retrict access to WAN only for domain computers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2018 02:50 AM - edited 03-05-2019 09:56 AM
Hello,
I have a WAN of 200 hosts (domain users with limited profiles), and some users connect their laptops to the port and connect to the WAN and internet, I want to restrict computers that are not from the domain from connecting to the WAN.
I'm using Windows server 2008 r2 (DHCP server) and Cisco catalyst 2970 and 2960.
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2018 04:13 AM
Hi
Could you please provide more details and the topology, I think you could use ACLs but what are you meaning with domain?
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2018 05:27 AM
Hello,
the only way I see to accomplish this is with dot1x authentication in conjunction with an NPS policy for dot1x on your Windows server. Since you only want to restrict WAN access, you can configure an auth fail Vlan for the unauthenticated users.
Is that an option ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2018 12:35 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2018 12:57 AM
Hello,
have a look at the two links below. The first describes how to set up the RADIUS, the second how to configure the fallback VLAN. Let us know how much you can figure out and how far you get...
How to Enable Dot1x authentication for wired clients
https://howdoesinternetwork.com/2015/how-to-enable-dot1x-authentication-for-wired-clients
IEEE 802.1X Auth Fail VLAN
