I had an idea today.. Here's the scenario, we have a number of "Extranet" sites that have limited access to our Corporate Network, and we have a number of people from HQ who visit these sites and would like full access to the Corporate Network..
I was wondering whether it would be possible to set something up with dot1x authentication and a "secondary" range of addresses. Thereby, if an Extranet client connects they are given an address from IP range A, and have limited access to the CN, but if a CN client connects, they obtain an address from IP range B, and have complete access the CN..
The routing / firewall side of things is no problem at all, I just need to read up on the technology whose name escapes me..
We have the technology, we can build this..
PS, BGP labs are in progress, but i've not got round to posting them yet!!
- Posted using BlogPress from my iPad