Tikupitiriza kusanthula ntchito za Network module ya mpikisano wa WorldSkills mu luso la "Network and System Administration".
Ntchito zotsatirazi zidzakambidwa m'nkhaniyi:
- Pazida ZONSE, pangani zolumikizira zenizeni, zolumikizirana, ndi zolumikizira zobwerera kumbuyo. Perekani ma adilesi a IP molingana ndi topology.
- Yambitsani makina a SLAAC kuti atulutse ma adilesi a IPv6 mu netiweki ya MNG pa mawonekedwe a rauta ya RTR1;
- Pamalo olumikizirana ndi VLAN 100 (MNG) pa ma switch SW1, SW2, SW3, yambitsani IPv6 auto-configuration mode;
- Pazida ZONSE (kupatula PC1 ndi WEB) perekani ma adilesi am'deralo pamanja;
- Pa masiwichi ONSE, zimitsani madoko ONSE omwe sanagwiritsidwe ntchito ndikusamutsira ku VLAN 99;
- Pa switch SW1, yambitsani loko kwa mphindi imodzi ngati mutalowetsa mawu achinsinsi molakwika kawiri mkati mwa masekondi 1;
- Zida zonse ziyenera kuyendetsedwa kudzera mu mtundu wa 2 wa SSH.
Netiweki topology pagulu lakuthupi ikuwonetsedwa mu chithunzi chotsatirachi:
The network topology pamlingo wolumikizana ndi data ikuwonetsedwa mu chithunzi chotsatirachi:
The network topology pa network level ikuwonetsedwa mu chithunzi chotsatirachi:
kukhazikitsa
Musanagwire ntchito zomwe zili pamwambapa, ndikofunikira kukhazikitsa zosintha zoyambira SW1-SW3, chifukwa zidzakhala zosavuta kuyang'ana makonda awo mtsogolo. Kukonzekera kosinthika kudzafotokozedwa mwatsatanetsatane m'nkhani yotsatira, koma pakali pano zokhazokha zidzafotokozedwa.
Gawo loyamba ndikupanga ma vlan okhala ndi manambala 99, 100 ndi 300 pama switch onse:
SW1(config)#vlan 99
SW1(config-vlan)#exit
SW1(config)#vlan 100
SW1(config-vlan)#exit
SW1(config)#vlan 300
SW1(config-vlan)#exit
Chotsatira ndikusamutsa mawonekedwe g0/1 kupita ku SW1 kupita ku nambala ya vlan 300:
SW1(config)#interface gigabitEthernet 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 300
SW1(config-if)#exit
Zolumikizira f0/1-2, f0/5-6, zomwe zimayang'anizana ndi masiwichi ena, ziyenera kusinthidwa kukhala thunthu:
SW1(config)#interface range fastEthernet 0/1-2, fastEthernet 0/5-6
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#exit
Pa switch SW2 mu thunthu mode padzakhala zolumikizira f0/1-4:
SW2(config)#interface range fastEthernet 0/1-4
SW2(config-if-range)#switchport trunk encapsulation dot1q
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#exit
Pa switch SW3 mu thunthu mode padzakhala zolumikizira f0/3-6, g0/1:
SW3(config)#interface range fastEthernet 0/3-6, gigabitEthernet 0/1
SW3(config-if-range)#switchport trunk encapsulation dot1q
SW3(config-if-range)#switchport mode trunk
SW3(config-if-range)#exit
Panthawiyi, zosintha zosintha zidzalola kusinthana kwa mapaketi olembedwa, omwe amafunikira kuti amalize ntchito.
1. Pangani ma interfaces enieni, ma subinterfaces, ndi loopback interfaces pa ZONSE. Perekani ma adilesi a IP molingana ndi topology.
