Eric Winch
Posts 6
|
Hi IT Sec tech,
Cisco web authentication is possible to integrate with Great Bay’s Sponsored Guest Access (SGA). For example a Cisco 3750 allowing an alternative “HTTP” redirected authentication to Great Bay’s SGA LDAP data store. Specifically we configured for 802.1x and MAC Auth Bypass with fallback to HTTP via redirect. Although this is not a requirement, you may also configure web authentication only.
If a user fails 802.1x and MAC Auth Bypass, they would receive an authentication page (hosted on the switch) after attempting to access a web based resource. Login credentials are passed to RADIUS for LDAP lookup against Great Bay’s SGA.
There are a few working parts for this solution, here is a short list
- Cisco Firmware 12.2(50)SE2
- Earlier versions were having issues sending RADIUS Authentication requests when using HTTP authentication
- Configured AAA Authentication and Authorization for RADIUS
- Enabled IP device tracking
- Set authentication proxy banners
- Configured fallback profile not necessary if you want only WEB authentication)
- Created web authentication acl to apply to associated ports
- Configured RADIUS
- “radius-server vsa send authentication” command required
- Configured individual interfaces
- Applied ip admission
- Applied access control list
- Configure your RADIUS server to perform LDAP lookups against Great Bay SGA
- Microsoft IAS does not support external LDAP
|