I am trying to design my SaaS Implementation for a BYOD wireless network. IP Address Authentication seems like the obvious implementation since its advantages states that "Can be deployed at the edge of the network using routing"
I have been unable to find a solution to accomplish this. I am currently testing with Cisco Routers/ASA and Fortigate. Has anyone successfully implemented this with either of those technologies or have any other suggestion. I am in the design phase so am open to using new hardware. The issues with Cisco/Fortigate that I am currently running into are:
Ideally I was hoping to use Policy Based Routing or some type of transparent proxy however am finding that both Cisco and Fortigate's preferred implementation would be with WCCP which isn't supported by McAfee Web Security. Cisco also has some URL Filtering options but seems specific to Websense/TrendMicro/N2H2/ScanSafe.
Thank you for any help in this matter.
below are the commands to support Authentication Proxy on an ISR with radius. This will enable the router to prompt for a username and password when someone is trying to access http, the router will work s a proxy server in this case:
aaa group server radius AAAPROXY
aaa authentication login default local group AAAPROXY none
aaa authorization exec default group AAAPROXY none
aaa authorization auth-proxy default group AAAPROXY
ip auth-proxy auth-proxy-banner
ip auth-proxy auth-cache-time 10
ip auth-proxy name aaa_list http
ip address 192.168.1.1 255.255.255.0
ip auth-proxy aaa_list !
radius-server host 192.168.1.10 auth-port 1645 acct-port 1646
radius-server key cisco