Está en la página 1de 298

Mc Lc

Lab 1- Cu hnh Switch c bn................................................................................... Trang 4 Lab 2- Cu hnh Router C bn ................................................................................. Trang 13 Lab 3- Telnet v SSH.................................................................................................. Trang 20 Lab 4- Hng dn s dng GNS3 .............................................................................. Trang 26 Lab 5- Lab tng hp Switch, Router........................................................................... Trang 34 Lab 6- Wireless Lab .................................................................................................... Trang 43 Lab 7- Cisco Security Manager (SDM) ...................................................................... Trang 51 Lab 8- DHCP, DHCP Relay ....................................................................................... Trang 64 Lab 9- nh tuyn tnh (Static Route) ........................................................................ Trang 78 Lab 10- RIPv2 (Routing Information Protocol).......................................................... Trang 88 Lab 11- CDP (Cisco Discovery Protocol) .................................................................. Trang 105 Lab 12- Sao lu IOS, cu hnh Router ........................................................................ Trang 123 Lab 13- Khi phc mt khu cho Router .................................................................... Trang 125 Lab 14- Khi phc mt khu cho Switch.................................................................... Trang 129 Lab 15- Lab tng hp phn 1 ...................................................................................... Trang 133 Lab 16- OSPF (Open Shortest Path First)................................................................... Trang 139 Lab 17- EIGRP (Enhanced Interior Gateway Routing Protocol) ............................... Trang 155 Lab 18- VTP, VLAN .................................................................................................. Trang 166 Lab 19- PVST+, PVRST ............................................................................................ Trang 181 Lab 20- nh tuyn VLAN s dng Switch Layer3 ................................................... Trang 215 Lab 21- Standard ACL ................................................................................................ Trang 224 Lab 22- Extend ACL ................................................................................................... Trang 232 Lab 23- NAT, PAT ..................................................................................................... Trang 241 Lab 24- IPv6 ....................................................................................................... Trang 256

Lab 25- PPP PAP, CHAP ........................................................................................... Trang 265

Lab 26- Frame Relay c bn ....................................................................................... Trang 278 Lab 27- Frame Relay nng cao ................................................................................... Trang 289

LAB 1: CU HNH SWITCH C BN


I. Mc Tiu : - Gip hc vin bt u lm quen vi cc lnh c bn trn Cisco IOS - n tp li cc lnh lin quan n : t IP cho Switch, cc loi mt khu, Port-Security Lab cu hnh Switch c bn:

II.

Yu cu : -S dng Packet Tracer kt ni m hnh nh trn -Xa ton b cu hnh hin ti ca Swicth -Cc lnh xem thng tin -Cu hnh hostname, a ch IP -Cc loi mt khu -Tc v duplex -Tnh nng PortSecurity 1. Kt ni cp v xa cu hnh cho Switch: - S dng ng cp thng kt ni t PC n Switch - S dng PC kt ni vo cng console ca Switch hoc vo tab CLI ca thit b tin hnh cu hnh - Xa cu hnh Switch

Switch> enable Switch# erase startup-config Switch# reload 2. Cc lnh kim tra thng tin : Xem cu hnh hin ti ca Switch cng vi tng s lng interface Fastethernet, GigabitEthernet, s line vty cho telnet..

Switch#show running-config Trn tt c SW Cisco u c interface mc nh l VLAN1 dng qun l SW t xa thng qua vic t ip cho interface ny, xem t im interface vlan 1

Switch#show interface vlan1 Ghi li thng tin a ch Ip, MAC, trng thi up, down Switch#show interface fa0/1 tnh trng interface fastethernet 0/1 Xem thng tin v phin bn h iu hnh, dung lng b nh RAM, NVRAM, Flash

Switch#show version Ni dung b nh Flash

Switch#show flash: Hoc Switch#dir flash: Switch#dir flash: 6 drwx 4480 Mar 1 1993 00:04:42 +00:00 html 618 -rwx 4671175 Mar 1 1993 00:06:06 +00:00 c2960-lanbase-mz.122-25.SEE3.bin 32514048 bytes total (24804864 bytes free) Xem cu hnh ang lu trn Switch

Switch#show startup-configure startup-config is not present L do hin thng bo trn l do hin ti chng ta cha lu cu hnh, by gi th t hostname cho thit b sau lu cu hnh

Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname S1 S1(config)#exit S1#copy running-config startup-config Destination filename [startup-config]? (enter) Building configuration... [OK] S1#show startup-config Using 1170 out of 65536 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S1 ! <output omitted> 3. Cc loi mt khu : Cu hnh mt khu cisco cho cng Console

S1(config)#line console 0 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#exit Telnet l mt dch v gip ngi qun tr c th qun l cc thit b t xa thng qua cc line vty, trong trng hp ny mt khu line vty cho dch v Telnet l Cisco

S1(config)#line vty 0 4 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#exit t mt khu nhy t mode User ( > ) sang Privileged ( #) l class

S1(config)#enable secret class

Mode Privileged c th thay i tt c cu hnh ca thit b Cisco nn rt quan trong nn vic t mt khu cho mode ny l cn thit 4. t IP cho Switch : Switch l mt thit b lp 2 nn cc cng ca Switch ta khng th t IP c c th qun l thit b t xa, i vi Cisco Switch ta c th lm c iu ny bng cch t ip thng qua 1 interface t bit VLAN1 ( logical interface ) S1(config)#interface vlan 1 S1(config-if)#ip address 172.17.99.11 255.255.0.0 S1(config-if)#no shutdown S1(config-if)#exit S1(config)# t mng khc vn c th qun l c switch cn khai bo thm Gateway cho Switch :

S1(config)#ip default-gateway 172.17.99.1 Vi 172.27.99.1 l a ch ca gateway Kim tra li cu hnh interface Vlan 1

S1#show interface vlan 1 Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 001b.5302.4ec1 (bia 001b.5302.4ec1) Internet address is 172.17.99.11/16 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:06, output 00:03:23, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 4 packets input, 1368 bytes, 0 no buffer Received 0 broadcasts (0 IP multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

1 packets output, 64 bytes, 0 underruns 0 output errors, 0 interface resets Cu hnh a ch IP cho PC1 vi thng tin trn bi lab, trn PC vo Desktop -> IP Configuration IP: 172.17.99.21 SM: 255.255.0.0 Gw: 172.17.99.1 hin ti cha c trong bi lab ny - Kim tra kt ni t PC n Switch : PC vo Desktop -> Command prompt -> ping 172.17.99.11 Thay i cu hnh duplex v tc trn cc cng ca Switch

S1#configure terminal S1(config)#interface fastethernet 0/18 S1(config-if)#speed 100 S1(config-if)#duplex auto S1(config-if)#end Kim tra li interface

S1#show interface fastethernet 0/18 FastEthernet0/18 is up, line protocol is up (connected) Hardware is FastEthernet, address is 001b.5302.4e92 (bia 001b.5302.4e92) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Lu cu hnh configuration...

S1#copy running-config startup-config Destination filename [startup-config]?[Enter] Building [OK] S1# 5. Qun l bng MAC table :

Kim tra a ch MAC ca c PC bng lnh ipconfig /all, ghi li a ch MAC v kim tra li bng a ch MAC trn Switch v so snh ni dung vi a ch MAC ca PC

S1#show mac-address-table 6. Cu hnh tnh nng Port Security : Tnh nng Port Security c th gip ta qun l vic truy cp vo tng cng ca Switch gm: PC c MAC no c lt ni n cng, tng s MAC c kt ni Cc bc cu hnh nh sau

S1# configure terminal S1(config)#interface fastethernet 0/18 S1(config-if)#switchport mode access port hot ng mode access S1(config-if)#switchport port-security bt tnh nng port security S1(config-if)#switchport port-security maximum 2 ti a 2 MAC c kt ni n cng ny S1(config-if)#switchport port-security mac-address sticky cc a ch MAC trn c hc t ng t 2 PC u tin ni n cng S1(config-if)#switchport port-security violation shutdown Khi vt qu s lng cho php cng s t ng shutdown -Xem li cu hnh bng 2 lnh Switch#show running-configure Switch#show port-security interface fa0/18 Th kim tra li hot ng ca Port Security bng cch ln lt ni PC1, 2 vo cng fa0/18 sau s dng lnh show port-security address s thy ch c PC1, 2 mi c kt ni n cng fa0/18, by gi ta cm thm 1 PC th 3 vo cng fa0/18 na s thy cng t ng b shutdown do vt qu gii hn cho php ca lnh switchport port-security maximum 2

III.

- Tin hnh lu cu hnh v kt thc bi Lab. Cc lnh lin quan n bi lab:

- Cc cu lnh tr gip - Cc cu lnh kim tra - Cu hnh tn switch - Cu hnh password - Cu hnh a ch IP v default gateway

- Lab cu hnh switch c bn 1. Cc lnh tr gip: Switch> ? Switch> enable Switch# Switch# disable Switch> exit Cu hnh Hostname 2. Cc cu lnh kim tra : Switch# show running-config Switch# show startup-config Switch# show interfaces Hin th file cu hnh ang chy trn RAM Hin th file cu hnh ang chy trn NVRAM Hin th thng tin cu hnh v cc interface c trn switch v trng thi ca cc interface . Hin th cc thng s cu hnh ca Interface VLAN 1, Vlan 1 l vlan mc nh trn tt c cc switch ca cisco. Hin th thng tin v phn cng v phn mm ca switch Hin th thng tin v b nh flash Hin th bng a ch MAC hin ti ca switch Phm ? c dng lm phm tr gip ging nh router L ch User L ch Privileged Thot khi ch privileged Thot khi ch User

Switch# show interface vlan 1

Switch# show version

Switch# show flash: Switch# show mac-address-table

3. Cu hnh Hostname : Switch# configure terminal Switch(config)# hostname 2960Switch Chuyn cu hnh vo ch Global Configuration t tn cho switch l 2960Switch. Cu lnh t tn ny thc thi ging trn router.

10

4. Cc loi password 2960Switch(config)#enable password cisco 2960Switch(config)#enable secret class Cu hnh Password enable cho switch l Cisco Cu hnh Password enable c m ha l class Vo ch cu hnh line console Cho php switch kim tra password khi ngi dng login vo switch thng qua console Cu hnh password cho console l Cisco Thot khi ch cu hnh line console Vo ch cu hnh line vty Cho php switch kim tra password khi ngi dng login vo switch thng qua telnet Cu hnh password cho php telnet l Cisco Thot khi ch cu hnh ca line vty

2960Switch(config)#line console 0 2960Switch(config-line)#login

2960Switch(config-line)#password cisco 2960Switch(config-line)#exit 2960Switch(config-line)#line vty 0 4 2960Switch(config-line)#login 2960Switch(config-line)#password cisco 2960Switch(config-line)#exit 5. Cu hnh a ch IP v default gateway 2960Switch(config)# Interface vlan 1 2960Switch(config-if)# ip address 172.16.10.2 255.255.0.0 2960Switch(config)#ip default-gateway 172.16.10.1

Vo ch cu hnh ca interface vlan 1 Gn a ch ip v subnet mask cho php truy cp switch t xa. Cu hnh a ch default gateway cho Switch

6. Cu hnh m t cho interface : 2960Switch(config)# interface fastethernet fa0/1 Vo ch cu hnh ca interface fa0/1

2960Switch(config-if)# description Thm mt on m t cho interface ny. FinaceVLAN * Ch : i vi dng switch 2960 c 12 hoc 24 Fast Ethernet port th tn ca cc port

11

s bt u t: fa0/1, fa0/2. Fa0/24. Khng c port Fa0/0. 7. Qun l bng a ch MAC : Switch# show mac address-table Hin th ni dung bng a ch mac hin thi ca switch

12

I.

Gii thiu : Bo mt l mt yu t rt quan trng trong network,v th n rt c quan tm v s dng mt khu l mt trong nhng cch bo mt rt hiu qu.S dng mt khu trong router c th gip ta trnh c nhng s tn cng router qua nhng phin Telnet hay nhng s truy cp trc tip vo router thay i cu hnh m ta khng mong mun t ngi la. Mc ch : Ci t c mt khu cho router, khi ng nhp vo, router phi kim tra cc loi mt khu cn thit. M t bi lab v hnh :

LAB 2: CU HNH ROUTER C BN

II.

III.

Trong hnh trn, PC c ni vi router bng cp console IV. Cc cp bo mt ca mt khu : Cp bo mt ca mt khu da vo cp ch m ho ca mt khu .cc cp m ha ca mt khu:

Cp 5 : m ha theo thut ton MD5, y l loi m ha 1 chiu,khng th gii m c(cp ny c dng m ho mc nh cho mt khu enable secret gn cho router) Cp 7 : m ha theo thut ton MD7, y l loi m ha 2 chiu,c th gii m c(cp ny c dng m ha cho cc loi password khc khi cn nh: enable password,line vty,line console) Cp 0 : y l cp khng m ha. V. Qui tc t mt khu : Mt khu truy nhp phn bit ch hoa,ch thng,khng qu 25 k t bao gm cc k s,khong trng nhng khng c s dng khong trng cho k t u tin.

Router(config)#enable password TTG-TTG-TTG-TTG-TTG-TTG-TTG % Overly long Password truncated after 25 characters mt khu c t vi 26 k

13

t khng c chp nhn VI. Cc loi mt khu cho Router : Enable secret : nu t loai mt khu ny cho Router,bn s cn phi khai bo khi ng nhp vo ch user mode ,y l loi mt khu c hiu lc cao nht trong Router,c m ha mc nh o cp d 5. Enable password : y l loi mt khu c chc nng tng t nh enable secret nhng c hiu lc yu hn,loi password ny khng c m ha mc nh,nu yu cu m ha th s c m ha cp 7. Line Vty : y l dng mt khu dng gn cho ng line Vty,mt khu ny s c kim tra khi bn ng nhp vo Router qua ng Telnet. Line console : y l loi mt khu c kim tra cho php bn s dng cng Console cu hnh cho Router. Line aux : y l loi mt khu c kim tra khi bn s dng cng aux. Cc bc t mt khu cho Router : Bc 1 : khi ng Router , nhn enter vo ch user mode. T ch user mode dng lnh enable vo ch Privileged mode Router con0 is now available Press RETURN to get started. Router>enable Router# Bc 2 : T du nhc ch Privileged mode vo mode cofigure cu hnh cho Router bng lnh configure terminal Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Bc 3 : Cu hnh cho tng loi Password Cu hnh cho mt khu enable secret (Ch :mt khu c phn bit ch hoa v ch thng) Router(config)#enable secret TTG Router(config)#exit

VII.

Mt khu l TTG

Cu hnh mt khu bng lnh enable password Router(config)#enable password cisco

Mt khu l cisco

14

Router(config)#exit Lu : khi ta ci t cng lc 2 loi mt khu enable secret v enable password th Router s kim tra mt khu c hiu lc mnh hn l enable secret. Khi mt khu secret khng cn th lc mt khu enable password s c kim tra, hy th kim tra li bng cch thot ra li mode User ri vo li mode Privileged bng lnh enable Router s hi mt mu khai bo bng lnh enable secret Cu hnh mt khu bng lnh Line Mt khu cho ng Telnet (Line vty) Router(config)#line vty 0 4 password l class Router(config-line)#password class Router(config-line)#login m ch ci t password Router(config-line)#exit Mt khu cho cng console : Router(config)#line console 0

m ng Line Console
cng Console th 0

Router(config-line)#password cert Router(config-line)#login Router(config-line)#exit

password l cert m ch ci t password

Mt khu cho cng aux: S 0 ch s th t cng aux c dng Router(config)#line aux 0 Router(config-line)#password router Router(config-line)#login Router(config-line)#exit Sau khi t xong mt khu,ta thot ra ngoi ch Privileged mode, dng lnh Show runningconfig xem li nhng password cu hnh : Router#show running-config Building configuration... Current configuration : 550 bytes version 12.1 no service single-slot-reload-enable

password l router

15

service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Router enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o password secret c m ha mc nh cp 5 enable password cisco ! line con 0 password cert login line aux 0 password router login line vty 0 4 password class login ! End Dng lnh Show running-config ta s thy c cc password c u hnh, nu mun m ha tt c cc password ta dng lnh Service password-encryption trong mode config. Router(config)#service password-encryption Router(config)#exit password cho ng vty l class password cho cng aux l router password cho cng Console l cert password ci t ch khng m ha

Dng lnh show running-config kim tra li: Router#show run

16

Building configuration... enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o/ enable password 7 094F471A1A0A line con 0 password 7 15110E1E10 login line aux 0 password 7 071D2E595A0C0B password c m ha cp 7 login line vty 0 4 password 7 060503205F5D login ! End Ch : Ta khng th dng lnh no service password-encryption b ch m ha cho mt khu,ta ch c th b ch m ha khi gn li mt khu khc Sau khi t mt khu xong, khi ng nhp vo Router li, mt khu s c kim tra: Router con0 is now available Press RETURN to get started. User Access Verification Password:cert Router>ena Password:TTG nhn enter mt khu line console s c kim tra khai bo mt khu console l : cert enable d vo mode Privileged V mt khu secret c hiu lc cao hn nn c kim tra password c m ha cp 7 password c m ha cp 7 password c m ha cp 7

Router# Cc loi mt khu khc nh Line Vty ,Line aux s c kim tra khi s dng n chc nng VIII. G b mt khu cho router :

17

Nu mun g b mt khu truy cp cho loi mt khu no ta dng lnh no trc cu lnh gn cho loi mt khu . V d : Mun g b mt khu secret cho router Router(config)#no enable secret Router(config)#exit Bng cch tng t,ta c th g b mt khu cho cc loi mt khu khc. IX. Ph lc cc lnh lin quan n bi lab :
1. Cc ch cu hnh ca router Router> Router# Router(config)# Router(config-if)# Router(config-subif)# Router(config-line)# Router(config-router)# Ch User. Ch Privileged (cng c gi l ch EXEC) Ch Global Configuration Ch Interface Configuration Ch Subinterface Configuration Ch cu hnh Line. Ch Router Configuration

2. Cu hnh cc tham s c bn cho router : 2.1 Cu hnh Interface Serial : Router(config)# interface s0/0/0 Chuyn vo ch cu hnh ca Interface S0/0/0. Router(config-if)# description Link to ISP Router(config-if)# ip address 192.168.10.1 255.255.255.0 Li m t cho Interface Serial ny. (y l ty chn). Gn mt a ch ip v subnet mask cho interface Serial ny.

18

Router(config-if)# clock rate 56000

Cu hnh gi tr Clock rate cho Interface (Ch cu hnh cu lnh ny Khi interface l DCE).

Router(config-if)# no shutdown

Bt Interface.

2.2 Cu hnh Interface Fast Ethernet Router(config)# interface Fastethernet 0/0 Router(config-if)# description Accounting LAN Router(config-if)# ip address 192.168.20.1 255.255.255.0 Router(config-if)# no shutdown Chuyn vo ch cu hnh ca Interface Fast Ethernet 0/0 Cu hnh li m t cho Interface. (y l ty chn) Gn mt a ch ip v subnet mask cho Interface Bt Interface

2.3 Cu lnh logging synchronous : Router(config)# line console 0 Router(config-line)# logging Synchronous Chuyn cu hnh vo ch line. Bt tnh nng synchronous logging. Nhng thng tin hin th trn mn hnh console s khng ngt cu lnh m bn ang g.

19

Gii thiu : Telnet l m giao thc u cui o( Vitural terminal),l mt phn ca chng giao thc t TCP/IP.Giao thc ny cho php to kt ni vi mt thit b t xa v thng qua kt ni ny, ngi s dng c th cu hnh thit b m mnh kt ni vo. II. Mc ch : Bi thc hnh ny gip bn hiu v thc hin c nhng cu hnh cn thit c th thc hin cc phin Telnet t host vo Router hay t Router vo Router. III. M t bi lab v hnh : I.

LAB 3: TELNET, SSH

hnh bi lab nh hnh trn, Host1 ni vi router TTG1 bng cp cho. IV. Cc bc thc hin : - Cc bn cn ch thm STT c gio vin phn vo a ch IP trnh vic trng a ch gia cc nhm, trong bi Lab s dng X = 0. Cu hnh cho cc router TTG1, Host 1 nh sau: Host 1 : IP:10.0.0.2 Subnetmask:255.0.0.0 Gateway:10.0.0.1 Router TTG1: Router> enable Router# configure terminal Router(config)# hostname TTG1

20

TTG1(config)# interface fa0/1 TTG1(config-if)# ip address 10.0.0.1 255.0.0.0 TTG1(config-if)#no shutdown Phi chn chn rng cc kt ni vt l thnh cng (kim tra bng lnh Ping t PC n TTG1) Kim tra kt ni Telnet : T Host ta th telnet vo Router TTG1 : C:\Documentsand settings\Administrator>Telnet 10.0.0.1 Password required, but none set i hi mt khu nhng khng c ci dt Connection to host lost Kt ni tht bi Thc hin Telnet khng thnh cng v chc nng Telnet i hi bn phi m ng line Vty v ci t mt khu cho n. t mt khu Vty cho Router TTG1 : TTG1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. TTG1(config)#line vty 0 4 TTG1(config-line)#pass TTG1 TTG1(config-line)#login TTG1(config-line)#exit

Lc ny thc hin Telnet : T Host bn thc hin Telnet vo Router TTG1 C:\Documentsand settings\Administrator>Telnet 10.0.0.1 User Access Verification Password: TTG1>ena % No password set TTG1> Lu : i vi thit b ca Cisco, bn ch cn nh a ch ca ni cn Telnet n, thit b s t hiu v thc hin kt ni Telnet. Khi Telnet vo, bn ang Mode User v giao thc ny i hi bn phi c ci t mt khu vo Privileged Mode.Thc hin vic ci t mt khu: Router TTG1: TTG1(config)#enable password cisco TTG1(config)#exit Bn thc hin li vic kt ni Telnet, t Host vo Router TTG1: C:\Documentsand settings\Administrator>Telnet 10.0.0.1 User Access Verification Password: TTG1

21

TTG1>ena Password: cisco TTG1# T y bn c th thc hin vic thay i cu hnh cho cc thit b m khng cn phi thng qua cng Console. Kim tra vic Telnet bng lnh Show line TTG1#show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int * 0 CTY 5 0 0/0 1 AUX 9600/9600 0 0 0/0 * 2 VTY - 1 0 0/0 * 3 VTY - 7 0 0/0 * 4 VTY - 4 0 0/0 5 VTY - 1 0 0/0 6 VTY - 0 0 0/0 Du * biu th nhng line bn ang s dng Telnet,theo nh bng trn,bng ang s dng 3 dng line Telnet qua li gia 2 Router TTG1 qua cc port 2,3,4. Ct Uses ch s ln bn s dng ng line . Thot khi cc phin Telnet : chng ta s dng lnh Exit hay lnh Disconnect Ngt mt kt ni Telnet : chng ta s dng lnh clear line Mc d Telnet gip mnh c th qun l thit b t xa nhng c kh nng l mt khu qun tr thit b do Telnet khng m ha d liu khi truyn ra bn ngoi, cc bn c th tham kho thm video TelnetvsSsh ti a ch http://www.mediafire.com/download.php?y2z4ghm0wmw thy r hn Vy an ton hn ta nn s dng dch v SSH thay cho Telnet khi mun cu hnh thit b t xa, cch cu hnh nh sau : Cu hnh SSH : To username/password chng thc trong phin SSH, trong trng hp ny l TTG/123 TTG1(config)# username TTG password 123 Khai bo domain name tham gia vo qu trnh to kha m ha d liu trong phin SSH TTG1(config)# ip domain-name truongtan.edu.vn To kha m ha d liu TTG1(config)#crypto key generate rsa Chuyn sang s dng SSH version 2 TTG1(config)#ip ssh version 2

22

Chuyn qua s dng SSH thay cho Telnet TTG1(config)#line vty 0 4 TTG1(config-line)#login local chuyn qua chng thc bng username/password TTG1(config-line)#transport input ssh T PC tin hnh SSH ln router s dng phn mm putty

- Lu cu hnh ca router v kt thc bi lab TTG1#copy run start

V.

Ph lc cc lnh lin quan bi lab :


1. Cc cu lnh Telnet :

23

1.1 Cu hnh line vty thc hin telnet Router(config)# line vty 0 4 Router(config-line)# password telnet Router(config-line)# login Vo ch line vty cho php telnet Cu hnh password cho php telnet Cho php kim tra password khi ngi dng telnet vo router Thc hin phin telnet Thc thi vic kt ni t xa n mt router tn l TTG2 c a ch IP l: 172.16.20.1

TTG1>telnet TTG2 TTG1>telnet 172.16.20.1 TTG1>TTG2 TTG1>connect TTG2 TTG1>172.16.20.1 TTG2>exit TTG2>logout TTG1>resume TTG1>disconnect Qun l cc phin telnet TTG1#show sessions

Kt thc phin telnet v tr v du nhc ca router TTG1 Phc hi li kt ni n router TTG2 Kt thc phin telnet n router TTG2

Hin th nhng kt ni m bn m n cc router khc.

TTG1#show users

Hin th nhng ngi ang kt ni t xa n router ca bn.

TTG1 (config)#line vty 0 4

Gii hn s lng kt ni ng thi trn mt line vty vo router ca bn.

TTG1 (config-line)#no password

Cc ngi dng truy cp t xa s khng phi yu cu nhp mt khu khi thc hin telnet n thit b.

24

TTG1 (config-line)#no login

Ngi dng truy cp t xa s c chuyn thng vo ch user

2. Cu hnh SSH TTG1(config)# username TTG password 123 To username/password chng thc trong phin SSH, trong trng hp ny l TTG/123 TTG1(config)# ip domain-name truongtan.edu.vn Khai bo domain name tham gia vo qu trnh to kha m ha d liu trong phin SSH TTG1(config)#crypto key generate rsa TTG1(config)#ip ssh version 2 TTG1(config)#line vty 0 4 TTG1(config-line)#login local TTG1(config-line)#transport input ssh To kha m ha d liu Chuyn sang s dng SSH version 2 Chuyn qua s dng SSH thay cho Telnet

25

LAB 4: HNG DN S DNG GNS3


GNS3 l 1 chng trnh gi lp mng c giao din ha cho php bn c th gi lp cc Cisco router s dng IOS tht ,ngoi ra cn c ATM/Frame Relay/Ethernet Switch ,Pix Firewall thm ch kt ni vo h thng mng tht GNS3 c pht trin da trn Dynamips v Dynagen m phng cc dng router 1700,2600,3600,3700,7200 c th s trin khai cc bi lab ca CCNA,CCNP,CCIE nhng hin ti vn cha m phng c Catalyst Switch (mc d c th gi lp NM-16ESW) 1.Ci t GNS3 : - Video tham kho : http://www.mediafire.com/download.php?lqnj2nbuuhz - GNS3 c th chy trn Windows,Linux v Mac OSX. ci t phn mm trn Window d dng chng ta c th s dng b ci t all-in-one cung cp mi th bn cn chy c GNS3 Cc bn c th download GNS3-0.5-win32-all-in-one.exe ti y http://www.gns3.net/download

26

27

- Giao din GNS3 sau khi ci t xong

2.Cu hnh ln u tin cho GNS3 : - Vo Edit > Add IOS images and hypervisors ch ng dn n cc file IOS trong mc Setting

28

- Vo Edit > Preferences > Dynamips > Trong mc Excutable Path chn ng dn n tp tin dynamip-wxp.exe trong th mc ci t GNS3 , sau bm vo nt Test kim tra li hot ng ca Dynamip

- Ko th cc router c IOS vo trin khai 1 m hnh n gin

29

- Nhn vo biu tng Play bt u gi lp :

3.Bt u cu hnh : Nhn phi chut ln thit b chon Console bt u cu hnh

30

4.Giao tip vi mng tht : - GNS3 thng qua vic s dng Dynamips c th to cu ni gia interface trn router o vi interface trn my tht ,cho php mng o giao tip c vi mng tht, Trn h thng Windows, th vin Wincap c s dng to kt ni ny . - kt ni cc router o trong GNS3 vi h thng mng tht ta dng thit b Cloud ,gi s ta cn kt ni t router o n card mng tn l Internal Lan c a ch l 192.168.1.2

31

- Click vo Cloud,ti Generic Ethernet NIO chn card mng router cn kt ni n,nu khng r card no c th dng Network device list.cmd pht hin,

- Sau khi chn ng card mng th phi nhn vo Add bt u s dng

32

- Kt ni Fastethernet router o n Cloud ,trong trng hp no l Fa0/0 .Cu hnh a ch ip cho interface fa0/0 sao cho cung lp mng vi card mn Internal Lan Router>enable Router#config terminal Router(config)#interface fa0/0 Router(config-if)#ip address 192.168.1.10 255.255.255.0 Router(config-if)#no shutdown - Sau t router th ping n PC v gateway ca h thng mng tht

33

LAB 5: LAB TNG HP SWITCH, ROUTER

I. YU CU 1. S dng Packet Tracer cu hnh bi Lab bn 2. t mt khu Console l Cisco, dch v Telnet,Enable Secret cho Center Router,SW1,SW2 l class 3. S dng lnh service password-encryption m ha cc loi mt khu khng c m ha 4. Cu hnh a ch IP nh m hnh bn 5. T cc PC th telnet n SW1,SW2,Router 6. Chuyn sang s dng SSH thay cho Telnet trn CenterRouter vi username: TTG , password:cisco 7. T cc PC th ssh n cc router 8. Video tham kho cu hnh : http://www.mediafire.com/download.php?zx2xmdeitmw

II.

CC BC THC HIN:

34

1. S dng Packet Tracer cu hnh bi Lab bn : Kt ni theo ng m hnh trn s dng Switch 2960 v router 2811 2. t mt khu Console l cisco, dch v Telnet,Enable Secret cho Center Router,SW1,SW2 l class - Center Router : Router>enable Router#configure terminal Router(config)#hostname CenterRouter - t mt khu cho cng console CenterRouter(config)#line console 0 CenterRouter(config-line)#login CenterRouter(config-line)#password cisco CenterRouter(config-line)#exit - t mt khu cho dch v Telnet CenterRouter(config)#line vty 0 4 CenterRouter(config-line)#login CenterRouter(config-line)#password class CenterRouter(config-line)#exit - t mt khu khi chuyn t mode User sang Privilege CenterRouter(config)#enable secrect class *Ch : t mt khu chuyn t mode User sang Privilege ta c th s dng 2 lnh l enable password v enable secret nhng mt khu ca enable secret th c m ha trong cu hnh cn enable password th khng, ta c th kim tra li iu ny bng cch cu hnh c nh c 2 lnh ny v kim tra li bng lnh show running- configure - SW1: Switch>enable Switch#configure terminal Switch(config)#hostname SW1 - t mt khu cho cng console SW1(config)#line console 0 SW1(config-line)#login SW1(config-line)#password cisco SW1(config-line)#exit - t mt khu cho dch v Telnet SW1(config)#line vty 0 4 SW1(config-line)#login SW1(config-line)#password class SW1(config-line)#exit - t mt khu khi chuyn t mode User sang Privilege SW1(config)#enable secrect class

35

- SW2: Switch>enable Switch#configure terminal Switch(config)#hostname SW2 - t mt khu cho cng console SW2(config)#line console 0 SW2(config-line)#login SW2(config-line)#password cisco SW2(config-line)#exit - t mt khu cho dch v Telnet SW2(config)#line vty 0 4 SW2(config-line)#login SW2(config-line)#password class SW2(config-line)#exit - t mt khu khi chuyn t mode User sang Privilege SW2(config)#enable secrect class 3. S dng lnh service password-encryption m ha cc loi mt khu khng c m ha : - S dng lnh show running-configure xem li thng tin cc mt khu hin ti - m ha cc mt khu khng c m ha mc nh, ta c th s dng lnh service password-encryption chuyn sang Type-7 password. Ln lt trn Center Router, SW1, SW2 di chuyn sang mode config v nhp lnh service password-encryption CenterRouter(configure)# service password-encryption SW1(configure)# service password-encryption SW2(configure)# service password-encryption - S dng li lnh show running-configure v so snh tnh trng cc mt khu so vi trc lc nh lnh CenterRouter#show running-config Building configuration... Current configuration : 766 bytes ! version 12.4 service password-encryption ! hostname CenterRouter ! ! !

36

enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! interface FastEthernet0/0 duplex auto speed auto ! interface FastEthernet0/1 duplex auto speed auto ! interface Vlan1 no ip address shutdown ! ip classless ! line con 0 password 7 0822404F1A0A login <output omit > *Ch : Mt khu m ha bi service password-encryption vn c th b gii m vi cng c Cain

37

4. Cu hnh a ch IP nh m hnh bn : - CenterRouter: CenterRouter(config)#interface fa0/1 CenterRouter (config-if)#ip address 192.168.1.1 255.255.255.0 CenterRouter (config-if)#no shutdown CenterRouter (config)#interface fa0/0 CenterRouter (config-if)#ip address 192.168.2.1 255.255.255.0 CenterRouter (config-if)#no shutdown - SW1: SW1(config)#interface vlan 1 SW1(config-if)#ip address 192.168.1.5 255.255.255.0 SW1(config-if)#exit SW1(config)#ip default-gateway 192.168.1.1 - SW2:

38

SW2(config)#interface vlan 1 SW2(config-if)#ip address 192.168.2.5 255.255.255.0 SW1(config-if)#exit SW2(config)#ip default-gateway 192.168.2.1 - Cc PC trn SW2 s nhn IP ng t DHCP Server li a ch 192.168.2.10 + Cu hnh a ch cho DHCP Server : Desktop IP Configuration

+ Tip tc vo Config DHCP cu hnh dy IP cp pht cho mng 192.168.2.0/24 vi IP bt u cp pht l 192.168.2.100

39

5.T cc PC th telnet n SW1,SW2,Router : -T PC1 tin hnh Telnet n CenterRouter bng cch vo Desktop Command Prompt + PC1>telnet 192.168.1.1

- PC1 th telnet n SW2 + PC1>telnet 192.168.2.5

40

- Tng t t PC3 th Telnet n CenterRouter v SW2 6. Chuyn sang s dng SSH thay cho Telnet trn CenterRouter vi username: TTG , password:cisco: *Ch : Cn phi i tn ca Router v trong phin SSH s dng hostname ca Router v ip domain-name to ra kha m ha cho phin SSH - To username v passworld cho CenterRouter dung chng thc trong phin SSH CenterRouter(config)#username TTG password cisco - Cu hnh ip domain-name vi tn domain cng ty ca mnh CenterRouter (config)#ip domain-name truongtan.edu.vn - To ra kha (key) bng cch kt hp hostname v tn domain to ra key m ha CenterRouter (config)#crypto key generate rsa The name for the keys will be: Centerrouter.truongtan.edu.vn Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 768

41

- Key mc nh c to ra bi lnh ny m ha d liu c chiu di l 512 bit, nu cc bn s dng SSH version2 th chiu di key ti thiu l 768 bit, trong trng hp ny ta s dng SSHv2 cho an ton nn cc bn nhp vo l 768 v Enter CenterRouter (config)#ip ssh version 2 CenterRouter (config)#line vty 0 4 - ng nhp bng username v password to ra trn CenterRouter (config-line)#login local - Chuyn qua ch chng thc ch s dng SSH thay cho telnet CenterRouter (config-line)#transport input ssh 7.T cc PC th ssh n cc CenterRouter : - th SSH t PC n CenterRouter trn cc PC cc bn s dng lnh sau : Ssh L <tn user> <ip router> PC1>ssh L TTG 192.168.1.1 8. Video demo s khc nhau gia SSH v Telnet - Telnet VS SSH : http://www.mediafire.com/download.php?zx2xmdeitmw

42

LAB 6: WIRELESS

I.

Yu cu :

-Kt ni AP v bi BasicLab hon chnh theo 2 cch : +S dng cng Ethernet +S dng cng Internet - Video tham kho : http://www.mediafire.com/download.php?n2zzz0vrwn5 II. Cc bc tin hnh :

1.Kt ni theo cc s dng cng Ethernet : -Chy file basiclab_completed.pkt bt cu hnh bi lab Wireless -Kt ni thm AP Linksys v 1 PC wireless vo h thng

43

-S dng cp cho kt ni t 1 trong 4 cng Ethernet trn AP n SW2. Nh vy do m hnh l t SW n SW nn cc Wireless PC v mng LAN s cng 1 a ch mng 192.168.2.0/24

- iu chnh mt s tham s c bn trn AP :

44

+ Network Mode : do AP chun G s h tr ngc chun B nn y chng ta c cc la chn o Mix Mode : l ch mc nh h tr c client chun B v G o B-Only : ch h tr client chun B o G-Only : ch h tr client chun G

+ SSID : tn ca mng wireless + Knh hot ng nm trong khong 1 n 11 v phi m bo khng trng vi cc AP xung quanh, kim tra knh hot ng ca cc AP cc bn c th s dng 1 s phn mm nh : NetStumbler , InSSIDer.

45

-V hiu ha dch v DHCP trn AP v c DHCP trong LAN cp pht

-Kim tra li IP cp pht cho Wireless PC

46

-Th kt ni t PC Wireless n mng LAN bn trong

2.Kt ni theo cc s dng cng Internet :

47

-B kt ni t AP n SW trong lab 1, s dng cp thng kt ni t cng Internet ca AP n SW2, cng Internet s nhn Ip th DHCP trong LAN

-Bt li DHCP trn AP v m bo lp mng cp pht khng c trng vi mng LAN trong trng hp ny AP s cp pht IP trong mng 192.168.0.0/24 khc vi mng LAN l 192.168.2.0/24

48

-Kim tra li IP cp pht trn Wireless PC

-Ping t Wirless PC vo mng LAN

49

50

LAB 7: SECURITY DEVICE MANAGER (SDM)


I. Gii thiu : SDM( Cisco Rotuer and Device Manager) l 1 cng c qun l thit b Router thng qua cng ngh Java, giao din ca SDM rt d s dng, gip chng ta c th cu hnh LAN, WAN v cc tnh nng bo mt khc ca router. SDM c thit k cho ngi qun tr mng hay reseller SMB m khng yu cu ngi s dng c kinh nghim nhiu trong vic cu hnh router. II. M t bi lab: Trong bi lab ny, chng ta cn phi c 2 PC v 2 Router, Trn PC phi c phn mm ci t SDM cho Router v h iu hnh ca Router phi h tr vic ci t v cu hnh bng SDM. kim tra h iu hnh ta nh lnh show version hay show flash kim tra tn ca h iu hnh v phn cng, sau tham kho link sau: http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803 e4727.html Nu h iu hnh khng h tr ta phi ci t h iu hnh khc cho router. Trong bi lab c s dng cc interface loopback ,l cc interface logic , gi lp cc mng kt vo 2 router

51

III. Cu hnh : Ta cu hnh cc bc nh sau trn 2 router DN v HCM: Bc 1 : Cu hnh cho php truy cp http v https Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. -Bt 1 trong 2 dch v HTTP hoc HTTPS HTTP : Router(config)# ip http server Hoc HTTPS :

52

Router(config)# ip http secure-server -Sau cu hnh chng thc cho dch v HTTP hoc HTTPS bng lnh Router(config)# ip http authentication local Bc 2 : To username v password vi quyn hn privilege 15 login v router Router(config)# username TTG privilege 15 password cisco. Bc 3 : Cu hnh cho php telnet v ssh thng qua cc line Router(config)# line vty 0 4 Router(config-line)# login local Router(config-line)# transport input telnet ssh Router(config-line)# exit Bc 4 : Ln lt cu hnh ip address cho interface Fa0/1 ( Interface kt ni n PC ) ca router DN v HCM N: Router#conf terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname DN DN(config)#interface fa0/1 DN(config-if)#ip address 172.16.1.1 255.255.255.0 DN (config-if)#no shutdown HCM : Router(config)#hostname HCM HCM(config)#interface fa0/1 HCM(config-if)#ip address 172.16.3.1 255.255.255.0 HCM(config-if)#no shutdown - Sau khi hon thnh xong vic cu hnh Router, ta tin hnh thay i a ch IP v kim tra kt ni t PC n router

53

Bc 5 : By gi ta s dng phn mm ci t SDM ti PC.

54

- Click v next. Chn Cisco Router ci t vo Router.

- Nhp a ch ca Router v username, password va c cu hnh ti bc 2 v nhn vo Next.Chn Install SDM v SDM express cho Router cn ci t.

55

- Sau nu phn mm ci t bo Finish l qu trnh ci t xong.

- Tm thi tt chc nng chn Pop-up Blocker trn trnh duyt bng cch vo Tool Pop-up Blocker Turn-Off Pop-Up Blocker - By gi trn PC ta truy cp vo Web https://172.16.1.1 login vo giao din Web ca Router. Ta nhp username v password ca bc 2 chng thc,sau khi chng thc thnh cng ta c giao din ca SDM nh sau :

56

- Tip theo ta vo Edit > Preferences > chn Preview commands before delivering to router nh vy ta c th xem trc cc lnh SDM sp chuyn xung router cu hnh

Bc 6: Tao cc interface loopback trn router DN Interface Loopback trn Router l cc interface logic .Trong bi lab s dng cc interface ny gi lp cc mng kt ni vo router HCM v N Configure > Interfaces and Connections >EditInterface/Connection

57

- Sau nhp thng tin v Ip > OK

- Lp li bc 6 i vi interface loopback cn li trn router DN v HCM

Bc 7 : Thit lp kt ni gia interface Fa0/0 t DN n HCM Interfaces and Connections > Create Connection > Ethernet LAN > Create New Connection

58

Next

Nhp thng tin v Ip cho interface Fa0/0

59

60

Bc 8 : Cu hnh RIPv2 nh tuyn gia 2 router -Mc ch cu hnh giao thc nh tuyn RIP l 2 router qung b nhng mng mnh bit cho cc router hng xm ,v ngc li (ch cc mng c qung b trong RIP phi l cc mng Classfull theo lp A,B,C) .Trong bi lab c th +Router N cn qung b 3 mng: 192.168.3.0,192.168.4.0 v 172.(15+X).0.0

61

+Router HCM cn qung b 3 mng: 192.168.1.0,192.168.2.0 v 172.(15+X).0.0 Vo Routing > RIP > Edit ,sau add cc network cn qung b trn mi router vo :

(Chn interface fa0/1 l Passive v trnh qung b thng tin nh tuyn nhm sang nhm khc) Sau lp li bc 8 trn router HCM III. Bi tp lm thm :

- Cc bn c th thc hnh thm bi lab ny nh bng phn mm GNS3 - Video hng dn cc setup SDM trn GNS3 : http://www.mediafire.com/?dmqwlmfjywi

IV.

Ph lc cc lnh lin quan n bi lab :


Bt dch v HTTP trn Router

Router(config)# ip http server

62

Router(config)# ip http secure-server Router(config)# ip http authentication local Router(config)# username TTG privilege 15 password cisco

Bt dch v HTTPS trn Router Cu hnh chng thc cho dch v HTTP hoc HTTPS To username v password vi quyn hn privilege 15 login v router

63

LAB 8: DHCP, DHCP RELAY


I. Gii thiu giao thc DHCP: Dch v DHCP lm gim bt cng vic qun tr mng thng qua vic hn ch bt cng vic gn hoc thay i a ch IP cho cc clients. DHCP cng ly li nhng a ch IP khng cn c s dng nu thi hn thu bao IP ca cc clients ht hn v khng c ng k mi tr li. Nhng a ch ny sau c th cp pht cho cc clients khc. DHCP cng d dng nh s li nu ISP c s thay i. -Qu trnh cp pht IP cho client c thc hin qua cc bc sau: 1.Client phi c cu hnh ch nhn ip ng t DHCP server, u tin Client s gi gi DHCPDISCOVER di dng broadcast trn mng ca mnh yu cu DHCP server cp pht IP 2.DHCP server khi nhn c gi DHCPDISCOVER s tm 1 ip cha c s dng trong range IP cp pht ca mnh cp pht cho Client thng qua gi DHCPOFFER gi unicast 3.Client khi nhn c DHCPOFFER s nh gi tt c cc DHCPOFFER nhn c trong trng hp c nhiu DHCP Server v s yu cu mt trong nhng DHCP cp pht IP ny cho mnh thng qua gi DHCPREQUEST (thng thng Client s gi yu cu ny n DHCP Server nhn c DHCPOFFER u tin) 4.DHCP server ng cp IP cho client thng qua gi unicast DHCPACK -Bn yu t c bn m 1 DHCP thng thng cp pht cho Client IP address Gateway Subnet mask DNS server II. DHCP Lab :

64

1. Cu hnh DNS server : -DNS l dch v dng phn gii t tn min sang a ch IP v ngc li, DHCP c kh nng cp pht a ch IP ca DNS server t ng cho tt c client trong h thng, trong trng hp ny ta s cu hnh trrn DNS 2 domain sau : + Cisco.com c IP l 1.1.1.1 + Truongtan.edu.vn c Ip l 2.2.2.2 Cu hnh trn PacketTracer nh sau : click vo Server Config DNS v nhp vo thng tin cho 2 domain trn vi loi Record l A Record + Cisco.com c IP l 1.1.1.1

+ Truongtan.edu.vn c Ip l 2.2.2.2

65

2.Cu hnh DHCP trn Cisco Router : Router>enable Router#configure terminal Router(config)#hostname DHCPServer DHCPServer(config)#interface fa0/1 DHCPServer(config-if)#ip address 192.168.1.1 255.255.255.0 DHCPServer(config-if)#no shutdown DHCPServer(config-if)#exit -Cu hnh DHCP Pool cp pht Ip cho mng 192.168.1.0/24 DHCPServer(config)#ip dhcp pool mang192 DHCPServer (dhcp-config)#network 192.168.1.0 255.255.255.0 DHCPServer(dhcp-config)#default-router 192.168.1.1 DHCPServer(dhcp-config)#dns-server 192.168.1.5 DHCPServer(dhcp-config)#exit *a ch mng *Gateway *DNS Server

66

-Thng thng khi cp pht IP ng ta thng dnh ring khong 10 IP u tin khng cp pht trong DHCP dnh cho cc thit b, Server cn IP tnh, trong trng hp ny ta s loi khng cp pht cc IP t 192.168.1.1 n 192.168.1.10 DHCPServer(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10 3.Kim tra li cu hnh DHCP trn PC : -DHCP client s cu hnh ch nhn IP ng nu thy thng tin IP ang c cp pht nh bn di chng t DHCP hot ng tt

-Kim tra li cc IP c cp pht trn DHCP server bng lnh show ip dhcp binding DHCPServer# show ip dhcp binding IP address Client-ID/ Hardware address 192.168.1.11 0060.5C66.56B6 -Automatic Lease expiration Type

67

-Nh chng ta thy ngoi vic cp pht t ng IP, DHCP cn c th cp pht a ch DNS server, domain name kim tra nh sau : + DNS bng lnh nslookup +Thng tin DNS, DHCP, Domain name : ipconfig /all ( hin ti PacketTracer cha h tr tt nhng lnh ny )

DHCP RELAY
I. Gii thiu : -Giao thc DHCP l 1 giao thc c s dng rt ph bin trong vic cp pht IP ng cho cc my client, cc bn c th xem li cch cu hnh trn router Cisco ti y -Nh chng ta bit nhn c Ip t DHCP Server cc my tnh phi gi broadcast gi tin DHCP Discovery trn mng ca mnh, vy iu g xy ra khi DHCP Server v Client khng nm cng mng v mc nh router chn d liu dng broadcast. Trong trng hp ny ta s c 2 cch gii quyt: +Mi mng s c t mt DHCP server : cch ny khng hiu qu v s c qu nhiu DHCP server khi cng ty trin khai nhiu mng gy kh khn trong vic qun l v trin khai +S dng mt DHCP Server cp pht Ip ng cho tt c cc mng thng qua k thut DHCP Relay: cch ny c nhiu u im hn ch cn trin khai mt DHCP cng 1 lc cp pht ip cho nhiu mng kt hp vi lnh ip helper-address bt dch v DHCP Relay, khi cu hnh lnh ny Router khi nhn c d liu UDP broadcast trn cng ca mnh s unicast n mt Ip nh trc (IP cu DHCP Server trong trng hp ny) Cch hot ng ca DHCP Relay: 1. Client Broadcasts gi tin DHCP Discover trong ni b mng

68

2. DHCP Relay Agent trn cng mng vi Client s nhn gi tin v chuyn n DHCP server bng tn hiu Unicast.

3. DHCP server dng tn hiu Unicast gi tr DHCP Relay Agent mt gi DHCP Offer

4. DHCP Relay Agent Broadcasts gi tin DHCP Offer n cc Client

69

5. Sau khi nhn c gi tin DHCP Offer, client Broadcasts tip gi tin DHCP Request.

6. DHCP Relay Agent nhn gi tin DHCP Request t Client v chuyn n DHCP server cng bng tn hiu Unicast.

70

7. DHCP server dng tn hiu Unicast gi tr li cho DHCP Relay Agent mt gi DHCP ACK.

8. DHCP Relay Agent Broadcasts gi tin DHCP ACK n Client. n y l hon tt quy trnh tip nhn x l v chuyn tip thng tin ca DHCP Relay Agent.

71

II.

M hnh bi lab :

1. Cu hnh a ch IP cho TTG v DHCP Router :

72

-Trn 2 router lu cu hnh bng lnh copy run start sau tin hnh tt router v gn them module WIC-2T b sung thm cng Serial cho router, sau s dng cp Serial kt ni theo ng m hnh

DHCP Router : DHCPServer(config)#interface s0/0/0 DHCPServer(config-if)#ip address 192.168.2.1 255.255.255.0 DHCPServer(config-if)#no shutdown DHCPServer(config-if)#clock rate 64000 DHCPServer(config-if)#exit DHCPServer(config)# TTG Router : Router> Router>enable Router#configure terminal Router(config)#hostname TTGRouter TTGRouter(config)#interface s0/0/0 *Cp xung ng h cho DCE

73

TTGRouter(config-if)#ip address 192.168.2.2 255.255.255.0 TTGRouter(config-if)#no shutdown TTGRouter(config-if)#clock rate 64000 TTGRouter(config-if)#exit TTGRouter(config)#interface fa0/1 TTGRouter(config-if)#ip address 192.168.3.1 255.255.255.0 TTGRouter(config-if)#no shutdown TTGRouter(config-if)#exit TTGRouter(config)# 2. nh tuyn cho TTG v DHCP Router : -Mc nh bng nh tuyn ca router ch cha cc mng kt ni trc tip cn bit cc mng khng kt ni trc tip cc router phi c cu hnh cc giao thc nh tuyn qung b cc mng bit cho nhau, trong trng hp ny l RIP DHCPServer : DHCPServer(config)#router rip DHCPServer(config-router)#network 192.168.1.0 DHCPServer(config-router)#network 192.168.2.0 DHCPServer(config-router)#exit DHCPServer(config)# TTGRouter : TTGRouter (config)#router rip TTGRouter (config-router)#network 192.168.2.0 TTGRouter (config-router)#network 192.168.3.0 TTGRouter (config-router)#exit TTGRouter (config)# -Trn 2 Router kim tra bng nh tuyn bng lnh show ip route, cc mng mi hc c s c nh du R u

74

3. Cu hnh DHCP Relay : DHCPServer : -Cu hnh thm 1 DHCP pool cp pht cho mng 192.168.3.0 bn TTG router DHCPServer(config)#ip dhcp pool mang193 DHCPServer (dhcp-config)#network 192.168.3.0 255.255.255.0 DHCPServer(dhcp-config)#default-router 192.168.3.1 DHCPServer(dhcp-config)#dns-server 192.168.1.5 DHCPServer(dhcp-config)#exit -Loi 10 IP u tin khng cp pht DHCPServer(config)#ip dhcp excluded-address 192.168.3.1 192.168.3.10 -Cu hnh DHCP Relay trn interface fa0/1 ca router TTG TTGRouter(config)#interface fa0/1 TTGRouter(config-if)#ip helper-address 192.168.2.1 -Kim tra li vic nhn IP trn PC mng 192.168.3.0 *IP ca DHCPServer *a ch mng *Gateway *DNS Server

75

III.

Thc hnh thm :

-Lp thc hnh thm 2 bi lab ny bng cch cu hnh thng qua SDM trn phn mm GNS3, tham kho thm video ti a ch

IV.

Ph lc lnh lin quan n bi lab : 1. Cu hnh DHCP :


Cu hnh DHCP Pool cp pht IP ng cho mng Khai bo a ch mng cn cp pht a ch IP Cu hnh Gateway ca DHCP Server Khai bo DNS

DHCPServer(config)#ip dhcp pool mang192 DHCPServer (dhcp-config)#network 192.168.1.0 255.255.255.0 DHCPServer(dhcp-config)#default-router 192.168.1.1 DHCPServer(dhcp-config)#dns-server 192.168.1.5

76

DHCPServer(config)#ip dhcp excludedaddress 192.168.1.1 192.168.1.10 2. Cu hnh DHCP RELAY : TTGRouter(config)#interface fa0/1 TTGRouter(config-if)#ip helper-address 192.168.2.1

Khai bo di IP khng c cp pht ng

Cu hnh DHCP Relay trn interface fa0/1 ca router TTG 192.168.2.1 l a ch ca DHCP Server

3. Kim tra cu hnh DHCP : DHCPServer#show ip dhcp DHCPServer#show ip dhcp pool Cung cp thng tin v tt c cc a ch c cp t DHCP Hin th thng tin trn tt c cc cu hnh hin ti DHCP pool trn router

77

LAB 9: NH TUYN TNH (STATIC ROUTE)


Gii thiu : nh tuyn (Routing) l 1 qu trnh m Router thc thi v s chuyn mt gi tin(Packet) t mt a ch ngun (soucre)n mt a ch ch(destination) trong mng.Trong qu trnh ny Router phI da vo nhng thng tin nh tuyn a ra nhng quyt nh nhm chuyn gi tin n nhng a ch ch nh trc.C hai loI nh tuyn c bn l nh tuyn tnh (Static Route) v nh tuyn ng (Dynamic Route) nh tuyn tnh (Static Route) l 1 qu trnh nh tuyn m thc hin bn phI cu hnh bng tay(manually) tng a ch ch c th cho Router. Mt dng mc nh ca nh tuyn tnh l Default Routes, d ng ny c s dng cho cc mng ct (Stub Network) nh tuyn ng (Dynamic Route) y m mt dng nh tuyn m khi c cu hnh dng ny, Router s s dng nhng giao thc nh tuyn nh RIP(Routing Information Protocol),OSPF(Open Shortest Path Frist),IGRP(Interior Gateway Routing Protocol) thc thi vic nh tuyn mt cch t ng (Automatically) m bn khng phi cu hnh trc tip bng tay. II. M t bi lab v hnh : I.

- hnh bi lab nh hnh, PC n i vi router bng cp cho. Hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh hnh v. - Bi lab ny gip bn thc hin cu hnh nh tuyn tnh cho 2 router, lm cho 2 router c kh nng nhn thy c nhau v c cc mng con trong n. 2. Cu hnh nh tuyn tnh (Static Route) Chng ta cu hnh cho cc router v PC nh sau : Router TTG1 :
Router>enable Router#configure terminal Router(config)#hostname TTG1

78

TTG1(config)#interface fa0/0 TTG1(config-if)#ip address 10.0.0.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#exit TTG1(config)#interface s0/0/0 TTG1(config-if)#ip address 192.168.0.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#exit

Router TTG2 :
Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG2(config)#interface fa0/0 TTG2(config-if)#ip address 11.1.0.1 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#exit TTG2(config)#interface s0/0/0 TTG2(config-if)#ip address 192.168.0.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#exit

Host 1 : IP 10.0.0.2 Subnetmask: 255.255.255.0 Gateway: 10.0.0.1 Host 2 : IP: 10.0.1.2

79

Subnetmask: 255.255.255.0 Gateway:10.0.1.1 - Chng ta tin hnh kim tra cc kt ni bng cch : Ping t Host1 sang a ch 10.0.0.1

Ping t Host 1 sang a ch 192.168.0.1

Ping t Host 1 sang a ch 192.168.0.2

- M ch debug ti Router TTG2 TTG2#debug ip packet IP packet debugging is on - Thc hin li lnh ping trn ta thy

80

TTG2# 00:33:59: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 00:33:59: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 00:34:04: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 00:34:04: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 00:34:09: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 00:34:09: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 00:34:14: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 00:34:14: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable - Ping t Host 1 sang a ch 10.0.1.1

- M ch debug ti Router TTG1 TTG1#debug ip packet IP packet debugging is on - Thc hin li lnh Ping: TTG1# 00:36:41: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:41: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending 00:36:42: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:42: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending 00:36:43: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable

81

00:36:43: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending 00:36:44: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable 00:36:44: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending - Lnh Ping trng hp ny khng thc hin thnh cng, ta dng lnh debug ip packet m ch debug ti 2 Router, ta thy Router TTG 2 vn nhn c gi packet t host1 khi ta ping a ch 192.168.0.2, tuy nhin do host 1 khng lin kt trc tip vi Router TTG 2 nn gi Packet ICMP tr v lnh ping khng c a ch ch,do vy gi Packet ny b hy,iu ny dn n lnh Ping khng thnh cng. trng hp ta ping t Host1 sang a ch 10.0.1.1 gi packet b mt ngay ti router TTG1 v Router TTG1 khng xc nh c a ch ch cn n trong bng nh tuyn(a ch ny khng lin kt trc tip vi Router TTG1).Ta so snh v tr Unroutable trong kt qu debug packet 2 cu lnh ping trn thy c s khc nhau. - thc hin thnh cng kt ni ny,ta phi thc hin cu hnh Static Route cho Router TTG1 v Router TTG2 nh sau: TTG1(config)#ip route 10.0.1.0 255.255.255.0 192.168.0.2 TTG1(config)#exit - Bn thc hin lnh Ping t Host1 sang Host 2

- Bn thc hin lnh Ping t Router TTG2 sang Host1 TTG2#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) - thc hin thnh cng lnh Ping ny bn phi thc hin cu hnh Static route cho Router TTG 2 nh sau

82

TTG2(config)#ip route 10.0.0.0 255.255.255.0 192.168.0.1 - Lc ny t Host2 bn c th Ping thy cc a ch Trn Router TTG 1 v Host1

- Chng ta kim tra bng nh tuyn ca cc router bng lnh show ip route TTG1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets C 10.0.0.0 is directly connected, Ethernet0

83

10.0.1.0 is directly connected, Serial0/0/0

C 192.168.0.0/24 is directly connected, Serial0/0/0 S biu th nhng kt ni thng qua nh tuyn tnh C biu th nhng kt ni trc tip TTG2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets S C 10.0.0.0 is directly connected, Serial0/0/0 10.0.1.0 is directly connected, Ethernet0

C 192.168.0.0/24 is directly connected, Serial0/0/0 - Thc hin lnh Show run ti Router xem li cu hnh nh tuyn: TTG1#show run Building configuration... ip kerberos source-interface any ip classless ip route 10.0.1.0 255.255.255.0 Serial0/0/0 ip http server !

84

end

TTG2#show run Building configuration... ip classless ip route 10.0.0.0 255.255.255.0 Serial0/0/0 ip http server - Bn thc hin thnh cng vic nh tuyn cho 2 Router kt ni c vi nhau c cc mng con ca chng, bn cng c th m rng hnh ra thm vi 3, 4 hay 5 hop thc hnh vic cu hnh nh tuyn tnh tuy nhin bn thy r vic cu hnh ny t ng i rc ri v di dng nht l i vi mi trng Internet bn ngoi,v vy bn s phi thc hin vic cu hnh nh tuyn ng cho Router bi sau. III. Ph lc cc lnh lin quan n bi lab :

1. Cu hnh Static route trn Router : Router(config)# ip route 172.16.20.0 255.255.255.0 172.16.10.2 Trong : 172.16.20.0 = mng ch. 255.255.255.0 = subnet mask ca mng ch. Cc bn c th hiu cu lnh nh sau: c th n c mng ch l 172.16.20.0, vi subnet mask ca mng l 255.255.255.0, th gi tt c d liu ra 172.16.10.2. Router(config)# ip route 172.16.20.0 255.255.255.0 serial 0/0/0 Trong : 172.16.20.0 = mng ch.

85

255.255.255.0 = subnet mask ca mng ch. Cc bn c th hiu cu lnh nh sau: c th n c mng ch l 172.16.20.0, vi subnet mask ca mng l 255.255.255.0, th gi tt c d liu ra ngoi interface s0/0/0.

2. Cu hnh Default Route trn Router : Router(config)# ip route 0.0.0.0 0.0.0.0 172.16.10.2 Khi router nhn c mt gi d liu m ch ca gi d liu ny khng c trong bng nh tuyn th s gi gi d liu ra 172.16.10.2 Router(config)# ip route 0.0.0.0 0.0.0.0 Serial 0/0/0 Khi router nhn c mt gi d liu m ch ca gi d liu ny khng c trong bng nh tuyn th s gi gi d liu ra interface s0/0/0

3. Kim tra static route : Router# show ip route Router #debug ip packet Router #Show running-config Hin th ni dung ca bng nh tuyn M ch debug ti Router Xem li cu hnh nh tuyn

86

STATIC ROUTE TNG HP

1)S dng mng 172.(15+X).0.0/16 chia subnet vi X l s th t ca nhm 2)S dng Static Route nh tuyn 3)Cc PC phi i c internet 4)Kim tra li thng tin nh tuyn bng cc lnh + Show ip route + Ping ra internet + T PC dng lnh tracert ra internet lit k ng i

YU CU

87

LAB 10 : RIPv2
I. Gii thiu : RIP (Routing Information Protocol) l mt giao thc nh tuyn dng qung b thng tin v a ch m mnh mun qung b ra bn ngoi v thu thp thng tin hnh thnh bng nh tuyn (Routing Table)cho Router. y l loi giao thc Distance Vector s dng tiu ch chn ng ch yu l da vo s hop (hop count) v cc a ch m Rip mun qung b c gi i dng Classful (i vi RIP verion 1) v Classless (i vi RIP version 2). V s dng tiu ch nh tuyn l hop count v b gii hn s hop l 15 nn giao thc ny ch c s dng trong cc mng nh (di 15 hop).

II.

M t bi lab v hnh :

- Cc PC ni vi Switch bng cp thng, hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh trn hnh. - Bi thc hnh ny gip bn thc hin c vic cu hnh cho mng c th ien lc c vi nhau bng giao thc RIP

III.

Mc tiu :

88

IV.

-Trc khi cu hnh nh tuyn bng RIPv2 cho 2 router chng ta s thy ngi t PC1 khng th ping c n router TTG2 v l do Router TTG2 thng tin v mng 10.0.0.0/24 ( LAN1) nm u - Sauk hi cu hnh RIPv2 th PC1 phi ping c n TTG2 Cc bc cu hnh : - Trc tin bn cu hnh cho cc thit b nh sau:

Router TTG1
Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface serial 0/0/0 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#clock rate 64000 TTG1(config-if)#exit TTG1(config)#interface fastethernet 0/0 TTG1(config-if)#ip address 10.0.0.1 255.255.0.0 TTG1(config-if)#no shutdown TTG1(config-if)#exit

Router TTG2
Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface serial 0/0/0 TTG2(config-if)#ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#exit TTG2(config)#interfacae fastethernet 0/0 TTG2(config-if)#ip address 11.0.0.1 255.255.255.0

89

TTG2(config-if)#no shutdown TTG2(config-if)#exit

Host1 :
IP 10.0.0.2 Subnet mask:255.255.255.0 Gateway:10.0.0.1

Host2 :
IP: 11.0.0.2 Subnet mask:255.255.255.0 Gateway:11.0.0.1 - Bn thc hin vic kim tra cc kt ni bng lnh Ping Ping t Host1 sang a ch 10.0.0.1

Ping t Host 1 sang a ch 192.168.0.1

Ping t Host1 sang a ch 192.168.0.2

90

- i vi Host 1 bn khng th Ping thy a ch 192.168.0.2 Bn thc hin vic kim tra tng t Host 2 Ping a ch 11.0.0.1

Ping a ch 192.168.0.2

Ping a ch 192.168.0.1

91

- Thc hin cc lnh Ping t Router TTG1: TTG1#ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms TTG1#ping 11.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) - Thc hin cc lnh Ping t Router TTG2 TTG2#ping 192.168.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms TTG2#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: .....

92

Success rate is 0 percent (0/5) - Bn xem bng thng tin nh tuyn ca tng Router TTG1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C C 10.0.0.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0/0/0

TTG2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnets C C 11.0.0.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0/0/0

93

Nhn xt : Bn thy rng thng tin a ch ca cc mng m bn thc hin lnh Ping khng thnh cng khng c lu trn bng nh tuyn
Bn thc hin vic cu hnh RIP cho cc Router nh sau:

TTG1(config)#router rip TTG1(config-router)#network 192.168.0.0 TTG1(config-router)#network 10.0.0.0 TTG1(config-router)#exit

TTG2(config)#router rip TTG2(config-router)#network 11.0.0.0 TTG2(config-router)#network 192.168.0.0 TTG2(config-router)#exit - Bn xem li bng thng tin nh tuyn: TTG1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C R C 10.0.0.0 is directly connected, Ethernet0 11.0.0.0/8 [120/1] via 192.168.0.2, 00:00:00, Serial0/0/0 192.168.0.0/24 is directly connected, Serial0/0/0

TTG2#show ip route

94

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set

10.0.0.0/8 [120/1] via 192.168.0.1, 00:00:23, Serial0/0/0 11.0.0.0/24 is subnetted, 1 subnets

C C

11.0.0.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0/0/0

Nhn xt : Bn thy rng trn bng thng tin nh tuyn, Router TTG1 lin kt RIP vi mng 11.0.0.0/8 qua cng Serial 0(192.168.0.2) v Router TTG2 lin kt vi mng 10.0.0.0/8 qua cng Serial 0(192.168.0.1) Ch : V Rip gi i ch theo dng classfull nn subnet mask s c s dng defaul i vi cc lp mng. - Lc ny bn thc hin li lnh Ping gia cc Router v cc Host: T Host1 bn thc hin lnh Ping:

95

T Host 2 bn thc hin lnh Ping:

96

- Bn thy rng cc kt ni thnh cng. n y bn hon tt vic cu hnh RIP cho mng trn c th trao i thng tin vi nhau.Nhng tm hiu r hn v RIP bn thc hin tip tc cc bc cu hnh nh sau: - Bn gi nguyn cu hnh ca Router TTG 1 v thay i cu hnh ca Router TTG 2 t RIP version 1 sang RIP version 2 v kim tra :
TTG2(config)#router rip TTG2(config-router)#version 2 - Bn m ch debug trn 2 Router kim tra gi tin: TTG1#debug ip packet IP packet debugging is on

TTG2#debug ip packet IP packet debugging is on - Lc ny bn thc hin lnh Ping t Host 1 vo cc a ch khng lin kt trc tip vi n c chy RIP

TTG2# 01:49:58: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3

97

01:49:58: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 01:50:03: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 01:50:03: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 01:50:08: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 01:50:08: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable 01:50:13: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3 01:50:13: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable

TTG2# 01:55:30: IP: s=10.0.0.2 (Serial0/0/0), d=11.0.0.1, len 60, rcvd 4 01:55:30: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable 01:55:35: IP: s=10.0.0.2 (Serial0/0/0), d=11.0.0.1, len 60, rcvd 4 01:55:35: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable 01:55:40: IP: s=10.0.0.2 (Serial0/0/0), d=11.0.0.1, len 60, rcvd 4 01:55:40: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable - Nhng d liu khi bn m ch debug cho thy khi bn thc hin lnh Ping t Host1 n cc a ch nh:192.168.0.2 v 11.0.0.1 gi tin u nhn c ti im ch,tuy nhin gi tin tr v ti a ch ny khng tm c a ch 10.0.0.2(Host1) t bng nh tuyn ca Router TTG 2(unroutable) do Router ny c cu hnh RIP version 2 TTG2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

98

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnets C C 11.0.0.0 is directly connected, Ethernet0 192.168.0.0/24 is directly connected, Serial0/0/0

Nhn xt : Mng 10.0.0.0 khng cn tn ti trong bng nh tuyn Bn thc hin lnh Ping t Router TTG2 sang cc a ch ca Router TTG1 TTG2#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)

- Bn thc hin vic kim tra bng lnh Show ip route TTG1#show ip route 01:46:50: IP: s=192.168.0.2 (Serial0/0/0), d=224.0.0.9, len 52, rcvd 2route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR

99

P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C R C 10.0.0.0 is directly connected, Ethernet0 11.0.0.0/8 [120/1] via 192.168.0.2, 00:00:05, Serial0/0/0 192.168.0.0/24 is directly connected, Serial0

- Bn thy tuy ti bng nh tuyn ca Router TTG1 vn cn lu li a ch ca mng 11.0.0.0 nhng v Router TTG2 khng tm thy a ch ca mng 10.0.0.0 nn gi tin khng thc hin gi c. iu ny cho bn thy giao thc RIP Version 2 khng h tr tng thch ngc cho giao thc RIP Version 1. - Nh vy trao i thng tin nh tuyn thnh cng bng RIP th i hi cc Router phi cu hnh cng version RIP, trong trng hp nay ta tip tc cu hnh cho TTG1 chuyn qua s dng RIPv2 TTG1(config)#router rip TTG1(config-router)#version 2

- Th kim tra li kt ni gia 2 PC sau khi chuyn RIP version trn TTG1 bng lnh Ping v kt qu lnh phi thnh cng V. Ph lc cc lnh lin quan n bi lab : 1. Cu lnh ip classless : Router(config)# ip classess Router khi nhn c gi d liu m ch ca gi d liu khng c trong bng nh tuyn th gi d liu s c nh tuyn n default route. Router(config)# no ip classess Tt tnh nng ca cu lnh ip classess

2. Giao thc nh tuyn RIP: Cc cu lnh bt buc : Router(config)# router rip Cho php router s dng giao thc nh tuyn rip.

100

Router(config-router)# network w.x.y.z

Trong w.x.y.z l mng ang kt ni trc tip vo router ca bn m bn ang mun qung b.

3. Giao thc nh tuyn RIP: Cc cu lnh ty chn : Router(config)# no router rip Tt giao thc nh tuyn hot ng trn router. Router(config-router)# no network w.x.y.z Router(config-router)# version 2 Xa b mng w.x.y.z khi qu trnh nh tuyn ca RIP. Giao thc nh tuyn c s dng nhn v gi cc gi tin Ripv2 Router(config-router)# version 1 Giao thc nh tuyn c s dng nhn v gi cc gi tin Ripv1 duy nht. Router(config-if)# ip rip send version 1 Router s ch gi duy nht cc gi tin Ripv1 qua interface ny. Router(config-if)# ip rip send version 2 Router s ch gi duy nht cc gi tin Ripv2 qua interface ny. Router(config-if)# ip rip send version 1 2 Router(config-if)# ip rip receive version 1 Router(config-if)# ip rip receive version 2 Router(config-if)# ip rip receive Router s ch gi cc gi tin Ripv1 v Ripv2 qua interface ny. Router s ch nhn duy nht cc gi tin Ripv1 qua interface ny. Router s ch nhn duy nht cc gi tin Ripv2 qua interface ny. Router s nhn cc gi tin Ripv1 v

101

version 1 2 Router(config-router)# no autosummary

Ripv2 qua interface ny. Tt tnh nng t ng tng hp a ch ca cc mng classful (ch c tc dng vi Ripv2).

Router(config-router)# passiveinterface s0/0/0 Router(config-router)# neighbor a.b.c.d Router(config-router)# no ip splithorizon Router(config-router)# ip split-horizon

Router s khng gi cc thng tin nh tuyn ca rip ra ngoi interface ny. Ch ra mt neighbor trao i thng tin nh tuyn Tt tnh nng split horizon trn router

Enable tnh nng split horizon trn router.

Router(config-router)# timers basic 30 90 180 270 360

Thay i cc tham s thi gian vi RIP: 30 = thi gian Update 90 = Thi gian Invalid 180 = Thi gian hold-down 270 = Thi gian Flush 360 = Thi gian Sleep

Router(config-router)# maximumpaths x Router(config-router)# defaultinformation orginate

Gii hn s ng i cho cn bng ti l x (4 l mc nh, cn 6 s l ti a). Cu hnh default route trong rip.

4. X l li vi RIP :

102

Router#show ip route Router# debug ip rip

Hin th ni dung ca bng nh tuyn Hin th tt c cc thng tin v rip ang x l bi router.

Router# show ip rip database

Hin th ni dung ca RIP database.

103

RIPv2 Lab Tng Hp

YU CU
1) Hc vin s thc hnh trn thit b Cisco 2801 2) S dng mng 172.(15+X).0.0/16 chia subnet vi X l s th t ca nhm 3)S dng RIPv2 nh tuyn 4)Cc PC phi i c internet 5)Sauk khi nh tuyn xong, kim tra li thng tin nh tuyn bng cc lnh : + Show ip route + Ping ra internet t PC v router + T PC dng lnh tracert ra internet lit k ng i t ngun n ch

104

LAB 11: CISCO DISCOVERY PROTOCOL (CDP)


I. Gii thiu CDP(Cisco Discovery Protocol) l 1 giao thc ca Cisco, giao thc ny hot ng lp 2(data link layer) trong m hnh OSI, n c kh nng thu thp v ch ra cc thng tin ca cc thit ln cn c kt ni trc tip, nhng thng tin ny rt cn thit v hu ch cho bn trong qu trnh x l s c mng. Mc ch Bi thc hnh ny gip bn hiu r v giao thc CDP v cc thng s lin quan, nm c chc nng ca cc lnh trong giao thc ny. Ch : CDP ch cung cp thng tin ca thit b kt ni trc tip vi n, tri vi cc giao thc nh tuyn. Giao thc nh tuyn c th cung cp thng tin ca cc mng xa, hay kt ni gin tip qua nhiu router. M t bi lab v hnh

II.

III.

hnh bi lab nh hnh v, cc router c ni vi nhau bng cp serial. IV. Cc bc thc hin Trc tin cu hnh cho cc Router nh sau Router TTG1 : Router> enable Router#configure terminal Router<config>#hostname TTG1 TTG1<config>#interface serial 0/0/0 TTG1<config-if>#ip address 192.168.1.2 255.255.255.0

105

TTG1<config-if>#no shutdown TTG1<config-if>#clock rate 64000 TTG1<config-if>#exit TTG1<config>#interface serial 0/0/1 TTG1<config-if>#ip address 192.168.2.2 255.255.255.0 TTG1<config-if>#no shutdown TTG1<config-if>#clock rate 64000 TTG1<config-if>#exit TTG1<config># Router TTG2 : Router> enable Router#configure terminal Router<config>#hostname TTG2 TTG2<config>#interface serial 0/0/0 TTG2<config-if>#ip address 192.168.1.1 255.255.255.0 TTG2<config-if>#no shutdown TTG2<config-if>#clock rate 64000 TTG2<config-if>#exit TTG2<config># Router TTG3 : Router> enable Router#configure terminal Router<config>#hostname TTG2 TTG2<config>#interface serial 0/0/0 TTG2<config-if>#ip address 192.168.2.1 255.255.255.0 TTG1<config-if>#no shutdown TTG1<config-if>#clock rate 64000 TTG1<config-if>#exit TTG1<config># Lu : V CDP l 1 giao thc ring ca Cisco nn n c mc nh khi ng, v vy khi ta dng lnh Show run,nhng thng tin v giao thc ny s khng c hin th.Giao thc ny c th hot ng trn c Router v Switch V. Cc lnh trong giao thc CDP Lnh Show CDP neighbors : dng xem thng tin ca cc thit b xung quanh c lin kt trc tip(lnh ny s dng trong mode Privileged) TTG1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID

106

TTG3 TTG2

Ser 0/0/1 Ser 0/0/0

149 134

R R

2523 2500

Ser 0/0/1 Ser 0/0/0

Lnh Show CDP neighbors detail : dng xem chi tit thng tin ca cc thit b lin kt trc tip. TTG1#show cdp neighbors detail ------------------------Device ID: TTG3(thit b lin kt trc tip l TTG3) Entry address(es): IP address: 192.168.2.1(a ch cng lin kt trc tip) Platform: cisco 2523, Capabilities: Router (loi thit b lin kt: Cisco Router 2523) Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1 (lin kt trc tip qua cng Serial0/0/1) Holdtime : 124 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong (Thng tin v h iu hnh ca thit b lin kt) advertisement version: 2 ------------------------Device ID: TTG2(thit b lin kt trc tip l TTG2) Entry address(es): IP address: 192.168.1.1(a ch cng lin kt) Platform: cisco 2500, Capabilities: Router(loi thit b lin kt l Cisco Router 2500) Interface: Serial0/0/0, Port ID (outgoing port): Serial0/0/0 (lin kt qua cng Serial0/0/0) Holdtime : 168 sec (thi gian gi gi tin l 168 sec) Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong(Thng tin chi tit v phin bn v h iu hnh ca thit b) advertisement version: 2 Lnh Show CDP : hin th thng tin CDP v timer v hold-time. TTG1#show cdp Global CDP information: Sending CDP packets every 60 seconds(gi cdp c gi mi 60 second) Sending a holdtime value of 180 seconds (thi gian gi gi tin l 180 second) Sending CDPv2 advertisements is enabled Lnh Show CDP interface : hin th thng tin CDP v tng cng,cch ng gi v c timer,hold-time.

107

TTG1#show cdp int Ethernet0 is administratively down, line protocol is down (cng Ethernet0 down do khng c thit b lin kt trc tip) Encapsulation ARPA (cch ng gi packet) Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/0 is up, line protocol is up(cng Serial0/0/0 up do co thit b lin kt trc tip) Encapsulation HDLC (cch ng gi packet) Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/1 is up, line protocol is up (cng Serial0/0/1 up do c thit b lin kt trc tip) Encapsulation HDLC(cch ng gi packet) Sending CDP packets every 60 seconds Holdtime is 180 seconds Lu : ta c th dng lnh no cdp enable tt ch CDP trn cc interface,v lc ny lnh show CDP interface s khng hin th thng tin CDP trn interface .Nu mun bt li ch CDP trn interface no ta dng lnh CDP enable trn interface . TTG1(config)#interface serial 0/0/0 TTG1(config-if)#no cdp enable (tt ch CDP trn interface Serial0/0/0) TTG1(config-if)#^Z TTG1#show cdp inter 01:32:44: %SYS-5-CONFIG_I: Configured from console by console Ethernet0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/1 is up, line protocol is up Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds (thng tin v cng Seria0/0/0 khng hin th sau khi tt ch cdp trn n) Nu mun bt li ch CDP trn interface no ta dng lnh CDP enable trn interface . TTG1(config)#interface serial 0/0/0 TTG1(config-if)#cdp enable TTG1(config-if)#exit Lnh Show CDP traffic : hin th b m CDP bao gm s lng gi packet gi, nhn v b li. TTG1#show cdp traffic CDP counters : Total packets output: 128, Input: 115

108

Hdr syntax: 0, Chksum error: 0, Encaps failed: 9 No memory: 0, Invalid packet: 0, Fragmented: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 128, Input: 115 Lnh Clear CDP counter : dng reset lai b m CDP. Lnh No CDP run : tt hon ton ch CDP trn Router TTG1(config)#no cdp run TTG1(config)#^Z TTG1#show cdp (lnh show cdp khng hp l khi tt ch cdp) % CDP is not enabled Lnh CDP run : dng m li ch CDP trn Router TTG1(config)#cdp run TTG1(config)#exit TTG1#show cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled Lu : Giao thc CDP ch cho ta bit c thng tin ca nhng thit b c lin kt trc tip. TTG3#show cdp neighbors detail ------------------------Device ID: TTG1 Entry address(es): IP address: 192.168.2.2 Platform: cisco 2500, Capabilities: Router Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1 Holdtime : 138 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani advertisement version: 2 - T Router TTG3 ch xem c thng tin ca thit b ni trc tip l Router TTG1. Gi s ta thay i a ch IP ca cng Serial0/0/1 router TTG3 TTG3(config)#interface serial 0/0/0 TTG3(config-if)#ip address 192.168.3.2 255.255.255.0 TTG3(config-if)#no shut TTG3(config-if)#clock rate 64000 TTG3(config-if)#^Z - Dng lnh Ping t Router TTG3 ping a ch cng Serial 0/01 ca Router TTG1:

109

TTG3#ping 192.168.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) - S dng giao thc CDP t Router TTG3 xem thng tin v cc thit b lin kt trc tip: TTG3#show cdp neighbors detail ------------------------Device ID: TTG1 Entry address(es): IP address: 192.168.2.2 Platform: cisco 2500, Capabilities: Router Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1 Holdtime : 144 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani advertisement version: 2 - Bn thy r t Router TTG3 ta ping khng thy c Router TTG1 nhng dng giao thc CDP bn vn nhn c thng tin ca thit b lin kt. y l u im ca giao thc CDP. u im ny s rt hu ch cho bn khi x l s c mng. VI. Ph lc cc lnh lin quan n bi lab : Router#show cdp Hin th thng tin ca CDP nh cc tham s thi gian. Router#show cdp neighbors Hin th thng tin v cc thit b hng xm. Router#show cdp neighbors detail Hin th thng tin chi tit v cc thit b hng xm. Router#show cdp entry word Hin th thng tin v nh danh cc thit b. Router#show cdp entry * Router#show cdp interface Hin th thng tin v tt c cc thit b. Hin th thng tin v tt c nhng interface ang chy giao thc CDP.

110

Router#show cdp interface x

Hin th thng tin v mt interface no c ch ra ang chy giao thc CDP.

Router#show cdp traffic

Hin th thng tin v cc lu lng c i v n.

Router(config)#cdp holdtime x

Thay i thi gian m cc gi tin CDP c gi li.

Router(config)#cdp timer x Router(config)#cdp run

Thay i thi gian cc gi tin CDP c cp nht Cho php giao thc CDP c chy trn tt c cc interface (mc nh).

Router(config)#no cdp run

Tt giao thc CDP chy trn cc interface ca thit b.

Router(config-if)#cdp enable

Cho php giao thc CDP c chy trn mt interface c ch ra.

Router(config-if)#no cdp enable

Tt giao thc CDP trn interface c ch ra.

Router#clear cdp counters

Khi to li b m lu lng d liu tr v 0

Router#clear cdp table Router#debug cdp adjacency

Xa bng CDP. Gim st cc thng tin CDP v cc thit b hng xm.

Router#debug cdp events Router#debug cdp ip

Gim st tt c cc s kin ca giao thc CDP Gim st cc s kin ca CDP c ch ra cho giao thc IP.

111

Router#debug cdp packets

Gim st cc thng tin ca CDP c lin quan n cc gi tin.

112

LAB 12: SAO LU IOS, CU HNH ROUTER


I. Gii thiu : - Flash l 1 b nh c th xa, c dng lu tr h iu hnh v mt s m lnh.B nh Flash cho php cp nht phn mm m khng cn thay th chip x l.Ni dung Flash vn c gi khi tt ngun. - Bi lab ny gip bn thc hin vic np IOS (Internetwork Operating System) Image t Flash trong Router Cisco vo TFTP server to bn IOS Image d phng v np li IOS Image t t TFTP sever vo Cisco Router chy t Flash(khi phc phin bn c hay update phin bn mi) thng qua giao thc truyn TFTP (Trivial file transfer protocol) II. M t bi lab v hnh :

- hnh bi lab nh hnh v, PC ni vi router bng cp cho - PC hot ng nh 1 TFTP Server v c ni vi Router thng qua mi trng Ethernet, lc ny Router hot ng nh l TFTP Client. IOS s c copy t Router ln Server ( trong tnh hung backup IOS) hay t Server vo Router( trong tnh hung update hay ci t IOS mi). i

113

vi trng hp np IOS cho Router khi Flash Router b xo ta c th vo mode ROMMON cu hnh ly IOS t Server. III. Cc bc thc hin : Chng ta s cu hnh cho router TTG v PC (ng vai tr nh mt TFTP server) nh sau : PC : IP Address : 10.1.0.2 Subnetmask : 255.0.0.0 Gateway : 10.1.0.1

Router TTG : Router>enable Router#configure terminal Router(config)#hostname TTG TTG(config)#interface fa0/1 TTG(config-if)#ip address 10.1.0.1 255.0.0.0 TTG(config-if)#no shutdown TTG(config-if)#exit Bn thc hin lnh Ping m bo vic kt ni gia Router v TFTP server TTG#ping 10.1.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms Dng lnh Show version xem phin bn IOS hin hnh: TTG#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1) Router ang s d ng IOS version 12.2(1d)

114

Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 03-Feb-02 22:01 by srani Image text-base: 0x0307EEE0, data-base: 0x00001000 ROM: System Bootstrap, Version 11.0(10c), SOFTWARE BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT WARE (fc1) TTG uptime is 15 minutes System returned to ROM by bus error at PC 0x100D042, address 0xFFFFFFFC System image file is "flash:/c2500-jk8os-l.122-1d.bin" Tn tp tin IOS image c np t flash- loI Cisco 2500 s dng h iu hnh phin bn12.2(1d) cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory. Router c 16MB RAM,14 MB dng cho b nh x l, 2 MB dng cho b nh I/O Processor board ID 08030632, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Router c 16 MB flash

115

Configuration register is 0x2102

Thanh ghi hin hnh

Dng lnh Show Flash xem b nh Flash v lu tn file IOS li chun b copy xung TFTP TTG#show flash System flash directory: File Length Name/status 1 16505800 /c2500-jk8os-l.122-1d.bin [16505864 bytes used, 271352 available, 16777216 total] 16384K bytes of processor board System flash (Read ONLY)

ngha tn File IOS Image: c2500:loi thit b Cisco 2500 1.122 : lai phin bn IOS Bn thc hin vic np IOS image t Flash vo TFTP server: TTG#copy flash: tftp: Source filename []? /c2500-jk8os-l.122-1d.bin Address or name of remote host []? 10.1.0.2 Destination filename [c2500-jk8os-l.122-1d.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 16505800 bytes copied in 232.724 secs (71145 bytes/sec) - Qu trnh np thnh cng, file IOS image c lu vo chng trnh cha TFTP server a ch TFTP server

116

- Bn thc hin xong vic np IOS t Flash vo TFTP server, sau y bn thc hin li vic np mt IOS c sn t TFTP server vo li flash ca mt Router. t PC. Gi s bn c 2 file IOS c sn trong TFTP server Cc bc thc hin: Bn cu hnh Router v Host nh trn.chy chng trnh TFTP

117

File IOS Image c2500-i-l.121-26.bin c dung lng 7,85 MB. File IOS Image c2500-jk80os-l.122-1d.bin c dung lng 16MB Bn thc hin kim tra Flash: TTG#show flash System flash directory: File Length Name/status 1 8039140 /c2500-i-l.121-26.bin [8039204 bytes used, 349404 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY) Nhn xt : B nh Flash ca bn c dung lng l 8 MB, bn c th lu file IOS image c2500-i-l.121-26.bin vo Flash Thc hin qu trnh copy flash TTG#copy tftp: flash: Address or name of remote host []? 10.1.0.2 tn hay a ch ni lu Flash (TFTP Server) Source filename []? c2500-i-l.121-26.bin Destination filename [c2500-i-l.121-26.bin]? %Warning:There is a file already existing with this name Do you want to over write? [confirm] Accessing tftp://192.168.14.2/c2500-i-l.121-26.bin... Erase flash: before copying? [confirm] 00:09:43: %SYS-5-RELOAD: Reload requested %SYS-4-CONFIG_NEWER: Configurations from version 12.1 may not be correctly understood. %FLH: c2500-i-l.121-26.bin from 192.168.14.2 to flash ... System flash directory: File Length Name/status Tn file ngun Tn file ch

118

1 8039140 /c2500-i-l.121-26.bin [8039204 bytes used, 349404 available, 8388608 total] Accessing file 'c2500-i-l.121-26.bin' on 192.168.14.2... Loading c2500-i-l.121-26.bin from 192.168.14.2 (via Ethernet0): ! [OK] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased qu trnh xa flash Loading c2500-i-l.121-26.bin from 192.168.14.2 (via Ethernet0): !!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 8039140/8388608 bytes] Verifying checksum... OK (0x9693) Flash copy took 0:03:57 [hh:mm:ss] %FLH: Re-booting system after download F3: 7915484+123624+619980 at 0x3000060 qu trnh np Flash

Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1)

119

Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong Image text-base: 0x03042000, data-base: 0x00001000 cisco 2500 (68030) processor (revision N) with 6144K/2048K bytes of memory. Processor board ID 17553463, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) - Sau khi np Flash hon thnh, Router s reset li thay i Flash mi, lc ny IOS trong Flash s l file IOS bn va copy vo. Qu trnh np Flash trong TFTP server

Lu : l trong c qu trnh copy flash t TFTP server vo Router hay t Router vo TFTP server bn u phi chy chng trnh TFTP server trn PC.

120

IV.

Ph lc cc lnh lin quan n bi lab : 1. Cc cu lnh Boot System : Khi ng vi phn mm Cisco IOS bng mt image-name t Flash Khi ng vi phn mm Cisco IOS bng mt image-name t mt TFTP server Khi ng vi phn mm Cisco IOS t ROM.

Router(config)#boot system flash imagename Router(config)#boot system tftp image-name 172.16.10.3 Router(config)#boot system rom

2. Sao lu phn mm Cisco IOS vo mt TFTP server : Router #copy flash tftp Source filename [ ]? c2600-js-l_1213.bin Address or name of remote host [ ]? 192.168.119.20 Destination filename [c2600-js-l_1213.bin]? Nhp tn ca file m bn lu ra TFTP server. Nhp a ch IP ca TFTP server. Copy IOS t flash ti TFTP Server Nhp tn ca phn mm Cisco IOS.

3. Phc hi hoc nng cp phn mm Cisco IOS t mt TFTP Server : Router #copy tftp flash Address or name of remote host [ ]? 192.168.119.20 Source filename [ ]? c2600-js-l_1213.bin Nhp tn ca file m bn lu trn TFTP server. Copy IOS t TFTP Server ti flash Nhp a ch IP ca TFTP server

121

Destination filename [c2600-js-l_1213.bin]? Erase flash: before copying? [confirm]

Nhp tn ca file m bn lu trn IOS server. Nu b nh flash b y, th s cn phi xa trc khi thc hin vic copy.

4. Kim tra file IOS : Router #show version Router #show flash Kim tra xem phin bn IOS hin hnh Xem b nh Flash v lu tn file IOS li chun b copy xung TFTP

122

LAB 13: KHI PHC MT KHU CHO CISCO ROUTER


I. Gii thiu : - Mt khu truy cp l rt hu ch trong lnh vc bo mt, tuy nhin i khi n c ng em l i phin toi nu chng may bn qun mt mt khu truy nhp.Bi thc hnh khi phc mt khu cho Cisco Router ny gip bn khi phc li mt khu ng nhp vo Router . Lu : t mt khu cho Router c ngh r t ln trong kha cnh security,n ngn cn c a cc phin Telnet t xa vo Router thay i cu hnh hay thc hin nhng mc ch khc.Bn nn trnh nhm ln gia hai khi nim bo mt v khi phc mt khu,bn c th khi phc hay thay i c mt khu ca Router khng c ngha l mc bo mt ca Router khng cao v khi phc mt khu cho Router, iu kin tin quyt l bn phi thao tc trc tip trn Router, iu ny c ngha l b n phi c s chp nhn ca Admin hay k thut vin qun l Router. II. M t bi lab v hnh :

Trong hnh trn PC ni vi router bng cp console III. Qu trnh khi ng ca Router : Khi va bt ngun, Router s kim tra phn cng, sau khi phn cng c kim tra hon tt, h iu hnh s c np t Flash, tip Router s np cu hnh trong NVRAM bao gm tt c nhng ni dung cu hnh trc cho Router nh cc thng tin v giao thc, a ch cc cng v c mt khu truy nhp.V vy Router khng kim tra mt khu khi ng nhp, bn phi ngn khng cho Router np d liu t NVRAM. Mi dng Router c mt k thut khi phc mt khu khc nhau, tuy vy khi phc mt khu cho Router bn phi qua cc bc sau:

123

Bc 1 : Khi ng Router,ngn khng cho Router np cu hnh trong NVRAM. (bng cch thay i thanh ghi t 0x2102 sang thanh ghi 0x2142). Bc 2 : Reset li Router (lc ny Router s dng thanh 0x2142 khi ng). Bc 3 : ng nhp vo Router(lc ny Router khng kim tra mt khu), dng cc lnh ca Router xem hay ci t li mt khu (bn ch xem c mt khu khi mt khu c ci t ch khng m ha) Bc 4 : Thay i thanh ghi (t 0x2142 sang 0x2102). Bc 5 : Lu li cu hnh va ci t (lc ny mt khu bit). IV. Khi phc mt khu cho Cisco Router 2500. - Gi s khi bn ng nhp vo Router nhng bn qun mt mt khu. TTG con0 is now available Press RETURN to get started. TTG>enable Password: Password: Password: % Bad secrets - Bn phi thc hin vic khi phc mt khu. Cc bc thc hin nh sau: Bc 1 : bn khi ng li Router System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by cisco Systems 2500 processor with 8192 Kbytes of main memory n Ctrl Break khng cho Router np d liu t NVRAM Abort at 0x103AA7E (PC) romon> confreg 0x2142 S dng lnh ny thay i thanh ghi sang 0x2142 Bc 2 : khi ng li Router, lc ny Router s np cu hnh t thanh ghi 0x2142 (cu hnh trng) TTG>enable password s khng yu cu kim tra khi ng nhp TTG#show start dng lnh Show start xem cu hnh trong NVRAM

Using 456 out of 32762 bytes

124

! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 $1$AqeQ$yB00zFjHxIiVoHLnbLEhh1 password secret c m ho enable password cisco ! end Bc 3 : Cu hnh li mt khu cho Router: TTG#configure terminal Enter configuration commands, one per line. End with CNTL/Z. TTG(config)#enable secret TTG mt khu secret c cu hnh li l TTG TTG(config)#exit TTG#conf igure terminal TTG(config)#enable password class TTG(config)#exit Bc 4 : Thay i thanh ghi hin hnh t 0x2142 tr v 0x2102 Dng lnh Show version xem thanh ghi hin hnh TTG#show verion Cisco Internetwork Operating System Software mt khu enable password l class mt khu enable password l cisco

125

IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong Image text-base: 0x03042000, data-base: 0x00001000 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 Thay i thanh ghi: TTG(config)#config-register 0x2102 TTG(config)#exit Xem li thanh ghi hin hnh: TTG#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sat 16-Oct-04 02:44 by cmong 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 (will be 0x2102 at next reload) thanh ghi hin hnh l 0x2102 Bc 5 : lu cu hnh thay i vo thanh ghi 0x2102 TTG#copy run start Building configuration... [OK] Thanh ghi 0x2142 ang c s dng dng lnh config-register

126

- Dng lnh show start xem cu hnh khi ng trong NVRAM TTG#show start Using 488 out of 32762 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname TTG ! enable secret 5 $1$49cD$jrvYyRSQhpTAHuDA1/R1v. enable password class ! ! ! End - Sau khi reload li, ng nhp vo Router,mt khu secret l TTG s c kim tra TTG con0 is now available Press RETURN to get started. TTG>ena Password: TTG# V. Ph lc cc lnh lin quan n bi lab : mt khu l TTG s c kim tra v chp nhn

127

Router #show version

Khi bn s dng cu lnh show version th dng cui cng ca phn hin th s thng bo cho bn bit gi tr ca Configuration register.

Router (config)#config-register 0x2102

Thay i gi tr ca Configuration Register thnh 2102

Rommon 1 > confreg 0x2142 Router #reload Router #copy runningconfig startupconfig

Thay i gi tr thanh ghi trong ch Rommon thnh 2142 Khi ng li Router Copy file cu hnh vo NVRAM

128

Lab 14: RECOVERY PASSWORD SWITCH


I. II. Gii thiu : Trong bi lab ny chng ta se thc hin recovery password ca mt switch M t bi lab v hnh :

- Ni cp console gia PC vi switch. Chng ta s tin hnh recovery password trn switch 2950 trong bi lab ny. III. Thc hin : - kho st vic recovery password r rng n ,chng ta s cu hnh tn v password cho h switch trc khi tin hnh recovery password cho switch - Chng ta cu hnh tn v password cho switch nh sau : Switch#configure terminal Switch(config)#hostname TTG TTG(config)#enable password cisco TTG(config)#enable secret TTG t password cho switch t secret password cho switch

- Sau khi cu hnh xong chng ta lu vo NVRAM v xem li cu hnh trong NVRAM tr c khi tin hnh recovery password cho switch. TTG#copy run start Destination filename [startup-config]? Building configuration...

129

TTG#show start TTG#sh start Using 1186 out of 32768 bytes version 12.1 hostname TTG enable secret 5 $1$s22D$vCe6IFIeKLhUPZqgm6QZ6/ enable password cisco Chng ta tin hnh recovery password theo cch bc sau : Bc 1 : tt ngun switch, sau gia nt MODE trn switch 2950 trong lc bt ngun li. Khi mn hnh hin nhng thng bo sau, ta nh nt MODE ra. Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Sun 07-Nov-04 23:14 by antonino (mt s thng bo c lc b) flash_init load_helper boot Bc 2: Chng ta nhp flash_init bt u cu hnh cho cc file ca flash. Nhp cu lnh dir flash: xem cc file c cha trong flash. Sau chng ta i tn file config.text thnh config.bak (v cu hnh ca chng ta lu ph n trc c switch cha trong file ny) bng cu lnh sau : rename flash:config.text flash:config.bak Sau chng ta reload li switch bng cu lnh boot Bc 3 : Trong qu trnh khi ng switch s hi : Continue with the configuration dialog? [yes/no] : Chng ta nhp vo NO, b qua cu hnh ny. Sau khi khi ng xong chng ta vo mode privileged. Switch>en

130

Switch# - Sau chng ta chuyn tn file config.bak trong flash thnh config.text bng cch : Switch#rename flash:config.bak flash:config.text - Ri cu hnh NVRam vo RAM bng cu lnh sau : Switch#copy flash:config.text system:running-config Bc 4 : g b tt c cc loi password TTG#conf t TTG(config)#no enable password TTG(config)#no enable secret Bc 5 : copy cu hnh t RAM vo NVRam, ri reload switch li. TTG#copy run start Destination filename [startup-config]? Building configuration... [OK] TTG#reload IV. Ph lc mt s lnh lin quan n bi lab : Khi to b nh flash Hin th ni dung ca b nh flash Thc hin i tn ca file cu hnh. V file cu hnh config.text c cha mt khu. Khi ng li switch i li tn ca file cu hnh tr v tn mc nh. Copy file cu hnh trong b nh flash

Switch: flash_init Switch: dir flash: Switch: rename flash:config.text flash:config.bak switch: boot Switch #rename flash:config.bak flash:config.text Switch #copy flash:config.text system:running-config

131

Switch#copy running-config startupconfig

Lu file cu hnh ang chy vo NVRAM vi mt khu mi c cu hnh.

132

LAB 15: LAB TNG HP PHN 1

I. 1. 2. 3. 4. 5. 6. 7. 8. 9. II.

III. 1. 2.

Yu Cu : Trin khai m hnh kt ni trn Cisco Lab S dng mng 192.168.X.0/24 chia subnet cc mng ca router N,HN,HCM : t mt khu cho line vty,console,enable secrect cho cc router l TTG, S dng RIPv2 nh tuyn gia router N,HN,HCM : nh tuyn cc Router kt ni n Internet, Internet ch dng Static route : Cc PC phi ping c n cc mng ca Internet : Kim tra li thng tin nh tuyn bng cc lnh : T PC th telnet ,ssh ln router v lu cu hnh Copy cu hnh, IOS t cc router n lu trn TFTP Server Mc Tiu : - Gip cc hc vin nm r li cc kin thc lin quan n phn 1 ca chng trnh CCNA bao gm cc phn : a ch IP, subnet, nh tuyn tnh v ng ( Static Route, RIPv2 ), cc loi mt khu, sao lu d phng cu hnh, IOS Cc Bc Cu Hnh : Trin khai m hnh kt ni trn Cisco Lab S dng mng 192.168.2.0/24 ( bi lab s dng X=2, cc nhm nh thay gi tr ca X = STT m gio vin phn ) chia subnet cc mng ca router N,HN,HCM : : 5 subnet

+S subnet cn

133

+S bit mn

: 3 bit ( tng cng c 8 subnet)

+SubnetMask mi: 255.255.255.224 +Bc nhy +Lit k subnet 1-192.168.2.0/27 2-192.168.2.32/27 3-192.168.2.64/27 4-192.168.2.96/27 5-192.168.2.128/27 6-192.168.2.160/27 7-192.168.2.192/27 8-192.168.2.224/27 : 256 -224 = 32 IP dng c 192.168.2.1 --- 192.168.2.30 ( LAN N) 192.168.2.33 --- 192.168.2.62 (LAN HN) 192.168.2.65 --- 192.168.2.94 (LAN HCM) 192.168.2.97 --- 192.168.2.126 (N-HN) 192.168.2.129 --- 192.168.2.158 (HN-HCM) 192.168.2.161 --- 192.168.2.190 192.168.2.193 --- 192.168.2.222 192.168.2.225--- 192.168.2.254

-Tin hnh t a ch IP cho cc Router,PC 3. t mt khu cho line vty,console,enable secrect cho cc router l TTG, bt dch v SSH s dng version2 : -Mt khu line vty Router(config)#line vty 0 4 Router(config-line)#password TTG Router(config-line)#login -Mt khu console Router(config)#line console 0 Router(config-line)#password TTG Router(config-line)#login -Secrect password Router(config)# enable secrect TTG

134

-Bt dch v SSH Router(config)#hostname DN

i tn mc nh ca router

DN(config)#username ttg password 123 Username v mt khu chng thc trong SSH DN(config)#ip domain-name truongtan.edu.vn t domain name cho router DN(config)#crypto key generate rsa

To ra kha m ha d liu trong phin SSH

The name for the keys will be: DN.truongtan.edu.vn Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 DN(config)#ip ssh version 2 DN(config)#line vty 0 4 DN(config)#transport input ssh DN(config)#login local

Ch cho php SSH n router

Khi SSH n router s chng thc bng nhng username v mt khu to ra trn

- Lp li vic cu hnh cc loi mt khu v SSH trn 3 router cn li . 4. S dng RIPv2 nh tuyn gia router N,HN,HCM : - Do c 3 router u dng cc subnet ca cng network 192.168.2.0/24 nn khi cu hnh RIP c 3 router u ging nhau : Router(config)#router rip Router(config-router)#version 2 Router(config-router)#network 192.168.2.0 - Do cc network c qung b trong RIP phi l cc default network theo class A,B,C. V d router DN c 2 subnet cn qung b l 192.168.2.0/27 v 192.168.2.96/27 nhng do 2 subnet ny u thuc cng network lp C 192.168.2.0/24 nn khi cu hnh RIP ch cn qung b DN(config-router)#network 192.168.2.0 - Tin hnh kim tra li thng tin nh tuyn ca cc router bng lnh :

135

Router#show ip route Router#show ip protocols - T cc PC ca HN, HCM, N s dng lnh ping kim tra kt ni nu khng thnh cng trn cc router th s dng lnh show ip interface brief kim tra li trng thi vt l v a ch ip ca cc cng HN#show ip interface brief Interface FastEthernet0/0 FastEthernet0/1 Serial0/0/0 Serial0/0/1 Serial0/1/0 Serial0/1/1 IP-Address 192.168.2.33 unassigned 192.168.2.97 OK? Method Status YES manual YES manual up Protocol up

administratively down down up up up administratively down up up up down

YES manual

192.168.2.129 YES manual 192.168.1.1 unassigned YES manual YES manual

5. nh tuyn cc Router kt ni n Internet, Internet ch dng Static route : -Do c im cc mng ngoi Internet l rt nhiu khng th nh tuyn bng cch ch tng mng c nn cc PC trong LAN ca HCM, HN, N c th i n c tt c cc mng Internet th trn 3 router ta phi cu hnh thm default route ( ng i mc nh) , c th nh sau +N, HCM s cu hnh ng i mc nh n HN DN(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.97 HCM(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.129 Lnh trn c ngha l i vi router HCM,DN nhng network ch no khng bit th s c y n router HN + HN s cu hnh ng i mc nh n Internet HN(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 Lnh trn c ngha l i vi router HN nhng network ch no khng bit th s c y n router Internet - Cn i vi router Internet s dng static route n 5 subnet m hin ti n cha bit l cc subnet ca cc LAN v subnet dng gia cc router N,HN,HCM, lnh cu hnh c th nh sau: + Internet(config)#ip route 192.168.2.0 255.255.255.224 192.168.1.2 next-hop l IP ca HN

136

+ Internet(config)#ip route 192.168.2.32 255.255.255.224 192.168.1.2 (HN LAN) + Internet(config)#ip route 192.168.2.64 255.255.255.224 192.168.1.2 (DHCM LAN) + Internet(config)#ip route 192.168.2.96 255.255.255.224 192.168.1.2 (DN-HN) + Internet(config)#ip route 192.168.2.128 255.255.255.224 192.168.1.2 (HCM-HN) - Nhng do c 5 subnet ny u thuc network 192.168.2.0/24 nn thay v nh 5 lnh route n 5 subnet ta c th s dng 1 lnh route n network chnh. Nh vy 5 lnh route trn c th thay bng 1 lnh route sau : + Internet(config)#ip route 192.168.2.0 255.255.255.0 192.168.1.2 - Kim tra kt ni t cc PC n cc mng ngoi Internet bng lnh ping,tracert 6. Cc PC phi ping c n Web, FTP Server: - S dng lnh ping trn tt c PC kim tra kt ni n cc server ti router Internet, cc lnh ping u phi thnh cng. - Setup Web v FTP server, cc bn c th tham kho video ti a ch http://www.mediafire.com/download.php?lhz4njdflyy - M trnh duyt th kt ni n Webserver 7. Kim tra li thng tin nh tuyn bng cc lnh : Ping,Traceroute , Show ip route, Show ip protocols, Debug ip rip 8. T PC th telnet ,ssh ln router,lu cu hnh copy running-config startup-config - T PC mun telnet,ssh n router vo Desktop Command Prompt s dng lnh telnet <ip ca router> Lnh telnet s khng thnh cng do hin ti ta ang dng SSH ssh -l <tn username to trn router> <ip ca router> - Tin hnh lu cu hnh trn cc router bng lnh Router#copy running-config startup-config Destination filename [startup-config]? <Enter> 9. Lu cu hnh ,IOS ca cc router ln TFTP server : - Trn LAN ca N tin hnh kt ni thm 1 TFTP Server c a ch 192.168.2.5 sau tin hnh copy cu hnh ( startup-config, running-config) v IOS lu trn TFTP server

137

DN#copy run tftp Address or name of remote host []? 192.168.2.5 Destination filename [DN-confg]? <Enter> DN#copy start tftp Address or name of remote host []? 192.168.2.5 Destination filename [DN-confg]? <Enter> - Copy IOS ln lu trn TFTP server, trc tin ta phi s dng lnh dir flash: hay show flash: mode privilege xem thng tin v tn file IOS sau s dng lnh DN#copy flash: tftp: 10. Kt thc bi lab,s dng lnh erase startup-config xa cu hnh v reload khi ng li router

138

LAB 16: OSPF (OPEN SHORTEST PATH FIRST)


1. Gii thiu : Giao thc OSPF (Open Shortest Path First) thuc loi link-state routing protocol v c h tr bi nhiu nh sn xut. OSPF s dng thut ton SPF tnh ton ra ng i ngn nht cho mt route. Giao thc OSPF c th c s dng cho mng nh cng nh mt mng ln. Do cc router s dng giao thc OSPF s dng thut ton tnh metric cho cc route ri t xy dng nn hnh ca mng nn tn rt nhiu b nh cng nh hot ng ca CPU router. Nu nh mt mng qu ln th vic ny din ra rt lu v tn rt nhiu b nh. khc phc tnh trng trn, giao thc OSPF cho php chia mt mng ra thnh nhiu area khc nhau. Cc router trong cng mt area trao i thng tin vi nhau, khng trao i vi cc router khc vng. V vy, vic xy dng hnh ca router c gim i rt nhiu. Cc vng khc nhau mun lin kt c vi nhau phi ni vi area 0 (cn c gi l backbone) bng mt router bin. Cc router chy giao thc OSPF gi lin lc vi nhau bng cch gi cc gi Hello cho nhau. Nu router vn cn nhn c cc gi Hello t mt router kt ni trc tip qua mt ng kt ni th n bit c rng ng kt ni v router u xa vn hot ng tt. Nu nh router khng nhn c gi hello trong mt khong thi gian nht nh, c gi l dead interval, th router bit rng router u xa b down v khi router s chy thut ton SPF tnh route mi. Mi router s dng giao thc OSPF c mt s ID nhn dng. Router s s dng a ch IP ca interface loopback cao nht (nu c nhiu loopback) lm ID. Nu khng c loopback no c cu hnh hnh th router s s dng IP cao nht ca cc interface vt l. OSPF c mt s u im l : thi gian hi t nhanh, c h tr bi nhiu nh sn xut, h tr VLSM, c th s dng trn mt mng ln, c tnh n nh cao. 2. Cc cu lnh s dng trong bi lab : router ospf process-id Cho php giao thc OSPF network address wildcard-mask area area-id Qung b mt mng thuc mt area no

3. M t bi lab v hnh :

139

- hnh bi lab nh hnh v. Cc router c cu hnh cc interface loopback 0. a ch IP ca cc interface c ghi trn hnh. L y chng ta s dng subnetmask ca cc mng khc u nhau. 4. Cc bc thc hin : - Trc tin ta cu hnh cho cc Router nh sau : Router TTG1 Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface s1/0 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#clock rate 64000

140

TTG1(config-if)#exit TTG1(config)#interface loopback 0 TTG1(config-if)#ip address 10.0.0.1 255.255.0.0 TTG1(config-if)#exit TTG1(config)# Router TTG2 Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface s1/0 TTG2(config-if)#ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#exit TTG2(config)# interface s1/1 TTG2(config-if)# ip address 170.1.0.1 255.255.0.0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#exit TTG2(config)#interface loopback 0 TTG2(config-if)#ip address 11.1.0.1 255.0.0.0 TTG2(config-if)#exit TTG1(config)#interface E0 TTG2(config-if)# ip address 15.1.0.1 255.0.0.0 TTG2(config-if)#no shutdown

141

TTG2(config-if)#exit TTG2(config)# Router TT3 Router>enable Router#configure terminal Router(config)#hostname TTG3 TTG3(config)#interface s1/0 TTG3(config-if)#ip address 170.1.0.2 255.255.0.0 TTG3(config-if)#no shutdown TTG3(config-if)#clock rate 64000 TTG3(config-if)#exit TTG3(config)#interface loopback 0 TTG3(config-if)#ip address 12.1.0.1 255.255.255.252 TTG3(config-if)#exit TTG3(config)# - Trc khi cu hnh OSPF mi ngi cn ch n gi tr WildcasdMask c tnh theo cc ly 255.255.255.255 tr cho gi tr SubnetMask ca mng cn tham gia vo qu trnh qung b ca OSPF. V d : cn cho mng 192.168.1.0/24 c qung b trong OSPF: + Mng 192.168.1.0/24 c Subnetmask l 255.255.255.0 nn gi tr WildcasdMask l : 255.255.255.255 255.255.255.0 = 0.0.0.255 - Sau khi cu hnh interface cho cc router, ta tin hnh cu hnh OSPF nh sau Router TTG1: TTG1(config)#router ospf 10 TTG1(config-router)#network 192.168.1.0 0.0.0.255 area 0 TTG1(config-router)# network 10.0.0.0 0.0.255.255 area 0 Router TTG2 :

142

TTG2(config)#router ospf 10 TTG2(config-router )#network 192.168.1.0 0.0.0.255 area 0 TTG2(config-router )#network 170.1.0.0 0.0.255.255 area 0 TTG2(config-router )#network 15.0.0.0 0.255.255.255 area 0 TTG2(config-router )#network 11.0.0.0 0.255.255.255 area 0 Router TTG3 : TTG3(config)#router ospf 10 TTG2(config-router )#network 170.1.0.0 0.0.255.255 area 0 TTG2(config-router )#network 12.1.0.0 0.0.0.3 area 0 - Ngoi ra chng ta c th cu hnh OSPF cho c ba router theo cch sau: TTG1(config)#router ospf 10 TTG1(config-router)#network 192.168.1.1 0.0.0.0 area 0 TTG1(config-router)# network 10.0.0.1 0.0.0.0 area 0

TTG2(config)#router ospf 10 TTG2(config-router)#network 192.168.1.2 0.0.0.0 area 0 TTG2(config-router)#network 170.1.0.1 0.0.0.0 area 0 TTG2(config-router)#network 11.1.0.1 0.0.0.0 area 0 TTG2(config-router)#network 15.1.0.1 0.0.0.0 area 0

TTG3(config)#router ospf 10 TTG3(config-router)#network 170.1.0.2 0.0.0.0 area 0 TTG3(config-router)#network 12.1.0.1 0.0.0.0 area 0 - Sau khi qung b cc mng ca router xong chng ta kim tra li bng nh tuyn ca cc router bng cu lnh show ip route TTG1#sh ip route

143

Gateway of last resort is not set O 170.1.0.0/16 [110/128] via 192.168.1.2, 01:20:18, Serial1/0 10.0.0.0/16 is subnetted, 1 subnets O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:20:18, Serial1/0 C 10.0.0.0 is directly connected, Loopback0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 192.168.1.2, 01:20:18, Serial1/0 12.0.0.0/32 is subnetted, 1 subnets O 12.1.0.1 [110/129] via 192.168.1.2, 01:20:18, Serial1/0

C 192.168.1.0/24 is directly connected, Serial1/0 TTG2#show ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial1/1 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/65] via 192.168.1.1, 01:20:38, Serial1/0

C 11.0.0.0/8 is directly connected, Loopback0 12.0.0.0/32 is subnetted, 1 subnets O 12.1.0.1 [110/65] via 170.1.0.2, 01:20:38, Serial1/1

C 192.168.1.0/24 is directly connected, Serial0 TTG3#show ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial1/0 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/129] via 170.1.0.1, 00:00:20, Serial1/0 11.0.0.0/32 is subnetted, 1 subnets

144

11.1.0.1 [110/65] via 170.1.0.1, 00:00:20, Serial1/0 12.0.0.0/30 is subnetted, 1 subnets

12.1.0.0 is directly connected, Loopback0

O 192.168.1.0/24 [110/128] via 170.1.0.1, 00:00:20, Serial1/0 O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:00:20, Serial1/0 Nhn xt : cc router bi t c tt c cc mng trong hnh ca chng ta. Cc route router bit c nh giao thc OSPF c nh O u route. Trong kt qu trn cc route c in m. - By gi chng ta s kim tra li xem cc mng c th lin lc c vi nhau hay cha bng cch ln lt ng trn tng router v ping n cc mng khng ni trc tip vi n. TTG3#ping 11.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms TTG3#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/68/108 ms - Cc bn lm tng t cho cc mng khc kim tra, v chc chn s ping thy! Cu hnh OSPF nhiu Area : - Chng ta s kho st cch cu hnh cc mng c phn b trong nhiu area khc nhau trong mc ny. - Trc ht, chng ta kho st nu cu hnh cho mng 12.1.0.0/30 v interface S0 ca TTG3 trong cng area 1 cn cc mng khc vn trong area 0 th ton mng ca chng ta c th lin lc c hay khng ? - Do phn trn chng ta c u hnh OSPF cho cng mt vng. Nn by gi chng ta ch cn g b cu hnh OSPF cho router TTG3 v cu hnh li cho n nh yu cu ca cu hi t ra.

145

- Cch thc hin nh sau : TTG3(config)#router ospf 10 TTG3(config-router)#no network 170.1.0.0 0.0.255.255 area 0 g b cu hnh cu hnh OSPF c TTG3(config-router)#no network 12.1.0.0 0.0.0.3 area 0 TTG3(config)#router ospf 10 TTG3(config-router)#network 170.1.0.0 0.0.255.255 area 1 Cu hnh interface S0 router TTG3 thuc area 1 TTG3(config-router)#network 12.1.0.0 0.0.0.3 area 1 thuc area 1 - Sau khi cu hnh xong chng ta kim tra li bng nh tuyn ca cc router : TTG1#sh ip route Gateway of last resort is not set O 170.1.0.0/16 [110/128] via 192.168.1.2, 00:00:53, Serial1/0 10.0.0.0/16 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Loopback0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 192.168.1.2, 00:00:53, Serial1/0 cho

Cu hnh mng 12.1.0.0/30

O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:00:53, Serial1/0 C 192.168.1.0/24 is directly connected, Serial1/0 TTG2#sh ip route Gateway of last resort is not set C 170.1.0.0/16 is directly connected, Serial1/1 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/65] via 192.168.1.1, 00:00:43, Serial1/0

C 11.0.0.0/8 is directly connected, Loopback0

146

C 192.168.1.0/24 is directly connected, Serial1/0 TTG3#sh ip route Gateway of last resort is not set 12.0.0.0/30 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Loopback0 C 170.1.0.0/16 is directly connected, Serial1/0 Nhn xt : router TTG1 v TTG2 bit c cc mng ca nhau nhng khng bit c mng ca router TTG3. Ngc li router TTG3, khng bit c cc mng ca router TTG1 v TTG2. iu ny chng t, cc router trong cng mt area ch bit c cc mng trong area , cc mng trong area khc th router khng bit. (Trng hp, router TTG1 thy c mng 170.1.0.0/16 l do router TTG2 qung b mng thuc area 0) - lin kt c cc mng trong cng cc area khc nhau chng ta phi c mt router bin ni area v area 0 (backbone). Router ny c mt interface thuc area v mt interface thuc area 0.

- Trong trng hp bi lab, chng ta c hai cch gii quyt vn ny. Cch th nht l cu hnh cho mng ca interface S0 ca router TTG3 thuc area 0. Lc ny, router TTG3 ng vai tr l mt router bin. Cch th hai l cu hnh cho mng ca interface S1 router TTG2 thuc area 1, lc ny router TTG2 ng vai tr l router bin. - Chng ta s kho st cch 1 (cu hnh cho mng interface S0 ca TTG3 thuc area0). Cch 2 c thc hin tng t

147

Cch cu hnh : TTG3(config)#router ospf 1 TTG3(config-router)#no network 170.1.0.0 0.0.255.255 area 1 TTG3(config-router)#network 170.1.0.0 0.0.255.255 area 0 - Sau khi cu hnh xong, chng ta kim tra li bng nh tuyn ca cc router : TTG1#show ip route Gateway of last resort is not set 10.0.0.0/16 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Loopback0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 192.168.1.2, 00:40:12, Serial1/0 12.0.0.0/32 is subnetted, 1 subnets O IA 12.1.0.1 [110/129] via 192.168.1.2, 00:38:16, Serial1/0 O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:40:12, Serial1/0 O 170.1.0.0/16 [110/128] via 192.168.1.2, 00:40:12, Serial1/0 C 192.168.1.0/24 is directly connected, Serial1/0 TTG2#show ip route

148

Gateway of last resort is not set 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/65] via 192.168.1.1, 00:03:40, Serial1/0

C 11.0.0.0/8 is directly connected, Loopback0 12.0.0.0/32 is subnetted, 1 subnets O IA 12.1.0.1 [110/65] via 170.1.0.2, 00:02:06, Serial1/1 C 15.0.0.0/8 is directly connected, Ethernet0 C 170.1.0.0/16 is directly connected, Serial1/1 C 192.168.1.0/24 is directly connected, Serial1/0 TTG3#show ip route Gateway of last resort is not set 10.0.0.0/32 is subnetted, 1 subnets O 10.0.0.1 [110/129] via 170.1.0.1, 00:06:27, Serial1/0 11.0.0.0/32 is subnetted, 1 subnets O 11.1.0.1 [110/65] via 170.1.0.1, 00:06:27, Serial1/0 12.0.0.0/30 is subnetted, 1 subnets C 12.1.0.0 is directly connected, Loopback0

O 15.0.0.0/8 [110/65] via 170.1.0.1, 00:06:27, Serial1/0 C 170.1.0.0/16 is directly connected, Serial1/0 O 192.168.1.0/24 [110/128] via 170.1.0.1, 00:06:27, Serial1/0 Nhn xt : cc router thy c cc mng ca cc router khc. Nh vy ton mng lin lc c vi nhau. Chng ta c th kim tra bng cch ping n tng mng. 4.Cu hnh qu trnh chng thc trong OSPF : - Cc router mc nhin tin rng nhng thng tin nh tuyn m n nhn c l do ng router tin cy pht ra v nhng thng tin ny khng b can thip dc ng i. m bo iu ny, cc router trong mt vng cn c cu hnh thc hin chng thc vi nhau.

149

- Mt mt cng OSPF trn router cn c mt cha kha chng thc s dng khi gi cc thng tin OSPF cho cc router khc cng kt ni vi cng . Cha kha ny s dng to ra d liu chng thc (Authenticationg data) t trong phn header ca gi OSPF. Mt m ny c th di n 8 k t. Bn cu hnh chng thc nh sau : Router(config-if)#ip ospf authentication-key password Router(config-if)#ip ospf authentication Hoc Router(config-router)#area area-id authentication Cc lnh thc hin trong bi lab : Router TTG1 TTG1>enable TTG1#configure terminal TTG1(config)#interface s1/0 TTG1(config-if)#ip ospf authentication-key plaint TTG1(config-if)#ip ospf authentication TTG1(config-if)#exit TTG1(config)# Router TTG2 TTG2>enable TTG2#configure terminal TTG2(config)#interface s1/0 TTG2(config-if)#ip ospf authentication-key plaint TTG2(config-if)#ip ospf authentication TTG2(config-if)#exit TTG2(config)# interface s1/1 TTG2(config-if)#ip ospf authentication-key plaintpas TTG2(config-if)#ip ospf authentication

150

TTG2(config-if)#exit TTG2(config)# Router TTG3 TTG3)enable TTG3#configure terminal TTG3(config)# interface s1/1 TTG3(config-if)#ip ospf authentication-key plaintpas TTG3(config-if)#ip ospf authentication TTG3(config-if)#exit TTG3(config)# - C ch chng thc PlainText khng c an ton do mt khu khng c m ha tr c khi gi ra bn ngoi nn an ton hn ta nn chuyn qua ch chng thc bng MD5, cch cu hnh nh sau Router(config-if)#ip ospf message-digest-key key-id encryption-type md5 key Router(config-if)#ip ospf authentication message-digest Hoc Router(config-router)#area area-id authentication message-digest - chuyn qua chng thc MD5 trc tin ta cn b ch chng thc PlainText hin ti trn cc Router TTG1,2,3 TTG1(config)#interface s1/0 TTG1(config-if)#no ip ospf authentication-key plaint TTG1(config-if)#no ip ospf authentication TTG1(config-if)#exit Tng t cho cc router cn li - Chuyn qua cu hnh chng thc MD5 Router TTG1 TTG1>enable

151

TTG1#configure terminal TTG1(config)#interface s1/0 TTG1(config-if)#ip ospf message-digest-key 1 md5 keymd5 mt khu TTG1(config-if)#ip ospf authentication message-digest cu hnh phng thc chng thc l MD5 TTG1(config-if)#exit TTG1(config)# Router TTG2 : TTG2>enable TTG2#configure terminal TTG2(config)#interface s1/0 TTG2(config-if)#ip ospf message-digest-key 1 md5 keymd51 TTG2(config-if)#ip ospf authentication message-digest TTG2(config-if)#exit TTG2(config)# interface s1/1 TTG2(config-if)# ip ospf message-digest-key 1 md5 keymd52 TTG2(config-if)#ip ospf authentication message-digest TTG2(config-if)#exit TTG2(config)# Router TTG3 TTG3>enable TTG3#configure terminal TTG3(config)# interface s1/1 TTG3(config-if)# ip ospf message-digest-key 1 md5 keymd52 TTG3(config-if)#ip ospf authentication message-digest

152

TTG3(config-if)#exit TTG3(config)# - Cc cu lnh show dng kim tra cu hnh OSPF : IV. Ph lc mt s lnh lin quan n bi lab : Lnh Show ip protocol Gii thch Hin th cc thng tin v thng s thi gian, thng s nh tuyn, mng nh tuyn v nhiu thng tin khc ca tt c cc giao thc nh tuyn ang hot ng trn router Hin th bng nh tuyn ca router, trong l danh sch cc ng i tt nht n cc mng ch ca bn thn router v cho bit router hc c cc ng i ny bng cch no. Lnh ny cho bit cng ca router c cu hnh ng vi vng ca n hay khng. Nu cng loopback khng c cu hnh th ghi a ch IP ca cng vt l c gi tr ln nht s c chn lm router ID. Lnh ny c ng hi n th cc thng s ca khong thi gian hello v khong thi gian bt ng trn cng , ng thi cho bit cc router lng ging thn mt kt ni vo cng. Lnh ny cho bit s ln s dng thut ton SPF, ng thi cho bit khong thi gian cp nht khi mng khng c g thay i. Lit k chi tit cc lng ging, gi tr u tin ca chng v trng thi ca chng. Hin th ni dung ca c s d liu v cu trc h thng mng trn router, ng thi cho bit router ID, ID ca tin trnh OSPF.

