12-31-2006 12:05 PM - edited 02-21-2020 10:17 AM
Hello together
We have in our company two cisco ACS servers for the WLAN authentication via RADIUS. The User-Management is on a Microsoft Windows Server 2003 Active Directory Domain. All Access-Ports are on layer 2 (2960) switchs. The backbone consists of 4507 devices. All uplinks are layer 3 connections. Each 4507 is VTP-Server for the access switchs. So it?s impossible to crate a VLAN over more than 1 core switch. Now to my question. I want to create a quarantine VLAN for all devices which are not registered in the AD or on an other database e.x. ACS. The quarantine VLAN should have only internet access. Guests can authenticate on the ACS Server with an account to access to the LAN. Are these features possible with ACS servers? Are there any document with more information and instructions? Thank you for your help.
01-02-2007 11:03 AM
Look into dot1x authentication. Fore internet access only you'll need to get creative with Policy based routing/ACL's.
HTH and please rate.
01-02-2007 11:45 PM
Thank you for your answer. I think there are some problems with IEEE 802.1x authentication. For example: If a port is in the unauthorised state no traffic is allowed excepting 802.1x frames. If I use EAP a PXE boot is impossible because no user is logged in at the workstation at the boot time.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide