng nh tuyn va cp nht gi cho router A. tng t router A cng cp nht li ng n mng 1 qua router D. Ri gi cho router B v E. qu trnh tng t tip tc xy ra router B v E. khi bt k mt gi d liu no gi ti mng 1 u b gi lp vng t router C n B ti router A ti router D ri li ti C.
43
4.2.3. Gi tr ti a v d trong mc 4.2.2 vic cp nht sai v mng 1 nh trn s b lp vng nh vy cho ti khi no c mt tin trnh khc ct dt c tin trnh ny. Tnh trng nh vy gi l m v hn, gi d liu s b lp vng trn mng trong khi mng 1 b ct. Vi vect s dng thng s l s lng hop th mi khi router chuyn thng tin cp nht cho router khc, ch s hop s tng ln 1. N u ta khng c bin php khc phc tnh trng m v hn, th c nh vy ch s hop s tng ln v hn. Bn thn thut ton nh tuyn theo vect khong cch c th t sa li c nhng qu trnh lp vng ny c th ko di n khi no m n v hn. Do trnh tnh trng ny ko di, giao thc nh tuyn theo vect khong cch c nh ngha gi tr ti a. Bng cch ny giao thc nh tuyn cho php vng lp ko di n khi thng s nh tuyn vt qu gi tr ti a. V d
KHi thng s nh tuyn l 16 hop ln hn gi tr ti a l 15 th thng tin cp nht s b hu b. 4.2.4.Trnh nh tuyn lp vng bng phng php slip horizone Mt nguyn nhn khc cng gy ra lp vng l router gi li nhng thng tin nh tuyn m n va nhn c cho chnh router gi nhng thng tin . hiu r hn ta xt c ch sau:
44
Router A gi mt thng tin cp nht cho router B v D thng bo l mng 1 b ngt. tuy nhin router C vn gi cp nht cho router B l router C c ng i ti mng 1 thng qua router D, khong cch ng ny l 4. Khi router B tng lm l router C vn c ng n mng 1 mc d con ng ny c thng s khng tt bng con ng c ca router B lc trc. sau router B cng cp nht li cho router A v ng mi n mng 1. M router B va mi nhn c. Khi router A s cp nht li l n c th gi d liu n mng 1 thng qua router B. Router B th nh tuyn mng 1 qua router C. router C li nh tuyn qua router D kt qu l bt k gi d liu no n mng 1 cng ri vo vng lp ny. C ch slip-horizon s trnh c tnh hung ny bng cch: N u router B hoc D nhn c thng tin cp nht v mng 1 t router A th chng s khng gi li thng tin cp nht v mng 1 cho router A na. nh slip-horizonlamf gim c vic cp nht thng tin sai v gim bt vic x l thng tin cp nht.
Hnh 4.2.4 4.2.5 Router poisoning Router poisoning c s dng thnh xy ra cc vng lp ln v gip cho router thng bo l mng khng truy cp c na bng cch t gi tr cho thng s nh tuyn ( v d l s lng hop) ln hn gi tr ti a. V d:
45
Khi mng 5 b ngt th trn bng nh tuyn ca router E gi tr hop cho ng n mng 5 l 16, gi tr ny c ngha l mng 5 khng c truy cp na. Sau router E cp nht cho router C bng nh tuyn ny, trong ng n mng 5 c thng s hop l 16 c gi l route poisoning. Sau khi router C nhn c cp nht v route poisoning t router E, Router C s gi ngc li thng tin ny cho router E. Lc ny ta gi thng tin cp nht v mng 5 t router C gi ngc li cho router E l poison reverse. Router C lm nh vy m bo l n gi thng tin route poisoning ra tt c cc ng m n c. Tm li: Route poisoning c ngha l khi c mt con ng no b ngt th router s thng bo v con ng vi thng s nh tuyn ln hn gi tr ti a. C ch route poisoning khng h gy mu thun vi c ch slip-horizon. Sliphorizon c ngha l khi router gi thng tin cp nht ra mt ng lin kt th router s khng c gi li nhng thng tin no m n va nhn vo t ng lin kt . By gi router vn gi li nhng thng tin vi thng s nh tuyn ln hn gi tr ti a th kt qu vn nh vy. C ch ny gi l c ch sliphorizon kt hp vi poison reverse. 4.2.6 Trnh nh tuyn lp vng bng c ch cp nht tc thi Khi router pht hin ra c mt thay i no trong cu trc mng th n lp tc gi thng ip cp nht cho cc router lng ging thng bo v s thay i . N ht l khi c mt ng no b li hoc khng truy nhp c na th router phi cp nht tc thi thay v i n ht chu k. C ch cp nht tc thi kt hp vi route poisoning s m bo cho tt c cc router nhn c thng tin khi c
46
mt ng no b ngt trc khi thi gian holddown kt thc. C ch cp nht tc thi cho ton b mng khi c thay i trong cu trc mng gip cho cc router cp nht kp thi v khi ng thi gian holddown nhanh hn. V d:
Hnh 4.2.6 Trong v d trn hnh 4.2.6 router C cp nht tc thi ngay khi mang 10.4.0.0 khng truy cp c na. Khi nhn c thng tin ny, router B cng pht thng bo v mng 10.4.0.0 ra cng S0/1. n lt router A cng pht thng bo ra cng Fa0/0. 4.3.7.Trnh lp vng vi thi gian holddown Tnh trng lp vng n v hn c th trnh c bng cch s dng thi gian holddown nh sau. Khi router nhn c t router lng ging mt thng tin cho bit l mt mng X no by gi khng truy cp c na th router s nh du vo con ng ti mng X l khng truy cp c na v khi ng thi gian holddown. Trong khong thi gian holddown ny, nu router nhn c thng tin cp nht t chnh router lng ging lc ny thng bo l mng X truy cp li c th router mi cp nht thng tin v kt thc thi gian holddown. Trong sut thi gian holddown, nu router nhn c thng tin cp nht t mt router lng ging khc (khng phi l router lng ging pht thng cp nht v mng X lc ny) nhng thng tin ny cho bit c ng n mng X vi thng s nh tuyn tt hn con ng m router c trc th n s cp nht li thng tin ny v kt thc thi gian holddown Trong sut thi gian holddown, nu router nhn c thng tin cp nht t router lng ging khc (khng phi l router lng ging pht thng tin cp nht v mng X lc ny) nhng thng tin ny cho bit c ng ti mng X vi thng s
47
nh tuyn khng tt bng con ng m router c trc th n s b qua, khng cp nht thng tin ny. C ch ny gip cho router trnh c vic cp nht nhm ln nhng thng tin c do cc router lng ging cha hay bit g v mng X khng truy cp c na. Khong thi gian holddown bo m cho tt c cc router trong h thng mng c cp nht xong v thng tin mi. Sau khi thi gian holddown ht thi hn, tt c cc router trong h thng mng u c cp nht l mng X khng truy cp c na, khi cc router u c nhn bit chnh xc v cu trc mng. Do sau khi thi gian holddown kt thc th cc router li cp nht thng tin nh bnh thng.
Hnh 4.3.7
4.4. Giao thc nh tuyn RIP 4.4.1. Tin trnh ca RIP IP RIP c m t chi tit trong 2 vn bn. Vn bn u tin l RFC 1058 v vn bn th 2 l Tiu chuNn Internet (STD) 56. RIP c pht trin trong nhiu nm, bt u t phin bn 1 (RIPv1) RIP ch l giao thc nh tuyn theo lp a ch cho n phin bn 2 (RIPv2) RIP tr thnh giao thc nh tuyn khng theo lp a ch. RIPv2 c nhng u im hn nh sau: Cung cp thm nhiu thng tin nh tuyn hn. C c ch xc minh gia cc router khi cp nht m bo cho bng nh tuyn. C h tr VLSM (Variable Length Subnet Masking-Subnet Mask c chiu di khc nhau). 48
RIP trnh nh tuyn lp vng n v hn bng cch gii hn s lng hop ti a cho php t my gi n my nhn. S lng hop ti a cho mi con ng l 15. i vi cc con ng m router nhn c t thng tin cp nht ca router lng ging, router s tng ch s hop ln 1 v router xem bn thn n l mt hop trn ng i. N u sau khi tng ch s hop ln 1 m ch s ny ln hn 15 th router s xem nh mng ch tng ng vi con ng ny khng n c. N goi ra, RIP cng c nhiu c tnh tng t nh cc giao thc nh tuyn khc. V d nh: RIP cng c split horizon v thi gian holddown trnh cp nht thng tin nh tuyn khng chnh xc Cc c im chnh ca RIP L giao thc nh tuyn theo vect khong cch. Thng s nh tuyn l s lng hop. N u gi d liu n mng ch c s lng hop ln hn 15 th gi d liu s b hu b. Chu k cp nht mc nh l 30 giy. 4.4.2. Cu hnh RIP Lnh router rip dng khi ng RIP. Lnh Network dng khai bo nhng cng giao tip no ca router c php chy RIP trn . T RIP s bt u gi v nhn thng tin cp nht trn cc cng tng ng. RIP cp nht thng tin nh tuyn theo chu k. Khi router nhn c thng tin cp nht c s thay i no th n s cp nht thng tin mi vo bng nh tuyn. i vi nhng con ng n mng ch m router hc c t router lng ging th n s tng ch s hop ln 1, a ch ngun ca thng tin cp nht ny s l a ch ca trm k tip. c th s dng nhiu con ng c ch s bng nhau n cng 1 ch. RIP ch chn mt con ng tt nht n mng ch, tuy nhin n cng C th cu hnh cho RIP thc hin cp nht tc thi khi cu trc mng thay i bng lnh ip rip triggered. Lnh ny ch p dng cho cng serial ca router. Khi cu trc mng thay i router no nhn bit c s thay i ny u tin s cp nht vo bng nh tuyn ca n trc, sau lp tc gi thng tin cp nht cho cc router khc thng bo v s thay i . Hot ng ny gi l cp nht tc thi v n xNy ra hon ton c lp vi cp nht nh k. Hnh 4.4.1 l mt v d v cu hnh RIP:
49
Hnh 4.4.1 BHM(config)#router rip - Chn RIP lm giao thc nh tuyn cho router. BHM(config-router)#network 10.0.0.0 Khai bo mng kt ni trc tip vo router. BHM(config-router)#network 192.168.13.0 Khai bo mng trc tip kt ni vo router. Cc cng trn router kt ni vo mng 10.0.0.0 v 192.168.13.0 s thc hin gi v nhn thng tin cp nht v nh tuyn. Sau khi khi ng RIP trn cc mng ri ta c th thc hin thm mt s cu hnh khc. N hng cu hnh ny khng bt buc phi lm, ta ch cu hnh thm nu thy cn thit: iu chnh cc thng s cn thit. iu chnh cc thng s hot ng v thi gian ca RIP. Khai bo phin bn ca RIP m ta ang s dng (RIPv1 hay RIPv2). Cu hnh cho RIP thc hin khi trao i thng tin cp nht. Cu hnh cho RIP ch gi thng tin nh tuyn rt gn ra mt cng no . Kim tra thng tin nh tuyn IP rt gn. Cu hnh IGRP v RIP chy ng thi. Khng cho php RIP nhn thng tin cp nht t mt a ch IP no . M hoc tt ch split horizon. Kt ni RIP vo mng WAN . Tm li, cu hnh cho RIP ta bt u ch cu hnh ton cc nh sau: Router(config)#router rip - Khi ng giao thc nh tuyn RIP. 50
Router(config-router)#network network-numbur Khai bo cc mng m RIP c php chy trn . 4.4.3. S dng ip classless Khi router nhn c gi d liu c a ch ch l mt subnet khng c trn bng nh tuyn ca router. Trn bng nh tuyn ca router khng c chnh xc subnet nhng cc subnet kt ni trc tip vo router li c cng supernet vi subnet ch ca gi d liu. V d: Mt t chc s dng a ch mng 10.10.0.0/16, khi subnet 10.10.10.0/24 c supernet l 10.10.0.0/16. Trong trng hp nh vy ta dng lnh ip classless router khng hu b gi d liu m s truyn gi ra ng n a ch supernet, nu c. i vi phn mm Cisco IOS phin bn 11.3 tr v sau, mc nh l lnh ip classless c chy trong cu hnh ca router. N u bn mun tt lnh ny i th dng lnh no ca cu lnh ny. Tuy nhin nu khng c chc nng ny th tt c cc gi c a ch ch l mt subnet c cng supernet vi cc a ch mng khc ca router nhng li khng c trong bng nh tuyn s b hu b. Ip classless ch c tc ng i vi vic chuyn gi i ch khng tc ng n cch m router xy dng bng nh tuyn. y chnh l c im quan trng ca giao thc nh tuyn theo lp. N u mt a ch mng ln c chia thnh cc subnet con v trn bng nh tuyn ca router ch c mt s subnet con ch khng c ton b cc subnet khi gi d liu no c a ch ch l mt subnet nm trong a ch mng ln nhng li khng c trn bng nh tuyn ca router th router s hu b C ch ny hay b nhm ln nht khi router c cu hnh ng mc nh. t mt a ch mng ln chia thnh nhiu nubnet con. Kt ni trc tip vo router ch c mt subnet. Khi router xy dng bng nh tuyn, trn bng nh tuyn ng nhin c cc subnet ca mng kt ni trc tip vo router. Cn nhng subnet no khng c th subnet khng tn ti. Do khi router nhn c gi d liu c a ch mng ch l mt subnet khng c trn bng nh tuyn nhng li c cng supernet vi cc mng kt ni trc tip vo router th router xem nh mng ch khng tn ti v hu b gi d liu cho d trn bng nh tuyn ca router c cu hnh ng mc nh. Lnh ip classless s gii quyt vn ny bng cch cho php router khng cn quan tm n a ch ch
51
na. Khi nu router khng tm thy c c th mng ch trn bng nh tuyn th n s dng ng mc nh truyn gi i. 4.4.4. Nhng vn thng gp khi cu hnh RIP Router nh tuyn theo RIP phi da vo cc router lng ging hc thng tin n cc mng m khng kt ni trc tip vo router. RIP s dng thut ton vect khong cch. Tt c cc giao thc nh tuyn theo vect khong cch u c nhc im l tc hi t chm. Trng thi hi t l khi tt c cc router trong h thng mng u c thng tin nh tuyn v mt mng ging nhau v chnh xc. Cc giao thc nh tuyn theo vect khong cch thng gp vn v nh tuyn lp vng v m n v hn. y l hu qu khi cc router cha c hi t nn truyn cho nhau nhng thng tin c cha c cp nht ng. gii quyt nhng vn ny, RIP s dng nhng k thut sau: nh ngha gi tr ti a. Split horizon. Poison reverse. Thi gian holddewn. Cp nht tc thi. C mt s k thut i hi bn phi cu hnh, cn c mt s khc th khng cn cu hnh g c hoc ch cn cu hnh mt cht thi. RIP gii hn s hop ti a l 15. Bt k mng ch no m c s hop ln hn 15 th xem nh mng khng n c. iu ny lm cho RIP b hn ch khng s dng c cho nhng h thng mng ln nhng n li gip RIP trnh c li m n v hn. Lut split horizon l: Khi gi thng tin cp nht ra mt hng no th khng gi li nhng thng tin m router a nhn c t hng . Trong mt s cu hnh mng th bn cn phi tt c ch split horizon. Sau y l lnh tt c ch split horizon: GAD(config-if)#no ip split horizon Thi gian holddown l mt thng s m ta c th thay i nu cn. Khong thi gian holddown gip cho router trnh b lp vng m n v hn nhng ng thi n cng lm tng thi gian hi t gia cc router. Trong khong thi 52
gian ny, router khng cp nht nhng ng no c thng s nh tuyn khng tt bng con ng m router c trc , nh vy th c khi c ng khc thay th cho ng c tht nhng router cng khng cp nht. Thi gian holddown mc nh ca RIP l 180 giy. Ta c th iu chnh cho thi gian ngn li tng tc hi t nhng ta phi cn nhc k,thi gian holddown l tng l phi di hn khong thi gian di nht c th cho ton b h thng mng c th cho ton b h thng cp nht xong. V d nh hnh 4.4.4 ta c 4 router. N u mi router c thi gian cp nht l 30 giy th thi gian ti a cho c 4 router cp nht xong l 120 giy. N h vy th thi gian holddown phi di hn 120 giy. thay i thi gian holddown ta dng lnh sau: Router(config-router)#times [sleeptime] basic update invalid holddown flush
Hnh 4.4.4 Mt l do khc lm nh hng ti tc hi t l chu k cp nht. Chu k cp nht mc nh ca RIP l 30 giy. Ta c th iu chnh cho chu k cp nht di hn tit kim bng thng ng truyn hoc l git ngn chu k cp nht tng tc hi t. thay i chu k cp nht ta dng lnh sau: GAD(config-router )# update-time seconds Cn mt vn ta hay gp i vi cc giao thc nh tuyn l ta khng mun cho cc giao thc ny gi cc thng tin cp nht v nh tuyn ra mt cng no . Sau khi nhp lnh network khai bo a ch mng l lp tc RIP bt u gi cc thng tin nh tuyn ra tt c cc cng c a ch mng nm trong mng m bn va khai bao. N h qun tr mng c th khng cho php gi thng tin cp nht v nh tuyn ra mt cng no bng lnh passive-interface. 53
GAD(config-router)#neighbor ip address Phn mm Cisco IOS mc nhin nhn gi thng tin ca c RIP phin bn 1 v 2 nhng ch gi i gi thng tin bng RIP phin bn 1 nh qun tr mng c th cu hnh cho router ch gi v nhn gi phin bn 1 hoc ch gi gi phin bn 2 bng cc lnh sau: GAD(config-router)#version (1/2) GAD(config-if)#ip rip send version 1 GAD(config-if)#ip rip send version 2 GAD(config-if)#ip rip send version 1 2 GAD(config-if)#ip rip receive version 1 GAD(config-if)#ip rip receive version 2 GAD(config-if)#ip rip receive version 1 2 4.5. Kim tra cu hnh RIP C rt nhiu lnh c th kim tra cu hnh RIP c ng hay khng. Trong 2 lnh thng c s dng nhiu nht l show ip route v show ip protocols Lnh show ip protocols s hin th cc giao thc nh tuyn ip ang c chy trn router. Kt qu hin th ca lnh ny gip ta kim tra c phn ln cu hnh ca RIP nhng cha phi y ton b. Sau y ta cn ch mt s im khi kim tra: C ng l giao thc nh tuyn RIP c cu hnh hay khng. RIP c cu hnh gi v nhn thng tin cp nht trn cc cng no c chnh xc hay khng. Cc a ch mng c khai bo trn router chy RIP c ng hay khng.
54
Hnh 4.5 a Lnh show ip route c s dng kim tra xem nhng ng i m router hc c t cc router rip lng ging c c ci t vo bng nh tuyn khng. Trn kt qu hin th bng nh tuyn, ta kim tra cc ng c nh du bng ch R u dng m nhng ng router hc c t cc router rip lng ging. Ta nn nh rng cc router c mt khong thi gian hi t vi nhau, do cc thng tin mi c th cha c hin th ngay trn bng nh tuyn c. N goi ra cn c mt s lnh khc m ta c th s dng kim tra cu hnh RIP: show interface interface show ip interface interface show running config
Hnh 4.5b 4.6. X l s c v hot ng cp nht ca RIP
55
Hu ht cc li v cu hnh RIP u do khai bo cu lnh network sau, subnet khng lin tc hoc l do split horizon lnh c tc dng nht trong vic tm li ca RIP trong hot ng cp nht l lnh debug ip rip Lnh debug ip rip s hin th tt c cc thng tin nh tuyn m rip gi v nhn. V d trong hnh 3.2.6 cho ta thy kt qu hin th ca lnh debug ip rip. Sauk hi nhn c thng tin cp nht, router s x l thng tin ri sau gi thng tin mi va cp nht ra cc cng. Trong hnh cho ta thy router chy rip v1 v rip gi cp nht theo kiu broadcast (a ch broadcast 255.255.255.255) s trong ngoc n l a ch ngun ca gi thng tin cp nht RIP.
Hnh 4.6 C rt nhiu im quan trng m ta cn ch trong kt qu hin th ca lnh debug ip rip. Mt s vn , v d nh subnet khng lin tc hay trng subnet, c th pht hin nh lnh ny. Trong nhng trng hp nh vy ta s thy l cng mt mng ch nhng router gi thng tin i mng ch li c thng s nh tuyn thp hn so vi khi router nhn vo trc . N goi ra cn mt s lnh c th s dng s l s c ca RIP: show ip rip database show ip protocols (summary) show ip route debug ip rip (events) show ip interface brief 4.7. Khng cho router gi thng tin nh tuyn ra mt cng giao tip
56
Router c th thc hin chn lc thng tin nh tuyn khi cp nht hoc khi gi thng tin cp nht. i vi router s dng giao thc nh tuyn theo vect khong cch, c ch ny c tc dng v router nh tuyn da trn cc thng tin nh tuyn nhn c t cc router lng ging. Tuy nhin i vi router s dng giao thc nh tuyn theo trng thi ng lin kt th c ch trn khng hiu qu v cc giao thc ny quyt nh chn ng i trn c s d liu v trng thi cc ng lin kt ch khng da vo thng tin nh tuyn nhn c. Chnh v vy m cch thc hin ngn khng cho router gi thng tin nh tuyn ra mt cng giao tip c cp sau ch s dng cho giao thc nh tuyn theo vect khong cch nh RIP, IGRP thi. Ta c th s dng lnh passive interface ngn khng cho router gi thng tin cp nht v nh tuyn ra mt cng no . Lm nh vy th bn s ngn c h thng mng khc hc c cc thng tin nh tuyn trong h thng ca mnh. i vi RIP v IGRP, lnh passive interface s lm cho router ngng gi thng tin cp nht v nh tuyn cho 1 router lng ging no , nhng router vn tip tc lng nghe v nhn thng tin cp nht t router lng ging 4.8. Chia ti vi RIP Router c th chia ti theo nhiu ng khi c nhiu ng tt n cng mt ch.Bn c th cu hnh bng tay cho route chia ti ra cc ng hoc la route cc giao thc nh tuyn ngc tht ng tnh ton chia ti. RIP c kh nng chia ti ra ti a l 6 ng, c chi ph bng nhau, cn mc nh th rip ch chia ti ra 4 ng. RIP thc hin chia ti bng cch s dng ln lt v lun phin tng ng. 4.9. Chia ti cho nhiu ng Router c kh nng chia ti ra nhiu ng chuyn cc gi d liu n cng mt ch .Chng ta c th cu hnh bng tay cho router thc hin chia ti hoc l cc giao thc nh tuyn ng nh RIP, IGRP, EIGRP v OSPF s t ng tnh ton. Khi router nhn c thng tin cp nht v nhiu ng khc nhau n cng mt ch th router s chn ng no c ch s tin cy(Administrative distance) nh nht t vo bng nh tuyn. Trong trng hp cc ng ny c cng ch s tin cy th router th router s chn ng no c chi ph thp nht hoc c thng s nh tuyn nh
57
nht. Mi giao thc nh tuyn c cch tnh chi ph khc nhau v ta cn phi cu hnh cc chi ph ny router thc hin chia tai. Khi router c nhiu ng c cng ch s tin cy v cng chi ph n cng mt ch th router s thc hin vic chia ti. Thng thng th router c kh nng chia ti n 6 ng c cng chi ph (thi hn ti a s ng chia ti l ph thuc vo bng nh tuyn ca Cisco IOS ), tuy nhin mt s giao thc nh tuyn ni (IGP) c th c gii hn ring. V d nh EIGRP ch co php ti a l 4 ng. Mc nh th hu ht cc giao thc nh tuyn IP u chia ti ra 4 ng. ng c nh th chia ti ra 6 ng. Ch ring BGP l ngoi l, mc nh ca BGP l ch cho php nh tuyn mt ng n mt ch. S ng ti a m router c th chia ti ra t 1 n 6 ng. thay i s ng ti a cho php ta s dng lnh sau: Router(config-router)#maximum-paths [number] IGRP c th chia ti ln ti a 6 ng. RIP da vo s lng hop chn ng chia ti, trong khi IGRP th da vo bng thng chn ng chia ti. Khi nh tuyn IP, Cisco IOS c 2 c ch chia ti l: Chia ti theo gi d liu v chia ti theo a ch ch. N u router chuyn mng theo tin chnh th router s chia gi d liu ra cc ng. Cch ny gi l chia ti theo gi d liu. Cn nu router chuyn mch nhanh th router s chuyn tt c cc gi d liu n cng mt ch ra 1 ng. Cc gi d liu n hop khc nhng trong cng mt mng ch th s ti ra ng k tip. Cch ny gi l chia ti theo a ch ch. 4.10. Tch hp ng c nh vi RIP ng c nh l do ngi qun tr cu hnh cho router chuyn gi ti mng ch theo ng m mnh mun. Mt khc, lnh cu hnh ng c nh cng nh s dng khai bo cho ng mc nh. Trong trng hp router khng tm thy ng no trn bng nh tuyn chuyn gi n mng ch th router s s dng ng mc nh. Router chy RIP c th nhn thng tin v ng mc nh t nhng thng tin cp nht ca cc router RIP lng ging khc. Hoc l bn thn router c cu hnh ng mc nh s cp nht thng tin nh tuyn ny cho cc router khc. Ta c th xo ng c nh bng lnh no ip router ngi qun tr mng c th cu hnh ng c nh bn cnh nh tuyn ng. Mi mt giao thc nh tuyn ng 58
c 1 ch s tin cy (AD) mc nh. N gi qun tr mng c th cu hnh mt ng c nh ti mt mng ch vi ng nh tuyn ng nhng vi ch s AD ln hn ch s AD ca giao thc nh tuyn ng tng ng. Khi , ng nh tuyn ng c ch s AD nh hn nn lun lun c router chn la trc. Khi ng nh tuyn ng b s c khng s dng c na th router s s dng ti ng c nh chuyn gi d liu n mng ch. N u ta cu hnh ng c nh ch ra mt cng RIP cng chy trn cng th RIP s gi thng tin cp nht v ng c nh ny cho ton b h thng mng. V khi , ng c nh c xem nh l kt ni trc tip vo router nn n khng cn bn cht l mt ng c nh na. N u ta cu hnh ng c nh ch ra mt cng m RIP khng chy trn cng th RIP khng gi thng tin cp nht v ng c nh , ch khi ta phi cu hnh thm lnh redistribute static cho RIP. Khi mt cng giao tip b ngt th tt c cc ng c nh ch ra cng u b xo khi bng nh tuyn. Tng t nh vy, khi router khng xc nh c trm k tip trn ng c nh cho gi d liu ti mng nh th ng c nh cng s khi bng nh tuyn.
59
CHNG 5: DANH SCH TRUY CP ACLs 5.1. C bn v Danh sch kim tra truy cp 5.1.1. ACL l g ? ACLs l mt danh sch cc iu kin c p dng cho lu lng i qua mt cng ca Router. Danh sch ny cho php Router bit loi gi no c chp nhn hay b t chi da trn cc iu kin c th. ACL c s dng qun l lu lng mng v bo v s truy cp ra hoc vo h thng mng. ACL c th c to ra cho tt c cc giao thc c nh tuyn nh IP (Internet Protocol) v IPX (Internetwork Packet Exchange). ACL c th c cu hnh trn router kim tra vic truy cp v mt mng hay mt subnet no .
Hnh 5.1. V d v ACL ACL lc ti bng cch kim tra vic chuyn i cc gi c nh tuyn xong hoc l chn ngay cc gi vo cng ca router. Router kim tra tng gi mt quyt nh l chuyn gi i hay hy b gi ty vo cc iu kin trong ACL nh: a ch ngun v ch, giao thc v s port ca lp trn.
60
Hnh 5.2. Cu trc v gi d liu Mt s nguyn nhn chnh to ACLs: Gii hn lu lng mng tng hiu xut hot ng ca mng. V d, bng cch gii hn lu lng truyn video, ACLs lm gim ti ng k v lm tng hiu sut ca mng. Kim tra dng lu lng. ACLs c th gii hn thng tin truy cp nh tuyn. Cung cp ch bo v truy cp c bn. ACLs c th cho php mt host truy cp vo mt phn no ca h thng mng v ngn khng cho cc host khc truy cp vo khu vc . Quyt nh loi lu lng c php cho qua hay chn li trn cc cng ca router. V d, lu lng ca Email c php cho qua nhng tt c lu lng ca telnet u b chn li. Cho php ngi qun tr mng iu khin c cc phm vi m cc Client c quyn truy cp vo trong h thng mng. Kim tra host cho php hay t chi khng cho truy cp vo mt khu vc no trong h thng. N u trn router khng c cu hnh ACLs th tt c cc gi c chuyn i n mi v tr trong h thng mng. 5.1.2. ACLs lm vic nh th no Mi ACLs l mt danh sch cc cu lnh trong xc nh gi d liu no c chp nhn hay t chi ti chiu ra hay chiu vo ca mt cng trn Router. Mi mt cu lnh c cc iu kin v kt qu chp nhn hay t chi tng ng. N u tho iu kin trong cu lnh th quyt nh chp nhn hay t chi s c thc hin. 61
Th t t cc cu lnh trong ACLs rt quan trng.Phn mm Cisco IOS s kim tra gi d liu vi tng cu lnh mt theo ng th t t trn xung di. N u tho iu kin ca mt cu lnh th gi d liu s c chp nhn hay t chi ngay v ton b cc cu lnh cn li trong ACLs s khng phi kim tra na. N u khng tho iu kin ca tt c cc cu lnh trong ACLs th mc nh l cui danh sch lun c mt cu lnh Nn deny any (t chi tt c). N u bn cn thm mt cu lnh vo ACLs th bn phi xo ton b ACLs i ri to li ACLs mi c cu lnh mi.
Hnh 5.3. S lm vic ca ACLs 5.1.3. To ACLs ACLs c to trong ch cu hnh ton cc. C rt nhiu loi ACLs khc nhau, bao gm: ACL c bn, ACL m rng, ACL cho IPX, AppleTalk v cc giao thc khc. Khi cu hnh ACLs trn router mi ACL c mt s xc nh.
