Техническая Инструкция для Cisco Cisco 2000 Series Wireless LAN Controller

VLAN 257: 192.168.157.x/24. Gateway: 192.168.157.1

♦ 

VLAN 75: 192.168.75.x/24. Gateway: 192.168.75.1

♦ 

This document uses 802.1x with PEAP as the security mechanism.

Note: Cisco recommends that you use advanced authentication methods, such as EAP−FAST and
EAP−TLS authentication, in order to secure the WLAN.

• 

Switches are configured for all Layer 3 VLANs.

• 

The DHCP server is assigned a DHCP scope.

• 

Layer 3 connectivity exists between all devices in the network.

• 

The LAP is already joined to the WLC.

• 

Each VLAN has /24 mask.

• 

ACS 5.2 has a Self−Signed Certificate installed.

• 

This configuration is separated into three high−level steps:

Configure the RADIUS Server.

1. 

Configure the WLC.

2. 

Configure the Wireless Client Utility.

3. 

Configuration of RADIUS server is divided into four steps:

Configure network resources.

1. 

Configure users.

2. 

Define policy elements.

3. 

Apply access policies.

4. 

ACS 5.x is a policy−based access control system. That is, ACS 5.x uses a rule−based policy model instead of
the group−based model used in the 4.x versions.

The ACS 5.x rule−based policy model provides more powerful and flexible access control compared to the
older group−based approach.

In the older group−based model, a group defines policy because it contains and ties together three types of
information:

Identity information − This information can be based on membership in AD or LDAP groups or a
static assignment for internal ACS users.

• 

Other restrictions or conditions − Time restrictions, device restrictions, and so on.

• 

Permissions − VLANs or Cisco IOS

®

 privilege levels.

• 

The ACS 5.x policy model is based on rules of the form:

If condition then result

• 

For example, we use the information described for the group−based model: