An yi nufin samar da mahalarta mahalarta abubuwan da suka saba amfani wadanda suke neman a kasuwar kwadago ta zamani. Ƙarfin “Network and System Administration” ya ƙunshi sassa uku: Network, Windows, Linux. Ayyukan sun canza daga gasar zuwa gasar, yanayin gasar suna canzawa, amma tsarin ayyukan ga mafi yawancin ya kasance ba canzawa.
Network Island zai zama na farko saboda saukin sa dangane da tsibiran Linux da Windows.
Labarin zai rufe ayyuka masu zuwa:
- Saita sunayen DUKAN na'urori bisa ga topology
- Sanya sunan yankin wsrvuz19.ru zuwa DUKAN na'urori
- Ƙirƙiri mai amfani wsrvuz19 akan DUKAN na'urori tare da kalmar sirri cisco
- Dole ne a adana kalmar sirrin mai amfani a cikin tsari sakamakon aikin hash.
- Dole ne mai amfani ya sami matsakaicin matakin gata.
- Don DUKAN na'urori, aiwatar da ƙirar AAA.
- Tabbatarwa akan na'ura mai nisa dole ne a yi amfani da bayanan gida (sai dai na'urorin RTR1 da RTR2)
- Bayan ingantaccen tabbaci, lokacin shiga daga na'urar wasan bidiyo mai nisa, mai amfani yakamata ya shigar da yanayin nan da nan tare da matsakaicin matakin gata.
- Sanya buƙatar tantancewa akan na'urar wasan bidiyo na gida.
- Nasarar ingantaccen tabbaci ga na'ura wasan bidiyo na gida yakamata ya sanya mai amfani cikin yanayi tare da ƙaramin gata.
- A kan BR1, bayan ingantaccen tabbaci akan na'ura wasan bidiyo na gida, mai amfani yakamata ya kasance cikin yanayi tare da matsakaicin matakin gata.
- A DUKAN na'urori, saita kalmar sirri ta wsr don shigar da yanayin gata.
- Ya kamata a adana kalmar sirri a cikin tsari BA a sakamakon aikin hash ba.
- Sanya yanayin da duk kalmomin shiga da ke cikin tsarin ke adana su a cikin rufaffen tsari.
An gabatar da topology na cibiyar sadarwa a Layer na zahiri a cikin zane mai zuwa:
1. Saita sunayen DUKAN na'urori bisa ga topology
Don saita sunan na'urar (sunan mai masauki) kuna buƙatar shigar da umarni daga yanayin daidaitawa na duniya hostname SW1, inda maimakon haka SW1 Dole ne ku rubuta sunan kayan aikin da aka bayar a cikin ayyukan.
Kuna iya har ma duba saitunan da gani - maimakon saiti switch ya zama SW1:
Switch(config)# hostname SW1
SW1(config)#
Babban aikin bayan yin kowane saiti shine adana saitin.
Ana iya yin wannan daga yanayin sanyi na duniya tare da umarnin do write:
SW1(config)# do write
Building configuration...
Compressed configuration from 2142 bytes to 1161 bytes[OK]
Ko daga yanayin gata tare da umarnin write:
SW1# write
Building configuration...
Compressed configuration from 2142 bytes to 1161 bytes[OK]
2. Sanya sunan yankin wsrvuz19.ru zuwa DUKAN na'urori
Kuna iya saita sunan yankin tsoho wsrvuz19.ru daga yanayin sanyi na duniya tare da umarni ip domain-name wsrvuz19.ru.
Ana gudanar da rajistan tare da taƙaitaccen umarnin runduna masu nunawa daga yanayin daidaitawa na duniya:
SW1(config)# ip domain-name wsrvuz19.ru
SW1(config)# do show hosts summary
Name lookup view: Global
Default domain is wsrvuz19.ru
...
3. Ƙirƙiri mai amfani wsrvuz19 akan DUKAN na'urori tare da kalmar sirri cisco
Wajibi ne don ƙirƙirar mai amfani don ya sami matsakaicin matakin gata, kuma ana adana kalmar sirri azaman aikin hash. Duk waɗannan sharuɗɗan suna la'akari da ƙungiyar username wsrvuz19 privilege 15 secret cisco.
A nan:
username wsrvuz19 - Sunan mai amfani;
privilege 15 - matakin gata (0 - ƙaramin matakin, 15 - matsakaicin matakin);
secret cisco - adana kalmar sirri azaman aikin hash na MD5.
nuna umarni running-config yana ba ku damar bincika saitunan tsarin na yanzu, inda zaku iya nemo layi tare da ƙarin mai amfani kuma ku tabbata cewa an adana kalmar sirri a cikin sigar ɓoye:
SW1(config)# username wsrvuz19 privilege 15 secret cisco
SW1(config)# do show running-config
...
username wsrvuz19 privilege 15 secret 5 $1$EFRK$RNvRqTPt5wbB9sCjlBaf4.
...
4. Aiwatar da samfurin AAA don DUKAN na'urori
Samfurin AAA shine tsarin tantancewa, izini da rikodin taron. Don kammala wannan aikin, mataki na farko shine don ba da damar samfurin AAA kuma saka cewa za a yi aikin tantancewa ta amfani da bayanan gida:
SW1(config)# aaa new-model
SW1(config)# aaa authentication login default local
a. Tabbatarwa akan na'ura mai nisa dole ne a yi amfani da bayanan gida (sai dai na'urorin RTR1 da RTR2)
Ayyukan sun bayyana nau'ikan consoles guda biyu: na gida da na nesa. Na'urar wasan bidiyo mai nisa tana ba ku damar aiwatar da haɗin kai na nesa, misali, ta hanyar ka'idojin SSH ko Telnet.
Don kammala wannan aikin dole ne ku shigar da umarni masu zuwa:
SW1(config)# line vty 0 4
SW1(config-line)# login authentication default
SW1(config-line)# exit
SW1(config)#
tawagar line vty 0 4 an yi sauyi don kafa layukan tasha na zahiri daga 0 zuwa 4.
tawagar login authentication default yana ba da damar yanayin tabbatar da tsoho akan na'urar wasan bidiyo na kama-da-wane, kuma an saita yanayin tsoho a cikin aikin da ya gabata tare da umarnin aaa authentication login default local.
Fitar da yanayin saitin wasan bidiyo mai nisa yana yin amfani da umarnin exit.
Gwajin abin dogaro zai zama haɗin gwaji ta hanyar Telnet daga wannan na'ura zuwa waccan. Ya kamata a yi la'akari da cewa don wannan, dole ne a saita mahimmancin sauyawa da adireshin IP akan kayan aikin da aka zaɓa.
SW3#telnet 2001:100::10
User Access Verification
Username: wsrvuz19
Password:
SW1>
b. Bayan ingantaccen tabbaci, lokacin shiga daga na'ura mai nisa, mai amfani yakamata ya shigar da yanayin nan da nan tare da matsakaicin matakin gata.
Don magance wannan matsalar, kuna buƙatar komawa zuwa saita layukan tasha mai kama-da-wane kuma saita matakin gata tare da umarnin. privilege level 15, inda 15 kuma shine mafi girman matakin, kuma 0 shine ƙaramin gata:
SW1(config)# line vty 0 4
SW1(config-line)# privilege level 15
SW1(config-line)# exit
SW1(config)#
Gwajin zai zama mafita daga ƙaramin sakin layi na baya - haɗin nesa ta Telnet:
SW3#telnet 2001:100::10
User Access Verification
Username: wsrvuz19
Password:
SW1#
Bayan tantancewa, nan da nan mai amfani ya shiga yanayin gata, yana ƙetare yanayin da ba shi da gata, wanda ke nufin an kammala aikin daidai.
cd. Sanya buƙatun akan na'ura wasan bidiyo na gida kuma bayan ingantaccen ingantaccen mai amfani yakamata ya shigar da yanayin tare da ƙaramin matakin gata.
Tsarin umarni a cikin waɗannan ayyuka ya zo daidai da ayyukan da aka warware a baya 4.a da 4.b. Tawaga line vty 0 4 an maye gurbinsa da console 0:
SW1(config)# line console 0
SW1(config-line)# login authentication default
SW1(config-line)# privilege level 0
SW1(config-line)# exit
SW1(config)#
Kamar yadda aka riga aka ambata, mafi ƙarancin matakin gata yana ƙayyade ta lamba 0. Za a iya yin rajistan kamar haka:
SW1# exit
User Access Verification
Username: wsrvuz19
Password:
SW1>
Bayan tantancewa, mai amfani yana shiga yanayin mara amfani, kamar yadda aka bayyana a cikin ayyukan.
e. A kan BR1, bayan ingantaccen tabbaci akan na'ura wasan bidiyo na gida, mai amfani yakamata ya kasance cikin yanayi tare da matsakaicin matakin gata.
Saitin wasan bidiyo na gida akan BR1 zai yi kama da haka:
BR1(config)# line console 0
BR1(config-line)# login authentication default
BR1(config-line)# privilege level 15
BR1(config-line)# exit
BR1(config)#
Ana yin rajistan ne kamar yadda a cikin sakin layi na baya:
BR1# exit
User Access Verification
Username: wsrvuz19
Password:
BR1#
Bayan tantancewa, canzawa zuwa yanayin gata yana faruwa.
5. A DUKAN na'urori, saita kalmar sirri ta wsr don shigar da yanayin gata
Ayyukan sun ce kalmar sirri don yanayin gata ya kamata a adana shi a cikin madaidaicin rubutu a matsayin ma'auni, amma yanayin ɓoyewa ga duk kalmomin shiga ba zai ba ku damar duba kalmar sirri a cikin bayyanannen rubutu ba. Don saita kalmar sirri don shigar da yanayin gata, yi amfani da umarnin enable password wsr. Amfani da keyword password, yana ƙayyade nau'in da za a adana kalmar sirri a ciki. Idan kalmar sirri dole ne a rufaffen lokacin ƙirƙirar mai amfani, to, mahimmin kalmar ita ce kalmar secret, kuma ana amfani dashi don buɗaɗɗen ajiya password.
Kuna iya duba saitunan daga duban tsarin na yanzu:
SW1(config)# enable password wsr
SW1(config)# do show running-config
...
enable password wsr
!
username wsrvuz19 privilege 15 secret 5 $1$5I66$TB48YmLoCk9be4jSAH85O0
...
Ana iya ganin kalmar sirrin mai amfani tana adanawa a cikin rufaffen tsari, kuma kalmar sirri don shigar da gata ana adana shi cikin madaidaicin rubutu, kamar yadda aka bayyana a cikin ayyukan.
Don tabbatar da cewa an adana duk kalmomin shiga rufaffiyar, yi amfani da umarnin service password-encryption. Duba tsarin tsari na yanzu zai yi kama da haka:
SW1(config)# do show running-config
...
enable password 7 03134819
!
username wsrvuz19 privilege 15 secret 5 $1$5I66$TB48YmLoCk9be4jSAH85O0
...
Ba a iya ganin kalmar wucewa a bayyanannen rubutu.
source: www.habr.com