Axborot xavfsizligi protokollari
BGP va IS-IS marshrutlash protokollari uchun autentifikatsiya kalitini sozlash
Download 206.52 Kb. Pdf ko'rish
|
AXP 111
- Bu sahifa navigatsiya:
- Quyidagi misollarda
- BGP ni sozlash
|
BGP va IS-IS marshrutlash protokollari uchun autentifikatsiya kalitini sozlash
BGP protokol asosida qurilgan tarmoq topologiyasi BGP protokol bo`yicha qurilgan tarmoq uchun ishni bajarish tartibi Kompyuterlarga ko‘rsatilgan topologiya bo‘yicha IP manzillarni kiriting. a) R1 marshrutizatorning konfiguratsiyasini sozlaymiz. R1(config)#router bgp 65100 R1(config-router)#bgp router-id 1.1.1.1 R1(config-router)#neighbor 172.16.0.2 remote-as 65200 R1(config-router)#neighbor 172.16.13.2 remote-as 65300 R1(config-router)#network 192.168.1.0 mask 255.255.255.0 R1(config-router)#exit b) R1 marshrutizatorning konfiguratsiyasini sozlaymiz R2(config)#router bgp 65200 R2(config-router)#bgp router-id 2.2.2.2 R2(config-router)#neighbor 172.16.0.1 remote-as 65100 R2(config-router)#neighbor 172.16.23.2 remote-as 65300 R2(config-router)#network 192.168.2.0 mask 255.255.255.0 R2(config-router)#exit s) R1 marshrutizatorning konfiguratsiyasini sozlaymiz R3(config)#router bgp 65300 R3(config-router)#bgp router-id 3.3.3.3 R3(config-router)#neighbor 172.16.13.1 remote-as 65100 R3(config-router)#neighbor 172.16.23.1 remote-as 65200 R3(config-router)#network 192.168.3.0 mask 255.255.255.0 R3(config-router)#exit Quyidagi misollarda biz BGP ni tashqi shlyuz protokoli (EGP) va IS-IS ni ichki shlyuz protokoli (IGP) sifatida sozlaymiz. Agar siz OSPF dan foydalansangiz, uni ko'rsatilgan IS-IS konfiguratsiyasiga o'xshash tarzda sozlash mumkin. BGP ni sozlash Ushbu misol, shuningdek, marshrutlash protokollariga qarshi hujumlarning yaxshi ko'rsatkichi bo'lishi mumkin bo'lgan marshrutlash protokoli hodisalari va xatolar uchun bir qator kuzatuv variantlarini sozlaydi. Ushbu hodisalar tajovuzkorga ishora qilishi mumkin bo'lgan protokolni autentifikatsiya qilishda xatoliklarni o'z ichiga oladi. Buzg'unchi ma'lum bir xatti-harakatni yuzaga keltirish uchun marshrutizatorga soxta yoki boshqa noto'g'ri tuzilgan marshrutlash paketlarini yuborishi mumkin. [edit] protocols { bgp { group ibgp { type internal; traceoptions { file bgp-trace size 1m files 10; flag state; flag general; } local-address 10.10.5.1; log-updown; neighbor 10.2.1.1; authentication-key "$9$aH1j8gqQ1gjyjgjhgjgiiiii"; } group ebgp { type external; traceoptions { file ebgp-trace size 10m files 10; flag state; flag general; } local-address 10.10.5.1; log-updown; peer-as 2; neighbor 10.2.1.2; authentication-key "$9$aH1j8gqQ1gjyjgjhgjgiiiii"; } } } Download 206.52 Kb. Do'stlaringiz bilan baham: 
|