“tarmoq xavfsizligi”




Download 10,58 Mb.
bet129/144
Sana20.05.2024
Hajmi10,58 Mb.
#245858
1   ...   125   126   127   128   129   130   131   132   ...   144
Bog'liq
“tarmoq xavfsizligi”

Ishni bajarish tartibi

  1. Cisco packet tracer dasturi ishga tushiriladi.

  2. Laboratoriya ishi uchun bizga 2911 versiyadagi router, 2960 switch va kompyuterlar kerak bo’ladi.

  3. Quyida keltirilgan topologiya quriladi.

  4. Qurilgan topologiya testlab ko`riladi.


17.2-rasm. Tadqiq etilayotgan tarmoq topologiyasi
SWITCH ga kiritiladigan komandalar.
Switch>en
Switch#conf t
Switch(config)#interface range fastEthernet 0/1-4
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#ex
Switch(config)#interface range fastEthernet 0/5-8
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#ex
Switch(config)#interface fastEthernet 0/9
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan 10
Switch(config-if)#do wr
ROUTER ga kiritiladigan komandalar.
Router>en
Router#conf t
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#no shutdown
Router(config-if)#ex
Router(config)#interface gigabitEthernet 0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#ex
Router(config)#interface gigabitEthernet 0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 192.168.20.1 255.255.255.0
Router(config-subif)#ex
Router(config)#ip dhcp pool t1
Router(dhcp-config)#network 192.168.10.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.10.1
Router(dhcp-config)#ex
Router(config)#ip dhcp pool t2
Router(dhcp-config)#network 192.168.20.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.20.1
Router(dhcp-config)#do wr

Qurilgan topologiyani sozlashda xatolikka yo’l qo’yilgan. Ushbu xatolik qayerda sodir bo’lganligini toppish uchun har bir vlandagi bitta hostga static IP address va qolgan hostlarga dinamik IP address berib chiqish kerak.



17.3-rasm. Vlan 10 va Vlan 20 dagi hostlarga static IP address berish

17.4-rasm. Vlan 10 dagi hostlar dinamik IP addresslarni sozlash

17.5-rasm. Vlan 10 dagi hostlar dinamik IP address berish
Yuqoridagi rasmlardan ko’rish mumkinki(17.3 va 17.4-rasmlar). Vlan 10 dagi hostlar ip address olgan lekin vlan 20 dagi hostlar ip address olmagan. Demak, vlan 20 nima uchun ip address olmaganligini aniqlab ushbu xatolikni bartaraf etishimiz kerak.
Komutator va marshrutizator qurilmalarida muammolarni aniqlash uchun quyidagi buyruqlardan foydalaniladi:

  • Komutator uchun:

Show vlan – vlanlarni ko’rish
Show vlan brief-
Show interface trunk-
Show ip arp-
Show mac-address-table-
Show ip interface brief show interface fastEthernet 0/1…

  • Marshrutizator uchun:

Show ip arp-
Show dhcp lease-
Show ip dhcp pool-
Show ip dhcp binding-…

17.6-rasm. Show vlan
17.6-rasmdan Vlanlarda muammo yo’qligini ko’rish mumkin.



17.7-rasm. Show interface trunk
17.7-rasmdan muammo interfaceda ekanligini ko’rish mumkin. Vlanlarni trunk portlarga biriktirishda vlan 20 biriktirilmasdan qolib ketgan shuning uchun vlan 20 dagi hostlarda dhcp xizmati ishlamagan. Topilgan muammo quyidagicha bartaraf etiladi:
Switch#
Switch#conf t
Switch(config)#interface fastEthernet 0/9
Switch(config-if)#switchport trunk allowed vlan add 20
Switch(config-if)#
Muammo bartaraf etilganligini testlab ko’rish kerak(17.7-rasm)

17.8-rasm Testlash natijalari

Download 10,58 Mb.
1   ...   125   126   127   128   129   130   131   132   ...   144




Download 10,58 Mb.