Shunze ¾Ç¶é >¸ê°T³]³Æ±M°Ï >Extreme & Enterasys > ¡m¤À¨É¡nNAC³z¹LLocal Password Repository¶i¦æ±b/±KÅçÃÒ «¢Åo¡AÁÙ¨S¦³µù¥U©ÎªÌµn¤J¡C½Ð§A[µù¥U|µn¤J]
« ¤W¤@½g¥DÃD ¤U¤@½g¥DÃD » Åã¥Ü¦¨¦C¦L¼Ò¦¡ | ¼W¥[¨ì§Úªº³Ì·R
µoªí·s¥DÃD µoªí¦^ÂÐ
§@ªÌ
¥DÃD
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2370

shunze Â÷½u
¡m¤À¨É¡nNAC³z¹LLocal Password Repository¶i¦æ±b/±KÅçÃҤޥΦ^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ  µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

NAC°£¤F¥i»PRadius¤ÎLADP¶i¦æ±b¸¹»{ÃÒ¥~¡A
¤]¥i¥H¨Ï¥ÎNAC¥»¨­¨Ó°µ¬°±b¸¹/±K½Xªº¸ê®Æ®w¡C

¥H¤U¬°NAC°µlocal password repository¡A·f°t802.1X¹ï«eºÝµn¤J¹q¸£¶i¦æÅçÃÒªº¥Ü½d¡C

  1. ©óNAC Manager¤¤¡A¿ï¦nNAC Appliacne«á¡AÂIÀ» Default ³]©wNAC Configuration¡C


  2. ¨Ó¨ìAAA«á¡A·s¼W¤@­ÓAAA Configuration - LocalAuth¡A
    ¤Ä¿ï Authenticate Requests Locally for MAC (All)¡A
    µM«á¦b¤U©Ôªº Local Password Repository ¤¤¡AÂI¿ï¾¦½ü¹Ï¥Ü¶i¦æ½s¿è¡C


  3. ³o¼Ë´N·|¶i¤J Local Password Repository ªº½s¿è¾¹¡C
    «ö¤U Add ¥i·s¼W¤@²Õ±b/±K¡C




    ·s¼W§¹¦¨«á¡A´N·|¥X²{­è¤~·s«Øªº±b¸¹¡C


  4. ¦^¨ìAAA¡A§Ú­Ì³]©w³o²ÕAAAªºÅçÃÒ¤èªk¡C


    ¦bAuthentication MethodùØ¿ï¾ÜLocal Authentication¡A«ü©w­n¥ÎNAC Local Password Repository°µ¬°ÅçÃÒ¤èªk¡C




  5. ¨ìRules¡A³]©w¸ÓÅçÃҤ覡³q¹L«á¡A¹ïÀ³ªºÅv­­¡C
    «ö¤U ¡§·s¼W¡¨ ¹Ï¥Ü¡A¨Ó«Ø¥ß¤@µ§·s³W«h¡C


    User Group´N¿ï Local Password Repository Users¡A
    ProfileÀH«K¿ï¤@­Ó¨Ó¨Ï¥Î¡A§Ú­Ì¿ï¥ÎAllow NAC Profile¨Ó°µ¥Ü½d¡A
    ¹ïÀ³ªºpolicy role¬OEnterprise User¡C


    «Ø¦n«á¡ARules´N·|¦h¥X­è¤~«Ø¥ßªº³o¤@µ§¡C


    ¦^¨ìNAC Manager­º­¶¡A«ö¤U Enforce ¹Ï¥Ü¼g¤J§ó·s¡ANACªº³¡¤À´N§¹¦¨¤F¡C




Switch±Ò¥Î 802.1X ÅçÃÒ
  1. ©óPolicy Manager¤¤¡A¥ý½T»{SwitchªºRADIUS¬O§_«ü¦VNAC¡C


  2. µM«á©óAuthentication­¶­±¤¤¡A«ü©wRADIUSÅçÃÒ¬O³z¹L802.1X¨Ó¶i¦æ¡C


  3. ³]©w­n±Ò¥ÎÅçÃÒªºport¡C³oÃä§Ú­Ì¥Hport ge.1.2¬°¥Ü½d¡C


    Authentication Behavior³]¬° Active¡A
    ¦ÓUnauthentication Behavior«h¬° Discard¡C






µn¤JÅçÃÒ
  1. «eºÝ¹q¸£±Ò¥Î802.1X«á¡A¶i¦æµn¤JÅçÃÒ¡C


    ¿é¤J­è¤~«Ø¥ßªº±b¸¹±K½X¡A¶i¦æµn¤J¡C


    µn¤J«á¡Aºô¸ô¹Ï¥Ü¥Ñ¤T¨¤§Îĵ¥ÜÅܦ^¥¿±`¡C


  2. ¦^¨ìNAC Managerªº End-Systems ¶i¦æµn¤J¸ê°Tªº½T»{¡C

    ­è¤~ªºµn¤J¡A½T¹ê¬O¥Ñ±b¸¹ test ¦b ge.1.2 ¥H 802.1X ªºÅçÃÒÃþ«¬¶i¦æµn¤J¡C
    µn¤J«áªºProfile¬O Allow NAC Profice¡A»P³]©w¬Û¦P¡C


³z¹LNAC¥»¨­ªºLocal Password Repository°µ¬°»{ÃÒ¨Ó·½¡A³o¥\¯à¨ä¹ê«Ü¶§¬K¡C
¥¦µLªk¹ï¨Ï¥ÎªÌ¶i¦æ¸s²Õ°Ï¤À¡A¤]¤£¯àµ¹¤©¦U¦Û¹ïÀ³Åv­­¡F
°ß¤@¯à°µªº¡A¥u¬O¬°¤£¦P¨Ï¥ÎªÌ«Ø¥ß¤£¦PRepository¡A
°µ¬°ÅçÃҮɪº±b/±K¹ïÀ³¡AµM«áµ¹¤©¤@­PªºÅv­­¡A¶È¦¹¦Ó¤w¡C



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!




2014-08-18, 22:55 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2370

shunze Â÷½u
¡m¤À¨É¡nLocal Password Repository¹w³]±K½X¤Þ¥Î¦^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ  µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

NAC ùØ Local Password Repository ªº±b¸¹¨ä¹w³]±K½X¬° Extreme@pp



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!




2014-08-21, 16:57 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
  « ¤W¤@½g¥DÃD ¤U¤@½g¥DÃD »
µoªí·s¥DÃD µoªí¦^ÂÐ
¸õ¨ì:

Powered by: Burning Board 1.1.1 2001 WoltLab GbR