No problem mate!
Keep studying!


2011/7/12 Bruno <[email protected]>

> that's right. Both ways works fine and under fallback is time savings
>
> Thanks Piotr, without your help I would be running behind of way to get
> this working
>
>
> On Tue, Jul 12, 2011 at 3:45 PM, Piotr Matusiak <[email protected]> wrote:
>
>> As I remember correctly both methods work fine. Attaching an ACL to the
>> fallback profile is more elegant and you save your fingers when not
>> attaching it to every port :)
>>
>>
>> Regards,
>> Piotr
>>
>>
>>
>> 2011/7/12 Bruno <[email protected]>
>>
>>> Damn,
>>>
>>> I think I was missing ip device tracking for this. That would explain.
>>> Thanks Piotr.
>>> Well, another question now is what is the good practice.
>>> I applied a default acl on the fallback profile allowing only tcp for
>>> instance. When I am authenticated, SWs adds the acls downloaded from radius.
>>> That's ok and it's working now.
>>> But should I apply a default ACL under profile or under the physical
>>> port?
>>>
>>>
>>> On Tue, Jul 12, 2011 at 2:23 PM, Piotr Matusiak <[email protected]> wrote:
>>>
>>>> Have you configured AAA authorization?
>>>> aaa authorization auth-proxy default group radius
>>>>
>>>> Have you enabled IP device tracking?
>>>>
>>>> Regards,
>>>> Piotr
>>>>
>>>>
>>>> 2011/7/12 Bruno <[email protected]>
>>>>
>>>>> hey guys,
>>>>>
>>>>> Why does this thing never works for me?
>>>>>
>>>>> Here's the port after while waiting.
>>>>>
>>>>> Dot1x Authenticator Client List
>>>>> -------------------------------
>>>>> Domain                    = DATA
>>>>> Supplicant                = 000c.296c.9268
>>>>>     Auth SM State         = AUTHENTICATED
>>>>>     Auth BEND SM State    = IDLE
>>>>> Port Status               = AUTHORIZED
>>>>> Authentication Method     = WebAuth
>>>>> Authorized By             = Authentication Server
>>>>> Vlan Policy               = N/A
>>>>>
>>>>> when I try to browse anywhere, nothing shows up to login, never showed.
>>>>> Config:
>>>>> ip admission name DOT proxy http
>>>>> dot1x system-auth-control
>>>>> fallback profile FALL
>>>>>  ip admission DOT
>>>>> interface FastEthernet0/15
>>>>>  switchport access vlan X
>>>>>  switchport mode access
>>>>>  dot1x pae authenticator
>>>>>  dot1x port-control auto
>>>>>  dot1x violation-mode protect
>>>>>  dot1x fallback FALL
>>>>>  dot1x auth-fail vlan 999
>>>>>
>>>>> Should it have anything else I missed to get this thing working?
>>>>> Please, let me know your thoughts here
>>>>>
>>>>> --
>>>>> Bruno Fagioli (by Jaunty Jackalope)
>>>>> Cisco Security Professional
>>>>>
>>>>> _______________________________________________
>>>>> For more information regarding industry leading CCIE Lab training,
>>>>> please visit www.ipexpert.com
>>>>>
>>>>> Are you a CCNP or CCIE and looking for a job? Check out
>>>>> www.PlatinumPlacement.com
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Bruno Fagioli (by Jaunty Jackalope)
>>> Cisco Security Professional
>>>
>>
>>
>
>
> --
> Bruno Fagioli (by Jaunty Jackalope)
> Cisco Security Professional
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to