Cisco Cisco Identity Services Engine 1.3 작동 가이드
© 2015 思科系统公司
第
17 页
安全访问操作指南
radius-server host 192.168.201.88 auth-port 1812 acct-port 1813 test username radius-test idle-
time 5 key cisco123
radius-server deadtime 15
radius-server vsa send accounting
radius-server vsa send authentication
!
wireless mobility controller
wireless management interface Vlan80
wireless client fast-ssid-change
wireless mgmt-via-wireless
wireless client user-timeout 7200
captive-portal-bypass
!
wlan example_secure 1 example_secure
aaa-override
client vlan 30
nac
ip dhcp required
session-timeout 86400
no shutdown
!
wlan example_open 2 example_open
aaa-override
client vlan 40
mac-filtering default
nac
ip dhcp required
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
session-timeout 7200
no shutdown
!
interface GigabitEthernet 1/0/17
description Server
switch port mode access
switch port access vlan 201
ip dhcp snooping trust
spanning-tree portfast
no shut
!
interface GigabitEthernet 1/0/9
description AP
switch port mode access
switch port access vlan 80
spanning-tree portfast
no shut
ISE 配置
ISE 没有专门的配置来与 3850 交换机集成以进行无线接入。3850 可以通过与 Catalyst 交换机相同的方式进行
集成,以支持
集成,以支持
CWA、BYOD 和状态评估等高级 ISE 功能。虽然本文档涵盖与 BYOD 相关的策略,仍请参阅
BYOD 操作指南以了解如何配置基础服务来启用 BYOD,这包括配置 CA 服务器、外部身份源和请求方调配
策略。
策略。