How does Radius work when trying to assign VLANs and ACL?
Hello and thanks for reading this post.
I have a small network that has a Cisco Switch for 24 connections, a Cisco router to mediate trafic between VLANS and VPN access from the Internet and other networks to the local network. And have an wireless AP. Router connects trunk to the switch, the AP connects to the switch.
I been requested to configure Radius security. I thought of segmenting the network on vlans and grant access between them acording to the user credentials (Router rules).
I am using a Windows Server NPS as the Radius Server.
Then I want to control access with Radius if you connect to the AP, the Switch, or the Router from Internet.
Say I have 3 Vlans 1,2,3 and got users that have user groups that can access differents VLANS:
Goup 1 access VLAN 1 and 2
Goup 2 access VLAN 1
Goup 3 access VLAN 1 and 3
Goup 4 access VLAN 1,2 and 3
I think that if a user connect to the AP I can asign a VPN but how do I apply the router ACL that will connect/limit the traffic of the user with the other VLANs.
Same question comming from the switch.
¿Or the user is validated in each network device so that each device applies the expected rules (VLAN assignament and router ACL) for the user. This means the user has to make many Radius validations to navigate the network?
If the Domain user i the one requested by the Radius and my machine is connected to the Domain, Will Radius make the authentication without prompting the user?
Another doubt: ¿Is there a way to use Radius to limit user access to certain machines in the same VLAN, say a server?
Thanks for any answer or help on this issues that I am having trouble to find answers to.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...