Amaliy Topshiriq 1

1 – AMALIY ISH MAVZU: TARMOQ QURILMALARIDA DASTLABKI XAVFSIZLIK SOZLAMALARINI O’RNATISH-TELNET, SSH Ishdan maqsad : Kommutator qurilmasining tuzilishi, ishlash tamoyillari, masofadan kirishni ta’minlash usullari hamda xavfsizlik ko’rsatkichlarini sozlash qoidalarini tadqiq qilishdan iborat. Nazariy qism Cisco IOS qurilmalarining buyruqlar satri interfeysi (CLI- Command Line Interface) ga kirishning bir necha yo‘llari mavjud. Quyida eng keng tarqalgan usullar keltirilgan: – Console – Telnet yoki SSH – Port AUX Console port — Konsol porti Cisco qurilmasini sozlash uchun tashqaridan kirishni ta’minlaydigan boshqaruv portidir. Konsol portidan foydalanishning afzalligi shundan iboratki, qurilmaga tarmoq xizmatlarini konfiguratsiya qilmasdan ham kirish mumkin, masalan, tarmoq qurilmasining dastlabki konfiguratsiyasi holatida. Boshlang‘ich konfiguratsiya bajarilganda, kompyuterning maxsus kabeli (RS232) yordamida qurilmaning konsol portiga ulanadi va sozlash ishlari amalga oshiriladi. TELNET (terminal network) — tarmoq bo‘ylab qurilmalarga murojat qilish uchun mo‘ljallangan tarmoq protokoli. Protokolning zamonaviy standarti RFC 854 da yozilgan. TELNET protokolining vazifasi terminal qurilmalar o‘rtasida o‘zaro ishlashni ta’minlashdan iborat. Bu protokol terminal-terminal ko‘rinishdagi aloqada ishlatiladi. Protokol Secureshell (SSH) — bu protokol uzoqdagi qurilmalarni boshqarish uchun xavfsiz (shifrlangan) bog‘lanishni ta’minlaydi. Uzoqdagi qurilmalarni boshqarish uchun Telnet protokoli o‘rniga SSH protokolini qo‘llash tavsiya etiladi. Lokal tarmoqlarda Telnetni qisqa vaqt uchun ishlatish mumkin. Telnet eskirgan protokol hisoblanib, qurilmalar o‘rtasida ishlashda shifrlanmagan xavfsiz ma’lumot ko‘rinishiga o‘xshaganday identifikatsiya axborotlari (foydalanuvchi nomi va paroli) ham ochiq uzatiladi. SSH uzoqdagi qurilmalar bilan bog‘lanishda himoyani ta’minlaydi. Qurilmalarni autentifikatsiya (foydalanuvchi nomi va paroli) ma’lumotlarini ishonchli shifrlaydi. Shuningdek qurilmalar o‘rtasidagi uzatilayotgan ma’lumotlarni ham himoyalaydi. SSH TCPport 22 ni, Telnet TCP-port 23 ni ishlatadi. AUX-Buyruqlar satri interfeysi (CLI) seansini o‘rnatish uchun eskirgan usul hisoblanadi, u telefondagi dial-up bog‘lanishi yordamida routerning yordamchi portiga (AUX) ulanadi. Shu tarzda, konsol aloqasi yordamida, yordamchi usul ham tarmoqdan tashqari ulanishni ta’minlaydi va konfiguratsiya yoki tarmoq xizmatlarini talab qilmaydi. Agar tarmoq xizmatlarining ishlashi buzilgan bo‘lsa, masofadan boshqaruvchi kalit yoki routerga telefon liniyasidan kira oladi. Ishni bajarish tartibi Topologiyaga mos ravishda kabellarni ulang Cisco Pascet Tracer dasturida kompyuter va kommutator yordamida lokal tarmoq quring. (1.1-rasm). Jadvalga mos holda IP manzil beriladi. 1.1-Rasm. Lokal tarmoq sxemasi 1.1-Jadval. Manzillash jadvali Qurilma Interfeys Kommutator vlan1 IP-manzil Tarmoq maska Asosiy shlyuz 192.168.1.100 255.255.255.0 192.168.1.1 Admin Tarmoq adapteri 192.168.1.2 255.255.255.0 192.168.1.1 Kommutatorni dastlabki holatini tekshiring. Kommutatorni dastlabki xolati: IOS ma’lumotlari, interfeys xususiyatlari, VLAN va flesh – xotira to‘g‘risidagi ma’lumotlarni tekshiramiz. Kommutator IOS ning barcha buyruqlari imtiyoz rejimida bajarish mumkin. Imtiyoz rejimiga kirishda begonalarni qurilmadan foydalanishini oldini olish va global konfiguratsiya rejimiga to‘g‘ridan to‘g‘ri o‘tib ketmaslik hamda ishchi ko‘rsatkichlarni sozlash uchun ishlatiladigan buyruqlarga kirmaslik uchun parol yordamida cheklash kerak. Kommutatorga vlan interfeysiga ip manzil bog’lash uchun CLI oynasiga buyruqlar kiritadi (1.2-rasm): Switch>enable Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface vlan1 Switch(config-if)#ip address 192.168.1.1 255.255.255.0 Switch(config-if)#no shutdown 1.2 rasm. Kommutaroga vlan interfeysiga ip manzil kiritish Kommutatorda Telnet konfiguratsiyasini sozlash Kommutator telnet orqali kirishga ruxsat berishi uchun, ya’ni uzoqdan boshqarish uchun virtual bog‘lanish kanali (vty) ni sozlash kerak. Agar vty paroli qo‘yilmasa telnet orqali qurilmaga kirib bo‘lmaydi. Kommutator CLI oynasiga quyidagi buyruqlar kiritiladi va telnet sozlanadi. Switch(config)#line vty 0 15 Switch(config-line)#password 12345 Switch(config-line)#login Switch(config-line)#exit Switch(config)#enable password 12345 Switch(config)#end Switch# Admin kompyuteridan kommutatorga bog’lanish va masofadan boshqarish uchun kompyuter buyruqlar satrida “telnet 192.168.1.100” teriladi. Parol kiritishimizni talab qilganda parolni kiritamiz va Enter tugmasini bosamiz. Kommutatorga buyruq kirtishimizda ham parol so’raydi, parolni kiritamiz va Enterni bosamiz. 1.3-rasm. Admin kompyuteridan buyruqlar satri bilan kommutatorga bog’lanish SSH konfiguratsiyasini sozlash SSH protokolini sozlashdan oldin kommutatorda tugunning maxsus nomini va tarmoq ulanishining mos keluvchi ko`rsatkichlarini ko‘rsatish lozim. 1 – qadam. SSH protokolini borligini tekshirish SSH protokoli borligini bilish uchun show ip ssh buyrug‘i beriladi. Agar kommutatorda kriptografik funksiyani qo‘llab quvvatlovchi IOS bo‘lmasa, bu buyruq ishlamaydi. 2 – qadam. IP domenni sozlash Tarmoqning IP domenini global konfiguratsiya rejimida ip domain-name domen nomi yordamida ko‘rsating. 1.4-rasm. Lokal tarmoq qurish Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname tatu_sw1 tatu_sw1(config)#ip domain name tatu tatu_sw1(config)#crypto key generate rsa The name for the keys will be: tatu_sw1.tatu Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 512 % Generating 512 bit RSA keys, keys will be non-exportable...[OK] tatu_sw1(config)#ip ssh version 2 *мар 1 0:24:59.72: RSA key size needs to be at least 768 bits for ssh version 2 *мар 1 0:24:59.72: %SSH-5-ENABLED: SSH 1.5 has been enabled Please create RSA keys (of at least 768 bits size) to enable SSH v2. tatu_sw1(config)#line vty 0 tatu_sw1(config-line)#transport input ssh tatu_sw1(config-line)#username admin secret 12345 tatu_sw1(config)#line vty 0 tatu_sw1(config-line)#login local tatu_sw1(config-line)#do wr Building configuration... [OK] Tarmoq bog‘lanishni tekshiring To‘g‘ridan to‘g‘ri bog‘lanishni exo so‘rov jo‘natish orqali tekshiring. a. PC-A kompyuterdan kommutatorning SVI interfeysining administrativ manziligi exo so‘rov jo‘nating C:\Users\User1> ping 192.168.1.100 PC-A kompyuter S1 kommutatorning MAC manzilini ARP protokoli yordamida olishi kerak. Birinchi paket uzatmada kutish vaqti tugashi mumkin. Lekin exo – so‘rov amalga oshmasa, qurilmaning bazaviy sozlanishidagi nosozlikni tekshiring va sozlang. S1 kommutatorni uzoqdan boshqarishni tekshiring. 1.5 Rasm. CMD buyruqlar oynasida ssh protocol bilan kommutatorga ulanish Topshiriq 1.Cisco pascet tracer dasturida lokal tarmoq quring. (kompyuter, kommutator, kabel)  kommutatorning asosiy vlan interfeysi orqali ip manzil bering (bunda har bir talaba jurnaldagi tartib raqamini ip manzil yozadi, masalan 10 tartib raqamdagi talaba ip manzilni 192.168.1.10 deb yozadi)  kompyuter uchun IP- manzilni o‘rnating. Masalan 192.168.1.20  Telnet protokoli yordamida masofadan kirishni sozlang  telnet yordamida uzoqdan boshqarishni testlang  SSH protokoli yordamida masofadan kirishni sozlang  qurilmaning konfiguratsiyasini ko‘rsating  kommutatorning hozirgi konfiguratsiyasini saqlang. 2. Bajargan ishingizni hisobotini elektron faylini Hemis tizimiga yuklang Ishni bajarish tartibi 1. Cisco packet tracer dasturi ishga tushiriladi. 2. Laboratoriya ishi uchun cisco 2960 kommutatori, 2911 marshruzatori tanlanadi. 3. Quyida keltirilgan topologiya quriladi. 4. Qurilgan topologiya testlab ko`riladi. RIP protokoli 1. SWITCH_1ga quyidagi buyruqlar ketma ketligi kiritiladi. Switch>en Switch#conf t Switch(config)#int range fastEthernet 0/1-2 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 2 Switch(config)#int range fastEthernet 0/3-4 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 3 Switch(config)#int fastEthernet 0/5 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 2,3 Switch(config-if) do wr Switch(config)#end 2. ROUTER_1ga quyida buyruqlar ketma ketligi kiritiladi. continue with configuration dialog? [yes/no]: no Router>enable Router#conf t Router(config)#int gigabitEthernet 0/0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)# int gigabitEthernet 0/0.2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)# ip address 192.168.10.1 255.255.255.128 Router(config-subif)#exit Router(config)# int gigabitEthernet 0/0.3 Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)# ip address 192.168.20.129 255.255.255.192 Router(config-subif)#exit Router(config)# int gigabitEthernet 0/1 Router(config-if)#no shutdown Router(config-if)#ip address 10.10.10.1 255.255.255.252 Router(config-if)#exit Router(config)#ip dhcp pool t1 Router(dhcp-config)#network 192.168.10.0 255.255.255.128 Router(dhcp-config)#default-router r Router(dhcp-config)#default-router 192.168.10.1 Router(dhcp-config)#dns-server 8.8.8.8 Router(dhcp-config)#ip dhcp pool t2 Router(dhcp-config)#network 192.168.10.128 255.255.255.192 Router(dhcp-config)#default-router 192.168.10.129 Router(dhcp-config)#dns-server 8.8.8.8 Router(dhcp-config)#do wr Router(dhcp-config)#exit Router(config)#router rip Router(config-router)#version 2 Router(config-router)#network 10.10.10.0 Router(config-router)#network 192.168.10.0 Router(config-router)#network 192.168.10.128 Router(config-subif)#do wr Router(config-subif)#exit 3. SWITCH_2ga quyidagi buyruqlar ketma ketligi kiritiladi. Switch>en Switch#conf t Switch(config)#int range fastEthernet 0/1-2 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 2 Switch(config)#int range fastEthernet 0/3-4 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 3 Switch(config)#int fastEthernet 0/5 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 2,3 Switch(config-if) do wr Switch(config)#end 4. ROUTER_2ga quyida buyruqlar ketma ketligi kiritiladi. continue with configuration dialog? [yes/no]: no Router>enable Router#conf t Router(config)#interface gigabitEthernet 0/0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface gigabitEthernet 0/0.2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 192.168.20.65 255.255.255.240 Router(config-subif)#exit Router(config)#ip dhcp pool t11 Router(dhcp-config)#network 192.168.20.64 255.255.255.240 Router(dhcp-config)#default-router 192.168.20.65 Router(dhcp-config)#dns-server 8.8.4.4 Router(dhcp-config)#ip dhcp pool t22 Router(dhcp-config)#network 192.168.20.0 255.255.255.224 Router(dhcp-config)#default-router 192.16.20.1 Router(dhcp-config)#dns-server 8.8.4.4 Router(dhcp-config)#exit Router(config)#interface gigabitEthernet 0/1 Router(config-if)#no shutdown Router(config-if)#ip address 10.10.10.2 255.255.255.252 Router(config-if)#do wr Router(config-if)#exit Router(config)#interface gigabitEthernet 0/0.3 Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)#ip address 192.168.20.1 255.255.255.224 Router(config-subif)#do wr Router(config-subif)#exit Router(config)#router rip Router(config-router)#version 2 Router(config-router)#network 10.10.10.0 Router(config-router)#network 192.168.20.64 Router(config-router)#network 192.168.20.0 Router(config-router)#do wr Router(config-router)#exit 5.Qurilgan topologiyani testlab ko’rish. OSPF protokoli 1. SWITCH_1ga quyidagi buyruqlar ketma ketligi kiritiladi. Switch> Switch>en Switch#conf t Switch(config)#interface range fastEthernet 0/1-2 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 2 Switch(config-if-range)#exit Switch(config)#interface range fastEthernet 0/3-4 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 3 Switch(config-if-range)#exit Switch(config)#interface fastEthernet 0/5 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 2,3 Switch(config-if)#do wr Switch(config-if)#exit 2. ROUTER_1ga quyida buyruqlar ketma ketligi kiritiladi. continue with configuration dialog? [yes/no]: no Router>enable Router#conf t Router(config)#int gigabitEthernet 0/0 Router(config-if)#no shutdown Router(config-if)#exit Router(config-subif)#ip address 192.168.40.1 255.255.255.0 Router(config)#interface gigabitEthernet 0/1 Router(config-if)#no shutdown Router(config-if)#ip address 10.10.10.1 255.255.255.252 Router(config-if)#exit Router(config)#interface gigabitEthernet 0/2 Router(config-if)#no shutdown Router(config-if)#ip address 10.10.10.5 255.255.255.252 Router(config-if)#exit Router(config)#ip dhcp pool n1 Router(dhcp-config)#network 192.168.30.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.30.1 Router(dhcp-config)#dns-server 8.8.8.8 Router(dhcp-config)#exit Router(config)#ip dhcp pool n2 Router(dhcp-config)#network 192.168.40.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.40.1 Router(dhcp-config)#dns-server 8.8.4.4 Router(dhcp-config)#exit Router(config)# Router#conf t Router(config)#interface loopback 0 Router(config-if)#ip address 172.20.20.1 255.255.255.255 Router(config-if)#ex Router(config)#router ospf 1 Router(config-router)#network 192.168.30.0 0.0.0.255 area 0 Router(config-router)#network 192.168.40.0 0.0.0.255 area 0 Router(config-router)#network 10.10.10.0 0.0.0.3 area 0 Router(config-router)#network 10.10.10.4 0.0.0.3 area 0 Router(config-router)#end 3. SWITCH_2ga quyidagi buyruqlar ketma ketligi kiritiladi. Switch>enable Switch#conf t Switch(config)#interface range fastEthernet 0/1-2 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 2 Switch(config)#interface range fastEthernet 0/3-4 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 3 Switch(config-if-range)#exit Switch(config)#interface fastEthernet 0/5 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 2,3 1. 2. ROUTER_2ga quyida buyruqlar ketma ketligi kiritiladi. continue with configuration dialog? [yes/no]: no Router>enable Router>en Router#conf t Router(config)#interface gigabitEthernet 0/0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface gigabitEthernet 0/0.2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 192.168.50.1 255.255.255.0 Router(config-subif)#exit Router(config)#interface gigabitEthernet 0/0.3 Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)#ip address 192.168.60.1 255.255.255.0 Router(config-subif)#exit Router(config)#interface gigabitEthernet 0/1 Router(config-if)#no shutdown Router(config-if)#ip address 10.10.10.6 255.255.255.252 Router(config-if)#exit Router(config)#interface gigabitEthernet 0/2 Router(config-if)#no shutdown Router(config-if)#ip address 10.10.10.10 255.255.255.252 Router(config-if)#exit Router(config)#ip dhcp pool k1 Router(dhcp-config)#network 192.168.50.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.50.1 Router(dhcp-config)#dns-server 8.8.4.4 Router(dhcp-config)#exit Router(config)#ip dhcp pool k2 Router(dhcp-config)#network 192.168.60.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.60.1 Router(dhcp-config)#dns-server 8.5.2.3 Router#conf t Router(config)#interface loopback 0 Router(config-if)#ip address 172.20.20.1 255.255.255.255 Router(config-if)#exit Router(config)#router ospf 2 Router(config-router)#network 192.168.50.0 0.0.0.255 area 0 Router(config-router)#network 192.168.60.0 0.0.0.255 area 0 Router(config-router)#network 10.10.10.4 0.0.0.3 area 0 Router(config-router)#network 10.10.10.8 0.0.0.3 area 0 Router(config-router)#do wr SWITCH_3ga quyidagi buyruqlar ketma ketligi kiritiladi. Switch> Switch>EN Switch#CONF T Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#IN Switch(config)#INterface R Switch(config)#INterface Range F Switch(config)#INterface Range FastEthernet 0/1-2 Switch(config-if-range)#swi Switch(config-if-range)#switchport mo Switch(config-if-range)#switchport mode ac Switch(config-if-range)#switchport mode access Switch(config-if-range)#swi Switch(config-if-range)#switchport ac Switch(config-if-range)#switchport access vl Switch(config-if-range)#switchport access vlan 2 % Access VLAN does not exist. Creating vlan 2 Switch(config-if-range)#ex Switch(config-if-range)#exit Switch(config)#in Switch(config)#interface r Switch(config)#interface range f Switch(config)#interface range fastEthernet 0/3-4 Switch(config-if-range)#swi Switch(config-if-range)#switchport mo Switch(config-if-range)#switchport mode ac Switch(config-if-range)#switchport mode access Switch(config-if-range)#swi Switch(config-if-range)#switchport ac Switch(config-if-range)#switchport access vl Switch(config-if-range)#switchport access vlan 3 % Access VLAN does not exist. Creating vlan 3 Switch(config-if-range)#ex Switch(config-if-range)#exit Switch(config)#in Switch(config)#interface f Switch(config)#interface fastEthernet 0/5 Switch(config-if)#swi Switch(config-if)#switchport m Switch(config-if)#switchport mode t Switch(config-if)#switchport mode trunk Switch(config-if)#swi Switch(config-if)#switchport t Switch(config-if)#switchport trunk al Switch(config-if)#switchport trunk allowed vl Switch(config-if)#switchport trunk allowed vlan 2,3 Switch(config-if)#do wr Building configuration... [OK] Switch(config-if)# Switch(config-if)#ex Switch(config-if)#exit 3. ROUTER_3ga quyida buyruqlar ketma ketligi kiritiladi. continue with configuration dialog? [yes/no]: no Router>enable Router#conf t Router(config)#interface gigabitEthernet 0/0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface gigabitEthernet 0/0.2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 192.168.20.65 255.255.255.240 Router(config-subif)#exit Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 192.168.10.1 255.255.255.0 Router(config-subif)#exit Router(config)#interface gigabitEthernet 0/0.3 Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)#ip address 192.168.20.1 255.255.255.0 Router(config-subif)#exit Router(config)#interface gigabitEthernet 0/1 Router(config-if)#no shutdown Router(config-if)#ip address 10.10.10.2 255.255.255.252 Router(config-if)#exit Router(config)#interface gigabitEthernet 0/2 Router(config-if)#no shutdown Router(config-if)#ip address 10.10.10.9 255.255.255.252 Router(config-if)#exit Router(config)#ip dhcp pool t1 Router(dhcp-config)#network 192.168.10.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.10.1 Router(dhcp-config)#dns-server 8.8.8.8 Router(dhcp-config)#exit Router(config)#ip dhcp pool t2 Router(dhcp-config)#network 192.168.20.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.20.1 Router(dhcp-config)#dns-server 8.8.4.4 Router(dhcp-config)#do wr Router(dhcp-config)#exit Router>enable Router#conf t Router(config)#interface l Router(config)#interface loopback 0 Router(config-if)#ip address 172.20.20.1 255.255.255.255 Router(config-if)#exit Router(config)#router ospf 3 Router(config-router)#network 192.168.10.0 0.0.0.255 area 0 Router(config-router)#network 192.168.20.0 0.0.0.255 area 0 Router(config-router)#network 10.10.10.0 0.0.0.3 area 0 Router(config-router)#network 10.10.10.8 0.0.0.3 area 0 Router(config-router)#end Router#5. Qurilgan topologiyani testlab ko’rish.

Amaliy Topshiriq 1

Products

Support

Amaliy Topshiriq 1

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib