Ntho e 'ngoe hape eo ke lebetse ho e bua ke hore ACL ha e sefe sephethephethe feela ka mokhoa oa ho lumella / ho hana, e etsa mesebetsi e mengata e mengata. Mohlala, ACL e sebelisetsoa ho encrypt sephethephethe sa VPN, empa ho fetisa tlhahlobo ea CCNA, o hloka feela ho tseba hore na e sebelisoa joang ho sefa sephethephethe. Ha re khutleleng ho Bothata No.
Re fumane hore sephethephethe sa lefapha la likarabello le thekiso se ka thijoa ho sebopeho sa tlhahiso ea R2 ho sebelisa lethathamo le latelang la ACL.
U se ke ua tšoenyeha ka sebopeho sa lenane lena, e mpa e bolela e le mohlala ho u thusa ho utloisisa hore na ACL ke eng. Re tla fihla sebopehong se nepahetseng hang ha re qala ka Packet Tracer.
Mosebetsi oa No. 2 o utloahala tjena: kamore ea seva e ka buisana le mabotho leha e le afe, ntle le mabotho a lefapha la tsamaiso. Ke hore, lik'homphieutha tsa kamore ea seva li ka khona ho fumana lik'homphieutha leha e le life lefapheng la thekiso le likarabello, empa ha lia lokela ho fumana lik'homphieutha lefapheng la tsamaiso. Sena se bolela hore basebeletsi ba IT ba kamoreng ea seva ha baa lokela ho ba le phihlelo ea hole le k'homphieutha ea hlooho ea lefapha la tsamaiso, empa haeba ho na le mathata, ba tle ofising ea hae 'me ba lokise bothata hang-hang. Hlokomela hore mosebetsi ona ha o sebetse hobane ha ke tsebe hore na ke hobane'ng ha kamore ea seva e ke ke ea khona ho buisana ka marang-rang le lefapha la tsamaiso, kahoo tabeng ena re sheba mohlala oa thuto feela.
Ho rarolla bothata bona, o lokela ho qala ka ho tseba tsela ea sephethephethe. Lintlha tse tsoang kamoreng ea seva li fihla sebopeho sa ho kenya G0/1 sa router R1 'me se romelloa lefapheng la tsamaiso ka sebopeho sa tlhahiso G0/0.
Haeba re sebelisa boemo ba Deny 192.168.1.192/27 ho sebopeho sa ho kenya G0/1, 'me ha u ntse u hopola, ACL e tloaelehileng e behiloe haufi le mohloli oa sephethephethe, re tla thibela sephethephethe sohle, ho kenyelletsa le lefapha la thekiso le likarabello.
Kaha re batla ho thibela sephethephethe feela se lebisitsoeng lefapheng la tsamaiso, re tlameha ho sebelisa ACL ho sebopeho sa tlhahiso G0/0. Bothata bona bo ka rarolloa feela ka ho beha ACL haufi le moo u eang teng. Ka nako e ts'oanang, sephethephethe se tsoang lefapheng la likarabello le thekiso ea marang-rang se tlameha ho fihla ka bolokolohi lefapheng la tsamaiso, kahoo mola oa ho qetela oa lethathamo e tla ba Tumella taelo leha e le efe - ho lumella sephethephethe leha e le sefe, ntle le sephethephethe se boletsoeng boemong bo fetileng.
Ha re tsoeleng pele ho Mosebetsi oa 3: Laptop 3 ea Laptop e tsoang lefapheng la thekiso ha ea lokela ho ba le lisebelisoa leha e le life ntle le tse fumanehang marang-rang a sebaka sa lefapha la thekiso. A re nke hore moithuti o sebetsa k'homphieutheng ena 'me ha aa lokela ho fetela ka nģ'ane ho LAN ea hae.
Tabeng ena, o hloka ho sebelisa ACL ho sebopeho sa ho kenya G0/1 sa router R2. Haeba re fana ka aterese ea IP 192.168.1.3/25 khomphuteng ena, joale boemo ba Deny 192.168.1.3/25 bo tlameha ho finyelloa, 'me sephethephethe se tsoang ho aterese efe kapa efe ea IP ha sea lokela ho thibeloa, kahoo mola oa ho qetela oa lenane o tla ba tumello. leha e le efe.
Leha ho le joalo, ho thibela sephethephethe ho ke ke ha ba le phello efe kapa efe ho Laptop2.
