cisco nac on vmware 安装

network · 发表于 2008-8-12 07:42:39

cisco nac on vmware 安装

WEBLINK http://old.xiaolou.net/article.asp?id=307

install NAC Appliance on vmware
I used it for hands on to pass the CANAC exam.

From Cisco.com download latest image (example: cca-4.1_2_1-K9.iso)
http://ftp-sj.cisco.com/cisco/cr ... /cca-4.1_2_1-K9.iso

Create your CAM & CAS:

The steps in VMware are the same for the CAM & CAS - the only difference is during the boot up you choose what kind of system to build.
Create your CAM first, get it up and running, then create another VM for the CAS

In VMware create a new custom virtual machine with the following options:
Linux:Red Hat Linux
One Proc (Can use two)
384MB RAM (More can be used)
20GB IDE HD (IDE0:0)
Change the CD-ROM to IDE0:1
Add a second Ethernet interface prior to building the machine if you'd like to emulate HA
Finally set your CD-ROM to use the ISO image you downloaded

Boot your system and follow the normal procedure as if you were on the appliance.

(To do HA Create two CAMs and two CASes - the VMware steps are the same, I'll let you figure out all the steps involved for doing
HA as it is more complex but can be done)

Now in order to use your CAM you need to license it. I've provided license files that is based on a MAC address that can be used within
VMware's OUI range.
Here is what you need to do:

Make sure you've shutdown your VMware so you can edit the .vmx file!

Step 1.
Cut and paste the information below (starting with "SERVER" and ending with "9A23"" into a blank .txt file and name the file cca-mgr.lic

________________________________________________________________________________
_________________

SERVER this_host ANY
VENDOR cisco
INCREMENT CCA-MANAGER cisco 4.0 permanent uncounted \
VENDOR_STRING=<Count>1</Count><PrimaryMAC>000C2982E61A</PrimaryMAC> \
HOSTID=ANY \
NOTICE="<LicFileID>20060509094055917</LicFileID><LicLineID>1</LicLineID> \
<PAK></PAK>" SIGN="117F 88D8 DC5F 4783 6328 E551 D628 A36A \
18C1 C5D0 8BE6 03B6 8295 D302 D6A0 160A 55DE 24CE 6A56 05D3 \
7B99 C7F8 5530 DE47 DCF0 B2FB 4D5A 98A3 7C3E 7951"
INCREMENT SERVER-COUNT cisco 4.0 permanent uncounted \
VENDOR_STRING=<Count>20</Count><PrimaryMAC>000C2982E61A</PrimaryMAC> \
HOSTID=ANY \
NOTICE="<LicFileID>20060509094055917</LicFileID><LicLineID>2</LicLineID> \
<PAK></PAK>" SIGN="0B2B BAD5 1678 D2B9 6D9C E4DA DE28 A2F6 \
1EA0 05D8 FA84 431C 17A0 438F F24B 191D DFE2 8FCE 8F88 D84C \
4615 3D43 3EC3 EB30 9928 E23B A2E5 B26B BCD9 9A23"

________________________________________________________________________________
_________________

Step 2.
Cut and paste the information below (starting with "SERVER" and ending with "E8D9"" into a blank .txt file and name the file cca-cas.lic

________________________________________________________________________________
_________________

SERVER this_host ANY
VENDOR cisco
INCREMENT CCA-OB-SERVER cisco 4.0 permanent uncounted \
VENDOR_STRING=<Count>1</Count><PrimaryMAC>000C2982E61A</PrimaryMAC> \
HOSTID=ANY \
NOTICE="<LicFileID>20060510141450652</LicFileID><LicLineID>1</LicLineID> \
<PAK></PAK>" SIGN="1141 FE48 5F11 E9D4 9827 CAAD B8FB 0CDE \
CA29 D961 675C 721D DAF1 475E A0BB 0903 490B BA42 AC96 3BC2 \
9A6C A814 9F1C 1CF2 5C83 4585 6325 D32E 090F E1BF"
INCREMENT USER-COUNT cisco 4.0 permanent uncounted \
VENDOR_STRING=<Count>1500</Count><PrimaryMAC>000C2982E61A</PrimaryMAC> \
HOSTID=ANY \
NOTICE="<LicFileID>20060510141450652</LicFileID><LicLineID>2</LicLineID> \
<PAK></PAK>" SIGN="0A07 1FAA 5BCA F9C4 4EDF 7FFB 2097 1899 \
CCA5 8317 B20A C287 9D35 EE2B 5BAA 0125 3C15 CCA0 49FB ACE3 \
A4AF 7792 77DA 1960 05C6 260B 4BC5 5D67 1659 E8D9"

________________________________________________________________________________
_________________

Step 3.
Edit the CAM VMware .vmx file. You need to change the MAC address of your CAM so that it matches the MAC address of this license file.
Otherwise you won't be able to apply the license.

Make sure the following lines in your .vmx file look like this:

ethernet0.addressType = "generated"
ethernet0.generatedAddress = "00:0c:29:82:e6:1a"
ethernet0.generatedAddressOffset = "0"
uuid.action="keep"

Also, you need to edit the following line so that the last 6 digits match the last 6 digits of the MAC address. Example:

Our MAC Address needs to be: 000C2982E61A so make sure you change the last 6 digits to be 82 e6 1a (overwrite whatever was there previously).

Example shown below:

uuid.bios = "56 4d e5 e4 ba 36 78 cb-e1 48 ec 69 20 82 e6 1a"

Step 4.
Now you can power on the VM and you should have the new MAC address (you can verify by logging into the console as root and doing an "ifconfig").

Log into the web interface and you should be greated with the "you need to license this box before you can do anything screen". At this point,
browse to wherever you saved the cca-mgr.lic file and upload. You now should be able to login (admin:cisco123). Next step is to add the 2nd
license file. Browse to Administration > Clean Access Manager > Licensing, then click the browse button and point it to the cca-cas.lic file.
Click install license... That should do it!zhe

NAC 安装中英文对译
http://netemu.cn/bbs/thread-6734-1-1.html

下载cisco的最新image
From Cisco.com download latest image (example: cca-4.1_2_1-K9.iso)
http://ftp-sj.cisco.com/cisco/crypto/3DES/ciscosecure/CCA/4.1.2/cca-4.1_2_1-K9.iso

Create your CAM & CAS:
创建CAM 和 CAS
先把cam弄好了并运行. 再创建CAS
建立一个新的的vm
格式 linux Linux:Red Hat Linux
cpu 一个 One Proc (Can use two)
内存 384 384MB RAM (More can be used)
硬盘 20gb 20GB IDE HD (IDE0:0)
Cdrom 一个 Change the CD-ROM to IDE0:1
如果你想模拟HA(ha 是什么,我不知道我还没有学sp.) 加第二个网络接口,
设定cdrom image 为你download的cisco image.
然后就启动vm
引导系统. 安装………..
(创建HA 要2个 CAM 和 2个Cas. HA 比较复杂. 但是还是可以的.)
输入许可. (许可和mac 是绑定的) 方法如下

把下面的字符copy 到一个 txt文档中, 并改名为cca-mgr.lic (有颜色部分)
SERVER this_host ANY VENDOR cisco INCREMENT CCA-MANAGER cisco 4.0 permanent uncounted \ VENDOR_STRING=1000C2982E61A \ HOSTID=ANY \ NOTICE="200605090940559171 \ " SIGN="117F 88D8 DC5F 4783 6328 E551 D628 A36A \ 18C1 C5D0 8BE6 03B6 8295 D302 D6A0 160A 55DE 24CE 6A56 05D3 \ 7B99 C7F8 5530 DE47 DCF0 B2FB 4D5A 98A3 7C3E 7951" INCREMENT SERVER-COUNT cisco 4.0 permanent uncounted \ VENDOR_STRING=20000C2982E61A \ HOSTID=ANY \ NOTICE="200605090940559172 \ " SIGN="0B2B BAD5 1678 D2B9 6D9C E4DA DE28 A2F6 \ 1EA0 05D8 FA84 431C 17A0 438F F24B 191D DFE2 8FCE 8F88 D84C \ 4615 3D43 3EC3 EB30 9928 E23B A2E5 B26B BCD9 9A23"

同上一步(偷懒中) 不过这次文件改名为cca-cas.lic (不要弄错了)
SERVER this_host ANY VENDOR cisco INCREMENT CCA-OB-SERVER cisco 4.0 permanent uncounted \ VENDOR_STRING=1000C2982E61A \ HOSTID=ANY \ NOTICE="200605101414506521 \ " SIGN="1141 FE48 5F11 E9D4 9827 CAAD B8FB 0CDE \ CA29 D961 675C 721D DAF1 475E A0BB 0903 490B BA42 AC96 3BC2 \ 9A6C A814 9F1C 1CF2 5C83 4585 6325 D32E 090F E1BF" INCREMENT USER-COUNT cisco 4.0 permanent uncounted \ VENDOR_STRING=1500000C2982E61A \ HOSTID=ANY \ NOTICE="200605101414506522 \ " SIGN="0A07 1FAA 5BCA F9C4 4EDF 7FFB 2097 1899 \ CCA5 8317 B20A C287 9D35 EE2B 5BAA 0125 3C15 CCA0 49FB ACE3 \ A4AF 7792 77DA 1960 05C6 260B 4BC5 5D67 1659 E8D9" ________________________________________________________________________________ _________________

编辑vmx文件改mac 地址. (重要….)

把修改下列ethernet0 部分. 这是例子
Make sure the following lines in your .vmx file look like this:
ethernet0.addressType = “generated”
ethernet0.generatedAddress = “00:0c:29:82:e6:1a”
ethernet0.generatedAddressOffset = “0”
uuid.action=”keep”

你要修改个6个数字串
把mac address 改成 000C2982E61A 就是说最后6个一定是 82 e6 1a. (不太明白,为什么举例说uuid.bios, 是不是说mac address的最后6个数字要和uuid.bios 的后6个数字相同呢? 有待验证.) PS:
这里要引用原文: 因为原文举例了uuid.bios. 我没有安装过就无法知道相应情况)

Our MAC Address needs to be: 000C2982E61A so make sure you change the last 6 digits to be 82 e6 1a (overwrite whatever was there previously).

Example shown below: uuid.bios = "56 4d e5 e4 ba 36 78 cb-e1 48 ec 69 20 82 e6 1a"

启动vm, 进入root 和运行ifconfig
进入web 接口,system提示输入 lincense. 找到 cca-mgr.lic 上传. 你就可以login(用户名是admin,密码是cisco123. -> admin:cisco123 ), 以后再加人第2个许可. Administration > Clean Access Manager > Licensing. 上传cca-cas.lic. 完成

账号		自动登录	找回密码
密码			注册