Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Accounting in ethernet environment

Hello!

I have an ethernet switched LAN with a Cisco 2600 router as a gateway to Internet. In the nearest future we would like to use some billing system based on a RADIUS or TACACS server.

Is it possible to "transparently" authenticate LAN users using their IP addresses for example? I mean, users shouldn't enter any username or password and they shouldn't use any special software like vpn clients.

In the case it is possible which AAA commands should I use on the router?

Thank you.

Konstantin

1 REPLY
Cisco Employee

Re: Accounting in ethernet environment

It's not possible to transparently do this. Accounting is based on someone/something entering a username/password and this being sent to an external AAA server.

It's not possible to do this on a switch other than with say, dot1x, but then you need certificates and additional setup on the client and on the ACS server, certainly not transparent.

You could do this on the 2600 router using auth-proxy (http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdauthp.htm), where the user browses out to the Internet, and the router intercepts this and prompts the user for a username/password. After entering one they're allowed out to the Internet, and you can simply configure accounting to go along with it. It's still not transparent, but you're not going to be able to be transparent and still do accounting.

111
Views
0
Helpful
1
Replies
CreatePlease login to create content