I have an ethernet switched LAN with a Cisco 2600 router as a gateway to Internet. In the nearest future we would like to use some billing system based on a RADIUS or TACACS server.
Is it possible to "transparently" authenticate LAN users using their IP addresses for example? I mean, users shouldn't enter any username or password and they shouldn't use any special software like vpn clients.
In the case it is possible which AAA commands should I use on the router?
It's not possible to transparently do this. Accounting is based on someone/something entering a username/password and this being sent to an external AAA server.
It's not possible to do this on a switch other than with say, dot1x, but then you need certificates and additional setup on the client and on the ACS server, certainly not transparent.
You could do this on the 2600 router using auth-proxy (http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdauthp.htm), where the user browses out to the Internet, and the router intercepts this and prompts the user for a username/password. After entering one they're allowed out to the Internet, and you can simply configure accounting to go along with it. It's still not transparent, but you're not going to be able to be transparent and still do accounting.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :