|
This chapter describes factors and prerequisites you should consider before installing and using the User Registration Tool (URT).
User Registration Tool (URT) is a security product within the Cisco Secure product line that controls user access to the LAN. User access is granted through authentication to Windows NT, Novell Directory Services (NDS), or Active Directory (AD) domain controllers. Until the user is authenticated, URT places the user in a logon VLAN that cannot access corporate data servers.
URT facilitates enterprise security, mobile user access, and corporate reorganizations. You can develop VLAN-based security policies and ensure that users access only the expected services. As users move from system to system in your network, URT identifies them based on their logon username and applies the appropriate VLAN policy for each user. You can use URT to create and manage VLAN-based security policies based on a username or a user's membership in a group or organizational unit.
URT supports Microsoft Windows clients for traditional logon, and Linux and Macintosh clients for web logon.
Traditional URT is not web-based, which means that users log on using the Windows logon. Traditional logon applies only to Windows clients.
URT Release 2.5.3 adds the ability to log in via the web from Windows, Linux, and Macintosh clients.
The same URT Administrative server can manage both traditional and web logons.
Note To distinguish between logons in this manual, the terms traditional logon and web logon are used. |
You can create VLAN policies based on NT or Windows 2000 user or group name, or Novell NetWare user or organizational unit name. Thus, a user can move from one system to another and remain assigned to the appropriate VLAN and subnet. (This assumes that a single workstation is connected directly to a switch that supports URT.)
If the user has a mobile system, such as a laptop, the user can connect to any supported switch port and also be connected to the correct VLAN and subnet. You must define the associated port as dynamic; if the port has a static VLAN assignment, URT does not override that assignment.
For a list of supported devices for URT, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/fam_prod/us er_reg/2_5/urt_dvcs.htm
For URT to place a user in the correct VLAN based on username, the user's system must be directly attached to a port on one of the switches that is a supported device for URT.
You must configure the VLAN membership for ports on these switches as dynamic. (URT tracks users on static ports, but does not dynamically place these users in a VLAN.) Use CiscoWorks2000 or the switch's commands to change port state.
Table 1-1 lists the products that you must have installed on your network before you can install and use URT.
Table 1-1 Network Requirements
Table 1-2 lists hardware and software required for installing and using URT. Table 1-3 lists software required for installing and using URT.
Table 1-2 Hardware Requirements
|
Table 1-3 Software Requirements
|
Table 1-4 Installing the Package
Installation and Setup Guide for the Cisco 1102 VLAN Policy Server
Installation and Setup Guide for the Cisco Secure User Registration Tool
Installation and Setup Guide for the Cisco Secure User Registration Tool
To Do This Task...
See...
1. Install the VLAN Policy Server hardware.
2. Install the URT Administrative Server software.
3. Configure the URT Administrative Server.
4. Configure switches to use the URT VPS.
5. Configure domain controllers and NetWare Servers to run the URT logon script.
6. Install the URT Client Module on client systems.
7. Configure client systems.
Posted: Tue Jan 27 23:24:01 PST 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.