Re tswela pele ho sekaseka mesebetsi ya mojule wa Netweke ya bompodi ba WorldSkills ka bokgoni ba “Network and System Administration”.
Mesebetsi e latelang e tla hlahlojoa sehloohong sena:
- Ho lisebelisoa TSOHLE, theha li-interfaces, li-subinterfaces, le li-loopback interfaces. Abela liaterese tsa IP ho latela topology.
- Etsa hore mochine oa SLAAC o fane ka liaterese tsa IPv6 marang-rang a MNG ho RTR1 router interface;
- Ho li-interface tsa VLAN 100 (MNG) ho li-switches SW1, SW2, SW3, nolofalletsa mokhoa oa ho iketsetsa IPv6;
- Ho lisebelisoa TSOHLE (ntle le PC1 le WEB) fana ka liaterese tsa sebaka sa khokahanyo;
- Ho li-switches TSOHLE, tima likou TSOHLE tse sa sebelisoeng mosebetsing ebe u fetisetsa VLAN 99;
- Ho switjha SW1, nolofalletsa ho notlela motsotso o le mong haeba phasewete e kentsoe ka phoso habeli nakong ea metsotsoana e 1;
- Lisebelisoa tsohle li tlameha ho laoleha ka mofuta oa 2 oa SSH.
Topology ea marang-rang karolong ea 'mele e hlahisoa ka setšoantšo se latelang:
Topology ea marang-rang boemong ba khokahano ea data e hlahisoa ka setšoantšo se latelang:
Topology ea marang-rang boemong ba marang-rang e hlahisoa ka setšoantšo se latelang:
ho seta pele
Pele o etsa mesebetsi e kaholimo, ho bohlokoa ho theha switjha ea mantlha ea SW1-SW3, kaha ho tla ba bonolo haholoanyane ho hlahloba litlhophiso tsa bona nakong e tlang. Setupo sa switching se tla hlalosoa ka botlalo sehloohong se latelang, empa hajoale ke litlhophiso feela tse tla hlalosoa.
Mohato oa pele ke ho theha li-vlan tse nang le linomoro tsa 99, 100 le 300 ho li-switches tsohle:
SW1(config)#vlan 99
SW1(config-vlan)#exit
SW1(config)#vlan 100
SW1(config-vlan)#exit
SW1(config)#vlan 300
SW1(config-vlan)#exit
Mohato o latelang ke ho fetisetsa sebopeho sa g0/1 ho SW1 ho vlan nomoro ea 300:
SW1(config)#interface gigabitEthernet 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 300
SW1(config-if)#exit
Li-interfaces f0/1-2, f0/5-6, tse shebaneng le li-switches tse ling, li lokela ho fetoleloa ho mokhoa oa kutu:
SW1(config)#interface range fastEthernet 0/1-2, fastEthernet 0/5-6
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#exit
Ho switjha SW2 ka mokhoa oa kutu ho tla ba le likhokahano f0/1-4:
SW2(config)#interface range fastEthernet 0/1-4
SW2(config-if-range)#switchport trunk encapsulation dot1q
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#exit
Ha o bula SW3 ka mokhoa oa kutu ho tla ba le likhokahano f0/3-6, g0/1:
SW3(config)#interface range fastEthernet 0/3-6, gigabitEthernet 0/1
SW3(config-if-range)#switchport trunk encapsulation dot1q
SW3(config-if-range)#switchport mode trunk
SW3(config-if-range)#exit
Mothating ona, litlhophiso tsa switch li tla lumella phapanyetsano ea lipakete tse tšoailoeng, tse hlokahalang ho phethela mesebetsi.
1. Etsa li-interface, li-subinterfaces, le li-loopback interfaces ho lisebelisoa TSOHLE. Abela liaterese tsa IP ho latela topology.
Router BR1 e tla lokisoa pele. Ho latela topology ea L3, mona hoa hlokahala ho hlophisa sebopeho sa mofuta oa loop, se tsejoang hape e le loopback, ho nomoro ea 101:
// Создание loopback
BR1(config)#interface loopback 101
// Назначение ipv4-адреса
BR1(config-if)#ip address 2.2.2.2 255.255.255.255
// Включение ipv6 на интерфейсе
BR1(config-if)#ipv6 enable
// Назначение ipv6-адреса
BR1(config-if)#ipv6 address 2001:B:A::1/64
// Выход из режима конфигурирования интерфейса
BR1(config-if)#exit
BR1(config)#
Ho hlahloba boemo ba sebopeho se entsoeng, u ka sebelisa taelo show ipv6 interface brief:
BR1#show ipv6 interface brief
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local адрес
2001:B:A::1 //IPv6-адрес
...
BR1#
Mona u ka bona hore loopback e sebetsa, boemo ba eona UP. Ha u sheba ka tlase, u ka bona liaterese tse peli tsa IPv6, leha ho sebelisitsoe taelo e le 'ngoe feela ho seta aterese ea IPv6. 'Nete ke hore FE80::2D0:97FF:FE94:5022 ke aterese ea sebaka sa marang-rang e fanoang ha ipv6 e kentsoe tšebetsong e nang le taelo ipv6 enable.
Le ho sheba aterese ea IPv4, sebelisa taelo e tšoanang:
BR1#show ip interface brief
...
Loopback101 2.2.2.2 YES manual up up
...
BR1#
Bakeng sa BR1, o lokela ho lokisa hang-hang sebopeho sa g0/0; mona o hloka feela ho seta aterese ea IPv6:
// Переход в режим конфигурирования интерфейса
BR1(config)#interface gigabitEthernet 0/0
// Включение интерфейса
BR1(config-if)#no shutdown
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:B:C::1/64
BR1(config-if)#exit
BR1(config)#
U ka hlahloba li-setting ka taelo e tšoanang show ipv6 interface brief:
BR1#show ipv6 interface brief
GigabitEthernet0/0 [up/up]
FE80::290:CFF:FE9D:4624 //link-local адрес
2001:B:C::1 //IPv6-адрес
...
Loopback101 [up/up]
FE80::2D0:97FF:FE94:5022 //link-local адрес
2001:B:A::1 //IPv6-адрес
Ka mor'a moo, router ea ISP e tla lokisoa. Mona, ho ea ka mosebetsi, nomoro ea loopback 0 e tla hlophisoa, empa ntle le sena, ho molemo ho lokisa sebopeho sa g0/0, se lokelang ho ba le aterese 30.30.30.1, ka lebaka la hore mesebetsing e latelang ha ho letho le tla buuoa ka lona. ho theha li-interfaces tsena. Taba ea pele, nomoro ea loopback 0 e lokiselitsoe:
ISP(config)#interface loopback 0
ISP(config-if)#ip address 8.8.8.8 255.255.255.255
ISP(config-if)#ipv6 enable
ISP(config-if)#ipv6 address 2001:A:C::1/64
ISP(config-if)#exit
ISP(config)#
sehlopha show ipv6 interface brief U ka netefatsa hore li-setting tsa interface li nepahetse. Ebe sebopeho sa g0/0 se lokiselitsoe:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.1 255.255.255.252
BR1(config-if)#exit
BR1(config)#
Ka mor'a moo, router ea RTR1 e tla hlophisoa. Mona o boetse o hloka ho theha nomoro ea loopback 100:
BR1(config)#interface loopback 100
BR1(config-if)#ip address 1.1.1.1 255.255.255.255
BR1(config-if)#ipv6 enable
BR1(config-if)#ipv6 address 2001:A:B::1/64
BR1(config-if)#exit
BR1(config)#
Hape ho RTR1 o hloka ho theha li-subinterfaces tse 2 tsa li-vlan tse nang le linomoro tsa 100 le 300. Sena se ka etsoa ka tsela e latelang.
Taba ea pele, o hloka ho nolofalletsa sebopeho sa 'mele g0/1 ka taelo ea ho se tima:
RTR1(config)#interface gigabitEthernet 0/1
RTR1(config-if)#no shutdown
RTR1(config-if)#exit
Ebe li-subinterfaces tse nang le linomoro tsa 100 le 300 lia bōptjoa le ho hlophisoa:
// Создание подынтерфейса с номером 100 и переход к его настройке
RTR1(config)#interface gigabitEthernet 0/1.100
// Установка инкапсуляции типа dot1q с номером vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 100
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:100::1/64
RTR1(config-subif)#exit
// Создание подынтерфейса с номером 300 и переход к его настройке
RTR1(config)#interface gigabitEthernet 0/1.300
// Установка инкапсуляции типа dot1q с номером vlan'a 100
RTR1(config-subif)#encapsulation dot1Q 300
RTR1(config-subif)#ipv6 enable
RTR1(config-subif)#ipv6 address 2001:300::2/64
RTR1(config-subif)#exit
Nomoro ea subinterface e ka fapana le nomoro ea vlan eo e tla sebetsa ho eona, empa bakeng sa boiketlo ho molemo ho sebelisa nomoro ea subinterface e lumellanang le nomoro ea vlan. Haeba o beha mofuta oa encapsulation ha o theha subinterface, o lokela ho bolela palo e lumellanang le nomoro ea vlan. Kahoo ka mor'a taelo encapsulation dot1Q 300 subinterface e tla feta feela lipaketeng tsa vlan tse nang le nomoro ea 300.
