8-laboratoriya ishi Mavzu: radius serverini sozlash Ishdan maqsad


Download 0.65 Mb.
bet1/2
Sana20.06.2020
Hajmi0.65 Mb.
#120717
  1   2
Bog'liq
8-labaratoriya ishi


8-laboratoriya ishi

Mavzu: RADIUS serverini sozlash

Ishdan maqsad. RADIUS serverini sozlash ko`nikmalariga ega bo`lish.

Nazariy qism

Korporativ tarmoqlarda tarmoq administratori tarmoqdagi barcha qurilmalarni masofadan boshqarishi yoki biron bir tizimga masofadan turib xavfsiz ulanishini ta`minlab berishda RADIUS serverdan foydalaniladi. Odatda RADIUS serverini AAA (autentifikatsiya, avtorizatsiya,akkount)serveri deb ham ataladi.

RADIUS server ikki xil protokol orqali ishlaydi:


  • radius;

  • tacacs.

Ushbu protokollarning qiyosiy tahlili quyidagicha:




RADIUS

TACACS

Protokol

UDP

1812/1645 autentifikatsiya



1813/1646 akkount

TCP/49

Shifrlash

Faqat parolni shifrlaydi

To`liq shifrlaydi

Xususiyatlari

Ochiq standart

CISCO standarti asosida ishlab chiqilgan

Ishni bajarish tartibi

  1. Cisco packet tracer dasturi ishga tushiriladi.

  2. Quyida keltirilgan topologiya quriladi.

  3. Qurilgan topologiya testlab ko`riladi.

1-rasm.Tarmoqning umummiy strukturasi.



  1. Router_1 ga quyidagi buyruqlar ketma-ketlgi kiritiladi.

Router#conf t

Router(config)#int fa 0/0

Router(config-if)#no shut

Router(config-if)#ip address 192.168.2.1 255.255.255.0

Router(config-if)#ex

Router(config)#ip dhcp pool vl2

Router(dhcp-config)#network 192.168.2.0 255.255.255.0

Router(dhcp-config)#default-router 192.168.2.1
Router(dhcp-config)#dns-server 8.8.8.8

Router(dhcp-config)#ex

Router(config)#interface fastEthernet 1/0

Router(config-if)#no shutdown


Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up


Router(config-if)#ip address 1.1.1.1 255.255.255.0

Router(config-if)#ex

Router(config)#router rip

Router(config-router)#network 1.1.1.0

Router(config-router)#network 192.168.2.0

Router(config-router)#ex

Router(config)#hostname Asosiy

Asosiy(config)#ip domain-name TUIT

Asosiy(config)#crypto key generate rsa

The name for the keys will be: Asosiy.TUIT

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.
How many bits in the modulus [512]:

% Generating 512 bit RSA keys, keys will be non-exportable...[OK]


Asosiy(config)#

*??? 1 0:5:57.641: RSA key size needs to be at least 768 bits for ssh version 2

*??? 1 0:5:57.642: %SSH-5-ENABLED: SSH 1.5 has been enabled
Asosiy(config)#aaa new-model

Asosiy(config)#aaa authentication login bilol group radius local

Asosiy(config)#radius-server host 192.168.2.100 key 123

Asosiy(config)#line vty 0 4

Asosiy(config-line)#transport input all

Asosiy(config-line)#login authentication bilol

Asosiy(config-line)#exit

Asosiy(config)#do wr



2-router sozlamalari

2-router>enable

2-router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

2-router(config)#interface fastEthernet 0/0

2-router(config-if)#no shutdown

2-router(config-if)#ip address 1.1.1.2 255.255.255.0

2-router(config-if)#ex

2-router(config)#router rip

2-router(config-router)#network 1.1.1.0

2-router(config-router)#ex

2-router(config)#aaa new-model

2-router(config)#aaa authentication login default group tacacs+ local

2-router(config)#tacacs-server host 192.168.2.100 key 1997

2-router(config)#line vty 0 4

2-router(config-line)#transport input all

2-router(config-line)#login authentication default

2-router(config-line)#exit

2-router(config)#do wr

2-router(config)#enable secret 1997

2-router(config)#

2-router(config)#

2-router(config)#

2-router(config)#cr

2-router(config)#crypto k

2-router(config)#crypto key g

2-router(config)#crypto key generate r

2-router(config)#crypto key generate rsa

2-router(config)#ip ssh version 2

Please create RSA keys (of at least 768 bits size) to enable SSH v2.



2-router(config)#

  1. Har bir komputerni ip adresini statikdan dinamik(DHCP) ip adresga o’zgartirish.



  1. Download 0.65 Mb.

    Do'stlaringiz bilan baham:
  1   2




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling