 ¡m¤À¨É¡nSummit Switch Netlogin·f°tNACÅçÃÒ |       |
Extreme Summit Switch¦bRadiusÅçÃÒ¤W¡A¤ä´©¤FWEB base¡A802.1X»PMAC base¤TºØ°ò¥»netlogin¾÷¨î¡C
¤@¯ë¨Ó»¡¦b³¡¸pRadiusÅçÃҮɡA¥Dn¬O¥H802.1X¬°¥D¡F
Y³]³ÆµLªk³z¹L802.1xÅçÃҮɡA¦A³z¹LMACªº¤è¦¡Åý³]³Æ¶i¦æÅçÃÒ¡C
¦ÓWEB base³oºØ¤è¦¡«hºâ¬O¤ñ¸û¿W¥ßªº¤@ºØ¤è¦¡¡C
Extreme SummitªºRadius Server³]©w¦p¤U¡C
configure radius netlogin [primary | secondary] server <Radius_Server_IP> client-ip <Switch_IP> vr <vr_name>
configure radius netlogin [primary | secondary] shared-secret <sharedsecret>
enable radius
³]©w§¹¦¨«á¡A¥i³z¹L¥H¤U«ü¥OÀ˵øRadius²ÕºA¡C
show radius
¥t¥~Summit Switch¦b¶i¦æRadiusÅçÃҮɡA§¡»Ýn·f°t¤@Óvlan¨Ó®M¥Î¡A«ü¥O¦p¤U¡C
create vlan <vlan-name>
configure netlogin vlan <vlan-name>
°ò¥»¤W802.1X¤ÎMAC baseÅçÃÒ»P¦¹vlanªºÃö«Y¤£¤j¡A
ÅçÃÒ¦¨¥\·|½á¤©¸Óportªº¹ïÀ³Åv¡FÅçÃÒ¥¢±Ñ¡A·|ª½±µblock¸Óport¡C
¦¹vlan¦bÅçÃÒ¹Lµ{¤¤¨Ã¨S¦³¹ê»Ú·N¸q¡C
¦ýY¬OWEB baseªºÅçÃÒ¡A³ovlan·|¥Î¨Ó°µ¬°ÅçÃÒ¹Lµ{¤¤ªººô¸ôÀô¹Ò¡A
´£¨Ñ¦³ªººô¸ô¯à¤O¡A±Nuser¾É¦VÅçÃÒºô¶¶i¦æÅçÃÒ¡C
ÅçÃÒ¦¨¥\«á¡A·|½á¤©¸Óportªº¹ïÀ³Åv¡FÅçÃÒ¥¢±Ñ´N°±¯d¦b¦¹¼È®ÉªºvlanÀô¹Ò¤¤¡A
¤£¦P©ó802.1X¤ÎMAC baseÅçÃÒ¡A¦b¬[ºc¤W¦³¨äªº¿W¯S·N¸q¡C
¤£¹L¤£½×¬OWEB base¡A802.1X©Î¬OMAC Base¡A³onetlogin vlan³£¥²»Ý¦s¦b¡C
§_«hµLªk±Ò¥Înetlogin»{ÃÒ¡C
¥H¤U¬°¶¶¤lªº´ú¸ÕÀô¹Ò¡A¥Î¨Ó´ú¸ÕSummit Switch»PNetSight NACªºÅçÃÒ¡C
Summit Switch X250¡AIP 192.168.10.200¡A¶´Å骩¥»15.3¡F
NAC 192.168.10.12¡Aª©¥»6.2.0.162¡F
User IP 192.168.10.208¡AÅçÃÒ±b¸¹ Shunze¡C
Summit Switch SNMP V3³]©w (ÅýNetSight¥i³z¹LSNMP V3ºÞ²zSwitch)
configure snmpv3 add user snmpuser authentication md5 snmpauthcred privacy des snmpprivcred
configure snmpv3 add group NetSight user snmpuser sec-model usm
configure snmpv3 add access NetSight sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultAdminView
configure snmpv3 add mib-view allMIB subtree 1
Summit Switch Radius³]©w
configure radius netlogin primary server 192.168.10.12 client-ip 192.168.10.200 vr vr-default
configure radius netlogin primary shared-secret ETS_TAG_SHARED_SECRET
enable radius
Netlogin vlan³]©w
create vlan test
configure netlogin vlan test
³z¹L802.1X»PNACÅçÃÒ
n±Ò¥ÎSummit Switchªº802.1XÅçÃÒ¡A«ü¥O¦p¤U¡C
enable netlogin dot1x
enable netlogin ports <Port_String> dot1x
¦bNAC¤W³]©w¦nÅçÃÒ¸ê®Æ®w«á¡Auser³s¤Wswitch®É¡A³z¹L802.1X¶i¦æÅçÃÒ¥i±o¨ì¦p¤Uµ²ªG¡C
©óSummit Switch¤W¤]¥i¬Ý¨ì¹ïÀ³ªºÅçÃÒ°T®§¡A³]©w¤W¬Û¹ï²³æ¡C
³z¹LMAC»PNACÅçÃÒ
n±Ò¥ÎSummit SwitchªºMAC baseÅçÃÒ¡A«ü¥O¦p¤U¡C
enable netlogin mac
enable netlogin ports <Port_String> mac
µM«á¦A³]©w¤¹³\³z¹LMACÅçÃÒªººô¥d¤Î¹ïÀ³ªºport¡C
configure netlogin add mac-list [default | <MAC_Address>] ports <Port_String>
mac-list³]©w¬° default ¡A«h¤¹³\©Ò¦³ºô¥d³z¹LMAC baseªº¤è¦¡¨Ó¶i¦æÅçÃÒ¡F
Y¤£¤¹³\©Ò¦³ªººô¥d¬Ò¥i³z¹LMAC base¨ÓÅçÃÒ¡A½Ð°È¥²³v¤@«Ø¥ß¤¹³\ªººô¥d²M³æ¡C
¦bNAC¤W³]©wMACÅçÃÒ¤ñ¸û¯S§O¡C
¶¶¤l¸Õ¹L¦UºØ¤è¦¡¡A³£µLªk±Nuserªººô¥d·í°µ±b¸¹/±K½X°e¨ì«áºÝÅçÃÒ¸ê®Æ®w¡A¥u¯à³z¹LNAC¥»¨¨Ó¶i¦æÅçÃÒ¡C
¦]¦¹¦bNACªº³]©w¤W¡A»Ý¤Ä¿ï Authenticate Requests Locally for MAC ÅýMACÅçÃÒ¥ÑNAC¥»¨¨Ó¶i¦æ¡C
µM«á¦b Rules ùØ¡A¦A¥h·s¼W¤@Ó·s³W«h¡A§â»Ýn³z¹LMACÅçÃÒªººô¥d¸¹½X³v¤@¥[¤J¡C
ºô¥d¸ê®Æ®w«Ø¥ß§¹¦¨«á¡Auserªººô¥d´N¯à¹ïÀ³³W«h¡A¦Ó½á¤©³]©wªºÅv¡C
©óSummit Switch¤W¤]¥i¬Ý¨ì¹ïÀ³ªºÅçÃÒ°T®§¡C
³z¹LWEBÅçÃÒ
n±Ò¥ÎSummit SwitchªºWEB baseÅçÃÒ¡A«ü¥O¦p¤U¡C
enable netlogin web-base
enable netlogin ports <Port_String> web-base
µM«á¦A«Ø¥ßnetlogin vlanªºIP°Ï¬q»PDHCPµo©ñ¡A
¨Ã±N»{ÃÒµe±¾É¦VSummitªº³sµ²¡A±N¨Ï¥ÎªÌ±b¸¹/±K½X°e¨ìRadius¶i¦æÅçÃÒ¡C
¦ý³o³¡¤À¶¶¤l´ú¸Õ¥¢±Ñ¡I
DHCPªºµo©ñ»P»{ÃÒ¶±ªº¤Þ¾É³£¥¿½T¡A¦ýSummit´N¬O¸õ¤£¥X¨Ï¥ÎªÌªºÅçÃÒµe±¡A
¥u·|¸õ¥XSummitªºwebºÞ²z¶±¡AµLªk¶i¦æRadiusÅçÃÒ...
µ¥§ï¤Ñ¦³§Oªº¾÷¾¹¦A¨Ó´ú¬Ý¬Ý¡C
¥¢±Ñªº³]©w«ü¥O¦p¤U¡A¥ý°µÓµ§°O¡A§ï¤Ñ¦³µª®×¦A¨Ó×¥¿¡C
create vlan test
enable ipforwarding
configure vlan test ipaddress 192.168.32.10 255.255.255.0
configure vlan test dhcp-address-range 192.168.32.20 - 192.168.32.80
configure vlan test dhcp-options default-gateway 192.168.32.10
configure vlan test dhcp-options dns-server 192.168.10.1
configure netlogin vlan test
enable netlogin web-based
enable netlogin ports 23 web-based
configure netlogin base-url 192.168.32.10
configure netlogin redirect-page http://192.168.32.10
***2015/03/02§ó·s***
¤µ¤Ñ®³¨ì¤@¥x·sªºX430¡A¶¶«K´ú¸Õ¤@¤Uweb baseÅçÃÒ¡C
¦b´ú¸Õ¹Lµ{¤¤¡A¶¶¤lµo²{¤@ӫܤjªº°ÝÃD¡A
web baseÅçÃÒ»Ýn±Ò¥Îvlan¶¡ªºipforwarding¡A¦ÓX430°ò¥»¤W¬OedgeºÝswitch¡A
¨S¦³L3 routing¯à¤O¡AµLªk±Ò¥Îipforwarding¡A´ú¸Õ¥¢±Ñ...
802.1X»PMAC¨Ã¦s
802.1X»PMAC¨âºØÅçÃÒ¾÷¨î¨Ã¦s¬O¨S¦³°ÝÃDªº¡C
¦]¬°MAC¥»¨Ó´N¬OnÅýµLªk³z¹L802.1Xªº³]³Æª½±µ¥Hºô¥d¨Ó¶i¦æÅçÃÒªº¤@ºØ»²§U¾÷¨î¡C
¦ýY¨âªÌ¦P®É¦s¦b®É¡Aþ¤@ºØ¾÷¨î·|Àu¥ý±Ä¥Î¡H
°ò¥»¤Wºô¥d±Ò¥Î¤F802.1XªºÅçÃÒ´N¤@©w·|³z¹L802.1X¨ÓÅçÃÒ¡A
ÅçÃÒ¥¢±Ñ¡A´N³Q©Úµ´ºô¸ô¯à¤O¡A¤£·|¦A³z¹LMAC¨ÓÅçÃÒ¡C
¦ýY¥¼±Ò¥Î802.1X¡A«h·|°h¦Ó¨D¨ä¦¸ªº³z¹Lºô¥d¨ÓÅçÃÒ¡C
¤£½×¦bNAC©ÎSwitch¤W³£¥i²M·¡¬Ý¨ì¨äÅçÃҤ覡¡C
♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã
If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!
|
2015-02-13, 17:57
