06-22-2002 05:08 PM - edited 02-21-2020 10:00 AM
Is it possible to require authentication via a Radius server in order to access another VLAN? Is so, how do you do it?
06-22-2002 10:19 PM
If you vlans are of different subnets, then accessing vlans is actually routing between subnets. You could do some form of auth proxy on the router as
one host tries to go to another subnet, see:
http://www.cisco.com/warp/customer/793/ios_fw/auth_intro.html
06-23-2002 01:56 AM
You might want to consider IOS Firewall (CBAC) implementation on the router which does inter-VLAN routing for you.
Eg; you have to vlans; vlan1 & vlan2, and you want vlan1 to be able to initiate traffic to vlan2 but not vice versa. By implemeting CBAC and creating ACL on ingress on vlan1 you can achieve this; when traffic behind vlan1 will initiate to go to vlan2, the return traffic will be allowed dynamically by opening hole on the ingress ACL on vlan1, but when vlan2 tries to come into vlan1, the ACL on ingress vlan1 will deny it.
Here's a some URLs
http://www.cisco.com/warp/customer/110/32.html
http://www.cisco.com/warp/customer/110/36.html
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/firewall.htm
HTH
R/Yusuf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide