Re: [OSL | CCIE_Security] ip admission on switch

Fri, 09 Apr 2010 06:53:59 -0700 

You should... ;)

/J

2010/4/9 Tyson Scott <[email protected]>

>  We don't have a volume 3?
>
>
>
> Regards,
>
>
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
>
> Technical Instructor - IPexpert, Inc.
>
> Mailto: [email protected]
>
> Telephone: +1.810.326.1444, ext. 208
>
> Live Assistance, Please visit: www.ipexpert.com/chat
>
> eFax: +1.810.454.0130
>
>
>
> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
> CCIE (R&S, Voice, Security & Service Provider) certification(s) with
> training locations throughout the United States, Europe, South Asia and
> Australia. Be sure to visit our online communities at
> www.ipexpert.com/communities and our public website at www.ipexpert.com
>
>
>
> *From:* Kingsley Charles [mailto:[email protected]]
> *Sent:* Friday, April 09, 2010 4:33 AM
> *To:* Tyson Scott
> *Cc:* [email protected]
> *Subject:* Re: [OSL | CCIE_Security] ip admission on switch
>
>
>
> Hi Tyson
>
>
>
> The auth-proxy is given in vol 3 Lab 3 (section 5.3) but with dot1x
> fallback.
>
>
>
>
>
> With regards
>
> Kings
>
> On Fri, Apr 9, 2010 at 1:57 PM, Tyson Scott <[email protected]> wrote:
>
> Kingsley,
>
>
>
> Attribute 6 is the service-type.  "
> http://www.iana.org/assignments/radius-types";
>
>
>
> You could try moving it to the L3 VLAN interface on the switch and see if
> it is supported there but to be honest I have never tried it before.  I
> believe the feature to be limited to L3 support and you are applying it to a
> L2 interface.  IP admission is also used for L2 IP NAC and you may find it
> to be the case that the auth-proxy commands are remnant commands that don't
> really work.  But please let us know your results.  I think we will all be
> interested.
>
>
>
> Regards,
>
>
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
>
> Technical Instructor - IPexpert, Inc.
>
> Mailto: [email protected]
>
> Telephone: +1.810.326.1444, ext. 208
>
> Live Assistance, Please visit: www.ipexpert.com/chat
>
> eFax: +1.810.454.0130
>
>
>
> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
> CCIE (R&S, Voice, Security & Service Provider) certification(s) with
> training locations throughout the United States, Europe, South Asia and
> Australia. Be sure to visit our online communities at
> www.ipexpert.com/communities and our public website at www.ipexpert.com
>
>
>
> *From:* [email protected] [mailto:
> [email protected]] *On Behalf Of *Kingsley Charles
> *Sent:* Friday, April 09, 2010 4:19 AM
> *To:* [email protected]
> *Subject:* [OSL | CCIE_Security] ip admission on switch
>
>
>
> Hi all
>
>
>
> I am trying for http auth-proxy on a switch. I don't get prompted for
> username/password on the browser as we get on router auth-proxy. The switch
> is sending mac address for authentication.
>
>
>
> f1/0/6 is connected to a XP PC.
>
>
>
> Any thoughts?
>
>
>
> Also, please let me know what does "radius-server attribute 6
> on-for-login-auth" do?
>
>
>
>
>
>
>
> *Config*
>
>
>
> ip device tracking
> ip admission name king proxy http list 123
>
>
>
> interface FastEthernet1/0/6
>  switchport access vlan 4
>  switchport mode access
>  ip admission king
>
>
>
> *Debugs*
>
>
>
>
>
> 1w3d: RADIUS:  authenticator FB D8 DE 61 A8 E2 F9 11 - 4B 3F F0 7F E5 CC C5
> 08
> 1w3d: RADIUS:  Calling-Station-Id  [31]  16  "0008.a145.f40c"
> 1w3d: RADIUS:  Service-Type        [6]   6   Call Check                [10]
> 1w3d: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
> 1w3d: RADIUS:  Message-Authenticato[80]  18
> 1w3d: RADIUS:   30 54 6D 6E 1E A8 24 2C 01 7C 68 C5 D4 5D 41 19        [
> 0Tmn$,|
> h]A]
> 1w3d: RADIUS:  NAS-Port-Type       [61]  6   Async                     [0]
> 1w3d: RADIUS:  NAS-Port            [5]   6   0
> 1w3d: RADIUS:  NAS-Port-Id         [87]  19  "FastEthernet1/0/6"
> 1w3d: RADIUS:  NAS-IP-Address      [4]   6   10.20.30.43
> 1w3d: RADIUS: Received from id 1645/82 10.20.30.45:1645, Access-Reject,
> len 50
> 1w3d: RADIUS:  authenticator 50 91 59 89 0D 19 25 CA - 68 0D C3 56 C6 21 FF
> BB
> 1w3d: RADIUS:  Reply-Message       [18]  12
> 1w3d: RADIUS:   52 65 6A 65 63 74 65 64 0A 0D          [ Rejected]
> 1w3d: RADIUS:  Message-Authenticato[80]  18
> 1w3d: RADIUS:   C7 2E 1B 58 EF A7 A7 56 1C 61 47 21 F8 81 AC 1D
> [ .XV
> aG!]
> 1w3d: RADIUS(000002C6): Received from id 1645/82
> 1w3d: RADIUS/DECODE: Reply-Message fragments, 10, total 10 bytes
> 1w3d:  NRH reply fail for 10.20.30.44
> 1w3d:  Apply HTTP_INTERCEPT for host 10.20.30.44
>
>
>
> With regards
>
> Kings
>
>
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
>


-- 
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to