6 laboratoriya ishi kommutatorda port xavfsizligi (port security) ni sozlash


Xavfsizlik buzilishiga javob berish (реагирование) rejimini sozlash



Download 203 Kb.
bet3/3
Sana24.11.2022
Hajmi203 Kb.
#871541
1   2   3

Xavfsizlik buzilishiga javob berish (реагирование) rejimini sozlash


Xavfsizlik buzilishiga javob berish ning uchta usuli mavjud:
switch(config-if)# switchport port-security violation


switchport port-security violation restrict – buzilishga javob berish rjimini ko`rsatish. Bunda, agar interfeysda uchinchi notanish MAC-manzil paydo bo`lsa, undan keluvchi barcha paketlar qabul qilinmaydi. Undan tashqari syslog, SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi.
switchport port-security violation shutdown- buzilish aniqlanganda interfeysni error-disabled holatiga o`tkazadi va o`chiradi. Undan tashqari syslog, SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi. Ushbu holatdan chiqarish uchun shutdown va no shutdown buyruqlaridan foydalaniladi.
Agar interfeysga switchport port-security violation protect buyrug`i kiritilgan bo`lsa, unda notanish MAC-manzil paketlari qabul qilinmaydi va xech qanday xabar yaratilmaydi, hamda port shutdown holatiga o`tmaydi.
Ushbu usullardan switchport port-security violation restrict ko`pchilik hollarda tavsiya etiladi.


MAC-manzillar jadvalini tozalash
Boshqa qurilmalar ulanishi uchun MAC-manzillar jadvalini tozalash:
switch# clear port-security [all|configured|dynamic|sticky] [address |interface ]
switch #clear port-security all
switch #clear port-security configured
switch #clear port-security dynamic
switch #clear port-security sticky

Port-security sozlanishlari haqidagi ma’lumotlarni ko`rish


switch# show port-security
switch# show port-security interface fa0/3
switch# show port-security address

Topshiriq

  • 2.4-rasmda keltirilgan tarmoq topologiyasini Cisco Packet Tracer dasturida tuzish talab qilinadi;

  • Har bir kompyuter uchun IP manzilni sozlang va MAC manzillarni 2.2-rasmda ko`rsatilgandek aniqlang;

  • Kommutatorning har bir portlariga xavfsizlik ko`rsatkichlarini sozlang;

  • 2.1-jadvalga yuqorida keltirilgan topshiriqlarni kiriting.


2.4-rasm. Tarmoq topologiyasi.
2.1-jadval

Qurilma

IP-manzil

МАС-manzil

Interfeys

Port rejimlari

Laptop0

192.168.1.1

00E0.F902.D683

Fa0

n/a

Laptop1

192.168.1.2

000B.BE9B.EE4A

Fa0

n/a

Laptop2

192.168.1.3

00D0.5819.04E3

Fa0

n/a

Laptop3

192.168.1.4

0004.9AB9.DAC2

Fa0

n/a

Laptop4

192.168.1.5

00D0.BAC2.8C58

Fa0

n/a

Laptop5

192.168.1.6

0000.0C6E.01E0

Fa0

n/a

SW1

N/A

N/A

Fa0/1

sticky

SW1

N/A

N/A

Fa0/2

mac-address
00D0.5819.04E3

SW1

N/A

N/A

Fa0/3

violation protect

SW1

N/A

N/A

Fa0/5-24

Shutdown

SW2

N/A

N/A

Fa0/1

restrict

SW2

N/A

N/A

Fa0/2

restrict

SW2

N/A

N/A

Fa0/3

Protect

SW2

N/A

N/A

Fa0/4

maximum 4



Ishni bajarish tartibi
Switch>enable
Switch#configure terminal
Switch(config)#hostname Sw1
Sw1(config)#interface fa0/1
1. Portni access rejimiga o`zgartirish
Sw1(config-if)#switchport mode access
2. Portda port-securityni ishga tushurish
Sw1 (config-if)#switchport port-security
3. Secure-MAC ni dinamik aniqlashni ko`rsatish
Sw1 (config-if)#switchport port-security mac-address sticky
Sw1 (config-if)#exit
4. Secure-MAC ni statik aniqlashni ko`rsatish
Sw1(config)#interface fastEthernet 0/2
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport port-security
Sw1(config-if)#switchport port-security mac-address 000B.BE9B.EE4A
Sw1(config-if)#end
5. Xavfsizlik buzilishigi javob berish rejimini sozlash
Sw1(config)#interface fastEthernet 0/3
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport port-security
Sw1(config-if)#switchport port-security mac-address sticky
Sw1(config-if)#switchport port-security violation protect
Sw1(config-if)#end
6. Ishlatilmayotgan portlarni o`chirish
Sw1(config)#interface range fastEthernet 0/5-24
Sw1(config-if-range)#shutdown
7. Portda secure-MAC maksimal soni N ni ko`rsatish (Bu buyruq Sw2 kommutatorga tavsiya etiladi)
Switch>enable
Switch#configure terminal
Switch(config)#hostname Sw2
Sw2(config)#interface fa0/4
Sw2(config-if)#switchport mode trunk
Sw2(config-if)#switchport port-security maximum 4
Sw1(config-if)#switchport port-security violation restrict
8. Natijani tekshirish
Switch#show port-security interface fa 0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0001.63B4.E4A6:1
Security Violation Count : 0
9. Sozlamalarni saqlash
Switch#copy running-config startup-config


Nazorat savollari

  1. MAC-manzil bu nima va qurilmalarda qanday aniqlanadi?

  2. Kommutatorda port xavfsizligi funksiyasini nima uchun ishlatiladi?

  3. Secure-MAC maksimal sonini Nqaysi holatlarda ishlatiladi?

  4. Port security asosiy atributalari keltiring.

  5. Kommutatorning xavfsizligini ta`minlashning yana qanday chorlarini bilasiz ?

Download 203 Kb.

Do'stlaringiz bilan baham:
1   2   3




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish