|
topshiriq bo`yicha laboratoriya ishini bajarish tartibi
|
| bet | 86/144 | | Sana | 20.05.2024 | | Hajmi | 10,58 Mb. | | #245858 |
Bog'liq “tarmoq xavfsizligi”1 topshiriq bo`yicha laboratoriya ishini bajarish tartibi
5.2-rasmda ko`rsatilgan topologiya bo`yicha Sw1, Sw2 kommutatorlar uchun asosiy konfiguratsiyalarni sozlang.
5.2-rasm. VLAN tarmog`i asosida tuzilgan tarmoq topologiyasi
5.1-jadval
Qurilma
|
IP-manzil
|
Gateway
|
VLAN ID
|
Interface
|
Port rejimlari
|
Laptop0
|
192.168.10.1
|
192.168.10.254
|
vlan 10
|
Fa0/1
|
Access
|
Laptop1
|
192.168.10.2
|
192.168.10.254
|
vlan 10
|
Fa0/2
|
Access
|
Laptop2
|
192.168.30.1
|
192.168.30.254
|
vlan 30
|
Fa0/5
|
Access
|
Laptop3
|
192.168.30.2
|
192.168.30.254
|
vlan 30
|
Fa0/6
|
Access
|
Laptop4
|
192.168.20.1
|
192.168.20.254
|
vlan 20
|
Fa0/3
|
Access
|
Laptop5
|
192.168.20.2
|
192.168.20.254
|
vlan 20
|
Fa0/4
|
Access
|
Laptop6
|
192.168.10.3
|
192.168.10.254
|
vlan 10
|
Fa0/1
|
Access
|
Laptop7
|
192.168.10.4
|
192.168.10.254
|
vlan 10
|
Fa0/2
|
Access
|
Laptop8
|
192.168.20.3
|
192.168.20.254
|
vlan 20
|
Fa0/3
|
Access
|
Laptop9
|
192.168.20.4
|
192.168.20.254
|
vlan 20
|
Fa0/4
|
Access
|
Laptop10
|
192.168.30.3
|
192.168.30.254
|
vlan 30
|
Fa0/5
|
Access
|
Laptop11
|
192.168.30.4
|
192.168.30.254
|
vlan 30
|
Fa0/6
|
Access
|
SW1
|
-
|
-
|
Vlan 10,20,30
|
Fa0/7
|
Trunk
|
SW2
|
-
|
-
|
Vlan 10,20,30
|
Fa0/7
|
Trunk
|
Sw1 va Sw2 kommutatorlarda VLAN (10, 20, 30) yaratish va unga mos ravishda nom berilishi (bugalteriya, student, dekanat).
Switch>enable
Switch#conf terminal
Switch(config)#hostname Sw1
Sw1(config)#vlan 10
Sw1(config-vlan)#name bugalteriya
Sw1(config-vlan)#exit
Sw1(config)#vlan 20
Sw1(config-vlan)#name student
Sw1(config-vlan)#exit
Sw1(config)#vlan 30
Sw1(config-vlan)#name dekanat
Sw1(config-vlan)#exit
Switch>enable
Switch#conf terminal
Switch(config)#hostname Sw2
Sw2(config)#vlan 10
Sw2(config-vlan)#name bugalteriya
Sw2(config-vlan)#exit
Sw2(config)#vlan 20
Sw2(config-vlan)#name student
Sw2(config-vlan)#exit
Sw2(config)#vlan 30
Sw2(config-vlan)#name dekanat
Sw2(config-vlan)#exit
Switch da yaratilgan Vlanlarni ko`rish
Kommutator portlarini Vlan ID larga biriktirish
Sw1(config)#interface fastEthernet 0/1
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 10
Sw1(config-if)#exit
Sw1(config)#interface fastEthernet 0/2
Sw1(config)#interface fastEthernet 0/3
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 20
Sw1(config-if)#exit
Sw1(config)#interface fastEthernet 0/4
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 20
Sw1(config-if)#exit
Sw1(config)#interface fastEthernet 0/5
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 30
Sw1(config-if)#exit
Sw1(config)#interface fastEthernet 0/6
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 30
Sw1(config-if)#exit
Sw2(config)#interface fastEthernet 0/1
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 10
Sw2(config-if)#exit
Sw2(config)#interface fastEthernet 0/2
Sw2(config)#interface fastEthernet 0/3
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 20
Sw2(config-if)#exit
Sw2(config)#interface fastEthernet 0/4
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 20
Sw2(config-if)#exit
Sw2(config)#interface fastEthernet 0/5
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 30
Sw2(config-if)#exit
Sw2(config)#interface fastEthernet 0/6
Sw2(config-if)#switchport mode access
Sw2(config-if)#switchport access vlan 30
Sw2(config-if)#exit
Sw1 va Sw2 kommutatorlar o`rtasida trunk rejimini sozlash va magistral liniya bo`yicha aniq VLAN ID ta’yinlash.
Sw1(config)#interface fastEthernet 0/7
Sw1(config-if)#switchport mode trunk
Sw1(config-if)#switchport trunk allowed vlan 10,20,30
Sw1(config-if)#end
Sw1#show running-config
Yuqorida keltirilgan buyruq bitta kommutatorga sozlansa yetarli boladi, sababi 2 chi kommutator 1 chi kommutatorga ulangan interfeysini (fa0/7) avtomatik trank rejimini o`tkazadi
VLAN lar o‘rtasida marshrutizatsiyani sozlash
Lokal tarmoqda yaratilgan VLAN lar o‘rtasida marshrutizatsiyani sozlashning 3 xil usuli mavjud:
Demonstrating the legacy inter-VLAN routing.
Router-on-a-Stick
Switch Based Inter Vlan Routing
Bu laboratoriya ishida VLAN lar o‘rtasida marshrutizatsiyani Router-on-a-stick (ROS) usulidan foydalanamiz.
5.3-rasm. VLAN o‘rtasida marshrutizatsiyalashning ROS usuli
Sw1(config)#interface fastEthernet 0/8
Sw1(config-if)#switchport mode trunk
Router>enable
Router#conf t
Router(config)#interface fastEthernet 0/1
Router(config-if)#no shutdown
Router(config)#interface fastEthernet 0/1.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.10.254 255.255.255.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/1.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 192.168.20.254 255.255.255.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/1.30
Router(config-subif)#encapsulation dot1Q 30
Router(config-subif)#ip address 192.168.30.254 255.255.255.0
Router(config-subif)#exit
2 - topshiriq bo`yicha qisqacha nazariy ma’lumot
VTP (ingliz. VLAN Trunking Protocol) - lokal hisoblash tarmog`i protokoli bo`lib, tanlangan trank portda VLAN haqida axborot almashish uchun xizmat qiladi. VTP – vlan larni dinamik tarzda sinxronizatsiyalash uchun ishlatiladi;
3 xil rejimi mavjud:
1.Client – VLAN larni o`zgartirish, o`chirish, yaratish mumkin emas;
2.Transparent – bunda, switch da sinxronizatsiya amalga oshirilmaydi, switch faqat o`tkazuvchi vazifasini bajaradi;
3. Server – VLAN bilan istalgan funktsiyalarni bajarish mumkin;
Vtp serverda vlan yaratiladi Clientlar avtomatik serverda yaratilgan VLAN larni qabul qiladi. Xavfsizlik ta ‘minlash maqsadida bu protokolda Client switch vlan yarata olmaydi, faqat foydalanuvchilarni o`zlariga biriktira oladi. Tarmoqda qandaydir o’zgarish yuz bersa (masalan yangi vlan qo`shilishi yoki olib tashlash) faqat VTP server orqali amalga oshiriladi.
VTP-da uchta xabar turi mavjud:
1. Advertisement requests
Summary Advertisement Alert uchun mijozdan serverga so'rov taqdim etadi
2. Summary advertisements
Ushbu standart xabar server har 5 daqiqada yoki konfiguratsiyani o'zgartirgandan so'ng darhol yuboradi.
3. Subset advertisements
VLAN konfiguratsiyasini o'zgartirgandan so'ng, shuningdek, ogohlantirish so'rovidan keyin darhol yuboriladi.
VLAN ma'lumotlar bazasining yangi versiyasi serverdan olgan mijoz uni boshqa barcha trank portlarga uzatadi, agar uning orqasida yana VTP Client lari va VTP Transparent lari bo`lsa, ular ham ushbu yangilanishlarni oladi.
VTP protokolining bazaviy sozlamasi
switch(config)#vtp mode - bu yerda kerakli rejim tanlanadi: server, client, transparent yoki off.
Protokol versiyasi tanlanadi:
Switch(config)# vtp version 2
Domen va parol kiritiladi:
Switch(config)# vtp domain - domen nomi
Switch(config)# vtp password parol [hidden | secret]
Kerakli rejimga o‘tiladi:
Switch(config)# vtp mode server | client | transparent | off
Yuqoridagi buyruqlardan so‘ng VTP yoqiladi, biroq, zarur vaqtda uni ma’lum bir interfeyslarda o‘chirib qo‘yish ham mumkin:
Switch(config-if) # no vtp
Protokol sozlamalarini ko‘rish uchun quyidagi buyruqlarni kiritish kerak:
Switch# show vtp status
Switch# show vtp devices
Switch# show vtp interface
|
| |
