210 260.
.
.
.249 + A DM
+ 20
03
N b : 210 260 Pa Sc : 860 T L : 110 F V : 3.2 03 AUGUST 2017 S + +B +
c : 210 260. a c c . ad' b : :// c c.c :// . c .c /cc a
C a
. a .179Q & 31 + 14 &a. c /52/H/ US Ub a YY c 210 260/ a cc a c
c 2/
:
1.1
+ Q149: c a
d
a
a d A. a
c
ca
1.2
+ Q6/31 +
14 :
a a
1.3
+ Q125:
a a
1.4
+ Q41: c a
da
a d
a a
1.5
+ Q154: c
c da
B ad' a
1.6
+R da dc + Q160: add d a
c d
B ad' A
c I
a a
1.7
+ Q6/B
d a
7 :
d d
a d add d T
' c
c
1.8
+ Q79: c a
da
a d
a a
1.9
+ Q47: add d
a a
1.10
+ Add d 2 + Q6/31 + + Q22/31 +
14 : add d 14 : add d a c
"
" ,
ISAKMP
2.0
+M
da
2.1
+R a d + Q200: c a + Q206: I c
da d
M 206, acc d a c d d a b A. MAC
' '
dbac
2.2
+ Q191:
a
d
c
c a
acc d
aa
OCG
2.3
+ Add d 5
(
aa
)
db
a
2.4
+U J a d K + C a d a D a &D 2.5
+ Add d 2.6
+ Add d 3 2.7
+ Add d 2.8
c .c add d HIPS a d NIPS
a d d aab
.c
2017
+ Add d +R a a
ab d
U
E c acc d
d @
3.0
+ Add d
ab
a
3.1
+ Add d 17 3.2
+ d d Q14 + add d 3
20
c
210 260 I
C c N
b Sa aB a a
S c
a
a
(
)
c
.c
a d add d
249 + E
IM I
1
W c A. B. C. D.
c
I a Pa S c C
E. T
d
c a aS a aS c a aS c a aS c
a c a aS
C
c
d
? (C
.)
c
c
: AB
A :(
)
E E
/
:
NIST' d
c
BD T +S
a c a , ca
+ a
c c c ,a d a c c d a ca a d ,
I
c : E
A. B. C. D. E. C
c
://
I
.
2
d a.
a
a
B ad
c
: AB )
/
/C
d
a
:[2]
c b a d a ), a c d b c
:
d d c a da ca
ba d
c
c
d a
,
a #S
a a
c _
d
? (C
acc
.)
d ca
c
, d
d a ca c a ac . T c a , c c c
a
a d d
d , ba c d
, d
.
c ab d a d c d a a , a , da d d ( . ., a ).
c .T
c
d_c
d c a a d ac ROMMON acc a ca dc c ad a acc a a d
a a
A :(
/ d
E E
(IaaS). T ca ab da a c c d a a c b a c dc c
,a d a , c ca d c d ;a d b
ab a c a ca S
c
(PaaS). T ca ab d d c d c a d ac da ca c a d a db dT . c d a a c , , a , a ,b a c b c a a ca
+I a
d
a aS c (SaaS). T ca ab d d ac d a c T. a ca a acc ac , c a a bb ( . ., b ba a a c d c d a c d d a a ca ca ab , c a .
d a
dc
,
C A
d
c : 90% :Aa dB
BD OOB a a a a
S
c : E
I
d d a E a a a d da ac c ://
I
.c c .c
ad a a d acc db c c d c d c d d ca d OOB a a a ca a d c . T OOB a a d d ca d a d a ba d VLAN a .
/c/
/
a
/ d/d c /
/E
/S c
a
d
TACACS
c
d
ca b
/SAFE_RG/SAFE_ /c a 9.
RADIUS? (C
TACACS TCP c ca NAS. TACACS ca c ac a NAS. TACACS c a da a . TACACS a ca a da a , ca TACACS UDP c ca NAS. TACACS c a d d a a ca ac
C
d d ca d
3
c
A. B. C. D. E. F.
c
.)
ac
b
a
d.
.
: ABC
A :(
)
E E
/
:
BD S
c :C c O ca C E
I
Acc d ab A. B. C. D. E. F.
ca
G d , Tab
3 2 TACACS+ V
RADIUS, .40
4
C c b d BYOD d
ac c
,
c
c
c aa d c
a dc d
d c
d a
ACL a ? (C
a acc .)
BOOTP TFTP DNS MAB HTTP 802.1
C
: ABC
A :(
)
E E
/
:
BD ACL a d c ACL DEFAULT A
a
E
d d IP acc
a d ca . T ACL c a
ad a
ACL
c d d acc a ca
ACL DEFAULT
c
c
acc
a
d
a acc
c a d
a
da ad a
. acc
a
c
b
:
c ACL
d .I
10 20 30 40 50 d
d a b ca d a 10.230.1.45 c a a d a a a a (40 a c )
A
ab
(2604
ac
, ACL DEFAULT a
)
DHC , D
, ICMP, a d F
a ca dd
. S c : :// .c c .c /c/ / / d/d c / BYOD_D _G d /BYOD_W d. MAB E
a acc I
c
c
aC c
d
/B d
a d
ca
C c
c
_N
/U
d MAC A
ca
B
d_Acc a
.
5
W c A. B. C. D. E. F.
/E
a
c
a
d
d? (C
.)
AES 3DES DES MD5 DH 1024 SHA 384
C
: AF
A :(
)
E E
/
:
BD T
S a
B , cC
a
c (NGE)c d a ,a dc a c a ,a (ECC) ac RSA a M d (GCM) a
ab
a d
+E C a + AE Ga /C + ECC D a S a A + SHA 256, HA 384, a d SHA 512 S
c :C c O ca C E
I
W c A. B. C. D. E. F. C
ca
G
a
E c
P
c
6
ESP
d ca b
S c Pa a S c N b MAC Add Padd Pad L N H ad
I d
: DEF
A :(
)
E E
G d ,N
ca d : ECDSA a
/
:
c
dd
a
? (C
.)
c
, .97
,d
a
/
BD T
ac
b d d ,a d a d
4b d (S c Pa ad Da a, c a TFC add , c L d ,a d ac .
c S
c : E
W a a A. B. C. D. E. F.
://
I
7
.
d a
.
/
b
Pa a c a d
I d (SPI) a dS a d d c ad a. F d. T a I
H
/ c4303# a
c N b ). F cc a a d Pa ad Da a a C c Va (ICV) d
14
C c IOS
? (C
.)
0 1 5 7 10 15
C
: BF
A :(
)
E E
/
:
BD B d a
, C c IOS d ( 1) a d
E EC
S
c : E
://
I
W c A. B. C. D.
.c c .c
a
c
a d
/c/
/
ac (CLI) a 15).
d (
E EC
/ d/d c /
/12_2/
c
acc
/c
a
/
c
a d :
d /
c _c/ c a
a
c d d
8
a
ca
d
OSPF
? (C
.)
Pa MD5 HMAC AES 256
E. SHA 1 F. DES C
: AB
A :(
)
E E
/
:
BD T a d +N A ca T a ac ad . I d a . + A ca T + MD5 A ca T a
a ca ca d T 0a d
S
/
c :
://
.c c .c
/c/
a ca /
ca dT
a
d b OSPF a
dT 1a d 2a d MD5 c /d c / /
ca
c a a a c a a
d . d .
/13697 25.
.
E
I
9
W c
a
d C PP a d CPP
A. Q S B. a c c a C. acc D. c a E. c a a
c
a
? (C
.)
ca
F. C c E C
c
F
ad
: AB
A :(
)
E E
/
:
BD F a A
a
, d( a
c d) d
b S
a a
c :C c O ca C E
I
ca
a
ab
T c a 5 T ca ac c T a d d C c IOS ca T C c ASA
C
, c a SSH/HTTPS/SSL a d dc . c ( ) a d a a
d a
G d , Tab
10 3 T
Wa
S c
C
Pa
, ca b a ca d
c
, .269
10
W c A. B. C. D. E.
a c c a a a c.
a
a ac .
c
a
c
ac
c c
.)
a a
a bca bca
a
? (C
a b c
a
c
ab
.
c c a HTTP HTTPS. a b a. a cb d a .
: AB
A :(
)
E E
/
:
BD I a add I
c a d
a a
c b ab a
d
, ,a d
I
/c/
/
a ac a c a d ac ac a ac .
/ d/d c /
5 c a dd ac . T a c a a d ac . d d a , a a ac a a ac a a c c ,
a
A. I ca
ab c
a
d
ba
d IPS a
/a _5000/19 0/XMART/PSF/19 PSF Ad
? (C
. c
c
a
ba
a
IP
d
11
W c
B. I ca
c
a a ,a d a a c c , a
S c : :// .c c .c Ad _c a _01. E
a c
d IPS.
.)
/19 PSF
C. D. E. F.
I ca a I ca b d I a I d
C
a
ba d b a da . ba d c . d a .
a
d
d, HI a
,b
.
: ABC
A :(
)
E E
/
BD
:
I a c a c HIPS ca c b b a a ca a ac a . H ba d IPS a b d c c a a da c a , a da c ac . S
c : E
://
I
.c c
/a c
a a a
a cc a ca , c ,a da a
/a c .a
,
a
,
c
a
a
? =1336425&
ca N
a ,a d
d. HIPS a da ca a ac
b c
=3
12
W a
ac
a
a
A. d a ac B. d ac C. d ac D. b c c E. b c F. TCP c c C
.c
a ac ca c
. a
IPS
c
d ? (C
.)
c
: ABC
A :(
)
E E
/
:
BD I
c c
dd , , ac aac , c d , a
a
b S c : :// c _ ac . E
W A. B. C. D.
I
/c/
/
c a ac
(
a d / d/d c /
c
.T ac a ac ). T a d a , d a a ac . /
/7 0/c
a
/
a
ac
d /c /c
d d a
ac
d
d 7/
13
a IPS d D P D E ab
.c c .c
,d a a c a ,
c a La a a b a
c
a a ac , c 6 . a a d .
c ac
. .
ca
IPS a
a ac
ad
?
C
:A
A :(
)
E E
/
:
BD D a
c
c a
b
TCP c c c d
),
:T c
ac .T b
A a ab S
c
c :C c O ca C E
I
W a A. B. C. D.
a c
a
d
d TCP
a IPS.
ac (
a d d
ac
a a
d a a IPS.
ca
G d , Tab
17 4 P
b
S
R
D
c d A ac
, .465
14
a ad a a
I I a I I ca
C
ac
a ac d
d
aT
ad a a ca ad b a a c c c a a
dPa
. d a a
a
M d
d
c
?
d c
c
a
d
c
.d .
c
.
:A
A :(
)
E E
/
:
BD T
dPa c c S a ca a d S
c : E
M d d
d
b
d
.
d a.
/
a b
a da d a c
a c a
c c d
a /T
d c d, ca ab d_P a
_M d
#D
_
c , d c . c .S c a a
c
a d d ca d
ac TPM c ca .
c
15
I a d c a
c
a
a
d a da a acc
c a
C
a ad a M
W a A. B. C. D.
a
a RSA
c ://
I
(TPM) c
a
CIA ca
a da a d a ca
d
ad?
da a
da a
:A
A :(
)
E E
/
:
BD I da a S
da a a a
a a c a ad a a da a
c :C c O ca C
ca
da a a .
G d ,C
d
d a
ab ,I
d
d d a /
, a d A a ab
, .6
.C
a a
E
I
I a A. B. C. D.
16
c
c
,
I C c c R d c F d c
C
a
add
ab . ab . ab . c a a c
c
a c ?
a ac a a
a ac
da
a
ab
.
:A
A :(
E
c ac ca
)
E
/
:
BD I
a,c
S
c : E
a c ://
I
.
a
c
d a.
/
a, /R
a
c a a
_c
c ca
,
c a, da d
a .
a c
17
W c
c
A. B.
c
C. D.
c
C
A :(
a ba c
c
c
d
a c
c
a
c c
a
a
d ?
a a
I
:A )
E E
/
:
BD W a a S
a E a ?I a a b da , a (L , . 14). c :
E
W c
://
I
. a
.
18
ca a a ac
b ,a a d
acc
/ ad
/
a
a a
a
/
a d a /
c
ca d d
c a
c
a c
a
816
a DD S a ac ?
A. b B. T a C. D. ad a C
:A
A :(
)
E E
/
:
BD D
a
c (D S) a ac a d d
b
dd
a
c (DD S) a ac . A
a
ab
'
a ac a a S
.
c :C c O ca C E
I
G d , Tab
c
Ed ca AW b A c Sc
C
1 6 Add
a A ac M
d , .16
19
W a A. B. C. D.
ca
d db
ab
c
c d c
O
W b . W b ab a d
a
c
W bA ab
ca
S c
P
c?
.
d
. .
:A
A :(
)
E E
/
:
BD T
O c
W bA
ca
S c c
d
a
d c
S
c : E
a a, a d
ac ca a a
://
I
.
a ac
C
a
c ( A a .O
)
a ab A S c d d .
.
/ d
.
a
d d a
c a ab a a c b , . OWASP a a , ,
d d a ,c
a a
/Ma _Pa
20
W a A. c b B. ac C. b D. ca
P
a
S
?
a a
:A
A :(
)
E E
/
:
BD S ca a ac a S
d
ac a ac a c
ac
c : E
I
W a
a a a
://
.
a .c
a
a c , a
d
c,
a a c a a
.T da
/
21
a
a
A. a ca B. a a ca C. a P b c K I a D. a IP c
d , da
a
a
c
a
c
a dd c
da a?
d a d a a ac .
a dc a a .I a a
C
:A
A :(
)
E E
/
:
BD A a dd c S
c
c da a.
c :C c O ca C E
I
,a ca
a a
ca c
,
a
c
G d , .93
22
R
b .
H A. B. C. D. E.
a
a
a a
ad
d
a
a
a
?
9 6 4 3 2
C
:A
A :(
)
E E
/
:
BD T c c c a d I
a
a a
S EXEC c
N
Ma a EXEC d d . a
d: N
P b
c
(SNMP) c ac
ca a
, a
a
d
da a
a c S
c : E
://
I
.c c .c
/
/ d/d c /
/
/c
a d/
c /
_b
/
_16.
23
R
b .
W c A. B. C. D. E.
/c/
a
ab
T T T c c NTP c T
C
d
a a
a a
c
?
,b b ca
NTP c c c
a c.
c
ac
.
c. d
c
a
c a
. .
:A
A :(
)
E E
/
:
B ad A C
d
:A c
: 100% :T
E
H
I
[.] a a
b a
a
a
c
ac
.W
.
24
d
C c ASA
Ac
Dc
A. I Ac D c B. I d a a a d D c . C. I d ad a d Ac D. I d c Ac C
NTP c d b a [*] a b
b ca a a
?
c ca b c a ACCEPT REJECT
d D c D c
VPN
da aba d
d a
a d
VPN
. Ac a
.
.
:A
A :(
)
E E
BD ? W
/
:
ASA d a d d. A cc VPN .T ac
LDAP d db
.I
a .A
ca
a
c LDAP c a d ba d c DN , ASA cc LDAP
d LDAP , ,A A a a b d d c .A a ASA d a c LDAP VPN d ca a c d a
a a
d '
. LDAP a DN a d a d db
DN d db d
VPN S a
a c :
c a d
://
E
I
d.c
P a
/a c /2228531/c c
b
2.
/
ac
d
c
25
a
ab
ACS ACS ca ACS ACS ca
C
a
. a a.
ca
W c A. B. C. D.
c
C c ACS a
ca b c
ca
d D c a
Ac TACAC S a
a
a da
d ca ab d a . ca a
a
?
. . d
.
:A
A :(
)
E E
/
:
BD ACS ca
AD d
a .I Ac a a a d ac
, d S
a
c :
a ://
ADI
a
+Y a
ca d
a
.c c .c
/
d /Ac
_D
c
a a a
c : E
a
/
c b
c
:// d /
I
.c c .c c _ d.
a
/c c _
c
_
_I
_ _ACS_5 8. d
a
a a
/
_acc
_c
d d d c da d c. _
/5 8/ACS
acc
c I . a , a c b a d d a . S D. W. ac a a NAS a d a d a
/ d/d c /
_
/c c _
a
a a
ca
c
_acc
_c
_
a a
a
/5 1/
b .
I a
ca
c
c T T T T
ca c a a
c c d
d c
d
c ,
d?
cc ca ca
a a a
ad a c b c
d da a d a d
ba ca c c
d. d ac ac
d
. a 101. VLAN
d
a .
a
c c , ACS a
26
R
A. B. C. D.
c
d a a c ACS c d acc .S B c
/ d/d c /
a
/c/
a d
b ,ca ca , a a a a c b a + ACS 5.1 ca c b a a RADIUS a d RADIUS c a ca a d acc RADIUS . S C. c c. S ac
b
/c/
D
/
d /
C
:A
A :(
)
E E
/
:
BD F b a d W bA
a
ca (F A ) IEEE 802.1X, MAC a
a ca
a b
a
a a IT ad a (MAB), a d c ba d
c ba
c ca ( ca
).
Ca I
2: O d MAB D 1 a d P D 1 MAB c a d a MAB c b IEEE 802.1X a ca a dc a d a a IEEE 802.1X a ca c d MAB, d c b b c MAB, b d c a a MAB ca b IEEE 802.1X a ca . S ca c d a b ad aa a d c a IEEE802.1X a ca a cc MAB. F , d c a a acc b MAB cc d a d IEEE 802.1X a ca a .W a a d d c d a b a . I d c da da da ca d ( c a W bA ) ab d, c d (MAB) a d d. MAB cc d, a d d c a a a a acc a d ca a ca a a . I
d a
a d a d ca W bA EAP L S a c a d
ca W bA
S a
c : ca
://
.c c .c /c/ _c27 573287.
_
I 27 W Ec EAP
A. B. C. D. C
EAP EAP EAP EAP
d
P
/
/
c d Acc
d c /c
C d
a
b
c
da
IEEE 802.1X a
ca
a
a/
a /d
ba
d
c /
a ?
FAST TLS PEAP GTC :A
A :(
)
E E
/
:
BD F
b A ac
ca LEAP. T a S c c T da
a ,
ca .
(EAP FAST) a d add
ac
a LEAP b C c S
a a
"
"
A
a .U (PAC) ab
C
S
c : E
://
I
.
d a.
/ c
T T T T
ISE a d c
b b c
a
a
a d c d c ac acc a
a
C
/E
ca
a
EAP FAST. EA c d a a
c c
b _A
ca
_P
FA
d.
c
28
W a A. B. C. D.
c a TLS
a
d
d
d
c
ISE?
c . c c
a d
c
d.
. ab
c a
d
c
c
.
:A
A :(
)
E E
/
:
BD A
a
a ca a d c ac ( A C c , C c NAC A ac a a a , c C c NAC W b A ), a d.
S b_
c : :// _ad _ E
I
W a VPN
.c c .c /c/ / / d/d c / d _20_c a _010101.
d c
c
/
C c ISE a d Mac OS X) a d .A ac a
/2 0/ad
_
d /b_
.A a ca a
_ad
_
ca b c b a
a (
d _20/
29
a
a
A. Ha B. NAT C. NAT a D. C
W d
a c
c
a
a c
a
ac
d?
a
:A
A :(
)
E E
/
:
BD I
c NAT d c a ,a
a c Ha add ac S
ca a LAN/ LAN).
c : E
I
W a VPN A.
, a
://
.
ac (
( NAT bac ) d c b a c ca b a d d . B ca NAT ad c c b a a . LAN ab acc a ac LAN a ad d c
d a.
/
b
d
ca aP I a
a
/Ha
30
a
a
I
a ca d
ca LAN/WAN a c
a
c
c
?
B. C. D.
a d a
a
C
d :A
A :(
)
E E
/
:
BD S d a a d L ca A a N a d VPN c S
c : E
ac b c ( . ., c c .T c (LAN) N I a a ca
://
I
.
/
/S
c
c a a b acc d a c ) a d a ca LAN WAN a a , c a a ac a d a ac Ca d (NIC), ad NIC, W L ca A a N b acc c .
a a , (WLAN) NIC,
_
31
R
b .
W a A. B. C. D.
d a.
c I
I I I I
c c c c c
C
c
a d
IKE P a 1. a VPN ac c IPS c P a 2.
c ?
. a
14400.
:A
A :(
)
E E
/
:
BD C
IP E
R
W a
I
c
a
1
a5a
HAGLE (Ha
A
ca
G
L
E c
32
b .
c
A. I d
IPS c
B. I d
IPS c
c c c
a d a c a c
c ? c d c d
10.10.10.0/24 10.100.100.0/24
ad a d
a a
10.100.100.0/24. 10.10.10.0/24.
)
C. I d D. I d C
IKE IKE
c c
a c a c
c d c d
.10.10.0/24 10 .100.100.0/24 10
ad ad
a a
10.100.100.0/24. 10.10.10.0/24.
:A
A :(
)
E E
/
:
BD Ac
ACL b E
I
a ca c
a
d d ACL
c
c a dd
a
add
d.
33
R
b .
W
b
VPN,
d
c
a d. W a d
? A. IPS c P a B. IPS c P a
1 2
C. IPS c P a D. IPS c P a
1 2
C
ab ab d d
db db d d
10.10.10.2 a d 10.1.1.5. 10.10.10.2 a d 10.1.1.5.
a QM_IDLE a QM_IDLE
a . a .
:A
A :(
)
E E
/
:
BD T A T
#
ca Ma a " ab d" c
P
c
(ISAKMP)
c
ac a d. T c a d c a ca (SA ) b b aa M IDLE a
I a
S c IP c P a .
M 00. :// E
R
.c c .c I
34
b .
/c/
/
/
/d c /
c
/
c
a
c
/5409
cd b
1.
W
b
VPN,
d
c
a d. W a d
? A. B. C. D.
IPS c P a 2 ab db 10.1.1.1 a d 10.1.1.5. ISAKMP c a ca a ab db 10.1.1.5 a d 10.1.1.1. IKE 2 c a ac a ab db 01.1.1.1 a d 10.1.1.5. IPS c P a 2 d d a ac b c da dd c d ac .
C
:A
A :(
E
)
E
/
:
BD T c a d IP 10.1.1.5 a d 10.1.1.1 ( E
I
b
IP c P a d c
c
2. T a d).
c
d
b
db
35
R
b .
T Ad ca A. B. C. D.
c SA b
ab c
a
R C a R R
C
a P
c
a
a
c
c
d c
b
ad c ?
c
a d da da c a 15. a Ad . c .
U P
U
a
a
.W a c a
Ad
.
:A
A :(
)
E E
/
:
BD : (O a ) Ca c a d c , b dd d ac , c a d
W c a S a d c S 3
cc c db
I
a
dc
a d b a d. B ca a c a d
Ad
c
.S
c : :// 3850 c b E
A a
c
c
.c c .c /c/ / _c a _0110.
/ d/d c /
a c
a d /
/
da c d
c
/ 1/
a ca a a d ca b a b a
a d c d. c 1
. a d ca .
d aa
3
3850 c b
/
c 1
36
ad b
a
, .F
a
a
d c a d c d a
a a a
a
a
a d b d
a ?
a
A. B. C. D.
T T T T
c c c
C
b a c a d c d. b c c a d c d. 0 24 c a d c d. adc a d a d ROMMON. :A
A :(
)
E E
/
:
BD #
T
c c
S c : 1. # E
I
a d ab " d "
d ab
c a
:// .c c .c 3328121947
/c/
/
,
a
/ d/d c /
/
C c IOS a . B ca b c d d a d
c
/
/
c
/ 1/
c 1c b
c
d
ca 23:59:00 31 D c
b
2013
d c b a a ca 1, 2014 a d c d . B. I c d c b a a ca D c b 31, 2013 a d c d . C. I c d c b acc a ca acc a 23:59:00 ca D c b 31, 2013. D. I c d c a a a ca a d a ca D c b 31, 2013. E. I c d c b acc a ca D c b 31, 2013 a d c acc d F. I c d c b acc a ca Ja a 1, 2014 a d c acc d .
c
A. I c
C
a d a d
cc
37
W a
Ja
c
a d?
d
c
a 00:00:00
ca
a
cd d
a 23:59:00 c
ca
da d
c
a d
a :59:00 23
d
c
a 23:59:00 ac
d
c
a 00:00:00 ac
.
:B
A :(
)
E E
/
:
BD T c
d a d
a 0:0:0
:Sa , 23:59:59. : (O a)S c
S b_
c : E
a d a d a c a c :
da
a
ca
I
,
d . a
a,
a
c
:// .c c .c /c/ / / d/d c / /c / c_c 42c /b_ c_c 41c _c a _0100. #
c
b c
b c
ac a
c a ac
a d
a
a /c _ 4 2/ 2198915138 a
a d. T
a
a d. c
38
W a A. c
:
ca a
d
c ?
/c
a d/
c /
.
B. da a a C. a a D. c C
ac a ac
a
ac
:A
A :(
)
E E
/
:
BD C
a
:T
ac S
E
I
T T T T
ca
a d ca a a a
G d ,T
d c c .
N
F
da
d P
c
Fa
c
, .264
39
a
a
c
c c d cc db c c c db a cc db c
C
c .A
a
c :C c O ca C
A a ac ac ? A. B. C. D.
c d a ad
a
a
d
BPDU
.W a
a
b
DHCP add . b d . d VTPd a . a a a b d .
:B
A :(
)
E E
/
:
BD I a c S
c
c c
c : E
I
BPDU, .S
STP
://
I a c c
.
c
d.c
c a c /
a a
a
c a c '
.R c a b c
a a
b d
a d
b d
BPDU .
c
a
/
40
ac a d acc
A. a B. ARP C. IP D. MAC C
a
a a ac a d a
d
ad d ?
c ' b
d
add
a a
ARP
:D
A :(
)
E E
/
:
BD Ad
c ' b
d d
add ac
MAC add .
.S b c a
a
c
E
I
41
W a c
a d ca
A. B. C. D. E. F.
d d d d d d
C
b d
c c c c c c
ab
a
?
b d cb d da aba a c :A
A :(
)
E E
/
B ad A
:E
C
d
N
:I ://
I
:
c
: 80%
ac d .c c .c /c/ c /2960c /c 2.
E :
c
"U da aba "U
a / d/d c /
/
c a
,
d c a dc
d c da aba
a
a
2960/
A. H
b d c a a da aba c .
a
b d
: / a /ca a
c
a /
a
/12 2_58_
, I'
E ba
a dEXEC d d a ac a c ." a d EXECd d a
DHCP
/c
a d/
d b d
a
DHCP
BD @A a B ad'
c
.c
ad a ca d a (
c ,b
O CCNP R&S TS E a
DHCP S d c
MacAdd
c )
300 135 O c a G d , a
7 26
SW1#
ac a
S , c a E
I a
a a
L a
b d DHCP S .
I
42
c
c
A. STP B. E C a
ab
da aba
a
,
a
.A
a
b d
I Add
b
a ab
B d
(
c) T
VLAN I
ac
08:00:27:5D:06:D6 10.1.1.10 67720 d c T a
267
a' b d
a ad ad
10 Fa E
0/1
:1 b d
a d
BPDU a d
a
d
a
c
b d
ab c
d
ab ? A
a ,
a
c a
b ?
C. ad D. STP BPDU C
ad :A
A :(
)
E E
/
:
B ad A C
d
:A c
: 100%
:T *ANY* BPDU
a
" d.
c
BPDU "
c
c a
STP a a a aR c.c
d cc
c d a
/d c / a
/
. BPDU
ad
b c a
BD R
ada adb c c a d S
c : E
://
I
W c A. B. C. D.
d ,
.c c .c
/c/
/
/
c
b c d
a
a
.I d
c
c /10588 74.
43
a
T T T T
ab a a a a
C
c a c a b c BPDU .
d d d d
a PVLAN
ca c ca c ca c ca c
a d
c
ca ca ca ca
d
a
c
c
? .
a d
a d
c
c
.
. a d .
:A
A :(
)
E E
/
:
BD I
a d A a d a a ca d c .Ta c c d a d a a d VLAN. S c : CLIC E
I d
:// a
I
ba
a
/c/ / / d/d c / a VLAN .
c
d c da VLAN. T ca a , c a ca c ca c a d c a c c . Y ca a c a d a
/da ac
/
d VLAN,
a
5000/
/c
a
c a
/
d /c /
44
c a b a
A. T B. A VLAN C. A VLAN D. T
a a a VLAN d . P a VLAN b c a a a a d ad d c d a d VLAN. Eac
.c c .c G d /P
a
a ac
a VLAN a ac ? d a ac a ac d VLAN
a
a db db b
d.
d ab d cc . d.
a .
a
a a ac
a
a
C
:C
A :(
)
E E
/
:
BD VLAN (VLAN). T
ac ba c c
a c D
b
: Ta
+S +C a S
c
E
d
a , d a VLAN
d
a ac a ac
d a a ac
c
VLAN
a d a b acc b .T a a dd b a . b d c "Na VLAN D b". Ta ac : a VLAN 1 (T d a VLAN) a VLAN a a d VLAN ID
://
I
45
a
a
A. T B. T C. T d
.
d a.
/
/VLAN_
a
a
d
a
c c
d
a
a
c a d a
a c .
a a
D. T c a a E. T c C
b
a LAN a VLAN a a
ca
c :
W a
c c
aa ,
a
VLAN a db
a ? ac
.
c D Sa d
d ca b
acc
.
d a ac
a ca b d
.
da
a
.
:A
A :(
)
E E
/
:
BD T c a , S
a a ca . HIPS d
ac
I
a
A. B. C. D.
ca a ca ca
C
ca
ab
BD
G d ,P a
c a a a c a c :A
A :(
)
E E
ba c a a cac La a a b c a d c a a a , a F
a
a dH
I
3 a d La 4 acc a a ad a , , T a d, P
46
W c T T T T
a
c a a a .
c :C c O ca C E
a
/
:
a
b d
?
b a ac . aa d a d c a a a ac .
. a
a
a
a VPN.
S
a
, .499
F a +B c a ab a a d b d b dc c a +A c c a ca a d ca acc ca a d/ d a ab a a ca a a ac c a +H +M a ca a a c c c +M a d a a c a d I +P a d a c ca a da ca +P d a ab d a c a a ca a + T ac acc +P S
c c a F
c : E
c
://
I
,
. a b c .
,a d
a d d a.
ac /
/P
a d
c
a acc
a
a_
I
a ac
ca
d
d
ac
a
47
R
b .
W a A. a B. a
a a
C
c
a
?
a a
a
C. a D. a a E. a a
d
a ca
a a :A
A :(
)
E E
/
:
BD T
"
c c a a# 20 , 21
c
c"
a d
a ASA. T
a
a
I
d
C
d
O c Sa Sa Sa
a c c c :A
A :(
)
/
a
c ca c ca a c ca a c ca a c
E E
0:00:06, b
39, a
48
W a A. B. C. D.
a d
c
UDP OUTSIDE 172.16.0.100:53 INSIDE 10.10.10.2:59655, d E
I'
:
c
ca c
a d
a c
ba
a a
ca
a ?
a c.
. d b
d
d
a d a
.
a
.
BD N S S
C c IOS ZFW c c A. c : E
H
://
I
Ca
.c c .c
cF
/c/
/
a
c d
/
a
/d c /
c c
ca
/
a /98628
d
ac
a
a c. d .
49
d
a
ba
A. T a B. T a c C. T a D. T a
cb cb a d. cb cb
C
A :(
d
a
ac
a
ac
a
a
ac ac
a da c b a d
b c
a a
db d a c
a a b c b c d
.
a
?
c
d. a
a
c
c
a .
:A )
E E
/
:
BD F S
ac
b
c :C c O ca C E
I
a
Y Y Y Y B
ca
ab
a VPN c ca acc ac c
C
a
,a
G d ,Z
a c
a dW
db d a
W N
d Pa
T
. , .380
50
W c A. B. C. D. E.
a a
T
acc
ASA a
c
a AAA a ac c a d d ab T
ac ab T . a ASA T a ab T a d SSH.
? (C a
). d
ac .
. .
: AE
A :(
)
E E
/
:
BD T
ASA a
T
a d SSH c ac
c S c : :// acc _ a a E
I
W c
c C. A
T
.c c .c /c/ / / d/d c / . # 1054101
ASA a a d a IPS c c
.Y
ca
T
.
/a a/a a82/c
a
/
ac ,b
a
d /c
/
51
a
A. A B. A
c
ab
c
a a a a db d a . a
a
ca
a a a a
ac a d
d aa
a ac
?
a a c a a
ac
c
a c a a ddb a
.
b d a
.
D. U a d
a a
C
, a a
d ,a d a d ac , b
a
c a
db d a a c a
a
a
.
:A
A :(
)
E E
/
:
BD A c
a ca a da a ca
c d c S
c : E
a , a c a c a a
://
I
a
a a
.c c .c
a dSa Fa .I c a a c d d a d a d d d a ca c .W c a c a a c
/c/
/
/ d/d c /
c
c a a
VPN ab a d c a VPN
/a a/a a80/c
a
/
c
, .T a .
d /c
a
_ d/ a
.
52
I a ac a d
ac ac ?
a ca
a
a
d d a
A. T B. T C. T
ASA ASA ASA
a a a
ac ac ac
D. T
ASA
a
ac
a
C
A :(
c
a a . N100% c a.
a
ac
a
'
c
ac c c ca a
ca acca
a a d
ac
a ,
d
d d a
c aa
ASA
a a
. .
.
d
a
.
:A )
E E
/
:
BD I b
c
db a '
d
S 1. A ac
a ca
ac
a ac a
ca
d
ac c
ab
ca aac
.T a
ca a .
a
2.
a a
,
a
a
ac ,
ac :
A A
.
3. I a Ac
ac ac " c
I a ac c
ac
aca ac
b
I H
S
b b
ca ca ab
a
ac ,
a
ac a a
c
a a ,
ad a d. S "I c dc b a .
,a da
ac aca
H
E
F A. T B. T
I
a
a
d d
a
F a
ASA a
ca
,
/c/
/
/ d/d c /
c
/a a/a a84/c
a
53
aa ab
a a
,
.
.c c .c c .
a
C
d.
,
c : :// _ c _
, a b
c d a VRF
c
c
a db a a ad ac
ASA . c
c d.
a ?
/
d /a a_84_c _c
/
C. T D. T
d ab
C
d
dac a d ca
a a ab a dQ S
aa
. a .
:A
A :(
)
E E
/
:
BD Y
ca
a
d a
d
C +Y c
a c , a da
d U a
a aa
ASA d
c
S c C c da d a ASA, ca c ,a da a
a d
a d c ,
c .
c
, ac ac , a d ad
c ac c
c
c a ac
,
a
c
. Eac c .M c
a
c a
.B
a a
ab a
c a c
a c
.
+
.
+Y +Y S
a a a a
c : d _c E
a a
://
a
.c c .c
d d a
/c/
/
c c ASA.
/ d/d c /
c
d
c
/a a/a a84/c
da
?
d
a
/
a
.
d /a a_84_c _c
/
.
I
W a A. B. C. D.
a
54
a ad a a
I ca I c I c I ca
C
ac
d a c
. aa ad b d ac . c .
a b a
d
aIPS
d.
:B
A :(
)
E E
/
:
BD F
a a a d d b a a c (a ac , ca c.)
A IDS/IPS , c a a d b I a b S
a
,d d d a .F a IDS/IPS a a
a
E
I
W a
://
a
a
c d a a d c :
a d ca c
,
da ( ).
b c .c c .c
/d c
ac , a c
.
a
d
a
/12428821/c
55
F
POWER
A. A a
a
d ca
B. A a
a
ad
ac
a
d
?
a a
a
a a ac . ac
a
.
c
a d ac , a d
d
a ad a .
a a
a
a
ACL c
ac
c
ad d
ac
c
C. A a D. A a C
a a
a a
a
a ca
. a a
.
:A
A :(
)
E E
/
:
BD I
ac F a : C
B ca
S C I T I S
.I
a ca a c ca ,
c : a
:// .c c .c _P c .
V
ab /c/
a ( a
/
ac
a a ab add d 1: d) ac a a a
/ d/d c /
c
/
a N F d
/60/c
a
da a, .
/
d /
cc
d
60/
ac ac ab
d a
d ca
c
a
b
da a,
d c
da a, a d
.
ac F a I ac .
S
c :
://
d
d
E
I
W c F A. B. C. D.
.
.c c .c 541/V
/c/
/ E
/ d/d c / .
c
/
/541/
d
d /a a
56
POWER
c
d
SYN a ac
?
Ra Ba d P P ca D c IP D a a I N a a
C
:A
A :(
)
E E
/
:
B ad A C
d
:A c
:N
: 0% b
d
ac
.
BD Ra ba d a ac a c a +a a cc a a ac +a a cc a c c d a ac + c ac
d . Ra c c
ab d a ac
ba c c
a c
a c
c
a c a a a c
a da
c
a a c a d
a
PI add
ac c a ac , d ca
c : a SYN d
,
a TCP/IP
add
d ca
c
a
a
a c a + c P
c IP add add ac a a c a
. ac
a
SYN A ac
T
SYN a ac d d a d d a ac .A d . S
c :
c ,
d
E
I
W c S E E E E
ab ab ab ab
C
ba a
ca da
://
d
A. B. C. D.
a c.
.c c .c 541/I
/c/
d
b .I a
,
a a ac d cac d d a
c
/ / d/d c / c / T a D c .
a , d,
SYN d . Y ca c d. I d c ca a d a c a a d ac
/541/
d
d /a a
57
c
ac
d
a d a b aSNMP
a S
c
c d
d a ab
ca
c
?
. .
a
b
b .
.
:A
A :(
)
E E
/
:
BD F POWER ( L B W F a S
c :
d I
C
I I I I I
ca ca c ca
.c c .c /c/ 541/AC C
/ c
/ d/d c / L
ca c
a b c a
a d
d. .
c .
/ /541/ #15726
d
d /a a
58
W a ca A. B. C. D. E.
c ) A dE d C c d c ac c , ca b c dc c , d c ,
://
d E
S
SMTP
c
F POWER
ac a d d c d a a ac a d . a a a d . a d SMTP a c a a T a cA a D c .
a
?
c
a c.
.
:A
A :(
)
E E
/
:
BD D c d SMTP T a c T SMTP c
c
a
SMTP c
a d .T
c
ca a
ac a d d c d a a ac a a , add ,a d SMTP a c. S
c :
://
d E
Y c
.c c .c /c/ 541/NAP A
d I
a a IP add
c
W a
d
/ d/d c / c / La . #85623
c a ' d d a .
ca
d a
a
/541/
acc
? (C
C a A IP add A a IP add I a aW bc C a a
C
/
a c a d, d d c
d
,
ac b d
d /a a
59
a
A. B. C. D. E.
c da a
ad
I
W b
).
d ' ca IP add a . a . d ' ca IP add Add Ta a .
P
a
.
.
: AE
A :(
)
E E
/
:
BD I c
,a
da ,
c ,
d P
a d d b
S
, ac a c :
://
.
a
c
add acc d a.
(a c c c ,
c a a, c b a a a a c a d ca a d c W dWd W
/
/P
a a ca ) .[1] A c c c a a ab a dc c .[2] T da , d a .
a , a b d ba d
S
(PAT) a b NAT, a d a NAT/PAT d c , c PAT d .I ad, PAT d c ac d d a ba d ,a d a d a ac a c IP add , d a NAT ad; a d IP add a
c :C c O ca C E
Y I
I
A. B. C. D. E. C E
C C C C C
. a
G d ,P
Add
IPSa d c .A ca IP add
a d ?
Ta
a
c IP add a a d b a d c a d. T ba add .
a
a c
, .368
60
a c IP Add a
a
ca
a a
_
A
add d
a ac c a
a a a a a A :(
ac a a a a
daS R acc
c a
b ac a d add ba dacc ba dacc b a :B )
a a c c c
d
b c c ab acc
a add ac a
a c a IP add a a c a a c a a c a a c
IP add
S c . W a ac
ca
E
/
:
B ad A C
d
:B c
: 100% : B ac
a
c a d
b c
a c,
a
BD U
S c
I
c W
I add a b ac , ac acc c c S c I c b c .A c a d cd a IP add b ac d. I a, a b ac b c a c a a c. S c : :// 5401/AC S c E
I
.c c .c B ac
/
/ d/d c /
c
/
, .T a
cca a a , a a , IP add a b ad c a d c c
/541/
d /F
SIGHT S
U
a c
G d
61
A c c URL a b acc d a A. E ab
URL
B. E ab
URL
d da c URL a d b c
a
a a . W a ac c d a a . a a d add add a d
C. C a a b ac D. E ab URL
a c
E. C a
a c
C
/c/ . d
a a a ca d d b ac acc c ,b
a
a
URL
a
URL
ca
URL
a
a
URL
b c
a
ca URL
a a
a add a d
b ac d ac URL
a
a
a
a
ca URL
b ac a b c
ca URL
a dca a
:D
A :(
)
E E
/
:
B ad A C
d
:D c
: 100% :Aa dBa
a ,a d
c
a
a. E a
c c
c a b ca c b ca
ca a
d
a a
' URL b ,
URL a b c ,a d a
.
BD URL F URL a c b ba d a I C c IOS a (ZPF), ca a a a a d a a a dc S
c :
://
.c c .c
acc c a
I d
b a URL URL
b .Y
ca URL P /c/
/
/ d/d c /
D /acc
d
ca b d add
acc ca URL Z ba d a URL . E a URL.
a
/c c _
a
c c
a
_a d_
c
_d
. dP c F d a a c _ a a
a a /24/
a / E
/
I
#
b E W W W
a a a ca ca
a
a a ab . c da d c d d. d c ab .
a
C
999509
62
W A. B. C. D.
d /URL .
da ?
da
ad
.
:A
A :(
)
E E
/
:
BD Ob
a
M S
ad c : :// E
I
W c A. B. C. D.
I I I I
. c
C
/a c /
c
a
a
da
/
63
a b b b b
b c.c
ab
c c c c
acc acc acc acc
A :(
)
a
ca
b c
c c
a
? .
c c c c c c
. .
add c
.
:A
E E
/
:
BD H
d
b c
a
I A ca V b Ma a ), W ca d d acc c >. S c : 00.
://
E
64
Sc I a
I
C
(AVC) a
W bS c .c c .c
C c W bS c A
/c/
ab d (U d
Ma a
> Acc
/
/d c /
/
a c
GUI > S c P c
c
/
S P ca
> 'A b
c
c >W bR a ,F S a ,I 'c <
a
a c /118486
c
a a
T acc N T
ca
,
a c
ASDM, c c
: N a ASDM a a d d
acc ASDM .R a c ab ASA SSLVPN c ASA c
c a a a ab .
ASA c a
a
ASDM
.
da a . a
ab d a
a
a . a a, a
d
a d
a dA d a
.
W c
c
A. C
a
ab d
D G P
c
c ? (C
)
SSL VPN
B. C. D. E. F.
SSL VPN C PPTP L2TP/IP c IP c IKE 1 IP c IKE 2
C
A :(
: ADEF )
E E
C c A S c :( B c c ca
/
:
: ADEF ) C D G P
a c
c
>R a
Acc C> b :
CCL VPN Acc
>G
P
c
ab
E
Sc I a
I
a
T acc N T
65
a ,
ASDM, c c
a c
acc ASDM .R a c ab ASA SSLVPN c ASA c
: N a ASDM c a a a a ab a d d .
ASA c a
a
ASDM
.
da a . a
ab d a
a
a
a . , a
a
d
a d
W c a ca ://209.165.201.2/ A. AAA B. C. D. E. C
d
d
C
SSLVPN
a
?
LOCAL da aba
AAA C caRADIUS B C ca a d AAA B C ca a d AAA
LOCAL da aba RADIUS
:A
A :(
)
E E
C c A S c :( E a a T ca b b
/
:
:A ) C d.
c
P
Tab
R
Acc
VPNc
a
,
a a
E
Sc I a
I
a
T acc N T
66
a ,
ASDM, c c
a c
acc ASDM .R a c ab ASA SSLVPN c ASA c
: N a ASDM c a a a a ab a d d .
ASA c a
a
ASDM
.
da a . a
ab d a
a
a
a . , a
a
d
a d
W c A. T B. T C. D. E. F. C
a
ad
ASA a a c ca D a WEBVPNG
ASA VPN c
C
db a c
P
a
a
c
a C
ca
A AAA
c ? (C a ca d A RDIUS
T I d SRV b a c ://192.168.1.2URL O C SSL VPN acc a d Sa c A C c , IPS c IKE 1, a d IPS c IKE 2 VPN acc ab d T I d SRV b a a b a d Sa c : BC
A :(
)
E E
C c A S c :( E a a F B:
/
:
: BC )
) ASDM_T d.
d
ac
P
1.
============================= F C, Na a B a ab:
T
d
a d
:
================================== N A, a d d Id C ca
,
CA c
ca
:
================================== N E:
E
Sc I a
I
a
T acc N T
67
a ,
ASDM, c c
a c
acc ASDM .R a c ab ASA SSLVPN c ASA c
: N a ASDM c a a a a ab a d d .
ASA c a
a
ASDM
.
da a . a
ab d a
a
a
a . , a
a
d
a d
W a
C
SSLVPN
://209.165.201.2/
,
c
bc
d?
A. B. C. D. E. F. C
c Sa D G P c D a RAG D a WEBVPNG :C
A :(
)
E E
C c A S c :( E a a F a a
/
:
:C ) C
c
P
ab a
b
,
a a :
T
db
a d
ca c a
Sa G
P
c b
a
d.
E
I
W a
a
68
ca
c
da a
a
? (C
.)
A. c B. ACL C. IPS D. a E. Q S F. DHCP C
: BDF
A :(
)
E E
/
:
BD +B c a d a ca a d a c a a +R d c a ac . F d ) a ca a a +D
a
cH
C
a
.I c a d. a , ca c IP add a P
c
(DHCP)
c d (d
a
TFTP a c,
ACL
) ac
( a a
. DHCP
a d
c
c d a
S
a
a
c :C c O ca C E
H A. B. C. D.
a
I
a d
ca
c a DHCP
G d ,B
P ac c
a P
c
a a Da a P a
a ac , .271
69
a
c
a
ca
aa
ac ?
3 2 4 1
C
:D
A :(
)
E E
/
:
BD Y
a
ac ca b a , a
d S
c : E
W a
://
I
70
a
a ac b d a ac .I d d b a
c
.c c .c d
A. , a B. ,b c C. b c , D. ad , C
a
,b c , a , a , a
/c/
/
STP , , ,
/ d/d c / a
ad ad ad ,b c
a
a a d
a
/12_2/ a La
, d ab , d ab ,d ab , d ab
ac ca c
2
c
/c c
a d/
d IPS c c . a a a a b a d c /
c.
a #
b a ac . 1018126
ac ?
d d d d
:C
A :(
)
E E
/
:
BD STP
c
a
:
+B c A a d ca a c ac .N da a c d b c ,b a ad d a a d a a d a a ad a . BPDU da a c d b c a . P d a . +L T c c BPDU a d a a b a a d ca b c a .I d a MAC add ab a d d ad a . +L a W d ad a d a c add a c a d add da aba ( c da aba ). I a MAC add ab , b d ad a . +F ad A c a d d da a, a a . STP c BPDU d d ca d b c a a . + D ab d N c a STP, a ad a ca a a d ab a S
c :
://
.
d a.
/
/S a
_T
_P
c
a
d a
E
I
71
W c A. B. C. D.
d ca d
a ac
?
IPS a c IDS a
C
:A
A :(
E E
) /
:
BD D a ac d a
:T ,a
ac c
d d
ac ca b d
ac
A
c :C c O ca C E
I
ca
G d , Tab
a ac
ac
ab
.
I
S
c IP add ca d.
a
17 4 P
b
S
R
D
c d A ac
, .465
72
W c
a
d
d
a SDEE
a
? (C
.)
A. B. C. D. a C
: CD
A :(
)
E E
/
:
BD SDEE M +A +E +Sa +A S
SDEE , a O SDEE O SDEE a O SDEE a
c : a / E
W A. B. C. D. C
a
I
ac M M M Ma
:// /
.c c .c d /IPS.
a .
a . .
/c/ / / d/d c / # 1083698
.
/acc
/c c _
_a d_
c
_d
73
a
a
ac ab c a c A :(
,a da a a a a a a
:A )
c
c ac ,
a
c
c
a
' b
?
c _ a a
/24/
E E
/
:
BD T
c b
dd c a .I a
c
c S
c : E
://
I
W c A. B. C. D.
ab
a d dc d .c c .c
, ac
c a a c b , acc ab c a
b c/cc/
/
c .A ,a d ,a d
c c db
c a a, ac c a d d
. / a /
/
/
c
/
d _
.
74
dca d
a
a
ca d
ba
a
/27?
0.0.0.31 0.0.0.27 0.0.0.224 0.0.0.255
C
:A
A :(
)
E E
/
:
BD Sa /27
N a W dca d Ma 255.255.255.224 0.0.0.31
F S
ad c : E
W c A. B. C. D.
://
I
.
d a.
/
/W dca d_ a
75
a
ab
acc
a
? (C
R R R R
acc acc acc acc
c a a a a a ca b a ac d UDP
E. R F. R
acc acc
ca b a ac TCP
d
dd a
,
a
a
C
.)
ACE ab a da d ad IP ACL
d
d
d IPACL
: DEF
A :(
)
E E
/
:
BD T d
a
acc
.T
I
d. A
acc d
M a
d ,
,c .S ,
a ac
a
IP
a a
a a
c
(
(
c a
C
D )
a d
.
d ICMP, a a aa ab c a UDP, d
),
Cd a
a c c . (B d
ac S c
c : . E
a c a
d
/c/
/
:// .c c .c #54908
I
ca a
A. R
c
TCP c
R D M d R D
a a a ab
b a
/ d/d c /
/12_2/
,
c c
b d
a
c /d a NVRAM ac .)
/c
a
/
/
d /
add
a
c _c/
76
W c ac
B. C. D. E. F.
b
c ac ac
IPS a
a
a a ac ? (C
.)
c
c
b c
b c a
C
: ABE
A :(
)
E E
/
:
B ad A C
d
:A, B a d E c : 100%
:B a a
a
IPS
a c
,
d d
c a "W a ac
a
d
d ?".
BD P +
c
M d E a a a
c a c aa + ac a a + C ac , ca b a S
c : E
://
I
W c c
A. B. C. D.
:T cc
ac ac /c/
/
d a ARC ac
a
d a ARC a aa c c,a d
a TCP
b c a
a
a
c
d
a
b c .
c cc
a c
a a
c
a ac
.T a TCP
. /ab
/
c
c
/
a
.
#7
77
a d c ca da aba
a C c ASA bac a d?
ca ca ca ca
ab ab ab ab
:C
A :(
)
E E B ad
ac ca .T . :T ac
.c c .c
aaa a aaa a aaa a aaa a
C
Ac :T c
/
:
c c c c
a
a
ca
LOCAL SERVER_GROUP SERVER_GROUP LOCAL LOCAL ca
ab
a
,
A C
:C c
d
: 100% :T
a E
ca da aba ASA
d,
I
Ma a ?
F C D c Ma a R Ma a H a a dP
C
c d
a ca a ca d " ca ".
AAA
.I
ca
78
W c C c S c ca a da A. B. C. D.
b a AAA a
ca
c
(HPM) .T
M
c
a
ab
d
c
a
a d
a
a c M :D
A :(
)
E E
/
:
BD H a a dP ASA a d IPS d a
a S
a c M c
,
ac
c : :// _ a a
c
E
I
,d ,a d
d ac d
, a
.c c .c /c/ / / d/d c / c /4 4/ / d /CSMU G d _
c
a , a c a d VPN da a ca a d c ca , c a
aa d , / a
c
.Y
a d
_ a a /HPMc a . d
ca ca c . /c c _
d c
_ a a
c /
79
W c acc .) A. B. C. D.
a
a dd a a c d
S S S Sa
c
a
d
ad ad a
ca
a
c d
aAAA
? (C
c d
C
A :(
)
: BC
E E
/
:
B ad A C
d
:Ca dD c : 50%
:T
a
d
c
a
d ba d ad a A
a d a c dd ac c a .
ac
c
a
.S
BD aaa acc a
a aa
c c [
a
]
a
c
c
a d
d 1
[b adca ]
d a ad
a
+
:S d a acc aaa acc d c d: G a
+ F
a acc
,
c d RADIUS acc
TACACS+ c a
S
c :
://
O
c I
a d
c c c c
d
a d.
ad
da acc ca c d
, c a
/ d/d c /
da
d d
c
c d
b
/
/
d
c
c
/a1/ a
c a1 c b
c /
I d d.
ab
SSH
aC c R
?
a a c
C
/
acc
ca a dc
d .F aacc c .
/c/
ca
a
80
W c c A. B. C. D.
.c c .c
c d c .
a
c d d a d
.c
E
c d a ca c da ca c d a c d
a a a
:B
A :(
)
E E
/
:
BD T a +C a +C DNS d +G a SSH + E ab SSH a !
1: C ca ! T aaa ! b d aaa d
d c a . b
ab a d.
SSH
a C c IOS
d. a
S
:
a
a (
a
).
d
.
a
S a 2:cC c d a a ! S 3: G !
d c a d ca ab c AAA a
dDNS 0 c dc .c c .c a a SSH
60 ca 4: B d a d ab d a d 04 SSH
a ! !
S T a
S
c :
://
.
#
E
I
W c
ca a
a
a b
d
SSH.
2 ' a SSH
.c c .c a
d
d
.
/c/ / a
T
/
.I d.
/d c /
81
c
a d a
.
c
S c
C
?
ca
c
,
/
c
/4145
a ca d, a da
c c a1.
a
A. B. C. D.
IP c SSH HTTPS ESP
C
:B
A :(
)
E E
/
BD T
:
SCP
a . SCP ca , b
a a S
c : E
://
I
Ac R
c ba, d BSD RCP S c S (SSH) da a a a c a dc
.
d a.
/
a da a
a c a a
b .
_c
82
SSL VPN D P c
A. E B. E
a a
C. D. R I b c C
/S c
c ,[3] c a d d a
c
RDP RDP2
c a b a a a
VPN a c
a c
aW d . W c ac
d
V
VPN a VP N a a
d
VPN a
ac d
ab
b
?
a
a
:B
A :(
)
E E
/
:
B ad A C
d
:B c
: 100%
:T
W a
a b ac a W d
ab
V
db
c RDP "c
a. T
c b
c d c c a b RDP2, a " c a .
a . c ca
BD + RDP + D 2
:T a :D c a W d 2003 T
Mc S
c : :// a /113600 E
W c
I
/c/ / / d c 00.
/d c /
c
a c
d
a
a ca
d
db
Ja a a d Ac Ja a RDP C T a S
/a a 5500
83
c
A. T B. T C. T
.c c .c c
c a d a c a b RDP c , P a S a d
?
XC . a da d . a
d
D. T
d
C
:B
A :(
)
E E
/
:
BD A d a
a c
ca a a DMZ a .A .T
d
a S
d c a a .A ca a da a , ca
c :C c O ca C E
I
ca
T T T T
I I I I I
C
ad d
a dW
W N
d
G d ,Z
d .F a , c dd a DMZ a ,a d ac ca b .A ac ca b , c a ca . d Pa
T
, .380
84
W a a A. B. C. D.
a c a db ac a
K K K K
E E E E
c c c c
K
a a a a
E c a c c c c
a IP
c VPN? (C
ab c a ca d da a c d a d a d c b a a
.)
ca
: AD
A :(
)
E E
/
:
BD IP
c
I K E c a (IKE) c a a d acc a a (VPN) . IKE a a d db I A ca a d K Ma a P c (ISAKMP) a d a a a a Oa a d S c K E c a M c a (SKEME). I IKE P a 1 IP c .I P a 2 a a a da c da a b a d IP c S
c :C c O ca C E
I
b c
d
2002::/16 2001::/32 FD00::/8 FB00::/8
C
:C
A :(
)
E E
/
:
B ad A C
d
:C c
G d ,T
I
K
E c a
(IKE) P
85
W c add A. B. C. D.
ca
: 100%
ca a
d
ca add
?
c , .123
S c c a .
,
: L ca
a
d IP 6 add
b
a FC00
BD T add +T b c b a +T b c a d P +T
b c c00::/7 c00::/8 a b a d acc 00::/8 d a db
d d d /8 d d .I a b a c IETF d /48 ,
d00::/8a a a ca d b a add
a
a
: db
a a
db
40
a a d
IP 4 d
a b
db a a a
ca
ca
a add b a
a
,
b
a
a
: d
. +T a +R D ba DNS. S
c : E
://
I
W a
a
db S
.
d a.
ba (DNS) /
/U
. (
d
6.a a)
d00::/8 ULA ca
b d
a d
_ ca _add
86
a
R
aa Na
b
(c
a
a
)#aaa
?% U
A. T
c
a d
B. T C. T D. T
c
a d a d a ad a d c
C
A :(
c
a
a
?
dc
a d
ac a
a a c
d
c a aaa
d"
d
c
"
a d
b a
c
d ,
db
c
:D )
E E
/
:
BD B
ca
S
c :
A. B. C. D.
://
E
I
S S S S
a a a a
W c
C
a
a
c
.c c .c
87
ab ca b
A
a a c
b
: AC )
/
B ad :Aa dC
/ d/d c /
db c
a
:
c /12_2/
aC c
c
A :(
/
a
E E
/c/
AAA
a
a d a ca a
c
a a a ad
/c
a ? (C
ad a a d ca
AAA.
/
d / .)
c _c/ c aaa.
C
d
c
: 90%
:S a
a
c
,
c
Ia
B
a
c
c a
.
BD S a T acc C a P c c
c c
S
c : E
ad .
ac
c
ca a ://
a
d
a
a d
c
d
a
acc
c
a
a
.c c .c
VLAN
T STP T T
ac
ca
/c/da /
a
/
da
ca
aC b
SSL VPN
.
/
/c
d
b a cc
ac
c
c ac
C
TCP ba
,
ca
a
a/
/d
c
/
. d
88
a
a
d
,
a
a
a c
c ?
d
a VLAN a d a VLAN a
d
:B
A :(
E
SSL VPN . .
I
I A. B. C. D.
a ad a c d a C a c a ca SSL VPN S a T
)
E
/
:
BD S
c : :// 24063.
:// a .c c .c
E
89
I
W c ac ? A. B. C. D.
P D D D
d
c
/
.c c .c /d c /DOC 25797 /d c / a c / a
/
c b
a
a
b c
d
d
c /24063
a
a acc
d
a
c
c
ca
d
c c c
C
/c/
acc acc acc
ca
:C
A :(
)
E E
/
:
BD A a Acc # ac # acc S
c :
b
/
:// cc a
L
a I
ac
acc
b
.c c .c a
.
/c/
/
acc / d/d c /
a /
/
c_da a_ac /c
a
/
3 /
c da a ac
3
E
I
W c
90
c
d
A. B. C. D.
TCP 4500 TCP 500 UDP 4500 UDP 500
C
A :(
)
IKE
NAT a b
d
c db
VPN a
a
?
:C
E E
/
:
BD T IKE NAT a d c S
c a:T a
c : E
UDP ac ca a NAT
://
I
.
d a. a
IP IP IP IP IP IP
C
c c c c c c
/I
_K
4500
ab
c
a
a
_E c a
91
W c A. B. C. D. E. F.
/
, a 500 IKE a d ESP UDP
a a a a a a
a
d d d d d d
IP
c a
db db
a d
d ? (C
.)
a a
ca ca c c
a ad ac
: BDE
A :(
)
E E
/
:
B ad A C
E d : B, c D a d: 100% :B a a
a
IP
a
a d ?".
c
,
d d
c a "W c
a
BD + IPS c ac a da d a + IP c
d
b db a c (
a a S
cab c d IP ://c :
)
a ad
a c
a d .
, a , c a a da a ( a a b a da a dT R D a a a d :T a a ddT d . ac ac a d a ac ad c d. T a a ,a d d c a c
.c://c .c . /c/ a /.c // d/d c /
_
c /
_c
/870 _c c /2 d0/ ._
c
/
ca ).A
b
. d a
/
d /
IP
cPG1.
G +I
cR E ca a (GRE) D c E ca a d, a IP ca a d ac . + IP c d IP c D c E ca a d d c , a c c a a IP c ca cc d a . S cc
c : a E
:// .c c .c /a ca _09186a008074 26a. d
I
d
IP
b c a
/ d/
c
a
.I
I
a
. IP ca
/
a , c ca b a
a c
c d a IP a d IP
: b
c a c a d b a c c b b a c.IPA c c a ac d c . IP c c a b
/
/
/
171/c649/
92
W c c A. B. C. D.
d
a d ca
a La
c
2
c
ac
a
a a La
3
ac ?
a
c c c
C
d d
a ca
:D
A :(
)
E E
/
:
BD T S
c c : a E
://
a d
.c c .c
/c/
a
ac L /
/
/d c / a
.
3
c
/
a
/41860
L3
.
I
93
W c TACACS+
a
ca
c
a
d
C c ASA a ? (C
.)
A. EAP B. ASCII C. PAP D. PEAP E. MS CHAP 1 F. MS CHAP 2 C
: BCE
A :(
)
E E
/
:
BD T
ASA 1.
a
ACAC +
ca
c
: A CII, A , CHA , a d M
CHA
S
c :
://
aaa_ acac . d
.c c .c
/c/
/
/ d/d c /
c
/a a/a a91/c
a
/
a /a a_91_
a _c
/
E
I
94
W c A. B. C. D.
IPS ca
d
a a
a a
a
?
P c ba d IPS A a ba d IPS R a ba d IPS S a ba d IPS
C
:B
A :(
E
)
E
/
:
BD A
a I /IDS c a a ba a d a a ac a d a .T c a a ba (a d d c , d ), a d c a d ,a d ac ba d a d a a a b a ba d IPS/IDS. T C c IPS/IDS a a c a d a a b a a
a a S
c :C c O ca C E
I
95
W c c A. B. C. D.
a d
a
c c c c
C
ca
G d ,A 1
IP a
a
c VPN
Ba
a
TCP d a a d d ba a a a a c a d a d ac , a a ab (ca d a a d c .
a
a
a .I 30 a 100 ), a d
d IPS/IDS, .464
aC c
?
a c a a
a c
c
ac
:C
A :(
)
E E
/
:
B ad A C
d
:C c
: 100% :C
a d
" a
"
IKE
a
1.C
a d
"
c"
a
2. BD A
c a
d
d
a
a
a d
c a c 10.1.1.2 10.1.1.1 MM_NO_STATE a S
c :
1
://
ISAKMP SA b
MM_NO_STATE. T
a
a
a
c
/5409
c
d.
.c c .c
c /c/
d 1 b
/
/
0 ,a d /d c /
a a c
/
a c
b a
ac .
d b
00.
E
I
# a
_ a
96
W a
a
A. B. C. D.
T c a c T d c T a T c c
C
A :(
IPS?
d a ac a a
c
ab
a ac
:D )
E E
/
:
BD ad
H
a ac ca S
a a
c : E
a ://
I
d
.c c
.c
a ac a ac .B a d a d a c
c
/a c
/a c .a
.T
a
ac
ab a c a
d
ac ,
.
? =1336425
97
W c
a ca ac
A. B. C. D.
Sa ac A ca Pac P
C
A :(
b
a
dd
c ?
:D )
E E
/
:
BD A ca a ,a d ca d b a , a La 7, a ca a OSI d . T d c ac b a a c (a a ) d c . B ca a ca / a ac b a ac , d a add a"b " ca , a ca a ac , a d .F a a, a ac da ab a a ca , a ac d a c a ca / b a a ac d c b d a .T a ca / a ca a b ac d c a a ab d c d. T a a d ac a a d c . S
c : E
I
://
.
Wa I a N ca D b
/a c /2255950/ a
98
W c A. B. C. D.
d.c
7? b
a
a /c a
1
a .
C
:D
A :(
)
E E
/
:
B ad A C
d
:D c
: 100% :T
"E
a
c
C c E
A
0 1 2 3 4 5 6
cd
b d Ic c a
d Da
:
"
E c A C ca E Wa N ca I a a
7 D E
I
99
d
b
c ?
B
A. B. C. D.
a
c
c
d
a
a d a
d
a
a ad
S Ma a S a P
C
:D
A :(
)
E E
/
:
BD a d S
d c
c :C c O ca C E
I
C
ca
d
R R L ca L ca
G d , Tab
SPAN
La 2 La 3 La 2 La 3 :C
A :(
)
E E
a a d d a c a
a
c
1 5 A ac M
100
W c A. B. C. D.
a d
c
/
:
c
?
a /
.W
d , .13
c c .
,
d
BD Y
ca a a a c a
L ca d Eac ) a + LI S c
a c a c
c d c . SPAN a SPAN a a a c A RSPAN d a c ac a c a a a : a c
2.
c :
:// /
E
I
101
W c
a
/
IP c
SPAN RSPAN a b c c d
c ;a c
c
dac a
a a
c VLAN a d
ac .
a
ad a a VLAN a d
c a
/ d/d c / a .
a a
V P P A ca C c C c
C
ab d
.c c .c /c/ d / c _2960/
a
A. B. C. D. E. F.
ad
VLAN b c a
a
c c
a
d
/ a /ca a
b(C
c ,
d
2960/
?
(a ca d a SPAN ac
d a
,
ad
a /
a
a ca
/12 2_55_ /
.)
c
NAT a a TCP c ca a a
b acc
: BDF
A :(
)
E E
/
:
BD T a
ASA a d d
T +P +P + A ca + E ab S
a a
I
C E
O O T T
.c c .c
A :(
a d ac a c,
b
/c/
/
/ d/d c /
102
d
c
acc
a
a
d
ac "
a
a
"c
a
:
( a ) "a a "
://
W c A. B. C. D.
a
A
c : E
c c ac a a d. T c c , ," a d d d
c d
c c d c a ad c d c a d :A )
NTP a
d
ca ?
c c
c
/a a/a a82/c
a
/
d /c
/
.
a ."
E
/
:
BD Y
ca c d c a ab NTP a ca , a ca c db a ca c c a d d a . S
c :
c E
://
.c c .c
a
/
I
103
d /
W c C c A. B. C. D.
_
/c/
_
ca c
d
c
c d
c ca c c c d. W a c c ca a d. d T c d a ac a a ca c c . NTP a ca d ab d b
c da
/
_c /
/ d/d c / _3
d c ca
a
c
.
#
/da ac
/
/5_ /
/
_ a a
/
1100303%0A
b ba acd a
a
?
Ada S c A a c E a S c A a c Id S c A a c W bS c A a c
C
:D
A :(
)
E E
/
:
B ad A C
d
:D c
:N
: 0% b
d
ac
.
BD W b ba d a c Ad a c d Ma a P c a da ca c .I c a ca c S c
c : .
E
W c A. B. C. D. C
A A A A
://
I
.c c .c
BD
/c/
/
/
c W bS c a a a . d c /
b ,
c
/ad a c d
da d c
a .C c ba c a d c , URL c , a d a db
a a
c
/a
b
104
a a a a a
c
c
d
VLAN a VLAN a VLAN ab VLAN c b :A
A :(
)
E E
.T (AMP) d c a
/
:
c b La La c a La
c
a
a
VLAN?
2 b adca d a a VLAN bd b 3 adca d a a VLA N bd a VLAN b adca d a 2 b adca d a a VLAN
a
ba adca
d
a
,
d d a VLAN (P a ) a .A a VLAN a a
LA
a
3c
S
c :
://
E
I
W a
a
A. B. C. D.
.
d a.
/
/P
b VLAN (S c da ) b adca d a , .
IP a
b
a d
VLAN
a _VLAN
105
d
C c
a da
d
ad d
a
?
S a1 S a2 MD5 Md1
C
:C
A :(
)
E E
/
:
BD T
MD5 F Va da a , add d C c IOS S a R a 12.2(4)T a d 12.0(22)S, a ad a ca c a MD5 a a C c IOS a a a ad d ad c . I a a ad a ca c a d MD5 a a a a d db .O c MD5 a a a d C cOSI a d d, ca a b c a d MD5a d db C c /
S
5
c : E
:
://
I
5
.c c .c
/c/
a
ca
E
/ab
/
c
c
/
a
ca
.
#11
a ac
b
a c a ?
ad
:B
A :(
E
/ a
U d c a L D c U ca R Pa F T S c IP S c G a d
C
.
106
W c C c A. B. C. D.
a
) /
:
BD F
a
ac , a ac a ac . I c d c d ac a , d ac . a d a IP
a ac T S
c :C c O ca C E
W a
I
ca
( RPF) ca ac b
I
d a ab , a d ac
a
C c D c
a
. G d , Tab
10 4 P
c
107
c
ac .W c d ab d ad
P
c
1 a ac ?
Da a P a
, .270
a ab d c add a ac c add
A. B. C. D.
D a S MAC add CAM ab VLAN
C
A :(
c
:A )
E E
/
:
BD CD c
a
ca ab a c a ac . S
c : E
://
I
ab VLAN. W d
d
d
c ,
c a
a a a ab , a
a a ac
.c
,add IP a a ac c
,
a
, ,
a ac
aD
(D S)
/2011/cd a ac
108
W a A. B. C. D.
a a
,a d ca
C c
dc
a
a
CAM
?
P c R ad IP c ad D a c c
C
:D
A :(
)
E E
/
:
B ad A C N d a
d
:D c
: 75%
: Acc d a a c D.
B ad' c
, c a "A: ad c ". B ca
aC c a
c
c ( a b ): /72846 a 2 c
:// ca 3
d a ,Ib
.c c .c d.
/c/
/
a CAM ca ab ba /
/d c /
a ac
.H a
"C c c
d"
/ca a
3750
BD U
@A E
c
I
.c
C. P
d
A. a
c
c a
.
109
W c A. I B. I
c
c ,b ,b c
d
ac a d a d
,a
I
a IPS d
c
a
a a a db
a
,I
c
?
d
d
D. P
c
C
,b
I
a d
a
:A
A :(
)
E E
/
:
BD F
a a a d d b a a c (a ac , ca c.) c a A IDS/IPS , a a ,d d ac c a a d a .F a a , d b a IDS/IPS a a a c S
c : E
://
I
I a
.c c .c a
A T A A
ca
c d TACACS+
a ad a . a c a
.
/12428821/c
aaa a a
a b
ca ca
C
a d d ac , c a d a a c
ac
d
ac
c
110
c cc
A. B. C. D.
/d c
a d ca
d
b d d ca ab ca daaba TACACS+
a
a
ca ? (C
b
d a .)
a
acac +
ab ,
c
d
: BD
A :(
)
E E
/
:
B ad A C
:Ba dC c : 60%
d
:T
a
D da
c .
B
c
W a
d d ba d
a
c ba
d
c
ab a a TACACS/Rad c
ad a
a d
b
c.T
C c d c ca A a
.S
: a
c
ca
TACACS
a a ,b
a d d
ca a d, d a d
a
b
abb d ad a a
a a c
C c d .T a ,
c Ic
a d a A Ia c
a bac a ac
c a a
ca C. ,
.
BD T c a d
I
d a
c O
ac
aO . , ca da aba a / a dc a dc b a d .T ac d a I aa d
a a
a
a c
dc
ca
d
ab c .S c d d d, c c
/ a
TACACS+ a d da
ca
da a a bac aa . ab . A a ENABLE. d,
aaa
C. I ac
U
a
c
d
(
da A a c
d )
a
a
c I
d
://
.c c .c
/c/
/
/ d/d c /
/12_2/
c
/c
a
/
d /
c _c/
.
W a c c a a TACACS+ . E
I
aI ERROR a ca
d
c d, . I d
c ca
acc a
ca
a
T
c
c
111
W c a A. B. C. D.
c
.
c
d C c IPS Ma a
E
10
?
SDEE S SNMP CSM
C
:A
A :(
)
E E
/
:
BD IPS c
d c
a
c d
c a
d
a a
. SDEE d d c S
c : _ E
W
a ca
:// _a c
I
a
a ca , DEE, c a c c
.c c .c c .
/c/
/
a
a
d c
a db
a
/ d/d c /
c
a d
a
. IPS c
a RDEP2. W a a d d a da d c RDEP2 a add dc c . /
/6 1/c
a
/
ca
d
ca b a
d /
a
c
c d
ad
a
c ,
a
a STP a
? c c
b d c
d
a d
D. STP b c C
:A
A :(
)
E E
/
:
BD F + +T +E S
c
a
d c a R
b
B
c
c c
c : E
I
d /
112
c
A. STP B. STP C. STP
/
d a IPS c d a a
:// a 113
a BPDU D
.c c .c
a
a d /
ad/7677
B c
a
(20
c), d
c
W c A. B. C. D.
add
a
a
db d
a C c ASA
a
a
d ?
S a c NAT D a c NAT O ad D a c PAT
C
:A
A :(
)
E E
/
:
BD
+ B ca S c
a
c : a.
E
T T T T
a d
:// .c c .c /c/ # 1102744%0A
I
/
a / d/d c /
a
ac IP add c
/a a/a a80/c
,
ca
a
/
ac PAT. d /c
_ d/
114
W c c A. B. C. D.
a
d a a a
d
HMAC
d
a
c
a d
a
a
? (C
.)
C
: BC
A :(
)
E E
/
:
BD I c a
a
,a d a c d (MAC) a b
ca d
S
c : E
://
I
W a d ca
.
d a.
a a ac da a
/
/Ha
a
ba
ca c
d_
c d (HMAC) a c a da a d a
_a
ca
c
c c c a
a c
a a
.I
.
_c d
115
d a
a d
a
a
A. B. C. D.
5 c d 10 c d 15 c d 20 c d
C
A :(
c a
a
a TACACS
b
?
:A )
E E
/
:
BD T c
a d
I
c
a d
c
S
c :
://
.c c .c
E
I
a ba c
c
a d .T
a
a
, d a
d, /c/
,
c
a
A. B. C. D. E. F.
EAP ASCII PAP PEAP MS CHAP 1 MS CHAP 2
C
A :(
5.
/
/ d/d c /
/12_2/
c
/c
a d/
c /
ca
c
a
d C c ASA
a ? (C
: CEF )
E E
/
:
BD ASA
+ A
a d.
ac .
116
W c RADIUS
T
a b
a F
a c
c
ca .
d
ADI
:
.)
+ CHAP a d M CHA 1 + M CHA 2 F L2TP
F
S c : aaa_ ad
/c/
T F
:// . d a a
/
IP c
/ d/d c /
a
cc c
c
.
/a a/a a91/a d 71/
a
ac
RADIUS
a /a d _71_
TACACS. I
a ca
,B
a _c
/
c
c a d
. E
I
117
W c c A. B. C. D.
.c c .c
L2TP IP c c
a d a
a a
C
a
a a
c
c c 1 a c c c c c c 1 a c
?
c
a
dc c
dc c
:C
A :(
)
E E
/
:
BD L S
a CLI
, aa
c ca , a a TAP MIB, a ab
c c c ca
c
a a ca a d .
acc
a
c c
dc
a d a dc
acc a a
a
a
a
c c a d c (SNMP) c
.
a a a d
#
S
c : E
://
I
.c c .c a
P c DHCP IP c ad D a c ARP
C
/US/d c /
/12_3 /12_3 7/ a
/
d / c
.
118
W c c A. B. C. D.
/
ca
a
ARP
a ac
? (C
.)
c
: BD
A :(
)
E E
/
:
BD + ARP
a ac a d ARP cac a ARP a c + DAI a c a a a da ac a d IP MAC add dd a ac . + DAI d a d a ARP da aba , DHC b d S
c :C c O ca C
ca
ca cc d. ARP ac a b d . T ca ab ac ba d da aba .
G d ,D
a
b ca
ARP a
DAI.
c c
aPd I MAC add
c ARP I
c
, .254
a ,
a
a
, a d d ca d ARP a b d
d
a
d
a
d
E
I
119
W c A. B. C. D. E.
a
ab
E d d acc E d d acc S a da d acc S a da d acc S a da d acc
a
? (C
.)
db ac d a a a b db ac d a a a b db ac d a a a b db ac d a a a b c add
F. S a da d acc C
acc
d
a
d
a
c d
a c
add
: BCE
A :(
)
E E
/
:
BD S
c : E
://
I
W c
.c c ab
A. E
d d acc
a B. E a C. E
d d d d acc d d d acc c d d acc a
C
/a c
/a c .a
? =1697887
120
a
D. E d
.c
d d acc
? a
a
ba
d
a
ba
d
a
ba
d
a
ba
d
c a dd c d ad
a
a
a da
a da
d
a
aad
cd a
c c
)
E E
/
:
BD S
c : E
W c A. B. C. D. E. C
://
I
.c c
.c
a
ca
CPP Pa Acc c P c C PP : AE
A :(
)
E E
/a c
/a c .a
? =1697887
121
c
/
c
c
:B
A :(
c
:
c
c
a
aC c
? (C
.)
a a
d
d
BD T +C
Wa
S c
C
a
c
Pa ): Y ca c
(C
a a
a
a cd
d
a IP add
. +C
a
+R S
c
(C ): T a d . ca
c :C c O ca C E
I A. B. C. D.
c CPU a
I
ca
a
a
G d , Tab
d a
10 3 T
dca
Wa
ca
a c(
S c
C
a C PP)
Pa
a
, .269
122
c
a
a aca d
a ac
d c
d
c
a a
?
R c a a c C ac Ga acc Ma a acc
C
:A
A :(
)
E E
/
:
BD R c a ca d c a a d d S
a c :T a
c :C c O ca C E
d c c c IP add a .T ab .
d IP add
I
ca
d
d d, a d
a
G d , Tab
aab ca a ,
1 5 A ac M
.I c
dc d
c d c
a
d , .13
123
W c .)
c
c
c
d
a
c
a
da a a
db
a
? (C
A. FTP B. SSH C. T D. AAA E. HTTPS F. HTTP C
: BE
A :(
)
E E
/
:
BD +S c T +F a SSH, S
S
( , ca c
H)
d ,
c :C c O ca C
a
H
acGUI) ( a a , c ca
G d ,E c
a T , a a a d c a CCP,
a CLI a
H
ac d Ma a
P
a
c ;
.
c
, .287
a
a HTTP b ca .
,
E
I
124
W a a A. B. C. D.
a a ac
d
VLAN
? (C
.)
V IP S c CAM ab D b a
C
A :(
)
: BD
E E
/
:
BD VLAN (VLAN). T a c : +I a a a +I a ac S
c a , d a ac d c a LAN b d a VLAN a ac a a ac a VLAN a acc a d a b acc b .T a a d VLAN a d . , a a ac a a c b a a a d c ( . .M VLAN R a P c , IEEE 802.1Q, D a c T P c ) a VLAN. T a c VLAN acc b a ac . , a a ac c c d a 802.1 ac d VLAN a a a .
c : E
H c A. B. C. D.
ac ba c c c VLAN
://
.
I
125
a
ad ?
ca
I I I I
a
c c c c
C
d a.
a a a a
/
/VLAN_
ab
d a c da c d a c d a c
d
a
c
c c c c
a a
a a a a
aC c A
d a d a d a
C
c VPN
c
a
ba c d d
a
b
d
a c
a
c
a
b
d
b
d
:C
A :(
)
E E
/
@da 2 D B
, B ad a ://
T c a T
:
c
.c c.. a
d .c c .c ab a d
c
a
c
c a
a da d /c/ / / d/d c / c c
a a c
c
a
d a d
a c
C ! /a a/a a93/c
a
c c b
a
a , a
d
/ c
/a a c
c /
a
c
c.
a
:
a
a .T a
:
a a a d
c c
ab d. T
c c
:
a a
c c
a
a a a S .. BUT, a
(c (c (c
)#
c a d d ab a D
D
ab
a
d c c c ab a
a
b
IF
URL ab
a
c
H
,
a a
a
d
Ta Ic E
c a a c )# b c )# a c
c
EVERY c c c a d da :
c
c
c
d ca
a
a C
c
a
:
U
a A
A
ASA1(c ASA1(c ASA1(c ASA1(c ASA1(c ASA1(c ASA1(c
c
a
a
a a a
a R , a d
c
a
a
d
,
c
../a a/a a93/ !!! ASA93
? da
a
c a a
d
c )d
a
c
db
D ,
??
..
acc
d BEFORE 9.3 (9.2, 9.1 .. a d a
c
VPN. ACTUAL c
a d
a d
)
d c a
!
a
a c . . : ??? :// a /100597 c a c
a
.c c ????/c/ c 00.??
/
/
/d c /
a ca
a : ??
c
a
c a
P b T A C c VPN C a d d ab d. S A C c a d Ma a (ASDM). I d c . I d ca
c
a
a
a
c
c c c a d ASA a c d b d 9.3 (9.4, 9.5, 9.6, 9.7 .. a d ab c a ..
a .O
Acc d c /a a 5500
b
a
c
c
a
a
c
:?/
c a
a
d
,c
a
c
c
a
.?? /c c /a a
/ a
c
a
c
c d a
a
da
a /c c a a a
c
:
)# c c c c c b
c ANYCONNECT_POLICY a b )# c c c )# c c d )# a SPLIT_TUNNEL )# d a 8.8.8.8 )# b )# a c c a a d
I d ca a C c c .. (b a a d..) ===================================================== BD O a ASA c c a a(c )#
.T
9.6(2) c G
P
c _S c
c I a T a
b
a Ada dc
S c a d d
a d
8.3 a d b
!
c
acc
/
D
c
E b c c a a(c
c )#
A d a c c a a(c
c
c b
c c a a(c
b
S c c c a a(c
a d
a E
a d c
)#
,
?
a
?
:
c
c
a
126
W c
c
A. T B. R C. B
)# a
db b a
I
c c
d c a d / a ab a ab
K D
I
a )# a
b
c
b
a a a
c
d
d
?
a a
D. O
a dc
C
c a :A
A :(
)
E E
/
:
BD D
d d
S
a a c :
E
c
2b.b
c C c C
a
I
O A. B. C. D.
://
d
:C
A :(
)
E E
/
:
B ad A C
d
:C c
. /2006/12/
a , a
c
a
d
a dc a . d
127
A ca P c A a P c AAA S a AAA S a dG
C
,b a
: 0%
P
a c
d
AAA ab
a d a ac a d
.
.I
ac
c
:N
b
d
ac
.
BD T
a
E
C. AAA S
I
128
W a a A. B. C. D. E.
SIEM
P a A ad C Sca a C c a da
C
a
a c a d a c a a d IDS d c c a ac c da a
: BE
A :(
)
E E
/
:
B ad A C
:Ba dE d
c
a ? (C
: 70%
.)
a
:Ca dDa
d
c
c,a dE
d
. I'
c
ab
A a d B.
BD S c +L a d +N a +C
I
a
E
add
c
c
a
d
a
c
d a d d aa
ac da a d ,ab a a d d c a . a ca , d d c a d ac
,
da b ca a d
a d, a
da
d
ca
c d . a d
.
S c : ac c E
a .
a d. c
a a
SIEM c
a c a a c c a da a a d
a a a a
+A c +R
Ma a
:// .c c .c / baSIEM_d
I
/c/da / G. d
/
/
/c
a
a/
/d
a b
129
W a a
a
a
a c ca
d
? (C
.)
A. acc B. c C. d b D. E. F. I C
: ABC
A :(
)
E E
/
:
BD A ca a c ca LAN ca +A a :P d / acc +D a :P d c ba d c c a +C a :P d a a b d S
c : E
I A. B. C. D. E. C E
://
I
.c c
/a c
/a c .a
c
c d
a
a dc
b
b
a a
ba d
a a
c
c a a d ac a ca dc c ad a acc ROMMON acc a a d
? =2202410& ? (C
: BC )
acc
N .)
d ca
b
c
=4
: acc
ca
d
a a
A :(
d
da
c
130
c W W W W W
.c
d
a d
E
/
:
B ad A C
d E
:Ba dC c : 90% I
131
W a a
a
a
A. U
a SSH c
B. C. D. E.
SNMP 3. ba d a a SNMP 2. ba d a a
U U U U
C
c
d
d
c
a a
a
? (C
.)
. . .
: AB
A :(
)
E E
/
:
BD B
SSH a d SNMP 3 E
I A. B. C. D. E. F.
I
d
c
c
132
c
a
d
RADIUS
RADIUS UDP c ca RADIUS c a d RADIUS a ca a da RADIUS TCP c ca RADIUS ca c ac RADIUS c a da
C
ac
c
d
TACACS? (C
.)
NAS. d a a
ca
a NAS. a
ac
.
, ca
ac
b
NAS. a
.
: ABC
A :(
)
E E
/
:
BD S
c :C c O ca C E
I
C
T T T T T T
G d , Tab
3 2 TACACS+ V
RADIUS, .40
133
W c A. B. C. D. E. F.
ca
a
d
c b DHCP
a ac
? (C
d a c a . d a dd a ac . ARP . ca acc d c . c d a ac b a DHCP add ca ca d a a .
.)
ca a
A :(
: ABC )
.
a
d.
E E
/
:
BD DHCP cc a a ac a d DHCP ( )a d a a a DNS , c , a a a b a ca c a c b ad d a DHCP c add c . S
c : :// a E
I
:// a
c d a a ab acc c
C
a, D Sb
.c c .c / ad/67229 /d c /DOC 24355
134
A da a b ac a d? A. B. C. D.
.c c .c
a d dd a ac . W a a a
a
cc
da d
c
a
da aba
a bc
d. W c
c
c
a b
a
:A
A :(
)
E E
/
:
BD C
S
d a da a a a
A. B. C. D. C
a
I
c ://
da a: da a da( , ca /
a
c :C c O ca C E
I
:T
ca
G d ,C
d
a a a
,I
ac c d, a d ca
,
, a d A a ab
; a d da a a ). C d a d a . , .6
135
a ac d a a ac .c c . .cc/ c
da
a
a
a a
c
c c a
c a
?
a c a c a ac :A
A :(
)
E E
/
:
BD P
a a a a d d c a .W d c c d a a c a a / a d . P c c a a a a a a a c c a a c d a ca .T a a a a da a, acc a b da a c a a ba acc
c c
,
d
a b .
a
c
,
S c :C c O ca C Tac c , .29 E
Y a d )
I
136
c c
a
a
ca
a d c da da aba
'
A. ad a c d B. a d a a C. d b a D. c a ac C
G d ,C
d
a
a c a6
, Tab
1 5 A ac M
aa a b a .W a a ac d d
d , .13; S c a E
CEO' a d c
a
a ? (C
a
: AB
A :(
)
E E
/
:
BD A A c T a S
(APT) a a d a a a, a a ab
ca b a
c :
://b
O
. a a b
a a I
S
a a
c : E
://c
I
a
A. B. C. D.
a a a a
C
a add d a ac
. d / d
c c
c
08/ a b
a d a a db a ac c ad a ca
a .
/ a a /2016/07/ c
, a a
a
d ad a c d
,
a a /
.I
a
ad
ba
.
_ a a .
d
a a ?
a a a c , ,a dT a
d c b
c c
a a
d
. . a d a .
b
da a
ac a.
:A
A :(
E
a , a
/c b c
d a ac a a
137
W c Ma Ma Ma Ma
.
.c
d, a ab .
)
E
/
:
BD Ma a ,
a c a , a acc a c db Y
a a S
c : E
W a
I
://
.
d a.
a , aRada /
a ac
a 1990,
d ,
a c
d d a
c a a
/Ma a
138
c a
A. a b c/ a B. a d c
d
a
cc a
a
c
b
a
da a?
d
d ad a c
a .[1] B
, a .
C. a RSA c D. a MD5 a C
:A
A :(
)
E E
/
:
BD P b c
c
a c
acc a d d c S
a ://
I
a
c
.
d a.
/
/P b c
_c
b .
W
c NTP
A. B. C. D. E. F.
192.168.10.7 108.61.73.243 209.114.111.1 132.163.4.103 204.2.134.164 241.199.164.101
a
:A
A :(
)
E E
d
/
:
a
a d d ,a d ca , c ,a d c ,b b c .
139
R
C
,
a
c : E
, a b d c :a
c
d?
b c
a
c
a c c a d a a d a d a
a
: .T
d ca
BD T +c
d a db d: T NTP c c c a b c db a / a d a ca d c d. + :T ca c + a d: T / a d. T ca c acc S R
c : E
://
I
140
W c
a
A. T a B. T
ac
/c/
/
/
a d. A caa
a
b : b d a
b c
/d c / /
c
c, a
/116161
b
. 00.
b .
ab c . c . c c
C. T D. T C
.c c .c
c .T
c
a
c
c
a d ca
c
c
a dca
a d ca ca
? d d
d c NAS
c
ab
c
c
c
c
TACACS
a , TCP 1645.
d a
a TACACS
20
a d d c
TACACS
ac
:A
A :(
)
E E
/
:
BD acac
a
T a c
[
][ d
). Ra a a ca , .T c TACACS a . S
c : E
W a
I
://
c c
c
.c c .c
/c/
c
/
][
a c c a dc a TCP c a a a cb ca a
/ d/d c /
/12_2/
c
][ (
c
a dC c S c c a d
/c
a
c
a AAA a
ca
][ a] R
a
ac
a d/
a
b c /
141
b
c
?
ac .
1.0.1
.
A. B. C. D.
U P U L
aaa c NAS c C c c a d
C
a d. c c d dc ,a d
. a c
AAAa NASa
c
ca ca
. .
:A
A :(
)
E E
/
:
# b
AAA c
(
BD
+
S
c :C c O ca C E
H A. B. C. D.
I
PEAP
c
c c a da a da
C
ca
ACS
G d , Tab
ca AAA
(
36C
a
ca
c
).
a dR
c , .68
142
d I I I I
A
123
)a d
EAP c a
c a c a
c dc dc
c
? c ca . c ca . ca , a d c ca , a d c
c a c a
c
c c
ca . ca .
:A
A :(
)
E E
/
:
BD PEAP
S
c a
a c a
c :
://
E
I
d a c c .
d
I a I I a I add
C
d a.
/
/P
a d c c d_E
d PKI c c ca ca .
b c a d a ' b c b _A
ca
_P
ca a
c a a ca .I c
c .I
TLS a
,
c
143
W a A. B. C. D.
EAP TTLS, ca a , d d TLS b aa d
EAP FAST 2
c d c a
a c
a b c ca b ab
d a
EAP FAST?
d c
a
EAP
c a
.
. ac
d
. a
c .
:A
A :(
)
E E
/
:
BD A a cc
a c ac
a
EAP FAST, a d ca , ISE
a
a a Mac
ad
a PAC
c
aU .T
PAC a d a Mac , c
PAC. A a
a
a
ca
, ISE
Mac 802.1X ,a d
.T EA
S d
c : E
H
I
d c
A. B. C. D.
:// c .
.
d.c
PAC a a a EAP C a /a c /2223672/acc
ac
a
cc
a
b
a b a
ab
ca d, ca d
". c
/
c
a
d
d
c
144
ad
c
a
ISE
c
d
a c
ca
d
d
c
a
?
ISE a d dc T d c a c ISE ac a a SCEP ISE ac ca
C
ca ca ab
a ca da aba c ac a CA d c c ac ca a A C
d
ac
a CA
:C
A :(
)
E E
/
:
B ad A C
d
:C c
: 0%
:N
b
d
ac
.
BD SCEP P W a a a T a d
C
a ,I E
d b d c .
, b
ISE
c a d
aS C d a OS, A d d, W d a a
ca
W A. B. C. D. C
I
c
, a d MAC, c a
ba
( CE ) .T d a c ca
, a d
/E
/B d
a d
ISE,
_N
/U
b ISE ISE. ca
a a c
d_Acc
/
145
a ad I I I I
P CA
S c : :// .c c .c /c/ / / d/d c / BYOD_D _G d /BYOD_ISE. E
E
a
a
ad ad d da
a a a d ada a
c a
ad
c
c
c
b
a d PIN c a
c d d
a a
a
a d c da a db dc .
da a a
c? dc a
a
da a.
.
c .
:A
A :(
)
E E
/
:
BD C c ISE a c a
c :
ad
c
a
.F
MDM Acc
d
d
,
+F W d c +C a + PIN L c S b_
D ac W L c
c : :// _ad _ E
I
d
d ,
c
a
a
R d
a
ca
a
a
c
d
MDM
c
c
.c c .c /c/ / / d/d c / c / /1 4/ad _ d /b_ _ad _ d _14/ d _14_c a _01001. # a _820C9C2A1A6647E995CA5AAB01E1CDEF
146
W a c
a
c
MDM .
a
A
C
c
a
a ca
ab
aVPN
a
?
A. a a B. C. a a D. T dN C
d D
c
:A
A :(
)
E E
/
:
BD Y
ca c
A
.T c
S
VPN
C
a
.T
c a d ASA, ASA a d c A. C c c a a ; , c a a
c
c : :// .c c .c /c/ d /a c c ad 30/ac03 E
W a
I
C
/ d/d c / . d
a
IP add
c
a
/
c ab ab
a
/a
c
_c
, a a c
A. I C
d
c
d c
ac .
c
c 30/ad
VPN c /a
a a
a
ca
a
a
D
acc
I
b
a
a
a
b c add
c
A :A
A :(
)
E E
/
147
c
A. NAT B. a C. T dN D. C
/
c
c
/
:
BD N
d ac ab IP add a a IP add c d .S , d a a a , c ac a d a a ba add
a a b IP c c I b ca (34.0.0.3) a .T a a , , b ca ac , a ad d add a dd c I b a acc a I , ad ac ca R1, a d c d d , R1 d IP ad a cadd IP add ba a ba add ( c R1 b a a , a a a ac a d
ba
add
,
add
I
d
ad
ac
bac
a a
d
?
R1). T
a
ba add
S c :C c O ca C .366 E
I
ca
db
c
G d , NAT I Ab
d R1 Hd
.
C a
T
Ab
S
c Add
,
148
R
b .
Y a c W a ac ca A. B. C. D.
a
d R1 a d R2 a a c c
Ed c Ed ISAKMP S a a da Ed c a
C
c c
,b b
R1 a d R2 c c
b
a d
a
ab
ab
a
VPN
.
?
ac . R1 a d R2 ac . ac add
ac . a
ac .
:A
A :(
)
E E BD
/
:
F
ba c d b a d b IKE P a 1 cc d, a + Ha a +E c a +D H a (DH) +A ca d: d c d a (PSK) d c a d d a c ca ). +L T
PSK
S
c :C c O ca C E
I
d
149
ad ca
:
VPN d
c
/ a
a
(
ca
,
)
:
d
VPN ca
a
67890 a d
G d ,T
d RSA
12345
Pa b Pa
IP
c, .124
a
(
.O c
a
b c
R
b .
W a
c
A. I B. I c
c
a
ca
a d?
a d
c
d
da
C. I c D. I c
c a
C
ca
c
a
a c
a
b
ac
a ACL.
.
MD5HMAC. a AES 256.
:A
A :(
)
E E
/
:
BD A a S c a S
a acc ab c b a c d a c. D IPS c c c a a c a da a c :
://
T d
.c c .c
a a
/c/
E
ab a
256 b AES
c c
c
/12_2/
/c/
/
/c
/
,
c
a IP a a c a
a
a d/
c a
/ d/d c /
a d a
c
b a a d. c
,a
ca
c /
c.
#
aa d
ca /
c
a
. (N
/a1/
c a1 c b
a
ac
c /
cc
150
R
b .
W
b
VPN,
d
c
a d. W a d
? A. B. C. D. C
IKE P IKE P IKE P IKE P
a a a a
1 a 1 a 1a 1a
d da
:A
A :(
)
E E
BD
/
:
1017694
.
MD5 (HMAC a a ) a
:// .c c .c 2590984165
I
/ d/d c /
a acc ba c
ESP E c Ta + a 256: ESP ESP A ca Ta + d5 ac: ESP S c : c3. #
/
c a .
a c a d 10.1.1.5, b a d a 10.10.10.2. cc a db 10.1.1.5 a d 10.10.10.2. d a c a d .1.1.5, 10 b a d a 10.10.10.2. d a cc a db 10.1.1.5 a d 10.10.10.2.
d d)
T A
ac a d. T c a ca . M IDLE
#
ca
Ma a
MM
A E
a
P a
/c/
/
c
(ISAKMP)
c a d (SA ) b b a
I
S c 1.
I
a
.
M ://
.c c .c
/
/d c /
c
/
c
a
c
/5409
cd b
00. E
I
W c A. B. C. D.
151
a
ab
Eac Eac P Eac
C
IOS
? c
a d a a d a c ac a
c c
a d a d d
a da a da
b ab
. .
. .
:A
A :(
)
E E
/
E
I
:
152
R
b .
U U U P P P P
a a a
E M H
D c c c c
6 7 9c 10
W c A. B. C. D.
9 a 8 a 6 a a
a ac
c
P P P U
a
c c c
C
a
H
A :(
)
d0c d0 ac d
9c 7 10
H
D
d
ac c
a
?
a a ac
D
6 a
d
:A
E E
/
:
B ad A C
d
:A c
:I a
d
c a
C a dA a acc .
: 100% a "H "c
ca D
a D "
c
c a
a ac"
a da
,b 6, a d
.T a 9,
ca
c d
a a H
a dD " ". D
A
,
d
a "P ad C c IOS.
.T a dc E
a d I
9
c a
a
.T
200
a d
?
,
a"
c c
"
a d
a a"
a
153
I
200 c
A. c ID B. a a ID C. ad a D. ABR ID C
c
d
a c
a d,
a d
a
a
:A
A :(
)
E E
/
:
BD E ab OSPF SUMMARY STEPS 1. ab 2. c a 3. 4. add 5.
a
a aa a d
d
S c : c . E
://
I
W c A. B. C. D.
dca d
.c c .c
/
/ d/d c /
/
/
_
/c
a
/12 4 /
12 4 b
/
154
a
P c Ca Acc R
C
/c/
C PP ac
?
a a c a :C
A :(
)
E E
/
:
B ad A C
d
:C c
:A
: 60% d a A
E
I
I c a a b? A. MAC B. a
a C c c c.
c a
.I a
b
ab
da
c
c
,b
155
a ac d
ARP
a ac
a
ad
CAM ab
a
c
a
c ac
C. MAC D. D S C
d
:C
A :(
)
E E
/
:
BD MAC add CAM ab . S
c : E
d :// a
I
a a ac c d a.c
/ d
d
.
a d a d aa
a
c '
/CAM_Tab _O
156
W c
PVLAN
A. c B. c C. a d D. a C
A
E
:(
E
a
a
a
VLAN
c
ca
d
c
a
?
PVLAN PVLAN PVLAN PVLAN :A ) /
:
BD T +P c a d
a VLAN a a : T c ca c ca a ac , c d c a d , a b c da VLAN a ca d c a da ca d a VLAN +I a d T a c a a a VLAN d a , c ca c ca a ca d c . +C A a a b ac c da VLAN. C VLAN a d a ca d c T ac a a d a ac c a d a a d a VLAN d a . S c : CLIC E
W a A. B. C. D. C
:// a
I
.c c .c G d /P
/da ac
/
157
a
a d a bac
I a b c b Ga ARP T CAM b VLAN 1 b :A
A :(
)
/
a
VLAN 1 a
a VLAN a ac . bab c d c a a ad d, c ab IP add .
E E
/c/ / / d/d c / c a VLAN . #42874
:
a
VLAN?
c
dd a ac . a. b
5000/
/c
a
/
d /c /
a .
BD VLAN (VLAN). T a c : +I a
ac ba c c c VLAN
c a , d a ac d c a LAN b d a VLAN a ac a a ac a VLAN a acc a d a b acc b .T a a d VLAN a d . , a a ac a a c b a a a d c ( . .M VLAN R a P c , IEEE 802.1Q, D a c T P c ) a VLAN. T a c VLAN acc b a ac . , a a ac c c d a 802.1 ac d VLAN a
a a +I a ac D (
a b
Ta
a ad b
a
.
ca VLAN) d
b d ' a aVLAN a c . D bTa ca b
+ 1 acc +C a a +E c a a . S
c : E
I
I (C A. B. C. D. E. F.
LA
VLAN a
://
.
d a.
ca ). ac
/
1 (T
" LA ". P d a ,a a ac ' a a db ac d a VLAN). . ., a a acc
a
d VLAN ID. .M b c
a
d
a
a c acc c VLAN a : VLAN
VLAN b a VLAN
c
/VLAN_
d
ASA
a
b
d HTTP GET
d
a
a
?
ACL a c d a c HTTP c NAT a c d a c a FIN ca a HTTP c a a ad a a TCP c c
ac
C
a VLAN
c
158
c
W W W W W W
d
: ACF
A :(
)
E E
/
:
B ad A C
d
: A, C a d F c : 100%
:T
d
a
c
c a
a
A, C, E. T
c
://
.c c .c
/d c
/11809846/a a 5505
://
.c c .c
/d c
/12473551/a a
A
, a d c a SYN ac bac b c c a . E
W c
I
d " a d "W ab
a TCP c
c.S
:
a a
a a
a c
a c
a Da dFa a SYN ACK ac ". T a da c
c c
c
ac d "W a SYN ACK ac ,
a c a
159
a c
a
a
a c
b
d
c
b
?
A. B. C. D.
Y Y Y Y
c
a
ca c ca c ca c c
a a a
, a a a
ac d bd bd bd
a a a a a a
c c c c
. a a a
a c a c a c
a a
. c
.
c
.
C
:A
A :(
)
E E
/
:
BD I
a
a a cb )a d a cb ac a d c c d a , c a
,
d c
S
d , .T c
c :C c O ca C E
I
W a
ac
ca
G d ,Z
a dW
W N
ac ),
d a .A
c a a c d a
a , a dd d c a
c c ) a .
d Pa
T
, .380
160
a a d
c
a c
A. U ca IP 6 a c d B. O BPDU a C. U ca IP 4 a c D. O BPDU E. ARP b d C
c ba d ( ac ac I ,a d a a a c c a d d a c c d ad ad a a ca a ( a c, a d a a c (
a
a
c c
a
ac
c a
d
ASA
ac
a
a
c
a c
a
c c
ac a ac a
a a
a ?
c c
ac
d
ac a ac
d
ac a
d
d d a
a
d d
a
a
d d
d
:E
A :(
)
E E
/
:
B ad A C
d
:E c
:N
: 0% b
d
ac
.
BD a
A
c
a ACL. ARP a c ca b d b ARP
I
c
.
d.
M S
ad c : :// . E
I
161
.c c .c
/c/
/
/ d/d c /
c
/a a/a a93/c
a
/
a /a a
a c /
W c
a
A. I c B. C C. A D. Y
ac
ab a ca
E
b
c
add
ac
a
a c
a
c
? ac
ac a db d a b ac
c a
ca ca ac d d ac
a a
c c
. .
.
:A
A :(
E
ca
.
a c a ca c
C
c
) /
:
BD B d a , ac . T c a ac ,
ac
a
ca
b
a
b
ac
a
c
ac
, a c
a c a d
c
, ba c
a a
a
db a c d .
a d
#
S
c :C c O ca C :// .c c .c /c/ E
I
W c IPS
162
d
/
ca G d ,T D a F / d/d c / c /a a/a a82/c
d
a
ac b
T a c, .422 a d/ c /c d_
/ 1.
?
A. B. c C. a D. a E. b a C
:A
A :(
)
E E
/
:
BD T
a
a c,
c d
B ca ac d W b S
ca
ca , a d b ca a d a (b ca ca a a ac b ca d .T a a IPS d, da a ac a
c :C c O ca C E
H
I
ca
A. V B. R
ca
G d ,D
163
d
c a a
a
a IPS.
IPS
.
a IPS?
a a a . ca d a ac a dd a a d a ), c c b d a .
c B
c
IPS a d IDS, .460
a c a
ac a
ac (IPS). a c, c
a
C. R D. U E. U
IPS c d a d a
a a
C
. a a
a d
. a
.
:D
A :(
)
E E
/
:
BD A a IDS d d a a S
a
,
, a a , .I ca a a b a a d, c a
c :C c O ca C E
I
ca
a c a
D. T c C
G d ,P
/N
a
,a d IPS/IDS
a )
a a a
c .
T
, .463
164
W a A. T d B. T d C. T c
a c a c a d ca (a a , a a d
ad
d
a a ac ac a a ac
cc a
a
a a
ac
a IPS?
a
cc db
d
ad
ac
a
aa
d
:D
A :(
)
E E
/
:
B ad A C
d
:D c
: 80%
:I
a
c
Ia
I a
dd . H
,
ac
d
d I a
c
c c
a .Ia a d b
d C,
c c
c a
D. E
I
165
W c S c d ?
c
A. B. C. D. E.
c
C
A A B c T M
c
:A
A :(
)
E E
BD
/
:
c
a
b c
a c
c a
a a c a
IPS/
A c A
c a c a a ,a a a acc c c a . c , a acc c c ,c a ac c d ac . Y ca c aa ,a ca c , d c a . Y ca a ca a c a acc c I ac B c .T c d acc c .
S
c :
://
d
d
E
H A. B. C. D.
I
POWER b c
C
a d a d a c d a a
a c
ad
ca
c
a a
c
a d a
d
ac
/
a d d
ac
,I ac a c a
A
/541/
a d
d
a
B c ,
d /a a
166
ca F I I I I
.c c .c /c/ / / d/d c / 541/AMP C .
ad a c d
a ac a
a
b
a
a a ad
?
a bad URL .
c . a
.
c
a
a.
:C
A :(
)
E E
/
:
BD A c A
c a c a a ,a a a acc c c a . c , a acc c c ,c a ac c d ac . Y ca c aa ,a ca c , d c a . Y ca a ca a c a acc c I ac B c .T c d acc c . S
c :
://
d
d
E
Y d
I
a a
.c c .c /c/ / / d/d c / 541/AMP C .
c
/
ad a c d
a a
c
a d a ac
/541/
d
ac A
c IP add
a
d
b c
.W a
acc b
ac c
ba URL
a
c
d
a
B c ,
d /a a
c ,b b
a d d
,I ac a c a
167
b
a d
?
a
A. E ab B. E ab acc C. E ab acc D. E ab E. E ab C
URL URL
a dc a a dc a
URL
a d
URL URL
a d URL ca a dc a a
b c
b
a
URL ca
a
a ca
b
a
a
a b c
b c
b
c
b b
c
a
a ca
a c a
a c a
c
a
c a a c
c
:D
A :(
E
a b ac a
)
E
/
:
B ad A C
d
:D c
: 100% :A
add
d
b c URL , a d a b ac
a a
a URL
d
a
c IP
.
BD Eac ca B c
d URL da aba a d a a 60 d a a a URL ca a a : a a c ba d URL ca Y ca c a a URL F ac URL ca a d a ac a c .Ta c a ac c URL .F a , b c a a b URL ca a URL a d a ac c c ( S C URL F a . Ma c a c ba d URL ca c c I a a c c b a c a c c ca , d add ca a ac c a c .F a , c d URL ca a d a aQ S c c a b a a ca da a d a. S URL Ca a a . B b ca ,a a d ac ba d c a S
b
d
c : E
://
I
c
A. B. C. D.
a
S F N F
. a a ca b
d
da a b c
a a
C
:B
A :(
)
E E
/
:
B ad d
.c
/d c
a
/70/ a
/ a
/
a
d
:B c
: 100%
a
da d a
a d
d aa
ca d a
c
d a a
) c a P
b /
a ac b b c b c ac b acc .
a c a ba d d c Ma c C
ca
168
W c
A C
URL
.T
da a?
.
a
:M
a E
d d
c I
c
c a
,b a
B a b
db
c
169
W c A. B. C.
d ca A c .
c
c
c
a
b ad
a
c
a
?
a ad a dd a
D. C
:A
A :(
)
E E
/
:
BD M c c ca a d a ab c a d T a a a : + GPG: GPG a ab c a d d W a d , Mac, +T b MAC OS X D U :D U ab c a c AES 128 b AES 256 b c . +T C :A c W d , Mac, a Ld . +A C :A W d c . +B L c : F + Ma L d . + MAC OS X F T a +S a cE d + PGP W D + McA E d +T dMc E S
d
c
b
Va a
a c a Ub
:S
E
I
d c
a
E c E c E c d E c
c :C c O ca C
c d d :A
(Sa B ca
a W d c
c ca
a
Mac OS X c
a
b
L d
d
.
a
. a :
)
G d ,E c
E d
Da a a R
, .501
170
A
a
A. c
c c
a a
c
a ac ?
a ac
B. DD S a ac C. ca D. W a c C
:A
A :(
)
E E
/
:
B ad A C
d
:A c
: 100%
:T
da
a b b
d ba .H
,
cI ad
ca
.
"
c a
DD S", a
c .
. GPG b c
a
c
d
.
b
, O
a .
b a ac
a a
XSS a d
a
c d
a ac
(SQL c c a a .
/b
), a d
BD C ab
c (XSS) a c a ac c c d c ab a b d b a ac b a
Sc
a
S
c :
A a a
ccaa
d 2007. ://
b
.
acc
d a.
/
a a ca a .A c d d b .
S
c : E
://
I
W a
c a
ba
A. I b c
C
84%
a
c
ca
d c .A
ba ca c c .C
a ab
d c
. XSS
db
_ c a c b ca d a a a b ca
a a
. c a
ab db c a
.c
/d
c a cd
ca
/
b a
a a .P
a c
a a
ac
a
171
b
B. I C. I acc D. I
d
/C
c a c
ac
c b a acc c
ca
a ?
ab b b a c.
a a
ac
a
ca
.
. c
.
:A
A :(
)
E E
/
:
BD AW bA ca F WAF d a d a ca a ac
a ( a a
(XSS) a d S c :
c
E
W c
I
c ://
.
d a.
E
A :(
a /
, , a d b c HTTP a c a a a WAF ab c a a a a b .B ca c a , c a SQL c
. /W b_a
ca
A
a c ca
_
a d c ,C
a ba ca .A c c b HTTP a c, ca S Sc
a
172
a ca d
C cE a S c a ac ?
A. c a a a B. c d a d C. a a a a a d D. a ba d IPS C
WAF) a a ba
:A )
a
a
ac
a
a d
E
/
:
BD S
a a
a a c a a a d a d a a d IP add c a da d T. c a b IP add a c a d ca a d c , c a a ca a a a ac d a a b . S ca d a a a a a ad d d a d a a a c a a . T a a ac a a a d b a d d a a d a a a d .L , a d a d a
a a S
a c :
c a ://
. . c
d a.c
,a ac
/d
d ab
a b ad a
/1713/ ,
IP add
a
a
c c ad IP
d
a
a ac
d b a a ac a .T A cOS 9 ESA a d a c da a ,a ca a a d a ac .
c
ab a
a cca
S
c : E
ca
,
d a
://b .c c .c a d a
I
/
c
d
/c c a c
a a a a d
c
a
a
ad
c
a
b add
173
W c NAT
a
b c
c a IP add
?
A. S a c NAT B. D a C. D a D. Id C
c NAT c PAT NAT :B
A :(
)
E E
/
:
B ad A C
d
:B c
: 100%
:A
a
d a c PAT, a IP.
ca a
ca
a D
c
a
c PAT
a
c
c a
add
.T
c
a
.W
ac add
b a
d
BD Add F
N
Ob c A ,
add
Ma
d Add a , ca c a
*D A : + Y ca a add ; c +T b c ca c a b ; a . +I a a d b c c a b a d a c NAT, a d P Iadd a *+ D I
aadc PAT (H ad ):b c , ca
a
c
a a
b c a b c
d add acc d
b c da a ;
a d IP add , d a a PAT a bac . a
add
. O NAT c .
a
ca
a d
. a
c
c d a
d
ac
a
add +I
. a ;
,a a
b c, (
b c a PAT
ca ) ca c d
* S a c NAT S a c NAT +I ad a b c , ca c NAT a a ). +I a b c, b c * Id
a
a
c
a a b a d a
; .
b c
d
a
,
(
a c
a PAT
: a
ca c
add
c
a
, a
,
b ac , b b c c, ca c a c a aadd
add
.a
ac add
b
.
NAT
+ II +
ad
a
S c : :// a_ b c . E
I
W c a
.c c .c #61711
/
/ d/d c /
c
/a a/a a90/c
a . a
/
d /a a_90_c _c
/
174
a add
?
A. IP B. d b C. d a c a D. NAT add
a
C
/c/
a
a
:A(
ad
a
c PAT
c
add
PAT
ad
): B
E E
/
:
BD T d a
d a da a a ,a d
b
d ab a PAT add a add / c d add
S c : :// a_ b c . E
Y a d d c A. B. C. D. E. C
.c c .c #61711
I
175
cc
a a' d? (C
c a ac P cV ad a c d d b a a d a a
a
: CE
A :(
BD
)
/
/
a ddacaba d a .)
E E
/c/
d b add b a ca d b ac PAT add ,a d .
:
/ d/d c /
a ca6
c
a
ca
PAT a .W PAT add b
/a a/a a90/c
.aaW aa ab
a
a
b
d d. T
/
b b, d add
d /a a_90_c _c
CEO' a ac
a
a a
b
/
A A c T a S
ca b a
c :
://b
O
. a a b
a a I
S
a a
c : E
://c
I
.
.c
a , a
/c b c
a add d a ac
. d /
d, a ab .
c
08/ a
c c
d a ac a a
a .
/ a a /2016/07/ c
, a a
a
d ad a c d
,
a a /
.I
a
ad
ba
.
_ a a .
176
R
b .
W a a A. B. C. D. E.
(APT) a a d a a a, a a ab
I I I I I
c
c c c c c
C
c
a a a c c
ca ca a
a d? (C
.)
AES 256. MD5 HMAC. AES 256. MD5 HMAC. AES 256.
: BE
A :(
)
E E
/
:
BD T d
a a
a acc ba c
ESP E c Ta + a 256: ESP ESP A ca Ta + d5 ac: ESP S c : c3. # E
I (C A. B. C. D. E. F.
:// .c c .c 2590984165
I
ab a
256 b AES
c c
b a a d. c
c a
/
/ d/d c /
/
aa d
.
MD5 (HMAC a a ) a /c/
c
ca /
c
a
. (N
/a1/
c a1 c b
c /
d d)
cc
177
c
ca ). a
ac
ac ca
C
A
E
:(
d
a
TCP c c d a c HTTP c a c a FIN ac ACL a c d a HTTP c NAT a c d : ADF
)
ASA
b
d HTTP GET
d
a
a
?
E
/
E
I
I a b A. B. C. D.
:
178
c
d
c
ab c
d
a
a
BPDU
c
d,
ac a
? STP ad L ad STP BPDU a d E c a ad
C
:A
A :(
)
E E
/
:
B ad A C
d
:A c
: 100%
:T *ANY* BPDU
a c
" d.
BPDU "
c
c a
. BPDU
ad
b c a
BD R
ada adb c c a d S
c : E
d ,
://
c a c a b c BPDU .
.c c .c
I
179
W c A
NAT
c
a
/c/
/ c
/ d
STP a a a aR c.c
d cc
/d c / a
/
c
c d a a
a
b c d
.I d
c
c /10588 74.
?
A. D a c B. D a c C. S a c D. S a c C
:C
A :(
)
E E
/
:
BD A ac c db ASA a a a da a NAT ab . T a a a a (S c 1) a d d a NAT a c d. O c a NAT a c d, a NAT c c a d NAT c a c c da a ac . +S c 1 Ma a NAT c :T a c d d c a a c a +S c 2 A NAT c :T a c d ba d NAT ( a c d a c) a d ( b a ) b c. +S c 3 A a a a NAT c :T a c d d c a a c
a
.
a .
d
S
c : :// a /116388 E
Sc
I
/
/d c /
c
/a a 5500
a
180
a
G N C O
.c c .c /c/ / c a 00.
add d ASA c
a c a
c
a d .
da a ,
ASDM
a c c : , ASA c a a I d a d DMZ acc a d .Y a ASDM c ASA a a a DMZ .T O d d 209.165.201.30 b c IP add HTTP DMZ . C , ASA c ac a ab a ac . Y a a ASDM ab ASA d a bac ASA. O c c c ASA c a a b c d: Y ca c c ://209.165.201.30 O d PC b . Y ca O d ( .c c .c ) b d PC c a d a , .c c .c .
add
T acc T acc T acc
ASDM, c c F B C a d
N : A a c c a . N a ASDM c a c ASA I
acc
a
,
ASA c
a
da a . O d PC c I d PC c
O
d PC, c c d I PC, c c
c a
ASDM,
ab d
a
b ,
ca
d
HTTP c c
a
d
a ab d,
c
a d
. ASDM c
a
a d
c
.I
da a . da a .
c c A c
O
ac
a ASDM.
d
A. B. C. D. C
A :(
: )
E E
/
F F
a a a HTTP acc
,
:
a d
. c a a NAT b c . H
I ca
d
HTTP b
ca b
a
a
.
T
,c a
a
a
HTTP acc
:
Y
ca
d PCHTTP
209.165.201.30.
=================================== F , b ab d ,
d
a
c
c
b
:
A d
c
c
ICMP b
a
b
,
A
.
A
a
d
,
ca
.c c .c
a a
:
E
W c A. B. C. D. C E
R A T M
I
181
c
a
a a
c
A :(
)
:B
,
,
da a
a
ac
a
?
E
/
:
BD T
a
ac
C c O ca C
S c :C c O ca C .3 E
I
G d , Tab
G d 210 260.
11 D IK
T
A
ad ? S c
Q
Ma
,
182
W a
c
d c
c d
A. B. C. D.
a a
F S N H
ca
ca
a
ca
a c
a
c
a
?
A IPS IPS.
C
:D
A :(
)
E E
/
E
I
183
W a c A. B. C. D.
:
a dc
c cd b adca a
C
d
a
c
c a
a IP add
?
.
:D
A :(
)
E E
/
:
BD Ib
a
a c
a d .
T C c IOS a ARP (a d d RFC 1027) d d a add b .F a , ARP a a a ac a ARP a ac , a a ARP da a add .T a ARP d ac d d .P ARP ab d b d a . (
S
c : E
W c A. C B. C
E ab
)#
://
I
.c c .c
/c/
/
ARP
/ d/d c /
/12_2/ /c
184
a
ab ca ca
c a Ha
ca a `
? ca acc
. .
d c
a
d ,a d ac , c
a a ca ad
ac . a
/
d /
_c/1c
ad .
#
1001233
C. C D. C
ca ca
C
Ha Ha
bd
a
.
b a
:A
A :(
)
E E
/
E
I
:
185
W c A. B. C. D.
c
b c
a c ba
d IP?
S a Ba d P c Ba d A a Ba d R a Ba d
C
:D
A :(
)
E E
/
:
BD Acc a d
c .R
a
acc c dc d a a
ba
,b c +A
ca c d d d a a ca ca ,a d a . + URL c d a a b T
a ,b
a
d ca
POWER d ca acc c .F U S c I ac c I P P a a a d
S
c :
://
d E
d I
186
W c c
a d
.c c .c /c/ 541/AC R ab
a
E
A :(
:A )
, a d
a c a
a
c c c :
c c .
a c c a c ca a . Acc c
a a a a ,
ca ,b
b a c ba
a ba d c ,b a , : c IP Add R a a d a a a d . a c a d c , ac , ,a a b d .
/ A
/ d/d c / c / URL R a . ca
A. a ca a d B. 192.168.10.0 0.0.0.255 a a 0 C. a a 20 a ca a d D. a d 1 d5 CCNA C
a c
a ca d ba d c : a ca c , a ca ba c c a ac URL
a
ASA F
+ B ac a +T a
c acc
/541/
?
d
a c ba
d
a d a d a c ,
d d a d
c
a c ba
d
,a db c d /a a
b
,a
E
/
:
BD T
b
c a d
c U a
ab
.B OSPF a
a d ca c d,
ca c
20
MD5. a d
c
a a a
c
d. I d
ab
MD5
a d.
ac G ab E 0/1 add 192.168.10.1 255.255.255.0 a ca a d a d 1 d5 CCNA S T
c :C c O ca C ab d .T
a
ca a a c a d.
a aa a da a aa a da R ad S c : A S
://
a c : E
I
ca
[
a
d
[
.c c .c
a
/c/
d : ://
R
/
a aa a a a
ca c
a
A
ca
c a d da a
OSPF, .348 c c
a
a ,
] d
]
/ d/d c /
.c c .c
U da
/12_2/
/d c
/c
/22961/
a d/
a
c /
_ /1
d
d d a /
.
ca
187
CIA
C d I A a ab Sca ab
C
G d ,I
a OSPF a a, ca c ca
ca
W c c A. B. C. D.
ca
ad
a
a
da a
c
a
?
a
:B
A :(
)
E E
/
:
BD I C S
:I da a
a
c :C c O ca C I
188
W c c
E
a d
A. B. C. D.
da a a a
ca a ca a ca a ca a
1(c 1(c 1(c 1(c
ca
a c a a a da a G d ,C
1 )# )# )# )#
a a a a
ad
da ada
d
a
ab ,d ab , 1 1 1 1
b a
.
0 c 1 c 2 c 5 c
,I & cc 1 a 1 a 1 a 1 a
, a d A a ab a d ?
, .6
.
C
:A
A :(
)
E E
/
:
BD T
d
a d
a
,
c
a
d
a
T ab
a d
.B d a
, a
c
a d
: 0
+ + +
I c d 1 N a 15 I c d
S
c : E
:// .c c .c acac /23383
I
C
/c/ .
/
,
/
, c d c
;
, ,a d a c a d a
/d c /
c
/
c a d . a d a # .
>
a acc
acc
c
. c
189
a d
a
ca
1
d
c
.
A. I ac B. c C. ba D. ab C
A :(
)
:A
E E
/
:
BD U a
c d,
ca c
a d
c c
a a a
d. I d
ab
MD5
a d.
ac G ab E 0/1 add 192.168.10.1 255.255.255.0 a ca a d a d 1 d5 CCNA S T a
c :C c O ca C
ca
G d ,I
R
F 2C
ca db a
a cA ca a a OSPF 2 ac b HMAC SHA a c , ca c a a c a
U da
I OSPF 2 c a d
c
d
D D D D D
c c c c c
a ac G ab E a ca d
S
c :
> ab #c (c )# (c )# (c )#
2c
://
a a da
.c c .c a
.
/c/
c .Y
/
/ d/d c /
a
ca
c ca
a c a ca a OSPF 2.
a
c
c a , a MD5 d.
0/0/0 c a
A
OSPF, .348 OSPF ac c a a b d
1 /
/
_
/c
a
/
3 /
3 b
/
I b E
ca I
OSPF a d OSPF 1
a
ca
da
ac
190
W c
OSPF c
a
b
d
MD5 a
ca
?
ac G ab E 0/1 add 192.168.10.1 255.255.255.0 a ca a d a d 1 d5 CCNA !
65000 d 192.168.10.1 a a 20 a ca a d 10.1.1.0 0.0.0.255 a a 10 192.168.10.0 0.0.0.255 a a 0 ! A. a ca a d B. 192.168.10.0 0.0.0.255 a a 0 C. a a 20 a ca a d D. a d 1 d5 CCNA C
:C
A :(
)
E E
/
:
BD T
a
ac
C c O ca C
S c :C c O ca C .342 E
I
C
a
I R R R
G d , Tab
G d 210 260.
13 1 D I K
T
A
ad ? S c
Q
Ma
,
Q
Ma
,
191
W c A. B. C. D.
ca
ca
ac
a c c c
a
c
(OSPF, EIGRP) (OSPF,EIGRP) bc ac a ( OSPF) cb
MD a
b c d; c a d; c a EIGRP OSPF b c d; ca d; c a OSPF
ca
?
OSPF EIGRP
:C
A :(
)
E E
/
:
BD T
a
ac
C c O ca C
S c :C c O ca C .343 SOURCE:
://
TAB T c> D c a ad
ca
.c c c a a ad) <
G d , Tab .c "R
/
c
G d 210 260.
13 1 D I K
/cc a da
ca
c c(
T
210 260 dOSPF)
A
ad ? S c
ca c b c
d 9781587205668 (U da d;
c a
EIGRP"
"R
c E
I
ac
a
OSPF
b c
d;
c a
EIGRP"
192
W c
NAT
a
b c
c a IP add
? (c
)
A. d a c NAT B. d a c PAT C. a c NAT D. d NAT C
: AC
A :(
)
E E
/
:
BD Add F
N
Ob c
Ma
A ,
add *D +Y +T a
.
+I a d a
a d c NAT, a d
d Add a , ca c a
b c
ca
c
b c c
* Id +I
; b
a
c b c
;
a b P Iadd
a
a
d add acc d
. O NAT c .
a
a da a
a
. ;
ca
a d IP add , d a a PAT a bac .
a c
a
ca ) ca c d
* S a c NAT S a c NAT +I ad a b c , ca c NAT a a ). +I a b c, b c
a
c
a
add
a a b a d a
; .
c d a
d
c b c
a d
ac d
a
,
(
a c
a PAT
: a
add
ca c
a
c
, a
,
add
.
ac add
b
.
NAT ad
a
+I
a
S c : :// a_ b c . Acc d b E
b c , ca c
b c, b c .c c .c #61711 A
a a c a add
/c/
/
/ d/d c /
b
c
a c
/a a/a a90/c
c a
. Ma b C
. I
193
W a
C
b c
A :
* D a c PAT (H d ): +I ad a b c , ca add . +I a b c, b c ,a a ; ( a PAT
A. B. C. D.
a a
a PVLAN
P C E I a
c
A
:A
a ca c
ca
a
a . a
c
/
c b ca
d /a a_90_c _c a
/ a
:(
)
E E
/
:
BD +P
c a ac a ca d +I a d A a a ca d +C c S c : CLIC E
c
b
c d
c c
a d
a
:// a
I
a VLAN. T c ca c ca a d a d , ba c da VLAN a da ca d a VLAN. a b a a d c da VLAN. T a c a
c Ac ca
a
VLAN d
a
a b a
.c c .c G d /P
c
/c/ / / d/d c / a VLAN .
c
a ,
c
a
ac VLAN a d a
/da ac
ca c c
ca d
/
5000/
ca da VLAN. C c
/c
a
/
d /c /
194
c a A. B. C. D.
A ,
a d TCP c
c
a
( c 2)
.
SYN RCVD C d SYN WAIT RCVD
E. SENT C
: AB
A :(
)
E E
/
:
BD TCP F S a Mac (FSM) S a , E a dTa + CL ED: T d a a a ac c c a b T a ca d c a a da d. + LISTEN + SYN SENT + ECEI ED: T d c a b c d a SYN (c c SYN. I a a ACK SYN c c + ESTABLISHED + CLOSE WAIT + LAST ACK + FIN WAIT 1 + FIN WAIT 2 + CLOSING + TIME WAIT S
c : E
:// c
I
d .c
/
/ _TCPO
a
aO
c
ab
)
a
c
A. B.
c c
b b
C.
c
b
c
a d
a
c
b
a d ? (C
a d
.
TCPF
S a Mac
195
W c
b
a
aa
.)
F 2.
.
D.
c
C
b
a : BD
A :(
)
E E
/
:
BD T
a
ac
C c O ca C
S c :C c O ca C .276 E
I
ca
C
T a P S Ra
C
G d 210 260.
11 1 D I K
T
A
a a
S
c.B
a
ad ? S c
Q
Ma
196
S c A. B. C. D.
G d , Tab
ca
2
LC a : BD
A :(
)
E E
/
:
BD T a +C +W + Ma a d a +L cb b + + Bac d +E +D ad +S a +K +R + S
a I E
I
a c
a :
a
c : C c O ca C
I
ca
ab Ba dD c
G d , A a db c
a dA Aa dDa .
c
a c dd a a d a d . b a IT aa d a d(
.
, .498 a
197
W a
a
A. Ga B. C. a D. Wa c C
c
A
ca
acc ab acc
:C
ab
d
a
d
)
ab
c
a a
,
:(
)
E E
/
E
I
:
198
W c
d(
A. B. C. D.
4500 4500 500 500
C
A :(
d) b
d a
VPN NAT T
a
ab d
ac ac
d
c
ac
:B )
E E
/
:
BD NAT a d c
a:T a
S
c :
A S
a c : E
://
ca .
d a.
d
I
/
IKE a d ESP /I
_K
UDP
4500
ab
c
a
_E c a
c ://
.c c .c
/d c
/64281/
d
a
c
199
D
H
a
A. B. C. D.
IKE IPSEC SPAN STP
C
a NAT.
c a
:A
A :(
)
E E
/
:
BD S
c : E
://
I
.
d a.
/D
%E2%80%93H
a _
_
c a
200
W c
W b
A. b a B. b C. ba a D. b a E. C
/
A
: AE
a
b ba
d a ac
(
a )?
a
:(
)
E E
/
:
BD c
.c
" " ============================= I a D c I P C c I
c.A
Aa I
d
O b a F d a c ca a , c b b a ac . R a d a a a 14 ad S d Ba , d' a a a d b a c C c I P S d Ba N ca da a d. S
P
c : E
://
I
.c c .c
c
/
d c /
a d ca
c c c c
C
/
c
/
E a
d
a a a a a , 120,000 c b
c
C c
b a
.W a
dadb ac
a
c
a
. d
a c /
a a
a
b a _
c
.T d
_ d
.
a
201
W a A. B. C. D.
/c/
a d
ab
a c a
.
c a a
a c a
:A
A :(
)
E E
/
:
BD T
#
I
# #
a d
: 345, # : 366, #
c
a
ac
E
I
a
c /c/
D. DES
/
b
0 0
da dd c /
c SA b
db
/d c /
IP c
c /
. c
a
c
/5409
202
OAKLEY a d SKEME c
A. ??? B. IKE C. ISAKMP
IP
: 345, # : 366, #
S c : :// .c c .c d b 00. # c_ a W
c
a ?(
a
a
d ab
SAKM d I
c )
c
C
:B
A :(
)
E E
/
:
BD T
K
a
T
c
I
S
c :
a c
D
c a
a ac
a ://
a
c
d b H a OK. a c .
d a.
/
/Oa
a c
1998, a d _
K E c a ) a a c a da d a c a a d b a IKE, b IKE a c IPS c b IPS c a da d. IKE a b d c c a d I S c A ISAKMP, ,a d
c D
aa H
a ca d a a c a a
d
.
d
d
c
IKE (I
A
S
c : c a E
W a d
://
I
.
a
c.c
/
c
d c ca a d c d add a ca a K d
c
IPS c a da d. IPS c a IP IP ac . IPS c ca cb d a a , b ,a d a c a Oa c a a dS Ma a P c (ISAKMP) a . IKE
_
/
a /d
.
?
=&
d=
203
A. B. C. D.
Ha b c C b c N b ???
C
A :(
a
:C )
E E
/
:
BD I c I a E c 1.1579 S
a
,a a ' b ( b ) S a da d (AES) ca 1077) b .
c : E
://
I
d a.
ac
a /
/K
c _
a b dc 28 256 b ,
ac _(c
a
)
204
W c
a ac
A. D a B. C. a D. C
.
ac
,
A
S
c
:A
d
c da a
d
c
:
a 256 a
a b ac c
. . Ad a c d a 2256 (
:(
)
E E
/
:
BD a
D
d
.A D
a a ac d add a
I
a ca d c c d b a ac c c d
a a a
a d c a. U ca . U ca a ca a ab I. c add , ac c d d bad, a
c :C c O ca C E
d , ad ca d .T
c , a a acc ac , a d ac c
a a S
c a d c da
ca
G d ,B
P ac c
C
acc a ba a
a
B
c a a
d
b
c c IP
ca a c IP add a c d ac b ab d, a d d d.
IP 4 a d IP 6, .332
205
W
c
c
A. B. C. D.
IPS c IKE C ca a Da a c
C
A :(
d a
c,
d
a
a da
ca
c
c IP ac
a La c
a da d
)
:A
E E
/
:
BD ac c [IP c]). IP c a d HMAC, a d ca , a
I
S c a a S
E
I
d b d
ca
a
a
a
3(
c a , da a a d (PSK) a
d. G d , IP
c a d SSL, .97
206
c
La
MAC CAM ? ?
C
a da c
a a
c :C c O ca C
W A. B. C. D.
c d
2 a ac ca
c
a c
a
d
d
?
.
:A
A :(
)
E E
/
:
BD Ed : I' C c
c
d
a da
c
b A. MAC IOS ca
dP
S c
a
. a
a La
2 CAM
IP
a ac . P S c MAC add b c I a ac d a ac S
c : E
aC c c ab c c a d a a d a ac ba . T a c a d a a c MAC add a ca b a d a d a ca d d d a c . a b adca MAC add a a a ba CAM a ac , P S c d c ac
://
I
.c c
.c
d
(
d
a b
a
d
ac ac
c c
C
/a c .a
? =1681033&
N
=2
207
I ad A. B. C. D.
/a c
b c
a b
a d
). T
a
a
a d
ac
:
b a
a ac
.
:C
A :(
)
E E
/
E
I
:
208
H
a TACACS+
A. SSH B. C. D. c C
?
d c a d a d c ab a d c ASC a d d c
a d
:A
A :(
)
E E
/
E
I
W a a A. B. C. D. C
:
209
c a
M D ? ?
ac d
d
ba PS? dI
a a
c
: AB
A :(
)
E E
/
:
BD Ad a a aa
HIPS: T c
cc
a ac
b
ca
a a ac ca b a a a c
ad a
d cc
d. A a
IPS c a
d a
a ac . HIPS d b ca a c L
a a
ac c
d
:T
HI
ab
a .I
ca
a
a ac a ab T a c a c
. a
a
d a bac
HIPS: : B ca
+ HIPS , HIPS a d c c ac . + HIPS a a .T S
c : E
://
I
W c A. B. C. D.
.c c
c
a acc a
HIPS a c d a
c
: HIPS a
.c
/a c
d
a
d
? =1336425&
ca
a
d
a
/a c .a
a
N
.
=3
210
a
ab
c
I c a da T c a c AAA a a T ab _15 c
C
L (TTL) a ac d, HIPS a acc
a da
a a d d a ad d
a
c
a d
d, a
a
b
c
c
?
ab d
a c c d
c ba
c c a
a
a
d
c
c
d
a da
a
:B
A :(
)
E E
/
:
BD T
ca c ac ,
ac a
T a
d
a d acc
S
a
c ca a b a a da d ACE a
ac c c
c a O c a
c
a
a
ad c b
E
W a
I
c
/ d/d c /
a b ad
:C
A :(
)
E E
/
211
c
A. a d a B. dd a C. S a D. F C
,
c : :// .c c .c /c/ c /ACE_c / c d .
d cd a ba . T a d. Y ca c cc . T ac ca c a d c , c c c
a c
c
/
:
a
d .C
ACE ac c ac c
c a ad
a ca a
c ac
_
ID, a . c
c d
/
c
_
d
c
ac a
ba d c cc
,
a d c a c a a a acc . /ac / A5_1_0/c
, a d/
E
I
W
212
c
A. ? B. a C. ? D.
c
ba
c
c
TCP a d
ab d a ac
a
a
c :B
A :(
E
d
d
ca d
C
d
)
E
/
:
BD a c +a a cc a ac +a a cc + c a c a + c S
d
a
://
I
c
d
c
c
.c c .c 541/I
/c/
PVLAN a
C I a d P c S a
C
c
a c
c
a c a a
a da
ac
c
a a c a d a . ac a a c.
/ / d/d c / c / T a D c .
PI add
c a ac , d ca
c : a SYN d
,
a
d ca
add
C /I
c
/541/
a
a
d
d /a a
213
W c A. B. C. D.
d ba
. Ra c
ac a c c IP add add ac a a c a
c :
E
a a
a
a
VLANc
ca
c
?
PVLAN PVLAN PVLAN PVLAN :B
A :(
)
E E
/
BD T +P c a d +I a +C
a T
:
a VLAN T c , a b VLAN a c
ca c
T a S c : CLIC
a
:// a
.c c .c G d /P
: ca c c da
a Ac ca ac a a d VLAN d a .
a
a ca d a
,
c d
c
a d a da ca d
c a
a
VLAN d
a ,
c
. a
a
ca a ac VLAN a ca d
a b c ac
/c/ / / d/d c / c a VLAN . #42874
/da ac
ac VLAN a d c /
c da a ca d a d a 5000/
/c
VLAN. C c a d a
/
d /c /
.
E
I
214
W c A. B. C. D.
c
c
a
b adca
a
M dd a Ha d a S a F
C
:C
A :(
E
)
E
/
E
I
:
215
T
a
A. B. C. D.
Ba a F E c F O b a F ?
C
A :(
d
c
d
a
a a
:C )
E E
/
E
I
ca
A. B. C. D.
d
T N ? ?
C
:
216
SSL c
a
db C
d
:A
A :(
)
E E
/
E
SYN A. B. C. D. C
?
I
:
217
d a ac
a
R c a a c a ac D a S c a ac S a ac Ma dd a ac A :(
:B )
?
ca
A
(CA) a ?
aac c
d db ?
E E
/
:
BD A a a S
a ' a
E
://
I
c
A. B. C. D.
.
d a.
b
C
d acc
SYN
a
/
/SYN_
d
218
a dd b
T ? ? ?
c a a ac c
c
a c.
c :
T
a ac a a
c
a
?
ISAKMP (P a
1)
a
b
:A
A :(
)
E E
/
:
BD #
T
a
a
d b
c
a
c
a d.
c
SA a ad. a ID = 0 ISAKMP a a a 1 c 3DES SHA d a 2 a c d d a (ba c) 240 a a acc ab . N a ad 0 c KE a ad. a ID = 0 c NONCE a ad. a ID = 0 c ID a ad. a ID = 0 SKEYID a a d c HASH a ad. a ID = 0 SA a b a ca d c SA a ad. a ID = 800032287 C
C
c
a
E c E
) I
IP c P a c
D. Sca ab
a
.Y
ca
HAGLE (
Ha
,A
da a a
?
.
219
W c A. C d B. I C. Va ab
1
c a
a
da a
cad
ca
, DH G
,L
,
C
:B
A :(
)
E E
/
:
BD I C
:I da a
S
da a a a
a
c :C c O ca C E
T A. B. C. D.
I
220
a
c
d
a c a a a da a
ca
G d ,C
a
a
ad d
ac
da ada
b a
d
d d a /
.
.
a
a
,I
, a d A a ab
c
d
c
, .6
:
R c a a c S a ac S ca E D a S c
C
:C
A :(
)
E E
/
BD S ca T a a ca a d c a S
:
b ca ,d c , a ac a b a , .S ca
c :C c O ca C E
T
I
Oa
A. B. C. D.
a
a
): c ca a ca
( a ac d c c
.I
) ca c a
ab a
c
(da a, a a , c db d a a ac a .
a c .T aad
b d
G d , Tab
1 5 A ac M
c
d , .13
221
c
a
c
c
a b
a a
c
?
IPS c ISAKMP P c ?
C
:B
A :(
)
E E
/
:
BD IKE (I
A
K E c a ) a a c a da d a c a a d b a IKE, b IKE a c IPS c b IPS c a da d. IKE a b d c
d c ca a d c d add a
c a
IPS c a da d. IPS c a IP IP ac . IPS c ca cb d a , b ,a d a c a c a a dS
c a ISAKMP, Oa S
c : c a E
I ,a dS ://
I
U ca
.
S c a a
A
ca c
c
c.c
/
c
a dK
_
Ma a d b IKE.
/
a /d
P
.
?
c
( I AKM ) a
=&
.
d=
222
R
Pa
F
ad
d
:
A. ? B. ? C. ? D. ? C
A :(
: )
E E
/
:
BD F
U ca a a ac T S
R ac , a ac . I c
, a
Pa ac
F
ad a
c
d d da
d ac
E
I
I
d a ab , a d
b
a
.W c d ab d
ac
a
ab d c add a
a
ad
ac
c add
. ca
G d , Tab
10 4 P
c
Da a P a
, .270
223
NAT a
A. B. C. D.
a ac .
IP
c :C c O ca C
T
( RPF) ca ac
a d
:
? ? ? ?
C
A
:
:(
E
)
E
/
:
BD A
( A
)
I b NAT T, a Add Ta a (NAT) d UDP 4500 ad ac a a a b ac a S
c :C c O ca C
A S
a c :
d
ca
d d c c ( a a IP c ac b ( ESP (La G d , Tab
a a c c ac a ), a a ESP ad ) a NAT d 4 c 50). 72P
c
T a Ma B R
aN a c d
c ://
.c c .c
/d c
/64281/
d
a
c
a
a a
a IP
c, .153
E
I
224
Ma A. B. C. D.
dd
a ac d
:
? ? ? ?
C
A
:
:(
E E
) /
:
BD :S ac
M
c
ca da a a ARP c a La 3b S
d b
b (DAI) a d S a c a ac .
c :C c O ca C E
I
ca
b dd
.T a a T P a ca
. Y ca c (STP) a d .A ca
G d ,T
a
d c d
ba a
C
B
b c a a VPN
b ac La a
a c a 2 d a . Y ca a d
c
IP 4 a d IP 6, .333
225
W c A. B. C. D. E.
c
d
b d a
?
c
d
0 1 2 5 15
C
:B
A :(
)
E E
/
:
BD U P
EXEC d c a d a d EXEC d a dc
S
c : E
I
W A. B. C. D. E. C
://
/c/
/
/ d/d c /
a d a /12_2/
c
226
D a a a a a
.c c .c
1 d c
a
a
c a c c c a c a c a :A(
ca 2
): A
c
Z
ac
a a a
2
ac
d a
Ba
dF
a
15. /c
a d/
c /
c _/
a
.
E E
/
:
BD +T d c b B +F
(
ad a d a ,a
a c ad
+F
a
a a
S
E
I
c
a
ca
,a
.F
), a c
a db ,b a c a
c a d
,
G d ,Z
a dW
a ac d c d a a ca c d c d da a ca c a c . db ac d
,a
ca
b d a W N
d Pa
T
a
C
a
F a ac d
.
, .380
: IOS a IOS a
a
a
c
.
ac
:D
A :(
)
E E
/
:
BD T +T
ac a
c a
c a
c : / c E
C
I
:// c
.c c .c .
BD
C c
a a a
C c IOS
a
/c/
, TFTP ac /
/ d/d c /
228
c a ac
Ca d a c D add d a I cab d d c Ca ` d ac : AC
A :(
)
/
c
a c
E E
C c IOS R ac
: a
a
ac . N
a
ac
. .
W a a A. B. C. D.
d
a
c
ca a d c a a dc a a ca b d ab d
+T S b
d b
ab d.
a d
d a
a
+T + +O
c
:
IPS?
a
ca ab a
a c c a
. /
/
c_
_c /c
a
/15
/
c
a c . .
227
R d add a R a Ca b d ab d A a ca d c
C
, ac
b
c :C c O ca C
C c R A. B. C. D.
, ca d IP . I add
c
15
+P
:D
c
a +M d :I d + T IPS ca d a d c b c S
ac
I
ac
ca
a
IDS d
.T .
G d , Tab
17 2 IDS V
a
a
IPS ca a
a
a c
IPS, .461
229
W a ca ca
a
A. c c B. c c C. ac D. b d ac E. a C
b ca ac
c :C c O ca C E
a ca d
.
ab
c a d d a a ada ad d a d
a
a b
ab b d
da ? (c
d acc ac
)
a d
: AB
A :(
)
E E
/
:
BD Sa a d c E I S
c
c a d da a d a c aab . T b ba d ad a d d c a a ac b a TCP c c d d. T
a
c : E
://
I
.
c
a
d a.
/
/S a
d
c
d
a cb
a d
D. Q c E. T a C
_
a
230
W a IPS c A. B. T C. A
c
ac ,a a a c c , a da a a a d, a d c a c a a b b b ca c . UDP a a a ad dc c . , a c a a d d a ab . c ,b
:E
A :(
)
E E
/
:
BD 16.02.2017 @T "
c
.c
c
d:
."
?
d
ac
a
+ IPS c ac a da d a + IP c
d
b db a c
a c
(
a a
cab c d IP
S
c :
IP
)
a ad
a d .
.
a .c /
://
:// .c c .c cPG1.
/c/
/
, a , c a a da a ( a a b a da a dT R D a a a d :T a a ddT d . ac ac a d a ac ad c d. T a a ,a d d c a c c /
/ d/d c /
_
/
G +I
cR E ca a (GRE) D c E ca a d, a IP ca a d ac . + IP c d IP c D c E ca a d d c , a c c a a IP c ca cc d a . S cc
c : a E
:// .c c .c /a ca _09186a008074 26a. d
I
231
W c c
a d
A. B. C. D.
c ? ? ?
C
d
VPN c
c
/870
_
d
d
IP
c
a
. IP ca
/
. d a
/
/
d /
a , c ca b a
c d a IP a d IP
: b
c a c a d b a c c b b a c.IPA c c a ac d c . IP c c a b
/
/
c
c
a
a c
b
.
/2 0/ _
.I
b c
/ d/
d
_c
I
a
c
ca ).A
a
/
171/c649/
a (
a)?
c a
:A
A :(
)
E E
/
:
BD T
#
c
a d
IP
c SA b
b
I # #
: 345, # : 366, #
c
a
ac
: 345, # : 366, #
a
S c : :// .c c .c d b 00. # c_ a E
I
C. #
/c/
da dd c /
/
db
/d c /
IP c
c /
. c
a
c
232
W a A. # B. #
c
0 0
c
a d a
a
ca
a
ca d
ca 1
1
a NTP
d5 14 1411050D 7
c ?(
)
/5409
c
D. #
d
C
1 :A
A :(
)
E E
/
:
BD 1
5 141411050D 7
1 192.168.1.96
S
c :C c O ca C E
H
I
1
ca
F
E
G d ,E a
0/1
11 15
, .314
233
ca
a
bd a
a
a c? (
)
A. a c NAT B. d a c NAT C. d a c PAT D. NAT C
:A
A :(
)
E E
/
:
BD Bd c a d S
a
S a c NAT a
://
I
.c c .c d a
G G G G
C
c
/ d/d c /
c
b
a dbd
c
a ,
a
/
a
/c/
/
/a a/a a83/c
d /c
a
D
H
a
c
a
:B )
E E
/
E
/ a_ VPN
1 2 7 5 A :(
W a
b .
234
W c d c ? A. B. C. D.
c
.
c : E
a
I
:
235
d
c
a
c
BYOD a c
c
a
? (C
)
a ASA
A. B. C. D. E.
Id S c E C c 3845 R W Acc P N 7010 S c P I a c
C
: AE
A :(
)
E E
/
E
W
I
d
:
236
Da ac
a
?
A. D b B. Acc C. C C
:A
A :(
)
E E
/
E
W c c
I
:
237
c ,a d
a
d ba
d
c c
c ?
C c
a
d
URL
bb
c
A. B. C. D.
C C C C
d b c d bP c d bS c d ad a c d a a
C
c
:A
A :(
)
E E
/
E
I
W c A. B. C. D.
:
238
d c ca b
d
d a
ca
a
c
TCP
25 a c?
ESA CWS WSA ASA
C
:A
A :(
)
E E
/
E
I
:
239
HIPS a d NIPS Y
d
ac
7 b
7 :
HIPS a d NIPS. Eac .
c
a4 c
c
c
a
C
A
:
:(
)
E E
/
U
JS E
W a A. d
:
c
I
.c
240
ac
d
ba
a
a
a c?
B. C. D. ...
c ad
C
A :(
: AB )
E E
/
E
I
W c
:
241
ab
a
c
c
ac c
ac
? A. B. C. D.
c
dd a ac a
ac
C
:A
A :(
)
E E
/ E
R
I
:
242
ad
PVLAN d a a
:
S c a VLAN 300 I a dH 1 VLAN 301 H 2a dH 4 VLAN 303 S A A. B. C. D.
c
c d
c H O S H
C
(C
PVLAN)
S c . c .
c
2 (H d c
a c PVLAN). VLAN XXX(VLAN a d
4 (H
a
c
c c d,
PVLAN)
:C
A :(
)
E E J
/
H 3 S ,H E
a ( A. B.
:
a
a
3 a I
PVLAN. I
a
243
d , a c PAT a c NAT
d )d
a
c
ac
a c
c da
c d ba a
c . .
ca
Ha
1).
C. d D. d
a a
C
c PAT c NAT :C
A :(
)
E E
/
:
M .W C a ( C a ( S
D
a c NAT d )d a c a D a c PAT (H d ) d , d )d a c ac
d ,
c : E
://
I
.c c .c
c a ac
c
a a
a
a
d
a
a
a c
a
c
C
/ d/d c /
c
/a a/a a83/c
ca
a
a a
c URL c
d d
E.
/
ca a
a : AC
A :(
)
E E
/
:
B ad 1. 2. 3. 4. 5. a
d
I E
A. c B. C. c D. ... C
a c
D a a ca D a c a .
ab
a
URL a
SIEM F
I
BD
D
a
.
245
c
(C
a a d
)
b
a d
a a a
a a a acc
: AB
A :(
)
E E
a
/
244
W c A. B. C. D.
/c/
b
/
:
d c d a
a
? (C
)
d /c
/ a_ b c .
S c +L a d +N a +C
I
a
E
add
c
c a a S b
SIEM c
a
a c a a d c c a da a a d a d d aa a . d c da b a c c a d, a a d
a a a a
+A +R
Ma a
E
I
c
da
d
ca
c d . a d
/c
a
a/
/d
a
246
W W W ...
a d 802.1X AAA
C
a
.
a 802.1X ab d a c d VLAN?
A. B. C. D.
d
ac da a d ,ab a a d d c a . a ca , d d c a d ac
,
c : a c:// c .c / cbaSIEM_d .c /c/da / G. / d/
W
a
.
A
a
ca
ba d
a abd ab d
Fa
c
a
c
a b Cc ca a
d,
d
a
c
ac d
a c
:A
A :(
)
E E
/
E
I
:
247
W a c A. B. C. D.
d
d c
a d
a
ca
(
)?
ba d ac
C
:D
A :(
)
E E
/
:
BD d c
a
d .I
a
ab
d
ac c ac
a c
ac S a 0 add 192.16.64.1 255.255.255.0 a ca c1$c0 E
W a A. 1 B. 0
I
248
ac a IOS
U
E
c
d ?
d , a.
ac
,
d
ba
C. 5 D. 15 C
:A
A :(
)
E E
/
:
BD B d a
,
C c IOS a c a d ac (CLI) a 1) a d d EXEC d ( 15). H , c a d , ca d , d d acc .U 16 ca bc d, 15, c a c d .
E EC
(
acc a , S
c : E
://
I
C
/c/
/
/ d/d c /
/12_2/
c
/c
c add c
0, a
c /
c d
d /
c _c/ c a
a
a
a
a
a a a ac
a
a
a
da a?
ac a ab
:D
A :(
)
E E
/
:
BD A a S
a d : a
249
W c acc A. B. C. D. E.
.c c .c
acc ca c
c : CCNA S c
a
a
210 260 O c a C
d
a
a c bd
G d , GLOSSARY, . 530
d.
d
.
20 E
I
1
R A. B. C. D.
CIA,
da a
a
.
Da a a R ... ... ...
C
:A
A :(
)
E E
/
E
I
:
2
P
d
.
A. B. ... C. ... D. ... C
:A
A :(
)
E E
/
E
A A. B. C. D.
I
:
3
c La
Da a C
O
a
Da a C ... ... ...
C
:A
A :(
)
E E
/
E
I
H
ca
A. B. C. D.
d ab ... ... ...
:
4
c CDP
d
a
a c a ac (c
cd . )
C
:A
A :(
)
E E
/
E
F A. B. C. D.
I
P
:
5
c
FMC
a/
c
d.
AMP ... ... ...
C
:A
A :(
)
E E
/
E
I
W a A. B. C. D.
6
a
P ... ... ...
C
:
a
c
a
a
ab
c
:A
A :(
)
E E
/
E
I
:
7
T c
a AAA a
A. B. ... C. ... D. ...
aaa c
C
A :(
ca
.
a d
:A )
E E
/
E
I
Z
ba
A.
ab
:
8
d
a /
b
ad b
a
ac
.
?
B. ... C. ... D. ... C
:A
A :(
)
E E
/
E
I
:
9
W c A. B. C. D.
d
b ac
AAA
a
Mc
445 & 389 ... ... ...
C
:A
A :(
)
E E
/
E
I
:
10
W a d A. B. C. D.
c
E ab ... ... ...
C
d
a dc
a
4500
a IP
a c
a
ab d
ad . ac
:A
A :(
)
E E
/
E
I
W A. B. C. D. C
:
11
c
.
b ca ... ... ...
ASA ca
c
:A
A :(
)
E E
/
:
ac
d
AD
E
I
12
W a da a A. B. C. D.
a
Ra d ... ... ...
C
dd
DH
a
a a
VRF
b/
(
a)
I
A :(
)
:A
E E
/
E
D A. B. C. D.
I
:
13
a ac d c L ... ... ...
C
a
d
A :(
d c a ac
)
:A
E E
/
E
P A. B. C. D.
I
:
14
c
d
c
VRF
EIGRP M ca ... ...
C
A :(
: AB )
E E
/
E
I
:
15
ab A. B. C. D. C
R ... ... ...
c a
A
:A
a ab
a? c
ac
(2 c
c
)
:(
)
E E
/
E
I
:
16
a a
a
ab
d
b
d c
c
c
a
A. B. ... C. ... D. ... C
:A
A :(
)
E E
/
E
I
17
A A. B. C. D.
d ... ... ...
C
:
ab
MDM
dc
ca
.
:A
A :(
)
E E
/
E
I
18
a ca A. B. C. D.
ac
c ... ... ...
C
:
b
d
ac d
c d
a
c ca d(
a
.
:A
A :(
)
E E
/
E
I
S A. ca b
:
19
(2
)? c
d a
a
.
b ) VLAN
a 802.1
ab d
.
B. ca b C. ... D. ... C
a
d
ca .
: AB
A :(
)
E E
/
E
I
:
20
W c IDS/IPS A. B. C. D. C
d
a d
HIPS ... ... ... :A
A :(
)
E E
/
:
?