Hnh 5.4. Cc thng s cu hnh ACL Bt u to ACLs bng t kha access-list, theo sau l cc tham s tng ng ca lnh ny. Trong ch ch cu hnh cng ca router, dng lnh access-group gn 62
ACL tng ng vo cng . Khi gn ACL cho mt cng , cn xc nh c th ACL p dng cho chiu ra hay vo trn cng ca router. thay i ACL, dng lnh no access-list list-number xa tt c cc cu lnh access-list c cng list-number. Cc nguyn tc c bn khi to v gn ACLs: Mt ACL cho mt giao thc trn mt chiu ca mt cng. ACL c bn nn t v tr gn mng ch nht. ACL m rng nn t gn mng ngun nht ng trong router xc nh chiu i ra hay i vo trn mt cng ca router Cc cu lnh trong mt ACL s c kim tra tun t t trn xung cho n khi c mt cu lnh c tha. N gc li, nu khng c cu lnh trong ACL th gi d liu s b t chi.
Hnh 5.5. Cu hnh ACL cho mt router Trong thc t, cc lnh ca danh sch truy cp c th l cc xu k t di. Cc danh sch truy cp c th phc tp khi nhp vo hoc dch ra.Tuy nhin, bn c th n gin ho cc lnh nh cu hnh cho danh sch truy cp chung bng cch gim cc lnh bi hai phn t chung. M hnh to ACL: Bc 1: To cc thng s cho cu lnh kim tra danh sch truy cp ny (c th l mt hoc vi cu lnh): Router(config)#access-list access-list-number {permit | deny} {test condition}
Bc 2: Cho php mt giao din tr thnh mt phn ca nhm, nhm m s dng danh sch truy cp c xc nh (kch hot access list trn interface). Router(config-ip)#{protocol} access-group access-list-number {in | out}
63
access-list-number l s hiu phn bit cc access list vi nhau, ng thi cng cho bit l loi access list no (standard hay extended) Cp nht cc danh sch truy cp: N u cc cu lnh iu kin thm vo l cn thit trong mt danh sch truy cp th cp nht ton b. ACL phi c xo v to li vi cc cu lnh iu kin mi. Xc nh ACLs nh th no? Mi ACL c xc nh duy nht bng cch gn mt s (hoc mt tn) cho n. S ny xc nh kiu ca danh sch truy cp c to v phi nm trong phm vi gii hn c bit ca cc ch s:
Mt ACL c s ho khng th b hiu chnh trn router. hiu chnh mt ACL: Bc 1: Copy n ti mt file vn bn. Bc 2: G b t cu hnh router vi no hnh dng ca cu lnh ACL Bc 3: To nhng thay i cn thit cho lile vn bn. Bc 4: Dn tr li ch cu hnh chung. 5.1.4. Chc nng ca wildcard mask 64
Mt wildcard mask di 32 bit c chia lm 4 Octet. Mi mt wildcard mask i cng vi mt a ch IP. S bit 0 v 1 trong wildcard mask c s dng xc nh cch x l bit tng ng trong a ch IP.
Hnh 5.6. Cu trc ca wildcard mask v a ch IP Subnet mask c chui bit 1 bt u t tri ko di sang phi xc nh phn host v phn mng trong mt a ch IP. Trong khi wildcard mask c thit k lc ra mt a ch IP ring l hay mt nhm a ch IP cho php hay t chi truy cp da trn a ch IP. Gi tr 0 v 1 trong wildcard mask c ngha khc vi bit 0 v 1 trong subnet mask. trnh nhm ln, ch x c s dng thay th bit 1 trong wildcard mask. V d, wildcard mask l 0.0.255.255. Bit 0 c ngha l bit tng ng trong a ch IP phi kim tra, cn bit x (bit 1) c ngha l bit tng ng trong a ch IP c th b qua khng cn kim tra. Trong qu trnh wildcard mask, a ch IP trong mi cu lnh c kt hp vi wildcard mask trong cu lnh tnh ra gi tr chuNn. Gi tr ny dng so snh vi a ch ca cc gi d liu ang c kim tra bi cu lnh ACL. N u hai gi tr ny ging nhau th c ngha l iu kin v a ch c tha mn. C hai t kha c bit c s dng trong ACLs l any v host. Any i din cho IP 0.0.0.0 v wildcard mask l 255.255.255.255, host i din cho wildcard mask 0.0.0.0.
65
Hnh 5.7. Qu trnh kt hp IP v wildcard mask 5.1.5. Kim tra ACLs C rt nhiu lnh show c s dng v kim tra ni dung v v tr t ACLs trn router. Lnh show ip interface hin th thng tin ca cc cng IP trn router v cho bit c ACLs c t trn cc cng hay khng. Lnh show access-lists s hin th ni dung ca tt c cc ACLs trn router. xem c th mt ACL no th cn thm tn hoc s vo sau cu lnh show access-lists
Hnh 5.8. V d v mt lnh show 66
5.2. Danh sch kim tra truy cp 5.2.1. ACLs c bn ACLs c bn thc hin kim tra a ch IP ngun ca gi d liu. Kt qu kim tra s dn n kt qu l cho php hay t chi truy cp ton b cc giao thc da trn a ch mng, subnet hay host. Trong ch cu hnh ton cc, lnh access-list c s dng to ACL c bn vi s ACL nm trong khong t 1 n 99. V d: Access-list 2 deny 172.16.1.1 Access-list 2 permit 172.16.1.0 0.0.0.255 Access-list 2 deny 172.16.0.0 0.0.255.255 Access-list 2 permit 172.0.0.0 0.255.255.255 Cu lnh ACL u tin khng c wildcard mask, trong trng hp ny wildcard mask mc nh c s dng l 0.0.0.0. iu ny c ngha l ton b a ch 172.16.1.1 phi c tha, nu khng th router s phi kim tra cu lnh k tip trong ACL.
67
Hnh 5.9. Hot ng ca ACL c bn Cu trc y ca lnh ACL c bn: Router(config)#access-list access-list-number {deny / permit} Source [ source wildcard ] [ log ] Dng no ca cu lnh c s dng xa ACLs: Router(config)#no access-list access-list-number 5.2.2. ACLs m rng ACLs m rng thng c s dng nhiu hn ACLs c bn v n c kh nng kim sot ln hn nhiu. ACLs m rng kim tra i ch ngun v ch ca gi d liu, kim tra c giao thc vi s cng. Do rt thun tin trong vic cu hnh cc iu kin kim tra cho ACL. Gi d liu c chp nhn hay t chi l da trn v tr xut pht v ch n ca gi d liu cng vi loi giao thc v s cng ca n. V d, mt ACL m rng c th cho php lu lng ca Email t cng Fa0/0 ra cng S0/0 v t chi cc lu lng ca Web v FTP. Khi gi d liu b hy b v b t chi, mt s giao thc s gi thng ip phn hi v cho my gi thng bo l d liu khng n ch c. Trong mt ACL c th c nhiu cu lnh. Cc cu lnh c cng s ACL l nm trong cng mt danh sch ACL. C th cu hnh s lng ACL vi s lng khng hn ch v ch ph thuc vo dung lng b nh ca router. V d: Access-list 114 permit tcp 172.16.6.0 0.0.0.255 any eq telnet Access-list 114 permit tcp 172.16.6.0 0.0.0.255 any eq ftp Access-list 114 permit tcp 172.16.6.0 0.0.0.255 any eq ftp-data cui cu lnh ACL m rng c thng s v s port TCP v UDP xc nh chnh xc hn loi gi d liu. C th xc nh s port bng cc tham s
eq (equal: bng), neq
(not equal: khng bng), gt (greater: ln hn), lt (less than: nh hn). ACL m rng s dng s ACL t 100 n 199 (v t 2000 n 2699 i vi cc IOS gn y). Lnh ip
access-group c s dng gn mt ACL m rng c vo mt
cng ca router. Mt ACL cho mt giao thc cho mt chiu trn mt cng. V d: Router(config-if)#ip access-group access-list-number
{in | out}
68
5.2.3. t tn ACLs t tn ACLs c nhng u im sau: Xc nh ACL bng tn s mang tnh trc gic hn ACLs t tn c th chnh sa m khng cn phi xa ton b ACLs ri vit li t u nh ACLs t theo s. Khng cn b gii hn ti a 798 ACLs c bn v 799 ACLs m rng. V d v cu hnh t tn ACL: TN (config)#ip
access-list extended server-access host 131.108.101.99 eq mstp UDP any host 131.108.101.99 eq domain
TN (config-ext-nacl)#permit TCP any TN (config-ext-nacl)#permit TN (config-ext-nacl)#deny TN (config-ext-nacl)#^Z Applying the name list: TN (config)#interface TN (config-if)#ip TN (config-if)#^Z
ip any any
fastethernet 0/0
access-group server-access out
Nhng im cn lu khi thc hin t tn ACLs: ACLs t tn khng tng thch vi cc Cisco IOS phin bn trc 11.2, Khng s dng chung mt tn cho nhiu ACLs khc nhau. V d, khng th c mt ACL c bn v mt ACLs m rng c cng tn l TN . 5.2.4. V tr t ACLs ACLs c s dng kim sot lu lng bng cch lc gi d liu v loi b cc lu lng khng mong mun trn mng. V tr t ACLs rt quan trng, n gip cho hot ng ca ton b h thng mng c hiu qu.
69
Hnh 5.10. V tr t ACLs N guyn tc chung l: t ACLs m rng cng gn ngun ca ngun lu lng m ta mun chn li cng tt. ACLs c bn khng xc nh a ch ch nn t chng cng gn ch cng tt. 5.2.5. Bc tng la Bc tng la l mt cu trc ngn gia ngi dng bn trong h thng mng vi h thng bn ngoi trnh nhng k xm nhp bt hp php. Mt bc tng la bao gm nhiu thit b lm vic cng nhau ngn chn cc truy cp khng mong mun.
Hnh 5.11. Cu trc bc tng la Trong cu trc ny, router kt ni ra Internet c gi l router ngoi vi, s a tt c cc lu lng nhn vo n Application gateway. Kt qu l gateway c th kim sot vic phn phi cc dch v i ra v i vo h thng mng. Khi , ch nhng user no c php mi c th kt ni ra Internet hoc l ch nhng ng dng no c php mi c 70
th thit lp kt ni cho host bn trong v bn ngoi. iu ny gip bo v Application gateway v trnh cho n b qu ti bi nhng gi d liu vn l s b hy b. Do ACLs t trn router ng vai tr nh bc tng la, l nhng router v tr trung gian gia mng bn trong v mng bn ngoi. Router bc tng la ny s cch ly cho ton b h thng mng bn trong trnh b tn cng. ACLs cng nn s dng trn router v tr trung gian kt ni gia hai phn ca h thng mng v kim sot hot ng gia hai phn ny. 5.2.6. Gii hn truy cp vo ng vty trn router ACLs c bn v m rng u c hiu qu i vi cc gi d liu i qua router. N hng chng khng chn c cc gi d liu xut pht t chnh bn thn router . Do mt ACL m rng ngn hng Telnet ra s khng th ngn chn c cc phin Telnet xut pht t chnh router .
Hnh 5.12. Truy cp vo ng vty trn router Trn router c cc cng vt l nh cng Fa0/0 v S0/0 cng c cc cng o. Cc cng ny gi l ng vty c nh s t 0 n 4. Gii hn truy cp vo ng vty s tng kh nng bo v cho h thng mng. Qu trnh to vty ACLs cng ging nh to cc ACL khc, nhng khi t ACLs vo ng vty th dng lnh access-class thay v dng lnh access-group V du: Creating the standard list: Router1(config)#access-list Router1(config)#access-list Router1(config)#access-list Applying the access list: 71
2 permit 172.16.1.0 0.0.0.255 2 permit 172.16.2.0 0.0.0.255 2 deny any
Router1(config)#line
vty 0 4 secret 2 in
Router1(config-line)#password
Router1(config-line)#access-class Router1(config-line)#login
TI LIU THAM KHO [1]. Cisco Certified N etwork Associate Semester 2 Cisco Press [2]. Interconnecting Cisco N etwork Devices - Cisco Press [3]. www.cisco.com
72