Show ip route

Show ip ospf interface

Show ip ospf

Show ip ospf neighbor detail

Show ip ospf database

- Cc lnh clear v debug dng kim tra hot ng ca OSPF Lnh Clear ip route * Gii thch Xa ton b bng nh tuyn

153

Clear ip route a.b.c.d Debug ip ospf events Debug ip ospf adj

Xa ng a.b.c.d trong bng nh tuyn Bo co mi s kin ca OSPF Bo co mi s kin v hot ng quan h thn mt ca OSPF

154

LAB 17: EIGRP (ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL)


1. M t bi lab v hnh :

- Cc PC ni vi router bng cp cho, hai router c ni vi nhau bng cp serial. a ch IP ca cc interface v PC nh hnh v. - Trong bi lab ny chng ta s tin hnh cu hnh giao thc EIGRP cho cc router. - EIGRP l giao th h tr VLSM, metric ca EIGRP c tnh mc nh da vo bng thng v tr 2. Cu hnh : Chng ta cu hnh cho cc router TTG1 v TTG2 nh sau : Router TTG1

Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface E0 TTG1(config-if)#no shutdown TTG1(config-if)#ip address 10.1.0.1 255.255.255.0 TTG1(config-if)#exit TTG1(config)#interface S0

155

TTG1(config-if)#ip address 192.168.0.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#clock rate 64000 TTG1(config-if)#exit Router TTG2

Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface E0 TTG2(config-if)#no shutdown TTG2(config-if)#ip address 11.1.0.1 255.255.0.0 TTG2(config-if)#exit TTG2(config)#interface S0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#ip address 192.168.0.2 255.255.255.0 TTG2(config-if)#exit TTG2(config)# Sau khi cu hnh xong a ch IP cho cc interface ca router TTG1, TTG2 chng ta tin hnh cu hnh EIGRP cho cc router nh sau: TTG1(config)#router eigrp 100 TTG1(config-router)#network 10.1.0.0 0.0.255.255 TTG1(config-router)#network 192.168.0.0 TTG2(config)#router eigrp 100 TTG2(config-router)#network 11.0.0.0 0.0.255.255 TTG2(config-router)#network 192.168.0.0

100 l s Autonomus system qung b mng 10.1.0.0/16


qung b mng 192.168.0.0/24

156

t IP cho cc PC: PC 1 IP address : 10.1.0.2 255.255.0.0 10.1.0.1 IP address PC 2 : 11.1.0.2 255.255.0.0 11.1.0.1

Subnet Mask : Gateway :

Subnet Mask : Gateway :

By gi chng ta tin hnh kim tra cc kt ni trong mng bng cch : PC1#ping 11.1.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/40 ms Chng ta s dng cu lnh show ip route kim tra bng nh tuyn ca hai router

TTG2#show ip route Gateway of last resort is not set D 10.0.0.0/8 [90/2195456] via 192.168.0.1, 00:11:35, Serial0 C 11.1.0.0/16 is directly connected, Ethernet0

C 192.168.0.0/24 is directly connected, Serial0

Trong bng nh tuyn ca router TTG2 c cc route n mng ca TTG1, v TTG1 ping thnh cng n loopback ca TTG2. 3. Cu hnh summary v chng thc EIGRP :

157

Router TTG1 Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface s0/0/0 TTG1(config-if)#no shutdown TTG1(config-if)#clock rate 64000 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#exit TTG1(config)#interface loopback 0 TTG1(config-if)#ip address 10.0.0.1 255.255.0.0 TTG1(config-if)#exit TTG1(config)#interface loopback 1 TTG1(config-if)#ip address 10.1.0.1 255.255.0.0 TTG1(config-if)#exit TTG1(config)#interface loopback 2 TTG1(config-if)#ip address 10.2.0.1 255.255.0.0 TTG1(config-if)#exit TTG1(config)#interface loopback 3 TTG1(config-if)#ip address 10.3.0.1 255.255.0.0

158

TTG1(config-if)#exit TTG1(config)# Router TTG2 Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface s0/0/0 TTG2(config-if)#no shutdown TTG2(config-if)#clock rate 64000 TTG2(config-if)#ip address 192.168.1.2 255.255.0.0 TTG2(config-if)#exit TTG2(config)#interface loopback 4 TTG2(config-if)#ip address 11.4.0.1 255.255.0.0 TTG2(config-if)#exit TTG2(config)#interface loopback 5 TTG2(config-if)#ip address 11.5.0.1 255.255.0.0 TTG2(config-if)#exit TTG2(config)#interface loopback 6 TTG2(config-if)#ip address 11.6.0.1 255.255.0.0 TTG2(config-if)#exit TTG2(config)#interface loopback 7 TTG2(config-if)#ip address 11.7.0.1 255.255.0.0 TTG2(config-if)#exit TTG2(config)# Chng ta cu hnh EIGRP cho cc router nh sau :

159

Router TTG1 TTG1(config)#router eigrp 10 TTG1(config-router)#network 10.0.0.0 TTG1(config-router)#network 192.168.1.0 TTG1(config-router)#exit TTG1(config)# Router TTG2 TTG2(config)#router eigrp 10 TTG2(config)#network 11.0.0.0 TTG2(config-router)#network 192.168.1.0 TTG2(config-router)#exit TTG2(config)# Cu hnh summary cho EIGRP : Mc nh EIGRP bt tnh nng auto-summary t ng summary cc subnet ca cng mt network v a ch network chnh khi qung b. V d nh bi Lab, TTG1 kt ni trc tip cc mng con 10.0.0.0/16, 10.1.0.0/16, 10.2.0.0/24, 10.3.0.0/16 nhng khi qung b ra s0/0/0 EIGRP s t ng summary li thnh 10.0.0.0/8. Trong hu ht cc trng hp, vic t ng tng hp ny c u im l gip cho bng nh tuyn ngn gn. Tuy nhin, trong mt s trng hp khng nn s dng ch t ng tng hp ng i ny. V d trong mng khng lin tc ( discontinuos network ) nh m h trn th ch nh ny phi tt i trnh gy ra li v nh tuyn. Router(config-router)#no auto-sumary - By gi chng ta xt bng nh tuyn ca 2 Router sau khi tt Auto-summary Bng nh tuyn sau khi tt Auto-Summary : Router TTG1 TTG1#configure terminal TTG1(config)#router eigrp 10 TTG1(config-router)#no auto-summary

160

TTG1(config-router)#exit Router TTG2 TTG2#configure terminal TTG2(config)#router eigrp 10 TTG2(config-router)#no auto-summary TTG2(config-router)#exit - Kim tra li bng nh tuyn TTG1#show ip route Gateway of last resort is not set 10.0.0.0/16 is subnetted, 4 subnets C C C C 10.0.0.0 is directly connected, Loopback0 10.1.0.0 is directly connected, Loopback1 10.2.0.0 is directly connected, Loopback2 10.3.0.0 is directly connected, Loopback3 11.0.0.0/16 is subnetted, 4 subnets D D D D 11.4.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0/0/0 11.5.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0/0/0 11.6.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0/0/0 11.7.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0/0/0

C 192.168.1.0/24 is directly connected, Serial0/0/0 TTG2#show ip route Gateway of last resort is not set 10.0.0.0/16 is subnetted, 4 subnets D D 10.0.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0/0/0 10.1.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0/0/0

161

D D

10.2.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0/0/0 10.3.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0/0/0 11.0.0.0/16 is subnetted, 4 subnets

C C C C

11.4.0.0 is directly connected, Loopback4 11.5.0.0 is directly connected, Loopback5 11.6.0.0 is directly connected, Loopback6 11.7.0.0 is directly connected, Loopback7

C 192.168.1.0/24 is directly connected, Serial0/0/0 - Vi EIGRP, khi tt auto-summary ta c th chuyn sang s dng k thut summary bng tay ( manual summary ) lm gn bng nh tuyn. Sau khi khai bo a ch tng hp cho mt cng ca router, router s qung b ra cng cc a ch c tng hp nh mt cu lnh ci t. a ch tng hp c khi bo bng cu lnh nh sau: Router(config-if)#ip summary-address eigrp autonomous-system-number ip address administrative-distance - Cu hnh manual summary trn 2 router v kim tra li bng nh tuyn Router TTG1 : TTG1(config)#interface s0/0/0 TTG1(config-if)#ip summary-address eigrp 10 10.0.0.0 255.252.0.0 TTG1(config-if)#exit TTG1(config)# Router TTG2 : TTG2(config)#interface s0/0/0 TTG2(config-if)# ip summary-address eigrp 10 11.4.0.0 255.252.0.0 TTG2(config-if)#exit TTG2(config)# - Kim tra li bng nh tuyn sau khi manual summary TTG1#show ip route Mask

162

Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks D C C C C D 10.0.0.0/14 is a summary, 00:01:50, Null0 10.0.0.0/16 is directly connected, Loopback0 10.1.0.0/16 is directly connected, Loopback1 10.2.0.0/16 is directly connected, Loopback2 10.3.0.0/16 is directly connected, Loopback3 11.4.0.0/12 [90/2297856] via 192.168.1.2, 00:00:21, Serial0/0/0

C 192.168.1.0/24 is directly connected, Serial0/0/0 TTG2#show ip route Gateway of last resort is not set 10.0.0.0/13 is subnetted, 1 subnets D 10.0.0.0/14 [90/2297856] via 192.168.1.1, 00:00:57, Serial0/0/0 11.0.0.0/8 is variably subnetted, 5 subnets, 2 masks D C C C C 11.0.0.0/14 is a summary, 00:01:00, Null0 11.4.0.0/16 is directly connected, Loopback4 11.5.0.0/16 is directly connected, Loopback5 11.6.0.0/16 is directly connected, Loopback6 11.7.0.0/16 is directly connected, Loopback7

C 192.168.1.0/24 is directly connected, Serial0/0/0 Cu hnh chng thc cho 2 router trong bi Lab : EIGRP (Enhanced Interior Gateway Routing Protocol), l giao thc Distance Vector c quyn, v ch chy trn cc thit b Cisco. Cu hnh chng thc khi trao i thng tin nh tuyn l yu t quan trng gip bo v h thng khi s tn man in the midle. Cu hnh Authentication c thc hin trn tng Interface tham gia vo qu trnh trao i thng tin nh tuyn, thng l cc ng Serial ni gia cc Router. Sau khi Enalbe EIGRP trn cc Router, ta cn xc nh cc cng cn cu hnh Authentication nh sau :

163

Cc cu lnh chng thc trong bi Lab Router TTG1: TTG1(config)#interface s0 TTG1(config-if)#ip authentication mode eigrp 10 md5 TTG1(config-if)#ip authentication key-chain eigrp 10 truongtan TTG1(config-if)#exit TTG1(config)#key chain truongtan TTG1(config-keychain)#key 1 TTG1(config-keychain-key)#key-string ttg TTG1(config-keychain-key)#accept-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010 TTG2(config-keychain-key)#send-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010 TTG1(config-keychain-key)#exit TTG1(config)#exit TTG1#copy running-config startup-config Router TTG2: TTG2(config)#interface s0 TTG2(config-if)#ip authentication mode eigrp 10 md5 TTG2(config-if)#ip authentication key-chain eigrp 10 truongtangroup TTG2(config-if)#exit TTG2(config)#key chain truongtangroup TTG2(config-keychain)#key 1 TTG2(config-keychain-key)#key-string ttgtc TTG2(config-keychain-key)#accept-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010 TTG2(config-keychain-key)#send-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010 TTG2(config-keychain-key)#exit

164

TTG2(config)#exit - Tin hnh lu cu hnh trn 2 router TTG2#copy running-config startup-config V. Cc lnh lin quan n bi lab : Lnh Show ip eigrp neighbors Show ip eigrp neighbors Show ip eigrp interface s0 Show ip eigrp topology Show ip eigrp trafic Hin th bng neighbor Hin th chi tit bng neighbor Hin th thng tin v cc interface ang chy giao thc EIGRP (c th trong bi lab vi AS 10) Hin th bng topology Hin th s lng gi tin v cc loi gi tin c nhn v gi Hin th cc thng tin v thng s thi gian, thng s nh tuyn, mng nh tuyn v nhiu thng tin khc ca tt c cc giao thc nh tuyn ang hot ng trn router Hin th bng nh tuyn vi cc router x l bi EIGRP Gii thch

Show ip protocol Show ip route eigrp

Kim tra hot ng ca EIGRP : Lnh debug eigrp fsm debug eigrp packet debug eigrp neighbor debug eigrp notifications Gii thch Hin th cc s kin v hot ng c lin quan n EIGRP feasible successor metrics (FSM) Hin th cc s kin v hot ng c lin quan n cc gi tin ca EIGRP Hin th cc s kin v cc hot ng c lin quan n EIGRP neighbors Hin th cc s kin cnh bo ca EIGRP

165

LAB 18: VTP, VLAN


I. M hnh bi Lab :

II. Cc bc thc hin : 1. Cu hnh VTP trn cc Switch : - SW1 : Switch> enable Switch# configure terminal Switch(config)#hostname SW1-VTPServer SW1-VTPServer(config)#vtp domain TTG SW1-VTPServer(config)#vtp password 123 SW1-VTPServer(config)#vtp version 2

166

SW1-VTPServer(config)#vtp mode server - SW2 : Switch> enable Switch# configure terminal Switch(config)#hostname SW2-VTPClient SW2-VTPClient(config)#vtp domain TTG SW2-VTPClient(config)#vtp password 123 SW2-VTPClient(config)#vtp version 2 SW2-VTPClient(config)#vtp mode client - SW3 : Switch> enable Switch# configure terminal Switch(config)#hostname SW3-VTPClient SW3-VTPClient(config)#vtp domain TTG SW3-VTPClient(config)#vtp password 123 SW3-VTPClient(config)#vtp version 2 SW3-VTPClient(config)#vtp mode client 2. Cu hnh Trunking gia cc Switch : - SW1 : SW1-VTPServer(config)#interface g1/1 SW1-VTPServer(config-if)#switchport mode trunk SW1-VTPServer(config-if)#exit SW1-VTPServer(config)#interface g1/2 SW1-VTPServer(config-if)#switchport mode trunk SW1-VTPServer(config-if)#exit

167

- SW2 : SW2-VTPClient(config)#interface g1/1 SW2-VTPClient(config-if)#switchport mode trunk SW2-VTPClient(config-if)#exit - SW3 : SW3-VTPClient(config)#interface g1/2 SW3-VTPClient(config-if)#switchport mode trunk SW3-VTPClient(config-if)#exit 3. Cc lnh kim tra cu hnh VTP, Trunking : - SW1-VTPServer #show vtp password VTP Password: 123 - SW1-VTPServer#show vtp status VTP Version Configuration Revision :2 :0

Maximum VLANs supported locally : 255 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest :7 : Server : TTG : Disabled : Enabled : Disabled : 0x54 0xC1 0x71 0x3F 0x9B 0x83 0xAF 0x38

Configuration last modified by 0.0.0.0 at 3-1-93 01:44:06 - SW1-VTPServer#show interface trunk

168

Port G1/1 G1/2 Port G1/1 G1/2 Port G1/1 G1/2 Port G1/1 G1/2

Mode on on

Encapsulation Status 802.1q 802.1q trunking trunking 1 1

Native vlan

Vlans allowed on trunk 1-1005 1-1005 Vlans allowed and active in management domain 1,2,3 1,2,3 Vlans in spanning tree forwarding state and not pruned 1,2,3 1,2,3

4. To VLAN trn SW1-VTPServer : SW1-VTPServer(config)#vlan 2 SW1-VTPServer(config-vlan)#name KinhDoanh SW1-VTPServer(config-vlan)#exit SW1-VTPServer(config)#vlan 3 SW1-VTPServer(config-vlan)#name KeToan SW1-VTPServer(config-vlan)#exit SW1-VTPServer(config)#vlan 4 SW1-VTPServer(config-vlan)#name Giamdoc SW1-VTPServer(config-vlan)#exit SW1-VTPServer(config)#vlan 5 SW1-VTPServer(config-vlan)#name IT SW1-VTPServer(config-vlan)#exit

169

5. Kim tra li thng tin VLAN trn cc Switch VTP client : - Switch# show vlan brief - Switch# show vlan 6. Cu hnh cc cng thuc VLAN theo yu cu : - SW2 : SW2-VTPClient(config)#interface range fa0/1 6 SW2-VTPClient (config-if-range)#switchport access vlan 2 SW2-VTPClient (config-if-range)#exit SW2-VTPClient(config)#interface range fa0/7 10 SW2-VTPClient (config-if-range)#switchport access vlan 3 SW2-VTPClient (config-if-range)#exit SW2-VTPClient(config)#interface range fa0/11 15 SW2-VTPClient (config-if-range)#switchport access vlan 4 SW2-VTPClient (config-if-range)#exit SW2-VTPClient(config)#interface range fa0/16 24 SW2-VTPClient (config-if-range)#switchport access vlan 5 SW2-VTPClient (config-if-range)#exit - SW3 : SW3-VTPClient(config)#interface range fa0/1 6 SW3-VTPClient (config-if-range)#switchport access vlan 2 SW3-VTPClient (config-if-range)#exit SW3-VTPClient(config)#interface range fa0/7 10 SW3-VTPClient (config-if-range)#switchport access vlan 3 SW3-VTPClient (config-if-range)#exit

170

SW3-VTPClient(config)#interface range fa0/11 15 SW3-VTPClient (config-if-range)#switchport access vlan 4 SW3-VTPClient (config-if-range)#exit SW3-VTPClient(config)#interface range fa0/16 24 SW3-VTPClient (config-if-range)#switchport access vlan 5 SW3-VTPClient (config-if-range)#exit 7. Tin hnh t a ch IP cho cc PC theo ng lp mng ca mnh : - Kt ni cc PC vo ng cc port thuc VLAN tng ng trn SW1 v SW2 - V d trng hp ca VLAN 5, lp mng c phn l 192.168.5.0/24 nn IP dng c l t 192.168.5.1 n 192.168.5.254, tng t cho cc VLAN khc - Lu cu hnh v kt thc bi lab II Mt s lnh lin quan n bi lab :
1. To VLAN Switch(config)# vlan 3 Switch(config-vlan)# name Engineering Switch(config-vlan)# exit To VLAN 3 v chuyn vo ch cu hnh VLAN configuration Gn tn cho VLAN. di ca tn vlan c th t 1 n 32 k t Nhng thay i v vlan s c thc thi, v gi tr revision number s c tng thm 1, v tr v ch global configuration Lu cu hnh VLAN

Switch#copy running-config startup-config

2. Gn port vo VLAN Switch(config)# interface fastethernet 0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Chuyn cu hnh vo ch interface fa0/1 Cu hnh port fa0/1 hot ng ch access Gn port Fa0/1 vo vlan 10

171

3. Kim tra thng tin VLAN Switch# show vlan Switch# show vlan brief Switch# show vlan id 2 Switch# show vlan name marketing Switch# show interfaces vlan x Hin th thng tin vlan Hin th thng tin vlan dng tng qut Hin th thng tin vlan 2 Hin th thng tin vlan c tn l marketing Hin th thng tin vlan c ch ra trong cu lnh.

4. Xa cu hnh VLAN Switch# delete flash:vlan.dat Xa ton b thng tin vlan database t flash Switch(config)# no vlan 5 Xa VLAN 5 t vlan database

5. Cu hnh VLAN Trunking Protocol Switch(config)# interface fa0/1 Chuyn vo ch cu hnh ca interface fa0/1 Switch(config-if)#switchport mode trunk Cho php interface fa0/1 hot ng ch trunk c nh v ng thi t ng thng lng chuyn i trng thi ca ng lin kt thnh trng thi Trunk Switch(config-if)#switchport trunk encapsulation isl Cho php d liu khi c truyn trn ng trunk s c ng gi theo chun ca giao thc ISL ( chun ca Cisco )

172

Switch(config-if)#switchport trunk encapsulation dot1q

Cho php d liu khi c truyn trn ng trunk s c ng gi theo chun ca giao thc 802.1q

Switch(config-if)#switchport trunk encapsulation negotiate

Cho php interface s t ng thng lng vi cc interface hng xm s dng chun ISL hoc 802.1q, ph thuc vo tng dng sn phm hoc cu hnh trn cc interface hng xm.

6. VLAN Trunking Protocol (VTP) Switch(config)# vtp mode client Thay i ch hot ng ca switch thnh ch VTP client Switch(config)# vtp mode server Thay i hot ng ca switch thnh ch VTP server. Theo mc nh, tt c cc Catalyst switch hot ng ch VTP server Switch(config)# vtp mode transparent Thay i switch v ch hot ng VTP transparent. Switch(config)# no vtp mode Cho php switch tr v ch hot ng mc nh l VTP server Switch(config)# vtp domain domainname Cu hnh tn cho VTP domain. Tn ny c th di t 1 n 32 k t. Tt c cc switch hot ng ch VTP server hoc VTP client s phi cng tn domain Cu hnh mt VTP password. Trong phin bn Cisco IOS 12.3 hoc cc phin sau ny, th password dng m ASCII c di t 1 n 32 k t. Nu bn s dng

Switch(config)# vtp password password

173

mt phin bn Cisco IOS c hn, th chiu di ca password l t 8 n 64 k t. * Ch : c th trao i thng tin vlan vi cc switch khc, th tt c cc switch s phi cu hnh cng mt VTP password. Switch(config)# vtp pruing Enable tnh nng VTP pruning trn switch. * Ch : Theo mc nh, VTP pruning b disable. Bn cn phi enable VTP pruning trn mt switch duy nht hot ng ch VTP server. 7. Kim tra VTP Switch# show vtp status Switch# show vtp counters Hin th nhng thng tin cu hnh v VTP Hin th b m VTP ca switch.

8. Inter-vlan Routing s dng Router Router(config-if)#interface fastethernet 0/0.1 To mt subinterface fa0/0.1 v ng thi chuyn vo ch cu hnh ca subinterface . Router(config-subif)#encapsulation dot1q 10 Gn VLAN 10 cho subinterface ny. Subinterface ny s s dng giao thc 802.1q Trunking 7. To VLAN 7.1. S dng ch VLAN Configuration

174

Switch(config)# vlan 3 Switch(config-vlan)# name Engineering Switch(config-vlan)# exit

To VLAN 3 v chuyn vo ch cu hnh VLAN configuration Gn tn cho VLAN. di ca tn vlan c th t 1 n 32 k t Nhng thay i v vlan s c thc thi, v gi tr revision number s c tng thm 1, v tr v ch global configuration Lu cu hnh VLAN

Switch#copy running-config startup-config

7.2. S dng ch VLAN database Switch# vlan database Chuyn cu hnh vo ch VLAN database Switch(vlan)# vlan 4 name Sales To vlan 4 v t tn cho Vlan 4 l Sales. di tn ca vlan c th t 1 n 32 k t. Switch(vlan)# vlan 10 To Vlan 10 v tn ca vlan ny s l VLAN0010 theo mc nh Switch(vlan)# apply Nhng thay i v VLAN s c thc thi v gi tr revision number s tng thm 1.

8. Gn port vo VLAN Switch(config)# interface fastethernet 0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access Chuyn cu hnh vo ch interface fa0/1 Cu hnh port fa0/1 hot ng ch access Gn port Fa0/1 vo vlan 10

175

vlan 10

9. Kim tra thng tin VLAN Switch# show vlan Switch# show vlan brief Switch# show vlan id 2 Switch# show vlan name marketing Switch# show interfaces vlan x Hin th thng tin vlan Hin th thng tin vlan dng tng qut Hin th thng tin vlan 2 Hin th thng tin vlan c tn l marketing Hin th thng tin vlan c ch ra trong cu lnh.

10. Xa cu hnh VLAN Switch# delete flash:vlan.dat Xa ton b thng tin vlan database t flash Switch(config)# no vlan 5 Hoc Switch# vlan database Chuyn cu hnh vo ch VLAN database Switch(vlan)# no vlan 5 Switch(vlan)# exit Xa vlan 5 t vlan database Thc thi nhng thay i, tng gi tr revision number nn 1, v thot khi ch VLAN databse. Xa VLAN 5 t vlan database

11. Cu hnh VLAN Trunking Protocol Switch(config)# interface fa0/1 Chuyn vo ch cu hnh ca

176

interface fa0/1 Switch(config-if)#switchport mode trunk Cho php interface fa0/1 hot ng ch trunk c nh v ng thi t ng thng lng chuyn i trng thi ca ng lin kt thnh trng thi Trunk Switch(config-if)#switchport trunk encapsulation isl Cho php d liu khi c truyn trn ng trunk s c ng gi theo chun ca giao thc ISL Switch(config-if)#switchport trunk encapsulation dot1q Cho php d liu khi c truyn trn ng trunk s c ng gi theo chun ca giao thc 802.1q Switch(config-if)#switchport trunk encapsulation negotiate Cho php interface s t ng thng lng vi cc interface hng xm s dng chun ISL hoc 802.1q, ph thuc vo tng dng sn phm hoc cu hnh trn cc interface hng xm.

12. VLAN Trunking Protocol (VTP) 4.1 S dng ch Global Configuration Switch(config)# vtp mode client Thay i ch hot ng ca switch thnh ch VTP client Switch(config)# vtp mode server Thay i hot ng ca switch thnh ch VTP server. Theo mc nh, tt c cc Catalyst switch hot ng ch VTP server

177

Switch(config)# vtp mode transparent

Thay i switch v ch hot ng VTP transparent.

Switch(config)# no vtp mode

Cho php switch tr v ch hot ng mc nh l VTP server

Switch(config)# vtp domain domainname

Cu hnh tn cho VTP domain. Tn ny c th di t 1 n 32 k t. Tt c cc switch hot ng ch VTP server hoc VTP client s phi cng tn domain Cu hnh mt VTP password. Trong phin bn Cisco IOS 12.3 hoc cc phin sau ny, th password dng m ASCII c di t 1 n 32 k t. Nu bn s dng mt phin bn Cisco IOS c hn, th chiu di ca password l t 8 n 64 k t. * Ch : c th trao i thng tin vlan vi cc switch khc, th tt c cc switch s phi cu hnh cng mt VTP password.

Switch(config)# vtp password password

Switch(config)# vtp pruing

Enable tnh nng VTP pruning trn switch. * Ch : Theo mc nh, VTP pruning b disable. Bn cn phi enable VTP pruning trn mt switch duy nht hot ng ch VTP server.

4.2 S dng ch VLAN Database Switch# vlan database Chuyn cu hnh vo ch VLAN

178

database Switch(vlan)# vtp client Thay i ch hot ng ca switch thnh VTP client Switch(vlan)# vtp server Thay i ch hot ng ca switch thnh VTP server Switch(vlan)# vtp transparent Thay i ch hot ng ca switch thnh VTP transparent. * Ch : Theo mc nh, tt c cc Catalyst switch hot ng ch VTP server Switch(vlan)#vtp domain domainname Cu hnh tn cho VTP domain. Tn ny c th di t 1 n 32 k t. * Ch : tt c cc switch hot ng ch VTP server hoc VTP client s phi cng tn domain. Switch(vlan)#vtp password password Cu hnh mt VTP password. Trong phin bn Cisco IOS 12.3 hoc cc phin sau ny, th password dng m ASCII c di t 1 n 32 k t. Nu bn s dng mt phin bn Cisco IOS c hn, th chiu di ca password l t 8 n 64 k t * Ch : c th trao i thng tin vlan vi cc switch khc, th tt c cc switch s phi cu hnh cng mt VTP password. Switch(vlan)#vtp pruning Enable tnh nng VTP pruning trn switch. * Ch : Theo mc nh, VTP pruning b

179

disable. Bn cn phi enable VTP pruning trn mt switch duy nht hot ng ch VTP server. Switch(vlan)#exit Thc thi nhng thay i vo VLAN database, ng thi tng gi tr revision number ln 1, v thot khi ch VLAN database.

5. Kim tra VTP Switch# show vtp status Switch# show vtp counters Hin th nhng thng tin cu hnh v VTP Hin th b m VTP ca switch.

6. Inter-vlan Routing s dng Router Router(config-if)#interface fastethernet 0/0.1 To mt subinterface fa0/0.1 v ng thi chuyn vo ch cu hnh ca subinterface . Router(config-subif)#encapsulation dot1q 10 Gn VLAN 10 cho subinterface ny. Subinterface ny s s dng giao thc 802.1q Trunking Router(config-subif)# encapsulation dot1q 1 native Gn VLAN 1 cho subinterface ny. VLAN 1 s l native vlan. Subinterface ny s s dng giao thc 802.1q Trunking

180

LAB 19 : VTP, PVST+, PVRST


I. M hnh bi lab :

II. Cc bc cu hnh bi lab: Bc 1: Bc 2:Cu hnh cc loi mt khu cho cng console,vty,mode priviliege Bc 3 : Cu hnh VTP trn 3 Switch Bc 4 : Cu hnh Trunking Bc 5 : To thng tin VLAN theo yu cu ca bi lab trn VTP server (SW1) Bc 6 : Gn cc cng trn SW2,SW3 vo cc VLAN tng ng theo yu cu Bc 7 : Cu hnh a ch IP cho cc Switch c th qun l t xa Bc 8 : SW1 l RootBridge

181

Bc 1: Xa thng tin VLAN v VTP trn cc Switch - Kim tra switch c cu hnh hay cha bng cc lnh show start-up configure ,show vlan brief nu c tin hnh xa thng tin VLAN v cu hnh Switch#delete vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] - Do thng tin VTP v VLAN nm tp tin vlan.dat b nh Flash: nn lnh ny c tc dng xa thng tin VLAN v VTP trn switch SW1#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete Switch#reload Proceed with reload? [confirm] System configuration has been modified. Save? [yes/no]: n Bc 2: Cu hnh mt khu cho cng Console,line vty ,mode privilege SW1>enable SW1#config terminal Enter configuration commands, one SW1(config)#enable secret cisco SW1(config)#line console 0 SW1(config-line)#password cisco SW1(config-line)#login SW1(config)#line vty 0 15 SW1(config-line)#password cisco SW1(config-line)#login

182

- Lp li bc 2 cho cc switch cn li v router Bc 3: Cu hnh VTP trn 3 Switch - Mc nh cc Switch Cisco c cu hnh VTP nh sau : VTP domain name: None VTP mode: Server mode VTP pruning: Enabled or disabled (model specific) VTP password: Null VTP version: Version 1 - ng b c thng tin VTP th i hi cc switch phi ging nhau v VTP Domain, password SW1: Switch>enable Switch#config terminal Switch(config)#hostname SW1 SW1(config)#exit - Xem thng tin VTP trn SW1 trc khi cu hnh bng lnh show vtp status SW1#show vtp status VTP Version Configuration Revision :2 :0

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation :5 : Server : : Disabled : Disabled : Disabled

183

MD5 digest

: 0x57 0xCD 0x40 0x65 0x63 0x59 0x47

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 0.0.0.0 (no valid interface found)

SW1(config)#vtp version 2 SW1(config)#vtp domain TTG Changing VTP domain name from NULL to TTG SW1(config)#vtp password cisco Setting device VLAN database password to cisco SW1(config)#vtp mode server Device mode already VTP SERVER. - Thng tin VTP trn SW1 sau khi cu hnh SW1#show vtp status VTP Version Configuration Revision :2 :0

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest :5 : Server : TTG : Disabled : Enabled : Disabled : 0x14 0x8E 0xDA 0xC9 0x0A 0x42 0xAF 0xE7

Configuration last modified by 0.0.0.0 at 3-1-93 00:05:26 Local updater ID is 0.0.0.0 (no valid interface found)

184

SW1#show vtp password VTP Password: cisco SW2: Switch>enable Switch#config terminal Switch(config)#hostname SW2 SW2(config)#vtp version 2 Setting device to VTP CLIENT mode. SW2(config)#vtp domain TTG Changing VTP domain name from NULL to TTG SW2(config)#vtp password cisco Setting device VLAN database password to cisco SW2(config)#vtp mode client - Kim tra li thng tin VTP trn SW2 SW2#show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest :2 :1 : 250 :5 : Client : TTG : Disabled : Enabled : Disabled : 0x14 0x8E 0xDA 0xC9 0x0A 0x42 0xAF 0xE7

185

Configuration last modified by 0.0.0.0 at 3-1-93 00:05:26 SW2#show vtp password VTP Password: cisco SW3: Switch>enable Switch#config terminal Switch(config)#hostname SW3 SW3(config)#vtp version 2 SW3(config)#vtp domain TTG Changing VTP domain name from NULL to TTG SW3(config)#vtp password cisco Setting device VLAN database password to cisco SW3(config)#vtp mode client Setting device to VTP CLIENT mode. SW3#show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest :2 :1 : 250 :5 : Client : TTG : Disabled : Enabled : Disabled : 0x14 0x8E 0xDA 0xC9 0x0A 0x42 0xAF 0xE7

186

Configuration last modified by 0.0.0.0 at 3-1-93 00:12:56 SW3#show vtp password VTP Password: cisco Bc 4: Cu hnh Trunking cho 3 switch SW1,SW2,SW3 v Router Ch : i vi Switch layer 3 do h tr c 2 chun 802.1Q v ISL nn trc khi cu hnh Trunking cn thm lnh switchport trunk encapsulation dot1q mode interface ,Switch layer 2 th ch h tr 802.1Q nn khng cn nhp lnh trn - SW1: SW1(config)#interface fa0/20 SW1(config-if)#switchport trunk encapsulation dot1q //ch dng cho layer3 Switch SW1(config-if)#switchport mode trunk SW1(config-if)#switchport nonegotiate SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#interface fa0/22 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW1(config-if)#switchport nonegotiate SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#interface fa0/23 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW1(config-if)#switchport nonegotiate SW1(config-if)#no shutdown - SW2: // v hiu ha chc nng DTP

187

SW2(config)#interface fa0/22 SW2(config-if)# switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk SW2(config-if)#switchport nonegotiate SW2(config-if)#no shutdown - SW3: SW3(config)#interface fa0/23 SW3(config-if)# switchport trunk encapsulation dot1q SW3(config-if)#switchport mode trunk SW3(config-if)#switchport nonegotiate SW3(config-if)#no shutdown

- S dng lnh show interfaces trunk kim tra li cu hnh Trunking SW1#show interfaces trunk Port Fa0/20 Fa0/22 Fa0/23 Port Fa0/20 Fa0/22 Fa0/23 Port Fa0/20 Fa0/22 Mode on on on Encapsulation Status 802.1q 802.1q 802.1q trunking trunking trunking Native vlan 1 1 1

Vlans allowed on trunk 1-4094 1-4094 1-4094 Vlans allowed and active in management domain 1 1

188

Fa0/23 Port Fa0/20 Fa0/22 Fa0/23 Router:

1 Vlans in spanning tree forwarding state and not pruned none 1 1

Router#config terminal Enter configuration commands, one per line. End with C Router(config)#interface fa0/0 Router(config-if)#description Gateway cho VLAN1 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface fa0/0.2 Router(config-subif)#description Gateway cho VLAN2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 192.168.2.1 255.255.255.0 Router(config-if)#exit Router(config)#interface fa0/0.3 Router(config-subif)#description Gateway cho VLAN3 Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)#ip address 192.168.3.1 255.255.255.0 Router(config-if)#exit Router(config)#interface fa0/0.4 Router(config-subif)#description Gateway cho VLAN4

189

Router(config-subif)#encapsulation dot1Q 4 Router(config-subif)#ip address 192.168.4.1 255.255.255.0 Router#show ip interface brief Interface FastEthernet0/0 FastEthernet0/0.2 FastEthernet0/0.3 FastEthernet0/0.4 FastEthernet0/1 Serial0/1/0 Serial0/1/1 IP-Address 192.168.1.1 192.168.2.1 192.168.3.1 192.168.4.1 unassigned unassigned unassigned OK? Method Status YES YES YES YES manual up manual up manual up manual up Protocol up up up up

YES administratively down down YES administratively down down YES administratively down down

Bc 5: To VLAN trn VTP server SW1 - Kim tra thng tin VLAN hin ti trn SW1

SW1#show vlan VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11,Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/24, Gi0/1, Gi0/2 1002 fddi-default act/unsup

190

1003 trcrf-default 1004 fddinet-default 1005 trbrf-default - Tin hnh to VLAN SW1(config)#vlan 2

act/unsup act/unsup act/unsup

SW1(config-vlan)#name Accounting_Network SW1(config-vlan)#exit SW1(config)#vlan 3 SW1(config-vlan)#name Engineering_Network SW1(config-vlan)#exit SW1(config)#vlan 4 SW1(config-vlan)#name Markeeting_Network SW1(config-vlan)#exit - Kim tra lai thng tin trn SW1,SW2,SW3 sau khi cu hnh m bo thng tin VLAN v VTP c ng b SW1#show vlan VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/21 Fa0/24, Gi0/1, Gi0/2 2 3 Accounting_Network Engineering_Network active active

191

Markeeting_Network

active act/unsup act/unsup act/unsup act/unsup

1002 fddi-default 1003 trcrf-default 1004 fddinet-default 1005 trbrf-default SW1#show vtp status VTP Version Configuration Revision

:2 :4

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest :8 : Server : TTG : Disabled : Enabled : Disabled : 0x23 0x1C 0x6A 0xEB 0x65 0xD2 0xA5 0x51

Configuration last modified by 0.0.0.0 at 3-1-93 00:41:55 Local updater ID is 0.0.0.0 (no valid interface found) SW2#show vlan VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16

192

Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/23, Fa0/24, Gi0/1 Gi0/2 2 3 4 Accounting_Network Engineering_Network Markeeting_Network active active active act/unsup act/unsup act/unsup act/unsup

1002 fddi-default 1003 trcrf-default 1004 fddinet-default 1005 trbrf-default SW2#show vtp status VTP Version Configuration Revision

:2 :4

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest :8 : Client : TTG : Disabled : Enabled : Disabled : 0x23 0x1C 0x6A 0xEB 0x65 0xD2 0xA5 0x51

Configuration last modified by 0.0.0.0 at 3-1-93 00:41:55 SW3#show vtp status VTP Version Configuration Revision :2 :4

193

Maximum VLANs supported locally : 250 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest :8 : Client : TTG : Disabled : Enabled : Disabled : 0x23 0x1C 0x6A 0xEB 0x65 0xD2 0xA5 0x51

Configuration last modified by 0.0.0.0 at 3-1-93 00:41:55 SW3#show vlan VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/23, Fa0/24, Gi0/1 Gi0/2 2 3 4 Accounting_Network Engineering_Network Markeeting_Network active active active act/unsup act/unsup act/unsup

1002 fddi-default 1003 trcrf-default 1004 fddinet-default

194

1005 trbrf-default

act/unsup

Bc 6: Gn cc port trn tng Switch vo VLAN tng ng - SW1: SW1(config)#interface range fa0/1 - 5 SW1(config-if-range)#switchport access vlan 2 SW1(config-if-range)#exit SW1(config)#interface range fa0/6 - 10 SW1(config-if-range)#switchport access vlan 3 SW1(config-if-range)#exit SW1(config)#interface range fa0/11 - 15 SW1(config-if-range)#switchport access vlan 4 SW1(config-if-range)#exit - Lp li bc 6 trn cc Switch cn li - Kim tra li bng lnh show vlan trn c 3 Switch SW1#show vlan VLAN Name Status Ports

---- -------------------------------- --------- -----------------------------1 default active Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/21, Fa0/24, Gi0/1, Gi0/2 2 Accounting_Network active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5 3 Engineering_Network active Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10 4 Markeeting_Network active Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15

195

Bc 7 : Cu hnh a ch IP cho cc Switch c th qun l t xa SW1(config)# interface VLAN1 SW1(config-if)#ip address 192.168.1.11 255.255.255.0 SW1(config-if)#no shutdown SW1(config-if)#exit SW1(config)#ip default-gateway 192.168.1.1 SW1#show ip interface brief Interface Vlan1 IP-Address 192.168.1.11 OK? Method Status YES manual up Protocol up

SW2(config)# interface VLAN1 SW2(config-if)#ip address 192.168.1.12 255.255.255.0 SW2(config-if)#no shutdown SW2(config-if)#exit SW2(config)#ip default-gateway 192.168.1.1 SW2#show ip interface brief Interface Vlan1 IP-Address 192.168.1.12 OK? Method Status YES manual up Protocol up

SW3(config)# interface VLAN1 SW3(config-if)#ip address 192.168.1.13 255.255.255.0 SW3(config-if)#no shutdown SW3(config-if)#exit SW3(config)#ip default-gateway 192.168.1.1 SW3#show ip interface brief Interface Vlan1 IP-Address 192.168.1.13 OK? Method Status YES manual up Protocol up

196

- T cc Switch th ping n router SW1#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms SW1#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms - Sau t router th telnet n cc Switch Router#telnet 192.168.1.11 Trying 192.168.1.11 ... Open User Access Verification Password: SW1>enable Password: SW1# Bc 8: Cu hnh cho SW1 l RootBrigde - Tin hnh gn thm mt ng kt ni gia SW2 v SW3 nh m hnh bn di

197

- Cu hnh ng kt ni gia hai switch SW2 v SW3 l hot ng ch Trunk - SW2: SW2(config)#interface fa0/24 SW2(config-if)# switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk SW2(config-if)#switchport nonegotiate SW2(config-if)#no shutdown - SW3: SW3(config)#interface fa0/24 SW3(config-if)# switchport trunk encapsulation dot1q SW3(config-if)#switchport mode trunk

198

SW3(config-if)#switchport nonegotiate SW3(config-if)#no shutdown - Kim tra SW1 hin ti c phi l rootbridge cha bn lnh show spanning-tree SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee (Giao thc chy mc nh l PVST+) Root ID Priority Address Cost Port 32769 (Roo tBrigdeID)

000a.b8f3.ec40 19 22 (FastEthernet0/22) (Root Port ca SW1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 32769 (priority 32768 sys-id-ext 1) (Priority mc nh ca W1)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority Address Cost 32770 Desg FWD 19 Root FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

000a.b8f3.ec40 19

199

Port

22 (FastEthernet0/22)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority Address

32770 (priority 32768 sys-id-ext 2)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0003 Spanning tree enabled protocol ieee Root ID Priority Address Cost Port 32771 Desg FWD 19 Root FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

000a.b8f3.ec40 19 22 (FastEthernet0/22)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 32771 (priority 32768 sys-id-ext 3)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

200

Fa0/20 Fa0/22 Fa0/23

Desg FWD 19 Root FWD 19 Desg FWD 19

128.20 P2p 128.22 P2p 128.23 P2p

VLAN0004 Spanning tree enabled protocol ieee Root ID Priority Address Cost Port 32772

000a.b8f3.ec40 19 22 (FastEthernet0/22)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 32772 (priority 32768 sys-id-ext 4)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 Desg FWD 19 Root FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

- cu hnh cho SW1 l Root Bridge cho tt c VLAN ta tin hnh thay i Priority ca SW1 thnh gi tr thp hn gi tr mc nh 32768 ca cc switch khc Ch : Gi tr ca Priority phi l bi s ca 4096 SW1(config)#spanning-tree vlan 1-4 priority 4096 - Kim tra li thng tin STP sau khi i Priority SW1#show spanning-tree

201

VLAN0001 Spanning tree enabled protocol ieee Root ID Priority Address 4097

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 4097 (priority 4096 sys-id-ext 1)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority Address 4098 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 4098 (priority 4096 sys-id-ext 2)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300

202

Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0003 Spanning tree enabled protocol ieee Root ID Priority Address 4099 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 4099 (priority 4096 sys-id-ext 3)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0004 Spanning tree enabled protocol ieee Root ID Priority Address 4100 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

0018.192e.ddc0

This bridge is the root

203

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 4100 (priority 4096 sys-id-ext 4)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

- Nh chng ta thy hin ti SW1 l Root Bridge cho c 4 VLAN Bc 9: Kim tra li s nh tuyn gia cc VLAN - Cu hnh Ip cho cc PC nh sau : PC-VLAN1 : IP : 192.168.1.10 SM : 255.255.255.0 GW : 192.168.1.1 (cng Fa0/0 trn router TTG1) Port : Fa0/16 PC-VLAN2 : IP : 192.168.2.10 SM : 255.255.255.0 GW : 192.168.2.1 (cng Fa0/0.2 trn router TTG1) Port : Fa0/1 PC-VLAN3 :

204

IP : 192.168.3.10 SM : 255.255.255.0 GW : 192.168.3.1 (cng Fa0/0.3 trn router TTG1) Port : Fa0/6 PC-VLAN4 : IP : 192.168.4.10 SM : 255.255.255.0 GW : 192.168.4.1 (cng Fa0/0.4 trn router TTG1) Port : Fa0/11 - T cc PC ca VLAN 1,2,3,4 phi ping c nhau ,c th s dng thm lnh tracert kim tra ng i ca gi tin t VLAN ny qua VLAN khc

205

Bc 10: Cu hnh PVRST+

Chuyn cc Switch qua hot ng mode PVRST+ - SW1: SW1(config)#spanning-tree mode rapid-pvst SW1(config)#spanning-tree vlan 1-2 root primary SW1(config)#spanning-tree vlan 3-4 root secondary - SW2: SW2(config)#spanning-tree mode rapid-pvst SW2(config)#spanning-tree vlan 1-2 root secondary SW2(config)#spanning-tree vlan 3-4 root primary

206

- SW1: SW3(config)#spanning-tree mode rapid-pvst - Kim tra li cu hnh PVRST+ trn SW1 SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority Address 4097

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 4097 (priority 4096 sys-id-ext 1)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0002 Spanning tree enabled protocol rstp Root ID Priority Address 4098 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

0018.192e.ddc0

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

207

Bridge ID Priority Address

4098 (priority 4096 sys-id-ext 2)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 VLAN0003 Spanning tree enabled protocol rstp Root ID Priority Address Cost Port 24579 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

000a.b8f3.ee00 19 23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority Address

28675 (priority 28672 sys-id-ext 3)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Desg FWD 19 Desg FWD 19 128.20 P2p 128.22 P2p

208

Fa0/23 VLAN0004

Root FWD 19

128.23 P2p

Spanning tree enabled protocol rstp Root ID Priority Address Cost Port 24580

000a.b8f3.ee00 19 23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 28676 (priority 28672 sys-id-ext 4)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20 Fa0/22 Fa0/23 Desg FWD 19 Desg FWD 19 Root FWD 19 128.20 P2p 128.22 P2p 128.23 P2p

- Nh vy hin ti SW1 ang l Root Bridge cho VLAN 1 v 2 - Tng t nh vy trn SW2 SW2#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority Address Cost 4097

0018.192e.ddc0 19

209

Port

23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 28673 (priority 28672 sys-id-ext 1)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/21 Fa0/23 VLAN0002 Spanning tree enabled protocol rstp Root ID Priority Address Cost Port 4098 Desg FWD 19 Root FWD 19 128.21 P2p 128.23 P2p

0018.192e.ddc0 19 23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 28674 (priority 28672 sys-id-ext 2)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/1 Fa0/21 Desg FWD 19 Desg FWD 19 128.1 P2p

128.21 P2p

210

Fa0/23 VLAN0003

Root FWD 19

128.23 P2p

Spanning tree enabled protocol rstp Root ID Priority Address 24579

000a.b8f3.ee00

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 24579 (priority 24576 sys-id-ext 3)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/6 Fa0/21 Fa0/23 VLAN0004 Spanning tree enabled protocol rstp Root ID Priority Address 24580 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.6 P2p

128.21 P2p 128.23 P2p

000a.b8f3.ee00

This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 24580 (priority 24576 sys-id-ext 4)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

211

Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/21 Fa0/23 VI. Desg FWD 19 Desg FWD 19 128.21 P2p 128.23 P2p

Mt s lnh lin quan n bi lab :


Enable STP

Switch(config)#spanning-tree vlan 5

Enable giao thc STP trn VLAN 5 ca switch

Switch(config)#no spanning-tree vlan 5 Cu hnh Root switch Switch(config)#spanning-tree vlan 5 Root

Disable giao thc STP trn VLAN 5 ca switch

Sa i switch priority t gi tr mc nh l 32768 thnh mt gi tr thp hn cho php switch c th tr thnh mt root switch trong vlan 5 * Ch : Nu tt c cc switch khc u c kh nng h tr System ID m rng, th switch c cu hnh bng cu lnh trn s khi to li gi tr priority l 24576. Nu c mt s switch c gi tr priority c cu hnh thp hn 24576, th switch s c gn gi tr priority l 4096 l gi tr priority thp nht trong s cc switch.

Switch(config)#spanning-tree vlan 5

Switch s tnh ton li cc tham s thi

212

root primary

gian vi cc gi tr prirority cho php switch c th tr thnh root switch cho VLAN 5. * Ch : Thng thng root switch l mt switch nm mng backbone hoc distribution

Switch(config)#spanning-tree vlan 5 root secondary

Switch s thc hin tnh ton li cc tham s thi gian vi gi tr priority cho php switch tr thnh root switch cho VLAN 5 khi m root switch ca VLAN 5 b li.

Cu hnh Path Cost Switch(config)#interface gigabitethernet 0/1 Switch(config-if)#spanning-tree cost 100000 Switch(config-if)#spanning-tree vlan 5 cost 1000000 Chuyn cu hnh vo ch Interface gi0/1 Cu hnh gi tr Cost cho interface ang hot ng ch access Cu hnh Gi tr Cost ca VLAN cho mt interface ang hot ng ch Trunk.

Cu hnh Switch Priority ca mt VLAN Switch(config)# spanning-tree vlan 5 priority 12288 Kim tra STP : Switch#show spanning-tree Switch#show spanning-tree active Hin th thng tin STP Hin th thng tin STP duy nht trn cc interface ang hot ng. Cu hnh gi tr switch priority ca VLAN 5 l 12288

213

Switch#show spanning-tree brief Switch#show spanning-tree detail Switch#show spanning-tree interface gigabitethernet 0/1 Switch#show spanning-tree summary

Hin th trng thi ca STP Hin th thng tin chi tit ca interface Hin th thng tin STP cho interface gi0/1

Hin th trng thi tng quan ca mt port

Switch#show spanning-tree summary totals Switch#show spanning-tree vlan 5

Hin th tng s dng ca cc phin STP Hin th thng tin STP cho VLAN 5

214

LAB 20: nh Tuyn S Dng Switch Layer3


I. M hnh bi Lab :

II. Cc bc thc hin : - Cu hnh trunking gia cc Switch - Etherchannel tng bng thng v chia ti t cc Switch Access n Layer3 Switch - S dng giao thc VTP ng b thng tin VLAN gia cc Switch - To thng tin VLAN trn switch VTP Server gm 4 VLAN: +VLAN 2 : K Ton s dng lp mng 192.168.2.0 +VLAN 3 : Kinh Doanh s dng lp mng 192.168.3.0 +VLAN 4 : Gim c s dng lp mng 192.168.4.0 +VLAN 5 : IT s dng lp mng 192.168.5.0 - Trn cc Switch Access ln lt c cc cng thuc VLAN nh sau : +fa0/5 n fa0/9 thuc VLAN 2

215

+fa0/10 n fa0/14 thuc VLAN 3 +fa0/15 n fa0/19 thuc VLAN 4 +fa0/20 n fa0/24 thuc VLAN 5 - m bo Layer3 Switch l RootBrdge trong STP - S dng cc Layer3 Switch nh tuyn gia cc VLAN - nh tuyn gia Layer3 Switch v Router 1. Cu hnh trunking gia cc Switch - Layer3SW: Switch(config)#hostname Layer3SW Layer3SW(config)#interface range fa0/1 - 4 Layer3SW(config-if-range)#switchport mode trunk - AccessSW1: Switch(config)#hostname AccessSW1 AccessSW1(config)#interface range fa0/1 - 2 AccessSW1(config-if-range)#switchport mode trunk - AccessSW2: Switch(config)#hostname AccessSW2 AccessSW2(config)#interface range fa0/1 - 2 AccessSW2(config-if-range)#switchport mode trunk 2.S dng Etherchannel tng bng thng v chia ti t cc Switch Access n Layer3 Switch - Layer3SW: Layer3SW(config)#interface port-channel 1 Layer3SW(config-if)#exit Layer3SW(config)#interface range fa0/1 2 Layer3SW(config-if-range)#channel-group 1 mode active

216

Layer3SW(config-if)#exit Layer3SW(config)#interface port-channel 2 Layer3SW(config-if)#exit Layer3SW(config)#interface range fa0/3 4 Layer3SW(config-if-range)#channel-group 2 mode active - AccessSW1: AccessSW1(config)#interface port-channel 1 AccessSW1(config-if)#exit AccessSW1(config)#interface range fa0/1 2 AccessSW1(config-if-range)#channel-group 1 mode active - AccessSW2: AccessSW2(config)#interface port-channel 2 AccessSW2(config-if)#exit AccessSW2(config)#interface range fa0/1 2 AccessSW2(config-if-range)#channel-group 2 mode active 3. S dng giao thc VTP ng b thng tin VLAN gia cc Switch: - Layer3SW: Layer3SW(config)#vtp domain TTG Layer3SW(config)#vtp password 123 Layer3SW(config)#vtp mode server - AccessSW1: AccessSW1(config)#vtp domain TTG AccessSW1(config)#vtp password 123 AccessSW1(config)#vtp mode client - AccessSW2:

217

AccessSW2(config)#vtp domain TTG AccessSW2(config)#vtp password 123 AccessSW2(config)#vtp mode client 4. To thng tin VLAN trn switch VTP Server gm 4 VLAN: +VLAN 2 : K Ton s dng lp mng 192.168.2.0 +VLAN 3 : Kinh Doanh s dng lp mng 192.168.3.0 +VLAN 4 : Gim c s dng lp mng 192.168.4.0 +VLAN 5 : IT s dng lp mng 192.168.5.0 Do chng ta ang s dng giao thc VTP ng b thng tin VLAN cho ton b Switch trong h thng nn to thng tin VLAN bt buc phi lm trn Switch VTP Server trong trng hp ny Layer3SW - Layer3SW : Layer3SW(config)#vlan 2 Layer3SW(config-vlan)#name KeToan Layer3SW(config-vlan)#exit Layer3SW(config)#vlan 3 Layer3SW(config-vlan)#name KinhDoanh Layer3SW(config-vlan)#exit Layer3SW(config)#vlan 4 Layer3SW(config-vlan)#name GiamDoc Layer3SW(config-vlan)#exit Layer3SW(config)#vlan 5 Layer3SW(config-vlan)#name IT Layer3SW(config-vlan)#exit Sau kim tra li vic ng b thng tin VLAN trn cc AccessSW1 v AccessSW2 bng lnh show vlan brief m bo chc chn c thng tin v cc VLAN mi to trn 5. Trn cc Switch Access ln lt c cc cng thuc VLAN nh sau :

218

- AccessSW1: AccessSW1(config)#interface range fa0/5 - 9 AccessSW1(config-if-range)#switchport access vlan 2 AccessSW1(config-if-range)#exit AccessSW1(config)#interface range fa0/10 - 14 AccessSW1(config-if-range)#switchport access vlan 3 AccessSW1(config-if-range)#exit AccessSW1(config)#interface range fa0/15 19 AccessSW1(config-if-range)#switchport access vlan 4 AccessSW1(config-if-range)#exit AccessSW1(config)#interface range fa0/20 - 24 AccessSW1(config-if-range)#switchport access vlan 5 - AccessSW2: AccessSW2(config)#interface range fa0/5 - 9 AccessSW2(config-if-range)#switchport access vlan 2 AccessSW2(config-if-range)#exit AccessSW2(config)#interface range fa0/10 - 14 AccessSW2(config-if-range)#switchport access vlan 3 AccessSW2(config-if-range)#exit AccessSW2(config)#interface range fa0/15 19 AccessSW2(config-if-range)#switchport access vlan 4 AccessSW2(config-if-range)#exit AccessSW2(config)#interface range fa0/20 - 24 AccessSW2(config-if-range)#switchport access vlan 5 6. m bo Layer3 Switch l RootBrdge trong STP:

219

Layer3SW(config)#spanning-tree vlan 1-5 root primary 7. S dng cc Layer3 Switch nh tuyn gia cc VLAN: nh tuyn gia cc VLAN trn switch Layer3 ta s t a ch cho cc interface VLAN 2,3,4,5 v dng cc interface ny lm gateway cho cc PC bn di (cc interface VLAN gi l SVI: Switch Virtual Interface) -Bt tnh nng nh tuyn Layer3SW(config)#ip routing -t a ch Ip cho cc interface VLAN theo lp mng tng ng phn trn, c th nh sau: Layer3SW(config)#interface vlan 2 Layer3SW(config-if)#ip address 192.168.2.1 255.255.255.0 Layer3SW(config-if)#no shutdown Layer3SW(config-if)#exit Layer3SW(config)#interface vlan 3 Layer3SW(config-if)#ip address 192.168.3.1 255.255.255.0 Layer3SW(config-if)#no shutdown Layer3SW(config-if)#exit Layer3SW(config)#interface vlan 4 Layer3SW(config-if)#ip address 192.168.4.1 255.255.255.0 Layer3SW(config-if)#no shutdown Layer3SW(config-if)#exit Layer3SW(config)#interface vlan 5 Layer3SW(config-if)#ip address 192.168.5.1 255.255.255.0 Layer3SW(config-if)#no shutdown Layer3SW(config-if)#exit -t a ch Ip cho cc PC kim tra vic nh tuyn gia cc VLAN thnh cng hay cha: PCVLAN2 :

220

Ip Address : 192.168.2.10 Subnet Mask: 255.255.255.0 Gateway PCVLAN3 : Ip Address : 192.168.3.10 Subnet Mask: 255.255.255.0 Gateway PCVLAN4 : Ip Address : 192.168.4.10 Subnet Mask: 255.255.255.0 Gateway PCVLAN5 : Ip Address : 192.168.5.10 Subnet Mask: 255.255.255.0 Gateway : 192.168.5.1 : 192.168.4.1 : 192.168.3.1 : 192.168.2.1

- Sau t cc PC s dng lnh Ping kim tra qu trnh nh tuyn thnh cng hay khng, kt qu cc PC phi Ping c ln nhau 8.nh tuyn gia Layer3 Switch v Router: - Layer3SW: Layer3SW(config)#interface fa0/5 Layer3SW(config-if)#no switchport Layer3SW(config-if)#ip address 192.168.6.1 255.255.255.0 Layer3SW(config-if)#no shutdown Layer3SW(config-if)#exit - Cu hnh giao thc nh tuyn RIPv2 Layer3SW(config)#router rip

221

Layer3SW(config-router)#version 2 Layer3SW(config-router)#network 192.168.2.0 Layer3SW(config-router)#network 192.168.3.0 Layer3SW(config-router)#network 192.168.4.0 Layer3SW(config-router)#network 192.168.5.0 Layer3SW(config-router)#network 192.168.6.0 - Router DNG : Router(config)#hostname DNG DNG(config)#interface fa0/0 DNG(config-if)#ip address 192.168.6.2 255.255.255.0 DNG(config-if)#no shutdown DNG(config-if)#exit DNG(config)#router rip DNG(config-router)#version 2 DNG(config-router)#network 192.168.6.0 - Kim tra bng nh tuyn ca Router v Layer3Switch s dng lnh show ip route Mt s lnh lin quan n bi Lab :
1. Cu hnh Port Channel Layer3SW(config)#interface range fa0/1 - 4 Chuyn cu hnh vo ch interface fa0/1 4 Layer3SW(config-if-range)#switchport mode trunk Layer3SW (config-if)#switchport trunk encapsulation dot1q Cu hnh di interface ny s hot ng ch trunk. Cu hnh giao thc 802.1q s c s dng ng gi d liu trn ng trunk.

222

Layer3SW(config)#interface port-channel 1 Layer3SW (config)#interface range fastethernet 0/1 2 Layer3SW(config-if-range)#channel-group 1 mode active

To ra mt channel logical interface Chuyn cu hnh vo ch interface.

To mt Channel Group l 1 v ng thi gn hai interface fa0/1 v fa0/2 tr thnh thnh vin ca Channel Group ny.

2. nh tuyn gia Layer3 Switch Layer3SW(config)#ip routing Bt tnh nng nh tuyn trn Switch Layer 3

223

STANDARD ACCESS LIST


I. Gii thiu: - Mt trong nhng cng c rt quan trng trong Cisco Router c dng trong lnh vc security l Access List. y l mt tnh nng gip bn c th cu hnh trc tip trn Router to ra mt danh sch cc a ch m bn c th cho php hay ngn cn vic truy cp vo mt a ch no . - Access List c 2 loi l Standard Access List v Extended Access List. + Standard Access List: y l loi danh sch truy cp m khi cho php hay ngn cn vic truy cp,Router ch kim tra mt yu t duy nht l a ch ngun(Source Address) + Extended Access List: y l loi danh sch truy cp m rng hn so vi loi Standard,cc yu t v a ch ngun, a ch ch,giao thc,port..s c kim tra trc khi Router cho php vic truy nhp hay ngn cn. II. M t bi lab v hnh : - Bi Lab ny gip bn thc hin vic cu hnh Standard Access List cho Cisco Router vi mc ch ngn khng cho host truy cp n router TTG2, ( X l s th t ca nhm do ging vin phn )

III.

Cu hnh router :

224

- Router TTG1 : Router> enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface s0/1/0 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#exit TTG1(config)#interface fa0/1 TTG1(config-if)#ip address 10.X.0.1 255.255.255.0 TTG1(config-if)#no shutdown - Router TTG2 Router> enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface s0/1/0 TTG2(config-if)#ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#exit TTG2(config)#interface fa0/1 TTG2(config-if)#ip address 11.X.0.1 255.255.255.0 TTG2(config-if)#no shutdown

- PC1: IP Address:10.X.0.2 Subnet mask:255.255.255.0

225

Gate way : 10.X.0.1 - PC2: IP Address:11.X.0.2 Subnet mask:255.255.255.0 Gate way : 11.X.0.1 - Bn thc hin vic nh tuyn cho cc Router nh sau(Dng giao thc RIP): TTG1(config)#router rip TTG1(config-router)#version 2 TTG1(config-router)#network 192.168.1.0 TTG1(config-router)#network 10.0.0.0 TTG2(config)#router rip TTG1(config-router)#version 2 TTG2(config-router)#network 192.168.1.0 TTG2(config-router)#network 11.0.0.0 - Bn thc hin kim tra qu trnh nh tuyn: TTG2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms TTG2#ping 11.X.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms TTG2#ping 11.X.0.2

226

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/40 ms - Sau qu trnh nh tuyn,kim tra chc chn rng mng c thng,bn thc hin vic to Access List Standard ngn khng cho PC1 ping vo TTG2. - Bn thc hin to Access List trn Router TTG2 nh sau: TTG2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. TTG2(config)#access-list 1 deny 11.X.0.2 0.0.0.0 //t chi s truy nhp ca a ch 11.0.0.2// - Lc ny bn thc hin lnh Ping t Host1 n TTG2

- Bn thy lnh Ping thc hin vn thnh cng, l do l bn cha m ch Access list trn interface s0/1/0 ca router TTG2 TTG1(config)#interface s0/1/0 TTG1(config-if)#ip access-group 1 in

227

- Sau khi apply access list vo interface s0/1/0, ta ping t PC1 n TTG2.

- By gi ta i a ch ca PC thnh 11.X.0.3, v th ping li 1 ln na.

- Bn thy lnh Ping vn khng thnh cng, l do l khi khng tm thy a ch source (a ch l) trong danh sch Access list, router s mc nh thc hin Deny any,v vy bn phi thay i mc nh ny. Sau y l lnh debug ip packet ti TTG2 khi thc hin lnh ping trn.

228

TTG1(config)#access-list 1 permit any - Lc ny bn thc hin li lnh Ping t PC1 n TTG2

- Bn thy lnh Ping thnh cng, n y bn cu hnh xong Standard Access List. Mt s lnh lin quan n bi lab :
1. To ACL Standard

229

Router(config)#access-list 10 permit 172.16.0.0 0.0.255.255

Tt c cc gi tin c a ch IP ngun l 172.16.x.x s c php truyn tip. 10 : Ch s nm trong khong t 1 n 99, hoc 1300 n 1999, c s dng cho ACL standard.

Router(config)#access-list 10 deny host 172.17.0.1 Router(config)#access-list 10 permit any

Tt c cc gi tin c a ch IP ngun l 172.17.0.1 s c php truyn tip. Tt c cc gi tin ca tt c cc mng s c php truyn tip.

2. Gn ACL Standard cho mt interface Router(config)#interface fastethernet 0/0 Chuyn cu hnh vo ch interface fa0/0. Router(config-if)#ip access-group 10 in Cu lnh ny c s dng gn ACL 10 vo interface fa0/0. Nhng gi tin i vo router thng qua interface fa0/0 s c kim tra. Router(config-if)#ip access-group 10 out Cu lnh ny c s dng gn ACL 10 vo interface fa0/0. Nhng gi tin i ra router thng qua interface fa0/0 s c kim tra. * Ch : Mi Interface ch c gn 1 chiu in hoc out 3. Kim tra ACL Router#show ip interface Hin th tt c cc ACL c gn vo interface. Router#show access-lists Hin th ni dung ca tt c cc ACL trn

230

router. Router#show access-list access-listnumber Router#show access-list name Hin th ni dung ca ACL c ch s c ch ra trong cu lnh. Hin th ni dung ca ACL c tn c ch ra trong cu lnh. 4. Xa ACL Router(config)#no access-list 10 Xa b ACL c ch s l 10.

231

EXTENDED ACCESS LIST


I. Gii thiu : - bi trc bn thc hin vic cu hnh Standard Access List, bi Lab ny bn s tip tc tm hiu su hn v Extended Access List. y l m rng ca Standard Access List, trong qu trnh kim tra, Router s kim tra cc yu t v a ch ngun, ch,giao thc v port

II.

M t bi lab v hnh : - Mc ch ca bi Lab:Bn thc hin cu hnh Extended Access List sao cho PC1 khng th Telnet vo Router TTG2 nhng vn c th duyt web qua Router TTG2

- Bn thc hin vic cu hnh cho Router v Host nh hnh trn:

III.

Cu hnh router :

232

PC1: IP Address:10.X.0.2 Subnet mask:255.255.255.0 Gateway:10.X.0.1 PC2: IP Address:11.X.0.2 Subnet mask:255.255.255.0 Gateway:11.X.0.1 Router TTG1: Router> enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface s0/1/0 TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#exit TTG1(config)#interface fa0/1 TTG1(config-if)#ip address 10.X.0.1 255.255.255.0 TTG1(config-if)#no shutdown Router TTG2 : Router> enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface s0/1/0 TTG2(config-if)#ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown

233

TTG2(config-if)#exit TTG2(config)#interface fa0/1 TTG2(config-if)#ip address 11.X.0.1 255.255.255.0 TTG2(config-if)#no shutdown -Cu hnh nh tuyn cho 2 router bng OSPF Router TTG1 : TTG1(config)#router ospf 1 TTG1(config-router)#network 10.X.0.0 0.255.255.255 area 0 TTG1(config-router)#network 192.168.1.0 0.0.0.255 area 0 TTG1(config-router)#exit Router TTG2 : TTG1(config)#router ospf 1 TTG1(config-router)#network 11.X.0.0 0.255.255.255 area 0 TTG1(config-router)#network 192.168.1.0 0.0.0.255 area 0 TTG1(config-router)#exit - Bn thc hin lnh Ping kim tra qu trnh nh tuyn.Sau khi chc chn rng qu trnh nh tuyn thnh cng. - Ti Router TTG2 bn thc hin cu lnh: TTG2(config)#ip http server //Cu lnh ny dng gi mt http server trn Router// - To username v password dng chng thc cho Web Server TTG2(config)#username TTG2 password cisco - Lc ny Router s ng vai tr nh mt Web Server - Sau khi qu trnh nh tuyn thnh cng,b n thc hin cc bc Telnet v duyt Web t PC1 vo Router TTG2. - Ch : thnh cng vic Telnet bn phi Login cho ng line vty v t mt khu cho ng ny( y l Cisco) TTG2(config)#line vty 0 4

234

TTG2(config-line)#login TTG2(config-line)#password cisco Telnet :

Duyt web :

235

- Bn nhp vo User Name v Password User name: TTG2 Password : cisco - Cc bc trn thnh cng,bn thc hin vic cu hnh Access list TTG2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. TTG2(config)#access-list 101 deny tcp 11.X.0.2 0.0.0.0 192.168.1.2 0.0.0.0 eq telnet TTG2(config)#interface s0/1/0 TTG2(config-if)#ip access-group 101 in - Bn thc hin li vic Telnet nh trn,bn nhn thy qu trnh Telnet khng thnh cng nhng bc duyt Web ca bn cng khng thnh cng. - Theo yu cu bn ch ngn cm Telnet nhng cho php qu trnh duyt Web Telnet :

236

Duyt Web :

- thnh cng bc duyt Web,bn thc hin cu lnh thay i vic Deny any mc nh ca Access List. TTG2(config)#access-list 101 permit ip any any - Bn ch rng cc cu lnh trong Access List extended khng ging nh trong Access List Standard v trong Access List Extended,Router s kim tra c a ch ngun,ch,giao thc v port..Permit ip any any c ngha l cho php tt c cc a ch ngun v ch khc(khng tm thy trong danh sch Access List) chy trn nn giao thc IP i qua. Lc ny bn thc hin li qu trnh duyt web

237

Bn nhp vo User Name v Password User name :TTG2 Password : Cisco -n y bn thnh cng vic cu hnh cho Extended Access List,bn thc hin c yu cu to Access List cho Router vi mc ch ngn cm vic Telnet vo Router v cho php qu trnh duyt Web vo Router.Bn cng c th m rng thm hnh vi nhiu Router thc tp vic cu hnh Access List cho Router vi nhng yu cu bo mt khc nhau. Mt s lnh lin quan n bi lab :
1. To ACL Extended Router(config)#access-list 110 permit tcp 172.16.0.0 0.0.0.255 192.168.100.0 0.0.0.255 eq 80 Cc gi tin HTTP c a ch IP ngun l 172.16.0.x s c cho php truyn n mng ch l 192.168.100.x

238

110 : Ch s nm trong khong t 100 n 199, hoc t 2000 n 2699 s c s dng to ACL extended IP Router(config)#access-list 110 deny tcp any 192.168.100.7 0.0.0.0 eq 23 Cc gi tin Telnet c a ch IP ngun s b chn li nu chng truy cp n ch l 192.168.100.7 2. Gn ACL extended cho mt interface Router(config)#interface fastethernet 0/0 Chuyn cu hnh vo ch interface fa0/0. Router(config-if)#ip access-group 110 out ng thi gn ACL 110 vo interface theo chiu out. Nhng gi tin i ra khi interface fa0/0 s c kim tra.

239

Lab ACL Tng Hp

240

CU HNH NAT STATIC


I. Gii thiu : Nat (Network Address Translation) l mt giao thc dng cung cp s chuyn i IP trong 1 min a ra mt mi trng khc thng qua mt IP c ng k chuyn i thng tin gia 2 mi trng (either Local or Global) . u im ca NAT( Network Nat Translation ) l chuyn i cc IP adress ring trong mng n IP adress inside c Cung cp khi ng k . Cc loi a ch : Inside Local : l cc a ch bn trong mng ni b ( gateway) Inside Global :l cc a ch ngoi cng GATEWAY , l a ch Nat c ng k. Trong bi nay l :172.17.0.1/24 Outside Global : l cc h thng mng bn ngoi cc mi trng Cch thc chuyn i mt IP public v mt IP private s khng c hiu qu khi chng ta trin khai rng cho tt c cc host trong mng, bi v khi lm nh v y ta s khng c a ch cung cp. Nat t nh th ng c p dng khi ta s dng a ch public lm WebServer hay FTP Server,v.v. II. M t bi lab v hnh :

- Cc PC ni vi router bng cp cho, hai router ni vi nhau bng cp serial. a ch IP ca cc interface v PC c cho trn hnh v - Trong bi lab ny, router TTG2 c cu hnh nh m t ISP, router TTG1 c cu hnh nh mt Gateway, mc tiu bi lab l cu hnh Static NAT cho PC1 sao cho khi chy ra khi TTG1 s c chuyn thnh 172.17.0.1 - Sauk hi Static NAT PC2 mun kt ni n PC1 phi thng qua a ch 172.17.0.1

III. Cu hnh : - Chng ta cu hnh cho cc router nh sau :

241

Router TTG2 : Router#conf igure terminal TTG2(config)#enable password cisco TTG2 (config)#hostname TTG2 TTG2config)#interface s0/1/0 TTG2 (config-if)#ip address 192.168.0.2 255.255.255.0 TTG2 (config-if)# no shutdown TTG2 (config-if)#clock rate 64000 TTG2 (config)#interface fa0/1 TTG2 (config-if)#ip address 11.1.0.1 255.255.255.0 TTG2 (config-if)#no shutdown Router TTG1 : TTG1(config)#interface serial 0/1/0 TTG1(config-if)#ip address 192.168.0.1 255.255.255.0 TTG1(configure-if)#clockrate 64000 TTG1(config)#ip nat outside cu hnh interface S0/1/0l interface outside TTG1(config)#interface fa0/1 TTG1(config-if)#ip address 10.1.0.1 255.255.255.0 TTG1(config-if)#ip nat intside Cu hnh interface Fa0/0 l interface inside TTG1(config-if)#no shutdown - Chng ta tin hnh cu hnh Static NAT cho TTG1 bng cu lnh : TTG1(config)#ip nat inside source static 10.1.0.2 172.17.0.1 Cu lnh trn c ngha l : cc gi tin xu t pht t PC1 khi qua router ( vo t interface Fa0/1) TTG1 ra ngoi( ra khi interface S0/1/0) s c i a ch IP source t 10.1.0.2 thnh a ch 172.17.0.1 (y l a ch c ng k vi ISP) - Chng ta tin hnh t Static Route cho 2 Router TTG2 v TTG1.

242

TTG1(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.2 TTG2(config)#ip route 172.17.0.0 255.255.0.0 192.168.0.1 - a ch 172.17.0.1 l Address c ng k. Trn thc t ISP ch route xung user bng a ch ng k ny. - kim tra vic NAT ca router TTG1 nh th no chng ta s dng cu lnh sau: TTG1#show ip nat translation Pro Inside global --- 172.17.0.1 Inside local 10.1.0.2 Outside local ----Outside global

- kim tra router TTG1 chuyn i a ch nh th no chng ta s dng cu lnh debug ip nat trn router TTG1 v v ping t PC1 n a ch 11.1.0.1

243

- T ngoi ISP ( TTG2 ) mun ping vo PC1 hay cc server bn trong mng LAN ca khch hng bng cch ping vo a ch publish ang c NAT trn TTG1 v bn ngoi internet ch kt ni c n IP ny

- Nh vy bn ngoi mun tng tc c vi Server bn trong phi truy cp vo a ch IP l 172.17.0.1 Mt s lnh lin quan n bi lab :

244

1. Cu hnh Nat static Router (config)#ip nat inside source static 172.16.10.5 64.64.64.65 Thc hin chuyn i c nh a ch IP bn trong 172.16.10.5 thnh mt a ch IP Public 64.64.64.65. Bn s phi s dng cu lnh cho mi mt a ch IP Private m bn mun nh x tnh vi mt a ch IP Public. Router (config-if)#ip nat inside nh ngha ra nhng interface c vai tr l interface inside Router (config-if)#ip nat outside 2. Kim tra cu hnh NAT Router#show ip nat translations Router#show ip nat statistics Router#clear ip nat translations* Hin th bng chuyn i Hin th nhng thng tin ca NAT. Xa ton b bng chuyn i trc khi thng tin b time out. 3. X l li vi cu hnh NAT Router#debug ip nat Hin th thng tin v nhng gi tin c chuyn i. nh ngha interface c vai tr l outside.

245

CU HNH NAT OVERLOAD (PAT)


I. Gii thiu : NAT (Network Address Translation) dng chuyn i cc private address thnh a ch public address. Cc gi tin t mng ni b ca user gi ra ngoi, khi n router bin a ch IP source s c chuyn i thnh a ch public m user ng k v i ISP. iu ny cho php cc gi tin t mng ni b c th c gi ra mng ngoi (Internet). NAT c cc loi : NAT static, NAT pool, NAT overload. NAT static cho php chuyn i mt a ch ni b thnh mt a ch public. NAT pool cho php chuyn i cc a ch ni b thnh mt trong dy a ch public. NAT overload cho php chuyn i cc a ch ni b thnh mt a ch public Trong k thut NAT overload, router s s dng thm cc port cho cc a ch khi chuyn i. II. Cc cu lnh s dng trong bi lab : ip nat {inside | outside} Cu hnh interface l inside hay outside ip nat inside source {list {accesslistnumber | name} pool name [overload] | static localip globalip} Cho php chuyn a ch ni b thnh a ch public ip nat pool name startip endip {netmask | prefixlength prefixlength} [type rotary] To NAT pool show ip nat translations Xem cc thng tin v NAT debug ip nat Xem hot ng ca NAT

III.

M t bi lab v hnh :

246

- hnh bi lab nh hnh trn. Router TTG1 c cu hnh inteface loopback 0, loopback 1, loopback 2. Router TTG2 c cu hnh interface loopback 0. Hai router c ni vi nhau bng cp Serial. Ta gi lp 3 lp mng lo0, lo1, lo2 l nhng mng bn trong, khi cc traffic bn trong mng ny i ra ngoi ( ra khi S0/1/0) tt c s c chuyn i a ch thnh 192.168.1.1 IV. Cu hnh router : Hai router c cu hnh cc interface nh sau : Router TTG1 : Router>enable Router#configure terminal Router(configure)# hostname TTG1 TTG1(configure)# interface Loopback0 TTG1(configure-if)# ip address 10.1.0.1 255.255.0.0 TTG1(configure-if)#exit TTG1(configure)# interface Loopback1 TTG1(configure-if)# ip address 11.1.0.1 255.255.0.0 TTG1(configure-if)#exit TTG1(configure)# interface Loopback2 TTG1(configure-if)# ip address 12.1.0.1 255.255.0.0 TTG1(configure-if)#exit TTG1(configure)#interface Serial0/1/0

247

TTG1(configure-if)# ip address 192.168.1.1 255.255.255.0 TTG1(configure-if)#clockrate 64000 TTG1(configure-if)#exit Router TTG2 : Router>enable Router#configure terminal Router(configure)# hostname TTG1 TTG1(configure)# interface Loopback0 TTG1(configure-if)# ip address 13.1.0.1 255.255.0.0 TTG1(configure-if)#exit TTG1(configure)#interface Serial0/1/0 TTG1(configure-if)# ip address 192.168.1.2 255.255.255.0 TTG1(configure-if)#clockrate 64000 TTG1(configure-if)#exit - Chng ta cu hnh NAT trn router TTG1 theo cc bc sau : Bc 1 : Cu hnh cc interface inside v outside Trong bi lab ny, chng ta cu hnh cho cc interface loopback ca TTG1 l inside cn interface serial 0 l out side. TTG1(config)#interface loopback 0 TTG1(config-if)#ip nat inside TTG1(config)#in loopback 1 TTG1(config-if)#ip nat inside TTG1(config-if)#interface loopback 2 TTG1(config-if)#ip nat inside TTG1(config-if)#interface s0/0/0 TTG1(config-if)#ip nat outside

248

TTG1(config-if)#exit Bc 2 : To access list cho php mng no c NAT. Chng ta cu hnh cho php mng 10.1.0.0/16 v mng 11.1.0.0/16 c cho php, cm mng 12.1.0.0/16 TTG1(config)# access-list 1 deny 12.1.0.0 0.0.255.255 TTG1(config)#access-list 1 permit any Bc 3 : To NAT pool cho router TTG1 Cu hnh NAT pool tn TTG1 c a ch t 172.1.1.1/24 n 172.1.1.5/24 TTG1(config)#ip nat pool TTG1 172.1.1.1 172.1.1.5 netmask 255.255.255.0 Bc 4 : Cu hnh NAT cho router TTG1(config)#ip nat inside source list 1 pool TTG1 overload Cu lnh trn cu hnh overload cho NAT pool Bc 5 : nh tuyn cho router TTG1(config)#ip route 13.1.0.0 255.255.0.0 192.168.1.2 TTG2(config)#ip route 172.1.1.0 255.255.255.0 192.168.1.1 Lu : i vi router TTG2, nu ta nh tuyn theo dng : TTG2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 th chng ta c th ping thy c cc mng trong router TTG1 (10.1.0.0/16, 11.1.0.0/16). Nhng thc t, ISP ch nh tuyn xung cho user bng a ch m user ng k (Inside global address). Bc 6 : Kim tra hot ng ca NAT Chng ta s kim tra NAT bng cu lnh debug ip nat TTG1#debug ip nat IP NAT debugging is on - Sau khi bt debug NAT, chng ta s ping n loopback0 ca TTG2 t loopback0 ca TTG1. Ta gi lp traffic t host 10.1.0.1 n mng 13.1.0.1. Lc ny khi traffic ca 10.1.0.1 qua S0 s chuyn i a ch. TTG1#ping Protocol [ip]:

249

Target IP address: 13.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms TTG1# 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [190] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [190] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [191] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [191] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [192] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [192] 00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [193] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [193]

250

00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [194] 00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [194] - T kt qu trn ta thy c, cc gi tin t mng 10.1.0.1 c i source IP thnh 171.1.1.1. - S dng cu lnh show ip nat translations xem cc thng v NAT TTG1#show ip nat translations Pro Inside global icmp 172.1.1.1:2459 icmp 172.1.1.1:2460 icmp 172.1.1.1:2461 icmp 172.1.1.1:2462 icmp 172.1.1.1:2463 Inside local Outside local Outside global 13.1.0.1:2459 13.1.0.1:2460 13.1.0.1:2461 13.1.0.1:2462 13.1.0.1:2463

10.1.0.1:2459 10.1.0.1:2460 10.1.0.1:2461 10.1.0.1:2462 10.1.0.1:2463

13.1.0.1:2459 13.1.0.1:2460 13.1.0.1:2461 13.1.0.1:2462 13.1.0.1:2463

- Cc s c in m l port NAT s dng cho a ch 10.1.0.1. - Lp li cc bc trn kim tra NAT cho loopback 1, loopback 2 ca router TTG1 TTG1#ping Protocol [ip]: Target IP address: 13.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 11.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]:

251

Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms TTG1# 00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [210] 00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [210] 00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [211] 00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [211] 00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [212] 00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [212] 00:33:17: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [213] 00:33:17: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [213] 00:33:17: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [214] 00:33:17: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [214] - TTG1#show ip nat translations Pro Inside global icmp 172.1.1.1:6407 icmp 172.1.1.1:6408 icmp 172.1.1.1:6409 icmp 172.1.1.1:6410 icmp 172.1.1.1:6411 TTG1#ping Inside local Outside local Outside global 13.1.0.1:6407 13.1.0.1:6408 13.1.0.1:6409 13.1.0.1:6410 13.1.0.1:6411

11.1.0.1:6407 11.1.0.1:6408 11.1.0.1:6409 11.1.0.1:6410 11.1.0.1:6411

13.1.0.1:6407 13.1.0.1:6408 13.1.0.1:6409 13.1.0.1:6410 13.1.0.1:6411

252

Protocol [ip]: Target IP address: 13.1.0.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 12.1.0.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds: .. Success rate is 0 percent (0/5) - i vi 12.1.0.1, chng ta khng ping ra ngoi c v mng 12.1.0.0/16 b cm trong access list 1. - ng router TTG2, chng ta ping xung cc loopback ca router TTG1 TTG2#ping 10.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) TTG2#ping 11.1.0.1

253

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) TTG2#ping 12.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.0.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) - Nhn xt : tt c u khng thnh cng Nguyn nhn l router TTG2 khng c route no n cc loopback ca router TTG1. Trong thc t, ta cng c kt qu tng t do ISP ch nh tuyn xung a ch m user ng k, cn cc a ch mng bn trong ca user th khng c ISP nh tuyn. Mt s lnh lin quan n bi lab :
1. Cu hnh cc interface inside v outside Router (config)#interface loopback 0 Router (config-if)#ip nat inside Router (config-if)#interface s0/0/0 Router (config-if)#ip nat outside 2. To access list cho php mng no c NAT Router (config)# access-list 1 deny 12.1.0.0 0.0.255.255 Router (config)#access-list 1 permit any 3. To NAT pool cho router Router (config)#ip nat pool TTG1 172.1.1.1 Cu hnh NAT pool tn TTG1 c a ch t To mt ACL cho php mng 12.1.0.0/16 c th c NAT. Cu hnh Access-list cho php tt c cc mng cn li Cu hnh interface loopback 0 l interface outside Cu hnh interface loopback 0 l interface inside

254

172.1.1.5 netmask 255.255.255.0 Router (config)#ip nat inside source list 1 pool TTG1 overload

172.1.1.1/24 n 172.1.1.5/24 To NAT bng cch gn list 1 vi pool tn l TTG1. Phng php Overloading s c thc thi.

Router (config)#ip nat inside source list 1 interface s0/0/0 overload

To NAT bng cch gn list 1 dng chung ip ca interface s0/0/0

255

IPv6 Lab

- Trn c 4 router s dng lnh sau n enable IPv6 stack Router(config)# ipv6 unicast-routing 1.Cu hnh thng tin IPv6 cho tng Router INTERNET: Internet(config)#interface s0/1/1 Internet(config-if)#ipv6 address 2001:db8:1:6::2/64 Internet(config)#interface loopback 1 Internet(config-if)#ipv6 address 2001:db8:1:7::/64 eui-64 HN:

256

HN(config-if)#interface s0/2/1 HN(config-if)#ipv6 address 2001:db8:1:6::1/64 HN(config)#interface s0/1/1 HN(config-if)#ipv6 address 2001:db8:1:4::1/64 HN(config)#interface s0/2/0 HN(config-if)#ipv6 address 2001:db8:1:5::1/64 HN(config)#interface loopback 1 HN(config-if)#ipv6 address 2001:db8:1:2::/64 eui-64 DN: DN(config)#interface s0/1/1 DN(config-if)#ipv6 address 2001:db8:1:4::2/64 DN(config)#interface loopback 1 DN(config-if)#ipv6 address 2001:db8:1:1::/64 eui-64 HCM: HCM(config)#interface s0/1/1 HCM(config-if)#ipv6 address 2001:db8:1:5::2/64 HCM(config)#interface loopback 1 HCM(config-if)#ipv6 address 2001:db8:1:3::/64 eui-64 2.Kim tra li cu hnh ipv6 trn 4 router: S dng cc lnh show ipv6 interface,show ipv6 interface brief HCM#show ipv6 interface brief FastEthernet0/0 unassigned FastEthernet0/1 unassigned [up/up] [administratively down/down]

257

Serial0/1/0 unassigned Serial0/1/1

[administratively down/down]

[up/up] Link local address, a ch ny do router t ng to ra v ch s dng c trong mng

FE80::20A:B8FF:FE21:738C

2001:DB8:1:5::2

a ch ny do mnh khai bo bng lnh ipv6 address

Loopback1

[up/up]

FE80::20A:B8FF:FE21:738C 2001:DB8:1:3:20A:B8FF:FE21:738C EUI-64 address, 64 bit cui t ng sinh ra bng cch kt hp vi a ch MAC HCM#show ipv6 interface Serial0/1/1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::20A:B8FF:FE21:738C Global unicast address(es): 2001:DB8:1:5::2, subnet is 2001:DB8:1:5::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:2 FF02::1:FF21:738C MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent

258

ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds Hosts use stateless autoconfig for addresses. Loopback1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::20A:B8FF:FE21:738C Global unicast address(es): 2001:DB8:1:3:20A:B8FF:FE21:738C, subnet is 2001:DB8:1:3::/64 [EUI] Joined group address(es): FF02::1 FF02::2 FF02::1:FF21:738C MTU is 1514 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is not supported ND reachable time is 30000 milliseconds Hosts use stateless autoconfig for addresses. 3.S dng lnh Ping kim tra li t ipv6 gia cc router - Trc khi ping cc bn c th s dng li lnh show ipv6 route HN#ping 2001:db8:1:5::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1:5::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms

259

HN#ping 2001:db8:1:4::2

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1:4::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms HN#ping 2001:db8:1:6::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1:6::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms 4.Cu hnh RIPng trn cc router: INTERNET: Internet(config)#ipv6 router rip TTG Internet(config)#interface s0/1/1 Internet(config-if)#ipv6 rip TTG enable Internet(config)#interface loopback 1 Internet(config-if)#ipv6 rip TTG enable HN: HN(config)#ipv6 router rip TTG HN(config)#interface s0/1/1 HN(config-if)#ipv6 rip TTG enable HN(config)#interface s0/2/1 HN(config-if)#ipv6 rip TTG enable HN(config)#interface s0/2/0 // TTG l rip tag

260

HN(config-if)#ipv6 rip TTG enable HN(config)#interface loopback 1 HN(config-if)#ipv6 rip TTG enable DN: DN(config)#ipv6 router rip TTG DN(config)#interface s0/1/1 DN(config-if)#ipv6 rip TTG enable DN(config)#interface loopback 1 DN(config-if)#ipv6 rip TTG enable HCM: HCM(config)#ipv6 router rip TTG HCM(config)#interface s0/1/1 HCM(config-if)#ipv6 rip TTG enable HCM(config)#interface loopback 1 HCM(config-if)#ipv6 rip TTG enable 5.S dng cc lnhh show ipv6 rip v show ipv6 route rip kim tra li cu hnh RIPng HN#show ipv6 route IPv6 Routing Table - 12 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 R 2001:DB8:1:1::/64 [120/2] via FE80::218:73FF:FE1D:138E, Serial0/1/1

261

C 2001:DB8:1:2::/64 [0/0] via ::, Loopback1 L 2001:DB8:1:2:218:73FF:FE1C:379E/128 [0/0] via ::, Loopback1 R 2001:DB8:1:3::/64 [120/2] via FE80::20A:B8FF:FE21:738C, Serial0/2/0 C 2001:DB8:1:4::/64 [0/0] via ::, Serial0/1/1 L 2001:DB8:1:4::1/128 [0/0] via ::, Serial0/1/1 C 2001:DB8:1:5::/64 [0/0] via ::, Serial0/2/0 L 2001:DB8:1:5::1/128 [0/0] via ::, Serial0/2/0 C 2001:DB8:1:6::/64 [0/0] via ::, Serial0/2/1 R 2001:DB8:1:7::/64 [120/2] via FE80::218:73FF:FE1C:2DCA, Serial0/2/1 L FE80::/10 [0/0] via ::, Null0 L FF00::/8 [0/0] via ::, Null0 6.T router DN v HCM th ping n Internet DN#ping 2001:db8:1:6::2 Type escape sequence to abort.

262

Sending 5, 100-byte ICMP Echos to 2001:DB8:1:6::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms HCM#ping 2001:db8:1:6::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1:6::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms Mt s lnh lin quan n bi lab :
1. Gn a ch Ipv6 cho interface Router(config)#ipv6 unicast-routing Bt tnh nng chuyn tip cc gi tin Ipv6 unicast ch global trn router Router(config)#interface fastethernet 0/0 Router(config-if)#ipv6 enable Chuyn cu hnh vo ch interface fa0/0 T ng cu hnh mt a ch Ipv6 linklocal trn interface v cho php cc tin trnh x l Ipv6 trn interface. * Ch : a ch Link-local c cu hnh bng cu lnh ipv6 enable c th c s dng duy nht giao tip vi nhng my trn cng mt lin kt. Router(config-if)#ipv6 address 3000::1/64 Cu hnh mt a ch Ipv6 global trn interface v cho php Ipv6 c th c x l trn router.

2. Cu hnh RIPng trn cc router

263

Router (config)#ipv6 router rip TTG

To mt tin trnh nh tuyn ca RIPng tn l TTG nu n cha thc s c to, v chuyn vo ch cu hnh router.

Router (config)#interface s0/1/1 Router (config-if)#ipv6 rip TTG enable

Chuyn cu hnh vo ch interface. To mt tin trnh x l ca RIPng l TTG v cho php RIPng hot ng trn interface

3. Kim tra cu hnh IPv6 Router#show ipv6 interface brief Hin th trng thi tng qut ca nhng interface c cu hnh cho Ipv6. Router #show ipv6 interface Hin th trng thi ca cc interface c cu hnh cho Ipv6. Router #show ipv6 rip Hin th thng tin v trng thi hin ti ca tin trnh x l Ipv6 RIP. Router #show ipv6 route Hin th bng nh tuyn Ipv6 hin ti.

264

CU HNH PPP PAP V CHAP


I. Gii thiu : PPP (Point-to-Point Protocol) l giao thc ng gi c s dng thc hin kt ni trong mng WAN. PPP bao gm LCP (Link Control Protocol) v NCP (Network Control Protocol). LCP c dng thit lp kt ni point-to-point, NCP dng cu hnh cho cc giao thc lp mng khc nhau. PPP c th c cu hnh trn cc interface vt l sau : Asynchronous serial : cng serial bt ng b Synchronous serial : cng serial ng b High-Speed Serial Interface (HSSI) : cng serial tc cao Integrated Services Digital Network (ISDN) Qu trnh to session ca PPP gm ba giai on (phase): Link-establishment phase Authentication phase (ty chn) Network layer protocol phase Ty chn xc nhn (authentication) gip cho vic qun l mng d dng hn. PPP s dng hai cch xc nhn l PAP (Password Authentication Protocol) v CHAP (Challenge Handshake Authentication Protocol). PAP l dng xc nhn two-way handshake. Sau khi to lin kt node u xa s gi usename v password lp i lp li cho n khi nhn c thng bo chp nhn hoc t chi. Password trong PAP c gi i dng clear text (khng m ha). CHAP l dng xc nhn three-way handshake. Sau khi to lin kt, router s gi thng ip challenge cho router u xa. Router u xa s gi li mt gi tr c tnh ton da trn password v thng ip challenge cho router. Khi nhn c gi tr ny, router s kim tra li xem c ging vi gi tr ca n tnh hay khng. Nu ng, th router xem gi xc nhn ng v kt ni c thit lp; ngc li, kt ni s b ngt ngay lp tc. II. Cc cu lnh s dng trong bi lab : username name password password Cu hnh tn v password cho CHAP v PAP. Tn v password ny phi ging vi router u xa. encapsulation ppp Cu hnh cho interface s dng giao thc PPP

265

ppp authentication (chap chap pap pap chap pap) Cu hnh cho interface s dng PAP, CHAP, hoc c hai. Trong trng hp c hai c s dng, giao thc u tin c s dng trong qu trnh xc nhn; nu nh giao thc u b t chi hoc router u xa yu cu dng giao thc th hai th giao thc th hai c dng. ppp pap sent-username username password password Cu hnh username v password cho PAP debug ppp authentication Xem trnh t xc nhn ca PAP v CHAP

III.

M t bi lab v hnh :

- hnh bi lab nh hnh v . Hai router c t tn l TTG, TTG2 v c ni vi nhau bng cp serial. a ch IP ca cc interface nh hnh trn. - Yu cu bi Lab : + Thay i chun ng gi ca 2 router sang PPP + Trin khai chng thc trong PPP bng PAP + Trin khai chng thc trong PPP bng CHAP IV. Cu hnh router : a) Bc 1 : t tn v a ch cho cc interface Router TTG1 : Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(configure)#interface s0/1/0 TTG1(configure-if)#ip address 192.168.1.1 255.255.255.0 TTG1(configure-if)#clockrate 64000 TTG1(configure-if)#exit Router TTG2 : Router>enable

266

Router#configure terminal Router(config)#hostname TTG2 TTG2(configure)#interface s0/1/0 TTG2(configure-if)#ip address 192.168.1.2 255.255.255.0 TTG2(configure-if)#clockrate 64000 TTG2(configure-if)#exit - Chng ta s kim tra trng thi ca cc cng bng cu lnh show ip interface brief TTG2#sh ip interface brief Interface Fastethernet0/0 Serial0/1/0 Serial0/1/1 IP-Address unassigned 192.168.1.2 unassigned OK? Method Status Protocol

YES unset administratively down down YES manual up up

YES unset administratively down down

- Cng serial ca router TTG2 up. Lm t ng t kim tra trng thi cc cng ca router TTG1. - Chng ta s dng cu lnh show interfaces serial bit c cc thng s ca interface serial cc router TTG2#sh interfaces serial 0/1/0 Serial0/1/0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:02, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair

267

Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15 packets input, 846 bytes, 0 no buffer Received 15 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 19 packets output, 1708 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up TTG1#show interface s0/1/0 Serial0/1/0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 00:11:35 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo

268

Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 21 packets input, 2010 bytes, 0 no buffer Received 21 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 23 packets output, 1280 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 output buffer failures, 0 output buffers swapped out 7 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up - C hai cng serial ca hai router u s dng giao thc ng gi l HDLC v trng thi ca c hai u l up b) Bc 2 : Cu hnh PPP PAP, CHAP Cu hnh PPP PAP ng router TTG1, chng ta s cu hnh PPP cho interface serial 0 bng cu lnh encapsulation ppp TTG1(config)#interface s0/1/0 TTG1(config-if)#encapsulation ppp - Kim tra trng thi interface serial0/1/0 ca router TTG1 TTG1#show ip interface brief Interface FastEthernet0/0 Serial0/1/0 Serial0/1/1 IP-Address unassigned 192.168.1.1 unassigned OK? Method YES unset YES manual YES unset Status Protocol

administratively down down up down

administratively down down

TTG1#show interface s0/1/0

269

Serial0/1/0 is up, line protocol is down Hardware is HD64570 Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP REQsent Closed: IPCP, CDPCP Last input 00:00:08, output 00:00:01, output hang never Last clearing of "show interface" counters 00:00:15 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1 packets input, 22 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 7 packets output, 98 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

270

- Nhn xt : interface serial0/1/0 ca router TTG1 b down, ng ngha vi interface serial 0/1/0 ca router TTG2 cng b down. Nguyn nhn l hai interface ny s dng giao thc ng gi khc nhau. (Interface serial 0 ca router TTG1 s dng PPP cn TTG2 s dng HDLC). V vy chng ta phi cu hnh cho interface serial 0 ca router TTG2 cng s dng giao thc PPP. TTG2(config)#interface s0/1/0 TTG2(config-if)#encapsulation ppp - By gi chng ta s kim tra trng thi ca cc interface TTG2# interface s0/1/0 Serial0/1/0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters 00:00:18 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec

271

15 packets input, 1004 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 13 packets output, 976 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up - C hai interface ca hai router up tr li. Do c hai c cu hnh s dng cng giao thc ng gi l PPP. - Trc khi cu hnh PAP cho hai interface chng ta s dng cu lnh debug ppp authentication xem trnh t trao i thng tin ca PAP. TTG2#debug ppp authentication PPP authentication debugging is on Chng ta s cu hnh PAP cho c hai interface serial 0 nh sau : TTG1(config)#username TTG2 password cisco TTG1(config)#interface s0/1/0 TTG1(config-if)#ppp authentication pap TTG1(config-if)#ppp pap sent-username TTG1 password cisco

TTG2(config)#username TTG1 password cisco TTG2(config)# interface s0/1/0 TTG2(config-if)#ppp authentication pap TTG2(config-if)#ppp pap sent-username TTG2 password cisco Lu : - Trong cu lnh username name password password , name phi trng vi router u xa v ngc li cn password th phi ging nhau

272

- Cn trong cu lnh ppp pap sent-username name password password , name v password l ca chnh router chng ta cu hnh - Sau khi chng ta cu hnh PAP xong trn route TTG2, th mn hnh s xut hin trnh t ca PAP 00:09:49: Se0 PPP: Phase is AUTHENTICATING, by both 00:09:49: Se0 PAP: O AUTH-REQ id 1 len 18 from "TTG2" 00:09:49: Se0 PAP: I AUTH-REQ id 1 len 18 from "TTG1" 00:09:49: Se0 PAP: Authenticating peer TTG1 00:09:49: Se0 PAP: O AUTH-ACK id 1 len 5 00:09:49: Se0 PAP: I AUTH-ACK id 1 len 5 00:09:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to up ngha ca cc thng bo : Dng thng bo 1 : PPP thc hin xc nhn hai chiu Dng thng bo 2 : TTG2 gi yu cu xc nhn Dng thng bo 3 : Nhn yu cu xc nhn t TTG1 Dng thng bo 4 : Nhn xc nhn ca TTG1 Dng thng bo 5 : Gi xc nhn ng n TTG1 Dng thng bo 6 : Nhn xc nhn ng t TTG1 Dng thng bo 7 : Trng thi ca interface c chuyn sang UP - Nh vy hai interface ca router TTG1 v TTG2 up. Chng ta ng router TTG2 ping interface serial 0/1/0 ca router TTG1 kim tra. TTG2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms

273

Cu hnh PPP CHAP Trc khi cu hnh PPP CHAP cho hai interface chng ta g b PAP c hai router TTG1(config)#interface s0/1/0 TTG1(config-if)#no ppp authentication pap TTG1(config-if)#no ppp pap sent-username TTG1 password cisco TTG2(config)#interface s0/1/0 TTG2(config-if)#no ppp authentication pap TTG2(config-if)#no ppp pap sent-username TTG2 password cisco

- By gi chng ta s cu hnh CHAP bng cu lnh ppp authentication chap TTG1(config)# interface s0/1/0 TTG1(config-if)#ppp authentication chap TTG2(config)# interface s0/1/0 TTG2(config-if)#ppp authentication chap Lu : khi cu hnh PPP CHAP chng ta vn phi cu hnh cho interface serial s dng giao thc ng gi PPP bng cu lnh encapsulation ppp v cng phi s dng cu lnh username name password password cu hnh name v password cho giao thc CHAP thc hin xc nhn. y, chng ta khng thc hin li cc cu lnh v bc cu hnh PAP chng ta thc hin ri. Do chng ta s dng cu lnh debug ppp authentication router TTG2, nn khi cu hnh CHAP xong hai router th mn hnh s hin thng bo nh sau : (console c ni vi router TTG2) 00:15:08: Se0 CHAP: O CHALLENGE id 1 len 28 from "TTG2" 00:15:08: Se0 CHAP: I CHALLENGE id 2 len 28 from "TTG1" 00:15:08: Se0 CHAP: O RESPONSE id 2 len 28 from "TTG2" 00:15:08: Se0 CHAP: I RESPONSE id 1 len 28 from "TTG1" 00:15:08: Se0 CHAP: O SUCCESS id 1 len 4 00:15:08: Se0 CHAP: I SUCCESS id 2 len 4 00:15:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

274

- ngha ca cc cu thng bo : Dng thng bo 1 : TTG2 gi thng bo challenge n router TTG1 Dng thng bo 2 : TTG2 nhn thng bo challenge t router TTG1 Dng thng bo 3 : TTG2 gi response n router TTG1 Dng thng bo 4 : TTG2 nhn response t router TTG1 Dng thng bo 5 : TTG2 gi xc nhn thnh cng n TTG1 Dng thng bo 6 : TTG2 nhn xc nhn thnh cng t TTG1 Dng thng bo 7 : Trng thi ca interface serial c chuyn sang UP - Hai interface serial ca router TTG1 v TTG2 UP, chng ta ng router TTG2 ping n interface serial 0/1/0 ca router TTG1 kim tra TTG2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms - Nu nh name v password trong cu lnh username name password password khng ng th trng thi ca interface s b down. Do qu trnh xc nhn gia hai interface s s dng name v password ny. Nu nh khng khp th kt ni s b hy Mt s lnh lin quan n bi lab :
1. Cu hnh PPP PAP v CHAP Router(config)#interface serial 0/0/0 Router(config-if)#encapsulation ppp Router(config)#username routerb password cisco Chuyn cu hnh vo ch Interface s0/0/0. Thay i giao thc ng gi d liu t mc nh l HDLC thnh PPP. Cu hnh tn v password cho CHAP v PAP. Tn phi trng vi hostname router u xa v password ny phi ging nhau

275

Router(config-if)#ppp authentication pap Router(config-if)#ppp authentication chap

Bt phng php xc thc Password Authenticaiton Protocol (PAP) duy nht Bt phng php xc thc Challenge Handshake Authentication Protocol (CHAP) duy nht.

Router(config-if)#ppp authentication pap chap

Cho php ng lin kt serial s s dng PAP xc thc, nhng CHAP s c s dng nu PAP b li hoc khng xc thc thnh cng.

Router(config-if)#ppp authentication chap pap

Cho php ng lin kt serial s s dng CHAP xc thc, nhng PAP s c s dng nu PAP b li hoc khng xc thc thnh cng.

2. Kim tra cu hnh PAP v CHAP Router#debug ppp authentication Router#debug ppp Hin th cc gi tin c lin quan n qu trnh xc thc ca lin kt PPP. Hin th cc lu lng c lin quan n giao thc PPP

276

PPP Review Lab

277

CU HNH FRAME RELAY CN BN


I. Gii thiu : Frame Relay l k thut m rng ca k thut ISDN. Frame relay s dng k thut chuyn mch gi thit lp mt mng WAN. Frame Relay to ra nhng ng kt ni o ni cc mng LAN li vi nhau to thnh mt mng WAN. Mng Frame Relay s dng cc switch kt ni cc mng li vi nhau. K thut Frame Relay c s dng rng ri ngy nay, do c gi thnh r hn rt nhiu so vi leased line.

Frame Relay hot ng lp Data link trong OSI v s dng giao thc LAPF (Link Access Procedure for Frame Relay). Frame Relay s dng cc frame chuyn d liu qua li gia cc thit b u cui ca user (DTE) thng qua cc thit b DCE ca mng Frame Relay. ng kt ni gia hai DTE thng qua mng Frame Relay c gi l mt mch o (VC : Virtual Circuit). Cc VC c thit lp bng cch gi cc thng ip bo hiu (signaling message) n mng; c gi l switched virtual circuits (SVCs). Nhng ngy nay, ngi ta thng s dng permanent virtual circuits (PVCs) to kt ni. PVC l cc ng kt ni c cu hnh trc bi cc Frame Relay Switch v cc thng tin chuyn mch ca gi c lu trong switch. Trong Frame Relay, nu mt frame b li th s b hy ngay m khng c mt thng bo no. Cc router ni vi mng Frame Relay c th c nhiu ng kt ni o n nhiu mng khc nhau. Do , Frame Relay gip chng ta tit kim rt nhiu v khng cn cc mng phi lin kt trc tip vi nhau. Cc ng kt ni o (VC) c cc DLCI (Data Link Channel Identifier) ca ring n. DLCI c cha trong cc frame khi n c chuyn i trong mng Frame Relay. Trong Frame Relay, ngi ta thng s dng mng hnh sao kt ni cc mng LAN vi nhau hnh thnh mt mng WAN (c gi l hub and spoke topology)

278

trong hnh ny, mng trung tm c gi l hub, cc mng remote1, remote2, remote3, remote4 v remote5 c gi l spoke. Mi spoke ni vi hub bng mt ng kt ni o (VC). Trong hnh trn nu ta mun cc spoke c th lin lc c vi nhau th ch cn to ra cc VC gia cc spoke vi nhau. hnh ny gip ta to ra mt mng WAN c gi thnh r hn rt nhiu so vi s dng leased line, do cc mng ch cn mt ng ni vi mng Frame Relay. Frame Relay s dng split horizon chng lp. Split horizon khng cho php routing update tr ngc v interface gi. V trong frame relay, chng ta c th to nhiu ng PVC trn mt interface vt l, do s b lp nu khng c split horizon. Trong mng WAN s dng leased line, cc DTE c ni trc tip vi nhau nhng trong mng s dng Frame Relay, cc DTE c ni vi nhau thng qua mt mng Frame Relay gm nhiu Switch. Do chng ta phi map a ch lp mng Frame Relay vi a ch IP ca DTE u xa. Chng ta c th map bng cch s dng cc cu lnh. Nhng vic ny c th c thc hin t ng bng LMI v Inverse ARP. LMI (Local Management Interface) c trao i gia DTE v DCE (Frame Relay switch), c dng kim tra hot ng v thng bo tnh trng ca VC, iu khin lung, v cung cp s DLCI cho DTE. LMI c nhiu loi l : cisco (chun ring ca Cisco), ansi (theo chun ANSI Annex D) v q933a (theo chun ITU q933 Annex A). Khi router mi c ni vi mng Frame Relay, router s gi LMI n mng hi tnh trng. Sau mng s gi li router mt thng ip LMI vi cc thng s ca ng VC c cu hnh. Khi router mun map mt VC vi a ch lp mng, router s gi thng ip Inverse ARP bao gm a ch lp mng (IP) ca router trn ng VC n vi DTE u xa. DTE u xa s gi li mt Inverse ARP bao gm a ch lp mng ca n, t router map a ch ny vi s DLCI ca VC. II. Cc cu lnh s dng trong bi lab : encapsulation framerelay [cisco | ietf] Cu hnh giao thc ng gi Frame Relay cho interface. Router h tr hai loi ng gi Frame Relay l Cisco v ietf.

279

framerelay intftype [dce | dte | nni] Cu hnh cho loi Frame Relay switch cho interface. S dng cho router ng vai tr l mt frame relay switch. framerelay lmitype {ansi | cisco | q933a} Cu hnh loi LMI s dng cho router framerelay route indlci outinterface outdlci To PVC gia cc interface trn router ng vai tr l mt frame relay switch framerelay switching Cu hnh cho router hot ng nh mt frame relay switch show framerelay pvc [type number [dlci]] Xem thng s ca cc ng PVC c cu hnh trm router show framerelay route Xem tnh trng cng nh thng s c cu hnh cho cc ng PVC. Cu lnh ny c s dng cho router ng vai tr l frame relay switch show framerelay map Xem cc thng s v map gia DLCI u gn vi IP u xa show framerelay lmi [type number] Xem cc thng s ca LMI gia router vi Frame relay switch.

III.

M t bi lab v hnh :

hnh bi lab nh hnh trn. Router FrameSwitch c cu hnh l mt frame relay switch. Hai u cp serial ni vi router FrameSwitch l DCE. Router TTG1 v TTG2 s dng giao thc RIP. IV. Cu hnh router : - Chng ta cu hnh cho cc interface ca router TTG1 v TTG2 nh sau :

280

Router TTG1 : Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface Loopback0 TTG1(config-if)#ip address 10.1.0.1 255.255.255.0 TTG1(config-if)#interface Serial0/1/0 TTG1(config-if)# ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#no shutdown TTG1(config-if)#exit TTG1(config)#router rip TTG1(config-router)#network 10.0.0.0 TTG1(config-router)# network 192.168.1.0

Router TTG2 : Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface Loopback0 TTG2(config-if)#ip address 11.1.0.1 255.255.255.0 TTG2(config-if)#interface Serial0/1/0 TTG2(config-if)# ip address 192.168.1.2 255.255.255.0 TTG2(config-if)#no shutdown TTG2(config-if)#exit TTG2(config)#router rip

281

TTG2(config-router)#network 11.0.0.0 TTG2(config-router)# network 192.168.1.0 - Chng ta tin hnh cu hnh frame realy cho hai router TTG1 v TTG2 TTG1(config)#interfae s0/1/0 TTG1(config-if)#encapsulation frame-relay

S dng giao thc ng gi


Frame Relay cho interface S0/1/0

TTG1(config-if)#frame-relay lmi-type ansi TTG2(config)#interface s0/1/0 TTG2(config-if)#encapsulation frame-relay TTG2(config-if)#frame-relay lmi-type ansi

Cu hnh kiu ca LMI l ANSI

- Sau khi cu hnh frame relay cho router TTG1 v TTG2, chng ta s cu hnh cho router FrameSwitch tr thnh mt frame relay switch nh sau : FrameSwitch(config)#frame-relay switching FrameSwitch(config)#interface s0/1/0 FrameSwitch(config-if)#encapsulation frame-relay FrameSwitch(config-if)#frame-relay lmi-type ansi FrameSwitch(config-if)#frame-relay intf-type dce Cu hnh interface serial 0 l Frame Relay DCE FrameSwitch(config-if)#clock rate 64000

Cu hnh cho router tr thnh


mt Frame Relay Switch

Cung cp xung clock 64000 bps

FrameSwitch(config-if)#frame-relay route 102 interface s0/1/1 201 FrameSwitch(config-if)#no shutdown FrameSwitch(config)#in s0/1/1 FrameSwitch(config-if)#encapsulation frame-relay FrameSwitch(config-if)#frame-relay lmi-type ansi FrameSwitch(config-if)#frame-relay intf-type dce

282

FrameSwitch(config-if)#clock rate 64000 FrameSwitch(config-if)#frame-relay route 201 interface s0/1/0 102 FrameSwitch(config-if)#no shutdown - Cu lnh frame-relay route 102 interface s0/1/1 201 c ngha : bt k mt frame relay traffic no c DLCI l 102 n interface serial0/1/0 ca router s c gi ra interface serial0/1/1 vi DLCI l 201. Tng t cho cu lnh frame-relay route 201 interface s0/1/0 102 : bt k frame relay traffic no c DCLI l 201 n interface serial0/1/1 s c gi ra serial0/1/0 vi DLCI l 102. Hai cu lnh trn c s dng to ra mt PVC gia S0/1/0 v S0/1/1. - kim tra xem router FrameSwitch c hot ng nh mt frame relay switch hay cha chng ta s dng cu lnh show frame-relay pvc FrameSwitch#show frame-relay pvc PVC Statistics for interface Serial0/1/0 (Frame Relay DCE) Active Local Switched Unused 0 1 0 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0

DLCI=102, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 input pkts 3 out bytes 166 in BECN pkts 0 in DE pkts 0 out bcast pkts 0 output pkts 3 dropped pkts 1 out FECN pkts 0 out DE pkts 0 out bcast bytes 0 Num Pkts Switched 3 in bytes 186 in FECN pkts 0 out BECN pkts 0

pvc create time 00:01:04, last time pvc status changed 00:00:40 PVC Statistics for interface Serial1 (Frame Relay DCE) Active Local Switched 0 1 Inactive 0 0 Deleted 0 0 Static 0 0

283

Unused

DLCI = 201, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/1 input pkts 4 out bytes 186 in BECN pkts 0 in DE pkts 0 out bcast pkts 0 output pkts 3 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 0 Num Pkts Switched 3 in bytes 200 in FECN pkts 0 out BECN pkts 0

pvc create time 00:00:45, last time pvc status changed 00:00:43 DLCI USAGE ch cho ta bit hai interface S0/1/0, S0/1/1 hot ng ch frame relay switch v ACTIVE. ng thi thng bo ca cu lnh cn cho ta bit c s gi c chuyn mch qua interface (Num Pkts Switched 3). - Nh vy, t kt qu trn ta bit c rng router FrameSwitch ang hot ng nh mt Frame Relay Switch. - Chng ta s kim tra tnh trng ca LMI gia router FrameSwitch v hai router TTG1, TTG2 bng cu lnh show frame lmi FrameSwitch#show frame lmi LMI Statistics for interface Serial0/1/0 (Frame Relay DCE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid dummy Call Ref 0 Invalid Status Message 0 Invalid Information ID 0 Invalid Report Request 0 Num Status Enq. Rcvd 20 Num Update Status Sent 0 Invalid Prot Disc 0 Invalid Msg Type 0 Invalid Lock Shift 0 Invalid Report IE Len 0 Invalid Keep IE Len 0 Num Status msgs Sent 20 Num St Enq. Timeouts 0

LMI Statistics for interface Serial0/1/1 (Frame Relay DCE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid Prot Disc 0

284

Invalid dummy Call Ref 0 Invalid Status Message 0 Invalid Information ID 0 Invalid Report Request 0 Num Status Enq. Rcvd 16 Num Update Status Sent 0

Invalid Msg Type 0 Invalid Lock Shift 0 Invalid Report IE Len 0 Invalid Keep IE Len 0 Num Status msgs Sent 16 Num St Enq. Timeouts 0

- Cu lnh cho ta bit c thng tin ca tt c cc interface ca router hot ng ch Frame relay. ( y l interface S0/1/0v S0/1/1) - By gi chng ta s kim tra cc frame relay route trn router Frameswitch bng cu lnh show frame route FrameSwitch#sh frame-relay route Input Intf Serial0/1/0 Serial0/1/1 Input Dlci 102 201 Output Intf Serial0/1/1 Serial0/1/0 Output Dlci 201 102 Status active active

- Kt qu cu lnh cho chng ta bit rng traffic n interface serial0/1/0 vi DLCI 102s c chuyn mch qua serial0/1/1 vi DLCI 201; ngc li, traffic n serial0/1/1 vi DLCI 201 s c chuyn mch qua serial0/1/0 vi DLCI 102. ng thi cu lnh cng ch ra l c hai DLCI u hot ng. - Chuyn sang router TTG1, chng ta s kim tra xem DLCI 102 trn interface serial0/0/0 c hot ng hay cha bng cch : TTG1#sh frame-relay pvc PVC Statistics for interface Serial0/0/0 (Frame Relay DTE) Active Local Switched Unused 1 0 0 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0

DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 input pkts 8 output pkts 7 in bytes 646

285

out bytes 570 in BECN pkts 0 in DE pkts 0 out bcast pkts 7

dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 570

in FECN pkts 0 out BECN pkts 0

pvc create time 00:02:58, last time pvc status changed 00:02:38 - Nhn xt : Interface serial0/0/0 ca router TTG1 hot ng nh mt frame relay DTE, v DLCI 102 hot ng. - Mc nh Cisco s dng Inverse ARP map a ch IP u xa ca PVC vi DLCI ca interface u gn. Do chng ta khng cn phi thc hin thm bc ny. kim tra vic ny chng ta s dng cu lnh show frame-relay map TTG1#sh frame-relay map Serial0/1/0 (up): ip 192.168.1.2 dlci 102(0xC9,0x3090), dynamic, broadcast, status defined, active - Kt qu cu lnh cho ta bit, DLCI 102 hot ng trn interface serial0/0/0 v c map vi a ch IP 102.168.1.2 ca router TTG2, v vic map ny l t ng. - Lp li cc bc tng t kim tra cho router TTG2 TTG2#sh frame-relay pvc PVC Statistics for interface Serial0/0/0 (Frame Relay DTE) Active Local Switched Unused 1 0 0 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0

DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0 input pkts 10 out bytes 934 in BECN pkts 0 output pkts 11 dropped pkts 0 out FECN pkts 0 in bytes 858 in FECN pkts 0 out BECN pkts 0

286

in DE pkts 0 out bcast pkts 11

out DE pkts 0 out bcast bytes 934

pvc create time 00:04:05, last time pvc status changed 00:04:05

TTG2#show frame-relay map Serial0/0/0 (up): ip 192.168.1.1 dlci 201(0xC9,0x3090), dynamic, broadcast,, status defined, active - Nhn xt : DLCI 201 hot ng trn interface serial0/0/0 ca TTG2 v c map vi a ch IP 192.168.1.1 - By gi chng ta s kim tra cc mng c th lin lc c vi nhau cha bng cch ln lt ng hai router v ping n cc interface loopback ca router u xa. TTG1#ping 11.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms TTG2#ping 10.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/64 ms - Nh vy, cc mng c th lin lc c vi nhau. V router FrameSwitch th c hin tt chc nng frame relay switch. Mt s lnh lin quan n bi lab :
1. Cu hnh giao thc ng gi ca Frame Relay

287

Router(config)#interface serial 0/0/0 Router(config-if)#encapsulation frame-relay Router(config-if)#encapsulation frame-relay ietf

Chuyn cu hnh vo ch interface s0/0/0. Cho php s dng Frame Relay ng gi d liu vi giao thc ng gi mc nh ca cisco. Cho php s dng Frame Relay ng gi d liu vi giao thc ng gi l ietf (RFC 1490). S dng giao thc ng gi IETF trong trng hp kt ni n mt router khng phi l ca Cisco Ph thuc vo ty chn m bn la chn cu hnh, cu lnh c s dng cu hnh loi LMI l chun ANSI, chun Cisco, hoc chun ITU-T Q.933 Annex A.

Router(config-if)#frame-relay lmitype {ansi | cisco | q933a}

Router(config-if)#framerelay intftype [dce | dte | nni] Router(config-if)#framerelay route indlci outinterface outdlci Router(config)# framerelay switching 2. Kim tra cu hnh Frame Relay Router#show frame-relay map Router#show framerelay lmi [type number]

Cu hnh cho loi Frame Relay switch cho interface. S dng cho router ng vai tr l mt frame relay switch. To PVC gia cc interface trn router ng vai tr l mt frame relay switch Cu hnh cho router hot ng nh mt frame relay switch

Xem cc thng s v map gia DLCI u gn vi IP u xa Xem cc thng s ca LMI gia router vi Frame relay switch.

288

CU HNH FRAME RELAY NNG CAO


I. Gii thiu : - Fame relay hu nh rt ph bin trong cng ngh WAN .Frame Relay cung cp nhiu hn cc c tnh v cc li nhun vic kt ni point -to- point WAN .

- Trong mi trng Frame Relay hot ng m bo vic kt ni lm vic th 2 u thit b bn ngoi Frane Relay phi l Data Terminal Equipment (DTE) v mi trng Frame relay switch bn trong phi l Data Communication Equipmet (DCE) . Subinterface hot ng ging nh lease lines mi point-to-point subinterface i hi phi c cc subnet ring bit Trong bi thc hnh ta s dng m hnh Hub v Spoke. Trong Router TTG l HUB v cc Spoke l router TTG v TTG2. II. M t bi lab v hnh :

III.

Cu hnh :

289

FR-SWITCHING : Router>enable Router#configure terminal Router(config)#hostname FRSwitch FRSwitch(config)#interface s0/1/0 FRSwitch(config-if)# encapsulation frame-relay FRSwitch(config-if)# clockrate 64000 FRSwitch(config-if)#frame-relay intf-type dce FRSwitch(config-if)# frame-relay route 102 interface Serial0/1/1 201 thc hin route cho cc PVC, lnh ny khi thy DLCI n S0/1/0 l 102 s y frame ny ra S0/1/1 v i thnh DLCI 201 FRSwitch(config-if)# frame-relay route 103 interface Serial0/2/0 301 FRSwitch(config-if)#exit FRSwitch(config)#interface s0/1/1 FRSwitch(config-if)#encapsulation frame-relay FRSwitch(config-if)# clockrate 64000 FRSwitch(config-if)#frame-relay intf-type dce FRSwitch(config-if)# frame-relay route 201 interface Serial0/1/0 102 FRSwitch(config-if)#exit FRSwitch(config)#interface s0/2/0 FRSwitch(config-if)#encapsulation frame-relay FRSwitch(config-if)# clockrate 64000 FRSwitch(config-if)#frame-relay intf-type dce FRSwitch(config-if)# frame-relay route 301 interface Serial0/1/0 103 Router TTG1: Router>enable Router#configure terminal Router(config)#hostname TTG1 TTG1(config)#interface loopback 0

290

TTG1(config-if)#ip address 192.168.1.1 255.255.255.0 TTG1(config-if)#exit TTG1(config)#interface s0/1/0 TTG1(config-if)#encapsulation frame-relay TTG1(config-if)#no shutdown TTG1(config-if)#exit TTG1(config)#interface Serial0/1/0.102 point-to-point TTG1(config-if)# ip address 192.168.4.1 255.255.255.0 TTG1(config-if)# frame-relay interface-dlci 102 TTG1(config-if)#exit TTG1(config)#interface Serial0/1/0.103 point-to-point TTG1(config-if)# ip address 192.168.5.1 255.255.255.0 TTG1(config-if)#frame-relay interface-dlci 103 TTG1(config-if)#exit TTG1(config)#router eigrp 100 TTG1(config-router)# network 192.168.1.0 TTG1(config-router)# network 192.168.4.0 TTG1(config-router)# network 192.168.5.0 Router TTG2 : Router>enable Router#configure terminal Router(config)#hostname TTG2 TTG2(config)#interface loopback 0 TTG2(config-if)#interface Loopback0 TTG2(config-if)# ip address 192.168.2.1 255.255.255.0 TTG2(config-if)#exit TTG2(config)#interface Serial0/1/0 TTG2(config-if)#encapsulation frame-relay

291

TTG2(config-if)#exit TTG2(config)#interface Serial0/1/0.201 point-to-point TTG2(config-if)# ip address 192.168.4.2 255.255.255.0 TTG2(config-if)# frame-relay interface-dlci 201 TTG2(config-if)#exit TTG2(config)#router eigrp 100 TTG2(config-router)# network 192.168.2.0 TTG2(config-router)# network 192.168.4.0 TTG2(config-router)#exit Router TTG3 : Router>enable Router#configure terminal Router(config)#hostname TTG3 TTG3(config)#interface loopback 0 TTG3(config-if)#ip address 192.168.3.1 255.255.255.0 TTG3(config-if)#exit TTG3(config)#interface s0/1/0 TTG3(config-if)#encapsulation frame-relay TTG3(config-if)#no shutdown TTG3(config-if)#exit TTG3(config)#interface Serial0/1/0.301 point-to-point TTG3(config-if)# ip address 192.168.5.2 255.255.255.0 TTG3(config-if)# frame-relay interface-dlci 301 TTG3(config-if)#exit TTG3(config)#router eigrp 100

TTG3(config-router)# network 192.168.3.0

292

TTG3(config-router)# network 192.168.5.0 TTG3(config-router)#exit - Chng kim tra route map ca cc router bng cu lnh sau : TTG1#show frame-relay map Serial0/1/0.103 (up): point-to-point dlci, dlci 103(0x35,0xC50), broadcast status defined, active Serial0/1/0.102 (up): point-to-point dlci, dlci 102(0x34,0xC40), broadcast status defined, active - S dng cu lnh show frame-relay pvc kim tra cc ng PVC TTG2#sh frame-relay pvc PVC Statistics for interface Serial0/1/0 (Frame Relay DTE) DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/0 input pkts 8 out bytes 2572 in BECN pkts 0 in DE pkts 0 out bcast pkts 14 output pkts 14 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 2572 in bytes 1448 in FECN pkts 0 out BECN pkts 0

pvc create time 00:17:21, last time pvc status changed 00:04:16 - Chng ta s dng cu lnh sau xem thng tin v LMI TTG1#sh frame-relay lmi LMI Statistics for interface Serial0/1/0 (Frame Relay DTE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid dummy Call Ref 0 Invalid Status Message 0 Invalid Information ID 0 Invalid Prot Disc 0 Invalid Msg Type 0 Invalid Lock Shift 0 Invalid Report IE Len 0

293

Invalid Report Request 0 Num Status Enq. Sent 74 Num Update Status Rcvd 0 FRSwitch#show frame-relay pvc

Invalid Keep IE Len 0 Num Status msgs Rcvd 37 Num Status Timeouts 37

PVC Statistics for interface Serial0/1/0 (Frame Relay DCE) DLCI = 102, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/0 input pkts 16 out bytes 1621 in BECN pkts 0 in DE pkts 0 out bcast pkts 0 output pkts 17 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 0 Num Pkts Switched 16 in bytes 1590 in FECN pkts 0 out BECN pkts 0

pvc create time 00:06:22, last time pvc status changed 00:07:02 DLCI = 103, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/0 input pkts17 out bytes 1590 in BECN pkts 0 in DE pkts 0 out bcast pkts 0 output pkts 16 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 0 Num Pkts Switched 17 in bytes 1620 in FECN pkts 0 out BECN pkts 0

pvc create time 00:06:13, last time pvc status changed 00:09:19 PVC Statistics for interface Serial0/1/1 (Frame Relay DCE) DLCI = 201, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial0/1/1 - i vi lnh show frame pvc ta cn ch cc ch sau ca PVC status : ACTIVE : C 2 u ca Frame relay PVC trng thi hot ng

294

INACTIVE : u Frame relay ca u bn kia ca router ang c vn v cu hnh, nhng ti u Frame Relay hin ti router hot ng tt. DELETED : Vn xy ra vi Router hin ti. LMI cha hot ng. - By gi chng ta s kim tra trng thi ca cc cng: TTG2#show ip interface brief Interface Loopback0 Serial0/1/0 Serial0/1/0.201 Serial0/1/1 IP-Address 192.168.2.1 unassigned 192.168.4.2 unassigned OK? Method Status YES manual up YES unset up YES manual up YES unset administratively down Protocol up up up down

TTG2#show frame-relay map Serial0/1/0.201 (up): point-to-point dlci, dlci 201(0x33,0xC30), broadcast status defined, active - Chng ta kim tra li bng nh tuyn ca cc router: TTG2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - IGRP, EX - IGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.4.0/24 is directly connected, Serial0/1/0.201 D 192.168.5.0/24 [90/10476] via 192.168.4.1, 00:00:25, Serial0/1/0.201 D 192.168.1.0/24 [90/8976] via 192.168.4.1, 00:00:25, Serial0/1/0.201

295

C 192.168.2.0/24 is directly connected, Loopback0 D 192.168.3.0/24 [90/10976] via 192.168.4.1, 00:00:25, Serial0/1/0.201 TTG2#ping 192.168.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/118/128 ms TTG2#ping 192.168.4.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/80 ms TTG3#ping 192.168.5.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms - TTG2#ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/120 ms - Nh vy ta hon thnh vic nh tuyn trn mng Frame Relay Mt s lnh lin quan n bi lab :
Router (config)#interface Serial0/1/0.102 To mt subinterface point-to-point c

296

point-to-point Router (config-if)# ip address 192.168.4.2 255.255.255.0 Router (config-if)# frame-relay interface-dlci 102

ch s l 103 Gn a ch IP v subnet mask cho subinterface. Gn mt gi tr DLCI cho subinterface ny

297

298