06-12-2014 11:19 PM - edited 03-10-2019 09:47 PM
Hi,
Please help to share how to configure wired dot1x fallback to web authentication. I could not find any documentation how to configure the ise to do the web authentication. for my switchport i configured this:
switchport mode access
switchport access vlan 135
ip access-group PREAUTH in
authentication event fail action next-method
authentication host-mode multi-auth
authentication open
authentication order dot1x web
authentication priority dot1x web
authentication port-control auto
authentication violation restrict
dot1x fallback WEB_FALLBACK
dot1x max-reauth-req 1
dot1x pae authenticator
spanning-tree portfast
spanning-tree bpduguard enable
!
ip access-list extended PREAUTH permit udp any eq bootpc any eq bootps permit icmp any any permit tcp any host 172.21.2.82 eq www
!
ip admission name WEB_ADMISSION proxy http fallback profile WEB_FALLBACK ip admission WEB_ADMISSION
!
Please advice how to configure the ISE to make the fallback successful.
Thanks
regards,
Mike
06-13-2014 03:05 AM
Try this Configuration Process
ip access-list extended PRE_WEBAUTH_POLICY
permit udp any any eq bootps
permit udp any any eq domain
fallback profile WEB_AUTH_PROFILE
ip access-group PRE_WEBAUTH_POLICY in
ip admission IP_ADMIN_RULE
radius-server host 10.100.10.117 key cisco123
radius-server vsa send authentication
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide