Web Authentication & VLAN Assignment.

andrea.meconi · ‎06-13-2008

I'm using a Catalyst 3750. The switch supports IEEE 802.1x authentication with VLAN assignment. After successful IEEE 802.1x authentication of a port, the RADIUS server sends the VLAN assignment to configure the switch port.

Can I do this with web authentication using RADIUS attributes?

cisco-avpair= "tunnel-type(#64)=VLAN(13)"

cisco-avpair= "tunnel-medium-type(#65)=802 media(6)"

cisco-avpair= "tunnel-private-group-ID(#81)=vlanid"

Thanks.

Andrea.

tstanik · ‎06-19-2008

The aaa-override vlan assignment does not work on webauth. The reason for this is that the user gets the IP address before going to the radius server. However, you can combine webauth with mac filtering, in which case the course of action would be 1: verify MAC address (and apply aaa-override AVPs), THEN 2: authenticate username/pw

andrew.butterworth · ‎06-19-2008

Is this definitely the case with WEB Authentication? I am currently looking at a potential solution for a customer and we were talking about 802.1x with WEB Authentication fallback, however we ideally need VLAN assignment from both?

I have yet to do any testing with this but if it defintely doesn't work then I'll not bother messing about with it...

Andy

andrea.meconi · ‎06-20-2008

Thanks.

How can I disable automatic MAC check when I configure Web Authentication standalone mode?

Andrea.