06-13-2008 06:06 AM - edited 03-05-2019 11:37 PM
I'm using a Catalyst 3750. The switch supports IEEE 802.1x authentication with VLAN assignment. After successful IEEE 802.1x authentication of a port, the RADIUS server sends the VLAN assignment to configure the switch port.
Can I do this with web authentication using RADIUS attributes?
cisco-avpair= "tunnel-type(#64)=VLAN(13)"
cisco-avpair= "tunnel-medium-type(#65)=802 media(6)"
cisco-avpair= "tunnel-private-group-ID(#81)=vlanid"
Thanks.
Andrea.
06-19-2008 11:12 AM
The aaa-override vlan assignment does not work on webauth. The reason for this is that the user gets the IP address before going to the radius server. However, you can combine webauth with mac filtering, in which case the course of action would be 1: verify MAC address (and apply aaa-override AVPs), THEN 2: authenticate username/pw
06-19-2008 02:50 PM
Is this definitely the case with WEB Authentication? I am currently looking at a potential solution for a customer and we were talking about 802.1x with WEB Authentication fallback, however we ideally need VLAN assignment from both?
I have yet to do any testing with this but if it defintely doesn't work then I'll not bother messing about with it...
Andy
06-20-2008 02:17 AM
Thanks.
How can I disable automatic MAC check when I configure Web Authentication standalone mode?
Andrea.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide