Hi Tyson I did have "ip device tracking" configured on the switch but web authentication doesn't happen. Instead, the MAC address of the host is sent to the AAA server.
>From your mail, I understand that auth proxy can be configured to an interface directly as we do it on IOS routers and it works fine on 12.(46) SE. Auth proxy can be either configured as fallback to 802.1x or associated directly to an interface. With regards Kings On Mon, Jun 21, 2010 at 8:01 PM, Tyson Scott <[email protected]> wrote: > I have not seen these issues running this on 12.2(46)SE as long as you > remember to do the "ip device tracking" command. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Monday, June 21, 2010 7:40 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] Auth proxy on switches > > > > Hi all > > > > Has anyone tried configuring Auth Proxy on switches. First thing to note is > that, the switch that I have doesn't support the legacy "ip auth-proxy" > command. > > Auth proxy can be configured using "ip admission" only. > > > > Also when I apply the admission rule directly to the interface, I don't see > it working consistenly. > > > > > > Based on my investigation, I feel that auth proxy has been implemented for > 802.1x fallback only. The fallback can be configured on the interface using > the > > following interface command: > > > > > > dot1x fallback > > > > > > > > Please share your thoughts. > > > > > > > > > > > > With regards > > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
