2 Laboratoriya ishi Mavzu: Kommutatorda port xavfsizligi
MAC-manzillar jadvalini tozalash
Yüklə 167,88 Kb.
|
- Bu səhifədəki naviqasiya:
- Portni access rejimiga o`zgartirish
- Secure-MAC ni dinamik aniqlashni ko`rsatish
- Xavfsizlik buzilishigi javob berish rejimini sozlash
- Ishlatilmayotgan portlarni o`chirish
- Sozlamalarni saqlash Switchcopy running-config startup-config Topshiriq
- Nazorat savollari
MAC-manzillar jadvalini tozalashswitch# clear port-security [all|configured|dynamic|sticky] [address switch #clear port-security configured switch #clear port-security dynamic switch #clear port-security sticky
|
|
Qurilma |
IP-manzil |
МАС-manzil |
Interfeys |
Port rejimlari |
|
Laptop0 |
192.168.1.1 |
00E0.F902.D683 |
Fa0 |
n/a |
|
Laptop1 |
192.168.1.2 |
000B.BE9B.EE4A |
Fa0 |
n/a |
|
Laptop2 |
192.168.1.3 |
00D0.5819.04E3 |
Fa0 |
n/a |
|
Laptop3 |
192.168.1.4 |
0004.9AB9.DAC2 |
Fa0 |
n/a |
|
Laptop4 |
192.168.1.5 |
00D0.BAC2.8C58 |
Fa0 |
n/a |
|
Laptop5 |
192.168.1.6 |
0000.0C6E.01E0 |
Fa0 |
n/a |
|
SW1 |
N/A |
N/A |
Fa0/1 |
sticky |
|
SW1 |
N/A |
N/A |
Fa0/2 |
mac-address 00D0.5819.04E3 |
|
SW1 |
N/A |
N/A |
Fa0/3 |
violation protect |
|
SW1 |
N/A |
N/A |
Fa0/5-24 |
Shutdown |
|
SW2 |
N/A |
N/A |
Fa0/1 |
restrict |
|
SW2 |
N/A |
N/A |
Fa0/2 |
restrict |
|
SW2 |
N/A |
N/A |
Fa0/3 |
Protect |
|
SW2 |
N/A |
N/A |
Fa0/4 |
maximum 4 |
Ishni bajarish tartibi
Switch>enable
Switch#configure terminal Switch(config)#hostname Sw1 Sw1(config)#interface fa0/1
Portni access rejimiga o`zgartirish
Sw1(config-if)#switchport mode access
Portda port-securityni ishga tushurish
Sw1 (config-if)#switchport port-security
Secure-MAC ni dinamik aniqlashni ko`rsatish
Sw1 (config-if)#switchport port-security mac-address sticky Sw1 (config-if)#exit
Secure-MAC ni statik aniqlashni ko`rsatish
Sw1(config)#interface fastEthernet 0/2 Sw1(config-if)#switchport mode access Sw1(config-if)#switchport port-security
Sw1(config-if)#switchport port-security mac-address 000B.BE9B.EE4A Sw1(config-if)#end
Xavfsizlik buzilishigi javob berish rejimini sozlash
Sw1(config)#interface fastEthernet 0/3 Sw1(config-if)#switchport mode access Sw1(config-if)#switchport port-security
Sw1(config-if)#switchport port-security mac-address sticky Sw1(config-if)#switchport port-security violation protect Sw1(config-if)#end
Ishlatilmayotgan portlarni o`chirish
Sw1(config)#interface range fastEthernet 0/5-24 Sw1(config-if-range)#shutdown
Portda secure-MAC maksimal soni N ni ko`rsatish (Bu buyruq Sw2 kommutatorga tavsiya etiladi)
Switch>enable Switch#configure terminal Switch(config)#hostname Sw2 Sw2(config)#interface fa0/4
Sw2(config-if)#switchport mode trunk
Sw2(config-if)#switchport port-security maximum 4 Sw1(config-if)#switchport port-security violation restrict
Natijani tekshirish
Switch#show port-security interface fa 0/1 Port Security : Enabled
Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1
Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0
Last Source Address:Vlan : 0001.63B4.E4A6:1 Security Violation Count : 0
Sozlamalarni saqlash
Switch#copy running-config startup-config
Topshiriq
Har bir talaba yuqorida keltirilgan ma‘lumotlar bo`yicha Cisco Packet tracer muhitida laboratoriya ishini bajaradi.
Nazorat savollari
MAC-manzil bu nima va qurilmalarda qanday aniqlanadi?
Kommutatorda port xavfsizligi funksiyasini nima uchun ishlatiladi?
Secure-MAC maksimal sonini N qaysi holatlarda ishlatiladi?
Yüklə 167,88 Kb.
Dostları ilə paylaş: