LAN tarmoqlar ichida aynan 192.168.1.0/24 tarmoq internetga chiqishi uchun Access list foydalanamiz Router1(config)#access-list 10permit 192.168.1.0 0.0.0.255 Access list ni TATU nomli yaratilgan NAT ga biriktiramiz. Router1(config)#ip nat inside source list 10pool TATU Router ning kirish va chiqish portlariga NAT ni biriktiramiz Router1(config)#interface fastEthernet 0/0 Router1(config-if)#ip nat inside Router1 (config-if #exit Router1(config)#interface fastEthernet 0/1 Router1(config-if)#ip nat outside Routerl (config-if) #exit
Dinamik N<
At Device: RouterO Source: Laptopl Destination: ServerO
Dinamik №
In Layers Out Layers
1. FastEthernetO/O receives the frame.
Inbound PDU Details Outbound PDU Details
At Device: RouterO Source: Laptop2 Destination: ServerO In Layer» Out Layers
Layer7
Layer?
Layer4 1
Layer 3: IP HeaderfSrc. IP: 19
2.168.1.2,
Laver 3: IP Headel Src. IP: 195.158.1.3,
Dest. IP: 2UU.2UU.U.2 1LMP Message Type: 8
Dest. IP: 200.200.0.2 ICMP Message Type: 8
Layer 2: Ethernet II Header 0060.7085.7832 >> 0000.0CAA.C901
Layer 2: Ethernet II Header 0000.0CAA.C902 >> 0007.ECOB.2E01
Layer 1: Port FastEthernetO/O
Layer 1: Port(s): FastEthernetO/1
1. FastEthernetO/O receives the frame.
Router# snow ip nat translations
Fro
Inside global
Inside local
Outside local
Outside global
icir.p
195.158.1.1:1
192.168.1.4:1
200.200.0.2:1
200.200.0.2:1
icir.p
195.158.1.1:2
192.168.1.4:2
200.200.0.2:2
200.200.0.2:2
icir.p
195.153.1.1:3
192.163.1.4:3
200.200.0.2:3
200.200.0.2:3
icir.p
195.158.1.1:4
192.168.1.4:4
200.200.0.2:4
200.200.0.2:4
icir.p
195.158.1.1:5
192.163.1.4:5
200.200.0.2:5
200.200.0.2:5
icir.p
195.158.1.1:6
192.168.1.4:6
200.200.0.2:6
200.200.0.2:6
icir.p
195.158.1.2 :1
192.163.1.3:1
200.200.0.2:1
200.200.0.2:1
icir.p
195.158.1.3:1
192.168.1.2:1
200.200.0.2:1
200.200.0.2:1
Routerl# show ip nat translations Router#show ip nat statistics Total translations: 8 (0 static, 8 dynamic, 8 extended) Outside Interfaces: FastEtnernetO/1 Inside Interfaces: FastEtnernetQ/Q Hits: 6 Misses: 8 Expired translations: 0 Dynamic mappings: — Inside Source access-list 10 pool TATU refCount 8 pool TATU: netmask 255.255.255.240 start 1Э5.158.1.1 end 1Э5.158.1.10 type generic, total addresses 10 , allocated 3 (30%), misses 0 Router1#show running-config ip nat pool TATU 195.158.1.1 1Э5.158.1.10 netmask 255.255.255.240 ip nat inside source list 10 pool TATU ip classless ip route 0.0.0.0 0.0.0.0 11.11.11.2 ip flow-export version Э 8.7-rasm. Manzillami translatsiyasi bo’yicha olingan natijalar NAPT, NAT Overload, PAT
PAT- dinamik NATning bir shakli bo'lib, bir nechta ro'yxatdan o'tmagan manzillarni turli xil portlardan foydalangan holda bitta ro'yxatdan o'tgan IP manzilga translatsiya qilishdan iborat. PAT bo'yicha ishni bajarish tartibi
8.5 - rasm. PAT tamoyili asosida qurilgan tarmoq tuzilishi Router1(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.2 Router1(config)#ip nat pool nad_pat 195.158.1.1 195.158.1.4 netmask 255.255.255.240 Router1(config)#access-list 10permit 192.168.1.0 0.0.0.255 Router1(config)#ip nat inside source list 10 pool nad_pat overload Router1(config)#interface fastEthernet 0/0 Router1(config-if)#ip nat inside Router1 (config-if #exit Router1(config)#interface fastEthernet 0/1 Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#end Router#copy run startup-config Router 2 konfiguratsiyasi Router(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.1
PAT
Source: LaptopO Destination: ServerO
Layer7
Layer7
Layers
Layer6
Layers
Layers
Layer4
. .
Dest. IP: 200.200.U.2 1LMP MKSSflS Type: 8
Dest. IP: 200.200.J.2 ILMP MfiSSSgfi Type: 8
Layer 2: Ethernet II Header OODO.58E7.702C >> 0000.0CAA.C901
Layer 2: Ethernet II Header 0000.0CAA.C902 >> 0007.EC0B.2E01
Layer 1: Port FastEthernetO/O
Layer 1: Port(s): FastEthernetO/1
1. FastEthernetO/O receives the frame.
Outside global 200.200.0.2:1
Outside local 200.200.0.2:1 2:4 2:5 2:4 2:5
LAN tarmog'idagi barcha Private adreslar bitta 195.158.1.1 Public adres orqali translatsiya bo'ladi faqat port har xil.
Nazorat savollari Manzillarni translatsiya qilish (NAT) usullarini keltiring?
Statik NAT Dinamik NAT dan qanday farqlanadi?
PAT ning ishlash prinsipini tushuntirib bering.
Tarmoqda qanday turdagi manzillar mavjud.
laboratoriya ishi
Mavzu: Tarmoqni himoyalash protokollari SCP, SNMP ni sozlash va log fayllarni tadqiq etish Ishdan maqsad: Ushbu laboratoriya ishi quyidagilar uchun mo’ljallangan:
tarmoqni himoyalash protokollari SCP, SNMP ni sozlashni o’rganish;
Log fayllarni tadqiq etish. Syslog serverini sozlashni o’rganish.
Qisqacha nazariy ma’lumotlar
Tarmoqni himoyalash protokollari SCP va SNMP Oldingi ishlarda aytib ketilganidek, Telnet dan foydalanish juda xavfli. Chunki, bunda barcha ma’lumotlar ochiq ko’rinishda uzatiladi va buzg’unchi ularni osonlik bilan egallab olishi mumkin. Telnet ga alternativ sifatida SHH protokoli taklif qilingan bo’lib, unda barcha ma’lumotlar shifrlanadi. HTTP va HTTPS protokollarida ham shunga o’xshash holat. Biroq, tarmoq qurilmalari bilan ishlashda yo’qorida keltirilgan protokollarga kamdan-kam murojat qilinadi. Quyida biz ularning ko’proq himoyalangan versiyalari hisoblangan yana bir nechta mashhur protokollarni ko’rib chiqamiz. SCP Tizim administratorlari oldida qurilmalarning proshivkalarini qayta yuklash bo’yicha vazifalar judayam tez-tez yuzaga keladi. Buning uchun qurilmaga yangi proshivkani “tashlash” kerak bo’ladi, bu odatda TFTP yoki FTP-server yordamida qilinadi. Texnologiya juda eski hisoblanadi, ammo bunday serverlar bir nechta harakat bilan kuchaytirilishi mumkin.