Isu tinoenderera mberi nekuongorora mabasa eNetwork module yeWorldSkills shasha mu "Network uye System Administration" kugona.
Mabasa anotevera achakurukurwa muchinyorwa:
- Pane ZVINHU ZVOSE, gadzira virtual interfaces, subinterfaces, uye loopback interfaces. Govera IP kero zvinoenderana netopology.
- Gonesa iyo SLAAC nzira yekuburitsa IPv6 kero muMNG network pane RTR1 router interface;
- Pamadhiraivha emukati muVLAN 100 (MNG) pane switch SW1, SW2, SW3, gonesa IPv6 auto-configuration mode;
- Pazvishandiso ZVESE (kunze kwePC1 neWEB) ipa nemaoko kero yekubatanidza-yenzvimbo;
- Pane ZVESE switch, dzima zviteshi ZVESE zvisina kushandiswa mubasa uye kuendesa kuVLAN 99;
- Pakuchinja SW1, gonesa kukiya kweminiti 1 kana ukaisa password zvisirizvo kaviri mukati memasekondi makumi matatu;
- Zvese zvishandiso zvinofanirwa kugoneka kuburikidza neSSH vhezheni 2.
Iyo network topology pane yemuviri layer inoratidzwa mune inotevera dhayagiramu:
Iyo network topology padanho rekubatanidza data inoratidzwa mudhayagiramu inotevera:
Iyo network topology padanho retiweki inoratidzwa mune inotevera dhayagiramu:
Pre-setting
Usati waita mabasa ari pamusoro, zvakafanira kumisikidza basic switching on switches SW1-SW3, sezvo zvichava nyore kutarisa marongero avo mune ramangwana. Iyo switching setup ichatsanangurwa zvakadzama muchinyorwa chinotevera, asi ikozvino chete marongero ndiwo achatsanangurwa.
Danho rekutanga kugadzira vlans nenhamba 99, 100 uye 300 pane zvese switch:
SW1(config)#vlan 99
SW1(config-vlan)#exit
SW1(config)#vlan 100
SW1(config-vlan)#exit
SW1(config)#vlan 300
SW1(config-vlan)#exit
Nhanho inotevera kuendesa interface g0/1 kuenda kuSW1 kune vlan nhamba 300:
SW1(config)#interface gigabitEthernet 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 300
SW1(config-if)#exit
Interfaces f0/1-2, f0/5-6, iyo yakatarisana nedzimwe switch, inofanira kuchinjirwa kuita trunk mode:
SW1(config)#interface range fastEthernet 0/1-2, fastEthernet 0/5-6
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#exit
Pakuchinja SW2 mu trunk modhi pachave neinopindirana f0/1-4:
SW2(config)#interface range fastEthernet 0/1-4
SW2(config-if-range)#switchport trunk encapsulation dot1q
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#exit
Pa switch SW3 mu trunk mode pachave nemainterfaces f0/3-6, g0/1:
SW3(config)#interface range fastEthernet 0/3-6, gigabitEthernet 0/1
SW3(config-if-range)#switchport trunk encapsulation dot1q
SW3(config-if-range)#switchport mode trunk
SW3(config-if-range)#exit
Panguva ino, zvigadziriso zvekushandura zvinobvumira kuchinjana kwemakiti emapakiti, ayo anodiwa kuti apedze mabasa.
1. Gadzira virtual interfaces, subinterfaces, uye loopback interfaces pamidziyo YESE. Govera IP kero zvinoenderana netopology.
Router BR1 ichagadziriswa kutanga. Zvinoenderana neiyo L3 topology, pano iwe unofanirwa kugadzirisa iyo loop-mhando interface, inozivikanwawo se loopback, nhamba 101:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ loopback
BR1(config)#interface loopback 101
// ΠΠ°Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅ ipv4-Π°Π΄ΡΠ΅ΡΠ°
BR1(config-if)#ip address 2.2.2.2 255.255.255.255
// ΠΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ipv6 Π½Π° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅
BR1(config-if)#ipv6 enable
// ΠΠ°Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅ ipv6-Π°Π΄ΡΠ΅ΡΠ°
BR1(config-if)#ipv6 address 2001:B:A::1/64
// ΠΡΡ
ΠΎΠ΄ ΠΈΠ· ΡΠ΅ΠΆΠΈΠΌΠ° ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
BR1(config-if)#exit
BR1(config)#
Kuti utarise mamiriro eiyo yakagadzirwa interface, unogona kushandisa murairo show ipv6 interface brief:
BR1#show ipv6 interface brief
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local Π°Π΄ΡΠ΅Ρ
2001:B:A::1 //IPv6-Π°Π΄ΡΠ΅Ρ
...
BR1#
Pano iwe unogona kuona kuti loopback iri kushanda, mamiriro ayo UP. Kana ukatarisa pazasi, unogona kuona maviri IPv6 kero, kunyangwe murairo mumwe chete wakashandiswa kuseta IPv6 kero. Chokwadi ndechekuti FE80::2D0:97FF:FE94:5022 ikero yekubatanidza-yenzvimbo iyo inopihwa kana ipv6 ikagoneswa pane interface ine rairo ipv6 enable.
Uye kuona iyo IPv4 kero, shandisa murairo wakafanana:
BR1#show ip interface brief
...
Loopback101 2.2.2.2 YES manual up up
...
BR1#
YeBR1, iwe unofanirwa kukurumidza kugadzirisa iyo g0/0 interface; pano iwe unongoda kuseta iyo IPv6 kero:
// ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ Π² ΡΠ΅ΠΆΠΈΠΌ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
BR1(config)#interface gigabitEthernet 0/0
// ΠΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
BR1(config-if)#no shutdown
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:B:C::1/64
BR1(config-if)#exit
BR1(config)#
Iwe unogona kutarisa zvirongwa nemurairo wakafanana show ipv6 interface brief:
BR1#show ipv6 interface brief
GigabitEthernet0/0 [up/up]
FE80::290:CFF:FE9D:4624 //link-local Π°Π΄ΡΠ΅Ρ
2001:B:C::1 //IPv6-Π°Π΄ΡΠ΅Ρ
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local Π°Π΄ΡΠ΅Ρ
2001:B:A::1 //IPv6-Π°Π΄ΡΠ΅Ρ
Zvadaro, ISP router ichagadziriswa. Pano, maererano nebasa, loopback nhamba 0 ichagadziriswa, asi kunze kweizvi, zviri nani kugadzirisa g0/0 interface, iyo inofanira kuva nekero 30.30.30.1, nokuda kwechikonzero chokuti mumabasa anotevera hapana chichazotaurwa nezvazvo. kuseta aya mainterfaces. Kutanga, loopback nhamba 0 inogadziriswa:
ISP(config)#interface loopback 0
ISP(config-if)#ip address 8.8.8.8 255.255.255.255
ISP(config-if)#ipv6 enable
ISP(config-if)#ipv6 address 2001:A:C::1/64
ISP(config-if)#exit
ISP(config)#
team show ipv6 interface brief Iwe unogona kuona kuti iyo interface maseting ndeyechokwadi. Ipapo interface g0/0 inogadziriswa:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.1 255.255.255.252
BR1(config-if)#exit
BR1(config)#
Tevere, iyo RTR1 router ichagadziriswa. Pano iwe zvakare unofanirwa kugadzira loopback nhamba 100:
BR1(config)#interface loopback 100
BR1(config-if)#ip address 1.1.1.1 255.255.255.255
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:A:B::1/64
BR1(config-if)#exit
BR1(config)#
Uyewo paRTR1 unoda kugadzira 2 virtual subinterfaces yevlans ine nhamba 100 uye 300. Izvi zvinogona kuitwa sezvinotevera.
Kutanga, iwe unofanirwa kugonesa iyo yemuviri interface g0/1 isina yekudzima murairo:
RTR1(config)#interface gigabitEthernet 0/1
RTR1(config-if)#no shutdown
RTR1(config-if)#exit
Ipapo subinterfaces ine nhamba 100 uye 300 inogadzirwa uye inogadziriswa:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΠΏΠΎΠ΄ΡΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ° Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ 100 ΠΈ ΠΏΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π΅Π³ΠΎ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅
RTR1(config)#interface gigabitEthernet 0/1.100
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ ΡΠΈΠΏΠ° dot1q Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 100
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:100::1/64
RTR1(config-subif)#exit
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΠΏΠΎΠ΄ΡΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ° Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ 300 ΠΈ ΠΏΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π΅Π³ΠΎ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅
RTR1(config)#interface gigabitEthernet 0/1.300
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ ΡΠΈΠΏΠ° dot1q Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 300
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:300::2/64
RTR1(config-subif)#exit
Iyo subinterface nhamba inogona kusiyana nenhamba yevlan iyo ichashanda, asi kuti zvive nyore zviri nani kushandisa subinterface nhamba inofanana nenhamba yevlan. Kana iwe ukaseta iyo encapsulation type paunenge uchigadzira subinterface, unofanirwa kutsanangura nhamba inoenderana nenhamba yevlan. Saka mushure mekuraira encapsulation dot1Q 300 iyo subinterface inongopfuura nepakati pevlan mapaketi ane nhamba 300.
Nhanho yekupedzisira mubasa iri ichava RTR2 router. Kubatana pakati peSW1 neRTR2 kunofanirwa kunge kuri mukupinda modhi, switch interface ichapfuura yakananga kuRTR2 chete mapaketi akaitirwa vlan nhamba 300, izvi zvakataurwa mubasa riri paL2 topology. Naizvozvo, chimiro chemuviri chete ndicho chichagadziriswa paRTR2 router pasina kugadzira subinterfaces:
RTR2(config)#interface gigabitEthernet 0/1
RTR2(config-if)#no shutdown
RTR2(config-if)#ipv6 enable
RTR2(config-if)#ipv6 address 2001:300::3/64
RTR2(config-if)#exit
RTR2(config)#
Ipapo interface g0/0 inogadziriswa:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.2 255.255.255.252
BR1(config-if)#exit
BR1(config)#
Izvi zvinopedzisa kugadzirisa kwe router interfaces yebasa razvino. Iyo yasara interfaces ichagadziriswa paunenge uchipedza anotevera mabasa.
a. Gonesa iyo SLAAC nzira yekuburitsa IPv6 kero muMNG network pane RTR1 router interface
Iyo SLAAC michina inogoneswa nekusarudzika. Chinhu chega chaunofanirwa kuita kugonesa IPv6 routing. Unogona kuita izvi nemurairo unotevera:
RTR1(config-subif)#ipv6 unicast-routing
Pasina murairo uyu, zvishandiso zvinoshanda semugamuchiri. Mune mamwe mazwi, nekuda kwemurairo uri pamusoro, zvinogoneka kushandisa mamwe mabasa epv6, kusanganisira kuburitsa ipv6 kero, kumisikidza nzira, nezvimwe.
b. Pane chaiwo mainterfaces muVLAN 100 (MNG) pane switch SW1, SW2, SW3, gonesa IPv6 auto-configuration mode.
Kubva kuL3 topology zviri pachena kuti zvidzitiro zvakabatana neVLAN 100. Izvi zvinoreva kuti zvakakosha kuumba virtual interfaces pane switches, uye chete ipapo kuvapa kuti vagamuchire IPv6 kero nekusingaperi. Kugadziriswa kwekutanga kwakaitwa nemazvo kuitira kuti ma switch agamuchire kero yakasarudzika kubva kuRTR1. Unogona kupedza basa iri uchishandisa rondedzero inotevera yemirairo, yakakodzera kune ese matatu switch:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
SW1(config)#interface vlan 100
SW1(config-if)#ipv6 enable
// ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ ipv6 Π°Π΄ΡΠ΅ΡΠ° Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ
SW1(config-if)#ipv6 address autoconfig
SW1(config-if)#exit
Iwe unogona kutarisa zvese nemirairo yakafanana show ipv6 interface brief:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::A8BB:CCFF:FE80:C000 // link-local Π°Π΄ΡΠ΅Ρ
2001:100::A8BB:CCFF:FE80:C000 // ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΉ IPv6-Π°Π΄ΡΠ΅Ρ
Pamusoro peiyo link-yenzvimbo kero, ipv6 kero yakagamuchirwa kubva kuRTR1 yakaonekwa. Iri basa rakapedzwa zvinobudirira, uye mirairo yakafanana inofanira kunyorwa pane yasara switch.
With. Pamidziyo YESE (kunze kwePC1 neWEB) ipa nemaoko kero yekubatanidza-yenzvimbo
Makumi matatu-manhamba IPv6 kero hainakidze kune maneja, saka zvinokwanisika kushandura nemaoko chinongedzo-yenzvimbo, uchidzikisa kureba kwayo kune hushoma kukosha. Mabasa acho haatauri nezvekero yekusarudza, saka sarudzo yemahara inopiwa pano.
Semuyenzaniso, pakuchinja SW1 unofanirwa kuseta chinongedzo-kero yenzvimbo fe80::10. Izvi zvinogona kuitwa nemurairo unotevera kubva pakugadzirisa maitiro eiyo yakasarudzwa interface:
// ΠΡ
ΠΎΠ΄ Π² Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ vlan 100
SW1(config)#interface vlan 100
// Π ΡΡΠ½Π°Ρ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° link-local Π°Π΄ΡΠ΅ΡΠ°
SW1(config-if)#ipv6 address fe80::10 link-local
SW1(config-if)#exit
Iye zvino kugadzirisa kunoratidzika kukwezva zvakanyanya:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::10 //link-local Π°Π΄ΡΠ΅c
2001:100::10 //IPv6-Π°Π΄ΡΠ΅Ρ
Pamusoro peiyo link-yenzvimbo kero, iyo yakagamuchirwa IPv6 kero yakachinja zvakare, sezvo kero yakapihwa zvichibva pane yekubatanidza-yenzvimbo kero.
Pakuchinja SW1 zvaive zvakakodzera kuseta kero imwe chete-yenzvimbo pane imwe interface. NeRTR1 router, iwe unofanirwa kuita mamwe marongero - iwe unofanirwa kuseta chinongedzo-yemunharaunda pane maviri madiki, pane loopback, uye mune inotevera marongero iyo tunnel 100 interface ichaonekwa zvakare.
Kuti udzivise kunyorwa kusingakoshi kwemirairo, unogona kuseta imwechete link-yenzvimbo kero pane ese mainterfaces kamwechete. Iwe unogona kuita izvi uchishandisa keyword range inoteverwa nekunyora ese mainterfaces:
// ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΈΡ
ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ²
RTR1(config)#interface range gigabitEthernet 0/1.100, gigabitEthernet 0/1.300, loopback 100
// Π ΡΡΠ½Π°Ρ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° link-local Π°Π΄ΡΠ΅ΡΠ°
RTR1(config-if)#ipv6 address fe80::1 link-local
RTR1(config-if)#exit
Paunenge uchitarisa mainterface, uchaona kuti iyo link-yenzvimbo kero yakashandurwa pane ese akasarudzwa interfaces:
RTR1#show ipv6 interface brief
gigabitEthernet 0/1.100 [up/up]
FE80::1
2001:100::1
gigabitEthernet 0/1.300 [up/up]
FE80::1
2001:300::2
Loopback100 [up/up]
FE80::1
2001:A:B::1
Mimwe michina yese inogadziriswa nenzira yakafanana
d. Pane ZVINHU ZVOSE, dzima zviteshi ZVESE zvisina kushandiswa mubasa uye kuendesa kuVLAN 99
Pfungwa yekutanga inzira imwechete yekusarudza akawanda mainterface kugadzirisa uchishandisa rairo range, uye ipapo chete iwe unofanirwa kunyora mirairo yekuendesa kune yaunoda vlan uye wobva wadzima mainterface. Semuenzaniso, chinja SW1, maererano neL1 topology, ichava nechiteshi f0/3-4, f0/7-8, f0/11-24 uye g0/2 yakaremara. Mumuenzaniso uyu, sarudzo ichave inotevera:
// ΠΡΠ±ΠΎΡ Π²ΡΠ΅Ρ
Π½Π΅ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌΡΡ
ΠΏΠΎΡΡΠΎΠ²
SW1(config)#interface range fastEthernet 0/3-4, fastEthernet 0/7-8, fastEthernet 0/11-24, gigabitEthernet 0/2
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΡΠ΅ΠΆΠΈΠΌΠ° access Π½Π° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°Ρ
SW1(config-if-range)#switchport mode access
// ΠΠ΅ΡΠ΅Π²ΠΎΠ΄ Π² VLAN 99 ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ²
SW1(config-if-range)#switchport access vlan 99
// ΠΡΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ²
SW1(config-if-range)#shutdown
SW1(config-if-range)#exit
Paunenge uchitarisa zvigadziriso nemurairo watozivikanwa, zvakakosha kuziva kuti zviteshi zvese zvisina kushandiswa zvinofanirwa kunge zvine chimiro administratively pasi, zvichiratidza kuti chiteshi chakaremara:
SW1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
...
fastEthernet 0/3 unassigned YES unset administratively down down
Kuti uone kuti ndeipi vlan chiteshi chiri mukati, unogona kushandisa mumwe kuraira:
SW1#show ip vlan
...
99 VLAN0099 active Fa0/3, Fa0/4, Fa0/7, Fa0/8
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/2
...
Yese isina kushandiswa interfaces inofanira kunge iri pano. Izvo zvakakosha kucherechedza kuti hazvizogone kuendesa interfaces kune vlan kana vlan yakadaro isati yagadzirwa. Nekuda kweichi chinangwa kuti mukutanga setup ese mavlans anodiwa ekushanda akagadzirwa.
e. Pachinja SW1, gonesa kukiya kweminiti imwe kana password yaiswa zvisirizvo kaviri mukati memasekondi makumi matatu.
Unogona kuita izvi nemurairo unotevera:
// ΠΠ»ΠΎΠΊΠΈΡΠΎΠ²ΠΊΠ° Π½Π° 60Ρ; ΠΠΎΠΏΡΡΠΊΠΈ: 2; Π ΡΠ΅ΡΠ΅Π½ΠΈΠ΅: 30Ρ
SW1#login block-for 60 attempts 2 within 30
Iwe unogona zvakare kutarisa aya marongero sezvinotevera:
SW1#show login
...
If more than 2 login failures occur in 30 seconds or less,
logins will be disabled for 60 seconds.
...
Iko kunotsanangurwa zvakajeka kuti mushure mekuedza kaviri kusina kubudirira mukati memasekondi e30 kana pasi, kukwanisa kupinda mukati kuchavharwa kwe60 seconds.
2. Midziyo yese inofanirwa kugoneka kuburikidza neSSH shanduro 2
Kuti zvigadziriswe zviwanikwe kuburikidza neSSH vhezheni 2, zvinodikanwa kuti utange wagadzira midziyo, saka nekuda kweruzivo, isu tichatanga tagadzirisa michina ine fekitori marongero.
Iwe unogona kushandura puncture version sezvinotevera:
// Π£ΡΡΠ°Π½ΠΎΠ²ΠΈΡΡ Π²Π΅ΡΡΠΈΡ SSH Π²Π΅ΡΡΠΈΠΈ 2
Router(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
Router(config)#
Iyo system inokukumbira kuti ugadzire makiyi eRSA ekuti SSH vhezheni 2 ishande. Uchitevera zano reiyo smart system, unogona kugadzira makiyi eRSA nemurairo unotevera:
// Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ RSA ΠΊΠ»ΡΡΠ΅ΠΉ
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#
Iyo sisitimu haitenderi murairo kuti uitwe nekuti zita remukati harina kuchinjwa. Mushure mekushandura zita remukati, unofanirwa kunyora kiyi yechizvarwa command zvakare:
Router(config)#hostname R1
R1(config)#crypto key generate rsa
% Please define a domain-name first.
R1(config)#
Ikozvino sisitimu haikubvumidze kuti ugadzire makiyi eRSA nekuda kwekushaikwa kwezita rezita. Uye mushure mekuisa zita rezita, zvinogoneka kugadzira makiyi eRSA. Makiyi eRSA anofanirwa kunge akareba 768 bits kuti SSH vhezheni yechipiri ishande:
R1(config)#ip domain-name wsrvuz19.ru
R1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Nekuda kweizvozvo, zvinoitika kuti SSHv2 ishande zvinodikanwa:
- Change hostname;
- Shandura domain name;
- Gadzira makiyi eRSA.
Chinyorwa chakapfuura chakaratidza maitiro ekushandura zita remugamuchiri uye zita remazita pamidziyo yese, saka uchienderera mberi nekugadzirisa zvishandiso zvazvino, unongoda kugadzira makiyi eRSA:
RTR1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
SSH vhezheni 2 inoshanda, asi michina haisati yanyatso gadziridzwa. Nhanho yekupedzisira ichave kumisikidza virtual consoles:
// ΠΠ΅ΡΠ΅Ρ
ΠΎΠ΄ ΠΊ Π½Π°ΡΡΡΠΎΠΉΠΊΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΡ
ΠΊΠΎΠ½ΡΠΎΠ»Π΅ΠΉ
R1(config)#line vty 0 4
// Π Π°Π·ΡΠ΅ΡΠ΅Π½ΠΈΠ΅ ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΡ ΡΠΎΠ»ΡΠΊΠΎ ΠΏΠΎ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Ρ SSH
RTR1(config-line)#transport input ssh
RTR1(config-line)#exit
Muchinyorwa chakapfuura, iyo AAA modhi yakagadziridzwa, uko kutendeseka kwakaiswa pane chaiwo maconsoles uchishandisa dhatabhesi yenzvimbo, uye mushandisi, mushure mekusimbiswa, aifanira kubva angopinda mune yakasarudzika mode. Iyo yakapusa bvunzo yeSSH mashandiro ndeyekuyedza kubatana kune yako midziyo. RTR1 ine loopback ine IP kero 1.1.1.1, unogona kuedza kubatanidza kukero iyi:
//ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΏΠΎ ssh
RTR1(config)#do ssh -l wsrvuz19 1.1.1.1
Password:
RTR1#
Mushure mekiyi -l Pinda kupinda kwemushandisi aripo, uyezve password. Mushure mehuchokwadi, mushandisi anobva achinja kune yakasarudzika modhi, zvinoreva kuti SSH inogadziriswa nemazvo.
Source: www.habr.com