 ¡m¤À¨É¡nNAC³z¹LLocal Password Repository¶i¦æ±b/±KÅçÃÒ |       |
NAC°£¤F¥i»PRadius¤ÎLADP¶i¦æ±b¸¹»{ÃÒ¥~¡A
¤]¥i¥H¨Ï¥ÎNAC¥»¨¨Ó°µ¬°±b¸¹/±K½Xªº¸ê®Æ®w¡C
¥H¤U¬°NAC°µlocal password repository¡A·f°t802.1X¹ï«eºÝµn¤J¹q¸£¶i¦æÅçÃÒªº¥Ü½d¡C
- ©óNAC Manager¤¤¡A¿ï¦nNAC Appliacne«á¡AÂIÀ» Default ³]©wNAC Configuration¡C
- ¨Ó¨ìAAA«á¡A·s¼W¤@ÓAAA Configuration - LocalAuth¡A
¤Ä¿ï Authenticate Requests Locally for MAC (All)¡A
µM«á¦b¤U©Ôªº Local Password Repository ¤¤¡AÂI¿ï¾¦½ü¹Ï¥Ü¶i¦æ½s¿è¡C
- ³o¼Ë´N·|¶i¤J Local Password Repository ªº½s¿è¾¹¡C
«ö¤U Add ¥i·s¼W¤@²Õ±b/±K¡C
·s¼W§¹¦¨«á¡A´N·|¥X²{è¤~·s«Øªº±b¸¹¡C
- ¦^¨ìAAA¡A§Ú̳]©w³o²ÕAAAªºÅçÃÒ¤èªk¡C
¦bAuthentication MethodùØ¿ï¾ÜLocal Authentication¡A«ü©wn¥ÎNAC Local Password Repository°µ¬°ÅçÃÒ¤èªk¡C
- ¨ìRules¡A³]©w¸ÓÅçÃҤ覡³q¹L«á¡A¹ïÀ³ªºÅv¡C
«ö¤U ¡§·s¼W¡¨ ¹Ï¥Ü¡A¨Ó«Ø¥ß¤@µ§·s³W«h¡C
User Group´N¿ï Local Password Repository Users¡A
ProfileÀH«K¿ï¤@ӨӨϥΡA§ÚÌ¿ï¥ÎAllow NAC Profile¨Ó°µ¥Ü½d¡A
¹ïÀ³ªºpolicy role¬OEnterprise User¡C
«Ø¦n«á¡ARules´N·|¦h¥Xè¤~«Ø¥ßªº³o¤@µ§¡C
¦^¨ìNAC Managerº¶¡A«ö¤U Enforce ¹Ï¥Ü¼g¤J§ó·s¡ANACªº³¡¤À´N§¹¦¨¤F¡C
Switch±Ò¥Î 802.1X ÅçÃÒ
- ©óPolicy Manager¤¤¡A¥ý½T»{SwitchªºRADIUS¬O§_«ü¦VNAC¡C
- µM«á©óAuthentication¶±¤¤¡A«ü©wRADIUSÅçÃÒ¬O³z¹L802.1X¨Ó¶i¦æ¡C
- ³]©wn±Ò¥ÎÅçÃÒªºport¡C³oÃä§ÚÌ¥Hport ge.1.2¬°¥Ü½d¡C
Authentication Behavior³]¬° Active¡A
¦ÓUnauthentication Behavior«h¬° Discard¡C
µn¤JÅçÃÒ
- «eºÝ¹q¸£±Ò¥Î802.1X«á¡A¶i¦æµn¤JÅçÃÒ¡C
¿é¤Jè¤~«Ø¥ßªº±b¸¹±K½X¡A¶i¦æµn¤J¡C
µn¤J«á¡Aºô¸ô¹Ï¥Ü¥Ñ¤T¨¤§Îĵ¥ÜÅܦ^¥¿±`¡C
- ¦^¨ìNAC Managerªº End-Systems ¶i¦æµn¤J¸ê°Tªº½T»{¡C
è¤~ªºµn¤J¡A½T¹ê¬O¥Ñ±b¸¹ test ¦b ge.1.2 ¥H 802.1X ªºÅçÃÒÃþ«¬¶i¦æµn¤J¡C
µn¤J«áªºProfile¬O Allow NAC Profice¡A»P³]©w¬Û¦P¡C
³z¹LNAC¥»¨ªºLocal Password Repository°µ¬°»{ÃÒ¨Ó·½¡A³o¥\¯à¨ä¹ê«Ü¶§¬K¡C
¥¦µLªk¹ï¨Ï¥ÎªÌ¶i¦æ¸s²Õ°Ï¤À¡A¤]¤£¯àµ¹¤©¦U¦Û¹ïÀ³Åv¡F
°ß¤@¯à°µªº¡A¥u¬O¬°¤£¦P¨Ï¥ÎªÌ«Ø¥ß¤£¦PRepository¡A
°µ¬°ÅçÃҮɪº±b/±K¹ïÀ³¡AµM«áµ¹¤©¤@PªºÅv¡A¶È¦¹¦Ó¤w¡C
♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã
If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!
|
2014-08-18, 22:55
¡m¤À¨É¡nLocal Password Repository¹w³]±K½X