ccna
advertisement
Cisco Certified Network Associate Mr.Kriangsak Namkot (CCNA,CCDA,CCNP,CompTIA Linux+,CompTIA Security+ ) CEO & Managing Director Jodoi IT&Service Co.,Ltd. jodoi@jodoi.com http://www.jodoi.com Day 1 9.15 – 10.30 - Internetworking &OSI Model Break 15 นาที 10.45 - 12.00 - IPv4 & Subnetting Break พักกลางวัน 13.15 - 14.30 - VLSM & Summarization Break 15 นาที 14.45 - 16.00 - Basic Configuration on Router Cisco Icons and Symbols What Is a Network? Interpreting a Network Diagram Network User Applications – E-mail (Outlook, POP3, Yahoo, and so on) – Web browser (IE, Firefox, and so on) – Instant messaging (Yahoo IM, Microsoft Messenger, and so on) – Collaboration (Whiteboard, Netmeeting, WebEx, and so on) – Databases (file servers) Impact of User Applications on the Network – Batch applications • FTP, TFTP, inventory updates • No direct human interaction • Bandwidth important, but not critical – Interactive applications • Inventory inquiries, database updates. • Human-to-machine interaction. • Because a human is waiting for a response, response time is important but not critical, unless the wait becomes excessive. – Real-time applications • VoIP, video Characteristics of a Network – Speed – Cost – Security – Availability – Scalability – Reliability – Topology Network Structure Defined by Hierarchy Core Layer Distribution Layer Access Layer Understanding Host-to-Host Communications – Older model • Proprietary • Application and combinations software controlled by one vendor – Standards-based model • Multivendor software • Layered approach Why a Layered Network Model? Reduces complexity Standardizes interfaces Facilitates modular engineering Ensures interoperable technology Accelerates evolution Simplifies teaching and learning OSI Model & IPv4 Application Application (Upper) Layers Presentation Session IPv4,IPv6 tcp,udp Transport Layer Network Layer Encapsulation Data Link Physical Data Flow Layers Role of Application Layers EXAMPLES Application Presentation Session Transport Layer Network Layer Data Link Physical User Interface Telnet,msn,skype, Bit torrent,FTP,etc • How data is presented • Special processing such as encryption ASCII EBCDIC JPEG Keeping different applications’ data separate Operating System/ Application Access Scheduling Role of Data Flow Layers Application Presentation EXAMPLES Session • Reliable or unreliable delivery • Error correction before retransmit TCP UDP SPX Network Provide logical addressing which routers use for path determination IP IPX Data Link • Combines bits into bytes and bytes into frames • Access to media using MAC address • Error detection not correction 802.3 / 802.2 HDLC Physical • Move bits between devices • Specifies voltage, wire speed and pin-out cables Transport EIA/TIA-232 V.35 Encapsulating Data (Protocol Data Unit) PDU Application Presentation Session Upper Layer Data TCP Header Transport Upper Layer Data IP Header Data LLC Header Data FCS MAC Header Data FCS 0101110101001000010 Data Segment Network Packet Data Link Frame Physical Bits Introduction to TCP/IP Department of Defense (DoD) Introduction to TCP/IP Introduction to TCP/IP TCP (Transmission Control Protocol) is a set of rules (protocol) used along with the Internet Protocol (IP) to send data in the form of message units between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care of keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet. User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. Using UDP, programs on networked computers can send short messages sometimes known as datagrams (using Datagram Sockets) to one another. UDP is sometimes called the Universal Datagram Protocol or Unreliable Datagram Protocol. Introduction to TCP/IP Introduction to TCP/IP IP Address Private IP IP Address Version 4 • http://www.jodoi.com/book/book_technic_cal_IP.pdf IP Address เมื่อเราได้ IP Address มา 1 ชุด สิ่ งที่จะต้องบอกได้จาก IP Address ที่ได้มาคือ 1. Network IP คือ IP Address อะไร 2. Broadcast IP คือ IP Address อะไร 3. Range host IP ที่สามารถนามาใช้งานได้ หรื อ จานวน host Per Subnet 4. Subnet Mask คือ IP Address อะไร 5. จานวน Subnet Ex.1 192.168.22.50/30 Ex.2 192 .168.5.33/27 which IP address should be assigned to the PC host ? A.192.168.5.5 B.192.168.5.32 C. 192.168.5.40 D. 192.168.5.63 E. 192.168.5.75 IP Address Ex.3 ข้อใดบ้างเป็ น IP ที่ใช้งานได้จริ ง a) b) c) d) e) 10.10.10.0/13 244.0.0.1/24 10.159.255.255/12 10.127.255.255/13 10.179.0.255/15 IP Address 4.Which of the following addresses can be assigned to network hosts when given a subnet mask of 255.255.255.224?(select three options.) A. 201.45.116.159 B. 134.178.18.62 C. 192.168.16.91 D. 92.11.178.93 E. 217.63.12.24 F. 15.234.118.63 IP Subnet-Zero Classless Inter-Domain Routing Variable Length Subnet Masks ( VLSM ) • เครื อข่ายที่เราใช้ งานกันอยูไ่ ม่จาเป็ นจะต้ องมีขนาดเท่ากันเสมอไป เช่น • LAN ต้ องการ IP สาหรับอุปกรณ์มากกว่า 2 เครื่ อง • การเชื่อมต่อแบบจุดต่อจุด (Point-to-Point) ต้ องการแค่ 2 IP ก็เพียงพอ • VLSM จะยอมให้ มีการแบ่ง Subnet ได้ มากกว่า 1 ครัง้ สาหรับแต่ละชุด IP เพื่อให้ ได้ ขนาด IP ตามที่ต้องการ • VLSM จะช่วยลดจานวนการจัดสรร IP ลง เป็ นการใช้ งาน IP อย่างมี ประสิทธิภาพ • VLSM ยังช่วยให้ Router ทางานได้ เร็วขึ ้นเนื่องจากขนาดของ Routing Table เล็กลง Variable Length Subnet Masks ( VLSM ) Summarization Summarization, also called route aggregation, allows routing protocols to advertise many networks as one addres Summarization Cisco IOS Software EXEC Mode • There are two main EXEC modes for entering commands. Cisco IOS Software EXEC Mode (Cont.) Overview of Router Modes Saving Configurations wg_ro_c# wg_ro_c#copy running-config startup-config Destination filename [startup-config]? Building configuration… wg_ro_c# • Copies the current configuration to NVRAM Configuring Router Identification – Sets the local identity or message for the accessed router or interface Configuring a Router Password Other Console-Line Commands Router(config)#line console 0 Router(config-line)#exec-timeout 0 0 • Prevents console session timeout Router(config)#line console 0 Router(config-line)#logging synchronous • Redisplays interrupted console input Configuring an Interface Router(config)#interface type number Router(config-if)# • type includes serial, ethernet, token ring, fddi, hssi, loopback, dialer, null, async, atm, bri, tunnel, and so on • number is used to identify individual interfaces Router(config)#interface type slot/port Router(config-if)# • For modular routers, selects an interface Router(config-if)#exit • Quits from current interface configuration mode Configuring a Serial Interface •Enter Global Configuration Mode Router#configure terminal Router(config)# Specify Interface Router(config)#interface serial 0 Router(config-if)# Set Clock Rate (on DCE interfaces only) Router(config-if)#clock rate 64000 Router(config-if)# Set Bandwidth (recommended) Router(config-if)#bandwidth 64 Router(config-if)#exit Router(config)#exit Router# Ethernet media-type Command Router(config)#interface ethernet 2 Router(config-if)#media-type 10baset • Selects the media-type connector for the Ethernet interface Disabling or Enabling an Interface Router#configure terminal Router(config)#interface serial 0 Router(config-if)#shutdown %LINK-5-CHANGED: Interface Serial0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down • Administratively turns off an interface Router#configure terminal Router(config)#interface serial 0 Router(config-if)#no shutdown %LINK-3-UPDOWN: Interface Seria0, changed state to up %LINEPROTO-5-UPDOWN: Line Protocol on Interface Serial0, changed state to up • Enables an interface that is administratively shut down Configuring the Router IP Address wg_ro_c#configure terminal wg_ro_c(config)#interface ethernet 0 wg_ro_c(config-if)#ip address 192.168.1.1 255.255.255.0 wg_ro_c(config-if)#no shutdown wg_ro_c(config-if)#exit Router show interfaces Command Router#show interfaces Ethernet0 is up, line protocol is up Hardware is Lance, address is 00e0.1e5d.ae2f (bia 00e0.1e5d.ae2f) Internet address is 10.1.1.11/24 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:07, output 00:00:08, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 81833 packets input, 27556491 bytes, 0 no buffer Received 42308 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored, 0 abort 0 input packets with dribble condition detected 55794 packets output, 3929696 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 4 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Interpreting the Interface Status Verifying a Serial Interface Configuration Router#show interface serial 0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.4.2/24 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 00:00:09, output 00:00:04, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec (output omitted) Serial Interface show controller Command Router#show controller serial 0 HD unit 0, idb = 0x121C04, driver structure at 0x127078 buffer size 1524 HD unit 0, V.35 DTE Cable cable . . . • Shows the cable type of serial cables Config DHCP Setting Secure Shell (SSH) Setting Secure Shell (SSH) Doing the do Command Using the Pipe Cisco’s Security Device Manager Cisco’s Security Device Manager Basic Configuration on Router Basic config 1.Hostname 2.Line console 3.Enable password 4.Enable secret 5.Line vty 6.Banner motd 7.Interface Day 2 9.15 – 10.30 - Password Recovery - Backup&Restore Config Break 15 นาที 10.45 - 12.00 - Layer 2 Switching - Spanning Tree Protocol (STP) Break พักกลางวัน 13.15 - 14.30 - Virtual LANs (VLANs) - VTP Break 15 นาที 14.45 - 16.00 - inter-VLAN routing - Lab Switch Configuration Register Values รหัสของ bootstrap ทัว่ ไป 0x2102 เอามาเขียนเป็ นเลขฐานสอง 0010 0001 00 01 10 11 = 9600 = 4800 = 2400 = 1200 มีได้ 3 ค่า คือ 0 = Rommon [>] 1 = Rx-boot [router(boot)] 2 = IOS [router>] มีได้ 2 ค่าคือ 0 = load config จาก NVRAM 4 = skip การ load config Password Recovery Lab Password Recovery Lab Backup&Restore Config Ethernet Switches and Bridges – Address learning – Forward/filter decision – Loop avoidance Forward/Filter Decisions Port Security Switch(config)#interface fastEthernet 0/1 Switch(config-if)#switchport port-security ? mac-address Secure mac address maximum Max secure addresses violation Security violation mode <cr> Switch(config-if)#switchport port-security maximum 1 Switch(config-if)#switchport port-security violation shutdown Loop Avoidance – Redundant topology eliminates single points of failure. – Redundant topology causes broadcast storms, multiple frame copies, and MAC address table instability problems. Broadcast Storms • Host X sends a broadcast. • Switches continue to propagate broadcast traffic over and over. Multiple Frame Copies • Host X sends a unicast frame to router Y. • MAC address of router Y has not been learned by either switch yet. • Router Y will receive two copies of the same frame. MAC Database Instability • Host X sends a unicast frame to router Y. • MAC address of router Y has not been learned by either switch. • Switches A and B learn the MAC address of host X on port 0. • The frame to router Y is flooded. • Switches A and B incorrectly learn the MAC address of host X on port 1. Spanning-Tree Protocol • Provides a loop-free redundant network topology by placing certain ports in the blocking state. Spanning-Tree Operation • • • • One root bridge per network One root port per nonroot bridge One designated port per segment Nondesignated ports are unused Spanning-Tree Protocol Root Bridge Selection • Bpdu = Bridge Protocol Data Unit (default = sent every two seconds) • Root bridge = Bridge with the lowest bridge ID • Bridge ID = • In the example, which switch has the lowest bridge ID? Spanning-Tree Port States • Spanning-tree transits each port through several different states: Spanning-Tree Path Cost Spanning-Tree Switch#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0001.96DC.1A62 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32770 sys-id-ext 1) Address 0010.1116.A3A4 Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/1 Desg FWD 19 128.3 Shr Fa0/2 Root FWD 19 128.3 Shr Switch(config)#spanning-tree vlan 1 priority 4096 Lab Spanning-Tree Switch#show spanning-tree Switch#show version Catalyst Default Configuration • IP address: 0.0.0.0 • CDP: enabled • 100baseT port: autonegotiate duplex mode • Spanning tree: enabled • Console password: none Configuration Switch ลบ config # erase start-up # reload ตรวจสอบ config #show running-config #show spanning-tree #show vlan #show interfaces status #show mac-address-table #show ip int brief Configuration Switch 2960 Vlan 1 default การ config Switch#config t Switch(config)#vlan 2 Switch(config-vlan)#name Sales Switch (config-vlan)#vlan 3 Switch (config-vlan)#name Marketing Switch(config)#interface FastEthernet 0/1-24 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 2 Configuration Switch 2950,2960 Config trunk Switch#config terminal Switch(config)#interface fastethernet 0/3 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk encapsulation dot1q ,isl Cisco only หมายเหตุ Switch 2960 เมื่อ set เป็ น trunk ค่า encapsulation จะ เป็ น dot1q อยูแ่ ล้ว จึงไม่ตอ้ ง set #switchport trunk encapsulation dot1q Lab Config VLAN VLAN Trunking Protocol • Creates VLANs • Modifies VLANs • Deletes VLANs • Sends/forwards advertisements • Synchronizes • Saved in NVRAM • Creates VLANs • Forwards advertisements • Modifies VLANs • Synchronizes • Forwards advertisements • Not saved in NVRAM • Deletes VLANs • Does not synchronize • Saved in NVRAM 80 VTP Operation • VTP advertisements are sent as multicast frames. • VTP servers and clients are synchronized to the latest revision number. • VTP advertisements are sent every 5 minutes or when there is a change. Configuration Switch 2950,2960 VLAN Trunking Protocol (VTP) Switch#vlan database Switch(vlan)#vtp server, client , transparent Switch(vlan)#vtp domain jodoi Switch(vlan)#vtp password password หรื อ Switch#config ter Switch(vlan)#vtp mode server, client , transparent Switch(vlan)#vtp domain jodoi Switch(vlan)#vtp password password Switch#show vtp status Lab Config VTP Configuring Inter-VLAN Routing Configuring Inter-VLAN Routing Lab Config Inter-VLAN Routing Day 3 9.15 – 10.30 - WAN ( Wide Area Networks) - Leaseline HDLC, PPP PAP, PPP CHAP Break 15 นาที 10.45 - 12.00 - Lab WAN - WAN ( Frame Relay ) Point-to-point (no sub interface) Break พักกลางวัน 13.15 - 14.30 - WAN ( Frame Relay ) Point-to-point ( sub interface) - WAN ( Frame Relay ) Point-to-multipoint ( sub interface) Break 15 นาที 14.45 - 16.00 - IP Routing Static - Static route - Default route Wide Area Networks Wan Connection 2 ฝั่ งเป็ น cisco - lease line HDLC ,PPP Sync - Circuit Switch (isdn) HDLC ,PPP Async - Packet Switch Frame Relay Sync - Cell Switch ATM Async DTE Data terminal equipment ตัวผู้ DCE Data Circuit equipment ตัวเมีย #Show controller Serial 0/0 เพื่อตรวจสอบว่าเป็ น DTE หรื อ DCE Configuration Router WAN hdlc router DTE B1(config)#interface s0/0 B1(config-if)#ip address 10.10.10.6 255.255.255.252 B1(config-if)#encapsulation hdlc B1(config-if)#bandwidth 512 B1(config-if)#description link-to-HQ B1(config-if)#no shutdown DCE HQ(config)#interface s0/0 HQ(config-if)#ip address 10.10.10.5 255.255.255.252 HQ(config-if)#encapsulation hdlc HQ(config-if)#clock rate 125000 HQ(config-if)#bandwidth 512 HQ(config-if)#description link-to-B1 HQ(config-if)#no shutdown HQ#show interfaces s0/0 Serial0/0 is up, line protocol is up (connected) HQ#ping 10.10.10.6 !!!!! CSU DSU Lab Config WAN hdlc PPP Authentication Protocols • Passwords sent in clear text • Peer in control of attempts Challenge Handshake Authentication Protocol • Hash values, not actual passwords, are sent across link. • The local router or external server is in control of attempts. Configuration WAN PPP PAP HQ S0/0 pap S0/0 B1 HQ(config)#username aaa password 1234 HQ(config)#username bbb password 5678 B1(config)#username ccc password 1234 B1(config)#username ddd password 5678 HQ(config)#interface s0/0 HQ(config-if)#ip address 10.10.10.5 255.255.255.252 HQ(config-if)#encapsulation ppp HQ(config-if)#ppp pap sent-username ccc password 1234 HQ(config-if)#clock rate 125000 HQ(config-if)#bandwidth 512 HQ(config-if)#description link-to-B1 HQ(config-if)#no shutdown B1(config)#interface s0/0 B1(config-if)#ip address 10.10.10.6 255.255.255.252 B1(config-if)#encapsulation ppp B1(config-if)#ppp pap sent-username aaa password 1234 B1(config-if)#bandwidth 512 B1(config-if)#description link-to-HQ B1(config-if)#no shutdown #debug ppp authen #no debug all Username ตัวเล็กใหญ่ไม่มีผล แต่ password มีผล Lab Config WAN PPP PAP Configuration WAN PPP CHAP bkk chap S0/0 S0/0 B1 Chap password ต้ องตรงกัน bbk(config)#username B1 password cisco B1(config)#username bbk password cisco bbk(config)#interface s0/0 bbk(config-if)#ip address 10.10.10.10 255.255.255.252 bbk(config-if)#encapsulation ppp bbk(config-if)#ppp authentication chap bbk(config-if)#no shutdown B1(config)#interface s0/0 B1(config-if)#ip address 10.10.10.9 255.255.255.252 B1(config-if)#encapsulation ppp B1(config-if)#ppp authentication chap B1(config-if)#clock rate 125000 B1(config-if)#no shutdown Chap username ใส่เป็ นชื่อ hostname และ password ทั ้ง 2 ฝั่ งต้ องตรงกัน Lab Config WAN PPP CHAP Frame Relay Overview – Connections made by virtual circuits – Connection-oriented service Frame Relay Stack OSI Reference Model Frame Relay Application Presentation Session Transport Network IP/IPX/AppleTalk, etc. Data-Link Frame Relay Physical EIA/TIA-232, EIA/TIA449, V.35, X.21, EIA/TIA-530 Frame Relay Terminology Selecting a Frame Relay Topology • Frame Relay default: nonbroadcast, multiaccess (NBMA) Configuration Router Frame Relay Point-to-point (no sub interface) HQ(config)#interface s0/0 HQ(config-if)#ip address 10.10.10.1 255.255.255.252 HQ(config-if)#encapsulation frame-relay ietf (cisco , ietf ) HQ(config-if)#frame-relay interface-dlci 100 HQ(config-if)#frame-relay lmi-type ansi (cisco , ansi , q933a) HQ(config-if)#no shutdown Lab Config Point-to-point (no sub interface) Configuration Router Frame Relay Point-to-point ( sub interface) HQ(config)#interface s0/0 HQ(config-if)#no ip address HQ(config-if)#encapsulation frame-relay ietf HQ(config-if)#frame-relay lmi-type ansi HQ(config-if)#no shutdown HQ(config)#interface s0/0.1 point-to-point HQ(config-subif)#ip address 10.10.10.1 255.255.255.252 HQ(config-subif)#frame-relay interface-dlci 100 Lab Config Point-to-point (sub interface) Configuration Router Frame Relay Point-to-multipoint ( sub interface) HQ(config)#interface s0/0 HQ(config-if)#no ip address HQ(config-if)#encapsulation frame-relay ietf HQ(config-if)#frame-relay lmi-type ansi HQ(config-if)#no shutdown HQ(config)#interface s0/0.1 multipoint HQ(config-subif)#ip address 10.10.10.1 255.255.255.0 HQ(config-subif)#frame-relay map ip 10.10.10.2 100 broadcast HQ(config-subif)#frame-relay map ip 10.10.10.3 200 broadcast HQ(config-subif)#frame-relay map ip 10.10.10.10 300 broadcast Lab Config Point-to-multipoint (sub interface) IP Routing Routing -Static -Dynamic Config static route ( Network ip ) ( subnet mask) ________ ( gateway ip ) (Config)# ip route ________ ________ Ex R2 (config)# ip route 192.168.1.0 255.255.255.0 10.10.10.1 R1 (config)# ip route 192.168.2.0 255.255.255.0 10.10.10.2 Default route ( gateway ip ) (Config)# ip route 0.0.0.0 0.0.0.0 ________ IP Routing Ex b1(config)#ip route 111.111.111.0 255.255.255.0 222.222.222.222 b1(config)#ip route 22.22.22.0 255.255.255.0 222.222.222.222 b1(config)#ip route 33.33.33.8 255.255.255.252 222.222.222.222 b1(config)#ip route 44.44.44.8 255.255.255.248 222.222.222.222 or b1(config)#ip route 0.0.0.0 0.0.0.0 222.222.222.222 Lab Config Routing Day 4 9.15 – 10.30 - DSL & VPN Break 15 นาที 10.45 - 12.00 - IP Routing Dynamic - Config Routing Rip version 2 - Config Routing EIGRP Break พักกลางวัน 13.15 - 14.30 - VLSM & Summarization Break 15 นาที 14.45 - 16.00 - Basic Configuration on Router Digital Subscriber Line Digital Subscriber Line Digital Subscriber Line Digital Subscriber Line Digital Subscriber Line ค่ า VPI และ VCI ในการตั้งค่ าของ ADSL PPPoE Configuration ! interface FastEthernet4 pppoe enable group global pppoe-client dial-pool-number 1 ! interface Dialer 0 ip address negotiated ip mtu1452 encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname Todd ppp chap password 0 lammle ! Virtual Private Networks Types of VPNs There are three different categories of VPNs: • Remote access VPNs Remote access VPNs allow remote users like telecommuters to securely access the corporate network wherever and whenever they need to. • Site-to-site VPNs Site-to-site VPNs, or intranet VPNs, allow a company to connect its remote sites to the corporate backbone securely over a public medium like the Internet instead of requiring more expensive WAN connections like Frame Relay. • Extranet VPNs Extranet VPNs allow an organization’s suppliers, partners, and customers to be connected to the corporate network in a limited way for business-to-business (B2B) communications. Virtual Private Networks four of the most common tunneling protocols • Layer 2 Forwarding (L2F) Layer 2 Forwarding (L2F) is a Ciscoproprietary tunneling protocol, and it was their first tunneling protocol created for virtual private dial-up networks (VPDNs). VPDN allows a device to use a dial-up connection to create a secure connection to a corporate network. L2F was later replaced by L2TP, which is backward compatible with L2F. • Point-to-Point Tunneling Protocol (PPTP) Point-to-Point Tunneling Protocol (PPTP) was created by Microsoft to allow the secure transfer of data from remote networks to the corporate network. • Layer 2 Tunneling Protocol (L2TP) Layer 2 Tunneling Protocol (L2TP) was created by Cisco and Microsoft to replace L2F and PPTP. L2TP merged the capabilities of both L2F and PPTP into one tunneling protocol. • Generic Routing Encapsulation (GRE) Generic Routing Encapsulation (GRE) is another Cisco-proprietary tunneling protocol. It forms virtual point-to-point links, allowing for a variety of Virtual Private Networks Virtual Private Networks Virtual Private Networks IP Routing Dynamic routing -Interier Gateway Protocol (IGP) Autonomous System (AS) เดียวกัน -Exterier Gateway Protocol (EGP) Autonomous System (AS) ต่างกัน ใน CCNA จะเรี ยนเฉพาะ IGP Interier Gateway Protocol (IGP) -Distance vector rip , igrp update table ช่วงเวลาหนึ่ง -Link-state ospf ,IS-IS เก็บข้อมูลเป็ น database -Balancing Hybrid EIGRPเก็บข้อมูลแบบ link-state แต่ทา routing แบบ distance vector Selecting the Best Route with Metrics Configuration Router Routing Information Protocol (RIP) (config)#router rip (config)#version 2 (major network) (config)#network ____________ Ex 172.16.1.30/24 Mojor network จะได้ 172.16.0.0 10.10.10.3/26 Mojor network จะได้ 10.0.0.0 192.168.1.5/28 Mojor network จะได้ 192.168.1.0 (config)#router rip (config)#version 2 (config-router)#network 172.16.0.0 (config-router)#network 10.0.0.0 (config-router)#network 192.168.1.0 Configuration Router Routing Information Protocol (RIP) # ต่อ Rip ใช้ hop ในการคานวณเส้นทาง ทางไหนน้อยไปทางนั้น (config)#router rip (config-router)#version 2 : version 1 ไม่ support triggered #debug ip rip #show ip protocol เพื่อตรวจสอบ routing #show ip route จะขึ้นเป็ นตัว R Routing rip Router#show ip route C R C R R 10.0.0.0/30 is subnetted, 1 subnets 10.10.10.0 is directly connected, Serial0/0 20.0.0.0/8 [120/1] via 10.10.10.2, 00:00:10, Serial0/0 192.168.1.0/24 is directly connected, FastEthernet0/0 192.168.2.0/24 [120/1] via 10.10.10.2, 00:00:10,Serial0/0 192.168.3.0/24 [120/2] via 10.10.10.2, 00:00:10, Serial0/0 Configuration Router EIGRP (Enhanced IGRP) classFul AS Number ) (config)#router eigrp (______________ (config)#router eigrp 102 network) (config-router#network(major ______________ (config-router#network 192.168.1.0 (config-router)#no auto-sum EIGRP EIGRP (Enhanced IGRP) classless ( AS Number ) (config)#router eigrp ______________ (config)#router eigrp 102 Network ip) (wildcard) (config-router)#network (______________ (config-router)#network 192.168.1.0 0.0.0.255 (config-router)#no auto-sum Routing eigrp Router#show ip route 10.0.0.0/8 [90/11023872] via 20.20.20.1, 00:00:08, Serial0/0 20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks D 20.0.0.0/8 is a summary, 00:00:08, Null0 C 20.20.20.0/30 is directly connected, Serial0/0 D 192.168.1.0/24 [90/11026432] via 20.20.20.1, 00:00:08, Serial0/0 D 192.168.2.0/24 [90/2172416] via 20.20.20.1, 00:00:08, Serial0/0 C 192.168.3.0/24 is directly connected, FastEthernet0/0 D EIGRP Router#show ip eigrp ? interfaces IP-EIGRP interfaces neighbors IP-EIGRP neighbors topology IP-EIGRP Topology Table traffic IP-EIGRP Traffic Statistics Lab Config Routing Configuration Router OSPF (Open Shorted Path First ) ( process-id ) config#router ospf ___________ config#router ospf 101 (network id) _________ ( wildcard ) area _______ ( area-id ) config-router#network _________ config-router#network 192.168.1.0 0.0.0.255 area 0 #show ip ospf neighbor ใช้เพื่อดูวา่ ใครเป็ นคนส่ ง LSA link-state เก็บข้อมูลเป็ น database จะมีการส่ ง LSA (link-state advertisements) นาข้อมูลที่ได้มาสร้าง routing โดยใช้ algolithm 8 10 SPF ( Shorted Path First ) และพิจารณาจากค่า Cost (cost = ) BW Configuration Router OSPF (Open Shorted Path First ) # ต่อ Ex 192.168.3.126/27 config#router ospf 101 config-router#network 192.168.3.96 0.0.0.31 area 0 EIGRP (Enhanced IGRP) classFul ( AS Number ) (config)#router eigrp ______________ (config)#router eigrp 102 (major network) (config-router#network ______________ (config-router#network 192.168.1.0 OSPF Network Types Routing ospf Router#show ip route 10.0.0.0/30 is subnetted, 1 subnets C 10.10.10.4 is directly connected, Serial0/0 20.0.0.0/30 is subnetted, 1 subnets O 20.20.20.8 [110/128] via 10.10.10.6, 00:00:29, Serial0/0 30.0.0.0/30 is subnetted, 1 subnets O 30.30.30.12 [110/128] via 10.10.10.6, 00:00:29, Serial0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 192.168.2.0/29 is subnetted, 1 subnets O 192.168.2.8 [110/65] via 10.10.10.6, 00:00:29, Serial0/0 192.168.3.0/28 is subnetted, 1 subnets O 192.168.3.16 [110/129] via 10.10.10.6, 00:00:29, Serial0/0 192.168.4.0/28 is subnetted, 1 subnets O 192.168.4.240 [110/129] via 10.10.10.6, 00:00:29, Serial0/0 Routing Protocol Comparison Chart Lab Config Routing Default Administrative Distance หนังสื อ อ.เอกสิ ทธิ์ หน้า 188 RIPv1 vs. RIPv2 IGRP vs RIP Access Control Lists Access Control lists - Standard 1-99 ,1300-1999 - Extended 100-199 , 2000-2699 Standard access list (1-99) (SA) (wildcard) (access number) ______ (permit,deny) ______ Config#access-list _______ ______ Ex Config#access-list 1 deny 192.168.12.100 0.0.0.0 Config#access-list 1 permit any Config#interface S0 Config#ip access-group 1 in Access Control Lists Standard access list (1-99) #show ip interface S0 เพื่อตรวจสอบว่า access-list ถูก set ไว้หรื อไม่ Ex Block telnet Config#access-list 2 deny 192.168.1.2 0.0.0.0 Config#access-list 2 permit any Config#line vty 0 4 (config-line)#access-class 2 in Access Control Lists Extended access list (100-199) (access number) (permit,deny) (protocol tcp,udp,icmp) SA wildcard config#access-list __________ _________ ___________ ____ ______ Eq,Neq,lt,gt DA ________ wildcard __________ _____ _________ Port number Ex Config#access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.10.10.2 0.0.0.0 eq 23 Config#access-list 101 permit ip any any config#interface S0 config-if#ip access-group 101 in Access Control Lists Name access list Standard Name Config#ip access-list Extended _______ Ex Standdard config#ip access-list standard Internet config# permit 192.168.40.25 0.0.0.0 config#permit 192.168.40.26 0.0.0.0 config#interface e0 config-if#ip access-group internet in Ex Extended config#ip access-list extended BlockVirus2 config#deny tcp any any eq 135 Config#deny tcp any any eq 4899 Config#permit ip any any config#interface S0 config-if#ip access-group BlockVirus2 in Well-Known Port ECHO Server DISCARD Server DAYTIME Server CHARGET Server FTP Server SSH Server Telnet Server SMTP Server DNS Server DHCP Server Web Server Secure Web Server POP3 Server IMAP Server SNMP Server LDAP Server Web Proxy Server ---> TCP/7 ---> TCP/9 ---> TCP/13 ---> TCP/19 ---> TCP/21 ---> TCP/22 ---> TCP/23 ---> TCP/25 ---> TCP/53 and UDP/53 ---> UDP/68 ---> TCP/80 (HTTP) ---> TCP/443 (HTTPS) ---> TCP/110 ---> TCP/143 ---> UDP/161 ---> TCP/389 ---> TCP/3128 or TCP/8080 The Well Known Ports are those from 0 through 1023. http://www.iana.org/assignments/port-numbers Day 5 9.15 – 10.30 - WLAN - IPv6 Break 15 นาที 10.45 - 12.00 - Network Address Translation (NAT) - Static NAT, Dynamic NAT Break พักกลางวัน 13.15 - 14.30 - NAT Overloading Break 15 นาที 14.45 - 16.00 - Lab Test Cisco’s WirelessTechnologies Cisco’s WirelessTechnologies Cisco’s WirelessTechnologies 802.11b Standard 802.11a Standard 802.11g Standard 802.11 Comparison Range Comparisions BSS & ESS Independent Basic Service Set (IBSS) SSID Wireless Mesh Networking Wireless Mesh Networking AWPP WLAN Security WLAN Security WLAN Security WLAN Security Internet Protocol Version 6 Internet Protocol Version 6 Internet Protocol Version 6 Internet Protocol Version 6 IPv6 Address Types Special Addresses Configuring with IPv6 Corp(config)#ipv6 unicast-routing Corp(config-if)#ipv6 enable IPv6 Routing Protocols RIPng Router1(config-if)#ipv6 rip 1 enable EIGRPv6 Router1(config)#ipv6 router eigrp 10 Router1(config-if)#ipv6 eigrp 10 OSPFv3 Router1(config)#ipv6 router osfp 10 Router1(config-rtr)#router-id 1.1.1.1 Router1(config-if)#ipv6 ospf 10 area 0.0.0.0 Network AddressTranslation NAT - Static - dynamic - Overloading Static Config#ip nat inside source static 192.168.1.2 10.10.10.3 (Config)#interface e0 (Config-if)#ip nat inside #debug ip nat (Config)#interface S0 (Config-if)#ip nat outside เพื่อตรวจสอบดูวา่ มีการทา nat static หรื อไม่ ตัวอย่าง • routerB#debug ip nat • • • • • • • • • • 00:28:33: NAT: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1276] 00:28:33: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1276] 00:28:34: NAT*: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1277] 00:28:34: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1277] 00:28:35: NAT*: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1279] 00:28:35: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1279] 00:28:36: NAT*: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1281] 00:28:36: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1281] 00:28:42: NAT*: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1283] 00:28:42: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1283] Network AddressTranslation Dynamic Config#ip nat pool name pool start ip end ip netmask netmask Ex Config#ip nat pool ISP 10.10.10.4 10.10.10.8 netmask 255.255.255.0 Config#access-list 1 permit 192.168.1.0 0.0.0.255 Config#ip nat inside source list 1 pool ISP (Config)#interface e0 (Config)#interface S0 (Config-if)#ip nat inside (Config-if)#ip nat outside Network AddressTranslation Overloading Config#access-list 1 permit 192.168.1.0 0.0.0.255 Config#ip nat inside source list 1 interface S0 overload หรื อ สามารถทา overloading แบบ dynamic Config#ip nat inside source list 1 pool name pool overload (Config)#interface e0 (Config)#interface S0 (Config-if)#ip nat inside (Config-if)#ip nat outside ตัวอย่าง • routerB#debug ip nat • • • • • • • • • • • • 00:41:39: NAT: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1789] 00:41:39: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1789] 00:41:40: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1790] 00:41:40: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1790] 00:41:41: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1792] 00:41:41: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1792] 00:41:42: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1794] 00:41:42: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1794] 00:41:43: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1795] 00:41:43: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1795] 00:41:44: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1797] 00:41:44: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1797] ตัวอย่าง routerB#debug ip nat • • • • • • • • • • • • 00:52:12: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2332] 00:52:12: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2332] 00:52:13: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2333] 00:52:13: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2333] 00:52:14: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2337] 00:52:14: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2337] 00:52:15: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2339] 00:52:15: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2339] 00:52:16: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2340] 00:52:16: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2340] 00:52:17: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2342] 00:52:17: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2342] Ex Static NAT • • • • • • • • • • • • • • • • • ip nat inside source list 7 interface Serial0 overload ip nat inside source static tcp 192.168.42.30 5900 203.149.9.218 5900 extendable ip nat inside source static udp 192.168.42.30 5900 203.149.9.218 5900 extendable ip nat inside source static udp 192.168.42.30 5800 203.149.9.218 5800 extendable ip nat inside source static tcp 192.168.42.30 5800 203.149.9.218 5800 extendable ip nat inside source static tcp 192.168.42.2 6500 203.149.9.219 6500 extendable ip nat inside source static tcp 192.168.42.2 80 203.149.9.219 80 extendable ip nat inside source static tcp 192.168.42.5 143 203.149.9.218 143 extendable ip nat inside source static tcp 192.168.42.5 21 203.149.9.218 21 extendable ip nat inside source static tcp 192.168.42.5 20 203.149.9.218 20 extendable ip nat inside source static tcp 192.168.42.5 22 203.149.9.218 22 extendable ip nat inside source static udp 192.168.42.5 53 203.149.9.218 53 extendable ip nat inside source static tcp 192.168.42.5 53 203.149.9.218 53 extendable ip nat inside source static tcp 192.168.42.5 110 203.149.9.218 110 extendable ip nat inside source static tcp 192.168.42.5 25 203.149.9.218 25 extendable ip nat inside source static udp 192.168.42.5 22 203.149.9.218 22 extendable ip nat inside source static tcp 192.168.42.5 80 203.149.9.218 80 extendable
