ã¯ãŒã«ãªåºåã«è² ããŠèªçºçã«äœãã賌å
¥ãããã®åŸãæåã«æ¬²ããã£ããã®ã¢ã€ãã ãã次ã®æ¥ã®å€§æé€ãåŒã£è¶ããŸã§ã¯ããŒãŒããããã³ããªãŒãã¬ã¬ãŒãžã®äžã§åããã¶ã£ãŠããããšãã©ãããããããŸãã? ãã®çµæãäžåœãªæåŸ
ãšç¡é§ãªãéã«ãã倱æãçããŸãã ãããããžãã¹ã«èµ·ãããšãããã«æªãããšã«ãªããŸãã ããŒã±ãã£ã³ã°ã®ä»æããéåžžã«åªããŠãããããäŒæ¥ããã®ã¢ããªã±ãŒã·ã§ã³ã®å
šäœåãç解ããã«é«äŸ¡ãªãœãªã¥ãŒã·ã§ã³ã賌å
¥ããŠããŸãããšãéåžžã«ãããããŸãã äžæ¹ãã·ã¹ãã ã®ãã©ã€ã¢ã«ãã¹ãã¯ãçµ±åã®ããã®ã€ã³ãã©ã¹ãã©ã¯ãã£ãæºåããæ¹æ³ãã©ã®æ©èœãã©ã®çšåºŠå®è£
ããå¿
èŠãããããç解ããã®ã«åœ¹ç«ã¡ãŸãã ããããããšã§ã補åããç²ç®çã«ãéžæããããšã«ããèšå€§ãªæ°ã®åé¡ãåé¿ã§ããŸãã ããã«ãæèœãªããã€ããããã®åŸã«å®è£
ãããšããšã³ãžãã¢ã®ç¥çµçŽ°èã®ç Žå£ãçœé«ªãã¯ããã«å°ãªããªããŸãã äŒæ¥ãããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããããã®äžè¬çãªããŒã«ã§ãã Cisco ISE ã®äŸã䜿çšããŠããããžã§ã¯ããæåãããããã«ãã€ããã ãã¹ããéåžžã«éèŠã§ããçç±ãç解ããŠã¿ãŸãããã ç§ãã¡ãå®éã«ééãããœãªã¥ãŒã·ã§ã³ã䜿çšããããã®æšæºçãªãªãã·ã§ã³ãšå®å
šã«éæšæºçãªãªãã·ã§ã³ã®äž¡æ¹ãæ€èšããŠã¿ãŸãããã
Cisco ISE - ã匷åããã Radius ãµãŒãã
Cisco Identity Services EngineïŒISEïŒã¯ãçµç¹ã®ããŒã«ã« ãšãªã¢ ãããã¯ãŒã¯çšã®ã¢ã¯ã»ã¹å¶åŸ¡ã·ã¹ãã ãäœæããããã®ãã©ãããã©ãŒã ã§ãã å°é家ã³ãã¥ããã£ã§ã¯ããã®è£œåã¯ãã®ç¹æ§ããã匷åããã Radius ãµãŒããŒããšãããã åãä»ããããŸããã äœæ ã§ããïŒ åºæ¬çã«ããã®ãœãªã¥ãŒã·ã§ã³ã¯ãèšå€§ãªæ°ã®è¿œå ãµãŒãã¹ãšãããªãã¯ããã¢ã¿ããããã Radius ãµãŒããŒã§ãããããã«ããã倧éã®ã³ã³ããã¹ãæ å ±ãåä¿¡ããçµæã®ããŒã¿ ã»ãããã¢ã¯ã»ã¹ ããªã·ãŒã«é©çšã§ããããã«ãªããŸãã
ä»ã® Radius ãµãŒããšåæ§ã«ãCisco ISE ã¯ã¢ã¯ã»ã¹ ã¬ãã«ã®ãããã¯ãŒã¯æ©åšãšå¯Ÿè©±ããäŒæ¥ãããã¯ãŒã¯ãžã®ãã¹ãŠã®æ¥ç¶è©Šè¡ã«é¢ããæ å ±ãåéããèªèšŒããã³èªå¯ããªã·ãŒã«åºã¥ããŠãŠãŒã¶ã® LAN ãžã®æ¥ç¶ãèš±å¯ãŸãã¯æåŠããŸãã ãã ãããããã¡ã€ãªã³ã°ãæçš¿ãããã³ä»ã®æ å ±ã»ãã¥ãªã㣠ãœãªã¥ãŒã·ã§ã³ãšã®çµ±åã®å¯èœæ§ã«ãããèªå¯ããªã·ãŒã®ããžãã¯ãå€§å¹ ã«è€éã«ãªããããã«ãã£ãŠéåžžã«å°é£ã§èå³æ·±ãåé¡ã解決ã§ããããã«ãªããŸãã
å®è£ ãè©Šè¡ããããšã¯ã§ããŸããããªããã¹ããå¿ èŠãªã®ã§ãããã?
ãã€ããã ãã¹ãã®äŸ¡å€ã¯ãç¹å®ã®çµç¹ã®ç¹å®ã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããã·ã¹ãã ã®ãã¹ãŠã®æ©èœãå®èšŒããããšã§ãã å°å ¥åã« Cisco ISE ãè©Šéšéçšããããšã¯ããããžã§ã¯ãã«é¢ãããã¹ãŠã®äººã«å©çããããããšç§ã¯ä¿¡ããŠããŸãããã®çç±ã¯æ¬¡ã®ãšããã§ãã
ããã«ãããã€ã³ãã°ã¬ãŒã¿ãŒã¯é¡§å®¢ã®æåŸ ãæ確ã«ææ¡ã§ããããã¹ãŠãæ£åžžã§ããããšã確èªããããšããäžè¬çãªè¡šçŸãããã¯ããã«è©³çŽ°ãªæ å ±ãå«ãæ£ããæè¡ä»æ§ãäœæããã®ã«åœ¹ç«ã¡ãŸãã ããã€ããããã«ããã顧客ã®ãã¹ãŠã®çã¿ãæããã©ã®ã¿ã¹ã¯ã顧客ã«ãšã£ãŠåªå ãããã©ã®ã¿ã¹ã¯ãäºã®æ¬¡ã§ããããç解ããããšãã§ããŸãã ç§ãã¡ã«ãšã£ãŠãããã¯ãçµç¹å ã§ã©ã®ãããªæ©åšã䜿çšãããŠããããå®è£ ãã©ã®ããã«è¡ãããããã©ã®ãµã€ãã§ãã©ãã«é 眮ãããŠããããªã©ãäºåã«ææ¡ãã絶奜ã®æ©äŒã§ãã
ãã€ããã ãã¹ãäžãã客æ§ã¯å®éã®ã·ã¹ãã ãåäœããŠããã®ãèŠãŠããã®ã€ã³ã¿ãŒãã§ã€ã¹ã«æ
£ããæ¢åã®ããŒããŠã§ã¢ãšäºææ§ããããã©ããã確èªããå®å
šãªå®è£
åŸã«ãœãªã¥ãŒã·ã§ã³ãã©ã®ããã«æ©èœããããç·åçã«ç解ã§ããŸãã ããã€ããããã¯ãçµ±åäžã«ééããå¯èœæ§ã®ãããã¹ãŠã®èœãšãç©Žã確èªãã賌å
¥ããå¿
èŠãããã©ã€ã»ã³ã¹ã®æ°ã決å®ã§ããç¬éã§ãã
ããã€ããããäžã«äœããçŸãããå¯èœæ§ãããã
ã§ã¯ãCisco ISE ã®å®è£ ãé©åã«æºåããã«ã¯ã©ãããã°ããã§ãããã? ç§ãã¡ã®çµéšãããã·ã¹ãã ã®ãã€ããã ãã¹ãäžã«èæ ®ãã¹ãéèŠãªãã€ã³ãã 4 ã€ãããšèããããŸãã
ãã©ãŒã ãã¡ã¯ã¿
ãŸããã·ã¹ãã ãã©ã®ãã©ãŒã ãã¡ã¯ã¿ã§å®è£ ããã (ç©çã¢ããã©ã€ã³ãä»®æ³ã¢ããã©ã€ã³ã) ã決å®ããå¿ èŠããããŸãã åãªãã·ã§ã³ã«ã¯é·æãšçæããããŸãã ããšãã°ãç©çã¢ããã©ã€ã³ã®åŒ·ã¿ã¯ããã©ãŒãã³ã¹ãäºæž¬å¯èœãªããšã§ããããã®ãããªããã€ã¹ã¯æéã®çµéãšãšãã«æ代é ãã«ãªãããšãå¿ããŠã¯ãªããŸããã ä»®æ³ã¢ããã©ã€ã³ã¯äºæž¬å¯èœã§ã¯ãããŸãããçç±ã¯æ¬¡ã®ãšããã§ãã ä»®æ³åç°å¢ãå±éãããŠããããŒããŠã§ã¢ã«ãã£ãŠç°ãªããŸããããµããŒããå©çšå¯èœãªå Žåã«ã¯åžžã«ææ°ããŒãžã§ã³ã«æŽæ°ã§ãããšããé倧ãªå©ç¹ããããŸãã
ãããã¯ãŒã¯æ©åšã¯ Cisco ISE ãšäºææ§ããããŸãã?
ãã¡ãããçæ³çãªã·ããªãªã¯ããã¹ãŠã®æ©åšãäžåºŠã«ã·ã¹ãã ã«æ¥ç¶ããããšã§ãã ãã ããå€ãã®çµç¹ãäŸç¶ãšããŠç®¡ç察象å€ã®ã¹ã€ããããCisco ISE ãå®è¡ãããã¯ãããžãŒã®äžéšããµããŒãããŠããªãã¹ã€ããã䜿çšããŠãããããããã¯åžžã«å¯èœã§ãããšã¯éããŸããã ã¡ãªã¿ã«ãããã§è©±ããŠããã®ã¯ã¹ã€ããã ãã§ã¯ãªããã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ ã³ã³ãããŒã©ãŒãVPN ã³ã³ã»ã³ãã¬ãŒã¿ãŒããŠãŒã¶ãŒãæ¥ç¶ãããã®ä»ã®æ©åšãå«ãŸããŸãã ç§ã®å®åã§ã¯ãã·ã¹ãã ãå®å šã«å®è£ ããããã®ãã¢ã³ã¹ãã¬ãŒã·ã§ã³ãè¡ã£ãåŸãã客æ§ãã¢ã¯ã»ã¹ ã¬ãã« ã¹ã€ããã®ã»ãŒå šäœãææ°ã® Cisco æ©åšã«ã¢ããã°ã¬ãŒãããã±ãŒã¹ããããŸããã äžæå¿«ãªäºæ ãé¿ããããã«ããµããŒããããŠããªãæ©åšã®å²åãäºåã«èª¿ã¹ãŠãã䟡å€ããããŸãã
ããªãã®ããã€ã¹ã¯ãã¹ãŠæšæºã§ãã?
ã©ã®ãããã¯ãŒã¯ã«ããã¯ãŒã¯ã¹ããŒã·ã§ã³ãIP é»è©±ãWi-Fi ã¢ã¯ã»ã¹ ãã€ã³ãããã㪠ã«ã¡ã©ãªã©ãæ¥ç¶ãé£ãããªãäžè¬çãªããã€ã¹ãååšããŸãã ãã ããRS232/ã€ãŒãµããã ãã¹ä¿¡å·ã³ã³ããŒã¿ãç¡åé»é»æºè£ 眮ã€ã³ã¿ãŒãã§ã€ã¹ãããŸããŸãªæè¡æ©åšãªã©ãæšæºä»¥å€ã®ããã€ã¹ã LAN ã«æ¥ç¶ããå¿ èŠãããå ŽåããããŸãããã®ãããªããã€ã¹ã®ãªã¹ããäºåã«æ±ºå®ããããšãéèŠã§ããããã«ãããå®è£ 段éã§ãCisco ISE ãšæè¡çã«ã©ã®ããã«é£æºãããããã§ã«ç解ã§ããŸãã
ITå°é家ãšã®å»ºèšçãªå¯Ÿè©±
Cisco ISE ã®é¡§å®¢ã®å€ãã¯ã»ãã¥ãªãã£éšéã§ãããé垞㯠IT éšéãã¢ã¯ã»ã¹ ã¬ã€ã€ ã¹ã€ãããš Active Directory ã®èšå®ãæ åœããŸãã ãããã£ãŠãã»ãã¥ãªãã£å°é家㚠IT å°é家éã®çç£çãªå¯Ÿè©±ã¯ãã·ã¹ãã ãã¹ã ãŒãºã«å°å ¥ããããã®éèŠãªæ¡ä»¶ã® XNUMX ã€ã§ãã åŸè ãæµå¯Ÿçãªçµ±åãèªèããŠããå Žåã¯ããã®ãœãªã¥ãŒã·ã§ã³ã IT éšéã«ãšã£ãŠã©ã®ããã«åœ¹ç«ã€ãã説æãã䟡å€ããããŸãã
Cisco ISE ã®äœ¿çšäŸããã 5
ç§ãã¡ã®çµéšã§ã¯ãã·ã¹ãã ã«å¿ èŠãªæ©èœããã€ããã ãã¹ãã®æ®µéã§ç¹å®ãããŸãã 以äžã«ããã®ãœãªã¥ãŒã·ã§ã³ã®æãäžè¬çãªäœ¿çšäŸãšããŸãäžè¬çã§ã¯ãªã䜿çšäŸãããã€ã瀺ããŸãã
EAP-TLS ã«ããæç·çµç±ã®å®å šãª LAN ã¢ã¯ã»ã¹
åœç€Ÿã®äŸµå ¥ãã¹ã¿ãŒã®èª¿æ»çµæã瀺ãããã«ãæ»æè ã¯äŒæ¥ãããã¯ãŒã¯ã«äŸµå ¥ããããã«ãããªã³ã¿ãé»è©±ãIP ã«ã¡ã©ãWi-Fi ãã€ã³ãããã®ä»ã®éå人çšãããã¯ãŒã¯ ããã€ã¹ãæ¥ç¶ãããŠããéåžžã®ãœã±ããã䜿çšããããšããããããŸãã ãããã£ãŠããããã¯ãŒã¯ ã¢ã¯ã»ã¹ã dot1x ãã¯ãããžãŒã«åºã¥ããŠããŠãããŠãŒã¶ãŒèªèšŒèšŒææžã䜿çšããã«ä»£æ¿ãããã³ã«ã䜿çšãããŠããå Žåã§ããã»ãã·ã§ã³ååãšãã«ãŒã ãã©ãŒã¹ ãã¹ã¯ãŒãã«ããæ»æãæåããå¯èœæ§ãé«ããªããŸãã Cisco ISE ã®å Žåã蚌ææžãçãããšã¯ã¯ããã«å°é£ã«ãªããŸãããã®ããã«ãããã«ãŒã¯ããå€ãã®ã³ã³ãã¥ãŒãã£ã³ã°èœåãå¿ èŠãšããããããã®ã±ãŒã¹ã¯éåžžã«å¹æçã§ãã
ãã¥ã¢ã«SSIDã¯ã€ã€ã¬ã¹ã¢ã¯ã»ã¹
ãã®ã·ããªãªã®æ¬è³ªã¯ã2 ã€ã®ãããã¯ãŒã¯èå¥å (SSID) ã䜿çšããããšã§ãã ãã®ãã¡ã® XNUMX ã€ãæ¡ä»¶ä»ãã§ãã²ã¹ãããšåŒã¶ããšãã§ããŸãã ãããéããŠãã²ã¹ããšäŒç€ŸåŸæ¥å¡ã®äž¡æ¹ãã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ã§ããŸãã æ¥ç¶ããããšãããšãããããžã§ãã³ã°ãè¡ãããç¹å¥ãªããŒã¿ã«ã«ãªãã€ã¬ã¯ããããŸãã ã€ãŸãããŠãŒã¶ãŒã«ã¯èšŒææžãçºè¡ããããŠãŒã¶ãŒã®å人ããã€ã¹ã¯ XNUMX çªç®ã® SSID ã«èªåçã«åæ¥ç¶ããããã«æ§æãããŸããXNUMX çªç®ã® SSID ã§ã¯ãæåã®ã±ãŒã¹ã®å©ç¹ããã¹ãŠåãã EAP-TLS ããã§ã«äœ¿çšãããŠããŸãã
MAC èªèšŒãã€ãã¹ãšãããã¡ã€ãªã³ã°
ãã 802.1 ã€ã®äžè¬çãªäœ¿çšäŸã¯ãæ¥ç¶ãããŠããããã€ã¹ã®çš®é¡ãèªåçã«æ€åºããããã«é©åãªå¶éãé©çšããããšã§ãã ãªã圌ã¯é¢çœãã®ã§ããããïŒ å®éã«ã¯ãXNUMXX ãããã³ã«ã䜿çšããèªèšŒããµããŒãããŠããªãããã€ã¹ãäŸç¶ãšããŠããªãå€ãååšããŸãã ãããã£ãŠããã®ãããªããã€ã¹ã¯ MAC ã¢ãã¬ã¹ã䜿çšããŠãããã¯ãŒã¯ãžã®æ¥ç¶ãèš±å¯ããå¿ èŠããããŸãããããã¯ç°¡åã«åœè£ ã§ããŸãã ãã㧠Cisco ISE ã圹ã«ç«ã¡ãŸããã·ã¹ãã ã®å©ããåããŠãããã€ã¹ããããã¯ãŒã¯äžã§ã©ã®ããã«åäœãããã確èªãããããã¡ã€ã«ãäœæããŠãä»ã®ããã€ã¹ã®ã°ã«ãŒãïŒIP é»è©±ãã¯ãŒã¯ã¹ããŒã·ã§ã³ãªã©ïŒã«å²ãåœãŠãããšãã§ããŸãã ã æ»æè ã MAC ã¢ãã¬ã¹ãåœè£ ããŠãããã¯ãŒã¯ã«æ¥ç¶ããããšãããšãã·ã¹ãã ã¯ããã€ã¹ ãããã¡ã€ã«ãå€æŽãããããšãèªèããäžå¯©ãªåäœãéç¥ããäžå¯©ãªãŠãŒã¶ãŒã®ãããã¯ãŒã¯ãžã®æ¥ç¶ãèš±å¯ããŸããã
EAP ãã§ãŒã³
EAP ãã§ãŒã³ ãã¯ãããžã«ã¯ãäœæ¥äžã® PC ãšãŠãŒã¶ãŒ ã¢ã«ãŠã³ãã®é 次èªèšŒãå«ãŸããŸãã ãã®äºä»¶ãåºãŸã£ãçç±ã¯âŠ å€ãã®äŒæ¥ã¯äŸç¶ãšããŠãåŸæ¥å¡ã®å人çšã¬ãžã§ããã瀟å LAN ã«æ¥ç¶ããããšãæšå¥šããŠããŸããã ãã®èªèšŒã¢ãããŒãã䜿çšãããšãç¹å®ã®ã¯ãŒã¯ã¹ããŒã·ã§ã³ããã¡ã€ã³ã®ã¡ã³ããŒã§ãããã©ããã確èªããããšãã§ããçµæãåŠå®çã§ããå ŽåããŠãŒã¶ãŒã¯ãããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãèš±å¯ãããªããããããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãèš±å¯ãããŸããã確å®ãªå¶éã課ããããŸããå¶éã
姿å¢
ãã®ã±ãŒã¹ã¯ãã¯ãŒã¯ã¹ããŒã·ã§ã³ ãœãããŠã§ã¢ãæ å ±ã»ãã¥ãªãã£èŠä»¶ã«æºæ ããŠãããã©ããã®è©äŸ¡ã«é¢ãããã®ã§ãã ãã®ãã¯ãããžãŒã䜿çšãããšãã¯ãŒã¯ã¹ããŒã·ã§ã³äžã®ãœãããŠã§ã¢ãæŽæ°ãããŠãããã©ãããã»ãã¥ãªãã£å¯Ÿçãã€ã³ã¹ããŒã«ãããŠãããã©ããããã¹ãã®ãã¡ã€ã¢ãŠã©ãŒã«ãæ§æãããŠãããã©ãããªã©ã確èªã§ããŸãã èå³æ·±ãããšã«ããã®ãã¯ãããžãŒã䜿çšãããšãå¿ èŠãªãã¡ã€ã«ã®ååšã®ç¢ºèªãã·ã¹ãã å šäœã®ãœãããŠã§ã¢ã®ã€ã³ã¹ããŒã«ãªã©ãã»ãã¥ãªãã£ã«é¢ä¿ããªãä»ã®ã¿ã¹ã¯ã解決ã§ããŸãã
Cisco ISE ã®ããŸãäžè¬çã§ã¯ãªããŠãŒã¹ã±ãŒã¹ã«ã¯ããšã³ãããŒãšã³ãã®ãã¡ã€ã³èªèšŒïŒããã·ã IDïŒã«ããã¢ã¯ã»ã¹å¶åŸ¡ãSGT ããŒã¹ã®ãã€ã¯ãã»ã°ã¡ã³ããŒã·ã§ã³ãšãã£ã«ã¿ãªã³ã°ãã¢ãã€ã« ããã€ã¹ç®¡çïŒMDMïŒã·ã¹ãã ãè匱æ§ã¹ãã£ããšã®çµ±åãªã©ããããŸãã
éæšæºãããžã§ã¯ãïŒä»ã« Cisco ISE ãå¿ èŠãªçç±ããŸãã¯åœç€Ÿã®å®è·µããåŸã 3 ã€ã®ãŸããªã±ãŒã¹
Linux ããŒã¹ã®ãµãŒããŒãžã®ã¢ã¯ã»ã¹å¶åŸ¡
ãã§ã« Cisco ISE ã·ã¹ãã ãå®è£ ããŠãã顧客㮠XNUMX 人ã«é¢ãããããªãéèŠãªã±ãŒã¹ã解決ããŠãããšããLinux ãã€ã³ã¹ããŒã«ãããŠãããµãŒãäžã§ã®ãŠãŒã¶ ã¢ã¯ã·ã§ã³ïŒäž»ã«ç®¡çè ïŒãå¶åŸ¡ããæ¹æ³ãèŠã€ããå¿ èŠããããŸããã çããæ±ããŠãç§ãã¡ã¯ç¡æã® PAM Radius Module ãœãããŠã§ã¢ã䜿çšãããšããã¢ã€ãã¢ãæãã€ããŸããããã®ãœãããŠã§ã¢ã䜿çšãããšãå€éš Radius ãµãŒããŒã§ã®èªèšŒã䜿çšã㊠Linux ãå®è¡ããŠãããµãŒããŒã«ãã°ã€ã³ã§ããããã«ãªããŸãã ãã®ç¹ã«é¢ããŠã¯ãXNUMX ã€ã®ãããããããªããã°ãã¹ãŠè¯ãã§ããããRADIUS ãµãŒããŒã¯èªèšŒãªã¯ãšã¹ãã«å¿çãéä¿¡ããã¢ã«ãŠã³ãåãšãã®çµæ (æ¿èªæžã¿ã®è©äŸ¡ãŸãã¯æåŠæžã¿ã®è©äŸ¡) ã®ã¿ãè¿ããŸãã äžæ¹ãLinux ã§ã®èªèšŒã®å Žåã¯ããŠãŒã¶ãŒãå°ãªããšãã©ããã«ç§»åã§ããããã«ãå°ãªããšã XNUMX ã€ã®è¿œå ãã©ã¡ãŒã¿ãŒ (ããŒã ãã£ã¬ã¯ããª) ãå²ãåœãŠãå¿ èŠããããŸãã ããã radius å±æ§ãšããŠæå®ããæ¹æ³ãèŠã€ãããªãã£ãã®ã§ãåèªåã¢ãŒãã§ãã¹ãäžã«ã¢ã«ãŠã³ãããªã¢ãŒãäœæããããã®ç¹å¥ãªã¹ã¯ãªãããäœæããŸããã 管çè ã¢ã«ãŠã³ãã®æ°ã¯ããã»ã©å€ããªãã£ãã®ã§ããã®ã¿ã¹ã¯ã¯ããªãå®è¡å¯èœã§ããã 次ã«ããŠãŒã¶ãŒã¯å¿ èŠãªããã€ã¹ã«ãã°ãªã³ããå¿ èŠãªã¢ã¯ã»ã¹æš©ãå²ãåœãŠãããŸããã ãã®ãããªå Žåã« Cisco ISE ã䜿çšããå¿ èŠãããã®ã§ãããã?ãšããåœç¶ã®çåãçããŸãã å®éã«ã¯ãããããã©ã® RADIUS ãµãŒããŒã§ã䜿çšã§ããŸããã顧客ã¯ãã§ã«ãã®ã·ã¹ãã ãææããŠããã®ã§ãããã«æ°ããæ©èœãè¿œå ããã ãã§ãã
LANäžã®ããŒããŠã§ã¢ãšãœãããŠã§ã¢ã®ã€ã³ãã³ããª
ç§ãã¡ã¯ãã€ãŠãäºåçãªããã€ãããããè¡ããã«ããã顧客㫠Cisco ISE ãæäŸãããããžã§ã¯ãã«åãçµã¿ãŸããã ãã®ãœãªã¥ãŒã·ã§ã³ã«ã¯æ確ãªèŠä»¶ããªããããã«ãã©ããã§ã»ã°ã¡ã³ãåãããŠããªããããã¯ãŒã¯ãæ±ã£ãŠãããããã¿ã¹ã¯ãè€éã§ããã ãããžã§ã¯ãäžã«ããããã¯ãŒã¯ããµããŒããããã¹ãŠã®å¯èœãªãããã¡ã€ãªã³ã°æ¹æ³ (NetFlowãDHCPãSNMPãAD çµ±åãªã©) ãæ§æããŸããã ãã®çµæãèªèšŒã倱æããå Žåã«ãããã¯ãŒã¯ã«ãã°ã€ã³ã§ããããã« MAR ã¢ã¯ã»ã¹ãæ§æãããŸããã ã€ãŸããèªèšŒãæåããªãã£ãå Žåã§ããã·ã¹ãã ã¯ãŠãŒã¶ãŒã®ãããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ãèš±å¯ãããŠãŒã¶ãŒã«é¢ããæ å ±ãåéã㊠ISE ããŒã¿ããŒã¹ã«èšé²ããŸãã æ°é±éã«ããããã®ãããã¯ãŒã¯ç£èŠã«ãããæ¥ç¶ãããã·ã¹ãã ãšéå人çšããã€ã¹ãç¹å®ããããããã»ã°ã¡ã³ãåããã¢ãããŒããéçºããããšãã§ããŸããã ãã®åŸãã¯ãŒã¯ã¹ããŒã·ã§ã³ã«ã€ã³ã¹ããŒã«ãããŠãããœãããŠã§ã¢ã«é¢ããæ å ±ãåéããããã«ãã¯ãŒã¯ã¹ããŒã·ã§ã³ã«ãšãŒãžã§ã³ããã€ã³ã¹ããŒã«ããããã«ãã¹ããè¿œå æ§æããŸããã çµæã¯ã©ããªããŸããã? ç§ãã¡ã¯ãããã¯ãŒã¯ãã»ã°ã¡ã³ãåããã¯ãŒã¯ã¹ããŒã·ã§ã³ããåé€ããå¿ èŠããããœãããŠã§ã¢ã®ãªã¹ããç¹å®ããããšãã§ããŸããã ãŠãŒã¶ãŒããã¡ã€ã³ ã°ã«ãŒãã«åæ£ããã¢ã¯ã»ã¹æš©ãæ確ã«ãããšãããããªãäœæ¥ã«ããªãã®æéãããã£ãã®ã¯é ããŸãããããã®æ¹æ³ã§ã顧客ããããã¯ãŒã¯äžã«ã©ã®ãããªããŒããŠã§ã¢ãæã£ãŠããããå®å šã«ææ¡ããããšãã§ããŸããã ã¡ãªã¿ã«ãããã«äœ¿ãããããã¡ã€ãªã³ã°ã®ãããã§ãããã¯é£ãããããŸããã§ããã ãããã¡ã€ãªã³ã°ã圹ã«ç«ããªãã£ãå Žåã¯ãèªåãã¡ã§èª¿ã¹ãŠãæ©åšãæ¥ç¶ãããŠããã¹ã€ãã ããŒãã匷調衚瀺ããŸããã
ã¯ãŒã¯ã¹ããŒã·ã§ã³ãžã®ãœãããŠã§ã¢ã®ãªã¢ãŒã ã€ã³ã¹ããŒã«
ãã®ã±ãŒã¹ã¯ç§ã®å®åã®äžã§ãæãå¥åŠãªã±ãŒã¹ã®äžã€ã§ãã ããæ¥ãã客æ§ãå©ããæ±ããŠç§ãã¡ã«æ¥ãããŸãããCisco ISE ã®å®è£ äžã«åé¡ãçºçãããã¹ãŠãå£ããä»ã®èª°ããããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ã§ããªããªããŸããã 調æ»ãéå§ãããšããã次ã®ããšãããããŸããã å瀟ã«ã¯ 2000 å°ã®ã³ã³ãã¥ãŒã¿ãããããã¡ã€ã³ ã³ã³ãããŒã©ããªãå Žåã¯ã管çè ã¢ã«ãŠã³ãã§ç®¡çãããŠããŸããã ãã¢ãªã³ã°ã®ç®çã§ãçµç¹ã¯ Cisco ISE ãå®è£ ããŸããã æ¢åã®PCã«ãŠã€ã«ã¹å¯Ÿçãœãããã€ã³ã¹ããŒã«ãããŠãããããœãããŠã§ã¢ç°å¢ãæŽæ°ãããŠããããªã©ããªããšãææ¡ããå¿ èŠããããŸããã ãŸããIT 管çè ããããã¯ãŒã¯æ©åšãã·ã¹ãã ã«èšçœ®ãããããIT 管çè ãããã«ã¢ã¯ã»ã¹ã§ããã®ã¯åœç¶ã§ãã 管çè ã¯ããããã©ã®ããã«æ©èœãããã確èªããPC ãæäœããåŸãå人çãªèšªåãããã«ãªã¢ãŒãããåŸæ¥å¡ã®ã¯ãŒã¯ã¹ããŒã·ã§ã³ã«ãœãããŠã§ã¢ãã€ã³ã¹ããŒã«ãããšããã¢ã€ãã¢ãæãã€ããŸããã ãã®æ¹æ³ã§ XNUMX æ¥ã«ã©ãã ãã®æ©æ°ãç¯çŽã§ãããæ³åããŠã¿ãŠãã ããã 管çè ã¯ãC:Program Files ãã£ã¬ã¯ããªã«ç¹å®ã®ãã¡ã€ã«ãååšãããã©ããã¯ãŒã¯ã¹ããŒã·ã§ã³ãããã€ããã§ãã¯ããååšããªãå Žåã¯ããã¡ã€ã« ã¹ãã¬ãŒãžãžã®ãªã³ã¯ããã©ã£ãŠã€ã³ã¹ããŒã« .exe ãã¡ã€ã«ã«ã¢ã¯ã»ã¹ããããšã§èªå修埩ãéå§ãããŸããã ããã«ãããäžè¬ãŠãŒã¶ãŒããã¡ã€ã«å ±æã«ã¢ã¯ã»ã¹ããããããå¿ èŠãªãœãããŠã§ã¢ãããŠã³ããŒãã§ããããã«ãªããŸããã æ®å¿µãªããã管çè 㯠ISE ã·ã¹ãã ãããç¥ããªãã£ããããæçš¿ã¡ã«ããºã ã«æå·ãäžããŸãããããªã·ãŒãééã£ãŠäœæãããããåé¡ãçºçããç§ãã¡ã¯ãã®è§£æ±ºã«åãçµã¿ãŸããã å人çã«ã¯ããã¡ã€ã³ ã³ã³ãããŒã©ãŒãäœæããæ¹ãã¯ããã«å®äŸ¡ã§åŽåãããããªãããããã®ãããªåµé çãªã¢ãããŒãã«ã¯å¿ããé©ããŸããã ããããæŠå¿µå®èšŒãšããŠã¯ããŸããããŸããã
Cisco ISE ã®å®è£
æã«çããæè¡çãªåŸ®åŠãªéãã«ã€ããŠè©³ããã¯ãååã®èšäºãã芧ãã ããã
Artem Bobrikov æ°ãJet Infosystems æ å ±ã»ãã¥ãªã㣠ã»ã³ã¿ãŒã®èšèšãšã³ãžãã¢
åŸæžã:
ãã®æçš¿ã§ã¯ Cisco ISE ã·ã¹ãã ã«ã€ããŠèª¬æããŠããŸããã説æãããŠããåé¡ã¯ NAC ãœãªã¥ãŒã·ã§ã³ã®ã¯ã©ã¹å
šäœã«é¢é£ããŠããŸãã ã©ã®ãã³ããŒã®ãœãªã¥ãŒã·ã§ã³ã®å®è£
ãèšç»ãããŠãããã¯ããã»ã©éèŠã§ã¯ãããŸãããäžèšã®ã»ãšãã©ã¯åŒãç¶ãé©çšå¯èœã§ãã
åºæïŒ habr.com