AAA на примере FreeRadius — различия между версиями
Moiseevvi (обсуждение | вклад) (→AAA) |
Moiseevvi (обсуждение | вклад) (→Cisco IOS) |
||
Строка 44: | Строка 44: | ||
== Cisco IOS == | == Cisco IOS == | ||
+ | === default config === | ||
+ | Начальная конфигурация коммутатора для работы выглядит так | ||
+ | <code> | ||
+ | ! | ||
+ | service timestamps log datetime msec localtime show-timezone year | ||
+ | ! | ||
+ | enable secret 5 $1$eII1$tBNEV9R6Gzy2cr/9rAaxk1 | ||
+ | ! | ||
+ | username cisco1 secret 5 $1$d08J$pSSW3WfregkPKjYJAWjyX0 | ||
+ | no aaa new-model | ||
+ | clock timezone GMT+6 6 0 | ||
+ | ! | ||
+ | vlan internal allocation policy ascending | ||
+ | ! | ||
+ | vlan 88 | ||
+ | ! | ||
+ | interface range FastEthernet0/1 - 24 | ||
+ | switchport access vlan 88 | ||
+ | switchport mode access | ||
+ | spanning-tree portfast | ||
+ | ! | ||
+ | interface Vlan88 | ||
+ | ip address 212.192.88.150 255.255.255.0 | ||
+ | no shut | ||
+ | ! | ||
+ | ip default-gateway 212.192.88.1 | ||
+ | ! | ||
+ | line vty 0 15 | ||
+ | logging synchronous | ||
+ | login local | ||
+ | ! | ||
+ | ntp server 212.192.64.2 | ||
+ | </code> | ||
+ | |||
+ | === AAA new-model === | ||
+ | |||
== SSH == | == SSH == | ||
Версия 04:39, 13 марта 2014
Содержание
AAA на примере FreeRadius
AAA
A
A
A
local LDAP Kerberos RADIUS TACACS+ SSO
RADIUS-server <---> NAS <---> user
freeradius
apt-get install freeradius
NAS:
/etc/freeradius/clients.conf
Пользователи:
/etc/freeradius/users
cisco Cleartext-Password := "ciscocisco"
service freeradius stop freeradius -X
Проверка:
root@model-net-ctrl-1:~# radtest cisco ciscocisco 127.0.0.1 0 testing123
Sending Access-Request of id 118 to 127.0.0.1 port 1812
User-Name = "cisco"
User-Password = "ciscocisco"
NAS-IP-Address = 212.192.64.218
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=118, length=20
Cisco IOS
default config
Начальная конфигурация коммутатора для работы выглядит так
!
service timestamps log datetime msec localtime show-timezone year
!
enable secret 5 $1$eII1$tBNEV9R6Gzy2cr/9rAaxk1
!
username cisco1 secret 5 $1$d08J$pSSW3WfregkPKjYJAWjyX0
no aaa new-model
clock timezone GMT+6 6 0
!
vlan internal allocation policy ascending
!
vlan 88
!
interface range FastEthernet0/1 - 24
switchport access vlan 88
switchport mode access
spanning-tree portfast
!
interface Vlan88
ip address 212.192.88.150 255.255.255.0
no shut
!
ip default-gateway 212.192.88.1
!
line vty 0 15
logging synchronous
login local
!
ntp server 212.192.64.2