Cisco Cisco Identity Services Engine 1.3 작동 가이드

第

17 页

安全访问操作指南

radius-server host 192.168.201.88 auth-port 1812 acct-port 1813 test username radius-test idle-

time 5 key cisco123

radius-server deadtime 15

radius-server vsa send accounting

radius-server vsa send authentication

wireless mobility controller

wireless management interface Vlan80

wireless client fast-ssid-change

wireless mgmt-via-wireless

wireless client user-timeout 7200

captive-portal-bypass

wlan example_secure 1 example_secure

aaa-override

client vlan 30

nac

ip dhcp required

session-timeout 86400

no shutdown

wlan example_open 2 example_open

aaa-override

client vlan 40

mac-filtering default

nac

ip dhcp required

no security wpa

no security wpa akm dot1x

no security wpa wpa2

no security wpa wpa2 ciphers aes

session-timeout 7200

no shutdown

interface GigabitEthernet 1/0/17

description Server

switch port mode access

switch port access vlan 201

ip dhcp snooping trust

spanning-tree portfast

no shut

interface GigabitEthernet 1/0/9

description AP

switch port mode access

switch port access vlan 80

spanning-tree portfast

no shut

ISE 配置

ISE 没有专门的配置来与 3850 交换机集成以进行无线接入。3850 可以通过与 Catalyst 交换机相同的方式进行
集成，以支持

CWA、BYOD 和状态评估等高级 ISE 功能。虽然本文档涵盖与 BYOD 相关的策略，仍请参阅

BYOD 操作指南以了解如何配置基础服务来启用 BYOD，这包括配置 CA 服务器、外部身份源和请求方调配
策略。