22_ngothanhchien_ctl501

Xy dng im kim sot truy cp mng khng dy n tt nghip

Sv: Ng Thanh Chin CTL501 1

MC LC

MC LC ............................................................................................................. 1

DANH MC CC T VIT TT ..................................................................... 4

DANH MC CC BNG V HNH V .......................................................... 6

M U ............................................................................................................... 8

CHNG 1: TNG QUAN V MNG MY TNH ................................... 9

1.1 Khi nim c bn v mng my tnh ........................................................ 9

1.1.1 Phn bit cc loi mng ................................................................. 11

1.1.2 Phn loi mng theo cu trc (Topology) ...................................... 13

1.2 Mng cc b LAN (Local Area Network) ............................................. 16

1.2.1 Khi nim v mng LAN ............................................................... 16

1.2.2 M hnh v giao thc ..................................................................... 17

1.2.3 Cc thit b trong mng LAN ......................................................... 25

1.3 Mng khng dy WLAN (Wireless Lan) ............................................... 29

1.3.1 u, nhc im ca mng khng dy WLAN .............................. 29

1.3.2 Cc thit b c bn .......................................................................... 30

1.3.3 Cc m hnh mng khng dy ....................................................... 33

1.3.4 Cc chun IEEE 802.11 thng dng .............................................. 35

CHNG 2: XY DNG IM KIM SOT TRUY CP MNG

KHNG DY HOTSPOT GATEWAY C CHNG THC DA TRN

MIKROTIK ROUTER OS ............................................................................... 38

2.1 Hotspot v vn bo mt ..................................................................... 38



2.1.1 Hotspot v cng ngh Captive Portal l g .................................... 38

2.1.2 Vn bo mt ti cc im Hotspot ............................................ 39

2.2 Tnh kh thi ca m hnh kim sot truy cp khng dy chng thc da

trn Mikrotik Router OS ................................................................................. 44

2.2.1 Tnh kh thi v mt cng ngh ....................................................... 44

2.2.2 Tnh kh thi v mt s dng ........................................................... 45

2.2.3 Tnh kh thi v hiu qu s dng ................................................... 45

2.3 Ci t Mikrotik Router OS ................................................................... 45

2.4 Cu hnh Mikrotik Router OS s dng giao din command line ........... 49

2.4.1 Cu hnh a ch IP ......................................................................... 49

2.4.2 Cu hnh dhcp-server ..................................................................... 50

2.4.3 Cu hnh Hotspot ........................................................................... 51

2.4.4 Cu hnh NAT ................................................................................ 52

2.4.5 Mt s lnh c bn ......................................................................... 53

2.5 Cu hnh h thng Hotspot vi giao din GUI thng qua Winbox ........ 54

2.5.1 Cu hnh DNS v dhcp-server ....................................................... 54

2.5.2 Cu hnh Hotspot ........................................................................... 58

2.5.3 Cu hnh NAT ................................................................................ 62

2.6 Cu hnh Radius...................................................................................... 63

CHNG 3: THC NGHIM V TRIN KHAI H THNG ............... 67

3.1 t vn ............................................................................................... 67

3.2 Mt s gii php xut ........................................................................ 67



3.2.1 Pht trin trn Radius Of Windows ............................................... 67

3.2.2 Pht trin trn FreeRadius .............................................................. 71

3.2.3 S dng gii php ca Meraki ....................................................... 71

3.2.4 Mikrotik Router Os ........................................................................ 74

3.3 Trin khai h thng qun l mng WLAN ti trng HDL HP .......... 75

3.3.1 Thit k logic.................................................................................. 75

3.3.2 Thng s ci t ............................................................................. 76

3.3.3 Qu trnh trin khai ........................................................................ 77

3.3.4 Mt s hnh nh v h thng. ......................................................... 78

3.4 Kt qu t c ..................................................................................... 80

3.5 xut v kin ngh ............................................................................... 82

KT LUN ......................................................................................................... 84

TI LIU THAM KHO ................................................................................. 85



DANH MC CC T VIT TT

AAA Authentication, Authorization,

Accountting Xc thc, cp quyn, tnh cc

ACK Acknowlegment Bn tin bo nhn

ADSL Asymmetric Digital Subscriber Line ng dy thu bao bt i xng

ASK Amplitude shift keying Kha dch bin

AP Access Point im truy cp

BPSK Binary phase-shift keying Kha dch pha

CCK Complementary Code Keying Kha m b sung

DHCP Dynamic Host Configuration Protocol Giao thc cu hnh host t ng

EAP Extensible Authentication

Protocol Giao thc chng thc m rng

FSK Frequency Shift keying nh gi tn hiu tn s

IP Internet protocol Giao thc IP

IEEE Institute of Electrical and Electronics

Engineer Vin k thut v in t

LAN Local area network Mng cc b



MAN Metropolitant Area Mng khu vc th

MAC Medium Access Control iu khin truy cp truyn

thng

PSK phase shift keying K thut kha chuyn pha

PC Personal Computer My tnh c nhn

RADIUS

Remote Authentication Dial In User

Service Dch v chng thc ngi dng

SSID Subsystem identification S nhn bit h thng con

WPA

Wi-Fi Protected Access WEP

Giao thc bo mt mng khng

dy

WEP WIRED EQUIVALENT

PRIVACY

Giao thc bo mt mng khng

dy

Wifi Wireless fidelity Cng ngh mng khng dy

WLAN Wireless local area network Mng cc b khng dy



DANH MC CC BNG V HNH V

CC BNG

Bng 1.1: M hnh OSI ........................................................................................ 18 Bng 1.2: S khc nhau ga OSI v TCP/IP ....................................................... 25

HNH V

Hnh 1.1: M hnh lin kt cc my tnh trong lin kt mng ............................. 10 Hnh 1.2 : M hnh mng GAN ........................................................................... 11 Hnh 1.3: M hnh mng WAN ........................................................................... 11 Hnh 1.4: M hnh mng LAN ............................................................................. 12 Hnh 1.5: M hnh mng Client- Server .............................................................. 12 Hnh 1.6: M hnh mng Peer- to- Peer ............................................................... 13 Hnh 1.7 Cu trc mng dng xng sng (Bus topology) ................................. 14 Hnh 1.8 Cu trc mng dng vng (Ring topology)........................................... 14 Hnh 1.9 Cu trc mng hnh sao (Star topology) ............................................... 15 Hnh 1.10 Card mng TP-LINK (NIC) ................................................................ 26 Hnh 1.11 B lp tn hiu (Repeater) ................................................................... 26 Hnh 1.12 B tp trung (Hub) .............................................................................. 27 Hnh 1.13 B cu ni (Bridge) ............................................................................. 28

n PCI ....................................................... 31 Hnh 1.18 Card mng khng dy chun PCMCIA .............................................. 31 Hnh 1.19 Usb wifi TpLink .................................................................................. 31

Hnh 1.20 Access Point ........................................................................................ 31

Hnh 1.21 Wbridge ............................................................................................... 32

Hnh 1.22 Cc cng kt ni ca 1 wireless router thng thng ......................... 33 Hnh 1.23 M hnh mng Ad-hoc ........................................................................ 34 Hnh 1.24 M hnh mng c s BSSs .................................................................. 35 Hnh 1.25 M hnh mng m rng ESSs ............................................................. 35 Hnh 2.1: Quy trnh m ha WEP s dng thut ton RC4 ................................. 39 Hnh 2.2: Messages trao i trong qu trnh authentication. ............................... 41 Hnh 2.3 Chng thc s dng Radius Server ...................................................... 43 Hnh 2.4 Messages trao i trong qu trnh authentication. ................................ 44 Hnh 2.5 Cc ty chn ci t Mikrotik Router OS ............................................. 46 Hnh 2.6 Ci t Mikrotik Router OS .................................................................. 47 Hnh 2.7 Hon tt ci t Mikrotik Router OS .................................................... 48 Hnh 2.8 Giao din ng nhp Mikrotik Router OS ............................................ 48



Hnh 2.9 Giao din chnh Mikrotik Router OS .................................................... 49 Hnh 2.10 Cu hnh IP cho Mikrotik OS ............................................................. 50 Hnh 2.11 Cu hnh dhcp-server .......................................................................... 51 Hnh 2.12 Cu hnh Hotspot ................................................................................ 52 Hnh 2.13 Cu hnh NAT ..................................................................................... 53 Hnh 2.14 Giao din Winbox ............................................................................... 54 Hnh 2.15 Cu hnh DNS bng giao din GUI .................................................... 55 Hnh 2.16 Cu hnh DHCP Server qua giao din GUI ........................................ 55 Hnh 2.17 Cu hnh DHCP Server qua giao din GUI ........................................ 56 Hnh 2.18 Cu hnh DHCP Server qua giao din GUI ........................................ 56 Hnh 2.19 Cu hnh DHCP Server qua giao din GUI ........................................ 57 Hnh 2.20 Cu hnh DHCP Server qua giao din GUI ........................................ 57 Hnh 2.21 Cu hnh DHCP Server qua giao din GUI ........................................ 58 Hnh 2.22 Cu hnh Hotspot qua giao din GUI .................................................. 58 Hnh 2.23 Cu hnh Hotspot qua giao din GUI .................................................. 59 Hnh 2.24 Cu hnh Hotspot qua giao din GUI .................................................. 59 Hnh 2.25 Cu hnh Hotspot qua giao din GUI .................................................. 60 Hnh 2.26 Cu hnh Hotspot qua giao din GUI .................................................. 60 Hnh 2.27 Cu hnh Hotspot qua giao din GUI .................................................. 61 Hnh 2.28 Cu hnh Hotspot qua giao din GUI .................................................. 61 Hnh 2.29 Cu hnh Hotspot qua giao din GUI .................................................. 62 Hnh 2.30 Cu hnh NAT thng qua giao din GUI ............................................ 63 Hnh 2.31 Cu hnh Radius qua giao din GUI ................................................... 64 Hnh 2.32 Cu hnh Radius qua giao din GUI ................................................... 65 Hnh 2.33 Cu hnh Radius qua giao din GUI ................................................... 66 Hnh 3.1 M hnh xc thc gia Client v RADIUS Server ............................... 70 Hnh 3.2 M hnh Mesh ca Meraki .................................................................... 72 Hnh 3.3 M hnh Mesh ....................................................................................... 73

Hnh 3.4: Hin trng h thng hin ti ................................................................. 75 Hnh 3.5: S logic sau khi trin khai Mikrotik ............................................... 76 Hnh 3.6: Giao din ng nhp v mt s li thng gp ................................... 79 Hnh 3.7: Thay i mt khu ngi dng ............................................................ 79 Hnh 3.8: Thay i mt khu ngi dng ............................................................ 80 Hnh 3.10 Mt s phin lm vic ca ngi dng ............................................... 81 Hnh 3.11 Quy trnh xc thc ngi dng xut .............................................. 82



M U

Trong x hi hin i, h thng thng tin lin lc len li vo tng ngc ngch

ca i sng. S gia tng nhu cu truyn s liu v cc thit b thng minh ca ngi

dung t ra thch thc i vi mng c dy truyn thng. iu ny khin cho xu

hng pht trin mng khng dy l tt yu.

Trng i hc Dn Lp Hi Phng pht trin mng khng dy ngay t

nhng ngy thnh lp trng. H thng mng ny hot ng rt tt trong thi gian

di. Tuy nhin, mt vi hc k gn y do s lng ngi dng tng mnh i hi nh

trng phi a ra mt phng thc qun l mng khng dy mnh m, chnh xc

c th p ng c cc nhu cu hc tp, trao i thng tin ca cn b ging vin v

hc sinh trong trng.

Em chn ti Xy dng im kim sot truy cp mng khng dy Hotspot

Gateway c chng thc da trn Mikrotik Router lm n tt nghip ca mnh. Vi

n ny em mong mun gp mt phn nh sc lc vo vic ci thin cht lng phc

v mng khng dy ti nh Trng.

c s ch bo, hng dn tn tnh ca cc thy, c trong Khoa, c bit l

thy gio, Thc s Bi Huy Hng, em hon thnh n vi 03 ni dung chnh:

Th nht l a ra ci nhn tng qut v mng my tnh

Th hai l xy dng m hnh im kim sot truy cp c chng thc da trn

Mikrotik Router Os.

Th ba l mt s gii php khc v kt qu t c sau khi trin khai h thng

chng thc da trn Mikrotik Router Os.

Em mong rng n s a ra cho mi ngi mt ci nhn tng qut v mng

my tnh. Ngoi ra n gii thiu thm mt gii php qun l mng khng dy c

quy m vi chi ph u t thp v hiu qu. Mc d nhn c s ch bo tn tnh ca

cc thy c, nhng do trnh , thi gian c hn nn ti vn mc phi nhng thiu

st. V vy em rt mong nhn c s ch bo, ph bnh v gp qu bu n t thy

c v cc bn.

Em xin chn thnh cm n!



CHNG 1: TNG QUAN V MNG MY TNH

1.1 Khi nim c bn v mng my tnh

Mng my tinh l tp hp cc my tnh c kt ni vi nhau bi cc ng

truyn theo mt cu trc no v thng qua cc my tnh trao i thng tin qua li

cho nhau.

Trong ba th k qua, mi mt th k u b chi phi bi mt cng ngh. Th k

18 l thi i ca cc h thng c kh ln cng cuc cch mng cng nghip. Th k

19 l thi ca my hi nc. Trong sut th k 20 cng ngh ch yu l thu thp, x l

v phn phi thng tin. Cng vi nhng pht trin khc, ta thy s thit lp cc mng

in thoi trn khp th gii, c bit trong thi k ny c s khai sinh v pht trin

cha tng thy ca nn cng nghip my tnh.

Trong qu trnh pht trin ca mng my tnh, cc cng ty, t chc ln lt

a ra nhiu loi mng nh: ARPANET, NFSNET, APPLE TALK, NOVELL

NETWARE v WINDOWS NT

Vo gia nhng nm 50 nhng h thng my tnh u tin ra i, s dng cc

bng n in t c kch thc kh cng knh v tiu tn nhiu nng lng. Vic nhp

d liu vo my tnh c thng qua cc ba c l v kt qu c a ra my in, vic

ny lm mt nhiu thi gian v bt tin cho ngi s dng.

Vo nhng nm 60 cng vi s pht trin ca cc ng dng trn my tnh v

nhu cu troa i thng tin vi nhau, mt s nh chuyn sn xut my tnh nghin

cu ch to thnh cng cc thit b truy cp t xa ti cc my tnh ca h, v y cng

l nhng dng s khai ca h thng my tnh.

Nhng nn 70 h thng thit b u cui 3270 ca IBM ra i cho php m rng

kh nng tnh ton ca cc trung tm my tnh n cc vng xa. n gia nhng nm

70 IBM gii thiu mt lot cc thit b u cui c thit k cho cc ngnh ngn

hng thng mi. Thng qua dy cp mng v cc thit b u cui c th truy cp

cng mt lc n mt my tnh dng chung. n nm 1977, cng ty Datapoint

Corporation tung ra th trng h iu hnh mng ca mnh l Attache Resource



Computer Network cho php lin kt cc my tnh v cc thit b u cui li bng y

cp mng, v chnh l h iu hnh mng u tin.

ng truyn l mt h thng cc thit b truyn dn c dy, khng dy dng

chuyn cc tn hiu in t t my ny sang my khc.

ng truyn kt ni c th l: Cp ng trc, cp i xon, cp quang, cc

ng truyn to nn cu trc mng.

Mng my tinh ra i xut pht t nhu cu chia s v dng chung d liu.

Khng c h thng mng th d liu trn cc my tnh c lp mun chia s vi

nhau phi thng qua vic in n, sao chp qua a mm, CD ROM,iu ny gy ra rt

nhiu bt tin cho ngi s dng.

Li ch ca mng my tnh

- Chia s ti nguyn phn cng; my in, my Fax, modem

- Chia s ti nguyn phn mm; ti liu, phim, nh

- Tng tin cy ca h thng.

Hnh 1.1: M hnh lin kt cc my tnh trong lin kt mng



1.1.1 Phn bit cc loi mng

My tnh ngy nay pht trin khp ni vi nhng ng dng ngy cng a dng

cho nn phn bit mt cch y v chi tit cc loi mng l mt vic rt phc tp.

1.1.1.1 Phn loi mng theo phn vng a l:

GAN (Global Aera Network) : l kt ni my tnh t cc chu lc khc nhau.

Thng thng kt ni ny c thng qua mng vin thng.

Hnh 1.2 : M hnh mng GAN

WAN (Wide Area Network) : mng din rng, dng kt ni my tnh trong

ni b cc quc gia hay gia cc quc gia trong mt vng chu lc. Thng thng kt

ni ny thng c thc hin thng qua mng vin thng. Cc mng WAN c th

c kt ni vi nhau thnh GAN hay t n l GAN.

Hnh 1.3: M hnh mng WAN



MAN (Metropolitan Area Network) : kt ni cc my tnh trong phm vi mt

thnh ph. Kt ni ny c thc hin thng qua cc mi trng truyn thng tc

cao (50-100 Mbit/s).

LAN (Local Area Network) : mng cc b, kt ni cc my tnh trong mt khu

vc bn knh hp thng thng khong vi trm mt. Kt ni c thc hin thng qua

cc mi trng truyn thng tc cao: v d cp ng trc, cp i xon, cp quang.

LAN thng c s dng trong mt c quan / t chc.. nh trng hc, phng thc

hnh cc LAN c th c kt ni vi nhau qua WAN.

Hnh 1.4: M hnh mng LAN

1.1.1.2 Phn loi mng theo chc nng

Mng Client-Server: Mt hay mt s my tnh c thit lp cung cp cc

dch v nh file server, mail serverCc my tnh c thit lp cung cp cc dch

v c gi l Server, cn cc my tnh truy cp v s dng dch v th c gi l

Client.

Hnh 1.5: M hnh mng Client- Server



Mng Peer-to-Peer: Cc my tnh trong mng c th hot ng va nh mt

Client va nh mt Server.

Hnh 1.6: M hnh mng Peer- to- Peer

Mng kt hp:Cc mng my tnh thng c thit lp theo c hai chc nng,

Client-Server v Peer- to- Peer.

1.1.2 Phn loi mng theo cu trc (Topology)

Topology l cu trc hnh hc khng gian ca mng, thc cht n l cch b tr

vt l cc im v cch thc kt ni chng li vi nhau. in hnh v s dng nhiu

nht l cc cu trc: dng hnh sao, dng hnh tuyn, dng vng cng vi cc dng kt

hp ca chng.

1.1.2.1 Mng dng xng sng (Bus topology)

Thc hin theo cch b tr hnh lang, cc my tnh v cc thit b khc- cc nt,

u c kt ni vi nhau trn mt trc ng dy cp chnh chuyn ti tn hiu. tt

c cc nt u s dng chung ng dy cp chnh ny. Pha hai u dy cp c bt

bi mt thit b gi l Terminator. Cc tn hiu v d liu khi truyn i dy cp u

mang theo a ch n ni n.

u im: Loi hnh ny dng dy cp t nht, d lp t gi thnh r.

Nhc im: S n tc giao thng khi di truyn d liu vi lu lng ln. khi

c s hng hc on no th rt kh pht hin, mt s ngng trn ng dy

sa cha s ngng ton b h thng. Cu trc ny ngy nay t s dng.



Hnh 1.7 Cu trc mng dng xng sng (Bus topology)

1.1.2.2 Mng dng vng (Ring topology)

Mng dng ny, b tr theo dng xoay vng, ng dy cp c thit k lm

thnh mt vng khp kn, tn hiu chy quanh theo mt chiu no . Cc nt truyn

tn hiu cho nhau mi thi im ch c mt nt m thi. D liu truyn i phi c

a ch km theo c th ca mi trm tip nhn.

u im : Mng dng vng c thun li l c th ni rng ra xa, tng ng

dy cn thit t hn so vi hai kiu trn. Mi trm c th t c tc ti a khi truy

nhp.

Nhc im: ng dy phi khp kn, nu b ngt mt ni no th ton b

h thng cng b ngng.

Hnh 1.8 Cu trc mng dng vng (Ring topology)

1.1.2.3 Mng dng hnh sao (Star topology)

Mng dng hnh sao bao gm mt b kt ni trung tm v cc nt. Cc nt ny

l cc trm u cui, cc my tnh v cc thit b khc ca mng. B kt ni trung tm

ca mng iu phi mi hot ng trong mng.



Mng dng hnh sao cho php ni cc my tnh vo mt b tp trung (Hub)

bng cp, gii php ny cho php ni trc tip my tnh vi Hub khng cn thng qua

trc bus, trnh c cc yu t gy ngng tr mng.

M hnh kt ni hnh sao ngy nay tr ln ht sc ph bin. Vi vic s dng

cc b tp trung hoc b chuyn mch, cu trc hnh sao c th c m rng bng

cch t chc nhiu mc phn cp, do vy d dng cho vic qun l v vn hnh.

+ Cc u im ca mng hnh sao:

- Hot ng theo nguyn l ni song song nn nu c mt nt thng tin b

hng th mang vn hot ng bnh thng.

- Cu trc mng n gin v cc thut ton iu khin n nh.

- Mng c th d dng m rng hoc thu hp.

+ Cc nhc im mng dng hnh sao:

- Kh nng m rng mng hon ton ph thuc vo kh nng ca trung

tm

- Khi trung tm c s c th ton mng ngng hot ng.

- Mng yu cu ni c lp ring r tng thit b cc nt thng tin n

trung tm. Khong cch t my n trung tm rt hn ch (100 m).

Hnh 1.9 Cu trc mng hnh sao (Star topology)



Mng dng hnh sao cho php ni cc my tnh vo mt b tp trung (Hub)

bng cp, gii php ny cho php ni trc tip cc my tnh vi Hub, khng cn thng

qua trc Bus, trnh c cc yu t gy nhng tr mng.

1.1.2.4 Mng dng kt hp

Kt hp hnh sao v hnh tuyn: Cu hnh mng dng ny c b phn tch tn

hiu(Spitter) gi vai tr thit b trung tm, h thng dy cp mng c th chn Ring

Topology hoc Linear Bus Topology. Li im ca cu hnh ny l mng c th gm

nhiu nhm lm vic xa cch nhau. Cu hnh dng kt hp Star/ Ring Topology c

mt th bi lin lc c chuyn vng quanh mt ci Hub trung tm. Mi trm lm

vic c ni vi Hub l cu ni gia cc trm lm vic v tng khong cch cn thit.

1.2 Mng cc b LAN (Local Area Network)

1.2.1 Khi nim v mng LAN

Cc mng cc b, thng c gi l LAN (Local Area Network), l cc mng

c s hu ring bn trong mt cao c hoc mt khu sn bi c khong cch ln n

vi Km. Cc mng ny c s dng rng ri kt ni cc my tnh c nhn v cc

trm lm vic ( Workstation) trong cc vn phng cng ty hoc cc nh my x nghip

s dng chung cc ngun ti liu.

Cc LAN c phn bit vi cc mng khc bi 3 c tnh:

- Kch thc (hay khong cch).

- Cng ngh truyn trn mng .

- S sp xp hnh hc ca mng (c th l cc topo mng).

Cc LAN b hn ch v khong cch. iu ny c ngha l thi gian truyn

trong trng hp xu nht b gii hn v c bit trc. Vic bit gii hn ny gip ta

c th s dng cc loi thit k no sao cho ph hp. iu ny cng lm n gin vic

qun l mng.

Cc LAN c th s dng cng ngh truyn bao gm mt cp ni vi tt c cc

my c gn vo cp ny. Cc LAN truyn thng hot ng cc tc t 10 Mbp/s

=>100 Mbp/s, c tr hon nh v to ra rt t li. Cc LAN mi hn hot ng tc

ln n 10 Gbps.



1.2.2 M hnh v giao thc

Giao thc mng l tp hp cc quy tc, quy c truyn thng ca mng m tt

c cc thc th ca mng phi tun theo.

1.2.2.1 M hnh OSI (Open Systems Interconnect)

a. M hnh OSI

M hnh OSI c chia lm 7 tng, mi tng bao gm nhng hot ng, thit b

v giao thc mng khc nhau.



7: Application

6: Presentation

5: Session

4: Transport

3: Network

2: Datalink

1: Physical

Bng 1.1 M hnh OSI

Trong m hnh OSI c hai loi giao thc chnh c p dng: giao thc c lin

kt v giao thc khng lin kt:

- Giao thc c lin kt: Trc khi truyn d liu hai tng ng mc cn

thit lp mt lin kt logic v cc gi tin c trao i thng qua lin

kt ny, vic c lin kt logic s nng cao an ton trong truyn d

liu.

- Giao thc khng lin kt: Trc khi truyn d liu khng thit lp lin

kt logic v mi gi tin c truyn c lp vi cc gi tin trc hoc

sau n. Nh vy vi giao thc c lin kt, qu trnh truyn thng phi

gm 3 giai on phn bit.

b. Chc nng ca cc tng trong m hnh OSI

Tng 1: Tng vt l (Physical layer)

Tng vt l l tng di cng ca m hnh OSI: N m t cc c trng vt l

ca mng: Cc loi cp c dng ni cc thit b, cc loi u ni c dng, cc

dy cp c th di bao nhiu Mt khc tng vt l cung cp cc c trng in ca

cc tn hiu c dng khi chuyn d liu trn cp t mt my ny n mt my

khc ca mng, k thut ni mch in, tc cp truyn dn.



Tng vt l khng quy nh mt ngha no cho cc tn hiu ngoi cc gi tr

nh phn 0 v 1. cc tng cao hn ca m hinh OSI ngha ca cc bit truyn tng

vy l s c xc nh.

Tng 2: Tng Lin kt d liu (Data link layer)

Tng lin kt d liu l tng m ngha c gn cho cc bit c truyn

trn mng. Tng lin kt d liu phi quy nh c cc dng thc, kch thc, a ch

my gi v nhn ca mi gi tin c gi i. N phi xc nh c ch truy nhp thng

tin trn mng v phng tin gi mi gi tin sao cho n c a n cho ngi nhn

nh.

Tng lin kt d liu c hai phng thc lin kt da trn cch kt ni cc my

tnh, l phng thc "im - im" v phng thc "im nhiu im". Vi

phng thc "im - im" cc ng truyn ring bit c thit lp ni cc cp

my tnh li vi nhau. Phng thc "im - im" tt c cc my phn chia chung mt

ng truyn vt l.

Tng lin kt d liu cng cung cp cch pht hin v sa li c bn m bo

cho d liu nhn c ging hon ton vi d liu gi i. Nu mt gi tin c li khng

sa c, tng lin kt d liu phi ch ra c cch thng bo cho ni gi bit gi tin

c li n gi li.

Tng 3: Tng Mng (Network layer)

Tng mng nhm n vic kt ni cc mng vi nhau bng cch tm ng

(routing) cho cc gi tin t mt mng ny n mt mng khc. N xc nh vic

chuyn hng, vch ng cc gi tin trong mng, cc gi ny c th phi i qua nhiu

chng trc khi n c ch cui cng. N lun tm cc tuyn truyn thng khng

tc nghn a cc gi tin n ch.

Tng mng cung cc cc phng tin truyn cc gi tin qua mng, thm ch

qua mt mng ca mng. Bi vy n cn phi p ng vi nhiu kiu mng v nhiu

kiu dch v cung cp bi cc mng khc nhau. Hai chc nng ch yu ca tng mng

l chn ng (routing) v chuyn tip (relaying). Tng mng l quan trng nht khi

lin kt hai loi mng khc nhau nh mng Ethernet vi mng Token Ring khi phi

dng mt b tm ng (quy nh bi tng mng) chuyn cc gi tin t mng ny

sang mng khc v ngc li.



Tng 4: Tng vn chuyn (Transport layer)

Tng vn chuyn cung cp cc chc nng cn thit gia tng mng v cc tng

trn. N l tng cao nht c lin quan n cc giao thc trao i d liu gia cc h

thng m. N cng cc tng di cung cp cho ngi s dng cc phc v vn chuyn.

Tng vn chuyn l tng c s m mt my tnh ca mng chia s thng tin

vi mt my khc. Tng vn chuyn ng nht mi trng bng mt a ch duy nht v

qun l s kt ni gia cc trm. Tng vn chuyn cng chia cc gi tin ln thnh cc

gi tin nh hn trc khi gi i. Thng thng tng vn chuyn nh s cc gi tin v

m bo chng chuyn theo ng th t.

Tng vn chuyn l tng cui cng chu trch nhim v mc an ton trong

truyn d liu nn giao thc tng vn chuyn ph thuc rt nhiu vo bn cht ca tng

mng.

Tng 5: Tng giao dch (Session layer)

Tng giao dch thit lp "cc giao dch" gia cc trm trn mng, n t tn nht

qun cho mi thnh phn mun i thoi vi nhau v lp nh x gia cc tn vi a

ch ca chng. Mt giao dch phi c thit lp trc khi d liu c truyn trn

mng, tng giao dch m bo cho cc giao dch c thit lp v duy tr theo ng qui

nh.

Tng giao dch cn cung cp cho ngi s dng cc chc nng cn thit qun

tr cc giao dnh ng dng ca h.

Tng 6: Tng trnh din (Presentation layer)

Trong giao tip gia cc ng dng thng qua mng vi cng mt d liu c th

c nhiu cch biu din khc nhau. Thng thng dng biu din dng bi ng dng

ngun v dng biu din dng bi ng dng ch c th khc nhau do cc ng dng

c chy trn cc h thng hon ton khc nhau (nh h my Intel v h my

Motorola). Tng trnh din (Presentation layer) phi chu trch nhim chuyn i d

liu gi i trn mng t mt loi biu din ny sang mt loi khc. t c iu

n cung cp mt dng biu din chung dng truyn thng v cho php chuyn i t

dng biu din cc b sang biu din chung v ngc li.



Tng trnh din cng c th c dng k thut m ha xo trn cc d liu

trc khi c truyn i v gii m u n bo mt. Ngoi ra tng trnh din

cng c th dng cc k thut nn sao cho ch cn mt t byte d liu th hin thng

tin khi n c truyn trn mng, u nhn, tng trnh by bng tr li c d

liu ban u.

Tng 7: Tng ng dng (Application)

Tng ng dng (Application layer) l tng cao nht ca m hnh OSI, n xc

nh giao din gia ngi s dng v mi trng OSI v gii quyt cc k thut m

cc chng trnh ng dng dng giao tip vi mng.

1.2.2.2 B giao thc TCP/IP (Transmission Control Protocol/Internet Protocol)

a. Tng quan v TCP/IP

TCP/IP l b giao thc cho php kt ni cc h thng mng khng ng nht

vi nhau. TCP/IP c s dng rng ri trong LAN.

TCP/IP c xem l gin lc ca m hnh OSI vi 4 tng nh sau:

- Tng lin kt mng (Network Access Layer).

- Tng Internet (Internet Layer).

- Tng giao vn (Host-to-Host Transport Layer).

- Tng ng dng (Application Layer).

Tng lin kt: (Network Access Layer).

Tng lin kt (cn c gi l tng lin kt d liu hay l tng giao tip mng)

l tng thp nht trong m hnh TCP/IP, bao gm cc thit b giao tip mng v chng

trnh cung cp cc thng tin cn thit c th hot ng, truy nhp ng truyn vt

l qua thit b giao tip mng .

Tng Internet: (Internet Layer)

Tng internet (cn gi l tng mng) x l qu trnh truyn gi tin trn mng.

Cc giao thc ca tng ny bao gm: IP (Internet Protocol), ICMP (Internet Control

Message Protocol), IGMP (Internet Group Messages Protocol).

Tng giao vn: (Host-to Host Transport Layer)



Tng giao vn ph trch lung d liu gia hai trm thc hin cc ng dng ca

tng trn. Tng ny c hai giao thc chnh: TCP (Transmission Control Protocol) v

UDP (User Datagram Protocol).

TCP cung cp mt lung d liu tin cy gia hai trm, n s dng cc c ch

nh chia nh cc gi tin ca tng trn thnh cc gi tin c kch thc thch hp cho

tng mng bn di, bo nhn gi tin,t hn ch thi gian time-out m bo bn

nhn bit c cc gi tin gi i. Do tng ny m bo tnh tin cy, tng trn s

khng cn quan tm n na.

UDP cung cp mt dch v n gin hn cho tng ng dng. N ch gi cc gi

d liu t trm ny ti trm kia m khng m bo cc gi tin n c ti ch. Cc

c ch m bo tin cy cn c thc hin bi tng trn.

Tng ng dng: (Application Layer)

Tng ng dng l tng trn cng ca m hnh TCP/IP bao gm cc tin trnh v

cc ng dng cung cp cho ngi s dng truy cp mng. C rt nhiu ng dng

c cung cp trong tng ny, m ph bin l: Telnet: s dng trong vic truy cp

mng t xa, FTP (File Transfer Protocol): dch v truyn tp, Email: dch v th tn

in t, WWW (World Wide Web).

Cng tng t nh trong m hnh OSI, khi truyn d liu, qu trnh tin hnh t

tng trn xung tng di, qua mi tng d liu c thm vo mt thng tin iu

khin c gi l phn header. Khi nhn d liu th qu trnh xy ra ngc li, d liu

c truyn t tng di ln v qua mi tng th phn header tng ng c ly i v

khi n tng trn cng th d liu khng cn phn header na.



b. Mt s giao thc c bn trong TCP/IP

Giao thc lin mng IP (Internet Protocol)

Giao thc lin mng IP l mt trong nhng giao thc quan trng nht ca b

giao thc TCP/IP. Mc ch l cung cp kh nng kt ni cc mng con thnh lin

mng truyn d liu.

Giao thc IPv4

IPv4 gm 32 bit chia thnh 4 octet ( 1octet = 8 bit), cc octet cch nhau bi du

chm (.). 0 1octet 255.

V d: 11001100. 1111000. 00001100. 10000001

ngn gn ta chuyn sang h thp phn.

204.240.12.129

a ch IPv4: c chia thnh 5 lp A,B,C,D,E; trong 3 lp a ch A,B,C

c dng cp nht, cc lp ny c phn chia bi cc bit u tin trong a ch.

IPv4 lp A: c gi tr 00000001 01111111; (1 127)

Octet 1 (a ch mng ). octet 2.octet 3. octet 4 ( a ch Host)

Lp ny thng c dng cho cc mng c s trm cc ln, thng dnh cho

cc cng ty cung cp dch v ln.

IPv4: lp B c gi tr 10000000 10111111; (128 191).

Octet 1. octet2( a ch mng). octet 3. octet 4( a ch Host).

Lp a ch ny ph hp vi nhiu yu cu nn c cp pht nhiu nn hin

nay kh him.

TPv4: lp C c gi tr 11000000 11011111, (192 233).

Octet 1. octet 2. octet 3 ( a ch mng ). Octet 4( a ch Host).

Lp ny c dng cho cc mng c t trm.

IPv4: lp D c gi tr 11100000 11101111, ( 224 239).

Dng gi gi tin IP n mt nhm cc trm trn mng.

IPv4: lp E c gi tr 11110000 11111111, (240 255)



Lp a ch ny dnh cho nghin cu cha c s dng.

Ngoi giao thc IPv4 cn s dng giao thc lin mng IPv6

IPv6 s dng a ch ln 128 bit do cung cp khng gian a ch ln hn IPv4

nhiu.

To ra nhiu mc phn cp v linh hot trong a ch ha v nh tuyn cn

ang thiu trong IPv4.

Giao thc UDP (User Datagram Protocol)

UDP l giao thc khng lin kt, cung cp dch v khng tin cy, c s dng

thay th cho TCP trong tng giao vn, khc vi TCP, UTP khng c chc nng thit

lp v gii phng lin kt, khng c c ch bo nhn (ACK), khng sp xp tun t cc

n v d liu (Datagram) n, c th dn n tnh trng mt hoc trng d liu m

khng h c thng bo li cho ngi gi.

Giao thc TCP (Transmission Control Protocol)

TCP v UTP l 2 giao thc nm tng giao vn v cng s dng giao thc IP

tng mng , TCP cung cp dch v s dng lin kt tin cy v c lin kt.

TCP cung cp kh nng iu khin lung. Mi u ca lin kt TCP c vng

m gii hn do TCP ti trm nhn ch cho php trm gi truyn mt lng d liu

nht nh. iu ny trnh xy ra trng hp trm c tc cao chim ton b vng

m ca trm c tc trm hn.

So snh gia OSI v TCP/IP

Ging nhau: C 2 u l phn lp.

C 2 u c lp ng dng , qua c nhiu dch v khc nhau.

K thut chuyn mch gi c chp nhn.

Khc nhau.

Mi tng trong TCP/IP c th l 1 hoc nhiu tng trong OSI



Bng sau ch r mi tng quan gia cc tng trong TCP/IP v OSI

OSI TCP/IP

Phycical Layer & Data Link

Layer

Data Link Layer

Network Layer Internet Layer

Transport Layer Transport Layer

Session Layer

Application Layer Presentation Layer

Application Layer

Bng 1.2 S khc nhau ga OSI v TCP/IP

Tng ng dng trong TCP /IP bao gm lun c 3 tng trn ca m hnh OSI.

Tng giao vn trong TCP/IP khng phi lun m bo tin cy truyn tin nh trong

tng gia vn ca OSI m cho php thm 1 la chn khc l UDP

1.2.3 Cc thit b trong mng LAN

h thng mng lm vic trn tru, hiu qu v kh nng kt ni ti nhng h

thng mng khc i hi phi s dng nhng thit b mng chuyn dng. Nhng thit

b ny rt a dng v phong ph v chng loi nhng u da trn nhng thit b c

bn l: H thng cp, Repeater, Hub, Swich, Router v Gateway.

Cc thit b dng kt ni



1.2.3.1 Card mng (NIC)

Hnh 1.10 Card mng TP-LINK (NIC)

mt my tnh kt ni vo mng LAN my tnh bt buc c NIC, mi NIC

s c mt a ch duy nht khng trng vi bt k NIC no khc. a ch ny gi a

ch MAC hay a ch vt l, khi sn xut nh sn xut gn cng a ch MAC vo b

nh ROM ca NIC, khi NIC c gn vo my tnh a ch MAC ca NIC s l a ch

vt l ca my tnh trong mng, khi my tnh khi ng a ch MAC s c np t

ROM ca NIC vo b nh RAM ca my tnh.

1.2.3.2 B lp tn hiu (Repeater)

Hnh 1.11 B lp tn hiu (Repeater)

Repeater l thit b n gin nht trong cc thit b kt ni mng, Repeater nhn

tn hiu t mt phn ca mng v chuyn pht tn hiu ny ti phn cn li trong mng.

Repeater khng c c ch x l tn hiu m n ch loi b cc tn hiu mo, nhiu v

khuch i tn hiu suy hao khi phc li tn hiu ban u. Do Repeater c s

dng nhm lm tng thm chiu di ca mng. C hai loi Repeater c s dng hin

nay l Repeater in v Repeater in quang.



1.2.3.3 B tp trung (Hub)

Hub l im kt ni trung tm ca mng, tt c cc trm trn LAN c kt ni

thng qua Hub vi cc u cm. Hub thc s l nhng Repeater a port, Hub thng

c t 4 n 24 port cn Repeater c 2 port.

C ba loi Hub:

- Hub th ng ( Passive Hub)

- Hub ch ng (Active Hub)

- Hub thng minh (Intelligent Hub)

Hnh 1.12 B tp trung (Hub)

1.2.3.4 B cu ni (Bridge)

Bridge l mt thit b hot ng tng 2 trong m hnh OSI. Bridge lm

nhim v chuyn tip cc khung t nhnh mng ny sang nhnh mng khc. iu quan

trng l Bridge thng minh , n chuyn frame mt cch c chn lc da vo a ch

MAC ca cc my tnh. Bridge cn cho php cc mng c tng vt l khc nhau c th

giao tip c vi nhau. Bridge chia lin mng ra thnh nhng vng ng nh, nh

ci thin c hiu nng ca lin mng tt hn so vi lin mng bng Repeater hay

Hub.



Hnh 1.13 B cu ni (Bridge)

1.2.3.5 B chuyn mch (Switch)

Switch l s tin ha ca Bridge, vi nhiu cng hn v cc mch tch hp

nhanh gim tr ca vic chuyn khung d liu v h tr nhiu tnh nng mi

cha c Bridge.

Switch gi bng a ch MAC ca mi cng v thc hin giao thc Spanning-

Tree. Switch cng hot ng tng data link v trong sut vi cc giao thc tng

trn n.

Hnh 1.14 B chuyn mch (Switch)

1.2.3.6 B nh tuyn (Router)

L thit b hot ng ta tng ba trong m hnh OSI, tuy nhin vn c th hot

ng ti tng hai v tng mt.

N c th tm c ng i tt nht cho cc gi tin qua nhiu kt ni mng

khc nhau, i t trm gi thuc mng u n trm nhn thuc mng cui.

Router c th c s dng ni nhiu mng li vi nhau v cho php cc gi

tin trong gi tin c th i theo nhiu ng khc nhau ti ch . Router truy cp

nhiu thng tin trong gi d liu v dng thng tin ci thin vic phn pht gi d



liu. Cc b nh tuyn c th chia s thng tin trng thi v thng tin nh tuyn vi

nhau s dng thng tin ny b qua cc kt ni hng hoc chm.

Hnh 1.15: B nh tuyn (Router)

1.2.3.7 iu ch v gi iu ch ( Modem)

Modem l thit b tch hp ca mt b iu ch v mt b gi iu ch. L thit

b c chc nng chuyn i tn hiu s thnh tn hiu tng ng v ngc li kt ni

cc my tnh qua ng in thoi.

Hnh 1.16 Modem ADSL

1.3 Mng khng dy WLAN (Wireless Lan)

WLAN l mng kt hp gia mng LAN, d liu c truyn trong dy dn v

mng Wi-fi, d liu c truyn dn s dng sng v tuyn. Cc thnh phn trong

mng s dng sng in t truyn thng vi nhau.

1.3.1 u, nhc im ca mng khng dy WLAN

1.3.1.1 u im ca mng khng dy

- S tin li: Mng khng dy cho php ngi dng c th truy xut ti nguyn

mng bt k u trong phm vi c ph sng. u im ny c th hin ngy

cng r khi cc thit b di ng gia tng nhanh chng.



- Kh nng di ng; Ngi dng c th di chuyn bt k u trng khu vc trin

khai m khng b mt kt ni.

- Kh nng trin khai: Ch cn 1 Access point l c th trin khi mt mng

khng dy nh. Vic trin khai mng khng dy n gin hn so vi mng c dy

trong mt s trng hp nh a hnh khng thun li...

- Kh nng m rng: Mng khng dy c th p ng c s gia tng t ngt

ngi dng trong khi mng c dy phi lp thm cp, thit b...

1.3.1.2 Nhc im ca mng khng dy

- Kh nng bo mt: Do mi trng truyn l khng kh nn kh nng bo mt

km, ngi dng rt d b tn cng.

- Phm vi trin khai: Mt mng vi chun 802.11 v cc thit b thng thng

ch c th ph sng trong phm vi vi chc mt. V vy i vi cc mi trng ln th

cn cc thit b chuyn dng v cc repeater ni cc mng vi nhau. iu ny lm

tng ng k chi ph lp t.

- tin cy ca mng: Do mi trng truyn dn l khng kh nn mng b nh

hng bi cc loi sng khc, gy ra nhiu, gim cng sng. iu ny nh hng

trc tip ti cht lng ca mng.

- Tc ca mng: Mng khng dy thng c tc t 1-1300 Mbps, chm

hn rt nhiu so vi mng c dy (10 - 10000 Mbps).

1.3.2 Cc thit b c bn

1.3.2.1 (Wireless NIC)

access point. Wireless card ng vai tr nh mt b thu pht tn hiu gip cc thit b

s trao i d liu vi nhau hoc truy cp Internet tc cao theo chun IEEE 802.11g

hoc IEEE 802.11b hoc IEEE 802.11a trong bn knh 100m (nu trong nh) v

300m (nu ngoi tri). Li im ln nht ca wireless card chnh l vic gip ngi

dng loi b cc si cp lng nhng bt tin, ngi dng c th mang my tnh, PDA

n bt c u c ph sng kt ni Internet m khng cn cp cng nh cc khai

bo phc tp.



1.17

Hnh 1.18 Card mng khng dy chun PCMCIA

Hnh 1.19 Usb wifi TpLink

1.3.2.2 Modem khng dy (Acess point)

Access Point l thit b ni kt gia mng c dy v mng khng dy. Cc thit b

ny h tr bng thng 11Mbps, 54Mbps, v hot ng ti bng tng 2.4GHz, 5 GHz

, h tr m ha (WEP) 64/128bit, h tr DHCP, h tr firewall, h tr Port Ethernet,

Hnh 1.20 Access Point



1.3.2.3 Bridge khng dy (Wbridge)

Wbridge (Bridge khng dy) tng t nh cc im truy cp khng dy tr

trng hp chng c s dng cho cc knh bn ngoi. Wbridge c thit k ni

cc mng vi nhau, c bit vi cc mng khng dy c khong cch xa ln ti 32 km.

Wbridge c th lc lu lng v m bo cc h thng mng khng dy c kt ni

tt m khng b mt lu lng.

Hnh 1.21 Wbridge

1.3.2.4 Wireless Router

Wireless Router Mt Wireless Router cng lm cng vic ni kt cc my

computer cng mt network ging nh access point, nhng wireless router c thm

nhng b phn phn cng khc gip n ni kt gia nhng network khc nhau li.

Internet l mt h thng network khng l v khc vi h thng LAN ca bn. c

th ni kt vi mt h thng network khc chng hn nh internet, th bn phi dng

wireless router. Wireless Router s gip tt c cc my computer ca bn ni kt vo

internet cng mt lc. S khc bit m bn c th phn bit d dng l wireless router

c thm mt l cm ghi WAN cm vo DSL hoc Cable modem.



Hnh 1.22 Cc cng kt ni ca 1 wireless router thng thng

Nn s dng Access Point hay Wireless Router? Nu khng cn s dng

internet m ch cn ni kt tt c cc my trong nh li bng h thng wireless th

chng ta s dng Wireless Access Point v n r tin hn. Cn nu mun ni kt tt c

cc my trong nh li v vo c lun internet cng mt lc th bn s dng wireless

router.

Wireless router c th hot ng nh mt access point, cc my tnh ni vo 2

thit b ny u cng thuc mt lp mng nu ta dng cp cho ni port LAN ca

ADSL modem sang port LAN bn wireless router. Tuy nhin ta nn s dng router vi

ng chc nng l mt router, lc ny h thng s c 2 nt mng, tr nn bo mt hn

v router c th tn dng c ng vi tnh nng nh tuyn ca n v mt s chc

nng nng cao khc nh: NAT, firewall, iu phi bng thng,

1.3.3 Cc m hnh mng khng dy

1.3.3.1 M hnh mng Ad-hoc

Trong m hnh mng ad-hoc, cc client kt ni trc tip vi nhau m khng cn

thng qua Access point nhng phi trong phm vi cho php. M hnh mng nh nht

trong chun 802.11 l 2 my client lin lc trc tip vi nhau. Thng thng m hnh

ny c thit lp bao gm mt s client c ci t dng chung mc ch c th

trong khong thi gian ngn .Khi m s lin lc kt thc th m hnh add-hoc ny cng

c gii phng.



Hnh 1.23 M hnh mng Ad-hoc

1.3.3.2 M hnh mng c s (BSSs)

The Basic Service Sets (BSS) l mt kin trc nn tng ca mng 802.11. Cc

thit b giao tip to nn mt BSS vi mt AP duy nht vi mt hoc nhiu client. Cc

my trm kt ni vi sng wireless ca AP v bt u giao tip thng qua AP. Cc my

trm l thnh vin ca BSS c gi l c lin kt.

Thng thng cc Access point c kt ni vi mt h thng phn phi trung

bnh (DSM), nhng khng phi l mt yu cu cn thit ca mt BSS. Nu mt

Access point phc v nh l cng vo dch v phn phi, cc my trm c th giao

tip, thng qua Access point, vi ngun ti nguyn mng ti h thng phn phi

trung bnh. N cng cn lu l nu cc my client mun giao tip vi nhau, chng

phi chuyn tip d liu thng qua cc Access point. Cc client khng th truyn thng

trc tip vi nhau, tr khi thng qua cc Access point.



Hnh 1.24 M hnh mng c s BSSs

1.3.3.3 M hnh mng m rng (ESSs)

M hnh mng m rng ESSs l mt tp hp cc mng c s BSSs. Cc mng

BSSs giao tip vi nhau thng qua Access point. Cc mng BSSs chng cho ln nhau

to ra s lin tc cho client khi client di chuyn t vng ny sang vng khc ca ESSs.

Hnh 1.25 M hnh mng m rng ESSs

1.3.4 Cc chun IEEE 802.11 thng dng

Hin nay, wireless network, c th hn l wireless LAN dng cc chun dng

802.11. Chun ny c ra i vo nm 1997. y l chun s khai ca mng ko dy,



n m t cch truyn thng trong mng ko dy s dng cc phng thc nh DSSS,

FHSS v Infrared

Tc hot ng t 1 - 2 Mbs, hot ng trong bng tn 2.4GHz. Sau ny

chun ny cn c b sung thm nhiu chun mi c dng 802.11x.

a. 802.11: ra i nm 1997. y l chun s khai ca mng khng dy, n m t

cch truyn thng trong mng khng dy s dng cc phng thc nh DSSS, FHSS,

infrared (hng ngoi). Tc hot ng ti a l 2 Mbps, hot ng trong bng tn 2.4

GHz ISM. Hin nay chun ny rt t c s dng trong cc sn phm thng mi.

b. 802.11b : y l mt chun m rng ca chun 802.11, n ci tin DSSS

tng bng thng ln 11 Mbps, cng hot ng bng tn 2.4 GHz v tng thch

ngc vi chun 802.11. Chun ny trc y c s dng rng ri trong mng

WLAN nhng hin nay th cc chun mi vi tc cao hn nh 802.11a v 802.11g

c gi thnh ngy cng h dn thay th 802.11b.

c. 802.11a : Chun ny s dng bng tn 5 GHZ UNII nn n s khng giao tip

c vi chun 802.11 v 802.11b. Tc ca n ln n 54 Mbps v n s dng cng

ngh OFDM. Chun ny rt thch hp khi mun s dng mng khng dy tc cao

trong mi trng c nhiu thit b hot ng bng tn 2.4 Ghz v n khng gy nhiu

vi cc h thng ny.

d. 802.11g : chun ny hot ng bng tn 2.4 GHz, s dng cng ngh

OFDM nn c tc ln n 54 Mbps (nhng khng giao tip c vi 802.11a v

khc tn s hot ng). N cng tng thch ngc vi chun 802.11b v c h tr

thm DSSS (v hot ng cng tn s). iu ny lm cho vic nng cp mng khng

dy t thit b 802.11b t tn km hn. Trong mi trng va c c thit b 802.11b ln

802.11g th tc s b gim ng k v 802.11b khng hiu c OFDM v ch hot

ng tc thp.

e. 802.11e : y l chun b sung cho chun 802.11 c, n nh ngha thm cc

m rng v cht lng dch v (QoS) nn rt thch hp cho cc ng dng nh

multimedia nh voice

f. 802.11f : c ph chun nm 2003. y l chun nh ngha cc thc cc AP

giao tip vi nhau khi mt client roaming tng vng ny sang vng khc. Chun ny

cn c gi l Inter-AP Protocol (IAPP). Chun ny cho php mt AP c th pht



hin c s hin din ca cc AP khc cng nh cho php AP chuyn giao client

sang AP mi (lc roaming), iu ny gip cho qu trnh roaming c thc hin mt

cch thng sut.

g. 802.11i : l mt chun v bo mt, n b sung cho cc yu im ca WEP

trong chun 802.11. Chun ny s dng cc giao thc nh giao thc xc thc da trn

cng 802.1X, v mt thut ton m ha c xem nh l khng th crack c l

thut ton AES (Advance Encryption Standard), thut ton ny s thay th cho thut

ton RC4 c s dng trong WEP.

h. 802.11h : chun ny cho php cc thit b 802.11a tun theo cc quy tc v

bng tn 5 Ghz chu u. N m t cc c ch nh t ng chn tn s (DFS =

Dynamic Frequency Selection) v iu khin cng sut truyn (TPC = Transmission

Power Control) thch hp vi cc quy tc v tn s v cng sut ca Chu u.

i. 802.11j : c ph chun thng 11/2004 cho php mng 802.11 tun theo cc

quy tc v tn s bng tn 4.9 Ghz v 5 Ghz Nht Bn

k. 802.11d : chun ny chnh sa lp MAC ca 802.11 cho php my trm s

dng FHSS c th ti u cc tham s lp vt l tun theo cc quy tc ca cc nc

khc nhau ni m n c s dng.

l. 802.11s : nh ngha cc tiu chun cho vic hnh thnh mng dng li

(mesh network) mt cch t ng gia cc AP 802.11 vi nhau.

Chun ny ang c xy dng, c tc rt cao, t 200 - 540 Mbps, hot ng

2 gii bng tn l 2,4 GHz v 5 GHz.

m.802.11ac: Ngy 8/12/201, nh sn xut chip truyn thng cng b chun Wifi

mi 802.11ac. Chun ny cho php cung cp thng lng ln ti 1.3Gbps vi phm vi

di hn v kh nng xuyn tng tt hn. Chun 802.11ac l mt bc tin ln t

802.11n chun hin hnh thng c tc khong 450 Mbps.



CHNG 2: XY DNG IM KIM SOT TRUY CP MNG

KHNG DY HOTSPOT GATEWAY C CHNG THC DA

TRN MIKROTIK ROUTER OS

2.1 Hotspot v vn bo mt

2.1.1 Hotspot v cng ngh Captive Portal l g

Hospot l mt a im vi cng ngh Captive Portal s bt buc my tnh

mun s dng mng th trc tin phi s dng trnh duyt c chuyn hng ti

mt trang c bit xc thc ngi dng.

Hotspot cung cp cc dch v kt ni khng dy v dch v truy cp Internet tc

cao thng qua hot ng thu pht ca cc cc thit b pht sng khng dy (Wireless

Access Point). Bn c th gia nhp vo im Hotspot s dng cc dch v nu

bn trong vng ph sng v my tnh hoc thit b ... ca bn c trang b card mng

khng dy. Hin nay s lng cc im Hotspot ang tng nhanh chng, c bit ti

cc khu vc cng cng nh nh hng, sn bay, ga tu, qun cafe...

Nhng iu cn thit tham gia vo mt im truy cp Hotspot

My tnh hoc thit b di ng ca bn cn trang b tnh nng khng dy. Trong

trng hp thit b cha c th bn cn mua thm cc loi Card mng khng dy ph

hp. Hin nay phn ln cc im Hotspot u s dng cc thit b thu pht sng chun

n (802.11n).

i vi cc Hotspot min ph, ch cn mt s thng tin tham gia vo mng.

Cn i vi cc Hotspot thng mi hoc c chng thc th cn ng k ti khon

trc khi tham gia ln u. Ti khon ny c cung cp bi ngi qun tr ca im

hotspot .



2.1.2 Vn bo mt ti cc im Hotspot

i vi cc im Hotspot min ph, v mc ch n gin ha qu trnh tham gia

ca ngi dng nn nhng tnh nng bo mt khng c kch hot hoc kch hot hn

ch.

i vi cc im Hotspot thng mi th yu cu mc bo mt cao hn.

Ngi dng mun gia nhp mng cn qua mt s bc chng thc bng key, a ch

Mac, hoc ti khon mt khu... Ngi dng mun tham gia mng cn lin h vi

ngi qun tr c th c chng thc.

Giao thc WEP

WEP (Wired Equivalent Privacy) ngha l bo mt tng ng vi mng c

dy (Wired LAN). Khi nim ny l mt phn trong chun IEEE 802.11. Theo nh

ngha, WEP c thit k m bo tnh bo mt cho mng khng dy t mc

nh mng ni cp truyn thng. i vi mng LAN (nh ngha theo chun IEEE

802.3), bo mt d liu trn ng truyn i vi cc tn cng bn ngoi c m

bo qua bin php gii hn vt l, tc l hacker khng th truy xut trc tip n h

thng ng truyn cp. Do chun 802.3 khng t ra vn m ha d liu

chng li cc truy cp tri php. i vi chun 802.11, vn m ha d liu c u

tin hng u do c tnh ca mng khng dy l khng th gii hn v mt vt l truy

cp n ng truyn, bt c ai trong vng ph sng u c th truy cp d liu nu

khng c bo v.

Hnh 2.1: Quy trnh m ha WEP s dng thut ton RC4



WEP cung cp bo mt cho d liu trn mng khng dy qua phng thc m

ha s dng thut ton i xng RC4, c Ron Rivest - thuc hng RSA Security Inc

pht trin. Thut ton RC4 cho php chiu di ca kha thay i v c th ln n 256

bit. Chun 802.11 i hi bt buc cc thit b WEP phi h tr chiu di kha ti

thiu l 40 bit, ng thi m bo ty chn h tr cho cc kha di hn. Hin nay, a

s cc thit b khng dy h tr WEP vi ba chiu di kha: 40 bit, 64 bit v 128 bit.

Vi phng thc m ha RC4, WEP cung cp tnh bo mt v ton vn ca thng tin

trn mng khng dy, ng thi c xem nh mt phng thc kim sot truy cp.

Mt my ni mng khng dy khng c kha WEP chnh xc s khng th truy cp

n Access Point (AP) v cng khng th gii m cng nh thay i d liu trn ng

truyn.

Giao thc WAP

Wi-Fi Alliance a ra gii php gi l Wi-Fi Protected Access (WPA). Mt

trong nhng ci tin quan trng nht ca WPA l s dng hm thay i kho TKIP

(Temporal Key Integrity Protocol). WPA cng s dng thut ton RC4 nh WEP,

nhng m ho y 128 bit. V mt c im khc l WPA thay i kho cho mi

gi tin. Cc cng c thu thp cc gi tin ph kho m ho u khng th thc hin

c vi WPA. Bi WPA thay i kho lin tc nn hacker khng bao gi thu thp

d liu mu tm ra mt khu. Khng nhng th, WPA cn bao gm c ch kim tra

tnh ton vn ca thng tin (Message Integrity Check). V vy, d liu khng th b

thay i trong khi ang trn ng truyn. Mt trong nhng im hp dn nht ca

WPA l khng yu cu nng cp phn cng. Cc nng cp min ph v phn mm cho

hu ht cc card mng v im truy cp s dng WPA rt d dng v c sn.

WPA c sn 2 la chn: WPA Personal v WPA Enterprise. C 2 la chn ny

u s dng c ch m ha TKIP (Temporal Key Integrity Protocol), s dng thut

ton RC4 m ha vi 128bit cho m ha v 64bit cho chng thc, v s khc bit

ch l kho khi to m ho lc u. WPA Personal thch hp cho gia nh v mng

vn phng nh, kho khi to s c s dng ti cc im truy cp v thit b my

trm. Trong khi , WPA cho doanh nghip cn mt my ch xc thc v 802.1x

cung cp cc kho khi to cho mi phin lm vic.

Trong khi Wi-Fi Alliance a ra WPA, v c coi l loi tr mi l hng d

b tn cng ca WEP, nhng ngi s dng vn khng thc s tin tng vo WPA. C



mt l hng trong WPA v li ny ch xy ra vi WPA Personal. Khi m s dng hm

thay i kho TKIP c s dng to ra cc kho m ho b pht hin, nu hacker

c th on c kho khi to hoc mt phn ca mt khu, h c th xc nh c

ton b mt khu, do c th gii m c d liu. Tuy nhin, l hng ny cng s b

loi b bng cch s dng nhng kho khi to khng d on (ng s dng nhng t

nh "password, 123456, abcdef, " lm mt khu).

iu ny cng c ngha rng k thut TKIP ca WPA ch l gii php tm thi,

cha cung cp mt phng thc bo mt cao nht. WPA ch thch hp vi nhng cng

ty m khng truyn d liu "mt" v nhng thng mi, hay cc thng tin nhy cm...

WPA cng thch hp vi nhng hot ng hng ngy v mang tnh th nghim cng

ngh.

Hnh 2.2: Messages trao i trong qu trnh authentication.

Giao thc WAP2

WPA2 l mt chun ra i sau WPA v c kim nh ln u tin v ngy

1/9/2004. WPA2 c National Institute of Standards and Technology (NIST) khuyn



co s dng. WPA2 cng c cp bo mt rt cao tng t nh chun WPA, nhm

bo v cho ngi dng v ngi qun tr i vi ti khon v d liu. Nhng trn thc

t WPA2 cung cp h thng m ha mnh hn so vi WPA, v y cng l nhu cu

ca cc tp on v doanh nghip c quy m ln. WPA2 s dng rt nhiu thut ton

m ha d liu nh TKIP, RC4, AES v mt vi thut ton khc. Nhng h thng

s dng WPA2 u tng thch vi WPA.

Mt gii php v lu di l s dng 802.11i tng ng vi WPA2, c

chng nhn bi Wi-Fi Alliance. Chun ny s dng thut ton m ho mnh m v

c gi l chun m ho nng cao AES (Advanced Encryption Standard). AES s

dng thut ton m ho i xng theo khi Rijndael, s dng khi m ho 128 bit, v

192 bit hoc 256 bit. Tuy nhin thut ton ny i hi mt kh nng tnh ton cao (high

computation power). Do , 802.11i khng th update n gin bng phn mm m

phi c mt b x l chuyn dng (dedicated chip). Tuy nhin iu ny c c

tnh trc bi nhiu nh sn xut nn hu nh cc chip cho card mng Wifi t u nm

2004 u thch ng vi tnh nng ca 802.11i.

nh gi chun m ho ny, Vin nghin cu quc gia v Chun v Cng

ngh ca M, NIST (National Institute of Standards and Technology), thng qua

thut ton m i xng ny. V chun m ho ny c s dng cho cc c quan chnh

ph M bo v cc thng tin nhy cm.

Trong khi AES c xem nh l bo mt tt hn rt nhiu so vi WEP 128 bit

hoc 168 bit DES (Digital Encryption Standard), m bo v mt hiu nng, qu

trnh m ho cn c thc hin trong cc thit b phn cng nh tch hp vo chip.

Tuy nhin, rt t ngi s dng mng khng dy quan tm ti vn ny. Hn na,

hu ht cc thit b cm tay Wi-Fi v my qut m vch u khng tng thch vi

chun 802.11i.



Gii php Radius Server

Vic chng thc ca 802.11 c thc hin trn mt server ring. Server ny s

qun l cc thng tin xc thc ngi s dng nh tn ng nhp (username) v mt

khu (password), m s th, du vn tay... Khi ngi dng gi yu cu chng thc,

server ny s tra cu d liu xc nh ngi dng c hp l hay khng, c cp

quyn truy cp mc no... Server ny c gi l Radius (Remote Authentication

Dial-in User Service) Server = My ch cung cp dch v chng thc ngi dng t

xa.

Hnh 2.3 Chng thc s dng Radius Server



Hnh 2.4 Messages trao i trong qu trnh authentication.

2.2 Tnh kh thi ca m hnh kim sot truy cp khng dy chng thc da trn

Mikrotik Router OS

2.2.1 Tnh kh thi v mt cng ngh

- Do l mt h iu hnh c chy da trn nhn Linux 2.6 nn yu cu cu

hnh thp (ngay c cc my PIII, dung lng a cn trng ti thiu 64MB) nhng

vn p ng qun tr c s lng ngi dng cn thit vi tnh n nh cao.

- Kim sot ngi dng truy cp mng khng dy vi ti khon mt khu do

ngi qun tr cung cp (ngi dng c th t i mt khu ca mnh).

- Kim sot dung lng d liu, thi gian s dng.

- Phn mm ci t d dng, kh nng backup, restore khi nhanh chng.

- H tr a dng cc giao din tng tc nh: dng lnh, web, mt s cng c

lp trnh khc...



2.2.2 Tnh kh thi v mt s dng

-Mikrotik ng th 6/10 gii php qun l h thng Wi-fi ph bin th gii

c trin khai ti cc a im cng cng, nh ga... sn bay nh sn bay LaGuardia

New York, Paul International Minneapolis-St. Ngoi ra Mikrotik cn c trin khai

c quyn ti mt tiu bang ca Bzazil.

- Gi thnh: 250 USD cho mt License theo cng LV6. Mikrotik hin cho

php chuyn i License sang mt cng khc vi gi 10 USD i vi mt s t chc

uy tn nu cng h b li hoc hng.

- Kh nng ty bin ngi dng cao

- Ph hp vi iu kin thc t ca trng nh to ngi dng ln, n gin v

c quy tc (hin to 1 ln hn 7700 ti khon dnh cho cc Sinh vin, Cn b,

Ging vin v Nhn vin ton Trng).

- i vi ngi dng: c th qun l c bng thng, lu lng, tc , thi

gian s dng...

- H thng h tr thng k hon thin, nhanh chng.

- Kh nng p dng ti cc a im khc ca trng cao.

- Ti liu s dng, qun l y .

2.2.3 Tnh kh thi v hiu qu s dng

- Tnh tng thch cao: Phn mm tng thch hu ht vi cc thit b c phn

cng kt ni wifi nh laptop, in thoi di ng, tablet... v tng thch vi hu ht cc

h iu hnh nh Windows, m ngun m, Ios Apple,Rim OS...

- Mikrotik OS cung cp sn giao din ngi dng thng qua web ngi dng

c th t i mt khu, thng tin c nhn m khng cn lin h vi ngi qun tr.

ng thi ngi dng c th kim sot chnh lu lng m mnh s dng c th

a ra cch s dng hp l.

2.3 Ci t Mikrotik Router OS

- Chun b: Ti Mikrotik Router OS v6.0rc14 dnh cho PC/x86 di dng ISO

(image cdrom) . Ghi file ny ra a CD dng ci t.



- Ty chnh PC khi ng t a CD.

- Khi ng PC bt u ci t.

- Giao din u tin chn cc thnh phn m ngi qun tr mun.

Hnh 2.5 Cc ty chn ci t Mikrotik Router OS

- Dng cc phm P, N di chuyn ln xung, phm Space chn. Hoc c th

n nt A chn tt c.

- Sau khi chn xong n nt I bt u ci t.



Hnh 2.6 Ci t Mikrotik Router OS

- Tin trnh ci t xut hin 2 cu hi.

- Cu 1 chn Y gi li cu hnh c. N b qua.

- Chn Y bt u ci t.



- Sau khi qu trnh ci t hon tt, ly a CD ra khi CD v n Enter khi

ng li my tnh.

Hnh 2.7 Hon tt ci t Mikrotik Router OS

- Qu trnh ci t hon tt, mn hnh hin ln yu cu ng nhp h thng. Ta

s dng ti khon admin v mt khu trng ng nhp ln u tin.

Hnh 2.8 Giao din ng nhp Mikrotik Router OS



- Giao din chnh sau khi ng nhp:

Hnh 2.9 Giao din chnh Mikrotik Router OS

2.4 Cu hnh Mikrotik Router OS s dng giao din command line

2.4.1 Cu hnh a ch IP

- My tnh cn m bo c 2 card mng (NIC) cn hot ng tt. Ta cu hnh IP

cho NIC 1 kt ni vi internet (NIC WAN).

- Cu hnh IP ra Internet ca NIC 1 l: 192.168.0.150/24

[admin@MikroTik] >/ip address add address=192.168.0.150/24 interface=ether1

comment=WAN

- Cu hnh IP cho NIC 2 kt ni vi cc AP hay mng LAN ca cc my con l

192.168.1.1/24.

[admin@MikroTik] >/ip address add address=192.168.1.1/24 interface=ether2

comment=LAN

- Cu hnh a ch IP cho gateway l 192.168.0.1 v nhng yu cu no gateway

khng bit s c tr thng ra internet qua a ch 0.0.0.0/0

[admin@MikroTik] > ip route add gateway=192.168.0.1 dst-address=0.0.0.0/0



Hnh 2.10 Cu hnh IP cho Mikrotik OS

2.4.2 Cu hnh dhcp-server

- Thm cc thng tin DNS cho my ch. Nu trong mng c my ch DNS th

ta thm a ch my ch ny vo.

[admin@MikroTik] /ip dns set servers=203.162.0.182,8.8.8.8,8.8.4.4

- G lnh sau hin th cc dng yu cu nhp thng tin dhcp-server:

[admin@MikroTik] > ip dhcp-server setup

dhcp server interface: ether2

dhcp address space: 192.168.1.0/24

gateway for dhcp network: 192.168.1.1

addresses to give out: 192.168.1.2-192.168.1.254 (y l di IP m dc v dhcp s cp

cho cc my con khi kt ni)

dns servers: 203.162.0.182,8.8.8.8 ( y nhp a ch IP ca my ch DNS server,

nu trong mng c my ch DNS th nhp IP ca my ch . Nu khng th nhp ip

primary v second dns server cch nhau bi du phy)

lease time: 3d (Thi gian cho thu mc nh l 03 ngy)



Hnh 2.11 Cu hnh dhcp-server

2.4.3 Cu hnh Hotspot

- G lnh sau hin th cc dng yu cu nhp thng tin hotspot:

[admin@MikroTik] > ip hotspot setup

hotspot interface: ether2

local address of network: 192.168.1.1/24

masquerade network: yes

address pool of network: 192.168.1.2-192.168.1.254

select certificate: none (mc nh xut hin dng import-other-certificate, chng ta

xa dng v nhp vo none)

ip address of smtp server: 0.0.0.0 (Nu trong mng c my ch smtp th nhp a ch

ca my ch vo, nu khng c th mc nh l 0.0.0.0)

dns servers: 203.162.0.182,8.8.8.8



dns name:

name of local hotspot user: user (To account cho h thng dng ng nhp

hotspot)

password for the user: 123 (Mt khu ca ti khon trn).

Hnh 2.12 Cu hnh Hotspot

2.4.4 Cu hnh NAT

[admin@MikroTik] > ip firewall nat add chain=srcnat action=masquerade out-

interface=ether1



Hnh 2.13 Cu hnh NAT

2.4.5 Mt s lnh c bn

- Lnh thay i mt khu ti khon admin

[admin@MikroTik] >> password

old-password: ( trng nu thay i mt khu ln u)

new-password: (Mt khu mi)

confirm-new-password: (G li mt khu mi)

- Lnh lin quan IP, gateway

[admin@MikroTik] > ip address print detail

[admin@MikroTik] > ip route print detail

- Lnh xa a ch IP khi nhp sai:

[admin@MikroTik] > ip route remove x

[admin@MikroTik] > ip address remove x

(Trong x l s th t ca IP, s th t nh t 0 tr ln)

- Lnh tt v khi ng li my:

[admin@MikroTik] >> system reboot

Reboot, yes? [y/N]: (Chn Y khi ng li)

[admin@MikroTik] >> system shutdown

Reboot, yes? [y/N]: (Chn Y tt my)

- Lnh thit lp li ton b cu hnh

[admin@MikroTik] > system reset

Dangerous! Reset anyway? [y/N]: (Chn Y thc hin)



2.5 Cu hnh h thng Hotspot vi giao din GUI thng qua Winbox

Sau khi ci t xong Mikrotik Router OS, ta cu hnh a ch IP (nh trong phn

2.4.1). S dng phn mm Winbox trn mt my tnh khc trong cng mng kt ni

ti my ch Mikrotik qua a ch IP ca NIC1 (NIC WAN).

Hnh 2.14 Giao din Winbox

2.5.1 Cu hnh DNS v dhcp-server

- Trong menu chnh chn IP>DNS

- Trong bng DNS Settings in thng tin DNS nh hnh di. Nu trong mng

c my ch DNS th in IP ca my ch vo.



Hnh 2.15 Cu hnh DNS bng giao din GUI

- T menu chnh bn tri chn IP>DHCP Server

- Trong bng DHCP Server chn DHCP Setup v lm theo hnh di:

Hnh 2.16 Cu hnh DHCP Server qua giao din GUI

- Trong mc DHCP server Interface chn ether2. Nhn Next tip tc.




- Gi nguyn a ch Gateway v chn Next


- Dy a ch IP DHCP s cp pht cho cc client khi kt ni.




- Tip theo ta s khai bo DNS, do thit lp DNS trn nn ta mc

nh v nhn Next.


- Chn thi gian cho thu a ch IP, mc nh l 3 ngy. Nhn Next

tip tc. Cui cng chn OK hon thnh qu trnh cu hnh dch v DHCP

Server.




2.5.2 Cu hnh Hotspot

- T menu chnh bn tri chn: IP > Hotspot

- Trong bng Hotspot chn Hotspot Setup

Hnh 2.22 Cu hnh Hotspot qua giao din GUI



- Trong mc Hotspot Interface chn ether2. Nhn Next tip tc.


- Gi nguyn gi tr Local Address of Network. Nhn Next tip tc.




- Address Pool of Network l di a ch IP m hotspot s cp cho client

khi tham gia vo mng. Nhn Next tip tc.


- Chn none cho Select Certificate. Nhn Next tip tc.


- Nhp a ch my ch SMTP. Nhn Next tip tc.




- Nhp a ch ca my ch DNS v tip tc.


- Nhp tn ca my ch DNS nu c, hoc trng nu trong mng

khng c my ch DNS Server. Nhn Next tip tc.




- Nhp tn ca ti khon Hotspot v mt khu. y l ti khon dng

ng nhp th Hotspot. Nhn Next tip tc. Nhn Ok kt thc qu trnh

ci t Hotspot.

2.5.3 Cu hnh NAT

- Trn menu chnh bn tri chn: IP > Firewall. Trong bng Firewall

chn tab NAT. Nhp + thm.



Hnh 2.30 Cu hnh NAT thng qua giao din GUI

- Chain= srcnat

- Src.Address= 192.168.1.0/24 (y l di IP m DHCP s cp cho cc

my con khi kt ni vo mng).

- Out.Interface = ether1 (NIC WAN)

- Tip theo chn tab Action, chn Action=Masquerade. Nhn Apply

p dng, OK hon thnh.

2.6 Cu hnh Radius

Trong menu chnh bn tri chn : Radius

Trong bng Radius chn thm radius

Trong bng New Radius Server:

- Chn hotspot, login trong mc Services

- Address: 127.0.0.1

- Secret:hpu.edu.vn



- Chn Accounting backup

Hnh 2.31 Cu hnh Radius qua giao din GUI

Chn Apply v Ok hon thnh thm Radius

Trong menu chnh bn tri chn : IP>Hotspot

Trong bng Hotspot, chn tab Server Profile

Nhp chn profile: hsprof1 bng cu hnh Hotspot Server Profile

Trong tab Radius chn Use RADIUS




Nhp Apply v Ok hon thnh.

Thc hin tng t i vi Profile default

ng nhp trang qun tr User manager vi a chi: 192.168.0.150 vi ti khon

admin v mt khu trng.

Thm mt Router vi thng tin sau:

- Name: HS

- Ip address:127.0.0.1

- Shared secret: hpu.edu.vn



CHNG 3: THC NGHIM V TRIN KHAI H THNG

3.1 t vn

H thng mng khng dy ca trng i hc Dn Lp Hi Phng c xy

dng t nhng nm 2008 v khng ngng c nng cp, lp mi im pht sng hng

nm. T khi xy dng cho n nay, h thng mng vn hot ng da trn s t gic

ca ngi dng (bao gm c Sinh vin v CBCNV), trong nhng giai on u h

thng hot ng tt v em li hiu qu cao. Tuy nhin, trong thi gian 3 k hc gn

y (k 1, 2 nm 2012 v k 1 nm 2013 ), phng Qun tr mng nhn c kh nhiu

kin n t Sinh vin, Cn b ging vin... phn hi v cht lng cng nh nhng

s c thng xuyn gp phi khi s dng mng khng dy. C nhng thi im hu

ht cc im truy cp (Access Point) khng th phc v. Nhiu ngi s dng cc ng

dng h tr download chim bng thng ln, gy t lit h thng dn n nhng lng

ph khng ng c v s mt cng bng gia cc ngi s dng. Ngi vo trc th

s dng v ti v, ngi chm chn th khng c kh nng chen chn vo mng.

Trc thc trng nh vy, Ban lnh o nh trng yu cu phng Qun tr

mng xy dng phng n qun l wifi mi nhm m bo cc yu cu chnh nh sau:

- Phc v ng ngi dng trong trng (hn 7700 Sinh vin v hn 300

Ging vin, cc cn b nhn vin khc...) thng qua ti khon, mt khu cho

tng i tng.

- m bo quyn li mi c nhn khi tham gia s dng mng wifi phi cng

bng, c m bo nhng nhu cu c bn nht phc v cng tc nghin

cu ging dy, hc tp, trao i thng tin, tra cu ti liu...

- Ti u h thng, trnh lng ph, khai thc ti a ngun lc hin c.

- Xy dng c ch ph hp tin ti p dng hnh thc thu ph trong qu

trnh phc v ca mng khng dy sau ny.

3.2 Mt s gii php xut

3.2.1 Pht trin trn Radius Of Windows

RADIUS ( Remote Authentication Dial In User Service) l mt giao thc c

nh ngha trong RFC 2586 vi kh nng cung cp xc thc tp trung, cp php v iu



khin truy nhp (Authentication, Authorization, v Access Control AAA) cho cc

phin lm vic vi SLIP v PPP Dial-up nh vic cung cp xc thc ca cc nh

cung cp dch v Internet (ISP) u da trn giao thc ny xc thc ngi dng khi

h truy cp Internet. N cn thit trong NAS Network Access Server lm vic vi

username v password cho vic cp php.

Giao thc Remote Authentication Dial In User Service (RADIUS) c nh

ngha trong RFC 2865 nh sau: Vi kh nng cung cp xc thc tp trung, cp php v

iu khin truy cp (Authentication, Authorization, v Accounting AAA) cho cc

phin lm vic vi SLIP v PPP Dial-up nh vic cung cp xc thc ca cc nh cung

cp dch v Internet (ISP) u da trn giao thc ny xc thc ngi dng khi h

truy cp Internet.

N cn thit trong tt c cc Network Access Server (NAS) lm vic vi

danh sch cc username v password cho vic cp php, RADIUS AccessRequest s

chuyn cc thng tin ti mt Authentication Server, thng thng n l mt AAA

Server (AAA Authentication, Authoriztion, v Accounting).

Trong kin trc ca h thng n to ra kh nng tp trung cc d liu, thng tin

ca ngi dng, cc iu kin truy cp trn mt im duy nht (single point), trong khi

c kh nng cung cp cho mt h thng ln, cung cp gii php NASs.

Khi mt user kt ni, NAS s gi mt message dng RADIUS Access-Request

ti my ch AAA Server, chuyn cc thng tin nh username v password, thng qua

mt port xc nh, NAS identify, v mt message Authenticator.

Sau khi nhn c cc thng tin my ch AAA s dng cc gi tin c cung

cp nh NAS identify, v Authenticator thm nh li vic NAS c c php gi

cc yu cu khng. Nu c kh nng, my ch AAA s tm kim tra thng tin

username v password m ngi dng yu cu truy cp trong c s d liu. Nu qu

trnh kim tra l ng th n s mang mt thng tin trong AccessRequest quyt nh

qu trnh truy cp ca user l c chp nhn.



Khi qu trnh xc thc bt u c s dng, my ch AAA c th s tr v mt

RADIUS Access-Challenge mang mt s ngu nhin. NAS s chuyn thng tin n

ngi dng t xa (vi v d ny s dng CHAP). Khi ngi dng s phi tr li

ng cc yu cu xc nhn (trong v d ny, a ra li ngh m ho password), sau

NAS s chuyn ti my ch AAA mt message RADIUS Access-Request.

Nu my ch AAA sau khi kim tra cc thng tin ca ngi dng hon ton

tho mn s cho php s dng dch v, n s tr v mt message dng RADIUS

Access-Accept. Nu khng tho mn my ch AAA s tr v mt tin RADIUS Access-

Reject v NAS s ngt kt ni vi user.

Khi mt gi tin Access-Accept c nhn v RADIUS Accounting c

thit lp, NAS s gi mt gi tin RADIUS Accounting-Request (Start) ti my ch

AAA. My ch s thm cc thng tin vo file Log ca n, vi vic NAS s cho php

phin lm vic vi user bt u khi no, v kt thc khi no, RADIUS Accouting lm

nhim v ghi li qu trnh xc thc ca user vo h thng, khi kt thc phin lm vic

NAS s gi mt thng tin RADIUS Accounting-Request (Stop).



Hnh 3.1 M hnh xc thc gia Client v RADIUS Server

u im:

- Kh nng xc thc mnh m, tin cy cao c s dng ph bin trn

khp th gii.

- Kh nng tng thch cao vi h thng mng c sn ca trng.

- Ti liu hng dn ci t v vn hnh y .



Nhc im

- Yu cu mt Server c cu hnh cao chy h iu hnh Windows Server

2000/2003/2008 do khon tin nh trng phi u t mua Server mi

v bn quyn Windows Server l kh ln.

- Vi khuyn co trong vic trin khai Radius Server bng phng thc s

dng Windows Server ca Microsoft th s p ng c trong khong 500

ngi dung i vi mi Server. Nh vy vi khong 8000 cn b ging vin

v sinh vin ca trng th cn khong 10 Radius Server.

3.2.2 Pht trin trn FreeRadius

FreeRadius l mt m un c hiu sut cao c pht trin v phn phi min

ph di GNU General Public License v.2. Hin nay FreeRadius l my ch m ngun

m c trin khai rng ri nht trn th gii. Ngoi kh nng cung cp cc tnh nng

xc thc nh Radius of windows, FreeRadius cn tng thch vi hu ht cc c s d

liu nh LDAP, MySQL, PostgreSQL, Oracle

u im

- c cung cp min ph

- C th c h tr t cng ng ngi s dng pht trin rng ln.

Nhc im

- Cn mt Server cu hnh mnh s dng nhn Linux hoc Unix.

- Kh tip cn do h thng mng ca trng c xy dng trn nn tng

Windows.

- Mc d cha c con s c th s ngi dng m mt FreeRadius Server

chy trn nn tng m ngun m c th p ng, nhng c kt qu

khong 1000 trong mt s thc nghim c a ra. Nh vy p

ng c yu cu ca nh trng th cn khong 5 Server.

3.2.3 S dng gii php ca Meraki

Meraki mt gii php qun l wifi ca mt cng ty Meraki, cng ty ny c

thnh lp t nm 2006 bi cc thnh vin ca phng th nghim khoa hc my tnh



thuc Vin CNTT Massachusett (MIT). Meraki vn c h tr bi 2 qu Sequoia

Capital v Google Inc. Cng ty cung cp cc gii php, cng ngh wifi, chuyn mch,

an ninh v qun l thit b di ng t m my. Cc gii php ny ph hp vi cc

doanh nghip tm trung. Hin Meraki c c mua li bi Cisco.

Hnh 3.2 M hnh Mesh ca Meraki

Meraki cung cp cng ngh mng vi cc tnh nng cu hnh t ng, hi phc

sng t ng, load-balancing t ng v bo ng s c t ng, c bit c qun

l trc tuyn vi webbased controller tin li v "c h tr FREE".

THIT B: Trang nh, gn nhv bn b. Chun a/b/g/N tng thch hon ton

vi nhau, sng ph theo hnh qucu (360o), to thnh "ma trn sng dy & mnh, hn

ch "im cht" (dead-spot) .

TRIN KHAI: Rt ddng v n gin (gim thiu vic chy cp mng n

thit b) nh truyn sng l3 bc khng dy, ring thit b MR58 c th truyn sng 10

bc khng dy. V vy rt c li cho vic trin khai mng din rng.

HOT NG MNG: Rt n nh v tin cy cao nh cc tnh nng vt

tri ca cng ngh MESH c o c mt khng hai:

T ng cu hnh (self-configuring): khi cm vo ngun in l thit b t ng

cu hnh v t ng ni kt vi cc thit b trong cng mng to mesh. Nu b mt

ngun in hoc Internet v c tr li sau , mng hay thit b s t ng cu hnh li

rt nhanh.



T ng khi phc sng (self-healing): mng t cu hnh li sau mi 30 giy

tm ng sng nhanh nht cho mi node. V vy, nu c thit b no byu sng th s

c khi phc ngay sau . Nu c thit b b gin on hot ng (do mt ngun),

khu vc vn c sng ca nhng node khc ph n nn ngi s dng khng b

gin on.

T ng cn bng ti (auto load-balancing):Mng Meraki t ng cn bng ti

gia cc gateway v gia cc nodes vi nhau nn gim bt tnh trng qu ti ti mt

khu vc.

T ng bo ng (self-notifying):chc nng cp nht thng bo trc s c

cho ngi qun tr mng kp thi sa cha trc khi khch hng than phin.

Hnh 3.3 M hnh Mesh



- Mt s gii php bo mt ca hng th 3 khc:

- Aradial WiFi - http://www.aradial.com

- Bridgewater Wi-Fi AAA - http://www.bridgewatersystems.com

- Cisco Secure Access Control Server - http://www.cisco.com/

- Funk Odyssey - http://www.funk.com/

- IEA RadiusNT - http://www.iea-software.com/

- Infoblox RADIUS One Appliance - http://www.infoblox.com/

- Interlink Secure XS - http://www.interlinknetworks.com/

- LeapPoint AiroPoint Appliance - http://www.leappoint.com/

- Meetinghouse AEGIS - http://www.mtghouse.com/

- OSC Radiator - http://www.open.com.au/radiator/

- Vircom VOP Radius - http://www.vircom.com

3.2.4 Mikrotik Router Os

- Mikrotik Router OS c pht trin bi cng ty Mikrotik. Cng ty ny thnh

lp nm 1995 ti th Riga, Latvia. Cng ty chuyn pht trin cc thit b nh tuyn

v h thng IPS khng dy. Cng ty hin cung cp c cc thit b phn cng v cc gii

php phn mm kt ni internet cho hu ht cc nc trn th gii.

- Trang ch: http://www.mikrotik.com

- Mikrotik Router OS l h iu hnh phn cng ca RouterBOARD Mikrotik.

N cng c th c t trn mt my tnh c lp v s bin my tnh thnh mt

b nh tuyn vi tt c cc tnh nng cn thit nh: nh tuyn, tng la, qun l

bng thng, im truy cp khng dy...

- Hin Mikrotik router os ang dng li phin bn chnh thc l v5.25. Phin

bn khng chnh thc l v6.0rc14. Hin em ang s dng phin bn v6.0rc14 demo

trong qu trnh thc hin n.



- Mikrotik router os t phin bn 5.0 tr v sau c xy dng da trn Linux

kernel version 2.6.35. Do vy dung lng ca OS nh, c th ghi vo a CD hoc

thm ch a mini-cd.

- Lin kt ti: http://www.mikrotik.com/download

- CD Image phin bn v6.0rc14 c dung lng 18.40 mb.

- CD Image phin bn v5.25 c dung lng 20.85 mb.

3.3 Trin khai h thng qun l mng WLAN ti trng HDL HP

3.3.1 Thit k logic

Hnh 3.4: Hin trng h thng hin ti



Hnh 3.5: S logic sau khi trin khai Mikrotik

Thit k logic m bo cc yu cu:

- Mi ngi dng c cung cp mt ti khon mt khu.

- Gii quyt tnh trng cc im pht sng AP b treo.

- C kh nng tch hp vi h thng qun l ti khon tp trung.

3.3.2 Thng s ci t

Thng s phn cng: H thng c trin khai trn mt Server IBM X236

CPU: IntelXeon 3.0 GHz/800 MHz



RAM: 2 GB (2x 1 GB) of 800 MHz DDR2 ECC

LAN: 02 Gigabit Ethernet onboard, 01 External RTL-8139/8139C/8139C

HDD: 30 Gb, 5400 RPM

Thng s phn mm: Mikrotik Router Os version 5.20

3.3.3 Qu trnh trin khai

- Phn mm Mikrotik Router OS c trin khai mt my ch IBM X236

- Nng cp firmware v cu hnh ton b cc im pht sng t c ch Router

sang c ch AP (gm 17 AP khu vc Ging ng v 35 AP ti Khch sn Sinh

vin)

- Chia li ton b h thng thnh 3 VLAN

Vlan1: Cc my ch c t ti Trng

Vlan9: Cc im pht sng khu Ging ng

Vlan11: Cc im pht sng khu Khch sn Sinh vin

- Chnh sa cu hnh thit b mng ph hp vi cch thc qun l mi

- To ti khon nhm v ti khon ngi dng; sinh vin, ging vin, cn b,

nhn vin,

- Xy dng chnh sch i vi tng nhm, ngi dng; mi ngi s dng s

thuc mt nhm v cc chnh sch v tc , thi gian, lu lng c p dng thng

qua cc nhm ngi dng.

- Kim tra v hiu chnh cc thng s; cc tham s thi gian lu gi phin kt

ni, kim sot cc dch v, giao thc cn lc b.

- Vit ti liu hng dn v h tr ngi dng



3.3.4 Mt s hnh nh v h thng.

Giao din ng nhp ting vit

Giao din ng nhp ting anh

Ngi dng khng hp l

C hn 2 thit b s dng mt ti khon



Khng cho php ngi dng ng

nhp thi im ny

Sai mt khu ng nhp

Hnh 3.6: Giao din ng nhp v mt s li thng gp

- Ngi s dng truy cp vo a ch sau i mt khu:

http://net.hpu.edu.vn/user

Hnh 3.7: Thay i mt khu ngi dng



Hnh 3.8: Thay i mt khu ngi dng

3.4 Kt qu t c

H thng qun l mng khng dy bc u t c mt s kt qu nht

nh:

- Qun l mng khng dy ti tng ngi dng

- p ng c cc yu cu t ra t lnh o Nh trng

- Gii quyt c s c treo thit b trong cch thc qun l trc y, tng

s lng ngi s dng ng thi, tn dng ti a ti nguyn hin c.



- Hnh 3.9 Nng lc h thng Mikrotik

Hnh 3.10 Mt s phin lm vic ca ngi dng



3.5 xut v kin ngh

c th nng cao c cht lng phc v ca h thng, em xin a ra mt s

kin ngh nh sau:

- Xy dng cc my ch Radius lm nhim v xc thc tp trung v cha

d liu ti khon ngi dng theo m hnh sau:

Hnh 3.11 Quy trnh xc thc ngi dng xut

- Tip tc hon thin vic ng b gia h thng qun l ng nhp tp trung

http://acc.hpu.edu.vn (Hpu Account Service) v h thng qun l mng khng dy



Mikrotik, to iu kin thun li cho ngi s dng ch cn mt ti khon v mt khu

duy nht, mt khc cn c s thng nht s nhm ngi dng gia hai h thng trn.

- Tng cng cc im pht sng gii quyt im m ti khu vc

Ging ng v Khch sn sinh vin.

- Nng cp dung lng cc ng truyn kt ni internet m bo p

ng s lng ngi dng ln.



KT LUN

n Xy dng im kim sot truy cp mng khng dy Hotspot Gateway c

chng thc da trn Mikrotik Router t c mt s kt qu nh sau:

V l thuyt, n trnh by v hiu c:

- Tng quan v mng my tnh, cch phn loi mng my tnh, cc thit b

hot ng trong mng my tnh.

- Tm hiu v mng khng dy, cc chun hin hnh v cc thit b s dng

trong mng WLAN.

- Mt s gii php bo mt mng khng dy.

- Mt s gii php qun l mng khng dy hin ang c p dng.

V thc nghim, n tin hnh

- Ci t th nghim chng trnh phn mm Mikrotik trn my o

- Tham gia trin khai thnh cng h thng qun l wi-fi s dng Mikrotik

Router Os ti Trng i hc Dn lp Hi Phng, hin h thng ang hot

ng n nh v mang li hiu qu cao.

Tuy nhin trong qu trnh thc hin, do nng lc cn nhiu hn ch, cng nhng

nguyn nhn khch quan khc nh; thi gian, c s vt cht, kh nng dch hiu ting

Anh trong qu trnh trao i trn cc din n cng ngh nn chc chn trong n

cn nhiu sai st. Em rt mong nhn c s ng gp kin ca cc Thy C v cc

bn em c thm kin thc v kinh nghim tip tc hon thin ni dung nghin cu

trong ti.

Em xin chn thnh Cm n!

Xy dng im

22_ngothanhchien_ctl501

Documents