Farid Nasiri, profile picture
Uploaded byFarid Nasiri
3,394 views

CCNA laboratory -in persian

This document is a Persian translation of a CCNA lab manual. It contains an introduction chapter about familiarizing with CCNA labs. It then has several chapters on basic router and switch management, and basic security configurations on Cisco devices. Each chapter contains multiple lab exercises with step-by-step instructions on topics like password recovery, IOS upgrades, interface configurations, access lists, AAA authentication, SSH, syslog server connections, and more.

Embed presentation

Downloaded 273 times
1 / 290
2 / 290
3 / 290
4 / 290
5 / 290
6 / 290
7 / 290
8 / 290
9 / 290
10 / 290
11 / 290
12 / 290
13 / 290
14 / 290
15 / 290
16 / 290
17 / 290
18 / 290
19 / 290
20 / 290
21 / 290
22 / 290
23 / 290
24 / 290
25 / 290
26 / 290
27 / 290
28 / 290
29 / 290
30 / 290
31 / 290
32 / 290
33 / 290
34 / 290
35 / 290
36 / 290
37 / 290
38 / 290
39 / 290
40 / 290
41 / 290
42 / 290
43 / 290
44 / 290
45 / 290
46 / 290
47 / 290
48 / 290
49 / 290
50 / 290
51 / 290
52 / 290
53 / 290
54 / 290
55 / 290
56 / 290
57 / 290
58 / 290
59 / 290
60 / 290
61 / 290
62 / 290
63 / 290
64 / 290
65 / 290
66 / 290
67 / 290
68 / 290
69 / 290
70 / 290
71 / 290
72 / 290
73 / 290
74 / 290
75 / 290
76 / 290
77 / 290
78 / 290
79 / 290
80 / 290
81 / 290
82 / 290
83 / 290
84 / 290
85 / 290
86 / 290
87 / 290
88 / 290
89 / 290
90 / 290
91 / 290
92 / 290
93 / 290
94 / 290
95 / 290
96 / 290
97 / 290
98 / 290
99 / 290
100 / 290
101 / 290
102 / 290
103 / 290
104 / 290
105 / 290
106 / 290
107 / 290
108 / 290
109 / 290
110 / 290
111 / 290
112 / 290
113 / 290
114 / 290
115 / 290
116 / 290
117 / 290
118 / 290
119 / 290
120 / 290
121 / 290
122 / 290
123 / 290
124 / 290
125 / 290
126 / 290
127 / 290
128 / 290
129 / 290
130 / 290
131 / 290
132 / 290
133 / 290
134 / 290
135 / 290
136 / 290
137 / 290
138 / 290
139 / 290
140 / 290
141 / 290
142 / 290
143 / 290
144 / 290
145 / 290
146 / 290
147 / 290
148 / 290
149 / 290
150 / 290
151 / 290
152 / 290
153 / 290
154 / 290
155 / 290
156 / 290
157 / 290
158 / 290
159 / 290
160 / 290
161 / 290
162 / 290
163 / 290
164 / 290
165 / 290
166 / 290
167 / 290
168 / 290
169 / 290
170 / 290
171 / 290
172 / 290
173 / 290
174 / 290
175 / 290
176 / 290
177 / 290
178 / 290
179 / 290
180 / 290
181 / 290
182 / 290
183 / 290
184 / 290
185 / 290
186 / 290
187 / 290
188 / 290
189 / 290
190 / 290
191 / 290
192 / 290
193 / 290
194 / 290
195 / 290
196 / 290
197 / 290
198 / 290
199 / 290
200 / 290
201 / 290
202 / 290
203 / 290
204 / 290
205 / 290
206 / 290
207 / 290
208 / 290
209 / 290
210 / 290
211 / 290
212 / 290
213 / 290
214 / 290
215 / 290
216 / 290
217 / 290
218 / 290
219 / 290
220 / 290
221 / 290
222 / 290
223 / 290
224 / 290
225 / 290
226 / 290
227 / 290
228 / 290
229 / 290
230 / 290
231 / 290
232 / 290
233 / 290
234 / 290
235 / 290
236 / 290
237 / 290
238 / 290
239 / 290
240 / 290
241 / 290
242 / 290
243 / 290
244 / 290
245 / 290
246 / 290
247 / 290
248 / 290
249 / 290
250 / 290
251 / 290
252 / 290
253 / 290
254 / 290
255 / 290
256 / 290
257 / 290
258 / 290
259 / 290
260 / 290
261 / 290
262 / 290
263 / 290
264 / 290
265 / 290
266 / 290
267 / 290
268 / 290
269 / 290
270 / 290
271 / 290
272 / 290
273 / 290
274 / 290
275 / 290
276 / 290
277 / 290
278 / 290
279 / 290
280 / 290
281 / 290
282 / 290
283 / 290
284 / 290
285 / 290
286 / 290
287 / 290
288 / 290
289 / 290
290 / 290
‫ﺳﯿﺴﮑﻮ ﺑﻪ ﭘﺎرﺳﯽ‬ ‫‪Cccxczxc‬‬ ‫آزﻣﺎﯾﺸﮕﺎه ‪ CCNA‬ﺑﻪ ﭘﺎرﺳﯽ‬ ‫ﻧﺴﺨﻪ 0.1‬ ‫ﺷﻬﺮﯾﻮر 1931‬ ‫ﺗﺮﺟﻤﻪ و ﺗﺪوﯾﻦ :‬ ‫ﻓﺮﯾﺪ ﻧﺼﯿﺮي‬ ‫اﻧﺠﻤﻦ ﺳﯿﺴﮑﻮ ﺑﻪ ﭘﺎرﺳﯽ‬ ‫‪http://forum.ciscoinpersian.com‬‬
‫ﻓﻬﺮﺳﺖ‬ ‫ﻓﺼﻞ اول :آﺷﻨﺎﯾﯽ ﺑﺎ آزﻣﺎﯾﺸﮕﺎه ‪CCNA‬‬ ‫آزﻣﺎﯾﺶ 1.1 – ﺷﻨﺎﺳﺎﯾﯽ ﻣﺪﻟﻬﺎ و اﺟﺰا روﺗﺮﻫﺎ.......................................................................................................................11‬ ‫آزﻣﺎﯾﺶ 2.1– ﺑﺮﻗﺮاري اﺗﺼﺎل ﺑﻪ ﺳﻮﯾﯿﭻ/روﺗﺮ از ﻃﺮﯾﻖ ﮐﻨﺴﻮل........................................................................................71‬ ‫آزﻣﺎﯾﺶ 3.1– آﺷﻨﺎﯾﯽ ﺑﺎ ‪ IOS‬و اﻧﻮاع آن............................................................................................................................12‬ ‫آزﻣﺎﯾﺶ 4.1– ﭘﯿﮑﺮﺑﻨﺪي ‪ Cisco Access server‬ﻣﻮرد اﺳﺘﻔﺎده دراﯾﻦ آزﻣﺎﯾﺸﮕﺎه........................................................13‬ ‫آزﻣﺎﯾﺶ 5.1– ﻧﺼﺐ ﺷﺒﯿﻪ ﺳﺎز ﺷﺒﮑﻪ 3‪34....................................................................................................................GNS‬‬ ‫آزﻣﺎﯾﺶ 6.1– ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 3‪43..................................................................................................................................GN‬‬ ‫آزﻣﺎﯾﺶ 7.1– آﻣﺎده ﺳﺎزي ﺗﻮﭘﻮﻟﻮژي 3‪ GNS‬ﻣﻮرد اﺳﺘﻔﺎده در آزﻣﺎﯾﺸﮕﺎه....................................................................34‬ ‫آزﻣﺎﯾﺶ 6.1– ﺗﻨﻈﯿﻤﺎت ‪ GNS3 Ethernet NIO Cloud‬ﺟﻬﺖ ارﺗﺒﺎط ﺑﺎ ادوات واﻗﻌﯽ ﺳﯿﺴﮑﻮ..................................74‬ ‫ﻓﺼﻞ دوم : ﻣﺪﯾﺮﯾﺖ ﭘﺎﯾﻪ روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ‬ ‫آزﻣﺎﯾﺶ 1.2– ﭘﺴﻮرد رﯾﮑﺎوري روﺗﺮﻫﺎي ﺳﺮي 0052........................................................................................................65‬ ‫آزﻣﺎﯾﺶ 2.2– ﭘﺴﻮرد رﯾﮑﺎوري روﺗﺮﻫﺎي ﺳﺮي 0062.......................................................................................................95‬ ‫آزﻣﺎﯾﺶ 3.2– ﭘﺴﻮرد رﯾﮑﺎوري ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﻏﯿﺮ ﻣﺎژوﻻر.................................................................................16‬ ‫آزﻣﺎﯾﺶ 4.2– آﺷﻨﺎﯾﯽ ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ/ﺳﻮﯾﯿﭻ..........................................................................................46‬ ‫آزﻣﺎﯾﺶ 5.2– آﺷﻨﺎﯾﯽ ﺑﺎ ‪68............................................................................................................................................CLI‬‬ ‫آزﻣﺎﯾﺶ 6.2– ﭼﮕﻮﻧﮕﯽ اﺧﺘﺼﺎص ‪ IP‬ﺑﻪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ...................................................................................................07‬ ‫آزﻣﺎﯾﺶ 7.2– ﺗﻨﻈﯿﻢ ﻣﺸﺨﺼﻪ ﻫﺎي وﯾﮋه اﯾﻨﺘﺮﻓﯿﺴﻬﺎ....................................................................................................57‬ ‫آزﻣﺎﯾﺶ 8.2– ﭼﮕﻮﻧﮕﯽ اﯾﺠﺎد ‪ LoopBack‬اﯾﻨﺘﺮﻓﯿﺲ....................................................................................................08‬ ‫آزﻣﺎﯾﺶ 9.2–ارﺗﻘﺎء ‪ IOS‬ادوات ﺳﯿﺴﮑﻮ.........................................................................................................................28‬ ‫092 ‪Page 1 of‬‬
‫آزﻣﺎﯾﺶ 01.2– ﺑﺎزﯾﺎﺑﯽ ‪ IOS‬ﺗﺨﺮﯾﺐ ﺷﺪه در روﺗﺮﻫﺎي ﺳﺮي 0052...................................................................................68‬ ‫آزﻣﺎﯾﺶ 11.2– ﺑﺎزﯾﺎﺑﯽ ‪ IOS‬ﺗﺨﺮﯾﺐ ﺷﺪه در روﺗﺮﻫﺎي ﺳﺮي 0062..................................................................................09‬ ‫آزﻣﺎﯾﺶ 21.2– ﺑﺎزﯾﺎﺑﯽ ‪ IOS‬ﺗﺨﺮﯾﺐ ﺷﺪه در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ................................................................................69‬ ‫آزﻣﺎﯾﺶ 31.2– ﺗﻨﻈﯿﻤﺎت اﯾﺠﺎد ﺑﻨﺮﻫﺎي ‪ exec ، login‬و ‪102..................................................................................MOTD‬‬ ‫آزﻣﺎﯾﺶ 41.2– ﺑﺎزﮔﺮداﻧﺪن ﺑﺮﺧﯽ ﺗﻨﻈﯿﻤﺎت ‪ IOS‬ﺑﻪ ﺣﺎﻟﺖ ﭘﯿﺶ ﻓﺮض ...........................................................................601‬ ‫ﻓﺼﻞ ﺳﻮم:ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ اﻣﻨﯿﺘﯽ در ادوات ﺳﯿﺴﮑﻮ‬ ‫آزﻣﺎﯾﺶ 1.3– ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي رﻣﺰ ﻋﺒﻮر..........................................................................................801‬ ‫آزﻣﺎﯾﺶ 2.3–ﺗﻨﻈﻤﯿﺎت اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ ﮐﺎرﺑﺮان.....................................................................211‬ ‫آزﻣﺎﯾﺶ 3.3–ﭘﯿﮑﺮﺑﻨﺪي ﻟﯿﺴﺘﻬﺎي اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس ‪114................................................................................... AAA‬‬ ‫آزﻣﺎﯾﺶ 4.3–ﺗﻨﻈﯿﻤﺎت اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي ‪ AAA‬از ﻃﺮﯾﻖ ‪117......................................................TACACS+ server‬‬ ‫آزﻣﺎﯾﺶ 5.3–ﺗﻨﻈﯿﻤﺎت ‪119............................................................................................................................................SSH‬‬ ‫آزﻣﺎﯾﺶ 6.3–ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺖ ﻫﺎي ﺷﻤﺎره دار....................................................................................................221‬ ‫آزﻣﺎﯾﺶ 7.3–ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺖ ﻫﺎي ﺑﺎ ﻧﺎم............................................................................................................621‬ ‫آزﻣﺎﯾﺶ 8.3–ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﻣﺮﺗﺒﻂ ﺑﺎ ‪129.......................................................................................VTY line‬‬ ‫آزﻣﺎﯾﺶ 9.3–ﺳﺮوﯾﺲ رﻣﺰ ﻧﮕﺎري ﮐﻠﻤﺎت ﻋﺒﻮر................................................................................................................031‬ ‫آزﻣﺎﯾﺶ 01.3–ﺗﻨﻈﻤﯿﺎت ‪ Exec timeout‬و ﺗﻌﺪاد دﻓﻌﺎت ورود رﻣﺰ ﻋﺒﻮر ﺧﻄﺎ..............................................................431‬ ‫آزﻣﺎﯾﺶ 11.3–اﺣﺮاز ﻫﻮﯾﺖ در وب ﺳﺮور داﺧﻠﯽ ‪136.....................................................................................................IOS‬‬ ‫آزﻣﺎﯾﺶ 21.3–اﺗﺼﺎل ﺑﻪ ‪ Syslog‬ﺳﺮور.........................................................................................................................831‬ ‫ﻓﺼﻞ 4 – ﺗﻨﻈﯿﻤﺎت ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ‬ ‫آزﻣﺎﯾﺶ 1.4–ﺗﻨﻈﯿﻤﺎت ‪140...........................................................................................................................................CDP‬‬ ‫092 ‪Page 2 of‬‬
‫آزﻣﺎﯾﺶ 2.4–ﺗﻨﻈﯿﻤﺎت ‪145...........................................................................................................................................Vlan‬‬ ‫آزﻣﺎﯾﺶ 3.4–ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ﻣﺪﯾﺮﯾﺖ ‪148..........................................................................................................Vlan‬‬ ‫آزﻣﺎﯾﺶ 4.4–ﺗﻨﻈﯿﻤﺎت ﺗﺮاﻧﮏ ﻣﺒﺘﻨﯽ ﺑﺮ ‪151......................................................................................................ISL,Dot1q‬‬ ‫آزﻣﺎﯾﺶ 5.4–ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ ‪155.................................................................................................................Etherchannel‬‬ ‫آزﻣﺎﯾﺶ 6.4–ﺗﻨﻈﻤﯿﺎت ‪ Etherchannel‬ﻣﺒﺘﻨﯽ ﺑﺮ ‪161...............................................................................................Pagp‬‬ ‫آزﻣﺎﯾﺶ 7.4– ﺗﻨﻈﻤﯿﺎت ‪ Etherchannel‬ﻣﺒﺘﻨﯽ ﺑﺮ‪165............................................................................................ LACP‬‬ ‫آزﻣﺎﯾﺶ 8.4–ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ‪169........................................................................................................Port Channel‬‬ ‫آزﻣﺎﯾﺶ 9.4–ﺗﻨﻈﻤﯿﺎت دﺳﺘﯽ ‪173................................................................................................................................ARP‬‬ ‫آزﻣﺎﯾﺶ 01.4–ﺗﻨﻈﯿﻤﺎت ‪175........................................................................................VLAN Trunking Protocol-VTP‬‬ ‫آزﻣﺎﯾﺶ 11.4–ﺗﻨﻈﯿﻤﺎت ‪ VTP Transparent‬و ‪182..................................................................................VTP Pruning‬‬ ‫آزﻣﺎﯾﺶ 21.4–ﺗﻨﻈﯿﻤﺎت ‪ Inter VLAN routing‬از ﻃﺮﯾﻖ روﺗﺮ‪187...............................................Router-on-a-stick‬‬ ‫آزﻣﺎﯾﺶ 31.4–ﺗﻨﻈﯿﻤﺎت ‪191..........................................................................................Per Vlan Spaning Tree-PVST‬‬ ‫آزﻣﺎﯾﺶ 41.4–ﺗﻨﻈﯿﻤﺎت ‪199..........................................................................Rapid Per Vlan Spaning Tree-RPVST‬‬ ‫آزﻣﺎﯾﺶ 51.4–ﺗﻨﻈﯿﻤﺎت ‪ Spanin tree port fast‬در ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ......................................................................402‬ ‫آزﻣﺎﯾﺶ 61.4–ﺗﻨﻈﯿﻤﺎت ‪ BPDU‬ﮔﺎرد..............................................................................................................................902‬ ‫آزﻣﺎﯾﺶ 81.4–ﺗﻨﻈﯿﻤﺎت ﻣﺸﺨﻪ ﻫﺎي وﯾﮋه ﭘﻮرﺗﻬﺎي ﻓﻌﺎل در ‪NA..................................................................................STP‬‬ ‫آزﻣﺎﯾﺶ 91.4–ﺗﻨﻈﯿﻤﺎت ﭘﻮﯾﺎي اﻣﻨﯿﺖ در ﺳﻄﺢ اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎ.........................................................................................‪NA‬‬ ‫آزﻣﺎﯾﺶ 02.4–ﺗﻨﻈﯿﻤﺎت اﯾﺴﺘﺎي اﻣﻨﯿﺖ در ﺳﻄﺢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎ .......................................................................................‪NA‬‬ ‫آزﻣﺎﯾﺶ 12.4– ﺗﻨﻈﯿﻤﺎت ‪210...............................................................................................................Analyser session‬‬ ‫ﻓﺼﻞ ﭘﻨﺠﻢ : ﺗﻨﻈﻤﯿﺎت ﺷﺒﮑﻪ ﻫﺎي ﮔﺴﺘﺮده ‪WAN‬‬ ‫092 ‪Page 3 of‬‬
‫آزﻣﺎﯾﺶ 1.5–ﺗﻨﻈﯿﻤﺎت ارﺗﺒﺎط ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ 1‪ T‬از ﻃﺮﯾﻖ ‪ PPP‬و ‪212.......................................................................HDLC‬‬ ‫آزﻣﺎﯾﺶ 2.5–ﺗﻨﻈﯿﻤﺎت ارﺗﺒﺎط ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ از ﻃﺮﯾﻖ ‪217...........................................................................Frame relay‬‬ ‫آزﻣﺎﯾﺶ 3.5 – ﺗﻨﻈﯿﻤﺎت ‪ Sub interface‬در ارﺗﺒﺎﻃﺎت ‪221....................................Ppoint to point Frame relay‬‬ ‫آزﻣﺎﯾﺶ 4.5–ﺗﻨﻈﯿﻤﺎت ‪ Point to Multipoint‬در ‪225............................................................................ Frame relay‬‬ ‫آزﻣﺎﯾﺶ 5.5–ﺗﻨﻈﯿﻤﺎت ‪229..................................................................................................Frame relay inverse Arp‬‬ ‫ﻓﺼﻞ ﺷﺸﻢ: ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺘﺎﺗﯿﮏ‬ ‫آزﻣﺎﯾﺶ 1.6–ﺗﻨﻈﯿﻤﺎت ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺘﺎﺗﯿﮏ..................................................................................................................332‬ ‫آزﻣﺎﯾﺶ2.6 –ﺗﻨﻈﯿﻤﺎت ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور......................................................................................................932‬ ‫آزﻣﺎﯾﺶ 3.6–ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺘﺎﺗﯿﮏ ﭘﯿﺶ ﻓﺮض..............................................................................................................242‬ ‫ﻓﺼﻞ ﻫﻔﺘﻢ: ﺳﺮوﯾﺴﻬﺎي ‪IP‬‬ ‫آزﻣﺎﯾﺶ 1.7–ﺗﻨﻈﯿﻤﺎت ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ........................................................................................................................742‬ ‫آزﻣﺎﯾﺶ 2.7– ﺗﻨﻈﯿﻤﺎت ‪257.............................................................................................................................. NAT Pool‬‬ ‫آزﻣﺎﯾﺶ 3.7–ﺗﻨﻈﯿﻤﺎت ‪264...........................................................................................................................................PAT‬‬ ‫آزﻣﺎﯾﺶ 4.7–ﺗﻨﻈﯿﻤﺎت ‪271..........................................................................................................................DHCP Server‬‬ ‫آزﻣﺎﯾﺶ 5.7–ﺗﻨﻈﯿﻤﺎت رﻧﺞ ﻫﺎي ﻣﺴﺘﺜﻨﯽ در ‪NA....................................................................................................DHCP‬‬ ‫آزﻣﺎﯾﺶ 6.7–ﺗﻨﻈﯿﻤﺎت ‪275........................................................................................................................DHCP Helper‬‬ ‫آزﻣﺎﯾﺶ 7.7–ﺗﻨﻈﯿﻤﺎت ‪280..............................................................................................................................NTP Client‬‬ ‫آزﻣﺎﯾﺶ 8.7–ﺗﻨﻈﯿﻤﺎت ‪284............................................................................................................................NTP Server‬‬ ‫آزﻣﺎﯾﺶ 9.7–ﺗﻨﻈﯿﻤﺎت ‪287...........................................................................................................................DNS Server‬‬ ‫092 ‪Page 4 of‬‬
Page 5 of 290
‫ﻣﻘﺪﻣﻪ ﻣﺘﺮﺟﻢ‬ ‫ﻫﺪف اﺻﻠﯽ از ﻧﮕﺎرش ﻣﺠﻤﻮﻋﻪ آزﻣﺎﯾﺸﮕﺎه ‪ CCNA‬ﺗﻬﯿﻪ ﻣﺤﺘﻮاي آﻣﻮزﺷﯽ ﺑﻮد ﮐﻪ ﺿﻤﻦ ﻣﺮور ﻣﻔﺎﻫﯿﻢ ﺷﺒﮑﻪ ﻫﺎي‬ ‫ﮐﺎﻣﭙﯿﻮﺗﺮي در ﺳﻄﺢ اﯾﻦ دوره ﺑﻪ ﻃﻮر اﺟﻤﺎل ، داراي روﯾﮑﺮدي ﻋﻤﻠﯽ و ﭘﺮوژه ﻣﺤﻮر ﺑﻪ ﻣﻨﻈﻮر اﻓﺰاﯾﺶ دﯾﺪ اﺟﺮاﯾﯽ‬ ‫ﻣﻬﻨﺪﺳﯿﻦ ﺷﺒﮑﻪ ﻧﺴﺒﺖ ﺑﻪ ﻣﻔﺎﻫﯿﻢ و ﺗﺌﻮري ﻫﺎي ﻣﻄﺮح ﺷﺪه در ﮐﺘﺐ و آﻣﻮزﺷﻬﺎي ﻣﺮﺳﻮم ﻧﯿﺰ ﺑﺎﺷﺪ. از اﯾﻨﺮو ﭘﺲ از‬ ‫ﺗﺤﻘﯿﻖ ﻓﺮاوان در ﺧﺼﻮص ﻋﻨﺎوﯾﻦ ﻣﺘﻌﺪدي از ﮐﺘﺐ و ﻣﻘﺎﻻت ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻦ ﺣﻮزه ﻣﺠﻤﻮﻋﻪ ‪CCNA Lab WorkBook‬‬ ‫ﻧﻮﺷﺘﻪ ‪ George Matthew‬اﻧﺘﺨﺎب ﺷﺪ و ﻣﻮرد ﺗﺮﺟﻤﻪ ﻗﺮار ﮔﺮﻓﺖ.‬ ‫اﯾﻦ ﻣﺠﻤﻮﻋﻪ ﻣﺸﺘﻤﻞ ﺑﺮ 07 آزﻣﺎﯾﺶ ﺑﺎ ﺗﻮﭘﻮﻟﻮژي واﺣﺪ ﻣﯽ ﺑﺎﺷﺪ ﮐﻪ ﺑﺎ ﻫﺪف ﺑﻪ دﺳﺖ آوردن درك اﺟﺮاﯾﯽ ﺑﻬﺘﺮ از‬ ‫ﻓﺮاﯾﻨﺪ ﻃﺮاﺣﯽ،ﭘﯿﺎده ﺳﺎزي و رﻓﻊ ﻋﯿﺐ ﺷﺒﮑﻪ ﻫﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ادوات ﺳﯿﺴﮑﻮ ﻋﻤﻮﻣﺎ ﺑﺎ 3‪ GNS‬ﮐﻪ راﺑﻂ ﮔﺮاﻓﯿﮑﯽ اﺑﺰار‬ ‫ﺷﺒﯿﻪ ﺳﺎزي ‪ Dynamips‬ﻣﯽ ﺑﺎﺷﺪ ﭘﯿﺎده ﺳﺎزي ﺷﺪه اﻧﺪ. ‪ Dynamips‬در ﺳﺎده ﺗﺮﯾﻦ ﺗﻌﺮﯾﻒ ﺧﻮد ‪ emulator‬ﻧﺮم‬ ‫اﻓﺰاري روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ اﺳﺖ ﮐﻪ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از ‪ IOS‬ﻫﺎي واﻗﻌﯽ اﯾﻦ ادوات اﻣﮑﺎن اﯾﺠﺎد و ﺷﺒﯿﻪ ﺳﺎزي ﺗﻮﭘﻮﻟﻮژﯾﻬﺎي‬ ‫ﭘﯿﭽﯿﺪه روﺗﯿﻨﮓ و ﺗﺎ ﺣﺪي ﺳﻮﯾﯿﭽﯿﻨﮓ را ﺟﻬﺖ اﻫﺪاف آﻣﻮزﺷﯽ ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ.‬ ‫092 ‪Page 6 of‬‬
‫ﺗﻮﭘﻮﻟﻮژي ﻣﻮرد اﺳﺘﻔﺎده در اﯾﻦ ﻣﺠﻤﻮﻋﻪ آﻣﻮزﺷﯽ‬ ‫ﺗﺼﺎوﯾﺮ 2,3 در ﺻﻔﺤﺎت ﺑﻌﺪي ﺗﻮﭘﻮﻟﻮژﯾﻬﺎي ﺳﺮاﺳﺮي ﻣﻮرد اﺳﺘﻔﺎده در ﺳﻨﺎرﯾﻮﻫﺎي ‪ LAN ,WAN‬ﻣﻄﺮح ﺷﺪه در اﯾﻦ‬ ‫ﻣﺠﻤﻮﻋﻪ ﻫﺴﺘﻨﺪ ﮐﻪ ﻋﻤﻮﻣﺎ ﺗﻮﺳﻂ 3‪ GNS‬ﻃﺮاﺣﯽ و ﭘﯿﺎده ﺳﺎزي ﺧﻮاﻫﻨﺪ ﺷﺪ. در ﻫﺮ آزﻣﺎﯾﺶ ﺑﺨﺸﯽ از اﯾﻦ ﺗﻮﭘﻮﻟﻮژي‬ ‫ﺟﺪا ﺷﺪه و ﻣﺘﻨﺎﻇﺮ ﺑﺎ اﻫﺪاف آن آزﻣﺎﯾﺶ ﻣﻮرد ﺗﺤﻠﯿﻞ ﻗﺮار ﻣﯿﮕﯿﺮد .‬ ‫در ﻣﺒﺎﺣﺚ ﺳﻮﯾﯿﭽﯿﻨﮓ ﺳﻨﺎرﯾﻮﻫﺎﯾﯽ وﺟﻮد دارﻧﺪ ﮐﻪ ﺑﻪ واﺳﻄﻪ ﻣﺤﺪودﯾﺘﻬﺎي 3‪ GNS‬ﺑﺎ اﯾﻦ اﺑﺰار ﻗﺎﺑﻞ ﭘﯿﺎده ﺳﺎزي‬ ‫ﻧﯿﺴﺘﻨﺪ از اﯾﻨﺮو در اﯾﻦ ﺳﻨﺎرﯾﻮﻫﺎ از ادوات واﻗﻌﯽ اﺳﺘﻔﺎده ﺧﻮاﻫﺪ ﺷﺪ. در ﺻﻮرت ﺗﻤﺎﯾﻞ ﺑﻪ ﺑﺮﭘﺎﯾﯽ ﯾﮏ آزﻣﺎﯾﺸﮕﺎه‬ ‫واﻗﻌﯽ ﺑﺎ اﺳﺘﻔﺎده از ادوات ﻓﯿﺰﯾﮑﯽ ﺗﺮﮐﯿﺐ زﯾﺮ ﭘﯿﺸﻨﻬﺎد ﻣﯿﺸﻮد‬ ‫.‪R1 – Cisco 3725 (128MB Flash/256MB DRAM) running 12.4(15)T14 Adv Enterprise Services‬‬ ‫‪R2 – Cisco 3725 (128MB Flash/256MB DRAM) running 12.4(15)T14 Adv Enterprise Services‬‬ ‫.‪R3 – Cisco 3725 (64MB Flash/128MB DRAM) running 12.4(25d) Adv Enterprise Services‬‬ ‫.‪R4 – Cisco 3725 (64MB Flash/128MB DRAM) running 12.4(25d) Adv Enterprise Services‬‬ ‫.‪R5 – Cisco 3725 (64MB Flash/128MB DRAM) running 12.4(25d) Adv Enterprise Services‬‬ ‫‪SW1 – Cisco 2950G-24 Port 10/100TX w/ 2x Gigabit GBIC-SX modules running Enhanced Image‬‬ ‫.‪SW2 – Cisco 3550-24 Port 10/100TX w/ 2x Gigabit GBIC-SX modules running IP Services‬‬ ‫.‪SW3 – Cisco 3550-24 Port 10/100TX w/ 2x Gigabit GBIC-SX modules running IP Services‬‬ ‫ﺳﻮﯾﯿﭻ ‪ Frame Relay‬ﻣﻮرد اﺳﺘﻔﺎده در ﻓﺼﻮل آﺗﯽ ﻧﯿﺰ از ﻃﺮﯾﻖ ﻣﺎژول ‪ NM-8A/S‬واﻗﻊ در 1‪ slot‬روﺗﺮ 0262 ﭘﯿﺎده‬ ‫ﺳﺎزي ﺷﺪه اﺳﺖ.در زﯾﺮ ﺗﺼﻮﯾﺮي از رك واﻗﻌﯽ ﭘﯿﺎده ﺳﺎزي ﺷﺪه ﺑﺎ ادوات ﻓﻮق را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ.‬ ‫092 ‪Page 7 of‬‬
‫ﺗﺼﻮﯾﺮ 1 – رك ﭘﯿﺎده ﺳﺎزي ﺷﺪه ﺟﻬﺖ ﭘﻮﺷﺶ ﻣﺒﺎﺣﺚ آزﻣﺎﯾﺸﮕﺎه ‪CCNA‬‬ ‫092 ‪Page 8 of‬‬
‫ﺗﺼﻮﯾﺮ 2 : ﺗﻮﭘﻮﻟﻮژي ‪ LAN‬ﺳﺮاﺳﺮي ﻣﻮرد اﺳﺘﻔﺎده در آزﻣﺎﯾﺸﮕﺎه‬ ‫092 ‪Page 9 of‬‬
‫اﺗﺼﺎﻻت روﺗﺮ ﺑﻪ ﺳﻮﯾﯿﭻ‬ Router R1 R1 R2 R2 R3 R4 R5 Local Interface FastEthernet 0/0 FastEthernet 0/1 FastEthernet 0/0 FastEthernet 0/1 FastEthernet 0/0 FastEthernet 0/0 FastEthernet 0/0 Switch Switch 1 Switch 2 Switch 1 Switch 2 Switch 1 Switch 1 Switch 1 Remote Interface FastEthernet 0/1 FastEthernet 0/1 FastEthernet 0/2 FastEthernet 0/2 FastEthernet 0/3 FastEthernet 0/4 FastEthernet 0/5 ‫اﺗﺼﺎﻻت ﺳﻮﯾﯿﭻ ﺑﻪ ﺳﻮﯾﯿﭻ‬ Local Switch Switch 1 Switch 1 Switch 1 Switch 1 Switch 1 Switch 1 Switch 2 Switch 2 Switch 2 Switch 2 Switch 2 Switch 2 Switch 3 Switch 3 Switch 3 Switch 3 Switch 3 Switch 3 Local Interface FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 Remote Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch 2 2 2 3 3 3 1 1 1 3 3 3 1 1 1 2 2 2 Remote Interface FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 Page 10 of 290
‫ ﺳﺮاﺳﺮي ﻣﻮرد اﺳﺘﻔﺎده در آزﻣﺎﯾﺸﮕﺎه‬WAN ‫ﺗﺼﻮﯾﺮ 1: ﺗﻮﭘﻮﻟﻮژي‬ Frame relay ‫ﺗﻨﻈﯿﻤﺎت ﺳﻮﯾﯿﭻ‬ Local Router R1 R1 R1 R1 R2 R2 R2 R2 R3 R3 R3 R3 R4 R4 Page 11 of 290 Local Int. Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Local DLCI Remote Router Remote Int. 122 R2 Serial 0/0 123 R3 Serial 0/0 124 R4 Serial 0/0 125 R5 Serial 0/0 221 R1 Serial 0/0 223 R3 Serial 0/0 224 R4 Serial 0/0 225 R5 Serial 0/0 321 R1 Serial 0/0 322 R2 Serial 0/0 324 R4 Serial 0/0 325 R5 Serial 0/0 421 R1 Serial 0/0 422 R2 Serial 0/0 Remote DLCI 221 321 421 521 122 322 422 522 123 223 423 523 124 224
R4 R4 R5 R5 R5 R5 Local Router R1 R2 R2 R3 R4 R5 Serial Serial Serial Serial Serial Serial 0/0 0/0 0/0 0/0 0/0 0/0 423 425 521 522 523 524 R3 R5 R1 R2 R3 R4 Serial Serial Serial Serial Serial Serial ‫ﻟﯿﻨﮑﻬﺎي ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﺳﺮﯾﺎل‬ Local Interface Remote Router Serial 0/1 R2 Serial 0/1 R1 Serial 0/2 R3 Serial 0/1 R2 Serial 0/1 R5 Serial 0/1 R4 0/0 0/0 0/0 0/0 0/0 0/0 Remote Serial Serial Serial Serial Serial Serial 324 524 125 225 325 425 Interface 0/1 0/1 0/1 0/2 0/1 0/1 Page 12 of 290
‫آزﻣﺎﯾﺶ 1.1-آﺷﻨﺎﯾﯽ ﺑﺎ اﺟﺰاء روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ‬ ‫اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﺷﻤﺎ ﮐﻤﮏ ﻣﯿﮑﻨﺪ ﺗﺎ درك ﺑﻬﺘﺮي از ﺗﺎرﯾﺨﭽﻪ روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ، ‪Wan interface ،Network Modules‬‬ ‫‪ Ram،cards‬و ‪ Flash‬وﮐﺎﺑﻠﻬﺎ ﺑﻪ دﺳﺖ آورﯾﺪ.ﻫﺪف از ﻃﺮاﺣﯽ اﯾﻦ آزﻣﺎﯾﺶ ﻓﺮاﻫﻢ آوردن اﻃﻼﻋﺎت ﻻزم ﺟﻬﺖ‬ ‫ﺷﻨﺎﺳﺎﯾﯽ اﺟﺰاء روﺗﺮﻫﺎ در ﮐﺎرﺑﺮدﻫﺎي روزﻣﺮه و ﻣﺘﻌﺎرف ﻣﯽ ﺑﺎﺷﺪ.‬ ‫از اواﯾﻞ دﻫﻪ ﻧﻮد ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ روﯾﮑﺮد ﺟﺪﯾﺪي را ﺑﻪ ﻣﻨﻈﻮر ﻣﺎژوﻻر ﻧﻤﻮدن ادوات ﺷﺒﮑﻪ ﺧﻮد در ﺳﻄﻮح ﺷﺒﮑﻪ ﻫﺎي‬ ‫ﺑﺰرگ ﺳﺎزﻣﺎﻧﯽ در ﭘﯿﺶ ﮔﺮﻓﺖ.ﻗﺒﻞ از آن )ﺳﺮي 0052 ﺑﻪ ﺟﺰ 4252( داراي ﺳﺎﺧﺘﺎر ﺛﺎﺑﺖ و ﻏﯿﺮﻗﺎﺑﻞ ﺗﻐﯿﯿﺮ از رده ‪Fast‬‬ ‫‪ Ethernet-Serial-Token Ring‬و ‪ Isdn‬ﺑﻮدﻧﺪ. اﯾﻦ ﻣﻮﺿﻮع ﺑﺎﻋﺚ اﯾﺠﺎد ﻣﺤﺪودﯾﺘﻬﺎي ﻣﻌﻨﺎداري در ﺻﺮف ﻫﺰﯾﻨﻪ ﺟﻬﺖ‬ ‫ﺧﺮﯾﺪ ادوات ﺷﺒﮑﻪ ﻫﻤﯿﻨﻄﻮر ﻣﻘﯿﺎس ﭘﺬﯾﺮي ﺷﺒﮑﻪ ﻓﻌﻠﯽ در آﯾﻨﺪه ﻣﯿﺸﺪ.‬ ‫ﭘﺲ از ﻣﻌﺮﻓﯽ روﺗﺮﻫﺎي ﺳﺮي 0063 در ﺳﺎل 6991 ﺳﺎزﻣﺎﻧﻬﺎ از ﺻﺮف ﻫﺰﯾﻨﻪ ﻫﺎي ﻣﺠﺪد ﺑﺮاي ﺟﺎﯾﮕﺰﯾﻨﯽ ﻫﺎي ﻣﺘﻌﺪد‬ ‫روﺗﺮﻫﺎ ﺑﻪ دﻻﯾﻠﯽ ﻫﻤﭽﻮن اﻓﺰاﯾﺶ ﺗﻌﺪاد ﭘﻮرﺗﻬﺎي ‪Wan‬و/ﯾﺎ ‪ Lan‬رﻫﺎﯾﯽ ﭘﯿﺪا ﮐﺮدﻧﺪ .ﺑﺎ ﻣﻌﻤﺎري ﺟﺪﯾﺪ، ﺷﺮﮐﺘﻬﺎ ﺑﻪ‬ ‫آﺳﺎﻧﯽ ﻣﯿﺘﻮاﻧﺴﺘﻨﺪ ادوات ‪ ISDN‬ﺧﻮد را ﺑﺎ ﺟﺎﯾﮕﺰﯾﻨﯽ )‪ WIC (WAN Interface Card‬ﺑﻪ 1‪ T‬ارﺗﻘﺎء دﻫﻨﺪ ﯾﺎ ﺑﺎ اﻓﺰودن ‪NM‬‬ ‫)‪ (Network Module‬ﺗﻌﺪاد ﺑﯿﺸﺘﺮي ‪ Fast ethenet‬ﺑﻪ روﺗﺮ ﻓﻌﻠﯽ اﺿﺎﻓﻪ ﻧﻤﺎﯾﻨﺪ.‬ ‫ﻣﻌﺮﻓﯽ روﺗﺮﻫﺎي ﺳﺮي 0062 درﺳﺎل 8991 ﻧﻘﻄﻪ ﻋﻄﻔﯽ ﺑﺮاي ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ ﻣﺤﺴﻮب ﻣﯿﺸﺪ.ﻧﺴﻞ ﺟﺪﯾﺪي از روﺗﺮﻫﺎ‬ ‫ﺑﺎ‬ ‫ﻗﺎﺑﻠﯿﺖ‬ ‫اراﺋﻪ‬ ‫ﺳﺮوﯾﺴﻬﺎي‬ ‫ﭼﻨﺪﮔﺎﻧﻪ‬ ‫ﺑﺎ‬ ‫ﻃﺮاﺣﯽ‬ ‫وﯾﮋه‬ ‫ﺑﻪ‬ ‫ﻣﻨﻈﻮر‬ ‫اراﺋﻪ‬ ‫ﻫﻤﺰﻣﺎن‬ ‫ﺳﺮوﯾﺴﻬﺎي‬ ‫‪ Voice,data,video,wireless‬ﺑﻪ ﺑﺎزار آﻣﺪﻧﺪ.ﺳﺮي 0062ﺑﺎ ﻫﻤﻪ ﻗﺎﺑﻠﯿﺘﻬﺎ ﯾﮏ ﻧﻘﯿﺼﻪ ﮐﻮﭼﮏ داﺷﺖ ﮐﻪ در ﺳﺮي 0063‬ ‫ﻣﺸﺎﻫﺪه ﻧﻤﯿﺸﺪ و آﻧﻬﻢ وﺟﻮد ﺣﺎﻓﻈﻪ ‪ Flash‬ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Pcmcia Slot‬ﺑﻮد.ﻣﺘﺨﺼﺼﯿﻦ ﺷﺒﮑﻪ اي ﮐﻪ ﺗﺠﺮﺑﻪ ﮐﺎر ﺑﺎ ﺳﺮي‬ ‫0063 را داﺷﺘﻨﺪ ﻣﯿﺪاﻧﺴﺘﻨﺪ ﮐﻪ در ﺷﺮاﯾﻂ ﺑﺤﺮان و ﺑﺎزﯾﺎﺑﯽ ﺗﻨﻈﯿﻤﺎت ﻫﻤﯿﻨﻄﻮر ﺗﻐﯿﯿﺮ ‪ IOS‬وﺟﻮد‪ Flash Card‬ﺑﺎﻋﺚ‬ ‫ﺗﺴﺮﯾﻊ در و ﺗﺴﻬﯿﻞ اﯾﻨﮕﻮﻧﻪ ﻓﺮاﯾﻨﺪﻫﺎ ﻣﯿﺸﻮد ، وﯾﮋﮔﯽ ﮐﻪ در اﺑﺘﺪاي ﻣﻌﺮﻓﯽ ﻣﻌﻤﺎري ﺟﺪﯾﺪ وﺟﻮد ﻧﺪاﺷﺖ.‬ ‫ﺳﺮي 0073 ﻣﺸﺘﻤﻞ ﺑﺮ روﺗﺮﻫﺎي 5273 و 5473 ﺗﻘﺮﯾﺒﺎ ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن ﺑﺎ ﺳﺮي 0062 ﻣﻌﺮﻓﯽ ﺷﺪﻧﺪ.در اﯾﻦ ﻣﻌﻤﺎري ﺑﻮد‬ ‫ﮐﻪ اول ﺑﺎر اﺳﺘﻔﺎده از ﺣﺎﻓﻈﻬﺎ )‪ CF(Compact Flash‬از ﺧﺎﻧﻮاده ﺣﺎﻓﻈﻪ دورﺑﯿﻨﻬﺎي دﯾﺠﯿﺘﺎل ﺣﺮﻓﻪ اي اﻣﺮوزي ﻣﻌﺮﻓﯽ‬ ‫ﺷﺪ .ﺣﺘﯽ اﻣﺮوزه ﻧﯿﺰ ﺗﺠﻬﯿﺰاﺗﯽ از ﻗﺒﯿﻞ ﺳﺮي0082و0083 )‪ ISR(Integrated service Routers‬و ﻓﺎﯾﺮواﻟﻬﺎي ﺳﺮي‬ ‫0055 ‪ ASA‬و ﺗﻌﺪاد ﺑﯿﺸﻤﺎري از ادوات دﯾﮕﺮ ﺑﺎ ﻗﺎﺑﻠﯿﺖ ﭘﺸﺘﯿﺒﺎﻧﯽ از ﺣﺎﻓﻈﻪ ﻫﺎي ‪ CF‬ﻃﺮاﺣﯽ ﻣﯿﺸﻮﻧﺪ ﮐﻪ ﺑﻪ ﻣﺮاﺗﺐ از‬ ‫ﻧﺴﻞ ﻗﺒﻠﯽ ﺣﺎﻓﻈﻪ ﻫﺎ ﺳﺮﯾﻌﺘﺮ و ﻗﺎﺑﻞ اﻋﺘﻤﺎد ﺗﺮ ﻫﺴﺘﻨﺪ.‬ ‫در ﺳﺎل 2002 ﺳﺮي ﺟﺪﯾﺪ ‪ 2600XM‬ﺑﺎ ﺑﺮوزرﺳﺎﻧﯿﻬﺎي ﻣﺘﻌﺪدي از ﻗﺒﯿﻞ اﺳﺘﻔﺎده از آﺧﺮﯾﻦ ﺳﺮي ﭘﺮدازﻧﺪه ﻫﺎي‬ ‫‪ ، 125MHZ SDRAM ، Motorola‬ﭘﺸﺘﯿﺒﺎﻧﯽ از ‪ 48MB‬ﺣﺎﻓﻈﻪ ‪ Flash‬و ﭘﺸﺘﯿﺒﺎﻧﯽ ﺗﺎ ‪ 128MB RAM‬اراﺋﻪ ﺷﺪ.‬ ‫ﮐﻤﯽ ﺑﻌﺪ ﺑﺎ اراﺋﻪ ﻧﺴﺨﻪ ﺟﺪﯾﺪ ‪ 12.2(8r) bootrom‬ﺳﺮي ﻓﻮق ﻗﺎدر ﺑﻪ ﭘﺸﺘﯿﺒﺎﻧﯽ ﺗﺎ ‪ 256MB RAM‬ﺷﺪ .‬ ‫092 ‪Page 13 of‬‬
‫ﺳﺮي 1962 ﻫﻤﺰﻣﺎن ﺑﺎ ﺳﺮي ‪ 2600XM‬ﺑﻪ ﻋﻨﻮان ﺳﺮﯾﻌﺘﺮﯾﻦ ﺳﮑﻮي ﺳﺮي 0062 ﻣﻌﺮﻓﯽ ﺷﺪ.ﺳﺮي 1962 ﺑﻪ ﻋﻨﻮان ﺑﺮادر‬ ‫ﮐﻮﭼﮑﺘﺮ ﺳﺮي 5273 ﺷﻨﺎﺧﺘﻪ ﻣﯿﺸﻮد . در ﯾﮏ ﻣﻘﺎﯾﺴﻪ ﻧﻈﯿﺮ ﺑﻪ ﻧﻈﯿﺮ آﻧﻬﺎ ﮐﺎﻣﻼ ﺷﺒﯿﻪ ﺑﻪ ﻧﻈﺮ ﻣﯿﺮﺳﻨﺪ ﻫﺮﭼﻨﺪ ﮐﻪ ﺗﻮان‬ ‫ﻋﻤﻠﯿﺎﺗﯽ ﻋﻤﻮﻣﯽ ﻫﻤﯿﻨﻄﻮر ﭘﺸﺘﯿﺒﺎﻧﯽ از ﺗﻌﺪاد ﻣﺎژوﻟﻬﺎ و ﻗﯿﻤﺖ آﻧﻬﺎ را از ﻫﻢ ﺟﺪا ﻣﯿﮑﻨﺪ.‬ ‫ﺳﺮي 0081 ، 0082 و 0083 از ﻣﺎژوﻟﻬﺎي )‪ HWIC (High-speed WAN Interface Card’s‬ﺑﺎ ﺳﺮﻋﺖ ﺟﻤﻌﺎ ‪ 400mbps‬ﺑﻪ‬ ‫ﺻﻮرت ﺗﻮزﯾﻊ ﺷﺪه ﺑﯿﻦ ﻫﻤﻪ اﺳﻼﺗﻬﺎ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ در ﺣﺎﻟﯽ ﮐﻪ ﺗﮑﻨﻮﻟﻮژي ‪ WIC‬ﻗﺪﯾﻤﯽ ﺣﺪاﮐﺜﺮ ‪ 8mbps‬را روي ﻫﺮ‬ ‫‪ Pci Bus‬اراﺋﻪ ﻣﯿﮑﺮد.ﺑﻪ ﻋﻨﻮا ﻣﺜﺎل ﺳﺮي ‪ 2600XM‬داراي دو اﯾﻨﺘﺮﻓﯿﺲ ‪ WIC‬ﻣﺠﺰا روي ﯾﮏ ﺑﺎس ﻣﺸﺘﺮك ﻣﯿﺒﺎﺷﺪ‬ ‫ﻧﺘﯿﺠﻪ اﯾﻨﮑﻪ ﻣﯿﺘﻮاﻧﺪ از ﯾﮏ ‪ WIC-2T‬ﺑﺎ ﺳﺮﻋﺖ ‪ 8Mbps‬ﯾﺎ دو ﭘﻮرت ﺑﺎ ﺳﺮﻋﺖ ‪ 4Mbps‬اﺳﺘﻔﺎده ﮐﻨﺪ و در اﯾﻦ ﺣﺎﻟﺖ‬ ‫ﺑﻪ دﻟﯿﻞ اﺳﺘﻔﺎده از ﺑﺎس ﻣﺸﺘﺮك اﺳﻼت دوم ‪ WIC‬ﻗﺎﺑﻞ اﺳﺘﻔﺎده ﻧﯿﺴﺖ.اﯾﻦ ﻣﺤﺪودﯾﺖ ﻫﻤﯿﻨﻄﻮر روي ﻣﺎژوﻟﻬﺎي -‪NM‬‬ ‫‪ 1FE2W, NM-1FE1R2W, NM-2FE2W and NM-2W‬اﻋﻤﺎل ﻣﯿﺸﻮد.‬ ‫روﺗﺮﻫﺎي ﺳﺮي 0082 ﺑﻪ ﺟﺰ 1082 داراي 4 اﺳﻼت ‪ HWIC‬ﺑﺎ ﻣﺠﻮع ﺳﺮﻋﺖ ‪ 400Mbps‬ﺗﻮزﯾﻊ ﺷﺪه ﻣﺎﺑﯿﻦ ﻫﻤﻪ اﺳﻼﺗﻬﺎ‬ ‫ﺑﻪ ﻋﻼوه ﯾﮏ ﯾﺎ ﺑﯿﺶ از آن اﺳﻼت )‪ NME(Netwok Module Enhanced‬ﺑﺎﺳﺮﻋﺖ ‪ 1.2Gbps‬ﺑﻪ ﻃﻮر ﻣﺸﺘﺮك ﻣﺎﺑﯿﻦ‬ ‫ﻫﻤﻪ اﺳﻼﺗﻬﺎي اﯾﻦ ﭘﻠﺘﻔﺮم در ﻣﻘﺎﯾﺴﻪ ﺑﺎ ﺳﺮﻋﺖ ‪ 600Mbps‬ﻣﺎژوﻟﻬﺎي ﻗﺪﯾﻤﯽ ‪ NM‬ﻣﯿﺒﺎﺷﻨﺪ.‬ ‫ﭘﻠﺘﻔﺮﻣﻬﺎي ﺑﺴﯿﺎري ﻣﺎﻧﻨﺪ 0062 و 0073 و ﻣﺪﻟﻬﺎي ﺟﺪﯾﺪﺗﺮ داراي اﺳﻼﺗﻬﺎي ﺗﻮﺳﻌﻪ داﺧﻠﯽ ﺑﻪ ﻧﺎم‬ ‫‪(Advanced Integration‬‬ ‫)‪ AIM Module‬ﺑﻪ ﻣﻨﻈﻮر اﻓﺰودن ﻗﺎﺑﻠﯿﺘﻬﺎ و ﺳﺮوﯾﺴﻬﺎ وﯾﮋه ﺑﻪ ﭘﻠﺘﻔﺮﻣﻬﺎي ﻣﻮرد ﻧﻈﺮ ﻫﺴﺘﻨﺪ.ﻋﻨﺎوﯾﻦ ﻣﺘﻌﺪدي از ‪AIM‬ﻫﺎ ﻧﻈﯿﺮ‬ ‫‪ AIM-CU‬ﮐﻪ ﻣﺎژول ‪ Cisco unity Express‬ﺑﻪ ﻣﻨﻈﻮر اراﺋﻪ ﺳﺮوﯾﺲ ‪ Voice mail‬ﺑﺮاي ﺳﯿﺴﺘﻢ‬ ‫‪Unified‬‬ ‫‪ Communications Manager Express‬و ﯾﺎ ﻣﺎژول ‪ AIM-VPN‬ﺟﻬﺖ رﻣﺰﻧﮕﺎري ﺗﺮاﻓﯿﮏ ﺑﺎ ﻫﺪف ﺑﺮداﺷﺘﻦ ﺑﺎر ﻣﺤﺎﺳﺒﺎﺗﯽ‬ ‫رﻣﺰﻧﮕﺎري از روي ﭘﺮدازﻧﺪه اﺻﻠﯽ روﺗﺮ اﺳﺖ را ﻣﯿﺘﻮان ﻧﺎم ﺑﺮد‬ ‫در ﺟﺪول زﯾﺮ ﻣﺸﺨﺼﻪ ﻋﻤﻮﻣﯽ روﺗﺮﻫﺎي ﻣﻌﻤﻮل اﻣﺮوزي و دﯾﺮوزي را ﻣﺸﺘﻤﻞ ﺑﺮ ﭘﻮرﺗﻬﺎ، اﺳﻼﺗﻬﺎ،ﮐﺎراﯾﯽ، ﺣﺪاﮐﺜﺮ‬ ‫‪RAM‬و‪ Flash‬ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ ‫‪Cisco 2500 Series Routers‬‬ ‫*‪Async Lines‬‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫‪8 Lines Octal‬‬ ‫54-‪8 Lines RJ‬‬ ‫‪8 Lines Octal‬‬ ‫‪16 Lines Octal‬‬ ‫54-‪16 Lines RJ‬‬ ‫‪16 Lines Octal‬‬ ‫0‬ ‫092 ‪Page 14 of‬‬ ‫‪ISDN‬‬ ‫0‬ ‫0‬ ‫1‬ ‫1‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫‪Token Ring‬‬ ‫0‬ ‫1‬ ‫0‬ ‫1‬ ‫0‬ ‫0‬ ‫0‬ ‫1‬ ‫0‬ ‫0‬ ‫1‬ ‫1‬ ‫54-‪Ethernet RJ‬‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫‪16 Hub Ports‬‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫‪AUI‬‬ ‫1‬ ‫0‬ ‫1‬ ‫0‬ ‫1‬ ‫1‬ ‫1‬ ‫0‬ ‫1‬ ‫1‬ ‫0‬ ‫1‬ ‫*‪Serial‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪1H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪1H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪Flash‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪RAM‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪Router‬‬ ‫1052‬ ‫2052‬ ‫3052‬ ‫4052‬ ‫7052‬ ‫9052‬ ‫‪2509-RJ‬‬ ‫0152‬ ‫1152‬ ‫‪2511-RJ‬‬ ‫2152‬ ‫3152‬
2514 2515 2516 2518 2520 2521 2522 2523 2524 2525 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 2H 2H 2H 0 2H 2L 2H 2L 2H 8L 2H 8L 0 0 2 0 0 1 1 0 0 0 0 0 14 Hub Ports 1 Ethernet Port 24 Port Module 0 0 1 – Shared 1 1 – Shared 1 0 2 0 0 1 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 :‫ﺗﻮﺟﻪ‬ ‫ و دو اﺳﻼت‬SIMM RAM ‫ .ﯾﮏ اﺳﻼت 08ﭘﯿﻦ‬Motorola 68030 20 MHz ‫ﺳﺮي ﺑﺎﺳﺘﺎﻧﯽ 0052 داراي ﭘﺮدازﻧﺪه‬  .‫ ﻣﯿﺒﺎﺷﺪ‬SIMM Flash ‫2 ﻟﺤﯿﻢ ﺷﺪه روي ﺑﺮداﺻﻠﯽ ﺟﻬﺖ ﺑﺎﻓﺮ/ﺣﺎﻓﻈﻪ اﺷﺘﺮاﮐﯽ ﻫﺴﺘﻨﺪ‬MB DRAM ‫ﺑﺮﺧﯽ از ﺳﺮﯾﻬﺎي 0052 داراي‬  ‫ ﻣﯿﺘﻮان ﺑﻪ ﻋﻨﻮان ﭘﻮرت ﻣﻮدم ﯾﺎ ﺧﻄﻮط ﺗﺮﻣﯿﻨﺎل در اﮐﺴﺲ ﺳﺮور اﺳﺘﻔﺎده ﮐﺮد‬Async lines ‫از‬  Cisco 1600 Series Routers Router 1601 1602 1603 1604 1605 RAM 24MB 24MB 24MB 24MB 24MB Flash* 16MB 16MB 16MB 16MB 16MB CPU 33Mhz 33Mhz 33Mhz 33Mhz 33Mhz Ethernet AUI RJ45 Shared AUI RJ45 Shared AUI RJ45 Shared AUI RJ45 Shared 1 RJ45 – 1 Shared WIC 1 1 1 1 1 ISDN 0 0 1 BRI 1 NT1 0 56k DSU 0 1 0 0 0 Performance 4k pps 4k pps 4k pps 4k pps 4k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬PCMCIA Flash Card ‫ﺳﺮي 0061 از ﺣﺎﻓﻈﻪ ﻫﺎي‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬Motorola 68360 33Mhz ‫از ﭘﺮدازﻧﺪه‬   Cisco 3600 Series Routers Router 3620 3631-CO 3640 3660 3661-CO 3662 RAM 64MB 256MB 128MB 64MB 64MB 256MB Flash 32MB 128MB 32MB 64MB 64MB 64MB CPU 80Mhz 240Mhz 100Mhz 225Mhz 225Mhz 225Mhz Ethernet None None None 1 or 2 Fast Eth 1 or 2 Fast Eth 1 or 2 Fast Eth WIC 0 2 0 0 0 0 NM 2 2 4 6 6 6 AIM 0 2 0 2 2 2 Performance 20-40k pps 70k pps 50-70k pps 100-120k pps 100-120k pps 100-120k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ‬PCMCIA Flash Cards ‫ﺳﺮي 0063 ﻣﻌﻤﺎري ﮐﺎﻣﻼ ﻣﺎژوﻻر داﺷﺘﻪ و از ﺣﺎﻓﻈﻪ ﻫﺎي‬  ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ‬IDT R7000 RISC Processor ‫0263 و 0463 از ﭘﺮدازﻧﺪه ﻫﺎي‬  ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬PMC-Sierra RM7061A RISC Processor ‫1363 از ﭘﺮدازﻧﺪه‬  ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬QED RM5271 RISC Processor ‫0663 از ﭘﺮدازﻧﺪه‬ Page 15 of 290 
Cisco 2600 & 2600XM Series Routers Router 2610 2611 2612* 2613* 2620 2621 2650 2651 2610XM 2611XM 2620XM 2621XM 2650XM 2651XM 2691 RAM 64MB 64MB 64MB 64MB 64MB 64MB 128MB 128MB 128MB 128MB 128MB 128MB 128MB 128MB 256MB Flash 16MB 16MB 16MB 16MB 16MB 16MB 32MB 32MB 48MB 48MB 48MB 48MB 48MB 48MB 128MB CPU 40Mhz 40Mhz 40Mhz 40Mhz 50Mhz 50Mhz 80Mhz 80Mhz 40Mhz 40Mhz 50Mhz 50Mhz 80Mhz 80Mhz 160Mhz Ethernet 1 10Base-T 2 10Base-T 1 10Base-T None 1 Fast Ethernet 2 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 2 Fast Ethernet WIC 2 2 2 2 2 2 2 2 2 2 2 2 2 2 3 NM 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 AIM 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 Performance 15k pps 15k pps 15k pps 15k pps 25k pps 25k pps 37k pps 37k pps 20k pps 20k pps 30k pps 30k pps 40k pps 40k pps 70k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬MCP860 PowerQUICC ‫ﺳﺮي 0062 از ﭘﺮدازﻧﺪه ﻫﺎي‬  ‫ ﻫﺴﺘﻨﺪ‬Rj45 Token ring port ‫2162و3162 داراي‬  ‫ ﻣﯿﺒﺎﺷﺪ‬CF ‫1962 داراي ﻫﺮدو ﺣﺎﻓﻈﻪ داﺧﻠﯽ و‬  ‫3(1.21 ﯾﺎ ﺟﺪﯾﺪﺗﺮ ﻫﺴﺘﻨﺪ‬r) bootrom ‫ﺑﺎ‬Flash ‫23 ﺣﺎﻓﻈﻪ‬MB ‫0262 و 1262 داراي ﻗﺎﺑﻠﯿﺖ ﭘﺸﺘﯿﺒﺎﻧﯽ از‬ ‫8(2.21 اﺳﺖ‬r) bootrom ‫652 ﺑﺎ اﺳﺘﻔﺎده از‬MB DRAM ‫0062داراي ﻗﺎﺑﻠﯿﺖ ﭘﺸﺘﯿﺒﺎﻧﯽ از‬XM ‫ﺳﺮي‬   Cisco 1700 Series Routers Router 1701 1710 1711 1712 1720 1721 1750 1751 1760 RAM 128MB 96MB 64MB 128MB 48MB 128MB 48MB 96MB 128MB Flash 32MB 16MB 16MB 32MB 16MB 32MB 16MB 32MB 64MB CPU 40Mhz 48Mhz 100Mhz 100Mhz 48Mhz 48Mhz 48Mhz 48Mhz 80Mhz Ethernet 1 Fast Ethernet 1 Fast Eth & 1 10Base-T 1 Fast & 4 10/100 Switch 1 Fast & 4 10/100 Switch 1 Fast Ethernet 1 Fast Ethernet 1 Fast Ethernet 1 Fast Ethernet 1 Fast Ethernet ISDN 1 0 0 1 0 0 0 0 0 WIC 0 0 0 0 2 2 2 2 2 VIC 0 0 0 0 0 0 1 1 4* Performance 12k pps 7k pps 13.5k pps 13.5k pps 8.5k pps 12k pps 8.5k pps 12k pps 16k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬MCP RISC PowerQUICC ‫ﺳﺮي 0071 از ﭘﺮدازﻧﺪه ﻫﺎي‬ ‫ ﻫﺴﺘﻨﺪ‬Vpn ‫1171 و 2171 داراي ﺳﺨﺖ اﻓﺰار اﺧﺘﺼﺎﺻﯽ ﺳﺮوﯾﺲ‬   ‫ وﺟﻮد دارد‬AIM-Vpn ‫در 0271 و ﺑﺎﻻﺗﺮ اﻣﮑﺎن ﻧﺼﺐ ﻣﺎژول‬  ‫65 اﺳﺖ‬k v.90 ‫1171 داراي ﻣﻮدم آﻧﺎﻟﻮگ‬  Page 16 of 290
‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ‬wic ‫ اﺳﺖ ﮐﻪ دوﺗﺎي آن ﺻﺮﻓﺎ از‬VIC ‫0671 داري4 اﺳﻼت‬  Cisco 3700 Series Routers Router 3725 3745 RAM 256MB 256MB Flash 128MB 128MB CPU 240Mhz 350Mhz Ethernet 2 Fast Ethernet 2 Fast Ethernet WIC 3 3 NM 2 4 AIM 2 2 HDSM 1 2 Performance 100k pps 225k pps :‫ﺗﻮﺟﻪ‬ ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﻨﺪ‬High Density Service Modules (HDSM’s) ‫ﺳﺮي 0073 ﻣﺎژوﻟﻬﺎي‬  ‫215 ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ‬MB DRAM ‫6(3.21 ﺗﺎ‬r) Bootrom ‫543 ازﻃﺮﯾﻖ‬  ‫ ﻣﺎژوﻟﻬﺎ و ﻣﻨﺎﺑﻊ ﺗﻐﺬﯾﻪ ﭘﺸﺘﯿﺒﺎﻧﯽ‬NM ‫ ﺟﻬﺖ‬Online Insertion & Removal (OIR) ‫ﺳﺮي 0073 از ﻗﺎﺑﻠﯿﺖ‬  ‫ﻣﯿﮑﻨﻨﺪ‬ Cisco 1800 Series Routers Router 1801 RAM 384MB Flash 128MB CPU ? Ethernet 1 Fast Ethernet 1802 384MB 128MB ? 1 Fast Ethernet 1803 1805 1811 1812 1841 1861 384MB 384MB 384MB 384MB 384MB 384MB 128MB 128MB 128MB 128MB 128MB 128MB ? ? ? ? 250Mhz 250Mhz 1 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 2 Fast Ethernet 2 Fast Ethernet 2 Fast Ethernet aDSL aDSL Over Pots aDSL over ISDN SHDSL None None None Yes* None HWIC 0 WiFi Yes USB 0 Perform. 70k pps 0 Yes 0 70k pps 0 0 0 0 2 1 Yes Yes Yes Yes No* No 0 2 2 2 1* 0 70k pps 70k pps 70k pps 70k pps 75k pps 75k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪد‬QED RM52xx ‫ﺗﻤﺎم ﻣﺪﻟﻬﺎي 0081 از ﭘﺮدازﻧﺪه ﻫﺎي ﺳﺮي‬  ‫ از واﯾﺮﻟﺲ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ‬HWIC-AP ‫1481 از ﻃﺮﯾﻖ‬  Usb 2 ‫اﺳﺖ ﻣﺎﺑﻘﯽ‬Usb 1.1 ‫1481 داراي‬  ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ‬aDSL & G.SHDSL WIC and HWIC’s ‫1481 از‬ ‫ اﺳﻼت اﺳﺖ‬AIM ‫1481 داراي ﯾﮏ‬   ‫5081 داراي 4 ﭘﻮرت 01/001 ﻣﺪﯾﺮﯾﺖ ﭘﺬاﯾﺮ اﺳﺖ‬ ‫2 اﺳﺖ‬x BRI S/T, 8 Port POE 10/100 ‫ و‬FXS ‫1681 داراي 4 ﭘﻮرت‬ Router 2801 2811 2821 2851 RAM 512MB 768MB 1GB 1GB Page 17 of 290 Flash 256MB 256MB 256MB 256MB   CPU 250Mhz 350Mhz 466Mhz 466Mhz Cisco 2800 Series Routers Ethernet HWIC 2 Fast Ethernet 4 2 Fast Ethernet 4 2 Gigabit Eth 4 2 Gigabit Eth 4 NME 2 4 4 4 AIM 2 2 2 2 DSP 2 2 3 3 Perform. 90k pps 120k pps 170k pps 220k pps
:‫ﺗﻮﺟﻪ‬ ‫ ﻫﺴﺘﻨﺪ‬vpn ‫ﺗﻤﺎم ﻣﺪﻟﻬﺎي 0082 داراي ﭘﺮدازﻧﺪه ﻣﺠﺰا ﺟﻬﺖ رﻣﺰﻧﮕﺎري ﮐﺎﻧﺎﻟﻬﺎي‬ ‫ ﻫﺴﺘﻨﺪ‬Voice ‫ ﺟﻬﺖ ﭘﺮدازﺷﻬﺎي‬Dsp processor ‫ﺗﻤﺎﻣﯽ ﻣﺪﻟﻬﺎي 0082 داراي ﻗﺎﺑﻠﯿﺖ ﻧﺼﺐ‬ ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ‬HWIC-1GE (1 Port SFP HWIC) ‫1082 از‬ ‫ ﻧﯿﺎز ﺑﻪ ﺳﺮي 0083 اﺳﺖ‬HWIC-2FE ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﻨﺪ . ﺑﺮاي‬HWIC-2FE ‫ و ﻧﻪ‬HWIC-1FE ‫ﻣﺪﻟﻬﺎي 0082 از‬ Router 3825 3845 RAM 1GB 1GB Flash 256MB 256MB CPU 500Mhz 650Mhz Cisco 3800 Series Routers Ethernet HWIC 2 Gigabit Eth 4 2 Gigabit Eth 4 NME 2 4 AIM 2 2 DSP 4 4     Perform. 350k pps 500k pps :‫ﺗﻮﺟﻪ‬ ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﻨﺪ‬High Density Service Modules (HDSM’s) ‫ﺳﺮي 0083 از‬ ‫ ﻣﺎژول ﻫﺴﺘﻨﺪ‬single Small Pluggable Form-factor (SFP) ‫ﺳﺮي 0083 داراي ﯾﮏ‬ Broadcom BCM1125H 500 MHz ‫5283 داراي ﭘﺮدازﻧﺪه‬ ‫ اﺳﺖ‬Broadcom BCM1250 650 MHz ‫5483 داراي ﭘﺮدازﻧﺪه دو ﻫﺴﺘﻪ اي‬     Page 18 of 290
‫آزﻣﺎﯾﺶ 2.1-اﺗﺼﺎل ﺑﻪ ادوات ﺳﯿﺴﮑﻮ از ﻃﺮﯾﻖ ﮐﻨﺴﻮل‬ ‫اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﭼﮕﻮﻧﮕﯽ اﺗﺼﺎل ﺑﻪ ﮐﻨﺴﻮل روﺗﺮ/ﺳﻮﯾﯿﭻ ازﻃﺮﯾﻖ ﮐﺎﺑﻞ 54‪ DB9 to RJ‬ﻣﯿﭙﺮدازد.در اﯾﻦ آزﻣﺎﯾﺶ از ﯾﮏ‬ ‫ﻧﺮم اﻓﺰار ﺗﺮﻣﯿﻨﺎل ﻣﺎﻧﻨﺪ ‪ Putty‬و ﯾﺎ ‪ HyperTerminal‬ﮐﻪ در دل وﯾﻨﺪوز ﻣﻮﺟﻮد ﻣﯿﺒﺎﺷﺪ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.ﻧﺮم‬ ‫اﻓﺰارﻫﺎي ﻣﺘﻌﺪدي در اﯾﻦ ﺧﺼﻮص وﺟﻮد دارﻧﺪ ﻣﺎﻧﻨﺪ دو ﻣﻮرد راﯾﮕﺎﻧﯽ ﮐﻪ در ﺑﺎﻻ اﺷﺎره ﺷﺪ و ﯾﺎ ﻧﺮم اﻓﺰار ‪SecureCRT‬‬ ‫ﯾﺎ ‪.TeraTerm‬‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در دﻧﯿﺎي واﻗﻊ ﻣﻮاﻗﻊ زﯾﺎدي ﭘﯿﺶ ﻣﯽ آﯾﺪ ﮐﻪ ﻧﯿﺎز ﺑﻪ ﺗﻨﻈﯿﻢ ﯾﮏ ﺗﺠﻬﯿﺰ ﺳﯿﺴﮑﻮ از ﻃﺮﯾﻖ ﮐﻨﺴﻮل دارﯾﻢ. ﻣﻮاردي‬ ‫ﻫﻤﭽﻮن اﻣﺎده ﺳﺎزي ﯾﮏ ﺗﺠﻬﯿﺰ ﺗﺎزه ﺧﺮﯾﺪاري ﺷﺪه،ﺑﺎزﮔﺮداﻧﺪن ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ )‪ (Image restoration‬ﯾﺎ ﺣﺘﯽ‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ دﺳﺘﺮﺳﯽ از ﻃﺮﯾﻖ ﺷﺒﮑﻪ ﺧﻮد ﺑﻪ ﺗﺠﻬﯿﺰ ﻣﻮرد ﻧﻄﺮ را ﺑﻪ دﻟﯿﻞ ﺗﻨﻈﯿﻤﺎت اﺷﺘﺒﺎه ‪ Access list‬از دﺳﺖ داده‬ ‫اﯾﻢ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ:‬ ‫‪‬‬ ‫ﻧﺮم اﻓﺰار ﺗﺮﻣﯿﻨﺎل ﻣﺎﻧﻨﺪ ‪Putty, HyperTerminal , SecureCRT‬‬ ‫‪‬‬ ‫ﮐﺎﺑﻞ ﮐﻨﺴﻮل ﯾﺎ ‪-rollover‬ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ اﯾﻨﮑﻪ ﺑﯿﺸﺘﺮ ﮐﺎﻣﭙﯿﻮﺗﺮﻫﺎي اﻣﺮوزي ﻓﺎﻗﺪ ‪ Serial port‬ﻫﺴﺘﻨﺪ اﺳﺘﻔﺎده‬ ‫از ﺗﺒﺪﯾﻞ ‪ Usb‬ﺑﻪ 232‪ Rs‬ﺗﻮﺻﯿﻪ ﻣﯿﺸﻮد‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﺑﻪ ﺗﺠﻬﯿﺰ ﺳﺴﯿﺴﮑﻮ از ﻃﺮﯾﻖ ﮐﻨﺴﻮل و ﻣﺸﺎﻫﺪه ‪Cli prompt‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺑﺎ اﯾﻨﮑﻪ ﻋﻤﻮﻣﺎ ﻧﺮم اﻓﺰارﻫﺎي ﺗﺮﻣﯿﻨﺎل داراي ﺗﻔﺎوﺗﻬﺎﯾﯽ در وﯾﮋﮔﯿﻬﺎ و ﭘﺮوﺗﮑﻠﻬﺎي ﻣﻮرد ﭘﺸﺘﯿﺒﺎﻧﯽ دارﻧﺪ اﻣﺎ ﻫﻤﻪ اﻧﻬﺎ ﯾﮏ‬ ‫ﻫﺪف واﺣﺪ را دﻧﺒﺎل ﻣﯿﮑﻨﻨﺪ و آن اﻣﮑﺎن ﺑﺮﻗﺮاري اﺗﺼﺎل ﺑﻪ ﺗﺠﻬﯿﺰ ﻣﻮرد ﻧﻈﺮ و ﭘﯿﮑﺮﺑﻨﺪي آن اﺳﺖ.در اﯾﻦ ﻧﻮﺷﺘﺎر از‬ ‫‪ Putty‬ﺟﻬﺖ ﺑﺮﻗﺮاي اﺗﺼﺎل و ﻣﺸﺎﻫﺪه ﺧﻂ ﻓﺮﻣﺎن اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫1. ﮐﺎﺑﻞ ﮐﻨﺴﻮل را ﺑﻪ ﮐﺎﻣﭙﯿﻮﺗﺮ ﻣﺘﺼﻞ ﮐﻨﯿﺪ و ﺳﺮ دﯾﮕﺮ آﻧﺮا ﺑﻪ ﭘﻮرت ﮐﻨﺴﻮل ﺗﺠﻬﯿﺰ ﻣﺘﺼﻞ ﮐﻨﯿﺪ‬ ‫2. ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﺮاي اوﻟﯿﻦ ﺑﺎر ‪ putty‬را اﺟﺮا ﻣﯿﮑﻨﯿﺪ ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت زﯾﺮ روﺑﺮو ﻣﯿﺸﻮﯾﺪ‬ ‫092 ‪Page 19 of‬‬
‫3. ﺑﻪ ﺟﺎي ‪ SSH‬ﮔﺰﯾﻨﻪ ‪ Serial‬اﻧﺘﺨﺎب ﻣﯿﺸﻮد .1‪ Com‬ﭘﻮرت ارﺗﺒﺎﻃﯽ ﭘﯿﺶ ﻓﺮض ﺑﺮاي ارﺗﺒﺎﻃﺎت ﺳﺮﯾﺎل ‪putty‬‬ ‫اﺳﺖ.ﻣﻤﮑﻦ اﺳﺖ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺷﻤﺎره ‪ Com port‬ﮐﻪ ﮐﺎﺑﻞ ﮐﺴﻨﻮل ﺑﻪ آن ﻣﺘﺼﻞ ﺷﺪه ﻧﯿﺎر ﺑﻪ ﺗﻐﯿﯿﺮ آن داﺷﺘﻪ‬ ‫ﺑﺎﺷﯿﻢ.‪ 9600 Baud‬ﻫﻢ ﺳﺮﻋﺖ ﭘﯿﺶ ﻓﺮض ‪ putty‬ﺟﻬﺖ ارﺗﺒﺎﻃﺎت ﺳﺮﯾﺎل اﺳﺖ ﻫﻤﯿﻨﻄﻮر ﺳﺮﻋﺖ ﭘﯿﺶ ﻓﺮض‬ ‫ادوات ﺳﯿﺴﮑﻮ ﮐﻪ از ﻃﺮﯾﻖ 2012×0 ‪ Configuration Register‬ﺗﻨﻈﯿﻢ ﻣﯿﺸﻮد‬ ‫092 ‪Page 20 of‬‬
‫4. ﺗﻨﻈﯿﻤﺎت ارﺗﺒﺎط را ﺑﺎ ﻧﺎم "‪ "Cisco Console‬ﻣﻄﺎﺑﻖ ﺷﮑﻞ زﯾﺮ ذﺧﯿﺮه ﮐﻨﯿﺪ‬ ‫5. ﭘﺲ از اﯾﻨﮑﻪ ﺗﻨﻈﯿﻤﺎت ﺑﺎ ﻣﻮﻓﻘﯿﺖ ﺑﻪ ﺻﻮرت ‪ Tempalate‬ذﺧﯿﺮه ﺷﺪ ﺑﺎ ﮐﻠﯿﮏ روي دﮐﻤﻪ ‪ open‬ﭘﻨﺠﺮه‬ ‫ﺟﺪﯾﺪي ﭘﺪﯾﺪار ﻣﯿﺸﻮد ﮐﻪ ﻫﻤﺎن ﭘﻨﺠﺮه ﺗﺮﻣﯿﻨﺎل دﺳﺘﮕﺎه اﺳﺖ.اﮐﻨﻮن ﺗﺠﻬﯿﺰ ﺳﯿﺴﮑﻮ را روﺷﻦ ﮐﻨﯿﺪ.ﭘﺲ ار‬ ‫ﺑﻮت ﺷﺪن دﺳﺘﮕﺎه ﺑﺎ ﻓﺮض اﯾﻨﮑﻪ ‪ Nvram‬ﻓﺎﻗﺪ اﻃﻼﻋﺎت ﻣﯿﺒﺎﺷﺪ اﻋﻼن ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ دﺳﺘﮕﺎه را ﻣﺸﺎﻫﺪه‬ ‫ﺧﻮاﻫﯿﺪ ﮐﺮد.ﮐﻠﯿﮏ "‪ "n‬را ﺑﻔﺸﺎرﯾﺪ ﭘﺲ از آن از ﺷﻤﺎ ﻣﯿﺨﻮاﻫﺪ ﺑﺎ ﻓﺸﺮدن ‪ Enter‬وارد ﻣﺮﺣﻠﻪ ﺑﻌﺪي ﺷﻮﯾﺪ در‬ ‫اﯾﻦ ﺣﺎﻟﺖ ﭘﻨﺠﺮه ﺷﺒﯿﻪ ﺑﻪ اﯾﻦ ﺧﻮاﻫﺪ ﺑﻮد‬ ‫092 ‪Page 21 of‬‬
‫اﮐﻨﻮن وارد ﻣﺤﯿﻂ ‪ cli‬ﺟﻬﺖ ﺗﻨﻈﯿﻤﺎت و ﭘﯿﮑﺮﺑﻨﺪي دﺳﺘﮕﺎه ﺳﯿﺴﮑﻮ ﺧﻮد ﺷﺪه اﯾﺪ‬ ‫092 ‪Page 22 of‬‬
‫آزﻣﺎﯾﺶ 3.1-آﺷﻨﺎﯾﯽ ﺑﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ روﺗﺮ و ﺳﻮﯾﯿﭻ‬ ‫اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﺑﺮرﺳﯽ ﻣﺸﺨﺼﻪ ﻫﺎي )‪ Cisco Internetwork Operating System (Cisco IOS‬در ﺣﺎل اﺟﺮا ﺑﺮ‬ ‫روي ادوات ﺳﯿﺴﮑﻮ ﻣﯽ ﭘﺮدازد‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫داﻧﺴﺘﻦ اﯾﻨﮑﻪ ﭼﻪ ﻧﺴﺨﻪ اي از ‪ IOS‬و ﺑﺎ ﭼﻪ وﯾﮋﮔﯽ در ﺣﺎل اﺟﺮا ﺑﺮ روي ادوات ﺳﯿﺴﮑﻮ ﻣﺎ ﻣﯿﺒﺎﺷﺪ ﻧﻘﺸﯽ ﺗﻌﯿﯿﻦ ﮐﻨﻨﺪه‬ ‫در ﺑﺮﻧﺎﻣﻪ رﯾﺰي و ﭘﯿﺎده ﺳﺎزي ﻣﺸﺨﺼﻪ ﻫﺎي ﻣﻮرد ﻧﯿﺎز ﺧﻮاﻫﺪ داﺷﺖ. ﺑﺮاي درك ﺑﻬﺘﺮ اﯾﻦ ﻣﻔﻬﻮم ﺑﻪ ﻣﺸﺨﺼﻪ ﻫﺎي‬ ‫ﻧﮕﺎرﺷﻬﺎي ﻣﺨﺘﻠﻒ وﯾﻨﺪوز7 ﻣﺎﻧﻨﺪ ‪Basic, Home Edition, Home Premium, Business, Ultimate and‬‬ ‫‪ Enterprise‬ﺗﻮﺟﻪ ﮐﻨﯿﺪ،در ‪ IOS‬ﺳﯿﺴﮑﻮ ﻫﻢ ﭼﻨﯿﻦ ﻧﺎم ﮔﺬاري ﻫﺎﯾﯽ را ﺗﺤﺖ ﻋﻨﻮان ”‪ “Feature set‬ﺷﺎﻫﺪ ﻫﺴﺘﯿﻢ ﮐﻪ‬ ‫ﺑﯿﺎﻧﮕﺮ ﻧﻮع وﯾﮋﮔﯿﻬﺎي ﻗﺎﺑﻞ اراﺋﻪ در آن ﺗﻮزﯾﻊ ﻫﺴﺘﻨﺪ در اداﻣﻪ ﺑﻪ ﭼﮕﻮﻧﮕﯽ ﻗﻮاﻋﺪ اﯾﻦ ﻧﺎم ﮔﺬاري ﻫﺎ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻣﻄﺎﻟﻌﻪ آزﻣﺎﯾﺶ 2.1 و اﺗﺼﺎل ﺑﻪ ﮐﻨﺴﻮل دﺳﺘﮕﺎه‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺷﻨﺎﺳﺎﯾﯽ ﻧﮕﺎرش و ﻣﺸﺨﺼﻪ ﻫﺎي ‪ IOS‬در ﺣﺎل اﺟﺮا‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫راﻫﻬﺎي ﻣﺘﻌﺪدي ﺑﺮاي ﺷﻨﺎﺳﺎﯾﯽ ‪ IOS‬در ﺣﺎل اﺟﺮا روي ادوات ﺳﯿﺴﮑﻮ وﺟﻮد دارد . اوﻟﯿﻦ راه ، ﻣﻄﺎﻟﻌﻪ ﭘﯿﺎﻣﻬﺎي‬ ‫ﺳﯿﺴﺘﻤﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت اﺳﺖ.ﻃﯽ اﯾﻦ ﻓﺮاﯾﻨﺪ ﻧﺎم ‪ Image‬ﻓﺎﯾﻞ ﺑﺎرﮔﺬاري ﺷﺪه از ﻓﻠﺶ ﻧﻤﺎﯾﺶ داده ﻣﯿﺸﻮد ﮐﻪ ﻧﺸﺎﻧﮕﺮ ﻧﺎم‬ ‫ﻓﺎﯾﻞ ‪ IOS‬ﻣﻮرد ﻧﻈﺮ اﺳﺖ اﯾﻦ ﻧﺎم ﺑﯿﺎﻧﮕﺮ ﺷﻤﺎره ﻧﮕﺎرش ‪ IOS‬و ‪ Feature Set‬ﯾﺎ ﻣﺸﺨﺼﻪ ﻫﺎي ﻓﻨﯽ ‪ IOS‬ﻣﻮرد ﻧﻈﺮ ﻣﯽ‬ ‫ﺑﺎﺷﺪ.‬ ‫در ﻟﯿﺴﺖ زﯾﺮ ﺑﺨﺸﯽ از اﻃﻼﻋﺎت ﻧﻤﺎﯾﺶ داده ﺷﺪه ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت را ﻣﺸﺎﻫﺪه ﻣﯽ ﮐﻨﯿﺪ ﮐﻪ از ﻃﺮﯾﻖ آن ﻣﯿﺘﻮان ﺑﻪ‬ ‫ﻧﮕﺎرش ‪ IOS‬و ﻣﺸﺨﺼﻪ ﻫﺎي ﻧﺴﺨﻪ در ﺣﺎل اﺳﺘﻔﺎده ﭘﯽ ﺑﺮد.‬ ‫‪Cisco Internetwork Operating System Software‬‬ ‫092 ‪Page 23 of‬‬
IOS (tm) 3600 Software (C3620-IK9O3S7-M), Version 12.3(25), RELEASE SOFTWARE (fc1) ‫ ﺗﻮﺟﻪ ﮐﻨﯿﺪ.اﯾﻦ ﻋﺒﺎرت ﺑﯿﺎﻧﮕﺮ وﯾﮋﮔﯿﻬﺎ و ﻧﻮع ﺑﺎرﮔﺬاري)در اداﻣﻪ ﺗﻮﺿﯿﺢ داده‬C3620-IK9O3S7-M ‫در ﺧﻂ دوم ﺑﻪ‬ .‫ در ﺣﺎل ﺑﺎرﮔﺬاري اﺳﺖ.در اداﻣﻪ آن ﺷﻤﺎره ﻧﮕﺎرش ﻧﻤﺎﯾﺶ داده ﺷﺪه اﺳﺖ‬IOS (‫ﺧﻮاﻫﺪ ﺷﺪ‬ ‫ اﺳﺖ.اﯾﻦ دﺳﺘﻮر اﻃﻼﻋﺎت‬Show Version ‫ اﺳﺘﻔﺎده از دﺳﺘﻮر‬IOS ‫راﯾﺞ ﺗﺮﯾﻦ راه ﺑﻪ دﺳﺖ آوردن ﻣﺸﺨﺼﻪ ﻫﺎي‬ ‫ و ﻣﺠﻤﻮﻋﻪ وﯾﮋﮔﯿﻬﺎي ان ﻫﻤﯿﻨﻄﻮر اﻃﻼﻋﺎت ﺳﺨﺖ اﻓﺰاري ﻣﺮﺗﺒﻂ ﺑﺎ دﺳﺘﮕﺎه ﻣﻮرد‬IOS ‫ﻣﺨﺘﻠﻔﯽ درﻣﻮرد ﺷﻤﺎره ﻧﮕﺎرش‬ .‫اﺳﺘﻔﺎده را ﻧﺸﺎن ﻣﯽ دﻫﺪ‬ ‫ﻟﯿﺴﺖ زﯾﺮ ﺧﺮوﺟﯽ اﯾﻦ دﺳﺘﻮر را ﺑﺮ روي روﺗﺮ 0263 ﻧﺸﺎن ﻣﯿﺪﻫﺪ‬ Router#show version Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IK9O3S7-M), Version 12.3(25), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 28-Jan-08 20:16 by alnguyen ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Router uptime is 23 minutes System returned to ROM by reload System image file is "flash:c3620-ik9o3s7-mz.123-25.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco 3620 (R4700) processor (revision 0x81) with 60416K/5120K bytes of memory. Processor board ID 24807256 R4700 CPU at 80MHz, Implementation 33, Rev 1.0 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 32 terminal line(s) DRAM configuration is 32 bits wide with parity disabled. 29K bytes of non-volatile configuration memory. 32768K bytes of processor board System flash (Read/Write) Page 24 of 290
Configuration register is 0x2102 Router# ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ از ﺧﺮوﺟﯽ ﺑﺮﻣﯽ آﯾﺪ ﺧﻂ ﻫﺎي 2و3و4 ﻫﻤﺎﻧﻨﺪ اﻃﻼﻋﺎت اﺧﺬ ﺷﺪه از ﻓﺮاﯾﻨﺪ ﺑﻮت ﻣﯽ ﺑﺎﺷﻨﺪ و ﺗﻔﺎوﺗﯽ ﻣﺸﺎﻫﺪ‬ “flash:c3620-ik9o3s7-mz.123- ‫ﻧﻤﯽ ﺷﻮد.در ﺧﻂ 31 ﺧﻮاﻫﯿﺪ دﯾﺪ ﮐﻪ ﻓﺎﯾﻠﯽ ﮐﻪ ﺳﯿﺴﺘﻢ از آن ﺑﻮت ﺷﺪه اﺳﺖ‬ .‫ ﻓﺎﯾﻠﯽ اﺳﺖ ﮐﻪ در ﺣﺎل ﺣﺎﺿﺮ روﺗﺮ ﺑﺮ ﻣﺒﻨﺎي آن ﮐﺎر ﻣﯿﮑﻨﺪ‬Image ‫.52 ﻧﺎم دارد اﯾﻦ ﻧﺎم واﻗﻌﯽ‬bin” ‫ ﺑﻮد.اﯾﻦ ﻗﻮاﻋﺪ ﻧﺎم ﮔﺬاري‬IOS ‫ﻗﺒﻞ از ﻧﮕﺎرش 4.21 ﺳﯿﺴﮑﻮ داراي ﻣﮑﺎﻧﯿﺰم ﻧﺎم ﮔﺬاري ﭘﯿﭽﯿﺪه اي ﺑﺮاي ﺑﯿﺎن وﯾﮋﮔﯿﻬﺎي‬ .‫ ﺑﻮد‬IOS ‫ﻣﺸﺘﻤﻞ ﺑﺮ ﺣﺮوﻓﯽ ﺑﻮدﻧﺪ ﮐﻪ ﻫﺮﯾﮏ ﺑﯿﺎﻧﮕﺮ وﯾﮋﮔﯽ ﺧﺎﺻﯽ در‬ .‫ﺟﺪول زﯾﺮ ﺷﺎﻣﻞ ﺣﺮوف و ﮐﺎراﮐﺘﺮﻫﺎي ﺷﻨﺎﺳﺎﯾﯽ اﺳﺖ ﮐﻪ ﭘﯿﺶ از ﻧﺴﺨﻪ 4.21 از آن اﺳﺘﻔﺎده ﻣﯿﺸﺪ‬ I Y S S6 S7 J O K K8 K9 X G C *C B N V *V R U P Telco Boot IP IP on 1700 Series Routers IP Plus IP Plus – No ATM IP Plus – No Voice Enterprise IOS Firewall/Intrusion Detection Cryptography/IPSEC/SSH 56Bit DES Encryption (Weak Cryptography) Triple DES / AES Encryption (Strong Cryptography) H323 Service Selection Gateway (SSG) Remote Access Server Can also be Packet Data Serving Node (PDSN) Apple Talk Novel IP/IPX VOX This can be Video Feature set as well in the near future. IBM Unlawful Intercept Service Provider Services Telecommunications Feature Set Boot Image (Used on high end MSR’s such as 7200 Series) IOS ‫ﺟﺪول 1.2-ﻧﺸﺎﻧﮕﺮﻫﺎي ﺑﯿﺎﻧﮕﺮ وﯾﮋﮔﯿﻬﺎي ﻓﻨﯽ‬ ‫ ﻣﺜﺎل ﺧﻮدﻣﺎن ﻣﯿﮑﻨﯿﻢ. ﻧﺎم ﻓﺎﯾﻞ ﻣﺬﺑﻮر‬IOS ‫اﮐﻨﻮن ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻗﻮاﻋﺪ ﻓﻮق اﻗﺪام ﺑﻪ ﺷﻨﺎﺳﺎﯾﯽ ﻣﺸﺨﺼﻪ ﻫﺎي‬ :‫ ﺑﻮد ﮐﻪ ﺑﺎ ﺷﮑﺴﺖ ان ﺑﻪ اﺟﺰاي ﺗﺸﮑﯿﻞ دﻫﻨﺪه ﺧﻮاﻫﯿﻢ داﺷﺖ‬flash:c3620-ik9o3s7-mz.123-25.bin Page 25 of 290
‫در ﻗﺪم ﺑﻌﺪي ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺟﺪول ﺑﺎﻻ ﻣﺸﺨﺼﻪ ﻫﺎي ‪ IOS‬را ﺷﻨﺎﺳﺎﯾﯽ ﻣﯿﮑﻨﯿﻢ‬ ‫‪i = IP‬‬ ‫)‪k9 = Strong Cryptography (3DES / AES‬‬ ‫‪o3 = IOS Firewall/Intrusion Detection‬‬ ‫)‪s7 = Plus (7 = No Voice‬‬ ‫ﺑﯿﺸﺘﺮ ‪ Image‬ﻓﺎﯾﻠﻬﺎي ‪ IOS‬در ﻧﺤﻮه ﺑﺎرﮔﺬاري و ﻓﺸﺮدﮔﯽ ﺑﺎ ﻫﻢ ﺗﻔﺎوت دارﻧﺪ.اﯾﻦ دو ﻣﺸﺨﺼﻪ ﻧﯿﺰ در ﻓﺮاﯾﻨﺪ ﻧﺎم ﮔﺬاري‬ ‫‪ IOS‬ﻟﺤﺎظ ﺷﺪه اﺳﺖ ﺑﺎ دﻗﺖ ﺑﻪ ﺳﺎﺧﺘﺎر ﺗﻔﮑﯿﮏ ﺷﺪه ﻗﺒﻞ درﺧﺼﻮص ﻧﺤﻮه ﻓﺸﺮده ﺳﺎزي و ﺑﺎرﮔﺬاري و ﻣﺮاﺟﻌﻪ ﺑﻪ‬ ‫ﺟﺪول زﯾﺮ در ﺧﻮاﻫﯿﻢ ﯾﺎﻓﺖ ﮐﻪ ‪ image‬ﻣﻮرد ﻧﻈﺮ ﻣﺎ از ﻓﺸﺮه ﺳﺎزي ‪ Zip‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ و ﺑﺎرﮔﺬاري آن ﻧﯿﺰ از ‪RAM‬‬ ‫ﺻﻮرت ﻣﯽ ﮔﯿﺮد.‬ ‫.‪The image executes from Flash memory‬‬ ‫.‪The image executes from RAM‬‬ ‫‪The image executes from ROM‬‬ ‫.‪The image is relocatable‬‬ ‫.‪The image is compressed using ZIP format‬‬ ‫.‪The image is compressed using MZIP format‬‬ ‫.‪The image is compressed using STAC format‬‬ ‫‪f‬‬ ‫‪m‬‬ ‫‪r‬‬ ‫‪l‬‬ ‫‪z‬‬ ‫‪x‬‬ ‫‪w‬‬ ‫ﺟﺪول 2.2-ﻧﺸﺎﻧﮕﺮﻫﺎي ﻓﺸﺮه ﺳﺎزي و ﺑﺎرﮔﺬاري‬ ‫از ﻧﮕﺎرش 4.21 ﺑﻪ ﺑﻌﺪ ﺳﯿﺴﮑﻮ ﻗﺮارداد ﺟﺪﯾﺪي را ﺑﺮاي ﻧﺎم ﮔﺬاري ﻣﺠﻤﻮﻋﻪ ﻣﺸﺨﺼﻪ ﻫﺎي ‪ IOS‬ﻣﻌﺮﻓﯽ ﮐﺮد.اﯾﻦ ﻗﺮارداد‬ ‫ﺟﺪﯾﺪ در ﻧﮕﺎرش 3.21 آﻏﺎز ﺷﺪ و اوﻟﯿﻦ در ﻧﮕﺎرش 4.21 ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﮔﺮﻓﺖ‬ ‫092 ‪Page 26 of‬‬
‫ﺷﮑﻞ زﯾﺮ درﺑﺮدارﻧﺪه اﺻﻮل ﺟﺪﯾﺪ ﻧﺎم ﮔﺬاري ‪ IOS‬ﻫﺎي ﺳﯿﺴﮑﻮ از ﻧﺴﺨﻪ ‪ 12.3T‬ﺑﻪ ﺑﺎﻻ اﺳﺖ‬ ‫ﺗﺼﻮﯾﺮ 1.2-ﻗﺮارداد ﺟﺪﯾﺪ ﻧﺎم ﮔﺬاري ‪ IOS‬روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ‬ ‫ﺑﺎ ﺣﺮﮐﺖ از ﭘﺎﯾﯿﻦ ﺑﺎ ﺑﺎﻻي درﺧﺖ ﻓﻮق در ﻣﯿﺎﺑﯿﻢ ﮐﻪ ‪ IP Base‬اﯾﻤﯿﺞ ﭘﺎﯾﻪ اﺳﺖ،از اﯾﻦ اﯾﻤﯿﺞ ﭘﺎﯾﻪ ‪ IP Voice‬ﺳﺎﺧﺘﻪ‬ ‫ﻣﯿﺸﻮد و ﭘﺲ از ان دو ﺷﺎﺧﻪ اﺻﻠﯽ ‪ Advanced Security‬و ‪ Enterprise Base‬را ﺧﻮاﻫﯿﻢ داﺷﺖ.‬ ‫‪ IP Voice‬ﻫﻤﭽﻨﯿﻦ داراي ﻗﺎﺑﻠﯿﺖ ارﺗﻘﺎء ﺑﻪ ﺳﺮوﯾﺴﻬﺎي ‪ Service Provider‬اﺳﺖ ﻣﺸﺘﻤﻞ ﺑﺮ ﻣﺸﺨﺼﻪ ﻫﺎي ‪SP‬‬ ‫‪ Services‬و ‪ IP Voice‬و ‪.IP Base‬‬ ‫ﻓﻘﻂ اﯾﻤﯿﺞ ﻫﺎي ”‪ “Advanced‬داراي ﻣﺸﺨﺼﻪ رﻣﺰ ﻧﮕﺎري )‪ Advanced Encryption Standard (AES‬ﻫﺴﺘﻨﺪ.‬ ‫ﺧﻼﺻﻪ ﻗﺮاردادﻫﺎي ﺟﺪﯾﺪ ﻧﺎم ﮔﺬاري را در ﮔﺮوه ﻫﺎي زﯾﺮ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ‬ ‫‪‬‬ ‫‪‬‬ ‫‪ : Base‬اﯾﻤﯿﺞ ﭘﺎﯾﻪ ﺑﺎ ﻣﺸﺨﺼﻪ ‪IP Base, Enterprise Base‬‬ ‫‪ : Services‬ﻣﻌﺮف ﺳﺮوﯾﺴﻬﺎي ﭘﯿﺸﺮﻓﺘﻪ ‪ Voice over Frame Relay and Atm ، MPLS ، Voice‬ﺑﺎ‬ ‫ﻣﺸﺨﺼﻪ ‪SP Services, Enterprise Services‬‬ ‫‪‬‬ ‫‪ : Advanced‬ﻣﻌﺮف ﻗﺎﺑﻠﯿﺘﻬﺎي ‪Intrusion ، IPSec، 3DES encryption،Cisco IOS Firewall ، Vpn‬‬ ‫‪‬‬ ‫‪ :Enterprise‬ﻣﻌﺮف ﭘﺮوﺗﮑﻠﻬﺎي اﺿﺎﻓﻪ اي ﻫﻤﭽﻮن ‪ Ipx,Apple talk‬ﺑﺎ ﻣﺸﺨﺼﻪ ‪Enterprise Base‬و‬ ‫)‪ Detection Systems (IDS‬ﺑﺎ ﻣﺸﺨﺼﻪ ‪Advanced Security, Advanced IP Services‬‬ ‫‪ Enterprise Services‬اﺳﺖ.‬ ‫092 ‪Page 27 of‬‬
‫دﻗﯿﻘﺎ ﻣﺎﻧﻨﺪ روﺗﺮﻫﺎ ﺑﺮاي ﺳﻮﯾﯿﭻ ﻫﺎ ﻧﯿﺰ ﭼﻨﯿﻦ ﻗﻮاﻋﺪ ﻧﺎم ﮔﺬاري وﺟﻮد دارﻧﺪ.‬ ‫ﺷﮑﻞ 2.2- ﻗﻮاﻧﯿﻦ ﻧﺎم ﮔﺬاري ﺟﺪﯾﺪ ‪ IOS‬ﺳﻮﯾﯿﭻ ﻫﺎي ﺳﯿﺴﮑﻮ‬ ‫در ﺳﻄﺮﻫﺎي زﯾﺮ ﻧﺎم ﺗﻌﺪادي از اﯾﻤﯿﺞ ﻫﺎي ‪ IOS‬روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ، ﻣﻄﺎﺑﻖ ﺑﺎ ﻗﻮاﻧﯿﻦ ﺟﺪﯾﺪ ﻧﺎم ﮔﺬاري را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ ‫‪‬‬ ‫روﺗﺮ 0082‬ ‫‪‬‬ ‫ﺳﻮﯾﯿﭻ 0573 ‪Catalyst‬‬ ‫‪c2800nm-adventerprisek9-mz.124-21.bin‬‬ ‫‪c2800nm-ipbase-mz.124-21.bin‬‬ ‫‪c3750-advipservicesk9-mz.122-44.SE.bin‬‬ ‫‪c3750-ipservicesk9-mz.122-44.SE.bin‬‬ ‫‪c3750-ipbase-mz.122-44.SE.bin‬‬ ‫‪IP Base‬‬ ‫رﺳﻤﺎ ﺑﻪ ﻋﻨﻮان )‪ Standard Multilayer Image (SMI‬روي ﺳﻮﯾﯿﭽﻬﺎ ﺳﺮي 0553 ﺷﻨﺎﺧﺘﻪ ﻣﯿﺸﻮد. اﯾﻦ ﺷﻨﺎﺳﻪ ﻧﺎم‬ ‫ﺑﯿﺎﻧﮕﺮ وﯾﮋﮔﯿﻬﺎﯾﯽ ﻫﻤﭽﻮن ‪ Advanced Qos-Rate limiting-Acls-static routing ,Rip‬ﻣﯽ ﺑﺎﺷﻨﺪ.‬ ‫‪IP Service‬‬ ‫092 ‪Page 28 of‬‬
‫رﺳﻤﺎ ﺑﻪ ﻋﻨﻮان )‪ Enhanced Multilayer Image (EMI‬روي ﺳﻮﯾﯿﭽﻬﺎي 0553 ﺷﻨﺎﺧﺘﻪ ﻣﯿﺸﻮد.داراي ﻣﺸﺨﺼﻪ ﻫﺎي‬ ‫ﻓﻨﯽ ﺑﯿﺸﺘﺮي ﻫﻤﭽﻮن ‪hardware-based IP Unicast and IP Multicast -enterprise class routing‬‬ ‫‪routing‬و )‪ policy based routing (PBR‬اﺳﺖ‬ ‫‪Advanced IP Services‬‬ ‫اﯾﻦ ﻣﺸﺨﺼﻪ از ﻃﺮﯾﻖ ﭘﺮداﺧﺖ ﻫﺰﯾﻨﻪ ﻣﺠﺰاي ﺧﺮﯾﺪ ﻻﯾﺴﻨﺲ ﻗﺎﺑﻞ ﺗﻬﯿﻪ اﺳﺖ . داراي وﯾﮋﮔﯿﻬﺎﯾﯽ ﻫﻤﭽﻮن 6‪Ipv‬‬ ‫‪ Routing‬و ‪ Ipv6 ACL support‬اﺳﺖ.‬ ‫‪Enterprise Services & Advanced Enterprise Services‬‬ ‫ﺣﺎوي ﺗﻤﺎم وﯾﮋﮔﯿﻬﺎي ﻗﺎﺑﻞ ﭘﺸﺘﯿﺒﺎﻧﯽ ﺗﻮﺳﻂ ﭘﻠﺘﻔﺮم ﻣﻮرد ﻧﻈﺮ ﻫﺴﺘﻨﺪ ﻫﻤﯿﻨﻄﻮر ﮔﺮاﻧﺘﺮﯾﻦ از ﻟﺤﺎظ ﻻﯾﺴﻨﺲ ﻣﺤﺴﻮب‬ ‫ﻣﯿﺸﻮﻧﺪ.اﯾﻦ ﺳﺮي از ‪ IOS‬ﻫﺎ ﺗﻨﻬﺎ ﺑﺮ روي ﺳﻮﯾﭽﻬﺎي ﻣﺎژوﻻر ﺳﺮي 0054 ، 0094 و 0056 ﻗﺎﺑﻞ ﻧﺼﺐ ﻫﺴﺘﻨﺪ‬ ‫در ﺳﻄﺮﻫﺎي زﯾﺮ ﺗﻌﺪادي از ﺳﻮﯾﯿﭽﻬﺎ ﻣﻌﻤﻮل ﺑﻪ ﻫﻤﺮاه ﻣﺸﺨﺼﻪ ﻻﯾﺴﻨﺲ ﻫﻤﺮاه ﺑﺎ آﻧﻬﺎ را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ ‫)‪C3560-24PS-S = Cisco 3560 Series 24 Ports PoE with Standard Image (IP Base‬‬ ‫)‪C3750-48TS-E = Cisco 3750 Series 48 Port Non-PoE with Enhanced Image (IP Services‬‬ ‫از آﻧﺠﺎﯾﯽ ﮐﻪ ﺳﻮﯾﯿﭽﻬﺎي ﺳﺮي 0692 ﺑﻪ ﺻﻮرت ﻻﯾﻪ دو ﻓﻌﺎﻟﯿﺖ ﻣﯿﮑﻨﻨﺪ از ﻣﺪل ﻻﯾﺴﻨﺲ ﻣﺘﻔﺎوﺗﯽ ﭘﯿﺮوي ﻣﯿﮑﻨﻨﺪ.اﯾﻦ‬ ‫ﻣﺪل ﻻﯾﺴﻨﺲ ﻣﺎﻧﻨﺪ ﺳﺮوي 0592 ﺷﺎﻣﻞ دو ﮔﺮوه ﻣﺸﺨﺼﻪ اﺻﻠﯽ ﻣﯿﺒﺎﺷﺪ ﺑﻪ ﻧﺎﻣﻬﺎي ‪Standard Image‬و ‪Enhanced‬‬ ‫‪ Image‬اﻣﺎ ﮔﺮوه ﻣﺸﺨﺼﻪ ﻫﺎي ﺟﺪﯾﺪ اﯾﻦ ﺳﺮي ‪ Lan based‬و ‪ Lan Lite‬ﻧﺎم دارﻧﺪ.اﯾﻦ ﮔﺮوه ﻣﺸﺨﺼﻪ ﻫﺎي ﺟﺪﯾﺪ‬ ‫وﯾﮋﮔﯿﻬﺎي ﻣﺘﻔﺎوﺗﯽ ﻫﻤﭽﻮن ‪Qos,Gigabit Ethernet,Rps,Rstp,Linkstate tracking,Dot1x,Dhcp snooping‬‬ ‫و ﺑﺴﯿﺎري وﯾﮋﮔﯿﻬﺎي ﺟﺪﯾﺪ را ﺑﺮاي ﺳﺮي 0692 ﺑﻪ ارﻣﻐﺎن ﻣﯽ آورد.‬ ‫اﻣﺮوزه و ﺑﺎ ﻣﻌﺮﻓﯽ 0.51 ‪ IOS‬ﺑﻪ ﺑﻌﺪ ﻧﺴﻞ ﺟﺪﯾﺪ از ‪ IOS‬ﺗﺤﺖ ﻧﺎم ﮐﻠﯽ ‪ Universal image‬ﻣﻌﺮﻓﯽ ﺷﺪه اﺳﺖ.ﮔﺮوه‬ ‫ﻣﺸﺨﺼﻪ ﻫﺎي اﯾﻦ ﻧﺴﻞ ﺗﻔﺎوﺗﯽ ﺑﺎ ﻧﺴﻞ ﻗﺒﻞ ﻧﺪاﺷﺘﻪ اﻣﺎ ﺑﻪ ﻣﻨﻈﻮر اﺳﺘﻔﺎده از وﯾﮋﮔﯿﻬﺎي ﻣﺘﻌﺪد اﯾﻦ ‪ IOS‬ﻣﯿﺒﺎﯾﺴﺖ ﻫﺮ‬ ‫ﮔﺮوه از آﻧﻬﺎ را از ﻃﺮﯾﻖ ﻻﯾﺴﻨﺲ ﻓﺎﯾﻞ در ﻣﺤﻞ ‪ NVRAM‬ﻓﻌﺎل ﮐﺮد.ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت، ‪ IOS‬ﺑﻪ دﻧﺒﺎل ﻓﺎﯾﻞ ﻻﯾﺴﻨﺲ‬ ‫ﻣﯿﮕﺮدد و ﭘﺲ از ﯾﺎﻓﺘﻦ آن وﯾﮋﮔﯿﻬﺎي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﻻﯾﺴﻨﺴﯽ را ﮐﻪ ﺧﺮﯾﺪاري ﺷﺪه اﺳﺖ را ا ﻓﻌﺎل ﻣﯿﮑﻨﺪ.ﻫﺮ ﻻﯾﺴﻨﺲ‬ ‫ﻓﺎﯾﻠﯽ ﻣﺘﻌﻠﻖ ﺑﻪ ﺷﻤﺎره ﺳﺮﯾﺎل ﭘﻠﺘﻔﺮم اﺧﺘﺼﺎﺻﯽ ﺧﻮد ﻣﯽ ﺑﺎﺷﺪ ﺑﻪ اﯾﻦ ﻣﻌﻨﯽ ﮐﻪ ﻗﺎﺑﻞ اﻧﺘﻘﺎل)ﮐﭙﯽ!( ﺑﻪ ﭘﻠﺘﻔﺮم دﯾﮕﺮ‬ ‫ﻧﯿﺴﺘﻨﺪ.‬ ‫092 ‪Page 29 of‬‬
‫ﻧﺴﻞ ﺟﺪﯾﺪ روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ ﻣﺎﻧﻨﺪ ﺳﺮي 0091 و 0092 و0093 ﻫﻤﮕﯽ از ﯾﮏ ‪ Unevirsal image‬ﻓﺎﯾﻞ ﻣﺸﺘﺮك‬ ‫اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ و ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻧﻮع وﯾﮋﮔﯿﻬﺎي ﮐﻪ اراﺋﻪ ﺧﻮاﻫﻨﺪ ﮐﺮد ﻧﯿﺎزﻣﻨﺪ ﻻﯾﺴﻨﺲ ﻣﺮﺗﺒﻂ ﻫﺴﺘﻨﺪ.اﯾﻦ وﯾﮋﮔﯽ ﻫﻤﭽﻨﯿﻦ‬ ‫ﺑﺮ روي ﺳﻮﯾﯿﭽﻬﺎي ‪ 3560E, 3750E‬ﭘﯿﺎده ﺷﺪه اﺳﺖ.‬ ‫ﻣﺜﺎل:‬ ‫‪c3560e-universalk9-mz.122-50.SE2.bin‬‬ ‫‪c3750e-universalk9-mz.122-50.SE2.bin‬‬ ‫‪c3900-universalk9-mz.150-1M.bin‬‬ ‫092 ‪Page 30 of‬‬
‫آزﻣﺎﯾﺶ ٤.١ – ﺗﻨﻈﻤﯿﺎت ﭘﺎﯾﮫ اﮐﺴﺲ ﺳﺮور ﻣﻮرد اﺳﺘﻔﺎده در آزﻣﺎﯾﺸﮕﺎه‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﯾﮏ دﺳﺘﮕﺎه اﮐﺴﺲ ﺳﺮور را ﺑﺎ ﻫﺪف دﺳﺘﺮﺳﯽ ﺑﻪ ﻫﻤﻪ ﺳﻮﯾﯿﭽﻬﺎ و روﺗﺮﻫﺎي ﻣﻮرد اﺳﺘﻔﺎده در اﯾﻦ‬ ‫آزﻣﺎﯾﺸﮕﺎه و ﻣﺪﯾﺮﯾﺖ آﻧﻬﺎ از ﯾﮏ ﻧﻘﻄﻪ ﻣﺮﮐﺰي ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ.‬ ‫ﺗﻮﺿﯿﺢ:در ﺻﻮرﺗﯿﮑﻪ ﺑﺎ ﺗﻨﻈﯿﻤﺎت ﻣﺮﺗﺒﻂ ﺑﺎ روﺗﺮﻫﺎ آﺷﻨﺎﯾﯽ ﻧﺪارﯾﺪ ﻣﯿﺘﻮان از اﯾﻦ ﻣﺒﺤﺚ ﻋﺒﻮر ﮐﺮد و ﭘﺲ از آﺷﻨﺎﯾﯽ‬ ‫ﻣﺠﺪدا ﺑﻪ آن ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻋﻤﻮﻣﺎ در ﺳﺎزﻣﺎﻧﻬﺎﯾﯽ ﮐﻪ داراي ﺗﻌﺪاد زﯾﺎدي ادوات ﺳﯿﺴﮑﻮ ﻫﺴﺘﻨﺪ از اﮐﺴﺲ ﺳﺮور ﺟﻬﺖ دﺳﺘﺮﺳﯽ و ﻣﺪﯾﺮﯾﺖ ﻣﺮﮐﺰي‬ ‫اﯾﻦ ادوات ﺑﻪ ﺟﺎي اﺗﺼﺎل ﻣﺠﺰا ﺑﻪ ﻫﺮ ﯾﮏ از اﯾﻦ ادوات اﺳﺘﻔﺎده ﻣﯿﺸﻮد. اﻣﻮري ﻫﻤﭽﻮن اﻋﻤﺎل ﮐﺎﻧﻔﯿﮕﻬﺎي روزﻣﺮه ﺗﺎ ﺑﻮت‬ ‫ﺑﻪ ﻣﺤﯿﻂ ‪ Rommon‬ﺟﻬﺖ ﭘﺴﻮرد رﯾﮑﺎوري ،ارﺗﻘﺎء ‪ IOS‬و ﺑﺴﯿﺎري دﯾﮕﺮ را از اﯾﻦ ﻃﺮﯾﻖ ﻣﯿﺘﻮان اﻧﺠﺎم داد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﮑﻤﯿﻞ آزﻣﺎﯾﺶ 2.1 و ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ اﮐﺴﺲ ﺳﺮور‬ ‫اﺗﺼﺎل ‪ Async Line‬ﻫﺎي اﮐﺴﺲ ﺳﺮور ﺑﻪ ادوات ﻣﺘﻨﺎﻇﺮ ﺑﻪ ﺷﺮح زﯾﺮ :‬ ‫1 ‪Line 1 – Router‬‬ ‫2 ‪Line 2 – Router‬‬ ‫3 ‪Line 3 – Router‬‬ ‫4 ‪Line 4 – Router‬‬ ‫5 ‪Line 5 – Router‬‬ ‫6 ‪Line 6 – Router‬‬ ‫1 ‪Line 7 – Switch‬‬ ‫2 ‪Line 8 – Switch‬‬ ‫3 ‪Line 9 – Switch‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ ‪ Hostname‬ﺑﻪ اﮐﺴﺲ ﺳﺮور‬ ‫اﯾﺠﺎد ﯾﮏ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺟﻬﺖ ﺑﺮﻗﺮاري ‪ Telnet‬از ﺳﻤﺖ آن ﺑﻪ ﺳﺎﯾﺮ ادوات‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﺟﺪول ‪ IP Host‬ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻫﺎي ‪ Telnet‬ﻣﻌﮑﻮس روي ﺧﻄﻮط ‪Async‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﺧﻄﻮط ‪ Async‬ﺑﻪ ﻣﻨﻈﻮر ﺟﻠﻮﮔﯿﺮي از اﯾﺠﺎد ‪ Exec session‬ﺑﺎ اﮐﺴﺲ ﺳﺮور‬ ‫‪‬‬ ‫ﻓﻌﺎل ﮐﺮدن ﻗﺎﺑﻠﯿﺖ ‪ Telnet‬روي ﺧﻄﻮط ‪async‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫092 ‪Page 31 of‬‬
‫ ﺑﻪ اﮐﺴﺲ ﺳﺮور‬Hostname ‫ﺗﺨﺼﯿﺺ‬ Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z Router(config)#hostname Access_Server Access_Server(config)# ‫ از ﺳﻤﺖ آن ﺑﻪ ﺳﺎﯾﺮ ادوات‬Telnet ‫اﯾﺠﺎد ﯾﮏ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺟﻬﺖ ﺑﺮﻗﺮاري‬ Access_Server(config)#interface loopback 0 Access_Server(config-if)#ip address 10.10.10.10 255.255.255.255 Access_Server(config-if)#exit Access_Server(config)# Async ‫ ﻣﻌﮑﻮس روي ﺧﻄﻮط‬Telnet ‫ ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻫﺎي‬IP Host ‫ﺗﻨﻈﯿﻢ ﺟﺪول‬ Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip host host host host host host host host host r1 2001 10.10.10.10 r2 2002 10.10.10.10 r3 2003 10.10.10.10 r4 2004 10.10.10.10 r5 2005 10.10.10.10 r6 2006 10.10.10.10 sw1 2007 10.10.10.10 sw2 2008 10.10.10.10 sw3 2009 10.10.10.10 ‫ ﺑﺎ اﮐﺴﺲ ﺳﺮور‬Exec session ‫ ﺑﻬﻢ ﻣﻨﻈﻮر ﺟﻠﻮﮔﯿﺮي از اﯾﺠﺎد‬Async ‫ﺗﻨﻈﯿﻢ ﺧﻄﻮط‬ Access_Server(config)#line 1 16 Access_Server(config-line)#no exec async ‫ روي ﺧﻄﻮط‬Telnet ‫ﻓﻌﺎل ﮐﺮدن ﻗﺎﺑﻠﯿﺖ‬ Access_Server(config-line)#transport input telnet ‫ﭘﺲ از ﮐﺎﻧﻔﯿﮓ دﺳﺘﮕﺎه ﺗﮏ ﺗﮏ ﺧﻄﻮط اﻧﺮا ﺟﻬﺖ ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺻﺤﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ﺗﻤﺎس آن ﺑﺎ ادوات ﻣﺘﻨﺎﻇﺮ‬ .‫ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ‬ Access_Server#r1 Trying r1 (10.10.10.10, 2037)… Open % Please answer ‘yes’ or ‘no’. Would you like to enter the initial configuration dialog? [yes/no]: Page 32 of 290
‫ﺟﻬﺖ ﺑﺮرﺳﯽ ﻣﺸﮑﻼت اﺣﺘﻤﺎﻟﯽ در ﮐﺎﻧﻔﯿﮓ دﺳﺘﮕﺎه ، دﺳﺘﻮرات ﻣﺘﻌﺪدي ﺟﻬﺖ ﯾﺎﻓﺘﻦ و رﻓﻊ اﻧﻬﺎ وﺟﻮد دارد ﻣﺎﻧﻨﺪ‬ ‫دﺳﺘﻮر زﯾﺮ‬ Access_Server#show host Default domain is not set Name/address lookup uses domain service Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent NA - Not Applicable None - Not defined Host Port r1 r2 r3 r4 r5 r6 sw1 sw2 sw3 2001 2002 2003 2004 2005 2006 2007 2008 2009 Flags (perm, (perm, (perm, (perm, (perm, (perm, (perm, (perm, (perm, OK) OK) OK) OK) OK) OK) OK) OK) OK) Age 0 0 0 0 0 0 0 0 0 Type IP IP IP IP IP IP IP IP IP Address(es) 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 Access_Server # ‫ ﮐﻪ اﻃﻼﻋﺎت ارﺗﺒﺎﻃﻬﺎي ﻓﻌﺎل ﺑﺎ ادوات ﺗﺤﺖ ﻣﺪﯾﺮﯾﺖ را ﻧﺸﺎن ﻣﯿﺪﻫﺪ‬Show sessions ‫و ﯾﺎ دﺳﺘﻮر‬ Access_Server#show host Default domain is not set Name/address lookup uses domain service Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent Access_Server#show session Conn Host Address Byte Idle Conn Name * 1 r1 10.10.10.10 0 3 r1 Access_Server# Page 33 of 290
‫آزﻣﺎﯾﺶ 5.1-ﻧﺼﺐ ﺷﺒﯿﻪ ﺳﺎز ﮔﺮاﻓﯿﮑﯽ 3‪Gns‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﻧﺼﺐ ﻧﺮم اﻓﺰار 3‪ Gns‬ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ و ﺗﺎ ﭘﺎﯾﺎن ﻣﺒﺎﺣﺚ از اﯾﻦ اﺑﺰار ﺟﻬﺖ ﺗﺮﺳﯿﻢ و ﺷﺒﯿﻪ ﺳﺎزي‬ ‫ﺗﻮﭘﻮﻟﻮژﯾﻬﺎ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.3‪ Gns‬ﺷﺒﯿﻪ ﺳﺎز روﺗﺮﻫﺎي ﺳﺨﺖ اﻓﺰاري ﺳﯿﺴﮑﻮ اﺳﺖ و ﻗﺎدر ﺑﻪ اﺟﺮاي ‪ IOS‬ﻫﺎي‬ ‫واﻗﻌﯽ اﯾﻦ ادوات ﻣﯽ ﺑﺎﺷﺪ.3‪ Gns‬ﺑﻪ ﻋﻨﻮان اﺑﺰاري ﮐﻤﮏ آﻣﻮزﺷﯽ ﺑﺮاي اﻓﺮادي ﮐﻪ ﻋﻼﻗﻤﻨﺪ ﺑﻪ ﯾﺎدﮔﯿﺮي ﭼﮕﻮﻧﮕﯽ‬ ‫ﭘﯿﮑﺮﺑﻨﺪي ادوات ﻫﻤﯿﻨﻄﻮر اﺧﺬ ﻣﺪارك ﺳﯿﺴﮑﻮ ﻣﯽ ﺑﺎﺷﻨﺪ ﺑﻪ ﮐﺎر ﻣﯽ رود.3‪ Gns‬اﺑﺰاري اﺳﺖ ﮐﻪ ﺗﻮﺳﻂ ﺗﻤﺎم اﻓﺮادي ﮐﻪ‬ ‫ﻋﻼﻗﻤﻨﺪ ﺑﻪ ﯾﺎدﮔﯿﺮي ﻣﻔﺎﻫﯿﻢ ﻋﻤﻠﯿﺎﺗﯽ ﺳﯿﺴﮑﻮ ﻣﯽ ﺑﺎﺷﻨﺪ از ﺳﻄﺢ ‪ CCNA‬ﺗﺎ‪ CCIE‬ﺑﻪ ﮐﺎر ﻣﯽ رود.اﯾﻦ اﺑﺰار ﻣﺎﻫﯿﺘﺎ ﺑﺎ‬ ‫ﻫﺪف ﮐﻤﮏ ﺑﻪ ﻓﺮاﯾﻨﺪ آﻣﻮزش ﻣﻔﺎﻫﯿﻢ ﺳﯿﺴﮑﻮﺳﺎﺧﺘﻪ ﺷﺪ اﻣﺎ در دﻧﯿﺎي واﻗﻌﯽ ﮐﺎرﺑﺮدﻫﺎي ﻣﻬﻤﯽ از ﻗﺒﯿﻞ آزﻣﺎﯾﺶ و ﺗﺎﯾﯿﺪ‬ ‫ﺻﺤﺖ ﮐﺎﻧﻔﯿﮓ ﻫﺎي اﻧﺠﺎم ﺷﺪه روي ادوات را ﻧﯿﺰ ﺑﺎ آن ﺑﻪ اﻧﺠﺎم ﻣﯽ رﺳﺎﻧﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه ‪ PC‬ﺣﺪاﻗﻞ دوﻫﺴﺘﻪ اي ﺑﺎ ‪ 2GB RAM‬آزاد‬ ‫داﻧﻠﻮد ﻧﺮم اﻓﺰار از آدرس ‪http://www.gns3.net/download‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫داﻧﻠﻮد ﻧﺮم اﻓﺰار 3‪GNS‬‬ ‫ﻧﺼﺐ آن روي ﮐﺎﻣﭙﯿﻮﺗﺮ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﭘﺲ از داﻧﻠﻮد ﻧﺮم اﻓﺰار از آدرس ﻓﻮق ﺑﺎ ﺻﻔﺤﻪ ‪ Installation Wizard‬ﮐﻪ در ﺷﮑﻞ زﯾﺮ ﻧﻤﺎﯾﺶ داده ﺷﺪه‬ ‫اﺳﺖ روﺑﺮو ﺧﻮاﻫﯿﺪ ﺷﺪ .‬ ‫092 ‪Page 34 of‬‬
‫2. ﺑﺎ ﮐﻠﯿﮏ روي دﮐﻤﻪ ‪ NEXT‬وارد ﺻﻔﺤﻪ ‪ License Agreement‬ﺧﻮاﻫﯿﻢ ﺷﺪ ﺑﺎ ﺗﺎﯾﯿﺪ آن وارد ﺻﻔﺤﻪ ﺑﻌﺪ‬ ‫ﻣﯿﺸﻮﯾﻢ‬ ‫3. ﭘﺲ از ﭘﺬﯾﺮش ‪ License Agreement‬ﺑﺎ ﭘﻨﺠﺮه ﺗﻌﯿﯿﻦ ﻧﺎم ﺑﺮاي ﭘﻮﺷﻪ ﻧﻤﺎﯾﺶ داده ﺷﺪه در ﻣﻨﻮي اﺳﺘﺎرت‬ ‫روﺑﺮو ﺧﻮاﻫﯿﻢ ﺷﺪ در ﺻﻮرت ﺗﻤﺎﯾﻞ اﯾﻦ ﻧﺎم را ﻋﻮض ﻣﯿﮑﻨﯿﻢ و ﯾﺎ ﺑﺎ ﭘﺬﯾﺮش "3‪" GNS‬روي دﮐﻤﻪ ‪NEXT‬‬ ‫ﮐﻠﯿﮏ ﻣﯿﮑﻨﯿﻢ‬ ‫092 ‪Page 35 of‬‬
‫4. در ﺻﻔﺤﻪ ﺑﻌﺪي ﺑﺎ ﮔﺰﯾﻨﻪ اﻧﺘﺨﺎب ﺑﺴﺘﻪ ﻫﺎي ﻧﺮم اﻓﺰاري ﻗﺎﺑﻞ ﻧﺼﺐ ﻣﻮﺟﻮد در ﻧﺼﺐ ﮐﻨﻨﺪه 3‪ GNS‬روﺑﺮو‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‪ WinPCAP‬اﺑﺰار/ﮐﺘﺎﺑﺨﺎﻧﻪ اي اﺳﺖ ﮐﻪ ﺑﺎ ﻫﺪف ‪ Packet Capture‬و ‪ packet analysis‬ﺑﻪ‬ ‫ﻫﻤﺮاه 3‪ GNS‬ﻧﺼﺐ ﻣﯿﺸﻮد.‪ Dynamips‬ﻗﻠﺐ اﯾﻦ ﻧﺮم اﻓﺰار ﻣﯽ ﺑﺎﺷﺪ و ﺷﺒﯿﻪ ﺳﺎز اﺻﻠﯽ روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ در‬ ‫واﻗﻊ اﯾﻦ اﺑﺰار اﺳﺖ،3‪ GNS‬ﺻﺮﻓﺎ ﭘﻮﺳﺘﻪ اي ﮔﺮاﻓﯿﮑﯽ اﺳﺖ ﮐﻪ ﺑﺮ روي اﯾﻦ اﯾﻦ اﺑﺰار ﺳﻮار ﺷﺪه و اﺟﺎزه ﺗﺮﺳﯿﻢ‬ ‫ﺗﻮﭘﻮﻟﻮژي و ﻣﺸﺎﻫﺪه ﻋﻤﮑﻠﺮد آﻧﺮا ﺑﻪ ﺻﻮرت ﻧﻤﺎدﯾﻦ ﻣﯽ دﻫﺪ.‪ PemuWrapper‬ﺷﺒﯿﻪ ﺳﺎز ﺳﺨﺖ اﻓﺰار ‪PIX‬‬ ‫اﺳﺖ و اﺟﺎزه ﻣﯿﺪﻫﺪ ﺗﺎ ﺷﺒﮑﻪ ﻫﺎي ﺷﺎﻣﻞ ‪ PIX‬اﻣﮑﺎن ﭘﯿﺎده ﺳﺎزي ﺑﺮ روي 3‪ GNS‬را داﺷﺘﻪ ﺑﺎﺷﻨﺪ.‬ ‫5. در ﺻﻔﺤﻪ ﺑﻌﺪ ﻣﺴﯿﺮ ﻧﺼﺐ 3‪ GNS‬ﻣﺸﺨﺺ ﺧﻮاﻫﺪ ﺷﺪ . ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض اﯾﻦ ﻣﺴﯿﺮ‬ ‫‪C:Program‬‬ ‫3‪ FilesGNS‬اﺳﺖ در ﺻﻮرت اﺳﺘﻔﺎده از وﯾﻨﺪوز 46 ﺑﯿﺘﯽ ﺑﻪ 3‪ C:Program Files (x83)GNS‬ﺗﻐﯿﯿﺮ‬ ‫ﺧﻮاﻫﺪ ﯾﺎﻓﺖ.‬ ‫6. در ﺻﻔﺤﻪ ﺑﻌﺪ ﻧﺼﺐ ﮐﻨﻨﺪه 3‪ GNS‬اﻗﺪام ﺑﻪ داﻧﻠﻮد و ﻧﺼﺐ ‪ WinPCAP‬ﻣﻄﺎﺑﻖ ﺷﮑﻞ زﯾﺮ ﺧﻮاﻫﺪ ﮐﺮد‬ ‫092 ‪Page 36 of‬‬
‫7. ﺑﺎ ﮐﻠﯿﮏ روي ‪ NEXT‬وارد ﺻﻔﺤﻪ اﺻﻠﯽ ﻧﺼﺐ ‪ WinPCAP‬ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫8. در ﺻﻔﺤﻪ ﺑﻌﺪي ‪ License Agreement‬ﻣﻮرد ﭘﺬﯾﺮش ﻗﺮار ﻣﯿﮕﯿﺮد‬ ‫092 ‪Page 37 of‬‬
‫9. ﭘﺲ از آن ﻧﺼﺐ ‪ WinpCap‬ﺑﻪ اﺗﻤﺎم ﺧﻮاﻫﺪ رﺳﯿﺪ‬ ‫01. و ﭘﺲ از آن ﻧﺼﺐ 3‪ GNS‬ﺗﮑﻤﯿﻞ ﺧﻮاﻫﺪ ﺷﺪ‬ ‫092 ‪Page 38 of‬‬
Page 39 of 290
‫آزﻣﺎﯾﺶ 6.1-ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ در 3‪GNS‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ ﻧﺮم اﻓﺰار 3‪ GNS‬ﮐﻪ در آزﻣﺎﯾﺸﺎت ﺑﻌﺪي ﺑﻪ ﻋﻨﻮان اﺑﺰار ﺷﺒﯿﻪ ﺳﺎزي ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬ ‫ﺧﻮاﻫﺪ ﮔﺮﻓﺖ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫3‪ GNS‬ﺑﻪ واﺳﻄﻪ ﺗﻮاﻧﻤﻨﺪي آن در ارﺗﺒﺎط ﺑﺎ ادوات واﻗﻌﯽ دﻧﯿﺎي ﺧﺎرج از ﮐﺎﻣﭙﯿﻮﺗﺮ ﺗﻮﺳﻂ ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ ﻣﻠﺰم ﺑﻪ اراﺋﻪ‬ ‫ﺣﺪاﮐﺜﺮ ﻧﺮخ ﻋﺒﻮر دﯾﺘﺎ ‪ 1KB/PS‬ﺷﺪه اﺳﺖ ﺗﺎ ﺑﻪ ﻋﻨﻮان ﺟﺎﯾﮕﺰﯾﻦ روﺗﺮ در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻠﯿﺎﺗﯽ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻧﮕﯿﺮد!‬ ‫از اﯾﻨﺮو ﺗﺒﺪﯾﻞ ﺑﻪ اﺑﺰار اﯾﺪه آﻟﯽ ﺟﻬﺖ آﻣﻮزش و ﺗﺴﺖ ﮐﺎﻧﻔﯿﮕﻬﺎ و ﺗﻮﭘﻮﻟﻮژﯾﻬﺎي ﺷﺒﮑﻪ ﻫﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ادوات ﺳﯿﺴﮑﻮ‬ ‫ﺷﺪه اﺳﺖ.در ﻃﯽ ﻓﺼﻮل آﺗﯽ از اﯾﻦ اﺑﺰار ﺟﻬﺖ ﭘﯿﺎده ﺳﺎزي ﺗﻨﻈﯿﻤﺎت روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﻣﻮرد اﺳﺘﻔﺎده در آزﻣﺎﯾﺸﺎت‬ ‫ﺑﻬﺮه ﺧﻮاﻫﯿﻢ ﺑﺮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪ ‬اﻃﻤﯿﻨﺎن از ﻧﺼﺐ 3‪ Gns‬ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﻮﺿﯿﺤﺎت آزﻣﺎﯾﺶ 5.1‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﻣﺴﯿﺮﻫﺎي ﺳﯿﺴﺘﻤﯽ و ﻣﺘﻐﯿﺮﻫﺎي داﺧﻠﯽ 3‪ gns‬ﺷﺎﻣﻞ ‪ putty‬و داﯾﺮﮐﺘﻮري ﭘﺮوژه ﻫﺎ‬ ‫ﭘﯿﮑﺮه ﺑﻨﺪي روﺗﺮﻫﺎي 5273 و 0643 ﺟﻬﺖ ﺑﮑﺎرﮔﯿﺮي ‪ 256MB RAM‬و ﻣﻌﺮﻓﯽ ‪ IOS‬ﻣﺮﺗﺒﻂ ﺑﻪ آﻧﻬﺎ ﺑﻪ ﻣﻨﻈﻮر‬ ‫اﺳﺘﻔﺎده در ﻓﺼﻮل آﺗﯽ.‬ ‫‪c3725-adventerprisek9-mz.124-15.T14.bin‬‬ ‫‪c3640-jk9o3s-mz.124-13a.bin‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﭘﺲ از اﺟﺮاي 3‪ GNS‬ﺑﺮاي اوﻟﯿﻦ ﺑﺎر ﭘﻨﺠﺮه ‪ Setup wizard‬ﻣﻄﺎﺑﻖ ﺷﮑﻞ زﯾﺮ ﻧﻤﺎﯾﺶ داده ﺧﻮاﻫﺪ ﺷﺪ.‬ ‫092 ‪Page 40 of‬‬
‫ﺗﺼﻮﯾﺮ 1.2 – ﭘﻨﺠﺮه ‪Settup wizard‬‬ ‫2. در وﺣﻠﻪ اول ﻧﯿﺎز ﺧﻮاﻫﯿﻢ داﺷﺖ ﺗﺎ ﻣﺴﯿﺮ داﯾﺮﮐﺘﻮرﯾﻬﺎي ﻣﻬﻢ ﻧﺮم اﻓﺰار را ﺗﻨﻈﯿﻢ و ﺗﺴﺖ ﮐﻨﯿﻢ.ﺑﺎ ﻓﺸﺮدن دﮐﻤﻪ‬ ‫1 در ﭘﻨﺠﺮه ‪ Setup wizard‬وارد ﭘﻨﺠﺮه زﯾﺮ ﻣﯽ ﺷﻮﯾﻢ.اﻃﻤﯿﻨﺎن ﺣﺎﺻﻞ ﮐﻨﯿﺪ ﻣﺴﯿﺮﻫﺎي ﻧﺸﺎن داده ﺷﺪه‬ ‫ﺻﺤﯿﺢ ﻫﺴﺘﻨﺪ.‪ putty‬ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﺟﻬﺖ اﺗﺼﺎل ﺗﺮﻣﯿﻨﺎﻟﯽ ﺑﻪ ﻫﻤﺮاه 3‪ GNS‬ﻧﺼﺐ ﻣﯿﺸﻮد اﻣﺎ اﮔﺮ ﺗﻤﺎﯾﻞ‬ ‫ﺑﻪ اﺳﺘﻔﺎده از ‪ SecureCrt‬را دارﯾﺪ ﺑﺎﯾﺪ ﺗﻨﻈﯿﻤﺎت ﻣﺴﯿﺮ آﻧﺮا در ﺗﺐ ”‪ “Terminal Settings‬آﯾﺘﻢ ‪terminal‬‬ ‫‪ application command string‬اﻧﺠﺎم دﻫﯿﺪ.‬ ‫ﺗﺼﻮﯾﺮ 2.2-ﭘﻨﺠﺮه ‪General Setup‬‬ ‫3. اﮐﻨﻮن ﺑﺮ روي ﻋﺒﺎرت ‪ Dynamips‬واﻗﻊ در ﭘﻨﻞ ﺳﻤﺖ راﺳﺖ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت ﮐﻠﯿﮏ ﮐﻨﯿﺪ و اﻃﻤﯿﻨﺎن ﺣﺎﺻﻞ‬ ‫ﮐﻨﯿﺪ ﻣﺴﯿﺮﻫﺎي ﻓﺎﯾﻠﻬﺎي اﺟﺮاﯾﯽ و داﯾﺮﮐﺘﻮري ﺟﺎري آن ﺻﺤﯿﺢ ﻫﺴﺘﻨﺪ. ﭘﺲ از آن روي دﮐﻤﻪ ‪Test‬‬ ‫‪ Settings‬ﮐﻠﯿﮏ ﮐﻨﯿﺪ و ﭘﺲ از ﭼﻨﺪ ﻟﺤﻈﻪ ﺑﺎ ﭘﯿﺎم ﺳﺒﺰرﻧﮓ ‪ Dynamips successfully started‬روﺑﺮو‬ ‫ﺧﻮاﻫﯿﺪ ﺷﺪ.‬ ‫092 ‪Page 41 of‬‬
‫ﺗﺼﻮﯾﺮ 3.2 – ﺑﺮرﺳﯽ ﺻﺤﺖ ﻣﺴﯿﺮ ‪Dynamips‬‬ ‫در ﻃﯽ آزﻣﺎﯾﺸﺎت و ﺑﺮرﺳﯽ ﺗﻮﭘﻮﻟﻮژﯾﻬﺎي ﻓﺼﻮل ﺑﻌﺪ ، از ‪ IOS‬ﻣﺮﺑﻮط ﺑﻪ روﺗﺮﻫﺎي 5273 و 0463 اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ‬ ‫ﮐﺮد.ﻓﺎﯾﻠﻬﺎي ﻣﺬﺑﻮر را از اﯾﻨﺘﺮﻧﺖ داﻧﻠﻮد ﮐﺮده ودر ﻣﺴﯿﺮ ‪ gns3images‬ﺗﻮﺳﻂ ‪ Winrar‬از ﺣﺎﻟﺖ ﻓﺸﺮده ﺧﺎرج‬ ‫ﺳﺎزﯾﺪ.ﺗﻮﺿﯿﺢ اﯾﻨﮑﻪ اﯾﻤﯿﺞ ﻫﺎي ‪ IOS‬ﻣﺎﻫﯿﺘﺎ ﻓﺸﺮده ﺷﺪه ﻫﺴﺘﻨﺪ ، ﺑﻪ ﻣﻨﻈﻮر ﺳﺮﯾﻌﺘﺮ ﺑﻮت ﺷﺪن روﺗﺮﻫﺎي آزﻣﺎﯾﺶ اﺑﺘﺪا‬ ‫اﻧﻬﺎ در ‪ Decompress‬ﻣﯿﮑﻨﯿﻢ و ﻓﺎﯾﻞ ﻧﻬﺎﯾﯽ ﺑﺎ ﭘﺴﻮﻧﺪ ‪ bin‬را ﺑﻪ 3‪ GNS‬ﻣﻌﺮﻓﯽ ﻣﯿﮑﻨﯿﻢ.‬ ‫ﺗﻮﺿﯿﺢ ﻣﺘﺮﺟﻢ : ﭘﯿﺸﻨﻬﺎد ﻣﯿﺸﻮد ﺑﻪ ﺟﺎي ‪ IOS‬ﻫﺎي 0463و5273 از 5473 اﺳﺘﻔﺎده ﺷﻮد . اﯾﻦ ‪ IOS‬اﻣﮑﺎن اﻋﻤﺎل‬ ‫ﮐﺎﻧﻔﯿﮕﻬﺎي ‪ Vlan‬را در ﻣﺤﯿﻂ ﮔﻠﻮﺑﺎل ﮐﺎﻧﻔﯿﮓ ﻫﻤﺎﻧﻨﺪ ﯾﮏ ﺳﻮﯾﯿﭻ واﻗﻌﯽ ﻓﺮاﻫﻢ ﻣﯽ آورد.‬ ‫092 ‪Page 42 of‬‬
‫ﺗﺼﻮﯾﺮ 4.2 – ﺗﻨﻈﯿﻢ ﻣﺴﯿﺮ ‪ ios‬روﺗﺮﻫﺎ‬ ‫4. ﭘﺲ از راه اﻧﺪازي ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ ‪ Dynamips‬از ﭘﻨﺠﺮه ‪ preferences‬ﺧﺎرج ﺷﻮﯾﺪ و ﻣﺠﺪدا ﺑﻪ ‪Setup‬‬ ‫‪ wizard‬ﺑﺮﮔﺮدﯾﺪ.و دﮐﻤﻪ 2 را ﺑﻪ ﻣﻨﻈﻮر اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت روﺗﺮﻫﺎي ﻣﻮرد اﺳﺘﻔﺎده در 3‪ GNS‬ﮐﻠﯿﮏ ﮐﻨﯿﺪ.در‬ ‫اﯾﻦ ﭘﻨﺠﺮه روﺗﺮﻫﺎي 5273 و 0463 را ﺑﺎ ‪ 256MB RAM‬ﺗﻨﻈﯿﻢ ﺧﻮاﻫﯿﻢ ﮐﺮد و ﻣﺴﯿﺮ ‪ IOS‬ﻫﺎي‬ ‫‪ Decompress‬ﺷﺪه واﻗﻊ در ‪ gns3images‬را ﺑﻪ آن ﻣﻌﺮﻓﯽ ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫ﻧﮑﺘﻪ:ﻣﯿﺰان ﺣﺪاﮐﺜﺮ ‪ RAM‬ﻗﺎﺑﻞ اﺳﺘﻔﺎده ‪ Hyper-visor‬را از ﻃﺮﯾﻖ ‪Prefrences-> Dynamips->Hyper-visor‬ﺑﻪ‬ ‫‪ 2GB‬اﻓﺰاﯾﺶ دﻫﯿﺪ.‬ ‫5. ﭘﺲ از ﺗﮑﻤﯿﻞ ﺗﻨﻈﯿﻤﺎت روﺗﺮﻫﺎي ﻣﻮرد ﻧﯿﺎز ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ ﻣﯽ ﺗﻮاﻧﯿﺪ از ﻣﺤﯿﻂ ﺗﻨﻈﯿﻤﺎت ﺧﺎرج ﺷﻮﯾﺪ و‬ ‫3‪ Gns‬را ﻣﺠﺪدا راه اﻧﺪازي ﮐﻨﯿﺪ اﮐﻨﻮن اﯾﻦ ﻣﺤﯿﻂ اﻣﺎده اﺳﺘﻔﺎده ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﻣﯿﺒﺎﺷﺪ.‬ ‫092 ‪Page 43 of‬‬
‫آزﻣﺎﯾﺶ 8.1- ﺗﻈﯿﻤﺎت 3‪ GNS‬ﺟﻬﺖ ارﺗﺒﺎط ﺑﺎ ﺗﺠﻬﯿﺰات واﻗﻌﯽ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺧﻮاﻫﯿﻢ دﯾﺪ ﭼﮕﻮﻧﻪ ‪ NIO (Network Input/Output) Cloud‬را در3‪ GNS‬ﺑﻪ ﻣﻨﻈﻮر اﺟﺮاي‬ ‫آزﻣﺎﯾﺸﺎت ﻓﺼﻮل ﺑﻌﺪ ﭘﯿﮑﺮه ﺑﻨﺪي ﮐﻨﯿﻢ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در 3‪ GNS‬از ﻃﺮﯾﻖ راﺑﻂ ‪ Cloud‬و ﺗﻨﻈﯿﻢ ارﺗﺒﺎط آن ﺑﺎ ﮐﺎرت)ﮐﺎرﺗﻬﺎي( ﺷﺒﮑﻪ ﻣﻮﺟﻮد در ‪ pc‬اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ‬ ‫ﺗﺠﻬﯿﺰات واﻗﻌﯽ ﺷﺒﮑﻪ وﺟﻮد دارد .ﮐﺎرﺑﺮد ﻫﺎي ‪ Cloud‬ﻣﺸﺘﻤﻞ ﺑﺮ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ روﺗﺮ و ﺳﻮﯾﯿﭽﻬﺎي ﻓﯿﺰﯾﮑﯽ ﮔﺮﻓﺘﻪ‬ ‫ﺗﺎ ارﺗﺒﺎط ﻣﺎﺷﯿﻨﻬﺎي ﻣﺠﺎزي ﻧﺼﺐ ﺷﺪه روي ‪ pc‬ﺑﺎ 3‪ Gns‬ﯾﺎ ‪ loopback adapter‬ﻫﺎي اﯾﺠﺎد ﺷﺪه روي ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ‬ ‫ﺑﻪ ﻣﻨﻈﻮر ﺑﺮﻗﺮاري ارﺗﺒﺎﻃﻬﺎي ﻣﺠﺰا ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮﻫﺎي درون 3‪ GNS‬ﻣﯽ ﺑﺎﺷﺪ.در اﯾﻦ آزﻣﺎﯾﺶ ﺧﻮاﻫﯿﻢ آﻣﻮﺧﺖ‬ ‫ﭼﮕﻮﻧﻪ ‪ Loopback‬اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻧﺼﺐ ﺷﺪه روي ‪ local host‬را ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ارﺗﺒﺎط ﺑﺎ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ادوات‬ ‫ﺳﯿﺴﮑﻮ درون 3‪ Gns‬ﺗﻨﻈﯿﻢ ﮐﻨﯿﻢ.ﻧﺘﯿﺠﻪ اﯾﻦ ﻓﺮاﯾﻨﺪ ﺷﺒﯿﻪ ﺳﺎزي اﺗﺼﺎﻻت ﻓﯿﺰﯾﮑﯽ ﺑﻪ ادوات ﺳﯿﺴﮑﻮ ﻣﯽ ﺑﺎﺷﺪ.در ﻋﯿﻦ‬ ‫ﺣﺎل ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﺷﺎره ﺷﺪ ﻣﯿﺘﻮان ‪ Cloud‬را ﺑﻪ ﮐﺎرت ﺷﺒﮑﻪ ﻫﺎي ﻓﯿﺰﯾﮑﯽ ﻣﻮﺟﻮد در ‪ pc‬ﺑﻪ ﺟﺎي ‪loopback adapter‬‬ ‫ﻣﺘﺼﻞ ﮐﺮد،ﺑﺎ اﯾﻨﮑﺎر اﻣﮑﺎن اﺗﺼﺎل ﺑﻪ ادوات واﻗﻌﯽ ﻣﻮﺟﻮد در ‪ Lan‬ﭘﺪﯾﺪ ﻣﯽ آﯾﺪ .ذﮐﺮ اﯾﻦ ﻧﮑﺘﻪ ﻫﻢ اﻟﺰاﻣﯽ اﺳﺖ ﮐﻪ‬ ‫اﺗﺼﺎل ﺑﻪ ادوات درون 3‪ Gns‬از ﻃﺮﯾﻖ ‪ loopback‬اﺣﺘﻤﺎل ﮐﺮش ﮐﺮدن ‪ Dynamips‬را ﺑﺎﻻ ﻣﯽ ﺑﺮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻤﺎت 3‪ Gns‬ﻣﻄﺎﺑﻖ ﺑﺎ آزﻣﺎﯾﺶ 7.1‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻧﺼﺐ ‪ adapter Loopback‬روي وﯾﻨﺪوز‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ‪ ip‬روي‪ Loopback adapter‬ﻧﺼﺐ ﺷﺪه‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ‪ Cloud‬اﯾﻨﺘﺮﻓﯿﺲ در 3‪ Gns‬و ﺑﺮﻗﺮاري ارﺗﺒﺎط آن ﺑﺎ ‪Loopback adapter‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري اﺗﺼﺎل‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1.‬ ‫ﻓﺮاﺧﻮاﻧﯽ ﭘﻨﺠﺮه "‪ "Add Hardware‬از ﻃﺮﯾﻖ ‪ hdwwiz‬در وﯾﻨﺪوز7 ﯾﺎ ‪ hdwwzd.cpl‬در وﯾﻨﺪوز‪XP‬‬ ‫092 ‪Page 44 of‬‬
‫ﭘﺲ از اﯾﻦ ﺻﻔﺤﻪ ، ﮔﺰﯾﻨﻪ ‪ Advance‬ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ اﻧﺘﺨﺎب ﻣﯿﺸﻮد.‬ ‫ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ ﮔﺰﯾﻨﻪ ‪ Network adapters‬اﻧﺘﺨﺎب ﻣﯿﺸﻮد.‬ ‫092 ‪Page 45 of‬‬
‫از ﻟﯿﺴﺖ ﺳﻤﺖ ﭼﭗ ‪ Microsoft‬و از ﻟﯿﺴﺖ ﺳﻤﺖ راﺳﺖ ‪ Loopback adapter‬را ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ اﻧﺘﺨﺎب ﻣﯽ ﮐﻨﯿﻢ‬ ‫ﭘﺲ از اﯾﻦ ﻣﺮﺣﻠﻪ و ﻧﺼﺐ ‪ adapter‬ﺳﯿﺴﺘﻢ را رﯾﺴﺖ ﻣﯿﮑﻨﯿﻢ‬ ‫092 ‪Page 46 of‬‬
‫2. ﻣﺮﺣﻠﻪ ﺗﻨﻈﯿﻢ ‪ ip address‬ﺑﺮ روي ‪ Loopback adapter‬اﯾﺠﺎد ﺷﺪه .‬ ‫‪ Loopback adapter‬ﺑﻪ ﺻﻮرت ﯾﮏ ﮐﺎرت ﺷﺒﮑﻪ ﻓﯿﺰﯾﮑﯽ در ﻗﺴﻤﺖ ﺗﻨﻈﯿﻤﺎت ﺷﺒﮑﻪ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ و در‬ ‫ﮐﻨﺎر ﺳﺎﯾﺮ ﮐﺎرت)ﮐﺎرﺗﻬﺎي( ﺷﺒﮑﻪ ﻧﻤﺎﯾﺶ داده ﻣﯽ ﺷﻮد، ﻧﺘﯿﺠﻪ آﻧﮑﻪ ﺑﻪ ﻫﻤﺎن روش ﻣﺮﺳﻮم ‪ ip‬دﻫﯽ ﺑﻪ ﮐﺎرﺗﻬﺎي‬ ‫ﺷﺒﮑﻪ ﺻﺎﺣﺐ ‪ ip‬ﺧﻮاﻫﺪ ﺷﺪ ﻓﻌﻼ 42/01.552.861.291 را ﺑﻪ آن اﺧﺘﺼﺎص ﻣﯽ دﻫﯿﻢ.‬ ‫3. اﯾﺠﺎد ‪ Cloud interface‬در 3‪ Gns‬و اﺗﺼﺎل آن ﺑﻪ ‪ Loopback adapter‬اﯾﺠﺎد ﺷﺪه در ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ.‬ ‫در ﭘﻨﻞ ‪ Node type‬واﻗﻊ در ﺳﻤﺖ راﺳﺖ ﺻﻔﺤﻪ 3‪ Gns‬آﯾﺘﻢ ‪ Cloud‬را ﺑﻪ ﻗﺴﻤﺖ ﻃﺮاﺣﯽ ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫‪ Drag‬ﻣﯿﮑﻨﯿﻢ.‬ ‫ﺗﺼﻮﯾﺮ 1.8.1 – اﻓﺰودن ‪ cloud‬ﺑﻪ ﻣﺤﯿﻂ ﻃﺮاﺣﯽ‬ ‫اﮐﻨﻮن ﭘﺲ از دﺑﻞ ﮐﻠﯿﮏ روي ‪ cloud‬ﺳﺎﺧﺘﻪ ﺷﺪه ، ﭘﻨﺠﺮه ﺗﻨﻈﯿﻤﺎت ‪ cloud‬ﻫﺎي ﻣﻮﺟﻮد در ﺻﻔﺤﻪ ﻃﺮاﺣﯽ ﻣﻄﺎﺑﻖ‬ ‫ﺗﺼﻮﯾﺮ زﯾﺮ ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد.از ﻟﯿﺴﺖ ﻣﻮﺟﻮد 1‪ C‬را اﻧﺘﺨﺎب ﮐﻨﯿﺪ‬ ‫092 ‪Page 47 of‬‬
‫ﺗﺼﻮﯾﺮ 2.8.1 – ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت ‪cloud‬‬ ‫از ﻟﯿﺴﺖ ‪ Generic Ethernet Nio‬ﮐﻪ ﺣﺎوي ﻟﯿﺴﺖ ﮐﺎرﺗﻬﺎي ﺷﺒﮑﻪ و ‪ Loopback adapter‬ﻫﺎ اﺳﺖ ‪Loopbak‬‬ ‫1‪ adapter‬را اﻧﺘﺨﺎب ﻣﯿﮑﻨﯿﻢ و ﺑﺎ ﻓﺸﺮدن دﮐﻤﻪ ‪ Add‬ﺑﻪ ﻟﯿﺴﺖ ﻣﯿﺎﻧﯽ ﺻﻔﺤﻪ اﺿﺎﻓﻪ ﻣﯿﮑﻨﯿﻢ.‬ ‫ﺗﺼﻮﯾﺮ 3.8.1 – اﻧﺘﺨﺎب ‪ Loopback adapter‬و اﺗﺼﺎل آن ﺑﻪ ‪Cloud‬‬ ‫ﭘﺲ از اﻓﺰودن ‪ Cloud‬و اﺗﺼﺎل آن ﺑﻪ ﮐﺎرت ﺷﺒﮑﻪ ﻣﺠﺎزي اﯾﺠﺎد ﺷﺪه در ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﻧﻮﺑﺖ اﺗﺼﺎل آن ﺑﻪ ﯾﮑﯽ از‬ ‫ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ واﻗﻊ در 3‪ Gns‬و ﺗﺴﺖ ان اﺳﺖ.ﺑﺎ اﻓﺰودن ﻣﺎژول ‪ Nm-16esw‬ﺑﻪ روﺗﺮ 5273 ﺑﻪ ﻧﻮﻋﯽ از آن ﺑﻪ ﻋﻨﻮان‬ ‫ﺳﻮﯾﯿﭻ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫092 ‪Page 48 of‬‬
‫ﺗﺼﻮﯾﺮ 5.8.1- اﻓﺰودن ﻣﺎژول ‪ NM-16ESW‬ﺑﻪ روﺗﺮ‬ ‫ﭘﺲ از اﻧﺘﺨﺎب ‪ Cloud‬و اﺗﺼﺎل آن از ﻃﺮﯾﻖ 54‪ Rj‬ﺑﻪ 0/1‪ F‬روﺗﺮ و در واﻗﻊ ﺳﻮﯾﯿﭻ ! ، ﺻﺤﺖ اﺗﺼﺎﻻت را ﭼﮏ ﻣﯿﮑﻨﯿﻢ‬ ‫092 ‪Page 49 of‬‬
NM-16ESW ‫ ﺑﻪ ﭘﻮرت ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ ﻣﺎژول‬cloud ‫ﺗﺼﻮﯾﺮ 6.8.1 – اﺗﺼﺎل‬ ‫ و‬F1/0 ‫ اﻣﺘﺤﺎن ﻣﯿﮑﻨﯿﻢ.آدرس 42/1.552.861.291 را ﺑﻪ‬R1 ‫ ﺑﻪ‬ip ‫4. اﮐﻨﻮن ﺻﺤﺖ اﺗﺼﺎﻻت را ﺑﺎ ﺗﺨﺼﯿﺺ‬ .‫ ﺗﺨﺼﯿﺺ ﻣﯿﺪﻫﯿﻢ‬Loopback ‫.42/01.552.861.291 را ﺑﻪ‬ Router con0 is now available Press RETURN to get started! Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname SW1 SW1(config)#interface FastEthernet 1/0 SW1(config-if)#ip add 192.168.255.1 255.255.255.0 SW1(config-if)#no shut SW1(config-if)#end SW1#ping 192.168.255.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds: ..!!! Success rate is 60 percent (3/5) SW1#ping 192.168.255.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms Page 50 of 290
‫#1‪SW‬‬ ‫ﺧﻮب ! ﻧﺘﯿﺠﻪ ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﻧﺘﻈﺎر ﻣﯽ رﻓﺖ از آب درآﻣﺪ.‬ ‫092 ‪Page 51 of‬‬
‫ﻓﺼﻞ دوم : ﻣﺪﯾﺮﯾﺖ ﭘﺎﯾﻪ روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ‬ ‫آزﻣﺎﯾﺶ 1.2-ﭘﺴﻮرد رﯾﮑﺎوري روﺗﺮﻫﺎي ﺳﺮي 0052‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻣﺮاﺣﻞ ‪ Reset/clear‬ﮐﺮدن ﭘﺴﻮرد ‪ Console‬و ‪ Enable‬روﺗﺮﻫﺎي ﺳﺮي 0052 آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺳﺮي 0052 از ﻗﺪﯾﻤﯽ ﺗﺮﯾﻦ رده روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ ﻣﯽ ﺑﺎﺷﺪ و ﺑﻌﻀﺎ ﻣﺸﺎﻫﺪه آﻧﻬﺎ در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﺑﺎ ‪ Uptime‬ﻫﺎي‬ ‫ﻧﺰدﯾﮏ 8 ﺳﺎل ﺑﺎﻋﺚ ﺷﮕﻔﺘﯽ ﻣﯽ ﺷﻮﻧﺪ.اﻣﺮوزه ﻋﻤﺪه ﮐﺎرﺑﺮد اﯾﻦ ﺳﺮي ﺟﻬﺖ اﻫﺪاف آﻣﻮزﺷﯽ و در آزﻣﺎﯾﺸﮕﺎﻫﻬﺎي‬ ‫ﺷﺒﮑﻪ ﻣﯽ ﺑﺎﺷﺪ و اﺑﺰارﻫﺎي ﻓﻮق اﻟﻌﺎده اي ﺟﻬﺖ ﻣﻌﺮﻓﯽ و آﺷﻨﺎﯾﯽ ﺑﺎ ‪ IOS‬ﺳﯿﺴﮑﻮ ﻣﺤﺴﻮب ﻣﯿﺸﻮﻧﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ 0052 ﺑﺎ ﭘﺴﻮرد ‪ Console‬ﯾﺎ ‪ Enable‬ﮔﻢ ﺷﺪه!‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ ﭘﻮرت ﮐﻨﺴﻮل دﺳﺘﮕﺎه‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﻣﺘﻮﻗﻒ ﮐﺮدن ﻓﺮاﯾﻨﺪ ﺑﻮت دﺳﺘﮕﺎه و ورود ﺑﻪ ‪rom monitor mode‬‬ ‫ﺗﻐﯿﯿﺮ ﻣﺤﺘﻮاي ‪ configuration register‬ﺑﻪ 2412×0 ﺟﻬﺖ ‪ Bypass‬ﮐﺮدن ﻣﺤﺘﻮاي ‪ Nvram‬در ﻫﻨﮕﺎم‬ ‫ﺑﻮت و ﭘﺲ از آن ﭘﯿﮑﺮﺑﻨﺪي ﻣﺠﺪد روﺗﺮ‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺑﺎ ﯾﮏ روﺗﺮ 1052 روﺑﺮو ﻫﺴﺘﯿﻢ ﮐﻪ داري ﭘﺴﻮرد ﮐﻨﺴﻮل ﻧﺎﻣﻌﯿﻨﯽ اﺳﺖ.ﺑﺎ ﭼﻨﯿﻦ ﭘﺴﻮردي و ﺑﺪون داﻧﺴﺘﻦ آن ﻗﺎدر ﺑﻪ‬ ‫ورود ﺑﻪ ﻣﺤﯿﻂ ‪ Exec mode‬ﻧﯿﺴﺘﯿﻢ، ﺑﺎ ﭼﻨﯿﻦ ﺳﻨﺎرﯾﻮﯾﯽ در ﻫﻨﮕﺎم ﺧﺮﯾﺪ ادوات دﺳﺖ دوم زﯾﺎد ﺑﺮﺧﻮرد ﻣﯿﮑﻨﯿﻢ.‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪User Access Verification‬‬ ‫:‪Password‬‬ ‫092 ‪Page 52 of‬‬
‫روﺗﺮ را روﺷﻦ ﻣﯿﮑﻨﯿﻢ ﺗﺎ ﻓﺮاﯾﻨﺪ ﺑﻮت آﻏﺎز ﺷﻮد ، در اﯾﻦ ﺣﯿﻦ ﻧﯿﺎز اﺳﺖ ﺗﺎ ﻓﺮاﯾﻨﺪ ﺑﻮت ﺑﻪ ﺻﻮرت ﻧﺮﻣﺎل ﻣﺘﻮﻗﻒ‬ .1 ‫ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ ﺗﺎ ﺑﻪ‬Ctrl+Puse Breake ‫ ﺑﺎﻻ ﺑﯿﺎﯾﺪ ، اﯾﻨﮑﺎر را ﻓﺸﺮدن ﻣﮑﺮر‬bootrom ‫ﺷﻮد و روﺗﺮ ﺑﺎ‬ .‫ وارد ﺷﻮﯾﻢ‬bootrom ‫ﻣﺤﯿﻂ‬ System Bootstrap, Version 11.0(10c), SOFTWARE Copyright (c) 1986-1996 by cisco Systems 2500 processor with 14336 Kbytes of main memory Abort at 0x10B1F3C (PC) > ‫ را ﺑﻪ 2412×0 ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ ﺗﺎ در ﺑﻮت ﺑﻌﺪي روﺗﺮ از ﻃﺮﯾﻖ‬configuration register ‫2. اﮐﻨﻮن ﻣﺤﺘﻮاي‬ .‫ ﻣﻮرد ﭘﺮدازش ﻗﺮار ﻧﮕﯿﺮد‬Nvram ‫ ﺑﻮت ﺷﻮد و ﻣﺤﺘﻮاي‬IOS >o/r 0x2142 >i privileged ‫3. راه اول:ﭘﺲ از ﺑﻮت ﺷﺪن روﺗﺮ ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ روﺑﺮو ﻣﯿﺸﻮد ، ﺑﺎ ورود ﺑﻪ ﻣﺤﯿﻂ‬ running configuration ‫ را ﺑﻪ‬startup configuration ‫ ، ﻣﺤﺘﻮاي‬en ‫ از ﻃﺮﯾﻖ ﺗﺎﯾﭗ ﮐﺮدن‬mode ‫ از ﻃﺮﯾﻖ‬Nvram ‫ﮐﭙﯽ ﻣﯿﮑﻨﯿﻢ و ﭘﺲ از ان ﭘﺴﻮردﻫﺎ را ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ در ﻧﻬﺎﯾﺖ ﻫﻢ ذﺧﯿﺮه ﺗﻐﯿﯿﺮات در‬ .‫ اﻧﺠﺎم ﻣﯿﮕﯿﺮد‬copy run start --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! Router>enable Router#copy start run Destination filename [running-config]? 506 bytes copied in 3.868 secs (168 bytes/sec) ARCVRSR01#configure terminal ARCVRSR01(config)#enable secret NEWENABLEPASSWORD ARCVRSR01(config)#line con 0 ARCVRSR01(config-if)#password NEWPASSWORD ARCVRSR01(config-if)#end ARCVRSR01#copy run start Destination filename [startup-config]? Building configuration... [OK] ARCVRSR01# ‫ وارد ﻣﯽ ﺷﻮﯾﻢ اﻣﺎ‬privileged mode ‫ ﺑﻪ ﻣﺤﯿﻂ‬IOS ‫4. راه دوم : ﻫﻤﺎﻧﻨﺪ روش ﻗﺒﻠﯽ ﭘﺲ از ﺑﻮت از ﻃﺮﯾﻖ‬ ‫ را ﭘﺎك ﻣﯿﮑﻨﯿﻢ‬Nvram ‫اﯾﻨﺒﺎر ﻣﺤﺘﻮاي‬ --- System Configuration Dialog --- Page 53 of 290
Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! Router>enable Router#write erase Erasing the nvram filesystem will remove all files! Continue? [confirm] [OK] Erase of nvram: complete Router# ‫ را ﺑﻪ‬configuration register ‫ ﻣﺤﺘﻮاي‬Nvram ‫5. در ﻫﺮ دو ﺣﺎﻟﺖ ﭘﺲ از رﯾﺴﺖ ﮐﺮدن ﭘﺴﻮرد ﯾﺎ ﭘﺎك ﮐﺮدن‬ .‫ ﺑﻮت ﺧﻮاﻫﺪ ﺷﺪ‬Nvram ‫2012×0 ﺑﺮ ﻣﯿﮕﺮداﻧﯿﻢ ﺑﺎ رﯾﺒﻮت ﺑﻌﺪي ﺳﯿﺴﺘﻢ از ﻃﺮﯾﻖ ﺧﻮاﻧﺪن ﻣﺤﺘﻮاي‬ Router#configure terminal Router(config)#config-register 0x2102 Router(config)#end Page 54 of 290
‫آزﻣﺎﯾﺶ 2.2-ﭘﺴﻮرد رﯾﮑﺎوري روﺗﺮﻫﺎي ﺳﺮي 0062‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻓﺮاﯾﻨﺪ ﭘﺴﻮرد رﯾﮑﺎوري روﺗﺮﻫﺎي ﺳﺮي 0062, 0083 ,0082 ,0081 ,0073 ,0063 ,0071و ‪ISR‬‬ ‫2‪G‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد در دﻧﯿﺎي واﻗﻌﯽ‬ ‫روﺗﺮﻫﺎي ﺳﺮي 0062 ﭘﺮﮐﺎرﺑﺮد ﺗﺮﯾﻦ ﻧﻤﻮﻧﻪ ﻫﺎ در ﻣﺤﯿﻄﻬﺎ آزﻣﺎﯾﺸﮕﺎﻫﯽ ﻫﺴﺘﻨﺪ و در ﻋﯿﻦ ﺣﺎل ﻣﯽ ﺗﻮان آﻧﻬﺎ را در‬ ‫ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﻧﯿﺰ ﺑﻪ وﻓﻮر ﻣﺸﺎﻫﺪه ﮐﺮد ، ﻣﺼﺪاق ﺟﻤﻠﻪ اﮔﻪ ﮐﺎر ﻣﯿﮑﻨﻪ ﺑﻬﺶ دﺳﺖ ﻧﺰن! دﺳﺘﻮراﻟﻌﻤﻠﻬﺎي اراﺋﻪ ﺷﺪه‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﻗﺎﺑﻞ اﻋﻤﺎل ﺑﺮ روي ﺗﻘﺮﯾﺒﺎ ﻫﻤﻪ روﺗﺮﻫﺎي اﻣﺮوزي ﻣﯽ ﺑﺎﺷﺪ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ 0062 ﯾﺎ ﺟﺪﯾﺪﺗﺮ ﺑﺎ ﭘﺴﻮرد ﻧﺎﻣﻌﻠﻮم‬ ‫‪‬‬ ‫ارﺗﺒﺎط ﺑﺮﻗﺮار ﺑﺎ ﭘﻮرت ﮐﻨﺴﻮل دﺳﺘﮕﺎه‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﻣﺘﻮﻗﻒ ﮐﺮدن ﻓﺮاﯾﻨﺪ ﺑﻮت دﺳﺘﮕﺎه و ورود ﺑﻪ ‪rom monitor mode‬‬ ‫ﺗﻐﯿﯿﺮ ﻣﺤﺘﻮاي ‪ configuration register‬ﺑﻪ 2412×0 ﺟﻬﺖ ‪ Bypass‬ﮐﺮدن ﻣﺤﺘﻮاي ‪ Nvram‬در ﻫﻨﮕﺎم‬ ‫ﺑﻮت و ﭘﺲ از آن ﭘﯿﮑﺮﺑﻨﺪي ﻣﺠﺪد روﺗﺮ‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺑﺎ ﯾﮏ روﺗﺮ ‪ 2651 XM‬روﺑﺮو ﻫﺴﺘﯿﻢ ﮐﻪ داري ﭘﺴﻮرد ﮐﻨﺴﻮل ﻧﺎﻣﻌﯿﻨﯽ اﺳﺖ.ﺑﺎ ﭼﻨﯿﻦ ﭘﺴﻮردي و ﺑﺪون داﻧﺴﺘﻦ آن‬ ‫ﻗﺎدر ﺑﻪ ورود ﺑﻪ ﻣﺤﯿﻂ ‪ Exec mode‬ﻧﯿﺴﺘﯿﻢ، ﺑﺎ ﭼﻨﯿﻦ ﺳﻨﺎرﯾﻮﯾﯽ در ﻫﻨﮕﺎم ﺧﺮﯾﺪ ادوات دﺳﺖ دوم زﯾﺎد ﺑﺮﺧﻮرد‬ ‫ﻣﯿﮑﻨﯿﻢ.‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪User Access Verification‬‬ ‫:‪Password‬‬ ‫092 ‪Page 55 of‬‬
‫روﺗﺮ را روﺷﻦ ﻣﯿﮑﻨﯿﻢ ﺗﺎ ﻓﺮاﯾﻨﺪ ﺑﻮت آﻏﺎز ﺷﻮد ، در اﯾﻦ ﺣﯿﻦ ﻧﯿﺎز اﺳﺖ ﺗﺎ ﻓﺮاﯾﻨﺪ ﺑﻮت ﺑﻪ ﺻﻮرت ﻧﺮﻣﺎل ﻣﺘﻮﻗﻒ‬ .1 ‫ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ ﺗﺎ ﺑﻪ‬Ctrl+Puse Breake ‫ ﺑﺎﻻ ﺑﯿﺎﯾﺪ ، اﯾﻨﮑﺎر را ﻓﺸﺮدن ﻣﮑﺮر‬bootrom ‫ﺷﻮد و روﺗﺮ ﺑﺎ‬ .‫ وارد ﺷﻮﯾﻢ‬bootrom ‫ﻣﺤﯿﻂ‬ System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1) Copyright (c) 2003 by cisco Systems, Inc. C2600 platform with 262144 Kbytes of main memory monitor: command "boot" aborted due to user interrupt rommon 1 > ‫ را ﺑﻪ 2412×0 ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ ﺗﺎ در ﺑﻮت ﺑﻌﺪي روﺗﺮ از ﻃﺮﯾﻖ‬configuration register ‫2. اﮐﻨﻮن ﻣﺤﺘﻮاي‬ ‫ ﻣﻮرد ﭘﺮدازش ﻗﺮار ﻧﮕﯿﺮد‬Nvram ‫ ﺑﻮت ﺷﻮد و ﻣﺤﺘﻮاي‬IOS rommon 1 >confreg 0x2142 rommon 2 >reset privileged ‫3. راه اول:ﭘﺲ از ﺑﻮت ﺷﺪن روﺗﺮ ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ روﺑﺮو ﻣﯿﺸﻮد ، ﺑﺎ ورود ﺑﻪ ﻣﺤﯿﻂ‬ ‫ ﮐﭙﯽ‬running configuration ‫ ﺑﻪ‬startup configuration ‫ ، ﻣﺤﺘﻮاي‬en ‫ از ﻃﺮﯾﻖ ﺗﺎﯾﭗ ﮐﺮدن‬mode copy ‫ از ﻃﺮﯾﻖ‬Nvram ‫ﻣﯿﮑﻨﯿﻢ و ﭘﺲ از ان ﭘﺴﻮردﻫﺎ را ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ در ﻧﻬﺎﯾﺖ ﻫﻢ ذﺧﯿﺮه ﺗﻐﯿﯿﺮات در‬ run start --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! Router>enable Router#copy start run Destination filename [running-config]? 506 bytes copied in 3.868 secs (168 bytes/sec) IMAROUTER#configure terminal IMAROUTER(config)#enable secret NEWENABLEPASSWORD IMAROUTER(config)#line con 0 IMAROUTER(config-if)#password NEWPASSWORD IMAROUTER(config-if)#end IMAROUTER#copy run start Destination filename [startup-config]? Building configuration... [OK] IMAROUTER# Page 56 of 290
‫ وارد ﻣﯽ ﺷﻮﯾﻢ اﻣﺎ‬privileged mode ‫ ﺑﻪ ﻣﺤﯿﻂ‬IOS ‫4. راه دوم : ﻫﻤﺎﻧﻨﺪ روش ﻗﺒﻠﯽ ﭘﺲ از ﺑﻮت از ﻃﺮﯾﻖ‬ ‫ را ﭘﺎك ﻣﯿﮑﻨﯿﻢ‬Nvram ‫اﯾﻨﺒﺎر ﻣﺤﺘﻮاي‬ --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! Router>enable Router#write erase Erasing the nvram filesystem will remove all files! Continue? [confirm] [OK] Erase of nvram: complete Router# ‫ را ﺑﻪ‬configuration register ‫ ﻣﺤﺘﻮاي‬Nvram ‫5. در ﻫﺮ دو ﺣﺎﻟﺖ ﭘﺲ از رﯾﺴﺖ ﮐﺮدن ﭘﺴﻮرد ﯾﺎ ﭘﺎك ﮐﺮدن‬ .‫ ﺑﻮت ﺧﻮاﻫﺪ ﺷﺪ‬Nvram ‫2012×0 ﺑﺮ ﻣﯿﮕﺮداﻧﯿﻢ ﺑﺎ رﯾﺒﻮت ﺑﻌﺪي ﺳﯿﺴﺘﻢ از ﻃﺮﯾﻖ ﺧﻮاﻧﺪن ﻣﺤﺘﻮاي‬ Router#configure terminal Router(config)#config-register 0x2102 Router(config)#end Page 57 of 290
‫آزﻣﺎﯾﺶ 3.2 – ﭘﺴﻮد رﯾﮑﺎوري ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻧﺤﻮه ﭘﺴﻮرد رﯾﮑﺎوري ﺳﻮﯾﯿﭽﻬﺎ ﺳﺮي 0573 ,0653 ,0553 ,‪ 2900XL, 2950, 3500XL‬و‬ ‫ﺳﺮﯾﻬﺎي ﻣﺸﺎﺑﻪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد در دﻧﯿﺎي واﻗﻌﯽ‬ ‫در دﻧﯿﺎي واﻗﻊ ﻣﻮاﻗﻊ زﯾﺎدي ﭘﯿﺶ ﻣﯽ آﯾﺪ ﮐﻪ ﭘﺴﻮرد ﺧﺎﺻﯽ ﻓﺮاﻣﻮش ﺷﻮد ، ﻋﻤﻮﻣﺎ ﻫﻢ ﻣﻬﻢ ﻧﯿﺴﺘﻨﺪ ، اﻣﺎ ﻓﺮاﻣﻮش ﮐﺮدن‬ ‫ﭘﺴﻮرد ﺳﻮﯾﯿﭻ ﻣﺮﮐﺰي ﺷﺒﮑﻪ ﻣﯿﺘﻮاﻧﺪ دردﺳﺮ ﺳﺎز ﺑﺎﺷﺪ.ﺑﺮﺧﻼف روﺗﺮﻫﺎ ، ﺑﻪ ﻣﻨﻈﻮر اﻧﺠﺎم ﻓﺮاﯾﻨﺪ ﭘﺴﻮرد رﯾﮑﺎروي ﺷﻤﺎ‬ ‫ﺣﺘﻤﺎ ﺑﺎﯾﺪ ﻧﺰدﯾﮏ ﺳﻮﯾﯿﭻ ﺣﻀﻮر داﺷﺘﻪ ﺑﺎﺷﯿﺪ ﺣﺘﯽ دﺳﺘﺮﺳﯽ از راه دور ﺑﻪ ﮐﺎﻣﭙﯿﻮﺗﺮي ﮐﻪ اﺗﺼﺎل ﮐﻨﺴﻮل ﺳﻮﯾﯿﭻ از‬ ‫ﻃﺮﯾﻖ ان ﺑﺮﻗﺮار ﻣﯽ ﺑﺎﺷﺪ ﻧﯿﺰ ﮐﺎرﺳﺎز ﻧﯿﺴﺖ ﺑﻪ اﯾﻦ ﻋﻠﺖ ﮐﻪ ﻃﯽ اﯾﻦ ﻓﺮاﯾﻨﺪ ﻧﯿﺎز اﺳﺖ ﮐﺎﺑﻞ ﺑﺮق ﺳﻮﯾﯿﭻ از آن ﺟﺪا ﺷﺪه‬ ‫و دﮐﻤﻪ ‪ Mode‬ﻧﯿﺰ ﺑﺮاي ﻣﺪﺗﯽ ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻪ ﺷﻮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﺗﺼﺎل ﺑﻪ ﭘﻮرت ﮐﻨﺴﻮل ﺳﻮﯾﯿﭻ‬ ‫ﺣﻀﻮر داﺷﺘﻦ در ﻣﺤﻞ ﻗﺮارﮔﯿﺮي ﺳﻮﯾﯿﭻ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ورود ﺑﻪ ﻣﺤﯿﻂ ‪ SWITCH ROM‬ﺑﺎ از ﺑﺮق ﮐﺸﯿﺪن و ﻣﺠﺪدا وﺻﻞ ﮐﺮدن آن در ﺣﯿﻦ ﻧﮕﻬﺪاﺷﺘﻦ دﮐﻤﻪ‬ ‫‪Mode‬‬ ‫ﺗﻐﯿﯿﺮ ﻧﺎم ‪ configuration file‬ﻣﻮﺟﻮد در ﻓﻠﺶ ﺑﻪ ﻧﺎم دﯾﮕﺮي ﻫﻤﭽﻮن ‪config.old‬‬ ‫ﺑﻮت ﻣﺠﺪد ﺳﻮﯾﯿﭻ و ﮐﭙﯽ ‪ flash:config.old‬ﺑﻪ ﺟﺎي ‪Runing config‬‬ ‫ﮐﭙﯽ ‪ Runing config‬ﺑﻪ ‪Nvram‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. در ﻣﺮﺣﻠﻪ اول ﺑﻪ ﻣﺤﯿﻂ ‪ SWITCH ROM‬از ﻃﺮﯾﻖ ﻧﮕﻪ داﺷﺘﻦ دﮐﻤﻪ ‪ MODE‬روي ﭘﻨﻞ دﺳﺘﮕﺎه و روﺷﻦ‬ ‫ﮐﺮدن دﺳﺘﮕﺎه از ﻃﺮﯾﻖ اﺗﺼﺎل ﻣﺠﺪد ﮐﺎﺑﻞ ﺑﺮق وارد ﻣﯽ ﺷﻮﯾﻢ ﺑﺴﺘﻪ ﺑﻪ ﻧﻮع ﺳﻮﯾﯿﭻ، دﮐﻤﻪ ‪ MODE‬ﻧﯿﺎز ﺑﻪ‬ ‫زﻣﺎﻧﻬﺎي ﻣﺨﺘﻠﻔﯽ ﺑﺮاي ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻪ ﺷﺪن دارد ﭘﺲ ﻫﻤﯿﻨﻄﻮر اﯾﻦ دﮐﻤﻪ را ﭘﺎﯾﯿﻦ ﻧﮕﻪ دارﯾﺪ ﺗﺎ ﺗﻮﺿﯿﺤﺎت‬ ‫ﺑﻌﺪي! .ﺟﺪول زﯾﺮ ﻣﺪت زﻣﺎن ﻻزم ﺟﻬﺖ ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻦ دﮐﻤﻪ ‪ MODE‬را در ﺳﻮﯾﯿﭻ ﻫﺎي ﻣﺨﺘﻠﻒ ﻧﺸﺎن‬ ‫ﻣﯿﺪﻫﺪ‬ ‫092 ‪Page 58 of‬‬
MODE ‫ ﻫﺎ و ﻣﺪت زﻣﺎن ﻻزم ﺟﻬﺖ ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻦ دﮐﻤﻪ‬Led ‫رﻓﺘﺎر‬ ‫ﻧﻮع ﺳﻮﯾﯿﭻ‬ ‫ ﺧﺎﻣﻮش ﻧﺸﺪه ﭘﺎﯾﻦ ﻧﮕﻪ داﺷﺘﻪ ﺷﻮد‬FA0/1 ‫ ﭘﻮرت‬LED ‫ﺗﺎ زﻣﺎﻧﯽ ﮐﻪ‬ 2900XL, 3500XL, 3550 ‫ زرد ﭼﺸﻤﮏ‬Syst LED ‫ ﺧﺎﻣﻮش ﺷﺪ آﻧﺮا رﻫﺎ ﮐﻨﯿﺪ.ﭘﺲ از رﻫﺎ ﮐﺮدن آن‬Stat LED ‫ﺣﺪودا ﭘﺲ از 5 ﺛﺎﻧﯿﻪ و زﻣﺎﻧﯽ ﮐﻪ‬ ‫زن ﺧﻮاﻫﺪ ﺷﺪ‬ 2940, 2950 Mode ‫ زرد ﭼﺸﻤﮏ زن ﺷﺪ و ﺑﻌﺪ از آن ﮐﺎﻣﻼ ﺳﺒﺰ ﺷﺪ دﮐﻤﻪ را رﻫﺎ ﮐﻨﯿﺪ.ﭘﺲ از رﻫﺎ ﮐﺮدن‬SYST LED ‫ﭘﺲ از اﯾﻨﮑﻪ‬ .‫ ﺳﺒﺰ ﭼﺸﻤﮏ زن ﺧﻮاﻫﺪ ﺷﺪ‬SYST LED ‫ﺣﺎﻟﺖ‬ 2960, 2970 ‫ ﺳﺒﺰ‬SYST LED ‫ را رﻫﺎ ﮐﻨﯿﺪ.ﭘﺲ از رﻫﺎ ﮐﺮدن آن‬Mode ‫ دﮐﻤﻪ‬SYST LED ‫ﺑﻌﺪ از ﺣﺪود 51 ﺛﺎﻧﯿﻪ و ﺳﺒﺰ ﺷﺪن‬ ‫ﭼﺸﻤﮏ زن ﺧﻮاﻫﺪ ﺷﺪ‬ 3560, 3750 ‫ ﺑﺎ ﻋﺒﺎرت ﻫﺎي زﯾﺮ ﻣﻮاﺟﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ‬SWITCH ROM ‫2. ﭘﺲ از ورود ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ ﺑﻪ ﻣﺤﯿﻂ‬ Boot Sector Filesystem (bs) installed, fsid: 2 Base ethernet MAC Address: 00:14:f2:d2:41:80 Xmodem file system is available. The password-recovery mechanism is enabled. The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software: flash_init boot switch: flash_init ‫ ﺷﺪن دارد ﺑﺎ ﺗﺎﯾﭗ دﺳﺘﻮر‬initialize ‫ ﻧﯿﺎز ﺑﻪ‬flash ‫3. در اﯾﻦ ﻣﺮﺣﻠﻪ‬ switch:flash_init Initializing Flash... flashfs[0]: 5 files, 1 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 15998976 flashfs[0]: Bytes used: 12282368 flashfs[0]: Bytes available: 3716608 flashfs[0]: flashfs fsck took 10 seconds. ...done Initializing Flash. switch: Page 59 of 290
‫ ﺑﻪ ﻣﻨﻈﻮر ﭘﯿﺪا ﮐﺮدن ﻓﺎﯾﻞ ﮐﺎﻧﻔﯿﮓ اﺻﻠﯽ ﻟﯿﺴﺖ ﻣﯽ ﮔﯿﺮﯾﻢ.اﯾﻦ ﻓﺎﯾﻞ ﺑﻪ ﻃﻮر ﭘﯿﺶ‬flash ‫4. از ﻓﺎﯾﻠﻬﺎي ﻣﻮﺟﻮد در‬ .‫ ﻧﺎم دارد‬config.text ‫ﻓﺮض‬ switch:dir flash: Directory of flash:/ 1 -rwx 10573494 2 -rwx 684 3 -rwx 1938 4 -rwx 1654 5 -rwx 3096 c3560-advipservicesk9-mz.122-44.SE6.bin vlan.dat private-config.text config.text multiple-fs 3716608 bytes available (10508886 bytes used) switch: ‫ ﺗﻐﯿﯿﺮ ﻧﺎم ﻣﯽ دﻫﯿﻢ‬config.old ‫5. ﻓﺎﯾﻞ ﮐﺎﻧﻔﯿﮓ را ﺑﻪ‬ switch:rename flash:config.text flash:config.old ‫ ﭘﺎك ﮐﺮد‬delete flash:config.text ‫ﻫﻤﯿﻨﻄﻮر ﻣﯿﺘﻮان آﻧﺮا ﺑﺎ دﺳﺘﻮر‬ ‫6. ﭘﺲ از ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﻐﯿﯿﺮ ﻧﺎم ﻓﺎﯾﻞ ﮐﺎﻧﻔﯿﮓ ﺳﻮﯾﯿﭻ را ﻣﺠﺪدا ﺑﻮت ﻣﯿﮑﻨﯿﻢ.و وارد ﻣﺤﯿﻂ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ .‫ﺳﻮﯾﯿﭻ ﻣﯿﺸﻮﯾﻢ‬ --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n Switch> .‫ ﮐﭙﯽ ﻣﯿﮑﻨﯿﻢ‬runnin config ‫ ﮐﺎﻧﻔﯿﮓ ﻗﺪﯾﻤﯽ را ﺑﻪ‬start-up ‫ ﻣﺤﺘﻮاي‬privileged mode ‫7. ﭘﺲ از ورود ﺑﻪ‬ Switch>enable Switch#copy flash:config.old run Destination filename [running-config]? 1654 bytes copied in 9.647 secs (171 bytes/sec) ARSCORESW1# .‫ اﻣﮑﺎن ﺗﻐﯿﯿﺮ ﭘﺴﻮردﻫﺎ ﺳﻮﯾﯿﭻ را ﺧﻮاﻫﯿﻢ داﺷﺖ‬running config ‫8. ﭘﺲ از ﮐﭙﯽ ﺗﻨﻈﯿﻤﺎت ﻗﺪﯾﻤﯽ ﺳﻮﯾﯿﭻ ﺑﻪ‬ Switch#configure terminal Switch(config)#enable password NEWENABLEPASSWORD Switch(config)#line con0 Switch(config-line)#password NEWCONSOLELINEPASSWORD Switch(config-line)#end Switch#copy run start Destination filename [startup-config]? Building configuration... [OK] 0 bytes copied in 1.309 secs (0 bytes/sec) Switch# Page 60 of 290
‫آزﻣﺎﯾﺶ 4.2-آﺷﻨﺎﯾﯽ ﺑﺎ ﺻﻔﺤﻪ اوﻟﯿﻪ ﺗﻨﻈﯿﻤﺎت ﺳﻮﯾﯿﭻ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻈﯿﻤﺎت ﭘﺎﯾﻪ ﺳﻮﯾﯿﭻ ﻣﺎﻧﻨﺪ ‪ IP address,Hostname‬و ﺗﻌﺪادي دﯾﮕﺮ از ﻃﺮﯾﻖ ﺻﻔﺤﻪ‬ ‫اوﻟﯿﻪ ﺗﻨﻈﯿﻤﺎت ﺳﻮﯾﯿﭻ/روﺗﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﺳﻮﯾﯿﭻ/روﺗﺮ و ﭘﯿﺎﻣﻬﺎ و ﺳﻮاﻻت آن از ﺟﻤﻠﻪ ﺻﻔﺤﺎت آذار دﻫﻨﺪه ﻣﺘﺨﺼﺼﯿﻦ ﺷﺒﮑﻪ اﺳﺖ ﭼﻮن‬ ‫ﻋﻤﻮم ﻣﺘﺨﺼﺼﯿﻦ ﺗﻤﺎﯾﻠﯽ ﺑﻪ ﮐﺎﻧﻔﯿﮓ ادوات ﺧﻮد ﺑﺎ اﺳﺘﻔﺎده از ﯾﮏ وﯾﺰارد ﻣﺘﻨﯽ ﻣﺤﺪود ﻧﺪارﻧﺪ. اﻣﺎ ﺑﻪ ﻫﺮ ﺣﺎل ﺟﻬﺖ‬ ‫آزﻣﻮن ‪ ccna‬آﺷﻨﺎﯾﯽ ﺑﺎ آن اﻟﺰاﻣﯽ اﺳﺖ.ﻗﻄﻌﺎ در آﯾﻨﺪه ﻧﺰدﯾﮏ و ﭘﺲ از ﺗﺴﻠﻂ ﺑﻪ دﺳﺘﻮرات ﻣﺮﺑﻮﻃﻪ ﻫﯿﭻ وﻗﺖ از اﯾﻦ‬ ‫ﻣﺤﯿﻂ اﺳﺘﻔﺎده ﻧﺨﻮاﻫﯿﺪ ﮐﺮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫راه اﻧﺪازي ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪ Gns‬و ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ آن‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫آﺷﻨﺎي ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ/ﺳﻮﯾﯿﭻ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﭘﺲ از ﺧﺮﯾﺪاري و روﺷﻦ ﮐﺮدن ﯾﮏ دﺳﺘﮕﺎه ﺳﻮﯾﯿﭻ/روﺗﺮ ﺳﯿﺴﮑﻮ اوﻟﯿﻦ ﺻﻔﺤﻪ اي ﮐﻪ ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت‬ ‫اوﻟﯿﻪ دﺳﺘﮕﺎه اﺳﺖ.اﯾﻦ ﺻﻔﺤﻪ ﻫﻤﯿﻨﻄﻮر ﻫﻨﮕﺎم ﺑﻮت دﺳﺘﮕﺎه ﭘﺲ از اﺟﺮاي دﺳﺘﻮر ‪ erase‬ﮐﻪ ﺑﺎﻋﺚ ﭘﺎك ﺷﺪن ‪Nvram‬‬ ‫ﻣﯿﺸﻮد ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد.‬ ‫در ﮐﺪ زﯾﺮ ﻣﺤﺘﻮاي اﯾﻦ ﺻﻔﺤﻪ را در ﺑﻮت اوﻟﯿﻪ دﺳﺘﮕﺎه ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ.‬ ‫-- ‪--- System Configuration Dialog‬‬‫‪Would you like to enter the initial configuration dialog? [yes/no]: yes‬‬ ‫ﭘﺲ از اﻧﺘﺨﺎب ‪ yes‬وﻧﻤﺎﯾﺶ ﻣﺤﯿﻂ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ، ﻣﺮاﺣﻞ ﺗﻨﻈﯿﻢ ﺑﻪ ﺻﻮرت ﺳﻮال و ﺟﻮاﺑﻬﺎي ﻣﺘﻮاﻟﯽ ﺑﺎ ﺗﻮﺿﯿﺤﺎت‬ ‫ﻣﺨﺘﺼﺮي ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد.‬ ‫.‪At any point you may enter a question mark '?' for help‬‬ ‫.‪Use ctrl-c to abort configuration dialog at any prompt‬‬ ‫.'][' ‪Default settings are in square brackets‬‬ ‫092 ‪Page 61 of‬‬
Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system Would you like to enter basic management setup? [yes/no]: yes ‫ را از ﻣﺎ‬Terminal password ‫ و‬Enable secret ‫ و‬Hostname ‫ اﻃﻼﻋﺎت ﻻزم ﺟﻬﺖ ﺗﻨﻈﻤﯿﺎت‬yes ‫ﭘﺲ از اﻧﺘﺨﺎب‬ ‫اﺧﺬ ﺧﻮاﻫﺪ ﮐﺮد‬ Configuring global parameters: Enter host name [Router]: R1 The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: CISCO The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images. Enter enable password: cisco The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: cisco ‫ ﭘﺮوﺗﮑﻞ اﺳﺘﺎﻧﺪاري اﺳﺖ ﮐﻪ ادوات ﻓﻌﺎل در‬SNMP .‫ ﻣﻮاﺟﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ‬SNMP ‫ﺑﻌﺪ از ﺗﻈﯿﻤﺎت ﻓﻮق ﺑﺎ ﭘﯿﻐﺎم ﻓﻌﺎل ﺳﺎزي‬ .‫ﺷﺒﮑﻪ ﺑﻪ واﺳﻄﻪ آن ﻣﺎﻧﯿﺘﻮ و ﯾﺎ ﭘﯿﮑﺮ ﺑﻨﺪي ﻣﯿﺸﻮﻧﺪ‬ Configure SNMP Network Management? [no]: yes Community string [public]: COMMUNITYSTRINGGOESHERE ‫ واﻗﻊ‬Management network ‫ دﻫﯽ ﺑﻪ ﯾﮑﯽ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي دﺳﺘﮕﺎه ﮐﻪ در‬IP ‫ ﻧﻮﺑﺖ ﺑﻪ‬SNMP ‫ﭘﺲ از ﭘﯿﮑﺮﺑﻨﺪي‬ ‫ﺷﺪه)در آن رﻧﺞ ﻗﺮار دارد( ﻣﯿﮑﻨﯿﻢ.در ﻧﻈﺮ داﺷﺘﻪ ﺑﺎﺷﯿﺪ ﮐﻪ ﺑﺎﯾﺪ ﻧﺎم اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ ﻃﻮر ﮐﺎﻣﻞ ﻧﻮﺷﺘﻪ ﺷﻮد‬ Current interface summary Any interface listed with OK? value "NO" does not have a valid configuration Interface Interface FastEthernet0/0 FastEthernet0/1 Serial1/0 Serial1/1 Serial1/2 Serial1/3 IP-Address IP-Address unassigned unassigned unassigned unassigned unassigned unassigned OK? OK? NO NO NO NO NO NO Method Method unset unset unset unset unset unset Status Status up up up up up up Protocol Protocol up up down down down down Page 62 of 290
Enter interface name used to connect to the management network from the above interface summary: FastEthernet0/0 .‫ ﻣﯽ رﺳﺪ‬IP ‫ﺑﻪ ﻣﺤﺾ اﯾﻨﮑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺮﺑﻮط ﺑﻪ ﻣﺪﯾﺮﯾﺖ دﺳﺘﮕﺎه را اﻧﺘﺨﺎب ﮐﺮدﯾﻢ ﻧﻮﺑﺖ ﺑﻪ ﺗﻨﻈﯿﻢ ﭘﺎراﻣﺘﺮﻫﺎي‬ Configuring interface FastEthernet0/0: Operate in full-duplex mode? [no]: Configure IP on this interface? [yes]: IP address for this interface: 10.1.1.1 Subnet mask for this interface [255.0.0.0] : 255.255.255.0 Class A network is 10.0.0.0, 24 subnet bits; mask is /24 Running ‫ﺧﻮب،ﭘﺲ از اﺗﻤﺎم ﻣﺮاﺣﻞ ﺑﺎﻻ روﺗﺮ/ﺳﻮﯾﯿﭻ ﮐﺪ ﮐﺎﻧﻔﯿﮓ ﻫﺎي اﻧﺠﺎم ﺷﺪه روي دﺳﺘﮕﺎه ﯾﺎ ﺑﻪ ﺑﯿﺎن دﯾﮕﺮ‬ :‫ را ﺑﻪ ﻣﺎ ﻧﻤﺎﯾﺶ ﻣﯽ دﻫﺪ ﺑﻪ ﻗﺮار زﯾﺮ‬config The following configuration command script was created: hostname R1 enable secret 5 $1$kGQ2$tr6bd7mW9zjqzfkUHhnCE0 enable password cisco line vty 0 4 password cisco no snmp-server ! no ip routing ! interface FastEthernet0/0 no shutdown half-duplex ip address 10.1.1.1 255.255.255.0 no mop enabled ! interface FastEthernet0/1 shutdown no ip address ! interface Serial1/0 shutdown no ip address ! interface Serial1/1 shutdown no ip address ! interface Serial1/2 shutdown no ip address ! interface Serial1/3 shutdown no ip address ! Page 63 of 290
end ‫ﭘﺲ از ﻣﺮﺣﻠﻪ ﺑﺎﻻ ﺳﯿﺴﺘﻢ در ﺧﺼﻮص ذﺧﯿﺮه ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ ﺳﻮال ﺧﻮاﻫﺪ ﭘﺮﺳﯿﺪ. ﻋﺪد 2 را ﺟﻬﺖ ذﺧﯿﺮه‬ ‫ اﻧﺘﺨﺎب ﻣﯿﮑﻨﯿﻢ‬startup config ‫ﺗﻨﻈﯿﻤﺎت در‬ [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit. Enter your selection [2]: 2 The enable password you have chosen is the same as your enable secret. This is not recommended. Re-enter the enable password. Building configuration... Use the enabled mode 'configure' command to modify this configuration. % Crashinfo may not be recovered at bootflash:crashinfo % This file system device reports an error Press RETURN to get started! R1> Page 64 of 290
‫آزﻣﺎﯾﺶ 5.2 – آﺷﻨﺎﯾﯽ ﺑﺎ ‪ CLI‬ﺳﯿﺴﮑﻮ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺧﻮاﻫﯿﻢ آﻣﻮﺧﺖ ﭼﮕﻮﻧﻪ وارد ﺣﺎﻟﺘﻬﺎي ﻣﺨﺘﻠﻒ ﺧﻂ ﻓﺮﻣﺎن ادوات ﺳﯿﺴﮑﻮ ﺷﻮﯾﻢ ﺣﺎﻟﺘﻬﺎي ‪User‬‬ ‫‪ mode,Privileged mode,Global configuration mode‬و ﭼﻨﺪ ﺣﺎﻟﺖ دﯾﮕﺮ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﻬﻨﺪس ﺷﺒﮑﻪ ﺳﯿﺴﺴﮑﻮ ﻧﯿﺰا دارﯾﺪ ﺗﺎ ﺑﺎ وﯾﮋﮔﯿﻬﺎي ﻣﺤﯿﻂ ‪ CLI‬ادوات ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺷﻮﯾﺪ زﯾﺮا ﺗﻤﺎﻣﯽ‬ ‫ادوات ﺳﯿﺴﮑﻮ از اﯾﻦ ﻃﺮﯾﻖ ﭘﯿﮑﺮﺑﻨﺪي ﻣﯽ ﺷﻮﻧﺪ،اﮔﺮﭼﻪ ﻋﻨﺎوﯾﻦ ﻣﺨﺘﻠﻔﯽ از راﺑﻂ ﮐﺎرﺑﺮﻫﺎي ﮔﺮاﻓﯿﮑﯽ ﻫﻤﭽﻮن‬ ‫‪ ASDM,PDM‬ﺟﻬﺖ ﮐﺎﻧﻔﯿﮓ ادوات ﻣﺨﺘﻠﻒ وﺟﻮد دارد اﻣﺎ اﺳﺘﻔﺎده اﻧﻬﺎ در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻠﯿﺎﺗﯽ ﺟﺪي ﭼﻨﺪان ﺗﻮﺻﯿﻪ‬ ‫ﻧﻤﯿﺸﻮد و ﻣﻮﺟﺒﺎت در ﻫﻢ ﮐﺸﯿﺪه ﺷﺪن اﺧﻤﻬﺎي ﻣﻬﻨﺪﺳﯿﻦ ﻣﺠﺮب ﺳﯿﺴﮑﻮ ﻫﻨﮕﺎﻣﯽ ﮐﻪ از ﻃﺮﯾﻖ ‪ CLI‬ﺑﻪ ﺑﺮرﺳﯽ‬ ‫ﮐﺎﻧﻔﯿﮕﻬﺎ ﻣﯽ ﭘﺮدازﻧﺪ ﻣﯿﺸﻮد.‬ ‫اﻧﺘﻈﺎر ﻣﯽ رود ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﺘﺨﺼﺺ ﺳﯿﺴﮑﻮ در آﯾﻨﺪه ﻧﺰدﯾﮏ ﻗﺎدر ﺑﻪ ﮐﺎر ﺑﺎ ﻣﻮدﻫﺎي ﮐﺎﻧﻔﯿﮓ ادوات ﺳﯿﺴﮑﻮ ﻣﺎﻧﻨﺪ :‬ ‫,‪User Mode, Privileged Mode, Global Configuration Mode, Interface Configuration Mode‬‬ ‫‪Router Configuration Mode, VLAN Database Configuration Mode, Access-List‬‬ ‫‪ Configuration Mode Mode ,Line Configuration Mode‬ﺑﺎﺷﯿﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪ ‬راه اﻧﺪازي ﯾﮏ ﻋﺪد روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫آﺷﻨﺎﯾﯽ ﺑﻪ ﻣﻮدﻫﺎي ﻣﺨﺘﻠﻒ ‪ CLI‬در ادوات ﺳﯿﺴﮑﻮ ﻣﺒﺘﻨﯽ ﺑﺮ ‪IOS‬‬ ‫آﺷﻨﺎﯾﯽ ﺑﺎ ﮐﻠﯿﺪﻫﺎي ﺗﺮﮐﯿﺒﯽ در ﻣﺤﯿﻂ ‪CLI‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ‪ : User mode‬اوﻟﯿﻦ ﻣﻮدي اﺳﺖ ﮐﻪ ﭘﺲ از وارد ﮐﺮدن اﻃﻼﻋﺎت اﺣﺮاز ﻫﻮﯾﺖ و ﻓﺸﺮدن ﮐﻠﯿﺪ ‪ enter‬وارد آن‬ ‫ﻣﯿﺸﻮﯾﻢ.دراﯾﻦ ﻣﻮد ﻋﻤﻮم دﺳﺘﻮراﺗﯽ ﮐﻪ ﻗﺎﺑﻞ اﺟﺮا ﻫﺴﺘﻨﺪ ﻣﺎﻫﯿﺖ اﻃﻼع رﺳﺎﻧﯽ دارﻧﺪ ﻣﺎﻧﺪد دﺳﺘﻮرات‬ ‫092 ‪Page 65 of‬‬
‫ و از اﯾﻦ دﺳﺖ. ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﮐﺪ زﯾﺮ‬ping,trace route, Show cdp neighbors,show version ‫ ﻗﺮار ﻣﯿﮕﯿﺮﯾﻢ ﮐﻪ ﺑﺎ ﻣﺸﺎﻫﺪه ﻋﻼﻣﺖ ">" ﯾﺎ ﻫﻤﺎن‬CLI ‫ در ﻣﺤﯿﻂ‬enter ‫ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ ﭘﺲ از ﻓﺸﺮدن‬ .‫ﺑﺰرﮔﺘﺮ اﺳﺖ از ﻫﻤﺮاه اﺳﺖ‬ Router con0 is now available Press RETURN to get started. Router> ‫ ﻣﯿﺘﻮان ﺑﺎ ﺗﺎﯾﭗ ؟ ﺑﻪ ﻟﯿﺴﺖ دﺳﺘﻮرات ﻗﺎﺑﻞ اﺟﺮا در آن ﻣﻮد دﺳﺘﺮﺳﯽ ﭘﯿﺪا ﮐﺮد‬CLI ‫در ﻫﺮ ﻟﺤﻈﻪ از ﻣﺤﯿﻂ‬ Router>? Exec commands: access-enable access-profile clear connect crypto disable disconnect emm enable ethernet exit help lat lock login logout mrinfo mstat mtrace name-connection --More-- Create a temporary Access-List entry Apply user-profile to interface Reset functions Open a terminal connection Encryption related commands. Turn off privileged commands Disconnect an existing network connection Run a configured Menu System Turn on privileged commands Ethernet parameters Exit from the EXEC Description of the interactive help system Open a lat connection Lock the terminal Log in as a particular user Exit from the EXEC Request neighbor and version information from a multicast router Show statistics after multiple multicast traceroutes Trace reverse multicast path from destination to source Name an existing network connection ‫ ﭘﺎراﮔﺮاف ﺑﻌﺪي ﻧﻤﺎﯾﺎن ﺧﻮاﻫﺪ ﺷﺪ.در ﺻﻮرﺗﯿﮑﻪ ﻣﺎﯾﻞ ﺑﻪ‬space ‫ﺳﻄﺮ ﺑﻌﺪي و ﺑﺎ ﻓﺸﺮدن‬enter ‫در اﯾﻦ ﻣﺮﺣﻠﻪ ﺑﺎ ﻓﺸﺮدن‬ .‫ را ﻓﺸﺎر دﻫﯿﻢ‬Q ‫ ﺑﺎﺷﯿﻢ ﺑﺎﯾﺪ‬space ‫ﺧﺮوج ازاﯾﻦ ﻟﯿﺴﺖ ﺑﺪون ﻓﺸﺮدن ﻫﺎي ﻣﺘﻮاﻟﯽ‬ ‫ ﻫﺴﺘﯿﻢ ﻣﯿﺘﻮاﻧﯿﻢ ﺳﻄﺢ دﺳﺘﺮﺳﯽ ﺧﻮد را ﺑﺎ ورود ﺑﻪ‬User mode ‫: ﻫﻨﮕﺎﻣﯽ ﮐﻪ در‬Priviledge mode .2 ‫ در ﺻﻮرت ﺳﺖ‬en ‫ اﻓﺰاﯾﺶ دﻫﯿﻢ.ﭘﺲ از ﺗﺎﯾﭗ‬en ‫ ﯾﺎ‬Enable ‫ از ﻃﺮﯾﻖ ﺗﺎﯾﭗ ﻋﺒﺎرت‬Priviledge mode ‫ ﺑﺎﯾﺪ رﻣﺰ ورود ﺑﻪ اﯾﻦ ﻣﻮد را وارد ﻧﻤﺎﯾﯿﻢ.در ﻫﻨﮕﺎم وارد‬Enable secret ‫ ﯾﺎ‬Enable password ‫ﺷﺪه ﺑﻮدن‬ ‫ﮐﺮدن اﯾﻦ رﻣﺰ ﻗﺎدر ﺑﻪ ﻣﺸﺎﻫﺪه ﮐﺎراﮐﺘﺮﻫﺎي وارد ﺷﺪه ﻧﯿﺴﺘﯿﻢ ﺣﺘﯽ ﺑﻪ ﺻﻮرت ﺳﺘﺎره ﻫﺎي ﻣﺘﻮاﻟﯽ‬ Page 66 of 290
Router>enable Password: Router# ‫در اﯾﻦ ﻣﻮد دﺳﺘﻮرات ﻣﺪﯾﺮﯾﺘﯽ ﺟﻬﺖ ﻧﮕﻬﺪاري ﺳﯿﺴﺘﻢ اﺟﺮا ﻣﯿﺸﻮﻧﺪ ﻣﺎﻧﻨﺪ ﻣﻮرد زﯾﺮ‬ Router#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] Router# ‫ وارد ﻣﺤﯿﻂ ﭘﯿﮑﺮﺑﻨﺪي و‬configure terminal ‫ ﻫﺴﺘﯿﻢ ﺑﺎ وادر ﮐﺮدن دﺳﺘﻮر‬Priviledge mode ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ در‬ Acess ‫ ﻧﺎم دارد.ﻻزم ﺑﻪ ذﮐﺮ اﺳﺖ اﯾﻦ ﻣﻮد در‬global configuration mode ‫ﺗﻨﻈﯿﻤﺎت ﺳﯿﺴﺘﻢ ﻣﯿﺸﻮﯾﻢ ﮐﻪ‬ .‫ ﻫﺎي ﺳﯿﺴﮑﻮ وﺟﻮد ﻧﺪارد و ﺑﻪ ﻣﺤﺾ ورود ﺑﻪ اﯾﻦ دﺳﺘﮕﺎه ﮐﻠﯿﻪ ﻓﺮاﻣﯿﻦ ﺑﻪ ﻃﻮر ﻣﺴﺘﻘﯿﻢ اﺟﺮا ﺧﻮاﻫﻨﺪ ﺷﺪ‬server Router#configure terminal Enter configuration commands, one per line. Router(config)# End with CNTL/Z. ‫ ﺑﻪ ﺳﻄﺢ ﻣﺘﻔﺎوﺗﯽ از دﺳﺘﻮرات ﭘﯿﮑﺮﺑﻨﺪي دﺳﺘﺮﺳﯽ ﺧﻮاﻫﯿﻢ داﺷﺖ‬global configuration mode ‫ﭘﺲ از ورود ﺑﻪ‬ ‫ و ﻣﻮارد ﺑﺴﯿﺎري دﯾﮕﺮ‬Access list ، Vlan، ‫ﻫﻤﭽﻮن ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎ‬ Router(config)#interface f0/0 Router(config-if)#router eigrp 1 Router(config-router)#ip access-list extended example_acl_name Router(config-ext-nacl)#line con 0 Router(config-line)# ‫ اﺳﺘﻔﺎده‬Exit ‫ از دﺳﺘﻮر‬user mode ‫ ﺑﻪ‬Privileged ‫ﺑﺮاي ﺧﺮوج از ﻣﻮد ﺟﺎري و ﺑﺎزﮔﺸﺖ ﺑﻪ ﻣﻮد ﻗﺒﻠﯽ ﻓﺮﺿﺎ از‬ .‫ﻣﯿﮑﻨﯿﻢ‬ ‫ﻋﻼوه ﺑﺮ دﺳﺘﻮرات ﻣﺨﺘﺺ ﻫﺮ ﻣﻮد ، ﺗﻌﺪادي دﺳﺘﻮر ﺗﺮﮐﯿﺒﯽ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ﺗﺴﻬﯿﻞ اﻣﻮر در ﻣﺤﯿﻂ ﻣﺘﻨﯽ ﺗﺎﯾﭗ‬ .‫دﺳﺘﻮرات وﺟﻮد دارﻧﺪ ﮐﻪ ﺟﺪول آﻧﻬﺎ را در زﯾﺮ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ Key ESC + F ESC + B ESC + DEL ESC + D ESC + C Page 67 of 290 Result Move insertion point to the beginning of the next word. Move insertion point to the beginning of the current word. Erase previous word. Erase word, or section of a word, following the insertion point. Capitalize letter following the insertion point.
ESC + U Change next word or word section to all UPPERCASE letters. ESC + L Change next word or word section to all lowercase letters. CTRL + A Move insertion point to the beginning of the line. CTRL + E Move insertion point to the end of the line. CTRL + Erase entire command line you’re working on (to the insertion point’s left). CTRL + T Transpose previous two characters. CTRL + K Erase from the cursor to the start of the command line. CTRL + R Search the list of commands incrementally based on what you type. Tab Complete the path or filename. UP Arrow List previous commands up. DOWN Arrow List previous commands down. Page 68 of 290
‫آزﻣﺎﯾﺶ 6.2 - ﺗﻨﻈﯿﻢ ‪ IP Adress‬روي ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻧﺤﻮه ﺗﻨﻈﯿﻢ ‪ Ip address‬اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ادوات ﺳﯿﺴﮑﻮ از ﻃﺮﯾﻖ ‪ Cli‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﺘﺨﺼﺺ آﯾﻨﺪه ﺳﯿﺴﮑﻮ! ﻻزم اﺳﺖ ﺑﺎ ﻧﺤﻮه ﺗﻨﻈﯿﻢ ‪ ip‬روي اﻧﻮاع ﻣﺨﺘﻠﻒ اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎي ادوات ﺳﯿﺴﮑﻮ‬ ‫آﺷﻨﺎ ﺑﺎﺷﯿﺪ.ﺗﺨﺼﯿﺺ ‪ IP‬ﺑﻪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺟﺰء اوﻟﯿﻦ اﻟﺰاﻣﺎت راه اﻧﺪازي ادوات ﺳﯿﺴﮑﻮ در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﻣﯽ ﺑﺎﺷﺪ‬ ‫،ذﮐﺮ اﯾﻦ ﻧﮑﺘﻪ ﺣﺎﺋﺰ اﻫﻤﯿﺖ اﺳﺖ ﮐﻪ ﺑﻪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺑﯿﺶ از ﯾﮏ ‪ IP‬ﻣﯽ ﺗﻮان ﻣﻨﺘﺴﺐ ﻧﻤﻮد‬ ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ 42/452.15.432.01 ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ 0/0‪ FastEthernet‬ﺑﻪ ﻋﻨﻮان ‪Primary IP Address‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ 42/452.84.72.271 ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ 0/0‪ FastEthernet‬ﺑﻪ ﻋﻨﻮان ‪Secondary IP Address‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﻓﻌﺎل ﺳﺎزي 0/0‪FastEthernet‬‬ ‫ﭼﮏ ﮐﺮدن ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ روي روﺗﺮ از ﻃﺮﯾﻖ ﺑﺮرﺳﯽ ‪running-configuration‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ‬ ‫ﺑﺮاي ﺷﺮوع ﺑﻪ ﻣﻮد ‪ Global configuration‬ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﮐﺪ زﯾﺮ ﻧﻤﺎﯾﺶ داده ﺷﺪه اﺳﺖ وارد ﻣﯽ ﺷﻮﯾﻢ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫.‪End with CNTL/Z‬‬ ‫‪Router>enable‬‬ ‫:‪Password‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫#)‪Router(config‬‬ ‫1. ﺗﺨﺼﯿﺺ 42/452.15.432.01 ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ 0/0‪ FastEthernet‬ﺑﻪ ﻋﻨﻮان ‪ ، Primary IP Address‬ﺑﺮاي‬ ‫اﯾﻨﮑﺎر ﻻزم اﺳﺖ وارد ﻣﺤﯿﻂ ﭘﯿﮑﺮﺑﻨﺪي اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ ﺑﻪ ﻗﺮار زﯾﺮ ﺷﻮﯾﻢ.‬ ‫092 ‪Page 69 of‬‬
Router(config)#interface FastEthernet 0/0 Router(config-if)# .‫ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯽ ﮐﻨﯿﻢ‬ip address n.n.n.h s.s.s.m ‫ از دﺳﺘﻮر‬IP ‫ﺑﺮاي ﺗﺨﺼﯿﺺ‬ Router(config-if)#ip address 10.234.51.254 255.255.255.0 Router(config-if)# FastEthernet0/0 ‫ ﺑﻪ‬Secondary ip ‫2. ﺗﺨﺼﯿﺺ‬ ‫ ﺑﺪون از ﺳﺮوﯾﺲ ﺧﺎرج ﺷﺪن اﯾﻨﺘﺮﻓﯿﺲ ﯾﺎ دﺳﺘﺮﺳﯽ ﻣﺪﯾﺮﯾﺘﯽ‬IP ‫ دوم ﺟﻬﺖ ﻓﺮاﯾﻨﺪﻫﺎي ﺗﻌﻮﯾﺾ‬IP ‫ﻋﻤﻮﻣﺎ از‬ . Mnagement vlan ‫ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد ﻣﺜﻼ ﺗﻌﻮﯾﺾ‬ ‫ در اﻧﺘﻬﺎي‬Secondary ‫ﺑﺮاي ﺗﮑﻤﯿﻞ ﺑﺨﺶ دوم اﯾﻦ آزﻣﺎﯾﺶ ﻧﯿﺎز اﺳﺖ ﻫﻤﺎن دﺳﺘﻮر ﺑﺎﻻ ﺑﻪ ﻫﻤﺮاه ﻋﺒﺎرت‬ .‫دﺳﺘﻮر اﺳﺘﻔﺎده ﮐﺮد‬ Router(config-if)#ip address 172.27.48.254 255.255.255.0 secondary Router(config-if)# FastEthernet0/0 ‫3. ﻓﻌﺎل ﺳﺎزي‬ up ‫ ﻫﺴﺘﻨﺪ ﺑﺮاي ﻓﻌﺎل و‬Administratively Down ‫ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﻫﻤﻪ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي روﺗﺮ در ﺣﺎﻟﺖ‬ ‫ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد‬no shut ‫ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ از دﺳﺘﻮر‬ Router(config-if)#no shutdown Router(config-if)# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, state to up Router(config-if)# changed running-configuration ‫4. ﺑﺮرﺳﯽ ﺗﻨﻈﯿﻤﺎت اﻧﺠﺎم ﺷﺪه از ﻃﺮﯾﻖ‬ ‫ از ﻃﺮﯾﻖ‬privileged mode ‫ﺑﺮاي ﻣﺸﺎﻫﺪه ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ ﭘﺲ از ﺧﺮوج از ﻣﻮد ﻓﻌﻠﯽ و ﺑﺎزﮔﺸﺖ ﺑﻪ‬ ‫ را ﻣﺸﺎﻫﺪه ﻣﯽ ﮐﻨﯿﻢ‬Fa0/0 ‫ ، ﺑﺎ اﺟﺮاي دﺳﺘﻮرات زﯾﺮ ﺗﻨﻈﯿﻤﺎت ﻣﺨﺘﺺ‬Ctl+Z ‫ﻓﺸﺮدن‬ Router(config-if)#^Z %SYS-5-CONFIG_I: Configured from console by console Router#show run interface FastEthernet 0/0 Building configuration... Current configuration : 148 bytes ! interface FastEthernet0/0 ip address 172.27.48.254 255.255.255.0 secondary Page 70 of 290
ip address 10.234.51.254 255.255.255.0 duplex auto speed auto end Router# Page 71 of 290
‫آزﻣﺎﯾﺶ 7.2- ﭘﯿﮑﺮﺑﻨﺪي ﻣﺸﺨﺼﻪ ﻫﺎي وﯾﮋه اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻢ ﭘﺎراﻣﺘﺮﻫﺎي ﻣﺸﺨﺼﻪ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي روﺗﺮ/ﺳﻮﯾﯿﭻ ﻣﺎﻧﻨﺪ ‪ Speed,Duplex,MTU‬و‬ ‫ﭼﻨﺪ ﻣﻮرد دﯾﮕﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺗﻨﻈﯿﻢ ﭘﺎراﻣﺘﺮﻫﺎي ارﺗﺒﺎﻃﯽ ادوات ﺳﯿﺴﮑﻮ اﻣﺮ راﯾﺠﯽ در ﺑﺮﺧﯽ از ﺣﻮزه ﻫﺎي ﺷﺒﮑﻪ ﻣﺜﻞ دﯾﺘﺎﺳﻨﺘﺮﻫﺎ و ﺗﺠﻤﯿﻊ و ﺗﻮزﯾﻊ‬ ‫ﭘﻬﻨﺎي ﺑﺎﻧﺪ ﻣﯽ ﺑﺎﺷﺪ.ﺗﻮﺻﯿﻪ ﻣﯽ ﺷﻮد اﯾﻦ ﺗﻨﻈﯿﻤﺎت ﺑﺮاي اﺗﺼﺎﻻت ‪ node‬ﺑﻪ ‪ node‬ﺑﻪ ﻃﻮر دﺳﺘﯽ و ‪ node‬ﺑﻪ ‪ Host‬ﺑﻪ‬ ‫ﻃﻮر ﺧﻮدﮐﺎر اﻧﺠﺎم ﺷﻮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﺳﺮﻋﺖ 0/0‪ FastEthernet‬ﺑﻪ ‪100Mbps‬‬ ‫ﺗﻨﻈﯿﻢ دوﭘﻠﮑﺲ 0/0‪ FastEthernet‬ﺑﻪ ‪Full‬‬ ‫ﺗﻨﻈﯿﻢ ‪ MTU‬ﺑﻪ ‪1520 bytes‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﭘﻬﻨﺎي ﺑﺎﻧﺪ 0/0‪ FastEthernet‬ﺑﻪ ‪10Mbps‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﺗﺎﺧﯿﺮ 0/0‪ FastEthernet‬ﺑﻪ ‪10ms‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ‪ Mac address‬ﺑﻪ 9‪ca02.0adc.0ef‬‬ ‫ﺗﻨﻈﯿﻢ ‪Keepalives‬‬ ‫ﺗﻨﻈﯿﻢ ‪CDP‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. اوﻟﯿﻦ ﻫﺪف اﯾﻦ آزﻣﺎﯾﺶ ﺗﻨﻈﯿﻢ ﺳﺮﻋﺖ 0/0‪ FastEthernet‬روﺗﺮ ﺑﻪ ‪ 100Mbps‬اﺳﺖ. اﯾﻨﮑﺎر ﺑﺎ اﺳﺘﻔﺎده از‬ ‫دﺳﺘﻮر ‪ speed‬در ﻣﻮد ‪ interface configuration‬ﺑﻪ ﻗﺮار زﯾﺮ اﻧﺠﺎم ﻣﯿﺸﻮد.‬ ‫092 ‪Page 72 of‬‬
Router con0 is now available Press RETURN to get started. Router>enable Password: Router#configure terminal Enter configuration commands, one per line. Router(config)#interface FastEthernet 0/0 Router(config-if)#speed 100 End with CNTL/Z. ‫ ﻧﯿﺰ اﻧﺠﺎم ﭘﺬﯾﺮد.اﯾﻦ ﻣﻮرد ﺗﻮﺳﻂ دﺳﺘﻮر‬duplex ‫2. ﺗﻮﺻﯿﻪ ﻣﯿﺸﻮد ﭘﺲ از ﺗﻨﻈﯿﻢ ﺳﺮﻋﺖ اﯾﻨﺘﺮﻓﯿﺲ ﺗﻨﻈﯿﻤﺎت‬ .‫ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﻧﺠﺎم ﻣﯽ ﺷﻮد‬duplex Router(config-if)#duplex ? auto Enable AUTO duplex configuration full Force full duplex operation half Force half-duplex operation Router(config-if)#duplex full ‫ ﺳﺮوﮐﺎر دارﯾﻢ ﺑﺴﯿﺎر ﻣﻌﻤﻮل اﺳﺖ ﮐﻪ اﻧﺪازه ﻫﺎي‬Ipsec ‫ ﯾﺎ ﺗﺎﻧﻞ ﻫﺎي‬WAN ‫3. ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﺎ ﻟﯿﻨﮑﻬﺎي‬ ‫ ﻫﺴﺖ‬packet encapsulation ‫ را ﮐﻪ ﺑﯿﺎﻧﮕﺮ ﺣﺪاﮐﺜﺮ ﺳﺎﯾﺰ‬Maximum Transmission Unit (MTU) .‫ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬MTU‫را ﺗﻐﯿﯿﺮ دﻫﯿﻢ.ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر از دﺳﺘﻮر‬ Router(config-if)#mtu ? <1500-1530> MTU size in bytes Router(config-if)#mtu 1520 ،10Mbps ‫ ﺑﻪ ﻋﺪد‬FastEthernet0/0 ‫4. ﺗﻨﻈﯿﻢ ﭘﻬﻨﺎي ﺑﺎﻧﺪ‬ Bandwidth ‫ﻣﻔﻬﻮم ﭘﻬﻨﺎي ﺑﺎﻧﺪ را ﺑﺎ ﺳﺮﻋﺖ ﮐﻪ در ﺑﻨﺪ اول اﯾﻦ آزﻣﺎﯾﺶ ﺗﻨﻈﯿﻢ ﮐﺮدﯾﻢ اﺷﺘﺒﺎه ﻧﮕﯿﺮﯾﺪ. دﺳﺘﻮر‬ ‫ﺗﻮﺳﻂ ﭘﺮوﺗﮑﻠﻬﺎي روﺗﯿﻨﮓ ﺑﻪ ﻣﻨﻈﻮر ﻣﺤﺎﺳﺒﻪ ﻣﺘﺮﯾﮏ ﻫﺎي ﻣﺴﯿﺮ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد.اﯾﻦ ﻣﻔﻬﻮم در‬ ‫ﻓﺼﻮل آﺗﯽ ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ‬ Router(config-if)#bandwidth ? <1-10000000> Bandwidth in kilobits inherit Specify that bandwidth is inherited receive Specify receive-side bandwidth Router(config-if)#bandwidth 10000 ، 10000ms ‫5. ﺗﻨﻈﯿﻢ ﺗﺎﺧﯿﺮ ﻟﯿﻨﮏ ﺑﻪ ﻋﺪد‬ Page 73 of 290
‫ﭘﺎراﻣﺘﺮ ﺗﺎﺧﯿﺮ ﻧﯿﺰ ﻣﺎﻧﻨﺪ ﭘﻬﻨﺎي ﺑﺎﻧﺪ از ﺟﻤﻠﻪ ﻓﺎﮐﺘﻮرﻫﺎي ﻣﻬﻢ در ﻣﺤﺎﺳﺒﺎت ﻣﺘﺮﯾﮏ ﻫﺎي روﺗﯿﻨﮓ ﭘﺮوﺗﮑﻠﻬﺎ اﺳﺖ‬ ‫ﺟﺰﺋﯿﺎت اﯾﻦ ﻣﻔﻬﻮم در ﻓﺼﻮل آﺗﯽ ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ و در اﯾﻨﺠﺎ ﺻﺮﻓﺎ ﺑﻪ ﺗﻨﻈﯿﻢ ﮐﺮدن آن‬ .‫ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ Router(config-if)#delay ? <1-16777215> Throughput delay (tens of microseconds) Router(config-if)#delay 10000 Mac address ‫6. ﺗﻨﻈﯿﻢ‬ ‫ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬Mac ‫ در ﺳﻨﺎرﯾﻮﻫﺎﯾﯽ ﻫﻤﭽﻮن اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس‬Mac address ‫ﺗﻐﯿﯿﺮ و ﺗﻨﻈﯿﻢ‬ ‫ اﻣﮑﺎن ﭘﺬﯾﺮ اﺳﺖ‬Mac ‫ﻣﯿﮕﯿﺮد.اﻧﺠﺎم اﯾﻦ ﺗﻐﯿﯿﺮ ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر‬ Router(config-if)#mac ? H.H.H MAC address Router(config-if)#mac ca02.0adc.0ef9 interface ‫ﺑﺮاي ﭼﮏ ﮐﺮدن ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ روي اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد آزﻣﺎﯾﺶ ﺗﺎ اﯾﻨﺠﺎ ﺑﺪون ﺧﺎرج ﺷﺪن از ﻣﻮد‬ ‫ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯽ ﮐﻨﯿﻢ‬do show interface fastethernet0/0 ‫ از دﺳﺘﻮر‬configuration Router(config-if)#do show interface FastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is ca02.0adc.0ef9 ca02.0adc.0008) Internet address is 10.234.51.254/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 663 packets output, 69307 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 unknown protocol drops (bia Page 74 of 290
‫‪0 babbles, 0 late collision, 0 deferred‬‬ ‫‪0 lost carrier, 0 no carrier‬‬ ‫‪0 output buffer failures, 0 output buffers swapped out‬‬ ‫#)‪Router(config-if‬‬ ‫7. ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ‪Keepalives‬‬ ‫‪ Keepalive‬ﯾﮏ ﻓﺮﯾﻢ ﻻﯾﻪ دو اﺳﺖ ﮐﻪ از اﯾﻨﺘﺮﻓﯿﺲ دﺳﺘﮕﺎه اول ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ دﺳﺘﮕﺎه آﻧﺴﻮي ﻟﯿﻨﮏ ارﺳﺎل‬ ‫ﻣﯽ ﺷﻮد ﺗﺎ از ﺑﺮﻗﺮاري ﻟﯿﻨﮏ ﻓﯽ ﻣﺎﺑﯿﻦ اﻃﻤﯿﻨﺎن ﺣﺎﺻﻞ ﺷﻮد.در ﺻﻮرﺗﯿﮑﻪ از آﻧﺴﻮي ﻟﯿﻨﮏ ﻓﺮﯾﻢ ﻣﺸﺎﺑﻪ ارﺳﺎﻟﯽ‬ ‫درﯾﺎﻓﺖ ﻧﺸﻮد ﺑﻪ ﻣﻌﻨﺎي ‪ down‬ﺷﺪن اﯾﻨﺘﺮﻓﯿﺲ اﺳﺖ.اﯾﻦ ﻓﺮﯾﻢ ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﻫﺮ 01 ﺛﺎﻧﯿﻪ ﯾﮑﺒﺎر ارﺳﺎل‬ ‫ﻣﯽ ﺷﻮد.ﺑﺮاي ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن آن اﯾﻦ ﻋﺪد ﺑﻪ ﺻﻔﺮ ﺗﻐﯿﯿﺮ داده ﻣﯽ ﺷﻮد.‬ ‫? ‪Router(config-if)#keepalive‬‬ ‫)‪<0-32767> Keepalive period (default 10 seconds‬‬ ‫0 ‪Router(config-if)#keepalive‬‬ ‫8. ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ‪CDP‬‬ ‫‪ CDP‬ﭘﺮوﺗﮑﻞ ﻻﯾﻪ دو اﺳﺖ ﮐﻪ ﺑﻪ ﺟﺎﺑﺠﺎﯾﯽ ﻣﺸﺨﺼﺎت رﯾﺰو درﺷﺖ ادوات ﺳﯿﺴﮑﻮ در ﯾﮏ ﺳﮕﻤﻨﺖ از ﺷﺒﮑﻪ‬ ‫ﻣﯽ ﭘﺮدازد.ﻫﻨﮕﺎﻣﯽ ﮐﻪ دو دﺳﺘﮕﺎه روﺗﺮ را ﺑﻪ ﺻﻮرت ﻣﺴﺘﻘﯿﻢ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﯿﮑﻨﯿﻢ ﺷﺮوع ﺑﻪ ارﺳﺎل و درﯾﺎﻓﺖ‬ ‫ﻓﺮﯾﻤﻬﺎي ‪CDP‬روي ﮐﻠﯿﻪ ﭘﻮرﺗﻬﺎي ﺧﻮد ﻣﯽ ﮐﻨﻨﺪ )ﺑﻪ ﺟﺰ ‪ .(Framerelay‬ﺑﺮاي ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن آن روي ﯾﮏ‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﺧﺎص از دﺳﺘﻮر ‪ no cdp‬اﺳﺘﻔﺎده ﻣﯿﺸﻮد‬ ‫‪Router(config-if)#no cdp enable‬‬ ‫ﺗﺎ اﯾﻨﺠﺎ ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ اﺗﻤﺎم رﺳﯿﺪ.اﮐﻨﻮن ﺑﺮاي ﭼﮏ ﮐﺮدن و ﻣﺸﺎﻫﺪه ﮐﺎﻧﻔﯿﮕﻬﺎي ﺻﻮرت ﮔﺮﻓﺘﻪ روي 0/0‪Fa‬‬ ‫ﺑﺪون ﺧﺎرج ﺷﺪن از ﻣﻮد ﺟﺎري ﺑﻪ ﺷﮑﻞ زﯾﺮ ﻋﻤﻞ ﻣﯿﮑﻨﯿﻢ‬ ‫0/0‪Router(config-if)#do show run interface FastEthernet‬‬ ‫...‪Building configuration‬‬ ‫‪Current configuration : 245 bytes‬‬ ‫!‬ ‫0/0‪interface FastEthernet‬‬ ‫9‪mac-address ca02.0adc.0ef‬‬ ‫0251 ‪mtu‬‬ ‫00001 ‪bandwidth‬‬ ‫‪ip address 172.27.48.254 255.255.255.0 secondary‬‬ ‫0.552.552.552 452.15.432.01 ‪ip address‬‬ ‫00001 ‪delay‬‬ ‫092 ‪Page 75 of‬‬
duplex full speed 100 no keepalive no cdp enable end Router(config-if)# Page 76 of 290
‫آزﻣﺎﯾﺶ 8.2 - ﭘﯿﮑﺮﺑﻨﺪي ‪Loopback interface‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻌﺮﯾﻒ و ﺗﻨﻈﯿﻢ ‪ loopback interface‬روي روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎي ﻟﻮپ ﺑﮏ ﺑﻪ ﻋﻨﻮان اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻫﻤﯿﺸﻪ ‪ UP‬در ﺳﻨﺎرﯾﻮﻫﺎي ﻣﺘﻌﺪدي ﻫﻤﭽﻮن ‪management‬‬ ‫‪ Dynamic routing ،Process Router id ، tunnel source/destination ،interface‬و ﺑﺮﺧﯽ ﻣﻮارد دﯾﮕﺮ‬ ‫ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯽ ﮔﯿﺮﻧﺪ‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫راه اﻧﺪازي ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪ Gns‬و ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ آن‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ 1 ‪ loopback‬و ﺗﺨﺼﯿﺺ آدرس 0.552.552.552 152.12.332.01 ﺑﻪ آن‬ ‫‪‬‬ ‫ﺣﺬف اﯾﻨﺘﺮﻓﯿﺲ 1 ‪loopback‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ، اﯾﻨﺘﺮﻓﯿﺴﯽ ﻧﺮم اﻓﺰاري و ﻫﻤﻮاره ‪ up‬ﻣﺤﺴﻮب ﻣﯿﺸﻮد . ﺑﻪ ﻫﯿﭻ ﯾﮏ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﯿﺰﯾﮑﯽ‬ ‫واﺑﺴﺘﻪ ﻧﯿﺴﺘﻨﺪ ﺑﻪ ﻫﻤﯿﻦ ﺟﻬﺖ ﻫﯿﭻ ﮔﺎه ‪ down‬ﻧﻤﯿﺸﻮﻧﺪ ﻣﮕﺮ ﺑﻪ ﻃﻮر دﺳﺘﯽ و از ﻃﺮﯾﻖ دﺳﺘﻮر. ﺑﺮاي اﯾﺠﺎد ﻟﻮپ ﺑﮏ‬ ‫ﺟﺪﯾﺪ ﻧﯿﺎز اﺳﺖ ﺗﺎ در ﻣﻮد ‪ global configuration‬از دﺳﺘﻮر # ‪ loopback‬اﺳﺘﻔﺎده ﺷﻮد ﻣﺎﻧﻨﺪ ﮐﺪ زﯾﺮ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫.‪End with CNTL/Z‬‬ ‫‪Router>enable‬‬ ‫:‪Password‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫? ‪Router(config)#interface loopback‬‬ ‫‪<0-2147483647> Loopback interface number‬‬ ‫1 ‪Router(config)#interface loopback‬‬ ‫‪%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to‬‬ ‫‪up‬‬ ‫#)‪Router(config-if‬‬ ‫092 ‪Page 77 of‬‬
‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ دﯾﺪم ﺑﻪ ﻣﺤﺾ اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ در ﺣﺎﻟﺖ ‪ up‬ﻗﺮار ﮔﺮﻓﺖ.اﮐﻨﻮن ﻧﻮﺑﺖ ﺑﻪ ‪ ip‬دﻫﯽ ﺑﻪ اﯾﻦ ﻧﻮزاد ﺗﺎزه ﻣﺘﻮﻟﺪ‬ ‫ﺷﺪه ﻣﯽ رﺳﺪ. از دﺳﺘﻮر زﯾﺮ ﺑﺮاي اﯾﻨﮑﺎر اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬ ‫0.552.552.552 152.12.332.01 ‪Router(config-if)#ip address‬‬ ‫2. دوﻣﯿﻦ ﺑﺨﺶ اﯾﻦ آزﻣﺎﯾﺶ ﺣﺬف اﯾﻨﺘﺮﻓﯿﺲ اﯾﺠﺎد ﺷﺪه اﺳﺖ. ﺑﺮاي اﻧﺠﺎم اﯾﻨﮑﺎر از ﻋﺒﺎرت ‪ no‬ﭘﺸﺖ ﺳﺮ دﺳﺘﻮر‬ ‫اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ.‬ ‫1 ‪Router(config-if)#no interface loopback‬‬ ‫‪% Not all config may be removed and may reappear after reactivating the‬‬ ‫‪logical-interface/sub-interfaces‬‬ ‫#)‪Router(config‬‬ ‫‪%LINK-5-CHANGED: Interface Loopback1, changed state to administratively down‬‬ ‫‪%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to‬‬ ‫‪down‬‬ ‫ﺑﻪ ﻣﺠﺮد اﯾﻨﮑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﺣﺬف ﻣﯿﺸﻮد ﭘﯿﻐﺎﻣﯽ ﻣﺒﻨﯽ ﺑﺮ اﯾﻨﮑﻪ ﺗﻨﻈﯿﻤﺎت ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ ﺣﺬف ﺷﺪه از ﺳﯿﺴﺘﻢ ﭘﺎك‬ ‫ﻧﻤﯿﺸﻮد و دوﺑﺎره ﺑﺎ ﻓﻌﺎل ﺷﺪن اﯾﻨﺘﺮﻓﯿﺲ ﺑﺎز ﺧﻮاﻫﻨﺪ ﮔﺸﺖ ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد.اﯾﻦ ﺑﺪان ﻣﻌﻨﺎﺳﺖ ﮐﻪ ﻫﻨﮕﺎم اﯾﺠﺎد ﻣﺠﺪد‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﭘﺎك ﺷﺪه ﻣﻤﮑﻦ اﺳﺖ ﺑﺮﺧﯽ ﺗﻨﻈﯿﻤﺎت ﻗﺪﯾﻤﯽ ﻣﺮﺑﻮط ﺑﻪ آن اﯾﻨﺘﺮﻓﯿﺲ ﻗﺪﯾﻤﯽ ﻣﺠﺪدا ﻇﺎﻫﺮ ﺷﻮد!! در ﺻﻮرت‬ ‫ﻣﺸﺎﻫﺪه ﭼﻨﯿﻦ ﻣﺸﮑﻠﯽ ﺑﺎ رﯾﻠﻮد ﮐﺮدن روﺗﺮ ﺑﺮ ﻃﺮف ﻣﯽ ﺷﻮد.‬ ‫092 ‪Page 78 of‬‬
‫آزﻣﺎﯾﺶ 9.2 – ﺑﻪ روز رﺳﺎﻧﯽ ‪IOS‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺑﻪ روز رﺳﺎﻧﯽ ‪ IOS‬روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫از آﻧﺠﺎﯾﯽ ﮐﻪ ﺗﻘﺮﯾﺒﺎ ﻫﺮ 3 ﻣﺎه ﯾﮑﺒﺎر ﻧﺴﺨﻪ ﺟﺪﯾﺪي از ‪ IOS‬ﺗﻮﺳﻂ ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ اراﺋﻪ ﻣﯿﺸﻮد ﺑﻪ روزرﺳﺎﻧﯽ آن روي‬ ‫ادوات ﺳﯿﺴﮑﻮ اﻣﺮي راﯾﺞ ﺑﯿﻦ ﻣﻬﻨﺪﺳﯿﻦ ﺷﺒﮑﻪ ﻣﺤﺴﻮب ﻣﯿﺸﻮد.ﻧﺴﺨﻪ ﻫﺎي ﺟﺪﯾﺪ ﺷﺎﻣﻞ وﯾﮋﮔﯿﻬﺎي ﺟﺪﯾﺪ ﻣﺨﺘﺺ آن‬ ‫ﭘﻠﺘﻔﺮم ﻫﻤﯿﻨﻄﻮر ﺑﺎﮔﻬﺎي ﺑﺮﻃﺮف ﺷﺪه ﻫﺴﺘﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪ – GNS‬ﺗﺮﺟﯿﺤﺎ روﺗﺮ واﻗﻌﯽ‬ ‫‪‬‬ ‫ﺗﻬﯿﻪ ﻧﺴﺨﻪ ﺟﺪﯾﺪ ﺗﺮي از ‪ IOS‬ﻣﺮﺑﻮط ﺑﻪ روﺗﺮ‬ ‫‪‬‬ ‫راه اﻧﺪازي ‪ TFPF‬ﺳﺮور‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫داﻧﻠﻮد و ﻧﺼﺐ ‪ tftp‬ﺳﺮور‬ ‫ﻗﺮار دادن ‪ ios‬در ‪Tftp server root‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ آدرس ‪ Tftp‬و روﺗﺮ ﺑﻪ ﮔﻮﻧﻪ اي ﮐﻪ از ﯾﮏ ‪ subnet‬ﺑﺎﺷﻨﺪ ﻣﺜﻼ 42/2.1.1.01 & 42/1.1.1.01‬ ‫‪‬‬ ‫اﻃﻤﯿﻨﺎن از ﺑﺮﻗﺮاري اﺗﺼﺎل اﺗﺮﻧﺖ ﻣﺎﺑﯿﻦ ‪ Tftp‬ﺳﺮور و روﺗﺮ‬ ‫‪‬‬ ‫‪‬‬ ‫ﮐﭙﯽ ‪ image file‬از ‪ Tftp server‬ﺑﻪ روﺗﺮ‬ ‫رﯾﺒﻮت ﮐﺮدن دﺳﺘﮕﺎه ﭘﺲ از ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﮐﭙﯽ ﺷﺪن ‪ ios‬ﺟﺪﯾﺪ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻧﮑﺘﻪ:ﺑﻬﺘﺮ اﺳﺖ اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ادوات واﻗﻌﯽ اﻧﺠﺎم ﺷﻮد ، ﺑﻪ دﻟﯿﻞ اﯾﻨﮑﻪ 3‪ GNS‬ﻧﻤﯿﺘﻮاﻧﺪ از ‪ image‬ﺟﺪﯾﺪ ﮐﭙﯽ ﺷﺪه ﺑﻪ‬ ‫‪ flash‬ﺑﻮت ﺷﻮد.‬ ‫1. ﺑﻪ ﻣﻨﻈﻮر ﺑﺮوزرﺳﺎﻧﯽ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ روﺗﺮ ﻗﺒﻞ از ﻫﺮﭼﯿﺰ ﺑﻪ ﯾﮏ ‪ Tftp server‬ﺑﻪ ﻫﻤﺮاه اﺗﺼﺎل ﮐﺮاس ﺑﻪ‬ ‫ﺳﻮﯾﯿﭻ ﯾﺎ اﺗﺼﺎل ‪ straight‬ﺑﻪ ﺳﻮﯾﯿﭻ ﺳﭙﺲ ﺑﻪ روﺗﺮ ﻧﯿﺎز دارﯾﻢ.ﺑﺮاي ﺗﻨﻈﯿﻢ ‪ ip‬دو ﻃﺮف ارﺗﺒﺎط از ﯾﮏ ﺳﺎﺑﻨﺖ‬ ‫ﻣﺸﺘﺮك اﺳﺘﻔﺎه ﻣﯿﮑﻨﯿﻢ، 42/1.1.1.01 ﺑﻪ ‪ PC‬و 42/2.1.1.01ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ اﺗﺮﻧﺖ روﺗﺮ ﮐﻪ ﺑﻪ ‪ PC‬ﻣﺘﺼﻞ‬ ‫اﺳﺖ ﻣﻨﺘﺴﺐ ﻣﯿﺸﻮﻧﺪ.‬ ‫092 ‪Page 79 of‬‬
Router con0 is now available Press RETURN to get started. Router>enable Password: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastethernet 0/0 Router(config-if)#ip address 10.1.1.2 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#end Router# ‫ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬ping ‫2. ﺑﺮاي اﻃﻤﯿﻨﺎن از ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت و ﺑﺮﻗﺮاري اﺗﺼﺎل ﻓﯿﺰﯾﮑﯽ از دﺳﺘﻮر‬ Router#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms Router# ‫ ﺟﺪﯾﺪ ﺑﻪ ﻓﻠﺶ ﻣﻤﻮري روﺗﺮ ﻣﯿﺮﺳﺪ.ﺑﺎ‬image ‫ و روﺗﺮ ﻧﻮﺑﺖ ﺑﻪ ﮐﭙﯽ‬PC ‫ﭘﺲ از ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺑﺮﻗﺮاري اﺗﺼﺎل ﻣﺎﺑﯿﻦ‬ ‫ ﻓﺎﯾﻞ روﺑﺮو ﺧﻮاﻫﯿﻢ‬image ‫ ﺳﺮور و ﻧﺎم‬Tftp ‫ ﺑﺎ ﭘﯿﺎﻣﯽ ﻣﺒﻨﯽ ﺑﺮ ﻣﺸﺨﺺ ﮐﺮدن آدرس‬copy tftp flash ‫اﺟﺮاي دﺳﺘﻮر‬ ‫ﺷﺪ‬ Router#copy tftp flash Address or name of remote host []? 10.1.1.1 Source filename []? c2600-adventerprisek9-mz.124-15.T11.bin Destination filename [c2600-adventerprisek9-mz.124-15.T11.bin]? Accessing tftp://10.1.1.1/c2600-adventerprisek9-mz.124-15.T11.bin... Erase flash: before copying? [confirm] Erasing the flash filesystem will remove all files! Continue? [confirm] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Erase of flash: complete Loading c2600-adventerprisek9-mz.124-15.T11.bin from 10.1.1.1 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 34634180 bytes] Verifying checksum... CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC OK (0x8E89) 34634180 bytes copied in 486.894 secs (71133 bytes/sec) Router# Page 80 of 290
‫ در ﻓﺮاﯾﻨﺪ ﺑﻮت دﭼﺎر ﻣﺸﮑﻞ ﺷﺪ و‬IOS ‫ ﻓﺎﯾﻞ ﺟﺪﯾﺪ روﺗﺮ را رﯾﺴﺖ ﻣﯿﮑﻨﯿﻢ ، در ﺻﻮرﺗﯿﮑﻪ‬image ‫ﭘﺲ از ﮐﭙﯽ ﺷﺪن‬ .‫ﺳﯿﺴﺘﻢ ﺑﻮت ﻧﺸﺪ از ﻓﺮاﯾﻨﺪ رﯾﮑﺎوري درس ﺑﻌﺪي اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ Router#reload System configuration has been modified. Save? [yes/no]: no Proceed with reload? [confirm] %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1) Copyright (c) 2003 by cisco Systems, Inc. C2600 platform with 262144 Kbytes of main memory program load complete, entry point: 0x80008000, size: 0x2107824 Self decompressing the image : ################################################# ############################################################################# ### ############################################################################# ### ############################################################################# ### ################################### [OK] Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ 00036F 0X00103980 000065 0X00031500 0X00098670 0X00211000 TOTAL: 0X003DE4F0 TYPE C2651XM Dual Fast Ethernet Four port Voice PM public buffer pools public particle pools If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Rounded IOMEM up to: 3Mb. Using 1 percent iomem. [3Mb/256Mb] Increasing IOMEM up to: 8Mb Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Page 81 of 290
Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), 12.4(15)T11, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 28-Oct-09 18:16 by prod_rel_team Image text-base: 0x800080F8, data-base: 0x83594B3C Version This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 2651XM (MPC860P) processor (revision 2.0) with 253952K/8192K bytes of memory. Processor board ID JAE08030QZL M860 processor: part number 5, mask 2 2 FastEthernet interfaces 2 Serial interfaces 32K bytes of NVRAM. 49152K bytes of processor board System flash (Read/Write) Slot is empty or does not support clock participate WIC slot is empty or does not support clock participate Press RETURN to get started! Page 82 of 290
‫آزﻣﺎﯾﺶ 01.2- ﺑﺎزﯾﺎﺑﯽ ‪ ios‬ﺗﺨﺮﯾﺐ ﺷﺪه در روﺗﺮﻫﺎي 0052‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﺣﯿﺎء ‪ ios‬ﻫﺎي ﺗﺨﺮﯾﺐ ﺷﺪه در روﺗﺮﻫﺎي ﺳﺮي 0052 آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.ﻧﮑﺎت اﯾﻦ درس در‬ ‫ﻣﻮرد ﺳﺮي ﻫﺎي 0003 و 0015‪ AS‬و 009‪ uBR‬ﻧﯿﺰ ﺻﺎدق اﺳﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺑﺎ اﯾﻨﮑﻪ ﺳﺮي 0052 ﻋﻤﻼ ﺟﺰ ﺳﺮﯾﻬﺎي ﻣﻨﺴﻮخ ﺷﺪه ﺑﻪ ﺣﺴﺎب ﻣﯽ آﯾﺪ اﻣﺎ اﺳﺘﻔﺎه از آن در ﻣﺤﯿﻄﻬﺎي آزﻣﺎﯾﺸﮕﺎﻫﯽ‬ ‫ﮐﻤﺎﮐﺎن راﯾﺞ اﺳﺖ.ﻗﻄﻌﺎ اﻣﺮوزه ﮐﺴﯽ ﺑﻪ ﻓﮑﺮ ﺑﺮوزرﺳﺎﻧﯽ ﺳﺮي 0052 ﮐﻪ آپ ﺗﺎﯾﻢ ﻧﺰدﯾﮏ ﺑﻪ 8 ﺳﺎل دارد ﻧﻤﯽ اﻓﺘﺪ ! ﭼﺮا‬ ‫ﺑﺎﯾﺪ ﺳﯿﺴﺘﻤﯽ را ﮐﻪ ﺑﻪ اﯾﻦ ﺧﻮﺑﯽ در ﺣﺎل اﻧﺠﺎم وﻇﯿﻔﻪ اﺳﺖ را ﺗﻐﯿﺮ داد؟ دﻧﺒﺎل ﭼﻪ ﭼﯿﺰ ﺑﯿﺸﺘﺮي ﻫﺴﺘﯿﻢ ؟ ﺳﻠﺴﻠﻪ‬ ‫ﻧﮑﺎت زﯾﺮ ﻣﻮاﻗﻌﯽ ﮐﺎرﺑﺮد دارﻧﺪ ﮐﻪ روﺗﺮ ﺑﺎزﻧﺸﺴﺘﻪ ﻣﺎ در ﺑﻮت اﺧﯿﺮ ﺧﻮد دﭼﺎر ﻣﺸﮑﻞ ﺷﺪه و ﺑﺎﻻ ﻧﻤﯽ آﯾﺪ ﻫﻤﯿﻨﻄﻮر‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ روﺗﺮﻫﺎي دﺳﺖ دوم ﺑﺎ ﻓﻠﺶ ﭘﺎك ﺷﺪه از ﺑﺎزار ﺧﺮﯾﺪاري ﻣﯽ ﺷﻮﻧﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ 0052 ﺑﺪون ‪ IOS‬ﯾﺎ ﺑﺎ ‪ IOS‬ﺧﺮاب . ﻣﯿﺘﻮان ﺑﺎ ‪ erase‬ﮐﺮدن ﻓﻠﺶ اﯾﻦ ﺣﺎﻟﺖ را اﯾﺠﺎد ﮐﺮد!‬ ‫‪‬‬ ‫اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ روﺗﺮ‬ ‫‪‬‬ ‫‪ Tftp‬ﺳﺮور ﻓﻌﺎل‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﻮت ﺑﻪ ﻣﺤﯿﻂ ‪ ROM mode‬از ﻃﺮﯾﻖ ﻧﮕﻬﺪاﺷﺘﻦ ﮐﻠﯿﺪﻫﺎي ‪ CTRL+Pause‬ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت‬ ‫ﺗﻐﯿﯿﺮ ‪ configuration register‬ﺑﻪ 1412×0 ﺟﻬﺖ ﺑﻮت ﺳﯿﺴﺘﻢ از ﻃﺮﯾﻖ ‪ROM‬‬ ‫ﭘﯿﮑﺮﺑﻨﺪي اوﻟﯿﻪ روﺗﺮ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ ‪ ip‬ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬ ‫‪‬‬ ‫ﮐﭙﯽ ‪ ios‬از ‪Tftp‬ﺳﺮور ﺑﻪ ﻓﻠﺶ روﺗﺮ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻐﯿﯿﺮ ‪ configuration register‬ﺑﻪ ﻣﻘﺪار ﻗﺒﻠﯽ و رﯾﺒﻮت روﺗﺮ‬ ‫.‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺎ ﻓﺸﺮدن ‪ CTRL+Pause‬ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت وارد ﻣﺤﯿﻂ ‪ Rom mode‬ﻣﯿﺸﻮﯾﻢ . ﺧﻂ ﻓﺮﻣﺎن اﮐﻨﻮن ﺑﻪ ﺣﺎﻟﺖ‬ ‫زﯾﺮ اﺳﺖ‬ ‫092 ‪Page 83 of‬‬
Copyright (c) 1986-1996 by cisco Systems 2500 processor with 14336 Kbytes of main memory Abort at 0x10CFA0A (PC) > ‫ ﺑﻪ‬Rom boot image ‫ را ﺑﻪ ﻣﻨﻈﻮر ﺑﻮت ﺷﺪن ﺑﻌﺪي از ﻃﺮﯾﻖ‬configuration register ‫2. ﻣﺤﺘﻮاي‬ ‫1412×0 ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ‬ >o/r 0x2141 .‫ ﻣﯽ ﺷﻮد‬Initialize ‫ روﺗﺮ وارد ﭘﺮوﺳﻪ‬i ‫3. ﺑﺎ وارد ﮐﺮدن ﻓﺮﻣﺎن‬ >I System Bootstrap, Version 11.0(10c), SOFTWARE Copyright (c) 1986-1996 by cisco Systems 2500 processor with 14336 Kbytes of main memory [OUTPUT TRUNCATED] Press RETURN to get started! ‫ ﺳﺮور ﻧﺴﺒﺖ ﻣﯽ دﻫﯿﻢ‬Tftp ‫ ﺟﻬﺖ اﺗﺼﺎل ﺑﻪ‬ip ‫4. در اﯾﻦ ﻣﺮﺣﻠﻪ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬ Press RETURN to get started! Router(boot)>enable Router(boot)#config t Router(boot)(config)#interface e0 Router(boot)(config-if)#ip add 10.1.1.20 255.255.255.0 Router(boot)(config-if)#no shut Router(boot)(config-if)#exit ****NOTE: The line below is optional if your TFTP server is not on the same network**** Router(boot)(config)#ip default-gateway 10.1.1.254 Router(boot)(config)#end .‫ ﺑﻪ ﻓﻠﺶ ﻣﻤﻮري روﺗﺮ ﮐﭙﯽ ﻣﯿﮑﻨﯿﻢ‬Tftp ‫ را از‬IOS Image ‫5. اﮐﻨﻮن‬ Router(boot)#copy tftp flash System flash directory: No files in System flash Page 84 of 290
[0 bytes used, 8388608 available, 8388608 total] Address or name of remote host [255.255.255.255]? 172.16.20.17 Source file name? c2500-i-l.121-27b.bin Destination file name [c2500-i-l.121-27b.bin]? Accessing file 'c2500-i-l.121-27b.bin' on 10.1.1.1... Loading c2500-i-l.121-27b.bin from 172.16.20.17 (via Ethernet0): ! [OK] Erase flash device before writing? [confirm] Copy 'c2500-i-l.121-27b.bin' from server as 'c2500-i-l.121-27b.bin' into Flash WITH erase? [yes/no]y Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Loading c2500-i-l.121-27b.bin from 172.16.20.17 (via Ethernet0): !!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!! [OUTPUT TRUNCATED] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! [OK - 8040260/8388608 bytes] Verifying checksum... OK (0xCB96) Flash copy took 0:03:58 [hh:mm:ss] Router(boot)# ‫ را ﺑﻪ ﻣﻘﺪار اوﻟﯿﻪ ﺑﺮ ﻣﯽ ﮔﺮداﻧﯿﻢ و روﺗﺮ‬Configuration register ‫ ﻣﺤﺘﻮاي‬IOS ‫6. ﭘﺲ از ﮐﭙﯽ ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ‬ .‫را رﯾﺒﻮت ﻣﯽ ﮐﻨﯿﻢ ﺑﻪ اﻣﯿﺪ اﯾﻨﮑﻪ اﯾﻨﺒﺎر ﺑﺎﻻ ﺧﻮاﻫﺪ آﻣﺪ‬ Router(boot)#configure terminal Router(boot)(config)#configuration-register 0x2102 Router(boot)(config)#end Router(boot)#reload System configuration has been modified. Save? [yes/no]: n Proceed with reload? [confirm] 00:06:51: %SYS-5-RELOAD: Reload requested System Bootstrap, Version 11.0(10c), SOFTWARE Copyright (c) 1986-1996 by cisco Systems 2500 processor with 14336 Kbytes of main memory Notice: NVRAM invalid, possibly due to write erase. F3: 7916604+123624+619980 at 0x3000060 Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Page 85 of 290
Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(27b), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Tue 16-Aug-05 22:38 by pwade Image text-base: 0x03041FDC, data-base: 0x00001000 cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory. Processor board ID 11848462, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: ‫7. ﺧﻮب ﺗﺎ اﯾﻨﺠﺎ روﺗﺮ ﺑﺎﻻ اﻣﺪ اﻣﺎ ﺑﺪون ﻫﯿﭻ ﮔﻮﻧﻪ اﺛﺮي از ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ . اﮔﺮ از ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ ﭘﺸﺘﯿﺒﺎن ﺗﻬﯿﻪ‬ .‫ﮐﺮده اﯾﺪ ﮐﻪ ﻫﯿﭻ ، اﮔﺮ ﻧﮑﺮده اﯾﺪ ﺑﻬﺘﺮ اﺳﺖ رزوﻣﻪ ﺧﻮد را ﺑﺮوز ﮐﻨﯿﺪ‬ Page 86 of 290
‫آزﻣﺎﯾﺶ 4.2 – اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺳﺮﯾﻬﺎي دﯾﮕﺮ روﺗﺮ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺗﺨﺮﯾﺐ ﺷﺪه روﺗﺮﻫﺎي ﺳﺮي ,0092 ,0082 ,0091 ,0081 ,0071‬ ‫0093 ,0083 و .... آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺳﺮي 0062 روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ ﻋﻤﻼ ﺗﻮﺳﻂ ﺳﺮي 0082 از دور ﺧﺎرج ﺷﺪﻧﺪ اﻣﺎ ﺑﻪ وﻓﻮر در ﻣﺤﯿﻄﻬﺎي آزﻣﺎﯾﺸﮕﺎﻫﯽ ﺑﻪ‬ ‫ﭼﺸﻢ ﻣﯽ ﺧﻮرﻧﺪ.ﻣﺤﯿﻂ ‪ ROMMON‬اﯾﻦ ﺳﺮي ﮐﻪ ﺑﻪ ﻣﻨﻈﻮر ﺗﺮﻣﯿﻢ و اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺗﺨﺮﯾﺐ ﺷﺪه ﻣﻮرد اﺳﺘﻔﺎده‬ ‫ﻗﺮار ﻣﯽ ﮔﯿﺮد ﮐﺎﻣﻼ ﻣﺸﺎﺑﻪ ﻣﺤﯿﻂ ﺳﺮﯾﻬﺎي ﺑﺎﻻﺗﺮ ﻣﯽ ﺑﺎﺷﺪ. ﺑﻪ ﻫﻤﯿﻦ ﺟﻬﺖ از اﯾﻦ ﺳﺮي ﺟﻬﺖ ﺗﻤﺮﯾﻦ آزﻣﺎﯾﺶ ﺟﺎري‬ ‫اﺳﺘﻔﺎده ﻣﯽ ﮐﻨﯿﻢ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ ﺳﺮي 0062 ﻓﺎﻗﺪ ‪ IOS‬ﯾﺎ ‪ IOS‬ﺗﺨﺮﯾﺐ ﺷﺪه .‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮ‬ ‫‪Tftp‬ﺳﺮور و اﺗﺼﺎل آن ﺑﻪ روﺗﺮ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﻮت ﺑﻪ ﻣﺤﯿﻂ ‪ ROM mode‬از ﻃﺮﯾﻖ ﻧﮕﻬﺪاﺷﺘﻦ ‪ CTRL + Pause‬ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت‬ ‫‪‬‬ ‫ﻣﻘﺪار دﻫﯽ ﺑﻪ ﻣﺘﻐﯿﺮ ‪ TFTPDNLD‬ﺟﻬﺖ درﯾﺎﻓﺖ ‪ image‬از ‪tftp‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﺟﺮاي دﺳﺘﻮر ‪ TFTPDNLD –r‬ﺑﻪ ﻣﻨﻈﻮر ﻟﻮد ﮐﺮدن ‪ image‬ﺑﻪ درون ‪Ram‬‬ ‫ﮐﭙﯽ ‪ IOS‬ﺑﻪ ﻓﻠﺶ ﻣﻤﻮري ﭘﺲ از ﺑﻮت ﺷﺪن از ﻃﺮﯾﻖ ‪IOS‬‬ ‫رﯾﺒﻮت ﻧﻬﺎﯾﯽ ﺳﯿﺴﺘﻢ و ﭼﮏ ﮐﺮدن ﺻﺤﺖ ﻣﺮاﺣﻞ ﻓﻮق‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺎ ﻓﺮض اﯾﻨﮑﻪ اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ روﺗﺮ ﻣﻌﯿﻮب ﺑﺮﻗﺮار ﺷﺪه اﺳﺖ ، روﺗﺮ را رﯾﺴﺖ ﻣﯿﮑﻨﯿﻢ و ﺑﺎ ﻓﺸﺮدن ﺗﺮﮐﯿﺐ‬ ‫‪ CTRL + Pause‬وارد ﻣﺤﯿﻂ ‪ ROMMON‬ﻣﯽ ﺷﻮﯾﻢ.ﺧﺮوﺟﯽ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺖ‬ ‫092 ‪Page 87 of‬‬
System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1) Copyright (c) 2003 by cisco Systems, Inc. C2600 platform with 262144 Kbytes of main memory device does not contain a valid magic number boot: cannot open "flash:" boot: cannot determine first file name on device "flash:" rommon 1 > ‫1562 وﺟﻮد دارﻧﺪ را‬XM ‫ روي ﭘﻠﺘﻔﺮم‬ROMMON ‫ ﻣﯽ ﺗﻮان ﻟﯿﺴﺖ دﺳﺘﻮراﺗﯽ را ﮐﻪ در ﺣﺎﻟﺖ‬help ‫ﺑﺎ اﺟﺮاي دﺳﺘﻮر‬ .‫ﻣﺸﺎﻫﺪه ﮐﺮد‬ rommon 1 > help alias boot break confreg cont context cookie dev dir dis dnld frame help history meminfo repeat reset set stack sync sysret tftpdnld unalias unset xmodem rommon 2 > set and display aliases command boot up an external process set/show/clear the breakpoint configuration register utility continue executing a downloaded image display the context of a loaded image display contents of cookie PROM in hex list the device table list files in file system display instruction stream serial download a program module print out a selected stack frame monitor builtin command help monitor command history main memory information repeat a monitor command system reset display the monitor variables produce a stack trace write monitor environment to NVRAM print out info from last system return tftp image download unset an alias unset a monitor variable x/ymodem image download ‫ را ﺑﻪ درون ﻓﻠﺶ ﻣﻤﻮري روﺗﺮ داﻧﻮد‬IOS image ‫ اﺳﺖ.اﯾﻦ دﺳﺘﻮر‬tftpdnld ‫2. اﮐﻨﻮن ﻧﻮﺑﺖ ﮐﺎر ﺑﺎ دﺳﺘﻮر‬ ‫ را ﻧﯿﺰ دارا اﺳﺖ.ﺑﺎ ﺗﺎﯾﭗ اﯾﻦ دﺳﺘﻮر ﭘﺎراﻣﺘﺮﻫﺎﯾﯽ ﮐﻪ را‬Ram ‫ﻣﯿﮑﻨﺪ ﻫﻤﯿﻨﻄﻮر ﻗﺎﺑﻠﯿﺖ ﺑﺎرﮔﺬاري ﻣﺴﺘﻘﯿﻢ درون‬ ‫ﮐﻪ ﺑﺮاي اﺟﺮا ﺑﻪ آﻧﻬﺎ ﻧﯿﺎز دارد را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ‬ rommon 2 > tftpdnld Page 88 of 290
Missing or illegal ip address for variable IP_ADDRESS Illegal IP address. usage: tftpdnld [-r] Use this command for disaster recovery only to recover an image via TFTP. Monitor variables are used to set up parameters for the transfer. (Syntax: "VARIABLE_NAME=value" and use "set" to show current variables.) "ctrl-c" or "break" stops the transfer before flash erase begins. The following variables are REQUIRED to be set for tftpdnld: IP_ADDRESS: The IP address for this unit IP_SUBNET_MASK: The subnet mask for this unit DEFAULT_GATEWAY: The default gateway for this unit TFTP_SERVER: The IP address of the server to fetch from TFTP_FILE: The filename to fetch The following variables are OPTIONAL: TFTP_VERBOSE: Print setting. 0=quiet, 1=progress(default), 2=verbose TFTP_RETRY_COUNT: Retry count for ARP and TFTP (default=12) TFTP_TIMEOUT: Overall timeout of operation in seconds (default=7200) TFTP_CHECKSUM: Perform checksum test on image, 0=no, 1=yes (default=1) FE_SPEED_MODE: 0=10/hdx, 1=10/fdx, 2=100/hdx, 3=100/fdx, 4=Auto(deflt) Command line options: -r: do not write flash, load to DRAM only and launch image rommon 3 > ‫ را وارد ﻣﯿﮑﻨﯿﻢ‬set ‫ دﺳﺘﻮر‬image ‫ﺟﻬﺖ ﻣﻘﺪار دﻫﯽ ﺑﻪ ﭘﺎراﻣﺘﺮﻫﺎي ﻣﻮرد ﻧﯿﺎز ﺟﻬﺖ داﻧﻠﻮد‬ rommon 3 > set PS1=rommon ! > BOOT= RET_2_RUTC=0 BSI=0 RANDOM_NUM=1492875412 ROM_PERSISTENT_UTC=1016225763 RET_2_RTS= RET_2_RCALTS= ?=1 rommon 24 > set PS1=rommon ! > BOOT= RET_2_RUTC=0 BSI=0 RANDOM_NUM=1492875412 ROM_PERSISTENT_UTC=1016225763 RET_2_RTS= RET_2_RCALTS= ?=0 rommon 4 > Page 89 of 290
‫در زﯾﺮ ﻟﯿﺴﺖ ﭘﺎراﻣﺘﺮﻫﺎ و ﻣﻘﺎدﯾﺮ ﻣﻮرد ﻧﯿﺎز آﻧﻬﺎ را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ rommon rommon rommon rommon rommon 4 5 6 7 8 > > > > > IP_ADDRESS=10.1.1.10 IP_SUBNET_MASK=255.255.255.0 DEFAULT_GATEWAY=10.1.1.254 TFTP_SERVER=172.16.20.17 TFTP_FILE=c2600-i-mz.123-26.bin ‫ اﺳﺘﻔﺎده‬Ram ‫ درون‬image ‫ ﺑﻪ ﻣﻨﻈﻮر ﺑﺎرﮔﺬاري ﻣﺴﺘﻘﯿﻢ‬tftpdnld –r ‫ﭘﺲ از ﻣﻘﺪار دﻫﯽ ﭘﺎراﻣﺘﺮﻫﺎ از دﺳﺘﻮر‬ ‫ﻣﯿﮑﻨﯿﻢ‬ rommon 9 > tftpdnld -r IP_ADDRESS: IP_SUBNET_MASK: DEFAULT_GATEWAY: TFTP_SERVER: TFTP_FILE: 10.1.1.10 255.255.255.0 10.1.1.254 172.16.20.17 c2600-i-mz.123-26.bin ..... Receiving c2600-i-mz.123-26.bin from 172.16.20.17 !!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! File reception completed. program load complete, entry point: 0x80008000, size: 0x765238 Self decompressing the image : ############################################## ####################################################################### [OK] Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ 00036F 0X00103980 000065 0X00031500 0X00098670 0X00211000 TOTAL: 0X003DE4F0 TYPE C2651XM Dual Fast Ethernet Four port Voice PM public buffer pools public particle pools If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Rounded IOMEM up to: 4Mb. Using 3 percent iomem. [4Mb/128Mb] Page 90 of 290
Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 15:23 by dchih cisco 2651XM (MPC860P) processor (revision 0x200) with 126976K/4096K bytes of memory. Processor board ID JAE08030QZL (457188033) M860 processor: part number 5, mask 2 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 49152K bytes of processor board System flash (Read/Write) --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: ‫ ﺳﺮور ﺑﻪ ﻓﻠﺶ‬Tftp ‫ از‬ISO image ‫ ﺷﺮوع ﺑﻪ ﮐﭙﯽ‬cli ‫ را ﺗﺎﯾﭗ ﻣﯿﮑﻨﯿﻢ و ﺑﻪ ﻣﺤﺾ وارد ﺷﺪن ﺑﻪ ﻣﺤﯿﻂ‬no ‫ﻋﺒﺎرت‬ ‫ﻣﻤﻮري روﺗﺮ ﻣﯿﮑﻨﯿﻢ. ﻣﻤﮑﻦ اﺳﺖ از ﺧﻮد ﺑﭙﺮﺳﯿﺪ ﭼﺮا از اﺑﺘﺪا اﯾﻨﮑﺎر اﻧﺠﺎم ﻧﺸﺪ و ﻋﻠﺖ اﯾﻦ دوﺑﺎره ﮐﺎري ﭼﯿﺴﺖ ؟ ﻋﻠﺖ‬ image ‫ اﺳﺖ ﻧﺴﺒﺖ ﺑﻪ ﺳﺮﻋﺖ ﮐﭙﯽ‬TFTPDNLD ‫ ﺑﻪ ﻓﻠﺶ ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر‬Tftp ‫در ﮐﻨﺪ ﺑﻮدن ﻓﺮاﯾﻨﺪ ﮐﭙﯽ از‬ ‫ ﺑﻪ‬Tftp ‫ از‬IOS ‫ اﻧﺠﺎم ﻣﯿﺸﻮد و ﺑﻌﺪ از آن ﻣﺎﻧﻨﺪ درس 9.2 اﻗﺪام ﺑﻪ ﮐﭙﯽ‬Ram ‫ . در ﻧﺘﯿﺠﻪ اﺑﺘﺪا ﺑﻮت ﺑﻪ‬Ram ‫ﻓﺎﯾﻞ ﺑﻪ‬ ‫ﻓﻠﺶ ﻣﯿﮑﻨﯿﻢ. اﺑﺘﺪا ﺗﻨﻈﯿﻤﺎت آدرس اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮرا ﺑﻪ ﻗﺮار زﯾﺮ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ Router>enable Router#configure terminal Router(config)#interface fa0/0 Router(config-if)#ip add 10.1.1.10 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit Router(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.254 Router(config)#end Router# Page 91 of 290
‫ ﺑﻪ ﻓﻠﺶ ﻣﻤﻮري‬IOS ‫وﺑﻌﺪ از آن ﮐﭙﯽ‬ Router#copy tftp flash Address or name of remote host []? 172.16.20.17 Source filename []? c2600-adventerprisek9-mz.124-1.bin Destination filename [c2600-adventerprisek9-mz.124-1.bin]? Accessing tftp://172.16.20.17/c2600-adventerprisek9-mz.124-1.bin... Erase flash: before copying? [confirm] Erasing the flash filesystem will remove all files! Continue? [confirm] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee e eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Erase of flash: complete Loading c2600-adventerprisek9-mz.124-1.bin from 172.16.20.17 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!! [OK - 34634180 bytes] Verifying checksum... OK (0x8E89) 34634180 bytes copied in 279.014 secs (124131 bytes/sec) Router# ‫ ﺑﻪ ﻓﻠﺶ ﻣﻤﻮري ، روﺗﺮ را رﯾﺴﺖ ﻣﯽ ﮐﻨﯿﻢ و ﺑﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺟﺪﯾﺪ ﻣﺴﺘﻘﺮ در ﻓﻠﺶ ﺑﻮت‬IOS ‫اﮐﻨﻮن ﭘﺲ از اﺗﻤﺎم ﮐﭙﯽ‬ !‫ﻣﯽ ﺷﻮﯾﻢ‬ Page 92 of 290
‫آزﻣﺎﯾﺶ 21.2- اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺗﺨﺮﯾﺐ ﺷﺪه ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺳﺮي 0573 ,0653 ,0553 ,0592‬ ‫از ﻃﺮﯾﻖ ‪ Xmodem‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ ﺟﺰ ﻣﻬﺎرﺗﻬﺎﯾﯽ اﺳﺖ ﮐﻪ ﻫﺮ ﻣﻬﻨﺪس ﺷﺒﮑﻪ ﻣﻠﺰم ﺑﻪ داﻧﺴﺘﻦ آن اﺳﺖ و ﺧﻮاﻫﯽ‬ ‫ﻧﺨﻮاﻫﯽ ﺣﺪاﻗﻞ ﯾﮏ ﺑﺎر ﻃﯽ دوران ﺣﺮﻓﻪ اي ﺧﻮد ﺑﺎ آن ﻣﻮاﺟﻪ ﻣﯿﺸﻮد.ﺑﻬﺘﺮ اﺳﺖ ﻣﻬﺎرﺗﻬﺎي اﯾﻦ ﭼﻨﯿﻨﯽ ﻗﺒﻞ از وﻗﻮع‬ ‫ﺑﺤﺮان و ﻗﺮار ﮔﺮﻓﺘﻦ در ﺷﺮاﯾﻂ ﭘﺮ اﺳﺘﺮس واﻗﻌﯽ آﻣﻮﺧﺘﻪ ﺷﻮﻧﺪ ﺗﺎ در ﻫﻨﮕﺎم وﻗﻮع اﯾﻦ ﻣﺸﮑﻞ زﻣﺎن ﺑﺮاي ﻣﻄﺎﻟﻌﻪ و‬ ‫ﺗﺤﻘﯿﻖ در ﺧﺼﻮص روش اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ از دﺳﺖ ﻧﺮود.‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه ﺳﻮﯾﯿﺞ واﻗﻌﯽ ﻓﺎﻗﺪ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﯾﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺗﺨﺮﯾﺐ ﺷﺪه– ﻣﺒﺎﺣﺚ اﯾﻦ ﺟﻠﺴﻪ در 3‪Gns‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﺳﻮﯾﯿﭻ‬ ‫‪‬‬ ‫اﺳﺘﻔﺎده از ‪ HyperTerminal‬ﯾﺎ ‪ SecureCTR‬ﺑﻪ دﻟﯿﻞ اﯾﻨﮑﻪ ‪ Puty‬از ‪ Xmodem‬ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ‬ ‫ﻗﺎﺑﻞ اﺟﺮا ﻧﯿﺴﺖ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﻮت ﺑﻪ ﻣﺤﯿﻂ ‪SWITCH ROM‬‬ ‫‪ Initialize‬ﮐﺮدن ﻓﺎﯾﻞ ﺳﯿﺴﺘﻢ ﻓﻠﺶ‬ ‫‪‬‬ ‫اﻓﺰاﯾﺶ ‪ Baude rate‬ﺑﻪ 002511ﺟﻬﺖ ارﺗﺒﺎط ﺳﺮﯾﻌﺘﺮ ‪Xmodem‬‬ ‫‪‬‬ ‫ﮐﭙﯽ ‪ IOS‬از ﻃﺮﯾﻖ ‪ Xmodem‬ﺑﻪ ﻓﻠﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﭘﺎراﻣﺘﺮﻫﺎي ﺑﻮت ﺟﻬﺖ ﺑﻮت ﺷﺪن ﺑﻌﺪي ﺑﺎ ‪ IOS‬ﺟﺪﯾﺪ‬ ‫ﺑﺮﮔﺮداﻧﺪن ‪ Baude rate‬ﺑﻪ 0069‬ ‫رﯾﺒﻮت ﺳﻮﯾﯿﭻ و اﻃﻤﯿﻨﺎن از ﺻﺤﺖ ﻓﻌﺎﻟﯿﺘﻬﺎي ﺻﻮرت ﮔﺮﻓﺘﻪ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫روش ﺑﺎزﯾﺎﺑﯽ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺗﺎﺣﺪي ﻣﺘﻔﺎوت از روﺷﻬﺎي ﻣﺘﺪاوﻟﯽ اﺳﺖ ﮐﻪ ﺗﺎﮐﻨﻮن‬ ‫آﻣﻮﺧﺘﯿﻢ.ﻣﺘﺎﺳﻔﺎﻧﻪ ﺳﺮي ﻫﺎي ﻏﯿﺮ ﻣﺎژوﻻر ﮐﺎﺗﺎﻟﯿﺴﺖ ﺻﺮﻓﺎ از ﻃﺮﯾﻖ ‪ Xmodem‬اﻣﮑﺎن ﺗﺮﻣﯿﻢ ‪ IOS‬را دارا ﻫﺴﺘﻨﺪ ﺑﺮ‬ ‫ﺧﻼف ﺳﺮﯾﻬﺎي 0054,0056 ﮐﻪ ﺑﺮاﺣﺘﯽ از ﻃﺮﯾﻖ ‪ CF‬ﮐﺎرت اﯾﻦ ﻓﺮاﯾﻨﺪ را اﻧﺠﺎم ﻣﯽ دﻫﻨﺪ.‬ ‫092 ‪Page 93 of‬‬
‫ ﺑﻮت ﻣﯿﮑﻨﯿﻢ.ﺑﺮاي ﻣﺸﺎﻫﺪه ﺟﺰﺋﯿﺎت‬stat ‫ از ﻃﺮﯾﻖ ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻦ دﮐﻤﻪ‬Rom mode ‫1. ﺳﻮﯾﯿﭻ را ﺑﻪ ﻣﺤﯿﻂ‬ /‫ﺑﺒﯿﺸﺘﺮ ﺑﻪ آزﻣﺎﯾﺶ 3.2 ﻣﺮاﺟﻌﻪ ﮐﻨﯿﺪ‬ .‫ﺧﺮوﺟﯽ زﯾﺮ ﻣﺤﺘﻮاي ﺗﺮﻣﯿﻨﺎل ﭘﺲ از ورود ﺑﻪ اﯾﻦ ﻣﺤﯿﻂ را ﻧﺸﺎن ﻣﯽ دﻫﺪ‬ Boot Sector Filesystem (bs) installed, fsid: 2 Base ethernet MAC Address: 00:14:f2:d2:41:80 Xmodem file system is available. The password-recovery mechanism is enabled. The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software: flash_init boot switch: ‫ ﺧﻮاﻫﺪ ﺷﺪ ﻣﻄﺎﺑﻖ ﺑﺎ روش زﯾﺮ‬initialize ‫2. ﭘﺲ از ورود ﺑﻪ اﯾﻦ ﻣﺤﯿﻂ ﻓﺎﯾﻞ ﺳﯿﺴﺘﻢ ﻓﻠﺶ‬ switch: flash_init Initializing Flash... flashfs[0]: 1 files, 1 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 15998976 flashfs[0]: Bytes used: 12474880 flashfs[0]: Bytes available: 3524096 flashfs[0]: flashfs fsck took 10 seconds. ...done Initializing Flash. switch: ‫ ﻓﺮﻣﺖ‬format flash: ‫ ﺗﺨﺮﯾﺐ ﺷﺪه اﺳﺖ ﻣﯿﺘﻮان ﻓﻠﺶ را ﺑﺎ اﺳﺘﻔﺎده از‬ios ‫- در ﺻﻮرﺗﯿﮑﻪ‬Opitonal .3 !‫ را ﻫﻢ ﭘﺎك ﻣﯿﮑﻨﺪ‬startup config ‫ﮐﺮد.اﯾﻨﮑﺎر‬ Switch: format flash: Are you sure you want to format "flash:" (all data will be lost) (y/n)?y flashfs[0]: 0 files, 1 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 7741440 flashfs[0]: Bytes used: 1024 flashfs[0]: Bytes available: 7740416 flashfs[0]: flashfs fsck took 12 seconds. Page 94 of 290
