Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Web-Based Authentication questions

Hi,

I want to configure a 3750 switch with Web-Based Authentication feature (so it's wired connections, not wireless).

My tests are doing well but I have some questions.

My setup : unmanaged switch connected to a 3750 interface. The 3750 is obviously doing the webauth. All devices are connected to the unmanaged switch. So in a way, all devices are using the same 3750 interface.

1- Is there a way to have a "bypass" list ? I have 2 desktop always connected and other devices will be laptop. I want desktop computers to not use

Web-Based Authentication, only laptop. So is there a way to bypass webauth for this machines (by mac address or something like this) ?

2- In my test lab, I'm able to use local auth without problem but when I'm trying with radius, I can't get it to work. Note that my radius server is working because I authenticating through it for my SSH access to the switch.

My working config :

aaa new-model

aaa group server radius rsa

server IP_ADDRESS auth-port 1812 acct-port 1813

!

aaa authentication login default local

aaa authentication login rsalogin group rsa local

aaa authorization exec default local

aaa authorization exec rsalogin group rsa local

aaa authorization auth-proxy default local

I'm switching to last line to this to use my radius :

aaa authorization auth-proxy default group rsa local

What am I missing ? Does the radius server must send something ? Is there a command I'm missing ?

the rest of my web auth config :

ip device tracking

ip admission name wa proxy http

interface GigabitEthernet1/0/48

switchport access vlan 2

switchport mode access

ip admission wa

Thank you and sorry for my english

246
Views
0
Helpful
0
Replies
CreatePlease to create content