Mc Lc

Lab 1- Cu hnh Switch c bn................................................................................... Trang 4

Lab 2- Cu hnh Router C bn ................................................................................. Trang 13
Lab 3- Telnet v SSH.................................................................................................. Trang 20
Lab 4- Hng dn s dng GNS3 .............................................................................. Trang 26
Lab 5- Lab tng hp Switch, Router........................................................................... Trang 34
Lab 6- Wireless Lab .................................................................................................... Trang 43
Lab 7- Cisco Security Manager (SDM) ...................................................................... Trang 51
Lab 8- DHCP, DHCP Relay ....................................................................................... Trang 64
Lab 9- nh tuyn tnh (Static Route) ........................................................................ Trang 78
Lab 10- RIPv2 (Routing Information Protocol).......................................................... Trang 88
Lab 11- CDP (Cisco Discovery Protocol) .................................................................. Trang 105
Lab 12- Sao lu IOS, cu hnh Router ........................................................................ Trang 123
Lab 13- Khi phc mt khu cho Router .................................................................... Trang 125
Lab 14- Khi phc mt khu cho Switch.................................................................... Trang 129
Lab 15- Lab tng hp phn 1 ...................................................................................... Trang 133
Lab 16- OSPF (Open Shortest Path First)................................................................... Trang 139
Lab 17- EIGRP (Enhanced Interior Gateway Routing Protocol) ............................... Trang 155
Lab 18- VTP, VLAN .................................................................................................. Trang 166
Lab 19- PVST+, PVRST ............................................................................................ Trang 181
Lab 20- nh tuyn VLAN s dng Switch Layer3 ................................................... Trang 215
Lab 21- Standard ACL ................................................................................................ Trang 224
Lab 22- Extend ACL ................................................................................................... Trang 232
Lab 23- NAT, PAT ..................................................................................................... Trang 241
Lab 24- IPv6

....................................................................................................... Trang 256

Lab 25- PPP PAP, CHAP ........................................................................................... Trang 265

Lab 26- Frame Relay c bn ....................................................................................... Trang 278

Lab 27- Frame Relay nng cao ................................................................................... Trang 289

LAB 1: CU HNH SWITCH C BN

I.

Mc Tiu :
- Gip hc vin bt u lm quen vi cc lnh c bn trn Cisco IOS
- n tp li cc lnh lin quan n : t IP cho Switch, cc loi mt khu,
Port-Security
Lab cu hnh Switch c bn:

II.

Yu cu :
-S dng Packet Tracer kt ni m hnh nh trn
-Xa ton b cu hnh hin ti ca Swicth
-Cc lnh xem thng tin
-Cu hnh hostname, a ch IP
-Cc loi mt khu
-Tc v duplex
-Tnh nng PortSecurity
1. Kt ni cp v xa cu hnh cho Switch:
- S dng ng cp thng kt ni t PC n Switch
- S dng PC kt ni vo cng console ca Switch hoc vo tab CLI ca thit b
tin hnh cu hnh
- Xa cu hnh Switch

Switch> enable
Switch# erase startup-config
Switch# reload
2. Cc lnh kim tra thng tin :
-

Xem cu hnh hin ti ca Switch cng vi tng s lng interface Fastethernet,

GigabitEthernet, s line vty cho telnet..

Switch#show running-config
-

Trn tt c SW Cisco u c interface mc nh l VLAN1 dng qun l SW

t xa thng qua vic t ip cho interface ny, xem t im interface vlan 1

Switch#show interface vlan1

Ghi li thng tin a ch Ip, MAC, trng thi up, down
Switch#show interface fa0/1 tnh trng interface fastethernet 0/1
-

Xem thng tin v phin bn h iu hnh, dung lng b nh RAM, NVRAM,

Flash

Switch#show version
-

Ni dung b nh Flash

Switch#show flash:
Hoc
Switch#dir flash:
Switch#dir flash:
6 drwx 4480 Mar 1 1993 00:04:42 +00:00 html
618 -rwx 4671175 Mar 1 1993 00:06:06 +00:00 c2960-lanbase-mz.122-25.SEE3.bin
32514048 bytes total (24804864 bytes free)
-

Xem cu hnh ang lu trn Switch

Switch#show startup-configure
startup-config is not present
-

L do hin thng bo trn l do hin ti chng ta cha lu cu hnh, by gi th

t hostname cho thit b sau lu cu hnh

Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#exit
S1#copy running-config startup-config
Destination filename [startup-config]? (enter)
Building configuration...
[OK]
S1#show startup-config
Using 1170 out of 65536 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname S1
!
<output omitted>
3. Cc loi mt khu :
-

Cu hnh mt khu cisco cho cng Console

S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
-

Telnet l mt dch v gip ngi qun tr c th qun l cc thit b t xa thng

qua cc line vty, trong trng hp ny mt khu line vty cho dch v Telnet l
Cisco

S1(config)#line vty 0 4
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
-

t mt khu nhy t mode User ( > ) sang Privileged ( #) l class

S1(config)#enable secret class

Mode Privileged c th thay i tt c cu hnh ca thit b Cisco nn rt quan trong

nn vic t mt khu cho mode ny l cn thit
4. t IP cho Switch : Switch l mt thit b lp 2 nn cc cng ca Switch ta khng
th t IP c c th qun l thit b t xa, i vi Cisco Switch ta c th lm
c iu ny bng cch t ip thng qua 1 interface t bit VLAN1 ( logical
interface )
S1(config)#interface vlan 1
S1(config-if)#ip address 172.17.99.11 255.255.0.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#
-

t mng khc vn c th qun l c switch cn khai bo thm Gateway cho

Switch :

S1(config)#ip default-gateway 172.17.99.1

Vi 172.27.99.1 l a ch ca gateway
-

Kim tra li cu hnh interface Vlan 1

S1#show interface vlan 1

Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 001b.5302.4ec1 (bia 001b.5302.4ec1)
Internet address is 172.17.99.11/16
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:06, output 00:03:23, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
4 packets input, 1368 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

1 packets output, 64 bytes, 0 underruns

0 output errors, 0 interface resets
Cu hnh a ch IP cho PC1 vi thng tin trn bi lab, trn PC vo Desktop -> IP
Configuration
IP: 172.17.99.21
SM: 255.255.0.0
Gw: 172.17.99.1 hin ti cha c trong bi lab ny
-

- Kim tra kt ni t PC n Switch :

PC vo Desktop -> Command prompt -> ping 172.17.99.11
-

Thay i cu hnh duplex v tc trn cc cng ca Switch

S1#configure terminal
S1(config)#interface fastethernet 0/18
S1(config-if)#speed 100
S1(config-if)#duplex auto
S1(config-if)#end
-

Kim tra li interface

S1#show interface fastethernet 0/18

FastEthernet0/18 is up, line protocol is up (connected)
Hardware is FastEthernet, address is 001b.5302.4e92 (bia 001b.5302.4e92)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
-

Lu cu hnh

S1#copy running-config startup-config

Destination filename [startup-config]?[Enter] Building
[OK]
S1#
5. Qun l bng MAC table :

configuration...

Kim tra a ch MAC ca c PC bng lnh ipconfig /all, ghi li a ch MAC v

kim tra li bng a ch MAC trn Switch v so snh ni dung vi a ch MAC
ca PC

S1#show mac-address-table
6. Cu hnh tnh nng Port Security :
-

Tnh nng Port Security c th gip ta qun l vic truy cp vo tng cng ca
Switch gm: PC c MAC no c lt ni n cng, tng s MAC c kt ni

Cc bc cu hnh nh sau

S1# configure terminal

S1(config)#interface fastethernet 0/18
S1(config-if)#switchport mode access port hot ng mode access
S1(config-if)#switchport port-security bt tnh nng port security
S1(config-if)#switchport port-security maximum 2 ti a 2 MAC c kt ni n
cng ny
S1(config-if)#switchport port-security mac-address sticky cc a ch MAC trn c
hc t ng t 2 PC u tin ni n cng
S1(config-if)#switchport port-security violation shutdown Khi vt qu s lng cho
php cng s t ng shutdown
-Xem li cu hnh bng 2 lnh
Switch#show running-configure
Switch#show port-security interface fa0/18
-

III.

Th kim tra li hot ng ca Port Security bng cch ln lt ni PC1, 2 vo

cng fa0/18 sau s dng lnh show port-security address s thy ch c PC1,
2 mi c kt ni n cng fa0/18, by gi ta cm thm 1 PC th 3 vo cng
fa0/18 na s thy cng t ng b shutdown do vt qu gii hn cho php
ca lnh switchport port-security maximum 2

- Tin hnh lu cu hnh v kt thc bi Lab.

Cc lnh lin quan n bi lab:

- Cc cu lnh tr gip
- Cc cu lnh kim tra
- Cu hnh tn switch
- Cu hnh password
- Cu hnh a ch IP v default gateway

- Lab cu hnh switch c bn

1. Cc lnh tr gip:
Switch> ?
Switch> enable
Switch#
Switch# disable
Switch> exit
Cu hnh Hostname

Phm ? c dng lm phm tr gip

ging nh router
L ch User
L ch Privileged
Thot khi ch privileged
Thot khi ch User

2. Cc cu lnh kim tra :

Switch# show running-config
Switch# show startup-config
Switch# show interfaces

Hin th file cu hnh ang chy trn RAM

Hin th file cu hnh ang chy trn
NVRAM
Hin th thng tin cu hnh v cc
interface c trn switch v trng thi ca
cc interface .

Switch# show interface vlan 1

Hin th cc thng s cu hnh ca Interface

VLAN 1, Vlan 1 l vlan mc nh trn tt c
cc switch ca cisco.

Switch# show version

Hin th thng tin v phn cng v phn mm

ca switch

Switch# show flash:

Hin th thng tin v b nh flash

Switch# show mac-address-table

Hin th bng a ch MAC hin ti ca switch

3. Cu hnh Hostname :
Switch# configure terminal
Switch(config)# hostname 2960Switch

Chuyn cu hnh vo ch Global

Configuration
t tn cho switch l 2960Switch. Cu lnh t
tn ny thc thi ging trn router.

10

4. Cc loi password
2960Switch(config)#enable password cisco

Cu hnh Password enable cho switch l Cisco

2960Switch(config)#enable secret class

Cu hnh Password enable c m ha l

class

2960Switch(config)#line console 0

Vo ch cu hnh line console

2960Switch(config-line)#login

Cho php switch kim tra password khi ngi

dng login vo switch thng qua console

2960Switch(config-line)#password cisco

Cu hnh password cho console l Cisco

2960Switch(config-line)#exit

Thot khi ch cu hnh line console

2960Switch(config-line)#line vty 0 4

Vo ch cu hnh line vty

2960Switch(config-line)#login
2960Switch(config-line)#password cisco

Cho php switch kim tra password khi ngi

dng login vo switch thng qua telnet
Cu hnh password cho php telnet l Cisco

2960Switch(config-line)#exit

Thot khi ch cu hnh ca line vty

5. Cu hnh a ch IP v default gateway

2960Switch(config)# Interface vlan 1

Vo ch cu hnh ca interface vlan 1

2960Switch(config-if)# ip address
172.16.10.2 255.255.0.0

Gn a ch ip v subnet mask cho php truy

cp switch t xa.

2960Switch(config)#ip default-gateway
172.16.10.1

Cu hnh a ch default gateway cho

Switch

6. Cu hnh m t cho interface :

2960Switch(config)# interface fastethernet fa0/1

Vo ch cu hnh ca interface fa0/1

2960Switch(config-if)# description
Thm mt on m t cho interface ny.
FinaceVLAN
* Ch : i vi dng switch 2960 c 12 hoc 24 Fast Ethernet port th tn ca cc port

11

s bt u t: fa0/1, fa0/2. Fa0/24. Khng c port Fa0/0.

7. Qun l bng a ch MAC :
Hin th ni dung bng a ch mac hin
thi ca switch

Switch# show mac address-table

12

LAB 2: CU HNH ROUTER C BN

Gii thiu :
Bo mt l mt yu t rt quan trng trong network,v th n rt c quan tm v s dng
mt khu l mt trong nhng cch bo mt rt hiu qu.S dng mt khu trong router c th
gip ta trnh c nhng s tn cng router qua nhng phin Telnet hay nhng s truy cp trc
tip vo router thay i cu hnh m ta khng mong mun t ngi la.

I.

Mc ch :
Ci t c mt khu cho router, khi ng nhp vo, router phi kim tra cc loi mt khu
cn thit.

II.

III.

M t bi lab v hnh :

Trong hnh trn, PC c ni vi router bng cp console

Cc cp bo mt ca mt khu :
Cp bo mt ca mt khu da vo cp ch m ho ca mt khu .cc cp m ha
ca mt khu:

IV.

Cp 5 : m ha theo thut ton MD5, y l loi m ha 1 chiu,khng th gii m

c(cp ny c dng m ho mc nh cho mt khu enable secret gn cho router)
Cp 7 : m ha theo thut ton MD7, y l loi m ha 2 chiu,c th gii m
c(cp ny c dng m ha cho cc loi password khc khi cn nh: enable
password,line vty,line console)
Cp 0 : y l cp khng m ha.
Qui tc t mt khu :
Mt khu truy nhp phn bit ch hoa,ch thng,khng qu 25 k t bao gm cc k
s,khong trng nhng khng c s dng khong trng cho k t u tin.

V.

Router(config)#enable password TTG-TTG-TTG-TTG-TTG-TTG-TTG

% Overly long Password truncated after 25 characters mt khu c t vi 26 k

13

t khng c chp nhn

VI.

Cc loi mt khu cho Router :

Enable secret : nu t loai mt khu ny cho Router,bn s cn phi khai bo khi ng
nhp vo ch user mode ,y l loi mt khu c hiu lc cao nht trong Router,c m ha
mc nh o cp d 5.
Enable password : y l loi mt khu c chc nng tng t nh enable secret nhng
c hiu lc yu hn,loi password ny khng c m ha mc nh,nu yu cu m ha th s
c m ha cp 7.
Line Vty : y l dng mt khu dng gn cho ng line Vty,mt khu ny s c
kim tra khi bn ng nhp vo Router qua ng Telnet.
Line console : y l loi mt khu c kim tra cho php bn s dng cng Console
cu hnh cho Router.
Line aux : y l loi mt khu c kim tra khi bn s dng cng aux.

VII.

Cc bc t mt khu cho Router :

Bc 1 : khi ng Router , nhn enter vo ch user mode.

T ch user mode dng lnh enable vo ch Privileged mode
Router con0 is now available
Press RETURN to get started.
Router>enable
Router#

Bc 2 : T du nhc ch Privileged mode vo mode cofigure cu hnh cho

Router bng lnh configure terminal
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#

Bc 3 : Cu hnh cho tng loi Password

Cu hnh cho mt khu enable secret
(Ch :mt khu c phn bit ch hoa v ch thng)

Mt khu l TTG

Router(config)#enable secret TTG

Router(config)#exit

Cu hnh mt khu bng lnh enable password

Router(config)#enable password cisco

14

Mt khu l cisco

Router(config)#exit
Lu : khi ta ci t cng lc 2 loi mt khu enable secret v enable password th
Router s kim tra mt khu c hiu lc mnh hn l enable secret. Khi mt khu secret khng
cn th lc mt khu enable password s c kim tra, hy th kim tra li bng cch thot
ra li mode User ri vo li mode Privileged bng lnh enable Router s hi mt mu khai bo
bng lnh enable secret
Cu hnh mt khu bng lnh Line
Mt khu cho ng Telnet (Line vty)
Router(config)#line vty 0 4
password l class
Router(config-line)#password class
Router(config-line)#login
m ch ci t password
Router(config-line)#exit
Mt khu cho cng console :
Router(config)#line console 0

m ng Line Console
cng Console th 0

Router(config-line)#password cert

password l cert
m ch ci t password

Router(config-line)#login
Router(config-line)#exit

Mt khu cho cng aux:

S 0 ch s th t cng aux c dng
Router(config)#line aux 0
Router(config-line)#password router

password l router

Router(config-line)#login
Router(config-line)#exit
Sau khi t xong mt khu,ta thot ra ngoi ch Privileged mode, dng lnh Show runningconfig xem li nhng password cu hnh :
Router#show running-config
Building configuration...
Current configuration : 550 bytes
version 12.1
no service single-slot-reload-enable

15

service timestamps debug uptime

service timestamps log uptime
no service password-encryption

password ci t ch khng m ha

hostname Router
password secret c

enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o

m ha mc nh cp 5
enable password cisco
!
line con 0
password cert

password cho cng Console l cert

login
line aux 0
password router

password cho cng aux l router

login
line vty 0 4
password class

password cho ng vty l class

login
!
End
Dng lnh Show running-config ta s thy c cc password c u hnh, nu mun m ha
tt c cc password ta dng lnh Service password-encryption trong mode config.
Router(config)#service password-encryption
Router(config)#exit

Dng lnh show running-config kim tra li:

Router#show run

16

Building configuration...
enable secret 5 $1$6bgK$prmkIPVMht7okiCQ5EQ2o/
enable password 7 094F471A1A0A

password c m ha cp 7

line con 0
password c m ha cp 7

password 7 15110E1E10
login
line aux 0

password 7 071D2E595A0C0B password c m ha cp 7

login
line vty 0 4
password c m ha cp 7

password 7 060503205F5D
login
!
End

Ch : Ta khng th dng lnh no service password-encryption b ch m ha cho mt

khu,ta ch c th b ch m ha khi gn li mt khu khc
Sau khi t mt khu xong, khi ng nhp vo Router li, mt khu s c kim tra:
Router con0 is now available
nhn enter

Press RETURN to get started.

User Access Verification

mt khu line console s c kim tra

khai bo mt khu console l : cert

Password:cert

enable d vo mode Privileged

Router>ena
Password:TTG

V mt khu secret c hiu lc cao hn nn c kim tra

Router#
Cc loi mt khu khc nh Line Vty ,Line aux s c kim tra khi s dng n chc nng
VIII.

G b mt khu cho router :

17

Nu mun g b mt khu truy cp cho loi mt khu no ta dng lnh no trc cu lnh
gn cho loi mt khu .
V d : Mun g b mt khu secret cho router
Router(config)#no enable secret
Router(config)#exit
Bng cch tng t,ta c th g b mt khu cho cc loi mt khu khc.
Ph lc cc lnh lin quan n bi lab :

IX.

1. Cc ch cu hnh ca router
Router>

Ch User.

Router#

Ch Privileged (cng c gi l ch
EXEC)

Router(config)#

Ch Global Configuration

Router(config-if)#

Ch Interface Configuration

Router(config-subif)#

Ch Subinterface Configuration

Router(config-line)#

Ch cu hnh Line.

Router(config-router)#

Ch Router Configuration

2. Cu hnh cc tham s c bn cho router :

2.1 Cu hnh Interface Serial :
Router(config)# interface s0/0/0

Chuyn vo ch cu hnh ca
Interface S0/0/0.

Router(config-if)# description Link to

Li m t cho Interface Serial ny. (y

ISP

l ty chn).

Router(config-if)# ip address

Gn mt a ch ip v subnet mask cho

192.168.10.1 255.255.255.0

interface Serial ny.

18

Router(config-if)# clock rate 56000

Cu hnh gi tr Clock rate cho Interface

(Ch cu hnh cu lnh ny Khi interface
l DCE).

Router(config-if)# no shutdown

Bt Interface.

2.2 Cu hnh Interface Fast Ethernet

Router(config)# interface Fastethernet

Chuyn vo ch cu hnh ca

0/0

Interface Fast Ethernet 0/0

Router(config-if)# description

Cu hnh li m t cho Interface. (y l

Accounting LAN

ty chn)

Router(config-if)# ip address

Gn mt a ch ip v subnet mask cho

192.168.20.1 255.255.255.0

Interface

Router(config-if)# no shutdown

Bt Interface

2.3 Cu lnh logging synchronous :

Router(config)# line console 0

Chuyn cu hnh vo ch line.

Router(config-line)# logging

Bt tnh nng synchronous logging.

Synchronous

Nhng thng tin hin th trn mn hnh

console s khng ngt cu lnh m bn
ang g.

19

LAB 3: TELNET, SSH

Gii thiu :
Telnet l mt giao thc u cui o( Vitural terminal),l mt phn ca chng giao thc
TCP/IP.Giao thc ny cho php to kt ni vi mt thit b t xa v thng qua kt ni ny, ngi
s dng c th cu hnh thit b m mnh kt ni vo.
II.
Mc ch :
Bi thc hnh ny gip bn hiu v thc hin c nhng cu hnh cn thit c th thc
hin cc phin Telnet t host vo Router hay t Router vo Router.
III. M t bi lab v hnh :
I.

hnh bi lab nh hnh trn, Host1 ni vi router TTG1 bng cp cho.

Cc bc thc hin :
- Cc bn cn ch thm STT c gio vin phn vo a ch IP trnh vic trng a ch
gia cc nhm, trong bi Lab s dng X = 0. Cu hnh cho cc router TTG1, Host 1 nh sau:
Host 1 :
IP:10.0.0.2
Subnetmask:255.0.0.0
Gateway:10.0.0.1
Router TTG1:
Router> enable
Router# configure terminal
Router(config)# hostname TTG1

IV.

20

TTG1(config)# interface fa0/1

TTG1(config-if)# ip address 10.0.0.1 255.0.0.0
TTG1(config-if)#no shutdown
Phi chn chn rng cc kt ni vt l thnh cng (kim tra bng lnh Ping t PC n
TTG1)
Kim tra kt ni Telnet :
T Host ta th telnet vo Router TTG1 :
C:\Documentsand settings\Administrator>Telnet 10.0.0.1
Password required, but none set i hi mt khu nhng khng c ci dt
Connection to host lost
Kt ni tht bi
Thc hin Telnet khng thnh cng v chc nng Telnet i hi bn phi m ng line
Vty v ci t mt khu cho n.

t mt khu Vty cho Router TTG1 :

TTG1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
TTG1(config)#line vty 0 4
TTG1(config-line)#pass TTG1
TTG1(config-line)#login
TTG1(config-line)#exit

Lc ny thc hin Telnet : T Host bn thc hin Telnet vo Router TTG1

C:\Documentsand settings\Administrator>Telnet 10.0.0.1
User Access Verification
Password:
TTG1>ena
% No password set
TTG1>
Lu : i vi thit b ca Cisco, bn ch cn nh a ch ca ni cn Telnet n, thit
b s t hiu v thc hin kt ni Telnet.
Khi Telnet vo, bn ang Mode User v giao thc ny i hi bn phi c ci t mt
khu vo Privileged Mode.Thc hin vic ci t mt khu:

Router TTG1:
TTG1(config)#enable password cisco
TTG1(config)#exit
Bn thc hin li vic kt ni Telnet, t Host vo Router TTG1:
C:\Documentsand settings\Administrator>Telnet 10.0.0.1
User Access Verification
Password: TTG1

21

TTG1>ena
Password: cisco
TTG1#
T y bn c th thc hin vic thay i cu hnh cho cc thit b m khng cn phi thng
qua cng Console.
Kim tra vic Telnet bng lnh Show line
TTG1#show line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
* 0 CTY
5
0
0/0
1 AUX 9600/9600 0
0
0/0
* 2 VTY
- 1
0
0/0
* 3 VTY
- 7
0
0/0
* 4 VTY
- 4
0
0/0
5 VTY
- 1
0
0/0
6 VTY
- 0
0
0/0
Du * biu th nhng line bn ang s dng Telnet,theo nh bng trn,bng ang s dng 3
dng line Telnet qua li gia 2 Router TTG1 qua cc port 2,3,4.
Ct Uses ch s ln bn s dng ng line .
Thot khi cc phin Telnet : chng ta s dng lnh Exit hay lnh Disconnect
Ngt mt kt ni Telnet : chng ta s dng lnh clear line
Mc d Telnet gip mnh c th qun l thit b t xa nhng c kh nng l mt khu
qun tr thit b do Telnet khng m ha d liu khi truyn ra bn ngoi, cc bn c th tham
kho thm video TelnetvsSsh ti a ch
http://www.mediafire.com/download.php?y2z4ghm0wmw thy r hn
Vy an ton hn ta nn s dng dch v SSH thay cho Telnet khi mun cu hnh thit b t xa,
cch cu hnh nh sau :
Cu hnh SSH :
To username/password chng thc trong phin SSH, trong trng hp ny l
TTG/123
TTG1(config)# username TTG password 123
Khai bo domain name tham gia vo qu trnh to kha m ha d liu trong phin
SSH
TTG1(config)# ip domain-name truongtan.edu.vn
To kha m ha d liu
TTG1(config)#crypto key generate rsa
Chuyn sang s dng SSH version 2
TTG1(config)#ip ssh version 2

22

Chuyn qua s dng SSH thay cho Telnet

TTG1(config)#line vty 0 4
TTG1(config-line)#login local
chuyn qua chng thc bng username/password
TTG1(config-line)#transport input ssh
T PC tin hnh SSH ln router s dng phn mm putty

- Lu cu hnh ca router v kt thc bi lab

TTG1#copy run start

V.

Ph lc cc lnh lin quan bi lab :

1. Cc cu lnh Telnet :

23

1.1 Cu hnh line vty thc hin telnet

Router(config)# line vty 0 4

Vo ch line vty cho php telnet

Router(config-line)# password telnet

Cu hnh password cho php telnet

Router(config-line)# login

Cho php kim tra password khi ngi

dng telnet vo router

Thc hin phin telnet

TTG1>telnet TTG2
TTG1>telnet 172.16.20.1

Thc thi vic kt ni t xa n mt router tn

l TTG2 c a ch IP l: 172.16.20.1

TTG1>TTG2
TTG1>connect TTG2
TTG1>172.16.20.1
TTG2>exit

Kt thc phin telnet v tr v du nhc

TTG2>logout

ca router TTG1

TTG1>resume

Phc hi li kt ni n router TTG2

TTG1>disconnect

Kt thc phin telnet n router TTG2

Qun l cc phin telnet

TTG1#show sessions

Hin th nhng kt ni m bn m
n cc router khc.

TTG1#show users

Hin th nhng ngi ang kt ni t xa

n router ca bn.

TTG1 (config)#line vty 0 4

Gii hn s lng kt ni ng thi trn

mt line vty vo router ca bn.

TTG1 (config-line)#no password

Cc ngi dng truy cp t xa s khng

phi yu cu nhp mt khu khi thc
hin telnet n thit b.

24

TTG1 (config-line)#no login

Ngi dng truy cp t xa s c

chuyn thng vo ch user

2. Cu hnh SSH
TTG1(config)# username TTG password
123

To username/password chng thc trong

phin SSH, trong trng hp ny l
TTG/123

TTG1(config)# ip domain-name
truongtan.edu.vn

Khai bo domain name tham gia vo qu

trnh to kha m ha d liu trong phin
SSH

TTG1(config)#crypto key generate rsa

To kha m ha d liu

TTG1(config)#ip ssh version 2

Chuyn sang s dng SSH version 2

TTG1(config)#line vty 0 4

Chuyn qua s dng SSH thay cho Telnet

TTG1(config-line)#login local
TTG1(config-line)#transport input ssh

25

LAB 4: HNG DN S DNG GNS3

GNS3 l 1 chng trnh gi lp mng c giao din ha cho php bn c th gi lp cc Cisco
router s dng IOS tht ,ngoi ra cn c ATM/Frame Relay/Ethernet Switch ,Pix Firewall thm
ch kt ni vo h thng mng tht
GNS3 c pht trin da trn Dynamips v Dynagen m phng cc dng router
1700,2600,3600,3700,7200 c th s trin khai cc bi lab ca CCNA,CCNP,CCIE nhng
hin ti vn cha m phng c Catalyst Switch (mc d c th gi lp NM-16ESW)
1.Ci t GNS3 :
- Video tham kho : http://www.mediafire.com/download.php?lqnj2nbuuhz
- GNS3 c th chy trn Windows,Linux v Mac OSX. ci t phn mm trn Window d
dng chng ta c th s dng b ci t all-in-one cung cp mi th bn cn chy c GNS3
Cc bn c th download GNS3-0.5-win32-all-in-one.exe ti y
http://www.gns3.net/download

26

27

- Giao din GNS3 sau khi ci t xong

2.Cu hnh ln u tin cho GNS3 :

- Vo Edit > Add IOS images and hypervisors ch ng dn n cc file IOS trong mc
Setting

28

- Vo Edit > Preferences > Dynamips > Trong mc Excutable Path chn ng dn n tp tin
dynamip-wxp.exe trong th mc ci t GNS3 , sau bm vo nt Test kim tra li hot
ng ca Dynamip

- Ko th cc router c IOS vo trin khai 1 m hnh n gin

29

- Nhn vo biu tng Play bt u gi lp :

3.Bt u cu hnh :
Nhn phi chut ln thit b chon Console bt u cu hnh

30

4.Giao tip vi mng tht :

- GNS3 thng qua vic s dng Dynamips c th to cu ni gia interface trn router o
vi interface trn my tht ,cho php mng o giao tip c vi mng tht, Trn h
thng Windows, th vin Wincap c s dng to kt ni ny .
- kt ni cc router o trong GNS3 vi h thng mng tht ta dng thit b Cloud
,gi s ta cn kt ni t router o n card mng tn l Internal Lan c a ch l
192.168.1.2

31

- Click vo Cloud,ti Generic Ethernet NIO chn card mng router cn kt ni n,nu
khng r card no c th dng Network device list.cmd pht hin,

- Sau khi chn ng card mng th phi nhn vo Add bt u s dng

32

- Kt ni Fastethernet router o n Cloud ,trong trng hp no l Fa0/0 .Cu hnh

a ch ip cho interface fa0/0 sao cho cung lp mng vi card mn Internal Lan
Router>enable
Router#config terminal
Router(config)#interface fa0/0
Router(config-if)#ip address 192.168.1.10 255.255.255.0
Router(config-if)#no shutdown
- Sau t router th ping n PC v gateway ca h thng mng tht

33

LAB 5: LAB TNG HP SWITCH, ROUTER

I.
YU CU
1. S dng Packet Tracer cu hnh bi Lab bn
2. t mt khu Console l Cisco, dch v Telnet,Enable Secret cho Center Router,SW1,SW2 l
class
3. S dng lnh service password-encryption m ha cc loi mt khu khng c m ha
4. Cu hnh a ch IP nh m hnh bn
5. T cc PC th telnet n SW1,SW2,Router
6. Chuyn sang s dng SSH thay cho Telnet trn CenterRouter vi username: TTG ,
password:cisco
7. T cc PC th ssh n cc router
8. Video tham kho cu hnh : http://www.mediafire.com/download.php?zx2xmdeitmw

II.

CC BC THC HIN:

34

1. S dng Packet Tracer cu hnh bi Lab bn :

Kt ni theo ng m hnh trn s dng Switch 2960 v router 2811
2. t mt khu Console l cisco, dch v Telnet,Enable Secret cho Center Router,SW1,SW2 l
class
- Center Router :
Router>enable
Router#configure terminal
Router(config)#hostname CenterRouter
- t mt khu cho cng console
CenterRouter(config)#line console 0
CenterRouter(config-line)#login
CenterRouter(config-line)#password cisco
CenterRouter(config-line)#exit
- t mt khu cho dch v Telnet
CenterRouter(config)#line vty 0 4
CenterRouter(config-line)#login
CenterRouter(config-line)#password class
CenterRouter(config-line)#exit
- t mt khu khi chuyn t mode User sang Privilege
CenterRouter(config)#enable secrect class
*Ch : t mt khu chuyn t mode User sang Privilege ta c th s dng 2 lnh l
enable password v enable secret nhng mt khu ca enable secret th c m ha trong cu
hnh cn enable password th khng, ta c th kim tra li iu ny bng cch cu hnh c nh
c 2 lnh ny v kim tra li bng lnh show running- configure
- SW1:
Switch>enable
Switch#configure terminal
Switch(config)#hostname SW1
- t mt khu cho cng console
SW1(config)#line console 0
SW1(config-line)#login
SW1(config-line)#password cisco
SW1(config-line)#exit
- t mt khu cho dch v Telnet
SW1(config)#line vty 0 4
SW1(config-line)#login
SW1(config-line)#password class
SW1(config-line)#exit
- t mt khu khi chuyn t mode User sang Privilege
SW1(config)#enable secrect class

35

- SW2:
Switch>enable
Switch#configure terminal
Switch(config)#hostname SW2
- t mt khu cho cng console
SW2(config)#line console 0
SW2(config-line)#login
SW2(config-line)#password cisco
SW2(config-line)#exit
- t mt khu cho dch v Telnet
SW2(config)#line vty 0 4
SW2(config-line)#login
SW2(config-line)#password class
SW2(config-line)#exit
- t mt khu khi chuyn t mode User sang Privilege
SW2(config)#enable secrect class
3. S dng lnh service password-encryption m ha cc loi mt khu khng c m ha :
- S dng lnh show running-configure xem li thng tin cc mt khu hin ti
- m ha cc mt khu khng c m ha mc nh, ta c th s dng lnh service
password-encryption chuyn sang Type-7 password. Ln lt trn Center Router, SW1,
SW2 di chuyn sang mode config v nhp lnh service password-encryption
CenterRouter(configure)# service password-encryption
SW1(configure)# service password-encryption
SW2(configure)# service password-encryption
- S dng li lnh show running-configure v so snh tnh trng cc mt khu so vi trc lc
nh lnh
CenterRouter#show running-config
Building configuration...
Current configuration : 766 bytes
!
version 12.4
service password-encryption
!
hostname CenterRouter
!
!
!

36

enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

!
!
!
!
interface FastEthernet0/0
duplex auto
speed auto
!
interface FastEthernet0/1
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
line con 0
password 7 0822404F1A0A
login
<output omit >
*Ch : Mt khu m ha bi service password-encryption vn c th b gii m vi cng c
Cain

37

4. Cu hnh a ch IP nh m hnh bn :
- CenterRouter:
CenterRouter(config)#interface fa0/1
CenterRouter (config-if)#ip address 192.168.1.1 255.255.255.0
CenterRouter (config-if)#no shutdown
CenterRouter (config)#interface fa0/0
CenterRouter (config-if)#ip address 192.168.2.1 255.255.255.0
CenterRouter (config-if)#no shutdown
- SW1:
SW1(config)#interface vlan 1
SW1(config-if)#ip address 192.168.1.5 255.255.255.0
SW1(config-if)#exit
SW1(config)#ip default-gateway 192.168.1.1
- SW2:

38

SW2(config)#interface vlan 1
SW2(config-if)#ip address 192.168.2.5 255.255.255.0
SW1(config-if)#exit
SW2(config)#ip default-gateway 192.168.2.1
- Cc PC trn SW2 s nhn IP ng t DHCP Server li a ch 192.168.2.10
+ Cu hnh a ch cho DHCP Server : Desktop IP Configuration

+ Tip tc vo Config DHCP cu hnh dy IP cp pht cho mng 192.168.2.0/24 vi IP

bt u cp pht l 192.168.2.100

39

5.T cc PC th telnet n SW1,SW2,Router :

-T PC1 tin hnh Telnet n CenterRouter bng cch vo Desktop Command Prompt
+ PC1>telnet 192.168.1.1

- PC1 th telnet n SW2

+ PC1>telnet 192.168.2.5

40

- Tng t t PC3 th Telnet n CenterRouter v SW2

6. Chuyn sang s dng SSH thay cho Telnet trn CenterRouter vi username: TTG ,
password:cisco:
*Ch : Cn phi i tn ca Router v trong phin SSH s dng hostname ca Router v ip
domain-name to ra kha m ha cho phin SSH
- To username v passworld cho CenterRouter dung chng thc trong phin SSH
CenterRouter(config)#username TTG password cisco
- Cu hnh ip domain-name vi tn domain cng ty ca mnh
CenterRouter (config)#ip domain-name truongtan.edu.vn
- To ra kha (key) bng cch kt hp hostname v tn domain to ra key m ha
CenterRouter (config)#crypto key generate rsa
The name for the keys will be: Centerrouter.truongtan.edu.vn
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]: 768

41

- Key mc nh c to ra bi lnh ny m ha d liu c chiu di l 512 bit, nu cc bn

s dng SSH version2 th chiu di key ti thiu l 768 bit, trong trng hp ny ta s dng
SSHv2 cho an ton nn cc bn nhp vo l 768 v Enter
CenterRouter (config)#ip ssh version 2
CenterRouter (config)#line vty 0 4
- ng nhp bng username v password to ra trn
CenterRouter (config-line)#login local
- Chuyn qua ch chng thc ch s dng SSH thay cho telnet
CenterRouter (config-line)#transport input ssh
7.T cc PC th ssh n cc CenterRouter :
- th SSH t PC n CenterRouter trn cc PC cc bn s dng lnh sau :
Ssh L <tn user> <ip router>
PC1>ssh L TTG 192.168.1.1
8. Video demo s khc nhau gia SSH v Telnet
- Telnet VS SSH : http://www.mediafire.com/download.php?zx2xmdeitmw

42

LAB 6: WIRELESS

I.

Yu cu :

-Kt ni AP v bi BasicLab hon chnh theo 2 cch :

+S dng cng Ethernet
+S dng cng Internet
- Video tham kho : http://www.mediafire.com/download.php?n2zzz0vrwn5
II.

Cc bc tin hnh :

1.Kt ni theo cc s dng cng Ethernet :

-Chy file basiclab_completed.pkt bt cu hnh bi lab Wireless
-Kt ni thm AP Linksys v 1 PC wireless vo h thng

43

-S dng cp cho kt ni t 1 trong 4 cng Ethernet trn AP n SW2. Nh

vy do m hnh l t SW n SW nn cc Wireless PC v mng LAN s cng 1
a ch mng 192.168.2.0/24

- iu chnh mt s tham s c bn trn AP :

44

+ Network Mode : do AP chun G s h tr ngc chun B nn y chng

ta c cc la chn
o Mix Mode : l ch mc nh h tr c client chun B v G
o B-Only : ch h tr client chun B
o G-Only : ch h tr client chun G

+ SSID : tn ca mng wireless

+ Knh hot ng nm trong khong 1 n 11 v phi m bo khng trng
vi cc AP xung quanh, kim tra knh hot ng ca cc AP cc bn c th s
dng 1 s phn mm nh : NetStumbler , InSSIDer.

45

-V hiu ha dch v DHCP trn AP v c DHCP trong LAN cp pht

-Kim tra li IP cp pht cho Wireless PC

46

-Th kt ni t PC Wireless n mng LAN bn trong

2.Kt ni theo cc s dng cng Internet :

47

-B kt ni t AP n SW trong lab 1, s dng cp thng kt ni t cng Internet

ca AP n SW2, cng Internet s nhn Ip th DHCP trong LAN

-Bt li DHCP trn AP v m bo lp mng cp pht khng c trng vi mng

LAN trong trng hp ny AP s cp pht IP trong mng 192.168.0.0/24 khc vi
mng LAN l 192.168.2.0/24

48

-Kim tra li IP cp pht trn Wireless PC

-Ping t Wirless PC vo mng LAN

49

50

LAB 7: SECURITY DEVICE MANAGER (SDM)

I. Gii thiu :
SDM( Cisco Rotuer and Device Manager) l 1 cng c qun l thit b Router thng qua cng
ngh Java, giao din ca SDM rt d s dng, gip chng ta c th cu hnh LAN, WAN v cc
tnh nng bo mt khc ca router. SDM c thit k cho ngi qun tr mng hay reseller
SMB m khng yu cu ngi s dng c kinh nghim nhiu trong vic cu hnh router.
II. M t bi lab:
Trong bi lab ny, chng ta cn phi c 2 PC v 2 Router, Trn PC phi c phn mm ci t
SDM cho Router v h iu hnh ca Router phi h tr vic ci t v cu hnh bng SDM.
kim tra h iu hnh ta nh lnh show version hay show flash kim tra tn ca h iu hnh
v phn cng, sau tham kho link sau:
http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803
e4727.html
Nu h iu hnh khng h tr ta phi ci t h iu hnh khc cho router.
Trong bi lab c s dng cc interface loopback ,l cc interface logic , gi lp cc mng kt
vo 2 router

51

III. Cu hnh :
Ta cu hnh cc bc nh sau trn 2 router DN v HCM:
Bc 1 : Cu hnh cho php truy cp http v https
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
-Bt 1 trong 2 dch v HTTP hoc HTTPS
HTTP :
Router(config)# ip http server
Hoc HTTPS :

52

Router(config)# ip http secure-server

-Sau cu hnh chng thc cho dch v HTTP hoc HTTPS bng lnh
Router(config)# ip http authentication local
Bc 2 : To username v password vi quyn hn privilege 15 login v router
Router(config)# username TTG privilege 15 password cisco.
Bc 3 : Cu hnh cho php telnet v ssh thng qua cc line
Router(config)# line vty 0 4
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
Bc 4 : Ln lt cu hnh ip address cho interface Fa0/1 ( Interface kt ni n PC ) ca router
DN v HCM
N:
Router#conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname DN
DN(config)#interface fa0/1
DN(config-if)#ip address 172.16.1.1 255.255.255.0
DN (config-if)#no shutdown
HCM :
Router(config)#hostname HCM
HCM(config)#interface fa0/1
HCM(config-if)#ip address 172.16.3.1 255.255.255.0
HCM(config-if)#no shutdown
- Sau khi hon thnh xong vic cu hnh Router, ta tin hnh thay i a ch IP v kim tra kt
ni t PC n router

53

Bc 5 : By gi ta s dng phn mm ci t SDM ti PC.

54

- Click v next. Chn Cisco Router ci t vo Router.

- Nhp a ch ca Router v username, password va c cu hnh ti bc 2 v nhn vo

Next.Chn Install SDM v SDM express cho Router cn ci t.

55

- Sau nu phn mm ci t bo Finish l qu trnh ci t xong.

- Tm thi tt chc nng chn Pop-up Blocker trn trnh duyt bng cch vo Tool Pop-up
Blocker Turn-Off Pop-Up Blocker
- By gi trn PC ta truy cp vo Web https://172.16.1.1 login vo giao din Web ca
Router. Ta nhp username v password ca bc 2 chng thc,sau khi chng thc thnh cng
ta c giao din ca SDM nh sau :

56

- Tip theo ta vo Edit > Preferences > chn Preview commands before delivering to router nh
vy ta c th xem trc cc lnh SDM sp chuyn xung router cu hnh

Bc 6: Tao cc interface loopback trn router DN

Interface Loopback trn Router l cc interface logic .Trong bi lab s dng cc interface ny
gi lp cc mng kt ni vo router HCM v N
Configure > Interfaces and Connections >EditInterface/Connection

57

- Sau nhp thng tin v Ip > OK

- Lp li bc 6 i vi interface loopback cn li trn router DN v HCM

Bc 7 : Thit lp kt ni gia interface Fa0/0 t DN n HCM

Interfaces and Connections > Create Connection > Ethernet LAN > Create New Connection

58

Next

Nhp thng tin v Ip cho interface Fa0/0

59

60

Bc 8 : Cu hnh RIPv2 nh tuyn gia 2 router

-Mc ch cu hnh giao thc nh tuyn RIP l 2 router qung b nhng mng mnh bit cho
cc router hng xm ,v ngc li (ch cc mng c qung b trong RIP phi l cc mng
Classfull theo lp A,B,C) .Trong bi lab c th
+Router N cn qung b 3 mng: 192.168.3.0,192.168.4.0 v 172.(15+X).0.0

61

+Router HCM cn qung b 3 mng: 192.168.1.0,192.168.2.0 v 172.(15+X).0.0

Vo Routing > RIP > Edit ,sau add cc network cn qung b trn mi router vo :

(Chn interface fa0/1 l Passive v trnh qung b thng tin nh tuyn nhm sang nhm
khc)
Sau lp li bc 8 trn router HCM
III.

Bi tp lm thm :

- Cc bn c th thc hnh thm bi lab ny nh bng phn mm GNS3

- Video hng dn cc setup SDM trn GNS3 : http://www.mediafire.com/?dmqwlmfjywi

IV.

Ph lc cc lnh lin quan n bi lab :

Router(config)# ip http server

Bt dch v HTTP trn Router

62

Router(config)# ip http secure-server

Bt dch v HTTPS trn Router

Router(config)# ip http authentication local

Cu hnh chng thc cho dch v HTTP hoc

HTTPS

Router(config)# username TTG privilege 15

password cisco

To username v password vi quyn hn

privilege 15 login v router

63

LAB 8: DHCP, DHCP RELAY

I. Gii thiu giao thc DHCP:
Dch v DHCP lm gim bt cng vic qun tr mng thng qua vic hn ch bt cng vic gn
hoc thay i a ch IP cho cc clients. DHCP cng ly li nhng a ch IP khng cn c s
dng nu thi hn thu bao IP ca cc clients ht hn v khng c ng k mi tr li.
Nhng a ch ny sau c th cp pht cho cc clients khc. DHCP cng d dng nh s li
nu ISP c s thay i.
-Qu trnh cp pht IP cho client c thc hin qua cc bc sau:
1.Client phi c cu hnh ch nhn ip ng t DHCP server, u tin Client s gi gi
DHCPDISCOVER di dng broadcast trn mng ca mnh yu cu DHCP server cp pht
IP
2.DHCP server khi nhn c gi DHCPDISCOVER s tm 1 ip cha c s dng trong range
IP cp pht ca mnh cp pht cho Client thng qua gi DHCPOFFER gi unicast
3.Client khi nhn c DHCPOFFER s nh gi tt c cc DHCPOFFER nhn c trong
trng hp c nhiu DHCP Server v s yu cu mt trong nhng DHCP cp pht IP ny cho
mnh thng qua gi DHCPREQUEST (thng thng Client s gi yu cu ny n DHCP
Server nhn c DHCPOFFER u tin)
4.DHCP server ng cp IP cho client thng qua gi unicast DHCPACK
-Bn yu t c bn m 1 DHCP thng thng cp pht cho Client
IP address
Gateway
Subnet mask
DNS server
II. DHCP Lab :

64

1. Cu hnh DNS server :

-DNS l dch v dng phn gii t tn min sang a ch IP v ngc li, DHCP c kh nng
cp pht a ch IP ca DNS server t ng cho tt c client trong h thng, trong trng hp ny
ta s cu hnh trrn DNS 2 domain sau :
+ Cisco.com c IP l 1.1.1.1
+ Truongtan.edu.vn c Ip l 2.2.2.2
Cu hnh trn PacketTracer nh sau : click vo Server Config DNS v nhp vo thng tin
cho 2 domain trn vi loi Record l A Record
+ Cisco.com c IP l 1.1.1.1

+ Truongtan.edu.vn c Ip l 2.2.2.2

65

2.Cu hnh DHCP trn Cisco Router :

Router>enable
Router#configure terminal
Router(config)#hostname DHCPServer
DHCPServer(config)#interface fa0/1
DHCPServer(config-if)#ip address 192.168.1.1 255.255.255.0
DHCPServer(config-if)#no shutdown
DHCPServer(config-if)#exit
-Cu hnh DHCP Pool cp pht Ip cho mng 192.168.1.0/24
DHCPServer(config)#ip dhcp pool mang192
DHCPServer (dhcp-config)#network 192.168.1.0 255.255.255.0

*a ch mng

DHCPServer(dhcp-config)#default-router 192.168.1.1

*Gateway

DHCPServer(dhcp-config)#dns-server 192.168.1.5

*DNS Server

DHCPServer(dhcp-config)#exit

66

-Thng thng khi cp pht IP ng ta thng dnh ring khong 10 IP u tin khng cp pht
trong DHCP dnh cho cc thit b, Server cn IP tnh, trong trng hp ny ta s loi khng cp
pht cc IP t 192.168.1.1 n 192.168.1.10
DHCPServer(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10
3.Kim tra li cu hnh DHCP trn PC :
-DHCP client s cu hnh ch nhn IP ng nu thy thng tin IP ang c cp pht nh
bn di chng t DHCP hot ng tt

-Kim tra li cc IP c cp pht trn DHCP server bng lnh show ip dhcp binding
DHCPServer# show ip dhcp binding
IP address

Client-ID/

Lease expiration

Type

Hardware address
192.168.1.11

0060.5C66.56B6

--

Automatic

67

-Nh chng ta thy ngoi vic cp pht t ng IP, DHCP cn c th cp pht a ch DNS
server, domain name kim tra nh sau :
+ DNS bng lnh nslookup
+Thng tin DNS, DHCP, Domain name : ipconfig /all
( hin ti PacketTracer cha h tr tt nhng lnh ny )

DHCP RELAY
I.

Gii thiu :
-Giao thc DHCP l 1 giao thc c s dng rt ph bin trong vic cp pht IP ng
cho cc my client, cc bn c th xem li cch cu hnh trn router Cisco ti y
-Nh chng ta bit nhn c Ip t DHCP Server cc my tnh phi gi broadcast
gi tin DHCP Discovery trn mng ca mnh, vy iu g xy ra khi DHCP Server v
Client khng nm cng mng v mc nh router chn d liu dng broadcast. Trong
trng hp ny ta s c 2 cch gii quyt:
+Mi mng s c t mt DHCP server : cch ny khng hiu qu v s c qu nhiu
DHCP server khi cng ty trin khai nhiu mng gy kh khn trong vic qun l v trin
khai
+S dng mt DHCP Server cp pht Ip ng cho tt c cc mng thng qua k thut
DHCP Relay: cch ny c nhiu u im hn ch cn trin khai mt DHCP cng 1 lc
cp pht ip cho nhiu mng kt hp vi lnh ip helper-address bt dch v DHCP
Relay, khi cu hnh lnh ny Router khi nhn c d liu UDP broadcast trn cng ca
mnh s unicast n mt Ip nh trc (IP cu DHCP Server trong trng hp ny)
Cch hot ng ca DHCP Relay:

1. Client Broadcasts gi tin DHCP Discover trong ni b mng

68

2. DHCP Relay Agent trn cng mng vi Client s nhn gi tin v chuyn n DHCP server
bng tn hiu Unicast.

3. DHCP server dng tn hiu Unicast gi tr DHCP Relay Agent mt gi DHCP Offer

4. DHCP Relay Agent Broadcasts gi tin DHCP Offer n cc Client

69

5. Sau khi nhn c gi tin DHCP Offer, client Broadcasts tip gi tin DHCP Request.

6. DHCP Relay Agent nhn gi tin DHCP Request t Client v chuyn n DHCP server
cng bng tn hiu Unicast.

70

7. DHCP server dng tn hiu Unicast gi tr li cho DHCP Relay Agent mt gi DHCP ACK.

8. DHCP Relay Agent Broadcasts gi tin DHCP ACK n Client. n y l hon tt quy trnh
tip nhn x l v chuyn tip thng tin ca DHCP Relay Agent.

71

II.

M hnh bi lab :

1. Cu hnh a ch IP cho TTG v DHCP Router :

72

-Trn 2 router lu cu hnh bng lnh copy run start sau tin hnh tt router v gn them
module WIC-2T b sung thm cng Serial cho router, sau s dng cp Serial kt ni
theo ng m hnh

DHCP Router :
DHCPServer(config)#interface s0/0/0
DHCPServer(config-if)#ip address 192.168.2.1 255.255.255.0
DHCPServer(config-if)#no shutdown
*Cp xung ng h cho DCE

DHCPServer(config-if)#clock rate 64000

DHCPServer(config-if)#exit
DHCPServer(config)#
TTG Router :
Router>
Router>enable
Router#configure terminal
Router(config)#hostname TTGRouter
TTGRouter(config)#interface s0/0/0

73

TTGRouter(config-if)#ip address 192.168.2.2 255.255.255.0

TTGRouter(config-if)#no shutdown
TTGRouter(config-if)#clock rate 64000
TTGRouter(config-if)#exit
TTGRouter(config)#interface fa0/1
TTGRouter(config-if)#ip address 192.168.3.1 255.255.255.0
TTGRouter(config-if)#no shutdown
TTGRouter(config-if)#exit
TTGRouter(config)#
2. nh tuyn cho TTG v DHCP Router :
-Mc nh bng nh tuyn ca router ch cha cc mng kt ni trc tip cn bit cc mng
khng kt ni trc tip cc router phi c cu hnh cc giao thc nh tuyn qung b cc
mng bit cho nhau, trong trng hp ny l RIP
DHCPServer :
DHCPServer(config)#router rip
DHCPServer(config-router)#network 192.168.1.0
DHCPServer(config-router)#network 192.168.2.0
DHCPServer(config-router)#exit
DHCPServer(config)#
TTGRouter :
TTGRouter (config)#router rip
TTGRouter (config-router)#network 192.168.2.0
TTGRouter (config-router)#network 192.168.3.0
TTGRouter (config-router)#exit
TTGRouter (config)#
-Trn 2 Router kim tra bng nh tuyn bng lnh show ip route, cc mng mi hc c s c
nh du R u

74

3. Cu hnh DHCP Relay :

DHCPServer :
-Cu hnh thm 1 DHCP pool cp pht cho mng 192.168.3.0 bn TTG router
DHCPServer(config)#ip dhcp pool mang193
DHCPServer (dhcp-config)#network 192.168.3.0 255.255.255.0

*a ch mng

DHCPServer(dhcp-config)#default-router 192.168.3.1

*Gateway

DHCPServer(dhcp-config)#dns-server 192.168.1.5

*DNS Server

DHCPServer(dhcp-config)#exit
-Loi 10 IP u tin khng cp pht
DHCPServer(config)#ip dhcp excluded-address 192.168.3.1 192.168.3.10
-Cu hnh DHCP Relay trn interface fa0/1 ca router TTG
TTGRouter(config)#interface fa0/1
TTGRouter(config-if)#ip helper-address 192.168.2.1
-Kim tra li vic nhn IP trn PC mng 192.168.3.0

75

*IP ca DHCPServer

III.

Thc hnh thm :

-Lp thc hnh thm 2 bi lab ny bng cch cu hnh thng qua SDM trn phn mm GNS3,
tham kho thm video ti a ch

IV.

Ph lc lnh lin quan n bi lab :

1. Cu hnh DHCP :

DHCPServer(config)#ip dhcp pool mang192

Cu hnh DHCP Pool cp pht IP ng cho

mng

DHCPServer (dhcp-config)#network
192.168.1.0 255.255.255.0

Khai bo a ch mng cn cp pht a ch IP

DHCPServer(dhcp-config)#default-router
192.168.1.1

Cu hnh Gateway ca DHCP Server

DHCPServer(dhcp-config)#dns-server
192.168.1.5

Khai bo DNS

76

DHCPServer(config)#ip dhcp excludedaddress 192.168.1.1 192.168.1.10

Khai bo di IP khng c cp pht ng

2. Cu hnh DHCP RELAY :

TTGRouter(config)#interface fa0/1
TTGRouter(config-if)#ip helper-address
192.168.2.1

Cu hnh DHCP Relay trn interface fa0/1 ca

router TTG 192.168.2.1 l a ch ca DHCP
Server

3. Kim tra cu hnh DHCP :

DHCPServer#show ip dhcp

Cung cp thng tin v tt c cc a ch c

cp t DHCP

DHCPServer#show ip dhcp pool

Hin th thng tin trn tt c cc cu hnh hin

ti DHCP pool trn router

77

LAB 9: NH TUYN TNH (STATIC ROUTE)

I.

Gii thiu :
nh tuyn (Routing) l 1 qu trnh m Router thc thi v s chuyn mt gi tin(Packet)
t mt a ch ngun (soucre)n mt a ch ch(destination) trong mng.Trong qu trnh ny
Router phI da vo nhng thng tin nh tuyn a ra nhng quyt nh nhm chuyn gi tin
n nhng a ch ch nh trc.C hai loI nh tuyn c bn l nh tuyn tnh (Static
Route) v nh tuyn ng (Dynamic Route)
nh tuyn tnh (Static Route) l 1 qu trnh nh tuyn m thc hin bn phI cu
hnh bng tay(manually) tng a ch ch c th cho Router.
Mt dng mc nh ca nh tuyn tnh l Default Routes, d ng ny c s dng
cho cc mng ct (Stub Network)
nh tuyn ng (Dynamic Route) y m mt dng nh tuyn m khi c cu hnh
dng ny, Router s s dng nhng giao thc nh tuyn nh RIP(Routing Information
Protocol),OSPF(Open Shortest Path Frist),IGRP(Interior Gateway Routing Protocol) thc
thi vic nh tuyn mt cch t ng (Automatically) m bn khng phi cu hnh trc tip bng
tay.
II.

M t bi lab v hnh :

- hnh bi lab nh hnh, PC n i vi router bng cp cho. Hai router ni vi nhau bng cp
serial. a ch IP ca cc interface v PC nh hnh v.
- Bi lab ny gip bn thc hin cu hnh nh tuyn tnh cho 2 router, lm cho 2 router c kh
nng nhn thy c nhau v c cc mng con trong n.
2. Cu hnh nh tuyn tnh (Static Route)
Chng ta cu hnh cho cc router v PC nh sau :
Router TTG1 :
Router>enable

Router#configure terminal
Router(config)#hostname TTG1

78

TTG1(config)#interface fa0/0
TTG1(config-if)#ip address 10.0.0.1 255.255.255.0
TTG1(config-if)#no shutdown
TTG1(config-if)#exit
TTG1(config)#interface s0/0/0
TTG1(config-if)#ip address 192.168.0.1 255.255.255.0
TTG1(config-if)#no shutdown
TTG1(config-if)#exit

Router TTG2 :
Router>enable

Router#configure terminal
Router(config)#hostname TTG1
TTG2(config)#interface fa0/0
TTG2(config-if)#ip address 11.1.0.1 255.255.255.0
TTG2(config-if)#no shutdown
TTG2(config-if)#exit
TTG2(config)#interface s0/0/0
TTG2(config-if)#ip address 192.168.0.2 255.255.255.0
TTG2(config-if)#no shutdown
TTG2(config-if)#exit

Host 1 :
IP 10.0.0.2
Subnetmask: 255.255.255.0
Gateway: 10.0.0.1
Host 2 :
IP: 10.0.1.2

79

Subnetmask: 255.255.255.0
Gateway:10.0.1.1
- Chng ta tin hnh kim tra cc kt ni bng cch :
Ping t Host1 sang a ch 10.0.0.1

Ping t Host 1 sang a ch 192.168.0.1

Ping t Host 1 sang a ch 192.168.0.2

- M ch debug ti Router TTG2

TTG2#debug ip packet
IP packet debugging is on
- Thc hin li lnh ping trn ta thy

80

TTG2#
00:33:59: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3
00:33:59: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable
00:34:04: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3
00:34:04: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable
00:34:09: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3
00:34:09: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable
00:34:14: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3
00:34:14: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable
- Ping t Host 1 sang a ch 10.0.1.1

- M ch debug ti Router TTG1

TTG1#debug ip packet
IP packet debugging is on
- Thc hin li lnh Ping:
TTG1#
00:36:41: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable
00:36:41: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending
00:36:42: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable
00:36:42: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending
00:36:43: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable

81

00:36:43: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending

00:36:44: IP: s=10.0.0.2 (Ethernet0), d=10.0.1.1, len 60, unroutable
00:36:44: IP: s=10.0.0.1 (local), d=10.0.0.2 (Ethernet0), len 56, sending
- Lnh Ping trng hp ny khng thc hin thnh cng, ta dng lnh debug ip packet m
ch debug ti 2 Router, ta thy Router TTG 2 vn nhn c gi packet t host1 khi ta ping
a ch 192.168.0.2, tuy nhin do host 1 khng lin kt trc tip vi Router TTG 2 nn gi
Packet ICMP tr v lnh ping khng c a ch ch,do vy gi Packet ny b hy,iu ny dn
n lnh Ping khng thnh cng. trng hp ta ping t Host1 sang a ch 10.0.1.1 gi packet
b mt ngay ti router TTG1 v Router TTG1 khng xc nh c a ch ch cn n trong
bng nh tuyn(a ch ny khng lin kt trc tip vi Router TTG1).Ta so snh v tr
Unroutable trong kt qu debug packet 2 cu lnh ping trn thy c s khc nhau.
- thc hin thnh cng kt ni ny,ta phi thc hin cu hnh Static Route cho Router TTG1
v Router TTG2 nh sau:
TTG1(config)#ip route 10.0.1.0 255.255.255.0 192.168.0.2
TTG1(config)#exit
- Bn thc hin lnh Ping t Host1 sang Host 2

- Bn thc hin lnh Ping t Router TTG2 sang Host1

TTG2#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
- thc hin thnh cng lnh Ping ny bn phi thc hin cu hnh Static route cho Router
TTG 2 nh sau

82

TTG2(config)#ip route 10.0.0.0 255.255.255.0 192.168.0.1

- Lc ny t Host2 bn c th Ping thy cc a ch Trn Router TTG 1 v Host1

- Chng ta kim tra bng nh tuyn ca cc router bng lnh show ip route
TTG1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C

10.0.0.0 is directly connected, Ethernet0

83

10.0.1.0 is directly connected, Serial0/0/0

C 192.168.0.0/24 is directly connected, Serial0/0/0

S biu th nhng kt ni thng qua nh tuyn tnh
C biu th nhng kt ni trc tip
TTG2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
S

10.0.0.0 is directly connected, Serial0/0/0

10.0.1.0 is directly connected, Ethernet0

C 192.168.0.0/24 is directly connected, Serial0/0/0

- Thc hin lnh Show run ti Router xem li cu hnh nh tuyn:
TTG1#show run
Building configuration...
ip kerberos source-interface any
ip classless
ip route 10.0.1.0 255.255.255.0 Serial0/0/0
ip http server
!

84

end

TTG2#show run
Building configuration...
ip classless
ip route 10.0.0.0 255.255.255.0 Serial0/0/0
ip http server
- Bn thc hin thnh cng vic nh tuyn cho 2 Router kt ni c vi nhau c cc mng
con ca chng, bn cng c th m rng hnh ra thm vi 3, 4 hay 5 hop thc hnh vic
cu hnh nh tuyn tnh tuy nhin bn thy r vic cu hnh ny tng i rc ri v di dng
nht l i vi mi trng Internet bn ngoi,v vy bn s phi thc hin vic cu hnh nh
tuyn ng cho Router bi sau.
III.

Ph lc cc lnh lin quan n bi lab :

1. Cu hnh Static route trn Router :

Router(config)# ip route 172.16.20.0

Trong :

255.255.255.0 172.16.10.2

172.16.20.0 = mng ch.

255.255.255.0 = subnet mask ca mng
ch.
Cc bn c th hiu cu lnh nh sau:
c th n c mng ch l
172.16.20.0, vi subnet mask ca mng
l 255.255.255.0, th gi tt c d
liu ra 172.16.10.2.

Router(config)# ip route 172.16.20.0

Trong :

255.255.255.0 serial 0/0/0

172.16.20.0 = mng ch.

85

255.255.255.0 = subnet mask ca mng

ch.
Cc bn c th hiu cu lnh nh sau:
c th n c mng ch l
172.16.20.0, vi subnet mask ca mng
l 255.255.255.0, th gi tt c d
liu ra ngoi interface s0/0/0.

2. Cu hnh Default Route trn Router :

Router(config)# ip route 0.0.0.0

Khi router nhn c mt gi d liu m

0.0.0.0 172.16.10.2

ch ca gi d liu ny khng c trong

bng nh tuyn th s gi gi d liu
ra 172.16.10.2

Router(config)# ip route 0.0.0.0

Khi router nhn c mt gi d liu m

0.0.0.0 Serial 0/0/0

ch ca gi d liu ny khng c trong

bng nh tuyn th s gi gi d liu
ra interface s0/0/0

3. Kim tra static route :

Router# show ip route

Hin th ni dung ca bng nh tuyn

Router #debug ip packet

M ch debug ti Router

Router #Show running-config

Xem li cu hnh nh tuyn

86

STATIC ROUTE TNG HP

YU CU

1)S dng mng 172.(15+X).0.0/16 chia subnet vi X l s th t ca nhm

2)S dng Static Route nh tuyn
3)Cc PC phi i c internet
4)Kim tra li thng tin nh tuyn bng cc lnh
+ Show ip route
+ Ping ra internet
+ T PC dng lnh tracert ra internet lit k ng i

87

LAB 10 : RIPv2
I.

Gii thiu :
RIP (Routing Information Protocol) l mt giao thc nh tuyn dng qung b thng tin v a
ch m mnh mun qung b ra bn ngoi v thu thp thng tin hnh thnh bng nh tuyn (Routing
Table)cho Router. y l loi giao thc Distance Vector s dng tiu ch chn ng ch yu l da vo
s hop (hop count) v cc a ch m Rip mun qung b c gi i dng Classful (i vi RIP verion
1) v Classless (i vi RIP version 2).
V s dng tiu ch nh tuyn l hop count v b gii hn s hop l 15 nn giao thc ny ch c s
dng trong cc mng nh (di 15 hop).

M t bi lab v hnh :

II.

- Cc PC ni vi Switch bng cp thng, hai router ni vi nhau bng cp serial. a ch IP ca

cc interface v PC nh trn hnh.
- Bi thc hnh ny gip bn thc hin c vic cu hnh cho mng c th ien lc c vi
nhau bng giao thc RIP

III.

Mc tiu :

88

IV.

-Trc khi cu hnh nh tuyn bng RIPv2 cho 2 router chng ta s thy ngi t PC1 khng th ping
c n router TTG2 v l do Router TTG2 thng tin v mng 10.0.0.0/24 ( LAN1) nm u
- Sauk hi cu hnh RIPv2 th PC1 phi ping c n TTG2
Cc bc cu hnh :
- Trc tin bn cu hnh cho cc thit b nh sau:

Router TTG1
Router>enable
Router#configure terminal
Router(config)#hostname TTG1
TTG1(config)#interface serial 0/0/0
TTG1(config-if)#ip address 192.168.1.1 255.255.255.0
TTG1(config-if)#no shutdown
TTG1(config-if)#clock rate 64000
TTG1(config-if)#exit
TTG1(config)#interface fastethernet 0/0
TTG1(config-if)#ip address 10.0.0.1 255.255.0.0
TTG1(config-if)#no shutdown
TTG1(config-if)#exit

Router TTG2
Router>enable
Router#configure terminal
Router(config)#hostname TTG2
TTG2(config)#interface serial 0/0/0
TTG2(config-if)#ip address 192.168.1.2 255.255.255.0
TTG2(config-if)#no shutdown
TTG2(config-if)#clock rate 64000
TTG2(config-if)#exit
TTG2(config)#interfacae fastethernet 0/0
TTG2(config-if)#ip address 11.0.0.1 255.255.255.0

89

TTG2(config-if)#no shutdown
TTG2(config-if)#exit

Host1 :
IP 10.0.0.2
Subnet mask:255.255.255.0
Gateway:10.0.0.1

Host2 :
IP: 11.0.0.2
Subnet mask:255.255.255.0
Gateway:11.0.0.1
- Bn thc hin vic kim tra cc kt ni bng lnh Ping
Ping t Host1 sang a ch 10.0.0.1

Ping t Host 1 sang a ch 192.168.0.1

Ping t Host1 sang a ch 192.168.0.2

90

- i vi Host 1 bn khng th Ping thy a ch 192.168.0.2

Bn thc hin vic kim tra tng t Host 2
Ping a ch 11.0.0.1

Ping a ch 192.168.0.2

Ping a ch 192.168.0.1

91

- Thc hin cc lnh Ping t Router TTG1:

TTG1#ping 192.168.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms
TTG1#ping 11.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
- Thc hin cc lnh Ping t Router TTG2
TTG2#ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms
TTG2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
.....

