How to authenticate a Non domain member laptop with AAA

Unanswered Question
Sep 29th, 2010

Dear all,


I do have problem in resolving issue for AAA, the scenario is like if a user connect his laptop with a cisco Switch, and the computer is not a member of domain, we do like to allow internet and get an ip from DHCP server only to those users who;s computers are member of active directory. do let me know how is it possible? support will be appreciated.


Regards

Ibrahim

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ashley Georgeson Wed, 09/29/2010 - 01:07


Hi Ibrahim,


Do you use CiscoSecure ACS?


If so, this is possible, using AAA/dot1X on the switch and configuring ACS to authenticate against Active Directory.


There are lots of configuration examples available here:


http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_configuration_examples_list.html


Specifically the wired dot1x; nac: ldap integration with acs; cisco secure acs for windows with eap-tls machine authentication.


Although some of these are for wireless, I can't see why the principle can not be applied to wired.


Also there are posts on the learning network:


https://learningnetwork.cisco.com/thread/2221

https://learningnetwork.cisco.com/thread/12897


Regards, Ash.

Actions

This Discussion