Sunteți pe pagina 1din 37

Rseau sans fil scuris par CISCO

Prsent par :
Zeineb SABRI
Zied Nahali

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Plan
1

Introduction

Points daccs Cisco

Contrleur sans fil Cisco

Gestion du roaming

Protocole AAA

Identity Service Engine

Architectures proposes

Conclusion

Plan
1

Introduction

Points daccs Cisco

Contrleur sans fil Cisco

Gestion du roaming

Protocole AAA

Identity Service Engine

Architectures proposes

Conclusion

Introduction

Pyramide de Maslow
Besoins
de
ralisation de soi

Reconnaissance

Appartenance

Scurit

Survie

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Introduction
Pyramide de Maslow
Besoins du 21me sicle

5
Besoins
de
Besoins de soi
ralisation
de
ralisation de soi

Reconnaissance

Appartenance

Scurit

Survie

Wifi
Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Plan
1

Introduction

Points daccs Cisco

Contrleur sans fil Cisco

Gestion du roaming

Protocole AAA

Identity Service Engine

Architectures proposes

Conclusion

Point daccs CISCO

Les modes dun point daccs Cisco


Mode autonome
Grer dune faon autonome.

Configur individuellement.
Utilis dans un petit ou moyen rseau.
Pas dinteraction avec les autres points daccs.

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Point daccs CISCO

Mode lger
Gr par un contrleur fil (WLC).
Utilis dans les grands rseaux.

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Point daccs CISCO

Les modes de configuration dun LAP


Monitor
Rogue detector
Sniffer

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Local

Bridge
Flexconnect

Cisco Public

Plan
1

Introduction

Points daccs Cisco

Contrleur sans fil Cisco

Gestion du roaming

Protocole AAA

Identity Service Engine

Architectures proposes

Conclusion

Contrleur sans fil CISCO

11

WLC

Facilite la gestion des dploiements de rseaux sans fil grande


chelle
Pilote les bornes

Fonctionnalits avances

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Contrleur sans fil CISCO

12

Processus de mise en marche dune LAP

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Contrleur sans fil CISCO

13

Dcouverte des contrleurs

Broadcast

DHCP

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Flash

DNS

Cisco Public

Contrleur sans fil CISCO

14

CAPWAP
Protocole de transfert de donnes entre AP et contrleurs.
Tunnel qui vhicule deux types de donnes:
Flux de contrle
Flux de donne
Mise en application dans les versions des contrleurs 5.2 ou ultrieures
Prend en charge les lecteurs RFID et d'autres priphriques semblables

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Plan
1

Introduction

Points daccs Cisco

Contrleur sans fil Cisco

Gestion du roaming

Protocole AAA

Identity Service Engine

Architectures proposes

Conclusion

Gestion de roaming

16

Roaming
WLC

Dfinition
CAPWAP
Tunnel

LAP1

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Intra-Controller Roaming

LAP2

Cisco Public

Gestion de roaming

17

Inter-Subnet Roaming
Inter-Controller Roaming

CAPWAP
Tunnel

Presentation_ID

WLC2

Mobility Message exchange

WLC1

LAP1

Scnario 1
2

Base de
donnes du
WLC1

2012 Cisco and/or its affiliates. All rights reserved.

Base de
donnes du
WLC2

CAPWAP
Tunnel

Cisco Public

LAP2

Plan
1

Introduction

Points daccs Cisco

Contrleur sans fil Cisco

Gestion du roaming

Protocole AAA

Identity Service Engine

Architectures proposes

Conclusion

Protocole AAA

19

Quest ce quun protocole AAA ?


Authentication
Vrifier lidentit de lutilisateur

Authorization
Dterminer les droits de lutilisateur

Accounting
Garder des informations sur lutilisation des ressources

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Protocole AAA

20

Protocole Radius
Remote Authentication Dial-In User Service
Cest un standard pour le protocole AAA

Suit le modle client serveur


Cest un Protocole de transport pour EAP
Utilise le protocole UDP et le port 1645 1646
(par dfaut)

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Plan
1

Introduction

Points daccs Cisco

Contrleur sans fil Cisco

Gestion du roaming

Protocole AAA

Identity Service Engine

Architectures proposes

Conclusion

Identity Service Engine

Politique dautorisation

Politique dauthentification

Politique de client
provisionning
Profilage

Presentation_ID

22

2012 Cisco and/or its affiliates. All rights reserved.

Politique dvaluation
de posture

Cisco Public

Identity Service Engine

23

Politique dauthentification

Authentification 802.1x

Authentification Web
Authentification MAB
(MAC Adresse Bypass)

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Identity Service Engine

24

Politique dautorisation

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Identity Service Engine

25

Service de profilage

La Collecte des informations

La Classification des quipements


dans des groupe spcifiques

Presentation_ID

La mise en place des rgles dautorisation en


fonction de type de lquipement

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Identity Service Engine

26

Politique de client provisionning

Posture

Politique de client

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Identity Service Engine

27

Posture

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Identity Service Engine

28

Portail captif
Hotspot Guest Portal

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Identity Service Engine

29

Portail captif
Credentialed Guest Portal

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Plan
1

Introduction

Points daccs Cisco

Contrleur sans fil Cisco

Gestion du roaming

Protocole AAA

Identity Service Engine

Architectures proposes

Conclusion

Matriels utiliss

31

Internet
Virtuel switch
Administrateur

VLAN
510-519

VLAN 40

ISE v1.2

Admin
Ubuntu 12.04

Routeur

LAP
c1140-k9w8-tar.152-4.JB6

VLAN
510-519
VLAN 40
10.112.40.225

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Ubuntu 12.04
Serveur DHCP
Serveur NTP
WLC
Serveur DNS
v7.6.130
gateway

Architectures proposes

Ubuntu 12.04
Serveur DHCP
Serveur NTP
Serveur DNS
Gateway

ISE v1.2

10.112.51.100
10,112,

10.112.51.30

Architecture de la formation

32
Internet

VLAN 510

WLC1
10.112.51.22

Mobility Message exchange

10.112.51.23

CAPWAP
Tunnel

CAPWAP
Tunnel

LAP2

LAP1
Presentation_ID

WLC2

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Architectures proposes
Architecture 1

33

R3
Vlan 513

R1

Vlan 516

LAP1 Vlan 514

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

R2

Vlan 510 LAP2

Cisco Public

Architectures proposes

34

Architecture 2
Vlan 518

Vlan 517

Vlan 519

Presentation_ID

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Plan
1

Introduction

Points daccs Cisco

Contrleur sans fil Cisco

Gestion du roaming

Protocole AAA

Identity Service Engine

Architectures proposes

Conclusion

Conclusion

36
PROBLMATIQUE
Familiarisation
avec les produits
CISCO

Acquisition
dune bonne
formation

Demande de
services et offres
Confrontation
innovants
aux problmes
rencontrs au
cours de
la configuration

Presentation_ID

Emersion
la vie
professionnelle

2012 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Merci
Pour
Thank you.
votre attention