本文共 862 字,大约阅读时间需要 2 分钟。
1.拓扑图:
参考:
2.ASA配置步骤:
A.添加LDAP认证类型的aaa-server
aaa-server yuntian.com protocol ldap
max-failed-attempts 2 aaa-server yuntian.com (inside) host 100.1.1.100 ldap-base-dn cn=users,dc=yuntian,dc=com ldap-group-base-dn dc=yuntian,dc=com ldap-scope subtree ldap-login-password ***** ldap-login-dn cn=xllldap,cn=users,dc=yuntian,dc=com server-type microsoftB.设定允许telnet的主机IP:
telnet 100.1.1.0 255.255.255.0 inside
C.进行AAA测试:
ciscoasa# test aaa-server authentication yuntian.com username xllldap password 1234qwer,
Server IP Address or name: 100.1.1.100
INFO: Attempting Authentication test to IP address <100.1.1.100> (timeout: 12 seconds) INFO: Authentication SuccessfulD.在域控的AD中添加帐号并测试登录:
User Access Verification
Username: xll Password: ******** Username: administrator Password: ********* Type help or '?' for a list of available c ciscoasa> en Password: ciscoasa#转载地址:http://yqvbo.baihongyu.com/