2014年1月20日 星期一
【ISE】Interface MAB OPEN Setting
[Interface MAB OPEN Setting VLan27]
authentication event server dead action reinitialize vlan 27
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication priority mab
authentication port-control auto
authentication periodic
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
[Interface MAB OPEN Setting VLan17]
authentication event server dead action reinitialize vlan 17
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication priority mab
authentication port-control auto
authentication periodic
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
[Interface MAB OPEN Setting VLan26]
authentication event server dead action reinitialize vlan 26
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication priority mab
authentication port-control auto
authentication periodic
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
[Interface MAB OPEN Setting VLan16]
authentication event server dead action reinitialize vlan 16
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication priority mab
authentication port-control auto
authentication periodic
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
【ISE】ISE Server MAB Authentication Setting
[ISE Server MAB Authentication Setting]
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!
authentication mac-move permit
!
dot1x system-auth-control
!
logging host 10.91.1.11
logging host 10.91.1.11 transport udp port 20514
!
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.91.1.11 version 2c tcbank mac-notification
!
radius-server dead-criteria time 5 tries 3
radius-server deadtime 1
radius-server vsa send accounting
radius-server vsa send authentication
!
radius server tcbank_kao_ise
address ipv4 10.91.1.10 auth-port 1812 acct-port 1813
key tcbank
!
radius server tcbank_tpe_ise
address ipv4 10.90.90.10 auth-port 1812 acct-port 1813
key tcbank
!
radius server tcbank_kao_ise_admin
address ipv4 10.91.1.11 auth-port 1812 acct-port 1813
key tcbank
!
mac address-table notification change
mac address-table notification mac-move
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!
authentication mac-move permit
!
dot1x system-auth-control
!
logging host 10.91.1.11
logging host 10.91.1.11 transport udp port 20514
!
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.91.1.11 version 2c tcbank mac-notification
!
radius-server dead-criteria time 5 tries 3
radius-server deadtime 1
radius-server vsa send accounting
radius-server vsa send authentication
!
radius server tcbank_kao_ise
address ipv4 10.91.1.10 auth-port 1812 acct-port 1813
key tcbank
!
radius server tcbank_tpe_ise
address ipv4 10.90.90.10 auth-port 1812 acct-port 1813
key tcbank
!
radius server tcbank_kao_ise_admin
address ipv4 10.91.1.11 auth-port 1812 acct-port 1813
key tcbank
!
mac address-table notification change
mac address-table notification mac-move
訂閱:
文章 (Atom)