Похожие презентации:
Tarmoqni himoyalash protokollari SCP, SNMP ni sozlash va log fayllarni tadqiq etish
1.
O’ZBEKISTON RESPUBLIKASIAXBOROT TEXNOLOGIYALARI VAKOMMUNIKATSIYALARINI RIVOJLANTIRISH VAZIRLIGI
MUHAMMAD AL-XORAZMIY NOMIDAGI TOSHKENT AXBOROT
TEXNOLOGIYALARI UNIVERSITETI QARSHI FILIALI
“KOMPYUTER INJINIRING” FAKULTETI IV-BOSQICH
11-19 GURUH TALABASINING “Tarmoq xavfsizligi”
fanidan
MUSTAQIL ISH
Bajardi: N. Muhammadov
Qabul qildi: Bekkamov F. A.
QARSHI - 2022
2.
Mavzu: Tarmoqni himoyalash protokollari SCP, SNMP ni sozlash va logfayllarni tadqiq etish.
1-topshiriq bo'yicha laboratoriya ishini bajarish tartibi
1-topshiriqm bajarish bo‘yicha tarmoq topologiyasi quyidagi ko‘rinishga ega
bo‘ladi (1-rasm).
9.1-rasm. SNMP protokoli asosida tarmoq monitoringini amalga oshirish uchun
topologiya
R1 va R2 routerlarda SNMP ni yoqish uchun quyidagi buyruqlar kiritiladi.
R1 router uchun:
Router>en Router#conf t
Router(config)#hostname R1
R1(config)#snmp-server community public ro
R1(config)#snmp-server community private rw
R1(config)#interface Gig0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#exit
R2 router uchun:
3.
Router>en Router#conf tRouter(config)#hostname R2
R2(config)#snmp-server community public ro
R2(config)#snmp-server community private rw
R1(config)#interface Gig0/0
R1(config-if)#ip address 192.168.1.2 255.255.255.0
R1(config-if)#no shutdown
R2(config)#exit
PCga ip address berish.
MIB browser yordamida PC dan R1 routerga kirish jarayoni 2-rasmda
tasvirlangan.
4.
Read Communityga public deb yozamiz.Write Communityga private deb yozamiz.
Keyin SNMP v3 tanlab qoyamiz.
Shundan so’ng OK ni bosamiz.
5.
9.2-rasm. MIR browser yordamida R1 ga kirish MIRbrowser yordamida R1 routemi nomini (hostname) ko‘rish jarayoni 3rasmda tasvirlangan.
Bu holatdan biz .sysName degan joyga bosib keyin esa GO tugasini bosamiz.
6.
9.3-rasm. MIR browser yordamida R1 ni hostnameini ko‘rish.MIR browser yordamida R1 routerning interfeyslarini ko‘rish jarayoni 4-rasmda
tasvirlangan. Ru bizga routerning R1#show ip interface brief komandasi
7.
bergan ma‘lumotlarni bera oladi.Bu holatda .ifDescr degan joyni bosib, keyin GO tugmasini bosamiz.
9.4-rasm. MTB browser yordamida R1 routerni interfeyslarini
ko‘rish MTB browser yordamida R1 routerning interfeys turlarini ko‘rish
jarayoni 5-rasmda tasvirlangan.
8.
Bu holatda .ifType degan joyni bosib, keyin GO tugmasini bosamiz.® PCO
Physical Config Desktop Programming Attributes
Address:
OID:
192.168.1.2
Advanced...
.1.3.6.1.2.12.2.1.3
Operations:
SNMP MIBs
A
Get
GO
Result Table
v mgmt v
mib-2
> .system v
.interfaces
.ifNumber
v .ifTable v
.ifEntry
.iflndex
.ifDescr
.ifType
.iflVItu
.ifSpeed
.ifPhys Address
.ifAdminStatus
.ifOperStatus
>
-ip
□ Top
>
>
>
>
.ospf
> .rip2
> .private
router_advip MIBs
switch_L2 MIBs
switchjnultiLayer MIBs_
Name :
.ifType
OID:
.13.6.1.2.1.2.2.1.3
Syntax:
Access :
Description :
9.
9.5-rasm. MIB browser yordamida R1 routerni interfeys turlarini ko‘rishMIB browser yordamida R1 routerning marshrutizatsiya jadvalini ko‘rish
10.
jarayoni 6-rasmda tasvirlangan.Bu holatda .ipRouteDest degan joyni bosib, keyin GO tugmasini bosamiz.
f PC
Physical
Con fig
Address:
Desktop Programmng Attributes
192.168.1.2
Advanced...
OID:
.1.3.6.1.2.1.4.21.1.1
Operations:
Get
GO
Resdt Table
SNMP MIBs
Value
Name/OID
^ MIB Tree
v router_std MIBs v
.iso v ,orgi v .dad
v .ntemet v
.mgmt v .mib-2
> .system
> .interfaces
1.3.6.1.2.1.4.21.
1.3.6.1.2. L4.21.L.
L.
Type
! 192.168.1.0
Ip AC dr ess
192.168.1.2
IpAddress
v .ip
v .pRouteTable v
.ipRouteEntry
.ipRouteDest
.ipRoutelflndex
.ipRouteMetncl
.ipRouteMetric2
.ipRouteMetric3
.ipRouteMetnc4
.ipRouteNextHop
HInilbAiiB_
Name:
.©RouteDest
OID:
. 1.3.6. L2.1.4.21.1.1
Syntax:
_|
□ Top
9.6-rasm. MIB browser yordamida R1 routerni marshrutizatsiya jadvalini ko‘rish
MIB browser yordamida R1 routerning nomini (hostname) o‘zgartirish jarayoni
9.7-rasmda tasvirlangan.
11.
Bu holatda .sysName degan joyni bosib, keyin GO tugmasini bosamiz.Keyin esa Get tugmasini bosib
® PCD
SET tugamasini tanlaymiz.
12.
Keyin bu holat sodir bo’ladi. Bu yerda biz BITS tugasini bosib OctetStringnitanlaymiz.
Keyin esa Valuega Kiritmoqchi bo’lgan ismni kiritamiz. Va OK bosamiz.
13.
14.
Keyin esa GO ni bosak o’zgaradi.9.7-rasm. MIR browser yordamida R1 routerning nomini (hostname) o‘zgartirish
2-topshiriq:
1-rasmda ko'rsatilgan topologiya bo'yicha SYSLOG servemi sozlang.
RouterQ va Router1 routerlari log fayllarni SYSLOG serverga yozib qo‘yishi
15.
uchun tegishli konfiguratsiyalami o‘mating2 - topshiriq bo'yicha laboratoriya ishini bajarish
tartibi
Quyidagi topologiya bo‘yicha tarmoq quramiz (8-rasm):
9.8-rasm. SYSLOG server o‘rnatilgan tarmoq topologiyasi
RouterO (R1) va Routerl (R2) da SYSLOG serverga loglarni yozib
qo‘yishni konfiguratsiya qilamiz va loglash darajasini ko‘rsatamiz:
Router-1 uchun:
R1(config)#logging host 200.200.200.11
R1(config)#logging trap debugging
R1(config)#interface G0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface G0/1
R1(config-if)#ip address 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
Router-2 uchun:
16.
R2(config)#logging host 200.200.200.11R2(config)#logging trap debugging
R1(config)#interface G0/0
R1(config-if)#ip address 200.200.200.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface G0/1
R1(config-if)#ip address 12.12.12.2 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
1-PCga IP address berish.
17.
2 - PCga IP address berish.18.
Serverga IP address berishRouterlami ayrim intefeyslarini o‘chirib/yoqib, so‘ng SYSLOG serverdagi
log yozuvlarni tekshiramiz (9-rasm):
Router-lga kirib turib:
Router>en Router#conf t
Router(config)#interface GigabitEthernet0/1 Router(config-if)#shutdwon
Shu commaddani kiritiksak
19.
Packet Tracer - D:\UnivefsiteTi\5 - kurs 2 - semesti\Tarmoq xavfsizligi\LA8\<sh\9.pkt
296024TT
Switch 0
Phys*c»! ConSj CU
121212 0
2|50-2*TT
Router>en
Routerfconf t
Enter configuration commando, one per
with CNTL/Z.
Router(config)#int gO/1 Router(configif)#shut
line
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernetO/1,
changed state to administratively down
%LINEPROTO-5-UPDOWNs Line protocol on Interface
GigabitEthernetO/1, changed 3tate to down
CU1+F6I
. I fop
Realtime A Simulation
PS F® PS FS PS Ft Ft PS PS Ft ^ Ft Z? '| □
a
Keyin esa Serverga kirib turib Syslog ko’rsak yozib olgan bo’ladi.