Chinthu chinanso chimene ndinayiwala kutchula kuti ACL osati zosefera magalimoto pa kulola / kukana maziko, amachita ntchito zambiri. Mwachitsanzo, ACL imagwiritsidwa ntchito kubisa magalimoto a VPN, koma kuti mudutse mayeso a CCNA, muyenera kudziwa momwe imagwiritsidwira ntchito kusefa magalimoto. Tiyeni tibwerere ku Vuto No.
Tidazindikira kuti kuchuluka kwa magalimoto ndi dipatimenti yogulitsa malonda kumatha kutsekedwa pa mawonekedwe a R2 pogwiritsa ntchito mndandanda wotsatira wa ACL.
Osadandaula za mawonekedwe a mndandandawu, izo zimangotanthauza chitsanzo kukuthandizani kumvetsa chimene ACL ndi. Tifika pamawonekedwe olondola tikangoyamba ndi Packet Tracer.
Ntchito No. 2 ikumveka motere: chipinda cha seva chikhoza kuyankhulana ndi makamu aliwonse, kupatulapo omwe ali ndi dipatimenti yoyang'anira. Ndiko kuti, makompyuta a chipinda cha seva amatha kukhala ndi makompyuta aliwonse m'madipatimenti ogulitsa ndi owerengera ndalama, koma sayenera kukhala ndi makompyuta mu dipatimenti yoyang'anira. Izi zikutanthauza kuti ogwira ntchito ku IT a chipinda cha seva sayenera kukhala ndi kutali ndi kompyuta ya mutu wa dipatimenti yoyang'anira, koma ngati pali mavuto, bwerani ku ofesi yake ndikukonza vutoli pomwepo. Dziwani kuti ntchitoyi si yothandiza chifukwa sindikudziwa chifukwa chake chipinda cha seva sichingathe kuyankhulana pa intaneti ndi dipatimenti yoyang'anira, kotero pamenepa tikungoyang'ana chitsanzo cha maphunziro.
Kuti muthane ndi vutoli, choyamba muyenera kudziwa njira yamagalimoto. Deta yochokera kuchipinda cha seva imafika pamawonekedwe a G0/1 a rauta R1 ndipo imatumizidwa ku dipatimenti yoyang'anira kudzera mu mawonekedwe a G0/0.
Ngati tigwiritsa ntchito Deny 192.168.1.192/27 chikhalidwe chothandizira mawonekedwe G0/1, ndipo monga mukukumbukira, muyezo wa ACL umayikidwa pafupi ndi gwero la magalimoto, tidzaletsa magalimoto onse, kuphatikizapo ku dipatimenti yogulitsa ndi yowerengera.
Popeza tikufuna kuletsa magalimoto okha opita ku dipatimenti yoyang'anira, tiyenera kugwiritsa ntchito ACL ku mawonekedwe otulutsa G0/0. Vutoli litha kuthetsedwa poyika ACL pafupi ndi komwe mukupita. Panthawi imodzimodziyo, magalimoto ochokera ku dipatimenti yowerengera ndalama ndi malonda ayenera kufika momasuka ku dipatimenti yoyang'anira, kotero mzere wotsiriza wa mndandanda udzakhala Chilolezo cha lamulo lililonse - kulola magalimoto aliwonse, kupatulapo magalimoto omwe atchulidwa kale.
Tiyeni tipitirire ku Ntchito 3: Laputopu ya Laptop 3 yochokera ku dipatimenti yogulitsa sayenera kukhala ndi zida zilizonse kupatula zomwe zili pa netiweki yakomweko ya dipatimenti yogulitsa. Tiyerekeze kuti wophunzira akugwira ntchito pa kompyutayi ndipo sayenera kudutsa LAN yake.
Pankhaniyi, muyenera kugwiritsa ntchito ACL pa athandizira mawonekedwe G0/1 rauta R2. Ngati tipereka adilesi ya IP 192.168.1.3/25 ku kompyuta iyi, ndiye kuti Deny 192.168.1.3/25 iyenera kukwaniritsidwa, ndipo magalimoto ochokera ku adilesi ina ya IP sayenera kutsekedwa, kotero mzere womaliza wa mndandanda ukhala Chilolezo. iliyonse.
Komabe, kuletsa magalimoto sikudzakhala ndi zotsatira pa Laptop2.
Ntchito yotsatira idzakhala Ntchito No.
Ngati mukukumbukira, ndi ACL ku Ntchito #1 midadada onse otuluka magalimoto pa S0/1/0 mawonekedwe rauta R2, koma Ntchito #4 limanena kuti tiyenera kuonetsetsa kuti PC0 okha magalimoto akudutsa, kotero tiyenera kupanga chosiyana.
Ntchito zonse zomwe tikukonza tsopano zikuyenera kukuthandizani muzochitika zenizeni pokhazikitsa ma ACL a network network. Kuti zitheke, ndidagwiritsa ntchito mtundu wakale wolowera, koma ndikukulangizani kuti mulembe mizere yonse pamanja kapena kuyiyika pakompyuta kuti mutha kukonza zolembedwazo. Kwa ife, malinga ndi zikhalidwe za Task No. 1, mndandanda wa ACL wapamwamba unapangidwa. Ngati tikufuna kuwonjezera zina kwa PC0 yamtundu wa Chilolezo , ndiye titha kuyika mzerewu pachinayi pamndandanda, pambuyo pa Chilolezo Chilichonse mzere. Komabe, popeza adilesi ya kompyutayi ikuphatikizidwa m'maadiresi osiyanasiyana kuti muyang'ane Deny condition 0/192.168.1.128, magalimoto ake adzatsekedwa nthawi yomweyo chikhalidwe ichi chikakwaniritsidwa ndipo rauta sichidzafika pa cheke chachinayi, kulola. traffic kuchokera ku adilesi ya IP iyi.
Choncho, ndiyenera kukonzanso mndandanda wa ACL wa Ntchito No. kuchokera ku dipatimenti yowerengera ndalama ndi malonda.
Chifukwa chake, pamzere woyamba tili ndi lamulo la adilesi inayake, ndipo chachiwiri - lamba la network yonse yomwe adilesiyi ili. Ngati mukugwiritsa ntchito mtundu wamakono wa ACL, mutha kusintha mosavuta poyika mzere Chilolezo 192.168.1.130/26 ngati lamulo loyamba. Ngati muli ndi ACL tingachipeze powerenga, muyenera kuchotsa kwathunthu ndiyeno kachiwiri kulowa malamulo mu dongosolo lolondola.
Njira yothetsera Vuto nambala 4 ndikuyika mzere Chilolezo 192.168.1.130/26 kumayambiriro kwa ACL kuchokera ku Vuto No. Magalimoto a PC1 adzatsekeredwa kwathunthu chifukwa adilesi yake ya IP ili pansi pa chiletso chomwe chili pamzere wachiwiri wa mndandanda.
Tsopano tipita ku Packet Tracer kuti tipange zofunikira. Ndakonza kale ma adilesi a IP pazida zonse chifukwa zojambula zopepuka zam'mbuyomu zinali zovuta kuzimvetsetsa. Kuphatikiza apo, ndidakonza RIP pakati pa ma routers awiriwa. Pamanetiweki topology, kulumikizana pakati pa zida zonse za ma subnet 4 ndikotheka popanda zoletsa zilizonse. Koma tikangogwiritsa ntchito ACL, magalimoto amayamba kusefedwa.
Ndiyamba ndi dipatimenti yazachuma PC1 ndikuyesera ping adilesi ya IP 192.168.1.194, yomwe ndi ya Server0, yomwe ili mu chipinda cha seva. Monga mukuonera, ping imayenda bwino popanda mavuto. Ndidayimbanso bwino Laptop0 kuchokera ku dipatimenti yoyang'anira. Paketi yoyamba imatayidwa chifukwa cha ARP, 3 yotsalayo ndi pinged momasuka.
Kuti ndikonze zosefera zamagalimoto, ndimapita ku zoikamo za rauta ya R2, yambitsani masinthidwe apadziko lonse lapansi ndipo ndipanga mndandanda wamakono wa ACL. Tilinso ndi mawonekedwe apamwamba a ACL 10. Kuti mupange mndandanda woyamba, ndikulowetsamo lamulo lomwe muyenera kutchula dzina lomwelo lomwe tidalemba papepala: ip access-list standard ACL Secure_Ma_And_Se. Pambuyo pa izi, dongosololi limayambitsa magawo omwe angatheke: Ndikhoza kusankha kukana, kuchoka, ayi, chilolezo kapena ndemanga, ndikulowetsanso Nambala Yotsatizana kuchokera ku 1 mpaka 2147483647.
Choncho, sindikulowetsa nambala iyi, koma nthawi yomweyo pitani ku lamulo la chilolezo 192.168.1.130, popeza chilolezochi ndi chovomerezeka pa chipangizo china cha PC0. Nditha kugwiritsanso ntchito Reverse Wildcard Mask, tsopano ndikuwonetsani momwe mungachitire.
Kenako, ndikulowetsa lamulo kukana 192.168.1.128. Popeza tili ndi /26, ndimagwiritsa ntchito chigoba chakumbuyo ndikuwonjezeranso lamulo: kukana 192.168.1.128 0.0.0.63. Choncho, ndimakana magalimoto ku maukonde 192.168.1.128/26.
Momwemonso, ndimaletsa magalimoto kumaneti otsatirawa: kukana 192.168.1.0 0.0.0.127. Magalimoto ena onse amaloledwa, kotero ndimalowetsa chilolezo cholamula chilichonse. Kenako ndiyenera kugwiritsa ntchito mndandandawu pamawonekedwe, kotero ndimagwiritsa ntchito int s0/1/0. Kenako ndimalemba ip access-group Secure_Ma_And_Se, ndipo makinawa amandilimbikitsa kusankha mawonekedwe - pamapaketi obwera ndi kutuluka. Tiyenera kugwiritsa ntchito ACL pazotulutsa, kotero ndimagwiritsa ntchito ip access-group Secure_Ma_And_Se out command.
Tiyeni tipite ku mzere wolamula wa PC0 ndikuyika adilesi ya IP 192.168.1.194, yomwe ndi seva ya Server0. Ping ndi yopambana chifukwa tidagwiritsa ntchito mawonekedwe apadera a ACL pamagalimoto a PC0. Ngati ndichita chimodzimodzi kuchokera ku PC1, dongosololi lidzapanga cholakwika: "malo omwe akupitako sapezeka", popeza magalimoto ochokera ku ma adilesi a IP otsala a dipatimenti yowerengera ndalama amatsekedwa kuti asalowe mu chipinda cha seva.
Mwa kulowa mu CLI ya rauta ya R2 ndikulemba lamulo la mndandanda wa ma adilesi a ip, mutha kuwona momwe kuchuluka kwa maukonde a dipatimenti yazachuma - zikuwonetsa kangati ping idadutsidwa molingana ndi chilolezo komanso kangati. oletsedwa molingana ndi chiletsocho.
Titha kupita ku zoikamo za rauta ndikuwona mndandanda wofikira. Chifukwa chake, zikhalidwe za Ntchito No. 1 ndi No. 4 zimakwaniritsidwa. Ndiroleni ndikuwonetseni chinthu chimodzi china. Ngati ndikufuna kukonza china chake, nditha kupita kumayendedwe apadziko lonse lapansi a zoikamo za R2, lowetsani lamulo la ip access-list standard Secure_Ma_And_Se ndiyeno lamulo "host 192.168.1.130 silololedwa" - palibe chilolezo cholandira 192.168.1.130.
Ngati tiyang'ananso mndandanda wofikira, tidzawona kuti mzere wa 10 wasowa, tili ndi mizere 20,30, 40 ndi XNUMX yokha. mu mawonekedwe apamwamba.
Tsopano tiyeni tipitirire ku ACL yachitatu, chifukwa imakhudzanso rauta ya R2. Ikunena kuti magalimoto aliwonse ochokera pa Laptop3 sayenera kusiya maukonde a dipatimenti yogulitsa. Pankhaniyi, Laptop2 ayenera kulankhulana popanda mavuto ndi makompyuta a dipatimenti zachuma. Kuti ndiyesere izi, ndimayika adilesi ya IP 192.168.1.130 kuchokera pa laputopu iyi ndikuwonetsetsa kuti zonse zikuyenda.
Tsopano ndipita ku mzere wolamula wa Laptop3 ndi ping adilesi 192.168.1.130. Pinging ndi yopambana, koma sitikufuna, chifukwa malinga ndi momwe ntchitoyi ikuyendera, Laptop3 imatha kuyankhulana ndi Laptop2, yomwe ili mu dipatimenti yogulitsa malonda. Kuchita izi, muyenera kulenga ACL wina ntchito tingachipeze powerenga njira.
Ndibwerera ku zoikamo R2 ndi kuyesa achire zichotsedwa kulowa 10 ntchito chilolezo khamu 192.168.1.130 lamulo. Mukuwona kuti cholemberachi chikuwonekera kumapeto kwa mndandanda pa nambala 50. Komabe, kupeza sikungagwirebe ntchito, chifukwa mzere womwe umalola wolandira wina uli kumapeto kwa mndandanda, ndipo mzere woletsa magalimoto onse a pa intaneti uli pamwamba. za mndandanda. Ngati tiyesa kuyitanitsa Laptop0 ya dipatimenti yoyang'anira kuchokera ku PC0, tidzalandira uthenga wakuti "malo omwe akupita sikupezeka," ngakhale pali chilolezo cholowa pa nambala 50 mu ACL.
Choncho, ngati mukufuna kusintha ACL alipo, muyenera kulowa lamulo palibe chilolezo khamu 2 mu R192.168.1.130 mode (config-std-nacl), onani kuti mzere 50 wasowa pa mndandanda, ndi kulowa lamulo 10 chilolezo. host 192.168.1.130. Tikuwona kuti mndandandawu tsopano wabwerera ku mawonekedwe ake oyamba, ndikulowetsa uku kumakhala koyamba. Manambala otsatizana amathandiza kusintha mndandanda mumtundu uliwonse, kotero mawonekedwe amakono a ACL ndiwosavuta kuposa akale.
Tsopano ndikuwonetsa momwe mawonekedwe apamwamba a mndandanda wa ACL 10. Kuti mugwiritse ntchito mndandanda wamakono, muyenera kulowa lamulo lofikira-mndandanda wa 10?, ndipo, potsatira mwamsanga, sankhani zomwe mukufuna: kukana, kuvomereza kapena kunena. Kenako ndikulowetsa mzere wofikira-mndandanda wa 10 kukana wolandira, kenako ndikulemba lamulo lofikira-mndandanda 10 kukana 192.168.1.3 ndikuwonjezera chigoba chakumbuyo. Popeza tili ndi wolandila, chigoba chakutsogolo cha subnet ndi 255.255.255.255, ndipo kumbuyo kwake ndi 0.0.0.0. Zotsatira zake, kukana kuchuluka kwa obwera, ndiyenera kulowa lamulo lofikira-mndandanda 10 kukana 192.168.1.3 0.0.0.0. Pambuyo pake, muyenera kufotokoza zilolezo, zomwe ndimalemba kulowa kwa lamulo - mndandanda wa 10 chilolezo chilichonse. Mndandandawu uyenera kugwiritsidwa ntchito pa mawonekedwe a G0/1 a rauta R2, kotero ndimalowetsamo malamulo mu g0/1, ip access-group 10 in. Mosasamala kuti ndi mndandanda uti womwe umagwiritsidwa ntchito, wapamwamba kapena wamakono, malamulo omwewo amagwiritsidwa ntchito kuyika mndandandawu pa mawonekedwe.
Kuti muwone ngati zosintha zili zolondola, ndimapita ku Laptop3 command line terminal ndikuyesera ping adilesi ya IP 192.168.1.130 - monga mukuwonera, dongosololi likunena kuti wolandirayo sangapezeke.
Ndiroleni ndikukumbutseni kuti kuti muwone mndandandawo mutha kugwiritsa ntchito mindandanda yonse yofikira ip ndikuwonetsa malamulo amindandanda. Tiyenera kuthetsa vuto linanso, lomwe likukhudzana ndi rauta ya R1. Kuti ndichite izi, ndikupita ku CLI ya rauta iyi ndikupita kumayendedwe apadziko lonse lapansi ndikulowetsa lamulo la ip access-list standard Secure_Ma_From_Se. Popeza tili ndi maukonde 192.168.1.192/27, subnet chigoba ake adzakhala 255.255.255.224, kutanthauza chigoba n'zosiyana adzakhala 0.0.0.31 ndipo tiyenera kulowa kukana 192.168.1.192 0.0.0.31 lamulo. Popeza magalimoto ena onse amaloledwa, mndandanda umatha ndi chilolezo cholamula chilichonse. Kuti mugwiritse ntchito ACL ku mawonekedwe a rauta, gwiritsani ntchito ip access-group Secure_Ma_From_Se out command.
Tsopano ndipita ku terminal line ya Server0 ndikuyesa ping Laptop0 ya dipatimenti yoyang'anira pa IP adilesi 192.168.1.226. Kuyesera sikunapambane, koma ngati ine pinged adiresi 192.168.1.130, kugwirizana kunakhazikitsidwa popanda mavuto, ndiko kuti, tinaletsa kompyuta ya seva kuyankhulana ndi dipatimenti yoyang'anira, koma tinalola kulankhulana ndi zipangizo zina zonse m'madipatimenti ena. Choncho, tathetsa bwinobwino mavuto onse 4.
Ndiroleni ndikuwonetseni chinthu china. Timapita kuzikhazikiko za rauta ya R2, pomwe tili ndi mitundu iwiri ya ACL - yapamwamba komanso yamakono. Tinene kuti ndikufuna kusintha ACL 2, Standard IP access list 10, yomwe mu mawonekedwe ake apamwamba imakhala ndi zolemba ziwiri 10 ndi 10. Ngati ndigwiritsa ntchito do show run command, ndikutha kuwona kuti choyamba tili ndi mndandanda wamakono wa 20. zolembera zopanda manambala pansi pa mutu wamba Secure_Ma_And_Se, ndipo pansipa pali zolemba ziwiri za ACL 4 zamtundu wakale zomwe zikubwereza dzina la mndandanda womwewo wa 10.
Ngati ndikufuna kusintha zina, monga kuchotsa kukana khamu 192.168.1.3 kulowa ndi kuyambitsa kulowa kwa chipangizo pa netiweki ina, ndiyenera kugwiritsa ntchito kuchotsa lamulo kwa kulowa kokha: palibe mwayi-mndandanda 10 kukana khamu 192.168.1.3 .10. Koma ndikangolowetsa lamuloli, zolemba zonse za ACL XNUMX zimatha kwathunthu. Ichi ndichifukwa chake mawonekedwe apamwamba a ACL amakhala ovuta kusintha. Njira yamakono yojambulira ndiyosavuta kugwiritsa ntchito, chifukwa imalola kusintha kwaulere.
Kuti muphunzire zomwe zili mu phunziroli la kanema, ndikukulangizani kuti muyang'anenso ndikuyesera kuthetsa mavuto omwe mwakambirana nokha popanda malingaliro. ACL ndi mutu wofunikira mu maphunziro a CCNA, ndipo ambiri amasokonezedwa ndi, mwachitsanzo, ndondomeko yopangira Reverse Wildcard Mask. Ndikukutsimikizirani, ingomvetsetsani lingaliro la kusintha kwa chigoba, ndipo zonse zikhala zosavuta. Kumbukirani kuti chinthu chofunikira kwambiri pakumvetsetsa mitu ya maphunziro a CCNA ndi maphunziro othandiza, chifukwa kuchita kokha kungakuthandizeni kumvetsetsa izi kapena lingaliro la Cisco. Kuyeserera sikutengera magulu anga, koma kuthetsa mavuto mwanjira yanu. Dzifunseni nokha mafunso: zomwe zikuyenera kuchitika kuti muletse kuyenda kwa magalimoto kuchokera pano kupita kumeneko, komwe mungagwiritse ntchito zikhalidwe, ndi zina zambiri, ndikuyesera kuyankha.
Zikomo chifukwa chokhala nafe. Kodi mumakonda zolemba zathu? Mukufuna kuwona zambiri zosangalatsa? Tithandizeni potipatsa oda kapena kulimbikitsa anzathu, 30% kuchotsera kwa ogwiritsa ntchito a Habr pa analogi yapadera yamaseva olowera, omwe tinapangira inu: (ikupezeka ndi RAID1 ndi RAID10, mpaka 24 cores mpaka 40GB DDR4).
Dell R730xd 2 nthawi zotsika mtengo? Pokhapokha ku Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - kuchokera $99! Werengani za
Source: www.habr.com