Announcement

Collapse
No announcement yet.

Restrict Access for Non-Domain Users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restrict Access for Non-Domain Users

    Hello Experts,

    I have citrix enviornment with 2 DC, DNS and DHCP servers with CISCO 3750 switches on default VLAN, currently any one can walk in connect a device to network and get IP from DHCP and can be a part of the network..

    I am thinking is there a way I can restrict access for all non-domain users.

    I have a soloution to configure NAC with RADIUS server on my DC i.e. IAS server but its gonna be very complicated in our network...

    Is there a simple soloution using DHCP or GPO to restrict access to the network for all those users who are not a member of domain?

    Cheers
    Sami

  • #2
    Re: Restrict Access for Non-Domain Users

    NAP might be something to look at.
    Else port security on the switches might give you a hand either.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Restrict Access for Non-Domain Users

      Thanks Dumber,

      I think NAP is a new feature and can't be implement on Server 2003, Sorry if I didn't mention my OS level my 1st post.
      http://en.wikipedia.org/wiki/Network_Access_Protection

      After so many search I am considering NAC/ RADIUS,

      But we have a CITRIX enviornment instalation on server and on switch is 1 hr game only but my only worry is terminal users.

      is there a way I can test /how any MS virtual LAB if can find or more info on NAC?

      any suggestions?

      Cheers
      Sami

      Comment


      • #4
        Re: Restrict Access for Non-Domain Users

        NAP comes with Windows 2008 and I think this is actually the option where you are looking for.
        NAC is non microsoft but cisco can offer this for example.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment

        Working...
        X