https://community.cisco.com/t5/network-access-control/radius-authentication-between-vlan-s/m-p/64648#M6575 <HTML><HEAD></HEAD><BODY><P>You might want to consider IOS Firewall (CBAC) implementation on the router which does inter-VLAN routing for you.</P><P></P><P>Eg; you have to vlans; vlan1 &amp; vlan2, and you want vlan1 to be able to initiate traffic to vlan2 but not vice versa. By implemeting CBAC and creating ACL on ingress on vlan1 you can achieve this; when traffic behind vlan1 will initiate to go to vlan2, the return traffic will be allowed dynamically by opening hole on the ingress ACL on vlan1, but when vlan2 tries to come into vlan1, the ACL on ingress vlan1 will deny it. </P><P></P><P>Here's a some URLs</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/customer/110/32.html" target="_blank">http://www.cisco.com/warp/customer/110/32.html</A> </P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/customer/110/36.html" target="_blank">http://www.cisco.com/warp/customer/110/36.html</A> </P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/firewall.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/firewall.htm</A> </P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/iosfw2_2.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/iosfw2_2.htm</A> </P><P></P><P>HTH </P><P>R/Yusuf</P></BODY></HTML> Sun, 23 Jun 2002 08:56:29 GMT yusuff 2002-06-23T08:56:29Z https://community.cisco.com/t5/network-access-control/radius-authentication-between-vlan-s/m-p/64646#M6573 <P>Is it possible to require authentication via a Radius server in order to access another VLAN? Is so, how do you do it?</P> Fri, 21 Feb 2020 18:00:39 GMT https://community.cisco.com/t5/network-access-control/radius-authentication-between-vlan-s/m-p/64646#M6573 steuver 2020-02-21T18:00:39Z https://community.cisco.com/t5/network-access-control/radius-authentication-between-vlan-s/m-p/64647#M6574 <HTML><HEAD></HEAD><BODY><P>If you vlans are of different subnets, then accessing vlans is actually routing between subnets. You could do some form of auth proxy on the router as </P><P>one host tries to go to another subnet, see:</P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/customer/793/ios_fw/auth_intro.html" target="_blank">http://www.cisco.com/warp/customer/793/ios_fw/auth_intro.html</A></P><P></P></BODY></HTML> Sun, 23 Jun 2002 05:19:18 GMT https://community.cisco.com/t5/network-access-control/radius-authentication-between-vlan-s/m-p/64647#M6574 cjacinto 2002-06-23T05:19:18Z https://community.cisco.com/t5/network-access-control/radius-authentication-between-vlan-s/m-p/64648#M6575 <HTML><HEAD></HEAD><BODY><P>You might want to consider IOS Firewall (CBAC) implementation on the router which does inter-VLAN routing for you.</P><P></P><P>Eg; you have to vlans; vlan1 &amp; vlan2, and you want vlan1 to be able to initiate traffic to vlan2 but not vice versa. By implemeting CBAC and creating ACL on ingress on vlan1 you can achieve this; when traffic behind vlan1 will initiate to go to vlan2, the return traffic will be allowed dynamically by opening hole on the ingress ACL on vlan1, but when vlan2 tries to come into vlan1, the ACL on ingress vlan1 will deny it. </P><P></P><P>Here's a some URLs</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/customer/110/32.html" target="_blank">http://www.cisco.com/warp/customer/110/32.html</A> </P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/customer/110/36.html" target="_blank">http://www.cisco.com/warp/customer/110/36.html</A> </P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/firewall.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/firewall.htm</A> </P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/iosfw2_2.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/iosfw2_2.htm</A> </P><P></P><P>HTH </P><P>R/Yusuf</P></BODY></HTML> Sun, 23 Jun 2002 08:56:29 GMT https://community.cisco.com/t5/network-access-control/radius-authentication-between-vlan-s/m-p/64648#M6575 yusuff 2002-06-23T08:56:29Z