https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240955#M6051 <HTML><HEAD></HEAD><BODY><P>No, this isn't what I'm asking. </P><P></P><P>Basically, when you plug into a switch, you should get no internet access unless you authenticate. When you plug into the switch, you're in a dead VLAN. When log-in to the domain, the switch forwards the request to the auth server, checks reply, and if valid, switches the vlan on that particular port.</P></BODY></HTML> Wed, 04 Feb 2004 17:29:27 GMT kowalm 2004-02-04T17:29:27Z https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240951#M6035 <P>I'm looking for a way to transparently authenticate NT/2000/XP users to Active Dir. or Domain Controller (via LDAP). I heard you can setup a cisco switch to authenticate this way; a user hits Ctrl-Alt-Del, enters NT login info, the switch sees this login and sees if the user authenticates with the DC or AD. </P><P></P><P>Are there any variations to this? Does cisco sell an appliance that does?</P><P>I know of MAC based security, but this isn't what i'm looking for. Basically, transparent authetication without adding MACs etc.</P> Fri, 21 Feb 2020 18:09:15 GMT https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240951#M6035 kowalm 2020-02-21T18:09:15Z https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240952#M6038 <HTML><HEAD></HEAD><BODY><P>If the user is hitting ctrl+alt+del and entering authentication info, what the heck are they authenticating against if it is not active directory? </P></BODY></HTML> Tue, 03 Feb 2004 19:57:38 GMT https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240952#M6038 mostiguy 2004-02-03T19:57:38Z https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240953#M6044 <HTML><HEAD></HEAD><BODY><P>A NT 4.0 Domain controller in a mixed mode setting.</P></BODY></HTML> Tue, 03 Feb 2004 21:29:12 GMT https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240953#M6044 kowalm 2004-02-03T21:29:12Z https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240954#M6046 <HTML><HEAD></HEAD><BODY><P>You can set up a trust between the nt 4 domain and the win2k AD domain</P></BODY></HTML> Wed, 04 Feb 2004 14:41:12 GMT https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240954#M6046 mostiguy 2004-02-04T14:41:12Z https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240955#M6051 <HTML><HEAD></HEAD><BODY><P>No, this isn't what I'm asking. </P><P></P><P>Basically, when you plug into a switch, you should get no internet access unless you authenticate. When you plug into the switch, you're in a dead VLAN. When log-in to the domain, the switch forwards the request to the auth server, checks reply, and if valid, switches the vlan on that particular port.</P></BODY></HTML> Wed, 04 Feb 2004 17:29:27 GMT https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240955#M6051 kowalm 2004-02-04T17:29:27Z https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240956#M6055 <HTML><HEAD></HEAD><BODY><P>This sounds like you're referring to AAA (authentication, authorization, and accounting)... I know this works for traversing a PIX, but don't know if you can set it up to traverse a switch. The only options I see for AAA on a switch is console|telnet|both.</P></BODY></HTML> Wed, 04 Feb 2004 21:37:39 GMT https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240956#M6055 bfl1 2004-02-04T21:37:39Z https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240957#M6060 <HTML><HEAD></HEAD><BODY><P>What you're looking for is 802.1x authentication at the switch port level. Newer Cisco switches do support this at different levels. You must be using an 802.1x capable OS (XP SP1 or 2k with MS add-on) or load URT (user registration something other)</P><P></P><P>The feature set in general is referred to as IBNS. (identity based networking services) It can be done at the machine level using a certificate or at the user level utilizing the logged in credentials.</P><P></P><P>You'll need a ACS server to accomplish this. In addition to authentication, you can hand out other things per-group/user such as ACLs and VLAN. There's also guest support so that unidentified users can be given access to specific things.</P><P></P><P>The Pix can use AAA to authenticate users as they go through to the Internet and use ACS to determine what access they should have. This is not transparent as a browser challenge occurs.</P></BODY></HTML> Wed, 04 Feb 2004 22:26:21 GMT https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240957#M6060 shannong 2004-02-04T22:26:21Z https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240958#M6061 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Cisco has a device which is called URT(secure user reg tool), this can do exactly what you need but you need to configure switches to do this.</P></BODY></HTML> Thu, 26 Feb 2004 23:52:18 GMT https://community.cisco.com/t5/network-access-control/transparent-authentication/m-p/240958#M6061 vinodmorsa 2004-02-26T23:52:18Z