http://broaddev.com/2008/10/28/university-of-minnesota-deploys-infoblox-appliances-student-authentication-and-ip-address-assignment-dramatically-streamlined/ Wed, 08 Sep 2010 11:16:51 +0000 http://wordpress.org/?v=2.5.1 http://broaddev.com/2008/10/28/university-of-minnesota-deploys-infoblox-appliances-student-authentication-and-ip-address-assignment-dramatically-streamlined/#comment-977 John Furrier Thu, 30 Oct 2008 04:53:52 +0000 http://broaddev.com/?p=242#comment-977 The Infoblox appliance solution includes a "NAC Foundation Module" which collects MAC addresses and builds up a database of allowed devices. The Module gets MAC addresses when devices attempting to access the network issue DHCP requests (the Infoblox appliance includes a DHCP server). If the MAC address of a requesting device matches an address in a 'MAC Filter List' configured on the appliance, the requesting device will receive an IP address from an address range associated with the matched MAC Filter. If the MAC address doesn't match any filter, the DHCP response will provide the IP address of a captive Web portal included on the appliance. This address routes only to the appliance. Similar to accessing the Internet in a hotel or public space, the user launches their browser and is redirected to customizable Web pages on the captive portal. The portal includes pages that enable the user to authenticate or to register as a guest in order to get an IP address routable on the production network. The NAC Foundation Module supports a number of back-end authentication options, including RADIUS, LDAP and Microsoft AD. Following successful authentication, the policy associated with the user is retrieved (e.g. via AD group attributes), and their MAC address is inserted by the NAC Foundation Module into the appropriate DHCP MAC filter. The initial IP address of the Web portal expires after 30 seconds, and when the device issues a new DHCP request it's MAC address is now present in a MAC filter and the appropriate IP is returned to the user. So in short, the captive portal authentication process is used to automatically populate the MAC addresses in the DHCP server. The Infoblox appliance solution includes a “NAC Foundation Module” which collects MAC addresses and builds up a database of allowed devices. The Module gets MAC addresses when devices attempting to access the network issue DHCP requests (the Infoblox appliance includes a DHCP server). If the MAC address of a requesting device matches an address in a ‘MAC Filter List’ configured on the appliance, the requesting device will receive an IP address from an address range associated with the matched MAC Filter. If the MAC address doesn’t match any filter, the DHCP response will provide the IP address of a captive Web portal included on the appliance. This address routes only to the appliance. Similar to accessing the Internet in a hotel or public space, the user launches their browser and is redirected to customizable Web pages on the captive portal. The portal includes pages that enable the user to authenticate or to register as a guest in order to get an IP address routable on the production network. The NAC Foundation Module supports a number of back-end authentication options, including RADIUS, LDAP and Microsoft AD. Following successful authentication, the policy associated with the user is retrieved (e.g. via AD group attributes), and their MAC address is inserted by the NAC Foundation Module into the appropriate DHCP MAC filter. The initial IP address of the Web portal expires after 30 seconds, and when the device issues a new DHCP request it’s MAC address is now present in a MAC filter and the appropriate IP is returned to the user. So in short, the captive portal authentication process is used to automatically populate the MAC addresses in the DHCP server.

]]> http://broaddev.com/2008/10/28/university-of-minnesota-deploys-infoblox-appliances-student-authentication-and-ip-address-assignment-dramatically-streamlined/#comment-964 Steven Wed, 29 Oct 2008 04:40:09 +0000 http://broaddev.com/?p=242#comment-964 Can you be more specific? How does this solution gather the MAC addresses now? Can you be more specific? How does this solution gather the MAC addresses now?

]]>