基于(cisco)ACS的mac地址访问控制和telnet,ssh的访问控制
基于ACS的mac地址访问控制和telnet,ssh的访问控制实验环境:两台pc机,一台做测试pc,一台做acs服务器实验说明:实现mac地址绑定认证,从而有效保护交换机访问安全。实现telnet和ssh访问验证
同样是对交换机的安全设置。本实验采用的是cisco的AAA认证acs来实现的。
绑定端口mac值认证:
mac-authentication
int e1/0/3
mac-authentication
MAC-authentication is enabled on port Ethernet1/0/3
quit
radius scheme xxx
New Radius scheme
primary ?
accounting Specify IP address of primary accounting RADIUS server
authentication Specify IP address of primary authentication RADIUS server
primary authentication 192.168.20.3
server-type standard
accounting optional
key authentication 123456
user
user-name-format without-domain
quit
domain system
radius-scheme xxx
accounting optional
quit
mac-authentication authmode ?
usernameasmacaddress Specify username and password both equal to the MAC
address being authenticated
usernamefixed Username and password are fixed
mac-authentication authmode usernameasmacaddress ?
usernameformat Username format
<cr>
mac-authentication authmode usernameasmacaddress usernameformat ?
with-hyphen MAC address with '-', just like XX-XX-XX-XX-XX-XX
without-hyphen MAC address without '-', just like XXXXXXXXXXXX
mac-authentication authmode usernameasmacaddress usernameformat without-hyphen
交换机配置完成
在acs服务器上设置用户名和密码都为pc机的mac地址;
然后pc机ping交换机:
做telnet控制访问:
先在acs服务器上做一个用户user2密码也为user2
然后交换机上配置:
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
测试:
做ssh连接访问控制:
rsa local-key-pair create
The local-key-pair will be created.
ssh authentication-type default ?
all All authentication
password Password authentication
password-publickey Password and Publickey authentication
rsa RSA authentication
ssh authentication-type default all ?
<cr>
ssh authentication-type default all
测试:
测试成功!
沙发!沙发! 睡眠是一门艺术——谁也无法阻挡我追求艺术的脚步! 昨天,系花对我笑了一下,乐得我晚上直数羊,一只羊,两只羊,三只羊…… 我在马路边丢了一分钱 为中华而努力读书!一包中华好多钱啊~~~
页:
[1]