Manualsbrain.com
  1. 매뉴얼
  2. 브랜드
  3. Cisco
  4. Cisco Identity Services Engine 1.3
  5. 작동 가이드

Cisco Cisco Identity Services Engine 1.3 작동 가이드

다운로드
페이지 17
  
 
 
 
 
 
© 2015 思科系统公司 
 11   
安全访问操作指南 
全局配置示例
 
hostname C3750X 
username radius-test password 0 Cisco123 
aaa new-model 
aaa authentication dot1x default group radius 
aaa authorization network default group radius  
aaa accounting dot1x default start-stop group radius 
aaa server radius dynamic-author 
client 10.1.100.3 server-key Cisco123 
ip dhcp snooping vlan 10-13 
ip dhcp snooping 
ip domain-name cts.local 
ip device tracking 
dot1x system-auth-control 
ip http server 
ip http secure-server 
ip access-list extended ACL-AGENT-REDIRECT 
remark explicitly prevent DNS from being redirected to address a bug 
deny udp any any eq domain 
remark redirect HTTP traffic only 
permit tcp any any eq www 
remark all other traffic will be implicitly denied from the redirection 
ip access-list extended ACL-ALLOW 
permit ip any any 
ip access-list extended ACL-DEFAULT 
remark DHCP 
permit udp any eq bootpc any eq bootps 
remark DNS 
permit udp any any eq domain 
ping < 
permit icmp any any 
remark PXE / TFTP 
permit udp any any eq tftp 
remark Drop all the rest 
deny ip any any log 
ip access-list extended ACL-WEBAUTH-REDIRECT 
remark explicitly prevent DNS from being redirected to accommodate certain switches 
deny udp any any eq domain 
remark redirect all applicable traffic to the ISE Server 
permit tcp any any eq www 
permit tcp any any eq 443 
remark all other traffic will be implicitly denied from the redirection 
ip radius source-interface Loopback0 
snmp-server community Cisco123 RO 
snmp-server trap-source Loopback0 
snmp-server source-interface informs Loopback0 
snmp-server enable traps mac-notification change move threshold 
snmp-server host 10.1.100.3 version 2c Cisco123 mac-notification 
radius-server attribute 6 on-for-login-auth 
radius-server attribute 8 include-in-access-req 
radius-server attribute 25 access-request include 
radius-server dead-criteria time 5 tries 3 
radius-server host 10.1.100.3 auth-port 1812 acct-port 1813 test username radius-test key Cisco123 
radius-server vsa send accounting 
radius-server vsa send authentication 
logging monitor informational 
epm logging 
logging origin-id ip 
logging source-interface Loopback0 
logging host 10.1.100.3 transport udp port 20514