Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2568
Views
0
Helpful
4
Replies

How to restrict Internet access using RADIUS server through Catalyst 3560 switch

Go to solution
Samrat Bose
Level 1
Level 1

‎01-31-2016 07:43 PM - edited ‎03-10-2019 11:26 PM

Dear All,

I need a configuration help from anybody. I have a small network of 15 users connected to a 3560, which is in-turn connected to a 2811 ISR router. At interface fastethernet 0/24 of the 3560 switch I am planning to connect a unix based RADIUS server. ISP is connected on the opposite side of the 2811 at interface fa0/0.

 

What I want to do is if anyone among the 15 users tries to access internet, they should be validated in the RADIUS server by their pre-configured user credentials. (I'll store 15 user credentials there). If anybody else tries to connect (except these 15) he/she should be denied internet access.

 

The RADIUS server will be having a login page to type username/password.

 

Please guide in terms of  what commands I should inject in the 3560 or what specifically I need to have to do this task.

 

Thanks in advance!!

Samrat.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-02-2016 04:04 AM

I haven't done this in a very long time, but what you probably want to do is enable web authentication.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swwebauth.html

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Florin Barhala
Level 6
Level 6

‎02-01-2016 12:06 PM

Honestly: I see not a big of a issue Cisco's config. You enable 802.1x and port authorization will be granted or not by the radius server you will config on the switch.

But on the Radius, I think FreeRadius should be more than enough to accomplish this, still can't speak about your exposure to this solution.

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-02-2016 04:04 AM

I haven't done this in a very long time, but what you probably want to do is enable web authentication.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swwebauth.html

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-02-2016 04:05 AM

I would also do the Web Authentication on the 2811, not the Cisco 3560.

0 Helpful

Go to solution
Samrat Bose
Level 1
Level 1

‎02-02-2016 07:05 PM

Thank you Philip :-)

This is exactly what I was looking for. Tons and tons of thanks to you!

0 Helpful
Customers Also Viewed These Support Documents