Damn,

I think I was missing ip device tracking for this. That would explain.
Thanks Piotr.
Well, another question now is what is the good practice.
I applied a default acl on the fallback profile allowing only tcp for
instance. When I am authenticated, SWs adds the acls downloaded from radius.
That's ok and it's working now.
But should I apply a default ACL under profile or under the physical port?

On Tue, Jul 12, 2011 at 2:23 PM, Piotr Matusiak <[email protected]> wrote:

> Have you configured AAA authorization?
> aaa authorization auth-proxy default group radius
>
> Have you enabled IP device tracking?
>
> Regards,
> Piotr
>
>
> 2011/7/12 Bruno <[email protected]>
>
>> hey guys,
>>
>> Why does this thing never works for me?
>>
>> Here's the port after while waiting.
>>
>> Dot1x Authenticator Client List
>> -------------------------------
>> Domain                    = DATA
>> Supplicant                = 000c.296c.9268
>>     Auth SM State         = AUTHENTICATED
>>     Auth BEND SM State    = IDLE
>> Port Status               = AUTHORIZED
>> Authentication Method     = WebAuth
>> Authorized By             = Authentication Server
>> Vlan Policy               = N/A
>>
>> when I try to browse anywhere, nothing shows up to login, never showed.
>> Config:
>> ip admission name DOT proxy http
>> dot1x system-auth-control
>> fallback profile FALL
>>  ip admission DOT
>> interface FastEthernet0/15
>>  switchport access vlan X
>>  switchport mode access
>>  dot1x pae authenticator
>>  dot1x port-control auto
>>  dot1x violation-mode protect
>>  dot1x fallback FALL
>>  dot1x auth-fail vlan 999
>>
>> Should it have anything else I missed to get this thing working?
>> Please, let me know your thoughts here
>>
>> --
>> Bruno Fagioli (by Jaunty Jackalope)
>> Cisco Security Professional
>>
>> _______________________________________________
>> For more information regarding industry leading CCIE Lab training, please
>> visit www.ipexpert.com
>>
>> Are you a CCNP or CCIE and looking for a job? Check out
>> www.PlatinumPlacement.com
>>
>
>


-- 
Bruno Fagioli (by Jaunty Jackalope)
Cisco Security Professional
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to