cc/td/doc/product/rtrmgmt/cw2000/fam_prod/user_reg/2_5_3
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Prerequisites
 Product Overview
 Supported Devices
 Network Prerequisites
 Hardware and Software Requirements
 Summary of Installation Tasks

Prerequisites

This chapter describes factors and prerequisites you should consider before installing and using the User Registration Tool (URT).

This chapter contains:

Product Overview

User Registration Tool (URT) is a security product within the Cisco Secure product line that controls user access to the LAN. User access is granted through authentication to Windows NT, Novell Directory Services (NDS), or Active Directory (AD) domain controllers. Until the user is authenticated, URT places the user in a logon VLAN that cannot access corporate data servers.

URT facilitates enterprise security, mobile user access, and corporate reorganizations. You can develop VLAN-based security policies and ensure that users access only the expected services. As users move from system to system in your network, URT identifies them based on their logon username and applies the appropriate VLAN policy for each user. You can use URT to create and manage VLAN-based security policies based on a username or a user's membership in a group or organizational unit.

URT supports Microsoft Windows clients for traditional logon, and Linux and Macintosh clients for web logon.

Understanding Traditional Logons and Web Logons

Traditional URT is not web-based, which means that users log on using the Windows logon. Traditional logon applies only to Windows clients.

URT Release 2.5.3 adds the ability to log in via the web from Windows, Linux, and Macintosh clients.

The same URT Administrative server can manage both traditional and web logons.

Note   To distinguish between logons in this manual, the terms traditional logon and web logon are used.
User VLAN Policies and Group VLAN Policies

You can create VLAN policies based on NT or Windows 2000 user or group name, or Novell NetWare user or organizational unit name. Thus, a user can move from one system to another and remain assigned to the appropriate VLAN and subnet. (This assumes that a single workstation is connected directly to a switch that supports URT.)

If the user has a mobile system, such as a laptop, the user can connect to any supported switch port and also be connected to the correct VLAN and subnet. You must define the associated port as dynamic; if the port has a static VLAN assignment, URT does not override that assignment.

Supported Devices

For a list of supported devices for URT, refer to:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/fam_prod/us er_reg/2_5/urt_dvcs.htm

For URT to place a user in the correct VLAN based on username, the user's system must be directly attached to a port on one of the switches that is a supported device for URT.

You must configure the VLAN membership for ports on these switches as dynamic. (URT tracks users on static ports, but does not dynamically place these users in a VLAN.) Use CiscoWorks2000 or the switch's commands to change port state.

Network Prerequisites

Table 1-1 lists the products that you must have installed on your network before you can install and use URT.

Table 1-1   Network Requirements

Required Item  Minimum Requirements  Notes 

DHCP Server

A standards-compliant DHCP server. The following are recommended:

  • Microsoft DHCP Server
  • Cisco Network Registrar

The DHCP server is required so that users can obtain a dynamically generated IP address that belongs to the correct VLAN.

Clients must use DHCP to work with URT. The DHCP server must be accessible to users from the URT logon VLAN as well as from any VLAN in which a user is placed.

For web logons, the DHCP server must support DNS attributes.

Domain Server

Any of these:

  • Windows 2000 Service Pack 2 Active Directory, mixed and native modes (for traditional logons and web logons)
  • Windows NT Server 4.0 with Service Pack 6a, with WINS enabled (for traditional logons only)
  • Novell NDS NetWare 5.3 and eDirectory (for traditional logons and web logons)
  • Any IETF-compliant RADIUS server

You can use all these types of domain servers. To resolve domain names to their dynamically generated IP addresses, you must enable the WINS server on the domain server when the domain server is Windows NT.

Hardware and Software Requirements

Table 1-2 lists hardware and software required for installing and using URT. Table 1-3 lists software required for installing and using URT.

Table 1-2   Hardware Requirements

URT Element  Minimum Requirement 

URT Administrative Server and Administrative Client Interface

  • Pentium III CPU
  • 512 MB DRAM
  • 65 MB disk space
  • Color monitor with 1024 x 768 resolution, with at least 256 colors

URT VPS

Cisco VLAN Policy Server

URT Client Module

Traditional logon clients:

  • Pentium II CPU
  • 64 MB DRAM
  • 65 MB disk space

Web logon clients:

  • Pentium II CPU
  • 64 MB DRAM
  • 1 MB disk space

Table 1-3   Software Requirements

URT Element  Minimum Requirement  Notes 

URT Administrative Server and Administrative Client Interface

  • Windows 2000 Professional and Server with Service Pack 2, 3, or 4
  • Windows XP Professional with Service Pack 1
  • Windows Server 2003, Standard Edition, with latest Windows updates

Although URT functions independently from CiscoWorks2000, the addition of CiscoWorks2000 streamlines the process of adding network information to URT.

URT Client Module

Platforms that either traditional logon clients or web logon clients can operate on:

  • Windows 98 SE
  • Windows NT 4.0 Workstation and Server with Service Pack 6a
  • Windows 2000 Professional and Server with Service Pack 2, 3, or 4
  • Windows XP Professional with Service Pack 1

Platforms that only web logon clients can operate on:

  • Windows XP Home Edition
  • Macintosh OS 10.1 or 10.3.2
  • RedHat Linux 7.1
  • Mandrake Linux 7.2
  • SuSE Linux 7.2
  • VA Linux 6.2

Clients must be running:

  • TCP/IP using DHCP to obtain IP addresses. You must use TCP/IP; you cannot use only IPX or NetBIOS.
  • At least one of these:
    • Windows Networking (NetBIOS or Client for Microsoft Networks).
    • Novell NetWare Client 4.6 (or later) for Windows NT clients.
    • Novell NetWare Client 3.0.1 (or later) for Windows 98 clients.

Web Browser

  • Internet Explorer 5.5 with Service Pack 2 , 6.0, and 6.0 with Service Pack 1
  • Netscape 4.79, 6.2, and 7.1

Macintosh OS 10.1 supports Internet Explorer 5.1 or Netscape 6.2.2 only.

Internet Explorer cannot be used on Linux systems.

Summary of Installation Tasks

Table 1-4   Installing the Package

To Do This Task...  See... 
1. Install the VLAN Policy Server hardware.

Installation and Setup Guide for the Cisco 1102 VLAN Policy Server

2. Install the URT Administrative Server software.

Installation and Setup Guide for the Cisco Secure User Registration Tool

3. Configure the URT Administrative Server.

Installation and Setup Guide for the Cisco Secure User Registration Tool

4. Configure switches to use the URT VPS.

User Guide for the Cisco Secure User Registration Tool

5. Configure domain controllers and NetWare Servers to run the URT logon script.

User Guide for the Cisco Secure User Registration Tool

6. Install the URT Client Module on client systems.

User Guide for the Cisco Secure User Registration Tool

7. Configure client systems.

User Guide for the Cisco Secure User Registration Tool


hometocprevnextglossaryfeedbacksearchhelp
Posted: Tue Jan 27 23:24:01 PST 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.