Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Web Authentication & VLAN Assignment.

I'm using a Catalyst 3750. The switch supports IEEE 802.1x authentication with VLAN assignment. After successful IEEE 802.1x authentication of a port, the RADIUS server sends the VLAN assignment to configure the switch port.

Can I do this with web authentication using RADIUS attributes?

cisco-avpair= "tunnel-type(#64)=VLAN(13)"

cisco-avpair= "tunnel-medium-type(#65)=802 media(6)"

cisco-avpair= "tunnel-private-group-ID(#81)=vlanid"

Thanks.

Andrea.

3 REPLIES
Bronze

Re: Web Authentication & VLAN Assignment.

The aaa-override vlan assignment does not work on webauth. The reason for this is that the user gets the IP address before going to the radius server. However, you can combine webauth with mac filtering, in which case the course of action would be 1: verify MAC address (and apply aaa-override AVPs), THEN 2: authenticate username/pw

Re: Web Authentication & VLAN Assignment.

Is this definitely the case with WEB Authentication? I am currently looking at a potential solution for a customer and we were talking about 802.1x with WEB Authentication fallback, however we ideally need VLAN assignment from both?

I have yet to do any testing with this but if it defintely doesn't work then I'll not bother messing about with it...

Andy

New Member

Re: Web Authentication & VLAN Assignment.

Thanks.

How can I disable automatic MAC check when I configure Web Authentication standalone mode?

Andrea.

306
Views
0
Helpful
3
Replies
CreatePlease to create content