Ho Lokisa Kopano ea Umbrella
“
Litlhaloso
- Lebitso la Sehlahisoa: Cisco Umbrella Integration
- Tšobotsi: Ts'ebeletso ea ts'ireletso e thehiloeng marung ka ho hlahloba DNS
lipotso - Ho kopanya: Cisco Umbrella portal bakeng sa leano
tlhophiso
Litaelo tsa Tšebeliso ea Sehlahisoa
Litlhokahalo tsa Kopano ea Cisco Umbrella:
Pele o lokisa Cisco Umbrella Integration, etsa bonnete ba hore
litlhokahalo tse latelang li fihlelleha:
- Ngoliso e sebetsang ea tšebeletso ea Cisco Umbrella
- Cisco switjha e sebetsa joalo ka mofetisi oa DNS moeling oa marang-rang
Ho lokisa Cisco Umbrella Integration:
- Fumana portal ea Cisco Umbrella 'me u lokise maano ho
lumella kapa u hane sephethephethe se lebang FQDN. - Sesebedisweng, etsa hore sesebelisoa sa Cisco se sebetse joalo ka DNS
mofetisi. - Phetoho e tla thibela sephethephethe sa DNS le ho fetisetsa lipotso ho
Cisco Umbrella portal.
Melemo ea Cisco Umbrella Integration:
Cisco Umbrella Integration e fana ka tšireletso le leano
ts'ebetsong maemong a DNS. E lumella ho arola sephethephethe sa DNS le
ho lebisa sephethephethe se itseng ho seva sa ka hare sa DNS, ho feta
Cisco Umbrella Integration ha ho hlokahala.
Tšebeletso ea Tšireletso e thehiloeng marung e sebelisang Cisco Umbrella
Kopanyo:
Sehokelo sa Umbrella Active Directory se hokahanya mosebedisi le sehlopha
tlhahisoleseling ho tloha sebakeng sa marang-rang se sebetsang ho ea ho Umbrella
Tharollo. Melao e sebelisoa ho ipapisitsoe le lirekoto tsa basebelisi/sehlopha. Netefatsa
Cisco Identity Services Engine (ISE) tšehetso bakeng sa ho nepahala
kopanyo.
LBH
P: Mosebetsi o ka sehloohong oa Cisco Umbrella ke ofe
Ho kopanya?
A: Cisco Umbrella Integration e fana ka tšireletso e thehiloeng marung
lits'ebeletso ka ho hlahloba lipotso tsa DNS le ho tiisa maano ho
Boemo ba DNS.
P: Ke lintho life tse hlokahalang bakeng sa ho theha Cisco Umbrella
Ho kopanya?
A: Lintho tse hlokahalang li kenyelletsa peeletso e sebetsang ho Cisco
Ts'ebeletso ea likhele le switjha ea Cisco e sebetsang joalo ka mofetisi oa DNS
moeli oa marang-rang.
"`
Ho lokisa Cisco Umbrella Integration
Sebopeho sa Cisco Umbrella Integration se nolofalletsa tšebeletso ea tšireletso e thehiloeng marung ka ho hlahloba potso ea Domain Name System (DNS) e rometsoeng ho seva sa DNS ka sesebelisoa. Motsamaisi oa ts'ireletso o lokisa maano ho Cisco Umbrella portal ho lumella kapa ho hana sephethephethe se lebisang lebitsong la domain name (FQDN). Phetoho ea Cisco e sebetsa joalo ka DNS e fetisang moeli oa marang-rang, e thibela sephethephethe sa DNS ka mokhoa o hlakileng, ebe e fetisetsa lipotso tsa DNS ho portal ea Cisco Umbrella.
· Litlhoko tsa Cisco Umbrella Integration, leqepheng la 1 · Lithibelo tsa Cisco Umbrella Integration , leqepheng la 1 · Boitsebiso ka Cisco Umbrella Integration, leqepheng la 2 · Tsela ea ho Lokisa Cisco Umbrella Integration, leqepheng la 8 · Configuration Examples bakeng sa Kopano ea Cisco Umbrella, leqepheng la 13 · Ho netefatsa Cisco Umbrella Integration Configuration, leqepheng la 14 · Troubleshooting Cisco Umbrella Integration, leqepheng la 15 · Litlhahiso tse ling tsa Cisco Umbrella Integration, leqepheng la 16 · Feature History for Cisco16 Umbrella Integration
Litlhoko tsa Cisco Umbrella Integration
· Cisco Umbrella laesense ea ngoliso e tlameha ho ba teng. Eya ho https://umbrella.cisco.com/products/packages ebe o tobetsa Kopa qotsulo ho fumana laesense.
· Puisano bakeng sa ngoliso ea sesebelisoa ho seva sa Umbrella e etsoa ka HTTPS. Sena se hloka setifikeiti sa motso hore se kenngoe sesebelisoa. U ka khoasolla setifikeiti ka sehokelo sena: https://www.digicert.com/CACerts/DigiCertSHA2SecureServerCA.crt.
· Fumana senotlolo sa API, ID ea mokhatlo, le senotlolo sa lekunutu kapa letšoao ho tsoa ho seva sa ngoliso sa Cisco Umbrella. U ka khoasolla setifikeiti ka sehokelo sena: https://letsencrypt.org/certs/isrgrootx1.pem.
Lithibelo tsa Cisco Umbrella Integration
· Cisco Umbrella Integration ha e sebetse maemong a latelang: · Haeba sesebelisoa kapa moamoheli a sebelisa aterese ea IP ho fapana le DNS ho botsa mabitso a domain. · Haeba moreki a hokahane le a web proxy mme ha e romelle potso ea DNS ho rarolla aterese ea seva.
Ho lokisa Cisco Umbrella Integration 1
Boitsebiso ka Cisco Umbrella Integration
Ho lokisa Cisco Umbrella Integration
· Haeba lipotso tsa DNS li hlahisoa ke sesebelisoa sa Cisco Catalyst. · Haeba lipotso tsa DNS li romelloa ka TCP. · Haeba lipotso tsa DNS li na le mefuta ea rekoto ntle le 'mapa oa aterese le mongolo.
· Lipotso tsa DNSv6 ha li tšehetsoe. · Li-extensions tsa DNS64 le DNS46 ha li tšehetsoe. · DNS e atolositsoeng e fana ka aterese ea IPv4 feela ea moamoheli, eseng aterese ea IPv6. · Phetolelo ea Aterese ea Marang-rang (NAT) ha e tšehetsoe lihokelong tse nang le Cisco Umbrella e butsoitseng
eona. · The sekhele in le sekhele tsoa litaelo ke ke configured ka segokanyimmediamentsi sa sebolokigolo tšoanang. Ka bobeli
litaelo ha li tšehelitsoe ho sebopeho sa taolo mme li ka hlophisoa ho latela boema-kepe feela. · Karohano ea pakete ea DNS ha e tšehetsoe. · QinQ le Sehlopha sa Tšireletso Tag (SGT) lipakete ha li tšehetsoe. · Bakeng sa Cisco Umbrella Active Directory Integration, haeba sebopeho se se na sekhele se laolang
e nolofalitsoe pele mosebelisi a netefatsoa ka katleho, tlhaiso-leseling ea lebitso la mosebelisi ha e romelloe le lipotso tsa DNS, 'me pholisi ea kamehla ea lefats'e e ka sebetsa ho lipotso tse joalo tsa DNS. · Ngoliso ea likhele tsa Cisco le ho tsamaisa bocha li ka etsahala feela ho routing le ho fetisoa ha lefatše ka bophara (VRF). Ho hokela ho seva sa Umbrella ka VRF efe kapa efe ha hoa tšehetsoa. Litaelo tsa tlhophiso ea Cisco Umbrella li ka hlophisoa feela ho L2, L3 likoung tsa 'mele, le ho fetola li-interfaces (SVIs). Litaelo ha li khone ho hlophisoa ho li-interfaces tse ling joalo ka likanale tsa port.
Boitsebiso ka Cisco Umbrella Integration
Likarolo tse latelang li fana ka lintlha tse mabapi le tšobotsi ea Cisco Umbrella Integration.
Melemo ea Cisco Umbrella Integration
Cisco Umbrella Integration e fana ka ts'ireletso le ts'ebetsong ea maano boemong ba DNS. E nolofalletsa mookameli ho arola sephethephethe sa DNS le ho romela ka ho toba sephethephethe sa DNS ho seva se itseng sa DNS se teng ka har'a marang-rang a khoebo. Sena se thusa mookameli ho feta Cisco Umbrella Integration.
Tšebeletso ea Tšireletso e thehiloeng marung e sebelisang Cisco Umbrella Integration
Karolo ea Cisco Umbrella Integration e fana ka ts'ebeletso ea ts'ireletso e thehiloeng marung ka ho hlahloba potso ea DNS e rometsoeng ho seva sa DNS ka sesebelisoa sa Cisco. Ha motho ea amohelang baeti a qala sephethephethe mme a romela potso ea DNS, Cisco Umbrella Connector e sesebediswa e thibela le ho hlahloba potso ea DNS. Sehokelo sa Umbrella ke karolo ea sesebelisoa sa Cisco se thibelang sephethephethe sa DNS ebe se se khutlisetsa ho leru la Cisco Umbrella bakeng sa tlhahlobo ea ts'ireletso le ts'ebeliso ea maano. Umbrella cloud ke ts'ebeletso ea ts'ireletso e thehiloeng marung e hlahlobang lipotso tse amohetsoeng ho tsoa ho Umbrella Connectors, 'me e ipapisitse le Lebitso la Lerumo le Tšoanelehang ka Botlalo (FQDN), e etsa qeto ea hore na liaterese tsa IP tsa mofani oa litaba li lokela ho fanoa kapa che karabong.
Ho lokisa Cisco Umbrella Integration 2
Ho lokisa Cisco Umbrella Integration
Tšebeletso ea Tšireletso e thehiloeng marung e sebelisang Cisco Umbrella Integration
Haeba potso ea DNS e le ea sebaka sa lehae, potso e fetisetsoa ntle le ho fetola pakete ea DNS ho seva sa DNS netwekeng ea khoebo. Cisco Umbrella Resolver e hlahloba lipotso tsa DNS tse rometsoeng ho tsoa sebakeng sa kantle. Rekoto e atolositsoeng ea DNS e kenyelletsang lintlha tsa sekhetho sa sesebelisoa, ID ea mokhatlo, aterese ea IP ea moreki, le lebitso la mosebelisi (ka sebopeho sa hashe) lia kengoa potsong ebe li romelloa ho Sehlahisoa sa Umbrella. Ho ipapisitsoe le tlhahisoleseling ena kaofela, Umbrella Cloud e sebelisa maano a fapaneng ho potso ea DNS.
Cisco Umbrella Active Directory Connector e lata le ho kenya 'mapa oa tlhahisoleseling ea basebelisi le sehlopha ka linako tse itseng ho tloha bukeng e sebetsang ea meaho ho ea ho Umbrella Resolver. Ha o amohela lipakete tsa DNS, Cloud ea Umbrella e sebelisa leano le nepahetseng le thehiloeng ho rekoto e kentsoeng esale pele ea basebelisi bohle le lihlopha ho Umbrella Resolver. Ho fumana lintlha tse ling mabapi le mokhoa oa ho kenya Cisco Umbrella Active Directory Connector, bona Tataiso ea ho Seta ea Active Directory.
Hlokomela
· Cisco Umbrella Active Directory Integration e hlophisoa ka ho sa feleng haeba Sehokelo sa Umbrella se nolofalitsoe.
ho sesebelisoa, 'me ha e hloke litaelo tse eketsehileng ho sebetsa.
· Sehokelo sa Umbrella se iphumanela lebitso la mosebelisi ho tsoa ts'ebetsong ea netefatso ea boema-kepe ebe se eketsa lebitso la mosebelisi potsong e 'ngoe le e 'ngoe ea DNS e rometsoeng ke mosebelisi. Bakeng sa tlhaiso-leseling e batsi mabapi le ts'ebetso ea netefatso e thehiloeng ho boema-kepe, bona khaolo ea Configuring IEEE 802.1x Botiiso bo Thehiloeng Boema-kepeng.
Cisco Identity Services Engine (ISE) ke sethala sa taolo ea leano la ts'ireletso se fanang ka phihlello e sireletsehileng ea lisebelisoa tsa marang-rang. Tšehetso ea Cisco ISE e tlama hore Cisco Umbrella Active Directory Connector e sebetse. Ho fumana lintlha tse ling mabapi le hore na kopanyo ena e sebetsa joang, bona Active Directory Integration le Cisco ISE 2.x.
Umbrella Integration Cloud e kanna ea nka e 'ngoe ea liketso tse latelang ho latela melaoana e hlophisitsoeng ho portal le setumo sa DNS FQDN:
· Ketso ea lethathamo le koetsoeng: Haeba FQDN e fumanoa e le lonya kapa e koetsoe ke leano la ts'ireletso ea khoebo, aterese ea IP ea leqephe le koetsoeng la Umbrella Cloud e khutlisetsoa karabong ea DNS.
· Ketso ea lethathamo e lumelletsoeng: Haeba FQDN e fumanoa e se na molato, aterese ea IP ea mofani oa litaba e khutlisetsoa karabong ea DNS.
· Ketso ea Greylist: Haeba FQDN e fumanoa e belaella, liaterese tsa IP tsa proxy unicast tse bohlale li khutlisetsoa karabong ea DNS.
Setšoantšo se latelang se bontša phallo ea sephethephethe lipakeng tsa Sehokelo sa Umbrella le Leru la Umbrella:
Ho lokisa Cisco Umbrella Integration 3
Tšebeletso ea Tšireletso e thehiloeng ho Cloud e Sebelisang Cisco Umbrella Integration Setšoantšo sa 1: Tšebeletso ea Tšireletso e thehiloeng marung e Sebelisang Cisco Umbrella Integration
Ho lokisa Cisco Umbrella Integration
Ha karabo ea DNS e amoheloa, sesebelisoa se fetisetsa karabo ho moamoheli. Moamoheli o ntša aterese ea IP karabong, ebe o romela likopo tsa HTTP kapa HTTPS atereseng ena ea IP. Hash ea lebitso la mosebelisi e romelloa potsong ea DNS e le karolo ea rekoto ea EDNS ho li-server tsa Umbrella. Setšoantšo se latelang se bonts'a phallo ea sephethephethe lipakeng tsa Sehokelo sa Umbrella, Cisco Identity Services Engine, Umbrella Active Directory Connector, le Umbrella Cloud:
Ho lokisa Cisco Umbrella Integration 4
Ho lokisa Cisco Umbrella Integration
Ho sebetsana le Sephethephethe ka Cisco Umbrella Cloud
Setšoantšo sa 2: Tšebeletso ea Tšireletso e thehiloeng marung e Sebelisang Cisco Umbrella Integration (e nang le Cisco Identity Services Engine le Umbrella Active Directory Connector)
Ho sebetsana le Sephethephethe ka Cisco Umbrella Cloud
Ka thuso ea tšobotsi ea Cisco Umbrella Integration, likopo tsa bareki ba HTTP le HTTPs li sebetsoa ka litsela tse latelang:
· Haeba FQDN potsong ea DNS e kotsi (e oela tlas'a libaka tse thathamisitsoeng tse koetsoeng), Umbrella Cloud e khutlisetsa aterese ea IP ea leqephe le koetsoeng la ho lulisa karabong ea DNS. Ha moreki oa HTTP a romella kopo atereseng ena ea IP, Cloud ea Umbrella e bonts'a leqephe le tsebisang mosebelisi hore leqephe le kopiloeng le koetsoe hammoho le lebaka la ho thibela.
· Haeba FQDN potsong ea DNS e se na mali (e oela tlas'a libaka tse thathamisitsoeng tse lumelletsoeng), Umbrella Cloud e khutlisetsa aterese ea IP ea mofani oa litaba. Moreki oa HTTP o romela kopo atereseng ena ea IP 'me o fumana litaba tse kopiloeng.
Ho lokisa Cisco Umbrella Integration 5
Phakete ea DNS Encyrption
Ho lokisa Cisco Umbrella Integration
· Haeba FQDN potsong ea DNS e oela tlas'a libaka tse nang le greylist, Umbrella DNS solver e khutlisa liaterese tsa IP tsa unicast tsa moemeli ea bohlale karabong ea DNS. Sephethephethe sohle sa HTTP ho tloha ho moamoheli ho ea sebakeng se bohlooho se ts'oaroa ka proxy e bohlale 'me se tsoela pele. URL tlhotla.
Ela hloko Khatiso e 'ngoe e ka bang teng mabapi le ho sebelisa liaterese tse bohlale tsa proxy unicast IP ke monyetla oa hore setsi sa data se theohe ha moreki a leka ho romela sephethephethe ho aterese ea IP ea proxy ea unicast. Boemong bona, moreki o phethetse qeto ea DNS bakeng sa sebaka se oelang tlas'a sebaka se greylist, 'me sephethephethe sa HTTP kapa HTTPS sa moreki se romelloa ho e' ngoe ea liaterese tsa IP tsa proxy tse bohlale tse fumanoeng. Haeba datacenter eo e theohile, moreki ha a na mokhoa oa ho tseba ka eona.
Sehokelo sa Umbrella ha se sebetse ho sephethephethe sa HTTP le HTTPS, se tsamaisa eng kapa eng web traffic, kapa fetola lipakete life kapa life tsa HTTP kapa HTTPS.
Phakete ea DNS Encyrption
Lipakete tsa DNS tse rometsoeng ho tloha mochine oa Cisco ho Cisco Umbrella Integration seva li tlameha ho ngolisoa haeba boitsebiso bo atolositsoeng ba DNS ka paketeng bo na le tlhahisoleseding e kang li-ID tsa basebelisi, liaterese tsa IP tsa marang-rang, joalo-joalo. Ha karabo ea DNS e khutlisetsoa morao ho tsoa ho seva sa DNS, sesebelisoa se hlakola pakete ebe e e fetisetsa ho moamoheli.
Hlokomela
· O ka encrypt lipakete tsa DNS ha feela tšobotsi ea DNScrypt e kentsoe sesebelisoa sa Cisco.
· Aterese ea IP ea moreki e romelloa ho Umbrella Cloud bakeng sa lipalo-palo tsa morao-rao. Re khothaletsa hore o se ke oa tima DNScrypt hobane IP e tla romelloa ntle le eona e sa ngolisoa.
Lisebelisoa tsa Cisco li sebelisa li-server tse latelang tsa Anycast Recursive Cisco Umbrella Integration: · 208.67.222.222 · 208.67.220.220
Setšoantšo se latelang se bontša topology ea Cisco Umbrella Integration.
Ho lokisa Cisco Umbrella Integration 6
Ho lokisa Cisco Umbrella Integration Setšoantšo sa 3: Cisco Umbrella Integration Topology
DNSCrypt le Senotlolo sa Sechaba
DNSCrypt le Senotlolo sa Sechaba
Likaroloana tse latelang li fana ka leseli le felletseng mabapi le DNScrypt le Key Key.
DNSCrypt DNSCrypt ke protocol ea encryption ho netefatsa likhokahano lipakeng tsa sesebelisoa sa Cisco le karolo ea Cisco Umbrella Integration. Ha taelo ea sekhele ea mofuta oa parameter e lokisoa 'me taelo ea ho tsoa e nolofalitsoe ho sebopeho sa WAN, DNSCrypt ea qala,' me setifikeiti se jarollwa, se netefalitsoe, 'me se arotsoe. Senotlolo sa lekunutu se arolelanoang, se sebelisetsoang ho koala lipotso tsa DNS, ebe ho buisanoa ka sona. Bakeng sa hora e 'ngoe le e 'ngoe eo setifikeiti sena se khoasolloang le ho netefatsoa hore se ntlafatsoe, ho buisanoa ka senotlolo se secha sa lekunutu se arolelanoang ho koala lipotso tsa DNS. Ha DNSCrypt e sebelisoa, boholo ba pakete ea kopo ea DNS bo feta li-byte tse 512. Netefatsa hore lipakete tsena lia lumelloa ka lisebelisoa tsa mahareng. Ho seng joalo, karabo e kanna ea se fihle ho batho ba reretsoeng ho e amohela. Ho nolofaletsa DNSCrypt sesebelisoa ho patala sephethephethe sa DNS kaofela. Ka mor'a moo, haeba tlhahlobo ea sephethephethe sa DNS e nolofalitsoe ho firewall e holimo, tabeng ena, Cisco Adaptive Security Appliance (ASA) firewall, sephethephethe se patiloeng se ke ke sa hlahlojoa. Ka lebaka la sena, lipakete tsa DNS li ka 'na tsa theoha ke firewall, e leng se bakang ho hlōleha ha tharollo ea DNS. Ho qoba sena, tlhahlobo ea sephethe-phethe ea DNS e tlameha ho emisoa ho li-firewall tse holimo. Ho fumana leseli mabapi le ho tima tlhahlobo ea sephethephethe ea DNS ho li-firewall tsa Cisco Adaptive Security Appliance (ASA), bona Tataiso ea Tlhophiso ea Cisco ASA Series Firewall CLI.
Ho lokisa Cisco Umbrella Integration 7
Ngoliso ea Sekhele sa Cisco
Ho lokisa Cisco Umbrella Integration
Senotlolo sa Sechaba
Senotlolo sa sechaba se sebelisoa ho khoasolla setifikeiti sa DNSCrypt ho Umbrella Cloud. Boleng bona bo hlophisitsoe esale pele ho B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79, e leng senotlolo sa sechaba sa Cisco Umbrella Anycast In. Haeba ho na le phetoho senotlolo sa sechaba, 'me haeba u fetola taelo ea senotlolo sa sechaba, u tlameha ho tlosa taelo e fetotsoeng ho tsosolosa boleng ba kamehla.
Tlhokomeliso Haeba u fetola boleng, download ea setifikeiti sa DNSCrypt e ka hloleha.
Taelo ea lefats'e ea sekhele-'mapa e hlophisa mofuta oa 'mapa oa parameter ka mokhoa oa sekhele. Ha o lokisa sesebelisoa o sebelisa taelo ena, DNSCrypt le litekanyetso tsa bohlokoa tsa sechaba li ikemela.
Re khothaletsa hore o fetole likhele tsa mofuta oa 'mapa oa lefats'e ha feela o etsa liteko tse itseng ka laboratoring. Haeba u fetola liparamente tsena, e ka ama ts'ebetso e tloaelehileng ea sesebelisoa.
Ngoliso ea Sekhele sa Cisco
Cisco Umbrella Connector e ka ngolisoa ka ho sebelisa lets'oao kapa mokhoa oa ho netefatsa o thehiloeng ho API (motsoako oa senotlolo sa API, ID ea mokhatlo, le senotlolo sa lekunutu), se fanoang ke Cisco Umbrella seva sa ngoliso. Re khothaletsa hore o sebelise mokhoa oa API. Haeba ka bobeli tokeneng le mokhoa oa API li hlophisitsoe, mokhoa oa API o tla pele ho letšoao. Phetoho ho tloha ho tokeneng ho ea ho netefatso e thehiloeng ho API ha e na seams mme ID e ncha ea sesebelisoa e ka abeloa sesebelisoa se le seng nakong ea phetoho. Sena se ama maano afe kapa afe a khethehileng a ID a sesebelisoa a hlophisitsoeng ho li-server tsa Umbrella.
Sekhele sa Cisco Tag
Sekhele sa Cisco tags li sebelisetsoa ho lokisa Cisco Umbrella Connector ho sebopeho. Sekhele tags e ka sebelisoa ho maano a khethehileng a DNS ho sebelisa Umbrella Dashboard. Melao ena ea DNS e sebelisoa ka bo eona ho Umbrella tag ha feela e tag Lebitso le tsamaisana le lebitso la pholisi, 'me le sebetsa feela ho bareki ba hokahaneng ka sebopeho se boletsoeng. Ho fumana leseli mabapi le mokhoa oa ho theha maano le likhetho tse amanang le li-server tsa Umbrella, bona https://docs.umbrella.com/deployment-umbrella/docs/ customize-your-policies-1.
Hlokomela
· Lihokelo tsohle li ka sebelisa sekhele se tšoanang tag ho theha leano le ts'oanang. Ka hona, sebopeho se seng le se seng se etsa joalo
ha e hloke Sekhele se ikhethileng tag.
· Haeba Sekhele tag ha e na leano le tsamaellanang ho seva sa Umbrella, the tag ka tsela e iketsang e khutlela ho leano la lefats'e la seva eo.
Mokhoa oa ho lokisa Cisco Umbrella Integration
Likarolo tse latelang li fana ka leseli mabapi le mesebetsi e fapaneng e kenyelletsang kopanyo ea Cisco Umbrella.
Ho lokisa Cisco Umbrella Integration 8
Ho lokisa Cisco Umbrella Integration
Ho lokisa Sehokelo sa Umbrella
Ho lokisa Sehokelo sa Umbrella
Pele o qala
· Etsa hore setifikeiti sa motso se thehe khokahano ea HTTPS le seva sa ngoliso sa Cisco Umbrella. Kenya setifikeiti sa motso oa DigiCert sesebelisoa ka ho sebelisa taelo ea "crypto pki trustpool import terminal" ka mokhoa oa tlhophiso ea lefats'e. E latelang ke joalo kaampsetifikeiti sa motso oa DigiCert:
—–BEGIN CERTIFICATE—-MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83 nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f /ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0 /RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6 Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1 oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl 5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA 8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC 2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0 j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz —–END CERTIFICATE—–
· Netefatsa hore lengolo le ntlafalitsoeng la lekunutu (PEM) le atlehile. Molaetsa wa netefatso o tla hlahiswa ka mora hore o nke setifikeiti.
Tsamaiso
Mohato oa 1
Taelo kapa Ketso e nolofalletsa ExampLe:
Sesebelisoa> lumella
Mohato oa 2
lokisa terminal ExampLe:
Sesebelisoa # lokisa terminal
Morero E nolofalletsa mokhoa o khethehileng oa EXEC. Kenya phasewete ea hau, haeba u khothalletsoa.
E kenya mokhoa oa tlhophiso ea lefats'e.
Ho lokisa Cisco Umbrella Integration 9
Ho ngolisa Sekhele sa Cisco Tag
Ho lokisa Cisco Umbrella Integration
Mohato oa 3
Taelo kapa Action parameter-mofuta oa mofuta oa sekhele global ExampLe:
Sesebelisoa(config)# sekhele sa mofuta oa 'mapa oa lefats'e
Morero
E lokisa mofuta oa 'mapa oa parametha joalo ka mokhoa oa sekhele, ebe e kenya mokhoa oa ho hlahloba mofuta oa 'mapa.
Mohato oa 4
dnscrypt ExampLe:
Sesebelisoa (config-profile) # dnscrypt
E nolofalletsa ts'ebeliso ea pakete ea DNS sesebelisoa.
Mohato oa 5
boleng ba letshwao ExampLe:
E totobatsa API token e fanoeng ke Cisco Umbrella seva sa ngoliso.
Sesebelisoa (config-profile)# token AABBA59A0BDE1485C912AFE472952641001EEECC
Mohato oa 6
qetellong ExampLe:
Sesebelisoa (config-profile)# QETA
E tsoa ho hlahloba mofuta oa 'mapa oa tlhophiso ebe e khutlela mokhoeng oa EXEC o khethehileng.
Ho ngolisa Sekhele sa Cisco Tag
Pele o qala
· Hlophisa Sehokelo sa Umbrella.
· Lokisa sekhele ho tsoa taelo pele u lokisa sekhele ka taelo. Ngoliso e atleha ha feela port 443 e le Open state mme e lumella sephethephethe ho feta firewall e teng.
· Ka mor'a hore u configure sekhele ka taelo ka a tag, sesebelisoa se qala mokhoa oa ho ngolisa ka ho rarolla api.opendns.com. Lokisa seva sa lebitso ka ho sebelisa taelo ea ip name-server, le ho sheba sebaka sa marang-rang ka ho sebelisa taelo ea ip domain-lookup e hlophisitsoeng sesebelisoa ho rarolla FQDN ka katleho.
Tsamaiso
Mohato oa 1
Taelo kapa Ketso e nolofalletsa ExampLe:
Morero
E nolofalletsa mokhoa o khethehileng oa EXEC. Kenya phasewete ea hau, haeba u khothalletsoa.
Ho lokisa Cisco Umbrella Integration 10
Ho lokisa Cisco Umbrella Integration
Ho ngolisa Sekhele sa Cisco Tag
Taelo kapa Ketso
Sesebelisoa> lumella
Morero
Mohato oa 2 Mohato oa 3 Mohato oa 4
lokisa terminal ExampLe:
E kenya mokhoa oa tlhophiso ea lefats'e.
Sesebelisoa # lokisa terminal
segokanyimmediamentsi sa sebolokigolo-mofuta segokanyimmediamentsi sa sebolokigolo nomoro ExampLe:
E totobatsa sebopeho sa WAN, 'me e kenya mokhoa oa tlhophiso ea sebopeho.
Sesebelisoa(config)# interface gigabitEthernet 1/0/1
sekhele ntle ExampLe:
E lokisa Sehokelo sa Umbrella sehokelong ho hokela ho li-server tsa Umbrella Cloud.
Sesebelisoa(config-if)# sekhele se tsoa
Mohato oa 5
tsoa ExampLe:
Sesebelisoa(config-if)# tsoa
E tsoa mokhoeng oa tlhophiso ea sebopeho, 'me e kene mokhoeng oa tlhophiso ea lefats'e.
Mohato oa 6 Mohato oa 7
Mohato oa 8
segokanyimmediamentsi sa sebolokigolo-mofuta segokanyimmediamentsi sa sebolokigolo nomoro ExampLe:
E totobatsa sebopeho sa LAN, 'me e kenye mokhoa oa tlhophiso ea sebopeho.
Sesebelisoa(config)# interface gigabitEthernet 1/0/2
sekhele ka hare tag- lebitso ExampLe:
Sesebelisoa(config-haeba)# sekhele ho mydevice_tag
E lokisa Sehokelo sa Umbrella sehokelong se hoketsoeng ho moreki.
· Bolelele ba Sekhele tag ha ea lokela ho feta litlhaku tse 49.
· Ka mor'a hore u configure sekhele ka taelo ka a tag, sesebelisoa se ngolisa tag ho seva sa Cisco Umbrella Integration.
qetellong ExampLe:
E tsoa mokhoeng oa tlhophiso ea sebopeho 'me e khutlela mokhoeng oa EXEC o khethehileng.
Sesebelisoa(config-if)# end
Ho lokisa Cisco Umbrella Integration 11
Ho lokisa sesebelisoa sa Cisco joalo ka Seva ea Pass-Through
Ho lokisa Cisco Umbrella Integration
Ho lokisa sesebelisoa sa Cisco joalo ka Seva ea Pass-Through
U ka tseba sephethephethe se lokelang ho fetisoa ka ho sebelisa mabitso a marang-rang. U ka hlalosa libaka tsena ka mokhoa oa lipolelo tse tloaelehileng ho sesebelisoa sa Cisco. Haeba potso ea DNS e hanoang ke sesebelisoa e lumellana le e 'ngoe ea lipolelo tse tloaelehileng tse hlophisitsoeng, potso e fetisetsoa ho seva sa DNS se boletsoeng ntle le ho fetisetsoa ho Umbrella Cloud.
Tsamaiso
Mohato oa 1
Taelo kapa Ketso e nolofalletsa ExampLe:
Sesebelisoa> lumella
Morero
E nolofalletsa mokhoa o khethehileng oa EXEC. Kenya phasewete ea hau, haeba u khothalletsoa.
Mohato oa 2 Mohato oa 3 Mohato oa 4
lokisa terminal ExampLe:
E kenya mokhoa oa tlhophiso ea lefats'e.
Sesebelisoa # lokisa terminal
parameter-mapa mofuta regex parameter-mapa-lebitso ExampLe:
E lokisa mofuta oa 'mapa oa parametha hore o lumellane le mokhoa o boletsoeng oa sephethephethe, 'me e kenye mokhoa oa ho hlahloba mofuta oa 'mapa.
Sesebelisoa(config)# parameter-mapa mofuta regex dns_bypass
polelo ea mohlala ExampLe:
E lokisa sebaka sa lehae kapa URL se sebedisoang ho nyenyefatsa Leru la Umbrella.
Sesebelisoa (config-profile) # mohlala www.cisco.com
Sesebelisoa (config-profile)# paterone .*mohlample.cisco.*
Mohato oa 5
tsoa ExampLe:
Sesebelisoa (config-profile)# Etsoa
E tsoa ka mokhoa oa ho hlahloba mofuta oa 'mapa ebe o kena mokhoeng oa tlhophiso ea lefats'e.
Mohato oa 6
parameter-mapa mofuta sekhele global ExampLe:
Sesebelisoa(config)# sekhele sa mofuta oa 'mapa oa lefats'e
E lokisa mofuta oa 'mapa oa parametha joalo ka mokhoa oa sekhele, ebe e kenya mokhoa oa ho hlahloba mofuta oa 'mapa.
Ho lokisa Cisco Umbrella Integration 12
Ho lokisa Cisco Umbrella Integration
Tlhophiso Examples bakeng sa Cisco Umbrella Integration
Mohato oa 7
Taelo kapa Ketso ea boleng ba tokenyo ExampLe:
Sesebelisoa (config-profile)# token AADDD5FF6E510B28921A20C9B98EEEFF
Morero
E totobatsa API token e fanoeng ke Cisco Umbrella seva sa ngoliso.
Mohato oa 8
local-domain regex_param_map_name ExampLe:
Sesebelisoa (config-profile)# sebaka-domain dns_bypass
E hokela 'mapa o tloaelehileng oa parametha le tlhophiso ea lefatše ea Umbrella.
Mohato oa 9
qetellong ExampLe:
Sesebelisoa (config-profile)# QETA
E tsoa ho hlahloba mofuta oa 'mapa oa tlhophiso ebe e khutlela mokhoeng oa EXEC o khethehileng.
Tlhophiso Examples bakeng sa Cisco Umbrella Integration
Likarolo tse latelang li fana ka tlhophiso ea kopano ea Umbrella examples.
ExampLe: Ho lokisa Cisco Umbrella Integration
E latelang exampe bonts'a mokhoa oa ho hlophisa Sehokelo sa Umbrella le ho ngolisa Sekhele tag:
Sesebelisoa> thusa Sesebelisoa# lokisa terminal Device(config)# parameter-mapa mofuta oa sekhele Global Device(config-profile) # dnscrypt sesebelisoa(config-profile)# letšoao AABBA59A0BDE1485C912AFE472952641001EEECC Sesebelisoa(config-profile)# tsoa Sesebediswa(config)# segokanyimmediamentsi sa sebolokigolo GigabitEthernet 1/0/1 Sesebediswa(config-ha)# sekhele ntle Sesebediswa(config-ha)# tsoa Sesebediswa(config)# interface gigabitEthernet 1/0/2 Sesebelisoa(config-ha)# sekhele ho mydevice_tag Sesebelisoa(config-if)# tsoa
Example: Ho hlophisa sesebelisoa sa Cisco joalo ka Seva ea Pass-Through
E latelang exampe bonts'a mokhoa oa ho lokisa sesebelisoa sa Cisco e le seva sa ho feta:
Sesebelisoa> thusa Sesebelisoa# lokisa terminal Device(config)# parameter-mapa mofuta regex dns_bypass Device(config-profile) # mohlala www.cisco.com Sesebelisoa(config-profile)# Etsoa
Ho lokisa Cisco Umbrella Integration 13
Ho netefatsa Cisco Umbrella Integration Configuration
Ho lokisa Cisco Umbrella Integration
Sesebelisoa(config)# sekhele-'mapa mofuta sekhele Global Device(config-profile)# token AADDD5FF6E510B28921A20C9B98EEEFF Device(config-profile)# sebaka-domain dns_bypass Device(config-profile)# QETA
Ho netefatsa Cisco Umbrella Integration Configuration
Sebelisa litaelo tse latelang ka tatellano efe kapa efe ho view le ho netefatsa tlhophiso ea Cisco Umbrella Integration. E latelang ke joalo kaample tlhahiso ea taelo ea sekhele sa show:
Sesebelisoa # se bonts'a sekhele sa sekhele
Sebopeho sa Umbrella =========================
Token: 0C6ED7E376DD4D2E04492CE7EDFF1A7C00250986 API-KEY: NONE OrganizationID: 2427270 Local Domain Regex parameter-map name: NONE DNSCrypt: Enabled Public-key: B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
Nako ea UDP: metsotsoana e 5
Aterese ea tharollo:
1. 208.67.220.220
2. 208.67.222.222
3. 2620:119:53::53
4. 2620:119:35::35
Umbrella Interface Config:
Palo ea likhokahano tse nang le "umbrella out" config: 1
1. GigabitEthernet1/0/48
Mokhoa
: TSOA
VRF
: lefats'e (Id: 0)
Palo ea likhokahano tse nang le "umbrella in" config: 1
1. GigabitEthernet1/0/1
Mokhoa
: HO
DCA
: E holofetse
Tag
: teko
Device-id : 010a2c41b8ab019c
VRF
: lefats'e (Id: 0)
Configured Umbrella Parameter-mapa: 1. global
E latelang ke joalo kaample tlhahiso ea taelo ea sekhele deviceid:
Sesebelisoa # se bonts'a sesebelisoa sa likhele
Lintlha tsa ngoliso ea sesebelisoa
Lebitso la Sehokelo
Tag
GigabitEthernet1/0/1 moeti
Boemo 200 KATLEHO
Device-id 010a2c41b8ab019c
E latelang ke joalo kaample tlhahiso ea taelo ea sekhele sa dnscrypt:
Sesebelisoa #bontša sekhele dnscrypt
DNSCrypt: E nolofalitsoe-konotlolo ea Sechaba: B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79 Boemo ba Setifikeiti ba Phethahatso10 Boemo ba ho Feta ba Setifikeiti55 Qetello 40: Apr 14 2016 Boiteko ba ho Qetela bo hlolehileng : 10:55:10 UTC Apr 14 2016
Ho lokisa Cisco Umbrella Integration 14
Ho lokisa Cisco Umbrella Integration
Ho rarolla mathata a Cisco Umbrella Integration
Lintlha tsa Setifikeiti: Boselamose ba Setifikeiti : DNSC Major Version : 0x0001 Minor Version : 0x0000 Query Magic : 0x717744506545635A Serial Number : 1435874751 Nako ea ho Qala : 1435874751: 22 End UTC: 05 End Nako : 51 (2:2015:1467410751 UTC Jul 22 05) Seva Senotlolo sa Sechaba : ABA51:F1:D2016:1:000D:394E8045:EAE672:F73:0D6:181A19:0:2BF62:EBF3791:04BF40:EBF7:6BF9:40BF3: Client Secret Key Hash : BBC409:5F:5CB3:C3F06:385BD:A78:4DA:62CED:3985BC:1:41C1342:BCCE:13:DF71:B4E:F2CF Client Senotlolo sa sechaba : ECE8295:2157:6797:6:2BE563:C5:A9A5:C20FC:C3D:ADAF:EB1C:A2A09:C40A:76AD:CAEA:FF9 NM key Hash : F2C2:2C330C:1972A:484:D4:8DD8:5E71C:6775FF:53:7A0344:5484:78:B01D:1B938:B884:EXNUMX
E latelang ke joalo kaample tlhahiso ea sekhele sa show deviceid e qaqileng taelo:
Sesebelisoa # se bonts'a sesebelisoa sa likhele se qaqileng
Lintlha tsa ngoliso ea sesebelisoa
1.GigabitEthernet1/0/2
Tag
: moeti
ID ea sesebelisoa
: 010a6aef0b443f0f
Tlhaloso
: Id ea sesebelisoa e amohetse ka katleho
WAN interface
: GigabitEthernet1/0/1
WAN VRF e sebelisitsoeng
: lefats'e (Id: 0)
E latelang ke joalo kaample tlhahiso ea software ea show platform dns-umbrella statistics command. Sephetho sa taelo se bonts'a tlhahisoleseling e amanang le sephethephethe, joalo ka palo ea lipotso tse rometsoeng, palo ea likarabo tse amoheloang, joalo-joalo.
Sesebelisoa # bonts'a software ea dns-umbrella statistics
=========================================== Lipalopalo tsa Umbrella =================================================== Pakete Kakaretso ya Dipakete : 7848 DSC : 3940 likarabo : 0 DNS queries : 0 DNS bypassed queries(Regex) : 0 DNS likarabo(Umbrella) : 0 DNS likarabo(Tse ling) : 3906 Lipotso tsa khale : 34 Dropted pkts : 0
Ho rarolla mathata a Cisco Umbrella Integration
U ka rarolla mathata a amanang le sebopeho sa Cisco Umbrella Integration ka ho sebelisa litaelo tse latelang.
Letlapa la 1: Litaelo tsa debug bakeng sa Cisco Umbrella Integration Feature
Laela sekhele sa debug config
Morero o nolofalletsa ho lokisa tlhophiso ea Umbrella.
Ho lokisa Cisco Umbrella Integration 15
Litlhahiso tse ling tsa Cisco Umbrella Integration
Ho lokisa Cisco Umbrella Integration
Taelo
Morero
ngoliso ea sekhele ea debug E nolofalletsa ho lokisa ngoliso ea sesebelisoa sa Umbrella.
debug sekhele dnscrypt
E nolofaletsa ho rarolla bothata ba Sekhele DNSCrypt.
debug sekhele redundancy
E nolofalletsa Umbrella redundancy debugging.
Ho tsoa taelong ea mochini oa Windows, kapa fensetere ea terminal kapa khetla ea mochini oa Linux, tsamaisa taelo ea nslookup -type=txt debug.opendns.com. Aterese ea IP eo u e hlalosang ka taelo ea nslookup -type=txt debug.opendns.com e tlameha ho ba aterese ea IP ea seva sa DNS.
nslookup -type=txt debug.opendns.com 10.0.0.1 Seva: 10.0.0.1 Aterese: 10.0.0.1#53 Karabo e sa dumellwang: debug.opendns.com text = “server r6.xx” debug.opendns.com text = "ABBC010.com text"ABBC826ABBC6ABBC3ABBC1892929 mongolo debug.opendns.com text = “id ya mokgatlo 10.0.1.1” debug.opendns.com text = “remoteip 436” debug.opendns.com text = “flags 0 6040 39 000000000000000FF119211936textop” 1892929” debug.opendns.com text = “orgid 3” debug.opendns.com text = “orgflags 0” debug.opendns.com text = “actype 365396” debug.opendns.com text = “bundle 10.1.1.1” decomsource text.opend 36914:713156774457306" debug.opendns.com text = "dnscrypt e nolofalitsoe (XNUMXE)"
Litlhahiso tse ling tsa Cisco Umbrella Integration
Litokomane Tse Amanang
Sehlooho se amanang
Litaelo tsa Tšireletso
Document Title Command Reference, Cisco IOS XE Amsterdam 17.1.x (Catalyst 9300 Switches)
Nalane ea Sebopeho bakeng sa Kopano ea Cisco Umbrella
Tafole ena e fana ka lintlha tsa tokollo le tse amanang le likarolo tse hlalositsoeng mojulung ona.
Likarolo tsena li fumaneha likhatisong tsohle tse latelang tseo li hlahisitsoeng ho tsona, ntle le haeba ho boletsoe ka tsela e 'ngoe.
Lokolla
Sebopeho
Lintlha tsa Sebopeho
Cisco IOS XE
Sekhele sa Cisco
Amsterdam 17.1.1 Kopanyo
Karolo ea Cisco Umbrella Integration e thusa ts'ebeletso ea ts'ireletso e thehiloeng marung ka ho hlahloba potso ea DNS e rometsoeng ho seva efe kapa efe ea DNS ka lisebelisoa tsa Cisco. Motsamaisi oa ts'ireletso o hlophisa maano ho Cisco Umbrella Cloud ho lumella kapa ho hana sephethephethe ho ea FQDN.
Ho lokisa Cisco Umbrella Integration 16
Ho lokisa Cisco Umbrella Integration
Nalane ea Sebopeho bakeng sa Kopano ea Cisco Umbrella
Lokolla
Sebopeho
Lintlha tsa Sebopeho
Cisco IOS XE Amsterdam 17.3.1
Bukana e sebetsang
Active Directory Connector e lata le ho kenya mosebedisi
kopanyo bakeng sa Umbrella le 'mapa oa lihlopha ka linako tse ling ho tloha sebakeng se teng
Sehokedi
directory e sebetsang ho Sehlahisoa sa Umbrella.
Cisco IOS XE Cupertino 17.7.1
Ngoliso ea API bakeng sa Sehokelo sa Umbrella Switch
Ngoliso ea API bakeng sa Umbrella Switch Connector e ka etsoa ho sebelisoa senotlolo sa API, ID ea mokhatlo, le senotlolo sa lekunutu.
Sebelisa Cisco Feature Navigator ho fumana leseli mabapi le tšehetso ea setšoantšo sa sethala le software. Ho fihlella Cisco Feature Navigator, ea ho http://www.cisco.com/go/cfn.
Ho lokisa Cisco Umbrella Integration 17
Nalane ea Sebopeho bakeng sa Kopano ea Cisco Umbrella
Ho lokisa Cisco Umbrella Integration
Ho lokisa Cisco Umbrella Integration 18
Litokomane / Lisebelisoa
 |
CISCO Configuring Umbrella Integration [pdf] Bukana ea Mosebelisi Ho Hlophisa Kopano ea Umbrella, Kopanyo ea Umbrella |