Security

Reply
MVP
Posts: 1,110
Registered: ‎10-11-2011

Central WebAuth - Cisco Switches

Is it possible to do central webauth with Cisco switches and Clearpass? It looks like only local webauth is possible and will require a separate "web login" for every switch that will have webauth enabled.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Central WebAuth - Cisco Switches

What are you trying to accomplish?

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Central WebAuth - Cisco Switches

I need to setup webauth on 20 Cisco switches.  So I'm wondering if that means I need to create 20 web login pages in ClearPass.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
MVP
Posts: 1,406
Registered: ‎11-30-2011

Re: Central WebAuth - Cisco Switches

got no personal experience with this, but i would advise to ask this on a cisco forum also (if you haven't alread), lots depends on if you really need 20 different urls, if you do the question might be if clearpass can do something smart there.

MVP
Posts: 495
Registered: ‎04-03-2007

Re: Central WebAuth - Cisco Switches

I ran into this issue as well in a proof-of-concept environment. For whatever it's worth, I had to put the guest traffic on a VLAN that spanned upstream to a untrusted port on an Aruba controller. It was at the Aruba controller that I applied a wired authentication profile, giving a role to those users. That role had a captive portal authentication profile, which redirected to CPPM for central web auth.

 

FWIW, if you wanted to do this with Cisco ISE, you'd have to do things similarly for wireless users (i.e., have wireless guests be placed on a vlan, spanned upstream to an 802.1X enabled Cisco switchport wherein central webauth could be performed).

 

Both CPPM and ISE have flaws when it comes to multivendor support for web auth.

==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Central WebAuth - Cisco Switches

Ryan,

That's a pretty good idea. I'll give that a shot and see how it works.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: Central WebAuth - Cisco Switches

[ Edited ]
.
Contributor II
Posts: 41
Registered: ‎05-06-2013

Re: Central WebAuth - Cisco Switches

I think this will work with the web auth enforcment policy on the CPPM as there is a Cisco Web auth enforcment template in the Enforcment polices.

 

The link below is how its done with ise (:smileymad:) and cisco switches. So I guess we can throw out ise and replace with CPPM with enforcment polices :smileyhappy: .

 

http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml

Search Airheads
Showing results for 
Search instead for 
Did you mean: