Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAC with Auth-Proxy

Hi,

Has anyone tried using NAC alongwith Auth-Proxy at the same time ? E.g. Same admission rule configured both for eapoudp and auth-proxy.

The goal is

1. Have all Users go through NAC. The downloaded ACL after NAC validation is

deny ip any x

permit ip any any

2. There are some selective users that need access to "x"? We want these users to go through Auth-Proxy and verify that they are authorized to access "x".

The problem is that when i configure these both on the same interface the auth-proxy takes preference over NAC in the Router and unless the Users initaites the Auth-proxy function (http, telnet etc) the NAC doesn't get initiated.

Any ideas ?

Regards,

Naman

1 REPLY
Anonymous
N/A

Re: NAC with Auth-Proxy

When NAC and auth-proxy are configured on the same interface, special care needs to be taken when configuring. The qualifying ACL should be same for both NAC and auth-proxy. NAC authentication is done after auth-proxy authentication completed. If the auth-proxy failed to authenticate the user, NAC procedure will not be initiated. The RADIUS server should be configured in such way that only NAC will download permitted ACEs.

http://www.cisco.com/en/US/products/ps6660/products_white_paper0900aecd8046cbc4.shtml

147
Views
0
Helpful
1
Replies
CreatePlease to create content