Cisco Cisco Identity Services Engine 1.3 전단
보안
액세스 방법 가이드
server name ISE02
deadtime 15
radius-server dead-criteria time 10 tries 3
ip radius source-interface vlan 100
device-sensor filter-list dhcp list TLV-DHCP
option name host-name
option name requested-address
option name parameter-request-list
option name class-identifier
option name client-identifier
device-sensor filter-spec dhcp include list TLV-DHCP
cdp run
device-sensor filter-list cdp list TLV-CDP
tlv name device-name
tlv name address-type Craig may not be needed
tlv name capabilities-type
tlv name platform-type
device-sensor filter-spec cdp include list TLV-CDP
lldp run
device-sensor filter-list lldp list TLV-LLDP
tlv name system-name
tlv name system-description
device-sensor filter-spec lldp include list TLV-LLDP
device-sensor accounting
device-sensor notify all-changes
no macro auto monitor
access-session template monitor
end
write memory
디바이스
센서가 없는 전역 컨피그레이션
ip domain-name EXAMPLE.COM
username RADIUS-TEST password 0 PASSWORD
crypto key generate rsa general-keys mod 2048
aaa new-model
aaa authentication dot1x default group ISE
aaa authorization network default group ISE
aaa accounting dot1x default start-stop group ISE
aaa accounting update newinfo periodic 2880
aaa server radius dynamic-author
client 10.1.200.11 server-key RADIUS_KEY
client 10.1.200.11 server-key RADIUS_KEY
aaa session-id common
dot1x system-auth-control
dot1x critical eapol
ip device tracking
vlan 10
name USER
vlan 11
name VOICE
vlan 100
name MGMT
interface 10
ip address 10.1.10.1 255.255.255.0
ip helper-address 10.1.200.10
ip helper-address 10.1.200.11
interface 11
ip address 10.1.11.1 255.255.255.0
ip helper-address 10.1.200.10
ip helper-address 10.1.200.11
interface 100
ip address 10.1.100.1 255.255.255.0
ip http server
ip access-list extended ACL_WEBAUTH_REDIRECT
Cisco Systems © 2016
25 페이지