ASM入网规范管理系统配置手册

aaa new-model

aaa group server radius ASMEOU

#下面这个地址要进行修改,另外如果有多个AMC可以进行增加（192.168.40.214） server-private 192.168.56.22 auth-port 1812 acct-port 1813 key msackey exit

aaa authorization network default local aaa accounting network default none aaa authentication login default line

radius-server attribute 8 include-in-access-req radius-server vsa send authentication radius-server deadtime 720

radius-server dead-criteria tries 3

ip access-list extended AsmEouAllAcl permit ip any any exit

ip access-list extended AsmEouDefaultAcl remark allow DHCP

permit udp any any eq bootps remark allow DNS

permit udp any any eq domain remark allow to the server WWW

#这个地方要进行修改为实际的IP地址和端口 permit tcp any host 192.168.56.14 eq www

#另外如果有其它的修复机器要求可以访问，要求增加在这个地方 remark allow to server

permit ip any host 192.168.56.245 remark deny other deny ip any any exit

ip access-list extended AsmEouUrlAcl

#这个地方要进行修改，将不需要重定向的机器增加到这个地方 deny tcp any host 192.168.56.14 eq www deny tcp any host 192.168.56.246 eq www permit tcp any any eq www exit

identity policy AaaDown

access-group AsmEouAllAcl exit

identity profile eapoudp

#这个地方根据实际要求放开的来处理

device authorize ip-address 192.168.56.128 policy AaaDown exit

aaa authentication eou default group ASMEOU

ip admission name AsmEouNac eapoudp bypass event timeout aaa policy identity AaaDown