EasyManuals Logo

Cisco Catalyst 2960 Series User Manual

Cisco Catalyst 2960 Series
2288 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1512 background imageLoading...
Page #1512 background image
Port Security
You can configure web-based authentication and port security on the same port. Web-based authentication
authenticates the port, and port security manages network access for all MAC addresses, including that of the
client. You can then limit the number or group of clients that can access the network through the port.
Default Web-Based Authentication Configuration
The following table shows the default web-based authentication configuration.
Table 130: Default Web-based Authentication Configuration
Default SettingFeature
DisabledAAA
None specified
1645
None specified
RADIUS server
IP address
UDP authentication port
Key
3600 secondsDefault value of inactivity timeout
EnabledInactivity timeout
Web-Based Authentication Configuration Guidelines and Restrictions
Web-based authentication is an ingress-only feature.
You can configure web-based authentication only on access ports. Web-based authentication is not
supported on trunk ports, EtherChannel member ports, or dynamic trunk ports.
You must configure the default ACL on the interface before configuring web-based authentication.
Configure a port ACL for a Layer 2 interface or a Cisco IOS ACL for a Layer 3 interface.
You cannot authenticate hosts on Layer 2 interfaces with static ARP cache assignment. These hosts are
not detected by the web-based authentication feature because they do not send ARP messages.
By default, the IP device tracking feature is disabled on a switch. You must enable the IP device tracking
feature to use web-based authentication.
You must configure at least one IP address to run the switch HTTP server. You must also configure
routes to reach each host IP address. The HTTP server sends the HTTP login page to the host.
Hosts that are more than one hop away might experience traffic disruption if an STP topology change
results in the host traffic arriving on a different port. This occurs because the ARP and DHCP updates
might not be sent after a Layer 2 (STP) topology change.
Web-based authentication does not support VLAN assignment as a downloadable-host policy.
Web-based authentication supports IPv6 in Session-aware policy mode. IPv6 Web-authentication requires
at least one IPv6 address configured on the switch and IPv6 Snooping configured on the switchport.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1430
Information About Web-Based Authentication

Table of Contents

Other manuals for Cisco Catalyst 2960 Series

Preview: Datasheet
Datasheet21 pages
Preview: Brochure & Specs
Brochure & Specs10 pages
Preview: Product Bulletin
Product Bulletin5 pages
Preview: Specifications
Specifications2 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2960 Series and is the answer not in the manual?

Cisco Catalyst 2960 Series Specifications

General IconGeneral
LayerLayer 2
Power over Ethernet (PoE)Available on some models
RAM128 MB
Flash Memory32 MB
MAC Address Table Size8000
Operating Temperature0°C to 45°C (32 to 113°F)
Ports24 or 48 x 10/100/1000

Related product manuals