I use an ASA 5520 as I-Net Edge for 3 different groups of Users. Currently i control access in the internet segment for each groups by static dhcp leases based on MAC-Adresses.
As this is not the most secure approach i am looking for a different way to control access within my internet segment.
I am thinking of authenticating the users with username and password prior to establishing connections over the ASA. I think this can be done somehow with the cut-trough proxy feature. Unfortunately i have no ACS Server available so the cut-through approach is not possible.
Has anyone done a configuration setup where users get authenticated based on username/password prior to allowing a connection through the ASA so far?
A similar functionality is often seen on public hotspots in airports where you have to authenticate over a webpage before internet usage.
Is there an open source software capable of this authentication method and can you configure it in conjunction with an ASA? Maybe using the WCCP Feature?
This might be a little Offtopic but hopefully someone has already experience with this kind of setup.
Thanks for reading.