|
Toshkent axborot texnologiyalari universiteti urganch filiali
| | bet | 13/17 | | Sana | 20.11.2023 | | Hajmi | 4,05 Mb. | | #102276 |
Bog'liq KT tajriba (2)Ishning bajarilishi
Standart ulanishlar ro’yxatini tuzamiz, unda comp3 va comp4 larga hostlarni bloklash qoidalarini joriy qilamiz va shu ro’yxatni Fa0/0 interfeys chiqishiga joriy qilamiz. Router konfiguratsiyasiga kiring:
Router1>en
Router1#conf t
Standart ulanishlar ro’yxatini tuzamiz va ulanish qoidalarini beramiz:
Router1(config)#ip access-list standard 10
Router1(config-std-nacl)#deny host 12.0.0.13
Router1(config-std-nacl)#deny host 12.0.0.14
Router1(config-std-nacl)#permit any
Bu orqali quyidagi manzillardan tashqari barcha trafikka ruxsat ochdik: 12.0.0.13 va
12.0.0.14.
Yaratilgan ro’yhatni tekshiramiz, buning uchun router konfiguratsiyalsh rejimidan chiqish va buyruqni kiritish lozim:
Router1#sh access-list
Standard IP access list 10 deny host 12.0.0.13 deny host 12.0.0.14 permit any
Router1#
Yaratilgan ro’yhatni Fa0/0 interfeys chiqishi uchun joriy qilamiz:
Router1#
Router1#conf t
Router1(config)#interface fa0/0
Router1(config-if)#ip access-group 10 out
Ro’yxat 11.0.0.0 interfeysi uchun joriy qilinganligi uchun quyidagiga ega bo’ldik:
-
Routerga 11.0.0.0 tarmog’idan kiruvchi paketlar 12.0.0.13 va 12.0.0.14 adreslariga jo’natilmaydi ya’ni bloklanadi;
-
Tarmoq 11.0.0.0ga router orqali kirayotgan paketlarga hech qanday cheklovlar yo’q, faqat 12.0.0.13 va 12.0.0.14 manzillari 11.0.0.0 ga kirishga ruxsati yo’q.
Konfiguratsiyani tekshiramiz:
Router1(config-if)#exit
Router1(config)#exit
Router1#
Router1#sh running-config
Bunda roter konfiguratsiyasi shu jumladan dostuplar ro’yhatining interfeyslarga joriy qilinganligini ham ko’rish mumkin.
interface FastEthernet0/0
ip address 11.0.0.1 255.0.0.0 ip access-group 10 out duplex auto
speed auto
Natijalarni tekshirib oling!
|
| |
