Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2807
Views
0
Helpful
0
Comments

802.1X fallback method WebAuth on 3750 with Microsoft NPS

stefan-moser
Level 1
Level 1

‎07-26-2011 05:18 AM - edited ‎02-21-2020 09:57 PM

Concept:

Hi, just to mention: I tested 802.1X fallback method WebAuth successfully on a Catalyst 3750, 12.2(55)SE3, while using Microsoft NPS Windows Server 2008R2 as the RADIUS-Server. You can step straight forward http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577494.html, but be careful when it comes to configuring dACL's in NPS: You have to enter these lines in the attribute values box (Cisco-AV-Pair):

auth-proxy:priv-lvl=15

auth-proxy:proxyacl#1=permit .....

auth-proxy:proxyacl#2=deny .....

(you may ommit leading "auth-proxy:", it did  work in my configuration). The important thing is that you cannot use "ip:inacl#1", but must use "proxyacl#1". I know that this is well-documented in 3750 manuals, but there are several articles on the web that explain NPS configuration with "ip:inacl#", which is wrong in the WebAuth context.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents