cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Authentication proxy problem on cisco ios xe (ASR1002-X)

sinaa._.ak
Beginner
Beginner

Hi,

We use authentication proxy for propagting dacl per user in our branches LAN via cisco ise & 7200 & 3845 routers. Now we upgrading our routers to ASR1000 series (running IOS-XE 17.3.3). The syntax of ip auth-proxy is changed to ip admission in IOS-XE (some features like custom portals are added too.) We just want to move same config to new router with default portal but it does not work. Here are before and after migration configuration:

3845 (7200):

 

aaa authentication login default group radius

aaa authorization auth-proxy default group radius

ip auth-proxy name AUTHPROXY http inactivity-time 60 list HTTP

ip http server
ip http authentication aaa
no ip http secure-server

<radius server config>

interface GigabitEthernet0/0

 ip address 1.1.1.1 255.255.255.0
 ip access-group INSIDE_IN in
 ip auth-proxy AUTHPROXY

!

ip route 10.0.0.1 255.255.255.255 Null0 name AUT-Proxy

!

ip access-list extended HTTP
permit tcp any host 10.0.0.1 eq www

 

 

 

ASR1002-X:

aaa authentication login default group radius

aaa authorization auth-proxy default group radius

ip admission name AUTHPROXY proxy http list HTTP

ip http server
ip http authentication aaa
no ip http secure-server

<radius server config>

!

interface GigabitEthernet0/0/0

 ip address 1.1.1.1 255.255.255.0
 ip access-group INSIDE_IN in
 ip admission AUTHPROXY

!

ip route 10.0.0.1 255.255.255.255 Null0 name AUT-Proxy

!

ip access-list extended HTTP
permit tcp any host 10.0.0.1 eq www

-------------------------------------------------------------------------------------------------

In ASR 1002 when I issue show ip admission cache i see nothing and the clients cant connect to login portal

I appreciate any help

tnx in advance

0 REPLIES 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: