Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
1
Replies

How to authenticate a Non domain member laptop with AAA

Etisalat Afghanistan
Level 1
Level 1

‎09-29-2010 12:41 AM - last edited on ‎03-25-2019 05:27 PM by Community Manager

Dear all,

I do have problem in resolving issue for AAA, the scenario is like if a user connect his laptop with a cisco Switch, and the computer is not a member of domain, we do like to allow internet and get an ip from DHCP server only to those users who;s computers are member of active directory. do let me know how is it possible? support will be appreciated.

Regards

Ibrahim

Labels:
0 Helpful
1 Reply 1

Ashley Georgeson
Level 1
Level 1

‎09-29-2010 01:07 AM

Hi Ibrahim,

Do you use CiscoSecure ACS?

If so, this is possible, using AAA/dot1X on the switch and configuring ACS to authenticate against Active Directory.

There are lots of configuration examples available here:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_configuration_examples_list.html

Specifically the wired dot1x; nac: ldap integration with acs; cisco secure acs for windows with eap-tls machine authentication.

Although some of these are for wireless, I can't see why the principle can not be applied to wired.

Also there are posts on the learning network:

https://learningnetwork.cisco.com/thread/2221

https://learningnetwork.cisco.com/thread/12897

Regards, Ash.

0 Helpful
Customers Also Viewed These Support Documents