Peb txuas ntxiv txheeb xyuas cov haujlwm ntawm Network module ntawm WorldSkills kev sib tw hauv "Network thiab System Administration" kev muaj peev xwm.
Cov haujlwm hauv qab no yuav raug txiav txim siab hauv kab lus:
- Ntawm txhua yam khoom siv, tsim virtual interfaces, subinterfaces, thiab loopback interfaces. Muab IP chaw nyob raws li topology.
- Pab kom SLAAC mechanism los tawm IPv6 chaw nyob hauv MNG network ntawm RTR1 router interface;
- Ntawm virtual interfaces hauv VLAN 100 (MNG) ntawm cov keyboards SW1, SW2, SW3, pab kom IPv6 nws pib-configuration hom;
- Ntawm TAG NRHO cov khoom siv (tshwj tsis yog PC1 thiab WEB) manually xa cov chaw nyob hauv zos;
- Ntawm ALL keyboards, lov tes taw TAG NRHO cov chaw nres nkoj tsis siv hauv kev ua haujlwm thiab hloov mus rau VLAN 99;
- Ntawm kev hloov SW1, qhib lub xauv rau 1 feeb yog tias tus password nkag mus tsis raug ob zaug hauv 30 vib nas this;
- Txhua yam khoom siv yuav tsum tswj tau ntawm SSH version 2.
Lub network topology ntawm lub cev txheej tau nthuav tawm hauv daim duab hauv qab no:
Lub network topology ntawm qib cov ntaub ntawv txuas tau nthuav tawm hauv daim duab hauv qab no:
Lub network topology ntawm qib network tau nthuav tawm hauv daim duab hauv qab no:
preseting
Ua ntej ua cov haujlwm saum toj no, nws tsim nyog teeb tsa kev hloov pauv ntawm cov keyboards SW1-SW3, vim nws yuav yooj yim dua los xyuas lawv cov chaw yav tom ntej. Kev teeb tsa hloov pauv yuav piav qhia meej hauv tsab xov xwm tom ntej, tab sis tam sim no tsuas yog cov chaw yuav raug txhais.
Thawj kauj ruam yog los tsim vlans nrog cov lej 99, 100 thiab 300 ntawm txhua qhov hloov pauv:
SW1(config)#vlan 99
SW1(config-vlan)#exit
SW1(config)#vlan 100
SW1(config-vlan)#exit
SW1(config)#vlan 300
SW1(config-vlan)#exit
Cov kauj ruam tom ntej yog hloov interface g0/1 rau SW1 rau vlan tooj 300:
SW1(config)#interface gigabitEthernet 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 300
SW1(config-if)#exit
Interfaces f0/1-2, f0/5-6, uas fim lwm yam keyboards, yuav tsum tau hloov mus rau lub cev hom:
SW1(config)#interface range fastEthernet 0/1-2, fastEthernet 0/5-6
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#exit
Ntawm kev hloov SW2 hauv hom pob tw yuav muaj qhov cuam tshuam f0/1-4:
SW2(config)#interface range fastEthernet 0/1-4
SW2(config-if-range)#switchport trunk encapsulation dot1q
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#exit
Ntawm kev hloov SW3 hauv lub cev hom yuav muaj kev cuam tshuam f0/3-6, g0/1:
SW3(config)#interface range fastEthernet 0/3-6, gigabitEthernet 0/1
SW3(config-if-range)#switchport trunk encapsulation dot1q
SW3(config-if-range)#switchport mode trunk
SW3(config-if-range)#exit
Nyob rau theem no, qhov hloov chaw yuav tso cai rau kev sib pauv ntawm cov ntawv tagged, uas yuav tsum tau ua kom tiav cov haujlwm.
1. Tsim virtual interfaces, subinterfaces, thiab loopback interfaces ntawm TXHUA cov khoom siv. Muab IP chaw nyob raws li topology.
Router BR1 yuav raug teeb tsa ua ntej. Raws li L3 topology, ntawm no koj yuav tsum teeb tsa lub voj-hom interface, tseem hu ua loopback, tus lej 101:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ loopback
BR1(config)#interface loopback 101
// ΠΠ°Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅ ipv4-Π°Π΄ΡΠ΅ΡΠ°
BR1(config-if)#ip address 2.2.2.2 255.255.255.255
// ΠΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ipv6 Π½Π° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅
BR1(config-if)#ipv6 enable
// ΠΠ°Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅ ipv6-Π°Π΄ΡΠ΅ΡΠ°
BR1(config-if)#ipv6 address 2001:B:A::1/64
// ΠΡΡ
ΠΎΠ΄ ΠΈΠ· ΡΠ΅ΠΆΠΈΠΌΠ° ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
BR1(config-if)#exit
BR1(config)#
Txhawm rau txheeb xyuas cov xwm txheej ntawm qhov tsim interface, koj tuaj yeem siv cov lus txib show ipv6 interface brief:
BR1#show ipv6 interface brief
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local Π°Π΄ΡΠ΅Ρ
2001:B:A::1 //IPv6-Π°Π΄ΡΠ΅Ρ
...
BR1#
Ntawm no koj tuaj yeem pom tias loopback yog nquag, nws lub xeev UP. Yog tias koj saib hauv qab no, koj tuaj yeem pom ob qhov chaw nyob IPv6, txawm hais tias tsuas yog ib qho lus txib tau siv los teeb tsa IPv6 chaw nyob. Qhov tseeb yog qhov ntawd FE80::2D0:97FF:FE94:5022 yog qhov txuas-qhov chaw nyob hauv zos uas tau muab thaum ipv6 tau qhib rau ntawm kev sib txuas nrog cov lus txib ipv6 enable.
Thiab txhawm rau saib IPv4 chaw nyob, siv cov lus txib zoo sib xws:
BR1#show ip interface brief
...
Loopback101 2.2.2.2 YES manual up up
...
BR1#
Rau BR1, koj yuav tsum tau teeb tsa lub g0/0 interface tam sim; ntawm no koj tsuas yog yuav tsum teeb tsa IPv6 chaw nyob:
// ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ Π² ΡΠ΅ΠΆΠΈΠΌ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
BR1(config)#interface gigabitEthernet 0/0
// ΠΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
BR1(config-if)#no shutdown
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:B:C::1/64
BR1(config-if)#exit
BR1(config)#
Koj tuaj yeem tshawb xyuas cov chaw nrog tib cov lus txib show ipv6 interface brief:
BR1#show ipv6 interface brief
GigabitEthernet0/0 [up/up]
FE80::290:CFF:FE9D:4624 //link-local Π°Π΄ΡΠ΅Ρ
2001:B:C::1 //IPv6-Π°Π΄ΡΠ΅Ρ
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local Π°Π΄ΡΠ΅Ρ
2001:B:A::1 //IPv6-Π°Π΄ΡΠ΅Ρ
Tom ntej no, ISP router yuav raug teeb tsa. Ntawm no, raws li txoj haujlwm, tus lej rov qab 0 yuav raug teeb tsa, tab sis ntxiv rau qhov no, nws yog qhov zoo dua los teeb tsa g0/0 interface, uas yuav tsum muaj qhov chaw nyob 30.30.30.1, vim tias hauv cov haujlwm tom ntej tsis muaj dab tsi yuav hais txog. teeb tsa cov interfaces no. Ua ntej, loopback naj npawb 0 yog configured:
ISP(config)#interface loopback 0
ISP(config-if)#ip address 8.8.8.8 255.255.255.255
ISP(config-if)#ipv6 enable
ISP(config-if)#ipv6 address 2001:A:C::1/64
ISP(config-if)#exit
ISP(config)#
Pab neeg show ipv6 interface brief Koj tuaj yeem txheeb xyuas tau tias qhov kev teeb tsa interface yog lawm. Ces interface g0/0 yog configured:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.1 255.255.255.252
BR1(config-if)#exit
BR1(config)#
Tom ntej no, RTR1 router yuav raug teeb tsa. Ntawm no koj kuj yuav tsum tau tsim ib lub voj rov qab 100:
BR1(config)#interface loopback 100
BR1(config-if)#ip address 1.1.1.1 255.255.255.255
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:A:B::1/64
BR1(config-if)#exit
BR1(config)#
Tsis tas li ntawm RTR1 koj yuav tsum tsim 2 virtual subinterfaces rau vlans nrog cov lej 100 thiab 300. Qhov no tuaj yeem ua tau raws li hauv qab no.
Ua ntej, koj yuav tsum tau ua kom lub cev interface g0/1 tsis muaj kev kaw lus:
RTR1(config)#interface gigabitEthernet 0/1
RTR1(config-if)#no shutdown
RTR1(config-if)#exit
Tom qab ntawd subinterfaces nrog cov lej 100 thiab 300 raug tsim thiab teeb tsa:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΠΏΠΎΠ΄ΡΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ° Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ 100 ΠΈ ΠΏΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π΅Π³ΠΎ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅
RTR1(config)#interface gigabitEthernet 0/1.100
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ ΡΠΈΠΏΠ° dot1q Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 100
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:100::1/64
RTR1(config-subif)#exit
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΠΏΠΎΠ΄ΡΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ° Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ 300 ΠΈ ΠΏΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π΅Π³ΠΎ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅
RTR1(config)#interface gigabitEthernet 0/1.300
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ ΡΠΈΠΏΠ° dot1q Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 300
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:300::2/64
RTR1(config-subif)#exit
Tus lej subinterface yuav txawv ntawm tus lej vlan uas nws yuav ua haujlwm, tab sis kom yooj yim nws yog qhov zoo dua los siv tus lej subinterface uas phim tus lej vlan. Yog tias koj teeb tsa hom encapsulation thaum teeb tsa subinterface, koj yuav tsum qhia tus lej uas phim tus lej vlan. Yog li tom qab cov lus txib encapsulation dot1Q 300 lub subinterface tsuas yog dhau los ntawm vlan pob ntawv nrog tus lej 300.
Cov kauj ruam kawg hauv txoj haujlwm no yuav yog RTR2 router. Kev sib txuas ntawm SW1 thiab RTR2 yuav tsum nyob rau hauv hom kev nkag, qhov hloov pauv yuav dhau mus rau RTR2 nkaus xwb pob ntawv npaj rau vlan tooj 300, qhov no tau hais hauv txoj haujlwm ntawm L2 topology. Yog li ntawd, tsuas yog lub cev interface yuav raug teeb tsa ntawm RTR2 router yam tsis tau tsim subinterfaces:
RTR2(config)#interface gigabitEthernet 0/1
RTR2(config-if)#no shutdown
RTR2(config-if)#ipv6 enable
RTR2(config-if)#ipv6 address 2001:300::3/64
RTR2(config-if)#exit
RTR2(config)#
Ces interface g0/0 yog configured:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.2 255.255.255.252
BR1(config-if)#exit
BR1(config)#
Qhov no ua tiav qhov teeb tsa ntawm router interfaces rau txoj haujlwm tam sim no. Cov seem interfaces yuav raug teeb tsa thaum koj ua tiav cov haujlwm hauv qab no.
ib. Pab kom SLAAC mechanism los tawm IPv6 chaw nyob hauv MNG network ntawm RTR1 router interface
Lub tshuab SLAAC tau qhib los ntawm lub neej ntawd. Tib yam uas koj yuav tsum tau ua yog pab kom IPv6 routing. Koj tuaj yeem ua qhov no nrog cov lus txib hauv qab no:
RTR1(config-subif)#ipv6 unicast-routing
Yog tsis muaj cov lus txib no, cov cuab yeej siv ua tus tswv tsev. Hauv lwm lo lus, ua tsaug rau cov lus txib saum toj no, nws tuaj yeem siv ipv6 ntxiv rau, suav nrog muab ipv6 chaw nyob, teeb tsa routing, thiab lwm yam.
b. Ntawm virtual interfaces hauv VLAN 100 (MNG) ntawm cov keyboards SW1, SW2, SW3, pab kom IPv6 nws pib-configuration hom
Los ntawm L3 topology nws yog qhov tseeb tias cov keyboards txuas nrog VLAN 100. Qhov no txhais tau hais tias nws yog qhov tsim nyog los tsim virtual interfaces ntawm cov keyboards, thiab tsuas yog muab lawv kom tau txais IPv6 chaw nyob los ntawm lub neej ntawd. Thawj qhov kev teeb tsa tau ua tiav qhov tseeb kom cov keyboards tuaj yeem tau txais qhov chaw nyob ntawm RTR1. Koj tuaj yeem ua tiav txoj haujlwm no siv cov npe hauv qab no ntawm cov lus txib, haum rau tag nrho peb lub keyboards:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
SW1(config)#interface vlan 100
SW1(config-if)#ipv6 enable
// ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ ipv6 Π°Π΄ΡΠ΅ΡΠ° Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ
SW1(config-if)#ipv6 address autoconfig
SW1(config-if)#exit
Koj tuaj yeem tshawb xyuas txhua yam nrog tib cov lus txib show ipv6 interface brief:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::A8BB:CCFF:FE80:C000 // link-local Π°Π΄ΡΠ΅Ρ
2001:100::A8BB:CCFF:FE80:C000 // ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΉ IPv6-Π°Π΄ΡΠ΅Ρ
Ntxiv rau qhov txuas-chaw nyob hauv zos, qhov chaw nyob ipv6 tau txais los ntawm RTR1 tshwm sim. Txoj haujlwm no tau ua tiav tiav, thiab tib cov lus txib yuav tsum tau sau rau ntawm cov keyboards ntxiv.
Nrog. Ntawm TAG NRHO cov khoom siv (tshwj tsis yog PC1 thiab WEB) manually muab cov chaw nyob txuas-hauv zos
Peb caug-tus lej IPv6 chaw nyob tsis muaj kev lom zem rau cov thawj coj, yog li nws tuaj yeem hloov pauv qhov txuas-hauv zos, txo nws qhov ntev mus rau qhov tsawg kawg nkaus. Cov hauj lwm tsis hais dab tsi txog qhov chaw nyob xaiv, yog li muaj kev xaiv dawb ntawm no.
Piv txwv li, ntawm kev hloov SW1 koj yuav tsum tau teeb tsa qhov txuas-qhov chaw nyob fe80::10. Qhov no tuaj yeem ua tiav nrog cov lus txib hauv qab no los ntawm hom kev teeb tsa ntawm lub interface xaiv:
// ΠΡ
ΠΎΠ΄ Π² Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ vlan 100
SW1(config)#interface vlan 100
// Π ΡΡΠ½Π°Ρ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° link-local Π°Π΄ΡΠ΅ΡΠ°
SW1(config-if)#ipv6 address fe80::10 link-local
SW1(config-if)#exit
Tam sim no hais lus zoo li ntxim nyiam ntau dua:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::10 //link-local Π°Π΄ΡΠ΅c
2001:100::10 //IPv6-Π°Π΄ΡΠ΅Ρ
Ntxiv nrog rau qhov txuas-chaw nyob hauv zos, qhov chaw nyob IPv6 tau txais kuj tau hloov pauv, txij li qhov chaw nyob yog muab raws li qhov txuas-chaw nyob hauv zos.
Ntawm kev hloov SW1 nws yog qhov tsim nyog los teeb tsa ib qho txuas-hauv zos chaw nyob ntawm ib qho interface. Nrog rau RTR1 router, koj yuav tsum tau ua ntau qhov chaw - koj yuav tsum teeb tsa qhov txuas-hauv zos ntawm ob lub subinterfaces, ntawm lub voj rov qab, thiab hauv cov chaw tom ntej lub qhov 100 interface yuav tshwm sim.
Txhawm rau zam qhov tsis tsim nyog sau cov lus txib, koj tuaj yeem teeb tsa tib qhov txuas-chaw nyob hauv zos ntawm txhua qhov sib cuam tshuam ib zaug. Koj tuaj yeem ua qhov no siv lo lus tseem ceeb range Tom qab ntawd sau tag nrho cov interfaces:
// ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΈΡ
ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ²
RTR1(config)#interface range gigabitEthernet 0/1.100, gigabitEthernet 0/1.300, loopback 100
// Π ΡΡΠ½Π°Ρ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° link-local Π°Π΄ΡΠ΅ΡΠ°
RTR1(config-if)#ipv6 address fe80::1 link-local
RTR1(config-if)#exit
Thaum kuaj xyuas cov interfaces, koj yuav pom tias qhov txuas-qhov chaw nyob tau hloov pauv ntawm txhua qhov kev xaiv interfaces:
RTR1#show ipv6 interface brief
gigabitEthernet 0/1.100 [up/up]
FE80::1
2001:100::1
gigabitEthernet 0/1.300 [up/up]
FE80::1
2001:300::2
Loopback100 [up/up]
FE80::1
2001:A:B::1
Tag nrho lwm yam khoom siv tau teeb tsa hauv txoj kev zoo sib xws
d. Ntawm ALL keyboards, lov tes taw TAG NRHO cov chaw nres nkoj tsis siv hauv txoj haujlwm thiab hloov mus rau VLAN 99
Lub tswv yim yooj yim yog tib txoj kev xaiv ntau yam interfaces los teeb tsa siv cov lus txib range, thiab tsuas yog tom qab ntawd koj yuav tsum sau cov lus txib kom hloov mus rau qhov xav tau vlan thiab tom qab ntawd tua cov interfaces. Piv txwv li, hloov SW1, raws li L1 topology, yuav muaj cov chaw nres nkoj f0/3-4, f0/7-8, f0/11-24 thiab g0/2 neeg xiam. Rau qhov piv txwv no, kev teeb tsa yuav yog raws li hauv qab no:
// ΠΡΠ±ΠΎΡ Π²ΡΠ΅Ρ
Π½Π΅ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌΡΡ
ΠΏΠΎΡΡΠΎΠ²
SW1(config)#interface range fastEthernet 0/3-4, fastEthernet 0/7-8, fastEthernet 0/11-24, gigabitEthernet 0/2
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΡΠ΅ΠΆΠΈΠΌΠ° access Π½Π° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°Ρ
SW1(config-if-range)#switchport mode access
// ΠΠ΅ΡΠ΅Π²ΠΎΠ΄ Π² VLAN 99 ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ²
SW1(config-if-range)#switchport access vlan 99
// ΠΡΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ²
SW1(config-if-range)#shutdown
SW1(config-if-range)#exit
Thaum kuaj xyuas cov chaw nrog cov lus txib uas twb paub lawm, nws tsim nyog sau cia tias txhua qhov chaw nres nkoj tsis siv yuav tsum muaj xwm txheej kev tswj hwm nqis, qhia tias qhov chaw nres nkoj yog neeg xiam:
SW1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
...
fastEthernet 0/3 unassigned YES unset administratively down down
Txhawm rau pom qhov vlan qhov chaw nres nkoj nyob hauv, koj tuaj yeem siv lwm cov lus txib:
SW1#show ip vlan
...
99 VLAN0099 active Fa0/3, Fa0/4, Fa0/7, Fa0/8
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/2
...
Tag nrho cov tsis siv interfaces yuav tsum nyob ntawm no. Nws yog tsim nyog sau cia tias nws yuav tsis muaj peev xwm hloov cov interfaces rau vlan yog tias qhov vlan tsis tau tsim. Nws yog rau lub hom phiaj no tias hauv kev teeb tsa thawj zaug tag nrho cov vlans tsim nyog rau kev ua haujlwm tau tsim.
e. Ntawm kev hloov SW1, qhib lub xauv rau 1 feeb yog tias tus password nkag mus tsis raug ob zaug hauv 30 vib nas this
Koj tuaj yeem ua qhov no nrog cov lus txib hauv qab no:
// ΠΠ»ΠΎΠΊΠΈΡΠΎΠ²ΠΊΠ° Π½Π° 60Ρ; ΠΠΎΠΏΡΡΠΊΠΈ: 2; Π ΡΠ΅ΡΠ΅Π½ΠΈΠ΅: 30Ρ
SW1#login block-for 60 attempts 2 within 30
Koj tuaj yeem tshawb xyuas cov kev teeb tsa no raws li hauv qab no:
SW1#show login
...
If more than 2 login failures occur in 30 seconds or less,
logins will be disabled for 60 seconds.
...
Qhov twg nws tau piav qhia meej tias tom qab ob qhov kev sim ua tsis tiav hauv 30 vib nas this lossis tsawg dua, lub peev xwm nkag mus yuav raug thaiv rau 60 vib nas this.
2. Txhua yam khoom siv yuav tsum tswj tau ntawm SSH version 2
Txhawm rau kom cov cuab yeej siv tau los ntawm SSH version 2, nws yog qhov yuav tsum tau ua ntej teeb tsa cov cuab yeej, yog li rau cov ntaub ntawv xov xwm, peb yuav xub teeb tsa cov cuab yeej nrog lub Hoobkas teeb tsa.
Koj tuaj yeem hloov qhov puncture version raws li hauv qab no:
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΈΡΡ Π²Π΅ΡΡΠΈΡ SSH Π²Π΅ΡΡΠΈΠΈ 2
Router(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
Router(config)#
Lub kaw lus thov kom koj tsim RSA yuam sij rau SSH version 2 ua haujlwm.
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ RSA ΠΊΠ»ΡΡΠ΅ΠΉ
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#
Lub kaw lus tsis tso cai rau kev ua tiav vim tias lub npe host tsis tau hloov pauv. Tom qab hloov lub hostname, koj yuav tsum tau sau cov lus txib tseem ceeb dua:
Router(config)#hostname R1
R1(config)#crypto key generate rsa
% Please define a domain-name first.
R1(config)#
Tam sim no lub kaw lus tsis tso cai rau koj los tsim RSA yuam sij vim tsis muaj lub npe sau npe. Thiab tom qab txhim kho lub npe sau, nws yuav muaj peev xwm tsim RSA yuam sij. RSA yuam sij yuav tsum yog tsawg kawg yog 768 ntsis ntev rau SSH version 2 ua haujlwm:
R1(config)#ip domain-name wsrvuz19.ru
R1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Yog li ntawd, nws hloov tawm tias rau SSHv2 ua haujlwm nws yog qhov tsim nyog:
- Hloov hostname;
- Hloov lub npe sau npe;
- Tsim cov yuam sij RSA.
Cov kab lus dhau los tau qhia yuav ua li cas hloov lub npe hostname thiab lub npe sau npe ntawm txhua yam khoom siv, yog li thaum txuas ntxiv teeb tsa cov cuab yeej tam sim no, koj tsuas yog yuav tsum tsim cov yuam sij RSA:
RTR1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
SSH version 2 yog nquag, tab sis cov khoom siv tseem tsis tau teeb tsa tag nrho. Cov kauj ruam kawg yuav teeb tsa virtual consoles:
// ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΡ
ΠΊΠΎΠ½ΡΠΎΠ»Π΅ΠΉ
R1(config)#line vty 0 4
// Π Π°Π·ΡΠ΅ΡΠ΅Π½ΠΈΠ΅ ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΡ ΡΠΎΠ»ΡΠΊΠΎ ΠΏΠΎ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Ρ SSH
RTR1(config-line)#transport input ssh
RTR1(config-line)#exit
Hauv tsab xov xwm dhau los, tus qauv AAA tau teeb tsa, qhov kev lees paub tau teeb tsa ntawm virtual consoles siv cov ntaub ntawv hauv zos, thiab tus neeg siv, tom qab kev lees paub, yuav tsum tau mus rau hauv txoj cai tam sim. Qhov kev sim yooj yim tshaj plaws ntawm SSH kev ua haujlwm yog sim txuas rau koj tus kheej cov khoom siv. RTR1 muaj lub voj rov qab nrog IP chaw nyob 1.1.1.1, koj tuaj yeem sim txuas rau qhov chaw nyob no:
//ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΏΠΎ ssh
RTR1(config)#do ssh -l wsrvuz19 1.1.1.1
Password:
RTR1#
Tom qab tus yuam sij -l Nkag mus rau tus ID nkag mus ntawm tus neeg siv uas twb muaj lawm, thiab tom qab ntawd tus password. Tom qab kev lees paub, tus neeg siv tam sim ntawd hloov mus rau hom muaj cai, uas txhais tau hais tias SSH tau teeb tsa kom raug.
Tau qhov twg los: www.hab.com