Matou te fa'aauau pea ona au'ili'ili galuega a le Network module o le siamupini a le WorldSkills i le agava'a "Network and System Administration".
O le tusiga o le a aofia ai galuega nei:
- I masini UMA, fatu ni fa'aoga fa'apitoa (virtual interfaces), ni vaega laiti (subinterfaces), ma ni fa'aoga toe fa'afo'i (loopback interfaces). Tofia tuatusi IP e tusa ai ma le topology.
- Fa'aagaaga le SLAAC e tu'uina atu ai tuatusi IPv6 ile MNG feso'ota'iga ile RTR1 router interface;
- I luga o fesoʻotaʻiga faʻapitoa i le VLAN 100 (MNG) i luga o ki SW1, SW2, SW3, faʻatagaina le IPv6 faʻaogaina otometi;
- I masini UMA (sei vagana PC1 ma WEB) tu'u lima i tua tuatusi feso'ota'iga;
- I luga o suiga UMA, faʻamalo uma ports e leʻo faʻaaogaina i le galuega ma faʻafeiloaʻi i VLAN 99;
- I luga ole ki SW1, fa'aaga le loka mo le 1 minute pe a sese le fa'aulu fa'alua i totonu ole 30 sekone;
- O masini uma e tatau ona faʻaogaina e ala ile SSH version 2.
O le topology o fesoʻotaiga i luga o le tino o loʻo tuʻuina atu i le ata o loʻo i lalo:
O le topology o feso'ota'iga ile tulaga o feso'ota'iga fa'amaumauga o lo'o tu'uina atu ile ata lea:
O le topology o fesoʻotaʻiga i le tulaga o fesoʻotaʻiga o loʻo tuʻuina atu i le ata lenei:
muai seti
Aʻo leʻi faia galuega o loʻo i luga, e aoga le faʻatulagaina o suiga autu i luga o ki SW1-SW3, aua o le a sili atu ona faigofie le siakiina o latou tulaga i le lumanaʻi. O le suiga o le seti o le a faʻamatalaina auiliili i le isi mataupu, ae mo le taimi nei naʻo tulaga o le a faʻamalamalamaina.
O le laasaga muamua o le fatuina o vlans ma numera 99, 100 ma 300 i luga o suiga uma:
SW1(config)#vlan 99
SW1(config-vlan)#exit
SW1(config)#vlan 100
SW1(config-vlan)#exit
SW1(config)#vlan 300
SW1(config-vlan)#exit
O le isi laasaga o le tuʻuina atu lea o le interface g0/1 i le SW1 i le numera vlan 300:
SW1(config)#interface gigabitEthernet 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 300
SW1(config-if)#exit
Feso'ota'iga f0/1-2, f0/5-6, lea e faafesaga'i ma isi ki, e tatau ona sui i le tulaga ogalaau:
SW1(config)#interface range fastEthernet 0/1-2, fastEthernet 0/5-6
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#exit
I luga o le ki SW2 i le ogalaau ala o le ai ai fesoʻotaʻiga f0/1-4:
SW2(config)#interface range fastEthernet 0/1-4
SW2(config-if-range)#switchport trunk encapsulation dot1q
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#exit
I luga o le ki SW3 i le tulaga ogalaau o le ai ai fesoʻotaʻiga f0/3-6, g0/1:
SW3(config)#interface range fastEthernet 0/3-6, gigabitEthernet 0/1
SW3(config-if-range)#switchport trunk encapsulation dot1q
SW3(config-if-range)#switchport mode trunk
SW3(config-if-range)#exit
I lenei laʻasaga, o le faʻaogaina o suiga o le a faʻatagaina ai le fesuiaiga o faʻailoga faʻailoga, lea e manaʻomia e faʻamaeʻa ai galuega.
1. Fausia feso'ota'iga va'aia, feso'ota'iga laiti, ma feso'ota'iga i tua i masini UMA. Tofi tuatusi IP e tusa ai ma le topology.
O le Router BR1 o le a faʻapipiʻi muamua. E tusa ai ma le L3 topology, o iinei e tatau ai ona faʻapipiʻi se faʻaoga-ituaiga faʻaoga, e taʻua foi o le loopback, i le numera 101:
// Создание loopback
BR1(config)#interface loopback 101
// Назначение ipv4-адреса
BR1(config-if)#ip address 2.2.2.2 255.255.255.255
// Включение ipv6 на интерфейсе
BR1(config-if)#ipv6 enable
// Назначение ipv6-адреса
BR1(config-if)#ipv6 address 2001:B:A::1/64
// Выход из режима конфигурирования интерфейса
BR1(config-if)#exit
BR1(config)#
Ina ia siaki le tulaga o le atinaʻe na faia, e mafai ona e faʻaogaina le poloaiga show ipv6 interface brief:
BR1#show ipv6 interface brief
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local адрес
2001:B:A::1 //IPv6-адрес
...
BR1#
O iinei e mafai ona e vaʻaia ai o loʻo galue le loopback, lona tulaga UP. Afai e te vaʻai i lalo, e mafai ona e vaʻai i tuatusi IPv6 e lua, e ui na o le tasi le poloaiga na faʻaaogaina e seti ai le tuatusi IPv6. O le mea moni e faapea FE80::2D0:97FF:FE94:5022 o se tuatusi feso'ota'iga-lotoifale e tu'uina atu pe a mafai ipv6 i luga o se fa'aoga ma le fa'atonuga ipv6 enable.
Ma e matamata i le tuatusi IPv4, faʻaaoga se faʻatonuga tutusa:
BR1#show ip interface brief
...
Loopback101 2.2.2.2 YES manual up up
...
BR1#
Mo BR1, e tatau ona e fa'atulagaina vave le g0/0 fa'aoga iinei na'o lou mana'omia e seti le tuatusi IPv6:
// Переход в режим конфигурирования интерфейса
BR1(config)#interface gigabitEthernet 0/0
// Включение интерфейса
BR1(config-if)#no shutdown
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:B:C::1/64
BR1(config-if)#exit
BR1(config)#
E mafai ona e siakiina tulaga faʻatasi ma le poloaiga lava e tasi show ipv6 interface brief:
BR1#show ipv6 interface brief
GigabitEthernet0/0 [up/up]
FE80::290:CFF:FE9D:4624 //link-local адрес
2001:B:C::1 //IPv6-адрес
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local адрес
2001:B:A::1 //IPv6-адрес
Sosoo ai, o le ISP router o le a configured. O iinei, e tusa ai ma le galuega, o le loopback numera 0 o le a faʻapipiʻiina, ae e le gata i lea, e sili atu le faʻatulagaina o le g0 / 0 interface, lea e tatau ona i ai le tuatusi 30.30.30.1, mo le mafuaʻaga e leai se mea e fai i galuega mulimuli ane. fa'atulagaina nei feso'ota'iga. Muamua, o le loopback numera 0 ua faʻatulagaina:
ISP(config)#interface loopback 0
ISP(config-if)#ip address 8.8.8.8 255.255.255.255
ISP(config-if)#ipv6 enable
ISP(config-if)#ipv6 address 2001:A:C::1/64
ISP(config-if)#exit
ISP(config)#
'au show ipv6 interface brief E mafai ona e fa'amaonia e sa'o le fa'atulagaina o fa'aoga. Ona fa'atulagaina lea o le interface g0/0:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.1 255.255.255.252
BR1(config-if)#exit
BR1(config)#
Sosoo ai, o le RTR1 router o le a configured. O iinei e te manaʻomia foʻi e fai se numera loopback 100:
BR1(config)#interface loopback 100
BR1(config-if)#ip address 1.1.1.1 255.255.255.255
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:A:B::1/64
BR1(config-if)#exit
BR1(config)#
I luga foi o le RTR1 e te manaʻomia le fatuina o 2 virtual subinterfaces mo vlans ma numera 100 ma 300. E mafai ona faia lenei mea.
Muamua e te manaʻomia le faʻaogaina o le tino g0 / 1 faʻatasi ai ma le leai o se faʻatonuga tapuni:
RTR1(config)#interface gigabitEthernet 0/1
RTR1(config-if)#no shutdown
RTR1(config-if)#exit
Ona fa'atupuina lea ma fa'atulagaina ni fa'asinomaga fa'atasi ma numera 100 ma le 300:
// Создание подынтерфейса с номером 100 и переход к его настройке
RTR1(config)#interface gigabitEthernet 0/1.100
// Установка инкапсуляции типа dot1q с номером vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 100
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:100::1/64
RTR1(config-subif)#exit
// Создание подынтерфейса с номером 300 и переход к его настройке
RTR1(config)#interface gigabitEthernet 0/1.300
// Установка инкапсуляции типа dot1q с номером vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 300
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:300::2/64
RTR1(config-subif)#exit
Ole numera ole subinterface atonu e ese mai le numera vlan o le a galue ai, ae mo le faigofie e sili atu le faʻaogaina ole numera ole subinterface e fetaui ma le numera vlan. Afai e te setiina le ituaiga encapsulation pe a seti se subinterface, e tatau ona e faʻamaonia se numera e fetaui ma le numera vlan. O lea ina ua uma le poloaiga encapsulation dot1Q 300 ole subinterface o le a na o le vlan packets ile numera 300.
O le laasaga mulimuli i lenei galuega o le RTR2 router. O le feso'ota'iga i le va o le SW1 ma le RTR2 e tatau ona i ai i le fa'aoga avanoa, o le fa'afeso'ota'iga feso'ota'iga o le a pasi atu i le RTR2 na'o pa'u fa'amoemoe mo vlan numera 300, o lo'o ta'ua i le galuega i luga ole L2 topology. O le mea lea, naʻo le faʻaogaina o le tino o le a faʻapipiʻiina i luga o le router RTR2 e aunoa ma le fatuina o subinterfaces:
RTR2(config)#interface gigabitEthernet 0/1
RTR2(config-if)#no shutdown
RTR2(config-if)#ipv6 enable
RTR2(config-if)#ipv6 address 2001:300::3/64
RTR2(config-if)#exit
RTR2(config)#
Ona fa'atulagaina lea o le interface g0/0:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.2 255.255.255.252
BR1(config-if)#exit
BR1(config)#
E fa'amae'a ai le fa'atulagaina o feso'ota'iga o le router mo le galuega o lo'o iai nei. O feso'ota'iga o lo'o totoe o le a fa'atulagaina a'o e fa'amae'aina galuega nei.
a. Fa'aagaaga le SLAAC e tu'uina atu ai tuatusi IPv6 i le MNG feso'ota'iga i luga o le RTR1 router interface
O le masini SLAAC e mafai ona fa'aletonu. Pau lava le mea e tatau ona e faia o le faʻatagaina le IPv6 routing. E mafai ona e faia lenei mea i le poloaiga lenei:
RTR1(config-subif)#ipv6 unicast-routing
A aunoa ma lenei faʻatonuga, o meafaigaluega e galue o se talimalo. I se isi faaupuga, faʻafetai i le faʻatonuga o loʻo i luga, e mafai ona faʻaogaina isi galuega ipv6, e aofia ai le tuʻuina atu o tuatusi ipv6, faʻatulagaina o auala, ma isi.
e. I luga o fesoʻotaʻiga faʻapitoa i le VLAN 100 (MNG) i luga o ki SW1, SW2, SW3, faʻatagaina le IPv6 faʻaogaina otometi faiga.
Mai le topology L3 o loʻo manino mai o fesoʻotaʻiga e fesoʻotaʻi i le VLAN 100. O lona uiga e manaʻomia le fatuina o fesoʻotaʻiga faʻapitoa i luga o ki, ona tuʻuina atu lea ia i latou e maua tuatusi IPv6 e ala i le le mafai. O le faatulagaga muamua na faia tonu ina ia mafai e sui ona maua tuatusi le aoga mai le RTR1. E mafai ona e faʻamaeʻaina lenei galuega e faʻaaoga ai le lisi o loʻo i lalo o poloaiga, talafeagai mo suiga uma e tolu:
// Создание виртуального интерфейса
SW1(config)#interface vlan 100
SW1(config-if)#ipv6 enable
// Получение ipv6 адреса автоматически
SW1(config-if)#ipv6 address autoconfig
SW1(config-if)#exit
E mafai ona e siaki mea uma i le poloaiga lava e tasi show ipv6 interface brief:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::A8BB:CCFF:FE80:C000 // link-local адрес
2001:100::A8BB:CCFF:FE80:C000 // полученный IPv6-адрес
I le faaopoopo atu i le tuatusi fesoʻotaʻiga-lotoifale, o se tuatusi ipv6 na maua mai le RTR1 na faʻaalia. O lenei galuega ua maeʻa ma le manuia, ma e tatau ona tusia ia lava poloaiga i ki o totoe.
Faatasi ai ma. I masini UMA (sei vagana PC1 ma WEB) tu'u lima tuatusi feso'ota'iga i le lotoifale
O tuatusi IPv6 e tolusefulu-numera e le malie mo pule, o lea e mafai ai ona suia ma le lima le fesoʻotaʻiga-lotoifale, faʻaitiitia lona umi i se tau maualalo. O tofiga e leai se tala e uiga i tuatusi e filifili ai, o lea e maua ai se filifiliga saoloto iinei.
Mo se fa'ata'ita'iga, i luga o le ki SW1 e te mana'omia le setiina o le so'otaga fa'apitonu'u tuatusi fe80::10. E mafai ona faia lenei mea i le faʻatonuga o loʻo i lalo mai le faʻatulagaina o le faʻaoga filifilia:
// Вход в виртуальный интерфейс vlan 100
SW1(config)#interface vlan 100
// Ручная установка link-local адреса
SW1(config-if)#ipv6 address fe80::10 link-local
SW1(config-if)#exit
O le taimi nei o le tautala e foliga sili atu ona manaia:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::10 //link-local адреc
2001:100::10 //IPv6-адрес
I le faaopoopo atu i le tuatusi fesoʻotaʻiga-loʻo, o le tuatusi IPv6 na maua ua suia foi, talu ai o le tuatusi e tuʻuina atu e faʻavae i luga ole tuatusi fesoʻotaʻiga-loʻo.
I luga o le ki SW1 sa tatau ona seti na'o le tasi le tuatusi feso'ota'iga i luga ole fa'aoga tasi. Faatasi ai ma le router RTR1, e tatau ona e faia nisi faʻatulagaga - e tatau ona e setiina le fesoʻotaʻiga i le lotoifale i luga ole lua subinterfaces, i luga o le loopback, ma i isi tulaga o le a faʻaalia foi le tunnel 100 interface.
Ina ia aloese mai le tusiaina le talafeagai o poloaiga, e mafai ona e setiina le tuatusi faʻalotoifale tutusa i luga o fesoʻotaʻiga uma i le taimi e tasi. E mafai ona e faia lenei mea e faʻaaoga ai se upu autu range sosoo ai ma le lisiina o fesoʻotaʻiga uma:
// Переход к настройке нескольких интерфейсов
RTR1(config)#interface range gigabitEthernet 0/1.100, gigabitEthernet 0/1.300, loopback 100
// Ручная установка link-local адреса
RTR1(config-if)#ipv6 address fe80::1 link-local
RTR1(config-if)#exit
Pe a siakiina fesoʻotaʻiga, o le a e vaʻaia ua suia tuatusi-loifale i luga o fesoʻotaʻiga filifilia uma:
RTR1#show ipv6 interface brief
gigabitEthernet 0/1.100 [up/up]
FE80::1
2001:100::1
gigabitEthernet 0/1.300 [up/up]
FE80::1
2001:300::2
Loopback100 [up/up]
FE80::1
2001:A:B::1
O isi masini uma e faʻapipiʻiina i se auala tutusa
o. I sui uma, tape uma ports e le o faʻaaogaina i le galuega ma faʻafeiloaʻi ile VLAN 99
O le manatu autu o le auala lava lea e tasi e filifili ai le tele o fesoʻotaʻiga e faʻapipiʻi e faʻaaoga ai le poloaiga range, ma naʻo le taimi lena e tatau ai ona e tusia ni poloaiga e faʻafeiloaʻi i le vlan manaʻomia ona tape lea o fesoʻotaʻiga. Mo se faʻataʻitaʻiga, sui SW1, e tusa ai ma le L1 topology, o le ai ai ports f0 / 3-4, f0 / 7-8, f0 / 11-24 ma g0 / 2 ua le atoatoa. Mo lenei faʻataʻitaʻiga, o le faʻatulagaga o le a faʻapea:
// Выбор всех неиспользуемых портов
SW1(config)#interface range fastEthernet 0/3-4, fastEthernet 0/7-8, fastEthernet 0/11-24, gigabitEthernet 0/2
// Установка режима access на интерфейсах
SW1(config-if-range)#switchport mode access
// Перевод в VLAN 99 интерфейсов
SW1(config-if-range)#switchport access vlan 99
// Выключение интерфейсов
SW1(config-if-range)#shutdown
SW1(config-if-range)#exit
Pe a siakiina tulaga ma se poloaiga ua uma ona iloa, e taua le matauina o ports uma e le faʻaaogaina e tatau ona i ai se tulaga pulega i lalo, e ta'u mai ai ua le atoatoa le uafu:
SW1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
...
fastEthernet 0/3 unassigned YES unset administratively down down
Ina ia iloa po o le fea vlan o loʻo i ai le taulaga, e mafai ona e faʻaogaina se isi poloaiga:
SW1#show ip vlan
...
99 VLAN0099 active Fa0/3, Fa0/4, Fa0/7, Fa0/8
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/2
...
O feso'ota'iga uma e le'i fa'aaogaina e tatau ona iai iinei. E taua le maitauina o le a le mafai ona faʻafeiloaʻi fesoʻotaʻiga i vlan pe afai e leʻi faia sea vlan. E mo lenei faʻamoemoe i le seti muamua na faia uma vlans e manaʻomia mo le faʻagaioiga.
u. I luga ole ki SW1, fa'aaga se loka mo le 1 minute pe a sese le fa'aulu fa'alua i totonu ole 30 sekone
E mafai ona e faia lenei mea i le poloaiga lenei:
// Блокировка на 60с; Попытки: 2; В течение: 30с
SW1#login block-for 60 attempts 2 within 30
E mafai foi ona e siakia tulaga nei e pei ona taua i lalo:
SW1#show login
...
If more than 2 login failures occur in 30 seconds or less,
logins will be disabled for 60 seconds.
...
Le mea o loʻo faʻamalamalama manino mai pe a maeʻa ni taumafaiga le manuia se lua i totonu ole 30 sekone pe itiiti ifo, o le mafai ona ulufale i totonu o le a poloka mo 60 sekone.
2. E tatau ona fa'aogaina masini uma ile SSH version 2
Ina ia mafai ona faʻaogaina masini e ala i le SSH version 2, e tatau ona faʻapipiʻi muamua meafaigaluega, o lea mo faʻamatalaga faʻamatalaga, o le a matou faʻapipiʻi muamua meafaigaluega ma faʻatulagaga falegaosimea.
E mafai ona e suia le puncture version e pei ona taua i lalo:
// Установить версию SSH версии 2
Router(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
Router(config)#
O loʻo faʻatonuina oe e le polokalama e fai ki RSA mo le SSH version 2 e galue I le mulimuli i le fautuaga a le polokalama atamai, e mafai ona e fatuina ki RSA ma le poloaiga lenei:
// Создание RSA ключей
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#
E le fa'atagaina e le faiga le fa'atonuga e fa'atino ona e le'i suia le igoa talimalo. A maeʻa ona suia le igoa talimalo, e tatau ona e toe tusia le faʻatonuga faʻavae autu:
Router(config)#hostname R1
R1(config)#crypto key generate rsa
% Please define a domain-name first.
R1(config)#
Ole taimi nei e le faʻatagaina oe e le faiga e fai ai ki RSA ona o le leai o se igoa ole igoa. Ma a maeʻa ona faʻapipiʻi le igoa ole igoa, o le a mafai ona fatuina ki RSA. O ki RSA e tatau ona le itiiti ifo i le 768 bits le umi mo le SSH version 2 e galue:
R1(config)#ip domain-name wsrvuz19.ru
R1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
O se taunuuga, e foliga mai mo le SSHv2 e galue e manaʻomia:
- Suia le igoa talimalo;
- Suia le igoa ole igoa;
- Fausia ki RSA.
O le tusiga talu ai na faʻaalia ai pe faʻafefea ona suia le igoa talimalo ma le igoa ole igoa i luga o masini uma, o lea aʻo faʻaauau pea ona faʻatulagaina masini o loʻo i ai nei, e naʻo lou manaʻomia e faʻatupu RSA ki:
RTR1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
SSH version 2 o loʻo galue, ae o masini e leʻi faʻatulagaina atoatoa. O le laasaga mulimuli o le faʻatulagaina o faʻamafanafanaga virtual:
// Переход к настройке виртуальных консолей
R1(config)#line vty 0 4
// Разрешение удаленного подключения только по протоколу SSH
RTR1(config-line)#transport input ssh
RTR1(config-line)#exit
I le tusiga talu ai, na faʻatulagaina le faʻataʻitaʻiga AAA, lea na faʻapipiʻiina ai le faʻamaoniga i luga o faʻasalalauga faʻapitoa e faʻaaoga ai se faʻamaumauga faʻapitonuʻu, ma o le tagata faʻaoga, pe a maeʻa le faʻamaonia, e tatau ona vave alu i le tulaga faʻapitoa. Ole su'ega sili ona faigofie ole SSH o le taumafai lea e fa'afeso'ota'i i au lava masini. O le RTR1 o loʻo i ai se loopback ma tuatusi IP 1.1.1.1, e mafai ona e taumafai e faʻafesoʻotaʻi i lenei tuatusi:
//Подключение по ssh
RTR1(config)#do ssh -l wsrvuz19 1.1.1.1
Password:
RTR1#
A uma le ki -l Ulufale i totonu o le saini a le tagata o loʻo i ai nei, ona sosoo ai lea ma le password. A maeʻa le faʻamaoniga, e vave ona sui le tagata faʻaoga i le tulaga faʻapitoa, o lona uiga o le SSH ua faʻatulagaina saʻo.
puna: www.habr.com
