Visit https://ebookultra.

com to download the full version and

explore more ebooks

Upgrading and Repairing Networks 4th Edition

Scott Mueller

_____ Click the link below to download _____

https://ebookultra.com/download/upgrading-and-
repairing-networks-4th-edition-scott-mueller/

Explore and download more ebooks at ebookultra.com

Here are some suggested products you might be interested in.
Click the link to download

The 8051 Microcontroller 4th Edition Scott Mackenzie

https://ebookultra.com/download/the-8051-microcontroller-4th-edition-
scott-mackenzie/

Create Your Own Website 4th Edition Scott Mitchell

https://ebookultra.com/download/create-your-own-website-4th-edition-
scott-mitchell/

Refurbishment and Upgrading of Buildings 2nd Edition

Christopher A. Gorse

https://ebookultra.com/download/refurbishment-and-upgrading-of-
buildings-2nd-edition-christopher-a-gorse/

Insall Scott Surgery of the Knee 2 Volume Set 4th Edition

W. Norman Scott

https://ebookultra.com/download/insall-scott-surgery-of-the-
knee-2-volume-set-4th-edition-w-norman-scott/
Relational Justice Repairing the Breach 1st Edition
Jonathan Burnside

https://ebookultra.com/download/relational-justice-repairing-the-
breach-1st-edition-jonathan-burnside/

Building Cisco Multilayer Switched Networks Bcmsn 4th

Edition Edition Froom

https://ebookultra.com/download/building-cisco-multilayer-switched-
networks-bcmsn-4th-edition-edition-froom/

Local Economic and Employment Development Skills Upgrading

New Policy Perspectives Oecd

https://ebookultra.com/download/local-economic-and-employment-
development-skills-upgrading-new-policy-perspectives-oecd/

Mastering IIS7 implementation and administration John Paul

Mueller

https://ebookultra.com/download/mastering-iis7-implementation-and-
administration-john-paul-mueller/

Upgrading to Microsoft Office 2010 1st Edition Mary-Terese

Cozzola

https://ebookultra.com/download/upgrading-to-microsoft-
office-2010-1st-edition-mary-terese-cozzola/
Upgrading and Repairing Networks 4th Edition Scott
Mueller Digital Instant Download
Author(s): Scott Mueller, Terry W. Ogletree
ISBN(s): 9780789728173, 0789728176
Edition: 4
File Details: PDF, 14.91 MB
Year: 2003
Language: english
 Contents at a Glance
Part I:
Up Front: Network Planning and Design Concepts

Part II:
Physical Networking Components

Part III:
Low-Level Network Protocols

UPGRADING Part IV:

Dedicated Connections and WAN Protocols
AND REPAIRING
Part V:
NETWORKS Wireless Networking Protocols

Part VI:
Fourth Edition LAN and WAN Network, Service, and Application
Protocols

Part VII:
Network User and Resource Management

Part VIII:
System and Network Security

Part IX:
Troubleshooting Networks

Part X:
Terry William Ogletree Upgrading Network Hardware

Part XI:
Migration and Integration

Appendixes

Index

On the Web:
Bridges, Repeaters, and Hubs
Token-Ring Networks
Fiber Distributed Data Interface (FDDI)
NetBIOS and NetBEUI

800 East 96th Street

Indianapolis, Indiana 46240
Upgrading and Repairing Networks, Publisher
Paul Boger
Fourth Edition Associate Publisher
Copyright  2004 by Que Publishing Greg Wiegand
All rights reserved. No part of this book shall be reproduced, stored in a Executive Editor
retrieval system, or transmitted by any means, electronic, mechanical, photo- Rick Kughen
copying, recording, or otherwise, without written permission from the pub- Development Editors
lisher. No patent liability is assumed with respect to the use of the information Todd Brakke
contained herein. Although every precaution has been taken in the preparation Mark Reddin
of this book, the publisher and author assume no responsibility for errors or Rick Kughen
omissions. Nor is any liability assumed for damages resulting from the use of Managing Editor
the information contained herein. Charlotte Clapp

International Standard Book Number: 0-7897-2817-6 Project Editor

Tricia Liebig
Library of Congress Catalog Card Number: 2002110537
Copy Editor
Printed in the United States of America Cheri Clark
Indexer
First Printing: August 2003 Larry Sweazy
06 05 04 4 3 2 Proofreader
Jessica McCarty
Trademarks Technical Editor
All terms mentioned in this book that are known to be trademarks or service Jeff Ferris
marks have been appropriately capitalized. Que Publishing cannot attest to the
Team Coordinator
accuracy of this information. Use of a term in this book should not be regarded Sharry Lee Gregory
as affecting the validity of any trademark or service mark.
Multimedia Developer
Dan Scherf
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as
Interior Designer
Anne Jones
possible, but no warranty or fitness is implied. The information provided is on
an “as is” basis. The author and the publisher shall have neither liability nor Cover Designer
responsibility to any person or entity with respect to any loss or damages aris- Anne Jones
ing from the information contained in this book or from the use of the CD or Page Layout
programs accompanying it. Kelly Maish
Graphics
Bulk Sales Tammy Graham
Que Publishing offers excellent discounts on this book when ordered in quan-
tity for bulk purchases or special sales. For more information, please contact:
U.S. Corporate and Government Sales
1-800-382-3419
corpsales@pearsontechgroup.com

For sales outside of the U.S., please contact:

International Sales
international@pearsoned.com
Contents

Introduction 1 What Degree of Reliability Do I Require

for Each Network Link? 35
Who Should Use This Book? 1
Choosing a LAN Protocol 35
What Will You Find Inside? 2
Planning and Design Components 38
What’s New in This Edition 5
Document Everything 38
What’s Missing from This Edition? 5
Test, Test, and Then Test Some More 39
Creating Policies and Procedures for
Network Usage 40
I Up Front: Network Planning Providing Training for Technical
Personnel 40
and Design Concepts 7 You Can’t Forget the Budget (or Can
1 A Short History of Computer You?) 41
The Physical Network 41
Networking 9
Planning Resources 41
2 Overview of Network 4 Upgrading Strategies and Project
Topologies 13 Management 43
LAN Topologies 14 Where Do You Start? 44
Bus Topology 14 Determining When an Upgrade Is
Star Topology 15 Necessary—The Evaluation Process 45
Ring Topology 16 Determining User Requirements and
Mesh Topology 19 Expectations 48
Hybrid Topologies 19 Maintaining Support for Legacy
Shared and Nonshared Network Media Applications 48
Topologies 22 What Resources Are Needed for the
Bridged Versus Routed Topologies 23 Upgrade? 49
Building and Campus Topologies 24 Planning an Upgrade 50
Connecting Network Segments Within a Documenting the Plan 51
Building: The Backbone 25 Evaluating the Plan As It Applies to
Design Considerations in a Campus LAN Corporate Policies and Procedures 51
Environment 26 Setting Goals 51
Scalability 27 Scheduling Downtime 52
Redundancy 27 Milestones and Criteria 52
Fault Tolerance 27 Back-Out Procedures 52
A Multi-Tiered Network Topology 28 Testing the Plan 53
Scalability 28 Evaluating Competing Products 53
Redundancy 29 The Pilot Project 53
Fault Tolerance 29 Deployment 54
Team Personnel 54
3 Network Design Strategies 31 Keeping Users Informed 54
Planning a Logical Network Design 33 Tracking Progress 55
Who Are Your Clients? 34 User Training 55
What Kinds of Services or Applications Closing the Book—Documenting What Has
Will the Network Offer? 34 Changed and Why 55
Other Considerations for Upgrading 55
iv Contents This is the Chapter Title

5 Protecting the Network: General Considerations for Fiber-Optic

Cabling 98
Preventative Maintenance Small Form Factor Connectors (SFF) 99
Techniques 57 Telecommunications Rooms 99
Power Conditioning and Uninterruptible Open Office Cabling 99
Power Supplies (UPSs) 58 Consolidation Points 99
Power Is Money 58 General Horizontal Cabling Subsystem
Advanced Configuration and Power Specifications 100
Interface (ACPI) and Standalone UPS Documenting and the Administration of
Systems 60 the Installation 100
Network Devices 62 Records 100
Network Monitoring 62 Drawings 101
Server and Workstation Backups 62 Work Orders 101
Backup Media—Tape, Optical Storage, and Reports 101
CD-R 63
Backup Rotation Schedules 65 7 Network Interface Cards 103
Off-Site Storage 66 Choosing a Hardware Bus Type 104
Routine Maintenance 67 ISA 105
Building Redundancy into the Network 67 PCI 105
Recovery Planning 68 PCMCIA 107
Justifying Preventative Maintenance 68 CardBus 108
Different Cards, Different Speeds 109
Network Cable Connectors and
II Physical Networking Terminators 109
The Wired for Management (WfM) Initiative
Components 71 and Wake on LAN (WOL)
Technology 110
6 Wiring the Network—Cables, Universal Network Boot 110
Connectors, Concentrators, and Asset Management 110
Other Network Components 73 Power Management 111
Remote Wake-Up 111
Structured Wiring 74
Should You Use WOL-Compliant Network
The Work Area 75
Cards? 113
The Backbone Cabling System
Multi-Homed Systems 113
Structure 75
Load Balancing and Dual-Redundant Network
The Horizontal Cabling System
Controllers 114
Structure 76
Software Drivers 114
The Telecommunications Closet 77
Packet Drivers 115
Important Definitions 77
The Open Data-Link Interface (ODI) 115
Physical Cable Types 81
The Network Driver Interface Specification
Twisted-Pair Cabling 81
(NDIS) 116
Coaxial Cables 85
IRQs and I/O Ports 116
Fiber-Optic Cables 88
IRQs 116
Terminations and Connections 92
Base I/O Ports 118
Crimping 92
Troubleshooting Network Cards 119
Insulation Displacement Contact 92
Checking the NIC Configuration
Modular Jacks and Plugs 92
on Linux 119
Modular Plug Pair Configurations 93
Checking the LEDs—Activity and Link
Common Outlet Configurations 93
Lights 121
Patch Panels 95
Running the Adapter’s Diagnostic
Terminating Fiber 95
Program 122
Fiber-Optic Splicing 97
Configuration Conflicts 123
Fiber-Optic Patch Panels 98
 This is the Current C–Head at the BOTTOM of the Page Contents v

Checking the Computer’s Network 11 Network Attached Storage and

Configuration 124
Storage Area Networks 163
Preventative Steps to Take 124
Local Versus Networked Storage Devices 165
8 Network Switches 125 Defining Network Attached Storage
How Switches Work 127 (NAS) 165
Segmenting the Collision Domain 128 Defining a Storage Area Network
Full-Duplex Ethernet Switches 129 (SAN) 166
Using Switches to Create a Collapsed Network Attached Storage 167
Backbone 130 Network Appliances 167
Switch Hardware Types 132 NAS Protocols 168
Cut-Through Switches 133 NAS Capacity Limitations—Bandwidth
Store-and-Forward Switches 133 and Storage 168
Layer 3 Switches 133 Storage Area Networks 169
Putting a Switch in Your Home SAN and NAS—Mix and Match 170
Office 134 Using Fibre Channel as a Network
Stackable and Chassis Switches 134 Transport 170
Switch Troubleshooting and Encoding Data on Fibre Channel
Management 135 Networks 170
Basic SANs: Arbitrated Loops 172
9 Virtual LANs 137 Initializing the Loop 173
Arbitrating for Loop Access 175
Virtual LANs and Network Topologies 138
Using a Fabric Switched Topology for
Switching Based on Network Frames 139
SANs 176
Port-Based VLANs 140
A Mixed Topology of Loops and
Implicit and Explicit Tagging 141
Switches 178
Implicit Tagging 141
IP SANs and the Future 180
Explicit Tagging 141
What Kind of NAS or SAN Solution Should
MAC Address VLANs 142
You Use? 180
Protocol Rule-Based VLANs 142
Using Explicit Tagging on the Network
Backbone 143
Switch Standards—The IEEE Standards 144 III Low-Level Network
What Kind of Switch Should You Buy? 146
Protocols 183
10 Routers 147
12 The IEEE LAN/MAN Committee
What Routers Do 148
Networking Standards 185
Hierarchical Network Organization 149
Providing Security 149 What Is the LAN/MAN Committee? 187
The Difference Between Routable Protocols IEEE 802: Overview and Architecture 187
and Routing Protocols 150 IEEE 802.1: Bridging and
When Do You Need to Use a Router? 151 Management 189
Growing LAN Sizes 151 IEEE 802.2: Logical Link Control 189
Delegating Responsibility for Local Area IEEE 802.3: CSMA/CD Access
Networks 155 Method 190
Connecting Branch Offices 156 IEEE 802.4: Token-Passing Bus Access
Using a Router to Protect Your Network— Method and IEEE 802.5: Token-Ring
NAT and Packet Filtering 156 Access Method 190
Router Ports and Connections 157 IEEE 802.7: Recommended Practices for
Configuring Routers 158 Broadband Local Area Networks 191
Routers Come in All Sizes 159 IEEE 802.10: Security 191
Using Routers over Wide Area Networks IEEE 802.11: Wireless 191
(WANs) 161 Obtaining the IEEE 802 Standards
Routers Make the Internet Possible 161 Documents Free 191
vi Contents This is the Chapter Title

13 The Oldest LAN Protocol Is Still Ethernet Errors 230

Simple Error Detection 230
Kicking: ARCnet 193
Bad FCS and Misaligned Frames 230
Overview of ARCnet 194 Short Frames (Runts) 231
ARCnet Addressing and Message Giant Frames and Jabber 232
Transmission 195 Multiple Errors 232
Hubs and Network Wiring 200 Broadcast Storms 232
Bus and Star Topologies 200 Monitoring Errors 233
ARCnet Network Adapter Cards 201
Connecting ARCnet LANs to Ethernet
LANs 202
Troubleshooting ARCnet 203 IV Dedicated Connections and
14 Ethernet: The Universal
WAN Protocols 235
Standard 205 15 Dial-Up Connections 237
A Short History of Ethernet 206 The Point-to Point Protocol and the Serial
Variations on a Theme: How Many Kinds Line Internet Protocol 238
of Ethernet Are There? 207 The Serial Line Internet Protocol (SLIP) 239
Collisions: What Are CSMA/CA and The Point-to-Point Protocol (PPP) 241
CSMA/CD? 209 Establishing a Link: The Link Control
The Backoff Algorithm 211 Protocol (LCP) 243
Defining the Collision Domain—Buses, Network Control Protocols (NCPs) 245
Hubs, and Switches 212 An Example: Configuring a Windows XP
Restrictions on Legacy Ethernet Professional Client 245
Topologies 213 When Dial-Up Isn’t Fast Enough 247
Limiting Factors of Ethernet
Technologies 213 16 Dedicated Connections 249
Interconnecting Devices and Cable Leased Lines 250
Segment Length 213 The T-Carrier System 252
The 5-4-3 Rule 214 Fractional T1 253
Using a Bus Topology 214 Diagnosing Problems with T-Carrier
Using a Star Topology 215 Services 253
Hybrid LAN Topologies 216 Asynchronous Transfer Mode (ATM) 254
Tree 216 ATM Frames 255
Hierarchical Star 217 ATM Connections 256
Using a Backbone to Connect the The ATM Architecture Model
Enterprise 218 (B-ISDN/ATM Model) 257
Ethernet Frames 218 LAN Emulation (LANE) 259
XEROX PARC Ethernet and ATM Service Categories 260
Ethernet II 219 The Importance of Frame Relay and the X.25
The 802.3 Standard 220 Interface 261
The 802.2 Logical Link Control (LLC) The Frame Relay Header 262
Standard 221 Network Congestion Signaling 263
Fast Ethernet (IEEE 802.3u) and Gigabit The Local Management Interface Signal
Ethernet (IEEE 802.3z) 223 Mechanism 264
Fast Ethernet 223 Using Switched Virtual Circuits
Gigabit Ethernet 225 (SVCs) 264
10Gigabit Ethernet (IEEE 802.3ae) 226 Possible Problems Using Frame Relay 265
Ethernet Problems 227
Collision Rates 227
Collision Types 228
Sampling Intervals 229
Reducing Collisions 229
 This is the Current C–Head at the BOTTOM of the Page Contents vii

17 Digital Subscriber Lines (DSL) Do You Need a Wireless Network? 304

Connecting the Wireless Network
Technology 267
to a Wired LAN 305
DSL and Cable Modems 268 Dual-Mode Access Points 305
Topological Differences Between Cable
and DSL 269 21 Faster Service: IEEE 802.11a 307
A Quick Primer on the PSTN 271 Overview of the IEEE 802.11a Standard 308
xDSL 272 Interference from Consumer Devices 309
The Future of DSL 277 Increased Bandwidth in the 5.4GHz
Band 309
18 Using a Cable Modem 279
Using Wireless Networking in Public
How Cable Modems Work 280 Places 310
Providing IP Addresses to Cable Security Concerns 311
Modems 281
First-Generation Cable Modem 22 The IEEE 802.11g Standard 313
Systems 283 Overview of the 802.11g Standard 315
How Cable Modems Differ from xDSL Increasing Bandwidth in the 2.4GHz
Broadband Access 283 Spectrum 315
The Data Over Cable Service Interface Installing Linksys Wireless-G Broadband
Specification (DOCSIS) 284 Router (Model Number WRT54G) 315
Which Should You Choose—Cable or Installing and Configuring a Wireless
DSL? 285 Network Adapter 323
Which Wireless Protocol Should You
Use? 326
V Wireless Networking
23 Bluetooth Wireless
Protocols 287 Technology 329
19 Introduction to Wireless The Bluetooth Special Interest Group
Networking 289 (SIG) 331
General Overview of Bluetooth 332
Why Wireless Networks Are Inevitable 291 Piconets and Scatternets 333
Access Points and Ad Hoc Networks 293 Piconets 334
Ad Hoc Networks 293 Scatternets 334
Using an Access Point to Mediate Wireless Bluetooth Device Modes 336
Communications 294 SCO and ACL Links 337
Physical Transmission Technologies 296 SCO Links 337
Frequency Hopping Versus Spread ACL Links 337
Spectrum 296 Bluetooth Packets 337
The IEEE 802.11 Wireless Standard 297 What Are Bluetooth Profiles? 338
The Physical Layer 298 The Generic Access Profile 339
The MAC Layer 298 The Service Discovery Application
Other Services Performed at the MAC Profile 340
Layer 299 The Cordless Telephony Profile and the
Sources of Interference for Wireless Intercom Profile 340
Networks 300 The Serial Port Profile 341
The Headset Profile 341
20 IEEE 802.11b: It’s Here and It’s
The Dial-Up Networking Profile 341
Inexpensive 301 Other Bluetooth Profiles 342
Why Wi-Fi? 302 Bluetooth Is More Than a Wireless
What to Look For When Using 802.11b Communication Protocol 343
Networking 303
Distance Limitations 304
Firewalls 304
viii Contents This is the Chapter Title

24 Other Wireless Technologies 345 Ports, Services, and Applications 393

Well-Known Ports 393
Instant Messaging and Consumer
Registered Ports 394
Devices 346
The Internet Control Message Protocol
Personal Digital Assistants (PDAs) 346
(ICMP) 394
Third-Generation Mobile Phones 346
ICMP Message Types 395
Wireless Security 347
WEP 347 26 Basic TCP/IP Services and
Second-Generation WEP: Using a
Applications 399
128-Bit Key 348
Wired Protected Access (WPA) and The File Transfer Protocol (FTP) 400
802.11i 349 FTP Ports and Processes 401
How Well Do You Know Your Users? 350 Data Transfers 402
Personal Area Networks (PANs) 350 FTP Protocol Commands 403
Server Replies to FTP Commands 405
Using a Windows FTP Command-Line
Client 407
VI LAN and WAN Network, Using Red Hat Linux FTP 410
Service, and Application Using the Red Hat Linux Command-Line
FTP Client 411
Protocols 353 The Trivial File Transfer Protocol
(TFTP) 413
25 Overview of the TCP/IP Protocol The Telnet Protocol 415
Suite 355 What Is a Network Virtual Terminal and
TCP/IP and the OSI Reference Model 356 NVT ASCII? 415
TCP/IP Is a Collection of Protocols, Telnet Protocol Commands and Option
Services, and Applications 358 Negotiations 416
TCP/IP, IP, and UDP 358 Telnet and Authentication 419
Other Miscellaneous Protocols 359 Using Telnet and FTP with a Firewall 420
The Internet Protocol (IP) 360 The R-Utilities 421
IP Is a Connectionless Transport How the Traditional R-Utilities Authorize
Protocol 361 Access to Your Network’s Resources 421
IP Is an Unacknowledged Protocol 361 The rlogin Utility 422
IP Is an Unreliable Protocol 361 Using rsh 424
IP Provides the Address Space for the Using rcp 425
Network 361 Using rwho 426
Just What Does IP Do? 362 Using ruptime 426
Examining IP Datagram Header The Finger Utility 427
Information 362 Other Services and Applications Built on the
IP Addressing 365 TCP/IP Suite 428
The Address Resolution Protocol—Resolving Secure Network Services 429
IP Addresses to Hardware Addresses 376
Proxy ARP 381 27 Internet Mail Protocols: POP3,
RARP—The Reverse Address Resolution SMTP, and IMAP 431
Protocol 381 How SMTP Works 432
The Transmission Control Protocol The SMTP Model 434
(TCP) 382 SMTP Service Extensions 434
TCP Provides a Reliable Connection- SMTP Commands and Response
Oriented Session 382 Codes 435
Examining TCP Header Information 382 SMTP Response Codes 437
TCP Sessions 384 Putting It All Together 438
TCP Session Security Issues 391 The Post Office Protocol (POP3) 439
The User Datagram Protocol (UDP) 391 The AUTHORIZATION State 439
Examining UDP Header Information 391 The TRANSACTION State 440
Interaction Between UDP and ICMP 392 The UPDATE State 441
 This is the Current C–Head at the BOTTOM of the Page Contents ix

The Internet Message Access Protocol Version Installing the DHCP Server Service on
4 (IMAP4) 441 Windows 2000 or Server 2003 488
Transport Protocols 442 Authorizing the Server 489
Client Commands 442 Using the MMC Action Menu 490
System Flags 442 Configuring the DHCP Server and Scope
Retrieving the Message Header and Body Options 497
of the Message 443 Providing Support for BOOTP
Data Formatting 443 Clients 499
The User’s Inbox and Other Mailbox Enabling the DHCP Relay Agent 499
Naming 443 What Is a DHCP Cluster? 503
Universal Commands 443 Considerations for Using DHCP in Large
Other IMAP Commands 444 or Routed Environments 503
Non-Authenticated Commands 444 How DHCP Interacts with Microsoft’s
Authenticated Commands 444 Dynamic Domain Name Service
(DNS) 504
28 Troubleshooting Tools for TCP/IP Reservations and Exclusions 506
Networks 447 What Is APIPA? 507
Checking the Host System’s Configuration Troubleshooting Microsoft DHCP 508
First 448 Managing Logging 508
Using hostname and Related Using DHCP with Red Hat Linux 509
Commands 448 The DHCP Server Daemon 510
Using ipconfig and ifconfig to Check Host The DHCP Relay Agent 511
Configurations 449
30 Network Name Resolution 513
Using ping and tracert to Check
Connectivity 452 Hardware Versus Protocol Addresses 515
The ping Command 453 NetBIOS 515
The traceroute Command 457 The LMHOSTS File 515
The netstat and route Commands 461 Windows Internet Name Service 518
The arp Command 465 Installing and Configuring WINS on
The tcpdump Utility 466 Windows 2000/2003 Servers 524
The WinDump Utility 468 Managing the Windows 2000 WINS
Using the nslookup Command to Server 525
Troubleshoot Name Resolution Managing the Windows Server 2003 WINS
Issues 469 Service 529
Other Useful Commands 470 Using netsh Commands to Manage
WINS 530
29 BOOTP and Dynamic Host TCP/IP Names 531
Configuration Protocol The HOSTS File 533
Domain Name System 533
(DHCP) 473
Configuring DNS Clients 540
What Is BOOTP? 474 Using nslookup 540
Format of the BOOTP Packet 475 Dynamic DNS 541
The BOOTP Request/Reply Installing DNS on a Windows 2000 or 2003
Mechanism 476 Server 542
BOOTP Vendor-Specific Information Network Information Service 543
Options 477
Downloading an Operating System 480 31 Using the Active Directory 545
Taking BOOTP One Step Further: DHCP 480 Early Directories 546
The DHCP Packet Format and Additional The Difference Between the Directory and
Options 483 the Directory Service 547
The DHCP Client/Server Exchange 484 Interesting Objects 547
An Example: Installing and Configuring What Active Directory Delivers 548
a DHCP Server on Windows
2000/2003 488
x Contents This is the Chapter Title

From X.500 and DAP to the Lightweight Sequenced Packet Exchange (SPX) 590
Directory Access Protocol 549 SPX Packet Communications 591
The Active Directory Schema 551 SPX Packet Structure 591
Objects and Attributes 552 Sequenced Packet Exchange II
Standard Objects in the Active (SPXII) 592
Directory 553 NetWare Core Protocol (NCP) 593
What Is a Domain Tree? What Is a NCP Packet Signature Options 593
Forest? 554 Server Signature Levels 594
Domain Models—May They Rest in Client Signature Levels 595
Peace 555 Packet Signature and Job Servers 595
Partitioning the Active Directory into Effective Packet Signature Levels 596
Domains 555 Troubleshooting Packet Signature
A Domain Is Still a Domain 556 Conflicts 596
Active Directory Trees and Forests 556 NetWare Security Guidelines 597
The Active Directory and Dynamic DNS 557 NCP Protocol Independence 597
Dynamic DNS 558
How the Active Directory Uses DNS 558 33 Overview of the Novell Bindery
Using Sites to Manage Large and Novell Directory
Enterprises 559 Services 599
Directory Replication 560
Understanding NetWare Directory
Summarizing the Directory Data Using the
Structures 600
Global Catalog 561
Reviewing the Bindery Structure 600
Active Directory Service Interfaces
Reviewing the NetWare Directory Service
(ADSI) 561
Structure 600
Directory-Aware Application
Bindery Services 605
Programming 562
Contrasting and Comparing Bindery and
Now It’s Just Domain Controllers and
NDS 606
Member Servers 562
Using Novell Directory Services 610
The Active Directory Schema 563
Using NWADMN32 610
Modifying the Active Directory
Creating and Deleting Objects 611
Schema 563
Moving and Renaming Objects 613
Finding Objects in the Active Directory 571
Assigning Rights and Setting
Finding a User Account 571
Permissions 614
Finding a Printer in the Active
Using NDS Manager 619
Directory 574
Setting Up Bindery Services 622
Using Start/Search 575
Windows Server 2003: New Active Directory 34 Expanding and Enhancing NDS:
Features 575
NetWare’s eDirectory 623
Installing the Active Directory on a Windows
Server 2003 Computer 576 Basics of the eDirectory 624
The eDirectory Can Be Installed on Many
32 Overview of Novell NetWare Different Operating Systems 624
IPX/SPX 583 Options to Consider for Installing the
eDirectory 625
Using the Novell Proprietary Protocols 584
Hardware Requirements 625
The NetWare Protocol Suite 585
Installing the eDirectory for Supported
Connectionless Service and Protocols 586
Platforms 627
Connection-Oriented Service and
New Features the eDirectory Delivers 627
Protocols 587
TLS/SSL 627
Internetwork Packet Exchange (IPX) 587
iMonitor 628
IPX Packet Communications 588
The Simple Network Management
IPX Packet Structure 589
Protocol (SNMP) 628
IPX Frame Types 590
Extensible Match 629
Backup and Restore 629
 This is the Current C–Head at the BOTTOM of the Page Contents xi

35 File Server Protocols 631 Multi-Protocol Label Switching 681

Combining Routing and Switching 682
Why Should You Read This Chapter? 632
Adding a Label 682
Server Message Block (SMB) and the Common
Using Frame Relay and ATM with
Internet File System (CIFS) 633
MPLS 683
SMB Message Types 634
SMB Security Provisions 635 38 The Secure Sockets Layer (SSL)
Protocol Negotiation and Session
Protocol 685
Setup 636
Accessing Files 637 Symmetric and Asymmetric Encryption 686
Using NET Commands 639 Digital Certificates 687
Monitoring and Troubleshooting SMB The SSL Handshake Procedure 687
Communications 642 Using Information in the Digital
Using the SMB/CIFS Protocol on Non- Certificate to Prevent Interception
Microsoft Clients: Samba 645 Attacks 688
The Common Internet File System What Are http:// and https://? 689
(CIFS) 645 Adding Another Layer to the Network
NetWare Core Protocol (NCP) 646 Protocol Stack 689
General Requests and Responses 647 Does SSL Provide Enough Security for
Burst Mode 647 Internet Transactions? 690
Request Being Processed Response 647 OpenSource SSL 690
Terminating Connections 648
Unix Network File System (NFS) 648
39 Introduction to the IPv6
Protocol Components: Remote Procedure Protocol 691
Call (RPC) Protocol 648 What’s the Difference Between IPv4 and
External Data Representation (XDR) 650 IPv6? 692
The NFS Protocol and Mount The IPv6 Headers 693
Protocol 650 IPv6 Extension Headers 694
Configuring NFS Servers and Clients 651 The Options Type Field for Hop-by-Hop
NFS Client Daemons 652 and Destination Options 696
Server-Side Daemons 654 Other IPv6 Considerations 697
Troubleshooting NFS Problems 659 The Future of IPv6 697
Microsoft Distributed File System (DFS):
Windows 2000 and Windows Server
2003 661
Creating a DFS Root 661
VII Network User and Resource
Adding Links to the DFS Root 662 Management 699
36 The Hypertext Transfer 40 Windows NT Domains 701
Protocol 665 Workgroups and Domains 703
It All Started with the World Wide Web Interdomain Trust Relationships 704
Consortium (W3C) at CERN 666 Domain Controllers 707
What Is HTTP? 667 Windows NT Domain Models 707
HTTP Mechanics 668 Windows NT User Groups 710
HTTP Header Fields 668 Built-In User Groups 711
URLs, URIs, and URNs 668 Creating User Groups 712
Special User Groups 713
37 Routing Protocols 673 Managing User Accounts 713
Basic Types of Routing Protocols 674 Adding a User to a Group 714
The Routing Information Protocol User Profiles 714
(RIP) 674 Limiting the Time a User Can Log
OSPF (Open Shortest Path First) 680 On 715
xii Contents This is the Chapter Title

Limiting Which Workstations a User Can Changing NIS Maps 756

Log On To 716 Pushing Modifications to NIS Slave
Account Information 716 Servers 756
Allowing Dial-Up Access 717 Other Useful NIS YP Commands 756
Replication Between Domain NIS Clients 756
Controllers 718 Common Login Problems 757
Passwords and Policies 719
Detecting Failed Logon Attempts 720 43 Rights and Permissions 759
Strategies to Minimize Logon Problems 721 User-Level and Share-Level Security 760
Microsoft Windows Share-Level
41 Windows 2000 and Windows Security 762
Server 2003 User and Computer Assigning User Rights for Windows 2000,
Management Utilities 723 Server 2003, and XP 763
Managing User Password Policies 768
The Microsoft Management Console 724
Windows NT/2000/2003 NTFS Standard
User Management 724
Permissions and Special Permissions 771
Creating a New User Domain in the Active
Windows Permissions Are
Directory 724
Cumulative 774
Managing Other User Account
User Groups Make Managing User Rights
Information 727
Easier 774
Using the Action Menu 730
User Groups in Windows 2000 and
Computer Management 731
2003 775
Adding a Computer to the Domain 731
Active Directory Groups 776
Managing Other Computer Account
NetWare 778
Information 732
Trustees 778
Windows 2000 User Groups 734
File-System Rights 778
Choosing a Group Based on the Group’s
Object and Property Rights 779
Scope 734
Differences Between NDS and File-System
Built-In Groups 736
and Directory Rights 780
Creating a New User Group 738
Inheritance of Rights 781
Other Things You Can Do with the Active
The Everyone Group and the [Public]
Directory Computers and Users
Group 782
Snap-In 740
Unix and Linux 782
42 Managing Unix and Linux Viewing File Permissions 783
SUID and SGID File Permissions 784
Users 741
Using the su Command 786
User Administration 742
The /etc/passwd File 742 44 Network Printing Protocols 787
Using a Shadow Password File 744 Printing Protocols and Printing
The /etc/groups File 744 Languages 788
Adding or Removing User Accounts 745 Using lpr/lpd and the TCP Stream
Using a Linux GUI Utility to Manage Protocols 789
Users 747 Data Link Control Protocol (DLC) 790
Network Information Service (NIS) 751 Internet Printing Protocol (IPP) 790
Master and Slave NIS Servers 752 IPP Object Types 791
NIS Maps 752 IPP Operations 792
The NIS Server ypserve Daemon and Maps What’s in Store for Version 1.1? 793
Location 753 Where Can You Find IPP? 793
Setting the NIS Domain Name Using the
Command domainname 753 45 Print Servers 795
Starting NIS: ypinit, ypserve, and
Unix/Linux Printing 796
ypxfrd 754
The BSD Spooling System: lpr and
NIS Slaves 755
lpd 796
The SVR4 Printing System 806
 This is the Current C–Head at the BOTTOM of the Page Contents xiii

Configuring Windows Print Servers 811 47 Auditing and Other Monitoring

Printers and Printing Devices 811
Measures 865
Installing and Configuring Printers on
Windows Servers 813 Unix and Linux Systems 867
Windows NT 4.0 813 Using syslog 867
Adding a Printer on a Windows 2000 System Log Files 870
Server 819 Configuring Windows NT 4.0 Auditing
Installing and Configuring Printing on a Policies 870
Windows XP Computer 833 Setting Up Events to Audit 871
Printing Under NetWare 837 Using the Windows NT 4.0 Event
Print Queue Object Properties 838 Viewer 873
Printer Object Properties 839 Configuring Windows 2000 and Windows
Print Server Object Properties 840 2003 Auditing Policies 874
PSERVER.NLM and NPRINTER.NLM 840 Enabling Auditing for Files and
The NetWare 6.x iPrint Utility 841 Folders 876
Hardware-Based Print Servers—Print Server Enabling Auditing for Printers 879
Appliances 841 Logging Shutdown and Startup Events
with Windows 2003 Server 879
Using the Windows 2000/2003 Event
Viewer 881
VIII System and Network Auditing Windows XP Professional
Security 845 Computers 883
Novell Security 884
46 Basic Security Measures Every SYSCON and AUDITCON 884
Network Administrator Needs to NetWare 6 Advanced Audit Service 886
Know 847 48 Security Issues for Wide Area
Policies and Procedures 848 Networks 889
Network Connection Policy 848
You’ve Been Targeted! 891
Acceptable Use Statement and Usage
Computer Viruses, Trojan Horses, and Other
Guidelines 849
Destructive Programs 892
Escalation Procedures 852
Trojan Horse Programs 893
What a Security Policy Should
Computer Viruses 893
Include 853
How Infections Occur 894
Physical Security Measures 854
Your Network Under Fire—Common
Locking the Door 854
Attacks 895
Uninterruptible Power Supply (UPS) 854
Denial-of-Service Attacks 896
Disposing of Hardware and Media in a
Distributed Denial-of-Service Attacks 896
Secure Manner 855
SYN Flooding 898
The Two Sides of Security 855
ICMP Redirects 898
Before the Fact: Controlling Access 855
The Ping of Death 899
After the Fact: Auditing Use 857
Forged Email 900
Passwords 858
Password Protection and SecurID and
System Daemons and Services 860
Smart Cards 900
Removing Dead Wood 861
Network Back Doors 901
Delegating Authority 861
Network Probes 902
User Accounts 862
Spoofing and Impersonation 902
Application Servers, Print Servers, and
If It’s Too Good to Be True, It Isn’t 903
Web Servers 862
Preventative Measures 903
Don’t Forget About Firewalls 863
Protecting Routers 903
The Network As Target 904
Protecting Host Computers—Encryption
and Virus-Protection Software 904
xiv Contents This is the Chapter Title

Using Tripwire 905

User Awareness and Training 906
IX Troubleshooting
Staying on Top of Security Issues 907 Networks 947
49 Firewalls 909 52 Strategies for Troubleshooting
What Is a Firewall? 910 Network Problems 949
Packet Filters 911 A Documented Network Is Easier to
Filtering on IP Addresses 912 Troubleshoot 950
Filtering Based on Protocols 913 Documentation and Maintenance—
Filtering Based on Port Numbers 914 Keeping Things Up-to-Date 953
Intrusion Detection (Stateful Problem-Solving Techniques 954
Inspection) 915 The Problem Resolution Cycle 955
Proxy Servers 915 Auditing the Network to Locate Problem
Standard Proxy Applications 918 Sources 957
Impersonating the End User: Network Pitfalls of Troubleshooting 958
Address Translation (NAT) 920
Advantages and Disadvantages of a Proxy 53 Network Testing and Analysis
Server 922 Tools 959
Hybrids 922
Basics: Testing Cables 960
What to Expect from a Firewall 924
Handheld Cable Checkers 961
Inexpensive Firewalls for SOHO
Cable Testers 961
Environments 925
Bit Error Rate Testers (BERT) 961
Hardware Solutions 925
Time Domain Reflectometers 962
Software Solutions 926
Impedance 963
Using Both Hardware and Software
Setting a Pulse Width 963
Firewalls 927
Velocity 963
How Do You Know That the Firewall Is
Network and Protocol Analyzers 964
Secure? 927
Establishing a Baseline 965
50 Virtual Private Networks (VPNs) Statistical Data 966
Protocol Decoding 966
and Tunneling 929
Filtering 966
What Is a VPN? 930 Software-Based Analyzers 966
The Mobile Workforce 930 Other Software LAN Analyzer
Protocols, Protocols, and More Products 970
Protocols! 931 Hardware Analyzers 971
IPSec Protocols 931 Simple Network Management Protocol
Internet Key Exchange (IKE) 932 (SNMP) 972
The Authentication Header (AH) 933 SNMP Primitives 973
Encapsulation Security Payload (ESP) 934 Network Objects: The Management
The Point-to-Point Tunneling Protocol Information Base (MIB) 973
(PPTP) 935 Proxy Agents 975
Layer Two Tunneling Protocol (L2TP) 936 The Complex Road to SNMPv2 and
L2TP Encapsulation 937 SNMPv3 975
RMON 976
51 Encryption Technology 939
Computers and Privacy 940 54 Troubleshooting Small Office
What Is Encryption? 940 and Home Office (SOHO)
Single-Key Encryption—Symmetric Networks 979
Encryption 941
Public-Key Encryption 942 Power Troubles 981
RSA Public Key Cryptography 943 Computer Configuration Issues 981
Digital Certificates 944 Component Problems—You Can’t Get There
Pretty Good Privacy (PGP) 945 from Here 985
 This is the Current C–Head at the BOTTOM of the Page Contents xv

Secure Those Cables! 985 Gigabit Ethernet Can Cover the

Firewall Problems 986 Distance 1014
Keeping Your Network Healthy 986 10 Gigabit Ethernet Is Becoming
Wireless Networking Problems 987 Economically Feasible 1014
When All Else Fails 988
58 Upgrading from Bridges and Hubs
to Routers and Switches 1015
X Upgrading Network Growing Beyond a Small LAN 1016
Segmenting the Network Can Improve
Hardware 989 Performance 1018
Connecting Remote Locations 1019
55 Upgrading from ARCnet to From Bridges to Routers 1019
Ethernet or Token-Ring 991 Network Protocol Issues 1020
ARCnet Overview 992 Network Addressing Issues 1020
Upgrading to Ethernet or Token-Ring 992 Other Router Management Issues 1021
Laying Out the New Network 994 Using a Router to Segment the
Solving Performance Problems 996 Network 1021
Connecting to a Larger WAN or the
56 Upgrading from Internet 1022
Token-Ring to Ethernet 999 From Bridges to Switches 1023
The Future of Token-Ring 1000
59 Adding Wireless Networking to a
Phasing Ethernet into the Token-Ring
Network 1001 LAN 1027
Differences That Make Translation Why Go Wireless? 1028
Difficult 1001 Choosing Locations for Access Points 1029
Bits and Frames 1002 Security Issues 1030
Notification of Delivery 1002
Routing Information 1002
Replacing All Token-Ring Equipment 1003 XI Migration and
Switches and Routers 1003
Network Cabling and Connectors 1004 Integration 1033
Network Adapter Cards 1004
60 Migrating from NetWare to
57 Upgrading Older Ethernet Windows 2000 or Windows
Networks 1005 Server 2003 1035
Upgrading from 10BASE-2 or Windows Protocols and Services 1036
10BASE-T 1006 Client Services for NetWare
Hardware and Software Factors to Consider (CSNW) 1037
for 10BASE-2, 10BASE-T, and Gateway Services for NetWare
100BASE-T 1007 (GSNW) 1038
Network Cables 1008 Microsoft’s Services for NetWare Version 5.0
Network Adapter Cards 1010 (SFN) 1042
Network Cable Connectors 1010 Comparison of Windows 2000/2003 and
Bridges, Hubs, Repeaters, and NetWare File Permission Rights 1043
Switches 1011 Installing File and Print Services for
Connecting Networks That Use Different NetWare Version 5.0 (FPNW 5.0) 1045
Cables or Topologies 1012 Microsoft Directory Synchronization
Other Possibilities 1012 Services (MSDSS) 1048
Upgrading the Network Backbone to Gigabit File Migration Utility (FMU) 1053
Ethernet 1013
Using Gigabit Ethernet for High-End
Servers 1013
Gigabit Ethernet to the Desktop? 1014
xvi Contents This is the Chapter Title

61 Migration and Integration Issues: Upgrading Windows NT 4.0 or Windows

2000 to Windows 2003 Servers 1103
Windows NT, Windows 2000,
Hardware Requirements for a Windows
Windows 2003, Unix, and 2003 Upgrade 1104
Linux 1059 The Application Compatibility Toolkit
Windows 2000/2003 Support for Unix Application 1105
Protocols and Utilities 1060 What Role Will Your Server
TCP/IP 1061 Perform? 1105
Telnetxxx 1062 An Example of Upgrading Windows 2000
The File Transfer Protocol 1067 Server to Windows 2003 Server Standard
Managing the FTP Service on a Windows Edition 1106
Server 2003 1070 Should You Use Windows 2000
The Dynamic Host Configuration Protocol Professional or Windows XP
and BOOTP 1072 Professional? 1109
DNS 1073 Upgrading for SOHO Clients 1109
Applications 1074
Microsoft Windows Services for 63 Migration and Integration:
Unix 3.0 1075 NetWare, Unix, and Linux 1111
Installing SFU 3.0 1076 Why Use Unix or Linux? 1112
Network File System 1079 Key Differences Between Unix/Linux and
The Korn Shell 1080 NetWare 1113
Password Synchronization 1082 File Sharing 1113
User Name Mapping 1083 Printer Sharing 1113
New Telnet Server and Client 1084 User Authentication 1113
ActiveState ActivePerl 5.6 1085 Moving User Accounts 1114
Samba 1085 Networking Protocols 1114
Sun Network Information System 1085 Applications 1114
NetWare for Linux 1116
62 Migrating from Windows NT 4.0 to
Windows 2000, Windows 2003,
and Windows XP 1087 Appendixes 1119
Do You Need to Upgrade the Operating
System or Applications? 1088 A Overview of the OSI Seven-Layer
Upgrading to Windows 2000 Server 1090 Networking Reference
Before You Begin 1092 Model 1121
Windows NT Domain Controllers and
It’s Only a Model! 1122
Member Servers 1092
Encapsulation 1123
Modeling the Directory Structure After
Physical Layer 1123
Your Business Organization 1093
Data Link Layer 1123
Domains Are Partitions of the Active
Network Layer 1124
Directory 1094
Transport Layer 1124
Migration Considerations: Centralized
Session Layer 1124
Versus Decentralized
Presentation Layer 1124
Management 1095
Application Layer 1125
Implementing a Migration to the Active
Directory for Windows 2000 1097 B Networking Glossary 1127
Start by Upgrading Primary Domain
Controller 1097
C Internet Resources for Network
Adding Other Domains to the Active
Directory 1099 Administrators 1145
Upgrade the Master Domain First 1099 Standards Organizations 1146
Upgrade the BDCs Next 1102 Network Hardware and Software
Manufacturers 1147
 This is the Current C–Head at the BOTTOM of the Page Contents xvii

Wireless Networking 1149

Security 1150

D The Lightweight Directory Access

Protocol 1153
A Quick Introduction to LDAP 1154
The X.500 Protocols and Standards 1154
Acronyms, Acronyms, Acronyms! 1155
The Schema 1157
The Lightweight Directory Access
Protocol 1157
The LDAP Protocol 1158
Binding to the Server 1158
Searching the Database 1159
Adding, Modifying, or Deleting
Information in the Directory 1159
Comparing Information in the
Directory 1159
LDAP Directories 1160
Windows 2000 and NetWare Are Not the
Only Choices You Have 1160
Sticking to Standards: Interoperability
Between Directories 1160

E Introduction to Setting Up a SOHO

Network 1163
Assessing Your Requirements: What Do You
Need? 1164
Applications Drive Hardware
Purchases 1166
SOHO Network Topologies 1170
Backup Solutions for a SOHO Network 1172

Index 1175
To my parents, Charles and Billie Jean Ogletree
And
Zira (1994–2002)
About the Authors
Terry William Ogletree is a consultant currently working in New Jersey. He has worked with
networked computer systems since 1980, starting out on Digital Equipment PDP computers and
OpenVMS-based VAX systems. He has worked with Unix and TCP/IP since 1985 and has been
involved with Windows NT and Windows 2000 since they first appeared, as well as the newest
additions to the family, Windows XP and the Windows Server 2003 family of servers. Besides
being the lead author of the third edition of this book, he is the author of Windows XP
Unleashed, Practical Firewalls, and The Complete Idiot’s Guide to Creating Your Own CDs (with co-
author Todd Brakke), and he has contributed chapters to many other books published by Que,
including Microsoft Windows 2000 Security Handbook and Special Edition Using Unix, Third Edition.
He is also the author of Fundamentals of Storage Area Networking. When not writing for Que, he
has on occasion contributed articles to PC Magazine.

You can email him at t@w2003tech.com or visit his home page at www.w2003tech.com. When
between jobs and not writing for Que, he can often be found on street corners holding a sign
that reads “Will work for hundreds of thousands of dollars.”

Thomas Crayner (Chapter 2) currently is the Director of Applications and Infrastructure

Services at a leading pharmaceutical company, where his department keeps 300 servers running
in support of R&D operations. Starting with Unix and TCP/IP in the mid-1980s as an applica-
tions developer, he slowly worked his way into infrastructure development. During the course
of his career, Tom has designed and implemented systems and networks of all shapes and sizes.
On the weekends, he can still be found enjoying his original hobby: system and application
development.

Dwight Tolay, Jr. (Chapter 6) started out as a computer test technician in the 1970s.
Branching out into the electrical construction industry, he became familiar with data and fiber-
optic cabling, has worked with coax Ethernet and IBM Token-Ring, and has followed the evolu-
tion up to today’s Category 6 and Gigabyte cabling methods. Currently, he is a general
supervisor for Ortlip Electric Co. He is a graduate EE, an ISA certified Level III control systems
technician, a licensed electrical contractor, and a certified high-voltage test technician. In addi-
tion to being a certified fiber-optic and teledata instructor at a local trade school for the past 13
years, he has contributed as technical editor on various books and currently is involved in a
book on Home Data and Electrical Systems Integration.

Scott and Kalinda Reeves (Chapters 32 and 33) are a married couple who live in Heron,
Montana, where they have written several networking exam books.

Scott has accrued his certifications as a Master Certified Novell Engineer (MCNE), Microsoft
Certified Professional (MCP) in Windows NT, Compaq Accredited Systems Engineer (ASE),
Comptia Network+ professional, and Comptia A+ certified technician. He has more than 15
years in the computer industry, and he has worked in the networking field for more than 11
years.

Kalinda has more than 16 years’ experience writing research, business, technical, and engineer-
ing documentation for government, military, and civilian customers. The topics include sys-
tem- and circuit-level hardware; uniquely developed, hardware-specific programs; and programs
that are implemented across government and military communications systems. Kalinda cur-
rently works as a freelance writer.
Acknowledgments
Most of the credit for getting this book done must be given not to the author, but to Rick
Kughen, Que’s executive editor, and to Todd Brakke and Mark Reddin, the development editors
of this book. There is no way I could ever have gotten this book finished without their consis-
tent, persistent, wonderful help. Todd Brakke has worked with me on four other books, and I
think both he and Mark Reddin deserve a lot of credit for the material you’ll find inside. Along
with Rick Kughen, they have contributed both questions and ideas about the new material that
we’ve included, as well as contributing to the organization of each chapter. Tricia Liebig
expended a lot of effort coordinating various people involved in this project—a job I would not
envy! As I am not the best writer in the world, I must also give credit to Cheri Clark, the copy
editor, for correcting my grammatical errors and for making helpful suggestions about better
ways to write this book’s text. Writing for Que is a team effort!

I also would like to acknowledge Sharon Terdeman, the Solutions Editor of PC Magazine. Several
of the articles she assisted me with spurred further research that resulted in more coverage of
those topics in this book. Additionally, Sharon is a good teacher when it comes to learning how
to write concise, informative text. She can take ten sentences and condense them into one, and
still make the same point. Helps a lot in a long book such as this one!

Most of my contracting jobs during the past five years have been the result of the efforts of
John Rogue and Angelo Simeo of The Computer Merchant firm in Norwell, Massachusetts. The
jobs they have been able to find for me not only pay the bills, but also have enabled me to
greatly further my knowledge of computers and networking. I can recommend this firm to any-
one who is looking for highly skilled employees or consultants in the computer and network-
ing fields (www.tcml.com).

A special thanks to Carl and Nanette Chiappetta for helping me stay focused on work and
enjoy life to its fullest. Thanks again to Jo and Jeff Johnson for being such good friends, and
the same for Jordan Scoggins, Andy Jones, James Garrett, Sari Gurney, Rick Clayton, and
Rodney Foster. Thanks also to Vicki Harding, my agent, for helping me get many writing
assignments (www.future-prod.com).

It goes without saying that without the help of Michael D. Parrott and Associates (and
Michael’s lovely and incredibly brilliant wife, Brenda), I never would have been able to find
time to write. MDP&A is the ultimate super-accounting firm that goes more than the extra mile
to take care of matters I just don’t have time for (www.mdp-a.com).

As always, I would like to acknowledge my family. My brother, Gordon Ogletree, is a Solaris

Wizard and my sister, Susan Harris, is a fantastic manager and organizer. And, of course, I
wouldn’t be here if it were not for my parents. This book should be arriving at your local book-
store at about the same time they celebrate their 53rd wedding anniversary. I hope we have 50
more reasons to celebrate.
We Want to Hear from You!
As the reader of this book, you are our most important critic and commentator. We value your
opinion and want to know what we’re doing right, what we could do better, what areas you’d
like to see us publish in, and any other words of wisdom you’re willing to pass our way.

As an associate publisher for Que, I welcome your comments. You can fax, email, or write me
directly to let me know what you did or didn’t like about this book—as well as what we can do
to make our books stronger.

Please note that I cannot help you with technical problems related to the topic of this book, and that
due to the high volume of mail I receive, I might not be able to reply to every message.

When you write, please be sure to include this book’s title and author, as well as your name and
phone or fax number. I will carefully review your comments and share them with the author
and editors who worked on the book.

Email: feedback@quepublishing.com

Mail: Greg Wiegand

Que
800 East 96th Street
Indianapolis, IN 46240 USA

For more information about this book or another Que title, visit our Web site at www.
quepublishing.com. Type the ISBN (excluding hyphens) or the title of a book in the Search
field to find the page you’re looking for.
Introduction
Since the last edition of this book, there have been many changes in the information and other
technology sectors. After the downturn in the dot-com industry, it looked as if a career in network-
ing might not be such a good choice after all. In the months leading up to the publication of this
book, however, things have started to change. The major baby bells and other large-scale network
providers have begun to expand their fiber networks and offer digital services to customers who
were not within their reach before. This is being fueled on the assumption that in the near future
voice services will be less of a revenue source than newer technologies such as end-to-end IP. XDSL
and cable modems have enabled both home users and business customers to connect even faster to
the Internet. These large corporations are laying the groundwork for what appears to be a very
bright future. If you think that networking and the Internet are futuristic now, just wait to see what
will happen tomorrow.
When put into perspective, the IT field grew dramatically leading up to the “year 2000” concerns.
And the continued growth of the Internet has been phenomenal—seemingly indifferent to the
economy at this time.
The growth in other IT fields, however, is historically unusual, and thus could not be sustained,
from a business standpoint. When investors are willing to throw money at just about any new
startup company because it seems like a safe ride, you can expect that there will be a backlash, as
has been the case. The downturn in the economy a few years ago forced many large companies to
put off purchases of network hardware, and also to lay off many employees. In general, the econ-
omy has always been a cyclic one, with a recession followed by a boom market. There is no reason
to expect this to change. But the good news is that the worst is probably behind us, and the future
is looking bright, especially because vendors have continued to develop new hardware and soft-
ware, just at a slower place. For example, look at how quickly wireless networking has grown,
despite the economy.
The next few years will most likely show a slower growth rate for IT jobs, but it will be a sustainable
growth; the future for networking jobs has never been brighter for the long term. Because of my
belief in this trend, it was much easier to write this fourth edition of Scott Mueller’s Upgrading and
Repairing Networks. I was enthusiastic because over time I have been able to add new topics,
expand on others, and move some older material (which may still be relevant to your job) to the
upgradingandrepairingpcs.com Web site that accompanies this book. I believe that with each new
edition of this book, it just gets better and better. And with great development and technical editors
at Que helping to make this a better book, I think you will find it the most comprehensive book on
networking on the market today.

Who Should Use This Book?

Although this book is organized so that you can read it cover to cover, with each chapter or section
building on the preceding one, it can also be used as an encyclopedia. If you are new to the net-
working field, you can use this book as a textbook. If you are a seasoned network administrator,
and your network is changing fast or you are considering using new technologies, then this book
can be a valuable reference enabling you to get up to speed on most any topic quickly. If you pur-
chased any of the previous editions, please peruse this edition to see what has changed. Many sec-
tions, such as the one on TCP/IP and wireless networking, have been revamped to make the
material a lot easier to understand.
2 Introduction

What Will You Find Inside?

You will find a few chapters in this book that I did not write. This is because I was able to find
someone who could write a better chapter due to his or her deep knowledge of the subject matter.
Part I, “Up Front: Network Planning and Design Concepts,” starts off with a short chapter about the
history of computer networks so that you can see how far computer interconnection technologies
have developed in just a few short years. Following that is a great chapter written by Tom Crayner
about network topologies—might as well start with the basics. Today you need careful planning to
create a large, complex network, and Tom will show you the options to consider before you even
begin to think about network protocols or other topics covered in this book. This part also contains
information that will help you put together a network design or upgrade strategy, as well as some
ideas about preventive maintenance that can be used to keep problems from happening in the first
place.
Part II, “Physical Networking Components,” covers the physical components that make up your
network, from the network cables and network adapter cards to the devices that are used to connect
these components. Chapter 6, “Wiring the Network—Cables, Connectors, Concentrators, and Other
Network Components,” was written by Dwight Torlay, an engineer who not only works in this
capacity every day, but also teaches classes on these topics. In this edition the chapter has been
updated, and you can learn a lot about components that are usually installed by contractors. If you
want to know what they are doing, and why, then read this chapter so that you can ask the right
questions and make the correct decisions when it comes to the physical cable plant and other
devices that will connect your network.
Of course, you’ll also find a chapter here on network adapter cards, which connect your computers
to the network. If you want to expand your knowledge further on this topic, you should consider
using Scott Mueller’s Upgrading and Repairing PCs. That book will give you information about network
adapter cards. The basics are covered here, such as different bus types and troubleshooting.
However, Scott’s book can give you greater insight about choosing the correct card, and the differ-
ences between cards on the market. It can also show you exactly how to install the hardware.
The upgradingandrepairingpcs.com Web site that comes with this book now contains chapters on
older technology, such as repeaters, bridges, and hubs. Just because these chapters are now on the
Web site doesn’t mean you should ignore them. Many certification exams still require that you
know the basics of computer networking, and these devices were revolutionary for their time.
Chapter 8 gives you a quick lesson on network switches, which have now replaced hubs in most all
networks. For the price of a hub a few years ago, you can now use a switch, and achieve a greater
bandwidth on your network. Chapter 9 discusses virtual LANs (VLANs), which make managing a
large network easier, and Chapter 10 discusses routers—those devices that can be used to connect
different segments of your LAN or intranet, as well as connect your network to the Internet.
A new topic for this book can also be found in Chapter 11. And it should not be underestimated by
the simple title: “Network Attached Storage and Storage Area Networks.” With the need for ter-
abytes of storage, technologies such as SCSI interfaces can no longer suffice for a large network
because of distance limitations and expandability. In this chapter you can learn the difference
between connecting additional storage to your LAN and adding a separate network that contains
the storage that your servers need to have fast access to. This chapter alone could be the topic of an
entire book.
 Introduction 3

Part III, “Low-Level Network Protocols,” is where you’ll find information about many types of tech-
nologies you can use to transmit data across your network. This section starts with a quick review
of the IEEE 802.11 standards, followed by a chapter on the oldest LAN technology still in wide-
spread use today: ARCnet. If you think that older solutions are always supplanted by newer ones
that perform the same functions more efficiently, then read that chapter. And the next time some-
one asks you whether you want fries with that burger, you just might find that ARCnet is still
there, as a viable solution to small networks that cannot afford a full-time network administrator.
Because of ARCnet’s simplicity, it is still employed in various situations, such as in point-of-sale reg-
isters and on some factory floors.
Today the major LAN wire protocol is Ethernet. It’s been here for years, and will continue to be
around as it evolves to meet newer demands for bandwidth and adapts to newer devices and tech-
nologies.
Token-Ring is still being used by a small percentage of networks, supported mainly by IBM and a
few other vendors. However, because of its miniscule market share, and because there is very little
development in process to update the technology as compared to Ethernet, this updated chapter is
now found on the upgradingandrepairingpcs.com Web site.
Part IV, “Dedicated Connections and WAN Protocols,” is written for both network administrators
who need to connect LANs across large distances and those who need a local dedicated connection
to another LAN or the Internet. Here you can find the choices available to you from the high-end
T-class connections that give you huge bandwidth data paths. You will also find information about
other dedicated connections, such as cable and DSL access. Keep in mind that cable and DSL access
are not just for home users. Many of the large providers of these services are now targeting small
businesses. If this is your environment, you might find this a less expensive method for giving your
company an Internet presence.
Part V, “Wireless Networking Protocols,” covers just what it says. In the previous edition of this
book, wireless networking was just making its way into the marketplace. Even Bluetooth—used for
very close connections, such as to replace cables used between keyboards, mice, and other devices
to your computer—has probably finally arrived. In the past few years there has been much market-
ing hype about this technology, and it finally seems to have made it. You can also learn here about
the major wireless technologies—many available at the consumer level as well as for the corporate
network—including both IEEE 802.11b and IEEE 802.11a. The newest protocol in this section is
IEEE 802.11g, which combines the best of both of the other two protocols. The 802.11g network
devices are backward compatible with IEEE 802.11a and b, and can offer bandwidths up to 54Mbps.
For wireless networks, you won’t notice much of a difference from this sort of connection to your
company’s network than if you had a 100Mbps 100BASE-T connection. To top off this section,
there is a chapter on other wireless developments, including everything from wireless security to
new uses for wireless technology.
Part VI, “LAN and WAN Network, Service, and Application Protocols,” contains such subjects as the
all-important TCP/IP suite of protocols, applications, and troubleshooting utilities. Because TCP/IP
is the main protocol used in LANs today, this is a must-read section for new readers as well as a
refresher course for those who already are familiar with the topic. In addition to the basics of
TCP/IP, this section covers everything from email protocols to directory services, routing protocols,
and SSL, among many others.
4 Introduction

Part VII, “Network User and Resource Management,” will help you learn about managing users and
controlling access to network resources. Coverage here includes Windows, NetWare, and
Unix/Linux. One of the newest additions to this section is Windows 2003 and how you can use it
and the updated Active Directory to manage and secure the network. A chapter devoted to network
printing protocols has been updated to include the latest coverage of the Internet Printing Protocol
(IPP), which is now supported by all the major operating systems. This is a topic that will revolu-
tionize printing in the next few years, and it’s a good idea to start brushing up on your skills today.
Part VIII, “System and Network Security,” contains chapters to help you learn the basics about pro-
tecting your system. Topics include everything from creating policies and procedures for the work-
place, to computer viruses and auditing the actions users perform on the network. Encryption
technology is also covered in its own chapter, as are Virtual Private Networks (VPNs) and firewalls.
If you connect to the Internet, or if you operate a large enterprise network, then this section has a
lot of good security issues you should be cognizant of.
Part IX, “Troubleshooting Networks,” complements most of the previous chapters. Tools you can
use for troubleshooting and strategies for going about this process are found here. For small
office/home office (SOHO) network users, there is an entire chapter devoted to your network.
Because many SOHO networks are operated by small business owners, this chapter can help you
understand more complex topics without having to read this entire book. Off-the-shelf cable/DSL
routers and inexpensive firewall solutions might make you feel comfortable about your network,
but everyday there are new threats that can make your small network a target.
Part X, “Upgrading Network Hardware,” is a valuable reference for those who want to make use of
the latest hardware devices, while trying to protect your investment in existing equipment where
possible. A special chapter gives a good overview of adding wireless networking to your wired net-
work.
Part XI, “Migration and Integration,” covers the other side of the coin, upgrading from one operat-
ing system to another, as well as using multiple operating systems on the same network. This sec-
tion discusses the many things that are common to most operating systems, as well as tools that
can be used to help you integrate a diverse collection of systems into a single heterogeneous net-
work. Topping off this section is another chapter of interest to SOHO users that discusses how you
might go about setting up a LAN for your business. Again, you don’t need to be versed in all the
topics covered in this book in order to operate a small LAN. This chapter does refer to topics in
other parts of the book, but it is a good starting place for those who either have a small LAN that
needs to be upgraded, or are just starting out.
Finally, the appendixes contain information that can be used as a quick reference. You can get an
overview of the OSI network reference model, as well as a concise explanation of how directory ser-
vices work, specifically the Lightweight Directory Access Protocol (LDAP). An important resource
here is a comprehensive glossary of networking terms. If you are reading a chapter in this book and
find yourself stymied about a term or an acronym, then just look to this appendix for help.
As discussed earlier in this introduction, the upgradingandrepairingpcs.com Web site contains sev-
eral chapters that had to be moved out of the main text. This is due to several factors. First, some of
these topics apply to older networks and, second, this book would cost you a lot more if the page
count were to increase by a few hundred pages! The chapters on the Web site, however, should not
be dismissed as irrelevant. You may have a network that still uses the technologies found in these
chapters. And, when studying for a certification exam, you should understand older technologies
because they will probably turn up as questions when you sit down to take the test.
 Introduction 5

What’s New in This Edition

Upgrading and Repairing Networks, Fourth Edition, contains a lot of updated content and has been
reorganized to make it easier to find the information you need. Entirely new topics have been
added based on feedback to the third edition and on many new technologies that have become
important since the previous publication, especially Windows 2003 Server and Windows XP, wire-
less networking, and directory services.
Several contributing authors were brought on board to assist in making this book better than its
predecessor, each a veteran in the computer book publishing field, as well as experts in their areas
of networking. I’m sure you’ll like what you find inside, and I’m sure you’ll find that what you are
looking for is easier to find in this edition. Also, don’t forget to check out the Web site. In addition
to the chapters mentioned previously, you will find a large collection of useful programs—from
freeware to shareware and some demo programs—that can help you administer your network.

What’s Missing from This Edition?

If there are topics that you think need to be included in a book like this, but that you do not find,
let me know. Each time this book is written, feedback from readers is always used to add new chap-
ters, as well as update older ones. You can send email to the publisher, or to me. If you have ques-
tions on some of the topics found in this book, I’ll try to answer them for you the best I can.
Feedback will just make this book a more valuable resource in the future. You can reach me at
www.twoinc.com, or email me at two@twoinc.com. Happy reading!
 Up Front: Network
Planning and Design
Concepts

SOME OF THE MAIN TOPICS FOR THIS PART ARE

A Short History of Computer Networking

Overview of Network Topologies
Network Design Strategies
Upgrading Strategies and Project Management
Protecting the Network: Preventative Maintenance Techniques

PART I
 1
A Short History of
Computer Networking

CHAPTER 1
10 Chapter 1 A Short History of Computer Networking

Today, computer networks are taken for granted much as the telephone network is. And the tele-
phone network was, until the explosive growth of the Internet, the largest network in the world. It
just wasn’t a computer network. You could use modems to connect computers to each other on a one-
by-one basis, but this wasn’t networking in the sense we think of it today. And those early modems—
300 baud or less—didn’t make the transfer of data an inexpensive matter, especially when
long-distance calls were required. In a funny twist of fate, voice communications are now creeping
into the networking world (such as voice over IP, or VOIP), making the telephone network itself less
important. To that end, many telephone companies are expanding rapidly into the data networking
field so that they can offer data, voice, video, and other services.
Computer networking has been evolving since the late 1960s. Early work on the ARPANET began in
the 1960s, and in 1969 a four-node network using primitive packet switching was created. The growth
of this predecessor of today’s Internet wasn’t quite the phenomenon you see today.
As discussed in Chapter 14, “Ethernet: The Universal Standard,” the ALOHAnet was created to estab-
lish connections between several computers in Hawaii. Robert Metcalf was later to use the basic prin-
ciples from ALOHAnet to create what eventually became the Ethernet local area networking wire
protocol still used today. Ethernet was simply a means to get a signal from one place to another—it
was another thing to decide what kind of signaling to use. On the ARPANET, TCP was being created,
and refined. If you examine the OSI Seven-Layer Networking Reference Model (see Appendix A,
“Overview of the OSI Seven-Layer Networking Reference Model”), you can see that Ethernet works at
a low level in the model, and is used to transmit packets of information from higher-level protocols.
TCP was the first major higher-level protocol created. One of the first refinements of TCP was to break
it into several parts (or layers), which is why the protocol “suite” is known today as TCP/IP.
TCP (the Transmission Control Protocol) and IP (the Internet Protocol) are the basis of the Internet.
Another break-out from TCP was the User Datagram Protocol (UDP). Both TCP and UDP provide dif-
ferent types of service, yet both use IP as the workhorse protocol that is used to route packets (or data-
grams) on the Internet, as well as any intranet. And what does IP use to send data across the wire (or
the air, in case of a wireless network)? Ethernet in most cases. For the long-haul, there are other proto-
cols that can be used, and you will read about them in Part V of this book, “Wireless Networking
Protocols.”
It is important to keep in mind that Ethernet and other wire-level protocols simply provide the means
to frame data—create discrete units of data for transmission—and then use a specified method to send
data across the network media. For example, simply varying the voltage on a wire can be used to send
data from one point to another. An early transmission method, called non-return to zero (NRZ)
encoding, used just this method. A high value was used to specify the bit value of one, and a low
value was used for zero. A drawback to this encoding scheme is that a long stream of either ones or
zeros can be difficult to decipher at the receiving end. The term “clock” is used to mean that each end
of the transmission understands where a bit starts and where it ends during the transmission. Because
it would be very expensive to have a physical clock at each end that could precisely time each bit
transmission, this encoding method does not scale well.
Early Ethernet networks used a technique called Manchester encoding. This method does provide a
clocking mechanism that is built into the coding scheme itself. Instead of using a high- or low-voltage
state to indicate a specific bit, Manchester encoding uses the change from one state to another, during
a specific interval.
While TCP/IP continued its development on the ARPANET, computer vendors began to recognize the
importance of networking, and many proprietary protocols were developed. Digital Equipment
Corporation (DEC) created DECnet (and numerous other protocols), which was used to connect its
PDP computers and, later, VAX and AlphaServer computers. Today DECnet is still used, although
 A Short History of Computer Networking Chapter 1 11

TCP/IP has pretty much replaced it for most installations. For a short time in the 1980s, however,
DEC operated the largest computer network in the world, short of the Internet. What protocol was
used? DECnet, of course. During that same period, the OSI model was created, and Digital incorpo-
rated the concepts of that model, as well as the protocols that were developed by ISO based on the
OSI model, into DECnet. Because the VMS (Virtual Memory System) operating system used on DEC’s
VAX computers was adopting these open standards, the name of the operating system was changed to
OpenVMS. However, few other vendors chose to incorporate the high-overhead concepts of these
open protocols, and this first attempt to standardize networking protocols between different comput-
ers failed to come about.
Other computer manufacturers also produced their own proprietary network protocols. For example,
IBM’s work in this direction resulted in SNA, which combined networking protocols from the high
end (application) down to the low end (wire protocols). As networking began to become an important
part of the computing world, other vendors, such as Xerox (XNS), also came up with their own proto-
cols.
The result was that if you wanted to create a network of computers for your business, you had to stick
with a single vendor. Proprietary protocols, then, were not a good solution to the problem of
exchanging data between computers.
During the early days of PCs, the same sort of situation occurred. Although PCs were basically the
same when it came to the operating system (DOS at the start), you could buy a network setup from
many different vendors. One that comes to mind is NetWare (which is still around today, although in
recent years TCP/IP has replaced the proprietary IPX/SPX NetWare protocols). LAN Manager was
Microsoft’s entry into the field, with a legacy of NetBEUI and NetBIOS still lurking around on many
Windows computers prior to Windows 2000. When DEC started to build its own PCs, it licensed LAN
Manager technology and created Pathworks. You might still find Pathworks in some networks,
although, like LAN Manager, it is considered history today.
Other networking packages included Banyan Vines and LANtastic, both of which are still around
today. However, these products are today vastly different than when they first appeared.
In Chapter 13, “The Oldest LAN Protocol Is Still Kicking: ARCnet,” you can read about an old proto-
col that is still used pretty much the same as it was when first created. It allows a limited number of
computers to be connected, uses a simple token passing scheme, and requires minimal setup. ARCnet
is typically found in point-of-sale computers and factory automation today.
The Internet changed the entire landscape. As TCP/IP continued to mature into the stable protocol
suite that it is today, the PC landscape, as well as mainframe and minicomputers, began to adopt
TCP/IP. Although the ISO first attempted to define open protocols so that computers from different
vendors could interact to exchange data, it turns out that TCP/IP is the winner in the end. And when
IPv6 (IP version 6) finally reaches from the inner core of the Internet to the edge, you will find that
TCP/IP continues to add new features, enhance security, and provide more robust features.
Other protocols, such as ATM and Frame Relay, are used for long-distance transfer of data, and can
encapsulate other protocols such as TCP/IP. Fibre Channel is a wire protocol that is the most widely
used protocol in Storage Area Networks today (see Chapter 11, “Network Attached Storage and Storage
Area Networks”).
The old standard Ethernet has itself continued to be enhanced to keep up with the need for speed.
Early versions operated at 2–5Mbps, and most desktops today use 100BASE-T, or 100Mbps Ethernet.
Gigabit and 10Gigabit Ethernet are now on the market, although these newer versions do not use the
same signaling techniques as earlier versions. The capability to provide backward compatibility with
earlier versions, however, is another important factor for the continued use of Ethernet.
12 Chapter 1 A Short History of Computer Networking

Today you will find that most desktop computers in a company’s LAN use TCP/IP. Although other
protocols may encapsulate TCP/IP for transmission over a long distance, the TCP/IP protocol is still
the de facto standard for computer-to-computer communications. TCP/IP is also supported by net-
worked printers and wireless communications.
Because of this standardization, prices for equipment that support Ethernet and TCP/IP are dramati-
cally less than a decade ago. Network adapters themselves may become history because many com-
puter motherboard manufacturers are starting to incorporate that functionality directly onto the
motherboard.
So what does this all mean? It means that whether you operate a business or a home network, or if
you just connect to the Internet from home, it has been a long process to get to where we are today.
In this book you will find topics that cover many of the important protocols in use today, as well as
topics on newer developments.
 2
Overview of Network
Topologies

SOME OF THE MAIN TOPICS IN THIS CHAPTER ARE

LAN Topologies 14
Building and Campus Topologies 24
A Multi-Tiered Network Topology 28

CHAPTER 2
14 Chapter 2 Overview of Network Topologies

Before you can begin to upgrade and repair your network, you need to understand how it’s laid out,
how it functions, and how the various parts are related to one another. Knowing how your network
components are related makes the extension, expansion, and troubleshooting of your environment
more focused and productive. Because network uptime is related directly to productivity, a solid grasp
of network concepts is a necessity when you’re facing a troubled LAN.
In this chapter, you will review the topologies in use today and learn the strengths and weaknesses of
each.

LAN Topologies
Several unique network technologies have been developed over the past three decades. Different types
of networks have different design criteria and, thus, various topologies have come into use. One
important distinction needs to be made before we enter into a serious discussion on topology: physi-
cal topology versus logical topology. The physical topology describes the layout of a network media
(such as copper and fiber-optic cables and, more recently, wireless equipment) and the devices that
connect to it. The logical topology is concerned not with the actual physical connections but with the
logical path through the network that data can take from one place to another. The differences will be
more evident as the different topologies are discussed.
The basic topologies you will find in most LANs today include the following:
■ Bus
■ Star
■ Ring
■ Mesh
■ Hybrids

Bus Topology
The simple bus topology structure was the first type used in Ethernet networks. The typical bus physi-
cal topology consists of a coaxial cabling common to all computer systems connected to the LAN.
This coax is tapped in multiple places along its length, with each tap being used as a point of connec-
tion for a computing system. Taps can be physical cores cut into the coax (sometimes called a “vam-
pire tap”) or BNC-style “T-connectors” that join several individual pieces of coax together to form the
common bus (see Figure 2.1 and Figure 2.2 for a comparison of the two methods).

Vampire Taps

Terminator

Terminator

Figure 2.1 Computers can connect to coaxial cables on a bus by tapping directly through the core of the
cable. The vampire taps pierce the thicknet cable but not the BNC.
 LAN Topologies Chapter 2 15

Computer A Computer B Computer C

Network Adapter Terminator

Card

Terminator T-Connector T-Connector T-Connector

Bus (usually thinnet ethernet)

Figure 2.2 BNC-style T-connectors make attaching computers to a bus a simpler operation.
◊◊ You can learn more about how 10BASE-2 and 10BASE-5 Ethernet networks are created using coaxial cables
and the bus topology in Chapter 14, “Ethernet: The Universal Standard.”
A bus is also a logical topology. From a device’s viewpoint, all other systems communicate through
the same, shared path. Because it is a shared media technology, mechanisms must be put into place to
arbitrate network traffic over the cable. Typically, collision detection (CD) or collision avoidance (CA)
algorithms are used in bus topologies to arbitrate network access along with concepts such as “broad-
casts” to reach every device on the cable. This subject is covered in detail in Chapter 14.
The bus topology is very simple and inexpensive to implement due to its low cost requirements for
cable installation (there’s only one main trunk). But some serious deficiencies make bus topology
LANs unattractive to deploy:
■ Bus topologies require proper terminations on both ends of the bus to effectively dampen the
network signal and to avoid a “reflection” or reoccurrence of a previous transmission. Without
the proper terminations in place, expect a very slow or inoperable network.
■ The cable itself is a single point of failure. One break, cut, or poor connection negatively
impacts the entire LAN.
■ Because all workstations or devices share a common cable, troubleshooting can be difficult
when problems occur. You must temporarily break the terminations in the network to isolate a
device. After you think you’ve resolved the network problem, you must disrupt LAN service
again to reattach the device to the network. This makes for a cumbersome and disruptive
process.

Due to these limitations, the bus topology is typically found only in the smallest or most austere of
installations. Some proprietary manufacturing process control systems use a bus topology, but these
aren’t covered in this book.
For the most part, the bus topology is a historical relic. However, it is something you should be cog-
nizant of in order to understand why other topologies are the norm today. Early networks were com-
posed of only a few computers and there was no need to provide for today’s high-bandwidth
networks that use switches and other devices to connect a diverse collection of computers and other
networked devices.

Star Topology
The concept behind the star topology is simple. Every node on the LAN has a dedicated cable that is
pulled back to a centralized point, typically a wiring closet. All cables are terminated in a network
component within the closet, such as a hub or, more typically today, a switch, which handles the
repeating or switching of traffic out to the other nodes on the network (see Figure 2.3).
16 Chapter 2 Overview of Network Topologies

Hub/Switch

Figure 2.3 The star topology enables you to centralize wiring for a network.

The shortcomings of a star topology network are obvious: The network component (hub or switch) is
a single point of failure, and a great deal of wiring is involved to implement the star.
However, there are tremendous benefits to a star topology:
■ Management of the network is centralized around the hub and switch components. Most of
these components have features that allow an administrator to spot congestion and network
errors at the port level, which makes troubleshooting problems quick and simple.
■ “Smart hubs” can automatically disable ports that exceed use or error thresholds, providing
additional stability to the LAN. They are also a central point for watching bandwidth usage and
overall network health.
■ Wiring installation is less obtrusive and therefore does not disrupt LAN service with the addi-
tion or deletion of nodes.
■ A cable cut or bad connector does not take down the entire LAN segment. No terminators are
required as in the bus topology model.

You should note that nearly every popular network technology today uses a star topology for its phys-
ical implementation. This is due to several factors, including the ease of wiring, the fact that a single
misbehaving computer can be removed from the topology, and the fact that it’s a simple matter to set
up a hub or switch.

Note
When troubleshooting a star topology network, be sure to check error counters and status indicators on your network com-
ponents. These can provide valuable information in helping you find what is at fault.

Ring Topology
Ring topologies are more complex than the bus and star topologies discussed in previous sections, but
they offer some attractive features. Nodes logically communicate in a ring formation, with each node
communicating only directly with its upstream and downstream neighbors (see Figure 2.4).
 LAN Topologies Chapter 2 17

D B

Figure 2.4 The ring topology links each node on the network to two other nodes on the network.

You can probably picture what a mess the wiring would be in an office with hundreds of computer
systems, if a network like this were implemented as a physical ring. So ring topologies are typically
implemented in a physical star topology (see Figure 2.5).
In a ring topology, access to the network is controlled through a token that is passed from node to
node as the arbitration mechanism. Each node takes its turn at claiming the token as the token passes
from neighbor to neighbor, and when a node possesses the token, it takes its turn to transmit onto
the ring. A data packet is transferred from one node to the next until it reaches its destination node.
After the destination node has received the packet, it modifies the packet to acknowledge receipt and
passes it on. Eventually, the packet makes it completely around the ring, and the transmitting node
receives it and notes that the receipt has been acknowledged. When the transmitting node is finished,
it releases the token to its neighbor, and the process repeats.

Note
Token-Ring networks are the primary LAN technology that uses a ring topology. Although Token-Ring technology today rep-
resents only a small percentage of network installations, another network, the Storage Area Network (SAN) still uses the
concept of a ring topology, with a different method for gaining access to the network media than the method used by
Token-Ring networks.
In Chapter 11, “Network Attached Storage and Storage Area Networks,” you will find that Arbitrated Loops continue to
use the ring topology to provide access to storage devices, such as disk and tape drives, to high-end servers. The
18 Chapter 2 Overview of Network Topologies

Arbitrated Loop maintains a ring topology but uses an arbitration priority method based on device addresses to gain
access to the loop instead of the token-passing mechanism used by Token-Ring networks.
Newer SANs are built using a switched network technology often referred to as a SAN fabric. As you will read in
Chapter 11, it is possible to attach an Arbitrated Loop to a SAN fabric to preserve your current investment.

Flow of Communication

Multistation Access Unit

Physical
Wiring

Figure 2.5 The ring topology is usually implemented as a physical star to simplify wiring management.

The benefits of this kind of topology can be readily observed:

■ Token-controlled access provides greater overall bandwidth use, because there are no collision
avoidance and collision detection algorithms to throttle transmissions on the media.
■ Data packet transmission happens within a determinable time interval. Because each node gets
a chance to claim the token and ring for itself, it’s easy to determine the amount of time before
the next transmission can occur (it’s based on the number of nodes on the ring). This quality of
ring topologies has made it a staple in manufacturing environments in which timing is essen-
tial.
■ Because each node knows its upstream and downstream neighbors, this information can be
used to determine where problems have occurred on the ring.

Another ring topology called Fiber Distributed Data Interface (FDDI) uses dual fault-tolerant rings.
This technology requires that the two rings have tokens passing in opposite directions of one another.
A breakdown in one ring causes the nodes to shift over to the secondary ring to continue communi-
cations.
◊◊ FDDI is another networking technology that uses the ring topology and token-passing for media access. Please
visit the upgradingandrepairingpcs.com Web site for the chapter “Fiber Distributed Data Interface (FDDI),”
which covers this topic in detail.
The down side of a ring topology is simple: The firmware required to manage the ring is somewhat
complicated and must be on every network card that participates in the ring. Because Ethernet domi-
nates the marketplace today, you can purchase an inexpensive 100Mbps Ethernet network adapter for
$20 to $30. Token-Ring network adapters are a bit more difficult to find, and they tend to be more
expensive devices than their Ethernet counterparts. As a result, technologies such as Ethernet have
transitioned rapidly to higher networking speeds while ring topologies have never quite jumped the
speed gap. The ring topologies that exist today have changed little in the past 10 to 15 years.
 LAN Topologies Chapter 2 19

Note
In Chapter 12, “The IEEE LAN/MAN Committee Networking Standards,” you will see that development on Token-Ring
networks has pretty much come to an end-of-life state as far as standards are concerned. Although Token-Ring networks
are still used in some vertical market applications (such as the factory floor), Ethernet technology has become the norm for
the LAN. If you want to learn more about Token-Ring networks, you can visit the primary vendor of this technology at
www.networking.ibm.com/.

Mesh Topology
A mesh topology is an interlacing of multiple connections among several nodes. Typically, a mesh is
done for one purpose: redundancy. Any serious campus network must incorporate a mesh to achieve
the level of redundancy and fault tolerance that businesses demand from their data networks. There
are two types of mesh: full and partial.
Except in the smallest network, a full mesh is not very practical, but it is mentioned here for com-
pleteness. Full mesh means that every node contained in a network has a connection to every other
node contained in the network. It should be fairly obvious at this point why full meshes are not very
practical (see Figure 2.6). The cost for such infrastructure would be exorbitant, and 90% of it would
never be put to use.

Figure 2.6 A full mesh topology is not a very practical way to wire a network.

Partial meshes are designed to provide redundancy where it is needed. By using a little forethought in
design, a network architect could place some additional connectivity where it can provide needed
bandwidth and fault tolerance to the network. Suppose for a moment that an important resource
were attached to node A, as shown in Figure 2.7.
You can spot several paths that could fail, yet all the nodes of your network would still be able to
reach node A as a destination. The true merits of partial mesh are realized when you look at WAN and
campus topologies.

Hybrid Topologies
Hubs or switches can be attached to one another to create larger LANs capable of supporting more
devices. After this happens, you start getting some interesting hybrid topologies. Three popular
hybrids are tree, hierarchical star, and star-wireless.
20 Chapter 2 Overview of Network Topologies

Figure 2.7 A partial mesh topology can be used to provide redundancy for the network.

Tree
Figure 2.8 shows a combination topology that groups workstations in a star and joins the stars along a
linear bus. The majority of the problems of the bus are eliminated because a single workstation can-
not bring the entire LAN to a halt. You still can add or change workstations by plugging them into a
different port on the same hub, or on another hub. If one hub malfunctions, it disables only the
workstations that are attached to it from communicating on the network. The remaining workstations
on the other hubs can continue to function normally.
This is an inexpensive method that can be used to join different work departments in a building.
Each local workgroup can have an administrative person who is responsible for managing the connec-
tions on the local hub. The network administrator can regulate when and where new hubs are
attached to the network. This also can be used to help extend the distance of a LAN. For example, you
can use 10BASE-2 cabling to connect two 10BASE-T networks that are in separate buildings. However,
today that connection would most likely be accomplished using more modern techniques, such as
with fiber-optic cabling.
The major problem with this type of hybrid topology, however, is that if there is a problem with the
backbone bus cable, the network becomes segmented into individual hubs. Workstations on each hub
can communicate with each other, but data transfers through the network to workstations on other
hubs will be disrupted until the cable problem is diagnosed and corrected.

Hierarchical Star
Another method that can be used to connect hubs is a hierarchical star. This method, shown in Figure
2.9, uses a central hub to link several hubs that have workstations attached.
This method can be used to build very large LANs; however, there are restrictions on the size of the
LAN. Timing issues as well as address space are driving factors in how many hubs or switches you are
able to attach in the hierarchical star topology without the introduction of routing technology. The
various restrictions of different network technologies are discussed in later chapters.
 LAN Topologies Chapter 2 21

Node

Node Node

Terminator Hub Terminator

Hub Hub
Node Node Node Node

Node Node

Figure 2.8 A combination of the bus and star topologies groups workstations in a star and joins them
along a linear bus.

Hub

Hub Hub

Node Node Node Node

Node Node

Figure 2.9 The hierarchical star topology is made up of cascading hubs.

Star-Wireless
The most recent hybrid topology has arrived with the advent of wireless technology. Wireless LAN
technology in its current implementation requires a user to be in the vicinity of an access point
attached to the wired data network. A configuration such as this gives you an amorphous hybrid
topology of star combined with wireless (see Figure 2.10).
The star topology is necessary to combine the many access points spread across a building to ensure
wireless coverage. All the access points collapse back into the main star hub, where server resources
would reside on the network. As wireless technologies continue to evolve, so will the topologies that
support them.
22 Chapter 2 Overview of Network Topologies

Switch/Hub

Switch/Hub Switch/Hub

Switch/Hub

Wireless Wireless

Wireless

Figure 2.10 Wireless technology adds a new dimension to network topologies.

◊◊ For more information about using wireless technology in your network, see Part V, “Wireless Networking
Protocols,” which covers the current and emerging wireless technologies.

Shared and Nonshared Network Media Topologies

As mentioned earlier, you must abide by some constraints when constructing very large LAN environ-
ments. One item that often is overlooked is the size of the broadcast domain for a LAN segment.
Hubs take inbound traffic and broadcast it outbound on all their other ports. This means that each
time a node makes a network request, the request is flooded to all other nodes. The more nodes you
have on your LAN, the more traffic you have being flooded throughout the LAN segment. If you are
running an Ethernet network, all this chatter can keep your LAN segment so busy that other nodes
might have trouble finding an opportunity to transmit. The term broadcast domain is used to describe
the total collection of devices that use the same network media, and thus have to contend for access
to the media. This is the main reason switches have become the device of choice to replace hubs.
Using a switch, the broadcast domain consists of just the switch and the device attached to the switch
(if using a half-duplex connection). For a full-duplex connection—in which both the switch and the
attached device can transmit data at the same time, using separate wires—the broadcast domain is
eliminated, because there is no shared media.
◊◊ Switches have generally replaced hubs as the wiring concentrator of choice in most LANs. You can learn more
about switches and how they work by reading Chapter 8, “Network Switches.”
A solution for this problem is the introduction of a switch into the network environment. By deploy-
ing a switch in place of a hub, you dramatically reduce the number of flooded packets. Switches don’t
just blindly repeat network traffic, they make intelligent port-forwarding decisions based on the
addresses they recognize within the packets. The net effect of introducing switches into your environ-
ment in place of hubs is that your nodes see very little flooded traffic (unless it is addressed to them)
and the contention problem is greatly reduced (see Figure 2.11).
Another Random Scribd Document
with Unrelated Content
婢敢行違拗！ 【北喜遷鶯】［旦怒科］唗，休得把虛脾來掉，嘴喳喳
弄鬼妝么。［丑］奴婢怎敢？［旦］焦也波焦，急的咱滿心越惱。我
曉得你今日呵，別有個人兒挂眼梢，倚著他寵勢高，明欺我失恩人時
衰運倒。［起科］也罷，我只得自把門敲。 ［丑］娘娘請坐，待奴婢
叫開門來。［做高叫科］楊娘娘來了，開了閣門者。［旦坐科］［生
披衣引內侍上，聽科］ 【南畫眉序】何事語聲高，驀忽將人夢驚覺。
［丑又叫科］楊娘娘在此，快些開門。［內侍］啟萬歲爺，楊娘娘到
了。［生作呆科］呀，這春光漏洩，怎地開交？［內侍］這門還是開
也不開？［生］慢著。［背科］且教梅妃在夾幕中，暫躲片時罷。
［急下］［內侍笑科］呀，萬歲爺，萬歲爺，笑黃金屋恁樣藏嬌，怕
葡萄架霎時推倒。［生上作伏桌科］內侍，我著床傍枕佯推睡，你索
把獸環開了。 ［內侍］領旨。［作開門科］［旦直入，見生科］妾聞
陛下聖體違和，特來問安。［生］寡人偶然不快，未及進宮。何勞妃
子清晨到此。［旦］陛下致疾之由，妾倒猜著幾分了。［生笑科］妃
子猜著何來可？［旦］ 【北出隊子】多則是相思縈繞，為著個意中人
把心病挑。［生笑科］寡人除了妃子，還有甚意中人？［旦］妾想陛
下向來鐘愛，無過梅精。何不宣召他來，以慰聖情牽挂。［生驚科］
呀，此女久置樓東，豈有複召之理！［旦］只怕悄東君偷洩小梅悄，
單只待望著梅來把渴消。［生］寡人那有此意。［旦］既不沙，怎得
那一斛珍珠去慰寂寥！ ［生］妃子休得多心。寡人昨夜呵， 【南滴
溜子】偶只為微痾，暫思靜悄。恁蘭心蕙性，慢多度料，把人無端奚
落。［作欠伸科］我神虛懶應酬，相逢話言少。請暫返香車，圖個睡
飽。 ［旦作看科］呀，這御榻底下，不是一雙鳳舄麼？［生急起，作
欲掩科］在那裡？［懷中掉出翠鈿科］［旦拾看科］呀，又是一朵翠
鈿！此皆婦人之物，陛下既然獨寢，怎得有此？［生作羞科］好奇
怪！這是那裡來的？連寡人也不解。［旦］陛下怎麼不解？［丑作急
態，一面背對內侍低科］呀，不好了，見了這翠鈿、鳳舄，楊娘娘必
不干休。你每快送梅娘娘，悄從閣後破壁而出，回到樓東去罷。［內
侍］曉得。［從生背後虛下］［旦］ 【北刮地風】只這御榻森嚴宮禁
遙，早難道有神女飛度中宵。則問這兩般信物何人掉？［作將舄、鈿
擲地，醜暗拾科］［旦］昨夜誰侍陛下寢來？可怎生般鳳友鸞交，到
日三竿猶不臨朝？外人不知呵，都只說殢君王是我這庸姿劣貌。那知
道戀歡娛，別有個雨窟雲巢！請陛下早出視朝，妾在此候駕回宮者。
［生］寡人今日不疾，不能視朝。［旦］雖則是蝶夢餘，鴛浪中，春
情顛倒，困迷離精神難打熬，怎負他鳳墀前鵠立群僚！ ［旦作向前背
立科］［丑悄上與生耳語科］梅娘娘已去了，萬歲爺請出朝罷。［生
點頭科］妃子勸寡人視朝，只索勉強出去。高力士，你在此送娘娘回
宮者。［丑］領旨。［向內科］擺駕。［內應科］［生］風流惹下風
流苦，不是風流總不知。［下］［旦坐科］高力士，你瞞著我做得好
事！只問你這翠鈿、鳳舄，是那一個的？［丑］ 【南滴滴金】告娘娘
省可閒煩惱。奴婢看萬歲爺與娘娘呵，百縱千隨真是少。今日這翠
鈿、鳳舄，莫說是梅亭舊日恩情好，就是六宮中新窈窕，娘娘呵，也
只合佯裝不曉，直恁破工夫多計較！不是奴婢擅敢多口，如今滿朝臣
宰，誰沒有個大妻小妾，何況九重，容不得這宵！【北四門子】
［旦］呀，這非是衾裯不許他人抱，道的咱量似鬥筲！只怪他明來夜
去裝圈套，故將人瞞的牢。［丑］萬歲爺瞞著娘娘，也不過怕娘娘著
惱，非有他意。［旦］把似怕我焦，則休將彼邀。卻怎的劣雲頭只思
別岫飄。將他假做拋，暗又招，轉關兒心腸難料。 ［作掩淚坐科］
［老旦上］清早起來，不見了娘娘，一定在這翠閣中，不免進去咱。
［作進見旦科］呀，娘娘呵，【南鮑老催】為何淚拋，無言獨坐神暗
消？［問丑科］高公公，是誰觸著他情性嬌？［丑低科］不要說起。
［作暗出鈿、舄與老旦看科］只為見了這兩件東西，故此發惱。［老
旦笑，低問科］如今那人呢？［丑］早已去了。［老旦］萬歲爺呢？
［丑］出去御朝了。永新姐，你來得甚好，可勸娘娘回宮去罷。［老
旦］曉得了。［回向旦科］娘娘，你慢將眉黛顰，啼痕滲，芳心惱。
晨餐未進過清早，怎自將千金玉體輕傷了？請回宮去，尋歡笑。
［內］駕到。［旦起立科］［生上］媚處嬌何限，情深妒亦真。且將
個中意，慰取眼前人。寡人圖得半夜歡娛，反受十分煩惱。欲待呵叱
他一番，又恐他反道我偏愛梅妃，只索忍耐些罷。高力士，楊娘娘在
那裡？［丑］還在閣中。［老旦、丑暗下］［生作見旦，旦背立不語
掩泣科］［生］呀，妃子，為何掩面不語？［旦不應科，生笑科］妃
子休要煩惱，朕和你到華萼樓上看花去。［旦］【北水仙子】問、
問、問、問華萼嬌，怕、怕、怕、怕不似樓東花更好。有、有、有、
有梅枝兒曾占先春，又、又、又、又何用綠楊牽繞。［生］寡人一點
真心，難道妃子還不曉得！［旦］請、請、請、請真心向故交，免、
免、免、免人怨為妾情薄。［跪科］妾有下情，望陛下俯聽。［生扶
科］妃子有話，可起來說。［旦泣科］妾自知無狀，謬竊寵恩。若不
早自引退，誠恐謠諑日加，禍生不測。有累君德鮮終，益增罪戾。今
幸天眷猶存，望賜斥放。陛下善視他人，勿以妾為念也。［泣拜科］
拜、拜、拜、拜辭了往日君恩天樣高。［出釵、盒科］這釵、盒是陛
下定情時所賜，今日將來交還陛下。把、把、把、把深情密意從頭
繳。［生］這是怎麼說？［旦］省、省、省、省可自承舊賜，福難
消。 ［旦悲咽，生扶起科］妃子何出此言，朕和你兩人呵， 【南雙
聲子】情雙好，情雙好，縱百歲猶嫌少。怎說到，怎說到，平白地分
開了。總朕錯，總朕錯，請莫惱，請莫惱。［笑覷旦科］見了你這顰
眉淚眼，越樣生嬌。 妃子可將釵、盒依舊收好。既是不耐看花，朕和
你到西宮閒話去。［旦］陛下誠不棄妾，妾複何言。［袖釵、盒，福
生科］ 【北尾煞】領取釵、盒再收好，度芙蓉悵暖今宵，重把那定情
時心事表。 ［生攜旦並下］［丑複上］萬歲爺同娘娘進宮去了。咱如
今且把這翠鈿、鳳舄，送還梅娘娘去。 柳色參差映翠樓，司馬札 君
王玉輦正淹留。錢起 豈知妃後多嬌妒，段成式 惱亂東風卒未休。羅
隱 吳評：「有客嘗論此劇，虢國梅妃兩番爭寵，皆未當場扮出，關目
近於不顯。欲於排場加楊虢相爭，然後放歸。絮閣折中破壁而出時，
梅妃繞場走下。近演家有扮梅妃嘿坐幔帳內者。予謂虢國事傍訝一
折，高、永明言，觀場者已洞悉。梅妃家門，此折力士又代為敘明，
正無煩贅疣耳。」對當時舞台演出時不同處理，作了很好說明。 吳
評：「起句直接（上折）和衣卷被情景，方見捱不到曉，急遽獨行，
不及待宮女隨從，安頓絕妙。」吳評：「一時匆迫之狀，色色絕
倒。」 吳評：「力士乖人，亦料定明皇愛梅有心，制楊無術，故為破
壁送歸之計，以息兩爭。」 說明在允許男子多妻的情況下，這種偷雞
摸狗、爭風吃醋的事，必不可免。 吳評：「明皇愈溫存，貴妃愈嬌
妒，假使天威稍震，又作魚貫想矣，然貴妃逆知上意不能反目，故下
文即以繳盒動之情事，周密文章更有針線。」 虢國、梅妃兩番爭寵，
都是寫李楊愛情的波折。前者用五出，後者用兩出，都是從側面寫
出。複召之後有舞盤；絮閣之後，有密誓。兩人的愛情每經一次回
旋，更進一高潮也。 《第二十出 偵報》 ［外引末扮中軍，四雜執
刀棍上］出守岩疆典鉅城，風聞邊事實堪驚。不知憂國心多少，白髮
新添四五莖。下官郭子儀，叨蒙聖恩，擢拜靈武太守。前在長安，見
安祿山面有反相，知其包藏禍心。不想聖上命彼出鎮範陽，分明縱虎
歸山。卻又許易番將，一發添其爪牙。下官自天德軍升任以來，日夜
擔憂。此間來武，乃是股肱重地，防守宜嚴。已遣精細哨卒，前往範
陽採聽去了。且待他來，便知分曉。 【雙調夜行船】［小生扮子，執
小紅旗上］兩腳似星馳和電捷，把邊情打聽些。急離燕山，早來靈
武。［作進見外，一足跪叩科］向黃堂爆雷般唱一聲高喏。［外］探
子，你回來了麼？［小生］我肩挑令字小旗，晝夜奔馳疾似風。探得
邊關多少事，從頭來報主人公。［外］分付掩門。［眾掩門下］
［外］探子，你探的安祿山軍情怎的，兵勢如何？近前來，細細說與
我聽者。［小生］爺爺聽啟，小哨一到了範陽鎮上呵， 【喬木魚】見
槍刀似雪，密匝匝鐵騎連營列。端的是號令如山把神鬼懾。那知有朝
中天子尊，單逞他將軍令閫外唓嗻。 ［外］那安祿山在邊關，近日作
何勾當？［小生］【慶宣和】他自請那番將更來，把那漢將撤，四下
里牙爪排設。每日價躍馬彎弓斗馳獵，把兵威耀也、耀也！ ［外］還
有什麼舉動波？［小生］ 【落梅花】他賊行藏真難料，歹心腸忒肆
邪。誘諸番密相勾結，更私招四方亡命者，巢窟內盡藏凶孽。 ［外驚
科］呀，有這等事！難道朝廷之上，竟無人奉告麼？［小生］聞得一
月前，京中有人告稱祿山反狀，萬歲爺暗遣中使，去到範陽，瞰其動
靜。那祿山見了中使呵，【風入松】十分的小心禮貌假妝呆，盡金錢
遍布蓋奸邪。把一個中官哄騙的滿心悅，來回奏把逆跡全遮。因此萬
歲爺愈信不疑，反把告叛的人，送到祿山軍前治罪。一任他橫行傲
桀，有誰人敢再弄唇舌！［外嘆介］如此怎生是了也！［小生］前日
楊丞相又上一本，說祿山叛跡昭然，請皇上亟加誅戮。那祿山見了此
本呵， 【撥不斷】也不免腳兒跌，口兒嗟，意兒中忐忑，心兒里怯。
不想聖旨倒說祿山誠實，丞相不必生疑。他一聞此信，便就呵呵大
笑，罵這饞臣奈我耶，咬牙根誓將君側權奸滅，怒轟轟急待把此仇來
雪。 ［外］呀，他要誅君側之奸，非反而何？且住，楊相這本怎麼不
見邸抄？［小生］此是密本，原不發抄。只因楊丞相要激祿山速反，
特著塘報抄送去的。［外怒科］唉，外有逆藩，內有奸相，好教人發
指也！［小生］小哨還打聽的祿山近有獻馬一事，更利害哩！【離亭
宴歇拍煞】他本待逞豺狼，魆地里思抄竊。巧借著獻驊騮，乘勢去行
強劫。［外］怎麼獻馬？可明白說來者。［小生］他遣何千年賚表，
奏稱獻馬三千匹，每馬一匹，有甲士二人，又有二人御馬，一人芻
牧，共三五一萬五千人，護送入京。一路裏兵強馬劣，鬧洶洶怎提
防！亂紛紛難鎮壓，急攘攘誰攔截。生兵入帝畿，野馬臨城闕，怕不
把長安來鬧者。［外驚科］唉，罷了，此計若行，西京危矣。［小
生］這本方才進去，尚未取旨。只是祿山呵，他明把至尊欺，狡將奸
計使，險備機關設。馬蹄兒縱不行，狼性子終難貼。逗的鼙鼓向漁陽
動也，爺爺呵，莫待傳白羽始安排。小哨呵，准備閃紅旗再報捷。
［外］知道了。賞你一壇酒，一腔羊，五十兩花銀，免一月打差。去
罷［小生叩頭科］謝爺。［外］叫左右，開門。［眾應上，作開門
科］［小生下］［外］中軍官。［末應介］［外］傳令眾軍士，明日
教場操演，准備酒席犒賞。［末］領鈞旨。［先下］ ［外］數騎漁陽
探使回，杜牧 威雄八陣役風雷。劉禹錫［外］胸中別有安邊計，曹
唐 軍令分明數舉杯。杜 甫 吳評：「此折寫祿山反形漸露，子儀先
事而籌，以為收京張本。且於前四折生旦戲中，以此間之，便於爨色
搬演。」 吳評：「探子不遽說邊情，待郭掩門令其近前細說，足見軍
機之密上下同心。」 吳評：「千兵萬馬霎如風雨之來，此種文情直足
奪元人高座。」 吳評：「收歸探子本事，詞採壯烈。」 《第廿一出
窺浴》 【仙呂入雙調·字字雙】［丑扮宮女上］自小生來貌天然，花
面；宮娥隊裡我為先，掃殿。忽逢小監在階前，胡纏；伸手摸他褲兒
邊，不見。 「我做宮娥第一，標致無人能及。腮邊花粉湖塗，嘴上胭
脂狼籍。秋波俏似銅鈴，弓肩彎處筆直。春纖十個擂槌，玉體渾身糙
漆。柳腰松段十圍，蓮瓣灘船半只。楊娘娘愛我伶俐，選做霓裳部
色。只因喉嚨太響，歌時嘴邊起個霹靂。身子又太狼伉，舞去衝翻了
御筵桌席。皇帝見了發惱，打落子弟名籍。登時發到驪山，派到溫泉
殿中承值。昨日鑾輿臨幸，同楊娘娘在華清駐蹕。傳旨要來共浴湯
池，只索打掃鋪陳收拾。」道猶未了，那邊一個宮人來也。【雁兒
舞】［副淨扮宮女上］擔閣青春，後宮怨女，漫跌腳捶胸，有誰知
苦。拼著一世沒有丈夫，做一只孤飛雁兒舞。 ［見介］［丑］姐姐，
你說甚麼「雁兒」舞！如今萬歲爺，有了楊娘娘的「霓裳」舞，連梅
娘娘的「驚鴻」舞，也都不愛了。［副淨］便是。我原是梅娘娘的宮
人。只為我娘娘，自翠閣中忍氣回來，一病而亡，如今將我拔到這
裏。［丑］原來如此，楊娘娘十分妒忌，我每再休想有承幸之日。
［副淨］罷了。［丑］萬歲爺將次到來，我和你且到外廂伺候去。
［虛下］［末、小生扮內侍，引生、旦、老旦、貼隨行上］ 【羽調近
詞·四季花】別殿景幽奇：看雕梁畔，珠簾外，雨卷雲飛。逶迤，朱闌
幾曲畫溪，修廊數層接翠微。繞紅牆，通玉扉。［末、小生］啟萬歲
爺，到溫泉殿了。［生］內侍回避。［末、小生應下］［生］妃子，
你看清渠屈注，洄瀾皺漪，香泉柔滑宜素肌。朕同妃子試浴去來。
［老、貼與生、旦脫去大衣介］［生］妃子，只見你款解云衣，早現
出珠輝玉麗，不由我對你、愛你、扶你、覷你、憐你！［生攜旦同
下］［老旦］念奴姐，你看萬歲爺與娘娘恁般恩愛，真令人羨殺也。
［貼］便是。［老旦］ 【鳳釵花絡索】【金鳳釵】花朝擁，月夜偎，
嘗盡溫柔滋味。【勝如花】［貼合］鎮相連似影追形，分不開如刀劃
水。【醉扶歸】千般撋縱百般隨，兩人合一副腸和胃。【梧葉兒】密
意口難提，寫不迭鴛鴦帳，綢繆無盡期。［老旦］姐姐，我與你伏侍
娘娘多年，雖睹嬌容，未窺玉體。今日試從綺（流水換足）隙處，偷
覷一覷何如？［貼］恰好，［同作內窺介］【水紅花】［合］悄偷
窺，亭亭玉體，宛似浮波菡萏，含露弄嬌輝。【浣溪紗】輕盈臂腕消
香膩，綽約腰身漾碧漪。【望吾鄉】［老旦］明霞骨，沁雪肌。【大
勝樂】［貼］一痕酥透雙蓓蕾，［老旦］半點春藏小麝臍。【傍妝
台】［貼］愛殺紅巾罅，私處露微微。永新姐，你看萬歲爺呵，【解
三酲】凝睛睇，【八聲甘州】恁孜孜含笑，渾似呆癡。【一封書】
［合］休說俺偷眼宮娥魂欲化，則他個見慣的君王也不自持。【皂羅
袍】［老旦］恨不把春泉翻竭，［貼］恨不把玉山洗頹，［老旦］不
住的香肩嗚嘬，［貼］不住的纖腰抱圍，【黃鶯兒】［老旦］俺娘娘
無言匿笑含情對。［貼］意怡怡，【月兒高】靈液春風，淡蕩恍如
醉。【排歌】［老旦］波光暖，日影暉，一雙龍戲出平池。【桂枝
香】［合］險把個襄王渴倒陽台下，恰便似神女攜將暮雨歸。 ［丑、
副淨暗上笑介］兩位姐姐，看得高興啊，也等我每看看。［老旦、
貼］姐姐，我每伺候娘娘洗浴，有甚高興。［丑、副淨笑介］只怕不
是伺候娘娘，還在那裡偷看萬歲爺哩。［老旦、貼］啐，休得胡說，
萬歲爺同娘娘出來也。［丑、副淨暗下］［生同旦上］ 【二犯掉角
兒】【掉角兒】出溫泉新涼透體，睹玉容愈增光麗。最堪憐殘妝亂
頭，翠痕幹，晚雲生膩。［老旦、貼與生旦穿衣介］［旦作嬌軟態，
老旦、貼扶介］［生］妃子，看你似柳含風，花怯露。軟難支，嬌無
力，倩人扶起。［二內侍引雜推小車上］請萬歲爺娘娘上如意小車，
回華清宮去。［生］將車兒後面跟著。［二內侍］領旨。［生攜旦行
介］妃子，【排歌】朕和你肩相並，手共攜，不須花底小車推，【東
甌令】趁撲面好風歸。【尾聲】［合］意中人，人中意，則那些無情
花鳥也情癡，一般的解結雙頭、學並棲。［生］花氣渾如百和香，杜
甫 ［旦］避風新出浴盆湯；王建 ［生］侍兒扶起嬌無力，白居易
［旦］笑倚東窗白玉床。李白 吳評：「以前准備諸事皆系力士、永
念，此折用兩宮人插科排場便變換生動。」 吳評：「梅妃妒寵原為楊
妃點染作波，此便順手了之，隨起隨了，是文章妙法。」 景色如畫。
華清同浴，在冊立時點明，此處用旁筆寫出，兩人恩愛，躍然紙上。
只是為渲染玉環天生麗質，偏於色情描寫，格調不高。 《第廿二出
密誓》 【越調引子·浪淘沙】［貼扮織女，引二仙女上］雲護玉梭
兒，巧織機絲。天宮原不著相思，報道今宵逢七夕，忽憶年時。【鵲
橋仙】「纖雲弄巧，飛星傳信，銀漢秋光暗度。金風玉露一相逢，便
勝卻人間無數。柔腸似水，佳期如夢，遙指鵲橋仙路。兩情若是久長
時，又豈在朝朝暮暮。」吾乃織女是也。蒙上帝玉敕，與牛郎結為末
上夫婦。年年七夕，渡河相見。今乃下界天寶十載，七月七夕。你看
明河無浪，烏鵲將填，不免暫撤機絲，整妝而待。［內細樂掃烏鵲飛
上，繞場飛介］［前場設一橋，烏鵲飛止橋兩邊介］［二仙女］鵲橋
已駕，請娘娘渡河。［貼起行介］【越調過曲·山桃紅】【下山虎頭】
俺這裏乍拋錦字，暫駕香輜。［合］趁天落無云滓，新涼暮颸，［作
上橋介］踩上這橋影參差，俯映著河光淨泚。【小桃紅】更喜殺新月
纖，華露滋。低繞著烏鵲雙飛翅也，【下山虎尾】陡覺的銀漢秋生別
樣姿。［做過橋介］［二仙女］啟娘娘，已渡過河來了。［貼］星河
之下，隱隱望見香煙一縷，搖揚騰空，卻是何處？［仙女］是唐天子
的貴妃楊玉環，在宮中乞巧哩。［貼］生受他一片赤心，不免同了牛
郎，到彼一看。［合］天上留佳會，年年在斯，卻笑他人世情緣頃刻
時。［齊下］ 【商調過曲·二郎神】［二內侍挑燈，引生上］秋光
靜，碧沉沉輕煙送螟。雨過梧桐微微冷，銀河宛轉，纖雲點綴雙星。
［內作笑聲，生聽介］順著風兒還細聽，歡笑隔花陰樹影。內侍，是
那裡這般笑語？［內侍問介］萬歲爺問，那裡這般笑語？［內］是楊
娘娘到長生殿去乞巧哩。［內侍回介］楊娘娘到長生殿去乞巧，故此
笑語。［生］內侍每不要傳報，待朕悄悄前去。撤紅燈，待悄向龍墀
覷個分明。【前腔】［換頭］［旦引老旦、貼同二宮婦各捧香盒、紈
扇、瓶花、化生金盆上］宮庭，金爐篆靄，燭光掩映。米大蜘蛛廝抱
定，金盤種豆，花枝招颭銀瓶。［老旦、貼］已到長生殿中，巧筵齊
備，請娘娘拈香。［作將瓶花、化生盆設桌上，老旦捧香盒，旦拈香
介］妾身楊玉環，虔爇心香，拜告雙星，伏祈鑒佑。願釵盒情緣長久
訂，［拜介］莫使做秋風扇冷。［生潛上窺介］覷娉婷，只見他拜倒
在瑤階，暗祝聲聲。 ［老旦、貼作見生介］呀，萬歲爺到了。［旦急
轉，拜生介］［生扶起介］妃子在此，作何勾當？［旦］今乃七夕之
期，陳設瓜果，特向天孫乞巧。［生笑介］妃子巧奪天工，何須更
乞。［旦］惶愧。［生、旦各坐介］［老旦、貼同二宮女暗下］
［生］妃子，朕想牽牛、織女隔斷銀河，一年才會得一度，這相思真
非容易也。 【集賢賓】秋空夜永碧漢清，甫靈駕逢迎，奈天賜佳期剛
半頃，耳邊廂容易雞鳴。雲寒露冷，又趲上經年孤另。［旦］陛下言
及雙星別恨，使妾淒然。只可惜人間不知天上的事。如打聽，決為了
相思成病。［做淚介］［生］呀，妃子為何掉下淚來？［旦］妾想牛
郎織女，雖則一年一見，卻是地久天長。只恐陛下與妾的恩情，不能
夠似他長遠。［生］妃子說那裡話！ 【黃鶯兒】仙偶縱長生，論塵緣
也不恁爭。百年好占風流勝，逢時對景，增歡助情，怪伊底事反悲
哽？［移坐近旦低介］問雙星，朝朝暮暮，爭似我和卿！ ［旦］臣妾
受恩深重，今夜有句話兒，……［住介］［生］妃子有話，但說不
妨。［旦對生嗚咽介］妾蒙陛下寵眷，六宮無比。只怕日久恩疏，不
免白頭之嘆！ 【鶯簇一金羅】【黃鶯兒】提起便心疼，念寒微侍掖
庭，更衣傍輦多榮幸。【簇御林】瞬息間，怕花老春無剩，【一封
書】寵難憑。［牽生衣泣介］論恩情，【金鳳釵】若得一個久長時，
死也應；若得一個到頭時，死也瞑。【皂羅袍】抵多少平陽歌舞，恩
移愛更；長門孤寂，魂銷淚零：斷腸枉泣紅顏命！ ［生舉袖與旦拭淚
介］妃子，休要傷感。朕與你的恩情，豈是等閒可比。 【簇御林】休
心慮，免淚零，怕移時，有變更。［執旦手介］做酥兒拌蜜膠粘定，
總不離須臾頃。［合］話綿藤，花迷月暗，分不得影和形。 ［旦］既
蒙陛下如此情濃，趁此雙星之下，乞賜盟約，以堅終始。［生］朕和
你焚香設誓去。［攜旦行介］ 【琥珀貓兒墜】［合］香肩斜靠，攜手
下階行。一片明河當殿橫，［旦］羅衣陡覺夜涼生。［生］惟應和你
悄語低言，海誓山盟。 ［生上香揖同旦福介］雙星在上，我李隆基與
楊玉環，［旦合］情重恩深，願世世生生，共為夫婦，永不相離。有
渝此盟，雙星鑒之。［生又揖介］在天願為比翼鳥，［旦拜介］在地
願為連理枝。［合］天長地久有時盡，此誓綿綿無絕期。［旦拜謝生
介］深感陛下情重，今夕之盟，妾死生守之矣。［生攜旦介］ 【尾
聲】長生殿裏盟私訂。［旦］問今夜有誰折証？［生指介］是這銀漢
橋邊，雙雙牛、女星。［同下］ 【越調過曲·山桃紅】［小生扮牽
牛，云巾、仙衣，同貼引仙女上］只見他誓盟密矢，拜禱孜孜，兩下
情無二，口同一辭。［小生］天孫，你看唐天子與楊玉環，好不恩愛
也！悄相偎，倚著香肩，沒些縫兒。我與你既締天上良緣，當作情場
管領。況他又向我等設盟，須索與他保護。見了他戀比翼，慕並枝，
願生生世世情真至也，合令他長作人間風月司。［貼］只是他兩人劫
難將至，免不得生離死別。若果後來不背今盟，決當為之綰合。［小
生］天孫言之有理。你看夜色將闌，且回鬥牛宮去。［攜旦行介］
［合］天上留佳會，年年在斯，卻笑他人世情緣頃刻時！ 何用人間歲
月催，羅鄴 星橋橫過鵲飛回。李商隱 莫言天上稀相見，李郢 沒得
心情送巧來。羅 隱 吳評：「明皇聞歡笑，本穢事也，倡用於此處，
映出楊妃驕橫，甚有微詞，且引起下文乞巧殿中撤燈獨步，增無限文
情。」 吳評：「拜倒時潛上，最妙。若在未拜及拜起時覿面，措詞便
費周折。」 吳評：「極為牛、女寫愁，直欲逼出楊妃墮淚。」 吳
評：「楊妃猝然傷感，雖為要盟之故，然樂極哀生，已動埋玉之機。
下折即驚破霓裳矣。」吳評：「忽轉到夜色上，狀出形影不離，情與
景會，神妙難言。」吳評：「下半部全從此盟演出，宜其鄭重。」皇
帝那會向妃子海誓山盟，表示生死不渝的愛情呢？正如作者說的「借
太真外傳譜新詞情，而已。」 吳評：「此處正須明言，使觀者得醒後
半關目。」李楊愛情至此已達高潮，樂極生悲，從下出始開始轉折。
《第廿三出 陷關》 【越調引子·杏花天】［淨領二番將，四軍執旗
上］狼貪虎視威風大，鎮漁陽兵雄將多。待長驅直把淆函破，奏凱日
齊聲唱歌。 咱家安祿山，自出鎮以來，結連塞上諸蕃，招納天下亡
命，精兵百萬，大事可舉。只因唐天子待我不薄，思量等他身後方才
起兵。叵耐楊國忠那廝，屢次說我反形大著，請皇上急加誅戮。天子
雖然不聽，只是咱在邊關，他在朝內，若不早圖，終恐遭其暗算。因
此假造敕書，說奉密旨，召俺領兵入朝誅戮國忠。乘機打破西京，奪
取唐室江山，可不遂了我平生大願！今乃黃道吉日，蕃將每，就此起
兵前去。［眾］得令。［發號行介］［淨］ 【越調過曲·豹子令】只
為奸臣釀大禍，［眾］釀大禍，［淨］致令邊鎮起干戈，［眾］起干
戈。［合］逢城攻打逢人剁，尸橫遍野血成河，燒家劫舍搶嬌娥。
［喊殺下］【水底魚】［丑白須扮哥舒老將引二卒上］年紀無多，剛
剛八十過。漁陽兵至，認咱這老哥。自家老將哥舒翰是也，把守潼
關。不料安祿山造反，殺奔前來，決意閉關死守。爭奈監軍內侍，立
逼出戰。勢不由己，軍士每，與我並力殺上前去。［卒］得令。［生
介］［淨領眾殺上］［丑迎殺大戰介］［淨眾擒丑綁介］［淨］拿這
老東西過來。我今饒你老命，快快獻關降順。［丑］事已至此，只得
投降。［眾推丑下］［淨］且喜潼關已得，勢如破竹，大小三軍，就
此殺奔西京便了。［眾應，吶喊行介］躍馬揮戈，精兵百萬多。靴尖
略動，踏殘山與河，踏殘山與河。 平旦交鋒晚未休，王 遒 動天金
鼓逼神州。韓偓 潼關一敗番兒喜，司空圖 倒把金鞭上酒樓。薛逢
和「偵報」折相照應，是過場戲。 吳評：「此折曲雖小，場上演時須
當大戰數合。蓋陷關乃是大事，不可小做也。」 《第廿四出 驚變》
［丑上］玉樓天半起笙歌，風送宮嬪笑語和。月殿影開聞夜漏，水晶
簾卷近秋河。咱家高力士，奉萬歲爺之命，著咱在御花園中安排小
宴。要與貴妃同來游賞，只得在此伺候。［生、旦乘輦，老旦、貼隨
後，二內侍引，行上］ 【北中呂粉蝶兒】天淡雲冰，列長空數行新
雁。御園中秋色斕斑：柳添黃，蘋減綠，紅蓮脫瓣。一抹雕闌，噴清
香桂花初綻。 ［到介］請萬歲爺娘娘下輦。［生、旦下輦介］［醜同
內侍暗下］［生］妃子，朕與你散步一回者。［旦］陛下請。［生攜
旦手介］［旦］ 【南泣顏回】攜手向花間，暫把幽懷同散。涼風亭
下，風荷映水翩翩。愛桐陰靜悄，碧沉沉並繞回廊看。戀香巢秋燕依
人，睡銀塘鴛鴦蘸眼。［生］高力士，將酒過來，朕與娘娘小飲數
杯。［丑］宴已排在亭上，請萬歲爺娘娘上宴。［旦作把盞，生止住
介］妃子坐了。 【北石榴花】不勞你玉纖纖高捧禮儀煩，只待得小飲
對眉山。俺與你淺斟低唱互更番，三杯兩盞，遣興消閒。妃子，今日
雖是小宴，倒也清雅。回避了御廚中，回避了御廚中烹龍炰鳳堆盤
案，吚吚啞啞樂聲催趲。只幾味脆生生，只幾味脆生生蔬和果清真肴
饌，雅稱你仙肌玉骨美人餐。 妃子，朕與你情游小飲，那些梨園舊
曲，都不耐煩聽他。記得那年在沉香亭上賞牡丹，召翰林李白草《清
平調》三章，令李龜年度成新譜，其詞甚佳。不知妃子還記得麼。
［旦］妾還記得。［生］妃子可為朕歌之，朕當親倚玉笛以和。
［旦］領旨。［老旦進玉笛，生吹介］［旦按板介］ 【南泣顏回】花
繁，穠艷想容顏。雲想衣裳光璨，新妝誰似，可憐飛燕嬌懶。名花國
色，笑微微常得君王看。向春風解釋春愁，沉香亭同倚闌幹。［生］
妙哉，李白錦心，妃子繡口，真雙絕矣。宮娥，取巨觴來，朕與妃子
對飲。［老旦、貼送酒介］［生］ 【北斗鵪鶉】暢好是喜孜孜駐拍停
歌，喜孜孜駐拍停歌，笑吟吟傳杯送盞。妃子乾一杯，［作照乾介］
不須他絮煩煩射覆藏鉤，鬧紛紛彈絲弄板。［又作照杯介］妃子，再
幹一杯。［旦］妾不能飲了。［生］宮娥每，跪勸。［老旦、貼］領
旨。［跪旦介］娘娘，請上這一杯。［旦勉飲介］［老旦、貼作連勸
介］［生］我這裏無語持觴仔細看，早只見花一朵上腮間。［旦作醉
介］妾真醉矣。［生］一會價軟咍咍柳嚲花欹，困騰騰鶯嬌燕懶。 妃
子醉了，宮娥每，扶娘娘上輦進宮去者。［老旦、貼］領旨。［作扶
旦起介］［旦作醉態呼介］萬歲！［老旦、貼扶旦行］［旦作醉態
介］ 【南撲燈蛾】態懨懨輕雲軟四肢，影蒙蒙空花亂雙眼，嬌怯怯柳
腰扶難起，困沉沉強抬嬌腕，軟設設金蓮倒褪，亂松松香肩嚲雲鬟，
美甘甘思尋鳳枕，步遲遲倩宮娥攙入繡幃間。 ［老旦、貼扶旦下］
［醜同內侍暗上］［內擊鼓介］［生驚介］何處鼓聲驟發？［副淨急
上］漁陽鼙鼓動地來，驚破霓裳羽衣曲。［問丑介］萬歲爺在那裡？
［丑］在御花園內。［副淨］軍情緊急，不免徑入。［進見介］陛
下，不好了。安祿山起兵造反，殺過潼關，不日就到長安了。［生大
驚介］守關將士何在？［副淨］哥舒翰兵敗，已降賊了。［生］ 【北
上小樓】呀，你道失機的哥舒翰……稱兵的安祿山，赤緊的離了漁
陽，陷了東京，破了潼關。唬得人膽戰心搖，唬得人膽戰心搖，腸慌
腹熱，魂飛魄散，早驚破月明花粲。 卿有何策，可退賊兵？［副淨］
當日臣曾再三啟奏，祿山必反，陛下不聽，今日果應臣言。事起倉
卒，怎生抵敵？不若權時幸蜀，以待天下勤王。［生］依卿所奏。快
傳旨，諸王百官，即時隨駕幸蜀便了。［副淨］領旨。［急下］
［生］高力士，快些整備軍馬。傳旨令右龍武將軍陳元禮，統領羽林
軍士三千扈駕前行。［丑］領旨。［下］［內侍］請萬歲爺回宮。
［生轉行嘆介］唉，正爾歡娛，不想忽有此變，怎生是了也！ 【南撲
燈蛾】穩穩的宮庭宴安，擾擾的邊廷造反。冬冬的鼙鼓喧，騰騰的烽
火黫。的溜撲碌臣民兒逃散，黑漫漫乾坤覆翻，磣磕磕社稷摧殘，磣
磕磕社稷摧殘。當不得蕭蕭颯颯西風送晚，黯黯的一輪落日冷長安。
［向內問介］宮娥每，楊娘娘可曾安寢？［老旦、貼人應介］已睡熟
了。［生］不要驚他，且待明早五鼓同行。［泣介］天那，寡人不
幸，遭此播遷，累他玉貌花容，驅馳道路。好不痛心也！ 【南尾聲】
在深宮兀自嬌慵慣，怎樣支吾蜀道難！［哭介］我那妃子呵，愁殺你
玉軟花柔，要將途路趲。 宮殿參差落照間，盧綸 漁陽烽火照函關。
吳 融 遏雲聲絕悲風起，胡曾 何處黃雲是隴山。武元衡 吳評：
「從前宴賞，無非華筵麗景；此折花園小宴。後曲所敘，皆一派蕭疏
秋色。密誓已動憂端，驚變兆於衰颯矣。」這出是上下兩部分的分水
嶺。 李白醉寫《清平調》在這裡補寫出。清歌倚笛，和前面舞盤一出
所寫壽筵羯鼓相互映輝。 吳評：「一語一呼聲情宛轉，自此至撲燈蛾
曲，寫一幅醉楊妃圖也。演者須注意，摹似醉態入神，若草草了之，
便索然矣。」 急迫之狀如畫。 吳評：「點明陳元禮，起下折關
目。」 那有如此體貼妃子的皇帝，不過借以表現作者對愛情的理想而
已。 《第廿五出 埋玉》 【南呂過曲·金錢花】［末扮陳元禮引軍士
上］擁旄仗鉞前驅，前驅；羽林擁衛鑾輿，鑾輿。匆匆避賊就征途。
人跋涉，路崎嶇。知何日，到成都。 下官右龍武將軍陳元禮是也。因
祿山造反，破了潼關。聖上避兵幸蜀，命俺統領禁軍扈駕。行了一
程，早到馬嵬驛了。［內鼓噪介］［末］眾軍為何吶喊？［內］祿山
造反，聖駕播遷，都是楊國忠弄權，激成變亂。若不斬此賊臣，我等
死不扈駕。［末］眾軍不必鼓噪，暫且安營。等我奏過聖上，自有定
奪。［內應介］［末引軍重唱「人跋涉」四句下］［生同旦騎馬，引
老旦、貼、醜行上］ 【中呂過曲·粉孩兒】匆匆的棄宮闈珠淚灑，嘆
肖清冷冷半張鑾駕，望成都直天一涯。漸行來漸遠京華，五六搭剩水
殘山，兩三間空舍崩瓦。［丑］來此已是馬嵬驛了，請萬歲爺暫住鑾
駕。［生、旦下也，作進坐介］［生］寡人不道，誤寵逆臣，致此播
遷，悔之無及。妃子，只是累你勞頓，如之奈何！［旦］臣妾自應隨
駕，焉敢辭勞。只願早早破賊，大駕還都便好。［內又喊介］楊國忠
專權誤國，今又交通吐蕃，我等誓不與此賊俱生。要殺楊國忠的，快
隨我等前去。［雜扮四軍提刀趕副淨上，繞場奔介］［軍作殺副淨，
吶喊下］［生驚介］高力士，外在為何喧嚷？快宣陳元禮進來。
［丑］領旨。［宣介］［末上見介］臣陳元禮見駕。［生］眾軍為何
吶喊？［末］臣啟陛下：楊國忠專權召亂，又與吐蕃私通。激怒六
軍，竟將國忠殺死了。［生作驚介］呀，有這等事。［旦作背掩淚
介］［生沉吟介］這也罷了，傳旨起駕。［末出傳旨介］聖旨道來，
赦汝等擅殺之罪。作速起行。［內又喊介］國忠雖誅，貴妃尚在。不
殺貴妃，誓不扈駕。［末見生介］眾軍道，國忠雖誅，貴妃尚在，不
肯起行。望陛下割恩正法。［生作大驚介］哎呀，這話如何說起！
［旦慌牽生衣介］［生］將軍， 【紅芍藥】國忠縱有罪當加，現如今
已被劫殺。妃子在深宮自隨駕，有何干六軍疑訝。［末］聖諭極明，
只是軍心已變，如之奈何！［生］卿家，作速曉諭他，恁狂言沒些高
下。［內又喊介］［末］陛下呵，聽軍中恁地喧嘩，教微臣怎生彈
壓！ ［旦哭介］陛下呵，【耍孩兒】事出非常堪驚詫。已痛兄遭戮，
奈臣妾又受波查。是前生事已定，薄命應折罰。望吾皇急切拋奴罷，
只一句傷心話…… ［生］妃子且自消停。［內又喊介］不殺貴妃，死
不扈駕。［末］臣啟陛下：貴妃雖則無罪，國忠實其親兄，今在陛下
左右，軍心不安。若軍心安，則陛下安矣。願乞三思。［生沉吟介］
【會河陽】無語沉吟，意如亂麻。［旦牽生衣哭介］痛生生怎地舍官
家！［合］可憐一對鴛鴦，風吹浪打，直恁的遭強霸！［內又喊介］
［旦哭介］眾軍逼得我心驚唬，［生作呆想，忽抱旦哭介］貴妃，好
教我難禁架！ ［眾軍吶喊上，繞場、圍驛下］［丑］萬歲爺，外廂軍
士已把驛亭圍了。若再遲延，恐有他變，怎麼處？［生］陳元禮，你
快去安撫三軍，朕自有道理！［末］領旨。［下］［生、旦抱哭介］
［旦］ 【縷縷金】魂飛顫，淚交加。［生］堂堂天子貴，不及莫愁
家。［合哭介］難道把恩和義，霎時拋下！［旦跪介］臣妾受皇上深
恩，殺身難報。今事勢危急，望賜自盡，以定軍心。陛下得安穩至
蜀，妾雖死猶生也。算將來無計解軍嘩，殘生願甘罷，殘生願甘罷！
［哭倒生懷介］［生］妃子說那裡話！你若捐生，朕雖有九重之尊，
四海之富，要他則甚！寧可國破家亡，決不肯拋舍你也！ 【攤破地錦
花】任歡嘩，我一謎妝聾啞，總是朕差。現放著一朵嬌花，怎忍見風
雨摧殘，斷送天涯。若是再禁加，拼代你隕黃沙。 ［旦］陛下雖則恩
深，但事已至此，無路求生。若再留戀，倘玉石俱人類，益增妾罪。
望陛下舍妾之身，以保宗社。［丑作掩淚，跪介］娘娘既慷慨捐生，
望萬歲以社稷為重，勉強割恩罷。［內又喊介］［生頓足哭介］罷
罷，妃子既執意如此，朕也做不得主了。高力士，只得但、但憑娘娘
罷！［作哽咽、掩面哭下］［旦朝上拜介］萬歲！［作哭倒介］［丑
向內介］眾軍聽著，萬歲爺已有旨，賜楊娘娘自盡了。［眾內呼介］
萬歲，萬歲，萬萬歲！［丑扶旦起介］娘娘，請到後邊去。［撫旦行
介］［旦哭介］ 【哭相思】百年離別在須臾，一代紅顏為君盡！［轉
作到介］這裡有座佛堂在此。［旦作進介］且住，待我禮拜佛爺。
［拜介］佛爺，佛爺！念楊玉環呵， 【越恁好】罪巷孽深重，罪孽深
重，望我佛度脫咱。［丑拜介］願娘娘好處生天。［旦起哭介］［丑
跪哭介］娘娘，有甚話兒，分付奴婢幾句。［旦］高力士，聖上春秋
已高，我死之後，只有你是舊人，能體聖意，須索小心奉侍。再為我
轉奉聖上，今後休要念我了。［丑哭應介］奴婢曉得。［旦］高力
士，我還有一言。［作除釵、出盒介］這金釵一枚，鈿盒一枚，是聖
上定情所賜。你可將來與我殉葬，萬萬不可遺忘。［丑接釵盒介］奴
婢曉得。［旦哭介］斷腸痛殺，說不盡恨如麻。［末領軍擁上］楊妃
既奉旨賜死，何得停留，稽遲聖駕。［軍吶喊介］［丑向前攔介］眾
軍士不得近前，楊娘娘即刻歸天了。［旦］唉，陳元禮，陳元禮，你
兵威不向逆寇加，逼奴自殺。［軍又喊介］［丑］不好了，軍士每擁
進來了。［旦看介］唉，罷、罷，這一株梨樹，是我楊玉環結果之處
了。［作腰間解出白練，拜介］臣妾楊玉環，叩謝聖恩。從今再不得
相見了。［丑泣介］［旦作哭縊介］我那聖上啊，我一命兒便死在黃
泉下，一靈兒只傍著黃旗下。 ［做縊死下］［末］楊妃已死，眾軍速
退。［眾應同下］［丑哭介］我那娘娘啊！［下］［生上］六軍不發
無奈何，宛轉蛾眉馬前死。［丑執白練上，見生介］啟萬歲爺，楊娘
娘歸天了。［生作呆不應介］［丑又啟介］楊娘娘歸天了。自縊的白
練在此。［生看大哭介］哎喲，妃子，妃子，兀的不痛殺寡人也！
［倒介］［丑扶介］［生哭介］ 【紅繡鞋】當年貌比桃花，桃花；
［丑］今朝命絕梨花，梨花。［出釵盒介］這金釵、鈿盒，是娘娘分
付殉葬的。［生看釵盒哭介］這釵和盒，是禍根芽。長生殿，恁歡
洽；馬嵬驛，恁收煞！ ［丑］倉卒之間，怎生整備棺槨？［生］也
罷，權將錦褥包裹。須要埋好記明，以待日後改葬。這釵盒就系娘娘
衣上罷。［丑］領旨。［下］［生哭介］【尾聲】溫香艷玉須臾化，
今世今生怎見他！［末上跪介］請陛下起駕。［生頓足恨介］咳，我
便不去西川也值甚麼！［內吶喊、掌號，眾軍上］ 【仙呂入雙調過曲
·朝元令】［丑暗上，引生上馬行介］［合］長空霧粘，旌旆寒風刮。
長征路淹，隊仗黃塵染。誰料君臣，共嘗危險。恨賊寇橫興逆焰，烽
火相兼，何時得將豺虎殲。遙望蜀山尖，回將風闕瞻，浮雲數點，咫
尺把長安遮掩，長安遮掩。 翠華西拂蜀雲飛，章褐 天地塵昏九鼎
危。吳融 蟬鬢不隨鑾駕起，高駢 空驚鴛鴦忽相隨。錢起 吳評：
「嘩軍直殺國忠，最妙。若待元禮輾轉奏請，則與逼殺貴妃犯重矣。
且因此警動明皇，使後逼貴妃時，不得不從，皆是慘淡經營處。」 吳
評：「貴妃品雖請死，心實戀生，只一句傷心話，是傳神妙語。」 怎
舍官家，是內心話奪口而出。 吳評：「以下層層頓跌，皆逼人涕
淚。」 佛堂又作一頓。 釵盒殉葬，為後來証仙作伏筆。 對死前楊玉
環的描寫極其細膩。寫她舍不得官家，寫她為保宗社，寧肯自己捐
生，寫她叮嚀高力士小心侍奉明皇。一步一頓，動人心魄。悲劇主人
公唯使人同情，才能收到悲劇效果。 本出寫李隆基十分鐘情，在他看
來，玉環若死，雖有九重之尊、四海之富也沒用；甚至想代隕黃沙。
玉環被逼自縊後，竟連西川也不願去了。「堂堂天子貴，不及莫愁
家。」他羨慕的是生死不渝的愛情，至於皇帝的寶座倒是無所謂的。
《第廿六出 獻飯》 【黃鐘引子·西地錦】［生引丑上］懊恨蛾眉輕
喪，一宵千種悲傷。早來慵把金鞭揚，午餘玉粒誰嘗。 寡人匆匆西
幸，昨在馬嵬驛中，六軍不發。無計可施，只得把妃子賜死。［淚
介］咳，空做一朝天子，竟成千古忍人。勉強行了一程，已到扶風地
面。駐跗鳳儀宮內，不免少息片時。［外扮老人持麥飯上］炙背可以
見天子，獻芹由來知野人。老漢扶風野老郭從謹是也。聞知皇上西
巡，暫駐鳳儀宮內。老漢煮得一碗麥飯，特來進獻，以表一點敬心。
［見醜介］公公，煩乞轉奏一聲，說野人郭從謹特來進飯。［丑傳
介］［生］召他進來。［外進見介］草莽小臣郭從謹見駕。［生］你
是那裡人？［外］念小臣呵， 【黃鐘過曲·降黃龍】生長扶風，白首
躬耕，共慶時康。聽驀然變起，無限驚惶。聊將一盂麥飯，匍匐向旗
門陳上。願吾君不嫌粗糲，野人供養。 ［生］生受你了，高力士取上
來。［丑接飯送生介］［生看介］寡人晏處深宮，從不曾嘗著此味。
【前腔】［換頭］尋常，進御大官，食前方丈，珍羞百味，猶兀自嫌
他調和無當。［淚介］不想今日，卻將此物充飢。淒涼，帶麩連麥，
這飯兒如何入嗓？［略吃便放介］抵多少滹沱河畔，失路蕭王！
［外］陛下，今日之禍，可知為誰而起？［生］你道為著誰來？
［外］陛下若赦臣無罪，臣當冒死直言。［生］但說不妨。［外］只
為那楊國忠呵， 【前腔】［換頭］猖狂，倚恃國親，納賄招權，流毒
天壤。他與安祿山，十年構畔，一旦里兵戈起自漁陽。［生］國忠構
釁，祿山謀反，寡人那裡知道。［外］那祿山呵，包藏禍心日久，四
海都知逆狀。去年有人上書，告祿山逆跡，陛下反賜誅戮。誰肯於甘
心鐵鉞，來奏君王。 ［生作恨介］此乃朕之不明，以至於此。【前
腔】［換頭］斟量，明目達聰，原是為君的理當察訪。朕記得姚崇、
宋璟為相的時節，把直言數進，萬里民情，如在同堂。不料姚、宋亡
後，滿朝臣宰，一味貪位取容。郭從謹呵，倒不如伊行，草野懷忠，
直指出逆藩奸相。［外］若不是陛下巡幸到此，小臣那裡得見天顏。
［生淚介］空教我噬臍無及，恨塞飢腸。 ［外］陛下暫息龍體，小臣
告退。［嘆介］從饒白髮千莖雪，難把丹心一寸灰。［下］［副淨扮
使臣、二雜抬彩上］ 【太平令】鳥道羊腸，春彩馱來驛路長。連山鈴
鐸頻搖響，看日近帝都旁。 自家成都道使臣，奉節度使之命，解送春
彩十萬匹到京。聞得駕幸扶風，不免就此進上。［向丑介］煩乞啟奏
一聲，說成都使臣，貢春彩到此。［丑進奏介］［生］春耕彩照數收
明，打發使臣回去。［二雜抬彩進介］［副淨同二雜下］［生］高力
士，可召集將士，朕有面諭。［丑］萬歲爺宣召龍武軍將士聽旨。
［眾扮將士上］「曉起聽金鼓，宵眠抱玉鞍。」龍武將士叩見萬歲
爺。［生］將士每，聽朕道來，【前腔】變出非常，遠避兵戈涉異
方。勞伊倉卒隨行仗，今日呵，別有個好商量。 ［眾］不知萬歲爺有
何諭旨？［生］【黃龍袞】征人憶故鄉，征人憶故鄉，蜀道如天上。
不忍累伊每，把妻兒父母輕撇漾。朕待獨與子孫中官，慢慢的捱到蜀
中。爾等今日，便可各自還家。省得跋涉程途，飢寒勞攘。高力士，
可將使臣進來春彩，分給將士，以為盤費。沒軍資，分彩幣，聊充
餉。 ［丑應分彩介］［眾哭介］萬歲爺聖諭及此，臣等寸心如割。自
古養軍千日，用在一朝。臣等呵， 【前腔】無能滅虎狼，無能滅虎
狼，空愧熊羆將。生死願從行，軍聲齊恃天威壯。這春彩，臣等斷不
敢受。請留待他時論功行賞，若有違心，皇天鑒，決不爽。 ［生］爾
等忠義雖深，朕心實有不忍，還是回去罷。［眾］呀，萬歲爺，莫不
是因貴妃娘娘之死，有些疑惑麼？［生］非也， 【尾聲】他長安父老
多懸望，你每回去呵，煩說與翠華無恙。［眾］萬歲爺休出此言，臣
等情願隨駕。誓無二心。［合］只待淨掃妖氛，一同返帝鄉。 ［生］
天色已晚，今夜就此權駐。明日早行便了。［眾］領旨。 ［生］萬里
飛沙咽鼓鼙，錢起 ［丑］沉沉落日向山低。駱賓王 ［生］如今悔恨
將何益，韋莊 ［丑］更忍車輪獨向西？周 曇 吳評：「曲樸而穩直
接元人衣缽。」 蕭王即東漢光武帝劉秀，他在即帝位前曾被劉玄封為
蕭王。更始二年（公元24年）劉秀起義部隊在滹沱河失路，飢寒交
迫。部將馮異送豆粥給他吃。 吳評：「寫開元致治景象，明明自認不
明，卻又諉罪臣下。從來怙惡不悛，如出一轍。」 明皇亦曾經是一位
有為的君主，深通駕馭之術，有此一件安排，正是還他本色。 《第廿
七出 冥追》 【商調過曲·山坡五更】【山坡羊】［魂旦白練系頸
上，服色照前「埋玉」折］惡噷噷一場嘍羅，亂匆匆一生結束。蕩悠
悠一縷斷魂，痛察察一條白練香喉鎖。【前腔】風光盡，信誓捐，形
骸涴。只有癡情一點、一點無摧挫，拼向黃泉，牢牢擔荷。 我楊玉環
隨駕西行，剛到馬嵬驛內，不料六軍變亂，立逼投繯。［泣介］唉，
不知聖駕此時到那裡了！我一靈渺渺，飛出驛中，不免望著塵頭，追
隨前去。［行介］ 【北雙調新水令】望鑾輿才離了馬嵬坡，咫尺間不
能飛過。俺悄魂輕似葉，他征騎疾如梭。剛打個磨陀，翠旗尖又早被
樹煙鎖。［虛下］ 【南仙呂入雙調·步步嬌】［生引丑、二內侍、四
軍擁行上］沒揣傾城遭凶禍，去住渾無那。行行喚奈何，馬上回頭，
兩淚交墮。［丑］啟萬歲爺，前面就是駐蹕之處了。［生嘆介］唉，
我已厭一身多，傷心更說甚今宵臥。［齊下］ 【北折桂令】［旦行
上］一停停古道逶迤，俺只索虛趁雲行，弱情內馱。［向內望科］
呀，好了。望見大駕，就在前面了也。這不是羽蓋飄揚，鸞旌蕩漾，
翠輦嵯峨！不免疾忙趕上者。［急行科］願一靈早依御座，便牢牽袞
袖黃羅。［內鳴鑼作風起科］［旦作驚退科］呀，我望著鑾輿，下地
待趕上。忽然黑風過處，遮斷去路，影都不見了。好苦呵，暗蒙蒙煙
障林阿，杳沉沉霧塞山河，閃搖搖不住徘徊，悄冥冥怎樣騰挪？ ［貼
在內叫苦介］［旦］你看那邊愁雲苦霧之中，有個鬼魂來了，且閃過
一邊。［虛下］［貼扮虢國夫人魂上］ 【南江兒水】艷冶風前榭，繁
華夢裏過。風流誰識當初我？玉碎香殘荒郊臥，云拋雨斷重泉墮。
［二鬼卒上］唗，那裡去？［貼］奴家虢國夫人。［鬼卒笑介］原來
就是你。你生前也忒受用了，如今且隨我到枉死城去。［貼哭介］哎
喲，好苦呵，怨恨如山堆垛。只問你多大幽城，怕著不下這愁魂一
個！ ［雜拉貼叫苦下］［旦急上看科］呀，方才這個是我裴家姊姊，
也被亂兵所害了。兀的不痛殺人也！ 【北雁兒落帶得勝令】想當日天
邊奪笑歌，今日里地下同零落。痛殺俺冤由一命招，更不想慘累全家
禍。呀，空落得提起著淚滂沱，何處把恨消磨！怪不得四下愁雲裹，
都是俺千聲怨氣呵。［望科］那邊又是一個鬼魂，滿身鮮血，飛奔前
來。好怕人也！悲麼，泣孤魂獨自無回和。驚麼，只落得伴冥途野鬼
多。［虛下］ 【南僥僥令】［副淨扮楊國忠鬼魂上］生前遭劫殺，死
後見閻羅。［牛頭執鋼叉，夜叉執鐵錘、索上攔介］［副淨跑下］
［牛頭、夜叉複趕上］楊國忠那裡走？［副淨］呀，我是當朝宰相，
方才被亂兵所害。你每做甚，又來攔我？［牛頭］奸賊，俺奉閻王之
命，特來拿你。還不快走。［副淨］那裡去？［牛頭、夜叉］向小小
酆都城一座，教你去劍樹與刀山尋快活。 ［牛頭拉副淨，執叉叉背，
夜叉鎖副淨下］［旦急上看科］呵呀，那不是我的哥哥。好可憐人
也！［作悲科］ 【北收江南】呀，早則是五更短夢，瞥眼醒南柯。把
榮華拋卻，只留得罪殃多。唉，想我哥哥如此。奴家豈能無罪？怕形
消骨化，懺不了舊情魔。且住，一望茫茫，前行無路，不如仍舊到馬
嵬驛中去罷。［轉行科］待重轉驛坡，心又早怯懦。聽了這歸林暮
雀，猶錯認亂軍呵。 ［虛下］［副淨扮土地上］地下常添枉死鬼，人
間難覓返魂香。小神馬嵬坡土地是也。奉東岳帝君之命，道貴妃楊玉
環原系蓬萊仙子，今死在吾神界內。特命將他肉身保護，魂魄安頓，
以候玉旨。不免尋他去來。［行介］ 【南園林好】只他在翠紅鄉歡娛
事過，粉香叢冤孽債多，一霎做電光石火。淨肉質護泉窩，教魂魄守
墳窠。［虛下］ 【北沽美酒帶太平令】［旦行上］度寒煙蔓草坡，行
一步一延俄。［看介］呀，這樹上寫的有字，待我看來。［作念科］
貴妃楊娘娘葬此。［作悲科］原來把我就埋在此處了。唉，玉環，玉
環！［泣科］只這冷土荒堆樹半棵，便是娉婷裊娜，落來的好巢窩。
我臨死之時，曾分付高力士，將金釵、鈿盒與我殉葬，不知曾埋下
否？怕舊物向塵埃拋墮，則俺這真情肯為生死差訛？就是果然埋下
呵，還只怕這殘尸敗蛻，抱不牢同心並朵。不免叫喚一聲，［叫科］
楊玉環，你的魂靈在此。我呵，悄臨風叫他、喚他。［泣科］可知道
伊原是我，呀，直恁地推眠妝臥！［副淨上喚科］兀那啼哭的，可是
貴妃楊玉環鬼魂麼？［旦］奴家正是。是何尊神？乞恕冒犯。［副
淨］吾神乃馬嵬坡土地。［旦］望尊神與奴做主咱。［副淨］貴妃聽
吾道來：你本是蓬萊仙子，因微過謫落凡塵。今雖是浮生限滿，舊仙
山隔斷紅雲。［代旦解白練科］吾神奉岳帝敕旨，解冤結免汝沉淪。
［旦福科］多謝尊神，只不知奴與皇上，還有相見之日麼？［副淨］
此事非吾神所曉。［旦作悲科］［副淨］貴妃，且在馬嵬驛暫住幽
魂，吾神去也。［下］［旦］苦呵，不免到驛中佛堂裏，暫且棲托則
個。［行科］ 【南尾聲】重來絕命庭中過，看樹底淚痕猶涴。怎能夠
飛去蓬山尋舊果！土埋冤骨草離離，儲嗣宗 回首人間總禍機。薛能
雲雨馬嵬分散後，韋 絢 何年休路得同歸。韋莊吳評：「四個一字
逼出一點癡情，白練羈魂，詞尤吃緊。」 吳評：「一靈不放，望夫尚
能化石，情死豈不証仙。」 吳評：「疲馬征途，急於望宿，而傷心人
別有意緒，已厭身多，遂覺行住都無是處。」 這裡讓楊玉環兄妹鬼魂
出場，一是表示惡人有惡報；二是反襯玉環悔罪真誠，所以結果與兄
妹不同。 李楊愛情，隨著玉環馬嵬自縊，已告結束，但作者認為真正
的愛情是生死不渝的。更何況作者認為悲劇主人公原是仙家下凡呢。
「飛去蓬山尋舊果」，作者只好採用浪漫主義的手法，寫出下半部人
間天上的戲文。 《第廿八出 罵賊》 ［外扮雷海青抱琵琶上］武將
文官總舊僚，恨他反面事新朝。綱常留在梨園內，那惜伶工命一條。
自家雷海青是也。蒙天寶皇帝隆恩，在梨園部內做一個供奉。不料祿
山作亂，破了長安，皇帝駕幸西川去了。那滿朝文武，平日里高官厚
祿，蔭子封妻。享榮華，受富貴。那一件不是朝廷恩典！如今卻一個
個貪生怕死，背義忘恩，爭去投降不迭。只圖安樂一時，那顧罵名千
古。唉，豈不可羞，豈不可恨！我雷海青雖是一個樂工，那些沒廉恥
的勾當，委實做不出來。今日祿山這一班逆黨，大宴凝碧池頭，傳集
梨園奏樂。俺不免乘此，到那廝跟前，痛罵一場，出了這口憤氣。便
粉身碎骨，也說不得了。且抱著琵琶，去走一遭也呵！ 【仙呂村裏迓
鼓】雖則俺樂工卑濫，硜硜愚暗，也不曾讀書獻策，登科及第，向鵷
班高站。只這血性中，胸脯內，倒有些忠肝義膽。今日個睹了喪亡，
遭了危難，值了變慘，不由人痛切齒，聲吞恨銜。 【元和令】恨子恨
潑腥膻莽將龍座渰，癩蝦蟆妄想天鵝啖，生克擦直逼的個官家下殿走
天南。你道恁胡行堪不堪？縱將他寢皮食肉也恨難劖。誰想那一班兒
沒掂三，歹心腸，賊狗男。 【上馬嬌】平日價張著口將忠孝談，到臨
危翻著臉把富貴貪。早一齊兒搖尾受新銜，把一個君親仇敵當作恩人
感。咱，只問你蒙面可羞慚？ 【勝葫蘆】眼見的去做忠臣沒個敢。雷
海青呵，若不把一肩擔，可不枉了戴發含牙人是俺。但得綱常無缺，
須眉無愧，便九死也心甘。［下］ 【中呂引子·繞紅樓】［淨引二軍
士上］搶占山河號大燕，袍染赭，冠戴衝天。凝碧清秋，梨園小部，
歌舞列瓊筵。 孤家安祿山。自從範陽起兵，所向無敵，長驅西入，直
抵長安。唐家皇帝，逃入蜀中去了，錦繡江山，歸吾掌握。［笑介］
好不快活。今日聚集百官，在凝碧池上做個太平筵宴，灑樂一回。內
侍每，眾官可曾齊到？［雜］都在外殿伺候。［淨］宣過來。［軍］
領旨。［宣介］主上宣百官進見。［四偽官上］「今日新天子，當時
舊時臣。同為識時者，不是負恩人。」［見介］臣等朝見。願主上萬
歲，萬萬歲！［淨］眾卿平身。孤家今日政務稍閒，特設宴在凝碧池
上，與卿等共樂太平。［四偽官］萬歲。［軍］筵宴完備，請主上升
宴。［內奏樂，四偽官跪送酒介］［淨］ 【中呂過曲·尾犯序】龍戲
碧池邊，正五色雲開，秋氣澄鮮。紫殿逍遙，暫停吾玉鞭。開宴，走
緋衣，鸞刀細割；揎錦袖，犀盤滿獻。［四偽官獻酒酒再拜介］瑤池
下，熊羆鵷鷺，拜送酒如泉。 ［淨］內侍每，傳旨喚梨園子弟奏樂。
［軍］領旨。［向內介］主上有旨，著梨園子弟奏樂。［內應奏樂
介］［軍送淨酒介］［合］ 【前腔】［換頭］當筵，眾樂奏鈞天。舊
日霓裳，重按歌遍。半入雲中，半吹落風前。稀見，除卻了清虛洞
府，只有那沉香亭院。今日個仙音法曲，不數大唐年。 ［淨］奏得
好。［四偽官］臣想天寶皇帝，不知費了多少心力，教成此曲。今日
卻留與主上受用，真乃齊天之福也。［淨笑介］眾卿言之有理，再上
酒來。［軍送酒介］［外在內泣唱介］ 【前腔】［換頭］幽州鼙鼓
喧，萬戶蓬蒿，四野烽煙。葉墮空宮，忽驚聞歌弦奇變，真個是天翻
地覆，真個是人愁鬼怨。［大哭介］我那天寶皇帝呵，金鑾上面官拜
舞，何日再朝天？［淨］呀，什麼人啼哭？好奇怪！［軍］是樂工雷
海青。［淨］拿上來。［軍拉外上見介］［淨］雷海青，孤家在此飲
太平筵宴，你敢擅自啼哭，好生可惡！［外罵介］唉，安祿山，你本
是失機邊將，罪應斬首。幸蒙聖恩不殺，拜將封王。你不思報效朝
廷，反敢稱兵作亂，穢污神京，逼遷聖駕。這罪惡貫盈，指日天兵到
來誅戮，還說什麼太平筵宴！［淨大怒介］唉，有這等事。孤家入登
大位，臣下無不順從。量你這一個樂工，怎敢如此無禮！軍士看刀伺
候。［二軍作應，拔刀介］［外一面指淨罵介］ 【撲燈蛾】怪伊忒負
恩，獸心假人面，怒發上衝冠。我雖是伶工微賤也，不似他朝臣靦
觍。安祿山，你竊神器，上逆皇天，少不得頃刻間尸橫血濺。［將琵
琶擲淨介］我擲琵琶，將賊臣碎首報開元。［軍奪琵琶介］［淨］快
把這廝拿去砍了。［軍應拿外砍下］［淨］好惱，好惱！［四偽官］
主上息怒。無知樂工，何足介意。［淨］孤家心上不快，眾卿且退。
［四偽官］領旨。臣等恭送主上回宮。［跪送介］［淨］酒逢知己千
鐘少，話不投機半句多。［怒下］［四偽官起介］殺得好，殺得好。
一個樂工，思量做起忠臣來。難道我每吃太平宴的，倒差了不成！
【尾聲】大家都是花花面，一個忠臣值甚錢。［笑介］雷海青，雷海
青，畢竟你未戴烏紗識見淺！ 三秦流血已成川，羅 隱 為虜為王事
偶然。李山甫 世上何人憐苦節，陸希聲 直須行樂不言旋。薛 稷
吳評：「此折大有關系。雷海青琵琶，遂可與高漸離擊築並傳。嘗嘆
世間真忠義不易多有，惟優孟衣冠，妝演古人，凜然生氣如在。若此
折使人可興、可觀，可以廉頑直懦，世有議是劇為勸淫者，正未識旁
見側出之意耳。」 吳評：「開口出搶占二字，不脫賊種語氣，次句便
誇（袞厶換口）冕，又如沐猴而冠。此等模描，深得史記文法。」 吳
評：「嘗讀唐徐夤詩，張均兄弟今何在，卻是楊妃死報君。今見此
曲，覺太平宴上諸人，不但生慚雷老，即他日九重泉路，並何面目見
楊妃乎！後文以為國捐軀為楊表白，正為此輩抑揚耳。」 他人笑罵，
不如自我寫照，在表現凜凜正氣的悲劇里，穿插點喜劇性的曲白，更
加反襯出雷海青等人的氣節。作者本出內頌下層人民之有骨氣，斥降
臣之卑鄙無恥，隱約透露了當時中國人民的民族意識。 《第廿九出
聞鈴》 ［丑內叫介］軍士每趲行，前面伺候。［內鳴鑼，應介］
［丑］萬歲爺，請上馬。［生騎馬，醜隨行上］ 【雙調近詞·武陵
花】萬里巡行，多少悲涼途路情。看雲山重疊處，似我亂愁交並。無
邊落木響秋聲，長空孤雁添朝悲哽。寡人自離馬嵬，飽嘗辛苦。前日
遣使臣賚奉璽冊，傳位太子去了。行了一月，將近蜀中。且喜賊兵漸
遠，可以緩程而進。只是對此鳥啼花落，水綠山青，無非助朕悲懷。
如何是好！［丑］萬歲爺，途咱風霜，十分勞頓。請自排遣，勿自過
傷。［生］咳，高力士，朕與妃子，坐則並幾，行則隨肩。今日倉卒
西巡，斷送他這般結果，教寡人如何撇得下也！［淚介］提起傷心
事，淚如傾。回望馬嵬坡下，不覺恨填膺。［想］前面就是棧道了，
請萬歲爺挽定絲韁，緩緩前進。［生］裊裊旗旌，背殘日，風搖影。
匹馬崎嶇怎暫停，怎暫停！只見陰雲黯淡天昏暝，哀猿斷腸，子規叫
血，好叫人怕聽。兀的不慘殺人也麼哥，兀的不苦殺人也麼哥！蕭條
恁生，峨眉山下少人經，冷雨斜風撲面迎。 ［丑］雨來了，請萬歲爺
暫登劍閣避雨。［生作下馬、登閣坐介］［丑向內介］軍士每，且暫
駐扎，雨住再行。［內應介］［生］獨自登臨意轉傷，蜀山蜀水恨茫
茫。不知何處風吹雨，點點聲聲迸斷腸。［內作鈴響介］［生］你聽
那壁廂，不住的聲響，聒的人好不耐煩。高力士，看是甚麼東西。
［丑］是樹林中雨聲，和著簷前鈴鐸，隨風而響。［生］呀，這鈴聲
好不做美也！ 【前腔】淅淅零零，一片淒然心暗驚。遙聽隔山隔樹，
占合風雨，高響低鳴。一點一滴又一聲，一點一滴又一聲，和愁人血
淚交相迸。對這傷情處，轉自憶荒塋。白楊蕭瑟雨縱橫，此際孤魂淒
冷。鬼火光寒，草間濕亂螢。只悔倉皇負了卿，負了卿！我獨在人
間，委實的不願生。語娉婷，相將早晚伴幽冥。一慟空山寂，鈴聲相
應，閣道崚嶒，似我回腸恨怎平！ ［丑］萬歲爺且免愁煩。雨止了，
請下閣去罷。［生作下閣、上馬介，醜向內介］軍士每，前面起駕。
［眾應介］［丑隨生行介］［生］ 【尾聲】迢迢前路愁難罄，招魂去
國兩關情。［合］望不盡雨後尖山萬點青。 ［生］劍閣連山千里色，
駱賓王 離人到此倍堪傷。羅鄴 ［生］空勞翠輦衝泥雨，秦韜玉 一
曲淋鈴淚數行。杜牧 這是寫李隆基入蜀後，見景生情，深切憶念楊玉
環的場子。作者只讓李隆基和隨從高力士上場，眾軍士皆不上場，為
便於李獨念獨唱，傾瀉胸臆也。 吳評：「馬首斜陽忽而陰雲催暝，冷
雨迎人，客程情景如畫。」在舞台布景簡單的條件下，古代戲曲多以
寫意性曲詞，勾出主人公抒情的意境。 吳評：「纏綿哀怨，一往而
深，又應轉鈴聲，淒然欲絕。」 風聲、雨聲、鈴聲、哭聲，聲聲相
應。末句以閣道崚嶒比己之愁腸百結，更淒切動人。 《第三十出 情
悔》 【仙呂入雙調·普賢歌】［副淨上］馬嵬坡下太荒涼，土地公公
也氣不揚。祠廟倒了牆，沒人燒炷香，福禮三牲誰祭享！ 小神馬嵬坡
土地是也，向來香火頗盛。只因安祿山造反，本境人民盡皆逃散。弄
得廟宇荒涼，香煙斷絕。目今野鬼甚多，恐怕出來生事，且往四下裡
巡看一回。正是：「只因神倒運，常恐鬼胡行。」［虛下］［魂旦
上］ 【雙調引子·搗練子】冤疊疊，恨層層，長眠泉下幾時醒？魂斷
蒼煙寒月里，隨風窣窣度空庭。 「一曲霓裳逐曉風，天香國色總成
空。可憐只有心難死，脈脈常留恨不窮。」奴家楊玉環鬼魂是也。自
從馬嵬被難，荷蒙岳帝傳敕，得以棲魂驛舍，免墮冥司。［非介］我
想生前與皇上在西宮行樂，何等榮寵！今一旦紅顏斷送，白骨冤沉，
冷驛荒垣，孤魂淹滯。你看月淡星寒，又早黃昏時分，好不淒慘也！
【過曲·三仙橋】古驛無人夜靜，趁微雲，移月暝，潛潛趓趓，暫時偷
現影。魆地間心耿耿，猛想起我舊豐標，教我一想一淚零。想、想當
日那態娉婷，想、想當日那妝艷靚，端得是賽丹青描成、畫成。那曉
得不留停，早則飢寒肉冷。［悲介］苦變做了鬼胡由，誰認得是楊玉
環的行徑！ ［淚介］［袖出釵盒介］這金釵、鈿盒，乃皇上定情之
物，已從墓中取得。不免向月下把玩一回。［副淨潛上，指介］這是
楊貴妃鬼魂，且聽他說些甚麼。［背立聽介］［旦看釵盒介］ 【前
腔】看了這金釵兒雙頭比並，更鈿盒同心相映。只指望兩情堅如金似
鈿，又怎知翻做斷綆。若早知為斷綆，枉自去將他留下了這傷心把
柄。記得盒底夜香清，釵邊曉鏡明，有多少歡承愛領。［悲介］但提
起那恩情，怎教我重泉目瞑！［哭介］苦只為釵和盒，那夕的綢繆，
翻成做楊玉環這些時的悲哽。 ［副淨背聽，作點頭介］［旦］咳，我
楊玉環，生遭慘毒，死抱沉冤。或者能悔前愆，得有超拔之日，也未
可知。且住，［悲介］只想我在生前所為，那一樁不是罪案。況且弟
兄姊妹，挾勢弄權，罪惡滔天，總皆由我，如何懺悔得盡！不免趁此
星月之下，對天哀禱一番。［對天拜介］ 【前腔】對星月發心至誠，
拜天地低頭細省。皇天，皇天！念楊玉環呵，重重罪孽，折罰來遭禍
橫。今夜呵，懺愆尤，陳罪眚，望天天高鑒，宥我垂証明。只有那一
點癡情，愛河沉未醒。說到此悔不來，惟天表証。縱冷骨不重生，拼
向九泉待等。那土地說，我原是蓬萊仙子，遣謫人間。天呵，只是奴
家恁般業重，敢仍望做蓬萊座的仙班，只願還楊玉環舊日的匹聘。
［副淨］貴妃，吾神在此。［旦］原來是土地尊神。［副淨］ 【越調
過曲·憶多嬌】我趁月明，獨夜行。見你拜禱深深，仔細聽，這一悔能
教萬孽清。管感動天庭，感動天庭，有日重圓舊盟。 ［旦］多蒙尊神
鑒憫。只怕奴家呵，【前腔】業障縈，夙慧輕。今夕徒然愧悔生，泉
路茫茫隔上清。［悲介］說起傷情，說起傷情，只落得千秋恨成。
［副淨］貴妃不必悲傷，我今給發路引一紙。千里之內，任你魂游便
了。［作付路引介］聽我道來， 【斗黑麻】你本是蓬萊籍中有名，為
墮落皇宮，癡魔頓增。歡娛過，痛苦經，雖謝塵緣，難返仙庭。喜今
宵夢醒，教你逍遙擇路行。莫戀迷途，莫戀迷途，早歸舊程。 【前
腔】［旦接路引謝介］深謝尊神，與奴指明。怨鬼愁魂，敢望仙靈！
［背介］今後呵，隨風去，信路行。蕩蕩悠悠，日隱宵征。依月傍
星，重尋釵盒明。還怕相逢，還怕相逢，兩心痛增。 ［副淨］吾神去
也。［旦］曉風殘月正潸然，韓 琮 ［副淨］對影聞聲已可憐。李
商隱 ［旦］昔日繁華今日恨，司空圖 ［副淨］只應尋訪是因緣。方
乾 人們常說「逞侈心而窮人欲」的皇帝和妃子之間，怎麼會有真正愛
情呢？其實作者也清楚，他自己就說過「念情之所鐘，在帝王家罕
有」。罕有，畢竟還有。作者在《長生殿》里寫的李楊愛情便是這少
有的例外。他們突出之處，一是原來兩人都是天仙下凡；二是他們敗
而能悔，通過悔過，獲得人們的同情。這就是作者巧妙的構思。本出
正是體現此意圖。 吳評：「【三仙橋】三曲，首惜芳顏，次哭釵盒，
未悔前愆。由癡入悟，章法井然。」 吳評：「曲曲折折愈轉愈情切，
從此直至仙山征信，總不暫忘釵盒。」 弟兄姐妹，挾勢弄權，造成惡
果，但並非楊玉環直接造成的。這裡寫她懺悔癡情，都有使人同情之
處。 吳評：「說到相逢，並怕明皇增痛，直是情至。」 《第卅一出
剿寇》 【中呂引子·菊花新】［外戎裝，領四軍上］謬承新命陟崇
階，挂印催登上將台。慚愧出群才，敢自許安危全賴。 建牙吹角不聞
暄，三十登壇眾所尊。家散萬金酬士死，身留一劍答君恩。下官郭子
儀，叨蒙聖恩，特拜朔方節度使，領兵討賊。現今上皇巡幸西川，今
上即位靈武。當此國家多事之秋，正我臣子建功之日。誓當掃清群
寇，收複兩京，再造唐家社稷，重睹漢官威儀，方不負平生志願也。
眾將官，今乃黃道吉日，就此起兵前去。［眾應，吶喊、發號啟行
介］［合］ 【中呂過曲·馱環著】擁鸞旗羽蓋，蹴起塵埃。馬挂征
鞍，將披重鎧，畫戟雕弓耀彩。軍令分明，爭看取奮鷹揚堂堂元帥。
端的是孫吳無賽，管淨掃妖氛毒害。機謀運，陣勢排，一戰收京，萬
方寧泰。［齊下］【前腔】［丑末扮番將、引軍卒行上］倚兵強將
勇，倚兵強將勇，一鼓前來。陣似推山，勢如倒海。不斷征雲靉靉，
鬼哭神號，到處里染腥風，殺人如芥。自家大燕皇帝麾下大將史思
明、何千年是也。唐家立了新皇帝，遣郭子儀殺奔前來。奉令著我二
人迎敵。［末］聞得郭子儀兵勢頗盛，我等二人分作兩隊。待一人與
他交戰，一人橫衝出來，必獲大勝。［丑］言之有理。大小三軍，就
此分隊殺上前去。［四雜應，做分行介］向兩下分兵迎待，先一合拖
刀佯敗。磨旗慘，戰鼓哀。奮勇先登，振威奪帥。 ［末領眾先下］
［外領軍上，與醜對戰一合介］［丑］來將何名？［外］吾乃大唐朔
方節度使郭。天兵到此，還不下馬受縛，更待何時？［丑］不必多
講，放馬過來。［戰介，醜敗介，走下］［末領卒上，截外戰介］
［外］來的賊將，快早投降。［末］郭子儀，你可贏得我麼？［外］
休得饒舌。［戰介，醜複上混戰介］［丑、末大敗逃下］［外］且喜
賊將大敗而逃，此去長安不遠，連夜殺奔前去便了。［眾］得令。
［行介］［合］ 【添字紅繡鞋】三軍笑口齊開，齊開；旌旗滿路爭
排，爭排。擁大將，氣雄哉，合圖畫上雲台。把軍書忙裁，忙裁；捷
奏報金階，捷奏報金階。【尾聲】兩都早慰雲霓待，九廟重瞻日月
開，複立皇唐億萬載。 悲風殺氣滿山河，白居易 師克由來在協和。
胡 曾 行望風京旋凱捷，賀 朝 千山明月靜干戈。杜荀鶴吳評：
「敘次時事簡而能括，是大手筆。」 吳評：「以殺人為能便是草寇
語。」 《第卅二出 哭像》 ［生上］蜀江水碧蜀山青，贏得朝朝暮
暮情。但恨佳人難再得，豈知傾國與傾城。寡人自幸成都，傳位太
子，改稱上皇。喜的郭子儀兵威大震，指日蕩平。只念妃子為國捎
軀，無可表白，特敕成都府建廟一座。又選高手匠人，將旃檀香雕成
妃子生像。命高力士迎進宮來，待寡人親自送入廟中供養。敢待到
也。［嘆科］咳，想起我妃子呵， 【正宮端正好】是寡人昧了他誓盟
深，負了他恩情廣，生拆開比翼鸞凰。說甚麼生生世世無拋漾，早不
道半路裡遭魔障。 【滾繡球】恨寇逼的慌，促駕起的忙。點三千羽林
兵將，出延秋，便沸沸揚揚。甫傷心第一程，到馬嵬驛舍傍。猛地裡
爆雷般齊吶起一聲的喊響，早子見鐵桶似密圍住四下裡刀槍。惡噷噷
單施逞著他領軍元帥威能大，眼睜睜只逼拶的俺失勢官家氣不長，落
可便手腳慌張。恨只恨陳元禮呵，【叨叨令】不催他車兒馬兒，一謎
家延延挨挨的望；硬執著言兒語兒，一會里喧喧騰騰的謗；更排些戈
兒戟兒，不哄中重重疊疊的上；生逼個身兒命兒，一霎時驚驚惶惶的
喪。［哭科］兀的不痛殺人也麼哥，兀的不痛殺人也麼哥！閃的我形
兒影兒，這一個孤孤淒淒的樣。 寡人如今好不悔恨也！ 【脫布衫】
羞殺咱掩面悲傷，救不得月貌花龐。是寡人全無主張，不合呵將他輕
放。【小梁州】我當時若肯將身去抵搪，未必他直犯君王；縱然犯了
又何妨，泉台上，倒博得永成雙。 【麼篇】如今獨自雖無恙，問餘生
有甚風光！只落得淚萬行，悉千狀！［哭科］我那妃子呵，人間天
上，此恨怎能償！ ［醜同二宮女、二內監捧香爐、花旛，引雜抬楊妃
像，鼓樂行上］［丑見生科］啟萬歲爺，楊娘娘寶像迎到了。［生］
快迎進來波。［丑］領旨。［出科］奉旨：宣楊娘娘像進。［宮女］
領旨。［做抬像進、對生，宮女跪，扶像略俯科］楊娘娘見駕。
［丑］平身。［宮女起科］［生起立對像哭科］我那妃子呵，【上小
樓】別離一向，忽看嬌樣。待與你敘我冤情，說我驚魂，話我愁
腸……［近前叫科］妃子，妃子，怎不見你回笑龐，答應響，移身前
傍。［細看像，大哭科］呀，原來是刻香檀做成的神像！［丑］鑾輿
已備，請萬歲爺上馬，送娘娘入廟。［雜扮校尉，瓜、旗、傘、扇，
鑾駕隊子上］［生］高力士傳旨，馬兒在左，車兒在右，朕與娘娘並
行者。［丑］領旨。［生上馬，校尉抬像，排隊引行科］［生］ 【麼
篇】穀碌碌風車呵緊貼著行，裊亭亭龍鞭呵相對著揚。依舊的輦兒廝
並，肩兒齊亞，影兒成雙。情暗傷，心自想。想當時聯鑣游賞，怎到
頭來剛做了恁般隨倡！ ［到科］［丑］到廟中了，請萬歲爺下馬。
［生下馬科］內侍每，送娘娘進廟去者。［鑾駕隊子下］［內侍抬
像，同宮女、丑隨生進，生做入廟看科］【滿庭芳】我向這廟裡抬頭
覷望，問何如西宮南苑，金屋輝光？那裡有鴛幃、繡幕、芙蓉帳，空
則見顫巍巍神幔高張，泥塑的宮娥兩兩，帛裝的阿監雙雙。剪簇簇旛
旌揚，招不得香魂再轉，卻與我搖曳吊心腸。 ［生前坐科］［丑］吉
時已屆，候旨請娘娘升座。［生］宮人每，伏侍娘娘升座者。［宮女
應科］領旨。［內細樂，宮女扶像對生，如前略俯科］楊娘娘謝恩。
［丑］平身。［生起立，內鼓樂，眾扶像上座科］［生］ 【快活三】
俺只見宮娥每簇擁將，把團扇護新妝。猶錯認定情初，夜入蘭房。
［悲科］可怎生冷清清獨坐在這彩畫生綃帳！［丑］啟萬歲爺，楊娘
娘升座畢。［生］香得過來。［丑跪奉香，生拈香科］ 【朝天子】爇
騰騰寶香，映熒熒燭光，猛逗著往事來心上。記當日長生殿裏禦爐
傍，對牛女把深盟講。又誰知信誓荒唐，存歿參商！空憶前盟不暫
忘。今日呵，我在這廂，你在那廂，把著這斷頭香在手添淒愴。高力
士看酒過來，朕與娘娘親奠一杯者。［丑奉酒科］初賜爵。［生捧酒
哭科］ 【四邊靜】把杯來擎掌，怎能夠檀口還從我手內嘗。按不住淒
惶，叫一聲妃子也親陳上。淚珠兒溶溶滿觴，怕添不下半滴葡萄釀。
［丑接杯獻座科］［生］我那妃子呵， 【耍孩兒】一杯望汝遙來享，
痛煞煞古驛身亡。亂軍中抔土便埋藏，並不曾瀽半碗涼漿。今日呵，
恨不誅他肆逆三軍眾，祭汝含酸一國殤。對著這雲幃像，空落得儀容
如往，越痛你魂魄飛揚。 ［丑又奉酒科］亞賜爵。［生捧酒哭科］
【五煞】碧盈盈酒再陳，黑漫漫恨未央，天昏地暗人癡望。今朝廟宇
留西蜀，何日山陵改北邙！［丑又接杯獻座科］［生哭科］寡人呵，
與你同穴葬，做一株塚邊連理，化一對墓頂鴛鴦。［丑又奉酒科］終
賜爵。［生捧酒科］ 【四煞】奠靈筵禮已終，訴衷情話正長。你嬌波
不動，可見我愁模樣？只為我金釵鈿盒情辜負，致使你白練黃泉恨渺
茫。［丑接杯獻科］［生哭科］向此際捶胸想，好一似刀裁了肺腑，
火烙了肝腸。 ［丑、宮女、內侍俱哭科］［生看像驚科］呀，高力
士，你看娘娘臉上，兀的不流出淚來了。［醜同宮女看科］呀，神像
之上，果然滿面淚痕，奇怪，奇怪！［生哭科］哎呀，我那妃子呀，
【三煞】只見他垂垂的濕滿頤，汪汪的含在眶，紛紛的點滴神台上。
分明是牽衣請死愁容貌，回顧吞聲慘面龐。這傷心真無兩，休說是泥
人墮淚，便教那鐵漢也腸荒！［丑］萬歲爺請免悲傷，待奴婢每叩見
娘娘。［同宮女、內侍哭拜科］［生］ 【二煞】只見老常侍雙膝跪，
舊宮娥伏地傷。叫不出娘娘千歲，一個個含悲向。［哭科］妃子呵，
只為你當日在昭陽殿裏施恩遍，今日個錦水祠中遺愛長。悲風蕩，腸
斷殺數聲杜宇，半壁斜陽。 ［丑］請萬歲爺與娘娘焚帛。［生］再看
酒來。［丑奉酒焚帛，生酹酒科］ 【一煞】疊金銀山百座，化幽冥帛
萬張。紙銅錢怎買得天仙降？空著我衣沾殘淚，鵑留怨。不能勾魂逐
飛灰蝶化雙，驀地里增悲愴。甚時見鸞驂碧漢，鶴返遼陽。 ［丑］天
色已晚，請萬歲爺回宮。［生］宮娥，可將娘娘神帳放下者。［宮
娥］領旨。［做下神殿，內暗抬神像下科］［生］起駕。［丑應科］
［生作上馬，鑾駕隊子複上，引行科］［生］ 【煞尾】出新祠淚未
收，轉行宮痛怎忘？對殘霞落日空凝望！寡人今夜呵，把哭不盡的衷
情，和你夢兒裡再細講。 數點香煙出廟門，曹 鄴 巫山雲雨洛川
神。權德輿 翠蛾仿佛平生貌，白居易 日暮偏傷去住人。封彥衝 吳
評：「楊妃頌國，而又為之建廟，事屬無名，今以為國捐軀無可表白
為言，便覺此舉原不可少。」這裡用《西廂》句法，實止七字句耳。
疊字俱平聲，讀起來急促有力，節奏鮮明，把馬嵬兵變的緊張氣氛和
盤托出。 吳評：「楊妃凡三變，馬嵬以前，人也；冥追以後，鬼也；
尸解以後，仙也。而神仙人鬼之中以刻象雜之，又作一變。假假真
真，使觀者神迷目亂。」 吳評：「馬嵬不能救免，冤情也；幸蜀不能
自主，驚魂也；沒後不能再見，愁腸也。三語妙有次第。」 和前面禊
游等出對看，更覺淒慘。 吳評：「暗與舞盤折把杯照映。」 吳評：
「軍行倉卒，錦褥裹理，是明皇最傷心處，故下曲便想到山陵改葬，
又追溯白練黃泉，牽衣請死，纏綿不已也。」 吳評：「木人下淚最
妙，若無此一番情感，則一塊頑香叫呼不應，了無意致矣。」 暗擊証
仙。 吳評：「是出廟徘徊情景。」「結語又起一意，文心溢在言
外。」 《第卅三出 神訴》 【仙呂入雙調·柳搖金】［貼引二仙女、
二仙宮隊子行上］工成玉杼，機絲巧殊，呈錦過天除。搖佩還星渚，
雲中引鳳輿。卻望著銀河一縷，碧落映空虛。俯視塵寰，山川米聚。
吾乃天孫織女是也。織成天錦，進呈上帝。行路中間，只見一道怨
氣，直衝霄漢。不知下界是何地方。［叫介］仙官，［官應介］
［貼］你看這非煙非霧，怨氣模糊，試問下方何處？ ［官應，作看
介］啟娘娘，下界是馬嵬坡地方。［貼］分付暫駐雲車，即宣馬嵬坡
土地來者。［官應，眾擁貼高處坐介］［官向內喚介］馬嵬坡土地何
在？［副淨應上］來也。 【越調鬥鵪鶉】則俺在廟裡安身，忽聽得空
中喚取。則他那天上宣差，有俺甚地頭事務。［官喚科］土地快來。
［副］他不住的唱叫揚疾，唬得我慌忙急遽。只索把急張拘諸的袍袖
來拂，乞留屈碌的腰帶來束。整頓了這破丟不答的平頂頭巾，扶定了
那滴羞撲速的齊眉拐拄。 ［見官科］仙官呼喚，有何使令？［官］織
女娘娘呼喚你哩。［副淨］ 【紫花兒序】聽說道喚俺的是天孫織女，
我又不曾在河邊去掌渡司橋，可因甚到坡前來覓路尋途？［背科］
哦，是了波，敢只為雲中駕過，道俺這裡接待全疏，［哭科］待將咱
這卑職來勾除。［回向官科］仙官可憐見波，小神官卑地苦，接待不
周，特帶得一陌黃錢在此，送上仙官，望在娘娘前方便咱。則看俺廟
宇荒涼鬼判無，常只是塵蒙了神案，土塞在台基，草長在香爐。 ［官
笑科］誰要你的黃錢。娘娘有話問你哩，快去，快去。［引副淨見
介］［副淨］馬嵬坡土地叩見。願娘娘聖壽無疆。［仙女］平身。
［副淨起科］［貼］土地，我在此經過，見你界上有怨氣一道，直衝
霄漢。是何緣故？［副淨］娘娘聽啟， 【天淨沙】這的是艷晶晶霓裳
曲裏嬌妹，裊亭亭翠盤掌上輕軀。［貼］是那一個？［副淨］是唐天
子的貴妃楊玉環，磣磕磕黃土坡前怨屈，因此上痛咽咽幽魂不去，靄
騰騰黑風在空際吹噓。 ［貼］原來就是楊玉環。記得天寶十載渡河之
夕，見他與唐天子在長生殿上，誓願世為夫婦。如今已成怨鬼，甚是
可憐。土地，你將死時光景說與我聽者。［副淨］ 【調笑令】只為著
往蜀、侍鑾輿，鼎沸般軍聲四下裡呼。痛紅顏不敢將恩負，哭哀哀拜
辭了君主。一霎時如花命懸三尺組，生擦擦為國捐軀。 ［貼］怎生為
國捐軀，你再細細說來。［副淨］ 【小桃紅】當日個鬧鑊鐸，激變羽
林徒，把驛庭四面來圍住。若不是慷慨佳人將難輕赴，怎能夠保無
虞，扈君王直向西川路，使普天下人心悅服。今日里中興重睹，兀的
不是再造了這皇圖。 ［貼］雖說如此，只是以天下為主，不能庇一婦
人，長生殿中之誓安在？李三郎暢好薄情也。［副淨］娘娘，那楊妃
呵， 【禿廝兒】並不怨九重上情違義忤，單則捱九泉中恨債冤逋。痛
只痛情緣兩斷不再續，常則是悲此日，憶當初，欷歔。 ［貼］他可說
些甚來？［副淨］ 【聖藥王】他道是恩已虛，愛已虛，則那長生殿裡
的誓非虛。就是避孕藥可辜，意可辜，則那金釵、鈿盒的信難辜。拼
抱恨守冥途。［貼］他原是蓬萊仙子，只因夙孽，迷失本真。今到此
地位，還記得長生殿中之誓。有此真情，殊堪鑒憫。［副淨］再啟娘
娘，楊妃近來，更自痛悔前愆。［貼］怎見得？［副淨］ 【麻郎兒他
夜夜向星前捫心泣訴，對月明叩首悲籲。切自悔愆尤積聚，要祈求罪
業消除。【麼篇】因此上怨呼，恨吐，意苦。雖不能貫白虹上達天
都，早則是結紫孛衝開地府。不提防透青霄橫當仙路。 ［貼］原來如
此。既悔前非，諸愆可釋。吾當保奏天庭，令他複歸仙位便了。［副
淨］娘娘呵，【絡絲娘】雖則保奏他仙班再居，他卻還有癡情兒幾
許。只恐到仙宮，但孤處，願永証前盟夫婦。 ［貼］是兒好情癡也。
你且回本境，吾自有道理。［副淨］領法旨。 【尾聲】代將情事分明
訴，幸娘娘與他做主。早則看馬嵬坡少一個苦游魂，穩情取蓬萊山添
一員舊仙侶。 ［下］［貼］分付起駕，回璇璣宮去。［眾應引行介］
【仙呂入雙調過曲·金字段】【金字令】紅顏薄命，聽說真冤苦。黃泉
長恨，聽說多酸楚。更抱貞心，初盟不負。【三段子】悔深頓令真元
露，情堅煉出金丹固，只合登仙，把人天恨補。 往來朝謁蕊珠宮，趙
嘏 烏鵲橋成上界通。劉威 縱目下看浮世事，方千 君恩已斷盡成
空。盧弼 吳評：「此折前為密誓照應，後為奏複仙班張本。」 此折
原是過場，現以土地出場代訴，演出一出莊諧相間、生活氣息甚濃的
好戲，作為全本悲劇氣氛的調劑。 吳評：「首曲就本行驀寫，此曲從
呼喚猜疑先於空中著想，不遽見天孫，亦是元人作法，此文章善於步
虛處。」把唐室中興歸功於楊玉環的「為國捐軀」，這未免過分美化
了楊玉環，歪曲了歷史的本來面目。吳評：「為國捐軀，乃明皇飾
說，而幽冥亦作是論，何也？使當日依回不決，則六軍犯蹕，竟成傾
國，與褒妲無異，而有此一舉而軍心頓服，中興可期。唐人昧本事
詩，獨少陵『不聞夏殷衰，中自誅褒妲』最為得體，楊妃一死，雖謂
之再造也可。觀織女答語，即歸重明皇，作者之情可見，非以強詞曲
為回護也。」 《第卅四出 刺逆》 ［丑扮李豬兒太監帽、氈笠、箭
衣上］小小身材短短衣，高簷能走壁能飛。懷中匕首無人見，一皺眉
頭起殺機。自家李豬兒便是，從小在安祿山帳下。見俺人材俊俏，性
格聰明，就與兒子一般看待。一日祿山醉後，忽然現出豬首龍身，自
道是個豬龍，必有天子之分。因此把俺名字，就順口喚做豬兒。不想
他如今果然做了皇帝，卻寵愛著段夫人，要立他兒子慶恩為太子。眼
見這頂平天冠，不要說俺李豬兒沒福戴他，就是他長子大將軍慶緒，
也輪不到頭上了。因此大將軍心懷忿恨，與俺商量，要俺今夜入宮行
刺。唉，安祿山，安祿山，你受了唐天子那樣大恩，尚且興兵反叛，
休怪俺李豬兒今日反面無情也。［內打二更介］你聽，譙樓已打二
鼓，不免乘此夜靜，沿著宮牆前去走一遭也呵。［行介］ 【雙調二犯
江兒水】陰森夾道，行不盡陰森夾道，更深人靜悄。［內作鳥聲介］
怕驚飛宿鳥，［內作犬吠介］犬吠哰哰，禍機兒包貯好。［內打更
介］那邊巡軍來了，俺且閃在大樹邊，躲避一回。［躲介］［小生、
末、中淨、老旦扮四軍，巡更上］百萬軍中人四個，九重門外月三
更。［末］大哥每，你看那御河橋樹枝，為何這般亂動？［老］莫不
有甚奸細在仙。［中淨］這所在那得有奸細，想是柳樹成精了。［小
生］呸，你每不聽得風起麼？［眾］不要管，一路巡去就是了。［繞
場走下］［丑出行介］好唬人也。只見刁斗暗中敲，巡軍過禦橋。星
影雲飄，月影花搖，險些兒漏風聲難自保。一路行來，此處已近後
殿，不免跳過牆去。苑牆恁高，那怕他苑牆恁高，翻身一跳，［作跳
過介］已被俺翻身一跳。［內作樂介］你聽，恁般時候，還有笙歌之
聲。喜得宮中都是熟路，且自慢慢而去。等待他醉模糊把錦席拋。
［虛下］［淨作醉態，老旦、中淨、二宮女扶侍，二雜扮內侍、提燈
上］［郊］孤家醉了，到便殿中安息去罷。［雜引淨到介］［淨坐
介］［二雜先下］［淨］宮娥，段夫人可曾回宮。［老旦、中淨］回
宮去了。［淨］看茶來吃。［老旦、中淨應下］［淨作醒嘆介］唉，
孤家原不曾醉。只為打破長安之後，便想席卷中原。不料名路諸將，
連被郭子儀殺得大敗，心中好生著急。又因愛戀段夫人，酒色過度，
不但弄得孤家身子疲軟，連雙目都不見了。因此今夜假裝酒醉，令他
回宮，孤家自在便殿安寢，暫且將息一宵。［老旦、中淨捧茶上］皇
爺，茶在此。［淨作飲介］［內打三更介］［中淨］夜已三更，請皇
爺安寢罷。［淨］宮娥每，把殿門緊閉了。［老旦、中淨應作閉門
介］［淨睡介］［老旦、中淨坐地盹介，淨作驚介］為何今晚睡臥不
寧，只管肉飛眼跳。［叫介］宮娥，宮娥！［中淨驚醒介］想是皇爺
獨眠不慣，在那裡喚人哩。姐姐你去。［老旦］姐姐，還是你去。
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

ebookultra.com