Shunze ¾Ç¶é >¸ê°T³]³Æ±M°Ï >Extreme & Enterasys > ¡m¤À¨É¡nNAC DNS Proxy «¢Åo¡AÁÙ¨S¦³µù¥U©ÎªÌµn¤J¡C½Ð§A[µù¥U|µn¤J]
« ¤W¤@½g¥DÃD ¤U¤@½g¥DÃD » Åã¥Ü¦¨¦C¦L¼Ò¦¡ | ¼W¥[¨ì§Úªº³Ì·R
µoªí·s¥DÃD µoªí¦^ÂÐ
§@ªÌ
¥DÃD
shunze
¤u¤Í§B§B


µù¥U¤é´Á: 2002 04
¨Ó¦Û: ¼é¦Á²×¤î¤§¦a
¤å³¹: 2380
shunze Â÷½u
¡m¤À¨É¡nNAC DNS Proxy¤Þ¥Î¦^ÂÐ ½s¿è/§R°£¤å³¹ ·j´M¥Ñ µoªíªº¨ä¥L¤å³¹ ¦^³øµ¹ª©¥D IP ¦ì¸m ¦^¦¹­¶³Ì¤W¤è

¦bNAC¬[ºc¤¤¡A­n¹ï¨Ï¥ÎªÌ¶i¦æ¨­¥÷ÅçÃÒ¥i³z¹L¤TºØ¤èªk¡A
¤À§O¬O802.1X¡BMACºô¥d»PWeb Portal¡C

NAC¥»¨­¦³¤@®M«Ü´ÎªºWeb Portal½s¿è¤u¨ã¡A¥i¥H«Ü¤è«Kªº«È»sWeb Portalµn¤Jµe­±¡C
¦ý­n¦p¦ó§â¨Ï¥ÎªÌ¾É¦VWeb Portal«h¬O¥t¤@ªù¾Ç°Ý¤F¡C

¦bEnterasysªº¸Ñ¨M¤è®×¤¤¡A¬O³z¹LDNS Proxy¨Ó¶i¦æºô­¶IPªºspoof¡C
¥ô¦óºô­¶ªºrequest¤@¥¹³z¹LDNS Proxy¨Ó¸ÑªR«á¡A
¤@«ß·|³Q¾É¦VNAC¤WªºWeb Portal¡A¨Ó¹F¨ì±j­¢¨Ï¥ÎªÌ¶i¦æ¨­¥÷ÅçÃÒªº¥Øªº¡C


¡ô¥H¤W¹Ï¬°¨Ò¡A«ü¦Vwww.shunze.info³Q±j­¢¾É¦VWeb Portal¤F¡I


¦p¦ó¦bNAC¤W¬[³]DNS Proxy¡H

  1. ©óNAC ManagerªºAdvanced Settings¤¤¡A±Ò¥Î Enable distributed end-system cache¡F
    ¨Ã«ö¤U Reload «ö¶s¡AÅý³]©w¥Í®Ä¡C


  2. ©ó³]©wÀÉ opt/nac/server/config/config.properties ¤¤±Ò¥Î DNS_PROXY_ENABLE °Ñ¼Æ¡C


    ¤U«ü¥O nacctl restart ­«±ÒNACªA°È¡A
    ¦A¤U«ü¥O opt/nac/server/dnsProxy.sh ¨Ó­«±ÒDNS ProxyªA°È¡A


·íµM­nÅý¤º«ØªºWeb Portal¯à°÷¨Ï¥Î¡A
NAC¤¤ªº Authentication Registration/Access ©Î Guest Registration/Access ­n¨Ì»Ý¨D¨Ó±Ò¥Î¡C


¦Ü©ó¦p§â¨Ï¥ÎªÌªºrequest¾É¦VNAC§êºtªºDNS Proxy¤èªk¦³¤T¡A
  1. Policy-Based Routing
    ¥´¤W¯S©wªºToS­È¡AµM«á©óRouter¤¤±N±a¦³¦¹ToS­Èªº¬y¶q¾É¦VNAC DNS Proxy¡C
  2. Block Primary DNS
    DHCP°tµoIP®É¡A¦P®É°tµo¨âµ§DNS¡A
    ·í¨Ï¥ÎªÌ©|¥¼ÅçÃҮɡAblock²Ä¤@µ§DNS¡FÅýrequestÂà¦V²Ä¤Gµ§DNS (DNS Proxy)°µ¸ÑªR¡C
  3. ¤£¦PVLAN¡A¤£¦PDNS³]©w
    °t¦X¤£¦PªºVLAN¡A¨Ó°tµo¤£¦PªºDNS¡C
    ·í¨Ï¥ÎªÌ·í¥¼ÅçÃҮɡA¤À°t¨ì¥¼µù¥U©Î¹jÂ÷°ÏªºVLAN¡A
    ¦Ó³o°ÏªºDNSª½±µ«ü¦VNACªºDNS Proxy¡C


Policy-Based Routing
¦b©|¥¼ÅçÃÒ¨­¥÷ªºhttp 80 portªº¬y¶q¤¤¡A¥´¤W¯S©wªºToS­È ¡C



¡ôCoS Configuration·|¦Û°Ê­pºâ¥X¹ïÀ³ªºDSCP­È¡C

µM«á¦bRouter¤¤¥hÆ[¹î«Ê¥]ùتºDSCP­È¡A
¤@¥¹DSCP­È²Å¦X§Ú­Ì¥´¤WªºToS¡ARouter´N§â³o¬y¶q¾É¦VDNS ProxyªºIP¡C

ToS»PDSCPªº¹ïÃö«Y¦p¤U¹Ï¡A




¦ý¤ñ¸û©êºpªº¬O¡ARouter¤Wªº¹ïÀ³³]©w¡A¶¶¤l¤£¬O«ÜÀ´...
§Y¨Ï¬Ý¤F¤å¥ó¡AÁÙ¬O¤£¤Ó©ú¥ÕRouter¤Wªº«ü¥O·N¸q¡I¡H
³o³¡¤À´N¤£»~¾É§O¤H¤F¡A
µ¥¤§«áÁA¸Ñ¤F¡A¦A¨Ó¸É¥R»¡©ú¡C


Block Primary DNS
¦b³oºØ¬[ºc¤U¡ADHCP server¦b°tµoIP®É¡A­n°tµo¨âµ§DNS¡C
²Ä¤@µ§¬O¥¿½TªºDNS¡A¦Ó²Ä¤Gµ§«h¬ONAC©Ò§êºtªºDNS Proxy¡C
·í¨Ï¥ÎªÌ©|¥¼¸g¹L¨­¥÷ÅçÃҮɡA§Ú­Ì¦b¹ïÀ³ Policy/ACL ¾×±¼²Ä¤@µ§DNS°O¿ý¡A
±j­¢DNSªº¸ÑªR³z¹L²Ä¤Gµ§DNS (NAC©Ò§êºtªºDNS Proxy) ¨Ó¶i¦æ¡C

¥HEnterasysªºPolicy Manager¬°¨Ò¡A
§Ú­Ì¥i¥H«Ø¥ß¤@­Ó·sªºService - Block Primary DNS IP¡A
µM«á¦bùØ­±³]©w­n¾×±¼¹ï²Ä¤@µ§DNS 192.168.30.1ªº©Ò¦³traffic¡C


µM«á¦A§â¥¼ÅçÃҰϪºRole¥[¤W³oµ§Service´N¦æ¤F¡C


¦³¥[³oµ§ServiceªºRole¦b¶}±Òºô­¶®É¡A´N·|³Q¾É¦VWeb Portal¤F¡C


¤£¦PVLAN¡A¤£¦PDNS³]©w
°ÊºAVLAN³oºØ¬[ºc¨ä¹ê¬Û¹ï³æ¯Â¡C
¥u­n¦b¥¼ÅçÃÒ¨­¥÷ªº¹ïÀ³VLANùØ¡A±NDHCP°tµoªºDNS³]©w¬°NAC©Ò§êºtªºDNS Proxy´N§¹¦¨¤F¡C

·í¥¼ÅçÃÒ¨­¥÷ªº¨Ï¥ÎªÌ¶}±Òºô­¶®É¡A
´N·|³QDNS Proxy¾É¦VNACªºWeb Portal¡C



♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã

If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!
2014-08-24, 22:12 shunze ªº­Ó¤H¸ê®Æ §â shunze ¥[¤J¦n¤Í¦Cªí µo°eEmailµ¹ shunze ÂsÄý shunze ªººô¯¸ MSN : shunze@gmail.com
  « ¤W¤@½g¥DÃD ¤U¤@½g¥DÃD »
µoªí·s¥DÃD µoªí¦^ÂÐ
¸õ¨ì:

Powered by: Burning Board 1.1.1 2001 WoltLab GbR