92

Success rate is 0 percent (0/5)

- Bn xem bng thng tin nh tuyn ca tng Router
TTG1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C
C

10.0.0.0 is directly connected, Ethernet0

192.168.0.0/24 is directly connected, Serial0/0/0

TTG2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
11.0.0.0/24 is subnetted, 1 subnets
C
C

11.0.0.0 is directly connected, Ethernet0

192.168.0.0/24 is directly connected, Serial0/0/0

93

Nhn xt : Bn thy rng thng tin a ch ca cc mng m bn thc hin lnh Ping khng thnh
cng khng c lu trn bng nh tuyn

Bn thc hin vic cu hnh RIP cho cc Router nh sau:

TTG1(config)#router rip
TTG1(config-router)#network 192.168.0.0
TTG1(config-router)#network 10.0.0.0
TTG1(config-router)#exit

TTG2(config)#router rip
TTG2(config-router)#network 11.0.0.0
TTG2(config-router)#network 192.168.0.0
TTG2(config-router)#exit
- Bn xem li bng thng tin nh tuyn:
TTG1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C

10.0.0.0 is directly connected, Ethernet0

11.0.0.0/8 [120/1] via 192.168.0.2, 00:00:00, Serial0/0/0

192.168.0.0/24 is directly connected, Serial0/0/0

TTG2#show ip route

94

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set

10.0.0.0/8 [120/1] via 192.168.0.1, 00:00:23, Serial0/0/0

11.0.0.0/24 is subnetted, 1 subnets

C
C

11.0.0.0 is directly connected, Ethernet0

192.168.0.0/24 is directly connected, Serial0/0/0

Nhn xt : Bn thy rng trn bng thng tin nh tuyn, Router TTG1 lin kt RIP vi mng
11.0.0.0/8 qua cng Serial 0(192.168.0.2) v Router TTG2 lin kt vi mng 10.0.0.0/8 qua cng
Serial 0(192.168.0.1)
Ch : V Rip gi i ch theo dng classfull nn subnet mask s c s dng defaul i vi cc lp
mng.
- Lc ny bn thc hin li lnh Ping gia cc Router v cc Host:
T Host1 bn thc hin lnh Ping:

95

T Host 2 bn thc hin lnh Ping:

96

- Bn thy rng cc kt ni thnh cng. n y bn hon tt vic cu hnh RIP cho mng
trn c th trao i thng tin vi nhau.Nhng tm hiu r hn v RIP bn thc hin tip tc
cc bc cu hnh nh sau:
- Bn gi nguyn cu hnh ca Router TTG 1 v thay i cu hnh ca Router TTG 2 t RIP
version 1 sang RIP version 2 v kim tra :
TTG2(config)#router rip
TTG2(config-router)#version 2
- Bn m ch debug trn 2 Router kim tra gi tin:
TTG1#debug ip packet
IP packet debugging is on

TTG2#debug ip packet
IP packet debugging is on
- Lc ny bn thc hin lnh Ping t Host 1 vo cc a ch khng lin kt trc tip vi n c chy
RIP

TTG2#
01:49:58: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3

97

01:49:58: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable

01:50:03: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3
01:50:03: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable
01:50:08: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3
01:50:08: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable
01:50:13: IP: s=10.0.0.2 (Serial0/0/0), d=192.168.0.2 (Serial0/0/0), len 60, rcvd 3
01:50:13: IP: s=192.168.0.2 (local), d=10.0.0.2, len 60, unroutable

TTG2#
01:55:30: IP: s=10.0.0.2 (Serial0/0/0), d=11.0.0.1, len 60, rcvd 4
01:55:30: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable
01:55:35: IP: s=10.0.0.2 (Serial0/0/0), d=11.0.0.1, len 60, rcvd 4
01:55:35: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable
01:55:40: IP: s=10.0.0.2 (Serial0/0/0), d=11.0.0.1, len 60, rcvd 4
01:55:40: IP: s=11.0.0.1 (local), d=10.0.0.2, len 60, unroutable
- Nhng d liu khi bn m ch debug cho thy khi bn thc hin lnh Ping t Host1 n cc a ch
nh:192.168.0.2 v 11.0.0.1 gi tin u nhn c ti im ch,tuy nhin gi tin tr v ti a ch ny
khng tm c a ch 10.0.0.2(Host1) t bng nh tuyn ca Router TTG 2(unroutable) do Router
ny c cu hnh RIP version 2
TTG2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

98

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
11.0.0.0/24 is subnetted, 1 subnets
C
C

11.0.0.0 is directly connected, Ethernet0

192.168.0.0/24 is directly connected, Serial0/0/0

Nhn xt : Mng 10.0.0.0 khng cn tn ti trong bng nh tuyn

Bn thc hin lnh Ping t Router TTG2 sang cc a ch ca Router TTG1
TTG2#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

- Bn thc hin vic kim tra bng lnh Show ip route

TTG1#show ip route
01:46:50: IP: s=192.168.0.2 (Serial0/0/0), d=224.0.0.9, len 52, rcvd 2route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR

99

P - periodic downloaded static route

Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C

10.0.0.0 is directly connected, Ethernet0

11.0.0.0/8 [120/1] via 192.168.0.2, 00:00:05, Serial0/0/0

192.168.0.0/24 is directly connected, Serial0

- Bn thy tuy ti bng nh tuyn ca Router TTG1 vn cn lu li a ch ca mng 11.0.0.0 nhng v

Router TTG2 khng tm thy a ch ca mng 10.0.0.0 nn gi tin khng thc hin gi c. iu ny
cho bn thy giao thc RIP Version 2 khng h tr tng thch ngc cho giao thc RIP Version 1.
- Nh vy trao i thng tin nh tuyn thnh cng bng RIP th i hi cc Router phi cu hnh cng
version RIP, trong trng hp nay ta tip tc cu hnh cho TTG1 chuyn qua s dng RIPv2
TTG1(config)#router rip
TTG1(config-router)#version 2

- Th kim tra li kt ni gia 2 PC sau khi chuyn RIP version trn TTG1 bng lnh Ping v kt
qu lnh phi thnh cng
Ph lc cc lnh lin quan n bi lab :

V.

1. Cu lnh ip classless :
Router(config)# ip classess

Router khi nhn c gi d liu m ch

ca gi d liu khng c trong bng nh
tuyn th gi d liu s c nh
tuyn n default route.

Router(config)# no ip classess

Tt tnh nng ca cu lnh ip classess

2. Giao thc nh tuyn RIP: Cc cu lnh bt buc :

Router(config)# router rip

Cho php router s dng giao thc nh

tuyn rip.

100

Router(config-router)# network w.x.y.z

Trong w.x.y.z l mng ang kt ni

trc tip vo router ca bn m bn
ang mun qung b.

3. Giao thc nh tuyn RIP: Cc cu lnh ty chn :

Router(config)# no router rip

Tt giao thc nh tuyn hot ng trn

router.

Router(config-router)# no network

Xa b mng w.x.y.z khi qu trnh nh

w.x.y.z

tuyn ca RIP.

Router(config-router)# version 2

Giao thc nh tuyn c s dng

nhn v gi cc gi tin Ripv2

Router(config-router)# version 1

Giao thc nh tuyn c s dng

nhn v gi cc gi tin Ripv1 duy nht.

Router(config-if)# ip rip send version 1

Router s ch gi duy nht cc gi tin

Ripv1 qua interface ny.

Router(config-if)# ip rip send version 2

Router s ch gi duy nht cc gi tin

Ripv2 qua interface ny.

Router(config-if)# ip rip send version 1 2

Router s ch gi cc gi tin Ripv1 v

Ripv2 qua interface ny.

Router(config-if)# ip rip receive

Router s ch nhn duy nht cc gi tin

version 1

Ripv1 qua interface ny.

Router(config-if)# ip rip receive

Router s ch nhn duy nht cc gi tin

version 2

Ripv2 qua interface ny.

Router(config-if)# ip rip receive

Router s nhn cc gi tin Ripv1 v

101

version 1 2

Ripv2 qua interface ny.

Router(config-router)# no auto-

Tt tnh nng t ng tng hp a ch

summary

ca cc mng classful (ch c tc dng

vi Ripv2).

Router(config-router)# passive-

Router s khng gi cc thng tin nh

interface s0/0/0

tuyn ca rip ra ngoi interface ny.

Router(config-router)# neighbor

Ch ra mt neighbor trao i thng tin

a.b.c.d

nh tuyn

Router(config-router)# no ip split-

Tt tnh nng split horizon trn router

horizon
Router(config-router)# ip split-horizon

Enable tnh nng split horizon trn

router.

Router(config-router)# timers basic 30

Thay i cc tham s thi gian vi RIP:

90 180 270 360

30 = thi gian Update

90 = Thi gian Invalid
180 = Thi gian hold-down
270 = Thi gian Flush
360 = Thi gian Sleep

Router(config-router)# maximum-

Gii hn s ng i cho cn bng ti l

paths x

x (4 l mc nh, cn 6 s l ti a).

Router(config-router)# default-

Cu hnh default route trong rip.

information orginate

4. X l li vi RIP :

102

Router#show ip route

Hin th ni dung ca bng nh tuyn

Router# debug ip rip

Hin th tt c cc thng tin v rip ang

x l bi router.

Router# show ip rip database

Hin th ni dung ca RIP database.

103

RIPv2 Lab Tng Hp

YU CU
1) Hc vin s thc hnh trn thit b Cisco 2801
2) S dng mng 172.(15+X).0.0/16 chia subnet vi X l s th t ca nhm
3)S dng RIPv2 nh tuyn
4)Cc PC phi i c internet
5)Sauk khi nh tuyn xong, kim tra li thng tin nh tuyn bng cc lnh :
+ Show ip route
+ Ping ra internet t PC v router
+ T PC dng lnh tracert ra internet lit k ng i t ngun n ch

104

LAB 11: CISCO DISCOVERY PROTOCOL (CDP)

I.

Gii thiu
CDP(Cisco Discovery Protocol) l 1 giao thc ca Cisco, giao thc ny hot ng lp
2(data link layer) trong m hnh OSI, n c kh nng thu thp v ch ra cc thng tin ca cc
thit ln cn c kt ni trc tip, nhng thng tin ny rt cn thit v hu ch cho bn trong
qu trnh x l s c mng.
Mc ch
Bi thc hnh ny gip bn hiu r v giao thc CDP v cc thng s lin quan, nm c
chc nng ca cc lnh trong giao thc ny.
Ch : CDP ch cung cp thng tin ca thit b kt ni trc tip vi n, tri vi cc giao thc
nh tuyn. Giao thc nh tuyn c th cung cp thng tin ca cc mng xa, hay kt ni gin
tip qua nhiu router.

II.

III.

M t bi lab v hnh

hnh bi lab nh hnh v, cc router c ni vi nhau bng cp serial.

IV.
Cc bc thc hin
Trc tin cu hnh cho cc Router nh sau

Router TTG1 :
Router> enable
Router#configure terminal
Router<config>#hostname TTG1
TTG1<config>#interface serial 0/0/0
TTG1<config-if>#ip address 192.168.1.2 255.255.255.0

105

TTG1<config-if>#no shutdown
TTG1<config-if>#clock rate 64000
TTG1<config-if>#exit
TTG1<config>#interface serial 0/0/1
TTG1<config-if>#ip address 192.168.2.2 255.255.255.0
TTG1<config-if>#no shutdown
TTG1<config-if>#clock rate 64000
TTG1<config-if>#exit
TTG1<config>#

Router TTG2 :
Router> enable
Router#configure terminal
Router<config>#hostname TTG2
TTG2<config>#interface serial 0/0/0
TTG2<config-if>#ip address 192.168.1.1 255.255.255.0
TTG2<config-if>#no shutdown
TTG2<config-if>#clock rate 64000
TTG2<config-if>#exit
TTG2<config>#

Router TTG3 :
Router> enable
Router#configure terminal
Router<config>#hostname TTG2
TTG2<config>#interface serial 0/0/0
TTG2<config-if>#ip address 192.168.2.1 255.255.255.0
TTG1<config-if>#no shutdown
TTG1<config-if>#clock rate 64000
TTG1<config-if>#exit
TTG1<config>#
Lu : V CDP l 1 giao thc ring ca Cisco nn n c mc nh khi ng, v vy khi
ta dng lnh Show run,nhng thng tin v giao thc ny s khng c hin th.Giao thc ny
c th hot ng trn c Router v Switch
V.

Cc lnh trong giao thc CDP

Lnh Show CDP neighbors : dng xem thng tin ca cc thit b xung quanh c
lin kt trc tip(lnh ny s dng trong mode Privileged)
TTG1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID
Local Intrfce Holdtme Capability Platform Port ID

106

TTG3
TTG2

Ser 0/0/1
Ser 0/0/0

149
134

R
R

2523
2500

Ser 0/0/1
Ser 0/0/0

Lnh Show CDP neighbors detail : dng xem chi tit thng tin ca cc thit b lin
kt trc tip.
TTG1#show cdp neighbors detail
------------------------Device ID: TTG3(thit b lin kt trc tip l TTG3)
Entry address(es): IP address: 192.168.2.1(a ch cng lin kt trc tip)
Platform: cisco 2523, Capabilities: Router (loi thit b lin kt: Cisco Router 2523)
Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1 (lin kt trc tip qua cng
Serial0/0/1)
Holdtime : 124 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 16-Oct-04 02:44 by cmong (Thng tin v h iu hnh ca thit b lin kt)
advertisement version: 2
------------------------Device ID: TTG2(thit b lin kt trc tip l TTG2)
Entry address(es): IP address: 192.168.1.1(a ch cng lin kt)
Platform: cisco 2500, Capabilities: Router(loi thit b lin kt l Cisco Router 2500)
Interface: Serial0/0/0, Port ID (outgoing port): Serial0/0/0 (lin kt qua cng Serial0/0/0)
Holdtime : 168 sec (thi gian gi gi tin l 168 sec)
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 16-Oct-04 02:44 by cmong(Thng tin chi tit v phin bn v h iu
hnh ca thit b)
advertisement version: 2

Lnh Show CDP : hin th thng tin CDP v timer v hold-time.

TTG1#show cdp
Global CDP information:
Sending CDP packets every 60 seconds(gi cdp c gi mi 60 second)
Sending a holdtime value of 180 seconds (thi gian gi gi tin l 180 second)
Sending CDPv2 advertisements is enabled

Lnh Show CDP interface : hin th thng tin CDP v tng cng,cch ng gi v c
timer,hold-time.

107

TTG1#show cdp int

Ethernet0 is administratively down, line protocol is down (cng Ethernet0 down do
khng c thit b lin kt trc tip)
Encapsulation ARPA (cch ng gi packet)
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial0/0/0 is up, line protocol is up(cng Serial0/0/0 up do co thit b lin kt trc tip)
Encapsulation HDLC (cch ng gi packet)
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial0/0/1 is up, line protocol is up (cng Serial0/0/1 up do c thit b lin kt trc tip)
Encapsulation HDLC(cch ng gi packet)
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Lu : ta c th dng lnh no cdp enable tt ch CDP trn cc interface,v lc ny
lnh show CDP interface s khng hin th thng tin CDP trn interface .Nu mun bt li ch
CDP trn interface no ta dng lnh CDP enable trn interface .
TTG1(config)#interface serial 0/0/0
TTG1(config-if)#no cdp enable (tt ch CDP trn interface Serial0/0/0)
TTG1(config-if)#^Z
TTG1#show cdp inter
01:32:44: %SYS-5-CONFIG_I: Configured from console by console
Ethernet0 is administratively down, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial0/0/1 is up, line protocol is up
Encapsulation HDLC
Sending CDP packets every 60 seconds
Holdtime is 180 seconds (thng tin v cng Seria0/0/0 khng hin th sau khi tt ch cdp
trn n)
Nu mun bt li ch CDP trn interface no ta dng lnh CDP enable trn interface .
TTG1(config)#interface serial 0/0/0
TTG1(config-if)#cdp enable
TTG1(config-if)#exit

Lnh Show CDP traffic : hin th b m CDP bao gm s lng gi packet gi, nhn
v b li.
TTG1#show cdp traffic
CDP counters :
Total packets output: 128, Input: 115

108

Hdr syntax: 0, Chksum error: 0, Encaps failed: 9

No memory: 0, Invalid packet: 0, Fragmented: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 128, Input: 115

Lnh Clear CDP counter : dng reset lai b m CDP.

Lnh No CDP run : tt hon ton ch CDP trn Router

TTG1(config)#no cdp run
TTG1(config)#^Z
TTG1#show cdp (lnh show cdp khng hp l khi tt ch cdp)
% CDP is not enabled

Lnh CDP run : dng m li ch CDP trn Router

TTG1(config)#cdp run
TTG1(config)#exit
TTG1#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
Lu : Giao thc CDP ch cho ta bit c thng tin ca nhng thit b c lin kt trc tip.
TTG3#show cdp neighbors detail
------------------------Device ID: TTG1
Entry address(es):
IP address: 192.168.2.2
Platform: cisco 2500, Capabilities: Router
Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1
Holdtime : 138 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 03-Feb-02 22:01 by srani
advertisement version: 2
- T Router TTG3 ch xem c thng tin ca thit b ni trc tip l Router TTG1. Gi s ta
thay i a ch IP ca cng Serial0/0/1 router TTG3
TTG3(config)#interface serial 0/0/0
TTG3(config-if)#ip address 192.168.3.2 255.255.255.0
TTG3(config-if)#no shut
TTG3(config-if)#clock rate 64000
TTG3(config-if)#^Z
- Dng lnh Ping t Router TTG3 ping a ch cng Serial 0/01 ca Router TTG1:

109

TTG3#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
- S dng giao thc CDP t Router TTG3 xem thng tin v cc thit b lin kt trc tip:
TTG3#show cdp neighbors detail
------------------------Device ID: TTG1
Entry address(es):
IP address: 192.168.2.2
Platform: cisco 2500, Capabilities: Router
Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1
Holdtime : 144 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Sun 03-Feb-02 22:01 by srani
advertisement version: 2
- Bn thy r t Router TTG3 ta ping khng thy c Router TTG1 nhng dng giao thc CDP
bn vn nhn c thng tin ca thit b lin kt. y l u im ca giao thc CDP. u im
ny s rt hu ch cho bn khi x l s c mng.
VI. Ph lc cc lnh lin quan n bi lab :
Router#show cdp
Hin th thng tin ca CDP nh cc tham
s thi gian.
Router#show cdp neighbors

Hin th thng tin v cc thit b hng

xm.

Router#show cdp neighbors detail

Hin th thng tin chi tit v cc thit b

hng xm.

Router#show cdp entry word

Hin th thng tin v nh danh cc thit

b.

Router#show cdp entry *

Hin th thng tin v tt c cc thit b.

Router#show cdp interface

Hin th thng tin v tt c nhng

interface ang chy giao thc CDP.

110

Router#show cdp interface x

Hin th thng tin v mt interface no

c ch ra ang chy giao thc CDP.

Router#show cdp traffic

Hin th thng tin v cc lu lng c

i v n.

Router(config)#cdp holdtime x

Thay i thi gian m cc gi tin CDP

c gi li.

Router(config)#cdp timer x

Thay i thi gian cc gi tin CDP

c cp nht

Router(config)#cdp run

Cho php giao thc CDP c chy trn

tt c cc interface (mc nh).

Router(config)#no cdp run

Tt giao thc CDP chy trn cc interface

ca thit b.

Router(config-if)#cdp enable

Cho php giao thc CDP c chy trn

mt interface c ch ra.

Router(config-if)#no cdp enable

Tt giao thc CDP trn interface c ch

ra.

Router#clear cdp counters

Khi to li b m lu lng d liu tr

v 0

Router#clear cdp table

Xa bng CDP.

Router#debug cdp adjacency

Gim st cc thng tin CDP v cc thit

b hng xm.

Router#debug cdp events

Gim st tt c cc s kin ca giao thc

CDP

Router#debug cdp ip

Gim st cc s kin ca CDP c ch ra

cho giao thc IP.

111

Router#debug cdp packets

Gim st cc thng tin ca CDP c lin

quan n cc gi tin.

112

LAB 12: SAO LU IOS, CU HNH ROUTER

I.

Gii thiu :
- Flash l 1 b nh c th xa, c dng lu tr h iu hnh v mt s m lnh.B nh
Flash cho php cp nht phn mm m khng cn thay th chip x l.Ni dung Flash vn c
gi khi tt ngun.
- Bi lab ny gip bn thc hin vic np IOS (Internetwork Operating System) Image t
Flash trong Router Cisco vo TFTP server to bn IOS Image d phng v np li IOS Image
t t TFTP sever vo Cisco Router chy t Flash(khi phc phin bn c hay update phin bn
mi) thng qua giao thc truyn TFTP (Trivial file transfer protocol)

II.

M t bi lab v hnh :

- hnh bi lab nh hnh v, PC ni vi router bng cp cho

- PC hot ng nh 1 TFTP Server v c ni vi Router thng qua mi trng Ethernet,
lc ny Router hot ng nh l TFTP Client. IOS s c copy t Router ln Server ( trong tnh
hung backup IOS) hay t Server vo Router( trong tnh hung update hay ci t IOS mi). i

113

vi trng hp np IOS cho Router khi Flash Router b xo ta c th vo mode ROMMON

cu hnh ly IOS t Server.
III.

Cc bc thc hin :
Chng ta s cu hnh cho router TTG v PC (ng vai tr nh mt TFTP server) nh sau :
PC :
IP Address : 10.1.0.2
Subnetmask : 255.0.0.0
Gateway

: 10.1.0.1

Router TTG :
Router>enable
Router#configure terminal
Router(config)#hostname TTG
TTG(config)#interface fa0/1
TTG(config-if)#ip address 10.1.0.1 255.0.0.0
TTG(config-if)#no shutdown
TTG(config-if)#exit

Bn thc hin lnh Ping m bo vic kt ni gia Router v TFTP server

TTG#ping 10.1.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

Dng lnh Show version xem phin bn IOS hin hnh:

TTG#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1d), RELEASE SOFTWARE
(fc1)
Router ang s d ng IOS version 12.2(1d)

114

Copyright (c) 1986-2002 by cisco Systems, Inc.

Compiled Sun 03-Feb-02 22:01 by srani
Image text-base: 0x0307EEE0, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
SOFT
WARE (fc1)
TTG uptime is 15 minutes
System returned to ROM by bus error at PC 0x100D042, address 0xFFFFFFFC
System image file is "flash:/c2500-jk8os-l.122-1d.bin" Tn tp tin IOS image
c np t flash- loI Cisco 2500 s
dng h iu hnh phin bn12.2(1d)
cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory.
Router c 16MB RAM,14 MB dng cho
b nh x l, 2 MB dng cho b nh I/O
Processor board ID 08030632, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY) Router c 16 MB
flash

115

 Thanh ghi hin hnh

Configuration register is 0x2102

Dng lnh Show Flash xem b nh Flash v lu tn file IOS li chun b copy
xung TFTP
TTG#show flash
System flash directory:
File Length Name/status
1 16505800 /c2500-jk8os-l.122-1d.bin
[16505864 bytes used, 271352 available, 16777216 total]
16384K bytes of processor board System flash (Read ONLY)

ngha tn File IOS Image:

c2500:loi thit b Cisco 2500
1.122 : lai phin bn IOS
Bn thc hin vic np IOS image t Flash vo TFTP server:
TTG#copy flash: tftp:

Source filename []? /c2500-jk8os-l.122-1d.bin

Address or name of remote host []? 10.1.0.2

a ch TFTP server

Destination filename [c2500-jk8os-l.122-1d.bin]?

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
16505800 bytes copied in 232.724 secs (71145 bytes/sec)
- Qu trnh np thnh cng, file IOS image c lu vo chng trnh cha TFTP server

116

- Bn thc hin xong vic np IOS t Flash vo TFTP server, sau y bn thc hin
li vic np mt IOS c sn t TFTP server vo li flash ca mt Router.

Cc bc thc hin: Bn cu hnh Router v Host nh trn.chy chng trnh TFTP

t PC.
Gi s bn c 2 file IOS c sn trong TFTP server

117

File IOS Image c2500-i-l.121-26.bin c dung lng 7,85 MB.

File IOS Image c2500-jk80os-l.122-1d.bin c dung lng 16MB
Bn thc hin kim tra Flash:
TTG#show flash
System flash directory:
File Length Name/status
1 8039140 /c2500-i-l.121-26.bin
[8039204 bytes used, 349404 available, 8388608 total]
8192K bytes of processor board System flash (Read ONLY)
Nhn xt : B nh Flash ca bn c dung lng l 8 MB, bn c th lu file IOS image
c2500-i-l.121-26.bin vo Flash
Thc hin qu trnh copy flash
TTG#copy tftp: flash:
Address or name of remote host []? 10.1.0.2

tn hay a ch ni lu
Flash (TFTP Server)

Source filename []? c2500-i-l.121-26.bin

Destination filename [c2500-i-l.121-26.bin]?

Tn file ngun
Tn file ch

%Warning:There is a file already existing with this name

Do you want to over write? [confirm]
Accessing tftp://192.168.14.2/c2500-i-l.121-26.bin...
Erase flash: before copying? [confirm]
00:09:43: %SYS-5-RELOAD: Reload requested
%SYS-4-CONFIG_NEWER: Configurations from version 12.1 may not be correctly
understood.
%FLH: c2500-i-l.121-26.bin from 192.168.14.2 to flash ...
System flash directory:
File Length Name/status

118

1 8039140 /c2500-i-l.121-26.bin
[8039204 bytes used, 349404 available, 8388608 total]
Accessing file 'c2500-i-l.121-26.bin' on 192.168.14.2...
Loading c2500-i-l.121-26.bin from 192.168.14.2 (via Ethernet0): ! [OK]
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased qu trnh xa flash
Loading c2500-i-l.121-26.bin from 192.168.14.2 (via Ethernet0): !!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

qu trnh np Flash

[OK - 8039140/8388608 bytes]

Verifying checksum... OK (0x9693)
Flash copy took 0:03:57 [hh:mm:ss]
%FLH: Re-booting system after download
F3: 7915484+123624+619980 at 0x3000060

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013. Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1)

119

Copyright (c) 1986-2004 by cisco Systems, Inc.

Compiled Sat 16-Oct-04 02:44 by cmong
Image text-base: 0x03042000, data-base: 0x00001000
cisco 2500 (68030) processor (revision N) with 6144K/2048K bytes of memory.
Processor board ID 17553463, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
- Sau khi np Flash hon thnh, Router s reset li thay i Flash mi, lc ny IOS
trong Flash s l file IOS bn va copy vo.
Qu trnh np Flash trong TFTP server

Lu : l trong c qu trnh copy flash t TFTP server vo Router hay t Router vo TFTP
server bn u phi chy chng trnh TFTP server trn PC.

120

Ph lc cc lnh lin quan n bi lab :

1. Cc cu lnh Boot System :

IV.

Router(config)#boot system flash

Khi ng vi phn mm Cisco IOS bng

imagename

mt image-name t Flash

Router(config)#boot system tftp

Khi ng vi phn mm Cisco IOS bng

image-name 172.16.10.3

mt image-name t mt TFTP server

Router(config)#boot system rom

Khi ng vi phn mm Cisco IOS t

ROM.

2. Sao lu phn mm Cisco IOS vo mt TFTP server :

Router #copy flash tftp

Copy IOS t flash ti TFTP Server

Source filename [ ]? c2600-js-l_121-

Nhp tn ca phn mm Cisco IOS.

3.bin
Address or name of remote host [ ]?

Nhp a ch IP ca TFTP server.

192.168.119.20
Destination filename [c2600-js-l_121-

Nhp tn ca file m bn lu ra TFTP

3.bin]?

server.

3. Phc hi hoc nng cp phn mm Cisco IOS t mt TFTP Server :

Router #copy tftp flash

Copy IOS t TFTP Server ti flash

Address or name of remote host [ ]?

Nhp a ch IP ca TFTP server

192.168.119.20
Source filename [ ]? c2600-js-l_121-

Nhp tn ca file m bn lu trn TFTP

3.bin

server.

121

Destination filename [c2600-js-l_121-

Nhp tn ca file m bn lu trn IOS

3.bin]?

server.

Erase flash: before copying? [confirm]

Nu b nh flash b y, th s cn phi
xa trc khi thc hin vic copy.

4. Kim tra file IOS :

Router #show version

Kim tra xem phin bn IOS hin hnh

Router #show flash

Xem b nh Flash v lu tn file IOS li

chun b copy xung TFTP

122

LAB 13: KHI PHC MT KHU CHO CISCO

ROUTER
I.

Gii thiu :
- Mt khu truy cp l rt hu ch trong lnh vc bo mt, tuy nhin i khi n cng em l i
phin toi nu chng may bn qun mt mt khu truy nhp.Bi thc hnh khi phc mt khu
cho Cisco Router ny gip bn khi phc li mt khu ng nhp vo Router .
Lu : t mt khu cho Router c ngha r t ln trong kha cnh security,n ngn cn c
cc phin Telnet t xa vo Router thay i cu hnh hay thc hin nhng mc ch khc.Bn
nn trnh nhm ln gia hai khi nim bo mt v khi phc mt khu,bn c th khi phc
hay thay i c mt khu ca Router khng c ngha l mc bo mt ca Router khng cao
v khi phc mt khu cho Router, iu kin tin quyt l bn phi thao tc trc tip trn
Router, iu ny c ngha l b n phi c s chp nhn ca Admin hay k thut vin qun l
Router.

II.

M t bi lab v hnh :

Trong hnh trn PC ni vi router bng cp console

Qu trnh khi ng ca Router :
Khi va bt ngun, Router s kim tra phn cng, sau khi phn cng c kim tra hon
tt, h iu hnh s c np t Flash, tip Router s np cu hnh trong NVRAM bao gm
tt c nhng ni dung cu hnh trc cho Router nh cc thng tin v giao thc, a ch cc
cng v c mt khu truy nhp.V vy Router khng kim tra mt khu khi ng nhp, bn
phi ngn khng cho Router np d liu t NVRAM.
Mi dng Router c mt k thut khi phc mt khu khc nhau, tuy vy khi phc mt khu
cho Router bn phi qua cc bc sau:

III.

123

 Bc 1 : Khi ng Router,ngn khng cho Router np cu hnh trong NVRAM. (bng

cch thay i thanh ghi t 0x2102 sang thanh ghi 0x2142).
Bc 2 : Reset li Router (lc ny Router s dng thanh 0x2142 khi ng).
Bc 3 : ng nhp vo Router(lc ny Router khng kim tra mt khu), dng cc lnh
ca Router xem hay ci t li mt khu (bn ch xem c mt khu khi mt khu c ci
t ch khng m ha)
Bc 4 : Thay i thanh ghi (t 0x2142 sang 0x2102).
Bc 5 : Lu li cu hnh va ci t (lc ny mt khu bit).
IV.
Khi phc mt khu cho Cisco Router 2500.
- Gi s khi bn ng nhp vo Router nhng bn qun mt mt khu.
TTG con0 is now available
Press RETURN to get started.
TTG>enable
Password:
Password:
Password:
% Bad secrets
- Bn phi thc hin vic khi phc mt khu. Cc bc thc hin nh sau:

Bc 1 : bn khi ng li Router
System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by cisco Systems
2500 processor with 8192 Kbytes of main memory n Ctrl Break khng cho
Router np d liu t NVRAM
Abort at 0x103AA7E (PC)
romon> confreg 0x2142 S dng lnh ny thay i thanh ghi sang 0x2142

Bc 2 : khi ng li Router, lc ny Router s np cu hnh t thanh ghi 0x2142 (cu

hnh trng)
TTG>enable
password s khng yu cu kim tra khi ng nhp
TTG#show start

dng lnh Show start xem cu hnh trong NVRAM

Using 456 out of 32762 bytes

124

!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 $1$AqeQ$yB00zFjHxIiVoHLnbLEhh1 password secret
c m ho
enable password cisco

mt khu enable password l cisco

!
end

Bc 3 : Cu hnh li mt khu cho Router:

TTG#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
TTG(config)#enable secret TTG mt khu secret c cu hnh li l TTG
TTG(config)#exit
TTG#conf igure terminal
TTG(config)#enable password class

mt khu enable password l class

TTG(config)#exit

Bc 4 : Thay i thanh ghi hin hnh t 0x2142 tr v 0x2102

Dng lnh Show version xem thanh ghi hin hnh
TTG#show verion
Cisco Internetwork Operating System Software

125

IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 16-Oct-04 02:44 by cmong
Image text-base: 0x03042000, data-base: 0x00001000
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2142

Thanh ghi 0x2142 ang c s dng

Thay i thanh ghi:

TTG(config)#config-register 0x2102

dng lnh config-register

TTG(config)#exit
Xem li thanh ghi hin hnh:
TTG#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-I-L), Version 12.1(26), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 16-Oct-04 02:44 by cmong
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2142 (will be 0x2102 at next reload) thanh ghi hin
hnh l 0x2102

Bc 5 : lu cu hnh thay i vo thanh ghi 0x2102

TTG#copy run start
Building configuration...
[OK]

126

- Dng lnh show start xem cu hnh khi ng trong NVRAM

TTG#show start
Using 488 out of 32762 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname TTG
!
enable secret 5 $1$49cD$jrvYyRSQhpTAHuDA1/R1v.
enable password class
!
!
!
End
- Sau khi reload li, ng nhp vo Router,mt khu secret l TTG s c kim tra
TTG con0 is now available
Press RETURN to get started.
TTG>ena
Password:

mt khu l TTG s c kim tra v chp nhn

TTG#
V.

Ph lc cc lnh lin quan n bi lab :

127

Router #show version

Khi bn s dng cu lnh show version

th dng cui cng ca phn hin th s
thng bo cho bn bit gi tr ca
Configuration register.

Router (config)#config-register 0x2102

Thay i gi tr ca Configuration
Register thnh 2102

Rommon 1 > confreg 0x2142

Thay i gi tr thanh ghi trong ch

Rommon thnh 2142

Router #reload

Khi ng li Router

Router #copy runningconfig startupconfig

Copy file cu hnh vo NVRAM

128

Lab 14: RECOVERY PASSWORD SWITCH

I.

Gii thiu :
Trong bi lab ny chng ta se thc hin recovery password ca mt switch
M t bi lab v hnh :

II.

- Ni cp console gia PC vi switch. Chng ta s tin hnh recovery password trn switch 2950
trong bi lab ny.
III. Thc hin :
- kho st vic recovery password r rng hn ,chng ta s cu hnh tn v password cho
switch trc khi tin hnh recovery password cho switch
- Chng ta cu hnh tn v password cho switch nh sau :
Switch#configure terminal
Switch(config)#hostname TTG
TTG(config)#enable password cisco
TTG(config)#enable secret TTG

t password cho switch

t secret password cho switch

- Sau khi cu hnh xong chng ta lu vo NVRAM v xem li cu hnh trong NVRAM tr c
khi tin hnh recovery password cho switch.
TTG#copy run start
Destination filename [startup-config]?
Building configuration...

129

TTG#show start
TTG#sh start
Using 1186 out of 32768 bytes
version 12.1
hostname TTG
enable secret 5 $1$s22D$vCe6IFIeKLhUPZqgm6QZ6/
enable password cisco
Chng ta tin hnh recovery password theo cch bc sau :
Bc 1 : tt ngun switch, sau gia nt MODE trn switch 2950 trong lc bt ngun
li. Khi mn hnh hin nhng thng bo sau, ta nh nt MODE ra.
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA2, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sun 07-Nov-04 23:14 by antonino
(mt s thng bo c lc b)
flash_init
load_helper
boot
Bc 2: Chng ta nhp flash_init bt u cu hnh cho cc file ca flash. Nhp cu
lnh dir flash: xem cc file c cha trong flash. Sau chng ta i tn file config.text thnh
config.bak (v cu hnh ca chng ta lu ph n trc c switch cha trong file ny) bng
cu lnh sau : rename flash:config.text flash:config.bak Sau chng ta reload li switch bng
cu lnh boot
Bc 3 : Trong qu trnh khi ng switch s hi :
Continue with the configuration dialog? [yes/no] :
Chng ta nhp vo NO, b qua cu hnh ny. Sau khi khi ng xong chng ta vo
mode privileged.
Switch>en

130

Switch#
- Sau chng ta chuyn tn file config.bak trong flash thnh config.text bng cch :
Switch#rename flash:config.bak flash:config.text
- Ri cu hnh NVRam vo RAM bng cu lnh sau :
Switch#copy flash:config.text system:running-config

Bc 4 : g b tt c cc loi password
TTG#conf t
TTG(config)#no enable password
TTG(config)#no enable secret

Bc 5 : copy cu hnh t RAM vo NVRam, ri reload switch li.

TTG#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
TTG#reload

IV.

Ph lc mt s lnh lin quan n bi lab :

Switch: flash_init

Khi to b nh flash

Switch: dir flash:

Hin th ni dung ca b nh flash

Switch: rename flash:config.text

flash:config.bak

Thc hin i tn ca file cu hnh. V file

switch: boot

Khi ng li switch

Switch #rename flash:config.bak

i li tn ca file cu hnh tr v tn

flash:config.text

mc nh.

Switch #copy flash:config.text

Copy file cu hnh trong b nh flash

cu hnh config.text c cha mt khu.

system:running-config

131

Switch#copy running-config

Lu file cu hnh ang chy vo NVRAM

startupconfig

vi mt khu mi c cu hnh.

132

LAB 15: LAB TNG HP PHN 1

I.
1.
2.
3.
4.
5.
6.
7.
8.
9.
II.

III.
1.
2.

Yu Cu :
Trin khai m hnh kt ni trn Cisco Lab
S dng mng 192.168.X.0/24 chia subnet cc mng ca router N,HN,HCM :
t mt khu cho line vty,console,enable secrect cho cc router l TTG,
S dng RIPv2 nh tuyn gia router N,HN,HCM :
nh tuyn cc Router kt ni n Internet, Internet ch dng Static route :
Cc PC phi ping c n cc mng ca Internet :
Kim tra li thng tin nh tuyn bng cc lnh :
T PC th telnet ,ssh ln router v lu cu hnh
Copy cu hnh, IOS t cc router n lu trn TFTP Server
Mc Tiu :
- Gip cc hc vin nm r li cc kin thc lin quan n phn 1 ca chng trnh
CCNA bao gm cc phn : a ch IP, subnet, nh tuyn tnh v ng ( Static Route,
RIPv2 ), cc loi mt khu, sao lu d phng cu hnh, IOS
Cc Bc Cu Hnh :
Trin khai m hnh kt ni trn Cisco Lab
S dng mng 192.168.2.0/24 ( bi lab s dng X=2, cc nhm nh thay gi tr ca
X = STT m gio vin phn ) chia subnet cc mng ca router N,HN,HCM :

+S subnet cn

: 5 subnet

133

+S bit mn

: 3 bit ( tng cng c 8 subnet)

+SubnetMask mi: 255.255.255.224

+Bc nhy

: 256 -224 = 32
IP dng c

+Lit k subnet
1-192.168.2.0/27

192.168.2.1 --- 192.168.2.30 ( LAN N)

2-192.168.2.32/27

192.168.2.33 --- 192.168.2.62 (LAN HN)

3-192.168.2.64/27

192.168.2.65 --- 192.168.2.94 (LAN HCM)

4-192.168.2.96/27

192.168.2.97 --- 192.168.2.126 (N-HN)

5-192.168.2.128/27

192.168.2.129 --- 192.168.2.158 (HN-HCM)

6-192.168.2.160/27

192.168.2.161 --- 192.168.2.190

7-192.168.2.192/27

192.168.2.193 --- 192.168.2.222

8-192.168.2.224/27

192.168.2.225--- 192.168.2.254

-Tin hnh t a ch IP cho cc Router,PC

3. t mt khu cho line vty,console,enable secrect cho cc router l TTG,
bt dch v SSH s dng version2 :
-Mt khu line vty
Router(config)#line vty 0 4
Router(config-line)#password TTG
Router(config-line)#login
-Mt khu console
Router(config)#line console 0
Router(config-line)#password TTG
Router(config-line)#login
-Secrect password
Router(config)# enable secrect TTG

134

-Bt dch v SSH

i tn mc nh ca router

Router(config)#hostname DN

DN(config)#username ttg password 123 Username v mt khu chng thc trong SSH
DN(config)#ip domain-name truongtan.edu.vn t domain name cho router

To ra kha m ha d liu trong phin SSH

DN(config)#crypto key generate rsa

The name for the keys will be: DN.truongtan.edu.vn

Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
DN(config)#ip ssh version 2
DN(config)#line vty 0 4
DN(config)#transport input ssh
DN(config)#login local

Ch cho php SSH n router

Khi SSH n router s chng thc bng nhng

username v mt khu to ra trn

- Lp li vic cu hnh cc loi mt khu v SSH trn 3 router cn li .

4. S dng RIPv2 nh tuyn gia router N,HN,HCM :
- Do c 3 router u dng cc subnet ca cng network 192.168.2.0/24 nn khi cu hnh RIP c 3
router u ging nhau :
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 192.168.2.0
- Do cc network c qung b trong RIP phi l cc default network theo class A,B,C. V d
router DN c 2 subnet cn qung b l 192.168.2.0/27 v 192.168.2.96/27 nhng do 2 subnet ny
u thuc cng network lp C 192.168.2.0/24 nn khi cu hnh RIP ch cn qung b
DN(config-router)#network 192.168.2.0
- Tin hnh kim tra li thng tin nh tuyn ca cc router bng lnh :

135

Router#show ip route
Router#show ip protocols
- T cc PC ca HN, HCM, N s dng lnh ping kim tra kt ni nu khng thnh cng trn
cc router th s dng lnh show ip interface brief kim tra li trng thi vt l v a ch ip
ca cc cng
HN#show ip interface brief
Interface

IP-Address

OK? Method Status

FastEthernet0/0

192.168.2.33

YES manual

FastEthernet0/1

unassigned

Serial0/0/0

192.168.2.97

YES manual

up

Serial0/0/1

192.168.2.129 YES manual

up

Serial0/1/0

192.168.1.1

YES manual

Serial0/1/1

unassigned

YES manual

YES

manual

Protocol

up

up

administratively down down

up
administratively down

up
up
up
down

5. nh tuyn cc Router kt ni n Internet, Internet ch dng Static route :

-Do c im cc mng ngoi Internet l rt nhiu khng th nh tuyn bng cch ch tng
mng c nn cc PC trong LAN ca HCM, HN, N c th i n c tt c cc mng
Internet th trn 3 router ta phi cu hnh thm default route ( ng i mc nh) , c th nh
sau
+N, HCM s cu hnh ng i mc nh n HN
DN(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.97
HCM(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.129 Lnh trn c ngha l i vi
router HCM,DN nhng network ch no khng bit th s c y n router HN
+ HN s cu hnh ng i mc nh n Internet
HN(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 Lnh trn c ngha l i vi
router HN nhng network ch no khng bit th s c y n router Internet
- Cn i vi router Internet s dng static route n 5 subnet m hin ti n cha bit l cc
subnet ca cc LAN v subnet dng gia cc router N,HN,HCM, lnh cu hnh c th nh sau:
+ Internet(config)#ip route 192.168.2.0 255.255.255.224 192.168.1.2 next-hop l IP ca HN

136

+ Internet(config)#ip route 192.168.2.32 255.255.255.224 192.168.1.2 (HN LAN)

+ Internet(config)#ip route 192.168.2.64 255.255.255.224 192.168.1.2 (DHCM LAN)
+ Internet(config)#ip route 192.168.2.96 255.255.255.224 192.168.1.2 (DN-HN)
+ Internet(config)#ip route 192.168.2.128 255.255.255.224 192.168.1.2 (HCM-HN)
- Nhng do c 5 subnet ny u thuc network 192.168.2.0/24 nn thay v nh 5 lnh route n
5 subnet ta c th s dng 1 lnh route n network chnh. Nh vy 5 lnh route trn c th thay
bng 1 lnh route sau :
+ Internet(config)#ip route 192.168.2.0 255.255.255.0 192.168.1.2
- Kim tra kt ni t cc PC n cc mng ngoi Internet bng lnh ping,tracert
6. Cc PC phi ping c n Web, FTP Server:
- S dng lnh ping trn tt c PC kim tra kt ni n cc server ti router Internet, cc lnh
ping u phi thnh cng.
- Setup Web v FTP server, cc bn c th tham kho video ti a ch
http://www.mediafire.com/download.php?lhz4njdflyy
- M trnh duyt th kt ni n Webserver
7. Kim tra li thng tin nh tuyn bng cc lnh :
Ping,Traceroute , Show ip route, Show ip protocols, Debug ip rip
8. T PC th telnet ,ssh ln router,lu cu hnh copy running-config startup-config
- T PC mun telnet,ssh n router vo Desktop Command Prompt s dng lnh
telnet <ip ca router> Lnh telnet s khng thnh cng do hin ti ta ang dng SSH
ssh -l <tn username to trn router> <ip ca router>
- Tin hnh lu cu hnh trn cc router bng lnh
Router#copy running-config startup-config
Destination filename [startup-config]? <Enter>
9. Lu cu hnh ,IOS ca cc router ln TFTP server :
- Trn LAN ca N tin hnh kt ni thm 1 TFTP Server c a ch 192.168.2.5 sau tin
hnh copy cu hnh ( startup-config, running-config) v IOS lu trn TFTP server

137

DN#copy run tftp

Address or name of remote host []? 192.168.2.5
Destination filename [DN-confg]? <Enter>
DN#copy start tftp
Address or name of remote host []? 192.168.2.5
Destination filename [DN-confg]? <Enter>
- Copy IOS ln lu trn TFTP server, trc tin ta phi s dng lnh dir flash: hay show flash:
mode privilege xem thng tin v tn file IOS sau s dng lnh
DN#copy flash: tftp:
10. Kt thc bi lab,s dng lnh erase startup-config xa cu hnh v reload khi
ng li router

138

LAB 16: OSPF (OPEN SHORTEST PATH FIRST)

1. Gii thiu :
Giao thc OSPF (Open Shortest Path First) thuc loi link-state routing protocol v
c h tr bi nhiu nh sn xut. OSPF s dng thut ton SPF tnh ton ra ng i ngn
nht cho mt route. Giao thc OSPF c th c s dng cho mng nh cng nh mt mng ln.
Do cc router s dng giao thc OSPF s dng thut ton tnh metric cho cc route ri t
xy dng nn hnh ca mng nn tn rt nhiu b nh cng nh hot ng ca CPU router.
Nu nh mt mng qu ln th vic ny din ra rt lu v tn rt nhiu b nh. khc phc
tnh trng trn, giao thc OSPF cho php chia mt mng ra thnh nhiu area khc nhau. Cc
router trong cng mt area trao i thng tin vi nhau, khng trao i vi cc router khc vng.
V vy, vic xy dng hnh ca router c gim i rt nhiu. Cc vng khc nhau mun lin
kt c vi nhau phi ni vi area 0 (cn c gi l backbone) bng mt router bin.
Cc router chy giao thc OSPF gi lin lc vi nhau bng cch gi cc gi Hello cho
nhau. Nu router vn cn nhn c cc gi Hello t mt router kt ni trc tip qua mt ng
kt ni th n bit c rng ng kt ni v router u xa vn hot ng tt. Nu nh router
khng nhn c gi hello trong mt khong thi gian nht nh, c gi l dead interval, th
router bit rng router u xa b down v khi router s chy thut ton SPF tnh route
mi.
Mi router s dng giao thc OSPF c mt s ID nhn dng. Router s s dng a
ch IP ca interface loopback cao nht (nu c nhiu loopback) lm ID. Nu khng c loopback
no c cu hnh hnh th router s s dng IP cao nht ca cc interface vt l.
OSPF c mt s u im l : thi gian hi t nhanh, c h tr bi nhiu nh sn xut, h
tr VLSM, c th s dng trn mt mng ln, c tnh n nh cao.
2. Cc cu lnh s dng trong bi lab :
router ospf process-id
Cho php giao thc OSPF

network address wildcard-mask area area-id

Qung b mt mng thuc mt area no

3. M t bi lab v hnh :

139

- hnh bi lab nh hnh v. Cc router c cu hnh cc interface loopback 0. a ch IP ca

cc interface c ghi trn hnh. Lu y chng ta s dng subnetmask ca cc mng khc
nhau.
4. Cc bc thc hin :
- Trc tin ta cu hnh cho cc Router nh sau :
Router TTG1
Router>enable
Router#configure terminal
Router(config)#hostname TTG1
TTG1(config)#interface s1/0
TTG1(config-if)#ip address 192.168.1.1 255.255.255.0
TTG1(config-if)#no shutdown
TTG1(config-if)#clock rate 64000

140

TTG1(config-if)#exit
TTG1(config)#interface loopback 0
TTG1(config-if)#ip address 10.0.0.1 255.255.0.0
TTG1(config-if)#exit
TTG1(config)#
Router TTG2
Router>enable
Router#configure terminal
Router(config)#hostname TTG2
TTG2(config)#interface s1/0
TTG2(config-if)#ip address 192.168.1.2 255.255.255.0
TTG2(config-if)#no shutdown
TTG2(config-if)#clock rate 64000
TTG2(config-if)#exit
TTG2(config)# interface s1/1
TTG2(config-if)# ip address 170.1.0.1 255.255.0.0
TTG2(config-if)#no shutdown
TTG2(config-if)#clock rate 64000
TTG2(config-if)#exit
TTG2(config)#interface loopback 0
TTG2(config-if)#ip address 11.1.0.1 255.0.0.0
TTG2(config-if)#exit
TTG1(config)#interface E0
TTG2(config-if)# ip address 15.1.0.1 255.0.0.0
TTG2(config-if)#no shutdown

141

TTG2(config-if)#exit
TTG2(config)#
Router TT3
Router>enable
Router#configure terminal
Router(config)#hostname TTG3
TTG3(config)#interface s1/0
TTG3(config-if)#ip address 170.1.0.2 255.255.0.0
TTG3(config-if)#no shutdown
TTG3(config-if)#clock rate 64000
TTG3(config-if)#exit
TTG3(config)#interface loopback 0
TTG3(config-if)#ip address 12.1.0.1 255.255.255.252
TTG3(config-if)#exit
TTG3(config)#
- Trc khi cu hnh OSPF mi ngi cn ch n gi tr WildcasdMask c tnh theo cc
ly 255.255.255.255 tr cho gi tr SubnetMask ca mng cn tham gia vo qu trnh qung b
ca OSPF. V d : cn cho mng 192.168.1.0/24 c qung b trong OSPF:
+ Mng 192.168.1.0/24 c Subnetmask l 255.255.255.0 nn gi tr WildcasdMask l :
255.255.255.255 255.255.255.0 = 0.0.0.255
- Sau khi cu hnh interface cho cc router, ta tin hnh cu hnh OSPF nh sau
Router TTG1:
TTG1(config)#router ospf 10
TTG1(config-router)#network 192.168.1.0 0.0.0.255 area 0
TTG1(config-router)# network 10.0.0.0 0.0.255.255 area 0
Router TTG2 :

142

TTG2(config)#router ospf 10
TTG2(config-router )#network 192.168.1.0 0.0.0.255 area 0
TTG2(config-router )#network 170.1.0.0 0.0.255.255 area 0
TTG2(config-router )#network 15.0.0.0 0.255.255.255 area 0
TTG2(config-router )#network 11.0.0.0 0.255.255.255 area 0
Router TTG3 :
TTG3(config)#router ospf 10
TTG2(config-router )#network 170.1.0.0 0.0.255.255 area 0
TTG2(config-router )#network 12.1.0.0 0.0.0.3 area 0
- Ngoi ra chng ta c th cu hnh OSPF cho c ba router theo cch sau:
TTG1(config)#router ospf 10
TTG1(config-router)#network 192.168.1.1 0.0.0.0 area 0
TTG1(config-router)# network 10.0.0.1 0.0.0.0 area 0

TTG2(config)#router ospf 10
TTG2(config-router)#network 192.168.1.2 0.0.0.0 area 0
TTG2(config-router)#network 170.1.0.1 0.0.0.0 area 0
TTG2(config-router)#network 11.1.0.1 0.0.0.0 area 0
TTG2(config-router)#network 15.1.0.1 0.0.0.0 area 0

TTG3(config)#router ospf 10
TTG3(config-router)#network 170.1.0.2 0.0.0.0 area 0
TTG3(config-router)#network 12.1.0.1 0.0.0.0 area 0
- Sau khi qung b cc mng ca router xong chng ta kim tra li bng nh tuyn ca cc
router bng cu lnh show ip route
TTG1#sh ip route

143

Gateway of last resort is not set

O 170.1.0.0/16 [110/128] via 192.168.1.2, 01:20:18, Serial1/0
10.0.0.0/16 is subnetted, 1 subnets
O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:20:18, Serial1/0
C

10.0.0.0 is directly connected, Loopback0

11.0.0.0/32 is subnetted, 1 subnets

11.1.0.1 [110/65] via 192.168.1.2, 01:20:18, Serial1/0

12.0.0.0/32 is subnetted, 1 subnets

12.1.0.1 [110/129] via 192.168.1.2, 01:20:18, Serial1/0

C 192.168.1.0/24 is directly connected, Serial1/0

TTG2#show ip route
Gateway of last resort is not set
C 170.1.0.0/16 is directly connected, Serial1/1
10.0.0.0/32 is subnetted, 1 subnets
O

10.0.0.1 [110/65] via 192.168.1.1, 01:20:38, Serial1/0

C 11.0.0.0/8 is directly connected, Loopback0

12.0.0.0/32 is subnetted, 1 subnets
O

12.1.0.1 [110/65] via 170.1.0.2, 01:20:38, Serial1/1

C 192.168.1.0/24 is directly connected, Serial0

TTG3#show ip route
Gateway of last resort is not set
C 170.1.0.0/16 is directly connected, Serial1/0
10.0.0.0/32 is subnetted, 1 subnets
O

10.0.0.1 [110/129] via 170.1.0.1, 00:00:20, Serial1/0

11.0.0.0/32 is subnetted, 1 subnets

144

11.1.0.1 [110/65] via 170.1.0.1, 00:00:20, Serial1/0

12.0.0.0/30 is subnetted, 1 subnets

12.1.0.0 is directly connected, Loopback0

O 192.168.1.0/24 [110/128] via 170.1.0.1, 00:00:20, Serial1/0

O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:00:20, Serial1/0
Nhn xt : cc router bi t c tt c cc mng trong hnh ca chng ta. Cc route router
bit c nh giao thc OSPF c nh O u route. Trong kt qu trn cc route c in
m.
- By gi chng ta s kim tra li xem cc mng c th lin lc c vi nhau hay cha bng
cch ln lt ng trn tng router v ping n cc mng khng ni trc tip vi n.
TTG3#ping 11.1.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms
TTG3#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/68/108 ms
- Cc bn lm tng t cho cc mng khc kim tra, v chc chn s ping thy!
Cu hnh OSPF nhiu Area :
- Chng ta s kho st cch cu hnh cc mng c phn b trong nhiu area khc nhau trong
mc ny.
- Trc ht, chng ta kho st nu cu hnh cho mng 12.1.0.0/30 v interface S0 ca TTG3
trong cng area 1 cn cc mng khc vn trong area 0 th ton mng ca chng ta c th lin lc
c hay khng ?
- Do phn trn chng ta c u hnh OSPF cho cng mt vng. Nn by gi chng ta ch cn g
b cu hnh OSPF cho router TTG3 v cu hnh li cho n nh yu cu ca cu hi t ra.

145

- Cch thc hin nh sau :

TTG3(config)#router ospf 10
TTG3(config-router)#no network 170.1.0.0 0.0.255.255 area 0 g b cu hnh
cu hnh OSPF c
TTG3(config-router)#no network 12.1.0.0 0.0.0.3 area 0
TTG3(config)#router ospf 10
TTG3(config-router)#network 170.1.0.0 0.0.255.255 area 1 Cu
hnh
interface S0 router TTG3 thuc area 1
TTG3(config-router)#network 12.1.0.0 0.0.0.3 area 1

Cu hnh mng 12.1.0.0/30

thuc area 1

- Sau khi cu hnh xong chng ta kim tra li bng nh tuyn ca cc router :
TTG1#sh ip route
Gateway of last resort is not set
O 170.1.0.0/16 [110/128] via 192.168.1.2, 00:00:53, Serial1/0
10.0.0.0/16 is subnetted, 1 subnets
C

10.0.0.0 is directly connected, Loopback0

11.0.0.0/32 is subnetted, 1 subnets

11.1.0.1 [110/65] via 192.168.1.2, 00:00:53, Serial1/0

O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:00:53, Serial1/0

C 192.168.1.0/24 is directly connected, Serial1/0
TTG2#sh ip route
Gateway of last resort is not set
C 170.1.0.0/16 is directly connected, Serial1/1
10.0.0.0/32 is subnetted, 1 subnets
O

10.0.0.1 [110/65] via 192.168.1.1, 00:00:43, Serial1/0

C 11.0.0.0/8 is directly connected, Loopback0

146

cho

C 192.168.1.0/24 is directly connected, Serial1/0

TTG3#sh ip route
Gateway of last resort is not set
12.0.0.0/30 is subnetted, 1 subnets
C 12.1.0.0 is directly connected, Loopback0
C 170.1.0.0/16 is directly connected, Serial1/0
Nhn xt : router TTG1 v TTG2 bit c cc mng ca nhau nhng khng bit c mng
ca router TTG3. Ngc li router TTG3, khng bit c cc mng ca router TTG1 v TTG2.
iu ny chng t, cc router trong cng mt area ch bit c cc mng trong area , cc
mng trong area khc th router khng bit. (Trng hp, router TTG1 thy c mng
170.1.0.0/16 l do router TTG2 qung b mng thuc area 0)
- lin kt c cc mng trong cng cc area khc nhau chng ta phi c mt router bin ni
area v area 0 (backbone). Router ny c mt interface thuc area v mt interface thuc
area 0.

- Trong trng hp bi lab, chng ta c hai cch gii quyt vn ny. Cch th nht l cu
hnh cho mng ca interface S0 ca router TTG3 thuc area 0. Lc ny, router TTG3 ng vai
tr l mt router bin. Cch th hai l cu hnh cho mng ca interface S1 router TTG2 thuc
area 1, lc ny router TTG2 ng vai tr l router bin.
- Chng ta s kho st cch 1 (cu hnh cho mng interface S0 ca TTG3 thuc area0). Cch 2
c thc hin tng t

147

Cch cu hnh :
TTG3(config)#router ospf 1
TTG3(config-router)#no network 170.1.0.0 0.0.255.255 area 1
TTG3(config-router)#network 170.1.0.0 0.0.255.255 area 0
- Sau khi cu hnh xong, chng ta kim tra li bng nh tuyn ca cc router :

TTG1#show ip route
Gateway of last resort is not set
10.0.0.0/16 is subnetted, 1 subnets
C

10.0.0.0 is directly connected, Loopback0

11.0.0.0/32 is subnetted, 1 subnets

11.1.0.1 [110/65] via 192.168.1.2, 00:40:12, Serial1/0

12.0.0.0/32 is subnetted, 1 subnets

O IA 12.1.0.1 [110/129] via 192.168.1.2, 00:38:16, Serial1/0

O 15.0.0.0/8 [110/65] via 192.168.1.2, 00:40:12, Serial1/0
O 170.1.0.0/16 [110/128] via 192.168.1.2, 00:40:12, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/0

TTG2#show ip route

148

Gateway of last resort is not set

10.0.0.0/32 is subnetted, 1 subnets
O

10.0.0.1 [110/65] via 192.168.1.1, 00:03:40, Serial1/0

C 11.0.0.0/8 is directly connected, Loopback0

12.0.0.0/32 is subnetted, 1 subnets
O IA 12.1.0.1 [110/65] via 170.1.0.2, 00:02:06, Serial1/1
C 15.0.0.0/8 is directly connected, Ethernet0
C 170.1.0.0/16 is directly connected, Serial1/1
C 192.168.1.0/24 is directly connected, Serial1/0

TTG3#show ip route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 1 subnets
O

10.0.0.1 [110/129] via 170.1.0.1, 00:06:27, Serial1/0

11.0.0.0/32 is subnetted, 1 subnets

11.1.0.1 [110/65] via 170.1.0.1, 00:06:27, Serial1/0

12.0.0.0/30 is subnetted, 1 subnets

12.1.0.0 is directly connected, Loopback0

O 15.0.0.0/8 [110/65] via 170.1.0.1, 00:06:27, Serial1/0

C 170.1.0.0/16 is directly connected, Serial1/0
O 192.168.1.0/24 [110/128] via 170.1.0.1, 00:06:27, Serial1/0
Nhn xt : cc router thy c cc mng ca cc router khc. Nh vy ton mng lin lc
c vi nhau. Chng ta c th kim tra bng cch ping n tng mng.
4.Cu hnh qu trnh chng thc trong OSPF :
- Cc router mc nhin tin rng nhng thng tin nh tuyn m n nhn c l do ng router
tin cy pht ra v nhng thng tin ny khng b can thip dc ng i. m bo iu ny,
cc router trong mt vng cn c cu hnh thc hin chng thc vi nhau.

149

- Mt mt cng OSPF trn router cn c mt cha kha chng thc s dng khi gi cc thng
tin OSPF cho cc router khc cng kt ni vi cng . Cha kha ny s dng to ra d liu
chng thc (Authenticationg data) t trong phn header ca gi OSPF. Mt m ny c th di
n 8 k t. Bn cu hnh chng thc nh sau :
Router(config-if)#ip ospf authentication-key password
Router(config-if)#ip ospf authentication
Hoc
Router(config-router)#area area-id authentication
Cc lnh thc hin trong bi lab :
Router TTG1
TTG1>enable
TTG1#configure terminal
TTG1(config)#interface s1/0
TTG1(config-if)#ip ospf authentication-key plaint
TTG1(config-if)#ip ospf authentication
TTG1(config-if)#exit
TTG1(config)#
Router TTG2
TTG2>enable
TTG2#configure terminal
TTG2(config)#interface s1/0
TTG2(config-if)#ip ospf authentication-key plaint
TTG2(config-if)#ip ospf authentication
TTG2(config-if)#exit
TTG2(config)# interface s1/1
TTG2(config-if)#ip ospf authentication-key plaintpas
TTG2(config-if)#ip ospf authentication

150

TTG2(config-if)#exit
TTG2(config)#
Router TTG3
TTG3)enable
TTG3#configure terminal
TTG3(config)# interface s1/1
TTG3(config-if)#ip ospf authentication-key plaintpas
TTG3(config-if)#ip ospf authentication
TTG3(config-if)#exit
TTG3(config)#
- C ch chng thc PlainText khng c an ton do mt khu khng c m ha tr c khi
gi ra bn ngoi nn an ton hn ta nn chuyn qua ch chng thc bng MD5, cch cu
hnh nh sau
Router(config-if)#ip ospf message-digest-key key-id encryption-type md5 key
Router(config-if)#ip ospf authentication message-digest
Hoc
Router(config-router)#area area-id authentication message-digest
- chuyn qua chng thc MD5 trc tin ta cn b ch chng thc PlainText hin ti trn
cc Router TTG1,2,3
TTG1(config)#interface s1/0
TTG1(config-if)#no ip ospf authentication-key plaint
TTG1(config-if)#no ip ospf authentication
TTG1(config-if)#exit
Tng t cho cc router cn li
- Chuyn qua cu hnh chng thc MD5
Router TTG1
TTG1>enable

151

TTG1#configure terminal
TTG1(config)#interface s1/0
TTG1(config-if)#ip ospf message-digest-key 1 md5 keymd5 mt khu
TTG1(config-if)#ip ospf authentication message-digest cu hnh phng thc chng
thc l MD5
TTG1(config-if)#exit
TTG1(config)#
Router TTG2 :
TTG2>enable
TTG2#configure terminal
TTG2(config)#interface s1/0
TTG2(config-if)#ip ospf message-digest-key 1 md5 keymd51
TTG2(config-if)#ip ospf authentication message-digest
TTG2(config-if)#exit
TTG2(config)# interface s1/1
TTG2(config-if)# ip ospf message-digest-key 1 md5 keymd52
TTG2(config-if)#ip ospf authentication message-digest
TTG2(config-if)#exit
TTG2(config)#
Router TTG3
TTG3>enable
TTG3#configure terminal
TTG3(config)# interface s1/1
TTG3(config-if)# ip ospf message-digest-key 1 md5 keymd52
TTG3(config-if)#ip ospf authentication message-digest

152

TTG3(config-if)#exit
TTG3(config)#
- Cc cu lnh show dng kim tra cu hnh OSPF :
IV.

Ph lc mt s lnh lin quan n bi lab :

Lnh

Gii thch

Show ip protocol

Hin th cc thng tin v thng s thi gian, thng s nh

tuyn, mng nh tuyn v nhiu thng tin khc ca tt c
cc giao thc nh tuyn ang hot ng trn router

Show ip route

Hin th bng nh tuyn ca router, trong l danh sch

cc ng i tt nht n cc mng ch ca bn thn router
v cho bit router hc c cc ng i ny bng cch no.

Show ip ospf interface

Lnh ny cho bit cng ca router c cu hnh ng

vi vng ca n hay khng. Nu cng loopback khng c
cu hnh th ghi a ch IP ca cng vt l c gi tr ln nht
s c chn lm router ID. Lnh ny cng hi n th cc
thng s ca khong thi gian hello v khong thi gian bt
ng trn cng , ng thi cho bit cc router lng ging
thn mt kt ni vo cng.

Show ip ospf

Lnh ny cho bit s ln s dng thut ton SPF, ng

thi cho bit khong thi gian cp nht khi mng khng c
g thay i.

Show ip ospf neighbor detail

Lit k chi tit cc lng ging, gi tr u tin ca chng v

trng thi ca chng.

Show ip ospf database

Hin th ni dung ca c s d liu v cu trc h thng

mng trn router, ng thi cho bit router ID, ID ca tin
trnh OSPF.

- Cc lnh clear v debug dng kim tra hot ng ca OSPF

Lnh
Clear ip route *

Gii thch
Xa ton b bng nh tuyn

153

Clear ip route a.b.c.d

Xa ng a.b.c.d trong bng nh tuyn

Debug ip ospf events

Bo co mi s kin ca OSPF

Debug ip ospf adj

Bo co mi s kin v hot ng quan h thn mt ca

OSPF

154

LAB 17: EIGRP (ENHANCED INTERIOR

GATEWAY ROUTING PROTOCOL)
1. M t bi lab v hnh :

- Cc PC ni vi router bng cp cho, hai router c ni vi nhau bng cp serial. a ch

IP ca cc interface v PC nh hnh v.
- Trong bi lab ny chng ta s tin hnh cu hnh giao thc EIGRP cho cc router.
- EIGRP l giao th h tr VLSM, metric ca EIGRP c tnh mc nh da vo bng
thng v tr
2. Cu hnh :
Chng ta cu hnh cho cc router TTG1 v TTG2 nh sau :

Router TTG1

Router>enable
Router#configure terminal
Router(config)#hostname TTG1
TTG1(config)#interface E0
TTG1(config-if)#no shutdown
TTG1(config-if)#ip address 10.1.0.1 255.255.255.0
TTG1(config-if)#exit
TTG1(config)#interface S0

155

TTG1(config-if)#ip address 192.168.0.1 255.255.255.0

TTG1(config-if)#no shutdown
TTG1(config-if)#clock rate 64000
TTG1(config-if)#exit

Router TTG2

Router>enable
Router#configure terminal
Router(config)#hostname TTG2
TTG2(config)#interface E0
TTG2(config-if)#no shutdown
TTG2(config-if)#ip address 11.1.0.1 255.255.0.0
TTG2(config-if)#exit
TTG2(config)#interface S0
TTG2(config-if)#no shutdown
TTG2(config-if)#clock rate 64000
TTG2(config-if)#ip address 192.168.0.2 255.255.255.0
TTG2(config-if)#exit
TTG2(config)#
Sau khi cu hnh xong a ch IP cho cc interface ca router TTG1, TTG2 chng ta tin hnh
cu hnh EIGRP cho cc router nh sau:

100 l s Autonomus system

TTG1(config)#router eigrp 100

TTG1(config-router)#network 10.1.0.0 0.0.255.255

qung b mng 10.1.0.0/16

qung b mng 192.168.0.0/24

TTG1(config-router)#network 192.168.0.0
TTG2(config)#router eigrp 100
TTG2(config-router)#network 11.0.0.0 0.0.255.255
TTG2(config-router)#network 192.168.0.0

156

t IP cho cc PC:
PC 1
IP address

PC 2
10.1.0.2

IP address

Subnet Mask :

255.255.0.0

Subnet Mask :

255.255.0.0

Gateway

10.1.0.1

Gateway

11.1.0.1

11.1.0.2

By gi chng ta tin hnh kim tra cc kt ni trong mng bng cch :

PC1#ping 11.1.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.1.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/40 ms
Chng ta s dng cu lnh show ip route kim tra bng nh tuyn ca hai router

TTG2#show ip route
Gateway of last resort is not set
D 10.0.0.0/8 [90/2195456] via 192.168.0.1, 00:11:35, Serial0
C

11.1.0.0/16 is directly connected, Ethernet0

C 192.168.0.0/24 is directly connected, Serial0

Trong bng nh tuyn ca router TTG2 c cc route n mng ca TTG1, v TTG1 ping
thnh cng n loopback ca TTG2.
3. Cu hnh summary v chng thc EIGRP :

157

Router TTG1
Router>enable
Router#configure terminal
Router(config)#hostname TTG1
TTG1(config)#interface s0/0/0
TTG1(config-if)#no shutdown
TTG1(config-if)#clock rate 64000
TTG1(config-if)#ip address 192.168.1.1 255.255.255.0
TTG1(config-if)#exit
TTG1(config)#interface loopback 0
TTG1(config-if)#ip address 10.0.0.1 255.255.0.0
TTG1(config-if)#exit
TTG1(config)#interface loopback 1
TTG1(config-if)#ip address 10.1.0.1 255.255.0.0
TTG1(config-if)#exit
TTG1(config)#interface loopback 2
TTG1(config-if)#ip address 10.2.0.1 255.255.0.0
TTG1(config-if)#exit
TTG1(config)#interface loopback 3
TTG1(config-if)#ip address 10.3.0.1 255.255.0.0

158

TTG1(config-if)#exit
TTG1(config)#
Router TTG2
Router>enable
Router#configure terminal
Router(config)#hostname TTG2
TTG2(config)#interface s0/0/0
TTG2(config-if)#no shutdown
TTG2(config-if)#clock rate 64000
TTG2(config-if)#ip address 192.168.1.2 255.255.0.0
TTG2(config-if)#exit
TTG2(config)#interface loopback 4
TTG2(config-if)#ip address 11.4.0.1 255.255.0.0
TTG2(config-if)#exit
TTG2(config)#interface loopback 5
TTG2(config-if)#ip address 11.5.0.1 255.255.0.0
TTG2(config-if)#exit
TTG2(config)#interface loopback 6
TTG2(config-if)#ip address 11.6.0.1 255.255.0.0
TTG2(config-if)#exit
TTG2(config)#interface loopback 7
TTG2(config-if)#ip address 11.7.0.1 255.255.0.0
TTG2(config-if)#exit
TTG2(config)#
Chng ta cu hnh EIGRP cho cc router nh sau :

159

Router TTG1
TTG1(config)#router eigrp 10
TTG1(config-router)#network 10.0.0.0
TTG1(config-router)#network 192.168.1.0
TTG1(config-router)#exit
TTG1(config)#
Router TTG2
TTG2(config)#router eigrp 10
TTG2(config)#network 11.0.0.0
TTG2(config-router)#network 192.168.1.0
TTG2(config-router)#exit
TTG2(config)#
Cu hnh summary cho EIGRP :
Mc nh EIGRP bt tnh nng auto-summary t ng summary cc subnet ca cng
mt network v a ch network chnh khi qung b. V d nh bi Lab, TTG1 kt ni trc tip
cc mng con 10.0.0.0/16, 10.1.0.0/16, 10.2.0.0/24, 10.3.0.0/16 nhng khi qung b ra s0/0/0
EIGRP s t ng summary li thnh 10.0.0.0/8. Trong hu ht cc trng hp, vic t ng
tng hp ny c u im l gip cho bng nh tuyn ngn gn.
Tuy nhin, trong mt s trng hp khng nn s dng ch t ng tng hp ng
i ny. V d trong mng khng lin tc ( discontinuos network ) nh m hnh trn th ch
ny phi tt i trnh gy ra li v nh tuyn.
Router(config-router)#no auto-sumary
- By gi chng ta xt bng nh tuyn ca 2 Router sau khi tt Auto-summary
Bng nh tuyn sau khi tt Auto-Summary :
Router TTG1
TTG1#configure terminal
TTG1(config)#router eigrp 10
TTG1(config-router)#no auto-summary

160

TTG1(config-router)#exit
Router TTG2
TTG2#configure terminal
TTG2(config)#router eigrp 10
TTG2(config-router)#no auto-summary
TTG2(config-router)#exit
- Kim tra li bng nh tuyn
TTG1#show ip route
Gateway of last resort is not set
10.0.0.0/16 is subnetted, 4 subnets
C

10.0.0.0 is directly connected, Loopback0

10.1.0.0 is directly connected, Loopback1

10.2.0.0 is directly connected, Loopback2

10.3.0.0 is directly connected, Loopback3

11.0.0.0/16 is subnetted, 4 subnets

11.4.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0/0/0

11.5.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0/0/0

11.6.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0/0/0

11.7.0.0 [90/2297856] via 192.168.1.2, 00:00:06, Serial0/0/0

C 192.168.1.0/24 is directly connected, Serial0/0/0

TTG2#show ip route
Gateway of last resort is not set
10.0.0.0/16 is subnetted, 4 subnets
D

10.0.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0/0/0

10.1.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0/0/0

161

10.2.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0/0/0

10.3.0.0 [90/2297856] via 192.168.1.1, 00:00:22, Serial0/0/0

11.0.0.0/16 is subnetted, 4 subnets

11.4.0.0 is directly connected, Loopback4

11.5.0.0 is directly connected, Loopback5

11.6.0.0 is directly connected, Loopback6

11.7.0.0 is directly connected, Loopback7

C 192.168.1.0/24 is directly connected, Serial0/0/0

- Vi EIGRP, khi tt auto-summary ta c th chuyn sang s dng k thut summary bng tay (
manual summary ) lm gn bng nh tuyn. Sau khi khai bo a ch tng hp cho mt cng
ca router, router s qung b ra cng cc a ch c tng hp nh mt cu lnh ci t.
a ch tng hp c khi bo bng cu lnh nh sau:
Router(config-if)#ip summary-address eigrp autonomous-system-number ip address
administrative-distance
- Cu hnh manual summary trn 2 router v kim tra li bng nh tuyn
Router TTG1 :
TTG1(config)#interface s0/0/0
TTG1(config-if)#ip summary-address eigrp 10 10.0.0.0 255.252.0.0
TTG1(config-if)#exit
TTG1(config)#
Router TTG2 :
TTG2(config)#interface s0/0/0
TTG2(config-if)# ip summary-address eigrp 10 11.4.0.0 255.252.0.0
TTG2(config-if)#exit
TTG2(config)#
- Kim tra li bng nh tuyn sau khi manual summary
TTG1#show ip route

162

Mask

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
D

10.0.0.0/14 is a summary, 00:01:50, Null0

10.0.0.0/16 is directly connected, Loopback0

10.1.0.0/16 is directly connected, Loopback1

10.2.0.0/16 is directly connected, Loopback2

10.3.0.0/16 is directly connected, Loopback3

11.4.0.0/12 [90/2297856] via 192.168.1.2, 00:00:21, Serial0/0/0

C 192.168.1.0/24 is directly connected, Serial0/0/0

TTG2#show ip route
Gateway of last resort is not set
10.0.0.0/13 is subnetted, 1 subnets
D

10.0.0.0/14 [90/2297856] via 192.168.1.1, 00:00:57, Serial0/0/0

11.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

11.0.0.0/14 is a summary, 00:01:00, Null0

11.4.0.0/16 is directly connected, Loopback4

11.5.0.0/16 is directly connected, Loopback5

11.6.0.0/16 is directly connected, Loopback6

11.7.0.0/16 is directly connected, Loopback7

C 192.168.1.0/24 is directly connected, Serial0/0/0

Cu hnh chng thc cho 2 router trong bi Lab :
EIGRP (Enhanced Interior Gateway Routing Protocol), l giao thc Distance Vector c
quyn, v ch chy trn cc thit b Cisco. Cu hnh chng thc khi trao i thng tin nh tuyn
l yu t quan trng gip bo v h thng khi s tn man in the midle. Cu hnh Authentication
c thc hin trn tng Interface tham gia vo qu trnh trao i thng tin nh tuyn, thng l
cc ng Serial ni gia cc Router. Sau khi Enalbe EIGRP trn cc Router, ta cn xc nh cc
cng cn cu hnh Authentication nh sau :

163

Cc cu lnh chng thc trong bi Lab

Router TTG1:
TTG1(config)#interface s0
TTG1(config-if)#ip authentication mode eigrp 10 md5
TTG1(config-if)#ip authentication key-chain eigrp 10 truongtan
TTG1(config-if)#exit
TTG1(config)#key chain truongtan
TTG1(config-keychain)#key 1
TTG1(config-keychain-key)#key-string ttg
TTG1(config-keychain-key)#accept-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010
TTG2(config-keychain-key)#send-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010
TTG1(config-keychain-key)#exit
TTG1(config)#exit
TTG1#copy running-config startup-config
Router TTG2:
TTG2(config)#interface s0
TTG2(config-if)#ip authentication mode eigrp 10 md5
TTG2(config-if)#ip authentication key-chain eigrp 10 truongtangroup
TTG2(config-if)#exit
TTG2(config)#key chain truongtangroup
TTG2(config-keychain)#key 1
TTG2(config-keychain-key)#key-string ttgtc
TTG2(config-keychain-key)#accept-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010
TTG2(config-keychain-key)#send-lifetime 06:30:00 May 20 2010 06:30:00 May 21 2010
TTG2(config-keychain-key)#exit

164

TTG2(config)#exit
- Tin hnh lu cu hnh trn 2 router
TTG2#copy running-config startup-config
V.

Cc lnh lin quan n bi lab :

Lnh

Gii thch

Show ip eigrp neighbors

Hin th bng neighbor

Show ip eigrp neighbors

Hin th chi tit bng neighbor

Show ip eigrp interface s0

Hin th thng tin v cc interface ang chy giao thc

EIGRP (c th trong bi lab vi AS 10)

Show ip eigrp topology

Hin th bng topology

Show ip eigrp trafic

Hin th s lng gi tin v cc loi gi tin c nhn v

gi

Show ip protocol

Hin th cc thng tin v thng s thi gian, thng s nh

tuyn, mng nh tuyn v nhiu thng tin khc ca tt c
cc giao thc nh tuyn ang hot ng trn router

Show ip route eigrp

Hin th bng nh tuyn vi cc router x l bi EIGRP

Kim tra hot ng ca EIGRP :

Lnh

Gii thch

debug eigrp fsm

Hin th cc s kin v hot ng c lin quan n EIGRP

feasible successor metrics (FSM)

debug eigrp packet

Hin th cc s kin v hot ng c lin quan n cc gi

tin ca EIGRP

debug eigrp neighbor

Hin th cc s kin v cc hot ng c lin quan n

EIGRP neighbors

debug eigrp notifications

Hin th cc s kin cnh bo ca EIGRP

165

LAB 18: VTP, VLAN

I. M hnh bi Lab :

II. Cc bc thc hin :

1. Cu hnh VTP trn cc Switch :
- SW1 :
Switch> enable
Switch# configure terminal
Switch(config)#hostname SW1-VTPServer
SW1-VTPServer(config)#vtp domain TTG
SW1-VTPServer(config)#vtp password 123
SW1-VTPServer(config)#vtp version 2

166

SW1-VTPServer(config)#vtp mode server

- SW2 :
Switch> enable
Switch# configure terminal
Switch(config)#hostname SW2-VTPClient
SW2-VTPClient(config)#vtp domain TTG
SW2-VTPClient(config)#vtp password 123
SW2-VTPClient(config)#vtp version 2
SW2-VTPClient(config)#vtp mode client
- SW3 :
Switch> enable
Switch# configure terminal
Switch(config)#hostname SW3-VTPClient
SW3-VTPClient(config)#vtp domain TTG
SW3-VTPClient(config)#vtp password 123
SW3-VTPClient(config)#vtp version 2
SW3-VTPClient(config)#vtp mode client
2. Cu hnh Trunking gia cc Switch :
- SW1 :
SW1-VTPServer(config)#interface g1/1
SW1-VTPServer(config-if)#switchport mode trunk
SW1-VTPServer(config-if)#exit
SW1-VTPServer(config)#interface g1/2
SW1-VTPServer(config-if)#switchport mode trunk
SW1-VTPServer(config-if)#exit

167

- SW2 :
SW2-VTPClient(config)#interface g1/1
SW2-VTPClient(config-if)#switchport mode trunk
SW2-VTPClient(config-if)#exit
- SW3 :
SW3-VTPClient(config)#interface g1/2
SW3-VTPClient(config-if)#switchport mode trunk
SW3-VTPClient(config-if)#exit
3. Cc lnh kim tra cu hnh VTP, Trunking :
- SW1-VTPServer #show vtp password
VTP Password: 123
- SW1-VTPServer#show vtp status
VTP Version

:2

Configuration Revision

:0

Maximum VLANs supported locally : 255

Number of existing VLANs

:7

VTP Operating Mode

: Server

VTP Domain Name

: TTG

VTP Pruning Mode

: Disabled

VTP V2 Mode

: Enabled

VTP Traps Generation

: Disabled

MD5 digest

: 0x54 0xC1 0x71 0x3F 0x9B 0x83 0xAF 0x38

Configuration last modified by 0.0.0.0 at 3-1-93 01:44:06

- SW1-VTPServer#show interface trunk

168

Port

Mode

Encapsulation Status

Native vlan

G1/1

on

802.1q

trunking

G1/2

on

802.1q

trunking

Port

Vlans allowed on trunk

G1/1

1-1005

G1/2

1-1005

Port

Vlans allowed and active in management domain

G1/1

1,2,3

G1/2

1,2,3

Port

Vlans in spanning tree forwarding state and not pruned

G1/1

1,2,3

G1/2

1,2,3

4. To VLAN trn SW1-VTPServer :

SW1-VTPServer(config)#vlan 2
SW1-VTPServer(config-vlan)#name KinhDoanh
SW1-VTPServer(config-vlan)#exit
SW1-VTPServer(config)#vlan 3
SW1-VTPServer(config-vlan)#name KeToan
SW1-VTPServer(config-vlan)#exit
SW1-VTPServer(config)#vlan 4
SW1-VTPServer(config-vlan)#name Giamdoc
SW1-VTPServer(config-vlan)#exit
SW1-VTPServer(config)#vlan 5
SW1-VTPServer(config-vlan)#name IT
SW1-VTPServer(config-vlan)#exit

169

5. Kim tra li thng tin VLAN trn cc Switch VTP client :

- Switch# show vlan brief
- Switch# show vlan
6. Cu hnh cc cng thuc VLAN theo yu cu :
- SW2 :
SW2-VTPClient(config)#interface range fa0/1 6
SW2-VTPClient (config-if-range)#switchport access vlan 2
SW2-VTPClient (config-if-range)#exit
SW2-VTPClient(config)#interface range fa0/7 10
SW2-VTPClient (config-if-range)#switchport access vlan 3
SW2-VTPClient (config-if-range)#exit
SW2-VTPClient(config)#interface range fa0/11 15
SW2-VTPClient (config-if-range)#switchport access vlan 4
SW2-VTPClient (config-if-range)#exit
SW2-VTPClient(config)#interface range fa0/16 24
SW2-VTPClient (config-if-range)#switchport access vlan 5
SW2-VTPClient (config-if-range)#exit
- SW3 :
SW3-VTPClient(config)#interface range fa0/1 6
SW3-VTPClient (config-if-range)#switchport access vlan 2
SW3-VTPClient (config-if-range)#exit
SW3-VTPClient(config)#interface range fa0/7 10
SW3-VTPClient (config-if-range)#switchport access vlan 3
SW3-VTPClient (config-if-range)#exit

170

SW3-VTPClient(config)#interface range fa0/11 15

SW3-VTPClient (config-if-range)#switchport access vlan 4
SW3-VTPClient (config-if-range)#exit
SW3-VTPClient(config)#interface range fa0/16 24
SW3-VTPClient (config-if-range)#switchport access vlan 5
SW3-VTPClient (config-if-range)#exit
7. Tin hnh t a ch IP cho cc PC theo ng lp mng ca mnh :
- Kt ni cc PC vo ng cc port thuc VLAN tng ng trn SW1 v SW2
- V d trng hp ca VLAN 5, lp mng c phn l 192.168.5.0/24 nn IP dng c l t
192.168.5.1 n 192.168.5.254, tng t cho cc VLAN khc
- Lu cu hnh v kt thc bi lab
II Mt s lnh lin quan n bi lab :
1. To VLAN
Switch(config)# vlan 3

To VLAN 3 v chuyn vo ch cu
hnh VLAN configuration

Switch(config-vlan)# name Engineering

Gn tn cho VLAN. di ca tn vlan c

th t 1 n 32 k t

Switch(config-vlan)# exit

Nhng thay i v vlan s c thc thi, v

gi tr revision number s c tng thm 1,
v tr v ch global configuration

Switch#copy running-config startup-config

Lu cu hnh VLAN

2. Gn port vo VLAN
Switch(config)# interface fastethernet 0/1

Chuyn cu hnh vo ch interface fa0/1

Switch(config-if)# switchport mode access

Cu hnh port fa0/1 hot ng ch access

Switch(config-if)# switchport access vlan 10

Gn port Fa0/1 vo vlan 10

171

3. Kim tra thng tin VLAN

Switch# show vlan

Hin th thng tin vlan

Switch# show vlan brief

Hin th thng tin vlan dng tng qut

Switch# show vlan id 2

Hin th thng tin vlan 2

Switch# show vlan name marketing

Hin th thng tin vlan c tn l marketing

Switch# show interfaces vlan x

Hin th thng tin vlan c ch ra trong

cu lnh.

4. Xa cu hnh VLAN
Switch# delete flash:vlan.dat

Xa ton b thng tin vlan database t

flash

Switch(config)# no vlan 5

Xa VLAN 5 t vlan database

5. Cu hnh VLAN Trunking Protocol

Switch(config)# interface fa0/1

Chuyn vo ch cu hnh ca
interface fa0/1

Switch(config-if)#switchport mode trunk

Cho php interface fa0/1 hot ng ch

trunk c nh v ng thi t ng
thng lng chuyn i trng thi
ca ng lin kt thnh trng thi
Trunk

Switch(config-if)#switchport trunk
encapsulation isl

Cho php d liu khi c truyn trn

ng trunk s c ng gi theo chun
ca giao thc ISL ( chun ca Cisco )

172

Switch(config-if)#switchport trunk
encapsulation dot1q

Cho php d liu khi c truyn trn

ng trunk s c ng gi theo chun
ca giao thc 802.1q

Switch(config-if)#switchport trunk
encapsulation negotiate

Cho php interface s t ng thng

lng vi cc interface hng xm s
dng chun ISL hoc 802.1q, ph thuc vo
tng dng sn phm hoc cu hnh
trn cc interface hng xm.

6. VLAN Trunking Protocol (VTP)

Switch(config)# vtp mode client

Thay i ch hot ng ca switch

thnh ch VTP client

Switch(config)# vtp mode server

Thay i hot ng ca switch thnh ch

VTP server. Theo mc nh, tt c cc
Catalyst switch hot ng ch VTP
server

Switch(config)# vtp mode transparent

Thay i switch v ch hot ng VTP

transparent.

Switch(config)# no vtp mode

Cho php switch tr v ch hot ng

mc nh l VTP server

Switch(config)# vtp domain domainname

Cu hnh tn cho VTP domain. Tn ny c

th di t 1 n 32 k t. Tt c cc switch
hot ng ch VTP server hoc VTP
client s phi cng tn domain

Switch(config)# vtp password password

Cu hnh mt VTP password. Trong phin

bn Cisco IOS 12.3 hoc cc phin sau
ny, th password dng m ASCII c
di t 1 n 32 k t. Nu bn s dng

173

mt phin bn Cisco IOS c hn, th

chiu di ca password l t 8 n 64 k
t.
* Ch : c th trao i thng tin vlan
vi cc switch khc, th tt c cc switch
s phi cu hnh cng mt VTP password.
Switch(config)# vtp pruing

Enable tnh nng VTP pruning trn

switch.
* Ch : Theo mc nh, VTP pruning b
disable. Bn cn phi enable VTP pruning
trn mt switch duy nht hot ng
ch VTP server.

7. Kim tra VTP

Switch# show vtp status

Hin th nhng thng tin cu hnh v VTP

Switch# show vtp counters

Hin th b m VTP ca switch.

8. Inter-vlan Routing s dng Router

Router(config-if)#interface

To mt subinterface fa0/0.1 v ng

fastethernet 0/0.1

thi chuyn vo ch cu hnh ca

subinterface .

Router(config-subif)#encapsulation

Gn VLAN 10 cho subinterface ny.

dot1q 10

Subinterface ny s s dng giao thc

802.1q Trunking

7. To VLAN
7.1. S dng ch VLAN Configuration

174

Switch(config)# vlan 3

To VLAN 3 v chuyn vo ch cu
hnh VLAN configuration

Switch(config-vlan)# name

Gn tn cho VLAN. di ca tn vlan c

th t 1 n 32 k t

Engineering
Switch(config-vlan)# exit

Nhng thay i v vlan s c thc thi, v

gi tr revision number s c tng thm 1,
v tr v ch global configuration

Switch#copy running-config startup-config

Lu cu hnh VLAN

7.2. S dng ch VLAN database

Switch# vlan database

Chuyn cu hnh vo ch VLAN

database

Switch(vlan)# vlan 4 name Sales

To vlan 4 v t tn cho Vlan 4 l Sales.

di tn ca vlan c th t 1 n 32 k
t.

Switch(vlan)# vlan 10

To Vlan 10 v tn ca vlan ny s l
VLAN0010 theo mc nh

Switch(vlan)# apply

Nhng thay i v VLAN s c thc thi

v gi tr revision number s tng thm 1.

8. Gn port vo VLAN
Switch(config)# interface fastethernet 0/1

Chuyn cu hnh vo ch interface fa0/1

Switch(config-if)# switchport mode

Cu hnh port fa0/1 hot ng ch

access

access

Switch(config-if)# switchport access

Gn port Fa0/1 vo vlan 10

175

vlan 10

9. Kim tra thng tin VLAN

Switch# show vlan

Hin th thng tin vlan

Switch# show vlan brief

Hin th thng tin vlan dng tng qut

Switch# show vlan id 2

Hin th thng tin vlan 2

Switch# show vlan name marketing

Hin th thng tin vlan c tn l marketing

Switch# show interfaces vlan x

Hin th thng tin vlan c ch ra trong

cu lnh.

10. Xa cu hnh VLAN

Switch# delete flash:vlan.dat

Xa ton b thng tin vlan database t

flash

Switch(config)# no vlan 5

Xa VLAN 5 t vlan database

Hoc
Switch# vlan database

Chuyn cu hnh vo ch VLAN

database

Switch(vlan)# no vlan 5

Xa vlan 5 t vlan database

Switch(vlan)# exit

Thc thi nhng thay i, tng gi tr

revision number nn 1, v thot khi ch
VLAN databse.

11. Cu hnh VLAN Trunking Protocol

Switch(config)# interface fa0/1

Chuyn vo ch cu hnh ca

176

interface fa0/1
Switch(config-if)#switchport mode trunk

Cho php interface fa0/1 hot ng ch

trunk c nh v ng thi t ng
thng lng chuyn i trng thi
ca ng lin kt thnh trng thi
Trunk

Switch(config-if)#switchport trunk
encapsulation isl

Cho php d liu khi c truyn trn

ng trunk s c ng gi theo chun
ca giao thc ISL

Switch(config-if)#switchport trunk
encapsulation dot1q

Cho php d liu khi c truyn trn

ng trunk s c ng gi theo chun
ca giao thc 802.1q

Switch(config-if)#switchport trunk
encapsulation negotiate

Cho php interface s t ng thng

lng vi cc interface hng xm s
dng chun ISL hoc 802.1q, ph thuc vo
tng dng sn phm hoc cu hnh
trn cc interface hng xm.

12. VLAN Trunking Protocol (VTP)

4.1 S dng ch Global Configuration
Switch(config)# vtp mode client

Thay i ch hot ng ca switch

thnh ch VTP client

Switch(config)# vtp mode server

Thay i hot ng ca switch thnh ch

VTP server. Theo mc nh, tt c cc
Catalyst switch hot ng ch VTP
server

177

Switch(config)# vtp mode transparent

Thay i switch v ch hot ng VTP

transparent.

Switch(config)# no vtp mode

Cho php switch tr v ch hot ng

mc nh l VTP server

Switch(config)# vtp domain domainname

Cu hnh tn cho VTP domain. Tn ny c

th di t 1 n 32 k t. Tt c cc switch
hot ng ch VTP server hoc VTP
client s phi cng tn domain

Switch(config)# vtp password password

Cu hnh mt VTP password. Trong phin

bn Cisco IOS 12.3 hoc cc phin sau
ny, th password dng m ASCII c
di t 1 n 32 k t. Nu bn s dng
mt phin bn Cisco IOS c hn, th
chiu di ca password l t 8 n 64 k
t.
* Ch : c th trao i thng tin vlan
vi cc switch khc, th tt c cc switch
s phi cu hnh cng mt VTP password.

Switch(config)# vtp pruing

Enable tnh nng VTP pruning trn

switch.
* Ch : Theo mc nh, VTP pruning b
disable. Bn cn phi enable VTP pruning
trn mt switch duy nht hot ng
ch VTP server.

4.2 S dng ch VLAN Database

Switch# vlan database

Chuyn cu hnh vo ch VLAN

178

database
Switch(vlan)# vtp client

Thay i ch hot ng ca switch

thnh VTP client

Switch(vlan)# vtp server

Thay i ch hot ng ca switch

thnh VTP server

Switch(vlan)# vtp transparent

Thay i ch hot ng ca switch

thnh VTP transparent.
* Ch : Theo mc nh, tt c cc Catalyst
switch hot ng ch VTP server

Switch(vlan)#vtp domain domainname

Cu hnh tn cho VTP domain. Tn ny c

th di t 1 n 32 k t.
* Ch : tt c cc switch hot ng
ch VTP server hoc VTP client s phi
cng tn domain.

Switch(vlan)#vtp password password

Cu hnh mt VTP password. Trong phin bn

Cisco IOS 12.3 hoc cc phin sau
ny, th password dng m ASCII c
di t 1 n 32 k t. Nu bn s dng
mt phin bn Cisco IOS c hn, th
chiu di ca password l t 8 n 64 k
t
* Ch : c th trao i thng tin vlan
vi cc switch khc, th tt c cc switch
s phi cu hnh cng mt VTP password.

Switch(vlan)#vtp pruning

Enable tnh nng VTP pruning trn

switch.
* Ch : Theo mc nh, VTP pruning b

179

disable. Bn cn phi enable VTP pruning

trn mt switch duy nht hot ng
ch VTP server.
Switch(vlan)#exit

Thc thi nhng thay i vo VLAN

database, ng thi tng gi tr revision
number ln 1, v thot khi ch VLAN
database.

5. Kim tra VTP

Switch# show vtp status

Hin th nhng thng tin cu hnh v VTP

Switch# show vtp counters

Hin th b m VTP ca switch.

6. Inter-vlan Routing s dng Router

Router(config-if)#interface

To mt subinterface fa0/0.1 v ng

fastethernet 0/0.1

thi chuyn vo ch cu hnh ca

subinterface .

Router(config-subif)#encapsulation

Gn VLAN 10 cho subinterface ny.

dot1q 10

Subinterface ny s s dng giao thc

802.1q Trunking

Router(config-subif)# encapsulation
dot1q 1 native

Gn VLAN 1 cho subinterface ny. VLAN 1

s l native vlan. Subinterface ny s s dng
giao thc 802.1q Trunking

180

LAB 19 : VTP, PVST+, PVRST

I. M hnh bi lab :

II. Cc bc cu hnh bi lab:

Bc 1: Bc 2:Cu hnh cc loi mt khu cho cng console,vty,mode priviliege
Bc 3 : Cu hnh VTP trn 3 Switch
Bc 4 : Cu hnh Trunking
Bc 5 : To thng tin VLAN theo yu cu ca bi lab trn VTP server (SW1)
Bc 6 : Gn cc cng trn SW2,SW3 vo cc VLAN tng ng theo yu cu
Bc 7 : Cu hnh a ch IP cho cc Switch c th qun l t xa
Bc 8 : SW1 l RootBridge

181

Bc 1: Xa thng tin VLAN v VTP trn cc Switch

- Kim tra switch c cu hnh hay cha bng cc lnh show start-up configure ,show vlan
brief nu c tin hnh xa thng tin VLAN v cu hnh
Switch#delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
- Do thng tin VTP v VLAN nm tp tin vlan.dat b nh Flash: nn lnh ny c tc dng
xa thng tin VLAN v VTP trn switch
SW1#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
Switch#reload
Proceed with reload? [confirm]
System configuration has been modified. Save? [yes/no]: n
Bc 2: Cu hnh mt khu cho cng Console,line vty ,mode privilege
SW1>enable
SW1#config terminal
Enter configuration commands, one
SW1(config)#enable secret cisco
SW1(config)#line console 0
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config)#line vty 0 15
SW1(config-line)#password cisco
SW1(config-line)#login

182

- Lp li bc 2 cho cc switch cn li v router

Bc 3: Cu hnh VTP trn 3 Switch
- Mc nh cc Switch Cisco c cu hnh VTP nh sau :
VTP domain name: None
VTP mode: Server mode
VTP pruning: Enabled or disabled (model specific)
VTP password: Null
VTP version: Version 1
- ng b c thng tin VTP th i hi cc switch phi ging nhau v VTP Domain,
password
SW1:
Switch>enable
Switch#config terminal
Switch(config)#hostname SW1
SW1(config)#exit
- Xem thng tin VTP trn SW1 trc khi cu hnh bng lnh show vtp status
SW1#show vtp status
VTP Version

:2

Configuration Revision

:0

Maximum VLANs supported locally : 250

Number of existing VLANs

:5

VTP Operating Mode

: Server

VTP Domain Name

VTP Pruning Mode

: Disabled

VTP V2 Mode

: Disabled

VTP Traps Generation

: Disabled

183

MD5 digest

: 0x57 0xCD 0x40 0x65 0x63 0x59 0x47

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Local updater ID is 0.0.0.0 (no valid interface found)

SW1(config)#vtp version 2
SW1(config)#vtp domain TTG
Changing VTP domain name from NULL to TTG
SW1(config)#vtp password cisco
Setting device VLAN database password to cisco
SW1(config)#vtp mode server
Device mode already VTP SERVER.
- Thng tin VTP trn SW1 sau khi cu hnh
SW1#show vtp status
VTP Version

:2

Configuration Revision

:0

Maximum VLANs supported locally : 250

Number of existing VLANs

:5

VTP Operating Mode

: Server

VTP Domain Name

: TTG

VTP Pruning Mode

: Disabled

VTP V2 Mode

: Enabled

VTP Traps Generation

: Disabled

MD5 digest

: 0x14 0x8E 0xDA 0xC9 0x0A 0x42 0xAF 0xE7

Configuration last modified by 0.0.0.0 at 3-1-93 00:05:26

Local updater ID is 0.0.0.0 (no valid interface found)

184

SW1#show vtp password

VTP Password: cisco
SW2:
Switch>enable
Switch#config terminal
Switch(config)#hostname SW2
SW2(config)#vtp version 2
Setting device to VTP CLIENT mode.
SW2(config)#vtp domain TTG
Changing VTP domain name from NULL to TTG
SW2(config)#vtp password cisco
Setting device VLAN database password to cisco
SW2(config)#vtp mode client
- Kim tra li thng tin VTP trn SW2
SW2#show vtp status
VTP Version

:2

Configuration Revision

:1

Maximum VLANs supported locally

: 250

Number of existing VLANs

:5

VTP Operating Mode

: Client

VTP Domain Name

: TTG

VTP Pruning Mode

: Disabled

VTP V2 Mode

: Enabled

VTP Traps Generation

: Disabled

MD5 digest

: 0x14 0x8E 0xDA 0xC9 0x0A 0x42 0xAF 0xE7

185

Configuration last modified by 0.0.0.0 at 3-1-93 00:05:26

SW2#show vtp password
VTP Password: cisco
SW3:
Switch>enable
Switch#config terminal
Switch(config)#hostname SW3
SW3(config)#vtp version 2
SW3(config)#vtp domain TTG
Changing VTP domain name from NULL to TTG
SW3(config)#vtp password cisco
Setting device VLAN database password to cisco
SW3(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW3#show vtp status
VTP Version

:2

Configuration Revision

:1

Maximum VLANs supported locally

: 250

Number of existing VLANs

:5

VTP Operating Mode

: Client

VTP Domain Name

: TTG

VTP Pruning Mode

: Disabled

VTP V2 Mode

: Enabled

VTP Traps Generation

: Disabled

MD5 digest

: 0x14 0x8E 0xDA 0xC9 0x0A 0x42 0xAF 0xE7

186

Configuration last modified by 0.0.0.0 at 3-1-93 00:12:56

SW3#show vtp password
VTP Password: cisco
Bc 4: Cu hnh Trunking cho 3 switch SW1,SW2,SW3 v Router
Ch : i vi Switch layer 3 do h tr c 2 chun 802.1Q v ISL nn trc khi cu hnh
Trunking cn thm lnh switchport trunk encapsulation dot1q mode interface ,Switch layer 2
th ch h tr 802.1Q nn khng cn nhp lnh trn
- SW1:
SW1(config)#interface fa0/20
SW1(config-if)#switchport trunk encapsulation dot1q //ch dng cho layer3 Switch
SW1(config-if)#switchport mode trunk
// v hiu ha chc nng DTP

SW1(config-if)#switchport nonegotiate
SW1(config-if)#no shutdown
SW1(config-if)#exit
SW1(config)#interface fa0/22

SW1(config-if)#switchport trunk encapsulation dot1q

SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport nonegotiate
SW1(config-if)#no shutdown
SW1(config-if)#exit
SW1(config)#interface fa0/23
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport nonegotiate
SW1(config-if)#no shutdown
- SW2:

187

SW2(config)#interface fa0/22
SW2(config-if)# switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport nonegotiate
SW2(config-if)#no shutdown
- SW3:
SW3(config)#interface fa0/23
SW3(config-if)# switchport trunk encapsulation dot1q
SW3(config-if)#switchport mode trunk
SW3(config-if)#switchport nonegotiate
SW3(config-if)#no shutdown

- S dng lnh show interfaces trunk kim tra li cu hnh Trunking

SW1#show interfaces trunk
Port

Mode

Encapsulation Status

Native vlan

Fa0/20

on

802.1q

trunking

Fa0/22

on

802.1q

trunking

Fa0/23

on

802.1q

trunking

Port

Vlans allowed on trunk

Fa0/20

1-4094

Fa0/22

1-4094

Fa0/23

1-4094

Port

Vlans allowed and active in management domain

Fa0/20

Fa0/22

188

Fa0/23
Port

1
Vlans in spanning tree forwarding state and not pruned

Fa0/20

none

Fa0/22

Fa0/23

Router:
Router#config terminal
Enter configuration commands, one per line. End with C
Router(config)#interface fa0/0
Router(config-if)#description Gateway cho VLAN1
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fa0/0.2
Router(config-subif)#description Gateway cho VLAN2
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#exit
Router(config)#interface fa0/0.3
Router(config-subif)#description Gateway cho VLAN3
Router(config-subif)#encapsulation dot1Q 3
Router(config-subif)#ip address 192.168.3.1 255.255.255.0
Router(config-if)#exit
Router(config)#interface fa0/0.4
Router(config-subif)#description Gateway cho VLAN4

189

Router(config-subif)#encapsulation dot1Q 4
Router(config-subif)#ip address 192.168.4.1 255.255.255.0
Router#show ip interface brief
Interface

IP-Address

OK? Method Status

Protocol

FastEthernet0/0

192.168.1.1

YES

manual up

up

FastEthernet0/0.2

192.168.2.1

YES

manual up

up

FastEthernet0/0.3

192.168.3.1

YES

manual up

up

FastEthernet0/0.4

192.168.4.1

YES

manual up

up

FastEthernet0/1

unassigned

YES administratively down down

Serial0/1/0

unassigned

YES administratively down down

Serial0/1/1

unassigned

YES administratively down down

Bc 5: To VLAN trn VTP server SW1

- Kim tra thng tin VLAN hin ti trn SW1

SW1#show vlan
VLAN Name

Status

Ports

---- -------------------------------- --------- ------------------------------1

default

active

Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11,Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/24, Gi0/1, Gi0/2

1002 fddi-default

act/unsup

190

1003 trcrf-default

act/unsup

1004 fddinet-default

act/unsup

1005 trbrf-default

act/unsup

- Tin hnh to VLAN

SW1(config)#vlan 2
SW1(config-vlan)#name Accounting_Network
SW1(config-vlan)#exit
SW1(config)#vlan 3
SW1(config-vlan)#name Engineering_Network
SW1(config-vlan)#exit
SW1(config)#vlan 4
SW1(config-vlan)#name Markeeting_Network
SW1(config-vlan)#exit
- Kim tra lai thng tin trn SW1,SW2,SW3 sau khi cu hnh m bo thng tin VLAN v
VTP c ng b
SW1#show vlan
VLAN Name

Status

Ports

---- -------------------------------- --------- ------------------------------1

default

active

Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/21
Fa0/24, Gi0/1, Gi0/2

Accounting_Network

active

Engineering_Network

active

191

Markeeting_Network

active

1002 fddi-default

act/unsup

1003 trcrf-default

act/unsup

1004 fddinet-default

act/unsup

1005 trbrf-default

act/unsup

SW1#show vtp status

VTP Version

:2

Configuration Revision

:4

Maximum VLANs supported locally : 250

Number of existing VLANs

:8

VTP Operating Mode

: Server

VTP Domain Name

: TTG

VTP Pruning Mode

: Disabled

VTP V2 Mode

: Enabled

VTP Traps Generation

: Disabled

MD5 digest

: 0x23 0x1C 0x6A 0xEB 0x65 0xD2 0xA5 0x51

Configuration last modified by 0.0.0.0 at 3-1-93 00:41:55

Local updater ID is 0.0.0.0 (no valid interface found)
SW2#show vlan
VLAN Name

Status

Ports

---- -------------------------------- --------- ------------------------------1

default

active

Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16

192

Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/23, Fa0/24, Gi0/1
Gi0/2
2

Accounting_Network

active

Engineering_Network

active

Markeeting_Network

active

1002 fddi-default

act/unsup

1003 trcrf-default

act/unsup

1004 fddinet-default

act/unsup

1005 trbrf-default

act/unsup

SW2#show vtp status

VTP Version

:2

Configuration Revision

:4

Maximum VLANs supported locally : 250

Number of existing VLANs

:8

VTP Operating Mode

: Client

VTP Domain Name

: TTG

VTP Pruning Mode

: Disabled

VTP V2 Mode

: Enabled

VTP Traps Generation

: Disabled

MD5 digest

: 0x23 0x1C 0x6A 0xEB 0x65 0xD2 0xA5 0x51

Configuration last modified by 0.0.0.0 at 3-1-93 00:41:55

SW3#show vtp status
VTP Version

:2

Configuration Revision

:4

193

Maximum VLANs supported locally : 250

Number of existing VLANs

:8

VTP Operating Mode

: Client

VTP Domain Name

: TTG

VTP Pruning Mode

: Disabled

VTP V2 Mode

: Enabled

VTP Traps Generation

: Disabled

MD5 digest

: 0x23 0x1C 0x6A 0xEB 0x65 0xD2 0xA5 0x51

Configuration last modified by 0.0.0.0 at 3-1-93 00:41:55

SW3#show vlan
VLAN Name

Status

Ports

---- -------------------------------- --------- ------------------------------1

default

active

Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/23, Fa0/24, Gi0/1
Gi0/2

Accounting_Network

active

Engineering_Network

active

Markeeting_Network

active

1002 fddi-default

act/unsup

1003 trcrf-default

act/unsup

1004 fddinet-default

act/unsup

194

1005 trbrf-default

act/unsup

Bc 6: Gn cc port trn tng Switch vo VLAN tng ng

- SW1:
SW1(config)#interface range fa0/1 - 5
SW1(config-if-range)#switchport access vlan 2
SW1(config-if-range)#exit
SW1(config)#interface range fa0/6 - 10
SW1(config-if-range)#switchport access vlan 3
SW1(config-if-range)#exit
SW1(config)#interface range fa0/11 - 15
SW1(config-if-range)#switchport access vlan 4
SW1(config-if-range)#exit
- Lp li bc 6 trn cc Switch cn li
- Kim tra li bng lnh show vlan trn c 3 Switch
SW1#show vlan
VLAN Name

Status

Ports

---- -------------------------------- --------- -----------------------------1

default

active

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/21, Fa0/24, Gi0/1, Gi0/2

Accounting_Network

active

Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5

Engineering_Network

active

Fa0/6, Fa0/7, Fa0/8, Fa0/9

Fa0/10

Markeeting_Network

active

Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15

195

Bc 7 : Cu hnh a ch IP cho cc Switch c th qun l t xa

SW1(config)# interface VLAN1
SW1(config-if)#ip address 192.168.1.11 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#exit
SW1(config)#ip default-gateway 192.168.1.1
SW1#show ip interface brief
Interface

IP-Address

OK? Method Status

Protocol

Vlan1

192.168.1.11

YES manual

up

up

SW2(config)# interface VLAN1

SW2(config-if)#ip address 192.168.1.12 255.255.255.0
SW2(config-if)#no shutdown
SW2(config-if)#exit
SW2(config)#ip default-gateway 192.168.1.1
SW2#show ip interface brief
Interface

IP-Address

OK? Method Status

Protocol

Vlan1

192.168.1.12

YES manual

up

up

SW3(config)# interface VLAN1

SW3(config-if)#ip address 192.168.1.13 255.255.255.0
SW3(config-if)#no shutdown
SW3(config-if)#exit
SW3(config)#ip default-gateway 192.168.1.1
SW3#show ip interface brief
Interface

IP-Address

OK? Method Status

Protocol

Vlan1

192.168.1.13

YES manual

up

196

up

- T cc Switch th ping n router

SW1#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms
SW1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms
- Sau t router th telnet n cc Switch
Router#telnet 192.168.1.11
Trying 192.168.1.11 ... Open
User Access Verification
Password:
SW1>enable
Password:
SW1#
Bc 8: Cu hnh cho SW1 l RootBrigde
- Tin hnh gn thm mt ng kt ni gia SW2 v SW3 nh m hnh bn di

197

- Cu hnh ng kt ni gia hai switch SW2 v SW3 l hot ng ch Trunk

- SW2:
SW2(config)#interface fa0/24
SW2(config-if)# switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport nonegotiate
SW2(config-if)#no shutdown
- SW3:
SW3(config)#interface fa0/24
SW3(config-if)# switchport trunk encapsulation dot1q
SW3(config-if)#switchport mode trunk

198

SW3(config-if)#switchport nonegotiate
SW3(config-if)#no shutdown
- Kim tra SW1 hin ti c phi l rootbridge cha bn lnh show spanning-tree
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee (Giao thc chy mc nh l PVST+)
Root ID Priority
Address

32769

(Roo tBrigdeID)

000a.b8f3.ec40

Cost

19

Port

22 (FastEthernet0/22) (Root Port ca SW1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority
Address

32769 (priority 32768 sys-id-ext 1) (Priority mc nh ca W1)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Root FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority
Address
Cost

32770

000a.b8f3.ec40
19

199

Port

22 (FastEthernet0/22)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority
Address

32770 (priority 32768 sys-id-ext 2)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Root FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority
Address

32771

000a.b8f3.ec40

Cost

19

Port

22 (FastEthernet0/22)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority
Address

32771 (priority 32768 sys-id-ext 3)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

200

Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Root FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VLAN0004
Spanning tree enabled protocol ieee
Root ID Priority
Address

32772

000a.b8f3.ec40

Cost

19

Port

22 (FastEthernet0/22)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority
Address

32772 (priority 32768 sys-id-ext 4)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Root FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

- cu hnh cho SW1 l Root Bridge cho tt c VLAN ta tin hnh thay i Priority ca SW1
thnh gi tr thp hn gi tr mc nh 32768 ca cc switch khc
Ch : Gi tr ca Priority phi l bi s ca 4096
SW1(config)#spanning-tree vlan 1-4 priority 4096
- Kim tra li thng tin STP sau khi i Priority
SW1#show spanning-tree

201

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority
Address

4097

0018.192e.ddc0

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority
Address

4097 (priority 4096 sys-id-ext 1)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Desg FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority
Address

4098

0018.192e.ddc0

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority
Address

4098 (priority 4096 sys-id-ext 2)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

202

Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Desg FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority
Address

4099

0018.192e.ddc0

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority
Address

4099 (priority 4096 sys-id-ext 3)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Desg FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VLAN0004
Spanning tree enabled protocol ieee
Root ID Priority
Address

4100

0018.192e.ddc0

This bridge is the root

203

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority
Address

4100 (priority 4096 sys-id-ext 4)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Desg FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

- Nh chng ta thy hin ti SW1 l Root Bridge cho c 4 VLAN

Bc 9: Kim tra li s nh tuyn gia cc VLAN
- Cu hnh Ip cho cc PC nh sau :
PC-VLAN1 :
IP : 192.168.1.10
SM : 255.255.255.0
GW : 192.168.1.1 (cng Fa0/0 trn router TTG1)
Port : Fa0/16
PC-VLAN2 :
IP : 192.168.2.10
SM : 255.255.255.0
GW : 192.168.2.1 (cng Fa0/0.2 trn router TTG1)
Port : Fa0/1
PC-VLAN3 :

204

IP : 192.168.3.10
SM : 255.255.255.0
GW : 192.168.3.1 (cng Fa0/0.3 trn router TTG1)
Port : Fa0/6
PC-VLAN4 :
IP : 192.168.4.10
SM : 255.255.255.0
GW : 192.168.4.1 (cng Fa0/0.4 trn router TTG1)
Port : Fa0/11
- T cc PC ca VLAN 1,2,3,4 phi ping c nhau ,c th s dng thm lnh tracert kim
tra ng i ca gi tin t VLAN ny qua VLAN khc

205

Bc 10: Cu hnh PVRST+

Chuyn cc Switch qua hot ng mode PVRST+

- SW1:
SW1(config)#spanning-tree mode rapid-pvst
SW1(config)#spanning-tree vlan 1-2 root primary
SW1(config)#spanning-tree vlan 3-4 root secondary
- SW2:
SW2(config)#spanning-tree mode rapid-pvst
SW2(config)#spanning-tree vlan 1-2 root secondary
SW2(config)#spanning-tree vlan 3-4 root primary

206

- SW1:
SW3(config)#spanning-tree mode rapid-pvst
- Kim tra li cu hnh PVRST+ trn SW1
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority
Address

4097

0018.192e.ddc0

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority
Address

4097 (priority 4096 sys-id-ext 1)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Desg FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VLAN0002
Spanning tree enabled protocol rstp
Root ID Priority
Address

4098

0018.192e.ddc0

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

207

Bridge ID Priority
Address

4098 (priority 4096 sys-id-ext 2)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Desg FWD 19

128.22 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VLAN0003
Spanning tree enabled protocol rstp
Root ID Priority
Address

24579

000a.b8f3.ee00

Cost

19

Port

23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority
Address

28675 (priority 28672 sys-id-ext 3)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Desg FWD 19

128.22 P2p

208

Fa0/23

Root FWD 19

128.23 P2p

VLAN0004
Spanning tree enabled protocol rstp
Root ID Priority
Address

24580

000a.b8f3.ee00

Cost

19

Port

23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority
Address

28676 (priority 28672 sys-id-ext 4)

0018.192e.ddc0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/20

Desg FWD 19

128.20 P2p

Fa0/22

Desg FWD 19

128.22 P2p

Fa0/23

Root FWD 19

128.23 P2p

- Nh vy hin ti SW1 ang l Root Bridge cho VLAN 1 v 2

- Tng t nh vy trn SW2
SW2#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority
Address
Cost

4097

0018.192e.ddc0
19

209

Port

23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority
Address

28673 (priority 28672 sys-id-ext 1)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/21

Desg FWD 19

128.21 P2p

Fa0/23

Root FWD 19

128.23 P2p

VLAN0002
Spanning tree enabled protocol rstp
Root ID Priority
Address

4098

0018.192e.ddc0

Cost

19

Port

23 (FastEthernet0/23)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority
Address

28674 (priority 28672 sys-id-ext 2)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/1

Desg FWD 19

128.1

P2p

Fa0/21

Desg FWD 19

128.21 P2p

210

Fa0/23

Root FWD 19

128.23 P2p

VLAN0003
Spanning tree enabled protocol rstp
Root ID Priority
Address

24579

000a.b8f3.ee00

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority
Address

24579 (priority 24576 sys-id-ext 3)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300
Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/6

Desg FWD 19

128.6

P2p

Fa0/21

Desg FWD 19

128.21 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VLAN0004
Spanning tree enabled protocol rstp
Root ID Priority
Address

24580

000a.b8f3.ee00

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority
Address

24580 (priority 24576 sys-id-ext 4)

000a.b8f3.ee00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

211

Aging Time 300

Interface

Role Sts Cost

Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------Fa0/21

Desg FWD 19

128.21 P2p

Fa0/23

Desg FWD 19

128.23 P2p

VI.

Mt s lnh lin quan n bi lab :

Enable STP

Switch(config)#spanning-tree vlan 5

Enable giao thc STP trn VLAN 5 ca

switch

Switch(config)#no spanning-tree vlan 5

Disable giao thc STP trn VLAN 5 ca

switch

Cu hnh Root switch

Switch(config)#spanning-tree vlan 5 Root

Sa i switch priority t gi tr mc nh
l 32768 thnh mt gi tr thp hn
cho php switch c th tr thnh mt
root switch trong vlan 5
* Ch : Nu tt c cc switch khc u c kh
nng h tr System ID m rng,
th switch c cu hnh bng cu lnh
trn s khi to li gi tr priority l
24576. Nu c mt s switch c gi tr
priority c cu hnh thp hn 24576,
th switch s c gn gi tr priority
l 4096 l gi tr priority thp nht trong
s cc switch.

Switch(config)#spanning-tree vlan 5

Switch s tnh ton li cc tham s thi

212

root primary

gian vi cc gi tr prirority cho php

switch c th tr thnh root switch
cho VLAN 5.
* Ch : Thng thng root switch l
mt switch nm mng backbone hoc
distribution

Switch(config)#spanning-tree vlan 5

Switch s thc hin tnh ton li cc

root secondary

tham s thi gian vi gi tr priority

cho php switch tr thnh root switch
cho VLAN 5 khi m root switch ca VLAN 5
b li.

Cu hnh Path Cost

Switch(config)#interface

Chuyn cu hnh vo ch Interface

gigabitethernet 0/1

gi0/1

Switch(config-if)#spanning-tree cost

Cu hnh gi tr Cost cho interface ang

100000

hot ng ch access

Switch(config-if)#spanning-tree vlan 5

Cu hnh Gi tr Cost ca VLAN cho mt

cost 1000000

interface ang hot ng ch Trunk.

Cu hnh Switch Priority ca mt VLAN

Switch(config)# spanning-tree vlan 5

Cu hnh gi tr switch priority ca VLAN

priority 12288

5 l 12288

Kim tra STP :

Switch#show spanning-tree

Hin th thng tin STP

Switch#show spanning-tree active

Hin th thng tin STP duy nht trn cc

interface ang hot ng.

213

Switch#show spanning-tree brief

Hin th trng thi ca STP

Switch#show spanning-tree detail

Hin th thng tin chi tit ca interface

Switch#show spanning-tree interface

Hin th thng tin STP cho interface gi0/1

gigabitethernet 0/1
Switch#show spanning-tree summary

Hin th trng thi tng quan ca mt

port

Switch#show spanning-tree summary totals

Hin th tng s dng ca cc phin STP

Switch#show spanning-tree vlan 5

Hin th thng tin STP cho VLAN 5

214

LAB 20: nh Tuyn S Dng Switch Layer3

I. M hnh bi Lab :

II. Cc bc thc hin :

- Cu hnh trunking gia cc Switch
- Etherchannel tng bng thng v chia ti t cc Switch Access n Layer3 Switch
- S dng giao thc VTP ng b thng tin VLAN gia cc Switch
- To thng tin VLAN trn switch VTP Server gm 4 VLAN:
+VLAN 2 : K Ton s dng lp mng 192.168.2.0
+VLAN 3 : Kinh Doanh s dng lp mng 192.168.3.0
+VLAN 4 : Gim c s dng lp mng 192.168.4.0
+VLAN 5 : IT s dng lp mng 192.168.5.0
- Trn cc Switch Access ln lt c cc cng thuc VLAN nh sau :
+fa0/5 n fa0/9 thuc VLAN 2

215

+fa0/10 n fa0/14 thuc VLAN 3

+fa0/15 n fa0/19 thuc VLAN 4
+fa0/20 n fa0/24 thuc VLAN 5
- m bo Layer3 Switch l RootBrdge trong STP
- S dng cc Layer3 Switch nh tuyn gia cc VLAN
- nh tuyn gia Layer3 Switch v Router
1. Cu hnh trunking gia cc Switch
- Layer3SW:
Switch(config)#hostname Layer3SW
Layer3SW(config)#interface range fa0/1 - 4
Layer3SW(config-if-range)#switchport mode trunk
- AccessSW1:
Switch(config)#hostname AccessSW1
AccessSW1(config)#interface range fa0/1 - 2
AccessSW1(config-if-range)#switchport mode trunk
- AccessSW2:
Switch(config)#hostname AccessSW2
AccessSW2(config)#interface range fa0/1 - 2
AccessSW2(config-if-range)#switchport mode trunk
2.S dng Etherchannel tng bng thng v chia ti t cc Switch Access n Layer3 Switch
- Layer3SW:
Layer3SW(config)#interface port-channel 1
Layer3SW(config-if)#exit
Layer3SW(config)#interface range fa0/1 2
Layer3SW(config-if-range)#channel-group 1 mode active

216

Layer3SW(config-if)#exit
Layer3SW(config)#interface port-channel 2
Layer3SW(config-if)#exit
Layer3SW(config)#interface range fa0/3 4
Layer3SW(config-if-range)#channel-group 2 mode active
- AccessSW1:
AccessSW1(config)#interface port-channel 1
AccessSW1(config-if)#exit
AccessSW1(config)#interface range fa0/1 2
AccessSW1(config-if-range)#channel-group 1 mode active
- AccessSW2:
AccessSW2(config)#interface port-channel 2
AccessSW2(config-if)#exit
AccessSW2(config)#interface range fa0/1 2
AccessSW2(config-if-range)#channel-group 2 mode active
3. S dng giao thc VTP ng b thng tin VLAN gia cc Switch:
- Layer3SW:
Layer3SW(config)#vtp domain TTG
Layer3SW(config)#vtp password 123
Layer3SW(config)#vtp mode server
- AccessSW1:
AccessSW1(config)#vtp domain TTG
AccessSW1(config)#vtp password 123
AccessSW1(config)#vtp mode client
- AccessSW2:

217

AccessSW2(config)#vtp domain TTG

AccessSW2(config)#vtp password 123
AccessSW2(config)#vtp mode client
4. To thng tin VLAN trn switch VTP Server gm 4 VLAN:
+VLAN 2 : K Ton s dng lp mng 192.168.2.0
+VLAN 3 : Kinh Doanh s dng lp mng 192.168.3.0
+VLAN 4 : Gim c s dng lp mng 192.168.4.0
+VLAN 5 : IT s dng lp mng 192.168.5.0
Do chng ta ang s dng giao thc VTP ng b thng tin VLAN cho ton b Switch trong
h thng nn to thng tin VLAN bt buc phi lm trn Switch VTP Server trong trng
hp ny Layer3SW
- Layer3SW :
Layer3SW(config)#vlan 2
Layer3SW(config-vlan)#name KeToan
Layer3SW(config-vlan)#exit
Layer3SW(config)#vlan 3
Layer3SW(config-vlan)#name KinhDoanh
Layer3SW(config-vlan)#exit
Layer3SW(config)#vlan 4
Layer3SW(config-vlan)#name GiamDoc
Layer3SW(config-vlan)#exit
Layer3SW(config)#vlan 5
Layer3SW(config-vlan)#name IT
Layer3SW(config-vlan)#exit
Sau kim tra li vic ng b thng tin VLAN trn cc AccessSW1 v AccessSW2 bng lnh
show vlan brief m bo chc chn c thng tin v cc VLAN mi to trn
5. Trn cc Switch Access ln lt c cc cng thuc VLAN nh sau :

218

- AccessSW1:
AccessSW1(config)#interface range fa0/5 - 9
AccessSW1(config-if-range)#switchport access vlan 2
AccessSW1(config-if-range)#exit
AccessSW1(config)#interface range fa0/10 - 14
AccessSW1(config-if-range)#switchport access vlan 3
AccessSW1(config-if-range)#exit
AccessSW1(config)#interface range fa0/15 19
AccessSW1(config-if-range)#switchport access vlan 4
AccessSW1(config-if-range)#exit
AccessSW1(config)#interface range fa0/20 - 24
AccessSW1(config-if-range)#switchport access vlan 5
- AccessSW2:
AccessSW2(config)#interface range fa0/5 - 9
AccessSW2(config-if-range)#switchport access vlan 2
AccessSW2(config-if-range)#exit
AccessSW2(config)#interface range fa0/10 - 14
AccessSW2(config-if-range)#switchport access vlan 3
AccessSW2(config-if-range)#exit
AccessSW2(config)#interface range fa0/15 19
AccessSW2(config-if-range)#switchport access vlan 4
AccessSW2(config-if-range)#exit
AccessSW2(config)#interface range fa0/20 - 24
AccessSW2(config-if-range)#switchport access vlan 5
6. m bo Layer3 Switch l RootBrdge trong STP:

219

Layer3SW(config)#spanning-tree vlan 1-5 root primary

7. S dng cc Layer3 Switch nh tuyn gia cc VLAN:
nh tuyn gia cc VLAN trn switch Layer3 ta s t a ch cho cc interface VLAN
2,3,4,5 v dng cc interface ny lm gateway cho cc PC bn di (cc interface VLAN gi
l SVI: Switch Virtual Interface)
-Bt tnh nng nh tuyn
Layer3SW(config)#ip routing
-t a ch Ip cho cc interface VLAN theo lp mng tng ng phn trn, c th nh sau:
Layer3SW(config)#interface vlan 2
Layer3SW(config-if)#ip address 192.168.2.1 255.255.255.0
Layer3SW(config-if)#no shutdown
Layer3SW(config-if)#exit
Layer3SW(config)#interface vlan 3
Layer3SW(config-if)#ip address 192.168.3.1 255.255.255.0
Layer3SW(config-if)#no shutdown
Layer3SW(config-if)#exit
Layer3SW(config)#interface vlan 4
Layer3SW(config-if)#ip address 192.168.4.1 255.255.255.0
Layer3SW(config-if)#no shutdown
Layer3SW(config-if)#exit
Layer3SW(config)#interface vlan 5
Layer3SW(config-if)#ip address 192.168.5.1 255.255.255.0
Layer3SW(config-if)#no shutdown
Layer3SW(config-if)#exit
-t a ch Ip cho cc PC kim tra vic nh tuyn gia cc VLAN thnh cng hay cha:
PCVLAN2 :

220

Ip Address : 192.168.2.10
Subnet Mask: 255.255.255.0
Gateway

: 192.168.2.1

PCVLAN3 :
Ip Address : 192.168.3.10
Subnet Mask: 255.255.255.0
Gateway

: 192.168.3.1

PCVLAN4 :
Ip Address : 192.168.4.10
Subnet Mask: 255.255.255.0
Gateway

: 192.168.4.1

PCVLAN5 :
Ip Address : 192.168.5.10
Subnet Mask: 255.255.255.0
Gateway

: 192.168.5.1

- Sau t cc PC s dng lnh Ping kim tra qu trnh nh tuyn thnh cng hay khng, kt
qu cc PC phi Ping c ln nhau
8.nh tuyn gia Layer3 Switch v Router:
- Layer3SW:
Layer3SW(config)#interface fa0/5
Layer3SW(config-if)#no switchport
Layer3SW(config-if)#ip address 192.168.6.1 255.255.255.0
Layer3SW(config-if)#no shutdown
Layer3SW(config-if)#exit
- Cu hnh giao thc nh tuyn RIPv2
Layer3SW(config)#router rip

221

Layer3SW(config-router)#version 2
Layer3SW(config-router)#network 192.168.2.0
Layer3SW(config-router)#network 192.168.3.0
Layer3SW(config-router)#network 192.168.4.0
Layer3SW(config-router)#network 192.168.5.0
Layer3SW(config-router)#network 192.168.6.0
- Router DNG :
Router(config)#hostname DNG
DNG(config)#interface fa0/0
DNG(config-if)#ip address 192.168.6.2 255.255.255.0
DNG(config-if)#no shutdown
DNG(config-if)#exit
DNG(config)#router rip
DNG(config-router)#version 2
DNG(config-router)#network 192.168.6.0
- Kim tra bng nh tuyn ca Router v Layer3Switch s dng lnh show ip route
Mt s lnh lin quan n bi Lab :
1. Cu hnh Port Channel
Layer3SW(config)#interface range fa0/1 - 4

Chuyn cu hnh vo ch interface

fa0/1 4

Layer3SW(config-if-range)#switchport mode
trunk

Cu hnh di interface ny s hot ng

Layer3SW (config-if)#switchport trunk

Cu hnh giao thc 802.1q s c s

encapsulation dot1q

dng ng gi d liu trn ng

ch trunk.

trunk.

222

Layer3SW(config)#interface port-channel 1

To ra mt channel logical interface

Layer3SW (config)#interface range

Chuyn cu hnh vo ch interface.

fastethernet 0/1 2
Layer3SW(config-if-range)#channel-group 1
mode active

To mt Channel Group l 1 v ng thi

gn hai interface fa0/1 v fa0/2 tr
thnh thnh vin ca Channel Group
ny.

2. nh tuyn gia Layer3 Switch

Layer3SW(config)#ip routing

Bt tnh nng nh tuyn trn Switch Layer 3

223

STANDARD ACCESS LIST

I.

Gii thiu:
- Mt trong nhng cng c rt quan trng trong Cisco Router c dng trong lnh vc
security l Access List. y l mt tnh nng gip bn c th cu hnh trc tip trn Router
to ra mt danh sch cc a ch m bn c th cho php hay ngn cn vic truy cp vo mt a
ch no .
- Access List c 2 loi l Standard Access List v Extended Access List.
+ Standard Access List: y l loi danh sch truy cp m khi cho php hay
ngn cn vic truy cp,Router ch kim tra mt yu t duy nht l a ch ngun(Source Address)
+ Extended Access List: y l loi danh sch truy cp m rng hn so vi loi
Standard,cc yu t v a ch ngun, a ch ch,giao thc,port..s c kim tra trc khi
Router cho php vic truy nhp hay ngn cn.

M t bi lab v hnh :
- Bi Lab ny gip bn thc hin vic cu hnh Standard Access List cho Cisco Router
vi mc ch ngn khng cho host truy cp n router TTG2, ( X l s th t ca nhm do ging
vin phn )

II.

III.

Cu hnh router :

224

- Router TTG1 :
Router> enable
Router#configure terminal
Router(config)#hostname TTG1
TTG1(config)#interface s0/1/0
TTG1(config-if)#ip address 192.168.1.1 255.255.255.0
TTG1(config-if)#no shutdown
TTG1(config-if)#exit
TTG1(config)#interface fa0/1
TTG1(config-if)#ip address 10.X.0.1 255.255.255.0
TTG1(config-if)#no shutdown
- Router TTG2
Router> enable
Router#configure terminal
Router(config)#hostname TTG2
TTG2(config)#interface s0/1/0
TTG2(config-if)#ip address 192.168.1.2 255.255.255.0
TTG2(config-if)#no shutdown
TTG2(config-if)#exit
TTG2(config)#interface fa0/1
TTG2(config-if)#ip address 11.X.0.1 255.255.255.0
TTG2(config-if)#no shutdown

- PC1:
IP Address:10.X.0.2
Subnet mask:255.255.255.0

225

Gate way : 10.X.0.1

- PC2:
IP Address:11.X.0.2
Subnet mask:255.255.255.0
Gate way : 11.X.0.1
- Bn thc hin vic nh tuyn cho cc Router nh sau(Dng giao thc RIP):
TTG1(config)#router rip
TTG1(config-router)#version 2
TTG1(config-router)#network 192.168.1.0
TTG1(config-router)#network 10.0.0.0
TTG2(config)#router rip
TTG1(config-router)#version 2
TTG2(config-router)#network 192.168.1.0
TTG2(config-router)#network 11.0.0.0
- Bn thc hin kim tra qu trnh nh tuyn:
TTG2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms
TTG2#ping 11.X.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms
TTG2#ping 11.X.0.2

226

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 11.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/40 ms
- Sau qu trnh nh tuyn,kim tra chc chn rng mng c thng,bn thc hin vic to
Access List Standard ngn khng cho PC1 ping vo TTG2.
- Bn thc hin to Access List trn Router TTG2 nh sau:
TTG2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
TTG2(config)#access-list 1 deny 11.X.0.2 0.0.0.0
//t chi s truy nhp ca a ch 11.0.0.2//
- Lc ny bn thc hin lnh Ping t Host1 n TTG2

- Bn thy lnh Ping thc hin vn thnh cng, l do l bn cha m ch Access list trn
interface s0/1/0 ca router TTG2
TTG1(config)#interface s0/1/0
TTG1(config-if)#ip access-group 1 in

227

- Sau khi apply access list vo interface s0/1/0, ta ping t PC1 n TTG2.

- By gi ta i a ch ca PC thnh 11.X.0.3, v th ping li 1 ln na.

- Bn thy lnh Ping vn khng thnh cng, l do l khi khng tm thy a ch source (a ch
l) trong danh sch Access list, router s mc nh thc hin Deny any,v vy bn phi thay i
mc nh ny. Sau y l lnh debug ip packet ti TTG2 khi thc hin lnh ping trn.

228

TTG1(config)#access-list 1 permit any

- Lc ny bn thc hin li lnh Ping t PC1 n TTG2

- Bn thy lnh Ping thnh cng, n y bn cu hnh xong Standard Access List.
Mt s lnh lin quan n bi lab :
1. To ACL Standard

229

Router(config)#access-list 10 permit

Tt c cc gi tin c a ch IP ngun l

172.16.0.0 0.0.255.255

172.16.x.x s c php truyn tip.

10 : Ch s nm trong khong t 1 n 99,
hoc 1300 n 1999, c s dng cho ACL
standard.

Router(config)#access-list 10 deny host

172.17.0.1

Tt c cc gi tin c a ch IP ngun l

Router(config)#access-list 10 permit any

Tt c cc gi tin ca tt c cc mng s

172.17.0.1 s c php truyn tip.

c php truyn tip.

2. Gn ACL Standard cho mt interface
Router(config)#interface fastethernet 0/0

Chuyn cu hnh vo ch interface

fa0/0.

Router(config-if)#ip access-group 10 in

Cu lnh ny c s dng gn ACL

10 vo interface fa0/0. Nhng gi tin i
vo router thng qua interface fa0/0 s
c kim tra.

Router(config-if)#ip access-group 10 out

Cu lnh ny c s dng gn ACL

10 vo interface fa0/0. Nhng gi tin i
ra router thng qua interface fa0/0 s
c kim tra.
* Ch : Mi Interface ch c gn 1 chiu in
hoc out

3. Kim tra ACL

Router#show ip interface

Hin th tt c cc ACL c gn vo
interface.

Router#show access-lists

Hin th ni dung ca tt c cc ACL trn

230

router.
Router#show access-list access-list-

Hin th ni dung ca ACL c ch s c

number

ch ra trong cu lnh.

Router#show access-list name

Hin th ni dung ca ACL c tn c ch

ra trong cu lnh.

4. Xa ACL
Router(config)#no access-list 10

Xa b ACL c ch s l 10.

231

EXTENDED ACCESS LIST

I.

Gii thiu :
- bi trc bn thc hin vic cu hnh Standard Access List, bi Lab ny bn s tip tc tm
hiu su hn v Extended Access List. y l m rng ca Standard Access List, trong qu trnh kim tra,
Router s kim tra cc yu t v a ch ngun, ch,giao thc v port

M t bi lab v hnh :
- Mc ch ca bi Lab:Bn thc hin cu hnh Extended Access List sao cho PC1
khng th Telnet vo Router TTG2 nhng vn c th duyt web qua Router TTG2

II.

- Bn thc hin vic cu hnh cho Router v Host nh hnh trn:

III.

Cu hnh router :

232

PC1:
IP Address:10.X.0.2
Subnet mask:255.255.255.0
Gateway:10.X.0.1
PC2:
IP Address:11.X.0.2
Subnet mask:255.255.255.0
Gateway:11.X.0.1
Router TTG1:
Router> enable
Router#configure terminal
Router(config)#hostname TTG1
TTG1(config)#interface s0/1/0
TTG1(config-if)#ip address 192.168.1.1 255.255.255.0
TTG1(config-if)#no shutdown
TTG1(config-if)#exit
TTG1(config)#interface fa0/1
TTG1(config-if)#ip address 10.X.0.1 255.255.255.0
TTG1(config-if)#no shutdown
Router TTG2 :
Router> enable
Router#configure terminal
Router(config)#hostname TTG2
TTG2(config)#interface s0/1/0
TTG2(config-if)#ip address 192.168.1.2 255.255.255.0
TTG2(config-if)#no shutdown

233

TTG2(config-if)#exit
TTG2(config)#interface fa0/1
TTG2(config-if)#ip address 11.X.0.1 255.255.255.0
TTG2(config-if)#no shutdown
-Cu hnh nh tuyn cho 2 router bng OSPF
Router TTG1 :
TTG1(config)#router ospf 1
TTG1(config-router)#network 10.X.0.0 0.255.255.255 area 0
TTG1(config-router)#network 192.168.1.0 0.0.0.255 area 0
TTG1(config-router)#exit
Router TTG2 :
TTG1(config)#router ospf 1
TTG1(config-router)#network 11.X.0.0 0.255.255.255 area 0
TTG1(config-router)#network 192.168.1.0 0.0.0.255 area 0
TTG1(config-router)#exit
- Bn thc hin lnh Ping kim tra qu trnh nh tuyn.Sau khi chc chn rng qu trnh nh
tuyn thnh cng.
- Ti Router TTG2 bn thc hin cu lnh:
TTG2(config)#ip http server //Cu lnh ny dng gi mt http server trn Router//
- To username v password dng chng thc cho Web Server
TTG2(config)#username TTG2 password cisco
- Lc ny Router s ng vai tr nh mt Web Server
- Sau khi qu trnh nh tuyn thnh cng,b n thc hin cc bc Telnet v duyt Web t
PC1 vo Router TTG2.
- Ch : thnh cng vic Telnet bn phi Login cho ng line vty v t mt khu
cho ng ny( y l Cisco)
TTG2(config)#line vty 0 4

234

TTG2(config-line)#login
TTG2(config-line)#password cisco
Telnet :

Duyt web :

235

- Bn nhp vo User Name v Password

User name: TTG2
Password : cisco
- Cc bc trn thnh cng,bn thc hin vic cu hnh Access list
TTG2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
TTG2(config)#access-list 101 deny tcp 11.X.0.2 0.0.0.0 192.168.1.2 0.0.0.0 eq telnet
TTG2(config)#interface s0/1/0
TTG2(config-if)#ip access-group 101 in
- Bn thc hin li vic Telnet nh trn,bn nhn thy qu trnh Telnet khng thnh cng
nhng bc duyt Web ca bn cng khng thnh cng.
- Theo yu cu bn ch ngn cm Telnet nhng cho php qu trnh duyt Web
Telnet :

236

Duyt Web :

- thnh cng bc duyt Web,bn thc hin cu lnh thay i vic Deny any mc
nh ca Access List.
TTG2(config)#access-list 101 permit ip any any
- Bn ch rng cc cu lnh trong Access List extended khng ging nh trong Access
List Standard v trong Access List Extended,Router s kim tra c a ch ngun,ch,giao thc
v port..Permit ip any any c ngha l cho php tt c cc a ch ngun v ch khc(khng tm
thy trong danh sch Access List) chy trn nn giao thc IP i qua.
Lc ny bn thc hin li qu trnh duyt web

237

Bn nhp vo User Name v Password

User name :TTG2
Password : Cisco
-n y bn thnh cng vic cu hnh cho Extended Access List,bn thc hin
c yu cu to Access List cho Router vi mc ch ngn cm vic Telnet vo Router v cho
php qu trnh duyt Web vo Router.Bn cng c th m rng thm hnh vi nhiu Router
thc tp vic cu hnh Access List cho Router vi nhng yu cu bo mt khc nhau.
Mt s lnh lin quan n bi lab :
1. To ACL Extended
Router(config)#access-list 110 permit
tcp 172.16.0.0 0.0.0.255 192.168.100.0
0.0.0.255 eq 80

Cc gi tin HTTP c a ch IP ngun l

172.16.0.x s c cho php truyn n
mng ch l 192.168.100.x

238

110 : Ch s nm trong khong t 100 n

199, hoc t 2000 n 2699 s c s
dng to ACL extended IP
Router(config)#access-list 110 deny

Cc gi tin Telnet c a ch IP ngun s

tcp any 192.168.100.7 0.0.0.0 eq 23

b chn li nu chng truy cp n ch

l 192.168.100.7

2. Gn ACL extended cho mt interface

Router(config)#interface fastethernet 0/0

Chuyn cu hnh vo ch interface

fa0/0.

Router(config-if)#ip access-group 110

ng thi gn ACL 110 vo interface

out

theo chiu out. Nhng gi tin i ra khi

interface fa0/0 s c kim tra.

239

Lab ACL Tng Hp

240

CU HNH NAT STATIC

I.

Gii thiu :
Nat (Network Address Translation) l mt giao thc dng cung cp s chuyn i IP
trong 1 min a ra mt mi trng khc thng qua mt IP c ng k chuyn i
thng tin gia 2 mi trng (either Local or Global) .
u im ca NAT( Network Nat Translation ) l chuyn i cc IP adress ring trong mng
n IP adress inside c Cung cp khi ng k .
Cc loi a ch :

Inside Local : l cc a ch bn trong mng ni b ( gateway)

Inside Global :l cc a ch ngoi cng GATEWAY , l a ch Nat c
ng k. Trong bi nay l :172.17.0.1/24
Outside Global : l cc h thng mng bn ngoi cc mi trng
Cch thc chuyn i mt IP public v mt IP private s khng c hiu qu khi chng ta
trin khai rng cho tt c cc host trong mng, bi v khi lm nh v y ta s khng c a ch
cung cp. Nat tnh th ng c p dng khi ta s dng a ch public lm WebServer hay
FTP Server,v.v.
M t bi lab v hnh :

II.

- Cc PC ni vi router bng cp cho, hai router ni vi nhau bng cp serial. a ch IP ca cc

interface v PC c cho trn hnh v
- Trong bi lab ny, router TTG2 c cu hnh nh m t ISP, router TTG1 c cu hnh nh
mt Gateway, mc tiu bi lab l cu hnh Static NAT cho PC1 sao cho khi chy ra khi TTG1
s c chuyn thnh 172.17.0.1
- Sauk hi Static NAT PC2 mun kt ni n PC1 phi thng qua a ch 172.17.0.1

III. Cu hnh :
- Chng ta cu hnh cho cc router nh sau :

241

Router TTG2 :
Router#conf igure terminal
TTG2(config)#enable password cisco
TTG2 (config)#hostname TTG2
TTG2config)#interface s0/1/0
TTG2 (config-if)#ip address 192.168.0.2 255.255.255.0
TTG2 (config-if)# no shutdown
TTG2 (config-if)#clock rate 64000
TTG2 (config)#interface fa0/1
TTG2 (config-if)#ip address 11.1.0.1 255.255.255.0
TTG2 (config-if)#no shutdown
Router TTG1 :
TTG1(config)#interface serial 0/1/0
TTG1(config-if)#ip address 192.168.0.1 255.255.255.0
TTG1(configure-if)#clockrate 64000
TTG1(config)#ip nat outside cu hnh interface S0/1/0l interface outside
TTG1(config)#interface fa0/1
TTG1(config-if)#ip address 10.1.0.1 255.255.255.0
TTG1(config-if)#ip nat intside Cu hnh interface Fa0/0 l interface inside
TTG1(config-if)#no shutdown
- Chng ta tin hnh cu hnh Static NAT cho TTG1 bng cu lnh :
TTG1(config)#ip nat inside source static 10.1.0.2 172.17.0.1
Cu lnh trn c ngha l : cc gi tin xu t pht t PC1 khi qua router ( vo t interface
Fa0/1) TTG1 ra ngoi( ra khi interface S0/1/0) s c i a ch IP source t 10.1.0.2 thnh
a ch 172.17.0.1 (y l a ch c ng k vi ISP)
- Chng ta tin hnh t Static Route cho 2 Router TTG2 v TTG1.

242

TTG1(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.2

TTG2(config)#ip route 172.17.0.0 255.255.0.0 192.168.0.1
- a ch 172.17.0.1 l Address c ng k. Trn thc t ISP ch route xung user bng a
ch ng k ny.
- kim tra vic NAT ca router TTG1 nh th no chng ta s dng cu lnh sau:
TTG1#show ip nat translation
Pro Inside global
--- 172.17.0.1

Inside local
10.1.0.2

Outside local
---

Outside global

---

- kim tra router TTG1 chuyn i a ch nh th no chng ta s dng cu lnh debug ip

nat trn router TTG1 v v ping t PC1 n a ch 11.1.0.1

243

- T ngoi ISP ( TTG2 ) mun ping vo PC1 hay cc server bn trong mng LAN ca khch
hng bng cch ping vo a ch publish ang c NAT trn TTG1 v bn ngoi internet ch kt
ni c n IP ny

- Nh vy bn ngoi mun tng tc c vi Server bn trong phi truy cp vo a ch IP

l 172.17.0.1
Mt s lnh lin quan n bi lab :

244

1. Cu hnh Nat static

Router (config)#ip nat inside source static
172.16.10.5 64.64.64.65

Thc hin chuyn i c nh a ch IP

bn trong 172.16.10.5 thnh mt a
ch IP Public 64.64.64.65. Bn s phi s
dng cu lnh cho mi mt a ch
IP Private m bn mun nh x tnh vi mt
a ch IP Public.

Router (config-if)#ip nat inside

nh ngha ra nhng interface c vai tr

l interface inside

Router (config-if)#ip nat outside

nh ngha interface c vai tr l outside.

2. Kim tra cu hnh NAT

Router#show ip nat translations

Hin th bng chuyn i

Router#show ip nat statistics

Hin th nhng thng tin ca NAT.

Router#clear ip nat translations*

Xa ton b bng chuyn i trc khi

thng tin b time out.

3. X l li vi cu hnh NAT
Router#debug ip nat

Hin th thng tin v nhng gi tin

c chuyn i.

245

CU HNH NAT OVERLOAD (PAT)

I.

Gii thiu :
NAT (Network Address Translation) dng chuyn i cc private address thnh a ch
public address. Cc gi tin t mng ni b ca user gi ra ngoi, khi n router bin a ch IP
source s c chuyn i thnh a ch public m user ng k v i ISP. iu ny cho php
cc gi tin t mng ni b c th c gi ra mng ngoi (Internet).
NAT c cc loi : NAT static, NAT pool, NAT overload.
NAT static cho php chuyn i mt a ch ni b thnh mt a ch public.
NAT pool cho php chuyn i cc a ch ni b thnh mt trong dy a ch public.
NAT overload cho php chuyn i cc a ch ni b thnh mt a ch public

Trong k thut NAT overload, router s s dng thm cc port cho cc a ch khi chuyn
i.
II.

III.

Cc cu lnh s dng trong bi lab :

ip nat {inside | outside}
Cu hnh interface l inside hay outside

ip nat inside source {list {accesslistnumber | name} pool name [overload] | static
localip globalip}
Cho php chuyn a ch ni b thnh a ch public

ip nat pool name startip endip {netmask | prefixlength prefixlength} [type rotary]
To NAT pool

show ip nat translations

Xem cc thng tin v NAT

debug ip nat
Xem hot ng ca NAT

M t bi lab v hnh :

246

- hnh bi lab nh hnh trn. Router TTG1 c cu hnh inteface loopback 0, loopback 1,
loopback 2. Router TTG2 c cu hnh interface loopback 0. Hai router c ni vi nhau bng
cp Serial. Ta gi lp 3 lp mng lo0, lo1, lo2 l nhng mng bn trong, khi cc traffic bn
trong mng ny i ra ngoi ( ra khi S0/1/0) tt c s c chuyn i a ch thnh 192.168.1.1
IV.

Cu hnh router :
Hai router c cu hnh cc interface nh sau :
Router TTG1 :
Router>enable
Router#configure terminal
Router(configure)# hostname TTG1
TTG1(configure)# interface Loopback0
TTG1(configure-if)# ip address 10.1.0.1 255.255.0.0

TTG1(configure-if)#exit
TTG1(configure)# interface Loopback1
TTG1(configure-if)# ip address 11.1.0.1 255.255.0.0
TTG1(configure-if)#exit
TTG1(configure)# interface Loopback2
TTG1(configure-if)# ip address 12.1.0.1 255.255.0.0
TTG1(configure-if)#exit
TTG1(configure)#interface Serial0/1/0

247

TTG1(configure-if)# ip address 192.168.1.1 255.255.255.0

TTG1(configure-if)#clockrate 64000
TTG1(configure-if)#exit
Router TTG2 :
Router>enable
Router#configure terminal
Router(configure)# hostname TTG1
TTG1(configure)# interface Loopback0
TTG1(configure-if)# ip address 13.1.0.1 255.255.0.0
TTG1(configure-if)#exit
TTG1(configure)#interface Serial0/1/0
TTG1(configure-if)# ip address 192.168.1.2 255.255.255.0
TTG1(configure-if)#clockrate 64000
TTG1(configure-if)#exit
- Chng ta cu hnh NAT trn router TTG1 theo cc bc sau :

Bc 1 : Cu hnh cc interface inside v outside

Trong bi lab ny, chng ta cu hnh cho cc interface loopback ca TTG1 l inside cn
interface serial 0 l out side.
TTG1(config)#interface loopback 0
TTG1(config-if)#ip nat inside
TTG1(config)#in loopback 1
TTG1(config-if)#ip nat inside
TTG1(config-if)#interface loopback 2
TTG1(config-if)#ip nat inside
TTG1(config-if)#interface s0/0/0
TTG1(config-if)#ip nat outside

248

TTG1(config-if)#exit

Bc 2 : To access list cho php mng no c NAT.

Chng ta cu hnh cho php mng 10.1.0.0/16 v mng 11.1.0.0/16 c cho php, cm
mng 12.1.0.0/16
TTG1(config)# access-list 1 deny 12.1.0.0 0.0.255.255
TTG1(config)#access-list 1 permit any

Bc 3 : To NAT pool cho router TTG1

Cu hnh NAT pool tn TTG1 c a ch t 172.1.1.1/24 n 172.1.1.5/24
TTG1(config)#ip nat pool TTG1 172.1.1.1 172.1.1.5 netmask 255.255.255.0

Bc 4 : Cu hnh NAT cho router

TTG1(config)#ip nat inside source list 1 pool TTG1 overload
Cu lnh trn cu hnh overload cho NAT pool

Bc 5 : nh tuyn cho router

TTG1(config)#ip route 13.1.0.0 255.255.0.0 192.168.1.2
TTG2(config)#ip route 172.1.1.0 255.255.255.0 192.168.1.1
Lu : i vi router TTG2, nu ta nh tuyn theo dng :
TTG2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

th chng ta c th ping thy c cc mng trong router TTG1 (10.1.0.0/16, 11.1.0.0/16).

Nhng thc t, ISP ch nh tuyn xung cho user bng a ch m user ng k (Inside
global address).

Bc 6 : Kim tra hot ng ca NAT

Chng ta s kim tra NAT bng cu lnh debug ip nat
TTG1#debug ip nat
IP NAT debugging is on

- Sau khi bt debug NAT, chng ta s ping n loopback0 ca TTG2 t loopback0 ca TTG1. Ta
gi lp traffic t host 10.1.0.1 n mng 13.1.0.1. Lc ny khi traffic ca 10.1.0.1 qua S0 s
chuyn i a ch.
TTG1#ping
Protocol [ip]:

249

Target IP address: 13.1.0.1

Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms
TTG1#
00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [190]
00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [190]
00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [191]
00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [191]
00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [192]
00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [192]
00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [193]
00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [193]

250

00:31:12: NAT: s=10.1.0.1->172.1.1.1, d=13.1.0.1 [194]

00:31:12: NAT*: s=13.1.0.1, d=172.1.1.1->10.1.0.1 [194]
- T kt qu trn ta thy c, cc gi tin t mng 10.1.0.1 c i source IP thnh
171.1.1.1.
- S dng cu lnh show ip nat translations xem cc thng v NAT
TTG1#show ip nat translations
Pro Inside global

Inside local

Outside local

Outside global

icmp 172.1.1.1:2459

10.1.0.1:2459

13.1.0.1:2459

13.1.0.1:2459

icmp 172.1.1.1:2460

10.1.0.1:2460

13.1.0.1:2460

13.1.0.1:2460

icmp 172.1.1.1:2461

10.1.0.1:2461

13.1.0.1:2461

13.1.0.1:2461

icmp 172.1.1.1:2462

10.1.0.1:2462

13.1.0.1:2462

13.1.0.1:2462

icmp 172.1.1.1:2463

10.1.0.1:2463

13.1.0.1:2463

13.1.0.1:2463

- Cc s c in m l port NAT s dng cho a ch 10.1.0.1.

- Lp li cc bc trn kim tra NAT cho loopback 1, loopback 2 ca router TTG1
TTG1#ping
Protocol [ip]:
Target IP address: 13.1.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 11.1.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:

251

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms
TTG1#
00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [210]
00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [210]
00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [211]
00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [211]
00:33:16: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [212]
00:33:16: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [212]
00:33:17: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [213]
00:33:17: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [213]
00:33:17: NAT: s=11.1.0.1->172.1.1.1, d=13.1.0.1 [214]
00:33:17: NAT*: s=13.1.0.1, d=172.1.1.1->11.1.0.1 [214]
- TTG1#show ip nat translations
Pro Inside global

Inside local

Outside local

Outside global

icmp 172.1.1.1:6407

11.1.0.1:6407

13.1.0.1:6407

13.1.0.1:6407

icmp 172.1.1.1:6408

11.1.0.1:6408

13.1.0.1:6408

13.1.0.1:6408

icmp 172.1.1.1:6409

11.1.0.1:6409

13.1.0.1:6409

13.1.0.1:6409

icmp 172.1.1.1:6410

11.1.0.1:6410

13.1.0.1:6410

13.1.0.1:6410

icmp 172.1.1.1:6411

11.1.0.1:6411

13.1.0.1:6411

13.1.0.1:6411

TTG1#ping

252

Protocol [ip]:
Target IP address: 13.1.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 12.1.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.1.0.1, timeout is 2 seconds:
..
Success rate is 0 percent (0/5)
- i vi 12.1.0.1, chng ta khng ping ra ngoi c v mng 12.1.0.0/16 b cm trong
access list 1.
- ng router TTG2, chng ta ping xung cc loopback ca router TTG1
TTG2#ping 10.1.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
TTG2#ping 11.1.0.1

253

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
TTG2#ping 12.1.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
- Nhn xt : tt c u khng thnh cng Nguyn nhn l router TTG2 khng c route no n
cc loopback ca router TTG1. Trong thc t, ta cng c kt qu tng t do ISP ch nh tuyn
xung a ch m user ng k, cn cc a ch mng bn trong ca user th khng c ISP nh
tuyn.
Mt s lnh lin quan n bi lab :
1. Cu hnh cc interface inside v outside
Router (config)#interface loopback 0

Cu hnh interface loopback 0 l interface

inside

Router (config-if)#ip nat inside

Router (config-if)#interface s0/0/0

Cu hnh interface loopback 0 l interface

outside

Router (config-if)#ip nat outside

2. To access list cho php mng no c NAT
Router (config)# access-list 1 deny 12.1.0.0
0.0.255.255

To mt ACL cho php mng

12.1.0.0/16 c th c NAT.

Router (config)#access-list 1 permit any

Cu hnh Access-list cho php tt c cc

mng cn li

3. To NAT pool cho router

Router (config)#ip nat pool TTG1 172.1.1.1

Cu hnh NAT pool tn TTG1 c a ch t

254

172.1.1.5 netmask 255.255.255.0

172.1.1.1/24 n 172.1.1.5/24

Router (config)#ip nat inside source list 1

pool TTG1 overload

To NAT bng cch gn list 1 vi pool tn l

TTG1. Phng php Overloading s
c thc thi.

Router (config)#ip nat inside source list 1

interface s0/0/0 overload

To NAT bng cch gn list 1 dng chung ip

ca interface s0/0/0

255

IPv6 Lab

- Trn c 4 router s dng lnh sau n enable IPv6 stack

Router(config)# ipv6 unicast-routing
1.Cu hnh thng tin IPv6 cho tng Router
INTERNET:
Internet(config)#interface s0/1/1
Internet(config-if)#ipv6 address 2001:db8:1:6::2/64
Internet(config)#interface loopback 1
Internet(config-if)#ipv6 address 2001:db8:1:7::/64 eui-64
HN:

256

HN(config-if)#interface s0/2/1
HN(config-if)#ipv6 address 2001:db8:1:6::1/64
HN(config)#interface s0/1/1
HN(config-if)#ipv6 address 2001:db8:1:4::1/64
HN(config)#interface s0/2/0
HN(config-if)#ipv6 address 2001:db8:1:5::1/64
HN(config)#interface loopback 1
HN(config-if)#ipv6 address 2001:db8:1:2::/64 eui-64
DN:
DN(config)#interface s0/1/1
DN(config-if)#ipv6 address 2001:db8:1:4::2/64
DN(config)#interface loopback 1
DN(config-if)#ipv6 address 2001:db8:1:1::/64 eui-64
HCM:
HCM(config)#interface s0/1/1
HCM(config-if)#ipv6 address 2001:db8:1:5::2/64
HCM(config)#interface loopback 1
HCM(config-if)#ipv6 address 2001:db8:1:3::/64 eui-64
2.Kim tra li cu hnh ipv6 trn 4 router:
S dng cc lnh show ipv6 interface,show ipv6 interface brief
HCM#show ipv6 interface brief
FastEthernet0/0

[administratively down/down]

unassigned
FastEthernet0/1

[up/up]

unassigned

257

Serial0/1/0

[administratively down/down]

unassigned
Serial0/1/1

[up/up]

FE80::20A:B8FF:FE21:738C

Link local address, a ch ny do router t ng

to ra v ch s dng c trong mng
a ch ny do mnh khai bo bng lnh

2001:DB8:1:5::2

ipv6 address
Loopback1

[up/up]

FE80::20A:B8FF:FE21:738C
2001:DB8:1:3:20A:B8FF:FE21:738C

EUI-64 address, 64 bit cui t ng sinh ra bng

cch kt hp vi a ch MAC

HCM#show ipv6 interface

Serial0/1/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::20A:B8FF:FE21:738C
Global unicast address(es):
2001:DB8:1:5::2, subnet is 2001:DB8:1:5::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FF21:738C
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent

258

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds
Hosts use stateless autoconfig for addresses.
Loopback1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::20A:B8FF:FE21:738C
Global unicast address(es):
2001:DB8:1:3:20A:B8FF:FE21:738C, subnet is 2001:DB8:1:3::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF21:738C
MTU is 1514 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is not supported
ND reachable time is 30000 milliseconds
Hosts use stateless autoconfig for addresses.
3.S dng lnh Ping kim tra li t ipv6 gia cc router
- Trc khi ping cc bn c th s dng li lnh show ipv6 route
HN#ping 2001:db8:1:5::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:5::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms

259

HN#ping 2001:db8:1:4::2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:DB8:1:4::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
HN#ping 2001:db8:1:6::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:6::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
4.Cu hnh RIPng trn cc router:
INTERNET:
Internet(config)#ipv6 router rip TTG
Internet(config)#interface s0/1/1
Internet(config-if)#ipv6 rip TTG enable
Internet(config)#interface loopback 1
Internet(config-if)#ipv6 rip TTG enable
HN:
HN(config)#ipv6 router rip TTG

// TTG l rip tag

HN(config)#interface s0/1/1
HN(config-if)#ipv6 rip TTG enable
HN(config)#interface s0/2/1
HN(config-if)#ipv6 rip TTG enable
HN(config)#interface s0/2/0

260

HN(config-if)#ipv6 rip TTG enable

HN(config)#interface loopback 1
HN(config-if)#ipv6 rip TTG enable
DN:
DN(config)#ipv6 router rip TTG
DN(config)#interface s0/1/1
DN(config-if)#ipv6 rip TTG enable
DN(config)#interface loopback 1
DN(config-if)#ipv6 rip TTG enable
HCM:
HCM(config)#ipv6 router rip TTG
HCM(config)#interface s0/1/1
HCM(config-if)#ipv6 rip TTG enable
HCM(config)#interface loopback 1
HCM(config-if)#ipv6 rip TTG enable
5.S dng cc lnhh show ipv6 rip v show ipv6 route rip kim tra li cu hnh RIPng
HN#show ipv6 route
IPv6 Routing Table - 12 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R 2001:DB8:1:1::/64 [120/2]
via FE80::218:73FF:FE1D:138E, Serial0/1/1

261

C 2001:DB8:1:2::/64 [0/0]
via ::, Loopback1
L 2001:DB8:1:2:218:73FF:FE1C:379E/128 [0/0]
via ::, Loopback1
R 2001:DB8:1:3::/64 [120/2]
via FE80::20A:B8FF:FE21:738C, Serial0/2/0
C 2001:DB8:1:4::/64 [0/0]
via ::, Serial0/1/1
L 2001:DB8:1:4::1/128 [0/0]
via ::, Serial0/1/1
C 2001:DB8:1:5::/64 [0/0]
via ::, Serial0/2/0
L 2001:DB8:1:5::1/128 [0/0]
via ::, Serial0/2/0
C 2001:DB8:1:6::/64 [0/0]
via ::, Serial0/2/1
R 2001:DB8:1:7::/64 [120/2]
via FE80::218:73FF:FE1C:2DCA, Serial0/2/1
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
6.T router DN v HCM th ping n Internet
DN#ping 2001:db8:1:6::2
Type escape sequence to abort.

262

Sending 5, 100-byte ICMP Echos to 2001:DB8:1:6::2, timeout is 2 seconds:

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
HCM#ping 2001:db8:1:6::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:6::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
Mt s lnh lin quan n bi lab :
1. Gn a ch Ipv6 cho interface
Router(config)#ipv6 unicast-routing

Bt tnh nng chuyn tip cc gi tin

Ipv6 unicast ch global trn router

Router(config)#interface

Chuyn cu hnh vo ch interface

fastethernet 0/0

fa0/0

Router(config-if)#ipv6 enable

T ng cu hnh mt a ch Ipv6 linklocal trn interface v cho php cc tin

trnh x l Ipv6 trn interface.
* Ch : a ch Link-local c cu hnh
bng cu lnh ipv6 enable c th c
s dng duy nht giao tip vi nhng
my trn cng mt lin kt.

Router(config-if)#ipv6 address 3000::1/64

Cu hnh mt a ch Ipv6 global trn

interface v cho php Ipv6 c th c
x l trn router.

2. Cu hnh RIPng trn cc router

263

Router (config)#ipv6 router rip TTG

To mt tin trnh nh tuyn ca RIPng tn

l TTG nu n cha thc s c
to, v chuyn vo ch cu hnh
router.

Router (config)#interface s0/1/1

Chuyn cu hnh vo ch interface.

Router (config-if)#ipv6 rip TTG enable

To mt tin trnh x l ca RIPng l

TTG v cho php RIPng hot ng trn
interface

3. Kim tra cu hnh IPv6

Router#show ipv6 interface brief

Hin th trng thi tng qut ca nhng

interface c cu hnh cho Ipv6.

Router #show ipv6 interface

Hin th trng thi ca cc interface

c cu hnh cho Ipv6.

Router #show ipv6 rip

Hin th thng tin v trng thi hin ti

ca tin trnh x l Ipv6 RIP.

Router #show ipv6 route

Hin th bng nh tuyn Ipv6 hin ti.

264

CU HNH PPP PAP V CHAP

I.

Gii thiu :
PPP (Point-to-Point Protocol) l giao thc ng gi c s dng thc hin kt ni
trong mng WAN. PPP bao gm LCP (Link Control Protocol) v NCP (Network Control
Protocol). LCP c dng thit lp kt ni point-to-point, NCP dng cu hnh cho cc giao
thc lp mng khc nhau.
PPP c th c cu hnh trn cc interface vt l sau :
Asynchronous serial : cng serial bt ng b
Synchronous serial : cng serial ng b
High-Speed Serial Interface (HSSI) : cng serial tc cao
Integrated Services Digital Network (ISDN)
Qu trnh to session ca PPP gm ba giai on (phase):
Link-establishment phase
Authentication phase (ty chn)
Network layer protocol phase
Ty chn xc nhn (authentication) gip cho vic qun l mng d dng hn. PPP s
dng hai cch xc nhn l PAP (Password Authentication Protocol) v CHAP (Challenge
Handshake Authentication Protocol).

PAP l dng xc nhn two-way handshake. Sau khi to lin kt node u xa s gi

usename v password lp i lp li cho n khi nhn c thng bo chp nhn hoc t chi.
Password trong PAP c gi i dng clear text (khng m ha).
CHAP l dng xc nhn three-way handshake. Sau khi to lin kt, router s gi thng
ip challenge cho router u xa. Router u xa s gi li mt gi tr c tnh ton da trn
password v thng ip challenge cho router. Khi nhn c gi tr ny, router s kim tra li
xem c ging vi gi tr ca n tnh hay khng. Nu ng, th router xem gi xc nhn ng
v kt ni c thit lp; ngc li, kt ni s b ngt ngay lp tc.
II.

Cc cu lnh s dng trong bi lab :

username name password password
Cu hnh tn v password cho CHAP v PAP. Tn v password ny phi ging vi router
u xa.

encapsulation ppp
Cu hnh cho interface s dng giao thc PPP

265

III.

ppp authentication (chap chap pap pap chap pap)

Cu hnh cho interface s dng PAP, CHAP, hoc c hai. Trong trng hp c hai c
s dng, giao thc u tin c s dng trong qu trnh xc nhn; nu nh giao thc
u b t chi hoc router u xa yu cu dng giao thc th hai th giao thc th hai
c dng.

ppp pap sent-username username password password

Cu hnh username v password cho PAP

debug ppp authentication

Xem trnh t xc nhn ca PAP v CHAP

M t bi lab v hnh :

- hnh bi lab nh hnh v . Hai router c t tn l TTG, TTG2 v c ni vi nhau

bng cp serial. a ch IP ca cc interface nh hnh trn.
- Yu cu bi Lab :
+ Thay i chun ng gi ca 2 router sang PPP
+ Trin khai chng thc trong PPP bng PAP
+ Trin khai chng thc trong PPP bng CHAP
IV.

