CISCO RADIUS AUTHENTICATION
Posted on 2013-01-25
Scenario - Users from remote sites must gain access to specific VRF's within a Core Switch. The fronting Router or Layer 3 Switch must direct traffic to the appropriate interface on the core Switch to ensure traffic enters the correct VRF.
I could use source IP addressing and create a route map --this is one solution.
I am also looking for a solution that would involve radius authentication. Effectively can a Radius Server somehow or someway influence the port or interface that the traffic will exit depending on the authentication.
example) User from Remote Site A must be directed to VRF 100. Entry to VRF 100 on the Core Switch is through interface Gig 1/1. This interface (Gig 1/1) is conncected directly to interface gig 2/1 on the fronting Router Cisco 3900. How do I force the user from Site A to exit interface Gig 2/1 on the Cisco Router based on how he authenticated with the Radius Server.
I am open to employing any device including firewalls, layer 3 switches, routers etc.