Web authentication with a proxy configured in browser

fbroussey · ‎06-23-2008

Hi,

We encounter a problem with web AUthentication fallback in a catalyst 3750.

We configured 802.1x on the 3750. This works great but the pb is with the fallback Webauth. When the client has no proxy configured there is no pb; I mean the client is prompted with the authentication webpage. But if the client has a proxy he doesn't. The client can browse internet throught the proxy but the switch port remain in the INIT state of ip admission and is never prompted:

Authentication Proxy Cache

Total Sessions: 1 Init Sessions: 1

Client IP 10.166.194.54 Port 0, timeout 1, state INIT

So he can't do anything else that browsing internet...

Any idea about how to access the authentication webpage if there is a proxy configured in the browser ?

Thanks for your answer

Jagdeep Gambhir · ‎06-23-2008

It seems that local authentication for auth-proxy is not supported (not 100% sure. Please provide IOS ver and aaa config for the switch in question.

Regards,

~JG

fbroussey · ‎06-23-2008

Thanks for your answer.

You'll find attached part of the config with IOS version.

NOte that we work only on port g1/0/3 for now...

Regards,

Fred

Jagdeep Gambhir · ‎06-24-2008

Fred,

Pls see this bug,

aaa local authentication not happening for authproxy

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsh23142

Regards,

~JG

ryancolson · ‎06-28-2008

at least on my 1721 local proxy auth does work, however, I cannot figure out how to configure any more granular control then simple pass/fail