How can you limit the access of some users to certain network segments?

I

Igor S2016-11-13 13:49:38

linux

Igor S, 2016-11-13 13:49:38

Salute comrades!
I have a problem of the following nature:
The office has both a wired and a wireless network (not all employees have enough sockets) and there are a number of servers. Employees are in one network segment, servers in another (more precisely, in several, depending on the "type of activity"). There are servers with databases on which one common account is created, under which the database is being finalized. Employees connect to the base via the network directly (that is, to the port that the base listens to)
And here's the problem: When an employee leaves, you have to change the password for wifi and change the password for the general account in the database (which is very painful).
Tell me if there are any technologies that allow you to control access to certain network segments.
At the moment, I was offered a very unusual idea, to give access to closed resources only through a VPN. But it seems silly to me, an employee came to the office, connected to the office network, but in order to work, he must also connect to the VPN inside the office.
There were also proposals for AD, but our infrastructure is mainly on Linux

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

R

Rsa97, 2016-11-13
@Rsa97

Well, the AD controller can also be raised on Samba4. Everyone should have their own username/password for the database, with the appropriate access rights. Authorization on WiFi can be configured from AD or OpenLDAP.

O

oia, 2016-11-13
@oia

ipfw configuring access by mac device

M

Max, 2016-11-13
@MaxDukov

think about 802.1x - the user will be authorized before gaining access to the network, based on the rights to be placed in a particular VLAN.