• Xavfsiz MAC-manzillarni sozlash
  • Xavfsiz MAC-manzillarning maksimal soni
  • Xavfsizlik buzilishiga javob berish (реагирование) rejimini sozlash
    		•

    Cisco kommutatorlarida Port-security




    Download 135.88 Kb.
    bet2/3
    Sana25.01.2023
    Hajmi135.88 Kb.
    #39419
    1   2   3
    Bog'liq
    D6hhy7dxaLq03bespa9dGQRwz3Kr jiP

    Cisco kommutatorlarida Port-security


    Port-securityni sozlash
    Port-security interfeysni sozlash kommutatorning port rejimlar orqali amalga oshiriladi. Ko`pchilik Cisco kommutatorlarida portlar odatda dynamic auto rejimida turadi, ushbu rejim port-security funksiyasiga to`g`ri kelmaydi. Shuning uchun interfeysni trunk yoki access rejimiga o`tkazish kerak:
    switch(config-if)# switchport mode Interfeysda port securityni ishga tushurish:
    switch(config-if)# switchport port-security

    Xavfsiz MAC-manzillarni sozlash


    Manzillarni dinamik saqlash (sticky) buyrug`i orqali ishga tushurish: switch(config-if)# switchport port-security mac-address sticky
    Agar manzillarni statik tarzda kiritish kerak bo’lsa sticky buyrug`i o`rniga manzillar yoziladi:
    switch (config) # interface ethernet 0/1
    switch (config-if) # switchport port-security mac- address 0050.3e8d.6400

    Xavfsiz MAC-manzillarning maksimal soni


    switchport port-security maximum N – bu bir vaqtda N sonli MAC-manzillar interfeysda ishlashini anglatadi.
    Masalan:
    switch(config)# interface Fastethernet0/3 switch(config-if)# switchport mode access switch(config-if)# switchport port-security maximum 3
    switch(config-if)# switchport port-security

    Xavfsizlik buzilishiga javob berish (реагирование) rejimini sozlash


    Xavfsizlik buzilishiga javob berish ning uchta usuli mavjud:
    switch(config-if)# switchport port-security violation
    | restrict | shutdown>
    switchport port-security violation restrict – buzilishga javob berish rjimini ko`rsatish. Bunda, agar interfeysda uchinchi notanish MAC-manzil paydo bo`lsa, undan keluvchi barcha paketlar qabul qilinmaydi. Undan tashqari syslog, SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi.
    switchport port-security violation shutdown- buzilish aniqlanganda interfeysni error-disabled holatiga o`tkazadi va o`chiradi. Undan tashqari syslog, SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi. Ushbu holatdan chiqarish uchun shutdown va no shutdown buyruqlaridan foydalaniladi.
    Agar interfeysga switchport port-security violation protect buyrug`i kiritilgan bo`lsa, unda notanish MAC-manzil paketlari qabul qilinmaydi va xech qanday xabar yaratilmaydi, hamda port shutdown holatiga o`tmaydi.
    Ushbu usullardan switchport port-security violation restrict ko`pchilik hollarda tavsiya etiladi.

    Download 135.88 Kb.
    1   2   3




    Download 135.88 Kb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    Cisco kommutatorlarida Port-security

    Download 135.88 Kb.