RE: ISA Design Question: Best Practice
- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 28 May 2003 21:49:25 +0200
Hi Tom,
I believe that some major switch vendors (Extreme, Cisco, ...) have some
sort of authentication agent on their boxes. You can compare that feature
roughly with the new 802.1X standard for Wireless Networks. If I remember
well it works as follows:
1) when you plugin a device you become a member of a initial VLAN who has
only access to a DHCP and authentication server.
2) after authentication and maybe selecting a profile, you are assigned a
new IP address and the port is put into another VLAN.
3) it is the membership to a particular VLAN who determines what you can do
on the network.
Greetings,
Stefaan
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: woensdag 28 mei 2003 16:59
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Design Question: Best Practice
http://www.ISAserver.org
Hi David,
Yes, that is a cool option and I've seen it before too. If I had the time, I
would have run NetMon on my laptop and try to figure out who they do it. I
do know its MAC based, so once you make a selection, your MAC address
determines the type of IP address you get. If anyone knows how it works, let
us all know! :-)
Thanks!
Tom
Thomas W Shinder
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>
Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp
-----Original Message-----
From: David V. Dellanno [mailto:ddellanno@xxxxxxxxxx]
Sent: Wednesday, May 28, 2003 7:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Design Question: Best Practice
http://www.ISAserver.org
The reason why I ask this question was that I visited this March at the
Fairmont Royal York in Toronto, Ontario and the Hilton in the subburbs (no,
I don't have SARS). They had thier internet serviced by Cisco, in each
room. a small cisco router (this was at the Fairmont, I forgot what model it
was, but the Hilton just provided cat5 cable) but once connected to it, you
are automatically connected to a webpage (this is the hotel's service
aggrement and internet access choices). You have a choice to either be
behind a firewall with a private ip or a public ip with no firewall
protection. I thought this was a good idea to provide such a service and
delegate the two types of configurations to the guest and contractors with
no administration needed but I don't quite understand how this can be done?
Thanks for you answer again.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
