Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN access control using 802.1x authentication

I'm trying to setup an 871 with 802.1x authentication for home users. The goal is to allow the employees corporate laptop and IP Phone to communicate across a VPN connection, but unauthenticated users should only be allowed internet access.

Where I stand now is that authenticated users work as expected. The issue is that unauthenticated users are not allowed to access the network (VPN or Internet).

There are several documents on the Cisco site that explain how to do this (link below), but they configs don't seem to work. The examples are not using routers with integrated switches, so I'm thinking that may be issue. Though I did find some references that made it should like it should still work, so I still have some hope...

Relevant portions of the config are attached...


Re: VPN access control using 802.1x authentication

I suggest you check your "split-tunnel" configuration at the EzVPN Server end. Make sure that only traffic that is destined to the corporate network is encrypted and the traffic to the Internet is not encrypted.

Community Member

Re: VPN access control using 802.1x authentication

I am trying to do the same thing but using DMVPN versus easyvpn. Again, I can get the workstation with a cert to authenticate and get an IP address on the corp network. However the non-authenticated workstation can not get an ip address from the other pool. I have opened several tac cases and no one at cisco seems to know anything about this router nor are there any sample configs for it. I just don't think this feature is working yet. If anyone does have it working I would greatly appreciate some help.


CreatePlease to create content