Cu hnh router :
a) Bc 1 : t tn v a ch cho cc interface
Router TTG1 :
Router>enable
Router#configure terminal
Router(config)#hostname TTG1
TTG1(configure)#interface s0/1/0
TTG1(configure-if)#ip address 192.168.1.1 255.255.255.0
TTG1(configure-if)#clockrate 64000
TTG1(configure-if)#exit
Router TTG2 :
Router>enable

266

Router#configure terminal
Router(config)#hostname TTG2
TTG2(configure)#interface s0/1/0
TTG2(configure-if)#ip address 192.168.1.2 255.255.255.0
TTG2(configure-if)#clockrate 64000
TTG2(configure-if)#exit
- Chng ta s kim tra trng thi ca cc cng bng cu lnh show ip interface brief
TTG2#sh ip interface brief
Interface

IP-Address

OK? Method Status

Protocol

Fastethernet0/0

unassigned

YES unset administratively down down

Serial0/1/0

192.168.1.2

YES manual up

Serial0/1/1

unassigned

YES unset administratively down down

up

- Cng serial ca router TTG2 up. Lm tng t kim tra trng thi cc cng ca router
TTG1.
- Chng ta s dng cu lnh show interfaces serial bit c cc thng s ca interface serial
cc router
TTG2#sh interfaces serial 0/1/0
Serial0/1/0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:02, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair

267

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
15 packets input, 846 bytes, 0 no buffer
Received 15 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
19 packets output, 1708 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
TTG1#show interface s0/1/0
Serial0/1/0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:11:35
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo

268

Output queue :0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
21 packets input, 2010 bytes, 0 no buffer
Received 21 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
23 packets output, 1280 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 output buffer failures, 0 output buffers swapped out
7 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
- C hai cng serial ca hai router u s dng giao thc ng gi l HDLC v trng thi ca c
hai u l up
b) Bc 2 : Cu hnh PPP PAP, CHAP
Cu hnh PPP PAP
ng router TTG1, chng ta s cu hnh PPP cho interface serial 0 bng cu lnh
encapsulation ppp
TTG1(config)#interface s0/1/0
TTG1(config-if)#encapsulation ppp
- Kim tra trng thi interface serial0/1/0 ca router TTG1
TTG1#show ip interface brief
Interface

IP-Address

OK? Method

Status

FastEthernet0/0

unassigned

YES unset

administratively down down

Serial0/1/0

192.168.1.1

YES manual

up

Serial0/1/1

unassigned

YES unset

administratively down down

TTG1#show interface s0/1/0

269

Protocol

down

Serial0/1/0 is up, line protocol is down

Hardware is HD64570
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
LCP REQsent
Closed: IPCP, CDPCP
Last input 00:00:08, output 00:00:01, output hang never
Last clearing of "show interface" counters 00:00:15
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1 packets input, 22 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
7 packets output, 98 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

270

- Nhn xt : interface serial0/1/0 ca router TTG1 b down, ng ngha vi interface serial

0/1/0 ca router TTG2 cng b down. Nguyn nhn l hai interface ny s dng giao thc ng
gi khc nhau. (Interface serial 0 ca router TTG1 s dng PPP cn TTG2 s dng HDLC).
V vy chng ta phi cu hnh cho interface serial 0 ca router TTG2 cng s dng giao thc
PPP.
TTG2(config)#interface s0/1/0
TTG2(config-if)#encapsulation ppp
- By gi chng ta s kim tra trng thi ca cc interface
TTG2# interface s0/1/0
Serial0/1/0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input 00:00:01, output 00:00:01, output hang never
Last clearing of "show interface" counters 00:00:18
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec

271

15 packets input, 1004 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
13 packets output, 976 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
- C hai interface ca hai router up tr li. Do c hai c cu hnh s dng cng giao thc
ng gi l PPP.
- Trc khi cu hnh PAP cho hai interface chng ta s dng cu lnh debug ppp
authentication xem trnh t trao i thng tin ca PAP.
TTG2#debug ppp authentication
PPP authentication debugging is on
Chng ta s cu hnh PAP cho c hai interface serial 0 nh sau :
TTG1(config)#username TTG2 password cisco
TTG1(config)#interface s0/1/0
TTG1(config-if)#ppp authentication pap
TTG1(config-if)#ppp pap sent-username TTG1 password cisco

TTG2(config)#username TTG1 password cisco

TTG2(config)# interface s0/1/0
TTG2(config-if)#ppp authentication pap
TTG2(config-if)#ppp pap sent-username TTG2 password cisco
Lu :
- Trong cu lnh username name password password , name phi trng vi router u
xa v ngc li cn password th phi ging nhau

272

- Cn trong cu lnh ppp pap sent-username name password password , name v

password l ca chnh router chng ta cu hnh
- Sau khi chng ta cu hnh PAP xong trn route TTG2, th mn hnh s xut hin trnh t
ca PAP
00:09:49: Se0 PPP: Phase is AUTHENTICATING, by both
00:09:49: Se0 PAP: O AUTH-REQ id 1 len 18 from "TTG2"
00:09:49: Se0 PAP: I AUTH-REQ id 1 len 18 from "TTG1"
00:09:49: Se0 PAP: Authenticating peer TTG1
00:09:49: Se0 PAP: O AUTH-ACK id 1 len 5
00:09:49: Se0 PAP: I AUTH-ACK id 1 len 5
00:09:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed
state to up
ngha ca cc thng bo :
Dng thng bo 1 : PPP thc hin xc nhn hai chiu
Dng thng bo 2 : TTG2 gi yu cu xc nhn
Dng thng bo 3 : Nhn yu cu xc nhn t TTG1
Dng thng bo 4 : Nhn xc nhn ca TTG1
Dng thng bo 5 : Gi xc nhn ng n TTG1
Dng thng bo 6 : Nhn xc nhn ng t TTG1
Dng thng bo 7 : Trng thi ca interface c chuyn sang UP
- Nh vy hai interface ca router TTG1 v TTG2 up. Chng ta ng router TTG2 ping
interface serial 0/1/0 ca router TTG1 kim tra.
TTG2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms

273

Cu hnh PPP CHAP

Trc khi cu hnh PPP CHAP cho hai interface chng ta g b PAP c hai router
TTG1(config)#interface s0/1/0
TTG1(config-if)#no ppp authentication pap
TTG1(config-if)#no ppp pap sent-username TTG1 password cisco
TTG2(config)#interface s0/1/0
TTG2(config-if)#no ppp authentication pap
TTG2(config-if)#no ppp pap sent-username TTG2 password cisco

- By gi chng ta s cu hnh CHAP bng cu lnh ppp authentication chap

TTG1(config)# interface s0/1/0
TTG1(config-if)#ppp authentication chap
TTG2(config)# interface s0/1/0
TTG2(config-if)#ppp authentication chap
Lu : khi cu hnh PPP CHAP chng ta vn phi cu hnh cho interface serial s dng giao
thc ng gi PPP bng cu lnh encapsulation ppp v cng phi s dng cu lnh username
name password password cu hnh name v password cho giao thc CHAP thc hin xc
nhn. y, chng ta khng thc hin li cc cu lnh v bc cu hnh PAP chng ta
thc hin ri.
Do chng ta s dng cu lnh debug ppp authentication router TTG2, nn khi cu hnh
CHAP xong hai router th mn hnh s hin thng bo nh sau : (console c ni vi router
TTG2)
00:15:08: Se0 CHAP: O CHALLENGE id 1 len 28 from "TTG2"
00:15:08: Se0 CHAP: I CHALLENGE id 2 len 28 from "TTG1"
00:15:08: Se0 CHAP: O RESPONSE id 2 len 28 from "TTG2"
00:15:08: Se0 CHAP: I RESPONSE id 1 len 28 from "TTG1"
00:15:08: Se0 CHAP: O SUCCESS id 1 len 4
00:15:08: Se0 CHAP: I SUCCESS id 2 len 4
00:15:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

274

- ngha ca cc cu thng bo :
Dng thng bo 1 : TTG2 gi thng bo challenge n router TTG1
Dng thng bo 2 : TTG2 nhn thng bo challenge t router TTG1
Dng thng bo 3 : TTG2 gi response n router TTG1
Dng thng bo 4 : TTG2 nhn response t router TTG1
Dng thng bo 5 : TTG2 gi xc nhn thnh cng n TTG1
Dng thng bo 6 : TTG2 nhn xc nhn thnh cng t TTG1
Dng thng bo 7 : Trng thi ca interface serial c chuyn sang UP
- Hai interface serial ca router TTG1 v TTG2 UP, chng ta ng router TTG2 ping n
interface serial 0/1/0 ca router TTG1 kim tra
TTG2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 14.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/60 ms
- Nu nh name v password trong cu lnh username name password password khng ng th
trng thi ca interface s b down. Do qu trnh xc nhn gia hai interface s s dng name v
password ny. Nu nh khng khp th kt ni s b hy
Mt s lnh lin quan n bi lab :
1. Cu hnh PPP PAP v CHAP
Router(config)#interface serial

Chuyn cu hnh vo ch Interface

0/0/0

s0/0/0.

Router(config-if)#encapsulation ppp

Thay i giao thc ng gi d liu t mc

nh l HDLC thnh PPP.

Router(config)#username routerb

Cu hnh tn v password cho CHAP v PAP.

Tn phi trng vi hostname router u xa v
password ny phi ging nhau

password cisco

275

Router(config-if)#ppp

Bt phng php xc thc Password

authentication pap

Authenticaiton Protocol (PAP) duy nht

Router(config-if)#ppp

Bt phng php xc thc Challenge

authentication chap

Handshake Authentication Protocol

(CHAP) duy nht.

Router(config-if)#ppp

Cho php ng lin kt serial s s

authentication pap chap

dng PAP xc thc, nhng CHAP s

c s dng nu PAP b li hoc khng
xc thc thnh cng.

Router(config-if)#ppp authentication chap

pap

Cho php ng lin kt serial s s dng

CHAP xc thc, nhng PAP s
c s dng nu PAP b li hoc khng
xc thc thnh cng.

2. Kim tra cu hnh PAP v CHAP

Router#debug ppp authentication

Hin th cc gi tin c lin quan n qu trnh

xc thc ca lin kt PPP.

Router#debug ppp

Hin th cc lu lng c lin quan n

giao thc PPP

276

PPP Review Lab

277

CU HNH FRAME RELAY CN BN

I.

Gii thiu :
Frame Relay l k thut m rng ca k thut ISDN. Frame relay s dng k thut
chuyn mch gi thit lp mt mng WAN. Frame Relay to ra nhng ng kt ni o
ni cc mng LAN li vi nhau to thnh mt mng WAN. Mng Frame Relay s dng cc
switch kt ni cc mng li vi nhau. K thut Frame Relay c s dng rng ri ngy nay,
do c gi thnh r hn rt nhiu so vi leased line.

Frame Relay hot ng lp Data link trong OSI v s dng giao thc LAPF (Link
Access Procedure for Frame Relay). Frame Relay s dng cc frame chuyn d liu qua li
gia cc thit b u cui ca user (DTE) thng qua cc thit b DCE ca mng Frame Relay.
ng kt ni gia hai DTE thng qua mng Frame Relay c gi l mt mch o (VC
: Virtual Circuit). Cc VC c thit lp bng cch gi cc thng ip bo hiu (signaling
message) n mng; c gi l switched virtual circuits (SVCs). Nhng ngy nay, ngi ta
thng s dng permanent virtual circuits (PVCs) to kt ni. PVC l cc ng kt ni c
cu hnh trc bi cc Frame Relay Switch v cc thng tin chuyn mch ca gi c lu trong
switch.
Trong Frame Relay, nu mt frame b li th s b hy ngay m khng c mt thng bo
no.
Cc router ni vi mng Frame Relay c th c nhiu ng kt ni o n nhiu mng
khc nhau. Do , Frame Relay gip chng ta tit kim rt nhiu v khng cn cc mng phi
lin kt trc tip vi nhau.
Cc ng kt ni o (VC) c cc DLCI (Data Link Channel Identifier) ca ring n.
DLCI c cha trong cc frame khi n c chuyn i trong mng Frame Relay.
Trong Frame Relay, ngi ta thng s dng mng hnh sao kt ni cc mng LAN
vi nhau hnh thnh mt mng WAN (c gi l hub and spoke topology)

278

trong hnh ny, mng trung tm c gi l hub, cc mng remote1, remote2, remote3,
remote4 v remote5 c gi l spoke. Mi spoke ni vi hub bng mt ng kt ni o (VC).
Trong hnh trn nu ta mun cc spoke c th lin lc c vi nhau th ch cn to ra cc VC
gia cc spoke vi nhau. hnh ny gip ta to ra mt mng WAN c gi thnh r hn rt
nhiu so vi s dng leased line, do cc mng ch cn mt ng ni vi mng Frame Relay.
Frame Relay s dng split horizon chng lp. Split horizon khng cho php routing
update tr ngc v interface gi. V trong frame relay, chng ta c th to nhiu ng PVC
trn mt interface vt l, do s b lp nu khng c split horizon.
Trong mng WAN s dng leased line, cc DTE c ni trc tip vi nhau nhng trong mng
s dng Frame Relay, cc DTE c ni vi nhau thng qua mt mng Frame Relay gm nhiu
Switch. Do chng ta phi map a ch lp mng Frame Relay vi a ch IP ca DTE u xa.
Chng ta c th map bng cch s dng cc cu lnh. Nhng vic ny c th c thc hin t
ng bng LMI v Inverse ARP. LMI (Local Management Interface) c trao i gia DTE v
DCE (Frame Relay switch), c dng kim tra hot ng v thng bo tnh trng ca VC,
iu khin lung, v cung cp s DLCI cho DTE. LMI c nhiu loi l : cisco (chun ring ca
Cisco), ansi (theo chun ANSI Annex D) v q933a (theo chun ITU q933 Annex A). Khi router
mi c ni vi mng Frame Relay, router s gi LMI n mng hi tnh trng. Sau
mng s gi li router mt thng ip LMI vi cc thng s ca ng VC c cu hnh.
Khi router mun map mt VC vi a ch lp mng, router s gi thng ip Inverse ARP bao
gm a ch lp mng (IP) ca router trn ng VC n vi DTE u xa. DTE u xa s gi
li mt Inverse ARP bao gm a ch lp mng ca n, t router map a ch ny vi s DLCI
ca VC.
II.

Cc cu lnh s dng trong bi lab :

encapsulation framerelay [cisco | ietf]
Cu hnh giao thc ng gi Frame Relay cho interface. Router h tr hai loi ng gi
Frame Relay l Cisco v ietf.

279

III.

framerelay intftype [dce | dte | nni]

Cu hnh cho loi Frame Relay switch cho interface. S dng cho router ng vai tr l
mt frame relay switch.

framerelay lmitype {ansi | cisco | q933a}

Cu hnh loi LMI s dng cho router

framerelay route indlci outinterface outdlci

To PVC gia cc interface trn router ng vai tr l mt frame relay switch

framerelay switching
Cu hnh cho router hot ng nh mt frame relay switch

show framerelay pvc [type number [dlci]]

Xem thng s ca cc ng PVC c cu hnh trm router

show framerelay route

Xem tnh trng cng nh thng s c cu hnh cho cc ng PVC. Cu lnh ny
c s dng cho router ng vai tr l frame relay switch

show framerelay map

Xem cc thng s v map gia DLCI u gn vi IP u xa

show framerelay lmi [type number]

Xem cc thng s ca LMI gia router vi Frame relay switch.

M t bi lab v hnh :

hnh bi lab nh hnh trn. Router FrameSwitch c cu hnh l mt frame relay

switch. Hai u cp serial ni vi router FrameSwitch l DCE.
Router TTG1 v TTG2 s dng giao thc RIP.
IV.

Cu hnh router :
- Chng ta cu hnh cho cc interface ca router TTG1 v TTG2 nh sau :

280

Router TTG1 :
Router>enable
Router#configure terminal
Router(config)#hostname TTG1
TTG1(config)#interface Loopback0
TTG1(config-if)#ip address 10.1.0.1 255.255.255.0
TTG1(config-if)#interface Serial0/1/0
TTG1(config-if)# ip address 192.168.1.1 255.255.255.0
TTG1(config-if)#no shutdown
TTG1(config-if)#exit
TTG1(config)#router rip
TTG1(config-router)#network 10.0.0.0
TTG1(config-router)# network 192.168.1.0

Router TTG2 :
Router>enable
Router#configure terminal
Router(config)#hostname TTG2
TTG2(config)#interface Loopback0
TTG2(config-if)#ip address 11.1.0.1 255.255.255.0
TTG2(config-if)#interface Serial0/1/0
TTG2(config-if)# ip address 192.168.1.2 255.255.255.0
TTG2(config-if)#no shutdown
TTG2(config-if)#exit
TTG2(config)#router rip

281

TTG2(config-router)#network 11.0.0.0
TTG2(config-router)# network 192.168.1.0
- Chng ta tin hnh cu hnh frame realy cho hai router TTG1 v TTG2
TTG1(config)#interfae s0/1/0

S dng giao thc ng gi

TTG1(config-if)#encapsulation frame-relay

Frame Relay cho interface S0/1/0

TTG1(config-if)#frame-relay lmi-type ansi

Cu hnh kiu ca LMI l ANSI

TTG2(config)#interface s0/1/0
TTG2(config-if)#encapsulation frame-relay
TTG2(config-if)#frame-relay lmi-type ansi
- Sau khi cu hnh frame relay cho router TTG1 v TTG2, chng ta s cu hnh cho router
FrameSwitch tr thnh mt frame relay switch nh sau :
FrameSwitch(config)#frame-relay switching

Cu hnh cho router tr thnh

mt Frame Relay Switch

FrameSwitch(config)#interface s0/1/0
FrameSwitch(config-if)#encapsulation frame-relay
FrameSwitch(config-if)#frame-relay lmi-type ansi
FrameSwitch(config-if)#frame-relay intf-type dce Cu hnh interface serial 0
l Frame Relay DCE
FrameSwitch(config-if)#clock rate 64000

Cung cp xung clock 64000 bps

FrameSwitch(config-if)#frame-relay route 102 interface s0/1/1 201

FrameSwitch(config-if)#no shutdown
FrameSwitch(config)#in s0/1/1
FrameSwitch(config-if)#encapsulation frame-relay
FrameSwitch(config-if)#frame-relay lmi-type ansi
FrameSwitch(config-if)#frame-relay intf-type dce

282

FrameSwitch(config-if)#clock rate 64000

FrameSwitch(config-if)#frame-relay route 201 interface s0/1/0 102
FrameSwitch(config-if)#no shutdown
- Cu lnh frame-relay route 102 interface s0/1/1 201 c ngha : bt k mt frame relay traffic
no c DLCI l 102 n interface serial0/1/0 ca router s c gi ra interface serial0/1/1 vi
DLCI l 201. Tng t cho cu lnh frame-relay route 201 interface s0/1/0 102 : bt k frame
relay traffic no c DCLI l 201 n interface serial0/1/1 s c gi ra serial0/1/0 vi DLCI l
102. Hai cu lnh trn c s dng to ra mt PVC gia S0/1/0 v S0/1/1.
- kim tra xem router FrameSwitch c hot ng nh mt frame relay switch hay cha chng
ta s dng cu lnh show frame-relay pvc
FrameSwitch#show frame-relay pvc
PVC Statistics for interface Serial0/1/0 (Frame Relay DCE)
Active

Inactive

Deleted

Static

Local

Switched

Unused

DLCI=102, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE =

Serial0/0/0
input pkts 3

output pkts 3

out bytes 166

in bytes 186

dropped pkts 1

in BECN pkts 0
in DE pkts 0

in FECN pkts 0

out FECN pkts 0

out BECN pkts 0

out DE pkts 0

out bcast pkts 0

out bcast bytes 0

Num Pkts Switched 3

pvc create time 00:01:04, last time pvc status changed 00:00:40
PVC Statistics for interface Serial1 (Frame Relay DCE)
Active

Inactive

Deleted

Static

Local

Switched

283

Unused

DLCI = 201, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE =

Serial0/1/1
input pkts 4
out bytes 186
in BECN pkts 0
in DE pkts 0
out bcast pkts 0

output pkts 3

in bytes 200

dropped pkts 0

in FECN pkts 0

out FECN pkts 0

out BECN pkts 0

out DE pkts 0
out bcast bytes 0

Num Pkts Switched 3

pvc create time 00:00:45, last time pvc status changed 00:00:43
DLCI USAGE ch cho ta bit hai interface S0/1/0, S0/1/1 hot ng ch frame relay
switch v ACTIVE. ng thi thng bo ca cu lnh cn cho ta bit c s gi
c chuyn mch qua interface (Num Pkts Switched 3).
- Nh vy, t kt qu trn ta bit c rng router FrameSwitch ang hot ng nh mt Frame
Relay Switch.
- Chng ta s kim tra tnh trng ca LMI gia router FrameSwitch v hai router TTG1, TTG2
bng cu lnh show frame lmi
FrameSwitch#show frame lmi
LMI Statistics for interface Serial0/1/0 (Frame Relay DCE) LMI TYPE = ANSI
Invalid Unnumbered info 0

Invalid Prot Disc 0

Invalid dummy Call Ref 0

Invalid Msg Type 0

Invalid Status Message 0

Invalid Lock Shift 0

Invalid Information ID 0

Invalid Report IE Len 0

Invalid Report Request 0

Invalid Keep IE Len 0

Num Status Enq. Rcvd 20

Num Status msgs Sent 20

Num Update Status Sent 0

Num St Enq. Timeouts 0

LMI Statistics for interface Serial0/1/1 (Frame Relay DCE) LMI TYPE = ANSI
Invalid Unnumbered info 0

Invalid Prot Disc 0

284

Invalid dummy Call Ref 0

Invalid Msg Type 0

Invalid Status Message 0

Invalid Lock Shift 0

Invalid Information ID 0

Invalid Report IE Len 0

Invalid Report Request 0

Invalid Keep IE Len 0

Num Status Enq. Rcvd 16

Num Status msgs Sent 16

Num Update Status Sent 0

Num St Enq. Timeouts 0

- Cu lnh cho ta bit c thng tin ca tt c cc interface ca router hot ng ch

Frame relay. ( y l interface S0/1/0v S0/1/1)
- By gi chng ta s kim tra cc frame relay route trn router Frameswitch bng cu lnh show
frame route
FrameSwitch#sh frame-relay route
Input Intf

Input Dlci

Output Intf

Output Dlci

Status

Serial0/1/0

102

Serial0/1/1

201

active

Serial0/1/1

201

Serial0/1/0

102

active

- Kt qu cu lnh cho chng ta bit rng traffic n interface serial0/1/0 vi DLCI 102s
c chuyn mch qua serial0/1/1 vi DLCI 201; ngc li, traffic n serial0/1/1 vi
DLCI 201 s c chuyn mch qua serial0/1/0 vi DLCI 102. ng thi cu lnh cng
ch ra l c hai DLCI u hot ng.
- Chuyn sang router TTG1, chng ta s kim tra xem DLCI 102 trn interface serial0/0/0
c hot ng hay cha bng cch :
TTG1#sh frame-relay pvc
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
Active

Inactive

Deleted

Static

Local

Switched

Unused

DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 8

output pkts 7

in bytes 646

285

out bytes 570

dropped pkts 0

in BECN pkts 0
in DE pkts 0

in FECN pkts 0

out FECN pkts 0

out BECN pkts 0

out DE pkts 0

out bcast pkts 7

out bcast bytes 570

pvc create time 00:02:58, last time pvc status changed 00:02:38
- Nhn xt : Interface serial0/0/0 ca router TTG1 hot ng nh mt frame relay DTE, v
DLCI 102 hot ng.
- Mc nh Cisco s dng Inverse ARP map a ch IP u xa ca PVC vi DLCI ca
interface u gn. Do chng ta khng cn phi thc hin thm bc ny. kim tra vic ny
chng ta s dng cu lnh show frame-relay map
TTG1#sh frame-relay map
Serial0/1/0 (up): ip 192.168.1.2 dlci 102(0xC9,0x3090), dynamic,
broadcast, status defined, active
- Kt qu cu lnh cho ta bit, DLCI 102 hot ng trn interface serial0/0/0 v c map vi
a ch IP 102.168.1.2 ca router TTG2, v vic map ny l t ng.
- Lp li cc bc tng t kim tra cho router TTG2
TTG2#sh frame-relay pvc
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
Active

Inactive

Deleted

Static

Local

Switched

Unused

DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 10

output pkts 11

out bytes 934

dropped pkts 0

in BECN pkts 0

in bytes 858
in FECN pkts 0

out FECN pkts 0

286

out BECN pkts 0

in DE pkts 0
out bcast pkts 11

out DE pkts 0
out bcast bytes 934

pvc create time 00:04:05, last time pvc status changed 00:04:05

TTG2#show frame-relay map

Serial0/0/0 (up): ip 192.168.1.1 dlci 201(0xC9,0x3090), dynamic,
broadcast,, status defined, active
- Nhn xt : DLCI 201 hot ng trn interface serial0/0/0 ca TTG2 v c map vi a ch IP
192.168.1.1
- By gi chng ta s kim tra cc mng c th lin lc c vi nhau cha bng cch ln lt
ng hai router v ping n cc interface loopback ca router u xa.
TTG1#ping 11.1.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms
TTG2#ping 10.1.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/64 ms
- Nh vy, cc mng c th lin lc c vi nhau. V router FrameSwitch th c hin tt
chc nng frame relay switch.
Mt s lnh lin quan n bi lab :
1. Cu hnh giao thc ng gi ca Frame Relay

287

Router(config)#interface serial

Chuyn cu hnh vo ch interface

0/0/0

s0/0/0.

Router(config-if)#encapsulation

Cho php s dng Frame Relay ng

frame-relay

gi d liu vi giao thc ng gi mc nh

ca cisco.

Router(config-if)#encapsulation

Cho php s dng Frame Relay ng

frame-relay ietf

gi d liu vi giao thc ng gi l ietf

(RFC 1490). S dng giao thc ng gi
IETF trong trng hp kt ni n mt router
khng phi l ca Cisco

Router(config-if)#frame-relay

Ph thuc vo ty chn m bn la chn

lmitype {ansi | cisco | q933a}

cu hnh, cu lnh c s dng cu

hnh loi LMI l chun ANSI, chun Cisco,
hoc chun ITU-T Q.933 Annex A.

Router(config-if)#framerelay intftype [dce

| dte | nni]

Cu hnh cho loi Frame Relay switch cho

interface. S dng cho router ng vai tr l
mt frame relay switch.

Router(config-if)#framerelay route indlci

outinterface outdlci

To PVC gia cc interface trn router ng

vai tr l mt frame relay switch

Router(config)# framerelay switching

Cu hnh cho router hot ng nh mt frame

relay switch

2. Kim tra cu hnh Frame Relay

Router#show frame-relay map

Xem cc thng s v map gia DLCI u gn

vi IP u xa

Router#show framerelay lmi [type number]

Xem cc thng s ca LMI gia router vi

Frame relay switch.

288

CU HNH FRAME RELAY NNG CAO

I.

Gii thiu :
- Fame relay hu nh rt ph bin trong cng ngh WAN .Frame Relay cung cp nhiu hn
cc c tnh v cc li nhun vic kt ni point -to- point WAN .

- Trong mi trng Frame Relay hot ng m bo vic kt ni lm vic th 2 u thit

b bn ngoi Frane Relay phi l Data Terminal Equipment (DTE) v mi trng Frame relay
switch bn trong phi l Data Communication Equipmet (DCE) . Subinterface hot ng ging
nh lease lines mi point-to-point subinterface i hi phi c cc subnet ring bit Trong bi
thc hnh ta s dng m hnh Hub v Spoke. Trong Router TTG l HUB v cc Spoke l
router TTG v TTG2.
II.

III.

M t bi lab v hnh :

Cu hnh :

289

FR-SWITCHING :
Router>enable
Router#configure terminal
Router(config)#hostname FRSwitch
FRSwitch(config)#interface s0/1/0
FRSwitch(config-if)# encapsulation frame-relay
FRSwitch(config-if)# clockrate 64000
FRSwitch(config-if)#frame-relay intf-type dce
FRSwitch(config-if)# frame-relay route 102 interface Serial0/1/1 201 thc hin route cho cc
PVC, lnh ny khi thy DLCI n S0/1/0 l 102 s y frame ny ra S0/1/1 v i thnh DLCI
201
FRSwitch(config-if)# frame-relay route 103 interface Serial0/2/0 301
FRSwitch(config-if)#exit
FRSwitch(config)#interface s0/1/1
FRSwitch(config-if)#encapsulation frame-relay
FRSwitch(config-if)# clockrate 64000
FRSwitch(config-if)#frame-relay intf-type dce
FRSwitch(config-if)# frame-relay route 201 interface Serial0/1/0 102
FRSwitch(config-if)#exit
FRSwitch(config)#interface s0/2/0
FRSwitch(config-if)#encapsulation frame-relay
FRSwitch(config-if)# clockrate 64000
FRSwitch(config-if)#frame-relay intf-type dce
FRSwitch(config-if)# frame-relay route 301 interface Serial0/1/0 103
Router TTG1:
Router>enable
Router#configure terminal
Router(config)#hostname TTG1
TTG1(config)#interface loopback 0

290

TTG1(config-if)#ip address 192.168.1.1 255.255.255.0

TTG1(config-if)#exit
TTG1(config)#interface s0/1/0
TTG1(config-if)#encapsulation frame-relay
TTG1(config-if)#no shutdown
TTG1(config-if)#exit
TTG1(config)#interface Serial0/1/0.102 point-to-point
TTG1(config-if)# ip address 192.168.4.1 255.255.255.0
TTG1(config-if)# frame-relay interface-dlci 102
TTG1(config-if)#exit
TTG1(config)#interface Serial0/1/0.103 point-to-point
TTG1(config-if)# ip address 192.168.5.1 255.255.255.0
TTG1(config-if)#frame-relay interface-dlci 103
TTG1(config-if)#exit
TTG1(config)#router eigrp 100
TTG1(config-router)# network 192.168.1.0
TTG1(config-router)# network 192.168.4.0
TTG1(config-router)# network 192.168.5.0
Router TTG2 :
Router>enable
Router#configure terminal
Router(config)#hostname TTG2
TTG2(config)#interface loopback 0
TTG2(config-if)#interface Loopback0
TTG2(config-if)# ip address 192.168.2.1 255.255.255.0
TTG2(config-if)#exit
TTG2(config)#interface Serial0/1/0
TTG2(config-if)#encapsulation frame-relay

291

TTG2(config-if)#exit
TTG2(config)#interface Serial0/1/0.201 point-to-point
TTG2(config-if)# ip address 192.168.4.2 255.255.255.0
TTG2(config-if)# frame-relay interface-dlci 201
TTG2(config-if)#exit
TTG2(config)#router eigrp 100
TTG2(config-router)# network 192.168.2.0
TTG2(config-router)# network 192.168.4.0
TTG2(config-router)#exit
Router TTG3 :
Router>enable
Router#configure terminal
Router(config)#hostname TTG3
TTG3(config)#interface loopback 0
TTG3(config-if)#ip address 192.168.3.1 255.255.255.0
TTG3(config-if)#exit
TTG3(config)#interface s0/1/0
TTG3(config-if)#encapsulation frame-relay
TTG3(config-if)#no shutdown
TTG3(config-if)#exit
TTG3(config)#interface Serial0/1/0.301 point-to-point
TTG3(config-if)# ip address 192.168.5.2 255.255.255.0
TTG3(config-if)# frame-relay interface-dlci 301
TTG3(config-if)#exit
TTG3(config)#router eigrp 100

TTG3(config-router)# network 192.168.3.0

292

TTG3(config-router)# network 192.168.5.0

TTG3(config-router)#exit
- Chng kim tra route map ca cc router bng cu lnh sau :
TTG1#show frame-relay map
Serial0/1/0.103 (up): point-to-point dlci, dlci 103(0x35,0xC50), broadcast
status defined, active
Serial0/1/0.102 (up): point-to-point dlci, dlci 102(0x34,0xC40), broadcast
status defined, active
- S dng cu lnh show frame-relay pvc kim tra cc ng PVC
TTG2#sh frame-relay pvc
PVC Statistics for interface Serial0/1/0 (Frame Relay DTE)
DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
Serial0/1/0
input pkts 8

output pkts 14

in bytes 1448

out bytes 2572

dropped pkts 0

in FECN pkts 0

in BECN pkts 0

out FECN pkts 0

in DE pkts 0

out DE pkts 0

out bcast pkts 14

out bcast bytes 2572

out BECN pkts 0

pvc create time 00:17:21, last time pvc status changed 00:04:16
- Chng ta s dng cu lnh sau xem thng tin v LMI
TTG1#sh frame-relay lmi
LMI Statistics for interface Serial0/1/0 (Frame Relay DTE) LMI TYPE = ANSI
Invalid Unnumbered info 0

Invalid Prot Disc 0

Invalid dummy Call Ref 0

Invalid Msg Type 0

Invalid Status Message 0

Invalid Lock Shift 0

Invalid Information ID 0

Invalid Report IE Len 0

293

Invalid Report Request 0

Invalid Keep IE Len 0

Num Status Enq. Sent 74

Num Status msgs Rcvd 37

Num Update Status Rcvd 0

Num Status Timeouts 37

FRSwitch#show frame-relay pvc

PVC Statistics for interface Serial0/1/0 (Frame Relay DCE)
DLCI = 102, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE =
Serial0/1/0
input pkts 16

output pkts 17

in bytes 1590

out bytes 1621

dropped pkts 0

in FECN pkts 0

in BECN pkts 0

out FECN pkts 0

out BECN pkts 0

in DE pkts 0

out DE pkts 0

out bcast pkts 0

out bcast bytes 0

Num Pkts Switched 16

pvc create time 00:06:22, last time pvc status changed 00:07:02
DLCI = 103, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE =
Serial0/1/0
input pkts17

output pkts 16

in bytes 1620

out bytes 1590

dropped pkts 0

in FECN pkts 0

in BECN pkts 0

out FECN pkts 0

out BECN pkts 0

in DE pkts 0
out bcast pkts 0

out DE pkts 0
out bcast bytes 0

Num Pkts Switched 17

pvc create time 00:06:13, last time pvc status changed 00:09:19
PVC Statistics for interface Serial0/1/1 (Frame Relay DCE)
DLCI = 201, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE =
Serial0/1/1
- i vi lnh show frame pvc ta cn ch cc ch sau ca PVC status :
ACTIVE : C 2 u ca Frame relay PVC trng thi hot ng

294

INACTIVE : u Frame relay ca u bn kia ca router ang c vn v cu hnh, nhng ti

u Frame Relay hin ti router hot ng tt.
DELETED : Vn xy ra vi Router hin ti. LMI cha hot ng.
- By gi chng ta s kim tra trng thi ca cc cng:
TTG2#show ip interface brief
Interface

IP-Address

OK? Method Status

Protocol

Loopback0

192.168.2.1

YES manual up

up

Serial0/1/0

unassigned

YES unset up

up

Serial0/1/0.201

192.168.4.2

YES manual up

up

Serial0/1/1

unassigned

YES unset administratively down

down

TTG2#show frame-relay map

Serial0/1/0.201 (up): point-to-point dlci, dlci 201(0x33,0xC30), broadcast
status defined, active
- Chng ta kim tra li bng nh tuyn ca cc router:
TTG2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - IGRP, EX - IGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.4.0/24 is directly connected, Serial0/1/0.201
D 192.168.5.0/24 [90/10476] via 192.168.4.1, 00:00:25, Serial0/1/0.201
D 192.168.1.0/24 [90/8976] via 192.168.4.1, 00:00:25, Serial0/1/0.201

295

C 192.168.2.0/24 is directly connected, Loopback0

D 192.168.3.0/24 [90/10976] via 192.168.4.1, 00:00:25, Serial0/1/0.201
TTG2#ping 192.168.4.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/118/128 ms
TTG2#ping 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/80 ms
TTG3#ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms
- TTG2#ping 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/120 ms
- Nh vy ta hon thnh vic nh tuyn trn mng Frame Relay
Mt s lnh lin quan n bi lab :
Router (config)#interface Serial0/1/0.102

To mt subinterface point-to-point c

296

point-to-point

ch s l 103

Router (config-if)# ip address 192.168.4.2

255.255.255.0

Gn a ch IP v subnet mask cho

subinterface.

Router (config-if)# frame-relay interface-dlci

102

Gn mt gi tr DLCI cho subinterface ny

297

298