Cisco Support Community
Community Member

NEtwork authentication on switches

I have a customer requirement that no user should be able to use the network resources (proxy, firewall authentication, mail etc etc.) without being authenticated on the network level, say, every morning. Typically we observe that machines have a lease period from DHCP and quite often either we don't shutdown the desktop or keep the notebook in hibernate mode between usages. Customer wants to enforce the users authentication more often.

I have observed myself that even I don't get network authenticated (through my domain server) I can still, atleast, access the proxy for Internet. How do we avoid this?

The customer environment is on Cat400X/Cat65XX switches. Can we enforce a policy on the switch that user should be able to use the switchport only after authentication either on TACACS or (preferably) Win2K domain controllers?

The MAC based authentication that is mentioned for network security doesn't really suffice because desktop rarely change the MAC address. More frequent authentication has to happen, say every morning when we logon for network resources.

Other option I am exploring is, if we can do something on the Windows environment.

Community Member

Re: NEtwork authentication on switches

Look into 802.1x authentication.

This will allow you to authenticate and reauthenticate at regular intervals:

Community Member

Re: NEtwork authentication on switches

I think your customer's requirements( Network level) are too strict. If you need access to the internet, then proxy alone should authenticate the user. If you need access to mail, then it can be done by your mail server, etc etc. You can have a MS Active Directory to authenticate users for Network resources.

CreatePlease to create content