Mohato oa ho qetela mosebetsing ona e tla ba router ea RTR2. Khokahano lipakeng tsa SW1 le RTR2 e tlameha ho ba maemong a phihlello, sebopeho sa switjha se tla fetela ho RTR2 feela lipakete tse reretsoeng vlan nomoro ea 300, sena se boletsoe mosebetsing oa topology ea L2. Ka hona, ke sebopeho sa 'mele feela se tla hlophisoa ho router ea RTR2 ntle le ho theha li-subinterfaces:
RTR2(config)#interface gigabitEthernet 0/1
RTR2(config-if)#no shutdown
RTR2(config-if)#ipv6 enable
RTR2(config-if)#ipv6 address 2001:300::3/64
RTR2(config-if)#exit
RTR2(config)#
Ebe sebopeho sa g0/0 se lokiselitsoe:
BR1(config)#interface gigabitEthernet 0/0
BR1(config-if)#no shutdown
BR1(config-if)#ip address 30.30.30.2 255.255.255.252
BR1(config-if)#exit
BR1(config)#
Sena se phethela tlhophiso ea li-interface tsa router bakeng sa mosebetsi oa hajoale. Li-interfaces tse setseng li tla hlophisoa ha u qeta mesebetsi e latelang.
a. Numella mokhoa oa SLAAC ho fana ka liaterese tsa IPv6 marang-rang a MNG ho sehokelo sa router ea RTR1
Mochine oa SLAAC o nolofalitsoe ka ho sa feleng. Ntho feela eo u hlokang ho e etsa ke ho nolofalletsa IPv6 routing. U ka etsa sena ka taelo e latelang:
RTR1(config-subif)#ipv6 unicast-routing
Ntle le taelo ena, thepa e sebetsa e le moamoheli. Ka mantsoe a mang, ka lebaka la taelo e kaholimo, hoa khoneha ho sebelisa mesebetsi e meng ea ipv6, ho kenyelletsa ho fana ka liaterese tsa ipv6, ho theha routing, joalo-joalo.
b. Ho li-interface tsa VLAN 100 (MNG) ho li-switches SW1, SW2, SW3, nolofalletsa mokhoa oa IPv6 oa ho itlhophisa
Ho tloha ho topology ea L3 ho hlakile hore li-switches li hokahane le VLAN 100. Sena se bolela hore hoa hlokahala ho theha li-interfaces tsa sebele holim'a li-switches, ebe feela u li abela ho fumana liaterese tsa IPv6 ka ho feletseng. Tokiso ea pele e entsoe ka nepo e le hore li-switch li ka fumana liaterese tsa kamehla ho tsoa ho RTR1. O ka qeta mosebetsi ona o sebelisa lethathamo le latelang la litaelo, tse loketseng li-switches tse tharo:
// Создание виртуального интерфейса
SW1(config)#interface vlan 100
SW1(config-if)#ipv6 enable
// Получение ipv6 адреса автоматически
SW1(config-if)#ipv6 address autoconfig
SW1(config-if)#exit
U ka hlahloba ntho e 'ngoe le e' ngoe ka taelo e tšoanang show ipv6 interface brief:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::A8BB:CCFF:FE80:C000 // link-local адрес
2001:100::A8BB:CCFF:FE80:C000 // полученный IPv6-адрес
Ntle le aterese ea sebaka seo, ho ile ha hlaha aterese ea ipv6 e tsoang ho RTR1. Mosebetsi ona o phethiloe ka katleho, 'me litaelo tse tšoanang li tlameha ho ngoloa ho li-switches tse setseng.
Ka. Ho lisebelisoa TSOHLE (ntle le PC1 le WEB) fana ka liaterese tsa sebaka sa marang-rang
Liaterese tsa IPv6 tse nang le linomoro tse mashome a mararo ha li na monate ho batsamaisi, kahoo hoa khoneha ho fetola sehokelo sa lehae, ho fokotsa bolelele ba sona ho boleng bo tlase. Likabelo ha li bue letho ka hore na u ka khetha liaterese life, kahoo khetho ea mahala e fanoe mona.
Ka mohlala, ha u fetola SW1 u hloka ho theha aterese ea sebaka sa heno fe80::10. Sena se ka etsoa ka taelo e latelang ho tsoa ho mokhoa oa tlhophiso oa sebopeho se khethiloeng:
// Вход в виртуальный интерфейс vlan 100
SW1(config)#interface vlan 100
// Ручная установка link-local адреса
SW1(config-if)#ipv6 address fe80::10 link-local
SW1(config-if)#exit
Hona joale ho bua ho shebahala ho khahla le ho feta:
SW1#show ipv6 interface brief
...
Vlan100 [up/up]
FE80::10 //link-local адреc
2001:100::10 //IPv6-адрес
Ntle le aterese ea sebaka sa marang-rang, aterese ea IPv6 e amohetseng le eona e fetohile, kaha aterese e fanoa ho ipapisitsoe le aterese ea sebaka seo.
Ho switjha SW1 ho ne ho hlokahala ho beha aterese e le 'ngoe feela ea sebaka seo ho sehokelo se le seng. Ka router ea RTR1, o hloka ho etsa litlhophiso tse ling - o hloka ho seta sehokelo sa lehae ho li-subinterfaces tse peli, ho loopback, 'me litlhophisong tse latelang ho tla hlaha sebopeho sa kotopo ea 100.
Ho qoba ho ngola ho sa hlokahaleng ha litaelo, o ka beha aterese e tšoanang ea sebaka sa marang-rang ho li-interfaces tsohle hang-hang. U ka etsa sena ka ho sebelisa senotlolo range e lateloe ke ho thathamisa lihokelo tsohle:
// Переход к настройке нескольких интерфейсов
RTR1(config)#interface range gigabitEthernet 0/1.100, gigabitEthernet 0/1.300, loopback 100
// Ручная установка link-local адреса
RTR1(config-if)#ipv6 address fe80::1 link-local
RTR1(config-if)#exit
Ha u sheba li-interfaces, u tla bona hore liaterese tsa sebaka sa marang-rang li fetotsoe ho li-interfaces tsohle tse khethiloeng:
RTR1#show ipv6 interface brief
gigabitEthernet 0/1.100 [up/up]
FE80::1
2001:100::1
gigabitEthernet 0/1.300 [up/up]
FE80::1
2001:300::2
Loopback100 [up/up]
FE80::1
2001:A:B::1
Lisebelisoa tse ling kaofela li hlophisitsoe ka tsela e tšoanang
d. Ho li-switches TSOHLE, tima likou TSOHLE tse sa sebelisoeng mosebetsing ebe u li fetisetsa ho VLAN 99
Mohopolo oa mantlha ke mokhoa o ts'oanang oa ho khetha li-interfaces tse ngata ho hlophisa ho sebelisa taelo range, 'me ke ka nako eo feela o lokelang ho ngola litaelo tsa ho fetisetsa ho vlan e lakatsehang ebe o tima li-interfaces. Mohlala, switjha SW1, ho latela topology ea L1, e tla ba le likou tsa f0/3-4, f0/7-8, f0/11-24 le g0/2 tse holofetseng. Bakeng sa mohlala ona, maemo a tla ba ka tsela e latelang:
// Выбор всех неиспользуемых портов
SW1(config)#interface range fastEthernet 0/3-4, fastEthernet 0/7-8, fastEthernet 0/11-24, gigabitEthernet 0/2
// Установка режима access на интерфейсах
SW1(config-if-range)#switchport mode access
// Перевод в VLAN 99 интерфейсов
SW1(config-if-range)#switchport access vlan 99
// Выключение интерфейсов
SW1(config-if-range)#shutdown
SW1(config-if-range)#exit
Ha u sheba litlhophiso ka taelo e seng e ntse e tsejoa, ho bohlokoa ho hlokomela hore likou tsohle tse sa sebelisoeng li tlameha ho ba le maemo ka tsamaiso tlase, e bontšang hore boema-kepe bo koetsoe:
SW1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
...
fastEthernet 0/3 unassigned YES unset administratively down down
Ho bona hore na boema-kepe bo hokae, o ka sebelisa taelo e 'ngoe:
SW1#show ip vlan
...
99 VLAN0099 active Fa0/3, Fa0/4, Fa0/7, Fa0/8
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/2
...
Likhokahano tsohle tse sa sebelisoeng li lokela ho ba mona. Ke habohlokoa ho hlokomela hore ho ke ke ha khoneha ho fetisetsa li-interfaces ho vlan haeba vlan e joalo e sa etsoa. Ke ka morero ona hore ho setang sa pele li-vlans tsohle tse hlokahalang bakeng sa ts'ebetso li entsoe.
e. Ho switjha SW1, etsa hore ho notlelloe motsotso o le 1 haeba phasewete e kentsoe ka phoso habeli nakong ea metsotsoana e 30.
U ka etsa sena ka taelo e latelang:
// Блокировка на 60с; Попытки: 2; В течение: 30с
SW1#login block-for 60 attempts 2 within 30
U ka boela ua sheba li-setting tsena ka tsela e latelang:
SW1#show login
...
If more than 2 login failures occur in 30 seconds or less,
logins will be disabled for 60 seconds.
...
Moo ho hlalosoang ka ho hlaka hore ka mor'a liteko tse peli tse sa atleheng nakong ea metsotsoana e 30 kapa ka tlase, bokhoni ba ho kena bo tla thibeloa ka metsotsoana e 60.
2. Lisebelisoa tsohle li tlameha ho laoleha ka SSH mofuta oa 2
E le hore lisebelisoa li fumanehe ka SSH version 2, ho hlokahala hore u qale ho lokisa lisebelisoa, kahoo bakeng sa merero ea tlhahisoleseding, re tla qala ho lokisa lisebelisoa ka lisebelisoa tsa fektheri.
O ka fetola mofuta oa puncture ka tsela e latelang:
// Установить версию SSH версии 2
Router(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.
Router(config)#
Sistimi e u kopa hore u thehe linotlolo tsa RSA bakeng sa SSH mofuta oa 2. Ho latela likeletso tsa sistimi e bohlale, u ka etsa linotlolo tsa RSA ka taelo e latelang:
// Создание RSA ключей
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#
Sistimi ha e lumelle hore taelo e phethoe hobane lebitso la moamoheli ha le so fetoloe. Kamora ho fetola lebitso la moamoheli, o hloka ho ngola taelo ea senotlolo hape:
Router(config)#hostname R1
R1(config)#crypto key generate rsa
% Please define a domain-name first.
R1(config)#
Hona joale tsamaiso ha e u lumelle ho etsa linotlolo tsa RSA ka lebaka la ho haella ha domain name. 'Me ka mor'a ho kenya domain name, ho tla khoneha ho etsa linotlolo tsa RSA. Likonopo tsa RSA li tlameha ho ba bolelele ba li-bits tse 768 hore mofuta oa 2 oa SSH o sebetse:
R1(config)#ip domain-name wsrvuz19.ru
R1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Ka lebaka leo, hoa etsahala hore SSHv2 e sebetse hoa hlokahala:
- Fetola lebitso la moamoheli;
- Fetola lebitso la domain;
- Hlahisa linotlolo tsa RSA.
Sengoloa se fetileng se bonts'itse mokhoa oa ho fetola lebitso la moamoheli le domain name ho lisebelisoa tsohle, kahoo ha o ntse o tsoela pele ho lokisa lisebelisoa tsa hajoale, o hloka feela ho hlahisa linotlolo tsa RSA:
RTR1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Mofuta oa 2 oa SSH oa sebetsa, empa lisebelisoa ha li so hlophisoe ka botlalo. Mohato oa ho qetela e tla ba ho theha li-consoles tse hlakileng:
// Переход к настройке виртуальных консолей
R1(config)#line vty 0 4
// Разрешение удаленного подключения только по протоколу SSH
RTR1(config-line)#transport input ssh
RTR1(config-line)#exit
Sehloohong se fetileng, ho ile ha hlophisoa mohlala oa AAA, moo bopaki bo neng bo behiloe ho li-consoles tsa sebele ho sebelisa database ea sebaka seo, 'me mosebedisi, ka mor'a ho netefatsa, o ne a tlameha ho kena hang-hang ka mokhoa o khethehileng. Teko e bonolo ka ho fetisisa ea ts'ebetso ea SSH ke ho leka ho hokela lisebelisoa tsa hau. RTR1 e na le loopback e nang le aterese ea IP 1.1.1.1, u ka leka ho hokela atereseng ena:
//Подключение по ssh
RTR1(config)#do ssh -l wsrvuz19 1.1.1.1
Password:
RTR1#
Ka mor'a senotlolo -l Kenya ho kena ha mosebelisi ea teng, ebe password. Kamora ho netefatsoa, mosebelisi hang-hang o fetohela ho maemo a lehlohonolo, ho bolelang hore SSH e hlophisitsoe ka nepo.
Source: www.habr.com