Mosebetsi o latelang e tla ba Mosebetsi oa 4: PC0 feela ea k'homphieutha ea lefapha la lichelete e ka ba le mokhoa oa ho fumana marang-rang a seva, empa eseng lefapha la tsamaiso.
Haeba u hopola, ACL ho tloha Mosebetsi #1 thibela sephethephethe sohle se tsoang ho S0/1/0 segokanyimmediamentsi sa sebolokigolo R2, empa Mosebetsi #4 e re re lokela ho etsa bonnete ba hore PC0 feela sephethephethe feta, kahoo re lokela ho etsa mokhelo.
Mesebetsi eohle eo re e rarollang hona joale e lokela ho u thusa boemong ba sebele ha u theha ACL bakeng sa marang-rang a ofisi. Bakeng sa boiketlo, ke sebelisitse mofuta oa khale oa ho kena, empa ke u eletsa hore u ngole mela eohle ka letsoho pampiring kapa u e thaepe k'homphieutheng e le hore u ka etsa litokiso ho litlhaloso. Tabeng ea rona, ho ea ka maemo a Mosebetsi oa 1, lethathamo la khale la ACL le ne le hlophisitsoe. Haeba re batla ho kenyelletsa mokhelo ho eona bakeng sa PC0 ea mofuta oa Permit , joale re ka beha mohala ona oa bone feela lethathamong, ka mor'a hore ho be le tumello efe kapa efe. Leha ho le joalo, kaha aterese ea k'homphieutha ena e kenyelelitsoe lethathamong la liaterese bakeng sa ho hlahloba boemo ba Deny 0/192.168.1.128, sephethephethe sa eona se tla thibeloa hang ka mor'a hore boemo bona bo finyelloe 'me router e ke ke ea fihla ho hlahloba mohala oa bone, ho lumella. sephethephethe ho tsoa atereseng ena ea IP.
Ka hona, ke tla tlameha ho tsosolosa ka ho feletseng lethathamo la ACL la Mosebetsi oa No. ho tsoa mafapheng a libuka le thekiso.
Ka hona, molaong oa pele re na le taelo bakeng sa aterese e itseng, 'me ea bobeli - e akaretsang bakeng sa marang-rang eohle eo aterese ena e leng ho eona. Haeba u sebelisa mofuta oa kajeno oa ACL, u ka habonolo etsa liphetoho ho eona ka ho beha mola Permit 192.168.1.130/26 e le taelo ea pele. Haeba u na le ACL ea khale, u tla hloka ho e tlosa ka ho feletseng ebe u kenya litaelo hape ka tatellano e nepahetseng.
Tharollo ea Bothata No. 4 ke ho beha line Permit 192.168.1.130/26 qalong ea ACL ho tloha Bothata No. 1, hobane feela tabeng ena tla sephethephethe ho tloha PC0 ka bolokolohi tlohela segokanyimmediamentsi sa sebolokigolo ea router R2. Sephethephethe sa PC1 se tla thijoa ka ho feletseng hobane aterese ea eona ea IP e tlas'a thibelo e teng moleng oa bobeli oa lenane.
Hona joale re tla fetela ho Packet Tracer ho etsa litlhophiso tse hlokahalang. Ke se ke hlophisitse liaterese tsa IP tsa lisebelisoa tsohle hobane litšoantšo tse nolofalitsoeng tse fetileng li ne li le thata ho utloisisa. Ho phaella moo, ke lokiselitse RIP pakeng tsa li-routers tse peli. Ho topology ea marang-rang e fanoeng, puisano pakeng tsa lisebelisoa tsohle tsa subnets tse 4 e ka khoneha ntle le lithibelo. Empa hang ha re sebelisa ACL, sephethephethe se tla qala ho sefshoa.
Ke tla qala ka lefapha la lichelete PC1 mme ke leke ho ping aterese ea IP 192.168.1.194, e leng ea Server0, e ka kamoreng ea seva. Joalokaha u ka bona, ping e atleha ntle le mathata. Ke boetse ke atlehile ho ping Laptop0 ho tsoa lefapheng la tsamaiso. Pakete ea pele e lahliloe ka lebaka la ARP, tse 3 tse setseng li pinged ka bolokolohi.
E le hore ke hlophise ho sefa sephethephethe, ke kena litlhophisong tsa router ea R2, ke kenya tšebetsong mokhoa oa tlhophiso ea lefats'e mme ke tlo theha lenane la sejoale-joale la ACL. Re boetse re na le mofuta oa khale oa ACL 10. Ho theha lenane la pele, ke kenya taelo eo ho eona u tlamehang ho hlakisa lebitso le tšoanang la lethathamo leo re le ngotseng pampiring: ip access-list standard ACL Secure_Ma_And_Se. Ka mor'a sena, tsamaiso e etsa hore ho be le mekhahlelo e ka khonehang: Nka khetha ho hana, ho tsoa, che, ho lumella kapa ho fana ka maikutlo, hape ke kenya Nomoro ea Sequence ho tloha 1 ho ea ho 2147483647. Haeba ke sa etse sena, tsamaiso e tla e abela ka boomo.
Ka hona, ha ke kenye nomoro ena, empa hang-hang u ee ho molaoli oa tumello 192.168.1.130 taelo, kaha tumello ena e sebetsa bakeng sa sesebelisoa se itseng sa PC0. Hape nka sebelisa Wildcard Mask e ka morao, joale ke tla u bontša mokhoa oa ho e etsa.
Ka mor'a moo, ke kenya taelo hana 192.168.1.128. Kaha re na le /26, ke sebelisa mask a ka morao mme ke tlatsa taelo ka eona: hana 192.168.1.128 0.0.0.63. Kahoo, ke hana sephethephethe ho marang-rang 192.168.1.128/26.
Ka ho tšoanang, ke thibela sephethephethe ho tloha marang-rang a latelang: hana 192.168.1.0 0.0.0.127. Sephethephethe se seng kaofela se lumelletsoe, kahoo ke kenya tumello ea taelo leha e le efe. Ka mor'a moo ke tlameha ho sebelisa lenane lena ho sebopeho, kahoo ke sebelisa taelo int s0/1/0. Ebe ke thaepa ip access-group Secure_Ma_And_Se, mme sistimi e ntšusumelletsa ho khetha sebopeho - bakeng sa lipakete tse kenang le ho tsoa bakeng sa tse tsoang. Re hloka ho sebelisa ACL ho sebopeho sa tlhahiso, kahoo ke sebelisa taelo ea IP Access-Secure_Ma_And_Se out.
Ha re ee moleng oa taelo oa PC0 ebe re ping aterese ea IP 192.168.1.194, eo e leng ea seva sa Server0. Ping e atlehile hobane re sebelisitse boemo bo khethehileng ba ACL bakeng sa sephethephethe sa PC0. Haeba ke etsa se tšoanang ho tloha ho PC1, tsamaiso e tla hlahisa phoso: "moamoheli oa sebaka seo a eang ho sona ha a fumanehe", kaha sephethephethe se tsoang ho liaterese tse setseng tsa IP tsa lefapha la likarabello li koetsoe ho kena ka kamoreng ea seva.
Ka ho kena ho CLI ea router ea R2 le ho thaepa taelo ea lenane la aterese ea ip, u ka bona hore na sephethephethe sa marang-rang sa lefapha la lichelete se ile sa tsamaisoa joang - se bontša hore na ping e fetisitsoe ka makhetlo a makae ho latela tumello le hore na e ne e le ka makhetlo a makae. thibiloe ho ya ka thibelo.
Re ka lula re ea ho li-setting tsa router mme re bona lenane la phihlello. Kahoo, maemo a Mesebetsi No. 1 le No. 4 a finyelloa. Ere ke o bontshe ntho e nngwe hape. Haeba ke batla ho lokisa ntho e itseng, nka kena mokhoeng oa tlhophiso ea lefats'e ea li-setting tsa R2, kenya taelo ea ip access-list standard Secure_Ma_And_Se ebe taelo ea "host 192.168.1.130 ha e lumelloe" - ha ho na tumello ea ho amohela 192.168.1.130.
Haeba re sheba lenane la phihlello hape, re tla bona hore mohala oa 10 o nyametse, re na le mela ea 20,30, 40 le XNUMX feela. ka mokhoa oa khale.
Joale ha re feteleng ho ACL ea boraro, hobane e boetse e ama R2 router. E bolela hore sephethephethe leha e le sefe se tsoang ho Laptop3 ha sea lokela ho tloha marang-rang a lefapha la thekiso. Tabeng ena, Laptop2 e lokela ho buisana ntle le mathata le lik'homphieutha tsa lefapha la lichelete. Ho leka sena, ke ping aterese ea IP 192.168.1.130 ho tloha laptop ena mme ke etsa bonnete ba hore ntho e 'ngoe le e' ngoe e sebetsa.
Hona joale ke tla ea molaong oa taelo oa Laptop3 le ping aterese 192.168.1.130. Pinging e atlehile, empa ha re e hloke, kaha ho ea ka maemo a mosebetsi, Laptop3 e ka buisana feela le Laptop2, e leng marang-rang a tšoanang a lefapha la thekiso. Ho etsa sena, o hloka ho theha ACL e 'ngoe ho sebelisa mokhoa oa khale.
Ke tla khutlela ho litlhophiso tsa R2 'me ke leke ho khutlisa kenyo e hlakotsoeng ea 10 ke sebelisa taelo ea moamoheli 192.168.1.130. Ua bona hore kenyelletso ena e hlaha qetellong ea lenane ka nomoro ea 50. Leha ho le joalo, phihlello e ntse e ke ke ea sebetsa, hobane mohala o lumellang moeti ea itseng o qetellong ea lenane, 'me mohala o thibelang sephethephethe sa marang-rang o ka holimo. ea lenane. Haeba re leka ho ping Laptop0 ea lefapha la taolo ho tsoa ho PC0, re tla fumana molaetsa "moamoheli oa sebaka ha a fihlellehe," ho sa tsotellehe hore ho na le tumello ea ho kena ka nomoro ea 50 ho ACL.
Ka hona, haeba u batla ho fetola ACL e teng, u lokela ho kenya taelo ha ho tumello moamoheli 2 ka R192.168.1.130 mode (config-std-nacl), hlahloba hore mola 50 e nyametse lethathamong, 'me kenya taelo 10 tumello. moamoheli 192.168.1.130. Rea bona hore lenane le se le khutletse sebopehong sa lona sa pele, 'me keno ena e behiloe pele. Linomoro tsa tatellano li thusa ho hlophisa lenane ka mokhoa ofe kapa ofe, kahoo mofuta oa morao-rao oa ACL o bonolo ho feta oa khale.
Hona joale ke tla bontša kamoo mofuta oa khale oa lethathamo la ACL 10. Ho sebelisa lethathamo la khale, u lokela ho kenya taelo ea ho fihlella-lethathamo la 10?, 'me, ho latela ts'ebetso, khetha ketso e lakatsehang: hana, tumello kapa maikutlo. Ebe ke kenya lethathamo la phihlello-lethathamo la 10 latola moamoheli, ka mor'a moo ke thaepa phihlello ea taelo-lethathamo la 10 latola 192.168.1.3 ebe ke eketsa maske a ka morao. Kaha re na le moeti, mask a pele a subnet ke 255.255.255.255, 'me ka morao ke 0.0.0.0. Ka lebaka leo, ho hana sephethephethe sa moamoheli, ke tlameha ho kenya taelo ea phihlello-lethathamo la 10 latola 192.168.1.3 0.0.0.0. Kamora sena, o hloka ho hlakisa litumello, tseo ke thaepang phihlello ea taelo-lethathamo la 10 tumello efe kapa efe. Lethathamo lena le hloka ho sebelisoa ho sebopeho sa G0/1 sa router R2, kahoo ke kenya litaelo ka tatellano ho g0/1, ip access-group 10 in. Ho sa tsotelehe hore na ho sebelisoa lethathamo lefe, la khale kapa la sejoale-joale, ho sebelisoa litaelo tse tšoanang ho sebelisa lethathamo lena ho sebopeho.
Ho hlahloba hore na litlhophiso li nepahetse, ke ea ho Laptop3 line line terminal ebe ke leka ho ping aterese ea IP 192.168.1.130 - joalokaha u bona, tsamaiso e tlaleha hore moeti oa sebaka seo a eang ho sona ha a fumanehe.
E re ke u hopotse hore ho lekola lenane u ka sebelisa manane a phihlello a ip le ho bonts'a litaelo tsa manane a phihlello. Re tlameha ho rarolla bothata bo bong hape, bo amanang le router ea R1. Ho etsa sena, ke ea ho CLI ea router ena ebe ke ea ho mokhoa oa tlhophiso ea lefats'e ebe u kenya taelo ea ip access-list standard Secure_Ma_From_Se. Kaha re na le marang-rang a 192.168.1.192/27, mask a eona a subnet e tla ba 255.255.255.224, e bolelang hore mask a ka morao e tla ba 0.0.0.31 'me re hloka ho kenya taelo ea 192.168.1.192 0.0.0.31 ho hana. Kaha sephethephethe se seng kaofela se lumelletsoe, lenane le qetella ka tumello ea taelo efe kapa efe. E le hore u sebelise ACL ho sebopeho se hlahisoang ke router, sebelisa taelo ea ip access-group Secure_Ma_From_Se out.
Hona joale ke tla ea ho terminal line line ea Server0 'me ke leke ho ping Laptop0 ea lefapha la tsamaiso atereseng ea IP 192.168.1.226. Boiteko bo ne bo sa atlehe, empa haeba ke pinged aterese 192.168.1.130, kgokahanyo e ile ea thehoa ntle le mathata, ke hore, re ile ra thibela k'homphieutha ea seva ho buisana le lefapha la tsamaiso, empa re lumella puisano le lisebelisoa tse ling tsohle mafapheng a mang. Kahoo, re atlehile ho rarolla mathata ohle a 4.
Ere ke o bontshe se seng. Re kena litlhophisong tsa router ea R2, moo re nang le mefuta e 2 ea ACL - ea khale le ea kajeno. Ha re re ke batla ho hlophisa ACL 10, Standard IP access list 10, eo ka mokhoa oa eona oa khale e nang le litlhaloso tse peli 10 le 20. Haeba ke sebelisa taelo ea do show run, kea bona hore pele re na le lenane la mehleng ea kajeno la ho fihlella la 4. likenyo tse se nang linomoro tlas'a sehlooho se akaretsang Secure_Ma_And_Se, 'me ka tlase ho na le likenyo tse peli tsa ACL 10 tsa mofuta oa khale tse phetang lebitso la lenane le tšoanang la phihlello 10.
Haeba ke batla ho etsa liphetoho tse ling, tse kang ho tlosa ho hana ho kena 192.168.1.3 le ho hlahisa ho kena bakeng sa sesebelisoa ho netweke e fapaneng, ke hloka ho sebelisa taelo ea ho hlakola bakeng sa ho kena feela: ha ho lethathamo la phihlello 10 hana moamoheli 192.168.1.3 .10. Empa hang ha ke kenya taelo ena, likenyo tsohle tsa ACL XNUMX li nyamela ka ho felletseng. Ke ka lebaka lena pono ea khale ea ACL e leng thata haholo ho e hlophisa. Mokhoa oa sejoale-joale oa ho rekota o bonolo haholo ho o sebelisa, kaha o lumella ho hlophisa mahala.
E le hore u ithute boitsebiso bo thutong ena ea video, ke u eletsa hore u e shebe hape 'me u leke ho rarolla mathata ao ho buisanoang ka 'ona u le mong ntle le litlhahiso. ACL ke sehlooho sa bohlokoa thutong ea CCNA, 'me ba bangata ba ferekanngoa ke, ka mohlala, mokhoa oa ho theha Reverse Wildcard Mask. Kea u tiisetsa, utloisisa feela mohopolo oa phetoho ea mask, 'me tsohle li tla ba bonolo haholo. Hopola hore ntho ea bohlokoa ka ho fetisisa ho utloisisa lihlooho tsa thupelo ea CCNA ke koetliso e sebetsang, hobane ho ikoetlisa feela ho tla u thusa ho utloisisa sena kapa khopolo ea Cisco. Ho ikoetlisa ha se ho kopitsa lihlopha tsa ka, empa ho rarolla mathata ka tsela ea hau. Ipotse lipotso: ke eng e lokelang ho etsoa ho thibela phallo ea sephethephethe ho tloha mona ho ea moo, moo u ka sebelisang maemo, joalo-joalo, 'me u leke ho a araba.
Kea leboha ka ho lula le rona. Na u rata lingoliloeng tsa rona? U batla ho bona litaba tse ling tse khahlisang? Re tšehetse ka ho etsa odara kapa ho khothaletsa metsoalle, Theolelo ea 30% bakeng sa basebelisi ba Habr ho analog e ikhethang ea li-server tsa boemo ba ho kena, e iqapetsoeng ke rona bakeng sa hau: (e fumaneha ka RAID1 le RAID10, ho fihla ho li-cores tse 24 le ho fihla ho 40GB DDR4).
Dell R730xd makhetlo a 2 ka theko e tlase? Ke mona feela naheng ea Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - ho tloha $99! Bala ka
Source: www.habr.com