Umbutho we-WorldSkills ujolise ekunikeni abathabathi-nxaxheba izakhono zobuchule ezifunekayo kwimakethi yanamhlanje yezabasebenzi. Ubuchule be "Network and System Administration" bubandakanya iimodyuli ezintathu: Inethiwekhi, iWindows, iLinux. Imisebenzi iyatshintsha ukusuka kubuntshatsheli ukuya kubuntshatsheli, iimeko zokhuphiswano ziyatshintsha, kodwa ubume bemisebenzi ubukhulu becala buhlala bunjalo.
ISiqithi seNethiwekhi iya kuba yeyokuqala ngenxa yokulula kwayo malunga neLinux kunye neziqithi zeWindows.
Inqaku liza kubandakanya le misebenzi ilandelayo:
- Seta amagama ZONKE izixhobo ngokwetopology
- Yabela igama lesizinda wsrvuz19.ru kuzo ZONKE izixhobo
- Yenza umsebenzisi wsrvuz19 kuzo ZONKE izixhobo nge password cisco
- Igama eliyimfihlo lomsebenzisi kufuneka ligcinwe kuqwalaselo njengesiphumo somsebenzi we-hash.
- Umsebenzisi kufuneka abe nenqanaba eliphezulu lamalungelo.
- Kuzo ZONKE izixhobo, sebenzisa imodeli ye-AAA.
- Ungqinisiso kwi-remote console kufuneka yenziwe ngokusebenzisa isiseko sedatha sasekhaya (ngaphandle kwezixhobo ze-RTR1 kunye ne-RTR2)
- Emva kokuqinisekiswa okuyimpumelelo, xa ungena kwi-console ekude, umsebenzisi kufuneka angenise ngokukhawuleza imo kunye nenqanaba eliphezulu lamalungelo.
- Qwalasela imfuno yoqinisekiso kwikhonsoli yendawo.
- Uqinisekiso oluyimpumelelo kwikhonsoli yendawo kufuneka ibeke umsebenzisi kwindlela enamalungelo amancinci.
- Kwi-BR1, phezu koqinisekiso oluyimpumelelo kwikhonsoli yasekuhlaleni, umsebenzisi kufuneka abekwimowudi enowona mgangatho wamalungelo
- Kuzo ZONKE izixhobo, seta igama lokugqitha le-wsr ukuze ungenise imo yamalungelo.
- Igama lokugqitha kufuneka ligcinwe kuqwalaselo HAYI njengesiphumo somsebenzi wehash.
- Qwalasela imo apho onke amagama agqithisiweyo kuqwalaselo agcinwa kwifom entsonkothileyo.
I-topology yenethiwekhi kumaleko obonakalayo iboniswe kulo mzobo ulandelayo:
1. Seta amagama ZONKE izixhobo ngokwetopology
Ukuseta igama lesixhobo (igama lenginginya) kufuneka ufake umyalelo osuka kwimowudi yoqwalaselo yehlabathi hostname SW1, phi endaweni yoko SW1 Kufuneka ubhale igama lesixhobo esinikwe kwimisebenzi.
Ungajonga useto ngokubonakalayo - endaweni yokusetwa kwangaphambili iswitshi yaba SW1:
Switch(config)# hostname SW1
SW1(config)#
Umsebenzi oyintloko emva kokwenza naluphi na useto kukugcina uqwalaselo.
Oku kunokwenziwa ukusuka kwimowudi yoqwalaselo yehlabathi ngomyalelo do write:
SW1(config)# do write
Building configuration...
Compressed configuration from 2142 bytes to 1161 bytes[OK]
Okanye ukusuka kwimo enelungelo ngomyalelo write:
SW1# write
Building configuration...
Compressed configuration from 2142 bytes to 1161 bytes[OK]
2. Yabela igama lesizinda wsrvuz19.ru kuzo ZONKE izixhobo
Ungaseta igama lesizinda elimiselweyo wsrvuz19.ru ukusuka kwimowudi yoqwalaselo yehlabathi ngomyalelo ip domain-name wsrvuz19.ru.
Ukukhangela kuqhutywa ngomyalelo osisishwankathelo senginginya kwimo yoqwalaselo yehlabathi:
SW1(config)# ip domain-name wsrvuz19.ru
SW1(config)# do show hosts summary
Name lookup view: Global
Default domain is wsrvuz19.ru
...
3. Yenza umsebenzisi wsrvuz19 kuzo ZONKE izixhobo nge password cisco
Kuyimfuneko ukudala umsebenzisi ukuze abe nenqanaba eliphezulu lamalungelo, kwaye igama eliyimfihlo ligcinwe njengomsebenzi we-hash. Yonke le miqathango ithathelwa ingqalelo liqela username wsrvuz19 privilege 15 secret cisco.
Apha:
username wsrvuz19 -Igama lomsebenzisi;
privilege 15 - inqanaba lamalungelo (0 - inqanaba elincinci, i-15 - inqanaba eliphezulu);
secret cisco β ukugcina igama eliyimfihlo njengomsebenzi we-MD5 hash.
bonisa umyalelo running-config ikuvumela ukuba ukhangele izicwangciso zoqwalaselo lwangoku, apho ungafumana khona umgca kunye nomsebenzisi owongeziweyo kwaye uqinisekise ukuba igama eligqithisiweyo ligcinwe kwifom efihliweyo:
SW1(config)# username wsrvuz19 privilege 15 secret cisco
SW1(config)# do show running-config
...
username wsrvuz19 privilege 15 secret 5 $1$EFRK$RNvRqTPt5wbB9sCjlBaf4.
...
4. Sebenzisa imodeli ye-AAA kuzo ZONKE izixhobo
Imodeli ye-AAA yinkqubo yokuqinisekisa, ukugunyazwa kunye nokurekhoda umcimbi. Ukugqibezela lo msebenzi, inyathelo lokuqala kukuvumela imodeli ye-AAA kwaye ucacise ukuba ukuqinisekiswa kuya kwenziwa kusetyenziswa isiseko sedatha yendawo:
SW1(config)# aaa new-model
SW1(config)# aaa authentication login default local
a. Ungqinisiso kwi-console ekude kufuneka yenziwe kusetyenziswa uvimba weenkcukacha wasekhaya (ngaphandle kwezixhobo ze-RTR1 kunye ne-RTR2)
Imisebenzi ichaza iindidi ezimbini zeekhonsoli: zasekhaya kunye nezikude. I-console ekude ikuvumela ukuba usebenzise uxhulumaniso olukude, umzekelo, nge-SSH okanye i-Telnet protocol.
Ukugqiba lo msebenzi kufuneka ufake le miyalelo ilandelayo:
SW1(config)# line vty 0 4
SW1(config-line)# login authentication default
SW1(config-line)# exit
SW1(config)#
iqela line vty 0 4 Utshintsho lwenziwa ukuseta imigca yetheminali enenyani ukusuka ku-0 ukuya ku-4.
Iqela login authentication default yenza indlela yoqinisekiso olungagqibekanga kwiconsole enenyani, kwaye indlela engagqibekanga yamiselwa kumsebenzi wangaphambili ngomyalelo aaa authentication login default local.
Ukuphuma kwimowudi yokuseta i-remote console kwenziwa ngokusebenzisa umyalelo exit.
Uvavanyo oluthembekileyo luya kuba ludibaniso lovavanyo ngeTelnet ukusuka kwesinye isixhobo ukuya kwesinye. Kuyafaneleka ukuqwalasela oku, ukutshintsha okusisiseko kunye nedilesi ye-IP kufuneka iqwalaselwe kwizixhobo ezikhethiweyo.
SW3#telnet 2001:100::10
User Access Verification
Username: wsrvuz19
Password:
SW1>
b. Emva koqinisekiso oluyimpumelelo, xa ungena kwi-console ekude, umsebenzisi kufuneka ngoko nangoko angenise imo enomgangatho ophezulu wamalungelo.
