Most of the times, it hasn't worked for me. There is some issue.

With regards
Kings


On Thu, Jul 5, 2012 at 12:26 AM, Imre Oszkar <[email protected]> wrote:

> Hi guys,
>
> I'm having difficulties to configure dot1x with webauth fallback.
> Dot1x for  clients with  supplicant  works fine, but when I connect a non
> supplicant client webauth fallback fails to work.
>
> Once the dot1x timers expire the switchport fallbacks to webauth
> authentication method, I can see that from the sh dot1x interface output
> and debugs. After that  if I open a browser and try to navigate I'm asked
> for authentication.
> I enter the credentials then instead of the authentication successful or
> failed message I got a popup with error HTTP 500 "The website cannot
> display the page"
>
> Below you can see the config and the debug outputs from the switch. On the
> ACS reports I cannot see any authentication success or failure for these
> webauth attempts.
>
>
> Can somebody give me a hint please?
>
> Thanks!
>
>
>
> aaa new-model
> aaa authentication dot1x default group radius
> aaa authorization network default group radius
> aaa authorization auth-proxy default group radius
> aaa session-id common
>
> ip http authentication aaa
>
> ip device tracking
> ip admission name ADMISSION proxy http
>
> dot1x system-auth-control
>
>
> fallback profile FALLBACK
>  ip access-group 100 in
>  ip admission ADMISSION
>
>
> interface FastEthernet0/15
>  description TEST PC
>  switchport access vlan 5
>  switchport mode access
>  dot1x pae authenticator
>  dot1x port-control auto
>  dot1x violation-mode protect
>  dot1x fallback FALLBACK
>  spanning-tree portfast
>
> access-list 100 permit icmp any any
>
>
>
>
>
> Dot1x Authenticator Client List
> -------------------------------
> Domain                    = DATA
> Supplicant                = 00e0.4c03.5787
>     Auth SM State         = AUTHENTICATED
>     Auth BEND SM State    = IDLE
>
> Port Status               = AUTHORIZED
> Authentication Method     = WebAuth
> Authorized By             = Authentication Server
> Vlan Policy               = N/A
>
>
> Debug output from:
>   AAA Authentication debugging is on
>   AAA Authorization debugging is on
>   Radius protocol debugging is on
>   Dot1x events debugging is on
>
>
>
> *Mar  1 00:26:04.785: AAA: parse name=FastEthernet0/15 idb type=-1 tty=-1
> *Mar  1 00:26:04.785: AAA: name=FastEthernet0/15 flags=0x15 type=16
> shelf=0 slot=0 adapter=0 port=15 channel=0
> *Mar  1 00:26:04.785: AAA: parse name=<no string> idb type=-1 tty=-1
> *Mar  1 00:26:04.785: AAA/MEMORY: create_user (0x3B09448) user='NULL'
> ruser='NULL' ds0=0 port='FastEthernet0/15' rem_addr='8.9.5.10'
> authen_type=ASCII service=LOGIN priv=0 initial_task_id='0', vrf= (id=0)
> *Mar  1 00:26:04.785: AAA/AUTHEN/START (2551531521):
> port='FastEthernet0/15' list='default' action=LOGIN service=LOGIN
> *Mar  1 00:26:04.785: AAA/AUTHEN/START (2551531521): console login -
> default to "no auth required"
> *Mar  1 00:26:04.785: AAA/AUTHEN/START (2551531521): Method=NONE
> *Mar  1 00:26:04.785: AAA/AUTHEN (2551531521): status = PASS
> *Mar  1 00:26:04.785: FastEthernet0/15 AAA/AUTHOR/HTTP (2683369798):
> Port='FastEthernet0/15' list='default' service=AUTH-PROXY
> *Mar  1 00:26:04.785: AAA/AUTHOR/HTTP: FastEthernet0/15 (2683369798)
> user=''
> *Mar  1 00:26:04.785: FastEthernet0/15 AAA/AUTHOR/HTTP (2683369798): send
> AV service=auth-proxy
> *Mar  1 00:26:04.785: FastEthernet0/15 AAA/AUTHOR/HTTP (2683369798): send
> AV cmd*
> *Mar  1 00:26:04.785: FastEthernet0/15 AAA/AUTHOR/HTTP (2683369798): found
> list "default"
> *Mar  1 00:26:04.785: FastEthernet0/15 AAA/AUTHOR/HTTP (2683369798):
> Method=radius (radius)
> *Mar  1 00:26:04.785: RADIUS: authenticating to get author data
> *Mar  1 00:26:04.785: RADIUS: failed to get authorization data: authen
> status = 4
> *Mar  1 00:26:04.785: AAA/AUTHOR (2683369798): Post authorization status =
> ERROR
> *Mar  1 00:26:04.785: FastEthernet0/15 AAA/AUTHOR/HTTP (2683369798):
> Method=NOT_SET
> *Mar  1 00:26:04.785: FastEthernet0/15 AAA/AUTHOR/HTTP (2683369798): no
> methods left to try
> *Mar  1 00:26:04.785: AAA/AUTHOR (2683369798): Post authorization status =
> ERROR
>
>
>
> CAT3#test aaa group radius server 10.0.0.100 dot1x cisco new-code
> User successfully authenticated
>
> *Mar  1 01:02:08.165: RADIUS:  authenticator BB F3 45 A4 1C 79 E0 77 - 0C
> 9D 62 C4 0B 1A 81 A0
> *Mar  1 01:02:08.165: RADIUS:  User-Password       [2]   18  *
> *Mar  1 01:02:08.165: RADIUS:  User-Name           [1]   7   "dot1x"
> *Mar  1 01:02:08.165: RADIUS:  NAS-IP-Address      [4]   6   10.0.0.254
> *Mar  1 01:02:08.190: RADIUS: Received from id 1645/3 10.0.0.100:1645,
> Access-Accept, len 146
> *Mar  1 01:02:08.190: RADIUS:  authenticator 50 A2 6F 25 59 7B 45 73 - 53
> D3 75 F5 C7 1A 62 6E
> *Mar  1 01:02:08.190: RADIUS:  Framed-IP-Address   [8]   6
> 255.255.255.255
> *Mar  1 01:02:08.190: RADIUS:  Vendor, Cisco       [26]  30
> *Mar  1 01:02:08.190: RADIUS:   Cisco AVpair       [1]   24
> "auth-proxy:priv-lvl=15"
> *Mar  1 01:02:08.190: RADIUS:  Vendor, Cisco       [26]  47
> *Mar  1 01:02:08.190: RADIUS:   Cisco AVpair       [1]   41
> "auth-proxy:proxyacl#1=permit ip any any"
> *Mar  1 01:02:08.190: RADIUS:  Tunnel-Type         [64]  6
> 01:VLAN                   [13]
> *Mar  1 01:02:08.190: RADIUS:  Tunnel-Medium-Type  [65]  6
> 01:ALL_802                [6]
> *Mar  1 01:02:08.190: RADIUS:  Tunnel-Private-Group[81]  5   01:"10"
> *Mar  1 01:02:08.190: RADIUS:  Class               [25]  26
> *Mar  1 01:02:08.190: RADIUS:   43 41 43 53 3A 30 2F 34 64 66 2F 61 30 30
> 30 30  [CACS:0/4df/a0000]
> *Mar  1 01:02:08.190: RADIUS:   66 65 2F 64 6F 74 31 78          [
> fe/dot1x]
>
>
>
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to