Router BR1 idzakonzedwa poyamba. Malinga ndi L3 topology, apa muyenera kukonza mawonekedwe a loop, omwe amadziwikanso kuti loopback, nambala 101:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ loopback
BR1(config)#interface loopback 101
// ΠΠ°Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅ ipv4-Π°Π΄ΡΠ΅ΡΠ°
BR1(config-if)#ip address 2.2.2.2 255.255.255.255
// ΠΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ipv6 Π½Π° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅
BR1(config-if)#ipv6 enable
// ΠΠ°Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅ ipv6-Π°Π΄ΡΠ΅ΡΠ°
BR1(config-if)#ipv6 address 2001:B:A::1/64
// ΠΡΡ
ΠΎΠ΄ ΠΈΠ· ΡΠ΅ΠΆΠΈΠΌΠ° ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
BR1(config-if)#exit
BR1(config)#
Kuti muwone momwe mawonekedwe adapangidwira, mutha kugwiritsa ntchito lamulo show ipv6 interface brief:
BR1#show ipv6 interface brief
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local Π°Π΄ΡΠ΅Ρ
2001:B:A::1 //IPv6-Π°Π΄ΡΠ΅Ρ
...
BR1#
Apa mutha kuwona kuti loopback ikugwira ntchito, mkhalidwe wake UP. Mukayang'ana pansipa, mutha kuwona ma adilesi awiri a IPv6, ngakhale kuti lamulo limodzi lokha linagwiritsidwa ntchito kukhazikitsa adilesi ya IPv6. Zoona zake nβzakuti FE80::2D0:97FF:FE94:5022 ndi ulalo-adilesi yakomweko yomwe imaperekedwa pomwe ipv6 yayatsidwa pa mawonekedwe ndi lamulo ipv6 enable.
Ndipo kuti muwone adilesi ya IPv4, gwiritsani ntchito lamulo lofananalo:
BR1#show ip interface brief
...
Loopback101 2.2.2.2 YES manual up up
...
BR1#
Kwa BR1, muyenera kukonza mawonekedwe a g0/0 nthawi yomweyo; apa mukungofunika kukhazikitsa adilesi ya IPv6:
// ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ Π² ΡΠ΅ΠΆΠΈΠΌ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
BR1(config)#interface gigabitEthernet 0/0
// ΠΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
BR1(config-if)#no shutdown
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:B:C::1/64
BR1(config-if)#exit
BR1(config)#
Mukhoza kuyang'ana zoikamo ndi lamulo lomwelo show ipv6 interface brief:
BR1#show ipv6 interface brief
GigabitEthernet0/0 [up/up]
FE80::290:CFF:FE9D:4624 //link-local Π°Π΄ΡΠ΅Ρ
2001:B:C::1 //IPv6-Π°Π΄ΡΠ΅Ρ
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local Π°Π΄ΡΠ΅Ρ
2001:B:A::1 //IPv6-Π°Π΄ΡΠ΅Ρ
Kenako, rauta ya ISP idzakonzedwa. Pano, molingana ndi ntchitoyi, nambala ya loopback 0 idzakonzedwa, koma kuwonjezera pa izi, ndibwino kuti muyike mawonekedwe a g0/0, omwe ayenera kukhala ndi adiresi 30.30.30.1, chifukwa chakuti m'zinthu zotsatila palibe chomwe chidzanenedwe. kukhazikitsa zolumikizira izi. Choyamba, nambala ya loopback 0 imakonzedwa:
ISP(config)#interface loopback 0
ISP(config-if)#ip address 8.8.8.8 255.255.255.255
ISP(config-if)#ipv6 enable
ISP(config-if)#ipv6 address 2001:A:C::1/64
ISP(config-if)#exit
ISP(config)#
timu show ipv6 interface brief Mukhoza kutsimikizira kuti mawonekedwe a mawonekedwe ndi olondola. Kenako mawonekedwe a g0/0 amakonzedwa:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.1 255.255.255.252
BR1(config-if)#exit
BR1(config)#
Kenako, rauta ya RTR1 idzakonzedwa. Apa muyeneranso kupanga loopback nambala 100:
BR1(config)#interface loopback 100
BR1(config-if)#ip address 1.1.1.1 255.255.255.255
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:A:B::1/64
BR1(config-if)#exit
BR1(config)#
Komanso pa RTR1 muyenera kupanga 2 ma subinterfaces a vlans okhala ndi manambala 100 ndi 300. Izi zitha kuchitika motere.
Choyamba, muyenera kuyatsa mawonekedwe a g0/1 popanda lamulo loletsa:
RTR1(config)#interface gigabitEthernet 0/1
RTR1(config-if)#no shutdown
RTR1(config-if)#exit
Kenako ma subinterface okhala ndi manambala 100 ndi 300 amapangidwa ndikukonzedwa:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΠΏΠΎΠ΄ΡΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ° Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ 100 ΠΈ ΠΏΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π΅Π³ΠΎ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅
RTR1(config)#interface gigabitEthernet 0/1.100
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ ΡΠΈΠΏΠ° dot1q Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 100
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:100::1/64
RTR1(config-subif)#exit
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΠΏΠΎΠ΄ΡΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ° Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ 300 ΠΈ ΠΏΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π΅Π³ΠΎ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅
RTR1(config)#interface gigabitEthernet 0/1.300
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ ΡΠΈΠΏΠ° dot1q Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 300
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:300::2/64
RTR1(config-subif)#exit
Nambala ya subinterface ikhoza kusiyana ndi nambala ya vlan yomwe idzagwire ntchito, koma kuti zikhale zosavuta ndi bwino kugwiritsa ntchito nambala ya subinterface yomwe ikufanana ndi nambala ya vlan. Ngati muyika mtundu wa encapsulation pokhazikitsa subinterface, muyenera kufotokoza nambala yomwe ikufanana ndi nambala ya vlan. Choncho pambuyo pa lamulo encapsulation dot1Q 300 subinterface idzangodutsa mapaketi a vlan okhala ndi nambala 300.
Gawo lomaliza pa ntchitoyi lidzakhala rauta ya RTR2. Kulumikizana pakati pa SW1 ndi RTR2 kuyenera kukhala munjira yolowera, mawonekedwe osinthira adzadutsa ku RTR2 mapaketi okhawo omwe amapangidwira vlan nambala 300, izi zanenedwa mu ntchito ya L2 topology. Chifukwa chake, mawonekedwe akuthupi okha ndi omwe angakonzedwe pa rauta ya RTR2 popanda kupanga ma subinterfaces:
RTR2(config)#interface gigabitEthernet 0/1
RTR2(config-if)#no shutdown
RTR2(config-if)#ipv6 enable
RTR2(config-if)#ipv6 address 2001:300::3/64
RTR2(config-if)#exit
RTR2(config)#
Kenako mawonekedwe a g0/0 amakonzedwa:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.2 255.255.255.252
BR1(config-if)#exit
BR1(config)#
Izi zimamaliza kasinthidwe ka ma routers a ntchito yomwe ilipo. Ma interface otsalawo adzakonzedwa mukamaliza ntchito zotsatirazi.
a. Yambitsani makina a SLAAC kuti atulutse ma adilesi a IPv6 mu netiweki ya MNG pa mawonekedwe a rauta ya RTR1
Njira ya SLAAC imathandizidwa ndi kusakhazikika. Zomwe muyenera kuchita ndikutsegula njira za IPv6. Mutha kuchita izi ndi lamulo ili:
RTR1(config-subif)#ipv6 unicast-routing
Popanda lamulo ili, zida zimagwira ntchito ngati wolandira. Mwanjira ina, chifukwa cha lamulo lomwe lili pamwambapa, zimakhala zotheka kugwiritsa ntchito zina za ipv6, kuphatikiza kupereka ma adilesi a ipv6, kukhazikitsa njira, ndi zina.
b. Pamalo olumikizirana ndi VLAN 100 (MNG) pa masiwichi SW1, SW2, SW3, yambitsani makina osintha a IPv6
Kuchokera ku L3 topology zikuwonekeratu kuti zosinthazo zimagwirizanitsidwa ndi VLAN 100. Izi zikutanthauza kuti m'pofunika kupanga mawonekedwe enieni pa zosinthika, ndiyeno perekani kuti alandire ma adilesi a IPv6 mwachisawawa. Kukonzekera koyambirira kunachitika ndendende kuti masiwichi athe kulandira maadiresi osasintha kuchokera ku RTR1. Mutha kumaliza ntchitoyi pogwiritsa ntchito mndandanda wa malamulo otsatirawa, oyenera masiwichi onse atatu:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
SW1(config)#interface vlan 100
SW1(config-if)#ipv6 enable
// ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ ipv6 Π°Π΄ΡΠ΅ΡΠ° Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ
SW1(config-if)#ipv6 address autoconfig
SW1(config-if)#exit
Mukhoza kuyang'ana chirichonse ndi lamulo lomwelo show ipv6 interface brief:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::A8BB:CCFF:FE80:C000 // link-local Π°Π΄ΡΠ΅Ρ
2001:100::A8BB:CCFF:FE80:C000 // ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΉ IPv6-Π°Π΄ΡΠ΅Ρ
Kuphatikiza pa ulalo-adilesi yapafupi, adilesi ya ipv6 yolandiridwa kuchokera ku RTR1 idawonekera. Ntchitoyi yamalizidwa bwino, ndipo malamulo omwewo ayenera kulembedwa pa masiwichi otsalawo.
Ndi. Pazida ZONSE (kupatula PC1 ndi WEB) pawekha pawekha maadiresi am'deralo
Maadiresi a IPv6 okhala ndi manambala makumi atatu sizosangalatsa kwa oyang'anira, kotero ndizotheka kusintha pamanja ulalo wamaloko, kuchepetsa kutalika kwake mpaka mtengo wocheperako. Magawowa sakunena chilichonse chokhudza maadiresi omwe mungasankhe, kotero kusankha kwaulere kwaperekedwa apa.
Mwachitsanzo, posintha SW1 muyenera kukhazikitsa ulalo-adilesi yapafupi fe80::10. Izi zitha kuchitika ndi lamulo lotsatirali kuchokera pamakonzedwe osankhidwa a mawonekedwe osankhidwa:
// ΠΡ
ΠΎΠ΄ Π² Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ vlan 100
SW1(config)#interface vlan 100
// Π ΡΡΠ½Π°Ρ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° link-local Π°Π΄ΡΠ΅ΡΠ°
SW1(config-if)#ipv6 address fe80::10 link-local
SW1(config-if)#exit
Tsopano kuyankhidwa kumawoneka kokongola kwambiri:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::10 //link-local Π°Π΄ΡΠ΅c
2001:100::10 //IPv6-Π°Π΄ΡΠ΅Ρ
Kuphatikiza pa ulalo-adilesi yapafupi, adilesi yolandila ya IPv6 yasinthanso, popeza adilesiyo imaperekedwa kutengera ulalo-adilesi yapafupi.
Pa switch SW1 kunali kofunikira kukhazikitsa ulalo umodzi wokha-adilesi yakumaloko pa mawonekedwe amodzi. Ndi rauta ya RTR1, muyenera kupanga zoikamo zambiri - muyenera kuyika ulalo wapamalo pamitundu iwiri, pa loopback, ndipo pazotsatira zotsatila mawonekedwe a ngalande 100 adzawonekeranso.
Kuti mupewe kulemba malamulo osafunikira, mutha kuyika ulalo womwewo wa adilesi yapamalo pamalo onse nthawi imodzi. Mutha kuchita izi pogwiritsa ntchito mawu osakira range kutsatiridwa ndikulemba zolumikizira zonse:
// ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΈΡ
ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ²
RTR1(config)#interface range gigabitEthernet 0/1.100, gigabitEthernet 0/1.300, loopback 100
// Π ΡΡΠ½Π°Ρ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° link-local Π°Π΄ΡΠ΅ΡΠ°
RTR1(config-if)#ipv6 address fe80::1 link-local
RTR1(config-if)#exit
Mukayang'ana zolumikizira, muwona kuti ma adilesi am'deralo asinthidwa pamawonekedwe onse osankhidwa:
RTR1#show ipv6 interface brief
gigabitEthernet 0/1.100 [up/up]
FE80::1
2001:100::1
gigabitEthernet 0/1.300 [up/up]
FE80::1
2001:300::2
Loopback100 [up/up]
FE80::1
2001:A:B::1
Zida zina zonse zimakonzedwa mofanana
d. Pa masiwichi ONSE, zimitsani madoko ONSE omwe sanagwiritsidwe ntchito ndikusamutsira ku VLAN 99
Lingaliro lofunikira ndi njira yofanana yosankha ma interfaces angapo kuti mukonze pogwiritsa ntchito lamulo range, ndipo pokhapo muyenera kulemba malamulo kusamutsa ku vlan mukufuna ndiyeno kuzimitsa zolumikizira. Mwachitsanzo, sinthani SW1, malinga ndi L1 topology, idzakhala ndi madoko f0/3-4, f0/7-8, f0/11-24 ndi g0/2 olumala. Kwa chitsanzo ichi zoikamo zingakhale motere:
// ΠΡΠ±ΠΎΡ Π²ΡΠ΅Ρ
Π½Π΅ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌΡΡ
ΠΏΠΎΡΡΠΎΠ²
SW1(config)#interface range fastEthernet 0/3-4, fastEthernet 0/7-8, fastEthernet 0/11-24, gigabitEthernet 0/2
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΡΠ΅ΠΆΠΈΠΌΠ° access Π½Π° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°Ρ
SW1(config-if-range)#switchport mode access
// ΠΠ΅ΡΠ΅Π²ΠΎΠ΄ Π² VLAN 99 ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ²
SW1(config-if-range)#switchport access vlan 99
// ΠΡΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ²
SW1(config-if-range)#shutdown
SW1(config-if-range)#exit
Mukayang'ana makonda ndi lamulo lodziwika kale, ndikofunikira kudziwa kuti madoko onse osagwiritsidwa ntchito ayenera kukhala ndi mawonekedwe poyang'anira pansi, kusonyeza kuti doko layimitsidwa:
SW1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
...
fastEthernet 0/3 unassigned YES unset administratively down down
Kuti muwone kuti doko lili ndi vlan, mutha kugwiritsa ntchito lamulo lina:
SW1#show ip vlan
...
99 VLAN0099 active Fa0/3, Fa0/4, Fa0/7, Fa0/8
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/2
...
Zolumikizira zonse zosagwiritsidwa ntchito ziyenera kukhala pano. Ndizofunikira kudziwa kuti sizingatheke kusamutsa ma interfaces ku vlan ngati vlan yotereyi sinapangidwe. Ndi cholinga ichi kuti pakukhazikitsa koyambirira ma vlans onse ofunikira kuti agwire ntchito adapangidwa.
e. Pa switch SW1, yambitsani loko kwa mphindi imodzi ngati mawu achinsinsi alowa molakwika kawiri mkati mwa masekondi 1.
Mutha kuchita izi ndi lamulo ili:
// ΠΠ»ΠΎΠΊΠΈΡΠΎΠ²ΠΊΠ° Π½Π° 60Ρ; ΠΠΎΠΏΡΡΠΊΠΈ: 2; Π ΡΠ΅ΡΠ΅Π½ΠΈΠ΅: 30Ρ
SW1#login block-for 60 attempts 2 within 30
Mukhozanso kuyang'ana zokonda izi motere:
SW1#show login
...
If more than 2 login failures occur in 30 seconds or less,
logins will be disabled for 60 seconds.
...
Kumene kumafotokozedwa momveka bwino kuti pambuyo poyesa kawiri kosatheka mkati mwa masekondi a 30 kapena kucheperapo, kuthekera kolowera kudzatsekedwa kwa masekondi a 60.
2. Zipangizo zonse ziyenera kuyendetsedwa kudzera mu mtundu 2 wa SSH
Kuti zida zitha kupezeka kudzera mu mtundu wa 2 wa SSH, muyenera kukonza kaye zidazo, chifukwa chazidziwitso, tidzakonza zida zoyambira ndi fakitale.
Mutha kusintha mtundu wa puncture motere:
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΈΡΡ Π²Π΅ΡΡΠΈΡ SSH Π²Π΅ΡΡΠΈΠΈ 2
Router(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
Router(config)#
Dongosolo limakufunsani kuti mupange makiyi a RSA kuti SSH mtundu 2 agwire ntchito. Potsatira malangizo a smart system, mutha kupanga makiyi a RSA ndi lamulo ili:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ RSA ΠΊΠ»ΡΡΠ΅ΠΉ
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#
Dongosolo sililola kuti lamulo lichitidwe chifukwa dzina la alendo silinasinthidwe. Pambuyo posintha dzina la alendo, muyenera kulembanso lamulo lachitukuko:
Router(config)#hostname R1
R1(config)#crypto key generate rsa
% Please define a domain-name first.
R1(config)#
Tsopano dongosololi silikulolani kuti mupange makiyi a RSA chifukwa chosowa dzina lachidziwitso. Ndipo mutatha kukhazikitsa dzina lachidziwitso, zidzatheka kupanga makiyi a RSA. Makiyi a RSA ayenera kukhala osachepera 768 bits kuti SSH mtundu 2 agwire ntchito:
R1(config)#ip domain-name wsrvuz19.ru
R1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Zotsatira zake, zikuwoneka kuti kuti SSHv2 igwire ntchito ndikofunikira:
- Sinthani dzina la alendo;
- Sinthani dzina la domain;
- Pangani makiyi a RSA.
Nkhani yapitayi inasonyeza momwe mungasinthire dzina la alendo ndi dzina lachidziwitso pazida zonse, kotero pamene mukupitiriza kukonza zipangizo zamakono, mumangofunika kupanga makiyi a RSA:
RTR1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Mtundu wa 2 wa SSH ukugwira ntchito, koma zidazo sizinakonzedwe bwino. Gawo lomaliza ndikukhazikitsa ma virtual consoles:
// ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΡ
ΠΊΠΎΠ½ΡΠΎΠ»Π΅ΠΉ
R1(config)#line vty 0 4
// Π Π°Π·ΡΠ΅ΡΠ΅Π½ΠΈΠ΅ ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΡ ΡΠΎΠ»ΡΠΊΠΎ ΠΏΠΎ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Ρ SSH
RTR1(config-line)#transport input ssh
RTR1(config-line)#exit
M'nkhani yapitayi, chitsanzo cha AAA chinakhazikitsidwa, kumene kutsimikiziridwa kunakhazikitsidwa pazitsulo zowonongeka pogwiritsa ntchito malo osungirako zinthu, ndipo wogwiritsa ntchito, atatha kutsimikiziridwa, amayenera kupita nthawi yomweyo. Kuyesa kosavuta kwa magwiridwe antchito a SSH ndikuyesa kulumikizana ndi zida zanu. RTR1 ili ndi loopback ndi IP adilesi 1.1.1.1, mutha kuyesa kulumikiza ku adilesi iyi:
//ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΏΠΎ ssh
RTR1(config)#do ssh -l wsrvuz19 1.1.1.1
Password:
RTR1#
Pambuyo pa kiyi -l Lowetsani malowedwe a wosuta omwe alipo, ndiyeno mawu achinsinsi. Pambuyo pa kutsimikizika, wogwiritsa ntchito nthawi yomweyo amasintha kupita ku mwayi, zomwe zikutanthauza kuti SSH imakonzedwa bwino.
Source: www.habr.com