A4_1¶
1. NETWORK INFRASTRUCTURE & ROUTER¶
Thành phần Router¶
- CPU, RAM (running-config), Flash, NVRAM (startup-config)
- Interfaces: Management (console, miniUSB, aux), LAN (GigaEthernet, FastEthernet), WAN (Serial)
Vai trò Router¶
- LAN Segmentation, Routing, Forwarding
- Luồng dữ liệu: IP thay đổi theo interface, MAC = interface → default gateway
Loại định tuyến¶
- L (Local), C (Connected), S (Static), R (RIP), D (EIGRP), O (OSPF)
2. STATIC ROUTING¶
Ưu/Nhược điểm¶
- Ưu: Bảo mật tốt, ít băng thông/CPU, đường đi xác định
- Nhược: Khó bảo trì, dễ lỗi cấu hình, không mở rộng tốt
Cấu hình¶
Text Only
Router(config)# ip route <destination> <subnet-mask> <next-hop/exit-interface>
Router(config)# ip route 0.0.0.0 0.0.0.0 <gateway> // Default route
Loại Static Route¶
- Standard, Default, Summary, Floating
3. RIP (Distance Vector)¶
Đặc điểm¶
- Metric: Hop count (max 15)
- Update: 30s, broadcast/multicast
- Algorithm: Bellman-Ford
RIPv1 vs RIPv2¶
| Tiêu chí | RIPv1 | RIPv2 |
|---|---|---|
| Update address | 255.255.255.255 | 224.0.0.9 |
| VLSM/CIDR | No | Yes |
| Authentication | No | Yes |
Cấu hình¶
Text Only
Router(config)# router rip
Router(config-router)# version 2
Router(config-router)# network <network-address>
Router(config-router)# passive-interface <interface>
Router(config-router)# default-information originate
4. OSPF (Link-State)¶
Đặc điểm¶
- Algorithm: Dijkstra
- Metric: Cost (bandwidth-based)
- Hội tụ nhanh, hỗ trợ VLSM/CIDR
Cấu hình¶
Text Only
Router(config)# router ospf <process-id>
Router(config-router)# network <ip> <wildcard-mask> area <area-id>
Router(config-router)# passive-interface <interface>
5. VLAN & INTER-VLAN ROUTING¶
Cấu hình VLAN trên Switch¶
Text Only
Switch(config)# vlan <vlan-id>
Switch(config-vlan)# name <vlan-name>
Switch(config)# interface <interface>
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan <vlan-id>
Trunk Configuration¶
Text Only
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan <vlan-list>
Inter-VLAN Routing Methods¶
- Legacy: Mỗi VLAN = 1 interface vật lý
- Router-on-a-Stick: Sub-interface trên trunk
- Multilayer Switch: SVI (Switch Virtual Interface)
Router-on-a-Stick¶
Text Only
Router(config)# interface g0/0/0.10
Router(config-subif)# encapsulation dot1Q 10
Router(config-subif)# ip address <ip> <mask>
Multilayer Switch¶
Text Only
Switch(config)# ip routing
Switch(config)# interface vlan 10
Switch(config-if)# ip address <ip> <mask>
Switch(config-if)# no shutdown
6. DHCP¶
DHCP Process (DORA)¶
- Discover (broadcast)
- Offer (unicast/broadcast)
- Request (broadcast)
- ACK (unicast/broadcast)
Router làm DHCP Server¶
Text Only
Router(config)# ip dhcp pool <name>
Router(dhcp-config)# network <network> <mask>
Router(dhcp-config)# default-router <gateway>
Router(dhcp-config)# dns-server <dns-ip>
Router(dhcp-config)# lease <days>
Router(config)# ip dhcp excluded-address <start-ip> <end-ip>
Router làm DHCP Relay Agent¶
Text Only
Router(config)# interface <interface>
Router(config-if)# ip helper-address <dhcp-server-ip>
7. NAT (Network Address Translation)¶
NAT Types¶
- Static NAT: 1-1 mapping
- Dynamic NAT: Pool mapping
- PAT (Overload): Many-to-One
Cấu hình NAT Overload (PAT)¶
Text Only
Router(config)# access-list 1 permit <source-network> <wildcard>
Router(config)# ip nat inside source list 1 interface <outside-interface> overload
Router(config)# interface <inside-interface>
Router(config-if)# ip nat inside
Router(config)# interface <outside-interface>
Router(config-if)# ip nat outside
Port Forwarding (Static NAT)¶
Text Only
Router(config)# ip nat inside source static tcp <local-ip> <local-port> <global-ip> <global-port>
8. ACL (Access Control List)¶
Wildcard Mask¶
- 0 = must match, 1 = don't care
- Ví dụ:
192.168.1.0 0.0.0.255= network 192.168.1.0/24 - Keywords:
host(0.0.0.0),any(255.255.255.255)
Standard ACL (1-99, 1300-1999)¶
Text Only
Router(config)# access-list <1-99> {permit|deny} <source> <wildcard>
Router(config)# interface <interface>
Router(config-if)# ip access-group <acl-number> {in|out}
- Đặt gần destination
Extended ACL (100-199, 2000-2699)¶
Text Only
Router(config)# access-list <100-199> {permit|deny} <protocol> <source> <wildcard> [operator port] <dest> <wildcard> [operator port]
Router(config-if)# ip access-group <acl-number> {in|out}
- Đặt gần source
- Protocol: tcp, udp, icmp, ip
- Operator: eq (equal), lt (less than), gt (greater than)
ACL Rules¶
- 1 ACL/protocol/direction/interface
- Implicit deny all ở cuối
- Top-down processing
9. LINUX ADMINISTRATION¶
User Management¶
Bash
useradd -u <uid> -g <group> -G <groups> -c "comment" -d <home> <username>
passwd <username>
usermod -c "new comment" -d <new-home> -e <expire-date> <username>
userdel -r <username> # -r xóa cả home directory
Group Management¶
Bash
groupadd -g <gid> <groupname>
groupmod -n <new-name> -g <new-gid> <groupname>
groupdel <groupname>
File Quan Trọng¶
/etc/passwd: User info/etc/shadow: Encrypted passwords/etc/group: Group info/etc/login.defs: Default settings/etc/default/useradd: Useradd defaults
Network Configuration¶
Bash
# Interface config
ifconfig <interface> <ip> netmask <mask>
ip addr add <ip>/<prefix> dev <interface>
ip link set <interface> up
# Routing
route add default gw <gateway>
ip route add default via <gateway>
# DNS: /etc/resolv.conf
nameserver <dns-ip>
Network Tools¶
Bash
ping <host> # Test connectivity
netstat -rn # Routing table
netstat -tln # Listening TCP ports
dig <domain> # DNS lookup
host <domain/ip> # Reverse/forward lookup
ssh <user>@<host> # Remote login
10. WINDOWS SERVER¶
DHCP Server¶
- Scope: Pool IP addresses
- Exclusions: Reserved IPs
- Reservations: MAC-to-IP binding
- Options: Gateway, DNS, lease time
DNS Server¶
- Forward Lookup Zone: Name → IP
- Reverse Lookup Zone: IP → Name
- Record types: A, AAAA, CNAME, MX, PTR
Web Server (IIS)¶
- Host multiple websites trên 1 server
- Binding: IP, port, hostname
File Services¶
- Share folders với permissions
- NTFS permissions vs Share permissions
Active Directory (AD DS)¶
Thành phần¶
- Domain: Security boundary
- OU (Organizational Unit): Container for objects
- Objects: Users, Computers, Groups
User/Computer Accounts¶
- Domain users vs Local users
- Computer accounts trong domain
Groups¶
- Security Groups: Assign permissions
- Distribution Groups: Email lists
- Scope: Domain Local, Global, Universal
Group Policy (GPO)¶
- Password policies
- Software deployment
- Security settings
- Apply theo thứ tự: LSDOU (Local, Site, Domain, OU)
VPN Server¶
- Remote access cho users
- Access network resources qua VPN tunnel
11. NETWORK MANAGEMENT¶
FCAPS Model¶
- Fault Management: Phát hiện/sửa lỗi
- Configuration Management: Quản lý cấu hình
- Accounting Management: Theo dõi usage
- Performance Management: Monitor hiệu năng
- Security Management: Bảo mật
Components¶
- Manager: Thu thập/phân tích data
- Agent: Chạy trên thiết bị được quản lý
- MIB (Management Information Base): Database info
- Protocol: SNMP (Simple Network Management Protocol)
12. VIRTUALIZATION¶
Loại¶
- Process VM: Java VM, .NET CLR
- System VM: VMware, VirtualBox, Hyper-V
Techniques¶
- Full Virtualization: Guest OS không cần sửa
- Para-virtualization: Guest OS cần sửa, hiệu năng cao
- OS-level: Containers (Docker, LXC)
VMM (Virtual Machine Monitor) / Hypervisor¶
- Type 1 (Bare-metal): ESXi, Hyper-V, Xen
- Type 2 (Hosted): VMware Workstation, VirtualBox
TIPS THI¶
Các lệnh show quan trọng¶
Text Only
show ip interface brief
show ip route
show running-config
show vlan brief
show interfaces trunk
show ip dhcp binding
show ip nat translations
show access-lists
Troubleshooting Steps¶
- Physical layer (cables, lights)
- Data link (MAC, VLAN)
- Network (IP, routing)
- Transport (ports, ACL)
- Application (services)
Tính Wildcard từ Subnet Mask¶
Wildcard = 255.255.255.255 - Subnet Mask
- /24 (255.255.255.0) → 0.0.0.255
- /16 (255.255.0.0) → 0.0.255.255