- No category
Tarmoq Xavfsizligi Topshiriqlari Muddati
advertisement
Kompyuter injiniringi va sun’iy intelekt fakulteti 611 22 - guruh talabasi Turg’unboyev Nazrulloning Tarmoq xavfsizligi fani Deadline topshiriqlari 1-5 topshiriqlar 1-topshiriq TARMOQ QURILMALARIDA DASTLABKI XAVFSIZLIK SOZLAMALARINI O’RNATISH-TELNET, SSH Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname tatu_sw1 tatu_sw1(config)#ip domain name tatu tatu_sw1(config)#crypto key generate rsa The name for the keys will be: tatu_sw1.tatu Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 512 % Generating 512 bit RSA keys, keys will be non-exportable...[OK] tatu_sw1(config)#ip ssh version 2 *мар 1 0:24:59.72: RSA key size needs to be at least 768 bits for ssh version 2 *мар 1 0:24:59.72: %SSH-5-ENABLED: SSH 1.5 has been enabled Please create RSA keys (of at least 768 bits size) to enable SSH v2. tatu_sw1(config)#line vty 0 tatu_sw1(config-line)#transport input ssh tatu_sw1(config-line)#username admin secret 12345 tatu_sw1(config)#line vty 0 tatu_sw1(config-line)#login local tatu_sw1(config-line)#do wr Building configuration... [OK] Xulosa Men ushbu amaliy ish davomida tarmoq qurilmalarida dastlabki xavfsizlik sozlamalarini o‘rnatish jarayonini to‘liq bajardim va bunda ayniqsa Telnet hamda SSH protokollari orqali masofaviy boshqaruvni tashkil etish usullarini chuqur o‘rgandim avvalo routerning host nomi va domen nomi belgilandi keyin foydalanuvchi uchun login va parol yaratildi Telnet protokoli yordamida masofadan ulanish sozlandi va unga xavfsizlikni ta’minlash uchun parol bilan kirish imkoniyati berildi keyinchalik SSH protokolini sozlab RSA kalit generatsiya qilindi va transport input ssh komandasidan foydalanib yanada xavfsiz aloqa kanali yaratildi bu bilan tarmoq qurilmasiga faqat shifrlangan kanal orqali ulanishga ruxsat berildi yakunda ushbu sozlamalar yordamida tarmoq xavfsizligini ta’minlashning dastlabki bosqichlari qanday amalga oshirilishini amaliyotda ko‘rib chiqdim va tarmoqni noxush holatlardan himoya qilish uchun qanday choralar ko‘rilishi lozimligini o‘rgandim bu amaliyot orqali men masofaviy boshqaruvda xavfsizlikning o‘rni naqadar muhimligini tushunib yetdim va nazariy bilimlarimni mustahkamladim 2-topshiriq KOMMUTATORDA PORT XAVFSIZLIGI (PORT SECURITY)NI SOZLASH Switch>enable Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface range fastethernet 0/3-24 Switch(config-if-range)#shutdown Switch(config)#interface range fastethernet 0/3-24 Switch(config-if-range)# no shutdown Switch>enable Switch#conf t Switch(config)#int range f0/1-2 switch(config-if-range)# switchport mode access switch(config-if-range)#)# switchport port-security switch(config-if-range)#do show port-security interface f0/2 Xulosa Amaliyot davomida men Cisco switch orqali ba'zi asosiy konfiguratsiyalarni bajarishni o'rgandim. Ushbu kodlar yordamida switch interfeyslarini sozlash va xavfsizlikni ta'minlash jarayonlarini amalda sinab ko'rdim. Ushbu amaliyot orqali men Cisco switchda interfeyslar va port xavfsizligini sozlashni o‘rgandim. Tarmoq xavfsizligini ta'minlash uchun port security konfiguratsiyasini amalga oshirish va portlarni boshqarish juda muhim. Bu jarayonlar, ayniqsa korxona tarmoqlarida xavfsizlikni oshirish va tarmoqning samarali ishlashini ta'minlashda muhim rol o'ynaydi. 3-topshiriq REZERVLASH PROTOKOLLARI - STP, PVSTP VA AGREGATSIYALASH PROTOKOLLARI - LACP, PAGP NI SOZLASH. Sw1 da EtherChannel sozlash: sw1(config)# interface range f0/11-14 sw1(config-if-range)# shutdown sw1(config-if-range)# channel-group 1 mode active Creating a port-channel interface Port-channel 1 Sw2 da EtherChannel sozlash: sw2(config)# interface range f0/11-14 sw2(config-if-range)# channel-group 1 mode passive Creating a port-channel interface Port-channel 1 sw1 ga jismoniy interfeyslarni ulash: sw1(config)# interface range f0/11-14 sw1(config-if-range)# no shutdown Etherchannel to`g`risida axborotlar sw2 port-channel to`g`risida axborotlar: sw1#show etherchannel port-channel Xulosa Mazkur amaliy ish davomida men tarmoqda rezervlash protokollari hisoblangan STP va PVSTP hamda agregatsiyalash protokollari bo‘lgan LACP va PAgP ni sozlash usullarini o‘rgandim ayniqsa EtherChannel texnologiyasini qo‘llash orqali bir nechta jismoniy interfeyslarni yagona mantiqiy kanalga birlashtirish va tarmoq samaradorligini oshirish imkoniyatlarini sinovdan o‘tkazdim ushbu jarayonda SW1 da f0/11 dan f0/14 gacha bo‘lgan interfeyslar tanlanib channel-group 1 mode active buyrug‘i orqali LACP faol rejimda ishga tushirildi keyin ushbu interfeyslar no shutdown buyrug‘i bilan ishga tushirildi SW2 da esa xuddi shu portlar tanlanib channel-group 1 mode passive yordamida passiv rejimda sozlandi va port-channel avtomatik tarzda hosil bo‘ldi yakunda show etherchannel port-channel buyrug‘i orqali EtherChannel holati muvaffaqiyatli tashkil etilgani tasdiqlandi bu orqali men tarmoqda ortiqcha yuklamani kamaytirish zaxira aloqa yo‘llarini yaratish va tarmoq uzluksizligini ta’minlash bo‘yicha amaliy ko‘nikmaga ega bo‘ldim 4-topshiriq VTP PROTOKOLINI SOZLASH Switch>enable Switch#conf terminal Switch(config)#hostname Sw1 Sw1(config)#vlan 10 Sw1(config-vlan)#name bugalteriya Sw1(config-vlan)#exit Sw1(config)#vlan 20 Sw1(config-vlan)#name student Sw1(config-vlan)#exit Sw1(config)#vlan 30 Sw1(config-vlan)#name dekanat Sw1(config-vlan)#exit Switch>enable Switch#conf terminal Switch(config)#hostname Sw2 Sw2(config)#vlan 10 Sw2(config-vlan)#name bugalteriya Sw2(config-vlan)#exit Sw2(config)#vlan 20 Sw2(config-vlan)#name student Sw2(config-vlan)#exit Sw2(config)#vlan 30 Sw2(config-vlan)#name dekanat Sw2(config-vlan)#exit Xulosa Men ushbu amaliy ish davomida VTP protokolini sozlash bo‘yicha zarur bo‘lgan bilim va ko‘nikmalarga ega bo‘ldim VTP yordamida VLAN ma’lumotlarini markaziy tarzda boshqarish va ularni boshqa switchlarga avtomatik tarqatish imkoniyatini o‘rgandim amaliyotda birinchi navbatda asosiy switchda VTP server rejimi sozlandi va unga VTP domen nomi hamda maxfiy parol berildi so‘ngra qolgan switchlarda VTP client rejimi ishga tushirildi hamda ular serverdagi domen nomi va maxfiy parol bilan bir xil tarzda sozlandi barcha qurilmalarda trunk portlar to‘g‘ri aniqlanib yoqildi va shu orqali VLAN ma’lumotlari avtomatik ravishda boshqa switchlarga uzatildi amaliyot yakunida show vtp status va show vlan brief kabi buyruqlar orqali sozlashlar muvaffaqiyatli bajarilganini ko‘rdim bu tajriba orqali men VTP protokoli yordamida tarmoq boshqaruvini soddalashtirish va samaradorlikni oshirish bo‘yicha muhim amaliy ko‘nikmaga ega bo‘ldim 5-topshiriq OSPF, RIP, EIGRP VA BGP PROTOKOLLARI ASOSIDA DINAMIK MARSHRUTLASHNI SOZLASH Router(config)#router rip Router(config-router)#network 10.0.0.0 Router(config-router)#network 11.0.0.0 Router(config-router)#network 12.0.0.0 Router(config-router)#network 192.168.2.0 Router(config-router)#network 192.168.3.0 Router(config-router)# Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router rip Router(config-router)#network 10.0.0.0 Router(config-router)#network 11.0.0.0 Router(config-router)#network 12.0.0.0 Router(config-router)#network 192.168.1.0 Router(config-router)#network 192.168.3.0 Router(config-router)# Router(config-router)#end Router>enable Router# Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface GigabitEthernet0/0/2 Router(config-if)# Router(config-if)#exit Router(config)#router rip Router(config-router)#network 10.0.0.0 Router(config-router)#network 11.0.0.0 Router(config-router)#network 12.0.0.0 Router(config-router)#network 192.168.1.0 Router(config-router)#network 192.168.2.0 Router(config-router)# Router(config-router)#end Xulosa Men ushbu amaliyot davomida OSPF RIP EIGRP va BGP kabi dinamik marshrutlash protokollarini sozlash jarayonlarini o‘rgandim va ularni amaliyotda qo‘llab ko‘rdim avval har bir routerda interfeyslarga IP manzillar biriktirildi va ular orqali marshrutlash imkoniyati yaratildi keyinchalik RIP protokoli yordamida kichik tarmoqlar o‘rtasida oddiy marshrutlash amalga oshirildi RIP protokolining asosiy xususiyati bu marshrut masofasini hop soni orqali aniqlashi ekanligini tushundim keyin OSPF protokolini sozlab uning holatida marshrutlashni area asosida tashkil qilish va tezroq konsvergentsiyaga erishish imkoniyatiga ega ekanligini amalda ko‘rdim EIGRP esa Cisco qurilmalariga xos bo‘lgan va bandwith delay kabi metrikalarni hisobga oluvchi samarali protokol sifatida sozlandi va sinovdan o‘tkazildi oxirida esa BGP protokoli orqali keng miqyosli marshrutlash ya’ni avtonom tizimlar orasidagi aloqalarni tashkil etish tajribasiga ega bo‘ldim ushbu marshrutlash protokollarini sozlash orqali men marshrutlashning samarali ishlashi ma’lumotlar yo‘nalishini avtomatik tarzda boshqarish va tarmoqda uzluksiz aloqa ta’minlash kabi amaliy ko‘nikmalarni mustahkamlab oldim
0
advertisement
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users