Vahtni uzulishsiz qilish: Spanning-tree mode repid-pvst Portlarni biriktirish

Download 0,82 Mb. Sana 10.02.2022 Hajmi 0,82 Mb. #441780

Tunelling Vahtni uzulishsiz qilish:Spanning-tree mode repid-pvst Portlarni biriktirish : #int range fast 0/1-2 #channel-group 1 mode on Va bunda port-channel 1 paydo bo’ladi va shu aynan int fast 0/1-2=int port-channel 1 teng kuchli Darajalash: #int range fast 0/1-2 #channel-protocol lacp #channel-group 1 mode active==faol uzatuvchi bo’lganda #channel-group 1 mode passive==qabul qiluvchi bo’lganda OSPF #interface loopback <1-2147483647> #ip address 192.168.100.1 ==bu tarmoqda oilalarni birlashtirish kk #router OSPF <1-65535> #network 192.168.1.0 0.0.0.255 area 0 #network 1.1.1.0 0.0.0.255 area 0== uziga ulangan tarmoqlar kiritiladi # passiv interface kiritiladi # clear ip ospf process==bu ospfda darajalani qayta yuklab beradi #router-id 10.10.10.10 ==bu darajalab chiqadi #ip ospf priority 100=== bu qaysi routerga berilsa ushani mavqeyini belgilaydi va shu area uchun asosiy buladi agar darajasi undan past bolsa qolganlarini EIGRP #router eigrp 1 #network 1.1.1.0 0.0.0.255==uzi ulangan tarmoqlar #eigrp router-id 10.10.10.10 #passive interface g 0/0 Vaht o’rnatib chiqish: #clock set 19:00:00 12 oct 2021=== har bir routerga o’rnatiladi #key chain nomi<….> ===bu nom yodda tutish kk ##key 1 <0-2147483647> ##key-string 123==namuna sifatida 123 olindi bu aloqa almashinishda kalit vazifasini bajaruvchi omil ##accept-lifetime 19:00:00 12 oct 2021 19:30:00 12 oct 2021===vaht oralig’ida malumot almashinish izimini beradi ##send-lifetime 19:00:00 12 oct 2021 19:30:00 12 oct 2021===vaht oralig’ida malumot almashinish izimini beradi #int g 0/1 ##ip authentication key-chain eigrp 1 kalitlar ==shu bizdan foydalanish kiritiladi aynan shu portga ##ip authentication mode eigrp 1 md5===shu shifrlashdan o’tkazish BGP Oilalarga bo’lib chiqiladi masalan AS 100 va AS 200 bular uzaro aloqani taminlaydi: #router bgp 100 #neighbour 1.1.1.1 remout-as 200==bu qushni ISP nomi AS200 #network 1.1.1.0 mask 255.255.255.0 #network 192.168.1.1 mask 255.255.255.0==bu routerda ulangan portlarni ip address oilalarini tanishtiriladi NAT Ip nat inside ==ichki dan tashqiga chiqish uchun ruxsat Ip nat outside==internetga bog’langan portga kiritiladi #ip access-list standart nom ##permit 192.168.2.0 ==ip oilalar kiritiladi internetga chiqish uchun #ip nat inside source list nat-uchun int g 0/0 overload==internetga bog’lash uchun xizmat qiladi #ip nat source static tcp 192.168.4.4 80 1.1.1.1 80===bu kamanda internetdan serverga zapros berish uchun routerni ip si yoki manzilga keladi yani nat ichkariga servergacha kirishga ruxsat bermaydi va faqat routergacha kela oladi chunki server access-listga kiritilmaydi SSH-SECRET SHILD ACCESS-LIST #ip access-list extendet for-internet ##deny tcp any host 1.1.1.1 eq telnet<22> ##permit ip any host 1.1.1.1 #int g 0/1 ##ip access-group for-internet in ==kirishda tekshiradi Access list ni belgilashda permit va deny dan foydalaniladi va bunda uni nomerlab daraja berish m-n #access-list standart qudrat ##10 peremit host 192.168.1.1 ##20 deny host 192.168.2.1 ##15permit host 192.168.3.1 Bunda access list tartiblangan holda buladi masalan 10,15,20 ko’rinishida Download 0,82 Mb. Do'stlaringiz bilan baham: