№2 laboratoriya ishi kommutatorda port xavfsizligi

Download 121,59 Kb.
bet	4/4
Sana	27.05.2024
Hajmi	121,59 Kb.
	#254696

1 2 3 4

Bog'liq
2-amaliy ish u

Ishni bajarish tartibi
Secure-MAC ni dinamik aniqlashni ko`rsatish
Natijani tekshirish
Sozlamalarni saqlash

Topshiriq

2.4-rasmda keltirilgan tarmoq topologiyasini Cisco Packet Tracer dasturida tuzish talab qilinadi;
Har bir kompyuter uchun IP manzilni sozlang va MAC manzillarni 2.2- rasmda ko`rsatilgandek aniqlang;
Kommutatorning har bir portlariga xavfsizlik ko`rsatkichlarini sozlang;
2.1-jadvalga yuqorida keltirilgan topshiriqlarni kiriting.

2.4-rasm. Tarmoq topologiyasi.

2.1-jadval

Qurilma	IP-manzil	МАС-manzil	Interfeys	Port rejimlari
Laptop0	192.168.1.1	00E0.F902.D683	Fa0	n/a
Laptop1	192.168.1.2	000B.BE9B.EE4A	Fa0	n/a
Laptop2	192.168.1.3	00D0.5819.04E3	Fa0	n/a
Laptop3	192.168.1.4	0004.9AB9.DAC2	Fa0	n/a
Laptop4	192.168.1.5	00D0.BAC2.8C58	Fa0	n/a
Laptop5	192.168.1.6	0000.0C6E.01E0	Fa0	n/a
SW1	N/A	N/A	Fa0/1	sticky
SW1	N/A	N/A	Fa0/2	mac-address 00D0.5819.04E3
SW1	N/A	N/A	Fa0/3	violation protect
SW1	N/A	N/A	Fa0/5-24	Shutdown
SW2	N/A	N/A	Fa0/1	restrict
SW2	N/A	N/A	Fa0/2	restrict
SW2	N/A	N/A	Fa0/3	Protect
SW2	N/A	N/A	Fa0/4	maximum 4

Ishni bajarish tartibi

Switch>enable
Switch#configure terminal Switch(config)#hostname Sw1 Sw1(config)#interface fa0/1

Portni access rejimiga o`zgartirish

Sw1(config-if)#switchport mode access

Portda port-securityni ishga tushurish

Sw1 (config-if)#switchport port-security

Secure-MAC ni dinamik aniqlashni ko`rsatish

Sw1 (config-if)#switchport port-security mac-address sticky Sw1 (config-if)#exit

Secure-MAC ni statik aniqlashni ko`rsatish Sw1(config)#interface fastEthernet 0/2 Sw1(config-if)#switchport mode access Sw1(config-if)#switchport port-security

Sw1(config-if)#switchport port-security mac-address 000B.BE9B.EE4A Sw1(config-if)#end

Xavfsizlik buzilishigi javob berish rejimini sozlash Sw1(config)#interface fastEthernet 0/3 Sw1(config-if)#switchport mode access Sw1(config-if)#switchport port-security

Sw1(config-if)#switchport port-security mac-address sticky Sw1(config-if)#switchport port-security violation protect Sw1(config-if)#end

Ishlatilmayotgan portlarni o`chirish Sw1(config)#interface range fastEthernet 0/5-24 Sw1(config-if-range)#shutdown
Portda secure-MAC maksimal soni N ni ko`rsatish (Bu buyruq Sw2 kommutatorga tavsiya etiladi)

Switch>enable Switch#configure terminal Switch(config)#hostname Sw2 Sw2(config)#interface fa0/4
Sw2(config-if)#switchport mode trunk
Sw2(config-if)#switchport port-security maximum 4 Sw1(config-if)#switchport port-security violation restrict

Natijani tekshirish

Switch#show port-security interface fa 0/1 Port Security : Enabled
Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1
Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0
Last Source Address:Vlan : 0001.63B4.E4A6:1 Security Violation Count : 0

Sozlamalarni saqlash

Switch#copy running-config startup-config

Topshiriq

Har bir talaba yuqorida keltirilgan ma’lumotlar bo`yicha Cisco Packet tracer muhitida laboratoriya ishini bajaradi.

Nazorat savollari

MAC-manzil bu nima va qurilmalarda qanday aniqlanadi?
Kommutatorda port xavfsizligi funksiyasini nima uchun ishlatiladi?
Secure-MAC maksimal sonini N qaysi holatlarda ishlatiladi?
Port security asosiy atributalari keltiring.
Kommutatorning xavfsizligini ta`minlashning yana qanday chorlarini bilasiz ?

Download 121,59 Kb.

1 2 3 4

Download 121,59 Kb.

№2 laboratoriya ishi kommutatorda port xavfsizligi

Ishni bajarish tartibi

Portni access rejimiga o`zgartirish

Portda port-securityni ishga tushurish

Secure-MAC ni dinamik aniqlashni ko`rsatish

Natijani tekshirish

Sozlamalarni saqlash

Topshiriq

Nazorat savollari

№2 laboratoriya ishi kommutatorda port xavfsizligi