Tunelling
Vahtni uzulishsiz qilish:Spanning-tree mode repid-pvst
Portlarni biriktirish :
#int range fast 0/1-2
#channel-group 1 mode on
Va bunda port-channel 1 paydo bo’ladi va shu aynan int fast 0/1-2=int port-channel 1 teng kuchli
Darajalash:
#int range fast 0/1-2
#channel-protocol lacp
#channel-group 1 mode active==faol uzatuvchi bo’lganda
#channel-group 1 mode passive==qabul qiluvchi bo’lganda
OSPF
#interface loopback <1-2147483647>
#ip address 192.168.100.1 ==bu tarmoqda oilalarni birlashtirish kk
#router OSPF <1-65535>
#network 192.168.1.0 0.0.0.255 area 0
#network 1.1.1.0 0.0.0.255 area 0== uziga ulangan tarmoqlar kiritiladi
# passiv interface kiritiladi
# clear ip ospf process==bu ospfda darajalani qayta yuklab beradi
#router-id 10.10.10.10 ==bu darajalab chiqadi
#ip ospf priority 100=== bu qaysi routerga berilsa ushani mavqeyini belgilaydi va shu area uchun asosiy buladi agar darajasi undan past bolsa qolganlarini
EIGRP
#router eigrp 1
#network 1.1.1.0 0.0.0.255==uzi ulangan tarmoqlar
#eigrp router-id 10.10.10.10
#passive interface g 0/0
Vaht o’rnatib chiqish:
#clock set 19:00:00 12 oct 2021=== har bir routerga o’rnatiladi
#key chain nomi<….> ===bu nom yodda tutish kk
##key 1 <0-2147483647>
##key-string 123==namuna sifatida 123 olindi bu aloqa almashinishda kalit vazifasini bajaruvchi omil
##accept-lifetime 19:00:00 12 oct 2021 19:30:00 12 oct 2021===vaht oralig’ida malumot almashinish izimini beradi
##send-lifetime 19:00:00 12 oct 2021 19:30:00 12 oct 2021===vaht oralig’ida malumot almashinish izimini beradi
#int g 0/1
##ip authentication key-chain eigrp 1 kalitlar ==shu bizdan foydalanish kiritiladi aynan shu portga
##ip authentication mode eigrp 1 md5===shu shifrlashdan o’tkazish
BGP
Oilalarga bo’lib chiqiladi masalan AS 100 va AS 200 bular uzaro aloqani taminlaydi:
#router bgp 100
#neighbour 1.1.1.1 remout-as 200==bu qushni ISP nomi AS200
#network 1.1.1.0 mask 255.255.255.0
#network 192.168.1.1 mask 255.255.255.0==bu routerda ulangan portlarni ip address oilalarini tanishtiriladi
NAT
Ip nat inside ==ichki dan tashqiga chiqish uchun ruxsat
Ip nat outside==internetga bog’langan portga kiritiladi
#ip access-list standart nom ##permit 192.168.2.0 ==ip oilalar kiritiladi internetga chiqish uchun
#ip nat inside source list nat-uchun int g 0/0 overload==internetga bog’lash uchun xizmat qiladi
#ip nat source static tcp 192.168.4.4 80
1.1.1.1 80===bu kamanda internetdan serverga zapros berish uchun routerni ip si yoki manzilga keladi yani nat ichkariga servergacha kirishga ruxsat bermaydi va faqat routergacha kela oladi chunki server access-listga kiritilmaydi
SSH-SECRET SHILD
ACCESS-LIST
#ip access-list extendet for-internet ##deny tcp any host 1.1.1.1 eq telnet<22>
##permit ip any host 1.1.1.1
#int g 0/1
##ip access-group for-internet in ==kirishda tekshiradi
Access list ni belgilashda permit va deny dan foydalaniladi va bunda uni nomerlab daraja berish m-n
#access-list standart qudrat
##10 peremit host 192.168.1.1
##20 deny host 192.168.2.1
##15permit host 192.168.3.1
Bunda access list tartiblangan holda buladi masalan
10,15,20 ko’rinishida22>