1 – laboratoriya ishi tarmoq qurilmalarida dastlabki xavfsizlik sozlamalarini oʻrnatish ishdan maqsad

Download 87,09 Kb.
bet	11/20
Sana	28.01.2024
Hajmi	87,09 Kb.
	#147691

1 ... 7 8 9 10 11 12 13 14 ... 20

Bog'liq
Laboratoriya ishi tarmoq qurilmalarida dastlabki xavfsizlik-fayllar.org

Ishni bajarish tartibi

Topshiriq

2.4-rasmda keltirilgan tarmoq topologiyasini Cisco Packet
Tracer dasturida tuzish talab qilinadi;

Har bir kompyuter uchun IP manzilni sozlang va MAC
manzillarni 2.2-rasmda ko`rsatilgandek aniqlang;

Kommutatorning
har
bir
portlariga
xavfsizlik
ko`rsatkichlarini sozlang;

2.1-jadvalga yuqorida keltirilgan topshiriqlarni kiriting.

28
2.4-rasm. Tarmoq topologiyasi

2.1-jadval
Qurilma
IP-manzil
МАС-manzil
Interfeys
Port rejimlari
Laptop0
192.168.1.1
00E0.F902.D683
Fa0
n/a
Laptop1
192.168.1.2 000B.BE9B.EE4A
Fa0
n/a
Laptop2
192.168.1.3
00D0.5819.04E3
Fa0
n/a
Laptop3
192.168.1.4 0004.9AB9.DAC2
Fa0
n/a
Laptop4
192.168.1.5 00D0.BAC2.8C58
Fa0
n/a
Laptop5
192.168.1.6
0000.0C6E.01E0
Fa0
n/a
SW1
N/A
N/A
Fa0/1
sticky
SW1
N/A
N/A
Fa0/2
mac-address
00D0.5819.04E3
SW1
N/A
N/A
Fa0/3
violation protect
SW1
N/A
N/A
Fa0/5-24
Shutdown
SW2
N/A
N/A
Fa0/1
restrict
SW2
N/A
N/A
Fa0/2
restrict
SW2
N/A
N/A
Fa0/3
Protect
SW2
N/A
N/A
Fa0/4
maximum 4
Ishni bajarish tartibi
Switch>enable
Switch#configure terminal
Switch(config)#hostname Sw1
Sw1(config)#interface fa0/1
1. Portni access rejimiga o`zgartirish
Sw1(config-if)#switchport mode access

29
2. Portda port-securityni ishga tushurish

Sw1 (config-if)#switchport port-security
3. Secure-MAC ni dinamik aniqlashni ko`rsatish
Sw1 (config-if)#switchport port-security mac-address sticky
Sw1 (config-if)#exit
4. Secure-MAC ni statik aniqlashni ko`rsatish
Sw1(config)#interface fastEthernet 0/2
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport port-security
Sw1(config-if)#switchport port-security mac-address 000B.BE9B.EE4A
Sw1(config-if)#end
5. Xavfsizlik buzilishigi javob berish rejimini sozlash
Sw1(config)#interface fastEthernet 0/3
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport port-security
Sw1(config-if)#switchport port-security mac-address sticky
Sw1(config-if)#switchport port-security violation protect
Sw1(config-if)#end
6. Ishlatilmayotgan portlarni o`chirish
Sw1(config)#interface range fastEthernet 0/5-24
Sw1(config-if-range)#shutdown
7. Portda secure-MAC maksimal soni N ni ko`rsatish (Bu
buyruq Sw2 kommutatorga tavsiya etiladi)
Switch>enable
Switch#configure terminal
Switch(config)#hostname Sw2
Sw2(config)#interface fa0/4
Sw2(config-if)#switchport mode trunk
Sw2(config-if)#switchport port-security maximum 4
Sw2(config-if)#switchport port-security violation restrict

30
8. Natijani tekshirish

Switch#show port-security interface fa 0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0001.63B4.E4A6:1
Security Violation Count : 0
9. Sozlamalarni saqlash
Switch#copy running-config startup-config

Download 87,09 Kb.

1 ... 7 8 9 10 11 12 13 14 ... 20

Download 87,09 Kb.