cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

990
Views
0
Helpful
4
Replies
Samrat Bose
Beginner

How to restrict Internet access using RADIUS server through Catalyst 3560 switch

Dear All,

I need a configuration help from anybody. I have a small network of 15 users connected to a 3560, which is in-turn connected to a 2811 ISR router. At interface fastethernet 0/24 of the 3560 switch I am planning to connect a unix based RADIUS server. ISP is connected on the opposite side of the 2811 at interface fa0/0.

 

What I want to do is if anyone among the 15 users tries to access internet, they should be validated in the RADIUS server by their pre-configured user credentials. (I'll store 15 user credentials there). If anybody else tries to connect (except these 15) he/she should be denied internet access.

 

The RADIUS server will be having a login page to type username/password.

 

Please guide in terms of  what commands I should inject in the 3560 or what specifically I need to have to do this task.

 

Thanks in advance!!

Samrat.

1 ACCEPTED SOLUTION

Accepted Solutions
Philip D'Ath
Advisor

4 REPLIES 4
Florin Barhala
Frequent Contributor

Honestly: I see not a big of a issue Cisco's config. You enable 802.1x and port authorization will be granted or not by the radius server you will config on the switch.

But on the Radius, I think FreeRadius should be more than enough to accomplish this, still can't speak about your exposure to this solution.

Philip D'Ath
Advisor

Philip D'Ath
Advisor

I would also do the Web Authentication on the 2811, not the Cisco 3560.

Samrat Bose
Beginner

Thank you Philip :-)

This is exactly what I was looking for. Tons and tons of thanks to you!

Content for Community-Ad