IT技术互动交流平台

基于cisco ACS的MAC地址访问控制和telnet,ssh的访问控制

来源:海阔天空  发布日期:2012-12-03 09:47:07
实验环境:两台pc机,一台做测试pc,一台做acs服务器
实验说明:实现mac地址绑定认证,从而有效保护交换机访问安全。实现telnet和ssh访问验证
同样是对交换机的安全设置。本实验采用的是cisco的AAA认证acs来实现的。
 

绑定端口mac值认证:
[Quidway]mac-authentication
[Quidway]int e1/0/3
[Quidway-Ethernet1/0/3]mac-authentication
 MAC-authentication is enabled on port Ethernet1/0/3
[Quidway-Ethernet1/0/3]quit
[Quidway]radius scheme xxx
New Radius scheme
[Quidway-radius-xxx]primary ?
 accounting      Specify IP address of primary accounting RADIUS server
 authentication Specify IP address of primary authentication RADIUS server
[Quidway-radius-xxx]primary authentication 192.168.20.3
[Quidway-radius-xxx]server-type standard
[Quidway-radius-xxx]accounting optional
[Quidway-radius-xxx]key authentication 123456
[Quidway-radius-xxx]user    
[Quidway-radius-xxx]user-name-format without-domain
[Quidway-radius-xxx]quit
[Quidway]domain system
[Quidway-isp-system]radius-scheme xxx
[Quidway-isp-system]accounting optional
[Quidway-isp-system]quit
[Quidway]mac-authentication authmode ?
 usernameasmacaddress Specify username and password both equal to the MAC
                        address being authenticated
 usernamefixed         Username and password are fixed
      
[Quidway]mac-authentication authmode usernameasmacaddress ?
 usernameformat Username format
 <cr>           
 
[Quidway]mac-authentication authmode usernameasmacaddress usernameformat ?
 with-hyphen     MAC address with '-', just like XX-XX-XX-XX-XX-XX
 without-hyphen MAC address without '-', just like XXXXXXXXXXXX
[Quidway]mac-authentication authmode usernameasmacaddress usernameformat without-hyphen
 
交换机配置完成
在acs服务器上设置用户名和密码都为pc机的mac地址; www.it165.net
 
 

 

 
然后pc机ping交换机:
 
 

 
做telnet控制访问:
先在acs服务器上做一个用户user2密码也为user2
 

然后交换机上配置:
[Quidway]user-interface vty 0 4
[Quidway-ui-vty0-4]authentication-mode scheme
[Quidway-ui-vty0-4]user privilege level 3
测试:
 

做ssh连接访问控制:
[Quidway]rsa local-key-pair create
The local-key-pair will be created.
[Quidway]ssh authentication-type default ?
 all                 All authentication
 password            Password authentication
 password-publickey Password and Publickey authentication
 rsa                 RSA authentication
 
[Quidway]ssh authentication-type default all ?
 <cr> 
 
[Quidway]ssh authentication-type default all
 
测试:
 

测试成功!

Tag标签: cisco   ACS   MAC地址   telnet   ssh  
  • 专题推荐

About IT165 - 广告服务 - 隐私声明 - 版权申明 - 免责条款 - 网站地图 - 网友投稿 - 联系方式
本站内容来自于互联网,仅供用于网络技术学习,学习中请遵循相关法律法规