Laboratoriya ishi №8 Mavzu
Cisco kommutatorlarida Port-security
Download 0.51 Mb. Pdf ko'rish
|
8-Laboratoriya ishi
- Bu sahifa navigatsiya:
- Xavfsiz MAC-manzillarni sozlash
- Xavfsiz MAC-manzillarning maksimal soni
- Xavfsizlik buzilishiga javob berish (реагирование) rejimini sozlash
|
Cisco kommutatorlarida Port-security
Port-securityni sozlash Port-security interfeysni sozlash kommutatorning port rejimlar orqali amalga oshiriladi. Ko`pchilik Cisco kommutatorlarida portlar odatda dynamic auto rejimida turadi, ushbu rejim port-security funksiyasiga to`g`ri kelmaydi. Shuning uchun interfeysni trunk yoki access rejimiga o`tkazish kerak: switch(config-if)# switchport mode Interfeysda port securityni ishga tushurish: switch(config-if)# switchport port-security Xavfsiz MAC-manzillarni sozlash Manzillarni dinamik saqlash (sticky) buyrug`i orqali ishga tushurish: switch(config-if)# switchport port-security mac-address sticky Agar manzillarni statik tarzda kiritish kerak bo’lsa sticky buyrug`i o`rniga manzillar yoziladi: switch (config) # interface ethernet 0/1 switch (config-if) # switchport port-security mac- address 0050.3e8d.6400 Xavfsiz MAC-manzillarning maksimal soni switchport port-security maximum N – bu bir vaqtda N sonli MAC-manzillar interfeysda ishlashini anglatadi. Masalan: switch(config)# interface Fastethernet0/3 switch(config-if)# switchport mode access switch(config-if)# switchport port-security maximum 3 392 switch(config-if)# switchport port-security Xavfsizlik buzilishiga javob berish (реагирование) rejimini sozlash Xavfsizlik buzilishiga javob berish ning uchta usuli mavjud: switch(config-if)# switchport port-security violation shutdown> switchport port-security violation restrict – buzilishga javob berish rjimini ko`rsatish. Bunda, agar interfeysda uchinchi notanish MAC-manzil paydo bo`lsa, undan keluvchi barcha paketlar qabul qilinmaydi. Undan tashqari syslog, SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi. Download 0.51 Mb. Do'stlaringiz bilan baham: 
|