Filesystem "flash:" formatted Switch: ‫ را ﻗﻄﻊ ﻧﻤﻮد‬xmodem ‫ را اﻓﺰاﯾﺶ دﻫﯿﻢ ﺑﺎﯾﺪ اﺗﺼﺎل ﺟﺎري‬Xmodem ‫4. ﺑﺮاي اﯾﻨﮑﻪ ﺳﺮﻋﺖ اﻧﺘﻘﺎل اﻃﻼﻋﺎت‬ ‫ ﺗﺎ ﺻﺒﺢ روز ﺑﻌﺪ ﻃﻮل‬IOS ‫ﺳﭙﺲ از ﻃﺮﯾﻖ دﺳﺘﻮر زﯾﺮ آﻧﺮا ﺗﺎ 002511 اﻓﺰاﯾﺶ داد در ﻏﯿﺮ اﯾﻨﺼﻮرت ﮐﭙﯽ‬ .‫ﺧﻮاﻫﺪ ﮐﺸﯿﺪ‬ switch: set BAUD 115200 ‫ ﺟﺪﯾﺪ را از ﻃﺮﯾﻖ دﺳﺘﻮر‬IOS ‫5. ﭘﺲ از ﺗﻨﻈﯿﻢ ﺳﺮﻋﺖ و ﺑﺮﻗﺮاري ﻣﺠﺪد ارﺗﺒﺎط ﺑﺎ ﺳﻮﯾﯿﭻ‬ ‫ ﺑﻪ ﻓﻠﺶ ﻣﻨﺘﻘﻞ ﻣﯿﮑﻨﯿﻢ‬copy xmodem: flash:filename.bin switch: copy xmodem: flash:c3560-ipservicesk9-mz.122-53.SE.bin Begin the Xmodem or Xmodem-1K transfer now... CCC Starting xmodem transfer. Press Ctrl+C to cancel. Transferring c3560-ipservicesk9-mz.122-53.SE.bin... 100% 12181 KB 6 KB/s 00:31:56 0 Errors ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................. File "xmodem:" successfully copied to "flash:c3560-ipservicesk9-mz.12253.SE.bin" switch: Page 95 of 290
‫ ﺟﺪﯾﺪ را‬IOS ‫ ﭘﺎراﻣﺘﺮ ﺑﻮت ﺳﻮﯾﯿﭻ را ﺑﻪ ﻓﺮم زﯾﺮ ﺑﺎ ﻫﺪف ﺑﻮت ﺑﻌﺪي از ﻃﺮﯾﻖ‬IOS ‫6. ﭘﺲ از ﮐﭙﯽ ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ‬ ‫اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ switch: set BOOT flash:c3560-ipservicesk9-mz.122-53.SE.bin ‫ را از ﻣﻘﺪار ﺟﺪﯾﺪ ﺑﻪ 0069 ﺑﺮﻣﯿﮕﺮداﻧﯿﻢ.ﭘﺲ از اﯾﻨﮑﺎر ﻻزم اﺳﺖ ارﺗﺒﺎط ﮐﻨﺴﻮل‬BAUD rate ‫7. ﭘﺲ از اﯾﻨﮑﺎر‬ .‫ﻗﻄﻊ ﺷﺪه و ﻣﺠﺪدا ﺑﺮﻗﺮار ﺷﻮد‬ switch: unset BAUD .‫ اﺳﺖ‬Xmodem ‫ ﺟﺪﯾﺪا ﮐﭙﯽ ﺷﺪه ﺗﻮﺳﻂ‬ios ‫8. آﺧﺮﯾﻦ ﻗﺪم ﺑﻮت ﮐﺮدن ﺳﻮﯾﯿﭻ و ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﻋﻤﻠﮑﺮد‬ .‫ﻣﻮﺟﺐ ﺑﻮت ﺷﺪن ﺳﯿﺴﺘﻢ ﺑﺎ ﭘﺎراﻣﺘﺮﻫﺎي ﺗﻨﻈﯿﻢ ﺷﺪه ﺟﺪﯾﺪ اﺳﺖ‬Boot ‫اﺳﺘﻔﺎده از دﺳﺘﻮر‬ switch: boot Loading "flash:/c3560-ipservicesk9-mz.122-53.SE.bin"...@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ File "flash:/c3560-ipservicesk9-mz.122-53.SE.bin" uncompressed and installed, entry point: 0x1000000 executing... Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), 12.2(53)SE, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Sun 13-Dec-09 15:45 by prod_rel_team Image text-base: 0x01000000, data-base: 0x02E00000 Version Page 96 of 290
Initializing flashfs... flashfs[1]: 1 files, 1 directories flashfs[1]: 0 orphaned files, 0 orphaned directories flashfs[1]: Total bytes: 15998976 flashfs[1]: Bytes used: 12474880 flashfs[1]: Bytes available: 3524096 flashfs[1]: flashfs fsck took 1 seconds. flashfs[1]: Initialization complete....done Initializing flashfs. Checking for Bootloader upgrade.. not needed POST: CPU MIC register Tests : Begin POST: CPU MIC register Tests : End, Status Passed POST: PortASIC Memory Tests : Begin POST: PortASIC Memory Tests : End, Status Passed POST: CPU MIC interface Loopback Tests : Begin POST: CPU MIC interface Loopback Tests : End, Status Passed POST: PortASIC RingLoopback Tests : Begin POST: PortASIC RingLoopback Tests : End, Status Passed POST: Inline Power Controller Tests : Begin POST: Inline Power Controller Tests : End, Status Passed POST: PortASIC CAM Subsystem Tests : Begin POST: PortASIC CAM Subsystem Tests : End, Status Passed POST: PortASIC Port Loopback Tests : Begin POST: PortASIC Port Loopback Tests : End, Status Passed Waiting for Port download...Complete This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C3560-24PS (PowerPC405) processor (revision M0) with 131072K bytes of memory. Processor board ID CAT0928Z2EE Page 97 of 290
Last reset from power-on 1 Virtual Ethernet interface 24 FastEthernet interfaces 2 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 00:14:F2:D2:D1:AF Motherboard assembly number : 73-9673-06 Power supply part number : 341-0029-03 Motherboard serial number : CAT09880NNZ Power supply serial number : LIT091091ZV Model revision number : M0 Motherboard revision number : A0 Model number : WS-C3560-24PS-S System serial number : CAT0911FAEE Top Assembly Part Number : 800-25861-03 Top Assembly Revision Number : A0 Version ID : V05 CLEI Code Number : COM1X1FARB Hardware Board Revision Number : 0x01 Switch Ports Model ------ ----- ----* 1 26 WS-C3560-24PS SW Version ---------12.2(53)SE SW Image ---------C3560-IPSERVICESK9-M Press RETURN to get started! Page 98 of 290
‫آزﻣﺎﯾﺶ 31.2- ﭼﮕﻮﻧﮕﯽ ﻧﻤﺎﯾﺶ ﺑﻨﺮ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﯾﺠﺎد ﺑﻨﺮ در ﻫﻨﮕﺎم ﻻﮔﯿﻦ،اﺟﺮاي دﺳﺘﻮرات و ﻧﻤﺎﯾﺶ ﭘﯿﺎم روز آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﺳﺘﻔﺎده از ﺑﻨﺮﻫﺎي ﻣﺨﺘﻠﻒ و ﻧﻤﺎﯾﺶ آﻧﻬﺎ در زﻣﺎﻧﻬﺎي ﺧﺎﺻﯽ ﻫﻤﭽﻮن ﺑﺮﻗﺮاري اﺗﺼﺎل ﺗﺮﻣﯿﻨﺎل ﯾﺎ ورود ﺑﻪ ﻣﺤﯿﻂ اﺟﺮاي‬ ‫دﺳﺘﻮرات اﻣﺮي راﯾﺞ اﺳﺖ.ﺑﻨﺮﻫﺎي ﻻﮔﯿﻦ ﭘﺲ از ورود ﻓﺮد ﺑﻪ ﺳﯿﺴﺘﻢ ﻧﻤﺎﯾﺶ داده ﻣﯽ ﺷﻮﻧﺪ.ﺑﻨﺮﻫﺎي ‪ MOTD‬ﻫﻢ ﭘﯿﺶ‬ ‫از اﺣﺮاز ﻫﻮﯾﺖ ﮐﺎرﺑﺮ ﻧﻤﺎﯾﺶ داده ﻣﯽ ﺷﻮد.ﺑﻨﺮﻫﺎي ‪ Exec‬ﻫﻢ ﻫﻨﮕﺎم ورود ﻓﺮد ﺑﻪ ﻣﺤﯿﻂ اﺟﺮاي دﺳﺘﻮرات ﻧﻤﺎﯾﺎن‬ ‫ﻣﯿﺸﻮﻧﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ login banner‬ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ ﭘﯿﺎم در ﻫﻨﮕﺎم ﺑﺮﻗﺮاري ﺗﻤﺎس ﺑﺎ روﺗﺮ‬ ‫اﯾﺠﺎد ﯾﮏ ‪ EXEC banner‬ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎﺗﯽ ﺧﺎص در ﻫﻨﮕﺎم ورود ﮐﺎرﺑﺮ ﺑﻪ ‪ mode‬اﺟﺮاي دﺳﺘﻮرات‬ ‫اﯾﺠﺎد ‪ Message of The Day (MOTD) banner‬ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ زﻣﺎن رﺳﯿﺪن ﺑﻪ ﺗﺎرﯾﺦ ﺳﺮوﯾﺲ و‬ ‫ﻧﮕﻬﺪاري دﺳﺘﮕﺎه .‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. در ﺑﺨﺶ اول، ﯾﮏ ﻻﮔﯿﻦ ﺑﻨﺮ ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﻗﺎﻧﻮﻧﯽ و ﻣﺎﻟﮑﯿﺘﯽ ﺳﯿﺴﺘﻢ ﻃﺮاﺣﯽ ﺧﻮاﻫﯿﻢ ﮐﺮد.در‬ ‫ﻫﻨﮕﺎم ﻃﺮاﺣﯽ ﺑﻨﺮ از ﮐﺎراﮐﺘﺮ ﺟﺪا ﮐﻨﻨﺪ ^ در اﺑﺘﺪا و اﻧﺘﻬﺎي ﻃﺮح ﺑﻨﺮ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.ﺑﺮاي اﯾﺠﺎد ﺑﻨﺮ از دﺳﺘﻮر‬ ‫‪ banner‬ﺑﻪ ﻫﻤﺮاه ﻣﺸﺨﺼﻪ ﺗﻌﯿﯿﻢ ﮐﻨﻨﺪه ﻧﻮع ﺑﻨﺮ ﮐﻪ در اﯾﻨﺠﺎ ‪ login‬اﺳﺖ اﺳﺘﻔﺎده ﻣﯿﺸﻮد.‬ ‫^ ‪Router(config)#banner login‬‬ ‫'^' ‪Enter TEXT message. End with the character‬‬ ‫##########################################‬ ‫‪# This is a Login banner used to show‬‬ ‫#‬ ‫#‬ ‫.‪legal and privacy information‬‬ ‫#‬ ‫#‬ ‫#‬ ‫#‬ ‫‪Unauthorized users prohibited‬‬ ‫#‬ ‫##########################################‬ ‫^‬ ‫092 ‪Page 99 of‬‬
Router(config)#end Router#exit ‫ﺻﺤﺖ ﻓﺮاﯾﻨﺪ ﺑﻨﺮ اﯾﺠﺎد ﺷﺪه ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ در ﻫﻨﮕﺎم ﻻﮔﯿﻦ ﺑﻪ ﺳﯿﺴﺘﻢ را در زﯾﺮ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ‬ Router con0 is now available Press RETURN to get started. ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## User Access Verification Password: Router> ‫ و ﻃﺮﯾﻘﻪ اي ﮐﻪ ﮐﺎرﺑﺮ ﺑﺎ آن اﺗﺼﺎل ﺑﺮﻗﺮار ﮐﺮده‬hostname ‫ ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ‬exec banner ‫2. در ﺑﺨﺶ دوم ﯾﮏ‬ ‫ ﻫﺎ ﺑﻪ‬Token.‫ آﺷﻨﺎ ﺷﻮﯾﻢ‬Banner Token ‫را اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ.ﺑﺮاي اﯾﺠﺎد اﯾﻦ ﻧﻮع ﺑﻨﺮ ﻻزم اﺳﺖ ﺑﺎ ﻣﻔﻬﻮم‬ ‫زﺑﺎن ﺳﺎده ﻣﺘﻐﯿﺮﻫﺎﯾﯽ ﻫﺴﺘﻨﺪ ﮐﻪ در دل ﺑﻨﺮ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮﻧﺪ و اﻃﻼﻋﺎﺗﯽ را از دل دﺳﺘﮕﺎه‬ Line ‫ و‬Hostname ‫($ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ ﮐﻪ‬line) ‫اﺳﺘﺨﺮاج ﮐﺮده و ﻧﻤﺎﯾﺶ ﻣﯽ دﻫﻨﺪ. در اﯾﻦ آزﻣﺎﯾﺶ از‬ ‫ﺑﻪ‬banner exec ^ ‫ از‬global config mode ‫ را ﺑﻪ ﮐﺎرﺑﺮ ﻧﻤﺎﯾﺶ ﻣﯽ دﻫﻨﺪ.ﻣﺎﻧﻨﺪ ﺑﻨﺮ ﻗﺒﻠﯽ در‬number ‫ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬ Router>enable Password: Router# Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#banner exec ^ Enter TEXT message. End with the character '^' Session established to $(hostname) on line $(line) ^ Router(config)# Page 100 of 290
‫ و ﺑﺎزﮔﺸﺖ ﻣﺠﺪد ﺑﻪ اﯾﻦ‬global config ‫ ، ﺗﻨﻈﻤﯿﺎت اﻧﺠﺎم ﺷﺪه را ﺑﺎ ﺧﺮوج از ﻣﺤﯿﻂ‬exec banner ‫ﭘﺲ از اﯾﺠﺎد‬ .‫ﻣﺤﯿﻂ ﭼﮏ ﻣﯿﮑﻨﯿﻢ‬ Router con0 is now available Press RETURN to get started. ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## User Access Verification Password: Session established to Router on line 0 Router> ‫ اﺳﺖ.اﯾﻦ ﻧﻮع ﺑﻨﺮ ﻋﻤﻮﻣﺎ ﺑﺮاي اﻃﻼع‬Message of the Day banner ‫3. آﺧﺮﯾﻦ ﺑﺨﺶ اﯾﻦ آزﻣﺎﯾﺶ ﺗﻨﻈﯿﻢ‬ ‫رﺳﺎﻧﯽ ﺑﻪ ﻣﺘﺼﺪﯾﺎن ﺗﺠﻬﯿﺰ در ﺧﺼﻮص ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ ﻧﮕﻬﺪاري آﺗﯽ ﺳﯿﺴﺘﻢ ﺑﻪ ﮐﺎر ﻣﯽ رود.اﯾﻦ ﺑﻨﺮ ﻗﺒﻞ از‬ ‫ﻧﻤﺎﯾﺶ ﻻﮔﯿﻦ ﺑﻨﺮ و ﺑﻪ ﻫﻤﺎن ﺷﯿﻮه اﯾﺠﺎد ﺑﻨﺮﻫﺎي ﻗﺒﻠﯽ اﯾﺠﺎد ﻣﯿﺸﻮد‬ Router>enable Password: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#banner motd ^ Enter TEXT message. End with the character '^' This router will undergo routine maintenance on 01/01/10 from 12:00AM to 2:00AM ^ Router(config)# ‫ﺑﺮاي ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت اﺧﯿﺮ از ﻣﻮد ﺟﺎري ﺧﺎرج ﺷﺪه و ﺧﺮوﺟﯽ را ﺑﻪ ﺻﻮرت زﯾﺮ ﭼﮏ ﻣﯿﮑﻨﯿﻢ‬ Page 101 of 290
Router(config)#end Router#exit Router con0 is now available Press RETURN to get started. This router will undergo routine maintenance on 01/01/10 from 12:00AM to 2:00AM ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## User Access Verification Password: Session established to Router on line 0 Router> Page 102 of 290
‫آزﻣﺎﯾﺶ 41.2- رﯾﺴﺖ ﮐﺮدن ﺗﻨﻈﯿﻤﺎت ﺳﯿﺴﺘﻢ ﺑﻪ ﺣﺎﻟﺖ ﭘﯿﺶ ﻓﺮض‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ رﯾﺴﺖ ﮐﺮدن ﺗﻨﻈﯿﻤﺎت و ﭘﺎراﻣﺘﺮﻫﺎ ﺑﻪ ﺣﺎﻟﺖ ﭘﯿﺶ ﻓﺮض ‪ ios‬از ﻃﺮﯾﻖ دﺳﺘﻮر ‪default‬‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻣﻮاﻗﻊ ﺑﺴﯿﺎري ﭘﯿﺶ ﻣﯽ آﯾﺪ ﮐﻪ ﻧﯿﺎز اﺳﺖ ﺗﻨﻈﻤﯿﺎت ﯾﮏ ﯾﺎ ﭼﻨﺪ اﯾﻨﺘﺮﻓﯿﺲ ﯾﺎ ﻧﻮع دﯾﮕﺮي از ﭘﯿﮑﺮه ﺑﻨﺪي ﺳﯿﺴﺘﻢ را ﺑﻪ‬ ‫ﺣﺎﻟﺖ اوﻟﯿﻪ و ﭘﯿﺶ ﻓﺮض ﺑﺎزﮔﺮداﻧﯿﻢ، ﯾﮏ ﻣﺜﺎل ﺑﺎرز آن ﺑﺎزﮔﺮداﻧﺪن ﺑﻪ ﺣﺎﻟﺖ اول ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺴﯽ اﺳﺖ ﮐﻪ ﺑﯿﺶ از‬ ‫01 ﺧﻂ ﺗﻨﻈﯿﻢ در ﭘﯿﮑﺮﺑﻨﺪي آن وﺟﻮد دارد و ﻗﻄﻌﺎ ﺗﻤﺎﯾﻞ ﻧﺪارﯾﻢ ﮐﻞ ﻣﺴﯿﺮ ﻣﻌﮑﻮس را ﺑﺎ ﺗﮑﺮار دﺳﺘﻮر ‪ no Xyz‬ﺑﺮاي‬ ‫ﺗﮏ ﺗﮏ ﺗﻨﻈﯿﻤﺎت ﻃﯽ ﮐﻨﯿﻢ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب ﭘﺎراﻣﺘﺮﻫﺎي ‪ ip,speed,duplex‬ﺑﻪ 0/0‪Fa‬‬ ‫‪‬‬ ‫ﺑﺎزﮔﺮداﻧﺪن ﺣﺎﻟﺖ اﯾﻨﺘﺮﻓﯿﺲ 0/0‪ Fa‬ﺑﻪ ﭘﯿﺶ ﻓﺮض .‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺮاي ﺷﺒﯿﻪ ﺳﺎزي ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﮐﺎﻧﻔﯿﮓ ﺷﺪه ﭘﺎراﻣﺘﺮﻫﺎي ﻓﻮق را ﺑﻪ ﺷﺮح زﯾﺮ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻧﺴﺒﺖ ﻣﯽ دﻫﯿﻢ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫0/0‪Router(config)#int fa‬‬ ‫0.552.552.552 452.1.1.01 ‪Router(config-if)#ip add‬‬ ‫‪Router(config-if)#duplex full‬‬ ‫001 ‪Router(config-if)#speed‬‬ ‫‪Router(config-if)#no shut‬‬ ‫‪%LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up‬‬ ‫‪%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed‬‬ ‫‪state to up‬‬ ‫092 ‪Page 103 of‬‬
Router(config-if)# Router(config-if)#do show run int fa0/0 Building configuration... Current configuration : 94 bytes interface FastEthernet0/0 ip address 10.1.1.254 255.255.255.0 duplex full speed 100 end Router(config-if)# ‫2. ﻗﺪم ﺑﻌﺪي ﺑﻪ ﺣﺎﻟﺖ اول ﺑﺮﮔﺮداﻧﺪن ﮐﻠﯿﻪ ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ روي اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ اﺳﺖ ﺑﺎ اﺳﺘﻔﺎده از‬ .‫ ﻗﺒﻞ از ﻧﺎم اﯾﻨﺘﺮﻓﯿﺲ اﯾﻨﮑﺎر اﻧﺠﺎم ﻣﯽ ﺷﻮد‬default ‫دﺳﺘﻮر‬ outer(config-if)#exit Router(config)#default interface fa0/0 Building configuration... Interface FastEthernet0/0 set to default configuration Router(config)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up Rrouter(config)#do show run interface fastethernet 0/0 Building configuration... Current configuration : 73 bytes ! interface FastEthernet0/0 no ip address duplex auto speed auto end Router(config)# Page 104 of 290
‫آزﻣﺎﯾﺶ 1.3 – ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ ﺗﺼﺪﯾﻖ ﻫﻮﯾﺖ ﮐﺎرﺑﺮ ﺑﺮ ﻣﺒﻨﺎي ﭘﺴﻮرد‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ روش ﭘﺎﯾﻪ اي ﺗﺼﺪﯾﻖ ﻫﻮﯾﺖ ﮐﺎرﺑﺮان ﻣﺒﺘﻨﯽ ﺑﺮ ﭘﺴﻮرد ﻣﺸﺘﻤﻞ ﺑﺮ -‪Consoel-VTY lines‬‬ ‫‪ Auxiliary‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﻣﻨﯿﺖ در ﺷﺒﮑﻪ ﻫﺎي واﻗﻌﯽ از ﻣﻬﻤﺘﺮﯾﻦ ﭼﺎﻟﺸﻬﺎﯾﯽ اﺳﺖ ﮐﻪ ﻣﻬﻨﺪﺳﯿﻦ ﺑﺎ آن دﺳﺖ ﺑﻪ ﮔﺮﯾﺒﺎن ﻫﺴﺘﻨﺪ،ﺑﺎﻻﺧﺺ در‬ ‫ﺷﺒﮑﻪ ﻫﺎﯾﯽ ﮐﻪ ﺑﺎ اﯾﻨﺘﺮﻧﺖ در ﺗﻤﺎس ﻫﺴﺘﻨﺪ.داﺷﺘﻦ روﺗﺮ/ﺳﻮﯾﯿﭽﻬﺎي ﻧﺎ اﻣﻦ ﮐﻞ ﺷﺒﮑﻪ را در ﻣﻘﺎﺑﻞ ﺗﻌﺪاد ﻧﺎﻣﺤﺪودي از‬ ‫رﯾﺴﮑﻬﺎي اﻣﻨﯿﺘﯽ ﻗﺮار ﻣﯽ دﻫﺪ.اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﺑﺮرﺳﯽ ﭘﺎﯾﻪ اي ﺗﺮﯾﻦ روش اﻓﺰاﯾﺶ ﺳﻄﺢ اﻣﻨﯿﺘﯽ ادوات ﻣﺒﺘﻨﯽ ﺑﺮ ‪IOS‬‬ ‫ﯾﺎ ﻫﻤﺎن ﺗﺼﺪﯾﻖ ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس رﻣﺰ ﻋﺒﻮر اﺳﺖ ﻣﯽ ﭘﺮدازد‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر ﺑﺮاي ﮐﻨﺴﻮل روﺗﺮ ﻫﻨﮕﺎم درﺧﻮاﺳﺖ ﺑﺮﻗﺮاري اﺗﺼﺎل ﺑﻪ ﮐﻨﺴﻮل‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر 4-0 ‪ VTY line‬ﺗﺎ در ﻫﻨﮕﺎم ﺑﺮﻗﺮاري اﺗﺼﺎﻟﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Telnet-SSH‬ﺑﻪ ﮐﺎرﺑﺮ ﻧﻤﺎﯾﺶ داده‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ‪Enable secret‬و ‪Enable password‬‬ ‫ﺷﻮد‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر ﺑﺮاي ‪Auxiliary line‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺮاي اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت ﻣﺮﺑﻮط ﺑﻪ ﺣﻔﺎﻇﺖ ﮐﻨﺴﻮل روﺗﺮ ﺑﺎ رﻣﺰ ﻋﺒﻮر ﻧﯿﺎز اﺳﺖ وارد ﻣﺤﯿﻂ ﺗﻨﻈﯿﻤﺎت ‪Console‬‬ ‫‪ line‬ﺷﻮﯾﻢ‬ ‫-- ‪--- System Configuration Dialog‬‬‫‪Would you like to enter the initial configuration dialog? [yes/no]: no‬‬ ‫!‪Press RETURN to get started‬‬ ‫092 ‪Page 105 of‬‬
‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫0 ‪Router(config)#line console‬‬ ‫#)‪Router(config-line‬‬ ‫در اﯾﻦ ﻣﻮد ﻣﯿﺘﻮاﻧﯿﻢ رﻣﺰ ﻋﺒﻮر اﺗﺼﺎل ﺑﻪ ﮐﻨﺴﻮل را ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر ‪ password‬ﺗﻨﻈﯿﻢ ﮐﻨﯿﻢ‬ ‫321‪Router(config-line)#password Cisco‬‬ ‫ﺳﺖ ﮐﺮدن رﻣﺰ ﻋﺒﻮر ﺑﻪ ﺗﻨﻬﺎﯾﯽ ﺻﻔﺤﻪ اﻋﻼن ورود رﻣﺰ ﻋﺒﻮر را ﺑﻪ ﮐﺎرﺑﺮ روﺗﺮ ﻧﺸﺎن ﻧﺨﻮاﻫﺪ داد، ﺑﺮاي ﻓﻌﺎل ﮐﺮدن اﯾﻦ‬ ‫اﻋﻼن از دﺳﺘﻮر ‪ login‬اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد‬ ‫‪Router(config-line)#login‬‬ ‫ﺣﺎﻻ ﻧﻮﺑﺖ ﻣﯽ رﺳﺪ ﺑﻪ ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ ، ﺑﺮاي اﯾﻨﮑﺎر ﺑﺎﯾﺪ از ﻣﺤﯿﻂ اﺟﺮاي ﻓﺮاﻣﯿﻦ ﺑﺎ دﺳﺘﻮر ‪End‬‬ ‫ﺧﺎرج ﺷﺪ و دوﺑﺎره ﺑﻪ ﻣﺤﯿﻂ اوﻟﯿﻪ ﮐﻨﺴﻮل از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ Exit‬ﺑﻪ ﺷﮑﻞ زﯾﺮ وارد ﺷﺪ‬ ‫‪Router(config-line)#end‬‬ ‫‪Router#exit‬‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪User Access Verification‬‬ ‫:‪Password‬‬ ‫>‪Router‬‬ ‫2. اﮐﻨﻮن ﻧﻮﺑﺖ ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر ﺑﺮاي ﺧﻄﻮط )‪ VTY (Virtual TeleType‬اﺳﺖ.ﺧﻄﻮط ‪ VTY‬ﺧﻄﻮط‬ ‫ارﺗﺒﺎﻃﯽ ﻣﺠﺎزي ﻫﺴﺘﻨﺪ ﮐﻪ ﺑﺮاي ﺑﺮﻗﺮاري ارﺗﺒﺎط از راه دور ‪ Telnet‬ﯾﺎ ‪ SSh‬ﺑﻪ ادوات ﻣﺒﺘﻨﯽ ‪ IOS‬ﺑﻪ ﮐﺎر ﻣﯽ‬ ‫روﻧﺪ.ﺗﺨﺼﯿﺺ رﻣﺰ ﻋﺒﻮر ﺑﻪ اﯾﻦ ﺧﻄﻮط ﻫﻢ ﻣﺎﻧﻨﺪ روش ﻗﺒﻞ ﺻﻮرت ﻣﯽ ﮔﯿﺮد‬ ‫‪Router>enable‬‬ ‫‪Router#config terminal‬‬ ‫4 0 ‪Router(config)#line vty‬‬ ‫123‪Router(config-line)#password Cisco‬‬ ‫‪Router(config-line)#login‬‬ ‫ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﻓﻮق ﻧﯿﺎز اﺳﺖ ﺑﻪ ﯾﮑﯽ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي روﺗﺮ ‪ Ip‬ﺗﺨﺼﯿﺺ دﻫﯿﻢ ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﺑﻪ‬ ‫‪Loopback‬آداﭘﺘﺮ ﺻﻔﺮ ﺑﻪ ﺷﮑﻞ زﯾﺮ .‬ ‫092 ‪Page 106 of‬‬
Router(config-line)#interface lo0 Router(config-if)#ip add 10.1.1.1 255.255.255.255 Router(config-if)#end Router# ‫ از ﻃﺮﯾﻖ اﯾﻨﺘﺮﻓﯿﺲ اﯾﺠﺎد ﺷﺪه، از درون روﺗﺮي ﮐﻪ ﺑﺎ ﮐﻨﺴﻮل ﺑﻪ آن ﻣﺘﺼﻞ ﻫﺴﺘﯿﻢ ﺑﻪ‬Vty ‫اﮐﻨﻮن ﺑﺮاي ﺗﺴﺖ رﻣﺰ ﻋﺒﻮر‬ .‫ ﻣﯽ ﮐﻨﯿﻢ‬Telnet ‫ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺬﮐﻮر‬Ip Router#telnet 10.1.1.1 Trying 10.1.1.1 ... Open User Access Verification Password: Password: Router> Priviliged ‫ ﺧﻮاﻫﯿﻢ ﺷﺪ و در ﺻﻮرت ﻧﯿﺎز ﺑﻪ ورود ﺑﻪ‬user mode ‫ﭘﺲ از ورود رﻣﺰ ﻋﺒﻮر ﺗﻌﯿﯿﻦ ﺷﺪه وارد ﻣﺤﯿﻂ‬ .‫ ﻣﻮاﺟﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ‬Enable ‫ ﺑﺎ ﺻﻔﺤﻪ ورود رﻣﺰ ﻋﺒﻮر‬mode Router>enable Password: Password: Password: % Bad passwords Router> ‫ را ﺟﻬﺖ ﭘﺮﺳﯿﺪن رﻣﺰﻋﺒﻮر از ﮐﺎرﺑﺮ ﻫﻨﮕﺎم ورود ﺑﻪ‬Enable Secret ‫ و‬Enable password ‫3. در اﯾﻦ ﻗﺴﻤﺖ‬ ‫ اﻧﺠﺎم ﺧﻮاﻫﺪ‬Global configuration mode ‫ ﺗﻨﻈﯿﻢ ﺧﻮاﻫﯿﻢ ﮐﺮد.اﯾﻦ ﺗﻨﻈﯿﻢ در ﻣﺤﯿﻂ‬Privilege mode ‫ وارد اﯾﻦ ﻣﺤﯿﻂ ﺷﻮﯾﺪ‬Config terminal ‫ ﻫﺴﺘﯿﺪ ﺑﺎ دﺳﺘﻮر‬Telnet ‫ﺷﺪ ﭘﺲ اﮔﺮ ﻫﻨﻮز در ﻣﺤﯿﻂ‬ Router>exit [Connection to 10.1.1.1 closed by foreign host] Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable password Cisco1 Router(config)#enable secret Cisco2 Router(config)#end Router# :‫ﻧﮑﺘﻪ‬ Page 107 of 290
‫از ﻫﺮدوي ‪ Enable password‬و ‪ Enable secret‬ﺑﺮاي ﯾﮏ ﻣﻨﻈﻮر اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد ﯾﻌﻨﯽ ورود ﺑﻪ ‪Privilege‬‬ ‫‪ mode‬اﻣﺎ اﮔﺮ ﻫﺮدوي آﻧﻬﺎ ﺳﺖ ﺷﻮﻧﺪ ‪ Enable secret‬ﻧﺴﺒﺖ ﺑﻪ ‪ Enable password‬اﻟﻮﯾﺖ ﺧﻮاﻫﺪ داﺷﺖ ﺑﻪ ﺑﯿﺎن‬ ‫ﺑﻬﺘﺮ ﻗﺒﻠﯽ را ﺑﺎﻃﻞ ﻣﯿﮑﻨﺪ‬ ‫ﻣﺠﺪدا ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺑﻪ روﺗﺮ ‪ Telnet‬ﻣﯿﮑﻨﯿﻢ.‬ ‫1.1.1.01 ‪Router#telnet‬‬ ‫‪Trying 10.1.1.1 ... Open‬‬ ‫‪User Access Verification‬‬ ‫:‪Password‬‬ ‫‪Router>enable‬‬ ‫:‪Password‬‬ ‫:‪Password‬‬ ‫#‪Router‬‬ ‫در ﺻﻮرﺗﯿﮑﻪ از ‪ Enable password‬اﺳﺘﻔﺎده ﮐﻨﯿﻢ رﻣﺰ ﻣﺮﺑﻮﻃﻪ ﻣﻮرد ﻗﺒﻮل ﻗﺮار ﻧﺨﻮاﻫﺪ ﮔﺮﻓﺖ ﭼﻮن ‪Enable secret‬‬ ‫ﻫﻢ ﺳﺖ ﺷﺪه اﺳﺖ.‬ ‫4. آﺧﺮﯾﻦ ﺑﺨﺶ اﯾﻦ آزﻣﺎﯾﺶ ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر ﺑﺮاي ‪ Aux port‬اﺳﺖ.‪ Auxiliary port‬ﺑﺴﯿﺎر ﺷﺒﯿﻪ ﭘﻮرت‬ ‫ﮐﻨﺴﻮل اﺳﺖ و ﻫﻤﺎن ﻣﻔﻬﻮم ﮐﺎرﺑﺮدي را دارا اﺳﺖ ﺑﺎ اﯾﻦ ﺗﻔﺎوت ﮐﻪ داراي ﻗﺎﺑﻠﯿﺖ اﺗﺼﺎل ﺑﻪ ﻣﻮدم اﮐﺴﺘﺮﻧﺎل‬ ‫اﺳﺖ و ﺑﻪ راﻫﺒﺮ ﺳﯿﺴﺘﻢ اﯾﻦ اﺟﺎزه را ﻣﯽ دﻫﺪ ﮐﻪ از راه درو و ﺑﻪ ﺻﻮرت ‪ Dial up‬ﺑﻪ ﺳﯿﺴﺘﻢ ﻣﻮرد ﻧﻈﺮ ﻣﺘﺼﻞ‬ ‫ﺷﻮد. در ﺻﻮرﺗﯿﮑﻪ ﻧﯿﺎز ﺑﻪ ﭘﯿﮑﺮﺑﻨﺪي ﺗﻌﺪاد زﯾﺎدي از ادوات ﺳﯿﺴﮑﻮ ﺑﺎ اﯾﻦ روش ﺑﺎﺷﺪ ﻣﻌﻤﻮل اﺳﺖ ﮐﻪ ﺑﺎ ﺑﻬﺮه‬ ‫ﮔﯿﺮي از ‪ Access server‬و اﺗﺼﺎل آن ﺑﻪ ﺳﺎﯾﺮ ادوات و ﺗﻨﻬﺎ ﺑﺎ ﯾﮏ ﺧﻂ ‪ Dial-in‬اﯾﻦ اﻣﺮ ﻣﺤﻘﻖ ﺷﻮد.‬ ‫.‪End with CNTL/Z‬‬ ‫092 ‪Page 108 of‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫0 ‪Router(config)#line aux‬‬ ‫321‪Router(config-line)#password AuxPassword‬‬ ‫‪Router(config-line)#login‬‬ ‫‪Router(config-line)#end‬‬ ‫#‪Router‬‬
‫آزﻣﺎﯾﺶ 2.3 – ﭘﯿﮑﺮﺑﻨﺪي اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ روﺗﺮ/ﺳﻮﯾﯿﭻ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮي ذﺧﯿﺮه ﺷﺪه در ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ‬ ‫روﺗﺮ/ﺳﻮﯾﯿﭻ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻋﻤﻮﻣﺎ در ﺷﺒﮑﻪ ﻫﺎي ﺑﺰرگ ﻧﻔﺮات زﯾﺎدي دﺳﺘﺮﺳﯽ ﺑﻪ ادوات ﺷﺒﮑﻪ ﺳﯿﺴﮑﻮ دارﻧﺪ و ﻻزم اﺳﺖ ﻣﮑﺎﻧﯿﺰﻣﯽ ﺑﺮاي ﺗﻌﺮﯾﻒ‬ ‫ﮐﺎرﺑﺮان و ﺳﻄﻮح دﺳﺘﺮﺳﯽ آﻧﻬﺎ ﺑﻪ ﻣﻨﻈﻮر اﻧﺠﺎم اﻣﻮر ﻣﺨﺘﻠﻒ ﻣﺪﯾﺮﯾﺘﯽ روي ادوات ﻣﺬﮐﻮر وﺟﻮد داﺷﺘﻪ ﺑﺎﺷﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ 1.1.1.01 ‪ Ip‬ﺑﻪ ‪loopback adapter‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﮐﺎرﺑﺮ ﺑﻪ ﻧﺎم ‪ Tom‬ﺑﺎ ﭘﺴﻮرد 321$‪ Cisco‬و اﻋﻄﺎي ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ‪ level‬ﺑﻪ ﮐﺎرﺑﺮ‬ ‫اﯾﺠﺎد ﮐﺎرﺑﺮ ‪ Jerry‬ﺑﺎ ﭘﺴﻮرد !‪ Letmesee‬و اﻋﻄﺎي ﺳﻄﺢ دﺳﺘﺮﺳﯽ 1 ‪ Level‬ﺑﻪ ﮐﺎرﺑﺮ‬ ‫ﺗﻨﻈﯿﻢ 4-0 ‪ VTY‬ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ﮐﺎرﺑﺮان از ﻃﺮﯾﻖ دﯾﺘﺎﺑﯿﺲ ﻣﺤﻠﯽ‬ ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ ﻃﺮﯾﻖ ‪ Telnet‬ﺑﻪ 0‪Loopback‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺮاي اﯾﺠﺎد ﯾﻮزر ‪ Tom‬ﺑﺎ ﻣﺸﺨﺼﻪ ﻫﺎي ﻓﻮق ﺑﻪ ﺷﮑﻞ زﯾﺮ ﻋﻤﻞ ﻣﯿﮑﻨﯿﻢ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫321$‪Router(config)#username tom privilege 15 secret Cisco‬‬ ‫2. ﺑﺮاي اﯾﺠﺎد ﯾﻮزر ‪ Jerry‬ﺑﺎ ﻣﺸﺨﺼﺎت ﻓﻮق ﺑﻪ ﺷﮑﻞ زﯾﺮ ﻋﻤﻞ ﻣﯿﮑﻨﯿﻢ‬ ‫!‪Router(config)#username jerry privilege 1 secret LetMeSee‬‬ ‫092 ‪Page 109 of‬‬
‫ﻧﮑﺘﻪ:اﯾﺠﺎد ﯾﻮزر ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ﯾﻮزر را ﭘﺲ از ﻻﮔﯿﻦ ﺑﻪ ‪ Priviledge mode‬ﻫﺪاﯾﺖ ﻣﯽ ﮐﻨﺪ ﯾﻌﻨﯽ ﻧﯿﺎزي ﺑﻪ وارد‬ ‫ﮐﺮدن رﻣﺰ ﻋﺒﻮر ‪ Enable‬ﻧﺨﻮاﻫﺪ داﺷﺖ ﭘﺲ ﻧﺴﺒﺖ ﺑﻪ اﻋﻄﺎي آن دﻗﺖ ﮐﻨﯿﺪ.‬ ‫3. ﺗﻨﻈﯿﻢ 4-0 ‪ VTY‬ﺟﻬﺖ اﯾﻨﮑﻪ درﺧﻮاﺳﺘﻬﺎي اﺣﺮاز ﻫﻮﯾﺖ را ﺑﻪ دﯾﺘﺎﺑﯿﺲ ﻣﺤﻠﯽ ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮي ارﺳﺎل ﮐﻨﺪ.‬ ‫اﯾﻨﮑﺎر ﺑﺎ ﺳﺘﻔﺎده از دﺳﺘﻮر ‪ login local‬ﺑﻪ ﺷﮑﻞ زﯾﺮ اﻧﺠﺎم ﻣﯽ ﺷﻮد‬ ‫4 0 ‪Router(config)#line vty‬‬ ‫‪Router(config-line)#login local‬‬ ‫4. ﺣﺎﻻ ﺑﺎ ﺑﺮﻗﺮاري ‪ Telenet‬ﺑﻪ 0‪ Loopback‬ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت را ﺑﻪ ﻗﺮار زﯾﺮ ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ. ﺑﺎ ورود اﻃﻼﻋﺎت‬ ‫ﻫﻮﯾﺘﯽ ‪ Tom‬ﺑﻪ ﻃﻮر ﻣﺴﺘﻘﯿﻢ ﺑﻪ ‪ priviledge mode‬ﻫﺪاﯾﺖ ﻣﯿﺸﻮﯾﻢ ﺑﺎ ﮐﺎرﺑﺮ ‪ jerry‬ﺑﻪ ‪user mode‬‬ ‫‪Routerconfig-line)#end‬‬ ‫1.1.1.01 ‪Router#telnet‬‬ ‫‪Trying 10.1.1.1 ... Open‬‬ ‫‪User Access Verification‬‬ ‫‪Username: tom‬‬ ‫:‪Password‬‬ ‫#‪Router‬‬ ‫092 ‪Page 110 of‬‬
‫آزﻣﺎﯾﺶ 3.3 – ﭘﯿﮑﺮه ﺑﻨﺪي اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي ‪AAA‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ اﺻﻮل ﺗﻨﻈﯿﻤﺎت اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي‬ ‫, ‪AAA (Authentication, Authorization‬‬ ‫)‪ Accounting‬ﺑﻪ ﻣﻨﻈﻮر اﻋﻤﺎل ﮐﻨﺘﺮل ﻫﺮﭼﻪ ﺑﯿﺸﺘﺮ ﺑﺮ ﺗﻤﺎﺳﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ﮐﻨﺴﻮل ﯾﺎ ‪ Vty‬ﺧﻮاﻫﯿﻢ ﺷﺪ . ﻣﺒﺎﺣﺚ اﯾﻦ‬ ‫آزﻣﺎﯾﺶ ﺟﺰ ﻣﺒﺎﺣﺚ اﺳﺘﺎﻧﺪارد ‪ CCNA‬ﻣﺤﺴﻮب ﻧﻤﯽ ﺷﻮد و ﺟﺰ ﺻﺮﻓﺼﻠﻬﺎي 335-048 ‪ CCNA Security‬ﻫﺴﺘﻨﺪ‬ ‫اﻣﺎ ﺑﻪ ﺟﻬﺖ اﻫﻤﯿﺖ و ﮐﺎرﺑﺮدﺷﺎن در ﻣﺤﯿﻂ ﻫﺎي اﺟﺮاﯾﯽ در اﯾﻦ ﺳﻄﺢ ﺑﻪ آﻧﻬﺎ ﭘﺮداﺧﺘﻪ ﻣﯽ ﺷﻮد.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻗﻀﯿﻪ ﺑﺴﯿﺎر ﺳﺎده اﺳﺖ ، ﺷﺮﮐﺘﻬﺎﯾﯽ ﮐﻪ داراي ﺗﻌﺪاد زﯾﺎدي ادوات ﺳﯿﺴﮑﻮ ﻫﺴﺘﻨﺪ ﺑﻪ ﻣﻨﻈﻮر ﻣﺮﮐﺰﯾﺖ ﺑﺨﺸﯿﺪن ﺑﻪ‬ ‫ﻓﺮاﯾﻨﺪﻫﺎي اﺣﺮاز ﻫﻮﯾﺖ و ﺻﺪور ﻣﺠﻮز ﻫﺎي ﮐﺎرﺑﺮي و ﺳﻄﻮح دﺳﺘﺮﺳﯽ ﺑﻪ اﯾﻦ ادوات از ‪ Radius‬ﯾﺎ +‪TACACA‬‬ ‫اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ.ﺗﻌﺮﯾﻒ ﮐﺎرﺑﺮان ادوات ﺑﻪ ﺻﻮرت ﻟﻮﮐﺎل ﻧﯿﺰ ﺻﺮﻓﺎ ﺑﻪ ﻋﻨﻮان ﭘﺸﺘﯿﺒﺎن روش ﻓﻮق در ﻣﻮاﻗﻌﯽ ﮐﻪ‬ ‫ﺳﺮوﯾﺴﻬﺎي ﺑﺎﻻ در دﺳﺘﺮس ﻧﯿﺴﺘﻨﺪ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮﻧﺪ.ﺳﺮورﻫﺎي ‪ AAA‬ﻓﺎرق از اﯾﻨﮑﻪ‬ ‫+‪)TACACS‬ﺑﺨﻮاﻧﯿﺪ ﺗﮏ اﮐﺲ ﭘﻼس( ﺑﺎﺷﻨﺪ ﯾﺎ ‪ Radius‬ﻫﻤﮕﯽ ﻧﺘﻨﻬﺎ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ﯾﮑﭙﺎرﭼﮕﯽ ﻣﺪﯾﺮﯾﺖ ﺳﻄﻮح‬ ‫دﺳﺘﺮﺳﯽ و اﺣﺮاز ﻫﻮﯾﺖ ادوات ﺳﯿﺴﮑﻮ و ﺣﺘﯽ ﺳﺎﯾﺮ ﺑﺮﻧﺪﻫﺎ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯽ ﮔﯿﺮﻧﺪ ﺑﻠﮑﻪ ﮐﺎرﺑﺮدﻫﺎي اﺟﺮاﯾﯽ‬ ‫دﯾﮕﺮي ﻫﻤﭽﻮن ﮐﻤﮏ ﺑﻪ اﺣﺮاز ﻫﻮﯾﺖ اﺗﺼﺎﻻت ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Remote Vpn , SSL Vpn , 802.1x‬و ‪ Proxy‬را ﻧﯿﺰ دارا‬ ‫ﻫﺴﺘﻨﺪ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در 3‪GNS‬‬ ‫اﯾﺠﺎد ﮐﺎرﺑﺮ ﻟﻮﮐﺎل در روﺗﺮ ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 – ر.ك آز 2.3‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻓﻌﺎل ﺳﺎزي ‪ AAA‬در ﻣﺤﯿﻂ ‪Global config‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﯾﮑﯽ از ﻟﯿﺴﺘﻬﺎي ‪ AAA‬ﺑﻪ ﻧﺎم ‪ CONSOLE_AUTH‬و ارﺗﺒﺎط آن ﺑﻪ دﯾﺘﺎﺑﯿﺲ ﮐﺎرﺑﺮان ﻟﻮﮐﺎل‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﮐﻨﺴﻮل ﺑﻪ ﻣﻨﻈﻮر اﺳﺘﻔﺎده از ﻟﯿﺴﺖ ‪ CONSOLE_AUTH‬اﯾﺠﺎد ﺷﺪه در ﺑﻨﺪ ﻗﺒﻠﯽ ﺟﻬﺖ اﺣﺮاز‬ ‫‪‬‬ ‫ﭼﮏ ﮐﺮدن ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ ‫ﻫﻮﯾﺖ‬ ‫092 ‪Page 111 of‬‬
‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻣﻬﻢ« ﺑﺮ ﻣﺒﻨﺎي درﺧﻮاﺳﺖ ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ ﯾﮏ ﯾﻮزر ﻟﻮﮐﺎل ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 اﯾﺠﺎد ﻣﯽ ﮐﻨﯿﻢ در ﻏﯿﺮ اﯾﻨﺼﻮرت‬ ‫ﺑﺎ اﺟﺮاي دﺳﺘﻮر ‪ aaa new-model‬ﻗﻔﻞ ﺧﻮاﻫﯿﻢ ﺷﺪ! ﺑﺪون اﻣﮑﺎن ﻻﮔﯿﻦ ﻣﺠﺪد ﺑﻪ روﺗﺮ‬ ‫1. در ﻗﺪم اول ‪ AAA‬را ﺑﺎ دﺳﺘﻮر ‪ aaa new-model‬ﻓﻌﺎل ﻣﯿﮑﻨﯿﻢ . اﯾﻦ دﺳﺘﻮر ﻧﻮع ﺟﺪﯾﺪ ﻣﮑﺎﻧﯿﺰم اﺣﺮاز‬ ‫ﻫﻮﯾﺖ را ﻓﻌﺎل ﺧﻮاﻫﺪ ﮐﺮد و ﻣﺘﺪﻫﺎي ﻗﺪﯾﻤﯽ را ﻏﯿﺮ ﻓﻌﺎل ﻣﯿﮑﻨﺪ.‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫.‪End with CNTL/Z‬‬ ‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫‪Router(config)#aaa new-model‬‬ ‫ﻟﯿﺴﺖ ‪ CONSOLE_AUTH‬را ﺟﻬﺖ اﺧﺬ اﻃﻼﻋﺎت ﻫﻮﯾﺘﯽ از دﯾﺘﺎﺑﯿﺲ ﻟﻮﮐﺎل ﺑﻪ ﺷﮑﻞ زﯾﺮ ﺗﻨﻈﯿﻢ ﻣﯿﮑﻨﯿﻢ. ﺗﻮﺿﯿﺢ‬ ‫اﯾﻨﮑﻪ ﻧﺤﻮه ﻧﮕﺎرش دﺳﺘﻮر ﺑﻪ اﯾﻦ ﺷﮑﻞ اﺳﺖ :‪ . aaa authentication login LISTNAME AUTHTYPE‬در‬ ‫اﯾﻨﺠﺎ ﻧﺎم ﻟﯿﺴﺖ ‪ CONSOLE_AUTH‬و ‪ authentication type‬ﻧﯿﺰ ‪ Local‬اﺳﺖ‬ ‫‪Router(config)#aaa authentication login CONSOLE_AUTH local‬‬ ‫2. اﮐﻨﻮن ﻧﻮﺑﺖ ﻣﯽ ﺳﺮد ﺑﻪ ﺗﻨﻈﯿﻤﺎت ﮐﻨﺴﻮل ﺟﻬﺖ ﻫﺪاﯾﺖ ﻣﮑﺎﻧﯿﺰم اﺣﺮاز ﻫﻮﯾﺖ ﮐﺎرﺑﺮان ﺑﻪ ‪ AAA‬ﻟﯿﺴﺘﯽ ﮐﻪ در‬ ‫ﻗﺴﻤﺖ ﻗﺒﻞ اﯾﺠﺎد ﮐﺮدﯾﻢ. از دﺳﺘﻮر ﯾﮏ ﺧﻄﯽ ‪ login authentication listname‬ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯽ‬ ‫ﮐﻨﯿﻢ‬ ‫0 ‪Router(config)#line con‬‬ ‫‪Router(config-line)#login authentication CONSOLE_AUTH‬‬ ‫ﺗﻮﺿﯿﺤﺎت ﺗﮑﻤﯿﻠﯽ‬ ‫ﺑﺎ ﻓﻌﺎل ﺷﺪن ‪ AAA‬ﺗﻮﺳﻂ دﺳﺘﻮر ‪ AAA New-model‬ﺗﺨﺼﯿﺺ ﺳﻄﺢ دﺳﺘﺮﺳﯽ ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﻣﺎﻧﻨﺪ ﻗﺪﯾﻢ ﺻﻮرت‬ ‫ﻧﻤﯽ ﮔﯿﺮﯾﺪ.ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل اﮔﺮ ﺑﺎ ﯾﮏ ﺣﺴﺎب ﮐﺎرﺑﺮي 51 ‪ Level‬ﺑﻪ ﺳﯿﺴﺘﻢ ﻻﮔﯿﻦ ﮐﻨﯿﺪ ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﺑﻪ ‪Privileged‬‬ ‫‪ mode‬وارد ﻧﺨﻮاﻫﯿﺪ ﺷﺪ ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر ﻧﯿﺎز اﺳﺖ ﺗﺎ از دﺳﺘﻮرات ﺗﮑﻤﯿﻠﯽ ‪ AAA‬ﻣﺎﻧﻨﺪ ‪aaa authorization‬‬ ‫‪console‬اﺳﺘﻔﺎده ﺷﻮد ، ﻫﻤﯿﻦ ﻣﻔﻬﻮم ﺑﺮاي اﺗﺼﺎﻻت ﻣﺒﺘﻨﯽ ﺑﺮ ‪ VTY‬ﻫﻢ ﺑﺮﻗﺮار اﺳﺖ ﺑﻪ اﯾﻦ ﻣﻌﻨﺎ ﮐﻪ ﻧﯿﺎز اﺳﺖ ﺗﺎ‬ ‫092 ‪Page 112 of‬‬
‫ ﭘﯿﺶ ﻓﺮض را ﺑﻪ ﮔﻮﻧﻪ اي ﺗﻨﻈﯿﻢ ﮐﻨﯿﻢ ﮐﻪ ﺑﺮاي ﺗﺸﺨﯿﺺ ﺳﻄﻮح دﺳﺘﺮﺳﯽ از دﯾﺘﺎﺑﯿﺲ ﻟﻮﮐﺎل‬authorization list .‫ﺳﯿﺴﺘﻢ اﺳﺘﻔﺎده ﮐﻨﺪ‬ .‫ ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬aaa authorization exec default local ‫از دﺳﺘﻮر‬ ‫3. ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت را ﺑﺎ ﻗﻄﻊ ارﺗﺒﺎط ﺑﺎ ﮐﻨﺴﻮل و ارﺗﺒﺎط ﻣﺠﺪد ﺑﺎ آن ﺷﺮوع ﻣﯿﮑﻨﯿﻢ‬ Router(config-line)#end Router#exit Router con0 is now available Press RETURN to get started. User Access Verification Username: john Password: Router> Page 113 of 290
‫آزﻣﺎﯾﺶ 4.3 - ﺗﻨﻈﯿﻤﺎت ‪ AAA‬ﻣﺒﺘﻨﯽ ﺑﺮ +‪TACACS‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ AAA‬ﺑﻪ ﻣﻨﻈﻮر اﺣﺮاز ﻫﻮﯾﺖ از ﻃﺮﯾﻖ ‪Cisco Secure Access Contro‬‬ ‫)‪ (TACACS+ Server‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻫﯿﭻ ﻣﻬﻨﺪس ﺷﺒﮑﻪ اي وﺟﻮد ﻧﺪارد ﮐﻪ ﻣﺎﯾﻞ ﺑﻪ ﺻﺮف ﺳﺎﻋﺘﻬﺎ وﻗﺖ ﺑﺮاي ﺗﻌﺮﯾﻒ ﯾﻮزرﻫﺎي ﻟﻮﮐﺎل روي ﺻﺪﻫﺎ دﺳﺘﮕﺎه از‬ ‫ادوات ﺳﯿﺴﮑﻮ ﺑﺎﺷﺪ.اﯾﻦ ﻣﻌﻀﻞ ﺳﺎﻟﻬﺎ ﻗﺒﻞ ﭘﯿﺶ ﺑﯿﻨﯽ ﺷﺪه ﺑﻮد و ﺑﺮاي رﻓﻊ آن ﻗﺎﺑﻠﯿﺖ ‪ AAA‬ﺑﻪ ادوات ﺳﯿﺴﮑﻮ اﺿﺎﻓﻪ‬ ‫ﺷﺪ.ﺑﺎ اﺳﺘﻔﺎده از ‪ AAA‬ﻣﯿﺘﻮان ادوات ﻣﺒﺘﻨﯽ ﺑﺮ ‪ ios‬را ﺑﻪ ﮔﻮ ﻧﻪ اي ﮐﺎﻧﻔﯿﮓ ﮐﺮد ﮐﻪ ﮐﻠﯿﻪ درﺧﻮاﺳﺘﻬﺎي ﺗﻤﺎس ﺑﻪ ﺳﻤﺖ‬ ‫آﻧﻬﺎ از ﻃﺮﯾﻖ ﯾﮏ ﭘﺎﯾﮕﺎه داده ﻣﺮﮐﺰي ﻣﻮرد اﺣﺮاز ﻫﻮﯾﺖ ﻗﺮار ﮔﯿﺮﻧﺪ .ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر راه ﺣﻠﯽ ﺑﻪ ﻧﺎم‬ ‫‪ Cisco Secure Access server‬را ﺗﻮﻟﯿﺪ ﮐﺮد و ﻋﻤﻮﻣﺎ در ﺷﺒﮑﻪ ﻫﺎﯾﯽ ﮐﻪ ﺑﯿﺶ از 05 دﺳﺘﮕﺎه از ادوات ﺳﯿﺴﮑﻮ را‬ ‫دارا ﻫﺴﺘﻨﺪ ﺟﻬﺖ ﻣﺮﮐﺰﯾﺖ ﺑﺨﺸﯿﺪن ﺑﻪ 3 ﻫﺪف ‪ authentication‬و ‪ authorization‬و ‪ accounting‬ﻣﻮرد‬ ‫اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاي ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ روﺗﺮ ﻓﻮق ﺑﺎ دﺳﺘﻮر اﻟﻌﻤﻞ ﻫﺎي آزﻣﺎﯾﺶ 3.3‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ +‪TACACS‬ﺳﺮور واﻗﻊ در آدرس 02.1.1.01 ﺑﺎ ﮐﻠﯿﺪ !‪P@s$W0rD‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ ﻟﯿﺴﺖ ‪ CONSOLE_AUTH‬ﺟﻬﺖ ارﺳﺎل درﺧﻮاﺳﺘﻬﺎي اﻫﺮاز ﻫﻮﯾﺖ ﺑﻪ ‪ Tacacs‬ﺳﺮور و اﻧﺠﺎم آن‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ ‫ﺑﻪ ﺻﻮرت ﻟﻮﮐﺎل در ﺻﻮرت در دﺳﺘﺮس ﻧﺒﻮدن ‪Tacacss‬ﺳﺮور‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. در اوﻟﯿﻦ ﻗﺪم ﻧﯿﺎز اﺳﺖ ﺗﺎ ﻣﺸﺨﺼﻪ ﻫﺎي آدرس و ﮐﻠﯿﺪ ﻣﺮﺑﻮط ﺑﻪ ‪ Tacacs‬ﺳﺮور ﺑﻪ روﺗﺮ ﻣﻌﺮﻓﯽ ﺷﻮﻧﺪ. اﯾﻨﮑﺎر‬ ‫ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر ‪ tacacs-server host x.x.x.x key keygoeshere‬ﺑﻪ ﺷﮑﻞ زﯾﺮ اﻧﺠﺎم ﻣﯽ ﺷﻮد‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 114 of‬‬
‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫!‪Router(config)#tacacs-server host 10.1.1.20 key P@s$W0rD‬‬ ‫2. در ﻗﺪﯾﻢ ﺑﻌﺪي ﻟﯿﺴﺖ اﺣﺮاز ﻫﻮﯾﺖ ‪ CONSOLE_AUTH‬را ﺑﻪ ﮔﻮﻧﻪ اي ﮐﺎﻧﻔﯿﮓ ﻣﯿﮑﻨﯿﻢ ﮐﻪ در وﺣﻠﻪ اول‬ ‫درﺧﻮاﺳﺘﻬﺎي ﺗﻤﺎس ﺑﻪ روﺗﺮ را ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ﺑﻪ ‪ Tacacs‬ﺳﺮور ارﺳﺎل ﮐﻨﺪ و در ﺻﻮرت در دﺳﺘﺮس‬ ‫ﻧﯿﻮدن ﺳﺮور ﺑﻪ ﺻﻮرت ﻟﻮﮐﺎل اﺣﺮاز ﻫﻮﯾﺖ ﺷﻮﻧﺪ. در آزﻣﺎﯾﺶ 2.3 ﭘﺎراﻣﺘﺮ ‪ authtype‬ﻓﻘﻂ ﺑﻪ ﺻﻮرت ‪local‬‬ ‫ﺗﻨﻈﯿﻢ ﺷﺪه ﺑﻮد. ﭘﺎراﻣﺘﺮﻫﺎي ﭘﺲ از ‪ authtype‬ﺑﻪ ﺗﺮﺗﯿﺐ اوﻟﻮﯾﺖ از ﭼﭗ ﺑﻪ راﺳﺖ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬ ‫ﻣﯿﮕﯿﺮﻧﺪ، ﭘﺲ ﺑﺮاي ﺑﻬﺮه ﮔﯿﺮي از ‪ Tacacs‬ﺳﺮور ﻋﺒﺎرت +‪ Tacacs‬را ﻗﺒﻞ از ‪ local‬درج ﻣﯿﮑﻨﯿﻢ.‬ ‫‪Router(config)#aaa authentication login CONSOLE_AUTH group tacacs+ local‬‬ ‫3. در اﻧﺘﻬﺎ ﻟﯿﺴﺖ ﺗﻨﻈﯿﻢ ﺷﺪه را ﺑﻪ ﮐﻨﺴﻮل ﻣﻨﺘﺴﺐ ﻣﯿﮑﻨﯿﻢ،ﺑﺮاي اﯾﻨﮑﺎر از ﻫﻤﺎن ﻣﺘﺪ آزﻣﺎﯾﺶ 2.3 اﺳﺘﻔﺎده‬ ‫ﻣﯿﮑﻨﯿﻢ.‬ ‫0 ‪Router(config)#line con‬‬ ‫‪Router(config-line)#login authentication CONSOLE_AUTH‬‬ ‫092 ‪Page 115 of‬‬
‫آزﻣﺎﯾﺶ 5.3-ﺗﻨﻈﯿﻤﺎت ‪SSH‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻢ )‪ Secure Shell (SSH‬در روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در ﺑﺨﺶ ﻫﺎي ﻗﺒﻠﯽ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Vty‬و ‪ Telnet‬ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط از راه دور ﺑﺎ ادوات ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺷﺪﯾﻢ‬ ‫. ارﺗﺒﺎﻃﺎت ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Telnet‬داراي ﻧﻘﯿﺼﻪ اﻣﻨﯿﺘﯽ ﺑﺰرﮔﯽ ﻫﺴﺘﻨﺪ ﮐﻪ ﺑﺎﻋﺚ ﻣﯽ ﺷﻮد ﮐﻠﯿﻪ اﻃﻼﻋﺎت رد و ﺑﺪل ﺷﺪه در‬ ‫ﮐﺎﻧﺎل ارﺗﺒﺎﻃﯽ ﭘﺪﯾﺪ آﻣﺪه ﺑﻪ ﺻﻮرت ‪ Clear text‬ﻣﻨﺘﻘﻞ ﺷﻮد و در ﺻﻮرت ﻗﺮار ﮔﺮﻓﺘﻦ ﻓﺮدي )‪ (Sniffer‬ﻣﺎﺑﯿﻦ ﻣﺎ و‬ ‫ﺗﺠﻬﯿﺰ ﺳﯿﺴﮑﻮ ﻗﺎدر ﺑﻪ ﺷﻨﻮد و درﯾﺎﻓﺖ ﮐﻠﯿﻪ اﻃﻼﻋﺎت ﺧﻮاﻫﺪ ﺑﻮد از اﯾﻦ رو ﺑﺎ ﻫﺪف رﻣﺰ ﻧﮕﺎري ﮐﺎﻧﺎل ارﺗﺒﺎﻃﯽ از‬ ‫ﺟﺎﯾﮕﺰﯾﻦ ‪ Telnet‬ﯾﺎ ﻫﻤﺎن ‪ SSH‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ.‪ SSH‬در واﻗﻊ ﯾﮏ ‪ Shell‬ﻣﺤﺴﻮب ﻧﻤﯿﺸﻮد ﺑﻠﮑﻪ در واﻗﻊ ﻫﻤﺎن‬ ‫‪Telnet‬اﺳﺖ ﺑﺎ ﻣﻼﺣﻀﺎت رﻣﺰ ﻧﮕﺎري. ‪ SSH‬از اﻟﮕﻮرﯾﺘﻢ ﻫﺎي رﻣﺰ ﻧﮕﺎري ﻣﺘﻔﺎوﺗﯽ ﻫﻤﭽﻮن ‪Data Encryption‬‬ ‫)‪ Standard (DES‬و ‪AES 256Bit‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در 3‪GNS‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ Loopbacl‬اﯾﻨﺘﺮﻓﯿﺲ و ﺗﺨﺼﯿﺺ 42/1.1.1.01 ﺑﻪ آن‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ﻧﺎم ﮐﺎرﺑﺮي و رﻣﺰ ﻋﺒﻮر در دﯾﺘﺎﺑﯿﺲ ﻟﻮﮐﺎل ﺗﺎ ﭘﺲ از ﻓﻌﺎل ﺷﺪن ‪ SSH‬ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﮔﯿﺮد‬ ‫ﺗﻨﻈﯿﻢ ‪ VTY line‬ﺟﻬﺖ ﺑﻬﺮه ﮔﯿﺮي از دﯾﺘﺎﺑﯿﺲ ﻟﻮﮐﺎل ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮي در ﺣﯿﻦ اﺣﺮاز ﻫﻮﯾﺖ‬ ‫‪The VTY Line(s) authentication should be configured to authenticate to the local‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻐﯿﯿﺮ ﻧﺎم روﺗﺮ از ﻧﺎم ﭘﯿﺶ ﻓﺮض ﺑﻪ 1‪R‬‬ ‫ﺗﺨﺼﯿﺺ ‪ Domain name‬ﺑﻪ روﺗﺮ ﺟﻬﺖ ﺗﻮﻟﯿﺪ ‪Rsa key‬‬ ‫ﺗﻮﻟﯿﺪ ‪ Certificate‬ﻋﻤﻮﻣﯽ ‪ Self-signed‬ﺗﻮﺳﻂ روﺗﺮ‬ ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ‪ Telnet‬در روﺗﺮ و ﺗﻨﻬﺎ اﺳﺘﻔﺎده از ‪SSH‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺮاي اﯾﺠﺎد ﮐﻠﯿﺪ ﻋﻤﻮﻣﯽ ‪ RSA‬ﻧﯿﺎز اﺳﺖ ﺗﺎ در وﺣﻠﻪ اول ﻧﺎم روﺗﺮ از ﺣﺎﻟﺖ ﭘﯿﺶ ﻓﺮض ﺑﻪ ﻧﺎم ﺟﺪﯾﺪي ﺗﻐﯿﯿﺮ‬ ‫ﮐﻨﺪ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 116 of‬‬
Router>enable Password: Router#configure terminal Enter configuration commands, one per line. Router(config)#hostname R1 R1(config)# End with CNTL/Z. .‫ اﺳﺖ‬Rsa certificate ‫ ﺑﻪ روﺗﺮ ﺟﻬﺖ ﺗﻮﻟﯿﺪ‬domain name ‫2. ﻗﺪم ﺑﻌﺪي ﺗﺨﺼﯿﺺ‬ R1(config)#ip domain-name freeccnaworkbook.com crypto key generate rsa ‫ ﻫﺴﺘﯿﻢ. ﺑﺮاي ﺗﻮﻟﯿﺪ آن از دﺳﺘﻮر‬Rsa certificate ‫3. اﻻن آﻣﺎده ﺗﻮﻟﯿﺪ‬ ‫ ﺑﻪ ﻫﻤﺮاه ﺳﺎﯾﺰ ﺑﺮ ﺣﺴﺐ ﺑﯿﺖ ﮐﻠﯿﺪ ﻣﺪ ﻧﻈﺮ.در زﯾﺮ روﻧﺪ ﺗﻮﻟﯿﺪ ﮐﻠﯿﺪ 8402 ﺑﯿﺘﯽ را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬modulus R1(config)#crypto key generate rsa modulus 2048 The name for the keys will be: R1.freeccnaworkbook.com % The key modulus size is 2048 bits % Generating 2048 bit RSA keys, keys will be non-exportable...[OK] R1(config)# %SSH-5-ENABLED: SSH 1.99 has been enabled ‫ در روﺗﺮ ﻓﻌﺎل ﻣﯽ ﺷﻮد و ﻣﯿﺘﻮان ﺑﺎ‬SSH v1.99 ‫ ﻗﺎﺑﻠﯿﺖ‬Rsa ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯽ ﮐﻨﯿﺪ ﺑﻪ ﻣﺤﺾ اﯾﺠﺎد ﮐﻠﯿﺪ‬ .‫ ﺑﻪ روﺗﺮ ﻣﺘﺼﻞ ﺷﺪ‬SSH ‫ وﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از‬Securecrt ‫ ﯾﺎ‬putty ‫اﺳﺘﻔﺎده از‬ ‫ را ﺑﻪ ﮔﻮﻧﻪ اي ﮐﺎﻧﻔﯿﮓ ﻣﯽ ﮐﻨﯿﻢ ﮐﻪ ﺗﻨﻬﺎ ﭘﺬﯾﺮاي ارﺗﺒﺎﻃﺎت ﻣﺒﺘﻨﯽ ﺑﺮ‬VTY ‫ ، ﺧﻄﻮط‬SSH ‫4. ﭘﺲ از ﻓﻌﺎل ﺷﺪن‬ .‫ ﻏﯿﺮ ﻓﻌﺎل ﻣﯽ ﺷﻮد‬Telnet ‫ ﺑﺎﺷﻨﺪ ﺑﻪ ﺑﯿﺎن دﯾﮕﺮ‬SSH R1(config)#line vty 0 4 R1(config-line)#transport input ssh ‫ آداﭘﺘﺮ ﺳﺎﺧﺘﻪ ﺷﺪه اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬Loopback ‫ ﮐﺮدن ﺑﻪ‬ssh ‫5. ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت را ﺑﺎ‬ R1(config-line)#end R1#ssh -l john 10.1.1.1 Password: Page 117 of 290
R1#show ssh Connection Version Mode Encryption Hmac 0 1.99 IN aes128-cbc hmac-sha1 0 1.99 OUT aes128-cbc hmac-sha1 %No SSHv1 server connections running. R1# State Session started Session started Username john john Page 118 of 290
‫آزﻣﺎﯾﺶ 6.3 - ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار اﺳﺘﺎﻧﺪارد و ‪ Extended‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎ ﭘﺎﯾﻪ ﭘﯿﺎده ﺳﺎزي اﻣﯿﻨﯿﺖ در ﺷﺒﮑﻪ ﻫﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ﺳﯿﺴﮑﻮ ﻣﺤﺴﻮب ﻣﯽ ﺷﻮﻧﺪ.اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎ ﺟﺮﯾﺎن‬ ‫دﯾﺘﺎ را در ﯾﮏ ﺗﺠﻬﯿﺰ ﺗﺤﺖ ﮐﻨﺘﺮل ﻣﯽ ﮔﯿﺮﻧﺪ و ﻣﺎﻧﻊ از ارﺳﺎل و درﯾﺎﻓﺖ ﺗﺮاﻓﯿﮏ ﻫﺎي ﻧﺎﺧﻮاﺳﺘﻪ از ﻣﺒﺪا ﺑﻪ ﻣﻘﺼﺪ ﻣﯽ‬ ‫ﺷﻮﻧﺪ.در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار آﺷﻨﺎ ﻣﯽ ﺷﻮﯾﻢ ﮐﻪ اﻣﺮوزه ﻋﻤﻮﻣﺎ ﺑﻪ دﻟﯿﻞ اﺳﺘﻔﺎده از اﮐﺴﺲ‬ ‫ﻟﯿﺴﺘﻬﺎي ﺑﺎ ﻧﺎم ، ﮐﻤﺘﺮ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯽ ﮔﯿﺮﻧﺪ. ﺷﺎﯾﺪ در ﺑﺮﺧﯽ ادوات و ﮐﺎﻧﻔﯿﮕﻬﺎي ﻗﺪﯾﻤﯽ ﺑﺎ آﻧﻬﺎ ﺑﺮﺧﻮرد ﮐﻨﯿﺪ ﯾﺎ‬ ‫ﺷﺎﯾﺪ ﺗﻮﺳﻂ ﻣﻬﻨﺪﺳﯿﻦ ﺗﺎزه ﮐﺎري ﮐﻪ ﻫﻨﻮز ﺑﺎ اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺑﺎ ﻧﺎم آﺷﻨﺎ ﻧﺸﺪه اﻧﺪ ﻧﻮﺷﺘﻪ ﺷﺪه ﺑﺎﺷﻨﺪ .ﺑﺰرﮔﺘﺮﯾﻦ ﻧﻘﻄﻪ‬ ‫ﺿﻌﻒ اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار زﻣﺎن ﺑﺮ ﺑﻮدن ﻣﮑﺎﻧﯿﺰم وﯾﺮاﯾﺶ آﻧﻬﺎﺳﺖ.ﻣﺘﺎﺳﻔﺎﻧﻪ اﻣﮑﺎن ﻗﺮار دادن ‪ACE (Access‬‬ ‫)‪ Control List Entries‬درﺳﻄﺮ ﺧﺎﺻﯽ از ‪ ACL‬اﻣﮑﺎن ﭘﺬﯾﺮ ﻧﯿﺴﺖ و ﻧﯿﺎز ﺑﻪ ﺻﺮف و در واﻗﻊ اﺗﻼف زﻣﺎن ﺑﺮاي‬ ‫ﯾﺎﻓﺘﻦ ﺳﻄﺮ ﻣﻮرد ﻧﻈﺮ و ادﯾﺖ ﻣﺤﻠﯽ آن ﺳﻄﺮ وﺟﻮد دارد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﻗﺮار دادن دو دﺳﺘﮕﺎه روﺗﺮ و ﯾﮏ ﺳﻮﯾﯿﭻ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎ‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01ﺑﻪ 0/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫‪‬‬ ‫اﺗﺼﺎل دو روﺗﺮ ﺑﻪ ﯾﮑﺪﯾﮕﺮ از ﻃﺮﯾﻖ 0/0‪Fa‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ ﺷﻤﺎره دار ﺑﻪ ﻣﻨﻈﻮر ﺟﻠﻮ ﮔﯿﺮي از درﯾﺎﻓﺖ اﻃﻼﻋﺎت در 1‪ R‬ﺑﺎ ﻣﻨﺒﻊ 2‪R‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ Extended‬اﮐﺴﺲ ﻟﯿﺴﺖ ﺑﺎ ﻫﺪف ﺟﻠﻮﮔﯿﺮي از ﺑﺮﻗﺮاري ارﺗﺒﺎﻃﺎت ‪ Telnet‬از 1‪ R‬ﺑﻪ آدرس‬ ‫3.1.1.01‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ‬ ‫رﻧﺠﻬﺎي ﻣﺘﻌﺪدي از اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار ﺑﺮاي اﻋﻤﺎل ﮐﻨﺘﺮل ﺑﺮ ﻃﯿﻒ وﺳﯿﻌﯽ از دﺳﺘﺮﺳﯿﻬﺎ وﺟﻮد دارﻧﺪ . در زﯾﺮ‬ ‫ﻟﯿﺴﺖ ﮐﻠﯽ آﻧﻬﺎ را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ.‬ ‫092 ‪Page 119 of‬‬
R1(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list <1200-1299> IPX summary address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <2700-2799> MPLS access list <300-399> DECnet access list <600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list compiled Enable IP access-list compilation dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list ‫1. ﺑﺮاي اﻧﺠﺎم اوﻟﯿﻦ ﻫﺪف اﯾﻦ آزﻣﺎﯾﺶ ﻻزم اﺳﺖ ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﺘﺎﻧﺪارد اﯾﺠﺎد ﮐﻨﯿﻢ. ﺑﺎ ﻣﺮاﺟﻌﻪ ﺑﻪ ﺷﻤﺎره‬ ‫ﻫﺎي ﺑﺎﻻ درﺧﻮاﻫﯿﻢ ﯾﺎﻓﺖ ﮐﻪ ﺷﻤﺎره ﻫﺎي ﻣﺮﺗﺒﻂ ﺑﺎ اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي اﺳﺘﺎﻧﺪارد از 1 ﺗﺎ 99 ﻫﺴﺘﻨﺪ . ﯾﮏ ﺷﻤﺎره‬ ‫ را ﺑﻼك ﮐﻨﯿﻢ اﻣﺎ‬R2 ‫ از ﺳﻤﺖ‬R1 ‫ﺑﻪ دﻟﺨﻮاه اﻧﺘﺨﺎب ﻣﯿﮑﻨﯿﻢ ﻣﺜﻼ 05 ﺗﺎ ﺑﺎ اﺳﺘﻔﺎده از آن ﺗﺮاﻓﯿﮏ ورودي ﺑﻪ‬ .‫ﻣﺎﺑﻘﯽ ﺗﺮاﻓﯿﮏ ﻣﺠﺎز ﺑﻪ ﻋﺒﻮر ﺧﻮاﻫﺪ ﺑﻮد‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#access-list 50 deny host 10.1.1.2 R1(config)#access-list 50 permit any ‫ اﻋﻤﺎل ﮐﻨﯿﻢ‬R1 ‫ﺣﺎﻻ ﮐﻪ اﮐﺴﺲ ﻟﯿﺴﺖ ﺳﺎﺧﺘﻪ ﺷﺪ ﺑﺎﯾﺪ آﻧﺮا ﺑﻪ ﺗﺮاﻓﯿﮏ ورودي‬ R1(config)#interface fa0/0 R1(config-if)#ip access-group 50 in ‫ اﻧﺠﺎم ﻣﯿﺪﻫﯿﻢ . ﻣﻨﻄﻘﺎ اﻧﺘﻈﺎر دارﯾﻢ ﭘﺎﺳﺨﯽ‬R2 ‫ از ﺳﻤﺖ‬R1 ‫ روﺗﺮ‬Fa0/0 ‫ اﯾﻨﺘﺮﻓﯿﺲ‬ping ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت را ﺑﺎ‬ .‫ ﺑﺴﺘﻪ ﺷﺪه اﺳﺖ‬R2 ‫ درﯾﺎﻓﺖ ﻧﮑﻨﯿﻢ ﭼﻮن ﺗﺮاﻓﯿﮏ ورودي آن ﺑﺎ ﻣﺒﺪا‬R1 ‫از ﺳﻤﺖ‬ R2>ping 10.1.1.1 Page 120 of 290
‫.‪Type escape sequence to abort‬‬ ‫:‪Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds‬‬ ‫‪U.U.U‬‬ ‫)5/0( ‪Success rate is 0 percent‬‬ ‫>2‪R‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت را از ﻃﺮﯾﻖ اﺟﺮاي دﺳﺘﻮر ‪ show access-list‬در روﺗﺮ 1‪ R‬ﻫﻢ ﻣﯽ ﺗﻮان اﻧﺠﺎم داد.‬ ‫‪R1(config-if)#end‬‬ ‫‪R1#show access-list‬‬ ‫05 ‪Standard IP access list‬‬ ‫‪10 deny‬‬ ‫)‪10.1.1.2 (8 matches‬‬ ‫‪20 permit any‬‬ ‫#1‪R‬‬ ‫اﮐﻨﻮن ﺑﺮاي اﯾﻨﮑﻪ اﻃﻤﯿﻨﺎن ﺣﺎﺻﻞ ﮐﻨﯿﻢ اﮐﺴﺲ ﻟﯿﺴﺖ ﺗﻨﻬﺎ ﺗﺮاﻓﯿﮏ ‪ IP‬ﻗﯿﺪ ﺷﺪه را ﺑﻼك ﻣﯿﮑﻨﯿﺪ ‪ IP‬را ﺑﻪ‬ ‫42/3.1.1.01 ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ و ﻣﺠﺪدا ﺗﺴﺖ را اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ.‬ ‫‪R2>enable‬‬ ‫‪R2#configure terminal‬‬ ‫0/0‪R2(config)#interface fa‬‬ ‫0.552.552.552 3.1.1.01 ‪R2(config-if)#ip add‬‬ ‫‪R2(config-if)#end‬‬ ‫#2‪R‬‬ ‫ﺳﭙﺲ از 1‪ R‬اﯾﻨﺘﺮﻓﯿﺲ 2‪ R‬را ‪ ping‬ﻣﯿﮑﻨﯿﻢ ، اﻧﺘﻈﺎر دارﯾﻢ ﺑﺎ ﻣﻮﻓﻘﯿﺖ ﻫﻤﺮا ﺑﺎﺷﺪ‬ ‫3.1.1.01 ‪R1#ping‬‬ ‫.‪Type escape sequence to abort‬‬ ‫:‪Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds‬‬ ‫!!!!!‬ ‫‪Success rate is 100 percent (5/5), round-trip min/avg/max = 24/43/76 ms‬‬ ‫#1‪R‬‬ ‫1. در اﯾﻦ ﻗﺴﻤﺖ ﯾﮏ ‪ Extended‬اﮐﺴﺲ ﻟﯿﺴﺖ ﺑﺎ ﻫﺪف ﺑﻼك ﮐﺮدن ﺗﺮاﻓﯿﮏ ‪ Telnet‬از 0/0‪ Fa‬روﺗﺮ 1‪ R‬ﺑﻪ‬ ‫ﻣﻘﺼﺪ 3.1.1.01 اﯾﺠﺎد ﺧﻮاﻫﯿﻢ ﮐﺮد .ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﻟﯿﺴﺖ ﺷﻤﺎر ه ﻫﺎي اﺑﺘﺪاي آزﻣﺎﯾﺶ ﻣﺸﺎﻫﺪه ﮐﺮدﯾﻢ رﻧﺞ‬ ‫اﯾﻦ رده اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎ از 001 ﺗﺎ 991 اﺳﺖ.‬ ‫از آﻧﺠﺎﯾﯽ ﺗﺮاﻓﯿﮏ ‪ Telnet‬از ﻧﻮع ‪ Tcp‬اﺳﺖ ﻻزم اﺳﺖ ﻧﻮع ﺗﺮاﻓﯿﮏ و ﭘﺮوﺗﮑﻞ ﺧﺮوﺟﯽ را ﺑﻪ ﻋﻨﻮان‬ ‫ﭘﺎراﻣﺘﺮﻫﺎي دﺳﺘﻮر ‪ access-list‬ﻣﺸﺨﺺ ﮐﻨﯿﻢ ﮐﻪ در اﯾﻨﺠﺎ ﭘﻮرت 22 ﺧﻮاﻫﺪ ﺑﻮد‬ ‫092 ‪Page 121 of‬‬
‫‪R1#configure terminal‬‬ ‫‪R1(config)#access-list 150 deny tcp any host 10.1.1.3 eq telnet‬‬ ‫‪R1(config)#access-list 150 permit ip any any‬‬ ‫ﭘﺲ از اﯾﺠﺎد اﮐﺴﺲ ﻟﯿﺴﺖ ﻻزم اﺳﺖ ﺗﺎ روي ﺗﺮاﻓﯿﮏ ﺧﺮوﺟﯽ 1‪ R‬ﺑﻪ ﺷﮑﻞ زﯾﺮ اﻋﻤﺎل ﺷﻮد.‬ ‫0/0‪R1(config)#interface fa‬‬ ‫‪R1(config-if)#ip access-group 150 out‬‬ ‫ﯾﮏ ﻗﺎﻧﻮن اﺳﺎﺳﯽ و ﻣﻬﻢ در ﺧﺼﻮص اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎ وﺟﻮد دارد و آن اﯾﻨﺴﺖ ﮐﻪ ﺑﺮاي ﻋﻤﻠﮑﺮد ﻣﻮﺛﺮﺗﺮ اﮐﺴﺲ ﻟﯿﺴﺖ‬ ‫ﺑﺎﯾﺪ ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ ‪ Extended‬در ﺳﻤﺖ ﺗﺮاﻓﯿﮏ ﻣﺒﺪا و ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﺘﺎﻧﺪارد در ﺳﻤﺖ ﻣﻘﺼﺪ ﻗﺮار داده‬ ‫ﺷﻮد.ﻧﮑﺘﻪ دﯾﮕﺮ وﺟﻮد ﯾﮏ ‪Deny‬ﻣﻄﻠﻖ در اﻧﺘﻬﺎي ﻫﺮ اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﺖ ﮐﻪ داراي ﻣﻔﻬﻮﻣﯽ ﻣﺎﻧﻨﺪ ‪Deny any any‬‬ ‫در اﻧﺘﻬﺎي اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﺖ.ﭘﺲ ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﺗﺮاﻓﯿﮏ اﺟﺎزه ﻋﺒﻮر ﻧﺨﻮاﻫﺪ داﺷﺖ ﻣﮕﺮ ﺑﻪ آن اﺟﺎزه ﻋﺒﻮر داده‬ ‫ﺷﻮد.ﻋﻤﻮﻣﺎ ﺟﻬﺖ ﺳﻨﺎرﯾﻮﻫﺎي ‪ Tshoot‬از ﯾﮏ ﻋﺒﺎرت ‪ Deny‬ﺻﺮﯾﺢ در اﻧﺘﻬﺎي اﮐﺴﺲ ﻟﯿﺴﺖ ﺑﺎ ﻫﺪف ﻻگ ﮐﺮدن‬ ‫ﺗﺮاﻓﯿﮏ ‪ deny‬ﺷﺪه اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.‬ ‫092 ‪Page 122 of‬‬
‫آزﻣﺎﯾﺶ 7.3 – اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي اﺳﻢ دار– ‪Named Access lists‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي اﺳﻢ دار در ادوات ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار ﯾﮏ ﻋﯿﺐ ﻋﻤﺪه دارﻧﺪ و آن ﻋﺪم اﻣﮑﺎن وﯾﺮاﯾﺶ ﺳﻄﺮﻫﺎي آﻧﻬﺎ در ﻣﺤﻞ ﻗﺮارﮔﯿﺮي ﺳﻄﻮر‬ ‫اﺳﺖ.ﻣﺘﺎﺳﻔﺎﻧﻪ ﺗﻨﻬﺎ راه ﺣﺬف ﯾﺎ وﯾﺮاﯾﺶ آﻧﻬﺎ ﮐﭙﯽ ‪ Acl‬ﻣﻮﺟﻮد ﺑﻪ ﯾﮏ وﯾﺮاﯾﺸﮕﺮ ﻣﺘﻨﯽ و وﯾﺮاﯾﺶ آن اﺳﺖ و ﭘﺲ از آن‬ ‫ﺑﺎز ﮔﺮداﻧﺪن ﺗﻐﯿﯿﺮات ﺑﻪ ﻃﻮر ﯾﮑﺠﺎ از ﻃﺮﯾﻖ ‪ . Cli‬اﻣﺮوزه ﻋﻤﻮﻣﺎ از ﻧﻮع اﺳﻢ دار ‪ Acl‬در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻠﯿﺎﺗﯽ اﺳﺘﻔﺎده ﻣﯽ‬ ‫ﺷﻮد.اﯾﻦ ﻧﻮع ‪ Acl‬ﯾﮏ ﻧﻘﻄﻪ ﻗﻮت ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﻧﺴﺒﺖ ﺑﻪ ﻧﻮع ﺷﻤﺎره دار دارد و آن ﺷﺮح ﺗﻮﺻﯿﻔﯽ ﮐﻮﺗﺎه ﻫﺮﯾﮏ از ‪Acl‬‬ ‫ﻫﺎﺳﺖ ﻣﺜﻼ ‪ ،VTY_ACCESS‬ﮐﻪ ﺑﻪ ﻃﻮر ﻣﺸﻬﻮد ﺑﻪ ﻣﺮﺑﻮط ﺑﻪ ﮐﻨﺘﺮل ﺧﻄﻮط ‪ Vty‬اﺳﺖ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫ﺗﺨﺼﯿﺺ ‪ ip‬ﻫﺎي 92/3.02.452.961 ﺑﻪ 0/0‪ Fa‬و 42/452.1.1.01 ﺑﻪ 1/0‪Fa‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﯾﮏ ‪ Acl‬اﺳﺘﺎﻧﺪارد ﺑﻪ ﻧﺎم ‪ INSIDE_IN‬ﮐﻪ ﺗﻨﻬﺎ ﺑﻪ 42/0.1.1.01 اﺟﺎزه ورود ﻣﯽ دﻫﺪ،‬ ‫ﻗﺮار دادن ‪ Explicit deny‬در ﺧﻂ 005 و ﺛﺒﺖ ﻻگ ﺗﺮاﻓﯿﮑﻬﺎي ﺑﻼك ﺷﺪه‬ ‫اﻋﻤﺎل ‪ Acl‬ﻓﻮق ﺑﻪ 1/0‪Fa‬‬ ‫ﺗﻨﻈﯿﻢ ﯾﮏ ‪ Extended Acl‬ﺑﺎ ﻧﺎم ‪ OUTSIDE_IN‬و ﺑﻼك ﮐﺮدن ﺗﺮاﻓﯿﮏ آدرﺳﻬﺎي 05.44.32.17 و‬ ‫5.091.122.402 و اﺟﺎزه ﻋﺒﻮر ﻫﻤﻪ ﺗﺮاﻓﯿﮑﻬﺎي دﯾﮕﺮ.‬ ‫‪‬‬ ‫اﻋﻤﺎل ‪ Acl‬ﻓﻮق ﺑﻪ 1/0‪Fa‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫‪ Acl‬ﻫﺎي اﺳﻢ دار ﺑﺴﯿﺎر ﺷﺒﯿﻪ ‪ Acl‬ﻫﺎي ﺷﻤﺎره دار ﻫﺴﺘﻨﺪ ﻣﻨﺘﻬﺎ ﺑﺎ ﯾﮏ ﻧﺎم و ﺷﻤﺎره ﺳﻄﺮ ﻣﺸﺨﺺ ﻣﯽ ﺷﻮﻧﺪ.ﺑﺎ اﯾﻦ‬ ‫ﻗﺎﺑﻠﯿﺖ ﻣﯽ ﺗﻮان ﺗﻌﯿﯿﻦ ﮐﺮد )‪ Ace(Acl entry‬در ﮐﺪام ﺳﻄﺮ ‪ ACL‬ﺑﻨﺸﯿﻨﺪ.ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﯾﮏ ‪ Acl‬دارﯾﻢ و ﻣﺎﯾﻠﯿﻢ‬ ‫092 ‪Page 123 of‬‬
‫ﺑﯿﻦ ﺳﻄﺮﻫﺎي 51 و 02 آن ﯾﮏ ‪ Ace‬ﺟﺪﯾﺪ ﻗﺮار دﻫﯿﻢ.ﮐﺎﻓﯽ اﺳﺖ ﻫﻨﮕﺎم اﯾﺠﺎد آن ﺷﻤﺎره ﺳﻄﺮ ﻣﺮﺑﻮﻃﻪ را ﻫﻢ ﻗﯿﺪ ﮐﻨﯿﻢ‬ ‫ﭘﺲ از آن ﺑﺮاﺣﺘﯽ در ﻣﺤﻞ ﻣﻮرد ﻧﻈﺮ ﻗﺮار ﻣﯿﮕﯿﺮد.‬ ‫1. اوﻟﯿﻦ ﻫﺪف اﯾﺠﺎد ﯾﮏ ‪ Acl‬اﺳﻢ دار ﻋﺒﻮر ﺗﺮاﻓﯿﮏ ﺷﺒﮑﻪ 42/0.1.1.01و اﯾﺠﺎد ﯾﮏ ‪ Ace‬دﯾﮕﺮ در ﺳﻄﺮ ﺷﻤﺎره‬ ‫005 ﺑﺎ ﻫﺪف ﺑﻼك ﺗﺮاﻓﯿﮑﻬﺎي ﺑﺎﻗﯽ ﻣﺎﻧﺪه و ﺛﺒﺖ ﻻگ آﻧﻬﺎﺳﺖ. ﻋﻤﻮﻣﺎ ‪ Ace‬ﻫﺎي اﺳﻢ دار ﺑﺎ ﯾﮏ ﺷﻤﺎره ﮐﻪ‬ ‫ﺑﯿﺎﻧﮕﺮ ﺷﻤﺎره ﺳﻄﺮ آﻧﻬﺎ در ‪ Acl‬ﻫﺴﺖ ﺗﻌﺮﯾﻒ ﻣﯽ ﺷﻮﻧﺪ.در ﺻﻮرﺗﯿﮑﻪ از ﻫﯿﭻ ﺷﻤﺎره اي اﺳﺘﻔﺎده ﻧﺸﻮد ‪Ace‬‬ ‫ﻣﺬﺑﻮر در اﻧﺘﻬﺎي ﻟﯿﺴﺖ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ.ﻋﻤﻮﻣﺎ ﻫﻢ ﺷﻤﺎره ﻫﺎي ‪ Ace‬ﻫﺎ را ﺑﻪ ﺻﻮرت ﻣﻀﺮﺑﯽ از 5 ﯾﺎ 01 در‬ ‫ﻣﯿﮕﯿﺮﻧﺪ ﺗﺎ اﻣﮑﺎن ﺟﺎي ﮔﯿﺮي ‪ Ace‬ﻫﺎي ﺑﻌﺪي ﺑﺪون ﺑﻬﻢ رﯾﺨﺘﻦ ﻧﻈﻢ ﺷﻤﺎره ﻫﺎ ﻓﺮاﻫﻢ ﺷﻮد.‬ ‫.‪End with CNTL/Z‬‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫‪R1(config)#ip access-list standard INSIDE_IN‬‬ ‫#)‪R1(config-std-nacl‬‬ ‫552.0.0.0 0.1.1.01 ‪R1(config-std-nacl)#10 permit‬‬ ‫‪R1(config-std-nacl)#500 deny any log‬‬ ‫ﻧﮑﺘﻪ: ‪ Extended Acl‬ﻫﺎ از ‪ Subnet mask‬ﺑﺮاي ﻣﺸﺨﺺ ﮐﺮدن ﺷﺒﮑﻪ ﻣﻮرد ﻧﻈﺮﺷﺎن اﺳﺘﻔﺎده ﻧﻤﯿﮑﻨﻨﺪ ﺑﻠﮑﻪ ﺑﻪ ﺟﺎي‬ ‫آن از ‪ Wildcard mask‬ﮐﻪ ﺑﻪ ﻧﻮﻋﯽ ﺑﺮﻋﮑﺲ ﻣﻔﻬﻮم ‪ Subnet mask‬اﺳﺖ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.‬ ‫ﺧﻮب ﺣﺎﻻ ﮐﻪ ‪ Acl‬اﯾﺠﺎد ﺷﺪ ﻧﻮﺑﺖ ﺑﻪ ﺗﺨﺼﯿﺺ آن ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ اﺳﺖ ﺑﺮاي اﯾﻨﮑﺎر در ﻣﻮد ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺲ از‬ ‫دﺳﺘﻮر ‪ ip access-group‬ﺑﻪ ﻫﻤﺮاه ﻧﺎم ‪ Acl‬ﻣﺮﺑﻮﻃﻪ و ﻧﻮع ﺗﺮاﻓﯿﮏ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ ﺑﻪ ﺷﺮح زﯾﺮ‬ ‫‪R1(config-std-nacl)#exit‬‬ ‫1/0‪R1(config)#int f‬‬ ‫‪R1(config-if)#ip access-group INSIDE_IN in‬‬ ‫اﮐﻨﻮن ﺗﻨﻈﻤﯿﺎت اﻧﺠﺎم ﺷﺪه را ﺑﺎ دﺳﺘﻮر ‪ show access-list‬ﻣﺮور ﻣﯿﮑﻨﯿﻢ‬ ‫‪R1(config-if)#do show access-list‬‬ ‫‪Standard IP access list INSIDE_IN‬‬ ‫552.0.0.0 ‪10 permit 10.1.1.0, wildcard bits‬‬ ‫‪500 deny‬‬ ‫‪any log‬‬ ‫#)‪R1(config-if‬‬ ‫2. در ﻗﺴﻤﺖ دوم آزﻣﺎﯾﺶ ﯾﮏ ‪ Extended Acl‬ﺑﻪ ﻧﺎم ‪ OUTSIDE_IN‬ﺑﺎ ﻫﺪف ﺑﻼك ﮐﺮدن ﺗﺮاﻓﯿﮏ‬ ‫ﻫﺎﺳﺘﻬﺎي 05.44.32.17 و 5.091.122.402 ﻫﻤﯿﻨﻄﻮر اﺟﺎزه ﻋﺒﻮر ﺳﺎﯾﺮ ﺗﺮاﻓﯿﮑﻬﺎ اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ و آﻧﺮا ﺑﻪ‬ ‫0/0‪Fa‬ﻣﻨﺘﺴﺐ ﻣﯿﮑﻨﯿﻢ.‬ ‫‪R1(config-if)#exit‬‬ ‫‪R1(config)#ip access-list extended OUTSIDE_IN‬‬ ‫‪R1(config-ext-nacl)#10 deny ip host 71.23.44.50 any‬‬ ‫‪R1(config-ext-nacl)#20 deny tcp host 204.221.190.5 any eq www‬‬ ‫‪R1(config-ext-nacl)#500 permit ip any any‬‬ ‫‪R1(config-ext-nacl)#exit‬‬ ‫092 ‪Page 124 of‬‬
R1(config)#int f0/0 R1(config-if)#ip access-group OUTSIDE_IN in ‫ از دﺳﺘﻮر زﯾﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬Acl OUTSIDE_IN ‫ﺑﺮاي ﺑﺮرﺳﯽ و ﻣﺸﺎﻫﺪه ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ روي‬ R1(config-ext-nacl)#do sh access-list OUTSIDE_IN Extended IP access list OUTSIDE_IN 10 deny ip host 71.23.44.50 any 20 deny tcp host 204.221.190.5 any eq www 500 permit ip any any R1(config-ext-nacl)# Page 125 of 290
‫آزﻣﺎﯾﺶ 8.3 – اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ‪VTY‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻢ ‪ Acl‬ﻫﺎي وﯾﮋه ﮐﻨﺘﺮل دﺳﺘﺮﺳﯽ ﺑﻪ ﺧﻄﻮط ‪ Vty‬ﺟﻬﺖ ﻣﺪﯾﺮﯾﺖ از راه دور ادوات‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﺑﺴﯿﺎر راﯾﺞ اﺳﺖ ﮐﻪ دﺳﺘﺮﺳﯽ از راه دور ﺑﻪ ادوات را ﻣﺤﺪود ﺑﻪ ‪ Subnet‬ﻫﺎي ﻣﺪﯾﺮﯾﺘﯽ و ﺑﺮﺧﯽ‬ ‫‪ Ip‬ﻫﺎي ﺧﺎص ﻧﻤﻮد و ﺗﻨﻬﺎ اﯾﻦ رده ﺳﯿﺴﺘﻤﻬﺎ ﻣﺠﺎز ﺑﻪ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻫﺎي ‪ Telnet‬ﯾﺎ ‪ SSH‬ﺑﻪ ادوات ﺑﺎﺷﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻗﺮار دادن ﺳﻮﯾﯿﭽﻬﺎي 3‪ R1,R2,R‬و ﺳﻮﯾﯿﭻ 1‪ Sw‬در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬در 1‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 0/0‪ Fa‬در 1‪R‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/3.1.1.01 ﺑﻪ 0/0‪ Fa‬در 1‪R‬‬ ‫ﺗﻨﻈﯿﻢ ﻧﺎم ﮐﺎرﺑﺮي و رﻣﺰ ﻋﺒﻮر ﻣﺤﻠﯽ در 1‪ R‬ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ‪Level‬‬ ‫ﺗﻨﻈﯿﻢ 1‪ R‬ﺑﺮاي ﭘﺬﯾﺮش ﻫﺮدوي ﺗﻤﺎﺳﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Telnet‬و ‪SSH‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ ACL‬اﺳﻢ دار ‪ Extended‬ﺑﻪ ﻧﺎم ‪VTY_ACCESS‬‬ ‫ﺟﻠﻮﮔﯿﺮي از دﺳﺘﺮﺳﯽ آدرس 3.1.1.01 ﺑﻪ ‪Telnet‬‬ ‫اﺟﺎزه دادن ﺑﻪ ﺷﺒﮑﻪ 42/0.1.1.01 ﺟﻬﺖ اﺳﺘﻔﺎده از ‪ Telnet‬ﯾﺎ ‪SSH‬‬ ‫‪‬‬ ‫ﺟﻠﻮﮔﯿﺮي از ﻋﺒﻮر ﺳﺎﯾﺮ ﺗﺮاﻓﯿﮑﻬﺎ و ﺛﺒﺖ ﻻگ آﻧﻬﺎ‬ ‫‪‬‬ ‫اﺳﺘﻔﺎده ‪access-class‬ﺟﻬﺖ ﺗﻨﻈﯿﻢ ‪ Acl‬ﺧﻄﻮط ‪VTY‬‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﯾﮑﯽ از ﻗﺎﺑﻠﯿﺘﻬﺎي ﻣﻬﻢ ﻣﺪﯾﺮﯾﺘﯽ اراﺋﻪ ﺷﺪه در ‪ IOS‬ﻫﺎي ﺳﺮي ‪12.3T‬و4.21 اﻣﮑﺎن اﺳﺘﻔﺎده از ‪ Extended Acl‬ﻫﺎ‬ ‫ﺟﻬﺖ ﻣﺪﯾﺮﯾﺖ دﺳﺘﺮﺳﯽ ﻫﺎي از راه دور ﺑﻪ ادوات از ﻃﺮﯾﻖ ‪ Telnet‬ﯾﺎ‪ SSH‬اﺳﺖ.‬ ‫092 ‪Page 126 of‬‬
VTY_ACCESS ‫ اﺳﺖ ﺑﻪ ﻧﺎم‬R1 ‫1. ﻗﺪم اﯾﺠﺎد ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﻢ دار در‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip access-list extended VTY_ACCESS R1(config-ext-nacl)# host ‫ ﺑﻪ آن، ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر ﻣﻨﺒﻊ را‬Telnet ‫ ﺟﻬﺖ ﺟﻠﻮﮔﯿﺮي از دﺳﺘﺮﺳﯽ 3.1.1.01 از ﻃﺮﯾﻖ‬R1 ‫2. ﺗﻨﻈﯿﻢ‬ ‫ ﺗﻌﯿﯿﻦ ﻣﯿﮑﻨﯿﻢ‬any eq telnet ‫3.1.1.01 وﻣﻘﺼﺪ را‬ R1(config-ext-nacl)#10 deny tcp host 10.1.1.3 any eq telnet ‫ ﻧﯿﺎز ﺑﻪ ﺗﻌﺮﯾﻒ‬R1 ‫ ﺑﻪ‬SSH ‫ و‬Telnet ‫3. ﺑﺮاي اﺟﺎزه ﺑﻪ ﺷﺒﮑﻪ 42/0.1.1.01ﺟﻬﺖ ﺑﺮﻗﺮاري ﺗﻤﺎﺳﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ‬ 22 ‫ روي‬SSH ‫ ﮐﻪ روي ﭘﻮرت 32 ودﯾﮕﺮي ﺑﺮاي‬Telnet ‫ ﻣﺠﺰا دارﯾﻢ ﯾﮑﯽ ﺑﺮاي‬ACE ‫دو‬ R1(config-ext-nacl)#20 permit tcp 10.1.1.0 0.0.0.255 any eq 22 R1(config-ext-nacl)#30 permit tcp 10.1.1.0 0.0.0.255 any eq 23 ‫4. در اﻧﺘﻬﺎ ﻫﻢ ﺗﻤﺎﻣﯽ ﺗﺮاﻓﯿﮑﻬﺎي ﺑﺎﻗﯽ ﻣﺎﻧﺪه را ﺑﻼك ﮐﺮده و ﻧﺘﯿﺠﻪ اﻧﻬﺎ را ﻻگ ﻣﯽ ﮐﻨﯿﻢ‬ R1(config-ext-nacl)#500 deny ip any any log ‫ اﺳﺖ‬access-class ‫ ﺳﺎﺧﺘﻪ ﺷﺪه ﺑﻪ ﻣﻨﻈﻮر اﺳﺘﻔﺎده از‬Acl ‫5. ﻗﺪم آﺧﺮ ﺗﻨﻈﯿﻢ‬ R1(config-ext-nacl)#line vty 0 4 R1(config-line)#access-class VTY_ACCESS in R1(config-line)#end R1# ‫ ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ در اﺑﺘﺪا‬R3 ‫ و‬R2 ‫6. در ﻣﺮﺣﻠﻪ ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﻣﻮارد اﻧﺠﺎم ﺷﺪه را از ﻃﺮﯾﻖ روﺗﺮﻫﺎي‬ R1#show access-list Extended IP access list VTY_ACCESS 10 deny tcp host 10.1.1.3 any eq telnet 20 permit tcp 10.1.1.0 0.0.0.255 any eq 22 30 permit tcp 10.1.1.0 0.0.0.255 any eq telnet 500 deny ip any any log R2#telnet 10.1.1.1 Trying 10.1.1.1 ... Open Page 127 of 290
User Access Verification Username: tom Password: R1#show users Line 0 con 0 * 2 vty 0 Interface User tom User Host(s) idle idle Idle Location 00:14:12 00:00:00 10.1.1.2 Mode Idle Peer Address R1#exit [Connection to 10.1.1.1 closed by foreign host] R2#ssh -l tom 10.1.1.1 Password: R1#sh ssh Connection Version Mode Encryption Hmac Username 0 1.99 IN aes128-cbc hmac-sha1 Session started 0 1.99 OUT aes128-cbc hmac-sha1 Session started %No SSHv1 server connections running. R1# State tom tom ‫ از‬Telnet ‫ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ. ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﻗﺴﻤﺘﻬﺎي ﻗﺒﻞ دﯾﺪﯾﻢ ﺗﻨﻈﺎر ﻣﯽ رود ﺗﺮاﻓﯿﮏ‬R3 ‫ﺗﺴﺖ ﺑﻌﺪي را از ﺳﻤﺖ‬ .‫ ﻣﺠﺎز ﺑﻪ ﻋﺒﻮر ﺑﺎﺷﺪ‬SSH ‫ﺳﻤﺖ آن ﺑﻼك ﺷﻮد و‬ R3#telnet 10.1.1.1 Trying 10.1.1.1 ... % Connection refused by remote host R3#ssh -l tom 10.1.1.1 Password: R1#show ssh Connection Version Mode Encryption Hmac Username 0 1.99 IN aes128-cbc hmac-sha1 Session started 0 1.99 OUT aes128-cbc hmac-sha1 Session started %No SSHv1 server connections running. R1#show users Line User Host(s) Idle Location 0 con 0 idle 00:13:53 * 2 vty 0 tom idle 00:00:00 10.1.1.3 Interface User Mode Idle State tom tom Peer Address R1# Page 128 of 290
‫آزﻣﺎﯾﺶ 9.3 – ﺳﺮوﯾﺲ ‪Password Encryption‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ﺳﺮوﯾﺲ رﻣﺰﻧﮕﺎري ﮐﻠﻤﺎت ﻋﺒﻮر ادوات ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ادوات ﺳﯿﺴﮑﻮ ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﺑﺮاي رﻣﺰ ﻧﮕﺎري ﮐﻠﻤﺎت ﻋﺒﻮر از اﻟﮕﻮرﯾﺘﻤﻬﺎي 7‪ Level‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﮐﻪ ﺑﺴﯿﺎر‬ ‫ﺷﮑﻨﻨﺪه ﺑﻮده و از درﺟﻪ اﻣﻨﯿﺘﯽ ﭘﺎﯾﯿﻨﯽ ﺑﺮﺧﻮردار اﺳﺖ.ﺗﻌﺪاد زﯾﺎدي وب ﺳﺎﯾﺖ در اﯾﻦ ﺧﺼﻮص وﺟﻮد دارﻧﺪﮐﻪ ﺑﻪ ﺷﻤﺎ‬ ‫اﺟﺎزه ‪ Paste‬ﮐﺮدن ﮐﻠﻤﻪ ﻋﺒﻮر ‪ Hash‬ﺷﺪه از ﯾﮏ ﺳﻮ و درﯾﺎﻓﺖ ﮐﻠﻤﻪ ﻋﺒﻮر ‪ Decrypt‬ﺷﺪه را ﻣﯽ دﻫﻨﺪ، ﺷﺎﯾﺪ ﺑﺘﻮان‬ ‫ﮔﻔﺖ ﺗﻨﻬﺎ ﺣﺴﻦ آن ﻋﺪم ﻧﻤﺎﯾﺶ ﮐﻠﻤﻪ ﻋﺒﻮر ﺑﻪ ﺻﻮرت ‪ Clear text‬در ﻫﻨﮕﺎﻣﯽ اﺳﺖ ﮐﻪ ﻣﺸﻐﻮل ﻣﺸﺎﻫﺪه ﮐﺎﻧﻔﯿﮕﻬﺎ‬ ‫ﻫﺴﺘﯿﺪ و ﺷﺨﺼﯽ ﮐﻨﺎر دﺳﺖ ﺷﻤﺎ ﻧﺸﺴﺘﻪ ﺗﻤﺎﯾﻞ ﻧﺪارﯾﺪ ﮐﻠﻤﻪ ﻋﺒﻮر را ﻣﺸﺎﻫﺪه ﮐﻨﺪ! ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﮐﺎﻧﻔﯿﮓ ادوات ﺧﻮد را‬ ‫ﺟﻬﺖ ﺑﺮرﺳﯽ ﺑﻪ ﺷﺨﺺ دﯾﮕﺮي ﻣﯽ دﻫﯿﺪ ﯾﺎ در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻮﻣﯽ ﺑﻪ اﺷﺘﺮاك ﻣﯽ ﮔﺬارﯾﺪ دﻗﯿﺖ ﮐﻨﯿﺪ ﮐﻠﻤﺎت ﻋﺒﻮر‬ ‫7‪ Level‬را از ﮐﺎﻧﻔﯿﮓ ﺣﺬف ﮐﻨﯿﺪ ﭼﻮن ﺑﻪ آﺳﺎﻧﯽ ﻗﺎﺑﻞ ﺑﺎزﯾﺎﺑﯽ ﻫﺴﺘﻨﺪ. ﮐﻠﻤﺎت ﻋﺒﻮر 5‪Type‬ﮐﻪ از ‪MD5 Hashing‬‬ ‫اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ اﯾﻦ ﻣﺸﮑﻞ را ﻧﺪارﻧﺪ زﯾﺮا اﯾﻦ اﻟﮕﻮرﯾﺘﻢ 821 ﺑﯿﺘﯽ ﻣﺎﻫﯿﺖ ﻣﻌﮑﻮس ﻧﺎﭘﺬﯾﺮ دارد و ﮐﻠﻤﺎت ﻋﺒﻮر رﻣﺰ ﺷﺪه‬ ‫ﺑﺎ آن ﻗﺎﺑﻞ رﻣﺰﮔﺸﺎﯾﯽ ﻧﯿﺴﺘﻨﺪ ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﻪ ادواﺗﯽ ﮐﻪ از 5‪ MD‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﻻﮔﯿﻦ ﻣﯿﮑﻨﯿﻢ اﺑﺘﺪا ﮐﻠﻤﻪ ﻋﺒﻮر‬ ‫درﯾﺎﻓﺘﯽ از ﻣﺎ ﺗﺤﺖ اﻟﮕﻮرﯾﺘﻢ ﻣﺬﺑﻮر ﺑﻪ ﺻﻮرت رﻣﺰ درآﻣﺪه و ﺑﺎ رﺷﺘﻪ رﻣﺰ ﺷﺪه و ذﺧﯿﺮه ﺷﺪه ﻣﻮﺟﻮد در دﯾﻮاﯾﺲ ﻣﻘﺎﯾﺴﻪ‬ ‫ﻣﯽ ﺷﻮد و در ﺻﻮرت ﯾﮑﺴﺎن ﺑﻮدن اﺟﺎزه ﻋﺒﻮر ﺻﺎدر ﺧﻮاد ﺷﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد 2 ﮐﻠﻤﻪ ﻋﺒﻮر ورﻣﺰ ﻋﺒﻮر ﻣﺤﻠﯽ‬ ‫‪‬‬ ‫ﻓﻌﺎل ﮐﺮدن ﺳﺮوﯾﺲ رﻣﺰ ﻧﮕﺎري ﮐﻠﻤﺎت ﻋﺒﻮر ﺑﺎ ‪service password-encryption‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﭼﮏ ﮐﺮدن اﯾﻨﮑﻪ آﯾﺎ واﻗﻌﺎ ﮐﻠﻤﺎت ﻋﺒﻮر رﻣﺰ ﺷﺪه اﻧﺪ؟!‬ ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ﺳﺮوﯾﺲ و ﺑﺮرﺳﯽ ﻣﺠﺪد وﺿﻌﯿﺖ ﮐﻠﻤﺎت ﻋﺒﻮر‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ ﺳﺮوﯾﺲ‬ ‫1. در اوﻟﯿﻦ ﻗﺪم دو ﮐﺎرﺑﺮ ﺑﺎ ﻣﺸﺨﺼﺎت زﯾﺮ ﺑﻪ ﺻﻮرت ﻣﺤﻠﯽ در دﯾﻮاﯾﺲ اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 129 of‬‬
R1>enable R1#configure terminal Enter configuration commands, one per line. R1(config)#username tom secret Cisco R1(config)#username jerry password Cisco End with CNTL/Z. ‫ ﻧﺎﻣﻬﺎي ﮐﺎرﺑﺮي و ﮐﻠﻤﺎت ﻋﺒﻮر اﻧﻬﺎ را‬do show run | inc username ‫2. ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر‬ ‫ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ‬ R1(config)#do show run | inc username username tom privilege 15 secret 5 $1$ID2R$2AKUK4US6yUQVkggSMkLV0 username john privilege 15 password 0 Cisco R1(config)# ‫ ﻓﻌﺎل ﻣﯿﮑﻨﯿﻢ‬service password-encryption ‫3. ﺳﺮوﯾﺲ رﻣﺰﻧﮕﺎري ﭘﺴﻮردﻫﺎ را از ﻃﺮﯾﻖ‬ R1(config)#service password-encryption ‫4. ﭘﺲ از ﻓﻌﺎل ﮐﺮدن ﺳﺮوﯾﺲ ﯾﮑﺒﺎر دﯾﮕﺮ ﮐﻠﻤﺎت ﻋﺒﻮر ذﺧﯿﺮه ﺷﺪه را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﯾﻢ اﻟﮕﻮرﯾﺘﻢ‬ .‫ﺑﻪ درﺳﺘﯽ اﻋﻤﺎل ﺷﺪه اﺳﺖ‬ R1(config)#do show run | inc username username tom privilege 15 secret 5 $1$ID2R$2AKUK4US6yUQVkggSMkLV0 username john privilege 15 password 7 106D000A0618 R1(config)# ‫5. در اﻧﺘﻬﺎ ﺳﺮوﯾﺲ را ﻏﯿﺮ ﻓﻌﺎل ﻣﯿﮑﻨﯿﻢ ﻫﻤﺎﻧﻮﻃﺮ ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ ﮐﻠﻤﺎت ﻋﺒﻮر ﺑﻪ ﺣﺎﻟﺖ اول ﺑﺮ ﻧﻤﯿﮕﯿﺮدﻧﺪ‬ R1(config)#no service password-encryption R1(config)#do show run | inc username username tom privilege 15 secret 5 $1$ID2R$2AKUK4US6yUQVkggSMkLV0 username john privilege 15 password 7 106D000A0618 R1(config)# Page 130 of 290
‫آزﻣﺎﯾﺶ 01.3 –‪ Exec Timeout‬و ‪Absolute timeout‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Timeout‬در ﻣﺤﯿﻄﻬﺎي ‪ Console‬و ‪ Vty‬ﺑﻪ ﻣﻨﻈﻮر ﻗﻄﻊ ﮐﺮدن ﺧﻮدﮐﺎر اﯾﻦ‬ ‫ارﺗﺒﺎﻃﺎت ﭘﺲ از ﮔﺬﺷﺖ ﻣﺪت زﻣﺎﻧﯽ ﻣﻌﯿﻦ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻧﮑﺘﻪ اﻣﻨﯿﺘﯽ ﻣﻬﻢ در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﻻزم اﺳﺖ ﺗﺎ ﺗﻤﺎﺳﻬﺎي ﺑﺪون ﻓﻌﺎﻟﯿﺖ ﺗﺮﻣﯿﻨﺎﻟﯽ و ﮐﻨﺴﻮﻟﯽ ﺑﻪ ادوات‬ ‫ﭘﺲ از ﮔﺬﺷﺖ ﻣﺪت زﻣﺎن ﻣﻌﯿﻨﯽ ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﻗﻄﻊ ﺷﻮﻧﺪ ﺗﺎ ﻣﻮرد ﺳﻮ اﺳﺘﻔﺎده ﺳﺎﯾﺮﯾﻦ ﻗﺮار ﻧﮕﯿﺮﻧﺪ از اﯾﻨﺮو ﺗﻨﻈﯿﻢ‬ ‫ﻣﻮارد ﻓﻮق ﻋﻠﯽ اﻟﺨﺼﻮص ‪exec timeout‬ﺑﻪ ﺷﺪت ﺗﻮﺻﯿﻪ ﻣﯽ ﺷﻮد.‬ ‫‪ Absolute timeout‬ﺑﺮﺧﯽ اوﻗﺎت در ‪ Access server‬ﻫﺎ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد ﺗﺎ ﺗﻤﺎﺳﻬﺎي ﺑﺮﻗﺮار ﺷﺪه ﺑﻪ‬ ‫ادوات را ﭼﻪ در ﺣﺎﻟﺖ ‪ Idle‬ﺑﺎﺷﻨﺪ و ﭼﻪ در ﺣﺎﻟﺖ ﻓﻌﺎل ﻗﻄﻊ ﮐﻨﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ در در 1‪ R‬و ﺗﺨﺼﯿﺺ آدرس 23/1.1.1.01 ﺑﻪ آن‬ ‫اﯾﺠﺎد ﻧﺎم ﮐﺎرﺑﺮي ورﻣﺰ ﻋﺒﻮر ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ﺑﻪ آن‬ ‫ﺗﻨﻈﯿﻢ ‪ Vty‬ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ﺗﻤﺎﺳﻬﺎ ﺑﺮ اﺳﺎس ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ Exec time out‬ﯾﮏ دﻗﯿﻘﻪ اي روي 4-0 ‪Vty‬‬ ‫‪‬‬ ‫ﭼﮏ ﮐﺮدن ﺻﺤﺖ ﺗﻨﻈﯿﻢ ﺑﺎ ‪Telnet‬ﺑﻪ ‪ Loopback‬و ﭘﺲ از آن ﯾﮏ دﻗﯿﻘﻪ ﺳﮑﻮت‬ ‫‪‬‬ ‫ﺣﺬف ‪ Exec timeout‬و اﯾﺠﺎد ‪ Absolute Timeout‬دو دﻗﯿﻘﻪ اي‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺑﺎ ‪ Telnet‬ﻣﺠﺪد ﺑﻪ ‪ Loopback‬و ﻣﺸﺎﻫﺪه ﻗﻄﻊ ﺷﺪن ارﺗﺒﺎط ﭘﺲ از دو دﻗﯿﻘﻪ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. اﯾﺠﺎد ‪ Exec timeout‬ﯾﮏ دﻗﯿﻘﻪ اي و ﭼﮏ ﮐﺮدن آن از ﻃﺮﯾﻖ ‪Loopback‬‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 131 of‬‬
R1>enable R1#configure terminal Enter configuration commands, one per line. R1(config)#line vty 0 4 R1(config-line)#exec-timeout 2 R1(config-line)#end R1#telnet 10.1.1.1 Trying 10.1.1.1 ... Open End with CNTL/Z. User Access Verification Username: tom Password: R1# [Connection to 10.1.1.1 closed by foreign host] R1# ‫ دودﻗﯿﻘﻪ اي ﺑﻪ ﺟﺎي آن اﯾﺠﺎد‬Absolute timeout ‫2. در ﻗﺪم ﺑﻌﺪي ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ را ﭘﺎك ﻣﯿﮑﻨﯿﻢ و ﯾﮏ‬ .‫ ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ‬Loopback ‫ ﻣﺠﺪد ﺑﻪ‬Telnet ‫ﻣﯿﮑﻨﯿﻢ . ﻧﺘﯿﺠﻪ را ﺑﺎ ﯾﮏ‬ R1#configure terminal Enter configuration commands, one per line. R1(config)#line vty 0 4 R1(config-line)#no exec-timeout R1(config-line)#absolute-timeout 2 R1(config-line)#end R1#telnet 10.1.1.1 Trying 10.1.1.1 ... Open End with CNTL/Z. User Access Verification Username: tom Password: R1# * * * Line timeout expired * [Connection to 10.1.1.1 closed by foreign host] R1# . Page 132 of 290
‫آزﻣﺎﯾﺶ 11.3 –وب ﺳﺮور داﺧﻠﯽ ادوات ﺳﯿﺴﮑﻮ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ادوات ﺳﯿﺴﮑﻮ ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ارﺗﺒﺎﻃﻬﺎي ﺑﺮﻗﺮار ﺷﺪه ﺑﺎ وب ﮐﻨﺴﻮل اﯾﻦ ادوات‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺗﻨﻈﯿﻤﺎت ﻣﺮﺗﺒﻂ ﺑﺎ اﺣﺮاز ﻫﻮﯾﺖ از ﻃﺮﯾﻖ ‪ Cisco IOS web server‬ﺟﻬﺖ اﯾﺠﺎد و ﮐﻨﺘﺮل دﺳﺘﺮﺳﯽ ﺑﺮﺧﯽ ﮐﺎرﺑﺮان ﺑﻪ‬ ‫وب ﮐﻨﺴﻮل ادوات ﯾﺎ ‪ SDM‬در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻠﯿﺎﺗﯽ اﻣﺮي راﯾﺞ ﻣﯽ ﺑﺎﺷﺪ. در اﯾﻦ ﻧﻮﺷﺘﻪ ﺑﻪ ﭼﮕﻮﻧﮕﯽ اﯾﻦ ﺗﻨﻈﯿﻤﺎت‬ ‫ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﯾﺠﺎد ارﺗﺒﺎط ‪ Cloud‬اﯾﻨﺘﺮﻓﯿﺲ 0/1‪ Fa‬ﺑﺎ ﮐﺎرت ﺷﺒﮑﻪ ﮐﺎﻣﭙﯿﻮﺗﺮ‬ ‫اﯾﺠﺎد ﮐﺎرﺑﺮ ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ از ﻃﺮﯾﻖ وب‬ ‫ﺗﺨﺼﯿﺺ آدرس ﺑﻪ 0/0‪ Fa‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺗﺤﺖ وب ﺑﻪ ﮐﻨﺴﻮل روﺗﺮ از ﻃﺮﯾﻖ ‪IE‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ ﻧﺎم داﻣﻨﻪ ‪ stubarea.net‬ﺑﻪ روﺗﺮ‬ ‫‪‬‬ ‫ﻓﻌﺎل ﺳﺎزي وب ﺳﺮور داﺧﻠﯽ روﺗﺮ ﺑﺎ دﺳﺘﻮر ‪the ip http secure-server‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ وب ﺳﺮور داﺧﻠﯽ ﺑﻪ ﻣﻨﻈﻮر اﺧﺬ اﻃﻼﻋﺎت ﻫﻮﯾﺘﯽ از ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮي‬ ‫ﻻﮔﯿﻦ ﺗﺤﺖ وب از ﻃﺮﯾﻖ ‪ IE‬ﺑﻪ روﺗﺮ و وارد ﮐﺮدن اﻃﻼﻋﺎت ﻫﻮﯾﺘﯽ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺗﺨﺼﯿﺺ ﻧﺎم داﻣﻨﻪ ‪ stubarea.net‬ﺑﻪ روﺗﺮ و ﻓﻌﺎل ﺳﺎزي وب ﺳﺮور داﺧﻠﯽ آن‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪R1>enable‬‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫‪R1(config)#ip domain-name stubarea.net‬‬ ‫‪R11(config)#ip http secure-server‬‬ ‫]‪% Generating 1024 bit RSA keys, keys will be non-exportable...[OK‬‬ ‫‪%SSH-5-ENABLED: SSH 1.99 has been enabled‬‬ ‫092 ‪Page 133 of‬‬
‫#)‪R1(config‬‬ ‫2. ﺗﻨﻈﯿﻢ وب ﺳﺮور داﺧﻠﯽ ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ﮐﺎرﺑﺮان از ﻃﺮﯾﻖ ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮان‬ ‫‪R1(config)#ip http authentication local‬‬ ‫3. ﭘﺲ از ﺗﻤﯿﻞ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ ‪ Ie‬ﺑﻪ آدرس0/0‪ Fa‬روﺗﺮ ﻣﺘﺼﻞ ﻣﯿﺸﻮﯾﻢ ، ﭘﺲ ورود اﻃﻼﻋﺎت ﻫﻮﯾﺘﯽ وارد وب‬ ‫ﭘﻨﻞ روﺗﺮ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫092 ‪Page 134 of‬‬
‫آزﻣﺎﯾﺶ 21.3 – ﺛﺒﺖ ﻻﮔﻬﺎ در ‪syslog server‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ادوت ﺳﯿﺴﮑﻮ ﺟﻬﺖ ارﺳﺎل ﮐﻠﯿﻪ ﭘﯿﺎﻣﻬﺎي ﺳﯿﺴﺘﻤﯽ ﺑﻪ ‪ Syslog‬ﺳﺮور آﺷﻨﺎ‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ و واﻗﻌﯽ روﺗﺮﻫﺎ در ﻫﺮ ﻟﺤﻈﻪ ﻣﺸﻐﻮل ﮔﺮﯾﻪ و زاري ﻫﺴﺘﻨﺪ! ﻓﻼن اﯾﻨﺘﺮﻓﯿﺲ ﻣﻦ آپ ﺷﺪ اوﻧﯿﮑﯽ‬ ‫داون ﺷﺪ ، ﺷﻤﺎرﻧﺪه ‪ Acl‬ﺗﻐﯿﯿﺮ ﮐﺮد ، ﮐﺎﻧﻔﯿﮓ ﺗﻐﯿﯿﺮ ﮐﺮد و از اﯾﻦ دﺳﺖ. از ﻧﻘﻄﻪ ﻧﻈﺮ ﯾﮏ ﻣﺪﯾﺮ ﺷﺒﮑﻪ ﻻزم اﺳﺖ ﺗﺎ ﺗﻤﺎم‬ ‫اﯾﻦ ﭘﯿﺎﻣﻬﺎي ﺳﯿﺴﺘﻤﯽ در ﻣﺤﻠﯽ ذﺧﯿﺮه ﺷﻮﻧﺪ ﺗﺎ در ﻓﺮﺻﺖ ﻣﻘﺘﻀﯽ و در ﺻﻮرت ﻧﯿﺎز ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﮔﯿﺮﻧﺪ.در ﻋﻤﻞ‬ ‫اﻣﮑﺎن ذﺧﯿﺮه ﺳﺎزي ﻻﮔﻬﺎ روي ﺧﻮد ادوات ﻫﻢ وﺟﻮ دارد اﻣﺎ اﺧﺬ اﯾﻦ ﻫﻤﻪ ﻻگ ﺑﻪ ﻃﻮر ﺟﺪاﮔﺎﻧﻪ از ادوات ﻣﺠﺰا از ﻫﻢ‬ ‫ﻓﺮاﯾﻨﺪي وﻗﺖ ﮔﯿﺮ و ﻏﯿﺮ اﺻﻮﻟﯽ اﺳﺖ از اﯾﻨﺮو ﮐﻠﯿﻪ ادوات را ﺑﻪ ﮔﻮﻧﻪ اي ﺗﻨﻈﯿﻢ ﻣﯽ ﮐﻨﻨﺪ ﮐﻪ ﭘﯿﺎﻣﻬﺎي ﺳﯿﺴﺘﻤﯽ ﺧﻮد را‬ ‫ﺑﻪ ﯾﮏ ﻻگ ﺳﺮور ﻣﺸﺘﺮك در ﺷﺒﮑﻪ ارﺳﺎل ﮐﻨﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ‪ cloud‬ﻣﺎﺑﯿﻦ 0/0‪ Fa‬و ﮐﺎرت ﺷﺒﮑﻪ ﮐﺎﻣﭙﯿﻮﺗﺮ ر.ك آز 8.1‬ ‫‪‬‬ ‫داﻧﻠﻮد و ﻧﺼﺐ ﺑﺮﻧﺎﻣﻪ ‪Solarwinds kiwi syslog‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 1‪ R‬ﺟﻬﺖ ارﺳﺎل ﻻﮔﻬﺎ ﺑﻪ آدرس ﻻگ ﺳﺮور ﻣﻮﺟﻮد در ﺷﺒﮑﻪ‬ ‫ﺗﻨﻈﯿﻢ ‪ logging option‬در 1‪ R‬ﺟﻬﺖ ﻻگ ﮐﺮدن ﭘﯿﻐﺎﻣﻬﺎي 7‪ level‬و ﭘﺎﯾﯿﻨﺘﺮ )‪(Debug messages‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﭘﯿﻐﺎﻣﻬﺎي ﺳﯿﺴﺘﻤﯽ ‪ Debug‬ﺟﻬﺖ ﺛﺒﺖ در ‪ syslog‬ﺳﺮور‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﻻﮔﻬﺎي ﺛﺒﺖ ﺷﺪه در ‪ syslog‬ﺳﺮور‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺗﻨﻈﯿﻢ 1‪ R‬ﺟﻬﺖ ﻓﻌﺎل ﺳﺎزي ‪ logging‬و ارﺳﺎل ﻻﮔﻬﺎ ﺑﻪ ﻫﺎﺳﺖ ﻣﯿﺰﺑﺎن ﺑﺮﻧﺎﻣﻪ ‪syslog‬‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫.‪End with CNTL/Z‬‬ ‫‪R1>enable‬‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫3.2.861.291 ‪R1(config)#logging host‬‬ ‫092 ‪Page 135 of‬‬
‫ و ﭘﺎﯾﯿﻨﺘﺮ ﺑﻪ ﺳﺮور‬level 7 ‫ ﺑﻪ ﻣﻨﻈﻮر ارﺳﺎل ﻻﮔﻬﺎي‬logging ‫2. ﺗﻈﯿﻢ ﭘﺎراﻣﺘﺮ‬ R1(config)#logging trap 7 R1(config)#end R1# %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.2.3 port 514 started - CLI initiated R1# icmp ‫ روي‬Debug ‫3. اﯾﺠﺎد دﺳﺘﯽ ﭼﻨﺪ ﭘﯿﻐﺎم ﺳﯿﺴﺘﻤﯽ ﺑﺎ اﻧﺠﺎم‬ R1#debug ip icmp ICMP packet debugging is on R1#ping 192.168.255.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/24/100 ms R1# ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 R1# ‫ ﺳﺮور‬syslog ‫4. ﺑﺮرﺳﯽ ﺻﺤﺖ اﻃﻼﻋﺎت درﯾﺎﻓﺘﯽ در‬ Page 136 of 290
‫آزﻣﺎﯾﺶ 1.4 – ‪CDP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ CDP‬و ﺗﺎﯾﻤﺮ آن آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮورﻣﻔﺎﻫﯿﻢ‬ ‫ﻣﻬﺪﺳﯿﻦ ﺷﺒﮑﻪ ﻋﻤﻮﻣﺎ از ‪ CDP‬ﺑﺮاي ﻣﺴﺘﻨﺪ ﺳﺎزي و درك ﺗﻮﭘﻮﻟﻮژي ﺷﺒﮑﻪ ﻫﺎي ﻓﺎﻗﺪ ﻣﺴﺘﻨﺪات اﺳﺘﻔﺎده ﻣﯽ‬ ‫ﮐﻨﻨﺪ.‪ Cdp‬ﭘﺮوﺗﮑﻠﯽ ﻻﯾﻪ 2 اﺳﺖ ﮐﻪ وﻇﯿﻔﻪ آن ﻧﻘﻞ و اﻧﺘﻘﺎل اﻃﻼﻋﺎت ﻋﻤﻮﻣﯽ ادوات ﺳﯿﺴﮑﻮ )ﻋﻤﻮم ادوات ﻣﺒﺘﻨﯽ ﺑﺮ‬ ‫‪ (IOS‬ﻣﺸﺘﻤﻞ ﺑﺮ ‪ IP‬آدرس – وﺿﻌﯿﺖ اﺗﺼﺎل ﻓﯿﺰﯾﮑﯽ ﻟﯿﻨﮑﻬﺎ- ﻣﺸﺨﺼﻪ ﭘﻮرﺗﻬﺎ و ﻧﺴﺨﻪ ‪ IOS‬و ﺑﺴﯿﺎري دﯾﮕﺮ ﻣﺎﺑﯿﻦ‬ ‫ادوات ﻫﻤﺴﺎﯾﻪ ﻣﯽ ﺑﺎﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ:‬ ‫‪Show Cdp‬‬ ‫ﺟﻬﺖ ﻧﻤﺎﯾﺶ ‪ holdtime ،CDP Hello Timer‬و ﻧﮕﺎرش ﻧﺴﺨﻪ ‪CDP‬‬ ‫‪show cdp neighbors‬‬ ‫ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ادوات ﺑﻪ ﻃﻮر ﻓﯿﺰﯾﮑﯽ ﻣﺘﺼﻞ ﺷﺎﻣﻞ ‪Local&Remote ،HostName‬‬ ‫‪show cdp detail‬‬ ‫ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﺟﺰﺋﯽ ﺗﺮ در ﻣﻮرد ادوات ﺑﻪ ﻃﻮر ﻓﯿﺰﯾﮑﯽ ﻣﺘﺼﻞ ﺷﺎﻣﻞ ‪Vtp ،Ios version‬‬ ‫‪clear cdp table‬‬ ‫ﭘﺎك ﮐﺮدن اﻃﻼﻋﺎت ‪ Cdp‬ذﺧﯿﺮه ﺷﺪه در ‪ CDP table‬و اﺧﺬ ﻣﺠﺪد آﻧﻬﺎ ﺑﺮ ﻣﺒﻨﺎي ‪CDP‬‬ ‫>54-01< ‪cdp timer‬‬ ‫ﺟﻬﺖ ﺗﻨﻈﯿﻢ دﺳﺘﯽ زﻣﺎن ارﺳﺎل ﭘﯿﺎم ‪ Hello‬ﺑﻪ ﻫﻤﺴﺎﯾﻪ ﻫﺎ‬ ‫>54-01< ‪cdp holdtime‬‬ ‫ﺗﻨﻈﯿﻢ دﺳﺘﯽ ‪dead timer‬ﺟﻬﺖ ﻣﺸﺨﺺ ﮐﺮدن ﻣﺪت زﻣﺎن ﻻزم ﺑﺮاي ﻗﻄﻊ ﻧﺸﺎن دادن‬ ‫‪،ports‬ﻇﺮﻓﯿﺘﻬﺎي ﭘﻠﺘﻔﺮﻣﻬﺎي ﻫﻤﺴﺎﯾﻪ و ﻧﺎم آﻧﻬﺎ‬ ‫‪ Native vlan ،domain‬و ‪Duplex‬‬ ‫ﻓﺮﯾﻤﻬﺎي درﯾﺎﻓﺖ ﺷﺪه از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﭘﻠﺘﻔﺮم ﺟﺎري‬ ‫ارﺗﺒﺎط ﺑﺎ ﻫﻤﺴﺎﯾﻪ ﻫﺎ در ﺻﻮرت درﯾﺎﻓﺖ ﻧﮑﺮدن ‪ Hello‬از ﺳﻤﺖ اﻧﻬﺎ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ و ﯾﮏ دﺳﺘﮕﺎه ﺳﻮﯾﯿﭻ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.552.861.291 ﺑﻪ 0/0‪ Fa‬در روﺗﺮ 1‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/452.552.861.291 ﺑﻪ 1‪ Vlan‬در ﺳﻮﯾﯿﭻ 1‪SW‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫092 ‪Page 137 of‬‬
R1 ‫ از ﻃﺮﯾﻖ روﺗﺮ‬SW1 ‫ ﻣﻮﺟﻮد در‬Feature set ‫ و‬IOS ‫ﯾﺎﻓﺘﻦ ﻧﺴﺨﻪ‬  SW1 ‫ از ﻃﺮﯾﻖ‬R1 ‫ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬Ip ‫ﯾﺎﻓﺘﻦ‬  R1 ‫ ﻣﺘﺼﻞ اﺳﺖ ﯾﺎ ﺧﯿﺮ از ﻃﺮﯾﻖ‬SW1 ‫ ﺑﻪ‬R1 ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از اﯾﻨﮑﻪ اﯾﻨﺘﺮﻓﯿﺲ‬  R1 ‫ اﯾﻨﺘﺮﻓﯿﺲ ﺳﻮﯾﯿﭽﯽ ﮐﻪ روﺗﺮ ﻣﺴﺘﻘﯿﻤﺎ ﺑﻪ آن ﻣﺘﺼﻞ اﺳﺖ از ﻃﺮﯾﻖ‬Vtp doamain ‫ و‬Native Vlan ‫ﯾﺎﻓﺘﻦ‬  .‫ ﭘﺲ از اﻧﺠﺎم اﯾﻦ ﮐﺎر‬SW1 ‫ در ﻣﻮرد‬R1 ‫ و ﭼﮏ ﮐﺮدن اﻃﻼﻋﺎت‬R1 ‫ در‬CDP table ‫ﭘﺎك ﮐﺮدن‬  ‫ﺗﻐﯿﯿﺮ ﻣﻘﺎدﯾﺮ ﭘﯿﺶ ﻓﺮض ﺗﺎﯾﻤﺮﻫﺎي ادوات از 081/06ﺑﻪ 54/51 وﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ cdp ‫، ﺑﺮاي درﯾﺎﻓﺖ اﯾﻦ اﻃﻼﻋﺎت دﺳﺘﻮر‬R1 ‫ از ﻃﺮﯾﻖ‬SW1 ‫ ﺳﻮﯾﯿﭻ‬Ios ‫1. ﻣﺸﺨﺺ ﮐﺮدن ﻧﺴﺨﻪ و وﯾﮋﮔﯿﻬﺎي‬ ‫ اﺟﺮا ﻣﯿﮑﻨﯿﻢ‬R1 ‫را در‬neighbor detail R1>show cdp neighbors detail ------------------------Device ID: Router Entry address(es): Platform: Cisco 3640, Capabilities: Router Switch IGMP Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1 Holdtime : 134 sec Version : Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Tue 06-Mar-07 20:25 by prod_rel_team advertisement version: 2 VTP Management Domain: '' Duplex: full R1> ENTERPRISE/FW/IDS PLUS ‫ ﺑﺎ وﯾﮋﮔﯽ‬IOS ‫ داراي‬SW1 ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ از ﻗﺴﻤﺖ زﯾﺮﺧﻂ دار ﭘﯿﺪاﺳﺖ‬ .‫ اﺳﺖ‬IPSEC 3DES Version 12.4(13a). SW1 ‫ از ﻃﺮﯾﻖ‬R1 ‫ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬IP ‫2. ﭘﯿﺪا ﮐﺮدن‬ SW1#show cdp neighbors detail ------------------------Device ID: R1 Entry address(es): IP address: 192.168.255.1 Platform: Cisco 3725, Capabilities: Router Switch IGMP Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/0 Holdtime : 168 sec Version : Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version Page 138 of 290
12.4(15)T14, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Tue 17-Aug-10 12:08 by prod_rel_team advertisement version: 2 VTP Management Domain: '' Duplex: full SW1# ‫ آﻧﺮا از‬SW1 ‫ ﻣﻮرد ﻧﻈﺮ 1.552.861.291 اﺳﺖ و ﺳﻮﯾﯿﭻ‬Ip ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﻗﺴﻤﺖ زﯾﺮ ﺧﻂ دار ﺑﺎﻻ ﻣﺸﺨﺺ ﺷﺪه‬ .‫ ﺑﻪ دﺳﺖ آورده اﺳﺖ‬CDP ‫ﻃﺮﯾﻖ درﯾﺎﻓﺖ ﻓﺮﯾﻤﻬﺎي‬ ‫ ﻣﺘﺼﻞ ﺷﺪه اﺳﺖ‬SW1 ‫ ﮐﻪ ﺑﻪ‬R1 ‫3. ﭘﯿﺪا ﮐﺮدن ﻣﺸﺨﺼﺎت اﯾﻨﺘﺮﻓﯿﺴﯽ از‬ R1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID SW1 Local Intrfce Fas 0/0 Holdtme 125 Capability R S I Platform Port ID 3640 Fas 0/1 R1# .‫ ﺑﻪ آن ﻣﺘﺼﻞ ﺷﺪه اﺳﺖ‬R1 ‫ ﭘﻮرﺗﯽ از ﺳﻮﯾﯿﭻ ﮐﻪ اﯾﻨﺘﺮﻓﯿﺲ‬Vtp domain ‫ و‬Native vlan ‫4. ﭘﯿﺪا ﮐﺮدن‬ R1>show cdp neighbors detail ------------------------Device ID: SW1 Entry address(es): IP address: 192.168.255.254 Platform: Cisco 3640, Capabilities: Router Switch IGMP Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1 Holdtime : 157 sec Version : Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Tue 06-Mar-07 20:25 by prod_rel_team advertisement version: 2 VTP Management Domain: '' Duplex: full R1> Page 139 of 290
‫ ﺧﺎﻟﯽ اﺳﺖ‬Vtp domain ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﻗﺴﻤﺖ زﯾﺮﺧﻂ دار ﻣﺸﺨﺺ ﺷﺪه اﺳﺖ‬ R1>show cdp neighbors detail ------------------------Device ID: SW1 Entry address(es): IP address: 192.168.255.254 Platform: Cisco 3640, Capabilities: Router Switch IGMP Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1 Holdtime : 157 sec Version : Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Tue 06-Mar-07 20:25 by prod_rel_team advertisement version: 2 VTP Management Domain: '' Duplex: full R1> ‫ ﭘﺲ از اﯾﻨﮑﺎر ﻣﺠﺪدا اﻗﺪام ﺑﻪ ﭘﺮ‬R1 ‫ و اﻃﻤﯿﻨﺎن از ﭘﺎك ﺷﺪن آن و ﻣﺸﺎﻫﺪه اﯾﻨﮑﻪ‬CDP ‫5. ﭘﺎك ﮐﺮدن ﺟﺪول‬ . ‫ﮐﺮدن ﺟﺪول ﻣﺬﺑﻮر ﻣﯽ ﻧﻤﺎﯾﺪ‬ R1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID SW1 Fas 0/0 173 R S I 2650XM Fas 1/0 R1#clear cdp table R1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID R1# Local Intrfce Holdtme Capability Platform Port ID ‫6. ﺗﻐﯿﯿﺮ ﻣﻘﺎدﯾﺮ ﭘﯿﺶ ﻓﺮض ﺗﺎﯾﻤﺮ در ﻫﺮ دو ﭘﻠﺘﻔﺮم از 081/06 ﺑﻪ 54/51و ﺑﺮرﺳﯽ ﺻﺤﺖ اﻋﻤﺎل ﺗﻐﯿﯿﺮات‬ Page 140 of 290
R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#cdp timer 15 R1(config)#cdp holdtime 45 R1(config)#end %SYS-5-CONFIG_I: Configured from console by console R1#show cdp Global CDP information: Sending CDP packets every 15 seconds Sending a holdtime value of 45 seconds Sending CDPv2 advertisements is enabled R1# Page 141 of 290
‫آزﻣﺎﯾﺶ 2.4 – اﯾﺠﺎد ‪Vlan‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﯾﺠﺎد ، ﻧﺎم ﮔﺬاري و ﺗﺨﺼﯿﺺ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ ﺑﻪ ‪ Vlan‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻗﺒﻞ از ورود ﺑﺤﺚ ‪ vlan‬ﻧﮕﺎﻫﯽ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﺑﻪ ﺷﺒﮑﻪ ﻫﺎي ‪ Flat‬ﯾﺎ ﻣﺴﻄﺢ . در اﯾﻦ ﺷﺒﮑﻪ ﻫﺎ ﻣﺘﺼﺪي ﻣﺮﺑﻮﻃﻪ ﺗﻌﺪاد‬ ‫زﯾﺎدي ﻫﺎب ﯾﺎ ﺳﻮﯾﯿﭻ را ﻣﺎﻧﻨﺪ داﻧﻪ ﻫﺎي ﮔﺮدن ﺑﻨﺪ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﯿﮑﻨﺪ ﺗﺎ ﯾﮏ ﺷﺒﮑﻪ ﺑﺰرگ دﻫﺎ و ﺷﺎﯾﺪ ﺻﺪﻫﺎ ﮐﺎرﺑﺮه را‬ ‫ﺑﺎ ﺗﻨﻬﺎ ﯾﮏ ﺳﺎﺑﻨﺖ اﯾﺠﺎد ﮐﻨﺪ.از ﻣﻨﻈﺮ اﺻﻮل ﻃﺮاﺣﯽ ﺷﺒﮑﻪ اﯾﻦ ﻧﻮع ﻃﺮاﺣﯽ در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﺑﻪ ﻃﺮز ﺗﺮﺳﻨﺎﮐﯽ‬ ‫اﺷﺘﺒﺎه اﺳﺖ زﯾﺮا ‪ Broadcast‬ﻫﺎي ﻧﺎﺧﻮاﺳﺘﻪ ﺑﻪ آﺳﺎﻧﯽ ﻣﯿﺘﻮاﻧﻨﺪ ﮐﻞ ﺗﺮاﻓﯿﮏ ﺷﺒﮑﻪ را ﺗﺤﺖ اﻟﺸﻌﺎع ﻗﺮار داده و ﺷﺒﮑﻪ‬ ‫را از دﺳﺘﺮس ﺧﺎرج ﮐﻨﻨﺪ.در ﺷﺒﮑﻪ ﻫﺎي ﺑﺎ دﺳﺘﺮﺳﯽ ﭼﻨﺪﮔﺎﻧﻪ )‪ (multi-access network‬ﺑﺎزدﻫﯽ ﮐﻠﯽ ﺷﺒﮑﻪ‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺗﻌﺪاد ادوات ﻓﻌﺎل از 004 ﻋﺪد ﺑﯿﺸﺘﺮ ﻣﯽ ﺷﻮﻧﺪ ﺑﻪ ﻃﺮز ﭼﺸﻢ ﮔﯿﺮي ﮐﺎﻫﺶ ﻣﯿﺎﺑﺪ . راﯾﺞ ﺗﺮﯾﻦ ﺳﺎﯾﺰ ﻣﺎﺳﮏ‬ ‫42/ ﮐﻪ ﺗﻨﻬﺎ 452 ﮔﺮه ﻓﻌﺎل در ﺳﺎﺑﻨﺖ را آدرس دﻫﯽ ﻣﯿﮑﻨﺪ، ﺑﺎ اﯾﻦ اوﺻﺎف ﭼﮕﻮﻧﻪ ﺑﺎﯾﺪ ﺷﺒﮑﻪ اي ﺑﺎ ﺑﯿﺶ از 004 ﮔﺮه‬ ‫ﻓﻌﺎل داﺷﺘﻪ ﺑﺎﺷﯿﻢ ؟ ﭘﺎﺳﺦ اﺳﺘﻔﺎده از ‪ Vlan‬اﺳﺖ.‬ ‫ﺗﻌﺮﯾﻒ ‪ Vlan‬در ﺳﺎده ﺗﺮﯾﻦ ﺷﮑﻞ ﺧﻮد ﺑﻪ ﺻﻮرت ﭘﺎرﺗﯿﺸﻦ ﺑﻨﺪي ﮐﺮدن ﯾﮏ ﺳﻮﯾﯿﭻ ﻓﯿﺰﯾﮑﯽ ﺑﻪ ﺗﻌﺪادي ﺷﺒﮑﻪ ﻣﺠﺎزي‬ ‫و اﯾﺰوﻟﻪ از ﯾﮑﺪﯾﮕﺮ اﺳﺖ ﺑﻪ ﮔﻮﻧﻪ اي ﮐﻪ ﮔﺮه ﻫﺎي ﻣﺘﺼﻞ ﺑﻪ اﯾﻦ ﺷﺒﮑﻪ ﻫﺎي ﺟﺪا از ﻫﻢ ﻫﯿﭻ ﮔﻮﻧﻪ ارﺳﺎل و درﯾﺎﻓﺖ داده‬ ‫اي ﺑﺎ ﻫﻢ ﻧﺪارﻧﺪ ﻣﮕﺮاز ﻃﺮﯾﻖ ﯾﮏ روﺗﺮ واﺳﻂ ﻣﺎﺑﯿﻨﺸﺎن. در ﺗﻌﺮﯾﻒ دﯾﮕﺮي ‪ vlan‬را ﻣﯽ ﺗﻮان ﺗﻔﮑﯿﮏ ﻻﯾﻪ دوﯾﯽ‬ ‫ﻗﺴﻤﺘﻬﺎي ﻣﻨﻄﻘﯽ ﺷﺒﮑﻪ از ﻫﻢ ﻧﺎﻣﯿﺪ ﺗﻔﮑﯿﮏ ﻻﯾﻪ ﺳﻪ اي ﻫﻢ ﺗﺤﺖ ﻋﻨﻮان ‪ subneting‬وﺟﻮد دارد ﮐﻪ در ﻓﺼﻞ 6 ﻣﻮرد‬ ‫ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ. ﺑﻪ ﻃﻮر ﺧﻼﺻﻪ دﻟﯿﻞ ﻋﻤﺪه اﯾﺠﺎد ‪ Vlan‬در ﺷﺒﮑﻪ ﻫﺎي ﮐﺎﻣﭙﯿﻮﺗﺮي ﮐﻨﺘﺮل اﻧﺪازه ﺳﮕﻤﻨﺖ‬ ‫ﺷﺒﮑﻪ ﻻﯾﻪ دوﯾﯽ ﻣﻮﺟﻮد اﺳﺖ ﺗﺎ ﺑﺮادﮐﺴﺘﻬﺎ و ﺗﺮاﻓﯿﮑﻬﺎي ﮐﻨﺘﺮﻟﯽ ﺳﮕﻤﻨﺖ ﺟﺎري را در ﺧﻮد ﻏﺮق ﻧﮑﻨﻨﺪ.‬ ‫ذﮐﺮ اﯾﻦ ﻧﮑﺘﻪ ﺣﺎﺋﺰ اﻫﻤﯿﺖ اﺳﺖ ﮐﻪ در اﯾﻦ ﻧﻮﺷﺘﺎر ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و2‪ SW‬و3‪ SW‬ﻫﻤﮕﯽ در واﻗﻊ روﺗﺮ ﻫﺎي 5473‬ ‫ﺑﻪ ﻫﻤﺮاه ﻣﺎژول ‪ NM-16ESW‬ﻫﺴﺘﻨﺪ ﮐﻪ اﺟﺎزه اﻧﺠﺎم اﺗﻈﯿﻤﺎت ‪ Vlan‬را در ‪ global config mode‬ﻣﯿﺪﻫﺪ در‬ ‫ﺻﻮرت اﺳﺘﻔﺎده از ‪ Ios‬ﻫﺎي ﭘﺎﯾﯿﻨﺘﺮ اﻧﺠﺎم اﯾﻦ ﺗﻨﻈﯿﻤﺎت ﻣﯿﺒﺎﯾﺴﺖ از ﻃﺮﯾﻖ ‪Vlan databse‬اﻧﺠﺎم ﺷﻮد ﮐﻪ روﺷﯽ‬ ‫ﻧﺴﺒﺘﺎ ﻣﻨﺴﻮخ ﺷﺪه اﺳﺖ .‬ ‫‪ :Show vlan‬اﯾﻦ دﺳﺘﻮر در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺟﻬﺖ ﻧﻤﺎﯾﺶ ﻣﺸﺨﺼﻪ ‪ Vlan‬ﻫﺎي ﺗﻌﺮﯾﻒ ﺷﺪه ﺑﻪ ﮐﺎر ﻣﯽ رود.‬ ‫‪ :Show vlan-switch‬اﯾﻦ دﺳﺘﻮر در روﺗﺮﻫﺎي داراي ﻣﺎزوﻟﻬﺎي ‪WIC, HWIC, NM-16ESW‬ﺟﻬﺖ ﻧﻤﺎﯾﺶ‬ ‫‪ Vlan‬ﻫﺎي ﺗﻌﺮﯾﻒ ﺷﺪه ﺑﻪ ﮐﺎر ﻣﯽ رود.‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺳﺎﺧﺖ ﺳﻮﯾﯿﭻ 1‪ SW‬از ﻃﺮﯾﻖ روﺗﺮ ﺑﺎ 5473 ‪ IOS‬و ﻣﺎژول ‪Nm-16esw‬‬ ‫092 ‪Page 142 of‬‬
‫اﻫﺪاف آزﻣﺎﯾﺶ‬ Development,Sales,Marketing ‫ ﺑﻪ ﺷﻤﺎره ﻫﺎي 03,02,01 ﻧﺎﻣﻬﺎي‬Vlan ‫اﯾﺠﺎد ﺳﻪ‬  Vlan30‫ ﺑﻪ‬Fa0/3 ‫ و‬Vlan20 ‫ ﺑﻪ‬Fa0/2 ‫ و‬Vlan10 ‫ ﺑﻪ‬Fa0/1 ‫ﺗﺨﺼﯿﺺ ﭘﻮرﺗﻬﺎي‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﺑﺎ ﻣﺸﺨﺼﺎت ﻓﻮق‬vlan ‫1. اﯾﺠﺎد ﺳﻪ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#config terminal Enter configuration commands, one per line. SW1(config)#vlan 10 SW1(config-vlan)#name Sales SW1(config-vlan)#vlan 20 SW1(config-vlan)#name Development SW1(config-vlan)#vlan 30 SW1(config-vlan)#name Marketing SW1(config-vlan)#end SW1# End with CNTL/Z. . ‫ ﻫﺎي ﺗﻌﺮﯾﻒ ﺷﺪه‬Vlan ‫2. ﺗﺨﺼﯿﺺ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ ﺑﻪ‬ SW1#configure terminal SW1(config)#interface Fa0/1 SW1(config-if)#switchport access vlan 10 SW1(config-if)#interface Fa0/2 SW1(config-if)#switchport access vlan 20 SW1(config-if)#interface Fa0/3 SW1(config-if)#switchport access vlan 30 SW1(config-if)#end SW#show vlan VLAN Name Status Ports ---- ---------------------------- --------- ------------------------------1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 Sales active Fa0/1 20 Development active Fa0/2 30 Marketing active Fa0/3 1002 fddi-default act/unsup 1003 token-ring-default act/unsup Page 143 of 290
1004 fddinet-default 1005 trnet-default SW1# act/unsup act/unsup Page 144 of 290
‫آزﻣﺎﯾﺶ 3.4 – ‪Management Vlan‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Management vlan‬ﺟﻬﺖ ﻣﺪﯾﺮﯾﺖ و ﭘﯿﮑﺮﺑﻨﺪي ادوات آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫در دﻧﯿﺎي ﺳﻮﯾﯿﭽﯿﻨﮓ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﻨﻄﻘﯽ ﮐﻪ از ﻃﺮﯾﻖ ﯾﮏ ‪ Vlan‬اﯾﺠﺎد ﺷﺪه اﺳﺖ ‪Switched Virtual Interface‬‬ ‫ﯾﺎ ‪ Svi‬ﻣﯿﮕﻮﯾﻨﺪ.ﻣﯽ ﺗﻮان در ﻫﻨﮕﺎم ﮐﺎﻧﻔﯿﮓ اﯾﻦ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻣﺠﺎزي از ﮐﻠﯿﻪ ﻗﻮاﻋﺪ و دﺳﺘﻮر اﻟﻌﻤﻠﻬﺎي ﮐﺎﻧﻔﯿﮓ‬ ‫‪ Fastethernet‬اﯾﻨﺘﺮﻓﯿﺴﻬﺎي واﻗﻌﯽ اﺳﺘﻔﺎده ﮐﺮد ﻣﺎﻧﻨﺪ ﺗﺨﺼﯿﺺ ‪ Qos،Bridge group،Ip‬و ﺑﺴﯿﺎري دﯾﮕﺮ‬ ‫وﺟﻮد ‪ Vlan‬در ادوات ﻻﯾﻪ دو اﯾﻦ اﻣﮑﺎن را ﺑﻪ آﻧﻬﺎ ﻣﯽ دﻫﺪ ﮐﻪ ﺑﺎ ﺳﺎﯾﺮ ادوات ﻻﯾﻪ 3 ارﺗﺒﻂ ﺑﺮﻗﺮار ﮐﻨﻨﺪ. ﺳﻮﯾﯿﭽﻬﺎي‬ ‫ﭼﻨﺪ ﻻﯾﻪ از ‪ Vlan‬ﺑﻪ ﻣﻨﻈﻮر ﻓﻌﺎل ﺳﺎزي ﻗﺎﺑﻠﯿﺖ روﺗﯿﻨﮓ ﭼﻨﺪ ﻻﯾﻪ روي ﺧﻮد اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﺑﻪ ﺑﯿﺎن دﯾﮕﺮ ﺳﻮﯾﯿﭻ‬ ‫ﭼﻨﺪ ﻻﯾﻪ ﺑﻪ ﻋﻨﻮان ﻣﻔﻬﻮم ﺟﺪﯾﺪي ﮐﻪ در آزﻣﺎﯾﺶ 02.4 ﺑﻪ آن ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ ﯾﻌﻨﯽ ‪ Router-on-a- stick‬اﯾﻔﺎي‬ ‫ﻧﻘﺶ ﻣﯿﮑﻨﺪ. در ﺳﻮﯾﯿﭽﻬﺎي ﭼﻨﺪ ﻻﯾﻪ ﻣﺎﻧﻨﺪ 0653 ﯾﺎ 0573 از ‪ vlan‬اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ ﻋﻨﻮان ‪ default gateway‬ﺑﺮاي‬ ‫ﮐﺎﻣﭙﯿﻮﺗﺮﻫﺎ و ﺳﺎﯾﺮ ادواﺗﯽ ﮐﻪ ﻧﯿﺎز ﺑﻪ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ ﺳﺎﯾﺮ ﺷﺒﮑﻪ ﻫﺎي داﺧﻠﯽ ﯾﺎ ﺧﺎرﺟﯽ را دارﻧﺪ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد. ﺑﻪ‬ ‫ﻋﻨﻮان ﻣﺜﺎل در ﺳﻮﯾﯿﭻ 0573 ﮐﻪ داراي ‪ Vlan‬ﺑﻪ ﻧﺎﻣﻬﺎي 01 ‪ Vlan‬و 02 ‪ Vlan‬ﺑﻪ آدرﺳﻬﺎي , 42/0.01.861.291‬ ‫42/0.02.861.291 ﻣﯽ ﺑﺎﺷﺪ ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﯾﮏ ‪ PC‬در 01 ‪ Vlan‬ﻧﯿﺎز ﺑﻪ ارﺳﺎل درﯾﺎﻓﺖ اﻃﻼﻋﺎت ﺑﻪ 02 ‪ Vlan‬داﺷﺘﻪ‬ ‫ﺑﺎﺷﺪ اﯾﻦ ﮐﺎﻣﭙﯿﻮﺗﺮ از آدرس 01 ‪ Vlan‬ﺑﻪ ﻋﻨﻮان ‪ Default gateway‬اﺳﺘﻔﺎده ﺧﻮاﻫﺪ ﮐﺮد و ﺳﻮﯾﯿﭻ ﭘﮑﺘﻬﺎ را ﻣﺒﺘﻨﯽ ﺑﺮ‬ ‫ﻗﻮاﻋﺪ ﻻﯾﻪ 3 ﺑﻪ ﺳﻤﺖ 02 ‪ Vlan‬روت ﺧﻮاﻫﺪ ﮐﺮد .‬ ‫در ﺳﻮﯾﯿﭻ ﻫﺎي ﻻﯾﻪ دو ﺗﻨﻬﺎ ﯾﮏ ‪ Vlan interface‬ﻓﻌﺎل ﻗﺎﺑﻞ ﺗﻌﺮﯾﻒ اﺳﺖ و از آن ﺑﻪ ﻋﻨﻮان ‪Management vlan‬‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﯾﺎد ﻣﯿﺸﻮد .‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ و ﺳﻮﯾﯿﭻ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﺗﺼﺎل 1/0‪ Fa‬ﺳﻮﯾﯿﭻ 1‪ SW‬ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ و ﻓﻌﺎل ﺳﺎزي ﮐﻠﻤﻪ ﻋﺒﻮر ﺟﻬﺖ ‪Telnet‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬وﺗﻐﯿﯿﺮ ﻧﺎم آن ﺑﻪ ‪management‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/01.1.1.01 ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ اﯾﺠﺎد ﺷﺪه‬ ‫092 ‪Page 145 of‬‬
Vlan10 ‫ ﺑﻪ‬Fa0/1 ‫اﻧﺘﺴﺎب اﯾﻨﺘﺮﻓﯿﺲ‬ SW1 ‫ در‬Vlan 10 ‫ ﺑﻪ‬R1 ‫ از ﻃﺮﯾﻖ‬Telnet ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺑﺎ‬   ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ Management ‫ ﺑﺎ ﻧﺎم‬Vlan 10 ‫1. اﯾﺠﺎد‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1>configure terminal Enter configuration commands, one per line. SW1(config)#vlan 10 SW1(config-vlan)#name Management SW1(config-vlan)#end SW1# End with CNTL/Z. ‫ و ﺗﺨﺼﯿﺺ آدرس 42/01.1.1.01 ﺑﻪ آن‬Vlan 10 ‫2. اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ‬ ‫ در ﻣﻮد ﮔﻠﻮﺑﺎل ﮐﺎﻧﻔﯿﮓ ﺳﺎﺧﺘﻪ ﺷﻮد.دﻗﺖ ﮐﻨﯿﺪ ﮐﻪ‬Vlan interface ‫ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر اﺑﺘﺪا ﻻزم اﺳﺖ ﯾﮏ‬ ‫ ﺑﻪ ﮐﺎر ﻣﯽ رود‬Interface vlan#x ‫ در دﺳﺘﻮر‬Vlan ‫ ﺑﻪ ﺻﻮرت ﭼﺴﭙﯿﺪه ﺑﻪ ﻋﺒﺎرت‬Vlan ‫ﺷﻤﺎره اﯾﻨﺘﺮﻓﯿﺲ‬ SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface vlan10 SW1(config-if)#ip address 10.1.1.10 255.255.255.0 SW1(config-if)#no shut SW1(config-if)# Vlan 10 ‫ ﺑﻪ‬SW1 ‫ در‬Fa0/1 ‫3. اﻧﺘﺴﺎب‬ SW1(config-if)#interface FastEthernet0/1 SW1(config-if)#switchport access vlan 10 SW1(config-if)#no shut SW1(config-if)#end SW1# Page 146 of 290
‫ دﺳﺘﺮﺳﯽ ﭘﯿﺪا ﮐﻨﯿﻢ‬R1 ‫ را از ﻃﺮﯾﻖ‬SW1 ‫ واﻗﻊ در‬Valn 10 ‫ﭘﺲ از اﻧﺠﺎم ﻣﺮاﺣﻞ ﺑﺎﻻ ﺑﺎﯾﺪ ﺑﺘﻮاﻧﯿﻢ ﺑﻪ‬ R1#ping 10.1.1.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/39/100 ms R1# R1#telnet 10.1.1.10 Trying 10.1.1.10 ... Open User Access Verification Password: SW1> Page 147 of 290
‫آزﻣﺎﯾﺶ 4.4 – ﺗﻨﻈﯿﻤﺎت ‪ Trunking‬ﻣﺒﺘﻨﯽ ﺑﺮ ‪ ISL‬و ‪Dot1Q‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﯾﺠﺎد ﺗﺮاﻧﮏ ﻣﺒﺘﻨﯽ ﺑﺮ )‪ Inter-Switch Link (ISL‬و )‪ 802.1q (dotq‬ﻣﺎﺑﯿﻦ‬ ‫ﭼﻨﺪ ﺳﻮﯾﯿﭻ ﺑﻪ ﻣﻨﻈﻮر ﻋﺒﻮردﻫﯽ ﺗﺮاﻓﯿﮏ ‪ Vlan‬ﻫﺎ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺗﺎ اﯾﻨﺠﺎ ﺑﺎ ﻧﺤﻮه اﯾﺠﺎد و ﻣﺪﯾﺮﯾﺖ ‪ Vlan‬ﻫﺎ آﺷﻨﺎ ﺷﺪﯾﻢ ﺣﺎﻻ ﺳﻮال اﯾﻨﺠﺎﺳﺖ در ﺷﺒﮑﻪ اي ﮐﻪ ﺗﻌﺪاد زﯾﺎدي ﺳﻮﯾﯿﭻ ﻫﺮ‬ ‫ﯾﮏ ﺑﺎ ﺗﻌﺪادي ‪ Vlan‬وﺟﻮد دارد ﭼﮕﻮﻧﻪ ﻣﯽ ﺗﻮان ﺗﺮاﻓﯿﮏ ﻣﺎﺑﯿﻦ اﯾﻦ ﺳﻮﯾﯿﭽﻬﺎ را ﺑﺪون ﺑﺮﻗﺮاري اﺗﺼﺎل ﻓﯿﺰﯾﮑﯽ ﻧﻈﯿﺮ ﺑﻪ‬ ‫ﻧﻈﯿﺮ ﻣﺎﺑﯿﻦ ﭘﻮرﺗﻬﺎي ﻣﺘﻌﻠﻖ ﺑﻪ ﻫﺮ ‪ Vlan‬ﺑﺎ ﺳﻮﯾﯿﭻ ﻫﺎي دﯾﮕﺮ اﻧﺘﻘﺎل داد ؟ راه ﺣﻞ در اﺳﺘﻔﺎده از ﻣﻔﻬﻤﻮم ﺗﺮاﻧﮏ اﺳﺖ‬ ‫.ﺗﺮاﻧﮏ ﺑﺎ ﺳﺎده ﺗﺮﯾﻦ ﺗﻌﺮﯾﻒ ﻋﺒﺎرت اﺳﺖ از ﻣﺴﯿﺮ ارﺗﺒﺎﻃﯽ ﮐﻪ ﻗﺎدر ﻋﺒﻮر ﺗﺮاﻓﯿﮏ ﭼﻨﺪﯾﻦ ‪ Vlan‬ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن ﻣﺎﺑﯿﻦ‬ ‫دو ﯾﺎ ﭼﻨﺪ ﺳﻮﯾﯿﭻ اﺳﺖ. اﯾﻦ اﻣﮑﺎن ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از دو ﭘﺮوﺗﮑﻞ ‪ ISL‬ﻣﺘﻌﻠﻖ ﺑﻪ ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ و ‪ 802.1q‬ﯾﺎ ‪Dot1q‬‬ ‫ﻣﺘﻌﻠﻖ ﺑﻪ اﻧﺠﻤﻦ ‪ IEEE‬ﻗﺎﺑﻞ ﭘﯿﺎده ﺳﺎزي ﻣﯽ ﺑﺎﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮرات زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫‪‬‬ ‫‪switchport mode trunk‬‬ ‫ﭘﻮرت ﻣﻮرد ﻧﻈﺮ را ﺗﺒﺪﯾﻞ ﺑﻪ ﺗﺮاﻧﮏ ﭘﻮرت ﺧﻮاﻫﺪ ﮐﺮد ﺑﺎ ﻗﺎﺑﻠﯿﺖ ﻋﺒﻮر دﻫﯽ ﺗﺮاﻓﯿﮏ ﺗﻤﺎﻣﯽ ‪ Vlan‬ﻫﺎ‬ ‫‪‬‬ ‫‪switchport trunk encapsulation isl‬‬ ‫ﺗﻌﯿﯿﻦ ﮐﻨﻨﺪه ﻧﻮع ‪ encapsulation‬ﻣﻮرد اﺳﺘﻔﺎده در ﺗﺮاﻧﮏ اﺳﺖ .ﮐﻪ در اﯾﻨﺠﺎ ‪ ISL‬اﺳﺖ‬ ‫‪‬‬ ‫‪switchport trunk encapsulation dot1q‬‬ ‫ﺗﻌﯿﯿﻦ ﮐﻨﻨﺪه ﻧﻮع ‪ encapsulation‬ﻣﻮرد اﺳﺘﻔﺎده در ﺗﺮاﻧﮏ اﺳﺖ .ﮐﻪ در اﯾﻨﺠﺎ ‪ Dot1q‬اﺳﺖ‬ ‫‪‬‬ ‫‪show interface trunk‬‬ ‫ﻧﻤﺎﯾﺶ اﯾﻨﺘﺮﻓﯿﺴﻬﺎﯾﯽ ﮐﻪ در ﺣﺎﻟﺖ ﺗﺮاﻧﮏ ﻗﺮار دارﻧﺪ ﺑﻪ ﻫﻤﺮاه ﭘﺮوﺗﮑﻞ ﺗﺮاﻧﮑﯿﻨﮓ ﻣﻮرد اﺳﺘﻔﺎده‬ ‫‪‬‬ ‫‪show interface interfacename#/# switchport‬‬ ‫ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ ﻣﺸﺘﻤﻞ ﺑﺮ ﺣﺎﻟﺖ ﺗﺮاﻧﮏ ﯾﺎ اﮐﺴﺲ ﺑﻮدن اﯾﻨﺘﺮﻓﯿﺲ، ‪Native‬‬ ‫‪ Vlan،vlan‬ﻫﺎي ﻣﺠﺎز ﺑﻪ ﻋﺒﻮر از اﯾﻨﺘﺮﻓﯿﺲ )در ﺻﻮرت ﺗﺮاﻧﮏ ﺑﻮدن اﯾﻨﺘﺮﻓﯿﺲ(‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 1/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬و 02 ‪ Vlan‬در ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و 2‪SW‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫092 ‪Page 148 of‬‬
‫‪‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در 2‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫ﺗﺼﻮﯾﺮ 1.4.4-ﺗﺮاﻧﮑﯿﻨﮓ ﻣﺒﺘﻨﯽ ﺑﺮ ‪ ISL‬ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭻ ﻫﺎ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن 21/0‪ Fa‬و 11/0‪ Fa‬در 2‪SW1,SW‬‬ ‫ﺑﺮﻗﺮاري ‪ Dot1q‬ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ 1‪ SW‬و 2‪ SW‬از ﻃﺮﯾﻖ 21/0‪Fa‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ﺗﺮاﻧﮏ از ﻃﺮﯾﻖ دﺳﺘﻮر #/#‪interfacename‬‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 1‪R‬و2‪ R‬از ﻃﺮﯾﻖ ‪Ping‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در 1‪ SW‬ﺑﻪ 5 ‪ Vlan‬و ﺗﺴﺖ ﻣﺠﺪد ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 2‪R1,R‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻓﺮض اوﻟﯿﻪ اﻧﺠﺎم اﯾﻦ آزﻣﺎﯾﺶ ﺑﻬﺮه ﮔﯿﺮي از دو ﺳﻮﯾﯿﭻ واﻗﻌﯽ 0653اﺳﺖ زﯾﺮا ﻣﺎژول ‪ Nm-16esw‬از ‪ISL‬‬ ‫‪ encapsulation‬ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ‬ ‫1. ﺧﺎﻣﻮش ﮐﺮدن 11/0‪ Fa0/12,Fa‬و ﺑﺮﻗﺮاري ﺗﺮاﻧﮑﯿﻨﮓ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ 01/0‪Fa‬‬ ‫092 ‪Page 149 of‬‬
SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config-if)#interface range Fa0/11 - 12 SW1(config-if-range)#shutdown SW1(config-if-range)#interface fa0/10 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW1(config-if)#no shut SW1(config-if)#end SW1# SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config-if)#interface range Fa0/11 - 02 SW2(config-if-range)#shutdown SW2(config-if-range)#interface fa0/10 SW2(config-if)#switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk SW2(config-if)#no shut SW2(config-if)#end SW2# show interface trunk ‫2. ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺗﺮاﻧﮏ از ﻃﺮﯾﻖ‬ SW1#show interface FastEthernet0/10 trunk Port Fa0/10 Mode on Encapsulation 802.1q Status trunking Native vlan 1 Port Fa0/10 Vlans allowed on trunk 1-4094 Port Fa0/10 Vlans allowed and active in management domain 1,10 Port Vlans in spanning tree forwarding state and not pruned Fa0/10 1 SW1# SW2#show interface FastEthernet0/10 trunk Port Fa0/10 Mode on Encapsulation 802.1q Status trunking Native vlan 1 Page 150 of 290
Port Fa0/10 Vlans allowed on trunk 1-4094 Port Fa0/10 Vlans allowed and active in management domain 1,10 Port Fa0/10 Vlans in spanning tree forwarding state and not pruned 1 SW2# R1,R2 ‫3. ﺗﺴﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ‬ ‫ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﺑﻪ وﺟﻮد‬Vlan 10 ‫اﮐﻨﻮن ﮐﻪ ﺗﺮاﻧﮏ ﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﺑﺮﻗﺮار ﺷﺪه اﺳﺖ اﻣﮑﺎن اﻧﺘﻘﺎل ﺗﺮاﻓﯿﮏ‬ ‫ ﺻﺤﺖ آﻧﺮا ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ‬Ping ‫آﻣﺪه اﺳﺖ.ﺑﺎ‬ R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 4/29/60 ms R1# R1,R2 ‫ و ﺑﺮرﺳﯽ اﻣﮑﺎن ارﺗﺒﺎط ﺑﯿﻦ‬Vlan 5 ‫ ﺑﻪ‬Fa0/2 ‫4. اﻧﺘﺴﺎب‬ SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#interface FastEthernet0/2 SW2(config-if)#switchport access vlan 5 % Access VLAN does not exist. Creating vlan 5 SW2(config-if)#end SW2# R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1# ‫ ﻣﻨﺘﻘﻞ‬SW2 ‫ در‬Vlan 5 ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﻧﺘﻈﺎر ﻣﯽ رﻓﺖ ﺗﺮاﻓﯿﮏ ﻣﺎﺑﯿﻦ دو روﺗﺮ ﺑﻪ دﻟﯿﻞ ﻋﺪم وﺟﻮد اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻌﻠﻖ ﺑﻪ‬ ‫ﻧﺸﺪ‬ switchport trunk . ‫ اﺳﺘﻔﺎده ﻣﯿﺸﻮد‬ISL ‫ از‬dot1q ‫ ﻫﻢ دﻗﯿﻘﺎ ﺑﻪ ﻫﻤﯿﻦ ﻣﻨﻮال اﺳﺖ ﺻﺮﻓﺎ ﺑﻪ ﺟﺎي‬ISL ‫ﺗﻨﻈﯿﻤﺎت‬ encapsulation isl | dot1q Page 151 of 290
‫آزﻣﺎﯾﺶ 5.4 – ﺗﻨﻈﯿﻤﺎت ‪Etherchannel‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪Etherchannel‬ﺑﻪ ﺻﻮرت ‪ Static‬ﺟﻬﺖ ﺗﺠﻤﯿﻊ ﭼﻨﺪ ﻟﯿﻨﮏ ﻓﯿﺰﯾﮑﯽ و ﺗﺒﺪﯾﻞ‬ ‫آن ﺑﻪ ﯾﮏ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫‪ Etherchannel‬ﺗﮑﻨﻮﻟﻮژي ﭘﺮ اﺳﺘﻔﺎده اي اﺳﺖ ﮐﻪ اﻣﺮوزه ﺗﻘﺮﯾﺒﺎ در ﺗﻤﺎم ﭘﯿﺎده ﺳﺎزﯾﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ﻣﻌﻤﺎرﯾﻬﺎي ﻣﻌﻤﻮل‬ ‫ﺷﺒﮑﻪ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد اﻓﺰوﻧﮕﯽ و ﺗﺠﻤﯿﻊ ﭘﻬﻨﺎي ﺑﺎﻧﺪ ﻟﯿﻨﮑﻬﺎي ﻣﺘﻌﺪد ﻓﯿﺰﯾﮑﯽ ﺑﻪ ﯾﮏ ﻟﯿﻨﮏ واﺣﺪ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬ ‫ﻣﯿﮕﯿﺮد . ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﺳﺮوري ﺑﺎ 4 ﮐﺎرت ﺷﺒﮑﻪ دارﯾﺪ و ﻣﺎﯾﻞ ﻫﺴﺘﯿﺪ ﺗﻤﺎم آﻧﻬﺎ ﺑﺎ ﻫﻢ و در ﺷﺮاﯾﻂ ﺧﺎص ﻣﺜﻞ ﺳﻮﺧﺘﻦ‬ ‫ﯾﮑﯽ از آﻧﻬﺎ ﺑﻪ ﻋﻨﻮان ﺟﺎﯾﮕﺰﯾﻦ ﻫﻢ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﮔﯿﺮﻧﺪ در اﯾﻨﺠﺎ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از ‪ etherchannel‬ﻣﯽ ﺗﻮان اﯾﻦ 4‬ ‫ﭘﻮرت را ﺑﻪ ﺻﻮرت ﯾﮏ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ ﺑﺎ ﻣﺠﻤﻮع ﻇﺮﻓﯿﺖ ﻫﻤﻪ ﻟﯿﻨﮑﻬﺎي ﻣﺠﺰا ﺑﻪ ﻫﻤﺮاه ﻗﺎﺑﻠﯿﺖ اﻓﺰوﻧﮕﯽ )‪(redundancy‬‬ ‫و ﺗﻘﺴﯿﻢ ﺑﺎر)‪ (load balancing‬ﭘﯿﮑﺮﺑﻨﺪي ﮐﺮد.‬ ‫ﺳﻪ ﻧﻮع ﭘﯿﺎده ﺳﺎزي ‪ etherchannel‬وﺟﻮد دارد ، اوﻟﯿﻦ ﻣﻮرد ﮐﻪ راﯾﺞ ﺗﺮﯾﻦ ﺷﯿﻮه ﺗﺠﻤﯿﻊ ﻟﯿﻨﮑﻬﺎي ﻓﯿﺰﯾﮑﯽ ﺑﻪ ﯾﮏ‬ ‫ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ اﺳﺖ ‪ etherchannel‬اﺳﺘﺎﺗﯿﮏ ﯾﺎ ﺑﺪون ﺷﺮط ﻧﺎم دارد . در آزﻣﺎﯾﺶ ﺟﺎري اﯾﻦ ﻧﻮع ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار‬ ‫ﻣﯿﮕﯿﺮد 2 ﻧﻮع دﯾﮕﺮ ﺑﻪ ﻧﺎﻣﻬﺎي )‪ Link Aggregation Control Protocol (LACP‬و )‪Port Aggregation Protocol (PAgP‬‬ ‫وﺟﻮد دارﻧﺪ ﮐﻪ در دو آزﻣﺎﯾﺶ ﺑﻌﺪ ﺑﻪ آﻧﻬﺎ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ.‬ ‫‪ LACP‬ﺟﺰ اﺳﺘﺎﻧﺪارد ‪ IEEE‬اﺳﺖ و راﯾﺞ ﺗﺮﯾﻦ ﺷﯿﻮه ﭘﯿﺎده ﺳﺎزي ‪ etherchannel‬ﺑﻪ ﺻﻮرت داﯾﻨﺎﻣﯿﮏ اﺳﺖ اﻣﺎ‬ ‫‪ PAgP‬اﺳﺘﺎﻧﺪارد ﻣﺨﺘﺺ ﺳﯿﺴﮑﻮ اﺳﺖ و ﺗﻨﻬﺎ ﻣﺎﺑﯿﻦ ادوات ﺳﯿﺴﮑﻮ و ﻣﻌﺪود ﮐﻤﭙﺎﻧﯿﻬﺎي دﯾﮕﺮ ﻗﺎﺑﻞ ﭘﯿﺎده ﺳﺎزي اﺳﺖ.‬ ‫ﺗﻮﺟﻪ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﻫﻨﮕﺎﻣﯽ ﮐﻪ در ﭘﯿﺎده ﺳﺎزﯾﻬﺎ از ‪ LACP‬ﯾﺎ ‪ PAgP‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ ادوات دو ﺳﺮ ﻟﯿﻨﮏ از ﻣﻨﺎﺑﻊ‬ ‫ﺳﯿﺴﺘﻤﯽ ﻧﺴﺒﺘﺎ زﯾﺎدي ﺑﺮاي ﭘﺮدازش ﻓﺮﯾﻤﻬﺎي ﭘﺮوﺗﮑﻞ ﻣﻮرد اﺳﺘﻔﺎده در ﻓﺮاﯾﻨﺪ ﺗﺠﻤﯿﻊ و اﯾﺠﺎد ﮐﺎﻧﺎل اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ‬ ‫اﻣﺎ در ﺻﻮرت اﺳﺘﻔﺎده از ﻣﺘﺪ اﺳﺘﺎﺗﯿﮏ ﺑﺎ ﭼﻨﯿﻦ ﺗﻨﮕﻨﺎﯾﯽ روﺑﺮو ﻧﯿﺴﺘﯿﻢ و ﭘﺮدازﺷﻬﺎي ﻻزم در ﺳﻄﺢ ‪ Asic‬اﻧﺠﺎم ﺧﻮاﻫﺪ‬ ‫ﺷﺪ.‬ ‫ﻣﺜﺎل و ﮐﺎرﺑﺮد راﯾﺞ دﯾﮕﺮ ‪ etherchannel‬ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ دو ﯾﺎ ﭼﻨﺪ ﻟﯿﻨﮏ ﻓﯿﺰﯾﮑﯽ اﺳﺖ. ﺑﺮ‬ ‫ﻣﺒﻨﺎي ﻗﻮاﻋﺪ ‪ spanning-tree‬ﮐﻪ در آرﻣﺎﯾﺸﺎت ﺑﻌﺪ ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ ﺗﻨﻬﺎ ﯾﮑﯽ از ﭼﻨﺪ ﻟﯿﻨﮏ ﻣﺎﺑﯿﻦ دو‬ ‫ﺳﻮﯾﯿﭻ ﻓﻌﺎل ﺧﻮاﻫﻨﺪ ﻣﺎﻧﺪ و ﻣﺎﺑﻘﯽ ﺟﻬﺖ ﺟﻠﻮﮔﯿﺮي از ﻟﻮپ ﻫﺎي ﻻﯾﻪ دوﯾﯽ ﮐﻪ از آﻧﻬﺎ ﺑﻪ ﻋﻨﻮان ‪broadcast storm‬‬ ‫ﯾﺎد ﻣﯽ ﺷﻮد ﻏﯿﺮ ﻓﻌﺎل ﺧﻮاﻫﻨﺪ ﺷﺪ.ﺑﺎ ﻓﻌﺎل ﮐﺮدن ‪ etherchannel‬در ادوات دو ﺳﺮ ﻟﯿﻨﮑﻬﺎ، اﯾﻦ ﭼﻨﺪ ﻣﺴﯿﺮ ﻓﯿﺰﯾﮑﯽ‬ ‫ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﺑﻪ ﺻﻮرت ﯾﮏ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ در ﺧﻮاﻫﻨﺪ آﻣﺪ و از ﺳﺪ ‪ spanning-tree‬ﺧﻮاﻫﻨﺪ ﮔﺬﺷﺖ . ﺑﻪ ﺧﺎﻃﺮ‬ ‫داﺷﺘﻪ ﺑﺎﺷﯿﻢ در ﺻﻮرت اﯾﺠﺎد دو ﯾﺎ ﭼﻨﺪ ‪ etherchannel‬ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﺗﻨﻬﺎ ﯾﮑﯽ از اﻧﻬﺎ ﻓﻌﺎل ﺧﻮاﻫﺪ ﻣﺎﻧﺪ و ﻣﺎﺑﻘﯽ‬ ‫ﺑﺮ اﺳﺎس ﺗﻌﺎرﯾﻒ ﺑﺎﻻ ﻏﯿﺮ ﻓﻌﺎل ﺧﻮاﻫﻨﺪ ﺷﺪ‬ ‫092 ‪Page 152 of‬‬
‫ﻣﮑﺎﻧﯿﺰم ﺗﻘﺴﯿﻢ ﺑﺎر )‪ (load balancing‬در ‪ etherchannel‬داراي ﻓﺮﻣﻬﺎ و اﻧﺘﺨﺎﺑﻬﺎي زﯾﺎدي ﺑﻪ ﻗﺮار زﯾﺮ اﺳﺖ.‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪destination ip‬‬ ‫‪destination mac address‬‬ ‫‪source XOR destination IP address‬‬ ‫‪source XOR destination mac address‬‬ ‫‪source ip addres‬‬ ‫‪source mac address‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮرات زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫‪‬‬ ‫‪channel-group # mode on‬‬ ‫ﻗﺮار دادن رﻧﺠﯽ از ﭘﻮرﺗﻬﺎي اﻧﺘﺨﺎب ﺷﺪه در ‪ channel group‬ﻣﺸﺨﺺ ﺷﺪه ﺑﺎ ﺷﻤﺎره # و ﻗﺮاردادن‬ ‫‪‬‬ ‫‪show etherchannel summary‬‬ ‫ﻧﻤﺎﯾﺶ ﺧﻼﺻﻪ ﻣﺸﺨﺼﺎت ‪ EtherChannel‬ﻣﺎﻧﻨﺪ ﺷﻤﺎره ‪ ، channel-group‬ﭘﻮرﺗﻬﺎي ﻓﻌﺎل در ﮔﺮوه‬ ‫‪‬‬ ‫‪show etherchannel detail‬‬ ‫ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﺟﺰﺋﯽ ﺗﺮ در ﺧﺼﻮص ‪ EtherChannel‬ﺑﺮﻗﺮار ﺷﺪه‬ ‫‪‬‬ ‫‪show etherchannel port-channel‬‬ ‫ﻧﻤﺎﯾﺶ ﻣﺸﺨﺼﻪ ﻫﺎي اﯾﻨﺘﺮﻓﯿﺲ ﻣﻨﻄﻘﯽ اﯾﺠﺎد ﺷﺪه از ﻃﺮﯾﻖ ‪EtherChannel‬‬ ‫‪ EtherChannel‬در وﺿﻌﯿﺖ ﺑﺪون ﻗﯿﺪ و ﺷﺮط ‪ON‬‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﺳﻨﺎرﯾﻮ ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 1/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬و 02 ‪ Vlan‬در ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و 2‪SW‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در 2‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫‪‬‬ ‫ﻗﺮار دان 21/0‪ Fa0/10, Fa0/11 and Fa‬در ﺳﻮﯾﯿﭽﻬﺎي 2‪ SW1,SW‬در ﺣﺎﻟﺖ ﺗﺮاﻧﮏ. ر.ك.آز-4.4‬ ‫092 ‪Page 153 of‬‬
SW1,SW2 ‫ ﺑﺪون ﺷﺮط ﻣﺎﺑﯿﻦ‬Etherchannel ‫ﺗﺼﻮﯾﺮ 15.4.-اﯾﺠﺎد‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺑﺪون ﺷﺮط‬EtherChannel ‫ در ﺣﺎﻟﺖ‬Fa0/12‫و‬Fa0/10, Fa0/11 ‫ﻗﺮار دادن‬ show etherchannel summary ‫ﺗﺴﺖ ﺻﺤﺖ ﻗﺮارﮔﯿﺮي ﭘﻮرﺗﻬﺎ در ﮔﺮوه از ﻃﺮﯾﻖ دﺳﺘﻮر‬   show etherchannel load-balance ‫ ﻣﻮرد اﺳﺘﻔﺎده در ﮔﺮوه از ﻃﺮﯾﻖ‬load balancing ‫ﻣﺸﺎﻫﺪه ﻧﻮع‬  R1,R2 ‫ ﺑﯿﻦ دو روﺗﺮ‬Ping ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط در ﻟﯿﻨﮏ ﺗﺮاﻧﮏ ﻣﻨﻄﻘﯽ اﯾﺠﺎد ﺷﺪه از ﻃﺮﯾﻖ‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ Fa0/12‫و‬Fa0/10, Fa0/11 ‫ ﻣﺎﺑﯿﻦ‬EtherChannel ‫1. اﯾﺠﺎد‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. SW1(config)#interface range fa0/10 - 12 End with CNTL/Z. Page 154 of 290
SW1(config-if-range)#no shut SW1(config-if-range)#channel-group 1 mode on Creating a port-channel interface Port-channel1 SW1(config-if-range)# %EC-5-BUNDLE: Interface Fa0/10 joined port-channel Po1 %EC-5-BUNDLE: Interface Fa0/11 joined port-channel Po1 %EC-5-BUNDLE: Interface Fa0/12 joined port-channel Po1 %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up SW1(config-if-range)#end SW1# SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#interface range fa0/10 - 12 SW2(config-if-range)#no shut SW2(config-if-range)#channel-group 1 mode on Creating a port-channel interface Port-channel1 SW2(config-if-range)# %EC-5-BUNDLE: Interface Fa0/10 joined port-channel Po1 %EC-5-BUNDLE: Interface Fa0/11 joined port-channel Po1 %EC-5-BUNDLE: Interface Fa0/12 joined port-channel Po1 %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up SW2(config-if-range)#end SW2# ‫2. ﺑﺮرﺳﯽ ﺻﺤﺖ ﻗﺮار ﮔﯿﺮي ﭘﻮرﺗﻬﺎ در ﮔﺮوه‬ SW1#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended R - Layer3 S - Layer2 U - in use Group Port-channel Ports -----+------------+--------------------------------------------1 Po1(SU) Fa0/10(P) Fa0/11(P) Fa0/12(P) SW1# SW2#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended R - Layer3 S - Layer2 U - in use Group Port-channel Ports Page 155 of 290
-----+------------+--------------------------------------------1 Po1(SU) Fa0/10(P) Fa0/11(P) Fa0/12(P) SW2# ‫ ﻣﻮرد اﺳﺘﻔﺎده در ﮔﺮوه‬load balancing ‫3. ﺗﺸﺨﯿﺺ ﻧﻮع‬ SW1#show etherchannel load-balance EtherChannel Load-Balancing Configuration: src-mac EtherChannel Load-Balancing Addresses Used Per-Protocol: Non-IP: Source MAC address IPv4: Source MAC address IPv6: Source MAC address SW1# R1,R2 ‫ ﺑﯿﻦ‬ping ‫ از ﻃﺮﯾﻖ‬EtherChannel ‫4. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺗﺮاﻧﮏ و‬ R1#ping 10.1.1.2 R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 4/23/52 ms R1# ‫در ﺻﻮرﺗﯿﮑﻪ ﻣﺎﯾﻞ ﺑﻪ اﻧﺠﺎم ﺗﺴﺖ ﺑﯿﺸﺘﺮي رو ﻟﯿﻨﮏ ﺑﺮﻗﺮار ﺷﺪه ﺑﺎﺷﯿﻢ ﻣﯿﺘﻮاﻧﯿﻢ دوﺗﺎ از ﻟﯿﻨﮑﻬﺎي ﻓﯿﺰﯾﮑﯽ ﻣﺎﺑﯿﻦ را ﻗﻄﻊ‬ ‫ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ‬Redundancy ‫ﮐﻨﯿﻢ و ﺑﺒﯿﻨﯿﻢ آﯾﺎ ﻣﺠﺪدا ارﺗﺒﺎط ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎ ﺑﺮﻗﺮار ﺧﻮاﻫﺪ ﻣﺎﻧﺪ ﯾﺎ ﺧﯿﺮ در واﻗﻊ ﻗﺎﺑﻠﯿﺖ‬ ‫را ﮐﻪ اﯾﺠﺎد ﮐﺮده اﯾﻢ را ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ‬ SW1#config terminal SW1#interface range f0/11 - 12 SW1#shutdown SW1#end SW1# Configured from console by console SW1# %LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down %LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/11, changed state to down SW1# Page 156 of 290
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/12, changed state to down SW1# ‫ ﺻﺪا ﻣﯿﺰﻧﯿﻢ‬R1 ‫ را از ﻃﺮﯾﻖ‬R2 ‫ ﻣﺠﺪدا‬etherchannel ‫ﭘﺲ از ﺧﺎﻣﻮش ﮐﺮدن دو اﯾﻨﺘﺮﻓﯿﺲ از ﺳﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻓﻌﺎل در‬ R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms R1# Page 157 of 290
‫آزﻣﺎﯾﺶ 6.4 – ﺗﻨﻈﻤﯿﺎت ‪Etherchannel PAgP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ EtherChannel‬داﯾﻨﺎﻣﯿﮏ از ﻃﺮﯾﻖ ﭘﺮوﺗﮑﻞ اﺧﺘﺼﺎﺻﯽ ‪ PAgP‬ﺳﯿﺴﮑﻮ آﺷﻨﺎ‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫‪ PAgP‬از دو ﺣﺎﻟﺖ ﺑﺮاي ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﺑﺎ ﻃﺮف ﻣﻘﺎﺑﻞ ﺧﻮد اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ. ‪ Auto‬و ‪ Desirable‬ﺣﺎﻟﺖ ‪Desirable‬‬ ‫ﻫﻤﻮاره اﻣﺎده ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﺑﺎ ﻃﺮف دوم ﺧﻮد اﺳﺖ در ﺣﺎﻟﯽ ﮐﻪ ‪ Auto‬اﯾﻨﻄﻮر ﻧﯿﺴﺖ ﺑﻪ ﺑﯿﺎن ﺑﻬﺘﺮ ﺣﺎﻟﺖ ‪ Auto‬ﺗﻨﻬﺎ در‬ ‫ﺻﻮرﺗﯽ ﮐﺎﻧﺎل را ﺑﺮﻗﺮار ﻣﯿﮑﻨﺪ ﮐﻪ ﻃﺮف دوم در ﺣﺎﻟﺖ ‪ Desirable‬ﺑﺎﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫‪‬‬ ‫‪channel-group # mode desirable‬‬ ‫ﺗﺨﺼﯿﺺ ﺷﻤﺎره ‪ channel-group‬و ﺣﺎﻟﺖ ‪ PAgP‬و اﻗﺪام ﺑﻪ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﺑﺎ ﻃﺮف دوﻣﯽ ﮐﻪ ‪ Auto‬ﯾﺎ‬ ‫‪‬‬ ‫‪channel-group # mode auto‬‬ ‫ﺗﺨﺼﯿﺺ ﺷﻤﺎره ‪ channel-group‬و ﺣﺎﻟﺖ ‪ PAgP‬و ﻣﺎﻧﺪن در ﺣﺎﻟﺖ اﻧﺘﻈﺎر ﺟﻬﺖ اﯾﺠﺎد ﮐﺎﻧﺎل ﺑﺎ ﻃﺮف دوﻣﯽ‬ ‫‪ Desirable‬اﺳﺖ‬ ‫ﮐﻪ در ﺣﺎﻟﺖ ‪ Desirable‬اﺳﺖ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 1/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬و 02 ‪ Vlan‬در ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و 2‪SW‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در 2‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫092 ‪Page 158 of‬‬
SW1,SW2 ‫ ﻣﺎﺑﯿﻦ‬PAgP Etherchannel ‫ﺗﺼﻮﯾﺮ 1.6.4.-اﯾﺠﺎد‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ PAgP Desirable ‫ در ﺣﺎﻟﺖ‬SW1 ‫ در‬Fa0/12,Fa0/11,Fa0/10 ‫ﻗﺮار دادن‬ PAgP Auto ‫ در ﺣﺎﻟﺖ‬SW2 ‫ در‬Fa0/12,Fa0/11,Fa0/10 ‫ﻗﺮار دادن‬ ping ‫ از ﻃﺮﯾﻖ‬R2 ‫ و‬R1 ‫ﺗﺴﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﯿﻦ‬    ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ ، اداﻣﻪ آزﻣﺎش را ﺑﺮ ﻣﺒﻨﺎي وﺟﻮد دو دﺳﺘﮕﺎه‬PAgP ‫ از ﻗﺎﺑﻠﯿﺖ‬NM-16ESW ‫از آﻧﺠﺎﯾﯽ ﮐﻪ ﻣﺎژول‬ ‫ﺳﻮﯾﯿﭻ واﻗﻌﯽ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ Desirable ‫ ﺟﻬﺖ ﻗﺮار ﮔﺮﻓﺘﻦ در ﺣﺎﻟﺖ‬SW1 ‫ در‬Fa0/12,Fa0/11,Fa0/10 ‫1. ﺗﻨﻈﯿﻢ ﺳﻪ اﯾﻨﺘﺮﻓﯿﺲ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface range f0/10 - 12 SW1(config-if-range)#channel-group 1 mode desirable Page 159 of 290
Creating a port-channel interface Port-channel 1 SW1(config-if-range)#no shut SW1(config-if-range)#end SW1# ‫ . در اﯾﻦ ﺣﺎﻟﺖ‬Auto ‫ ﺟﻬﺖ ﻗﺮار ﮔﺮﻓﺘﻦ در ﺣﺎﻟﺖ‬SW1 ‫ در‬Fa0/12,Fa0/11,Fa0/10 ‫1. ﺗﻨﻈﯿﻢ ﺳﻪ اﯾﻨﺘﺮﻓﯿﺲ‬ ‫ ﺑﺎﺷﺪ‬Desirable ‫ﺗﻨﻬﺎ زﻣﺎﻧﯽ ﮐﺎﻧﺎل ﺑﺮﻗﺮار ﺧﻮاﻫﺪ ﺷﺪ ﮐﻪ ﻃﺮف دوم در ﺣﺎﻟﺖ‬ configuration mode as shown below; SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#interface range f0/10 - 12 SW2(config-if-range)#channel-group 1 mode auto Creating a port-channel interface Port-channel 1 SW2(config-if-range)#no shut SW2(config-if-range)#end SW2# EtherChannel ‫2. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﻣﺎﺑﯿﻦ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺷﺮﮐﺖ ﮐﻨﻨﺪه در‬ SW1#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M u w d - not in use, minimum links not met unsuitable for bundling waiting to be aggregated default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------------1 Po1(SU) PAgP Fa0/10(P) Fa0/11(P) Fa0/12(P) SW1# R1,R2 ‫3. ﺗﺴﺖ ﻓﻌﺎل ﺑﻮدن ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ‬ Page 160 of 290
R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms R1# Page 161 of 290
‫آزﻣﺎﯾﺶ 6.4 – ﺗﻨﻈﻤﯿﺎت ‪Etherchannel LACP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ EtherChannel‬داﯾﻨﺎﻣﯿﮏ از ﻃﺮﯾﻖ ﭘﺮوﺗﮑﻞ ﻋﻤﻮﻣﯽ ‪ IEEE‬ﺑﻪ ﻧﺎم ‪LACP‬‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫‪ LACP‬داراي دو ﺣﺎﻟﺖ راه اﻧﺪازي اﺳﺖ ، ‪ Active‬و ‪ .Passive‬ﺣﺎﻟﺖ ‪ LACP active‬ﺑﻪ ﺻﻮرت ﯾﮑﻄﺮﻓﻪ و ﺑﺪون‬ ‫ﻗﯿﺪ وﺷﺮط ‪ EtherChannel‬داﯾﻨﺎﻣﯿﮏ را ﺑﺮﻗﺮار ﻣﯿﮑﻨﺪ در ﺣﺎﻟﯽ ﮐﻪ ﺣﺎﻟﺖ ‪ passive‬ﻫﻨﮕﺎﻣﯽ ﮐﺎﻧﺎل را ﺑﺮﻗﺮار ﻣﯿﮑﻨﺪ‬ ‫ﮐﻪ ﻃﺮف دوم ﮐﺎﻧﺎل در ﺣﺎﻟﺖ اﮐﺘﯿﻮ و در ﺣﺎل ﺗﻼش ﺑﺮاي ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﺑﺎﺷﺪ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮرات زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫‪channel-group # mode active‬‬ ‫ﺗﺨﺼﯿﺺ ‪ channel-group‬و ﺣﺎﻟﺖ ‪ LACP Active‬ﺑﻪ ﮔﺮوه اﯾﻨﺘﺮﻓﯿﺲ اﻧﺘﺨﺎب ﺷﺪه و اﻗﺪام ﺑﻪ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل‬ ‫‪ ،LACP‬در ﺻﻮرﺗﯿﮑﻪ ﻃﺮف ﻣﻘﺎﺑﻞ در ﺣﺎﻟﺖ ‪ Active‬ﯾﺎ ‪ Passive‬ﻧﺒﺎﺷﺪ ﮐﺎﻧﺎل ﺑﺮﻗﺮار ﻧﻤﯿﺸﻮد‬ ‫‪channel-group # mode passive‬‬ ‫ﺗﺨﺼﯿﺺ ‪ channel-group‬و ﺣﺎﻟﺖ ‪ ، LACP Passive‬اﯾﻦ ﺣﺎﻟﺖ ﮔﻮش ﺑﻪ زﻧﮓ درﯾﺎﻓﺖ ‪ LACP packe‬از ﻃﺮف‬ ‫دوم ﮐﺎﻧﺎل ﻣﯽ ﺑﺎﺷﺪ و در ﺻﻮرت ‪ Active‬ﺳﺖ ﻧﺸﺪن ﻃﺮف دوم ، ﮐﺎﻧﺎل ﺑﺮﻗﺮار ﻧﻤﯿﺸﻮد‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 1/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬و 02 ‪ Vlan‬در ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و 2‪SW‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در 2‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫092 ‪Page 162 of‬‬
‫ﺗﺼﻮﯾﺮ 1.7.4.-اﯾﺠﺎد ‪ LACP Etherchannel‬ﻣﺎﺑﯿﻦ 2‪SW1,SW‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻗﺮار دادن 01/0‪ Fa0/12,Fa0/11,Fa‬در 1‪ SW‬در ﺣﺎﻟﺖ ‪LACP Active‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ 01/0‪ Fa0/12,Fa0/11,Fa‬ﺟﻬﺖ ﺗﺸﮑﯿﻞ ﮐﺎﻧﺎل ‪ LACP‬در ﺻﻮرﺗﯿﮑﻪ ﻃﺮف دوم اﻣﺎده اﯾﺠﺎد ﮐﺎﻧﻞ‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ‪LACP‬‬ ‫ﺑﺎﺷﺪ‬ ‫‪‬‬ ‫ﺗﺴﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 2‪ R1,R‬از ﻃﺮﯾﻖ ﮐﺎﻧﺎل ﭘﺪﯾﺪ آﻣﺪه‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫از آﻧﺠﺎﯾﯽ ﮐﻪ ﻣﺎژول ‪ NM-16ESW‬از ﻗﺎﺑﻠﯿﺖ ‪ PAgP‬ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ ، اداﻣﻪ آزﻣﺎش را ﺑﺮ ﻣﺒﻨﺎي وﺟﻮد دو دﺳﺘﮕﺎه‬ ‫ﺳﻮﯾﯿﭻ واﻗﻌﯽ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ ‫1. ﻗﺮار دادن 01/0‪ Fa0/12,Fa0/11,Fa‬در 1‪ SW‬در ﺣﺎﻟﺖ ‪LACP Active‬‬ ‫‪SW1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 163 of‬‬
SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface range f0/10 - 12 SW1(config-if-range)#no shut SW1(config-if-range)#channel-group 1 mode active Creating a port-channel interface Port-channel 1 SW1(config-if-range)#end SW1# ‫ در ﺻﻮرﺗﯿﮑﻪ ﻃﺮف دوم اﻣﺎده اﯾﺠﺎد ﮐﺎﻧﻞ‬LACP ‫ ﺟﻬﺖ ﺗﺸﮑﯿﻞ ﮐﺎﻧﺎل‬Fa0/12,Fa0/11,Fa0/10 ‫2. ﮐﺎﻧﻔﯿﮓ‬ ‫ﺑﺎﺷﺪ‬ SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#interface range f0/10 - 12 SW2(config-if-range)#no shut SW2(config-if-range)#channel-group 1 mode passive Creating a port-channel interface Port-channel 1 SW2(config-if-range)#end SW2# LACP ‫3. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل‬ SW1#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M u w d - not in use, minimum links not met unsuitable for bundling waiting to be aggregated default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------- Page 164 of 290
1 Po1(SU) LACP Fa0/10(P) Fa0/11(P) Fa0/12(P) SW1# ‫ از ﻃﺮﯾﻖ ﮐﺎﻧﺎل ﭘﺪﯾﺪ آﻣﺪه‬R1,R2 ‫4. ﺗﺴﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ‬ R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms R1# Page 165 of 290
‫آزﻣﺎﯾﺶ 8.4 – ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ‪Portchannel‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ port-channel‬ﮐﻪ ﻣﺴﺘﻘﯿﻤﺎ واﺑﺴﺘﻪ ﺑﻪ ﺷﻤﺎره ‪ Channel group‬اﺳﺖ‬ ‫ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ در آزﻣﺎﯾﺸﺎت ﮔﺬﺷﺘﻪ ﺑﺎ ﻣﻔﻬﻮم ‪ Etherchannel‬آﺷﻨﺎ ﺷﺪﯾﻢ دﯾﺪﯾﻢ ﮐﻪ ﮔﺮوﻫﯽ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﯿﺰﯾﮑﯽ‬ ‫ﺑﺎ ﻫﻢ ﺗﺮﮐﯿﺐ ﻣﯽ ﺷﻮﻧﺪ و اﯾﻨﺘﺮﻓﯿﺴﯽ ﻣﺠﺎزي ﺑﻪ ﻧﺎم اﯾﻨﺘﺮﻓﯿﺲ ‪ port-channel‬را ﭘﺪﯾﺪ ﻣﯽ آورﻧﺪ ﮐﻪ ﺑﺎ ﯾﮏ ﺷﻤﺎره‬ ‫ﻣﺸﺨﺺ ﻣﯿﺸﻮد.‬ ‫‪ Port-Channel‬در رده اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻣﺠﺎزي ﻗﺮار ﻣﯿﮕﯿﺮد و ﺑﯿﺎﻧﮕﺮ ﻣﺴﯿﺮي اﺳﺖ ﮐﻪ ﺗﺮاﻓﯿﮏ ﻋﺒﻮري از ﮔﺮوه ﭘﻮرﺗﻬﺎي‬ ‫‪ etherchannel‬از آن ﻋﺒﻮر ﻣﯿﮑﻨﺪ.ﻫﺮ دﺳﺘﻮري ﮐﻪ ﺟﻬﺖ ﭘﯿﮑﺮﺑﻨﺪي ‪ Port-Channel‬ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﮔﯿﺮد ﻋﻤﻼ‬ ‫روي ﻫﻤﻪ ﭘﻮرﺗﻬﺎﯾﯽ ﮐﻪ ﭘﺪﯾﺪ آورﻧﺪه ‪ channel-group‬ﻫﺴﺘﻨﺪ اﻋﻤﺎل ﻣﯿﺸﻮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮر زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫# ‪interface port-channel‬‬ ‫ﭘﺲ از اﺟﺮاي آن در ﻣﺤﯿﻂ ﮐﺎﻧﻔﯿﮓ اﯾﻨﺘﺮﻓﯿﺲ # ‪ Port-Channel‬ﻗﺮار ﺧﻮاﻫﯿﻢ ﮔﺮﻓﺖ و از ﻃﺮﯾﻖ ان ﮐﻠﯿﻪ‬ ‫اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺷﺮﮐﺖ ﮐﻨﻨﺪه در ﮐﺎﻧﺎل ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن اﻋﻤﺎل ﮐﺎﻧﻔﯿﮓ ﺧﻮاﻫﻨﺪ ﺷﺪ !‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻗﺮار دادن 01/0‪ Fa0/12,Fa0/11,Fa‬در ﻫﺮدو ﺳﻮﯾﯿﭻ در ﺣﺎﻟﺖ ‪ EtherChannel‬ﺑﺪون ﺷﺮط و ﻣﺴﺘﻘﯿﻢ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ ﺷﻤﺎره 1 ﺑﻪ ‪channel-group‬‬ ‫092 ‪Page 166 of‬‬
‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ در ﻫﺮدو ﺳﻮﯾﯿﭻ در ﻣﺪ ﺗﺮاﻧﮏ‬Port-Channel1 ‫ﻗﺮار دادن‬  ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﻓﻮق روي ﺗﮏ ﺗﮏ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﻌﺎل در ﮐﺎﻧﺎل‬  Port-Channel1 ‫ﺧﺎﻣﻮش ﮐﺮدن‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﻓﻮق روي ﺗﮏ ﺗﮏ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﻌﺎل در ﮐﺎﻧﺎل‬   ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ در ﻫﺮدو ﺳﻮﯾﯿﭻ در ﻣﺪ ﺗﺮاﻧﮏ و ﺗﺴﺖ ﺻﺤﺖ اﻋﻤﺎل ﺗﺮاﻧﮏ روي ﻫﺮ ﺳﻪ‬Port-Channel1 ‫ﻗﺮار دادن‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﺳﻮﯾﯿﭻ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per SW1(config)#interface port-channel 1 SW1(config-if)#switchport mode trunk %EC-5-UNBUNDLE: Interface Fa0/10 left %EC-5-UNBUNDLE: Interface Fa0/11 left %EC-5-UNBUNDLE: Interface Fa0/12 left %EC-5-BUNDLE: Interface Fa0/12 joined %EC-5-BUNDLE: Interface Fa0/11 joined %EC-5-BUNDLE: Interface Fa0/10 joined Page 167 of 290 line. End with CNTL/Z. the port-channel Po1 the port-channel Po1 the port-channel Po1 port-channel Po1 port-channel Po1 port-channel Po1 
%DTP-5-TRUNKPORTON: Port Fa0/10-12 has become dot1q trunk %LINK-3-UPDOWN: Interface Port-channel1, changed state to up SW1(config-if)#end SW1#show run ! interface FastEthernet0/10 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/11 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/12 switchport mode trunk channel-group 1 mode on ! SW1# ‫ ،اﺑﺘﺪا اﻋﻀﺎي ﺗﺸﮑﯿﻞ دﻫﻨﺪه آﻧﺮا‬Port-Channel 1 ‫ روي‬Trunk ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ ﭘﺲ از اﺟﺮاي دﺳﺘﻮر‬ ‫ ﺑﺮ ﻣﯿﮕﺮدﻧﺪ‬channel-group ‫ﺗﺮك ﻣﯿﮑﻨﻨﺪ و ﭘﺲ از درﯾﺎﻓﺖ ﺗﻨﻈﯿﻤﺎت ﻣﺠﺪدا ﺑﻪ‬ ‫ و ﺑﺮرﺳﯽ وﺿﻌﯿﺖ ﭘﻮرﺗﻬﺎي ﺗﺸﮑﯿﻞ دﻫﻨﺪه ﮔﺮوه ﭘﺲ از آن‬Port-Channel1 ‫2. ﺧﺎﻣﻮش ﮐﺮدن‬ SW1 con0 is now available Press RETURN to get started. SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface port-channel 1 SW1(config-if)#shutdown %EC-5-UNBUNDLE: Interface Fa0/10 left the port-channel Po1 %EC-5-UNBUNDLE: Interface Fa0/11 left the port-channel Po1 %EC-5-UNBUNDLE: Interface Fa0/12 left the port-channel Po1 %DTP-5-NONTRUNKPORTON: Port Fa0/10-12 has become non-trunk SW1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down %LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down %LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down %LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down SW1(config-if)# %LINK-5-CHANGED: Interface Port-channel1, changed state to administratively down SW1(config-if)#do show run ! interface FastEthernet0/10 switchport mode trunk shutdown Page 168 of 290
channel-group 1 mode on ! interface FastEthernet0/11 switchport mode trunk shutdown channel-group 1 mode on ! interface FastEthernet0/12 switchport mode trunk shutdown channel-group 1 mode on ! SW1# Page 169 of 290
‫آزﻣﺎﯾﺶ 9.4 – ﺗﻨﻈﯿﻤﺎت دﺳﺘﻨﯽ ‪ARP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت دﺳﺘﯽ رﮐﻮردﻫﺎي ‪ ARP‬در ﺳﻮﯾﯿﭻ ﻫﺎ و روﺗﺮﻫﺎ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺑﻪ ﻣﻨﻈﻮر ﺑﺮﻗﺮاري ﯾﮏ ارﺗﺒﺎط ﻻﯾﻪ دو ﯾﺎ ﻻﯾﻪ ﺳﻪ اي ، ﺳﻮﯾﯿﭽﻬﺎ و روﺗﺮﻫﺎ ﻧﯿﺎزﻣﻨﺪ ﯾﮏ ﺟﺪول اﻃﻼﻋﺎﺗﯽ ﺣﺎوي ﻧﮕﺎﺷﺖ‬ ‫ﯾﮏ ﺑﻪ ﯾﮏ ‪ Ip‬ﻫﺎ و ‪ Mac Address‬ﻫﺎ ﺑﺎ ﯾﮑﺪﯾﮕﺮ ﻫﺴﺘﻨﺪ. ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل 1‪ R‬ﻣﯿﺨﻮاﻫﺪ ﮐﻪ ﺑﺎ 2‪ R‬ارﺗﺒﺎط ﺑﺮﻗﺮار‬ ‫ﮐﻨﺪ،ﺑﻪ ﻫﻤﯿﻦ ﺧﺎﻃﺮ در وﺣﻠﻪ اول ﯾﮏ درﺧﻮاﺳﺖ ‪ ARP‬ارﺳﺎل ﻣﯿﮑﻨﺪ ﺗﺎ ‪ Mac‬آدرس 42/2.1.1.01 را از ﺷﺒﮑﻪ اﺧﺬ‬ ‫ﮐﻨﺪ و ﭘﺲ از درﯾﺎﻓﺖ اﯾﻦ اﻃﻼﻋﺎت از ﺷﺒﮑﻪ آﻧﻬﺎ را در ‪ ARP Table‬ﺧﻮد ذﺧﯿﺮه ﻣﯿﮑﻨﺪ. ﭘﺲ از اﯾﻦ ﻣﺮﺣﻠﻪ 1‪ R‬از‬ ‫‪ Mac‬آدرس ﻣﻘﺼﺪ آﮔﺎه ﺧﻮاﻫﺪ ﺷﺪ و از آن در ﻓﺮم دﻫﯽ ﻓﺮﯾﻤﻬﺎي ارﺳﺎﻟﯽ ﺑﻪ ﻣﻘﺼﺪ اﺳﺘﻔﺎده ﺧﻮاﻫﺪ ﮐﺮد ﺑﻪ اﯾﻦ ﺷﮑﻞ‬ ‫ﮐﻪ 1‪ R‬ﭘﮑﺘﯽ را ﺑﺎ آدرس و ﻣﮏ آدرس 2‪ R‬ارﺳﺎل ﻣﯿﮑﻨﺪ، ﻫﻨﮕﺎﻣﯽ ﺳﻮﯾﯿﭻ ﻣﺤﻠﯽ ﻓﺮﯾﻢ را درﯾﺎﻓﺖ ﻣﯿﮑﻨﺪ ﻣﮏ آدرس‬ ‫ﻣﻘﺼﺪ را اﺳﺘﺨﺮاج ﻧﻤﻮده و ﺑﻪ دﻧﺒﺎل آن در ﺟﺪول ﻣﮏ ﺧﻮد ﻣﯽ ﮔﺮدد .ﭘﺲ از ﯾﺎﻓﺘﻦ ﻣﮏ آدرس و ﺳﻮﯾﯿﭻ ﭘﻮرت ﻣﺘﻨﺎﻇﺮ‬ ‫ﺑﺎ آن، ﻓﺮﯾﻢ درﯾﺎﻓﺘﯽ را ﺑﻪ اﯾﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ ﻓﻮروارد ﻣﯿﮑﻨﺪ. اﻣﺎ ﺑﺮﺧﯽ اوﻗﺎت ‪ ARP‬ﭘﺎﺳﺨﮕﻮي رﻓﻊ اﯾﻦ ﻧﯿﺎز ﻧﯿﺴﺖ و‬ ‫ﺑﺎﯾﺪ از راه ﺣﻞ دﯾﮕﺮي ﺑﻬﺮه ﺟﺴﺖ .‬ ‫ﻣﻮاردي وﺟﻮد دارﻧﺪ ﮐﻪ ﺑﻨﺎ ﺑﻪ دﻻﯾﻠﯽ روﺗﺮ/ﺳﻮﯾﯿﭻ ﻧﻤﯿﺘﻮاﻧﺪ ﻣﮏ آدرس ﻫﺎ را از ادوات ﻣﺘﺼﻞ ﺑﻪ ﺻﻮرت ﻣﺴﺘﻘﯿﻢ ﯾﺎ ﻏﯿﺮ‬ ‫ﻣﺴﺘﻘﯿﻢ درﯾﺎﻓﺖ ﮐﻨﺪ ﻣﺎﻧﻨﺪ ﻣﺎﺷﯿﻨﻬﺎي ﻣﺠﺎزي ﯾﺎ دﺳﺘﮕﺎﻫﯽ ﮐﻪ ﺑﻨﺎ ﺑﻪ ﺗﻨﻈﯿﻤﺎﺗﺸﺎن ﺑﻪ درﺧﻮاﺳﺘﻬﺎي ‪ ARP‬ﭘﺎﺳﺦ‬ ‫ﻧﻤﯿﺪﻫﺪ در ﭼﻨﯿﻦ ﻣﻮاردي ﺑﻪ ﻃﻮر دﺳﺘﯽ رﮐﻮرد ﻣﺮﺑﻮط ﺑﻪ ‪ Static arp entry‬را در ﺳﻮﯾﯿﭻ/روﺗﺮ وارد ﻣﯿﮑﻨﯿﻢ ﺗﺎ‬ ‫اﻟﺰاﻣﺎت اوﻟﯿﻪ ﺟﻬﺖ ارﺗﺒﺎط ﻻﯾﻪ دوﯾﯽ ﺑﺎ دﺳﺘﮕﺎه ﻣﻘﺼﺪ ﻓﺮاﻫﻢ ﺷﻮد. در ﺻﻮرﺗﯿﮑﻪ ﻓﺮﯾﻤﯽ ﺑﺎ ﺳﻤﺖ ﻣﮏ آدرﺳﯽ‬ ‫ﻧﺎﻣﻌﺘﺒﺮ)ﻏﯿﺮ ﻣﻮﺟﻮد در ﺟﺪول ﻣﮏ آدرس ﺳﻮﯾﯿﭻ( ارﺳﺎل ﺷﻮد ﺳﻮﯾﯿﭻ ﻓﺮﯾﻢ را ﺑﻪ ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﻻﯾﻪ دو ﺧﻮد ارﺳﺎل‬ ‫ﻣﯿﮑﻨﺪ و ﺑﻪ ﺟﺰ ﭘﻮرﺗﯽ ﮐﻪ ﻓﺮﯾﻢ را از آن درﯾﺎﻓﺖ ﮐﺮده اﺳﺖ اﯾﻦ ﭘﺪﯾﺪه ﺑﺎﻋﺚ اﺗﻼف ﭼﺸﻢ ﮔﯿﺮ ﻣﻨﺎﺑﻊ در ﺷﺒﮑﻪ ﻫﺎي ﺑﺎ‬ ‫ﻃﺮاﺣﯽ ﻏﯿﺮ ﺑﻬﯿﻨﻪ و ﻧﺎردﺳﺖ ﺧﻮاﻫﺪ ﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮر ﺟﺪﯾﺪ زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫‪arp ip.ip.ip.ip 0123.4567.89ab arpa‬‬ ‫ﺑﺎ اﺟﺮاي اﯾﻦ دﺳﺘﻮر ﯾﮏ ‪ static arp entry‬در ﺟﺪول ﻣﮏ آدرس ﺗﺰرﯾﻖ ﺧﻮاﻫﺪ ﺷﺪ‬ ‫‪show arp‬‬ ‫ﺟﻬﺖ ﻧﻤﺎﯾﺶ ﻣﺤﺘﻮاي ﺟﺪول ‪ ARP‬ﺑﻪ ﮐﺎر ﻣﯽ رود‬ ‫092 ‪Page 170 of‬‬
‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ GNS3 ‫اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ‬  ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ 00ac.a1f3.01ab ‫ ﺑﺎ آدرس 52.1.1.01و ﻣﮏ‬static arp entry ‫ﺛﺒﺖ ﯾﮏ‬ show arp ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺛﺒﺖ آن ﺑﺎ اﺳﺘﻔﺎده از‬   ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ 00ac.a1f3.01ab ‫ ﺑﺎ آدرس 52.1.1.01و ﻣﮏ‬static arp entry ‫1. ﺛﺒﺖ ﯾﮏ‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#arp 10.1.1.25 00ac.a1f3.01ab arpa R1(config)#end R1# show arp ‫2. ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺛﺒﺖ آن ﺑﺎ اﺳﺘﻔﺎده از‬ R1#show arp Protocol Address Internet 10.1.1.1 Internet 10.1.1.25 R1# Age (min) - Hardware Addr ca00.0d78.0008 00ac.a1f3.01ab Type ARPA ARPA Interface FastEthernet0/0 ‫00 اﺳﺘﻔﺎده ﺧﻮاﻫﺪ‬ac.a1f3.01ab ‫ ارﺳﺎل ﻣﯿﮑﻨﺪ ازﻣﮏ آدرس‬R2 ‫ ﺗﺮاﻓﯿﮑﯽ را ﺑﻪ ﺳﻤﺖ‬R1 ‫ﭘﺲ از اﯾﻦ ﻫﻨﮕﺎﻣﯽ ﮐﻪ‬ ‫ ﺛﺒﺖ ﺷﺪه‬Static ARP entry ‫ ﻣﻨﺎﺳﺐ ﻫﻢ درﯾﺎﻓﺖ ﮐﻨﺪ ﺑﺎز‬ARP ‫ ﭘﺎﺳﺦ‬R2 ‫ﮐﺮد .در اﯾﻦ ﺣﺎﻟﺖ ﺣﺘﯽ اﮔﺮ از ﺳﻤﺖ‬ ‫ﺗﻮﺳﻂ ادﻣﯿﻦ ﺣﺎﺋﺰ اوﻟﻮﯾﺖ ﺧﻮاﻫﺪ ﺑﻮد‬ Page 171 of 290
‫آزﻣﺎﯾﺶ 01.4 – ﺗﻨﻈﯿﻤﺎت ‪VTP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت ﭘﺎﯾﻪ و ﻧﮑﺎت اﻣﻨﯿﺘﯽ ‪ VTP‬ﺟﻬﺖ اﻧﺘﺸﺎر ﺗﻌﺮﯾﻒ ‪ VLAN‬ﻫﺎ از ﯾﮏ ﺳﻮﯾﯿﭻ ﻣﺮﮐﺰي‬ ‫ﺑﻪ ﮐﻠﯿﻪ ﺳﻮﯾﯿﭽﻬﺎي ﻣﻮﺟﻮد در آن ﺷﺒﮑﻪ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﯾﮑﯽ از ﻓﻌﺎﻟﯿﺘﻬﺎي وﻗﺖ ﮔﯿﺮ وﺳﺨﺖ در ﺷﺒﮑﻪ ﻫﺎي ﺑﺰرﮔﯽ ﮐﻪ از ﺗﻌﺪاد زﯾﺎدي ﺳﻮﯾﯿﭻ ﺗﺸﮑﯿﻞ ﯾﺎﻓﺘﻪ اﻧﺪ ﺗﻌﺮﯾﻒ و ﻣﺪﯾﺮﯾﺖ‬ ‫‪ Vlan‬ﻫﺎ ﺑﻪ ﻃﻮر ﻣﺠﺰا در ﺗﮏ ﺗﮏ اﯾﻦ ادوات ﻣﯽ ﺑﺎﺷﺪ. از اﯾﻨﺮو و ﺑﻪ ﻣﻨﻈﻮر ﺣﻞ اﯾﻦ ﻣﺸﮑﻞ ‪VLAN Trunking‬‬ ‫‪ Protocol‬ﯾﺎ ﺑﻪ ﻃﻮر اﺧﺘﺼﺎر ‪ VTP‬ﺟﻬﺖ اﻧﺘﺸﺎر ﺗﻌﺮﯾﻒ ‪ Vlan‬ﻫﺎ از ﻃﺮﯾﻖ ﯾﮏ ﺳﻮﯾﯿﭻ ﻣﺮﮐﺰي ﺑﻪ ﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎ‬ ‫ﻣﺸﺎﺑﻪ ﺣﺎﻟﺖ ﮐﻼﯾﻨﺖ ﺳﺮوري ﻣﻌﺮﻓﯽ ﺷﺪ .‬ ‫‪ VTP Server‬در ﻋﻤﻞ ﯾﮏ ﻧﻘﻄﻪ ﻣﺪﯾﺮﯾﺖ ﻣﺮﮐﺰي در ﺷﺒﮑﻪ ﺟﻬﺖ ﺗﻮزﯾﻊ ‪ Vlan‬ﻫﺎ ﻣﺤﺴﻮب ﻣﯽ ﺷﻮد ﺑﻪ اﯾﻦ ﻣﻌﻨﺎ ﮐﻪ‬ ‫‪ Vlan‬ﻫﺎي ﺳﺎﺧﺘﻪ ﺷﺪه در اﯾﻦ ﺳﻮﯾﯿﭻ ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن در ﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎي ﻋﻀﻮ ‪ Vtp domain‬ﺗﻮزﯾﻊ‬ ‫ﻣﯿﺸﻮﻧﺪ.ﺗﻌﺮﯾﻒ ‪ Vtp domain‬را ﻫﻢ ﺑﻪ ﺻﻮرت ﻣﺠﻤﻮﻋﻪ اي از ﺳﻮﯾﯿﭽﻬﺎ ﺑﺎ ﺗﻌﺮﯾﻒ ﯾﮑﺴﺎن ‪ Vlan‬ﻫﺎ در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ.ﺑﻪ‬ ‫ﻋﻨﻮان ﻣﺜﺎل ﯾﮏ ﻣﺠﺘﻤﻊ ﺑﺰرگ داﻧﺸﮕﺎﻫﯽ را در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ ﮐﻪ در آن ﻣﻌﻤﺎري 3ﻻﯾﻪ ﺷﺒﮑﻪ ﺑﻪ ﻃﻮر ﮐﺎﻣﻞ ﭘﯿﺎده ﺳﺎزي‬ ‫ﺷﺪه اﺳﺖ،در اﯾﻦ ﻃﺮاﺣﯽ ‪Vtp‬ﺳﺮور ﺳﻮﯾﯿﭻ ﻻﯾﻪ ﺗﻮزﯾﻊ ﺧﻮاﻫﺪ ﺑﻮد. در اﻏﻠﺐ ﻣﻮارد ﻧﻘﺶ ‪ VTP‬ﺳﺮور را ﺳﻮﯾﯿﭽﯽ ﺑﻪ‬ ‫ﻋﻬﺪه ﻣﯿﯿﮕﯿﺮد ﮐﻪ ﻗﺎﺑﻠﯿﺖ اﻓﺰوﻧﮕﯽ ﯾﺎ ‪ redundancy‬را ﺑﺮاي ﺳﻮﯾﯿﭽﻬﺎ ﻻﯾﻪ اﮐﺴﺲ ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ در ﺷﺒﮑﻪ ﻫﺎي‬ ‫ﮐﻮﭼﮑﺘﺮ ﮐﻪ ﻻﯾﻪ ﺗﻮزﯾﻊ وﺟﻮد ﻧﺪارد اﯾﻦ ﻣﺴﺌﻮﻟﯿﺖ ﺑﻪ ﻋﻬﺪه ﺳﻮﯾﯿﭻ ﻣﺮﮐﺰي آن ﺷﺒﮑﻪ ﺧﻮاﻫﺪ ﺑﻮد.‬ ‫در ﺣﺎل ﺣﺎﺿﺮ ﺳﻪ ﻧﮕﺎرش از ‪ Vtp‬اراﺋﻪ ﺷﺪه اﺳﺖ ﮐﻪ در اداﻣﻪ ﺑﻪ آﻧﻬﺎ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫‪‬‬ ‫1 ‪ :Vtp version‬ﻧﺴﺨﻪ اوﻟﯿﻪ و ﻗﺪﯾﻤﯽ ﺑﺎ وﯾﮋﮔﯿﻬﺎ ﺳﺎده اي ﻫﻤﭽﻮن ﺗﻨﻈﯿﻢ ﺳﻮﯾﯿﭻ ﺑﻪ ﻋﻨﻮان ‪ Vtp‬ﺳﺮور‬ ‫‪‬‬ ‫2 ‪ :Vtp version‬ﻗﺎﺑﻠﯿﺘﻬﺎي 1‪ Vtp‬ﺑﻪ اﺿﺎﻓﻪ ﭘﺸﺘﯿﺒﺎﻧﯽ از ﺗﻮﮐﻦ رﯾﻨﮓ ‪ Vlan‬و ‪ Vtp pruning‬اﮔﺮ ﻫﯿﭻ ﯾﮏ‬ ‫‪‬‬ ‫3 ‪:Vtp version‬اﯾﻦ ﻧﺴﺨﻪ داراي ﻣﺸﺨﺼﻪ ﻫﺎي ﭘﺮ رﻧﮓ ﺗﺮي ﻧﺴﺒﺖ ﺑﻪ ﻧﺴﺨﻪ ﻫﺎي ﻗﺒﻠﯽ اﺳﺖ و آﻧﺮا ﺑﻪ‬ ‫، ‪Vtp‬ﮐﻼﯾﻨﺖ،‪ VTP Mode OFF ، Vtp transparent‬ﮐﻪ ﺑﻪ ﻃﻮر ﮐﺎﻣﻞ ‪ Vtp‬را ﻏﯿﺮ ﻓﻌﺎل ﻣﯿﮑﻨﺪ.‬ ‫از اﯾﻦ ﻣﺸﺨﺼﻪ ﻫﺎ در ﺷﺒﮑﻪ اي ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻧﻤﯿﮕﯿﺮد ﻟﺰوﻣﯽ ﺑﻪ ارﺗﻘﺎ از ﻧﺴﺨﻪ ﯾﮏ ﺑﻪ دو وﺟﻮد ﻧﺪارد‬ ‫ﻋﻨﻮان اوﻟﯿﻦ اﻧﺘﺨﺎب در ﺷﺒﮑﻪ ﻫﺎي ﺑﺰرگ ﺗﺒﺪﯾﻞ ﻣﯿﮑﻨﺪ.اﯾﻦ ﻧﮕﺎرش از ﺗﻤﺎم رﻧﺞ ‪ IEEE VLAN‬ﯾﻌﻨﯽ 1 ﺗﺎ‬ ‫5904 ﻫﻤﯿﻨﻄﻮر اﻧﺘﺸﺎر اﻃﻼﻋﺎت ‪ Private Vlan‬ﻫﺎ را ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ.ﻋﻼوه ﺑﺮ اﯾﻨﻬﺎ در ﻧﮕﺎرش ﺟﺪﯾﺪ ﺑﺎ‬ ‫اﻓﺰودن ﻗﺎﺑﻠﯿﺘﻬﺎﯾﯽ ﻫﻤﭽﻮن اﻧﺘﺨﺎب اﯾﻨﮑﻪ ﮐﺪام ﺳﻮﯾﯿﭽﻬﺎ ﺑﺘﻮاﻧﻨﺪ اﻃﻼﻋﺎت ‪ Vlan‬ﺳﺎﯾﺮﯾﻦ را ﺑﺮوز ﮐﻨﻨﺪ‬ ‫ﻫﻤﯿﻨﻄﻮر ﻗﺎﺑﻠﯿﺖ ﻓﻌﺎل/ﻏﯿﺮﻓﻌﺎل ﮐﺮدن ‪Vtp‬ﺑﺮ ﻣﺒﻨﺎي ﯾﮏ ﺗﺮاﻧﮏ ﺧﺎص و ﯾﺎ ﺗﺨﺼﯿﺺ ‪primary , backup‬‬ ‫ﺳﺮور ﺑﻪ ‪ Vtp‬ﺳﺮور اﻣﮑﺎﻧﺎت ﺑﯿﺸﺘﺮي را ﺟﻬﺖ ﻣﺪﯾﺮﯾﺖ ‪ Vtp domain‬ﺑﻪ راﻫﺒﺮ ﺷﺒﮑﻪ اراﺋﻪ ﻣﯿﺪﻫﺪ.‬ ‫092 ‪Page 172 of‬‬
‫اﮐﻨﻮن ﯾﮏ ﭘﻠﻪ ﺑﻪ ﻋﻘﺐ ﺑﺮﮔﺮدﯾﻢ . ﺣﺎﻟﺘﯽ را در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ ﮐﻪ ﻓﺮدي ﺳﻮﯾﯿﭽﯽ را ﺑﻪ ﺷﺒﮑﻪ ﻣﺎ ﻣﺘﺼﻞ ﻣﯿﮑﻨﺪ ﮐﻪ داراي‬ ‫ﻫﻤﺎن ‪ Vtp domain‬و ﻧﮕﺎرش ﺑﺎﻻﺗﺮي از ﭘﺎﯾﮕﺎه داده ‪Vtp‬ﺳﺮور ﺷﺒﮑﻪ ﻣﺎ اﺳﺖ ﭼﻪ اﺗﻔﺎﻗﯽ ﺧﻮاﻫﺪ اﻓﺘﺎد ؟ ﮐﻠﯿﻪ‬ ‫ﺗﻨﻈﯿﻤﺎت ‪ Vlan‬ﺷﺒﮑﻪ ﻣﺎ ﺑﺎ ﻧﺴﺨﻪ ﻣﻮﺟﻮد در اﯾﻦ ﭘﺎﯾﮕﺎه داده اﯾﻦ ‪ Vtp‬ﺳﺮور ﺟﺪﯾﺪ ﺟﺎﯾﮕﺰﯾﻦ ﺧﻮاﻫﺪ ﺷﺪ . ﺗﻌﺪادي از‬ ‫‪ Vlan‬ﻫﺎ ﺣﺬف ﺧﻮاﻫﻨﺪ ﺷﺪ ﺗﻌﺪاي ﺟﺪﯾﺪ اﺿﺎﻓﻪ ﺧﻮاﻫﻨﺪ ﺷﺪ و از اﯾﻦ دﺳﺖ ﻧﺘﯿﺠﻪ اﯾﻨﮑﻪ ﭘﻮرﺗﻬﺎي ﺑﯿﺮون اﻓﺘﺎده از‬ ‫‪ Vlan‬ﺑﻪ ﺻﻮرت ﺧﺎﻣﻮش ﺧﻮدﻧﻤﺎﯾﯽ ﺧﻮاﻫﻨﺪ ﮐﺮد. در ﻣﻮاﺟﻬﻪ ﺑﺎ ﭼﻨﯿﻦ اﺗﻔﺎﻗﯽ راﻫﺒﺮ ﺷﺒﮑﻪ دو ﮐﺎر ﺑﺴﯿﺎر ﻣﻬﻢ را‬ ‫ﻣﯿﺒﺎﯾﺴﺖ ﭘﺸﺖ ﺳﺮ ﻫﻢ اﻧﺠﺎم دﻫﺪ اﺑﺘﺪا ﺑﺮوزرﺳﺎﻧﯽ رزوﻣﻪ ﺧﻮد ﺳﭙﺲ اﺳﺘﻔﺎده از ‪ Vtp password‬ﺟﻬﺖ ﺟﻠﻮﮔﯿﺮي از‬ ‫وﻗﻮع ﻣﺠﺪد اﯾﻦ ﺑﺤﺮان.ﺑﺎ ﺗﻨﻄﯿﻢ ‪ Vtp password‬ﺗﻨﻬﺎ ﮐﻼﯾﻨﺘﻬﺎﯾﯽ اﻗﺪام ﺑﻪ اﺧﺬ ﺗﻨﻈﯿﻤﺎت از ﺳﺮور ﻣﯿﮑﻨﻨﺪ ﮐﻪ ﻫﻢ ﻧﺎم‬ ‫داﻣﻨﻪ و ﻫﻢ رﻣﺰ ﻋﺒﻮر ﯾﮑﺴﺎﻧﯽ ﺑﺎ ﻫﻢ داﺷﺘﻪ ﺑﺎﺷﻨﺪ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺴﻬﺎي 51/0‪ Fa0/13,Fa0/14,Fa‬در ﺳﻮﯾﯿﭽﻬﺎي 3‪SW2,SW‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 21/0‪ Fa0/10,Fa0/11,Fa‬در ﺳﻮﯾﯿﭽﻬﺎي 2‪ SW1,SW‬ﺟﻬﺖ اﯾﺠﺎد ‪ Etherchannel‬و ﺗﺮاﻧﮏ‬ ‫ﺗﻨﻈﯿﻢ 51/0‪ Fa0/13,Fa0/14,Fa‬در 1‪ SW‬و 21/0‪Fa0/10,Fa0/11,Fa‬در 3‪ SW‬ﺟﻬﺖ ﺑﺮﻗﺮاي‬ ‫‪ Etherchannel‬ﺑﺎ 2 ‪ channel-group‬و ﻗﺮار دادن آن در ﺣﺎﻟﺖ ﺗﺮاﻧﮏ‬ ‫092 ‪Page 173 of‬‬
‫ﺗﺼﻮﯾﺮ 1.01.4-ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ‪VTP‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Vtp‬ﺳﺮور و ﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎ ﺑﻪ ﻋﻨﻮان ‪ Vtp client‬و ﺗﻨﻈﯿﻢ ‪ Vtp domain‬ﺑﻪ ‪cisco‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ vlan‬ﺑﻪ ﻧﺎم ‪ Development‬در ‪Vtp‬ﺳﺮور و ﺑﺮرﺳﯽ اﻧﺸﺘﺎر آن ﺳﻮﯾﯿﺠﻬﺎي دﯾﮕﺮ‬ ‫‪‬‬ ‫ﺗﻈﻨﯿﻢ ‪ Vtp‬ﺑﻪ ﻧﮕﺎرش 2 و اﻓﺰاﯾﺶ اﻣﻨﯿﺖ ‪ Vtp domain‬از ﻃﺮﯾﻖ ﺗﺨﺼﯿﺺ رﻣﺰ ﻋﺒﻮر 321$‪ Cisco‬ﺑﻪ آن‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺑﻪ دﻟﯿﻞ ﻣﺤﺪودﯾﺖ ﻫﺎي ﻣﺎژول ‪ Nm-16esw‬در 3‪ Gns‬دﺳﺘﻮرات اﯾﻦ آزﻣﺎﯾﺶ از ﻃﺮﯾﻖ 3 دﺳﺘﮕﺎه ﺳﻮﯾﯿﭻ واﻗﻌﯽ ﭘﯿﺎده‬ ‫ﺳﺎزي ﺷﺪه اﻧﺪ.‬ ‫092 ‪Page 174 of‬‬
Vtp ‫ ﮐﻼﯾﻨﺖ و ﺗﻨﻈﯿﻢ ﻧﺎم‬Vtp ‫ ﺑﻪ ﻋﻨﻮان‬SW2,SW3 ‫ﺳﺮور و ﭘﯿﮑﺮﺑﻨﺪي‬Vtp ‫ ﺑﻪ ﻋﻨﻮان‬SW1 ‫١. ﭘﯿﮑﺮﺑﻨﺪي‬ CISCO ‫ ﺑﻪ‬domain ‫ ﺑﺎﺷﺪ‬Vtp mode ‫ ﻣﯿﺒﺎﯾﺴﺖ ﻫﻤﺮاه ﺑﺎ ﺗﻨﻈﯿﻢ‬Vtp domain ‫ﺑﻪ ﺧﺎﻃﺮ داﺷﺘﻪ ﺑﺎﺷﯿﺪ در ﺳﻮﯾﯿﭻ ﮐﻼﯾﻨﺖ ﺗﻨﻈﯿﻢ‬ Vtp domain ‫ ﺑﺮد و ﭘﺲ از ﺗﻨﻈﯿﻢ‬Transparent ‫در ﻏﯿﺮ اﯾﻨﺼﻮرت اول ﺑﺎﯾﺪ ﺳﻮﯾﯿﭻ ﻣﻮرد ﻧﻈﺮ را ﺑﻪ ﺣﺎﻟﺖ‬ ‫ﻣﺠﺪدا آﻧﺮا ﺑﻪ ﺣﺎﻟﺖ ﮐﻼﯾﻨﺖ ﺑﺮﮔﺮداﻧﺪ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. SW1(config)#vtp mode server Device mode already VTP SERVER. SW1(config)#vtp domain CISCO Changing VTP domain name from NULL to CISCO SW1(config)# SW2 con0 is now available End with CNTL/Z. Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. SW2(config)#vtp domain CISCO Domain name already set to CISCO. SW2(config)#vtp mode client Setting device to VTP CLIENT mode. SW2(config)# SW3 con0 is now available End with CNTL/Z. Press RETURN to get started. SW3>enable SW3#configure terminal Enter configuration commands, one per line. SW3(config)#vtp domain CISCO Domain name already set to CISCO. SW3(config)#vtp mode client Setting device to VTP CLIENT mode. SW3(config)# End with CNTL/Z. ‫ و ﺑﺮرﺳﯽ ﺻﺤﺖ اﻧﺘﺸﺎر آن در ﺳﻮﯾﯿﭽﻬﺎي دﯾﮕﺮ‬SW1 ‫ در‬development ‫ ﺑﺎ ﻧﺎم‬Vlan 10 ‫٢. اﯾﺠﺎد‬ SW1(config)#vlan 10 SW1(config-vlan)#name Development SW1(config-vlan)#end SW1# Page 175 of 290
‫ ﻓﻮق در ﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎ ﻫﻢ ﻣﺸﺎﻫﺪه ﻣﯽ ﺷﻮد ﯾﺎ ﺧﯿﺮ‬Vlan ‫اﮐﻨﻮن ﺑﺮرﺳﯽ ﻣﯿﮑﻨﯿﻢ ﮐﻪ آﯾﺎ‬ SW2(config)#end SW2#show vlan %SYS-5-CONFIG_I: Configured from console by console SW2#show vlan VLAN Name Status Ports ---- -------------------------------- --------- -----------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 Development active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type Trans2 ---- ----1 enet 10 enet 1002 fddi 1003 tr 1004 fdnet 1005 trnet SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 ---------- ----- ------ ------ -------- ---- -------- ------ ----100001 100010 101002 101003 101004 101005 1500 1500 1500 1500 1500 1500 - - - ieee ibm srb - 0 0 0 0 0 0 0 0 0 0 0 0 Remote SPAN VLANs ----------------------------------------------------------------------------Primary Secondary Type Ports ------- --------- ----------------- ----------------------------------------SW2# SW3(config)#end SW3#show vlan VLAN Name Status Ports ---- -------------------------------- --------- -----------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Page 176 of 290
Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 1002 1003 1004 1005 Development fddi-default token-ring-default fddinet-default trnet-default VLAN Type Trans2 ---- ----1 enet 10 enet 1002 fddi 1003 tr 1004 fdnet 1005 trnet SAID active act/unsup act/unsup act/unsup act/unsup MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 ---------- ----- ------ ------ -------- ---- -------- ------ ----100001 100010 101002 101003 101004 101005 1500 1500 1500 1500 1500 1500 - - - ieee ibm srb - 0 0 0 0 0 0 0 0 0 0 0 0 Remote SPAN VLANs ----------------------------------------------------------------------------Primary Secondary Type Ports ------- --------- ----------------- ----------------------------------------SW3# ‫ ﺑﻪ آن‬Cisco$123 ‫ از ﻃﺮﯾﻖ ﺗﺨﺼﯿﺺ رﻣﺰ ﻋﺒﻮر‬Vtp domain ‫ ﺑﻪ ﻧﮕﺎرش 2 و اﻓﺰاﯾﺶ اﻣﻨﯿﺖ‬Vtp ‫٣. ﺗﻈﻨﯿﻢ‬ SW1#configure terminal Enter configuration commands, one per SW1(config)#vtp version 2 SW1(config)#vtp password Cisco$123 Setting device VLAN database password SW1(config)#end SW1# SW2#configure terminal Enter configuration commands, one per SW2(config)#vtp password Cisco$123 Setting device VLAN database password SW2(config)#end SW2# SW3#configure terminal Enter configuration commands, one per SW3(config)#vtp password Cisco$123 Setting device VLAN database password SW3(config)#end SW3# Page 177 of 290 line. End with CNTL/Z. to Cisco$123 line. End with CNTL/Z. to Cisco$123 line. End with CNTL/Z. to Cisco$123
‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬show vtp ‫ و ﺳﺎﯾﺮ ﻣﺸﺨﺼﻪ ﻫﺎي آن از دﺳﺘﻮر‬Vtp‫ﺑﺮاي ﺑﺮرﺳﯽ ﺷﻤﺎره ﻧﮕﺎرش‬ SW2#show vtp status VTP Version : running VTP2 Configuration Revision : 3 Maximum VLANs supported locally : 1005 Number of existing VLANs : 6 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x96 0xF1 0x2F 0xDD 0x5F 0x1F 0x37 0x53 Configuration last modified by 192.168.255.1 at 3-2-93 15:11:27 SW2# ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬show vtp password ‫ ﻫﻢ از دﺳﺘﻮر‬Vtp domain ‫ﺑﺮاي ﻣﺸﺎﻫﺪه رﻣﺰ ﻋﺒﻮر ﺗﻨﻈﯿﻢ ﺷﺪه ﺑﺮاي‬ SW2#show vtp password VTP Password: Cisco$123 SW2# Page 178 of 290
‫آزﻣﺎﯾﺶ 11.4 –ﺗﻨﻈﯿﻤﺎت ‪ Vtp transparent‬و ‪Vtp pruning‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻢ ‪ VTP Transparent‬ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻋﻀﻮ ﭘﺴﯿﻮ ‪ Vtp‬ﻫﻤﯿﻨﻄﻮر ﺗﻨﻈﯿﻤﺎت ‪Vtp‬‬ ‫‪ pruning‬ﺑﺎ ﻫﺪف ﺟﻠﻮﮔﯿﺮي از اﻧﺘﺸﺎر ﺗﺮاﻓﯿﮏ ﻫﺎي ﻧﺎﺧﻮاﺳﺘﻪ ‪ vlan‬ﻫﺎ ﺑﻪ ﺳﻮﯾﯿﭽﻬﺎﯾﯽ ﮐﻪ ﻓﺎﻗﺪ آن ‪ vlan‬ﻫﺎ ﻣﯿﺒﺎﺷﻨﺪ‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺑﺮﺧﻼف دو ﺣﺎﻟﺖ ﻗﺒﻠﯽ ‪ Vtp‬ﯾﻌﻨﯽ ﺣﺎﻟﺘﻬﺎي ﺳﺮور و ﮐﻼﯾﻨﺖ ﺣﺎﻟﺖ ﺗﺮﻧﺴﭙﺮﻧﺖ در ﻫﯿﭻ ﯾﮏ از ‪Vtp‬داﻣﯿﻦ ﻫﺎ ﻧﻘﺸﯽ را‬ ‫اﯾﻔﺎ ﻧﻤﯿﮑﻨﺪ و ﺻﺮﻓﺎ ﺑﻪ ﻋﺒﻮر دادن ﻓﺮﯾﻤﻬﺎي ‪ Vtp‬از ﺳﻮﯾﯿﭽﯽ ﺑﻪ ﺳﻮﯾﯿﭻ دﯾﮕﺮ ﻗﻨﺎﻋﺖ ﻣﯽ ﮐﻨﻨﺪ در واﻗﻊ از ﺳﻮﯾﯿﭻ‬ ‫ﺗﺮﻧﺴﭙﺮﻧﺖ ﺻﺮﻓﺎ ﺑﻪ ﻋﻨﻮان ﯾﮏ ﺳﻮﯾﯿﭻ ﻣﺪﯾﺮﯾﺖ ﭘﺬﯾﺮ ﻣﺎﺑﯿﻦ ﻣﺴﯿﺮ اﻧﺘﻘﺎل دو ﺳﻮﯾﯿﭻ ﻓﻌﺎل در ‪ Vtp‬اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.‬ ‫ﯾﮏ ﻧﮑﺘﻪ ﻣﻨﻔﯽ در ﺧﺼﻮص ﺳﻮﯾﯿﭽﻬﺎي ﺗﺮﻧﺴﭙﺮﻧﺖ ﮐﻪ ﺑﻪ ﻋﻨﻮان ﻣﺴﯿﺮ ﺗﺮاﻧﺰﯾﺖ در ‪ Vtp domain‬ﻓﻌﺎﻟﯿﺖ ﻣﯿﮑﻨﻨﺪ‬ ‫اﯾﻨﺴﺖ ﮐﻪ ﻫﻤﮕﯽ ﺑﺎﯾﺪ داراي ﺳﺎﺧﺘﺎر ‪ Vlan‬ﯾﮑﺴﺎﻧﯽ داﺷﺘﻪ ﺑﺎﺷﻨﺪ . راﯾﺞ ﺗﺮﯾﻦ دﻟﯿﻞ اﺳﺘﻔﺎده از ﺳﻮﯾﯿﭽﻬﺎي ﺗﺮﻧﺴﭙﺮﻧﺖ‬ ‫ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﻓﻌﺎل در ‪ Vtp‬ﻣﻼﺣﻀﺎت اﻣﻨﯿﺘﯽ اﺳﺖ .ﯾﮏ ﺳﻮﯾﯿﭻ ﺗﺮﻧﺴﭙﺮﻧﺖ ﻧﯿﺎز ﺑﻪ ﺗﻌﺮﯾﻒ ‪ vlan‬ﻫﺎﯾﯽ دارد ﮐﻪ در‬ ‫ﻫﯿﭻ ﻗﺴﻤﺖ دﯾﮕﺮي از ﺷﺒﮑﻪ ﺗﻌﺮﯾﻒ ﻧﺸﺪه اﻧﺪ اﻣﺎ در ﻋﯿﻦ ﺣﺎل ﺑﻪ ﺳﺎﯾﺮ ‪ vlan‬ﻫﺎ ﻧﯿﺰ دﺳﺘﺮﺳﯽ دارد.‬ ‫در اداﻣﻪ ﺑﻪ اراﺋﻪ ﻣﺜﺎﻟﯽ از ﻟﺰوم ﻓﻌﺎل ﺳﺎزي ‪ Vtp pruning‬ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﻓﺮض ﮐﻨﯿﺪ ﯾﮏ ﺷﺒﮑﻪ ﺳﻪ ﻻﯾﻪ در ﺳﺎﺧﺘﻤﺎﻧﯽ 21 ﻃﺒﻘﻪ ﭘﯿﺎده ﺳﺎزي ﮐﺮده اﯾﻢ و ﺳﻮﯾﯿﭽﻬﺎي ﻻﯾﻪ ﺗﻮزﯾﻊ را ﺑﻪ ﻋﻨﻮان ‪Vtp‬‬ ‫ﺳﺮور ﺗﻨﻈﯿﻢ ﺷﺪه اﻧﺪ و اﻃﻼﻋﺎت ﺗﻌﺮﯾﻒ ‪ vlan‬ﻫﺎ از ﻃﺮﯾﻖ آﻧﻬﺎ ﺑﻪ ﺳﺎﯾﺮ 42 ﺳﻮﯾﯿﭻ ﻻﯾﻪ اﮐﺴﺲ واﻗﻊ در ﻃﺒﻘﺎت ﻣﻨﺘﺸﺮ‬ ‫ﻣﯽ ﺷﻮﻧﺪ.ﺣﺎﻻ ﻓﺮض ﮐﻨﯿﺪ 211 ‪ Vlan‬در ﺳﻮﯾﯿﭻ ﻃﺒﻘﻪ 21 ﺗﻌﺮﯾﻒ ﻣﯽ ﺷﻮد ﺑﻨﺎ ﺑﻪ ﻣﺎﻫﯿﺖ ‪ Vtp‬اﯾﻦ ﺗﻌﺮﯾﻒ ﺑﻪ ﻫﻤﻪ‬ ‫ﺳﻮﯾﯿﭽﻬﺎي اﮐﺴﺲ دﯾﮕﺮ ﻫﻢ ﻣﻨﺘﺸﺮ ﻣﯽ ﺷﻮد و اﻧﻬﺎ ﻧﯿﺰ ﺻﺎﺣﺐ اﯾﻦ ‪Vlan‬ﺧﻮاﻫﻨﺪ ﺷﺪ.اﯾﻨﺠﺎ ﯾﮏ ﺳﻮال ﻣﻬﻢ ﻣﻄﺮح‬ ‫ﻣﯿﺸﻮد و آن اﯾﻨﮑﻪ اﮔﺮ ﺑﺮادﮐﺴﺘﯽ در 211 ‪ Vlan‬ﺗﻮﻟﯿﺪ ﺷﻮد آﯾﺎ ﻫﻤﻪ ﺳﻮﯾﯿﭽﻬﺎي دﯾﮕﺮ ﻫﻢ آﻧﺮا درﯾﺎﻓﺖ ﺧﻮاﻫﻨﺪ ﮐﺮد؟‬ ‫ﭘﺎﺳﺦ ﺑﻠﻪ اﺳﺖ.از آﻧﺠﺎﯾﯽ ﮐﻪ ﺳﻮﯾﯿﭽﻬﺎي ﺗﻮزﯾﻊ ﺑﺮادﮐﺴﺘﻬﺎ را ﺑﻪ ﺗﻤﺎم ﺗﺮاﻧﮏ ﭘﻮرﺗﻬﺎي ﺧﻮد)ﺑﻪ ﺟﺰ ﭘﻮرت درﯾﺎﻓﺖ ﮐﻨﻨﺪه‬ ‫ﺑﺮادﮐﺴﺖ( ارﺳﺎل ﻣﯿﮑﻨﺪ ﻟﺬا ﺗﻤﺎﻣﯽ ﺳﻮﯾﯿﭽﻬﺎي اﮐﺴﺲ ﺑﻪ ﺟﺰ ﺳﻮﯾﯿﭻ ارﺳﺎل ﮐﻨﻨﺪه، ﺑﺮادﮐﺴﺖ را درﯾﺎﻓﺖ ﺧﻮاﻫﻨﺪ ﮐﺮد و‬ ‫اﯾﻦ ﺑﻪ ﻣﻌﻨﺎي اﺗﻼف ﻣﻨﺎﺑﻊ ﺷﺒﮑﻪ اﺳﺖ ﻟﺬا ﺑﺮاي ﺣﻞ اﯾﻦ ﻣﻌﻀﻞ از ‪ Vtp pruning‬اﺳﺘﻔﺎده ﻣﯽ ﮐﻨﯿﻢ.‬ ‫‪ Vtp pruning‬ﺑﻪ زﺑﺎن ﺳﺎده از ارﺳﺎل ﺗﺮاﻓﯿﮏ ﺳﺎﯾﺮ ‪ vlan‬ﻫﺎ روي ﺗﺮاﻧﮏ ﻟﯿﻨﮏ ﺳﻮﯾﯿﭽﻬﺎﯾﯽ ﮐﻪ ﻋﻀﻮي در آن ‪vlan‬‬ ‫ﻧﺪارﻧﺪ ﺟﻠﻮﮔﯿﺮي ﻣﯿﮑﻨﺪ.در ﻣﺜﺎل ﺑﺎﻻ اﮔﺮ ﺳﻮﯾﯿﭽﯽ ﻫﯿﭻ ﭘﻮرت ﻣﺘﻌﻠﻖ ﺑﻪ 211 ‪ Vlan‬را درﺧﻮد ﻧﺪارد ﭼﺮا ﺑﺎﯾﺪ ﺗﺮاﻓﯿﮏ‬ ‫ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻦ ‪ vlan‬را در ﺗﺮاﻧﮏ ﺧﻮد ﻣﺸﺎﻫﺪه ﮐﻨﺪ؟‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫092 ‪Page 179 of‬‬
‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫ﺗﻨﻈﯿﻢ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Vtp‬ﺳﺮور و 3‪ SW‬ﺑﻪ ﻋﻨﻮان ‪Vtp‬ﮐﻼﯾﻨﺖ ﺑﺎ ﻧﺎم داﻣﻨﻪ ﺳﯿﺴﮑﻮ‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن 21/0‪ Fa0/11,Fa‬و ﺗﻨﻈﯿﻢ 01/0‪ Fa‬ﺑﻪ ﺻﻮرت ‪ dot1q trunk‬در 1‪SW‬‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن 51/0‪ Fa0/11, Fa0/12, Fa0/14, Fa‬و ﺗﻨﻈﯿﻢ 31/0‪Fa‬و01/0‪ Fa‬ﺑﻪ ﺻﻮرت ‪dot1q trunk‬‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن51/0‪ Fa0/11, Fa0/12, Fa0/14, Fa‬و ﺗﻨﻈﯿﻢ 31/0‪Fa‬ﺑﻪ ﻋﻨﻮان ‪dot1q trunk‬در 3‪SW‬‬ ‫در 2‪SW‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ‪vlan‬ﻫﺎي 03,02,01 در ‪ Vtp‬ﺳﺮور‬ ‫‪‬‬ ‫اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ ﻻﯾﻪ 3 اي ﺑﺮاي 01 ‪ vlan‬در 3‪ SW1,SW‬ﺑﺎ آدرس ﻫﺎي 42/1.31.01.01و42/3.31.01.01‬ ‫ﺗﺼﻮﯾﺮ 2.01.4-ﺗﻨﻈﯿﻤﺎت ‪VTP Pruning‬‬ ‫092 ‪Page 180 of‬‬
‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ﺗﺮﻧﺴﭙﺮﻧﺖ و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬Vtp ‫ ﺑﻪ ﻋﻨﻮان‬SW2 ‫ﺗﻨﻈﯿﻢ‬  ‫ ﮐﻼﯾﻨﺖ‬Vtp ‫ ﺳﺮور و ﺣﺼﻮل اﻃﻤﯿﻨﺎن از اﻧﺘﺸﺎر ﺗﻨﻈﯿﻤﺎت ﺑﻪ‬Vtp ‫ در‬Vtp pruning ‫ﻓﻌﺎل ﺳﺎزي‬  SW1 ‫ در‬pruning list ‫ از ﻃﺮﯾﻖ ﻣﺸﺎﻫﺪه‬pruning ‫ﺑﺮرﺳﯽ ﺻﺤﺖ اﻋﻤﺎل‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺗﺮﻧﺴﭙﺮﻧﺖ و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬Vtp ‫ ﺑﻪ ﻋﻨﻮان‬SW2 ‫1. ﺗﻨﻈﯿﻢ‬ >SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#vtp mode transparent SW2(config)#vtp version 2 Setting device to VTP TRANSPARENT mode. SW2(config)#end SW2#show vtp status SW2#show vtp status VTP Version : running VTP2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x06 0x97 0x82 0xDA 0x39 0x52 0x1E 0xF2 Configuration last modified by 192.168.255.252 at 0-0-00 00:00:00 SW2# ‫ ﮐﻼﯾﻨﺖ‬Vtp ‫ ﺳﺮور و ﺣﺼﻮل اﻃﻤﯿﻨﺎن از اﻧﺘﺸﺎر ﺗﻨﻈﯿﻤﺎت ﺑﻪ‬Vtp ‫ در‬Vtp pruning ‫2. ﻓﻌﺎل ﺳﺎزي‬ ‫ ﺳﺮور اﺟﺮا ﺷﻮد ﭘﺲ از آن ﺗﻨﻈﯿﻢ ﺑﻪ‬Vtp ‫ ﺻﺮﻓﺎ در ﻣﺤﯿﻂ‬Vtp pruning ‫ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر ﮐﺎﻓﯽ اﺳﺖ دﺳﺘﻮر‬ ‫ ﮐﻼﯾﻨﺘﻬﺎي ﻣﺠﻤﻮد در داﻣﻨﻪ اﻧﺘﺸﺎر ﺧﻮاﻫﺪ ﯾﺎﻓﺖ‬Vtp ‫ﻃﻮر ﺧﻮدﮐﺎر ﺑﻪ ﺗﻤﺎم‬ SW1 con0 is now available Press RETURN to get started. Page 181 of 290
SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#vtp pruning Pruning switched on SW1(config)#end SW1#show vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 36 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x2E 0x9F 0x5E 0x57 0xE3 0x87 0x46 0xFA Configuration last modified by 10.1.5.1 at 3-1-02 00:10:56 Local updater ID is 10.1.5.1 on interface Vl5 (lowest numbered VLAN interface found) SW1# ‫ اﺳﺖ‬SW3 ‫ در‬VTP Pruning ‫3. ﮐﺪﻫﺎي زﯾﺮ ﻧﺸﺎن دﻫﻨﺪه ﺻﺤﺖ اﻧﺘﺸﺎر ﺗﻨﻈﯿﻤﺎت‬ SW3#show vtp status VTP Version : 2 Configuration Revision : 3 Maximum VLANs supported locally : 36 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x77 0xF2 0x86 0xA4 0x3C 0x21 0x09 0xC0 Configuration last modified by 10.1.5.1 at 3-1-02 00:17:21 SW3# Sw3 ‫ ﻟﯿﺴﺖ در‬pruning ‫ و ﻣﺸﺎﻫﺪه‬SW3 ‫ در‬pruning ‫4. ﺑﺮرﺳﯽ وﺿﻌﯿﺖ‬ SW3#show interface trunk Port Fa0/13 Mode on Encapsulation 802.1q Port Fa0/13 Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Page 182 of 290
Port Fa0/13 Vlans allowed and active in management domain 1,10,20,30 Port Fa0/13 SW3# Vlans in spanning tree forwarding state and not pruned 1,10 pruning ‫ ﺗﺮاﻓﯿﮑﺸﺎن ﻋﺒﻮر داده ﻣﯿﺸﻮد و ﺗﺤﺖ‬SW3 ‫ ﻫﺎﯾﯽ ﮐﻪ در‬Vlan ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ از ﺧﺮوﺟﯽ دﺳﺘﻮرات ﺑﺮ ﻣﯽ آﯾﺪ‬ ‫ ﻫﺴﺘﻨﺪ.در ﻧﻈﺮ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﺳﻮﯾﯿﭻ ﺗﺮﻧﺴﭙﺮﻧﺖ در ﺻﻮرﺗﯽ ﻣﯿﺘﻮاﻧﺪ ﺗﺮاﻓﯿﮏ را از ﺧﻮد ﻋﺒﻮر‬Vlan 1,10 ‫ﻗﺮار ﻧﻤﯿﮕﯿﺮﻧﺪ‬ ‫ ﻋﺒﻮر ﻣﯿﮑﻨﺪ‬SW2 ‫ در‬Vlan 10 ‫ از‬SW1 ‫ در‬Vlan 10 ‫ ﻣﺘﻨﺎﻇﺮ ﺑﺎ آن را داﺷﺘﻪ ﺑﺎﺷﺪ ﺑﺮاي ﻣﺜﺎل ﺗﺮاﻓﯿﮏ‬vlan ‫دﻫﺪ ﮐﻪ‬ ‫ ﺑﺎﺷﺪ در ﻏﯿﺮ اﯾﻨﺼﻮرت ﺗﺮاﻓﯿﮏ ﻋﺒﻮر داده ﻧﺨﻮاﻫﺪ ﺷﺪ.اﯾﻦ ﻣﻬﻢ را‬Vlan 10 ‫ ﻫﻢ ﻣﯿﺒﺎﯾﺴﺖ داراي‬SW3 ‫در اﯾﻦ ﺑﯿﻦ‬ ‫ ﺑﺮﺳﯽ ﮐﺮد‬SW3 ‫ در‬Vlan 10 ‫ اﯾﻨﺘﺮﻓﯿﺲ‬ping ‫ﻣﯿﺘﻮاﻧﯿﻢ ﺑﺎ‬ SW1#ping 10.10.13.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.13.3, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms SW1# ‫ ﺣﺬف ﮐﻨﯿﻢ اﻣﮑﺎن‬SW2 ‫ را از‬Vlan 10 ‫ وﺟﻮد دارد اﻣﺎ اﮔﺮ‬SW3 ‫ در‬Vlan 10 ‫ﭘﯿﻨﮓ ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ ﺑﻮد ﺑﻪ دﻟﯿﻞ اﯾﻨﮑﻪ‬ ‫ را ازدﺳﺖ ﺧﻮاﻫﯿﻢ داد‬SW3 ‫در‬Vlan 10 ‫دﺳﺘﺮﺳﯽ ﺑﻪ‬ SW2#configure terminal SW2(config)#no vlan 10 SW2(config)#end SW2# SW1#ping 10.10.13.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.13.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) SW1# Page 183 of 290
‫آزﻣﺎﯾﺶ 21.4-ﺗﻨﻈﯿﻤﺎت ‪inter vlan routing-Router on stick‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Inter-VLAN routing‬ﺑﺎ اﺳﺘﻔﺎده از روﺗﺮ ﮐﻪ ﺑﺎ ﻧﺎم دﯾﮕﺮ ‪router on stick‬‬ ‫ﻫﻢ ﺷﻨﺎﺧﺘﻪ ﻣﯿﺸﻮد ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ .در اﯾﻦ ﺷﯿﻮه ﺳﻮﯾﯿﭻ و روﺗﺮ از ﻃﺮﯾﻖ ﺗﺮاﻧﮏ اﯾﻨﺘﺮﻓﯿﺲ و ﺗﻌﺮﯾﻒ ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ‬ ‫ﺑﻪ ﺗﻌﺪاد ‪ Vlan‬ﻫﺎ در ارﺗﺒﺎط ﺧﻮاﻫﻨﺪ ﺑﻮد‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﯾﮏ ﺳﮕﻤﻨﺖ ﻻﯾﻪ دوﯾﯽ ﺗﻨﻬﺎ در ﺻﻮرﺗﯽ ﻣﯿﺘﻮاﻧﺪ ﺑﺎ ﺳﺎﯾﺮ ﺷﺒﮑﻪ ارﺳﺎل و درﯾﺎﻓﺖ داده داﺷﺘﻪ ﺑﺎﺷﺪ ﮐﻪ ﺑﺎ ادوات ﻻﯾﻪ 3‬ ‫ﻣﺜﻞ روﺗﺮ ﯾﺎ ﺳﻮﯾﯿﭻ ﻻﯾﻪ 3 در ارﺗﺒﺎط ﺑﺎﺷﺪ ﮐﻪ ﺑﻪ ﻃﻮر ﻋﺎم ‪ Default gateway‬ﻧﺎم دارد.ﺣﺎﻟﺘﯽ را در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ ﮐﻪ در‬ ‫ﯾﮏ ﺳﻮﯾﯿﭻ ﻻﯾﻪ دوﯾﯽ ﭘﻨﺞ ‪ vlan‬ﺗﻌﺮﯾﻒ ﮐﺮده اﯾﻢ و ﺑﻪ ﻫﺮﯾﮏ ﻣﺎﺷﯿﻦ اﺧﺘﺼﺎص داده اﯾﻢ.ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻧﮑﺘﻪ ﺑﺎﻻ در وﺣﻠﻪ‬ ‫اول ﺑﻪ ﺗﻌﺪاد ‪ Vlan‬ﻫﺎ ﮐﻪ ﻫﺮﯾﮏ ﻣﻌﺎدل ﯾﮏ ﺷﺒﮑﻪ ﻻﯾﻪ دوﯾﯽ ﻫﺴﺘﻨﺪ ﻧﯿﺎز ﺑﻪ روﺗﺮ ﺧﻮاﻫﯿﻢ داﺷﺖ ﯾﺎ اﯾﻨﮑﻪ از روﺗﺮي‬ ‫اﺳﺘﻔﺎده ﮐﻨﯿﻢ ﮐﻪ ﺑﻪ ﺗﻌﺪاد ‪ Vlan‬ﻫﺎ اﯾﻨﺘﺮﻓﯿﺲ داﺷﺘﻪ ﺑﺎﺷﺪ. راه ﺣﻞ ﺗﻨﻬﺎ اﺳﺘﻔﺎده از ﯾﮏ روﺗﺮ اﺳﺖ. دروس ﮔﺬﺷﺘﻪ و‬ ‫ﻣﺒﺎﺣﺚ ‪ Dot1q‬ﺗﺮاﻧﮑﯿﻨﮓ را ﺑﻪ ﺧﺎﻃﺮ ﺑﯿﺎورﯾﺪ ﺗﺮاﻧﮏ را ﺑﻪ ﺻﻮرت اﯾﻨﺘﺮﻓﯿﺴﯽ ﺗﻌﺮﯾﻒ ﮐﺮدﯾﻢ ﮐﻪ ﻗﺎﺑﻠﯿﺖ ﻋﺒﻮر دﻫﯽ‬ ‫ﺗﺮاﻓﯿﮏ ﻫﻤﻪ ‪ Vlan‬ﻫﺎ را دارا اﺳﺖ.‬ ‫ﯾﮏ روﺗﺮ ﻣﯿﺘﻮاﻧﺪ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از ﺗﻨﻬﺎ ﯾﮏ ‪ dot1q‬ﺗﺮاﻧﮏ ﻓﯿﺰﯾﮑﯽ و اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ ازاي ﻫﺮ ‪ Vlan‬روي‬ ‫آن،ﻣﻨﻄﻘﺎ در ﻫﻤﻪ ‪ Vlan‬ﻫﺎي ﻣﻮﺟﻮد در ﺷﺒﮑﻪ داراي اﯾﻨﺘﺮﻓﯿﺲ ﺑﺎﺷﺪ.‬ ‫ﯾﮏ ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ در واﻗﻊ اﯾﻨﺘﺮﻓﯿﺴﯽ ﻣﺠﺎزي و ﻣﻨﻄﻘﯽ اﺳﺖ ﮐﻪ از اﯾﻨﺘﺮﻓﯿﺲ ﺣﻘﯿﻘﯽ روﺗﺮ ﻣﺸﺘﻖ ﺷﺪه‬ ‫اﺳﺖ.اﺳﺘﻔﺎده از ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ اﯾﻦ اﻣﮑﺎن را ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ ﮐﻪ ﭼﻨﺪﯾﻦ ﮐﺎﻧﻔﯿﮓ ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎي ﻣﺨﺘﻠﻒ را‬ ‫روي ﺗﻨﻬﺎ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻓﯿﺰﯾﮑﯽ داﺷﺘﻪ ﺑﺎﺷﯿﻢ.‬ ‫.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن 3‪SW2,SW‬‬ ‫اﯾﺠﺎد 03,02 ‪ Vlan‬در 1‪SW‬‬ ‫ﺗﻨﻈﯿﻢ 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Dot1q‬ﺗﺮاﻧﮏ ﻟﯿﻨﮏ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ 2/0‪ Fa‬ﺑﻪ 02 ‪ Vlan‬و 3/0‪ Fa‬ﺑﻪ 03 ‪ Vlan‬در 1‪SW‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.02.1.01 ﺑﻪ 0/0‪ Fa‬در 2‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/3.02.1.01 ﺑﻪ 0/0‪ Fa‬در 3‪R‬‬ ‫092 ‪Page 184 of‬‬
‫ﺗﺼﻮﯾﺮ 1.21.4- ‪Intervlan rounting – Router on stick‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ 02.0/0‪ Fa‬در 1‪ R‬ﺑﻪ ﻫﻤﺮاه ‪ Dot1q encapsulation‬و 02 ‪Dot1q tag of‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.02.1.01 ﺑﻪ 02.0/0‪Fa‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ 03.0/0‪ Fa‬در 1‪ R‬ﺑﻪ ﻫﻤﺮاه ‪ Dot1q encapsulation‬و 03 ‪Dot1q tag of‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.03.1.01 ﺑﻪ 02.0/0‪Fa‬‬ ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ‪ ip routing‬در 3‪ R2,R‬و ﺗﻨﻈﯿﻢ آدرس ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ در 1‪ R‬ﺑﻪ ﻋﻨﻮان ‪Default‬‬ ‫‪ gateway‬در 3‪R2,R‬‬ ‫092 ‪Page 185 of‬‬
R2 ‫ از ﻃﺮﯾﻖ‬R3 ‫ در‬Fa0/0 ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ ﭘﯿﻨﮓ‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﺑﻪ‬Dot1q tag of 20 ‫ و‬Dot1q encapsulation ‫ ﺑﻪ ﻫﻤﺮاه‬R1 ‫ در‬Fa0/0.20 ‫اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ‬  Fa0/0.20 ‫ﻫﻤﺮاه ﺗﺨﺼﯿﺺ آدرس 42/1.02.1.01 ﺑﻪ‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface fa0/0 R1(config-if)#no shut R1(config-if)#interface fa0/0.20 R1(config-subif)#encapsulation dot1q 20 R1(config-subif)#ip add 10.1.20.1 255.255.255.0 R1(config-subif)#exit R1(config)# ‫ ﺑﻪ‬Dot1q tag of 30 ‫ و‬Dot1q encapsulation ‫ ﺑﻪ ﻫﻤﺮاه‬R1 ‫ در‬Fa0/0.30 ‫1. اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ‬ Fa0/0.30 ‫ﻫﻤﺮاه ﺗﺨﺼﯿﺺ آدرس 42/1.03.1.01 ﺑﻪ‬ R1(config)#interface fa0/0.30 R1(config-subif)#encapsulation dot1q 30 R1(config-subif)#ip add 10.1.30.1 255.255.255.0 R1(config-subif)#end R1#sh run interface fa0/0.20 Building configuration... Current configuration : 96 bytes ! interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 10.1.20.1 255.255.255.0 end R1#sh run interface fa0/0.30 Building configuration... Current configuration : 96 bytes ! Page 186 of 290
interface FastEthernet0/0.30 encapsulation dot1Q 30 ip address 10.1.30.1 255.255.255.0 end R1#show ip interface brief | inc FastEthernet0/0 Interface IP-Address OK? Method FastEthernet0/0 unassigned YES unset FastEthernet0/0.20 10.1.20.1 YES manual FastEthernet0/0.30 10.1.30.1 YES manual R1# Status up up up Protocol up up up Default ‫ ﺑﻪ ﻋﻨﻮان‬R1 ‫ و ﺗﻨﻈﯿﻢ آدرس ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ در‬R2,R3 ‫ در‬ip routing ‫2. ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن‬ R2,R3 ‫ در‬gateway R2 con0 is now available Press RETURN to get started. R2>enable R2#configure terminal Enter configuration commands, one per line. R2(config)#no ip routing R2(config)#ip default-gateway 10.1.20.1 R2(config)#end R2# R3 con0 is now available End with CNTL/Z. Press RETURN to get started. R3>enable R3#configure terminal Enter configuration commands, one per line. R3(config)#no ip routing R3(config)#ip default-gateway 10.1.30.1 R3(config)#end R3# End with CNTL/Z. R2 ‫ از ﻃﺮﯾﻖ‬R3 ‫ در‬Fa0/0 ‫3. ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ ﭘﯿﻨﮓ‬ R2#ping 10.1.30.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.30.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/23/52 ms Page 187 of 290
R2# Page 188 of 290
‫آزﻣﺎﯾﺶ 31.4-ﺗﻨﻈﯿﻤﺎت ‪PVST‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ PerVLAN STP‬ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﮑﺎﻧﯿﺰم ﻻﯾﻪ دوﯾﯽ ﺷﻨﺎﺳﺎﯾﯽ ﻟﻮﭘﻬﺎ و ﺟﻠﻮﮔﯿﺮي‬ ‫از ﭘﺪﯾﺪ آﻣﺪن ﻃﻮﻓﺎﻧﻬﺎي ﺑﺮادﮐﺴﺘﯽ در ﺷﺒﮑﻪ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﺑﻪ دﻟﯿﻞ ﻣﺤﺪودﯾﺘﻬﺎي 3‪ Gns‬اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ادوات واﻗﻌﯽ اﻧﺠﺎم ﺧﻮاﻫﺪ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺣﺎﻟﺘﯽ را در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ ﮐﻪ دوﺳﻮﯾﯿﭻ ﻣﻌﻤﻮﻟﯽ)‪ (non manage‬را از ﻃﺮﯾﻖ دو رﺷﺘﻪ ﮐﺎﺑﻞ ﺷﺒﮑﻪ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﮐﺮده اﯾﻢ‬ ‫و ﺑﻪ ﻫﺮﯾﮏ ﻫﻢ ﯾﮏ دﺳﺘﮕﺎه ‪ PC‬ﻣﺘﺼﻞ ﮐﺮده اﯾﻢ. ﭘﺲ از ﮔﺬﺷﺖ ﻟﺤﻈﺎت ﮐﻮﺗﺎﻫﯽ ﺧﻮاﻫﯿﻢ دﯾﺪ ﮐﻪ ‪ Led‬ﻫﺎي ﻫﺮ دو‬ ‫ﺳﻮﯾﯿﭻ ﺑﻪ ﺷﺪت در ﺣﺎل ﭼﺸﻤﮏ زدن ﺧﻮاﻫﻨﺪ ﺷﺪ و ﭘﺲ از اﻧﺪﮐﯽ ارﺗﺒﺎط دو ‪ PC‬ﻣﺎ ﻗﻄﻊ ﺧﻮاﻫﺪ ﺷﺪ. ﻋﻠﺖ اﯾﻦ ﭘﺪﯾﺪه‬ ‫‪ broadcast strom‬ﻧﺎم دارد و ﻫﻨﮕﺎﻣﯽ ﭘﺪﯾﺪ ﻣﯽ آﯾﺪ ﮐﻪ ﺳﻮﯾﯿﭻ ﺑﺮادﮐﺴﺖ را ﻃﺒﻖ ﻗﻮاﻋﺪ اﯾﻨﮑﺎر ﺑﻪ ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺧﻮد‬ ‫ﺑﻪ ﺟﺰ ﭘﻮرﺗﯽ ﮐﻪ ﺑﺮادﮐﺴﺖ را از آن درﯾﺎﻓﺖ ﮐﺮده اﺳﺖ ارﺳﺎل ﻣﯿﮑﻨﺪ و ﻫﻨﮕﺎﻣﯽ ﮐﻪ دو ﻟﯿﻨﮏ ارﺗﺒﺎﻃﯽ ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭽﻬﺎ‬ ‫ﺑﺮﻗﺮار ﺷﻮد اﯾﻦ ﺟﺮﯾﺎن داده در ﯾﮏ ﺣﻠﻘﻪ ﺗﮑﺮار ﺑﯽ ﻧﻬﺎﯾﺖ ﻗﺮار ﻣﯿﮕﯿﺮد و آﻧﻘﺪر ﺑﺰرگ و ﺑﺰرﮔﺘﺮ ﻣﯿﺸﻮد ﮐﻪ ﺗﻤﺎم ﻇﺮﻓﯿﺖ‬ ‫ﺗﻤﺎﻣﯽ ﭘﻮرﺗﻬﺎ را ﭘﺮﺧﻮاﻫﺪ ﮐﺮد.‬ ‫ﺑﺮاي ﺣﻞ اﯾﻦ ﻣﺸﮑﻞ در ﺳﻮﯾﯿﭽﻬﺎي ﻣﺪﯾﺮﯾﺖ ﭘﺬﯾﺮ از ﭘﺮوﺗﮑﻞ ‪ Spaning tree‬ﮐﻪ ﻣﺴﺌﻮل ﺷﻨﺎﺳﺎﯾﯽ و ﺑﺮﻃﺮف ﮐﺮدن‬ ‫ﻟﻮﭘﻬﺎي ﻻﯾﻪ دو ﺑﺎ ﻫﺪف ﺟﻠﻮﮔﯿﺮي از ﺑﺮوز ﻃﻮﻓﺎﻧﻬﺎي ﺑﺮادﮐﺴﺘﯽ اﺳﺖ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.در اﯾﻦ ﺣﺎﻟﺖ ﻟﯿﻨﮑﻬﺎي دوم ﺑﻪ‬ ‫ﺑﻌﺪ ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭽﻬﺎ در ﺣﺎﻟﺖ ﻏﯿﺮ ﻓﻌﺎل ﻗﺮار ﻣﯿﮕﯿﺮﻧﺪ و اﺣﺘﻤﺎل ﺑﺮوز ﻃﻮﻓﺎﻧﻬﺎي ﺑﺮادﮐﺴﺘﯽ ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭽﻬﺎ ﺑﻪ ﺻﻔﺮ ﻣﯽ‬ ‫رﺳﺪ .‬ ‫ﺧﻮب ﭘﺲ اﺻﻼ ﻓﻠﺴﻔﻪ اﺳﺘﻔﺎده از ﭼﻨﺪ ﻟﯿﻨﮏ ﻓﯿﺰﯾﮑﯽ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﭼﯿﺴﺖ اﮔﺮ ﮐﻪ ﺗﻨﻬﺎ ﻣﺤﺪود ﺑﻪ اﺳﺘﻔﺎده ﯾﮏ‬ ‫ﻟﯿﻨﮏ ﻫﺴﺘﯿﻢ ؟ﭘﺎﺳﺦ در ﺑﻪ ﮐﺎر ﮔﯿﺮي ‪ Etherchannel‬اﺳﺖ ﮐﻪ ﺗﻌﺪادي ﻟﯿﻨﮏ ﻓﯿﺰﯾﮑﯽ را ﺑﻪ ﺻﻮرت ﯾﮏ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ‬ ‫ﺑﻪ ادوات دو ﺳﺮ ﻟﯿﻨﮏ ﻧﺸﺎن ﻣﯽ دﻫﺪ و در اﯾﻦ ﻫﻨﮕﺎم ‪Spaningtree‬ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ‪ Port-Channel‬ﻣﯽ‬ ‫رﺳﯿﺪ آﻧﺮا ﺑﻪ ﺻﻮرت ﯾﮏ ﺗﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻣﯿﺒﯿﻨﺪ و ﻧﻪ ﺗﻌﺪادي اﯾﻨﺘﺮﻓﯿﺲ ﻣﺠﺰا از ﻫﻢ. اﻟﺒﺘﻪ اﺳﺘﻔﺎده از ﭼﻨﺪﯾﻦ ﻟﯿﻨﮏ‬ ‫ﮐﺎرﺑﺮد دﯾﮕﺮي ﺑﻪ ﺟﺰ ‪ Etherchannel‬ﻫﻢ دارد ﻣﺜﻞ ﻟﻮد ﺑﺎﻻﻧﺲ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ ‪Vlan‬ﻫﺎي ﻣﺠﺰا،ﻓﺮﺿﺎ ﻟﯿﻨﮏ‬ ‫اول ﺗﺮاﻓﯿﮏ ‪ Vlan‬ﻫﺎي ﻓﺮد را ﻋﺒﻮر ﻣﯿﺪﻫﺪ و ﻟﯿﻨﮏ دوم ﺗﺮاﻓﯿﮏ ‪ Vlan‬ﻫﺎي زوج را.اﯾﻦ ﻣﻄﻠﺐ در ﻣﺒﺤﺚ ‪Multiple‬‬ ‫‪ Spaning tree‬ﻣﻮرد ﺑﺤﺚ ﻗﺮار ﻣﯿﮕﯿﺮد.‬ ‫ﭘﺮوﺗﮑﻞ ﻗﺪﯾﻤﯽ ‪ spanning tree‬ﯾﺎ ﻫﻤﺎن ‪ 802.1d‬ﺑﻪ ﻃﻮر ﮐﺎﻣﻞ از رده ﺧﺎرج ﺷﺪه و ﺻﺮﻓﺎ در ﺳﻮﯾﯿﭽﻬﺎﯾﯽ ﻗﺪﯾﻤﯽ‬ ‫ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد ﮐﻪ ﻗﺎﺑﻠﯿﺖ ﭘﺸﺘﯿﺒﺎﻧﯽ از ﺗﻨﻬﺎ ﯾﮏ ‪ Vlan‬را دارا ﻫﺴﺘﻨﺪ.ﺳﯿﺴﮑﻮ در ﻣﻘﻄﻌﯽ ﻣﺸﺎﻫﺪه ﮐﺮد ﮐﻪ‬ ‫ﭘﺮوﺗﮑﻞ ﻣﺬﺑﻮر ﻧﯿﺎز ﺑﻪ ﺟﺎري ﺷﺪن در ﻫﻤﻪ ‪ Vlan‬ﻫﺎ را دارد از اﯾﻨﺮو ﭘﺮوﺗﮑﻞ ﺟﺪﯾﺪﺗﺮ ‪ PVST‬و +‪ PVST‬را ﻣﻌﺮﻓﯽ‬ ‫ﮐﺮد.از اﯾﻨﺮو اﻣﺮوزه ﻫﺮ ‪ Vlan‬ﻣﮑﺎﻧﯿﺰم ‪ STP‬ﺧﻮد را ﺑﻪ ﻣﻨﻈﻮر ﺷﻨﺎﺳﺎﯾﯽ و رﻓﻊ ﻟﻮپ ﻫﺎي ﻻﯾﻪ دوﯾﯽ دارا ﻣﯿﺒﺎﺷﺪ.‬ ‫092 ‪Page 189 of‬‬
‫‪ STP‬از ﭘﺮوﺗﮑﻠﯽ ﺑﻪ ﻧﺎم )‪ BPDU (Bridge protocol data units‬ﺟﻬﺖ اﻧﺘﻘﺎل اﻃﻼﻋﺎت ﺧﻮد ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭽﻬﺎ‬ ‫اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ ﻓﺎرق از اﯾﻨﮑﻪ ﺳﻮﯾﯿﭻ ﺑﻪ ﻋﻨﻮان ‪ root‬اﻧﺘﺨﺎب ﺷﺪه ﺑﺎﺷﺪ ﯾﺎ در ﻣﺮﺣﻠﻪ اﻧﺘﺨﺎب ﺑﺎﺷﺪ.‪ STP‬از ﺣﺎﻟﺘﻬﺎي‬ ‫ﻣﺨﺘﻠﻔﯽ از ﭘﻮرﺗﻬﺎ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ﯾﮏ ﺗﻮﭘﻮﻟﻮژي ﺻﺤﯿﺢ ﻻﯾﻪ دوﯾﯽ ﻓﺎﻗﺪ ﻟﻮپ اﯾﺘﻔﺎده ﻣﯿﮑﻨﺪ از اﯾﻨﺮو ﻣﯿﺒﺎﯾﺴﺖ ﺑﺎ اﯾﻦ‬ ‫ﺣﺎﻟﺘﻬﺎ در ‪ PVST‬آﺷﻨﺎ ﺑﺎﺷﯿﻢ ﻣﺎﻧﻨﺪ ‪ root port-designated port‬و ﺳﺎﯾﺮ .‬ ‫ﺣﺎﻟﺖ ﭘﯿﺸﻔﺮض ‪ STP‬در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺳﯿﺴﮑﻮ ‪ PVST‬اﺳﺖ. در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ‬ ‫ﺷﺪ‬ ‫‪: spanning-tree vlan # root primary‬ﺳﻮﯾﯿﭻ را در ﺣﺎﻟﺖ ‪ root bridge‬ﺑﺮاي ‪ Vlan‬ﻣﺸﺨﺺ ﺷﺪه ﻗﺮار ﻣﯽ‬ ‫دﻫﺪ‬ ‫‪ :spanning-tree vlan # root secondary‬ﺳﻮﯾﯿﭻ را در ﺣﺎﻟﺖ ‪Backup root bridge‬ﺑﺮاي ‪ Vlan‬ﻣﺸﺨﺺ ﺷﺪه‬ ‫ﻗﺮار ﻣﯽ دﻫﺪ‬ ‫# ‪:spanning-tree vlan # priority‬ﺗﺨﺼﯿﺺ ‪ Bridge priority‬ﺑﻪ ﻫﺮ ‪ Vlan‬در ﺳﻮﯾﯿﭻ‬ ‫# ‪:show spanning-tree vlan‬ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ‪ STP‬ﻣﺮﺗﺒﻂ ﺑﺎ ‪ Vlan‬ﺧﺎص‬ ‫‪:show spanning-tree summary‬ﻧﻤﺎﯾﺶ ﻫﻤﻪ اﻃﻼﻋﺎت و ﺗﻌﺪاد ﭘﻮرﺗﻬﺎي ﻣﺮﺗﺒﻂ ﺑﺎ ‪STP‬‬ ‫‪:show spanning-tree detail‬ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﺟﺰﺋﯽ ﺗﺮ ﻣﺮﺑﻮط ﺑﻪ ﻫﺮ ﭘﻮرت ﻓﻌﺎل در ‪STP‬‬ ‫‪:show spanning-tree bridge‬ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ‪ STP‬ﻣﺮﺑﻮط ﺑﻪ ﻫﻤﻪ ‪ Vlan‬ﻫﺎ ﺑﻪ ﻫﻤﺮاه اﻟﻮﯾﺖ ﻫﺮ ‪، Vlan‬ﻣﺠﻮع‬ ‫‪ Mac،vlan priority + sys-id-ext‬آردس ‪ Bridge‬و ﺗﺎﯾﻤﺮﻫﺎ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﺷﮑﻞ زﯾﺮ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ‪ Etherchannel‬و ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ 21-01/0‪ Fa‬در ﺳﻮﯾﯿﭽﻬﺎي 2‪SW1,SW‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ‪ Etherchannel‬و ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ 51-31/0‪ Fa‬در 1‪ SW‬و 21-01/0‪ Fa‬در 3‪SW‬‬ ‫ﺑﺮﻗﺮاري ‪ Etherchannel‬و ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ 51-31/0‪ Fa‬در 2‪ SW‬و 51-31/0‪ Fa‬در 3‪SW‬‬ ‫ﺗﻌﯿﯿﻦ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Vtp‬ﺳﺮور و ﺳﺎﯾﺮﯾﻦ ﺑﻪ ﻋﻨﻮان ﮐﻼﯾﻨﺖ ﺗﺤﺖ داﻣﯿﻦ ‪ cisco‬و اﯾﺠﺎد ‪ vlan‬ﻫﺎي‬ ‫01و02و03 در ﺳﺮور و ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﻮزﯾﻊ آﻧﻬﺎ ﻣﺎﺑﯿﻦ ﮐﻼﯾﻨﺘﻬﺎ‬ ‫092 ‪Page 190 of‬‬
‫ﺗﺼﻮﯾﺮ 1.31.4- ‪PVST‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Root Bridge‬ﺑﺮاي ‪ Vlan‬ﻫﺎي 01,1 و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ 2‪SW‬‬ ‫ﺗﻨﻈﯿﻢ 2‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Root Bridge‬ﺑﺮاي ‪ 20 Vlan‬و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ 1‪SW‬‬ ‫ﺗﻨﻈﯿﻢ 2‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Root Bridge‬ﺑﺮاي ‪ 30 Vlan‬و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ 1‪SW‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺗﻨﻈﯿﻢ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Root Bridge‬ﺑﺮاي ‪ Vlan‬ﻫﺎي 01,1 و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ 2‪SW‬‬ ‫ﺑﺮاي ﮐﺎﻧﻔﯿﮓ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ root bridge‬ﺑﺮاي ‪ Vlan‬ﻫﺎي 1,01 دو راه ﭘﯿﺶ رو دارﯾﻢ :‬ ‫‪‬‬ ‫‪:spanning-tree vlan # root primary‬ﮐﻪ ﺑﻬﺘﺮﯾﻦ اﻟﻮﯾﺖ را اﻧﺘﺨﺎب ﻣﯿﮑﻨﺪ و آﻧﺮا ﺑﻪ ﻋﻨﻮان ‪root‬‬ ‫‪‬‬ ‫# ‪:spanning-tree vlan # priority‬ﮐﻪ ﺑﺎﯾﺪ ﺑﻪ ﻃﻮر دﺳﺘﯽ اوﻟﻮﯾﺖ ﺑﺮ ﺣﺴﺐ ﻫﺮ ‪ Vlan‬در ان ﻣﺸﺨﺺ ﺷﻮد‬ ‫‪ bridge‬ﻗﺮار ﻣﯽ دﻫﺪ‬ ‫092 ‪Page 191 of‬‬
‫ ﺷﺪن ﺑﯿﺸﺘﺮ ﺧﻮاﻫﺪ ﺷﺪ.ﺑﺮاي‬root bridge ‫ﺑﻪ ﺧﺎﻃﺮ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﻫﺮﻗﺪر اﯾﻦ ﻋﺪد ﮐﻮﭼﮑﺘﺮ ﺑﺎﺷﺪ ﺷﺎﻧﺲ ﺳﻮﯾﯿﭻ ﺑﺮاي‬ ‫ ﺑﺎﺷﺪ‬vlan ‫ ﮐﻪ ﻋﺪد ﻣﻌﺮف‬sys-id-ext ‫ را ﮐﻪ ﻣﺎﺑﯿﻦ 53556-0 اﺳﺖ را ﺑﺎ‬priority ‫ ﻋﺪد‬bridge priority ‫ﻣﺤﺎﺳﺒﻪ‬ ‫ﺟﻤﻊ ﻣﯿﮑﻨﯿﻢ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#spanning-tree vlan 1 root primary SW1(config)#spanning-tree vlan 10 root primary SW1(config)#end SW1# show spanning-tree vlan root ‫ ﯾﺎ‬show spanning-tree vlan # ‫ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از دﺳﺘﻮرات‬ ‫اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد‬ SW2#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 24577 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Interface ------------------Po21 Po23 Role ---Root Altn Forward Delay 15 sec 32769 (priority 32768 sys-id-ext 1) 001c.57d8.9000 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.216 128.232 Type --------------------------P2p P2p SW2#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 24586 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Bridge ID Priority 32778 Forward Delay 15 sec (priority 32768 sys-id-ext 10) Page 192 of 290
Address Hello Time Aging Time Interface ------------------Po21 Po23 Role ---Root Altn 001c.57d8.9000 2 sec Max Age 20 sec 300 sec Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.216 128.232 Forward Delay 15 sec Type --------------------------P2p P2p SW2#show span root Vlan ---------------VLAN0001 VLAN0010 VLAN0020 VLAN0030 SW2# Root Hello Max Fwd Root ID Cost Time Age Dly -------------------- --------- ----- --- --24577 0014.f2d2.4180 9 2 20 15 24586 0014.f2d2.4180 9 2 20 15 32788 0014.a964.2e00 9 2 20 15 32798 0014.a964.2e00 9 2 20 15 Root Port -----------Po21 Po21 Po23 Po23 ‫ ﻓﺎرق از اﯾﻨﮑﻪ ﺳﻮﯾﯿﭻ ﺟﺎري ﮐﻪ در آن ﻫﺴﺘﯿﻢ روت ﻫﺴﺖ‬show spanning-tree root ‫ﻫﻨﮕﺎم اﺳﺘﻔﺎده از دﺳﺘﻮر‬ ‫ ﭘﻮرﺗﯽ در ﺧﺮوﺟﯽ ﻣﺸﺨﺺ‬root ‫ ﺻﻔﺮ ﺑﺎﺷﺪ و‬root cost ‫ را ﻣﺸﺎﻫﺪه ﺧﻮاﻫﯿﻢ ﮐﺮد.اﮔﺮ‬root port ‫ و‬root cost ‫ﯾﺎ ﺧﯿﺮ‬ ‫ را داﺷﺘﻪ‬root port ‫ و‬root cost ‫ اﺳﺖ.اﻣﺎ اﮔﺮ در ﺧﺮوﺟﯽ‬root bridge ‫ﻧﺸﺪه ﺑﺎﺷﺪ ﺳﻮﯾﯿﭽﯽ ﮐﻪ در آن ﻫﺴﺘﯿﻢ‬ .‫ ﻫﺎ اﯾﻔﺎ ﺧﻮاﻫﻨﺪ ﮐﺮد‬vlan ‫ﺑﺎﺷﯿﻢ ﻣﺎﻧﻨﺪ ﺧﺮوﺟﯽ ﺑﺎﻻ ، ﻣﺸﺨﺺ ﺧﻮاﻫﺪ ﺷﺪ ﮐﻪ ﮐﺪام ﭘﻮرﺗﻬﺎ ﻧﻘﺶ روت را ﺑﺮاي ﮐﺪام‬ SW1 ‫ 02 و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﺮاي‬Root Bridge ‫ ﺑﻪ ﻋﻨﻮان‬SW2 ‫2. ﺗﻨﻈﯿﻢ‬ SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#spanning-tree vlan 20 root primary SW2(config)#end SW2# .‫100اﺳﺖ‬c.57d8.9000 ‫ داراي اوﻟﯿﺖ 65942 و ﻣﮏ آدرس‬root bridge ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﺑﺮرﺳﯽ زﯾﺮ ﻧﺸﺎن ﻣﯽ دﻫﺪ‬ SW2 ‫ ﻣﺘﺼﻞ ﺷﺪه اﺳﺖ. ﻋﻼوه ﺑﺮ اﯾﻦ‬SW2 ‫ اﺳﺖ ﮐﻪ ﻣﺴﺘﻘﯿﻤﺎ ﺑﻪ‬Port-channel12 ‫ﺑﻬﺘﺮﯾﻦ ﻣﺴﯿﺮ ﺑﻪ ﺳﻤﺖ آن ﻧﯿﺰ‬ .‫ در ﺣﮑﻢ روت اﺳﺖ‬Vlan 20 ‫ﻧﯿﺰ ﺑﺮاي‬ SW1#show spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 24596 Address 001c.57d8.9000 Page 193 of 290
Cost Port Hello Time Bridge ID 9 144 (Port-channel12) 2 sec Max Age 20 sec Priority Address Hello Time Aging Time 32788 (priority 32768 sys-id-ext 20) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface ------------------Po12 Po13 Role ---Root Altn Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.144 128.152 Forward Delay 15 sec Type --------------------------P2p P2p SW1# SW1 ‫ 03 و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﺮاي‬Root Bridge ‫ ﺑﻪ ﻋﻨﻮان‬SW2 ‫3. ﺗﻨﻈﯿﻢ‬ SW3 con0 is now available Press RETURN to get started. SW3>enable SW3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#spanning-tree vlan 30 root primary SW3(config)#end SW3# SW1#show spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol ieee Root ID Priority 24606 Address 0014.a964.2e00 Cost 9 Port 152 (Port-channel13) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Interface ------------------Po12 Po13 Role ---Desg Root Forward Delay 15 sec 32798 (priority 32768 sys-id-ext 30) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD FWD Cost --------9 9 Prio.Nbr -------128.144 128.152 Type --------------------------P2p P2p SW1# Page 194 of 290
Page 195 of 290
‫آزﻣﺎﯾﺶ 41.4 – ﺗﻨﻈﯿﻤﺎت ‪Rapid RPVST‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ﭘﺮوﺗﮑﻞ ‪IEEE 802.1w Standard (Cisco) Rapid Per-VLAN‬‬ ‫‪ Spanning Tree Protocol‬در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﺗﻮﺿﯿﺢ:ﺑﻪ دﻟﯿﻞ ﻣﺤﺪودﯾﺘﻬﺎي ﻣﺎژول ‪ NM-16ESW‬در 3‪ GN‬اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ اﺳﺘﻔﺎده از ادوات واﻗﻌﯽ اﻧﺠﺎم ﺧﻮاﻫﺪ‬ ‫ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫در آزﻣﺎﯾﺶ ﻗﺒﻠﯽ ﺑﺎ ﺗﻨﻈﯿﻤﺎت ‪ PVST‬ﮐﻪ ‪ STP‬را ﺑﺮاي ﻫﺮ ‪ Vlan‬ﺑﻪ ﻃﻮر ﻣﺠﺰا ﺑﺮﻗﺮار ﻣﯿﮑﺮد آﺷﻨﺎ ﺷﺪﯾﻢ.در اﯾﻦ‬ ‫آزﻣﺎﯾﺶ ﭘﺮوﺗﮑﻞ ﺟﺪﯾﺪﺗﺮ ‪ 802.1w‬را ﮐﻪ ﺗﮑﻤﯿﻞ ﺷﺪه ﭘﺮوﺗﮑﻞ ﻗﺒﻠﯽ ﻣﯽ ﺑﺎﺷﺪ را ﺑﺮرﺳﯽ ﺧﻮاﻫﯿﻢ ﮐﺮد.اﯾﻦ ﭘﺮوﺗﮑﻞ از‬ ‫آن ﺟﻬﺖ ‪ Rapid‬ﻧﺎم ﮔﺮﻓﺘﻪ اﺳﺖ ﮐﻪ زﻣﺎن ﭘﺎﺳﺨﮕﻮﯾﯽ آن ﻧﺴﺒﺖ ﺑﻪ ﻧﺴﺨﻪ ﻗﺒﻠﯽ ﺳﺮﯾﻌﺘﺮ ﻣﯽ ﺑﺎﺷﺪ رﻗﻤﯽ ﻧﺰدﯾﮏ ﺑﻪ 6‬ ‫ﺛﺎﻧﯿﻪ )ﭘﺲ از ﺳﻪ ‪ (Hello‬در ﺣﺎﻟﯽ ﮐﻪ در اﺳﺘﺎﻧﺪارد ﻗﺒﻠﯽ ‪ IEEE 802.1D‬اﯾﻦ ﻋﺪد 54 ﺛﺎﻧﯿﻪ ﺑﻮد.اﯾﻦ ﭘﺮوﺗﮑﻞ در ﻋﯿﻦ‬ ‫ﺣﺎل داراي ﺳﺎزﮔﺎري ﮐﺎﻣﻞ ﺑﺎ ﻧﺴﺨﻪ ﻗﺒﻠﯽ ‪ STP‬ﻣﻮﺟﻮد در ﺳﻮﯾﯿﭽﻬﺎي ﻗﺪﯾﻤﯽ ﺗﺮ ﻧﯿﺰ ﻣﯽ ﺑﺎﺷﺪ.‬ ‫وﯾﮋﮔﯽ ﺟﺪﯾﺪ دﯾﮕﺮي ﺑﻪ ﭘﺮوﺗﮑﻞ اﺿﺎﻓﻪ ﺷﺪه اﺳﺖ ﮐﻪ ﺗﻘﺮﯾﺒﺎ ﺷﺒﯿﻪ ‪ UplinkFast‬ﻣﯽ ﺑﺎﺷﺪ ﺑﻪ اﯾﻦ ﻣﻌﻨﯽ ﮐﻪ در ﺻﻮرت‬ ‫‪fail‬ﺷﺪن روت ﭘﻮرت ﺑﻪ ﺳﺮﻋﺖ ‪ alternate‬ﭘﻮرت را ﺟﺎﯾﮕﺰﯾﻦ آن ﻣﯽ ﮐﻨﺪ . ﻫﻤﯿﻨﻄﻮر در ﭘﺮوﺗﮑﻞ ﺟﺪﯾﺪ روت ﺑﺮﯾﺞ ﻗﺎدر‬ ‫اﺳﺖ ﺗﺎ از ﻃﺮﯾﻖ ﺳﺖ ﮐﺮدن ﺑﯿﺖ ‪ TC‬در ﻓﺮﯾﻢ ‪ ، BPDU‬ﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎي ﻣﻮﺟﻮد در ﺷﺒﮑﻪ را از ﺗﻐﯿﯿﺮات آﮔﺎه ﮐﻨﺪ.‬ ‫.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي و ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﻣﺘﻨﺎﻇﺮ ﺑﺎ آزﻣﺎﯾﺶ ﻗﺒﻠﯽ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ ﺳﻮﯾﯿﭽﻬﺎ ﺟﻬﺖ ﺑﻬﺮه ﮔﯿﺮي از ‪RPVST‬‬ ‫ﮐﺎﻧﻔﯿﮓ 1‪ SW‬ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي ‪Vlan‬ﻫﺎي 01,1 و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ 2‪SW‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ 2‪ SW‬ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي ‪ 20 Vlan‬و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ 1‪SW‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ 3‪ SW‬ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي ‪ 30 Vlan‬و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ 1‪SW‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫092 ‪Page 196 of‬‬
SW2 ‫ﻫﺎي 01,1 و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي‬SW1 ‫1. ﮐﺎﻧﻔﯿﮓ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#spanning-tree mode rapid-pvst SW1(config)#end %SYS-5-CONFIG_I: Configured from console by console SW1#show spanning-tree bridge Hello Vlan Bridge ID Time ---------------- --------------------------------- ----VLAN0001 32769 (32768, 1) 0014.f2d2.4180 2 VLAN0010 32778 (32768, 10) 0014.f2d2.4180 2 VLAN0020 32788 (32768, 20) 0014.f2d2.4180 2 VLAN0030 32798 (32768, 30) 0014.f2d2.4180 2 SW1# SW2 con0 is now available Max Age --20 20 20 20 Fwd Dly --15 15 15 15 Protocol -------rstp rstp rstp rstp Fwd Dly --15 15 15 15 Protocol -------rstp rstp rstp rstp Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#spanning-tree mode rapid-pvst SW2(config)#end %SYS-5-CONFIG_I: Configured from console by console SW2#show spanning-tree bridge Hello Vlan Bridge ID Time ---------------- --------------------------------- ----VLAN0001 32769 (32768, 1) 001c.57d8.9000 2 VLAN0010 32778 (32768, 10) 001c.57d8.9000 2 VLAN0020 32788 (32768, 20) 001c.57d8.9000 2 VLAN0030 32798 (32768, 30) 001c.57d8.9000 2 SW2# SW3 con0 is now available Max Age --20 20 20 20 Press RETURN to get started. SW3>enable SW3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#spanning-tree mode rapid-pvst SW3(config)#end %SYS-5-CONFIG_I: Configured from console by console SW3#show spanning-tree bridge Page 197 of 290
Vlan ---------------VLAN0001 VLAN0010 VLAN0020 VLAN0030 SW3# Hello Bridge ID Time --------------------------------- ----32769 (32768, 1) 0014.a964.2e00 2 32778 (32768, 10) 0014.a964.2e00 2 32788 (32768, 20) 0014.a964.2e00 2 32798 (32768, 30) 0014.a964.2e00 2 Max Age --20 20 20 20 Fwd Dly --15 15 15 15 Protocol -------rstp rstp rstp rstp SW1 ‫ 02 و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي‬SW2 ‫2. ﮐﺎﻧﻔﯿﮓ‬ SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#spanning-tree vlan 1 root primary SW1(config)#spanning-tree vlan 10 root primary SW1(config)#end %SYS-5-CONFIG_I: Configured from console by console SW1# SW2#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Interface ------------------Po21 Po23 Role ---Root Altn Forward Delay 15 sec 32769 (priority 32768 sys-id-ext 1) 001c.57d8.9000 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.216 128.232 Type --------------------------P2p P2p SW2#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 24586 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Forward Delay 15 sec 32778 (priority 32768 sys-id-ext 10) 001c.57d8.9000 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Page 198 of 290
Interface ------------------Po21 Po23 Role ---Root Altn Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.216 128.232 Type --------------------------P2p P2p SW2# SW1 ‫ 03 و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي‬SW3 ‫3. ﮐﺎﻧﻔﯿﮓ‬ SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#spanning-tree vlan 20 root primary SW2(config)#end %SYS-5-CONFIG_I: Configured from console by console SW2# SW1#show spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol rstp Root ID Priority 24596 Address 001c.57d8.9000 Cost 9 Port 144 (Port-channel12) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Interface ------------------Po12 Po13 Role ---Root Altn Forward Delay 15 sec 32788 (priority 32768 sys-id-ext 20) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.144 128.152 Type --------------------------P2p P2p SW1# SW1 ‫ 03 و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي‬SW3 ‫4. ﮐﺎﻧﻔﯿﮓ‬ SW3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#spanning-tree vlan 30 root primary SW3(config)#end %SYS-5-CONFIG_I: Configured from console by console SW3# SW1#show spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol rstp Root ID Priority 24606 Page 199 of 290
Address Cost Port Hello Time Bridge ID 0014.a964.2e00 9 152 (Port-channel13) 2 sec Max Age 20 sec Priority Address Hello Time Aging Time 32798 (priority 32768 sys-id-ext 30) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface ------------------Po12 Po13 Role ---Desg Root Sts --FWD FWD Cost --------9 9 Prio.Nbr -------128.144 128.152 Forward Delay 15 sec Type --------------------------P2p P2p SW1# Page 200 of 290
‫آزﻣﺎﯾﺶ 61.4-ﺗﻨﻈﯿﻤﺎت ‪Switchport Spanning Tree Portfast‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Spanning-Tree Switchport Portfast‬ﺑﺎ ﻫﺪف ورود ﻫﺮ ﭼﻪ ﺳﺮﯾﻌﺘﺮ‬ ‫ﭘﻮرﺗﻬﺎي اﮐﺴﺲ ﺑﻪ ﻣﺪار آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻓﺮض ﮐﻨﯿﺪ ﺻﺎﺣﺐ ﯾﮏ ﮐﺎﻣﭙﯿﻮﺗﺮ ﺑﺴﯿﺎر ﺳﺮﯾﻊ ﺳﺮﯾﻊ ﻫﺴﺘﯿﺪ ﯾﺎ ﻓﺮﺿﺎ ﯾﮏ ﺗﯿﻦ ﮐﻼﯾﻨﺖ دارﯾﺪ ﮐﻪ ﻃﯽ 5 ﺛﺎﻧﺒﻪ ﺑﻮت و ﻗﺎﺑﻞ‬ ‫اﺳﺘﻔﺎده ﻣﯿﺸﻮد.ﭼﻪ اﺗﻔﺎﻗﯽ ﻣﯿﺎﻓﺘﯿﺪ ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺗﺮاﻓﯿﮏ ﺳﯿﺴﺘﻢ ﺑﺮاي اوﻟﯿﻦ ﺑﻪ ﺳﻤﺖ ﭘﻮرت ﺳﻮﯾﯿﭻ روان ﻣﯿﺸﻮد؟ﭘﺎﺳﺦ‬ ‫اﯾﻨﺴﺖ ﮐﻪ ﺗﺮاﻓﯿﮏ ﺣﺬف ﻣﯿﺸﻮد! ﺑﺨﺎﻃﺮ اﯾﻨﮑﻪ ﭘﻮرت ﺣﺪود 51 ﺛﺎﻧﺒﻪ زﻣﺎن ﻧﯿﺎز دارد ﺗﺎ از ﺣﺎﻟﺖ ‪ blocking‬ﺑﻪ‬ ‫‪ forwarding‬ﺗﻐﯿﯿﺮ وﺿﻌﯿﺖ دﻫﺪ و در اﯾﻦ ﺣﯿﻦ ﺑﻪ دﻧﺒﺎل اﯾﻦ اﺳﺖ ﮐﻪ ﻣﺘﻮﺟﻪ ﺷﻮد ﮐﻪ آﯾﺎ ﻟﻮﭘﯽ در ﺷﺒﮑﻪ وﺟﻮد دارد ﯾﺎ‬ ‫ﺧﯿﺮ.ﭘﺲ از ﺣﺼﻮل اﻃﻤﯿﻨﺎن از اﯾﻨﮑﻪ ﻟﻮپ ﭘﺪﯾﺪ ﻧﺨﻮاﻫﺪ آﻣﺪ ﭘﻮرت اﮐﺴﺲ ﻣﺎ اﺑﺘﺪا در ﺣﺎل ‪ learning‬ﺳﭙﺲ‬ ‫‪ forwarding‬ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ. ﺣﺎﻻ اﮔﺮ ﺗﻨﻈﯿﻤﺎت ﺷﺒﮑﻪ دﺳﺘﮕﺎه ﻣﺎ ﺑﻪ ﮔﻮﻧﻪ اي ﺑﺎﺷﺪ ﮐﻪ اﮔﺮ ﻇﺮف 8 ﺛﺎﻧﯿﻪ ﻣﻮﻓﻖ ﺑﻪ‬ ‫درﯾﺎﻓﺖ ‪ IP‬از ﺷﺒﮑﻪ ﻧﺸﻮد ﭘﯿﻐﺎم ‪ failure‬ﻧﻤﺎﯾﺶ دﻫﺪ ﺳﯿﺴﺘﻢ ﻣﺎ ﻫﺮﮔﺰ ﺑﻪ آن ﺷﺒﮑﻪ ﻣﺘﺼﻞ ﻧﺨﻮاﻫﺪ ﺷﺪ.‬ ‫ﺳﺎده ﺗﺮﯾﻦ ﺗﻮﺿﯿﺢ اﯾﻨﺴﺖ ﮐﻪ ‪ portfast‬ﭘﻮرت ﻣﻮرد ﻧﻈﺮ را ﺳﺮﯾﻌﺎ ﺑﻪ ﺣﺎﻟﺖ ‪ forwarding‬ﺗﻐﯿﯿﺮ وﺿﻌﯿﺖ ﻣﯿﺪﻫﺪ و در‬ ‫اﯾﻦ ﺣﺎﻟﺖ ﺗﻼﺷﯽ ﺑﺮا ﺷﻨﺎﺳﺎﯾﯽ ﻟﻮپ در ﺷﺒﮑﻪ اﻧﺠﺎم ﻧﻤﯿﺪﻫﺪ ﻣﮕﺮ اﯾﻨﮑﻪ روي آن ﭘﻮرت ‪ BPDU‬دﯾﺎﻓﺖ ﮐﻨﺪ ﻧﺘﯿﺠﻪ‬ ‫اﯾﻨﮑﻪ اﮔﺮ اﯾﻦ ﻣﺸﺨﺼﻪ روي ﺗﻌﺪادي از ﭘﻮرﺗﻬﺎي ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﮑﻪ ﺳﻮﯾﯿﭻ ﻓﻌﺎل ﺑﺎﺷﺪ ﺑﺮاي ﻟﺤﻈﺎﺗﯽ ﺷﺎﻫﺪ ﺑﺮوز ﻟﻮپ در‬ ‫ﺷﺒﮑﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ اﻣﺎ ﺑﻪ ﺳﺮﻋﺖ ﺑﺮﻃﺮف ﺧﻮاﻫﺪ ﺷﺪ. ﻣﺰﯾﺖ دﯾﮕﺮ ‪ portfast‬ﻋﺪم اﯾﺠﺎد ‪TCN (Topology Change‬‬ ‫)‪ Notification‬ﺗﻮﺳﻂ ‪ STP‬ﺑﺎ ﻫﺮ ﺑﺎر آپ و داون ﺷﺪن ﭘﻮرت اﺳﺖ اﯾﻦ ﻣﻮﺿﻮع ﺑﺎﻋﺚ ﺻﺮﻓﻪ ﺟﻮﯾﯽ در ﻣﻨﺎﺑﻊ ﺳﯿﺴﺘﻤﯽ‬ ‫ﺳﻮﯾﯿﭻ ﻣﯿﺸﻮد زﯾﺮا ﻣﺠﺒﻮر ﻧﯿﺴﺖ ﺑﺎ ﻫﺮ ﺑﺎر ﺗﻐﯿﯿﺮ وﺿﻌﯿﺖ ﯾﮏ ﭘﻮرت اﮐﺴﺲ ﮐﻞ ﻣﺤﺎﺳﺒﺎت ﺧﻮد را از اول اﻧﺠﺎم دﻫﺪ.‬ ‫دو راه ﺑﺮاي ﻓﻌﺎل ﺳﺎزي ‪ portfast‬در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ وﺟﻮد دارد ﯾﮏ راه ﻓﻌﺎل ﺳﺎزي آن در ﺳﻄﺢ اﯾﻨﺘﺮﻓﯿﺲ و‬ ‫دﯾﮕﺮي در ﺳﻄﺢ ﮐﻞ ﺳﻮﯾﯿﭻ اﺳﺖ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي زﯾﺮ‬ ‫ﻓﻌﺎل ﺳﺎزي ‪ RPVST‬در 1‪SW‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻓﻌﺎل ﮐﺮدن 0/0‪ Fa‬در 1‪ R‬و ﻣﺸﺎﻫﺪه وﺿﻌﯿﺖ آن از ﻃﺮﯾﻖ ‪show spanning-tree‬‬ ‫092 ‪Page 201 of‬‬
‫ و‬R1 ‫ ﺳﭙﺲ ﻓﻌﺎل ﮐﺮدن ﻣﺠﺪد اﯾﻨﺘﺮﻓﯿﺲ‬SW1 ‫ در‬portfast ‫ﻏﯿﺮﻓﻌﺎل ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ و ﻓﻌﺎل ﮐﺮدن‬  ‫ در ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ و ﺑﺮرﺳﯽ ﺻﺤﺖ ﻋﻤﻠﮑﺮد آن‬portfast ‫ﻓﻌﺎل ﮐﺮدن‬  SW1 ‫ در‬Fa0/1 ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﻓﻌﺎل ﺷﺪن ﺳﺮﯾﻊ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ‬ show spanning-tree ‫ و ﻣﺸﺎﻫﺪه وﺿﻌﯿﺖ آن از ﻃﺮﯾﻖ‬R1 ‫ در‬Fa0/0 ‫1. ﻓﻌﺎل ﮐﺮدن‬ R1 con0 is now available Press RETURN to get started. *Mar 15 23:38:09.097: %SYS-5-CONFIG_I: Configured from console by console R1#enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface fa0/0 R1(config-if)#no shut R1(config-if)# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up R1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# SW1 ‫ از ﻃﺮﯾﻖ‬RSTP ‫ﻧﺘﯿﺠﻪ ﺑﺮرﺳﯽ‬ SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Forward Delay 15 sec 24577 (priority 24576 sys-id-ext 1) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------- Page 202 of 290
Fa0/1 Desg BLK 19 128.3 P2p SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Forward Delay 15 sec 24577 (priority 24576 sys-id-ext 1) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------Fa0/1 Desg LRN 19 128.3 P2p SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Forward Delay 15 sec 24577 (priority 24576 sys-id-ext 1) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------Fa0/1 Desg FWD 19 128.3 P2p SW1# ‫ ﻣﮏ آدرس را از ﻓﺮﯾﻤﻬﺎي‬learning ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﺸﻮد ﭘﻮرت اﺑﺘﺪا ﺗﺮاﻓﯿﮏ را ﺑﻼك ﻣﯿﮑﻨﺪ ﺳﭙﺲ در ﺣﺎﻟﺖ‬ ‫ ارﺳﺎﻟﯽ از ﺳﺎﯾﺮ ﻧﻘﺎط ﺷﺒﮑﻪ را ﺟﻬﺖ ﯾﺎﻓﺘﻦ ﻟﻮﭘﻬﺎي اﺣﺘﻤﺎﻟﯽ‬BPDU ‫درﯾﺎﻓﺘﯽ اﺳﺘﺨﺮاج ﻣﯿﮑﻨﺪ در ﻫﻤﯿﻦ ﺣﯿﻦ ﻓﺮﯾﻤﻬﺎي‬ .‫ ﺗﻐﯿﯿﺮ ﺣﺎﻟﺖ ﻣﯿﺪﻫﺪ‬forwarding ‫ﭘﺮدازش ﻣﯿﮑﻨﺪ ﺑﻌﺪ از آن ﺑﻪ ﺣﺎﻟﺖ‬ ‫ و‬R1 ‫ ﺳﭙﺲ ﻓﻌﺎل ﮐﺮدن ﻣﺠﺪد اﯾﻨﺘﺮﻓﯿﺲ‬SW1 ‫ در‬portfast ‫1. ﻏﯿﺮﻓﻌﺎل ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ و ﻓﻌﺎل ﮐﺮدن‬ SW1 ‫ در‬Fa0/1 ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﻓﻌﺎل ﺷﺪن ﺳﺮﯾﻊ‬ R1#configure terminal Enter configuration commands, one per line. R1(config)#interface fa0/0 R1(config-if)#shutdown Page 203 of 290 End with CNTL/Z.
R1(config-if)# SW1 ‫ در‬portfast ‫و ﺗﻨﻈﻤﯿﺎت‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface fa0/1 SW1(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode. SW1(config-if)#end SW1# ‫و ﻓﻌﺎل ﺳﺎزي ﻣﺠﺪد اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬ R1(config-if)#no shut R1(config-if)# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up R1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R1(config-if)# ‫ ﺗﻐﯿﯿﺮ ﺣﺎﻟﺖ داده اﺳﺖ‬forwarding ‫ ﺑﻼﻓﺎﺻﻠﻪ ﺑﻪ ﺣﺎﻟﺖ‬Fa0/1 ‫ ﻧﺸﺎن ﻣﯿﺪﻫﺪ ﮐﻪ‬SW1 ‫ در‬SPT ‫اﮐﻨﻮن ﺑﺮرﺳﯽ‬ SW1#show span VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority 24577 Forward Delay 15 sec (priority 24576 sys-id-ext 1) Page 204 of 290
Address Hello Time Aging Time 0014.f2d2.4180 2 sec Max Age 20 sec 300 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------Fa0/1 Desg FWD 19 128.3 P2p Edge SW1# ‫ در ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ و ﺑﺮرﺳﯽ ﺻﺤﺖ ﻋﻤﻠﮑﺮد آن‬portfast ‫2. ﻓﻌﺎل ﮐﺮدن‬ SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#spanning-tree portfast default %Warning: this command enables portfast by default on all interfaces. You should now disable portfast explicitly on switched ports leading to hubs, switches and bridges as they may create temporary bridging loops. SW1(config)#end SW1# SW1#show spanning-tree summary Switch is in rapid-pvst mode Root bridge for: VLAN0001 Extended system ID is Portfast Default is PortFast BPDU Guard Default is Portfast BPDU Filter Default is Loopguard Default is EtherChannel misconfig guard is UplinkFast is BackboneFast is Configured Pathcost method used enabled enabled disabled disabled disabled enabled disabled disabled is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------VLAN0001 0 0 0 1 1 ---------------------- -------- --------- -------- ---------- ---------1 vlan 0 0 0 1 1 SW1# Page 205 of 290
‫آزﻣﺎﯾﺶ 71.4:ﺗﻨﻈﯿﻤﺎت ‪ BPDU‬ﮔﺎرد‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ BPDU‬ﮔﺎرد ﺑﻪ ﻣﻨﻈﻮر ﺟﻠﻮﮔﯿﺮي از ﻓﻌﺎﻟﯿﺖ ﺳﻮﯾﯿﭽﻬﺎي ﻣﺘﻔﺮﻗﻪ از ﻃﺮﯾﻖ ﺧﺎﻣﻮش‬ ‫ﮐﺮدن ﭘﻮرﺗﻬﺎي درﯾﺎﻓﺖ ﮐﻨﻨﺪه ‪ BPDU‬ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ وﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﭼﻪ اﺗﻔﺎﻗﯽ ﺧﻮاﻫﺪ اﻓﺘﺎد اﮔﺮ ﯾﮏ ﮐﺎرﺑﺮ ﻣﻄﻠﻊ ﯾﺎ ﺣﺘﯽ ﻧﺎ ﻣﻄﻠﻊ ﻫﺎب/ﺳﻮﯾﯿﭽﯽ ﻣﺘﻔﺮﻗﻪ را ﺑﻪ ﭘﻮرﺗﻬﺎي ﺷﺒﮑﻪ )روي دﯾﻮار(‬ ‫ﻣﺘﺼﻞ ﮐﻨﺪ ؟ﭘﺎﺳﺦ ﮐﺎﻣﻼ روﺷﻦ اﺳﺖ و ﻧﺘﯿﺠﻪ اﯾﻨﮑﺎر اﯾﺠﺎد ﯾﮏ ﻟﻮپ ﻻﯾﻪ دوﯾﯽ ﺧﻮاﻫﺪ ﺑﻮد و ﻃﻮﻓﺎن ﺑﺮادﮐﺴﺖ ﺣﺎﺻﻞ از‬ ‫آن ﺳﺮﻋﺖ ﺷﺒﮑﻪ را در ﺣﺪ ارﺗﺒﺎﻃﺎت ‪ dial up‬ﭘﺎﯾﯿﻦ ﺧﻮاﻫﺪ آورد.‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﻬﻨﺪس ﺷﺒﮑﻪ اﯾﻦ وﻇﯿﻔﻪ ﻣﺎ اﺳﺖ ﮐﻪ از ﻓﺮاﻫﻢ آوردن اﻣﮑﺎن اﺗﺼﺎل ﺳﻮﯾﯿﭻ ﻫﺎي ﻣﺘﻔﺮﻗﻪ ﺗﻮﺳﻂ ﮐﺎرﺑﺮان ﯾﺎ‬ ‫ﺳﺎﯾﺮ اﺷﺨﺎص ﺑﻪ ﺷﺒﮑﻪ ﻣﻮﺟﻮد ﺑﻪ دﻻﯾﻠﯽ ﻫﻤﭽﻮن ﮐﻤﺒﻮد ﭘﻮرت در ﺳﻤﺖ ﮐﺎرﺑﺮ و ﻧﯿﺎز ﺑﻪ اﻓﺰاﯾﺶ آﻧﻬﺎ ﺟﻠﻮﮔﯿﺮي‬ ‫ﮐﻨﯿﻢ.‪ PDU‬ﮔﺎرد ﻣﮑﺎﻧﯿﺰﯾﻤﯽ اﺳﺖ ﮐﻪ از ﻃﺮﯾﻖ آن ﭘﻮرﺗﻬﺎﯾﯽ از ﺳﻮﯾﯿﭻ ﮐﻪ روي آﻧﻬﺎ ﻓﺮﯾﻤﻬﺎي ‪ BPDU‬درﯾﺎﻓﺖ ﻣﯿﺸﻮﻧﺪ‬ ‫ﺧﺎﻣﻮش ﻣﯿﺸﻮﻧﺪ ﻟﺬا اﻣﺮوزه ﺗﻨﻈﯿﻢ ‪ Portfast‬و ‪ BPDU‬ﮔﺎرد در ﭘﻮرﺗﻬﺎي اﮐﺴﺲ ﺳﻤﺖ ﮐﺎرﺑﺮي از ﻧﮑﺎت ﻣﻬﻢ و ﻣﺮﺳﻮم‬ ‫ﺑﻪ ﺣﺴﺎب ﻣﯽ آﯾﻨﺪ‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﭘﻮرﺗﯽ ﺗﻮﺳﻂ ﮔﺎرد ﺑﻪ ﺟﻬﺖ درﯾﺎﻓﺖ ‪ BPDU‬ﻏﯿﺮﻓﻌﺎل ﻣﯿﺸﻮد در ﺣﺎﻟﺖ ‪ ERR-Disabled‬ﻗﺮار ﻣﯿﮕﯿﺮد‬ ‫ﺑﺮاي اﺣﯿﺎ ﭘﻮرت ﻣﺬﺑﻮر ﺑﻪ ﺣﺎﻟﺖ اول ﯾﮑﺒﺎر آﻧﺮا ﺧﺎﻣﻮش ﻣﺠﺪدا روﺷﻦ ﻣﯿﮑﻨﯿﻢ.ﻫﻤﯿﻨﻄﻮر ﻣﯿﺘﻮاﻧﯿﻢ اﯾﻦ ﻣﺸﺨﺼﻪ را ﻣﺎﻧﻨﺪ‬ ‫‪ Portfast‬ﺑﻪ ﻃﻮر ﯾﮑﺠﺎ ﺑﺮاي ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ ﻓﻌﺎل ﮐﻨﯿﻢ .‬ ‫ﻧﮑﺘﻪ: ﻣﺎژول ‪ NM-16ESW‬در 3‪ GNS‬ﺗﻨﻬﺎ از ﺗﻨﻈﯿﻤﺎت ‪ BPDU‬ﮔﺎرد در ﺳﻄﺢ ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ ﭘﺸﺘﯿﺒﺎﻧﯽ‬ ‫ﻣﯿﮑﻨﺪ و ﻧﻪ ﺗﮏ ﭘﻮرت از اﯾﻨﺮو ﺗﻤﺮﯾﻨﺎت اﯾﻦ آزﻣﺎﯾﺶ را ﺑﺎ ادوات واﻗﻌﯽ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﺸﺎﺑﻪ آزﻣﺎﯾﺸﺎت ﻗﺒﻠﯽ‬ ‫ﺗﻨﻈﯿﻢ 1/0‪ Fa‬در ﻫﺮ دو ﺳﻮﯾﯿﭻ ﺑﻪ ﻋﻨﻮان اﮐﺴﺲ ﭘﻮرت واﻗﻊ در 01 ‪Vlan‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫092 ‪Page 206 of‬‬
‫ در ﻫﺮ دو ﺳﻮﯾﯿﭻ‬Fa0/1 ‫ ﺑﻮدن‬Up ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از‬  ‫ و ﺑﺮرﺳﯽ وﺿﻌﯿﺖ ﭘﻮرت در اﻧﺘﻬﺎ‬SW1 ‫ در‬Fa0/1 ‫ ﮔﺎرد‬BPDU ‫ﻓﻌﺎل ﺳﺎزي‬  ‫ﺣﺬف ﮔﺎرد و ﺑﺮرﺳﯽ وﺿﻌﯿﺖ ﭘﻮرﺗﻬﺎ در اﻧﺘﻬﺎ‬   ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ در ﻫﺮ دو ﺳﻮﯾﯿﭻ‬Fa0/1 ‫ ﺑﻮدن‬Up ‫1. ﺣﺼﻮل اﻃﻤﯿﻨﺎن از‬ show ip interface brief FastEthernet 0/10 Interface IP-Address OK? Method Status FastEthernet0/10 unassigned YES unset up SW1# Protocol up SW2#show interface fa0/10 FastEthernet0/10 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001c.57d8.900c (bia 001c.57d8.900c) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 2000 bits/sec, 4 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 49720 packets input, 3684013 bytes, 0 no buffer Received 48602 broadcasts (48602 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 48602 multicast, 0 pause input 0 input packets with dribble condition detected 3118 packets output, 381783 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out SW2# ‫ ﺳﭙﺲ ﻓﻌﺎل ﮐﺮدن‬SW1 ‫ ﮔﺎرد در‬BPDU ‫ و ﻓﻌﺎل ﮐﺮدن‬SW2 ‫ در‬Fa0/10 ‫2. ﺧﺎﻣﻮش ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ‬ SW1 ‫ وﺑﺮرﺳﯽ وﺿﻌﯿﺖ‬SW2 ‫ در‬Fa0/10 SW2#configure terminal Enter configuration commands, one per line. SW2(config)#interface fa0/10 Page 207 of 290 End with CNTL/Z.
SW2(config-if)#shutdown %LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down SW2(config-if)# SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface fa0/10 SW1(config-if)#spanning-tree bpduguard enable SW1(config-if)#end SW1# SW2(config-if)#no shutdown SW2(config-if)# %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to down SW2(config-if)# ‫ روي‬SW2 ‫ از ﺳﻤﺖ‬BPDU ‫ ﺑﺎ ﻣﻀﻤﻮن درﯾﺎﻓﺖ‬Syslog message ‫ ﻣﺮاﺟﻌﻪ ﮐﻨﯿﻢ ﺑﺎ ﯾﮏ‬SW1 ‫در اﯾﻦ ﻟﺤﻈﻪ اﮔﺮ ﺑﻪ‬ ‫ ﻣﻮاﺟﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ‬Fa0/1 SW1# %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/10 with BPDU Guard enabled. Disabling port. SW1# %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/10, putting Fa0/10 in err-disable state SW1# SW1#show interfaces fa0/10 FastEthernet0/10 is down, line protocol is down (err-disabled) Hardware is Fast Ethernet, address is 0014.f2d2.418c (bia 0014.f2d2.418c) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:02:43, output 00:08:44, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 3303 packets input, 403853 bytes, 0 no buffer Received 2097 broadcasts (2097 multicasts) 0 runts, 0 giants, 0 throttles Page 208 of 290
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 2097 multicast, 0 pause input 0 input packets with dribble condition detected 55416 packets output, 4095765 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out SW1# ‫ ﺑﻪ‬BPDU ‫ ﺑﻪ ﺟﻬﺖ ﻓﻌﺎل ﺑﻮدن ﮔﺎرد ﺑﻪ ﻣﺤﺾ درﯾﺎﻓﺖ‬SW1 ‫ در ﺳﻮﯾﯿﭻ‬Fa0/1 ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﻧﺘﻈﺎر ﻣﯿﺮﻓﺖ وﺿﻌﯿﺖ‬ ‫ دراﻣﺪه اﺳﺖ‬Err-Disabled ‫ﺣﺎﻟﺖ‬ ‫3. ﺣﺬف ﮔﺎرد و ﺑﺮرﺳﯽ وﺿﻌﯿﺖ ﭘﻮرﺗﻬﺎ در اﻧﺘﻬﺎ‬ SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface fa0/10 SW1(config-if)#no spanning-tree bpduguard enable SW1(config-if)#exit SW1(config)#spanning-tree portfast bpduguard default SW1(config)#end SW1# %SYS-5-CONFIG_I: Configured from console by console SW1# SW1(config)#do show spanning-tree summary Switch is in rapid-pvst mode Root bridge for: none Extended system ID is enabled Portfast Default is enabled PortFast BPDU Guard Default is enabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled EtherChannel misconfig guard is enabled UplinkFast is disabled BackboneFast is disabled Configured Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------Total 0 0 0 0 0 SW1(config)# Page 209 of 290
‫آزﻣﺎﯾﺶ 12.4-ﺗﻨﻈﯿﻤﺎت ‪Switch port analyzer session‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﺗﻨﻈﯿﻤﺎت ‪ SPAN‬ﺑﺎ ﻫﺪف ﮐﭙﯽ ﺗﺮاﻓﯿﮏ ﯾﮏ ﭘﻮرت ﺳﻮﯾﯿﭻ ﺑﻪ ﭘﻮرﺗﯽ دﯾﮕﺮ ﺑﻪ ﻣﻨﻈﻮر آﻧﺎﻟﯿﺰ ﺗﺮاﻓﯿﮏ‬ ‫ﺷﺒﮑﻪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ.‬ ‫آﯾﺎ ﺗﺎ ﮐﻨﻮن ﺑﻪ اﯾﻦ ﻣﻮﺿﻮع اﻧﺪﯾﺸﯿﺪه اﯾﺪ ﮐﻪ ﭼﻄﻮر ﺗﺮاﻓﯿﮏ ﻋﺒﻮري از ﯾﮏ ﭘﻮرت ﺳﻮﯾﯿﭻ را ﺟﻬﺖ اﻧﺎﻟﯿﺰ – ‪ sniff‬ﺑﻪ ﯾﮏ‬ ‫اﺑﺰار ﺗﺮاﻓﯿﮏ آﻧﺎﻻﯾﺰر ﻣﺎﻧﻨﺪ ‪ Wireshark‬ﻣﻨﺘﻘﻞ ﮐﻨﯿﺪ ؟راه ﺣﻞ در ﺑﻬﺮه ﮔﯿﺮي از ‪ SPAN‬اﺳﺖ.‬ ‫در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ اﺳﺘﻔﺎده از ‪ SPAN‬ﺟﻬﺖ رﻓﻊ اﺷﮑﺎل ﻣﺴﺎﺋﻞ ﭘﺪﯾﺪ آﻣﺪه ﻣﺎﺑﯿﻦ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎ‬ ‫وﺳﺮورﻫﺎ اﻣﺮي راﯾﺞ اﺳﺖ.ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺳﯿﺴﮑﻮ داراي ﻣﺤﺪودﯾﺖ در ﺗﻌﺪاد ‪ SPAN‬ﻫﺎي ﻓﻌﺎل ﻫﺴﺘﻨﺪ اﯾﻦ‬ ‫ﻣﺤﺪودﯾﺖ در 3‪ GNS‬و ﻣﺎژول ‪ NM-16ESW‬ﮐﻪ ﻧﻘﺶ ﺳﻮﯾﯿﭻ را در آن اﯾﻔﺎ ﻣﯿﮑﻨﺪ ﺑﻪ ﻋﺪد دو ﻣﯿﺮﺳﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫#/#‪ :monitor session 1 source interface interfacename‬ﯾﮏ ﺳﺸﻦ ‪ SPAN‬ﺟﺪﯾﺪ ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺒﺪا‬ ‫ﻣﺸﺨﺺ ﺷﺪه اﯾﺠﺎد ﻣﯿﮑﻨﺪ‬ ‫#/#‪ : monitor session 1 destination interface interfacename‬ﺗﻌﯿﯿﻦ اﯾﻨﺘﺮﻓﯿﺲ ﻣﻘﺼﺪي ﮐﻪ ﯾﮏ ﮐﭙﯽ از‬ ‫ﺟﺮﯾﺎن اﻃﻼﻋﺎﺗﯽ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺸﺨﺺ ﺷﺪه در دﺳﺘﻮر ﻗﺒﻞ را درﯾﺎﻓﺖ ﻣﯿﮑﻨﺪ.‬ ‫# ‪:show monitor session‬ﻧﻤﺎﯾﺶ وﺿﻌﯿﺖ # ‪ SPAN‬ﻣﺸﺨﺺ ﺷﺪه‬ ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ 1‪R1,R2,SW‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪ R‬و اﯾﺠﺎد 1‪ Vlan‬ﺑﺎ آدرس 42/01.1.1.01 در 1‪Sw‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ﺳﺸﻦ ‪ SPAN‬ﺑﺎ ﻣﺒﺪا 1/1‪ Fa‬و ﻣﻘﺼﺪ 2/1‪ Fa‬در 1‪SW‬‬ ‫.‬ ‫092 ‪Page 210 of‬‬
‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#monitor session 1 source interface fa1/1 SW1(config)#monitor session 1 destination interface fa1/2 SW1(config)#end SW1#show monitor session 1 Session 1 --------Source Ports: RX Only: None TX Only: None Both: Fa1/1 Source VLANs: RX Only: None TX Only: None Both: None Destination Ports: Fa1/2 Filter VLANs: None SW1# packet capturing ‫ ﯾﺎ ﺳﺎﯾﺮ ﻧﺮم اﻓﺰارﻫﺎي‬Wireshark ‫ و اﺟﺮاي‬Fa1/2 ‫ ﮐﺎﻣﭙﯿﻮﺗﺮ ﺑﻪ‬NIC ‫اﮐﻨﻮن ﻣﯿﺘﻮان ﺑﺎ اﺗﺼﺎل‬ ‫ ﭘﺮداﺧﺖ‬Fa1/1 ‫ﺑﻪ آﻧﺎﻟﯿﺰ ﺗﺮاﻓﯿﮏ ﭘﻮرت‬ Page 211 of 290
‫آزﻣﺎﯾﺶ 1.5-ﺗﻨﻈﯿﻤﺎت ﻟﯿﻨﮑﻬﺎي 1‪ PtP T‬از ﻃﺮﯾﻖ ‪ PPP‬ﯾﺎ ‪HDLC‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت ﻟﯿﻨﮑﻬﺎي ﺳﺮﯾﺎل 1‪ Point-to-Point T‬در روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ از ﻃﺮﯾﻖ‬ ‫)‪ PPP (Point to Point Protocol‬ﯾﺎ )‪ HDPC (High-Level Data Link Control Protocol‬آﺷﻨﺎ‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﻬﻨﺪس ﺷﺒﮑﻪ ﻧﯿﺎز اﺳﺖ ﺗﺎ ﺑﺎ ﺧﻄﻮط 1‪ T‬ﮐﻪ ﺳﺎﻟﻬﺎﺳﺖ ﺑﻪ ﻋﻨﻮان اﺳﺘﺎﻧﺪاردي ﺑﺎﻟﻔﻌﻞ ﺟﻬﺖ ﺑﺮﻗﺮاري‬ ‫ارﺗﺒﺎط ﻣﺤﺪود ﺑﻪ ﺳﺮﻋﺖ ‪ 1.544Mbps‬ﺑﺎ ﺷﻌﺐ ﮐﻮﭼﮏ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد آﺷﻨﺎ ﺑﺎﺷﯿﺪ.اﺳﺘﺎﻧﺪارد 1‪ T‬در ﻋﻤﻞ‬ ‫ﺑﻪ ﻣﺸﺘﻘﺎﺗﯽ ﺑﺎ ﭘﻬﻨﺎي ﺑﺎﻧﺪﻫﺎي ﮐﻤﺘﺮ ﻣﺎﻧﻨﺪ ﻣﺎﻧﻨﺪ ‪ 786Kbps،512Kbps‬ﯾﺎ ﺣﺘﯽ ‪ 1Mbps‬ﺗﻘﺴﯿﻢ ﻣﯿﺸﻮد. ﺧﻄﻮط 1‪ T‬از‬ ‫ﺑﻌﺪ ﻓﯿﺰﯾﮑﯽ زوج ﺳﯿﻤﻬﺎي ﻣﺴﯽ ﺑﻪ ﻫﻢ ﺗﺎﺑﯿﺪه ﺷﺪه اي ﻫﺴﺘﻨﺪ ﮐﻪ از ﻃﺮﯾﻖ ﮐﺎرﺗﻬﺎي اﻣﺮوزي ﺗﺮ ,1‪WIC-1DSU-T‬‬ ‫2‪ WIC-1DSU-T1-V‬ﯾﺎ 1‪ CSU/DSU T‬ﮐﻨﺘﺮﻟﺮﻫﺎي دروﻧﯽ ﺧﻮد روﺗﺮ ﺑﻪ آن ﻣﺘﺼﻞ ﻣﯿﺸﻮﻧﺪ.در ﻧﻤﻮﻧﻪ ﻫﺎي ﻗﺪﯾﻤﯽ‬ ‫ﺗﺮ ﻧﯿﺰ ﻣﯿﺘﻮان اﯾﻦ اﺗﺼﺎﻻت را از ﻃﺮﯾﻖ ﮐﺎﺑﻠﻬﺎي 53.‪ V‬و ﮐﺎرﺗﻬﺎي ‪ WIC-1T‬ﯾﺎ ‪ WIC-2T‬ﻣﺸﺎﻫﺪه ﮐﺮد.‬ ‫‪ WIC-1T‬راﯾﺞ ﺗﺮﯾﻦ راﺑﻂ ﺳﺮﯾﺎل در ﻣﺤﯿﻄﻬﺎي آزﻣﺎﯾﺸﮕﺎﻫﯽ ﻣﯿﺒﺎﺷﺪ و در ﻫﻨﮕﺎم ﮐﺎﻧﻔﯿﮓ آن ﻧﯿﺎز ﺑﻪ ﺗﻨﻈﯿﻢ ﻧﺰخ‬ ‫‪ Clock‬در ﺳﻤﺖ ‪ DCE‬ﮐﻪ ﺗﻮﺳﻂ ﺳﺮوﯾﺲ ﭘﺮواﯾﺪر ﺻﻮرت ﻣﯿﮕﯿﺮد و ﻫﻤﯿﻨﻄﻮر ‪ DTE‬ﮐﻪ ﺗﻮﺳﻂ ﺷﻤﺎ ﺻﻮرت ﻣﯿﮕﯿﺮد‬ ‫ﻣﯿﺒﺎﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫#/# ‪:show controller serial‬ﺟﻬﺖ ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﻣﺨﺘﺺ ﺑﻪ ﮐﻨﺘﺮﻟﺮ ﯾﮏ ﺳﺮﯾﺎل اﯾﻨﺘﺮﻓﯿﺲ ﺧﺎص ﺷﺎﻣﻞ‬ ‫ﻧﺮخ ‪ Clock‬و ﻧﻮع ﺗﺮﻣﯿﻨﯿﺸﻦ ﮐﺎﺑﻞ )‪(DTE or DCE‬‬ ‫# ‪:clock rate‬ﺟﻬﺖ ﺗﻨﻈﯿﻢ ﻧﺮخ ‪ Clock‬در ﺳﻤﺖ ‪DCE‬‬ ‫] ‪:encapsulation [ HDLC | PPP‬ﺟﻬﺖ اﻧﺘﺨﺎب ﻧﻮع ‪Encapsulation‬‬ ‫#/# ‪:show interface serial‬ﺟﻬﺖ ﻧﻤﺎﯾﺶ اﯾﻨﺘﺮﻓﯿﺲ ﺳﺮﯾﺎل ﻣﺸﺨﺺ ﺷﺪه ﻣﺎﻧﻨﺪ ﻧﻮع‬ ‫‪ Utilization،Uptime،MTU،Encapsulation‬و ﻣﻮاردي از اﯾﻦ دﺳﺖ.‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ 2‪R1,R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرﺳﻬﺎي 03/1.12.81.271 ﺑﻪ 1/0‪ S‬در 1‪ R‬و 03/2.12.81.271 ﺑﻪ 1/0‪ S‬در 2‪R‬‬ ‫092 ‪Page 212 of‬‬
‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ‬HDLC ‫ﮐﺎﻧﻔﯿﮓ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺳﺮﯾﺎل روﺗﺮﻫﺎ ﺑﻪ ﻣﻨﻈﻮر ﺑﻬﺮه ﮔﯿﺮي از‬  ‫ ﻣﺘﻨﺎﻇﺮ و ﭘﯿﻨﮓ دو ﻃﺮﻓﻪ ﻟﯿﻨﮏ‬show ‫دﺳﺘﻮرات‬ ‫ و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ‬PPP ‫ﮐﺎﻧﻔﯿﮓ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺳﺮﯾﺎل روﺗﺮﻫﺎ ﺑﻪ ﻣﻨﻈﻮر ﺑﻬﺮه ﮔﯿﺮي از‬  ‫ ﻣﺘﻨﺎﻇﺮ و ﭘﯿﻨﮓ دو ﻃﺮﻓﻪ ﻟﯿﻨﮏ‬show ‫دﺳﺘﻮرات‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/1 R1(config-if)#encapsulation hdlc R1(config-if)#no shutdown R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# %LINK-3-UPDOWN: Interface Serial0/1, changed state to up R1# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up R1# R2 con0 is now available Press RETURN to get started. R2>enable R2#configure terminal Enter configuration commands, one per line. R2(config)#interface Serial0/1 R2(config-if)#encapsulation hdlc R2(config-if)#no shutdown R2(config-if)#end R2# Page 213 of 290 End with CNTL/Z.
%SYS-5-CONFIG_I: Configured from console by console R2# %LINK-3-UPDOWN: Interface Serial0/1, changed state to up R2# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up R2# ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬  R1#show interface Serial0/1 Serial0/1 is up, line protocol is down Hardware is M4T MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, crc 16, loopback not set Keepalive set (10 sec) Restart-Delay is 0 secs Last input never, output 00:00:07, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38 packets output, 2332 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 5 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R1# ‫ﭘﯿﻨﮓ دو ﻃﺮف ﻟﯿﻨﮏ ﺟﻬﺖ اﻃﻤﯿﻨﺎن از ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ R1#ping 172.18.21.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.18.21.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/42/88 ms R1# Page 214 of 290
‫ و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ‬PPP ‫ﮐﺎﻧﻔﯿﮓ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺳﺮﯾﺎل روﺗﺮﻫﺎ ﺑﻪ ﻣﻨﻈﻮر ﺑﻬﺮه ﮔﯿﺮي از‬  ‫ ﻣﺘﻨﺎﻇﺮ و ﭘﯿﻨﮓ دو ﻃﺮﻓﻪ ﻟﯿﻨﮏ‬show ‫دﺳﺘﻮرات‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/1 R1(config-if)#encapsulation ppp R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down R1# R2# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/1 R2(config-if)#encapsulation ppp R2(config-if)#end R2# %SYS-5-CONFIG_I: Configured from console by console %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up R2# ‫ ﺑﻪ‬line protocol ‫ وﺿﻌﯿﺖ‬PPP ‫ ﺑﻪ‬HDLC ‫ از‬R1 ‫ در‬Encapsulation ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﺸﻮد ﭘﺲ از ﺗﻐﯿﯿﺮ‬ .‫ دو ﻃﺮف اﺳﺖ‬Encapsulation ‫ در ﻣﯽ آﯾﺪ ﮐﻪ ﺑﻪ دﻟﯿﻞ ﯾﮑﺴﺎن ﻧﺒﻮدن وﺿﻌﯿﺖ‬down ‫ﺣﺎﻟﺖ‬ R1# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up R1# R1#show interface Serial0/1 Serial0/1 is up, line protocol is up Hardware is M4T Internet address is 172.18.21.1/30 MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: IPCP, CDPCP, crc 16, loopback not set Keepalive set (10 sec) Restart-Delay is 0 secs Page 215 of 290
Last input 00:00:40, output 00:00:07, output hang never Last clearing of "show interface" counters 00:04:34 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 54 packets input, 2146 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 69 packets output, 2553 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 12 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 2 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R1#ping 172.18.21.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.18.21.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/49/88 ms R1# Page 216 of 290
‫آزﻣﺎﯾﺶ 2.5 – ﺗﻨﻈﯿﻤﺎت ﻟﯿﻨﮑﻬﺎي ‪ Framerelay‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت و رﻓﻊ اﺷﮑﺎل ﻟﯿﻨﮑﻬﺎي ﻓﯿﺰﯾﮑﯽ ‪ Framerelay‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ در ﯾﮏ روﺗﺮ‬ ‫ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﻣﺮور ﻣﻔﺎﻫﯿﻢ و ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﻣﺮوزه ‪ FR‬ﺟﺰ ﺗﮑﻨﻮﻟﻮژﯾﻬﺎي رو ﺑﻪ زواﻟﯽ اﺳﺖ ﮐﻪ اﮐﺜﺮ ﮐﻤﭙﺎﻧﯿﻬﺎي ﺑﻪ ﻧﻔﻊ ‪ MPLS‬از آن ﻣﻬﺎﺟﺮت ﻣﯿﮑﻨﻨﺪ اﻣﺎ ﮐﻨﺎر‬ ‫ﮔﺬاﺷﺘﻦ ﺟﻨﺒﻪ ﻫﺎي ﻣﻄﺎﻟﻌﺎﺗﯽ آن ﺑﺎ اﯾﻦ ﻫﺪف ﮐﻪ ﺑﻪ ﻃﻮر ﻋﺎم ﻗﺎﺑﻠﯿﺖ اﺟﺮا ﻧﺪارد ﮐﺎر درﺳﺘﯽ ﻧﯿﺴﺖ زﯾﺮا ﺑﺎ ﺣﺬف آن ﻋﻤﻼ‬ ‫راﻫﮑﺎر ﻣﻄﺎﻟﻌﺎﺗﯽ دﯾﮕﺮي ﺑﺮاي درك ﻣﻔﺎﻫﯿﻢ ‪ Packet switching‬ﺑﺎﻗﯽ ﻧﻤﯿﻤﺎﻧﺪ ﻣﻀﺎف ﺑﺮ اﯾﻨﮑﻪ ﺑﻪ ﻫﺮ ﺣﺎل ﺟﻬﺖ‬ ‫ﮔﺬراﻧﺪن اﻣﺘﺤﺎﻧﺎت رﺳﻤﯽ ‪ CCNA‬و ﺑﺎﻻﺗﺮ ﺑﻪ آن اﺣﺘﯿﺎج دارﯾﻢ.‬ ‫‪ FR‬ﯾﮏ ﺗﮑﻨﻮﻟﻮژي ﺳﻮﯾﯿﭽﯿﻨﮓ ﻻﯾﻪ 2 اﺳﺖ ﮐﻪ ﻓﺮاﯾﻨﺪ ﺳﻮﯾﯿﭽﯿﻨﮓ ﻓﺮﯾﻤﻬﺎ را از ﻃﺮﯾﻖ ﭘﺮواﯾﺪر ﻣﺮﺑﻮﻃﻪ اﻧﺠﺎم ﻣﯿﺪﻫﺪ.ﺑﻪ‬ ‫ﻫﺮﯾﮏ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ادوات در ﺗﻤﺎس ﺑﺎ ﭘﺮواﯾﺪر )‪ (Edge level‬ﯾﮏ ‪DLCI (Data Link Connection‬‬ ‫)‪ Identifier‬ﻣﻨﺘﺘﺴﺐ ﻣﯿﺸﻮد ﮐﻪ ﻣﻔﻬﻮﻣﯽ ﺷﺒﯿﻪ ﺷﻤﺎره ﺗﻠﻔﻨﻬﺎي داﺧﻠﯽ دارد ﻣﺜﻼ ﺷﻤﺎ ﺗﻠﻔﻦ ﺑﺎ ﺷﻤﺎره داﺧﻠﯽ 321 را‬ ‫ﺑﺮﻣﯿﺪارﯾﺪ و ﺑﺎ ﺷﻤﺎره 543 ﺗﻤﺎس ﻣﯿﮕﯿﺮﯾﺪ و ارﺗﺒﺎط دوﻃﺮف ﺑﺮﻗﺮار ﻣﯿﺸﻮد.‬ ‫‪ FR‬ﺑﻪ ﻫﺮ ﯾﮏ از ﻓﺮﯾﻤﻬﺎي ﺧﺮوﺟﯽ از اﯾﻨﺘﺮﻓﯿﺲ ادوات ﻟﺒﻪ اي ﯾﮏ ‪ DLCI‬ﻣﻨﺘﺴﺐ ﻣﯿﮑﻨﺪ و ﻣﺒﯿﻦ ﻣﺴﯿﺮي اﺳﺖ ﮐﻪ‬ ‫ﭘﺲ از رﺳﯿﺪن ﺑﻪ روﺗﺮ ﻟﺒﻪ اي ﭘﺮواﯾﺪر ﻣﯽ ﺑﺎﯾﺴﺖ ﻃﯽ ﮐﻨﺪ.‬ ‫ﻟﯿﻨﮑﻬﺎي ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ‪ FR‬ﺑﻪ دوﺷﮑﻞ ﮐﺎﻧﻔﯿﮓ ﻣﯿﺸﻮﻧﺪ.روش اول ﺗﺨﺼﯿﺺ ‪ DLCI‬ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ اﺳﺖ در اﯾﻦ‬ ‫ﺣﺎﻟﺖ ﻫﺮ ﻓﺮﯾﻤﯽ ﮐﻪ ﺑﻪ ﺳﻤﺖ اﯾﻦ اﯾﻨﺘﺮﻓﯿﺲ ﻣﯽ رود ﺑﺎ ﺷﻤﺎره ‪ DLCI‬ﻣﻌﯿﻨﯽ ﺑﺮﭼﺴﭗ ﺧﻮرده و ﺧﺎرج ﻣﯿﺸﻮد.راه ﺣﻞ‬ ‫دوم اﯾﺠﺎد ‪ sub interface‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ اﺳﺖ ﮐﻪ در آزﻣﺎﯾﺶ ﺑﻌﺪي ﺑﻪ آن ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫‪ :encapsulation frame-relay‬در ﻣﻮد ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺲ ﺳﺮﯾﺎل ﺑﺎ ﻫﺪف ﺗﻈﻨﯿﻢ ‪ encapsulation‬ﺑﻪ ‪ FR‬اﺳﺘﻔﺎده‬ ‫ﻣﯿﺸﻮد‬ ‫# ‪:frame-relay interface-dlci‬ﺟﻬﺖ ﺗﺨﺼﯿﺺ ‪ DLCI‬ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ‬ ‫# ‪:show frame-relay pvc‬ﺟﻬﺖ ﻧﻤﺎﯾﺶ ﻫﻤﻪ ‪ DLCI‬ﻫﺎي ﯾﺎد ﮔﺮﻓﺘﻪ ﺷﺪه ﺗﻮﺳﻂ روﺗﺮ از ﻃﺮﯾﻖ ﺳﻮﯾﯿﭻ ‪FR‬‬ ‫ﻫﻤﯿﻨﻄﻮر اﻃﻼﻋﺎت ﻣﺮﺑﻮط ﺑﻪ وﺿﻌﯿﺖ ‪ PVC‬و ﻓﺮﯾﻤﻬﺎ‬ ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫092 ‪Page 217 of‬‬
R1,R2 ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎي‬ R2 ‫ در‬S0/0 ‫ و آدرس 03/2.12.01.01 ﺑﻪ‬R1 ‫ در‬S0/0 ‫ﺗﺨﺼﯿﺺ آدرس 03/1.12.01.01 ﺑﻪ‬   ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ آن و ﺗﺴﺖ ﺻﺤﺖ‬DLCI ‫ و ﺗﺨﺼﯿﺺ 221 ﺑﻪ‬FR ‫ ﺟﻬﺖ ﮐﭙﺴﻮﻟﻪ ﮐﺮدن ﺗﺮاﻓﯿﮏ از ﻃﺮﯾﻖ‬R1 ‫ در‬s0/0 ‫ﺗﻨﻈﯿﻢ‬  ‫ﺗﻨﻈﯿﻤﺎت‬ ‫ آن و ﺗﺴﺖ‬DLCI ‫ و ﺗﺨﺼﯿﺺ 122 ﺑﻪ‬FR ‫ ﺟﻬﺖ ﮐﭙﺴﻮﻟﻪ ﮐﺮدن ﺗﺮاﻓﯿﮏ از ﻃﺮﯾﻖ‬R2 ‫ در‬s0/0 ‫ﺗﻨﻈﯿﻢ‬  ‫ از ﻃﺮﯾﻖ ﻟﯿﻨﮏ اﯾﺠﺎد ﺷﺪه‬R1 ‫ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت و ﭘﯿﻨﮓ‬  ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ آن و ﺗﺴﺖ ﺻﺤﺖ‬DLCI ‫ و ﺗﺨﺼﯿﺺ 221 ﺑﻪ‬FR ‫ ﺟﻬﺖ ﮐﭙﺴﻮﻟﻪ ﮐﺮدن ﺗﺮاﻓﯿﮏ از ﻃﺮﯾﻖ‬R1 ‫ در‬s0/0 ‫ﺗﻨﻈﯿﻢ‬  ‫ﺗﻨﻈﯿﻤﺎت‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/0 R1(config-if)#no shutdown R1(config-if)# %LINK-3-UPDOWN: Interface Serial0/0, changed state to up R1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up R1(config-if)#encapsulation frame-relay R1(config-if)#frame-relay interface-dlci 122 R1(config-fr-dlci)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# show pvc ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ دﺳﺘﻮر‬ R1#show interface serial0/0 Page 218 of 290
Serial0/0 is up, line protocol is up Hardware is PowerQUICC Serial Internet address is 10.10.12.1/30 MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY, loopback not set Keepalive set (10 sec) CRC checking enabled LMI enq sent 18, LMI stat recvd 18, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0 Last input 00:00:00, output 00:00:06, output hang never Last clearing of "show interface" counters 00:04:50 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 36 packets input, 1604 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort 23 packets output, 684 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R1#show frame-relay pvc 122 PVC Statistics for interface Serial0/0 (Frame Relay DTE) DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0 input pkts 26 output pkts 4 in bytes 1554 out bytes 416 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:03:46, last time pvc status changed 00:02:04 R1# ‫ ﻏﯿﺮ ﻓﻌﺎل اﺳﺖ.اﯾﻦ ﺑﺪﯾﻦ ﺧﺎﻃﺮ اﺳﺖ ﮐﻪ ﺳﻤﺖ دوم ﻟﯿﻨﮏ‬DLCI 122 ‫ ﻣﺘﻌﻠﻖ ﺑﻪ‬PVC ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﺸﻮد‬ ‫ ﻓﻌﺎل ﺧﻮاﻫﺪ ﺷﺪ و ﺗﺮاﻓﯿﮏ دو ﻃﺮﻓﻪ ﻋﺒﻮر‬PVC ‫ ﮐﺎﻧﻔﯿﮓ ﺷﻮد‬R2 ‫ﻏﯿﺮ ﻓﻌﺎل اﺳﺖ.ﺑﻪ ﻣﺤﺾ اﯾﻨﮑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ در‬ .‫ﺧﻮاﻫﺪ ﮐﺮد‬ Page 219 of 290
‫ آن و ﺗﺴﺖ‬DLCI ‫ و ﺗﺨﺼﯿﺺ 122 ﺑﻪ‬FR ‫ ﺟﻬﺖ ﮐﭙﺴﻮﻟﻪ ﮐﺮدن ﺗﺮاﻓﯿﮏ از ﻃﺮﯾﻖ‬R2 ‫ در‬s0/0 ‫ﺗﻨﻈﯿﻢ‬  ‫ از ﻃﺮﯾﻖ ﻟﯿﻨﮏ اﯾﺠﺎد ﺷﺪه‬R1 ‫ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت و ﭘﯿﻨﮓ‬ R2 con0 is now available Press RETURN to get started. R2>enable R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0 R2(config-if)#no shutdown R2(config-if)# %LINK-3-UPDOWN: Interface Serial0/0, changed state to up R2(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up R2(config-if)#encapsulation frame-relay R2(config-if)#frame-relay interface-dlci 221 R2(config-fr-dlci)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ R2#show frame-relay pvc 221 PVC Statistics for interface Serial0/0 (Frame Relay DTE) DLCI = 221, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0 input pkts 9 output pkts 40 in bytes 796 out bytes 2390 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 33 out bcast bytes 1662 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:04:40, last time pvc status changed 00:00:04 R2#ping 10.10.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.12.1, timeout is 2 seconds: ..!!! Success rate is 60 percent (3/5), round-trip min/avg/max = 28/29/32 ms R2# Page 220 of 290
‫آزﻣﺎﯾﺶ 3.5 – ﺗﻨﻈﯿﻤﺎت ‪ Sub interface‬در ارﺗﺒﺎﻃﺎت ‪Ppoint to point Frame relay‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﯾﺠﺎد ﺗﻌﺪاد زﯾﺎدي ارﺗﺒﺎط ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﻣﺒﺘﻨﯽ ﺑﺮ ‪ FR‬از ﻃﺮﯾﻖ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ‬ ‫ﻓﯿﺰﯾﮑﯽ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫در دو درس ﮔﺬﺷﺘﻪ ﺑﺎ ﮐﻠﯿﺎت ‪ FR‬و ﻟﯿﻨﮑﻬﺎي ‪ PTP‬آﺷﻨﺎ ﺷﺪﯾﻢ در اﯾﻦ درس ﻗﺼﺪ دارﯾﻢ ﭘﺎ را ﻓﺮاﺗﺮ ﮔﺬاﺷﺘﻪ و ﺗﻌﺪاد‬ ‫زﯾﺎدي ارﺗﺒﺎط ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ را از ﻃﺮﯾﻖ ﯾﮏ روﺗﺮ و ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻓﯿﺰﯾﮑﯽ اﻣﺎ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از ﺗﻌﺪادي -‪Sub‬‬ ‫‪ interface‬ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ‪ PVC‬ﻫﺎي ﻣﺘﻌﺪد ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﻫﺮ ﻣﺴﯿﺮ ارﺗﺒﺎﻃﯽ اﯾﺠﺎد ﮐﻨﯿﻢ.‬ ‫در آزﻣﺎﯾﺶ ﻗﺒﻞ 1‪ R‬از ﻃﺮﯾﻖ اﯾﻨﺘﺮﻓﯿﺲ ﻓﯿﺰﯾﮑﯽ ﺧﻮد ﺑﻪ 2‪ R‬ﻣﺘﺼﻞ ﺷﺪ . ﺑﺎ اﯾﺠﺎد ﯾﮏ ‪ Sub-interface‬ﻣﺒﺘﻨﯽ ﺑﺮ ‪FR‬‬ ‫ﮐﻪ ﺑﻪ آن ﯾﮏ ‪ Dlci‬ﺗﺨﺼﯿﺺ داده ﺷﺪه اﺳﺖ ﻣﯿﺘﻮان ارﺗﺒﺎط ‪ FR‬دوم را ﺑﺎ 3‪ R‬ﺑﺮﻗﺮار ﮐﺮد.ﺗﻮﺻﯿﻪ ﻣﯿﺸﻮد در ﻫﻨﮕﺎم‬ ‫ﺗﺨﺼﯿﺺ ‪ DLci‬ﺑﻪ ‪ Sub-interface‬ﻫﺎ از ﻫﻤﺎن ﺷﻤﺎره ‪ Sub-interface‬ﺟﻬﺖ اﯾﺠﺎد ﺳﻬﻮﻟﺖ ﺑﯿﺸﺘﺮ در ﻣﺴﺘﻨﺪ ﺳﺎزي‬ ‫ﺷﺒﮑﻪ اﺳﺘﻔﺎده ﺷﻮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮر زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫‪ :interface Serial#/#.### point-to-poin‬اﯾﻦ دﺳﺘﻮر ﯾﮏ ‪ sub-interface‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﺟﻬﺖ ﺗﺨﺼﯿﺺ ‪Dlci‬‬ ‫ﺑﻪ آن اﯾﺠﺎد ﻣﯿﮑﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎي 3‪R1,R2,R‬‬ ‫ﺗﻨﻈﯿﻢ ‪ encapsulation‬اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺳﺮﯾﺎل 3‪ R1,R2,R‬ﺑﻪ ‪FR‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد دو ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ 221.0/0‪ Serial‬و 321.0/0‪ Serial‬در 1‪ R‬و ﺗﺨﺼﯿﺺ ‪122,123 Dlci‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 122.0/0‪ Serial‬در 2‪ R‬و ﺗﺨﺼﯿﺺ 122 ‪ Dlci‬و آدرس 03/2.21.81.271 ﺑﻪ آن‬ ‫وآدرﺳﻬﺎي 03/1.21.81.271 و 03/1.31.81.271 ﺑﻪ آﻧﻬﺎ‬ ‫‪‬‬ ‫اﯾﺠﺎد 123.0/0‪ Serial‬در 2‪ R‬و ﺗﺨﺼﯿﺺ 123 ‪ Dlci‬و آدرس 03/2.31.81.271 ﺑﻪ آن‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ‪ FR‬از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ show frame-relay pvc‬و ﭘﯿﻨﮓ از ﺳﻤﺖ 1‪R‬‬ ‫092 ‪Page 221 of‬‬
‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ 321,221 وآدرﺳﻬﺎي‬Dlci ‫ و ﺗﺨﺼﯿﺺ‬R1 ‫ در‬Serial0/0.123 ‫ و‬Serial0/0.122 ‫اﯾﺠﺎد دو ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ‬ ‫03/1.21.81.271 و 03/1.31.81.271 ﺑﻪ آﻧﻬﺎ‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/0.122 point-to-point R1(config-subif)#ip address 172.18.12.1 255.255.255.252 R1(config-subif)#frame-relay interface-dlci 122 R1(config-fr-dlci)#exit R1(config-subif)#interface Serial0/0.123 point-to-point R1(config-subif)#ip address 172.18.13.1 255.255.255.252 R1(config-subif)#frame-relay interface-dlci 123 R1(config-subif)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# ‫ و آدرس 03/2.21.81.271 ﺑﻪ آن‬Dlci 221 ‫ و ﺗﺨﺼﯿﺺ‬R2 ‫ در‬Serial0/0.221 ‫اﯾﺠﺎد‬ R2 con0 is now available Press RETURN to get started. R2>enable R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0.221 point-to-point R2(config-subif)#ip add 172.18.12.2 255.255.255.252 R2(config-subif)#frame-relay interface-dlci 221 R2(config-fr-dlci)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# ‫ و آدرس 03/2.31.81.271 ﺑﻪ آن‬Dlci 321 ‫ و ﺗﺨﺼﯿﺺ‬R2 ‫ در‬Serial0/0.321 ‫اﯾﺠﺎد‬ R3 con0 is now available Press RETURN to get started. Page 222 of 290
R3>enable R3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R3(config)#interface Serial0/0.321 point-to-point R3(config-subif)#ip add 172.18.13.2 255.255.255.252 R3(config-subif)#frame-relay interface-dlci 321 R3(config-fr-dlci)#end R3# %SYS-5-CONFIG_I: Configured from console by console R3# R1 ‫ و ﭘﯿﻨﮓ از ﺳﻤﺖ‬show frame-relay pvc ‫ از ﻃﺮﯾﻖ دﺳﺘﻮر‬FR ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط‬ R1#show frame-relay pvc PVC Statistics for interface Serial0/0 (Frame Relay DTE) Local Switched Unused Active 2 0 2 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0 DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.122 input pkts 20 output pkts 19 in bytes 5395 out bytes 5187 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 14 out bcast bytes 4667 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:14:33, last time pvc status changed 00:14:33 DLCI = 123, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.123 input pkts 22 output pkts 20 in bytes 6045 out bytes 4380 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 10 out bcast bytes 3340 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:17:27, last time pvc status changed 00:17:27 R1#ping 172.18.12.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.18.12.2, timeout is 2 seconds: Page 223 of 290
!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/82/188 ms R1#ping 172.18.13.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.18.13.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/96/168 ms R1# Page 224 of 290
‫آزﻣﺎﯾﺶ 4.5-ﺗﻨﻈﯿﻤﺎت ﯾﮏ ﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ در ‪FrameRealy‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺑﺮﻗﺮاري ارﺗﺒﺎط ‪ FR‬ﻣﺎﺑﯿﻦ ﺗﻌﺪادي ﻧﻘﻄﻪ ﭘﺮاﮐﻨﺪه ﺑﺎ ﯾﮏ ﻧﻘﻄﻪ ﻣﺮﮐﺰي آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﻣﺮور ﻣﻔﺎﻫﯿﻢ و ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺗﺼﻮر ﮐﻨﯿﺪ ﺷﺮﮐﺖ ﺷﻤﺎ داراي ﯾﮏ دﻓﺘﺮ ﻣﺮﮐﺰي ﺑﺎ ﯾﮑﯽ از روﺗﺮﻫﺎي ﭘﺮﻗﺪرت ﺳﯿﺴﮑﻮ ﻣﺎﻧﻨﺪ ﺳﺮي 0027 اﺳﺖ و‬ ‫ﻣﯿﺨﻮاﻫﯿﺪ ﺷﻌﺐ ﭘﺮاﮐﻨﺪه ﺧﻮد را ﻣﺒﺘﻨﯽ ﺑﺮ ﯾﮏ ارﺗﺒﺎط ‪ FR‬ﺑﻪ اﯾﻦ ﻧﻘﻄﻪ وﺻﻞ ﮐﻨﯿﺪ در ﻋﯿﻦ ﺣﺎل ﻣﺎﯾﻞ ﻫﺴﺘﯿﺪ اﯾﻦ ﺷﻌﺐ‬ ‫ﻧﯿﺰ از ﻃﺮﯾﻖ ﻣﺴﯿﺮ ﻋﺒﻮري از دﻓﺘﺮ ﻣﺮﮐﺰي ﺑﺎ ﯾﮑﺪﯾﮕﺮ در ارﺗﺒﺎط ﺑﺎﺷﻨﺪ.‬ ‫ﭘﺎﺳﺦ اﯾﻦ ﻣﺴﺌﻠﻪ در ﺑﻬﺮه ﮔﯿﺮي از ﻣﻔﻬﻮم ‪ Hub-and-Spoke‬ﻧﻬﻔﺘﻪ اﺳﺖ.اﯾﻦ ﻣﺪل ﺷﺒﮑﻪ اي اﺟﺎزه ﻣﯿﺪﻫﺪ ﺗﺎ ﺑﺎ داﺷﺘﻦ‬ ‫ﯾﮏ ﻧﻘﻄﻪ ﻣﺮﮐﺰي ﺑﺘﻮان ﺑﺎ ﺳﺎﯾﺮ ﻧﻘﺎط ارﺗﺒﺎط ﺑﺮﻗﺮار ﮐﺮد ﻣﻀﺎف ﺑﺮ اﯾﻨﮑﻪ ﺳﺎﯾﺮ ﻧﻘﺎط ﻧﯿﺰ از ﻃﺮﯾﻖ ﻫﻤﯿﻦ ﻧﻄﻘﻪ ﺑﻪ ﯾﮑﺪﯾﮕﺮ‬ ‫دﺳﺘﺮﺳﯽ ﺧﻮاﻫﻨﺪ داﺷﺖ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻣﻔﻬﻮم ﺟﺪﯾﺪ ‪ Frame relay map‬ﻧﯿﺰ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.ﻧﻘﺸﻪ ﻣﺬﺑﻮر اﺟﺎزه ﻣﯿﺪﻫﺪ ﺗﺎ ﻧﮕﺎﺷﺘﯽ‬ ‫ﻣﺎﺑﯿﻦ ‪ IP‬آدرس و ‪ DLCI‬اﯾﺠﺎد ﺷﻮد.اﯾﻦ ﻗﺎﺑﻠﯿﺖ ﺑﻪ روﺗﺮ اﺟﺎزه ﻣﯿﺪﻫﺪ ﺗﺎ ﻣﺘﻨﺎﻇﺮ ﺑﻪ ﻫﺮ آدرﺳﯽ ﮐﻪ ﺑﺴﺘﻪ ﻫﺎي اﻃﻼﻋﺎﺗﯽ‬ ‫را ارﺳﺎل ﻣﯿﮑﻨﺪ ﯾﮏ ‪ DLCI‬ﻣﺠﺰا ﺑﻪ آﻧﻬﺎ ﻣﻨﺘﺴﺐ ﮐﻨﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮر زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫#‪ . frame-relay map ip x.x.x.x dlci‬اﯾﻦ دﺳﺘﻮر در ﻫﻨﮕﺎم اﻋﻤﺎل ﺑﻪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺳﺮﯾﺎل ﻓﯿﺰﯾﮑﯽ ﯾﺎ -‪sub‬‬ ‫‪ interface‬ﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ ‪ FR‬ﯾﮏ آدرس را ﺑﻪ ﯾﮏ ‪ DLCI‬ﻣﺘﻨﺎﻇﺮ ‪ map‬ﻣﯿﮑﻨﺪ. ﻫﻨﮕﺎﻣﯽ ﻫﻢ ﮐﻪ ﻋﺒﺎرت‬ ‫‪ broadcast‬را در اﻧﺘﻬﺎي دﺳﺘﻮر ﻓﻮق ﺑﻪ ﮐﺎر ﻣﯿﺒﺮﯾﻢ ﻋﺒﻮر ﺗﺮاﻓﯿﮏ ﺑﺮادﮐﺴﺖ را روي اﯾﻦ ﻟﯿﻨﮏ ﻣﺠﺎز ﺧﻮاﻫﺪ ﺷﺪ.‬ ‫‪ . Interface Serial#/#.### multipoint‬اﺟﺮاي اﯾﻦ دﺳﺘﻮر ﺑﺎﻋﺚ اﯾﺠﺎد ﯾﮏ ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ‬ ‫‪ FR‬ﺧﻮاﻫﺪ ﺷﺪ و ﻫﻤﺎﻧﻨﺪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻓﯿﺰﯾﮑﯽ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ ﺑﺎ اﯾﻦ ﺗﻔﺎوت ﮐﻪ ﺗﻨﻬﺎ ﺗﺮاﻓﯿﮏ ﻧﻘﺎط‬ ‫ﭼﻨﺪﮔﺎﻧﻪ راه دور از آن ﻋﺒﻮر ﺧﻮاﻫﺪ ﮐﺮد.‬ ‫‪ show frame-relay map‬ﺑﺎﻋﺚ ﻧﻤﺎﯾﺶ ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ ‪ DLCI‬ﻣﯿﺸﻮد ﻓﺎرق از اﯾﻨﮑﻪ اﺳﺘﺎﺗﯿﮏ ﯾﺎ‬ ‫داﯾﻨﺎﻣﯿﮏ ﺑﺎﺷﻨﺪ ﻣﯿﺸﻮد. ﻓﺮاﯾﻨﺪ ﻧﮕﺎﺷﺖ داﯾﻨﺎﻣﯿﮏ را درس آزﻣﺎﯾﺶ ﺑﻌﺪي ﮐﻪ ﺑﻪ ‪ ARP‬ﻣﻌﮑﻮس ﻣﯽ ﭘﺮدازد ﺧﻮاﻫﯿﻢ‬ ‫دﯾﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎي 3‪R1,R2,R‬‬ ‫092 ‪Page 225 of‬‬
‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 92/1.321.45.01 ﺑﻪ 0/0‪ S‬در 1‪ R‬ﺑﻪ ﻫﻤﺮاه ‪FR Encapsulation‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 92/2.321.45.01 ﺑﻪ 122.0/0‪ S‬در 2‪ R‬ﺑﻪ ﻋﻨﻮان اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ و ﺑﺎ 122 ‪DLCI‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 92/2.321.45.01 ﺑﻪ 123.0/0‪ S‬در 2‪ R‬ﺑﻪ ﻋﻨﻮان اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ و ﺑﺎ 123 ‪DLCI‬‬ ‫اﻫﺪاف‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 0/0‪ S‬در 1‪ R‬ﺑﺎ دو ‪Map . Map‬اول ﺟﻬﺖ ﻧﮕﺎﺷﺖ آدرس 0/0‪ S‬در 2‪ R‬ﺑﻪ 221 ‪ DLCI‬و ‪ Map‬دوم ﺟﻬﺖ‬ ‫ﻧﮕﺎﺷﺖ آدرس 0/0‪ S‬در 3‪R‬‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 1‪ R‬و ﺳﺎﯾﺮﯾﻦ ﻫﻤﯿﻨﻄﻮر ﻣﺎﺑﯿﻦ 3‪R2,R‬‬ ‫‪‬‬ ‫ﺣﺬف ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ از 1‪ R‬و اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ ﻫﻤﯿﻨﻄﻮر اﯾﺠﺎد ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ ‪Dlci‬‬ ‫ﻣﺘﻨﺎﻇﺮ‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ )‪ R1(hub‬و ﺳﺎﯾﺮﯾﻦ )‪ (spokes‬ﻫﻤﯿﻨﻄﻮر ﻣﺎﺑﯿﻦ 2‪R1,R‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺗﻨﻈﯿﻢ 0/0‪ S‬در 1‪ R‬ﺑﺎ دو ‪Map . Map‬اول ﺟﻬﺖ ﻧﮕﺎﺷﺖ آدرس 0/0‪ S‬در 2‪ R‬ﺑﻪ 221 ‪ DLCI‬و ‪ Map‬دوم ﺟﻬﺖ ﻧﮕﺎﺷﺖ آدرس‬ ‫0/0‪ S‬در 3‪R‬‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪R1>enable‬‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫0/0‪R1(config)#interface Serial‬‬ ‫‪R1(config-if)#frame-relay map ip 10.54.123.2 122 broadcast‬‬ ‫‪R1(config-if)#frame-relay map ip 10.54.123.3 123 broadcast‬‬ ‫‪R1(config-if)#end‬‬ ‫#1‪R‬‬ ‫‪%SYS-5-CONFIG_I: Configured from console by console‬‬ ‫#1‪R‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 1‪ R‬و ﺳﺎﯾﺮﯾﻦ ﻫﻤﯿﻨﻄﻮر ﻣﺎﺑﯿﻦ 3‪R2,R‬‬ ‫1.321.45.01 ‪R2#ping‬‬ ‫.‪Type escape sequence to abort‬‬ ‫092 ‪Page 226 of‬‬
Sending 5, 100-byte ICMP Echos to 10.54.123.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/75/172 ms R2##ping 10.54.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.54.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/136/300 ms R2# ‫ ﻣﺘﻨﺎﻇﺮ‬Dlci ‫ و اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ ﻫﻤﯿﻨﻄﻮر اﯾﺠﺎد ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ‬R1 ‫ﺣﺬف ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ از‬ R1#configure terminal Enter configuration commands, one per line. R1(config)#default interface Serial0/0 Building configuration... End with CNTL/Z. Interface Serial0/0 set to default configuration R1(config)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down R1(config)#interface Serial0/0 R1(config-if)#encapsulation frame-relay R1(config-if)#interface serial0/0.123 multipoint R1(config-if)#ip address 10.54.123.1 255.255.255.248 R1(config-if)#frame map ip 10.54.123.2 122 broadcast R1(config-if)#frame map ip 10.54.123.3 123 broadcast R1(config-subif)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1#show frame-relay map Serial0/0.123 (up): ip 10.54.123.2 dlci 122(0x7A,0x1CA0), static, broadcast, CISCO, status defined, active Serial0/0.123 (up): ip 10.54.123.3 dlci 123(0x7B,0x1CB0), static, broadcast, CISCO, status defined, active R1# R1,R2 ‫( ﻫﻤﯿﻨﻄﻮر ﻣﺎﺑﯿﻦ‬spokes) ‫ و ﺳﺎﯾﺮﯾﻦ‬R1(hub) ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ‬ R2#ping 10.54.123.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.54.123.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/75/124 ms R2#ping 10.54.123.3 Type escape sequence to abort. Page 227 of 290
Sending 5, 100-byte ICMP Echos to 10.54.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 52/121/264 ms R2# R3#ping 10.54.123.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.54.123.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/83/156 ms R3# Page 228 of 290
‫آزﻣﺎﯾﺶ 5.5 – ﺗﻨﻈﯿﻤﺎت ‪ Arp‬ﻣﻌﮑﻮس‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ ARP‬ﻣﻌﮑﻮس در ﻟﯿﻨﮑﻬﺎي ‪ FR‬ﺑﺎ ﻫﺪف ﺗﺸﮑﯿﻞ ﺧﻮدﮐﺎر ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ‬ ‫‪ DLCI‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫در آزﻣﺎﯾﺶ ﭘﯿﺸﯿﻦ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﺳﺘﺎﺗﯿﮏ ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ ‪ DLCI‬آﺷﻨﺎ ﺷﺪﯾﻢ . ﻓﺮاﯾﻨﺪ ‪ARP‬‬ ‫ﻣﻌﮑﻮس اﯾﻦ ﻧﮕﺎﺷﺖ را از ﻃﺮﯾﻖ ﯾﺎدﮔﯿﺮي آدرس ﻟﯿﻨﮑﻬﺎي ﻫﻤﺴﺎﯾﻪ و ﺗﺸﮑﯿﻞ ﺧﻮدﮐﺎر ﺟﺪول ﻣﺬﺑﻮر ﺑﻪ اﻧﺠﺎم ﻣﯿﺮﺳﺎﻧﺪ.‬ ‫اﯾﻦ وﯾﮋﮔﯽ در ﻋﯿﻦ ﻣﻔﯿﺪ ﺑﻮدن داراي اﺛﺮات ﺟﺎﻧﺒﯽ ﺧﺎص ﺧﻮد ﻧﯿﺰ ﻫﺴﺖ و ﺑﻌﻀﺎ وﻗﺖ زﯾﺎدي را از ﻣﻬﻨﺪﺳﯿﻦ ﺷﺒﮑﻪ ﺑﺮاي‬ ‫رﻓﻊ ﻋﯿﻮب آن ﺗﻠﻒ ﻣﯿﮑﻨﺪ. ﻓﺮض ﮐﻨﯿﺪ ﮐﻪ ﭘﺮواﯾﺪر ﯾﮏ ‪ DLCI‬ﺟﺪﯾﺪ ﺑﺮاي ﺷﻤﺎ ﻓﻌﺎل ﮐﺮده و ﻗﺮار اﺳﺖ روي ﯾﮏ ﻟﯿﻨﮏ‬ ‫ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﺑﺎ ﻣﻼﺣﻀﺎت ‪ security policy‬وﯾﮋه اي اﻋﻤﺎل ﺷﻮد.ﻫﻨﮕﺎﻣﯽ ﮐﻪ ‪ DLCI‬ﻓﻌﺎل ﻣﯿﺸﻮد و روﺗﺮ ﻫﺎ ﻧﯿﺰ داراي‬ ‫ﺗﻨﻈﯿﻤﺎت آدرس ﺻﺤﯿﺢ ﺑﺎﺷﻨﺪ ﻓﺮاﯾﻨﺪ ‪ ARP‬ﻣﻌﮑﻮس ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﻧﮕﺎﺷﺖ ﻣﺎﺑﯿﻦ اﯾﻦ دو را اﻧﺠﺎم ﻣﯿﺪﻫﺪ و ﻣﻮﺟﺒﺎت‬ ‫ﯾﮏ رﯾﺴﮏ اﻣﻨﯿﺘﯽ را ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ. ﻧﮑﺘﻪ ﻣﻨﻔﯽ دﯾﮕﺮ اﯾﻦ ﺧﺎﺻﯿﺖ اﯾﺠﺎد ﺣﻠﻘﻪ ﻫﺎي ﻧﺎﺧﻮاﺳﺘﻪ در ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺖ.‬ ‫اﻧﺠﺎم ﺗﻨﻈﯿﻤﺎت ‪ ARP‬ﻣﻌﮑﻮس ﺑﺴﯿﺎر ﺳﺎده اﺳﺖ و ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض روي ﻫﻤﻪ اﯾﻨﺘﺮﻓﺴﻬﺎي ﭼﻨﺪ ﻧﻘﻄﻬﺎي ‪ FR‬ﻓﻌﺎل‬ ‫اﺳﺖ.در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫‪ : no frame-relay inverse-arp‬ﻣﻮﺟﺒﺎت ﻏﯿﺮ ﻓﻌﺎل ﺷﺪن ﻗﺎﺑﻠﯿﺖ ‪ ARP‬ﻣﻌﮑﻮس را ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ و ﭘﺲ از آن‬ ‫ﻣﯿﺒﺎﯾﺴﺖ از ﻧﮕﺎﺷﺖ اﺳﺘﺎﺗﯿﮏ آدرس ﺑﻪ ‪ DLCI‬اﺳﺘﻔﺎده ﺷﻮد‬ ‫‪:clear frame-relay inarp‬ﺑﺎﻋﺚ ﭘﺎك ﺷﺪن ﺟﺪول داﯾﻨﺎﻣﯿﮏ ﻧﮕﺎﺷﺖ آدرس ﺑﻪ ‪ DLCI‬ﻣﯿﺸﻮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎي 3‪R1,R2,R‬‬ ‫ﺗﻨﻈﯿﻢ 0/0‪ S‬در 1‪ R‬ﺑﺎ آدرس 92/1.321.55.01 و ‪FR encapsulation‬‬ ‫ﺗﻨﻈﯿﻢ 122.0/0‪ S‬در 2‪ R‬ﺑﻪ ﻋﻨﻮان ‪ sub-interface‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﺑﺎ آدرس 92/2.321.55.01 و ‪DLCI‬‬ ‫122‬ ‫ﺗﻨﻈﯿﻢ 123.0/0‪ S‬در 3‪ R‬ﺑﻪ ﻋﻨﻮان ‪ sub-interface‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﺑﺎ آدرس 92/3.321.55.01 و ‪DLCI‬‬ ‫123‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫092 ‪Page 229 of‬‬
‫ﻣﺸﺎﻫﺪه وﺿﻌﯿﺖ ﺟﺎري ﺟﺪول ﻧﮕﺎﺷﺖ ﺗﺸﮑﯿﻞ ﺷﺪه ﺧﻮدﮐﺎر در روﺗﺮﻫﺎ‬ DLCI-IP ‫ ﺟﻬﺖ ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﺸﮑﯿﻞ ﺧﻮدﮐﺎر ﺻﺤﯿﺢ ﺟﺪول ﻧﮕﺎﺷﺖ‬R1 ‫ از ﻃﺮﯾﻖ‬R2,R3 ‫ﭘﯿﻨﮓ‬   ‫ و ﺗﺴﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎ‬ARP ‫ و ﭘﺎك ﮐﺮدن ﺟﺪول‬R1 ‫ ﻣﻌﮑﻮس در‬ARP ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن‬  ‫ وﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬R2,R3 ‫ ﺟﻬﺖ ارﺗﺒﺎط ﺑﺎ‬R1 ‫ در‬DLCI ‫اﯾﺠﺎد ﺟﺪول اﺳﺘﺎﺗﯿﮏ ﻧﮕﺎﺷﺖ‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻣﺸﺎﻫﺪه وﺿﻌﯿﺖ ﺟﺎري ﺟﺪول ﻧﮕﺎﺷﺖ ﺗﺸﮑﯿﻞ ﺷﺪه ﺧﻮدﮐﺎر در روﺗﺮﻫﺎ‬  R1#show frame-relay map Serial0/0 (up): ip 10.55.123.2 dlci 122(0x7A,0x1CA0), dynamic, broadcast,, status defined, active Serial0/0 (up): ip 10.55.123.3 dlci 123(0x7B,0x1CB0), dynamic, broadcast,, status defined, active R1# DLCI-IP ‫ ﺟﻬﺖ ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﺸﮑﯿﻞ ﺧﻮدﮐﺎر ﺻﺤﯿﺢ ﺟﺪول ﻧﮕﺎﺷﺖ‬R1 ‫ از ﻃﺮﯾﻖ‬R2,R3 ‫ﭘﯿﻨﮓ‬ R1#ping 10.55.123.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 72/95/124 ms R1#ping 10.55.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 76/105/172 ms R1# R2#ping 10.55.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 156/215/340 ms R2# Page 230 of 290
‫ و ﺗﺴﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎ‬ARP ‫ و ﭘﺎك ﮐﺮدن ﺟﺪول‬R1 ‫ ﻣﻌﮑﻮس در‬ARP ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/0 R1(config-if)#no frame-relay inverse-arp R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1#clear frame-relay inarp R1#ping 10.55.123.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1#ping 10.55.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1# ‫ وﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬R2,R3 ‫ ﺟﻬﺖ ارﺗﺒﺎط ﺑﺎ‬R1 ‫ در‬DLCI ‫اﯾﺠﺎد ﺟﺪول اﺳﺘﺎﺗﯿﮏ ﻧﮕﺎﺷﺖ‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/0 R1(config-if)#frame-relay map ip 10.55.123.2 122 broadcast R1(config-if)#frame-relay map ip 10.55.123.3 123 broadcast R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1#ping 10.55.123.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/106/200 ms R1#ping 10.55.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 76/120/256 ms Page 231 of 290
R1# Page 232 of 290
‫آزﻣﺎﯾﺶ 1.6 – ﺗﻨﻈﯿﻤﺎت ‪Static route‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ static routing‬ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ ﺳﻪ ﺷﺒﮑﻪ ﻣﺠﺰا از ﻫﻢ ﺧﻮاﻫﯿﻢ‬ ‫ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻣﺒﺤﺚ ‪ Static routing‬ﺟﺰ ﻣﺒﺎﺣﺚ ﭘﺎﯾﻪ اي ﻣﻬﻨﺪﺳﯽ ﺷﺒﮑﻪ اﺳﺖ و درك ﻣﻔﻮﻣﯽ آن ﺟﺰ اﻟﺰاﻣﺎﺗﯽ اﺳﺖ ﮐﻪ ﺑﺎﯾﺪ ﺗﻮﺳﻂ‬ ‫ﻫﺮ ﻣﻬﻨﺪس ﺷﺒﮑﻪ اي ﻟﺤﺎظ ﺷﻮد. ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل اﮔﺮ 1‪ R‬ﺑﻪ ﺷﺒﮑﻪ اي ﺑﺎ آدرس 42/0.01.16.01ﻣﺘﺼﻞ اﺳﺖ و ﯾﮏ‬ ‫‪ PC‬در اﯾﻦ ﺷﺒﮑﻪ ﻧﯿﺎز ﺑﻪ ارﺳﺎل و درﯾﺎﻓﺖ دﯾﺘﺎ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 را داﺷﺘﻪ ﺑﺎﺷﺪ ،1‪ R‬اﻟﺰاﻣﺎ ﻣﯿﺒﺎﯾﺴﺖ از اﯾﻨﮑﻪ‬ ‫اﻃﻼﻋﺎت درﯾﺎﻓﺘﯽ ﺧﻮد را ﮐﺠﺎ و ﺑﻪ ﭼﻪ ﻣﻘﺼﺪ دﯾﮕﺮي ﻣﺘﻨﻘﻞ ﮐﻨﺪ آﮔﺎه ﺑﺎﺷﺪ.‬ ‫ﻣﺴﺌﻠﻪ را ﺑﻪ ﺷﮑﻞ ﺑﻬﺘﺮي ﺑﺮرﺳﯽ ﻣﯿﮑﻨﯿﻢ . ﻓﺮض ﮐﻨﯿﺪ 1‪ R‬اﯾﻦ ﺗﺮاﻓﯿﮏ را ﺑﻪ 2‪ R‬ﻣﻨﺘﻘﻞ ﻣﯿﮑﻨﺪ و 2‪ R‬ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﺪ‬ ‫ﮐﻪ ﺑﺎ ﺷﺒﮑﻪ ﺑﻪ ﺻﻮرت ﻣﺴﺘﻘﯿﻢ) ‪ (directly connected‬در ارﺗﺒﺎط ﻧﯿﺴﺖ.ﭘﺲ 2‪ R‬ﻣﯿﺒﺎﯾﺴﺖ ﺗﺮاﻓﯿﮏ را ﺑﻪ ‪ hop‬ﺑﻌﺪي‬ ‫در ﻣﺴﯿﺮ اﻧﺘﻘﺎل ارﺳﺎل ﮐﻨﺪ ﺗﺎ ﺑﻪ روﺗﺮي ﮐﻪ ﺷﺒﮑﻪ ﻣﻘﺼﺪ ﺑﻪ آن ﺑﻪ ﻃﻮر ﻣﺴﺘﻘﯿﻢ ﻣﺘﺼﻞ اﺳﺖ ﺑﺮﺳﺪ. ﭘﺲ در ﻗﺪم ﺑﻌﺪي‬ ‫ﺗﺮاﻓﯿﮏ ﺑﻪ 2‪ R‬ﻣﻨﺘﻘﻞ ﻣﯿﺸﻮد روﺗﺮي ﮐﻪ ﺷﺒﮑﻪ 42/0.03.16.01ﺑﻪ ﻃﻮر ﻣﺴﺘﻘﯿﻢ ﺑﻪ 01/3‪ Gi‬آن ﻣﺘﺼﻞ اﺳﺖ.‬ ‫ﺧﻮب ﺗﺎ اﯾﻨﺠﺎ ﻣﻮﻓﻖ ﺷﺪﯾﻢ ﺗﺮاﻓﯿﮏ را ﺑﻪ ﺷﺒﮑﻪ ﻣﻘﺼﺪ ﻣﻨﺘﻘﻞ ﮐﻨﯿﻢ اﻣﺎ آﯾﺎ اﯾﻦ ﺗﻤﺎم ﮐﺎر اﺳﺖ ؟ اﮔﺮ ‪ static route‬در‬ ‫ﯾﮏ ﺟﻬﺖ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﺑﻪ ﻣﻌﻨﯽ رد وﺑﺪل ﺷﺪن دوﻃﺮﻓﻪ اﻃﻼﻋﺎت ﻫﻢ ﻫﺴﺖ ﺑﻪ اﯾﻦ ﻣﻌﻨﯽ ﮐﻪ 3‪ R‬ﻫﻢ ﻗﺎدر ﺑﻪ ارﺳﺎل‬ ‫اﻃﻼﻋﺎت ﺑﻪ ﺳﻤﺖ ﺷﺒﮑﻪ ﻣﺒﺪا ﻣﯿﺒﺎﺷﺪ ؟ ﭘﺎﺳﺦ ﻣﻨﻔﯽ اﺳﺖ و ﺑﻨﺎ ﺑﻪ اﯾﻦ اﻟﺰام ﻣﻨﻄﻘﯽ ﮐﻞ ﻓﺮاﯾﻨﺪ ﺑﻪ ﻃﻮر ﺑﺮﻋﮑﺲ ﻧﯿﺰ‬ ‫ﺑﺎﯾﺴﺖ اﻧﺠﺎم ﺷﻮد.‬ ‫در ﺷﺒﮑﻪ ﻫﺎي ﺳﺎﺧﺖ ﯾﺎﻓﺘﻪ و ﻧﺴﺒﺘﺎ ﺑﺰرگ ﻋﻤﻮﻣﺎ از اﺳﺘﺎﺗﯿﮏ روت ﺟﻬﺖ اﯾﺠﺎد روﺗﻬﺎي ﺷﻨﺎور )آزﻣﺎﯾﺶ 2.6( و‬ ‫‪) default router‬آزﻣﺎﯾﺶ 3.6( اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد. اﻣﺎ ﺑﺴﯿﺎرﻧﺪ ﻣﻬﻨﺪﺳﯿﻦ ﺷﺒﮑﻪ اي ﮐﻪ از اﯾﻦ ﻗﺎﺑﻠﯿﺖ ﺟﻬﺖ ﻋﻤﺪه‬ ‫ﻣﺴﺎﺋﻞ ﻣﺴﯿﺮ دﻫﯽ ﺷﺒﮑﻪ ﺧﻮد اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﮐﻪ دﻟﯿﻞ ﻋﻤﺪه آن ﺿﻌﻒ در درك ﻣﻔﺎﻫﯿﻢ ﭘﺮوﺗﮑﻞ ﻫﺎي ﻣﺴﯿﺮﯾﺎﺑﯽ‬ ‫داﯾﻨﺎﻣﯿﮏ اﺳﺖ.ﺑﻪ ﻋﻨﻮان ﻗﺎﻋﺪه ﮐﻠﯽ ﻃﺮاﺣﯽ ، ﯾﮏ ﺷﺒﮑﻪ ﺑﺎﯾﺴﺖ ﺣﺎوي ﺣﺪاﻗﻞ ﺗﻌﺪاد ﻣﺴﯿﺮدﻫﯽ اﺳﺘﺎﯾﮏ ﺑﺎﺷﺪ‬ ‫ﻣﻬﻤﺘﺮﯾﻦ دﻟﯿﻞ اﯾﻨﮑﺎر ﻫﻢ ﭘﯿﺸﮕﯿﺮي از ﻧﯿﺎز ﺑﻪ ﺗﻨﻈﯿﻢ ﻣﺠﺪد آﻧﻬﺎ در ﺻﻮرت ﺑﺮوز ﺗﻐﯿﯿﺮات در ﺳﺎﺧﺘﺎر ﺷﺒﮑﻪ اﺳﺖ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ اﺳﺘﺎﯾﮏ روت را ﻣﺎﺑﯿﻦ ﺳﻪ روﺗﺮ ﺑﺎ ﺷﺒﮑﻪ ﻫﺎي ﻣﺠﺰا از ﻫﻢ ﺑﻪ ﻣﻨﻈﻮر ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ ﮐﺎﻣﭙﯿﻮﺗﺮﻫﺎي‬ ‫ﻣﺘﺼﻞ ﺑﻪ 1‪ R‬و 3‪ R‬اﻧﺠﺎم ﻣﯿﺪﻫﯿﻢ و از ﻣﻬﺎرﺗﻬﺎﯾﯽ ﮐﻪ در آزﻣﺎﯾﺶ 5 ﮐﺴﺐ ﮐﺮدﯾﻢ ﺟﻬﺖ اﯾﺠﺎد ﯾﮏ ﺷﺒﮑﻪ زﻧﺠﯿﺮه اي‬ ‫)‪ (Daisy chained‬ﺑﺎ ﭼﺎﺷﻨﯽ ‪ frame relay‬ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎي 3‪ R1,R2,R‬اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫092 ‪Page 233 of‬‬
‫ اﺳﺘﻔﺎده ﮐﺮد. در اﯾﻦ آزﻣﺎﯾﺶ‬LoopBack Interface‫ﻧﮑﺘﻪ: ﻣﯿﺘﻮان ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﯾﮏ ﺷﺒﮑﻪ ﻣﺘﺼﻞ ﺑﻪ روﺗﺮ از‬ .‫ ﻧﻘﺶ ﺷﺒﮑﻪ ﻫﺎي ﺳﻤﺖ ﮐﺎرﺑﺮ ﻣﺘﺼﻞ ﺑﻪ روﺗﺮﻫﺎي ﻣﺬﺑﻮر را اﯾﻔﺎ ﺧﻮاﻫﻨﺪ ﮐﺮد‬R1,R2,R3 ‫ در روﺗﺮﻫﺎي‬LO0 .‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮر زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ip route network subnet nexthop ‫: اﻟﮕﻮي ﮐﻠﯽ ﻧﮕﺎرش اﯾﻦ دﺳﺘﻮر ﺑﻪ ﺻﻮرت‬Ip route n.n.n.h s.s.s.s nh.nh.nh.nh ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ ﻓﻮق‬  ‫ ﮐﺮدن ﺗﻨﻈﻤﯿﺎت زﯾﺮ در روﺗﺮﻫﺎ‬copy/paste‫اﻧﺠﺎم ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ از ﻃﺮﯾﻖ‬  R1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# R1 Initial Config # !################################################## ! enable ! configure terminal ! hostname R1 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.61.10.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.122 point-to-point Page 234 of 290
description ### FRAME RELAY LINK TO R2 ### ip address 10.61.12.1 255.255.255.252 frame-relay interface-dlci 122 ! interface Serial0/0 no shut ! End R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# R2 Initial Config # !################################################## ! enable ! configure terminal ! hostname R2 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.61.20.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.61.12.2 255.255.255.252 frame-relay interface-dlci 221 ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 10.61.23.1 255.255.255.252 frame-relay interface-dlci 223 ! interface Serial0/0 no shut ! End R3 ‫ﺗﻨﻈﻤﯿﺎت اوﻟﯿﻪ‬ !################################################## !# R3 Initial Config # !################################################## Page 235 of 290
! enable ! configure terminal ! hostname R3 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.61.30.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.61.23.2 255.255.255.252 frame-relay interface-dlci 322 ! interface Serial0/0 no shut ! end Static route-6.1.1 ‫ﺗﺼﻮﯾﺮ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.02.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.21.16.01 و ﺑﻌﺪ از‬R1 ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در‬  10.61.12.1 ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.01.16.01 از ﻃﺮﯾﻖ ﻫﺎپ‬R2 ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در‬ ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.32.16.01 و ﺑﻌﺪ از‬R2 ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در‬  ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.02.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 1.32.16.01 و‬R3 ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در‬ R2,R3 ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ ﭘﯿﻨﮓ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺴﻬﺎ در‬ Page 236 of 290
‫‪‬‬ ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در 1‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.21.16.01 و ﺑﻌﺪ از‬ ‫‪‬‬ ‫ﺗﺴﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﯿﻦ ﺷﺒﮑﻪ ﻫﺎي 42/03.16.01 , 42/0.01.16.01‬ ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در 3‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.01.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 1.32.16.01‬ ‫‪‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در 1‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.02.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.21.16.01 و ﯾﻌﺪ از‬ ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در 2‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.01.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 1.21.16.01‬ ‫.‪End with CNTL/Z‬‬ ‫2.21.16.01‬ ‫.‪End with CNTL/Z‬‬ ‫1.21.16.01‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫0.552.552.552 0.02.16.01 ‪R1(config)#ip route‬‬ ‫‪R1(config)#end‬‬ ‫#1‪R‬‬ ‫‪R2#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫0.552.552.552 0.01.16.01 ‪R2(config)#ip route‬‬ ‫‪R2(config)#end‬‬ ‫#2‪R‬‬ ‫ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻟﻮپ ﺑﮏ ﻫﺎي دو ﻃﺮف را ﭘﯿﻨﮓ ﻣﯿﮑﻨﯿﻢ ﺑﺎ ﻋﻠﻢ ﺑﻪ اﯾﻨﮑﻪ ﻫﺮ ﯾﮏ از آﻧﻬﺎ ﺑﯿﺎﻧﮕﺮ ﯾﮏ‬ ‫‪ PC‬ﻫﻤﯿﺸﻪ ﻣﺘﺼﻞ در ﺷﺒﮑﻪ ﻣﺒﺪا ﯾﺎ ﻣﻘﺼﺪ ﻫﺴﺘﻨﺪ‬ ‫0‪R1#ping 10.61.20.1 source lo‬‬ ‫.‪Type escape sequence to abort‬‬ ‫:‪Sending 5, 100-byte ICMP Echos to 10.61.20.1, timeout is 2 seconds‬‬ ‫1.01.16.01 ‪Packet sent with a source address of‬‬ ‫!!!!!‬ ‫‪Success rate is 100 percent (5/5), round-trip min/avg/max = 8/50/104 ms‬‬ ‫#1‪R‬‬ ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﻧﺘﻈﺎر ﻣﯿﺮﻓﺖ اﻣﮑﺎن ﭘﯿﻨﮓ ﻟﻮپ ﺑﮏ روﺗﺮ 2‪ R‬از ﺳﻤﺖ ﻟﻮپ ﺑﮏ 1‪ R‬وﺟﻮد دارد ﭘﺲ ارﺗﺒﺎط دوﻃﺮﻓﻪ ﻣﺎﺑﯿﻦ‬ ‫ﺑﺮﻗﺮار ﺷﺪه اﺳﺖ.‬ ‫2. اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در 2‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.32.16.01 و ﯾﻌﺪ از‬ ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در 3‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.02.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 1.32.16.01 و‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ ﭘﯿﻨﮓ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺴﻬﺎ در 3‪R2,R‬‬ ‫‪R2#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫2.32.16.01 0.552.552.552 0.03.16.01 ‪R2(config)#ip route‬‬ ‫‪R2(config)#end‬‬ ‫#2‪R‬‬ ‫092 ‪Page 237 of‬‬
R3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ip route 10.61.20.0 255.255.255.0 10.61.23.1 R3(config)#end R3# .‫ ﭘﯿﻨﮓ ﻣﯿﮑﻨﯿﻢ‬R3 ‫، اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ را در‬R2 ‫ﻣﺠﺪدا ﺑﺮاي ﺗﺴﺖ ﺑﺮﻗﺮاري ﺻﺤﺖ ارﺗﺒﺎط از ﻃﺮﯾﻖ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ‬ R2#ping 10.61.30.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.61.30.1, timeout is 2 seconds: Packet sent with a source address of 10.61.20.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/74/164 ms R2# ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.21.16.01 و ﺑﻌﺪ از‬R1 ‫3. اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در‬ 10.61.23.1 ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.01.16.01 از ﻃﺮﯾﻖ ﻫﺎپ‬R3 ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در‬ >R1#configure terminal Enter configuration commands, one per line. R1(config)#ip route 10.61.30.0 255.255.255.0 R1(config)#end R1# R3#configure terminal Enter configuration commands, one per line. R3(config)#ip route 10.61.10.0 255.255.255.0 R3(config)#end R3# End with CNTL/Z. 10.61.12.2 End with CNTL/Z. 10.61.23.1 R1#ping 10.61.30.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.61.30.1, timeout is 2 seconds: Packet sent with a source address of 10.61.10.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/64/124 ms R1# Page 238 of 290
‫آزﻣﺎﯾﺶ 2.6 – ﺗﻨﻈﯿﻤﺎت ‪Floating static route‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﺗﻨﻈﯿﻤﺎت روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ ﻫﺪف اﯾﺠﺎد اﻓﺰوﻧﮕﯽ ﻣﺎﺑﯿﻦ ﻣﺴﯿﺮﻫﺎ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫روت ﺷﻨﺎور روﺗﯽ اﺳﺖ ﮐﻪ داراي ‪ AD‬ﺑﺰرﮔﺘﺮ از روت ﺟﺎري)اﺳﺘﺎﺗﯿﮏ( در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ اﺳﺖ از ﻃﺮﻓﯽ ﺑﻪ ﺧﺎﻃﺮ‬ ‫دارﯾﻢ ﮐﻪ روﺗﯽ ﮐﻪ داراي ‪ AD‬ﮐﻮﭼﮑﺘﺮ اﺳﺖ اﻟﻮﯾﺖ اﺟﺮاﯾﯽ ﺑﺎﻻﺗﺮي دارد.ﺑﺎ ﺑﺎزﮔﺸﺖ ﺑﻪ آزﻣﺎﯾﺶ 1.6 ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ ﮐﻪ‬ ‫1‪ R‬داراي ﯾﮏ ﻟﯿﻨﮏ ارﺗﺒﺎﻃﯽ ‪ Frame relay‬ﺑﺎ 2‪ R‬اﺳﺖ. اﮐﻨﻮن ﯾﮏ ﻟﯿﻨﮏ 1‪ T‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﻫﻢ ﺑﻪ اﯾﻦ ﺳﻨﺎرﯾﻮ‬ ‫اﺿﺎﻓﻪ ﻣﯿﮑﻨﯿﻢ ﮐﻪ ﻧﺘﯿﺠﻪ آن ﺑﻪ دﺳﺖ آوردن ﻗﺎﺑﻠﯿﺖ اﻓﺰوﻧﮕﯽ و ﺗﻘﺴﯿﻢ ﺑﺎر ﺧﻮاﻫﺪ ﺑﻮد ﺣﺘﯽ ﻣﯿﺘﻮان ﺑﻪ ﻟﯿﻨﮏ ﺟﺪﯾﺪ‬ ‫اﯾﻨﮕﻮﻧﻪ ﻧﮕﺎه ﮐﺮد ﮐﻪ ﺻﺮﻓﺎ ﺑﻪ ﻋﻨﻮان ﭘﺸﺘﯿﺒﺎن ﻟﯿﻨﮏ اﺻﻠﯽ ﮐﺎر ﮐﻨﺪ . ﻫﻤﻪ اﯾﻦ اﯾﺪه ﻫﺎ از ﻃﺮﯾﻖ ﭘﯿﺎده ﺳﺎزي روﺗﯿﻨﮓ‬ ‫ﺷﻨﺎور ﻗﺎﺑﻞ اﺟﺮا ﺧﻮاﻫﻨﺪ ﺑﻮد.‬ ‫ﺑﺮاي اﯾﺠﺎد روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور از ﻫﻤﺎن روش اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در آزﻣﺎﯾﺶ ﻗﺒﻠﯽ ﻣﻨﺘﻬﺎ ﺑﺎ ‪ AD‬ﺑﺰرﮔﺘﺮ اﺳﺘﻔﺎده‬ ‫ﺧﻮاﻫﯿﻢ ﮐﺮد ﺑﻨﺎﺑﺮاﯾﻦ ﺗﺎ زﻣﺎﻧﯽ ﮐﻪ 0/0‪ S‬ﺑﺮﻗﺮار اﺳﺖ ﺗﺮاﻓﯿﮏ از آن ﻣﺴﯿﺮ ﻋﺒﻮر ﻣﯿﮑﻨﺪ و ﭘﺲ از ‪ fail‬ﺷﺪه آن ﺗﺮاﻓﯿﮏ از‬ ‫1/0‪ S‬ﺑﻪ 2‪ R‬ﻣﺘﻘﻞ ﺧﻮاﻫﺪ ﺷﺪ.‬ ‫در دﻧﯿﺎي واﻗﻌﯽ از روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﻪ ‪ emergency default route‬ﻫﻢ ﺗﻌﺒﯿﺮ ﻣﯿﺸﻮد ﮐﻪ در اداﻣﻪ ﺑﻪ آن‬ ‫ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ . اﻧﺠﺎم ﺗﻨﻈﯿﻤﺎت روﺗﻬﺎي ﺷﻨﺎور ﺑﺴﯿﺎر ﺷﺒﯿﻪ روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ ﻣﻌﻤﻮﻟﯽ ﻣﯿﺒﺎﺷﺪ ﺑﺎ اﯾﻦ ﺗﻔﺎوت ﮐﻪ ﯾﮏ‬ ‫ﻋﺪد ﻣﺎﺑﯿﻦ 1-552 ﺑﻪ اﻧﺘﻬﺎي آن اﺿﺎﻓﻪ ﻣﯿﺸﻮد ﮐﻪ ﺑﯿﺎﻧﮕﺮ ﺗﻨﻈﯿﻢ دﺳﺘﯽ ‪ AD‬روت ﻣﻮرد ﻧﻈﺮ ﺧﻮاﻫﺪ ﺑﻮد.552 ﺑﻪ ﻣﻌﻨﺎي‬ ‫‪ Unrechable‬اﺳﺖ و روﺗﯽ ﮐﻪ داراي اﯾﻦ ‪ AD‬ﺑﺎﺷﺪ ﻫﯿﭻ وﻗﺖ در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ ﻗﺮار ﻧﺨﻮاﻫﺪ ﮔﺮﻓﺖ .‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از ﺗﻮﭘﻮﻟﻮژي آزﻣﺎﯾﺶ 1.6 اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد ﺑﻪ ﻋﻼوه اﻓﺰودن ﯾﮏ ﻟﯿﻨﮏ دﯾﮕﺮ ﺑﯿﻦ 2‪ R1,R‬ﺟﻬﺖ‬ ‫اﯾﺠﺎد ﻣﺴﯿﺮ ﭘﺸﺘﯿﺒﺎن ﺟﻬﺖ اﺗﺼﺎل ﺑﯿﻦ 2‪ R1,R‬ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫092 ‪Page 239 of‬‬
Floating static route – 6.2.1 ‫ﺗﺼﻮﯾﺮ‬ ‫. ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﺗﺼﻮﯾﺮ ﺑﺎﻻ‬ 6.1 ‫ ﺑﺮﮔﺮﻓﺘﻪ از آزﻣﺎﯾﺶ‬R1,R2,R3 ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﻓﺮﯾﻢ رﯾﻠﯽ در‬   ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ . PPP Encapsulation ‫ ﺑﺎ ﺳﺎﺑﻨﺖ 03/0.12.26.01 و‬R1,R2 ‫ﮐﺎﻧﻔﯿﮓ ﻟﯿﻨﮏ ﺟﺪﯾﺪ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﻣﺎﺑﯿﻦ‬ ‫ ﺑﺮاي 42/0.02.55.01و42/0.03.55.01 ﻣﺮﺗﺒﻂ ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫اﯾﺠﺎد دو روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬   R2 R1 ‫ ﺑﺮاي 42/0.01.55.01 در ارﺗﺒﺎط ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫اﯾﺠﺎد روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬ ‫ ﺷﺪن ﻟﯿﻨﮑﻬﺎي ارﺗﺒﺎﻃﯽ‬fail ‫ ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي‬R2 ‫ در‬Serial0/0.221 ‫ و‬R1 ‫ در‬Serial0/0 ‫ﺧﺎﻣﻮش ﮐﺮدن‬   ‫ ﺑﻪ ﺳﻤﺖ 42/0.03.55.01 از‬trace ‫اﺻﻠﯽ و ﺑﺮرﺳﯽ ﺻﺤﺖ ﻋﻤﻠﮑﺮد ﻟﯿﻨﮑﻬﺎي ﭘﺸﺘﯿﺒﺎن ﺑﺎ‬ 10.55.10.0/24‫ﻃﺮﯾﻖ‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ . PPP Encapsulation ‫ ﺑﺎ ﺳﺎﺑﻨﺖ 03/0.12.26.01 و‬R1,R2 ‫ﮐﺎﻧﻔﯿﮓ ﻟﯿﻨﮏ ﺟﺪﯾﺪ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﻣﺎﺑﯿﻦ‬ .1 R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/1 R1(config-if)#ip address 10.62.21.1 255.255.255.252 R1(config-if)#encapsulation ppp R1(config-if)#no shut R1(config-if)#end R1# R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface serial0/1 R2(config-if)#ip add 10.62.21.2 255.255.255.252 R2(config-if)#encapsulation ppp R2(config-if)#no shut R2(config-if)#end R2#ping 10.62.21.1 Type escape sequence to abort. Page 240 of 290
Sending 5, 100-byte ICMP Echos to 10.62.21.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/60 ms R2# ‫ ﺑﺮاي 42/0.02.55.01و42/0.03.55.01 ﻣﺮﺗﺒﻂ ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫2. اﯾﺠﺎد دو روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬ R1 ‫ ﺑﺮاي 42/0.01.55.01 در ارﺗﺒﺎط ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫ اﯾﺠﺎد روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬R2 R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip route 10.55.20.0 255.255.255.0 10.62.21.2 200 R1(config)#ip route 10.55.30.0 255.255.255.0 10.62.21.2 200 R1(config)#end R1# R2(config)#ip route 10.55.10.0 255.255.255.0 10.62.21.1 200 R2(config)#end R2# R1 ‫ ﺑﺮاي 42/0.01.55.01 در ارﺗﺒﺎط ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫4. اﯾﺠﺎد روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬ R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0.221 R2(config-subif)#shutdown R2(config-subif)#end R2# R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface serial0/0 R1(config-if)#shutdown R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down R1#traceroute 10.55.30.1 source Lo0 Type escape sequence to abort. Tracing the route to 10.55.30.1 1 10.62.21.2 152 msec 52 msec 44 msec 2 10.62.23.2 188 msec 240 msec 217 msec R1# ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﺸﻮد ﺗﺮاﻓﯿﮏ ﺑﺎ ﻣﺒﺪا 42/0.01.55.01 و ﻣﻘﺼﺪ 1.03.55.01 از ﻣﺴﯿﺮ ﭘﺸﺘﯿﺒﺎن ﻋﺒﻮر ﮐﺮد ﮐﻪ در‬ ‫ ﺑﺎ آدرس 2.12.26.01 اﺳﺖ‬R2 ‫ در‬Serial0/1 ‫اﯾﻨﺠﺎ‬ Page 241 of 290
‫آزﻣﺎﯾﺶ 3.6 – ﺗﻨﻈﯿﻤﺎت ‪Default route‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت روت ﭘﯿﺸﻔﺮض ﺑﻪ ﻣﻨﻈﻮر ارﺳﺎل ﺗﺮاﻓﯿﮏ ﻓﺎﻗﺪ ﻣﺴﯿﺮ ﻣﺸﺨﺺ در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ‬ ‫ﺷﺒﮑﻪ ﻣﻮﺟﻮد ﺑﻪ ﺷﺒﮑﻪ اي دﯾﮕﺮ)ﭘﯿﺸﻔﺮض( آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﯿﺪاﻧﯿﺪ روﺗﺮﻫﺎ ﺗﺮاﻓﯿﮏ را ﺑﺮ ﺣﺴﺐ ﻧﺰدﯾﮑﺘﺮﯾﻦ ﻣﺴﯿﺮي ﮐﻪ در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ ﺧﻮد دارﻧﺪ ﺑﻪ ﺳﻤﺖ ﻣﻘﺼﺪ‬ ‫ارﺳﺎل ﻣﯿﮑﻨﻨﺪ. ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل اﮔﺮ روﺗﺮي ﻣﺴﯿﺮي در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ ﺧﻮد داﺷﺘﻪ ﺑﺎﺷﺪ ﻓﺮﺿﺎ ﯾﮏ ﻣﻮرد ﺑﻪ‬ ‫82/0.12.88.01 و ﯾﮏ ﻣﻮرد ﺑﻪ 42/0.12.88.01 و ﺑﺴﺘﻪ اي را ﺟﻬﺖ ارﺳﺎل ﺑﻪ آدرس 6.12.88.01درﯾﺎﻓﺖ ﮐﻨﺪ آﻧﺮا ﺑﻪ‬ ‫82/0.12.88.01 ﮐﻪ ﻧﺰدﯾﮑﺘﺮﯾﻦ روت ﺑﻪ ﻣﻘﺼﺪ اﺳﺖ اﻧﺘﺨﺎب ﻣﯿﮑﻨﺪ.‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﻬﻨﺪس ﺷﺒﮑﻪ اﻟﺰاﻣﺎ ﻣﯿﺒﺎﯾﺴﺖ ﺑﺎ ﻣﻔﻬﻮم اﯾﻦ درس ﯾﻌﻨﯽ روت ﭘﯿﺸﻔﺮض آﺷﻨﺎ ﺑﺎﺷﯿﻢ. داﺷﺘﻦ روت‬ ‫ﭘﯿﺸﻔﺮض ﺷﻨﺎور در ﺳﻨﺎرﯾﻮﻫﺎي واﻗﻌﯽ داﯾﻨﺎﻣﯿﮏ روﺗﯿﻨﮓ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ﻗﺎﺑﻠﯿﺖ اﻓﺰوﻧﮕﯽ اﻣﺮي راﯾﺞ اﺳﺖ در اﯾﻦ‬ ‫ﺣﺎﻟﺖ ﺑﻪ ﻣﺤﺾ اﯾﻨﮑﻪ ﻣﺴﯿﺮﯾﺎﺑﯽ داﯾﻨﺎﻣﯿﮏ ﺑﻪ ﻫﺮ ﻋﻠﺘﯽ از دور ﺧﺎرج ﻣﯿﺸﻮد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ ﺗﺰرﯾﻖ‬ ‫ﺷﺪه ﻣﺴﺌﻮﻟﯿﺖ ﺑﺮﻗﺮار ﻣﺎﻧﺪن ارﺗﺒﺎط را ﺑﻪ ﻋﻬﺪه ﻣﯿﮕﯿﺮد.‬ ‫در ﯾﮏ ﺷﺒﮑﻪ ﻋﻤﻮﻣﺎ دو راه ﺑﺮاي ﻣﺘﺼﻞ ﺷﺪن ﺑﻪ اﯾﻨﺘﺮﻧﺖ از ﺷﺒﮑﻪ داﺧﻠﯽ وﺟﻮد دارد . راه اول اﺳﺘﻔﺎده از ‪Default‬‬ ‫‪ route‬در روﺗﺮ ﻟﺒﻪ اي ﺷﺒﮑﻪ اﺳﺖ ﮐﻪ ﺑﻪ ‪ ISP‬ﻣﻨﺘﻬﯽ ﻣﯿﺸﻮد در اﯾﻦ ﺣﺎﻟﺖ ﻫﺮ آدرﺳﯽ ﮐﻪ در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ اﯾﻦ‬ ‫روﺗﺮ وﺟﻮد ﻧﺪاﺷﺘﻪ ﺑﺎﺷﺪ ﻣﺴﺘﻘﯿﻤﺎ ﺑﻪ ﺳﻤﺖ ‪ ISP‬ارﺳﺎل ﻣﯿﺸﻮد. راه دوم اﺳﺘﻔﺎده از ﯾﮏ روﺗﺮ ﻓﻌﺎل در ﻣﮑﺎﻧﯿﺰم ‪BGP‬‬ ‫اﺳﺖ . اﯾﻦ ﻣﮑﺎﻧﯿﺰم ﻗﺎﺑﻠﯿﺘﯽ را ﺑﻪ روﺗﺮ ﻣﺤﻠﯽ ﻣﺎ ﻣﯿﺪﻫﺪ ﮐﻪ ﺗﻤﺎﻣﯽ روﺗﻬﺎي ﻣﻮرد اﺳﺘﻔﺎده در اﯾﻨﺘﺮﻧﺖ را در ﺧﻮد داﺷﺘﻪ‬ ‫ﺑﺎﺷﺪ و راﺳﺎ ﺟﻬﺖ ارﺳﺎل ﺑﺴﺘﻪ ﻫﺎ ﺑﻪ ﻣﻘﺼﺪ ﻫﺎي ﻣﺘﻔﺎوت ﺗﺼﻤﯿﻢ ﮔﯿﺮي ﮐﻨﺪ.ﻣﺒﺤﺚ ‪ BGP‬در دوره ‪ CCNP‬ﺑﻪ ﺗﻔﺼﯿﻞ‬ ‫ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﻣﯿﮕﯿﺮد‬ ‫ﺗﻨﻈﯿﻢ روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﺎدﮔﯽ ﺗﻨﻈﯿﻢ روت اﺳﺘﺎﺗﯿﮏ اﺳﺖ . روت ﭘﯿﺸﻔﺮض ﺗﻮﺳﻂ 0/0.0.0.0 ﻣﺸﺨﺺ ﻣﯿﺸﻮد ﮐﻪ‬ ‫ﺑﯿﺎﻧﮕﺮ رﻧﺞ ﮐﺎﻣﻞ آدرس از 0.0.0.0 ﺗﺎ 552.552.552.552 اﺳﺖ.‬ ‫در اﯾﻦ آز ﻣﺎﯾﺶ از ﻫﻤﺎن ﺗﻮﭘﻮﻟﻮژي آزﻣﺎﯾﺶ 2.6 ﻣﻨﺘﻬﺎ ﺑﺎ ﺗﻐﯿﯿﺮاﺗﯽ در آدرﺳﻬﺎ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.اﺑﺘﺪا اﺳﺘﺎﺗﯿﮏ‬ ‫روﺗﻬﺎي ﻣﻮﺟﻮد در 3‪ R‬را ﺣﺬف ﺧﻮاﻫﯿﻢ ﮐﺮد و ﭘﺲ از آن روت ﭘﯿﺸﻔﺮض از 3‪ R‬ﺑﻪ ﺳﻤﺖ 2‪ R‬اﯾﺠﺎد ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫092 ‪Page 242 of‬‬
Default route-6.3.1 ‫آزﻣﺎﯾﺶ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ 6.1 ‫ در روﺗﺮﻫﺎ ﻣﺒﺘﻨﯽ ﺑﺮ آزﻣﺎﯾﺶ‬Frame realy ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬  R1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# Lab 6-3 R1 Initial Config # !################################################## ! enable configure terminal ! hostname R1 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.63.10.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.122 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.63.12.1 255.255.255.252 frame-relay interface-dlci 122 ! interface Serial0/0 no shut ! interface Serial0/1 description ### PPP Link TO R2 ### ip address 10.63.21.1 255.255.255.252 encapsulation ppp serial restart-delay 0 Page 243 of 290
no shut ! exit ! ip route ip route ip route ip route ! 10.63.20.0 10.63.30.0 10.63.20.0 10.63.30.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 10.63.12.2 10.63.12.2 10.63.21.2 200 10.63.21.2 200 end R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# Lab 6-3 R2 Initial Config # !################################################## ! enable configure terminal ! hostname R2 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.63.20.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.63.12.2 255.255.255.252 frame-relay interface-dlci 221 ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 10.63.23.1 255.255.255.252 frame-relay interface-dlci 223 ! interface Serial0/0 no shut exit ! interface Serial0/1 description ### PPP LINK TO R1 ### ip address 10.63.21.2 255.255.255.252 encapsulation ppp serial restart-delay 0 no shut ! ip route 10.63.10.0 255.255.255.0 10.63.12.1 ip route 10.63.30.0 255.255.255.0 10.63.23.2 Page 244 of 290
ip route 10.63.10.0 255.255.255.0 10.63.21.1 200 ! end R3 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# Lab 6-3 R3 Initial Config # !################################################## ! enable configure terminal ! hostname R3 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.63.30.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.63.23.2 255.255.255.252 frame-relay interface-dlci 322 ! interface Serial0/0 no shut exit ! ip route 10.63.10.0 255.255.255.0 10.63.23.1 ip route 10.63.20.0 255.255.255.0 10.63.23.1 ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ R2 S0/0.223 ‫ و اﯾﺠﺎد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R3 ‫ﺣﺬف روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ در‬ 10.63.10.0/24 ‫ و‬R1 ‫ و 42/0.03.36.01 ﺑﻪ‬R3 ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط از‬ R1 ‫ ﭘﯿﺸﺘﯿﺒﺎن در‬PPP ‫ﺑﺮرﺳﯽ اﻣﮑﺎن ﭘﯿﻨﮓ ﻟﯿﻨﮏ‬     ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ Page 245 of 290
R2 S0/0.223 ‫ و اﯾﺠﺎد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R3 ‫3. ﺣﺬف روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ در‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/1 R1(config-if)#ip address 10.62.21.1 255.255.255.252 R1(config-if)#encapsulation ppp R1(config-if)#no shut R1(config-if)#end R1# R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface serial0/1 R2(config-if)#ip add 10.62.21.2 255.255.255.252 R2(config-if)#encapsulation ppp R2(config-if)#no shut R2(config-if)#end R2#ping 10.62.21.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.62.21.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/60 ms R2# R2 S0/0.223 ‫ و اﯾﺠﺎد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R3 ‫1. ﺣﺬف روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ در‬ R3#show run | include ip route ip route 10.63.10.0 255.255.255.0 10.63.23.1 ip route 10.63.20.0 255.255.255.0 10.63.23.1 R3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R3(config)#no ip route 10.63.10.0 255.255.255.0 10.63.23.1 R3(config)#no ip route 10.63.20.0 255.255.255.0 10.63.23.1 R3(config)#ip route 0.0.0.0 0.0.0.0 10.63.23.1 R3(config)#end R3# 10.63.10.0/24 ‫ و‬R1 ‫ و 42/0.03.36.01 ﺑﻪ‬R3 ‫2. ﺑﺮرﺳﯽ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط از‬ ‫ ﻣﺠﺪدا ارﺗﺒﺎط‬R2 ‫ را ﺣﺬف ﮐﺮدﯾﻢ اﻣﺎ ﺑﺎ اﯾﺠﺎد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R2 ‫ﻗﺒﻼ ﻫﻤﻪ اﺳﺘﺎﺗﯿﮏ روﺗﻬﺎ ﺑﻪ ﺳﻤﺖ‬ ‫ﺑﺮﻗﺮار ﻣﯿﺸﻮد‬ R3#ping 10.63.10.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.63.10.1, timeout is 2 seconds: Page 246 of 290
Packet sent with a source address of 10.63.30.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/82/168 ms R3# 10.63.30.0/24 ‫ از ﻃﺮﯾﻖ‬R1 ‫ ﭘﯿﺸﺘﯿﺒﺎن در‬PPP ‫3. ﺑﺮرﺳﯽ اﻣﮑﺎن ﭘﯿﻨﮓ ﻟﯿﻨﮏ‬ ‫ ﮐﻪ در آن‬R2 ‫ ﻫﯿﭻ روﺗﯽ ﺑﻪ ﺳﻤﺖ 03/0.12.36.01 ﻧﺪاﺷﺖ اﻣﺎ اﻻن ﯾﮏ روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R3 ‫ﻗﺒﻞ از اﯾﻦ‬ . ‫ﻣﺴﺘﻘﯿﻤﺎ ﺑﻪ 03/0.12.36.01 ﻣﺘﺼﻞ اﺳﺖ و روت ﺑﺮﮔﺸﺖ ﺑﻪ ﺳﻤﺖ 42/0.03.36.01 دارد را ﺷﺎﻫﺪ ﻫﺴﺘﯿﻢ‬ R3#ping 10.63.21.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.63.21.1, timeout is 2 seconds: Packet sent with a source address of 10.63.30.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/81/116 ms R3# Page 247 of 290
‫آزﻣﺎﯾﺶ 1.7 – ﺗﻨﻈﯿﻤﺎت ‪ – NAT‬ﯾﮏ ﺑﻪ ﯾﮏ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﺎت ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ ﺑﺮاي ﺗﺮﺟﻤﻪ ﯾﮏ آدرس در ﺷﺒﮑﻪ داﺧﻠﯽ ﺑﻪ آدرﺳﯽ ﻣﺸﺨﺺ و‬ ‫ﺛﺎﺑﺖ در ﺷﺒﮑﻪ ﺧﺎرﺟﯽ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ .‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫اﻣﺮوزه ﻋﻤﻼ در ﺗﻤﺎﻣﯽ ﺷﺒﮑﻪ ﻫﺎي راﯾﺎﻧﻪ اي دﻧﯿﺎ از ‪ NAT‬ﺑﺎ اﺳﺎﻣﯽ ﻣﺨﺘﻠﻔﯽ ﻫﻤﭽﻮن ﯾﮏ ﺑﻪ ﯾﮏ اﯾﺴﺘﺎ، داﯾﻨﺎﻣﯿﮏ و از‬ ‫ﻫﻤﻪ ﻣﻌﺮوﻓﺘﺮ ﯾﮏ ﺑﻪ ﭼﻨﺪ ﯾﺎ ‪ PAT‬ﮐﻪ آﻧﻬﻢ ﺑﻪ اﺷﺘﺒﺎه راﯾﺞ ‪ NAT‬ﺧﻮاﻧﺪه ﻣﯿﺸﻮد اﺳﺘﻔﺎده ﻣﯿﺸﻮد.ﻣﺒﺤﺚ داﯾﻨﺎﻣﯿﮏ‬ ‫‪ NAT‬و ‪ NAT Pool‬ﻫﻤﯿﻨﻄﻮر ‪ PAT‬در دو آزﻣﺎﯾﺶ آﯾﻨﺪه ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﻨﺪ ﮔﺮﻓﺖ .‬ ‫‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ ﯾﺎ اﺳﺘﺎﺗﯿﮏ ﻫﻨﮕﺎﻣﯽ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد ﮐﻪ ﻧﯿﺎز داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﯾﮏ ﮐﻼﯾﻨﺖ ﻣﺸﺨﺺ ﺑﺎ آدرﺳﯽ‬ ‫ﻣﺸﺨﺺ در ﺷﺒﮑﻪ داﺧﻠﯽ ﺻﺮﻓﺎ از ﻃﺮﯾﻖ ﻓﻘﻂ ﯾﮏ آدرس ﺧﺎرﺟﯽ ﺑﺎ ﺷﺒﮑﻪ ﻣﻘﺼﺪ در ارﺗﺒﺎط ﺑﺎﺷﺪ .‬ ‫‪ :Inside Local‬آدرس ﻣﻨﺘﺴﺐ ﺷﺪه ﺑﻪ ﯾﮏ ﻫﺎﺳﺖ در ﺷﺒﮑﻪ داﺧﻠﯽ ﭼﻪ از ﻃﺮﯾﻖ ‪ Dhcp‬و ﭼﻪ ﺛﺎﺑﺖ‬ ‫‪ :Inside Global‬آدرس ﻣﻌﺘﺒﺮ ﻣﻨﺘﺴﺐ ﺷﺪه ﺗﻮﺳﻂ ﭘﺮواﯾﺪر ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ دوم روﺗﺮ ﻣﻮﺟﻮد در ﺷﺒﮑﻪ داﺧﻠﯽ‬ ‫‪:Outside local‬آدرس ﻣﻨﺘﺴﺐ ﺷﺪه ﺑﻪ ﯾﮏ ﻫﺎﺳﺖ در ﺷﺒﮑﻪ ﻣﻘﺼﺪ ﭼﻪ از ﻃﺮﯾﻖ ‪ Dhcp‬و ﭼﻪ ﺛﺎﺑﺖ‬ ‫‪ :Outside Global‬آدرس ﻣﻨﺘﺴﺐ ﺷﺪه ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﺧﺎرﺟﯽ روﺗﺮ ﺷﺒﮑﻪ ﻣﻘﺼﺪ‬ ‫در ﻓﺮاﯾﻨﺪ ﭘﯿﮑﺮﺑﻨﺪي ‪ NAT‬ﻣﯿﺒﺎﯾﺴﺖ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ورودي و ﺧﺮوﺟﯽ از ﻃﺮﯾﻖ ‪ ip nat inside | outside‬ﻣﺸﺨﺺ‬ ‫ﺷﻮﻧﺪ ﺑﺮاي ﻫﻤﯿﻦ ﻣﻨﻈﻮر در ﺗﻨﻈﻤﯿﺎت ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ ﺑﻪ دو آﯾﺘﻢ ﮐﻠﯿﺪي ﻧﯿﺎز دارﯾﻢ ، آدرس ﻫﺎﺳﺖ داﺧﻠﯽ ‪(inside‬‬ ‫)‪ local‬و آدرﺳﯽ ﮐﻪ آدرس داﺧﻠﯽ ﻣﺎ ﺑﺎﯾﺪ ﺑﻪ آن ﺗﺮﺟﻤﻪ ﺷﻮد)‪. (inside global‬‬ ‫ﭘﺲ از ﻣﺸﺨﺺ ﺷﺪن اﯾﻨﺪو، از ﻃﺮﯾﻖ ‪ip nat inside source static inside_local_ip outside_global_ip‬‬ ‫ﻣﮑﺎﻧﯿﺰم ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ در روﺗﺮ ﻣﻮرد ﻧﻈﺮ ﻓﻌﺎل ﻣﯿﺸﻮد. در ﻫﻨﮕﺎم ﮐﺎﻧﻔﯿﮓ ‪ NAT‬ﭼﻪ از ﻧﻮع ﯾﮏ ﺑﻪ ﯾﮏ ﯾﺎ ﯾﮏ ﺑﻪ‬ ‫ﭼﻨﺪ ﻣﯿﺘﻮان از ﻗﺎﺑﻠﯿﺖ ‪ Extendability‬در اﻧﺘﻬﺎي دﺳﺘﻮر ‪ Ip nat‬اﺳﺘﻔﺎده ﮐﺮد. ﺑﻪ ﻃﻮر ﮐﻠﯽ دو ﻧﻮع ‪ NAT‬اﺳﺘﺎﺗﯿﮏ‬ ‫ﯾﺎ ﯾﮏ ﺑﻪ ﯾﮏ وﺟﻮد دارد . در ﻧﻮع اول ﯾﺎ اﺳﺘﺎﻧﺪارد ﻧﮕﺎﺷﺘﯽ ﯾﮏ ﺑﻪ ﯾﮏ ﻣﺎﺑﯿﻦ آدرﺳﻬﺎي ﻣﺒﺪا و ﻣﻘﺼﺪ اﯾﺠﺎد ﻣﯿﺸﻮد و‬ ‫ﻫﺮ آدرس در ﺗﻨﻬﺎ ﯾﮏ ﻣﮑﺎﻧﯿﺰم ‪ NAT‬ﺷﺮﮐﺖ ﻣﯿﮑﻨﺪ.اﻣﺎ در ﻧﻮع ‪ extended‬اﯾﻦ ﻗﺎﺑﻠﯿﺖ وﺟﻮد دارد ﮐﻪ ﻧﮕﺎﺷﺘﯽ ﯾﮏ ﺑﻪ‬ ‫ﭼﻨﺪ ﻣﺎﺑﯿﻦ ﺗﻌﺪاد زﯾﺎدي آدرس ‪ inside local‬ﯾﺎ ‪ inside global‬ﺑﺮﻗﺮار ﺷﻮد.‬ ‫092 ‪Page 248 of‬‬
‫ﻋﺒﺎرت ‪ Extendable‬در اﻧﺘﻬﺎي دﺳﺘﻮر ‪ IP nat‬اﯾﻦ اﻣﮑﺎن را ﻓﺮاﻫﻢ ﻣﯽ آورد ﮐﻪ ﺗﻌﺪادي زﯾﺎدي دﺳﺘﻮر ‪ NAT‬ﺑﺎ‬ ‫آدرﺳﻬﺎي ﯾﮑﺴﺎن ‪ inside local‬ﯾﺎ ‪ inside global‬ﺑﺪون ﺗﺪاﺧﻞ و ﺗﻔﮑﯿﮏ ﺷﺪه در ﺳﻄﺢ ﭘﻮرت ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬ ‫ﮔﯿﺮﻧﺪ.‬ ‫ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل‬ ‫‪extendable‬‬ ‫‪extendable‬‬ ‫08‬ ‫344‬ ‫5.81.92.271‬ ‫5.81.92.271‬ ‫0808‬ ‫08‬ ‫1.1.11.01 ‪ip nat source static tcp‬‬ ‫41.1.11.01 ‪ip nat source static tcp‬‬ ‫ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر ‪ the show ip nat translations‬ﻣﯿﺘﻮان ﻣﺤﺘﻮاي ﺟﺪول ‪ NAT‬روﺗﺮ را ﻣﺸﺎﻫﺪه ﮐﺮد ﻫﻤﯿﻨﻄﻮر‬ ‫ﺑﺎ دﺳﺘﻮر * ‪ clear ip nat translation‬ﺗﻤﺎم آﻧﺮا ﺧﺎﻟﯽ ﮐﺮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ‪ NAT‬اﺳﺘﺎﺗﯿﮏ ﯾﮏ ﺑﻪ ﯾﮏ ﻣﺎﺑﯿﻦ دو ﮐﻤﭙﺎﻧﯽ ‪ ABC‬و ‪ XYZ‬ﮐﻪ ﻫﺮ دو داراي رﻧﺞ آدرس ﺳﻤﺖ‬ ‫ﮐﺎرﺑﺮ ﯾﮑﺴﺎن ﻫﺴﺘﻨﺪ اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ . ﻫﻤﺎﻧﻄﻮر ﮐﻪ از ﺗﺼﻮﯾﺮ زﯾﺮ ﭘﯿﺪاﺳﺖ ﻫﺮ دوي اﯾﻦ ﺷﺮﮐﺘﻬﺎ داراي ﻫﺎﺳﺘﯽ ﺑﺎ آدرس‬ ‫ﯾﮑﺴﺎن 41.41.111.01 ﮐﻪ در اﯾﻨﺠﺎ ﺑﺎ ﯾﮏ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺸﺨﺺ ﻫﺴﺘﻨﺪ .‬ ‫ﺗﺼﻮﯾﺮ 1.1.11- ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ ﻓﻮق و اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ زﯾﺮ در روﺗﺮﻫﺎ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ 1‪R‬‬ ‫092 ‪Page 249 of‬‬
!################################################### !# R1 Initial Config !################################################### ! enable configure terminal ! hostname R1 no ip domain-lookup ! interface loopback0 description ### SIMULATED SERVER ### ip address 10.111.14.14 255.255.255.255 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp exit ! interface Serial0/0.122 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.111.12.1 255.255.255.0 frame-relay interface-dlci 122 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.111.12.1 0.0.0.0 network 10.111.14.14 0.0.0.0 exit ! line con 0 logging sync no exec-timeout ! end R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# R2 Initial Config !################################################### ! enable configure terminal ! Page 250 of 290
hostname R2 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.111.12.2 255.255.255.0 frame-relay interface-dlci 221 exit ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 172.20.23.2 255.255.255.0 frame-relay interface-dlci 223 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.111.12.2 0.0.0.0 network 172.20.23.2 0.0.0.0 passive-interface Serial0/0.223 exit ! line con 0 logging sync no exec-timeout ! end10 R3 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# R3 Initial Config !################################################### ! enable configure terminal ! hostname R3 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay Page 251 of 290
no frame-relay inverse-arp exit ! interface Serial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 172.20.23.3 255.255.255.0 frame-relay interface-dlci 322 exit ! interface Serial0/0.324 point-to-point description ### PHYSICAL FRAME RELAY INTERFACE ### ip address 10.111.34.3 255.255.255.0 frame-relay interface-dlci 324 no shut ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 172.20.23.3 0.0.0.0 network 10.111.34.3 0.0.0.0 passive-interface Serial0/0.322 exit ! line con 0 logging sync no exec-timeout ! end R4 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# R4 Initial Config !################################################### ! enable configure terminal ! hostname R4 no ip domain-lookup ! interface loopback0 description ### SIMULATED SERVER ### ip address 10.111.14.14 255.255.255.255 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit Page 252 of 290
! interface Serial0/0.423 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 10.111.34.4 255.255.255.0 frame-relay interface-dlci 423 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.111.14.14 0.0.0.0 network 10.111.34.4 0.0.0.0 ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ NAT Inside , NAT Outside ‫ ﺑﻪ ﻋﻨﻮان‬R2,R3 ‫ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻣﺘﻨﺎﻇﺮ در‬ outside global ‫ ﺑﺎ ﻫﺪف ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ 41.41.111.01 ﺑﻪ‬R2 ‫ در‬NAT ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ‬   172.20.23.2 outside global ‫ ﺑﺎ ﻫﺪف ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ 41.41.111.01 ﺑﻪ‬R3 ‫ در‬NAT ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ‬  172.20.23.3 R1 ‫ در‬Lo0 ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ ﻫﺎﺳﺘﻬﺎي دوﻃﺮف از ﻃﺮﯾﻖ ﭘﯿﻨﮓ ﺑﺎ ﻣﺒﺪا‬ Page 253 of 290 
‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ NAT Inside , NAT Outside ‫ ﺑﻪ ﻋﻨﻮان‬R2,R3 ‫1. ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻣﺘﻨﺎﻇﺮ در‬ R2#configure terminal Enter configuration commands, one per line. End with R2(config)#interface Serial0/0.221 R2(config-subif)#ip nat inside %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, R2(config-subif)#interface Serial0/0.223 R2(config-subif)#ip nat outside R2(config-subif)#end R2# R3#configure terminal Enter configuration commands, one per line. End with R3(config)#interface Serial0/0.322 R3(config-subif)#ip nat outside %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, R3(config-subif)#interface Serial0/0.324 R3(config-subif)#ip nat inside R3(config-subif)#end R3# CNTL/Z. changed state to up CNTL/Z. changed state to up outside global ‫ ﺑﺎ ﻫﺪف ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ 41.41.111.01 ﺑﻪ‬R2 ‫ در‬NAT ‫1. اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ‬ 172.20.23.2 R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip nat inside source static 10.111.14.14 172.20.23.2 R2(config)#end R2# outside global ‫ ﺑﺎ ﻫﺪف ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ 41.41.111.01 ﺑﻪ‬R3 ‫ در‬NAT ‫3. اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ‬ 172.20.23.3 R3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ip nat inside source static 10.111.14.14 172.20.23.3 R3(config)#end R3# R1 ‫ در‬Lo0 ‫4. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ ﻫﺎﺳﺘﻬﺎي دوﻃﺮف از ﻃﺮﯾﻖ ﭘﯿﻨﮓ ﺑﺎ ﻣﺒﺪا‬ Page 254 of 290
R1#ping 172.20.23.3 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.20.23.3, timeout is 2 seconds: Packet sent with a source address of 10.111.1.14 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 88/90/93 ms R1# Page 255 of 290
Page 256 of 290
‫آزﻣﺎﯾﺶ 2.7 – ﺗﻨﻈﯿﻤﺎت ‪Dynamc NAT-NAT Pool‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ NAT Pool‬ﺑﻪ ﻣﻨﻈﻮر ﺗﺨﺼﯿﺺ آدرس از ﻣﺠﻤﻮﻋﻪ اي از آدرﺳﻬﺎي ﺧﺎرﺟﯽ ﺑﻪ‬ ‫ﻫﺎﺳﺘﻬﺎي داﺧﻠﯽ ﺑﺮ اﺳﺎس اﻟﻮﯾﺖ درﺧﻮاﺳﺖ از ﺳﻤﺖ ﺷﺒﮑﻪ داﺧﻠﯽ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫‪ NAT Pool‬ﻣﺠﻤﻮﻋﻪ اي از آدرﺳﻬﺎﺳﺖ ﮐﻪ ﺑﻪ ﻃﻮر ﻣﻨﻈﻢ و ﺑﺮ ﺣﺴﺐ ﺗﺮﺗﯿﺐ درﺧﻮاﺳﺖ ﯾﮏ آدرس واﻗﻊ در ‪Inside‬‬ ‫‪ local‬و ﻫﻤﺎﻫﻨﮓ ﺑﺎ ﺑﺎ اﮐﺴﺲ ﻟﯿﺴﺖ ﻣﺘﻨﺎﻇﺮ ﺑﻪ ﻣﺘﻘﺎﺿﯽ آن ﻣﻨﺘﺴﺐ ﻣﯿﺸﻮد.ﻣﺰﯾﺖ اﯾﻦ ﻧﻮع ﮐﺎﻧﻔﯿﮓ در اﻣﮑﺎن ﺑﻬﺮه‬ ‫ﮔﯿﺮي ﺷﺒﮑﻪ داﺧﻠﯽ از رﻧﺞ آدرس ﺧﺼﻮﺻﯽ ﻣﺒﺘﻨﯽ ﺑﺮ 8191‪ RFC‬ﻣﺎﻧﻨﺪ 8/0.0.0.01 و اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ دﻧﯿﺎي‬ ‫ﺧﺎرج اﯾﻦ ﻓﻀﺎي آدرﺳﯽ از ﻃﺮﯾﻖ ﻧﮕﺎﺷﺖ ﯾﮏ ﺑﻪ ﯾﮏ ﻣﺎﺑﯿﻦ آدرﺳﻬﺎي داﺧﻠﯽ و آدرﺳﻬﺎ ﻣﻌﺘﺒﺮ ﺧﺎرﺟﯽ واﻗﻊ در ‪NAT‬‬ ‫‪ Pool‬اﺳﺖ. اﻣﺮوزه ﻋﻤﺪه اﺳﺘﻔﺎده ‪ NAT pool‬در اﯾﺠﺎد ‪ DMZ‬اﺳﺖ وﯾﺎ ﺷﺮﮐﺘﻬﺎﯾﯽ ﮐﻪ ﻣﺎﯾﻠﻨﺪ ﻫﺮﯾﮏ از آدرﺳﻬﺎي‬ ‫ﻣﻮﺟﻮد در ﺷﺒﮑﻪ داﺧﻠﯿﺸﺎن از ﻃﺮﯾﻖ ﯾﮏ آدرس ﻣﻌﺘﺒﺮ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮد ﺑﻪ دﻧﯿﺎي ﺧﺎرج ﻣﺮﺗﺒﻂ ﺷﻮد.‬ ‫ﺟﻬﺖ ﮐﺎﻧﻔﯿﮓ ‪ NAT Pool‬در وﺣﻠﻪ اول ﻧﯿﺎز اﺳﺖ ‪ Pool‬ﻣﻮرد ﻧﻈﺮ از ﻃﺮﯾﻖ ﻣﺸﺨﺺ ﮐﺮدن ﻣﺤﺪوده اﺑﺘﺪا و اﻧﺘﻬﺎي‬ ‫آدرﺳﻬﺎ ﻣﺸﺨﺺ ﺷﻮد.ﭘﺲ از آن ﻣﯿﺒﺎﯾﺴﺖ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از دﺳﺘﻮر ‪ NAT‬ﮐﻪ از ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ وﯾﮋه ﺑﻪ ﻣﻨﻈﻮر‬ ‫اﻋﻤﺎل ﺳﯿﺎﺳﺖ ﻧﮕﺎﺷﺖ آدرﺳﻬﺎي داﺧﻠﯽ ﺑﻪ آدرﺳﻬﺎي ﻋﻤﻮﻣﯽ ﺧﺎرﺟﯽ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ ﻣﮑﺎﻧﯿﺰم ﺗﺮﺟﻤﻪ آدرس را ﺗﮑﻤﯿﻞ‬ ‫ﮐﻨﯿﻢ.‬ ‫ﺑﺮاي اﯾﺠﺎد ‪ NAT Pool‬از دﺳﺘﻮر # ‪ ip nat pool poolname sip.sip.sip.sip eip.eip.eip.eip prefix‬و در‬ ‫اداﻣﻪ از دﺳﺘﻮر ‪ip nat inside source list ACL#_OR_NAME pool POOLNAME‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از ﺳﻪ روﺗﺮ 3‪ R1,R2,R‬ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﻣﮑﺎﻧﯿﺰم ﺗﺮﺟﻤﻪ آدرس ﯾﮏ ﺷﺒﮑﻪ ﻣﺘﺼﻞ ﺑﻪ ‪ ISP‬اﺳﺘﻔﺎده‬ ‫ﺧﻮاﻫﯿﻢ ﮐﺮد و 2‪ R‬وﻇﯿﻔﻪ ﺗﺮﺟﻤﻪ آدرﺳﻬﺎي ﺷﺒﮑﻪ داﺧﻠﯽ ﺑﻪ آدرﺳﻬﺎي ﻣﻌﺘﺒﺮ ﺧﺎرﺟﯽ ﻣﺒﺘﻨﯽ ﺑﺮ ‪ NAT Pool‬اﺧﺬ ﺷﺪه‬ ‫از ‪ ISP‬را ﺑﻪ ﻋﻬﺪه ﺧﻮاﻫﺪ داﺷﺖ.‬ ‫.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﺑﻪ روﺗﺮﻫﺎ‬ ‫092 ‪Page 257 of‬‬
NAT Pool – 11.2.1 ‫ﺗﺼﻮﯾﺮ‬ R1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# Lab 7-2 R1 Initial Config # !################################################### ! enable configure terminal ! hostname R1 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp exit ! interface Serial0/0.122 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.112.12.1 255.255.255.252 frame-relay interface-dlci 122 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.112.12.1 0.0.0.0 exit ! line con 0 logging sync Page 258 of 290
no exec-timeout ! end R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# Lab 7-2 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.112.12.2 255.255.255.252 frame-relay interface-dlci 221 exit ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 171.18.24.1 255.255.255.224 frame-relay interface-dlci 223 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.112.12.2 0.0.0.0 network 171.18.24.1 0.0.0.0 redistribute static passive-interface Serial0/0.223 exit ! ip route 0.0.0.0 0.0.0.0 171.18.24.2 ! line con 0 logging sync no exec-timeout ! end Page 259 of 290
R3 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# Lab 11-2 R3 Initial Config # !################################################### ! enable configure terminal ! hostname R3 no ip domain-lookup ! interface Loopback0 description ### SIMULATED INTERNET HOST ### ip address 4.2.2.2 255.255.255.255 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 171.18.24.2 255.255.255.224 frame-relay interface-dlci 322 exit ! interface Serial0/0 no shut exit ! line con 0 logging sync no exec-timeout ! End ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ EIGRP AS 10 ‫ آﻧﻬﺎ در‬advertise ‫ از رﻧﺞ 22/0.0.55.01 و‬R1 ‫اﯾﺠﺎد 4 اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ در‬  171.18.24.5-25/27 ‫ ﺑﺎ رﻧﺞ‬NAT Pool ‫ و اﯾﺠﺎد‬R2 ‫ در‬NAT ‫ﺗﻨﻈﯿﻢ ﭘﺎرﻣﺘﺮﻫﺎي اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﻌﺎل‬  ‫ ﺟﻬﺖ اﻋﻤﺎل ﺳﯿﺎﺳﺖ اﻧﺘﺴﺎب آدرﺳﻬﺎي داﺧﻠﯽ ﺑﻪ ﺧﺎرﺟﯽ‬R2 ‫ ﺷﺪه در‬extend ‫اﯾﺠﺎد اﮐﺴﺲ ﻟﯿﺴﺖ‬  dynamic NAT ‫اﯾﺠﺎد‬  NAT ‫ از ﻃﺮﯾﻖ‬R3 ‫ ﺑﺎ آدرس 2.2.2.4 در‬R1 ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط‬  R1 ‫ ﺑﻪ ﻫﺎﺳﺘﻬﺎي ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﮑﻪ داﺧﻠﯽ‬Pool ‫ﺗﺴﺖ ﺻﺤﺖ اﻧﺘﺴﺎب آدرﺳﻬﺎي‬  Page 260 of 290
‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ EIGRP AS 10 ‫ آﻧﻬﺎ در‬advertise ‫ از رﻧﺞ 22/0.0.55.01 و‬R1 ‫1. اﯾﺠﺎد 4 اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ در‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface loopback0 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up R1(config-if)#ip add 10.55.0.1 255.255.255.0 R1(config-if)#interface loopback1 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up R1(config-if)#ip add 10.55.1.1 255.255.255.0 R1(config-if)#interface loopback2 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2, changed state to up R1(config-if)#ip add 10.55.2.1 255.255.255.0 R1(config-if)#interface loopback3 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback3, changed state to up R1(config-if)#ip add 10.55.3.1 255.255.255.0 R1(config-if)#exit R1(config)#router eigrp 10 R1(config-router)#network 10.55.0.0 0.0.3.255 R1(config-router)#end R1# 171.18.24.5-25/27 ‫ ﺑﺎ رﻧﺞ‬NAT Pool ‫ و اﯾﺠﺎد‬R2 ‫ در‬NAT ‫2. ﺗﻨﻈﯿﻢ ﭘﺎرﻣﺘﺮﻫﺎي اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﻌﺎل‬ R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0.221 R2(config-subif)#ip nat inside %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up R2(config-subif)#interface Serial0/0.223 R2(config-subif)#ip nat outside R2(config-subif)#exit R2(config)#ip nat pool natpool1 171.18.24.5 171.18.24.25 prefix-length 27 R2(config)# ‫ ﺟﻬﺖ اﻋﻤﺎل ﺳﯿﺎﺳﺖ اﻧﺘﺴﺎب آدرﺳﻬﺎي داﺧﻠﯽ ﺑﻪ ﺧﺎرﺟﯽ‬R2 ‫ ﺷﺪه در‬extend ‫3. اﯾﺠﺎد اﮐﺴﺲ ﻟﯿﺴﺖ‬ R2(config)#ip access-list extended NATPOOL_ACL R2(config-ext-nacl)#10 permit ip 10.55.0.0 0.0.3.255 any R2(config-ext-nacl)#exit R2(config)# Page 261 of 290
dynamic NAT ‫4. اﯾﺠﺎد‬ R2(config)#ip nat inside source list NATPOOL_ACL pool natpool1 R2(config)#end R2# NAT ‫ از ﻃﺮﯾﻖ‬R3 ‫ ﺑﺎ آدرس 2.2.2.4 در‬R1 ‫5. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط‬ R1#ping 4.2.2.2 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.0.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/104/196 ms R1#ping 4.2.2.2 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/108/184 ms R1#ping 4.2.2.2 source lo2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.2.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/136/252 ms R1#ping 4.2.2.2 source lo3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.3.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/83/224 ms R1# R1 ‫ ﺑﻪ ﻫﺎﺳﺘﻬﺎي ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﮑﻪ داﺧﻠﯽ‬Pool ‫6. ﺗﺴﺖ ﺻﺤﺖ اﻧﺘﺴﺎب آدرﺳﻬﺎي‬ R2#show ip nat translations Pro Inside global Inside local icmp 171.18.24.5:2 10.55.0.1:2 --- 171.18.24.5 10.55.0.1 icmp 171.18.24.6:3 10.55.1.1:3 --- 171.18.24.6 10.55.1.1 icmp 171.18.24.7:4 10.55.2.1:4 Outside local 4.2.2.2:2 --4.2.2.2:3 --4.2.2.2:4 Outside global 4.2.2.2:2 --4.2.2.2:3 --4.2.2.2:4 Page 262 of 290
--- 171.18.24.7 icmp 171.18.24.8:5 --- 171.18.24.8 R2# Page 263 of 290 10.55.2.1 10.55.3.1:5 10.55.3.1 --4.2.2.2:5 --- --4.2.2.2:5 ---
‫آزﻣﺎﯾﺶ 3.7 – ﺗﻨﻈﯿﻤﺎت ‪PAT‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ PAT‬ﺑﻪ ﻣﻨﻈﻮر ﺗﺮﺟﻤﻪ ﺗﻌﺪاد زﯾﺎدي آدرس داﺧﻠﯽ ﺑﻪ ﯾﮏ آدرس ﻋﻤﻮﻣﯽ ﺧﺎرﺟﯽ‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺳﺨﻦ از ‪ NAT‬ﺑﻪ ﻣﯿﺎن ﻣﯽ آﯾﺪ ﻋﻤﻮﻣﺎ ذﻫﻨﻬﺎ ﺑﻪ ﺳﻤﺖ ﻓﺮاﯾﻨﺪ ﺗﺮﺟﻤﻪ آدرس ﺗﻌﺪاد زﯾﺎدي آدرس ﺧﺼﻮﺻﯽ‬ ‫داﺧﻠﯽ ﺑﻪ ﯾﮏ آدرس ﻋﻤﻮﻣﯽ ﻣﺘﻮﺟﻪ ﻣﯿﺸﻮﻧﺪ ﮐﻪ ﺑﻪ ﻏﻠﻂ ‪ NAT‬ﺧﻮاﻧﺪه ﻣﯿﺸﻮد.ﻋﻨﻮان ﺻﺤﯿﺢ اﯾﻦ ﻓﺮاﯾﻨﺪ ‪ PAT‬ﯾﺎ ‪port‬‬ ‫‪ address translation‬اﺳﺖ.‬ ‫‪ PAT‬ﻧﻮﻋﯽ از ‪ NAT‬ﻣﺤﺴﻮب ﻣﯿﺸﻮد ﮐﻪ ﺗﻌﺪاد زﯾﺎدي آدرس داﺧﻠﯽ ‪Inside local‬را ﺑﻪ ﯾﮏ آدرس ﻋﻤﻮﻣﯽ ‪Inside‬‬ ‫‪ global‬ﮐﻪ ﻋﻤﺪﺗﺎ ﺗﻮﺳﻂ ‪ ISP‬در اﺧﺘﯿﺎر ﮔﺬاﺷﺘﻪ ﻣﯿﺸﻮد ﺗﺮﺟﻤﻪ ﻣﯿﮑﻨﺪ.‪ PAT‬را در ﻋﯿﻦ ﺣﺎل ﻣﯿﺘﻮان ﺑﻪ ﺻﻮرت ﻓﺮم‬ ‫داﯾﻨﺎﻣﯿﮏ ‪ Extended NAT‬ﻫﻢ در ﻧﻈﺮ ﮔﺮﻓﺖ.ﻋﻤﻠﮑﺮد ﻋﻤﻮﻣﯽ ‪ PAT‬ﺑﺴﯿﺎر ﺳﺎده اﺳﺖ ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﯾﮏ ‪ PC‬در‬ ‫ﺷﺒﮑﻪ داﺧﻠﯽ ﺑﺎ آدرس 22.1.55.01 ﻗﺼﺪ دارد ﮐﻪ ﺑﻪ اﯾﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﻮد اﻣﺎ اﯾﻦ رﻧﺞ ‪ IP‬ﻗﺎﺑﻠﯿﺖ روﺗﯿﻨﮓ در اﯾﻨﺘﺮﻧﺖ را‬ ‫ﻧﺪارد ﭘﺲ ﺑﻪ ‪ IP‬ﻧﯿﺎز اﺳﺖ ﮐﻪ اﯾﻦ ﻗﺎﺑﻠﯿﺖ را داﺷﺘﻪ ﺑﺎﺷﺪ.ﻫﻨﮕﺎﻣﯽ ﮐﻪ ‪ PC‬درﺧﻮاﺳﺖ ارﺗﺒﺎط ﺑﺎ اﯾﻨﺘﺮﻧﺖ را ﺑﻪ ﺳﻤﺖ روﺗﺮ‬ ‫ﻣﺤﻠﯽ ارﺳﺎل ﻣﯿﮑﻨﺪ روﺗﺮ ﭘﮑﺖ درﯾﺎﻓﺘﯽ را ﺑﻪ آدرس ﻋﻤﻮﻣﯽ ﺧﻮد و ﯾﮏ ﺷﻤﺎره ﭘﻮرت ﺗﺼﺎدﻓﯽ ‪ PAT‬ﻣﯿﮑﻨﺪ و اﯾﻦ‬ ‫ﺟﺮﯾﺎن ﮐﺎري را در ﺟﺪول ‪ NAT‬ﺧﻮد ﺟﻬﺖ اﻧﺠﺎم ﻣﻌﮑﻮس اﯾﻦ ﻓﺮاﯾﻨﺪ روي ﭘﮑﺘﻬﺎي ﺑﺎزﮔﺸﺘﯽ ذﺧﯿﺮه ﻣﯿﮑﻨﺪ.‬ ‫در ﻣﺜﺎل ﺑﺎﻻ ‪ PC‬ﺑﺎ آدرس 22.1.55.01 ﺗﻼش ﻣﯿﮑﻨﺪ ﺗﺎ ﺑﺎ آدرس 4.2.2.4 ﺗﻤﺎس ﺑﺮﻗﺮار ﮐﻨﺪ ﭘﺲ در ﻣﺮﺣﻠﻪ اول ﺗﺮاﻓﯿﮏ‬ ‫را ﺑﻪ ﺳﻤﺖ ‪ default gateway‬ﺷﺒﮑﻪ ارﺳﺎل ﻣﯿﮑﻨﺪ و اﯾﻦ روﺗﺮ ﻫﻢ از ﻃﺮﯾﻖ ﯾﮏ اﺗﺼﺎل 1‪ T‬ﺑﻪ اﯾﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ‬ ‫اﺳﺖ.روﺗﺮ ﭘﺲ از درﯾﺎﻓﺖ ﭘﮑﺖ ورودي ﺑﺎ آدرس 22.1.55.01 و ﺷﻤﺎره ﭘﻮرﺗﯽ ﺧﺎص آﻧﺮا ﺑﻪ آدرس اﯾﻨﺘﺮﻓﯿﺲ 1‪ T‬ﺧﻮد و‬ ‫ﺷﻤﺎره ﭘﻮرت ﺗﺼﺎدﻓﯽ ﺑﺎ ﻫﻤﺎن ﻣﻘﺼﺪ اوﻟﯿﻪ ﺗﺮﺟﻤﻪ ﻣﯿﮑﻨﺪ و اﯾﻦ ﻓﺮاﯾﻨﺪ را در ﺟﺪول ‪ NAT‬ﺧﻮد ذﺧﯿﺮه ﻣﯿﮑﻨﺪ.ﭘﺲ از‬ ‫آن ﭘﮑﺖ را ﺑﻪ دﻧﯿﺎي ﺧﺎرج ارﺳﺎل ﻣﯿﮑﻨﺪ. ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺗﺮاﻓﯿﮏ ﻣﺠﺪدا ﺑﻪ روﺗﺮ ﺑﺎز ﻣﯿﮕﺮدد از ﻫﻤﺎن ﻓﺮاﯾﻨﺪ ﯾﺎدداﺷﺖ ﺷﺪه‬ ‫در ﺟﺪول ‪ NAT‬ﺧﻮد ﺟﻬﺖ ﺗﺮﺟﻤﻪ ﻣﻌﮑﻮس آدرس و رﺳﺎﻧﺪن ﺗﺮاﻓﯿﮏ ﺑﻪ آدرس ﺷﺒﮑﻪ داﺧﻠﯽ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ.‬ ‫ﺟﻬﺖ ﺗﻨﻈﯿﻢ ‪ PAT‬ﻣﺎﻧﻨﺪ ﻫﻤﻪ ‪ NAT‬ﻫﺎﯾﯽ ﮐﻪ ﺗﺎ ﮐﻨﻮن دﯾﺪﯾﻢ ﻧﯿﺎز اﺳﺖ ﺗﺎ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي داﺧﻠﯽ و ﺧﺎرﺟﯽ ﻣﺸﺨﺺ‬ ‫ﺷﻮﻧﺪ.ﭘﺲ از آن ﻫﻢ ﻧﯿﺎز ﺑﻪ ‪ Acl‬ﺟﻬﺖ ارﺟﺎ دﺳﺘﻮر ‪ NAT‬ﺑﻪ آن ﺑﻪ ﻣﻨﻈﻮر اﻋﻤﺎل ﺳﯿﺎﺳﺖ ﻫﺎي دﺳﺘﺮﺳﯽ اﺳﺖ.در‬ ‫ﺻﻮرﺗﯿﮑﻪ داراي رﻧﺠﯽ از آدرﺳﻬﺎي ﻋﻤﻮﻣﯽ ﻫﺴﺘﯿﺪ و ﻣﺎﯾﻠﯿﺪ ﮐﻪ ﺑﻪ ﺟﺎي اﺳﺘﻔﺎده از ﯾﮏ ﺗﮏ آدرس ﻣﻨﺘﺴﺐ ﺑﻪ‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ‪ WAN‬روﺗﺮ از ﯾﮑﯽ از آﻧﻬﺎ اﺳﺘﻔﺎده ﮐﻨﯿﺪ ﻧﯿﺎز اﺳﺖ ﺗﺎ در اﺑﺘﺪا ﯾﮏ ‪ NAT Pool‬ﺑﺎ رﻧﺠﯽ از آدرﺳﻬﺎي ﻣﻮرد‬ ‫ﻧﻈﺮ اﯾﺠﺎد ﺷﻮد اﻣﺎ ﻋﻤﻮﻣﺎ ﻓﺮاﯾﻨﺪ ‪ PAT‬از ﻃﺮﯾﻖ ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ ﺑﻪ آدرس ﻋﻤﻮﻣﯽ ﻣﻨﺘﺴﺐ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ‪WAN‬‬ ‫ﺻﻮرت ﻣﯿﭙﺬﯾﺮد . در اﯾﻦ ﺣﺎﻟﺖ ﻧﯿﺎزي ﺑﻪ ﻣﺸﺨﺺ ﮐﺮدن ‪ pool‬ﻧﯿﺴﺖ و ﺻﺮﻓﺎ ﻣﺸﺨﺼﺎ ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ ﻫﻤﺮاه ﻋﺒﺎرت‬ ‫‪ overload‬ﮐﺎﻓﯽ اﺳﺖ ﻣﺜﻞ :‬ ‫‪ip nat inside source list PAT_TRAFFIC interface Serial0/0.223 overload‬‬ ‫092 ‪Page 264 of‬‬
‫ اﺳﺘﻔﺎده‬R3 ‫ در‬ISP ‫ ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﺷﺒﮑﻪ ﯾﮏ ﮐﻤﭙﺎﻧﯽ ﮐﻮﭼﮏ ﻣﺘﺼﻞ ﺑﻪ‬R1,R2,R3 ‫در اﯾﻦ آزﻣﺎﯾﺶ از روﺗﺮﻫﺎي‬ ‫ ﺑﻪ ﻋﻬﺪه‬R3 ‫ را ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ‬R1 ‫ آدرﺳﻬﺎي داﺧﻠﯽ ﻣﺘﺼﻞ ﺑﻪ‬PAT ‫ وﻇﯿﻔﻪ‬R2 ‫ﺧﻮاﻫﯿﻢ ﮐﺮد.در اﯾﻦ ﺑﯿﻦ‬ .‫ﺧﻮاﻫﺪ داﺷﺖ‬ :‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮرات زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ip nat inside source list aclnameor# ip.ip.ip.ip overload ip nat inside source list aclnameor# interface interface#/# overload show ip nat translations – clear ip nat translation * The following logical topology shown below is used in this lab; Port Address Translation -11.3.1 ‫ﺗﺼﻮﯾﺮ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫اﻋﻤﺎل ﺗﻨﻈﻤﯿﺎت اوﻟﯿﻪ روﺗﺮﻫﺎ ﻣﻄﺎﺑﻖ زﯾﺮ‬ R1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################### !# Lab 7-3 R1 Initial Config # !################################################### ! enable configure terminal ! hostname R1 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address Page 265 of 290 
encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp exit ! interface Serial0/0.122 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.113.12.1 255.255.255.252 frame-relay interface-dlci 122 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.113.12.1 0.0.0.0 exit ! line con 0 logging sync no exec-timeout ! end R2 ‫ﺗﻨﻈﻤﯿﺎت اوﻟﯿﻪ‬ !################################################### !# 7-3 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.113.12.2 255.255.255.252 frame-relay interface-dlci 221 exit ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 172.29.81.1 255.255.255.252 Page 266 of 290
frame-relay interface-dlci 223 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.113.12.2 0.0.0.0 network 172.29.81.1 0.0.0.0 redistribute static passive-interface Serial0/0.223 exit ! ip route 0.0.0.0 0.0.0.0 172.29.81.2 ! line con 0 logging sync no exec-timeout ! end R3 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################### !# Lab 7-3 R3 Initial Config # !################################################### ! enable configure terminal ! hostname R3 no ip domain-lookup ! interface Loopback0 description ### SIMULATED INTERNET HOST ### ip address 4.2.2.2 255.255.255.255 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 172.29.81.2 255.255.255.224 frame-relay interface-dlci 322 exit ! interface Serial0/0 no shut exit ! Page 267 of 290
line con 0 logging sync no exec-timeout ! End ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ EIGRP AS 10 ‫اﯾﺠﺎد 4 اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ 22/0.0.55.01 و ﻣﻌﺮﻓﯽ آﻧﻬﺎ ﺑﻪ‬  R2 ‫ در‬NAT ‫ ﻣﺮﺗﺒﻂ ﺑﺎ‬inside/outside ‫ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي‬  R2 ‫ ﺑﺎ ﻧﺎم در‬ACL ‫اﯾﺠﺎد ﯾﮏ‬ Serial0/0.223 ‫ از ﻃﺮﯾﻖ اﯾﻨﺘﺮﻓﯿﺲ‬R2 ‫ در‬PAT ‫ﺗﻨﻈﯿﻢ‬   R1 ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ 4.2.2.4 از ﺳﻤﺖ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ واﻗﻊ در‬  R2 ‫ در‬NAT Table ‫ﺑﺮرﺳﯽ ﻣﺤﺘﻮاي‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ EIGRP AS 10 ‫1. اﯾﺠﺎد 4 اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ 22/0.0.55.01 و ﻣﻌﺮﻓﯽ آﻧﻬﺎ ﺑﻪ‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface loopback0 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed R1(config-if)#ip add 10.55.0.1 255.255.255.0 R1(config-if)#interface loopback1 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed R1(config-if)#ip add 10.55.1.1 255.255.255.0 R1(config-if)#interface loopback2 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2, changed R1(config-if)#ip add 10.55.2.1 255.255.255.0 R1(config-if)#interface loopback3 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback3, changed R1(config-if)#ip add 10.55.3.1 255.255.255.0 R1(config-if)#exit R1(config)#router eigrp 10 R1(config-router)#network 10.55.0.0 0.0.3.255 R1(config-router)#end R1# state to up state to up state to up state to up R2 ‫ در‬NAT ‫ ﻣﺮﺗﺒﻂ ﺑﺎ‬inside/outside ‫2. ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي‬ Page 268 of 290
R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0.221 R2(config-subif)#ip nat inside %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up R2(config-subif)#interface Serial0/0.223 R2(config-subif)#ip nat outside R2(config-subif)#exit R2(config)# .‫ ﺟﻬﺖ ﺻﺪور ﻣﺠﻮز ﺗﺮدد آدرﺳﻬﺎي ﺷﺒﮑﻪ داﺧﻠﯽ ﺑﻪ اﯾﻨﺘﺮﻧﺖ‬R2 ‫ ﺑﺎ ﻧﺎم در‬ACL ‫3. اﯾﺠﺎد ﯾﮏ‬ R2(config)#ip access-list extended PAT_TRAFFIC_ACL R2(config-ext-nacl)#10 permit ip 10.55.0.0 0.0.3.255 any R2(config-ext-nacl)#exit R2(config)# Serial0/0.223 ‫ از ﻃﺮﯾﻖ اﯾﻨﺘﺮﻓﯿﺲ‬R2 ‫ در‬PAT ‫4. ﺗﻨﻈﯿﻢ‬ R2(config)#ip nat inside source list PAT_TRAFFIC_ACL interface Serial0/0.223 overload R2(config)#end R2# R1 ‫5. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ 4.2.2.4 از ﺳﻤﺖ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ واﻗﻊ در‬ R1#ping 4.2.2.2 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.0.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 52/94/168 ms R1#ping 4.2.2.2 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/108/200 ms R1#ping 4.2.2.2 source lo2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.2.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 72/133/196 ms R1#ping 4.2.2.2 source lo3 Page 269 of 290
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.3.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/114/240 ms R1# R2 ‫ در‬NAT Table ‫6. ﺑﺮرﺳﯽ ﻣﺤﺘﻮاي‬ R2#show ip nat translations Pro Inside global Inside local icmp 172.29.81.1:2 10.55.0.1:2 icmp 172.29.81.1:3 10.55.1.1:3 icmp 172.29.81.1:4 10.55.2.1:4 icmp 172.29.81.1:5 10.55.3.1:5 R2# Outside local 4.2.2.2:2 4.2.2.2:3 4.2.2.2:4 4.2.2.2:5 Outside global 4.2.2.2:2 4.2.2.2:3 4.2.2.2:4 4.2.2.2:5 Page 270 of 290
‫آزﻣﺎﯾﺶ 4.7- ﺗﻨﻈﻤﯿﺎت ‪DHCP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ DHCP‬ﺟﻬﺖ ﺗﺨﺼﯿﺺ ﺧﻮدﮐﺎر ‪ IP‬ﺑﻪ ﻫﺎﺳﺖ ﻫﺎي درون ﺷﺒﮑﻪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺗﺨﺼﯿﺺ اﺳﺘﺎﺗﯿﮏ ‪ IP‬ﺑﻪ ﺗﻌﺪاد زﯾﺎدي از ادوات ﻧﯿﺎزﻣﻨﺪ ﺑﻪ آدرس در ﺷﺒﮑﻪ ﻓﺮاﯾﻨﺪي وﻗﺖ ﮔﯿﺮ و ﺧﺴﺘﻪ ﮐﻨﻨﺪه ﺧﻮاﻫﺪ‬ ‫ﺑﻮد.ﺑﺮاي ﺣﻞ اﯾﻦ ﻣﻌﻀﻞ در ﺷﺒﮑﻪ ﻫﺎي اﻣﺮوزي از ‪ DHCP‬ﺑﺎ ﻫﺪف ﺗﺨﺼﯿﺺ ﺧﻮدﮐﺎر ‪ IP‬آدرس ﺑﻪ ادوات ﻓﺎﻗﺪ آدرس‬ ‫در ﺷﺒﮑﻪ اﺳﺘﻔﺎده ﻣﯿﺸﻮد.‬ ‫‪ DHCP‬ﺑﻪ ﻃﻮر ﻋﺎم داراي ﺗﻌﺮﯾﻒ ﻋﻤﻠﯿﺎﺗﯽ ﺑﺴﯿﺎر ﺳﺎده اﺳﺖ. ﺳﺮوﯾﺴﯽ اﺳﺖ ﮐﻪ ﺑﻪ درﺧﻮاﺳﺘﻬﺎي ‪ DHCP‬ادوات ﻓﺎﻗﺪ‬ ‫آدرس ﭘﺎﺳﺦ ﻣﯿﺪﻫﺪ.اﯾﻦ ﭘﺎﺳﺦ ﻣﯿﺘﻮاﻧﺪ ﺷﺎﻣﻞ ﻣﺸﺨﺼﻪ ﻫﺎي ﺗﮑﻤﯿﻠﯽ دﯾﮕﺮي ﻧﯿﺰ ﻫﻤﭽﻮن ﻧﺎم داﻣﻨﻪ و‬ ‫‪ Wins,Dns,default gateway,Ntp server‬وﺑﺴﯿﺎري دﯾﮕﺮ ﻫﻢ ﺑﺎﺷﺪ ﮐﻪ ﻫﻤﺮاه ﺑﺎ آدرس ﺑﻪ ﻫﺎﺳﺖ ﻣﻮرد ﻧﻈﺮ‬ ‫ﻣﻨﺘﺴﺐ ﻣﯿﺸﻮد.‬ ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﺷﺎره ﺷﺪ ‪ DHCP‬اﻣﺮوز در ﻫﺮ ﺷﺒﮑﻪ اي ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد اﻣﺎ در ﻣﻮاردي ﻫﻤﭽﻮن آدرس دﻫﯽ ﺑﻪ‬ ‫ادوت ﻣﻮﺟﻮد در ﻧﺎﺣﯿﻪ ‪ , DMZ‬ﺳﺮورﻫﺎ , ادوات زﯾﺮﺳﺎﺧﺘﯽ ﺷﺒﮑﻪ ﻣﺜﻞ روﺗﺮﻫﺎ و ﺳﻮﯾﯿﺠﻬﺎ ﻣﯿﺒﺎﯾﺴﺖ از آدرس دﻫﯽ‬ ‫اﯾﺴﺘﺎ اﺳﺘﻔﺎده ﺷﻮد.‬ ‫ﯾﮑﯽ از اوﻟﯿﻦ ﻣﻌﻤﺎﻫﺎﯾﯽ ﮐﻪ در ﺧﺼﻮص ‪ DHCP‬ﻣﻤﮑﻦ اﺳﺖ ﺑﻪ ذﻫﻦ ﺑﺮﺳﺪ اﯾﻨﺴﺖ ﮐﻪ ﭼﮕﻮﻧﻪ ‪ DHCP server‬ﻣﺘﻮﺟﻪ‬ ‫ﻣﯿﺸﻮد ﮐﻪ ﺑﺎﯾﺴﺖ ﺑﻪ ﻫﺎﺳﺘﯽ در ﺷﺒﮑﻪ ﻓﺮﺿﺎ 42/0.21.411.01 ﻗﺮار دارد آدرس ﺗﺨﺼﯿﺼﺺ دﻫﺪ اﯾﻦ در ﺣﺎﻟﯿﺴﺖ ﮐﻪ‬ ‫ﺧﻮد ﺳﺮور در 42/0.49.411.01 ﻗﺮار دارد.اﯾﻦ ﻣﺴﺌﻠﻪ از ﻃﺮﯾﻖ ‪ Ip helper‬ﺣﻞ ﻣﯿﺸﻮد ﮐﻪ در آزﻣﺎﯾﺶ 6.11 ﺑﻪ آن‬ ‫ﻣﯿﭙﺮدازﯾﻢ.‬ ‫ﺑﺮاي ﮐﺎﻧﻔﯿﮓ ‪ DHCP‬ﺗﻌﺪادي ﭘﯿﺶ ﻧﯿﺎز وﺟﻮد دارد ﮐﻪ اوﻟﯿﻦ آﻧﻬﺎ اﯾﺠﺎد ‪ pool‬اﺳﺖ.ﻫﺮ ‪ pool‬دراراي ﻧﺎﻣﯽ ﻣﺠﺰاﺳﺖ و‬ ‫از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ ip dhcp pool POOL_NAME‬اﯾﺠﺎد ﻣﯿﺸﻮد.ﭘﺲ از اﯾﺠﺎد ‪ pool‬وارد ﻣﺤﯿﻂ ‪DHCP config‬‬ ‫‪ mode‬از ﻃﺮﯾﻖ اﻋﻼن #)‪ hostname(dhcp-config‬ﻣﯿﺸﻮﯾﻢ.ﭘﺲ از اﯾﺠﺎد ‪ pool‬ﻧﻮﺑﺖ ﺑﻪ ﻣﺸﺨﺺ ﮐﺮدن ﻓﻀﺎي‬ ‫آدرﺳﯽ ﻣﻮﺟﻮد در آن ﻣﯿﺮﺳﺪ ﮐﻪ از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ network A.B.C.D /x‬ﺻﻮرت ﻣﯿﮕﯿﺮد.‬ ‫ﭘﺲ از ﺗﻨﻈﯿﻢ ﻣﺮاﺗﺐ ﻓﻮق ﻧﻮﺑﺖ ﺑﻪ ﻣﺸﺨﺺ ﮐﺮدن ‪ leased time‬ﯾﺎ ﻣﺪت زﻣﺎن در اﺧﺘﯿﺎر ﮔﺬاﺷﺘﻦ آدرس ﺑﻪ ﻣﺘﻘﺎﺿﯽ‬ ‫ﻣﯿﺮﺳﺪ.اﯾﻦ ﮐﺎر از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ the lease days hours minutes seconds‬اﻧﺠﺎم ﻣﯿﺸﻮد‬ ‫092 ‪Page 271 of‬‬
‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﺷﺎره ﺷﺪ ﻣﺸﺨﺼﻪ ﻫﺎي زﯾﺎدي ﻧﯿﺰ وﺟﻮ دارﻧﺪ ﮐﻪ از ﻃﺮﯾﻖ ‪ DHCP‬ﻣﯿﺘﻮان آﻧﻬﺎ را ﺑﻪ ﻣﺘﻘﺎﺿﯽ آدرس‬ ‫ﻣﻨﺘﺴﺐ ﮐﺮد ﻣﺎﻧﻨﺪ ﻧﺎم داﻣﻨﻪ. اﯾﻦ ﻣﻮرد از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ domain-name NAME‬ﺻﻮرت ﻣﯿﮕﯿﺮد. ﺑﺮاي ﻣﺸﺨﺺ‬ ‫ﮐﺮدن ‪ DNS server‬ﻫﻢ از دﺳﺘﻮر .‪ dns-server A.B.C.D‬اﺳﺘﻔﺎده ﻣﯿﺸﻮد.‬ ‫آﺧﺮﯾﻦ و ﻣﻬﻤﺘﺮﯾﻦ ﻣﺸﺨﺼﻪ اي ﮐﻪ ﺑﻪ ﻃﻮر ﻣﻌﻤﻮل از ﻃﺮﯾﻖ ‪ DHCP‬در اﺧﺘﯿﺎر ﻫﺎﺳﺘﻬﺎي ﻣﺘﻘﺎﺿﯽ ﻗﺮار ﻣﯿﮕﯿﺮد‬ ‫‪ defaul_gateway‬اﺳﺖ اﯾﻦ ﻋﻤﻞ ﻧﯿﺰ از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ default-router A.B.C.D‬اﻧﺠﺎم ﻣﯿﺸﻮد‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 1‪ R‬را ﺑﻪ ﻋﻨﻮان ‪ DHCP server‬و 2‪ R‬را ﺑﻪ ﻋﻨﻮان ‪ DHCP Client‬ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﯾﮏ ‪ PC‬در‬ ‫ﻣﺤﯿﻂ ﺷﺒﮑﻪ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﺧﻮاﻫﻨﺪ ﮔﺮﻓﺖ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 2‪ SW1,R1,R‬ﻣﻄﺎﺑﻖ دﺳﺘﻮرات زﯾﺮ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 7-4 R1 Initial Config‬‬ ‫###################################################!‬ ‫!‬ ‫‪enable‬‬ ‫‪configure terminal‬‬ ‫!‬ ‫1‪hostname R‬‬ ‫‪no ip domain-lookup‬‬ ‫!‬ ‫0/0‪interface FastEthernet‬‬ ‫### ‪description ### LAN INTERFACE‬‬ ‫0.552.552.552 1.21.411.01 ‪ip address‬‬ ‫‪no shut‬‬ ‫!‬ ‫0 ‪line con‬‬ ‫‪logging sync‬‬ ‫‪no exec-timeout‬‬ ‫!‬ ‫‪end‬‬ ‫092 ‪Page 272 of‬‬
R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################### !# Free CCNA Workbook Lab 7-4 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface FastEthernet0/0 description ### LAN INTERFACE ### no shut ! line con 0 logging sync no exec-timeout ! end R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################### !# Free CCNA Workbook Lab 7-4 SW1 Initial Config # !################################################### ! enable configure terminal ! hostname SW1 no ip domain-lookup ! ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ LAB_POOL1 ‫ ﺑﺎ ﻧﺎم‬R1 ‫ در‬DHCP pool ‫اﯾﺠﺎد‬ LAB_POOL1 ‫ ﺑﻪ‬Tetlab.local ‫ﺗﺨﺼﯿﺺ ﻧﺎم داﻣﻨﻪ‬ Page 273 of 290  
LAB_POOL1 ‫ﺗﺨﺼﯿﺺ ﻓﻀﺎي آدرس 42/0.21.411.01 ﺑﻪ‬  ‫ﺗﺨﺼﯿﺺ ﻣﺪت زﻣﺎن اﺟﺎره 7 روز ﺑﻪ آدرﺳﻬﺎي‬  LAB_POOL1 ‫ ﺑﺎ آدرﺳﻬﺎي 7.81.411.01 ,6.81.411.01 ﺑﻪ‬DNS server ‫ﺗﺨﺼﯿﺺ دو‬  LAB_POOL1 ‫ ﺑﺎ آدرس 1.21.411.01 ﺑﻪ‬Default gateway ‫ﺗﺨﺼﯿﺺ‬  ‫ اﯾﻨﺘﺮﻓﯿﺲ‬ping ‫ و ﺑﺮرﺳﯽ ﺻﺤﺖ اﻋﻤﺎل آدرس ﺑﻪ آن از ﻃﺮﯾﻖ‬DHCP ‫ از‬IP ‫ ﺑﻪ ﻣﻨﻈﻮر درﯾﺎﻓﺖ‬R2 ‫ در‬Fa0/0 ‫ﮐﺎﻧﻔﯿﮓ‬  R2 ‫ از ﺳﻤﺖ‬R1 ‫ روﺗﺮ‬fa0/0 ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip dhcp pool LAB_POOL1 R1(dhcp-config)#domain-name TESTLAB.LOACL R1(dhcp-config)#network 10.114.12.0 /24 R1(dhcp-config)#lease 7 R1(dhcp-config)#dns-server 10.114.18.6 10.114.18.7 R1(dhcp-config)#netbios-name-server 10.114.18.4 10.114.18.5 R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Fastethernet0/0 R2(config-if)#ip address dhcp R2(config-if)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned 10.114.12.2, mask 255.255.255.0, hostname R2 R2#show ip interface brief FastEthernet0/0 Interface IP-Address OK? Method Status FastEthernet0/0 10.114.12.2 YES DHCP up R2#ping 10.114.12.1 DHCP address Protocol up Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.114.12.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/59/152 ms R2# Page 274 of 290
‫آزﻣﺎﯾﺶ 6.7- ﺗﻨﻈﯿﻤﺎت ‪Dhcp Helper Address‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت ‪ DHCP helper IP address‬ﺑﻪ ﻣﻨﻈﻮر ﮐﻤﮏ ﺑﻪ ﻓﺮاﯾﻨﺪ ﺗﺨﺼﯿﺺ آدرس ﺑﻪ‬ ‫ﮐﻼﯾﺘﻨﻬﺎي واﻗﻊ در ﺷﺒﮑﻪ ﻫﺎي ﻣﺨﺘﻠﻒ از ﻃﺮﯾﻖ ﯾﮏ ‪ Dhcp server‬واﺣﺪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫آﯾﺎ ﺑﻪ اﯾﻦ ﻣﻮﺿﻮع ﻓﮑﺮ ﮐﺮده اﯾﺪ ﮐﻪ ﯾﮏ ‪ Dhcp‬ﺳﺮور ﭼﮕﻮﻧﻪ ﺑﻪ ﻫﻤﻪ ﮐﻼﯾﻨﺘﻬﺎي ﺷﺒﮑﻪ ﮐﻪ ﺑﻌﻀﺎ در ﯾﮏ ‪Broadcast‬‬ ‫‪ domain‬ﻫﻢ ﻧﯿﺴﺘﻨﺪ ‪ IP‬ﺗﺨﺼﯿﺺ ﻣﯿﺪﻫﺪ؟از درﺳﻬﺎي ﮔﺬﺷﺘﻪ ﻫﻢ ﺑﻪ ﺧﺎﻃﺮ دارﯾﻢ ﮐﻪ درﺧﻮاﺳﺖ ‪ Dhcp‬از ﺳﺮور‬ ‫ﻣﺎﻫﯿﺖ ‪ Broadcast‬دارد. ﺟﻮاب اﯾﻦ ﻣﻌﻤﺎ در ‪ Dhpc IP helper‬ﻧﻬﻔﺘﻪ اﺳﺖ. ‪ IP helper‬آدرﺳﯽ اﺳﺖ ﮐﻪ ﺑﺮ روي‬ ‫ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ‪ route‬ﭘﺬﯾﺮ ﻣﺎﻧﻨﺪ ‪ Vlan interface‬ﯾﺎ ‪ Eth interface‬ﯾﮏ روﺗﺮ ﺗﻨﻈﯿﻢ ﻣﯿﺸﻮد ﺗﺎ ﺑﻪ دﯾﻮاﯾﺲ ﻣﺬﺑﻮر‬ ‫اﺟﺎزه ﻓﻌﺎﻟﯿﺖ ﺑﻪ ﻋﻨﻮان ﯾﮏ واﺳﻂ ﺑﺎ ﻫﺪف درﯾﺎﻓﺖ و ارﺳﺎل درﺧﻮاﺳﺘﻬﺎي ‪ BOOTP (Broadcast) Dhcp‬ﺑﻪ ﺳﻤﺖ‬ ‫ﺳﺮور ‪ Dhcp‬ﻣﺸﺨﺺ ﺷﺪه ﺑﺎ ‪ IP Helper‬از ﻃﺮﯾﻖ ‪ unicast‬را ﺑﺪﻫﺪ.ﺑﺮاي ﮐﺎﻧﻔﯿﮓ ‪ IP helper‬ﻧﯿﺎز اﺳﺖ دﺳﺘﻮر ‪ip‬‬ ‫‪ helper-address a.b.c.d‬ﺑﺮ روي اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﺼﻞ ﺑﻪ ‪ Broadcast domain‬ﮐﻪ ﻣﺘﻘﺎﺿﯽ درﯾﺎﻓﺖ آدرس از‬ ‫‪Dhcp‬ﺳﺮور اﺳﺖ اﻋﻤﺎل ﺷﻮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 2‪ R1,R‬در ‪ Vlan‬ﻫﺎي ﻣﺠﺰاﯾﯽ واﻗﻊ ﺷﺪه اﻧﺪ و در 1‪ R‬ﮐﻪ ﻧﻘﺶ ‪ Dhcp‬ﺳﺮور را ﺑﻪ ﻋﻬﺪه دارد ‪IP‬‬ ‫‪ pool‬ﻫﺎي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﻫﺮ ‪ Vlan‬را اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ . ﭘﺲ از آن ‪ IP helper‬را روي اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ ﺑﺎ 02‪ Vlan‬ﺳﻮﯾﯿﭻ‬ ‫1‪ SW‬ﺑﺎ ﻫﺪف اﻣﮑﺎن ارﺳﺎل درﺧﻮاﺳﺘﻬﺎي ‪ Dhcp‬از ﺳﻤﺖ 2‪ R‬ﺑﻪ 1‪ R‬اﻋﻤﺎل ﻣﯿﮑﻨﯿﻢ. در ﻧﻬﺎﯾﺖ ﻫﻢ ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ‬ ‫ﮐﺎﻧﻔﯿﮕﻬﺎ از ﺳﻤﺖ 2‪ R‬روﺗﺮ 1‪ R‬را ﭘﯿﻨﮓ ﻣﯿﮑﻨﯿﻢ.‬ ‫ﺗﺼﻮﯾﺮ 1.7.11-‪DHCP Helper‬‬ ‫‪Lab Prerequisites‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ زﯾﺮ ﺑﻪ روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭻ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 7-6 R1 Initial Config‬‬ ‫###################################################!‬ ‫092 ‪Page 275 of‬‬
! enable configure terminal ! hostname R1 no ip domain-lookup ! ip dhcp pool LAB_POOL1 network 10.116.10.0 255.255.255.0 domain-name TESTLAB.LOCAL dns-server 10.116.18.6 10.116.18.7 netbios-name-server 10.116.18.6 10.116.18.7 default-router 10.116.10.1 lease 7 ! interface FastEthernet0/0 description ### LAN INTERFACE ### ip address 10.116.10.1 255.255.255.0 no shut exit ! line con 0 logging sync no exec-timeout ! endend R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬  !################################################### !# Lab 7-6 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface FastEthernet0/0 description ### LAN INTERFACE ### ip address dhcp no shut exit ! line con 0 logging sync no exec-timeout ! end Page 276 of 290
Sw1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﺳﻮﯾﯿﭻ‬  !################################################### !# Lab 7-6 SW1 Initial Config # !################################################### ! enable ! vlan database vlan 10 vlan 20 exit ! configure terminal ! vlan 10 name 10.116.10.0/24 ! vlan 20 name 10.116.20.0/24 ! hostname SW1 no ip domain-lookup ! ip routing ! interface FastEthernet0/1 switchport mode access switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/2 switchport mode access switchport access vlan 20 spanning-tree portfast ! interface Vlan10 ip address 10.116.10.2 255.255.255.0 ! interface Vlan20 ip address 10.116.20.2 255.255.255.0 exit ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ Page 277 of 290
network 10.116.20.0/24, ‫ ﺑﺎ ﻣﺸﺨﺼﻪ ﻫﺎي‬LAB_POOL2 ‫ ﺑﻪ ﻧﺎم‬R1 ‫ ﺟﺪﯾﺪ در‬DHCP pool ‫اﯾﺠﺎد‬ default-router of 10.116.20.2, domain name TESTLAB.LOCAL, DNS servers 10.116.18.6 & 10.116.18.7 10.116.10.1 ‫ ﺑﻪ ﺳﻤﺖ‬IP helper ‫ ﻫﻤﯿﻨﻄﻮر ﺗﻌﺮﯾﻒ‬SW1 ‫ در‬Vlan 20 ‫اﯾﺠﺎد‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت‬    ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ network 10.116.20.0/24, ‫ ﺑﺎ ﻣﺸﺨﺼﻪ ﻫﺎي‬LAB_POOL2 ‫ ﺑﻪ ﻧﺎم‬R1 ‫ ﺟﺪﯾﺪ در‬DHCP pool ‫اﯾﺠﺎد‬ default-router of 10.116.20.2, domain name TESTLAB.LOCAL, DNS servers 10.116.18.6 & 10.116.18.7  R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip dhcp pool LAB_POOL2 R1(dhcp-config)#network 10.116.20.0 255.255.255.0 R1(dhcp-config)#default-router 10.116.20.2 R1(dhcp-config)#domain-name TESTLAB.LOCAL R1(dhcp-config)#dns-server 10.116.18.6 10.116.18.7 R1(dhcp-config)#end R1# 10.116.10.1 ‫ ﺑﻪ ﺳﻤﺖ‬IP helper ‫ ﻫﻤﯿﻨﻄﻮر ﺗﻌﺮﯾﻒ‬SW1 ‫ در‬Vlan 20 ‫اﯾﺠﺎد‬  SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface vlan 20 SW1(config-if)#ip helper-address 10.116.10.1 SW1(config-if)#end SW1# %SYS-5-CONFIG_I: Configured from console by console SW1# ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت‬  R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface FastEthernet0/0 R2(config-if)#shut R2(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed Page 278 of 290
state to down R2(config-if)#no shut R2(config-if)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R2# %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 10.116.20.3, mask 255.255.255.0, hostname R2 R2#ping 10.116.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.116.10.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/108/164 ms R2# Page 279 of 290
‫آزﻣﺎﯾﺶ 7.7 – ﺗﻨﻈﯿﻤﺎت ‪NTP Client‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Network Time Protocol (NTP) Client‬در روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎ ﺳﯿﺴﮑﻮ ﺑﺎ‬ ‫ﻫﺪف ﯾﮑﺴﺎن ﺳﺎزي ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ اﯾﻦ ادوات ﺑﺎ ﯾﮏ ﻣﺮﺟﻊ ﻣﺮﮐﺰي آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﺗﻮﺿﯿﺢ :‬ ‫ﺗﻮﺻﯿﻪ ﻣﯿﺸﻮد اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ادوات واﻗﻌﯽ اﻧﺠﺎم ﺷﻮد . در ﺣﯿﻦ اﻧﺠﺎم اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ 3‪ GNS‬ﻣﻤﮑﻦ اﺳﺖ ‪Cpu‬‬ ‫‪ usage‬ﺳﯿﺴﺘﻢ ﺑﻪ 001 درﺻﺪ ﺑﺮﺳﺪ و اﻣﮑﺎن ﺗﻐﯿﯿﺮ ‪ IDLEPC‬ﻧﯿﺰ وﺟﻮد ﻧﺪاﺷﺘﻪ ﺑﺎﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻫﻤﻪ ﻣﺎ ﺟﻬﺖ اﻧﺠﺎم اﻣﻮر روزﻣﺮه ﺣﺪاﻗﻞ ﯾﮑﺒﺎر ﻃﯽ روز ﻧﯿﺎز ﺑﻪ داﻧﺴﺘﻦ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ دﻗﯿﻖ دارﯾﻢ . ادوات ﺳﯿﺴﮑﻮ ﻧﯿﺰ‬ ‫ﺑﻪ ﻫﻤﯿﻦ ﻣﻨﻮال داراي ﭼﻨﯿﻦ ﻧﯿﺎزي ﻫﺴﺘﻨﺪ ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﻪ ﻻﮔﻬﺎي ‪ SYSLog‬ﻧﮕﺎﻫﯽ ﻣﯿﺎﻧﺪازﯾﻢ ﻫﺮ ﺳﻄﺮ‬ ‫آن ﺑﺎ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ ﻣﺸﺨﺺ ﺷﺪه و ﺑﯿﺎﻧﮕﺮ زﻣﺎن دﻗﯿﻖ وﻗﻮع آن رﺧﺪاد اﺳﺖ ﻓﺮﺿﺎ ﻓﻼن ﻟﯿﻨﮏ 1‪ T‬در ﺗﺎرﯾﺦ ‪14th‬‬ ‫‪ 2010 @ 5:32:53AM‬ﻏﯿﺮ ﻓﻌﺎل ﺷﺪه اﺳﺖ و از اﯾﻦ ﻗﺒﯿﻞ.‬ ‫دﻟﯿﻞ ﻣﻬﻢ دﯾﮕﺮ ﻧﯿﺎز ﺑﻪ داﻧﺴﺘﻦ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ دﻗﯿﻖ ﺗﻮﺳﻂ اﯾﻦ ادوات ﺑﺎﻻ ﺑﺮدن اﻣﻨﯿﺖ ﻫﻤﺴﺎﯾﮕﯽ در ﻓﺮاﯾﻨﺪ ‪EIGRP‬‬ ‫اﺳﺖ در اﯾﻦ ﺷﯿﻮه ﺳﻠﺴﻠﻪ ﮐﻠﯿﺪﻫﺎﯾﯽ ﺑﺎ ﻋﻤﺮ و اﻋﺘﺒﺎر زﻣﺎﻧﯽ ﻣﺤﺪود ﻓﺮﺿﺎ از ‪ Jan 1st 2011 at 12:00am‬ﺗﺎ ‪Jan‬‬ ‫‪ 1st 2012 12:00am‬ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎي ﻓﻌﺎل در ‪ EIGRP‬ﺑﻪ ﮔﺮدش در ﻣﯿﺎﯾﺪ و اﮔﺮ در اﯾﻦ ﺑﯿﻦ روﺗﺮي ﺗﻤﺎﯾﻞ ﺑﻪ اﯾﺠﺎد‬ ‫ﻫﻤﺴﺎﯾﮕﯽ داﺷﺘﻪ ﺑﺎﺷﺪ اﻣﺎ از ﻟﺤﺎظ زﻣﺎﻧﯽ ﺑﺎ ﺳﺎﯾﺮﯾﻦ ﻫﻤﺎﻫﻨﮓ ﻧﺒﺎﺷﺪ درﺧﻮاﺳﺖ ﻫﻤﺴﺎﯾﮕﯽ وي ﻣﺮدود ﻣﯿﺸﻮد.‬ ‫اﻣﺮوزه ﺷﺒﮑﻪ ﻫﺎ از اﺳﺘﺎﻧﺪارد ﻧﮕﺎرش3 ﭘﺮوﺗﮑﻞ ‪NTP‬ﺑﻬﺮه ﻣﯿﺒﺮﻧﺪ . اﯾﻦ ﭘﺮوﺗﮑﻞ ﺟﺰ ﻗﺪﯾﻤﯽ ﺗﺮﯾﻦ ﭘﺮوﺗﮑﻠﻬﺎي ﻣﻮﺟﻮ در‬ ‫اﯾﻨﺘﺮﻧﺖ اﺳﺖ و از ﭘﻮرت 321 ‪ upd‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ.‬ ‫ﺑﺮاي ﮐﺎﻧﻔﯿﮓ ‪ NTP Client‬ﮐﺎﻓﯿﺴﺖ ﺗﺎ از دﺳﺘﻮر ‪ ntp server x.x.x.x‬اﺳﺘﻔﺎده ﺷﻮد . در ﺻﻮرﺗﯿﮑﻪ ﻧﯿﺎز ﺑﻪ‬ ‫‪ Redundancy‬ﻣﺎﺑﯿﻦ ‪ Time server‬ﻫﺎ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﺗﺎ در ﺻﻮرت از دور ﺧﺎرج ﺷﺪن ﯾﮑﯽ ﺳﺮور دﯾﮕﺮي ﺟﺎي آﻧﺮا‬ ‫ﺑﮕﯿﺮد ﻣﯿﺘﻮاﻧﯿﻢ از ﻫﺮ ﺗﻌﺪاد دﺳﺘﻮر ‪ ntp server x.x.x.x‬ﯾﮑﯽ ﭘﺲ از دﯾﮕﺮي اﺳﺘﻔﺎده ﮐﻨﯿﻢ در ﻋﯿﻦ ﺣﺎل ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي‬ ‫از دﺳﺘﻮر ‪ ntp server x.x.x.x prefer‬ﻣﯿﺘﻮاﻧﯿﻢ اﻟﻮﯾﺖ و ﺗﻘﺪم اﺳﺘﻔﺎده از ﻫﺮ ﯾﮏ از اﻧﻬﺎ را ﺗﺎﯾﯿﻦ ﮐﻨﯿﻢ‬ ‫راه دﯾﮕﺮ ﺗﻨﻈﯿﻢ ‪ NTP Client‬اﺳﺘﻔﺎده از دﺳﺘﻮر ‪ ntp peer x.x.x.x‬اﺳﺖ . در اﯾﻦ ﺣﺎﻟﺖ ﺗﻌﺪادي ‪NTP server‬‬ ‫ﺗﺤﺖ ﻋﻨﻮان ﯾﮏ ‪ Peer group‬ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮﻧﺪ و ﺳﺮوري ﮐﻪ داراي دﻗﺖ ﺑﯿﺸﺘﺮي ﺑﺎﺷﺪ ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﺑﻪ‬ ‫092 ‪Page 280 of‬‬
‫ﻋﻨﻮان ﺳﺮور اﺻﻠﯽ ﮔﺮوه اﻧﺘﺨﺎب و ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد . )ﻣﺒﺤﺚ ‪ stratum number‬ﮐﻪ ﭘﺎﯾﻪ دﻗﺖ و ﻋﻤﻠﮑﺮد‬ ‫‪ NTP‬ﺳﺮورﻫﺎ اﺳﺖ در اﯾﻦ ﻧﻮﺷﺘﻪ ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﻧﻤﯿﮕﯿﺮد(‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 1‪ R‬ﺑﻪ ﻋﻨﻮان ‪NTP‬ﺳﺮور ﺑﻪ درﺧﻮاﺳﺘﻬﺎي ﻣﺘﻨﺎﻇﺮ 2‪ R‬ﭘﺎﺳﺦ ﺧﻮاﻫﺪ داد.‬ ‫آزﻣﺎﯾﺶ 1.7.11 – ‪NTP Client‬‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ ﺑﺎﻻ و اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﻣﻄﺎﺑﻖ دﺳﺘﻮرات زﯾﺮ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 11-7 R1 Initial Config‬‬ ‫###################################################!‬ ‫!‬ ‫‪enable‬‬ ‫‪configure terminal‬‬ ‫!‬ ‫1‪hostname R‬‬ ‫‪no ip domain-lookup‬‬ ‫!‬ ‫1/0‪interface Serial‬‬ ‫### 2‪description ### PPP LINK TO R‬‬ ‫‪encapsulation ppp‬‬ ‫252.552.552.552 1.21.711.01 ‪ip address‬‬ ‫‪no shut‬‬ ‫‪exit‬‬ ‫!‬ ‫3 ‪ntp master‬‬ ‫!‬ ‫0 ‪line con‬‬ ‫‪logging sync‬‬ ‫‪no exec-timeout‬‬ ‫!‬ ‫‪end‬‬ ‫092 ‪Page 281 of‬‬
R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬  !################################################### !# Lab 11-7 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface Serial0/1 description ### PPP LINK TO R1 ### encapsulation ppp ip address 10.117.12.2 255.255.255.252 no shut exit ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺑﺎ ﻫﺪف ﺑﺮرﺳﯽ ﻣﻘﺎﯾﺴﻪ ﻫﺎي ﺑﻌﺪي‬R1 ‫ﺗﻨﻈﯿﻢ ﻧﺎدرﺳﺖ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ در‬  10.117.12.1 ‫ ﺟﻬﺖ درﯾﺎﻓﺖ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ از‬R2 ‫ﺗﻨﻈﯿﻢ‬  R2 ‫ ﺗﻮﺳﻂ‬R1 ‫ﺗﺴﺖ ﺻﺤﺖ اﺧﺬ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ ﺻﺤﯿﺢ از‬  ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ R1#clock set 00:00:00 1 jan 2010 R1# R2#configure terminal Enter configuration commands, one per line. R2(config)#ntp server 10.117.12.1 R2(config)#end R2# End with CNTL/Z. R2#show ntp associations address disp *~10.117.12.1 ref clock 127.127.7.1 st 3 when 58 poll reach 64 7 delay 5.1 offset -0.93 Page 282 of 290
3875.2 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#show clock 00:05:18.467 UTC Fri Jan 1 2010 R2# Page 283 of 290
‫آزﻣﺎﯾﺶ 8.7 - ﺗﻨﻈﯿﻤﺎت ‪NTP server‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت ‪ NTP server‬ﺑﺎ ﻫﺪف اراﺋﻪ ﺳﺮوﯾﺲ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ ﺑﻪ ‪ NTP Client‬ﻫﺎي‬ ‫ﻣﻮﺟﻮد در ﺷﺒﮑﻪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫اﻣﺮوزه ﺑﺴﯿﺎر ﻣﺮﺳﻮم اﺳﺖ ﮐﻪ در ﺷﺒﮑﻪ ﻫﺎي ﻣﺘﻮﺳﻂ و ﺑﺰرگ از روﺗﺮﻫﺎي ‪ High end‬ﺑﻪ ﻋﻨﻮان ‪ NTP server‬ﺟﻬﺖ‬ ‫اراﺋﻪ ﺳﺮوﯾﺴﻬﺎي ﺗﺎرﯾﺦ و زﻣﺎن ﺑﻪ ﮐﻠﯿﻪ ﻣﺘﻘﺎﺿﯿﺎن اﯾﻦ ﺳﺮوﯾﺲ اﻋﻢ از ﺳﺎﯾﺮ ادوات ﺳﯿﺴﮑﻮ ﯾﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻠﻬﺎي دﯾﮕﺮ‬ ‫اﺳﺘﻔﺎده ﺷﻮد. روﻧﺪ ﮐﺎر ﺑﺴﯿﺎر ﺳﺎده و ﺗﻨﻬﺎ ﻧﯿﺎزﻣﻨﺪ ﯾﮏ دﺳﺘﻮر اﺳﺖ.ﺑﺮاي ﮐﺎﻧﻔﯿﮓ ادواﺗﯽ ﮐﻪ از ﻗﺎﺑﻠﯿﺖ ‪NTP Server‬‬ ‫ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﻨﺪ از دﺳﺘﻮر # ‪ ntp master‬ﮐﻪ # ﺑﯿﺎﻧﮕﺮ ﻻﯾﻪ ‪ stratum‬دﺳﺘﮕﺎه اﺳﺖ اﺳﺘﻔﺎده ﻣﯿﺸﻮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 1‪ R‬را ﺑﻪ ﻋﻨﻮان ‪ NTP‬ﺳﺮور و 2‪ R‬را ﺑﻪ ﻋﻨﻮان ‪ NTP‬ﮐﻼﯾﻨﺖ ﺗﻨﻈﯿﻢ ﺧﻮاﻫﯿﻢ ﮐﺮد ﺗﺎ در ﺧﻮاﺳﺘﻬﺎي‬ ‫ﺗﺎرﯾﺦ و زﻣﺎن ﺧﻮد را ﺑﻪ 1‪ R‬ارﺳﺎل ﮐﻨﺪ‬ ‫ﺗﺼﻮﯾﺮ 1.8.11 – ‪NTP Server‬‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ ﺑﺎﻻ و اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﻣﻄﺎﺑﻖ دﺳﺘﻮرات زﯾﺮ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 11-8 R1 Initial Config‬‬ ‫###################################################!‬ ‫!‬ ‫‪enable‬‬ ‫092 ‪Page 284 of‬‬
configure terminal ! hostname R1 no ip domain-lookup ! interface Serial1/1 description ### PPP LINK TO R2 ### encapsulation ppp ip address 10.118.12.1 255.255.255.252 no shut exit ! line con 0 logging sync no exec-timeout ! end R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬  !################################################### !# Lab 11-8 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface Serial1/1 description ### PPP LINK TO R1 ### encapsulation ppp ip address 10.118.12.2 255.255.255.252 no shut exit ! line con 0 logging sync no exec-timeout ! End ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺟﻬﺖ اﺷﺎره ﺑﻪ زﻣﺎن ﺣﺎﺿﺮ‬R1 ‫ﺗﻨﻈﯿﻢ دﺳﺘﯽ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ در‬  3 ‫ ﻻﯾﻪ‬stratum ‫ ﺑﺎ‬NTP Server ‫ ﺑﻪ ﻋﻨﻮان‬R1 ‫ﺗﻨﻈﯿﻢ‬ R2 ‫ﺗﺴﺖ ﺻﺤﺖ درﯾﺎﻓﺖ ﺗﺎرﯾﺦ وﺳﺎﻋﺖ ﺻﺤﯿﺢ از ﻃﺮﯾﻖ‬ Page 285 of 290  
‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﺟﻬﺖ اﺷﺎره ﺑﻪ زﻣﺎن ﺣﺎﺿﺮ‬R1 ‫ﺗﻨﻈﯿﻢ دﺳﺘﯽ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ در‬  R1#clock set 20:00:00 aug 26 2010 3 ‫ ﻻﯾﻪ‬stratum ‫ ﺑﺎ‬NTP Server ‫ ﺑﻪ ﻋﻨﻮان‬R1 ‫ﺗﻨﻈﯿﻢ‬ R1#configure terminal Enter configuration commands, one per line. R1(config)#ntp master 3 R1(config)#end R1# End with CNTL/Z. R2 ‫ﺗﺴﺖ ﺻﺤﺖ درﯾﺎﻓﺖ ﺗﺎرﯾﺦ وﺳﺎﻋﺖ ﺻﺤﯿﺢ از ﻃﺮﯾﻖ‬ R2#configure terminal Enter configuration commands, one per line. R2(config)#ntp server 10.118.12.1 R2(config)#end R2#   End with CNTL/Z. R2#show ntp associations address ref clock st when disp *~10.118.12.1 127.127.7.1 3 52 0.9 * master (synced), # master (unsynced), + configured R2# R2# R2#show clock 20:05:05.581 UTC Thu Aug 26 2010 R2# poll reach 64 selected, - offset 3.2 377 delay -1.38 candidate, ~ Page 286 of 290
‫آزﻣﺎﯾﺶ 9.7: ﺗﻨﻈﯿﻤﺎت ‪DNS server‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ DNS‬ﺳﺮور در ادوات ﺳﯿﺴﮑﻮ ﺑﺎ ﻫﺪف اﻧﺠﺎم ﻓﺮاﯾﻨﺪ ﺗﺒﺪﯾﻞ ﻧﺎم ﺑﻪ آدرس آﺷﻨﺎ‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫)‪ Domain Name System (DNS‬ﺳﺮوﯾﺴﯽ اﺳﺖ ﮐﻪ وﻇﯿﻔﻪ ﺗﺒﺪﯾﻞ ﻧﺎم ﺑﻪ آدرس را ﺑﻪ ﻋﻬﺪه دارد.ﻫﻨﮕﺎﻣﯽ ﮐﻪ از‬ ‫ﻃﺮﯾﻖ ﻣﺮورﮔﺮ اﯾﻨﺘﺮﻧﺘﯽ ﺧﻮد ﺑﻪ ﺳﺎﯾﺘﯽ وارد ﻣﯿﺸﻮﯾﺪ در ﭘﺲ اﯾﻦ ﻣﺎﺟﺮا ﯾﮏ ﻣﮑﺎﻧﯿﺰم ﺗﺒﺪﯾﻞ ﻧﺎم ﺑﻪ آدرس وﺟﻮد دارد ﮐﻪ‬ ‫ﻣﺮورﮔﺮ ﺷﻤﺎ را ﺑﻪ وب ﺳﺮور ﻣﻮرد ﻧﻈﺮ ﻫﺪاﯾﺖ ﻣﯿﮑﻨﺪ. اﯾﻦ ﻓﺮاﯾﻨﺪ ﺑﺎﻋﺚ رﻫﺎﯾﯽ ﯾﺎﻓﺘﻦ ﻣﺎ از ﺣﻔﻆ ﮐﺮدن آدرس وب‬ ‫ﺳﺎﯾﺘﻬﺎي ﻣﻮرد ﻧﻈﺮﻣﺎن ﻣﯿﺸﻮد ﻓﺮﺿﺎ 07.221.191.902 ﺑﻪ ﻋﻨﻮان ‪yahoo.com‬‬ ‫در دﻧﯿﺎي ﺳﯿﺴﮑﻮ ﻗﺎدر ﻫﺴﺘﯿﻢ ﺗﻌﺪاد زﯾﺎدي ‪ DNS‬ﺳﺮور را ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن در ادواﺗﯽ ﮐﻪ از ‪ IOS‬ﺑﻪ ﻋﻨﻮان ﺳﯿﺴﺘﻢ‬ ‫ﻋﺎﻣﻞ اﺟﺮاﯾﯽ ﺧﻮد اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﻣﻌﺮﻓﯽ ﮐﻨﯿﻢ.ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر از دﺳﺘﻮر ‪ ip name-server a.b.c.d‬اﺳﺘﻔﺎده‬ ‫ﻣﯿﮑﻨﯿﻢ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 1‪ R‬را ﺑﻪ ﮔﻮﻧﻪ اي ﺗﻨﻈﯿﻢ ﺧﻮاﻫﯿﻢ ﮐﺮد ﮐﻪ از ‪ DNS‬ﺳﺮور 4.2.2.4 ﮐﻪ ﯾﮏ ﺳﺮوﯾﺲ دﻫﻨﺪه ﻧﺎم ﻋﻤﻮﻣﯽ‬ ‫ﻣﺘﻌﻠﻖ ﺑﻪ ‪ Verizon/GTE‬اﺳﺖ اﺳﺘﻔﺎده ﮐﻨﺪ.ﭘﺲ از آن ‪ google.com‬را از ﻃﺮﯾﻖ 1‪ R‬ﭘﯿﻨﮓ ﺧﻮاﻫﯿﻢ ﮐﺮد ﺗﺎ ﺻﺤﺖ‬ ‫ﻋﻤﻠﮑﺮد آن ﻣﻮرد ﺑﺎزﺑﯿﻨﯽ ﻗﺮار ﮔﯿﺮد.‬ ‫;‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ NIO Cloud‬در ﻣﺤﯿﻂ 3‪ GNS‬و اﺗﺼﺎل آن ﺑﻪ ‪ NIC‬ﻣﻮﺟﻮد در ﮐﺎﻣﭙﯿﻮﺗﺮ‬ ‫‪‬‬ ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت ﭘﯿﺶ ﻓﺮض 1‪ R‬ﺑﻪ ﺷﺮح زﯾﺮ‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 11-9 R1 Initial Config‬‬ ‫###################################################!‬ ‫092 ‪Page 287 of‬‬
! enable configure terminal ! hostname R1 ! interface FastEthernet0/0 description ### LINK TO NIO CLOUD-INTERNET ### ip address dhcp duplex auto speed auto exit ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺷﺒﮑﻪ داﺧﻠﯽ‬DHCP ‫ ﺗﻮﺳﻂ‬R1 ‫ روﺗﺮ‬Eth0 ‫ ﺑﻪ‬IP ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﺨﺼﯿﺺ‬ ‫ ﺟﻬﺖ ﺑﻬﺮه ﮔﯿﺮي از 2.2.2.4 , 4.2.2.4 ﺑﻪ ﻋﻨﻮان ﺳﺮوﯾﺲ دﻫﻨﺪه ﻧﺎم‬R1 ‫ﮐﺎﻧﻔﯿﮓ‬ ‫ ﺟﻬﺖ ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت اﻧﺠﺎم ﺷﺪه‬google.com ‫ﭘﯿﻨﮓ ﺳﺎﯾﺖ‬    ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﺷﺒﮑﻪ داﺧﻠﯽ‬DHCP ‫ ﺗﻮﺳﻂ‬R1 ‫ روﺗﺮ‬Eth0 ‫ ﺑﻪ‬IP ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﺨﺼﯿﺺ‬ R1#show ip interface brief FastEthernet0/0 Interface IP-Address OK? Method Status FastEthernet0/0 192.168.2.8 YES DHCP up R1#ping 4.2.2.2  Protocol up Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/38/112 ms R1# ‫ ﺟﻬﺖ ﺑﻬﺮه ﮔﯿﺮي از 2.2.2.4 , 4.2.2.4 ﺑﻪ ﻋﻨﻮان ﺳﺮوﯾﺲ دﻫﻨﺪه ﻧﺎم‬R1 ‫ﮐﺎﻧﻔﯿﮓ‬  Page 288 of 290
R1#configure terminal Enter configuration commands, one per line. R1(config)#ip name-server 4.2.2.2 4.2.2.4 R1(config)#end R1# End with CNTL/Z. ‫ ﺟﻬﺖ ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت اﻧﺠﺎم ﺷﺪه‬google.com ‫ﭘﯿﻨﮓ ﺳﺎﯾﺖ‬ R1#ping google.com Translating "google.com"...domain server (192.168.2.1) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 72.14.204.104, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/35/56 ms R1# Page 289 of 290 

More Related Content

PDF
LO530 Warehouse Management
byConsultor SAP MM
 
PDF
Asterisk 13-reference
bySergi Duró
 
PDF
Claas medion 310 combines service repair manual
byfhsjekdmme
 
PDF
Oxa beta-lactamases-241.full
byyatedigo958
 
PDF
IPv6 Deployment Guide
byEli Delos Santos
 
PDF
8807290 shell-scripting
byqaleeq
 
PDF
developersguide.pdf
bytestgrupocomex
 
PDF
SERVOMECH Ball Screw Jacks
byservomech
 
LO530 Warehouse Management
byConsultor SAP MM
 
Asterisk 13-reference
bySergi Duró
 
Claas medion 310 combines service repair manual
byfhsjekdmme
 
Oxa beta-lactamases-241.full
byyatedigo958
 
IPv6 Deployment Guide
byEli Delos Santos
 
8807290 shell-scripting
byqaleeq
 
developersguide.pdf
bytestgrupocomex
 
SERVOMECH Ball Screw Jacks
byservomech
 

Viewers also liked

PPTX
CCNA 1 Routing and Switching v5.0 Chapter 4
byNil Menon
 
PPTX
CCNA 1 Routing and Switching v5.0 Chapter 6
byNil Menon
 
PPTX
CCNA 1 Routing and Switching v5.0 Chapter 3
byNil Menon
 
PDF
Storage networking laboratory - in persian
byFarid Nasiri
 
PPTX
CCNA 1 Routing and Switching v5.0 Chapter 5
byNil Menon
 
PPTX
CCNA 1 Routing and Switching v5.0 Chapter 1
byNil Menon
 
PPTX
CCNA 1 Routing and Switching v5.0 Chapter 7
byNil Menon
 
PPT
CCNA Exploration 1 - Chapter 1
byIrsandi Hasan
 
PPTX
CCNA 1 Routing and Switching v5.0 Chapter 2
byNil Menon
 
PPT
Asynchronous Transfer Mode (ATM)
byAgreeta Sharma
 
PPT
10 Slides to ATM
byseanraz
 
PDF
Cisco ucs blade servers in persian
byFarid Nasiri
 
CCNA 1 Routing and Switching v5.0 Chapter 4
byNil Menon
 
CCNA 1 Routing and Switching v5.0 Chapter 6
byNil Menon
 
CCNA 1 Routing and Switching v5.0 Chapter 3
byNil Menon
 
Storage networking laboratory - in persian
byFarid Nasiri
 
CCNA 1 Routing and Switching v5.0 Chapter 5
byNil Menon
 
CCNA 1 Routing and Switching v5.0 Chapter 1
byNil Menon
 
CCNA 1 Routing and Switching v5.0 Chapter 7
byNil Menon
 
CCNA Exploration 1 - Chapter 1
byIrsandi Hasan
 
CCNA 1 Routing and Switching v5.0 Chapter 2
byNil Menon
 
Asynchronous Transfer Mode (ATM)
byAgreeta Sharma
 
10 Slides to ATM
byseanraz
 
Cisco ucs blade servers in persian
byFarid Nasiri
 

Recently uploaded

PDF
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PDF
A paper in the leading academic journal Telecommunication Policy cited Scott ...
byScott M. Graffius
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PDF
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
PDF
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
PDF
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
PDF
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PPT
connectives-linking words in English.ppt
byAmrMohammed82
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PPTX
About Computer Hardware ................
bymaratiakshaya07
 
PPTX
Accelerate Innovation with Engineering R&D Services
byChetu
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PPTX
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
A paper in the leading academic journal Telecommunication Policy cited Scott ...
byScott M. Graffius
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
connectives-linking words in English.ppt
byAmrMohammed82
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
About Computer Hardware ................
bymaratiakshaya07
 
Accelerate Innovation with Engineering R&D Services
byChetu
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 

CCNA laboratory -in persian

  • 1.
    ‫ﺳﯿﺴﮑﻮ ﺑﻪ ﭘﺎرﺳﯽ‬ ‫‪Cccxczxc‬‬ ‫آزﻣﺎﯾﺸﮕﺎه‪ CCNA‬ﺑﻪ ﭘﺎرﺳﯽ‬ ‫ﻧﺴﺨﻪ 0.1‬ ‫ﺷﻬﺮﯾﻮر 1931‬ ‫ﺗﺮﺟﻤﻪ و ﺗﺪوﯾﻦ :‬ ‫ﻓﺮﯾﺪ ﻧﺼﯿﺮي‬ ‫اﻧﺠﻤﻦ ﺳﯿﺴﮑﻮ ﺑﻪ ﭘﺎرﺳﯽ‬ ‫‪http://forum.ciscoinpersian.com‬‬
  • 2.
    ‫ﻓﻬﺮﺳﺖ‬ ‫ﻓﺼﻞ اول :آﺷﻨﺎﯾﯽﺑﺎ آزﻣﺎﯾﺸﮕﺎه ‪CCNA‬‬ ‫آزﻣﺎﯾﺶ 1.1 – ﺷﻨﺎﺳﺎﯾﯽ ﻣﺪﻟﻬﺎ و اﺟﺰا روﺗﺮﻫﺎ.......................................................................................................................11‬ ‫آزﻣﺎﯾﺶ 2.1– ﺑﺮﻗﺮاري اﺗﺼﺎل ﺑﻪ ﺳﻮﯾﯿﭻ/روﺗﺮ از ﻃﺮﯾﻖ ﮐﻨﺴﻮل........................................................................................71‬ ‫آزﻣﺎﯾﺶ 3.1– آﺷﻨﺎﯾﯽ ﺑﺎ ‪ IOS‬و اﻧﻮاع آن............................................................................................................................12‬ ‫آزﻣﺎﯾﺶ 4.1– ﭘﯿﮑﺮﺑﻨﺪي ‪ Cisco Access server‬ﻣﻮرد اﺳﺘﻔﺎده دراﯾﻦ آزﻣﺎﯾﺸﮕﺎه........................................................13‬ ‫آزﻣﺎﯾﺶ 5.1– ﻧﺼﺐ ﺷﺒﯿﻪ ﺳﺎز ﺷﺒﮑﻪ 3‪34....................................................................................................................GNS‬‬ ‫آزﻣﺎﯾﺶ 6.1– ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 3‪43..................................................................................................................................GN‬‬ ‫آزﻣﺎﯾﺶ 7.1– آﻣﺎده ﺳﺎزي ﺗﻮﭘﻮﻟﻮژي 3‪ GNS‬ﻣﻮرد اﺳﺘﻔﺎده در آزﻣﺎﯾﺸﮕﺎه....................................................................34‬ ‫آزﻣﺎﯾﺶ 6.1– ﺗﻨﻈﯿﻤﺎت ‪ GNS3 Ethernet NIO Cloud‬ﺟﻬﺖ ارﺗﺒﺎط ﺑﺎ ادوات واﻗﻌﯽ ﺳﯿﺴﮑﻮ..................................74‬ ‫ﻓﺼﻞ دوم : ﻣﺪﯾﺮﯾﺖ ﭘﺎﯾﻪ روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ‬ ‫آزﻣﺎﯾﺶ 1.2– ﭘﺴﻮرد رﯾﮑﺎوري روﺗﺮﻫﺎي ﺳﺮي 0052........................................................................................................65‬ ‫آزﻣﺎﯾﺶ 2.2– ﭘﺴﻮرد رﯾﮑﺎوري روﺗﺮﻫﺎي ﺳﺮي 0062.......................................................................................................95‬ ‫آزﻣﺎﯾﺶ 3.2– ﭘﺴﻮرد رﯾﮑﺎوري ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﻏﯿﺮ ﻣﺎژوﻻر.................................................................................16‬ ‫آزﻣﺎﯾﺶ 4.2– آﺷﻨﺎﯾﯽ ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ/ﺳﻮﯾﯿﭻ..........................................................................................46‬ ‫آزﻣﺎﯾﺶ 5.2– آﺷﻨﺎﯾﯽ ﺑﺎ ‪68............................................................................................................................................CLI‬‬ ‫آزﻣﺎﯾﺶ 6.2– ﭼﮕﻮﻧﮕﯽ اﺧﺘﺼﺎص ‪ IP‬ﺑﻪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ...................................................................................................07‬ ‫آزﻣﺎﯾﺶ 7.2– ﺗﻨﻈﯿﻢ ﻣﺸﺨﺼﻪ ﻫﺎي وﯾﮋه اﯾﻨﺘﺮﻓﯿﺴﻬﺎ....................................................................................................57‬ ‫آزﻣﺎﯾﺶ 8.2– ﭼﮕﻮﻧﮕﯽ اﯾﺠﺎد ‪ LoopBack‬اﯾﻨﺘﺮﻓﯿﺲ....................................................................................................08‬ ‫آزﻣﺎﯾﺶ 9.2–ارﺗﻘﺎء ‪ IOS‬ادوات ﺳﯿﺴﮑﻮ.........................................................................................................................28‬ ‫092 ‪Page 1 of‬‬
  • 3.
    ‫آزﻣﺎﯾﺶ 01.2– ﺑﺎزﯾﺎﺑﯽ‪ IOS‬ﺗﺨﺮﯾﺐ ﺷﺪه در روﺗﺮﻫﺎي ﺳﺮي 0052...................................................................................68‬ ‫آزﻣﺎﯾﺶ 11.2– ﺑﺎزﯾﺎﺑﯽ ‪ IOS‬ﺗﺨﺮﯾﺐ ﺷﺪه در روﺗﺮﻫﺎي ﺳﺮي 0062..................................................................................09‬ ‫آزﻣﺎﯾﺶ 21.2– ﺑﺎزﯾﺎﺑﯽ ‪ IOS‬ﺗﺨﺮﯾﺐ ﺷﺪه در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ................................................................................69‬ ‫آزﻣﺎﯾﺶ 31.2– ﺗﻨﻈﯿﻤﺎت اﯾﺠﺎد ﺑﻨﺮﻫﺎي ‪ exec ، login‬و ‪102..................................................................................MOTD‬‬ ‫آزﻣﺎﯾﺶ 41.2– ﺑﺎزﮔﺮداﻧﺪن ﺑﺮﺧﯽ ﺗﻨﻈﯿﻤﺎت ‪ IOS‬ﺑﻪ ﺣﺎﻟﺖ ﭘﯿﺶ ﻓﺮض ...........................................................................601‬ ‫ﻓﺼﻞ ﺳﻮم:ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ اﻣﻨﯿﺘﯽ در ادوات ﺳﯿﺴﮑﻮ‬ ‫آزﻣﺎﯾﺶ 1.3– ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي رﻣﺰ ﻋﺒﻮر..........................................................................................801‬ ‫آزﻣﺎﯾﺶ 2.3–ﺗﻨﻈﻤﯿﺎت اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ ﮐﺎرﺑﺮان.....................................................................211‬ ‫آزﻣﺎﯾﺶ 3.3–ﭘﯿﮑﺮﺑﻨﺪي ﻟﯿﺴﺘﻬﺎي اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس ‪114................................................................................... AAA‬‬ ‫آزﻣﺎﯾﺶ 4.3–ﺗﻨﻈﯿﻤﺎت اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي ‪ AAA‬از ﻃﺮﯾﻖ ‪117......................................................TACACS+ server‬‬ ‫آزﻣﺎﯾﺶ 5.3–ﺗﻨﻈﯿﻤﺎت ‪119............................................................................................................................................SSH‬‬ ‫آزﻣﺎﯾﺶ 6.3–ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺖ ﻫﺎي ﺷﻤﺎره دار....................................................................................................221‬ ‫آزﻣﺎﯾﺶ 7.3–ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺖ ﻫﺎي ﺑﺎ ﻧﺎم............................................................................................................621‬ ‫آزﻣﺎﯾﺶ 8.3–ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﻣﺮﺗﺒﻂ ﺑﺎ ‪129.......................................................................................VTY line‬‬ ‫آزﻣﺎﯾﺶ 9.3–ﺳﺮوﯾﺲ رﻣﺰ ﻧﮕﺎري ﮐﻠﻤﺎت ﻋﺒﻮر................................................................................................................031‬ ‫آزﻣﺎﯾﺶ 01.3–ﺗﻨﻈﻤﯿﺎت ‪ Exec timeout‬و ﺗﻌﺪاد دﻓﻌﺎت ورود رﻣﺰ ﻋﺒﻮر ﺧﻄﺎ..............................................................431‬ ‫آزﻣﺎﯾﺶ 11.3–اﺣﺮاز ﻫﻮﯾﺖ در وب ﺳﺮور داﺧﻠﯽ ‪136.....................................................................................................IOS‬‬ ‫آزﻣﺎﯾﺶ 21.3–اﺗﺼﺎل ﺑﻪ ‪ Syslog‬ﺳﺮور.........................................................................................................................831‬ ‫ﻓﺼﻞ 4 – ﺗﻨﻈﯿﻤﺎت ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ‬ ‫آزﻣﺎﯾﺶ 1.4–ﺗﻨﻈﯿﻤﺎت ‪140...........................................................................................................................................CDP‬‬ ‫092 ‪Page 2 of‬‬
  • 4.
    ‫آزﻣﺎﯾﺶ 2.4–ﺗﻨﻈﯿﻤﺎت ‪145...........................................................................................................................................Vlan‬‬ ‫آزﻣﺎﯾﺶ3.4–ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ﻣﺪﯾﺮﯾﺖ ‪148..........................................................................................................Vlan‬‬ ‫آزﻣﺎﯾﺶ 4.4–ﺗﻨﻈﯿﻤﺎت ﺗﺮاﻧﮏ ﻣﺒﺘﻨﯽ ﺑﺮ ‪151......................................................................................................ISL,Dot1q‬‬ ‫آزﻣﺎﯾﺶ 5.4–ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ ‪155.................................................................................................................Etherchannel‬‬ ‫آزﻣﺎﯾﺶ 6.4–ﺗﻨﻈﻤﯿﺎت ‪ Etherchannel‬ﻣﺒﺘﻨﯽ ﺑﺮ ‪161...............................................................................................Pagp‬‬ ‫آزﻣﺎﯾﺶ 7.4– ﺗﻨﻈﻤﯿﺎت ‪ Etherchannel‬ﻣﺒﺘﻨﯽ ﺑﺮ‪165............................................................................................ LACP‬‬ ‫آزﻣﺎﯾﺶ 8.4–ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ‪169........................................................................................................Port Channel‬‬ ‫آزﻣﺎﯾﺶ 9.4–ﺗﻨﻈﻤﯿﺎت دﺳﺘﯽ ‪173................................................................................................................................ARP‬‬ ‫آزﻣﺎﯾﺶ 01.4–ﺗﻨﻈﯿﻤﺎت ‪175........................................................................................VLAN Trunking Protocol-VTP‬‬ ‫آزﻣﺎﯾﺶ 11.4–ﺗﻨﻈﯿﻤﺎت ‪ VTP Transparent‬و ‪182..................................................................................VTP Pruning‬‬ ‫آزﻣﺎﯾﺶ 21.4–ﺗﻨﻈﯿﻤﺎت ‪ Inter VLAN routing‬از ﻃﺮﯾﻖ روﺗﺮ‪187...............................................Router-on-a-stick‬‬ ‫آزﻣﺎﯾﺶ 31.4–ﺗﻨﻈﯿﻤﺎت ‪191..........................................................................................Per Vlan Spaning Tree-PVST‬‬ ‫آزﻣﺎﯾﺶ 41.4–ﺗﻨﻈﯿﻤﺎت ‪199..........................................................................Rapid Per Vlan Spaning Tree-RPVST‬‬ ‫آزﻣﺎﯾﺶ 51.4–ﺗﻨﻈﯿﻤﺎت ‪ Spanin tree port fast‬در ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ......................................................................402‬ ‫آزﻣﺎﯾﺶ 61.4–ﺗﻨﻈﯿﻤﺎت ‪ BPDU‬ﮔﺎرد..............................................................................................................................902‬ ‫آزﻣﺎﯾﺶ 81.4–ﺗﻨﻈﯿﻤﺎت ﻣﺸﺨﻪ ﻫﺎي وﯾﮋه ﭘﻮرﺗﻬﺎي ﻓﻌﺎل در ‪NA..................................................................................STP‬‬ ‫آزﻣﺎﯾﺶ 91.4–ﺗﻨﻈﯿﻤﺎت ﭘﻮﯾﺎي اﻣﻨﯿﺖ در ﺳﻄﺢ اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎ.........................................................................................‪NA‬‬ ‫آزﻣﺎﯾﺶ 02.4–ﺗﻨﻈﯿﻤﺎت اﯾﺴﺘﺎي اﻣﻨﯿﺖ در ﺳﻄﺢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎ .......................................................................................‪NA‬‬ ‫آزﻣﺎﯾﺶ 12.4– ﺗﻨﻈﯿﻤﺎت ‪210...............................................................................................................Analyser session‬‬ ‫ﻓﺼﻞ ﭘﻨﺠﻢ : ﺗﻨﻈﻤﯿﺎت ﺷﺒﮑﻪ ﻫﺎي ﮔﺴﺘﺮده ‪WAN‬‬ ‫092 ‪Page 3 of‬‬
  • 5.
    ‫آزﻣﺎﯾﺶ 1.5–ﺗﻨﻈﯿﻤﺎت ارﺗﺒﺎطﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ 1‪ T‬از ﻃﺮﯾﻖ ‪ PPP‬و ‪212.......................................................................HDLC‬‬ ‫آزﻣﺎﯾﺶ 2.5–ﺗﻨﻈﯿﻤﺎت ارﺗﺒﺎط ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ از ﻃﺮﯾﻖ ‪217...........................................................................Frame relay‬‬ ‫آزﻣﺎﯾﺶ 3.5 – ﺗﻨﻈﯿﻤﺎت ‪ Sub interface‬در ارﺗﺒﺎﻃﺎت ‪221....................................Ppoint to point Frame relay‬‬ ‫آزﻣﺎﯾﺶ 4.5–ﺗﻨﻈﯿﻤﺎت ‪ Point to Multipoint‬در ‪225............................................................................ Frame relay‬‬ ‫آزﻣﺎﯾﺶ 5.5–ﺗﻨﻈﯿﻤﺎت ‪229..................................................................................................Frame relay inverse Arp‬‬ ‫ﻓﺼﻞ ﺷﺸﻢ: ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺘﺎﺗﯿﮏ‬ ‫آزﻣﺎﯾﺶ 1.6–ﺗﻨﻈﯿﻤﺎت ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺘﺎﺗﯿﮏ..................................................................................................................332‬ ‫آزﻣﺎﯾﺶ2.6 –ﺗﻨﻈﯿﻤﺎت ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور......................................................................................................932‬ ‫آزﻣﺎﯾﺶ 3.6–ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺘﺎﺗﯿﮏ ﭘﯿﺶ ﻓﺮض..............................................................................................................242‬ ‫ﻓﺼﻞ ﻫﻔﺘﻢ: ﺳﺮوﯾﺴﻬﺎي ‪IP‬‬ ‫آزﻣﺎﯾﺶ 1.7–ﺗﻨﻈﯿﻤﺎت ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ........................................................................................................................742‬ ‫آزﻣﺎﯾﺶ 2.7– ﺗﻨﻈﯿﻤﺎت ‪257.............................................................................................................................. NAT Pool‬‬ ‫آزﻣﺎﯾﺶ 3.7–ﺗﻨﻈﯿﻤﺎت ‪264...........................................................................................................................................PAT‬‬ ‫آزﻣﺎﯾﺶ 4.7–ﺗﻨﻈﯿﻤﺎت ‪271..........................................................................................................................DHCP Server‬‬ ‫آزﻣﺎﯾﺶ 5.7–ﺗﻨﻈﯿﻤﺎت رﻧﺞ ﻫﺎي ﻣﺴﺘﺜﻨﯽ در ‪NA....................................................................................................DHCP‬‬ ‫آزﻣﺎﯾﺶ 6.7–ﺗﻨﻈﯿﻤﺎت ‪275........................................................................................................................DHCP Helper‬‬ ‫آزﻣﺎﯾﺶ 7.7–ﺗﻨﻈﯿﻤﺎت ‪280..............................................................................................................................NTP Client‬‬ ‫آزﻣﺎﯾﺶ 8.7–ﺗﻨﻈﯿﻤﺎت ‪284............................................................................................................................NTP Server‬‬ ‫آزﻣﺎﯾﺶ 9.7–ﺗﻨﻈﯿﻤﺎت ‪287...........................................................................................................................DNS Server‬‬ ‫092 ‪Page 4 of‬‬
  • 6.
  • 7.
    ‫ﻣﻘﺪﻣﻪ ﻣﺘﺮﺟﻢ‬ ‫ﻫﺪف اﺻﻠﯽاز ﻧﮕﺎرش ﻣﺠﻤﻮﻋﻪ آزﻣﺎﯾﺸﮕﺎه ‪ CCNA‬ﺗﻬﯿﻪ ﻣﺤﺘﻮاي آﻣﻮزﺷﯽ ﺑﻮد ﮐﻪ ﺿﻤﻦ ﻣﺮور ﻣﻔﺎﻫﯿﻢ ﺷﺒﮑﻪ ﻫﺎي‬ ‫ﮐﺎﻣﭙﯿﻮﺗﺮي در ﺳﻄﺢ اﯾﻦ دوره ﺑﻪ ﻃﻮر اﺟﻤﺎل ، داراي روﯾﮑﺮدي ﻋﻤﻠﯽ و ﭘﺮوژه ﻣﺤﻮر ﺑﻪ ﻣﻨﻈﻮر اﻓﺰاﯾﺶ دﯾﺪ اﺟﺮاﯾﯽ‬ ‫ﻣﻬﻨﺪﺳﯿﻦ ﺷﺒﮑﻪ ﻧﺴﺒﺖ ﺑﻪ ﻣﻔﺎﻫﯿﻢ و ﺗﺌﻮري ﻫﺎي ﻣﻄﺮح ﺷﺪه در ﮐﺘﺐ و آﻣﻮزﺷﻬﺎي ﻣﺮﺳﻮم ﻧﯿﺰ ﺑﺎﺷﺪ. از اﯾﻨﺮو ﭘﺲ از‬ ‫ﺗﺤﻘﯿﻖ ﻓﺮاوان در ﺧﺼﻮص ﻋﻨﺎوﯾﻦ ﻣﺘﻌﺪدي از ﮐﺘﺐ و ﻣﻘﺎﻻت ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻦ ﺣﻮزه ﻣﺠﻤﻮﻋﻪ ‪CCNA Lab WorkBook‬‬ ‫ﻧﻮﺷﺘﻪ ‪ George Matthew‬اﻧﺘﺨﺎب ﺷﺪ و ﻣﻮرد ﺗﺮﺟﻤﻪ ﻗﺮار ﮔﺮﻓﺖ.‬ ‫اﯾﻦ ﻣﺠﻤﻮﻋﻪ ﻣﺸﺘﻤﻞ ﺑﺮ 07 آزﻣﺎﯾﺶ ﺑﺎ ﺗﻮﭘﻮﻟﻮژي واﺣﺪ ﻣﯽ ﺑﺎﺷﺪ ﮐﻪ ﺑﺎ ﻫﺪف ﺑﻪ دﺳﺖ آوردن درك اﺟﺮاﯾﯽ ﺑﻬﺘﺮ از‬ ‫ﻓﺮاﯾﻨﺪ ﻃﺮاﺣﯽ،ﭘﯿﺎده ﺳﺎزي و رﻓﻊ ﻋﯿﺐ ﺷﺒﮑﻪ ﻫﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ادوات ﺳﯿﺴﮑﻮ ﻋﻤﻮﻣﺎ ﺑﺎ 3‪ GNS‬ﮐﻪ راﺑﻂ ﮔﺮاﻓﯿﮑﯽ اﺑﺰار‬ ‫ﺷﺒﯿﻪ ﺳﺎزي ‪ Dynamips‬ﻣﯽ ﺑﺎﺷﺪ ﭘﯿﺎده ﺳﺎزي ﺷﺪه اﻧﺪ. ‪ Dynamips‬در ﺳﺎده ﺗﺮﯾﻦ ﺗﻌﺮﯾﻒ ﺧﻮد ‪ emulator‬ﻧﺮم‬ ‫اﻓﺰاري روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ اﺳﺖ ﮐﻪ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از ‪ IOS‬ﻫﺎي واﻗﻌﯽ اﯾﻦ ادوات اﻣﮑﺎن اﯾﺠﺎد و ﺷﺒﯿﻪ ﺳﺎزي ﺗﻮﭘﻮﻟﻮژﯾﻬﺎي‬ ‫ﭘﯿﭽﯿﺪه روﺗﯿﻨﮓ و ﺗﺎ ﺣﺪي ﺳﻮﯾﯿﭽﯿﻨﮓ را ﺟﻬﺖ اﻫﺪاف آﻣﻮزﺷﯽ ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ.‬ ‫092 ‪Page 6 of‬‬
  • 8.
    ‫ﺗﻮﭘﻮﻟﻮژي ﻣﻮرد اﺳﺘﻔﺎدهدر اﯾﻦ ﻣﺠﻤﻮﻋﻪ آﻣﻮزﺷﯽ‬ ‫ﺗﺼﺎوﯾﺮ 2,3 در ﺻﻔﺤﺎت ﺑﻌﺪي ﺗﻮﭘﻮﻟﻮژﯾﻬﺎي ﺳﺮاﺳﺮي ﻣﻮرد اﺳﺘﻔﺎده در ﺳﻨﺎرﯾﻮﻫﺎي ‪ LAN ,WAN‬ﻣﻄﺮح ﺷﺪه در اﯾﻦ‬ ‫ﻣﺠﻤﻮﻋﻪ ﻫﺴﺘﻨﺪ ﮐﻪ ﻋﻤﻮﻣﺎ ﺗﻮﺳﻂ 3‪ GNS‬ﻃﺮاﺣﯽ و ﭘﯿﺎده ﺳﺎزي ﺧﻮاﻫﻨﺪ ﺷﺪ. در ﻫﺮ آزﻣﺎﯾﺶ ﺑﺨﺸﯽ از اﯾﻦ ﺗﻮﭘﻮﻟﻮژي‬ ‫ﺟﺪا ﺷﺪه و ﻣﺘﻨﺎﻇﺮ ﺑﺎ اﻫﺪاف آن آزﻣﺎﯾﺶ ﻣﻮرد ﺗﺤﻠﯿﻞ ﻗﺮار ﻣﯿﮕﯿﺮد .‬ ‫در ﻣﺒﺎﺣﺚ ﺳﻮﯾﯿﭽﯿﻨﮓ ﺳﻨﺎرﯾﻮﻫﺎﯾﯽ وﺟﻮد دارﻧﺪ ﮐﻪ ﺑﻪ واﺳﻄﻪ ﻣﺤﺪودﯾﺘﻬﺎي 3‪ GNS‬ﺑﺎ اﯾﻦ اﺑﺰار ﻗﺎﺑﻞ ﭘﯿﺎده ﺳﺎزي‬ ‫ﻧﯿﺴﺘﻨﺪ از اﯾﻨﺮو در اﯾﻦ ﺳﻨﺎرﯾﻮﻫﺎ از ادوات واﻗﻌﯽ اﺳﺘﻔﺎده ﺧﻮاﻫﺪ ﺷﺪ. در ﺻﻮرت ﺗﻤﺎﯾﻞ ﺑﻪ ﺑﺮﭘﺎﯾﯽ ﯾﮏ آزﻣﺎﯾﺸﮕﺎه‬ ‫واﻗﻌﯽ ﺑﺎ اﺳﺘﻔﺎده از ادوات ﻓﯿﺰﯾﮑﯽ ﺗﺮﮐﯿﺐ زﯾﺮ ﭘﯿﺸﻨﻬﺎد ﻣﯿﺸﻮد‬ ‫.‪R1 – Cisco 3725 (128MB Flash/256MB DRAM) running 12.4(15)T14 Adv Enterprise Services‬‬ ‫‪R2 – Cisco 3725 (128MB Flash/256MB DRAM) running 12.4(15)T14 Adv Enterprise Services‬‬ ‫.‪R3 – Cisco 3725 (64MB Flash/128MB DRAM) running 12.4(25d) Adv Enterprise Services‬‬ ‫.‪R4 – Cisco 3725 (64MB Flash/128MB DRAM) running 12.4(25d) Adv Enterprise Services‬‬ ‫.‪R5 – Cisco 3725 (64MB Flash/128MB DRAM) running 12.4(25d) Adv Enterprise Services‬‬ ‫‪SW1 – Cisco 2950G-24 Port 10/100TX w/ 2x Gigabit GBIC-SX modules running Enhanced Image‬‬ ‫.‪SW2 – Cisco 3550-24 Port 10/100TX w/ 2x Gigabit GBIC-SX modules running IP Services‬‬ ‫.‪SW3 – Cisco 3550-24 Port 10/100TX w/ 2x Gigabit GBIC-SX modules running IP Services‬‬ ‫ﺳﻮﯾﯿﭻ ‪ Frame Relay‬ﻣﻮرد اﺳﺘﻔﺎده در ﻓﺼﻮل آﺗﯽ ﻧﯿﺰ از ﻃﺮﯾﻖ ﻣﺎژول ‪ NM-8A/S‬واﻗﻊ در 1‪ slot‬روﺗﺮ 0262 ﭘﯿﺎده‬ ‫ﺳﺎزي ﺷﺪه اﺳﺖ.در زﯾﺮ ﺗﺼﻮﯾﺮي از رك واﻗﻌﯽ ﭘﯿﺎده ﺳﺎزي ﺷﺪه ﺑﺎ ادوات ﻓﻮق را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ.‬ ‫092 ‪Page 7 of‬‬
  • 9.
    ‫ﺗﺼﻮﯾﺮ 1 –رك ﭘﯿﺎده ﺳﺎزي ﺷﺪه ﺟﻬﺖ ﭘﻮﺷﺶ ﻣﺒﺎﺣﺚ آزﻣﺎﯾﺸﮕﺎه ‪CCNA‬‬ ‫092 ‪Page 8 of‬‬
  • 10.
    ‫ﺗﺼﻮﯾﺮ 2 :ﺗﻮﭘﻮﻟﻮژي ‪ LAN‬ﺳﺮاﺳﺮي ﻣﻮرد اﺳﺘﻔﺎده در آزﻣﺎﯾﺸﮕﺎه‬ ‫092 ‪Page 9 of‬‬
  • 11.
    ‫اﺗﺼﺎﻻت روﺗﺮ ﺑﻪﺳﻮﯾﯿﭻ‬ Router R1 R1 R2 R2 R3 R4 R5 Local Interface FastEthernet 0/0 FastEthernet 0/1 FastEthernet 0/0 FastEthernet 0/1 FastEthernet 0/0 FastEthernet 0/0 FastEthernet 0/0 Switch Switch 1 Switch 2 Switch 1 Switch 2 Switch 1 Switch 1 Switch 1 Remote Interface FastEthernet 0/1 FastEthernet 0/1 FastEthernet 0/2 FastEthernet 0/2 FastEthernet 0/3 FastEthernet 0/4 FastEthernet 0/5 ‫اﺗﺼﺎﻻت ﺳﻮﯾﯿﭻ ﺑﻪ ﺳﻮﯾﯿﭻ‬ Local Switch Switch 1 Switch 1 Switch 1 Switch 1 Switch 1 Switch 1 Switch 2 Switch 2 Switch 2 Switch 2 Switch 2 Switch 2 Switch 3 Switch 3 Switch 3 Switch 3 Switch 3 Switch 3 Local Interface FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 Remote Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch Switch 2 2 2 3 3 3 1 1 1 3 3 3 1 1 1 2 2 2 Remote Interface FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/10 FastEthernet 0/11 FastEthernet 0/12 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 FastEthernet 0/13 FastEthernet 0/14 FastEthernet 0/15 Page 10 of 290
  • 12.
    ‫ ﺳﺮاﺳﺮي ﻣﻮرداﺳﺘﻔﺎده در آزﻣﺎﯾﺸﮕﺎه‬WAN ‫ﺗﺼﻮﯾﺮ 1: ﺗﻮﭘﻮﻟﻮژي‬ Frame relay ‫ﺗﻨﻈﯿﻤﺎت ﺳﻮﯾﯿﭻ‬ Local Router R1 R1 R1 R1 R2 R2 R2 R2 R3 R3 R3 R3 R4 R4 Page 11 of 290 Local Int. Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Serial 0/0 Local DLCI Remote Router Remote Int. 122 R2 Serial 0/0 123 R3 Serial 0/0 124 R4 Serial 0/0 125 R5 Serial 0/0 221 R1 Serial 0/0 223 R3 Serial 0/0 224 R4 Serial 0/0 225 R5 Serial 0/0 321 R1 Serial 0/0 322 R2 Serial 0/0 324 R4 Serial 0/0 325 R5 Serial 0/0 421 R1 Serial 0/0 422 R2 Serial 0/0 Remote DLCI 221 321 421 521 122 322 422 522 123 223 423 523 124 224
  • 13.
    R4 R4 R5 R5 R5 R5 Local Router R1 R2 R2 R3 R4 R5 Serial Serial Serial Serial Serial Serial 0/0 0/0 0/0 0/0 0/0 0/0 423 425 521 522 523 524 R3 R5 R1 R2 R3 R4 Serial Serial Serial Serial Serial Serial ‫ﻟﯿﻨﮑﻬﺎي ﻧﻘﻄﻪﺑﻪ ﻧﻘﻄﻪ ﺳﺮﯾﺎل‬ Local Interface Remote Router Serial 0/1 R2 Serial 0/1 R1 Serial 0/2 R3 Serial 0/1 R2 Serial 0/1 R5 Serial 0/1 R4 0/0 0/0 0/0 0/0 0/0 0/0 Remote Serial Serial Serial Serial Serial Serial 324 524 125 225 325 425 Interface 0/1 0/1 0/1 0/2 0/1 0/1 Page 12 of 290
  • 14.
    ‫آزﻣﺎﯾﺶ 1.1-آﺷﻨﺎﯾﯽ ﺑﺎاﺟﺰاء روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ‬ ‫اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﺷﻤﺎ ﮐﻤﮏ ﻣﯿﮑﻨﺪ ﺗﺎ درك ﺑﻬﺘﺮي از ﺗﺎرﯾﺨﭽﻪ روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ، ‪Wan interface ،Network Modules‬‬ ‫‪ Ram،cards‬و ‪ Flash‬وﮐﺎﺑﻠﻬﺎ ﺑﻪ دﺳﺖ آورﯾﺪ.ﻫﺪف از ﻃﺮاﺣﯽ اﯾﻦ آزﻣﺎﯾﺶ ﻓﺮاﻫﻢ آوردن اﻃﻼﻋﺎت ﻻزم ﺟﻬﺖ‬ ‫ﺷﻨﺎﺳﺎﯾﯽ اﺟﺰاء روﺗﺮﻫﺎ در ﮐﺎرﺑﺮدﻫﺎي روزﻣﺮه و ﻣﺘﻌﺎرف ﻣﯽ ﺑﺎﺷﺪ.‬ ‫از اواﯾﻞ دﻫﻪ ﻧﻮد ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ روﯾﮑﺮد ﺟﺪﯾﺪي را ﺑﻪ ﻣﻨﻈﻮر ﻣﺎژوﻻر ﻧﻤﻮدن ادوات ﺷﺒﮑﻪ ﺧﻮد در ﺳﻄﻮح ﺷﺒﮑﻪ ﻫﺎي‬ ‫ﺑﺰرگ ﺳﺎزﻣﺎﻧﯽ در ﭘﯿﺶ ﮔﺮﻓﺖ.ﻗﺒﻞ از آن )ﺳﺮي 0052 ﺑﻪ ﺟﺰ 4252( داراي ﺳﺎﺧﺘﺎر ﺛﺎﺑﺖ و ﻏﯿﺮﻗﺎﺑﻞ ﺗﻐﯿﯿﺮ از رده ‪Fast‬‬ ‫‪ Ethernet-Serial-Token Ring‬و ‪ Isdn‬ﺑﻮدﻧﺪ. اﯾﻦ ﻣﻮﺿﻮع ﺑﺎﻋﺚ اﯾﺠﺎد ﻣﺤﺪودﯾﺘﻬﺎي ﻣﻌﻨﺎداري در ﺻﺮف ﻫﺰﯾﻨﻪ ﺟﻬﺖ‬ ‫ﺧﺮﯾﺪ ادوات ﺷﺒﮑﻪ ﻫﻤﯿﻨﻄﻮر ﻣﻘﯿﺎس ﭘﺬﯾﺮي ﺷﺒﮑﻪ ﻓﻌﻠﯽ در آﯾﻨﺪه ﻣﯿﺸﺪ.‬ ‫ﭘﺲ از ﻣﻌﺮﻓﯽ روﺗﺮﻫﺎي ﺳﺮي 0063 در ﺳﺎل 6991 ﺳﺎزﻣﺎﻧﻬﺎ از ﺻﺮف ﻫﺰﯾﻨﻪ ﻫﺎي ﻣﺠﺪد ﺑﺮاي ﺟﺎﯾﮕﺰﯾﻨﯽ ﻫﺎي ﻣﺘﻌﺪد‬ ‫روﺗﺮﻫﺎ ﺑﻪ دﻻﯾﻠﯽ ﻫﻤﭽﻮن اﻓﺰاﯾﺶ ﺗﻌﺪاد ﭘﻮرﺗﻬﺎي ‪Wan‬و/ﯾﺎ ‪ Lan‬رﻫﺎﯾﯽ ﭘﯿﺪا ﮐﺮدﻧﺪ .ﺑﺎ ﻣﻌﻤﺎري ﺟﺪﯾﺪ، ﺷﺮﮐﺘﻬﺎ ﺑﻪ‬ ‫آﺳﺎﻧﯽ ﻣﯿﺘﻮاﻧﺴﺘﻨﺪ ادوات ‪ ISDN‬ﺧﻮد را ﺑﺎ ﺟﺎﯾﮕﺰﯾﻨﯽ )‪ WIC (WAN Interface Card‬ﺑﻪ 1‪ T‬ارﺗﻘﺎء دﻫﻨﺪ ﯾﺎ ﺑﺎ اﻓﺰودن ‪NM‬‬ ‫)‪ (Network Module‬ﺗﻌﺪاد ﺑﯿﺸﺘﺮي ‪ Fast ethenet‬ﺑﻪ روﺗﺮ ﻓﻌﻠﯽ اﺿﺎﻓﻪ ﻧﻤﺎﯾﻨﺪ.‬ ‫ﻣﻌﺮﻓﯽ روﺗﺮﻫﺎي ﺳﺮي 0062 درﺳﺎل 8991 ﻧﻘﻄﻪ ﻋﻄﻔﯽ ﺑﺮاي ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ ﻣﺤﺴﻮب ﻣﯿﺸﺪ.ﻧﺴﻞ ﺟﺪﯾﺪي از روﺗﺮﻫﺎ‬ ‫ﺑﺎ‬ ‫ﻗﺎﺑﻠﯿﺖ‬ ‫اراﺋﻪ‬ ‫ﺳﺮوﯾﺴﻬﺎي‬ ‫ﭼﻨﺪﮔﺎﻧﻪ‬ ‫ﺑﺎ‬ ‫ﻃﺮاﺣﯽ‬ ‫وﯾﮋه‬ ‫ﺑﻪ‬ ‫ﻣﻨﻈﻮر‬ ‫اراﺋﻪ‬ ‫ﻫﻤﺰﻣﺎن‬ ‫ﺳﺮوﯾﺴﻬﺎي‬ ‫‪ Voice,data,video,wireless‬ﺑﻪ ﺑﺎزار آﻣﺪﻧﺪ.ﺳﺮي 0062ﺑﺎ ﻫﻤﻪ ﻗﺎﺑﻠﯿﺘﻬﺎ ﯾﮏ ﻧﻘﯿﺼﻪ ﮐﻮﭼﮏ داﺷﺖ ﮐﻪ در ﺳﺮي 0063‬ ‫ﻣﺸﺎﻫﺪه ﻧﻤﯿﺸﺪ و آﻧﻬﻢ وﺟﻮد ﺣﺎﻓﻈﻪ ‪ Flash‬ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Pcmcia Slot‬ﺑﻮد.ﻣﺘﺨﺼﺼﯿﻦ ﺷﺒﮑﻪ اي ﮐﻪ ﺗﺠﺮﺑﻪ ﮐﺎر ﺑﺎ ﺳﺮي‬ ‫0063 را داﺷﺘﻨﺪ ﻣﯿﺪاﻧﺴﺘﻨﺪ ﮐﻪ در ﺷﺮاﯾﻂ ﺑﺤﺮان و ﺑﺎزﯾﺎﺑﯽ ﺗﻨﻈﯿﻤﺎت ﻫﻤﯿﻨﻄﻮر ﺗﻐﯿﯿﺮ ‪ IOS‬وﺟﻮد‪ Flash Card‬ﺑﺎﻋﺚ‬ ‫ﺗﺴﺮﯾﻊ در و ﺗﺴﻬﯿﻞ اﯾﻨﮕﻮﻧﻪ ﻓﺮاﯾﻨﺪﻫﺎ ﻣﯿﺸﻮد ، وﯾﮋﮔﯽ ﮐﻪ در اﺑﺘﺪاي ﻣﻌﺮﻓﯽ ﻣﻌﻤﺎري ﺟﺪﯾﺪ وﺟﻮد ﻧﺪاﺷﺖ.‬ ‫ﺳﺮي 0073 ﻣﺸﺘﻤﻞ ﺑﺮ روﺗﺮﻫﺎي 5273 و 5473 ﺗﻘﺮﯾﺒﺎ ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن ﺑﺎ ﺳﺮي 0062 ﻣﻌﺮﻓﯽ ﺷﺪﻧﺪ.در اﯾﻦ ﻣﻌﻤﺎري ﺑﻮد‬ ‫ﮐﻪ اول ﺑﺎر اﺳﺘﻔﺎده از ﺣﺎﻓﻈﻬﺎ )‪ CF(Compact Flash‬از ﺧﺎﻧﻮاده ﺣﺎﻓﻈﻪ دورﺑﯿﻨﻬﺎي دﯾﺠﯿﺘﺎل ﺣﺮﻓﻪ اي اﻣﺮوزي ﻣﻌﺮﻓﯽ‬ ‫ﺷﺪ .ﺣﺘﯽ اﻣﺮوزه ﻧﯿﺰ ﺗﺠﻬﯿﺰاﺗﯽ از ﻗﺒﯿﻞ ﺳﺮي0082و0083 )‪ ISR(Integrated service Routers‬و ﻓﺎﯾﺮواﻟﻬﺎي ﺳﺮي‬ ‫0055 ‪ ASA‬و ﺗﻌﺪاد ﺑﯿﺸﻤﺎري از ادوات دﯾﮕﺮ ﺑﺎ ﻗﺎﺑﻠﯿﺖ ﭘﺸﺘﯿﺒﺎﻧﯽ از ﺣﺎﻓﻈﻪ ﻫﺎي ‪ CF‬ﻃﺮاﺣﯽ ﻣﯿﺸﻮﻧﺪ ﮐﻪ ﺑﻪ ﻣﺮاﺗﺐ از‬ ‫ﻧﺴﻞ ﻗﺒﻠﯽ ﺣﺎﻓﻈﻪ ﻫﺎ ﺳﺮﯾﻌﺘﺮ و ﻗﺎﺑﻞ اﻋﺘﻤﺎد ﺗﺮ ﻫﺴﺘﻨﺪ.‬ ‫در ﺳﺎل 2002 ﺳﺮي ﺟﺪﯾﺪ ‪ 2600XM‬ﺑﺎ ﺑﺮوزرﺳﺎﻧﯿﻬﺎي ﻣﺘﻌﺪدي از ﻗﺒﯿﻞ اﺳﺘﻔﺎده از آﺧﺮﯾﻦ ﺳﺮي ﭘﺮدازﻧﺪه ﻫﺎي‬ ‫‪ ، 125MHZ SDRAM ، Motorola‬ﭘﺸﺘﯿﺒﺎﻧﯽ از ‪ 48MB‬ﺣﺎﻓﻈﻪ ‪ Flash‬و ﭘﺸﺘﯿﺒﺎﻧﯽ ﺗﺎ ‪ 128MB RAM‬اراﺋﻪ ﺷﺪ.‬ ‫ﮐﻤﯽ ﺑﻌﺪ ﺑﺎ اراﺋﻪ ﻧﺴﺨﻪ ﺟﺪﯾﺪ ‪ 12.2(8r) bootrom‬ﺳﺮي ﻓﻮق ﻗﺎدر ﺑﻪ ﭘﺸﺘﯿﺒﺎﻧﯽ ﺗﺎ ‪ 256MB RAM‬ﺷﺪ .‬ ‫092 ‪Page 13 of‬‬
  • 15.
    ‫ﺳﺮي 1962 ﻫﻤﺰﻣﺎنﺑﺎ ﺳﺮي ‪ 2600XM‬ﺑﻪ ﻋﻨﻮان ﺳﺮﯾﻌﺘﺮﯾﻦ ﺳﮑﻮي ﺳﺮي 0062 ﻣﻌﺮﻓﯽ ﺷﺪ.ﺳﺮي 1962 ﺑﻪ ﻋﻨﻮان ﺑﺮادر‬ ‫ﮐﻮﭼﮑﺘﺮ ﺳﺮي 5273 ﺷﻨﺎﺧﺘﻪ ﻣﯿﺸﻮد . در ﯾﮏ ﻣﻘﺎﯾﺴﻪ ﻧﻈﯿﺮ ﺑﻪ ﻧﻈﯿﺮ آﻧﻬﺎ ﮐﺎﻣﻼ ﺷﺒﯿﻪ ﺑﻪ ﻧﻈﺮ ﻣﯿﺮﺳﻨﺪ ﻫﺮﭼﻨﺪ ﮐﻪ ﺗﻮان‬ ‫ﻋﻤﻠﯿﺎﺗﯽ ﻋﻤﻮﻣﯽ ﻫﻤﯿﻨﻄﻮر ﭘﺸﺘﯿﺒﺎﻧﯽ از ﺗﻌﺪاد ﻣﺎژوﻟﻬﺎ و ﻗﯿﻤﺖ آﻧﻬﺎ را از ﻫﻢ ﺟﺪا ﻣﯿﮑﻨﺪ.‬ ‫ﺳﺮي 0081 ، 0082 و 0083 از ﻣﺎژوﻟﻬﺎي )‪ HWIC (High-speed WAN Interface Card’s‬ﺑﺎ ﺳﺮﻋﺖ ﺟﻤﻌﺎ ‪ 400mbps‬ﺑﻪ‬ ‫ﺻﻮرت ﺗﻮزﯾﻊ ﺷﺪه ﺑﯿﻦ ﻫﻤﻪ اﺳﻼﺗﻬﺎ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ در ﺣﺎﻟﯽ ﮐﻪ ﺗﮑﻨﻮﻟﻮژي ‪ WIC‬ﻗﺪﯾﻤﯽ ﺣﺪاﮐﺜﺮ ‪ 8mbps‬را روي ﻫﺮ‬ ‫‪ Pci Bus‬اراﺋﻪ ﻣﯿﮑﺮد.ﺑﻪ ﻋﻨﻮا ﻣﺜﺎل ﺳﺮي ‪ 2600XM‬داراي دو اﯾﻨﺘﺮﻓﯿﺲ ‪ WIC‬ﻣﺠﺰا روي ﯾﮏ ﺑﺎس ﻣﺸﺘﺮك ﻣﯿﺒﺎﺷﺪ‬ ‫ﻧﺘﯿﺠﻪ اﯾﻨﮑﻪ ﻣﯿﺘﻮاﻧﺪ از ﯾﮏ ‪ WIC-2T‬ﺑﺎ ﺳﺮﻋﺖ ‪ 8Mbps‬ﯾﺎ دو ﭘﻮرت ﺑﺎ ﺳﺮﻋﺖ ‪ 4Mbps‬اﺳﺘﻔﺎده ﮐﻨﺪ و در اﯾﻦ ﺣﺎﻟﺖ‬ ‫ﺑﻪ دﻟﯿﻞ اﺳﺘﻔﺎده از ﺑﺎس ﻣﺸﺘﺮك اﺳﻼت دوم ‪ WIC‬ﻗﺎﺑﻞ اﺳﺘﻔﺎده ﻧﯿﺴﺖ.اﯾﻦ ﻣﺤﺪودﯾﺖ ﻫﻤﯿﻨﻄﻮر روي ﻣﺎژوﻟﻬﺎي -‪NM‬‬ ‫‪ 1FE2W, NM-1FE1R2W, NM-2FE2W and NM-2W‬اﻋﻤﺎل ﻣﯿﺸﻮد.‬ ‫روﺗﺮﻫﺎي ﺳﺮي 0082 ﺑﻪ ﺟﺰ 1082 داراي 4 اﺳﻼت ‪ HWIC‬ﺑﺎ ﻣﺠﻮع ﺳﺮﻋﺖ ‪ 400Mbps‬ﺗﻮزﯾﻊ ﺷﺪه ﻣﺎﺑﯿﻦ ﻫﻤﻪ اﺳﻼﺗﻬﺎ‬ ‫ﺑﻪ ﻋﻼوه ﯾﮏ ﯾﺎ ﺑﯿﺶ از آن اﺳﻼت )‪ NME(Netwok Module Enhanced‬ﺑﺎﺳﺮﻋﺖ ‪ 1.2Gbps‬ﺑﻪ ﻃﻮر ﻣﺸﺘﺮك ﻣﺎﺑﯿﻦ‬ ‫ﻫﻤﻪ اﺳﻼﺗﻬﺎي اﯾﻦ ﭘﻠﺘﻔﺮم در ﻣﻘﺎﯾﺴﻪ ﺑﺎ ﺳﺮﻋﺖ ‪ 600Mbps‬ﻣﺎژوﻟﻬﺎي ﻗﺪﯾﻤﯽ ‪ NM‬ﻣﯿﺒﺎﺷﻨﺪ.‬ ‫ﭘﻠﺘﻔﺮﻣﻬﺎي ﺑﺴﯿﺎري ﻣﺎﻧﻨﺪ 0062 و 0073 و ﻣﺪﻟﻬﺎي ﺟﺪﯾﺪﺗﺮ داراي اﺳﻼﺗﻬﺎي ﺗﻮﺳﻌﻪ داﺧﻠﯽ ﺑﻪ ﻧﺎم‬ ‫‪(Advanced Integration‬‬ ‫)‪ AIM Module‬ﺑﻪ ﻣﻨﻈﻮر اﻓﺰودن ﻗﺎﺑﻠﯿﺘﻬﺎ و ﺳﺮوﯾﺴﻬﺎ وﯾﮋه ﺑﻪ ﭘﻠﺘﻔﺮﻣﻬﺎي ﻣﻮرد ﻧﻈﺮ ﻫﺴﺘﻨﺪ.ﻋﻨﺎوﯾﻦ ﻣﺘﻌﺪدي از ‪AIM‬ﻫﺎ ﻧﻈﯿﺮ‬ ‫‪ AIM-CU‬ﮐﻪ ﻣﺎژول ‪ Cisco unity Express‬ﺑﻪ ﻣﻨﻈﻮر اراﺋﻪ ﺳﺮوﯾﺲ ‪ Voice mail‬ﺑﺮاي ﺳﯿﺴﺘﻢ‬ ‫‪Unified‬‬ ‫‪ Communications Manager Express‬و ﯾﺎ ﻣﺎژول ‪ AIM-VPN‬ﺟﻬﺖ رﻣﺰﻧﮕﺎري ﺗﺮاﻓﯿﮏ ﺑﺎ ﻫﺪف ﺑﺮداﺷﺘﻦ ﺑﺎر ﻣﺤﺎﺳﺒﺎﺗﯽ‬ ‫رﻣﺰﻧﮕﺎري از روي ﭘﺮدازﻧﺪه اﺻﻠﯽ روﺗﺮ اﺳﺖ را ﻣﯿﺘﻮان ﻧﺎم ﺑﺮد‬ ‫در ﺟﺪول زﯾﺮ ﻣﺸﺨﺼﻪ ﻋﻤﻮﻣﯽ روﺗﺮﻫﺎي ﻣﻌﻤﻮل اﻣﺮوزي و دﯾﺮوزي را ﻣﺸﺘﻤﻞ ﺑﺮ ﭘﻮرﺗﻬﺎ، اﺳﻼﺗﻬﺎ،ﮐﺎراﯾﯽ، ﺣﺪاﮐﺜﺮ‬ ‫‪RAM‬و‪ Flash‬ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ ‫‪Cisco 2500 Series Routers‬‬ ‫*‪Async Lines‬‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫‪8 Lines Octal‬‬ ‫54-‪8 Lines RJ‬‬ ‫‪8 Lines Octal‬‬ ‫‪16 Lines Octal‬‬ ‫54-‪16 Lines RJ‬‬ ‫‪16 Lines Octal‬‬ ‫0‬ ‫092 ‪Page 14 of‬‬ ‫‪ISDN‬‬ ‫0‬ ‫0‬ ‫1‬ ‫1‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫‪Token Ring‬‬ ‫0‬ ‫1‬ ‫0‬ ‫1‬ ‫0‬ ‫0‬ ‫0‬ ‫1‬ ‫0‬ ‫0‬ ‫1‬ ‫1‬ ‫54-‪Ethernet RJ‬‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫‪16 Hub Ports‬‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫0‬ ‫‪AUI‬‬ ‫1‬ ‫0‬ ‫1‬ ‫0‬ ‫1‬ ‫1‬ ‫1‬ ‫0‬ ‫1‬ ‫1‬ ‫0‬ ‫1‬ ‫*‪Serial‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪1H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪1H‬‬ ‫‪2H‬‬ ‫‪2H‬‬ ‫‪Flash‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪RAM‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪16MB‬‬ ‫‪Router‬‬ ‫1052‬ ‫2052‬ ‫3052‬ ‫4052‬ ‫7052‬ ‫9052‬ ‫‪2509-RJ‬‬ ‫0152‬ ‫1152‬ ‫‪2511-RJ‬‬ ‫2152‬ ‫3152‬
  • 16.
    2514 2515 2516 2518 2520 2521 2522 2523 2524 2525 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 2H 2H 2H 0 2H 2L 2H 2L 2H8L 2H 8L 0 0 2 0 0 1 1 0 0 0 0 0 14 Hub Ports 1 Ethernet Port 24 Port Module 0 0 1 – Shared 1 1 – Shared 1 0 2 0 0 1 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 :‫ﺗﻮﺟﻪ‬ ‫ و دو اﺳﻼت‬SIMM RAM ‫ .ﯾﮏ اﺳﻼت 08ﭘﯿﻦ‬Motorola 68030 20 MHz ‫ﺳﺮي ﺑﺎﺳﺘﺎﻧﯽ 0052 داراي ﭘﺮدازﻧﺪه‬  .‫ ﻣﯿﺒﺎﺷﺪ‬SIMM Flash ‫2 ﻟﺤﯿﻢ ﺷﺪه روي ﺑﺮداﺻﻠﯽ ﺟﻬﺖ ﺑﺎﻓﺮ/ﺣﺎﻓﻈﻪ اﺷﺘﺮاﮐﯽ ﻫﺴﺘﻨﺪ‬MB DRAM ‫ﺑﺮﺧﯽ از ﺳﺮﯾﻬﺎي 0052 داراي‬  ‫ ﻣﯿﺘﻮان ﺑﻪ ﻋﻨﻮان ﭘﻮرت ﻣﻮدم ﯾﺎ ﺧﻄﻮط ﺗﺮﻣﯿﻨﺎل در اﮐﺴﺲ ﺳﺮور اﺳﺘﻔﺎده ﮐﺮد‬Async lines ‫از‬  Cisco 1600 Series Routers Router 1601 1602 1603 1604 1605 RAM 24MB 24MB 24MB 24MB 24MB Flash* 16MB 16MB 16MB 16MB 16MB CPU 33Mhz 33Mhz 33Mhz 33Mhz 33Mhz Ethernet AUI RJ45 Shared AUI RJ45 Shared AUI RJ45 Shared AUI RJ45 Shared 1 RJ45 – 1 Shared WIC 1 1 1 1 1 ISDN 0 0 1 BRI 1 NT1 0 56k DSU 0 1 0 0 0 Performance 4k pps 4k pps 4k pps 4k pps 4k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬PCMCIA Flash Card ‫ﺳﺮي 0061 از ﺣﺎﻓﻈﻪ ﻫﺎي‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬Motorola 68360 33Mhz ‫از ﭘﺮدازﻧﺪه‬   Cisco 3600 Series Routers Router 3620 3631-CO 3640 3660 3661-CO 3662 RAM 64MB 256MB 128MB 64MB 64MB 256MB Flash 32MB 128MB 32MB 64MB 64MB 64MB CPU 80Mhz 240Mhz 100Mhz 225Mhz 225Mhz 225Mhz Ethernet None None None 1 or 2 Fast Eth 1 or 2 Fast Eth 1 or 2 Fast Eth WIC 0 2 0 0 0 0 NM 2 2 4 6 6 6 AIM 0 2 0 2 2 2 Performance 20-40k pps 70k pps 50-70k pps 100-120k pps 100-120k pps 100-120k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ‬PCMCIA Flash Cards ‫ﺳﺮي 0063 ﻣﻌﻤﺎري ﮐﺎﻣﻼ ﻣﺎژوﻻر داﺷﺘﻪ و از ﺣﺎﻓﻈﻪ ﻫﺎي‬  ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ‬IDT R7000 RISC Processor ‫0263 و 0463 از ﭘﺮدازﻧﺪه ﻫﺎي‬  ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬PMC-Sierra RM7061A RISC Processor ‫1363 از ﭘﺮدازﻧﺪه‬  ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬QED RM5271 RISC Processor ‫0663 از ﭘﺮدازﻧﺪه‬ Page 15 of 290 
  • 17.
    Cisco 2600 &2600XM Series Routers Router 2610 2611 2612* 2613* 2620 2621 2650 2651 2610XM 2611XM 2620XM 2621XM 2650XM 2651XM 2691 RAM 64MB 64MB 64MB 64MB 64MB 64MB 128MB 128MB 128MB 128MB 128MB 128MB 128MB 128MB 256MB Flash 16MB 16MB 16MB 16MB 16MB 16MB 32MB 32MB 48MB 48MB 48MB 48MB 48MB 48MB 128MB CPU 40Mhz 40Mhz 40Mhz 40Mhz 50Mhz 50Mhz 80Mhz 80Mhz 40Mhz 40Mhz 50Mhz 50Mhz 80Mhz 80Mhz 160Mhz Ethernet 1 10Base-T 2 10Base-T 1 10Base-T None 1 Fast Ethernet 2 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 2 Fast Ethernet WIC 2 2 2 2 2 2 2 2 2 2 2 2 2 2 3 NM 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 AIM 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 Performance 15k pps 15k pps 15k pps 15k pps 25k pps 25k pps 37k pps 37k pps 20k pps 20k pps 30k pps 30k pps 40k pps 40k pps 70k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬MCP860 PowerQUICC ‫ﺳﺮي 0062 از ﭘﺮدازﻧﺪه ﻫﺎي‬  ‫ ﻫﺴﺘﻨﺪ‬Rj45 Token ring port ‫2162و3162 داراي‬  ‫ ﻣﯿﺒﺎﺷﺪ‬CF ‫1962 داراي ﻫﺮدو ﺣﺎﻓﻈﻪ داﺧﻠﯽ و‬  ‫3(1.21 ﯾﺎ ﺟﺪﯾﺪﺗﺮ ﻫﺴﺘﻨﺪ‬r) bootrom ‫ﺑﺎ‬Flash ‫23 ﺣﺎﻓﻈﻪ‬MB ‫0262 و 1262 داراي ﻗﺎﺑﻠﯿﺖ ﭘﺸﺘﯿﺒﺎﻧﯽ از‬ ‫8(2.21 اﺳﺖ‬r) bootrom ‫652 ﺑﺎ اﺳﺘﻔﺎده از‬MB DRAM ‫0062داراي ﻗﺎﺑﻠﯿﺖ ﭘﺸﺘﯿﺒﺎﻧﯽ از‬XM ‫ﺳﺮي‬   Cisco 1700 Series Routers Router 1701 1710 1711 1712 1720 1721 1750 1751 1760 RAM 128MB 96MB 64MB 128MB 48MB 128MB 48MB 96MB 128MB Flash 32MB 16MB 16MB 32MB 16MB 32MB 16MB 32MB 64MB CPU 40Mhz 48Mhz 100Mhz 100Mhz 48Mhz 48Mhz 48Mhz 48Mhz 80Mhz Ethernet 1 Fast Ethernet 1 Fast Eth & 1 10Base-T 1 Fast & 4 10/100 Switch 1 Fast & 4 10/100 Switch 1 Fast Ethernet 1 Fast Ethernet 1 Fast Ethernet 1 Fast Ethernet 1 Fast Ethernet ISDN 1 0 0 1 0 0 0 0 0 WIC 0 0 0 0 2 2 2 2 2 VIC 0 0 0 0 0 0 1 1 4* Performance 12k pps 7k pps 13.5k pps 13.5k pps 8.5k pps 12k pps 8.5k pps 12k pps 16k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ‬MCP RISC PowerQUICC ‫ﺳﺮي 0071 از ﭘﺮدازﻧﺪه ﻫﺎي‬ ‫ ﻫﺴﺘﻨﺪ‬Vpn ‫1171 و 2171 داراي ﺳﺨﺖ اﻓﺰار اﺧﺘﺼﺎﺻﯽ ﺳﺮوﯾﺲ‬   ‫ وﺟﻮد دارد‬AIM-Vpn ‫در 0271 و ﺑﺎﻻﺗﺮ اﻣﮑﺎن ﻧﺼﺐ ﻣﺎژول‬  ‫65 اﺳﺖ‬k v.90 ‫1171 داراي ﻣﻮدم آﻧﺎﻟﻮگ‬  Page 16 of 290
  • 18.
    ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ‬wic‫ اﺳﺖ ﮐﻪ دوﺗﺎي آن ﺻﺮﻓﺎ از‬VIC ‫0671 داري4 اﺳﻼت‬  Cisco 3700 Series Routers Router 3725 3745 RAM 256MB 256MB Flash 128MB 128MB CPU 240Mhz 350Mhz Ethernet 2 Fast Ethernet 2 Fast Ethernet WIC 3 3 NM 2 4 AIM 2 2 HDSM 1 2 Performance 100k pps 225k pps :‫ﺗﻮﺟﻪ‬ ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﻨﺪ‬High Density Service Modules (HDSM’s) ‫ﺳﺮي 0073 ﻣﺎژوﻟﻬﺎي‬  ‫215 ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ‬MB DRAM ‫6(3.21 ﺗﺎ‬r) Bootrom ‫543 ازﻃﺮﯾﻖ‬  ‫ ﻣﺎژوﻟﻬﺎ و ﻣﻨﺎﺑﻊ ﺗﻐﺬﯾﻪ ﭘﺸﺘﯿﺒﺎﻧﯽ‬NM ‫ ﺟﻬﺖ‬Online Insertion & Removal (OIR) ‫ﺳﺮي 0073 از ﻗﺎﺑﻠﯿﺖ‬  ‫ﻣﯿﮑﻨﻨﺪ‬ Cisco 1800 Series Routers Router 1801 RAM 384MB Flash 128MB CPU ? Ethernet 1 Fast Ethernet 1802 384MB 128MB ? 1 Fast Ethernet 1803 1805 1811 1812 1841 1861 384MB 384MB 384MB 384MB 384MB 384MB 128MB 128MB 128MB 128MB 128MB 128MB ? ? ? ? 250Mhz 250Mhz 1 Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 2 Fast Ethernet 2 Fast Ethernet 2 Fast Ethernet aDSL aDSL Over Pots aDSL over ISDN SHDSL None None None Yes* None HWIC 0 WiFi Yes USB 0 Perform. 70k pps 0 Yes 0 70k pps 0 0 0 0 2 1 Yes Yes Yes Yes No* No 0 2 2 2 1* 0 70k pps 70k pps 70k pps 70k pps 75k pps 75k pps :‫ﺗﻮﺟﻪ‬ ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪد‬QED RM52xx ‫ﺗﻤﺎم ﻣﺪﻟﻬﺎي 0081 از ﭘﺮدازﻧﺪه ﻫﺎي ﺳﺮي‬  ‫ از واﯾﺮﻟﺲ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ‬HWIC-AP ‫1481 از ﻃﺮﯾﻖ‬  Usb 2 ‫اﺳﺖ ﻣﺎﺑﻘﯽ‬Usb 1.1 ‫1481 داراي‬  ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ‬aDSL & G.SHDSL WIC and HWIC’s ‫1481 از‬ ‫ اﺳﻼت اﺳﺖ‬AIM ‫1481 داراي ﯾﮏ‬   ‫5081 داراي 4 ﭘﻮرت 01/001 ﻣﺪﯾﺮﯾﺖ ﭘﺬاﯾﺮ اﺳﺖ‬ ‫2 اﺳﺖ‬x BRI S/T, 8 Port POE 10/100 ‫ و‬FXS ‫1681 داراي 4 ﭘﻮرت‬ Router 2801 2811 2821 2851 RAM 512MB 768MB 1GB 1GB Page 17 of 290 Flash 256MB 256MB 256MB 256MB   CPU 250Mhz 350Mhz 466Mhz 466Mhz Cisco 2800 Series Routers Ethernet HWIC 2 Fast Ethernet 4 2 Fast Ethernet 4 2 Gigabit Eth 4 2 Gigabit Eth 4 NME 2 4 4 4 AIM 2 2 2 2 DSP 2 2 3 3 Perform. 90k pps 120k pps 170k pps 220k pps
  • 19.
    :‫ﺗﻮﺟﻪ‬ ‫ ﻫﺴﺘﻨﺪ‬vpn ‫ﺗﻤﺎمﻣﺪﻟﻬﺎي 0082 داراي ﭘﺮدازﻧﺪه ﻣﺠﺰا ﺟﻬﺖ رﻣﺰﻧﮕﺎري ﮐﺎﻧﺎﻟﻬﺎي‬ ‫ ﻫﺴﺘﻨﺪ‬Voice ‫ ﺟﻬﺖ ﭘﺮدازﺷﻬﺎي‬Dsp processor ‫ﺗﻤﺎﻣﯽ ﻣﺪﻟﻬﺎي 0082 داراي ﻗﺎﺑﻠﯿﺖ ﻧﺼﺐ‬ ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ‬HWIC-1GE (1 Port SFP HWIC) ‫1082 از‬ ‫ ﻧﯿﺎز ﺑﻪ ﺳﺮي 0083 اﺳﺖ‬HWIC-2FE ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﻨﺪ . ﺑﺮاي‬HWIC-2FE ‫ و ﻧﻪ‬HWIC-1FE ‫ﻣﺪﻟﻬﺎي 0082 از‬ Router 3825 3845 RAM 1GB 1GB Flash 256MB 256MB CPU 500Mhz 650Mhz Cisco 3800 Series Routers Ethernet HWIC 2 Gigabit Eth 4 2 Gigabit Eth 4 NME 2 4 AIM 2 2 DSP 4 4     Perform. 350k pps 500k pps :‫ﺗﻮﺟﻪ‬ ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﻨﺪ‬High Density Service Modules (HDSM’s) ‫ﺳﺮي 0083 از‬ ‫ ﻣﺎژول ﻫﺴﺘﻨﺪ‬single Small Pluggable Form-factor (SFP) ‫ﺳﺮي 0083 داراي ﯾﮏ‬ Broadcom BCM1125H 500 MHz ‫5283 داراي ﭘﺮدازﻧﺪه‬ ‫ اﺳﺖ‬Broadcom BCM1250 650 MHz ‫5483 داراي ﭘﺮدازﻧﺪه دو ﻫﺴﺘﻪ اي‬     Page 18 of 290
  • 20.
    ‫آزﻣﺎﯾﺶ 2.1-اﺗﺼﺎل ﺑﻪادوات ﺳﯿﺴﮑﻮ از ﻃﺮﯾﻖ ﮐﻨﺴﻮل‬ ‫اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﭼﮕﻮﻧﮕﯽ اﺗﺼﺎل ﺑﻪ ﮐﻨﺴﻮل روﺗﺮ/ﺳﻮﯾﯿﭻ ازﻃﺮﯾﻖ ﮐﺎﺑﻞ 54‪ DB9 to RJ‬ﻣﯿﭙﺮدازد.در اﯾﻦ آزﻣﺎﯾﺶ از ﯾﮏ‬ ‫ﻧﺮم اﻓﺰار ﺗﺮﻣﯿﻨﺎل ﻣﺎﻧﻨﺪ ‪ Putty‬و ﯾﺎ ‪ HyperTerminal‬ﮐﻪ در دل وﯾﻨﺪوز ﻣﻮﺟﻮد ﻣﯿﺒﺎﺷﺪ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.ﻧﺮم‬ ‫اﻓﺰارﻫﺎي ﻣﺘﻌﺪدي در اﯾﻦ ﺧﺼﻮص وﺟﻮد دارﻧﺪ ﻣﺎﻧﻨﺪ دو ﻣﻮرد راﯾﮕﺎﻧﯽ ﮐﻪ در ﺑﺎﻻ اﺷﺎره ﺷﺪ و ﯾﺎ ﻧﺮم اﻓﺰار ‪SecureCRT‬‬ ‫ﯾﺎ ‪.TeraTerm‬‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در دﻧﯿﺎي واﻗﻊ ﻣﻮاﻗﻊ زﯾﺎدي ﭘﯿﺶ ﻣﯽ آﯾﺪ ﮐﻪ ﻧﯿﺎز ﺑﻪ ﺗﻨﻈﯿﻢ ﯾﮏ ﺗﺠﻬﯿﺰ ﺳﯿﺴﮑﻮ از ﻃﺮﯾﻖ ﮐﻨﺴﻮل دارﯾﻢ. ﻣﻮاردي‬ ‫ﻫﻤﭽﻮن اﻣﺎده ﺳﺎزي ﯾﮏ ﺗﺠﻬﯿﺰ ﺗﺎزه ﺧﺮﯾﺪاري ﺷﺪه،ﺑﺎزﮔﺮداﻧﺪن ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ )‪ (Image restoration‬ﯾﺎ ﺣﺘﯽ‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ دﺳﺘﺮﺳﯽ از ﻃﺮﯾﻖ ﺷﺒﮑﻪ ﺧﻮد ﺑﻪ ﺗﺠﻬﯿﺰ ﻣﻮرد ﻧﻄﺮ را ﺑﻪ دﻟﯿﻞ ﺗﻨﻈﯿﻤﺎت اﺷﺘﺒﺎه ‪ Access list‬از دﺳﺖ داده‬ ‫اﯾﻢ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ:‬ ‫‪‬‬ ‫ﻧﺮم اﻓﺰار ﺗﺮﻣﯿﻨﺎل ﻣﺎﻧﻨﺪ ‪Putty, HyperTerminal , SecureCRT‬‬ ‫‪‬‬ ‫ﮐﺎﺑﻞ ﮐﻨﺴﻮل ﯾﺎ ‪-rollover‬ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ اﯾﻨﮑﻪ ﺑﯿﺸﺘﺮ ﮐﺎﻣﭙﯿﻮﺗﺮﻫﺎي اﻣﺮوزي ﻓﺎﻗﺪ ‪ Serial port‬ﻫﺴﺘﻨﺪ اﺳﺘﻔﺎده‬ ‫از ﺗﺒﺪﯾﻞ ‪ Usb‬ﺑﻪ 232‪ Rs‬ﺗﻮﺻﯿﻪ ﻣﯿﺸﻮد‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﺑﻪ ﺗﺠﻬﯿﺰ ﺳﺴﯿﺴﮑﻮ از ﻃﺮﯾﻖ ﮐﻨﺴﻮل و ﻣﺸﺎﻫﺪه ‪Cli prompt‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺑﺎ اﯾﻨﮑﻪ ﻋﻤﻮﻣﺎ ﻧﺮم اﻓﺰارﻫﺎي ﺗﺮﻣﯿﻨﺎل داراي ﺗﻔﺎوﺗﻬﺎﯾﯽ در وﯾﮋﮔﯿﻬﺎ و ﭘﺮوﺗﮑﻠﻬﺎي ﻣﻮرد ﭘﺸﺘﯿﺒﺎﻧﯽ دارﻧﺪ اﻣﺎ ﻫﻤﻪ اﻧﻬﺎ ﯾﮏ‬ ‫ﻫﺪف واﺣﺪ را دﻧﺒﺎل ﻣﯿﮑﻨﻨﺪ و آن اﻣﮑﺎن ﺑﺮﻗﺮاري اﺗﺼﺎل ﺑﻪ ﺗﺠﻬﯿﺰ ﻣﻮرد ﻧﻈﺮ و ﭘﯿﮑﺮﺑﻨﺪي آن اﺳﺖ.در اﯾﻦ ﻧﻮﺷﺘﺎر از‬ ‫‪ Putty‬ﺟﻬﺖ ﺑﺮﻗﺮاي اﺗﺼﺎل و ﻣﺸﺎﻫﺪه ﺧﻂ ﻓﺮﻣﺎن اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫1. ﮐﺎﺑﻞ ﮐﻨﺴﻮل را ﺑﻪ ﮐﺎﻣﭙﯿﻮﺗﺮ ﻣﺘﺼﻞ ﮐﻨﯿﺪ و ﺳﺮ دﯾﮕﺮ آﻧﺮا ﺑﻪ ﭘﻮرت ﮐﻨﺴﻮل ﺗﺠﻬﯿﺰ ﻣﺘﺼﻞ ﮐﻨﯿﺪ‬ ‫2. ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﺮاي اوﻟﯿﻦ ﺑﺎر ‪ putty‬را اﺟﺮا ﻣﯿﮑﻨﯿﺪ ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت زﯾﺮ روﺑﺮو ﻣﯿﺸﻮﯾﺪ‬ ‫092 ‪Page 19 of‬‬
  • 21.
    ‫3. ﺑﻪ ﺟﺎي‪ SSH‬ﮔﺰﯾﻨﻪ ‪ Serial‬اﻧﺘﺨﺎب ﻣﯿﺸﻮد .1‪ Com‬ﭘﻮرت ارﺗﺒﺎﻃﯽ ﭘﯿﺶ ﻓﺮض ﺑﺮاي ارﺗﺒﺎﻃﺎت ﺳﺮﯾﺎل ‪putty‬‬ ‫اﺳﺖ.ﻣﻤﮑﻦ اﺳﺖ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺷﻤﺎره ‪ Com port‬ﮐﻪ ﮐﺎﺑﻞ ﮐﺴﻨﻮل ﺑﻪ آن ﻣﺘﺼﻞ ﺷﺪه ﻧﯿﺎر ﺑﻪ ﺗﻐﯿﯿﺮ آن داﺷﺘﻪ‬ ‫ﺑﺎﺷﯿﻢ.‪ 9600 Baud‬ﻫﻢ ﺳﺮﻋﺖ ﭘﯿﺶ ﻓﺮض ‪ putty‬ﺟﻬﺖ ارﺗﺒﺎﻃﺎت ﺳﺮﯾﺎل اﺳﺖ ﻫﻤﯿﻨﻄﻮر ﺳﺮﻋﺖ ﭘﯿﺶ ﻓﺮض‬ ‫ادوات ﺳﯿﺴﮑﻮ ﮐﻪ از ﻃﺮﯾﻖ 2012×0 ‪ Configuration Register‬ﺗﻨﻈﯿﻢ ﻣﯿﺸﻮد‬ ‫092 ‪Page 20 of‬‬
  • 22.
    ‫4. ﺗﻨﻈﯿﻤﺎت ارﺗﺒﺎطرا ﺑﺎ ﻧﺎم "‪ "Cisco Console‬ﻣﻄﺎﺑﻖ ﺷﮑﻞ زﯾﺮ ذﺧﯿﺮه ﮐﻨﯿﺪ‬ ‫5. ﭘﺲ از اﯾﻨﮑﻪ ﺗﻨﻈﯿﻤﺎت ﺑﺎ ﻣﻮﻓﻘﯿﺖ ﺑﻪ ﺻﻮرت ‪ Tempalate‬ذﺧﯿﺮه ﺷﺪ ﺑﺎ ﮐﻠﯿﮏ روي دﮐﻤﻪ ‪ open‬ﭘﻨﺠﺮه‬ ‫ﺟﺪﯾﺪي ﭘﺪﯾﺪار ﻣﯿﺸﻮد ﮐﻪ ﻫﻤﺎن ﭘﻨﺠﺮه ﺗﺮﻣﯿﻨﺎل دﺳﺘﮕﺎه اﺳﺖ.اﮐﻨﻮن ﺗﺠﻬﯿﺰ ﺳﯿﺴﮑﻮ را روﺷﻦ ﮐﻨﯿﺪ.ﭘﺲ ار‬ ‫ﺑﻮت ﺷﺪن دﺳﺘﮕﺎه ﺑﺎ ﻓﺮض اﯾﻨﮑﻪ ‪ Nvram‬ﻓﺎﻗﺪ اﻃﻼﻋﺎت ﻣﯿﺒﺎﺷﺪ اﻋﻼن ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ دﺳﺘﮕﺎه را ﻣﺸﺎﻫﺪه‬ ‫ﺧﻮاﻫﯿﺪ ﮐﺮد.ﮐﻠﯿﮏ "‪ "n‬را ﺑﻔﺸﺎرﯾﺪ ﭘﺲ از آن از ﺷﻤﺎ ﻣﯿﺨﻮاﻫﺪ ﺑﺎ ﻓﺸﺮدن ‪ Enter‬وارد ﻣﺮﺣﻠﻪ ﺑﻌﺪي ﺷﻮﯾﺪ در‬ ‫اﯾﻦ ﺣﺎﻟﺖ ﭘﻨﺠﺮه ﺷﺒﯿﻪ ﺑﻪ اﯾﻦ ﺧﻮاﻫﺪ ﺑﻮد‬ ‫092 ‪Page 21 of‬‬
  • 23.
    ‫اﮐﻨﻮن وارد ﻣﺤﯿﻂ‪ cli‬ﺟﻬﺖ ﺗﻨﻈﯿﻤﺎت و ﭘﯿﮑﺮﺑﻨﺪي دﺳﺘﮕﺎه ﺳﯿﺴﮑﻮ ﺧﻮد ﺷﺪه اﯾﺪ‬ ‫092 ‪Page 22 of‬‬
  • 24.
    ‫آزﻣﺎﯾﺶ 3.1-آﺷﻨﺎﯾﯽ ﺑﺎﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ روﺗﺮ و ﺳﻮﯾﯿﭻ‬ ‫اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﺑﺮرﺳﯽ ﻣﺸﺨﺼﻪ ﻫﺎي )‪ Cisco Internetwork Operating System (Cisco IOS‬در ﺣﺎل اﺟﺮا ﺑﺮ‬ ‫روي ادوات ﺳﯿﺴﮑﻮ ﻣﯽ ﭘﺮدازد‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫داﻧﺴﺘﻦ اﯾﻨﮑﻪ ﭼﻪ ﻧﺴﺨﻪ اي از ‪ IOS‬و ﺑﺎ ﭼﻪ وﯾﮋﮔﯽ در ﺣﺎل اﺟﺮا ﺑﺮ روي ادوات ﺳﯿﺴﮑﻮ ﻣﺎ ﻣﯿﺒﺎﺷﺪ ﻧﻘﺸﯽ ﺗﻌﯿﯿﻦ ﮐﻨﻨﺪه‬ ‫در ﺑﺮﻧﺎﻣﻪ رﯾﺰي و ﭘﯿﺎده ﺳﺎزي ﻣﺸﺨﺼﻪ ﻫﺎي ﻣﻮرد ﻧﯿﺎز ﺧﻮاﻫﺪ داﺷﺖ. ﺑﺮاي درك ﺑﻬﺘﺮ اﯾﻦ ﻣﻔﻬﻮم ﺑﻪ ﻣﺸﺨﺼﻪ ﻫﺎي‬ ‫ﻧﮕﺎرﺷﻬﺎي ﻣﺨﺘﻠﻒ وﯾﻨﺪوز7 ﻣﺎﻧﻨﺪ ‪Basic, Home Edition, Home Premium, Business, Ultimate and‬‬ ‫‪ Enterprise‬ﺗﻮﺟﻪ ﮐﻨﯿﺪ،در ‪ IOS‬ﺳﯿﺴﮑﻮ ﻫﻢ ﭼﻨﯿﻦ ﻧﺎم ﮔﺬاري ﻫﺎﯾﯽ را ﺗﺤﺖ ﻋﻨﻮان ”‪ “Feature set‬ﺷﺎﻫﺪ ﻫﺴﺘﯿﻢ ﮐﻪ‬ ‫ﺑﯿﺎﻧﮕﺮ ﻧﻮع وﯾﮋﮔﯿﻬﺎي ﻗﺎﺑﻞ اراﺋﻪ در آن ﺗﻮزﯾﻊ ﻫﺴﺘﻨﺪ در اداﻣﻪ ﺑﻪ ﭼﮕﻮﻧﮕﯽ ﻗﻮاﻋﺪ اﯾﻦ ﻧﺎم ﮔﺬاري ﻫﺎ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻣﻄﺎﻟﻌﻪ آزﻣﺎﯾﺶ 2.1 و اﺗﺼﺎل ﺑﻪ ﮐﻨﺴﻮل دﺳﺘﮕﺎه‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺷﻨﺎﺳﺎﯾﯽ ﻧﮕﺎرش و ﻣﺸﺨﺼﻪ ﻫﺎي ‪ IOS‬در ﺣﺎل اﺟﺮا‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫راﻫﻬﺎي ﻣﺘﻌﺪدي ﺑﺮاي ﺷﻨﺎﺳﺎﯾﯽ ‪ IOS‬در ﺣﺎل اﺟﺮا روي ادوات ﺳﯿﺴﮑﻮ وﺟﻮد دارد . اوﻟﯿﻦ راه ، ﻣﻄﺎﻟﻌﻪ ﭘﯿﺎﻣﻬﺎي‬ ‫ﺳﯿﺴﺘﻤﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت اﺳﺖ.ﻃﯽ اﯾﻦ ﻓﺮاﯾﻨﺪ ﻧﺎم ‪ Image‬ﻓﺎﯾﻞ ﺑﺎرﮔﺬاري ﺷﺪه از ﻓﻠﺶ ﻧﻤﺎﯾﺶ داده ﻣﯿﺸﻮد ﮐﻪ ﻧﺸﺎﻧﮕﺮ ﻧﺎم‬ ‫ﻓﺎﯾﻞ ‪ IOS‬ﻣﻮرد ﻧﻈﺮ اﺳﺖ اﯾﻦ ﻧﺎم ﺑﯿﺎﻧﮕﺮ ﺷﻤﺎره ﻧﮕﺎرش ‪ IOS‬و ‪ Feature Set‬ﯾﺎ ﻣﺸﺨﺼﻪ ﻫﺎي ﻓﻨﯽ ‪ IOS‬ﻣﻮرد ﻧﻈﺮ ﻣﯽ‬ ‫ﺑﺎﺷﺪ.‬ ‫در ﻟﯿﺴﺖ زﯾﺮ ﺑﺨﺸﯽ از اﻃﻼﻋﺎت ﻧﻤﺎﯾﺶ داده ﺷﺪه ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت را ﻣﺸﺎﻫﺪه ﻣﯽ ﮐﻨﯿﺪ ﮐﻪ از ﻃﺮﯾﻖ آن ﻣﯿﺘﻮان ﺑﻪ‬ ‫ﻧﮕﺎرش ‪ IOS‬و ﻣﺸﺨﺼﻪ ﻫﺎي ﻧﺴﺨﻪ در ﺣﺎل اﺳﺘﻔﺎده ﭘﯽ ﺑﺮد.‬ ‫‪Cisco Internetwork Operating System Software‬‬ ‫092 ‪Page 23 of‬‬
  • 25.
    IOS (tm) 3600Software (C3620-IK9O3S7-M), Version 12.3(25), RELEASE SOFTWARE (fc1) ‫ ﺗﻮﺟﻪ ﮐﻨﯿﺪ.اﯾﻦ ﻋﺒﺎرت ﺑﯿﺎﻧﮕﺮ وﯾﮋﮔﯿﻬﺎ و ﻧﻮع ﺑﺎرﮔﺬاري)در اداﻣﻪ ﺗﻮﺿﯿﺢ داده‬C3620-IK9O3S7-M ‫در ﺧﻂ دوم ﺑﻪ‬ .‫ در ﺣﺎل ﺑﺎرﮔﺬاري اﺳﺖ.در اداﻣﻪ آن ﺷﻤﺎره ﻧﮕﺎرش ﻧﻤﺎﯾﺶ داده ﺷﺪه اﺳﺖ‬IOS (‫ﺧﻮاﻫﺪ ﺷﺪ‬ ‫ اﺳﺖ.اﯾﻦ دﺳﺘﻮر اﻃﻼﻋﺎت‬Show Version ‫ اﺳﺘﻔﺎده از دﺳﺘﻮر‬IOS ‫راﯾﺞ ﺗﺮﯾﻦ راه ﺑﻪ دﺳﺖ آوردن ﻣﺸﺨﺼﻪ ﻫﺎي‬ ‫ و ﻣﺠﻤﻮﻋﻪ وﯾﮋﮔﯿﻬﺎي ان ﻫﻤﯿﻨﻄﻮر اﻃﻼﻋﺎت ﺳﺨﺖ اﻓﺰاري ﻣﺮﺗﺒﻂ ﺑﺎ دﺳﺘﮕﺎه ﻣﻮرد‬IOS ‫ﻣﺨﺘﻠﻔﯽ درﻣﻮرد ﺷﻤﺎره ﻧﮕﺎرش‬ .‫اﺳﺘﻔﺎده را ﻧﺸﺎن ﻣﯽ دﻫﺪ‬ ‫ﻟﯿﺴﺖ زﯾﺮ ﺧﺮوﺟﯽ اﯾﻦ دﺳﺘﻮر را ﺑﺮ روي روﺗﺮ 0263 ﻧﺸﺎن ﻣﯿﺪﻫﺪ‬ Router#show version Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-IK9O3S7-M), Version 12.3(25), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 28-Jan-08 20:16 by alnguyen ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Router uptime is 23 minutes System returned to ROM by reload System image file is "flash:c3620-ik9o3s7-mz.123-25.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco 3620 (R4700) processor (revision 0x81) with 60416K/5120K bytes of memory. Processor board ID 24807256 R4700 CPU at 80MHz, Implementation 33, Rev 1.0 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 32 terminal line(s) DRAM configuration is 32 bits wide with parity disabled. 29K bytes of non-volatile configuration memory. 32768K bytes of processor board System flash (Read/Write) Page 24 of 290
  • 26.
    Configuration register is0x2102 Router# ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ از ﺧﺮوﺟﯽ ﺑﺮﻣﯽ آﯾﺪ ﺧﻂ ﻫﺎي 2و3و4 ﻫﻤﺎﻧﻨﺪ اﻃﻼﻋﺎت اﺧﺬ ﺷﺪه از ﻓﺮاﯾﻨﺪ ﺑﻮت ﻣﯽ ﺑﺎﺷﻨﺪ و ﺗﻔﺎوﺗﯽ ﻣﺸﺎﻫﺪ‬ “flash:c3620-ik9o3s7-mz.123- ‫ﻧﻤﯽ ﺷﻮد.در ﺧﻂ 31 ﺧﻮاﻫﯿﺪ دﯾﺪ ﮐﻪ ﻓﺎﯾﻠﯽ ﮐﻪ ﺳﯿﺴﺘﻢ از آن ﺑﻮت ﺷﺪه اﺳﺖ‬ .‫ ﻓﺎﯾﻠﯽ اﺳﺖ ﮐﻪ در ﺣﺎل ﺣﺎﺿﺮ روﺗﺮ ﺑﺮ ﻣﺒﻨﺎي آن ﮐﺎر ﻣﯿﮑﻨﺪ‬Image ‫.52 ﻧﺎم دارد اﯾﻦ ﻧﺎم واﻗﻌﯽ‬bin” ‫ ﺑﻮد.اﯾﻦ ﻗﻮاﻋﺪ ﻧﺎم ﮔﺬاري‬IOS ‫ﻗﺒﻞ از ﻧﮕﺎرش 4.21 ﺳﯿﺴﮑﻮ داراي ﻣﮑﺎﻧﯿﺰم ﻧﺎم ﮔﺬاري ﭘﯿﭽﯿﺪه اي ﺑﺮاي ﺑﯿﺎن وﯾﮋﮔﯿﻬﺎي‬ .‫ ﺑﻮد‬IOS ‫ﻣﺸﺘﻤﻞ ﺑﺮ ﺣﺮوﻓﯽ ﺑﻮدﻧﺪ ﮐﻪ ﻫﺮﯾﮏ ﺑﯿﺎﻧﮕﺮ وﯾﮋﮔﯽ ﺧﺎﺻﯽ در‬ .‫ﺟﺪول زﯾﺮ ﺷﺎﻣﻞ ﺣﺮوف و ﮐﺎراﮐﺘﺮﻫﺎي ﺷﻨﺎﺳﺎﯾﯽ اﺳﺖ ﮐﻪ ﭘﯿﺶ از ﻧﺴﺨﻪ 4.21 از آن اﺳﺘﻔﺎده ﻣﯿﺸﺪ‬ I Y S S6 S7 J O K K8 K9 X G C *C B N V *V R U P Telco Boot IP IP on 1700 Series Routers IP Plus IP Plus – No ATM IP Plus – No Voice Enterprise IOS Firewall/Intrusion Detection Cryptography/IPSEC/SSH 56Bit DES Encryption (Weak Cryptography) Triple DES / AES Encryption (Strong Cryptography) H323 Service Selection Gateway (SSG) Remote Access Server Can also be Packet Data Serving Node (PDSN) Apple Talk Novel IP/IPX VOX This can be Video Feature set as well in the near future. IBM Unlawful Intercept Service Provider Services Telecommunications Feature Set Boot Image (Used on high end MSR’s such as 7200 Series) IOS ‫ﺟﺪول 1.2-ﻧﺸﺎﻧﮕﺮﻫﺎي ﺑﯿﺎﻧﮕﺮ وﯾﮋﮔﯿﻬﺎي ﻓﻨﯽ‬ ‫ ﻣﺜﺎل ﺧﻮدﻣﺎن ﻣﯿﮑﻨﯿﻢ. ﻧﺎم ﻓﺎﯾﻞ ﻣﺬﺑﻮر‬IOS ‫اﮐﻨﻮن ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻗﻮاﻋﺪ ﻓﻮق اﻗﺪام ﺑﻪ ﺷﻨﺎﺳﺎﯾﯽ ﻣﺸﺨﺼﻪ ﻫﺎي‬ :‫ ﺑﻮد ﮐﻪ ﺑﺎ ﺷﮑﺴﺖ ان ﺑﻪ اﺟﺰاي ﺗﺸﮑﯿﻞ دﻫﻨﺪه ﺧﻮاﻫﯿﻢ داﺷﺖ‬flash:c3620-ik9o3s7-mz.123-25.bin Page 25 of 290
  • 27.
    ‫در ﻗﺪم ﺑﻌﺪيﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺟﺪول ﺑﺎﻻ ﻣﺸﺨﺼﻪ ﻫﺎي ‪ IOS‬را ﺷﻨﺎﺳﺎﯾﯽ ﻣﯿﮑﻨﯿﻢ‬ ‫‪i = IP‬‬ ‫)‪k9 = Strong Cryptography (3DES / AES‬‬ ‫‪o3 = IOS Firewall/Intrusion Detection‬‬ ‫)‪s7 = Plus (7 = No Voice‬‬ ‫ﺑﯿﺸﺘﺮ ‪ Image‬ﻓﺎﯾﻠﻬﺎي ‪ IOS‬در ﻧﺤﻮه ﺑﺎرﮔﺬاري و ﻓﺸﺮدﮔﯽ ﺑﺎ ﻫﻢ ﺗﻔﺎوت دارﻧﺪ.اﯾﻦ دو ﻣﺸﺨﺼﻪ ﻧﯿﺰ در ﻓﺮاﯾﻨﺪ ﻧﺎم ﮔﺬاري‬ ‫‪ IOS‬ﻟﺤﺎظ ﺷﺪه اﺳﺖ ﺑﺎ دﻗﺖ ﺑﻪ ﺳﺎﺧﺘﺎر ﺗﻔﮑﯿﮏ ﺷﺪه ﻗﺒﻞ درﺧﺼﻮص ﻧﺤﻮه ﻓﺸﺮده ﺳﺎزي و ﺑﺎرﮔﺬاري و ﻣﺮاﺟﻌﻪ ﺑﻪ‬ ‫ﺟﺪول زﯾﺮ در ﺧﻮاﻫﯿﻢ ﯾﺎﻓﺖ ﮐﻪ ‪ image‬ﻣﻮرد ﻧﻈﺮ ﻣﺎ از ﻓﺸﺮه ﺳﺎزي ‪ Zip‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ و ﺑﺎرﮔﺬاري آن ﻧﯿﺰ از ‪RAM‬‬ ‫ﺻﻮرت ﻣﯽ ﮔﯿﺮد.‬ ‫.‪The image executes from Flash memory‬‬ ‫.‪The image executes from RAM‬‬ ‫‪The image executes from ROM‬‬ ‫.‪The image is relocatable‬‬ ‫.‪The image is compressed using ZIP format‬‬ ‫.‪The image is compressed using MZIP format‬‬ ‫.‪The image is compressed using STAC format‬‬ ‫‪f‬‬ ‫‪m‬‬ ‫‪r‬‬ ‫‪l‬‬ ‫‪z‬‬ ‫‪x‬‬ ‫‪w‬‬ ‫ﺟﺪول 2.2-ﻧﺸﺎﻧﮕﺮﻫﺎي ﻓﺸﺮه ﺳﺎزي و ﺑﺎرﮔﺬاري‬ ‫از ﻧﮕﺎرش 4.21 ﺑﻪ ﺑﻌﺪ ﺳﯿﺴﮑﻮ ﻗﺮارداد ﺟﺪﯾﺪي را ﺑﺮاي ﻧﺎم ﮔﺬاري ﻣﺠﻤﻮﻋﻪ ﻣﺸﺨﺼﻪ ﻫﺎي ‪ IOS‬ﻣﻌﺮﻓﯽ ﮐﺮد.اﯾﻦ ﻗﺮارداد‬ ‫ﺟﺪﯾﺪ در ﻧﮕﺎرش 3.21 آﻏﺎز ﺷﺪ و اوﻟﯿﻦ در ﻧﮕﺎرش 4.21 ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﮔﺮﻓﺖ‬ ‫092 ‪Page 26 of‬‬
  • 28.
    ‫ﺷﮑﻞ زﯾﺮ درﺑﺮدارﻧﺪهاﺻﻮل ﺟﺪﯾﺪ ﻧﺎم ﮔﺬاري ‪ IOS‬ﻫﺎي ﺳﯿﺴﮑﻮ از ﻧﺴﺨﻪ ‪ 12.3T‬ﺑﻪ ﺑﺎﻻ اﺳﺖ‬ ‫ﺗﺼﻮﯾﺮ 1.2-ﻗﺮارداد ﺟﺪﯾﺪ ﻧﺎم ﮔﺬاري ‪ IOS‬روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ‬ ‫ﺑﺎ ﺣﺮﮐﺖ از ﭘﺎﯾﯿﻦ ﺑﺎ ﺑﺎﻻي درﺧﺖ ﻓﻮق در ﻣﯿﺎﺑﯿﻢ ﮐﻪ ‪ IP Base‬اﯾﻤﯿﺞ ﭘﺎﯾﻪ اﺳﺖ،از اﯾﻦ اﯾﻤﯿﺞ ﭘﺎﯾﻪ ‪ IP Voice‬ﺳﺎﺧﺘﻪ‬ ‫ﻣﯿﺸﻮد و ﭘﺲ از ان دو ﺷﺎﺧﻪ اﺻﻠﯽ ‪ Advanced Security‬و ‪ Enterprise Base‬را ﺧﻮاﻫﯿﻢ داﺷﺖ.‬ ‫‪ IP Voice‬ﻫﻤﭽﻨﯿﻦ داراي ﻗﺎﺑﻠﯿﺖ ارﺗﻘﺎء ﺑﻪ ﺳﺮوﯾﺴﻬﺎي ‪ Service Provider‬اﺳﺖ ﻣﺸﺘﻤﻞ ﺑﺮ ﻣﺸﺨﺼﻪ ﻫﺎي ‪SP‬‬ ‫‪ Services‬و ‪ IP Voice‬و ‪.IP Base‬‬ ‫ﻓﻘﻂ اﯾﻤﯿﺞ ﻫﺎي ”‪ “Advanced‬داراي ﻣﺸﺨﺼﻪ رﻣﺰ ﻧﮕﺎري )‪ Advanced Encryption Standard (AES‬ﻫﺴﺘﻨﺪ.‬ ‫ﺧﻼﺻﻪ ﻗﺮاردادﻫﺎي ﺟﺪﯾﺪ ﻧﺎم ﮔﺬاري را در ﮔﺮوه ﻫﺎي زﯾﺮ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ‬ ‫‪‬‬ ‫‪‬‬ ‫‪ : Base‬اﯾﻤﯿﺞ ﭘﺎﯾﻪ ﺑﺎ ﻣﺸﺨﺼﻪ ‪IP Base, Enterprise Base‬‬ ‫‪ : Services‬ﻣﻌﺮف ﺳﺮوﯾﺴﻬﺎي ﭘﯿﺸﺮﻓﺘﻪ ‪ Voice over Frame Relay and Atm ، MPLS ، Voice‬ﺑﺎ‬ ‫ﻣﺸﺨﺼﻪ ‪SP Services, Enterprise Services‬‬ ‫‪‬‬ ‫‪ : Advanced‬ﻣﻌﺮف ﻗﺎﺑﻠﯿﺘﻬﺎي ‪Intrusion ، IPSec، 3DES encryption،Cisco IOS Firewall ، Vpn‬‬ ‫‪‬‬ ‫‪ :Enterprise‬ﻣﻌﺮف ﭘﺮوﺗﮑﻠﻬﺎي اﺿﺎﻓﻪ اي ﻫﻤﭽﻮن ‪ Ipx,Apple talk‬ﺑﺎ ﻣﺸﺨﺼﻪ ‪Enterprise Base‬و‬ ‫)‪ Detection Systems (IDS‬ﺑﺎ ﻣﺸﺨﺼﻪ ‪Advanced Security, Advanced IP Services‬‬ ‫‪ Enterprise Services‬اﺳﺖ.‬ ‫092 ‪Page 27 of‬‬
  • 29.
    ‫دﻗﯿﻘﺎ ﻣﺎﻧﻨﺪ روﺗﺮﻫﺎﺑﺮاي ﺳﻮﯾﯿﭻ ﻫﺎ ﻧﯿﺰ ﭼﻨﯿﻦ ﻗﻮاﻋﺪ ﻧﺎم ﮔﺬاري وﺟﻮد دارﻧﺪ.‬ ‫ﺷﮑﻞ 2.2- ﻗﻮاﻧﯿﻦ ﻧﺎم ﮔﺬاري ﺟﺪﯾﺪ ‪ IOS‬ﺳﻮﯾﯿﭻ ﻫﺎي ﺳﯿﺴﮑﻮ‬ ‫در ﺳﻄﺮﻫﺎي زﯾﺮ ﻧﺎم ﺗﻌﺪادي از اﯾﻤﯿﺞ ﻫﺎي ‪ IOS‬روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ، ﻣﻄﺎﺑﻖ ﺑﺎ ﻗﻮاﻧﯿﻦ ﺟﺪﯾﺪ ﻧﺎم ﮔﺬاري را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ ‫‪‬‬ ‫روﺗﺮ 0082‬ ‫‪‬‬ ‫ﺳﻮﯾﯿﭻ 0573 ‪Catalyst‬‬ ‫‪c2800nm-adventerprisek9-mz.124-21.bin‬‬ ‫‪c2800nm-ipbase-mz.124-21.bin‬‬ ‫‪c3750-advipservicesk9-mz.122-44.SE.bin‬‬ ‫‪c3750-ipservicesk9-mz.122-44.SE.bin‬‬ ‫‪c3750-ipbase-mz.122-44.SE.bin‬‬ ‫‪IP Base‬‬ ‫رﺳﻤﺎ ﺑﻪ ﻋﻨﻮان )‪ Standard Multilayer Image (SMI‬روي ﺳﻮﯾﯿﭽﻬﺎ ﺳﺮي 0553 ﺷﻨﺎﺧﺘﻪ ﻣﯿﺸﻮد. اﯾﻦ ﺷﻨﺎﺳﻪ ﻧﺎم‬ ‫ﺑﯿﺎﻧﮕﺮ وﯾﮋﮔﯿﻬﺎﯾﯽ ﻫﻤﭽﻮن ‪ Advanced Qos-Rate limiting-Acls-static routing ,Rip‬ﻣﯽ ﺑﺎﺷﻨﺪ.‬ ‫‪IP Service‬‬ ‫092 ‪Page 28 of‬‬
  • 30.
    ‫رﺳﻤﺎ ﺑﻪ ﻋﻨﻮان)‪ Enhanced Multilayer Image (EMI‬روي ﺳﻮﯾﯿﭽﻬﺎي 0553 ﺷﻨﺎﺧﺘﻪ ﻣﯿﺸﻮد.داراي ﻣﺸﺨﺼﻪ ﻫﺎي‬ ‫ﻓﻨﯽ ﺑﯿﺸﺘﺮي ﻫﻤﭽﻮن ‪hardware-based IP Unicast and IP Multicast -enterprise class routing‬‬ ‫‪routing‬و )‪ policy based routing (PBR‬اﺳﺖ‬ ‫‪Advanced IP Services‬‬ ‫اﯾﻦ ﻣﺸﺨﺼﻪ از ﻃﺮﯾﻖ ﭘﺮداﺧﺖ ﻫﺰﯾﻨﻪ ﻣﺠﺰاي ﺧﺮﯾﺪ ﻻﯾﺴﻨﺲ ﻗﺎﺑﻞ ﺗﻬﯿﻪ اﺳﺖ . داراي وﯾﮋﮔﯿﻬﺎﯾﯽ ﻫﻤﭽﻮن 6‪Ipv‬‬ ‫‪ Routing‬و ‪ Ipv6 ACL support‬اﺳﺖ.‬ ‫‪Enterprise Services & Advanced Enterprise Services‬‬ ‫ﺣﺎوي ﺗﻤﺎم وﯾﮋﮔﯿﻬﺎي ﻗﺎﺑﻞ ﭘﺸﺘﯿﺒﺎﻧﯽ ﺗﻮﺳﻂ ﭘﻠﺘﻔﺮم ﻣﻮرد ﻧﻈﺮ ﻫﺴﺘﻨﺪ ﻫﻤﯿﻨﻄﻮر ﮔﺮاﻧﺘﺮﯾﻦ از ﻟﺤﺎظ ﻻﯾﺴﻨﺲ ﻣﺤﺴﻮب‬ ‫ﻣﯿﺸﻮﻧﺪ.اﯾﻦ ﺳﺮي از ‪ IOS‬ﻫﺎ ﺗﻨﻬﺎ ﺑﺮ روي ﺳﻮﯾﭽﻬﺎي ﻣﺎژوﻻر ﺳﺮي 0054 ، 0094 و 0056 ﻗﺎﺑﻞ ﻧﺼﺐ ﻫﺴﺘﻨﺪ‬ ‫در ﺳﻄﺮﻫﺎي زﯾﺮ ﺗﻌﺪادي از ﺳﻮﯾﯿﭽﻬﺎ ﻣﻌﻤﻮل ﺑﻪ ﻫﻤﺮاه ﻣﺸﺨﺼﻪ ﻻﯾﺴﻨﺲ ﻫﻤﺮاه ﺑﺎ آﻧﻬﺎ را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ ‫)‪C3560-24PS-S = Cisco 3560 Series 24 Ports PoE with Standard Image (IP Base‬‬ ‫)‪C3750-48TS-E = Cisco 3750 Series 48 Port Non-PoE with Enhanced Image (IP Services‬‬ ‫از آﻧﺠﺎﯾﯽ ﮐﻪ ﺳﻮﯾﯿﭽﻬﺎي ﺳﺮي 0692 ﺑﻪ ﺻﻮرت ﻻﯾﻪ دو ﻓﻌﺎﻟﯿﺖ ﻣﯿﮑﻨﻨﺪ از ﻣﺪل ﻻﯾﺴﻨﺲ ﻣﺘﻔﺎوﺗﯽ ﭘﯿﺮوي ﻣﯿﮑﻨﻨﺪ.اﯾﻦ‬ ‫ﻣﺪل ﻻﯾﺴﻨﺲ ﻣﺎﻧﻨﺪ ﺳﺮوي 0592 ﺷﺎﻣﻞ دو ﮔﺮوه ﻣﺸﺨﺼﻪ اﺻﻠﯽ ﻣﯿﺒﺎﺷﺪ ﺑﻪ ﻧﺎﻣﻬﺎي ‪Standard Image‬و ‪Enhanced‬‬ ‫‪ Image‬اﻣﺎ ﮔﺮوه ﻣﺸﺨﺼﻪ ﻫﺎي ﺟﺪﯾﺪ اﯾﻦ ﺳﺮي ‪ Lan based‬و ‪ Lan Lite‬ﻧﺎم دارﻧﺪ.اﯾﻦ ﮔﺮوه ﻣﺸﺨﺼﻪ ﻫﺎي ﺟﺪﯾﺪ‬ ‫وﯾﮋﮔﯿﻬﺎي ﻣﺘﻔﺎوﺗﯽ ﻫﻤﭽﻮن ‪Qos,Gigabit Ethernet,Rps,Rstp,Linkstate tracking,Dot1x,Dhcp snooping‬‬ ‫و ﺑﺴﯿﺎري وﯾﮋﮔﯿﻬﺎي ﺟﺪﯾﺪ را ﺑﺮاي ﺳﺮي 0692 ﺑﻪ ارﻣﻐﺎن ﻣﯽ آورد.‬ ‫اﻣﺮوزه و ﺑﺎ ﻣﻌﺮﻓﯽ 0.51 ‪ IOS‬ﺑﻪ ﺑﻌﺪ ﻧﺴﻞ ﺟﺪﯾﺪ از ‪ IOS‬ﺗﺤﺖ ﻧﺎم ﮐﻠﯽ ‪ Universal image‬ﻣﻌﺮﻓﯽ ﺷﺪه اﺳﺖ.ﮔﺮوه‬ ‫ﻣﺸﺨﺼﻪ ﻫﺎي اﯾﻦ ﻧﺴﻞ ﺗﻔﺎوﺗﯽ ﺑﺎ ﻧﺴﻞ ﻗﺒﻞ ﻧﺪاﺷﺘﻪ اﻣﺎ ﺑﻪ ﻣﻨﻈﻮر اﺳﺘﻔﺎده از وﯾﮋﮔﯿﻬﺎي ﻣﺘﻌﺪد اﯾﻦ ‪ IOS‬ﻣﯿﺒﺎﯾﺴﺖ ﻫﺮ‬ ‫ﮔﺮوه از آﻧﻬﺎ را از ﻃﺮﯾﻖ ﻻﯾﺴﻨﺲ ﻓﺎﯾﻞ در ﻣﺤﻞ ‪ NVRAM‬ﻓﻌﺎل ﮐﺮد.ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت، ‪ IOS‬ﺑﻪ دﻧﺒﺎل ﻓﺎﯾﻞ ﻻﯾﺴﻨﺲ‬ ‫ﻣﯿﮕﺮدد و ﭘﺲ از ﯾﺎﻓﺘﻦ آن وﯾﮋﮔﯿﻬﺎي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﻻﯾﺴﻨﺴﯽ را ﮐﻪ ﺧﺮﯾﺪاري ﺷﺪه اﺳﺖ را ا ﻓﻌﺎل ﻣﯿﮑﻨﺪ.ﻫﺮ ﻻﯾﺴﻨﺲ‬ ‫ﻓﺎﯾﻠﯽ ﻣﺘﻌﻠﻖ ﺑﻪ ﺷﻤﺎره ﺳﺮﯾﺎل ﭘﻠﺘﻔﺮم اﺧﺘﺼﺎﺻﯽ ﺧﻮد ﻣﯽ ﺑﺎﺷﺪ ﺑﻪ اﯾﻦ ﻣﻌﻨﯽ ﮐﻪ ﻗﺎﺑﻞ اﻧﺘﻘﺎل)ﮐﭙﯽ!( ﺑﻪ ﭘﻠﺘﻔﺮم دﯾﮕﺮ‬ ‫ﻧﯿﺴﺘﻨﺪ.‬ ‫092 ‪Page 29 of‬‬
  • 31.
    ‫ﻧﺴﻞ ﺟﺪﯾﺪ روﺗﺮﻫﺎيﺳﯿﺴﮑﻮ ﻣﺎﻧﻨﺪ ﺳﺮي 0091 و 0092 و0093 ﻫﻤﮕﯽ از ﯾﮏ ‪ Unevirsal image‬ﻓﺎﯾﻞ ﻣﺸﺘﺮك‬ ‫اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ و ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻧﻮع وﯾﮋﮔﯿﻬﺎي ﮐﻪ اراﺋﻪ ﺧﻮاﻫﻨﺪ ﮐﺮد ﻧﯿﺎزﻣﻨﺪ ﻻﯾﺴﻨﺲ ﻣﺮﺗﺒﻂ ﻫﺴﺘﻨﺪ.اﯾﻦ وﯾﮋﮔﯽ ﻫﻤﭽﻨﯿﻦ‬ ‫ﺑﺮ روي ﺳﻮﯾﯿﭽﻬﺎي ‪ 3560E, 3750E‬ﭘﯿﺎده ﺷﺪه اﺳﺖ.‬ ‫ﻣﺜﺎل:‬ ‫‪c3560e-universalk9-mz.122-50.SE2.bin‬‬ ‫‪c3750e-universalk9-mz.122-50.SE2.bin‬‬ ‫‪c3900-universalk9-mz.150-1M.bin‬‬ ‫092 ‪Page 30 of‬‬
  • 32.
    ‫آزﻣﺎﯾﺶ ٤.١ –ﺗﻨﻈﻤﯿﺎت ﭘﺎﯾﮫ اﮐﺴﺲ ﺳﺮور ﻣﻮرد اﺳﺘﻔﺎده در آزﻣﺎﯾﺸﮕﺎه‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﯾﮏ دﺳﺘﮕﺎه اﮐﺴﺲ ﺳﺮور را ﺑﺎ ﻫﺪف دﺳﺘﺮﺳﯽ ﺑﻪ ﻫﻤﻪ ﺳﻮﯾﯿﭽﻬﺎ و روﺗﺮﻫﺎي ﻣﻮرد اﺳﺘﻔﺎده در اﯾﻦ‬ ‫آزﻣﺎﯾﺸﮕﺎه و ﻣﺪﯾﺮﯾﺖ آﻧﻬﺎ از ﯾﮏ ﻧﻘﻄﻪ ﻣﺮﮐﺰي ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ.‬ ‫ﺗﻮﺿﯿﺢ:در ﺻﻮرﺗﯿﮑﻪ ﺑﺎ ﺗﻨﻈﯿﻤﺎت ﻣﺮﺗﺒﻂ ﺑﺎ روﺗﺮﻫﺎ آﺷﻨﺎﯾﯽ ﻧﺪارﯾﺪ ﻣﯿﺘﻮان از اﯾﻦ ﻣﺒﺤﺚ ﻋﺒﻮر ﮐﺮد و ﭘﺲ از آﺷﻨﺎﯾﯽ‬ ‫ﻣﺠﺪدا ﺑﻪ آن ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻋﻤﻮﻣﺎ در ﺳﺎزﻣﺎﻧﻬﺎﯾﯽ ﮐﻪ داراي ﺗﻌﺪاد زﯾﺎدي ادوات ﺳﯿﺴﮑﻮ ﻫﺴﺘﻨﺪ از اﮐﺴﺲ ﺳﺮور ﺟﻬﺖ دﺳﺘﺮﺳﯽ و ﻣﺪﯾﺮﯾﺖ ﻣﺮﮐﺰي‬ ‫اﯾﻦ ادوات ﺑﻪ ﺟﺎي اﺗﺼﺎل ﻣﺠﺰا ﺑﻪ ﻫﺮ ﯾﮏ از اﯾﻦ ادوات اﺳﺘﻔﺎده ﻣﯿﺸﻮد. اﻣﻮري ﻫﻤﭽﻮن اﻋﻤﺎل ﮐﺎﻧﻔﯿﮕﻬﺎي روزﻣﺮه ﺗﺎ ﺑﻮت‬ ‫ﺑﻪ ﻣﺤﯿﻂ ‪ Rommon‬ﺟﻬﺖ ﭘﺴﻮرد رﯾﮑﺎوري ،ارﺗﻘﺎء ‪ IOS‬و ﺑﺴﯿﺎري دﯾﮕﺮ را از اﯾﻦ ﻃﺮﯾﻖ ﻣﯿﺘﻮان اﻧﺠﺎم داد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﮑﻤﯿﻞ آزﻣﺎﯾﺶ 2.1 و ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ اﮐﺴﺲ ﺳﺮور‬ ‫اﺗﺼﺎل ‪ Async Line‬ﻫﺎي اﮐﺴﺲ ﺳﺮور ﺑﻪ ادوات ﻣﺘﻨﺎﻇﺮ ﺑﻪ ﺷﺮح زﯾﺮ :‬ ‫1 ‪Line 1 – Router‬‬ ‫2 ‪Line 2 – Router‬‬ ‫3 ‪Line 3 – Router‬‬ ‫4 ‪Line 4 – Router‬‬ ‫5 ‪Line 5 – Router‬‬ ‫6 ‪Line 6 – Router‬‬ ‫1 ‪Line 7 – Switch‬‬ ‫2 ‪Line 8 – Switch‬‬ ‫3 ‪Line 9 – Switch‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ ‪ Hostname‬ﺑﻪ اﮐﺴﺲ ﺳﺮور‬ ‫اﯾﺠﺎد ﯾﮏ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺟﻬﺖ ﺑﺮﻗﺮاري ‪ Telnet‬از ﺳﻤﺖ آن ﺑﻪ ﺳﺎﯾﺮ ادوات‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﺟﺪول ‪ IP Host‬ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻫﺎي ‪ Telnet‬ﻣﻌﮑﻮس روي ﺧﻄﻮط ‪Async‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﺧﻄﻮط ‪ Async‬ﺑﻪ ﻣﻨﻈﻮر ﺟﻠﻮﮔﯿﺮي از اﯾﺠﺎد ‪ Exec session‬ﺑﺎ اﮐﺴﺲ ﺳﺮور‬ ‫‪‬‬ ‫ﻓﻌﺎل ﮐﺮدن ﻗﺎﺑﻠﯿﺖ ‪ Telnet‬روي ﺧﻄﻮط ‪async‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫092 ‪Page 31 of‬‬
  • 33.
    ‫ ﺑﻪ اﮐﺴﺲﺳﺮور‬Hostname ‫ﺗﺨﺼﯿﺺ‬ Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z Router(config)#hostname Access_Server Access_Server(config)# ‫ از ﺳﻤﺖ آن ﺑﻪ ﺳﺎﯾﺮ ادوات‬Telnet ‫اﯾﺠﺎد ﯾﮏ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺟﻬﺖ ﺑﺮﻗﺮاري‬ Access_Server(config)#interface loopback 0 Access_Server(config-if)#ip address 10.10.10.10 255.255.255.255 Access_Server(config-if)#exit Access_Server(config)# Async ‫ ﻣﻌﮑﻮس روي ﺧﻄﻮط‬Telnet ‫ ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻫﺎي‬IP Host ‫ﺗﻨﻈﯿﻢ ﺟﺪول‬ Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip Access_Server(config)#ip host host host host host host host host host r1 2001 10.10.10.10 r2 2002 10.10.10.10 r3 2003 10.10.10.10 r4 2004 10.10.10.10 r5 2005 10.10.10.10 r6 2006 10.10.10.10 sw1 2007 10.10.10.10 sw2 2008 10.10.10.10 sw3 2009 10.10.10.10 ‫ ﺑﺎ اﮐﺴﺲ ﺳﺮور‬Exec session ‫ ﺑﻬﻢ ﻣﻨﻈﻮر ﺟﻠﻮﮔﯿﺮي از اﯾﺠﺎد‬Async ‫ﺗﻨﻈﯿﻢ ﺧﻄﻮط‬ Access_Server(config)#line 1 16 Access_Server(config-line)#no exec async ‫ روي ﺧﻄﻮط‬Telnet ‫ﻓﻌﺎل ﮐﺮدن ﻗﺎﺑﻠﯿﺖ‬ Access_Server(config-line)#transport input telnet ‫ﭘﺲ از ﮐﺎﻧﻔﯿﮓ دﺳﺘﮕﺎه ﺗﮏ ﺗﮏ ﺧﻄﻮط اﻧﺮا ﺟﻬﺖ ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺻﺤﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ﺗﻤﺎس آن ﺑﺎ ادوات ﻣﺘﻨﺎﻇﺮ‬ .‫ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ‬ Access_Server#r1 Trying r1 (10.10.10.10, 2037)… Open % Please answer ‘yes’ or ‘no’. Would you like to enter the initial configuration dialog? [yes/no]: Page 32 of 290
  • 34.
    ‫ﺟﻬﺖ ﺑﺮرﺳﯽ ﻣﺸﮑﻼتاﺣﺘﻤﺎﻟﯽ در ﮐﺎﻧﻔﯿﮓ دﺳﺘﮕﺎه ، دﺳﺘﻮرات ﻣﺘﻌﺪدي ﺟﻬﺖ ﯾﺎﻓﺘﻦ و رﻓﻊ اﻧﻬﺎ وﺟﻮد دارد ﻣﺎﻧﻨﺪ‬ ‫دﺳﺘﻮر زﯾﺮ‬ Access_Server#show host Default domain is not set Name/address lookup uses domain service Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent NA - Not Applicable None - Not defined Host Port r1 r2 r3 r4 r5 r6 sw1 sw2 sw3 2001 2002 2003 2004 2005 2006 2007 2008 2009 Flags (perm, (perm, (perm, (perm, (perm, (perm, (perm, (perm, (perm, OK) OK) OK) OK) OK) OK) OK) OK) OK) Age 0 0 0 0 0 0 0 0 0 Type IP IP IP IP IP IP IP IP IP Address(es) 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 10.10.10.10 Access_Server # ‫ ﮐﻪ اﻃﻼﻋﺎت ارﺗﺒﺎﻃﻬﺎي ﻓﻌﺎل ﺑﺎ ادوات ﺗﺤﺖ ﻣﺪﯾﺮﯾﺖ را ﻧﺸﺎن ﻣﯿﺪﻫﺪ‬Show sessions ‫و ﯾﺎ دﺳﺘﻮر‬ Access_Server#show host Default domain is not set Name/address lookup uses domain service Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent Access_Server#show session Conn Host Address Byte Idle Conn Name * 1 r1 10.10.10.10 0 3 r1 Access_Server# Page 33 of 290
  • 35.
    ‫آزﻣﺎﯾﺶ 5.1-ﻧﺼﺐ ﺷﺒﯿﻪﺳﺎز ﮔﺮاﻓﯿﮑﯽ 3‪Gns‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﻧﺼﺐ ﻧﺮم اﻓﺰار 3‪ Gns‬ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ و ﺗﺎ ﭘﺎﯾﺎن ﻣﺒﺎﺣﺚ از اﯾﻦ اﺑﺰار ﺟﻬﺖ ﺗﺮﺳﯿﻢ و ﺷﺒﯿﻪ ﺳﺎزي‬ ‫ﺗﻮﭘﻮﻟﻮژﯾﻬﺎ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.3‪ Gns‬ﺷﺒﯿﻪ ﺳﺎز روﺗﺮﻫﺎي ﺳﺨﺖ اﻓﺰاري ﺳﯿﺴﮑﻮ اﺳﺖ و ﻗﺎدر ﺑﻪ اﺟﺮاي ‪ IOS‬ﻫﺎي‬ ‫واﻗﻌﯽ اﯾﻦ ادوات ﻣﯽ ﺑﺎﺷﺪ.3‪ Gns‬ﺑﻪ ﻋﻨﻮان اﺑﺰاري ﮐﻤﮏ آﻣﻮزﺷﯽ ﺑﺮاي اﻓﺮادي ﮐﻪ ﻋﻼﻗﻤﻨﺪ ﺑﻪ ﯾﺎدﮔﯿﺮي ﭼﮕﻮﻧﮕﯽ‬ ‫ﭘﯿﮑﺮﺑﻨﺪي ادوات ﻫﻤﯿﻨﻄﻮر اﺧﺬ ﻣﺪارك ﺳﯿﺴﮑﻮ ﻣﯽ ﺑﺎﺷﻨﺪ ﺑﻪ ﮐﺎر ﻣﯽ رود.3‪ Gns‬اﺑﺰاري اﺳﺖ ﮐﻪ ﺗﻮﺳﻂ ﺗﻤﺎم اﻓﺮادي ﮐﻪ‬ ‫ﻋﻼﻗﻤﻨﺪ ﺑﻪ ﯾﺎدﮔﯿﺮي ﻣﻔﺎﻫﯿﻢ ﻋﻤﻠﯿﺎﺗﯽ ﺳﯿﺴﮑﻮ ﻣﯽ ﺑﺎﺷﻨﺪ از ﺳﻄﺢ ‪ CCNA‬ﺗﺎ‪ CCIE‬ﺑﻪ ﮐﺎر ﻣﯽ رود.اﯾﻦ اﺑﺰار ﻣﺎﻫﯿﺘﺎ ﺑﺎ‬ ‫ﻫﺪف ﮐﻤﮏ ﺑﻪ ﻓﺮاﯾﻨﺪ آﻣﻮزش ﻣﻔﺎﻫﯿﻢ ﺳﯿﺴﮑﻮﺳﺎﺧﺘﻪ ﺷﺪ اﻣﺎ در دﻧﯿﺎي واﻗﻌﯽ ﮐﺎرﺑﺮدﻫﺎي ﻣﻬﻤﯽ از ﻗﺒﯿﻞ آزﻣﺎﯾﺶ و ﺗﺎﯾﯿﺪ‬ ‫ﺻﺤﺖ ﮐﺎﻧﻔﯿﮓ ﻫﺎي اﻧﺠﺎم ﺷﺪه روي ادوات را ﻧﯿﺰ ﺑﺎ آن ﺑﻪ اﻧﺠﺎم ﻣﯽ رﺳﺎﻧﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه ‪ PC‬ﺣﺪاﻗﻞ دوﻫﺴﺘﻪ اي ﺑﺎ ‪ 2GB RAM‬آزاد‬ ‫داﻧﻠﻮد ﻧﺮم اﻓﺰار از آدرس ‪http://www.gns3.net/download‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫داﻧﻠﻮد ﻧﺮم اﻓﺰار 3‪GNS‬‬ ‫ﻧﺼﺐ آن روي ﮐﺎﻣﭙﯿﻮﺗﺮ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﭘﺲ از داﻧﻠﻮد ﻧﺮم اﻓﺰار از آدرس ﻓﻮق ﺑﺎ ﺻﻔﺤﻪ ‪ Installation Wizard‬ﮐﻪ در ﺷﮑﻞ زﯾﺮ ﻧﻤﺎﯾﺶ داده ﺷﺪه‬ ‫اﺳﺖ روﺑﺮو ﺧﻮاﻫﯿﺪ ﺷﺪ .‬ ‫092 ‪Page 34 of‬‬
  • 36.
    ‫2. ﺑﺎ ﮐﻠﯿﮏروي دﮐﻤﻪ ‪ NEXT‬وارد ﺻﻔﺤﻪ ‪ License Agreement‬ﺧﻮاﻫﯿﻢ ﺷﺪ ﺑﺎ ﺗﺎﯾﯿﺪ آن وارد ﺻﻔﺤﻪ ﺑﻌﺪ‬ ‫ﻣﯿﺸﻮﯾﻢ‬ ‫3. ﭘﺲ از ﭘﺬﯾﺮش ‪ License Agreement‬ﺑﺎ ﭘﻨﺠﺮه ﺗﻌﯿﯿﻦ ﻧﺎم ﺑﺮاي ﭘﻮﺷﻪ ﻧﻤﺎﯾﺶ داده ﺷﺪه در ﻣﻨﻮي اﺳﺘﺎرت‬ ‫روﺑﺮو ﺧﻮاﻫﯿﻢ ﺷﺪ در ﺻﻮرت ﺗﻤﺎﯾﻞ اﯾﻦ ﻧﺎم را ﻋﻮض ﻣﯿﮑﻨﯿﻢ و ﯾﺎ ﺑﺎ ﭘﺬﯾﺮش "3‪" GNS‬روي دﮐﻤﻪ ‪NEXT‬‬ ‫ﮐﻠﯿﮏ ﻣﯿﮑﻨﯿﻢ‬ ‫092 ‪Page 35 of‬‬
  • 37.
    ‫4. در ﺻﻔﺤﻪﺑﻌﺪي ﺑﺎ ﮔﺰﯾﻨﻪ اﻧﺘﺨﺎب ﺑﺴﺘﻪ ﻫﺎي ﻧﺮم اﻓﺰاري ﻗﺎﺑﻞ ﻧﺼﺐ ﻣﻮﺟﻮد در ﻧﺼﺐ ﮐﻨﻨﺪه 3‪ GNS‬روﺑﺮو‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‪ WinPCAP‬اﺑﺰار/ﮐﺘﺎﺑﺨﺎﻧﻪ اي اﺳﺖ ﮐﻪ ﺑﺎ ﻫﺪف ‪ Packet Capture‬و ‪ packet analysis‬ﺑﻪ‬ ‫ﻫﻤﺮاه 3‪ GNS‬ﻧﺼﺐ ﻣﯿﺸﻮد.‪ Dynamips‬ﻗﻠﺐ اﯾﻦ ﻧﺮم اﻓﺰار ﻣﯽ ﺑﺎﺷﺪ و ﺷﺒﯿﻪ ﺳﺎز اﺻﻠﯽ روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ در‬ ‫واﻗﻊ اﯾﻦ اﺑﺰار اﺳﺖ،3‪ GNS‬ﺻﺮﻓﺎ ﭘﻮﺳﺘﻪ اي ﮔﺮاﻓﯿﮑﯽ اﺳﺖ ﮐﻪ ﺑﺮ روي اﯾﻦ اﯾﻦ اﺑﺰار ﺳﻮار ﺷﺪه و اﺟﺎزه ﺗﺮﺳﯿﻢ‬ ‫ﺗﻮﭘﻮﻟﻮژي و ﻣﺸﺎﻫﺪه ﻋﻤﮑﻠﺮد آﻧﺮا ﺑﻪ ﺻﻮرت ﻧﻤﺎدﯾﻦ ﻣﯽ دﻫﺪ.‪ PemuWrapper‬ﺷﺒﯿﻪ ﺳﺎز ﺳﺨﺖ اﻓﺰار ‪PIX‬‬ ‫اﺳﺖ و اﺟﺎزه ﻣﯿﺪﻫﺪ ﺗﺎ ﺷﺒﮑﻪ ﻫﺎي ﺷﺎﻣﻞ ‪ PIX‬اﻣﮑﺎن ﭘﯿﺎده ﺳﺎزي ﺑﺮ روي 3‪ GNS‬را داﺷﺘﻪ ﺑﺎﺷﻨﺪ.‬ ‫5. در ﺻﻔﺤﻪ ﺑﻌﺪ ﻣﺴﯿﺮ ﻧﺼﺐ 3‪ GNS‬ﻣﺸﺨﺺ ﺧﻮاﻫﺪ ﺷﺪ . ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض اﯾﻦ ﻣﺴﯿﺮ‬ ‫‪C:Program‬‬ ‫3‪ FilesGNS‬اﺳﺖ در ﺻﻮرت اﺳﺘﻔﺎده از وﯾﻨﺪوز 46 ﺑﯿﺘﯽ ﺑﻪ 3‪ C:Program Files (x83)GNS‬ﺗﻐﯿﯿﺮ‬ ‫ﺧﻮاﻫﺪ ﯾﺎﻓﺖ.‬ ‫6. در ﺻﻔﺤﻪ ﺑﻌﺪ ﻧﺼﺐ ﮐﻨﻨﺪه 3‪ GNS‬اﻗﺪام ﺑﻪ داﻧﻠﻮد و ﻧﺼﺐ ‪ WinPCAP‬ﻣﻄﺎﺑﻖ ﺷﮑﻞ زﯾﺮ ﺧﻮاﻫﺪ ﮐﺮد‬ ‫092 ‪Page 36 of‬‬
  • 38.
    ‫7. ﺑﺎ ﮐﻠﯿﮏروي ‪ NEXT‬وارد ﺻﻔﺤﻪ اﺻﻠﯽ ﻧﺼﺐ ‪ WinPCAP‬ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫8. در ﺻﻔﺤﻪ ﺑﻌﺪي ‪ License Agreement‬ﻣﻮرد ﭘﺬﯾﺮش ﻗﺮار ﻣﯿﮕﯿﺮد‬ ‫092 ‪Page 37 of‬‬
  • 39.
    ‫9. ﭘﺲ ازآن ﻧﺼﺐ ‪ WinpCap‬ﺑﻪ اﺗﻤﺎم ﺧﻮاﻫﺪ رﺳﯿﺪ‬ ‫01. و ﭘﺲ از آن ﻧﺼﺐ 3‪ GNS‬ﺗﮑﻤﯿﻞ ﺧﻮاﻫﺪ ﺷﺪ‬ ‫092 ‪Page 38 of‬‬
  • 40.
  • 41.
    ‫آزﻣﺎﯾﺶ 6.1-ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪدر 3‪GNS‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ ﻧﺮم اﻓﺰار 3‪ GNS‬ﮐﻪ در آزﻣﺎﯾﺸﺎت ﺑﻌﺪي ﺑﻪ ﻋﻨﻮان اﺑﺰار ﺷﺒﯿﻪ ﺳﺎزي ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬ ‫ﺧﻮاﻫﺪ ﮔﺮﻓﺖ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫3‪ GNS‬ﺑﻪ واﺳﻄﻪ ﺗﻮاﻧﻤﻨﺪي آن در ارﺗﺒﺎط ﺑﺎ ادوات واﻗﻌﯽ دﻧﯿﺎي ﺧﺎرج از ﮐﺎﻣﭙﯿﻮﺗﺮ ﺗﻮﺳﻂ ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ ﻣﻠﺰم ﺑﻪ اراﺋﻪ‬ ‫ﺣﺪاﮐﺜﺮ ﻧﺮخ ﻋﺒﻮر دﯾﺘﺎ ‪ 1KB/PS‬ﺷﺪه اﺳﺖ ﺗﺎ ﺑﻪ ﻋﻨﻮان ﺟﺎﯾﮕﺰﯾﻦ روﺗﺮ در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻠﯿﺎﺗﯽ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻧﮕﯿﺮد!‬ ‫از اﯾﻨﺮو ﺗﺒﺪﯾﻞ ﺑﻪ اﺑﺰار اﯾﺪه آﻟﯽ ﺟﻬﺖ آﻣﻮزش و ﺗﺴﺖ ﮐﺎﻧﻔﯿﮕﻬﺎ و ﺗﻮﭘﻮﻟﻮژﯾﻬﺎي ﺷﺒﮑﻪ ﻫﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ادوات ﺳﯿﺴﮑﻮ‬ ‫ﺷﺪه اﺳﺖ.در ﻃﯽ ﻓﺼﻮل آﺗﯽ از اﯾﻦ اﺑﺰار ﺟﻬﺖ ﭘﯿﺎده ﺳﺎزي ﺗﻨﻈﯿﻤﺎت روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﻣﻮرد اﺳﺘﻔﺎده در آزﻣﺎﯾﺸﺎت‬ ‫ﺑﻬﺮه ﺧﻮاﻫﯿﻢ ﺑﺮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪ ‬اﻃﻤﯿﻨﺎن از ﻧﺼﺐ 3‪ Gns‬ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﻮﺿﯿﺤﺎت آزﻣﺎﯾﺶ 5.1‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﻣﺴﯿﺮﻫﺎي ﺳﯿﺴﺘﻤﯽ و ﻣﺘﻐﯿﺮﻫﺎي داﺧﻠﯽ 3‪ gns‬ﺷﺎﻣﻞ ‪ putty‬و داﯾﺮﮐﺘﻮري ﭘﺮوژه ﻫﺎ‬ ‫ﭘﯿﮑﺮه ﺑﻨﺪي روﺗﺮﻫﺎي 5273 و 0643 ﺟﻬﺖ ﺑﮑﺎرﮔﯿﺮي ‪ 256MB RAM‬و ﻣﻌﺮﻓﯽ ‪ IOS‬ﻣﺮﺗﺒﻂ ﺑﻪ آﻧﻬﺎ ﺑﻪ ﻣﻨﻈﻮر‬ ‫اﺳﺘﻔﺎده در ﻓﺼﻮل آﺗﯽ.‬ ‫‪c3725-adventerprisek9-mz.124-15.T14.bin‬‬ ‫‪c3640-jk9o3s-mz.124-13a.bin‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﭘﺲ از اﺟﺮاي 3‪ GNS‬ﺑﺮاي اوﻟﯿﻦ ﺑﺎر ﭘﻨﺠﺮه ‪ Setup wizard‬ﻣﻄﺎﺑﻖ ﺷﮑﻞ زﯾﺮ ﻧﻤﺎﯾﺶ داده ﺧﻮاﻫﺪ ﺷﺪ.‬ ‫092 ‪Page 40 of‬‬
  • 42.
    ‫ﺗﺼﻮﯾﺮ 1.2 –ﭘﻨﺠﺮه ‪Settup wizard‬‬ ‫2. در وﺣﻠﻪ اول ﻧﯿﺎز ﺧﻮاﻫﯿﻢ داﺷﺖ ﺗﺎ ﻣﺴﯿﺮ داﯾﺮﮐﺘﻮرﯾﻬﺎي ﻣﻬﻢ ﻧﺮم اﻓﺰار را ﺗﻨﻈﯿﻢ و ﺗﺴﺖ ﮐﻨﯿﻢ.ﺑﺎ ﻓﺸﺮدن دﮐﻤﻪ‬ ‫1 در ﭘﻨﺠﺮه ‪ Setup wizard‬وارد ﭘﻨﺠﺮه زﯾﺮ ﻣﯽ ﺷﻮﯾﻢ.اﻃﻤﯿﻨﺎن ﺣﺎﺻﻞ ﮐﻨﯿﺪ ﻣﺴﯿﺮﻫﺎي ﻧﺸﺎن داده ﺷﺪه‬ ‫ﺻﺤﯿﺢ ﻫﺴﺘﻨﺪ.‪ putty‬ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﺟﻬﺖ اﺗﺼﺎل ﺗﺮﻣﯿﻨﺎﻟﯽ ﺑﻪ ﻫﻤﺮاه 3‪ GNS‬ﻧﺼﺐ ﻣﯿﺸﻮد اﻣﺎ اﮔﺮ ﺗﻤﺎﯾﻞ‬ ‫ﺑﻪ اﺳﺘﻔﺎده از ‪ SecureCrt‬را دارﯾﺪ ﺑﺎﯾﺪ ﺗﻨﻈﯿﻤﺎت ﻣﺴﯿﺮ آﻧﺮا در ﺗﺐ ”‪ “Terminal Settings‬آﯾﺘﻢ ‪terminal‬‬ ‫‪ application command string‬اﻧﺠﺎم دﻫﯿﺪ.‬ ‫ﺗﺼﻮﯾﺮ 2.2-ﭘﻨﺠﺮه ‪General Setup‬‬ ‫3. اﮐﻨﻮن ﺑﺮ روي ﻋﺒﺎرت ‪ Dynamips‬واﻗﻊ در ﭘﻨﻞ ﺳﻤﺖ راﺳﺖ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت ﮐﻠﯿﮏ ﮐﻨﯿﺪ و اﻃﻤﯿﻨﺎن ﺣﺎﺻﻞ‬ ‫ﮐﻨﯿﺪ ﻣﺴﯿﺮﻫﺎي ﻓﺎﯾﻠﻬﺎي اﺟﺮاﯾﯽ و داﯾﺮﮐﺘﻮري ﺟﺎري آن ﺻﺤﯿﺢ ﻫﺴﺘﻨﺪ. ﭘﺲ از آن روي دﮐﻤﻪ ‪Test‬‬ ‫‪ Settings‬ﮐﻠﯿﮏ ﮐﻨﯿﺪ و ﭘﺲ از ﭼﻨﺪ ﻟﺤﻈﻪ ﺑﺎ ﭘﯿﺎم ﺳﺒﺰرﻧﮓ ‪ Dynamips successfully started‬روﺑﺮو‬ ‫ﺧﻮاﻫﯿﺪ ﺷﺪ.‬ ‫092 ‪Page 41 of‬‬
  • 43.
    ‫ﺗﺼﻮﯾﺮ 3.2 –ﺑﺮرﺳﯽ ﺻﺤﺖ ﻣﺴﯿﺮ ‪Dynamips‬‬ ‫در ﻃﯽ آزﻣﺎﯾﺸﺎت و ﺑﺮرﺳﯽ ﺗﻮﭘﻮﻟﻮژﯾﻬﺎي ﻓﺼﻮل ﺑﻌﺪ ، از ‪ IOS‬ﻣﺮﺑﻮط ﺑﻪ روﺗﺮﻫﺎي 5273 و 0463 اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ‬ ‫ﮐﺮد.ﻓﺎﯾﻠﻬﺎي ﻣﺬﺑﻮر را از اﯾﻨﺘﺮﻧﺖ داﻧﻠﻮد ﮐﺮده ودر ﻣﺴﯿﺮ ‪ gns3images‬ﺗﻮﺳﻂ ‪ Winrar‬از ﺣﺎﻟﺖ ﻓﺸﺮده ﺧﺎرج‬ ‫ﺳﺎزﯾﺪ.ﺗﻮﺿﯿﺢ اﯾﻨﮑﻪ اﯾﻤﯿﺞ ﻫﺎي ‪ IOS‬ﻣﺎﻫﯿﺘﺎ ﻓﺸﺮده ﺷﺪه ﻫﺴﺘﻨﺪ ، ﺑﻪ ﻣﻨﻈﻮر ﺳﺮﯾﻌﺘﺮ ﺑﻮت ﺷﺪن روﺗﺮﻫﺎي آزﻣﺎﯾﺶ اﺑﺘﺪا‬ ‫اﻧﻬﺎ در ‪ Decompress‬ﻣﯿﮑﻨﯿﻢ و ﻓﺎﯾﻞ ﻧﻬﺎﯾﯽ ﺑﺎ ﭘﺴﻮﻧﺪ ‪ bin‬را ﺑﻪ 3‪ GNS‬ﻣﻌﺮﻓﯽ ﻣﯿﮑﻨﯿﻢ.‬ ‫ﺗﻮﺿﯿﺢ ﻣﺘﺮﺟﻢ : ﭘﯿﺸﻨﻬﺎد ﻣﯿﺸﻮد ﺑﻪ ﺟﺎي ‪ IOS‬ﻫﺎي 0463و5273 از 5473 اﺳﺘﻔﺎده ﺷﻮد . اﯾﻦ ‪ IOS‬اﻣﮑﺎن اﻋﻤﺎل‬ ‫ﮐﺎﻧﻔﯿﮕﻬﺎي ‪ Vlan‬را در ﻣﺤﯿﻂ ﮔﻠﻮﺑﺎل ﮐﺎﻧﻔﯿﮓ ﻫﻤﺎﻧﻨﺪ ﯾﮏ ﺳﻮﯾﯿﭻ واﻗﻌﯽ ﻓﺮاﻫﻢ ﻣﯽ آورد.‬ ‫092 ‪Page 42 of‬‬
  • 44.
    ‫ﺗﺼﻮﯾﺮ 4.2 –ﺗﻨﻈﯿﻢ ﻣﺴﯿﺮ ‪ ios‬روﺗﺮﻫﺎ‬ ‫4. ﭘﺲ از راه اﻧﺪازي ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ ‪ Dynamips‬از ﭘﻨﺠﺮه ‪ preferences‬ﺧﺎرج ﺷﻮﯾﺪ و ﻣﺠﺪدا ﺑﻪ ‪Setup‬‬ ‫‪ wizard‬ﺑﺮﮔﺮدﯾﺪ.و دﮐﻤﻪ 2 را ﺑﻪ ﻣﻨﻈﻮر اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت روﺗﺮﻫﺎي ﻣﻮرد اﺳﺘﻔﺎده در 3‪ GNS‬ﮐﻠﯿﮏ ﮐﻨﯿﺪ.در‬ ‫اﯾﻦ ﭘﻨﺠﺮه روﺗﺮﻫﺎي 5273 و 0463 را ﺑﺎ ‪ 256MB RAM‬ﺗﻨﻈﯿﻢ ﺧﻮاﻫﯿﻢ ﮐﺮد و ﻣﺴﯿﺮ ‪ IOS‬ﻫﺎي‬ ‫‪ Decompress‬ﺷﺪه واﻗﻊ در ‪ gns3images‬را ﺑﻪ آن ﻣﻌﺮﻓﯽ ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫ﻧﮑﺘﻪ:ﻣﯿﺰان ﺣﺪاﮐﺜﺮ ‪ RAM‬ﻗﺎﺑﻞ اﺳﺘﻔﺎده ‪ Hyper-visor‬را از ﻃﺮﯾﻖ ‪Prefrences-> Dynamips->Hyper-visor‬ﺑﻪ‬ ‫‪ 2GB‬اﻓﺰاﯾﺶ دﻫﯿﺪ.‬ ‫5. ﭘﺲ از ﺗﮑﻤﯿﻞ ﺗﻨﻈﯿﻤﺎت روﺗﺮﻫﺎي ﻣﻮرد ﻧﯿﺎز ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ ﻣﯽ ﺗﻮاﻧﯿﺪ از ﻣﺤﯿﻂ ﺗﻨﻈﯿﻤﺎت ﺧﺎرج ﺷﻮﯾﺪ و‬ ‫3‪ Gns‬را ﻣﺠﺪدا راه اﻧﺪازي ﮐﻨﯿﺪ اﮐﻨﻮن اﯾﻦ ﻣﺤﯿﻂ اﻣﺎده اﺳﺘﻔﺎده ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﻣﯿﺒﺎﺷﺪ.‬ ‫092 ‪Page 43 of‬‬
  • 45.
    ‫آزﻣﺎﯾﺶ 8.1- ﺗﻈﯿﻤﺎت3‪ GNS‬ﺟﻬﺖ ارﺗﺒﺎط ﺑﺎ ﺗﺠﻬﯿﺰات واﻗﻌﯽ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺧﻮاﻫﯿﻢ دﯾﺪ ﭼﮕﻮﻧﻪ ‪ NIO (Network Input/Output) Cloud‬را در3‪ GNS‬ﺑﻪ ﻣﻨﻈﻮر اﺟﺮاي‬ ‫آزﻣﺎﯾﺸﺎت ﻓﺼﻮل ﺑﻌﺪ ﭘﯿﮑﺮه ﺑﻨﺪي ﮐﻨﯿﻢ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در 3‪ GNS‬از ﻃﺮﯾﻖ راﺑﻂ ‪ Cloud‬و ﺗﻨﻈﯿﻢ ارﺗﺒﺎط آن ﺑﺎ ﮐﺎرت)ﮐﺎرﺗﻬﺎي( ﺷﺒﮑﻪ ﻣﻮﺟﻮد در ‪ pc‬اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ‬ ‫ﺗﺠﻬﯿﺰات واﻗﻌﯽ ﺷﺒﮑﻪ وﺟﻮد دارد .ﮐﺎرﺑﺮد ﻫﺎي ‪ Cloud‬ﻣﺸﺘﻤﻞ ﺑﺮ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ روﺗﺮ و ﺳﻮﯾﯿﭽﻬﺎي ﻓﯿﺰﯾﮑﯽ ﮔﺮﻓﺘﻪ‬ ‫ﺗﺎ ارﺗﺒﺎط ﻣﺎﺷﯿﻨﻬﺎي ﻣﺠﺎزي ﻧﺼﺐ ﺷﺪه روي ‪ pc‬ﺑﺎ 3‪ Gns‬ﯾﺎ ‪ loopback adapter‬ﻫﺎي اﯾﺠﺎد ﺷﺪه روي ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ‬ ‫ﺑﻪ ﻣﻨﻈﻮر ﺑﺮﻗﺮاري ارﺗﺒﺎﻃﻬﺎي ﻣﺠﺰا ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮﻫﺎي درون 3‪ GNS‬ﻣﯽ ﺑﺎﺷﺪ.در اﯾﻦ آزﻣﺎﯾﺶ ﺧﻮاﻫﯿﻢ آﻣﻮﺧﺖ‬ ‫ﭼﮕﻮﻧﻪ ‪ Loopback‬اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻧﺼﺐ ﺷﺪه روي ‪ local host‬را ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ارﺗﺒﺎط ﺑﺎ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ادوات‬ ‫ﺳﯿﺴﮑﻮ درون 3‪ Gns‬ﺗﻨﻈﯿﻢ ﮐﻨﯿﻢ.ﻧﺘﯿﺠﻪ اﯾﻦ ﻓﺮاﯾﻨﺪ ﺷﺒﯿﻪ ﺳﺎزي اﺗﺼﺎﻻت ﻓﯿﺰﯾﮑﯽ ﺑﻪ ادوات ﺳﯿﺴﮑﻮ ﻣﯽ ﺑﺎﺷﺪ.در ﻋﯿﻦ‬ ‫ﺣﺎل ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﺷﺎره ﺷﺪ ﻣﯿﺘﻮان ‪ Cloud‬را ﺑﻪ ﮐﺎرت ﺷﺒﮑﻪ ﻫﺎي ﻓﯿﺰﯾﮑﯽ ﻣﻮﺟﻮد در ‪ pc‬ﺑﻪ ﺟﺎي ‪loopback adapter‬‬ ‫ﻣﺘﺼﻞ ﮐﺮد،ﺑﺎ اﯾﻨﮑﺎر اﻣﮑﺎن اﺗﺼﺎل ﺑﻪ ادوات واﻗﻌﯽ ﻣﻮﺟﻮد در ‪ Lan‬ﭘﺪﯾﺪ ﻣﯽ آﯾﺪ .ذﮐﺮ اﯾﻦ ﻧﮑﺘﻪ ﻫﻢ اﻟﺰاﻣﯽ اﺳﺖ ﮐﻪ‬ ‫اﺗﺼﺎل ﺑﻪ ادوات درون 3‪ Gns‬از ﻃﺮﯾﻖ ‪ loopback‬اﺣﺘﻤﺎل ﮐﺮش ﮐﺮدن ‪ Dynamips‬را ﺑﺎﻻ ﻣﯽ ﺑﺮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻤﺎت 3‪ Gns‬ﻣﻄﺎﺑﻖ ﺑﺎ آزﻣﺎﯾﺶ 7.1‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻧﺼﺐ ‪ adapter Loopback‬روي وﯾﻨﺪوز‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ‪ ip‬روي‪ Loopback adapter‬ﻧﺼﺐ ﺷﺪه‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ‪ Cloud‬اﯾﻨﺘﺮﻓﯿﺲ در 3‪ Gns‬و ﺑﺮﻗﺮاري ارﺗﺒﺎط آن ﺑﺎ ‪Loopback adapter‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري اﺗﺼﺎل‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1.‬ ‫ﻓﺮاﺧﻮاﻧﯽ ﭘﻨﺠﺮه "‪ "Add Hardware‬از ﻃﺮﯾﻖ ‪ hdwwiz‬در وﯾﻨﺪوز7 ﯾﺎ ‪ hdwwzd.cpl‬در وﯾﻨﺪوز‪XP‬‬ ‫092 ‪Page 44 of‬‬
  • 46.
    ‫ﭘﺲ از اﯾﻦﺻﻔﺤﻪ ، ﮔﺰﯾﻨﻪ ‪ Advance‬ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ اﻧﺘﺨﺎب ﻣﯿﺸﻮد.‬ ‫ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ ﮔﺰﯾﻨﻪ ‪ Network adapters‬اﻧﺘﺨﺎب ﻣﯿﺸﻮد.‬ ‫092 ‪Page 45 of‬‬
  • 47.
    ‫از ﻟﯿﺴﺖ ﺳﻤﺖﭼﭗ ‪ Microsoft‬و از ﻟﯿﺴﺖ ﺳﻤﺖ راﺳﺖ ‪ Loopback adapter‬را ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ اﻧﺘﺨﺎب ﻣﯽ ﮐﻨﯿﻢ‬ ‫ﭘﺲ از اﯾﻦ ﻣﺮﺣﻠﻪ و ﻧﺼﺐ ‪ adapter‬ﺳﯿﺴﺘﻢ را رﯾﺴﺖ ﻣﯿﮑﻨﯿﻢ‬ ‫092 ‪Page 46 of‬‬
  • 48.
    ‫2. ﻣﺮﺣﻠﻪ ﺗﻨﻈﯿﻢ‪ ip address‬ﺑﺮ روي ‪ Loopback adapter‬اﯾﺠﺎد ﺷﺪه .‬ ‫‪ Loopback adapter‬ﺑﻪ ﺻﻮرت ﯾﮏ ﮐﺎرت ﺷﺒﮑﻪ ﻓﯿﺰﯾﮑﯽ در ﻗﺴﻤﺖ ﺗﻨﻈﯿﻤﺎت ﺷﺒﮑﻪ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ و در‬ ‫ﮐﻨﺎر ﺳﺎﯾﺮ ﮐﺎرت)ﮐﺎرﺗﻬﺎي( ﺷﺒﮑﻪ ﻧﻤﺎﯾﺶ داده ﻣﯽ ﺷﻮد، ﻧﺘﯿﺠﻪ آﻧﮑﻪ ﺑﻪ ﻫﻤﺎن روش ﻣﺮﺳﻮم ‪ ip‬دﻫﯽ ﺑﻪ ﮐﺎرﺗﻬﺎي‬ ‫ﺷﺒﮑﻪ ﺻﺎﺣﺐ ‪ ip‬ﺧﻮاﻫﺪ ﺷﺪ ﻓﻌﻼ 42/01.552.861.291 را ﺑﻪ آن اﺧﺘﺼﺎص ﻣﯽ دﻫﯿﻢ.‬ ‫3. اﯾﺠﺎد ‪ Cloud interface‬در 3‪ Gns‬و اﺗﺼﺎل آن ﺑﻪ ‪ Loopback adapter‬اﯾﺠﺎد ﺷﺪه در ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ.‬ ‫در ﭘﻨﻞ ‪ Node type‬واﻗﻊ در ﺳﻤﺖ راﺳﺖ ﺻﻔﺤﻪ 3‪ Gns‬آﯾﺘﻢ ‪ Cloud‬را ﺑﻪ ﻗﺴﻤﺖ ﻃﺮاﺣﯽ ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫‪ Drag‬ﻣﯿﮑﻨﯿﻢ.‬ ‫ﺗﺼﻮﯾﺮ 1.8.1 – اﻓﺰودن ‪ cloud‬ﺑﻪ ﻣﺤﯿﻂ ﻃﺮاﺣﯽ‬ ‫اﮐﻨﻮن ﭘﺲ از دﺑﻞ ﮐﻠﯿﮏ روي ‪ cloud‬ﺳﺎﺧﺘﻪ ﺷﺪه ، ﭘﻨﺠﺮه ﺗﻨﻈﯿﻤﺎت ‪ cloud‬ﻫﺎي ﻣﻮﺟﻮد در ﺻﻔﺤﻪ ﻃﺮاﺣﯽ ﻣﻄﺎﺑﻖ‬ ‫ﺗﺼﻮﯾﺮ زﯾﺮ ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد.از ﻟﯿﺴﺖ ﻣﻮﺟﻮد 1‪ C‬را اﻧﺘﺨﺎب ﮐﻨﯿﺪ‬ ‫092 ‪Page 47 of‬‬
  • 49.
    ‫ﺗﺼﻮﯾﺮ 2.8.1 –ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت ‪cloud‬‬ ‫از ﻟﯿﺴﺖ ‪ Generic Ethernet Nio‬ﮐﻪ ﺣﺎوي ﻟﯿﺴﺖ ﮐﺎرﺗﻬﺎي ﺷﺒﮑﻪ و ‪ Loopback adapter‬ﻫﺎ اﺳﺖ ‪Loopbak‬‬ ‫1‪ adapter‬را اﻧﺘﺨﺎب ﻣﯿﮑﻨﯿﻢ و ﺑﺎ ﻓﺸﺮدن دﮐﻤﻪ ‪ Add‬ﺑﻪ ﻟﯿﺴﺖ ﻣﯿﺎﻧﯽ ﺻﻔﺤﻪ اﺿﺎﻓﻪ ﻣﯿﮑﻨﯿﻢ.‬ ‫ﺗﺼﻮﯾﺮ 3.8.1 – اﻧﺘﺨﺎب ‪ Loopback adapter‬و اﺗﺼﺎل آن ﺑﻪ ‪Cloud‬‬ ‫ﭘﺲ از اﻓﺰودن ‪ Cloud‬و اﺗﺼﺎل آن ﺑﻪ ﮐﺎرت ﺷﺒﮑﻪ ﻣﺠﺎزي اﯾﺠﺎد ﺷﺪه در ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﻧﻮﺑﺖ اﺗﺼﺎل آن ﺑﻪ ﯾﮑﯽ از‬ ‫ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ واﻗﻊ در 3‪ Gns‬و ﺗﺴﺖ ان اﺳﺖ.ﺑﺎ اﻓﺰودن ﻣﺎژول ‪ Nm-16esw‬ﺑﻪ روﺗﺮ 5273 ﺑﻪ ﻧﻮﻋﯽ از آن ﺑﻪ ﻋﻨﻮان‬ ‫ﺳﻮﯾﯿﭻ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫092 ‪Page 48 of‬‬
  • 50.
    ‫ﺗﺼﻮﯾﺮ 5.8.1- اﻓﺰودنﻣﺎژول ‪ NM-16ESW‬ﺑﻪ روﺗﺮ‬ ‫ﭘﺲ از اﻧﺘﺨﺎب ‪ Cloud‬و اﺗﺼﺎل آن از ﻃﺮﯾﻖ 54‪ Rj‬ﺑﻪ 0/1‪ F‬روﺗﺮ و در واﻗﻊ ﺳﻮﯾﯿﭻ ! ، ﺻﺤﺖ اﺗﺼﺎﻻت را ﭼﮏ ﻣﯿﮑﻨﯿﻢ‬ ‫092 ‪Page 49 of‬‬
  • 51.
    NM-16ESW ‫ ﺑﻪﭘﻮرت ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ ﻣﺎژول‬cloud ‫ﺗﺼﻮﯾﺮ 6.8.1 – اﺗﺼﺎل‬ ‫ و‬F1/0 ‫ اﻣﺘﺤﺎن ﻣﯿﮑﻨﯿﻢ.آدرس 42/1.552.861.291 را ﺑﻪ‬R1 ‫ ﺑﻪ‬ip ‫4. اﮐﻨﻮن ﺻﺤﺖ اﺗﺼﺎﻻت را ﺑﺎ ﺗﺨﺼﯿﺺ‬ .‫ ﺗﺨﺼﯿﺺ ﻣﯿﺪﻫﯿﻢ‬Loopback ‫.42/01.552.861.291 را ﺑﻪ‬ Router con0 is now available Press RETURN to get started! Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname SW1 SW1(config)#interface FastEthernet 1/0 SW1(config-if)#ip add 192.168.255.1 255.255.255.0 SW1(config-if)#no shut SW1(config-if)#end SW1#ping 192.168.255.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds: ..!!! Success rate is 60 percent (3/5) SW1#ping 192.168.255.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms Page 50 of 290
  • 52.
    ‫#1‪SW‬‬ ‫ﺧﻮب ! ﻧﺘﯿﺠﻪﻫﻤﺎﻧﻄﻮر ﮐﻪ اﻧﺘﻈﺎر ﻣﯽ رﻓﺖ از آب درآﻣﺪ.‬ ‫092 ‪Page 51 of‬‬
  • 53.
    ‫ﻓﺼﻞ دوم :ﻣﺪﯾﺮﯾﺖ ﭘﺎﯾﻪ روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ‬ ‫آزﻣﺎﯾﺶ 1.2-ﭘﺴﻮرد رﯾﮑﺎوري روﺗﺮﻫﺎي ﺳﺮي 0052‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻣﺮاﺣﻞ ‪ Reset/clear‬ﮐﺮدن ﭘﺴﻮرد ‪ Console‬و ‪ Enable‬روﺗﺮﻫﺎي ﺳﺮي 0052 آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺳﺮي 0052 از ﻗﺪﯾﻤﯽ ﺗﺮﯾﻦ رده روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ ﻣﯽ ﺑﺎﺷﺪ و ﺑﻌﻀﺎ ﻣﺸﺎﻫﺪه آﻧﻬﺎ در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﺑﺎ ‪ Uptime‬ﻫﺎي‬ ‫ﻧﺰدﯾﮏ 8 ﺳﺎل ﺑﺎﻋﺚ ﺷﮕﻔﺘﯽ ﻣﯽ ﺷﻮﻧﺪ.اﻣﺮوزه ﻋﻤﺪه ﮐﺎرﺑﺮد اﯾﻦ ﺳﺮي ﺟﻬﺖ اﻫﺪاف آﻣﻮزﺷﯽ و در آزﻣﺎﯾﺸﮕﺎﻫﻬﺎي‬ ‫ﺷﺒﮑﻪ ﻣﯽ ﺑﺎﺷﺪ و اﺑﺰارﻫﺎي ﻓﻮق اﻟﻌﺎده اي ﺟﻬﺖ ﻣﻌﺮﻓﯽ و آﺷﻨﺎﯾﯽ ﺑﺎ ‪ IOS‬ﺳﯿﺴﮑﻮ ﻣﺤﺴﻮب ﻣﯿﺸﻮﻧﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ 0052 ﺑﺎ ﭘﺴﻮرد ‪ Console‬ﯾﺎ ‪ Enable‬ﮔﻢ ﺷﺪه!‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ ﭘﻮرت ﮐﻨﺴﻮل دﺳﺘﮕﺎه‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﻣﺘﻮﻗﻒ ﮐﺮدن ﻓﺮاﯾﻨﺪ ﺑﻮت دﺳﺘﮕﺎه و ورود ﺑﻪ ‪rom monitor mode‬‬ ‫ﺗﻐﯿﯿﺮ ﻣﺤﺘﻮاي ‪ configuration register‬ﺑﻪ 2412×0 ﺟﻬﺖ ‪ Bypass‬ﮐﺮدن ﻣﺤﺘﻮاي ‪ Nvram‬در ﻫﻨﮕﺎم‬ ‫ﺑﻮت و ﭘﺲ از آن ﭘﯿﮑﺮﺑﻨﺪي ﻣﺠﺪد روﺗﺮ‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺑﺎ ﯾﮏ روﺗﺮ 1052 روﺑﺮو ﻫﺴﺘﯿﻢ ﮐﻪ داري ﭘﺴﻮرد ﮐﻨﺴﻮل ﻧﺎﻣﻌﯿﻨﯽ اﺳﺖ.ﺑﺎ ﭼﻨﯿﻦ ﭘﺴﻮردي و ﺑﺪون داﻧﺴﺘﻦ آن ﻗﺎدر ﺑﻪ‬ ‫ورود ﺑﻪ ﻣﺤﯿﻂ ‪ Exec mode‬ﻧﯿﺴﺘﯿﻢ، ﺑﺎ ﭼﻨﯿﻦ ﺳﻨﺎرﯾﻮﯾﯽ در ﻫﻨﮕﺎم ﺧﺮﯾﺪ ادوات دﺳﺖ دوم زﯾﺎد ﺑﺮﺧﻮرد ﻣﯿﮑﻨﯿﻢ.‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪User Access Verification‬‬ ‫:‪Password‬‬ ‫092 ‪Page 52 of‬‬
  • 54.
    ‫روﺗﺮ را روﺷﻦﻣﯿﮑﻨﯿﻢ ﺗﺎ ﻓﺮاﯾﻨﺪ ﺑﻮت آﻏﺎز ﺷﻮد ، در اﯾﻦ ﺣﯿﻦ ﻧﯿﺎز اﺳﺖ ﺗﺎ ﻓﺮاﯾﻨﺪ ﺑﻮت ﺑﻪ ﺻﻮرت ﻧﺮﻣﺎل ﻣﺘﻮﻗﻒ‬ .1 ‫ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ ﺗﺎ ﺑﻪ‬Ctrl+Puse Breake ‫ ﺑﺎﻻ ﺑﯿﺎﯾﺪ ، اﯾﻨﮑﺎر را ﻓﺸﺮدن ﻣﮑﺮر‬bootrom ‫ﺷﻮد و روﺗﺮ ﺑﺎ‬ .‫ وارد ﺷﻮﯾﻢ‬bootrom ‫ﻣﺤﯿﻂ‬ System Bootstrap, Version 11.0(10c), SOFTWARE Copyright (c) 1986-1996 by cisco Systems 2500 processor with 14336 Kbytes of main memory Abort at 0x10B1F3C (PC) > ‫ را ﺑﻪ 2412×0 ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ ﺗﺎ در ﺑﻮت ﺑﻌﺪي روﺗﺮ از ﻃﺮﯾﻖ‬configuration register ‫2. اﮐﻨﻮن ﻣﺤﺘﻮاي‬ .‫ ﻣﻮرد ﭘﺮدازش ﻗﺮار ﻧﮕﯿﺮد‬Nvram ‫ ﺑﻮت ﺷﻮد و ﻣﺤﺘﻮاي‬IOS >o/r 0x2142 >i privileged ‫3. راه اول:ﭘﺲ از ﺑﻮت ﺷﺪن روﺗﺮ ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ روﺑﺮو ﻣﯿﺸﻮد ، ﺑﺎ ورود ﺑﻪ ﻣﺤﯿﻂ‬ running configuration ‫ را ﺑﻪ‬startup configuration ‫ ، ﻣﺤﺘﻮاي‬en ‫ از ﻃﺮﯾﻖ ﺗﺎﯾﭗ ﮐﺮدن‬mode ‫ از ﻃﺮﯾﻖ‬Nvram ‫ﮐﭙﯽ ﻣﯿﮑﻨﯿﻢ و ﭘﺲ از ان ﭘﺴﻮردﻫﺎ را ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ در ﻧﻬﺎﯾﺖ ﻫﻢ ذﺧﯿﺮه ﺗﻐﯿﯿﺮات در‬ .‫ اﻧﺠﺎم ﻣﯿﮕﯿﺮد‬copy run start --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! Router>enable Router#copy start run Destination filename [running-config]? 506 bytes copied in 3.868 secs (168 bytes/sec) ARCVRSR01#configure terminal ARCVRSR01(config)#enable secret NEWENABLEPASSWORD ARCVRSR01(config)#line con 0 ARCVRSR01(config-if)#password NEWPASSWORD ARCVRSR01(config-if)#end ARCVRSR01#copy run start Destination filename [startup-config]? Building configuration... [OK] ARCVRSR01# ‫ وارد ﻣﯽ ﺷﻮﯾﻢ اﻣﺎ‬privileged mode ‫ ﺑﻪ ﻣﺤﯿﻂ‬IOS ‫4. راه دوم : ﻫﻤﺎﻧﻨﺪ روش ﻗﺒﻠﯽ ﭘﺲ از ﺑﻮت از ﻃﺮﯾﻖ‬ ‫ را ﭘﺎك ﻣﯿﮑﻨﯿﻢ‬Nvram ‫اﯾﻨﺒﺎر ﻣﺤﺘﻮاي‬ --- System Configuration Dialog --- Page 53 of 290
  • 55.
    Would you liketo enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! Router>enable Router#write erase Erasing the nvram filesystem will remove all files! Continue? [confirm] [OK] Erase of nvram: complete Router# ‫ را ﺑﻪ‬configuration register ‫ ﻣﺤﺘﻮاي‬Nvram ‫5. در ﻫﺮ دو ﺣﺎﻟﺖ ﭘﺲ از رﯾﺴﺖ ﮐﺮدن ﭘﺴﻮرد ﯾﺎ ﭘﺎك ﮐﺮدن‬ .‫ ﺑﻮت ﺧﻮاﻫﺪ ﺷﺪ‬Nvram ‫2012×0 ﺑﺮ ﻣﯿﮕﺮداﻧﯿﻢ ﺑﺎ رﯾﺒﻮت ﺑﻌﺪي ﺳﯿﺴﺘﻢ از ﻃﺮﯾﻖ ﺧﻮاﻧﺪن ﻣﺤﺘﻮاي‬ Router#configure terminal Router(config)#config-register 0x2102 Router(config)#end Page 54 of 290
  • 56.
    ‫آزﻣﺎﯾﺶ 2.2-ﭘﺴﻮرد رﯾﮑﺎوريروﺗﺮﻫﺎي ﺳﺮي 0062‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻓﺮاﯾﻨﺪ ﭘﺴﻮرد رﯾﮑﺎوري روﺗﺮﻫﺎي ﺳﺮي 0062, 0083 ,0082 ,0081 ,0073 ,0063 ,0071و ‪ISR‬‬ ‫2‪G‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد در دﻧﯿﺎي واﻗﻌﯽ‬ ‫روﺗﺮﻫﺎي ﺳﺮي 0062 ﭘﺮﮐﺎرﺑﺮد ﺗﺮﯾﻦ ﻧﻤﻮﻧﻪ ﻫﺎ در ﻣﺤﯿﻄﻬﺎ آزﻣﺎﯾﺸﮕﺎﻫﯽ ﻫﺴﺘﻨﺪ و در ﻋﯿﻦ ﺣﺎل ﻣﯽ ﺗﻮان آﻧﻬﺎ را در‬ ‫ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﻧﯿﺰ ﺑﻪ وﻓﻮر ﻣﺸﺎﻫﺪه ﮐﺮد ، ﻣﺼﺪاق ﺟﻤﻠﻪ اﮔﻪ ﮐﺎر ﻣﯿﮑﻨﻪ ﺑﻬﺶ دﺳﺖ ﻧﺰن! دﺳﺘﻮراﻟﻌﻤﻠﻬﺎي اراﺋﻪ ﺷﺪه‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﻗﺎﺑﻞ اﻋﻤﺎل ﺑﺮ روي ﺗﻘﺮﯾﺒﺎ ﻫﻤﻪ روﺗﺮﻫﺎي اﻣﺮوزي ﻣﯽ ﺑﺎﺷﺪ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ 0062 ﯾﺎ ﺟﺪﯾﺪﺗﺮ ﺑﺎ ﭘﺴﻮرد ﻧﺎﻣﻌﻠﻮم‬ ‫‪‬‬ ‫ارﺗﺒﺎط ﺑﺮﻗﺮار ﺑﺎ ﭘﻮرت ﮐﻨﺴﻮل دﺳﺘﮕﺎه‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﻣﺘﻮﻗﻒ ﮐﺮدن ﻓﺮاﯾﻨﺪ ﺑﻮت دﺳﺘﮕﺎه و ورود ﺑﻪ ‪rom monitor mode‬‬ ‫ﺗﻐﯿﯿﺮ ﻣﺤﺘﻮاي ‪ configuration register‬ﺑﻪ 2412×0 ﺟﻬﺖ ‪ Bypass‬ﮐﺮدن ﻣﺤﺘﻮاي ‪ Nvram‬در ﻫﻨﮕﺎم‬ ‫ﺑﻮت و ﭘﺲ از آن ﭘﯿﮑﺮﺑﻨﺪي ﻣﺠﺪد روﺗﺮ‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺑﺎ ﯾﮏ روﺗﺮ ‪ 2651 XM‬روﺑﺮو ﻫﺴﺘﯿﻢ ﮐﻪ داري ﭘﺴﻮرد ﮐﻨﺴﻮل ﻧﺎﻣﻌﯿﻨﯽ اﺳﺖ.ﺑﺎ ﭼﻨﯿﻦ ﭘﺴﻮردي و ﺑﺪون داﻧﺴﺘﻦ آن‬ ‫ﻗﺎدر ﺑﻪ ورود ﺑﻪ ﻣﺤﯿﻂ ‪ Exec mode‬ﻧﯿﺴﺘﯿﻢ، ﺑﺎ ﭼﻨﯿﻦ ﺳﻨﺎرﯾﻮﯾﯽ در ﻫﻨﮕﺎم ﺧﺮﯾﺪ ادوات دﺳﺖ دوم زﯾﺎد ﺑﺮﺧﻮرد‬ ‫ﻣﯿﮑﻨﯿﻢ.‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪User Access Verification‬‬ ‫:‪Password‬‬ ‫092 ‪Page 55 of‬‬
  • 57.
    ‫روﺗﺮ را روﺷﻦﻣﯿﮑﻨﯿﻢ ﺗﺎ ﻓﺮاﯾﻨﺪ ﺑﻮت آﻏﺎز ﺷﻮد ، در اﯾﻦ ﺣﯿﻦ ﻧﯿﺎز اﺳﺖ ﺗﺎ ﻓﺮاﯾﻨﺪ ﺑﻮت ﺑﻪ ﺻﻮرت ﻧﺮﻣﺎل ﻣﺘﻮﻗﻒ‬ .1 ‫ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ ﺗﺎ ﺑﻪ‬Ctrl+Puse Breake ‫ ﺑﺎﻻ ﺑﯿﺎﯾﺪ ، اﯾﻨﮑﺎر را ﻓﺸﺮدن ﻣﮑﺮر‬bootrom ‫ﺷﻮد و روﺗﺮ ﺑﺎ‬ .‫ وارد ﺷﻮﯾﻢ‬bootrom ‫ﻣﺤﯿﻂ‬ System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1) Copyright (c) 2003 by cisco Systems, Inc. C2600 platform with 262144 Kbytes of main memory monitor: command "boot" aborted due to user interrupt rommon 1 > ‫ را ﺑﻪ 2412×0 ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ ﺗﺎ در ﺑﻮت ﺑﻌﺪي روﺗﺮ از ﻃﺮﯾﻖ‬configuration register ‫2. اﮐﻨﻮن ﻣﺤﺘﻮاي‬ ‫ ﻣﻮرد ﭘﺮدازش ﻗﺮار ﻧﮕﯿﺮد‬Nvram ‫ ﺑﻮت ﺷﻮد و ﻣﺤﺘﻮاي‬IOS rommon 1 >confreg 0x2142 rommon 2 >reset privileged ‫3. راه اول:ﭘﺲ از ﺑﻮت ﺷﺪن روﺗﺮ ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ روﺑﺮو ﻣﯿﺸﻮد ، ﺑﺎ ورود ﺑﻪ ﻣﺤﯿﻂ‬ ‫ ﮐﭙﯽ‬running configuration ‫ ﺑﻪ‬startup configuration ‫ ، ﻣﺤﺘﻮاي‬en ‫ از ﻃﺮﯾﻖ ﺗﺎﯾﭗ ﮐﺮدن‬mode copy ‫ از ﻃﺮﯾﻖ‬Nvram ‫ﻣﯿﮑﻨﯿﻢ و ﭘﺲ از ان ﭘﺴﻮردﻫﺎ را ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ در ﻧﻬﺎﯾﺖ ﻫﻢ ذﺧﯿﺮه ﺗﻐﯿﯿﺮات در‬ run start --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! Router>enable Router#copy start run Destination filename [running-config]? 506 bytes copied in 3.868 secs (168 bytes/sec) IMAROUTER#configure terminal IMAROUTER(config)#enable secret NEWENABLEPASSWORD IMAROUTER(config)#line con 0 IMAROUTER(config-if)#password NEWPASSWORD IMAROUTER(config-if)#end IMAROUTER#copy run start Destination filename [startup-config]? Building configuration... [OK] IMAROUTER# Page 56 of 290
  • 58.
    ‫ وارد ﻣﯽﺷﻮﯾﻢ اﻣﺎ‬privileged mode ‫ ﺑﻪ ﻣﺤﯿﻂ‬IOS ‫4. راه دوم : ﻫﻤﺎﻧﻨﺪ روش ﻗﺒﻠﯽ ﭘﺲ از ﺑﻮت از ﻃﺮﯾﻖ‬ ‫ را ﭘﺎك ﻣﯿﮑﻨﯿﻢ‬Nvram ‫اﯾﻨﺒﺎر ﻣﺤﺘﻮاي‬ --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! Router>enable Router#write erase Erasing the nvram filesystem will remove all files! Continue? [confirm] [OK] Erase of nvram: complete Router# ‫ را ﺑﻪ‬configuration register ‫ ﻣﺤﺘﻮاي‬Nvram ‫5. در ﻫﺮ دو ﺣﺎﻟﺖ ﭘﺲ از رﯾﺴﺖ ﮐﺮدن ﭘﺴﻮرد ﯾﺎ ﭘﺎك ﮐﺮدن‬ .‫ ﺑﻮت ﺧﻮاﻫﺪ ﺷﺪ‬Nvram ‫2012×0 ﺑﺮ ﻣﯿﮕﺮداﻧﯿﻢ ﺑﺎ رﯾﺒﻮت ﺑﻌﺪي ﺳﯿﺴﺘﻢ از ﻃﺮﯾﻖ ﺧﻮاﻧﺪن ﻣﺤﺘﻮاي‬ Router#configure terminal Router(config)#config-register 0x2102 Router(config)#end Page 57 of 290
  • 59.
    ‫آزﻣﺎﯾﺶ 3.2 –ﭘﺴﻮد رﯾﮑﺎوري ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻧﺤﻮه ﭘﺴﻮرد رﯾﮑﺎوري ﺳﻮﯾﯿﭽﻬﺎ ﺳﺮي 0573 ,0653 ,0553 ,‪ 2900XL, 2950, 3500XL‬و‬ ‫ﺳﺮﯾﻬﺎي ﻣﺸﺎﺑﻪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد در دﻧﯿﺎي واﻗﻌﯽ‬ ‫در دﻧﯿﺎي واﻗﻊ ﻣﻮاﻗﻊ زﯾﺎدي ﭘﯿﺶ ﻣﯽ آﯾﺪ ﮐﻪ ﭘﺴﻮرد ﺧﺎﺻﯽ ﻓﺮاﻣﻮش ﺷﻮد ، ﻋﻤﻮﻣﺎ ﻫﻢ ﻣﻬﻢ ﻧﯿﺴﺘﻨﺪ ، اﻣﺎ ﻓﺮاﻣﻮش ﮐﺮدن‬ ‫ﭘﺴﻮرد ﺳﻮﯾﯿﭻ ﻣﺮﮐﺰي ﺷﺒﮑﻪ ﻣﯿﺘﻮاﻧﺪ دردﺳﺮ ﺳﺎز ﺑﺎﺷﺪ.ﺑﺮﺧﻼف روﺗﺮﻫﺎ ، ﺑﻪ ﻣﻨﻈﻮر اﻧﺠﺎم ﻓﺮاﯾﻨﺪ ﭘﺴﻮرد رﯾﮑﺎروي ﺷﻤﺎ‬ ‫ﺣﺘﻤﺎ ﺑﺎﯾﺪ ﻧﺰدﯾﮏ ﺳﻮﯾﯿﭻ ﺣﻀﻮر داﺷﺘﻪ ﺑﺎﺷﯿﺪ ﺣﺘﯽ دﺳﺘﺮﺳﯽ از راه دور ﺑﻪ ﮐﺎﻣﭙﯿﻮﺗﺮي ﮐﻪ اﺗﺼﺎل ﮐﻨﺴﻮل ﺳﻮﯾﯿﭻ از‬ ‫ﻃﺮﯾﻖ ان ﺑﺮﻗﺮار ﻣﯽ ﺑﺎﺷﺪ ﻧﯿﺰ ﮐﺎرﺳﺎز ﻧﯿﺴﺖ ﺑﻪ اﯾﻦ ﻋﻠﺖ ﮐﻪ ﻃﯽ اﯾﻦ ﻓﺮاﯾﻨﺪ ﻧﯿﺎز اﺳﺖ ﮐﺎﺑﻞ ﺑﺮق ﺳﻮﯾﯿﭻ از آن ﺟﺪا ﺷﺪه‬ ‫و دﮐﻤﻪ ‪ Mode‬ﻧﯿﺰ ﺑﺮاي ﻣﺪﺗﯽ ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻪ ﺷﻮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﺗﺼﺎل ﺑﻪ ﭘﻮرت ﮐﻨﺴﻮل ﺳﻮﯾﯿﭻ‬ ‫ﺣﻀﻮر داﺷﺘﻦ در ﻣﺤﻞ ﻗﺮارﮔﯿﺮي ﺳﻮﯾﯿﭻ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ورود ﺑﻪ ﻣﺤﯿﻂ ‪ SWITCH ROM‬ﺑﺎ از ﺑﺮق ﮐﺸﯿﺪن و ﻣﺠﺪدا وﺻﻞ ﮐﺮدن آن در ﺣﯿﻦ ﻧﮕﻬﺪاﺷﺘﻦ دﮐﻤﻪ‬ ‫‪Mode‬‬ ‫ﺗﻐﯿﯿﺮ ﻧﺎم ‪ configuration file‬ﻣﻮﺟﻮد در ﻓﻠﺶ ﺑﻪ ﻧﺎم دﯾﮕﺮي ﻫﻤﭽﻮن ‪config.old‬‬ ‫ﺑﻮت ﻣﺠﺪد ﺳﻮﯾﯿﭻ و ﮐﭙﯽ ‪ flash:config.old‬ﺑﻪ ﺟﺎي ‪Runing config‬‬ ‫ﮐﭙﯽ ‪ Runing config‬ﺑﻪ ‪Nvram‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. در ﻣﺮﺣﻠﻪ اول ﺑﻪ ﻣﺤﯿﻂ ‪ SWITCH ROM‬از ﻃﺮﯾﻖ ﻧﮕﻪ داﺷﺘﻦ دﮐﻤﻪ ‪ MODE‬روي ﭘﻨﻞ دﺳﺘﮕﺎه و روﺷﻦ‬ ‫ﮐﺮدن دﺳﺘﮕﺎه از ﻃﺮﯾﻖ اﺗﺼﺎل ﻣﺠﺪد ﮐﺎﺑﻞ ﺑﺮق وارد ﻣﯽ ﺷﻮﯾﻢ ﺑﺴﺘﻪ ﺑﻪ ﻧﻮع ﺳﻮﯾﯿﭻ، دﮐﻤﻪ ‪ MODE‬ﻧﯿﺎز ﺑﻪ‬ ‫زﻣﺎﻧﻬﺎي ﻣﺨﺘﻠﻔﯽ ﺑﺮاي ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻪ ﺷﺪن دارد ﭘﺲ ﻫﻤﯿﻨﻄﻮر اﯾﻦ دﮐﻤﻪ را ﭘﺎﯾﯿﻦ ﻧﮕﻪ دارﯾﺪ ﺗﺎ ﺗﻮﺿﯿﺤﺎت‬ ‫ﺑﻌﺪي! .ﺟﺪول زﯾﺮ ﻣﺪت زﻣﺎن ﻻزم ﺟﻬﺖ ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻦ دﮐﻤﻪ ‪ MODE‬را در ﺳﻮﯾﯿﭻ ﻫﺎي ﻣﺨﺘﻠﻒ ﻧﺸﺎن‬ ‫ﻣﯿﺪﻫﺪ‬ ‫092 ‪Page 58 of‬‬
  • 60.
    MODE ‫ ﻫﺎو ﻣﺪت زﻣﺎن ﻻزم ﺟﻬﺖ ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻦ دﮐﻤﻪ‬Led ‫رﻓﺘﺎر‬ ‫ﻧﻮع ﺳﻮﯾﯿﭻ‬ ‫ ﺧﺎﻣﻮش ﻧﺸﺪه ﭘﺎﯾﻦ ﻧﮕﻪ داﺷﺘﻪ ﺷﻮد‬FA0/1 ‫ ﭘﻮرت‬LED ‫ﺗﺎ زﻣﺎﻧﯽ ﮐﻪ‬ 2900XL, 3500XL, 3550 ‫ زرد ﭼﺸﻤﮏ‬Syst LED ‫ ﺧﺎﻣﻮش ﺷﺪ آﻧﺮا رﻫﺎ ﮐﻨﯿﺪ.ﭘﺲ از رﻫﺎ ﮐﺮدن آن‬Stat LED ‫ﺣﺪودا ﭘﺲ از 5 ﺛﺎﻧﯿﻪ و زﻣﺎﻧﯽ ﮐﻪ‬ ‫زن ﺧﻮاﻫﺪ ﺷﺪ‬ 2940, 2950 Mode ‫ زرد ﭼﺸﻤﮏ زن ﺷﺪ و ﺑﻌﺪ از آن ﮐﺎﻣﻼ ﺳﺒﺰ ﺷﺪ دﮐﻤﻪ را رﻫﺎ ﮐﻨﯿﺪ.ﭘﺲ از رﻫﺎ ﮐﺮدن‬SYST LED ‫ﭘﺲ از اﯾﻨﮑﻪ‬ .‫ ﺳﺒﺰ ﭼﺸﻤﮏ زن ﺧﻮاﻫﺪ ﺷﺪ‬SYST LED ‫ﺣﺎﻟﺖ‬ 2960, 2970 ‫ ﺳﺒﺰ‬SYST LED ‫ را رﻫﺎ ﮐﻨﯿﺪ.ﭘﺲ از رﻫﺎ ﮐﺮدن آن‬Mode ‫ دﮐﻤﻪ‬SYST LED ‫ﺑﻌﺪ از ﺣﺪود 51 ﺛﺎﻧﯿﻪ و ﺳﺒﺰ ﺷﺪن‬ ‫ﭼﺸﻤﮏ زن ﺧﻮاﻫﺪ ﺷﺪ‬ 3560, 3750 ‫ ﺑﺎ ﻋﺒﺎرت ﻫﺎي زﯾﺮ ﻣﻮاﺟﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ‬SWITCH ROM ‫2. ﭘﺲ از ورود ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ ﺑﻪ ﻣﺤﯿﻂ‬ Boot Sector Filesystem (bs) installed, fsid: 2 Base ethernet MAC Address: 00:14:f2:d2:41:80 Xmodem file system is available. The password-recovery mechanism is enabled. The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software: flash_init boot switch: flash_init ‫ ﺷﺪن دارد ﺑﺎ ﺗﺎﯾﭗ دﺳﺘﻮر‬initialize ‫ ﻧﯿﺎز ﺑﻪ‬flash ‫3. در اﯾﻦ ﻣﺮﺣﻠﻪ‬ switch:flash_init Initializing Flash... flashfs[0]: 5 files, 1 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 15998976 flashfs[0]: Bytes used: 12282368 flashfs[0]: Bytes available: 3716608 flashfs[0]: flashfs fsck took 10 seconds. ...done Initializing Flash. switch: Page 59 of 290
  • 61.
    ‫ ﺑﻪ ﻣﻨﻈﻮرﭘﯿﺪا ﮐﺮدن ﻓﺎﯾﻞ ﮐﺎﻧﻔﯿﮓ اﺻﻠﯽ ﻟﯿﺴﺖ ﻣﯽ ﮔﯿﺮﯾﻢ.اﯾﻦ ﻓﺎﯾﻞ ﺑﻪ ﻃﻮر ﭘﯿﺶ‬flash ‫4. از ﻓﺎﯾﻠﻬﺎي ﻣﻮﺟﻮد در‬ .‫ ﻧﺎم دارد‬config.text ‫ﻓﺮض‬ switch:dir flash: Directory of flash:/ 1 -rwx 10573494 2 -rwx 684 3 -rwx 1938 4 -rwx 1654 5 -rwx 3096 c3560-advipservicesk9-mz.122-44.SE6.bin vlan.dat private-config.text config.text multiple-fs 3716608 bytes available (10508886 bytes used) switch: ‫ ﺗﻐﯿﯿﺮ ﻧﺎم ﻣﯽ دﻫﯿﻢ‬config.old ‫5. ﻓﺎﯾﻞ ﮐﺎﻧﻔﯿﮓ را ﺑﻪ‬ switch:rename flash:config.text flash:config.old ‫ ﭘﺎك ﮐﺮد‬delete flash:config.text ‫ﻫﻤﯿﻨﻄﻮر ﻣﯿﺘﻮان آﻧﺮا ﺑﺎ دﺳﺘﻮر‬ ‫6. ﭘﺲ از ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﻐﯿﯿﺮ ﻧﺎم ﻓﺎﯾﻞ ﮐﺎﻧﻔﯿﮓ ﺳﻮﯾﯿﭻ را ﻣﺠﺪدا ﺑﻮت ﻣﯿﮑﻨﯿﻢ.و وارد ﻣﺤﯿﻂ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ .‫ﺳﻮﯾﯿﭻ ﻣﯿﺸﻮﯾﻢ‬ --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n Switch> .‫ ﮐﭙﯽ ﻣﯿﮑﻨﯿﻢ‬runnin config ‫ ﮐﺎﻧﻔﯿﮓ ﻗﺪﯾﻤﯽ را ﺑﻪ‬start-up ‫ ﻣﺤﺘﻮاي‬privileged mode ‫7. ﭘﺲ از ورود ﺑﻪ‬ Switch>enable Switch#copy flash:config.old run Destination filename [running-config]? 1654 bytes copied in 9.647 secs (171 bytes/sec) ARSCORESW1# .‫ اﻣﮑﺎن ﺗﻐﯿﯿﺮ ﭘﺴﻮردﻫﺎ ﺳﻮﯾﯿﭻ را ﺧﻮاﻫﯿﻢ داﺷﺖ‬running config ‫8. ﭘﺲ از ﮐﭙﯽ ﺗﻨﻈﯿﻤﺎت ﻗﺪﯾﻤﯽ ﺳﻮﯾﯿﭻ ﺑﻪ‬ Switch#configure terminal Switch(config)#enable password NEWENABLEPASSWORD Switch(config)#line con0 Switch(config-line)#password NEWCONSOLELINEPASSWORD Switch(config-line)#end Switch#copy run start Destination filename [startup-config]? Building configuration... [OK] 0 bytes copied in 1.309 secs (0 bytes/sec) Switch# Page 60 of 290
  • 62.
    ‫آزﻣﺎﯾﺶ 4.2-آﺷﻨﺎﯾﯽ ﺑﺎﺻﻔﺤﻪ اوﻟﯿﻪ ﺗﻨﻈﯿﻤﺎت ﺳﻮﯾﯿﭻ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻈﯿﻤﺎت ﭘﺎﯾﻪ ﺳﻮﯾﯿﭻ ﻣﺎﻧﻨﺪ ‪ IP address,Hostname‬و ﺗﻌﺪادي دﯾﮕﺮ از ﻃﺮﯾﻖ ﺻﻔﺤﻪ‬ ‫اوﻟﯿﻪ ﺗﻨﻈﯿﻤﺎت ﺳﻮﯾﯿﭻ/روﺗﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﺳﻮﯾﯿﭻ/روﺗﺮ و ﭘﯿﺎﻣﻬﺎ و ﺳﻮاﻻت آن از ﺟﻤﻠﻪ ﺻﻔﺤﺎت آذار دﻫﻨﺪه ﻣﺘﺨﺼﺼﯿﻦ ﺷﺒﮑﻪ اﺳﺖ ﭼﻮن‬ ‫ﻋﻤﻮم ﻣﺘﺨﺼﺼﯿﻦ ﺗﻤﺎﯾﻠﯽ ﺑﻪ ﮐﺎﻧﻔﯿﮓ ادوات ﺧﻮد ﺑﺎ اﺳﺘﻔﺎده از ﯾﮏ وﯾﺰارد ﻣﺘﻨﯽ ﻣﺤﺪود ﻧﺪارﻧﺪ. اﻣﺎ ﺑﻪ ﻫﺮ ﺣﺎل ﺟﻬﺖ‬ ‫آزﻣﻮن ‪ ccna‬آﺷﻨﺎﯾﯽ ﺑﺎ آن اﻟﺰاﻣﯽ اﺳﺖ.ﻗﻄﻌﺎ در آﯾﻨﺪه ﻧﺰدﯾﮏ و ﭘﺲ از ﺗﺴﻠﻂ ﺑﻪ دﺳﺘﻮرات ﻣﺮﺑﻮﻃﻪ ﻫﯿﭻ وﻗﺖ از اﯾﻦ‬ ‫ﻣﺤﯿﻂ اﺳﺘﻔﺎده ﻧﺨﻮاﻫﯿﺪ ﮐﺮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫راه اﻧﺪازي ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪ Gns‬و ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ آن‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫آﺷﻨﺎي ﺑﺎ ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ/ﺳﻮﯾﯿﭻ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﭘﺲ از ﺧﺮﯾﺪاري و روﺷﻦ ﮐﺮدن ﯾﮏ دﺳﺘﮕﺎه ﺳﻮﯾﯿﭻ/روﺗﺮ ﺳﯿﺴﮑﻮ اوﻟﯿﻦ ﺻﻔﺤﻪ اي ﮐﻪ ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد ﺻﻔﺤﻪ ﺗﻨﻈﯿﻤﺎت‬ ‫اوﻟﯿﻪ دﺳﺘﮕﺎه اﺳﺖ.اﯾﻦ ﺻﻔﺤﻪ ﻫﻤﯿﻨﻄﻮر ﻫﻨﮕﺎم ﺑﻮت دﺳﺘﮕﺎه ﭘﺲ از اﺟﺮاي دﺳﺘﻮر ‪ erase‬ﮐﻪ ﺑﺎﻋﺚ ﭘﺎك ﺷﺪن ‪Nvram‬‬ ‫ﻣﯿﺸﻮد ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد.‬ ‫در ﮐﺪ زﯾﺮ ﻣﺤﺘﻮاي اﯾﻦ ﺻﻔﺤﻪ را در ﺑﻮت اوﻟﯿﻪ دﺳﺘﮕﺎه ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ.‬ ‫-- ‪--- System Configuration Dialog‬‬‫‪Would you like to enter the initial configuration dialog? [yes/no]: yes‬‬ ‫ﭘﺲ از اﻧﺘﺨﺎب ‪ yes‬وﻧﻤﺎﯾﺶ ﻣﺤﯿﻂ ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ، ﻣﺮاﺣﻞ ﺗﻨﻈﯿﻢ ﺑﻪ ﺻﻮرت ﺳﻮال و ﺟﻮاﺑﻬﺎي ﻣﺘﻮاﻟﯽ ﺑﺎ ﺗﻮﺿﯿﺤﺎت‬ ‫ﻣﺨﺘﺼﺮي ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد.‬ ‫.‪At any point you may enter a question mark '?' for help‬‬ ‫.‪Use ctrl-c to abort configuration dialog at any prompt‬‬ ‫.'][' ‪Default settings are in square brackets‬‬ ‫092 ‪Page 61 of‬‬
  • 63.
    Basic management setupconfigures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system Would you like to enter basic management setup? [yes/no]: yes ‫ را از ﻣﺎ‬Terminal password ‫ و‬Enable secret ‫ و‬Hostname ‫ اﻃﻼﻋﺎت ﻻزم ﺟﻬﺖ ﺗﻨﻈﻤﯿﺎت‬yes ‫ﭘﺲ از اﻧﺘﺨﺎب‬ ‫اﺧﺬ ﺧﻮاﻫﺪ ﮐﺮد‬ Configuring global parameters: Enter host name [Router]: R1 The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: CISCO The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images. Enter enable password: cisco The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: cisco ‫ ﭘﺮوﺗﮑﻞ اﺳﺘﺎﻧﺪاري اﺳﺖ ﮐﻪ ادوات ﻓﻌﺎل در‬SNMP .‫ ﻣﻮاﺟﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ‬SNMP ‫ﺑﻌﺪ از ﺗﻈﯿﻤﺎت ﻓﻮق ﺑﺎ ﭘﯿﻐﺎم ﻓﻌﺎل ﺳﺎزي‬ .‫ﺷﺒﮑﻪ ﺑﻪ واﺳﻄﻪ آن ﻣﺎﻧﯿﺘﻮ و ﯾﺎ ﭘﯿﮑﺮ ﺑﻨﺪي ﻣﯿﺸﻮﻧﺪ‬ Configure SNMP Network Management? [no]: yes Community string [public]: COMMUNITYSTRINGGOESHERE ‫ واﻗﻊ‬Management network ‫ دﻫﯽ ﺑﻪ ﯾﮑﯽ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي دﺳﺘﮕﺎه ﮐﻪ در‬IP ‫ ﻧﻮﺑﺖ ﺑﻪ‬SNMP ‫ﭘﺲ از ﭘﯿﮑﺮﺑﻨﺪي‬ ‫ﺷﺪه)در آن رﻧﺞ ﻗﺮار دارد( ﻣﯿﮑﻨﯿﻢ.در ﻧﻈﺮ داﺷﺘﻪ ﺑﺎﺷﯿﺪ ﮐﻪ ﺑﺎﯾﺪ ﻧﺎم اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ ﻃﻮر ﮐﺎﻣﻞ ﻧﻮﺷﺘﻪ ﺷﻮد‬ Current interface summary Any interface listed with OK? value "NO" does not have a valid configuration Interface Interface FastEthernet0/0 FastEthernet0/1 Serial1/0 Serial1/1 Serial1/2 Serial1/3 IP-Address IP-Address unassigned unassigned unassigned unassigned unassigned unassigned OK? OK? NO NO NO NO NO NO Method Method unset unset unset unset unset unset Status Status up up up up up up Protocol Protocol up up down down down down Page 62 of 290
  • 64.
    Enter interface nameused to connect to the management network from the above interface summary: FastEthernet0/0 .‫ ﻣﯽ رﺳﺪ‬IP ‫ﺑﻪ ﻣﺤﺾ اﯾﻨﮑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺮﺑﻮط ﺑﻪ ﻣﺪﯾﺮﯾﺖ دﺳﺘﮕﺎه را اﻧﺘﺨﺎب ﮐﺮدﯾﻢ ﻧﻮﺑﺖ ﺑﻪ ﺗﻨﻈﯿﻢ ﭘﺎراﻣﺘﺮﻫﺎي‬ Configuring interface FastEthernet0/0: Operate in full-duplex mode? [no]: Configure IP on this interface? [yes]: IP address for this interface: 10.1.1.1 Subnet mask for this interface [255.0.0.0] : 255.255.255.0 Class A network is 10.0.0.0, 24 subnet bits; mask is /24 Running ‫ﺧﻮب،ﭘﺲ از اﺗﻤﺎم ﻣﺮاﺣﻞ ﺑﺎﻻ روﺗﺮ/ﺳﻮﯾﯿﭻ ﮐﺪ ﮐﺎﻧﻔﯿﮓ ﻫﺎي اﻧﺠﺎم ﺷﺪه روي دﺳﺘﮕﺎه ﯾﺎ ﺑﻪ ﺑﯿﺎن دﯾﮕﺮ‬ :‫ را ﺑﻪ ﻣﺎ ﻧﻤﺎﯾﺶ ﻣﯽ دﻫﺪ ﺑﻪ ﻗﺮار زﯾﺮ‬config The following configuration command script was created: hostname R1 enable secret 5 $1$kGQ2$tr6bd7mW9zjqzfkUHhnCE0 enable password cisco line vty 0 4 password cisco no snmp-server ! no ip routing ! interface FastEthernet0/0 no shutdown half-duplex ip address 10.1.1.1 255.255.255.0 no mop enabled ! interface FastEthernet0/1 shutdown no ip address ! interface Serial1/0 shutdown no ip address ! interface Serial1/1 shutdown no ip address ! interface Serial1/2 shutdown no ip address ! interface Serial1/3 shutdown no ip address ! Page 63 of 290
  • 65.
    end ‫ﭘﺲ از ﻣﺮﺣﻠﻪﺑﺎﻻ ﺳﯿﺴﺘﻢ در ﺧﺼﻮص ذﺧﯿﺮه ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ ﺳﻮال ﺧﻮاﻫﺪ ﭘﺮﺳﯿﺪ. ﻋﺪد 2 را ﺟﻬﺖ ذﺧﯿﺮه‬ ‫ اﻧﺘﺨﺎب ﻣﯿﮑﻨﯿﻢ‬startup config ‫ﺗﻨﻈﯿﻤﺎت در‬ [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit. Enter your selection [2]: 2 The enable password you have chosen is the same as your enable secret. This is not recommended. Re-enter the enable password. Building configuration... Use the enabled mode 'configure' command to modify this configuration. % Crashinfo may not be recovered at bootflash:crashinfo % This file system device reports an error Press RETURN to get started! R1> Page 64 of 290
  • 66.
    ‫آزﻣﺎﯾﺶ 5.2 –آﺷﻨﺎﯾﯽ ﺑﺎ ‪ CLI‬ﺳﯿﺴﮑﻮ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺧﻮاﻫﯿﻢ آﻣﻮﺧﺖ ﭼﮕﻮﻧﻪ وارد ﺣﺎﻟﺘﻬﺎي ﻣﺨﺘﻠﻒ ﺧﻂ ﻓﺮﻣﺎن ادوات ﺳﯿﺴﮑﻮ ﺷﻮﯾﻢ ﺣﺎﻟﺘﻬﺎي ‪User‬‬ ‫‪ mode,Privileged mode,Global configuration mode‬و ﭼﻨﺪ ﺣﺎﻟﺖ دﯾﮕﺮ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﻬﻨﺪس ﺷﺒﮑﻪ ﺳﯿﺴﺴﮑﻮ ﻧﯿﺰا دارﯾﺪ ﺗﺎ ﺑﺎ وﯾﮋﮔﯿﻬﺎي ﻣﺤﯿﻂ ‪ CLI‬ادوات ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺷﻮﯾﺪ زﯾﺮا ﺗﻤﺎﻣﯽ‬ ‫ادوات ﺳﯿﺴﮑﻮ از اﯾﻦ ﻃﺮﯾﻖ ﭘﯿﮑﺮﺑﻨﺪي ﻣﯽ ﺷﻮﻧﺪ،اﮔﺮﭼﻪ ﻋﻨﺎوﯾﻦ ﻣﺨﺘﻠﻔﯽ از راﺑﻂ ﮐﺎرﺑﺮﻫﺎي ﮔﺮاﻓﯿﮑﯽ ﻫﻤﭽﻮن‬ ‫‪ ASDM,PDM‬ﺟﻬﺖ ﮐﺎﻧﻔﯿﮓ ادوات ﻣﺨﺘﻠﻒ وﺟﻮد دارد اﻣﺎ اﺳﺘﻔﺎده اﻧﻬﺎ در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻠﯿﺎﺗﯽ ﺟﺪي ﭼﻨﺪان ﺗﻮﺻﯿﻪ‬ ‫ﻧﻤﯿﺸﻮد و ﻣﻮﺟﺒﺎت در ﻫﻢ ﮐﺸﯿﺪه ﺷﺪن اﺧﻤﻬﺎي ﻣﻬﻨﺪﺳﯿﻦ ﻣﺠﺮب ﺳﯿﺴﮑﻮ ﻫﻨﮕﺎﻣﯽ ﮐﻪ از ﻃﺮﯾﻖ ‪ CLI‬ﺑﻪ ﺑﺮرﺳﯽ‬ ‫ﮐﺎﻧﻔﯿﮕﻬﺎ ﻣﯽ ﭘﺮدازﻧﺪ ﻣﯿﺸﻮد.‬ ‫اﻧﺘﻈﺎر ﻣﯽ رود ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﺘﺨﺼﺺ ﺳﯿﺴﮑﻮ در آﯾﻨﺪه ﻧﺰدﯾﮏ ﻗﺎدر ﺑﻪ ﮐﺎر ﺑﺎ ﻣﻮدﻫﺎي ﮐﺎﻧﻔﯿﮓ ادوات ﺳﯿﺴﮑﻮ ﻣﺎﻧﻨﺪ :‬ ‫,‪User Mode, Privileged Mode, Global Configuration Mode, Interface Configuration Mode‬‬ ‫‪Router Configuration Mode, VLAN Database Configuration Mode, Access-List‬‬ ‫‪ Configuration Mode Mode ,Line Configuration Mode‬ﺑﺎﺷﯿﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪ ‬راه اﻧﺪازي ﯾﮏ ﻋﺪد روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫آﺷﻨﺎﯾﯽ ﺑﻪ ﻣﻮدﻫﺎي ﻣﺨﺘﻠﻒ ‪ CLI‬در ادوات ﺳﯿﺴﮑﻮ ﻣﺒﺘﻨﯽ ﺑﺮ ‪IOS‬‬ ‫آﺷﻨﺎﯾﯽ ﺑﺎ ﮐﻠﯿﺪﻫﺎي ﺗﺮﮐﯿﺒﯽ در ﻣﺤﯿﻂ ‪CLI‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ‪ : User mode‬اوﻟﯿﻦ ﻣﻮدي اﺳﺖ ﮐﻪ ﭘﺲ از وارد ﮐﺮدن اﻃﻼﻋﺎت اﺣﺮاز ﻫﻮﯾﺖ و ﻓﺸﺮدن ﮐﻠﯿﺪ ‪ enter‬وارد آن‬ ‫ﻣﯿﺸﻮﯾﻢ.دراﯾﻦ ﻣﻮد ﻋﻤﻮم دﺳﺘﻮراﺗﯽ ﮐﻪ ﻗﺎﺑﻞ اﺟﺮا ﻫﺴﺘﻨﺪ ﻣﺎﻫﯿﺖ اﻃﻼع رﺳﺎﻧﯽ دارﻧﺪ ﻣﺎﻧﺪد دﺳﺘﻮرات‬ ‫092 ‪Page 65 of‬‬
  • 67.
    ‫ و ازاﯾﻦ دﺳﺖ. ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﮐﺪ زﯾﺮ‬ping,trace route, Show cdp neighbors,show version ‫ ﻗﺮار ﻣﯿﮕﯿﺮﯾﻢ ﮐﻪ ﺑﺎ ﻣﺸﺎﻫﺪه ﻋﻼﻣﺖ ">" ﯾﺎ ﻫﻤﺎن‬CLI ‫ در ﻣﺤﯿﻂ‬enter ‫ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ ﭘﺲ از ﻓﺸﺮدن‬ .‫ﺑﺰرﮔﺘﺮ اﺳﺖ از ﻫﻤﺮاه اﺳﺖ‬ Router con0 is now available Press RETURN to get started. Router> ‫ ﻣﯿﺘﻮان ﺑﺎ ﺗﺎﯾﭗ ؟ ﺑﻪ ﻟﯿﺴﺖ دﺳﺘﻮرات ﻗﺎﺑﻞ اﺟﺮا در آن ﻣﻮد دﺳﺘﺮﺳﯽ ﭘﯿﺪا ﮐﺮد‬CLI ‫در ﻫﺮ ﻟﺤﻈﻪ از ﻣﺤﯿﻂ‬ Router>? Exec commands: access-enable access-profile clear connect crypto disable disconnect emm enable ethernet exit help lat lock login logout mrinfo mstat mtrace name-connection --More-- Create a temporary Access-List entry Apply user-profile to interface Reset functions Open a terminal connection Encryption related commands. Turn off privileged commands Disconnect an existing network connection Run a configured Menu System Turn on privileged commands Ethernet parameters Exit from the EXEC Description of the interactive help system Open a lat connection Lock the terminal Log in as a particular user Exit from the EXEC Request neighbor and version information from a multicast router Show statistics after multiple multicast traceroutes Trace reverse multicast path from destination to source Name an existing network connection ‫ ﭘﺎراﮔﺮاف ﺑﻌﺪي ﻧﻤﺎﯾﺎن ﺧﻮاﻫﺪ ﺷﺪ.در ﺻﻮرﺗﯿﮑﻪ ﻣﺎﯾﻞ ﺑﻪ‬space ‫ﺳﻄﺮ ﺑﻌﺪي و ﺑﺎ ﻓﺸﺮدن‬enter ‫در اﯾﻦ ﻣﺮﺣﻠﻪ ﺑﺎ ﻓﺸﺮدن‬ .‫ را ﻓﺸﺎر دﻫﯿﻢ‬Q ‫ ﺑﺎﺷﯿﻢ ﺑﺎﯾﺪ‬space ‫ﺧﺮوج ازاﯾﻦ ﻟﯿﺴﺖ ﺑﺪون ﻓﺸﺮدن ﻫﺎي ﻣﺘﻮاﻟﯽ‬ ‫ ﻫﺴﺘﯿﻢ ﻣﯿﺘﻮاﻧﯿﻢ ﺳﻄﺢ دﺳﺘﺮﺳﯽ ﺧﻮد را ﺑﺎ ورود ﺑﻪ‬User mode ‫: ﻫﻨﮕﺎﻣﯽ ﮐﻪ در‬Priviledge mode .2 ‫ در ﺻﻮرت ﺳﺖ‬en ‫ اﻓﺰاﯾﺶ دﻫﯿﻢ.ﭘﺲ از ﺗﺎﯾﭗ‬en ‫ ﯾﺎ‬Enable ‫ از ﻃﺮﯾﻖ ﺗﺎﯾﭗ ﻋﺒﺎرت‬Priviledge mode ‫ ﺑﺎﯾﺪ رﻣﺰ ورود ﺑﻪ اﯾﻦ ﻣﻮد را وارد ﻧﻤﺎﯾﯿﻢ.در ﻫﻨﮕﺎم وارد‬Enable secret ‫ ﯾﺎ‬Enable password ‫ﺷﺪه ﺑﻮدن‬ ‫ﮐﺮدن اﯾﻦ رﻣﺰ ﻗﺎدر ﺑﻪ ﻣﺸﺎﻫﺪه ﮐﺎراﮐﺘﺮﻫﺎي وارد ﺷﺪه ﻧﯿﺴﺘﯿﻢ ﺣﺘﯽ ﺑﻪ ﺻﻮرت ﺳﺘﺎره ﻫﺎي ﻣﺘﻮاﻟﯽ‬ Page 66 of 290
  • 68.
    Router>enable Password: Router# ‫در اﯾﻦ ﻣﻮددﺳﺘﻮرات ﻣﺪﯾﺮﯾﺘﯽ ﺟﻬﺖ ﻧﮕﻬﺪاري ﺳﯿﺴﺘﻢ اﺟﺮا ﻣﯿﺸﻮﻧﺪ ﻣﺎﻧﻨﺪ ﻣﻮرد زﯾﺮ‬ Router#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] Router# ‫ وارد ﻣﺤﯿﻂ ﭘﯿﮑﺮﺑﻨﺪي و‬configure terminal ‫ ﻫﺴﺘﯿﻢ ﺑﺎ وادر ﮐﺮدن دﺳﺘﻮر‬Priviledge mode ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ در‬ Acess ‫ ﻧﺎم دارد.ﻻزم ﺑﻪ ذﮐﺮ اﺳﺖ اﯾﻦ ﻣﻮد در‬global configuration mode ‫ﺗﻨﻈﯿﻤﺎت ﺳﯿﺴﺘﻢ ﻣﯿﺸﻮﯾﻢ ﮐﻪ‬ .‫ ﻫﺎي ﺳﯿﺴﮑﻮ وﺟﻮد ﻧﺪارد و ﺑﻪ ﻣﺤﺾ ورود ﺑﻪ اﯾﻦ دﺳﺘﮕﺎه ﮐﻠﯿﻪ ﻓﺮاﻣﯿﻦ ﺑﻪ ﻃﻮر ﻣﺴﺘﻘﯿﻢ اﺟﺮا ﺧﻮاﻫﻨﺪ ﺷﺪ‬server Router#configure terminal Enter configuration commands, one per line. Router(config)# End with CNTL/Z. ‫ ﺑﻪ ﺳﻄﺢ ﻣﺘﻔﺎوﺗﯽ از دﺳﺘﻮرات ﭘﯿﮑﺮﺑﻨﺪي دﺳﺘﺮﺳﯽ ﺧﻮاﻫﯿﻢ داﺷﺖ‬global configuration mode ‫ﭘﺲ از ورود ﺑﻪ‬ ‫ و ﻣﻮارد ﺑﺴﯿﺎري دﯾﮕﺮ‬Access list ، Vlan، ‫ﻫﻤﭽﻮن ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎ‬ Router(config)#interface f0/0 Router(config-if)#router eigrp 1 Router(config-router)#ip access-list extended example_acl_name Router(config-ext-nacl)#line con 0 Router(config-line)# ‫ اﺳﺘﻔﺎده‬Exit ‫ از دﺳﺘﻮر‬user mode ‫ ﺑﻪ‬Privileged ‫ﺑﺮاي ﺧﺮوج از ﻣﻮد ﺟﺎري و ﺑﺎزﮔﺸﺖ ﺑﻪ ﻣﻮد ﻗﺒﻠﯽ ﻓﺮﺿﺎ از‬ .‫ﻣﯿﮑﻨﯿﻢ‬ ‫ﻋﻼوه ﺑﺮ دﺳﺘﻮرات ﻣﺨﺘﺺ ﻫﺮ ﻣﻮد ، ﺗﻌﺪادي دﺳﺘﻮر ﺗﺮﮐﯿﺒﯽ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ﺗﺴﻬﯿﻞ اﻣﻮر در ﻣﺤﯿﻂ ﻣﺘﻨﯽ ﺗﺎﯾﭗ‬ .‫دﺳﺘﻮرات وﺟﻮد دارﻧﺪ ﮐﻪ ﺟﺪول آﻧﻬﺎ را در زﯾﺮ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ Key ESC + F ESC + B ESC + DEL ESC + D ESC + C Page 67 of 290 Result Move insertion point to the beginning of the next word. Move insertion point to the beginning of the current word. Erase previous word. Erase word, or section of a word, following the insertion point. Capitalize letter following the insertion point.
  • 69.
    ESC + U Changenext word or word section to all UPPERCASE letters. ESC + L Change next word or word section to all lowercase letters. CTRL + A Move insertion point to the beginning of the line. CTRL + E Move insertion point to the end of the line. CTRL + Erase entire command line you’re working on (to the insertion point’s left). CTRL + T Transpose previous two characters. CTRL + K Erase from the cursor to the start of the command line. CTRL + R Search the list of commands incrementally based on what you type. Tab Complete the path or filename. UP Arrow List previous commands up. DOWN Arrow List previous commands down. Page 68 of 290
  • 70.
    ‫آزﻣﺎﯾﺶ 6.2 -ﺗﻨﻈﯿﻢ ‪ IP Adress‬روي ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻧﺤﻮه ﺗﻨﻈﯿﻢ ‪ Ip address‬اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ادوات ﺳﯿﺴﮑﻮ از ﻃﺮﯾﻖ ‪ Cli‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﺘﺨﺼﺺ آﯾﻨﺪه ﺳﯿﺴﮑﻮ! ﻻزم اﺳﺖ ﺑﺎ ﻧﺤﻮه ﺗﻨﻈﯿﻢ ‪ ip‬روي اﻧﻮاع ﻣﺨﺘﻠﻒ اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎي ادوات ﺳﯿﺴﮑﻮ‬ ‫آﺷﻨﺎ ﺑﺎﺷﯿﺪ.ﺗﺨﺼﯿﺺ ‪ IP‬ﺑﻪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺟﺰء اوﻟﯿﻦ اﻟﺰاﻣﺎت راه اﻧﺪازي ادوات ﺳﯿﺴﮑﻮ در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﻣﯽ ﺑﺎﺷﺪ‬ ‫،ذﮐﺮ اﯾﻦ ﻧﮑﺘﻪ ﺣﺎﺋﺰ اﻫﻤﯿﺖ اﺳﺖ ﮐﻪ ﺑﻪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺑﯿﺶ از ﯾﮏ ‪ IP‬ﻣﯽ ﺗﻮان ﻣﻨﺘﺴﺐ ﻧﻤﻮد‬ ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ 42/452.15.432.01 ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ 0/0‪ FastEthernet‬ﺑﻪ ﻋﻨﻮان ‪Primary IP Address‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ 42/452.84.72.271 ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ 0/0‪ FastEthernet‬ﺑﻪ ﻋﻨﻮان ‪Secondary IP Address‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﻓﻌﺎل ﺳﺎزي 0/0‪FastEthernet‬‬ ‫ﭼﮏ ﮐﺮدن ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ روي روﺗﺮ از ﻃﺮﯾﻖ ﺑﺮرﺳﯽ ‪running-configuration‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ‬ ‫ﺑﺮاي ﺷﺮوع ﺑﻪ ﻣﻮد ‪ Global configuration‬ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﮐﺪ زﯾﺮ ﻧﻤﺎﯾﺶ داده ﺷﺪه اﺳﺖ وارد ﻣﯽ ﺷﻮﯾﻢ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫.‪End with CNTL/Z‬‬ ‫‪Router>enable‬‬ ‫:‪Password‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫#)‪Router(config‬‬ ‫1. ﺗﺨﺼﯿﺺ 42/452.15.432.01 ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ 0/0‪ FastEthernet‬ﺑﻪ ﻋﻨﻮان ‪ ، Primary IP Address‬ﺑﺮاي‬ ‫اﯾﻨﮑﺎر ﻻزم اﺳﺖ وارد ﻣﺤﯿﻂ ﭘﯿﮑﺮﺑﻨﺪي اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ ﺑﻪ ﻗﺮار زﯾﺮ ﺷﻮﯾﻢ.‬ ‫092 ‪Page 69 of‬‬
  • 71.
    Router(config)#interface FastEthernet 0/0 Router(config-if)# .‫ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯽ ﮐﻨﯿﻢ‬ip address n.n.n.h s.s.s.m ‫ از دﺳﺘﻮر‬IP ‫ﺑﺮاي ﺗﺨﺼﯿﺺ‬ Router(config-if)#ip address 10.234.51.254 255.255.255.0 Router(config-if)# FastEthernet0/0 ‫ ﺑﻪ‬Secondary ip ‫2. ﺗﺨﺼﯿﺺ‬ ‫ ﺑﺪون از ﺳﺮوﯾﺲ ﺧﺎرج ﺷﺪن اﯾﻨﺘﺮﻓﯿﺲ ﯾﺎ دﺳﺘﺮﺳﯽ ﻣﺪﯾﺮﯾﺘﯽ‬IP ‫ دوم ﺟﻬﺖ ﻓﺮاﯾﻨﺪﻫﺎي ﺗﻌﻮﯾﺾ‬IP ‫ﻋﻤﻮﻣﺎ از‬ . Mnagement vlan ‫ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد ﻣﺜﻼ ﺗﻌﻮﯾﺾ‬ ‫ در اﻧﺘﻬﺎي‬Secondary ‫ﺑﺮاي ﺗﮑﻤﯿﻞ ﺑﺨﺶ دوم اﯾﻦ آزﻣﺎﯾﺶ ﻧﯿﺎز اﺳﺖ ﻫﻤﺎن دﺳﺘﻮر ﺑﺎﻻ ﺑﻪ ﻫﻤﺮاه ﻋﺒﺎرت‬ .‫دﺳﺘﻮر اﺳﺘﻔﺎده ﮐﺮد‬ Router(config-if)#ip address 172.27.48.254 255.255.255.0 secondary Router(config-if)# FastEthernet0/0 ‫3. ﻓﻌﺎل ﺳﺎزي‬ up ‫ ﻫﺴﺘﻨﺪ ﺑﺮاي ﻓﻌﺎل و‬Administratively Down ‫ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﻫﻤﻪ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي روﺗﺮ در ﺣﺎﻟﺖ‬ ‫ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد‬no shut ‫ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ از دﺳﺘﻮر‬ Router(config-if)#no shutdown Router(config-if)# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, state to up Router(config-if)# changed running-configuration ‫4. ﺑﺮرﺳﯽ ﺗﻨﻈﯿﻤﺎت اﻧﺠﺎم ﺷﺪه از ﻃﺮﯾﻖ‬ ‫ از ﻃﺮﯾﻖ‬privileged mode ‫ﺑﺮاي ﻣﺸﺎﻫﺪه ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ ﭘﺲ از ﺧﺮوج از ﻣﻮد ﻓﻌﻠﯽ و ﺑﺎزﮔﺸﺖ ﺑﻪ‬ ‫ را ﻣﺸﺎﻫﺪه ﻣﯽ ﮐﻨﯿﻢ‬Fa0/0 ‫ ، ﺑﺎ اﺟﺮاي دﺳﺘﻮرات زﯾﺮ ﺗﻨﻈﯿﻤﺎت ﻣﺨﺘﺺ‬Ctl+Z ‫ﻓﺸﺮدن‬ Router(config-if)#^Z %SYS-5-CONFIG_I: Configured from console by console Router#show run interface FastEthernet 0/0 Building configuration... Current configuration : 148 bytes ! interface FastEthernet0/0 ip address 172.27.48.254 255.255.255.0 secondary Page 70 of 290
  • 72.
    ip address 10.234.51.254255.255.255.0 duplex auto speed auto end Router# Page 71 of 290
  • 73.
    ‫آزﻣﺎﯾﺶ 7.2- ﭘﯿﮑﺮﺑﻨﺪيﻣﺸﺨﺼﻪ ﻫﺎي وﯾﮋه اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻢ ﭘﺎراﻣﺘﺮﻫﺎي ﻣﺸﺨﺼﻪ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي روﺗﺮ/ﺳﻮﯾﯿﭻ ﻣﺎﻧﻨﺪ ‪ Speed,Duplex,MTU‬و‬ ‫ﭼﻨﺪ ﻣﻮرد دﯾﮕﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺗﻨﻈﯿﻢ ﭘﺎراﻣﺘﺮﻫﺎي ارﺗﺒﺎﻃﯽ ادوات ﺳﯿﺴﮑﻮ اﻣﺮ راﯾﺠﯽ در ﺑﺮﺧﯽ از ﺣﻮزه ﻫﺎي ﺷﺒﮑﻪ ﻣﺜﻞ دﯾﺘﺎﺳﻨﺘﺮﻫﺎ و ﺗﺠﻤﯿﻊ و ﺗﻮزﯾﻊ‬ ‫ﭘﻬﻨﺎي ﺑﺎﻧﺪ ﻣﯽ ﺑﺎﺷﺪ.ﺗﻮﺻﯿﻪ ﻣﯽ ﺷﻮد اﯾﻦ ﺗﻨﻈﯿﻤﺎت ﺑﺮاي اﺗﺼﺎﻻت ‪ node‬ﺑﻪ ‪ node‬ﺑﻪ ﻃﻮر دﺳﺘﯽ و ‪ node‬ﺑﻪ ‪ Host‬ﺑﻪ‬ ‫ﻃﻮر ﺧﻮدﮐﺎر اﻧﺠﺎم ﺷﻮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﺳﺮﻋﺖ 0/0‪ FastEthernet‬ﺑﻪ ‪100Mbps‬‬ ‫ﺗﻨﻈﯿﻢ دوﭘﻠﮑﺲ 0/0‪ FastEthernet‬ﺑﻪ ‪Full‬‬ ‫ﺗﻨﻈﯿﻢ ‪ MTU‬ﺑﻪ ‪1520 bytes‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﭘﻬﻨﺎي ﺑﺎﻧﺪ 0/0‪ FastEthernet‬ﺑﻪ ‪10Mbps‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﺗﺎﺧﯿﺮ 0/0‪ FastEthernet‬ﺑﻪ ‪10ms‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ‪ Mac address‬ﺑﻪ 9‪ca02.0adc.0ef‬‬ ‫ﺗﻨﻈﯿﻢ ‪Keepalives‬‬ ‫ﺗﻨﻈﯿﻢ ‪CDP‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. اوﻟﯿﻦ ﻫﺪف اﯾﻦ آزﻣﺎﯾﺶ ﺗﻨﻈﯿﻢ ﺳﺮﻋﺖ 0/0‪ FastEthernet‬روﺗﺮ ﺑﻪ ‪ 100Mbps‬اﺳﺖ. اﯾﻨﮑﺎر ﺑﺎ اﺳﺘﻔﺎده از‬ ‫دﺳﺘﻮر ‪ speed‬در ﻣﻮد ‪ interface configuration‬ﺑﻪ ﻗﺮار زﯾﺮ اﻧﺠﺎم ﻣﯿﺸﻮد.‬ ‫092 ‪Page 72 of‬‬
  • 74.
    Router con0 isnow available Press RETURN to get started. Router>enable Password: Router#configure terminal Enter configuration commands, one per line. Router(config)#interface FastEthernet 0/0 Router(config-if)#speed 100 End with CNTL/Z. ‫ ﻧﯿﺰ اﻧﺠﺎم ﭘﺬﯾﺮد.اﯾﻦ ﻣﻮرد ﺗﻮﺳﻂ دﺳﺘﻮر‬duplex ‫2. ﺗﻮﺻﯿﻪ ﻣﯿﺸﻮد ﭘﺲ از ﺗﻨﻈﯿﻢ ﺳﺮﻋﺖ اﯾﻨﺘﺮﻓﯿﺲ ﺗﻨﻈﯿﻤﺎت‬ .‫ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﻧﺠﺎم ﻣﯽ ﺷﻮد‬duplex Router(config-if)#duplex ? auto Enable AUTO duplex configuration full Force full duplex operation half Force half-duplex operation Router(config-if)#duplex full ‫ ﺳﺮوﮐﺎر دارﯾﻢ ﺑﺴﯿﺎر ﻣﻌﻤﻮل اﺳﺖ ﮐﻪ اﻧﺪازه ﻫﺎي‬Ipsec ‫ ﯾﺎ ﺗﺎﻧﻞ ﻫﺎي‬WAN ‫3. ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﺎ ﻟﯿﻨﮑﻬﺎي‬ ‫ ﻫﺴﺖ‬packet encapsulation ‫ را ﮐﻪ ﺑﯿﺎﻧﮕﺮ ﺣﺪاﮐﺜﺮ ﺳﺎﯾﺰ‬Maximum Transmission Unit (MTU) .‫ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬MTU‫را ﺗﻐﯿﯿﺮ دﻫﯿﻢ.ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر از دﺳﺘﻮر‬ Router(config-if)#mtu ? <1500-1530> MTU size in bytes Router(config-if)#mtu 1520 ،10Mbps ‫ ﺑﻪ ﻋﺪد‬FastEthernet0/0 ‫4. ﺗﻨﻈﯿﻢ ﭘﻬﻨﺎي ﺑﺎﻧﺪ‬ Bandwidth ‫ﻣﻔﻬﻮم ﭘﻬﻨﺎي ﺑﺎﻧﺪ را ﺑﺎ ﺳﺮﻋﺖ ﮐﻪ در ﺑﻨﺪ اول اﯾﻦ آزﻣﺎﯾﺶ ﺗﻨﻈﯿﻢ ﮐﺮدﯾﻢ اﺷﺘﺒﺎه ﻧﮕﯿﺮﯾﺪ. دﺳﺘﻮر‬ ‫ﺗﻮﺳﻂ ﭘﺮوﺗﮑﻠﻬﺎي روﺗﯿﻨﮓ ﺑﻪ ﻣﻨﻈﻮر ﻣﺤﺎﺳﺒﻪ ﻣﺘﺮﯾﮏ ﻫﺎي ﻣﺴﯿﺮ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد.اﯾﻦ ﻣﻔﻬﻮم در‬ ‫ﻓﺼﻮل آﺗﯽ ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ‬ Router(config-if)#bandwidth ? <1-10000000> Bandwidth in kilobits inherit Specify that bandwidth is inherited receive Specify receive-side bandwidth Router(config-if)#bandwidth 10000 ، 10000ms ‫5. ﺗﻨﻈﯿﻢ ﺗﺎﺧﯿﺮ ﻟﯿﻨﮏ ﺑﻪ ﻋﺪد‬ Page 73 of 290
  • 75.
    ‫ﭘﺎراﻣﺘﺮ ﺗﺎﺧﯿﺮ ﻧﯿﺰﻣﺎﻧﻨﺪ ﭘﻬﻨﺎي ﺑﺎﻧﺪ از ﺟﻤﻠﻪ ﻓﺎﮐﺘﻮرﻫﺎي ﻣﻬﻢ در ﻣﺤﺎﺳﺒﺎت ﻣﺘﺮﯾﮏ ﻫﺎي روﺗﯿﻨﮓ ﭘﺮوﺗﮑﻠﻬﺎ اﺳﺖ‬ ‫ﺟﺰﺋﯿﺎت اﯾﻦ ﻣﻔﻬﻮم در ﻓﺼﻮل آﺗﯽ ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ و در اﯾﻨﺠﺎ ﺻﺮﻓﺎ ﺑﻪ ﺗﻨﻈﯿﻢ ﮐﺮدن آن‬ .‫ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ Router(config-if)#delay ? <1-16777215> Throughput delay (tens of microseconds) Router(config-if)#delay 10000 Mac address ‫6. ﺗﻨﻈﯿﻢ‬ ‫ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬Mac ‫ در ﺳﻨﺎرﯾﻮﻫﺎﯾﯽ ﻫﻤﭽﻮن اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس‬Mac address ‫ﺗﻐﯿﯿﺮ و ﺗﻨﻈﯿﻢ‬ ‫ اﻣﮑﺎن ﭘﺬﯾﺮ اﺳﺖ‬Mac ‫ﻣﯿﮕﯿﺮد.اﻧﺠﺎم اﯾﻦ ﺗﻐﯿﯿﺮ ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر‬ Router(config-if)#mac ? H.H.H MAC address Router(config-if)#mac ca02.0adc.0ef9 interface ‫ﺑﺮاي ﭼﮏ ﮐﺮدن ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ روي اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد آزﻣﺎﯾﺶ ﺗﺎ اﯾﻨﺠﺎ ﺑﺪون ﺧﺎرج ﺷﺪن از ﻣﻮد‬ ‫ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯽ ﮐﻨﯿﻢ‬do show interface fastethernet0/0 ‫ از دﺳﺘﻮر‬configuration Router(config-if)#do show interface FastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is ca02.0adc.0ef9 ca02.0adc.0008) Internet address is 10.234.51.254/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 663 packets output, 69307 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 unknown protocol drops (bia Page 74 of 290
  • 76.
    ‫‪0 babbles, 0late collision, 0 deferred‬‬ ‫‪0 lost carrier, 0 no carrier‬‬ ‫‪0 output buffer failures, 0 output buffers swapped out‬‬ ‫#)‪Router(config-if‬‬ ‫7. ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ‪Keepalives‬‬ ‫‪ Keepalive‬ﯾﮏ ﻓﺮﯾﻢ ﻻﯾﻪ دو اﺳﺖ ﮐﻪ از اﯾﻨﺘﺮﻓﯿﺲ دﺳﺘﮕﺎه اول ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ دﺳﺘﮕﺎه آﻧﺴﻮي ﻟﯿﻨﮏ ارﺳﺎل‬ ‫ﻣﯽ ﺷﻮد ﺗﺎ از ﺑﺮﻗﺮاري ﻟﯿﻨﮏ ﻓﯽ ﻣﺎﺑﯿﻦ اﻃﻤﯿﻨﺎن ﺣﺎﺻﻞ ﺷﻮد.در ﺻﻮرﺗﯿﮑﻪ از آﻧﺴﻮي ﻟﯿﻨﮏ ﻓﺮﯾﻢ ﻣﺸﺎﺑﻪ ارﺳﺎﻟﯽ‬ ‫درﯾﺎﻓﺖ ﻧﺸﻮد ﺑﻪ ﻣﻌﻨﺎي ‪ down‬ﺷﺪن اﯾﻨﺘﺮﻓﯿﺲ اﺳﺖ.اﯾﻦ ﻓﺮﯾﻢ ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﻫﺮ 01 ﺛﺎﻧﯿﻪ ﯾﮑﺒﺎر ارﺳﺎل‬ ‫ﻣﯽ ﺷﻮد.ﺑﺮاي ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن آن اﯾﻦ ﻋﺪد ﺑﻪ ﺻﻔﺮ ﺗﻐﯿﯿﺮ داده ﻣﯽ ﺷﻮد.‬ ‫? ‪Router(config-if)#keepalive‬‬ ‫)‪<0-32767> Keepalive period (default 10 seconds‬‬ ‫0 ‪Router(config-if)#keepalive‬‬ ‫8. ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ‪CDP‬‬ ‫‪ CDP‬ﭘﺮوﺗﮑﻞ ﻻﯾﻪ دو اﺳﺖ ﮐﻪ ﺑﻪ ﺟﺎﺑﺠﺎﯾﯽ ﻣﺸﺨﺼﺎت رﯾﺰو درﺷﺖ ادوات ﺳﯿﺴﮑﻮ در ﯾﮏ ﺳﮕﻤﻨﺖ از ﺷﺒﮑﻪ‬ ‫ﻣﯽ ﭘﺮدازد.ﻫﻨﮕﺎﻣﯽ ﮐﻪ دو دﺳﺘﮕﺎه روﺗﺮ را ﺑﻪ ﺻﻮرت ﻣﺴﺘﻘﯿﻢ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﯿﮑﻨﯿﻢ ﺷﺮوع ﺑﻪ ارﺳﺎل و درﯾﺎﻓﺖ‬ ‫ﻓﺮﯾﻤﻬﺎي ‪CDP‬روي ﮐﻠﯿﻪ ﭘﻮرﺗﻬﺎي ﺧﻮد ﻣﯽ ﮐﻨﻨﺪ )ﺑﻪ ﺟﺰ ‪ .(Framerelay‬ﺑﺮاي ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن آن روي ﯾﮏ‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﺧﺎص از دﺳﺘﻮر ‪ no cdp‬اﺳﺘﻔﺎده ﻣﯿﺸﻮد‬ ‫‪Router(config-if)#no cdp enable‬‬ ‫ﺗﺎ اﯾﻨﺠﺎ ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ اﺗﻤﺎم رﺳﯿﺪ.اﮐﻨﻮن ﺑﺮاي ﭼﮏ ﮐﺮدن و ﻣﺸﺎﻫﺪه ﮐﺎﻧﻔﯿﮕﻬﺎي ﺻﻮرت ﮔﺮﻓﺘﻪ روي 0/0‪Fa‬‬ ‫ﺑﺪون ﺧﺎرج ﺷﺪن از ﻣﻮد ﺟﺎري ﺑﻪ ﺷﮑﻞ زﯾﺮ ﻋﻤﻞ ﻣﯿﮑﻨﯿﻢ‬ ‫0/0‪Router(config-if)#do show run interface FastEthernet‬‬ ‫...‪Building configuration‬‬ ‫‪Current configuration : 245 bytes‬‬ ‫!‬ ‫0/0‪interface FastEthernet‬‬ ‫9‪mac-address ca02.0adc.0ef‬‬ ‫0251 ‪mtu‬‬ ‫00001 ‪bandwidth‬‬ ‫‪ip address 172.27.48.254 255.255.255.0 secondary‬‬ ‫0.552.552.552 452.15.432.01 ‪ip address‬‬ ‫00001 ‪delay‬‬ ‫092 ‪Page 75 of‬‬
  • 77.
    duplex full speed 100 nokeepalive no cdp enable end Router(config-if)# Page 76 of 290
  • 78.
    ‫آزﻣﺎﯾﺶ 8.2 -ﭘﯿﮑﺮﺑﻨﺪي ‪Loopback interface‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻌﺮﯾﻒ و ﺗﻨﻈﯿﻢ ‪ loopback interface‬روي روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎي ﻟﻮپ ﺑﮏ ﺑﻪ ﻋﻨﻮان اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻫﻤﯿﺸﻪ ‪ UP‬در ﺳﻨﺎرﯾﻮﻫﺎي ﻣﺘﻌﺪدي ﻫﻤﭽﻮن ‪management‬‬ ‫‪ Dynamic routing ،Process Router id ، tunnel source/destination ،interface‬و ﺑﺮﺧﯽ ﻣﻮارد دﯾﮕﺮ‬ ‫ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯽ ﮔﯿﺮﻧﺪ‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫راه اﻧﺪازي ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪ Gns‬و ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ آن‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ 1 ‪ loopback‬و ﺗﺨﺼﯿﺺ آدرس 0.552.552.552 152.12.332.01 ﺑﻪ آن‬ ‫‪‬‬ ‫ﺣﺬف اﯾﻨﺘﺮﻓﯿﺲ 1 ‪loopback‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ، اﯾﻨﺘﺮﻓﯿﺴﯽ ﻧﺮم اﻓﺰاري و ﻫﻤﻮاره ‪ up‬ﻣﺤﺴﻮب ﻣﯿﺸﻮد . ﺑﻪ ﻫﯿﭻ ﯾﮏ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﯿﺰﯾﮑﯽ‬ ‫واﺑﺴﺘﻪ ﻧﯿﺴﺘﻨﺪ ﺑﻪ ﻫﻤﯿﻦ ﺟﻬﺖ ﻫﯿﭻ ﮔﺎه ‪ down‬ﻧﻤﯿﺸﻮﻧﺪ ﻣﮕﺮ ﺑﻪ ﻃﻮر دﺳﺘﯽ و از ﻃﺮﯾﻖ دﺳﺘﻮر. ﺑﺮاي اﯾﺠﺎد ﻟﻮپ ﺑﮏ‬ ‫ﺟﺪﯾﺪ ﻧﯿﺎز اﺳﺖ ﺗﺎ در ﻣﻮد ‪ global configuration‬از دﺳﺘﻮر # ‪ loopback‬اﺳﺘﻔﺎده ﺷﻮد ﻣﺎﻧﻨﺪ ﮐﺪ زﯾﺮ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫.‪End with CNTL/Z‬‬ ‫‪Router>enable‬‬ ‫:‪Password‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫? ‪Router(config)#interface loopback‬‬ ‫‪<0-2147483647> Loopback interface number‬‬ ‫1 ‪Router(config)#interface loopback‬‬ ‫‪%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to‬‬ ‫‪up‬‬ ‫#)‪Router(config-if‬‬ ‫092 ‪Page 77 of‬‬
  • 79.
    ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ دﯾﺪمﺑﻪ ﻣﺤﺾ اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ در ﺣﺎﻟﺖ ‪ up‬ﻗﺮار ﮔﺮﻓﺖ.اﮐﻨﻮن ﻧﻮﺑﺖ ﺑﻪ ‪ ip‬دﻫﯽ ﺑﻪ اﯾﻦ ﻧﻮزاد ﺗﺎزه ﻣﺘﻮﻟﺪ‬ ‫ﺷﺪه ﻣﯽ رﺳﺪ. از دﺳﺘﻮر زﯾﺮ ﺑﺮاي اﯾﻨﮑﺎر اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬ ‫0.552.552.552 152.12.332.01 ‪Router(config-if)#ip address‬‬ ‫2. دوﻣﯿﻦ ﺑﺨﺶ اﯾﻦ آزﻣﺎﯾﺶ ﺣﺬف اﯾﻨﺘﺮﻓﯿﺲ اﯾﺠﺎد ﺷﺪه اﺳﺖ. ﺑﺮاي اﻧﺠﺎم اﯾﻨﮑﺎر از ﻋﺒﺎرت ‪ no‬ﭘﺸﺖ ﺳﺮ دﺳﺘﻮر‬ ‫اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ.‬ ‫1 ‪Router(config-if)#no interface loopback‬‬ ‫‪% Not all config may be removed and may reappear after reactivating the‬‬ ‫‪logical-interface/sub-interfaces‬‬ ‫#)‪Router(config‬‬ ‫‪%LINK-5-CHANGED: Interface Loopback1, changed state to administratively down‬‬ ‫‪%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to‬‬ ‫‪down‬‬ ‫ﺑﻪ ﻣﺠﺮد اﯾﻨﮑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﺣﺬف ﻣﯿﺸﻮد ﭘﯿﻐﺎﻣﯽ ﻣﺒﻨﯽ ﺑﺮ اﯾﻨﮑﻪ ﺗﻨﻈﯿﻤﺎت ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ ﺣﺬف ﺷﺪه از ﺳﯿﺴﺘﻢ ﭘﺎك‬ ‫ﻧﻤﯿﺸﻮد و دوﺑﺎره ﺑﺎ ﻓﻌﺎل ﺷﺪن اﯾﻨﺘﺮﻓﯿﺲ ﺑﺎز ﺧﻮاﻫﻨﺪ ﮔﺸﺖ ﻧﻤﺎﯾﺎن ﻣﯽ ﺷﻮد.اﯾﻦ ﺑﺪان ﻣﻌﻨﺎﺳﺖ ﮐﻪ ﻫﻨﮕﺎم اﯾﺠﺎد ﻣﺠﺪد‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﭘﺎك ﺷﺪه ﻣﻤﮑﻦ اﺳﺖ ﺑﺮﺧﯽ ﺗﻨﻈﯿﻤﺎت ﻗﺪﯾﻤﯽ ﻣﺮﺑﻮط ﺑﻪ آن اﯾﻨﺘﺮﻓﯿﺲ ﻗﺪﯾﻤﯽ ﻣﺠﺪدا ﻇﺎﻫﺮ ﺷﻮد!! در ﺻﻮرت‬ ‫ﻣﺸﺎﻫﺪه ﭼﻨﯿﻦ ﻣﺸﮑﻠﯽ ﺑﺎ رﯾﻠﻮد ﮐﺮدن روﺗﺮ ﺑﺮ ﻃﺮف ﻣﯽ ﺷﻮد.‬ ‫092 ‪Page 78 of‬‬
  • 80.
    ‫آزﻣﺎﯾﺶ 9.2 –ﺑﻪ روز رﺳﺎﻧﯽ ‪IOS‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺑﻪ روز رﺳﺎﻧﯽ ‪ IOS‬روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫از آﻧﺠﺎﯾﯽ ﮐﻪ ﺗﻘﺮﯾﺒﺎ ﻫﺮ 3 ﻣﺎه ﯾﮑﺒﺎر ﻧﺴﺨﻪ ﺟﺪﯾﺪي از ‪ IOS‬ﺗﻮﺳﻂ ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ اراﺋﻪ ﻣﯿﺸﻮد ﺑﻪ روزرﺳﺎﻧﯽ آن روي‬ ‫ادوات ﺳﯿﺴﮑﻮ اﻣﺮي راﯾﺞ ﺑﯿﻦ ﻣﻬﻨﺪﺳﯿﻦ ﺷﺒﮑﻪ ﻣﺤﺴﻮب ﻣﯿﺸﻮد.ﻧﺴﺨﻪ ﻫﺎي ﺟﺪﯾﺪ ﺷﺎﻣﻞ وﯾﮋﮔﯿﻬﺎي ﺟﺪﯾﺪ ﻣﺨﺘﺺ آن‬ ‫ﭘﻠﺘﻔﺮم ﻫﻤﯿﻨﻄﻮر ﺑﺎﮔﻬﺎي ﺑﺮﻃﺮف ﺷﺪه ﻫﺴﺘﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪ – GNS‬ﺗﺮﺟﯿﺤﺎ روﺗﺮ واﻗﻌﯽ‬ ‫‪‬‬ ‫ﺗﻬﯿﻪ ﻧﺴﺨﻪ ﺟﺪﯾﺪ ﺗﺮي از ‪ IOS‬ﻣﺮﺑﻮط ﺑﻪ روﺗﺮ‬ ‫‪‬‬ ‫راه اﻧﺪازي ‪ TFPF‬ﺳﺮور‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫داﻧﻠﻮد و ﻧﺼﺐ ‪ tftp‬ﺳﺮور‬ ‫ﻗﺮار دادن ‪ ios‬در ‪Tftp server root‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ آدرس ‪ Tftp‬و روﺗﺮ ﺑﻪ ﮔﻮﻧﻪ اي ﮐﻪ از ﯾﮏ ‪ subnet‬ﺑﺎﺷﻨﺪ ﻣﺜﻼ 42/2.1.1.01 & 42/1.1.1.01‬ ‫‪‬‬ ‫اﻃﻤﯿﻨﺎن از ﺑﺮﻗﺮاري اﺗﺼﺎل اﺗﺮﻧﺖ ﻣﺎﺑﯿﻦ ‪ Tftp‬ﺳﺮور و روﺗﺮ‬ ‫‪‬‬ ‫‪‬‬ ‫ﮐﭙﯽ ‪ image file‬از ‪ Tftp server‬ﺑﻪ روﺗﺮ‬ ‫رﯾﺒﻮت ﮐﺮدن دﺳﺘﮕﺎه ﭘﺲ از ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﮐﭙﯽ ﺷﺪن ‪ ios‬ﺟﺪﯾﺪ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻧﮑﺘﻪ:ﺑﻬﺘﺮ اﺳﺖ اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ادوات واﻗﻌﯽ اﻧﺠﺎم ﺷﻮد ، ﺑﻪ دﻟﯿﻞ اﯾﻨﮑﻪ 3‪ GNS‬ﻧﻤﯿﺘﻮاﻧﺪ از ‪ image‬ﺟﺪﯾﺪ ﮐﭙﯽ ﺷﺪه ﺑﻪ‬ ‫‪ flash‬ﺑﻮت ﺷﻮد.‬ ‫1. ﺑﻪ ﻣﻨﻈﻮر ﺑﺮوزرﺳﺎﻧﯽ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ روﺗﺮ ﻗﺒﻞ از ﻫﺮﭼﯿﺰ ﺑﻪ ﯾﮏ ‪ Tftp server‬ﺑﻪ ﻫﻤﺮاه اﺗﺼﺎل ﮐﺮاس ﺑﻪ‬ ‫ﺳﻮﯾﯿﭻ ﯾﺎ اﺗﺼﺎل ‪ straight‬ﺑﻪ ﺳﻮﯾﯿﭻ ﺳﭙﺲ ﺑﻪ روﺗﺮ ﻧﯿﺎز دارﯾﻢ.ﺑﺮاي ﺗﻨﻈﯿﻢ ‪ ip‬دو ﻃﺮف ارﺗﺒﺎط از ﯾﮏ ﺳﺎﺑﻨﺖ‬ ‫ﻣﺸﺘﺮك اﺳﺘﻔﺎه ﻣﯿﮑﻨﯿﻢ، 42/1.1.1.01 ﺑﻪ ‪ PC‬و 42/2.1.1.01ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ اﺗﺮﻧﺖ روﺗﺮ ﮐﻪ ﺑﻪ ‪ PC‬ﻣﺘﺼﻞ‬ ‫اﺳﺖ ﻣﻨﺘﺴﺐ ﻣﯿﺸﻮﻧﺪ.‬ ‫092 ‪Page 79 of‬‬
  • 81.
    Router con0 isnow available Press RETURN to get started. Router>enable Password: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastethernet 0/0 Router(config-if)#ip address 10.1.1.2 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#end Router# ‫ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬ping ‫2. ﺑﺮاي اﻃﻤﯿﻨﺎن از ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت و ﺑﺮﻗﺮاري اﺗﺼﺎل ﻓﯿﺰﯾﮑﯽ از دﺳﺘﻮر‬ Router#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms Router# ‫ ﺟﺪﯾﺪ ﺑﻪ ﻓﻠﺶ ﻣﻤﻮري روﺗﺮ ﻣﯿﺮﺳﺪ.ﺑﺎ‬image ‫ و روﺗﺮ ﻧﻮﺑﺖ ﺑﻪ ﮐﭙﯽ‬PC ‫ﭘﺲ از ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺑﺮﻗﺮاري اﺗﺼﺎل ﻣﺎﺑﯿﻦ‬ ‫ ﻓﺎﯾﻞ روﺑﺮو ﺧﻮاﻫﯿﻢ‬image ‫ ﺳﺮور و ﻧﺎم‬Tftp ‫ ﺑﺎ ﭘﯿﺎﻣﯽ ﻣﺒﻨﯽ ﺑﺮ ﻣﺸﺨﺺ ﮐﺮدن آدرس‬copy tftp flash ‫اﺟﺮاي دﺳﺘﻮر‬ ‫ﺷﺪ‬ Router#copy tftp flash Address or name of remote host []? 10.1.1.1 Source filename []? c2600-adventerprisek9-mz.124-15.T11.bin Destination filename [c2600-adventerprisek9-mz.124-15.T11.bin]? Accessing tftp://10.1.1.1/c2600-adventerprisek9-mz.124-15.T11.bin... Erase flash: before copying? [confirm] Erasing the flash filesystem will remove all files! Continue? [confirm] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Erase of flash: complete Loading c2600-adventerprisek9-mz.124-15.T11.bin from 10.1.1.1 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 34634180 bytes] Verifying checksum... CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC OK (0x8E89) 34634180 bytes copied in 486.894 secs (71133 bytes/sec) Router# Page 80 of 290
  • 82.
    ‫ در ﻓﺮاﯾﻨﺪﺑﻮت دﭼﺎر ﻣﺸﮑﻞ ﺷﺪ و‬IOS ‫ ﻓﺎﯾﻞ ﺟﺪﯾﺪ روﺗﺮ را رﯾﺴﺖ ﻣﯿﮑﻨﯿﻢ ، در ﺻﻮرﺗﯿﮑﻪ‬image ‫ﭘﺲ از ﮐﭙﯽ ﺷﺪن‬ .‫ﺳﯿﺴﺘﻢ ﺑﻮت ﻧﺸﺪ از ﻓﺮاﯾﻨﺪ رﯾﮑﺎوري درس ﺑﻌﺪي اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ Router#reload System configuration has been modified. Save? [yes/no]: no Proceed with reload? [confirm] %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1) Copyright (c) 2003 by cisco Systems, Inc. C2600 platform with 262144 Kbytes of main memory program load complete, entry point: 0x80008000, size: 0x2107824 Self decompressing the image : ################################################# ############################################################################# ### ############################################################################# ### ############################################################################# ### ################################### [OK] Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ 00036F 0X00103980 000065 0X00031500 0X00098670 0X00211000 TOTAL: 0X003DE4F0 TYPE C2651XM Dual Fast Ethernet Four port Voice PM public buffer pools public particle pools If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Rounded IOMEM up to: 3Mb. Using 1 percent iomem. [3Mb/256Mb] Increasing IOMEM up to: 8Mb Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Page 81 of 290
  • 83.
    Cisco IOS Software,C2600 Software (C2600-ADVENTERPRISEK9-M), 12.4(15)T11, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 28-Oct-09 18:16 by prod_rel_team Image text-base: 0x800080F8, data-base: 0x83594B3C Version This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 2651XM (MPC860P) processor (revision 2.0) with 253952K/8192K bytes of memory. Processor board ID JAE08030QZL M860 processor: part number 5, mask 2 2 FastEthernet interfaces 2 Serial interfaces 32K bytes of NVRAM. 49152K bytes of processor board System flash (Read/Write) Slot is empty or does not support clock participate WIC slot is empty or does not support clock participate Press RETURN to get started! Page 82 of 290
  • 84.
    ‫آزﻣﺎﯾﺶ 01.2- ﺑﺎزﯾﺎﺑﯽ‪ ios‬ﺗﺨﺮﯾﺐ ﺷﺪه در روﺗﺮﻫﺎي 0052‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﺣﯿﺎء ‪ ios‬ﻫﺎي ﺗﺨﺮﯾﺐ ﺷﺪه در روﺗﺮﻫﺎي ﺳﺮي 0052 آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.ﻧﮑﺎت اﯾﻦ درس در‬ ‫ﻣﻮرد ﺳﺮي ﻫﺎي 0003 و 0015‪ AS‬و 009‪ uBR‬ﻧﯿﺰ ﺻﺎدق اﺳﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺑﺎ اﯾﻨﮑﻪ ﺳﺮي 0052 ﻋﻤﻼ ﺟﺰ ﺳﺮﯾﻬﺎي ﻣﻨﺴﻮخ ﺷﺪه ﺑﻪ ﺣﺴﺎب ﻣﯽ آﯾﺪ اﻣﺎ اﺳﺘﻔﺎه از آن در ﻣﺤﯿﻄﻬﺎي آزﻣﺎﯾﺸﮕﺎﻫﯽ‬ ‫ﮐﻤﺎﮐﺎن راﯾﺞ اﺳﺖ.ﻗﻄﻌﺎ اﻣﺮوزه ﮐﺴﯽ ﺑﻪ ﻓﮑﺮ ﺑﺮوزرﺳﺎﻧﯽ ﺳﺮي 0052 ﮐﻪ آپ ﺗﺎﯾﻢ ﻧﺰدﯾﮏ ﺑﻪ 8 ﺳﺎل دارد ﻧﻤﯽ اﻓﺘﺪ ! ﭼﺮا‬ ‫ﺑﺎﯾﺪ ﺳﯿﺴﺘﻤﯽ را ﮐﻪ ﺑﻪ اﯾﻦ ﺧﻮﺑﯽ در ﺣﺎل اﻧﺠﺎم وﻇﯿﻔﻪ اﺳﺖ را ﺗﻐﯿﺮ داد؟ دﻧﺒﺎل ﭼﻪ ﭼﯿﺰ ﺑﯿﺸﺘﺮي ﻫﺴﺘﯿﻢ ؟ ﺳﻠﺴﻠﻪ‬ ‫ﻧﮑﺎت زﯾﺮ ﻣﻮاﻗﻌﯽ ﮐﺎرﺑﺮد دارﻧﺪ ﮐﻪ روﺗﺮ ﺑﺎزﻧﺸﺴﺘﻪ ﻣﺎ در ﺑﻮت اﺧﯿﺮ ﺧﻮد دﭼﺎر ﻣﺸﮑﻞ ﺷﺪه و ﺑﺎﻻ ﻧﻤﯽ آﯾﺪ ﻫﻤﯿﻨﻄﻮر‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ روﺗﺮﻫﺎي دﺳﺖ دوم ﺑﺎ ﻓﻠﺶ ﭘﺎك ﺷﺪه از ﺑﺎزار ﺧﺮﯾﺪاري ﻣﯽ ﺷﻮﻧﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ 0052 ﺑﺪون ‪ IOS‬ﯾﺎ ﺑﺎ ‪ IOS‬ﺧﺮاب . ﻣﯿﺘﻮان ﺑﺎ ‪ erase‬ﮐﺮدن ﻓﻠﺶ اﯾﻦ ﺣﺎﻟﺖ را اﯾﺠﺎد ﮐﺮد!‬ ‫‪‬‬ ‫اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ روﺗﺮ‬ ‫‪‬‬ ‫‪ Tftp‬ﺳﺮور ﻓﻌﺎل‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﻮت ﺑﻪ ﻣﺤﯿﻂ ‪ ROM mode‬از ﻃﺮﯾﻖ ﻧﮕﻬﺪاﺷﺘﻦ ﮐﻠﯿﺪﻫﺎي ‪ CTRL+Pause‬ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت‬ ‫ﺗﻐﯿﯿﺮ ‪ configuration register‬ﺑﻪ 1412×0 ﺟﻬﺖ ﺑﻮت ﺳﯿﺴﺘﻢ از ﻃﺮﯾﻖ ‪ROM‬‬ ‫ﭘﯿﮑﺮﺑﻨﺪي اوﻟﯿﻪ روﺗﺮ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ ‪ ip‬ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬ ‫‪‬‬ ‫ﮐﭙﯽ ‪ ios‬از ‪Tftp‬ﺳﺮور ﺑﻪ ﻓﻠﺶ روﺗﺮ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻐﯿﯿﺮ ‪ configuration register‬ﺑﻪ ﻣﻘﺪار ﻗﺒﻠﯽ و رﯾﺒﻮت روﺗﺮ‬ ‫.‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺎ ﻓﺸﺮدن ‪ CTRL+Pause‬ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت وارد ﻣﺤﯿﻂ ‪ Rom mode‬ﻣﯿﺸﻮﯾﻢ . ﺧﻂ ﻓﺮﻣﺎن اﮐﻨﻮن ﺑﻪ ﺣﺎﻟﺖ‬ ‫زﯾﺮ اﺳﺖ‬ ‫092 ‪Page 83 of‬‬
  • 85.
    Copyright (c) 1986-1996by cisco Systems 2500 processor with 14336 Kbytes of main memory Abort at 0x10CFA0A (PC) > ‫ ﺑﻪ‬Rom boot image ‫ را ﺑﻪ ﻣﻨﻈﻮر ﺑﻮت ﺷﺪن ﺑﻌﺪي از ﻃﺮﯾﻖ‬configuration register ‫2. ﻣﺤﺘﻮاي‬ ‫1412×0 ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ‬ >o/r 0x2141 .‫ ﻣﯽ ﺷﻮد‬Initialize ‫ روﺗﺮ وارد ﭘﺮوﺳﻪ‬i ‫3. ﺑﺎ وارد ﮐﺮدن ﻓﺮﻣﺎن‬ >I System Bootstrap, Version 11.0(10c), SOFTWARE Copyright (c) 1986-1996 by cisco Systems 2500 processor with 14336 Kbytes of main memory [OUTPUT TRUNCATED] Press RETURN to get started! ‫ ﺳﺮور ﻧﺴﺒﺖ ﻣﯽ دﻫﯿﻢ‬Tftp ‫ ﺟﻬﺖ اﺗﺼﺎل ﺑﻪ‬ip ‫4. در اﯾﻦ ﻣﺮﺣﻠﻪ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬ Press RETURN to get started! Router(boot)>enable Router(boot)#config t Router(boot)(config)#interface e0 Router(boot)(config-if)#ip add 10.1.1.20 255.255.255.0 Router(boot)(config-if)#no shut Router(boot)(config-if)#exit ****NOTE: The line below is optional if your TFTP server is not on the same network**** Router(boot)(config)#ip default-gateway 10.1.1.254 Router(boot)(config)#end .‫ ﺑﻪ ﻓﻠﺶ ﻣﻤﻮري روﺗﺮ ﮐﭙﯽ ﻣﯿﮑﻨﯿﻢ‬Tftp ‫ را از‬IOS Image ‫5. اﮐﻨﻮن‬ Router(boot)#copy tftp flash System flash directory: No files in System flash Page 84 of 290
  • 86.
    [0 bytes used,8388608 available, 8388608 total] Address or name of remote host [255.255.255.255]? 172.16.20.17 Source file name? c2500-i-l.121-27b.bin Destination file name [c2500-i-l.121-27b.bin]? Accessing file 'c2500-i-l.121-27b.bin' on 10.1.1.1... Loading c2500-i-l.121-27b.bin from 172.16.20.17 (via Ethernet0): ! [OK] Erase flash device before writing? [confirm] Copy 'c2500-i-l.121-27b.bin' from server as 'c2500-i-l.121-27b.bin' into Flash WITH erase? [yes/no]y Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Loading c2500-i-l.121-27b.bin from 172.16.20.17 (via Ethernet0): !!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!! [OUTPUT TRUNCATED] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! [OK - 8040260/8388608 bytes] Verifying checksum... OK (0xCB96) Flash copy took 0:03:58 [hh:mm:ss] Router(boot)# ‫ را ﺑﻪ ﻣﻘﺪار اوﻟﯿﻪ ﺑﺮ ﻣﯽ ﮔﺮداﻧﯿﻢ و روﺗﺮ‬Configuration register ‫ ﻣﺤﺘﻮاي‬IOS ‫6. ﭘﺲ از ﮐﭙﯽ ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ‬ .‫را رﯾﺒﻮت ﻣﯽ ﮐﻨﯿﻢ ﺑﻪ اﻣﯿﺪ اﯾﻨﮑﻪ اﯾﻨﺒﺎر ﺑﺎﻻ ﺧﻮاﻫﺪ آﻣﺪ‬ Router(boot)#configure terminal Router(boot)(config)#configuration-register 0x2102 Router(boot)(config)#end Router(boot)#reload System configuration has been modified. Save? [yes/no]: n Proceed with reload? [confirm] 00:06:51: %SYS-5-RELOAD: Reload requested System Bootstrap, Version 11.0(10c), SOFTWARE Copyright (c) 1986-1996 by cisco Systems 2500 processor with 14336 Kbytes of main memory Notice: NVRAM invalid, possibly due to write erase. F3: 7916604+123624+619980 at 0x3000060 Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Page 85 of 290
  • 87.
    Rights clause atFAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(27b), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Tue 16-Aug-05 22:38 by pwade Image text-base: 0x03041FDC, data-base: 0x00001000 cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory. Processor board ID 11848462, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: ‫7. ﺧﻮب ﺗﺎ اﯾﻨﺠﺎ روﺗﺮ ﺑﺎﻻ اﻣﺪ اﻣﺎ ﺑﺪون ﻫﯿﭻ ﮔﻮﻧﻪ اﺛﺮي از ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ . اﮔﺮ از ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ ﭘﺸﺘﯿﺒﺎن ﺗﻬﯿﻪ‬ .‫ﮐﺮده اﯾﺪ ﮐﻪ ﻫﯿﭻ ، اﮔﺮ ﻧﮑﺮده اﯾﺪ ﺑﻬﺘﺮ اﺳﺖ رزوﻣﻪ ﺧﻮد را ﺑﺮوز ﮐﻨﯿﺪ‬ Page 86 of 290
  • 88.
    ‫آزﻣﺎﯾﺶ 4.2 –اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺳﺮﯾﻬﺎي دﯾﮕﺮ روﺗﺮ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺗﺨﺮﯾﺐ ﺷﺪه روﺗﺮﻫﺎي ﺳﺮي ,0092 ,0082 ,0091 ,0081 ,0071‬ ‫0093 ,0083 و .... آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺳﺮي 0062 روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ ﻋﻤﻼ ﺗﻮﺳﻂ ﺳﺮي 0082 از دور ﺧﺎرج ﺷﺪﻧﺪ اﻣﺎ ﺑﻪ وﻓﻮر در ﻣﺤﯿﻄﻬﺎي آزﻣﺎﯾﺸﮕﺎﻫﯽ ﺑﻪ‬ ‫ﭼﺸﻢ ﻣﯽ ﺧﻮرﻧﺪ.ﻣﺤﯿﻂ ‪ ROMMON‬اﯾﻦ ﺳﺮي ﮐﻪ ﺑﻪ ﻣﻨﻈﻮر ﺗﺮﻣﯿﻢ و اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺗﺨﺮﯾﺐ ﺷﺪه ﻣﻮرد اﺳﺘﻔﺎده‬ ‫ﻗﺮار ﻣﯽ ﮔﯿﺮد ﮐﺎﻣﻼ ﻣﺸﺎﺑﻪ ﻣﺤﯿﻂ ﺳﺮﯾﻬﺎي ﺑﺎﻻﺗﺮ ﻣﯽ ﺑﺎﺷﺪ. ﺑﻪ ﻫﻤﯿﻦ ﺟﻬﺖ از اﯾﻦ ﺳﺮي ﺟﻬﺖ ﺗﻤﺮﯾﻦ آزﻣﺎﯾﺶ ﺟﺎري‬ ‫اﺳﺘﻔﺎده ﻣﯽ ﮐﻨﯿﻢ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ ﺳﺮي 0062 ﻓﺎﻗﺪ ‪ IOS‬ﯾﺎ ‪ IOS‬ﺗﺨﺮﯾﺐ ﺷﺪه .‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮ‬ ‫‪Tftp‬ﺳﺮور و اﺗﺼﺎل آن ﺑﻪ روﺗﺮ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﻮت ﺑﻪ ﻣﺤﯿﻂ ‪ ROM mode‬از ﻃﺮﯾﻖ ﻧﮕﻬﺪاﺷﺘﻦ ‪ CTRL + Pause‬ﻃﯽ ﻓﺮاﯾﻨﺪ ﺑﻮت‬ ‫‪‬‬ ‫ﻣﻘﺪار دﻫﯽ ﺑﻪ ﻣﺘﻐﯿﺮ ‪ TFTPDNLD‬ﺟﻬﺖ درﯾﺎﻓﺖ ‪ image‬از ‪tftp‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﺟﺮاي دﺳﺘﻮر ‪ TFTPDNLD –r‬ﺑﻪ ﻣﻨﻈﻮر ﻟﻮد ﮐﺮدن ‪ image‬ﺑﻪ درون ‪Ram‬‬ ‫ﮐﭙﯽ ‪ IOS‬ﺑﻪ ﻓﻠﺶ ﻣﻤﻮري ﭘﺲ از ﺑﻮت ﺷﺪن از ﻃﺮﯾﻖ ‪IOS‬‬ ‫رﯾﺒﻮت ﻧﻬﺎﯾﯽ ﺳﯿﺴﺘﻢ و ﭼﮏ ﮐﺮدن ﺻﺤﺖ ﻣﺮاﺣﻞ ﻓﻮق‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺎ ﻓﺮض اﯾﻨﮑﻪ اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ روﺗﺮ ﻣﻌﯿﻮب ﺑﺮﻗﺮار ﺷﺪه اﺳﺖ ، روﺗﺮ را رﯾﺴﺖ ﻣﯿﮑﻨﯿﻢ و ﺑﺎ ﻓﺸﺮدن ﺗﺮﮐﯿﺐ‬ ‫‪ CTRL + Pause‬وارد ﻣﺤﯿﻂ ‪ ROMMON‬ﻣﯽ ﺷﻮﯾﻢ.ﺧﺮوﺟﯽ ﺑﻪ ﺷﮑﻞ زﯾﺮ اﺳﺖ‬ ‫092 ‪Page 87 of‬‬
  • 89.
    System Bootstrap, Version12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1) Copyright (c) 2003 by cisco Systems, Inc. C2600 platform with 262144 Kbytes of main memory device does not contain a valid magic number boot: cannot open "flash:" boot: cannot determine first file name on device "flash:" rommon 1 > ‫1562 وﺟﻮد دارﻧﺪ را‬XM ‫ روي ﭘﻠﺘﻔﺮم‬ROMMON ‫ ﻣﯽ ﺗﻮان ﻟﯿﺴﺖ دﺳﺘﻮراﺗﯽ را ﮐﻪ در ﺣﺎﻟﺖ‬help ‫ﺑﺎ اﺟﺮاي دﺳﺘﻮر‬ .‫ﻣﺸﺎﻫﺪه ﮐﺮد‬ rommon 1 > help alias boot break confreg cont context cookie dev dir dis dnld frame help history meminfo repeat reset set stack sync sysret tftpdnld unalias unset xmodem rommon 2 > set and display aliases command boot up an external process set/show/clear the breakpoint configuration register utility continue executing a downloaded image display the context of a loaded image display contents of cookie PROM in hex list the device table list files in file system display instruction stream serial download a program module print out a selected stack frame monitor builtin command help monitor command history main memory information repeat a monitor command system reset display the monitor variables produce a stack trace write monitor environment to NVRAM print out info from last system return tftp image download unset an alias unset a monitor variable x/ymodem image download ‫ را ﺑﻪ درون ﻓﻠﺶ ﻣﻤﻮري روﺗﺮ داﻧﻮد‬IOS image ‫ اﺳﺖ.اﯾﻦ دﺳﺘﻮر‬tftpdnld ‫2. اﮐﻨﻮن ﻧﻮﺑﺖ ﮐﺎر ﺑﺎ دﺳﺘﻮر‬ ‫ را ﻧﯿﺰ دارا اﺳﺖ.ﺑﺎ ﺗﺎﯾﭗ اﯾﻦ دﺳﺘﻮر ﭘﺎراﻣﺘﺮﻫﺎﯾﯽ ﮐﻪ را‬Ram ‫ﻣﯿﮑﻨﺪ ﻫﻤﯿﻨﻄﻮر ﻗﺎﺑﻠﯿﺖ ﺑﺎرﮔﺬاري ﻣﺴﺘﻘﯿﻢ درون‬ ‫ﮐﻪ ﺑﺮاي اﺟﺮا ﺑﻪ آﻧﻬﺎ ﻧﯿﺎز دارد را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ‬ rommon 2 > tftpdnld Page 88 of 290
  • 90.
    Missing or illegalip address for variable IP_ADDRESS Illegal IP address. usage: tftpdnld [-r] Use this command for disaster recovery only to recover an image via TFTP. Monitor variables are used to set up parameters for the transfer. (Syntax: "VARIABLE_NAME=value" and use "set" to show current variables.) "ctrl-c" or "break" stops the transfer before flash erase begins. The following variables are REQUIRED to be set for tftpdnld: IP_ADDRESS: The IP address for this unit IP_SUBNET_MASK: The subnet mask for this unit DEFAULT_GATEWAY: The default gateway for this unit TFTP_SERVER: The IP address of the server to fetch from TFTP_FILE: The filename to fetch The following variables are OPTIONAL: TFTP_VERBOSE: Print setting. 0=quiet, 1=progress(default), 2=verbose TFTP_RETRY_COUNT: Retry count for ARP and TFTP (default=12) TFTP_TIMEOUT: Overall timeout of operation in seconds (default=7200) TFTP_CHECKSUM: Perform checksum test on image, 0=no, 1=yes (default=1) FE_SPEED_MODE: 0=10/hdx, 1=10/fdx, 2=100/hdx, 3=100/fdx, 4=Auto(deflt) Command line options: -r: do not write flash, load to DRAM only and launch image rommon 3 > ‫ را وارد ﻣﯿﮑﻨﯿﻢ‬set ‫ دﺳﺘﻮر‬image ‫ﺟﻬﺖ ﻣﻘﺪار دﻫﯽ ﺑﻪ ﭘﺎراﻣﺘﺮﻫﺎي ﻣﻮرد ﻧﯿﺎز ﺟﻬﺖ داﻧﻠﻮد‬ rommon 3 > set PS1=rommon ! > BOOT= RET_2_RUTC=0 BSI=0 RANDOM_NUM=1492875412 ROM_PERSISTENT_UTC=1016225763 RET_2_RTS= RET_2_RCALTS= ?=1 rommon 24 > set PS1=rommon ! > BOOT= RET_2_RUTC=0 BSI=0 RANDOM_NUM=1492875412 ROM_PERSISTENT_UTC=1016225763 RET_2_RTS= RET_2_RCALTS= ?=0 rommon 4 > Page 89 of 290
  • 91.
    ‫در زﯾﺮ ﻟﯿﺴﺖﭘﺎراﻣﺘﺮﻫﺎ و ﻣﻘﺎدﯾﺮ ﻣﻮرد ﻧﯿﺎز آﻧﻬﺎ را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬ rommon rommon rommon rommon rommon 4 5 6 7 8 > > > > > IP_ADDRESS=10.1.1.10 IP_SUBNET_MASK=255.255.255.0 DEFAULT_GATEWAY=10.1.1.254 TFTP_SERVER=172.16.20.17 TFTP_FILE=c2600-i-mz.123-26.bin ‫ اﺳﺘﻔﺎده‬Ram ‫ درون‬image ‫ ﺑﻪ ﻣﻨﻈﻮر ﺑﺎرﮔﺬاري ﻣﺴﺘﻘﯿﻢ‬tftpdnld –r ‫ﭘﺲ از ﻣﻘﺪار دﻫﯽ ﭘﺎراﻣﺘﺮﻫﺎ از دﺳﺘﻮر‬ ‫ﻣﯿﮑﻨﯿﻢ‬ rommon 9 > tftpdnld -r IP_ADDRESS: IP_SUBNET_MASK: DEFAULT_GATEWAY: TFTP_SERVER: TFTP_FILE: 10.1.1.10 255.255.255.0 10.1.1.254 172.16.20.17 c2600-i-mz.123-26.bin ..... Receiving c2600-i-mz.123-26.bin from 172.16.20.17 !!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! File reception completed. program load complete, entry point: 0x80008000, size: 0x765238 Self decompressing the image : ############################################## ####################################################################### [OK] Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ 00036F 0X00103980 000065 0X00031500 0X00098670 0X00211000 TOTAL: 0X003DE4F0 TYPE C2651XM Dual Fast Ethernet Four port Voice PM public buffer pools public particle pools If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Rounded IOMEM up to: 4Mb. Using 3 percent iomem. [4Mb/128Mb] Page 90 of 290
  • 92.
    Restricted Rights Legend Use,duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 15:23 by dchih cisco 2651XM (MPC860P) processor (revision 0x200) with 126976K/4096K bytes of memory. Processor board ID JAE08030QZL (457188033) M860 processor: part number 5, mask 2 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 49152K bytes of processor board System flash (Read/Write) --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: ‫ ﺳﺮور ﺑﻪ ﻓﻠﺶ‬Tftp ‫ از‬ISO image ‫ ﺷﺮوع ﺑﻪ ﮐﭙﯽ‬cli ‫ را ﺗﺎﯾﭗ ﻣﯿﮑﻨﯿﻢ و ﺑﻪ ﻣﺤﺾ وارد ﺷﺪن ﺑﻪ ﻣﺤﯿﻂ‬no ‫ﻋﺒﺎرت‬ ‫ﻣﻤﻮري روﺗﺮ ﻣﯿﮑﻨﯿﻢ. ﻣﻤﮑﻦ اﺳﺖ از ﺧﻮد ﺑﭙﺮﺳﯿﺪ ﭼﺮا از اﺑﺘﺪا اﯾﻨﮑﺎر اﻧﺠﺎم ﻧﺸﺪ و ﻋﻠﺖ اﯾﻦ دوﺑﺎره ﮐﺎري ﭼﯿﺴﺖ ؟ ﻋﻠﺖ‬ image ‫ اﺳﺖ ﻧﺴﺒﺖ ﺑﻪ ﺳﺮﻋﺖ ﮐﭙﯽ‬TFTPDNLD ‫ ﺑﻪ ﻓﻠﺶ ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر‬Tftp ‫در ﮐﻨﺪ ﺑﻮدن ﻓﺮاﯾﻨﺪ ﮐﭙﯽ از‬ ‫ ﺑﻪ‬Tftp ‫ از‬IOS ‫ اﻧﺠﺎم ﻣﯿﺸﻮد و ﺑﻌﺪ از آن ﻣﺎﻧﻨﺪ درس 9.2 اﻗﺪام ﺑﻪ ﮐﭙﯽ‬Ram ‫ . در ﻧﺘﯿﺠﻪ اﺑﺘﺪا ﺑﻮت ﺑﻪ‬Ram ‫ﻓﺎﯾﻞ ﺑﻪ‬ ‫ﻓﻠﺶ ﻣﯿﮑﻨﯿﻢ. اﺑﺘﺪا ﺗﻨﻈﯿﻤﺎت آدرس اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮرا ﺑﻪ ﻗﺮار زﯾﺮ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ Router>enable Router#configure terminal Router(config)#interface fa0/0 Router(config-if)#ip add 10.1.1.10 255.255.255.0 Router(config-if)#no shut Router(config-if)#exit Router(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.254 Router(config)#end Router# Page 91 of 290
  • 93.
    ‫ ﺑﻪ ﻓﻠﺶﻣﻤﻮري‬IOS ‫وﺑﻌﺪ از آن ﮐﭙﯽ‬ Router#copy tftp flash Address or name of remote host []? 172.16.20.17 Source filename []? c2600-adventerprisek9-mz.124-1.bin Destination filename [c2600-adventerprisek9-mz.124-1.bin]? Accessing tftp://172.16.20.17/c2600-adventerprisek9-mz.124-1.bin... Erase flash: before copying? [confirm] Erasing the flash filesystem will remove all files! Continue? [confirm] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee e eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased Erase of flash: complete Loading c2600-adventerprisek9-mz.124-1.bin from 172.16.20.17 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!! [OK - 34634180 bytes] Verifying checksum... OK (0x8E89) 34634180 bytes copied in 279.014 secs (124131 bytes/sec) Router# ‫ ﺑﻪ ﻓﻠﺶ ﻣﻤﻮري ، روﺗﺮ را رﯾﺴﺖ ﻣﯽ ﮐﻨﯿﻢ و ﺑﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺟﺪﯾﺪ ﻣﺴﺘﻘﺮ در ﻓﻠﺶ ﺑﻮت‬IOS ‫اﮐﻨﻮن ﭘﺲ از اﺗﻤﺎم ﮐﭙﯽ‬ !‫ﻣﯽ ﺷﻮﯾﻢ‬ Page 92 of 290
  • 94.
    ‫آزﻣﺎﯾﺶ 21.2- اﺣﯿﺎﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺗﺨﺮﯾﺐ ﺷﺪه ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺳﺮي 0573 ,0653 ,0553 ,0592‬ ‫از ﻃﺮﯾﻖ ‪ Xmodem‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ ﺟﺰ ﻣﻬﺎرﺗﻬﺎﯾﯽ اﺳﺖ ﮐﻪ ﻫﺮ ﻣﻬﻨﺪس ﺷﺒﮑﻪ ﻣﻠﺰم ﺑﻪ داﻧﺴﺘﻦ آن اﺳﺖ و ﺧﻮاﻫﯽ‬ ‫ﻧﺨﻮاﻫﯽ ﺣﺪاﻗﻞ ﯾﮏ ﺑﺎر ﻃﯽ دوران ﺣﺮﻓﻪ اي ﺧﻮد ﺑﺎ آن ﻣﻮاﺟﻪ ﻣﯿﺸﻮد.ﺑﻬﺘﺮ اﺳﺖ ﻣﻬﺎرﺗﻬﺎي اﯾﻦ ﭼﻨﯿﻨﯽ ﻗﺒﻞ از وﻗﻮع‬ ‫ﺑﺤﺮان و ﻗﺮار ﮔﺮﻓﺘﻦ در ﺷﺮاﯾﻂ ﭘﺮ اﺳﺘﺮس واﻗﻌﯽ آﻣﻮﺧﺘﻪ ﺷﻮﻧﺪ ﺗﺎ در ﻫﻨﮕﺎم وﻗﻮع اﯾﻦ ﻣﺸﮑﻞ زﻣﺎن ﺑﺮاي ﻣﻄﺎﻟﻌﻪ و‬ ‫ﺗﺤﻘﯿﻖ در ﺧﺼﻮص روش اﺣﯿﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ از دﺳﺖ ﻧﺮود.‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﯾﮏ دﺳﺘﮕﺎه ﺳﻮﯾﯿﺞ واﻗﻌﯽ ﻓﺎﻗﺪ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﯾﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺗﺨﺮﯾﺐ ﺷﺪه– ﻣﺒﺎﺣﺚ اﯾﻦ ﺟﻠﺴﻪ در 3‪Gns‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﺳﻮﯾﯿﭻ‬ ‫‪‬‬ ‫اﺳﺘﻔﺎده از ‪ HyperTerminal‬ﯾﺎ ‪ SecureCTR‬ﺑﻪ دﻟﯿﻞ اﯾﻨﮑﻪ ‪ Puty‬از ‪ Xmodem‬ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ‬ ‫ﻗﺎﺑﻞ اﺟﺮا ﻧﯿﺴﺖ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﻮت ﺑﻪ ﻣﺤﯿﻂ ‪SWITCH ROM‬‬ ‫‪ Initialize‬ﮐﺮدن ﻓﺎﯾﻞ ﺳﯿﺴﺘﻢ ﻓﻠﺶ‬ ‫‪‬‬ ‫اﻓﺰاﯾﺶ ‪ Baude rate‬ﺑﻪ 002511ﺟﻬﺖ ارﺗﺒﺎط ﺳﺮﯾﻌﺘﺮ ‪Xmodem‬‬ ‫‪‬‬ ‫ﮐﭙﯽ ‪ IOS‬از ﻃﺮﯾﻖ ‪ Xmodem‬ﺑﻪ ﻓﻠﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﭘﺎراﻣﺘﺮﻫﺎي ﺑﻮت ﺟﻬﺖ ﺑﻮت ﺷﺪن ﺑﻌﺪي ﺑﺎ ‪ IOS‬ﺟﺪﯾﺪ‬ ‫ﺑﺮﮔﺮداﻧﺪن ‪ Baude rate‬ﺑﻪ 0069‬ ‫رﯾﺒﻮت ﺳﻮﯾﯿﭻ و اﻃﻤﯿﻨﺎن از ﺻﺤﺖ ﻓﻌﺎﻟﯿﺘﻬﺎي ﺻﻮرت ﮔﺮﻓﺘﻪ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫روش ﺑﺎزﯾﺎﺑﯽ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻞ ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺗﺎﺣﺪي ﻣﺘﻔﺎوت از روﺷﻬﺎي ﻣﺘﺪاوﻟﯽ اﺳﺖ ﮐﻪ ﺗﺎﮐﻨﻮن‬ ‫آﻣﻮﺧﺘﯿﻢ.ﻣﺘﺎﺳﻔﺎﻧﻪ ﺳﺮي ﻫﺎي ﻏﯿﺮ ﻣﺎژوﻻر ﮐﺎﺗﺎﻟﯿﺴﺖ ﺻﺮﻓﺎ از ﻃﺮﯾﻖ ‪ Xmodem‬اﻣﮑﺎن ﺗﺮﻣﯿﻢ ‪ IOS‬را دارا ﻫﺴﺘﻨﺪ ﺑﺮ‬ ‫ﺧﻼف ﺳﺮﯾﻬﺎي 0054,0056 ﮐﻪ ﺑﺮاﺣﺘﯽ از ﻃﺮﯾﻖ ‪ CF‬ﮐﺎرت اﯾﻦ ﻓﺮاﯾﻨﺪ را اﻧﺠﺎم ﻣﯽ دﻫﻨﺪ.‬ ‫092 ‪Page 93 of‬‬
  • 95.
    ‫ ﺑﻮت ﻣﯿﮑﻨﯿﻢ.ﺑﺮايﻣﺸﺎﻫﺪه ﺟﺰﺋﯿﺎت‬stat ‫ از ﻃﺮﯾﻖ ﭘﺎﯾﯿﻦ ﻧﮕﻪ داﺷﺘﻦ دﮐﻤﻪ‬Rom mode ‫1. ﺳﻮﯾﯿﭻ را ﺑﻪ ﻣﺤﯿﻂ‬ /‫ﺑﺒﯿﺸﺘﺮ ﺑﻪ آزﻣﺎﯾﺶ 3.2 ﻣﺮاﺟﻌﻪ ﮐﻨﯿﺪ‬ .‫ﺧﺮوﺟﯽ زﯾﺮ ﻣﺤﺘﻮاي ﺗﺮﻣﯿﻨﺎل ﭘﺲ از ورود ﺑﻪ اﯾﻦ ﻣﺤﯿﻂ را ﻧﺸﺎن ﻣﯽ دﻫﺪ‬ Boot Sector Filesystem (bs) installed, fsid: 2 Base ethernet MAC Address: 00:14:f2:d2:41:80 Xmodem file system is available. The password-recovery mechanism is enabled. The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software: flash_init boot switch: ‫ ﺧﻮاﻫﺪ ﺷﺪ ﻣﻄﺎﺑﻖ ﺑﺎ روش زﯾﺮ‬initialize ‫2. ﭘﺲ از ورود ﺑﻪ اﯾﻦ ﻣﺤﯿﻂ ﻓﺎﯾﻞ ﺳﯿﺴﺘﻢ ﻓﻠﺶ‬ switch: flash_init Initializing Flash... flashfs[0]: 1 files, 1 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 15998976 flashfs[0]: Bytes used: 12474880 flashfs[0]: Bytes available: 3524096 flashfs[0]: flashfs fsck took 10 seconds. ...done Initializing Flash. switch: ‫ ﻓﺮﻣﺖ‬format flash: ‫ ﺗﺨﺮﯾﺐ ﺷﺪه اﺳﺖ ﻣﯿﺘﻮان ﻓﻠﺶ را ﺑﺎ اﺳﺘﻔﺎده از‬ios ‫- در ﺻﻮرﺗﯿﮑﻪ‬Opitonal .3 !‫ را ﻫﻢ ﭘﺎك ﻣﯿﮑﻨﺪ‬startup config ‫ﮐﺮد.اﯾﻨﮑﺎر‬ Switch: format flash: Are you sure you want to format "flash:" (all data will be lost) (y/n)?y flashfs[0]: 0 files, 1 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 7741440 flashfs[0]: Bytes used: 1024 flashfs[0]: Bytes available: 7740416 flashfs[0]: flashfs fsck took 12 seconds. Page 94 of 290
  • 96.
    Filesystem "flash:" formatted Switch: ‫را ﻗﻄﻊ ﻧﻤﻮد‬xmodem ‫ را اﻓﺰاﯾﺶ دﻫﯿﻢ ﺑﺎﯾﺪ اﺗﺼﺎل ﺟﺎري‬Xmodem ‫4. ﺑﺮاي اﯾﻨﮑﻪ ﺳﺮﻋﺖ اﻧﺘﻘﺎل اﻃﻼﻋﺎت‬ ‫ ﺗﺎ ﺻﺒﺢ روز ﺑﻌﺪ ﻃﻮل‬IOS ‫ﺳﭙﺲ از ﻃﺮﯾﻖ دﺳﺘﻮر زﯾﺮ آﻧﺮا ﺗﺎ 002511 اﻓﺰاﯾﺶ داد در ﻏﯿﺮ اﯾﻨﺼﻮرت ﮐﭙﯽ‬ .‫ﺧﻮاﻫﺪ ﮐﺸﯿﺪ‬ switch: set BAUD 115200 ‫ ﺟﺪﯾﺪ را از ﻃﺮﯾﻖ دﺳﺘﻮر‬IOS ‫5. ﭘﺲ از ﺗﻨﻈﯿﻢ ﺳﺮﻋﺖ و ﺑﺮﻗﺮاري ﻣﺠﺪد ارﺗﺒﺎط ﺑﺎ ﺳﻮﯾﯿﭻ‬ ‫ ﺑﻪ ﻓﻠﺶ ﻣﻨﺘﻘﻞ ﻣﯿﮑﻨﯿﻢ‬copy xmodem: flash:filename.bin switch: copy xmodem: flash:c3560-ipservicesk9-mz.122-53.SE.bin Begin the Xmodem or Xmodem-1K transfer now... CCC Starting xmodem transfer. Press Ctrl+C to cancel. Transferring c3560-ipservicesk9-mz.122-53.SE.bin... 100% 12181 KB 6 KB/s 00:31:56 0 Errors ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................................................................. ................. File "xmodem:" successfully copied to "flash:c3560-ipservicesk9-mz.12253.SE.bin" switch: Page 95 of 290
  • 97.
    ‫ ﺟﺪﯾﺪ را‬IOS‫ ﭘﺎراﻣﺘﺮ ﺑﻮت ﺳﻮﯾﯿﭻ را ﺑﻪ ﻓﺮم زﯾﺮ ﺑﺎ ﻫﺪف ﺑﻮت ﺑﻌﺪي از ﻃﺮﯾﻖ‬IOS ‫6. ﭘﺲ از ﮐﭙﯽ ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ‬ ‫اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ switch: set BOOT flash:c3560-ipservicesk9-mz.122-53.SE.bin ‫ را از ﻣﻘﺪار ﺟﺪﯾﺪ ﺑﻪ 0069 ﺑﺮﻣﯿﮕﺮداﻧﯿﻢ.ﭘﺲ از اﯾﻨﮑﺎر ﻻزم اﺳﺖ ارﺗﺒﺎط ﮐﻨﺴﻮل‬BAUD rate ‫7. ﭘﺲ از اﯾﻨﮑﺎر‬ .‫ﻗﻄﻊ ﺷﺪه و ﻣﺠﺪدا ﺑﺮﻗﺮار ﺷﻮد‬ switch: unset BAUD .‫ اﺳﺖ‬Xmodem ‫ ﺟﺪﯾﺪا ﮐﭙﯽ ﺷﺪه ﺗﻮﺳﻂ‬ios ‫8. آﺧﺮﯾﻦ ﻗﺪم ﺑﻮت ﮐﺮدن ﺳﻮﯾﯿﭻ و ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﻋﻤﻠﮑﺮد‬ .‫ﻣﻮﺟﺐ ﺑﻮت ﺷﺪن ﺳﯿﺴﺘﻢ ﺑﺎ ﭘﺎراﻣﺘﺮﻫﺎي ﺗﻨﻈﯿﻢ ﺷﺪه ﺟﺪﯾﺪ اﺳﺖ‬Boot ‫اﺳﺘﻔﺎده از دﺳﺘﻮر‬ switch: boot Loading "flash:/c3560-ipservicesk9-mz.122-53.SE.bin"...@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ File "flash:/c3560-ipservicesk9-mz.122-53.SE.bin" uncompressed and installed, entry point: 0x1000000 executing... Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), 12.2(53)SE, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Sun 13-Dec-09 15:45 by prod_rel_team Image text-base: 0x01000000, data-base: 0x02E00000 Version Page 96 of 290
  • 98.
    Initializing flashfs... flashfs[1]: 1files, 1 directories flashfs[1]: 0 orphaned files, 0 orphaned directories flashfs[1]: Total bytes: 15998976 flashfs[1]: Bytes used: 12474880 flashfs[1]: Bytes available: 3524096 flashfs[1]: flashfs fsck took 1 seconds. flashfs[1]: Initialization complete....done Initializing flashfs. Checking for Bootloader upgrade.. not needed POST: CPU MIC register Tests : Begin POST: CPU MIC register Tests : End, Status Passed POST: PortASIC Memory Tests : Begin POST: PortASIC Memory Tests : End, Status Passed POST: CPU MIC interface Loopback Tests : Begin POST: CPU MIC interface Loopback Tests : End, Status Passed POST: PortASIC RingLoopback Tests : Begin POST: PortASIC RingLoopback Tests : End, Status Passed POST: Inline Power Controller Tests : Begin POST: Inline Power Controller Tests : End, Status Passed POST: PortASIC CAM Subsystem Tests : Begin POST: PortASIC CAM Subsystem Tests : End, Status Passed POST: PortASIC Port Loopback Tests : Begin POST: PortASIC Port Loopback Tests : End, Status Passed Waiting for Port download...Complete This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C3560-24PS (PowerPC405) processor (revision M0) with 131072K bytes of memory. Processor board ID CAT0928Z2EE Page 97 of 290
  • 99.
    Last reset frompower-on 1 Virtual Ethernet interface 24 FastEthernet interfaces 2 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 00:14:F2:D2:D1:AF Motherboard assembly number : 73-9673-06 Power supply part number : 341-0029-03 Motherboard serial number : CAT09880NNZ Power supply serial number : LIT091091ZV Model revision number : M0 Motherboard revision number : A0 Model number : WS-C3560-24PS-S System serial number : CAT0911FAEE Top Assembly Part Number : 800-25861-03 Top Assembly Revision Number : A0 Version ID : V05 CLEI Code Number : COM1X1FARB Hardware Board Revision Number : 0x01 Switch Ports Model ------ ----- ----* 1 26 WS-C3560-24PS SW Version ---------12.2(53)SE SW Image ---------C3560-IPSERVICESK9-M Press RETURN to get started! Page 98 of 290
  • 100.
    ‫آزﻣﺎﯾﺶ 31.2- ﭼﮕﻮﻧﮕﯽﻧﻤﺎﯾﺶ ﺑﻨﺮ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﯾﺠﺎد ﺑﻨﺮ در ﻫﻨﮕﺎم ﻻﮔﯿﻦ،اﺟﺮاي دﺳﺘﻮرات و ﻧﻤﺎﯾﺶ ﭘﯿﺎم روز آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﺳﺘﻔﺎده از ﺑﻨﺮﻫﺎي ﻣﺨﺘﻠﻒ و ﻧﻤﺎﯾﺶ آﻧﻬﺎ در زﻣﺎﻧﻬﺎي ﺧﺎﺻﯽ ﻫﻤﭽﻮن ﺑﺮﻗﺮاري اﺗﺼﺎل ﺗﺮﻣﯿﻨﺎل ﯾﺎ ورود ﺑﻪ ﻣﺤﯿﻂ اﺟﺮاي‬ ‫دﺳﺘﻮرات اﻣﺮي راﯾﺞ اﺳﺖ.ﺑﻨﺮﻫﺎي ﻻﮔﯿﻦ ﭘﺲ از ورود ﻓﺮد ﺑﻪ ﺳﯿﺴﺘﻢ ﻧﻤﺎﯾﺶ داده ﻣﯽ ﺷﻮﻧﺪ.ﺑﻨﺮﻫﺎي ‪ MOTD‬ﻫﻢ ﭘﯿﺶ‬ ‫از اﺣﺮاز ﻫﻮﯾﺖ ﮐﺎرﺑﺮ ﻧﻤﺎﯾﺶ داده ﻣﯽ ﺷﻮد.ﺑﻨﺮﻫﺎي ‪ Exec‬ﻫﻢ ﻫﻨﮕﺎم ورود ﻓﺮد ﺑﻪ ﻣﺤﯿﻂ اﺟﺮاي دﺳﺘﻮرات ﻧﻤﺎﯾﺎن‬ ‫ﻣﯿﺸﻮﻧﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ login banner‬ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ ﭘﯿﺎم در ﻫﻨﮕﺎم ﺑﺮﻗﺮاري ﺗﻤﺎس ﺑﺎ روﺗﺮ‬ ‫اﯾﺠﺎد ﯾﮏ ‪ EXEC banner‬ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎﺗﯽ ﺧﺎص در ﻫﻨﮕﺎم ورود ﮐﺎرﺑﺮ ﺑﻪ ‪ mode‬اﺟﺮاي دﺳﺘﻮرات‬ ‫اﯾﺠﺎد ‪ Message of The Day (MOTD) banner‬ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ زﻣﺎن رﺳﯿﺪن ﺑﻪ ﺗﺎرﯾﺦ ﺳﺮوﯾﺲ و‬ ‫ﻧﮕﻬﺪاري دﺳﺘﮕﺎه .‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. در ﺑﺨﺶ اول، ﯾﮏ ﻻﮔﯿﻦ ﺑﻨﺮ ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﻗﺎﻧﻮﻧﯽ و ﻣﺎﻟﮑﯿﺘﯽ ﺳﯿﺴﺘﻢ ﻃﺮاﺣﯽ ﺧﻮاﻫﯿﻢ ﮐﺮد.در‬ ‫ﻫﻨﮕﺎم ﻃﺮاﺣﯽ ﺑﻨﺮ از ﮐﺎراﮐﺘﺮ ﺟﺪا ﮐﻨﻨﺪ ^ در اﺑﺘﺪا و اﻧﺘﻬﺎي ﻃﺮح ﺑﻨﺮ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.ﺑﺮاي اﯾﺠﺎد ﺑﻨﺮ از دﺳﺘﻮر‬ ‫‪ banner‬ﺑﻪ ﻫﻤﺮاه ﻣﺸﺨﺼﻪ ﺗﻌﯿﯿﻢ ﮐﻨﻨﺪه ﻧﻮع ﺑﻨﺮ ﮐﻪ در اﯾﻨﺠﺎ ‪ login‬اﺳﺖ اﺳﺘﻔﺎده ﻣﯿﺸﻮد.‬ ‫^ ‪Router(config)#banner login‬‬ ‫'^' ‪Enter TEXT message. End with the character‬‬ ‫##########################################‬ ‫‪# This is a Login banner used to show‬‬ ‫#‬ ‫#‬ ‫.‪legal and privacy information‬‬ ‫#‬ ‫#‬ ‫#‬ ‫#‬ ‫‪Unauthorized users prohibited‬‬ ‫#‬ ‫##########################################‬ ‫^‬ ‫092 ‪Page 99 of‬‬
  • 101.
    Router(config)#end Router#exit ‫ﺻﺤﺖ ﻓﺮاﯾﻨﺪ ﺑﻨﺮاﯾﺠﺎد ﺷﺪه ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ در ﻫﻨﮕﺎم ﻻﮔﯿﻦ ﺑﻪ ﺳﯿﺴﺘﻢ را در زﯾﺮ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ‬ Router con0 is now available Press RETURN to get started. ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## User Access Verification Password: Router> ‫ و ﻃﺮﯾﻘﻪ اي ﮐﻪ ﮐﺎرﺑﺮ ﺑﺎ آن اﺗﺼﺎل ﺑﺮﻗﺮار ﮐﺮده‬hostname ‫ ﺑﺎ ﻫﺪف ﻧﻤﺎﯾﺶ‬exec banner ‫2. در ﺑﺨﺶ دوم ﯾﮏ‬ ‫ ﻫﺎ ﺑﻪ‬Token.‫ آﺷﻨﺎ ﺷﻮﯾﻢ‬Banner Token ‫را اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ.ﺑﺮاي اﯾﺠﺎد اﯾﻦ ﻧﻮع ﺑﻨﺮ ﻻزم اﺳﺖ ﺑﺎ ﻣﻔﻬﻮم‬ ‫زﺑﺎن ﺳﺎده ﻣﺘﻐﯿﺮﻫﺎﯾﯽ ﻫﺴﺘﻨﺪ ﮐﻪ در دل ﺑﻨﺮ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮﻧﺪ و اﻃﻼﻋﺎﺗﯽ را از دل دﺳﺘﮕﺎه‬ Line ‫ و‬Hostname ‫($ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ ﮐﻪ‬line) ‫اﺳﺘﺨﺮاج ﮐﺮده و ﻧﻤﺎﯾﺶ ﻣﯽ دﻫﻨﺪ. در اﯾﻦ آزﻣﺎﯾﺶ از‬ ‫ﺑﻪ‬banner exec ^ ‫ از‬global config mode ‫ را ﺑﻪ ﮐﺎرﺑﺮ ﻧﻤﺎﯾﺶ ﻣﯽ دﻫﻨﺪ.ﻣﺎﻧﻨﺪ ﺑﻨﺮ ﻗﺒﻠﯽ در‬number ‫ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬ Router>enable Password: Router# Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#banner exec ^ Enter TEXT message. End with the character '^' Session established to $(hostname) on line $(line) ^ Router(config)# Page 100 of 290
  • 102.
    ‫ و ﺑﺎزﮔﺸﺖﻣﺠﺪد ﺑﻪ اﯾﻦ‬global config ‫ ، ﺗﻨﻈﻤﯿﺎت اﻧﺠﺎم ﺷﺪه را ﺑﺎ ﺧﺮوج از ﻣﺤﯿﻂ‬exec banner ‫ﭘﺲ از اﯾﺠﺎد‬ .‫ﻣﺤﯿﻂ ﭼﮏ ﻣﯿﮑﻨﯿﻢ‬ Router con0 is now available Press RETURN to get started. ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## User Access Verification Password: Session established to Router on line 0 Router> ‫ اﺳﺖ.اﯾﻦ ﻧﻮع ﺑﻨﺮ ﻋﻤﻮﻣﺎ ﺑﺮاي اﻃﻼع‬Message of the Day banner ‫3. آﺧﺮﯾﻦ ﺑﺨﺶ اﯾﻦ آزﻣﺎﯾﺶ ﺗﻨﻈﯿﻢ‬ ‫رﺳﺎﻧﯽ ﺑﻪ ﻣﺘﺼﺪﯾﺎن ﺗﺠﻬﯿﺰ در ﺧﺼﻮص ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ ﻧﮕﻬﺪاري آﺗﯽ ﺳﯿﺴﺘﻢ ﺑﻪ ﮐﺎر ﻣﯽ رود.اﯾﻦ ﺑﻨﺮ ﻗﺒﻞ از‬ ‫ﻧﻤﺎﯾﺶ ﻻﮔﯿﻦ ﺑﻨﺮ و ﺑﻪ ﻫﻤﺎن ﺷﯿﻮه اﯾﺠﺎد ﺑﻨﺮﻫﺎي ﻗﺒﻠﯽ اﯾﺠﺎد ﻣﯿﺸﻮد‬ Router>enable Password: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#banner motd ^ Enter TEXT message. End with the character '^' This router will undergo routine maintenance on 01/01/10 from 12:00AM to 2:00AM ^ Router(config)# ‫ﺑﺮاي ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت اﺧﯿﺮ از ﻣﻮد ﺟﺎري ﺧﺎرج ﺷﺪه و ﺧﺮوﺟﯽ را ﺑﻪ ﺻﻮرت زﯾﺮ ﭼﮏ ﻣﯿﮑﻨﯿﻢ‬ Page 101 of 290
  • 103.
    Router(config)#end Router#exit Router con0 isnow available Press RETURN to get started. This router will undergo routine maintenance on 01/01/10 from 12:00AM to 2:00AM ########################################## # This is a Login banner used to show # # legal and privacy information. # # # # Unauthorized users prohibited # ########################################## User Access Verification Password: Session established to Router on line 0 Router> Page 102 of 290
  • 104.
    ‫آزﻣﺎﯾﺶ 41.2- رﯾﺴﺖﮐﺮدن ﺗﻨﻈﯿﻤﺎت ﺳﯿﺴﺘﻢ ﺑﻪ ﺣﺎﻟﺖ ﭘﯿﺶ ﻓﺮض‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ رﯾﺴﺖ ﮐﺮدن ﺗﻨﻈﯿﻤﺎت و ﭘﺎراﻣﺘﺮﻫﺎ ﺑﻪ ﺣﺎﻟﺖ ﭘﯿﺶ ﻓﺮض ‪ ios‬از ﻃﺮﯾﻖ دﺳﺘﻮر ‪default‬‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻣﻮاﻗﻊ ﺑﺴﯿﺎري ﭘﯿﺶ ﻣﯽ آﯾﺪ ﮐﻪ ﻧﯿﺎز اﺳﺖ ﺗﻨﻈﻤﯿﺎت ﯾﮏ ﯾﺎ ﭼﻨﺪ اﯾﻨﺘﺮﻓﯿﺲ ﯾﺎ ﻧﻮع دﯾﮕﺮي از ﭘﯿﮑﺮه ﺑﻨﺪي ﺳﯿﺴﺘﻢ را ﺑﻪ‬ ‫ﺣﺎﻟﺖ اوﻟﯿﻪ و ﭘﯿﺶ ﻓﺮض ﺑﺎزﮔﺮداﻧﯿﻢ، ﯾﮏ ﻣﺜﺎل ﺑﺎرز آن ﺑﺎزﮔﺮداﻧﺪن ﺑﻪ ﺣﺎﻟﺖ اول ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺴﯽ اﺳﺖ ﮐﻪ ﺑﯿﺶ از‬ ‫01 ﺧﻂ ﺗﻨﻈﯿﻢ در ﭘﯿﮑﺮﺑﻨﺪي آن وﺟﻮد دارد و ﻗﻄﻌﺎ ﺗﻤﺎﯾﻞ ﻧﺪارﯾﻢ ﮐﻞ ﻣﺴﯿﺮ ﻣﻌﮑﻮس را ﺑﺎ ﺗﮑﺮار دﺳﺘﻮر ‪ no Xyz‬ﺑﺮاي‬ ‫ﺗﮏ ﺗﮏ ﺗﻨﻈﯿﻤﺎت ﻃﯽ ﮐﻨﯿﻢ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب ﭘﺎراﻣﺘﺮﻫﺎي ‪ ip,speed,duplex‬ﺑﻪ 0/0‪Fa‬‬ ‫‪‬‬ ‫ﺑﺎزﮔﺮداﻧﺪن ﺣﺎﻟﺖ اﯾﻨﺘﺮﻓﯿﺲ 0/0‪ Fa‬ﺑﻪ ﭘﯿﺶ ﻓﺮض .‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺮاي ﺷﺒﯿﻪ ﺳﺎزي ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﮐﺎﻧﻔﯿﮓ ﺷﺪه ﭘﺎراﻣﺘﺮﻫﺎي ﻓﻮق را ﺑﻪ ﺷﺮح زﯾﺮ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻧﺴﺒﺖ ﻣﯽ دﻫﯿﻢ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫0/0‪Router(config)#int fa‬‬ ‫0.552.552.552 452.1.1.01 ‪Router(config-if)#ip add‬‬ ‫‪Router(config-if)#duplex full‬‬ ‫001 ‪Router(config-if)#speed‬‬ ‫‪Router(config-if)#no shut‬‬ ‫‪%LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up‬‬ ‫‪%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed‬‬ ‫‪state to up‬‬ ‫092 ‪Page 103 of‬‬
  • 105.
    Router(config-if)# Router(config-if)#do show runint fa0/0 Building configuration... Current configuration : 94 bytes interface FastEthernet0/0 ip address 10.1.1.254 255.255.255.0 duplex full speed 100 end Router(config-if)# ‫2. ﻗﺪم ﺑﻌﺪي ﺑﻪ ﺣﺎﻟﺖ اول ﺑﺮﮔﺮداﻧﺪن ﮐﻠﯿﻪ ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ روي اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ اﺳﺖ ﺑﺎ اﺳﺘﻔﺎده از‬ .‫ ﻗﺒﻞ از ﻧﺎم اﯾﻨﺘﺮﻓﯿﺲ اﯾﻨﮑﺎر اﻧﺠﺎم ﻣﯽ ﺷﻮد‬default ‫دﺳﺘﻮر‬ outer(config-if)#exit Router(config)#default interface fa0/0 Building configuration... Interface FastEthernet0/0 set to default configuration Router(config)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up Rrouter(config)#do show run interface fastethernet 0/0 Building configuration... Current configuration : 73 bytes ! interface FastEthernet0/0 no ip address duplex auto speed auto end Router(config)# Page 104 of 290
  • 106.
    ‫آزﻣﺎﯾﺶ 1.3 –ﺗﻨﻈﯿﻤﺎت ﭘﺎﯾﻪ ﺗﺼﺪﯾﻖ ﻫﻮﯾﺖ ﮐﺎرﺑﺮ ﺑﺮ ﻣﺒﻨﺎي ﭘﺴﻮرد‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ روش ﭘﺎﯾﻪ اي ﺗﺼﺪﯾﻖ ﻫﻮﯾﺖ ﮐﺎرﺑﺮان ﻣﺒﺘﻨﯽ ﺑﺮ ﭘﺴﻮرد ﻣﺸﺘﻤﻞ ﺑﺮ -‪Consoel-VTY lines‬‬ ‫‪ Auxiliary‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﻣﻨﯿﺖ در ﺷﺒﮑﻪ ﻫﺎي واﻗﻌﯽ از ﻣﻬﻤﺘﺮﯾﻦ ﭼﺎﻟﺸﻬﺎﯾﯽ اﺳﺖ ﮐﻪ ﻣﻬﻨﺪﺳﯿﻦ ﺑﺎ آن دﺳﺖ ﺑﻪ ﮔﺮﯾﺒﺎن ﻫﺴﺘﻨﺪ،ﺑﺎﻻﺧﺺ در‬ ‫ﺷﺒﮑﻪ ﻫﺎﯾﯽ ﮐﻪ ﺑﺎ اﯾﻨﺘﺮﻧﺖ در ﺗﻤﺎس ﻫﺴﺘﻨﺪ.داﺷﺘﻦ روﺗﺮ/ﺳﻮﯾﯿﭽﻬﺎي ﻧﺎ اﻣﻦ ﮐﻞ ﺷﺒﮑﻪ را در ﻣﻘﺎﺑﻞ ﺗﻌﺪاد ﻧﺎﻣﺤﺪودي از‬ ‫رﯾﺴﮑﻬﺎي اﻣﻨﯿﺘﯽ ﻗﺮار ﻣﯽ دﻫﺪ.اﯾﻦ آزﻣﺎﯾﺶ ﺑﻪ ﺑﺮرﺳﯽ ﭘﺎﯾﻪ اي ﺗﺮﯾﻦ روش اﻓﺰاﯾﺶ ﺳﻄﺢ اﻣﻨﯿﺘﯽ ادوات ﻣﺒﺘﻨﯽ ﺑﺮ ‪IOS‬‬ ‫ﯾﺎ ﻫﻤﺎن ﺗﺼﺪﯾﻖ ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس رﻣﺰ ﻋﺒﻮر اﺳﺖ ﻣﯽ ﭘﺮدازد‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر ﺑﺮاي ﮐﻨﺴﻮل روﺗﺮ ﻫﻨﮕﺎم درﺧﻮاﺳﺖ ﺑﺮﻗﺮاري اﺗﺼﺎل ﺑﻪ ﮐﻨﺴﻮل‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر 4-0 ‪ VTY line‬ﺗﺎ در ﻫﻨﮕﺎم ﺑﺮﻗﺮاري اﺗﺼﺎﻟﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Telnet-SSH‬ﺑﻪ ﮐﺎرﺑﺮ ﻧﻤﺎﯾﺶ داده‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ‪Enable secret‬و ‪Enable password‬‬ ‫ﺷﻮد‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر ﺑﺮاي ‪Auxiliary line‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺮاي اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت ﻣﺮﺑﻮط ﺑﻪ ﺣﻔﺎﻇﺖ ﮐﻨﺴﻮل روﺗﺮ ﺑﺎ رﻣﺰ ﻋﺒﻮر ﻧﯿﺎز اﺳﺖ وارد ﻣﺤﯿﻂ ﺗﻨﻈﯿﻤﺎت ‪Console‬‬ ‫‪ line‬ﺷﻮﯾﻢ‬ ‫-- ‪--- System Configuration Dialog‬‬‫‪Would you like to enter the initial configuration dialog? [yes/no]: no‬‬ ‫!‪Press RETURN to get started‬‬ ‫092 ‪Page 105 of‬‬
  • 107.
    ‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫0 ‪Router(config)#lineconsole‬‬ ‫#)‪Router(config-line‬‬ ‫در اﯾﻦ ﻣﻮد ﻣﯿﺘﻮاﻧﯿﻢ رﻣﺰ ﻋﺒﻮر اﺗﺼﺎل ﺑﻪ ﮐﻨﺴﻮل را ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر ‪ password‬ﺗﻨﻈﯿﻢ ﮐﻨﯿﻢ‬ ‫321‪Router(config-line)#password Cisco‬‬ ‫ﺳﺖ ﮐﺮدن رﻣﺰ ﻋﺒﻮر ﺑﻪ ﺗﻨﻬﺎﯾﯽ ﺻﻔﺤﻪ اﻋﻼن ورود رﻣﺰ ﻋﺒﻮر را ﺑﻪ ﮐﺎرﺑﺮ روﺗﺮ ﻧﺸﺎن ﻧﺨﻮاﻫﺪ داد، ﺑﺮاي ﻓﻌﺎل ﮐﺮدن اﯾﻦ‬ ‫اﻋﻼن از دﺳﺘﻮر ‪ login‬اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد‬ ‫‪Router(config-line)#login‬‬ ‫ﺣﺎﻻ ﻧﻮﺑﺖ ﻣﯽ رﺳﺪ ﺑﻪ ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ ، ﺑﺮاي اﯾﻨﮑﺎر ﺑﺎﯾﺪ از ﻣﺤﯿﻂ اﺟﺮاي ﻓﺮاﻣﯿﻦ ﺑﺎ دﺳﺘﻮر ‪End‬‬ ‫ﺧﺎرج ﺷﺪ و دوﺑﺎره ﺑﻪ ﻣﺤﯿﻂ اوﻟﯿﻪ ﮐﻨﺴﻮل از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ Exit‬ﺑﻪ ﺷﮑﻞ زﯾﺮ وارد ﺷﺪ‬ ‫‪Router(config-line)#end‬‬ ‫‪Router#exit‬‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪User Access Verification‬‬ ‫:‪Password‬‬ ‫>‪Router‬‬ ‫2. اﮐﻨﻮن ﻧﻮﺑﺖ ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر ﺑﺮاي ﺧﻄﻮط )‪ VTY (Virtual TeleType‬اﺳﺖ.ﺧﻄﻮط ‪ VTY‬ﺧﻄﻮط‬ ‫ارﺗﺒﺎﻃﯽ ﻣﺠﺎزي ﻫﺴﺘﻨﺪ ﮐﻪ ﺑﺮاي ﺑﺮﻗﺮاري ارﺗﺒﺎط از راه دور ‪ Telnet‬ﯾﺎ ‪ SSh‬ﺑﻪ ادوات ﻣﺒﺘﻨﯽ ‪ IOS‬ﺑﻪ ﮐﺎر ﻣﯽ‬ ‫روﻧﺪ.ﺗﺨﺼﯿﺺ رﻣﺰ ﻋﺒﻮر ﺑﻪ اﯾﻦ ﺧﻄﻮط ﻫﻢ ﻣﺎﻧﻨﺪ روش ﻗﺒﻞ ﺻﻮرت ﻣﯽ ﮔﯿﺮد‬ ‫‪Router>enable‬‬ ‫‪Router#config terminal‬‬ ‫4 0 ‪Router(config)#line vty‬‬ ‫123‪Router(config-line)#password Cisco‬‬ ‫‪Router(config-line)#login‬‬ ‫ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﻓﻮق ﻧﯿﺎز اﺳﺖ ﺑﻪ ﯾﮑﯽ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي روﺗﺮ ‪ Ip‬ﺗﺨﺼﯿﺺ دﻫﯿﻢ ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﺑﻪ‬ ‫‪Loopback‬آداﭘﺘﺮ ﺻﻔﺮ ﺑﻪ ﺷﮑﻞ زﯾﺮ .‬ ‫092 ‪Page 106 of‬‬
  • 108.
    Router(config-line)#interface lo0 Router(config-if)#ip add10.1.1.1 255.255.255.255 Router(config-if)#end Router# ‫ از ﻃﺮﯾﻖ اﯾﻨﺘﺮﻓﯿﺲ اﯾﺠﺎد ﺷﺪه، از درون روﺗﺮي ﮐﻪ ﺑﺎ ﮐﻨﺴﻮل ﺑﻪ آن ﻣﺘﺼﻞ ﻫﺴﺘﯿﻢ ﺑﻪ‬Vty ‫اﮐﻨﻮن ﺑﺮاي ﺗﺴﺖ رﻣﺰ ﻋﺒﻮر‬ .‫ ﻣﯽ ﮐﻨﯿﻢ‬Telnet ‫ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺬﮐﻮر‬Ip Router#telnet 10.1.1.1 Trying 10.1.1.1 ... Open User Access Verification Password: Password: Router> Priviliged ‫ ﺧﻮاﻫﯿﻢ ﺷﺪ و در ﺻﻮرت ﻧﯿﺎز ﺑﻪ ورود ﺑﻪ‬user mode ‫ﭘﺲ از ورود رﻣﺰ ﻋﺒﻮر ﺗﻌﯿﯿﻦ ﺷﺪه وارد ﻣﺤﯿﻂ‬ .‫ ﻣﻮاﺟﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ‬Enable ‫ ﺑﺎ ﺻﻔﺤﻪ ورود رﻣﺰ ﻋﺒﻮر‬mode Router>enable Password: Password: Password: % Bad passwords Router> ‫ را ﺟﻬﺖ ﭘﺮﺳﯿﺪن رﻣﺰﻋﺒﻮر از ﮐﺎرﺑﺮ ﻫﻨﮕﺎم ورود ﺑﻪ‬Enable Secret ‫ و‬Enable password ‫3. در اﯾﻦ ﻗﺴﻤﺖ‬ ‫ اﻧﺠﺎم ﺧﻮاﻫﺪ‬Global configuration mode ‫ ﺗﻨﻈﯿﻢ ﺧﻮاﻫﯿﻢ ﮐﺮد.اﯾﻦ ﺗﻨﻈﯿﻢ در ﻣﺤﯿﻂ‬Privilege mode ‫ وارد اﯾﻦ ﻣﺤﯿﻂ ﺷﻮﯾﺪ‬Config terminal ‫ ﻫﺴﺘﯿﺪ ﺑﺎ دﺳﺘﻮر‬Telnet ‫ﺷﺪ ﭘﺲ اﮔﺮ ﻫﻨﻮز در ﻣﺤﯿﻂ‬ Router>exit [Connection to 10.1.1.1 closed by foreign host] Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable password Cisco1 Router(config)#enable secret Cisco2 Router(config)#end Router# :‫ﻧﮑﺘﻪ‬ Page 107 of 290
  • 109.
    ‫از ﻫﺮدوي ‪Enable password‬و ‪ Enable secret‬ﺑﺮاي ﯾﮏ ﻣﻨﻈﻮر اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد ﯾﻌﻨﯽ ورود ﺑﻪ ‪Privilege‬‬ ‫‪ mode‬اﻣﺎ اﮔﺮ ﻫﺮدوي آﻧﻬﺎ ﺳﺖ ﺷﻮﻧﺪ ‪ Enable secret‬ﻧﺴﺒﺖ ﺑﻪ ‪ Enable password‬اﻟﻮﯾﺖ ﺧﻮاﻫﺪ داﺷﺖ ﺑﻪ ﺑﯿﺎن‬ ‫ﺑﻬﺘﺮ ﻗﺒﻠﯽ را ﺑﺎﻃﻞ ﻣﯿﮑﻨﺪ‬ ‫ﻣﺠﺪدا ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺑﻪ روﺗﺮ ‪ Telnet‬ﻣﯿﮑﻨﯿﻢ.‬ ‫1.1.1.01 ‪Router#telnet‬‬ ‫‪Trying 10.1.1.1 ... Open‬‬ ‫‪User Access Verification‬‬ ‫:‪Password‬‬ ‫‪Router>enable‬‬ ‫:‪Password‬‬ ‫:‪Password‬‬ ‫#‪Router‬‬ ‫در ﺻﻮرﺗﯿﮑﻪ از ‪ Enable password‬اﺳﺘﻔﺎده ﮐﻨﯿﻢ رﻣﺰ ﻣﺮﺑﻮﻃﻪ ﻣﻮرد ﻗﺒﻮل ﻗﺮار ﻧﺨﻮاﻫﺪ ﮔﺮﻓﺖ ﭼﻮن ‪Enable secret‬‬ ‫ﻫﻢ ﺳﺖ ﺷﺪه اﺳﺖ.‬ ‫4. آﺧﺮﯾﻦ ﺑﺨﺶ اﯾﻦ آزﻣﺎﯾﺶ ﺗﻨﻈﯿﻢ رﻣﺰ ﻋﺒﻮر ﺑﺮاي ‪ Aux port‬اﺳﺖ.‪ Auxiliary port‬ﺑﺴﯿﺎر ﺷﺒﯿﻪ ﭘﻮرت‬ ‫ﮐﻨﺴﻮل اﺳﺖ و ﻫﻤﺎن ﻣﻔﻬﻮم ﮐﺎرﺑﺮدي را دارا اﺳﺖ ﺑﺎ اﯾﻦ ﺗﻔﺎوت ﮐﻪ داراي ﻗﺎﺑﻠﯿﺖ اﺗﺼﺎل ﺑﻪ ﻣﻮدم اﮐﺴﺘﺮﻧﺎل‬ ‫اﺳﺖ و ﺑﻪ راﻫﺒﺮ ﺳﯿﺴﺘﻢ اﯾﻦ اﺟﺎزه را ﻣﯽ دﻫﺪ ﮐﻪ از راه درو و ﺑﻪ ﺻﻮرت ‪ Dial up‬ﺑﻪ ﺳﯿﺴﺘﻢ ﻣﻮرد ﻧﻈﺮ ﻣﺘﺼﻞ‬ ‫ﺷﻮد. در ﺻﻮرﺗﯿﮑﻪ ﻧﯿﺎز ﺑﻪ ﭘﯿﮑﺮﺑﻨﺪي ﺗﻌﺪاد زﯾﺎدي از ادوات ﺳﯿﺴﮑﻮ ﺑﺎ اﯾﻦ روش ﺑﺎﺷﺪ ﻣﻌﻤﻮل اﺳﺖ ﮐﻪ ﺑﺎ ﺑﻬﺮه‬ ‫ﮔﯿﺮي از ‪ Access server‬و اﺗﺼﺎل آن ﺑﻪ ﺳﺎﯾﺮ ادوات و ﺗﻨﻬﺎ ﺑﺎ ﯾﮏ ﺧﻂ ‪ Dial-in‬اﯾﻦ اﻣﺮ ﻣﺤﻘﻖ ﺷﻮد.‬ ‫.‪End with CNTL/Z‬‬ ‫092 ‪Page 108 of‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫0 ‪Router(config)#line aux‬‬ ‫321‪Router(config-line)#password AuxPassword‬‬ ‫‪Router(config-line)#login‬‬ ‫‪Router(config-line)#end‬‬ ‫#‪Router‬‬
  • 110.
    ‫آزﻣﺎﯾﺶ 2.3 –ﭘﯿﮑﺮﺑﻨﺪي اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ روﺗﺮ/ﺳﻮﯾﯿﭻ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ اﺳﺎس ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮي ذﺧﯿﺮه ﺷﺪه در ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ‬ ‫روﺗﺮ/ﺳﻮﯾﯿﭻ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻋﻤﻮﻣﺎ در ﺷﺒﮑﻪ ﻫﺎي ﺑﺰرگ ﻧﻔﺮات زﯾﺎدي دﺳﺘﺮﺳﯽ ﺑﻪ ادوات ﺷﺒﮑﻪ ﺳﯿﺴﮑﻮ دارﻧﺪ و ﻻزم اﺳﺖ ﻣﮑﺎﻧﯿﺰﻣﯽ ﺑﺮاي ﺗﻌﺮﯾﻒ‬ ‫ﮐﺎرﺑﺮان و ﺳﻄﻮح دﺳﺘﺮﺳﯽ آﻧﻬﺎ ﺑﻪ ﻣﻨﻈﻮر اﻧﺠﺎم اﻣﻮر ﻣﺨﺘﻠﻒ ﻣﺪﯾﺮﯾﺘﯽ روي ادوات ﻣﺬﮐﻮر وﺟﻮد داﺷﺘﻪ ﺑﺎﺷﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ 1.1.1.01 ‪ Ip‬ﺑﻪ ‪loopback adapter‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﮐﺎرﺑﺮ ﺑﻪ ﻧﺎم ‪ Tom‬ﺑﺎ ﭘﺴﻮرد 321$‪ Cisco‬و اﻋﻄﺎي ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ‪ level‬ﺑﻪ ﮐﺎرﺑﺮ‬ ‫اﯾﺠﺎد ﮐﺎرﺑﺮ ‪ Jerry‬ﺑﺎ ﭘﺴﻮرد !‪ Letmesee‬و اﻋﻄﺎي ﺳﻄﺢ دﺳﺘﺮﺳﯽ 1 ‪ Level‬ﺑﻪ ﮐﺎرﺑﺮ‬ ‫ﺗﻨﻈﯿﻢ 4-0 ‪ VTY‬ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ﮐﺎرﺑﺮان از ﻃﺮﯾﻖ دﯾﺘﺎﺑﯿﺲ ﻣﺤﻠﯽ‬ ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ ﻃﺮﯾﻖ ‪ Telnet‬ﺑﻪ 0‪Loopback‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺮاي اﯾﺠﺎد ﯾﻮزر ‪ Tom‬ﺑﺎ ﻣﺸﺨﺼﻪ ﻫﺎي ﻓﻮق ﺑﻪ ﺷﮑﻞ زﯾﺮ ﻋﻤﻞ ﻣﯿﮑﻨﯿﻢ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫321$‪Router(config)#username tom privilege 15 secret Cisco‬‬ ‫2. ﺑﺮاي اﯾﺠﺎد ﯾﻮزر ‪ Jerry‬ﺑﺎ ﻣﺸﺨﺼﺎت ﻓﻮق ﺑﻪ ﺷﮑﻞ زﯾﺮ ﻋﻤﻞ ﻣﯿﮑﻨﯿﻢ‬ ‫!‪Router(config)#username jerry privilege 1 secret LetMeSee‬‬ ‫092 ‪Page 109 of‬‬
  • 111.
    ‫ﻧﮑﺘﻪ:اﯾﺠﺎد ﯾﻮزر ﺑﺎﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ﯾﻮزر را ﭘﺲ از ﻻﮔﯿﻦ ﺑﻪ ‪ Priviledge mode‬ﻫﺪاﯾﺖ ﻣﯽ ﮐﻨﺪ ﯾﻌﻨﯽ ﻧﯿﺎزي ﺑﻪ وارد‬ ‫ﮐﺮدن رﻣﺰ ﻋﺒﻮر ‪ Enable‬ﻧﺨﻮاﻫﺪ داﺷﺖ ﭘﺲ ﻧﺴﺒﺖ ﺑﻪ اﻋﻄﺎي آن دﻗﺖ ﮐﻨﯿﺪ.‬ ‫3. ﺗﻨﻈﯿﻢ 4-0 ‪ VTY‬ﺟﻬﺖ اﯾﻨﮑﻪ درﺧﻮاﺳﺘﻬﺎي اﺣﺮاز ﻫﻮﯾﺖ را ﺑﻪ دﯾﺘﺎﺑﯿﺲ ﻣﺤﻠﯽ ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮي ارﺳﺎل ﮐﻨﺪ.‬ ‫اﯾﻨﮑﺎر ﺑﺎ ﺳﺘﻔﺎده از دﺳﺘﻮر ‪ login local‬ﺑﻪ ﺷﮑﻞ زﯾﺮ اﻧﺠﺎم ﻣﯽ ﺷﻮد‬ ‫4 0 ‪Router(config)#line vty‬‬ ‫‪Router(config-line)#login local‬‬ ‫4. ﺣﺎﻻ ﺑﺎ ﺑﺮﻗﺮاري ‪ Telenet‬ﺑﻪ 0‪ Loopback‬ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت را ﺑﻪ ﻗﺮار زﯾﺮ ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ. ﺑﺎ ورود اﻃﻼﻋﺎت‬ ‫ﻫﻮﯾﺘﯽ ‪ Tom‬ﺑﻪ ﻃﻮر ﻣﺴﺘﻘﯿﻢ ﺑﻪ ‪ priviledge mode‬ﻫﺪاﯾﺖ ﻣﯿﺸﻮﯾﻢ ﺑﺎ ﮐﺎرﺑﺮ ‪ jerry‬ﺑﻪ ‪user mode‬‬ ‫‪Routerconfig-line)#end‬‬ ‫1.1.1.01 ‪Router#telnet‬‬ ‫‪Trying 10.1.1.1 ... Open‬‬ ‫‪User Access Verification‬‬ ‫‪Username: tom‬‬ ‫:‪Password‬‬ ‫#‪Router‬‬ ‫092 ‪Page 110 of‬‬
  • 112.
    ‫آزﻣﺎﯾﺶ 3.3 –ﭘﯿﮑﺮه ﺑﻨﺪي اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي ‪AAA‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ اﺻﻮل ﺗﻨﻈﯿﻤﺎت اﺣﺮاز ﻫﻮﯾﺖ ﺑﺮ ﻣﺒﻨﺎي‬ ‫, ‪AAA (Authentication, Authorization‬‬ ‫)‪ Accounting‬ﺑﻪ ﻣﻨﻈﻮر اﻋﻤﺎل ﮐﻨﺘﺮل ﻫﺮﭼﻪ ﺑﯿﺸﺘﺮ ﺑﺮ ﺗﻤﺎﺳﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ﮐﻨﺴﻮل ﯾﺎ ‪ Vty‬ﺧﻮاﻫﯿﻢ ﺷﺪ . ﻣﺒﺎﺣﺚ اﯾﻦ‬ ‫آزﻣﺎﯾﺶ ﺟﺰ ﻣﺒﺎﺣﺚ اﺳﺘﺎﻧﺪارد ‪ CCNA‬ﻣﺤﺴﻮب ﻧﻤﯽ ﺷﻮد و ﺟﺰ ﺻﺮﻓﺼﻠﻬﺎي 335-048 ‪ CCNA Security‬ﻫﺴﺘﻨﺪ‬ ‫اﻣﺎ ﺑﻪ ﺟﻬﺖ اﻫﻤﯿﺖ و ﮐﺎرﺑﺮدﺷﺎن در ﻣﺤﯿﻂ ﻫﺎي اﺟﺮاﯾﯽ در اﯾﻦ ﺳﻄﺢ ﺑﻪ آﻧﻬﺎ ﭘﺮداﺧﺘﻪ ﻣﯽ ﺷﻮد.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻗﻀﯿﻪ ﺑﺴﯿﺎر ﺳﺎده اﺳﺖ ، ﺷﺮﮐﺘﻬﺎﯾﯽ ﮐﻪ داراي ﺗﻌﺪاد زﯾﺎدي ادوات ﺳﯿﺴﮑﻮ ﻫﺴﺘﻨﺪ ﺑﻪ ﻣﻨﻈﻮر ﻣﺮﮐﺰﯾﺖ ﺑﺨﺸﯿﺪن ﺑﻪ‬ ‫ﻓﺮاﯾﻨﺪﻫﺎي اﺣﺮاز ﻫﻮﯾﺖ و ﺻﺪور ﻣﺠﻮز ﻫﺎي ﮐﺎرﺑﺮي و ﺳﻄﻮح دﺳﺘﺮﺳﯽ ﺑﻪ اﯾﻦ ادوات از ‪ Radius‬ﯾﺎ +‪TACACA‬‬ ‫اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ.ﺗﻌﺮﯾﻒ ﮐﺎرﺑﺮان ادوات ﺑﻪ ﺻﻮرت ﻟﻮﮐﺎل ﻧﯿﺰ ﺻﺮﻓﺎ ﺑﻪ ﻋﻨﻮان ﭘﺸﺘﯿﺒﺎن روش ﻓﻮق در ﻣﻮاﻗﻌﯽ ﮐﻪ‬ ‫ﺳﺮوﯾﺴﻬﺎي ﺑﺎﻻ در دﺳﺘﺮس ﻧﯿﺴﺘﻨﺪ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮﻧﺪ.ﺳﺮورﻫﺎي ‪ AAA‬ﻓﺎرق از اﯾﻨﮑﻪ‬ ‫+‪)TACACS‬ﺑﺨﻮاﻧﯿﺪ ﺗﮏ اﮐﺲ ﭘﻼس( ﺑﺎﺷﻨﺪ ﯾﺎ ‪ Radius‬ﻫﻤﮕﯽ ﻧﺘﻨﻬﺎ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ﯾﮑﭙﺎرﭼﮕﯽ ﻣﺪﯾﺮﯾﺖ ﺳﻄﻮح‬ ‫دﺳﺘﺮﺳﯽ و اﺣﺮاز ﻫﻮﯾﺖ ادوات ﺳﯿﺴﮑﻮ و ﺣﺘﯽ ﺳﺎﯾﺮ ﺑﺮﻧﺪﻫﺎ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯽ ﮔﯿﺮﻧﺪ ﺑﻠﮑﻪ ﮐﺎرﺑﺮدﻫﺎي اﺟﺮاﯾﯽ‬ ‫دﯾﮕﺮي ﻫﻤﭽﻮن ﮐﻤﮏ ﺑﻪ اﺣﺮاز ﻫﻮﯾﺖ اﺗﺼﺎﻻت ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Remote Vpn , SSL Vpn , 802.1x‬و ‪ Proxy‬را ﻧﯿﺰ دارا‬ ‫ﻫﺴﺘﻨﺪ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در 3‪GNS‬‬ ‫اﯾﺠﺎد ﮐﺎرﺑﺮ ﻟﻮﮐﺎل در روﺗﺮ ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 – ر.ك آز 2.3‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻓﻌﺎل ﺳﺎزي ‪ AAA‬در ﻣﺤﯿﻂ ‪Global config‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﯾﮑﯽ از ﻟﯿﺴﺘﻬﺎي ‪ AAA‬ﺑﻪ ﻧﺎم ‪ CONSOLE_AUTH‬و ارﺗﺒﺎط آن ﺑﻪ دﯾﺘﺎﺑﯿﺲ ﮐﺎرﺑﺮان ﻟﻮﮐﺎل‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﮐﻨﺴﻮل ﺑﻪ ﻣﻨﻈﻮر اﺳﺘﻔﺎده از ﻟﯿﺴﺖ ‪ CONSOLE_AUTH‬اﯾﺠﺎد ﺷﺪه در ﺑﻨﺪ ﻗﺒﻠﯽ ﺟﻬﺖ اﺣﺮاز‬ ‫‪‬‬ ‫ﭼﮏ ﮐﺮدن ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ ‫ﻫﻮﯾﺖ‬ ‫092 ‪Page 111 of‬‬
  • 113.
    ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻣﻬﻢ« ﺑﺮﻣﺒﻨﺎي درﺧﻮاﺳﺖ ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ ﯾﮏ ﯾﻮزر ﻟﻮﮐﺎل ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 اﯾﺠﺎد ﻣﯽ ﮐﻨﯿﻢ در ﻏﯿﺮ اﯾﻨﺼﻮرت‬ ‫ﺑﺎ اﺟﺮاي دﺳﺘﻮر ‪ aaa new-model‬ﻗﻔﻞ ﺧﻮاﻫﯿﻢ ﺷﺪ! ﺑﺪون اﻣﮑﺎن ﻻﮔﯿﻦ ﻣﺠﺪد ﺑﻪ روﺗﺮ‬ ‫1. در ﻗﺪم اول ‪ AAA‬را ﺑﺎ دﺳﺘﻮر ‪ aaa new-model‬ﻓﻌﺎل ﻣﯿﮑﻨﯿﻢ . اﯾﻦ دﺳﺘﻮر ﻧﻮع ﺟﺪﯾﺪ ﻣﮑﺎﻧﯿﺰم اﺣﺮاز‬ ‫ﻫﻮﯾﺖ را ﻓﻌﺎل ﺧﻮاﻫﺪ ﮐﺮد و ﻣﺘﺪﻫﺎي ﻗﺪﯾﻤﯽ را ﻏﯿﺮ ﻓﻌﺎل ﻣﯿﮑﻨﺪ.‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫.‪End with CNTL/Z‬‬ ‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫‪Router(config)#aaa new-model‬‬ ‫ﻟﯿﺴﺖ ‪ CONSOLE_AUTH‬را ﺟﻬﺖ اﺧﺬ اﻃﻼﻋﺎت ﻫﻮﯾﺘﯽ از دﯾﺘﺎﺑﯿﺲ ﻟﻮﮐﺎل ﺑﻪ ﺷﮑﻞ زﯾﺮ ﺗﻨﻈﯿﻢ ﻣﯿﮑﻨﯿﻢ. ﺗﻮﺿﯿﺢ‬ ‫اﯾﻨﮑﻪ ﻧﺤﻮه ﻧﮕﺎرش دﺳﺘﻮر ﺑﻪ اﯾﻦ ﺷﮑﻞ اﺳﺖ :‪ . aaa authentication login LISTNAME AUTHTYPE‬در‬ ‫اﯾﻨﺠﺎ ﻧﺎم ﻟﯿﺴﺖ ‪ CONSOLE_AUTH‬و ‪ authentication type‬ﻧﯿﺰ ‪ Local‬اﺳﺖ‬ ‫‪Router(config)#aaa authentication login CONSOLE_AUTH local‬‬ ‫2. اﮐﻨﻮن ﻧﻮﺑﺖ ﻣﯽ ﺳﺮد ﺑﻪ ﺗﻨﻈﯿﻤﺎت ﮐﻨﺴﻮل ﺟﻬﺖ ﻫﺪاﯾﺖ ﻣﮑﺎﻧﯿﺰم اﺣﺮاز ﻫﻮﯾﺖ ﮐﺎرﺑﺮان ﺑﻪ ‪ AAA‬ﻟﯿﺴﺘﯽ ﮐﻪ در‬ ‫ﻗﺴﻤﺖ ﻗﺒﻞ اﯾﺠﺎد ﮐﺮدﯾﻢ. از دﺳﺘﻮر ﯾﮏ ﺧﻄﯽ ‪ login authentication listname‬ﺷﮑﻞ زﯾﺮ اﺳﺘﻔﺎده ﻣﯽ‬ ‫ﮐﻨﯿﻢ‬ ‫0 ‪Router(config)#line con‬‬ ‫‪Router(config-line)#login authentication CONSOLE_AUTH‬‬ ‫ﺗﻮﺿﯿﺤﺎت ﺗﮑﻤﯿﻠﯽ‬ ‫ﺑﺎ ﻓﻌﺎل ﺷﺪن ‪ AAA‬ﺗﻮﺳﻂ دﺳﺘﻮر ‪ AAA New-model‬ﺗﺨﺼﯿﺺ ﺳﻄﺢ دﺳﺘﺮﺳﯽ ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﻣﺎﻧﻨﺪ ﻗﺪﯾﻢ ﺻﻮرت‬ ‫ﻧﻤﯽ ﮔﯿﺮﯾﺪ.ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل اﮔﺮ ﺑﺎ ﯾﮏ ﺣﺴﺎب ﮐﺎرﺑﺮي 51 ‪ Level‬ﺑﻪ ﺳﯿﺴﺘﻢ ﻻﮔﯿﻦ ﮐﻨﯿﺪ ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﺑﻪ ‪Privileged‬‬ ‫‪ mode‬وارد ﻧﺨﻮاﻫﯿﺪ ﺷﺪ ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر ﻧﯿﺎز اﺳﺖ ﺗﺎ از دﺳﺘﻮرات ﺗﮑﻤﯿﻠﯽ ‪ AAA‬ﻣﺎﻧﻨﺪ ‪aaa authorization‬‬ ‫‪console‬اﺳﺘﻔﺎده ﺷﻮد ، ﻫﻤﯿﻦ ﻣﻔﻬﻮم ﺑﺮاي اﺗﺼﺎﻻت ﻣﺒﺘﻨﯽ ﺑﺮ ‪ VTY‬ﻫﻢ ﺑﺮﻗﺮار اﺳﺖ ﺑﻪ اﯾﻦ ﻣﻌﻨﺎ ﮐﻪ ﻧﯿﺎز اﺳﺖ ﺗﺎ‬ ‫092 ‪Page 112 of‬‬
  • 114.
    ‫ ﭘﯿﺶ ﻓﺮضرا ﺑﻪ ﮔﻮﻧﻪ اي ﺗﻨﻈﯿﻢ ﮐﻨﯿﻢ ﮐﻪ ﺑﺮاي ﺗﺸﺨﯿﺺ ﺳﻄﻮح دﺳﺘﺮﺳﯽ از دﯾﺘﺎﺑﯿﺲ ﻟﻮﮐﺎل‬authorization list .‫ﺳﯿﺴﺘﻢ اﺳﺘﻔﺎده ﮐﻨﺪ‬ .‫ ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬aaa authorization exec default local ‫از دﺳﺘﻮر‬ ‫3. ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت را ﺑﺎ ﻗﻄﻊ ارﺗﺒﺎط ﺑﺎ ﮐﻨﺴﻮل و ارﺗﺒﺎط ﻣﺠﺪد ﺑﺎ آن ﺷﺮوع ﻣﯿﮑﻨﯿﻢ‬ Router(config-line)#end Router#exit Router con0 is now available Press RETURN to get started. User Access Verification Username: john Password: Router> Page 113 of 290
  • 115.
    ‫آزﻣﺎﯾﺶ 4.3 -ﺗﻨﻈﯿﻤﺎت ‪ AAA‬ﻣﺒﺘﻨﯽ ﺑﺮ +‪TACACS‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ AAA‬ﺑﻪ ﻣﻨﻈﻮر اﺣﺮاز ﻫﻮﯾﺖ از ﻃﺮﯾﻖ ‪Cisco Secure Access Contro‬‬ ‫)‪ (TACACS+ Server‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﻫﯿﭻ ﻣﻬﻨﺪس ﺷﺒﮑﻪ اي وﺟﻮد ﻧﺪارد ﮐﻪ ﻣﺎﯾﻞ ﺑﻪ ﺻﺮف ﺳﺎﻋﺘﻬﺎ وﻗﺖ ﺑﺮاي ﺗﻌﺮﯾﻒ ﯾﻮزرﻫﺎي ﻟﻮﮐﺎل روي ﺻﺪﻫﺎ دﺳﺘﮕﺎه از‬ ‫ادوات ﺳﯿﺴﮑﻮ ﺑﺎﺷﺪ.اﯾﻦ ﻣﻌﻀﻞ ﺳﺎﻟﻬﺎ ﻗﺒﻞ ﭘﯿﺶ ﺑﯿﻨﯽ ﺷﺪه ﺑﻮد و ﺑﺮاي رﻓﻊ آن ﻗﺎﺑﻠﯿﺖ ‪ AAA‬ﺑﻪ ادوات ﺳﯿﺴﮑﻮ اﺿﺎﻓﻪ‬ ‫ﺷﺪ.ﺑﺎ اﺳﺘﻔﺎده از ‪ AAA‬ﻣﯿﺘﻮان ادوات ﻣﺒﺘﻨﯽ ﺑﺮ ‪ ios‬را ﺑﻪ ﮔﻮ ﻧﻪ اي ﮐﺎﻧﻔﯿﮓ ﮐﺮد ﮐﻪ ﮐﻠﯿﻪ درﺧﻮاﺳﺘﻬﺎي ﺗﻤﺎس ﺑﻪ ﺳﻤﺖ‬ ‫آﻧﻬﺎ از ﻃﺮﯾﻖ ﯾﮏ ﭘﺎﯾﮕﺎه داده ﻣﺮﮐﺰي ﻣﻮرد اﺣﺮاز ﻫﻮﯾﺖ ﻗﺮار ﮔﯿﺮﻧﺪ .ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر راه ﺣﻠﯽ ﺑﻪ ﻧﺎم‬ ‫‪ Cisco Secure Access server‬را ﺗﻮﻟﯿﺪ ﮐﺮد و ﻋﻤﻮﻣﺎ در ﺷﺒﮑﻪ ﻫﺎﯾﯽ ﮐﻪ ﺑﯿﺶ از 05 دﺳﺘﮕﺎه از ادوات ﺳﯿﺴﮑﻮ را‬ ‫دارا ﻫﺴﺘﻨﺪ ﺟﻬﺖ ﻣﺮﮐﺰﯾﺖ ﺑﺨﺸﯿﺪن ﺑﻪ 3 ﻫﺪف ‪ authentication‬و ‪ authorization‬و ‪ accounting‬ﻣﻮرد‬ ‫اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاي ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ روﺗﺮ ﻓﻮق ﺑﺎ دﺳﺘﻮر اﻟﻌﻤﻞ ﻫﺎي آزﻣﺎﯾﺶ 3.3‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ +‪TACACS‬ﺳﺮور واﻗﻊ در آدرس 02.1.1.01 ﺑﺎ ﮐﻠﯿﺪ !‪P@s$W0rD‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ ﻟﯿﺴﺖ ‪ CONSOLE_AUTH‬ﺟﻬﺖ ارﺳﺎل درﺧﻮاﺳﺘﻬﺎي اﻫﺮاز ﻫﻮﯾﺖ ﺑﻪ ‪ Tacacs‬ﺳﺮور و اﻧﺠﺎم آن‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ ‫ﺑﻪ ﺻﻮرت ﻟﻮﮐﺎل در ﺻﻮرت در دﺳﺘﺮس ﻧﺒﻮدن ‪Tacacss‬ﺳﺮور‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. در اوﻟﯿﻦ ﻗﺪم ﻧﯿﺎز اﺳﺖ ﺗﺎ ﻣﺸﺨﺼﻪ ﻫﺎي آدرس و ﮐﻠﯿﺪ ﻣﺮﺑﻮط ﺑﻪ ‪ Tacacs‬ﺳﺮور ﺑﻪ روﺗﺮ ﻣﻌﺮﻓﯽ ﺷﻮﻧﺪ. اﯾﻨﮑﺎر‬ ‫ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر ‪ tacacs-server host x.x.x.x key keygoeshere‬ﺑﻪ ﺷﮑﻞ زﯾﺮ اﻧﺠﺎم ﻣﯽ ﺷﻮد‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 114 of‬‬
  • 116.
    ‫‪Router>enable‬‬ ‫‪Router#configure terminal‬‬ ‫!‪Router(config)#tacacs-server host10.1.1.20 key P@s$W0rD‬‬ ‫2. در ﻗﺪﯾﻢ ﺑﻌﺪي ﻟﯿﺴﺖ اﺣﺮاز ﻫﻮﯾﺖ ‪ CONSOLE_AUTH‬را ﺑﻪ ﮔﻮﻧﻪ اي ﮐﺎﻧﻔﯿﮓ ﻣﯿﮑﻨﯿﻢ ﮐﻪ در وﺣﻠﻪ اول‬ ‫درﺧﻮاﺳﺘﻬﺎي ﺗﻤﺎس ﺑﻪ روﺗﺮ را ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ﺑﻪ ‪ Tacacs‬ﺳﺮور ارﺳﺎل ﮐﻨﺪ و در ﺻﻮرت در دﺳﺘﺮس‬ ‫ﻧﯿﻮدن ﺳﺮور ﺑﻪ ﺻﻮرت ﻟﻮﮐﺎل اﺣﺮاز ﻫﻮﯾﺖ ﺷﻮﻧﺪ. در آزﻣﺎﯾﺶ 2.3 ﭘﺎراﻣﺘﺮ ‪ authtype‬ﻓﻘﻂ ﺑﻪ ﺻﻮرت ‪local‬‬ ‫ﺗﻨﻈﯿﻢ ﺷﺪه ﺑﻮد. ﭘﺎراﻣﺘﺮﻫﺎي ﭘﺲ از ‪ authtype‬ﺑﻪ ﺗﺮﺗﯿﺐ اوﻟﻮﯾﺖ از ﭼﭗ ﺑﻪ راﺳﺖ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬ ‫ﻣﯿﮕﯿﺮﻧﺪ، ﭘﺲ ﺑﺮاي ﺑﻬﺮه ﮔﯿﺮي از ‪ Tacacs‬ﺳﺮور ﻋﺒﺎرت +‪ Tacacs‬را ﻗﺒﻞ از ‪ local‬درج ﻣﯿﮑﻨﯿﻢ.‬ ‫‪Router(config)#aaa authentication login CONSOLE_AUTH group tacacs+ local‬‬ ‫3. در اﻧﺘﻬﺎ ﻟﯿﺴﺖ ﺗﻨﻈﯿﻢ ﺷﺪه را ﺑﻪ ﮐﻨﺴﻮل ﻣﻨﺘﺴﺐ ﻣﯿﮑﻨﯿﻢ،ﺑﺮاي اﯾﻨﮑﺎر از ﻫﻤﺎن ﻣﺘﺪ آزﻣﺎﯾﺶ 2.3 اﺳﺘﻔﺎده‬ ‫ﻣﯿﮑﻨﯿﻢ.‬ ‫0 ‪Router(config)#line con‬‬ ‫‪Router(config-line)#login authentication CONSOLE_AUTH‬‬ ‫092 ‪Page 115 of‬‬
  • 117.
    ‫آزﻣﺎﯾﺶ 5.3-ﺗﻨﻈﯿﻤﺎت ‪SSH‬‬ ‫دراﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻢ )‪ Secure Shell (SSH‬در روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎي ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در ﺑﺨﺶ ﻫﺎي ﻗﺒﻠﯽ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Vty‬و ‪ Telnet‬ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط از راه دور ﺑﺎ ادوات ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺷﺪﯾﻢ‬ ‫. ارﺗﺒﺎﻃﺎت ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Telnet‬داراي ﻧﻘﯿﺼﻪ اﻣﻨﯿﺘﯽ ﺑﺰرﮔﯽ ﻫﺴﺘﻨﺪ ﮐﻪ ﺑﺎﻋﺚ ﻣﯽ ﺷﻮد ﮐﻠﯿﻪ اﻃﻼﻋﺎت رد و ﺑﺪل ﺷﺪه در‬ ‫ﮐﺎﻧﺎل ارﺗﺒﺎﻃﯽ ﭘﺪﯾﺪ آﻣﺪه ﺑﻪ ﺻﻮرت ‪ Clear text‬ﻣﻨﺘﻘﻞ ﺷﻮد و در ﺻﻮرت ﻗﺮار ﮔﺮﻓﺘﻦ ﻓﺮدي )‪ (Sniffer‬ﻣﺎﺑﯿﻦ ﻣﺎ و‬ ‫ﺗﺠﻬﯿﺰ ﺳﯿﺴﮑﻮ ﻗﺎدر ﺑﻪ ﺷﻨﻮد و درﯾﺎﻓﺖ ﮐﻠﯿﻪ اﻃﻼﻋﺎت ﺧﻮاﻫﺪ ﺑﻮد از اﯾﻦ رو ﺑﺎ ﻫﺪف رﻣﺰ ﻧﮕﺎري ﮐﺎﻧﺎل ارﺗﺒﺎﻃﯽ از‬ ‫ﺟﺎﯾﮕﺰﯾﻦ ‪ Telnet‬ﯾﺎ ﻫﻤﺎن ‪ SSH‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ.‪ SSH‬در واﻗﻊ ﯾﮏ ‪ Shell‬ﻣﺤﺴﻮب ﻧﻤﯿﺸﻮد ﺑﻠﮑﻪ در واﻗﻊ ﻫﻤﺎن‬ ‫‪Telnet‬اﺳﺖ ﺑﺎ ﻣﻼﺣﻀﺎت رﻣﺰ ﻧﮕﺎري. ‪ SSH‬از اﻟﮕﻮرﯾﺘﻢ ﻫﺎي رﻣﺰ ﻧﮕﺎري ﻣﺘﻔﺎوﺗﯽ ﻫﻤﭽﻮن ‪Data Encryption‬‬ ‫)‪ Standard (DES‬و ‪AES 256Bit‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در 3‪GNS‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ Loopbacl‬اﯾﻨﺘﺮﻓﯿﺲ و ﺗﺨﺼﯿﺺ 42/1.1.1.01 ﺑﻪ آن‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ﻧﺎم ﮐﺎرﺑﺮي و رﻣﺰ ﻋﺒﻮر در دﯾﺘﺎﺑﯿﺲ ﻟﻮﮐﺎل ﺗﺎ ﭘﺲ از ﻓﻌﺎل ﺷﺪن ‪ SSH‬ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﮔﯿﺮد‬ ‫ﺗﻨﻈﯿﻢ ‪ VTY line‬ﺟﻬﺖ ﺑﻬﺮه ﮔﯿﺮي از دﯾﺘﺎﺑﯿﺲ ﻟﻮﮐﺎل ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮي در ﺣﯿﻦ اﺣﺮاز ﻫﻮﯾﺖ‬ ‫‪The VTY Line(s) authentication should be configured to authenticate to the local‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻐﯿﯿﺮ ﻧﺎم روﺗﺮ از ﻧﺎم ﭘﯿﺶ ﻓﺮض ﺑﻪ 1‪R‬‬ ‫ﺗﺨﺼﯿﺺ ‪ Domain name‬ﺑﻪ روﺗﺮ ﺟﻬﺖ ﺗﻮﻟﯿﺪ ‪Rsa key‬‬ ‫ﺗﻮﻟﯿﺪ ‪ Certificate‬ﻋﻤﻮﻣﯽ ‪ Self-signed‬ﺗﻮﺳﻂ روﺗﺮ‬ ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ‪ Telnet‬در روﺗﺮ و ﺗﻨﻬﺎ اﺳﺘﻔﺎده از ‪SSH‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺑﺮاي اﯾﺠﺎد ﮐﻠﯿﺪ ﻋﻤﻮﻣﯽ ‪ RSA‬ﻧﯿﺎز اﺳﺖ ﺗﺎ در وﺣﻠﻪ اول ﻧﺎم روﺗﺮ از ﺣﺎﻟﺖ ﭘﯿﺶ ﻓﺮض ﺑﻪ ﻧﺎم ﺟﺪﯾﺪي ﺗﻐﯿﯿﺮ‬ ‫ﮐﻨﺪ‬ ‫‪Router con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 116 of‬‬
  • 118.
    Router>enable Password: Router#configure terminal Enter configurationcommands, one per line. Router(config)#hostname R1 R1(config)# End with CNTL/Z. .‫ اﺳﺖ‬Rsa certificate ‫ ﺑﻪ روﺗﺮ ﺟﻬﺖ ﺗﻮﻟﯿﺪ‬domain name ‫2. ﻗﺪم ﺑﻌﺪي ﺗﺨﺼﯿﺺ‬ R1(config)#ip domain-name freeccnaworkbook.com crypto key generate rsa ‫ ﻫﺴﺘﯿﻢ. ﺑﺮاي ﺗﻮﻟﯿﺪ آن از دﺳﺘﻮر‬Rsa certificate ‫3. اﻻن آﻣﺎده ﺗﻮﻟﯿﺪ‬ ‫ ﺑﻪ ﻫﻤﺮاه ﺳﺎﯾﺰ ﺑﺮ ﺣﺴﺐ ﺑﯿﺖ ﮐﻠﯿﺪ ﻣﺪ ﻧﻈﺮ.در زﯾﺮ روﻧﺪ ﺗﻮﻟﯿﺪ ﮐﻠﯿﺪ 8402 ﺑﯿﺘﯽ را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ‬modulus R1(config)#crypto key generate rsa modulus 2048 The name for the keys will be: R1.freeccnaworkbook.com % The key modulus size is 2048 bits % Generating 2048 bit RSA keys, keys will be non-exportable...[OK] R1(config)# %SSH-5-ENABLED: SSH 1.99 has been enabled ‫ در روﺗﺮ ﻓﻌﺎل ﻣﯽ ﺷﻮد و ﻣﯿﺘﻮان ﺑﺎ‬SSH v1.99 ‫ ﻗﺎﺑﻠﯿﺖ‬Rsa ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯽ ﮐﻨﯿﺪ ﺑﻪ ﻣﺤﺾ اﯾﺠﺎد ﮐﻠﯿﺪ‬ .‫ ﺑﻪ روﺗﺮ ﻣﺘﺼﻞ ﺷﺪ‬SSH ‫ وﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از‬Securecrt ‫ ﯾﺎ‬putty ‫اﺳﺘﻔﺎده از‬ ‫ را ﺑﻪ ﮔﻮﻧﻪ اي ﮐﺎﻧﻔﯿﮓ ﻣﯽ ﮐﻨﯿﻢ ﮐﻪ ﺗﻨﻬﺎ ﭘﺬﯾﺮاي ارﺗﺒﺎﻃﺎت ﻣﺒﺘﻨﯽ ﺑﺮ‬VTY ‫ ، ﺧﻄﻮط‬SSH ‫4. ﭘﺲ از ﻓﻌﺎل ﺷﺪن‬ .‫ ﻏﯿﺮ ﻓﻌﺎل ﻣﯽ ﺷﻮد‬Telnet ‫ ﺑﺎﺷﻨﺪ ﺑﻪ ﺑﯿﺎن دﯾﮕﺮ‬SSH R1(config)#line vty 0 4 R1(config-line)#transport input ssh ‫ آداﭘﺘﺮ ﺳﺎﺧﺘﻪ ﺷﺪه اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬Loopback ‫ ﮐﺮدن ﺑﻪ‬ssh ‫5. ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت را ﺑﺎ‬ R1(config-line)#end R1#ssh -l john 10.1.1.1 Password: Page 117 of 290
  • 119.
    R1#show ssh Connection VersionMode Encryption Hmac 0 1.99 IN aes128-cbc hmac-sha1 0 1.99 OUT aes128-cbc hmac-sha1 %No SSHv1 server connections running. R1# State Session started Session started Username john john Page 118 of 290
  • 120.
    ‫آزﻣﺎﯾﺶ 6.3 -ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار اﺳﺘﺎﻧﺪارد و ‪ Extended‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎ ﭘﺎﯾﻪ ﭘﯿﺎده ﺳﺎزي اﻣﯿﻨﯿﺖ در ﺷﺒﮑﻪ ﻫﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ﺳﯿﺴﮑﻮ ﻣﺤﺴﻮب ﻣﯽ ﺷﻮﻧﺪ.اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎ ﺟﺮﯾﺎن‬ ‫دﯾﺘﺎ را در ﯾﮏ ﺗﺠﻬﯿﺰ ﺗﺤﺖ ﮐﻨﺘﺮل ﻣﯽ ﮔﯿﺮﻧﺪ و ﻣﺎﻧﻊ از ارﺳﺎل و درﯾﺎﻓﺖ ﺗﺮاﻓﯿﮏ ﻫﺎي ﻧﺎﺧﻮاﺳﺘﻪ از ﻣﺒﺪا ﺑﻪ ﻣﻘﺼﺪ ﻣﯽ‬ ‫ﺷﻮﻧﺪ.در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار آﺷﻨﺎ ﻣﯽ ﺷﻮﯾﻢ ﮐﻪ اﻣﺮوزه ﻋﻤﻮﻣﺎ ﺑﻪ دﻟﯿﻞ اﺳﺘﻔﺎده از اﮐﺴﺲ‬ ‫ﻟﯿﺴﺘﻬﺎي ﺑﺎ ﻧﺎم ، ﮐﻤﺘﺮ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯽ ﮔﯿﺮﻧﺪ. ﺷﺎﯾﺪ در ﺑﺮﺧﯽ ادوات و ﮐﺎﻧﻔﯿﮕﻬﺎي ﻗﺪﯾﻤﯽ ﺑﺎ آﻧﻬﺎ ﺑﺮﺧﻮرد ﮐﻨﯿﺪ ﯾﺎ‬ ‫ﺷﺎﯾﺪ ﺗﻮﺳﻂ ﻣﻬﻨﺪﺳﯿﻦ ﺗﺎزه ﮐﺎري ﮐﻪ ﻫﻨﻮز ﺑﺎ اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺑﺎ ﻧﺎم آﺷﻨﺎ ﻧﺸﺪه اﻧﺪ ﻧﻮﺷﺘﻪ ﺷﺪه ﺑﺎﺷﻨﺪ .ﺑﺰرﮔﺘﺮﯾﻦ ﻧﻘﻄﻪ‬ ‫ﺿﻌﻒ اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار زﻣﺎن ﺑﺮ ﺑﻮدن ﻣﮑﺎﻧﯿﺰم وﯾﺮاﯾﺶ آﻧﻬﺎﺳﺖ.ﻣﺘﺎﺳﻔﺎﻧﻪ اﻣﮑﺎن ﻗﺮار دادن ‪ACE (Access‬‬ ‫)‪ Control List Entries‬درﺳﻄﺮ ﺧﺎﺻﯽ از ‪ ACL‬اﻣﮑﺎن ﭘﺬﯾﺮ ﻧﯿﺴﺖ و ﻧﯿﺎز ﺑﻪ ﺻﺮف و در واﻗﻊ اﺗﻼف زﻣﺎن ﺑﺮاي‬ ‫ﯾﺎﻓﺘﻦ ﺳﻄﺮ ﻣﻮرد ﻧﻈﺮ و ادﯾﺖ ﻣﺤﻠﯽ آن ﺳﻄﺮ وﺟﻮد دارد.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﻗﺮار دادن دو دﺳﺘﮕﺎه روﺗﺮ و ﯾﮏ ﺳﻮﯾﯿﭻ در ﻣﺤﯿﻂ 3‪GNS‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎ‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01ﺑﻪ 0/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫‪‬‬ ‫اﺗﺼﺎل دو روﺗﺮ ﺑﻪ ﯾﮑﺪﯾﮕﺮ از ﻃﺮﯾﻖ 0/0‪Fa‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ ﺷﻤﺎره دار ﺑﻪ ﻣﻨﻈﻮر ﺟﻠﻮ ﮔﯿﺮي از درﯾﺎﻓﺖ اﻃﻼﻋﺎت در 1‪ R‬ﺑﺎ ﻣﻨﺒﻊ 2‪R‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ Extended‬اﮐﺴﺲ ﻟﯿﺴﺖ ﺑﺎ ﻫﺪف ﺟﻠﻮﮔﯿﺮي از ﺑﺮﻗﺮاري ارﺗﺒﺎﻃﺎت ‪ Telnet‬از 1‪ R‬ﺑﻪ آدرس‬ ‫3.1.1.01‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ‬ ‫رﻧﺠﻬﺎي ﻣﺘﻌﺪدي از اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار ﺑﺮاي اﻋﻤﺎل ﮐﻨﺘﺮل ﺑﺮ ﻃﯿﻒ وﺳﯿﻌﯽ از دﺳﺘﺮﺳﯿﻬﺎ وﺟﻮد دارﻧﺪ . در زﯾﺮ‬ ‫ﻟﯿﺴﺖ ﮐﻠﯽ آﻧﻬﺎ را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ.‬ ‫092 ‪Page 119 of‬‬
  • 121.
    R1(config)#access-list ? <1-99> IP standardaccess list <100-199> IP extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list <1200-1299> IPX summary address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <2700-2799> MPLS access list <300-399> DECnet access list <600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list compiled Enable IP access-list compilation dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list ‫1. ﺑﺮاي اﻧﺠﺎم اوﻟﯿﻦ ﻫﺪف اﯾﻦ آزﻣﺎﯾﺶ ﻻزم اﺳﺖ ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﺘﺎﻧﺪارد اﯾﺠﺎد ﮐﻨﯿﻢ. ﺑﺎ ﻣﺮاﺟﻌﻪ ﺑﻪ ﺷﻤﺎره‬ ‫ﻫﺎي ﺑﺎﻻ درﺧﻮاﻫﯿﻢ ﯾﺎﻓﺖ ﮐﻪ ﺷﻤﺎره ﻫﺎي ﻣﺮﺗﺒﻂ ﺑﺎ اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي اﺳﺘﺎﻧﺪارد از 1 ﺗﺎ 99 ﻫﺴﺘﻨﺪ . ﯾﮏ ﺷﻤﺎره‬ ‫ را ﺑﻼك ﮐﻨﯿﻢ اﻣﺎ‬R2 ‫ از ﺳﻤﺖ‬R1 ‫ﺑﻪ دﻟﺨﻮاه اﻧﺘﺨﺎب ﻣﯿﮑﻨﯿﻢ ﻣﺜﻼ 05 ﺗﺎ ﺑﺎ اﺳﺘﻔﺎده از آن ﺗﺮاﻓﯿﮏ ورودي ﺑﻪ‬ .‫ﻣﺎﺑﻘﯽ ﺗﺮاﻓﯿﮏ ﻣﺠﺎز ﺑﻪ ﻋﺒﻮر ﺧﻮاﻫﺪ ﺑﻮد‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#access-list 50 deny host 10.1.1.2 R1(config)#access-list 50 permit any ‫ اﻋﻤﺎل ﮐﻨﯿﻢ‬R1 ‫ﺣﺎﻻ ﮐﻪ اﮐﺴﺲ ﻟﯿﺴﺖ ﺳﺎﺧﺘﻪ ﺷﺪ ﺑﺎﯾﺪ آﻧﺮا ﺑﻪ ﺗﺮاﻓﯿﮏ ورودي‬ R1(config)#interface fa0/0 R1(config-if)#ip access-group 50 in ‫ اﻧﺠﺎم ﻣﯿﺪﻫﯿﻢ . ﻣﻨﻄﻘﺎ اﻧﺘﻈﺎر دارﯾﻢ ﭘﺎﺳﺨﯽ‬R2 ‫ از ﺳﻤﺖ‬R1 ‫ روﺗﺮ‬Fa0/0 ‫ اﯾﻨﺘﺮﻓﯿﺲ‬ping ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت را ﺑﺎ‬ .‫ ﺑﺴﺘﻪ ﺷﺪه اﺳﺖ‬R2 ‫ درﯾﺎﻓﺖ ﻧﮑﻨﯿﻢ ﭼﻮن ﺗﺮاﻓﯿﮏ ورودي آن ﺑﺎ ﻣﺒﺪا‬R1 ‫از ﺳﻤﺖ‬ R2>ping 10.1.1.1 Page 120 of 290
  • 122.
    ‫.‪Type escape sequenceto abort‬‬ ‫:‪Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds‬‬ ‫‪U.U.U‬‬ ‫)5/0( ‪Success rate is 0 percent‬‬ ‫>2‪R‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت را از ﻃﺮﯾﻖ اﺟﺮاي دﺳﺘﻮر ‪ show access-list‬در روﺗﺮ 1‪ R‬ﻫﻢ ﻣﯽ ﺗﻮان اﻧﺠﺎم داد.‬ ‫‪R1(config-if)#end‬‬ ‫‪R1#show access-list‬‬ ‫05 ‪Standard IP access list‬‬ ‫‪10 deny‬‬ ‫)‪10.1.1.2 (8 matches‬‬ ‫‪20 permit any‬‬ ‫#1‪R‬‬ ‫اﮐﻨﻮن ﺑﺮاي اﯾﻨﮑﻪ اﻃﻤﯿﻨﺎن ﺣﺎﺻﻞ ﮐﻨﯿﻢ اﮐﺴﺲ ﻟﯿﺴﺖ ﺗﻨﻬﺎ ﺗﺮاﻓﯿﮏ ‪ IP‬ﻗﯿﺪ ﺷﺪه را ﺑﻼك ﻣﯿﮑﻨﯿﺪ ‪ IP‬را ﺑﻪ‬ ‫42/3.1.1.01 ﺗﻐﯿﯿﺮ ﻣﯽ دﻫﯿﻢ و ﻣﺠﺪدا ﺗﺴﺖ را اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ.‬ ‫‪R2>enable‬‬ ‫‪R2#configure terminal‬‬ ‫0/0‪R2(config)#interface fa‬‬ ‫0.552.552.552 3.1.1.01 ‪R2(config-if)#ip add‬‬ ‫‪R2(config-if)#end‬‬ ‫#2‪R‬‬ ‫ﺳﭙﺲ از 1‪ R‬اﯾﻨﺘﺮﻓﯿﺲ 2‪ R‬را ‪ ping‬ﻣﯿﮑﻨﯿﻢ ، اﻧﺘﻈﺎر دارﯾﻢ ﺑﺎ ﻣﻮﻓﻘﯿﺖ ﻫﻤﺮا ﺑﺎﺷﺪ‬ ‫3.1.1.01 ‪R1#ping‬‬ ‫.‪Type escape sequence to abort‬‬ ‫:‪Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds‬‬ ‫!!!!!‬ ‫‪Success rate is 100 percent (5/5), round-trip min/avg/max = 24/43/76 ms‬‬ ‫#1‪R‬‬ ‫1. در اﯾﻦ ﻗﺴﻤﺖ ﯾﮏ ‪ Extended‬اﮐﺴﺲ ﻟﯿﺴﺖ ﺑﺎ ﻫﺪف ﺑﻼك ﮐﺮدن ﺗﺮاﻓﯿﮏ ‪ Telnet‬از 0/0‪ Fa‬روﺗﺮ 1‪ R‬ﺑﻪ‬ ‫ﻣﻘﺼﺪ 3.1.1.01 اﯾﺠﺎد ﺧﻮاﻫﯿﻢ ﮐﺮد .ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﻟﯿﺴﺖ ﺷﻤﺎر ه ﻫﺎي اﺑﺘﺪاي آزﻣﺎﯾﺶ ﻣﺸﺎﻫﺪه ﮐﺮدﯾﻢ رﻧﺞ‬ ‫اﯾﻦ رده اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎ از 001 ﺗﺎ 991 اﺳﺖ.‬ ‫از آﻧﺠﺎﯾﯽ ﺗﺮاﻓﯿﮏ ‪ Telnet‬از ﻧﻮع ‪ Tcp‬اﺳﺖ ﻻزم اﺳﺖ ﻧﻮع ﺗﺮاﻓﯿﮏ و ﭘﺮوﺗﮑﻞ ﺧﺮوﺟﯽ را ﺑﻪ ﻋﻨﻮان‬ ‫ﭘﺎراﻣﺘﺮﻫﺎي دﺳﺘﻮر ‪ access-list‬ﻣﺸﺨﺺ ﮐﻨﯿﻢ ﮐﻪ در اﯾﻨﺠﺎ ﭘﻮرت 22 ﺧﻮاﻫﺪ ﺑﻮد‬ ‫092 ‪Page 121 of‬‬
  • 123.
    ‫‪R1#configure terminal‬‬ ‫‪R1(config)#access-list 150deny tcp any host 10.1.1.3 eq telnet‬‬ ‫‪R1(config)#access-list 150 permit ip any any‬‬ ‫ﭘﺲ از اﯾﺠﺎد اﮐﺴﺲ ﻟﯿﺴﺖ ﻻزم اﺳﺖ ﺗﺎ روي ﺗﺮاﻓﯿﮏ ﺧﺮوﺟﯽ 1‪ R‬ﺑﻪ ﺷﮑﻞ زﯾﺮ اﻋﻤﺎل ﺷﻮد.‬ ‫0/0‪R1(config)#interface fa‬‬ ‫‪R1(config-if)#ip access-group 150 out‬‬ ‫ﯾﮏ ﻗﺎﻧﻮن اﺳﺎﺳﯽ و ﻣﻬﻢ در ﺧﺼﻮص اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎ وﺟﻮد دارد و آن اﯾﻨﺴﺖ ﮐﻪ ﺑﺮاي ﻋﻤﻠﮑﺮد ﻣﻮﺛﺮﺗﺮ اﮐﺴﺲ ﻟﯿﺴﺖ‬ ‫ﺑﺎﯾﺪ ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ ‪ Extended‬در ﺳﻤﺖ ﺗﺮاﻓﯿﮏ ﻣﺒﺪا و ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﺘﺎﻧﺪارد در ﺳﻤﺖ ﻣﻘﺼﺪ ﻗﺮار داده‬ ‫ﺷﻮد.ﻧﮑﺘﻪ دﯾﮕﺮ وﺟﻮد ﯾﮏ ‪Deny‬ﻣﻄﻠﻖ در اﻧﺘﻬﺎي ﻫﺮ اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﺖ ﮐﻪ داراي ﻣﻔﻬﻮﻣﯽ ﻣﺎﻧﻨﺪ ‪Deny any any‬‬ ‫در اﻧﺘﻬﺎي اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﺖ.ﭘﺲ ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﺗﺮاﻓﯿﮏ اﺟﺎزه ﻋﺒﻮر ﻧﺨﻮاﻫﺪ داﺷﺖ ﻣﮕﺮ ﺑﻪ آن اﺟﺎزه ﻋﺒﻮر داده‬ ‫ﺷﻮد.ﻋﻤﻮﻣﺎ ﺟﻬﺖ ﺳﻨﺎرﯾﻮﻫﺎي ‪ Tshoot‬از ﯾﮏ ﻋﺒﺎرت ‪ Deny‬ﺻﺮﯾﺢ در اﻧﺘﻬﺎي اﮐﺴﺲ ﻟﯿﺴﺖ ﺑﺎ ﻫﺪف ﻻگ ﮐﺮدن‬ ‫ﺗﺮاﻓﯿﮏ ‪ deny‬ﺷﺪه اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.‬ ‫092 ‪Page 122 of‬‬
  • 124.
    ‫آزﻣﺎﯾﺶ 7.3 –اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي اﺳﻢ دار– ‪Named Access lists‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي اﺳﻢ دار در ادوات ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ﺷﻤﺎره دار ﯾﮏ ﻋﯿﺐ ﻋﻤﺪه دارﻧﺪ و آن ﻋﺪم اﻣﮑﺎن وﯾﺮاﯾﺶ ﺳﻄﺮﻫﺎي آﻧﻬﺎ در ﻣﺤﻞ ﻗﺮارﮔﯿﺮي ﺳﻄﻮر‬ ‫اﺳﺖ.ﻣﺘﺎﺳﻔﺎﻧﻪ ﺗﻨﻬﺎ راه ﺣﺬف ﯾﺎ وﯾﺮاﯾﺶ آﻧﻬﺎ ﮐﭙﯽ ‪ Acl‬ﻣﻮﺟﻮد ﺑﻪ ﯾﮏ وﯾﺮاﯾﺸﮕﺮ ﻣﺘﻨﯽ و وﯾﺮاﯾﺶ آن اﺳﺖ و ﭘﺲ از آن‬ ‫ﺑﺎز ﮔﺮداﻧﺪن ﺗﻐﯿﯿﺮات ﺑﻪ ﻃﻮر ﯾﮑﺠﺎ از ﻃﺮﯾﻖ ‪ . Cli‬اﻣﺮوزه ﻋﻤﻮﻣﺎ از ﻧﻮع اﺳﻢ دار ‪ Acl‬در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻠﯿﺎﺗﯽ اﺳﺘﻔﺎده ﻣﯽ‬ ‫ﺷﻮد.اﯾﻦ ﻧﻮع ‪ Acl‬ﯾﮏ ﻧﻘﻄﻪ ﻗﻮت ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﻧﺴﺒﺖ ﺑﻪ ﻧﻮع ﺷﻤﺎره دار دارد و آن ﺷﺮح ﺗﻮﺻﯿﻔﯽ ﮐﻮﺗﺎه ﻫﺮﯾﮏ از ‪Acl‬‬ ‫ﻫﺎﺳﺖ ﻣﺜﻼ ‪ ،VTY_ACCESS‬ﮐﻪ ﺑﻪ ﻃﻮر ﻣﺸﻬﻮد ﺑﻪ ﻣﺮﺑﻮط ﺑﻪ ﮐﻨﺘﺮل ﺧﻄﻮط ‪ Vty‬اﺳﺖ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫ﺗﺨﺼﯿﺺ ‪ ip‬ﻫﺎي 92/3.02.452.961 ﺑﻪ 0/0‪ Fa‬و 42/452.1.1.01 ﺑﻪ 1/0‪Fa‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ ﯾﮏ ‪ Acl‬اﺳﺘﺎﻧﺪارد ﺑﻪ ﻧﺎم ‪ INSIDE_IN‬ﮐﻪ ﺗﻨﻬﺎ ﺑﻪ 42/0.1.1.01 اﺟﺎزه ورود ﻣﯽ دﻫﺪ،‬ ‫ﻗﺮار دادن ‪ Explicit deny‬در ﺧﻂ 005 و ﺛﺒﺖ ﻻگ ﺗﺮاﻓﯿﮑﻬﺎي ﺑﻼك ﺷﺪه‬ ‫اﻋﻤﺎل ‪ Acl‬ﻓﻮق ﺑﻪ 1/0‪Fa‬‬ ‫ﺗﻨﻈﯿﻢ ﯾﮏ ‪ Extended Acl‬ﺑﺎ ﻧﺎم ‪ OUTSIDE_IN‬و ﺑﻼك ﮐﺮدن ﺗﺮاﻓﯿﮏ آدرﺳﻬﺎي 05.44.32.17 و‬ ‫5.091.122.402 و اﺟﺎزه ﻋﺒﻮر ﻫﻤﻪ ﺗﺮاﻓﯿﮑﻬﺎي دﯾﮕﺮ.‬ ‫‪‬‬ ‫اﻋﻤﺎل ‪ Acl‬ﻓﻮق ﺑﻪ 1/0‪Fa‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫‪ Acl‬ﻫﺎي اﺳﻢ دار ﺑﺴﯿﺎر ﺷﺒﯿﻪ ‪ Acl‬ﻫﺎي ﺷﻤﺎره دار ﻫﺴﺘﻨﺪ ﻣﻨﺘﻬﺎ ﺑﺎ ﯾﮏ ﻧﺎم و ﺷﻤﺎره ﺳﻄﺮ ﻣﺸﺨﺺ ﻣﯽ ﺷﻮﻧﺪ.ﺑﺎ اﯾﻦ‬ ‫ﻗﺎﺑﻠﯿﺖ ﻣﯽ ﺗﻮان ﺗﻌﯿﯿﻦ ﮐﺮد )‪ Ace(Acl entry‬در ﮐﺪام ﺳﻄﺮ ‪ ACL‬ﺑﻨﺸﯿﻨﺪ.ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﯾﮏ ‪ Acl‬دارﯾﻢ و ﻣﺎﯾﻠﯿﻢ‬ ‫092 ‪Page 123 of‬‬
  • 125.
    ‫ﺑﯿﻦ ﺳﻄﺮﻫﺎي 51و 02 آن ﯾﮏ ‪ Ace‬ﺟﺪﯾﺪ ﻗﺮار دﻫﯿﻢ.ﮐﺎﻓﯽ اﺳﺖ ﻫﻨﮕﺎم اﯾﺠﺎد آن ﺷﻤﺎره ﺳﻄﺮ ﻣﺮﺑﻮﻃﻪ را ﻫﻢ ﻗﯿﺪ ﮐﻨﯿﻢ‬ ‫ﭘﺲ از آن ﺑﺮاﺣﺘﯽ در ﻣﺤﻞ ﻣﻮرد ﻧﻈﺮ ﻗﺮار ﻣﯿﮕﯿﺮد.‬ ‫1. اوﻟﯿﻦ ﻫﺪف اﯾﺠﺎد ﯾﮏ ‪ Acl‬اﺳﻢ دار ﻋﺒﻮر ﺗﺮاﻓﯿﮏ ﺷﺒﮑﻪ 42/0.1.1.01و اﯾﺠﺎد ﯾﮏ ‪ Ace‬دﯾﮕﺮ در ﺳﻄﺮ ﺷﻤﺎره‬ ‫005 ﺑﺎ ﻫﺪف ﺑﻼك ﺗﺮاﻓﯿﮑﻬﺎي ﺑﺎﻗﯽ ﻣﺎﻧﺪه و ﺛﺒﺖ ﻻگ آﻧﻬﺎﺳﺖ. ﻋﻤﻮﻣﺎ ‪ Ace‬ﻫﺎي اﺳﻢ دار ﺑﺎ ﯾﮏ ﺷﻤﺎره ﮐﻪ‬ ‫ﺑﯿﺎﻧﮕﺮ ﺷﻤﺎره ﺳﻄﺮ آﻧﻬﺎ در ‪ Acl‬ﻫﺴﺖ ﺗﻌﺮﯾﻒ ﻣﯽ ﺷﻮﻧﺪ.در ﺻﻮرﺗﯿﮑﻪ از ﻫﯿﭻ ﺷﻤﺎره اي اﺳﺘﻔﺎده ﻧﺸﻮد ‪Ace‬‬ ‫ﻣﺬﺑﻮر در اﻧﺘﻬﺎي ﻟﯿﺴﺖ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ.ﻋﻤﻮﻣﺎ ﻫﻢ ﺷﻤﺎره ﻫﺎي ‪ Ace‬ﻫﺎ را ﺑﻪ ﺻﻮرت ﻣﻀﺮﺑﯽ از 5 ﯾﺎ 01 در‬ ‫ﻣﯿﮕﯿﺮﻧﺪ ﺗﺎ اﻣﮑﺎن ﺟﺎي ﮔﯿﺮي ‪ Ace‬ﻫﺎي ﺑﻌﺪي ﺑﺪون ﺑﻬﻢ رﯾﺨﺘﻦ ﻧﻈﻢ ﺷﻤﺎره ﻫﺎ ﻓﺮاﻫﻢ ﺷﻮد.‬ ‫.‪End with CNTL/Z‬‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫‪R1(config)#ip access-list standard INSIDE_IN‬‬ ‫#)‪R1(config-std-nacl‬‬ ‫552.0.0.0 0.1.1.01 ‪R1(config-std-nacl)#10 permit‬‬ ‫‪R1(config-std-nacl)#500 deny any log‬‬ ‫ﻧﮑﺘﻪ: ‪ Extended Acl‬ﻫﺎ از ‪ Subnet mask‬ﺑﺮاي ﻣﺸﺨﺺ ﮐﺮدن ﺷﺒﮑﻪ ﻣﻮرد ﻧﻈﺮﺷﺎن اﺳﺘﻔﺎده ﻧﻤﯿﮑﻨﻨﺪ ﺑﻠﮑﻪ ﺑﻪ ﺟﺎي‬ ‫آن از ‪ Wildcard mask‬ﮐﻪ ﺑﻪ ﻧﻮﻋﯽ ﺑﺮﻋﮑﺲ ﻣﻔﻬﻮم ‪ Subnet mask‬اﺳﺖ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.‬ ‫ﺧﻮب ﺣﺎﻻ ﮐﻪ ‪ Acl‬اﯾﺠﺎد ﺷﺪ ﻧﻮﺑﺖ ﺑﻪ ﺗﺨﺼﯿﺺ آن ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ اﺳﺖ ﺑﺮاي اﯾﻨﮑﺎر در ﻣﻮد ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺲ از‬ ‫دﺳﺘﻮر ‪ ip access-group‬ﺑﻪ ﻫﻤﺮاه ﻧﺎم ‪ Acl‬ﻣﺮﺑﻮﻃﻪ و ﻧﻮع ﺗﺮاﻓﯿﮏ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ ﺑﻪ ﺷﺮح زﯾﺮ‬ ‫‪R1(config-std-nacl)#exit‬‬ ‫1/0‪R1(config)#int f‬‬ ‫‪R1(config-if)#ip access-group INSIDE_IN in‬‬ ‫اﮐﻨﻮن ﺗﻨﻈﻤﯿﺎت اﻧﺠﺎم ﺷﺪه را ﺑﺎ دﺳﺘﻮر ‪ show access-list‬ﻣﺮور ﻣﯿﮑﻨﯿﻢ‬ ‫‪R1(config-if)#do show access-list‬‬ ‫‪Standard IP access list INSIDE_IN‬‬ ‫552.0.0.0 ‪10 permit 10.1.1.0, wildcard bits‬‬ ‫‪500 deny‬‬ ‫‪any log‬‬ ‫#)‪R1(config-if‬‬ ‫2. در ﻗﺴﻤﺖ دوم آزﻣﺎﯾﺶ ﯾﮏ ‪ Extended Acl‬ﺑﻪ ﻧﺎم ‪ OUTSIDE_IN‬ﺑﺎ ﻫﺪف ﺑﻼك ﮐﺮدن ﺗﺮاﻓﯿﮏ‬ ‫ﻫﺎﺳﺘﻬﺎي 05.44.32.17 و 5.091.122.402 ﻫﻤﯿﻨﻄﻮر اﺟﺎزه ﻋﺒﻮر ﺳﺎﯾﺮ ﺗﺮاﻓﯿﮑﻬﺎ اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ و آﻧﺮا ﺑﻪ‬ ‫0/0‪Fa‬ﻣﻨﺘﺴﺐ ﻣﯿﮑﻨﯿﻢ.‬ ‫‪R1(config-if)#exit‬‬ ‫‪R1(config)#ip access-list extended OUTSIDE_IN‬‬ ‫‪R1(config-ext-nacl)#10 deny ip host 71.23.44.50 any‬‬ ‫‪R1(config-ext-nacl)#20 deny tcp host 204.221.190.5 any eq www‬‬ ‫‪R1(config-ext-nacl)#500 permit ip any any‬‬ ‫‪R1(config-ext-nacl)#exit‬‬ ‫092 ‪Page 124 of‬‬
  • 126.
    R1(config)#int f0/0 R1(config-if)#ip access-groupOUTSIDE_IN in ‫ از دﺳﺘﻮر زﯾﺮ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬Acl OUTSIDE_IN ‫ﺑﺮاي ﺑﺮرﺳﯽ و ﻣﺸﺎﻫﺪه ﺗﻨﻈﯿﻤﺎت ﺻﻮرت ﮔﺮﻓﺘﻪ روي‬ R1(config-ext-nacl)#do sh access-list OUTSIDE_IN Extended IP access list OUTSIDE_IN 10 deny ip host 71.23.44.50 any 20 deny tcp host 204.221.190.5 any eq www 500 permit ip any any R1(config-ext-nacl)# Page 125 of 290
  • 127.
    ‫آزﻣﺎﯾﺶ 8.3 –اﮐﺴﺲ ﻟﯿﺴﺘﻬﺎي ‪VTY‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻢ ‪ Acl‬ﻫﺎي وﯾﮋه ﮐﻨﺘﺮل دﺳﺘﺮﺳﯽ ﺑﻪ ﺧﻄﻮط ‪ Vty‬ﺟﻬﺖ ﻣﺪﯾﺮﯾﺖ از راه دور ادوات‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﺑﺴﯿﺎر راﯾﺞ اﺳﺖ ﮐﻪ دﺳﺘﺮﺳﯽ از راه دور ﺑﻪ ادوات را ﻣﺤﺪود ﺑﻪ ‪ Subnet‬ﻫﺎي ﻣﺪﯾﺮﯾﺘﯽ و ﺑﺮﺧﯽ‬ ‫‪ Ip‬ﻫﺎي ﺧﺎص ﻧﻤﻮد و ﺗﻨﻬﺎ اﯾﻦ رده ﺳﯿﺴﺘﻤﻬﺎ ﻣﺠﺎز ﺑﻪ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻫﺎي ‪ Telnet‬ﯾﺎ ‪ SSH‬ﺑﻪ ادوات ﺑﺎﺷﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻗﺮار دادن ﺳﻮﯾﯿﭽﻬﺎي 3‪ R1,R2,R‬و ﺳﻮﯾﯿﭻ 1‪ Sw‬در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬در 1‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 0/0‪ Fa‬در 1‪R‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/3.1.1.01 ﺑﻪ 0/0‪ Fa‬در 1‪R‬‬ ‫ﺗﻨﻈﯿﻢ ﻧﺎم ﮐﺎرﺑﺮي و رﻣﺰ ﻋﺒﻮر ﻣﺤﻠﯽ در 1‪ R‬ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ‪Level‬‬ ‫ﺗﻨﻈﯿﻢ 1‪ R‬ﺑﺮاي ﭘﺬﯾﺮش ﻫﺮدوي ﺗﻤﺎﺳﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ‪ Telnet‬و ‪SSH‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ ACL‬اﺳﻢ دار ‪ Extended‬ﺑﻪ ﻧﺎم ‪VTY_ACCESS‬‬ ‫ﺟﻠﻮﮔﯿﺮي از دﺳﺘﺮﺳﯽ آدرس 3.1.1.01 ﺑﻪ ‪Telnet‬‬ ‫اﺟﺎزه دادن ﺑﻪ ﺷﺒﮑﻪ 42/0.1.1.01 ﺟﻬﺖ اﺳﺘﻔﺎده از ‪ Telnet‬ﯾﺎ ‪SSH‬‬ ‫‪‬‬ ‫ﺟﻠﻮﮔﯿﺮي از ﻋﺒﻮر ﺳﺎﯾﺮ ﺗﺮاﻓﯿﮑﻬﺎ و ﺛﺒﺖ ﻻگ آﻧﻬﺎ‬ ‫‪‬‬ ‫اﺳﺘﻔﺎده ‪access-class‬ﺟﻬﺖ ﺗﻨﻈﯿﻢ ‪ Acl‬ﺧﻄﻮط ‪VTY‬‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﯾﮑﯽ از ﻗﺎﺑﻠﯿﺘﻬﺎي ﻣﻬﻢ ﻣﺪﯾﺮﯾﺘﯽ اراﺋﻪ ﺷﺪه در ‪ IOS‬ﻫﺎي ﺳﺮي ‪12.3T‬و4.21 اﻣﮑﺎن اﺳﺘﻔﺎده از ‪ Extended Acl‬ﻫﺎ‬ ‫ﺟﻬﺖ ﻣﺪﯾﺮﯾﺖ دﺳﺘﺮﺳﯽ ﻫﺎي از راه دور ﺑﻪ ادوات از ﻃﺮﯾﻖ ‪ Telnet‬ﯾﺎ‪ SSH‬اﺳﺖ.‬ ‫092 ‪Page 126 of‬‬
  • 128.
    VTY_ACCESS ‫ اﺳﺖﺑﻪ ﻧﺎم‬R1 ‫1. ﻗﺪم اﯾﺠﺎد ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ اﺳﻢ دار در‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip access-list extended VTY_ACCESS R1(config-ext-nacl)# host ‫ ﺑﻪ آن، ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر ﻣﻨﺒﻊ را‬Telnet ‫ ﺟﻬﺖ ﺟﻠﻮﮔﯿﺮي از دﺳﺘﺮﺳﯽ 3.1.1.01 از ﻃﺮﯾﻖ‬R1 ‫2. ﺗﻨﻈﯿﻢ‬ ‫ ﺗﻌﯿﯿﻦ ﻣﯿﮑﻨﯿﻢ‬any eq telnet ‫3.1.1.01 وﻣﻘﺼﺪ را‬ R1(config-ext-nacl)#10 deny tcp host 10.1.1.3 any eq telnet ‫ ﻧﯿﺎز ﺑﻪ ﺗﻌﺮﯾﻒ‬R1 ‫ ﺑﻪ‬SSH ‫ و‬Telnet ‫3. ﺑﺮاي اﺟﺎزه ﺑﻪ ﺷﺒﮑﻪ 42/0.1.1.01ﺟﻬﺖ ﺑﺮﻗﺮاري ﺗﻤﺎﺳﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ‬ 22 ‫ روي‬SSH ‫ ﮐﻪ روي ﭘﻮرت 32 ودﯾﮕﺮي ﺑﺮاي‬Telnet ‫ ﻣﺠﺰا دارﯾﻢ ﯾﮑﯽ ﺑﺮاي‬ACE ‫دو‬ R1(config-ext-nacl)#20 permit tcp 10.1.1.0 0.0.0.255 any eq 22 R1(config-ext-nacl)#30 permit tcp 10.1.1.0 0.0.0.255 any eq 23 ‫4. در اﻧﺘﻬﺎ ﻫﻢ ﺗﻤﺎﻣﯽ ﺗﺮاﻓﯿﮑﻬﺎي ﺑﺎﻗﯽ ﻣﺎﻧﺪه را ﺑﻼك ﮐﺮده و ﻧﺘﯿﺠﻪ اﻧﻬﺎ را ﻻگ ﻣﯽ ﮐﻨﯿﻢ‬ R1(config-ext-nacl)#500 deny ip any any log ‫ اﺳﺖ‬access-class ‫ ﺳﺎﺧﺘﻪ ﺷﺪه ﺑﻪ ﻣﻨﻈﻮر اﺳﺘﻔﺎده از‬Acl ‫5. ﻗﺪم آﺧﺮ ﺗﻨﻈﯿﻢ‬ R1(config-ext-nacl)#line vty 0 4 R1(config-line)#access-class VTY_ACCESS in R1(config-line)#end R1# ‫ ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ در اﺑﺘﺪا‬R3 ‫ و‬R2 ‫6. در ﻣﺮﺣﻠﻪ ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﻣﻮارد اﻧﺠﺎم ﺷﺪه را از ﻃﺮﯾﻖ روﺗﺮﻫﺎي‬ R1#show access-list Extended IP access list VTY_ACCESS 10 deny tcp host 10.1.1.3 any eq telnet 20 permit tcp 10.1.1.0 0.0.0.255 any eq 22 30 permit tcp 10.1.1.0 0.0.0.255 any eq telnet 500 deny ip any any log R2#telnet 10.1.1.1 Trying 10.1.1.1 ... Open Page 127 of 290
  • 129.
    User Access Verification Username:tom Password: R1#show users Line 0 con 0 * 2 vty 0 Interface User tom User Host(s) idle idle Idle Location 00:14:12 00:00:00 10.1.1.2 Mode Idle Peer Address R1#exit [Connection to 10.1.1.1 closed by foreign host] R2#ssh -l tom 10.1.1.1 Password: R1#sh ssh Connection Version Mode Encryption Hmac Username 0 1.99 IN aes128-cbc hmac-sha1 Session started 0 1.99 OUT aes128-cbc hmac-sha1 Session started %No SSHv1 server connections running. R1# State tom tom ‫ از‬Telnet ‫ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ. ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﻗﺴﻤﺘﻬﺎي ﻗﺒﻞ دﯾﺪﯾﻢ ﺗﻨﻈﺎر ﻣﯽ رود ﺗﺮاﻓﯿﮏ‬R3 ‫ﺗﺴﺖ ﺑﻌﺪي را از ﺳﻤﺖ‬ .‫ ﻣﺠﺎز ﺑﻪ ﻋﺒﻮر ﺑﺎﺷﺪ‬SSH ‫ﺳﻤﺖ آن ﺑﻼك ﺷﻮد و‬ R3#telnet 10.1.1.1 Trying 10.1.1.1 ... % Connection refused by remote host R3#ssh -l tom 10.1.1.1 Password: R1#show ssh Connection Version Mode Encryption Hmac Username 0 1.99 IN aes128-cbc hmac-sha1 Session started 0 1.99 OUT aes128-cbc hmac-sha1 Session started %No SSHv1 server connections running. R1#show users Line User Host(s) Idle Location 0 con 0 idle 00:13:53 * 2 vty 0 tom idle 00:00:00 10.1.1.3 Interface User Mode Idle State tom tom Peer Address R1# Page 128 of 290
  • 130.
    ‫آزﻣﺎﯾﺶ 9.3 –ﺳﺮوﯾﺲ ‪Password Encryption‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ﺳﺮوﯾﺲ رﻣﺰﻧﮕﺎري ﮐﻠﻤﺎت ﻋﺒﻮر ادوات ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ادوات ﺳﯿﺴﮑﻮ ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض ﺑﺮاي رﻣﺰ ﻧﮕﺎري ﮐﻠﻤﺎت ﻋﺒﻮر از اﻟﮕﻮرﯾﺘﻤﻬﺎي 7‪ Level‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﮐﻪ ﺑﺴﯿﺎر‬ ‫ﺷﮑﻨﻨﺪه ﺑﻮده و از درﺟﻪ اﻣﻨﯿﺘﯽ ﭘﺎﯾﯿﻨﯽ ﺑﺮﺧﻮردار اﺳﺖ.ﺗﻌﺪاد زﯾﺎدي وب ﺳﺎﯾﺖ در اﯾﻦ ﺧﺼﻮص وﺟﻮد دارﻧﺪﮐﻪ ﺑﻪ ﺷﻤﺎ‬ ‫اﺟﺎزه ‪ Paste‬ﮐﺮدن ﮐﻠﻤﻪ ﻋﺒﻮر ‪ Hash‬ﺷﺪه از ﯾﮏ ﺳﻮ و درﯾﺎﻓﺖ ﮐﻠﻤﻪ ﻋﺒﻮر ‪ Decrypt‬ﺷﺪه را ﻣﯽ دﻫﻨﺪ، ﺷﺎﯾﺪ ﺑﺘﻮان‬ ‫ﮔﻔﺖ ﺗﻨﻬﺎ ﺣﺴﻦ آن ﻋﺪم ﻧﻤﺎﯾﺶ ﮐﻠﻤﻪ ﻋﺒﻮر ﺑﻪ ﺻﻮرت ‪ Clear text‬در ﻫﻨﮕﺎﻣﯽ اﺳﺖ ﮐﻪ ﻣﺸﻐﻮل ﻣﺸﺎﻫﺪه ﮐﺎﻧﻔﯿﮕﻬﺎ‬ ‫ﻫﺴﺘﯿﺪ و ﺷﺨﺼﯽ ﮐﻨﺎر دﺳﺖ ﺷﻤﺎ ﻧﺸﺴﺘﻪ ﺗﻤﺎﯾﻞ ﻧﺪارﯾﺪ ﮐﻠﻤﻪ ﻋﺒﻮر را ﻣﺸﺎﻫﺪه ﮐﻨﺪ! ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﮐﺎﻧﻔﯿﮓ ادوات ﺧﻮد را‬ ‫ﺟﻬﺖ ﺑﺮرﺳﯽ ﺑﻪ ﺷﺨﺺ دﯾﮕﺮي ﻣﯽ دﻫﯿﺪ ﯾﺎ در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻮﻣﯽ ﺑﻪ اﺷﺘﺮاك ﻣﯽ ﮔﺬارﯾﺪ دﻗﯿﺖ ﮐﻨﯿﺪ ﮐﻠﻤﺎت ﻋﺒﻮر‬ ‫7‪ Level‬را از ﮐﺎﻧﻔﯿﮓ ﺣﺬف ﮐﻨﯿﺪ ﭼﻮن ﺑﻪ آﺳﺎﻧﯽ ﻗﺎﺑﻞ ﺑﺎزﯾﺎﺑﯽ ﻫﺴﺘﻨﺪ. ﮐﻠﻤﺎت ﻋﺒﻮر 5‪Type‬ﮐﻪ از ‪MD5 Hashing‬‬ ‫اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ اﯾﻦ ﻣﺸﮑﻞ را ﻧﺪارﻧﺪ زﯾﺮا اﯾﻦ اﻟﮕﻮرﯾﺘﻢ 821 ﺑﯿﺘﯽ ﻣﺎﻫﯿﺖ ﻣﻌﮑﻮس ﻧﺎﭘﺬﯾﺮ دارد و ﮐﻠﻤﺎت ﻋﺒﻮر رﻣﺰ ﺷﺪه‬ ‫ﺑﺎ آن ﻗﺎﺑﻞ رﻣﺰﮔﺸﺎﯾﯽ ﻧﯿﺴﺘﻨﺪ ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﻪ ادواﺗﯽ ﮐﻪ از 5‪ MD‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﻻﮔﯿﻦ ﻣﯿﮑﻨﯿﻢ اﺑﺘﺪا ﮐﻠﻤﻪ ﻋﺒﻮر‬ ‫درﯾﺎﻓﺘﯽ از ﻣﺎ ﺗﺤﺖ اﻟﮕﻮرﯾﺘﻢ ﻣﺬﺑﻮر ﺑﻪ ﺻﻮرت رﻣﺰ درآﻣﺪه و ﺑﺎ رﺷﺘﻪ رﻣﺰ ﺷﺪه و ذﺧﯿﺮه ﺷﺪه ﻣﻮﺟﻮد در دﯾﻮاﯾﺲ ﻣﻘﺎﯾﺴﻪ‬ ‫ﻣﯽ ﺷﻮد و در ﺻﻮرت ﯾﮑﺴﺎن ﺑﻮدن اﺟﺎزه ﻋﺒﻮر ﺻﺎدر ﺧﻮاد ﺷﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد 2 ﮐﻠﻤﻪ ﻋﺒﻮر ورﻣﺰ ﻋﺒﻮر ﻣﺤﻠﯽ‬ ‫‪‬‬ ‫ﻓﻌﺎل ﮐﺮدن ﺳﺮوﯾﺲ رﻣﺰ ﻧﮕﺎري ﮐﻠﻤﺎت ﻋﺒﻮر ﺑﺎ ‪service password-encryption‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﭼﮏ ﮐﺮدن اﯾﻨﮑﻪ آﯾﺎ واﻗﻌﺎ ﮐﻠﻤﺎت ﻋﺒﻮر رﻣﺰ ﺷﺪه اﻧﺪ؟!‬ ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ﺳﺮوﯾﺲ و ﺑﺮرﺳﯽ ﻣﺠﺪد وﺿﻌﯿﺖ ﮐﻠﻤﺎت ﻋﺒﻮر‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ ﺳﺮوﯾﺲ‬ ‫1. در اوﻟﯿﻦ ﻗﺪم دو ﮐﺎرﺑﺮ ﺑﺎ ﻣﺸﺨﺼﺎت زﯾﺮ ﺑﻪ ﺻﻮرت ﻣﺤﻠﯽ در دﯾﻮاﯾﺲ اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 129 of‬‬
  • 131.
    R1>enable R1#configure terminal Enter configurationcommands, one per line. R1(config)#username tom secret Cisco R1(config)#username jerry password Cisco End with CNTL/Z. ‫ ﻧﺎﻣﻬﺎي ﮐﺎرﺑﺮي و ﮐﻠﻤﺎت ﻋﺒﻮر اﻧﻬﺎ را‬do show run | inc username ‫2. ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر‬ ‫ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ‬ R1(config)#do show run | inc username username tom privilege 15 secret 5 $1$ID2R$2AKUK4US6yUQVkggSMkLV0 username john privilege 15 password 0 Cisco R1(config)# ‫ ﻓﻌﺎل ﻣﯿﮑﻨﯿﻢ‬service password-encryption ‫3. ﺳﺮوﯾﺲ رﻣﺰﻧﮕﺎري ﭘﺴﻮردﻫﺎ را از ﻃﺮﯾﻖ‬ R1(config)#service password-encryption ‫4. ﭘﺲ از ﻓﻌﺎل ﮐﺮدن ﺳﺮوﯾﺲ ﯾﮑﺒﺎر دﯾﮕﺮ ﮐﻠﻤﺎت ﻋﺒﻮر ذﺧﯿﺮه ﺷﺪه را ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﯾﻢ اﻟﮕﻮرﯾﺘﻢ‬ .‫ﺑﻪ درﺳﺘﯽ اﻋﻤﺎل ﺷﺪه اﺳﺖ‬ R1(config)#do show run | inc username username tom privilege 15 secret 5 $1$ID2R$2AKUK4US6yUQVkggSMkLV0 username john privilege 15 password 7 106D000A0618 R1(config)# ‫5. در اﻧﺘﻬﺎ ﺳﺮوﯾﺲ را ﻏﯿﺮ ﻓﻌﺎل ﻣﯿﮑﻨﯿﻢ ﻫﻤﺎﻧﻮﻃﺮ ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ ﮐﻠﻤﺎت ﻋﺒﻮر ﺑﻪ ﺣﺎﻟﺖ اول ﺑﺮ ﻧﻤﯿﮕﯿﺮدﻧﺪ‬ R1(config)#no service password-encryption R1(config)#do show run | inc username username tom privilege 15 secret 5 $1$ID2R$2AKUK4US6yUQVkggSMkLV0 username john privilege 15 password 7 106D000A0618 R1(config)# Page 130 of 290
  • 132.
    ‫آزﻣﺎﯾﺶ 01.3 –‪Exec Timeout‬و ‪Absolute timeout‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Timeout‬در ﻣﺤﯿﻄﻬﺎي ‪ Console‬و ‪ Vty‬ﺑﻪ ﻣﻨﻈﻮر ﻗﻄﻊ ﮐﺮدن ﺧﻮدﮐﺎر اﯾﻦ‬ ‫ارﺗﺒﺎﻃﺎت ﭘﺲ از ﮔﺬﺷﺖ ﻣﺪت زﻣﺎﻧﯽ ﻣﻌﯿﻦ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻧﮑﺘﻪ اﻣﻨﯿﺘﯽ ﻣﻬﻢ در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﻻزم اﺳﺖ ﺗﺎ ﺗﻤﺎﺳﻬﺎي ﺑﺪون ﻓﻌﺎﻟﯿﺖ ﺗﺮﻣﯿﻨﺎﻟﯽ و ﮐﻨﺴﻮﻟﯽ ﺑﻪ ادوات‬ ‫ﭘﺲ از ﮔﺬﺷﺖ ﻣﺪت زﻣﺎن ﻣﻌﯿﻨﯽ ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﻗﻄﻊ ﺷﻮﻧﺪ ﺗﺎ ﻣﻮرد ﺳﻮ اﺳﺘﻔﺎده ﺳﺎﯾﺮﯾﻦ ﻗﺮار ﻧﮕﯿﺮﻧﺪ از اﯾﻨﺮو ﺗﻨﻈﯿﻢ‬ ‫ﻣﻮارد ﻓﻮق ﻋﻠﯽ اﻟﺨﺼﻮص ‪exec timeout‬ﺑﻪ ﺷﺪت ﺗﻮﺻﯿﻪ ﻣﯽ ﺷﻮد.‬ ‫‪ Absolute timeout‬ﺑﺮﺧﯽ اوﻗﺎت در ‪ Access server‬ﻫﺎ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد ﺗﺎ ﺗﻤﺎﺳﻬﺎي ﺑﺮﻗﺮار ﺷﺪه ﺑﻪ‬ ‫ادوات را ﭼﻪ در ﺣﺎﻟﺖ ‪ Idle‬ﺑﺎﺷﻨﺪ و ﭼﻪ در ﺣﺎﻟﺖ ﻓﻌﺎل ﻗﻄﻊ ﮐﻨﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ در در 1‪ R‬و ﺗﺨﺼﯿﺺ آدرس 23/1.1.1.01 ﺑﻪ آن‬ ‫اﯾﺠﺎد ﻧﺎم ﮐﺎرﺑﺮي ورﻣﺰ ﻋﺒﻮر ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ﺑﻪ آن‬ ‫ﺗﻨﻈﯿﻢ ‪ Vty‬ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ﺗﻤﺎﺳﻬﺎ ﺑﺮ اﺳﺎس ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ Exec time out‬ﯾﮏ دﻗﯿﻘﻪ اي روي 4-0 ‪Vty‬‬ ‫‪‬‬ ‫ﭼﮏ ﮐﺮدن ﺻﺤﺖ ﺗﻨﻈﯿﻢ ﺑﺎ ‪Telnet‬ﺑﻪ ‪ Loopback‬و ﭘﺲ از آن ﯾﮏ دﻗﯿﻘﻪ ﺳﮑﻮت‬ ‫‪‬‬ ‫ﺣﺬف ‪ Exec timeout‬و اﯾﺠﺎد ‪ Absolute Timeout‬دو دﻗﯿﻘﻪ اي‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺑﺎ ‪ Telnet‬ﻣﺠﺪد ﺑﻪ ‪ Loopback‬و ﻣﺸﺎﻫﺪه ﻗﻄﻊ ﺷﺪن ارﺗﺒﺎط ﭘﺲ از دو دﻗﯿﻘﻪ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. اﯾﺠﺎد ‪ Exec timeout‬ﯾﮏ دﻗﯿﻘﻪ اي و ﭼﮏ ﮐﺮدن آن از ﻃﺮﯾﻖ ‪Loopback‬‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 131 of‬‬
  • 133.
    R1>enable R1#configure terminal Enter configurationcommands, one per line. R1(config)#line vty 0 4 R1(config-line)#exec-timeout 2 R1(config-line)#end R1#telnet 10.1.1.1 Trying 10.1.1.1 ... Open End with CNTL/Z. User Access Verification Username: tom Password: R1# [Connection to 10.1.1.1 closed by foreign host] R1# ‫ دودﻗﯿﻘﻪ اي ﺑﻪ ﺟﺎي آن اﯾﺠﺎد‬Absolute timeout ‫2. در ﻗﺪم ﺑﻌﺪي ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ را ﭘﺎك ﻣﯿﮑﻨﯿﻢ و ﯾﮏ‬ .‫ ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ‬Loopback ‫ ﻣﺠﺪد ﺑﻪ‬Telnet ‫ﻣﯿﮑﻨﯿﻢ . ﻧﺘﯿﺠﻪ را ﺑﺎ ﯾﮏ‬ R1#configure terminal Enter configuration commands, one per line. R1(config)#line vty 0 4 R1(config-line)#no exec-timeout R1(config-line)#absolute-timeout 2 R1(config-line)#end R1#telnet 10.1.1.1 Trying 10.1.1.1 ... Open End with CNTL/Z. User Access Verification Username: tom Password: R1# * * * Line timeout expired * [Connection to 10.1.1.1 closed by foreign host] R1# . Page 132 of 290
  • 134.
    ‫آزﻣﺎﯾﺶ 11.3 –وبﺳﺮور داﺧﻠﯽ ادوات ﺳﯿﺴﮑﻮ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ادوات ﺳﯿﺴﮑﻮ ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ارﺗﺒﺎﻃﻬﺎي ﺑﺮﻗﺮار ﺷﺪه ﺑﺎ وب ﮐﻨﺴﻮل اﯾﻦ ادوات‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺗﻨﻈﯿﻤﺎت ﻣﺮﺗﺒﻂ ﺑﺎ اﺣﺮاز ﻫﻮﯾﺖ از ﻃﺮﯾﻖ ‪ Cisco IOS web server‬ﺟﻬﺖ اﯾﺠﺎد و ﮐﻨﺘﺮل دﺳﺘﺮﺳﯽ ﺑﺮﺧﯽ ﮐﺎرﺑﺮان ﺑﻪ‬ ‫وب ﮐﻨﺴﻮل ادوات ﯾﺎ ‪ SDM‬در ﻣﺤﯿﻄﻬﺎي ﻋﻤﻠﯿﺎﺗﯽ اﻣﺮي راﯾﺞ ﻣﯽ ﺑﺎﺷﺪ. در اﯾﻦ ﻧﻮﺷﺘﻪ ﺑﻪ ﭼﮕﻮﻧﮕﯽ اﯾﻦ ﺗﻨﻈﯿﻤﺎت‬ ‫ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﯾﺠﺎد ارﺗﺒﺎط ‪ Cloud‬اﯾﻨﺘﺮﻓﯿﺲ 0/1‪ Fa‬ﺑﺎ ﮐﺎرت ﺷﺒﮑﻪ ﮐﺎﻣﭙﯿﻮﺗﺮ‬ ‫اﯾﺠﺎد ﮐﺎرﺑﺮ ﺑﺎ ﺳﻄﺢ دﺳﺘﺮﺳﯽ 51 ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ از ﻃﺮﯾﻖ وب‬ ‫ﺗﺨﺼﯿﺺ آدرس ﺑﻪ 0/0‪ Fa‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺗﺤﺖ وب ﺑﻪ ﮐﻨﺴﻮل روﺗﺮ از ﻃﺮﯾﻖ ‪IE‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ ﻧﺎم داﻣﻨﻪ ‪ stubarea.net‬ﺑﻪ روﺗﺮ‬ ‫‪‬‬ ‫ﻓﻌﺎل ﺳﺎزي وب ﺳﺮور داﺧﻠﯽ روﺗﺮ ﺑﺎ دﺳﺘﻮر ‪the ip http secure-server‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ وب ﺳﺮور داﺧﻠﯽ ﺑﻪ ﻣﻨﻈﻮر اﺧﺬ اﻃﻼﻋﺎت ﻫﻮﯾﺘﯽ از ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮي‬ ‫ﻻﮔﯿﻦ ﺗﺤﺖ وب از ﻃﺮﯾﻖ ‪ IE‬ﺑﻪ روﺗﺮ و وارد ﮐﺮدن اﻃﻼﻋﺎت ﻫﻮﯾﺘﯽ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺗﺨﺼﯿﺺ ﻧﺎم داﻣﻨﻪ ‪ stubarea.net‬ﺑﻪ روﺗﺮ و ﻓﻌﺎل ﺳﺎزي وب ﺳﺮور داﺧﻠﯽ آن‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪R1>enable‬‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫‪R1(config)#ip domain-name stubarea.net‬‬ ‫‪R11(config)#ip http secure-server‬‬ ‫]‪% Generating 1024 bit RSA keys, keys will be non-exportable...[OK‬‬ ‫‪%SSH-5-ENABLED: SSH 1.99 has been enabled‬‬ ‫092 ‪Page 133 of‬‬
  • 135.
    ‫#)‪R1(config‬‬ ‫2. ﺗﻨﻈﯿﻢ وبﺳﺮور داﺧﻠﯽ ﺟﻬﺖ اﺣﺮاز ﻫﻮﯾﺖ ﮐﺎرﺑﺮان از ﻃﺮﯾﻖ ﭘﺎﯾﮕﺎه داده داﺧﻠﯽ ﺣﺴﺎﺑﻬﺎي ﮐﺎرﺑﺮان‬ ‫‪R1(config)#ip http authentication local‬‬ ‫3. ﭘﺲ از ﺗﻤﯿﻞ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ ‪ Ie‬ﺑﻪ آدرس0/0‪ Fa‬روﺗﺮ ﻣﺘﺼﻞ ﻣﯿﺸﻮﯾﻢ ، ﭘﺲ ورود اﻃﻼﻋﺎت ﻫﻮﯾﺘﯽ وارد وب‬ ‫ﭘﻨﻞ روﺗﺮ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫092 ‪Page 134 of‬‬
  • 136.
    ‫آزﻣﺎﯾﺶ 21.3 –ﺛﺒﺖ ﻻﮔﻬﺎ در ‪syslog server‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ادوت ﺳﯿﺴﮑﻮ ﺟﻬﺖ ارﺳﺎل ﮐﻠﯿﻪ ﭘﯿﺎﻣﻬﺎي ﺳﯿﺴﺘﻤﯽ ﺑﻪ ‪ Syslog‬ﺳﺮور آﺷﻨﺎ‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ و واﻗﻌﯽ روﺗﺮﻫﺎ در ﻫﺮ ﻟﺤﻈﻪ ﻣﺸﻐﻮل ﮔﺮﯾﻪ و زاري ﻫﺴﺘﻨﺪ! ﻓﻼن اﯾﻨﺘﺮﻓﯿﺲ ﻣﻦ آپ ﺷﺪ اوﻧﯿﮑﯽ‬ ‫داون ﺷﺪ ، ﺷﻤﺎرﻧﺪه ‪ Acl‬ﺗﻐﯿﯿﺮ ﮐﺮد ، ﮐﺎﻧﻔﯿﮓ ﺗﻐﯿﯿﺮ ﮐﺮد و از اﯾﻦ دﺳﺖ. از ﻧﻘﻄﻪ ﻧﻈﺮ ﯾﮏ ﻣﺪﯾﺮ ﺷﺒﮑﻪ ﻻزم اﺳﺖ ﺗﺎ ﺗﻤﺎم‬ ‫اﯾﻦ ﭘﯿﺎﻣﻬﺎي ﺳﯿﺴﺘﻤﯽ در ﻣﺤﻠﯽ ذﺧﯿﺮه ﺷﻮﻧﺪ ﺗﺎ در ﻓﺮﺻﺖ ﻣﻘﺘﻀﯽ و در ﺻﻮرت ﻧﯿﺎز ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﮔﯿﺮﻧﺪ.در ﻋﻤﻞ‬ ‫اﻣﮑﺎن ذﺧﯿﺮه ﺳﺎزي ﻻﮔﻬﺎ روي ﺧﻮد ادوات ﻫﻢ وﺟﻮ دارد اﻣﺎ اﺧﺬ اﯾﻦ ﻫﻤﻪ ﻻگ ﺑﻪ ﻃﻮر ﺟﺪاﮔﺎﻧﻪ از ادوات ﻣﺠﺰا از ﻫﻢ‬ ‫ﻓﺮاﯾﻨﺪي وﻗﺖ ﮔﯿﺮ و ﻏﯿﺮ اﺻﻮﻟﯽ اﺳﺖ از اﯾﻨﺮو ﮐﻠﯿﻪ ادوات را ﺑﻪ ﮔﻮﻧﻪ اي ﺗﻨﻈﯿﻢ ﻣﯽ ﮐﻨﻨﺪ ﮐﻪ ﭘﯿﺎﻣﻬﺎي ﺳﯿﺴﺘﻤﯽ ﺧﻮد را‬ ‫ﺑﻪ ﯾﮏ ﻻگ ﺳﺮور ﻣﺸﺘﺮك در ﺷﺒﮑﻪ ارﺳﺎل ﮐﻨﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ‪ cloud‬ﻣﺎﺑﯿﻦ 0/0‪ Fa‬و ﮐﺎرت ﺷﺒﮑﻪ ﮐﺎﻣﭙﯿﻮﺗﺮ ر.ك آز 8.1‬ ‫‪‬‬ ‫داﻧﻠﻮد و ﻧﺼﺐ ﺑﺮﻧﺎﻣﻪ ‪Solarwinds kiwi syslog‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 1‪ R‬ﺟﻬﺖ ارﺳﺎل ﻻﮔﻬﺎ ﺑﻪ آدرس ﻻگ ﺳﺮور ﻣﻮﺟﻮد در ﺷﺒﮑﻪ‬ ‫ﺗﻨﻈﯿﻢ ‪ logging option‬در 1‪ R‬ﺟﻬﺖ ﻻگ ﮐﺮدن ﭘﯿﻐﺎﻣﻬﺎي 7‪ level‬و ﭘﺎﯾﯿﻨﺘﺮ )‪(Debug messages‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﭘﯿﻐﺎﻣﻬﺎي ﺳﯿﺴﺘﻤﯽ ‪ Debug‬ﺟﻬﺖ ﺛﺒﺖ در ‪ syslog‬ﺳﺮور‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﻻﮔﻬﺎي ﺛﺒﺖ ﺷﺪه در ‪ syslog‬ﺳﺮور‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺗﻨﻈﯿﻢ 1‪ R‬ﺟﻬﺖ ﻓﻌﺎل ﺳﺎزي ‪ logging‬و ارﺳﺎل ﻻﮔﻬﺎ ﺑﻪ ﻫﺎﺳﺖ ﻣﯿﺰﺑﺎن ﺑﺮﻧﺎﻣﻪ ‪syslog‬‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫.‪End with CNTL/Z‬‬ ‫‪R1>enable‬‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫3.2.861.291 ‪R1(config)#logging host‬‬ ‫092 ‪Page 135 of‬‬
  • 137.
    ‫ و ﭘﺎﯾﯿﻨﺘﺮﺑﻪ ﺳﺮور‬level 7 ‫ ﺑﻪ ﻣﻨﻈﻮر ارﺳﺎل ﻻﮔﻬﺎي‬logging ‫2. ﺗﻈﯿﻢ ﭘﺎراﻣﺘﺮ‬ R1(config)#logging trap 7 R1(config)#end R1# %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.2.3 port 514 started - CLI initiated R1# icmp ‫ روي‬Debug ‫3. اﯾﺠﺎد دﺳﺘﯽ ﭼﻨﺪ ﭘﯿﻐﺎم ﺳﯿﺴﺘﻤﯽ ﺑﺎ اﻧﺠﺎم‬ R1#debug ip icmp ICMP packet debugging is on R1#ping 192.168.255.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.255.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/24/100 ms R1# ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 ICMP: echo reply rcvd, src 192.168.255.10, dst 192.168.255.1 R1# ‫ ﺳﺮور‬syslog ‫4. ﺑﺮرﺳﯽ ﺻﺤﺖ اﻃﻼﻋﺎت درﯾﺎﻓﺘﯽ در‬ Page 136 of 290
  • 138.
    ‫آزﻣﺎﯾﺶ 1.4 –‪CDP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ CDP‬و ﺗﺎﯾﻤﺮ آن آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮورﻣﻔﺎﻫﯿﻢ‬ ‫ﻣﻬﺪﺳﯿﻦ ﺷﺒﮑﻪ ﻋﻤﻮﻣﺎ از ‪ CDP‬ﺑﺮاي ﻣﺴﺘﻨﺪ ﺳﺎزي و درك ﺗﻮﭘﻮﻟﻮژي ﺷﺒﮑﻪ ﻫﺎي ﻓﺎﻗﺪ ﻣﺴﺘﻨﺪات اﺳﺘﻔﺎده ﻣﯽ‬ ‫ﮐﻨﻨﺪ.‪ Cdp‬ﭘﺮوﺗﮑﻠﯽ ﻻﯾﻪ 2 اﺳﺖ ﮐﻪ وﻇﯿﻔﻪ آن ﻧﻘﻞ و اﻧﺘﻘﺎل اﻃﻼﻋﺎت ﻋﻤﻮﻣﯽ ادوات ﺳﯿﺴﮑﻮ )ﻋﻤﻮم ادوات ﻣﺒﺘﻨﯽ ﺑﺮ‬ ‫‪ (IOS‬ﻣﺸﺘﻤﻞ ﺑﺮ ‪ IP‬آدرس – وﺿﻌﯿﺖ اﺗﺼﺎل ﻓﯿﺰﯾﮑﯽ ﻟﯿﻨﮑﻬﺎ- ﻣﺸﺨﺼﻪ ﭘﻮرﺗﻬﺎ و ﻧﺴﺨﻪ ‪ IOS‬و ﺑﺴﯿﺎري دﯾﮕﺮ ﻣﺎﺑﯿﻦ‬ ‫ادوات ﻫﻤﺴﺎﯾﻪ ﻣﯽ ﺑﺎﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ:‬ ‫‪Show Cdp‬‬ ‫ﺟﻬﺖ ﻧﻤﺎﯾﺶ ‪ holdtime ،CDP Hello Timer‬و ﻧﮕﺎرش ﻧﺴﺨﻪ ‪CDP‬‬ ‫‪show cdp neighbors‬‬ ‫ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ادوات ﺑﻪ ﻃﻮر ﻓﯿﺰﯾﮑﯽ ﻣﺘﺼﻞ ﺷﺎﻣﻞ ‪Local&Remote ،HostName‬‬ ‫‪show cdp detail‬‬ ‫ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﺟﺰﺋﯽ ﺗﺮ در ﻣﻮرد ادوات ﺑﻪ ﻃﻮر ﻓﯿﺰﯾﮑﯽ ﻣﺘﺼﻞ ﺷﺎﻣﻞ ‪Vtp ،Ios version‬‬ ‫‪clear cdp table‬‬ ‫ﭘﺎك ﮐﺮدن اﻃﻼﻋﺎت ‪ Cdp‬ذﺧﯿﺮه ﺷﺪه در ‪ CDP table‬و اﺧﺬ ﻣﺠﺪد آﻧﻬﺎ ﺑﺮ ﻣﺒﻨﺎي ‪CDP‬‬ ‫>54-01< ‪cdp timer‬‬ ‫ﺟﻬﺖ ﺗﻨﻈﯿﻢ دﺳﺘﯽ زﻣﺎن ارﺳﺎل ﭘﯿﺎم ‪ Hello‬ﺑﻪ ﻫﻤﺴﺎﯾﻪ ﻫﺎ‬ ‫>54-01< ‪cdp holdtime‬‬ ‫ﺗﻨﻈﯿﻢ دﺳﺘﯽ ‪dead timer‬ﺟﻬﺖ ﻣﺸﺨﺺ ﮐﺮدن ﻣﺪت زﻣﺎن ﻻزم ﺑﺮاي ﻗﻄﻊ ﻧﺸﺎن دادن‬ ‫‪،ports‬ﻇﺮﻓﯿﺘﻬﺎي ﭘﻠﺘﻔﺮﻣﻬﺎي ﻫﻤﺴﺎﯾﻪ و ﻧﺎم آﻧﻬﺎ‬ ‫‪ Native vlan ،domain‬و ‪Duplex‬‬ ‫ﻓﺮﯾﻤﻬﺎي درﯾﺎﻓﺖ ﺷﺪه از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﭘﻠﺘﻔﺮم ﺟﺎري‬ ‫ارﺗﺒﺎط ﺑﺎ ﻫﻤﺴﺎﯾﻪ ﻫﺎ در ﺻﻮرت درﯾﺎﻓﺖ ﻧﮑﺮدن ‪ Hello‬از ﺳﻤﺖ اﻧﻬﺎ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ و ﯾﮏ دﺳﺘﮕﺎه ﺳﻮﯾﯿﭻ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.552.861.291 ﺑﻪ 0/0‪ Fa‬در روﺗﺮ 1‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/452.552.861.291 ﺑﻪ 1‪ Vlan‬در ﺳﻮﯾﯿﭻ 1‪SW‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫092 ‪Page 137 of‬‬
  • 139.
    R1 ‫ ازﻃﺮﯾﻖ روﺗﺮ‬SW1 ‫ ﻣﻮﺟﻮد در‬Feature set ‫ و‬IOS ‫ﯾﺎﻓﺘﻦ ﻧﺴﺨﻪ‬  SW1 ‫ از ﻃﺮﯾﻖ‬R1 ‫ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬Ip ‫ﯾﺎﻓﺘﻦ‬  R1 ‫ ﻣﺘﺼﻞ اﺳﺖ ﯾﺎ ﺧﯿﺮ از ﻃﺮﯾﻖ‬SW1 ‫ ﺑﻪ‬R1 ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از اﯾﻨﮑﻪ اﯾﻨﺘﺮﻓﯿﺲ‬  R1 ‫ اﯾﻨﺘﺮﻓﯿﺲ ﺳﻮﯾﯿﭽﯽ ﮐﻪ روﺗﺮ ﻣﺴﺘﻘﯿﻤﺎ ﺑﻪ آن ﻣﺘﺼﻞ اﺳﺖ از ﻃﺮﯾﻖ‬Vtp doamain ‫ و‬Native Vlan ‫ﯾﺎﻓﺘﻦ‬  .‫ ﭘﺲ از اﻧﺠﺎم اﯾﻦ ﮐﺎر‬SW1 ‫ در ﻣﻮرد‬R1 ‫ و ﭼﮏ ﮐﺮدن اﻃﻼﻋﺎت‬R1 ‫ در‬CDP table ‫ﭘﺎك ﮐﺮدن‬  ‫ﺗﻐﯿﯿﺮ ﻣﻘﺎدﯾﺮ ﭘﯿﺶ ﻓﺮض ﺗﺎﯾﻤﺮﻫﺎي ادوات از 081/06ﺑﻪ 54/51 وﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ cdp ‫، ﺑﺮاي درﯾﺎﻓﺖ اﯾﻦ اﻃﻼﻋﺎت دﺳﺘﻮر‬R1 ‫ از ﻃﺮﯾﻖ‬SW1 ‫ ﺳﻮﯾﯿﭻ‬Ios ‫1. ﻣﺸﺨﺺ ﮐﺮدن ﻧﺴﺨﻪ و وﯾﮋﮔﯿﻬﺎي‬ ‫ اﺟﺮا ﻣﯿﮑﻨﯿﻢ‬R1 ‫را در‬neighbor detail R1>show cdp neighbors detail ------------------------Device ID: Router Entry address(es): Platform: Cisco 3640, Capabilities: Router Switch IGMP Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1 Holdtime : 134 sec Version : Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Tue 06-Mar-07 20:25 by prod_rel_team advertisement version: 2 VTP Management Domain: '' Duplex: full R1> ENTERPRISE/FW/IDS PLUS ‫ ﺑﺎ وﯾﮋﮔﯽ‬IOS ‫ داراي‬SW1 ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ از ﻗﺴﻤﺖ زﯾﺮﺧﻂ دار ﭘﯿﺪاﺳﺖ‬ .‫ اﺳﺖ‬IPSEC 3DES Version 12.4(13a). SW1 ‫ از ﻃﺮﯾﻖ‬R1 ‫ اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬IP ‫2. ﭘﯿﺪا ﮐﺮدن‬ SW1#show cdp neighbors detail ------------------------Device ID: R1 Entry address(es): IP address: 192.168.255.1 Platform: Cisco 3725, Capabilities: Router Switch IGMP Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/0 Holdtime : 168 sec Version : Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version Page 138 of 290
  • 140.
    12.4(15)T14, RELEASE SOFTWARE(fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Tue 17-Aug-10 12:08 by prod_rel_team advertisement version: 2 VTP Management Domain: '' Duplex: full SW1# ‫ آﻧﺮا از‬SW1 ‫ ﻣﻮرد ﻧﻈﺮ 1.552.861.291 اﺳﺖ و ﺳﻮﯾﯿﭻ‬Ip ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﻗﺴﻤﺖ زﯾﺮ ﺧﻂ دار ﺑﺎﻻ ﻣﺸﺨﺺ ﺷﺪه‬ .‫ ﺑﻪ دﺳﺖ آورده اﺳﺖ‬CDP ‫ﻃﺮﯾﻖ درﯾﺎﻓﺖ ﻓﺮﯾﻤﻬﺎي‬ ‫ ﻣﺘﺼﻞ ﺷﺪه اﺳﺖ‬SW1 ‫ ﮐﻪ ﺑﻪ‬R1 ‫3. ﭘﯿﺪا ﮐﺮدن ﻣﺸﺨﺼﺎت اﯾﻨﺘﺮﻓﯿﺴﯽ از‬ R1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID SW1 Local Intrfce Fas 0/0 Holdtme 125 Capability R S I Platform Port ID 3640 Fas 0/1 R1# .‫ ﺑﻪ آن ﻣﺘﺼﻞ ﺷﺪه اﺳﺖ‬R1 ‫ ﭘﻮرﺗﯽ از ﺳﻮﯾﯿﭻ ﮐﻪ اﯾﻨﺘﺮﻓﯿﺲ‬Vtp domain ‫ و‬Native vlan ‫4. ﭘﯿﺪا ﮐﺮدن‬ R1>show cdp neighbors detail ------------------------Device ID: SW1 Entry address(es): IP address: 192.168.255.254 Platform: Cisco 3640, Capabilities: Router Switch IGMP Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1 Holdtime : 157 sec Version : Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Tue 06-Mar-07 20:25 by prod_rel_team advertisement version: 2 VTP Management Domain: '' Duplex: full R1> Page 139 of 290
  • 141.
    ‫ ﺧﺎﻟﯽ اﺳﺖ‬Vtpdomain ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ در ﻗﺴﻤﺖ زﯾﺮﺧﻂ دار ﻣﺸﺨﺺ ﺷﺪه اﺳﺖ‬ R1>show cdp neighbors detail ------------------------Device ID: SW1 Entry address(es): IP address: 192.168.255.254 Platform: Cisco 3640, Capabilities: Router Switch IGMP Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1 Holdtime : 157 sec Version : Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Tue 06-Mar-07 20:25 by prod_rel_team advertisement version: 2 VTP Management Domain: '' Duplex: full R1> ‫ ﭘﺲ از اﯾﻨﮑﺎر ﻣﺠﺪدا اﻗﺪام ﺑﻪ ﭘﺮ‬R1 ‫ و اﻃﻤﯿﻨﺎن از ﭘﺎك ﺷﺪن آن و ﻣﺸﺎﻫﺪه اﯾﻨﮑﻪ‬CDP ‫5. ﭘﺎك ﮐﺮدن ﺟﺪول‬ . ‫ﮐﺮدن ﺟﺪول ﻣﺬﺑﻮر ﻣﯽ ﻧﻤﺎﯾﺪ‬ R1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID SW1 Fas 0/0 173 R S I 2650XM Fas 1/0 R1#clear cdp table R1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID R1# Local Intrfce Holdtme Capability Platform Port ID ‫6. ﺗﻐﯿﯿﺮ ﻣﻘﺎدﯾﺮ ﭘﯿﺶ ﻓﺮض ﺗﺎﯾﻤﺮ در ﻫﺮ دو ﭘﻠﺘﻔﺮم از 081/06 ﺑﻪ 54/51و ﺑﺮرﺳﯽ ﺻﺤﺖ اﻋﻤﺎل ﺗﻐﯿﯿﺮات‬ Page 140 of 290
  • 142.
    R1>enable R1#configure terminal Enter configurationcommands, one per line. End with CNTL/Z. R1(config)#cdp timer 15 R1(config)#cdp holdtime 45 R1(config)#end %SYS-5-CONFIG_I: Configured from console by console R1#show cdp Global CDP information: Sending CDP packets every 15 seconds Sending a holdtime value of 45 seconds Sending CDPv2 advertisements is enabled R1# Page 141 of 290
  • 143.
    ‫آزﻣﺎﯾﺶ 2.4 –اﯾﺠﺎد ‪Vlan‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ اﯾﺠﺎد ، ﻧﺎم ﮔﺬاري و ﺗﺨﺼﯿﺺ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ ﺑﻪ ‪ Vlan‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻗﺒﻞ از ورود ﺑﺤﺚ ‪ vlan‬ﻧﮕﺎﻫﯽ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﺑﻪ ﺷﺒﮑﻪ ﻫﺎي ‪ Flat‬ﯾﺎ ﻣﺴﻄﺢ . در اﯾﻦ ﺷﺒﮑﻪ ﻫﺎ ﻣﺘﺼﺪي ﻣﺮﺑﻮﻃﻪ ﺗﻌﺪاد‬ ‫زﯾﺎدي ﻫﺎب ﯾﺎ ﺳﻮﯾﯿﭻ را ﻣﺎﻧﻨﺪ داﻧﻪ ﻫﺎي ﮔﺮدن ﺑﻨﺪ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﯿﮑﻨﺪ ﺗﺎ ﯾﮏ ﺷﺒﮑﻪ ﺑﺰرگ دﻫﺎ و ﺷﺎﯾﺪ ﺻﺪﻫﺎ ﮐﺎرﺑﺮه را‬ ‫ﺑﺎ ﺗﻨﻬﺎ ﯾﮏ ﺳﺎﺑﻨﺖ اﯾﺠﺎد ﮐﻨﺪ.از ﻣﻨﻈﺮ اﺻﻮل ﻃﺮاﺣﯽ ﺷﺒﮑﻪ اﯾﻦ ﻧﻮع ﻃﺮاﺣﯽ در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ ﺑﻪ ﻃﺮز ﺗﺮﺳﻨﺎﮐﯽ‬ ‫اﺷﺘﺒﺎه اﺳﺖ زﯾﺮا ‪ Broadcast‬ﻫﺎي ﻧﺎﺧﻮاﺳﺘﻪ ﺑﻪ آﺳﺎﻧﯽ ﻣﯿﺘﻮاﻧﻨﺪ ﮐﻞ ﺗﺮاﻓﯿﮏ ﺷﺒﮑﻪ را ﺗﺤﺖ اﻟﺸﻌﺎع ﻗﺮار داده و ﺷﺒﮑﻪ‬ ‫را از دﺳﺘﺮس ﺧﺎرج ﮐﻨﻨﺪ.در ﺷﺒﮑﻪ ﻫﺎي ﺑﺎ دﺳﺘﺮﺳﯽ ﭼﻨﺪﮔﺎﻧﻪ )‪ (multi-access network‬ﺑﺎزدﻫﯽ ﮐﻠﯽ ﺷﺒﮑﻪ‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺗﻌﺪاد ادوات ﻓﻌﺎل از 004 ﻋﺪد ﺑﯿﺸﺘﺮ ﻣﯽ ﺷﻮﻧﺪ ﺑﻪ ﻃﺮز ﭼﺸﻢ ﮔﯿﺮي ﮐﺎﻫﺶ ﻣﯿﺎﺑﺪ . راﯾﺞ ﺗﺮﯾﻦ ﺳﺎﯾﺰ ﻣﺎﺳﮏ‬ ‫42/ ﮐﻪ ﺗﻨﻬﺎ 452 ﮔﺮه ﻓﻌﺎل در ﺳﺎﺑﻨﺖ را آدرس دﻫﯽ ﻣﯿﮑﻨﺪ، ﺑﺎ اﯾﻦ اوﺻﺎف ﭼﮕﻮﻧﻪ ﺑﺎﯾﺪ ﺷﺒﮑﻪ اي ﺑﺎ ﺑﯿﺶ از 004 ﮔﺮه‬ ‫ﻓﻌﺎل داﺷﺘﻪ ﺑﺎﺷﯿﻢ ؟ ﭘﺎﺳﺦ اﺳﺘﻔﺎده از ‪ Vlan‬اﺳﺖ.‬ ‫ﺗﻌﺮﯾﻒ ‪ Vlan‬در ﺳﺎده ﺗﺮﯾﻦ ﺷﮑﻞ ﺧﻮد ﺑﻪ ﺻﻮرت ﭘﺎرﺗﯿﺸﻦ ﺑﻨﺪي ﮐﺮدن ﯾﮏ ﺳﻮﯾﯿﭻ ﻓﯿﺰﯾﮑﯽ ﺑﻪ ﺗﻌﺪادي ﺷﺒﮑﻪ ﻣﺠﺎزي‬ ‫و اﯾﺰوﻟﻪ از ﯾﮑﺪﯾﮕﺮ اﺳﺖ ﺑﻪ ﮔﻮﻧﻪ اي ﮐﻪ ﮔﺮه ﻫﺎي ﻣﺘﺼﻞ ﺑﻪ اﯾﻦ ﺷﺒﮑﻪ ﻫﺎي ﺟﺪا از ﻫﻢ ﻫﯿﭻ ﮔﻮﻧﻪ ارﺳﺎل و درﯾﺎﻓﺖ داده‬ ‫اي ﺑﺎ ﻫﻢ ﻧﺪارﻧﺪ ﻣﮕﺮاز ﻃﺮﯾﻖ ﯾﮏ روﺗﺮ واﺳﻂ ﻣﺎﺑﯿﻨﺸﺎن. در ﺗﻌﺮﯾﻒ دﯾﮕﺮي ‪ vlan‬را ﻣﯽ ﺗﻮان ﺗﻔﮑﯿﮏ ﻻﯾﻪ دوﯾﯽ‬ ‫ﻗﺴﻤﺘﻬﺎي ﻣﻨﻄﻘﯽ ﺷﺒﮑﻪ از ﻫﻢ ﻧﺎﻣﯿﺪ ﺗﻔﮑﯿﮏ ﻻﯾﻪ ﺳﻪ اي ﻫﻢ ﺗﺤﺖ ﻋﻨﻮان ‪ subneting‬وﺟﻮد دارد ﮐﻪ در ﻓﺼﻞ 6 ﻣﻮرد‬ ‫ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ. ﺑﻪ ﻃﻮر ﺧﻼﺻﻪ دﻟﯿﻞ ﻋﻤﺪه اﯾﺠﺎد ‪ Vlan‬در ﺷﺒﮑﻪ ﻫﺎي ﮐﺎﻣﭙﯿﻮﺗﺮي ﮐﻨﺘﺮل اﻧﺪازه ﺳﮕﻤﻨﺖ‬ ‫ﺷﺒﮑﻪ ﻻﯾﻪ دوﯾﯽ ﻣﻮﺟﻮد اﺳﺖ ﺗﺎ ﺑﺮادﮐﺴﺘﻬﺎ و ﺗﺮاﻓﯿﮑﻬﺎي ﮐﻨﺘﺮﻟﯽ ﺳﮕﻤﻨﺖ ﺟﺎري را در ﺧﻮد ﻏﺮق ﻧﮑﻨﻨﺪ.‬ ‫ذﮐﺮ اﯾﻦ ﻧﮑﺘﻪ ﺣﺎﺋﺰ اﻫﻤﯿﺖ اﺳﺖ ﮐﻪ در اﯾﻦ ﻧﻮﺷﺘﺎر ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و2‪ SW‬و3‪ SW‬ﻫﻤﮕﯽ در واﻗﻊ روﺗﺮ ﻫﺎي 5473‬ ‫ﺑﻪ ﻫﻤﺮاه ﻣﺎژول ‪ NM-16ESW‬ﻫﺴﺘﻨﺪ ﮐﻪ اﺟﺎزه اﻧﺠﺎم اﺗﻈﯿﻤﺎت ‪ Vlan‬را در ‪ global config mode‬ﻣﯿﺪﻫﺪ در‬ ‫ﺻﻮرت اﺳﺘﻔﺎده از ‪ Ios‬ﻫﺎي ﭘﺎﯾﯿﻨﺘﺮ اﻧﺠﺎم اﯾﻦ ﺗﻨﻈﯿﻤﺎت ﻣﯿﺒﺎﯾﺴﺖ از ﻃﺮﯾﻖ ‪Vlan databse‬اﻧﺠﺎم ﺷﻮد ﮐﻪ روﺷﯽ‬ ‫ﻧﺴﺒﺘﺎ ﻣﻨﺴﻮخ ﺷﺪه اﺳﺖ .‬ ‫‪ :Show vlan‬اﯾﻦ دﺳﺘﻮر در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺟﻬﺖ ﻧﻤﺎﯾﺶ ﻣﺸﺨﺼﻪ ‪ Vlan‬ﻫﺎي ﺗﻌﺮﯾﻒ ﺷﺪه ﺑﻪ ﮐﺎر ﻣﯽ رود.‬ ‫‪ :Show vlan-switch‬اﯾﻦ دﺳﺘﻮر در روﺗﺮﻫﺎي داراي ﻣﺎزوﻟﻬﺎي ‪WIC, HWIC, NM-16ESW‬ﺟﻬﺖ ﻧﻤﺎﯾﺶ‬ ‫‪ Vlan‬ﻫﺎي ﺗﻌﺮﯾﻒ ﺷﺪه ﺑﻪ ﮐﺎر ﻣﯽ رود.‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺳﺎﺧﺖ ﺳﻮﯾﯿﭻ 1‪ SW‬از ﻃﺮﯾﻖ روﺗﺮ ﺑﺎ 5473 ‪ IOS‬و ﻣﺎژول ‪Nm-16esw‬‬ ‫092 ‪Page 142 of‬‬
  • 144.
    ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ Development,Sales,Marketing ‫ﺑﻪ ﺷﻤﺎره ﻫﺎي 03,02,01 ﻧﺎﻣﻬﺎي‬Vlan ‫اﯾﺠﺎد ﺳﻪ‬  Vlan30‫ ﺑﻪ‬Fa0/3 ‫ و‬Vlan20 ‫ ﺑﻪ‬Fa0/2 ‫ و‬Vlan10 ‫ ﺑﻪ‬Fa0/1 ‫ﺗﺨﺼﯿﺺ ﭘﻮرﺗﻬﺎي‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﺑﺎ ﻣﺸﺨﺼﺎت ﻓﻮق‬vlan ‫1. اﯾﺠﺎد ﺳﻪ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#config terminal Enter configuration commands, one per line. SW1(config)#vlan 10 SW1(config-vlan)#name Sales SW1(config-vlan)#vlan 20 SW1(config-vlan)#name Development SW1(config-vlan)#vlan 30 SW1(config-vlan)#name Marketing SW1(config-vlan)#end SW1# End with CNTL/Z. . ‫ ﻫﺎي ﺗﻌﺮﯾﻒ ﺷﺪه‬Vlan ‫2. ﺗﺨﺼﯿﺺ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ ﺑﻪ‬ SW1#configure terminal SW1(config)#interface Fa0/1 SW1(config-if)#switchport access vlan 10 SW1(config-if)#interface Fa0/2 SW1(config-if)#switchport access vlan 20 SW1(config-if)#interface Fa0/3 SW1(config-if)#switchport access vlan 30 SW1(config-if)#end SW#show vlan VLAN Name Status Ports ---- ---------------------------- --------- ------------------------------1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 Sales active Fa0/1 20 Development active Fa0/2 30 Marketing active Fa0/3 1002 fddi-default act/unsup 1003 token-ring-default act/unsup Page 143 of 290
  • 145.
  • 146.
    ‫آزﻣﺎﯾﺶ 3.4 –‪Management Vlan‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Management vlan‬ﺟﻬﺖ ﻣﺪﯾﺮﯾﺖ و ﭘﯿﮑﺮﺑﻨﺪي ادوات آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫در دﻧﯿﺎي ﺳﻮﯾﯿﭽﯿﻨﮓ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﻨﻄﻘﯽ ﮐﻪ از ﻃﺮﯾﻖ ﯾﮏ ‪ Vlan‬اﯾﺠﺎد ﺷﺪه اﺳﺖ ‪Switched Virtual Interface‬‬ ‫ﯾﺎ ‪ Svi‬ﻣﯿﮕﻮﯾﻨﺪ.ﻣﯽ ﺗﻮان در ﻫﻨﮕﺎم ﮐﺎﻧﻔﯿﮓ اﯾﻦ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻣﺠﺎزي از ﮐﻠﯿﻪ ﻗﻮاﻋﺪ و دﺳﺘﻮر اﻟﻌﻤﻠﻬﺎي ﮐﺎﻧﻔﯿﮓ‬ ‫‪ Fastethernet‬اﯾﻨﺘﺮﻓﯿﺴﻬﺎي واﻗﻌﯽ اﺳﺘﻔﺎده ﮐﺮد ﻣﺎﻧﻨﺪ ﺗﺨﺼﯿﺺ ‪ Qos،Bridge group،Ip‬و ﺑﺴﯿﺎري دﯾﮕﺮ‬ ‫وﺟﻮد ‪ Vlan‬در ادوات ﻻﯾﻪ دو اﯾﻦ اﻣﮑﺎن را ﺑﻪ آﻧﻬﺎ ﻣﯽ دﻫﺪ ﮐﻪ ﺑﺎ ﺳﺎﯾﺮ ادوات ﻻﯾﻪ 3 ارﺗﺒﻂ ﺑﺮﻗﺮار ﮐﻨﻨﺪ. ﺳﻮﯾﯿﭽﻬﺎي‬ ‫ﭼﻨﺪ ﻻﯾﻪ از ‪ Vlan‬ﺑﻪ ﻣﻨﻈﻮر ﻓﻌﺎل ﺳﺎزي ﻗﺎﺑﻠﯿﺖ روﺗﯿﻨﮓ ﭼﻨﺪ ﻻﯾﻪ روي ﺧﻮد اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﺑﻪ ﺑﯿﺎن دﯾﮕﺮ ﺳﻮﯾﯿﭻ‬ ‫ﭼﻨﺪ ﻻﯾﻪ ﺑﻪ ﻋﻨﻮان ﻣﻔﻬﻮم ﺟﺪﯾﺪي ﮐﻪ در آزﻣﺎﯾﺶ 02.4 ﺑﻪ آن ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ ﯾﻌﻨﯽ ‪ Router-on-a- stick‬اﯾﻔﺎي‬ ‫ﻧﻘﺶ ﻣﯿﮑﻨﺪ. در ﺳﻮﯾﯿﭽﻬﺎي ﭼﻨﺪ ﻻﯾﻪ ﻣﺎﻧﻨﺪ 0653 ﯾﺎ 0573 از ‪ vlan‬اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ ﻋﻨﻮان ‪ default gateway‬ﺑﺮاي‬ ‫ﮐﺎﻣﭙﯿﻮﺗﺮﻫﺎ و ﺳﺎﯾﺮ ادواﺗﯽ ﮐﻪ ﻧﯿﺎز ﺑﻪ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ ﺳﺎﯾﺮ ﺷﺒﮑﻪ ﻫﺎي داﺧﻠﯽ ﯾﺎ ﺧﺎرﺟﯽ را دارﻧﺪ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد. ﺑﻪ‬ ‫ﻋﻨﻮان ﻣﺜﺎل در ﺳﻮﯾﯿﭻ 0573 ﮐﻪ داراي ‪ Vlan‬ﺑﻪ ﻧﺎﻣﻬﺎي 01 ‪ Vlan‬و 02 ‪ Vlan‬ﺑﻪ آدرﺳﻬﺎي , 42/0.01.861.291‬ ‫42/0.02.861.291 ﻣﯽ ﺑﺎﺷﺪ ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﯾﮏ ‪ PC‬در 01 ‪ Vlan‬ﻧﯿﺎز ﺑﻪ ارﺳﺎل درﯾﺎﻓﺖ اﻃﻼﻋﺎت ﺑﻪ 02 ‪ Vlan‬داﺷﺘﻪ‬ ‫ﺑﺎﺷﺪ اﯾﻦ ﮐﺎﻣﭙﯿﻮﺗﺮ از آدرس 01 ‪ Vlan‬ﺑﻪ ﻋﻨﻮان ‪ Default gateway‬اﺳﺘﻔﺎده ﺧﻮاﻫﺪ ﮐﺮد و ﺳﻮﯾﯿﭻ ﭘﮑﺘﻬﺎ را ﻣﺒﺘﻨﯽ ﺑﺮ‬ ‫ﻗﻮاﻋﺪ ﻻﯾﻪ 3 ﺑﻪ ﺳﻤﺖ 02 ‪ Vlan‬روت ﺧﻮاﻫﺪ ﮐﺮد .‬ ‫در ﺳﻮﯾﯿﭻ ﻫﺎي ﻻﯾﻪ دو ﺗﻨﻬﺎ ﯾﮏ ‪ Vlan interface‬ﻓﻌﺎل ﻗﺎﺑﻞ ﺗﻌﺮﯾﻒ اﺳﺖ و از آن ﺑﻪ ﻋﻨﻮان ‪Management vlan‬‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﯾﺎد ﻣﯿﺸﻮد .‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ و ﺳﻮﯾﯿﭻ در ﻣﺤﯿﻂ 3‪Gns‬‬ ‫اﺗﺼﺎل 1/0‪ Fa‬ﺳﻮﯾﯿﭻ 1‪ SW‬ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ و ﻓﻌﺎل ﺳﺎزي ﮐﻠﻤﻪ ﻋﺒﻮر ﺟﻬﺖ ‪Telnet‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬وﺗﻐﯿﯿﺮ ﻧﺎم آن ﺑﻪ ‪management‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/01.1.1.01 ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ اﯾﺠﺎد ﺷﺪه‬ ‫092 ‪Page 145 of‬‬
  • 147.
    Vlan10 ‫ ﺑﻪ‬Fa0/1‫اﻧﺘﺴﺎب اﯾﻨﺘﺮﻓﯿﺲ‬ SW1 ‫ در‬Vlan 10 ‫ ﺑﻪ‬R1 ‫ از ﻃﺮﯾﻖ‬Telnet ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺑﺎ‬   ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ Management ‫ ﺑﺎ ﻧﺎم‬Vlan 10 ‫1. اﯾﺠﺎد‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1>configure terminal Enter configuration commands, one per line. SW1(config)#vlan 10 SW1(config-vlan)#name Management SW1(config-vlan)#end SW1# End with CNTL/Z. ‫ و ﺗﺨﺼﯿﺺ آدرس 42/01.1.1.01 ﺑﻪ آن‬Vlan 10 ‫2. اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ‬ ‫ در ﻣﻮد ﮔﻠﻮﺑﺎل ﮐﺎﻧﻔﯿﮓ ﺳﺎﺧﺘﻪ ﺷﻮد.دﻗﺖ ﮐﻨﯿﺪ ﮐﻪ‬Vlan interface ‫ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر اﺑﺘﺪا ﻻزم اﺳﺖ ﯾﮏ‬ ‫ ﺑﻪ ﮐﺎر ﻣﯽ رود‬Interface vlan#x ‫ در دﺳﺘﻮر‬Vlan ‫ ﺑﻪ ﺻﻮرت ﭼﺴﭙﯿﺪه ﺑﻪ ﻋﺒﺎرت‬Vlan ‫ﺷﻤﺎره اﯾﻨﺘﺮﻓﯿﺲ‬ SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface vlan10 SW1(config-if)#ip address 10.1.1.10 255.255.255.0 SW1(config-if)#no shut SW1(config-if)# Vlan 10 ‫ ﺑﻪ‬SW1 ‫ در‬Fa0/1 ‫3. اﻧﺘﺴﺎب‬ SW1(config-if)#interface FastEthernet0/1 SW1(config-if)#switchport access vlan 10 SW1(config-if)#no shut SW1(config-if)#end SW1# Page 146 of 290
  • 148.
    ‫ دﺳﺘﺮﺳﯽ ﭘﯿﺪاﮐﻨﯿﻢ‬R1 ‫ را از ﻃﺮﯾﻖ‬SW1 ‫ واﻗﻊ در‬Valn 10 ‫ﭘﺲ از اﻧﺠﺎم ﻣﺮاﺣﻞ ﺑﺎﻻ ﺑﺎﯾﺪ ﺑﺘﻮاﻧﯿﻢ ﺑﻪ‬ R1#ping 10.1.1.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/39/100 ms R1# R1#telnet 10.1.1.10 Trying 10.1.1.10 ... Open User Access Verification Password: SW1> Page 147 of 290
  • 149.
    ‫آزﻣﺎﯾﺶ 4.4 –ﺗﻨﻈﯿﻤﺎت ‪ Trunking‬ﻣﺒﺘﻨﯽ ﺑﺮ ‪ ISL‬و ‪Dot1Q‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﯾﺠﺎد ﺗﺮاﻧﮏ ﻣﺒﺘﻨﯽ ﺑﺮ )‪ Inter-Switch Link (ISL‬و )‪ 802.1q (dotq‬ﻣﺎﺑﯿﻦ‬ ‫ﭼﻨﺪ ﺳﻮﯾﯿﭻ ﺑﻪ ﻣﻨﻈﻮر ﻋﺒﻮردﻫﯽ ﺗﺮاﻓﯿﮏ ‪ Vlan‬ﻫﺎ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺗﺎ اﯾﻨﺠﺎ ﺑﺎ ﻧﺤﻮه اﯾﺠﺎد و ﻣﺪﯾﺮﯾﺖ ‪ Vlan‬ﻫﺎ آﺷﻨﺎ ﺷﺪﯾﻢ ﺣﺎﻻ ﺳﻮال اﯾﻨﺠﺎﺳﺖ در ﺷﺒﮑﻪ اي ﮐﻪ ﺗﻌﺪاد زﯾﺎدي ﺳﻮﯾﯿﭻ ﻫﺮ‬ ‫ﯾﮏ ﺑﺎ ﺗﻌﺪادي ‪ Vlan‬وﺟﻮد دارد ﭼﮕﻮﻧﻪ ﻣﯽ ﺗﻮان ﺗﺮاﻓﯿﮏ ﻣﺎﺑﯿﻦ اﯾﻦ ﺳﻮﯾﯿﭽﻬﺎ را ﺑﺪون ﺑﺮﻗﺮاري اﺗﺼﺎل ﻓﯿﺰﯾﮑﯽ ﻧﻈﯿﺮ ﺑﻪ‬ ‫ﻧﻈﯿﺮ ﻣﺎﺑﯿﻦ ﭘﻮرﺗﻬﺎي ﻣﺘﻌﻠﻖ ﺑﻪ ﻫﺮ ‪ Vlan‬ﺑﺎ ﺳﻮﯾﯿﭻ ﻫﺎي دﯾﮕﺮ اﻧﺘﻘﺎل داد ؟ راه ﺣﻞ در اﺳﺘﻔﺎده از ﻣﻔﻬﻤﻮم ﺗﺮاﻧﮏ اﺳﺖ‬ ‫.ﺗﺮاﻧﮏ ﺑﺎ ﺳﺎده ﺗﺮﯾﻦ ﺗﻌﺮﯾﻒ ﻋﺒﺎرت اﺳﺖ از ﻣﺴﯿﺮ ارﺗﺒﺎﻃﯽ ﮐﻪ ﻗﺎدر ﻋﺒﻮر ﺗﺮاﻓﯿﮏ ﭼﻨﺪﯾﻦ ‪ Vlan‬ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن ﻣﺎﺑﯿﻦ‬ ‫دو ﯾﺎ ﭼﻨﺪ ﺳﻮﯾﯿﭻ اﺳﺖ. اﯾﻦ اﻣﮑﺎن ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از دو ﭘﺮوﺗﮑﻞ ‪ ISL‬ﻣﺘﻌﻠﻖ ﺑﻪ ﮐﻤﭙﺎﻧﯽ ﺳﯿﺴﮑﻮ و ‪ 802.1q‬ﯾﺎ ‪Dot1q‬‬ ‫ﻣﺘﻌﻠﻖ ﺑﻪ اﻧﺠﻤﻦ ‪ IEEE‬ﻗﺎﺑﻞ ﭘﯿﺎده ﺳﺎزي ﻣﯽ ﺑﺎﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮرات زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫‪‬‬ ‫‪switchport mode trunk‬‬ ‫ﭘﻮرت ﻣﻮرد ﻧﻈﺮ را ﺗﺒﺪﯾﻞ ﺑﻪ ﺗﺮاﻧﮏ ﭘﻮرت ﺧﻮاﻫﺪ ﮐﺮد ﺑﺎ ﻗﺎﺑﻠﯿﺖ ﻋﺒﻮر دﻫﯽ ﺗﺮاﻓﯿﮏ ﺗﻤﺎﻣﯽ ‪ Vlan‬ﻫﺎ‬ ‫‪‬‬ ‫‪switchport trunk encapsulation isl‬‬ ‫ﺗﻌﯿﯿﻦ ﮐﻨﻨﺪه ﻧﻮع ‪ encapsulation‬ﻣﻮرد اﺳﺘﻔﺎده در ﺗﺮاﻧﮏ اﺳﺖ .ﮐﻪ در اﯾﻨﺠﺎ ‪ ISL‬اﺳﺖ‬ ‫‪‬‬ ‫‪switchport trunk encapsulation dot1q‬‬ ‫ﺗﻌﯿﯿﻦ ﮐﻨﻨﺪه ﻧﻮع ‪ encapsulation‬ﻣﻮرد اﺳﺘﻔﺎده در ﺗﺮاﻧﮏ اﺳﺖ .ﮐﻪ در اﯾﻨﺠﺎ ‪ Dot1q‬اﺳﺖ‬ ‫‪‬‬ ‫‪show interface trunk‬‬ ‫ﻧﻤﺎﯾﺶ اﯾﻨﺘﺮﻓﯿﺴﻬﺎﯾﯽ ﮐﻪ در ﺣﺎﻟﺖ ﺗﺮاﻧﮏ ﻗﺮار دارﻧﺪ ﺑﻪ ﻫﻤﺮاه ﭘﺮوﺗﮑﻞ ﺗﺮاﻧﮑﯿﻨﮓ ﻣﻮرد اﺳﺘﻔﺎده‬ ‫‪‬‬ ‫‪show interface interfacename#/# switchport‬‬ ‫ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ ﻣﻮرد ﻧﻈﺮ ﻣﺸﺘﻤﻞ ﺑﺮ ﺣﺎﻟﺖ ﺗﺮاﻧﮏ ﯾﺎ اﮐﺴﺲ ﺑﻮدن اﯾﻨﺘﺮﻓﯿﺲ، ‪Native‬‬ ‫‪ Vlan،vlan‬ﻫﺎي ﻣﺠﺎز ﺑﻪ ﻋﺒﻮر از اﯾﻨﺘﺮﻓﯿﺲ )در ﺻﻮرت ﺗﺮاﻧﮏ ﺑﻮدن اﯾﻨﺘﺮﻓﯿﺲ(‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 1/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬و 02 ‪ Vlan‬در ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و 2‪SW‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫092 ‪Page 148 of‬‬
  • 150.
    ‫‪‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در2‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫ﺗﺼﻮﯾﺮ 1.4.4-ﺗﺮاﻧﮑﯿﻨﮓ ﻣﺒﺘﻨﯽ ﺑﺮ ‪ ISL‬ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭻ ﻫﺎ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن 21/0‪ Fa‬و 11/0‪ Fa‬در 2‪SW1,SW‬‬ ‫ﺑﺮﻗﺮاري ‪ Dot1q‬ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ 1‪ SW‬و 2‪ SW‬از ﻃﺮﯾﻖ 21/0‪Fa‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ﺗﺮاﻧﮏ از ﻃﺮﯾﻖ دﺳﺘﻮر #/#‪interfacename‬‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 1‪R‬و2‪ R‬از ﻃﺮﯾﻖ ‪Ping‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در 1‪ SW‬ﺑﻪ 5 ‪ Vlan‬و ﺗﺴﺖ ﻣﺠﺪد ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 2‪R1,R‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻓﺮض اوﻟﯿﻪ اﻧﺠﺎم اﯾﻦ آزﻣﺎﯾﺶ ﺑﻬﺮه ﮔﯿﺮي از دو ﺳﻮﯾﯿﭻ واﻗﻌﯽ 0653اﺳﺖ زﯾﺮا ﻣﺎژول ‪ Nm-16esw‬از ‪ISL‬‬ ‫‪ encapsulation‬ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ‬ ‫1. ﺧﺎﻣﻮش ﮐﺮدن 11/0‪ Fa0/12,Fa‬و ﺑﺮﻗﺮاري ﺗﺮاﻧﮑﯿﻨﮓ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ 01/0‪Fa‬‬ ‫092 ‪Page 149 of‬‬
  • 151.
    SW1 con0 isnow available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config-if)#interface range Fa0/11 - 12 SW1(config-if-range)#shutdown SW1(config-if-range)#interface fa0/10 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW1(config-if)#no shut SW1(config-if)#end SW1# SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config-if)#interface range Fa0/11 - 02 SW2(config-if-range)#shutdown SW2(config-if-range)#interface fa0/10 SW2(config-if)#switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk SW2(config-if)#no shut SW2(config-if)#end SW2# show interface trunk ‫2. ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﺗﺮاﻧﮏ از ﻃﺮﯾﻖ‬ SW1#show interface FastEthernet0/10 trunk Port Fa0/10 Mode on Encapsulation 802.1q Status trunking Native vlan 1 Port Fa0/10 Vlans allowed on trunk 1-4094 Port Fa0/10 Vlans allowed and active in management domain 1,10 Port Vlans in spanning tree forwarding state and not pruned Fa0/10 1 SW1# SW2#show interface FastEthernet0/10 trunk Port Fa0/10 Mode on Encapsulation 802.1q Status trunking Native vlan 1 Page 150 of 290
  • 152.
    Port Fa0/10 Vlans allowed ontrunk 1-4094 Port Fa0/10 Vlans allowed and active in management domain 1,10 Port Fa0/10 Vlans in spanning tree forwarding state and not pruned 1 SW2# R1,R2 ‫3. ﺗﺴﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ‬ ‫ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﺑﻪ وﺟﻮد‬Vlan 10 ‫اﮐﻨﻮن ﮐﻪ ﺗﺮاﻧﮏ ﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﺑﺮﻗﺮار ﺷﺪه اﺳﺖ اﻣﮑﺎن اﻧﺘﻘﺎل ﺗﺮاﻓﯿﮏ‬ ‫ ﺻﺤﺖ آﻧﺮا ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ‬Ping ‫آﻣﺪه اﺳﺖ.ﺑﺎ‬ R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 4/29/60 ms R1# R1,R2 ‫ و ﺑﺮرﺳﯽ اﻣﮑﺎن ارﺗﺒﺎط ﺑﯿﻦ‬Vlan 5 ‫ ﺑﻪ‬Fa0/2 ‫4. اﻧﺘﺴﺎب‬ SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#interface FastEthernet0/2 SW2(config-if)#switchport access vlan 5 % Access VLAN does not exist. Creating vlan 5 SW2(config-if)#end SW2# R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1# ‫ ﻣﻨﺘﻘﻞ‬SW2 ‫ در‬Vlan 5 ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﻧﺘﻈﺎر ﻣﯽ رﻓﺖ ﺗﺮاﻓﯿﮏ ﻣﺎﺑﯿﻦ دو روﺗﺮ ﺑﻪ دﻟﯿﻞ ﻋﺪم وﺟﻮد اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻌﻠﻖ ﺑﻪ‬ ‫ﻧﺸﺪ‬ switchport trunk . ‫ اﺳﺘﻔﺎده ﻣﯿﺸﻮد‬ISL ‫ از‬dot1q ‫ ﻫﻢ دﻗﯿﻘﺎ ﺑﻪ ﻫﻤﯿﻦ ﻣﻨﻮال اﺳﺖ ﺻﺮﻓﺎ ﺑﻪ ﺟﺎي‬ISL ‫ﺗﻨﻈﯿﻤﺎت‬ encapsulation isl | dot1q Page 151 of 290
  • 153.
    ‫آزﻣﺎﯾﺶ 5.4 –ﺗﻨﻈﯿﻤﺎت ‪Etherchannel‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪Etherchannel‬ﺑﻪ ﺻﻮرت ‪ Static‬ﺟﻬﺖ ﺗﺠﻤﯿﻊ ﭼﻨﺪ ﻟﯿﻨﮏ ﻓﯿﺰﯾﮑﯽ و ﺗﺒﺪﯾﻞ‬ ‫آن ﺑﻪ ﯾﮏ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫‪ Etherchannel‬ﺗﮑﻨﻮﻟﻮژي ﭘﺮ اﺳﺘﻔﺎده اي اﺳﺖ ﮐﻪ اﻣﺮوزه ﺗﻘﺮﯾﺒﺎ در ﺗﻤﺎم ﭘﯿﺎده ﺳﺎزﯾﻬﺎي ﻣﺒﺘﻨﯽ ﺑﺮ ﻣﻌﻤﺎرﯾﻬﺎي ﻣﻌﻤﻮل‬ ‫ﺷﺒﮑﻪ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد اﻓﺰوﻧﮕﯽ و ﺗﺠﻤﯿﻊ ﭘﻬﻨﺎي ﺑﺎﻧﺪ ﻟﯿﻨﮑﻬﺎي ﻣﺘﻌﺪد ﻓﯿﺰﯾﮑﯽ ﺑﻪ ﯾﮏ ﻟﯿﻨﮏ واﺣﺪ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬ ‫ﻣﯿﮕﯿﺮد . ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﺳﺮوري ﺑﺎ 4 ﮐﺎرت ﺷﺒﮑﻪ دارﯾﺪ و ﻣﺎﯾﻞ ﻫﺴﺘﯿﺪ ﺗﻤﺎم آﻧﻬﺎ ﺑﺎ ﻫﻢ و در ﺷﺮاﯾﻂ ﺧﺎص ﻣﺜﻞ ﺳﻮﺧﺘﻦ‬ ‫ﯾﮑﯽ از آﻧﻬﺎ ﺑﻪ ﻋﻨﻮان ﺟﺎﯾﮕﺰﯾﻦ ﻫﻢ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﮔﯿﺮﻧﺪ در اﯾﻨﺠﺎ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از ‪ etherchannel‬ﻣﯽ ﺗﻮان اﯾﻦ 4‬ ‫ﭘﻮرت را ﺑﻪ ﺻﻮرت ﯾﮏ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ ﺑﺎ ﻣﺠﻤﻮع ﻇﺮﻓﯿﺖ ﻫﻤﻪ ﻟﯿﻨﮑﻬﺎي ﻣﺠﺰا ﺑﻪ ﻫﻤﺮاه ﻗﺎﺑﻠﯿﺖ اﻓﺰوﻧﮕﯽ )‪(redundancy‬‬ ‫و ﺗﻘﺴﯿﻢ ﺑﺎر)‪ (load balancing‬ﭘﯿﮑﺮﺑﻨﺪي ﮐﺮد.‬ ‫ﺳﻪ ﻧﻮع ﭘﯿﺎده ﺳﺎزي ‪ etherchannel‬وﺟﻮد دارد ، اوﻟﯿﻦ ﻣﻮرد ﮐﻪ راﯾﺞ ﺗﺮﯾﻦ ﺷﯿﻮه ﺗﺠﻤﯿﻊ ﻟﯿﻨﮑﻬﺎي ﻓﯿﺰﯾﮑﯽ ﺑﻪ ﯾﮏ‬ ‫ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ اﺳﺖ ‪ etherchannel‬اﺳﺘﺎﺗﯿﮏ ﯾﺎ ﺑﺪون ﺷﺮط ﻧﺎم دارد . در آزﻣﺎﯾﺶ ﺟﺎري اﯾﻦ ﻧﻮع ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار‬ ‫ﻣﯿﮕﯿﺮد 2 ﻧﻮع دﯾﮕﺮ ﺑﻪ ﻧﺎﻣﻬﺎي )‪ Link Aggregation Control Protocol (LACP‬و )‪Port Aggregation Protocol (PAgP‬‬ ‫وﺟﻮد دارﻧﺪ ﮐﻪ در دو آزﻣﺎﯾﺶ ﺑﻌﺪ ﺑﻪ آﻧﻬﺎ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ.‬ ‫‪ LACP‬ﺟﺰ اﺳﺘﺎﻧﺪارد ‪ IEEE‬اﺳﺖ و راﯾﺞ ﺗﺮﯾﻦ ﺷﯿﻮه ﭘﯿﺎده ﺳﺎزي ‪ etherchannel‬ﺑﻪ ﺻﻮرت داﯾﻨﺎﻣﯿﮏ اﺳﺖ اﻣﺎ‬ ‫‪ PAgP‬اﺳﺘﺎﻧﺪارد ﻣﺨﺘﺺ ﺳﯿﺴﮑﻮ اﺳﺖ و ﺗﻨﻬﺎ ﻣﺎﺑﯿﻦ ادوات ﺳﯿﺴﮑﻮ و ﻣﻌﺪود ﮐﻤﭙﺎﻧﯿﻬﺎي دﯾﮕﺮ ﻗﺎﺑﻞ ﭘﯿﺎده ﺳﺎزي اﺳﺖ.‬ ‫ﺗﻮﺟﻪ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﻫﻨﮕﺎﻣﯽ ﮐﻪ در ﭘﯿﺎده ﺳﺎزﯾﻬﺎ از ‪ LACP‬ﯾﺎ ‪ PAgP‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ ادوات دو ﺳﺮ ﻟﯿﻨﮏ از ﻣﻨﺎﺑﻊ‬ ‫ﺳﯿﺴﺘﻤﯽ ﻧﺴﺒﺘﺎ زﯾﺎدي ﺑﺮاي ﭘﺮدازش ﻓﺮﯾﻤﻬﺎي ﭘﺮوﺗﮑﻞ ﻣﻮرد اﺳﺘﻔﺎده در ﻓﺮاﯾﻨﺪ ﺗﺠﻤﯿﻊ و اﯾﺠﺎد ﮐﺎﻧﺎل اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ‬ ‫اﻣﺎ در ﺻﻮرت اﺳﺘﻔﺎده از ﻣﺘﺪ اﺳﺘﺎﺗﯿﮏ ﺑﺎ ﭼﻨﯿﻦ ﺗﻨﮕﻨﺎﯾﯽ روﺑﺮو ﻧﯿﺴﺘﯿﻢ و ﭘﺮدازﺷﻬﺎي ﻻزم در ﺳﻄﺢ ‪ Asic‬اﻧﺠﺎم ﺧﻮاﻫﺪ‬ ‫ﺷﺪ.‬ ‫ﻣﺜﺎل و ﮐﺎرﺑﺮد راﯾﺞ دﯾﮕﺮ ‪ etherchannel‬ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ دو ﯾﺎ ﭼﻨﺪ ﻟﯿﻨﮏ ﻓﯿﺰﯾﮑﯽ اﺳﺖ. ﺑﺮ‬ ‫ﻣﺒﻨﺎي ﻗﻮاﻋﺪ ‪ spanning-tree‬ﮐﻪ در آرﻣﺎﯾﺸﺎت ﺑﻌﺪ ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ ﺗﻨﻬﺎ ﯾﮑﯽ از ﭼﻨﺪ ﻟﯿﻨﮏ ﻣﺎﺑﯿﻦ دو‬ ‫ﺳﻮﯾﯿﭻ ﻓﻌﺎل ﺧﻮاﻫﻨﺪ ﻣﺎﻧﺪ و ﻣﺎﺑﻘﯽ ﺟﻬﺖ ﺟﻠﻮﮔﯿﺮي از ﻟﻮپ ﻫﺎي ﻻﯾﻪ دوﯾﯽ ﮐﻪ از آﻧﻬﺎ ﺑﻪ ﻋﻨﻮان ‪broadcast storm‬‬ ‫ﯾﺎد ﻣﯽ ﺷﻮد ﻏﯿﺮ ﻓﻌﺎل ﺧﻮاﻫﻨﺪ ﺷﺪ.ﺑﺎ ﻓﻌﺎل ﮐﺮدن ‪ etherchannel‬در ادوات دو ﺳﺮ ﻟﯿﻨﮑﻬﺎ، اﯾﻦ ﭼﻨﺪ ﻣﺴﯿﺮ ﻓﯿﺰﯾﮑﯽ‬ ‫ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﺑﻪ ﺻﻮرت ﯾﮏ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ در ﺧﻮاﻫﻨﺪ آﻣﺪ و از ﺳﺪ ‪ spanning-tree‬ﺧﻮاﻫﻨﺪ ﮔﺬﺷﺖ . ﺑﻪ ﺧﺎﻃﺮ‬ ‫داﺷﺘﻪ ﺑﺎﺷﯿﻢ در ﺻﻮرت اﯾﺠﺎد دو ﯾﺎ ﭼﻨﺪ ‪ etherchannel‬ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﺗﻨﻬﺎ ﯾﮑﯽ از اﻧﻬﺎ ﻓﻌﺎل ﺧﻮاﻫﺪ ﻣﺎﻧﺪ و ﻣﺎﺑﻘﯽ‬ ‫ﺑﺮ اﺳﺎس ﺗﻌﺎرﯾﻒ ﺑﺎﻻ ﻏﯿﺮ ﻓﻌﺎل ﺧﻮاﻫﻨﺪ ﺷﺪ‬ ‫092 ‪Page 152 of‬‬
  • 154.
    ‫ﻣﮑﺎﻧﯿﺰم ﺗﻘﺴﯿﻢ ﺑﺎر)‪ (load balancing‬در ‪ etherchannel‬داراي ﻓﺮﻣﻬﺎ و اﻧﺘﺨﺎﺑﻬﺎي زﯾﺎدي ﺑﻪ ﻗﺮار زﯾﺮ اﺳﺖ.‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪destination ip‬‬ ‫‪destination mac address‬‬ ‫‪source XOR destination IP address‬‬ ‫‪source XOR destination mac address‬‬ ‫‪source ip addres‬‬ ‫‪source mac address‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮرات زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫‪‬‬ ‫‪channel-group # mode on‬‬ ‫ﻗﺮار دادن رﻧﺠﯽ از ﭘﻮرﺗﻬﺎي اﻧﺘﺨﺎب ﺷﺪه در ‪ channel group‬ﻣﺸﺨﺺ ﺷﺪه ﺑﺎ ﺷﻤﺎره # و ﻗﺮاردادن‬ ‫‪‬‬ ‫‪show etherchannel summary‬‬ ‫ﻧﻤﺎﯾﺶ ﺧﻼﺻﻪ ﻣﺸﺨﺼﺎت ‪ EtherChannel‬ﻣﺎﻧﻨﺪ ﺷﻤﺎره ‪ ، channel-group‬ﭘﻮرﺗﻬﺎي ﻓﻌﺎل در ﮔﺮوه‬ ‫‪‬‬ ‫‪show etherchannel detail‬‬ ‫ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﺟﺰﺋﯽ ﺗﺮ در ﺧﺼﻮص ‪ EtherChannel‬ﺑﺮﻗﺮار ﺷﺪه‬ ‫‪‬‬ ‫‪show etherchannel port-channel‬‬ ‫ﻧﻤﺎﯾﺶ ﻣﺸﺨﺼﻪ ﻫﺎي اﯾﻨﺘﺮﻓﯿﺲ ﻣﻨﻄﻘﯽ اﯾﺠﺎد ﺷﺪه از ﻃﺮﯾﻖ ‪EtherChannel‬‬ ‫‪ EtherChannel‬در وﺿﻌﯿﺖ ﺑﺪون ﻗﯿﺪ و ﺷﺮط ‪ON‬‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﺳﻨﺎرﯾﻮ ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 1/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬و 02 ‪ Vlan‬در ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و 2‪SW‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در 2‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫‪‬‬ ‫ﻗﺮار دان 21/0‪ Fa0/10, Fa0/11 and Fa‬در ﺳﻮﯾﯿﭽﻬﺎي 2‪ SW1,SW‬در ﺣﺎﻟﺖ ﺗﺮاﻧﮏ. ر.ك.آز-4.4‬ ‫092 ‪Page 153 of‬‬
  • 155.
    SW1,SW2 ‫ ﺑﺪونﺷﺮط ﻣﺎﺑﯿﻦ‬Etherchannel ‫ﺗﺼﻮﯾﺮ 15.4.-اﯾﺠﺎد‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺑﺪون ﺷﺮط‬EtherChannel ‫ در ﺣﺎﻟﺖ‬Fa0/12‫و‬Fa0/10, Fa0/11 ‫ﻗﺮار دادن‬ show etherchannel summary ‫ﺗﺴﺖ ﺻﺤﺖ ﻗﺮارﮔﯿﺮي ﭘﻮرﺗﻬﺎ در ﮔﺮوه از ﻃﺮﯾﻖ دﺳﺘﻮر‬   show etherchannel load-balance ‫ ﻣﻮرد اﺳﺘﻔﺎده در ﮔﺮوه از ﻃﺮﯾﻖ‬load balancing ‫ﻣﺸﺎﻫﺪه ﻧﻮع‬  R1,R2 ‫ ﺑﯿﻦ دو روﺗﺮ‬Ping ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط در ﻟﯿﻨﮏ ﺗﺮاﻧﮏ ﻣﻨﻄﻘﯽ اﯾﺠﺎد ﺷﺪه از ﻃﺮﯾﻖ‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ Fa0/12‫و‬Fa0/10, Fa0/11 ‫ ﻣﺎﺑﯿﻦ‬EtherChannel ‫1. اﯾﺠﺎد‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. SW1(config)#interface range fa0/10 - 12 End with CNTL/Z. Page 154 of 290
  • 156.
    SW1(config-if-range)#no shut SW1(config-if-range)#channel-group 1mode on Creating a port-channel interface Port-channel1 SW1(config-if-range)# %EC-5-BUNDLE: Interface Fa0/10 joined port-channel Po1 %EC-5-BUNDLE: Interface Fa0/11 joined port-channel Po1 %EC-5-BUNDLE: Interface Fa0/12 joined port-channel Po1 %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up SW1(config-if-range)#end SW1# SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#interface range fa0/10 - 12 SW2(config-if-range)#no shut SW2(config-if-range)#channel-group 1 mode on Creating a port-channel interface Port-channel1 SW2(config-if-range)# %EC-5-BUNDLE: Interface Fa0/10 joined port-channel Po1 %EC-5-BUNDLE: Interface Fa0/11 joined port-channel Po1 %EC-5-BUNDLE: Interface Fa0/12 joined port-channel Po1 %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up SW2(config-if-range)#end SW2# ‫2. ﺑﺮرﺳﯽ ﺻﺤﺖ ﻗﺮار ﮔﯿﺮي ﭘﻮرﺗﻬﺎ در ﮔﺮوه‬ SW1#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended R - Layer3 S - Layer2 U - in use Group Port-channel Ports -----+------------+--------------------------------------------1 Po1(SU) Fa0/10(P) Fa0/11(P) Fa0/12(P) SW1# SW2#show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended R - Layer3 S - Layer2 U - in use Group Port-channel Ports Page 155 of 290
  • 157.
    -----+------------+--------------------------------------------1 Po1(SU) Fa0/10(P) Fa0/11(P) Fa0/12(P) SW2# ‫ﻣﻮرد اﺳﺘﻔﺎده در ﮔﺮوه‬load balancing ‫3. ﺗﺸﺨﯿﺺ ﻧﻮع‬ SW1#show etherchannel load-balance EtherChannel Load-Balancing Configuration: src-mac EtherChannel Load-Balancing Addresses Used Per-Protocol: Non-IP: Source MAC address IPv4: Source MAC address IPv6: Source MAC address SW1# R1,R2 ‫ ﺑﯿﻦ‬ping ‫ از ﻃﺮﯾﻖ‬EtherChannel ‫4. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺗﺮاﻧﮏ و‬ R1#ping 10.1.1.2 R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 4/23/52 ms R1# ‫در ﺻﻮرﺗﯿﮑﻪ ﻣﺎﯾﻞ ﺑﻪ اﻧﺠﺎم ﺗﺴﺖ ﺑﯿﺸﺘﺮي رو ﻟﯿﻨﮏ ﺑﺮﻗﺮار ﺷﺪه ﺑﺎﺷﯿﻢ ﻣﯿﺘﻮاﻧﯿﻢ دوﺗﺎ از ﻟﯿﻨﮑﻬﺎي ﻓﯿﺰﯾﮑﯽ ﻣﺎﺑﯿﻦ را ﻗﻄﻊ‬ ‫ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ‬Redundancy ‫ﮐﻨﯿﻢ و ﺑﺒﯿﻨﯿﻢ آﯾﺎ ﻣﺠﺪدا ارﺗﺒﺎط ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎ ﺑﺮﻗﺮار ﺧﻮاﻫﺪ ﻣﺎﻧﺪ ﯾﺎ ﺧﯿﺮ در واﻗﻊ ﻗﺎﺑﻠﯿﺖ‬ ‫را ﮐﻪ اﯾﺠﺎد ﮐﺮده اﯾﻢ را ﺗﺴﺖ ﻣﯿﮑﻨﯿﻢ‬ SW1#config terminal SW1#interface range f0/11 - 12 SW1#shutdown SW1#end SW1# Configured from console by console SW1# %LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down %LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/11, changed state to down SW1# Page 156 of 290
  • 158.
    %LINEPROTO-5-UPDOWN: Line protocolon Interface FastEthernet0/12, changed state to down SW1# ‫ ﺻﺪا ﻣﯿﺰﻧﯿﻢ‬R1 ‫ را از ﻃﺮﯾﻖ‬R2 ‫ ﻣﺠﺪدا‬etherchannel ‫ﭘﺲ از ﺧﺎﻣﻮش ﮐﺮدن دو اﯾﻨﺘﺮﻓﯿﺲ از ﺳﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻓﻌﺎل در‬ R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms R1# Page 157 of 290
  • 159.
    ‫آزﻣﺎﯾﺶ 6.4 –ﺗﻨﻈﻤﯿﺎت ‪Etherchannel PAgP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ EtherChannel‬داﯾﻨﺎﻣﯿﮏ از ﻃﺮﯾﻖ ﭘﺮوﺗﮑﻞ اﺧﺘﺼﺎﺻﯽ ‪ PAgP‬ﺳﯿﺴﮑﻮ آﺷﻨﺎ‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫‪ PAgP‬از دو ﺣﺎﻟﺖ ﺑﺮاي ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﺑﺎ ﻃﺮف ﻣﻘﺎﺑﻞ ﺧﻮد اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ. ‪ Auto‬و ‪ Desirable‬ﺣﺎﻟﺖ ‪Desirable‬‬ ‫ﻫﻤﻮاره اﻣﺎده ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﺑﺎ ﻃﺮف دوم ﺧﻮد اﺳﺖ در ﺣﺎﻟﯽ ﮐﻪ ‪ Auto‬اﯾﻨﻄﻮر ﻧﯿﺴﺖ ﺑﻪ ﺑﯿﺎن ﺑﻬﺘﺮ ﺣﺎﻟﺖ ‪ Auto‬ﺗﻨﻬﺎ در‬ ‫ﺻﻮرﺗﯽ ﮐﺎﻧﺎل را ﺑﺮﻗﺮار ﻣﯿﮑﻨﺪ ﮐﻪ ﻃﺮف دوم در ﺣﺎﻟﺖ ‪ Desirable‬ﺑﺎﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫‪‬‬ ‫‪channel-group # mode desirable‬‬ ‫ﺗﺨﺼﯿﺺ ﺷﻤﺎره ‪ channel-group‬و ﺣﺎﻟﺖ ‪ PAgP‬و اﻗﺪام ﺑﻪ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﺑﺎ ﻃﺮف دوﻣﯽ ﮐﻪ ‪ Auto‬ﯾﺎ‬ ‫‪‬‬ ‫‪channel-group # mode auto‬‬ ‫ﺗﺨﺼﯿﺺ ﺷﻤﺎره ‪ channel-group‬و ﺣﺎﻟﺖ ‪ PAgP‬و ﻣﺎﻧﺪن در ﺣﺎﻟﺖ اﻧﺘﻈﺎر ﺟﻬﺖ اﯾﺠﺎد ﮐﺎﻧﺎل ﺑﺎ ﻃﺮف دوﻣﯽ‬ ‫‪ Desirable‬اﺳﺖ‬ ‫ﮐﻪ در ﺣﺎﻟﺖ ‪ Desirable‬اﺳﺖ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 1/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬و 02 ‪ Vlan‬در ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و 2‪SW‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در 2‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫092 ‪Page 158 of‬‬
  • 160.
    SW1,SW2 ‫ ﻣﺎﺑﯿﻦ‬PAgPEtherchannel ‫ﺗﺼﻮﯾﺮ 1.6.4.-اﯾﺠﺎد‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ PAgP Desirable ‫ در ﺣﺎﻟﺖ‬SW1 ‫ در‬Fa0/12,Fa0/11,Fa0/10 ‫ﻗﺮار دادن‬ PAgP Auto ‫ در ﺣﺎﻟﺖ‬SW2 ‫ در‬Fa0/12,Fa0/11,Fa0/10 ‫ﻗﺮار دادن‬ ping ‫ از ﻃﺮﯾﻖ‬R2 ‫ و‬R1 ‫ﺗﺴﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﯿﻦ‬    ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ ، اداﻣﻪ آزﻣﺎش را ﺑﺮ ﻣﺒﻨﺎي وﺟﻮد دو دﺳﺘﮕﺎه‬PAgP ‫ از ﻗﺎﺑﻠﯿﺖ‬NM-16ESW ‫از آﻧﺠﺎﯾﯽ ﮐﻪ ﻣﺎژول‬ ‫ﺳﻮﯾﯿﭻ واﻗﻌﯽ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ Desirable ‫ ﺟﻬﺖ ﻗﺮار ﮔﺮﻓﺘﻦ در ﺣﺎﻟﺖ‬SW1 ‫ در‬Fa0/12,Fa0/11,Fa0/10 ‫1. ﺗﻨﻈﯿﻢ ﺳﻪ اﯾﻨﺘﺮﻓﯿﺲ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface range f0/10 - 12 SW1(config-if-range)#channel-group 1 mode desirable Page 159 of 290
  • 161.
    Creating a port-channelinterface Port-channel 1 SW1(config-if-range)#no shut SW1(config-if-range)#end SW1# ‫ . در اﯾﻦ ﺣﺎﻟﺖ‬Auto ‫ ﺟﻬﺖ ﻗﺮار ﮔﺮﻓﺘﻦ در ﺣﺎﻟﺖ‬SW1 ‫ در‬Fa0/12,Fa0/11,Fa0/10 ‫1. ﺗﻨﻈﯿﻢ ﺳﻪ اﯾﻨﺘﺮﻓﯿﺲ‬ ‫ ﺑﺎﺷﺪ‬Desirable ‫ﺗﻨﻬﺎ زﻣﺎﻧﯽ ﮐﺎﻧﺎل ﺑﺮﻗﺮار ﺧﻮاﻫﺪ ﺷﺪ ﮐﻪ ﻃﺮف دوم در ﺣﺎﻟﺖ‬ configuration mode as shown below; SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#interface range f0/10 - 12 SW2(config-if-range)#channel-group 1 mode auto Creating a port-channel interface Port-channel 1 SW2(config-if-range)#no shut SW2(config-if-range)#end SW2# EtherChannel ‫2. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﻣﺎﺑﯿﻦ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺷﺮﮐﺖ ﮐﻨﻨﺪه در‬ SW1#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M u w d - not in use, minimum links not met unsuitable for bundling waiting to be aggregated default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------------1 Po1(SU) PAgP Fa0/10(P) Fa0/11(P) Fa0/12(P) SW1# R1,R2 ‫3. ﺗﺴﺖ ﻓﻌﺎل ﺑﻮدن ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ‬ Page 160 of 290
  • 162.
    R1#ping 10.1.1.2 Type escapesequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms R1# Page 161 of 290
  • 163.
    ‫آزﻣﺎﯾﺶ 6.4 –ﺗﻨﻈﻤﯿﺎت ‪Etherchannel LACP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ EtherChannel‬داﯾﻨﺎﻣﯿﮏ از ﻃﺮﯾﻖ ﭘﺮوﺗﮑﻞ ﻋﻤﻮﻣﯽ ‪ IEEE‬ﺑﻪ ﻧﺎم ‪LACP‬‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫‪ LACP‬داراي دو ﺣﺎﻟﺖ راه اﻧﺪازي اﺳﺖ ، ‪ Active‬و ‪ .Passive‬ﺣﺎﻟﺖ ‪ LACP active‬ﺑﻪ ﺻﻮرت ﯾﮑﻄﺮﻓﻪ و ﺑﺪون‬ ‫ﻗﯿﺪ وﺷﺮط ‪ EtherChannel‬داﯾﻨﺎﻣﯿﮏ را ﺑﺮﻗﺮار ﻣﯿﮑﻨﺪ در ﺣﺎﻟﯽ ﮐﻪ ﺣﺎﻟﺖ ‪ passive‬ﻫﻨﮕﺎﻣﯽ ﮐﺎﻧﺎل را ﺑﺮﻗﺮار ﻣﯿﮑﻨﺪ‬ ‫ﮐﻪ ﻃﺮف دوم ﮐﺎﻧﺎل در ﺣﺎﻟﺖ اﮐﺘﯿﻮ و در ﺣﺎل ﺗﻼش ﺑﺮاي ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ﺑﺎﺷﺪ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮرات زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫‪channel-group # mode active‬‬ ‫ﺗﺨﺼﯿﺺ ‪ channel-group‬و ﺣﺎﻟﺖ ‪ LACP Active‬ﺑﻪ ﮔﺮوه اﯾﻨﺘﺮﻓﯿﺲ اﻧﺘﺨﺎب ﺷﺪه و اﻗﺪام ﺑﻪ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل‬ ‫‪ ،LACP‬در ﺻﻮرﺗﯿﮑﻪ ﻃﺮف ﻣﻘﺎﺑﻞ در ﺣﺎﻟﺖ ‪ Active‬ﯾﺎ ‪ Passive‬ﻧﺒﺎﺷﺪ ﮐﺎﻧﺎل ﺑﺮﻗﺮار ﻧﻤﯿﺸﻮد‬ ‫‪channel-group # mode passive‬‬ ‫ﺗﺨﺼﯿﺺ ‪ channel-group‬و ﺣﺎﻟﺖ ‪ ، LACP Passive‬اﯾﻦ ﺣﺎﻟﺖ ﮔﻮش ﺑﻪ زﻧﮓ درﯾﺎﻓﺖ ‪ LACP packe‬از ﻃﺮف‬ ‫دوم ﮐﺎﻧﺎل ﻣﯽ ﺑﺎﺷﺪ و در ﺻﻮرت ‪ Active‬ﺳﺖ ﻧﺸﺪن ﻃﺮف دوم ، ﮐﺎﻧﺎل ﺑﺮﻗﺮار ﻧﻤﯿﺸﻮد‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.1.1.01 ﺑﻪ 1/0‪ Fa‬روﺗﺮ 2‪R‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ Vlan‬و 02 ‪ Vlan‬در ﺳﻮﯾﯿﭽﻬﺎي 1‪ SW‬و 2‪SW‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﻧﺘﺴﺎب 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫اﻧﺘﺴﺎب 2/0‪ Fa‬در 2‪ SW‬ﺑﻪ 01 ‪Vlan‬‬ ‫092 ‪Page 162 of‬‬
  • 164.
    ‫ﺗﺼﻮﯾﺮ 1.7.4.-اﯾﺠﺎد ‪LACP Etherchannel‬ﻣﺎﺑﯿﻦ 2‪SW1,SW‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻗﺮار دادن 01/0‪ Fa0/12,Fa0/11,Fa‬در 1‪ SW‬در ﺣﺎﻟﺖ ‪LACP Active‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ 01/0‪ Fa0/12,Fa0/11,Fa‬ﺟﻬﺖ ﺗﺸﮑﯿﻞ ﮐﺎﻧﺎل ‪ LACP‬در ﺻﻮرﺗﯿﮑﻪ ﻃﺮف دوم اﻣﺎده اﯾﺠﺎد ﮐﺎﻧﻞ‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل ‪LACP‬‬ ‫ﺑﺎﺷﺪ‬ ‫‪‬‬ ‫ﺗﺴﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 2‪ R1,R‬از ﻃﺮﯾﻖ ﮐﺎﻧﺎل ﭘﺪﯾﺪ آﻣﺪه‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫از آﻧﺠﺎﯾﯽ ﮐﻪ ﻣﺎژول ‪ NM-16ESW‬از ﻗﺎﺑﻠﯿﺖ ‪ PAgP‬ﭘﺸﺘﯿﺒﺎﻧﯽ ﻧﻤﯿﮑﻨﺪ ، اداﻣﻪ آزﻣﺎش را ﺑﺮ ﻣﺒﻨﺎي وﺟﻮد دو دﺳﺘﮕﺎه‬ ‫ﺳﻮﯾﯿﭻ واﻗﻌﯽ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ ‫1. ﻗﺮار دادن 01/0‪ Fa0/12,Fa0/11,Fa‬در 1‪ SW‬در ﺣﺎﻟﺖ ‪LACP Active‬‬ ‫‪SW1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫092 ‪Page 163 of‬‬
  • 165.
    SW1>enable SW1#configure terminal Enter configurationcommands, one per line. End with CNTL/Z. SW1(config)#interface range f0/10 - 12 SW1(config-if-range)#no shut SW1(config-if-range)#channel-group 1 mode active Creating a port-channel interface Port-channel 1 SW1(config-if-range)#end SW1# ‫ در ﺻﻮرﺗﯿﮑﻪ ﻃﺮف دوم اﻣﺎده اﯾﺠﺎد ﮐﺎﻧﻞ‬LACP ‫ ﺟﻬﺖ ﺗﺸﮑﯿﻞ ﮐﺎﻧﺎل‬Fa0/12,Fa0/11,Fa0/10 ‫2. ﮐﺎﻧﻔﯿﮓ‬ ‫ﺑﺎﺷﺪ‬ SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#interface range f0/10 - 12 SW2(config-if-range)#no shut SW2(config-if-range)#channel-group 1 mode passive Creating a port-channel interface Port-channel 1 SW2(config-if-range)#end SW2# LACP ‫3. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ﮐﺎﻧﺎل‬ SW1#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M u w d - not in use, minimum links not met unsuitable for bundling waiting to be aggregated default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------- Page 164 of 290
  • 166.
    1 Po1(SU) LACP Fa0/10(P) Fa0/11(P) Fa0/12(P) SW1# ‫ از ﻃﺮﯾﻖﮐﺎﻧﺎل ﭘﺪﯾﺪ آﻣﺪه‬R1,R2 ‫4. ﺗﺴﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ‬ R1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms R1# Page 165 of 290
  • 167.
    ‫آزﻣﺎﯾﺶ 8.4 –ﺗﻨﻈﯿﻤﺎت اﯾﻨﺘﺮﻓﯿﺲ ‪Portchannel‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ port-channel‬ﮐﻪ ﻣﺴﺘﻘﯿﻤﺎ واﺑﺴﺘﻪ ﺑﻪ ﺷﻤﺎره ‪ Channel group‬اﺳﺖ‬ ‫ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ در آزﻣﺎﯾﺸﺎت ﮔﺬﺷﺘﻪ ﺑﺎ ﻣﻔﻬﻮم ‪ Etherchannel‬آﺷﻨﺎ ﺷﺪﯾﻢ دﯾﺪﯾﻢ ﮐﻪ ﮔﺮوﻫﯽ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﯿﺰﯾﮑﯽ‬ ‫ﺑﺎ ﻫﻢ ﺗﺮﮐﯿﺐ ﻣﯽ ﺷﻮﻧﺪ و اﯾﻨﺘﺮﻓﯿﺴﯽ ﻣﺠﺎزي ﺑﻪ ﻧﺎم اﯾﻨﺘﺮﻓﯿﺲ ‪ port-channel‬را ﭘﺪﯾﺪ ﻣﯽ آورﻧﺪ ﮐﻪ ﺑﺎ ﯾﮏ ﺷﻤﺎره‬ ‫ﻣﺸﺨﺺ ﻣﯿﺸﻮد.‬ ‫‪ Port-Channel‬در رده اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻣﺠﺎزي ﻗﺮار ﻣﯿﮕﯿﺮد و ﺑﯿﺎﻧﮕﺮ ﻣﺴﯿﺮي اﺳﺖ ﮐﻪ ﺗﺮاﻓﯿﮏ ﻋﺒﻮري از ﮔﺮوه ﭘﻮرﺗﻬﺎي‬ ‫‪ etherchannel‬از آن ﻋﺒﻮر ﻣﯿﮑﻨﺪ.ﻫﺮ دﺳﺘﻮري ﮐﻪ ﺟﻬﺖ ﭘﯿﮑﺮﺑﻨﺪي ‪ Port-Channel‬ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﮔﯿﺮد ﻋﻤﻼ‬ ‫روي ﻫﻤﻪ ﭘﻮرﺗﻬﺎﯾﯽ ﮐﻪ ﭘﺪﯾﺪ آورﻧﺪه ‪ channel-group‬ﻫﺴﺘﻨﺪ اﻋﻤﺎل ﻣﯿﺸﻮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮر زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫# ‪interface port-channel‬‬ ‫ﭘﺲ از اﺟﺮاي آن در ﻣﺤﯿﻂ ﮐﺎﻧﻔﯿﮓ اﯾﻨﺘﺮﻓﯿﺲ # ‪ Port-Channel‬ﻗﺮار ﺧﻮاﻫﯿﻢ ﮔﺮﻓﺖ و از ﻃﺮﯾﻖ ان ﮐﻠﯿﻪ‬ ‫اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺷﺮﮐﺖ ﮐﻨﻨﺪه در ﮐﺎﻧﺎل ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن اﻋﻤﺎل ﮐﺎﻧﻔﯿﮓ ﺧﻮاﻫﻨﺪ ﺷﺪ !‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻗﺮار دادن 01/0‪ Fa0/12,Fa0/11,Fa‬در ﻫﺮدو ﺳﻮﯾﯿﭻ در ﺣﺎﻟﺖ ‪ EtherChannel‬ﺑﺪون ﺷﺮط و ﻣﺴﺘﻘﯿﻢ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ ﺷﻤﺎره 1 ﺑﻪ ‪channel-group‬‬ ‫092 ‪Page 166 of‬‬
  • 168.
    ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ درﻫﺮدو ﺳﻮﯾﯿﭻ در ﻣﺪ ﺗﺮاﻧﮏ‬Port-Channel1 ‫ﻗﺮار دادن‬  ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﻓﻮق روي ﺗﮏ ﺗﮏ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﻌﺎل در ﮐﺎﻧﺎل‬  Port-Channel1 ‫ﺧﺎﻣﻮش ﮐﺮدن‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت ﻓﻮق روي ﺗﮏ ﺗﮏ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﻌﺎل در ﮐﺎﻧﺎل‬   ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ در ﻫﺮدو ﺳﻮﯾﯿﭻ در ﻣﺪ ﺗﺮاﻧﮏ و ﺗﺴﺖ ﺻﺤﺖ اﻋﻤﺎل ﺗﺮاﻧﮏ روي ﻫﺮ ﺳﻪ‬Port-Channel1 ‫ﻗﺮار دادن‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ﺳﻮﯾﯿﭻ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per SW1(config)#interface port-channel 1 SW1(config-if)#switchport mode trunk %EC-5-UNBUNDLE: Interface Fa0/10 left %EC-5-UNBUNDLE: Interface Fa0/11 left %EC-5-UNBUNDLE: Interface Fa0/12 left %EC-5-BUNDLE: Interface Fa0/12 joined %EC-5-BUNDLE: Interface Fa0/11 joined %EC-5-BUNDLE: Interface Fa0/10 joined Page 167 of 290 line. End with CNTL/Z. the port-channel Po1 the port-channel Po1 the port-channel Po1 port-channel Po1 port-channel Po1 port-channel Po1 
  • 169.
    %DTP-5-TRUNKPORTON: Port Fa0/10-12has become dot1q trunk %LINK-3-UPDOWN: Interface Port-channel1, changed state to up SW1(config-if)#end SW1#show run ! interface FastEthernet0/10 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/11 switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/12 switchport mode trunk channel-group 1 mode on ! SW1# ‫ ،اﺑﺘﺪا اﻋﻀﺎي ﺗﺸﮑﯿﻞ دﻫﻨﺪه آﻧﺮا‬Port-Channel 1 ‫ روي‬Trunk ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﺪ ﭘﺲ از اﺟﺮاي دﺳﺘﻮر‬ ‫ ﺑﺮ ﻣﯿﮕﺮدﻧﺪ‬channel-group ‫ﺗﺮك ﻣﯿﮑﻨﻨﺪ و ﭘﺲ از درﯾﺎﻓﺖ ﺗﻨﻈﯿﻤﺎت ﻣﺠﺪدا ﺑﻪ‬ ‫ و ﺑﺮرﺳﯽ وﺿﻌﯿﺖ ﭘﻮرﺗﻬﺎي ﺗﺸﮑﯿﻞ دﻫﻨﺪه ﮔﺮوه ﭘﺲ از آن‬Port-Channel1 ‫2. ﺧﺎﻣﻮش ﮐﺮدن‬ SW1 con0 is now available Press RETURN to get started. SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface port-channel 1 SW1(config-if)#shutdown %EC-5-UNBUNDLE: Interface Fa0/10 left the port-channel Po1 %EC-5-UNBUNDLE: Interface Fa0/11 left the port-channel Po1 %EC-5-UNBUNDLE: Interface Fa0/12 left the port-channel Po1 %DTP-5-NONTRUNKPORTON: Port Fa0/10-12 has become non-trunk SW1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down %LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down %LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down %LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down SW1(config-if)# %LINK-5-CHANGED: Interface Port-channel1, changed state to administratively down SW1(config-if)#do show run ! interface FastEthernet0/10 switchport mode trunk shutdown Page 168 of 290
  • 170.
    channel-group 1 modeon ! interface FastEthernet0/11 switchport mode trunk shutdown channel-group 1 mode on ! interface FastEthernet0/12 switchport mode trunk shutdown channel-group 1 mode on ! SW1# Page 169 of 290
  • 171.
    ‫آزﻣﺎﯾﺶ 9.4 –ﺗﻨﻈﯿﻤﺎت دﺳﺘﻨﯽ ‪ARP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت دﺳﺘﯽ رﮐﻮردﻫﺎي ‪ ARP‬در ﺳﻮﯾﯿﭻ ﻫﺎ و روﺗﺮﻫﺎ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺑﻪ ﻣﻨﻈﻮر ﺑﺮﻗﺮاري ﯾﮏ ارﺗﺒﺎط ﻻﯾﻪ دو ﯾﺎ ﻻﯾﻪ ﺳﻪ اي ، ﺳﻮﯾﯿﭽﻬﺎ و روﺗﺮﻫﺎ ﻧﯿﺎزﻣﻨﺪ ﯾﮏ ﺟﺪول اﻃﻼﻋﺎﺗﯽ ﺣﺎوي ﻧﮕﺎﺷﺖ‬ ‫ﯾﮏ ﺑﻪ ﯾﮏ ‪ Ip‬ﻫﺎ و ‪ Mac Address‬ﻫﺎ ﺑﺎ ﯾﮑﺪﯾﮕﺮ ﻫﺴﺘﻨﺪ. ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل 1‪ R‬ﻣﯿﺨﻮاﻫﺪ ﮐﻪ ﺑﺎ 2‪ R‬ارﺗﺒﺎط ﺑﺮﻗﺮار‬ ‫ﮐﻨﺪ،ﺑﻪ ﻫﻤﯿﻦ ﺧﺎﻃﺮ در وﺣﻠﻪ اول ﯾﮏ درﺧﻮاﺳﺖ ‪ ARP‬ارﺳﺎل ﻣﯿﮑﻨﺪ ﺗﺎ ‪ Mac‬آدرس 42/2.1.1.01 را از ﺷﺒﮑﻪ اﺧﺬ‬ ‫ﮐﻨﺪ و ﭘﺲ از درﯾﺎﻓﺖ اﯾﻦ اﻃﻼﻋﺎت از ﺷﺒﮑﻪ آﻧﻬﺎ را در ‪ ARP Table‬ﺧﻮد ذﺧﯿﺮه ﻣﯿﮑﻨﺪ. ﭘﺲ از اﯾﻦ ﻣﺮﺣﻠﻪ 1‪ R‬از‬ ‫‪ Mac‬آدرس ﻣﻘﺼﺪ آﮔﺎه ﺧﻮاﻫﺪ ﺷﺪ و از آن در ﻓﺮم دﻫﯽ ﻓﺮﯾﻤﻬﺎي ارﺳﺎﻟﯽ ﺑﻪ ﻣﻘﺼﺪ اﺳﺘﻔﺎده ﺧﻮاﻫﺪ ﮐﺮد ﺑﻪ اﯾﻦ ﺷﮑﻞ‬ ‫ﮐﻪ 1‪ R‬ﭘﮑﺘﯽ را ﺑﺎ آدرس و ﻣﮏ آدرس 2‪ R‬ارﺳﺎل ﻣﯿﮑﻨﺪ، ﻫﻨﮕﺎﻣﯽ ﺳﻮﯾﯿﭻ ﻣﺤﻠﯽ ﻓﺮﯾﻢ را درﯾﺎﻓﺖ ﻣﯿﮑﻨﺪ ﻣﮏ آدرس‬ ‫ﻣﻘﺼﺪ را اﺳﺘﺨﺮاج ﻧﻤﻮده و ﺑﻪ دﻧﺒﺎل آن در ﺟﺪول ﻣﮏ ﺧﻮد ﻣﯽ ﮔﺮدد .ﭘﺲ از ﯾﺎﻓﺘﻦ ﻣﮏ آدرس و ﺳﻮﯾﯿﭻ ﭘﻮرت ﻣﺘﻨﺎﻇﺮ‬ ‫ﺑﺎ آن، ﻓﺮﯾﻢ درﯾﺎﻓﺘﯽ را ﺑﻪ اﯾﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ ﻓﻮروارد ﻣﯿﮑﻨﺪ. اﻣﺎ ﺑﺮﺧﯽ اوﻗﺎت ‪ ARP‬ﭘﺎﺳﺨﮕﻮي رﻓﻊ اﯾﻦ ﻧﯿﺎز ﻧﯿﺴﺖ و‬ ‫ﺑﺎﯾﺪ از راه ﺣﻞ دﯾﮕﺮي ﺑﻬﺮه ﺟﺴﺖ .‬ ‫ﻣﻮاردي وﺟﻮد دارﻧﺪ ﮐﻪ ﺑﻨﺎ ﺑﻪ دﻻﯾﻠﯽ روﺗﺮ/ﺳﻮﯾﯿﭻ ﻧﻤﯿﺘﻮاﻧﺪ ﻣﮏ آدرس ﻫﺎ را از ادوات ﻣﺘﺼﻞ ﺑﻪ ﺻﻮرت ﻣﺴﺘﻘﯿﻢ ﯾﺎ ﻏﯿﺮ‬ ‫ﻣﺴﺘﻘﯿﻢ درﯾﺎﻓﺖ ﮐﻨﺪ ﻣﺎﻧﻨﺪ ﻣﺎﺷﯿﻨﻬﺎي ﻣﺠﺎزي ﯾﺎ دﺳﺘﮕﺎﻫﯽ ﮐﻪ ﺑﻨﺎ ﺑﻪ ﺗﻨﻈﯿﻤﺎﺗﺸﺎن ﺑﻪ درﺧﻮاﺳﺘﻬﺎي ‪ ARP‬ﭘﺎﺳﺦ‬ ‫ﻧﻤﯿﺪﻫﺪ در ﭼﻨﯿﻦ ﻣﻮاردي ﺑﻪ ﻃﻮر دﺳﺘﯽ رﮐﻮرد ﻣﺮﺑﻮط ﺑﻪ ‪ Static arp entry‬را در ﺳﻮﯾﯿﭻ/روﺗﺮ وارد ﻣﯿﮑﻨﯿﻢ ﺗﺎ‬ ‫اﻟﺰاﻣﺎت اوﻟﯿﻪ ﺟﻬﺖ ارﺗﺒﺎط ﻻﯾﻪ دوﯾﯽ ﺑﺎ دﺳﺘﮕﺎه ﻣﻘﺼﺪ ﻓﺮاﻫﻢ ﺷﻮد. در ﺻﻮرﺗﯿﮑﻪ ﻓﺮﯾﻤﯽ ﺑﺎ ﺳﻤﺖ ﻣﮏ آدرﺳﯽ‬ ‫ﻧﺎﻣﻌﺘﺒﺮ)ﻏﯿﺮ ﻣﻮﺟﻮد در ﺟﺪول ﻣﮏ آدرس ﺳﻮﯾﯿﭻ( ارﺳﺎل ﺷﻮد ﺳﻮﯾﯿﭻ ﻓﺮﯾﻢ را ﺑﻪ ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﻻﯾﻪ دو ﺧﻮد ارﺳﺎل‬ ‫ﻣﯿﮑﻨﺪ و ﺑﻪ ﺟﺰ ﭘﻮرﺗﯽ ﮐﻪ ﻓﺮﯾﻢ را از آن درﯾﺎﻓﺖ ﮐﺮده اﺳﺖ اﯾﻦ ﭘﺪﯾﺪه ﺑﺎﻋﺚ اﺗﻼف ﭼﺸﻢ ﮔﯿﺮ ﻣﻨﺎﺑﻊ در ﺷﺒﮑﻪ ﻫﺎي ﺑﺎ‬ ‫ﻃﺮاﺣﯽ ﻏﯿﺮ ﺑﻬﯿﻨﻪ و ﻧﺎردﺳﺖ ﺧﻮاﻫﺪ ﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮر ﺟﺪﯾﺪ زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫‪arp ip.ip.ip.ip 0123.4567.89ab arpa‬‬ ‫ﺑﺎ اﺟﺮاي اﯾﻦ دﺳﺘﻮر ﯾﮏ ‪ static arp entry‬در ﺟﺪول ﻣﮏ آدرس ﺗﺰرﯾﻖ ﺧﻮاﻫﺪ ﺷﺪ‬ ‫‪show arp‬‬ ‫ﺟﻬﺖ ﻧﻤﺎﯾﺶ ﻣﺤﺘﻮاي ﺟﺪول ‪ ARP‬ﺑﻪ ﮐﺎر ﻣﯽ رود‬ ‫092 ‪Page 170 of‬‬
  • 172.
    ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ GNS3‫اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ ﯾﮏ دﺳﺘﮕﺎه روﺗﺮ در ﻣﺤﯿﻂ‬  ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ 00ac.a1f3.01ab ‫ ﺑﺎ آدرس 52.1.1.01و ﻣﮏ‬static arp entry ‫ﺛﺒﺖ ﯾﮏ‬ show arp ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺛﺒﺖ آن ﺑﺎ اﺳﺘﻔﺎده از‬   ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ 00ac.a1f3.01ab ‫ ﺑﺎ آدرس 52.1.1.01و ﻣﮏ‬static arp entry ‫1. ﺛﺒﺖ ﯾﮏ‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#arp 10.1.1.25 00ac.a1f3.01ab arpa R1(config)#end R1# show arp ‫2. ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺛﺒﺖ آن ﺑﺎ اﺳﺘﻔﺎده از‬ R1#show arp Protocol Address Internet 10.1.1.1 Internet 10.1.1.25 R1# Age (min) - Hardware Addr ca00.0d78.0008 00ac.a1f3.01ab Type ARPA ARPA Interface FastEthernet0/0 ‫00 اﺳﺘﻔﺎده ﺧﻮاﻫﺪ‬ac.a1f3.01ab ‫ ارﺳﺎل ﻣﯿﮑﻨﺪ ازﻣﮏ آدرس‬R2 ‫ ﺗﺮاﻓﯿﮑﯽ را ﺑﻪ ﺳﻤﺖ‬R1 ‫ﭘﺲ از اﯾﻦ ﻫﻨﮕﺎﻣﯽ ﮐﻪ‬ ‫ ﺛﺒﺖ ﺷﺪه‬Static ARP entry ‫ ﻣﻨﺎﺳﺐ ﻫﻢ درﯾﺎﻓﺖ ﮐﻨﺪ ﺑﺎز‬ARP ‫ ﭘﺎﺳﺦ‬R2 ‫ﮐﺮد .در اﯾﻦ ﺣﺎﻟﺖ ﺣﺘﯽ اﮔﺮ از ﺳﻤﺖ‬ ‫ﺗﻮﺳﻂ ادﻣﯿﻦ ﺣﺎﺋﺰ اوﻟﻮﯾﺖ ﺧﻮاﻫﺪ ﺑﻮد‬ Page 171 of 290
  • 173.
    ‫آزﻣﺎﯾﺶ 01.4 –ﺗﻨﻈﯿﻤﺎت ‪VTP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت ﭘﺎﯾﻪ و ﻧﮑﺎت اﻣﻨﯿﺘﯽ ‪ VTP‬ﺟﻬﺖ اﻧﺘﺸﺎر ﺗﻌﺮﯾﻒ ‪ VLAN‬ﻫﺎ از ﯾﮏ ﺳﻮﯾﯿﭻ ﻣﺮﮐﺰي‬ ‫ﺑﻪ ﮐﻠﯿﻪ ﺳﻮﯾﯿﭽﻬﺎي ﻣﻮﺟﻮد در آن ﺷﺒﮑﻪ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﯾﮑﯽ از ﻓﻌﺎﻟﯿﺘﻬﺎي وﻗﺖ ﮔﯿﺮ وﺳﺨﺖ در ﺷﺒﮑﻪ ﻫﺎي ﺑﺰرﮔﯽ ﮐﻪ از ﺗﻌﺪاد زﯾﺎدي ﺳﻮﯾﯿﭻ ﺗﺸﮑﯿﻞ ﯾﺎﻓﺘﻪ اﻧﺪ ﺗﻌﺮﯾﻒ و ﻣﺪﯾﺮﯾﺖ‬ ‫‪ Vlan‬ﻫﺎ ﺑﻪ ﻃﻮر ﻣﺠﺰا در ﺗﮏ ﺗﮏ اﯾﻦ ادوات ﻣﯽ ﺑﺎﺷﺪ. از اﯾﻨﺮو و ﺑﻪ ﻣﻨﻈﻮر ﺣﻞ اﯾﻦ ﻣﺸﮑﻞ ‪VLAN Trunking‬‬ ‫‪ Protocol‬ﯾﺎ ﺑﻪ ﻃﻮر اﺧﺘﺼﺎر ‪ VTP‬ﺟﻬﺖ اﻧﺘﺸﺎر ﺗﻌﺮﯾﻒ ‪ Vlan‬ﻫﺎ از ﻃﺮﯾﻖ ﯾﮏ ﺳﻮﯾﯿﭻ ﻣﺮﮐﺰي ﺑﻪ ﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎ‬ ‫ﻣﺸﺎﺑﻪ ﺣﺎﻟﺖ ﮐﻼﯾﻨﺖ ﺳﺮوري ﻣﻌﺮﻓﯽ ﺷﺪ .‬ ‫‪ VTP Server‬در ﻋﻤﻞ ﯾﮏ ﻧﻘﻄﻪ ﻣﺪﯾﺮﯾﺖ ﻣﺮﮐﺰي در ﺷﺒﮑﻪ ﺟﻬﺖ ﺗﻮزﯾﻊ ‪ Vlan‬ﻫﺎ ﻣﺤﺴﻮب ﻣﯽ ﺷﻮد ﺑﻪ اﯾﻦ ﻣﻌﻨﺎ ﮐﻪ‬ ‫‪ Vlan‬ﻫﺎي ﺳﺎﺧﺘﻪ ﺷﺪه در اﯾﻦ ﺳﻮﯾﯿﭻ ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن در ﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎي ﻋﻀﻮ ‪ Vtp domain‬ﺗﻮزﯾﻊ‬ ‫ﻣﯿﺸﻮﻧﺪ.ﺗﻌﺮﯾﻒ ‪ Vtp domain‬را ﻫﻢ ﺑﻪ ﺻﻮرت ﻣﺠﻤﻮﻋﻪ اي از ﺳﻮﯾﯿﭽﻬﺎ ﺑﺎ ﺗﻌﺮﯾﻒ ﯾﮑﺴﺎن ‪ Vlan‬ﻫﺎ در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ.ﺑﻪ‬ ‫ﻋﻨﻮان ﻣﺜﺎل ﯾﮏ ﻣﺠﺘﻤﻊ ﺑﺰرگ داﻧﺸﮕﺎﻫﯽ را در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ ﮐﻪ در آن ﻣﻌﻤﺎري 3ﻻﯾﻪ ﺷﺒﮑﻪ ﺑﻪ ﻃﻮر ﮐﺎﻣﻞ ﭘﯿﺎده ﺳﺎزي‬ ‫ﺷﺪه اﺳﺖ،در اﯾﻦ ﻃﺮاﺣﯽ ‪Vtp‬ﺳﺮور ﺳﻮﯾﯿﭻ ﻻﯾﻪ ﺗﻮزﯾﻊ ﺧﻮاﻫﺪ ﺑﻮد. در اﻏﻠﺐ ﻣﻮارد ﻧﻘﺶ ‪ VTP‬ﺳﺮور را ﺳﻮﯾﯿﭽﯽ ﺑﻪ‬ ‫ﻋﻬﺪه ﻣﯿﯿﮕﯿﺮد ﮐﻪ ﻗﺎﺑﻠﯿﺖ اﻓﺰوﻧﮕﯽ ﯾﺎ ‪ redundancy‬را ﺑﺮاي ﺳﻮﯾﯿﭽﻬﺎ ﻻﯾﻪ اﮐﺴﺲ ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ در ﺷﺒﮑﻪ ﻫﺎي‬ ‫ﮐﻮﭼﮑﺘﺮ ﮐﻪ ﻻﯾﻪ ﺗﻮزﯾﻊ وﺟﻮد ﻧﺪارد اﯾﻦ ﻣﺴﺌﻮﻟﯿﺖ ﺑﻪ ﻋﻬﺪه ﺳﻮﯾﯿﭻ ﻣﺮﮐﺰي آن ﺷﺒﮑﻪ ﺧﻮاﻫﺪ ﺑﻮد.‬ ‫در ﺣﺎل ﺣﺎﺿﺮ ﺳﻪ ﻧﮕﺎرش از ‪ Vtp‬اراﺋﻪ ﺷﺪه اﺳﺖ ﮐﻪ در اداﻣﻪ ﺑﻪ آﻧﻬﺎ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫‪‬‬ ‫1 ‪ :Vtp version‬ﻧﺴﺨﻪ اوﻟﯿﻪ و ﻗﺪﯾﻤﯽ ﺑﺎ وﯾﮋﮔﯿﻬﺎ ﺳﺎده اي ﻫﻤﭽﻮن ﺗﻨﻈﯿﻢ ﺳﻮﯾﯿﭻ ﺑﻪ ﻋﻨﻮان ‪ Vtp‬ﺳﺮور‬ ‫‪‬‬ ‫2 ‪ :Vtp version‬ﻗﺎﺑﻠﯿﺘﻬﺎي 1‪ Vtp‬ﺑﻪ اﺿﺎﻓﻪ ﭘﺸﺘﯿﺒﺎﻧﯽ از ﺗﻮﮐﻦ رﯾﻨﮓ ‪ Vlan‬و ‪ Vtp pruning‬اﮔﺮ ﻫﯿﭻ ﯾﮏ‬ ‫‪‬‬ ‫3 ‪:Vtp version‬اﯾﻦ ﻧﺴﺨﻪ داراي ﻣﺸﺨﺼﻪ ﻫﺎي ﭘﺮ رﻧﮓ ﺗﺮي ﻧﺴﺒﺖ ﺑﻪ ﻧﺴﺨﻪ ﻫﺎي ﻗﺒﻠﯽ اﺳﺖ و آﻧﺮا ﺑﻪ‬ ‫، ‪Vtp‬ﮐﻼﯾﻨﺖ،‪ VTP Mode OFF ، Vtp transparent‬ﮐﻪ ﺑﻪ ﻃﻮر ﮐﺎﻣﻞ ‪ Vtp‬را ﻏﯿﺮ ﻓﻌﺎل ﻣﯿﮑﻨﺪ.‬ ‫از اﯾﻦ ﻣﺸﺨﺼﻪ ﻫﺎ در ﺷﺒﮑﻪ اي ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻧﻤﯿﮕﯿﺮد ﻟﺰوﻣﯽ ﺑﻪ ارﺗﻘﺎ از ﻧﺴﺨﻪ ﯾﮏ ﺑﻪ دو وﺟﻮد ﻧﺪارد‬ ‫ﻋﻨﻮان اوﻟﯿﻦ اﻧﺘﺨﺎب در ﺷﺒﮑﻪ ﻫﺎي ﺑﺰرگ ﺗﺒﺪﯾﻞ ﻣﯿﮑﻨﺪ.اﯾﻦ ﻧﮕﺎرش از ﺗﻤﺎم رﻧﺞ ‪ IEEE VLAN‬ﯾﻌﻨﯽ 1 ﺗﺎ‬ ‫5904 ﻫﻤﯿﻨﻄﻮر اﻧﺘﺸﺎر اﻃﻼﻋﺎت ‪ Private Vlan‬ﻫﺎ را ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﺪ.ﻋﻼوه ﺑﺮ اﯾﻨﻬﺎ در ﻧﮕﺎرش ﺟﺪﯾﺪ ﺑﺎ‬ ‫اﻓﺰودن ﻗﺎﺑﻠﯿﺘﻬﺎﯾﯽ ﻫﻤﭽﻮن اﻧﺘﺨﺎب اﯾﻨﮑﻪ ﮐﺪام ﺳﻮﯾﯿﭽﻬﺎ ﺑﺘﻮاﻧﻨﺪ اﻃﻼﻋﺎت ‪ Vlan‬ﺳﺎﯾﺮﯾﻦ را ﺑﺮوز ﮐﻨﻨﺪ‬ ‫ﻫﻤﯿﻨﻄﻮر ﻗﺎﺑﻠﯿﺖ ﻓﻌﺎل/ﻏﯿﺮﻓﻌﺎل ﮐﺮدن ‪Vtp‬ﺑﺮ ﻣﺒﻨﺎي ﯾﮏ ﺗﺮاﻧﮏ ﺧﺎص و ﯾﺎ ﺗﺨﺼﯿﺺ ‪primary , backup‬‬ ‫ﺳﺮور ﺑﻪ ‪ Vtp‬ﺳﺮور اﻣﮑﺎﻧﺎت ﺑﯿﺸﺘﺮي را ﺟﻬﺖ ﻣﺪﯾﺮﯾﺖ ‪ Vtp domain‬ﺑﻪ راﻫﺒﺮ ﺷﺒﮑﻪ اراﺋﻪ ﻣﯿﺪﻫﺪ.‬ ‫092 ‪Page 172 of‬‬
  • 174.
    ‫اﮐﻨﻮن ﯾﮏ ﭘﻠﻪﺑﻪ ﻋﻘﺐ ﺑﺮﮔﺮدﯾﻢ . ﺣﺎﻟﺘﯽ را در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ ﮐﻪ ﻓﺮدي ﺳﻮﯾﯿﭽﯽ را ﺑﻪ ﺷﺒﮑﻪ ﻣﺎ ﻣﺘﺼﻞ ﻣﯿﮑﻨﺪ ﮐﻪ داراي‬ ‫ﻫﻤﺎن ‪ Vtp domain‬و ﻧﮕﺎرش ﺑﺎﻻﺗﺮي از ﭘﺎﯾﮕﺎه داده ‪Vtp‬ﺳﺮور ﺷﺒﮑﻪ ﻣﺎ اﺳﺖ ﭼﻪ اﺗﻔﺎﻗﯽ ﺧﻮاﻫﺪ اﻓﺘﺎد ؟ ﮐﻠﯿﻪ‬ ‫ﺗﻨﻈﯿﻤﺎت ‪ Vlan‬ﺷﺒﮑﻪ ﻣﺎ ﺑﺎ ﻧﺴﺨﻪ ﻣﻮﺟﻮد در اﯾﻦ ﭘﺎﯾﮕﺎه داده اﯾﻦ ‪ Vtp‬ﺳﺮور ﺟﺪﯾﺪ ﺟﺎﯾﮕﺰﯾﻦ ﺧﻮاﻫﺪ ﺷﺪ . ﺗﻌﺪادي از‬ ‫‪ Vlan‬ﻫﺎ ﺣﺬف ﺧﻮاﻫﻨﺪ ﺷﺪ ﺗﻌﺪاي ﺟﺪﯾﺪ اﺿﺎﻓﻪ ﺧﻮاﻫﻨﺪ ﺷﺪ و از اﯾﻦ دﺳﺖ ﻧﺘﯿﺠﻪ اﯾﻨﮑﻪ ﭘﻮرﺗﻬﺎي ﺑﯿﺮون اﻓﺘﺎده از‬ ‫‪ Vlan‬ﺑﻪ ﺻﻮرت ﺧﺎﻣﻮش ﺧﻮدﻧﻤﺎﯾﯽ ﺧﻮاﻫﻨﺪ ﮐﺮد. در ﻣﻮاﺟﻬﻪ ﺑﺎ ﭼﻨﯿﻦ اﺗﻔﺎﻗﯽ راﻫﺒﺮ ﺷﺒﮑﻪ دو ﮐﺎر ﺑﺴﯿﺎر ﻣﻬﻢ را‬ ‫ﻣﯿﺒﺎﯾﺴﺖ ﭘﺸﺖ ﺳﺮ ﻫﻢ اﻧﺠﺎم دﻫﺪ اﺑﺘﺪا ﺑﺮوزرﺳﺎﻧﯽ رزوﻣﻪ ﺧﻮد ﺳﭙﺲ اﺳﺘﻔﺎده از ‪ Vtp password‬ﺟﻬﺖ ﺟﻠﻮﮔﯿﺮي از‬ ‫وﻗﻮع ﻣﺠﺪد اﯾﻦ ﺑﺤﺮان.ﺑﺎ ﺗﻨﻄﯿﻢ ‪ Vtp password‬ﺗﻨﻬﺎ ﮐﻼﯾﻨﺘﻬﺎﯾﯽ اﻗﺪام ﺑﻪ اﺧﺬ ﺗﻨﻈﯿﻤﺎت از ﺳﺮور ﻣﯿﮑﻨﻨﺪ ﮐﻪ ﻫﻢ ﻧﺎم‬ ‫داﻣﻨﻪ و ﻫﻢ رﻣﺰ ﻋﺒﻮر ﯾﮑﺴﺎﻧﯽ ﺑﺎ ﻫﻢ داﺷﺘﻪ ﺑﺎﺷﻨﺪ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺴﻬﺎي 51/0‪ Fa0/13,Fa0/14,Fa‬در ﺳﻮﯾﯿﭽﻬﺎي 3‪SW2,SW‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 21/0‪ Fa0/10,Fa0/11,Fa‬در ﺳﻮﯾﯿﭽﻬﺎي 2‪ SW1,SW‬ﺟﻬﺖ اﯾﺠﺎد ‪ Etherchannel‬و ﺗﺮاﻧﮏ‬ ‫ﺗﻨﻈﯿﻢ 51/0‪ Fa0/13,Fa0/14,Fa‬در 1‪ SW‬و 21/0‪Fa0/10,Fa0/11,Fa‬در 3‪ SW‬ﺟﻬﺖ ﺑﺮﻗﺮاي‬ ‫‪ Etherchannel‬ﺑﺎ 2 ‪ channel-group‬و ﻗﺮار دادن آن در ﺣﺎﻟﺖ ﺗﺮاﻧﮏ‬ ‫092 ‪Page 173 of‬‬
  • 175.
    ‫ﺗﺼﻮﯾﺮ 1.01.4-ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‪VTP‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Vtp‬ﺳﺮور و ﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎ ﺑﻪ ﻋﻨﻮان ‪ Vtp client‬و ﺗﻨﻈﯿﻢ ‪ Vtp domain‬ﺑﻪ ‪cisco‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 01 ‪ vlan‬ﺑﻪ ﻧﺎم ‪ Development‬در ‪Vtp‬ﺳﺮور و ﺑﺮرﺳﯽ اﻧﺸﺘﺎر آن ﺳﻮﯾﯿﺠﻬﺎي دﯾﮕﺮ‬ ‫‪‬‬ ‫ﺗﻈﻨﯿﻢ ‪ Vtp‬ﺑﻪ ﻧﮕﺎرش 2 و اﻓﺰاﯾﺶ اﻣﻨﯿﺖ ‪ Vtp domain‬از ﻃﺮﯾﻖ ﺗﺨﺼﯿﺺ رﻣﺰ ﻋﺒﻮر 321$‪ Cisco‬ﺑﻪ آن‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺑﻪ دﻟﯿﻞ ﻣﺤﺪودﯾﺖ ﻫﺎي ﻣﺎژول ‪ Nm-16esw‬در 3‪ Gns‬دﺳﺘﻮرات اﯾﻦ آزﻣﺎﯾﺶ از ﻃﺮﯾﻖ 3 دﺳﺘﮕﺎه ﺳﻮﯾﯿﭻ واﻗﻌﯽ ﭘﯿﺎده‬ ‫ﺳﺎزي ﺷﺪه اﻧﺪ.‬ ‫092 ‪Page 174 of‬‬
  • 176.
    Vtp ‫ ﮐﻼﯾﻨﺖو ﺗﻨﻈﯿﻢ ﻧﺎم‬Vtp ‫ ﺑﻪ ﻋﻨﻮان‬SW2,SW3 ‫ﺳﺮور و ﭘﯿﮑﺮﺑﻨﺪي‬Vtp ‫ ﺑﻪ ﻋﻨﻮان‬SW1 ‫١. ﭘﯿﮑﺮﺑﻨﺪي‬ CISCO ‫ ﺑﻪ‬domain ‫ ﺑﺎﺷﺪ‬Vtp mode ‫ ﻣﯿﺒﺎﯾﺴﺖ ﻫﻤﺮاه ﺑﺎ ﺗﻨﻈﯿﻢ‬Vtp domain ‫ﺑﻪ ﺧﺎﻃﺮ داﺷﺘﻪ ﺑﺎﺷﯿﺪ در ﺳﻮﯾﯿﭻ ﮐﻼﯾﻨﺖ ﺗﻨﻈﯿﻢ‬ Vtp domain ‫ ﺑﺮد و ﭘﺲ از ﺗﻨﻈﯿﻢ‬Transparent ‫در ﻏﯿﺮ اﯾﻨﺼﻮرت اول ﺑﺎﯾﺪ ﺳﻮﯾﯿﭻ ﻣﻮرد ﻧﻈﺮ را ﺑﻪ ﺣﺎﻟﺖ‬ ‫ﻣﺠﺪدا آﻧﺮا ﺑﻪ ﺣﺎﻟﺖ ﮐﻼﯾﻨﺖ ﺑﺮﮔﺮداﻧﺪ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. SW1(config)#vtp mode server Device mode already VTP SERVER. SW1(config)#vtp domain CISCO Changing VTP domain name from NULL to CISCO SW1(config)# SW2 con0 is now available End with CNTL/Z. Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. SW2(config)#vtp domain CISCO Domain name already set to CISCO. SW2(config)#vtp mode client Setting device to VTP CLIENT mode. SW2(config)# SW3 con0 is now available End with CNTL/Z. Press RETURN to get started. SW3>enable SW3#configure terminal Enter configuration commands, one per line. SW3(config)#vtp domain CISCO Domain name already set to CISCO. SW3(config)#vtp mode client Setting device to VTP CLIENT mode. SW3(config)# End with CNTL/Z. ‫ و ﺑﺮرﺳﯽ ﺻﺤﺖ اﻧﺘﺸﺎر آن در ﺳﻮﯾﯿﭽﻬﺎي دﯾﮕﺮ‬SW1 ‫ در‬development ‫ ﺑﺎ ﻧﺎم‬Vlan 10 ‫٢. اﯾﺠﺎد‬ SW1(config)#vlan 10 SW1(config-vlan)#name Development SW1(config-vlan)#end SW1# Page 175 of 290
  • 177.
    ‫ ﻓﻮق درﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎ ﻫﻢ ﻣﺸﺎﻫﺪه ﻣﯽ ﺷﻮد ﯾﺎ ﺧﯿﺮ‬Vlan ‫اﮐﻨﻮن ﺑﺮرﺳﯽ ﻣﯿﮑﻨﯿﻢ ﮐﻪ آﯾﺎ‬ SW2(config)#end SW2#show vlan %SYS-5-CONFIG_I: Configured from console by console SW2#show vlan VLAN Name Status Ports ---- -------------------------------- --------- -----------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 Development active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type Trans2 ---- ----1 enet 10 enet 1002 fddi 1003 tr 1004 fdnet 1005 trnet SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 ---------- ----- ------ ------ -------- ---- -------- ------ ----100001 100010 101002 101003 101004 101005 1500 1500 1500 1500 1500 1500 - - - ieee ibm srb - 0 0 0 0 0 0 0 0 0 0 0 0 Remote SPAN VLANs ----------------------------------------------------------------------------Primary Secondary Type Ports ------- --------- ----------------- ----------------------------------------SW2# SW3(config)#end SW3#show vlan VLAN Name Status Ports ---- -------------------------------- --------- -----------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Page 176 of 290
  • 178.
    Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 1002 1003 1004 1005 Development fddi-default token-ring-default fddinet-default trnet-default VLANType Trans2 ---- ----1 enet 10 enet 1002 fddi 1003 tr 1004 fdnet 1005 trnet SAID active act/unsup act/unsup act/unsup act/unsup MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 ---------- ----- ------ ------ -------- ---- -------- ------ ----100001 100010 101002 101003 101004 101005 1500 1500 1500 1500 1500 1500 - - - ieee ibm srb - 0 0 0 0 0 0 0 0 0 0 0 0 Remote SPAN VLANs ----------------------------------------------------------------------------Primary Secondary Type Ports ------- --------- ----------------- ----------------------------------------SW3# ‫ ﺑﻪ آن‬Cisco$123 ‫ از ﻃﺮﯾﻖ ﺗﺨﺼﯿﺺ رﻣﺰ ﻋﺒﻮر‬Vtp domain ‫ ﺑﻪ ﻧﮕﺎرش 2 و اﻓﺰاﯾﺶ اﻣﻨﯿﺖ‬Vtp ‫٣. ﺗﻈﻨﯿﻢ‬ SW1#configure terminal Enter configuration commands, one per SW1(config)#vtp version 2 SW1(config)#vtp password Cisco$123 Setting device VLAN database password SW1(config)#end SW1# SW2#configure terminal Enter configuration commands, one per SW2(config)#vtp password Cisco$123 Setting device VLAN database password SW2(config)#end SW2# SW3#configure terminal Enter configuration commands, one per SW3(config)#vtp password Cisco$123 Setting device VLAN database password SW3(config)#end SW3# Page 177 of 290 line. End with CNTL/Z. to Cisco$123 line. End with CNTL/Z. to Cisco$123 line. End with CNTL/Z. to Cisco$123
  • 179.
    ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬showvtp ‫ و ﺳﺎﯾﺮ ﻣﺸﺨﺼﻪ ﻫﺎي آن از دﺳﺘﻮر‬Vtp‫ﺑﺮاي ﺑﺮرﺳﯽ ﺷﻤﺎره ﻧﮕﺎرش‬ SW2#show vtp status VTP Version : running VTP2 Configuration Revision : 3 Maximum VLANs supported locally : 1005 Number of existing VLANs : 6 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x96 0xF1 0x2F 0xDD 0x5F 0x1F 0x37 0x53 Configuration last modified by 192.168.255.1 at 3-2-93 15:11:27 SW2# ‫ اﺳﺘﻔﺎده ﻣﯿﮑﻨﯿﻢ‬show vtp password ‫ ﻫﻢ از دﺳﺘﻮر‬Vtp domain ‫ﺑﺮاي ﻣﺸﺎﻫﺪه رﻣﺰ ﻋﺒﻮر ﺗﻨﻈﯿﻢ ﺷﺪه ﺑﺮاي‬ SW2#show vtp password VTP Password: Cisco$123 SW2# Page 178 of 290
  • 180.
    ‫آزﻣﺎﯾﺶ 11.4 –ﺗﻨﻈﯿﻤﺎت‪ Vtp transparent‬و ‪Vtp pruning‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻢ ‪ VTP Transparent‬ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻋﻀﻮ ﭘﺴﯿﻮ ‪ Vtp‬ﻫﻤﯿﻨﻄﻮر ﺗﻨﻈﯿﻤﺎت ‪Vtp‬‬ ‫‪ pruning‬ﺑﺎ ﻫﺪف ﺟﻠﻮﮔﯿﺮي از اﻧﺘﺸﺎر ﺗﺮاﻓﯿﮏ ﻫﺎي ﻧﺎﺧﻮاﺳﺘﻪ ‪ vlan‬ﻫﺎ ﺑﻪ ﺳﻮﯾﯿﭽﻬﺎﯾﯽ ﮐﻪ ﻓﺎﻗﺪ آن ‪ vlan‬ﻫﺎ ﻣﯿﺒﺎﺷﻨﺪ‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺑﺮﺧﻼف دو ﺣﺎﻟﺖ ﻗﺒﻠﯽ ‪ Vtp‬ﯾﻌﻨﯽ ﺣﺎﻟﺘﻬﺎي ﺳﺮور و ﮐﻼﯾﻨﺖ ﺣﺎﻟﺖ ﺗﺮﻧﺴﭙﺮﻧﺖ در ﻫﯿﭻ ﯾﮏ از ‪Vtp‬داﻣﯿﻦ ﻫﺎ ﻧﻘﺸﯽ را‬ ‫اﯾﻔﺎ ﻧﻤﯿﮑﻨﺪ و ﺻﺮﻓﺎ ﺑﻪ ﻋﺒﻮر دادن ﻓﺮﯾﻤﻬﺎي ‪ Vtp‬از ﺳﻮﯾﯿﭽﯽ ﺑﻪ ﺳﻮﯾﯿﭻ دﯾﮕﺮ ﻗﻨﺎﻋﺖ ﻣﯽ ﮐﻨﻨﺪ در واﻗﻊ از ﺳﻮﯾﯿﭻ‬ ‫ﺗﺮﻧﺴﭙﺮﻧﺖ ﺻﺮﻓﺎ ﺑﻪ ﻋﻨﻮان ﯾﮏ ﺳﻮﯾﯿﭻ ﻣﺪﯾﺮﯾﺖ ﭘﺬﯾﺮ ﻣﺎﺑﯿﻦ ﻣﺴﯿﺮ اﻧﺘﻘﺎل دو ﺳﻮﯾﯿﭻ ﻓﻌﺎل در ‪ Vtp‬اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.‬ ‫ﯾﮏ ﻧﮑﺘﻪ ﻣﻨﻔﯽ در ﺧﺼﻮص ﺳﻮﯾﯿﭽﻬﺎي ﺗﺮﻧﺴﭙﺮﻧﺖ ﮐﻪ ﺑﻪ ﻋﻨﻮان ﻣﺴﯿﺮ ﺗﺮاﻧﺰﯾﺖ در ‪ Vtp domain‬ﻓﻌﺎﻟﯿﺖ ﻣﯿﮑﻨﻨﺪ‬ ‫اﯾﻨﺴﺖ ﮐﻪ ﻫﻤﮕﯽ ﺑﺎﯾﺪ داراي ﺳﺎﺧﺘﺎر ‪ Vlan‬ﯾﮑﺴﺎﻧﯽ داﺷﺘﻪ ﺑﺎﺷﻨﺪ . راﯾﺞ ﺗﺮﯾﻦ دﻟﯿﻞ اﺳﺘﻔﺎده از ﺳﻮﯾﯿﭽﻬﺎي ﺗﺮﻧﺴﭙﺮﻧﺖ‬ ‫ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﻓﻌﺎل در ‪ Vtp‬ﻣﻼﺣﻀﺎت اﻣﻨﯿﺘﯽ اﺳﺖ .ﯾﮏ ﺳﻮﯾﯿﭻ ﺗﺮﻧﺴﭙﺮﻧﺖ ﻧﯿﺎز ﺑﻪ ﺗﻌﺮﯾﻒ ‪ vlan‬ﻫﺎﯾﯽ دارد ﮐﻪ در‬ ‫ﻫﯿﭻ ﻗﺴﻤﺖ دﯾﮕﺮي از ﺷﺒﮑﻪ ﺗﻌﺮﯾﻒ ﻧﺸﺪه اﻧﺪ اﻣﺎ در ﻋﯿﻦ ﺣﺎل ﺑﻪ ﺳﺎﯾﺮ ‪ vlan‬ﻫﺎ ﻧﯿﺰ دﺳﺘﺮﺳﯽ دارد.‬ ‫در اداﻣﻪ ﺑﻪ اراﺋﻪ ﻣﺜﺎﻟﯽ از ﻟﺰوم ﻓﻌﺎل ﺳﺎزي ‪ Vtp pruning‬ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﻓﺮض ﮐﻨﯿﺪ ﯾﮏ ﺷﺒﮑﻪ ﺳﻪ ﻻﯾﻪ در ﺳﺎﺧﺘﻤﺎﻧﯽ 21 ﻃﺒﻘﻪ ﭘﯿﺎده ﺳﺎزي ﮐﺮده اﯾﻢ و ﺳﻮﯾﯿﭽﻬﺎي ﻻﯾﻪ ﺗﻮزﯾﻊ را ﺑﻪ ﻋﻨﻮان ‪Vtp‬‬ ‫ﺳﺮور ﺗﻨﻈﯿﻢ ﺷﺪه اﻧﺪ و اﻃﻼﻋﺎت ﺗﻌﺮﯾﻒ ‪ vlan‬ﻫﺎ از ﻃﺮﯾﻖ آﻧﻬﺎ ﺑﻪ ﺳﺎﯾﺮ 42 ﺳﻮﯾﯿﭻ ﻻﯾﻪ اﮐﺴﺲ واﻗﻊ در ﻃﺒﻘﺎت ﻣﻨﺘﺸﺮ‬ ‫ﻣﯽ ﺷﻮﻧﺪ.ﺣﺎﻻ ﻓﺮض ﮐﻨﯿﺪ 211 ‪ Vlan‬در ﺳﻮﯾﯿﭻ ﻃﺒﻘﻪ 21 ﺗﻌﺮﯾﻒ ﻣﯽ ﺷﻮد ﺑﻨﺎ ﺑﻪ ﻣﺎﻫﯿﺖ ‪ Vtp‬اﯾﻦ ﺗﻌﺮﯾﻒ ﺑﻪ ﻫﻤﻪ‬ ‫ﺳﻮﯾﯿﭽﻬﺎي اﮐﺴﺲ دﯾﮕﺮ ﻫﻢ ﻣﻨﺘﺸﺮ ﻣﯽ ﺷﻮد و اﻧﻬﺎ ﻧﯿﺰ ﺻﺎﺣﺐ اﯾﻦ ‪Vlan‬ﺧﻮاﻫﻨﺪ ﺷﺪ.اﯾﻨﺠﺎ ﯾﮏ ﺳﻮال ﻣﻬﻢ ﻣﻄﺮح‬ ‫ﻣﯿﺸﻮد و آن اﯾﻨﮑﻪ اﮔﺮ ﺑﺮادﮐﺴﺘﯽ در 211 ‪ Vlan‬ﺗﻮﻟﯿﺪ ﺷﻮد آﯾﺎ ﻫﻤﻪ ﺳﻮﯾﯿﭽﻬﺎي دﯾﮕﺮ ﻫﻢ آﻧﺮا درﯾﺎﻓﺖ ﺧﻮاﻫﻨﺪ ﮐﺮد؟‬ ‫ﭘﺎﺳﺦ ﺑﻠﻪ اﺳﺖ.از آﻧﺠﺎﯾﯽ ﮐﻪ ﺳﻮﯾﯿﭽﻬﺎي ﺗﻮزﯾﻊ ﺑﺮادﮐﺴﺘﻬﺎ را ﺑﻪ ﺗﻤﺎم ﺗﺮاﻧﮏ ﭘﻮرﺗﻬﺎي ﺧﻮد)ﺑﻪ ﺟﺰ ﭘﻮرت درﯾﺎﻓﺖ ﮐﻨﻨﺪه‬ ‫ﺑﺮادﮐﺴﺖ( ارﺳﺎل ﻣﯿﮑﻨﺪ ﻟﺬا ﺗﻤﺎﻣﯽ ﺳﻮﯾﯿﭽﻬﺎي اﮐﺴﺲ ﺑﻪ ﺟﺰ ﺳﻮﯾﯿﭻ ارﺳﺎل ﮐﻨﻨﺪه، ﺑﺮادﮐﺴﺖ را درﯾﺎﻓﺖ ﺧﻮاﻫﻨﺪ ﮐﺮد و‬ ‫اﯾﻦ ﺑﻪ ﻣﻌﻨﺎي اﺗﻼف ﻣﻨﺎﺑﻊ ﺷﺒﮑﻪ اﺳﺖ ﻟﺬا ﺑﺮاي ﺣﻞ اﯾﻦ ﻣﻌﻀﻞ از ‪ Vtp pruning‬اﺳﺘﻔﺎده ﻣﯽ ﮐﻨﯿﻢ.‬ ‫‪ Vtp pruning‬ﺑﻪ زﺑﺎن ﺳﺎده از ارﺳﺎل ﺗﺮاﻓﯿﮏ ﺳﺎﯾﺮ ‪ vlan‬ﻫﺎ روي ﺗﺮاﻧﮏ ﻟﯿﻨﮏ ﺳﻮﯾﯿﭽﻬﺎﯾﯽ ﮐﻪ ﻋﻀﻮي در آن ‪vlan‬‬ ‫ﻧﺪارﻧﺪ ﺟﻠﻮﮔﯿﺮي ﻣﯿﮑﻨﺪ.در ﻣﺜﺎل ﺑﺎﻻ اﮔﺮ ﺳﻮﯾﯿﭽﯽ ﻫﯿﭻ ﭘﻮرت ﻣﺘﻌﻠﻖ ﺑﻪ 211 ‪ Vlan‬را درﺧﻮد ﻧﺪارد ﭼﺮا ﺑﺎﯾﺪ ﺗﺮاﻓﯿﮏ‬ ‫ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻦ ‪ vlan‬را در ﺗﺮاﻧﮏ ﺧﻮد ﻣﺸﺎﻫﺪه ﮐﻨﺪ؟‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫092 ‪Page 179 of‬‬
  • 181.
    ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫ﺗﻨﻈﯿﻢ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Vtp‬ﺳﺮور و 3‪ SW‬ﺑﻪ ﻋﻨﻮان ‪Vtp‬ﮐﻼﯾﻨﺖ ﺑﺎ ﻧﺎم داﻣﻨﻪ ﺳﯿﺴﮑﻮ‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن 21/0‪ Fa0/11,Fa‬و ﺗﻨﻈﯿﻢ 01/0‪ Fa‬ﺑﻪ ﺻﻮرت ‪ dot1q trunk‬در 1‪SW‬‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن 51/0‪ Fa0/11, Fa0/12, Fa0/14, Fa‬و ﺗﻨﻈﯿﻢ 31/0‪Fa‬و01/0‪ Fa‬ﺑﻪ ﺻﻮرت ‪dot1q trunk‬‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن51/0‪ Fa0/11, Fa0/12, Fa0/14, Fa‬و ﺗﻨﻈﯿﻢ 31/0‪Fa‬ﺑﻪ ﻋﻨﻮان ‪dot1q trunk‬در 3‪SW‬‬ ‫در 2‪SW‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ‪vlan‬ﻫﺎي 03,02,01 در ‪ Vtp‬ﺳﺮور‬ ‫‪‬‬ ‫اﯾﺠﺎد اﯾﻨﺘﺮﻓﯿﺲ ﻻﯾﻪ 3 اي ﺑﺮاي 01 ‪ vlan‬در 3‪ SW1,SW‬ﺑﺎ آدرس ﻫﺎي 42/1.31.01.01و42/3.31.01.01‬ ‫ﺗﺼﻮﯾﺮ 2.01.4-ﺗﻨﻈﯿﻤﺎت ‪VTP Pruning‬‬ ‫092 ‪Page 180 of‬‬
  • 182.
    ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ﺗﺮﻧﺴﭙﺮﻧﺖ وﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬Vtp ‫ ﺑﻪ ﻋﻨﻮان‬SW2 ‫ﺗﻨﻈﯿﻢ‬  ‫ ﮐﻼﯾﻨﺖ‬Vtp ‫ ﺳﺮور و ﺣﺼﻮل اﻃﻤﯿﻨﺎن از اﻧﺘﺸﺎر ﺗﻨﻈﯿﻤﺎت ﺑﻪ‬Vtp ‫ در‬Vtp pruning ‫ﻓﻌﺎل ﺳﺎزي‬  SW1 ‫ در‬pruning list ‫ از ﻃﺮﯾﻖ ﻣﺸﺎﻫﺪه‬pruning ‫ﺑﺮرﺳﯽ ﺻﺤﺖ اﻋﻤﺎل‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺗﺮﻧﺴﭙﺮﻧﺖ و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬Vtp ‫ ﺑﻪ ﻋﻨﻮان‬SW2 ‫1. ﺗﻨﻈﯿﻢ‬ >SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#vtp mode transparent SW2(config)#vtp version 2 Setting device to VTP TRANSPARENT mode. SW2(config)#end SW2#show vtp status SW2#show vtp status VTP Version : running VTP2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x06 0x97 0x82 0xDA 0x39 0x52 0x1E 0xF2 Configuration last modified by 192.168.255.252 at 0-0-00 00:00:00 SW2# ‫ ﮐﻼﯾﻨﺖ‬Vtp ‫ ﺳﺮور و ﺣﺼﻮل اﻃﻤﯿﻨﺎن از اﻧﺘﺸﺎر ﺗﻨﻈﯿﻤﺎت ﺑﻪ‬Vtp ‫ در‬Vtp pruning ‫2. ﻓﻌﺎل ﺳﺎزي‬ ‫ ﺳﺮور اﺟﺮا ﺷﻮد ﭘﺲ از آن ﺗﻨﻈﯿﻢ ﺑﻪ‬Vtp ‫ ﺻﺮﻓﺎ در ﻣﺤﯿﻂ‬Vtp pruning ‫ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر ﮐﺎﻓﯽ اﺳﺖ دﺳﺘﻮر‬ ‫ ﮐﻼﯾﻨﺘﻬﺎي ﻣﺠﻤﻮد در داﻣﻨﻪ اﻧﺘﺸﺎر ﺧﻮاﻫﺪ ﯾﺎﻓﺖ‬Vtp ‫ﻃﻮر ﺧﻮدﮐﺎر ﺑﻪ ﺗﻤﺎم‬ SW1 con0 is now available Press RETURN to get started. Page 181 of 290
  • 183.
    SW1>enable SW1#configure terminal Enter configurationcommands, one per line. End with CNTL/Z. SW1(config)#vtp pruning Pruning switched on SW1(config)#end SW1#show vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 36 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x2E 0x9F 0x5E 0x57 0xE3 0x87 0x46 0xFA Configuration last modified by 10.1.5.1 at 3-1-02 00:10:56 Local updater ID is 10.1.5.1 on interface Vl5 (lowest numbered VLAN interface found) SW1# ‫ اﺳﺖ‬SW3 ‫ در‬VTP Pruning ‫3. ﮐﺪﻫﺎي زﯾﺮ ﻧﺸﺎن دﻫﻨﺪه ﺻﺤﺖ اﻧﺘﺸﺎر ﺗﻨﻈﯿﻤﺎت‬ SW3#show vtp status VTP Version : 2 Configuration Revision : 3 Maximum VLANs supported locally : 36 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x77 0xF2 0x86 0xA4 0x3C 0x21 0x09 0xC0 Configuration last modified by 10.1.5.1 at 3-1-02 00:17:21 SW3# Sw3 ‫ ﻟﯿﺴﺖ در‬pruning ‫ و ﻣﺸﺎﻫﺪه‬SW3 ‫ در‬pruning ‫4. ﺑﺮرﺳﯽ وﺿﻌﯿﺖ‬ SW3#show interface trunk Port Fa0/13 Mode on Encapsulation 802.1q Port Fa0/13 Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Page 182 of 290
  • 184.
    Port Fa0/13 Vlans allowed andactive in management domain 1,10,20,30 Port Fa0/13 SW3# Vlans in spanning tree forwarding state and not pruned 1,10 pruning ‫ ﺗﺮاﻓﯿﮑﺸﺎن ﻋﺒﻮر داده ﻣﯿﺸﻮد و ﺗﺤﺖ‬SW3 ‫ ﻫﺎﯾﯽ ﮐﻪ در‬Vlan ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ از ﺧﺮوﺟﯽ دﺳﺘﻮرات ﺑﺮ ﻣﯽ آﯾﺪ‬ ‫ ﻫﺴﺘﻨﺪ.در ﻧﻈﺮ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﺳﻮﯾﯿﭻ ﺗﺮﻧﺴﭙﺮﻧﺖ در ﺻﻮرﺗﯽ ﻣﯿﺘﻮاﻧﺪ ﺗﺮاﻓﯿﮏ را از ﺧﻮد ﻋﺒﻮر‬Vlan 1,10 ‫ﻗﺮار ﻧﻤﯿﮕﯿﺮﻧﺪ‬ ‫ ﻋﺒﻮر ﻣﯿﮑﻨﺪ‬SW2 ‫ در‬Vlan 10 ‫ از‬SW1 ‫ در‬Vlan 10 ‫ ﻣﺘﻨﺎﻇﺮ ﺑﺎ آن را داﺷﺘﻪ ﺑﺎﺷﺪ ﺑﺮاي ﻣﺜﺎل ﺗﺮاﻓﯿﮏ‬vlan ‫دﻫﺪ ﮐﻪ‬ ‫ ﺑﺎﺷﺪ در ﻏﯿﺮ اﯾﻨﺼﻮرت ﺗﺮاﻓﯿﮏ ﻋﺒﻮر داده ﻧﺨﻮاﻫﺪ ﺷﺪ.اﯾﻦ ﻣﻬﻢ را‬Vlan 10 ‫ ﻫﻢ ﻣﯿﺒﺎﯾﺴﺖ داراي‬SW3 ‫در اﯾﻦ ﺑﯿﻦ‬ ‫ ﺑﺮﺳﯽ ﮐﺮد‬SW3 ‫ در‬Vlan 10 ‫ اﯾﻨﺘﺮﻓﯿﺲ‬ping ‫ﻣﯿﺘﻮاﻧﯿﻢ ﺑﺎ‬ SW1#ping 10.10.13.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.13.3, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms SW1# ‫ ﺣﺬف ﮐﻨﯿﻢ اﻣﮑﺎن‬SW2 ‫ را از‬Vlan 10 ‫ وﺟﻮد دارد اﻣﺎ اﮔﺮ‬SW3 ‫ در‬Vlan 10 ‫ﭘﯿﻨﮓ ﻣﻮﻓﻘﯿﺖ آﻣﯿﺰ ﺑﻮد ﺑﻪ دﻟﯿﻞ اﯾﻨﮑﻪ‬ ‫ را ازدﺳﺖ ﺧﻮاﻫﯿﻢ داد‬SW3 ‫در‬Vlan 10 ‫دﺳﺘﺮﺳﯽ ﺑﻪ‬ SW2#configure terminal SW2(config)#no vlan 10 SW2(config)#end SW2# SW1#ping 10.10.13.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.13.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) SW1# Page 183 of 290
  • 185.
    ‫آزﻣﺎﯾﺶ 21.4-ﺗﻨﻈﯿﻤﺎت ‪intervlan routing-Router on stick‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Inter-VLAN routing‬ﺑﺎ اﺳﺘﻔﺎده از روﺗﺮ ﮐﻪ ﺑﺎ ﻧﺎم دﯾﮕﺮ ‪router on stick‬‬ ‫ﻫﻢ ﺷﻨﺎﺧﺘﻪ ﻣﯿﺸﻮد ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ .در اﯾﻦ ﺷﯿﻮه ﺳﻮﯾﯿﭻ و روﺗﺮ از ﻃﺮﯾﻖ ﺗﺮاﻧﮏ اﯾﻨﺘﺮﻓﯿﺲ و ﺗﻌﺮﯾﻒ ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ‬ ‫ﺑﻪ ﺗﻌﺪاد ‪ Vlan‬ﻫﺎ در ارﺗﺒﺎط ﺧﻮاﻫﻨﺪ ﺑﻮد‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﯾﮏ ﺳﮕﻤﻨﺖ ﻻﯾﻪ دوﯾﯽ ﺗﻨﻬﺎ در ﺻﻮرﺗﯽ ﻣﯿﺘﻮاﻧﺪ ﺑﺎ ﺳﺎﯾﺮ ﺷﺒﮑﻪ ارﺳﺎل و درﯾﺎﻓﺖ داده داﺷﺘﻪ ﺑﺎﺷﺪ ﮐﻪ ﺑﺎ ادوات ﻻﯾﻪ 3‬ ‫ﻣﺜﻞ روﺗﺮ ﯾﺎ ﺳﻮﯾﯿﭻ ﻻﯾﻪ 3 در ارﺗﺒﺎط ﺑﺎﺷﺪ ﮐﻪ ﺑﻪ ﻃﻮر ﻋﺎم ‪ Default gateway‬ﻧﺎم دارد.ﺣﺎﻟﺘﯽ را در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ ﮐﻪ در‬ ‫ﯾﮏ ﺳﻮﯾﯿﭻ ﻻﯾﻪ دوﯾﯽ ﭘﻨﺞ ‪ vlan‬ﺗﻌﺮﯾﻒ ﮐﺮده اﯾﻢ و ﺑﻪ ﻫﺮﯾﮏ ﻣﺎﺷﯿﻦ اﺧﺘﺼﺎص داده اﯾﻢ.ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻧﮑﺘﻪ ﺑﺎﻻ در وﺣﻠﻪ‬ ‫اول ﺑﻪ ﺗﻌﺪاد ‪ Vlan‬ﻫﺎ ﮐﻪ ﻫﺮﯾﮏ ﻣﻌﺎدل ﯾﮏ ﺷﺒﮑﻪ ﻻﯾﻪ دوﯾﯽ ﻫﺴﺘﻨﺪ ﻧﯿﺎز ﺑﻪ روﺗﺮ ﺧﻮاﻫﯿﻢ داﺷﺖ ﯾﺎ اﯾﻨﮑﻪ از روﺗﺮي‬ ‫اﺳﺘﻔﺎده ﮐﻨﯿﻢ ﮐﻪ ﺑﻪ ﺗﻌﺪاد ‪ Vlan‬ﻫﺎ اﯾﻨﺘﺮﻓﯿﺲ داﺷﺘﻪ ﺑﺎﺷﺪ. راه ﺣﻞ ﺗﻨﻬﺎ اﺳﺘﻔﺎده از ﯾﮏ روﺗﺮ اﺳﺖ. دروس ﮔﺬﺷﺘﻪ و‬ ‫ﻣﺒﺎﺣﺚ ‪ Dot1q‬ﺗﺮاﻧﮑﯿﻨﮓ را ﺑﻪ ﺧﺎﻃﺮ ﺑﯿﺎورﯾﺪ ﺗﺮاﻧﮏ را ﺑﻪ ﺻﻮرت اﯾﻨﺘﺮﻓﯿﺴﯽ ﺗﻌﺮﯾﻒ ﮐﺮدﯾﻢ ﮐﻪ ﻗﺎﺑﻠﯿﺖ ﻋﺒﻮر دﻫﯽ‬ ‫ﺗﺮاﻓﯿﮏ ﻫﻤﻪ ‪ Vlan‬ﻫﺎ را دارا اﺳﺖ.‬ ‫ﯾﮏ روﺗﺮ ﻣﯿﺘﻮاﻧﺪ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از ﺗﻨﻬﺎ ﯾﮏ ‪ dot1q‬ﺗﺮاﻧﮏ ﻓﯿﺰﯾﮑﯽ و اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ ازاي ﻫﺮ ‪ Vlan‬روي‬ ‫آن،ﻣﻨﻄﻘﺎ در ﻫﻤﻪ ‪ Vlan‬ﻫﺎي ﻣﻮﺟﻮد در ﺷﺒﮑﻪ داراي اﯾﻨﺘﺮﻓﯿﺲ ﺑﺎﺷﺪ.‬ ‫ﯾﮏ ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ در واﻗﻊ اﯾﻨﺘﺮﻓﯿﺴﯽ ﻣﺠﺎزي و ﻣﻨﻄﻘﯽ اﺳﺖ ﮐﻪ از اﯾﻨﺘﺮﻓﯿﺲ ﺣﻘﯿﻘﯽ روﺗﺮ ﻣﺸﺘﻖ ﺷﺪه‬ ‫اﺳﺖ.اﺳﺘﻔﺎده از ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ اﯾﻦ اﻣﮑﺎن را ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ ﮐﻪ ﭼﻨﺪﯾﻦ ﮐﺎﻧﻔﯿﮓ ﻣﺮﺗﺒﻂ ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ ﻫﺎي ﻣﺨﺘﻠﻒ را‬ ‫روي ﺗﻨﻬﺎ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻓﯿﺰﯾﮑﯽ داﺷﺘﻪ ﺑﺎﺷﯿﻢ.‬ ‫.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺧﺎﻣﻮش ﮐﺮدن 3‪SW2,SW‬‬ ‫اﯾﺠﺎد 03,02 ‪ Vlan‬در 1‪SW‬‬ ‫ﺗﻨﻈﯿﻢ 1/0‪ Fa‬در 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Dot1q‬ﺗﺮاﻧﮏ ﻟﯿﻨﮏ‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ 2/0‪ Fa‬ﺑﻪ 02 ‪ Vlan‬و 3/0‪ Fa‬ﺑﻪ 03 ‪ Vlan‬در 1‪SW‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/2.02.1.01 ﺑﻪ 0/0‪ Fa‬در 2‪R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/3.02.1.01 ﺑﻪ 0/0‪ Fa‬در 3‪R‬‬ ‫092 ‪Page 184 of‬‬
  • 186.
    ‫ﺗﺼﻮﯾﺮ 1.21.4- ‪Intervlanrounting – Router on stick‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ 02.0/0‪ Fa‬در 1‪ R‬ﺑﻪ ﻫﻤﺮاه ‪ Dot1q encapsulation‬و 02 ‪Dot1q tag of‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.02.1.01 ﺑﻪ 02.0/0‪Fa‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ 03.0/0‪ Fa‬در 1‪ R‬ﺑﻪ ﻫﻤﺮاه ‪ Dot1q encapsulation‬و 03 ‪Dot1q tag of‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.03.1.01 ﺑﻪ 02.0/0‪Fa‬‬ ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن ‪ ip routing‬در 3‪ R2,R‬و ﺗﻨﻈﯿﻢ آدرس ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ در 1‪ R‬ﺑﻪ ﻋﻨﻮان ‪Default‬‬ ‫‪ gateway‬در 3‪R2,R‬‬ ‫092 ‪Page 185 of‬‬
  • 187.
    R2 ‫ ازﻃﺮﯾﻖ‬R3 ‫ در‬Fa0/0 ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ ﭘﯿﻨﮓ‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﺑﻪ‬Dot1q tag of 20 ‫ و‬Dot1q encapsulation ‫ ﺑﻪ ﻫﻤﺮاه‬R1 ‫ در‬Fa0/0.20 ‫اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ‬  Fa0/0.20 ‫ﻫﻤﺮاه ﺗﺨﺼﯿﺺ آدرس 42/1.02.1.01 ﺑﻪ‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface fa0/0 R1(config-if)#no shut R1(config-if)#interface fa0/0.20 R1(config-subif)#encapsulation dot1q 20 R1(config-subif)#ip add 10.1.20.1 255.255.255.0 R1(config-subif)#exit R1(config)# ‫ ﺑﻪ‬Dot1q tag of 30 ‫ و‬Dot1q encapsulation ‫ ﺑﻪ ﻫﻤﺮاه‬R1 ‫ در‬Fa0/0.30 ‫1. اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ‬ Fa0/0.30 ‫ﻫﻤﺮاه ﺗﺨﺼﯿﺺ آدرس 42/1.03.1.01 ﺑﻪ‬ R1(config)#interface fa0/0.30 R1(config-subif)#encapsulation dot1q 30 R1(config-subif)#ip add 10.1.30.1 255.255.255.0 R1(config-subif)#end R1#sh run interface fa0/0.20 Building configuration... Current configuration : 96 bytes ! interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 10.1.20.1 255.255.255.0 end R1#sh run interface fa0/0.30 Building configuration... Current configuration : 96 bytes ! Page 186 of 290
  • 188.
    interface FastEthernet0/0.30 encapsulation dot1Q30 ip address 10.1.30.1 255.255.255.0 end R1#show ip interface brief | inc FastEthernet0/0 Interface IP-Address OK? Method FastEthernet0/0 unassigned YES unset FastEthernet0/0.20 10.1.20.1 YES manual FastEthernet0/0.30 10.1.30.1 YES manual R1# Status up up up Protocol up up up Default ‫ ﺑﻪ ﻋﻨﻮان‬R1 ‫ و ﺗﻨﻈﯿﻢ آدرس ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ در‬R2,R3 ‫ در‬ip routing ‫2. ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن‬ R2,R3 ‫ در‬gateway R2 con0 is now available Press RETURN to get started. R2>enable R2#configure terminal Enter configuration commands, one per line. R2(config)#no ip routing R2(config)#ip default-gateway 10.1.20.1 R2(config)#end R2# R3 con0 is now available End with CNTL/Z. Press RETURN to get started. R3>enable R3#configure terminal Enter configuration commands, one per line. R3(config)#no ip routing R3(config)#ip default-gateway 10.1.30.1 R3(config)#end R3# End with CNTL/Z. R2 ‫ از ﻃﺮﯾﻖ‬R3 ‫ در‬Fa0/0 ‫3. ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ ﭘﯿﻨﮓ‬ R2#ping 10.1.30.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.30.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/23/52 ms Page 187 of 290
  • 189.
  • 190.
    ‫آزﻣﺎﯾﺶ 31.4-ﺗﻨﻈﯿﻤﺎت ‪PVST‬‬ ‫دراﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ PerVLAN STP‬ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﮑﺎﻧﯿﺰم ﻻﯾﻪ دوﯾﯽ ﺷﻨﺎﺳﺎﯾﯽ ﻟﻮﭘﻬﺎ و ﺟﻠﻮﮔﯿﺮي‬ ‫از ﭘﺪﯾﺪ آﻣﺪن ﻃﻮﻓﺎﻧﻬﺎي ﺑﺮادﮐﺴﺘﯽ در ﺷﺒﮑﻪ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫ﺑﻪ دﻟﯿﻞ ﻣﺤﺪودﯾﺘﻬﺎي 3‪ Gns‬اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ادوات واﻗﻌﯽ اﻧﺠﺎم ﺧﻮاﻫﺪ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺣﺎﻟﺘﯽ را در ﻧﻈﺮ ﺑﮕﯿﺮﯾﺪ ﮐﻪ دوﺳﻮﯾﯿﭻ ﻣﻌﻤﻮﻟﯽ)‪ (non manage‬را از ﻃﺮﯾﻖ دو رﺷﺘﻪ ﮐﺎﺑﻞ ﺷﺒﮑﻪ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﮐﺮده اﯾﻢ‬ ‫و ﺑﻪ ﻫﺮﯾﮏ ﻫﻢ ﯾﮏ دﺳﺘﮕﺎه ‪ PC‬ﻣﺘﺼﻞ ﮐﺮده اﯾﻢ. ﭘﺲ از ﮔﺬﺷﺖ ﻟﺤﻈﺎت ﮐﻮﺗﺎﻫﯽ ﺧﻮاﻫﯿﻢ دﯾﺪ ﮐﻪ ‪ Led‬ﻫﺎي ﻫﺮ دو‬ ‫ﺳﻮﯾﯿﭻ ﺑﻪ ﺷﺪت در ﺣﺎل ﭼﺸﻤﮏ زدن ﺧﻮاﻫﻨﺪ ﺷﺪ و ﭘﺲ از اﻧﺪﮐﯽ ارﺗﺒﺎط دو ‪ PC‬ﻣﺎ ﻗﻄﻊ ﺧﻮاﻫﺪ ﺷﺪ. ﻋﻠﺖ اﯾﻦ ﭘﺪﯾﺪه‬ ‫‪ broadcast strom‬ﻧﺎم دارد و ﻫﻨﮕﺎﻣﯽ ﭘﺪﯾﺪ ﻣﯽ آﯾﺪ ﮐﻪ ﺳﻮﯾﯿﭻ ﺑﺮادﮐﺴﺖ را ﻃﺒﻖ ﻗﻮاﻋﺪ اﯾﻨﮑﺎر ﺑﻪ ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺧﻮد‬ ‫ﺑﻪ ﺟﺰ ﭘﻮرﺗﯽ ﮐﻪ ﺑﺮادﮐﺴﺖ را از آن درﯾﺎﻓﺖ ﮐﺮده اﺳﺖ ارﺳﺎل ﻣﯿﮑﻨﺪ و ﻫﻨﮕﺎﻣﯽ ﮐﻪ دو ﻟﯿﻨﮏ ارﺗﺒﺎﻃﯽ ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭽﻬﺎ‬ ‫ﺑﺮﻗﺮار ﺷﻮد اﯾﻦ ﺟﺮﯾﺎن داده در ﯾﮏ ﺣﻠﻘﻪ ﺗﮑﺮار ﺑﯽ ﻧﻬﺎﯾﺖ ﻗﺮار ﻣﯿﮕﯿﺮد و آﻧﻘﺪر ﺑﺰرگ و ﺑﺰرﮔﺘﺮ ﻣﯿﺸﻮد ﮐﻪ ﺗﻤﺎم ﻇﺮﻓﯿﺖ‬ ‫ﺗﻤﺎﻣﯽ ﭘﻮرﺗﻬﺎ را ﭘﺮﺧﻮاﻫﺪ ﮐﺮد.‬ ‫ﺑﺮاي ﺣﻞ اﯾﻦ ﻣﺸﮑﻞ در ﺳﻮﯾﯿﭽﻬﺎي ﻣﺪﯾﺮﯾﺖ ﭘﺬﯾﺮ از ﭘﺮوﺗﮑﻞ ‪ Spaning tree‬ﮐﻪ ﻣﺴﺌﻮل ﺷﻨﺎﺳﺎﯾﯽ و ﺑﺮﻃﺮف ﮐﺮدن‬ ‫ﻟﻮﭘﻬﺎي ﻻﯾﻪ دو ﺑﺎ ﻫﺪف ﺟﻠﻮﮔﯿﺮي از ﺑﺮوز ﻃﻮﻓﺎﻧﻬﺎي ﺑﺮادﮐﺴﺘﯽ اﺳﺖ اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد.در اﯾﻦ ﺣﺎﻟﺖ ﻟﯿﻨﮑﻬﺎي دوم ﺑﻪ‬ ‫ﺑﻌﺪ ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭽﻬﺎ در ﺣﺎﻟﺖ ﻏﯿﺮ ﻓﻌﺎل ﻗﺮار ﻣﯿﮕﯿﺮﻧﺪ و اﺣﺘﻤﺎل ﺑﺮوز ﻃﻮﻓﺎﻧﻬﺎي ﺑﺮادﮐﺴﺘﯽ ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭽﻬﺎ ﺑﻪ ﺻﻔﺮ ﻣﯽ‬ ‫رﺳﺪ .‬ ‫ﺧﻮب ﭘﺲ اﺻﻼ ﻓﻠﺴﻔﻪ اﺳﺘﻔﺎده از ﭼﻨﺪ ﻟﯿﻨﮏ ﻓﯿﺰﯾﮑﯽ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ ﭼﯿﺴﺖ اﮔﺮ ﮐﻪ ﺗﻨﻬﺎ ﻣﺤﺪود ﺑﻪ اﺳﺘﻔﺎده ﯾﮏ‬ ‫ﻟﯿﻨﮏ ﻫﺴﺘﯿﻢ ؟ﭘﺎﺳﺦ در ﺑﻪ ﮐﺎر ﮔﯿﺮي ‪ Etherchannel‬اﺳﺖ ﮐﻪ ﺗﻌﺪادي ﻟﯿﻨﮏ ﻓﯿﺰﯾﮑﯽ را ﺑﻪ ﺻﻮرت ﯾﮏ ﻟﯿﻨﮏ ﻣﻨﻄﻘﯽ‬ ‫ﺑﻪ ادوات دو ﺳﺮ ﻟﯿﻨﮏ ﻧﺸﺎن ﻣﯽ دﻫﺪ و در اﯾﻦ ﻫﻨﮕﺎم ‪Spaningtree‬ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ‪ Port-Channel‬ﻣﯽ‬ ‫رﺳﯿﺪ آﻧﺮا ﺑﻪ ﺻﻮرت ﯾﮏ ﺗﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻣﯿﺒﯿﻨﺪ و ﻧﻪ ﺗﻌﺪادي اﯾﻨﺘﺮﻓﯿﺲ ﻣﺠﺰا از ﻫﻢ. اﻟﺒﺘﻪ اﺳﺘﻔﺎده از ﭼﻨﺪﯾﻦ ﻟﯿﻨﮏ‬ ‫ﮐﺎرﺑﺮد دﯾﮕﺮي ﺑﻪ ﺟﺰ ‪ Etherchannel‬ﻫﻢ دارد ﻣﺜﻞ ﻟﻮد ﺑﺎﻻﻧﺲ ﻣﺎﺑﯿﻦ دو ﺳﻮﯾﯿﭻ از ﻃﺮﯾﻖ ‪Vlan‬ﻫﺎي ﻣﺠﺰا،ﻓﺮﺿﺎ ﻟﯿﻨﮏ‬ ‫اول ﺗﺮاﻓﯿﮏ ‪ Vlan‬ﻫﺎي ﻓﺮد را ﻋﺒﻮر ﻣﯿﺪﻫﺪ و ﻟﯿﻨﮏ دوم ﺗﺮاﻓﯿﮏ ‪ Vlan‬ﻫﺎي زوج را.اﯾﻦ ﻣﻄﻠﺐ در ﻣﺒﺤﺚ ‪Multiple‬‬ ‫‪ Spaning tree‬ﻣﻮرد ﺑﺤﺚ ﻗﺮار ﻣﯿﮕﯿﺮد.‬ ‫ﭘﺮوﺗﮑﻞ ﻗﺪﯾﻤﯽ ‪ spanning tree‬ﯾﺎ ﻫﻤﺎن ‪ 802.1d‬ﺑﻪ ﻃﻮر ﮐﺎﻣﻞ از رده ﺧﺎرج ﺷﺪه و ﺻﺮﻓﺎ در ﺳﻮﯾﯿﭽﻬﺎﯾﯽ ﻗﺪﯾﻤﯽ‬ ‫ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد ﮐﻪ ﻗﺎﺑﻠﯿﺖ ﭘﺸﺘﯿﺒﺎﻧﯽ از ﺗﻨﻬﺎ ﯾﮏ ‪ Vlan‬را دارا ﻫﺴﺘﻨﺪ.ﺳﯿﺴﮑﻮ در ﻣﻘﻄﻌﯽ ﻣﺸﺎﻫﺪه ﮐﺮد ﮐﻪ‬ ‫ﭘﺮوﺗﮑﻞ ﻣﺬﺑﻮر ﻧﯿﺎز ﺑﻪ ﺟﺎري ﺷﺪن در ﻫﻤﻪ ‪ Vlan‬ﻫﺎ را دارد از اﯾﻨﺮو ﭘﺮوﺗﮑﻞ ﺟﺪﯾﺪﺗﺮ ‪ PVST‬و +‪ PVST‬را ﻣﻌﺮﻓﯽ‬ ‫ﮐﺮد.از اﯾﻨﺮو اﻣﺮوزه ﻫﺮ ‪ Vlan‬ﻣﮑﺎﻧﯿﺰم ‪ STP‬ﺧﻮد را ﺑﻪ ﻣﻨﻈﻮر ﺷﻨﺎﺳﺎﯾﯽ و رﻓﻊ ﻟﻮپ ﻫﺎي ﻻﯾﻪ دوﯾﯽ دارا ﻣﯿﺒﺎﺷﺪ.‬ ‫092 ‪Page 189 of‬‬
  • 191.
    ‫‪ STP‬از ﭘﺮوﺗﮑﻠﯽﺑﻪ ﻧﺎم )‪ BPDU (Bridge protocol data units‬ﺟﻬﺖ اﻧﺘﻘﺎل اﻃﻼﻋﺎت ﺧﻮد ﻣﺎﺑﯿﻦ ﺳﻮﯾﯿﭽﻬﺎ‬ ‫اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ ﻓﺎرق از اﯾﻨﮑﻪ ﺳﻮﯾﯿﭻ ﺑﻪ ﻋﻨﻮان ‪ root‬اﻧﺘﺨﺎب ﺷﺪه ﺑﺎﺷﺪ ﯾﺎ در ﻣﺮﺣﻠﻪ اﻧﺘﺨﺎب ﺑﺎﺷﺪ.‪ STP‬از ﺣﺎﻟﺘﻬﺎي‬ ‫ﻣﺨﺘﻠﻔﯽ از ﭘﻮرﺗﻬﺎ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ﯾﮏ ﺗﻮﭘﻮﻟﻮژي ﺻﺤﯿﺢ ﻻﯾﻪ دوﯾﯽ ﻓﺎﻗﺪ ﻟﻮپ اﯾﺘﻔﺎده ﻣﯿﮑﻨﺪ از اﯾﻨﺮو ﻣﯿﺒﺎﯾﺴﺖ ﺑﺎ اﯾﻦ‬ ‫ﺣﺎﻟﺘﻬﺎ در ‪ PVST‬آﺷﻨﺎ ﺑﺎﺷﯿﻢ ﻣﺎﻧﻨﺪ ‪ root port-designated port‬و ﺳﺎﯾﺮ .‬ ‫ﺣﺎﻟﺖ ﭘﯿﺸﻔﺮض ‪ STP‬در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺳﯿﺴﮑﻮ ‪ PVST‬اﺳﺖ. در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ‬ ‫ﺷﺪ‬ ‫‪: spanning-tree vlan # root primary‬ﺳﻮﯾﯿﭻ را در ﺣﺎﻟﺖ ‪ root bridge‬ﺑﺮاي ‪ Vlan‬ﻣﺸﺨﺺ ﺷﺪه ﻗﺮار ﻣﯽ‬ ‫دﻫﺪ‬ ‫‪ :spanning-tree vlan # root secondary‬ﺳﻮﯾﯿﭻ را در ﺣﺎﻟﺖ ‪Backup root bridge‬ﺑﺮاي ‪ Vlan‬ﻣﺸﺨﺺ ﺷﺪه‬ ‫ﻗﺮار ﻣﯽ دﻫﺪ‬ ‫# ‪:spanning-tree vlan # priority‬ﺗﺨﺼﯿﺺ ‪ Bridge priority‬ﺑﻪ ﻫﺮ ‪ Vlan‬در ﺳﻮﯾﯿﭻ‬ ‫# ‪:show spanning-tree vlan‬ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ‪ STP‬ﻣﺮﺗﺒﻂ ﺑﺎ ‪ Vlan‬ﺧﺎص‬ ‫‪:show spanning-tree summary‬ﻧﻤﺎﯾﺶ ﻫﻤﻪ اﻃﻼﻋﺎت و ﺗﻌﺪاد ﭘﻮرﺗﻬﺎي ﻣﺮﺗﺒﻂ ﺑﺎ ‪STP‬‬ ‫‪:show spanning-tree detail‬ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﺟﺰﺋﯽ ﺗﺮ ﻣﺮﺑﻮط ﺑﻪ ﻫﺮ ﭘﻮرت ﻓﻌﺎل در ‪STP‬‬ ‫‪:show spanning-tree bridge‬ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ‪ STP‬ﻣﺮﺑﻮط ﺑﻪ ﻫﻤﻪ ‪ Vlan‬ﻫﺎ ﺑﻪ ﻫﻤﺮاه اﻟﻮﯾﺖ ﻫﺮ ‪، Vlan‬ﻣﺠﻮع‬ ‫‪ Mac،vlan priority + sys-id-ext‬آردس ‪ Bridge‬و ﺗﺎﯾﻤﺮﻫﺎ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﺷﮑﻞ زﯾﺮ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ‪ Etherchannel‬و ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ 21-01/0‪ Fa‬در ﺳﻮﯾﯿﭽﻬﺎي 2‪SW1,SW‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ‪ Etherchannel‬و ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ 51-31/0‪ Fa‬در 1‪ SW‬و 21-01/0‪ Fa‬در 3‪SW‬‬ ‫ﺑﺮﻗﺮاري ‪ Etherchannel‬و ﺗﺮاﻧﮏ ﻣﺎﺑﯿﻦ 51-31/0‪ Fa‬در 2‪ SW‬و 51-31/0‪ Fa‬در 3‪SW‬‬ ‫ﺗﻌﯿﯿﻦ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Vtp‬ﺳﺮور و ﺳﺎﯾﺮﯾﻦ ﺑﻪ ﻋﻨﻮان ﮐﻼﯾﻨﺖ ﺗﺤﺖ داﻣﯿﻦ ‪ cisco‬و اﯾﺠﺎد ‪ vlan‬ﻫﺎي‬ ‫01و02و03 در ﺳﺮور و ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﻮزﯾﻊ آﻧﻬﺎ ﻣﺎﺑﯿﻦ ﮐﻼﯾﻨﺘﻬﺎ‬ ‫092 ‪Page 190 of‬‬
  • 192.
    ‫ﺗﺼﻮﯾﺮ 1.31.4- ‪PVST‬‬ ‫اﻫﺪافآزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Root Bridge‬ﺑﺮاي ‪ Vlan‬ﻫﺎي 01,1 و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ 2‪SW‬‬ ‫ﺗﻨﻈﯿﻢ 2‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Root Bridge‬ﺑﺮاي ‪ 20 Vlan‬و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ 1‪SW‬‬ ‫ﺗﻨﻈﯿﻢ 2‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Root Bridge‬ﺑﺮاي ‪ 30 Vlan‬و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ 1‪SW‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫1. ﺗﻨﻈﯿﻢ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ Root Bridge‬ﺑﺮاي ‪ Vlan‬ﻫﺎي 01,1 و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ 2‪SW‬‬ ‫ﺑﺮاي ﮐﺎﻧﻔﯿﮓ 1‪ SW‬ﺑﻪ ﻋﻨﻮان ‪ root bridge‬ﺑﺮاي ‪ Vlan‬ﻫﺎي 1,01 دو راه ﭘﯿﺶ رو دارﯾﻢ :‬ ‫‪‬‬ ‫‪:spanning-tree vlan # root primary‬ﮐﻪ ﺑﻬﺘﺮﯾﻦ اﻟﻮﯾﺖ را اﻧﺘﺨﺎب ﻣﯿﮑﻨﺪ و آﻧﺮا ﺑﻪ ﻋﻨﻮان ‪root‬‬ ‫‪‬‬ ‫# ‪:spanning-tree vlan # priority‬ﮐﻪ ﺑﺎﯾﺪ ﺑﻪ ﻃﻮر دﺳﺘﯽ اوﻟﻮﯾﺖ ﺑﺮ ﺣﺴﺐ ﻫﺮ ‪ Vlan‬در ان ﻣﺸﺨﺺ ﺷﻮد‬ ‫‪ bridge‬ﻗﺮار ﻣﯽ دﻫﺪ‬ ‫092 ‪Page 191 of‬‬
  • 193.
    ‫ ﺷﺪن ﺑﯿﺸﺘﺮﺧﻮاﻫﺪ ﺷﺪ.ﺑﺮاي‬root bridge ‫ﺑﻪ ﺧﺎﻃﺮ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﻫﺮﻗﺪر اﯾﻦ ﻋﺪد ﮐﻮﭼﮑﺘﺮ ﺑﺎﺷﺪ ﺷﺎﻧﺲ ﺳﻮﯾﯿﭻ ﺑﺮاي‬ ‫ ﺑﺎﺷﺪ‬vlan ‫ ﮐﻪ ﻋﺪد ﻣﻌﺮف‬sys-id-ext ‫ را ﮐﻪ ﻣﺎﺑﯿﻦ 53556-0 اﺳﺖ را ﺑﺎ‬priority ‫ ﻋﺪد‬bridge priority ‫ﻣﺤﺎﺳﺒﻪ‬ ‫ﺟﻤﻊ ﻣﯿﮑﻨﯿﻢ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#spanning-tree vlan 1 root primary SW1(config)#spanning-tree vlan 10 root primary SW1(config)#end SW1# show spanning-tree vlan root ‫ ﯾﺎ‬show spanning-tree vlan # ‫ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از دﺳﺘﻮرات‬ ‫اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد‬ SW2#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 24577 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Interface ------------------Po21 Po23 Role ---Root Altn Forward Delay 15 sec 32769 (priority 32768 sys-id-ext 1) 001c.57d8.9000 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.216 128.232 Type --------------------------P2p P2p SW2#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 24586 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Bridge ID Priority 32778 Forward Delay 15 sec (priority 32768 sys-id-ext 10) Page 192 of 290
  • 194.
    Address Hello Time Aging Time Interface ------------------Po21 Po23 Role ---Root Altn 001c.57d8.9000 2sec Max Age 20 sec 300 sec Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.216 128.232 Forward Delay 15 sec Type --------------------------P2p P2p SW2#show span root Vlan ---------------VLAN0001 VLAN0010 VLAN0020 VLAN0030 SW2# Root Hello Max Fwd Root ID Cost Time Age Dly -------------------- --------- ----- --- --24577 0014.f2d2.4180 9 2 20 15 24586 0014.f2d2.4180 9 2 20 15 32788 0014.a964.2e00 9 2 20 15 32798 0014.a964.2e00 9 2 20 15 Root Port -----------Po21 Po21 Po23 Po23 ‫ ﻓﺎرق از اﯾﻨﮑﻪ ﺳﻮﯾﯿﭻ ﺟﺎري ﮐﻪ در آن ﻫﺴﺘﯿﻢ روت ﻫﺴﺖ‬show spanning-tree root ‫ﻫﻨﮕﺎم اﺳﺘﻔﺎده از دﺳﺘﻮر‬ ‫ ﭘﻮرﺗﯽ در ﺧﺮوﺟﯽ ﻣﺸﺨﺺ‬root ‫ ﺻﻔﺮ ﺑﺎﺷﺪ و‬root cost ‫ را ﻣﺸﺎﻫﺪه ﺧﻮاﻫﯿﻢ ﮐﺮد.اﮔﺮ‬root port ‫ و‬root cost ‫ﯾﺎ ﺧﯿﺮ‬ ‫ را داﺷﺘﻪ‬root port ‫ و‬root cost ‫ اﺳﺖ.اﻣﺎ اﮔﺮ در ﺧﺮوﺟﯽ‬root bridge ‫ﻧﺸﺪه ﺑﺎﺷﺪ ﺳﻮﯾﯿﭽﯽ ﮐﻪ در آن ﻫﺴﺘﯿﻢ‬ .‫ ﻫﺎ اﯾﻔﺎ ﺧﻮاﻫﻨﺪ ﮐﺮد‬vlan ‫ﺑﺎﺷﯿﻢ ﻣﺎﻧﻨﺪ ﺧﺮوﺟﯽ ﺑﺎﻻ ، ﻣﺸﺨﺺ ﺧﻮاﻫﺪ ﺷﺪ ﮐﻪ ﮐﺪام ﭘﻮرﺗﻬﺎ ﻧﻘﺶ روت را ﺑﺮاي ﮐﺪام‬ SW1 ‫ 02 و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﺮاي‬Root Bridge ‫ ﺑﻪ ﻋﻨﻮان‬SW2 ‫2. ﺗﻨﻈﯿﻢ‬ SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#spanning-tree vlan 20 root primary SW2(config)#end SW2# .‫100اﺳﺖ‬c.57d8.9000 ‫ داراي اوﻟﯿﺖ 65942 و ﻣﮏ آدرس‬root bridge ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﺑﺮرﺳﯽ زﯾﺮ ﻧﺸﺎن ﻣﯽ دﻫﺪ‬ SW2 ‫ ﻣﺘﺼﻞ ﺷﺪه اﺳﺖ. ﻋﻼوه ﺑﺮ اﯾﻦ‬SW2 ‫ اﺳﺖ ﮐﻪ ﻣﺴﺘﻘﯿﻤﺎ ﺑﻪ‬Port-channel12 ‫ﺑﻬﺘﺮﯾﻦ ﻣﺴﯿﺮ ﺑﻪ ﺳﻤﺖ آن ﻧﯿﺰ‬ .‫ در ﺣﮑﻢ روت اﺳﺖ‬Vlan 20 ‫ﻧﯿﺰ ﺑﺮاي‬ SW1#show spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 24596 Address 001c.57d8.9000 Page 193 of 290
  • 195.
    Cost Port Hello Time Bridge ID 9 144(Port-channel12) 2 sec Max Age 20 sec Priority Address Hello Time Aging Time 32788 (priority 32768 sys-id-ext 20) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface ------------------Po12 Po13 Role ---Root Altn Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.144 128.152 Forward Delay 15 sec Type --------------------------P2p P2p SW1# SW1 ‫ 03 و ﺗﺴﺖ ﺻﺤﺖ آن از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﺮاي‬Root Bridge ‫ ﺑﻪ ﻋﻨﻮان‬SW2 ‫3. ﺗﻨﻈﯿﻢ‬ SW3 con0 is now available Press RETURN to get started. SW3>enable SW3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#spanning-tree vlan 30 root primary SW3(config)#end SW3# SW1#show spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol ieee Root ID Priority 24606 Address 0014.a964.2e00 Cost 9 Port 152 (Port-channel13) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Interface ------------------Po12 Po13 Role ---Desg Root Forward Delay 15 sec 32798 (priority 32768 sys-id-ext 30) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD FWD Cost --------9 9 Prio.Nbr -------128.144 128.152 Type --------------------------P2p P2p SW1# Page 194 of 290
  • 196.
  • 197.
    ‫آزﻣﺎﯾﺶ 41.4 –ﺗﻨﻈﯿﻤﺎت ‪Rapid RPVST‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ﭘﺮوﺗﮑﻞ ‪IEEE 802.1w Standard (Cisco) Rapid Per-VLAN‬‬ ‫‪ Spanning Tree Protocol‬در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﺗﻮﺿﯿﺢ:ﺑﻪ دﻟﯿﻞ ﻣﺤﺪودﯾﺘﻬﺎي ﻣﺎژول ‪ NM-16ESW‬در 3‪ GN‬اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ اﺳﺘﻔﺎده از ادوات واﻗﻌﯽ اﻧﺠﺎم ﺧﻮاﻫﺪ‬ ‫ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫در آزﻣﺎﯾﺶ ﻗﺒﻠﯽ ﺑﺎ ﺗﻨﻈﯿﻤﺎت ‪ PVST‬ﮐﻪ ‪ STP‬را ﺑﺮاي ﻫﺮ ‪ Vlan‬ﺑﻪ ﻃﻮر ﻣﺠﺰا ﺑﺮﻗﺮار ﻣﯿﮑﺮد آﺷﻨﺎ ﺷﺪﯾﻢ.در اﯾﻦ‬ ‫آزﻣﺎﯾﺶ ﭘﺮوﺗﮑﻞ ﺟﺪﯾﺪﺗﺮ ‪ 802.1w‬را ﮐﻪ ﺗﮑﻤﯿﻞ ﺷﺪه ﭘﺮوﺗﮑﻞ ﻗﺒﻠﯽ ﻣﯽ ﺑﺎﺷﺪ را ﺑﺮرﺳﯽ ﺧﻮاﻫﯿﻢ ﮐﺮد.اﯾﻦ ﭘﺮوﺗﮑﻞ از‬ ‫آن ﺟﻬﺖ ‪ Rapid‬ﻧﺎم ﮔﺮﻓﺘﻪ اﺳﺖ ﮐﻪ زﻣﺎن ﭘﺎﺳﺨﮕﻮﯾﯽ آن ﻧﺴﺒﺖ ﺑﻪ ﻧﺴﺨﻪ ﻗﺒﻠﯽ ﺳﺮﯾﻌﺘﺮ ﻣﯽ ﺑﺎﺷﺪ رﻗﻤﯽ ﻧﺰدﯾﮏ ﺑﻪ 6‬ ‫ﺛﺎﻧﯿﻪ )ﭘﺲ از ﺳﻪ ‪ (Hello‬در ﺣﺎﻟﯽ ﮐﻪ در اﺳﺘﺎﻧﺪارد ﻗﺒﻠﯽ ‪ IEEE 802.1D‬اﯾﻦ ﻋﺪد 54 ﺛﺎﻧﯿﻪ ﺑﻮد.اﯾﻦ ﭘﺮوﺗﮑﻞ در ﻋﯿﻦ‬ ‫ﺣﺎل داراي ﺳﺎزﮔﺎري ﮐﺎﻣﻞ ﺑﺎ ﻧﺴﺨﻪ ﻗﺒﻠﯽ ‪ STP‬ﻣﻮﺟﻮد در ﺳﻮﯾﯿﭽﻬﺎي ﻗﺪﯾﻤﯽ ﺗﺮ ﻧﯿﺰ ﻣﯽ ﺑﺎﺷﺪ.‬ ‫وﯾﮋﮔﯽ ﺟﺪﯾﺪ دﯾﮕﺮي ﺑﻪ ﭘﺮوﺗﮑﻞ اﺿﺎﻓﻪ ﺷﺪه اﺳﺖ ﮐﻪ ﺗﻘﺮﯾﺒﺎ ﺷﺒﯿﻪ ‪ UplinkFast‬ﻣﯽ ﺑﺎﺷﺪ ﺑﻪ اﯾﻦ ﻣﻌﻨﯽ ﮐﻪ در ﺻﻮرت‬ ‫‪fail‬ﺷﺪن روت ﭘﻮرت ﺑﻪ ﺳﺮﻋﺖ ‪ alternate‬ﭘﻮرت را ﺟﺎﯾﮕﺰﯾﻦ آن ﻣﯽ ﮐﻨﺪ . ﻫﻤﯿﻨﻄﻮر در ﭘﺮوﺗﮑﻞ ﺟﺪﯾﺪ روت ﺑﺮﯾﺞ ﻗﺎدر‬ ‫اﺳﺖ ﺗﺎ از ﻃﺮﯾﻖ ﺳﺖ ﮐﺮدن ﺑﯿﺖ ‪ TC‬در ﻓﺮﯾﻢ ‪ ، BPDU‬ﺳﺎﯾﺮ ﺳﻮﯾﯿﭽﻬﺎي ﻣﻮﺟﻮد در ﺷﺒﮑﻪ را از ﺗﻐﯿﯿﺮات آﮔﺎه ﮐﻨﺪ.‬ ‫.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي و ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﻣﺘﻨﺎﻇﺮ ﺑﺎ آزﻣﺎﯾﺶ ﻗﺒﻠﯽ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ ﺳﻮﯾﯿﭽﻬﺎ ﺟﻬﺖ ﺑﻬﺮه ﮔﯿﺮي از ‪RPVST‬‬ ‫ﮐﺎﻧﻔﯿﮓ 1‪ SW‬ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي ‪Vlan‬ﻫﺎي 01,1 و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ 2‪SW‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ 2‪ SW‬ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي ‪ 20 Vlan‬و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ 1‪SW‬‬ ‫‪‬‬ ‫ﮐﺎﻧﻔﯿﮓ 3‪ SW‬ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي ‪ 30 Vlan‬و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ 1‪SW‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫092 ‪Page 196 of‬‬
  • 198.
    SW2 ‫ﻫﺎي 01,1و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي‬SW1 ‫1. ﮐﺎﻧﻔﯿﮓ‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#spanning-tree mode rapid-pvst SW1(config)#end %SYS-5-CONFIG_I: Configured from console by console SW1#show spanning-tree bridge Hello Vlan Bridge ID Time ---------------- --------------------------------- ----VLAN0001 32769 (32768, 1) 0014.f2d2.4180 2 VLAN0010 32778 (32768, 10) 0014.f2d2.4180 2 VLAN0020 32788 (32768, 20) 0014.f2d2.4180 2 VLAN0030 32798 (32768, 30) 0014.f2d2.4180 2 SW1# SW2 con0 is now available Max Age --20 20 20 20 Fwd Dly --15 15 15 15 Protocol -------rstp rstp rstp rstp Fwd Dly --15 15 15 15 Protocol -------rstp rstp rstp rstp Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#spanning-tree mode rapid-pvst SW2(config)#end %SYS-5-CONFIG_I: Configured from console by console SW2#show spanning-tree bridge Hello Vlan Bridge ID Time ---------------- --------------------------------- ----VLAN0001 32769 (32768, 1) 001c.57d8.9000 2 VLAN0010 32778 (32768, 10) 001c.57d8.9000 2 VLAN0020 32788 (32768, 20) 001c.57d8.9000 2 VLAN0030 32798 (32768, 30) 001c.57d8.9000 2 SW2# SW3 con0 is now available Max Age --20 20 20 20 Press RETURN to get started. SW3>enable SW3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#spanning-tree mode rapid-pvst SW3(config)#end %SYS-5-CONFIG_I: Configured from console by console SW3#show spanning-tree bridge Page 197 of 290
  • 199.
    Vlan ---------------VLAN0001 VLAN0010 VLAN0020 VLAN0030 SW3# Hello Bridge ID Time --------------------------------- ----32769(32768, 1) 0014.a964.2e00 2 32778 (32768, 10) 0014.a964.2e00 2 32788 (32768, 20) 0014.a964.2e00 2 32798 (32768, 30) 0014.a964.2e00 2 Max Age --20 20 20 20 Fwd Dly --15 15 15 15 Protocol -------rstp rstp rstp rstp SW1 ‫ 02 و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي‬SW2 ‫2. ﮐﺎﻧﻔﯿﮓ‬ SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#spanning-tree vlan 1 root primary SW1(config)#spanning-tree vlan 10 root primary SW1(config)#end %SYS-5-CONFIG_I: Configured from console by console SW1# SW2#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Interface ------------------Po21 Po23 Role ---Root Altn Forward Delay 15 sec 32769 (priority 32768 sys-id-ext 1) 001c.57d8.9000 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.216 128.232 Type --------------------------P2p P2p SW2#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 24586 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Forward Delay 15 sec 32778 (priority 32768 sys-id-ext 10) 001c.57d8.9000 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Page 198 of 290
  • 200.
    Interface ------------------Po21 Po23 Role ---Root Altn Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.216 128.232 Type --------------------------P2p P2p SW2# SW1 ‫ 03و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي‬SW3 ‫3. ﮐﺎﻧﻔﯿﮓ‬ SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#spanning-tree vlan 20 root primary SW2(config)#end %SYS-5-CONFIG_I: Configured from console by console SW2# SW1#show spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol rstp Root ID Priority 24596 Address 001c.57d8.9000 Cost 9 Port 144 (Port-channel12) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Interface ------------------Po12 Po13 Role ---Root Altn Forward Delay 15 sec 32788 (priority 32768 sys-id-ext 20) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD BLK Cost --------9 9 Prio.Nbr -------128.144 128.152 Type --------------------------P2p P2p SW1# SW1 ‫ 03 و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ‬Vlan ‫ ﺑﻪ ﻋﻨﻮان روت ﺑﺮﯾﺞ ﺑﺮاي‬SW3 ‫4. ﮐﺎﻧﻔﯿﮓ‬ SW3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#spanning-tree vlan 30 root primary SW3(config)#end %SYS-5-CONFIG_I: Configured from console by console SW3# SW1#show spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol rstp Root ID Priority 24606 Page 199 of 290
  • 201.
    Address Cost Port Hello Time Bridge ID 0014.a964.2e00 9 152(Port-channel13) 2 sec Max Age 20 sec Priority Address Hello Time Aging Time 32798 (priority 32768 sys-id-ext 30) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface ------------------Po12 Po13 Role ---Desg Root Sts --FWD FWD Cost --------9 9 Prio.Nbr -------128.144 128.152 Forward Delay 15 sec Type --------------------------P2p P2p SW1# Page 200 of 290
  • 202.
    ‫آزﻣﺎﯾﺶ 61.4-ﺗﻨﻈﯿﻤﺎت ‪SwitchportSpanning Tree Portfast‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Spanning-Tree Switchport Portfast‬ﺑﺎ ﻫﺪف ورود ﻫﺮ ﭼﻪ ﺳﺮﯾﻌﺘﺮ‬ ‫ﭘﻮرﺗﻬﺎي اﮐﺴﺲ ﺑﻪ ﻣﺪار آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻓﺮض ﮐﻨﯿﺪ ﺻﺎﺣﺐ ﯾﮏ ﮐﺎﻣﭙﯿﻮﺗﺮ ﺑﺴﯿﺎر ﺳﺮﯾﻊ ﺳﺮﯾﻊ ﻫﺴﺘﯿﺪ ﯾﺎ ﻓﺮﺿﺎ ﯾﮏ ﺗﯿﻦ ﮐﻼﯾﻨﺖ دارﯾﺪ ﮐﻪ ﻃﯽ 5 ﺛﺎﻧﺒﻪ ﺑﻮت و ﻗﺎﺑﻞ‬ ‫اﺳﺘﻔﺎده ﻣﯿﺸﻮد.ﭼﻪ اﺗﻔﺎﻗﯽ ﻣﯿﺎﻓﺘﯿﺪ ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺗﺮاﻓﯿﮏ ﺳﯿﺴﺘﻢ ﺑﺮاي اوﻟﯿﻦ ﺑﻪ ﺳﻤﺖ ﭘﻮرت ﺳﻮﯾﯿﭻ روان ﻣﯿﺸﻮد؟ﭘﺎﺳﺦ‬ ‫اﯾﻨﺴﺖ ﮐﻪ ﺗﺮاﻓﯿﮏ ﺣﺬف ﻣﯿﺸﻮد! ﺑﺨﺎﻃﺮ اﯾﻨﮑﻪ ﭘﻮرت ﺣﺪود 51 ﺛﺎﻧﺒﻪ زﻣﺎن ﻧﯿﺎز دارد ﺗﺎ از ﺣﺎﻟﺖ ‪ blocking‬ﺑﻪ‬ ‫‪ forwarding‬ﺗﻐﯿﯿﺮ وﺿﻌﯿﺖ دﻫﺪ و در اﯾﻦ ﺣﯿﻦ ﺑﻪ دﻧﺒﺎل اﯾﻦ اﺳﺖ ﮐﻪ ﻣﺘﻮﺟﻪ ﺷﻮد ﮐﻪ آﯾﺎ ﻟﻮﭘﯽ در ﺷﺒﮑﻪ وﺟﻮد دارد ﯾﺎ‬ ‫ﺧﯿﺮ.ﭘﺲ از ﺣﺼﻮل اﻃﻤﯿﻨﺎن از اﯾﻨﮑﻪ ﻟﻮپ ﭘﺪﯾﺪ ﻧﺨﻮاﻫﺪ آﻣﺪ ﭘﻮرت اﮐﺴﺲ ﻣﺎ اﺑﺘﺪا در ﺣﺎل ‪ learning‬ﺳﭙﺲ‬ ‫‪ forwarding‬ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ. ﺣﺎﻻ اﮔﺮ ﺗﻨﻈﯿﻤﺎت ﺷﺒﮑﻪ دﺳﺘﮕﺎه ﻣﺎ ﺑﻪ ﮔﻮﻧﻪ اي ﺑﺎﺷﺪ ﮐﻪ اﮔﺮ ﻇﺮف 8 ﺛﺎﻧﯿﻪ ﻣﻮﻓﻖ ﺑﻪ‬ ‫درﯾﺎﻓﺖ ‪ IP‬از ﺷﺒﮑﻪ ﻧﺸﻮد ﭘﯿﻐﺎم ‪ failure‬ﻧﻤﺎﯾﺶ دﻫﺪ ﺳﯿﺴﺘﻢ ﻣﺎ ﻫﺮﮔﺰ ﺑﻪ آن ﺷﺒﮑﻪ ﻣﺘﺼﻞ ﻧﺨﻮاﻫﺪ ﺷﺪ.‬ ‫ﺳﺎده ﺗﺮﯾﻦ ﺗﻮﺿﯿﺢ اﯾﻨﺴﺖ ﮐﻪ ‪ portfast‬ﭘﻮرت ﻣﻮرد ﻧﻈﺮ را ﺳﺮﯾﻌﺎ ﺑﻪ ﺣﺎﻟﺖ ‪ forwarding‬ﺗﻐﯿﯿﺮ وﺿﻌﯿﺖ ﻣﯿﺪﻫﺪ و در‬ ‫اﯾﻦ ﺣﺎﻟﺖ ﺗﻼﺷﯽ ﺑﺮا ﺷﻨﺎﺳﺎﯾﯽ ﻟﻮپ در ﺷﺒﮑﻪ اﻧﺠﺎم ﻧﻤﯿﺪﻫﺪ ﻣﮕﺮ اﯾﻨﮑﻪ روي آن ﭘﻮرت ‪ BPDU‬دﯾﺎﻓﺖ ﮐﻨﺪ ﻧﺘﯿﺠﻪ‬ ‫اﯾﻨﮑﻪ اﮔﺮ اﯾﻦ ﻣﺸﺨﺼﻪ روي ﺗﻌﺪادي از ﭘﻮرﺗﻬﺎي ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﮑﻪ ﺳﻮﯾﯿﭻ ﻓﻌﺎل ﺑﺎﺷﺪ ﺑﺮاي ﻟﺤﻈﺎﺗﯽ ﺷﺎﻫﺪ ﺑﺮوز ﻟﻮپ در‬ ‫ﺷﺒﮑﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ اﻣﺎ ﺑﻪ ﺳﺮﻋﺖ ﺑﺮﻃﺮف ﺧﻮاﻫﺪ ﺷﺪ. ﻣﺰﯾﺖ دﯾﮕﺮ ‪ portfast‬ﻋﺪم اﯾﺠﺎد ‪TCN (Topology Change‬‬ ‫)‪ Notification‬ﺗﻮﺳﻂ ‪ STP‬ﺑﺎ ﻫﺮ ﺑﺎر آپ و داون ﺷﺪن ﭘﻮرت اﺳﺖ اﯾﻦ ﻣﻮﺿﻮع ﺑﺎﻋﺚ ﺻﺮﻓﻪ ﺟﻮﯾﯽ در ﻣﻨﺎﺑﻊ ﺳﯿﺴﺘﻤﯽ‬ ‫ﺳﻮﯾﯿﭻ ﻣﯿﺸﻮد زﯾﺮا ﻣﺠﺒﻮر ﻧﯿﺴﺖ ﺑﺎ ﻫﺮ ﺑﺎر ﺗﻐﯿﯿﺮ وﺿﻌﯿﺖ ﯾﮏ ﭘﻮرت اﮐﺴﺲ ﮐﻞ ﻣﺤﺎﺳﺒﺎت ﺧﻮد را از اول اﻧﺠﺎم دﻫﺪ.‬ ‫دو راه ﺑﺮاي ﻓﻌﺎل ﺳﺎزي ‪ portfast‬در ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ وﺟﻮد دارد ﯾﮏ راه ﻓﻌﺎل ﺳﺎزي آن در ﺳﻄﺢ اﯾﻨﺘﺮﻓﯿﺲ و‬ ‫دﯾﮕﺮي در ﺳﻄﺢ ﮐﻞ ﺳﻮﯾﯿﭻ اﺳﺖ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي زﯾﺮ‬ ‫ﻓﻌﺎل ﺳﺎزي ‪ RPVST‬در 1‪SW‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﻓﻌﺎل ﮐﺮدن 0/0‪ Fa‬در 1‪ R‬و ﻣﺸﺎﻫﺪه وﺿﻌﯿﺖ آن از ﻃﺮﯾﻖ ‪show spanning-tree‬‬ ‫092 ‪Page 201 of‬‬
  • 203.
    ‫ و‬R1 ‫ﺳﭙﺲ ﻓﻌﺎل ﮐﺮدن ﻣﺠﺪد اﯾﻨﺘﺮﻓﯿﺲ‬SW1 ‫ در‬portfast ‫ﻏﯿﺮﻓﻌﺎل ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ و ﻓﻌﺎل ﮐﺮدن‬  ‫ در ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ و ﺑﺮرﺳﯽ ﺻﺤﺖ ﻋﻤﻠﮑﺮد آن‬portfast ‫ﻓﻌﺎل ﮐﺮدن‬  SW1 ‫ در‬Fa0/1 ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﻓﻌﺎل ﺷﺪن ﺳﺮﯾﻊ‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ‬ show spanning-tree ‫ و ﻣﺸﺎﻫﺪه وﺿﻌﯿﺖ آن از ﻃﺮﯾﻖ‬R1 ‫ در‬Fa0/0 ‫1. ﻓﻌﺎل ﮐﺮدن‬ R1 con0 is now available Press RETURN to get started. *Mar 15 23:38:09.097: %SYS-5-CONFIG_I: Configured from console by console R1#enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface fa0/0 R1(config-if)#no shut R1(config-if)# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up R1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# SW1 ‫ از ﻃﺮﯾﻖ‬RSTP ‫ﻧﺘﯿﺠﻪ ﺑﺮرﺳﯽ‬ SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Forward Delay 15 sec 24577 (priority 24576 sys-id-ext 1) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------- Page 202 of 290
  • 204.
    Fa0/1 Desg BLK 19 128.3 P2p SW1#showspanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Forward Delay 15 sec 24577 (priority 24576 sys-id-ext 1) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------Fa0/1 Desg LRN 19 128.3 P2p SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Aging Time Forward Delay 15 sec 24577 (priority 24576 sys-id-ext 1) 0014.f2d2.4180 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------Fa0/1 Desg FWD 19 128.3 P2p SW1# ‫ ﻣﮏ آدرس را از ﻓﺮﯾﻤﻬﺎي‬learning ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﺸﻮد ﭘﻮرت اﺑﺘﺪا ﺗﺮاﻓﯿﮏ را ﺑﻼك ﻣﯿﮑﻨﺪ ﺳﭙﺲ در ﺣﺎﻟﺖ‬ ‫ ارﺳﺎﻟﯽ از ﺳﺎﯾﺮ ﻧﻘﺎط ﺷﺒﮑﻪ را ﺟﻬﺖ ﯾﺎﻓﺘﻦ ﻟﻮﭘﻬﺎي اﺣﺘﻤﺎﻟﯽ‬BPDU ‫درﯾﺎﻓﺘﯽ اﺳﺘﺨﺮاج ﻣﯿﮑﻨﺪ در ﻫﻤﯿﻦ ﺣﯿﻦ ﻓﺮﯾﻤﻬﺎي‬ .‫ ﺗﻐﯿﯿﺮ ﺣﺎﻟﺖ ﻣﯿﺪﻫﺪ‬forwarding ‫ﭘﺮدازش ﻣﯿﮑﻨﺪ ﺑﻌﺪ از آن ﺑﻪ ﺣﺎﻟﺖ‬ ‫ و‬R1 ‫ ﺳﭙﺲ ﻓﻌﺎل ﮐﺮدن ﻣﺠﺪد اﯾﻨﺘﺮﻓﯿﺲ‬SW1 ‫ در‬portfast ‫1. ﻏﯿﺮﻓﻌﺎل ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ و ﻓﻌﺎل ﮐﺮدن‬ SW1 ‫ در‬Fa0/1 ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﻓﻌﺎل ﺷﺪن ﺳﺮﯾﻊ‬ R1#configure terminal Enter configuration commands, one per line. R1(config)#interface fa0/0 R1(config-if)#shutdown Page 203 of 290 End with CNTL/Z.
  • 205.
    R1(config-if)# SW1 ‫ در‬portfast‫و ﺗﻨﻈﻤﯿﺎت‬ SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface fa0/1 SW1(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode. SW1(config-if)#end SW1# ‫و ﻓﻌﺎل ﺳﺎزي ﻣﺠﺪد اﯾﻨﺘﺮﻓﯿﺲ روﺗﺮ‬ R1(config-if)#no shut R1(config-if)# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up R1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R1(config-if)# ‫ ﺗﻐﯿﯿﺮ ﺣﺎﻟﺖ داده اﺳﺖ‬forwarding ‫ ﺑﻼﻓﺎﺻﻠﻪ ﺑﻪ ﺣﺎﻟﺖ‬Fa0/1 ‫ ﻧﺸﺎن ﻣﯿﺪﻫﺪ ﮐﻪ‬SW1 ‫ در‬SPT ‫اﮐﻨﻮن ﺑﺮرﺳﯽ‬ SW1#show span VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority 24577 Forward Delay 15 sec (priority 24576 sys-id-ext 1) Page 204 of 290
  • 206.
    Address Hello Time Aging Time 0014.f2d2.4180 2sec Max Age 20 sec 300 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------Fa0/1 Desg FWD 19 128.3 P2p Edge SW1# ‫ در ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ و ﺑﺮرﺳﯽ ﺻﺤﺖ ﻋﻤﻠﮑﺮد آن‬portfast ‫2. ﻓﻌﺎل ﮐﺮدن‬ SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#spanning-tree portfast default %Warning: this command enables portfast by default on all interfaces. You should now disable portfast explicitly on switched ports leading to hubs, switches and bridges as they may create temporary bridging loops. SW1(config)#end SW1# SW1#show spanning-tree summary Switch is in rapid-pvst mode Root bridge for: VLAN0001 Extended system ID is Portfast Default is PortFast BPDU Guard Default is Portfast BPDU Filter Default is Loopguard Default is EtherChannel misconfig guard is UplinkFast is BackboneFast is Configured Pathcost method used enabled enabled disabled disabled disabled enabled disabled disabled is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------VLAN0001 0 0 0 1 1 ---------------------- -------- --------- -------- ---------- ---------1 vlan 0 0 0 1 1 SW1# Page 205 of 290
  • 207.
    ‫آزﻣﺎﯾﺶ 71.4:ﺗﻨﻈﯿﻤﺎت ‪BPDU‬ﮔﺎرد‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ BPDU‬ﮔﺎرد ﺑﻪ ﻣﻨﻈﻮر ﺟﻠﻮﮔﯿﺮي از ﻓﻌﺎﻟﯿﺖ ﺳﻮﯾﯿﭽﻬﺎي ﻣﺘﻔﺮﻗﻪ از ﻃﺮﯾﻖ ﺧﺎﻣﻮش‬ ‫ﮐﺮدن ﭘﻮرﺗﻬﺎي درﯾﺎﻓﺖ ﮐﻨﻨﺪه ‪ BPDU‬ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ وﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﭼﻪ اﺗﻔﺎﻗﯽ ﺧﻮاﻫﺪ اﻓﺘﺎد اﮔﺮ ﯾﮏ ﮐﺎرﺑﺮ ﻣﻄﻠﻊ ﯾﺎ ﺣﺘﯽ ﻧﺎ ﻣﻄﻠﻊ ﻫﺎب/ﺳﻮﯾﯿﭽﯽ ﻣﺘﻔﺮﻗﻪ را ﺑﻪ ﭘﻮرﺗﻬﺎي ﺷﺒﮑﻪ )روي دﯾﻮار(‬ ‫ﻣﺘﺼﻞ ﮐﻨﺪ ؟ﭘﺎﺳﺦ ﮐﺎﻣﻼ روﺷﻦ اﺳﺖ و ﻧﺘﯿﺠﻪ اﯾﻨﮑﺎر اﯾﺠﺎد ﯾﮏ ﻟﻮپ ﻻﯾﻪ دوﯾﯽ ﺧﻮاﻫﺪ ﺑﻮد و ﻃﻮﻓﺎن ﺑﺮادﮐﺴﺖ ﺣﺎﺻﻞ از‬ ‫آن ﺳﺮﻋﺖ ﺷﺒﮑﻪ را در ﺣﺪ ارﺗﺒﺎﻃﺎت ‪ dial up‬ﭘﺎﯾﯿﻦ ﺧﻮاﻫﺪ آورد.‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﻬﻨﺪس ﺷﺒﮑﻪ اﯾﻦ وﻇﯿﻔﻪ ﻣﺎ اﺳﺖ ﮐﻪ از ﻓﺮاﻫﻢ آوردن اﻣﮑﺎن اﺗﺼﺎل ﺳﻮﯾﯿﭻ ﻫﺎي ﻣﺘﻔﺮﻗﻪ ﺗﻮﺳﻂ ﮐﺎرﺑﺮان ﯾﺎ‬ ‫ﺳﺎﯾﺮ اﺷﺨﺎص ﺑﻪ ﺷﺒﮑﻪ ﻣﻮﺟﻮد ﺑﻪ دﻻﯾﻠﯽ ﻫﻤﭽﻮن ﮐﻤﺒﻮد ﭘﻮرت در ﺳﻤﺖ ﮐﺎرﺑﺮ و ﻧﯿﺎز ﺑﻪ اﻓﺰاﯾﺶ آﻧﻬﺎ ﺟﻠﻮﮔﯿﺮي‬ ‫ﮐﻨﯿﻢ.‪ PDU‬ﮔﺎرد ﻣﮑﺎﻧﯿﺰﯾﻤﯽ اﺳﺖ ﮐﻪ از ﻃﺮﯾﻖ آن ﭘﻮرﺗﻬﺎﯾﯽ از ﺳﻮﯾﯿﭻ ﮐﻪ روي آﻧﻬﺎ ﻓﺮﯾﻤﻬﺎي ‪ BPDU‬درﯾﺎﻓﺖ ﻣﯿﺸﻮﻧﺪ‬ ‫ﺧﺎﻣﻮش ﻣﯿﺸﻮﻧﺪ ﻟﺬا اﻣﺮوزه ﺗﻨﻈﯿﻢ ‪ Portfast‬و ‪ BPDU‬ﮔﺎرد در ﭘﻮرﺗﻬﺎي اﮐﺴﺲ ﺳﻤﺖ ﮐﺎرﺑﺮي از ﻧﮑﺎت ﻣﻬﻢ و ﻣﺮﺳﻮم‬ ‫ﺑﻪ ﺣﺴﺎب ﻣﯽ آﯾﻨﺪ‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﭘﻮرﺗﯽ ﺗﻮﺳﻂ ﮔﺎرد ﺑﻪ ﺟﻬﺖ درﯾﺎﻓﺖ ‪ BPDU‬ﻏﯿﺮﻓﻌﺎل ﻣﯿﺸﻮد در ﺣﺎﻟﺖ ‪ ERR-Disabled‬ﻗﺮار ﻣﯿﮕﯿﺮد‬ ‫ﺑﺮاي اﺣﯿﺎ ﭘﻮرت ﻣﺬﺑﻮر ﺑﻪ ﺣﺎﻟﺖ اول ﯾﮑﺒﺎر آﻧﺮا ﺧﺎﻣﻮش ﻣﺠﺪدا روﺷﻦ ﻣﯿﮑﻨﯿﻢ.ﻫﻤﯿﻨﻄﻮر ﻣﯿﺘﻮاﻧﯿﻢ اﯾﻦ ﻣﺸﺨﺼﻪ را ﻣﺎﻧﻨﺪ‬ ‫‪ Portfast‬ﺑﻪ ﻃﻮر ﯾﮑﺠﺎ ﺑﺮاي ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ ﻓﻌﺎل ﮐﻨﯿﻢ .‬ ‫ﻧﮑﺘﻪ: ﻣﺎژول ‪ NM-16ESW‬در 3‪ GNS‬ﺗﻨﻬﺎ از ﺗﻨﻈﯿﻤﺎت ‪ BPDU‬ﮔﺎرد در ﺳﻄﺢ ﻫﻤﻪ ﭘﻮرﺗﻬﺎي ﺳﻮﯾﯿﭻ ﭘﺸﺘﯿﺒﺎﻧﯽ‬ ‫ﻣﯿﮑﻨﺪ و ﻧﻪ ﺗﮏ ﭘﻮرت از اﯾﻨﺮو ﺗﻤﺮﯾﻨﺎت اﯾﻦ آزﻣﺎﯾﺶ را ﺑﺎ ادوات واﻗﻌﯽ اﻧﺠﺎم ﻣﯽ دﻫﯿﻢ‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﺸﺎﺑﻪ آزﻣﺎﯾﺸﺎت ﻗﺒﻠﯽ‬ ‫ﺗﻨﻈﯿﻢ 1/0‪ Fa‬در ﻫﺮ دو ﺳﻮﯾﯿﭻ ﺑﻪ ﻋﻨﻮان اﮐﺴﺲ ﭘﻮرت واﻗﻊ در 01 ‪Vlan‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫092 ‪Page 206 of‬‬
  • 208.
    ‫ در ﻫﺮدو ﺳﻮﯾﯿﭻ‬Fa0/1 ‫ ﺑﻮدن‬Up ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از‬  ‫ و ﺑﺮرﺳﯽ وﺿﻌﯿﺖ ﭘﻮرت در اﻧﺘﻬﺎ‬SW1 ‫ در‬Fa0/1 ‫ ﮔﺎرد‬BPDU ‫ﻓﻌﺎل ﺳﺎزي‬  ‫ﺣﺬف ﮔﺎرد و ﺑﺮرﺳﯽ وﺿﻌﯿﺖ ﭘﻮرﺗﻬﺎ در اﻧﺘﻬﺎ‬   ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ در ﻫﺮ دو ﺳﻮﯾﯿﭻ‬Fa0/1 ‫ ﺑﻮدن‬Up ‫1. ﺣﺼﻮل اﻃﻤﯿﻨﺎن از‬ show ip interface brief FastEthernet 0/10 Interface IP-Address OK? Method Status FastEthernet0/10 unassigned YES unset up SW1# Protocol up SW2#show interface fa0/10 FastEthernet0/10 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001c.57d8.900c (bia 001c.57d8.900c) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 2000 bits/sec, 4 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 49720 packets input, 3684013 bytes, 0 no buffer Received 48602 broadcasts (48602 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 48602 multicast, 0 pause input 0 input packets with dribble condition detected 3118 packets output, 381783 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out SW2# ‫ ﺳﭙﺲ ﻓﻌﺎل ﮐﺮدن‬SW1 ‫ ﮔﺎرد در‬BPDU ‫ و ﻓﻌﺎل ﮐﺮدن‬SW2 ‫ در‬Fa0/10 ‫2. ﺧﺎﻣﻮش ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ‬ SW1 ‫ وﺑﺮرﺳﯽ وﺿﻌﯿﺖ‬SW2 ‫ در‬Fa0/10 SW2#configure terminal Enter configuration commands, one per line. SW2(config)#interface fa0/10 Page 207 of 290 End with CNTL/Z.
  • 209.
    SW2(config-if)#shutdown %LINK-5-CHANGED: Interface FastEthernet0/10,changed state to administratively down SW2(config-if)# SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface fa0/10 SW1(config-if)#spanning-tree bpduguard enable SW1(config-if)#end SW1# SW2(config-if)#no shutdown SW2(config-if)# %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to down SW2(config-if)# ‫ روي‬SW2 ‫ از ﺳﻤﺖ‬BPDU ‫ ﺑﺎ ﻣﻀﻤﻮن درﯾﺎﻓﺖ‬Syslog message ‫ ﻣﺮاﺟﻌﻪ ﮐﻨﯿﻢ ﺑﺎ ﯾﮏ‬SW1 ‫در اﯾﻦ ﻟﺤﻈﻪ اﮔﺮ ﺑﻪ‬ ‫ ﻣﻮاﺟﻪ ﺧﻮاﻫﯿﻢ ﺷﺪ‬Fa0/1 SW1# %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/10 with BPDU Guard enabled. Disabling port. SW1# %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/10, putting Fa0/10 in err-disable state SW1# SW1#show interfaces fa0/10 FastEthernet0/10 is down, line protocol is down (err-disabled) Hardware is Fast Ethernet, address is 0014.f2d2.418c (bia 0014.f2d2.418c) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:02:43, output 00:08:44, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 3303 packets input, 403853 bytes, 0 no buffer Received 2097 broadcasts (2097 multicasts) 0 runts, 0 giants, 0 throttles Page 208 of 290
  • 210.
    0 input errors,0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 2097 multicast, 0 pause input 0 input packets with dribble condition detected 55416 packets output, 4095765 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out SW1# ‫ ﺑﻪ‬BPDU ‫ ﺑﻪ ﺟﻬﺖ ﻓﻌﺎل ﺑﻮدن ﮔﺎرد ﺑﻪ ﻣﺤﺾ درﯾﺎﻓﺖ‬SW1 ‫ در ﺳﻮﯾﯿﭻ‬Fa0/1 ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﻧﺘﻈﺎر ﻣﯿﺮﻓﺖ وﺿﻌﯿﺖ‬ ‫ دراﻣﺪه اﺳﺖ‬Err-Disabled ‫ﺣﺎﻟﺖ‬ ‫3. ﺣﺬف ﮔﺎرد و ﺑﺮرﺳﯽ وﺿﻌﯿﺖ ﭘﻮرﺗﻬﺎ در اﻧﺘﻬﺎ‬ SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface fa0/10 SW1(config-if)#no spanning-tree bpduguard enable SW1(config-if)#exit SW1(config)#spanning-tree portfast bpduguard default SW1(config)#end SW1# %SYS-5-CONFIG_I: Configured from console by console SW1# SW1(config)#do show spanning-tree summary Switch is in rapid-pvst mode Root bridge for: none Extended system ID is enabled Portfast Default is enabled PortFast BPDU Guard Default is enabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled EtherChannel misconfig guard is enabled UplinkFast is disabled BackboneFast is disabled Configured Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------Total 0 0 0 0 0 SW1(config)# Page 209 of 290
  • 211.
    ‫آزﻣﺎﯾﺶ 12.4-ﺗﻨﻈﯿﻤﺎت ‪Switchport analyzer session‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﺗﻨﻈﯿﻤﺎت ‪ SPAN‬ﺑﺎ ﻫﺪف ﮐﭙﯽ ﺗﺮاﻓﯿﮏ ﯾﮏ ﭘﻮرت ﺳﻮﯾﯿﭻ ﺑﻪ ﭘﻮرﺗﯽ دﯾﮕﺮ ﺑﻪ ﻣﻨﻈﻮر آﻧﺎﻟﯿﺰ ﺗﺮاﻓﯿﮏ‬ ‫ﺷﺒﮑﻪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ.‬ ‫آﯾﺎ ﺗﺎ ﮐﻨﻮن ﺑﻪ اﯾﻦ ﻣﻮﺿﻮع اﻧﺪﯾﺸﯿﺪه اﯾﺪ ﮐﻪ ﭼﻄﻮر ﺗﺮاﻓﯿﮏ ﻋﺒﻮري از ﯾﮏ ﭘﻮرت ﺳﻮﯾﯿﭻ را ﺟﻬﺖ اﻧﺎﻟﯿﺰ – ‪ sniff‬ﺑﻪ ﯾﮏ‬ ‫اﺑﺰار ﺗﺮاﻓﯿﮏ آﻧﺎﻻﯾﺰر ﻣﺎﻧﻨﺪ ‪ Wireshark‬ﻣﻨﺘﻘﻞ ﮐﻨﯿﺪ ؟راه ﺣﻞ در ﺑﻬﺮه ﮔﯿﺮي از ‪ SPAN‬اﺳﺖ.‬ ‫در ﻣﺤﯿﻄﻬﺎي اﺟﺮاﯾﯽ اﺳﺘﻔﺎده از ‪ SPAN‬ﺟﻬﺖ رﻓﻊ اﺷﮑﺎل ﻣﺴﺎﺋﻞ ﭘﺪﯾﺪ آﻣﺪه ﻣﺎﺑﯿﻦ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎ‬ ‫وﺳﺮورﻫﺎ اﻣﺮي راﯾﺞ اﺳﺖ.ﺳﻮﯾﯿﭽﻬﺎي ﮐﺎﺗﺎﻟﯿﺴﺖ ﺳﯿﺴﮑﻮ داراي ﻣﺤﺪودﯾﺖ در ﺗﻌﺪاد ‪ SPAN‬ﻫﺎي ﻓﻌﺎل ﻫﺴﺘﻨﺪ اﯾﻦ‬ ‫ﻣﺤﺪودﯾﺖ در 3‪ GNS‬و ﻣﺎژول ‪ NM-16ESW‬ﮐﻪ ﻧﻘﺶ ﺳﻮﯾﯿﭻ را در آن اﯾﻔﺎ ﻣﯿﮑﻨﺪ ﺑﻪ ﻋﺪد دو ﻣﯿﺮﺳﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫#/#‪ :monitor session 1 source interface interfacename‬ﯾﮏ ﺳﺸﻦ ‪ SPAN‬ﺟﺪﯾﺪ ﺑﺎ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺒﺪا‬ ‫ﻣﺸﺨﺺ ﺷﺪه اﯾﺠﺎد ﻣﯿﮑﻨﺪ‬ ‫#/#‪ : monitor session 1 destination interface interfacename‬ﺗﻌﯿﯿﻦ اﯾﻨﺘﺮﻓﯿﺲ ﻣﻘﺼﺪي ﮐﻪ ﯾﮏ ﮐﭙﯽ از‬ ‫ﺟﺮﯾﺎن اﻃﻼﻋﺎﺗﯽ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺸﺨﺺ ﺷﺪه در دﺳﺘﻮر ﻗﺒﻞ را درﯾﺎﻓﺖ ﻣﯿﮑﻨﺪ.‬ ‫# ‪:show monitor session‬ﻧﻤﺎﯾﺶ وﺿﻌﯿﺖ # ‪ SPAN‬ﻣﺸﺨﺺ ﺷﺪه‬ ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ 1‪R1,R2,SW‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 42/1.1.1.01 ﺑﻪ 0/0‪ Fa‬روﺗﺮ 1‪ R‬و اﯾﺠﺎد 1‪ Vlan‬ﺑﺎ آدرس 42/01.1.1.01 در 1‪Sw‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ﺳﺸﻦ ‪ SPAN‬ﺑﺎ ﻣﺒﺪا 1/1‪ Fa‬و ﻣﻘﺼﺪ 2/1‪ Fa‬در 1‪SW‬‬ ‫.‬ ‫092 ‪Page 210 of‬‬
  • 212.
    ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ SW1con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#monitor session 1 source interface fa1/1 SW1(config)#monitor session 1 destination interface fa1/2 SW1(config)#end SW1#show monitor session 1 Session 1 --------Source Ports: RX Only: None TX Only: None Both: Fa1/1 Source VLANs: RX Only: None TX Only: None Both: None Destination Ports: Fa1/2 Filter VLANs: None SW1# packet capturing ‫ ﯾﺎ ﺳﺎﯾﺮ ﻧﺮم اﻓﺰارﻫﺎي‬Wireshark ‫ و اﺟﺮاي‬Fa1/2 ‫ ﮐﺎﻣﭙﯿﻮﺗﺮ ﺑﻪ‬NIC ‫اﮐﻨﻮن ﻣﯿﺘﻮان ﺑﺎ اﺗﺼﺎل‬ ‫ ﭘﺮداﺧﺖ‬Fa1/1 ‫ﺑﻪ آﻧﺎﻟﯿﺰ ﺗﺮاﻓﯿﮏ ﭘﻮرت‬ Page 211 of 290
  • 213.
    ‫آزﻣﺎﯾﺶ 1.5-ﺗﻨﻈﯿﻤﺎت ﻟﯿﻨﮑﻬﺎي1‪ PtP T‬از ﻃﺮﯾﻖ ‪ PPP‬ﯾﺎ ‪HDLC‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت ﻟﯿﻨﮑﻬﺎي ﺳﺮﯾﺎل 1‪ Point-to-Point T‬در روﺗﺮﻫﺎي ﺳﯿﺴﮑﻮ از ﻃﺮﯾﻖ‬ ‫)‪ PPP (Point to Point Protocol‬ﯾﺎ )‪ HDPC (High-Level Data Link Control Protocol‬آﺷﻨﺎ‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﻬﻨﺪس ﺷﺒﮑﻪ ﻧﯿﺎز اﺳﺖ ﺗﺎ ﺑﺎ ﺧﻄﻮط 1‪ T‬ﮐﻪ ﺳﺎﻟﻬﺎﺳﺖ ﺑﻪ ﻋﻨﻮان اﺳﺘﺎﻧﺪاردي ﺑﺎﻟﻔﻌﻞ ﺟﻬﺖ ﺑﺮﻗﺮاري‬ ‫ارﺗﺒﺎط ﻣﺤﺪود ﺑﻪ ﺳﺮﻋﺖ ‪ 1.544Mbps‬ﺑﺎ ﺷﻌﺐ ﮐﻮﭼﮏ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد آﺷﻨﺎ ﺑﺎﺷﯿﺪ.اﺳﺘﺎﻧﺪارد 1‪ T‬در ﻋﻤﻞ‬ ‫ﺑﻪ ﻣﺸﺘﻘﺎﺗﯽ ﺑﺎ ﭘﻬﻨﺎي ﺑﺎﻧﺪﻫﺎي ﮐﻤﺘﺮ ﻣﺎﻧﻨﺪ ﻣﺎﻧﻨﺪ ‪ 786Kbps،512Kbps‬ﯾﺎ ﺣﺘﯽ ‪ 1Mbps‬ﺗﻘﺴﯿﻢ ﻣﯿﺸﻮد. ﺧﻄﻮط 1‪ T‬از‬ ‫ﺑﻌﺪ ﻓﯿﺰﯾﮑﯽ زوج ﺳﯿﻤﻬﺎي ﻣﺴﯽ ﺑﻪ ﻫﻢ ﺗﺎﺑﯿﺪه ﺷﺪه اي ﻫﺴﺘﻨﺪ ﮐﻪ از ﻃﺮﯾﻖ ﮐﺎرﺗﻬﺎي اﻣﺮوزي ﺗﺮ ,1‪WIC-1DSU-T‬‬ ‫2‪ WIC-1DSU-T1-V‬ﯾﺎ 1‪ CSU/DSU T‬ﮐﻨﺘﺮﻟﺮﻫﺎي دروﻧﯽ ﺧﻮد روﺗﺮ ﺑﻪ آن ﻣﺘﺼﻞ ﻣﯿﺸﻮﻧﺪ.در ﻧﻤﻮﻧﻪ ﻫﺎي ﻗﺪﯾﻤﯽ‬ ‫ﺗﺮ ﻧﯿﺰ ﻣﯿﺘﻮان اﯾﻦ اﺗﺼﺎﻻت را از ﻃﺮﯾﻖ ﮐﺎﺑﻠﻬﺎي 53.‪ V‬و ﮐﺎرﺗﻬﺎي ‪ WIC-1T‬ﯾﺎ ‪ WIC-2T‬ﻣﺸﺎﻫﺪه ﮐﺮد.‬ ‫‪ WIC-1T‬راﯾﺞ ﺗﺮﯾﻦ راﺑﻂ ﺳﺮﯾﺎل در ﻣﺤﯿﻄﻬﺎي آزﻣﺎﯾﺸﮕﺎﻫﯽ ﻣﯿﺒﺎﺷﺪ و در ﻫﻨﮕﺎم ﮐﺎﻧﻔﯿﮓ آن ﻧﯿﺎز ﺑﻪ ﺗﻨﻈﯿﻢ ﻧﺰخ‬ ‫‪ Clock‬در ﺳﻤﺖ ‪ DCE‬ﮐﻪ ﺗﻮﺳﻂ ﺳﺮوﯾﺲ ﭘﺮواﯾﺪر ﺻﻮرت ﻣﯿﮕﯿﺮد و ﻫﻤﯿﻨﻄﻮر ‪ DTE‬ﮐﻪ ﺗﻮﺳﻂ ﺷﻤﺎ ﺻﻮرت ﻣﯿﮕﯿﺮد‬ ‫ﻣﯿﺒﺎﺷﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫#/# ‪:show controller serial‬ﺟﻬﺖ ﻧﻤﺎﯾﺶ اﻃﻼﻋﺎت ﻣﺨﺘﺺ ﺑﻪ ﮐﻨﺘﺮﻟﺮ ﯾﮏ ﺳﺮﯾﺎل اﯾﻨﺘﺮﻓﯿﺲ ﺧﺎص ﺷﺎﻣﻞ‬ ‫ﻧﺮخ ‪ Clock‬و ﻧﻮع ﺗﺮﻣﯿﻨﯿﺸﻦ ﮐﺎﺑﻞ )‪(DTE or DCE‬‬ ‫# ‪:clock rate‬ﺟﻬﺖ ﺗﻨﻈﯿﻢ ﻧﺮخ ‪ Clock‬در ﺳﻤﺖ ‪DCE‬‬ ‫] ‪:encapsulation [ HDLC | PPP‬ﺟﻬﺖ اﻧﺘﺨﺎب ﻧﻮع ‪Encapsulation‬‬ ‫#/# ‪:show interface serial‬ﺟﻬﺖ ﻧﻤﺎﯾﺶ اﯾﻨﺘﺮﻓﯿﺲ ﺳﺮﯾﺎل ﻣﺸﺨﺺ ﺷﺪه ﻣﺎﻧﻨﺪ ﻧﻮع‬ ‫‪ Utilization،Uptime،MTU،Encapsulation‬و ﻣﻮاردي از اﯾﻦ دﺳﺖ.‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري اﺗﺼﺎل ﮐﻨﺴﻮل ﺑﻪ 2‪R1,R‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرﺳﻬﺎي 03/1.12.81.271 ﺑﻪ 1/0‪ S‬در 1‪ R‬و 03/2.12.81.271 ﺑﻪ 1/0‪ S‬در 2‪R‬‬ ‫092 ‪Page 212 of‬‬
  • 214.
    ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ وﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ‬HDLC ‫ﮐﺎﻧﻔﯿﮓ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺳﺮﯾﺎل روﺗﺮﻫﺎ ﺑﻪ ﻣﻨﻈﻮر ﺑﻬﺮه ﮔﯿﺮي از‬  ‫ ﻣﺘﻨﺎﻇﺮ و ﭘﯿﻨﮓ دو ﻃﺮﻓﻪ ﻟﯿﻨﮏ‬show ‫دﺳﺘﻮرات‬ ‫ و ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ‬PPP ‫ﮐﺎﻧﻔﯿﮓ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺳﺮﯾﺎل روﺗﺮﻫﺎ ﺑﻪ ﻣﻨﻈﻮر ﺑﻬﺮه ﮔﯿﺮي از‬  ‫ ﻣﺘﻨﺎﻇﺮ و ﭘﯿﻨﮓ دو ﻃﺮﻓﻪ ﻟﯿﻨﮏ‬show ‫دﺳﺘﻮرات‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/1 R1(config-if)#encapsulation hdlc R1(config-if)#no shutdown R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# %LINK-3-UPDOWN: Interface Serial0/1, changed state to up R1# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up R1# R2 con0 is now available Press RETURN to get started. R2>enable R2#configure terminal Enter configuration commands, one per line. R2(config)#interface Serial0/1 R2(config-if)#encapsulation hdlc R2(config-if)#no shutdown R2(config-if)#end R2# Page 213 of 290 End with CNTL/Z.
  • 215.
    %SYS-5-CONFIG_I: Configured fromconsole by console R2# %LINK-3-UPDOWN: Interface Serial0/1, changed state to up R2# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up R2# ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬  R1#show interface Serial0/1 Serial0/1 is up, line protocol is down Hardware is M4T MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, crc 16, loopback not set Keepalive set (10 sec) Restart-Delay is 0 secs Last input never, output 00:00:07, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38 packets output, 2332 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 5 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R1# ‫ﭘﯿﻨﮓ دو ﻃﺮف ﻟﯿﻨﮏ ﺟﻬﺖ اﻃﻤﯿﻨﺎن از ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ R1#ping 172.18.21.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.18.21.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/42/88 ms R1# Page 214 of 290
  • 216.
    ‫ و ﺗﺴﺖﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ‬PPP ‫ﮐﺎﻧﻔﯿﮓ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺳﺮﯾﺎل روﺗﺮﻫﺎ ﺑﻪ ﻣﻨﻈﻮر ﺑﻬﺮه ﮔﯿﺮي از‬  ‫ ﻣﺘﻨﺎﻇﺮ و ﭘﯿﻨﮓ دو ﻃﺮﻓﻪ ﻟﯿﻨﮏ‬show ‫دﺳﺘﻮرات‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/1 R1(config-if)#encapsulation ppp R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down R1# R2# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/1 R2(config-if)#encapsulation ppp R2(config-if)#end R2# %SYS-5-CONFIG_I: Configured from console by console %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up R2# ‫ ﺑﻪ‬line protocol ‫ وﺿﻌﯿﺖ‬PPP ‫ ﺑﻪ‬HDLC ‫ از‬R1 ‫ در‬Encapsulation ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﺸﻮد ﭘﺲ از ﺗﻐﯿﯿﺮ‬ .‫ دو ﻃﺮف اﺳﺖ‬Encapsulation ‫ در ﻣﯽ آﯾﺪ ﮐﻪ ﺑﻪ دﻟﯿﻞ ﯾﮑﺴﺎن ﻧﺒﻮدن وﺿﻌﯿﺖ‬down ‫ﺣﺎﻟﺖ‬ R1# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up R1# R1#show interface Serial0/1 Serial0/1 is up, line protocol is up Hardware is M4T Internet address is 172.18.21.1/30 MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: IPCP, CDPCP, crc 16, loopback not set Keepalive set (10 sec) Restart-Delay is 0 secs Page 215 of 290
  • 217.
    Last input 00:00:40,output 00:00:07, output hang never Last clearing of "show interface" counters 00:04:34 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 54 packets input, 2146 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 69 packets output, 2553 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 12 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 2 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R1#ping 172.18.21.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.18.21.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/49/88 ms R1# Page 216 of 290
  • 218.
    ‫آزﻣﺎﯾﺶ 2.5 –ﺗﻨﻈﯿﻤﺎت ﻟﯿﻨﮑﻬﺎي ‪ Framerelay‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت و رﻓﻊ اﺷﮑﺎل ﻟﯿﻨﮑﻬﺎي ﻓﯿﺰﯾﮑﯽ ‪ Framerelay‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ در ﯾﮏ روﺗﺮ‬ ‫ﺳﯿﺴﮑﻮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﻣﺮور ﻣﻔﺎﻫﯿﻢ و ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫اﻣﺮوزه ‪ FR‬ﺟﺰ ﺗﮑﻨﻮﻟﻮژﯾﻬﺎي رو ﺑﻪ زواﻟﯽ اﺳﺖ ﮐﻪ اﮐﺜﺮ ﮐﻤﭙﺎﻧﯿﻬﺎي ﺑﻪ ﻧﻔﻊ ‪ MPLS‬از آن ﻣﻬﺎﺟﺮت ﻣﯿﮑﻨﻨﺪ اﻣﺎ ﮐﻨﺎر‬ ‫ﮔﺬاﺷﺘﻦ ﺟﻨﺒﻪ ﻫﺎي ﻣﻄﺎﻟﻌﺎﺗﯽ آن ﺑﺎ اﯾﻦ ﻫﺪف ﮐﻪ ﺑﻪ ﻃﻮر ﻋﺎم ﻗﺎﺑﻠﯿﺖ اﺟﺮا ﻧﺪارد ﮐﺎر درﺳﺘﯽ ﻧﯿﺴﺖ زﯾﺮا ﺑﺎ ﺣﺬف آن ﻋﻤﻼ‬ ‫راﻫﮑﺎر ﻣﻄﺎﻟﻌﺎﺗﯽ دﯾﮕﺮي ﺑﺮاي درك ﻣﻔﺎﻫﯿﻢ ‪ Packet switching‬ﺑﺎﻗﯽ ﻧﻤﯿﻤﺎﻧﺪ ﻣﻀﺎف ﺑﺮ اﯾﻨﮑﻪ ﺑﻪ ﻫﺮ ﺣﺎل ﺟﻬﺖ‬ ‫ﮔﺬراﻧﺪن اﻣﺘﺤﺎﻧﺎت رﺳﻤﯽ ‪ CCNA‬و ﺑﺎﻻﺗﺮ ﺑﻪ آن اﺣﺘﯿﺎج دارﯾﻢ.‬ ‫‪ FR‬ﯾﮏ ﺗﮑﻨﻮﻟﻮژي ﺳﻮﯾﯿﭽﯿﻨﮓ ﻻﯾﻪ 2 اﺳﺖ ﮐﻪ ﻓﺮاﯾﻨﺪ ﺳﻮﯾﯿﭽﯿﻨﮓ ﻓﺮﯾﻤﻬﺎ را از ﻃﺮﯾﻖ ﭘﺮواﯾﺪر ﻣﺮﺑﻮﻃﻪ اﻧﺠﺎم ﻣﯿﺪﻫﺪ.ﺑﻪ‬ ‫ﻫﺮﯾﮏ از اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ادوات در ﺗﻤﺎس ﺑﺎ ﭘﺮواﯾﺪر )‪ (Edge level‬ﯾﮏ ‪DLCI (Data Link Connection‬‬ ‫)‪ Identifier‬ﻣﻨﺘﺘﺴﺐ ﻣﯿﺸﻮد ﮐﻪ ﻣﻔﻬﻮﻣﯽ ﺷﺒﯿﻪ ﺷﻤﺎره ﺗﻠﻔﻨﻬﺎي داﺧﻠﯽ دارد ﻣﺜﻼ ﺷﻤﺎ ﺗﻠﻔﻦ ﺑﺎ ﺷﻤﺎره داﺧﻠﯽ 321 را‬ ‫ﺑﺮﻣﯿﺪارﯾﺪ و ﺑﺎ ﺷﻤﺎره 543 ﺗﻤﺎس ﻣﯿﮕﯿﺮﯾﺪ و ارﺗﺒﺎط دوﻃﺮف ﺑﺮﻗﺮار ﻣﯿﺸﻮد.‬ ‫‪ FR‬ﺑﻪ ﻫﺮ ﯾﮏ از ﻓﺮﯾﻤﻬﺎي ﺧﺮوﺟﯽ از اﯾﻨﺘﺮﻓﯿﺲ ادوات ﻟﺒﻪ اي ﯾﮏ ‪ DLCI‬ﻣﻨﺘﺴﺐ ﻣﯿﮑﻨﺪ و ﻣﺒﯿﻦ ﻣﺴﯿﺮي اﺳﺖ ﮐﻪ‬ ‫ﭘﺲ از رﺳﯿﺪن ﺑﻪ روﺗﺮ ﻟﺒﻪ اي ﭘﺮواﯾﺪر ﻣﯽ ﺑﺎﯾﺴﺖ ﻃﯽ ﮐﻨﺪ.‬ ‫ﻟﯿﻨﮑﻬﺎي ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ‪ FR‬ﺑﻪ دوﺷﮑﻞ ﮐﺎﻧﻔﯿﮓ ﻣﯿﺸﻮﻧﺪ.روش اول ﺗﺨﺼﯿﺺ ‪ DLCI‬ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ اﺳﺖ در اﯾﻦ‬ ‫ﺣﺎﻟﺖ ﻫﺮ ﻓﺮﯾﻤﯽ ﮐﻪ ﺑﻪ ﺳﻤﺖ اﯾﻦ اﯾﻨﺘﺮﻓﯿﺲ ﻣﯽ رود ﺑﺎ ﺷﻤﺎره ‪ DLCI‬ﻣﻌﯿﻨﯽ ﺑﺮﭼﺴﭗ ﺧﻮرده و ﺧﺎرج ﻣﯿﺸﻮد.راه ﺣﻞ‬ ‫دوم اﯾﺠﺎد ‪ sub interface‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ اﺳﺖ ﮐﻪ در آزﻣﺎﯾﺶ ﺑﻌﺪي ﺑﻪ آن ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫‪ :encapsulation frame-relay‬در ﻣﻮد ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺲ ﺳﺮﯾﺎل ﺑﺎ ﻫﺪف ﺗﻈﻨﯿﻢ ‪ encapsulation‬ﺑﻪ ‪ FR‬اﺳﺘﻔﺎده‬ ‫ﻣﯿﺸﻮد‬ ‫# ‪:frame-relay interface-dlci‬ﺟﻬﺖ ﺗﺨﺼﯿﺺ ‪ DLCI‬ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ‬ ‫# ‪:show frame-relay pvc‬ﺟﻬﺖ ﻧﻤﺎﯾﺶ ﻫﻤﻪ ‪ DLCI‬ﻫﺎي ﯾﺎد ﮔﺮﻓﺘﻪ ﺷﺪه ﺗﻮﺳﻂ روﺗﺮ از ﻃﺮﯾﻖ ﺳﻮﯾﯿﭻ ‪FR‬‬ ‫ﻫﻤﯿﻨﻄﻮر اﻃﻼﻋﺎت ﻣﺮﺑﻮط ﺑﻪ وﺿﻌﯿﺖ ‪ PVC‬و ﻓﺮﯾﻤﻬﺎ‬ ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫092 ‪Page 217 of‬‬
  • 219.
    R1,R2 ‫ﺑﺮﻗﺮاري ارﺗﺒﺎطﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎي‬ R2 ‫ در‬S0/0 ‫ و آدرس 03/2.12.01.01 ﺑﻪ‬R1 ‫ در‬S0/0 ‫ﺗﺨﺼﯿﺺ آدرس 03/1.12.01.01 ﺑﻪ‬   ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ آن و ﺗﺴﺖ ﺻﺤﺖ‬DLCI ‫ و ﺗﺨﺼﯿﺺ 221 ﺑﻪ‬FR ‫ ﺟﻬﺖ ﮐﭙﺴﻮﻟﻪ ﮐﺮدن ﺗﺮاﻓﯿﮏ از ﻃﺮﯾﻖ‬R1 ‫ در‬s0/0 ‫ﺗﻨﻈﯿﻢ‬  ‫ﺗﻨﻈﯿﻤﺎت‬ ‫ آن و ﺗﺴﺖ‬DLCI ‫ و ﺗﺨﺼﯿﺺ 122 ﺑﻪ‬FR ‫ ﺟﻬﺖ ﮐﭙﺴﻮﻟﻪ ﮐﺮدن ﺗﺮاﻓﯿﮏ از ﻃﺮﯾﻖ‬R2 ‫ در‬s0/0 ‫ﺗﻨﻈﯿﻢ‬  ‫ از ﻃﺮﯾﻖ ﻟﯿﻨﮏ اﯾﺠﺎد ﺷﺪه‬R1 ‫ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت و ﭘﯿﻨﮓ‬  ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ آن و ﺗﺴﺖ ﺻﺤﺖ‬DLCI ‫ و ﺗﺨﺼﯿﺺ 221 ﺑﻪ‬FR ‫ ﺟﻬﺖ ﮐﭙﺴﻮﻟﻪ ﮐﺮدن ﺗﺮاﻓﯿﮏ از ﻃﺮﯾﻖ‬R1 ‫ در‬s0/0 ‫ﺗﻨﻈﯿﻢ‬  ‫ﺗﻨﻈﯿﻤﺎت‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/0 R1(config-if)#no shutdown R1(config-if)# %LINK-3-UPDOWN: Interface Serial0/0, changed state to up R1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up R1(config-if)#encapsulation frame-relay R1(config-if)#frame-relay interface-dlci 122 R1(config-fr-dlci)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# show pvc ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت از ﻃﺮﯾﻖ دﺳﺘﻮر‬ R1#show interface serial0/0 Page 218 of 290
  • 220.
    Serial0/0 is up,line protocol is up Hardware is PowerQUICC Serial Internet address is 10.10.12.1/30 MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY, loopback not set Keepalive set (10 sec) CRC checking enabled LMI enq sent 18, LMI stat recvd 18, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0 Last input 00:00:00, output 00:00:06, output hang never Last clearing of "show interface" counters 00:04:50 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 36 packets input, 1604 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort 23 packets output, 684 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R1#show frame-relay pvc 122 PVC Statistics for interface Serial0/0 (Frame Relay DTE) DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0 input pkts 26 output pkts 4 in bytes 1554 out bytes 416 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:03:46, last time pvc status changed 00:02:04 R1# ‫ ﻏﯿﺮ ﻓﻌﺎل اﺳﺖ.اﯾﻦ ﺑﺪﯾﻦ ﺧﺎﻃﺮ اﺳﺖ ﮐﻪ ﺳﻤﺖ دوم ﻟﯿﻨﮏ‬DLCI 122 ‫ ﻣﺘﻌﻠﻖ ﺑﻪ‬PVC ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﺸﻮد‬ ‫ ﻓﻌﺎل ﺧﻮاﻫﺪ ﺷﺪ و ﺗﺮاﻓﯿﮏ دو ﻃﺮﻓﻪ ﻋﺒﻮر‬PVC ‫ ﮐﺎﻧﻔﯿﮓ ﺷﻮد‬R2 ‫ﻏﯿﺮ ﻓﻌﺎل اﺳﺖ.ﺑﻪ ﻣﺤﺾ اﯾﻨﮑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ در‬ .‫ﺧﻮاﻫﺪ ﮐﺮد‬ Page 219 of 290
  • 221.
    ‫ آن وﺗﺴﺖ‬DLCI ‫ و ﺗﺨﺼﯿﺺ 122 ﺑﻪ‬FR ‫ ﺟﻬﺖ ﮐﭙﺴﻮﻟﻪ ﮐﺮدن ﺗﺮاﻓﯿﮏ از ﻃﺮﯾﻖ‬R2 ‫ در‬s0/0 ‫ﺗﻨﻈﯿﻢ‬  ‫ از ﻃﺮﯾﻖ ﻟﯿﻨﮏ اﯾﺠﺎد ﺷﺪه‬R1 ‫ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت و ﭘﯿﻨﮓ‬ R2 con0 is now available Press RETURN to get started. R2>enable R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0 R2(config-if)#no shutdown R2(config-if)# %LINK-3-UPDOWN: Interface Serial0/0, changed state to up R2(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up R2(config-if)#encapsulation frame-relay R2(config-if)#frame-relay interface-dlci 221 R2(config-fr-dlci)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬ R2#show frame-relay pvc 221 PVC Statistics for interface Serial0/0 (Frame Relay DTE) DLCI = 221, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0 input pkts 9 output pkts 40 in bytes 796 out bytes 2390 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 33 out bcast bytes 1662 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:04:40, last time pvc status changed 00:00:04 R2#ping 10.10.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.12.1, timeout is 2 seconds: ..!!! Success rate is 60 percent (3/5), round-trip min/avg/max = 28/29/32 ms R2# Page 220 of 290
  • 222.
    ‫آزﻣﺎﯾﺶ 3.5 –ﺗﻨﻈﯿﻤﺎت ‪ Sub interface‬در ارﺗﺒﺎﻃﺎت ‪Ppoint to point Frame relay‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﯾﺠﺎد ﺗﻌﺪاد زﯾﺎدي ارﺗﺒﺎط ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﻣﺒﺘﻨﯽ ﺑﺮ ‪ FR‬از ﻃﺮﯾﻖ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ‬ ‫ﻓﯿﺰﯾﮑﯽ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫در دو درس ﮔﺬﺷﺘﻪ ﺑﺎ ﮐﻠﯿﺎت ‪ FR‬و ﻟﯿﻨﮑﻬﺎي ‪ PTP‬آﺷﻨﺎ ﺷﺪﯾﻢ در اﯾﻦ درس ﻗﺼﺪ دارﯾﻢ ﭘﺎ را ﻓﺮاﺗﺮ ﮔﺬاﺷﺘﻪ و ﺗﻌﺪاد‬ ‫زﯾﺎدي ارﺗﺒﺎط ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ را از ﻃﺮﯾﻖ ﯾﮏ روﺗﺮ و ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻓﯿﺰﯾﮑﯽ اﻣﺎ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از ﺗﻌﺪادي -‪Sub‬‬ ‫‪ interface‬ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ‪ PVC‬ﻫﺎي ﻣﺘﻌﺪد ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﻫﺮ ﻣﺴﯿﺮ ارﺗﺒﺎﻃﯽ اﯾﺠﺎد ﮐﻨﯿﻢ.‬ ‫در آزﻣﺎﯾﺶ ﻗﺒﻞ 1‪ R‬از ﻃﺮﯾﻖ اﯾﻨﺘﺮﻓﯿﺲ ﻓﯿﺰﯾﮑﯽ ﺧﻮد ﺑﻪ 2‪ R‬ﻣﺘﺼﻞ ﺷﺪ . ﺑﺎ اﯾﺠﺎد ﯾﮏ ‪ Sub-interface‬ﻣﺒﺘﻨﯽ ﺑﺮ ‪FR‬‬ ‫ﮐﻪ ﺑﻪ آن ﯾﮏ ‪ Dlci‬ﺗﺨﺼﯿﺺ داده ﺷﺪه اﺳﺖ ﻣﯿﺘﻮان ارﺗﺒﺎط ‪ FR‬دوم را ﺑﺎ 3‪ R‬ﺑﺮﻗﺮار ﮐﺮد.ﺗﻮﺻﯿﻪ ﻣﯿﺸﻮد در ﻫﻨﮕﺎم‬ ‫ﺗﺨﺼﯿﺺ ‪ DLci‬ﺑﻪ ‪ Sub-interface‬ﻫﺎ از ﻫﻤﺎن ﺷﻤﺎره ‪ Sub-interface‬ﺟﻬﺖ اﯾﺠﺎد ﺳﻬﻮﻟﺖ ﺑﯿﺸﺘﺮ در ﻣﺴﺘﻨﺪ ﺳﺎزي‬ ‫ﺷﺒﮑﻪ اﺳﺘﻔﺎده ﺷﻮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮر زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫‪ :interface Serial#/#.### point-to-poin‬اﯾﻦ دﺳﺘﻮر ﯾﮏ ‪ sub-interface‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﺟﻬﺖ ﺗﺨﺼﯿﺺ ‪Dlci‬‬ ‫ﺑﻪ آن اﯾﺠﺎد ﻣﯿﮑﻨﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎز ﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎي 3‪R1,R2,R‬‬ ‫ﺗﻨﻈﯿﻢ ‪ encapsulation‬اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﺳﺮﯾﺎل 3‪ R1,R2,R‬ﺑﻪ ‪FR‬‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد دو ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ 221.0/0‪ Serial‬و 321.0/0‪ Serial‬در 1‪ R‬و ﺗﺨﺼﯿﺺ ‪122,123 Dlci‬‬ ‫‪‬‬ ‫اﯾﺠﺎد 122.0/0‪ Serial‬در 2‪ R‬و ﺗﺨﺼﯿﺺ 122 ‪ Dlci‬و آدرس 03/2.21.81.271 ﺑﻪ آن‬ ‫وآدرﺳﻬﺎي 03/1.21.81.271 و 03/1.31.81.271 ﺑﻪ آﻧﻬﺎ‬ ‫‪‬‬ ‫اﯾﺠﺎد 123.0/0‪ Serial‬در 2‪ R‬و ﺗﺨﺼﯿﺺ 123 ‪ Dlci‬و آدرس 03/2.31.81.271 ﺑﻪ آن‬ ‫‪‬‬ ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ‪ FR‬از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ show frame-relay pvc‬و ﭘﯿﻨﮓ از ﺳﻤﺖ 1‪R‬‬ ‫092 ‪Page 221 of‬‬
  • 223.
    ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫321,221 وآدرﺳﻬﺎي‬Dlci ‫ و ﺗﺨﺼﯿﺺ‬R1 ‫ در‬Serial0/0.123 ‫ و‬Serial0/0.122 ‫اﯾﺠﺎد دو ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ‬ ‫03/1.21.81.271 و 03/1.31.81.271 ﺑﻪ آﻧﻬﺎ‬ R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/0.122 point-to-point R1(config-subif)#ip address 172.18.12.1 255.255.255.252 R1(config-subif)#frame-relay interface-dlci 122 R1(config-fr-dlci)#exit R1(config-subif)#interface Serial0/0.123 point-to-point R1(config-subif)#ip address 172.18.13.1 255.255.255.252 R1(config-subif)#frame-relay interface-dlci 123 R1(config-subif)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# ‫ و آدرس 03/2.21.81.271 ﺑﻪ آن‬Dlci 221 ‫ و ﺗﺨﺼﯿﺺ‬R2 ‫ در‬Serial0/0.221 ‫اﯾﺠﺎد‬ R2 con0 is now available Press RETURN to get started. R2>enable R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0.221 point-to-point R2(config-subif)#ip add 172.18.12.2 255.255.255.252 R2(config-subif)#frame-relay interface-dlci 221 R2(config-fr-dlci)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# ‫ و آدرس 03/2.31.81.271 ﺑﻪ آن‬Dlci 321 ‫ و ﺗﺨﺼﯿﺺ‬R2 ‫ در‬Serial0/0.321 ‫اﯾﺠﺎد‬ R3 con0 is now available Press RETURN to get started. Page 222 of 290
  • 224.
    R3>enable R3#configure terminal Enter configurationcommands, one per line. End with CNTL/Z. R3(config)#interface Serial0/0.321 point-to-point R3(config-subif)#ip add 172.18.13.2 255.255.255.252 R3(config-subif)#frame-relay interface-dlci 321 R3(config-fr-dlci)#end R3# %SYS-5-CONFIG_I: Configured from console by console R3# R1 ‫ و ﭘﯿﻨﮓ از ﺳﻤﺖ‬show frame-relay pvc ‫ از ﻃﺮﯾﻖ دﺳﺘﻮر‬FR ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط‬ R1#show frame-relay pvc PVC Statistics for interface Serial0/0 (Frame Relay DTE) Local Switched Unused Active 2 0 2 Inactive 0 0 0 Deleted 0 0 0 Static 0 0 0 DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.122 input pkts 20 output pkts 19 in bytes 5395 out bytes 5187 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 14 out bcast bytes 4667 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:14:33, last time pvc status changed 00:14:33 DLCI = 123, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.123 input pkts 22 output pkts 20 in bytes 6045 out bytes 4380 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 10 out bcast bytes 3340 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:17:27, last time pvc status changed 00:17:27 R1#ping 172.18.12.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.18.12.2, timeout is 2 seconds: Page 223 of 290
  • 225.
    !!!!! Success rate is100 percent (5/5), round-trip min/avg/max = 8/82/188 ms R1#ping 172.18.13.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.18.13.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/96/168 ms R1# Page 224 of 290
  • 226.
    ‫آزﻣﺎﯾﺶ 4.5-ﺗﻨﻈﯿﻤﺎت ﯾﮏﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ در ‪FrameRealy‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺑﺮﻗﺮاري ارﺗﺒﺎط ‪ FR‬ﻣﺎﺑﯿﻦ ﺗﻌﺪادي ﻧﻘﻄﻪ ﭘﺮاﮐﻨﺪه ﺑﺎ ﯾﮏ ﻧﻘﻄﻪ ﻣﺮﮐﺰي آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﻣﺮور ﻣﻔﺎﻫﯿﻢ و ﮐﺎرﺑﺮد ﻋﻤﻠﯽ‬ ‫ﺗﺼﻮر ﮐﻨﯿﺪ ﺷﺮﮐﺖ ﺷﻤﺎ داراي ﯾﮏ دﻓﺘﺮ ﻣﺮﮐﺰي ﺑﺎ ﯾﮑﯽ از روﺗﺮﻫﺎي ﭘﺮﻗﺪرت ﺳﯿﺴﮑﻮ ﻣﺎﻧﻨﺪ ﺳﺮي 0027 اﺳﺖ و‬ ‫ﻣﯿﺨﻮاﻫﯿﺪ ﺷﻌﺐ ﭘﺮاﮐﻨﺪه ﺧﻮد را ﻣﺒﺘﻨﯽ ﺑﺮ ﯾﮏ ارﺗﺒﺎط ‪ FR‬ﺑﻪ اﯾﻦ ﻧﻘﻄﻪ وﺻﻞ ﮐﻨﯿﺪ در ﻋﯿﻦ ﺣﺎل ﻣﺎﯾﻞ ﻫﺴﺘﯿﺪ اﯾﻦ ﺷﻌﺐ‬ ‫ﻧﯿﺰ از ﻃﺮﯾﻖ ﻣﺴﯿﺮ ﻋﺒﻮري از دﻓﺘﺮ ﻣﺮﮐﺰي ﺑﺎ ﯾﮑﺪﯾﮕﺮ در ارﺗﺒﺎط ﺑﺎﺷﻨﺪ.‬ ‫ﭘﺎﺳﺦ اﯾﻦ ﻣﺴﺌﻠﻪ در ﺑﻬﺮه ﮔﯿﺮي از ﻣﻔﻬﻮم ‪ Hub-and-Spoke‬ﻧﻬﻔﺘﻪ اﺳﺖ.اﯾﻦ ﻣﺪل ﺷﺒﮑﻪ اي اﺟﺎزه ﻣﯿﺪﻫﺪ ﺗﺎ ﺑﺎ داﺷﺘﻦ‬ ‫ﯾﮏ ﻧﻘﻄﻪ ﻣﺮﮐﺰي ﺑﺘﻮان ﺑﺎ ﺳﺎﯾﺮ ﻧﻘﺎط ارﺗﺒﺎط ﺑﺮﻗﺮار ﮐﺮد ﻣﻀﺎف ﺑﺮ اﯾﻨﮑﻪ ﺳﺎﯾﺮ ﻧﻘﺎط ﻧﯿﺰ از ﻃﺮﯾﻖ ﻫﻤﯿﻦ ﻧﻄﻘﻪ ﺑﻪ ﯾﮑﺪﯾﮕﺮ‬ ‫دﺳﺘﺮﺳﯽ ﺧﻮاﻫﻨﺪ داﺷﺖ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﻣﻔﻬﻮم ﺟﺪﯾﺪ ‪ Frame relay map‬ﻧﯿﺰ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.ﻧﻘﺸﻪ ﻣﺬﺑﻮر اﺟﺎزه ﻣﯿﺪﻫﺪ ﺗﺎ ﻧﮕﺎﺷﺘﯽ‬ ‫ﻣﺎﺑﯿﻦ ‪ IP‬آدرس و ‪ DLCI‬اﯾﺠﺎد ﺷﻮد.اﯾﻦ ﻗﺎﺑﻠﯿﺖ ﺑﻪ روﺗﺮ اﺟﺎزه ﻣﯿﺪﻫﺪ ﺗﺎ ﻣﺘﻨﺎﻇﺮ ﺑﻪ ﻫﺮ آدرﺳﯽ ﮐﻪ ﺑﺴﺘﻪ ﻫﺎي اﻃﻼﻋﺎﺗﯽ‬ ‫را ارﺳﺎل ﻣﯿﮑﻨﺪ ﯾﮏ ‪ DLCI‬ﻣﺠﺰا ﺑﻪ آﻧﻬﺎ ﻣﻨﺘﺴﺐ ﮐﻨﺪ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮر زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫#‪ . frame-relay map ip x.x.x.x dlci‬اﯾﻦ دﺳﺘﻮر در ﻫﻨﮕﺎم اﻋﻤﺎل ﺑﻪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﺳﺮﯾﺎل ﻓﯿﺰﯾﮑﯽ ﯾﺎ -‪sub‬‬ ‫‪ interface‬ﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ ‪ FR‬ﯾﮏ آدرس را ﺑﻪ ﯾﮏ ‪ DLCI‬ﻣﺘﻨﺎﻇﺮ ‪ map‬ﻣﯿﮑﻨﺪ. ﻫﻨﮕﺎﻣﯽ ﻫﻢ ﮐﻪ ﻋﺒﺎرت‬ ‫‪ broadcast‬را در اﻧﺘﻬﺎي دﺳﺘﻮر ﻓﻮق ﺑﻪ ﮐﺎر ﻣﯿﺒﺮﯾﻢ ﻋﺒﻮر ﺗﺮاﻓﯿﮏ ﺑﺮادﮐﺴﺖ را روي اﯾﻦ ﻟﯿﻨﮏ ﻣﺠﺎز ﺧﻮاﻫﺪ ﺷﺪ.‬ ‫‪ . Interface Serial#/#.### multipoint‬اﺟﺮاي اﯾﻦ دﺳﺘﻮر ﺑﺎﻋﺚ اﯾﺠﺎد ﯾﮏ ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ‬ ‫‪ FR‬ﺧﻮاﻫﺪ ﺷﺪ و ﻫﻤﺎﻧﻨﺪ ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻓﯿﺰﯾﮑﯽ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﺧﻮاﻫﺪ ﮔﺮﻓﺖ ﺑﺎ اﯾﻦ ﺗﻔﺎوت ﮐﻪ ﺗﻨﻬﺎ ﺗﺮاﻓﯿﮏ ﻧﻘﺎط‬ ‫ﭼﻨﺪﮔﺎﻧﻪ راه دور از آن ﻋﺒﻮر ﺧﻮاﻫﺪ ﮐﺮد.‬ ‫‪ show frame-relay map‬ﺑﺎﻋﺚ ﻧﻤﺎﯾﺶ ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ ‪ DLCI‬ﻣﯿﺸﻮد ﻓﺎرق از اﯾﻨﮑﻪ اﺳﺘﺎﺗﯿﮏ ﯾﺎ‬ ‫داﯾﻨﺎﻣﯿﮏ ﺑﺎﺷﻨﺪ ﻣﯿﺸﻮد. ﻓﺮاﯾﻨﺪ ﻧﮕﺎﺷﺖ داﯾﻨﺎﻣﯿﮏ را درس آزﻣﺎﯾﺶ ﺑﻌﺪي ﮐﻪ ﺑﻪ ‪ ARP‬ﻣﻌﮑﻮس ﻣﯽ ﭘﺮدازد ﺧﻮاﻫﯿﻢ‬ ‫دﯾﺪ.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎي 3‪R1,R2,R‬‬ ‫092 ‪Page 225 of‬‬
  • 227.
    ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 92/1.321.45.01ﺑﻪ 0/0‪ S‬در 1‪ R‬ﺑﻪ ﻫﻤﺮاه ‪FR Encapsulation‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 92/2.321.45.01 ﺑﻪ 122.0/0‪ S‬در 2‪ R‬ﺑﻪ ﻋﻨﻮان اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ و ﺑﺎ 122 ‪DLCI‬‬ ‫‪‬‬ ‫ﺗﺨﺼﯿﺺ آدرس 92/2.321.45.01 ﺑﻪ 123.0/0‪ S‬در 2‪ R‬ﺑﻪ ﻋﻨﻮان اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ و ﺑﺎ 123 ‪DLCI‬‬ ‫اﻫﺪاف‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻢ 0/0‪ S‬در 1‪ R‬ﺑﺎ دو ‪Map . Map‬اول ﺟﻬﺖ ﻧﮕﺎﺷﺖ آدرس 0/0‪ S‬در 2‪ R‬ﺑﻪ 221 ‪ DLCI‬و ‪ Map‬دوم ﺟﻬﺖ‬ ‫ﻧﮕﺎﺷﺖ آدرس 0/0‪ S‬در 3‪R‬‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 1‪ R‬و ﺳﺎﯾﺮﯾﻦ ﻫﻤﯿﻨﻄﻮر ﻣﺎﺑﯿﻦ 3‪R2,R‬‬ ‫‪‬‬ ‫ﺣﺬف ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ از 1‪ R‬و اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ ﻫﻤﯿﻨﻄﻮر اﯾﺠﺎد ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ ‪Dlci‬‬ ‫ﻣﺘﻨﺎﻇﺮ‬ ‫‪‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ )‪ R1(hub‬و ﺳﺎﯾﺮﯾﻦ )‪ (spokes‬ﻫﻤﯿﻨﻄﻮر ﻣﺎﺑﯿﻦ 2‪R1,R‬‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﺗﻨﻈﯿﻢ 0/0‪ S‬در 1‪ R‬ﺑﺎ دو ‪Map . Map‬اول ﺟﻬﺖ ﻧﮕﺎﺷﺖ آدرس 0/0‪ S‬در 2‪ R‬ﺑﻪ 221 ‪ DLCI‬و ‪ Map‬دوم ﺟﻬﺖ ﻧﮕﺎﺷﺖ آدرس‬ ‫0/0‪ S‬در 3‪R‬‬ ‫‪R1 con0 is now available‬‬ ‫.‪Press RETURN to get started‬‬ ‫‪R1>enable‬‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫0/0‪R1(config)#interface Serial‬‬ ‫‪R1(config-if)#frame-relay map ip 10.54.123.2 122 broadcast‬‬ ‫‪R1(config-if)#frame-relay map ip 10.54.123.3 123 broadcast‬‬ ‫‪R1(config-if)#end‬‬ ‫#1‪R‬‬ ‫‪%SYS-5-CONFIG_I: Configured from console by console‬‬ ‫#1‪R‬‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ 1‪ R‬و ﺳﺎﯾﺮﯾﻦ ﻫﻤﯿﻨﻄﻮر ﻣﺎﺑﯿﻦ 3‪R2,R‬‬ ‫1.321.45.01 ‪R2#ping‬‬ ‫.‪Type escape sequence to abort‬‬ ‫092 ‪Page 226 of‬‬
  • 228.
    Sending 5, 100-byteICMP Echos to 10.54.123.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/75/172 ms R2##ping 10.54.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.54.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/136/300 ms R2# ‫ ﻣﺘﻨﺎﻇﺮ‬Dlci ‫ و اﯾﺠﺎد ﺳﺎب اﯾﻨﺘﺮﻓﯿﺲ ﻧﻘﻄﻪ ﺑﻪ ﭼﻨﺪ ﻧﻘﻄﻪ ﻫﻤﯿﻨﻄﻮر اﯾﺠﺎد ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ‬R1 ‫ﺣﺬف ﺗﻨﻈﯿﻤﺎت ﻗﺒﻠﯽ از‬ R1#configure terminal Enter configuration commands, one per line. R1(config)#default interface Serial0/0 Building configuration... End with CNTL/Z. Interface Serial0/0 set to default configuration R1(config)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down R1(config)#interface Serial0/0 R1(config-if)#encapsulation frame-relay R1(config-if)#interface serial0/0.123 multipoint R1(config-if)#ip address 10.54.123.1 255.255.255.248 R1(config-if)#frame map ip 10.54.123.2 122 broadcast R1(config-if)#frame map ip 10.54.123.3 123 broadcast R1(config-subif)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1#show frame-relay map Serial0/0.123 (up): ip 10.54.123.2 dlci 122(0x7A,0x1CA0), static, broadcast, CISCO, status defined, active Serial0/0.123 (up): ip 10.54.123.3 dlci 123(0x7B,0x1CB0), static, broadcast, CISCO, status defined, active R1# R1,R2 ‫( ﻫﻤﯿﻨﻄﻮر ﻣﺎﺑﯿﻦ‬spokes) ‫ و ﺳﺎﯾﺮﯾﻦ‬R1(hub) ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ‬ R2#ping 10.54.123.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.54.123.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/75/124 ms R2#ping 10.54.123.3 Type escape sequence to abort. Page 227 of 290
  • 229.
    Sending 5, 100-byteICMP Echos to 10.54.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 52/121/264 ms R2# R3#ping 10.54.123.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.54.123.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/83/156 ms R3# Page 228 of 290
  • 230.
    ‫آزﻣﺎﯾﺶ 5.5 –ﺗﻨﻈﯿﻤﺎت ‪ Arp‬ﻣﻌﮑﻮس‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ ARP‬ﻣﻌﮑﻮس در ﻟﯿﻨﮑﻬﺎي ‪ FR‬ﺑﺎ ﻫﺪف ﺗﺸﮑﯿﻞ ﺧﻮدﮐﺎر ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ‬ ‫‪ DLCI‬آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫در آزﻣﺎﯾﺶ ﭘﯿﺸﯿﻦ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت اﺳﺘﺎﺗﯿﮏ ﺟﺪول ﻧﮕﺎﺷﺖ آدرس ﺑﻪ ‪ DLCI‬آﺷﻨﺎ ﺷﺪﯾﻢ . ﻓﺮاﯾﻨﺪ ‪ARP‬‬ ‫ﻣﻌﮑﻮس اﯾﻦ ﻧﮕﺎﺷﺖ را از ﻃﺮﯾﻖ ﯾﺎدﮔﯿﺮي آدرس ﻟﯿﻨﮑﻬﺎي ﻫﻤﺴﺎﯾﻪ و ﺗﺸﮑﯿﻞ ﺧﻮدﮐﺎر ﺟﺪول ﻣﺬﺑﻮر ﺑﻪ اﻧﺠﺎم ﻣﯿﺮﺳﺎﻧﺪ.‬ ‫اﯾﻦ وﯾﮋﮔﯽ در ﻋﯿﻦ ﻣﻔﯿﺪ ﺑﻮدن داراي اﺛﺮات ﺟﺎﻧﺒﯽ ﺧﺎص ﺧﻮد ﻧﯿﺰ ﻫﺴﺖ و ﺑﻌﻀﺎ وﻗﺖ زﯾﺎدي را از ﻣﻬﻨﺪﺳﯿﻦ ﺷﺒﮑﻪ ﺑﺮاي‬ ‫رﻓﻊ ﻋﯿﻮب آن ﺗﻠﻒ ﻣﯿﮑﻨﺪ. ﻓﺮض ﮐﻨﯿﺪ ﮐﻪ ﭘﺮواﯾﺪر ﯾﮏ ‪ DLCI‬ﺟﺪﯾﺪ ﺑﺮاي ﺷﻤﺎ ﻓﻌﺎل ﮐﺮده و ﻗﺮار اﺳﺖ روي ﯾﮏ ﻟﯿﻨﮏ‬ ‫ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﺑﺎ ﻣﻼﺣﻀﺎت ‪ security policy‬وﯾﮋه اي اﻋﻤﺎل ﺷﻮد.ﻫﻨﮕﺎﻣﯽ ﮐﻪ ‪ DLCI‬ﻓﻌﺎل ﻣﯿﺸﻮد و روﺗﺮ ﻫﺎ ﻧﯿﺰ داراي‬ ‫ﺗﻨﻈﯿﻤﺎت آدرس ﺻﺤﯿﺢ ﺑﺎﺷﻨﺪ ﻓﺮاﯾﻨﺪ ‪ ARP‬ﻣﻌﮑﻮس ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﻧﮕﺎﺷﺖ ﻣﺎﺑﯿﻦ اﯾﻦ دو را اﻧﺠﺎم ﻣﯿﺪﻫﺪ و ﻣﻮﺟﺒﺎت‬ ‫ﯾﮏ رﯾﺴﮏ اﻣﻨﯿﺘﯽ را ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ. ﻧﮑﺘﻪ ﻣﻨﻔﯽ دﯾﮕﺮ اﯾﻦ ﺧﺎﺻﯿﺖ اﯾﺠﺎد ﺣﻠﻘﻪ ﻫﺎي ﻧﺎﺧﻮاﺳﺘﻪ در ﻣﺴﯿﺮ ﯾﺎﺑﯽ اﺳﺖ.‬ ‫اﻧﺠﺎم ﺗﻨﻈﯿﻤﺎت ‪ ARP‬ﻣﻌﮑﻮس ﺑﺴﯿﺎر ﺳﺎده اﺳﺖ و ﺑﻪ ﻃﻮر ﭘﯿﺶ ﻓﺮض روي ﻫﻤﻪ اﯾﻨﺘﺮﻓﺴﻬﺎي ﭼﻨﺪ ﻧﻘﻄﻬﺎي ‪ FR‬ﻓﻌﺎل‬ ‫اﺳﺖ.در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮرات زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫‪ : no frame-relay inverse-arp‬ﻣﻮﺟﺒﺎت ﻏﯿﺮ ﻓﻌﺎل ﺷﺪن ﻗﺎﺑﻠﯿﺖ ‪ ARP‬ﻣﻌﮑﻮس را ﻓﺮاﻫﻢ ﻣﯿﮑﻨﺪ و ﭘﺲ از آن‬ ‫ﻣﯿﺒﺎﯾﺴﺖ از ﻧﮕﺎﺷﺖ اﺳﺘﺎﺗﯿﮏ آدرس ﺑﻪ ‪ DLCI‬اﺳﺘﻔﺎده ﺷﻮد‬ ‫‪:clear frame-relay inarp‬ﺑﺎﻋﺚ ﭘﺎك ﺷﺪن ﺟﺪول داﯾﻨﺎﻣﯿﮏ ﻧﮕﺎﺷﺖ آدرس ﺑﻪ ‪ DLCI‬ﻣﯿﺸﻮد.‬ ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫‪‬‬ ‫ﺑﺮﻗﺮاري ارﺗﺒﺎط ﮐﻨﺴﻮل ﺑﺎ روﺗﺮﻫﺎي 3‪R1,R2,R‬‬ ‫ﺗﻨﻈﯿﻢ 0/0‪ S‬در 1‪ R‬ﺑﺎ آدرس 92/1.321.55.01 و ‪FR encapsulation‬‬ ‫ﺗﻨﻈﯿﻢ 122.0/0‪ S‬در 2‪ R‬ﺑﻪ ﻋﻨﻮان ‪ sub-interface‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﺑﺎ آدرس 92/2.321.55.01 و ‪DLCI‬‬ ‫122‬ ‫ﺗﻨﻈﯿﻢ 123.0/0‪ S‬در 3‪ R‬ﺑﻪ ﻋﻨﻮان ‪ sub-interface‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﺑﺎ آدرس 92/3.321.55.01 و ‪DLCI‬‬ ‫123‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫092 ‪Page 229 of‬‬
  • 231.
    ‫ﻣﺸﺎﻫﺪه وﺿﻌﯿﺖ ﺟﺎريﺟﺪول ﻧﮕﺎﺷﺖ ﺗﺸﮑﯿﻞ ﺷﺪه ﺧﻮدﮐﺎر در روﺗﺮﻫﺎ‬ DLCI-IP ‫ ﺟﻬﺖ ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﺸﮑﯿﻞ ﺧﻮدﮐﺎر ﺻﺤﯿﺢ ﺟﺪول ﻧﮕﺎﺷﺖ‬R1 ‫ از ﻃﺮﯾﻖ‬R2,R3 ‫ﭘﯿﻨﮓ‬   ‫ و ﺗﺴﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎ‬ARP ‫ و ﭘﺎك ﮐﺮدن ﺟﺪول‬R1 ‫ ﻣﻌﮑﻮس در‬ARP ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن‬  ‫ وﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬R2,R3 ‫ ﺟﻬﺖ ارﺗﺒﺎط ﺑﺎ‬R1 ‫ در‬DLCI ‫اﯾﺠﺎد ﺟﺪول اﺳﺘﺎﺗﯿﮏ ﻧﮕﺎﺷﺖ‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ﻣﺸﺎﻫﺪه وﺿﻌﯿﺖ ﺟﺎري ﺟﺪول ﻧﮕﺎﺷﺖ ﺗﺸﮑﯿﻞ ﺷﺪه ﺧﻮدﮐﺎر در روﺗﺮﻫﺎ‬  R1#show frame-relay map Serial0/0 (up): ip 10.55.123.2 dlci 122(0x7A,0x1CA0), dynamic, broadcast,, status defined, active Serial0/0 (up): ip 10.55.123.3 dlci 123(0x7B,0x1CB0), dynamic, broadcast,, status defined, active R1# DLCI-IP ‫ ﺟﻬﺖ ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﺸﮑﯿﻞ ﺧﻮدﮐﺎر ﺻﺤﯿﺢ ﺟﺪول ﻧﮕﺎﺷﺖ‬R1 ‫ از ﻃﺮﯾﻖ‬R2,R3 ‫ﭘﯿﻨﮓ‬ R1#ping 10.55.123.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 72/95/124 ms R1#ping 10.55.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 76/105/172 ms R1# R2#ping 10.55.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 156/215/340 ms R2# Page 230 of 290
  • 232.
    ‫ و ﺗﺴﺖﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎ‬ARP ‫ و ﭘﺎك ﮐﺮدن ﺟﺪول‬R1 ‫ ﻣﻌﮑﻮس در‬ARP ‫ﻏﯿﺮ ﻓﻌﺎل ﮐﺮدن‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/0 R1(config-if)#no frame-relay inverse-arp R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1#clear frame-relay inarp R1#ping 10.55.123.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1#ping 10.55.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1# ‫ وﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت‬R2,R3 ‫ ﺟﻬﺖ ارﺗﺒﺎط ﺑﺎ‬R1 ‫ در‬DLCI ‫اﯾﺠﺎد ﺟﺪول اﺳﺘﺎﺗﯿﮏ ﻧﮕﺎﺷﺖ‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/0 R1(config-if)#frame-relay map ip 10.55.123.2 122 broadcast R1(config-if)#frame-relay map ip 10.55.123.3 123 broadcast R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1#ping 10.55.123.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/106/200 ms R1#ping 10.55.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.55.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 76/120/256 ms Page 231 of 290
  • 233.
  • 234.
    ‫آزﻣﺎﯾﺶ 1.6 –ﺗﻨﻈﯿﻤﺎت ‪Static route‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ static routing‬ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ ﺳﻪ ﺷﺒﮑﻪ ﻣﺠﺰا از ﻫﻢ ﺧﻮاﻫﯿﻢ‬ ‫ﭘﺮداﺧﺖ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻣﺒﺤﺚ ‪ Static routing‬ﺟﺰ ﻣﺒﺎﺣﺚ ﭘﺎﯾﻪ اي ﻣﻬﻨﺪﺳﯽ ﺷﺒﮑﻪ اﺳﺖ و درك ﻣﻔﻮﻣﯽ آن ﺟﺰ اﻟﺰاﻣﺎﺗﯽ اﺳﺖ ﮐﻪ ﺑﺎﯾﺪ ﺗﻮﺳﻂ‬ ‫ﻫﺮ ﻣﻬﻨﺪس ﺷﺒﮑﻪ اي ﻟﺤﺎظ ﺷﻮد. ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل اﮔﺮ 1‪ R‬ﺑﻪ ﺷﺒﮑﻪ اي ﺑﺎ آدرس 42/0.01.16.01ﻣﺘﺼﻞ اﺳﺖ و ﯾﮏ‬ ‫‪ PC‬در اﯾﻦ ﺷﺒﮑﻪ ﻧﯿﺎز ﺑﻪ ارﺳﺎل و درﯾﺎﻓﺖ دﯾﺘﺎ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 را داﺷﺘﻪ ﺑﺎﺷﺪ ،1‪ R‬اﻟﺰاﻣﺎ ﻣﯿﺒﺎﯾﺴﺖ از اﯾﻨﮑﻪ‬ ‫اﻃﻼﻋﺎت درﯾﺎﻓﺘﯽ ﺧﻮد را ﮐﺠﺎ و ﺑﻪ ﭼﻪ ﻣﻘﺼﺪ دﯾﮕﺮي ﻣﺘﻨﻘﻞ ﮐﻨﺪ آﮔﺎه ﺑﺎﺷﺪ.‬ ‫ﻣﺴﺌﻠﻪ را ﺑﻪ ﺷﮑﻞ ﺑﻬﺘﺮي ﺑﺮرﺳﯽ ﻣﯿﮑﻨﯿﻢ . ﻓﺮض ﮐﻨﯿﺪ 1‪ R‬اﯾﻦ ﺗﺮاﻓﯿﮏ را ﺑﻪ 2‪ R‬ﻣﻨﺘﻘﻞ ﻣﯿﮑﻨﺪ و 2‪ R‬ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﺪ‬ ‫ﮐﻪ ﺑﺎ ﺷﺒﮑﻪ ﺑﻪ ﺻﻮرت ﻣﺴﺘﻘﯿﻢ) ‪ (directly connected‬در ارﺗﺒﺎط ﻧﯿﺴﺖ.ﭘﺲ 2‪ R‬ﻣﯿﺒﺎﯾﺴﺖ ﺗﺮاﻓﯿﮏ را ﺑﻪ ‪ hop‬ﺑﻌﺪي‬ ‫در ﻣﺴﯿﺮ اﻧﺘﻘﺎل ارﺳﺎل ﮐﻨﺪ ﺗﺎ ﺑﻪ روﺗﺮي ﮐﻪ ﺷﺒﮑﻪ ﻣﻘﺼﺪ ﺑﻪ آن ﺑﻪ ﻃﻮر ﻣﺴﺘﻘﯿﻢ ﻣﺘﺼﻞ اﺳﺖ ﺑﺮﺳﺪ. ﭘﺲ در ﻗﺪم ﺑﻌﺪي‬ ‫ﺗﺮاﻓﯿﮏ ﺑﻪ 2‪ R‬ﻣﻨﺘﻘﻞ ﻣﯿﺸﻮد روﺗﺮي ﮐﻪ ﺷﺒﮑﻪ 42/0.03.16.01ﺑﻪ ﻃﻮر ﻣﺴﺘﻘﯿﻢ ﺑﻪ 01/3‪ Gi‬آن ﻣﺘﺼﻞ اﺳﺖ.‬ ‫ﺧﻮب ﺗﺎ اﯾﻨﺠﺎ ﻣﻮﻓﻖ ﺷﺪﯾﻢ ﺗﺮاﻓﯿﮏ را ﺑﻪ ﺷﺒﮑﻪ ﻣﻘﺼﺪ ﻣﻨﺘﻘﻞ ﮐﻨﯿﻢ اﻣﺎ آﯾﺎ اﯾﻦ ﺗﻤﺎم ﮐﺎر اﺳﺖ ؟ اﮔﺮ ‪ static route‬در‬ ‫ﯾﮏ ﺟﻬﺖ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﺑﻪ ﻣﻌﻨﯽ رد وﺑﺪل ﺷﺪن دوﻃﺮﻓﻪ اﻃﻼﻋﺎت ﻫﻢ ﻫﺴﺖ ﺑﻪ اﯾﻦ ﻣﻌﻨﯽ ﮐﻪ 3‪ R‬ﻫﻢ ﻗﺎدر ﺑﻪ ارﺳﺎل‬ ‫اﻃﻼﻋﺎت ﺑﻪ ﺳﻤﺖ ﺷﺒﮑﻪ ﻣﺒﺪا ﻣﯿﺒﺎﺷﺪ ؟ ﭘﺎﺳﺦ ﻣﻨﻔﯽ اﺳﺖ و ﺑﻨﺎ ﺑﻪ اﯾﻦ اﻟﺰام ﻣﻨﻄﻘﯽ ﮐﻞ ﻓﺮاﯾﻨﺪ ﺑﻪ ﻃﻮر ﺑﺮﻋﮑﺲ ﻧﯿﺰ‬ ‫ﺑﺎﯾﺴﺖ اﻧﺠﺎم ﺷﻮد.‬ ‫در ﺷﺒﮑﻪ ﻫﺎي ﺳﺎﺧﺖ ﯾﺎﻓﺘﻪ و ﻧﺴﺒﺘﺎ ﺑﺰرگ ﻋﻤﻮﻣﺎ از اﺳﺘﺎﺗﯿﮏ روت ﺟﻬﺖ اﯾﺠﺎد روﺗﻬﺎي ﺷﻨﺎور )آزﻣﺎﯾﺶ 2.6( و‬ ‫‪) default router‬آزﻣﺎﯾﺶ 3.6( اﺳﺘﻔﺎده ﻣﯽ ﺷﻮد. اﻣﺎ ﺑﺴﯿﺎرﻧﺪ ﻣﻬﻨﺪﺳﯿﻦ ﺷﺒﮑﻪ اي ﮐﻪ از اﯾﻦ ﻗﺎﺑﻠﯿﺖ ﺟﻬﺖ ﻋﻤﺪه‬ ‫ﻣﺴﺎﺋﻞ ﻣﺴﯿﺮ دﻫﯽ ﺷﺒﮑﻪ ﺧﻮد اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﮐﻪ دﻟﯿﻞ ﻋﻤﺪه آن ﺿﻌﻒ در درك ﻣﻔﺎﻫﯿﻢ ﭘﺮوﺗﮑﻞ ﻫﺎي ﻣﺴﯿﺮﯾﺎﺑﯽ‬ ‫داﯾﻨﺎﻣﯿﮏ اﺳﺖ.ﺑﻪ ﻋﻨﻮان ﻗﺎﻋﺪه ﮐﻠﯽ ﻃﺮاﺣﯽ ، ﯾﮏ ﺷﺒﮑﻪ ﺑﺎﯾﺴﺖ ﺣﺎوي ﺣﺪاﻗﻞ ﺗﻌﺪاد ﻣﺴﯿﺮدﻫﯽ اﺳﺘﺎﯾﮏ ﺑﺎﺷﺪ‬ ‫ﻣﻬﻤﺘﺮﯾﻦ دﻟﯿﻞ اﯾﻨﮑﺎر ﻫﻢ ﭘﯿﺸﮕﯿﺮي از ﻧﯿﺎز ﺑﻪ ﺗﻨﻈﯿﻢ ﻣﺠﺪد آﻧﻬﺎ در ﺻﻮرت ﺑﺮوز ﺗﻐﯿﯿﺮات در ﺳﺎﺧﺘﺎر ﺷﺒﮑﻪ اﺳﺖ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ اﺳﺘﺎﯾﮏ روت را ﻣﺎﺑﯿﻦ ﺳﻪ روﺗﺮ ﺑﺎ ﺷﺒﮑﻪ ﻫﺎي ﻣﺠﺰا از ﻫﻢ ﺑﻪ ﻣﻨﻈﻮر ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ ﮐﺎﻣﭙﯿﻮﺗﺮﻫﺎي‬ ‫ﻣﺘﺼﻞ ﺑﻪ 1‪ R‬و 3‪ R‬اﻧﺠﺎم ﻣﯿﺪﻫﯿﻢ و از ﻣﻬﺎرﺗﻬﺎﯾﯽ ﮐﻪ در آزﻣﺎﯾﺶ 5 ﮐﺴﺐ ﮐﺮدﯾﻢ ﺟﻬﺖ اﯾﺠﺎد ﯾﮏ ﺷﺒﮑﻪ زﻧﺠﯿﺮه اي‬ ‫)‪ (Daisy chained‬ﺑﺎ ﭼﺎﺷﻨﯽ ‪ frame relay‬ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎي 3‪ R1,R2,R‬اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.‬ ‫092 ‪Page 233 of‬‬
  • 235.
    ‫ اﺳﺘﻔﺎده ﮐﺮد.در اﯾﻦ آزﻣﺎﯾﺶ‬LoopBack Interface‫ﻧﮑﺘﻪ: ﻣﯿﺘﻮان ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﯾﮏ ﺷﺒﮑﻪ ﻣﺘﺼﻞ ﺑﻪ روﺗﺮ از‬ .‫ ﻧﻘﺶ ﺷﺒﮑﻪ ﻫﺎي ﺳﻤﺖ ﮐﺎرﺑﺮ ﻣﺘﺼﻞ ﺑﻪ روﺗﺮﻫﺎي ﻣﺬﺑﻮر را اﯾﻔﺎ ﺧﻮاﻫﻨﺪ ﮐﺮد‬R1,R2,R3 ‫ در روﺗﺮﻫﺎي‬LO0 .‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ دﺳﺘﻮر زﯾﺮ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ip route network subnet nexthop ‫: اﻟﮕﻮي ﮐﻠﯽ ﻧﮕﺎرش اﯾﻦ دﺳﺘﻮر ﺑﻪ ﺻﻮرت‬Ip route n.n.n.h s.s.s.s nh.nh.nh.nh ‫ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ ﻓﻮق‬  ‫ ﮐﺮدن ﺗﻨﻈﻤﯿﺎت زﯾﺮ در روﺗﺮﻫﺎ‬copy/paste‫اﻧﺠﺎم ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ از ﻃﺮﯾﻖ‬  R1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# R1 Initial Config # !################################################## ! enable ! configure terminal ! hostname R1 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.61.10.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.122 point-to-point Page 234 of 290
  • 236.
    description ### FRAMERELAY LINK TO R2 ### ip address 10.61.12.1 255.255.255.252 frame-relay interface-dlci 122 ! interface Serial0/0 no shut ! End R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# R2 Initial Config # !################################################## ! enable ! configure terminal ! hostname R2 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.61.20.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.61.12.2 255.255.255.252 frame-relay interface-dlci 221 ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 10.61.23.1 255.255.255.252 frame-relay interface-dlci 223 ! interface Serial0/0 no shut ! End R3 ‫ﺗﻨﻈﻤﯿﺎت اوﻟﯿﻪ‬ !################################################## !# R3 Initial Config # !################################################## Page 235 of 290
  • 237.
    ! enable ! configure terminal ! hostname R3 ! interfaceLoopback0 description ### SIMULATED NETWORK ### ip address 10.61.30.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.61.23.2 255.255.255.252 frame-relay interface-dlci 322 ! interface Serial0/0 no shut ! end Static route-6.1.1 ‫ﺗﺼﻮﯾﺮ‬ ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.02.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.21.16.01 و ﺑﻌﺪ از‬R1 ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در‬  10.61.12.1 ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.01.16.01 از ﻃﺮﯾﻖ ﻫﺎپ‬R2 ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در‬ ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.32.16.01 و ﺑﻌﺪ از‬R2 ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در‬  ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.02.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 1.32.16.01 و‬R3 ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در‬ R2,R3 ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ ﭘﯿﻨﮓ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺴﻬﺎ در‬ Page 236 of 290
  • 238.
    ‫‪‬‬ ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روتدر 1‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.21.16.01 و ﺑﻌﺪ از‬ ‫‪‬‬ ‫ﺗﺴﺖ اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﯿﻦ ﺷﺒﮑﻪ ﻫﺎي 42/03.16.01 , 42/0.01.16.01‬ ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در 3‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.01.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 1.32.16.01‬ ‫‪‬‬ ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در 1‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.02.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.21.16.01 و ﯾﻌﺪ از‬ ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در 2‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.01.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 1.21.16.01‬ ‫.‪End with CNTL/Z‬‬ ‫2.21.16.01‬ ‫.‪End with CNTL/Z‬‬ ‫1.21.16.01‬ ‫‪R1#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫0.552.552.552 0.02.16.01 ‪R1(config)#ip route‬‬ ‫‪R1(config)#end‬‬ ‫#1‪R‬‬ ‫‪R2#configure terminal‬‬ ‫.‪Enter configuration commands, one per line‬‬ ‫0.552.552.552 0.01.16.01 ‪R2(config)#ip route‬‬ ‫‪R2(config)#end‬‬ ‫#2‪R‬‬ ‫ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻟﻮپ ﺑﮏ ﻫﺎي دو ﻃﺮف را ﭘﯿﻨﮓ ﻣﯿﮑﻨﯿﻢ ﺑﺎ ﻋﻠﻢ ﺑﻪ اﯾﻨﮑﻪ ﻫﺮ ﯾﮏ از آﻧﻬﺎ ﺑﯿﺎﻧﮕﺮ ﯾﮏ‬ ‫‪ PC‬ﻫﻤﯿﺸﻪ ﻣﺘﺼﻞ در ﺷﺒﮑﻪ ﻣﺒﺪا ﯾﺎ ﻣﻘﺼﺪ ﻫﺴﺘﻨﺪ‬ ‫0‪R1#ping 10.61.20.1 source lo‬‬ ‫.‪Type escape sequence to abort‬‬ ‫:‪Sending 5, 100-byte ICMP Echos to 10.61.20.1, timeout is 2 seconds‬‬ ‫1.01.16.01 ‪Packet sent with a source address of‬‬ ‫!!!!!‬ ‫‪Success rate is 100 percent (5/5), round-trip min/avg/max = 8/50/104 ms‬‬ ‫#1‪R‬‬ ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﻧﺘﻈﺎر ﻣﯿﺮﻓﺖ اﻣﮑﺎن ﭘﯿﻨﮓ ﻟﻮپ ﺑﮏ روﺗﺮ 2‪ R‬از ﺳﻤﺖ ﻟﻮپ ﺑﮏ 1‪ R‬وﺟﻮد دارد ﭘﺲ ارﺗﺒﺎط دوﻃﺮﻓﻪ ﻣﺎﺑﯿﻦ‬ ‫ﺑﺮﻗﺮار ﺷﺪه اﺳﺖ.‬ ‫2. اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در 2‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.32.16.01 و ﯾﻌﺪ از‬ ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در 3‪ R‬ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.02.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 1.32.16.01 و‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت از ﻃﺮﯾﻖ ﭘﯿﻨﮓ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺴﻬﺎ در 3‪R2,R‬‬ ‫‪R2#configure terminal‬‬ ‫.‪Enter configuration commands, one per line. End with CNTL/Z‬‬ ‫2.32.16.01 0.552.552.552 0.03.16.01 ‪R2(config)#ip route‬‬ ‫‪R2(config)#end‬‬ ‫#2‪R‬‬ ‫092 ‪Page 237 of‬‬
  • 239.
    R3#configure terminal Enter configurationcommands, one per line. End with CNTL/Z. R3(config)#ip route 10.61.20.0 255.255.255.0 10.61.23.1 R3(config)#end R3# .‫ ﭘﯿﻨﮓ ﻣﯿﮑﻨﯿﻢ‬R3 ‫، اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ را در‬R2 ‫ﻣﺠﺪدا ﺑﺮاي ﺗﺴﺖ ﺑﺮﻗﺮاري ﺻﺤﺖ ارﺗﺒﺎط از ﻃﺮﯾﻖ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ‬ R2#ping 10.61.30.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.61.30.1, timeout is 2 seconds: Packet sent with a source address of 10.61.20.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/74/164 ms R2# ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.03.16.01 از ﻃﺮﯾﻖ ﻫﺎپ 2.21.16.01 و ﺑﻌﺪ از‬R1 ‫3. اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در‬ 10.61.23.1 ‫ ﺟﻬﺖ دﺳﺘﺮﺳﯽ ﺑﻪ ﺷﺒﮑﻪ 42/0.01.16.01 از ﻃﺮﯾﻖ ﻫﺎپ‬R3 ‫آن اﯾﺠﺎد روت ﺑﺮﮔﺸﺖ در‬ >R1#configure terminal Enter configuration commands, one per line. R1(config)#ip route 10.61.30.0 255.255.255.0 R1(config)#end R1# R3#configure terminal Enter configuration commands, one per line. R3(config)#ip route 10.61.10.0 255.255.255.0 R3(config)#end R3# End with CNTL/Z. 10.61.12.2 End with CNTL/Z. 10.61.23.1 R1#ping 10.61.30.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.61.30.1, timeout is 2 seconds: Packet sent with a source address of 10.61.10.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/64/124 ms R1# Page 238 of 290
  • 240.
    ‫آزﻣﺎﯾﺶ 2.6 –ﺗﻨﻈﯿﻤﺎت ‪Floating static route‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﺗﻨﻈﯿﻤﺎت روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ ﻫﺪف اﯾﺠﺎد اﻓﺰوﻧﮕﯽ ﻣﺎﺑﯿﻦ ﻣﺴﯿﺮﻫﺎ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫روت ﺷﻨﺎور روﺗﯽ اﺳﺖ ﮐﻪ داراي ‪ AD‬ﺑﺰرﮔﺘﺮ از روت ﺟﺎري)اﺳﺘﺎﺗﯿﮏ( در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ اﺳﺖ از ﻃﺮﻓﯽ ﺑﻪ ﺧﺎﻃﺮ‬ ‫دارﯾﻢ ﮐﻪ روﺗﯽ ﮐﻪ داراي ‪ AD‬ﮐﻮﭼﮑﺘﺮ اﺳﺖ اﻟﻮﯾﺖ اﺟﺮاﯾﯽ ﺑﺎﻻﺗﺮي دارد.ﺑﺎ ﺑﺎزﮔﺸﺖ ﺑﻪ آزﻣﺎﯾﺶ 1.6 ﻣﺸﺎﻫﺪه ﻣﯿﮑﻨﯿﻢ ﮐﻪ‬ ‫1‪ R‬داراي ﯾﮏ ﻟﯿﻨﮏ ارﺗﺒﺎﻃﯽ ‪ Frame relay‬ﺑﺎ 2‪ R‬اﺳﺖ. اﮐﻨﻮن ﯾﮏ ﻟﯿﻨﮏ 1‪ T‬ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﻫﻢ ﺑﻪ اﯾﻦ ﺳﻨﺎرﯾﻮ‬ ‫اﺿﺎﻓﻪ ﻣﯿﮑﻨﯿﻢ ﮐﻪ ﻧﺘﯿﺠﻪ آن ﺑﻪ دﺳﺖ آوردن ﻗﺎﺑﻠﯿﺖ اﻓﺰوﻧﮕﯽ و ﺗﻘﺴﯿﻢ ﺑﺎر ﺧﻮاﻫﺪ ﺑﻮد ﺣﺘﯽ ﻣﯿﺘﻮان ﺑﻪ ﻟﯿﻨﮏ ﺟﺪﯾﺪ‬ ‫اﯾﻨﮕﻮﻧﻪ ﻧﮕﺎه ﮐﺮد ﮐﻪ ﺻﺮﻓﺎ ﺑﻪ ﻋﻨﻮان ﭘﺸﺘﯿﺒﺎن ﻟﯿﻨﮏ اﺻﻠﯽ ﮐﺎر ﮐﻨﺪ . ﻫﻤﻪ اﯾﻦ اﯾﺪه ﻫﺎ از ﻃﺮﯾﻖ ﭘﯿﺎده ﺳﺎزي روﺗﯿﻨﮓ‬ ‫ﺷﻨﺎور ﻗﺎﺑﻞ اﺟﺮا ﺧﻮاﻫﻨﺪ ﺑﻮد.‬ ‫ﺑﺮاي اﯾﺠﺎد روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور از ﻫﻤﺎن روش اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ روت در آزﻣﺎﯾﺶ ﻗﺒﻠﯽ ﻣﻨﺘﻬﺎ ﺑﺎ ‪ AD‬ﺑﺰرﮔﺘﺮ اﺳﺘﻔﺎده‬ ‫ﺧﻮاﻫﯿﻢ ﮐﺮد ﺑﻨﺎﺑﺮاﯾﻦ ﺗﺎ زﻣﺎﻧﯽ ﮐﻪ 0/0‪ S‬ﺑﺮﻗﺮار اﺳﺖ ﺗﺮاﻓﯿﮏ از آن ﻣﺴﯿﺮ ﻋﺒﻮر ﻣﯿﮑﻨﺪ و ﭘﺲ از ‪ fail‬ﺷﺪه آن ﺗﺮاﻓﯿﮏ از‬ ‫1/0‪ S‬ﺑﻪ 2‪ R‬ﻣﺘﻘﻞ ﺧﻮاﻫﺪ ﺷﺪ.‬ ‫در دﻧﯿﺎي واﻗﻌﯽ از روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﻪ ‪ emergency default route‬ﻫﻢ ﺗﻌﺒﯿﺮ ﻣﯿﺸﻮد ﮐﻪ در اداﻣﻪ ﺑﻪ آن‬ ‫ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ . اﻧﺠﺎم ﺗﻨﻈﯿﻤﺎت روﺗﻬﺎي ﺷﻨﺎور ﺑﺴﯿﺎر ﺷﺒﯿﻪ روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ ﻣﻌﻤﻮﻟﯽ ﻣﯿﺒﺎﺷﺪ ﺑﺎ اﯾﻦ ﺗﻔﺎوت ﮐﻪ ﯾﮏ‬ ‫ﻋﺪد ﻣﺎﺑﯿﻦ 1-552 ﺑﻪ اﻧﺘﻬﺎي آن اﺿﺎﻓﻪ ﻣﯿﺸﻮد ﮐﻪ ﺑﯿﺎﻧﮕﺮ ﺗﻨﻈﯿﻢ دﺳﺘﯽ ‪ AD‬روت ﻣﻮرد ﻧﻈﺮ ﺧﻮاﻫﺪ ﺑﻮد.552 ﺑﻪ ﻣﻌﻨﺎي‬ ‫‪ Unrechable‬اﺳﺖ و روﺗﯽ ﮐﻪ داراي اﯾﻦ ‪ AD‬ﺑﺎﺷﺪ ﻫﯿﭻ وﻗﺖ در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ ﻗﺮار ﻧﺨﻮاﻫﺪ ﮔﺮﻓﺖ .‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از ﺗﻮﭘﻮﻟﻮژي آزﻣﺎﯾﺶ 1.6 اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد ﺑﻪ ﻋﻼوه اﻓﺰودن ﯾﮏ ﻟﯿﻨﮏ دﯾﮕﺮ ﺑﯿﻦ 2‪ R1,R‬ﺟﻬﺖ‬ ‫اﯾﺠﺎد ﻣﺴﯿﺮ ﭘﺸﺘﯿﺒﺎن ﺟﻬﺖ اﺗﺼﺎل ﺑﯿﻦ 2‪ R1,R‬ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫092 ‪Page 239 of‬‬
  • 241.
    Floating static route– 6.2.1 ‫ﺗﺼﻮﯾﺮ‬ ‫. ﭘﯿﺶ ﻧﯿﺎز آزﻣﺎﯾﺶ‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﺗﺼﻮﯾﺮ ﺑﺎﻻ‬ 6.1 ‫ ﺑﺮﮔﺮﻓﺘﻪ از آزﻣﺎﯾﺶ‬R1,R2,R3 ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﻓﺮﯾﻢ رﯾﻠﯽ در‬   ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ . PPP Encapsulation ‫ ﺑﺎ ﺳﺎﺑﻨﺖ 03/0.12.26.01 و‬R1,R2 ‫ﮐﺎﻧﻔﯿﮓ ﻟﯿﻨﮏ ﺟﺪﯾﺪ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﻣﺎﺑﯿﻦ‬ ‫ ﺑﺮاي 42/0.02.55.01و42/0.03.55.01 ﻣﺮﺗﺒﻂ ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫اﯾﺠﺎد دو روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬   R2 R1 ‫ ﺑﺮاي 42/0.01.55.01 در ارﺗﺒﺎط ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫اﯾﺠﺎد روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬ ‫ ﺷﺪن ﻟﯿﻨﮑﻬﺎي ارﺗﺒﺎﻃﯽ‬fail ‫ ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي‬R2 ‫ در‬Serial0/0.221 ‫ و‬R1 ‫ در‬Serial0/0 ‫ﺧﺎﻣﻮش ﮐﺮدن‬   ‫ ﺑﻪ ﺳﻤﺖ 42/0.03.55.01 از‬trace ‫اﺻﻠﯽ و ﺑﺮرﺳﯽ ﺻﺤﺖ ﻋﻤﻠﮑﺮد ﻟﯿﻨﮑﻬﺎي ﭘﺸﺘﯿﺒﺎن ﺑﺎ‬ 10.55.10.0/24‫ﻃﺮﯾﻖ‬ ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ . PPP Encapsulation ‫ ﺑﺎ ﺳﺎﺑﻨﺖ 03/0.12.26.01 و‬R1,R2 ‫ﮐﺎﻧﻔﯿﮓ ﻟﯿﻨﮏ ﺟﺪﯾﺪ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ﻣﺎﺑﯿﻦ‬ .1 R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/1 R1(config-if)#ip address 10.62.21.1 255.255.255.252 R1(config-if)#encapsulation ppp R1(config-if)#no shut R1(config-if)#end R1# R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface serial0/1 R2(config-if)#ip add 10.62.21.2 255.255.255.252 R2(config-if)#encapsulation ppp R2(config-if)#no shut R2(config-if)#end R2#ping 10.62.21.1 Type escape sequence to abort. Page 240 of 290
  • 242.
    Sending 5, 100-byteICMP Echos to 10.62.21.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/60 ms R2# ‫ ﺑﺮاي 42/0.02.55.01و42/0.03.55.01 ﻣﺮﺗﺒﻂ ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫2. اﯾﺠﺎد دو روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬ R1 ‫ ﺑﺮاي 42/0.01.55.01 در ارﺗﺒﺎط ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫ اﯾﺠﺎد روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬R2 R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip route 10.55.20.0 255.255.255.0 10.62.21.2 200 R1(config)#ip route 10.55.30.0 255.255.255.0 10.62.21.2 200 R1(config)#end R1# R2(config)#ip route 10.55.10.0 255.255.255.0 10.62.21.1 200 R2(config)#end R2# R1 ‫ ﺑﺮاي 42/0.01.55.01 در ارﺗﺒﺎط ﺑﺎ ﻟﯿﻨﮏ ﭘﺸﺘﯿﺒﺎن‬AD 200 ‫4. اﯾﺠﺎد روت اﺳﺘﺎﺗﯿﮏ ﺷﻨﺎور ﺑﺎ‬ R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0.221 R2(config-subif)#shutdown R2(config-subif)#end R2# R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface serial0/0 R1(config-if)#shutdown R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down R1#traceroute 10.55.30.1 source Lo0 Type escape sequence to abort. Tracing the route to 10.55.30.1 1 10.62.21.2 152 msec 52 msec 44 msec 2 10.62.23.2 188 msec 240 msec 217 msec R1# ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﺸﺎﻫﺪه ﻣﯿﺸﻮد ﺗﺮاﻓﯿﮏ ﺑﺎ ﻣﺒﺪا 42/0.01.55.01 و ﻣﻘﺼﺪ 1.03.55.01 از ﻣﺴﯿﺮ ﭘﺸﺘﯿﺒﺎن ﻋﺒﻮر ﮐﺮد ﮐﻪ در‬ ‫ ﺑﺎ آدرس 2.12.26.01 اﺳﺖ‬R2 ‫ در‬Serial0/1 ‫اﯾﻨﺠﺎ‬ Page 241 of 290
  • 243.
    ‫آزﻣﺎﯾﺶ 3.6 –ﺗﻨﻈﯿﻤﺎت ‪Default route‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت روت ﭘﯿﺸﻔﺮض ﺑﻪ ﻣﻨﻈﻮر ارﺳﺎل ﺗﺮاﻓﯿﮏ ﻓﺎﻗﺪ ﻣﺴﯿﺮ ﻣﺸﺨﺺ در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ‬ ‫ﺷﺒﮑﻪ ﻣﻮﺟﻮد ﺑﻪ ﺷﺒﮑﻪ اي دﯾﮕﺮ)ﭘﯿﺸﻔﺮض( آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﻣﯿﺪاﻧﯿﺪ روﺗﺮﻫﺎ ﺗﺮاﻓﯿﮏ را ﺑﺮ ﺣﺴﺐ ﻧﺰدﯾﮑﺘﺮﯾﻦ ﻣﺴﯿﺮي ﮐﻪ در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ ﺧﻮد دارﻧﺪ ﺑﻪ ﺳﻤﺖ ﻣﻘﺼﺪ‬ ‫ارﺳﺎل ﻣﯿﮑﻨﻨﺪ. ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل اﮔﺮ روﺗﺮي ﻣﺴﯿﺮي در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ ﺧﻮد داﺷﺘﻪ ﺑﺎﺷﺪ ﻓﺮﺿﺎ ﯾﮏ ﻣﻮرد ﺑﻪ‬ ‫82/0.12.88.01 و ﯾﮏ ﻣﻮرد ﺑﻪ 42/0.12.88.01 و ﺑﺴﺘﻪ اي را ﺟﻬﺖ ارﺳﺎل ﺑﻪ آدرس 6.12.88.01درﯾﺎﻓﺖ ﮐﻨﺪ آﻧﺮا ﺑﻪ‬ ‫82/0.12.88.01 ﮐﻪ ﻧﺰدﯾﮑﺘﺮﯾﻦ روت ﺑﻪ ﻣﻘﺼﺪ اﺳﺖ اﻧﺘﺨﺎب ﻣﯿﮑﻨﺪ.‬ ‫ﺑﻪ ﻋﻨﻮان ﯾﮏ ﻣﻬﻨﺪس ﺷﺒﮑﻪ اﻟﺰاﻣﺎ ﻣﯿﺒﺎﯾﺴﺖ ﺑﺎ ﻣﻔﻬﻮم اﯾﻦ درس ﯾﻌﻨﯽ روت ﭘﯿﺸﻔﺮض آﺷﻨﺎ ﺑﺎﺷﯿﻢ. داﺷﺘﻦ روت‬ ‫ﭘﯿﺸﻔﺮض ﺷﻨﺎور در ﺳﻨﺎرﯾﻮﻫﺎي واﻗﻌﯽ داﯾﻨﺎﻣﯿﮏ روﺗﯿﻨﮓ ﺑﻪ ﻣﻨﻈﻮر اﯾﺠﺎد ﻗﺎﺑﻠﯿﺖ اﻓﺰوﻧﮕﯽ اﻣﺮي راﯾﺞ اﺳﺖ در اﯾﻦ‬ ‫ﺣﺎﻟﺖ ﺑﻪ ﻣﺤﺾ اﯾﻨﮑﻪ ﻣﺴﯿﺮﯾﺎﺑﯽ داﯾﻨﺎﻣﯿﮏ ﺑﻪ ﻫﺮ ﻋﻠﺘﯽ از دور ﺧﺎرج ﻣﯿﺸﻮد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ ﺗﺰرﯾﻖ‬ ‫ﺷﺪه ﻣﺴﺌﻮﻟﯿﺖ ﺑﺮﻗﺮار ﻣﺎﻧﺪن ارﺗﺒﺎط را ﺑﻪ ﻋﻬﺪه ﻣﯿﮕﯿﺮد.‬ ‫در ﯾﮏ ﺷﺒﮑﻪ ﻋﻤﻮﻣﺎ دو راه ﺑﺮاي ﻣﺘﺼﻞ ﺷﺪن ﺑﻪ اﯾﻨﺘﺮﻧﺖ از ﺷﺒﮑﻪ داﺧﻠﯽ وﺟﻮد دارد . راه اول اﺳﺘﻔﺎده از ‪Default‬‬ ‫‪ route‬در روﺗﺮ ﻟﺒﻪ اي ﺷﺒﮑﻪ اﺳﺖ ﮐﻪ ﺑﻪ ‪ ISP‬ﻣﻨﺘﻬﯽ ﻣﯿﺸﻮد در اﯾﻦ ﺣﺎﻟﺖ ﻫﺮ آدرﺳﯽ ﮐﻪ در ﺟﺪول ﻣﺴﯿﺮﯾﺎﺑﯽ اﯾﻦ‬ ‫روﺗﺮ وﺟﻮد ﻧﺪاﺷﺘﻪ ﺑﺎﺷﺪ ﻣﺴﺘﻘﯿﻤﺎ ﺑﻪ ﺳﻤﺖ ‪ ISP‬ارﺳﺎل ﻣﯿﺸﻮد. راه دوم اﺳﺘﻔﺎده از ﯾﮏ روﺗﺮ ﻓﻌﺎل در ﻣﮑﺎﻧﯿﺰم ‪BGP‬‬ ‫اﺳﺖ . اﯾﻦ ﻣﮑﺎﻧﯿﺰم ﻗﺎﺑﻠﯿﺘﯽ را ﺑﻪ روﺗﺮ ﻣﺤﻠﯽ ﻣﺎ ﻣﯿﺪﻫﺪ ﮐﻪ ﺗﻤﺎﻣﯽ روﺗﻬﺎي ﻣﻮرد اﺳﺘﻔﺎده در اﯾﻨﺘﺮﻧﺖ را در ﺧﻮد داﺷﺘﻪ‬ ‫ﺑﺎﺷﺪ و راﺳﺎ ﺟﻬﺖ ارﺳﺎل ﺑﺴﺘﻪ ﻫﺎ ﺑﻪ ﻣﻘﺼﺪ ﻫﺎي ﻣﺘﻔﺎوت ﺗﺼﻤﯿﻢ ﮔﯿﺮي ﮐﻨﺪ.ﻣﺒﺤﺚ ‪ BGP‬در دوره ‪ CCNP‬ﺑﻪ ﺗﻔﺼﯿﻞ‬ ‫ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﻣﯿﮕﯿﺮد‬ ‫ﺗﻨﻈﯿﻢ روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﺎدﮔﯽ ﺗﻨﻈﯿﻢ روت اﺳﺘﺎﺗﯿﮏ اﺳﺖ . روت ﭘﯿﺸﻔﺮض ﺗﻮﺳﻂ 0/0.0.0.0 ﻣﺸﺨﺺ ﻣﯿﺸﻮد ﮐﻪ‬ ‫ﺑﯿﺎﻧﮕﺮ رﻧﺞ ﮐﺎﻣﻞ آدرس از 0.0.0.0 ﺗﺎ 552.552.552.552 اﺳﺖ.‬ ‫در اﯾﻦ آز ﻣﺎﯾﺶ از ﻫﻤﺎن ﺗﻮﭘﻮﻟﻮژي آزﻣﺎﯾﺶ 2.6 ﻣﻨﺘﻬﺎ ﺑﺎ ﺗﻐﯿﯿﺮاﺗﯽ در آدرﺳﻬﺎ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد.اﺑﺘﺪا اﺳﺘﺎﺗﯿﮏ‬ ‫روﺗﻬﺎي ﻣﻮﺟﻮد در 3‪ R‬را ﺣﺬف ﺧﻮاﻫﯿﻢ ﮐﺮد و ﭘﺲ از آن روت ﭘﯿﺸﻔﺮض از 3‪ R‬ﺑﻪ ﺳﻤﺖ 2‪ R‬اﯾﺠﺎد ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ‫092 ‪Page 242 of‬‬
  • 244.
    Default route-6.3.1 ‫آزﻣﺎﯾﺶ‬ ‫ﭘﯿﺶﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ 6.1 ‫ در روﺗﺮﻫﺎ ﻣﺒﺘﻨﯽ ﺑﺮ آزﻣﺎﯾﺶ‬Frame realy ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬  R1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# Lab 6-3 R1 Initial Config # !################################################## ! enable configure terminal ! hostname R1 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.63.10.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.122 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.63.12.1 255.255.255.252 frame-relay interface-dlci 122 ! interface Serial0/0 no shut ! interface Serial0/1 description ### PPP Link TO R2 ### ip address 10.63.21.1 255.255.255.252 encapsulation ppp serial restart-delay 0 Page 243 of 290
  • 245.
    no shut ! exit ! ip route iproute ip route ip route ! 10.63.20.0 10.63.30.0 10.63.20.0 10.63.30.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 10.63.12.2 10.63.12.2 10.63.21.2 200 10.63.21.2 200 end R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# Lab 6-3 R2 Initial Config # !################################################## ! enable configure terminal ! hostname R2 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.63.20.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.63.12.2 255.255.255.252 frame-relay interface-dlci 221 ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 10.63.23.1 255.255.255.252 frame-relay interface-dlci 223 ! interface Serial0/0 no shut exit ! interface Serial0/1 description ### PPP LINK TO R1 ### ip address 10.63.21.2 255.255.255.252 encapsulation ppp serial restart-delay 0 no shut ! ip route 10.63.10.0 255.255.255.0 10.63.12.1 ip route 10.63.30.0 255.255.255.0 10.63.23.2 Page 244 of 290
  • 246.
    ip route 10.63.10.0255.255.255.0 10.63.21.1 200 ! end R3 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################## !# Lab 6-3 R3 Initial Config # !################################################## ! enable configure terminal ! hostname R3 ! interface Loopback0 description ### SIMULATED NETWORK ### ip address 10.63.30.1 255.255.255.0 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp ! interface Serial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.63.23.2 255.255.255.252 frame-relay interface-dlci 322 ! interface Serial0/0 no shut exit ! ip route 10.63.10.0 255.255.255.0 10.63.23.1 ip route 10.63.20.0 255.255.255.0 10.63.23.1 ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ R2 S0/0.223 ‫ و اﯾﺠﺎد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R3 ‫ﺣﺬف روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ در‬ 10.63.10.0/24 ‫ و‬R1 ‫ و 42/0.03.36.01 ﺑﻪ‬R3 ‫ﺑﺮرﺳﯽ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط از‬ R1 ‫ ﭘﯿﺸﺘﯿﺒﺎن در‬PPP ‫ﺑﺮرﺳﯽ اﻣﮑﺎن ﭘﯿﻨﮓ ﻟﯿﻨﮏ‬     ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ Page 245 of 290
  • 247.
    R2 S0/0.223 ‫و اﯾﺠﺎد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R3 ‫3. ﺣﺬف روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ در‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface Serial0/1 R1(config-if)#ip address 10.62.21.1 255.255.255.252 R1(config-if)#encapsulation ppp R1(config-if)#no shut R1(config-if)#end R1# R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface serial0/1 R2(config-if)#ip add 10.62.21.2 255.255.255.252 R2(config-if)#encapsulation ppp R2(config-if)#no shut R2(config-if)#end R2#ping 10.62.21.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.62.21.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/60 ms R2# R2 S0/0.223 ‫ و اﯾﺠﺎد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R3 ‫1. ﺣﺬف روﺗﻬﺎي اﺳﺘﺎﺗﯿﮏ در‬ R3#show run | include ip route ip route 10.63.10.0 255.255.255.0 10.63.23.1 ip route 10.63.20.0 255.255.255.0 10.63.23.1 R3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R3(config)#no ip route 10.63.10.0 255.255.255.0 10.63.23.1 R3(config)#no ip route 10.63.20.0 255.255.255.0 10.63.23.1 R3(config)#ip route 0.0.0.0 0.0.0.0 10.63.23.1 R3(config)#end R3# 10.63.10.0/24 ‫ و‬R1 ‫ و 42/0.03.36.01 ﺑﻪ‬R3 ‫2. ﺑﺮرﺳﯽ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط از‬ ‫ ﻣﺠﺪدا ارﺗﺒﺎط‬R2 ‫ را ﺣﺬف ﮐﺮدﯾﻢ اﻣﺎ ﺑﺎ اﯾﺠﺎد روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R2 ‫ﻗﺒﻼ ﻫﻤﻪ اﺳﺘﺎﺗﯿﮏ روﺗﻬﺎ ﺑﻪ ﺳﻤﺖ‬ ‫ﺑﺮﻗﺮار ﻣﯿﺸﻮد‬ R3#ping 10.63.10.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.63.10.1, timeout is 2 seconds: Page 246 of 290
  • 248.
    Packet sent witha source address of 10.63.30.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/82/168 ms R3# 10.63.30.0/24 ‫ از ﻃﺮﯾﻖ‬R1 ‫ ﭘﯿﺸﺘﯿﺒﺎن در‬PPP ‫3. ﺑﺮرﺳﯽ اﻣﮑﺎن ﭘﯿﻨﮓ ﻟﯿﻨﮏ‬ ‫ ﮐﻪ در آن‬R2 ‫ ﻫﯿﭻ روﺗﯽ ﺑﻪ ﺳﻤﺖ 03/0.12.36.01 ﻧﺪاﺷﺖ اﻣﺎ اﻻن ﯾﮏ روت ﭘﯿﺸﻔﺮض ﺑﻪ ﺳﻤﺖ‬R3 ‫ﻗﺒﻞ از اﯾﻦ‬ . ‫ﻣﺴﺘﻘﯿﻤﺎ ﺑﻪ 03/0.12.36.01 ﻣﺘﺼﻞ اﺳﺖ و روت ﺑﺮﮔﺸﺖ ﺑﻪ ﺳﻤﺖ 42/0.03.36.01 دارد را ﺷﺎﻫﺪ ﻫﺴﺘﯿﻢ‬ R3#ping 10.63.21.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.63.21.1, timeout is 2 seconds: Packet sent with a source address of 10.63.30.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/81/116 ms R3# Page 247 of 290
  • 249.
    ‫آزﻣﺎﯾﺶ 1.7 –ﺗﻨﻈﯿﻤﺎت ‪ – NAT‬ﯾﮏ ﺑﻪ ﯾﮏ‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﺎت ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ ﺑﺮاي ﺗﺮﺟﻤﻪ ﯾﮏ آدرس در ﺷﺒﮑﻪ داﺧﻠﯽ ﺑﻪ آدرﺳﯽ ﻣﺸﺨﺺ و‬ ‫ﺛﺎﺑﺖ در ﺷﺒﮑﻪ ﺧﺎرﺟﯽ ﺧﻮاﻫﯿﻢ ﭘﺮداﺧﺖ .‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫اﻣﺮوزه ﻋﻤﻼ در ﺗﻤﺎﻣﯽ ﺷﺒﮑﻪ ﻫﺎي راﯾﺎﻧﻪ اي دﻧﯿﺎ از ‪ NAT‬ﺑﺎ اﺳﺎﻣﯽ ﻣﺨﺘﻠﻔﯽ ﻫﻤﭽﻮن ﯾﮏ ﺑﻪ ﯾﮏ اﯾﺴﺘﺎ، داﯾﻨﺎﻣﯿﮏ و از‬ ‫ﻫﻤﻪ ﻣﻌﺮوﻓﺘﺮ ﯾﮏ ﺑﻪ ﭼﻨﺪ ﯾﺎ ‪ PAT‬ﮐﻪ آﻧﻬﻢ ﺑﻪ اﺷﺘﺒﺎه راﯾﺞ ‪ NAT‬ﺧﻮاﻧﺪه ﻣﯿﺸﻮد اﺳﺘﻔﺎده ﻣﯿﺸﻮد.ﻣﺒﺤﺚ داﯾﻨﺎﻣﯿﮏ‬ ‫‪ NAT‬و ‪ NAT Pool‬ﻫﻤﯿﻨﻄﻮر ‪ PAT‬در دو آزﻣﺎﯾﺶ آﯾﻨﺪه ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﺧﻮاﻫﻨﺪ ﮔﺮﻓﺖ .‬ ‫‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ ﯾﺎ اﺳﺘﺎﺗﯿﮏ ﻫﻨﮕﺎﻣﯽ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد ﮐﻪ ﻧﯿﺎز داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﯾﮏ ﮐﻼﯾﻨﺖ ﻣﺸﺨﺺ ﺑﺎ آدرﺳﯽ‬ ‫ﻣﺸﺨﺺ در ﺷﺒﮑﻪ داﺧﻠﯽ ﺻﺮﻓﺎ از ﻃﺮﯾﻖ ﻓﻘﻂ ﯾﮏ آدرس ﺧﺎرﺟﯽ ﺑﺎ ﺷﺒﮑﻪ ﻣﻘﺼﺪ در ارﺗﺒﺎط ﺑﺎﺷﺪ .‬ ‫‪ :Inside Local‬آدرس ﻣﻨﺘﺴﺐ ﺷﺪه ﺑﻪ ﯾﮏ ﻫﺎﺳﺖ در ﺷﺒﮑﻪ داﺧﻠﯽ ﭼﻪ از ﻃﺮﯾﻖ ‪ Dhcp‬و ﭼﻪ ﺛﺎﺑﺖ‬ ‫‪ :Inside Global‬آدرس ﻣﻌﺘﺒﺮ ﻣﻨﺘﺴﺐ ﺷﺪه ﺗﻮﺳﻂ ﭘﺮواﯾﺪر ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ دوم روﺗﺮ ﻣﻮﺟﻮد در ﺷﺒﮑﻪ داﺧﻠﯽ‬ ‫‪:Outside local‬آدرس ﻣﻨﺘﺴﺐ ﺷﺪه ﺑﻪ ﯾﮏ ﻫﺎﺳﺖ در ﺷﺒﮑﻪ ﻣﻘﺼﺪ ﭼﻪ از ﻃﺮﯾﻖ ‪ Dhcp‬و ﭼﻪ ﺛﺎﺑﺖ‬ ‫‪ :Outside Global‬آدرس ﻣﻨﺘﺴﺐ ﺷﺪه ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ﺧﺎرﺟﯽ روﺗﺮ ﺷﺒﮑﻪ ﻣﻘﺼﺪ‬ ‫در ﻓﺮاﯾﻨﺪ ﭘﯿﮑﺮﺑﻨﺪي ‪ NAT‬ﻣﯿﺒﺎﯾﺴﺖ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ورودي و ﺧﺮوﺟﯽ از ﻃﺮﯾﻖ ‪ ip nat inside | outside‬ﻣﺸﺨﺺ‬ ‫ﺷﻮﻧﺪ ﺑﺮاي ﻫﻤﯿﻦ ﻣﻨﻈﻮر در ﺗﻨﻈﻤﯿﺎت ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ ﺑﻪ دو آﯾﺘﻢ ﮐﻠﯿﺪي ﻧﯿﺎز دارﯾﻢ ، آدرس ﻫﺎﺳﺖ داﺧﻠﯽ ‪(inside‬‬ ‫)‪ local‬و آدرﺳﯽ ﮐﻪ آدرس داﺧﻠﯽ ﻣﺎ ﺑﺎﯾﺪ ﺑﻪ آن ﺗﺮﺟﻤﻪ ﺷﻮد)‪. (inside global‬‬ ‫ﭘﺲ از ﻣﺸﺨﺺ ﺷﺪن اﯾﻨﺪو، از ﻃﺮﯾﻖ ‪ip nat inside source static inside_local_ip outside_global_ip‬‬ ‫ﻣﮑﺎﻧﯿﺰم ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ در روﺗﺮ ﻣﻮرد ﻧﻈﺮ ﻓﻌﺎل ﻣﯿﺸﻮد. در ﻫﻨﮕﺎم ﮐﺎﻧﻔﯿﮓ ‪ NAT‬ﭼﻪ از ﻧﻮع ﯾﮏ ﺑﻪ ﯾﮏ ﯾﺎ ﯾﮏ ﺑﻪ‬ ‫ﭼﻨﺪ ﻣﯿﺘﻮان از ﻗﺎﺑﻠﯿﺖ ‪ Extendability‬در اﻧﺘﻬﺎي دﺳﺘﻮر ‪ Ip nat‬اﺳﺘﻔﺎده ﮐﺮد. ﺑﻪ ﻃﻮر ﮐﻠﯽ دو ﻧﻮع ‪ NAT‬اﺳﺘﺎﺗﯿﮏ‬ ‫ﯾﺎ ﯾﮏ ﺑﻪ ﯾﮏ وﺟﻮد دارد . در ﻧﻮع اول ﯾﺎ اﺳﺘﺎﻧﺪارد ﻧﮕﺎﺷﺘﯽ ﯾﮏ ﺑﻪ ﯾﮏ ﻣﺎﺑﯿﻦ آدرﺳﻬﺎي ﻣﺒﺪا و ﻣﻘﺼﺪ اﯾﺠﺎد ﻣﯿﺸﻮد و‬ ‫ﻫﺮ آدرس در ﺗﻨﻬﺎ ﯾﮏ ﻣﮑﺎﻧﯿﺰم ‪ NAT‬ﺷﺮﮐﺖ ﻣﯿﮑﻨﺪ.اﻣﺎ در ﻧﻮع ‪ extended‬اﯾﻦ ﻗﺎﺑﻠﯿﺖ وﺟﻮد دارد ﮐﻪ ﻧﮕﺎﺷﺘﯽ ﯾﮏ ﺑﻪ‬ ‫ﭼﻨﺪ ﻣﺎﺑﯿﻦ ﺗﻌﺪاد زﯾﺎدي آدرس ‪ inside local‬ﯾﺎ ‪ inside global‬ﺑﺮﻗﺮار ﺷﻮد.‬ ‫092 ‪Page 248 of‬‬
  • 250.
    ‫ﻋﺒﺎرت ‪ Extendable‬دراﻧﺘﻬﺎي دﺳﺘﻮر ‪ IP nat‬اﯾﻦ اﻣﮑﺎن را ﻓﺮاﻫﻢ ﻣﯽ آورد ﮐﻪ ﺗﻌﺪادي زﯾﺎدي دﺳﺘﻮر ‪ NAT‬ﺑﺎ‬ ‫آدرﺳﻬﺎي ﯾﮑﺴﺎن ‪ inside local‬ﯾﺎ ‪ inside global‬ﺑﺪون ﺗﺪاﺧﻞ و ﺗﻔﮑﯿﮏ ﺷﺪه در ﺳﻄﺢ ﭘﻮرت ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار‬ ‫ﮔﯿﺮﻧﺪ.‬ ‫ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل‬ ‫‪extendable‬‬ ‫‪extendable‬‬ ‫08‬ ‫344‬ ‫5.81.92.271‬ ‫5.81.92.271‬ ‫0808‬ ‫08‬ ‫1.1.11.01 ‪ip nat source static tcp‬‬ ‫41.1.11.01 ‪ip nat source static tcp‬‬ ‫ﺑﺎ اﺳﺘﻔﺎده از دﺳﺘﻮر ‪ the show ip nat translations‬ﻣﯿﺘﻮان ﻣﺤﺘﻮاي ﺟﺪول ‪ NAT‬روﺗﺮ را ﻣﺸﺎﻫﺪه ﮐﺮد ﻫﻤﯿﻨﻄﻮر‬ ‫ﺑﺎ دﺳﺘﻮر * ‪ clear ip nat translation‬ﺗﻤﺎم آﻧﺮا ﺧﺎﻟﯽ ﮐﺮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ‪ NAT‬اﺳﺘﺎﺗﯿﮏ ﯾﮏ ﺑﻪ ﯾﮏ ﻣﺎﺑﯿﻦ دو ﮐﻤﭙﺎﻧﯽ ‪ ABC‬و ‪ XYZ‬ﮐﻪ ﻫﺮ دو داراي رﻧﺞ آدرس ﺳﻤﺖ‬ ‫ﮐﺎرﺑﺮ ﯾﮑﺴﺎن ﻫﺴﺘﻨﺪ اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ . ﻫﻤﺎﻧﻄﻮر ﮐﻪ از ﺗﺼﻮﯾﺮ زﯾﺮ ﭘﯿﺪاﺳﺖ ﻫﺮ دوي اﯾﻦ ﺷﺮﮐﺘﻬﺎ داراي ﻫﺎﺳﺘﯽ ﺑﺎ آدرس‬ ‫ﯾﮑﺴﺎن 41.41.111.01 ﮐﻪ در اﯾﻨﺠﺎ ﺑﺎ ﯾﮏ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ ﻣﺸﺨﺺ ﻫﺴﺘﻨﺪ .‬ ‫ﺗﺼﻮﯾﺮ 1.1.11- ‪ NAT‬ﯾﮏ ﺑﻪ ﯾﮏ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺑﺎ ﺗﺼﻮﯾﺮ ﻓﻮق و اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ زﯾﺮ در روﺗﺮﻫﺎ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ 1‪R‬‬ ‫092 ‪Page 249 of‬‬
  • 251.
    !################################################### !# R1 InitialConfig !################################################### ! enable configure terminal ! hostname R1 no ip domain-lookup ! interface loopback0 description ### SIMULATED SERVER ### ip address 10.111.14.14 255.255.255.255 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp exit ! interface Serial0/0.122 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.111.12.1 255.255.255.0 frame-relay interface-dlci 122 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.111.12.1 0.0.0.0 network 10.111.14.14 0.0.0.0 exit ! line con 0 logging sync no exec-timeout ! end R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# R2 Initial Config !################################################### ! enable configure terminal ! Page 250 of 290
  • 252.
    hostname R2 no ipdomain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.111.12.2 255.255.255.0 frame-relay interface-dlci 221 exit ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 172.20.23.2 255.255.255.0 frame-relay interface-dlci 223 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.111.12.2 0.0.0.0 network 172.20.23.2 0.0.0.0 passive-interface Serial0/0.223 exit ! line con 0 logging sync no exec-timeout ! end10 R3 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# R3 Initial Config !################################################### ! enable configure terminal ! hostname R3 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay Page 251 of 290
  • 253.
    no frame-relay inverse-arp exit ! interfaceSerial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 172.20.23.3 255.255.255.0 frame-relay interface-dlci 322 exit ! interface Serial0/0.324 point-to-point description ### PHYSICAL FRAME RELAY INTERFACE ### ip address 10.111.34.3 255.255.255.0 frame-relay interface-dlci 324 no shut ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 172.20.23.3 0.0.0.0 network 10.111.34.3 0.0.0.0 passive-interface Serial0/0.322 exit ! line con 0 logging sync no exec-timeout ! end R4 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# R4 Initial Config !################################################### ! enable configure terminal ! hostname R4 no ip domain-lookup ! interface loopback0 description ### SIMULATED SERVER ### ip address 10.111.14.14 255.255.255.255 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit Page 252 of 290
  • 254.
    ! interface Serial0/0.423 point-to-point description### FRAME RELAY LINK TO R3 ### ip address 10.111.34.4 255.255.255.0 frame-relay interface-dlci 423 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.111.14.14 0.0.0.0 network 10.111.34.4 0.0.0.0 ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ NAT Inside , NAT Outside ‫ ﺑﻪ ﻋﻨﻮان‬R2,R3 ‫ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻣﺘﻨﺎﻇﺮ در‬ outside global ‫ ﺑﺎ ﻫﺪف ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ 41.41.111.01 ﺑﻪ‬R2 ‫ در‬NAT ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ‬   172.20.23.2 outside global ‫ ﺑﺎ ﻫﺪف ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ 41.41.111.01 ﺑﻪ‬R3 ‫ در‬NAT ‫اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ‬  172.20.23.3 R1 ‫ در‬Lo0 ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ ﻫﺎﺳﺘﻬﺎي دوﻃﺮف از ﻃﺮﯾﻖ ﭘﯿﻨﮓ ﺑﺎ ﻣﺒﺪا‬ Page 253 of 290 
  • 255.
    ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ NATInside , NAT Outside ‫ ﺑﻪ ﻋﻨﻮان‬R2,R3 ‫1. ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻣﺘﻨﺎﻇﺮ در‬ R2#configure terminal Enter configuration commands, one per line. End with R2(config)#interface Serial0/0.221 R2(config-subif)#ip nat inside %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, R2(config-subif)#interface Serial0/0.223 R2(config-subif)#ip nat outside R2(config-subif)#end R2# R3#configure terminal Enter configuration commands, one per line. End with R3(config)#interface Serial0/0.322 R3(config-subif)#ip nat outside %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, R3(config-subif)#interface Serial0/0.324 R3(config-subif)#ip nat inside R3(config-subif)#end R3# CNTL/Z. changed state to up CNTL/Z. changed state to up outside global ‫ ﺑﺎ ﻫﺪف ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ 41.41.111.01 ﺑﻪ‬R2 ‫ در‬NAT ‫1. اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ‬ 172.20.23.2 R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip nat inside source static 10.111.14.14 172.20.23.2 R2(config)#end R2# outside global ‫ ﺑﺎ ﻫﺪف ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ 41.41.111.01 ﺑﻪ‬R3 ‫ در‬NAT ‫3. اﯾﺠﺎد اﺳﺘﺎﺗﯿﮏ‬ 172.20.23.3 R3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ip nat inside source static 10.111.14.14 172.20.23.3 R3(config)#end R3# R1 ‫ در‬Lo0 ‫4. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﻣﺎﺑﯿﻦ ﻫﺎﺳﺘﻬﺎي دوﻃﺮف از ﻃﺮﯾﻖ ﭘﯿﻨﮓ ﺑﺎ ﻣﺒﺪا‬ Page 254 of 290
  • 256.
    R1#ping 172.20.23.3 sourceloopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.20.23.3, timeout is 2 seconds: Packet sent with a source address of 10.111.1.14 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 88/90/93 ms R1# Page 255 of 290
  • 257.
  • 258.
    ‫آزﻣﺎﯾﺶ 2.7 –ﺗﻨﻈﯿﻤﺎت ‪Dynamc NAT-NAT Pool‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ NAT Pool‬ﺑﻪ ﻣﻨﻈﻮر ﺗﺨﺼﯿﺺ آدرس از ﻣﺠﻤﻮﻋﻪ اي از آدرﺳﻬﺎي ﺧﺎرﺟﯽ ﺑﻪ‬ ‫ﻫﺎﺳﺘﻬﺎي داﺧﻠﯽ ﺑﺮ اﺳﺎس اﻟﻮﯾﺖ درﺧﻮاﺳﺖ از ﺳﻤﺖ ﺷﺒﮑﻪ داﺧﻠﯽ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫‪ NAT Pool‬ﻣﺠﻤﻮﻋﻪ اي از آدرﺳﻬﺎﺳﺖ ﮐﻪ ﺑﻪ ﻃﻮر ﻣﻨﻈﻢ و ﺑﺮ ﺣﺴﺐ ﺗﺮﺗﯿﺐ درﺧﻮاﺳﺖ ﯾﮏ آدرس واﻗﻊ در ‪Inside‬‬ ‫‪ local‬و ﻫﻤﺎﻫﻨﮓ ﺑﺎ ﺑﺎ اﮐﺴﺲ ﻟﯿﺴﺖ ﻣﺘﻨﺎﻇﺮ ﺑﻪ ﻣﺘﻘﺎﺿﯽ آن ﻣﻨﺘﺴﺐ ﻣﯿﺸﻮد.ﻣﺰﯾﺖ اﯾﻦ ﻧﻮع ﮐﺎﻧﻔﯿﮓ در اﻣﮑﺎن ﺑﻬﺮه‬ ‫ﮔﯿﺮي ﺷﺒﮑﻪ داﺧﻠﯽ از رﻧﺞ آدرس ﺧﺼﻮﺻﯽ ﻣﺒﺘﻨﯽ ﺑﺮ 8191‪ RFC‬ﻣﺎﻧﻨﺪ 8/0.0.0.01 و اﻣﮑﺎن ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ دﻧﯿﺎي‬ ‫ﺧﺎرج اﯾﻦ ﻓﻀﺎي آدرﺳﯽ از ﻃﺮﯾﻖ ﻧﮕﺎﺷﺖ ﯾﮏ ﺑﻪ ﯾﮏ ﻣﺎﺑﯿﻦ آدرﺳﻬﺎي داﺧﻠﯽ و آدرﺳﻬﺎ ﻣﻌﺘﺒﺮ ﺧﺎرﺟﯽ واﻗﻊ در ‪NAT‬‬ ‫‪ Pool‬اﺳﺖ. اﻣﺮوزه ﻋﻤﺪه اﺳﺘﻔﺎده ‪ NAT pool‬در اﯾﺠﺎد ‪ DMZ‬اﺳﺖ وﯾﺎ ﺷﺮﮐﺘﻬﺎﯾﯽ ﮐﻪ ﻣﺎﯾﻠﻨﺪ ﻫﺮﯾﮏ از آدرﺳﻬﺎي‬ ‫ﻣﻮﺟﻮد در ﺷﺒﮑﻪ داﺧﻠﯿﺸﺎن از ﻃﺮﯾﻖ ﯾﮏ آدرس ﻣﻌﺘﺒﺮ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮد ﺑﻪ دﻧﯿﺎي ﺧﺎرج ﻣﺮﺗﺒﻂ ﺷﻮد.‬ ‫ﺟﻬﺖ ﮐﺎﻧﻔﯿﮓ ‪ NAT Pool‬در وﺣﻠﻪ اول ﻧﯿﺎز اﺳﺖ ‪ Pool‬ﻣﻮرد ﻧﻈﺮ از ﻃﺮﯾﻖ ﻣﺸﺨﺺ ﮐﺮدن ﻣﺤﺪوده اﺑﺘﺪا و اﻧﺘﻬﺎي‬ ‫آدرﺳﻬﺎ ﻣﺸﺨﺺ ﺷﻮد.ﭘﺲ از آن ﻣﯿﺒﺎﯾﺴﺖ ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي از دﺳﺘﻮر ‪ NAT‬ﮐﻪ از ﯾﮏ اﮐﺴﺲ ﻟﯿﺴﺖ وﯾﮋه ﺑﻪ ﻣﻨﻈﻮر‬ ‫اﻋﻤﺎل ﺳﯿﺎﺳﺖ ﻧﮕﺎﺷﺖ آدرﺳﻬﺎي داﺧﻠﯽ ﺑﻪ آدرﺳﻬﺎي ﻋﻤﻮﻣﯽ ﺧﺎرﺟﯽ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ ﻣﮑﺎﻧﯿﺰم ﺗﺮﺟﻤﻪ آدرس را ﺗﮑﻤﯿﻞ‬ ‫ﮐﻨﯿﻢ.‬ ‫ﺑﺮاي اﯾﺠﺎد ‪ NAT Pool‬از دﺳﺘﻮر # ‪ ip nat pool poolname sip.sip.sip.sip eip.eip.eip.eip prefix‬و در‬ ‫اداﻣﻪ از دﺳﺘﻮر ‪ip nat inside source list ACL#_OR_NAME pool POOLNAME‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ از ﺳﻪ روﺗﺮ 3‪ R1,R2,R‬ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﻣﮑﺎﻧﯿﺰم ﺗﺮﺟﻤﻪ آدرس ﯾﮏ ﺷﺒﮑﻪ ﻣﺘﺼﻞ ﺑﻪ ‪ ISP‬اﺳﺘﻔﺎده‬ ‫ﺧﻮاﻫﯿﻢ ﮐﺮد و 2‪ R‬وﻇﯿﻔﻪ ﺗﺮﺟﻤﻪ آدرﺳﻬﺎي ﺷﺒﮑﻪ داﺧﻠﯽ ﺑﻪ آدرﺳﻬﺎي ﻣﻌﺘﺒﺮ ﺧﺎرﺟﯽ ﻣﺒﺘﻨﯽ ﺑﺮ ‪ NAT Pool‬اﺧﺬ ﺷﺪه‬ ‫از ‪ ISP‬را ﺑﻪ ﻋﻬﺪه ﺧﻮاﻫﺪ داﺷﺖ.‬ ‫.‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﺗﺼﻮﯾﺮ زﯾﺮ‬ ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﺑﻪ روﺗﺮﻫﺎ‬ ‫092 ‪Page 257 of‬‬
  • 259.
    NAT Pool –11.2.1 ‫ﺗﺼﻮﯾﺮ‬ R1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬ !################################################### !# Lab 7-2 R1 Initial Config # !################################################### ! enable configure terminal ! hostname R1 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address encapsulation frame-relay serial restart-delay 0 no frame-relay inverse-arp exit ! interface Serial0/0.122 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.112.12.1 255.255.255.252 frame-relay interface-dlci 122 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.112.12.1 0.0.0.0 exit ! line con 0 logging sync Page 258 of 290
  • 260.
    no exec-timeout ! end R2 ‫ﺗﻨﻈﯿﻤﺎتاوﻟﯿﻪ روﺗﺮ‬ !################################################### !# Lab 7-2 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.112.12.2 255.255.255.252 frame-relay interface-dlci 221 exit ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 171.18.24.1 255.255.255.224 frame-relay interface-dlci 223 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.112.12.2 0.0.0.0 network 171.18.24.1 0.0.0.0 redistribute static passive-interface Serial0/0.223 exit ! ip route 0.0.0.0 0.0.0.0 171.18.24.2 ! line con 0 logging sync no exec-timeout ! end Page 259 of 290
  • 261.
    R3 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪروﺗﺮ‬ !################################################### !# Lab 11-2 R3 Initial Config # !################################################### ! enable configure terminal ! hostname R3 no ip domain-lookup ! interface Loopback0 description ### SIMULATED INTERNET HOST ### ip address 4.2.2.2 255.255.255.255 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 171.18.24.2 255.255.255.224 frame-relay interface-dlci 322 exit ! interface Serial0/0 no shut exit ! line con 0 logging sync no exec-timeout ! End ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ EIGRP AS 10 ‫ آﻧﻬﺎ در‬advertise ‫ از رﻧﺞ 22/0.0.55.01 و‬R1 ‫اﯾﺠﺎد 4 اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ در‬  171.18.24.5-25/27 ‫ ﺑﺎ رﻧﺞ‬NAT Pool ‫ و اﯾﺠﺎد‬R2 ‫ در‬NAT ‫ﺗﻨﻈﯿﻢ ﭘﺎرﻣﺘﺮﻫﺎي اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﻌﺎل‬  ‫ ﺟﻬﺖ اﻋﻤﺎل ﺳﯿﺎﺳﺖ اﻧﺘﺴﺎب آدرﺳﻬﺎي داﺧﻠﯽ ﺑﻪ ﺧﺎرﺟﯽ‬R2 ‫ ﺷﺪه در‬extend ‫اﯾﺠﺎد اﮐﺴﺲ ﻟﯿﺴﺖ‬  dynamic NAT ‫اﯾﺠﺎد‬  NAT ‫ از ﻃﺮﯾﻖ‬R3 ‫ ﺑﺎ آدرس 2.2.2.4 در‬R1 ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط‬  R1 ‫ ﺑﻪ ﻫﺎﺳﺘﻬﺎي ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﮑﻪ داﺧﻠﯽ‬Pool ‫ﺗﺴﺖ ﺻﺤﺖ اﻧﺘﺴﺎب آدرﺳﻬﺎي‬  Page 260 of 290
  • 262.
    ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ EIGRP AS10 ‫ آﻧﻬﺎ در‬advertise ‫ از رﻧﺞ 22/0.0.55.01 و‬R1 ‫1. اﯾﺠﺎد 4 اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ در‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface loopback0 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up R1(config-if)#ip add 10.55.0.1 255.255.255.0 R1(config-if)#interface loopback1 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up R1(config-if)#ip add 10.55.1.1 255.255.255.0 R1(config-if)#interface loopback2 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2, changed state to up R1(config-if)#ip add 10.55.2.1 255.255.255.0 R1(config-if)#interface loopback3 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback3, changed state to up R1(config-if)#ip add 10.55.3.1 255.255.255.0 R1(config-if)#exit R1(config)#router eigrp 10 R1(config-router)#network 10.55.0.0 0.0.3.255 R1(config-router)#end R1# 171.18.24.5-25/27 ‫ ﺑﺎ رﻧﺞ‬NAT Pool ‫ و اﯾﺠﺎد‬R2 ‫ در‬NAT ‫2. ﺗﻨﻈﯿﻢ ﭘﺎرﻣﺘﺮﻫﺎي اﯾﻨﺘﺮﻓﯿﺴﻬﺎي ﻓﻌﺎل‬ R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0.221 R2(config-subif)#ip nat inside %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up R2(config-subif)#interface Serial0/0.223 R2(config-subif)#ip nat outside R2(config-subif)#exit R2(config)#ip nat pool natpool1 171.18.24.5 171.18.24.25 prefix-length 27 R2(config)# ‫ ﺟﻬﺖ اﻋﻤﺎل ﺳﯿﺎﺳﺖ اﻧﺘﺴﺎب آدرﺳﻬﺎي داﺧﻠﯽ ﺑﻪ ﺧﺎرﺟﯽ‬R2 ‫ ﺷﺪه در‬extend ‫3. اﯾﺠﺎد اﮐﺴﺲ ﻟﯿﺴﺖ‬ R2(config)#ip access-list extended NATPOOL_ACL R2(config-ext-nacl)#10 permit ip 10.55.0.0 0.0.3.255 any R2(config-ext-nacl)#exit R2(config)# Page 261 of 290
  • 263.
    dynamic NAT ‫4.اﯾﺠﺎد‬ R2(config)#ip nat inside source list NATPOOL_ACL pool natpool1 R2(config)#end R2# NAT ‫ از ﻃﺮﯾﻖ‬R3 ‫ ﺑﺎ آدرس 2.2.2.4 در‬R1 ‫5. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط‬ R1#ping 4.2.2.2 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.0.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/104/196 ms R1#ping 4.2.2.2 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/108/184 ms R1#ping 4.2.2.2 source lo2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.2.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/136/252 ms R1#ping 4.2.2.2 source lo3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.3.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/83/224 ms R1# R1 ‫ ﺑﻪ ﻫﺎﺳﺘﻬﺎي ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﮑﻪ داﺧﻠﯽ‬Pool ‫6. ﺗﺴﺖ ﺻﺤﺖ اﻧﺘﺴﺎب آدرﺳﻬﺎي‬ R2#show ip nat translations Pro Inside global Inside local icmp 171.18.24.5:2 10.55.0.1:2 --- 171.18.24.5 10.55.0.1 icmp 171.18.24.6:3 10.55.1.1:3 --- 171.18.24.6 10.55.1.1 icmp 171.18.24.7:4 10.55.2.1:4 Outside local 4.2.2.2:2 --4.2.2.2:3 --4.2.2.2:4 Outside global 4.2.2.2:2 --4.2.2.2:3 --4.2.2.2:4 Page 262 of 290
  • 264.
    --- 171.18.24.7 icmp 171.18.24.8:5 ---171.18.24.8 R2# Page 263 of 290 10.55.2.1 10.55.3.1:5 10.55.3.1 --4.2.2.2:5 --- --4.2.2.2:5 ---
  • 265.
    ‫آزﻣﺎﯾﺶ 3.7 –ﺗﻨﻈﯿﻤﺎت ‪PAT‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ PAT‬ﺑﻪ ﻣﻨﻈﻮر ﺗﺮﺟﻤﻪ ﺗﻌﺪاد زﯾﺎدي آدرس داﺧﻠﯽ ﺑﻪ ﯾﮏ آدرس ﻋﻤﻮﻣﯽ ﺧﺎرﺟﯽ‬ ‫آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺳﺨﻦ از ‪ NAT‬ﺑﻪ ﻣﯿﺎن ﻣﯽ آﯾﺪ ﻋﻤﻮﻣﺎ ذﻫﻨﻬﺎ ﺑﻪ ﺳﻤﺖ ﻓﺮاﯾﻨﺪ ﺗﺮﺟﻤﻪ آدرس ﺗﻌﺪاد زﯾﺎدي آدرس ﺧﺼﻮﺻﯽ‬ ‫داﺧﻠﯽ ﺑﻪ ﯾﮏ آدرس ﻋﻤﻮﻣﯽ ﻣﺘﻮﺟﻪ ﻣﯿﺸﻮﻧﺪ ﮐﻪ ﺑﻪ ﻏﻠﻂ ‪ NAT‬ﺧﻮاﻧﺪه ﻣﯿﺸﻮد.ﻋﻨﻮان ﺻﺤﯿﺢ اﯾﻦ ﻓﺮاﯾﻨﺪ ‪ PAT‬ﯾﺎ ‪port‬‬ ‫‪ address translation‬اﺳﺖ.‬ ‫‪ PAT‬ﻧﻮﻋﯽ از ‪ NAT‬ﻣﺤﺴﻮب ﻣﯿﺸﻮد ﮐﻪ ﺗﻌﺪاد زﯾﺎدي آدرس داﺧﻠﯽ ‪Inside local‬را ﺑﻪ ﯾﮏ آدرس ﻋﻤﻮﻣﯽ ‪Inside‬‬ ‫‪ global‬ﮐﻪ ﻋﻤﺪﺗﺎ ﺗﻮﺳﻂ ‪ ISP‬در اﺧﺘﯿﺎر ﮔﺬاﺷﺘﻪ ﻣﯿﺸﻮد ﺗﺮﺟﻤﻪ ﻣﯿﮑﻨﺪ.‪ PAT‬را در ﻋﯿﻦ ﺣﺎل ﻣﯿﺘﻮان ﺑﻪ ﺻﻮرت ﻓﺮم‬ ‫داﯾﻨﺎﻣﯿﮏ ‪ Extended NAT‬ﻫﻢ در ﻧﻈﺮ ﮔﺮﻓﺖ.ﻋﻤﻠﮑﺮد ﻋﻤﻮﻣﯽ ‪ PAT‬ﺑﺴﯿﺎر ﺳﺎده اﺳﺖ ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﯾﮏ ‪ PC‬در‬ ‫ﺷﺒﮑﻪ داﺧﻠﯽ ﺑﺎ آدرس 22.1.55.01 ﻗﺼﺪ دارد ﮐﻪ ﺑﻪ اﯾﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﻮد اﻣﺎ اﯾﻦ رﻧﺞ ‪ IP‬ﻗﺎﺑﻠﯿﺖ روﺗﯿﻨﮓ در اﯾﻨﺘﺮﻧﺖ را‬ ‫ﻧﺪارد ﭘﺲ ﺑﻪ ‪ IP‬ﻧﯿﺎز اﺳﺖ ﮐﻪ اﯾﻦ ﻗﺎﺑﻠﯿﺖ را داﺷﺘﻪ ﺑﺎﺷﺪ.ﻫﻨﮕﺎﻣﯽ ﮐﻪ ‪ PC‬درﺧﻮاﺳﺖ ارﺗﺒﺎط ﺑﺎ اﯾﻨﺘﺮﻧﺖ را ﺑﻪ ﺳﻤﺖ روﺗﺮ‬ ‫ﻣﺤﻠﯽ ارﺳﺎل ﻣﯿﮑﻨﺪ روﺗﺮ ﭘﮑﺖ درﯾﺎﻓﺘﯽ را ﺑﻪ آدرس ﻋﻤﻮﻣﯽ ﺧﻮد و ﯾﮏ ﺷﻤﺎره ﭘﻮرت ﺗﺼﺎدﻓﯽ ‪ PAT‬ﻣﯿﮑﻨﺪ و اﯾﻦ‬ ‫ﺟﺮﯾﺎن ﮐﺎري را در ﺟﺪول ‪ NAT‬ﺧﻮد ﺟﻬﺖ اﻧﺠﺎم ﻣﻌﮑﻮس اﯾﻦ ﻓﺮاﯾﻨﺪ روي ﭘﮑﺘﻬﺎي ﺑﺎزﮔﺸﺘﯽ ذﺧﯿﺮه ﻣﯿﮑﻨﺪ.‬ ‫در ﻣﺜﺎل ﺑﺎﻻ ‪ PC‬ﺑﺎ آدرس 22.1.55.01 ﺗﻼش ﻣﯿﮑﻨﺪ ﺗﺎ ﺑﺎ آدرس 4.2.2.4 ﺗﻤﺎس ﺑﺮﻗﺮار ﮐﻨﺪ ﭘﺲ در ﻣﺮﺣﻠﻪ اول ﺗﺮاﻓﯿﮏ‬ ‫را ﺑﻪ ﺳﻤﺖ ‪ default gateway‬ﺷﺒﮑﻪ ارﺳﺎل ﻣﯿﮑﻨﺪ و اﯾﻦ روﺗﺮ ﻫﻢ از ﻃﺮﯾﻖ ﯾﮏ اﺗﺼﺎل 1‪ T‬ﺑﻪ اﯾﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ‬ ‫اﺳﺖ.روﺗﺮ ﭘﺲ از درﯾﺎﻓﺖ ﭘﮑﺖ ورودي ﺑﺎ آدرس 22.1.55.01 و ﺷﻤﺎره ﭘﻮرﺗﯽ ﺧﺎص آﻧﺮا ﺑﻪ آدرس اﯾﻨﺘﺮﻓﯿﺲ 1‪ T‬ﺧﻮد و‬ ‫ﺷﻤﺎره ﭘﻮرت ﺗﺼﺎدﻓﯽ ﺑﺎ ﻫﻤﺎن ﻣﻘﺼﺪ اوﻟﯿﻪ ﺗﺮﺟﻤﻪ ﻣﯿﮑﻨﺪ و اﯾﻦ ﻓﺮاﯾﻨﺪ را در ﺟﺪول ‪ NAT‬ﺧﻮد ذﺧﯿﺮه ﻣﯿﮑﻨﺪ.ﭘﺲ از‬ ‫آن ﭘﮑﺖ را ﺑﻪ دﻧﯿﺎي ﺧﺎرج ارﺳﺎل ﻣﯿﮑﻨﺪ. ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺗﺮاﻓﯿﮏ ﻣﺠﺪدا ﺑﻪ روﺗﺮ ﺑﺎز ﻣﯿﮕﺮدد از ﻫﻤﺎن ﻓﺮاﯾﻨﺪ ﯾﺎدداﺷﺖ ﺷﺪه‬ ‫در ﺟﺪول ‪ NAT‬ﺧﻮد ﺟﻬﺖ ﺗﺮﺟﻤﻪ ﻣﻌﮑﻮس آدرس و رﺳﺎﻧﺪن ﺗﺮاﻓﯿﮏ ﺑﻪ آدرس ﺷﺒﮑﻪ داﺧﻠﯽ اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ.‬ ‫ﺟﻬﺖ ﺗﻨﻈﯿﻢ ‪ PAT‬ﻣﺎﻧﻨﺪ ﻫﻤﻪ ‪ NAT‬ﻫﺎﯾﯽ ﮐﻪ ﺗﺎ ﮐﻨﻮن دﯾﺪﯾﻢ ﻧﯿﺎز اﺳﺖ ﺗﺎ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي داﺧﻠﯽ و ﺧﺎرﺟﯽ ﻣﺸﺨﺺ‬ ‫ﺷﻮﻧﺪ.ﭘﺲ از آن ﻫﻢ ﻧﯿﺎز ﺑﻪ ‪ Acl‬ﺟﻬﺖ ارﺟﺎ دﺳﺘﻮر ‪ NAT‬ﺑﻪ آن ﺑﻪ ﻣﻨﻈﻮر اﻋﻤﺎل ﺳﯿﺎﺳﺖ ﻫﺎي دﺳﺘﺮﺳﯽ اﺳﺖ.در‬ ‫ﺻﻮرﺗﯿﮑﻪ داراي رﻧﺠﯽ از آدرﺳﻬﺎي ﻋﻤﻮﻣﯽ ﻫﺴﺘﯿﺪ و ﻣﺎﯾﻠﯿﺪ ﮐﻪ ﺑﻪ ﺟﺎي اﺳﺘﻔﺎده از ﯾﮏ ﺗﮏ آدرس ﻣﻨﺘﺴﺐ ﺑﻪ‬ ‫اﯾﻨﺘﺮﻓﯿﺲ ‪ WAN‬روﺗﺮ از ﯾﮑﯽ از آﻧﻬﺎ اﺳﺘﻔﺎده ﮐﻨﯿﺪ ﻧﯿﺎز اﺳﺖ ﺗﺎ در اﺑﺘﺪا ﯾﮏ ‪ NAT Pool‬ﺑﺎ رﻧﺠﯽ از آدرﺳﻬﺎي ﻣﻮرد‬ ‫ﻧﻈﺮ اﯾﺠﺎد ﺷﻮد اﻣﺎ ﻋﻤﻮﻣﺎ ﻓﺮاﯾﻨﺪ ‪ PAT‬از ﻃﺮﯾﻖ ﺗﺮﺟﻤﻪ آدرس داﺧﻠﯽ ﺑﻪ آدرس ﻋﻤﻮﻣﯽ ﻣﻨﺘﺴﺐ ﺑﻪ اﯾﻨﺘﺮﻓﯿﺲ ‪WAN‬‬ ‫ﺻﻮرت ﻣﯿﭙﺬﯾﺮد . در اﯾﻦ ﺣﺎﻟﺖ ﻧﯿﺎزي ﺑﻪ ﻣﺸﺨﺺ ﮐﺮدن ‪ pool‬ﻧﯿﺴﺖ و ﺻﺮﻓﺎ ﻣﺸﺨﺼﺎ ﮐﺮدن اﯾﻨﺘﺮﻓﯿﺲ ﺑﻪ ﻫﻤﺮاه ﻋﺒﺎرت‬ ‫‪ overload‬ﮐﺎﻓﯽ اﺳﺖ ﻣﺜﻞ :‬ ‫‪ip nat inside source list PAT_TRAFFIC interface Serial0/0.223 overload‬‬ ‫092 ‪Page 264 of‬‬
  • 266.
    ‫ اﺳﺘﻔﺎده‬R3 ‫در‬ISP ‫ ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﺷﺒﮑﻪ ﯾﮏ ﮐﻤﭙﺎﻧﯽ ﮐﻮﭼﮏ ﻣﺘﺼﻞ ﺑﻪ‬R1,R2,R3 ‫در اﯾﻦ آزﻣﺎﯾﺶ از روﺗﺮﻫﺎي‬ ‫ ﺑﻪ ﻋﻬﺪه‬R3 ‫ را ﺟﻬﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ‬R1 ‫ آدرﺳﻬﺎي داﺧﻠﯽ ﻣﺘﺼﻞ ﺑﻪ‬PAT ‫ وﻇﯿﻔﻪ‬R2 ‫ﺧﻮاﻫﯿﻢ ﮐﺮد.در اﯾﻦ ﺑﯿﻦ‬ .‫ﺧﻮاﻫﺪ داﺷﺖ‬ :‫در اﯾﻦ آزﻣﺎﯾﺶ از دﺳﺘﻮرات زﯾﺮ اﺳﺘﻔﺎده ﺧﻮاﻫﯿﻢ ﮐﺮد‬ ip nat inside source list aclnameor# ip.ip.ip.ip overload ip nat inside source list aclnameor# interface interface#/# overload show ip nat translations – clear ip nat translation * The following logical topology shown below is used in this lab; Port Address Translation -11.3.1 ‫ﺗﺼﻮﯾﺮ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫اﻋﻤﺎل ﺗﻨﻈﻤﯿﺎت اوﻟﯿﻪ روﺗﺮﻫﺎ ﻣﻄﺎﺑﻖ زﯾﺮ‬ R1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################### !# Lab 7-3 R1 Initial Config # !################################################### ! enable configure terminal ! hostname R1 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### no ip address Page 265 of 290 
  • 267.
    encapsulation frame-relay serial restart-delay0 no frame-relay inverse-arp exit ! interface Serial0/0.122 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 10.113.12.1 255.255.255.252 frame-relay interface-dlci 122 exit ! interface Serial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.113.12.1 0.0.0.0 exit ! line con 0 logging sync no exec-timeout ! end R2 ‫ﺗﻨﻈﻤﯿﺎت اوﻟﯿﻪ‬ !################################################### !# 7-3 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.221 point-to-point description ### FRAME RELAY LINK TO R1 ### ip address 10.113.12.2 255.255.255.252 frame-relay interface-dlci 221 exit ! interface Serial0/0.223 point-to-point description ### FRAME RELAY LINK TO R3 ### ip address 172.29.81.1 255.255.255.252 Page 266 of 290
  • 268.
    frame-relay interface-dlci 223 exit ! interfaceSerial0/0 no shut exit ! router eigrp 10 no auto-summary network 10.113.12.2 0.0.0.0 network 172.29.81.1 0.0.0.0 redistribute static passive-interface Serial0/0.223 exit ! ip route 0.0.0.0 0.0.0.0 172.29.81.2 ! line con 0 logging sync no exec-timeout ! end R3 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################### !# Lab 7-3 R3 Initial Config # !################################################### ! enable configure terminal ! hostname R3 no ip domain-lookup ! interface Loopback0 description ### SIMULATED INTERNET HOST ### ip address 4.2.2.2 255.255.255.255 ! interface Serial0/0 description ### PHYSICAL FRAME RELAY INTERFACE ### encapsulation frame-relay no frame-relay inverse-arp exit ! interface Serial0/0.322 point-to-point description ### FRAME RELAY LINK TO R2 ### ip address 172.29.81.2 255.255.255.224 frame-relay interface-dlci 322 exit ! interface Serial0/0 no shut exit ! Page 267 of 290
  • 269.
    line con 0 loggingsync no exec-timeout ! End ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ EIGRP AS 10 ‫اﯾﺠﺎد 4 اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ 22/0.0.55.01 و ﻣﻌﺮﻓﯽ آﻧﻬﺎ ﺑﻪ‬  R2 ‫ در‬NAT ‫ ﻣﺮﺗﺒﻂ ﺑﺎ‬inside/outside ‫ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي‬  R2 ‫ ﺑﺎ ﻧﺎم در‬ACL ‫اﯾﺠﺎد ﯾﮏ‬ Serial0/0.223 ‫ از ﻃﺮﯾﻖ اﯾﻨﺘﺮﻓﯿﺲ‬R2 ‫ در‬PAT ‫ﺗﻨﻈﯿﻢ‬   R1 ‫ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ 4.2.2.4 از ﺳﻤﺖ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ واﻗﻊ در‬  R2 ‫ در‬NAT Table ‫ﺑﺮرﺳﯽ ﻣﺤﺘﻮاي‬  ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ EIGRP AS 10 ‫1. اﯾﺠﺎد 4 اﯾﻨﺘﺮﻓﯿﺲ ﻟﻮپ ﺑﮏ 22/0.0.55.01 و ﻣﻌﺮﻓﯽ آﻧﻬﺎ ﺑﻪ‬ R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface loopback0 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed R1(config-if)#ip add 10.55.0.1 255.255.255.0 R1(config-if)#interface loopback1 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed R1(config-if)#ip add 10.55.1.1 255.255.255.0 R1(config-if)#interface loopback2 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2, changed R1(config-if)#ip add 10.55.2.1 255.255.255.0 R1(config-if)#interface loopback3 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback3, changed R1(config-if)#ip add 10.55.3.1 255.255.255.0 R1(config-if)#exit R1(config)#router eigrp 10 R1(config-router)#network 10.55.0.0 0.0.3.255 R1(config-router)#end R1# state to up state to up state to up state to up R2 ‫ در‬NAT ‫ ﻣﺮﺗﺒﻂ ﺑﺎ‬inside/outside ‫2. ﺗﻨﻈﯿﻢ اﯾﻨﺘﺮﻓﯿﺴﻬﺎي‬ Page 268 of 290
  • 270.
    R2#configure terminal Enter configurationcommands, one per line. End with CNTL/Z. R2(config)#interface Serial0/0.221 R2(config-subif)#ip nat inside %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up R2(config-subif)#interface Serial0/0.223 R2(config-subif)#ip nat outside R2(config-subif)#exit R2(config)# .‫ ﺟﻬﺖ ﺻﺪور ﻣﺠﻮز ﺗﺮدد آدرﺳﻬﺎي ﺷﺒﮑﻪ داﺧﻠﯽ ﺑﻪ اﯾﻨﺘﺮﻧﺖ‬R2 ‫ ﺑﺎ ﻧﺎم در‬ACL ‫3. اﯾﺠﺎد ﯾﮏ‬ R2(config)#ip access-list extended PAT_TRAFFIC_ACL R2(config-ext-nacl)#10 permit ip 10.55.0.0 0.0.3.255 any R2(config-ext-nacl)#exit R2(config)# Serial0/0.223 ‫ از ﻃﺮﯾﻖ اﯾﻨﺘﺮﻓﯿﺲ‬R2 ‫ در‬PAT ‫4. ﺗﻨﻈﯿﻢ‬ R2(config)#ip nat inside source list PAT_TRAFFIC_ACL interface Serial0/0.223 overload R2(config)#end R2# R1 ‫5. ﺗﺴﺖ ﺻﺤﺖ ﺑﺮﻗﺮاري ارﺗﺒﺎط ﺑﺎ 4.2.2.4 از ﺳﻤﺖ ﻟﻮپ ﺑﮏ اﯾﻨﺘﺮﻓﯿﺲ واﻗﻊ در‬ R1#ping 4.2.2.2 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.0.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 52/94/168 ms R1#ping 4.2.2.2 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/108/200 ms R1#ping 4.2.2.2 source lo2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.2.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 72/133/196 ms R1#ping 4.2.2.2 source lo3 Page 269 of 290
  • 271.
    Type escape sequenceto abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 10.55.3.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/114/240 ms R1# R2 ‫ در‬NAT Table ‫6. ﺑﺮرﺳﯽ ﻣﺤﺘﻮاي‬ R2#show ip nat translations Pro Inside global Inside local icmp 172.29.81.1:2 10.55.0.1:2 icmp 172.29.81.1:3 10.55.1.1:3 icmp 172.29.81.1:4 10.55.2.1:4 icmp 172.29.81.1:5 10.55.3.1:5 R2# Outside local 4.2.2.2:2 4.2.2.2:3 4.2.2.2:4 4.2.2.2:5 Outside global 4.2.2.2:2 4.2.2.2:3 4.2.2.2:4 4.2.2.2:5 Page 270 of 290
  • 272.
    ‫آزﻣﺎﯾﺶ 4.7- ﺗﻨﻈﻤﯿﺎت‪DHCP‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ DHCP‬ﺟﻬﺖ ﺗﺨﺼﯿﺺ ﺧﻮدﮐﺎر ‪ IP‬ﺑﻪ ﻫﺎﺳﺖ ﻫﺎي درون ﺷﺒﮑﻪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﺗﺨﺼﯿﺺ اﺳﺘﺎﺗﯿﮏ ‪ IP‬ﺑﻪ ﺗﻌﺪاد زﯾﺎدي از ادوات ﻧﯿﺎزﻣﻨﺪ ﺑﻪ آدرس در ﺷﺒﮑﻪ ﻓﺮاﯾﻨﺪي وﻗﺖ ﮔﯿﺮ و ﺧﺴﺘﻪ ﮐﻨﻨﺪه ﺧﻮاﻫﺪ‬ ‫ﺑﻮد.ﺑﺮاي ﺣﻞ اﯾﻦ ﻣﻌﻀﻞ در ﺷﺒﮑﻪ ﻫﺎي اﻣﺮوزي از ‪ DHCP‬ﺑﺎ ﻫﺪف ﺗﺨﺼﯿﺺ ﺧﻮدﮐﺎر ‪ IP‬آدرس ﺑﻪ ادوات ﻓﺎﻗﺪ آدرس‬ ‫در ﺷﺒﮑﻪ اﺳﺘﻔﺎده ﻣﯿﺸﻮد.‬ ‫‪ DHCP‬ﺑﻪ ﻃﻮر ﻋﺎم داراي ﺗﻌﺮﯾﻒ ﻋﻤﻠﯿﺎﺗﯽ ﺑﺴﯿﺎر ﺳﺎده اﺳﺖ. ﺳﺮوﯾﺴﯽ اﺳﺖ ﮐﻪ ﺑﻪ درﺧﻮاﺳﺘﻬﺎي ‪ DHCP‬ادوات ﻓﺎﻗﺪ‬ ‫آدرس ﭘﺎﺳﺦ ﻣﯿﺪﻫﺪ.اﯾﻦ ﭘﺎﺳﺦ ﻣﯿﺘﻮاﻧﺪ ﺷﺎﻣﻞ ﻣﺸﺨﺼﻪ ﻫﺎي ﺗﮑﻤﯿﻠﯽ دﯾﮕﺮي ﻧﯿﺰ ﻫﻤﭽﻮن ﻧﺎم داﻣﻨﻪ و‬ ‫‪ Wins,Dns,default gateway,Ntp server‬وﺑﺴﯿﺎري دﯾﮕﺮ ﻫﻢ ﺑﺎﺷﺪ ﮐﻪ ﻫﻤﺮاه ﺑﺎ آدرس ﺑﻪ ﻫﺎﺳﺖ ﻣﻮرد ﻧﻈﺮ‬ ‫ﻣﻨﺘﺴﺐ ﻣﯿﺸﻮد.‬ ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ ﺷﺎره ﺷﺪ ‪ DHCP‬اﻣﺮوز در ﻫﺮ ﺷﺒﮑﻪ اي ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد اﻣﺎ در ﻣﻮاردي ﻫﻤﭽﻮن آدرس دﻫﯽ ﺑﻪ‬ ‫ادوت ﻣﻮﺟﻮد در ﻧﺎﺣﯿﻪ ‪ , DMZ‬ﺳﺮورﻫﺎ , ادوات زﯾﺮﺳﺎﺧﺘﯽ ﺷﺒﮑﻪ ﻣﺜﻞ روﺗﺮﻫﺎ و ﺳﻮﯾﯿﺠﻬﺎ ﻣﯿﺒﺎﯾﺴﺖ از آدرس دﻫﯽ‬ ‫اﯾﺴﺘﺎ اﺳﺘﻔﺎده ﺷﻮد.‬ ‫ﯾﮑﯽ از اوﻟﯿﻦ ﻣﻌﻤﺎﻫﺎﯾﯽ ﮐﻪ در ﺧﺼﻮص ‪ DHCP‬ﻣﻤﮑﻦ اﺳﺖ ﺑﻪ ذﻫﻦ ﺑﺮﺳﺪ اﯾﻨﺴﺖ ﮐﻪ ﭼﮕﻮﻧﻪ ‪ DHCP server‬ﻣﺘﻮﺟﻪ‬ ‫ﻣﯿﺸﻮد ﮐﻪ ﺑﺎﯾﺴﺖ ﺑﻪ ﻫﺎﺳﺘﯽ در ﺷﺒﮑﻪ ﻓﺮﺿﺎ 42/0.21.411.01 ﻗﺮار دارد آدرس ﺗﺨﺼﯿﺼﺺ دﻫﺪ اﯾﻦ در ﺣﺎﻟﯿﺴﺖ ﮐﻪ‬ ‫ﺧﻮد ﺳﺮور در 42/0.49.411.01 ﻗﺮار دارد.اﯾﻦ ﻣﺴﺌﻠﻪ از ﻃﺮﯾﻖ ‪ Ip helper‬ﺣﻞ ﻣﯿﺸﻮد ﮐﻪ در آزﻣﺎﯾﺶ 6.11 ﺑﻪ آن‬ ‫ﻣﯿﭙﺮدازﯾﻢ.‬ ‫ﺑﺮاي ﮐﺎﻧﻔﯿﮓ ‪ DHCP‬ﺗﻌﺪادي ﭘﯿﺶ ﻧﯿﺎز وﺟﻮد دارد ﮐﻪ اوﻟﯿﻦ آﻧﻬﺎ اﯾﺠﺎد ‪ pool‬اﺳﺖ.ﻫﺮ ‪ pool‬دراراي ﻧﺎﻣﯽ ﻣﺠﺰاﺳﺖ و‬ ‫از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ ip dhcp pool POOL_NAME‬اﯾﺠﺎد ﻣﯿﺸﻮد.ﭘﺲ از اﯾﺠﺎد ‪ pool‬وارد ﻣﺤﯿﻂ ‪DHCP config‬‬ ‫‪ mode‬از ﻃﺮﯾﻖ اﻋﻼن #)‪ hostname(dhcp-config‬ﻣﯿﺸﻮﯾﻢ.ﭘﺲ از اﯾﺠﺎد ‪ pool‬ﻧﻮﺑﺖ ﺑﻪ ﻣﺸﺨﺺ ﮐﺮدن ﻓﻀﺎي‬ ‫آدرﺳﯽ ﻣﻮﺟﻮد در آن ﻣﯿﺮﺳﺪ ﮐﻪ از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ network A.B.C.D /x‬ﺻﻮرت ﻣﯿﮕﯿﺮد.‬ ‫ﭘﺲ از ﺗﻨﻈﯿﻢ ﻣﺮاﺗﺐ ﻓﻮق ﻧﻮﺑﺖ ﺑﻪ ﻣﺸﺨﺺ ﮐﺮدن ‪ leased time‬ﯾﺎ ﻣﺪت زﻣﺎن در اﺧﺘﯿﺎر ﮔﺬاﺷﺘﻦ آدرس ﺑﻪ ﻣﺘﻘﺎﺿﯽ‬ ‫ﻣﯿﺮﺳﺪ.اﯾﻦ ﮐﺎر از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ the lease days hours minutes seconds‬اﻧﺠﺎم ﻣﯿﺸﻮد‬ ‫092 ‪Page 271 of‬‬
  • 273.
    ‫ﻫﻤﺎﻧﻄﻮر ﮐﻪ اﺷﺎرهﺷﺪ ﻣﺸﺨﺼﻪ ﻫﺎي زﯾﺎدي ﻧﯿﺰ وﺟﻮ دارﻧﺪ ﮐﻪ از ﻃﺮﯾﻖ ‪ DHCP‬ﻣﯿﺘﻮان آﻧﻬﺎ را ﺑﻪ ﻣﺘﻘﺎﺿﯽ آدرس‬ ‫ﻣﻨﺘﺴﺐ ﮐﺮد ﻣﺎﻧﻨﺪ ﻧﺎم داﻣﻨﻪ. اﯾﻦ ﻣﻮرد از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ domain-name NAME‬ﺻﻮرت ﻣﯿﮕﯿﺮد. ﺑﺮاي ﻣﺸﺨﺺ‬ ‫ﮐﺮدن ‪ DNS server‬ﻫﻢ از دﺳﺘﻮر .‪ dns-server A.B.C.D‬اﺳﺘﻔﺎده ﻣﯿﺸﻮد.‬ ‫آﺧﺮﯾﻦ و ﻣﻬﻤﺘﺮﯾﻦ ﻣﺸﺨﺼﻪ اي ﮐﻪ ﺑﻪ ﻃﻮر ﻣﻌﻤﻮل از ﻃﺮﯾﻖ ‪ DHCP‬در اﺧﺘﯿﺎر ﻫﺎﺳﺘﻬﺎي ﻣﺘﻘﺎﺿﯽ ﻗﺮار ﻣﯿﮕﯿﺮد‬ ‫‪ defaul_gateway‬اﺳﺖ اﯾﻦ ﻋﻤﻞ ﻧﯿﺰ از ﻃﺮﯾﻖ دﺳﺘﻮر ‪ default-router A.B.C.D‬اﻧﺠﺎم ﻣﯿﺸﻮد‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 1‪ R‬را ﺑﻪ ﻋﻨﻮان ‪ DHCP server‬و 2‪ R‬را ﺑﻪ ﻋﻨﻮان ‪ DHCP Client‬ﺟﻬﺖ ﺷﺒﯿﻪ ﺳﺎزي ﯾﮏ ‪ PC‬در‬ ‫ﻣﺤﯿﻂ ﺷﺒﮑﻪ ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﺧﻮاﻫﻨﺪ ﮔﺮﻓﺖ‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 2‪ SW1,R1,R‬ﻣﻄﺎﺑﻖ دﺳﺘﻮرات زﯾﺮ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 7-4 R1 Initial Config‬‬ ‫###################################################!‬ ‫!‬ ‫‪enable‬‬ ‫‪configure terminal‬‬ ‫!‬ ‫1‪hostname R‬‬ ‫‪no ip domain-lookup‬‬ ‫!‬ ‫0/0‪interface FastEthernet‬‬ ‫### ‪description ### LAN INTERFACE‬‬ ‫0.552.552.552 1.21.411.01 ‪ip address‬‬ ‫‪no shut‬‬ ‫!‬ ‫0 ‪line con‬‬ ‫‪logging sync‬‬ ‫‪no exec-timeout‬‬ ‫!‬ ‫‪end‬‬ ‫092 ‪Page 272 of‬‬
  • 274.
    R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################### !#Free CCNA Workbook Lab 7-4 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface FastEthernet0/0 description ### LAN INTERFACE ### no shut ! line con 0 logging sync no exec-timeout ! end R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬ !################################################### !# Free CCNA Workbook Lab 7-4 SW1 Initial Config # !################################################### ! enable configure terminal ! hostname SW1 no ip domain-lookup ! ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ LAB_POOL1 ‫ ﺑﺎ ﻧﺎم‬R1 ‫ در‬DHCP pool ‫اﯾﺠﺎد‬ LAB_POOL1 ‫ ﺑﻪ‬Tetlab.local ‫ﺗﺨﺼﯿﺺ ﻧﺎم داﻣﻨﻪ‬ Page 273 of 290  
  • 275.
    LAB_POOL1 ‫ﺗﺨﺼﯿﺺ ﻓﻀﺎيآدرس 42/0.21.411.01 ﺑﻪ‬  ‫ﺗﺨﺼﯿﺺ ﻣﺪت زﻣﺎن اﺟﺎره 7 روز ﺑﻪ آدرﺳﻬﺎي‬  LAB_POOL1 ‫ ﺑﺎ آدرﺳﻬﺎي 7.81.411.01 ,6.81.411.01 ﺑﻪ‬DNS server ‫ﺗﺨﺼﯿﺺ دو‬  LAB_POOL1 ‫ ﺑﺎ آدرس 1.21.411.01 ﺑﻪ‬Default gateway ‫ﺗﺨﺼﯿﺺ‬  ‫ اﯾﻨﺘﺮﻓﯿﺲ‬ping ‫ و ﺑﺮرﺳﯽ ﺻﺤﺖ اﻋﻤﺎل آدرس ﺑﻪ آن از ﻃﺮﯾﻖ‬DHCP ‫ از‬IP ‫ ﺑﻪ ﻣﻨﻈﻮر درﯾﺎﻓﺖ‬R2 ‫ در‬Fa0/0 ‫ﮐﺎﻧﻔﯿﮓ‬  R2 ‫ از ﺳﻤﺖ‬R1 ‫ روﺗﺮ‬fa0/0 ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip dhcp pool LAB_POOL1 R1(dhcp-config)#domain-name TESTLAB.LOACL R1(dhcp-config)#network 10.114.12.0 /24 R1(dhcp-config)#lease 7 R1(dhcp-config)#dns-server 10.114.18.6 10.114.18.7 R1(dhcp-config)#netbios-name-server 10.114.18.4 10.114.18.5 R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface Fastethernet0/0 R2(config-if)#ip address dhcp R2(config-if)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned 10.114.12.2, mask 255.255.255.0, hostname R2 R2#show ip interface brief FastEthernet0/0 Interface IP-Address OK? Method Status FastEthernet0/0 10.114.12.2 YES DHCP up R2#ping 10.114.12.1 DHCP address Protocol up Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.114.12.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/59/152 ms R2# Page 274 of 290
  • 276.
    ‫آزﻣﺎﯾﺶ 6.7- ﺗﻨﻈﯿﻤﺎت‪Dhcp Helper Address‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت ‪ DHCP helper IP address‬ﺑﻪ ﻣﻨﻈﻮر ﮐﻤﮏ ﺑﻪ ﻓﺮاﯾﻨﺪ ﺗﺨﺼﯿﺺ آدرس ﺑﻪ‬ ‫ﮐﻼﯾﺘﻨﻬﺎي واﻗﻊ در ﺷﺒﮑﻪ ﻫﺎي ﻣﺨﺘﻠﻒ از ﻃﺮﯾﻖ ﯾﮏ ‪ Dhcp server‬واﺣﺪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫آﯾﺎ ﺑﻪ اﯾﻦ ﻣﻮﺿﻮع ﻓﮑﺮ ﮐﺮده اﯾﺪ ﮐﻪ ﯾﮏ ‪ Dhcp‬ﺳﺮور ﭼﮕﻮﻧﻪ ﺑﻪ ﻫﻤﻪ ﮐﻼﯾﻨﺘﻬﺎي ﺷﺒﮑﻪ ﮐﻪ ﺑﻌﻀﺎ در ﯾﮏ ‪Broadcast‬‬ ‫‪ domain‬ﻫﻢ ﻧﯿﺴﺘﻨﺪ ‪ IP‬ﺗﺨﺼﯿﺺ ﻣﯿﺪﻫﺪ؟از درﺳﻬﺎي ﮔﺬﺷﺘﻪ ﻫﻢ ﺑﻪ ﺧﺎﻃﺮ دارﯾﻢ ﮐﻪ درﺧﻮاﺳﺖ ‪ Dhcp‬از ﺳﺮور‬ ‫ﻣﺎﻫﯿﺖ ‪ Broadcast‬دارد. ﺟﻮاب اﯾﻦ ﻣﻌﻤﺎ در ‪ Dhpc IP helper‬ﻧﻬﻔﺘﻪ اﺳﺖ. ‪ IP helper‬آدرﺳﯽ اﺳﺖ ﮐﻪ ﺑﺮ روي‬ ‫ﯾﮏ اﯾﻨﺘﺮﻓﯿﺲ ‪ route‬ﭘﺬﯾﺮ ﻣﺎﻧﻨﺪ ‪ Vlan interface‬ﯾﺎ ‪ Eth interface‬ﯾﮏ روﺗﺮ ﺗﻨﻈﯿﻢ ﻣﯿﺸﻮد ﺗﺎ ﺑﻪ دﯾﻮاﯾﺲ ﻣﺬﺑﻮر‬ ‫اﺟﺎزه ﻓﻌﺎﻟﯿﺖ ﺑﻪ ﻋﻨﻮان ﯾﮏ واﺳﻂ ﺑﺎ ﻫﺪف درﯾﺎﻓﺖ و ارﺳﺎل درﺧﻮاﺳﺘﻬﺎي ‪ BOOTP (Broadcast) Dhcp‬ﺑﻪ ﺳﻤﺖ‬ ‫ﺳﺮور ‪ Dhcp‬ﻣﺸﺨﺺ ﺷﺪه ﺑﺎ ‪ IP Helper‬از ﻃﺮﯾﻖ ‪ unicast‬را ﺑﺪﻫﺪ.ﺑﺮاي ﮐﺎﻧﻔﯿﮓ ‪ IP helper‬ﻧﯿﺎز اﺳﺖ دﺳﺘﻮر ‪ip‬‬ ‫‪ helper-address a.b.c.d‬ﺑﺮ روي اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﺼﻞ ﺑﻪ ‪ Broadcast domain‬ﮐﻪ ﻣﺘﻘﺎﺿﯽ درﯾﺎﻓﺖ آدرس از‬ ‫‪Dhcp‬ﺳﺮور اﺳﺖ اﻋﻤﺎل ﺷﻮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 2‪ R1,R‬در ‪ Vlan‬ﻫﺎي ﻣﺠﺰاﯾﯽ واﻗﻊ ﺷﺪه اﻧﺪ و در 1‪ R‬ﮐﻪ ﻧﻘﺶ ‪ Dhcp‬ﺳﺮور را ﺑﻪ ﻋﻬﺪه دارد ‪IP‬‬ ‫‪ pool‬ﻫﺎي ﻣﺘﻨﺎﻇﺮ ﺑﺎ ﻫﺮ ‪ Vlan‬را اﯾﺠﺎد ﻣﯿﮑﻨﯿﻢ . ﭘﺲ از آن ‪ IP helper‬را روي اﯾﻨﺘﺮﻓﯿﺲ ﻣﺘﻨﺎﻇﺮ ﺑﺎ 02‪ Vlan‬ﺳﻮﯾﯿﭻ‬ ‫1‪ SW‬ﺑﺎ ﻫﺪف اﻣﮑﺎن ارﺳﺎل درﺧﻮاﺳﺘﻬﺎي ‪ Dhcp‬از ﺳﻤﺖ 2‪ R‬ﺑﻪ 1‪ R‬اﻋﻤﺎل ﻣﯿﮑﻨﯿﻢ. در ﻧﻬﺎﯾﺖ ﻫﻢ ﺑﺮاي ﺗﺴﺖ ﺻﺤﺖ‬ ‫ﮐﺎﻧﻔﯿﮕﻬﺎ از ﺳﻤﺖ 2‪ R‬روﺗﺮ 1‪ R‬را ﭘﯿﻨﮓ ﻣﯿﮑﻨﯿﻢ.‬ ‫ﺗﺼﻮﯾﺮ 1.7.11-‪DHCP Helper‬‬ ‫‪Lab Prerequisites‬‬ ‫‪‬‬ ‫‪‬‬ ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ زﯾﺮ ﺑﻪ روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭻ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 7-6 R1 Initial Config‬‬ ‫###################################################!‬ ‫092 ‪Page 275 of‬‬
  • 277.
    ! enable configure terminal ! hostname R1 noip domain-lookup ! ip dhcp pool LAB_POOL1 network 10.116.10.0 255.255.255.0 domain-name TESTLAB.LOCAL dns-server 10.116.18.6 10.116.18.7 netbios-name-server 10.116.18.6 10.116.18.7 default-router 10.116.10.1 lease 7 ! interface FastEthernet0/0 description ### LAN INTERFACE ### ip address 10.116.10.1 255.255.255.0 no shut exit ! line con 0 logging sync no exec-timeout ! endend R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ روﺗﺮ‬  !################################################### !# Lab 7-6 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface FastEthernet0/0 description ### LAN INTERFACE ### ip address dhcp no shut exit ! line con 0 logging sync no exec-timeout ! end Page 276 of 290
  • 278.
    Sw1 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪﺳﻮﯾﯿﭻ‬  !################################################### !# Lab 7-6 SW1 Initial Config # !################################################### ! enable ! vlan database vlan 10 vlan 20 exit ! configure terminal ! vlan 10 name 10.116.10.0/24 ! vlan 20 name 10.116.20.0/24 ! hostname SW1 no ip domain-lookup ! ip routing ! interface FastEthernet0/1 switchport mode access switchport access vlan 10 spanning-tree portfast ! interface FastEthernet0/2 switchport mode access switchport access vlan 20 spanning-tree portfast ! interface Vlan10 ip address 10.116.10.2 255.255.255.0 ! interface Vlan20 ip address 10.116.20.2 255.255.255.0 exit ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ Page 277 of 290
  • 279.
    network 10.116.20.0/24, ‫ﺑﺎ ﻣﺸﺨﺼﻪ ﻫﺎي‬LAB_POOL2 ‫ ﺑﻪ ﻧﺎم‬R1 ‫ ﺟﺪﯾﺪ در‬DHCP pool ‫اﯾﺠﺎد‬ default-router of 10.116.20.2, domain name TESTLAB.LOCAL, DNS servers 10.116.18.6 & 10.116.18.7 10.116.10.1 ‫ ﺑﻪ ﺳﻤﺖ‬IP helper ‫ ﻫﻤﯿﻨﻄﻮر ﺗﻌﺮﯾﻒ‬SW1 ‫ در‬Vlan 20 ‫اﯾﺠﺎد‬ ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت‬    ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ network 10.116.20.0/24, ‫ ﺑﺎ ﻣﺸﺨﺼﻪ ﻫﺎي‬LAB_POOL2 ‫ ﺑﻪ ﻧﺎم‬R1 ‫ ﺟﺪﯾﺪ در‬DHCP pool ‫اﯾﺠﺎد‬ default-router of 10.116.20.2, domain name TESTLAB.LOCAL, DNS servers 10.116.18.6 & 10.116.18.7  R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip dhcp pool LAB_POOL2 R1(dhcp-config)#network 10.116.20.0 255.255.255.0 R1(dhcp-config)#default-router 10.116.20.2 R1(dhcp-config)#domain-name TESTLAB.LOCAL R1(dhcp-config)#dns-server 10.116.18.6 10.116.18.7 R1(dhcp-config)#end R1# 10.116.10.1 ‫ ﺑﻪ ﺳﻤﺖ‬IP helper ‫ ﻫﻤﯿﻨﻄﻮر ﺗﻌﺮﯾﻒ‬SW1 ‫ در‬Vlan 20 ‫اﯾﺠﺎد‬  SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#interface vlan 20 SW1(config-if)#ip helper-address 10.116.10.1 SW1(config-if)#end SW1# %SYS-5-CONFIG_I: Configured from console by console SW1# ‫ﺗﺴﺖ ﺻﺤﺖ ﺗﻨﻈﻤﯿﺎت‬  R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)#interface FastEthernet0/0 R2(config-if)#shut R2(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed Page 278 of 290
  • 280.
    state to down R2(config-if)#noshut R2(config-if)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R2# %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 10.116.20.3, mask 255.255.255.0, hostname R2 R2#ping 10.116.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.116.10.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/108/164 ms R2# Page 279 of 290
  • 281.
    ‫آزﻣﺎﯾﺶ 7.7 –ﺗﻨﻈﯿﻤﺎت ‪NTP Client‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ Network Time Protocol (NTP) Client‬در روﺗﺮﻫﺎ و ﺳﻮﯾﯿﭽﻬﺎ ﺳﯿﺴﮑﻮ ﺑﺎ‬ ‫ﻫﺪف ﯾﮑﺴﺎن ﺳﺎزي ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ اﯾﻦ ادوات ﺑﺎ ﯾﮏ ﻣﺮﺟﻊ ﻣﺮﮐﺰي آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ‬ ‫ﺗﻮﺿﯿﺢ :‬ ‫ﺗﻮﺻﯿﻪ ﻣﯿﺸﻮد اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ادوات واﻗﻌﯽ اﻧﺠﺎم ﺷﻮد . در ﺣﯿﻦ اﻧﺠﺎم اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ 3‪ GNS‬ﻣﻤﮑﻦ اﺳﺖ ‪Cpu‬‬ ‫‪ usage‬ﺳﯿﺴﺘﻢ ﺑﻪ 001 درﺻﺪ ﺑﺮﺳﺪ و اﻣﮑﺎن ﺗﻐﯿﯿﺮ ‪ IDLEPC‬ﻧﯿﺰ وﺟﻮد ﻧﺪاﺷﺘﻪ ﺑﺎﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫ﻫﻤﻪ ﻣﺎ ﺟﻬﺖ اﻧﺠﺎم اﻣﻮر روزﻣﺮه ﺣﺪاﻗﻞ ﯾﮑﺒﺎر ﻃﯽ روز ﻧﯿﺎز ﺑﻪ داﻧﺴﺘﻦ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ دﻗﯿﻖ دارﯾﻢ . ادوات ﺳﯿﺴﮑﻮ ﻧﯿﺰ‬ ‫ﺑﻪ ﻫﻤﯿﻦ ﻣﻨﻮال داراي ﭼﻨﯿﻦ ﻧﯿﺎزي ﻫﺴﺘﻨﺪ ﺑﻪ ﻋﻨﻮان ﻣﺜﺎل ﻫﻨﮕﺎﻣﯽ ﮐﻪ ﺑﻪ ﻻﮔﻬﺎي ‪ SYSLog‬ﻧﮕﺎﻫﯽ ﻣﯿﺎﻧﺪازﯾﻢ ﻫﺮ ﺳﻄﺮ‬ ‫آن ﺑﺎ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ ﻣﺸﺨﺺ ﺷﺪه و ﺑﯿﺎﻧﮕﺮ زﻣﺎن دﻗﯿﻖ وﻗﻮع آن رﺧﺪاد اﺳﺖ ﻓﺮﺿﺎ ﻓﻼن ﻟﯿﻨﮏ 1‪ T‬در ﺗﺎرﯾﺦ ‪14th‬‬ ‫‪ 2010 @ 5:32:53AM‬ﻏﯿﺮ ﻓﻌﺎل ﺷﺪه اﺳﺖ و از اﯾﻦ ﻗﺒﯿﻞ.‬ ‫دﻟﯿﻞ ﻣﻬﻢ دﯾﮕﺮ ﻧﯿﺎز ﺑﻪ داﻧﺴﺘﻦ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ دﻗﯿﻖ ﺗﻮﺳﻂ اﯾﻦ ادوات ﺑﺎﻻ ﺑﺮدن اﻣﻨﯿﺖ ﻫﻤﺴﺎﯾﮕﯽ در ﻓﺮاﯾﻨﺪ ‪EIGRP‬‬ ‫اﺳﺖ در اﯾﻦ ﺷﯿﻮه ﺳﻠﺴﻠﻪ ﮐﻠﯿﺪﻫﺎﯾﯽ ﺑﺎ ﻋﻤﺮ و اﻋﺘﺒﺎر زﻣﺎﻧﯽ ﻣﺤﺪود ﻓﺮﺿﺎ از ‪ Jan 1st 2011 at 12:00am‬ﺗﺎ ‪Jan‬‬ ‫‪ 1st 2012 12:00am‬ﻣﺎﺑﯿﻦ روﺗﺮﻫﺎي ﻓﻌﺎل در ‪ EIGRP‬ﺑﻪ ﮔﺮدش در ﻣﯿﺎﯾﺪ و اﮔﺮ در اﯾﻦ ﺑﯿﻦ روﺗﺮي ﺗﻤﺎﯾﻞ ﺑﻪ اﯾﺠﺎد‬ ‫ﻫﻤﺴﺎﯾﮕﯽ داﺷﺘﻪ ﺑﺎﺷﺪ اﻣﺎ از ﻟﺤﺎظ زﻣﺎﻧﯽ ﺑﺎ ﺳﺎﯾﺮﯾﻦ ﻫﻤﺎﻫﻨﮓ ﻧﺒﺎﺷﺪ درﺧﻮاﺳﺖ ﻫﻤﺴﺎﯾﮕﯽ وي ﻣﺮدود ﻣﯿﺸﻮد.‬ ‫اﻣﺮوزه ﺷﺒﮑﻪ ﻫﺎ از اﺳﺘﺎﻧﺪارد ﻧﮕﺎرش3 ﭘﺮوﺗﮑﻞ ‪NTP‬ﺑﻬﺮه ﻣﯿﺒﺮﻧﺪ . اﯾﻦ ﭘﺮوﺗﮑﻞ ﺟﺰ ﻗﺪﯾﻤﯽ ﺗﺮﯾﻦ ﭘﺮوﺗﮑﻠﻬﺎي ﻣﻮﺟﻮ در‬ ‫اﯾﻨﺘﺮﻧﺖ اﺳﺖ و از ﭘﻮرت 321 ‪ upd‬اﺳﺘﻔﺎده ﻣﯿﮑﻨﺪ.‬ ‫ﺑﺮاي ﮐﺎﻧﻔﯿﮓ ‪ NTP Client‬ﮐﺎﻓﯿﺴﺖ ﺗﺎ از دﺳﺘﻮر ‪ ntp server x.x.x.x‬اﺳﺘﻔﺎده ﺷﻮد . در ﺻﻮرﺗﯿﮑﻪ ﻧﯿﺎز ﺑﻪ‬ ‫‪ Redundancy‬ﻣﺎﺑﯿﻦ ‪ Time server‬ﻫﺎ داﺷﺘﻪ ﺑﺎﺷﯿﻢ ﺗﺎ در ﺻﻮرت از دور ﺧﺎرج ﺷﺪن ﯾﮑﯽ ﺳﺮور دﯾﮕﺮي ﺟﺎي آﻧﺮا‬ ‫ﺑﮕﯿﺮد ﻣﯿﺘﻮاﻧﯿﻢ از ﻫﺮ ﺗﻌﺪاد دﺳﺘﻮر ‪ ntp server x.x.x.x‬ﯾﮑﯽ ﭘﺲ از دﯾﮕﺮي اﺳﺘﻔﺎده ﮐﻨﯿﻢ در ﻋﯿﻦ ﺣﺎل ﺑﺎ ﺑﻬﺮه ﮔﯿﺮي‬ ‫از دﺳﺘﻮر ‪ ntp server x.x.x.x prefer‬ﻣﯿﺘﻮاﻧﯿﻢ اﻟﻮﯾﺖ و ﺗﻘﺪم اﺳﺘﻔﺎده از ﻫﺮ ﯾﮏ از اﻧﻬﺎ را ﺗﺎﯾﯿﻦ ﮐﻨﯿﻢ‬ ‫راه دﯾﮕﺮ ﺗﻨﻈﯿﻢ ‪ NTP Client‬اﺳﺘﻔﺎده از دﺳﺘﻮر ‪ ntp peer x.x.x.x‬اﺳﺖ . در اﯾﻦ ﺣﺎﻟﺖ ﺗﻌﺪادي ‪NTP server‬‬ ‫ﺗﺤﺖ ﻋﻨﻮان ﯾﮏ ‪ Peer group‬ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮﻧﺪ و ﺳﺮوري ﮐﻪ داراي دﻗﺖ ﺑﯿﺸﺘﺮي ﺑﺎﺷﺪ ﺑﻪ ﻃﻮر ﺧﻮدﮐﺎر ﺑﻪ‬ ‫092 ‪Page 280 of‬‬
  • 282.
    ‫ﻋﻨﻮان ﺳﺮور اﺻﻠﯽﮔﺮوه اﻧﺘﺨﺎب و ﻣﻮرد اﺳﺘﻔﺎده ﻗﺮار ﻣﯿﮕﯿﺮد . )ﻣﺒﺤﺚ ‪ stratum number‬ﮐﻪ ﭘﺎﯾﻪ دﻗﺖ و ﻋﻤﻠﮑﺮد‬ ‫‪ NTP‬ﺳﺮورﻫﺎ اﺳﺖ در اﯾﻦ ﻧﻮﺷﺘﻪ ﻣﻮرد ﺑﺮرﺳﯽ ﻗﺮار ﻧﻤﯿﮕﯿﺮد(‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 1‪ R‬ﺑﻪ ﻋﻨﻮان ‪NTP‬ﺳﺮور ﺑﻪ درﺧﻮاﺳﺘﻬﺎي ﻣﺘﻨﺎﻇﺮ 2‪ R‬ﭘﺎﺳﺦ ﺧﻮاﻫﺪ داد.‬ ‫آزﻣﺎﯾﺶ 1.7.11 – ‪NTP Client‬‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ ﺑﺎﻻ و اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﻣﻄﺎﺑﻖ دﺳﺘﻮرات زﯾﺮ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 11-7 R1 Initial Config‬‬ ‫###################################################!‬ ‫!‬ ‫‪enable‬‬ ‫‪configure terminal‬‬ ‫!‬ ‫1‪hostname R‬‬ ‫‪no ip domain-lookup‬‬ ‫!‬ ‫1/0‪interface Serial‬‬ ‫### 2‪description ### PPP LINK TO R‬‬ ‫‪encapsulation ppp‬‬ ‫252.552.552.552 1.21.711.01 ‪ip address‬‬ ‫‪no shut‬‬ ‫‪exit‬‬ ‫!‬ ‫3 ‪ntp master‬‬ ‫!‬ ‫0 ‪line con‬‬ ‫‪logging sync‬‬ ‫‪no exec-timeout‬‬ ‫!‬ ‫‪end‬‬ ‫092 ‪Page 281 of‬‬
  • 283.
    R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬  !################################################### !#Lab 11-7 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface Serial0/1 description ### PPP LINK TO R1 ### encapsulation ppp ip address 10.117.12.2 255.255.255.252 no shut exit ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺑﺎ ﻫﺪف ﺑﺮرﺳﯽ ﻣﻘﺎﯾﺴﻪ ﻫﺎي ﺑﻌﺪي‬R1 ‫ﺗﻨﻈﯿﻢ ﻧﺎدرﺳﺖ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ در‬  10.117.12.1 ‫ ﺟﻬﺖ درﯾﺎﻓﺖ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ از‬R2 ‫ﺗﻨﻈﯿﻢ‬  R2 ‫ ﺗﻮﺳﻂ‬R1 ‫ﺗﺴﺖ ﺻﺤﺖ اﺧﺬ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ ﺻﺤﯿﺢ از‬  ‫دﺳﺘﻮر اﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ R1#clock set 00:00:00 1 jan 2010 R1# R2#configure terminal Enter configuration commands, one per line. R2(config)#ntp server 10.117.12.1 R2(config)#end R2# End with CNTL/Z. R2#show ntp associations address disp *~10.117.12.1 ref clock 127.127.7.1 st 3 when 58 poll reach 64 7 delay 5.1 offset -0.93 Page 282 of 290
  • 284.
    3875.2 * master (synced),# master (unsynced), + selected, - candidate, ~ configured R2#show clock 00:05:18.467 UTC Fri Jan 1 2010 R2# Page 283 of 290
  • 285.
    ‫آزﻣﺎﯾﺶ 8.7 -ﺗﻨﻈﯿﻤﺎت ‪NTP server‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﻤﯿﺎت ‪ NTP server‬ﺑﺎ ﻫﺪف اراﺋﻪ ﺳﺮوﯾﺲ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ ﺑﻪ ‪ NTP Client‬ﻫﺎي‬ ‫ﻣﻮﺟﻮد در ﺷﺒﮑﻪ آﺷﻨﺎ ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫اﻣﺮوزه ﺑﺴﯿﺎر ﻣﺮﺳﻮم اﺳﺖ ﮐﻪ در ﺷﺒﮑﻪ ﻫﺎي ﻣﺘﻮﺳﻂ و ﺑﺰرگ از روﺗﺮﻫﺎي ‪ High end‬ﺑﻪ ﻋﻨﻮان ‪ NTP server‬ﺟﻬﺖ‬ ‫اراﺋﻪ ﺳﺮوﯾﺴﻬﺎي ﺗﺎرﯾﺦ و زﻣﺎن ﺑﻪ ﮐﻠﯿﻪ ﻣﺘﻘﺎﺿﯿﺎن اﯾﻦ ﺳﺮوﯾﺲ اﻋﻢ از ﺳﺎﯾﺮ ادوات ﺳﯿﺴﮑﻮ ﯾﺎ ﺳﯿﺴﺘﻢ ﻋﺎﻣﻠﻬﺎي دﯾﮕﺮ‬ ‫اﺳﺘﻔﺎده ﺷﻮد. روﻧﺪ ﮐﺎر ﺑﺴﯿﺎر ﺳﺎده و ﺗﻨﻬﺎ ﻧﯿﺎزﻣﻨﺪ ﯾﮏ دﺳﺘﻮر اﺳﺖ.ﺑﺮاي ﮐﺎﻧﻔﯿﮓ ادواﺗﯽ ﮐﻪ از ﻗﺎﺑﻠﯿﺖ ‪NTP Server‬‬ ‫ﭘﺸﺘﯿﺒﺎﻧﯽ ﻣﯿﮑﻨﻨﺪ از دﺳﺘﻮر # ‪ ntp master‬ﮐﻪ # ﺑﯿﺎﻧﮕﺮ ﻻﯾﻪ ‪ stratum‬دﺳﺘﮕﺎه اﺳﺖ اﺳﺘﻔﺎده ﻣﯿﺸﻮد.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 1‪ R‬را ﺑﻪ ﻋﻨﻮان ‪ NTP‬ﺳﺮور و 2‪ R‬را ﺑﻪ ﻋﻨﻮان ‪ NTP‬ﮐﻼﯾﻨﺖ ﺗﻨﻈﯿﻢ ﺧﻮاﻫﯿﻢ ﮐﺮد ﺗﺎ در ﺧﻮاﺳﺘﻬﺎي‬ ‫ﺗﺎرﯾﺦ و زﻣﺎن ﺧﻮد را ﺑﻪ 1‪ R‬ارﺳﺎل ﮐﻨﺪ‬ ‫ﺗﺼﻮﯾﺮ 1.8.11 – ‪NTP Server‬‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫‪‬‬ ‫اﯾﺠﺎد ﺗﻮﭘﻮﻟﻮژي ﻣﻄﺎﺑﻖ ﺗﺼﻮﯾﺮ ﺑﺎﻻ و اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ ﻣﻄﺎﺑﻖ دﺳﺘﻮرات زﯾﺮ‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 11-8 R1 Initial Config‬‬ ‫###################################################!‬ ‫!‬ ‫‪enable‬‬ ‫092 ‪Page 284 of‬‬
  • 286.
    configure terminal ! hostname R1 noip domain-lookup ! interface Serial1/1 description ### PPP LINK TO R2 ### encapsulation ppp ip address 10.118.12.1 255.255.255.252 no shut exit ! line con 0 logging sync no exec-timeout ! end R2 ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ‬  !################################################### !# Lab 11-8 R2 Initial Config # !################################################### ! enable configure terminal ! hostname R2 no ip domain-lookup ! interface Serial1/1 description ### PPP LINK TO R1 ### encapsulation ppp ip address 10.118.12.2 255.255.255.252 no shut exit ! line con 0 logging sync no exec-timeout ! End ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺟﻬﺖ اﺷﺎره ﺑﻪ زﻣﺎن ﺣﺎﺿﺮ‬R1 ‫ﺗﻨﻈﯿﻢ دﺳﺘﯽ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ در‬  3 ‫ ﻻﯾﻪ‬stratum ‫ ﺑﺎ‬NTP Server ‫ ﺑﻪ ﻋﻨﻮان‬R1 ‫ﺗﻨﻈﯿﻢ‬ R2 ‫ﺗﺴﺖ ﺻﺤﺖ درﯾﺎﻓﺖ ﺗﺎرﯾﺦ وﺳﺎﻋﺖ ﺻﺤﯿﺢ از ﻃﺮﯾﻖ‬ Page 285 of 290  
  • 287.
    ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﺟﻬﺖاﺷﺎره ﺑﻪ زﻣﺎن ﺣﺎﺿﺮ‬R1 ‫ﺗﻨﻈﯿﻢ دﺳﺘﯽ ﺗﺎرﯾﺦ و ﺳﺎﻋﺖ در‬  R1#clock set 20:00:00 aug 26 2010 3 ‫ ﻻﯾﻪ‬stratum ‫ ﺑﺎ‬NTP Server ‫ ﺑﻪ ﻋﻨﻮان‬R1 ‫ﺗﻨﻈﯿﻢ‬ R1#configure terminal Enter configuration commands, one per line. R1(config)#ntp master 3 R1(config)#end R1# End with CNTL/Z. R2 ‫ﺗﺴﺖ ﺻﺤﺖ درﯾﺎﻓﺖ ﺗﺎرﯾﺦ وﺳﺎﻋﺖ ﺻﺤﯿﺢ از ﻃﺮﯾﻖ‬ R2#configure terminal Enter configuration commands, one per line. R2(config)#ntp server 10.118.12.1 R2(config)#end R2#   End with CNTL/Z. R2#show ntp associations address ref clock st when disp *~10.118.12.1 127.127.7.1 3 52 0.9 * master (synced), # master (unsynced), + configured R2# R2# R2#show clock 20:05:05.581 UTC Thu Aug 26 2010 R2# poll reach 64 selected, - offset 3.2 377 delay -1.38 candidate, ~ Page 286 of 290
  • 288.
    ‫آزﻣﺎﯾﺶ 9.7: ﺗﻨﻈﯿﻤﺎت‪DNS server‬‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ ﺑﺎ ﭼﮕﻮﻧﮕﯽ ﺗﻨﻈﯿﻤﺎت ‪ DNS‬ﺳﺮور در ادوات ﺳﯿﺴﮑﻮ ﺑﺎ ﻫﺪف اﻧﺠﺎم ﻓﺮاﯾﻨﺪ ﺗﺒﺪﯾﻞ ﻧﺎم ﺑﻪ آدرس آﺷﻨﺎ‬ ‫ﺧﻮاﻫﯿﻢ ﺷﺪ.‬ ‫ﮐﺎرﺑﺮد ﻋﻤﻠﯽ و ﻣﺮور ﻣﻔﺎﻫﯿﻢ‬ ‫)‪ Domain Name System (DNS‬ﺳﺮوﯾﺴﯽ اﺳﺖ ﮐﻪ وﻇﯿﻔﻪ ﺗﺒﺪﯾﻞ ﻧﺎم ﺑﻪ آدرس را ﺑﻪ ﻋﻬﺪه دارد.ﻫﻨﮕﺎﻣﯽ ﮐﻪ از‬ ‫ﻃﺮﯾﻖ ﻣﺮورﮔﺮ اﯾﻨﺘﺮﻧﺘﯽ ﺧﻮد ﺑﻪ ﺳﺎﯾﺘﯽ وارد ﻣﯿﺸﻮﯾﺪ در ﭘﺲ اﯾﻦ ﻣﺎﺟﺮا ﯾﮏ ﻣﮑﺎﻧﯿﺰم ﺗﺒﺪﯾﻞ ﻧﺎم ﺑﻪ آدرس وﺟﻮد دارد ﮐﻪ‬ ‫ﻣﺮورﮔﺮ ﺷﻤﺎ را ﺑﻪ وب ﺳﺮور ﻣﻮرد ﻧﻈﺮ ﻫﺪاﯾﺖ ﻣﯿﮑﻨﺪ. اﯾﻦ ﻓﺮاﯾﻨﺪ ﺑﺎﻋﺚ رﻫﺎﯾﯽ ﯾﺎﻓﺘﻦ ﻣﺎ از ﺣﻔﻆ ﮐﺮدن آدرس وب‬ ‫ﺳﺎﯾﺘﻬﺎي ﻣﻮرد ﻧﻈﺮﻣﺎن ﻣﯿﺸﻮد ﻓﺮﺿﺎ 07.221.191.902 ﺑﻪ ﻋﻨﻮان ‪yahoo.com‬‬ ‫در دﻧﯿﺎي ﺳﯿﺴﮑﻮ ﻗﺎدر ﻫﺴﺘﯿﻢ ﺗﻌﺪاد زﯾﺎدي ‪ DNS‬ﺳﺮور را ﺑﻪ ﻃﻮر ﻫﻤﺰﻣﺎن در ادواﺗﯽ ﮐﻪ از ‪ IOS‬ﺑﻪ ﻋﻨﻮان ﺳﯿﺴﺘﻢ‬ ‫ﻋﺎﻣﻞ اﺟﺮاﯾﯽ ﺧﻮد اﺳﺘﻔﺎده ﻣﯿﮑﻨﻨﺪ ﻣﻌﺮﻓﯽ ﮐﻨﯿﻢ.ﺑﺮاي اﯾﻦ ﻣﻨﻈﻮر از دﺳﺘﻮر ‪ ip name-server a.b.c.d‬اﺳﺘﻔﺎده‬ ‫ﻣﯿﮑﻨﯿﻢ.‬ ‫در اﯾﻦ آزﻣﺎﯾﺶ 1‪ R‬را ﺑﻪ ﮔﻮﻧﻪ اي ﺗﻨﻈﯿﻢ ﺧﻮاﻫﯿﻢ ﮐﺮد ﮐﻪ از ‪ DNS‬ﺳﺮور 4.2.2.4 ﮐﻪ ﯾﮏ ﺳﺮوﯾﺲ دﻫﻨﺪه ﻧﺎم ﻋﻤﻮﻣﯽ‬ ‫ﻣﺘﻌﻠﻖ ﺑﻪ ‪ Verizon/GTE‬اﺳﺖ اﺳﺘﻔﺎده ﮐﻨﺪ.ﭘﺲ از آن ‪ google.com‬را از ﻃﺮﯾﻖ 1‪ R‬ﭘﯿﻨﮓ ﺧﻮاﻫﯿﻢ ﮐﺮد ﺗﺎ ﺻﺤﺖ‬ ‫ﻋﻤﻠﮑﺮد آن ﻣﻮرد ﺑﺎزﺑﯿﻨﯽ ﻗﺮار ﮔﯿﺮد.‬ ‫;‬ ‫ﭘﯿﺶ ﻧﯿﺎزﻫﺎي آزﻣﺎﯾﺶ‬ ‫‪‬‬ ‫اﯾﺠﺎد ﯾﮏ ‪ NIO Cloud‬در ﻣﺤﯿﻂ 3‪ GNS‬و اﺗﺼﺎل آن ﺑﻪ ‪ NIC‬ﻣﻮﺟﻮد در ﮐﺎﻣﭙﯿﻮﺗﺮ‬ ‫‪‬‬ ‫اﻋﻤﺎل ﺗﻨﻈﯿﻤﺎت ﭘﯿﺶ ﻓﺮض 1‪ R‬ﺑﻪ ﺷﺮح زﯾﺮ‬ ‫‪‬‬ ‫ﺗﻨﻈﯿﻤﺎت اوﻟﯿﻪ 1‪R‬‬ ‫###################################################!‬ ‫# ‪!# Lab 11-9 R1 Initial Config‬‬ ‫###################################################!‬ ‫092 ‪Page 287 of‬‬
  • 289.
    ! enable configure terminal ! hostname R1 ! interfaceFastEthernet0/0 description ### LINK TO NIO CLOUD-INTERNET ### ip address dhcp duplex auto speed auto exit ! line con 0 logging sync no exec-timeout ! end ‫اﻫﺪاف آزﻣﺎﯾﺶ‬ ‫ ﺷﺒﮑﻪ داﺧﻠﯽ‬DHCP ‫ ﺗﻮﺳﻂ‬R1 ‫ روﺗﺮ‬Eth0 ‫ ﺑﻪ‬IP ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﺨﺼﯿﺺ‬ ‫ ﺟﻬﺖ ﺑﻬﺮه ﮔﯿﺮي از 2.2.2.4 , 4.2.2.4 ﺑﻪ ﻋﻨﻮان ﺳﺮوﯾﺲ دﻫﻨﺪه ﻧﺎم‬R1 ‫ﮐﺎﻧﻔﯿﮓ‬ ‫ ﺟﻬﺖ ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت اﻧﺠﺎم ﺷﺪه‬google.com ‫ﭘﯿﻨﮓ ﺳﺎﯾﺖ‬    ‫دﺳﺘﻮراﻟﻌﻤﻞ آزﻣﺎﯾﺶ‬ ‫ ﺷﺒﮑﻪ داﺧﻠﯽ‬DHCP ‫ ﺗﻮﺳﻂ‬R1 ‫ روﺗﺮ‬Eth0 ‫ ﺑﻪ‬IP ‫ﺣﺼﻮل اﻃﻤﯿﻨﺎن از ﺗﺨﺼﯿﺺ‬ R1#show ip interface brief FastEthernet0/0 Interface IP-Address OK? Method Status FastEthernet0/0 192.168.2.8 YES DHCP up R1#ping 4.2.2.2  Protocol up Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/38/112 ms R1# ‫ ﺟﻬﺖ ﺑﻬﺮه ﮔﯿﺮي از 2.2.2.4 , 4.2.2.4 ﺑﻪ ﻋﻨﻮان ﺳﺮوﯾﺲ دﻫﻨﺪه ﻧﺎم‬R1 ‫ﮐﺎﻧﻔﯿﮓ‬  Page 288 of 290
  • 290.
    R1#configure terminal Enter configurationcommands, one per line. R1(config)#ip name-server 4.2.2.2 4.2.2.4 R1(config)#end R1# End with CNTL/Z. ‫ ﺟﻬﺖ ﺑﺮرﺳﯽ ﺻﺤﺖ ﺗﻨﻈﯿﻤﺎت اﻧﺠﺎم ﺷﺪه‬google.com ‫ﭘﯿﻨﮓ ﺳﺎﯾﺖ‬ R1#ping google.com Translating "google.com"...domain server (192.168.2.1) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 72.14.204.104, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/35/56 ms R1# Page 289 of 290 