Lub WorldSkills lub zog yog tsom rau kom tau txais los ntawm cov neeg tuaj koom feem ntau cov txuj ci tsim nyog uas xav tau hauv kev ua lag luam niaj hnub no. Lub Network thiab System Administration muaj peev xwm muaj peb lub modules: Network, Windows, Linux. Cov haujlwm hloov pauv ntawm kev sib tw mus rau kev sib tw, cov xwm txheej ntawm kev sib tw hloov pauv, tab sis cov qauv ntawm cov dej num rau feem ntau tseem zoo li qub.
Lub Network Island yuav yog thawj zaug vim nws qhov yooj yim txheeb ze rau Linux thiab Windows Islands.
Cov haujlwm hauv qab no yuav raug txiav txim siab hauv kab lus:
- Sau npe tag nrho cov khoom siv raws li topology
- Muab lub npe sau npe wsrvuz19.ru rau txhua yam khoom siv
- Tsim cov neeg siv wsrvuz19 ntawm TXHUA cov khoom siv nrog tus password cisco
- Tus neeg siv lo lus zais yuav tsum muab khaws cia rau hauv qhov kev teeb tsa raws li qhov tshwm sim ntawm hash muaj nuj nqi.
- Tus neeg siv yuav tsum muaj qib siab tshaj plaws.
- Rau TXHUA cov khoom siv, siv tus qauv AAA.
- Kev lees paub ntawm lub console yuav tsum tau ua tiav siv cov ntaub ntawv hauv zos (tshwj tsis yog rau RTR1 thiab RTR2 li)
- Tom qab ua tiav authentication, thaum nkag los ntawm lub console tej thaj chaw deb, tus neeg siv yuav tsum tam sim ntawd nkag mus rau hom nrog lub siab tshaj plaws tsim nyog theem.
- Teem qhov xav tau rau authentication ntawm lub console hauv zos.
- Thaum ua tiav kev lees paub rau lub console hauv zos, tus neeg siv yuav tsum nkag mus rau hom tsis muaj cai tsawg kawg nkaus.
- Ntawm BR1, raws li kev lees paub ua tiav ntawm lub console hauv zos, tus neeg siv yuav tsum nkag mus rau hom nrog rau qib siab tshaj plaws.
- Ntawm txhua yam khoom siv, teeb tsa tus password wsr kom nkag mus rau hom muaj cai.
- Tus password yuav tsum muab khaws cia rau hauv qhov kev teeb tsa TSIS raws li qhov tshwm sim ntawm hash muaj nuj nqi.
- Teem lub hom nyob rau hauv uas tag nrho cov passwords nyob rau hauv configuration yog khaws cia rau hauv daim ntawv encrypted.
Lub network topology ntawm lub cev txheej tau nthuav tawm hauv daim duab hauv qab no:
1. Lub npe TAG NRHO cov khoom siv raws li topology
Txhawm rau teeb tsa lub npe ntaus ntawv (hostname), nkag mus rau cov lus txib los ntawm hom kev teeb tsa thoob ntiaj teb hostname SW1, qhov twg es tsis txhob SW1 koj yuav tsum sau lub npe ntawm cov cuab yeej muab rau hauv cov haujlwm.
Koj tuaj yeem tshawb xyuas qhov teeb tsa pom kev - tsis yog lub preset hloov tau ua SW1:
Switch(config)# hostname SW1
SW1(config)#
Lub luag haujlwm tseem ceeb tom qab ua ib qho kev teeb tsa yog khaws cov kev teeb tsa.
Qhov no tuaj yeem ua tiav los ntawm hom kev teeb tsa thoob ntiaj teb nrog cov lus txib do write:
SW1(config)# do write
Building configuration...
Compressed configuration from 2142 bytes to 1161 bytes[OK]
Los yog los ntawm txoj cai hom nrog cov lus txib write:
SW1# write
Building configuration...
Compressed configuration from 2142 bytes to 1161 bytes[OK]
2. Muab lub npe sau npe wsrvuz19.ru rau txhua yam khoom siv
Koj tuaj yeem teeb tsa lub npe sau npe wsrvuz19.ru los ntawm lub neej ntawd los ntawm hom kev teeb tsa thoob ntiaj teb nrog cov lus txib ip domain-name wsrvuz19.ru.
Daim tshev yog ua los ntawm do show hosts cov ntsiab lus hais kom ua los ntawm hom kev teeb tsa thoob ntiaj teb:
SW1(config)# ip domain-name wsrvuz19.ru
SW1(config)# do show hosts summary
Name lookup view: Global
Default domain is wsrvuz19.ru
...
3. Tsim cov neeg siv wsrvuz19 ntawm TXHUA cov khoom siv nrog tus password cisco
Nws yog ib qho tsim nyog los tsim tus neeg siv zoo li no kom nws muaj qhov siab tshaj plaws ntawm cov cai, thiab tus password khaws cia rau hauv daim ntawv ntawm hash muaj nuj nqi. Tag nrho cov xwm txheej no raug coj mus rau hauv tus account los ntawm pab pawg username wsrvuz19 privilege 15 secret cisco.
Ntawm no:
username wsrvuz19 - Tus neeg siv lub npe;
privilege 15 - qib tsim nyog (0 - qib qis, 15 - qib siab tshaj);
secret cisco - khaws tus password hauv daim ntawv ntawm MD5 hash muaj nuj nqi.
qhia hais kom ua running-config tso cai rau koj los tshuaj xyuas qhov kev teeb tsa tam sim no, qhov twg koj tuaj yeem pom cov kab nrog tus neeg siv ntxiv thiab xyuas kom meej tias tus password khaws cia hauv daim ntawv encrypted:
SW1(config)# username wsrvuz19 privilege 15 secret cisco
SW1(config)# do show running-config
...
username wsrvuz19 privilege 15 secret 5 $1$EFRK$RNvRqTPt5wbB9sCjlBaf4.
...
4. Rau TXHUA cov khoom siv, siv tus qauv AAA
Tus qauv AAA yog ib qho kev lees paub, kev tso cai thiab kev tso nyiaj ntawm cov xwm txheej. Txhawm rau ua tiav txoj haujlwm no, thawj kauj ruam yog txhawm rau ua kom tus qauv AAA thiab qhia meej tias kev lees paub yuav ua tiav siv cov ntaub ntawv hauv zos:
SW1(config)# aaa new-model
SW1(config)# aaa authentication login default local
ib. Kev lees paub ntawm lub console yuav tsum tau ua tiav siv cov ntaub ntawv hauv zos (tshwj tsis yog rau RTR1 thiab RTR2 li)
Cov hauj lwm txhais ob hom consoles: hauv zos thiab tej thaj chaw deb. Lub console tej thaj chaw deb tso cai rau koj siv cov chaw taws teeb sib txuas, piv txwv li, ntawm SSH lossis Telnet raws tu qauv.
Txhawm rau ua kom tiav txoj haujlwm no, nkag mus rau cov lus txib hauv qab no:
SW1(config)# line vty 0 4
SW1(config-line)# login authentication default
SW1(config-line)# exit
SW1(config)#
Pab neeg line vty 0 4 mus rau kev teeb tsa ntawm virtual davhlau ya nyob twg kab ntawm 0 txog 4.
pab neeg login authentication default tig rau lub neej ntawd authentication hom ntawm lub console virtual, thiab lub neej ntawd hom tau teeb tsa hauv txoj haujlwm kawg nrog cov lus txib aaa authentication login default local.
Tawm ntawm qhov chaw taws teeb console configuration hom yog ua tiav siv cov lus txib exit.
Kev kuaj xyuas kom ntseeg tau yuav yog qhov kev sib txuas ntawm Telnet raws tu qauv ntawm ib lub cuab yeej mus rau lwm qhov. Nws yuav tsum tau borne nyob rau hauv lub siab hais tias qhov yooj yim hloov thiab ip-chaw nyob rau hauv cov khoom xaiv yuav tsum tau configured rau qhov no.
SW3#telnet 2001:100::10
User Access Verification
Username: wsrvuz19
Password:
SW1>
b. Tom qab ua tiav authentication, thaum nkag los ntawm lub console tej thaj chaw deb, tus neeg siv yuav tsum tam sim ntawd nkag mus rau hauv hom nrog lub siab tshaj plaws tsim nyog theem.
Txhawm rau daws qhov teeb meem no, koj yuav tsum rov qab mus teeb tsa cov kab txuas virtual thiab teeb tsa cov cai nrog cov lus txib privilege level 15, qhov twg 15 yog dua qib siab tshaj plaws thiab 0 yog qib tsawg kawg nkaus:
SW1(config)# line vty 0 4
SW1(config-line)# privilege level 15
SW1(config-line)# exit
SW1(config)#
Qhov kev sim yuav yog qhov kev daws teeb meem los ntawm cov kab lus dhau los - kev sib txuas ntawm cov chaw taws teeb ntawm Telnet:
SW3#telnet 2001:100::10
User Access Verification
Username: wsrvuz19
Password:
SW1#
Tom qab authentication, tus neeg siv tam sim ntawd nkag mus rau hauv txoj cai hom, bypassing lub unprivileged ib tug, uas txhais tau hais tias cov hauj lwm twb tiav lawm.
cd. Teem qhov xav tau ntawm lub console hauv zos thiab tom qab ua tiav kev lees paub, tus neeg siv yuav tsum nkag mus rau yam tsawg kawg nkaus txoj cai
Cov qauv kev hais kom ua hauv cov haujlwm no yog tib yam li yav dhau los daws cov haujlwm 4.a thiab 4.b. Pab neeg line vty 0 4 yog hloov los ntawm console 0:
SW1(config)# line console 0
SW1(config-line)# login authentication default
SW1(config-line)# privilege level 0
SW1(config-line)# exit
SW1(config)#
Raws li twb tau hais lawm, qhov tsawg kawg nkaus txoj cai yog txiav txim los ntawm tus lej 0. Daim tshev tuaj yeem ua tau raws li hauv qab no:
SW1# exit
User Access Verification
Username: wsrvuz19
Password:
SW1>
Tom qab kev lees paub, tus neeg siv nkag mus rau hom tsis muaj cai, raws li tau hais hauv cov haujlwm.
e. Ntawm BR1, raws li kev lees paub ua tiav ntawm lub console hauv zos, tus neeg siv yuav tsum nkag mus rau hom nrog rau qib siab tshaj plaws.
Teeb tsa lub console hauv zos ntawm BR1 yuav zoo li no:
BR1(config)# line console 0
BR1(config-line)# login authentication default
BR1(config-line)# privilege level 15
BR1(config-line)# exit
BR1(config)#
Kev txheeb xyuas yog ua tib yam li hauv kab lus dhau los:
BR1# exit
User Access Verification
Username: wsrvuz19
Password:
BR1#
Tom qab authentication, hloov mus rau hom muaj cai tshwm sim.
5. Ntawm TAG NRHO cov khoom siv, teeb tus password wsr kom nkag mus rau hom muaj cai
Cov dej num hais tias tus password rau hom muaj cai yuav tsum muab khaws cia raws li tus qauv hauv cov ntawv ntshiab, tab sis hom encryption ntawm txhua tus password yuav tsis tso cai rau koj pom tus password hauv cov ntawv ntshiab. Txhawm rau teeb tsa tus password kom nkag mus rau hom muaj cai, siv cov lus txib enable password wsr. Siv lo lus tseem ceeb password, txiav txim siab hom uas tus password yuav raug khaws cia. Yog hais tias tus password yuav tsum tau encrypted thaum tsim ib tug neeg siv, ces lo lus tseem ceeb yog lo lus secret, thiab khaws cia rau hauv daim ntawv qhib yog siv password.
Koj tuaj yeem tshawb xyuas cov kev teeb tsa los ntawm kev pom kev teeb tsa tam sim no:
SW1(config)# enable password wsr
SW1(config)# do show running-config
...
enable password wsr
!
username wsrvuz19 privilege 15 secret 5 $1$5I66$TB48YmLoCk9be4jSAH85O0
...
Nws tuaj yeem pom tau tias tus neeg siv tus password yog khaws cia hauv daim ntawv encrypted, thiab tus password nkag mus rau hom kev cai lij choj khaws cia hauv cov ntawv ntshiab, raws li tau hais hauv cov haujlwm.
Txhawm rau kom tag nrho cov passwords khaws cia hauv daim ntawv encrypted, koj yuav tsum siv cov lus txib service password-encryption. Saib qhov kev teeb tsa tam sim no yuav zoo li no:
SW1(config)# do show running-config
...
enable password 7 03134819
!
username wsrvuz19 privilege 15 secret 5 $1$5I66$TB48YmLoCk9be4jSAH85O0
...
Tus password tsis tuaj yeem pom hauv qhov tseeb.
Tau qhov twg los: www.hab.com