Security

Reply
Frequent Contributor I
Posts: 228
Registered: ‎09-14-2011

Wired User Authentication Question

Hypothetical situation:

 

VLAN 100 comes into controller, wired, from a secure DMZ. Wired Users on VLAN 100 need access to VLANs 200, 300 & 400 that live (meaning routed by) on the controller. 

 

What would be the best way to make said wired users authenticate and then be placed in a role with the specific VLAN access they need?

 

As always, thanks for any assistance :-)

 

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | ACSP | ACMP | ACMA | BREC
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Wired User Authentication Question

At the most basic level, on the controller, you would make the VLAN untrusted.  The users coming in on a specific VLAN would get the captive portal.  I cannot tell of the scope of what you are trying to do from your email, but what you do from here depends on that.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 228
Registered: ‎09-14-2011

Re: Wired User Authentication Question

[ Edited ]

Could this be done, say, with a dot1x authentication request instead of a captive portal? Then, with clearpass, place the user in a specific role?

 

 

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | ACSP | ACMP | ACMA | BREC
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Wired User Authentication Question

EAPOL or 802.1x traffic is "link local" , which means the first switch in the chain needs to do something with the frame or discard it.  In other words, wired 802.1x does not work well unless the device is directly connected to the switch that is the doing the 802.1x authentication...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: