码迷,mamicode.com
首页 > 系统相关 > 详细

Cisco Umbrella WLAN

时间:2019-03-10 13:32:32      阅读:225      评论:0      收藏:0      [点我收藏+]

标签:2.4   接下来   lis   ase   lin   push   procedure   pre   label   

Cisco Umbrella WLAN在域名系统(DNS)级别提供云交付网络安全服务,可自动检测已知和紧急威胁。

此功能允许您在实际恶意攻击之前阻止托管恶意软件,僵尸网络和网络钓鱼的站点。

Cisco Umbrella WLAN提供:

  • 单点的每用户组策略配置。
  • 对每个网络,每个组,用户,设备或IP地址的策略配置。

策略优先级顺序:
1、Local policy
2、AP group
3、WLAN

  • 可视化安全活动仪表板,实时汇总报告。
  • 安排并通过电子邮件发送报告。
  • 最多支持60个内容类别,并提供添加自定义白名单和黑名单条目的功能。

此功能在以下方案中不起作用:
1、如果应用程序或主机直接使用IP地址,而不是使用DNS来查询域名。
2、如果客户端连接到Web代理,但未发送DNS查询以解析服务器地址。

 

配置准备:

你需要拥有Cisco Umbrella的账户。

你应该有Cisco Umbrella 的API  token 。

 

配置步骤:

GUI配置:

技术图片

技术图片

技术图片

上面是关联WLAN,也可以关联AP-Group

 

To map the profile to an AP group, choose WLANs > Advanced > AP Groups, select the corresponding AP group, click the WLAN tab, and mouse over the blue button and select OpenDNS Profile.

To view OpenDNS mapping, choose Security > OpenDNS > General and click the Profile Mapped Summary hyperlink.

Note 

Each Cisco Umbrella profile will have a unique openDNS-Identity generated on the controller (in the format WLC name _profile name). This will be pushed to the associated Cisco Umbrella account in the cloud.

What to do next

  1. From Cisco Umbrella Dashboard, verify that your Cisco WLC shows up under Device Name, along with their identities

  2. Create classification rules for the user roles, for example, rules for employees and nonemployees.

  3. Configure policies on the Cisco Umbrella server.

 

 

CLI配置:

Step 1

config network dns serverip server-ip

Example:

(Cisco Controller) > config network dns serverip 208.67.222.222

Configures the DNS server IP address of the network.

Step 2

config opendns enable

Example:

(Cisco Controller) > config opendns enable

Enables the Cisco Umbrella global configuration.

Step 3

config opendns api-token api-token

Example:

(Cisco Controller) > config opendns api-token D72996C18DC334FB2E3AA46148D600A4001E5997

Registers the Cisco Umbrella API token on the network.

Step 4

config opendns profile create profilename

Example:

(Cisco Controller) > config opendns profile create profile1

Creates an Cisco Umbrella profile that can be applied over a WLAN.

Step 5

config wlan opendns-profile wlan-id profile-name enable

Example:

(Cisco Controller) > config wlan opendns-profile wlan1 profile1 enable

Applies the Cisco Umbrella profile to a WLAN.

Step 6

config wlan apgroup opendns-profile wlan-id site-name profile-name enable

Example:

(Cisco Controller) >config wlan apgroup opendns-profile wlan1 apgrp1 profile1

(Optional) Applies the Cisco Umbrella profile to an AP group with the WLAN.

Step 7

config policy policy-name create

Example:

(Cisco Controller) > config policy ipad create 

Creates a policy name.

In Cisco WLC, policy is generic term that specifies a rule and the associated action when that rule criteria is met for given client.

You can create policy and have rule on that by saying if the rolename from AAA server comes as employee take an action to apply Cisco Umbrella profile associated to that policy. Cisco Umbrella profile is applied to the client if the WLAN of that client is mapped for this policy.

Step 8

config policy policy-name action opendns-profile-name enable

Example:

(Cisco Controller) > config policy ipad action opendns-profile-name enable 

Attaches the policy name to the Cisco Umbrella profile.

 

 

接下来:

在opendns.com中配置策略。

根据每个配置文件的类别配置粒度策略以阻止站点(配置文件列为标识)。

为每个配置文件添加白名单和黑名单规则

Configuring Local Policies for Cisco Umbrella (GUI)

When mapped to local policy, the Cisco Umbrella allows for a granular differentiated user browsing experience based on dynamic evaluation of attributes (user role, device type, and so on).

Use this procedure to configure user role based local policy and tie the corresponding Cisco Umbrella profile to it. This procedure also provides information about how to map a local policy to a WLAN.

Procedure


Step 1

Choose Security > Local Policies > New.

This opens the new policy creation page.

  1. In the Policy Name field, enter the local policy name.

  2. Click Apply.

Step 2

From the policies listed under Policy List, choose a Policy Name to configure the Cisco Umbrella profile.

  1. From the Match Criteria sub-section, enter the Match Role String.

  2. From the Action sub-section, select the required option from the OpenDNS Profile drop-down list.

  3. Click Apply.

Step 3

Choose WLAN > WLAN ID > Policy Mapping.

  1. In the Priority Index field, enter the priority index number.

  2. From the Local Policy drop-down list, choose a value.

  3. Click Add.

   

Cisco Umbrella WLAN

标签:2.4   接下来   lis   ase   lin   push   procedure   pre   label   

原文地址:https://www.cnblogs.com/MomentsLee/p/10504941.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!