Oʻzbеkiston rеspublikasi axborot tеxnologiyalari va kommunikatsiyalarini rivojlantirish vazirligi
Yüklə 5,01 Kb. Pdf görüntüsü
|
| Amaliy qism
Barcha komp’yuterlardan serverlarga ping oʻtsin lekin: 1. 192.168.1.0 tarmoqdagi komp’yuterlar daryo.uz saytiga kirishga ruxsat berilsin, boshqa serverlarga kirish cheklansin; 2. 192.168.2.0 tarmoqdagi kompyuterlar soft.uz saytiga kirishga ruxsat berilsin, boshqa serverlarga kirish cheklansin; 3. 192.168.3.0 tarmoqdagi komp’yuterlar mail.ru saytiga kirishga ruxsat berilsin, boshqa serverlarga kirish cheklansin; 4. 192.168.3.0 tarmoqdagi komp’yuterlar ftp ga kirishga ruxsat berilsin, boshqa serverlarga kirish cheklangan boʻlishi kerak. Yuqoridagi shartlarni bajarish uchun Assess list ning kengaytirilgan ACL dan foydalanamiz. Ishni bajarish tartibi 94 Serverlarni vlan 50 ga biriktiramiz. Komutator 1ni sozlash Switch>enable Switch#conft Switch(config)#hostname Sw1 Sw1 (config)#vlan 50 Sw1 (config-vlan)#exit Sw1 (config)#interface range fastEthernet 0/1-4 Sw1 (config-if-range)#switchport mode access Sw1 (config-if-range)#switchport access vlan 50 Sw1 (config-if-range)#exit Sw1 (config)#int fa0/5 Sw1 (config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 50 Switch(config-if)#exit Komutator 2ni sozlash Switch>en Switch#conf t Switch(config)#hostname Sw2 Sw2 (config)#vlan 10 Sw2 (config-vlan)#vlan 20 Sw2(config-vlan)#vlan 30 Sw2(config-vlan)#vlan 40 Sw2 (config-vlan)#vlan 50 Sw2 (config-vlan)#exit Sw2(config)# interface fastEthernet 0/1 Sw2(config-if)#switchport mode trunk Sw2(config-if)#switchport trunk allowed vlan 50 Sw2(config-if)#exit Sw2(config)# interface fastEthernet 0/3 Sw2(config-if)#switchport mode access Sw2(config-if)#switchport access vlan 10 Sw2(config-if)#exit Sw2(config)#interface fastEthernet 0/4 Sw2(config-if)#switchport mode access Sw2(config-if)#switchport access vlan 20 Sw2(config-if)#exit Sw2(config)# interface fastEthernet 0/5 95 Sw2(config-if)#switchport mode access Sw2(config-if)#switchport access vlan 30 Sw2(config-if)#exit Sw2(config)# interface fastEthernet 0/6 Sw2(config-if)#switchport mode access Sw2(config-if)#switchport access vlan 40 Sw2(config-if)#exit Sw2(config)# interface fastEthernet 0/2 Sw2(config-if)#switchport mode trunk Sw2(config-if)#switchport trunk allowed vlan 10,20,30,40,50 Sw2(config-if)#exit Marshrutizatorni sozlash Router>en Router#configure terminal Router(config)#intfa 0/0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#intfa 0/0.10 Router(config-subif)#encapsulation dot1Q 10 Router(config-subif)#ip address 192.168.1.1 255.255.255.0 Router(config-subif)#exit Router(config)#intfa 0/0.20 Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip address 192.168.2.1 255.255.255.0 Router(config-subif)#exit Router(config)#intfa 0/0.30 Router(config-subif)#encapsulation dot1Q 30 Router(config-subif)#ip address 192.168.3.1 255.255.255.0 Router(config-subif)#exit Router(config)#intfa 0/0.40 Router(config-subif)#encapsulation dot1Q 40 Router(config-subif)#ip address 192.168.4.1 255.255.255.0 Router(config-subif)#exit Router(config)#intfa 0/0.50 Router(config-subif)#encapsulation dot1Q 50 Router(config-subif)#ip address 192.168.5.1 255.255.255.0 Router(config-subif)#exit Marshrutizatorni quyidagi buyruqlar yoziladi: 96 Router(config)# Router(config)#ip access-list extended TEST Router(config-ext-nacl)#permit icmp any any Router(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 host 192.168.5.2 eq 80 Router(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 host 192.168.5.3 eq 80 Router(config-ext-nacl)#permit tcp 192.168.3.0 0.0.0.255 host 192.168.5.4 eq 20 Router(config-ext-nacl)#permit tcp 192.168.3.0 0.0.0.255 host 192.168.5.4 eq 21 Router(config-ext-nacl)#permit tcp 192.168.4.0 0.0.0.255 host 192.168.5.5 eq 80 Router(config-ext-nacl)#exit Router(config)#intfastEthernet 0/0.50 Router(config-subif)#ip access-group TEST out Router(config-subif )#exit 7.6-rasm Topologiyani testlash natijalari Yüklə 5,01 Kb. Dostları ilə paylaş:
|