5-laboratoriya ishi mavzu: pptp, L2F, L2tp va ipsec protokollarini tadqiq qilish ishdan maqsad



Download 2,11 Mb.
bet5/5
Sana05.01.2022
Hajmi2,11 Mb.
#318278
1   2   3   4   5
Bog'liq
5-Laboratoriya ishi.Xabilov

Ishning bajarish tartibi

5.1-rasm. Tadqiq qilinayotgan tarmoq



Manzillar jadvali

Qurilma

Interfeys

IP-manzil

Tarmoq maskasi

R0

Fa0/0

192.168.1.1

255.255.255.0

Fa0/1

195.158.1.1

255.255.255.252

R1

Fa0/0

195.158.1.2

255.255.255.252

Fa0/1

80.80.80.1

255.255.255.252

R2

Fa0/1

80.80.80.2

255.255.255.252

Fa0/0

172.16.1.1

255.255.255.0

PC0

NIC

192.168.1.10

255.255.255.0

PC1

NIC

172.16.1.10

255.255.255.0


1. Marshrutizatorlar o`rtasida aloqani tekshirish

Barcha tarmoq qurilmalarini 5.1-rasmda ko`rsatilganidek qilib IP-manzillarini bilan birga sozlang.


R0 sozlanishi:

Router>enable

Router#configure terminal

Router(config)#hostname R0

R0(config)#interface fastEthernet 0/0

R0(config-if)#no shutdown

R0(config-if)#ip address 192.168.1.1 255.255.255.0

R0(config-if)#exit

R0(config)#interface fastEthernet 0/1

R0(config-if)#no shutdown

R0(config-if)#ip address 195.158.1.1 255.255.255.252

R0(config-if)#exit

R0(config)#router ospf 1

R0(config-router)#network 192.168.1.0 0.0.0.255 area 1

R0(config-router)#network 195.158.1.0 0.0.0.3 area 0

R0(config-router)#exit
R1 sozlanishi:

Router>enable

Router#configure terminal

Router(config)#hostname R1

R1(config)#interface fastEthernet 0/0

R1(config-if)#no shutdown

R1(config-if)#ip address 195.158.1.2 255.255.255.252

R1(config-if)#exit

R1(config)#interface fastEthernet 0/1

R1(config-if)#no shutdown

R1(config-if)#ip address 80.80.80.1 255.255.255.252

R1(config-if)#exit

R1(config)#router ospf 1

R1(config-router)#network 80.80.80.0 0.0.0.3 area 0

R1(config-router)#network 195.158.1.0 0.0.0.3 area 0

R1(config-router)#exit
R2 sozlanishi:

Router>enable

Router#configure terminal

Router(config)#hostname R2

R2(config)#interface fastEthernet 0/0

R2(config-if)#no shutdown

R2(config-if)#ip address 192.168.1.1 255.255.255.0

R2(config-if)#exit

R2(config)#interface fastEthernet 0/1

R2(config-if)#no shutdown

R2(config-if)#ip address 80.80.80.2 255.255.255.252

R2(config-if)#exit

R2(config)#router ospf 1

R2(config-router)#network 80.80.80.0 0.0.0.3 area 0

R2(config-router)#network 172.16.1.0 0.0.0.255 area 2

R2(config-router)#exit

5.2-rasm. IPsec konfiguratsiya qilinmagan holat



2. IPsec ni sozlash

1. R0 marshrutizatori lokal tarmog`idan R2 marshrutizatori lokal tarmog`igacha trafiklarni aniqlash uchun ACL 100 ro`yxatini sozlang.


R0(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
2. R2 marshrutizatori uchun ham yuqoridagi buyruqni takrorlang.
R2(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
3. R0 va R2 marshrutizatorlarida ISAKMP 1 kriptografiyasini va yana shifrlash kalitini TATU qilib sozlang.

R0 uchun:

R0(config)# crypto isakmp enable

R0(config)#crypto isakmp policy 1

R0(config-isakmp)#encryption 3des

R0(config-isakmp)#hash md5

R0(config-isakmp)#authentication pre-share

R0(config-isakmp)#group 2

R0(config-isakmp)#lifetime 86400

R0(config-isakmp)#exit
R0(config)#crypto isakmp key KALIT address 80.80.80.2

R0(config)#crypto ipsec transform-set TATU esp-3des esp-md5-hmac

R0(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
R0(config)#crypto map KARTA 10 ipsec-isakmp

R0(config-crypto-map)#set peer 80.80.80.2

R0(config-crypto-map)#set transform-set TATU

R0(config-crypto-map)#match address 100

R0(config-crypto-map)#exit

R0(config)#interface fastEthernet 0/1

R0(config-if)#crypto map KARTA

R0(config-if)#exit


R2 uchun ham shu komadalar yoziladi

R2(config)# crypto isakmp enable

R2(config)#crypto isakmp policy 1

R2(config-isakmp)#encryption 3des

R2(config-isakmp)#hash md5

R2(config-isakmp)#authentication pre-share

R2(config-isakmp)#group 2

R2(config-isakmp)#lifetime 86400

R2(config-isakmp)#exit
R2(config)#crypto isakmp key KALIT address 195.158.1.1

R2(config)#crypto ipsec transform-set TATU esp-3des esp-md5-hmac

Router2(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
R2(config)#crypto map KARTA 10 ipsec-isakmp

R2(config-crypto-map)#set peer 195.158.1.1

R2(config-crypto-map)#set transform-set TATU

Router2(config-crypto-map)#match address 100


Router2(config-crypto-map)#exit

Router2(config)#interface fastEthernet 0/1

Router2(config-if)#crypto map KARTA

Router2(config-if) #exit

Router2(config) #ip route 0.0.0.0 0.0.0.0 80.80.80.1
IPsec sozlamasini ko'rish uchun

#show crypto isakmp sa

#show crypto isakmp policy

#show crypto map

#show crypto ipsec sa

5.3-rasm. IPsec konfiguratsiya qilingan holat


Topshiriq

1. Marshrutizatorlar o`rtasida aloqani tekshiring

2. Istalgan marshrutizatordan chiqishida paketni ochib tahlil qiling

3. IPsec ni sozlang

4. R0 marshrutizatori chiqishida paketni ochib tahlil qiling


Bajarilish.

IP-manzillarini bilan birga sozlash.













Marshrutizatorlar o`rtasida aloqani tekshirish







IP secni sozlash




Download 2,11 Mb.

Do'stlaringiz bilan baham:
1   2   3   4   5




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish