User based network access query

steven.crutchley · ‎04-18-2011

The primary switching network in our company is a hub and spoke topology and consists largely on Cisco 3750s. We use this to carry our main corporate network.

We also have what is refered to as the Contractors network. We use this network for, yep you guessed it, contractors to come in and get basic raw internet access. This network is VLANed over our 3750 network and is connected to the internet via a Cisco C870 router.

I have been given the task of making this Contractors network secure. Currently we have PSKs for all on all of the access points and necessary passwords etc on router/switch access. But at the moment anyone can plug into a port that carries to the Contractors LAN and voila, instant access.

We would like employ a system where contractors will need to come to the IT department and request access to this network. We will then supply them with a username and password without which they could not get access. We want each user to have their own unique username and password.

I am unsure of what is best to use or where to start looking to configure such a system. I'm CCNA and my first thought is RADIUS or some kind of router security.

As a result, I am here requesting guidance. Can anyone advise on what might be a good first step?

rmanthey · ‎04-19-2011

You are right. If you are using all enterprise level equipment you should consult enterprise about this question. Small Business products are sometimes limited on the type of AAA authentication they can do. Enterprise usually can do both Radius and Tacacs+. An ACS server might be the solution or Windows server running Radius. Again this will depend on the equipment you are using and what AAA features you want to use. Tacacs+ gives you a little better control over separation of duties on the roles, But you would need to install and configure a Tacacs+ server.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security