Hi,
I configured web authentication on a 2960S-24TS-L switch in a network where the Radius is a MS Network Policy Server.
My configuration works fine if I the switch runs IOS 12.2(55)SE2, but as soon as I upgrade it to version 15.0(2)SE4 I have the following problem :
When I connect a device to the "service port" (in my config gi 1/0/24), I get the web authentication page and after filling the right credentials, the ACL applied to the port is removed. But if I disconnect the device, the ACL is no more applied to the port. When I re-connect the device a can reach all the network even if the http traffic is redirected to the auth-proxy of the switch.
The following is a part of my configuration :
ip admission name webauth1 proxy http
ip device tracking
!
ip access-list extended pre-webauth1
permit udp any any eq bootps
permit udp any any eq domain
deny ip any any
!
fallback profile webauth1-profile
ip access-group pre-webauth1 in
ip admission webauth1
!
int gi 1/0/24
authentication port-control auto
authentication fallback webauth1-profile