2 laboratoriya ishi kommutatorda port xavfsizligi (port security) ni sozlash


Download 251.33 Kb.
Sana22.04.2023
Hajmi251.33 Kb.
#1379551
Bog'liq
2 LABORATORIYA ISHI


2 LABORATORIYA ISHI
KOMMUTATORDA PORT XAVFSIZLIGI (PORT SECURITY) NI SOZLASH


Ishdan maqsad: Kommutatsiya jadvallari to`ldirilishiga yo`naltirilgan hujumlardan, tarmoqni himoya qilish imkonini beruvchi kommutatorning “port-security” funksiyasini sozlash bo`yicha amaliy ko`nikmalarga ega bo’lish.


Qisqacha nazariy ma’lumotlar
Port-security funksiyasi kommutatorning biror bir porti orqali tarmoqqa faqat ko`rsatilgan qurilmalar kirishini sozlashga imkon beradi. Ushbu portga kirishga ruxsat berilgan qurilmalar MAC-manzillar bo`yicha aniqlanadi. MAC-manzillar dinamik yoki tarmoq administrator tomonidan qo`lda sozlanishi mumkin. Bundan tashqari Port-security funksiyasi portga ulanuvchi tugunlar sonini cheklashga imkoniyat yaratadi, bu esa portga MAC-manzillar sonini ko`rsatish orqali amalga oshiriladi. Yana bir funksiyasi MAC-manzillar jadvali to`ldirilishiga yo`naltirilgan hujumlardan kommutatorni himoyalash hisoblanadi (2.1-rasm.).



1.Topologiyani tuzub oldik va kompyuterlarga ip address berib chiqdim .





Qurilma

IP-manzil

МАС-manzil

Interfeys

Port rejimlari

Laptop0

192.168.1.1

00D0.975B.887B

Fa0

n/a

Laptop1

192.168.1.2

0060.47B8.5CC5

Fa0

n/a

Laptop2

192.168.1.3

0060.47B6.AEB0

Fa0

n/a

Laptop3

192.168.1.4

0003.E494.23BE

Fa0

n/a

Laptop4

192.168.1.5

0060.5C29.A1E0

Fa0

n/a

Laptop5

192.168.1.6

0001.6301.59C5

Fa0

n/a

SW1

N/A

N/A

Fa0/1

sticky

SW1

N/A

N/A

Fa0/2

mac-address
00D0.5819.04E3

SW1

N/A

N/A

Fa0/3

violation protect

SW1

N/A

N/A

Fa0/5-24

Shutdown

SW2

N/A

N/A

Fa0/1

restrict

SW2

N/A

N/A

Fa0/2

restrict

SW2

N/A

N/A

Fa0/3

Protect

SW2

N/A

N/A

Fa0/4

maximum 4

Switch1


Switch>enable
Switch#configure terminal
Switch(config)#hostname sw1
sw1 (config)#interface fa0/1
sw1 (config-if)#switchport mode access
sw1 (config-if)#switchport port-security
sw1 (config-if)#switchport port-security mac-address sticky
sw1 (config)#interface fastEthernet 0/2
sw1 (config-if)#switchport mode access
sw1 (config-if)#switchport port-security
sw1 (config-if)#switchport port-security mac-address 0060.47B8.5CC5
sw1 (config)# interface fastEtherinnet 0/3
sw1 (config-if)#switchport mode access
sw1 (config-if)#switchport port-security
sw1 (config-if)#switchport port-security mac-address sticky
sw1 (config-if)#switchport port-security violation protect
sw1 (config)#interface range fastEthernet 0/4-24
sw1 (config-if-range)#shutdown

Switch 2


Switch>enable
Switch#configure terminal
Switch(config)#hostname Farhod
sw1 (config)#interface g0/1
sw1 (config-if)#switchport mode trunk
sw1 (config-if)#switchport port-security maximum 4
sw1 (config-if)#switchport port-security violation restrict

Natija:


#show port-security int f0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0


Download 251.33 Kb.

Do'stlaringiz bilan baham:




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling