2019 幎ãã³ã³ãµã«ãã£ã³ã°äŒç€Ÿ Miercom ã¯ãCisco Catalyst 6 ã·ãªãŒãºã® Wi-Fi 9800 ã³ã³ãããŒã©ã®ç¬ç«ããæè¡è©äŸ¡ãå®æœããŸããããã®èª¿æ»ã®ããã«ãCisco Wi-Fi 6 ã³ã³ãããŒã©ãšã¢ã¯ã»ã¹ ãã€ã³ããããã¹ããã³ããçµã¿ç«ãŠãããæè¡çãœãªã¥ãŒã·ã§ã³ã¯æ¬¡ã®ã«ããŽãªãŒã§è©äŸ¡ãããŸãã
- å¯çšæ§;
- ã»ãã¥ãªãã£;
- ãªãŒãã¡ãŒã·ã§ã³ã
ç 究çµæã以äžã«ç€ºãã 2019 幎以éãCisco Catalyst 9800 ã·ãªãŒãº ã³ã³ãããŒã©ã®æ©èœã倧å¹
ã«åäžããŸããããããã®ç¹ã¯ãã®èšäºã«ãåæ ãããŠããŸãã
Wi-Fi 6 ãã¯ãããžãŒã®ãã®ä»ã®å©ç¹ãå®è£
äŸãå¿çšåéã«ã€ããŠèªãããšãã§ããŸãã
ãœãªã¥ãŒã·ã§ã³ã®æŠèŠ
Wi-Fi 6 ã³ã³ãããŒã© Cisco Catalyst 9800 ã·ãªãŒãº
Cisco Catalyst 9800 ã·ãªãŒãº ã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ã¯ãIOS-XE ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ïŒCisco ã¹ã€ããããã³ã«ãŒã¿ã«ã䜿çšïŒãããŒã¹ã«ããŠãããããŸããŸãªãªãã·ã§ã³ã§å©çšã§ããŸãã
9800-80 ã³ã³ãããŒã©ã®å€ãã¢ãã«ã¯ãæ倧 80 Gbps ã®ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ ã¹ã«ãŒãããããµããŒãããŸãã 9800 ã€ã® 80-6000 ã³ã³ãããŒã©ã¯ãæ倧 64 ã®ã¢ã¯ã»ã¹ ãã€ã³ããšæ倧 000 ã®ã¯ã€ã€ã¬ã¹ ã¯ã©ã€ã¢ã³ãããµããŒãããŸãã
ãããã¬ã³ãž ã¢ãã«ã® 9800-40 ã³ã³ãããŒã©ã¯ãæ倧 40 Gbps ã®ã¹ã«ãŒããããæ倧 2000 ã®ã¢ã¯ã»ã¹ ãã€ã³ããããã³æ倧 32 ã®ã¯ã€ã€ã¬ã¹ ã¯ã©ã€ã¢ã³ãããµããŒãããŸãã
ãããã®ã¢ãã«ã«å ããŠã競ååæã«ã¯ 9800-CL ã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ãŒ (CL ã¯ã¯ã©ãŠãã®ç¥) ãå«ãŸããŠããŸãã 9800-CL 㯠VMWare ESXI ããã³ KVM ãã€ããŒãã€ã¶ãŒäžã®ä»®æ³ç°å¢ã§å®è¡ããããã®ããã©ãŒãã³ã¹ã¯ã³ã³ãããŒã©ãŒä»®æ³ãã·ã³ã®å°çšããŒããŠã§ã¢ ãªãœãŒã¹ã«äŸåããŸãã Cisco 9800-CL ã³ã³ãããŒã©ã¯ãæ倧æ§æã§ã¯ãæ§ã¢ãã« 9800-80 ãšåæ§ã«ãæ倧 6000 ã®ã¢ã¯ã»ã¹ ãã€ã³ããšæ倧 64 ã®ç¡ç·ã¯ã©ã€ã¢ã³ãã®æ¡åŒµæ§ããµããŒãããŸãã
ã³ã³ãããŒã©ã䜿çšãã調æ»ãå®æœããéã«ã¯ããã¥ã¢ã« 4800 GHz ã¢ãŒãã«åçã«åãæ¿ããæ©èœãåãã2,4 GHz ããã³ 5 GHz ã®åšæ³¢æ°ã§ã®åäœããµããŒããã Cisco Aironet AP 5 ã·ãªãŒãº ã¢ã¯ã»ã¹ ãã€ã³ãã䜿çšãããŸããã
ãã¹ãã¹ã¿ã³ã
ãã¹ãã®äžç°ãšããŠãã¯ã©ã¹ã¿å ã§åäœãã 9800 å°ã® Cisco Catalyst 4800-CL ã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ãš Cisco Aironet AP XNUMX ã·ãªãŒãº ã¢ã¯ã»ã¹ ãã€ã³ãããã¹ã¿ã³ããçµã¿ç«ãŠãããŸããã
Dell ãš Apple ã®ã©ããããããããã³ Apple iPhone ã¹ããŒããã©ã³ãã¯ã©ã€ã¢ã³ã ããã€ã¹ãšããŠäœ¿çšãããŸããã
ã¢ã¯ã»ã·ããªãã£ãã¹ã
å¯çšæ§ã¯ããŠãŒã¶ãŒãã·ã¹ãã ãŸãã¯ãµãŒãã¹ã«ã¢ã¯ã»ã¹ããŠäœ¿çšã§ããèœåãšããŠå®çŸ©ãããŸãã é«å¯çšæ§ãšã¯ãç¹å®ã®ã€ãã³ãã«é¢ä¿ãªããã·ã¹ãã ãŸãã¯ãµãŒãã¹ã«ç¶ç¶çã«ã¢ã¯ã»ã¹ã§ããããšãæå³ããŸãã
é«å¯çšæ§ã¯ XNUMX ã€ã®ã·ããªãªã§ãã¹ããããŸãããæåã® XNUMX ã€ã®ã·ããªãªã¯ãå¶æ¥æéäžãŸãã¯å¶æ¥æéåŸã«çºçããå¯èœæ§ã®ããäºæž¬å¯èœãªã€ãã³ããŸãã¯ã¹ã±ãžã¥ãŒã«ãããã€ãã³ãã§ãã XNUMX çªç®ã®ã·ããªãªã¯å žåçãªå€±æã§ãããäºæž¬äžå¯èœãªã€ãã³ãã§ãã
ã·ããªãªã®èª¬æ:
- ãšã©ãŒä¿®æ£ â ã·ã¹ãã ã®ãã€ã¯ã ã¢ããããŒã (ãã°ä¿®æ£ãŸãã¯ã»ãã¥ãªã㣠ããã)ãã·ã¹ãã ãœãããŠã§ã¢ãå®å šã«ã¢ããããŒãããªããŠããç¹å®ã®ãšã©ãŒãè匱æ§ãä¿®æ£ã§ããŸãã
- æ©èœã¢ããããŒã - æ©èœã¢ããããŒããã€ã³ã¹ããŒã«ããããšã«ãããã·ã¹ãã ã®çŸåšã®æ©èœãè¿œå ãŸãã¯æ¡åŒµããŸãã
- å®å šã¢ããããŒã - ã³ã³ãããŒã© ãœãããŠã§ã¢ ã€ã¡ãŒãžãã¢ããããŒãããŸãã
- ã¢ã¯ã»ã¹ ãã€ã³ãã®è¿œå - ã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ãŒ ãœãããŠã§ã¢ã®åæ§æãæŽæ°ãå¿ èŠãšããã«ãæ°ããã¢ã¯ã»ã¹ ãã€ã³ã ã¢ãã«ãã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«è¿œå ããŸãã
- é害 - ã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ãŒã®é害ã
ãã°ãšè匱æ§ã®ä¿®æ£
å€ãã®ç«¶åãœãªã¥ãŒã·ã§ã³ã§ã¯ãããããé©çšããã«ã¯ã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ãŒ ã·ã¹ãã ã®å®å šãªãœãããŠã§ã¢ ã¢ããããŒããå¿ èŠã«ãªãããšãå€ãããã®çµæãèšç»å€ã®ããŠã³ã¿ã€ã ãçºçããå¯èœæ§ããããŸãã ã·ã¹ã³ã®ãœãªã¥ãŒã·ã§ã³ã®å Žåã補åãåæ¢ããã«ãããé©çšãå®è¡ãããŸãã ã¯ã€ã€ã¬ã¹ ã€ã³ãã©ã¹ãã©ã¯ãã£ãåäœãç¶ããŠããéããããã¯ä»»æã®ã³ã³ããŒãã³ãã«ã€ã³ã¹ããŒã«ã§ããŸãã
æé èªäœã¯éåžžã«ç°¡åã§ãã ããã ãã¡ã€ã«ã¯ Cisco ã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ã® XNUMX ã€ã®ããŒãã¹ãã©ãã ãã©ã«ãã«ã³ããŒãããGUI ãŸãã¯ã³ãã³ã ã©ã€ã³ãä»ããŠåäœã確èªãããŸãã ããã«ãã·ã¹ãã æäœãäžæããããšãªããGUI ãŸãã¯ã³ãã³ã ã©ã€ã³ã䜿çšããŠä¿®æ£ãå ã«æ»ãããåé€ãããããããšãã§ããŸãã
æ©èœã¢ããããŒã
æ©èœãœãããŠã§ã¢ã®ã¢ããããŒãã¯ãæ°ããæ©èœãæå¹ã«ããããã«é©çšãããŸãã ãããã®æ¹åã® XNUMX ã€ã¯ãã¢ããªã±ãŒã·ã§ã³çœ²åããŒã¿ããŒã¹ã®æŽæ°ã§ãã ãã®ããã±ãŒãžã¯ããã¹ããšã㊠Cisco ã³ã³ãããŒã©ã«ã€ã³ã¹ããŒã«ãããŸããã ããããšåæ§ã«ãæ©èœæŽæ°ã¯ããŠã³ã¿ã€ã ãã·ã¹ãã ã®äžæãªãã§é©çšãã€ã³ã¹ããŒã«ããŸãã¯åé€ãããŸãã
å®å šãªæŽæ°
çŸæç¹ã§ã¯ãã³ã³ãããŒã©ãŒ ãœãããŠã§ã¢ ã€ã¡ãŒãžã®å®å šãªã¢ããããŒãã¯ãæ©èœã¢ããããŒããšåãæ¹æ³ã§ãã€ãŸãããŠã³ã¿ã€ã ãªãã§å®è¡ãããŸãã ãã ãããã®æ©èœã¯ãè€æ°ã®ã³ã³ãããŒã©ãŒãããã¯ã©ã¹ã¿ãŒæ§æã§ã®ã¿äœ¿çšã§ããŸãã å®å šãªã¢ããããŒãã¯ãæåã« XNUMX ã€ã®ã³ã³ãããŒã©ãŒã§ã次㫠XNUMX çªç®ã®ã³ã³ãããŒã©ãŒã§é çªã«å®è¡ãããŸãã
æ°ããã¢ã¯ã»ã¹ ãã€ã³ã ã¢ãã«ã®è¿œå
ãããŸã§äœ¿çšãããã³ã³ãããŒã© ãœãããŠã§ã¢ ã€ã¡ãŒãžã§åäœããããšã®ãªãæ°ããã¢ã¯ã»ã¹ ãã€ã³ããã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«æ¥ç¶ããããšã¯ãç¹ã«å€§èŠæš¡ãªãããã¯ãŒã¯ (空枯ãããã«ãå·¥å Ž) ã§ã¯éåžžã«äžè¬çãªæäœã§ãã 競åä»ç€Ÿã®ãœãªã¥ãŒã·ã§ã³ã§ã¯ããã®æäœã§ã·ã¹ãã ãœãããŠã§ã¢ã®æŽæ°ãã³ã³ãããŒã©ã®åèµ·åãå¿ èŠã«ãªãããšããããããŸãã
æ°ãã Wi-Fi 6 ã¢ã¯ã»ã¹ ãã€ã³ãã Cisco Catalyst 9800 ã·ãªãŒãº ã³ã³ãããŒã©ã®ã¯ã©ã¹ã¿ã«æ¥ç¶ããå Žåããã®ãããªåé¡ã¯èŠ³å¯ãããŸããã æ°ãããã€ã³ãã®ã³ã³ãããŒã©ãžã®æ¥ç¶ã¯ãã³ã³ãããŒã© ãœãããŠã§ã¢ãæŽæ°ããã«å®è¡ããããã®ããã»ã¹ã«ã¯åèµ·åãå¿ èŠãªããããã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«ã¯ãŸã£ãã圱é¿ããŸããã
ã³ã³ãããŒã©ãŒã®æ é
ãã¹ãç°å¢ã§ã¯ 6 ã€ã® Wi-Fi XNUMX ã³ã³ãããŒã©ãŒ (ã¢ã¯ãã£ã/ã¹ã¿ã³ãã€) ã䜿çšããã¢ã¯ã»ã¹ ãã€ã³ãã¯äž¡æ¹ã®ã³ã³ãããŒã©ãŒã«çŽæ¥æ¥ç¶ããŸãã
XNUMX ã€ã®ã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ãŒãã¢ã¯ãã£ãã§ããã XNUMX ã€ã¯ããã¯ã¢ããã§ãã ã¢ã¯ãã£ã ã³ã³ãããŒã©ã«é害ãçºçãããšãããã¯ã¢ãã ã³ã³ãããŒã©ãåŒãç¶ãããã®ã¹ããŒã¿ã¹ãã¢ã¯ãã£ãã«å€ãããŸãã ãã®æé ã¯ãã¢ã¯ã»ã¹ ãã€ã³ããšã¯ã©ã€ã¢ã³ãã® Wi-Fi ãäžæããããšãªãå®è¡ãããŸãã
ã»ãã¥ãªãã£
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«ãããŠéåžžã«å·®ãè¿«ã£ãåé¡ã§ããã»ãã¥ãªãã£ã®åŽé¢ã«ã€ããŠèª¬æããŸãã ãœãªã¥ãŒã·ã§ã³ã®ã»ãã¥ãªãã£ã¯ã次ã®ç¹æ§ã«åºã¥ããŠè©äŸ¡ãããŸãã
- ã¢ããªã±ãŒã·ã§ã³ã®èªèã
- ãããŒè¿œè·¡ã
- æå·åããããã©ãã£ãã¯ã®åæã
- äŸµå ¥ã®æ€åºãšé²æ¢ã
- èªèšŒæ段ïŒ
- ã¯ã©ã€ã¢ã³ãããã€ã¹ä¿è·ããŒã«ã
ã¢ããªã±ãŒã·ã§ã³ã®èªè
ãšã³ã¿ãŒãã©ã€ãºããã³ç£æ¥çš Wi-Fi åžå Žã«ã¯ããŸããŸãªè£œåããããŸãããã¢ããªã±ãŒã·ã§ã³ããšã«è£œåããã©ãã£ãã¯ãã©ã®çšåºŠèå¥ãããã«ã¯éãããããŸãã ç°ãªãã¡ãŒã«ãŒã®è£œåã§ã¯ãç°ãªãæ°ã®ã¢ããªã±ãŒã·ã§ã³ãèå¥ãããå ŽåããããŸãã ãã ãã競åãœãªã¥ãŒã·ã§ã³ãèå¥ã®ããã«ãªã¹ãã«æããã¢ããªã±ãŒã·ã§ã³ã®å€ãã¯ãå®éã«ã¯ Web ãµã€ãã§ãããåºæã®ã¢ããªã±ãŒã·ã§ã³ã§ã¯ãããŸããã
ã¢ããªã±ãŒã·ã§ã³èªèã«ã¯ãã XNUMX ã€ã®èå³æ·±ãç¹åŸŽããããŸããããã¯ããœãªã¥ãŒã·ã§ã³ã®èå¥ç²ŸåºŠã倧ããç°ãªãããšã§ãã
å®è¡ããããã¹ãŠã®ãã¹ããèæ ®ãããšãã·ã¹ã³ã® Wi-Fi-6 ãœãªã¥ãŒã·ã§ã³ã¯ã¢ããªã±ãŒã·ã§ã³èªèãéåžžã«æ£ç¢ºã«å®è¡ããŠãããšè²¬ä»»ãæã£ãŠèšããŸããJabberãNetflixãDropboxãYouTubeããã®ä»ã®äººæ°ã®ããã¢ããªã±ãŒã·ã§ã³ãš Web ãµãŒãã¹ãæ£ç¢ºã«èå¥ãããŸããã ã·ã¹ã³ã®ãœãªã¥ãŒã·ã§ã³ã¯ãDPIïŒãã£ãŒã ãã±ãã ã€ã³ã¹ãã¯ã·ã§ã³ïŒã䜿çšããŠããŒã¿ ãã±ãããããã«è©³ãã調ã¹ãããšãã§ããŸãã
亀éæµã®è¿œè·¡
ã·ã¹ãã ãããŒã¿ ãã㌠(倧ããªãã¡ã€ã«ã®ç§»åãªã©) ãæ£ç¢ºã«è¿œè·¡ããã³å ±åã§ãããã©ããã確èªããããã«ãå¥ã®ãã¹ããå®æœãããŸããã ããããã¹ãããããã«ããã¡ã€ã«è»¢éãããã³ã« (FTP) ã䜿çšããŠã6,5 ã¡ã¬ãã€ãã®ãã¡ã€ã«ããããã¯ãŒã¯çµç±ã§éä¿¡ãããŸããã
ã·ã¹ã³ã®ãœãªã¥ãŒã·ã§ã³ã¯ãã®ä»»åã«å®å šã«å¯Ÿå¿ããŠãããNetFlow ãšãã®ããŒããŠã§ã¢æ©èœã®ãããã§ãã®ãã©ãã£ãã¯ã远跡ããããšãã§ããŸããã ãã©ãã£ãã¯ã¯æ€åºããã転éãããããŒã¿ã®æ£ç¢ºãªéã«ãã£ãŠå³åº§ã«ç¹å®ãããŸããã
æå·åãã©ãã£ãã¯åæ
ãŠãŒã¶ãŒããŒã¿ãã©ãã£ãã¯ã®æå·åã¯ãŸããŸãé²ãã§ããŸãã ããã¯ãæ»æè ã«ãã远跡ãååããä¿è·ããããã«è¡ãããŸãã ãããåæã«ãããã«ãŒã¯ãã«ãŠã§ã¢ãé ããããäžéè (MiTM) æ»æãããŒãã®ã³ã°æ»æãªã©ã®ä»ã®çãããæäœãå®è¡ããããã«æå·åã䜿çšããããšãå¢ããŠããŸãã
ã»ãšãã©ã®äŒæ¥ã¯ãæåã«ãã¡ã€ã¢ãŠã©ãŒã«ãŸãã¯äŸµå ¥é²åŸ¡ã·ã¹ãã ã䜿çšããŠæå·åããããã©ãã£ãã¯ã埩å·åããæå·åããããã©ãã£ãã¯ã®äžéšãæ€æ»ããŸãã ãã ãããã®ããã»ã¹ã«ã¯æéããããããããã¯ãŒã¯å šäœã®ããã©ãŒãã³ã¹ã«ã¯ã¡ãªããããããŸããã ããã«ããã®ããŒã¿ã¯åŸ©å·åããããšèŠãèŠããããããªããŸãã
Cisco Catalyst 9800 ã·ãªãŒãº ã³ã³ãããŒã©ã¯ãæå·åããããã©ãã£ãã¯ãä»ã®æ段ã§åæããåé¡ã解決ããŸãã ãã®ãœãªã¥ãŒã·ã§ã³ã¯æå·åãã©ãã£ãã¯åæ (ETA) ãšåŒã°ããŸãã ETA ã¯ãçŸæç¹ã§ã¯ç«¶åãœãªã¥ãŒã·ã§ã³ã«é¡äŒŒããæè¡ããªããæå·åããããã©ãã£ãã¯å ã®ãã«ãŠã§ã¢ã埩å·åããã«æ€åºããŸãã ETA ã¯ãEnhanced NetFlow ãå«ã IOS-XE ã®äžæ žæ©èœã§ãããé«åºŠãªåäœã¢ã«ãŽãªãºã ã䜿çšããŠãæå·åããããã©ãã£ãã¯ã«é ããŠããæªæã®ãããã©ãã£ã㯠ãã¿ãŒã³ãèå¥ããŸãã
ETA ã¯ã¡ãã»ãŒãžã埩å·åããŸããããæå·åããããã©ãã£ã㯠ãããŒã®ã¡ã¿ããŒã¿ ãããã¡ã€ã« (ãã±ãã ãµã€ãºããã±ããéã®æéééãªã©) ãåéããŸãã 次ã«ãã¡ã¿ããŒã¿ã¯ NetFlow v9 ã¬ã³ãŒã㧠Cisco Stealthwatch ã«ãšã¯ã¹ããŒããããŸãã
Stealthwatch ã®äž»ãªæ©èœã¯ããã©ãã£ãã¯ãåžžã«ç£èŠããéåžžã®ãããã¯ãŒã¯ ã¢ã¯ãã£ããã£ã®ããŒã¹ã©ã€ã³ãäœæããããšã§ãã Stealthwatch ã¯ãETA ããéä¿¡ãããæå·åãããã¹ããªãŒã ã¡ã¿ããŒã¿ã䜿çšããŠãå€å±€æ©æ¢°åŠç¿ãé©çšããäžå¯©ãªã€ãã³ãã瀺ãå¯èœæ§ã®ããåäœãã©ãã£ãã¯ã®ç°åžžãç¹å®ããŸãã
æšå¹Žãã·ã¹ã³ã¯ Miercom ãšååããŠãCisco Encrypted Traffic Analytics ãœãªã¥ãŒã·ã§ã³ãç¬èªã«è©äŸ¡ããŸããã ãã®è©äŸ¡äžãMiercom ã¯ãè åšãç¹å®ããããã«ã倧èŠæš¡ãª ETA ãããã¯ãŒã¯ãšé ETA ãããã¯ãŒã¯ãä»ããŠãæå·åããããã©ãã£ãã¯ãšæå·åãããŠããªããã©ãã£ãã¯ã§æ¢ç¥ã®è åšãšæªç¥ã®è åš (ãŠã€ã«ã¹ãããã€ã®æšéŠ¬ãã©ã³ãµã ãŠã§ã¢) ãåå¥ã«éä¿¡ããŸããã
ãã¹ãã®ããã«ãäž¡æ¹ã®ãããã¯ãŒã¯ã§æªæã®ããã³ãŒããèµ·åãããŸããã ã©ã¡ãã®å Žåããäžå¯©ãªæŽ»åãåŸã ã«çºèŠãããŸããã ETA ãããã¯ãŒã¯ã¯åœåãETA 以å€ã®ãããã¯ãŒã¯ããã 36% æ©ãè åšãæ€åºããŸããã åæã«ãäœæ¥ãé²ãã«ã€ããŠãETA ãããã¯ãŒã¯ã§ã®æ€åºã®çç£æ§ãåäžãå§ããŸããã ãã®çµæãæ°æéã®äœæ¥ã®åŸãã¢ã¯ãã£ããªè åšã® XNUMX åã® XNUMX ã ETA ãããã¯ãŒã¯ã§æ€åºã§ããŸãããããã¯ãETA 以å€ã®ãããã¯ãŒã¯ã® XNUMX åã§ãã
ETA æ©èœã¯ Stealthwatch ãšé©åã«çµ±åãããŠããŸãã è åšã¯é倧床ã«ãã£ãŠã©ã³ã¯ä»ãããã詳现æ å ±ãšç¢ºèªåŸã®ä¿®åŸ©ãªãã·ã§ã³ã衚瀺ãããŸãã çµè« â ETA ã¯æ©èœããŸã!
äŸµå ¥ã®æ€ç¥ãšé²æ¢
ã·ã¹ã³ã¯çŸåšããã XNUMX ã€ã®å¹æçãªã»ãã¥ãªã㣠ããŒã«ã§ãã Cisco Advanced Wireless Intrusion Prevention System (aWIPS) ãå°å ¥ããŠããŸããããã¯ãã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«å¯Ÿããè åšãæ€åºããã³é²æ¢ããã¡ã«ããºã ã§ãã aWIPS ãœãªã¥ãŒã·ã§ã³ã¯ãã³ã³ãããŒã©ãã¢ã¯ã»ã¹ ãã€ã³ããããã³ Cisco DNA Center 管çãœãããŠã§ã¢ã®ã¬ãã«ã§åäœããŸãã è åšã®æ€åºãã¢ã©ãŒããé²æ¢ã§ã¯ããããã¯ãŒã¯ ãã©ãã£ãã¯åæããããã¯ãŒã¯ ããã€ã¹ãšãããã¯ãŒã¯ ããããžæ å ±ãã·ã°ãã㣠ããŒã¹ã®æè¡ãç°åžžæ€åºãçµã¿åãããŠãé«ç²ŸåºŠã§é²æ¢å¯èœãªã¯ã€ã€ã¬ã¹è åšãæäŸããŸãã
aWIPS ããããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«å®å šã«çµ±åãããšãæç·ãããã¯ãŒã¯ãšç¡ç·ãããã¯ãŒã¯ã®äž¡æ¹ã§ç¡ç·ãã©ãã£ãã¯ãç¶ç¶çã«ç£èŠããããã䜿çšããŠè€æ°ã®ãœãŒã¹ããã®æœåšçãªæ»æãèªåçã«åæããå¯èœãªéãæãå æ¬çãªæ€åºãšé²æ¢ãå®çŸã§ããŸãã
èªèšŒæ段
çŸæç¹ã§ã¯ãåŸæ¥ã®èªèšŒããŒã«ã«å ããŠãCisco Catalyst 9800 ã·ãªãŒãº ãœãªã¥ãŒã·ã§ã³ã¯ WPA3 ããµããŒãããŠããŸãã WPA3 ã¯ãWi-Fi ãããã¯ãŒã¯ã®èªèšŒãšæå·åãæäŸããäžé£ã®ãããã³ã«ãšãã¯ãããžã§ãã WPA ã®ææ°ããŒãžã§ã³ã§ãã
WPA3 ã¯ãSimultaneous Authentication of Equals (SAE) ã䜿çšããŠã第äžè ã«ãããã¹ã¯ãŒãæšæž¬ã®è©Šã¿ãããŠãŒã¶ãŒãæã匷åã«ä¿è·ããŸãã ã¯ã©ã€ã¢ã³ããã¢ã¯ã»ã¹ ãã€ã³ãã«æ¥ç¶ãããšãSAE 亀æãå®è¡ãããŸãã æåãããšããããããã»ãã·ã§ã³ ããŒã®å°åºå ãšãªãæå·çã«åŒ·åãªããŒãäœæãã確èªç¶æ ã«å ¥ããŸãã ãã®åŸãã¯ã©ã€ã¢ã³ããšã¢ã¯ã»ã¹ ãã€ã³ãã¯ãã»ãã·ã§ã³ ããŒãçæããå¿ èŠããããã³ã«ãã³ãã·ã§ã€ã¯ç¶æ ã«å ¥ãããšãã§ããŸãã ãã®æ¹æ³ã§ã¯åæ¹ç§å¿æ§ã䜿çšãããŠãããæ»æè 㯠XNUMX ã€ã®ããŒã解èªã§ããŸãããä»ã®ãã¹ãŠã®ããŒã¯è§£èªã§ããŸããã
ã€ãŸããSAE ã¯ããã©ãã£ãã¯ãååããæ»æè ã XNUMX åã ããã¹ã¯ãŒããæšæž¬ããã ãã§ãååããããŒã¿ã圹ã«ç«ããªããªãããã«èšèšãããŠããŸãã é·ããã¹ã¯ãŒãã®å埩ãèšç»ããã«ã¯ãã¢ã¯ã»ã¹ ãã€ã³ãã«ç©ççã«ã¢ã¯ã»ã¹ããå¿ èŠããããŸãã
ã¯ã©ã€ã¢ã³ãããã€ã¹ã®ä¿è·
Cisco Catalyst 9800 ã·ãªãŒãº ã¯ã€ã€ã¬ã¹ ãœãªã¥ãŒã·ã§ã³ã¯çŸåšãCisco Umbrella WLAN ãéããŠäž»èŠãªé¡§å®¢ä¿è·æ©èœãæäŸããŠããŸããããã¯ãDNS ã¬ãã«ã§åäœããæ¢ç¥ã®è åšãšæ°ããªè åšã®äž¡æ¹ãèªåæ€åºããã¯ã©ãŠãããŒã¹ã®ãããã¯ãŒã¯ ã»ãã¥ãªã㣠ãµãŒãã¹ã§ãã
Cisco Umbrella WLAN ã¯ãã¯ã©ã€ã¢ã³ã ããã€ã¹ã«ã€ã³ã¿ãŒããããžã®å®å šãªæ¥ç¶ãæäŸããŸãã ããã¯ãã³ã³ãã³ã ãã£ã«ã¿ãªã³ã°ãã€ãŸãäŒæ¥ããªã·ãŒã«åŸã£ãŠã€ã³ã¿ãŒãããäžã®ãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ããããã¯ããããšã«ãã£ãŠå®çŸãããŸãã ãããã£ãŠãã€ã³ã¿ãŒãããäžã®ã¯ã©ã€ã¢ã³ã ããã€ã¹ã¯ããã«ãŠã§ã¢ãã©ã³ãµã ãŠã§ã¢ããã£ãã·ã³ã°ããä¿è·ãããŸãã ããªã·ãŒã®é©çšã¯ãç¶ç¶çã«æŽæ°ããã 60 ã®ã³ã³ãã³ã ã«ããŽãªã«åºã¥ããŠããŸãã
ãªãŒãã¡ãŒã·ã§ã³
ä»æ¥ã®ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã¯ã¯ããã«æè»ã§è€éã«ãªã£ãŠãããããã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ãèšå®ããããã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ããæ å ±ãååŸãããããåŸæ¥ã®æ¹æ³ã§ã¯ååã§ã¯ãããŸããã ãããã¯ãŒã¯ç®¡çè ãæ å ±ã»ãã¥ãªãã£ã®å°é家ã¯èªååãšåæã®ããã®ããŒã«ãå¿ èŠãšããŠãããã¯ã€ã€ã¬ã¹ ãã³ããŒã¯ãã®ãããªããŒã«ãæäŸããããã«ãªã£ãŠããŸãã
ãããã®åé¡ã解決ããããã«ãCisco Catalyst 9800 ã·ãªãŒãº ã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ã¯ãåŸæ¥ã® API ãšãšãã«ãYANG (Yet Another Next Generation) ããŒã¿ ã¢ããªã³ã°èšèªã«ãã RESTCONF / NETCONF ãããã¯ãŒã¯èšå®ãããã³ã«ã®ãµããŒããæäŸããŸãã
NETCONF ã¯ãã¢ããªã±ãŒã·ã§ã³ãæ å ±ãç §äŒããããã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ãŒãªã©ã®ãããã¯ãŒã¯ ããã€ã¹ã®æ§æãå€æŽãããããããã«äœ¿çšã§ãã XML ããŒã¹ã®ãããã³ã«ã§ãã
ãããã®æ¹æ³ã«å ããŠãCisco Catalyst 9800 ã·ãªãŒãº ã³ã³ãããŒã©ã¯ãNetFlow ããã³ sFlow ãããã³ã«ã䜿çšããŠæ å ±ãã㌠ããŒã¿ããã£ããã£ãååŸãåæããæ©èœãæäŸããŸãã
ã»ãã¥ãªãã£ãšãã©ãã£ãã¯ã®ã¢ããªã³ã°ã«ãšã£ãŠãç¹å®ã®ãããŒã远跡ããæ©èœã¯è²ŽéãªããŒã«ã§ãã ãã®åé¡ã解決ããããã«ã100 ãã±ããããšã« XNUMX ãã±ããããã£ããã£ã§ãã sFlow ãããã³ã«ãå®è£ ãããŸããã ãã ãããããŒãåæããé©åã«èª¿æ»ããã³è©äŸ¡ããã«ã¯ãããã§ã¯äžååãªå ŽåããããŸãã ãããã£ãŠã代æ¿æ段ãšã㊠Cisco ãå®è£ ãã NetFlow ã䜿çšãããšãæå®ããããããŒå ã®ãã¹ãŠã®ãã±ããã XNUMX% åéããŠãšã¯ã¹ããŒããããã®åŸã®åæãè¡ãããšãã§ããŸãã
ãã ããã³ã³ãããŒã©ã®ããŒããŠã§ã¢å®è£ ã§ã®ã¿å©çšã§ããå¥ã®æ©èœã¯ãCisco Catalyst 9800 ã·ãªãŒãº ã³ã³ãããŒã©ã®ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã®åäœãèªååã§ãããã®ã§ã䜿çšããããã®ã¢ããªã³ãšã㊠Python èšèªã®ãµããŒããçµã¿èŸŒãŸããŠããŸããã¯ã€ã€ã¬ã¹ ã³ã³ãããŒã©ãŒèªäœã«çŽæ¥ã¹ã¯ãªãããè¿œå ããŸãã
æåŸã«ãCisco Catalyst 9800 ã·ãªãŒãº ã³ã³ãããŒã©ã¯ãç£èŠããã³ç®¡çæäœã®ããã«å®çžŸã®ãã SNMP ããŒãžã§ã³ 1ã2ãããã³ 3 ãããã³ã«ããµããŒãããŸãã
ãããã£ãŠãèªååãšããç¹ã§ã¯ãCisco Catalyst 9800 ã·ãªãŒãº ãœãªã¥ãŒã·ã§ã³ã¯çŸä»£ã®ããžãã¹èŠä»¶ãå®å šã«æºãããŠãããããããèŠæš¡ãšè€éãã®ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã§èªååãããéçšãšåæã®ããã®æ°ããããŒã«ãšãŠããŒã¯ãªããŒã«ããããŠå®çžŸã®ããããŒã«ãæäŸããŸãã
ãŸãšã
ã·ã¹ã³ã¯ãCisco Catalyst 9800 ã·ãªãŒãº ã³ã³ãããŒã©ãããŒã¹ãšãããœãªã¥ãŒã·ã§ã³ã«ãããŠãé«å¯çšæ§ãã»ãã¥ãªãã£ãèªååã®ã«ããŽãªã§åªããçµæãå®èšŒããŸããã
ãã®ãœãªã¥ãŒã·ã§ã³ã¯ãèšç»å€ã®ã€ãã³ãæã® XNUMX ç§æªæºã®ãã§ã€ã«ãªãŒããŒããã¹ã±ãžã¥ãŒã«ãããã€ãã³ãã®ãŒã ããŠã³ã¿ã€ã ãªã©ããã¹ãŠã®é«å¯çšæ§èŠä»¶ãå®å šã«æºãããŠããŸãã
Cisco Catalyst 9800 ã·ãªãŒãº ã³ã³ãããŒã©ã¯ãã¢ããªã±ãŒã·ã§ã³ã®èªèãšå¶åŸ¡ã®ããã®ãã£ãŒã ãã±ãã ã€ã³ã¹ãã¯ã·ã§ã³ãããŒã¿ ãããŒã®å®å šãªå¯èŠåãæå·åããããã©ãã£ãã¯ã«é ããè åšã®ç¹å®ãæäŸããå æ¬çãªã»ãã¥ãªãã£ãšãã¯ã©ã€ã¢ã³ã ããã€ã¹ã®é«åºŠãªèªèšŒããã³ã»ãã¥ãªã㣠ã¡ã«ããºã ãæäŸããŸãã
Cisco Catalyst 9800 ã·ãªãŒãºã¯ãèªååãšåæã®ããã«ãYANGãNETCONFãRESTCONFãåŸæ¥ã® APIãçµã¿èŸŒã¿ Python ã¹ã¯ãªãããªã©ã®äžè¬çãªæšæºã¢ãã«ã䜿çšãã匷åãªæ©èœãæäŸããŸãã
ãã®ããã«ããŠãã·ã¹ã³ã¯ãæ代ã«è¿œãã€ããçŸä»£ã®ããžãã¹ã®ãããã課é¡ãèæ ®ããããããã¯ãŒãã³ã° ãœãªã¥ãŒã·ã§ã³ã®äžçææ°ã®ã¡ãŒã«ãŒãšããŠã®å°äœãæ¹ããŠç¢ºèªããŸããã
Catalyst ã¹ã€ãã ãã¡ããªã®è©³çŽ°ã«ã€ããŠã¯ã次㮠Web ãµã€ããåç
§ããŠãã ããã
åºæïŒ habr.com