Cisco Support Community
Community Member

Web authentication and ACL on a Cisco switch


I configured web authentication on a 2960S-24TS-L switch in a network where the Radius is a MS Network Policy Server.

My configuration works fine if I the switch runs IOS 12.2(55)SE2, but as soon as I upgrade it to version 15.0(2)SE4 I have the following problem :

When I connect a device to the "service port" (in my config gi 1/0/24), I get the web authentication page and after filling the right credentials, the ACL applied to the port is removed. But if I disconnect the device, the ACL is no more applied to the port. When I re-connect the device a can reach all the network even if the http traffic is redirected to the auth-proxy of the switch.

The following is a part of my configuration :

ip admission name webauth1 proxy http

ip device tracking


ip access-list extended pre-webauth1

  permit udp any any eq bootps

  permit udp any any eq domain

  deny ip any any


fallback profile webauth1-profile

  ip access-group pre-webauth1 in

  ip admission webauth1


int gi 1/0/24  

  authentication port-control auto

  authentication fallback webauth1-profile

Community Member

Web authentication and ACL on a Cisco switch

please try these commands using your acl made.

Enable IOS http servers for web auth

ip http server

ip http secure-server

ip access-list extended ACL-WEBAUTH-REDIRECT

permit tcp any any eq www

permit tcp any any eq 443

deny ip any any

CreatePlease to create content