I have a big issue right now. I am making changes to my company network. The system administrator has this control. Where he can create a rule in the firewall and allow people to go to the internet or limit the access using the ip address. We have a static environment. We are going to implement DHCP with VLAN. Each deparment will have a VLAN with a subnet. But the system administrator wants the same control. block users using the ip address. Since we are going to use DHCP this is going to be imposible.
Do exist any solution to block or allow acces to a user in specific with a DHCP environment?
But the system administrator wants the same control. block users using the ip address
Well that isn't going to work because unless you create static IP assignments within the scope for each client you don't know what IP a user has.
And if you create static IP assignments for all clients then why use DHCP at all.
Unless you can groups users who are allowed the same access into a vlan/IP subnet in which case you could limit control based on IP subnet but if you want to do it on a per user basis then using the IP address just isn't going to work.
So, if you have to move to DHCP, you need some way of authenticating users based on their credentials as opposed to their IP address.
The ASA does support AAA authentication so that a user has to authenticate to the firewall before they get access to the internet but only for a limited set of protocols.
That may be a solution if you only need the common applications users require and if you have a AAA server in your network.
I have never used it so I can't say how easy it is to setup or how well it works.