Txais tos rau tus ncej thib peb hauv Cisco ISE series. Txuas mus rau tag nrho cov kab lus hauv koob tau muab hauv qab no:
Hauv cov ntawv tshaj tawm no, koj yuav dhia mus rau hauv kev nkag mus rau qhua, nrog rau cov lus qhia ib kauj ruam los ntawm kev sib koom ua ke Cisco ISE thiab FortiGate los teeb tsa FortiAP, qhov chaw nkag los ntawm Fortinet (feem ntau, txhua yam khoom siv uas txhawb nqa. RADIUS CoA - Hloov Kev Tso Cai).
Txuas nrog yog peb cov ntawv. .
ПримечаниеA: Check Point SMB li tsis txhawb RADIUS CoA.
zoo kawg piav qhia ua lus Askiv yuav ua li cas los tsim cov qhua siv Cisco ISE ntawm Cisco WLC (Wireless Controller). Cia peb xav txog nws!
1. Taw qhia
Kev nkag mus rau qhua (portal) tso cai rau koj los muab kev nkag mus rau Is Taws Nem lossis cov peev txheej sab hauv rau cov qhua thiab cov neeg siv uas koj tsis xav tso rau hauv koj lub network hauv zos. Muaj 3 yam uas tau teev tseg ua ntej ntawm tus qhua portal (Guest portal):
-
Hotspot Guest portal - Kev nkag mus rau lub network yog muab rau cov qhua yam tsis muaj cov ntaub ntawv nkag mus. Cov neeg siv feem ntau yuav tsum lees txais lub tuam txhab "Siv thiab Txoj Cai Tswjfwm Ntiag Tug" ua ntej nkag mus rau lub network.
-
Sponsored-Guest portal - nkag mus rau lub network thiab cov ntaub ntawv nkag mus yuav tsum tau muab los ntawm tus neeg txhawb nqa - tus neeg siv lub luag haujlwm tsim cov qhua ntawm Cisco ISE.
-
Self-Registered Guest portal - nyob rau hauv rooj plaub no, cov qhua siv cov ntaub ntawv nkag mus uas twb muaj lawm, lossis tsim ib tus account rau lawv tus kheej nrog cov ntsiab lus nkag, tab sis tus neeg txhawb nqa kev pom zoo yuav tsum tau nkag mus rau hauv lub network.
Ntau lub portals tuaj yeem xa mus rau Cisco ISE tib lub sijhawm. Los ntawm lub neej ntawd, nyob rau hauv cov qhua portal, tus neeg siv yuav pom Cisco logo thiab cov qauv kab lus. Tag nrho cov no tuaj yeem hloov kho thiab txawm teem caij los saib yuav tsum tshaj tawm ua ntej nkag mus.
Kev teeb tsa qhua tuaj yeem raug faib ua 4 cov kauj ruam tseem ceeb: FortiAP teeb tsa, Cisco ISE thiab FortiAP kev sib txuas, kev tsim vaj tsev qhua, thiab kev teeb tsa txoj cai.
2. Configuring FortiAP ntawm FortiGate
FortiGate yog tus tswj xyuas qhov chaw nkag thiab txhua qhov chaw tau ua rau nws. FortiAP cov ntsiab lus nkag tau txhawb nqa PoE, yog li thaum koj tau txuas nrog lub network ntawm Ethernet, koj tuaj yeem pib teeb tsa.
1) Ntawm FortiGate, mus rau tab WiFi & Hloov Tus Tswj> Tswj FortiAPs> Tsim Tshiab> Tswj AP. Siv tus lej nkag mus rau tus lej cim tshwj xeeb, uas tau luam tawm ntawm qhov nkag nkag nws tus kheej, ntxiv rau nws ua khoom. Los yog nws tuaj yeem pom nws tus kheej thiab tom qab ntawd nias Tso cai siv txoj cai nas khawm.
2) FortiAP teeb tsa tuaj yeem ua lub neej ntawd, piv txwv li, tawm hauv lub screenshot. Kuv pom zoo kom tig rau 5 GHz hom, vim qee cov khoom siv tsis txhawb 2.4 GHz.
3) Tom qab ntawd hauv tab WiFi & Hloov Tswj> FortiAP Profiles> Tsim Tshiab peb tab tom tsim ib qhov profile rau qhov chaw nkag (version 802.11 raws tu qauv, SSID hom, channel zaus thiab lawv tus lej).
FortiAP kev teeb tsa piv txwv
4) Cov kauj ruam tom ntej yog los tsim SSID. Mus rau tab WiFi & Hloov Tswj> SSIDs> Tsim Tshiab> SSID. Ntawm no los ntawm qhov tseem ceeb yuav tsum tau teeb tsa:
-
chaw nyob chaw rau qhua WLAN - IP/Netmask
-
RADIUS Accounting thiab Secure Fabric Connection nyob rau hauv Administrator Access teb
-
Device Detection xaiv
-
SSID thiab tshaj tawm SSID xaiv
-
Kev ruaj ntseg hom chaw> Captive Portal
-
Authentication Portal - Sab nrauv thiab ntxig ib qhov txuas mus rau cov qhua tsim portal los ntawm Cisco ISE los ntawm kauj ruam 20
-
Pab pawg neeg siv - Guest Group - Sab nraud - ntxiv RADIUS rau Cisco ISE (p. 6 onwards)
SSID kev teeb tsa piv txwv
5) Tom qab ntawd koj yuav tsum tsim cov cai hauv txoj cai nkag ntawm FortiGate. Mus rau tab Txoj Cai & Khoom> Txoj Cai Firewall thiab tsim ib txoj cai zoo li no:
3. RADIUS teeb tsa
6) Mus rau Cisco ISE web interface rau lub tab Txoj Cai> Txoj Cai Cov Ntsiab Lus> Cov Lus Txhais> Qhov System> Radius> RADIUS Cov Neeg Muag Khoom> Ntxiv. Hauv tab no, peb yuav ntxiv Fortinet RADIUS rau cov npe ntawm cov txheej txheem txhawb nqa, txij li yuav luag txhua tus neeg muag khoom muaj nws tus yam ntxwv tshwj xeeb - VSA (Vendor-Specific Attributes).
Cov npe ntawm Fortinet RADIUS tus cwj pwm tuaj yeem pom . VSAs raug cais los ntawm lawv tus naj npawb Vendor ID. Fortinet muaj tus ID no = 12356... puv VSA tau tshaj tawm los ntawm IANA.
7) Teem lub npe ntawm phau ntawv txhais lus, qhia meej Tus neeg muag khoom ID (12356) thiab nias Muab Xa.
8) Tom qab peb mus rau Kev tswj hwm> Network Device Profiles> Ntxiv thiab tsim cov cuab yeej tshiab profile. Hauv RADIUS Dictionaries teb, xaiv Fortinet RADIUS phau ntawv txhais lus yav dhau los thiab xaiv cov txheej txheem CoA siv tom qab hauv ISE txoj cai. Kuv xaiv RFC 5176 thiab Port Bounce (shutdown / tsis kaw lub network interface) thiab cov VSAs sib xws:
Fortinet-Access-Profile=read-write
Fortinet-Group-Npe = fmg_faz_admins
9) Tom ntej no, ntxiv FortiGate rau kev sib txuas nrog ISE. Txhawm rau ua qhov no, mus rau lub tab Kev tswj hwm> Network Resources> Network Device Profiles> Ntxiv. Teb yuav hloov Lub npe, tus neeg muag khoom, RADIUS phau ntawv txhais lus (IP Chaw Nyob yog siv los ntawm FortiGate, tsis yog FortiAP).
Piv txwv ntawm kev teeb tsa RADIUS los ntawm ISE sab
10) Tom qab ntawd, koj yuav tsum teeb tsa RADIUS ntawm FortiGate sab. Hauv FortiGate web interface, mus rau Tus neeg siv & Kev lees paub> RADIUS Servers> Tsim Tshiab. Qhia lub npe, IP chaw nyob thiab Qhia zais zais (password) los ntawm kab lus dhau los. Tom ntej no nyem Ntsuam xyuas cov neeg siv daim ntawv pov thawj thiab nkag mus rau txhua daim ntawv pov thawj uas tuaj yeem rub tawm ntawm RADIUS (piv txwv li, tus neeg siv hauv zos ntawm Cisco ISE).
11) Ntxiv RADIUS server rau Guest-Group (yog tias nws tsis muaj) nrog rau cov neeg siv sab nraud.
12) Tsis txhob hnov qab ntxiv Guest-Group rau SSID peb tau tsim ua ntej hauv kauj ruam 4.
4. Tus neeg siv kev lees paub qhov chaw
13) Optionally, koj tuaj yeem import daim ntawv pov thawj rau ISE qhua portal lossis tsim daim ntawv pov thawj tus kheej kos npe hauv tab Chaw Ua Haujlwm> Chaw Nkag Nkag> Kev Tswj Xyuas> Ntawv Pov Thawj> Daim Ntawv Pov Thawj.
14) Tom qab ntawv tab Chaw Ua Haujlwm> Kev Nkag Mus Nkag> Cov Pab Pawg Tus Kheej> Pawg Neeg Siv Tus Kheej> Ntxiv tsim ib pab pawg neeg siv tshiab rau cov qhua nkag, lossis siv lub neej ntawd sawv daws yuav.
15) Ntxiv rau hauv tab Kev tswj hwm> Tus kheej tsim cov neeg siv qhua thiab ntxiv rau cov pab pawg los ntawm kab lus dhau los. Yog tias koj xav siv tus account thib peb, ces hla cov kauj ruam no.
16) Tom qab peb mus rau qhov chaw Chaw Ua Haujlwm> Chaw Nkag Nkag> Tus Kheej> Tus Kheej Source Sequence > Guest Portal Sequence — qhov no yog lub neej ntawd authentication sequence rau cov neeg siv qhua. Thiab hauv teb Tshawb nrhiav cov npe xaiv tus neeg siv kev lees paub qhov kev txiav txim.
17) Txhawm rau ceeb toom cov qhua nrog tus password ib zaug, koj tuaj yeem teeb tsa SMS cov chaw muab kev pabcuam lossis SMTP server rau lub hom phiaj no. Mus rau tab Chaw Ua Haujlwm> Chaw Nkag Nkag> Kev Tswj> SMTP Server los yog SMS Gateway Providers rau cov kev teeb tsa no. Nyob rau hauv cov ntaub ntawv ntawm SMTP neeg rau zaub mov, koj yuav tsum tsim ib tug account rau ISE thiab qhia cov ntaub ntawv nyob rau hauv no tab.
18) Rau SMS ceeb toom, siv lub tab tsim nyog. ISE muaj pre-installed profiles ntawm nrov SMS cov chaw muab kev pab, tab sis nws yog zoo dua los tsim koj tus kheej. Siv cov profiles no ua piv txwv ntawm kev teeb tsa SMS Email Gatewayy lub SMS HTTP API.
Ib qho piv txwv ntawm kev teeb tsa SMTP server thiab SMS rooj vag rau tus password ib zaug
5. Kev teeb tsa tus qhua portal
19) Raws li tau hais thaum pib, muaj 3 hom pre-installed qhua portals: Hotspot, Sponsored, Self-Registered. Kuv xav kom xaiv qhov kev xaiv thib peb, vim nws yog qhov feem ntau. Txawm li cas los xij, cov kev teeb tsa tau zoo ib yam. Yog li cia peb mus rau lub tab. Chaw Ua Haujlwm> Tus qhua nkag> Portals & Cheebtsam> Tus Neeg Qhua Portals> Tus Kheej Sau Npe Qhua Portal (default).
20) Tom ntej no, hauv Portal Page Customization tab, xaiv "Saib hauv Lavxias - Lavxias", yog li ntawd lub portal yog tso tawm nyob rau hauv Lavxias teb sab. Koj tuaj yeem hloov cov ntawv ntawm txhua lub tab, ntxiv koj lub logo, thiab ntau dua. Ntawm sab xis ntawm lub ces kaum yog saib ua ntej ntawm tus qhua portal kom pom zoo dua.
Piv txwv ntawm kev teeb tsa tus qhua portal nrog rau npe tus kheej
21) Nyem rau kab lus Portal xeem URL thiab luam lub portal URL rau SSID ntawm FortiGate hauv kauj ruam 4. Qauv URL
Txhawm rau tso saib koj tus lej sau npe, koj yuav tsum xa daim ntawv pov thawj mus rau tus qhua portal, saib kauj ruam 13.
22) Mus rau tab Chaw Ua Haujlwm> Kev Nkag Mus Nkag> Txoj Cai Element> Cov Ntsiab Lus> Cov Ntawv Tso Cai> Ntxiv los tsim ib qho kev tso cai profile nyob rau hauv lub yav tas los tsim ib tug Network Device Profile.
23) Se tab Chaw Ua Haujlwm> Kev Nkag Mus Nkag> Cov Txheej Txheem Cai hloov txoj cai nkag rau cov neeg siv WiFi.
24) Cia peb sim txuas rau tus qhua SSID. Nws tam sim ntawd redirects kuv mus rau nplooj ntawv nkag. Ntawm no koj tuaj yeem nkag rau hauv nrog tus account qhua tsim hauv zos ntawm ISE, lossis sau npe ua tus neeg siv qhua.
25) Yog tias koj tau xaiv qhov kev xaiv rau npe tus kheej, ces cov ntaub ntawv nkag mus ib zaug tuaj yeem xa los ntawm kev xa ntawv, ntawm SMS, lossis luam tawm.
26) Hauv RADIUS > Live Logs tab ntawm Cisco ISE, koj yuav pom cov ntaub ntawv nkag mus.
6. Xaus
Hauv tsab xov xwm ntev no, peb tau ua tiav kev teeb tsa qhua tuaj noj mov ntawm Cisco ISE, qhov twg FortiGate ua tus tswj xyuas qhov nkag, thiab FortiAP ua qhov chaw nkag. Nws hloov tawm ib hom kev sib koom ua ke tsis tseem ceeb, uas ib zaug ua pov thawj kev siv dav dav ntawm ISE.
Txhawm rau kuaj Cisco ISE, hu rau thiab tseem nyob twj ywm hauv peb cov channel (, , , , ).
Tau qhov twg los: www.hab.com