Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
2
Replies

Cisco ACS + quarantine VLAN

canalyzer
Level 1
Level 1

‎12-31-2006 12:05 PM - edited ‎02-21-2020 10:17 AM

Hello together

We have in our company two cisco ACS servers for the WLAN authentication via RADIUS. The User-Management is on a Microsoft Windows Server 2003 Active Directory Domain. All Access-Ports are on layer 2 (2960) switchs. The backbone consists of 4507 devices. All uplinks are layer 3 connections. Each 4507 is VTP-Server for the access switchs. So it?s impossible to crate a VLAN over more than 1 core switch. Now to my question. I want to create a quarantine VLAN for all devices which are not registered in the AD or on an other database e.x. ACS. The quarantine VLAN should have only internet access. Guests can authenticate on the ACS Server with an account to access to the LAN. Are these features possible with ACS servers? Are there any document with more information and instructions? Thank you for your help.

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎01-02-2007 11:03 AM

Look into dot1x authentication. Fore internet access only you'll need to get creative with Policy based routing/ACL's.

HTH and please rate.

0 Helpful

canalyzer
Level 1
Level 1
In response to Collin Clark

‎01-02-2007 11:45 PM

Thank you for your answer. I think there are some problems with IEEE 802.1x authentication. For example: If a port is in the unauthorised state no traffic is allowed excepting 802.1x frames. If I use EAP a PXE boot is impossible because no user is logged in at the workstation at the boot time.

Thank you.

0 Helpful
Customers Also Viewed These Support Documents