Software Needed ? For Managing A Large Network

[longtimeago 0]

Hello everyone, I am in need of particular software or any idea related to my issue. Let me explain the scenario of my requirement and what I have done till now. There is a network with more than 5000 nodes in it. The network is basically split into two, one is wired and the other is wireless. The wired Ethernet is 100 Mbps and the wireless is 54 Mbps. Both the networks use Cisco intermediate devices. Now both the networks diverge from a Cisco Layer 3 Switch. The whole network is protected by a watch guard X5000 series firewall. Now the problem is separate logins have to be provided for each node (individual) for accessing the network. Each node is assigned an IP address by the DHCP server. As far as the wireless network is considered there is no problem, because all the wi-fi transmitting devices are well set, and the devices itself provide a Login system for each user who connects to the network through wifi. But the problem now is regarding the wired Lan in the network. There are more than 2000 nodes which are connected by the Ethernet wired LAN. And there has to be a system implemented which will help in providing a way where each user will have to login with a particular username and password and thereafter only he/she can use the internet. For this to be accomplished there had been already few solutions.The First solution is that each users can be provided separate logins in the firewall. Unfortunately WatchGuard X5000 series does not provide this facility for such large users, where as websense ( A product of Iron Port which is now owned by CISCO ) supports this. That is if Websense is deployed in the network as the firewall each user can be blocked in the firewall and an authentication system can be set over there. But now the problem is the Cost. The Cost is extremely high, such as they charge for each individual logins. So as the network grows the cost factor will be a major concern if the users are given an authentication in the websense firewall. So this solution is omitted.I thought of deploying another method for this, let me call it as the second method in my case. In the second method every user can be redirected through a proxy server (internal) and in this server a simple login (JSP login page) can be setup and from this proxy server after successful login the user can be redirected to the main server(DHCP Server where IP can be assigned). But here there still exists a problem, what if the user uses a static IP address instead of a dynamic IP address ?? So here if there is a way where static IP addresses can be disabled in the network please let me know.So leaving the above two ways there is a possibility to write an application (user end) with which the user has to login and directly it gets connected to the DHCP server and the username has will be already stored in the table in the DHCP server and the corresponding IP address for that username will be assigned, for this too the threat is, what if the user uses a static IP address, so what my requirement is that, Please some one let me know that while writing this particular client side application.Is there anyway where the ?static IP? can be disabled in the users system, so that though he is in the administrator privilege , inorder to access the internet from the network he has to login, so inorder to login he has to install the client side application which connects him to the DHCP server and from which IP address is assigned to him, And what this application needs to do is that ?Disable assigning static IP? . Can this be done ?? Is there anyway to accomplish this. Else if there is any other way where I can have a Login/Authentication system for a network using some open source or some other software which can fulfill this requirement please let me know. I am sure that there will be a way out for this, because in all the corporate sectors inside their LAN, when an employee wants to access the internet he logs in first with his unique ID and password, but im unaware of the application which is being used there, so please kindly guide me .Thanks in Advance  

[georgebaileyster 0]

Hello everyone, I am in need of particular software or any idea related to my issue. Let me explain the scenario of my requirement and what I have done till now. There is a network with more than 5000 nodes in it. The network is basically split into two, one is wired and the other is wireless. The wired Ethernet is 100 Mbps and the wireless is 54 Mbps. Both the networks use Cisco intermediate devices.
Now both the networks diverge from a Cisco Layer 3 Switch. The whole network is protected by a watch guard X5000 series firewall. Now the problem is separate logins have to be provided for each node (individual) for accessing the network. Each node is assigned an IP address by the DHCP server. As far as the wireless network is considered there is no problem, because all the wi-fi transmitting devices are well set, and the devices itself provide a Login system for each user who connects to the network through wifi. But the problem now is regarding the wired Lan in the network.

There are more than 2000 nodes which are connected by the Ethernet wired LAN. And there has to be a system implemented which will help in providing a way where each user will have to login with a particular username and password and thereafter only he/she can use the internet. For this to be accomplished there had been already few solutions.

The First solution is that each users can be provided separate logins in the firewall. Unfortunately WatchGuard X5000 series does not provide this facility for such large users, where as websense ( A product of Iron Port which is now owned by CISCO ) supports this. That is if Websense is deployed in the network as the firewall each user can be blocked in the firewall and an authentication system can be set over there. But now the problem is the Cost. The Cost is extremely high, such as they charge for each individual logins. So as the network grows the cost factor will be a major concern if the users are given an authentication in the websense firewall. So this solution is omitted.

I thought of deploying another method for this, let me call it as the second method in my case. In the second method every user can be redirected through a proxy server (internal) and in this server a simple login (JSP login page) can be setup and from this proxy server after successful login the user can be redirected to the main server(DHCP Server where IP can be assigned). But here there still exists a problem, what if the user uses a static IP address instead of a dynamic IP address ?? So here if there is a way where static IP addresses can be disabled in the network please let me know.

So leaving the above two ways there is a possibility to write an application (user end) with which the user has to login and directly it gets connected to the DHCP server and the username has will be already stored in the table in the DHCP server and the corresponding IP address for that username will be assigned, for this too the threat is, what if the user uses a static IP address, so what my requirement is that, Please some one let me know that while writing this particular client side application.

Is there anyway where the "static IP" can be disabled in the users system, so that though he is in the administrator privilege , inorder to access the internet from the network he has to login, so inorder to login he has to install the client side application which connects him to the DHCP server and from which IP address is assigned to him, And what this application needs to do is that "Disable assigning static IP" . Can this be done ?? Is there anyway to accomplish this.

Else if there is any other way where I can have a Login/Authentication system for a network using some open source or some other software which can fulfill this requirement please let me know. I am sure that there will be a way out for this, because in all the corporate sectors inside their LAN, when an employee wants to access the internet he logs in first with his unique ID and password, but im unaware of the application which is being used there, so please kindly guide me .Thanks in Advance  

Take a look at A-Select it is an open source middleware authentication system for multiple application / resource access. You would link this through Radius / LDAP in your case scenario from what you have explained here.