Security

Reply
Frequent Contributor II

Wired User Authentication Question

Hypothetical situation:

 

VLAN 100 comes into controller, wired, from a secure DMZ. Wired Users on VLAN 100 need access to VLANs 200, 300 & 400 that live (meaning routed by) on the controller. 

 

What would be the best way to make said wired users authenticate and then be placed in a role with the specific VLAN access they need?

 

As always, thanks for any assistance :-)

 

Scott McNeil - Sr. Network & Security Engineer, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Guru Elite

Re: Wired User Authentication Question

At the most basic level, on the controller, you would make the VLAN untrusted.  The users coming in on a specific VLAN would get the captive portal.  I cannot tell of the scope of what you are trying to do from your email, but what you do from here depends on that.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Wired User Authentication Question

Could this be done, say, with a dot1x authentication request instead of a captive portal? Then, with clearpass, place the user in a specific role?

 

 

Scott McNeil - Sr. Network & Security Engineer, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Guru Elite

Re: Wired User Authentication Question

EAPOL or 802.1x traffic is "link local" , which means the first switch in the chain needs to do something with the frame or discard it.  In other words, wired 802.1x does not work well unless the device is directly connected to the switch that is the doing the 802.1x authentication...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: