I want to configure a 3750 switch with Web-Based Authentication feature (so it's wired connections, not wireless).
My tests are doing well but I have some questions.
My setup : unmanaged switch connected to a 3750 interface. The 3750 is obviously doing the webauth. All devices are connected to the unmanaged switch. So in a way, all devices are using the same 3750 interface.
1- Is there a way to have a "bypass" list ? I have 2 desktop always connected and other devices will be laptop. I want desktop computers to not use
Web-Based Authentication, only laptop. So is there a way to bypass webauth for this machines (by mac address or something like this) ?
2- In my test lab, I'm able to use local auth without problem but when I'm trying with radius, I can't get it to work. Note that my radius server is working because I authenticating through it for my SSH access to the switch.
My working config :
aaa group server radius rsa
server IP_ADDRESS auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login rsalogin group rsa local
aaa authorization exec default local
aaa authorization exec rsalogin group rsa local
aaa authorization auth-proxy default local
I'm switching to last line to this to use my radius :
aaa authorization auth-proxy default group rsa local
What am I missing ? Does the radius server must send something ? Is there a command I'm missing ?
the rest of my web auth config :
ip device tracking
ip admission name wa proxy http
switchport access vlan 2
switchport mode access
ip admission wa
Thank you and sorry for my english