Web Authentication & VLAN Assignment.

Unanswered Question

I'm using a Catalyst 3750. The switch supports IEEE 802.1x authentication with VLAN assignment. After successful IEEE 802.1x authentication of a port, the RADIUS server sends the VLAN assignment to configure the switch port.

Can I do this with web authentication using RADIUS attributes?

cisco-avpair= "tunnel-type(#64)=VLAN(13)"

cisco-avpair= "tunnel-medium-type(#65)=802 media(6)"

cisco-avpair= "tunnel-private-group-ID(#81)=vlanid"



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Thu, 06/19/2008 - 11:12
User Badges:
  • Bronze, 100 points or more

The aaa-override vlan assignment does not work on webauth. The reason for this is that the user gets the IP address before going to the radius server. However, you can combine webauth with mac filtering, in which case the course of action would be 1: verify MAC address (and apply aaa-override AVPs), THEN 2: authenticate username/pw

andrew.butterworth Thu, 06/19/2008 - 14:50
User Badges:
  • Gold, 750 points or more

Is this definitely the case with WEB Authentication? I am currently looking at a potential solution for a customer and we were talking about 802.1x with WEB Authentication fallback, however we ideally need VLAN assignment from both?

I have yet to do any testing with this but if it defintely doesn't work then I'll not bother messing about with it...



This Discussion