cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1861
Views
0
Helpful
2
Replies

Radius Authentication between VLAN's

steuver
Level 1
Level 1

Is it possible to require authentication via a Radius server in order to access another VLAN? Is so, how do you do it?

2 Replies 2

cjacinto
Cisco Employee
Cisco Employee

If you vlans are of different subnets, then accessing vlans is actually routing between subnets. You could do some form of auth proxy on the router as

one host tries to go to another subnet, see:

http://www.cisco.com/warp/customer/793/ios_fw/auth_intro.html

yusuff
Cisco Employee
Cisco Employee

You might want to consider IOS Firewall (CBAC) implementation on the router which does inter-VLAN routing for you.

Eg; you have to vlans; vlan1 & vlan2, and you want vlan1 to be able to initiate traffic to vlan2 but not vice versa. By implemeting CBAC and creating ACL on ingress on vlan1 you can achieve this; when traffic behind vlan1 will initiate to go to vlan2, the return traffic will be allowed dynamically by opening hole on the ingress ACL on vlan1, but when vlan2 tries to come into vlan1, the ACL on ingress vlan1 will deny it.

Here's a some URLs

http://www.cisco.com/warp/customer/110/32.html

http://www.cisco.com/warp/customer/110/36.html

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/firewall.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/iosfw2_2.htm

HTH

R/Yusuf

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: