Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
1
Replies

Web authentication and ACL on a Cisco switch

aron.bernasconi
Level 1
Level 1

‎10-25-2013 07:14 AM - edited ‎03-10-2019 09:02 PM

Hi,

I configured web authentication on a 2960S-24TS-L switch in a network where the Radius is a MS Network Policy Server.

My configuration works fine if I the switch runs IOS 12.2(55)SE2, but as soon as I upgrade it to version 15.0(2)SE4 I have the following problem :

When I connect a device to the "service port" (in my config gi 1/0/24), I get the web authentication page and after filling the right credentials, the ACL applied to the port is removed. But if I disconnect the device, the ACL is no more applied to the port. When I re-connect the device a can reach all the network even if the http traffic is redirected to the auth-proxy of the switch.

The following is a part of my configuration :

ip admission name webauth1 proxy http

ip device tracking

!

ip access-list extended pre-webauth1

  permit udp any any eq bootps

  permit udp any any eq domain

  deny ip any any

!

fallback profile webauth1-profile

  ip access-group pre-webauth1 in

  ip admission webauth1

!

int gi 1/0/24  

  authentication port-control auto

  authentication fallback webauth1-profile

Labels:
0 Helpful
1 Reply 1

blenka
Level 3
Level 3

‎10-29-2013 05:06 PM

please try these commands using your acl made.

Enable IOS http servers for web auth

ip http server

ip http secure-server

ip access-list extended ACL-WEBAUTH-REDIRECT

permit tcp any any eq www

permit tcp any any eq 443

deny ip any any

0 Helpful
Customers Also Viewed These Support Documents