I'm looking for a way to transparently authenticate NT/2000/XP users to Active Dir. or Domain Controller (via LDAP). I heard you can setup a cisco switch to authenticate this way; a user hits Ctrl-Alt-Del, enters NT login info, the switch sees this login and sees if the user authenticates with the DC or AD.
Are there any variations to this? Does cisco sell an appliance that does?
I know of MAC based security, but this isn't what i'm looking for. Basically, transparent authetication without adding MACs etc.
Basically, when you plug into a switch, you should get no internet access unless you authenticate. When you plug into the switch, you're in a dead VLAN. When log-in to the domain, the switch forwards the request to the auth server, checks reply, and if valid, switches the vlan on that particular port.
This sounds like you're referring to AAA (authentication, authorization, and accounting)... I know this works for traversing a PIX, but don't know if you can set it up to traverse a switch. The only options I see for AAA on a switch is console|telnet|both.
What you're looking for is 802.1x authentication at the switch port level. Newer Cisco switches do support this at different levels. You must be using an 802.1x capable OS (XP SP1 or 2k with MS add-on) or load URT (user registration something other)
The feature set in general is referred to as IBNS. (identity based networking services) It can be done at the machine level using a certificate or at the user level utilizing the logged in credentials.
You'll need a ACS server to accomplish this. In addition to authentication, you can hand out other things per-group/user such as ACLs and VLAN. There's also guest support so that unidentified users can be given access to specific things.
The Pix can use AAA to authenticate users as they go through to the Internet and use ACS to determine what access they should have. This is not transparent as a browser challenge occurs.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :