Mavzu: RADIUS serverini sozlash
Nazariy qism
Korporativ tarmoqlarda tarmoq administratori tarmoqdagi barcha qurilmalarni masofadan boshqarishi yoki biron bir tizimga masofadan turib xavfsiz ulanishini ta`minlab berishda RADIUS serverdan foydalaniladi. Odatda RADIUS serverini AAA (autentifikatsiya, avtorizatsiya,akkount)serveri deb ham ataladi.
RADIUS server ikki xil protokol orqali ishlaydi:
Ushbu protokollarning qiyosiy tahlili quyidagicha:
|
RADIUS
|
TACACS
|
Protokol
|
UDP
1812/1645 autentifikatsiya
1813/1646 akkount
|
TCP/49
|
Shifrlash
|
Faqat parolni shifrlaydi
|
To`liq shifrlaydi
|
Xususiyatlari
|
Ochiq standart
|
CISCO standarti asosida ishlab chiqilgan
|
Ishni bajarish tartibi
Cisco packet tracer dasturi ishga tushiriladi.
Quyida keltirilgan topologiya quriladi.
Qurilgan topologiya testlab ko`riladi.
1-rasm.Tarmoqning umummiy strukturasi.
Router_1 ga quyidagi buyruqlar ketma-ketlgi kiritiladi.
Router#conf t
Router(config)#int fa 0/0
Router(config-if)#no shut
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#ex
Router(config)#ip dhcp pool vl2
Router(dhcp-config)#network 192.168.2.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.2.1
Router(dhcp-config)#dns-server 8.8.8.8
Router(dhcp-config)#ex
Router(config)#interface fastEthernet 1/0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
Router(config-if)#ip address 1.1.1.1 255.255.255.0
Router(config-if)#ex
Router(config)#router rip
Router(config-router)#network 1.1.1.0
Router(config-router)#network 192.168.2.0
Router(config-router)#ex
Router(config)#hostname Asosiy
Asosiy(config)#ip domain-name TUIT
Asosiy(config)#crypto key generate rsa
The name for the keys will be: Asosiy.TUIT
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
Asosiy(config)#
*??? 1 0:5:57.641: RSA key size needs to be at least 768 bits for ssh version 2
*??? 1 0:5:57.642: %SSH-5-ENABLED: SSH 1.5 has been enabled
Asosiy(config)#aaa new-model
Asosiy(config)#aaa authentication login bilol group radius local
Asosiy(config)#radius-server host 192.168.2.100 key 123
Asosiy(config)#line vty 0 4
Asosiy(config-line)#transport input all
Asosiy(config-line)#login authentication bilol
Asosiy(config-line)#exit
Asosiy(config)#do wr
Do'stlaringiz bilan baham: |