Cisco Cisco Identity Services Engine 1.3 디자인 가이드
© 2015 思科系统公司
第
71 页
安全访问操作指南
10.1.100.7 10.1.50.2 udp :51016 :162 Gi2/47 :0x00 0
335 20:23:02 L3 - Dynamic
10.1.100.5 10.1.50.2 udp :1645 :1812 Gi2/47 :0x06 1365
270 20:23:56 L3 - Dynamic
10.1.100.100 10.1.10.100 udp :54699 :dns Gi2/47 :0x01 64
211 20:24:00 L3 - Dynamic
10.1.100.1 10.1.50.2 udp :ntp :ntp Gi2/47 :0x00 0
43 20:26:48 L3 - Dynamic
17.172.232.209 10.1.40.101 tcp :61858 :443 Vl40 :0x02 173
17 20:27:14 L3 - Dynamic
17.172.232.209 10.1.40.101 tcp :61858 :443 Vl40 :0x00 0
17 20:27:14 L2 - Dynamic
10.1.40.101 17.172.232.209 tcp :443 :61858 Vl40 :0x00 0
17 20:27:14 L2 - Dynamic
0.0.0.0 0.0.0.0 0 :0 :0 -- :0x032283 20941051
1573 20:27:31 L3 - Dynamic
335 20:23:02 L3 - Dynamic
10.1.100.5 10.1.50.2 udp :1645 :1812 Gi2/47 :0x06 1365
270 20:23:56 L3 - Dynamic
10.1.100.100 10.1.10.100 udp :54699 :dns Gi2/47 :0x01 64
211 20:24:00 L3 - Dynamic
10.1.100.1 10.1.50.2 udp :ntp :ntp Gi2/47 :0x00 0
43 20:26:48 L3 - Dynamic
17.172.232.209 10.1.40.101 tcp :61858 :443 Vl40 :0x02 173
17 20:27:14 L3 - Dynamic
17.172.232.209 10.1.40.101 tcp :61858 :443 Vl40 :0x00 0
17 20:27:14 L2 - Dynamic
10.1.40.101 17.172.232.209 tcp :443 :61858 Vl40 :0x00 0
17 20:27:14 L2 - Dynamic
0.0.0.0 0.0.0.0 0 :0 :0 -- :0x032283 20941051
1573 20:27:31 L3 - Dynamic
步骤
9 要验证 NetFlow 导出配置以及是否正在向 ISE 策略服务节点发送流量,请使用 show ip flow export
命令,如下所示:
cat6503# sh ip flow export
Flow export v9 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 10.1.100.1 (Vlan100)
Destination(1) 10.1.99.5 (9996)
Version 9 flow records
20408 flows exported in 7635 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
0 export packets were dropped enqueuing for the RP
0 export packets were dropped due to IPC rate limiting
0 export packets were dropped due to Card not being able to export
Flow export v9 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 10.1.100.1 (Vlan100)
Destination(1) 10.1.99.5 (9996)
Version 9 flow records
20408 flows exported in 7635 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
0 export packets were dropped enqueuing for the RP
0 export packets were dropped due to IPC rate limiting
0 export packets were dropped due to Card not being able to export
使用网络扫描
(NMAP) 探测功能进行分析
网络扫描探测功能以嵌入式开源网络映射器实用工具为基础。网络映射器
(NMAP) 用于扫描所连接终端的大
型网络,然后对各个主机执行扫描,检测其操作系统、操作系统版本和服务(应用名称和版本)。
其他
ISE 探测功能被视为“被动”探测功能,因为它们不是直接查询终端本身,而是依赖于数据收集的间接
方法,例如解析设备生成的数据或来自其他网络设备的数据。网络扫描探测功能被视为“主动”评估机制,
因为它直接与终端通信,从源头获取信息。
因为它直接与终端通信,从源头获取信息。
NMAP 探测功能扫描操作
当
NMAP 探测功能进行扫描时,它可以执行以下一项或多项操作:
• 操作系统扫描
• SNMP 端口扫描
• SNMP 端口扫描
• 通用端口扫描