Cisco Cisco Identity Services Engine 1.2 产品宣传页
보안
액세스 방법 가이드
permit tcp any any eq www
permit tcp any any eq 443
ip access-list extended BLACKHOLE
permit tcp any any eq www
permit tcp any any eq 443
ip access-list extended ACL-DEFAULT
permit udp any any eq domain
permit udp any eq bootpc any eq bootps
deny ip any any
radius-server vsa send authentication
radius-server vsa send accounting
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius server ISE01
address ipv4 10.1.200.11
automate-tester username RADIUS-TEST idle-time 10
key RADIUS_KEY
radius server ISE02
address ipv4 10.1.200.11
automate-tester username RADIUS-TEST idle-time 10
key RADIUS_KEY
aaa group server radius ISE
server name ISE01
server name ISE02
deadtime 15
radius-server dead-criteria time 10 tries 3
ip radius source-interface vlan 100
snmp-server community SNMP_COMMUNITY_STRING RO
ip dhcp snooping
ip dhcp snooping vlan 10, 11
end
write memory
로우
-임팩트 모드용 인터페이스 레벨 컨피그레이션
description ACCESS (Multi-Auth w/ Low-Impact Mode)
switchport mode access
switchport access vlan 10
switchport voice vlan 11
ip access-group ACL-DEFAULT in
authentication open
authentication event fail action next-method
authentication event server dead action reinitialize vlan 10
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
mab
authentication violation restrict
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server dynamic
dot1x timeout tx-period 10
spanning-tree portfast
authentication port-control auto
Cisco Systems © 2016
26 페이지