cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
142
Views
0
Helpful
4
Replies
Highlighted
Beginner

Secure VLAN with an authentication mechanism

HI there, 

 

Just a quick one,

 

with regards to creating a secure zone/VLAN off of a core network, is it worthy, possilbly to implement something useful in terms of authentication on a VLAN utilising 802.1X that isnt going to be messy?

 

For instance if we want to create a secure zone or VLAN that hangs off the core switching network and possibly segregated by a firewall for a set of say critical applications.

 

Iv been looking at ways we couldnt implement an environment without having the use of a terminal server on the front of the environment.

 

802.1X using NPS / NAP may be messy,

 

If there is a way to utilise this based on domain level authentication and mapping that would be useful.

 

 

4 REPLIES 4
Hall of Fame Expert

Re: Secure VLAN with an authentication mechanism

Hello dmo84,

as far as I know to implement a form of authentication at OSI layer 2 you need to deploy 802.1X.

On 802.1X the only supported authentication methods are radius (and may be local not to be used in production).

 

However, the Radius Server can then point to an Active Directory as a way to authenticate the user.

For example see the following HOWTO guide for freeradius server

 

https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO

 

Hope to help

Giuseppe

 

Beginner

Re: Secure VLAN with an authentication mechanism

Hi,

 

Yeh thanks this is what I was looking at, but looking at it, reading some tech documents it comes with some caveats and possibly high network admin overhead.

 

As mentioned what is being aimed for, is to have a secure zone within our network which is controlled by some form of authentication (looking at the domain level authentication idea) , this secure zone / VLAN can then be used to control who has access to this VLAN which has these applications/ application servers.

 

These selected users if part of an AD group will get access to this isolated VLAN.

 

 

its never been used by me but have had some people use it a good few years ago *VLAN / 802.1x and said it wasnt really thatmuch use and caused issues so they ended up scrapping it.

 

 

Beginner

Re: Secure VLAN with an authentication mechanism

Not really the same thing, but another way I have thought about doing this, is by using a firewall which hangs off of our core network, the new firewall will be doing security on a multi-VLAN basis, but also levages the use of firewall > AD "User identification" to pull down the AD or LDAP groups from domain controllers, and on a per VLAN basis we can create the relevant security rules/ policies which permit a spefiic AD group or group of users to the applications/servers or services within the vlans

Hall of Fame Expert

Re: Secure VLAN with an authentication mechanism

Hello dmo84,

the use of a firewall with active directory integration for user authentication can be seen as an alternative implementation but security will be at inter Vlan level.

 

Hope to help

Giuseppe

 

CreatePlease to create content
Content for Community-Ad