Ukusombulula le ngxaki, kufuneka ubuyele umva ukucwangcisa imigca yesiphelo sendlela kwaye usete inqanaba lelungelo ngomyalelo. privilege level 15, apho i-15 kwakhona inqanaba eliphezulu, kwaye i-0 lelona nqanaba lincinci lamalungelo:
SW1(config)# line vty 0 4
SW1(config-line)# privilege level 15
SW1(config-line)# exit
SW1(config)#
Uvavanyo luya kuba sisisombululo ukusuka kumhlathi wangaphambili - uqhagamshelo olukude ngeTelnet:
SW3#telnet 2001:100::10
User Access Verification
Username: wsrvuz19
Password:
SW1#
Emva kokuqinisekiswa, umsebenzisi ungena ngokukhawuleza kwimodi enelungelo, edlula imodi engafanelekanga, oku kuthetha ukuba umsebenzi ugqitywe ngokuchanekileyo.
cd. Qwalasela imfuno kwi console yendawo kwaye phezu koqinisekiso oluyimpumelelo umsebenzisi kufuneka angenise indlela enobuncinci bomgangatho wamalungelo
Ulwakhiwo lwemiyalelo kule misebenzi lungqamana nemisebenzi esonjululwe ngaphambili 4.a kunye no-4.b. Iqela line vty 0 4 ithathe indawo ye console 0:
SW1(config)# line console 0
SW1(config-line)# login authentication default
SW1(config-line)# privilege level 0
SW1(config-line)# exit
SW1(config)#
Njengoko sele kukhankanyiwe, inqanaba lelungelo eliphantsi limiselwa linani 0. Itshekhi inokwenziwa ngolu hlobo lulandelayo:
SW1# exit
User Access Verification
Username: wsrvuz19
Password:
SW1>
Emva kokuqinisekiswa, umsebenzisi ungena kwimodi engafanelekanga, njengoko kuchaziwe kwimisebenzi.
e. Kwi-BR1, phezu koqinisekiso oluyimpumelelo kwikhonsoli yasekuhlaleni, umsebenzisi kufuneka abekwimowudi enowona mgangatho wamalungelo
Ukuseta ikhonsoli yendawo kwi-BR1 kuya kujongeka ngolu hlobo:
BR1(config)# line console 0
BR1(config-line)# login authentication default
BR1(config-line)# privilege level 15
BR1(config-line)# exit
BR1(config)#
Itshekhi iqhutywa ngendlela efanayo kumhlathi odlulileyo:
BR1# exit
User Access Verification
Username: wsrvuz19
Password:
BR1#
Emva kokuqinisekiswa, inguqu kwimo yelungelo lenzeka.
5. Kuzo ZONKE izixhobo, seta igama lokugqitha le-wsr ukuze ufake imowudi yamalungelo
Imisebenzi ithi igama eligqithisiweyo lemo yelungelo kufuneka ligcinwe kumbhalo ocacileyo njengomgangatho, kodwa imowudi yofihlo kuwo onke amagama agqithisiweyo ayiyi kukuvumela ukuba ujonge igama eligqithisiweyo kumbhalo ocacileyo. Ukuseta igama lokugqitha ukuze ufake imowudi eyodwa, sebenzisa umyalelo enable password wsr. Ukusebenzisa igama elingundoqo password, imisela uhlobo apho igama lokugqitha liza kugcinwa khona. Ukuba igama eliyimfihlo kufuneka libhalwe ngokuntsonkothileyo xa usenza umsebenzisi, ke igama elingundoqo ibiligama secret, kwaye isetyenziselwa ukugcinwa okuvulekileyo password.
Ungajonga useto ngokujonga uqwalaselo lwangoku:
SW1(config)# enable password wsr
SW1(config)# do show running-config
...
enable password wsr
!
username wsrvuz19 privilege 15 secret 5 $1$5I66$TB48YmLoCk9be4jSAH85O0
...
Ingabonwa ukuba igama eligqithisiweyo lomsebenzisi ligcinwe kwifom efihliweyo, kwaye igama eliyimfihlo lokungena kwimodi enelungelo ligcinwe kwisicatshulwa esicacileyo, njengoko kuchazwe kwimisebenzi.
Ukuqinisekisa ukuba onke amagama ayimfihlo agcinwa efihliwe, sebenzisa umyalelo service password-encryption. Ukujonga uqwalaselo lwangoku ngoku kuya kujongeka ngolu hlobo:
SW1(config)# do show running-config
...
enable password 7 03134819
!
username wsrvuz19 privilege 15 secret 5 $1$5I66$TB48YmLoCk9be4jSAH85O0
...
Igama lokugqithisa alisabonakali kumbhalo ocacileyo.
umthombo: www.habr.com