Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

802.1X fallback method WebAuth on 3750 with Microsoft NPS

Concept:

Hi, just to mention: I tested 802.1X fallback method WebAuth successfully on a Catalyst 3750, 12.2(55)SE3, while using Microsoft NPS Windows Server 2008R2 as the RADIUS-Server. You can step straight forward http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577494.html, but be careful when it comes to configuring dACL's in NPS: You have to enter these lines in the attribute values box (Cisco-AV-Pair):

auth-proxy:priv-lvl=15

auth-proxy:proxyacl#1=permit .....

auth-proxy:proxyacl#2=deny .....

(you may ommit leading "auth-proxy:", it did  work in my configuration). The important thing is that you cannot use "ip:inacl#1", but must use "proxyacl#1". I know that this is well-documented in 3750 manuals, but there are several articles on the web that explain NPS configuration with "ip:inacl#", which is wrong in the WebAuth context.

Version history
Revision #:
1 of 1
Last update:
‎07-26-2011 05:18 AM
Updated by:
 
Labels (1)