Cisco Cisco Identity Services Engine 1.3 产品宣传页
보안
액세스 방법 가이드
부록
A: 샘플 컨피그레이션
디바이스
센서가 있는 전역 컨피그레이션
ip domain-name EXAMPLE.COM
username RADIUS-TEST password 0 PASSWORD
crypto key generate rsa general-keys mod 2048
aaa new-model
aaa authentication dot1x default group ISE
aaa authorization network default group ISE
aaa accounting dot1x default start-stop group ISE
aaa accounting update newinfo periodic 2880
aaa server radius dynamic-author
client 10.1.200.11 server-key RADIUS_KEY
client 10.1.200.11 server-key RADIUS_KEY
aaa session-id common
dot1x system-auth-control
dot1x critical eapol
ip device tracking
vlan 10
name USER
vlan 11
name VOICE
vlan 100
name MGMT
interface 10
ip address 10.1.10.1 255.255.255.0
ip helper-address 10.1.200.10
interface 11
ip address 10.1.11.1 255.255.255.0
ip helper-address 10.1.200.10
interface 100
ip address 10.1.100.1 255.255.255.0
ip http server
ip access-list extended ACL_WEBAUTH_REDIRECT
permit tcp any any eq www
permit tcp any any eq 443
ip access-list extended BLACKHOLE
permit tcp any any eq www
permit tcp any any eq 443
ip access-list extended ACL-DEFAULT
permit udp any any eq domain
permit udp any eq bootpc any eq bootps
deny ip any any
radius-server vsa send authentication
radius-server vsa send accounting
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius server ISE01
address ipv4 10.1.200.11
automate-tester username RADIUS-TEST probe-on
# For IOS & IOS-XE without ‘probe-on’ feature use following command instead
# For IOS & IOS-XE without ‘probe-on’ feature use following command instead
! automate-tester username RADIUS-TEST idle-time 10
key RADIUS_KEY
radius server ISE02
address ipv4 10.1.200.11
automate-tester username RADIUS-TEST probe-on
# For IOS & IOS-XE without ‘probe-on’ feature use following command instead
# For IOS & IOS-XE without ‘probe-on’ feature use following command instead
! automate-tester username RADIUS-TEST idle-time 10
key RADIUS_KEY
aaa group server radius ISE
server name ISE01
Cisco Systems © 2016
24 페이지