Name: Cisco Catalyst 3560-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

1-3

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-03

Chapter 1 Configuring Web-Based Authentication

Understanding Web-Based Authentication

Session Creation

When web-based authentication detects a new host, it creates a session as follows:

• Reviews the exception list.

If the host IP is included in the exception list, the policy from the exception list entry is applied, and

the session is established.

• Reviews for authorization bypass

If the host IP is not on the exception list, web-based authentication sends a nonresponsive-host

(NRH) request to the server.

If the server response is access accepted, authorization is bypassed for this host. The session is

established.

• Sets up the HTTP intercept ACL

If the server response to the NRH request is access rejected, the HTTP intercept ACL is activated,

and the session waits for HTTP traffic from the host.

Authentication Process

When you enable web-based authentication, these events occur:

• The user initiates an HTTP session.

• The HTTP traffic is intercepted, and authorization is initiated. The switch sends the login page to

the user. The user enters a username and password, and the switch sends the entries to the

authentication server.

• If the authentication succeeds, the switch downloads and activates the user’s access policy from the

authentication server. The login success page is sent to the user.

• If the authentication fails, the switch sends the login fail page. The user retries the login. If the

maximum number of attempts fails, the switch sends the login expired page, and the host is placed

in a watch list. After the watch list times out, the user can retry the authentication process.

• If the authentication server does not respond to the switch, and if an AAA fail policy is configured,

the switch applies the failure access policy to the host. The login success page is sent to the user.

(See the “Local Web Authentication Banner” section on page 1-4.)

• The switch reauthenticates a client when the host does not respond to an ARP probe on a Layer 2

interface, or when the host does not send any traffic within the idle timeout on a Layer 3 interface.

• The feature applies the downloaded timeout or the locally configured session timeout.

• If the terminate action is RADIUS, the feature sends a nonresponsive host (NRH) request to the

server. The terminate action is included in the response from the server.

• If the terminate action is default, the session is dismantled, and the applied policy is removed.

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General

Enclosure Type	Rack-mountable - 1U
Subtype	Gigabit Ethernet
Ports	48 x 10/100/1000 + 4 x SFP
Flash Memory	64 MB
Power Device	Internal power supply
Voltage Required	AC 120/230 V (50/60 Hz)
Operating System	Cisco IOS
Device Type	Switch
Performance	Switching capacity: 128 Gbps
Jumbo Frame Support	Yes
Routing Protocol	RIP-1, RIP-2, EIGRP
Remote Management Protocol	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
Features	DHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
Stacking	Stackable
Security Features	SSH, RADIUS, TACACS+
Management	CLI
Dimensions (H x W x D)	17.5 in
Operating Temperature	32 to 113 °F (0 to 45 °C)
Humidity	10 - 95% (non-condensing)