Cisco Cisco Identity Services Engine 1.2 产品宣传页

보안

액세스 방법 가이드

permit tcp any any eq www

permit tcp any any eq 443

ip access-list extended BLACKHOLE

permit tcp any any eq www

permit tcp any any eq 443

ip access-list extended ACL-DEFAULT

permit udp any any eq domain

permit udp any eq bootpc any eq bootps

deny ip any any

radius-server vsa send authentication

radius-server vsa send accounting

radius-server attribute 6 on-for-login-auth

radius-server attribute 8 include-in-access-req

radius-server attribute 25 access-request include

radius server ISE01

address ipv4 10.1.200.11

automate-tester username RADIUS-TEST idle-time 10

key RADIUS_KEY

radius server ISE02

address ipv4 10.1.200.11

automate-tester username RADIUS-TEST idle-time 10

key RADIUS_KEY

aaa group server radius ISE

server name ISE01

server name ISE02

deadtime 15

radius-server dead-criteria time 10 tries 3

ip radius source-interface vlan 100

snmp-server community SNMP_COMMUNITY_STRING RO

ip dhcp snooping

ip dhcp snooping vlan 10, 11

end

write memory

로우

-임팩트 모드용 인터페이스 레벨 컨피그레이션

description ACCESS (Multi-Auth w/ Low-Impact Mode)

switchport mode access

switchport access vlan 10

switchport voice vlan 11

ip access-group ACL-DEFAULT in

authentication open

authentication event fail action next-method

authentication event server dead action reinitialize vlan 10

authentication event server dead action authorize voice

authentication event server alive action reinitialize

authentication host-mode multi-auth

mab

authentication violation restrict

authentication periodic

authentication timer reauthenticate server

authentication timer inactivity server dynamic

dot1x timeout tx-period 10

spanning-tree portfast

authentication port-control auto

26 페이지