tài liệu ôn tập ccna
TRANSCRIPT
Ti liu n tp CCNA Version 2.0
Bin son: Phm nh Thng ng Hong Khnh
-1-
Lu hnh ni b Thng 2/2009MC LCI. M HNH OSI V TCP/IP............................................................................5
I.1 M hnh OSI :............................................................................................................................5 I.2 M hnh TCP/IP:........................................................................................................................6 I.3 Qu trnh truyn d liu gia 2 my:.........................................................................................7
II. THIT B C BN: HUB, SWITCH, ROUTER:.......................................8II.1 Hub:..........................................................................................................................................8 II.2 Switch:......................................................................................................................................8 II.3 Switch lp MAC Address Table nh th no? Switch s dng bng ny ra sao?...................9 II.4 Router:......................................................................................................................................9 II.5 Cable:........................................................................................................................................9 II.6 C ch ARP:.............................................................................................................................9
III. CISCO IOS.....................................................................................................11III.1 Cc b nh bn trong Router:...............................................................................................11 III.2 Tin trnh khi ng ca Router...........................................................................................11 III.3 Gi tr thanh ghi ca Router (Configuration Register):........................................................12 III.4 Cc mode cu hnh ca Cisco IOS........................................................................................13
IV. SWITCHING:................................................................................................13 -2-
IV.1 Spanning-Tree Protocol (STP):............................................................................................13 IV.2 SwitchPort Port-Security......................................................................................................15 IV.3 VLAN...................................................................................................................................16 IV.4 Trunking................................................................................................................................16 IV.5 VTP.......................................................................................................................................17 IV.6 Routing Inter-VLAN.............................................................................................................19
V. ROUTING......................................................................................................20V.1 IP addressing..........................................................................................................................20 V.2 Cc loi routing......................................................................................................................21 V.2.1 Distance vector Routing......................................................................................................24 V.2.2 Link state Routing...............................................................................................................25 V.3 RIP v1 (Routing Information Protocol).................................................................................26 V.4 RIP V2....................................................................................................................................28 V.5 OSPF (Open Shortest Path First)...........................................................................................29 V.6 EIGRP....................................................................................................................................34
VI. ACCESS-LIST...............................................................................................37VII.1 Cc khi nim: inside local, inside global, outside global, outside local............................38 VII. 2 Phn loi theo cu hnh.......................................................................................................39 VII.3 p dng ln interface..........................................................................................................39
VIII.WIRELESS:..................................................................................................40VIII.1 im khc nhau gia WLAN v LAN..............................................................................40 VIII.2 Cc m hnh Wireless........................................................................................................40 VIII.3 Cc chun 802.11...............................................................................................................41
-3-
VIII.4 Bo mt trong Wireless......................................................................................................41
IX. WAN:..............................................................................................................41IX.1 Frame Relay..........................................................................................................................41 IX.2 PPP........................................................................................................................................45
IX.2 PPP
-4-
N TP CCNAI. M HNH OSI V TCP/IPI.1 M hnh OSI M hnh OSI ch l m hnh tham chiu, mc ch: gip hiu r vic truyn thng gia cc my (Simplifies teaching and learning), gim s phc tp khi truyn thng (Reduces complexity), chun ha cc cng (Standardizes interfaces), tr gip thit k kiu module (Facilitates modular engineering), m bo tnh tng thch (Ensures interoperable technology) C 7 lp: Anh Phi Sng Theo Ngi a Phng
Application: Cung cp dch v ng dng mng, chu trch nhim xc nh cc u cui giao tip, ng b thng tin gia cc ng dng. FTP(20,21); HTTP(80); Telnet(23); SMTP(25); TFTP(69); DNS(53); POP3(110); SNMP(161); DHCP(67,68) Presentation: Cung cp chc nng m ha v chuyn i cc nh dng dng trong lp Application. ASCII; JPEG; GIF; MPEG; WMA; Session: Thit lp cc phin giao tip, iu khin v duy tr cc phin giao tip gia cc ng dng khc nhau gia 2 my (phn port). Example: NetBiOS, X-Windows Transport: Chia d liu thnh cc segments nh hn, thit lp kt ni end-to-end (logical) v Chu trch nhim v truyn d liu gia cc u cui. Connection Oriented v Connectionless. iu khin lung, ghp knh, kim tra li v khi phc li. TCP/UDP Network: nh ngha a ch logical cho cc u cui v thit lp tuyn ng i tt nht (nh tuyn) cho cc packets. ng gi cc segment thnh cc packets. IP, IPX, Apple Talk. Thit b: router -5-
DataLink: ng gi cc packets thnh cc frames truyn i v xc nh m hnh mng nh : BUS, STAR hoc RING. Gm 2 lp con: MAC lin quan n lp Physical; LLC(Logical Link Control) lin quan n lp Netwrok. 802.3(Ethernet/Fast Ethernet), 802.3z(Gigabit Ethernet), 802.5(Token Ring), FDDI, HDLC, PPP, Frame Relay. Thit b lin quan: Switch layer 2 Physical: Chuyn i cc Frames thnh cc bits v truyn i di dng cc mc in p qua cc ng truyn vt l nh cc loi cpChun ha v mt in, c kh, chc nng ca cc cng. CAT3, CAT5, V.35, EIA/TIA-232, EIA/TIA-449. Thit b lin quan: Hub
I.2 M hnh TCP/IP Gn hn so vi m hnh OSI, ch cn 4 lp: Application: bao gm 3 lp cui cng (5, 6, 7) ca m hnh OSI Transport Internet Network Access: bao gm 2 lp u tin ca m hnh OSI M hnh TCP/IP c p dng cho Internet hin gi.
-6-
I.3 Qu trnh truyn d liu gia 2 my
-7-
D liu t lp 7 a xung lp 6 v 5. Lp 4 phn chui data thnh cc segment v a xung lp 3. Lp 3 chn thm vo mi segment a ch IP ngun v ch (IP header), to thnh cc packet, a xung lp 2. Lp 2 ng gi mi packet bng cc thng tin lp 2 (Frame Header) v phn kim tra li (Frame Trailer), to thnh frame, a xung lp 1. Lp 1 chuyn cc bit 0,1 trong frame thnh cc mc in p v truyn qua cc mi trng vt l khc nhau.
I.
THIT B C BN: HUB, SWITCH, ROUTER:II.1 Hub Thit b layer 1, ch tip nhn v khuch i tn hiu, c dng trong cc trng hp cn m rng phm vi mng. Hot ng ch half-duplex (trong mt thi im ch truyn hoc nhn d liu t mt my, khc vi full-duplex c th va truyn va nhn cng thi im). Dng c ch CSMA/CD pht hin ng . Mt host mun truyn d liu i th trc ht phi lng nghe xem mng c bn khng. Hub khng hiu MAC Mt hub c coi nh l 1 collision domain. II.2 Switch Thit b layer 2, x l v truyn cc frame da vo MAC table. Mc nh hot ng ch full-duplex nu c 1 my tnh gn vo cng ca SW, khng dng c ch CSMA/CD trong mode ny Mt switch c coi l mt broadcast domain (nu frame c a ch MAC ch l broadcast th tt c cc my u nhn c). Nu switch c h tr chia VLAN th mi VLAN l mt broadcast domain (tng ng vi mt mng) v switch tm thi b chia ra thnh nhiu switch con. C 3 kiu truyn frame trong switch: -8-
Store and Forward: nhn ton b 1 frame, kim tra li, nu frame tt th truyn, nu b li th drop. Kiu truyn chm nht nhng m bo tin cy cho mng. Cut through: c a ch MAC ch v gi frame ngay lp tc, khng kim tra li. Truyn nhanh nhng khng m bo tin cy. Thch hp vi cc thit b c CPU yu, b m t. Fragment-Free: c 64 byte u tin ca frame v truyn frame i (64 byte l di nh nht ca 1 frame hon chnh). Trnh c a s cc li do ng , tuy nhin vn khng m bo tin cy nh Store and Forward. II.3 MAC Address Table Switch lp MAC Address Table nh th no? Switch s dng bng ny ra sao? Switch hc cc a ch MAC ngun (source MAC) khi frame i qua switch v a vo MAC address tabe (MAC address + port). Nu switch nhn frame c a ch MAC l broadcast, multicast hay unknown unicast th pht frame ra tt c cc port tr port nhn frame. Nu a ch ch ca frame m switch nhn c l known unicast th switch da vo MAC address table pht frame ra chnh xc port cn nhn. Gii thch ti sao khi show MAC address table th thy 1 port c nhiu MAC i km?
II.4 Router Thit b layer 3, phn nh bin gii ca cc network, thc hin chc nng nh tuyn. Router ngn chn broadcast Thc hin vic lc cc gi tin II.5 Cable Serial cable Straight-through cable Cross-over cable Rolled-over cable -9-
II.6 C ch ARP Cc ng dng cn a ch IP lin lc vi nhau, trong khi vic truyn cc frame li cn a ch MAC. Cn c c ch nh x gia IP v MAC m bo truyn nhn cho ng. ARP a ra thc hin nhim v mapping gia IP v MAC address. My trm s pht ARP request hi MAC ca mt IP no . My c IP c truy vn s tr li a ch MAC ca n. My request s lm ng tc cache li MAC v a ch IP tm.
Thng thng, my tnh s cache thng tin v IP v MAC ca cc my trong mng cng vi MAC v IP ca default gateway.
- 10 -
I.
CISCO IOSIII.1 Cc b nh bn trong Router:
ROM :
Cha BOOT Image (i vi Router 2500). B nh ny khng th xa. RAM: Cha Running-config, bng nh tuyn, ARP table Ch IOS Image khi c load t Flash (i vi dng router 2600 v sau ny) Thng tin trong RAM b mt khi router b mt in NVRAM: Cha Startup-Config Thng tin trong NVRAM khng b mt khi router b mt ngun. Flash: Cha Cisco IOS Thng tin trong Flash c th xa v thay th c.
Cha chng trnh khi ng Router Thc hin tin trnh Power-on Self Test (POST)
- 11 -
III.2 Tin trnh khi ng ca Router
Kim tra phn cng: POST Load Bootstrap Tm v load Cisco IOS Software Image: Trnh t load IOS ca Router Cisco Flash TFTP Server ROM C IOS: Router s ti h iu hnh t b nh flash 2500: Chy trc tip trn Flash 2600: Load IOS ln RAM v chy trn RAM. - Khng c IOS: Tm trn TFTP Server, nu ang c 1 TFTP Server c IOS, s chy IOS - Vn khng tm thy IOS 2500: Load mini IOS t ROM 2600: Vo ch Boot ROM Tm v load file cu hnh (Startup-config): C file cu hnh: Load file cu hnh ln. Khng c file cu hnh: Load file cu hnh rng.
III.3 Gi tr thanh ghi ca Router (Configuration Register)
L 1 thanh ghi c chiu di 16 bit c biu din vi dng s HEX 4 bit cui hnh thnh trng boot (boot field)
- 12 -
1 0
0x
Rommon 1> IP_ADDRESS=A.B.C.D (mc nh ch interface u- f0/0) Rommon2> IP_SUBNETMASK = A.B.C.D Rommon3> DEFAULT_GATEWAY=A.B.C.D Rommon 4> TFTP_SERVER=A.B.C.D Rommon5> TFTP_FILE=c2600-is-mz.113-2.0.2.Q Rommon6> tftpndl.
0x2101: Boot t ROM 0x2102: Boot t Flash (default) 0x2142: B qua ni dung ca NVRAM (dng khi cn crack password cho Router Cisco) Cu hnh: - Khi cha c IOS hay mun load IOS t tftpnld:
R(config)# boot system flash: abc.def.xyz
- Chn 1 trong 2 IOS:
- 13 -
- Chn file cu hnh cn load: (Mc nh, trong NVRAM ch lu c 1 file startup-config, mun c nhiu file startup-config th phi load t tftp server).R(config)# boot config tftp:?
III.4 Cc mode cu hnh ca Cisco IOS
I.
SWITCHINGIV.1 Spanning-Tree Protocol (STP): L do phi dng STP: ngn chn cc li thng gp trong mng nhiu switch dng cc ng d phng: multiple frame copies, broadcast storm, MAC database instability. Mng switch loi ny to ra cc vng lp (switching loop) v STP c s dng trnh loop.
- 14 -
Hot ng ca STP: cc switch gi cc gi tin BPDU theo a ch multicast 01.80.c2.00.00.00 trao i thng tin v Bridge ID (Priority + MAC) v da vo thit lp Spanning Tree. Bu chn Root Bridge: din ra trn ton mng switch. Switch no c BID nh nht s lm root bridge (BID = Priority.MAC, default priority = 32768 (0 65535)). Bu chn Root Port: din ra trn bn thn cc switch khng phi l root bridge. Mi nonroot switch ch c 1 port c lm root port, root port phi l port c path cost i ti root bridge nh nht. Trong trng hp cost bng nhau th phn nh thng qua sender Bridge ID v Sender port ID (priority.Number, default priority = 128 (0 240) Bu chn Designated Port: din ra trn cc segment mng, da vo path cost, nu path cost bng nhau th phn nh thng qua BID. Cc port trn root bridge u l designated port. Cc port cn li u l b Block. Trng thi cc port ca switch: Disabled: khng nhn bt c frame no Blocking: khng truyn frame, ch nhn BPDU. Trng thi ngay khi switch khi ng Listening: nhn v gi BPDU (15s) Learning: nhn, gi BPDU v hc MAC address (15s) Forwarding: nhn, gi BPDU, hc MAC, nhn v truyn frame STP c coi l hi t khi tt c cc port ca switch hoc 1 trong 2 trng thi forwarding v blocking. Bng gi tr cost:
- 15 -
Vd: Cng no s b Block trong m hnh sau?
IV.2 SwitchPort Port-Security
Ch apply trn port l mode Access Switchport port-security mac-address mac-address ch ra mac address no s c cho php. Switchport port-security mac-address sticky.
Mac address u tin c hc vo s cho php. Cn cc mac
address hc sau th cm. Default ch c php hc 1 mac. Switchport port-security maximum value[1-132] Switchport port-security violation {protect | restrict | shutdown} Default l shutsown Switchport port-security aging time 10 - 16 -
Set thi gian cho nhng a ch dynamic MAC Address, nu vt qu thi gian ny s clear MAC Switchport port-security aging type inactivity bt u tnh thi gian clear MAC-Address tnh t khi khng c traffic i vo port Vd:SwitchX(config)# interface fa0/5 SwitchX(config-if)# switchport mode access SwitchX(config-if)# switchport port-security SwitchX(config-if)# switchport port-security maximum 1 SwitchX(config-if)# switchport port-security mac-address sticky SwitchX(config-if)# switchport port-security violation shutdown SwitchX(config-if)# no switchport port-security
Khi mun b cu hnh port-security ch cn dng lnh IV.3 VLAN Phn chia mng, bo mt c bn, gim broadcast. Mi Vlan l 1 vng broadcast domain Cu hnh: Switch#conf t Switch(config)#vlan 2 Switch(config)#vlan 3 Switch(config)#interface f0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 2 VLAN tagging: thm VLAN ID (12 bit) vo trong frame gip nhn bit VLAN. Vic gn IP cho Vlan trn Switch ch nhm mc ch qun tr
IV.4 Trunking Mc ch: cho php nhiu VLAN i cng nhau trn mt kt ni gia cc switch.
- 17 -
C 2 loi trunking: ISL :ng gi 26 byte Header v 4 byte Trailer vo frame gc.
Dot1Q (chn 4 byte vo frame gc).
- 18 -
Khc bit c bn gia ISL v Dot1Q: encapsulation v tagging, native VLAN trong Dot1Q, ISL l chun ca Cisco, Dot1Q l chun ca IEEE.
IV.5 VTP
Mc ch: m bo tnh nht qun v VLAN trong mng, chnh sa VLAN linh ng
Hot ng: Server gi VTP advertisement mi 5 pht hoc nu c s thay i trong mng. VTP advertisement cha: - 19 -
Revision number: default l 0. Mi ln thay i cu hnh th tng ln 1. reset v 0: thay i mode VTP thnh Transparent sau i li server. Thay i domain name VLAN name v number, Switch c port c gn vo VLAN no (lin quan n VTP pruning). C 3 mode trong VTP: Server: to, sa, xa VLAN, gi v qung b VLAN ads. ng b thng tin VLAN, lu thng tin VLAN trong NVRAM. Client: khng to, sa, xa VLAN, chuyn VLAN ads. ng b thng tin VLAN, khng lu thng tin VLAN trong NVRAM. Transparent: to, sa, xa VLAN ring, chuyn VLAN ads ca domain, khng qung b thng tin VLAN ca mnh, khng ng b thng tin VLAN, lu thng tin VLAN trong NVRAM. Cu hnh: Switch(config)#vtp domain Switch(config)#vtp mode Switch(config)#vtp password
Cu hi: Client c s revision cao hn server th hin tng g xy ra? S revision thay i khi no? VTP pruning: gim traffic khng cn thit trn trunk port.
- 20 -
Cu hnh: Switch(config)#interface f0/1 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan/pruning vlan IV.6 Routing Inter-VLAN Mc ch: gip cc host thuc cc VLAN khc nhau lin lc vi nhau. Cn thit b layer 3 thc hin ( c th l Router hoc Switch layer 3)
Cu hnh: Router(config)#interface Fa0/0 - 21 -
Router(config-if)#no shut Router(config)#interface fa0/0.1 Router(config-subif)#encap dot1Q 1 Router(config-subif)#ip add A.B.C.D //ip add thuc VLAN 1 Router(config)#interface fa0/0.2 Router(config-subif)#encap dot1Q 2 Router(config-subif)#ip add W.X.Y.Z //ip add thuc VLAN 2
I.
ROUTINGV.1 IP addressing i nhanh s nh phn sang thp phn, hex, v ngc li Dy a ch IP: Lp A: 1.0.0.0 126.255.255.255 Lp B: 128.0.0.0 191.255.255.255 Lp C: 192.0.0.0 223.255.255.255 IP address: public v private. a ch Private: Lp A: 10.0.0.0 10.255.255.255 Lp B: 172.16.0.0 172.31.255.255 Lp C: 192.168.0.0 192.168.255.255 Subnet mask, Private address, Broadcast address. VLSM. cho mng 10.1.1.0/24 chia thnh 2 mng LAN (25 host), 3 mng LAN (12 host), 4 mng WAN (point-to-point) Tm a ch mng v broadcast: 10.45.100.200/14; 172.16.140.100/20; 192.168.101.171/28 Summary. Summary cc mng sau: 172.16.12.0/24; 172.16.13.0/24; 172.16.14.0/24; 172.16.15.0/24. V.2 Cc loi routing
Cc khi nim Routing c bn: Routed protocol: l giao thc lp 3 c dng truyn d liu t mt thit b u cui ny mt thit b khc trn mng. Cc - 22 -
routed protocol l cc gi Lp 3 trong mang thng tin ca cc ng dng n cc lp cao hn. (IP, IPX, Apple Talk) Routing protocol: l giao thc c dng gia cc router gi v nhn cc cp nht v cc mng tn ti trong mt t chc, qua cc qu trnh nh tuyn c th dng xc nh ng i ca gi trn mng.(RIP, EIGRP, OSPF) AD (Administrative Distance): l mt i lng ch s tin cy ca cc routing protocol. Ph thuc vi giao thc routing, AD t 0 -255
AS (Autonomous System): Mt nhm cc routers c chung chnh
sch qun l, c chung mt ngun qun l k thut duy nht v thng thng dng mt IGP (Interior Gateway Protocol). Mi AS c gn bng mt s duy nht t 1 n 65535, trong gi tr t 64512 n 65535 c dng lm gi tr ring, c gn cho cc AS cc b - 23 -
Hi t (covergence): Qu trnh tnh ton bng routing-table trn
cc router sao cho tt c cc bng c chung mt trng thi nht qun. Chia ti (load balancing): Cho php vic truyn packet n mt network ch din ra trn hai hoc nhiu ng i khc nhau. Metric: tt c cc routing protocols dng metric nh lng ng i nhm tm ra ng i tt nht. Mt vi protocol dng metric rt n gin, v d nh RIP dng hop-count. EIGRP dng metric phc tp hn, bao gm bng thng, delay, reliabiliity...
- 24 -
Passive interface: Ngn nga cc routing update gi ra mt
interface no . Tuy nhin, interface ny vn c th lng nghe cc routing update do cc router khc gi v. Lnh ny c dng trong router mode. Redistribution: Qu trnh chia s route c hc t cc ngun khc nhau. V d bn c th redistribute route c hc t RIP vo OSPF (trong trng hp ny bn c th gp vn vi VLSM). Hoc bn c th redistribute static route vo EIGRP. Qu trnh redistribution ny phn ln phi cu hnh bng tay ( manually) Static: Static route: c th ch n mt host, mt network. Bn cng c th dng floating static route, trong route ny c thay i gi tr AD cao hn gi tr ca cc routing protocol ang dng. Interface: AD=0 Next hop: AD=1 R(config)#IP route ip_des mask interface / nexthop [AD]
- 25 -
Default route :
R(config)#ip route 0.0.0.0 0.0.0.0 interface / nexthop Dynamic: router dng cc giao thc duy tr hiu bit v mng. Cc giao thc routing chia lm 2 loi: EGP: BGP IGB: distance vector (RIP, IGRP) link state (OSPF, IS-IS) hybrid (EIGRP). V.2.1 Distance vector Routing Gi nguyn bng nh tuyn cho router k bn v gi theo chu k nh tuyn kiu tin n
- 26 -
C routing loop xy ra. C ch chng routing loop: Route poisoning Splits horizon Poison reverse Holddown timer Trigger/Flash update V.2.2 Link state Routing Duy tr 2 bng: topology v routing. Bng topology cha tt c tnh trng ca ton b link trong mng. Routing table c xy dng t topology table. Thit lp neighbor bng cc gi tin Hello Khng trao i routing table nh distance vector. Trao i cho nhau thng tin v cost v tnh trng link ca chng qua cc LSA. Hi t nhanh hn cc giao thc distance vector. Dng cho mng din rng, nhng yu cu ln k hoch k khi thc thi
- 27 -
V.3 RIP v1 (Routing Information Protocol) Rip l 1 distance vector Rip l mt classful protocol Rip gi routing information ca n mi 30 giy (default) Gi update theo broadcast Hold-down timer l 180 giy (default) Rip dng thut ton Bellman-ford Rip metric da vo hop count (maximum l 15) Infinity metric = 16 Rip c AD (administrative Distance) l 120 (default) Rip c kh nng load balancing (cn bng ti) vi maximum 6 ng c metric bng nhau (Six parallel equal-cost paths), Cisco Router (default) ch h tr 4 ng bng nhau. V d : Router1(config-router)#maximum-paths 5 : cho php load
balancing ti a l 5 ng Khng h tr Discontiguous Network (mng gin on) - 28 -
Discontiguous network l mt mng chnh (Major network) b phn cch bi major network khc.V d :
Bt c khi no RIP qung b 1 network qua 1 major network
boundary khc, Rip summaries netowk c qung b ti major network boundary nh hnh trn. Cc bc ROUTER 1 thc hin trc khi gi Update n ROUTER 2 : Net 131.108.5.0/24 c cng major network vi 137.99.88.0/24 ? Khng trng, ROUTER 1 summarizes 131.108.5.0/24 v qung b route 131.108.0.0/16 Cc bc thc hin ca ROUTER 2 trc khi chp nhn update t ROUTER 1 : Major network nhn (131.108.0.0) c cng major network 137.99.88.0 Khng trng, trong routing table c bt k subnet no thuc major network ny cha C ri, ROUTER 2 b qua khng update.
Khng h tr VLSM (Variable-Length Subnet Mask) : Rip v igrp khng c kh nng mang subnet mask information trong khi gi update. Trc khi n qung b, n thc hin 1 kim tra da vo subnetmask ca interface m n gi update. Nu 2 subnet khng ng th n s drop
- 29 -
Cc bc thc hin ca ROUTER 1 trc khi gi update n ROUTER 2
ROUTER 1 kim tra xem, nu 131.108.5.0/24 c cng major network 131.108.6.0/30 khng ? Cng major network. ROUTER 1 xc nh 131.108.5.0/24 c cng subnet mask 131.108.6.0/30 khng ? Bi v 2 subnet khng trng nn ROUTER 1 drop mng 131.108.0.0 /16 v khng qung b route ROUTER 1 xc nh 131.108.7.0/30 l cng major network vi 131.108.6.0/30 khng ? Cng major network. ROUTER 1 xc nh tip 131.108.7.0/30 c cng subnet mask vi 131.108.6.0/30 khng ? V c 2 subnet mask ging nhau nn ROUTER 1 qung b network 131.108.7.0/30 n ROUTER 2. Default Routes : Khi RIP thy 1 default route trong routing table ca n, n s t ng qung b default route ny trong RIP update. V.4 RIP V2 Gi routing update dng multicast 224.0.0.9 H tr VLSM: qung b mng km subnet mask Next-hop metric Cu hnh: Router(config)#router rip Router(config-router)#network Router(config-router)#version 2 - 30 -
R2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C R C R C R 172.29.0.0/24 is subnetted, 1 subnets 172.29.35.0 is directly connected, Ethernet0 131.16.0.0/16 is variably subnetted, 4 subnets, 2 masks 131.16.6.0/24 [120/1] via 131.16.5.1, 00:00:07, Serial1 131.16.5.0/24 is directly connected, Serial1 131.16.8.1/32 [120/1] via 131.16.5.1, 00:00:07, Serial1 131.16.9.0/24 is directly connected, Loopback0 131.88.0.0/16 [120/1] via 131.16.5.1, 00:00:07, Serial1
V.5 OSPF (Open Shortest Path First) Cc khi nim v c tnh: link state Dng Thut ton ng ngn nht ca Dijkstra v l m (Open) khng phi ca ring hng no, c th c dng cho thit b ca tt c cc hng. (Allows multi-vendor deployment - open standard) AD = 110 Nhng u im ca OSPF vi Distance Vector Hi t nhanh Ti u update traffic trong Routing (Minimizes routing
update traffic) Scalability mng ln (Allows scalability)
- 31 -
Classless protocol hon ton, loi tr nhng vn classful nh mng gin on H tr VLSM/CIDR (Supports VLSM/CIDR) Metric khng b gii hn - metric=cost=108/BW (Has unlimited
hop count) Cn bng ti vi cost bng nhau Dng a ch Multicast gim tc ng n nhng thit b nonOSPF. Cch thc hot ng: Thit lp neighbor: Cc router trao i gi tin Hello thit lp neighbor. Gi tin Hello bao gm: Router ID Hello/Dead timer * Neighbors Area ID * Router Priority DR IP Address BDR IP Address Authentication Password * Stub Area flag * => ln c neighbor th cc trng c du * phi ging nhau. Hello timers: Multi Access v Point-to-Point = 10s NBMA = 30s Xy dng bng nh tuyn: Cc router trao i thng tin qua thng ip qung co LSA LSA: cost ca ng link, thng tin router v trng thi cc router ln cn. S dng gii thut Dijkstra xy dng bng nh tuyn Metric = cost = 108/BW Update: Khi c thay i th gi update lin Nu khng c g th c 30 pht full update 1 ln. - 32 -
Bu chn DR/BDR: Trong mi trng multiaccess: bu chn BDR v DR da vo Priority ca interface v Router ID. (gi tr ln nht c u tin). Default, Priority = 1.Gi tr t 0 255. Router ID: da vo a ch IP ca interface, u tin MAC Address. Router lin lc qua 2 a ch multicast: 224.0.0.5 dnh cho tt c cc router. 224.0.0.6 dnh cho DR/BDR. Mi quan h gia Ajacency v Neighbor Cu hnh: R(config)#router ospf R(config-router)#network area R(config-if)#ip ospf priority value
- 33 -
R# show ip ospf neighbor R#show ip route
- 34 -
- 35 -
V.6 EIGRP
Cc khi nim: Chun ca Cisco AD = 90 - 36 -
H tr VLSM, h tr nhiu giao thc nh IP, IPX, Apple Talk Hi t nhanh Hybrid
Metric = IGRP metric * 256 IGRP(metric)=
( K 2 * BW ) ) K5 K 1 BW + ( 256 Load ) + K 3 * Delay * ( Re li + K
)
K1,K2,K3,K4,K5 l hng s Mc nh K1=K3=1; K2=K4=K5=0 => IGRP(metric)=BW+Delay BWigrp = 107/BW Delayigrp = Delay/10 chiu di 32 bits, trong khi chiu di metric ca IGRP l 24
bits. Cch thc hot ng: Thit lp neighbor: gi gi tin Hello ti a ch multicast 224.0.0.10 Hello timer: On LAN links = 5s On WAN links = 60s Holdown timer = 3 ln hello timer thnh c neighbor th phi tha mn cc iu kin sau: Lng nghe hello packet v phi xc nhn li - 37 -
Phi cng AS Cch tnh metric ca cc neighbor phi ging nhau. R#show ip eigrp neighbors Thit lp bng topology: Successor : route c ng i tt nht v ch Feasible Successor: ng d phng. FD (Feasible Distance): = metric EIGRP- Chi ph ca 1 ng i tt nht n mt mng ch. AD (Advertise Distance): Chi ph ca mt mng xa m con neighbor kt ni trc tip qung b. iu kin c ng d phng: AD < FD Thit lp bng Routing Table: S dng thut ton DUAL xy dng nn bng nh tuyn. Trong bng topology s chn ra route successor (tuyn ng tt nht) a vo bng nh tuyn.
Cu hnh: Router(config)#router eigrp Router(config-router)#network / Router(config-router)#no auto-summary V.7 Static route Default route: AD = 0 hoc 1 a route vo routing table bng tay Cu hnh: Router(config)#ip route Router(config)#ip route 0.0.0.0 0.0.0.0 V.8 Lnh IP classless: Nu dng lnh ny: router s i n mng l bng default route - 38 -
Nu dng dng no ca lnh ny: router s tra route theo kiu longest match, c th khng dng default route i n mng l.
I.
ACCESS-LISTng dng: Lc traffic, NAT VI.1 Phn loi
Standard 1-99: ch ch n IP source, t gn ch Extended 100-199: ch n IP, protocol, port source v ch, t gn source Kim tra t trn xung Xo 1 Access list th xa ht. Thm 1 access list mi th nm dng lnh cui Cui access list default deny any any
VI.2 Cu hnh Standard Accesslist R(config)#accesss-list number {deny|permit} source wildcard Ch nh c th host: R(config)#access-list number {deny|permit} host IP ch nh bt k: R(config)#access-list number {deny|permit} 0.0.0.0 255.255.255.255 R(config)#access-list number {deny|permit} any any Extended Accesslist R(config)#access-list number {deny|permit} protocol source wildcard des wildcard operator operand Number : 100 -199 Protocol: IP, TCP, ICMP Operator: = eq - 39 -
Operand: telnet, www, ftp..Hoc s port.
p ln interface:
R(config-if)# ip access-group {in|out}.
Kim tra
R# show ip interface R# show access-list R# show ip access-list
I.
NATVII.1 Cc khi nim: inside local, inside global, outside global, outside local
Cisco nh ngha cc thut ng c s dng trong NAT nh sau: - Inside local address - a ch IP c gn cho mt host ca mng trong. y l a ch c cu hnh nh l mt tham s ca h iu hnh trong my tnh hoc c gn mt cch t ng thng qua cc giao thc nh DHCP. a ch ny khng phi l nhng a ch IP hp l c cp bi NIC (Network Information Center) hoc nh cung cp dch v Internet. - Inside global address - L mt a ch hp l c cp bi NIC hoc mt nh cung cp dch v trung gian. a ch ny i din cho mt hay nhiu a ch IP inside local trong vic giao tip vi mng bn ngoi. - Outside local address - L a ch IP ca mt host thuc mng bn ngoi, cc host thuc mng bn trong s nhn host thuc mng bn ngoi thng qua a ch ny. Outside local khng nht thit phi l mt a ch hp l trn mng IP (c th l a ch private). - Outside global address - L a ch IP c gn cho mt host thuc mng ngoi bi ngi s hu host . a ch ny c gn bng mt a ch IP hp l trn mng Internet. - 40 -
Trn y l cc nh ngha kinh in ca Cisco, tuy nhin n khng c d hiu cho lm v i khi gy cho chng ta khng t nhm ln. Trc khi i vo cc v d, ta nh ngha li cc thut ng trn theo mt cch d hiu hn. Trc ht bn phi nh k rng khi nim khi nim inside v outside ca NAT l cc giao din c cu hnh bi cu lnh ip nat inside and ip nat outside. Cc mng no ni n cc giao din ny s c vai tr inside v outside tng ng. - Local address - L a ch xut hin trong phn inside ca mt network. - Global address - L a ch xut hin trong phn outside ca mt network.
VII.2 Phn loi theo cu hnh Static: ip nat inside static source
- 41 -
Dynamic: nh ngha NAT pool trc v thc hin NAT ip nat pool netmask ip nat inside source pool Nat overload (PAT): ip nat inside source overload VII.3 p dng ln interface
Phi nh ngha trc bn no l inside, bn no l outside Vo interface : ip nat inside/outside
I.
WIRELESSVIII.1 im khc nhau gia WLAN v LAN + WLAN dng sng radio nh l lp physical + WLAN s dng c ch CSMA/CA trnh nghn khc vi LAN l CSMA/CD + S dng half-duplex (ging Hub) + Vn vng bao ph, giao thoa, nhiu, ting n, bo mt VIII.2 Cc m hnh Wireless AD-HOC: khng c Access-Point BSS: c 1 Access-Point ESS: c t 2 Access-Point tr ln, mi AP phi thuc 1 knh ring trnh nhiu
- 42 -
VIII.3 Cc chun 802.11
- 43 -
VIII.4 Bo mt trong Wireless
I.
WANIX.1 Frame Relay
- 44 -
Cc khi nim: PVC (Permanent Virtual Circuit): thit lp kt ni logical gia cc DTEs (ging lease lined)
DLCI(Data-Link Connection Identifier): layer 2 address m t 1 PVC ti Router u xa, DLCI ch c ngha local
- 45 -
FECN, BECN, DE: cc bit chng nghn trong Frame-Relay CIR (Committed information rate): tc truyn trn kt ni gia
Customer ti FR (cn gi l local access loop). CIR do ISP cung cp Inverse ARP: map gia IP destination vi s DLCI ca mnh, enable by default, nu tt c ch Inverse ARP th phi map tnh
2 kiu encapsulation: IETF v Cisco 3 kiu LMI-type: Cisco, ANSI, Q933a 3 kiu Topo Frame-Relay: Full-Mesh, Partial-Mesh, Star (Hub & Spoke)
- 46 -
Vn Splitz horizon
Cu hnh: frame-relay switching encapsulation frame-relay IETF/Cisco frame-relay intf-type dce frame-relay lmi-type Cisco/ANSI/Q933a frame-relay interface-dlci - 47 -
frame-relay map ip frame-relay route interface IX.2 PPP Open standard, h tr nhiu giao thc nh IP, IPX H tr multi-link Compression S dng qua analog circuits S dng 2 phng php xc thc: PAP, CHAP PAP: Xc thc yu, s dng password plain-text Two-way handshake
CHAP: Three-way handshake Xc thc mnh, h tr MD5
- 48 -
Cu hnh:
- 49 -