Good day!
Today, in a difficult epidemiological situation, the system of higher education and science is undergoing a transformation. A hybrid educational space is being formed, which allows to harmoniously combine the formats of distance and full-time education. The specifics of the work of most IT specialists allows you to easily switch to a remote format. However, not every person manages to maintain productivity and a positive attitude over the long haul. In order to diversify the process of teaching students, it was decided to record video consilia - small overview and applied lectures in the form of a discussion with leading experts in a specific subject area.
Key topics of discussion are devoted to information and communication technologies: from system and network administration to cybersecurity and programming. We will not bypass the legal aspects of working in IT, establishing a business in our industry and attracting investments (including grants and subsidies). In addition, we will consider the material on the system of higher education and science, including the possibility of free education abroad.
So, we decided to devote one of the first consultations to the topic "Basic configuration of managed network equipment" and invited one of the world's leading leaders and manufacturers of enterprise-class network solutions, as well as professional telecommunications equipment - D-Link .
Imagine that we are faced with the task of basic configuration of managed network equipment (from a switch and a router to an integrated firewall). It is worth noting that each device operates at certain levels of the TCP / IP protocol stack and performs the corresponding functionality. We will consider the sequence of configuration from switches, gradually moving to more complex functions and technologies that are inherent in routers and firewalls. In doing so, the basic steps and guidelines will remain useful.
Managed network devices can be configured using the following tools and technologies:
- locally : for example, via the console port (RS-232);
- remotely using the following protocols:
- Telnet (. Teletype Network) โ ;
- SSH (. Secure Shell โ ยซ ยป) โ , TCP-;
- HTTP (. HyperText Transfer Protocol) โ , -. Web-;
- HTTPS (. HyperText Transfer Protocol Secure) โ HTTP, . Web-;
- .
:
- , . , ;
- (, Telnet). ;
- HTTPS HTTP , , . SSL (. Secure Sockets Layer) TLS (. Transport Layer Security). SSL ( ). , (, SSH VPN). - โ ;
- โ 25 , , . , Keepass. , ( );
- ( );
- NTP (. Network Time Protocol โ ) โ . ;
- , 30% . Rsyslog;
- . : SNMP (. Simple Network Management Protocol โ ) โ - IP- TCP/UDP. , : , . , , , .. ;
- SMTP (. Simple Mail Transfer Protocol - ) โ , TCP/IP. ;
- Port Security. ยซยป MAC- . .
. ( ) . , IEEE 802.1D. .
/ (. FDB). . MAC- , , , . .
, - , . :
I. , . , , ;
II. , , . ;
III. , . , ;
, . - IP-Binding ( IP-MAC-Binding). IP MAC-, โ ;
- ACL (. Access Control List) โ , . MAC, IP- ;
- ;
- . VLAN (. Virtual Local Area Network);
- / (. Spanning Tree Protocol, STP, RSTP, MSTP). ( ). : . ;
- โ . . . โ ;
- . IP-;
- ARP-. . ARP- MAC-, . ARP-, IP- MAC-. , , IP-, , , , . MAC- , , , ยซยป MAC-, , . : , . ARP (. Address Resolution Protocol, ) MAC- IP-. ARP-, IP- MAC- . ARP- Ethernet, . ARP-;
- DHCP (. Dynamic Host Configuration Protocol, ) . DHCP IP- . . ;
- ;
- RADIUS- โ , : ;
- . DMZ โ , . DMZ โ , : DMZ;
- NAT ( ). Destination NAT (DNAT) . SNAT (. Source Network Address Translation) , . ยซ/ยป , ยซ/ยป IP-.
- we will establish secure virtual communication channels between the subjects of interaction (for example, using IPsec or OpenVPN technology).
- ...
Of course, other equally interesting technologies were left without attention, but not all at once.
You can learn more about the topic in the video consilium .
I hope the material was interesting and useful. If students and the Habr community like this format, then we will try to continue to record interesting consultations.