...
| Раскрыть |
|---|
| title | изменения в конфигурации WLC |
|---|
|
| Блок кода |
|---|
| radius-server local
virtual-servernas defaultap
key proxyascii-mode
text upstream-server 1encrypted 8FB1007FB51B19A9E4
host 100.110.0.161network 192.168.1.0/24
exit
server-type allnas local
key ascii-text secret123encrypted 8FB1007FB51B19A9E4
network 127.0.0.1/32
exit
domain enabledefault
exit
exit
radius-server host virtual-server cisco_ise
proxy-mode
nas-ip-address 100.110109.01.161246
key asciiupstream-textserver secret123
exit
radius-servercisco-ise
host 127100.0110.0.1161
key asciiserver-texttype password
exit
aaa radius-profile default_radius
all
key ascii-text encrypted 8FB1007FB51B19A9E4
exit
enable
exit
enable
exit
radius-server host 100.110.0.161
key ascii-text secret123
exit
radius-server host 127.0.0.1
key ascii-text password
exit
securityaaa zoneradius-pair untrusted selfprofile default_radius
rule 2radius-server host 100.110.0.161
radius-server action permithost 127.0.0.1
exit
das-server COA
key ascii-text matchencrypted protocol tcp8FB1007FB51B19A9E4
port match destination-port object-group ssh1700
exit
aaa das-profile COA
das-server enableCOA
exit
ip rule 3
action permit
match protocol tcp
match destination-port object-group web
enable
exit
rule 4
action permit
match protocol tcp
match destination-port object-group dnsroute 0.0.0.0/0 x.x.x.x
wlc
outside-address 192.168.1.1
service-activator
enable
aps exit
rule 5join auto
exit
action permitap-location location_cisco_ise
matchmode protocol udptunnel
match destinationap-portprofile object-group dnsap-profile_cisco_ise
enable
exit
exit
ip route 0.0.0.0/0 x.x.x.x
wlc
ssid-profile ssid-profile_cisco_ise
exit
ssid-profile default-ssidssid-profile_cisco_ise
ssid "vva_cisco_ise"
radius-profile default-radiusradius_profile_cisco_ise
portal-enable
portal-profile default-portalportal_profile_cisco_ise
vlan-id 3
802.11kv
band 2g
band 5g
enable
exit
apradio-2g-profile default-ap_2g
password ascii-text password
services
ip telnet server
ip ssh server
ip http server
exitdescription "default_2g"
exit
radio-5g-profile default_5g
description "default_5g"
exit
ap-profile ap-profile_cisco_ise
password ascii-text encrypted 8CB5107EA7005AFF
exit
portal-profile default-portalportal_profile_cisco_ise
redirect-url-custom "https://x100.x110.x0.x161:8443/portal/PortalSetup.action?portal=10968c1f-36fe-4e5c-96ff-9d74f689b29b?action_url=<SWITCH_URL>&redirect=<ORIGINAL_URL>&ap_mac=<AP_MAC>"
age-timeout 10
verification-mode external-portal
exit
radius-profile default-radiusradius_profile_cisco_ise
auth-address 100192.110168.01.1611
auth-password ascii-text encrypted secret1238FB1007FB51B19A9E4
auth-acct-id-send
acct-enable
acct-address 100192.110168.01.1611
acct-password ascii-text secret123encrypted 8FB1007FB51B19A9E4
acct-periodic
exit
ip-pool acct-interval 60default-ip-pool
description "default-ip-pool"
ap-location location_cisco_ise
exit
enable
exit
|
|
Таблица 1 — Настройка URL шаблона для внешней портальной авторизации
...
| draw.io Diagram |
|---|
| border | true |
|---|
| viewerToolbar | true |
|---|
| |
|---|
| fitWindow | false |
|---|
| diagramName | wlc.cisco-like |
|---|
| simpleViewer | false |
|---|
| width | |
|---|
| diagramWidth | 1282 |
|---|
| revision | 1 |
|---|
|
Image RemovedРис.1 Процесс авторизации нового клиента(по логину и паролю)
...
