Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3543
Views
0
Helpful
33
Replies

WebAuthentication in 12.2(35) on 3750

dominic.caron
Level 5
Level 5

‎12-12-2006 10:14 AM - edited ‎03-09-2019 05:02 PM

Hi,

Him trying to test this feature and I'm having a hard time.

Him geting log like this with result code 1 0 and -1. What are those result code.

Dec 12 11:49:25: ip_admission_det:Validate IP=10.10.2.12 with static rule rule1 on FastEthernet1/0/2. Result

=1

Second, I cant get the web authentication to work and I did everything by the book. I think there s something missing in the DOC

If anyone have a working example for the switch config, that would be great!

Labels:
0 Helpful
33 Replies 33

vjokhoo
Level 1
Level 1
In response to scadora

‎02-02-2007 08:11 AM

DO you by chance have a msn contact?

Mine is coolie_number_1@hotmail.com

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to vjokhoo

‎06-24-2008 10:58 AM

I have been reading this thread with interest as I am looking into what options one of my customers has for Role Based authentication. We are looking at 802.1x with WEB Authentication fallback for clients without 802.1x supplicants. I have sucessfully deployed 802.1x previously so I don't have any issues getting this part working, however I have never used WEB Authentication. After reading through this post and some playing around I now have this working with IAS as my Radius Server.

I would like to take this a step further now and introduce dynamic VLANs, however I don't know if this will work with WEB Authentication. It works fine for 802.1x and switches the VLAN when it receives the correct Radius Attributes (Radius Attributes 'Tunnel-Medium-Type', 'Tunnel-Type' & 'Tunnel-Pvt-Group-ID'). However with WEB Authentication the switch isn't doing anything with the Radius Attributes it receives other than dynamically updating the ACL.

Is this actually possible with WEB Authentication? If it isn't, is it possible without any 3rd party products such as Bradford Campus Manager or Cisco's NAC?

Thanks

Andy

0 Helpful

jafrazie
Cisco Employee
Cisco Employee
In response to andrew.butterworth

‎06-30-2008 02:41 PM

This is possible. Look at defining Web-Authentication for the 3750 per this thread, and look a the NAC guest server to provide a solution for this. Define your switches as AAA clients for the NGS. Here's some guidance:

Release Notes for Cisco NAC Guest Server, Release 1.1.0

http://www.cisco.com/en/US/docs/security/nac/guestserver/release_notes/11/gsrn110.html

Cisco NAC Guest Server Installation and Configuration Guide, Release 1.1.0

http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/11/nacguestserver.html

However, VLAN-Assignment is not possible as an authorization technique for Web-Authentication today though.

Let me know if this helps,

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to jafrazie

‎07-01-2008 11:06 AM

Hi & thanks for the reply. I had pretty much come to the same conclusion. What isn't in the budget for the customer is Cisco NAC so I was hoping we could achieve this without any additional hardware or software.

It is possible VLAN assignment will be an authorisation technique for WEB-Authentication in the future?

Andy

0 Helpful
Customers Also Viewed These Support Documents