2 laboratoriya ishi kommutatorda port xavfsizligi (port security) ni sozlash

Yüklə 251,33 Kb. tarix 09.04.2023 ölçüsü 251,33 Kb. #95324

Bu səhifədəki naviqasiya:

• Qisqacha nazariy ma’lumotlar

№ 2 LABORATORIYA ISHI KOMMUTATORDA PORT XAVFSIZLIGI (PORT SECURITY) NI SOZLASH Ishdan maqsad: Kommutatsiya jadvallari to`ldirilishiga yo`naltirilgan hujumlardan, tarmoqni himoya qilish imkonini beruvchi kommutatorning “port-security” funksiyasini sozlash bo`yicha amaliy ko`nikmalarga ega bo’lish. Qisqacha nazariy ma’lumotlar Port-security funksiyasi kommutatorning biror bir porti orqali tarmoqqa faqat ko`rsatilgan qurilmalar kirishini sozlashga imkon beradi. Ushbu portga kirishga ruxsat berilgan qurilmalar MAC-manzillar bo`yicha aniqlanadi. MAC-manzillar dinamik yoki tarmoq administrator tomonidan qo`lda sozlanishi mumkin. Bundan tashqari Port-security funksiyasi portga ulanuvchi tugunlar sonini cheklashga imkoniyat yaratadi, bu esa portga MAC-manzillar sonini ko`rsatish orqali amalga oshiriladi. Yana bir funksiyasi MAC-manzillar jadvali to`ldirilishiga yo`naltirilgan hujumlardan kommutatorni himoyalash hisoblanadi (2.1-rasm.). 1.Topologiyani tuzub oldik va kompyuterlarga ip address berib chiqdim . Qurilma IP-manzil МАС-manzil Interfeys Port rejimlari Laptop0 192.168.1.1 00D0.975B.887B Fa0 n/a Laptop1 192.168.1.2 0060.47B8.5CC5 Fa0 n/a Laptop2 192.168.1.3 0060.47B6.AEB0 Fa0 n/a Laptop3 192.168.1.4 0003.E494.23BE Fa0 n/a Laptop4 192.168.1.5 0060.5C29.A1E0 Fa0 n/a Laptop5 192.168.1.6 0001.6301.59C5 Fa0 n/a SW1 N/A N/A Fa0/1 sticky SW1 N/A N/A Fa0/2 mac-address 00D0.5819.04E3 SW1 N/A N/A Fa0/3 violation protect SW1 N/A N/A Fa0/5-24 Shutdown SW2 N/A N/A Fa0/1 restrict SW2 N/A N/A Fa0/2 restrict SW2 N/A N/A Fa0/3 Protect SW2 N/A N/A Fa0/4 maximum 4 Switch1 Switch>enable Switch#configure terminal Switch(config)#hostname sw1 sw1 (config)#interface fa0/1 sw1 (config-if)#switchport mode access sw1 (config-if)#switchport port-security sw1 (config-if)#switchport port-security mac-address sticky sw1 (config)#interface fastEthernet 0/2 sw1 (config-if)#switchport mode access sw1 (config-if)#switchport port-security sw1 (config-if)#switchport port-security mac-address 0060.47B8.5CC5 sw1 (config)# interface fastEtherinnet 0/3 sw1 (config-if)#switchport mode access sw1 (config-if)#switchport port-security sw1 (config-if)#switchport port-security mac-address sticky sw1 (config-if)#switchport port-security violation protect sw1 (config)#interface range fastEthernet 0/4-24 sw1 (config-if-range)#shutdown Switch 2 Switch>enable Switch#configure terminal Switch(config)#hostname Farhod sw1 (config)#interface g0/1 sw1 (config-if)#switchport mode trunk sw1 (config-if)#switchport port-security maximum 4 sw1 (config-if)#switchport port-security violation restrict Natija: #show port-security int f0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0000.0000.0000:0 Security Violation Count : 0 Yüklə 251,33 Kb. Dostları ilə paylaş: