Lero tiyamba kuphunzira za mndandanda wowongolera mwayi wa ACL, mutuwu utenga maphunziro avidiyo a 2. Tidzawona kasinthidwe ka ACL wokhazikika, ndipo mu phunziro lotsatira la kanema ndilankhula za mndandanda wowonjezera.
Mu phunziro ili tikambirana mitu itatu. Choyamba ndi chimene ACL ndi, chachiwiri ndi kusiyana pakati pa muyezo ndi ndandanda yotalikirapo mwayi, ndipo kumapeto kwa phunziro, monga labu, tiona kukhazikitsa muyezo ACL ndi kuthetsa mavuto zotheka.
Ndiye ACL ndi chiyani? Ngati mudaphunzira maphunzirowa kuchokera paphunziro loyamba la kanema, ndiye kuti mukukumbukira momwe tidakonzera kulumikizana pakati pa zida zosiyanasiyana zapaintaneti.
Tidaphunziranso mayendedwe okhazikika pama protocol osiyanasiyana kuti tipeze luso lokonzekera kulumikizana pakati pa zida ndi maukonde. Tsopano tafika pamlingo wophunzirira pomwe tiyenera kudera nkhawa za kuwonetsetsa kuwongolera magalimoto, ndiko kuti, kuletsa "anthu oyipa" kapena ogwiritsa ntchito osaloledwa kuti alowe mu intaneti. Mwachitsanzo, izi zitha kukhudza anthu ochokera ku dipatimenti yogulitsa za SALES, yomwe ikuwonetsedwa pachithunzichi. Pano tikuwonetsanso dipatimenti ya zachuma ACCOUNTS, dipatimenti yoyang'anira MANAGEMENT ndi chipinda cha seva SERVER ROOM.
Chifukwa chake, dipatimenti yogulitsa ikhoza kukhala ndi antchito zana, ndipo sitikufuna kuti aliyense azitha kufikira chipinda cha seva pamaneti. Kupatulako kumapangidwira woyang'anira malonda yemwe amagwira ntchito pakompyuta ya Laptop2 - amatha kukhala ndi chipinda cha seva. Wogwira ntchito watsopano yemwe amagwira ntchito pa Laptop3 sayenera kukhala ndi mwayi wotero, ndiye kuti, ngati magalimoto ochokera pakompyuta yake afika rauta R2, iyenera kugwetsedwa.
Ntchito ya ACL ndikusefa magalimoto molingana ndi magawo omwe asankhidwa. Zimaphatikizapo magwero a IP, adilesi ya IP, protocol, kuchuluka kwa madoko ndi magawo ena, chifukwa chake mutha kuzindikira kuchuluka kwa magalimoto ndikuchita nawo.
Chifukwa chake, ACL ndi njira yosanjikiza 3 ya mtundu wa OSI. Izi zikutanthauza kuti makinawa amagwiritsidwa ntchito mu ma routers. Chofunikira chachikulu pakusefa ndikuzindikiritsa mayendedwe a data. Mwachitsanzo, ngati tikufuna kuletsa munthu yemwe ali ndi Laptop3 kompyuta kuti asalowe pa seva, choyamba tiyenera kuzindikira kuchuluka kwa magalimoto ake. Magalimotowa amayenda kulowera ku Laptop-Switch2-R2-R1-Switch1-Server1 kudzera m'malo olumikizirana ndi zida zamaneti, pomwe mawonekedwe a G0/0 a ma routers alibe chochita nazo.
Kuti tidziwe kuchuluka kwa magalimoto, tiyenera kuzindikira njira yake. Titachita izi, titha kusankha komwe tikufunika kukhazikitsa fyuluta. Osadandaula za zosefera zokha, tidzakambirana m'phunziro lotsatira, chifukwa tsopano tikuyenera kumvetsetsa mfundo yomwe fyuluta iyenera kugwiritsidwa ntchito.
Ngati muyang'ana pa rauta, mukhoza kuona kuti nthawi zonse magalimoto amayenda, pali mawonekedwe omwe deta imalowa, ndi mawonekedwe omwe kutuluka uku kumatuluka.
Pali zolumikizira 3: mawonekedwe olowera, mawonekedwe otulutsa ndi mawonekedwe ake a rauta. Ingokumbukirani kuti kusefa kungagwiritsidwe ntchito pazowonjezera kapena mawonekedwe.
Mfundo ya ntchito ya ACL ikufanana ndi chiphaso ku chochitika chomwe chingathe kupezeka ndi alendo omwe dzina lawo liri pa mndandanda wa anthu oitanidwa. An ACL ndi mndandanda wa ziyeneretso magawo kuti ntchito kuzindikira magalimoto. Mwachitsanzo, mndandandawu ukuwonetsa kuti magalimoto onse amaloledwa kuchokera ku adilesi ya IP 192.168.1.10, ndipo magalimoto ochokera ku ma adilesi ena onse amatsutsidwa. Monga ndanenera, mndandandawu ukhoza kugwiritsidwa ntchito pazowonjezera komanso mawonekedwe.
Pali 2 mitundu ya ACLs: muyezo ndi anawonjezera. A ACL muyezo ali chizindikiritso kuchokera 1 mpaka 99 kapena kuchokera 1300 kuti 1999. Awa ndi chabe mndandanda mayina kuti alibe ubwino wina ndi mzake pamene manambala ukuwonjezeka. Kuphatikiza pa nambala, mutha kupatsa dzina lanu ku ACL. Ma ACL owonjezera amawerengedwa 100 mpaka 199 kapena 2000 mpaka 2699 ndipo amathanso kukhala ndi dzina.
Mu ACL muyezo, gulu zachokera gwero IP adiresi ya magalimoto. Chifukwa chake, mukamagwiritsa ntchito mndandanda wotere, simungathe kuletsa magalimoto opita kumalo aliwonse, mutha kungoletsa magalimoto obwera kuchokera ku chipangizocho.
ACL yotalikirapo imayika kuchuluka kwa magalimoto potengera adilesi ya IP, adilesi ya IP komwe akupita, ndondomeko yogwiritsidwa ntchito, ndi nambala yadoko. Mwachitsanzo, mutha kuletsa magalimoto a FTP okha, kapena kuchuluka kwa HTTP kokha. Lero tiyang'ana pa muyezo wa ACL, ndipo tidzapereka phunziro lotsatira la kanema pamndandanda wokulirapo.
Monga ndanenera, ACL ndi mndandanda wa zinthu. Mukamaliza kugwiritsa ntchito mndandandawu pamawonekedwe a rauta omwe akubwera kapena otuluka, rauta imayang'ana kuchuluka kwa magalimoto motsutsana ndi mndandandawu, ndipo ngati ikugwirizana ndi zomwe zalembedwa pamndandandawo, imasankha kulola kapena kukana magalimotowa. Anthu nthawi zambiri zimawavuta kudziwa zolowera ndi zotulutsa za rauta, ngakhale palibe chovuta apa. Tikamalankhula za mawonekedwe omwe akubwera, izi zikutanthauza kuti magalimoto obwera okha ndi omwe amayang'aniridwa pa doko ili, ndipo rauta sangagwiritse ntchito zoletsa pamagalimoto otuluka. Momwemonso, ngati tikukamba za mawonekedwe a egress, izi zikutanthauza kuti malamulo onse adzagwira ntchito kwa magalimoto otuluka okha, pamene magalimoto obwera pa dokoli adzalandiridwa popanda zoletsedwa. Mwachitsanzo, ngati rauta ali 2 madoko: f0/0 ndi f0/1, ndiye ACL idzagwiritsidwa ntchito kwa magalimoto kulowa f0/0 mawonekedwe, kapena kuti magalimoto ochokera f0/1 mawonekedwe. Magalimoto omwe amalowa kapena akutuluka f0/1 sangakhudzidwe ndi mndandandawu.
Choncho, musasokonezedwe ndi njira yomwe ikubwera kapena yotuluka ya mawonekedwe, zimatengera momwe magalimoto amayendera. Chifukwa chake, rauta itayang'ana kuchuluka kwa magalimoto kuti agwirizane ndi mikhalidwe ya ACL, imatha kupanga zisankho ziwiri zokha: kulola magalimoto kapena kukana. Mwachitsanzo, mutha kulola magalimoto opita 180.160.1.30 ndikukana magalimoto opita 192.168.1.10. Mndandanda uliwonse ukhoza kukhala ndi zinthu zingapo, koma aliyense wa izi ayenera kulola kapena kukana.
Tiyerekeze kuti tili ndi mndandanda:
Letsani _______
Lolani ________
Lolani ________
Letsani _______.
Choyamba, rauta idzayang'ana kuchuluka kwa magalimoto kuti awone ngati ikufanana ndi chikhalidwe choyamba; ngati sichikugwirizana, idzayang'ana chikhalidwe chachiwiri. Ngati magalimoto akufanana ndi chikhalidwe chachitatu, rauta idzasiya kuyang'ana ndipo sichingafanane ndi zina zonse za mndandanda. Ichita "kulola" kuchitapo kanthu ndikupita kukawona gawo lotsatira la magalimoto.
Ngati simunakhazikitse lamulo la paketi iliyonse ndi magalimoto akudutsa mizere yonse ya mndandanda popanda kugunda mikhalidwe iliyonse, imawonongedwa, chifukwa mndandanda uliwonse wa ACL umatha ndi kukana lamulo lililonse - ndiko kuti, kutaya. paketi iliyonse, osagwa pansi pa malamulo aliwonse. Matendawa amayamba kugwira ntchito ngati pali lamulo limodzi pamndandanda, apo ayi alibe zotsatira. Koma ngati mzere woyamba uli ndi kulowa kukana 192.168.1.30 ndipo mndandanda ulibenso zikhalidwe zilizonse, ndiye kuti pamapeto pake payenera kukhala chilolezo cholamula chilichonse, ndiko kuti, kulola magalimoto aliwonse kupatula oletsedwa ndi lamulo. Muyenera kuganizira izi kupewa zolakwika mukamakonza ACL.
Ndikufuna kuti mukumbukire lamulo lofunikira popanga mndandanda wa ASL: ikani ASL yokhazikika pafupi ndi komwe mukupita, ndiko kuti, kwa wolandila magalimoto, ndikuyika ASL yotalikirapo pafupi ndi komwe kumachokera, ndiko kuti, kwa wotumiza magalimoto. Awa ndi malingaliro a Cisco, koma pochitapo nthawi zina zimakhala zomveka kuyika muyezo wa ACL pafupi ndi gwero la magalimoto. Koma ngati mutakumana ndi funso lokhudza malamulo makhazikitsidwe ACL pa mayeso, kutsatira malangizo Cisco ndi kuyankha mosabisa: muyezo uli pafupi ndi kopita, anawonjezera ndi kuyandikira gwero.
Tsopano tiyeni tiyang'ane pa syntax ya muyezo ACL. Pali mitundu iwiri ya ma syntax amawu mu mawonekedwe a router global configuration: syntax yachikale ndi syntax yamakono.
Mtundu wamalamulo akale ndi mndandanda wofikira <ACL nambala> <kukana/kulola> <criteria>. Ngati inu anapereka <ACL chiwerengero> kuchokera 1 mpaka 99, chipangizo basi kumvetsa kuti ndi muyezo ACL, ndipo ngati ndi kuchokera 100 kuti 199, ndiye kuti anawonjezera. Popeza mu phunziro la lero tikuyang'ana mndandanda wokhazikika, tikhoza kugwiritsa ntchito nambala iliyonse kuyambira 1 mpaka 99. Kenaka timasonyeza zomwe ziyenera kugwiritsidwa ntchito ngati magawo akugwirizana ndi ndondomeko yotsatirayi - kulola kapena kukana magalimoto. Tidzalingalira muyeso pambuyo pake, popeza umagwiritsidwanso ntchito m'mawu amakono.
Mtundu wamakono wamalamulo umagwiritsidwanso ntchito mu Rx(config) global configuration mode ndipo imawoneka motere: ip access-list standard <ACL number/name>. Apa mutha kugwiritsa ntchito nambala kuyambira 1 mpaka 99 kapena dzina la mndandanda wa ACL, mwachitsanzo, ACL_Networking. Lamuloli nthawi yomweyo limayika dongosolo mu Rx standard mode subcommand mode (config-std-nacl), pomwe muyenera kulowa <kana/enable> <criteria>. Mitundu yamakono yamagulu imakhala ndi ubwino wambiri poyerekeza ndi yachikale.
M'ndandanda wanthawi zonse, ngati mulemba mndandanda wa 10 kukana ______, kenaka lembani lamulo lotsatira la mtundu womwewo pa chiyeso china, ndipo mudzakhala ndi malamulo 100 oterowo, ndiye kuti musinthe malamulo omwe adalowetsedwa, muyenera Chotsani mndandanda wonse wofikira-mndandanda 10 ndi lamulo loti palibe kulowa-mndandanda 10. Izi zichotsa malamulo onse 100 chifukwa palibe njira yosinthira lamulo lililonse pamndandandawu.
Mu syntax yamakono, lamuloli limagawidwa m'mizere iwiri, yoyamba yomwe ili ndi nambala ya mndandanda. Tiyerekeze ngati muli ndi mndandanda wopezera mndandanda wa 10 kukana ________, kulowa-mndandanda muyeso 20 kukana ________ ndi zina zotero, ndiye kuti muli ndi mwayi woyika mindandanda yapakati ndi njira zina pakati pawo, mwachitsanzo, mndandanda wamtundu 15 kukana ________ .
Kapenanso, mukhoza kungochotsa mwayi-mndandanda muyezo 20 mizere ndi lembaninso ndi magawo osiyana pakati pa mwayi mndandanda muyezo 10 ndi kupeza-mndandanda muyezo mizere 30. Choncho, pali njira zosiyanasiyana kusintha masiku ano ACL syntax.
Muyenera kusamala kwambiri popanga ma ACL. Monga mukudziwa, mindandanda imawerengedwa kuchokera pamwamba mpaka pansi. Ngati muyika mzere pamwamba womwe umalola kuchuluka kwa anthu omwe akukhala nawo, ndiye pansipa mutha kuyika mzere womwe umaletsa magalimoto kuchokera pa netiweki yonse yomwe wolandilayo ali nawo, ndipo zonse ziwiri zidzafufuzidwa - magalimoto opita kwa wolandirayo. kuloledwa kudutsa, ndipo magalimoto ochokera kwa ena onse omwe ali ndi netiweki adzatsekedwa. Choncho, nthawi zonse ikani zolemba zenizeni pamwamba pa mndandanda ndi zina zonse pansi.
Chifukwa chake, mutapanga ACL yapamwamba kapena yamakono, muyenera kuigwiritsa ntchito. Kuti muchite izi, muyenera kupita ku zoikamo za mawonekedwe enieni, mwachitsanzo, f0/0 pogwiritsa ntchito mawonekedwe a lamulo <mtundu ndi kagawo>, pitani ku mawonekedwe a subcommand mode ndikulowetsa lamulo ip access-gulu <ACL number/ dzina> . Chonde dziwani kusiyana kwake: polemba mndandanda, mndandanda wofikira umagwiritsidwa ntchito, ndipo mukaugwiritsa ntchito, gulu lofikira limagwiritsidwa ntchito. Muyenera kudziwa mawonekedwe omwe mndandandawu udzagwiritsidwe - mawonekedwe omwe akubwera kapena mawonekedwe otuluka. Ngati mndandanda uli ndi dzina, mwachitsanzo, Networking, dzina lomweli limabwerezedwa mu lamulo loti mugwiritse ntchito mndandanda pa mawonekedwe awa.
Tsopano tiyeni titenge vuto linalake ndikuyesera kulithetsa pogwiritsa ntchito chitsanzo cha chithunzithunzi cha intaneti yathu pogwiritsa ntchito Packet Tracer. Chifukwa chake, tili ndi maukonde 4: dipatimenti yogulitsa, dipatimenti yowerengera ndalama, kasamalidwe ndi chipinda cha seva.
Ntchito No. 1: magalimoto onse ochokera ku dipatimenti yogulitsa ndi zachuma kupita ku dipatimenti yoyang'anira ndi chipinda cha seva ayenera kutsekedwa. Malo otsekera ndi mawonekedwe S0/1/0 a rauta R2. Choyamba tiyenera kupanga mndandanda wokhala ndi zotsatirazi:
Tiyeni titchule mndandandawo "Management ndi Server Security ACL", yofupikitsidwa monga ACL Secure_Ma_And_Se. Izi zikutsatiridwa ndikuletsa magalimoto kuchokera ku dipatimenti ya zachuma 192.168.1.128/26, kuletsa magalimoto kuchokera ku dipatimenti yogulitsa malonda 192.168.1.0/25, ndi kulola magalimoto ena aliwonse. Pamapeto pa mndandanda zikusonyeza kuti ntchito kwa mawonekedwe otuluka S0/1/0 rauta R2. Ngati tilibe Chilolezo Cholowa chilichonse kumapeto kwa mndandanda, ndiye kuti magalimoto ena onse adzatsekedwa chifukwa ACL yokhazikika nthawi zonse imayikidwa kukana kulowa kulikonse kumapeto kwa mndandanda.
Kodi ndingagwiritse ntchito ACL iyi kuti ndigwirizane ndi G0/0? Inde, ndingathe, koma pakadali pano magalimoto okha ochokera ku dipatimenti yowerengera ndalama adzatsekedwa, ndipo magalimoto ochokera ku dipatimenti yogulitsa malonda sadzakhala ochepa mwa njira iliyonse. Momwemonso, mutha kugwiritsa ntchito ACL ku mawonekedwe a G0/1, koma pakadali pano magalimoto a dipatimenti yazachuma sangaletsedwe. Zachidziwikire, titha kupanga mindandanda iwiri yosiyana yamagawo awa, koma ndikothandiza kwambiri kuwaphatikiza kukhala mndandanda umodzi ndikuyika pa mawonekedwe a rauta R2 kapena mawonekedwe a S0/1/0 a rauta R1.
Ngakhale malamulo a Cisco akunena kuti ACL yokhazikika iyenera kuikidwa pafupi ndi komwe mukupita, ndikuyiyika pafupi ndi gwero la magalimoto chifukwa ndikufuna kuletsa magalimoto onse otuluka, ndipo ndizomveka kuchita izi pafupi ndi gwero kuti magalimotowa asawononge maukonde pakati pa ma routers awiri.
Ndinayiwala kukuuzani za zofunikira, kotero tiyeni tibwerere mwamsanga. Mutha kufotokoza chilichonse ngati muyeso - pakadali pano, magalimoto aliwonse ochokera ku chipangizo chilichonse ndi netiweki iliyonse idzakanidwa kapena kuloledwa. Mutha kufotokozeranso wolandila ndi chizindikiritso chake - pakadali pano, kulowa kwake kudzakhala adilesi ya IP ya chipangizo china. Pomaliza, mutha kufotokozera maukonde onse, mwachitsanzo, 192.168.1.10/24. Pankhaniyi, / 24 idzatanthauza kukhalapo kwa subnet chigoba cha 255.255.255.0, koma n'zosatheka kufotokoza adilesi ya IP ya subnet mask mu ACL. Pachifukwa ichi, ACL ili ndi lingaliro lotchedwa Wildcart Mask, kapena "reverse mask". Chifukwa chake muyenera kufotokoza adilesi ya IP ndikubwezeretsa chigoba. Chigoba chotsitsimutsa chikuwoneka chonchi: muyenera kuchotsa chigoba chachindunji cha subnet kuchokera ku subnet mask, ndiye kuti, chiwerengero chofanana ndi mtengo wa octet mu chigoba chakutsogolo chimachotsedwa ku 255.
Choncho, muyenera kugwiritsa ntchito chizindikiro 192.168.1.10 0.0.0.255 monga muyezo mu ACL.
Zimagwira ntchito bwanji? Ngati pali 0 mu octet yobwereza mask, muyezowo umatengedwa kuti ukugwirizana ndi octet yofananira ya adilesi ya IP ya subnet. Ngati pali nambala mu backmask octet, machesi si kufufuzidwa. Choncho, pa intaneti ya 192.168.1.0 ndi chigoba chobwerera cha 0.0.0.255, magalimoto onse ochokera ku maadiresi omwe octets atatu oyambirira ali ofanana ndi 192.168.1., mosasamala kanthu za mtengo wa octet wachinayi, adzatsekedwa kapena kuloledwa kutengera mchitidwe wotchulidwa.
Kugwiritsa ntchito chigoba chakumbuyo ndikosavuta, ndipo tibwereranso ku Wildcart Mask mu kanema wotsatira kuti nditha kufotokozera momwe ndingagwiritsire ntchito.
28:50 min
Zikomo chifukwa chokhala nafe. Kodi mumakonda zolemba zathu? Mukufuna kuwona zambiri zosangalatsa? Tithandizeni potipatsa oda kapena kulimbikitsa anzathu, 30% kuchotsera kwa ogwiritsa ntchito a Habr pa analogi yapadera yamaseva olowera, omwe tinapangira inu: (ikupezeka ndi RAID1 ndi RAID10, mpaka 24 cores mpaka 40GB DDR4).
Dell R730xd 2 nthawi zotsika mtengo? Pokhapokha ku Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - kuchokera $99! Werengani za
Source: www.habr.com