8-laboratoriya ishi Mavzu: radius serverini sozlash Ishdan maqsad
Download 0.65 Mb.
|
8-labaratoriya ishi
- Bu sahifa navigatsiya:
- Ishni bajarish tartibi
- Router_1 ga quyidagi buyruqlar ketma-ketlgi kiritiladi
- 2-router sozlamalari
- Har bir komputerni ip adresini statikdan dinamik(DHCP) ip adresga o’zgartirish.
8-laboratoriya ishi Mavzu: RADIUS serverini sozlash Ishdan maqsad. RADIUS serverini sozlash ko`nikmalariga ega bo`lish. Nazariy qism Korporativ tarmoqlarda tarmoq administratori tarmoqdagi barcha qurilmalarni masofadan boshqarishi yoki biron bir tizimga masofadan turib xavfsiz ulanishini ta`minlab berishda RADIUS serverdan foydalaniladi. Odatda RADIUS serverini AAA (autentifikatsiya, avtorizatsiya,akkount)serveri deb ham ataladi. RADIUS server ikki xil protokol orqali ishlaydi:
radius; tacacs. Ushbu protokollarning qiyosiy tahlili quyidagicha:
Ishni bajarish tartibi Cisco packet tracer dasturi ishga tushiriladi. Quyida keltirilgan topologiya quriladi. Qurilgan topologiya testlab ko`riladi. 1-rasm.Tarmoqning umummiy strukturasi. Router_1 ga quyidagi buyruqlar ketma-ketlgi kiritiladi. Router#conf t Router(config)#int fa 0/0 Router(config-if)#no shut Router(config-if)#ip address 192.168.2.1 255.255.255.0 Router(config-if)#ex Router(config)#ip dhcp pool vl2 Router(dhcp-config)#network 192.168.2.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.2.1
Router(dhcp-config)#ex Router(config)#interface fastEthernet 1/0 Router(config-if)#no shutdown Router(config-if)# %LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up Router(config-if)#ip address 1.1.1.1 255.255.255.0 Router(config-if)#ex Router(config)#router rip Router(config-router)#network 1.1.1.0 Router(config-router)#network 192.168.2.0 Router(config-router)#ex Router(config)#hostname Asosiy Asosiy(config)#ip domain-name TUIT Asosiy(config)#crypto key generate rsa The name for the keys will be: Asosiy.TUIT Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
% Generating 512 bit RSA keys, keys will be non-exportable...[OK] Asosiy(config)# *??? 1 0:5:57.641: RSA key size needs to be at least 768 bits for ssh version 2 *??? 1 0:5:57.642: %SSH-5-ENABLED: SSH 1.5 has been enabled
Asosiy(config)#aaa authentication login bilol group radius local Asosiy(config)#radius-server host 192.168.2.100 key 123 Asosiy(config)#line vty 0 4 Asosiy(config-line)#transport input all Asosiy(config-line)#login authentication bilol Asosiy(config-line)#exit Asosiy(config)#do wr 2-router sozlamalari 2-router>enable 2-router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. 2-router(config)#interface fastEthernet 0/0 2-router(config-if)#no shutdown 2-router(config-if)#ip address 1.1.1.2 255.255.255.0 2-router(config-if)#ex 2-router(config)#router rip 2-router(config-router)#network 1.1.1.0 2-router(config-router)#ex 2-router(config)#aaa new-model 2-router(config)#aaa authentication login default group tacacs+ local 2-router(config)#tacacs-server host 192.168.2.100 key 1997 2-router(config)#line vty 0 4 2-router(config-line)#transport input all 2-router(config-line)#login authentication default 2-router(config-line)#exit 2-router(config)#do wr 2-router(config)#enable secret 1997 2-router(config)# 2-router(config)# 2-router(config)# 2-router(config)#cr 2-router(config)#crypto k 2-router(config)#crypto key g 2-router(config)#crypto key generate r 2-router(config)#crypto key generate rsa 2-router(config)#ip ssh version 2 Please create RSA keys (of at least 768 bits size) to enable SSH v2. 2-router(config)# Har bir komputerni ip adresini statikdan dinamik(DHCP) ip adresga o’zgartirish. Download 0.65 Mb. Do'stlaringiz bilan baham: |
ma'muriyatiga murojaat qiling