I have a client that requires, that prior to accessing his Network external and internal users must log in to the switch which will in turn validate the users via Radius or Tacacs+ and establish a VLAN for the user.
Can this be done, is there a feature that allows the switch to do this. My understanding is that the only reason to log in to the switch wether it be unsecure or via Radius or Tacacs+ was to access the CLI.
The other thing the client wants is for the VLAN to be locked to the switch port,ip address, protocol,virtual port. I know the switch can perform protocol filtering but as far as I know it cannot specify an actual virtual port and only has ip permit lists which are useless.