RE: 802.1x Web Authentication from Jose A. Arnau Alvarez on 2009-08-27 (Ccielab archives 08/2009)

From: Jose A. Arnau Alvarez <jaral18_at_hotmail.com>
Date: Thu, 27 Aug 2009 07:29:32 +0000

Hi guys,

Thanks a lot for your help. I have tryed commands that you say, but the Web
Auth still not works. I don't know why is the reason because the web page is
not displayed. I will try with another platform of switch.

Kind regards.

-----------------------------------
-----------------------------------
Jose A. Arnau Alvarez
CCIE #23051 R&S
-----------------------------------
-----------------------------------

> From: jainknitin_at_gmail.com
> To: sadiqtanko_at_gmail.com; jaral18_at_hotmail.com
> CC: ccielab_at_groupstudy.com
> Subject: RE: 802.1x Web Authentication
> Date: Thu, 27 Aug 2009 01:22:56 +0400
>
> Jose,
>
> You need to enable aaa authorization as well for network
>
>
> Aaa authorization network default group radius
>
>
> "Every Impossible says - I M Possible."
>
> ----Nitin
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Sadiq Yakasai
> Sent: Wednesday, August 26, 2009 9:12 PM
> To: Jose A. Arnau Alvarez
> Cc: Grupo de Estudio CCIE
> Subject: Re: 802.1x Web Authentication
>
> Jose,
>
> Can you change the login authentication method to radius? I think this is
> your culprit there:
>
>
> aaa authentication login default local none
>
> change to:
>
> aaa authentication login default group radius
>
> HTH,
> Sadiq
>
> On Wed, Aug 26, 2009 at 5:28 PM, Jose A. Arnau Alvarez
> <jaral18_at_hotmail.com>wrote:
>
> > Hi guys,
> >
> > I have a problem with the configuration of Web Authentication over a 3560
> > switch with c3560-ipbasek9-mz.122-50.SE3.bin image. The Cisco ACS server
> is
> > running 4.2 version with the last patches applied.
> >
> > This is my tpology:
> >
> > PC------Switch------ACS
> >
> > I would like that when a user connect to a wired port in the network he
> > needs
> > to authenticate trough a Web page before he cans access to the network.
> > Actually when a user connect to the switch, he take an IP address but
when
> > open a web browser the login page is not displayed. I am in a lab
> > envirorment
> > and I can do tests.
> >
> > This is the config applied to the switch:
> >
> > aaa new-model
> > !
> > !
> > aaa authentication login default local none
> > aaa authentication enable default enable none
> > aaa authorization auth-proxy default group radius
> > !
> > !
> > ip device tracking
> > ip admission name RULE1 proxy http inactivity-time 60
> > !
> > !
> > dot1x system-auth-control
> > !
> > !
> > !
> > !
> > !
> > !
> > fallback profile WEB-AUTH
> > ip access-group DEFAULT-ACCESS in
> > ip admission RULE1
> > !
> > interface FastEthernet0/3
> > description Dot1x Demo with MAB and Web-Auth
> > switchport access vlan 151
> > switchport mode access
> > switchport voice vlan 152
> > authentication port-control auto
> > authentication fallback WEB-AUTH
> > mab
> > dot1x pae authenticator
> > dot1x timeout tx-period 10
> > dot1x max-req 3
> > spanning-tree portfast
> > !
> > ip http server
> > ip http secure-server
> > !
> > ip access-list extended DEFAULT-ACCESS
> > remark Allow DHCP
> > permit udp any eq bootpc any eq bootps
> > remark Allow DNS
> > permit udp any any eq domain
> > remark Allow HTTP
> > permit tcp any any eq www
> > remark Allow ICMP for test purposes
> > permit icmp any any
> > remark Implicit Deny
> > deny ip any any
> > !
> > ip radius source-interface Vlan99
> > radius-server attribute 8 include-in-access-req
> > radius-server host 192.168.200.68 auth-port 1645 acct-port 1646 key
> > sothis2009
> > radius-server key XXXXXX
> > radius-server vsa send authentication
> >
> > Somebody have any idea?
> >
> > Thanks in advance and kind regards.
> >
> > -----------------------------------
> > -----------------------------------
> > Jose A. Arnau Alvarez
> > CCIE #23051 R&S
> > -----------------------------------
> > -----------------------------------
> >
> >
> > _________________________________________________________________
> > Ten Messenger en tu celular ahora - Clic Aqum
> > http://www.messengerentucelu.com
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> CCIE #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Received on Thu Aug 27 2009 - 07:29:32 ART

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:57 ART