CU HNH C BN

CHO ROUTER

Yu cu - Kt ni cp console (rolled-over) vi router v bt cng tt ngun cho router - Dng Hyper Terminal kt ni vi router - ng nhp vo cc mode ca router - Xo cu hnh hin c ca router - t cc loi mt khu truy cp - M ha mt khu v t mt khu secret - Cu hnh c bn cho router Hng dn

Cng vic 1 : Kt ni cp console v bt cng tt ngun cho router. Cng vic 2 : Dng Hyper Terminal kt ni vi router. Trong GNS3, cc nhp phi Router chn Console :D Cng vic 3 : ng nhp vo cc mode ca router.

Sau khi khi ng router ta s nhn c thng bo nh sau :

--- System Configuration Dialog --Continue with configuration dialog? [yes/no]:

C ngha l : bn c mun cu hnh router theo cc cu hi hng dn hay khng ? ch ny chng ta chn no bng cch g phm n sau enter

Continue with configuration dialog? [yes/no]: n Press RETURN to get started! Router> - Tip theo chng ta s vo c user mode : Router> User mode l mode c quyn hn s dng thp nht ta ch c th thc hin mt s lnh c bn, ng mode ny ta khng th cu hnh cng nh xem c cu hnh hin c ca router - T user mode mun vo privilege mode : Router# ta g enable Router>enable Router#

- T Privilege mode mun vo config mode : Router(config)# ta g configure terminal hay c th g tt l conf t Router#configure terminal Router(config)#

- T config mode mun tr v privilege mode c 3 cch : Router(config)#exit Router# hoc Router(config)#end Router# hoc Router(config)#ctrl + z Router#

- T privilege mode mun tr v user mode c 2 cch : Router#exit Router> hoc Router#disable Router>

Cng vic 4 : Xo cu hnh hin c ca router.

xo cu hnh ca router ng privilege mode thc hin cu lnh Router#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete

Router#

Tip theo ta khi ng li router bng cch g lnh : Router#reload Proceed with reload? [confirm] %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.

Self decompressing the image : ######################################################################## ## [OK] Restricted Rights Legend

V chng ta thc hin li vic ng nhp router nh hng dn cng vic 3

Cng vic 5 : t cc loi mt khu truy cp

Mt khu c phn bit ch hoa hay ch thng, khng qu 25 k t, c th dng khong trng trong mt khu. Tuy nhin k t u tin ca mt khu khng c l khong trng.

t password khi ng nhp vo privilege mode : gi s ta t password l cisco th ta thc hin cu lnh sau y mode config Router(config)#enable password cisco

Lu : t user mode vo privilege mode s c hi password nu ta thc hin cu lnh trn, nhng t privilege mode vo config mode th lun lun khng c hi password

t password cho cng console : gi s ta t password l vdc th ta thc hin cu lnh sau y mode config

Router(config)#line console 0 Router(config-line)#password vdc Router(config-line)#login Router(config-line)#exit Router(config)#

Lu li cu hnh khi c s thay i Thc hin privilege mode

Router#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] Router#

hoc c th g tt nh sau

Router#copy run start

Destination filename [startup-config]? Building configuration... [OK] Router# hoc c th g ngn gn hn l

Router#wr Building configuration... [OK] Router#

Kim tra li tc dng ca cc loi mt khu va t - Khi ng li router bng cu lnh reload privilege mode :

Router#reload Sau khi khi ng xong chng ta s b hi password ca cng console G vo vdc Ta s vo c user mode, t user mode mun vo privilege mode ta phi g tip password lcisco, t privilege mode mun vo config mode ta khng b hi password

Cng vic 6 : M ha mt khu v t mt khu secret

Kim tra cc loi mt khu t trn bng cch xem cu hnh hin ang chy ca router. - Thc hin privilege mode :

Router#show running-config hoc c th g ngn gn hn Router#show run

Building configuration... Current configuration : 402 bytes ! version 12.4 no service password-encryption ! hostname Router ! enable password cisco ! ip ssh version 1 ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ip classless !

line con 0 password vdc login line vty 0 4 login ! end

M ho password Ta m ho tt c password dng clear-text trong router theo thut ton MD7

Router(config)#service password-encryption

Kim tra li cu hnh sau khi m ho

Router#show run Building configuration...

Current configuration : 415 bytes ! version 12.4 service password-encryption ! hostname Router

! enable password 7 0822455D0A16 ! ip ssh version 1 ! interface FastEthernet0/0 no ip address duplex auto speed auto shutdown ! ip classless ! line con 0 password 7 0837484D login line vty 0 4 login ! end t mt khu Secret Gi s ta t password secret l vip th mc nh password ny s c m ho theo thut ton MD5

Router(config)#enable secret vip

Lu : Lc ny password m ta t khi ng nhp vo privilege mode bng cu lnh :Router(config)#enable password cisco s khng c u tin bng password vip . Do khi nhp vo mode privilege ta phi g password l vip, nu ta g l cisco th n khng vo c

Kim tra li cu hnh sau khi t mt khu Secret

Router#show run Building configuration...

Current configuration : 462 bytes ! version 12.4 service password-encryption ! hostname Router ! enable secret 5 $1$mERr$leLpNmH/lVzjPN.O9z69n0 enable password 7 0822455D0A16 ! ip ssh version 1 ! interface FastEthernet0/0

no ip address duplex auto speed auto shutdown ! ip classless ! line con 0 password 7 0837484D login line vty 0 4 login ! end

Cng vic 7 : Cu hnh c bn cho router

t tn cho router

Router(config)#hostname xuantung xuantung(config)#

Tt c ch d tm tn min ca router

xuantung(config)#no ip domain-lookup

Tt c ch thng bo ca router ngt ngang cu lnh m ta ang g

xuantung(config)#line console 0 xuantung(config-line)#logging synchronous xuantung(config-line)#exit xuantung(config)#

Ngn nga vic ngt console sau 120 giy bng cch tt c ch timeout console

xuantung(config)#line console 0 xuantung(config-line)#exec-timeout 0 0 xuantung(config-line)#exit xuantung(config)#

Lu li cu hnh

xuantung#copy run start Destination filename [startup-config]? Building configuration... [OK] xuantung#

Lu : Khi kt thc bi thc hnh hc vin phi xo cu hnh do mnh to ra trong qu trnh thc hnh bng cu lnh

xuantung#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete xuantung#reload Proceed with reload? [confirm] %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.

Phn 1. Routing - nh Tuyn

---------------------------------------------------------------------------------------RIP v2 r(config)#router rip r(config-router)#ver 2 r(config-router)#net ip-add (major network) r(config-router)#no auto-summary OSPF Note: Tt c nhng router c cng area phi cu hnh ging nhau tt c cc thng s th khu vc mi hot ng ng chc nng c. 1. Cu hnh c bn Router(config)#router ospf process ID (difference)

Router(config-router)#network ip-add Wildcard-mask area-ID 2. Cu hnh priority cc interface bu DR v BDR Priority cng ln th kh nng c bu lm DR cng cao, ngc vi bu Root brige ca Switch, cng nh th li cng c bu. Router(config)#interface fastethernet 0/0 Router(config-int)#ip ospf priority 55 Sau khi cu hnh xong priority c th kim tra bng lnh. Router# show ip ospf interface f0/0 3. Chnh sa li OSPF cost metric trong mi interface Cost cng nh th tuyn cng c coi l best path Router(config-int)#ip ospf cost 1

4.Cc lnh show dng kim tra cu hnh OSPF show ip protocol show ip route show ip ospf show ip ospf interface show ip ospf database show ip ospf neighbor detail clear ip route * debug ip ospf events debug ip ospf adj EIGRP 1.Cu hnh c bn.

Router(config)#router eigrp As-id Router(config-router)#network network number Router(config-router)#no auto-summary 2.Thay i bng thng v t tng hp tuyn trong interface Router(config-if)#bandwidth kilobits Router(config-if)#ip summary-address protocol AS network number subnets mask 3.Cn bng ti trong EIGRP Router(config-router)#variance number 4.Qung b default route Cch 1: Router(config)#ip route 0.0.0.0 0.0.0.0 [interface/nexthop] Router(config)#redistribute static Cch 2: Router(config)#ip default-network network number Cch 3: Router(config-if)#ip summary-network eigrp AS number 0.0.0.0 0.0.0.0 5.Qung b cc tuyn khc trong EIGRP (khng phi l default) Router(config-router)#redistribute protocol process ID metrics k1 k2 k3 k4 k5 Ex: Router(config-router)#redistribute ospf metrics 100 100 100 100 100 6.Chia s traffic trong EIGRP Router(config-router)#traffic share {balanced/min} 7.Cc lnh ki m tra cu hnh EIGRP show ip eigrp neighbor

show ip eigrp interface show ip eigrp topology show ip eigrp traffic debug eigrp packet --------------------------------------------------------------------------------------------

Phn 2. Switching - Chuyn mch

-------------------------------------------------------------------------------------------1.Cu hnh c bn chung cho mt Switch Reset tt c cu hnh ca Switch v reload li. Switch#delete flash:vlan.dat Switch#erase startup-config Switch#reload 2.Cu hnh v Security v management Switch(config)#hostname tn switch Switch(config)#line console 0 Switch(config-line)#password mt khu Switch(config-line)#login Switch(config)#line vty 0 4 Switch(config-line)#pass mt khu Switch(config-line)#login 3.Thit lp a ch IP v default gateway cho Switch Switch(config)#interface vlan1 Switch(config-int)#ip address a ch subnetmask Switch(config)#ip default-gateway a ch 4.Thit lp tc v duplex ca cng Switch(config-int)#speed tc Switch(config-int)#duplex full

5.Thit lp dch v HTTP v cng Switch(config)#ip http server Switch(config)#ip http port 80 6.Thit lp, qun l a ch MAC Switch(config)#mac-address-table static a ch MAC interface fastethernet s vlan Switch#show mac-address-table Switch#clear mac-address-table 7.Cu hnh bo mt cho cng Switch(config-if)#switchport mode acess Switch(config-if)#switchport port-security Cu hnh Static: Switch(config-if)#switchport port-security mac-address a ch Mac Cu hnh Sticky: Switch(config-if)#switchport port-security mac-address sticky (thng dng nht) Switch(config-if)#switchport port-security maximum value Switch(config-if)#switchport port-security violation shutdown 8.To Vlan Cch 1. Switch#vlan database Switch(vlan)#vlan number Cch 2. Khi gn cc cng vo vlan, d vlan cha tn ti nhng Switch vn t to. Switch(config)#interface fastethernet 0/0 Switch(config-int)#switchport access vlan vlan-id

Mun xo vlan ta lm nh sau: Switch(config-if)#no switchport access vlan vlan-id Switch#clear vlan vlan_number (xo ton b vlan ) 9.Gn nhiu cng vo trong vlan cng mt lc, cu hnh Range i vi dy cng khng lin tc. Switch(config)#interface range cng 1 , cng 2 , cng 3 i vi mt dy lin tc. Switch(config)#interface range cng 1-n Switch(config-range)#switchport access vlan vlan-id

V d: Switch(config)#interface range f0/0 , f0/2 , f0/4 Switch(config)#interface range f0/0-10 Switch(config-range)#switchport access vlan 10 10.Cu hnh Trunk Switch(config-if)#switchport mode trunk Switch(config-if)#switchpor trunk encapsulation encapsulation-type Switch#show int trunk 11.Cu hnh VTP Switch#vlan database Switch(vlan)#vtp mode {server/client/transperant} Switch(vlan)#vtp domain domain-name ( cng domain th mi giao tip c) Switch(vlan)#vtp password password-number (To pass cho domain- cng pass th mi giao tip c) Switch(vlan)#vtp pruning------>ch sd cho mode server Switch#show vtp status Switch#show cdp nei Switch#show vlan brief

12.Cu hnh Inter-Vlan trn Router Router(config)#interface fastethernet 0/0.1 Router(config-subif)#encapsulation type Router(config-subif)#ip address a-ch subnetmask -------------------------------------------------------------------------------------------

Phn 3. Access-list v cc cu hnh lin quan.

------------------------------------------------------------------------------------------1.Nhc li v l thuyt. C 2 loi access-list: Loi th nht: Standard IP Access-list ch lc d liu da vo a ch IP ngun. Range ca loi ny l t 1->99. Nn c p dng vi cng gn ch nht. Loi th hai: Extended IP Access-list lc d liu da vo: -a ch IP ngun -a ch IP ch -Giao thc (TCP, UDP) -S cng (HTTP, Telnet) -V cc thng s khc nh Windcard mask Range ca loi ny l t 100 ->199. Nn c p dng vi cng gn ngun nht. Hai bc cu hnh Access-list -->Bc 1: To access-list trong ch cu hnh config. -->Bc 2: p dng access-list cho tng cng tu theo yu cu ch cu hnh (config-if) Lu : -->Mc nh ca tt c Access-list l deny all, v vy trong tt c cc access-list ti thiu phi c 1 lnh permit. Nu trong access-list c c permit v deny th nn cc dng lnh permit bn trn. -->V hng ca access-list (In/Out) khi p dng vo cng c th hiu n gin l: In l t host, Out l ti host hay In vo trongRouter, cn Out l ra khi Router. -->i vi IN router kim tra gi tin trc khi n c a ti bng x l. i vi OUT, router kim tra gi tin sau khi n vo bng x l.

-->Windcard mask c tnh bng cng thc: WM = 255.255.255.255 Subnet mask (p dng cho c Classful v Classless addreess) -->0.0.0.0 255.255.255.255 = any. -->Ip address 0.0.0.0 = host ip address (ch nh tng host mt ) 2.Cu hnh Standard Access-list (V d) Router(config)#access-list 1 deny 172.16.0.0 0.0.255.255 Router(config)#access-list 1 permit any Router(config)#interface fastethernet 0/0 Router(config-in)#ip access-group in 3.Cu hnh Extended Access-list (V d) Router(config)#access-list 101 deny tcp 172.16.0.0 0.0.255.255 host 192.168.1.1 eq telnet Router(config)#access-list 101 deny tcp 172.16.0.0 0.0.255.255 host 192.168.1.2 eq ftp Router(config)#access-list 101 permit any any Router(config)#interface fastethernet 0/0 Router(config-int)#ip access-group out 4.Cu hnh named ACL thay cho cc s hiu. Router(config)#ip access-list extended server-access (tn ca access-list) Router(config-ext-nacl)#permit tcp any host 192.168.1.3 eq telnet Router(config)#interface fastethernet 0/0 Router(config-int)#ip access-group server-access out 5.Permit hoc Deny Telnet s dng Standard Acl (V d) Router(config)#access-list 2 permit 172.16.0.0 0.0.255.255 Router(config)#access-list 2 deny any Router(config)#line vty 0 4 Router(config-line)#password cisco Router(config-line)#login Router(config-line)#ip access-class 2 in

6.Xo v kim tra Access-list Mun xo th ta dng lnh sau: Router(config)# no ip access-list id Kim tra Acl ta dng cc lnh sau: -->show access-list -->show running-config -->show ip interface -------------------------------------------------------------------------------------------------

Phn 4. NAT PPP Frame Relay

------------------------------------------------------------------------------------------------I.Cu hnh NAT * Cu hnh Static NAT Router(config)#ip nat inside source static [inside local address] [inside global address] V d: R(config)#ip nat inside source statice 10.0.0.1 202.103.2.1 (a ch 10.10.0.1 s c chuyn thnh 202.103.2.1 khi i ra khi Router) Sau khi cu hnh xong phi p dng vo cng in v cng out, trong v d di y, cng Ethernet l cng in, cn cng Serial l cng out Router(config)#interface ethernet 0 Router(config-if)#ip nat inside Router(config)#interface serial 0 Router(config-if)#ip nat outside * Cu hnh Dynamic NAT Router(config)#ip nat pool [ tn pool] [A.B.C.D A1.B1.C1.D1] netmask [mt n] Router(config)#ip nat inside source list [s hiu ACL] pool [tn pool]

Router(config)#access-list [s hiu ACL] permit A.B.C.D windcard masks V d: R(config)#ip nat pool nat-pool1 179.9.8.80 179.9.8.95 netmask 255.255.255.0 R(config)#ip nat inside source list 1 pool nat-pool1 R(config)#access-list 1 permit 10.1.0.0 0.0.0.255 Sau p vo cng In v Out nh Static NAT Note: Gii a ch inside local address v inside global address phi nm trong gii cho php ca ACL * Cu hnh NAT overload o Cu hnh overload vi 1 a ch IP c th: Router(config)#ip nat pool [tn pool] [ip global inside] [subnet mask] Router(config)#ip nat inside source list [tn s hiu ACL] pool [tn pool] overload Router(config)#access-list [s hiu] permit [a ch] [windcard mask] V d: R(config)#access-list 2 permit 10.0.0.0 0.0.0.255 R(config)#ip nat pool nat-pool2 179.9.8.20 255.255.255.240 R(config)#ip nat inside source list 2 nat-pool2 overload

o Cu hnh overload dng a ch ca cng ra.(Thng xuyn c dung hn l trng hp trn) Router(config)#ip nat inside source list [tn s hiu ACL] interface [cng ra] overload Router(config)#access-list [s hiu] permit [a ch] [windcard mask] V d: R(config)#ip nat inside source list 3 interface serial 0 overload R(config)#access-list 3 permit 10.0.0.0 0.0.0.255 * Cc lnh Clear NAT/PAT

Lnh xa tt c dynamic nat trn ton b cc interface. -->Router#clear ip nat translation * Lnh xa cc single nat trn tng interface -->Router#clear ip nat translation [inside/outside] [global ip - local ip] Lnh xa cc extended nat trn tng interface -->Router#clear ip nat translation protocol [inside/outside] [global ip - global port local ip local port] * Kim tra v Debug cc NAT v PAT Router#show ip nat translation Router#show ip nat statics Router#debug ip nat * Cu hnh DHCP Router(config)#ip dhcp excluded-address ip-address (end-ip-address) Router(config)#ip dhcp pool [tn pool] Router(dhcp-config)#network addess subnetmask Router(dhcp-config)#default-router address Router(dhcp-config)#dns-server address Router(dhcp-config)#netbios-name-server address Router(dhcp-config)#domain-name tn domain Router(dhcp-config)#lease ngy/gi/pht * Kim tra v troubleshoot cu hnh DHCP Router#show ip dhcp binding Router#debug ip dhcp server events * Trong trng hp DHCP server khng nm cng mng vi host Note: khi DHCP server khng cng mng vi host th ta phi dng lnh ip helper-address gip host n DHCP server.

Router(config)#interface [cng nm cng mng vi host] Router(config-if)#ip helper-address [a ch ca DHCP server] Note: Trong trng hp mun gi tin ca host c broadcast mng cha DHCP th ta dng thm lnh ip directed-broadcast cng cng mng vi DHCP server Router(config)#interface [cng nm cng mng vi dhcp] Router(config-)#ip directed-broadcast II. Cu hnh PPP 1. Cu hnh c bn: R(config)#interface serial 0/0 R(config-if)#encapsulation ppp 2. Cu hnh PAP Cu hnh PAP khng yu cu hai Router ging nhau v password nhng CHAP th phi c. (Cu hnh trn RA) R(config)#host RA RA(config)#username RB password 321 RA(config-if)#encapsulation ppp RA(config-if)#ppp authentication pap RA(config-if)#ppp pap sent-username RA password 123 (Cu hnh trn RB) R(config)#host RB RB(config)#username RA password 123 RB(config-if)#encapsulation ppp RB(config-if)#ppp authentication pap RB(config-if)#ppp pap sent-username RB password 321 3. Cu hnh CHAP. (yu cu phi ging nhau v password)

(Cu hnh trn RA) R(config)#host RA RA(config)#username RB password 123 RA(config-if)encapsulation ppp RA(config-if)ppp authentication chap (Cu hnh trn RB) R(config)#host RB RB(config)#username RA password 123 RB(config-if)encapsulation ppp RB(config-if)ppp authentication chap

4. Cc cu hnh khc ca PPP -->Cu hnh Multilink R(config-if)#encapsulation ppp R(config-if)#ppp multilink -->Cu hnh Compression R(config-if)#encapsulation ppp R(config-if)#compress [predictor/stac/mppc] -->Cu hnh Error detection R(config-if)#encapsulation ppp R(config-if)#ppp quality [phn trm] 5. Cc lnh kim tra cu hnh PPP R#show interface (xem encapsulation) R#debug ppp negotiation (Xem qu trnh kt ni gia 2 node) R#debug ppp authentication (Xem qu trnh xc thc gia 2 node)

III. Cu hnh Frame-Relay -->Cu hnh n gin R(config-if)#encapsulation frame-relay {ciso| ietf} (mc nh l cisco) Khi lnh ny c thc thi, DLCI s c Inverse ARP t ng map, ngi dng khng cn phi lm g c. * Nhng Inverse ARP khng lm vic vi cc kt ni Hub-and-Spoke -->Cu hnh Frame-relay static map R(config-if)#encapsulation frame-relay R(config-if)#frame-relay map ip remoteip-address local-dlci [broadcast] [cisco| ietf] (ip address trong dng lnh trn ch ly lm minh ha bi n rt ph bin, chnh xc phi l remoteprotocoladdress) Broadcast trong cu lnh trn c 2 chc nng: -->Forward broadcast khi multicast khng c khi ng. -->n gin ha cu hnh OSPF cho mng nonbroadcast s dng FRelay. V d: R(config-if)#encapsulation frame-relay R(config-if)#frame-relay map ip 192.168.2.1 100 broadcast -->Cu hnh FR trong mng None Broadcast MutiAccess -->Trong mng Broadcast khi 1 my tnh truyn frame tt c cc node lng nghe frame nhng ch c node cn nhn mi nhn c. -->Trong mng None Broadcast khi 1 my tnh truyn frame th ch c node cn nhn mi lng nghe v nhn c frame , cc node cn li th khng. Frame c truyn qua 1 virtual Circuit hoc 1 thit b chuyn mch. -->Star topology c th c coi nh l 1 mng Hub and Spoke. -->Gii quyt vn vi Routing Updates m khng disable Split Horizal Gii php dng Sub-interface

R(config)#interface s0/0 R(config-if)#encapsulation frame-relay R(config-if)interface s0/0.1 [multipoint| point-to-point] -->point-to-point: Mi subinterface c subnet ring ca mnh. Broadcast v Split horizol khng l vn . -->Multi-point: Tt c cc subinterface lin quan phi cng chung 1 subnet v nh vy Broadcast v Split horizol s c vn . V d: (Point-to-point) R(config)#interface s0/0 R(config-if)#encapsulation frame-relay R(config-if)#interface s0/0.1 point-to-point R(config-subif)#frame-relay interface-dlci 18 (Multipoint) R(config)#interface s0/0 R(config-if)#encapsulation frame-relay R(config-if)#interface s0/0.2 multipoint R(config-subif)#frame-relay interface-dlci 19 R(config-subif)#frame-relay interface-dlci 20 -->Cu hnh trn Frame-relay Switching (v d) R(config)#frame-relay switching R(config)#interface s0/0 R(config-if)#encapsulation frame-relay R(config-if)#frame-relay intf-type dce R(config-if)#frame-relay route 103interface serial 0/1 301