Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius Authentication between VLAN's

Is it possible to require authentication via a Radius server in order to access another VLAN? Is so, how do you do it?

2 REPLIES
Cisco Employee

Re: Radius Authentication between VLAN's

If you vlans are of different subnets, then accessing vlans is actually routing between subnets. You could do some form of auth proxy on the router as

one host tries to go to another subnet, see:

http://www.cisco.com/warp/customer/793/ios_fw/auth_intro.html

Cisco Employee

Re: Radius Authentication between VLAN's

You might want to consider IOS Firewall (CBAC) implementation on the router which does inter-VLAN routing for you.

Eg; you have to vlans; vlan1 & vlan2, and you want vlan1 to be able to initiate traffic to vlan2 but not vice versa. By implemeting CBAC and creating ACL on ingress on vlan1 you can achieve this; when traffic behind vlan1 will initiate to go to vlan2, the return traffic will be allowed dynamically by opening hole on the ingress ACL on vlan1, but when vlan2 tries to come into vlan1, the ACL on ingress vlan1 will deny it.

Here's a some URLs

http://www.cisco.com/warp/customer/110/32.html

http://www.cisco.com/warp/customer/110/36.html

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/firewall.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/iosfw2_2.htm

HTH

R/Yusuf

103
Views
0
Helpful
2
Replies
CreatePlease login to create content