How to authenticate a Non domain member laptop with AAA

Unanswered Question
Sep 29th, 2010
User Badges:

Dear all,

I do have problem in resolving issue for AAA, the scenario is like if a user connect his laptop with a cisco Switch, and the computer is not a member of domain, we do like to allow internet and get an ip from DHCP server only to those users who;s computers are member of active directory. do let me know how is it possible? support will be appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ashley Georgeson Wed, 09/29/2010 - 01:07
User Badges:

Hi Ibrahim,

Do you use CiscoSecure ACS?

If so, this is possible, using AAA/dot1X on the switch and configuring ACS to authenticate against Active Directory.

There are lots of configuration examples available here:

Specifically the wired dot1x; nac: ldap integration with acs; cisco secure acs for windows with eap-tls machine authentication.

Although some of these are for wireless, I can't see why the principle can not be applied to wired.

Also there are posts on the learning network:

Regards, Ash.


This Discussion