Bai Giang CNTB Mang DH HCDH CD ks2 6231

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Bai Giang CNTB Mang DH HCDH CD ks2 6231

Cargado por

Copyright:

Formatos disponibles

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Hnh 1.3.4. Ni cp trn router cho mt cu ni ISDN

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

CHNG 2. CU HNH ROUTER

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Mode User EXEC Privileged EXEC

Dau nhac Router> Router#

T privileged EXEC mode, dung lenh configure terminal

2.3 Cau hnh cac tnh nang chung cua router.

Cach trnh bay ^ hay Ctrl

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Hnh 3.2 Ket noi console port vao terminal.

Dau nhac ban au Router> Router# Router#(config) Router#(configline) Router#(configline) Router#(configline)

Dau nhac ban au Router> Router# Router#(config) Router#(configline) Router#(configline) Router#(configline)

Cau lenh enable

Dau nhac ban au Router>

Dau nhac sau khi go lenh Router#

Giai thch Vao che o Privileged mode, go password neu can

enable assword password enable secret password

(name)#(config -line) (name)#(config -line)

(name)# Bang 3.5

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng ------------------------------------------------------------------------------------------------------------.

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Xem noi dung cua flash RAM

Chon IOS image e khi ong router.

Boot system tftp ip address filename

Nhieu lenh boot system

Khoa CNTT- Bi ging mn Cng ngh v thit b mng -------------------------------------------------------------------------------------------------------------.Bang 3.7

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Qu trnh cp nht bng nh tuyn Router A gi i bng nh tuyn cp nht

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

+ c s dng nh tuyn lu lng Internet gia cc h t qun (AS)

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------

Khoa CNTT- Bi ging mn Cng ngh v thit b mng --------------------------------------------------------------------------------------------------------------