Cisco Systems 2960 Model Vehicle User Manual


  Open as PDF
of 1004
 
CHAPTER
11-1
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
11
Configuring Web-Based Authentication
This chapter describes how to configure web-based authentication. It contains these sections:
Understanding Web-Based Authentication, page 11-1
Configuring Web-Based Authentication, page 11-9
Displaying Web-Based Authentication Status, page 11-17
Note For complete syntax and usage information for the switch commands used in this chapter, refer to the
command reference for this release.
Understanding Web-Based Authentication
Use the web-based authentication feature, known as web authentication proxy, to authenticate end users
on host systems that do not run the IEEE 802.1x supplicant.
Note You can configure web-based authentication on Layer 2 and Layer 3 interfaces.
When you initiate an HTTP session, web-based authentication intercepts ingress HTTP packets from the
host and sends an HTML login page to the users. The users enter their credentials, which the web-based
authentication feature sends to the authentication, authorization, and accounting (AAA) server for
authentication.
If authentication succeeds, web-based authentication sends a Login-Successful HTML page to the host
and applies the access policies returned by the AAA server.
If authentication fails, web-based authentication forwards a Login-Fail HTML page to the user,
prompting the user to retry the login. If the user exceeds the maximum number of attempts, web-based
authentication forwards a Login-Expired HTML page to the host, and the user is placed on a watch list
for a waiting period.
These sections describe the role of web-based authentication as part of AAA:
Device Roles, page 11-2
Host Detection, page 11-2
Session Creation, page 11-3
Authentication Process, page 11-3