Tarmoq xavfsizligi
Yüklə 305,53 Kb.
|
- Bu səhifədəki naviqasiya:
- Switch 2 sozlash
- Router ni sozlash
| Ishni bajarish tartibi
Serverlarni vlan 50 ga biriktiramiz. Switch 1 ni sozlash Switch>enable Switch#conf t Switch(config)#hostname Sw1 Sw1 (config)#vlan 50 Sw1 (config-vlan)#exit Sw1 (config)#interface range fastEthernet 0/1-4 Sw1 (config-if-range)#switchport mode access Sw1 (config-if-range)#switchport access vlan 50 Sw1 (config-if-range)#exit Sw1 (config)#int fa0/5 Sw1 (config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 50 Switch(config-if)#exit Switch 2 sozlash Switch>en Switch#conf t Switch(config)#hostname Sw2 Sw2 (config)#vlan 10 Sw2 (config-vlan)#vlan 20 Sw2(config-vlan)#vlan 30 Sw2(config-vlan)#vlan 40 Sw2 (config-vlan)#vlan 50 Sw2 (config-vlan)#exit Sw2(config)# interface fastEthernet 0/1 Sw2(config-if)#switchport mode trunk Sw2(config-if)#switchport trunk allowed vlan 50 Sw2(config-if)#exit Sw2(config)# interface fastEthernet 0/3 Sw2(config-if)#switchport mode access Sw2(config-if)#switchport access vlan 10 Sw2(config-if)#exit Sw2(config)#interface fastEthernet 0/4 Sw2(config-if)#switchport mode access Sw2(config-if)#switchport access vlan 20 Sw2(config-if)#exit Sw2(config)# interface fastEthernet 0/5 Sw2(config-if)#switchport mode access Sw2(config-if)#switchport access vlan 30 Sw2(config-if)#exit Sw2(config)# interface fastEthernet 0/6 Sw2(config-if)#switchport mode access Sw2(config-if)#switchport access vlan 40 Sw2(config-if)#exit Sw2(config)# interface fastEthernet 0/2 Sw2(config-if)#switchport mode trunk Sw2(config-if)#switchport trunk allowed vlan 10,20,30,40,50 Sw2(config-if)#exit Router ni sozlash Router>en Router#configure terminal Router(config)#int fa 0/0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#int fa 0/0.10 Router(config-subif)#encapsulation dot1Q 10 Router(config-subif)#ip address 192.168.1.1 255.255.255.0 Router(config-subif)#exit Router(config)#int fa 0/0.20 Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip address 192.168.2.1 255.255.255.0 Router(config-subif)#exit Router(config)#int fa 0/0.30 Router(config-subif)#encapsulation dot1Q 30 Router(config-subif)#ip address 192.168.3.1 255.255.255.0 Router(config-subif)#exit Router(config)#int fa 0/0.40 Router(config-subif)#encapsulation dot1Q 40 Router(config-subif)#ip address 192.168.4.1 255.255.255.0 Router(config-subif)#exit Router(config)#int fa 0/0.50 Router(config-subif)#encapsulation dot1Q 50 Router(config-subif)#ip address 192.168.5.1 255.255.255.0 Router(config-subif)#exit Routerga quyidagi komanda yoziladi: Router(config)# Router(config)#ip access-list extended TEST Router(config-ext-nacl)#permit icmp any any Router(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 host 192.168.5.2 eq 80 Router(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 host 192.168.5.3 eq 80 Router(config-ext-nacl)#permit tcp 192.168.3.0 0.0.0.255 host 192.168.5.4 eq 20 Router(config-ext-nacl)#permit tcp 192.168.3.0 0.0.0.255 host 192.168.5.4 eq 21 Router(config-ext-nacl)#permit tcp 192.168.4.0 0.0.0.255 host 192.168.5.5 eq 80 Router(config-ext-nacl)#exit Router(config)#int fastEthernet 0/0.50 Router(config-subif)#ip access-group TEST out Router(config-subif)#exit Yüklə 305,53 Kb. Dostları ilə paylaş:
|