Takulandilani ku positi yachitatu pamndandanda wa Cisco ISE. Maulalo azolemba zonse pamndandanda waperekedwa pansipa:
Mu positi iyi, mudzalowera kulowa kwa alendo, komanso chiwongolero chatsatanetsatane chophatikiza Cisco ISE ndi FortiGate kukonza FortiAP, malo olowera kuchokera ku Fortinet (nthawi zambiri, chida chilichonse chomwe chimathandizira. Malingaliro a kampani RADIUS COA - Kusintha kwa Authorization).
Zolemba zathu ndizophatikizidwa. .
ndemangaA: Zida za Check Point SMB sizigwirizana ndi RADIUS CoA.
zodabwitsa limafotokoza mu Chingerezi momwe mungapangire mwayi wofikira alendo pogwiritsa ntchito Cisco ISE pa Cisco WLC (Wireless Controller). Tiyeni tiganizire!
1. Kuyamba
Kufikira kwa alendo (portal) kumakupatsani mwayi wofikira pa intaneti kapena zinthu zamkati za alendo ndi ogwiritsa ntchito zomwe simukufuna kuzilowetsa mumanetiweki a kwanuko. Pali mitundu itatu yodziwikiratu ya malo ochezera alendo (malo a alendo):
-
Hotspot Guest portal - Kufikira pa netiweki kumaperekedwa kwa alendo popanda data yolowera. Nthawi zambiri, ogwiritsa ntchito amayenera kuvomereza "Mfundo Zogwiritsira Ntchito ndi Zazinsinsi" za kampaniyo asanalowe pa intaneti.
-
Sponsored-Guest portal - mwayi wofikira pa netiweki ndi zolowera kuyenera kuperekedwa ndi wothandizira - wogwiritsa ntchitoyo kupanga maakaunti a alendo pa Cisco ISE.
-
Malo Odzilembetsa Alendo Odzilembetsa - pamenepa, alendo amagwiritsa ntchito zomwe zilipo kale, kapena adzipangire okha akaunti ndi zambiri zolowera, koma chitsimikiziro cha wothandizira chikufunika kuti apeze intaneti.
Ma portal angapo amatha kutumizidwa pa Cisco ISE nthawi yomweyo. Mwachikhazikitso, pakhomo la alendo, wogwiritsa ntchito adzawona chizindikiro cha Cisco ndi mawu omwe amagwiritsidwa ntchito. Zonsezi zitha kusinthidwa makonda komanso kukhazikitsidwa kuti muwone zotsatsa musanapeze mwayi.
Kukhazikitsa kwa alendo kutha kugawidwa m'masitepe anayi akuluakulu: kukhazikitsa kwa FortiAP, kulumikizana kwa Cisco ISE ndi FortiAP, kupanga zipata za alendo, ndikukhazikitsa mfundo zofikira.
2. Kukonza FortiAP pa FortiGate
FortiGate ndiwowongolera malo olowera ndipo zosintha zonse zimapangidwa pamenepo. Malo ofikira a FortiAP amathandizira PoE, ndiye mukangolumikiza netiweki kudzera pa Ethernet, mutha kuyambitsa kasinthidwe.
1) Pa FortiGate, pitani ku tabu WiFi & Switch Controller > Managed FortiAPs > Pangani Chatsopano > Managed AP. Pogwiritsa ntchito nambala yapadera ya seriyoni, yomwe imasindikizidwa pamalo omwewo, onjezani ngati chinthu. Kapena ikhoza kudziwonetsa yokha ndikusindikiza Vomerezani pogwiritsa ntchito batani lakumanja la mbewa.
2) Zokonda za FortiAP zitha kukhala zosasintha, mwachitsanzo, siyani monga pazithunzi. Ndikupangira kuyatsa 5 GHz mode, chifukwa zida zina sizigwirizana ndi 2.4 GHz.
3) Kenako mu tabu WiFi & Switch Controller> Mbiri za FortiAP> Pangani Zatsopano Tikupanga mbiri yosinthira malo ofikira (mtundu wa 802.11 protocol, SSID mode, frequency yachannel ndi nambala yawo).
Chitsanzo cha FortiAP zoikamo
4) Chotsatira ndikupanga SSID. Pitani ku tabu WiFi & Switch Controller > SSIDs > Pangani Chatsopano > SSID. Apa kuchokera kofunikira ziyenera kukhazikitsidwa:
-
malo adilesi kwa alendo WLAN - IP/Netmask
-
Kuwerengera kwa RADIUS ndi Kulumikizana kwa Nsalu Zotetezedwa mugawo la Administrative Access
-
Chidziwitso cha Chipangizo njira
-
SSID ndi Broadcast SSID njira
-
Zokonda pachitetezo>> Portal Portal
-
Authentication Portal - Kunja ndikuyika ulalo kutsamba la alendo lomwe lapangidwa kuchokera ku Cisco ISE kuchokera pagawo 20
-
Gulu la Ogwiritsa - Gulu la Alendo - Akunja - onjezani RADIUS ku Cisco ISE (tsamba 6 kupita patsogolo)
Chitsanzo chokhazikitsa SSID
5) Kenako muyenera kupanga malamulo mundondomeko yofikira pa FortiGate. Pitani ku tabu Ndondomeko & Zolinga > Ndondomeko ya Firewall ndi kupanga lamulo motere:
3. Kusintha kwa RADIUS
6) Pitani ku tsamba la Cisco ISE pa tabu Policy> Policy Elements> Dictionaries> System> Radius> RADIUS Vendors> Onjezani. Patsambali, tiwonjezera Fortinet RADIUS pamndandanda wama protocol omwe amathandizidwa, popeza pafupifupi wogulitsa aliyense ali ndi mawonekedwe ake - VSA (Vendor-Specific Attributes).
Mndandanda wazinthu za Fortinet RADIUS zitha kupezeka . Ma VSA amasiyanitsidwa ndi nambala yawo yapadera ya ID ya Vendor. Fortinet ali ndi ID iyi = 12356. Zodzaza VSA yasindikizidwa ndi IANA.
7) Khazikitsani dzina la mtanthauzira mawu, tchulani ID ya ogulitsa (12356) ndikusindikiza Gonjerani.
8) Tikapita ku Kuwongolera> Mbiri Zazida Zapaintaneti> Onjezani ndi kupanga mbiri ya chipangizo chatsopano. M'gawo la RADIUS Dictionaries, sankhani dikishonale yomwe idapangidwa kale ya Fortinet RADIUS ndikusankha njira za CoA kuti mugwiritse ntchito pambuyo pake mu mfundo za ISE. Ndinasankha RFC 5176 ndi Port Bounce (mawonekedwe otseka / osatseka) ndi ma VSA ofanana:
Fortinet-Access-Profile=read-write
Fortinet-Group-Name = fmg_faz_admins
9) Kenako, onjezani FortiGate kuti mulumikizane ndi ISE. Kuti muchite izi, pitani ku tabu Administration> Network Resources> Network Chipangizo Mbiri> Onjezani. Minda yosinthidwa Dzina, Wogulitsa, RADIUS Dictionaries (IP Address imagwiritsidwa ntchito ndi FortiGate, osati FortiAP).
Chitsanzo chokonzekera RADIUS kuchokera kumbali ya ISE
10) Pambuyo pake, muyenera kukonza RADIUS kumbali ya FortiGate. Mu mawonekedwe a tsamba la FortiGate, pitani ku Wogwiritsa & Kutsimikizira > Ma seva a RADIUS > Pangani Chatsopano. Tchulani dzina, adilesi ya IP ndi Chinsinsi Chogawana (chinsinsi) kuchokera m'ndime yapitayi. Kenako dinani Yesani Mbiri Yogwiritsa Ntchito ndikulowetsani zidziwitso zilizonse zomwe zitha kukokedwa kudzera pa RADIUS (mwachitsanzo, wogwiritsa ntchito wamba pa Cisco ISE).
11) Onjezani seva ya RADIUS ku Guest-Group (ngati kulibe) komanso gwero lakunja la ogwiritsa ntchito.
12) Osayiwala kuwonjezera Gulu la Alendo ku SSID yomwe tidapanga kale mu gawo 4.
4. Makonda Ovomerezeka Ogwiritsa Ntchito
13) Mwachidziwitso, mutha kuitanitsa satifiketi ku doko la alendo la ISE kapena kupanga satifiketi yodzisainira pa tabu. Malo Ogwirira Ntchito> Kufikira Kwa Alendo> Ulamuliro> Chitsimikizo> Zikalata Zadongosolo.
14) Pambuyo pa tabu Malo Ogwirira Ntchito> Kufikira Alendo> Magulu Odziwika> Magulu Ozindikiritsa Ogwiritsa> Onjezani pangani gulu latsopano logwiritsa ntchito alendo, kapena gwiritsani ntchito osakhazikika.
15) Komanso mu tabu Utsogoleri > Zodziwika pangani ogwiritsa ntchito alendo ndikuwawonjezera m'magulu a ndime yapitayi. Ngati mukufuna kugwiritsa ntchito maakaunti a chipani chachitatu, dumphani izi.
16) Tikapita ku zoikamo Malo Ogwirira Ntchito> Kufikira Alendo> Zodziwika> Identity Source Sequence > Kutsatizana Kwa Alendo - uku ndiye kutsimikizira kokhazikika kwa ogwiritsa ntchito alendo. Ndipo m'munda Mndandanda Wofufuza Wotsimikizira sankhani dongosolo lotsimikizira ogwiritsa ntchito.
17) Kuti mudziwitse alendo ndi mawu achinsinsi a nthawi imodzi, mutha kukonza opereka ma SMS kapena seva ya SMTP pachifukwa ichi. Pitani ku tabu Malo Ogwirira Ntchito> Kufikira Alendo> Kuwongolera> Seva ya SMTP kapena Othandizira a SMS Gateway za zokonda izi. Pankhani ya seva ya SMTP, muyenera kupanga akaunti ya ISE ndikufotokozera zomwe zili patsambali.
18) Pazidziwitso za SMS, gwiritsani ntchito tabu yoyenera. ISE ili ndi mbiri yoyikiratu ya opereka ma SMS otchuka, koma ndibwino kuti mupange zanu. Gwiritsani ntchito mbiriyi ngati chitsanzo chokhazikitsa SMS Email Gatewayy kapena SMS HTTP API.
Chitsanzo chokhazikitsa seva ya SMTP ndi chipata cha SMS chachinsinsi cha nthawi imodzi
5. Kukhazikitsa portal alendo
19) Monga tafotokozera poyamba, pali mitundu ya 3 ya mawindo a alendo omwe adayikidwa kale: Hotspot, Sponsored, Self-Registered. Ndikupangira kusankha njira yachitatu, chifukwa ndiyofala kwambiri. Mulimonsemo, zokonda ndizofanana kwambiri. Ndiye tiyeni tipite ku tabu. Malo Ogwirira Ntchito > Kufikira Kwa Alendo > Malo & Zigawo > Malo Olowera Alendo > Malo Odzilembera Alendo Odzilembetsa (chosasinthika).
20) Kenako, pa tsamba la Portal Customization tabu, sankhani "Onani mu Russian - Russian", kotero kuti portal ikuwonetsedwa mu Russian. Mutha kusintha mawu a tabu iliyonse, kuwonjezera chizindikiro chanu, ndi zina zambiri. Kumanja pakona pali chithunzithunzi cha portal ya alendo kuti muwone bwino.
Chitsanzo chokonzekera portal ya alendo ndi kudzilembera nokha
21) Dinani pa mawu Ulalo woyeserera wa portal ndi kukopera ulalo wa portal ku SSID pa FortiGate mu sitepe 4. Ulalo wachitsanzo
Kuti muwonetse dera lanu, muyenera kukweza satifiketi patsamba la alendo, onani gawo 13.
22) Pitani ku tabu Malo Ogwirira Ntchito> Kufikira Kwa Alendo> Zolemba Zazosankha> Zotsatira> Mbiri Zachilolezo> Onjezani kuti mupange mbiri yovomerezeka pansi pa yomwe idapangidwa kale Mbiri ya Chipangizo cha Network.
23) Mu tabu Malo Ogwirira Ntchito> Kufikira kwa Alendo> Makhalidwe a Ndondomeko sinthani ndondomeko yofikira kwa ogwiritsa ntchito a WiFi.
24) Tiyeni tiyese kulumikizana ndi mlendo SSID. Nthawi yomweyo imandilozera kutsamba lolowera. Apa mutha kulowa ndi akaunti ya alendo yomwe idapangidwa kwanuko pa ISE, kapena kulembetsa ngati alendo.
25) Ngati mwasankha njira yodzilembera nokha, ndiye kuti data yolowera nthawi imodzi imatha kutumizidwa ndi makalata, kudzera pa SMS, kapena kusindikizidwa.
26) Mu RADIUS> Live Logs tabu pa Cisco ISE, mudzawona zipika zofananira.
6. Kutsiliza
M'nkhani yayitali iyi, takonza bwino mwayi wofikira alendo pa Cisco ISE, pomwe FortiGate imakhala ngati wowongolera malo, ndipo FortiAP imakhala ngati malo ofikira. Zinapezeka ngati kuphatikiza kosagwirizana, komwe kumatsimikiziranso kugwiritsidwa ntchito kwa ISE.
Kuti muyese Cisco ISE, lemberani komanso khalani maso mumayendedwe athu (, , , , ).
Source: www.habr.com